authhero 0.179.0 → 0.180.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/authhero.cjs +1 -1
  2. package/dist/authhero.mjs +11 -5
  3. package/package.json +1 -1
package/dist/authhero.cjs CHANGED
@@ -281,7 +281,7 @@ ${W.replace(/ /g,"")}
281
281
  `,nexist:"∄",nexists:"∄",Nfr:"𝔑",nfr:"𝔫",ngE:"≧̸",nge:"≱",ngeq:"≱",ngeqq:"≧̸",ngeqslant:"⩾̸",nges:"⩾̸",nGg:"⋙̸",ngsim:"≵",nGt:"≫⃒",ngt:"≯",ngtr:"≯",nGtv:"≫̸",nhArr:"⇎",nharr:"↮",nhpar:"⫲",ni:"∋",nis:"⋼",nisd:"⋺",niv:"∋",NJcy:"Њ",njcy:"њ",nlArr:"⇍",nlarr:"↚",nldr:"‥",nlE:"≦̸",nle:"≰",nLeftarrow:"⇍",nleftarrow:"↚",nLeftrightarrow:"⇎",nleftrightarrow:"↮",nleq:"≰",nleqq:"≦̸",nleqslant:"⩽̸",nles:"⩽̸",nless:"≮",nLl:"⋘̸",nlsim:"≴",nLt:"≪⃒",nlt:"≮",nltri:"⋪",nltrie:"⋬",nLtv:"≪̸",nmid:"∤",NoBreak:"⁠",NonBreakingSpace:" ",Nopf:"ℕ",nopf:"𝕟",Not:"⫬",not:"¬",NotCongruent:"≢",NotCupCap:"≭",NotDoubleVerticalBar:"∦",NotElement:"∉",NotEqual:"≠",NotEqualTilde:"≂̸",NotExists:"∄",NotGreater:"≯",NotGreaterEqual:"≱",NotGreaterFullEqual:"≧̸",NotGreaterGreater:"≫̸",NotGreaterLess:"≹",NotGreaterSlantEqual:"⩾̸",NotGreaterTilde:"≵",NotHumpDownHump:"≎̸",NotHumpEqual:"≏̸",notin:"∉",notindot:"⋵̸",notinE:"⋹̸",notinva:"∉",notinvb:"⋷",notinvc:"⋶",NotLeftTriangle:"⋪",NotLeftTriangleBar:"⧏̸",NotLeftTriangleEqual:"⋬",NotLess:"≮",NotLessEqual:"≰",NotLessGreater:"≸",NotLessLess:"≪̸",NotLessSlantEqual:"⩽̸",NotLessTilde:"≴",NotNestedGreaterGreater:"⪢̸",NotNestedLessLess:"⪡̸",notni:"∌",notniva:"∌",notnivb:"⋾",notnivc:"⋽",NotPrecedes:"⊀",NotPrecedesEqual:"⪯̸",NotPrecedesSlantEqual:"⋠",NotReverseElement:"∌",NotRightTriangle:"⋫",NotRightTriangleBar:"⧐̸",NotRightTriangleEqual:"⋭",NotSquareSubset:"⊏̸",NotSquareSubsetEqual:"⋢",NotSquareSuperset:"⊐̸",NotSquareSupersetEqual:"⋣",NotSubset:"⊂⃒",NotSubsetEqual:"⊈",NotSucceeds:"⊁",NotSucceedsEqual:"⪰̸",NotSucceedsSlantEqual:"⋡",NotSucceedsTilde:"≿̸",NotSuperset:"⊃⃒",NotSupersetEqual:"⊉",NotTilde:"≁",NotTildeEqual:"≄",NotTildeFullEqual:"≇",NotTildeTilde:"≉",NotVerticalBar:"∤",npar:"∦",nparallel:"∦",nparsl:"⫽⃥",npart:"∂̸",npolint:"⨔",npr:"⊀",nprcue:"⋠",npre:"⪯̸",nprec:"⊀",npreceq:"⪯̸",nrArr:"⇏",nrarr:"↛",nrarrc:"⤳̸",nrarrw:"↝̸",nRightarrow:"⇏",nrightarrow:"↛",nrtri:"⋫",nrtrie:"⋭",nsc:"⊁",nsccue:"⋡",nsce:"⪰̸",Nscr:"𝒩",nscr:"𝓃",nshortmid:"∤",nshortparallel:"∦",nsim:"≁",nsime:"≄",nsimeq:"≄",nsmid:"∤",nspar:"∦",nsqsube:"⋢",nsqsupe:"⋣",nsub:"⊄",nsubE:"⫅̸",nsube:"⊈",nsubset:"⊂⃒",nsubseteq:"⊈",nsubseteqq:"⫅̸",nsucc:"⊁",nsucceq:"⪰̸",nsup:"⊅",nsupE:"⫆̸",nsupe:"⊉",nsupset:"⊃⃒",nsupseteq:"⊉",nsupseteqq:"⫆̸",ntgl:"≹",Ntilde:"Ñ",ntilde:"ñ",ntlg:"≸",ntriangleleft:"⋪",ntrianglelefteq:"⋬",ntriangleright:"⋫",ntrianglerighteq:"⋭",Nu:"Ν",nu:"ν",num:"#",numero:"№",numsp:" ",nvap:"≍⃒",nVDash:"⊯",nVdash:"⊮",nvDash:"⊭",nvdash:"⊬",nvge:"≥⃒",nvgt:">⃒",nvHarr:"⤄",nvinfin:"⧞",nvlArr:"⤂",nvle:"≤⃒",nvlt:"<⃒",nvltrie:"⊴⃒",nvrArr:"⤃",nvrtrie:"⊵⃒",nvsim:"∼⃒",nwarhk:"⤣",nwArr:"⇖",nwarr:"↖",nwarrow:"↖",nwnear:"⤧",Oacute:"Ó",oacute:"ó",oast:"⊛",ocir:"⊚",Ocirc:"Ô",ocirc:"ô",Ocy:"О",ocy:"о",odash:"⊝",Odblac:"Ő",odblac:"ő",odiv:"⨸",odot:"⊙",odsold:"⦼",OElig:"Œ",oelig:"œ",ofcir:"⦿",Ofr:"𝔒",ofr:"𝔬",ogon:"˛",Ograve:"Ò",ograve:"ò",ogt:"⧁",ohbar:"⦵",ohm:"Ω",oint:"∮",olarr:"↺",olcir:"⦾",olcross:"⦻",oline:"‾",olt:"⧀",Omacr:"Ō",omacr:"ō",Omega:"Ω",omega:"ω",Omicron:"Ο",omicron:"ο",omid:"⦶",ominus:"⊖",Oopf:"𝕆",oopf:"𝕠",opar:"⦷",OpenCurlyDoubleQuote:"“",OpenCurlyQuote:"‘",operp:"⦹",oplus:"⊕",Or:"⩔",or:"∨",orarr:"↻",ord:"⩝",order:"ℴ",orderof:"ℴ",ordf:"ª",ordm:"º",origof:"⊶",oror:"⩖",orslope:"⩗",orv:"⩛",oS:"Ⓢ",Oscr:"𝒪",oscr:"ℴ",Oslash:"Ø",oslash:"ø",osol:"⊘",Otilde:"Õ",otilde:"õ",Otimes:"⨷",otimes:"⊗",otimesas:"⨶",Ouml:"Ö",ouml:"ö",ovbar:"⌽",OverBar:"‾",OverBrace:"⏞",OverBracket:"⎴",OverParenthesis:"⏜",par:"∥",para:"¶",parallel:"∥",parsim:"⫳",parsl:"⫽",part:"∂",PartialD:"∂",Pcy:"П",pcy:"п",percnt:"%",period:".",permil:"‰",perp:"⊥",pertenk:"‱",Pfr:"𝔓",pfr:"𝔭",Phi:"Φ",phi:"φ",phiv:"ϕ",phmmat:"ℳ",phone:"☎",Pi:"Π",pi:"π",pitchfork:"⋔",piv:"ϖ",planck:"ℏ",planckh:"ℎ",plankv:"ℏ",plus:"+",plusacir:"⨣",plusb:"⊞",pluscir:"⨢",plusdo:"∔",plusdu:"⨥",pluse:"⩲",PlusMinus:"±",plusmn:"±",plussim:"⨦",plustwo:"⨧",pm:"±",Poincareplane:"ℌ",pointint:"⨕",Popf:"ℙ",popf:"𝕡",pound:"£",Pr:"⪻",pr:"≺",prap:"⪷",prcue:"≼",prE:"⪳",pre:"⪯",prec:"≺",precapprox:"⪷",preccurlyeq:"≼",Precedes:"≺",PrecedesEqual:"⪯",PrecedesSlantEqual:"≼",PrecedesTilde:"≾",preceq:"⪯",precnapprox:"⪹",precneqq:"⪵",precnsim:"⋨",precsim:"≾",Prime:"″",prime:"′",primes:"ℙ",prnap:"⪹",prnE:"⪵",prnsim:"⋨",prod:"∏",Product:"∏",profalar:"⌮",profline:"⌒",profsurf:"⌓",prop:"∝",Proportion:"∷",Proportional:"∝",propto:"∝",prsim:"≾",prurel:"⊰",Pscr:"𝒫",pscr:"𝓅",Psi:"Ψ",psi:"ψ",puncsp:" ",Qfr:"𝔔",qfr:"𝔮",qint:"⨌",Qopf:"ℚ",qopf:"𝕢",qprime:"⁗",Qscr:"𝒬",qscr:"𝓆",quaternions:"ℍ",quatint:"⨖",quest:"?",questeq:"≟",QUOT:'"',quot:'"',rAarr:"⇛",race:"∽̱",Racute:"Ŕ",racute:"ŕ",radic:"√",raemptyv:"⦳",Rang:"⟫",rang:"⟩",rangd:"⦒",range:"⦥",rangle:"⟩",raquo:"»",Rarr:"↠",rArr:"⇒",rarr:"→",rarrap:"⥵",rarrb:"⇥",rarrbfs:"⤠",rarrc:"⤳",rarrfs:"⤞",rarrhk:"↪",rarrlp:"↬",rarrpl:"⥅",rarrsim:"⥴",Rarrtl:"⤖",rarrtl:"↣",rarrw:"↝",rAtail:"⤜",ratail:"⤚",ratio:"∶",rationals:"ℚ",RBarr:"⤐",rBarr:"⤏",rbarr:"⤍",rbbrk:"❳",rbrace:"}",rbrack:"]",rbrke:"⦌",rbrksld:"⦎",rbrkslu:"⦐",Rcaron:"Ř",rcaron:"ř",Rcedil:"Ŗ",rcedil:"ŗ",rceil:"⌉",rcub:"}",Rcy:"Р",rcy:"р",rdca:"⤷",rdldhar:"⥩",rdquo:"”",rdquor:"”",rdsh:"↳",Re:"ℜ",real:"ℜ",realine:"ℛ",realpart:"ℜ",reals:"ℝ",rect:"▭",REG:"®",reg:"®",ReverseElement:"∋",ReverseEquilibrium:"⇋",ReverseUpEquilibrium:"⥯",rfisht:"⥽",rfloor:"⌋",Rfr:"ℜ",rfr:"𝔯",rHar:"⥤",rhard:"⇁",rharu:"⇀",rharul:"⥬",Rho:"Ρ",rho:"ρ",rhov:"ϱ",RightAngleBracket:"⟩",RightArrow:"→",Rightarrow:"⇒",rightarrow:"→",RightArrowBar:"⇥",RightArrowLeftArrow:"⇄",rightarrowtail:"↣",RightCeiling:"⌉",RightDoubleBracket:"⟧",RightDownTeeVector:"⥝",RightDownVector:"⇂",RightDownVectorBar:"⥕",RightFloor:"⌋",rightharpoondown:"⇁",rightharpoonup:"⇀",rightleftarrows:"⇄",rightleftharpoons:"⇌",rightrightarrows:"⇉",rightsquigarrow:"↝",RightTee:"⊢",RightTeeArrow:"↦",RightTeeVector:"⥛",rightthreetimes:"⋌",RightTriangle:"⊳",RightTriangleBar:"⧐",RightTriangleEqual:"⊵",RightUpDownVector:"⥏",RightUpTeeVector:"⥜",RightUpVector:"↾",RightUpVectorBar:"⥔",RightVector:"⇀",RightVectorBar:"⥓",ring:"˚",risingdotseq:"≓",rlarr:"⇄",rlhar:"⇌",rlm:"‏",rmoust:"⎱",rmoustache:"⎱",rnmid:"⫮",roang:"⟭",roarr:"⇾",robrk:"⟧",ropar:"⦆",Ropf:"ℝ",ropf:"𝕣",roplus:"⨮",rotimes:"⨵",RoundImplies:"⥰",rpar:")",rpargt:"⦔",rppolint:"⨒",rrarr:"⇉",Rrightarrow:"⇛",rsaquo:"›",Rscr:"ℛ",rscr:"𝓇",Rsh:"↱",rsh:"↱",rsqb:"]",rsquo:"’",rsquor:"’",rthree:"⋌",rtimes:"⋊",rtri:"▹",rtrie:"⊵",rtrif:"▸",rtriltri:"⧎",RuleDelayed:"⧴",ruluhar:"⥨",rx:"℞",Sacute:"Ś",sacute:"ś",sbquo:"‚",Sc:"⪼",sc:"≻",scap:"⪸",Scaron:"Š",scaron:"š",sccue:"≽",scE:"⪴",sce:"⪰",Scedil:"Ş",scedil:"ş",Scirc:"Ŝ",scirc:"ŝ",scnap:"⪺",scnE:"⪶",scnsim:"⋩",scpolint:"⨓",scsim:"≿",Scy:"С",scy:"с",sdot:"⋅",sdotb:"⊡",sdote:"⩦",searhk:"⤥",seArr:"⇘",searr:"↘",searrow:"↘",sect:"§",semi:";",seswar:"⤩",setminus:"∖",setmn:"∖",sext:"✶",Sfr:"𝔖",sfr:"𝔰",sfrown:"⌢",sharp:"♯",SHCHcy:"Щ",shchcy:"щ",SHcy:"Ш",shcy:"ш",ShortDownArrow:"↓",ShortLeftArrow:"←",shortmid:"∣",shortparallel:"∥",ShortRightArrow:"→",ShortUpArrow:"↑",shy:"­",Sigma:"Σ",sigma:"σ",sigmaf:"ς",sigmav:"ς",sim:"∼",simdot:"⩪",sime:"≃",simeq:"≃",simg:"⪞",simgE:"⪠",siml:"⪝",simlE:"⪟",simne:"≆",simplus:"⨤",simrarr:"⥲",slarr:"←",SmallCircle:"∘",smallsetminus:"∖",smashp:"⨳",smeparsl:"⧤",smid:"∣",smile:"⌣",smt:"⪪",smte:"⪬",smtes:"⪬︀",SOFTcy:"Ь",softcy:"ь",sol:"/",solb:"⧄",solbar:"⌿",Sopf:"𝕊",sopf:"𝕤",spades:"♠",spadesuit:"♠",spar:"∥",sqcap:"⊓",sqcaps:"⊓︀",sqcup:"⊔",sqcups:"⊔︀",Sqrt:"√",sqsub:"⊏",sqsube:"⊑",sqsubset:"⊏",sqsubseteq:"⊑",sqsup:"⊐",sqsupe:"⊒",sqsupset:"⊐",sqsupseteq:"⊒",squ:"□",Square:"□",square:"□",SquareIntersection:"⊓",SquareSubset:"⊏",SquareSubsetEqual:"⊑",SquareSuperset:"⊐",SquareSupersetEqual:"⊒",SquareUnion:"⊔",squarf:"▪",squf:"▪",srarr:"→",Sscr:"𝒮",sscr:"𝓈",ssetmn:"∖",ssmile:"⌣",sstarf:"⋆",Star:"⋆",star:"☆",starf:"★",straightepsilon:"ϵ",straightphi:"ϕ",strns:"¯",Sub:"⋐",sub:"⊂",subdot:"⪽",subE:"⫅",sube:"⊆",subedot:"⫃",submult:"⫁",subnE:"⫋",subne:"⊊",subplus:"⪿",subrarr:"⥹",Subset:"⋐",subset:"⊂",subseteq:"⊆",subseteqq:"⫅",SubsetEqual:"⊆",subsetneq:"⊊",subsetneqq:"⫋",subsim:"⫇",subsub:"⫕",subsup:"⫓",succ:"≻",succapprox:"⪸",succcurlyeq:"≽",Succeeds:"≻",SucceedsEqual:"⪰",SucceedsSlantEqual:"≽",SucceedsTilde:"≿",succeq:"⪰",succnapprox:"⪺",succneqq:"⪶",succnsim:"⋩",succsim:"≿",SuchThat:"∋",Sum:"∑",sum:"∑",sung:"♪",Sup:"⋑",sup:"⊃",sup1:"¹",sup2:"²",sup3:"³",supdot:"⪾",supdsub:"⫘",supE:"⫆",supe:"⊇",supedot:"⫄",Superset:"⊃",SupersetEqual:"⊇",suphsol:"⟉",suphsub:"⫗",suplarr:"⥻",supmult:"⫂",supnE:"⫌",supne:"⊋",supplus:"⫀",Supset:"⋑",supset:"⊃",supseteq:"⊇",supseteqq:"⫆",supsetneq:"⊋",supsetneqq:"⫌",supsim:"⫈",supsub:"⫔",supsup:"⫖",swarhk:"⤦",swArr:"⇙",swarr:"↙",swarrow:"↙",swnwar:"⤪",szlig:"ß",Tab:" ",target:"⌖",Tau:"Τ",tau:"τ",tbrk:"⎴",Tcaron:"Ť",tcaron:"ť",Tcedil:"Ţ",tcedil:"ţ",Tcy:"Т",tcy:"т",tdot:"⃛",telrec:"⌕",Tfr:"𝔗",tfr:"𝔱",there4:"∴",Therefore:"∴",therefore:"∴",Theta:"Θ",theta:"θ",thetasym:"ϑ",thetav:"ϑ",thickapprox:"≈",thicksim:"∼",ThickSpace:"  ",thinsp:" ",ThinSpace:" ",thkap:"≈",thksim:"∼",THORN:"Þ",thorn:"þ",Tilde:"∼",tilde:"˜",TildeEqual:"≃",TildeFullEqual:"≅",TildeTilde:"≈",times:"×",timesb:"⊠",timesbar:"⨱",timesd:"⨰",tint:"∭",toea:"⤨",top:"⊤",topbot:"⌶",topcir:"⫱",Topf:"𝕋",topf:"𝕥",topfork:"⫚",tosa:"⤩",tprime:"‴",TRADE:"™",trade:"™",triangle:"▵",triangledown:"▿",triangleleft:"◃",trianglelefteq:"⊴",triangleq:"≜",triangleright:"▹",trianglerighteq:"⊵",tridot:"◬",trie:"≜",triminus:"⨺",TripleDot:"⃛",triplus:"⨹",trisb:"⧍",tritime:"⨻",trpezium:"⏢",Tscr:"𝒯",tscr:"𝓉",TScy:"Ц",tscy:"ц",TSHcy:"Ћ",tshcy:"ћ",Tstrok:"Ŧ",tstrok:"ŧ",twixt:"≬",twoheadleftarrow:"↞",twoheadrightarrow:"↠",Uacute:"Ú",uacute:"ú",Uarr:"↟",uArr:"⇑",uarr:"↑",Uarrocir:"⥉",Ubrcy:"Ў",ubrcy:"ў",Ubreve:"Ŭ",ubreve:"ŭ",Ucirc:"Û",ucirc:"û",Ucy:"У",ucy:"у",udarr:"⇅",Udblac:"Ű",udblac:"ű",udhar:"⥮",ufisht:"⥾",Ufr:"𝔘",ufr:"𝔲",Ugrave:"Ù",ugrave:"ù",uHar:"⥣",uharl:"↿",uharr:"↾",uhblk:"▀",ulcorn:"⌜",ulcorner:"⌜",ulcrop:"⌏",ultri:"◸",Umacr:"Ū",umacr:"ū",uml:"¨",UnderBar:"_",UnderBrace:"⏟",UnderBracket:"⎵",UnderParenthesis:"⏝",Union:"⋃",UnionPlus:"⊎",Uogon:"Ų",uogon:"ų",Uopf:"𝕌",uopf:"𝕦",UpArrow:"↑",Uparrow:"⇑",uparrow:"↑",UpArrowBar:"⤒",UpArrowDownArrow:"⇅",UpDownArrow:"↕",Updownarrow:"⇕",updownarrow:"↕",UpEquilibrium:"⥮",upharpoonleft:"↿",upharpoonright:"↾",uplus:"⊎",UpperLeftArrow:"↖",UpperRightArrow:"↗",Upsi:"ϒ",upsi:"υ",upsih:"ϒ",Upsilon:"Υ",upsilon:"υ",UpTee:"⊥",UpTeeArrow:"↥",upuparrows:"⇈",urcorn:"⌝",urcorner:"⌝",urcrop:"⌎",Uring:"Ů",uring:"ů",urtri:"◹",Uscr:"𝒰",uscr:"𝓊",utdot:"⋰",Utilde:"Ũ",utilde:"ũ",utri:"▵",utrif:"▴",uuarr:"⇈",Uuml:"Ü",uuml:"ü",uwangle:"⦧",vangrt:"⦜",varepsilon:"ϵ",varkappa:"ϰ",varnothing:"∅",varphi:"ϕ",varpi:"ϖ",varpropto:"∝",vArr:"⇕",varr:"↕",varrho:"ϱ",varsigma:"ς",varsubsetneq:"⊊︀",varsubsetneqq:"⫋︀",varsupsetneq:"⊋︀",varsupsetneqq:"⫌︀",vartheta:"ϑ",vartriangleleft:"⊲",vartriangleright:"⊳",Vbar:"⫫",vBar:"⫨",vBarv:"⫩",Vcy:"В",vcy:"в",VDash:"⊫",Vdash:"⊩",vDash:"⊨",vdash:"⊢",Vdashl:"⫦",Vee:"⋁",vee:"∨",veebar:"⊻",veeeq:"≚",vellip:"⋮",Verbar:"‖",verbar:"|",Vert:"‖",vert:"|",VerticalBar:"∣",VerticalLine:"|",VerticalSeparator:"❘",VerticalTilde:"≀",VeryThinSpace:" ",Vfr:"𝔙",vfr:"𝔳",vltri:"⊲",vnsub:"⊂⃒",vnsup:"⊃⃒",Vopf:"𝕍",vopf:"𝕧",vprop:"∝",vrtri:"⊳",Vscr:"𝒱",vscr:"𝓋",vsubnE:"⫋︀",vsubne:"⊊︀",vsupnE:"⫌︀",vsupne:"⊋︀",Vvdash:"⊪",vzigzag:"⦚",Wcirc:"Ŵ",wcirc:"ŵ",wedbar:"⩟",Wedge:"⋀",wedge:"∧",wedgeq:"≙",weierp:"℘",Wfr:"𝔚",wfr:"𝔴",Wopf:"𝕎",wopf:"𝕨",wp:"℘",wr:"≀",wreath:"≀",Wscr:"𝒲",wscr:"𝓌",xcap:"⋂",xcirc:"◯",xcup:"⋃",xdtri:"▽",Xfr:"𝔛",xfr:"𝔵",xhArr:"⟺",xharr:"⟷",Xi:"Ξ",xi:"ξ",xlArr:"⟸",xlarr:"⟵",xmap:"⟼",xnis:"⋻",xodot:"⨀",Xopf:"𝕏",xopf:"𝕩",xoplus:"⨁",xotime:"⨂",xrArr:"⟹",xrarr:"⟶",Xscr:"𝒳",xscr:"𝓍",xsqcup:"⨆",xuplus:"⨄",xutri:"△",xvee:"⋁",xwedge:"⋀",Yacute:"Ý",yacute:"ý",YAcy:"Я",yacy:"я",Ycirc:"Ŷ",ycirc:"ŷ",Ycy:"Ы",ycy:"ы",yen:"¥",Yfr:"𝔜",yfr:"𝔶",YIcy:"Ї",yicy:"ї",Yopf:"𝕐",yopf:"𝕪",Yscr:"𝒴",yscr:"𝓎",YUcy:"Ю",yucy:"ю",Yuml:"Ÿ",yuml:"ÿ",Zacute:"Ź",zacute:"ź",Zcaron:"Ž",zcaron:"ž",Zcy:"З",zcy:"з",Zdot:"Ż",zdot:"ż",zeetrf:"ℨ",ZeroWidthSpace:"​",Zeta:"Ζ",zeta:"ζ",Zfr:"ℨ",zfr:"𝔷",ZHcy:"Ж",zhcy:"ж",zigrarr:"⇝",Zopf:"ℤ",zopf:"𝕫",Zscr:"𝒵",zscr:"𝓏",zwj:"‍",zwnj:"‌"}),t.entityMap=t.HTML_ENTITIES})(Wy);var Ff={},Yo=tr.NAMESPACE,Zd=/[A-Z_a-z\xC0-\xD6\xD8-\xF6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,im=new RegExp("[\\-\\.0-9"+Zd.source.slice(1,-1)+"\\u00B7\\u0300-\\u036F\\u203F-\\u2040]"),om=new RegExp("^"+Zd.source+im.source+"*(?::"+Zd.source+im.source+"*)?$"),po=0,or=1,di=2,fo=3,pi=4,fi=5,ho=6,Fs=7;function Vi(t,e){this.message=t,this.locator=e,Error.captureStackTrace&&Error.captureStackTrace(this,Vi)}Vi.prototype=new Error;Vi.prototype.name=Vi.name;function Xy(){}Xy.prototype={parse:function(t,e,n){var r=this.domBuilder;r.startDocument(),Jy(e,e={}),fE(t,e,n,r,this.errorHandler),r.endDocument()}};function fE(t,e,n,r,i){function o(j){if(j>65535){j-=65536;var V=55296+(j>>10),de=56320+(j&1023);return String.fromCharCode(V,de)}else return String.fromCharCode(j)}function c(j){var V=j.slice(1,-1);return Object.hasOwnProperty.call(n,V)?n[V]:V.charAt(0)==="#"?o(parseInt(V.substr(1).replace("x","0x"))):(i.error("entity not found:"+j),j)}function l(j){if(j>$){var V=t.substring($,j).replace(/&#?\w+;/g,c);g&&u($),r.characters(V,0,j-$),$=j}}function u(j,V){for(;j>=p&&(V=h.exec(t));)d=V.index,p=d+V[0].length,g.lineNumber++;g.columnNumber=j-d+1}for(var d=0,p=0,h=/.*(?:\r\n?|\n)|.*$/g,g=r.locator,A=[{currentNSMap:e}],_={},$=0;;){try{var S=t.indexOf("<",$);if(S<0){if(!t.substr($).match(/^\s*$/)){var k=r.doc,b=k.createTextNode(t.substr($));k.appendChild(b),r.currentElement=b}return}switch(S>$&&l(S),t.charAt(S+1)){case"/":var B=t.indexOf(">",S+3),T=t.substring(S+2,B).replace(/[ \t\n\r]+$/g,""),M=A.pop();B<0?(T=t.substring(S+2).replace(/[\s<].*/,""),i.error("end tag name: "+T+" is not complete:"+M.tagName),B=S+1+T.length):T.match(/\s</)&&(T=T.replace(/[\s<].*/,""),i.error("end tag name: "+T+" maybe not complete"),B=S+1+T.length);var U=M.localNSMap,H=M.tagName==T,W=H||M.tagName&&M.tagName.toLowerCase()==T.toLowerCase();if(W){if(r.endElement(M.uri,M.localName,T),U)for(var J in U)Object.prototype.hasOwnProperty.call(U,J)&&r.endPrefixMapping(J);H||i.fatalError("end tag name: "+T+" is not match the current start tagName:"+M.tagName)}else A.push(M);B++;break;case"?":g&&u(S),B=yE(t,S,r);break;case"!":g&&u(S),B=_E(t,S,r,i);break;default:g&&u(S);var ue=new Yy,Ne=A[A.length-1].currentNSMap,B=hE(t,S,ue,Ne,c,i),L=ue.length;if(!ue.closed&&mE(t,B,ue.tagName,_)&&(ue.closed=!0,n.nbsp||i.warning("unclosed xml attribute")),g&&L){for(var P=sm(g,{}),I=0;I<L;I++){var C=ue[I];u(C.offset),C.locator=sm(g,{})}r.locator=P,am(ue,r,Ne)&&A.push(ue),r.locator=g}else am(ue,r,Ne)&&A.push(ue);Yo.isHTML(ue.uri)&&!ue.closed?B=gE(t,B,ue.tagName,c,r):B++}}catch(j){if(j instanceof Vi)throw j;i.error("element parse error: "+j),B=-1}B>$?$=B:l(Math.max(S,$)+1)}}function sm(t,e){return e.lineNumber=t.lineNumber,e.columnNumber=t.columnNumber,e}function hE(t,e,n,r,i,o){function c(g,A,_){n.attributeNames.hasOwnProperty(g)&&o.fatalError("Attribute "+g+" redefined"),n.addValue(g,A.replace(/[\t\n\r]/g," ").replace(/&#?\w+;/g,i),_)}for(var l,u,d=++e,p=po;;){var h=t.charAt(d);switch(h){case"=":if(p===or)l=t.slice(e,d),p=fo;else if(p===di)p=fo;else throw new Error("attribute equal must after attrName");break;case"'":case'"':if(p===fo||p===or)if(p===or&&(o.warning('attribute value must after "="'),l=t.slice(e,d)),e=d+1,d=t.indexOf(h,e),d>0)u=t.slice(e,d),c(l,u,e-1),p=fi;else throw new Error("attribute value no end '"+h+"' match");else if(p==pi)u=t.slice(e,d),c(l,u,e),o.warning('attribute "'+l+'" missed start quot('+h+")!!"),e=d+1,p=fi;else throw new Error('attribute value must after "="');break;case"/":switch(p){case po:n.setTagName(t.slice(e,d));case fi:case ho:case Fs:p=Fs,n.closed=!0;case pi:case or:break;case di:n.closed=!0;break;default:throw new Error("attribute invalid close char('/')")}break;case"":return o.error("unexpected end of input"),p==po&&n.setTagName(t.slice(e,d)),d;case">":switch(p){case po:n.setTagName(t.slice(e,d));case fi:case ho:case Fs:break;case pi:case or:u=t.slice(e,d),u.slice(-1)==="/"&&(n.closed=!0,u=u.slice(0,-1));case di:p===di&&(u=l),p==pi?(o.warning('attribute "'+u+'" missed quot(")!'),c(l,u,e)):((!Yo.isHTML(r[""])||!u.match(/^(?:disabled|checked|selected)$/i))&&o.warning('attribute "'+u+'" missed value!! "'+u+'" instead!!'),c(u,u,e));break;case fo:throw new Error("attribute value missed!!")}return d;case"€":h=" ";default:if(h<=" ")switch(p){case po:n.setTagName(t.slice(e,d)),p=ho;break;case or:l=t.slice(e,d),p=di;break;case pi:var u=t.slice(e,d);o.warning('attribute "'+u+'" missed quot(")!!'),c(l,u,e);case fi:p=ho;break}else switch(p){case di:n.tagName,(!Yo.isHTML(r[""])||!l.match(/^(?:disabled|checked|selected)$/i))&&o.warning('attribute "'+l+'" missed value!! "'+l+'" instead2!!'),c(l,l,e),e=d,p=or;break;case fi:o.warning('attribute space is required"'+l+'"!!');case ho:p=or,e=d;break;case fo:p=pi,e=d;break;case Fs:throw new Error("elements closed character '/' and '>' must be connected to")}}d++}}function am(t,e,n){for(var r=t.tagName,i=null,h=t.length;h--;){var o=t[h],c=o.qName,l=o.value,g=c.indexOf(":");if(g>0)var u=o.prefix=c.slice(0,g),d=c.slice(g+1),p=u==="xmlns"&&d;else d=c,u=null,p=c==="xmlns"&&"";o.localName=d,p!==!1&&(i==null&&(i={},Jy(n,n={})),n[p]=i[p]=l,o.uri=Yo.XMLNS,e.startPrefixMapping(p,l))}for(var h=t.length;h--;){o=t[h];var u=o.prefix;u&&(u==="xml"&&(o.uri=Yo.XML),u!=="xmlns"&&(o.uri=n[u||""]))}var g=r.indexOf(":");g>0?(u=t.prefix=r.slice(0,g),d=t.localName=r.slice(g+1)):(u=null,d=t.localName=r);var A=t.uri=n[u||""];if(e.startElement(A,d,r,t),t.closed){if(e.endElement(A,d,r),i)for(u in i)Object.prototype.hasOwnProperty.call(i,u)&&e.endPrefixMapping(u)}else return t.currentNSMap=n,t.localNSMap=i,!0}function gE(t,e,n,r,i){if(/^(?:script|textarea)$/i.test(n)){var o=t.indexOf("</"+n+">",e),c=t.substring(e+1,o);if(/[&<]/.test(c))return/^script$/i.test(n)?(i.characters(c,0,c.length),o):(c=c.replace(/&#?\w+;/g,r),i.characters(c,0,c.length),o)}return e+1}function mE(t,e,n,r){var i=r[n];return i==null&&(i=t.lastIndexOf("</"+n+">"),i<e&&(i=t.lastIndexOf("</"+n)),r[n]=i),i<e}function Jy(t,e){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])}function _E(t,e,n,r){var i=t.charAt(e+2);switch(i){case"-":if(t.charAt(e+3)==="-"){var o=t.indexOf("-->",e+4);return o>e?(n.comment(t,e+4,o-e-4),o+3):(r.error("Unclosed comment"),-1)}else return-1;default:if(t.substr(e+3,6)=="CDATA["){var o=t.indexOf("]]>",e+9);return n.startCDATA(),n.characters(t,e+9,o-e-9),n.endCDATA(),o+3}var c=wE(t,e),l=c.length;if(l>1&&/!doctype/i.test(c[0][0])){var u=c[1][0],d=!1,p=!1;l>3&&(/^public$/i.test(c[2][0])?(d=c[3][0],p=l>4&&c[4][0]):/^system$/i.test(c[2][0])&&(p=c[3][0]));var h=c[l-1];return n.startDTD(u,d,p),n.endDTD(),h.index+h[0].length}}return-1}function yE(t,e,n){var r=t.indexOf("?>",e);if(r){var i=t.substring(e,r).match(/^<\?(\S*)\s*([\s\S]*?)\s*$/);return i?(i[0].length,n.processingInstruction(i[1],i[2]),r+2):-1}return-1}function Yy(){this.attributeNames={}}Yy.prototype={setTagName:function(t){if(!om.test(t))throw new Error("invalid tagName:"+t);this.tagName=t},addValue:function(t,e,n){if(!om.test(t))throw new Error("invalid attribute:"+t);this.attributeNames[t]=this.length,this[this.length++]={qName:t,value:e,offset:n}},length:0,getLocalName:function(t){return this[t].localName},getLocator:function(t){return this[t].locator},getQName:function(t){return this[t].qName},getURI:function(t){return this[t].uri},getValue:function(t){return this[t].value}};function wE(t,e){var n,r=[],i=/'[^']+'|"[^"]+"|[^\s<>\/=]+=?|(\/?\s*>|<)/g;for(i.lastIndex=e,i.exec(t);n=i.exec(t);)if(r.push(n),n[1])return r}Ff.XMLReader=Xy;Ff.ParseError=Vi;var vE=tr,bE=er,cm=Wy,Zy=Ff,xE=bE.DOMImplementation,lm=vE.NAMESPACE,$E=Zy.ParseError,AE=Zy.XMLReader;function Qy(t){return t.replace(/\r[\n\u0085]/g,`
282
282
  `).replace(/[\r\u0085\u2028]/g,`
283
283
