authhero 0.189.0 → 0.190.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/authhero.cjs +1 -1
  2. package/dist/authhero.mjs +32 -29
  3. package/package.json +1 -1
package/dist/authhero.cjs CHANGED
@@ -281,7 +281,7 @@ ${W.replace(/ /g,"")}
281
281
  `,nexist:"∄",nexists:"∄",Nfr:"𝔑",nfr:"𝔫",ngE:"≧̸",nge:"≱",ngeq:"≱",ngeqq:"≧̸",ngeqslant:"⩾̸",nges:"⩾̸",nGg:"⋙̸",ngsim:"≵",nGt:"≫⃒",ngt:"≯",ngtr:"≯",nGtv:"≫̸",nhArr:"⇎",nharr:"↮",nhpar:"⫲",ni:"∋",nis:"⋼",nisd:"⋺",niv:"∋",NJcy:"Њ",njcy:"њ",nlArr:"⇍",nlarr:"↚",nldr:"‥",nlE:"≦̸",nle:"≰",nLeftarrow:"⇍",nleftarrow:"↚",nLeftrightarrow:"⇎",nleftrightarrow:"↮",nleq:"≰",nleqq:"≦̸",nleqslant:"⩽̸",nles:"⩽̸",nless:"≮",nLl:"⋘̸",nlsim:"≴",nLt:"≪⃒",nlt:"≮",nltri:"⋪",nltrie:"⋬",nLtv:"≪̸",nmid:"∤",NoBreak:"⁠",NonBreakingSpace:" ",Nopf:"ℕ",nopf:"𝕟",Not:"⫬",not:"¬",NotCongruent:"≢",NotCupCap:"≭",NotDoubleVerticalBar:"∦",NotElement:"∉",NotEqual:"≠",NotEqualTilde:"≂̸",NotExists:"∄",NotGreater:"≯",NotGreaterEqual:"≱",NotGreaterFullEqual:"≧̸",NotGreaterGreater:"≫̸",NotGreaterLess:"≹",NotGreaterSlantEqual:"⩾̸",NotGreaterTilde:"≵",NotHumpDownHump:"≎̸",NotHumpEqual:"≏̸",notin:"∉",notindot:"⋵̸",notinE:"⋹̸",notinva:"∉",notinvb:"⋷",notinvc:"⋶",NotLeftTriangle:"⋪",NotLeftTriangleBar:"⧏̸",NotLeftTriangleEqual:"⋬",NotLess:"≮",NotLessEqual:"≰",NotLessGreater:"≸",NotLessLess:"≪̸",NotLessSlantEqual:"⩽̸",NotLessTilde:"≴",NotNestedGreaterGreater:"⪢̸",NotNestedLessLess:"⪡̸",notni:"∌",notniva:"∌",notnivb:"⋾",notnivc:"⋽",NotPrecedes:"⊀",NotPrecedesEqual:"⪯̸",NotPrecedesSlantEqual:"⋠",NotReverseElement:"∌",NotRightTriangle:"⋫",NotRightTriangleBar:"⧐̸",NotRightTriangleEqual:"⋭",NotSquareSubset:"⊏̸",NotSquareSubsetEqual:"⋢",NotSquareSuperset:"⊐̸",NotSquareSupersetEqual:"⋣",NotSubset:"⊂⃒",NotSubsetEqual:"⊈",NotSucceeds:"⊁",NotSucceedsEqual:"⪰̸",NotSucceedsSlantEqual:"⋡",NotSucceedsTilde:"≿̸",NotSuperset:"⊃⃒",NotSupersetEqual:"⊉",NotTilde:"≁",NotTildeEqual:"≄",NotTildeFullEqual:"≇",NotTildeTilde:"≉",NotVerticalBar:"∤",npar:"∦",nparallel:"∦",nparsl:"⫽⃥",npart:"∂̸",npolint:"⨔",npr:"⊀",nprcue:"⋠",npre:"⪯̸",nprec:"⊀",npreceq:"⪯̸",nrArr:"⇏",nrarr:"↛",nrarrc:"⤳̸",nrarrw:"↝̸",nRightarrow:"⇏",nrightarrow:"↛",nrtri:"⋫",nrtrie:"⋭",nsc:"⊁",nsccue:"⋡",nsce:"⪰̸",Nscr:"𝒩",nscr:"𝓃",nshortmid:"∤",nshortparallel:"∦",nsim:"≁",nsime:"≄",nsimeq:"≄",nsmid:"∤",nspar:"∦",nsqsube:"⋢",nsqsupe:"⋣",nsub:"⊄",nsubE:"⫅̸",nsube:"⊈",nsubset:"⊂⃒",nsubseteq:"⊈",nsubseteqq:"⫅̸",nsucc:"⊁",nsucceq:"⪰̸",nsup:"⊅",nsupE:"⫆̸",nsupe:"⊉",nsupset:"⊃⃒",nsupseteq:"⊉",nsupseteqq:"⫆̸",ntgl:"≹",Ntilde:"Ñ",ntilde:"ñ",ntlg:"≸",ntriangleleft:"⋪",ntrianglelefteq:"⋬",ntriangleright:"⋫",ntrianglerighteq:"⋭",Nu:"Ν",nu:"ν",num:"#",numero:"№",numsp:" ",nvap:"≍⃒",nVDash:"⊯",nVdash:"⊮",nvDash:"⊭",nvdash:"⊬",nvge:"≥⃒",nvgt:">⃒",nvHarr:"⤄",nvinfin:"⧞",nvlArr:"⤂",nvle:"≤⃒",nvlt:"<⃒",nvltrie:"⊴⃒",nvrArr:"⤃",nvrtrie:"⊵⃒",nvsim:"∼⃒",nwarhk:"⤣",nwArr:"⇖",nwarr:"↖",nwarrow:"↖",nwnear:"⤧",Oacute:"Ó",oacute:"ó",oast:"⊛",ocir:"⊚",Ocirc:"Ô",ocirc:"ô",Ocy:"О",ocy:"о",odash:"⊝",Odblac:"Ő",odblac:"ő",odiv:"⨸",odot:"⊙",odsold:"⦼",OElig:"Œ",oelig:"œ",ofcir:"⦿",Ofr:"𝔒",ofr:"𝔬",ogon:"˛",Ograve:"Ò",ograve:"ò",ogt:"⧁",ohbar:"⦵",ohm:"Ω",oint:"∮",olarr:"↺",olcir:"⦾",olcross:"⦻",oline:"‾",olt:"⧀",Omacr:"Ō",omacr:"ō",Omega:"Ω",omega:"ω",Omicron:"Ο",omicron:"ο",omid:"⦶",ominus:"⊖",Oopf:"𝕆",oopf:"𝕠",opar:"⦷",OpenCurlyDoubleQuote:"“",OpenCurlyQuote:"‘",operp:"⦹",oplus:"⊕",Or:"⩔",or:"∨",orarr:"↻",ord:"⩝",order:"ℴ",orderof:"ℴ",ordf:"ª",ordm:"º",origof:"⊶",oror:"⩖",orslope:"⩗",orv:"⩛",oS:"Ⓢ",Oscr:"𝒪",oscr:"ℴ",Oslash:"Ø",oslash:"ø",osol:"⊘",Otilde:"Õ",otilde:"õ",Otimes:"⨷",otimes:"⊗",otimesas:"⨶",Ouml:"Ö",ouml:"ö",ovbar:"⌽",OverBar:"‾",OverBrace:"⏞",OverBracket:"⎴",OverParenthesis:"⏜",par:"∥",para:"¶",parallel:"∥",parsim:"⫳",parsl:"⫽",part:"∂",PartialD:"∂",Pcy:"П",pcy:"п",percnt:"%",period:".",permil:"‰",perp:"⊥",pertenk:"‱",Pfr:"𝔓",pfr:"𝔭",Phi:"Φ",phi:"φ",phiv:"ϕ",phmmat:"ℳ",phone:"☎",Pi:"Π",pi:"π",pitchfork:"⋔",piv:"ϖ",planck:"ℏ",planckh:"ℎ",plankv:"ℏ",plus:"+",plusacir:"⨣",plusb:"⊞",pluscir:"⨢",plusdo:"∔",plusdu:"⨥",pluse:"⩲",PlusMinus:"±",plusmn:"±",plussim:"⨦",plustwo:"⨧",pm:"±",Poincareplane:"ℌ",pointint:"⨕",Popf:"ℙ",popf:"𝕡",pound:"£",Pr:"⪻",pr:"≺",prap:"⪷",prcue:"≼",prE:"⪳",pre:"⪯",prec:"≺",precapprox:"⪷",preccurlyeq:"≼",Precedes:"≺",PrecedesEqual:"⪯",PrecedesSlantEqual:"≼",PrecedesTilde:"≾",preceq:"⪯",precnapprox:"⪹",precneqq:"⪵",precnsim:"⋨",precsim:"≾",Prime:"″",prime:"′",primes:"ℙ",prnap:"⪹",prnE:"⪵",prnsim:"⋨",prod:"∏",Product:"∏",profalar:"⌮",profline:"⌒",profsurf:"⌓",prop:"∝",Proportion:"∷",Proportional:"∝",propto:"∝",prsim:"≾",prurel:"⊰",Pscr:"𝒫",pscr:"𝓅",Psi:"Ψ",psi:"ψ",puncsp:" ",Qfr:"𝔔",qfr:"𝔮",qint:"⨌",Qopf:"ℚ",qopf:"𝕢",qprime:"⁗",Qscr:"𝒬",qscr:"𝓆",quaternions:"ℍ",quatint:"⨖",quest:"?",questeq:"≟",QUOT:'"',quot:'"',rAarr:"⇛",race:"∽̱",Racute:"Ŕ",racute:"ŕ",radic:"√",raemptyv:"⦳",Rang:"⟫",rang:"⟩",rangd:"⦒",range:"⦥",rangle:"⟩",raquo:"»",Rarr:"↠",rArr:"⇒",rarr:"→",rarrap:"⥵",rarrb:"⇥",rarrbfs:"⤠",rarrc:"⤳",rarrfs:"⤞",rarrhk:"↪",rarrlp:"↬",rarrpl:"⥅",rarrsim:"⥴",Rarrtl:"⤖",rarrtl:"↣",rarrw:"↝",rAtail:"⤜",ratail:"⤚",ratio:"∶",rationals:"ℚ",RBarr:"⤐",rBarr:"⤏",rbarr:"⤍",rbbrk:"❳",rbrace:"}",rbrack:"]",rbrke:"⦌",rbrksld:"⦎",rbrkslu:"⦐",Rcaron:"Ř",rcaron:"ř",Rcedil:"Ŗ",rcedil:"ŗ",rceil:"⌉",rcub:"}",Rcy:"Р",rcy:"р",rdca:"⤷",rdldhar:"⥩",rdquo:"”",rdquor:"”",rdsh:"↳",Re:"ℜ",real:"ℜ",realine:"ℛ",realpart:"ℜ",reals:"ℝ",rect:"▭",REG:"®",reg:"®",ReverseElement:"∋",ReverseEquilibrium:"⇋",ReverseUpEquilibrium:"⥯",rfisht:"⥽",rfloor:"⌋",Rfr:"ℜ",rfr:"𝔯",rHar:"⥤",rhard:"⇁",rharu:"⇀",rharul:"⥬",Rho:"Ρ",rho:"ρ",rhov:"ϱ",RightAngleBracket:"⟩",RightArrow:"→",Rightarrow:"⇒",rightarrow:"→",RightArrowBar:"⇥",RightArrowLeftArrow:"⇄",rightarrowtail:"↣",RightCeiling:"⌉",RightDoubleBracket:"⟧",RightDownTeeVector:"⥝",RightDownVector:"⇂",RightDownVectorBar:"⥕",RightFloor:"⌋",rightharpoondown:"⇁",rightharpoonup:"⇀",rightleftarrows:"⇄",rightleftharpoons:"⇌",rightrightarrows:"⇉",rightsquigarrow:"↝",RightTee:"⊢",RightTeeArrow:"↦",RightTeeVector:"⥛",rightthreetimes:"⋌",RightTriangle:"⊳",RightTriangleBar:"⧐",RightTriangleEqual:"⊵",RightUpDownVector:"⥏",RightUpTeeVector:"⥜",RightUpVector:"↾",RightUpVectorBar:"⥔",RightVector:"⇀",RightVectorBar:"⥓",ring:"˚",risingdotseq:"≓",rlarr:"⇄",rlhar:"⇌",rlm:"‏",rmoust:"⎱",rmoustache:"⎱",rnmid:"⫮",roang:"⟭",roarr:"⇾",robrk:"⟧",ropar:"⦆",Ropf:"ℝ",ropf:"𝕣",roplus:"⨮",rotimes:"⨵",RoundImplies:"⥰",rpar:")",rpargt:"⦔",rppolint:"⨒",rrarr:"⇉",Rrightarrow:"⇛",rsaquo:"›",Rscr:"ℛ",rscr:"𝓇",Rsh:"↱",rsh:"↱",rsqb:"]",rsquo:"’",rsquor:"’",rthree:"⋌",rtimes:"⋊",rtri:"▹",rtrie:"⊵",rtrif:"▸",rtriltri:"⧎",RuleDelayed:"⧴",ruluhar:"⥨",rx:"℞",Sacute:"Ś",sacute:"ś",sbquo:"‚",Sc:"⪼",sc:"≻",scap:"⪸",Scaron:"Š",scaron:"š",sccue:"≽",scE:"⪴",sce:"⪰",Scedil:"Ş",scedil:"ş",Scirc:"Ŝ",scirc:"ŝ",scnap:"⪺",scnE:"⪶",scnsim:"⋩",scpolint:"⨓",scsim:"≿",Scy:"С",scy:"с",sdot:"⋅",sdotb:"⊡",sdote:"⩦",searhk:"⤥",seArr:"⇘",searr:"↘",searrow:"↘",sect:"§",semi:";",seswar:"⤩",setminus:"∖",setmn:"∖",sext:"✶",Sfr:"𝔖",sfr:"𝔰",sfrown:"⌢",sharp:"♯",SHCHcy:"Щ",shchcy:"щ",SHcy:"Ш",shcy:"ш",ShortDownArrow:"↓",ShortLeftArrow:"←",shortmid:"∣",shortparallel:"∥",ShortRightArrow:"→",ShortUpArrow:"↑",shy:"­",Sigma:"Σ",sigma:"σ",sigmaf:"ς",sigmav:"ς",sim:"∼",simdot:"⩪",sime:"≃",simeq:"≃",simg:"⪞",simgE:"⪠",siml:"⪝",simlE:"⪟",simne:"≆",simplus:"⨤",simrarr:"⥲",slarr:"←",SmallCircle:"∘",smallsetminus:"∖",smashp:"⨳",smeparsl:"⧤",smid:"∣",smile:"⌣",smt:"⪪",smte:"⪬",smtes:"⪬︀",SOFTcy:"Ь",softcy:"ь",sol:"/",solb:"⧄",solbar:"⌿",Sopf:"𝕊",sopf:"𝕤",spades:"♠",spadesuit:"♠",spar:"∥",sqcap:"⊓",sqcaps:"⊓︀",sqcup:"⊔",sqcups:"⊔︀",Sqrt:"√",sqsub:"⊏",sqsube:"⊑",sqsubset:"⊏",sqsubseteq:"⊑",sqsup:"⊐",sqsupe:"⊒",sqsupset:"⊐",sqsupseteq:"⊒",squ:"□",Square:"□",square:"□",SquareIntersection:"⊓",SquareSubset:"⊏",SquareSubsetEqual:"⊑",SquareSuperset:"⊐",SquareSupersetEqual:"⊒",SquareUnion:"⊔",squarf:"▪",squf:"▪",srarr:"→",Sscr:"𝒮",sscr:"𝓈",ssetmn:"∖",ssmile:"⌣",sstarf:"⋆",Star:"⋆",star:"☆",starf:"★",straightepsilon:"ϵ",straightphi:"ϕ",