  `)}function ew(t){this.options=t||{locator:{}}}ew.prototype.parseFromString=function(t,e){var n=this.options,r=new AE,i=n.domBuilder||new Ns,o=n.errorHandler,c=n.locator,l=n.xmlns||{},u=/\/x?html?$/.test(e),d=u?cm.HTML_ENTITIES:cm.XML_ENTITIES;c&&i.setDocumentLocator(c),r.errorHandler=EE(o,i,c),r.domBuilder=n.domBuilder||i,u&&(l[""]=lm.HTML),l.xml=l.xml||lm.XML;var p=n.normalizeLineEndings||Qy;return t&&typeof t=="string"?r.parse(p(t),l,d):r.errorHandler.error("invalid doc source"),i.doc};function EE(t,e,n){if(!t){if(e instanceof Ns)return e;t=e}var r={},i=t instanceof Function;n=n||{};function o(c){var l=t[c];!l&&i&&(l=t.length==2?function(u){t(c,u)}:t),r[c]=l&&function(u){l("[xmldom "+c+"] "+u+Qd(n))}||function(){}}return o("warning"),o("error"),o("fatalError"),r}function Ns(){this.cdata=!1}function hi(t,e){e.lineNumber=t.lineNumber,e.columnNumber=t.columnNumber}Ns.prototype={startDocument:function(){this.doc=new xE().createDocument(null,null,null),this.locator&&(this.doc.documentURI=this.locator.systemId)},startElement:function(t,e,n,r){var i=this.doc,o=i.createElementNS(t,n||e),c=r.length;Us(this,o),this.currentElement=o,this.locator&&hi(this.locator,o);for(var l=0;l<c;l++){var t=r.getURI(l),u=r.getValue(l),n=r.getQName(l),d=i.createAttributeNS(t,n);this.locator&&hi(r.getLocator(l),d),d.value=d.nodeValue=u,o.setAttributeNode(d)}},endElement:function(t,e,n){var r=this.currentElement;r.tagName,this.currentElement=r.parentNode},startPrefixMapping:function(t,e){},endPrefixMapping:function(t){},processingInstruction:function(t,e){var n=this.doc.createProcessingInstruction(t,e);this.locator&&hi(this.locator,n),Us(this,n)},ignorableWhitespace:function(t,e,n){},characters:function(t,e,n){if(t=um.apply(this,arguments),t){if(this.cdata)var r=this.doc.createCDATASection(t);else var r=this.doc.createTextNode(t);this.currentElement?this.currentElement.appendChild(r):/^\s*$/.test(t)&&this.doc.appendChild(r),this.locator&&hi(this.locator,r)}},skippedEntity:function(t){},endDocument:function(){this.doc.normalize()},setDocumentLocator:function(t){(this.locator=t)&&(t.lineNumber=0)},comment:function(t,e,n){t=um.apply(this,arguments);var r=this.doc.createComment(t);this.locator&&hi(this.locator,r),Us(this,r)},startCDATA:function(){this.cdata=!0},endCDATA:function(){this.cdata=!1},startDTD:function(t,e,n){var r=this.doc.implementation;if(r&&r.createDocumentType){var i=r.createDocumentType(t,e,n);this.locator&&hi(this.locator,i),Us(this,i),this.doc.doctype=i}},warning:function(t){console.warn("[xmldom warning] "+t,Qd(this.locator))},error:function(t){console.error("[xmldom error] "+t,Qd(this.locator))},fatalError:function(t){throw new $E(t,this.locator)}};function Qd(t){if(t)return`
284
- @`+(t.systemId||"")+"#[line:"+t.lineNumber+",col:"+t.columnNumber+"]"}function um(t,e,n){return typeof t=="string"?t.substr(e,n):t.length>=e+n||e?new java.lang.String(t,e,n)+"":t}"endDTD,startEntity,endEntity,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,resolveEntity,getExternalSubset,notationDecl,unparsedEntityDecl".replace(/\w+/g,function(t){Ns.prototype[t]=function(){return null}});function Us(t,e){t.currentElement?t.currentElement.appendChild(e):t.doc.appendChild(e)}Nl.__DOMHandler=Ns;Nl.normalizeLineEndings=Qy;Nl.DOMParser=ew;var tw=er;El.DOMImplementation=tw.DOMImplementation;El.XMLSerializer=tw.XMLSerializer;El.DOMParser=Nl.DOMParser;var Cl={};Object.defineProperty(Cl,"__esModule",{value:!0});Cl.EnvelopedSignature=void 0;const Ms=xl,su=be;class SE{constructor(){this.includeComments=!1,this.includeComments=!1}process(e,n){if(n.signatureNode==null){const o=Ms.select1("./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return su.isNodeLike(o)&&o.parentNode&&o.parentNode.removeChild(o),e}const r=n.signatureNode,i=Ms.select1(".//*[local-name(.)='SignatureValue']/text()",r);if(su.isTextNode(i)){const o=i.data,c=Ms.select(".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);for(const l of Array.isArray(c)?c:[]){const u=Ms.select1(".//*[local-name(.)='SignatureValue']/text()",l);if(su.isTextNode(u)){const d=u.data;o===d&&l.parentNode&&l.parentNode.removeChild(l)}}}return e}getAlgorithmName(){return"http://www.w3.org/2000/09/xmldsig#enveloped-signature"}}Cl.EnvelopedSignature=SE;var hr={};Object.defineProperty(hr,"__esModule",{value:!0});hr.Sha512=hr.Sha256=hr.Sha1=void 0;const Uf=_c;class kE{constructor(){this.getHash=function(e){const n=Uf.createHash("sha1");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2000/09/xmldsig#sha1"}}}hr.Sha1=kE;class NE{constructor(){this.getHash=function(e){const n=Uf.createHash("sha256");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha256"}}}hr.Sha256=NE;class CE{constructor(){this.getHash=function(e){const n=Uf.createHash("sha512");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha512"}}}hr.Sha512=CE;var wn={},Cs={};Object.defineProperty(Cs,"__esModule",{value:!0});Cs.createOptionalCallbackFunction=void 0;function IE(t){return typeof t=="function"}function TE(t){return(...e)=>{const n=e[e.length-1];if(IE(n))try{const r=t(...e.slice(0,-1));n(null,r)}catch(r){n(r instanceof Error?r:new Error("Unknown error"))}else return t(...e)}}Cs.createOptionalCallbackFunction=TE;Object.defineProperty(wn,"__esModule",{value:!0});wn.HmacSha1=wn.RsaSha512=wn.RsaSha256=wn.RsaSha1=void 0;const br=_c,xr=Cs;class OE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA1");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA1");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#rsa-sha1"}}wn.RsaSha1=OE;class DE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA256");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA256");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"}}wn.RsaSha256=DE;class zE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA512");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA512");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"}}wn.RsaSha512=zE;class RE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createHmac("SHA1",n);return r.update(e),r.digest("base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createHmac("SHA1",n);return i.update(e),i.digest("base64")===r}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#hmac-sha1"}}wn.HmacSha1=RE;Object.defineProperty(Al,"__esModule",{value:!0});Al.SignedXml=void 0;const zt=be,Cr=El,PE=_c,Mt=xl,dm=Qr,BE=Cl,pm=ei,au=hr,qs=wn,Oe=As;class Dn{constructor(e={}){this.signatureAlgorithm=void 0,this.canonicalizationAlgorithm=void 0,this.inclusiveNamespacesPrefixList=[],this.namespaceResolver={lookupNamespaceURI:function(){throw new Error("Not implemented")}},this.implicitTransforms=[],this.keyInfoAttributes={},this.getKeyInfoContent=Dn.getKeyInfoContent,this.getCertFromKeyInfo=Dn.getCertFromKeyInfo,this.id=0,this.signedXml="",this.signatureXml="",this.signatureNode=null,this.signatureValue="",this.originalXmlWithIds="",this.keyInfo=null,this.references=[],this.signedReferences=[],this.CanonicalizationAlgorithms={"http://www.w3.org/TR/2001/REC-xml-c14n-20010315":dm.C14nCanonicalization,"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments":dm.C14nCanonicalizationWithComments,"http://www.w3.org/2001/10/xml-exc-c14n#":pm.ExclusiveCanonicalization,"http://www.w3.org/2001/10/xml-exc-c14n#WithComments":pm.ExclusiveCanonicalizationWithComments,"http://www.w3.org/2000/09/xmldsig#enveloped-signature":BE.EnvelopedSignature},this.HashAlgorithms={"http://www.w3.org/2000/09/xmldsig#sha1":au.Sha1,"http://www.w3.org/2001/04/xmlenc#sha256":au.Sha256,"http://www.w3.org/2001/04/xmlenc#sha512":au.Sha512},this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#rsa-sha1":qs.RsaSha1,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256":qs.RsaSha256,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512":qs.RsaSha512};const{idMode:n,idAttribute:r,privateKey:i,publicCert:o,signatureAlgorithm:c,canonicalizationAlgorithm:l,inclusiveNamespacesPrefixList:u,implicitTransforms:d,keyInfoAttributes:p,getKeyInfoContent:h,getCertFromKeyInfo:g}=e;this.idMode=n,this.idAttributes=["Id","ID","id"],r&&this.idAttributes.unshift(r),this.privateKey=i,this.publicCert=o,this.signatureAlgorithm=c??this.signatureAlgorithm,this.canonicalizationAlgorithm=l,typeof u=="string"?this.inclusiveNamespacesPrefixList=u.split(" "):Oe.isArrayHasLength(u)&&(this.inclusiveNamespacesPrefixList=u),this.implicitTransforms=d??this.implicitTransforms,this.keyInfoAttributes=p??this.keyInfoAttributes,this.getKeyInfoContent=h??this.getKeyInfoContent,this.getCertFromKeyInfo=g??Dn.noop,this.CanonicalizationAlgorithms,this.HashAlgorithms,this.SignatureAlgorithms}enableHMAC(){this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#hmac-sha1":qs.HmacSha1},this.getKeyInfoContent=Dn.noop}static getKeyInfoContent({publicCert:e,prefix:n}){if(e==null)return null;n=n?`${n}:`:"";let r="";Buffer.isBuffer(e)&&(e=e.toString("latin1"));let i=[];return typeof e=="string"&&(i=e.match(Oe.EXTRACT_X509_CERTS)||[]),i.length>0&&(r=i.map(o=>`<${n}X509Certificate>${Oe.pemToDer(o).toString("base64")}</${n}X509Certificate>`).join("")),`<${n}X509Data>${r}</${n}X509Data>`}static getCertFromKeyInfo(e){if(e!=null){const n=Mt.select1(".//*[local-name(.)='X509Certificate']",e);if(zt.isNodeLike(n))return Oe.derToPem(n.textContent??"","CERTIFICATE")}return null}checkSignature(e,n){if(n!=null&&typeof n!="function")throw new Error("Last parameter must be a callback function");this.signedXml=e;const r=new Cr.DOMParser().parseFromString(e);this.references=[];const i=this.getCanonSignedInfoXml(r);if(!i){if(n){n(new Error("Canonical signed info cannot be empty"),!1);return}throw new Error("Canonical signed info cannot be empty")}const c=new Cr.DOMParser().parseFromString(i,"text/xml").documentElement;if(!c){if(n){n(new Error("Could not parse unverifiedSignedInfoCanon into a document"),!1);return}throw new Error("Could not parse unverifiedSignedInfoCanon into a document")}const l=Oe.findChildren(c,"Reference");if(!Oe.isArrayHasLength(l)){if(n){n(new Error("could not find any Reference elements"),!1);return}throw new Error("could not find any Reference elements")}for(const h of l)this.loadReference(h);if(!this.getReferences().every(h=>this.validateReference(h,r))){if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error("Could not validate all references"),!1);return}return!1}const u=this.findSignatureAlgorithm(this.signatureAlgorithm),d=this.getCertFromKeyInfo(this.keyInfo)||this.publicCert||this.privateKey;if(d==null)throw new Error("KeyInfo or publicCert or privateKey is required to validate signature");if(u.verifySignature(i,d,this.signatureValue)===!0)if(n)n(null,!0);else return!0;else if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`));return}else throw new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`)}getCanonSignedInfoXml(e){if(this.signatureNode==null)throw new Error("No signature found.");if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to get signed info for XML");const n=Oe.findChildren(this.signatureNode,"SignedInfo");if(n.length===0)throw new Error("could not find SignedInfo element in the message");if(n.length>1)throw new Error("could not get canonicalized signed info for a signature that contains multiple SignedInfo nodes");if((this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(!e||typeof e!="object"))throw new Error("When canonicalization method is non-exclusive, whole xml dom must be provided as an argument");const i={ancestorNamespaces:Oe.findAncestorNs(e,"//*[local-name()='SignedInfo']")};return this.getCanonXml([this.canonicalizationAlgorithm],n[0],i)}getCanonReferenceXml(e,n,r){Array.isArray(n.transforms)&&(n.ancestorNamespaces=Oe.findAncestorNs(e,n.xpath,this.namespaceResolver));const i={inclusiveNamespacesPrefixList:n.inclusiveNamespacesPrefixList,ancestorNamespaces:n.ancestorNamespaces};return this.getCanonXml(n.transforms,r,i)}calculateSignatureValue(e,n){const r=this.getCanonSignedInfoXml(e),i=this.findSignatureAlgorithm(this.signatureAlgorithm);if(this.privateKey==null)throw new Error("Private key is required to compute signature");typeof n=="function"?i.getSignature(r,this.privateKey,n):this.signatureValue=i.getSignature(r,this.privateKey)}findSignatureAlgorithm(e){if(e==null)throw new Error("signatureAlgorithm is required");const n=this.SignatureAlgorithms[e];if(n)return new n;throw new Error(`signature algorithm '${e}' is not supported`)}findCanonicalizationAlgorithm(e){if(e!=null){const n=this.CanonicalizationAlgorithms[e];if(n)return new n}throw new Error(`canonicalization algorithm '${e}' is not supported`)}findHashAlgorithm(e){const n=this.HashAlgorithms[e];if(n)return new n;throw new Error(`hash algorithm '${e}' is not supported`)}validateElementAgainstReferences(e,n){var i;let r;if(typeof e=="string"){const o=Mt.select1(e,n);zt.assertIsElementNode(o),r=o}else r=e;for(const o of this.getReferences()){const c=((i=o.uri)==null?void 0:i[0])==="#"?o.uri.substring(1):o.uri;for(const p of this.idAttributes){const h=r.getAttribute(p);if(c===h){o.xpath=`//*[@*[local-name(.)='${p}']='${c}']`;break}}const l=this.getCanonReferenceXml(n,o,r),d=this.findHashAlgorithm(o.digestAlgorithm).getHash(l);if(Oe.validateDigestValue(d,o.digestValue))return o}throw new Error("No references passed validation")}validateReference(e,n){var u;const r=((u=e.uri)==null?void 0:u[0])==="#"?e.uri.substring(1):e.uri;let i=null;if(r==="")i=Mt.select1("//*",n);else{if((r==null?void 0:r.indexOf("'"))!==-1)throw new Error("Cannot validate a uri with quotes inside it");{let d=0;for(const p of this.idAttributes){const h=`//*[@*[local-name(.)='${p}']='${r}']`,g=Mt.select(h,n);if(Oe.isArrayHasLength(g)){if(d+=g.length,d>1)throw new Error("Cannot validate a document which contains multiple elements with the same value for the ID / Id / Id attributes, in order to prevent signature wrapping attack.");i=g[0],e.xpath=h}}}}if(e.getValidatedNode=(0,PE.deprecate)(d=>{if(d=d||e.xpath,typeof d!="string"||e.validationError!=null)return null;const p=Mt.select1(d,n);return zt.isNodeLike(p)?p:null},"`ref.getValidatedNode()` is deprecated and insecure. Use `ref.signedReference` or `this.getSignedReferences()` instead."),!zt.isNodeLike(i)){const d=new Error(`invalid signature: the signature references an element with uri ${e.uri} but could not find such element in the xml`);return e.validationError=d,!1}const o=this.getCanonReferenceXml(n,e,i),l=this.findHashAlgorithm(e.digestAlgorithm).getHash(o);if(!Oe.validateDigestValue(l,e.digestValue)){const d=new Error(`invalid signature: for uri ${e.uri} calculated digest is ${l} but the xml to validate supplies digest ${e.digestValue}`);return e.validationError=d,!1}return this.signedReferences.push(o),e.signedReference=o,!0}findSignatures(e){const n=Mt.select("//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return zt.isArrayOfNodes(n)?n:[]}loadSignature(e){typeof e=="string"?this.signatureNode=e=new Cr.DOMParser().parseFromString(e):this.signatureNode=e,this.signatureXml=e.toString();const n=Mt.select1(".//*[local-name(.)='CanonicalizationMethod']/@Algorithm",e);if(!zt.isNodeLike(n))throw new Error("could not find CanonicalizationMethod/@Algorithm element");zt.isAttributeNode(n)&&(this.canonicalizationAlgorithm=n.value);const r=Mt.select1(".//*[local-name(.)='SignatureMethod']/@Algorithm",e);zt.isAttributeNode(r)&&(this.signatureAlgorithm=r.value);const i=Oe.findChildren(this.signatureNode,"SignedInfo");if(!Oe.isArrayHasLength(i))throw new Error("no signed info node found");if(i.length>1)throw new Error("could not load signature that contains multiple SignedInfo nodes");let o=this.canonicalizationAlgorithm;(!o||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(o="http://www.w3.org/2001/10/xml-exc-c14n#");const c=this.getCanonXml([o],i[0]),u=new Cr.DOMParser().parseFromString(c,"text/xml").documentElement;this.references=[];const d=Oe.findChildren(u,"Reference");if(!Oe.isArrayHasLength(d))throw new Error("could not find any Reference elements");for(const g of d)this.loadReference(g);const p=Mt.select1(".//*[local-name(.)='SignatureValue']/text()",e);zt.isTextNode(p)&&(this.signatureValue=p.data.replace(/\r?\n/g,""));const h=Mt.select1(".//*[local-name(.)='KeyInfo']",e);zt.isNodeLike(h)&&(this.keyInfo=h)}loadReference(e){let n=Oe.findChildren(e,"DigestMethod");if(n.length===0)throw new Error(`could not find DigestMethod in reference ${e.toString()}`);const r=n[0],i=Oe.findAttr(r,"Algorithm");if(!i)throw new Error(`could not find Algorithm attribute in node ${r.toString()}`);const o=i.value;if(n=Oe.findChildren(e,"DigestValue"),n.length===0)throw new Error(`could not find DigestValue node in reference ${e.toString()}`);if(n.length>1)throw new Error(`could not load reference for a node that contains multiple DigestValue nodes: ${e.toString()}`);const c=n[0].textContent;if(!c)throw new Error(`could not find the value of DigestValue in ${e.toString()}`);const l=[];let u=[];if(n=Oe.findChildren(e,"Transforms"),n.length!==0){const p=n[0],h=Oe.findChildren(p,"Transform");for(const A of h){const _=Oe.findAttr(A,"Algorithm");_&&l.push(_.value)}const g=Oe.findChildren(h[h.length-1],"InclusiveNamespaces");Oe.isArrayHasLength(g)&&(u=g.flatMap(A=>(A.getAttribute("PrefixList")??"").split(" ")).filter(A=>A.length>0))}Oe.isArrayHasLength(this.implicitTransforms)&&this.implicitTransforms.forEach(function(p){l.push(p)}),(l.length===0||l[l.length-1]==="http://www.w3.org/2000/09/xmldsig#enveloped-signature")&&l.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");const d=zt.isElementNode(e)&&e.getAttribute("URI")||void 0;this.addReference({transforms:l,digestAlgorithm:o,uri:d,digestValue:c,inclusiveNamespacesPrefixList:u,isEmptyUri:!1})}addReference({xpath:e,transforms:n,digestAlgorithm:r,uri:i="",digestValue:o,inclusiveNamespacesPrefixList:c=[],isEmptyUri:l=!1}){if(r==null)throw new Error("digestAlgorithm is required");if(!Oe.isArrayHasLength(n))throw new Error("transforms must contain at least one transform algorithm");this.references.push({xpath:e,transforms:n,digestAlgorithm:r,uri:i,digestValue:o,inclusiveNamespacesPrefixList:c,isEmptyUri:l,getValidatedNode:()=>{throw new Error("Reference has not been validated yet; Did you call `sig.checkSignature()`?")}})}getReferences(){return this.references}getSignedReferences(){return[...this.signedReferences]}computeSignature(e,n,r){let i;typeof n=="function"&&r==null?(i=n,n={}):(i=r,n=n??{});const o=new Cr.DOMParser().parseFromString(e);let c="xmlns";const l=[];let u;const d=["append","prepend","before","after"],p=n.prefix,h=n.attrs||{},g=n.location||{},A=n.existingPrefixes||{};if(this.namespaceResolver={lookupNamespaceURI:function(H){return H?A[H]:null}},g.reference=g.reference||"/*",g.action=g.action||"append",d.indexOf(g.action)===-1){const H=new Error(`location.action option has an invalid action: ${g.action}, must be any of the following values: ${d.join(", ")}`);if(i){i(H);return}else throw H}p?(c+=`:${p}`,u=`${p}:`):u="",Object.keys(h).forEach(function(H){H!=="xmlns"&&H!==c&&l.push(`${H}="${h[H]}"`)}),l.push(`${c}="http://www.w3.org/2000/09/xmldsig#"`);let _=`<${u}Signature ${l.join(" ")}>`;_+=this.createSignedInfo(o,p),_+=this.getKeyInfo(p),_+=`</${u}Signature>`,this.originalXmlWithIds=o.toString();let $="";Object.keys(A).forEach(function(H){$+=`xmlns:${H}="${A[H]}" `});const S=`<Dummy ${$}>${_}</Dummy>`,b=new Cr.DOMParser().parseFromString(S).documentElement.firstChild,T=Mt.select1(g.reference,o);if(!zt.isNodeLike(T)){const H=new Error(`the following xpath cannot be used because it was not found: ${g.reference}`);if(i){i(H);return}else throw H}if(g.action==="append")T.appendChild(b);else if(g.action==="prepend")T.insertBefore(b,T.firstChild);else if(g.action==="before"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `before`");T.parentNode.insertBefore(b,T)}else if(g.action==="after"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `after`");T.parentNode.insertBefore(b,T.nextSibling)}this.signatureNode=b;const M=Oe.findChildren(this.signatureNode,"SignedInfo");if(M.length===0){const H=new Error("could not find SignedInfo element in the message");if(i){i(H);return}else throw H}const U=M[0];typeof i=="function"?this.calculateSignatureValue(o,(H,W)=>{H?i(H):(this.signatureValue=W||"",b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString(),i(null,this))}):(this.calculateSignatureValue(o),b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString())}getKeyInfo(e){const n=e?`${e}:`:"";let r="";this.keyInfoAttributes&&Object.keys(this.keyInfoAttributes).forEach(o=>{r+=` ${o}="${this.keyInfoAttributes[o]}"`});const i=this.getKeyInfoContent({publicCert:this.publicCert,prefix:e});return r||i?`<${n}KeyInfo${r}>${i}</${n}KeyInfo>`:""}createReferences(e,n){let r="";n=n||"",n=n&&`${n}:`;for(const i of this.getReferences()){const o=Mt.selectWithResolver(i.xpath??"",e,this.namespaceResolver);if(!Oe.isArrayHasLength(o))throw new Error(`the following xpath cannot be signed because it was not found: ${i.xpath}`);for(const c of o){if(i.isEmptyUri)r+=`<${n}Reference URI="">`;else{const d=this.ensureHasId(c);i.uri=d,r+=`<${n}Reference URI="#${d}">`}r+=`<${n}Transforms>`;for(const d of i.transforms||[]){const p=this.findCanonicalizationAlgorithm(d);r+=`<${n}Transform Algorithm="${p.getAlgorithmName()}"`,Oe.isArrayHasLength(i.inclusiveNamespacesPrefixList)?(r+=">",r+=`<InclusiveNamespaces PrefixList="${i.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${p.getAlgorithmName()}"/>`,r+=`</${n}Transform>`):r+=" />"}const l=this.getCanonReferenceXml(e,i,c),u=this.findHashAlgorithm(i.digestAlgorithm);r+=`</${n}Transforms><${n}DigestMethod Algorithm="${u.getAlgorithmName()}" /><${n}DigestValue>${u.getHash(l)}</${n}DigestValue></${n}Reference>`}}return r}getCanonXml(e,n,r={}){r.defaultNsForPrefix=r.defaultNsForPrefix??Dn.defaultNsForPrefix,r.signatureNode=this.signatureNode;let o=n.cloneNode(!0);return e.forEach(c=>{zt.isNodeLike(o)&&(o=this.findCanonicalizationAlgorithm(c).process(o,r))}),o.toString()}ensureHasId(e){let n;if(this.idMode==="wssecurity"?n=Oe.findAttr(e,"Id","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"):this.idAttributes.some(i=>(n=Oe.findAttr(e,i),!!n)),n)return n.value;const r=`_${this.id++}`;return this.idMode==="wssecurity"?(e.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"),e.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd","wsu:Id",r)):e.setAttribute("Id",r),r}createSignedInfo(e,n){if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to create signed info for XML");const r=this.findCanonicalizationAlgorithm(this.canonicalizationAlgorithm),i=this.findSignatureAlgorithm(this.signatureAlgorithm);let o;o=n||"",o=o&&`${o}:`;let c=`<${o}SignedInfo>`;return c+=`<${o}CanonicalizationMethod Algorithm="${r.getAlgorithmName()}"`,Oe.isArrayHasLength(this.inclusiveNamespacesPrefixList)?(c+=">",c+=`<InclusiveNamespaces PrefixList="${this.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${r.getAlgorithmName()}"/>`,c+=`</${o}CanonicalizationMethod>`):c+=" />",c+=`<${o}SignatureMethod Algorithm="${i.getAlgorithmName()}" />`,c+=this.createReferences(e,n),c+=`</${o}SignedInfo>`,c}createSignature(e){let n="xmlns";e?(n+=`:${e}`,e+=":"):e="";const r=`<${e}SignatureValue>${this.signatureValue}</${e}SignatureValue>`,i=`<${e}Signature ${n}="http://www.w3.org/2000/09/xmldsig#">${r}</${e}Signature>`;return new Cr.DOMParser().parseFromString(i).documentElement.firstChild}getSignatureXml(){return this.signatureXml}getOriginalXmlWithIds(){return this.originalXmlWithIds}getSignedXml(){return this.signedXml}}Al.SignedXml=Dn;Dn.defaultNsForPrefix={ds:"http://www.w3.org/2000/09/xmldsig#"};Dn.noop=()=>null;(function(t){var e=cr&&cr.__createBinding||(Object.create?function(c,l,u,d){d===void 0&&(d=u);var p=Object.getOwnPropertyDescriptor(l,u);(!p||("get"in p?!l.__esModule:p.writable||p.configurable))&&(p={enumerable:!0,get:function(){return l[u]}}),Object.defineProperty(c,d,p)}:function(c,l,u,d){d===void 0&&(d=u),c[d]=l[u]}),n=cr&&cr.__exportStar||function(c,l){for(var u in c)u!=="default"&&!Object.prototype.hasOwnProperty.call(l,u)&&e(l,c,u)};Object.defineProperty(t,"__esModule",{value:!0}),t.SignedXml=t.ExclusiveCanonicalizationWithComments=t.ExclusiveCanonicalization=t.C14nCanonicalizationWithComments=t.C14nCanonicalization=void 0;var r=Qr;Object.defineProperty(t,"C14nCanonicalization",{enumerable:!0,get:function(){return r.C14nCanonicalization}}),Object.defineProperty(t,"C14nCanonicalizationWithComments",{enumerable:!0,get:function(){return r.C14nCanonicalizationWithComments}});var i=ei;Object.defineProperty(t,"ExclusiveCanonicalization",{enumerable:!0,get:function(){return i.ExclusiveCanonicalization}}),Object.defineProperty(t,"ExclusiveCanonicalizationWithComments",{enumerable:!0,get:function(){return i.ExclusiveCanonicalizationWithComments}});var o=Al;Object.defineProperty(t,"SignedXml",{enumerable:!0,get:function(){return o.SignedXml}}),n(Cs,t),n(As,t)})(I8);async function jE(t){const e=new DecompressionStream("deflate-raw"),n=new Blob([t]).stream().pipeThrough(e);return new Uint8Array(await new Response(n).arrayBuffer())}async function LE(t){const e=await r2.decode(t.replace(/ /g,"+"));try{const n=await jE(e);return new TextDecoder().decode(n)}catch(n){return console.warn("Decompression failed, assuming data is not compressed:",n),new TextDecoder().decode(e)}}async function FE(t){const e=await LE(t),r=new hp.XMLParser({attributeNamePrefix:"@_",alwaysCreateTextNode:!0,ignoreAttributes:!1}).parse(e);return k8.parse(r)}function UE(t){const e=[{":@":{"@_entityID":t.entityId,"@_xmlns":"urn:oasis:names:tc:SAML:2.0:metadata"},EntityDescriptor:[{":@":{"@_protocolSupportEnumeration":"urn:oasis:names:tc:SAML:2.0:protocol"},IDPSSODescriptor:[{":@":{"@_use":"signing"},KeyDescriptor:[{":@":{"@_xmlns":"http://www.w3.org/2000/09/xmldsig#"},KeyInfo:[{X509Data:[{X509Certificate:[{"#text":t.cert}]}]}]}]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"}]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"E-Mail Address","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Given Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Surname","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name ID","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]}]}]}];return new hp.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0,format:!0}).build(e)}const ME=new s.OpenAPIHono().openapi(s.createRoute({tags:["saml"],method:"get",path:"/metadata/{client_id}",request:{params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{var l,u;const{client_id:e}=t.req.valid("param"),n=await t.env.data.clients.get(e);if(!n)throw new R(404,{message:"Client not found"});const[r]=await t.env.data.keys.list();if(!r)throw new R(500,{message:"No signing key found"});const i=new pl(r.cert),o=t.env.ISSUER,c=UE({entityId:((u=(l=n.addons)==null?void 0:l.samlp)==null?void 0:u.audience)||n.id,cert:i.toString("base64"),assertionConsumerServiceUrl:`${o}samlp/${e}`,singleLogoutServiceUrl:`${o}samlp/${e}/logout`});return new Response(c,{headers:{"Content-Type":"text/xml"}})}).openapi(s.createRoute({tags:["saml"],method:"get",path:"/{client_id}",request:{query:s.z.object({SAMLRequest:s.z.string(),RelayState:s.z.string().optional(),SigAlg:s.z.string().optional(),Signature:s.z.string().optional()}),params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{const{client_id:e}=t.req.valid("param"),{SAMLRequest:n,RelayState:r}=t.req.valid("query"),i=await FE(n),o=i["samlp:AuthnRequest"]["saml:Issuer"]["#text"],c=await t.env.data.loginSessions.create(t.var.tenant_id,{csrf_token:qe(),authParams:{client_id:e,state:JSON.stringify({requestId:i["samlp:AuthnRequest"]["@_ID"],relayState:r}),response_mode:vn.SAML_POST,redirect_uri:i["samlp:AuthnRequest"]["@_AssertionConsumerServiceURL"],audience:o},expires_at:new Date(Date.now()+ki*1e3).toISOString(),ip:t.get("ip"),useragent:t.get("useragent"),auth0Client:yr(t.get("auth0_client"))});return t.redirect(`/u/login/identifier?state=${c.id}`)});function qE(t){const e=new s.OpenAPIHono;e.use(async(r,i)=>{const o=Qo(r,t.dataAdapter),c=_l(o,{defaultTtl:3e5,cacheEntities:["tenants","connections","clients"]});return r.env.data=hl(r,c),i()}),e.use(ml).use(gl).use(af(e));const n=e.route("/",ME);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"SAML API"},security:[{oauth2:["openid","email","profile"]}]}),sf(n),n}const VE="Account detected",HE="Account",KE="We have detected that you have already created an account through",GE="By signing in, you agree to our",WE="and",XE="email address",JE="email or phone number",YE="phone number",ZE="Callback URL mismatch",QE="The provided redirect_uri is not in the list of allowed callback URLs.",eS="continue with user",tS="Please click the button to create a new password account.",nS="Enter the code at {{vendorName}} to complete the login",rS="Welcome to {{vendorName}}! {{code}} is the login code",iS="Welcome to {{vendorName}}! {{code}} is the login code",oS="Code expired",sS="Invalid code",aS="Please check <0>{{username}}</0> and enter the six-digit code that we've sent you.",cS="The code is already used",lS="The code is valid for 30 minutes",uS="Confirm password",dS="Need Help?",pS="Contact us",fS="or continue with social account",hS="Continue with {{provider}}",gS="Would you like to continue with your existing account?",mS="Copyright © 2023 SESAMY. All rights reserved.",_S="©2023 Sesamy",yS="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",wS="Please enter a valid email address.",vS="The passwords didn't match. Try again.",bS="Choose password",xS="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",$S="Create new account",AS="Sign up with password",ES="You are currently logged in as <0>{{email}}</0>",SS="Email",kS="Email changed to <0>{{email}}</0> ",NS="Email or Phone Number",CS="Email address",IS="Your email address has been validated",TS="Now enter your password to login again",OS="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",DS="Email verification sent",zS="Enter a code",RS="We'll send you a verification link to ensure you own this email address.",PS="Enter new email",BS="Enter new password",jS="Enter password",LS="Enter your email address and password to login.",FS="Enter your password",US="The magic link has expired. Please click on the button below to receive a new link in your inbox.",MS="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",qS="Send password reset email",VS="Click the button below and we’ll send instructions on how to reset your password.",HS="Password reset email sent",KS="Forgot password?",GS="Forgot password?",WS="Go back",XS="Hide password",JS="Invalid identifier",YS="Invalid password",ZS=`The link is no longer valid.