strns:"¯",Sub:"⋐",sub:"⊂",subdot:"⪽",subE:"⫅",sube:"⊆",subedot:"⫃",submult:"⫁",subnE:"⫋",subne:"⊊",subplus:"⪿",subrarr:"⥹",Subset:"⋐",subset:"⊂",subseteq:"⊆",subseteqq:"⫅",SubsetEqual:"⊆",subsetneq:"⊊",subsetneqq:"⫋",subsim:"⫇",subsub:"⫕",subsup:"⫓",succ:"≻",succapprox:"⪸",succcurlyeq:"≽",Succeeds:"≻",SucceedsEqual:"⪰",SucceedsSlantEqual:"≽",SucceedsTilde:"≿",succeq:"⪰",succnapprox:"⪺",succneqq:"⪶",succnsim:"⋩",succsim:"≿",SuchThat:"∋",Sum:"∑",sum:"∑",sung:"♪",Sup:"⋑",sup:"⊃",sup1:"¹",sup2:"²",sup3:"³",supdot:"⪾",supdsub:"⫘",supE:"⫆",supe:"⊇",supedot:"⫄",Superset:"⊃",SupersetEqual:"⊇",suphsol:"⟉",suphsub:"⫗",suplarr:"⥻",supmult:"⫂",supnE:"⫌",supne:"⊋",supplus:"⫀",Supset:"⋑",supset:"⊃",supseteq:"⊇",supseteqq:"⫆",supsetneq:"⊋",supsetneqq:"⫌",supsim:"⫈",supsub:"⫔",supsup:"⫖",swarhk:"⤦",swArr:"⇙",swarr:"↙",swarrow:"↙",swnwar:"⤪",szlig:"ß",Tab:" ",target:"⌖",Tau:"Τ",tau:"τ",tbrk:"⎴",Tcaron:"Ť",tcaron:"ť",Tcedil:"Ţ",tcedil:"ţ",Tcy:"Т",tcy:"т",tdot:"⃛",telrec:"⌕",Tfr:"𝔗",tfr:"𝔱",there4:"∴",Therefore:"∴",therefore:"∴",Theta:"Θ",theta:"θ",thetasym:"ϑ",thetav:"ϑ",thickapprox:"≈",thicksim:"∼",ThickSpace:"  ",thinsp:" ",ThinSpace:" ",thkap:"≈",thksim:"∼",THORN:"Þ",thorn:"þ",Tilde:"∼",tilde:"˜",TildeEqual:"≃",TildeFullEqual:"≅",TildeTilde:"≈",times:"×",timesb:"⊠",timesbar:"⨱",timesd:"⨰",tint:"∭",toea:"⤨",top:"⊤",topbot:"⌶",topcir:"⫱",Topf:"𝕋",topf:"𝕥",topfork:"⫚",tosa:"⤩",tprime:"‴",TRADE:"™",trade:"™",triangle:"▵",triangledown:"▿",triangleleft:"◃",trianglelefteq:"⊴",triangleq:"≜",triangleright:"▹",trianglerighteq:"⊵",tridot:"◬",trie:"≜",triminus:"⨺",TripleDot:"⃛",triplus:"⨹",trisb:"⧍",tritime:"⨻",trpezium:"⏢",Tscr:"𝒯",tscr:"𝓉",TScy:"Ц",tscy:"ц",TSHcy:"Ћ",tshcy:"ћ",Tstrok:"Ŧ",tstrok:"ŧ",twixt:"≬",twoheadleftarrow:"↞",twoheadrightarrow:"↠",Uacute:"Ú",uacute:"ú",Uarr:"↟",uArr:"⇑",uarr:"↑",Uarrocir:"⥉",Ubrcy:"Ў",ubrcy:"ў",Ubreve:"Ŭ",ubreve:"ŭ",Ucirc:"Û",ucirc:"û",Ucy:"У",ucy:"у",udarr:"⇅",Udblac:"Ű",udblac:"ű",udhar:"⥮",ufisht:"⥾",Ufr:"𝔘",ufr:"𝔲",Ugrave:"Ù",ugrave