284
+ @`+(t.systemId||"")+"#[line:"+t.lineNumber+",col:"+t.columnNumber+"]"}function um(t,e,n){return typeof t=="string"?t.substr(e,n):t.length>=e+n||e?new java.lang.String(t,e,n)+"":t}"endDTD,startEntity,endEntity,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,resolveEntity,getExternalSubset,notationDecl,unparsedEntityDecl".replace(/\w+/g,function(t){Ns.prototype[t]=function(){return null}});function Us(t,e){t.currentElement?t.currentElement.appendChild(e):t.doc.appendChild(e)}Nl.__DOMHandler=Ns;Nl.normalizeLineEndings=Qy;Nl.DOMParser=ew;var tw=er;El.DOMImplementation=tw.DOMImplementation;El.XMLSerializer=tw.XMLSerializer;El.DOMParser=Nl.DOMParser;var Cl={};Object.defineProperty(Cl,"__esModule",{value:!0});Cl.EnvelopedSignature=void 0;const Ms=xl,su=be;class SE{constructor(){this.includeComments=!1,this.includeComments=!1}process(e,n){if(n.signatureNode==null){const o=Ms.select1("./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return su.isNodeLike(o)&&o.parentNode&&o.parentNode.removeChild(o),e}const r=n.signatureNode,i=Ms.select1(".//*[local-name(.)='SignatureValue']/text()",r);if(su.isTextNode(i)){const o=i.data,c=Ms.select(".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);for(const l of Array.isArray(c)?c:[]){const u=Ms.select1(".//*[local-name(.)='SignatureValue']/text()",l);if(su.isTextNode(u)){const d=u.data;o===d&&l.parentNode&&l.parentNode.removeChild(l)}}}return e}getAlgorithmName(){return"http://www.w3.org/2000/09/xmldsig#enveloped-signature"}}Cl.EnvelopedSignature=SE;var hr={};Object.defineProperty(hr,"__esModule",{value:!0});hr.Sha512=hr.Sha256=hr.Sha1=void 0;const Uf=_c;class kE{constructor(){this.getHash=function(e){const n=Uf.createHash("sha1");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2000/09/xmldsig#sha1"}}}hr.Sha1=kE;class NE{constructor(){this.getHash=function(e){const n=Uf.createHash("sha256");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha256"}}}hr.Sha256=NE;class CE{constructor(){this.getHash=function(e){const n=Uf.createHash("sha512");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha512"}}}hr.Sha512=CE;var wn={},Cs={};Object.defineProperty(Cs,"__esModule",{value:!0});Cs.createOptionalCallbackFunction=void 0;function IE(t){return typeof t=="function"}function TE(t){return(...e)=>{const n=e[e.length-1];if(IE(n))try{const r=t(...e.slice(0,-1));n(null,r)}catch(r){n(r instanceof Error?r:new Error("Unknown error"))}else return t(...e)}}Cs.createOptionalCallbackFunction=TE;Object.defineProperty(wn,"__esModule",{value:!0});wn.HmacSha1=wn.RsaSha512=wn.RsaSha256=wn.RsaSha1=void 0;const br=_c,xr=Cs;class OE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA1");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA1");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#rsa-sha1"}}wn.RsaSha1=OE;class DE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA256");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA256");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"}}wn.RsaSha256=DE;class zE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA512");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA512");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"}}wn.RsaSha512=zE;class RE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createHmac("SHA1",n);return r.update(e),r.digest("base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createHmac("SHA1",n);return i.update(e),i.digest("base64")===r}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#hmac-sha1"}}wn.HmacSha1=RE;Object.defineProperty(Al,"__esModule",{value:!0});Al.SignedXml=void 0;const zt=be,Cr=El,PE=_c,Mt=xl,dm=Qr,BE=Cl,pm=ei,au=hr,qs=wn,Oe=As;class Dn{constructor(e={}){this.signatureAlgorithm=void 0,this.canonicalizationAlgorithm=void 0,this.inclusiveNamespacesPrefixList=[],this.namespaceResolver={lookupNamespaceURI:function(){throw new Error("Not implemented")}},this.implicitTransforms=[],this.keyInfoAttributes={},this.getKeyInfoContent=Dn.getKeyInfoContent,this.getCertFromKeyInfo=Dn.getCertFromKeyInfo,this.id=0,this.signedXml="",this.signatureXml="",this.signatureNode=null,this.signatureValue="",this.originalXmlWithIds="",this.keyInfo=null,this.references=[],this.signedReferences=[],this.CanonicalizationAlgorithms={"http://www.w3.org/TR/2001/REC-xml-c14n-20010315":dm.C14nCanonicalization,"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments":dm.C14nCanonicalizationWithComments,"http://www.w3.org/2001/10/xml-exc-c14n#":pm.ExclusiveCanonicalization,"http://www.w3.org/2001/10/xml-exc-c14n#WithComments":pm.ExclusiveCanonicalizationWithComments,"http://www.w3.org/2000/09/xmldsig#enveloped-signature":BE.EnvelopedSignature},this.HashAlgorithms={"http://www.w3.org/2000/09/xmldsig#sha1":au.Sha1,"http://www.w3.org/2001/04/xmlenc#sha256":au.Sha256,"http://www.w3.org/2001/04/xmlenc#sha512":au.Sha512},this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#rsa-sha1":qs.RsaSha1,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256":qs.RsaSha256,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512":qs.RsaSha512};const{idMode:n,idAttribute:r,privateKey:i,publicCert:o,signatureAlgorithm:c,canonicalizationAlgorithm:l,inclusiveNamespacesPrefixList:u,implicitTransforms:d,keyInfoAttributes:p,getKeyInfoContent:h,getCertFromKeyInfo:g}=e;this.idMode=n,this.idAttributes=["Id","ID","id"],r&&this.idAttributes.unshift(r),this.privateKey=i,this.publicCert=o,this.signatureAlgorithm=c??this.signatureAlgorithm,this.canonicalizationAlgorithm=l,typeof u=="string"?this.inclusiveNamespacesPrefixList=u.split(" "):Oe.isArrayHasLength(u)&&(this.inclusiveNamespacesPrefixList=u),this.implicitTransforms=d??this.implicitTransforms,this.keyInfoAttributes=p??this.keyInfoAttributes,this.getKeyInfoContent=h??this.getKeyInfoContent,this.getCertFromKeyInfo=g??Dn.noop,this.CanonicalizationAlgorithms,this.HashAlgorithms,this.SignatureAlgorithms}enableHMAC(){this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#hmac-sha1":qs.HmacSha1},this.getKeyInfoContent=Dn.noop}static getKeyInfoContent({publicCert:e,prefix:n}){if(e==null)return null;n=n?`${n}:`:"";let r="";Buffer.isBuffer(e)&&(e=e.toString("latin1"));let i=[];return typeof e=="string"&&(i=e.match(Oe.EXTRACT_X509_CERTS)||[]),i.length>0&&(r=i.map(o=>`<${n}X509Certificate>${Oe.pemToDer(o).toString("base64")}</${n}X509Certificate>`).join("")),`<${n}X509Data>${r}</${n}X509Data>`}static getCertFromKeyInfo(e){if(e!=null){const n=Mt.select1(".//*[local-name(.)='X509Certificate']",e);if(zt.isNodeLike(n))return Oe.derToPem(n.textContent??"","CERTIFICATE")}return null}checkSignature(e,n){if(n!=null&&typeof n!="function")throw new Error("Last parameter must be a callback function");this.signedXml=e;const r=new Cr.DOMParser().parseFromString(e);this.references=[];const i=this.getCanonSignedInfoXml(r);if(!i){if(n){n(new Error("Canonical signed info cannot be empty"),!1);return}throw new Error("Canonical signed info cannot be empty")}const c=new Cr.DOMParser().parseFromString(i,"text/xml").documentElement;if(!c){if(n){n(new Error("Could not parse unverifiedSignedInfoCanon into a document"),!1);return}throw new Error("Could not parse unverifiedSignedInfoCanon into a document")}const l=Oe.findChildren(c,"Reference");if(!Oe.isArrayHasLength(l)){if(n){n(new Error("could not find any Reference elements"),!1);return}throw new Error("could not find any Reference elements")}for(const h of l)this.loadReference(h);if(!this.getReferences().every(h=>this.validateReference(h,r))){if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error("Could not validate all references"),!1);return}return!1}const u=this.findSignatureAlgorithm(this.signatureAlgorithm),d=this.getCertFromKeyInfo(this.keyInfo)||this.publicCert||this.privateKey;if(d==null)throw new Error("KeyInfo or publicCert or privateKey is required to validate signature");if(u.verifySignature(i,d,this.signatureValue)===!0)if(n)n(null,!0);else return!0;else if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`));return}else throw new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`)}getCanonSignedInfoXml(e){if(this.signatureNode==null)throw new Error("No signature found.");if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to get signed info for XML");const n=Oe.findChildren(this.signatureNode,"SignedInfo");if(n.length===0)throw new Error("could not find SignedInfo element in the message");if(n.length>1)throw new Error("could not get canonicalized signed info for a signature that contains multiple SignedInfo nodes");if((this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(!e||typeof e!="object"))throw new Error("When canonicalization method is non-exclusive, whole xml dom must be provided as an argument");const i={ancestorNamespaces:Oe.findAncestorNs(e,"//*[local-name()='SignedInfo']")};return this.getCanonXml([this.canonicalizationAlgorithm],n[0],i)}getCanonReferenceXml(e,n,r){Array.isArray(n.transforms)&&(n.ancestorNamespaces=Oe.findAncestorNs(e,n.xpath,this.namespaceResolver));const i={inclusiveNamespacesPrefixList:n.inclusiveNamespacesPrefixList,ancestorNamespaces:n.ancestorNamespaces};return this.getCanonXml(n.transforms,r,i)}calculateSignatureValue(e,n){const r=this.getCanonSignedInfoXml(e),i=this.findSignatureAlgorithm(this.signatureAlgorithm);if(this.privateKey==null)throw new Error("Private key is required to compute signature");typeof n=="function"?i.getSignature(r,this.privateKey,n):this.signatureValue=i.getSignature(r,this.privateKey)}findSignatureAlgorithm(e){if(e==null)throw new Error("signatureAlgorithm is required");const n=this.SignatureAlgorithms[e];if(n)return new n;throw new Error(`signature algorithm '${e}' is not supported`)}findCanonicalizationAlgorithm(e){if(e!=null){const n=this.CanonicalizationAlgorithms[e];if(n)return new n}throw new Error(`canonicalization algorithm '${e}' is not supported`)}findHashAlgorithm(e){const n=this.HashAlgorithms[e];if(n)return new n;throw new Error(`hash algorithm '${e}' is not supported`)}validateElementAgainstReferences(e,n){var i;let r;if(typeof e=="string"){const o=Mt.select1(e,n);zt.assertIsElementNode(o),r=o}else r=e;for(const o of this.getReferences()){const c=((i=o.uri)==null?void 0:i[0])==="#"?o.uri.substring(1):o.uri;for(const p of this.idAttributes){const h=r.getAttribute(p);if(c===h){o.xpath=`//*[@*[local-name(.)='${p}']='${c}']`;break}}const l=this.getCanonReferenceXml(n,o,r),d=this.findHashAlgorithm(o.digestAlgorithm).getHash(l);if(Oe.validateDigestValue(d,o.digestValue))return o}throw new Error("No references passed validation")}validateReference(e,n){var u;const r=((u=e.uri)==null?void 0:u[0])==="#"?e.uri.substring(1):e.uri;let i=null;if(r==="")i=Mt.select1("//*",n);else{if((r==null?void 0:r.indexOf("'"))!==-1)throw new Error("Cannot validate a uri with quotes inside it");{let d=0;for(const p of this.idAttributes){const h=`//*[@*[local-name(.)='${p}']='${r}']`,g=Mt.select(h,n);if(Oe.isArrayHasLength(g)){if(d+=g.length,d>1)throw new Error("Cannot validate a document which contains multiple elements with the same value for the ID / Id / Id attributes, in order to prevent signature wrapping attack.");i=g[0],e.xpath=h}}}}if(e.getValidatedNode=(0,PE.deprecate)(d=>{if(d=d||e.xpath,typeof d!="string"||e.validationError!=null)return null;const p=Mt.select1(d,n);return zt.isNodeLike(p)?p:null},"`ref.getValidatedNode()` is deprecated and insecure. Use `ref.signedReference` or `this.getSignedReferences()` instead."),!zt.isNodeLike(i)){const d=new Error(`invalid signature: the signature references an element with uri ${e.uri} but could not find such element in the xml`);return e.validationError=d,!1}const o=this.getCanonReferenceXml(n,e,i),l=this.findHashAlgorithm(e.digestAlgorithm).getHash(o);if(!Oe.validateDigestValue(l,e.digestValue)){const d=new Error(`invalid signature: for uri ${e.uri} calculated digest is ${l} but the xml to validate supplies digest ${e.digestValue}`);return e.validationError=d,!1}return this.signedReferences.push(o),e.signedReference=o,!0}findSignatures(e){const n=Mt.select("//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return zt.isArrayOfNodes(n)?n:[]}loadSignature(e){typeof e=="string"?this.signatureNode=e=new Cr.DOMParser().parseFromString(e):this.signatureNode=e,this.signatureXml=e.toString();const n=Mt.select1(".//*[local-name(.)='CanonicalizationMethod']/@Algorithm",e);if(!zt.isNodeLike(n))throw new Error("could not find CanonicalizationMethod/@Algorithm element");zt.isAttributeNode(n)&&(this.canonicalizationAlgorithm=n.value);const r=Mt.select1(".//*[local-name(.)='SignatureMethod']/@Algorithm",e);zt.isAttributeNode(r)&&(this.signatureAlgorithm=r.value);const i=Oe.findChildren(this.signatureNode,"SignedInfo");if(!Oe.isArrayHasLength(i))throw new Error("no signed info node found");if(i.length>1)throw new Error("could not load signature that contains multiple SignedInfo nodes");let o=this.canonicalizationAlgorithm;(!o||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(o="http://www.w3.org/2001/10/xml-exc-c14n#");const c=this.getCanonXml([o],i[0]),u=new Cr.DOMParser().parseFromString(c,"text/xml").documentElement;this.references=[];const d=Oe.findChildren(u,"Reference");if(!Oe.isArrayHasLength(d))throw new Error("could not find any Reference elements");for(const g of d)this.loadReference(g);const p=Mt.select1(".//*[local-name(.)='SignatureValue']/text()",e);zt.isTextNode(p)&&(this.signatureValue=p.data.replace(/\r?\n/g,""));const h=Mt.select1(".//*[local-name(.)='KeyInfo']",e);zt.isNodeLike(h)&&(this.keyInfo=h)}loadReference(e){let n=Oe.findChildren(e,"DigestMethod");if(n.length===0)throw new Error(`could not find DigestMethod in reference ${e.toString()}`);const r=n[0],i=Oe.findAttr(r,"Algorithm");if(!i)throw new Error(`could not find Algorithm attribute in node ${r.toString()}`);const o=i.value;if(n=Oe.findChildren(e,"DigestValue"),n.length===0)throw new Error(`could not find DigestValue node in reference ${e.toString()}`);if(n.length>1)throw new Error(`could not load reference for a node that contains multiple DigestValue nodes: ${e.toString()}`);const c=n[0].textContent;if(!c)throw new Error(`could not find the value of DigestValue in ${e.toString()}`);const l=[];let u=[];if(n=Oe.findChildren(e,"Transforms"),n.length!==0){const p=n[0],h=Oe.findChildren(p,"Transform");for(const A of h){const _=Oe.findAttr(A,"Algorithm");_&&l.push(_.value)}const g=Oe.findChildren(h[h.length-1],"InclusiveNamespaces");Oe.isArrayHasLength(g)&&(u=g.flatMap(A=>(A.getAttribute("PrefixList")??"").split(" ")).filter(A=>A.length>0))}Oe.isArrayHasLength(this.implicitTransforms)&&this.implicitTransforms.forEach(function(p){l.push(p)}),(l.length===0||l[l.length-1]==="http://www.w3.org/2000/09/xmldsig#enveloped-signature")&&l.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");const d=zt.isElementNode(e)&&e.getAttribute("URI")||void 0;this.addReference({transforms:l,digestAlgorithm:o,uri:d,digestValue:c,inclusiveNamespacesPrefixList:u,isEmptyUri:!1})}addReference({xpath:e,transforms:n,digestAlgorithm:r,uri:i="",digestValue:o,inclusiveNamespacesPrefixList:c=[],isEmptyUri:l=!1}){if(r==null)throw new Error("digestAlgorithm is required");if(!Oe.isArrayHasLength(n))throw new Error("transforms must contain at least one transform algorithm");this.references.push({xpath:e,transforms:n,digestAlgorithm:r,uri:i,digestValue:o,inclusiveNamespacesPrefixList:c,isEmptyUri:l,getValidatedNode:()=>{throw new Error("Reference has not been validated yet; Did you call `sig.checkSignature()`?")}})}getReferences(){return this.references}getSignedReferences(){return[...this.signedReferences]}computeSignature(e,n,r){let i;typeof n=="function"&&r==null?(i=n,n={}):(i=r,n=n??{});const o=new Cr.DOMParser().parseFromString(e);let c="xmlns";const l=[];let u;const d=["append","prepend","before","after"],p=n.prefix,h=n.attrs||{},g=n.location||{},A=n.existingPrefixes||{};if(this.namespaceResolver={lookupNamespaceURI:function(H){return H?A[H]:null}},g.reference=g.reference||"/*",g.action=g.action||"append",d.indexOf(g.action)===-1){const H=new Error(`location.action option has an invalid action: ${g.action}, must be any of the following values: ${d.join(", ")}`);if(i){i(H);return}else throw H}p?(c+=`:${p}`,u=`${p}:`):u="",Object.keys(h).forEach(function(H){H!=="xmlns"&&H!==c&&l.push(`${H}="${h[H]}"`)}),l.push(`${c}="http://www.w3.org/2000/09/xmldsig#"`);let _=`<${u}Signature ${l.join(" ")}>`;_+=this.createSignedInfo(o,p),_+=this.getKeyInfo(p),_+=`</${u}Signature>`,this.originalXmlWithIds=o.toString();let $="";Object.keys(A).forEach(function(H){$+=`xmlns:${H}="${A[H]}" `});const S=`<Dummy ${$}>${_}</Dummy>`,b=new Cr.DOMParser().parseFromString(S).documentElement.firstChild,T=Mt.select1(g.reference,o);if(!zt.isNodeLike(T)){const H=new Error(`the following xpath cannot be used because it was not found: ${g.reference}`);if(i){i(H);return}else throw H}if(g.action==="append")T.appendChild(b);else if(g.action==="prepend")T.insertBefore(b,T.firstChild);else if(g.action==="before"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `before`");T.parentNode.insertBefore(b,T)}else if(g.action==="after"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `after`");T.parentNode.insertBefore(b,T.nextSibling)}this.signatureNode=b;const M=Oe.findChildren(this.signatureNode,"SignedInfo");if(M.length===0){const H=new Error("could not find SignedInfo element in the message");if(i){i(H);return}else throw H}const U=M[0];typeof i=="function"?this.calculateSignatureValue(o,(H,W)=>{H?i(H):(this.signatureValue=W||"",b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString(),i(null,this))}):(this.calculateSignatureValue(o),b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString())}getKeyInfo(e){const n=e?`${e}:`:"";let r="";this.keyInfoAttributes&&Object.keys(this.keyInfoAttributes).forEach(o=>{r+=` ${o}="${this.keyInfoAttributes[o]}"`});const i=this.getKeyInfoContent({publicCert:this.publicCert,prefix:e});return r||i?`<${n}KeyInfo${r}>${i}</${n}KeyInfo>`:""}createReferences(e,n){let r="";n=n||"",n=n&&`${n}:`;for(const i of this.getReferences()){const o=Mt.selectWithResolver(i.xpath??"",e,this.namespaceResolver);if(!Oe.isArrayHasLength(o))throw new Error(`the following xpath cannot be signed because it was not found: ${i.xpath}`);for(const c of o){if(i.isEmptyUri)r+=`<${n}Reference URI="">`;else{const d=this.ensureHasId(c);i.uri=d,r+=`<${n}Reference URI="#${d}">`}r+=`<${n}Transforms>`;for(const d of i.transforms||[]){const p=this.findCanonicalizationAlgorithm(d);r+=`<${n}Transform Algorithm="${p.getAlgorithmName()}"`,Oe.isArrayHasLength(i.inclusiveNamespacesPrefixList)?(r+=">",r+=`<InclusiveNamespaces PrefixList="${i.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${p.getAlgorithmName()}"/>`,r+=`</${n}Transform>`):r+=" />"}const l=this.getCanonReferenceXml(e,i,c),u=this.findHashAlgorithm(i.digestAlgorithm);r+=`</${n}Transforms><${n}DigestMethod Algorithm="${u.getAlgorithmName()}" /><${n}DigestValue>${u.getHash(l)}</${n}DigestValue></${n}Reference>`}}return r}getCanonXml(e,n,r={}){r.defaultNsForPrefix=r.defaultNsForPrefix??Dn.defaultNsForPrefix,r.signatureNode=this.signatureNode;let o=n.cloneNode(!0);return e.forEach(c=>{zt.isNodeLike(o)&&(o=this.findCanonicalizationAlgorithm(c).process(o,r))}),o.toString()}ensureHasId(e){let n;if(this.idMode==="wssecurity"?n=Oe.findAttr(e,"Id","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"):this.idAttributes.some(i=>(n=Oe.findAttr(e,i),!!n)),n)return n.value;const r=`_${this.id++}`;return this.idMode==="wssecurity"?(e.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"),e.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd","wsu:Id",r)):e.setAttribute("Id",r),r}createSignedInfo(e,n){if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to create signed info for XML");const r=this.findCanonicalizationAlgorithm(this.canonicalizationAlgorithm),i=this.findSignatureAlgorithm(this.signatureAlgorithm);let o;o=n||"",o=o&&`${o}:`;let c=`<${o}SignedInfo>`;return c+=`<${o}CanonicalizationMethod Algorithm="${r.getAlgorithmName()}"`,Oe.isArrayHasLength(this.inclusiveNamespacesPrefixList)?(c+=">",c+=`<InclusiveNamespaces PrefixList="${this.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${r.getAlgorithmName()}"/>`,c+=`</${o}CanonicalizationMethod>`):c+=" />",c+=`<${o}SignatureMethod Algorithm="${i.getAlgorithmName()}" />`,c+=this.createReferences(e,n),c+=`</${o}SignedInfo>`,c}createSignature(e){let n="xmlns";e?(n+=`:${e}`,e+=":"):e="";const r=`<${e}SignatureValue>${this.signatureValue}</${e}SignatureValue>`,i=`<${e}Signature ${n}="http://www.w3.org/2000/09/xmldsig#">${r}</${e}Signature>`;return new Cr.DOMParser().parseFromString(i).documentElement.firstChild}getSignatureXml(){return this.signatureXml}getOriginalXmlWithIds(){return this.originalXmlWithIds}getSignedXml(){return this.signedXml}}Al.SignedXml=Dn;Dn.defaultNsForPrefix={ds:"http://www.w3.org/2000/09/xmldsig#"};Dn.noop=()=>null;(function(t){var e=cr&&cr.__createBinding||(Object.create?function(c,l,u,d){d===void 0&&(d=u);var p=Object.getOwnPropertyDescriptor(l,u);(!p||("get"in p?!l.__esModule:p.writable||p.configurable))&&(p={enumerable:!0,get:function(){return l[u]}}),Object.defineProperty(c,d,p)}:function(c,l,u,d){d===void 0&&(d=u),c[d]=l[u]}),n=cr&&cr.__exportStar||function(c,l){for(var u in c)u!=="default"&&!Object.prototype.hasOwnProperty.call(l,u)&&e(l,c,u)};Object.defineProperty(t,"__esModule",{value:!0}),t.SignedXml=t.ExclusiveCanonicalizationWithComments=t.ExclusiveCanonicalization=t.C14nCanonicalizationWithComments=t.C14nCanonicalization=void 0;var r=Qr;Object.defineProperty(t,"C14nCanonicalization",{enumerable:!0,get:function(){return r.C14nCanonicalization}}),Object.defineProperty(t,"C14nCanonicalizationWithComments",{enumerable:!0,get:function(){return r.C14nCanonicalizationWithComments}});var i=ei;Object.defineProperty(t,"ExclusiveCanonicalization",{enumerable:!0,get:function(){return i.ExclusiveCanonicalization}}),Object.defineProperty(t,"ExclusiveCanonicalizationWithComments",{enumerable:!0,get:function(){return i.ExclusiveCanonicalizationWithComments}});var o=Al;Object.defineProperty(t,"SignedXml",{enumerable:!0,get:function(){return o.SignedXml}}),n(Cs,t),n(As,t)})(I8);async function jE(t){const e=new DecompressionStream("deflate-raw"),n=new Blob([t]).stream().pipeThrough(e);return new Uint8Array(await new Response(n).arrayBuffer())}async function LE(t){const e=await r2.decode(t.replace(/ /g,"+"));try{const n=await jE(e);return new TextDecoder().decode(n)}catch(n){return console.warn("Decompression failed, assuming data is not compressed:",n),new TextDecoder().decode(e)}}async function FE(t){const e=await LE(t),r=new hp.XMLParser({attributeNamePrefix:"@_",alwaysCreateTextNode:!0,ignoreAttributes:!1}).parse(e);return k8.parse(r)}function UE(t){const e=[{":@":{"@_entityID":t.entityId,"@_xmlns":"urn:oasis:names:tc:SAML:2.0:metadata"},EntityDescriptor:[{":@":{"@_protocolSupportEnumeration":"urn:oasis:names:tc:SAML:2.0:protocol"},IDPSSODescriptor:[{":@":{"@_use":"signing"},KeyDescriptor:[{":@":{"@_xmlns":"http://www.w3.org/2000/09/xmldsig#"},KeyInfo:[{X509Data:[{X509Certificate:[{"#text":t.cert}]}]}]}]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"}]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"E-Mail Address","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Given Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Surname","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name ID","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]}]}]}];return new hp.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0,format:!0}).build(e)}const ME=new s.OpenAPIHono().openapi(s.createRoute({tags:["saml"],method:"get",path:"/metadata/{client_id}",request:{params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{var l,u;const{client_id:e}=t.req.valid("param"),n=await t.env.data.clients.get(e);if(!n)throw new R(404,{message:"Client not found"});const[r]=await t.env.data.keys.list();if(!r)throw new R(500,{message:"No signing key found"});const i=new pl(r.cert),o=t.env.ISSUER,c=UE({entityId:((u=(l=n.addons)==null?void 0:l.samlp)==null?void 0:u.audience)||n.id,cert:i.toString("base64"),assertionConsumerServiceUrl:`${o}samlp/${e}`,singleLogoutServiceUrl:`${o}samlp/${e}/logout`});return new Response(c,{headers:{"Content-Type":"text/xml"}})}).openapi(s.createRoute({tags:["saml"],method:"get",path:"/{client_id}",request:{query:s.z.object({SAMLRequest:s.z.string(),RelayState:s.z.string().optional(),SigAlg:s.z.string().optional(),Signature:s.z.string().optional()}),params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{const{client_id:e}=t.req.valid("param"),{SAMLRequest:n,RelayState:r}=t.req.valid("query"),i=await t.env.data.clients.get(e);if(!i)throw new R(404,{message:"Client not found"});t.set("client_id",i.id),t.set("tenant_id",i.tenant.id);const o=await FE(n),c=o["samlp:AuthnRequest"]["saml:Issuer"]["#text"],l=await t.env.data.loginSessions.create(t.var.tenant_id,{csrf_token:qe(),authParams:{client_id:e,state:JSON.stringify({requestId:o["samlp:AuthnRequest"]["@_ID"],relayState:r}),response_mode:vn.SAML_POST,redirect_uri:o["samlp:AuthnRequest"]["@_AssertionConsumerServiceURL"],audience:c},expires_at:new Date(Date.now()+ki*1e3).toISOString(),ip:t.get("ip"),useragent:t.get("useragent"),auth0Client:yr(t.get("auth0_client"))});return t.redirect(`/u/login/identifier?state=${l.id}`)});function qE(t){const e=new s.OpenAPIHono;e.use(async(r,i)=>{const o=Qo(r,t.dataAdapter),c=_l(o,{defaultTtl:3e5,cacheEntities:["tenants","connections","clients"]});return r.env.data=hl(r,c),i()}),e.use(ml).use(gl).use(af(e));const n=e.route("/",ME);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"SAML API"},security:[{oauth2:["openid","email","profile"]}]}),sf(n),n}const VE="Account detected",HE="Account",KE="We have detected that you have already created an account through",GE="By signing in, you agree to our",WE="and",XE="email address",JE="email or phone number",YE="phone number",ZE="Callback URL mismatch",QE="The provided redirect_uri is not in the list of allowed callback URLs.",eS="continue with user",tS="Please click the button to create a new password account.",nS="Enter the code at {{vendorName}} to complete the login",rS="Welcome to {{vendorName}}! {{code}} is the login code",iS="Welcome to {{vendorName}}! {{code}} is the login code",oS="Code expired",sS="Invalid code",aS="Please check <0>{{username}}</0> and enter the six-digit code that we've sent you.",cS="The code is already used",lS="The code is valid for 30 minutes",uS="Confirm password",dS="Need Help?",pS="Contact us",fS="or continue with social account",hS="Continue with {{provider}}",gS="Would you like to continue with your existing account?",mS="Copyright © 2023 SESAMY. All rights reserved.",_S="©2023 Sesamy",yS="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",wS="Please enter a valid email address.",vS="The passwords didn't match. Try again.",bS="Choose password",xS="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",$S="Create new account",AS="Sign up with password",ES="You are currently logged in as <0>{{email}}</0>",SS="Email",kS="Email changed to <0>{{email}}</0> ",NS="Email or Phone Number",CS="Email address",IS="Your email address has been validated",TS="Now enter your password to login again",OS="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",DS="Email verification sent",zS="Enter a code",RS="We'll send you a verification link to ensure you own this email address.",PS="Enter new email",BS="Enter new password",jS="Enter password",LS="Enter your email address and password to login.",FS="Enter your password",US="The magic link has expired. Please click on the button below to receive a new link in your inbox.",MS="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",qS="Send password reset email",VS="Click the button below and we’ll send instructions on how to reset your password.",HS="Password reset email sent",KS="Forgot password?",GS="Forgot password?",WS="Go back",XS="Hide password",JS="Invalid identifier",YS="Invalid password",ZS=`The link is no longer valid.
285
285
 
286
286
  Please make sure to open the login link in the same browser you started the login with.
287
287
 
package/dist/authhero.mjs CHANGED
@@ -35878,22 +35878,28 @@ const OE = new Ee().openapi(
35878
35878
  }
35879
35879
  }),
35880
35880
  async (t) => {
35881
- const { client_id: e } = t.req.valid("param"), { SAMLRequest: n, RelayState: r } = t.req.valid("query"), i = await IE(n), o = i["samlp:AuthnRequest"]["saml:Issuer"]["#text"], c = await t.env.data.loginSessions.create(
35881
+ const { client_id: e } = t.req.valid("param"), { SAMLRequest: n, RelayState: r } = t.req.valid("query"), i = await t.env.data.clients.get(e);
35882
+ if (!i)
35883
+ throw new P(404, {
35884
+ message: "Client not found"
35885
+ });
35886
+ t.set("client_id", i.id), t.set("tenant_id", i.tenant.id);
35887
+ const o = await IE(n), c = o["samlp:AuthnRequest"]["saml:Issuer"]["#text"], l = await t.env.data.loginSessions.create(
35882
35888
  t.var.tenant_id,
35883
35889
  {
35884
35890
  csrf_token: ze(),
35885
35891
  authParams: {
35886
35892
  client_id: e,
35887
35893
  state: JSON.stringify({
35888
- requestId: i["samlp:AuthnRequest"]["@_ID"],
35894
+ requestId: o["samlp:AuthnRequest"]["@_ID"],
35889
35895
  relayState: r
35890
35896
  }),
35891
35897
  response_mode: Pn.SAML_POST,
35892
35898
  redirect_uri: (
35893
35899
  // TODO: validate this URL against the saml settings
35894
- i["samlp:AuthnRequest"]["@_AssertionConsumerServiceURL"]
35900
+ o["samlp:AuthnRequest"]["@_AssertionConsumerServiceURL"]
35895
35901
  ),
35896
- audience: o
35902
+ audience: c
35897
35903
  },
35898
35904
  expires_at: new Date(
35899
35905
  Date.now() + Ai * 1e3
@@ -35903,7 +35909,7 @@ const OE = new Ee().openapi(
35903
35909
  auth0Client: mr(t.get("auth0_client"))
35904
35910
  }
35905
35911
  );
35906
- return t.redirect(`/u/login/identifier?state=${c.id}`);
35912
+ return t.redirect(`/u/login/identifier?state=${l.id}`);
35907
35913
  }
35908
35914
  );
35909
35915
  function DE(t) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authhero",
3
- "version": "0.179.0",
3
+ "version": "0.180.0",
4
4
  "files": [
5
5
  "dist"
6
6
  ],