:"ù",uHar:"⥣",uharl:"↿",uharr:"↾",uhblk:"▀",ulcorn:"⌜",ulcorner:"⌜",ulcrop:"⌏",ultri:"◸",Umacr:"Ū",umacr:"ū",uml:"¨",UnderBar:"_",UnderBrace:"⏟",UnderBracket:"⎵",UnderParenthesis:"⏝",Union:"⋃",UnionPlus:"⊎",Uogon:"Ų",uogon:"ų",Uopf:"𝕌",uopf:"𝕦",UpArrow:"↑",Uparrow:"⇑",uparrow:"↑",UpArrowBar:"⤒",UpArrowDownArrow:"⇅",UpDownArrow:"↕",Updownarrow:"⇕",updownarrow:"↕",UpEquilibrium:"⥮",upharpoonleft:"↿",upharpoonright:"↾",uplus:"⊎",UpperLeftArrow:"↖",UpperRightArrow:"↗",Upsi:"ϒ",upsi:"υ",upsih:"ϒ",Upsilon:"Υ",upsilon:"υ",UpTee:"⊥",UpTeeArrow:"↥",upuparrows:"⇈",urcorn:"⌝",urcorner:"⌝",urcrop:"⌎",Uring:"Ů",uring:"ů",urtri:"◹",Uscr:"𝒰",uscr:"𝓊",utdot:"⋰",Utilde:"Ũ",utilde:"ũ",utri:"▵",utrif:"▴",uuarr:"⇈",Uuml:"Ü",uuml:"ü",uwangle:"⦧",vangrt:"⦜",varepsilon:"ϵ",varkappa:"ϰ",varnothing:"∅",varphi:"ϕ",varpi:"ϖ",varpropto:"∝",vArr:"⇕",varr:"↕",varrho:"ϱ",varsigma:"ς",varsubsetneq:"⊊︀",varsubsetneqq:"⫋︀",varsupsetneq:"⊋︀",varsupsetneqq:"⫌︀",vartheta:"ϑ",vartriangleleft:"⊲",vartriangleright:"⊳",Vbar:"⫫",vBar:"⫨",vBarv:"⫩",Vcy:"В",vcy:"в",VDash:"⊫",Vdash:"⊩",vDash:"⊨",vdash:"⊢",Vdashl:"⫦",Vee:"⋁",vee:"∨",veebar:"⊻",veeeq:"≚",vellip:"⋮",Verbar:"‖",verbar:"|",Vert:"‖",vert:"|",VerticalBar:"∣",VerticalLine:"|",VerticalSeparator:"❘",VerticalTilde:"≀",VeryThinSpace:" ",Vfr:"𝔙",vfr:"𝔳",vltri:"⊲",vnsub:"⊂⃒",vnsup:"⊃⃒",Vopf:"𝕍",vopf:"𝕧",vprop:"∝",vrtri:"⊳",Vscr:"𝒱",vscr:"𝓋",vsubnE:"⫋︀",vsubne:"⊊︀",vsupnE:"⫌︀",vsupne:"⊋︀",Vvdash:"⊪",vzigzag:"⦚",Wcirc:"Ŵ",wcirc:"ŵ",wedbar:"⩟",Wedge:"⋀",wedge:"∧",wedgeq:"≙",weierp:"℘",Wfr:"𝔚",wfr:"𝔴",Wopf:"𝕎",wopf:"𝕨",wp:"℘",wr:"≀",wreath:"≀",Wscr:"𝒲",wscr:"𝓌",xcap:"⋂",xcirc:"◯",xcup:"⋃",xdtri:"▽",Xfr:"𝔛",xfr:"𝔵",xhArr:"⟺",xharr:"⟷",Xi:"Ξ",xi:"ξ",xlArr:"⟸",xlarr:"⟵",xmap:"⟼",xnis:"⋻",xodot:"⨀",Xopf:"𝕏",xopf:"𝕩",xoplus:"⨁",xotime:"⨂",xrArr:"⟹",xrarr:"⟶",Xscr:"𝒳",xscr:"𝓍",xsqcup:"⨆",xuplus:"⨄",xutri:"△",xvee:"⋁",xwedge:"⋀",Yacute:"Ý",yacute:"ý",YAcy:"Я",yacy:"я",Ycirc:"Ŷ",ycirc:"ŷ",Ycy:"Ы",ycy:"ы",yen:"¥",Yfr:"𝔜",yfr:"𝔶",YIcy:"Ї",yicy:"ї",Yopf:"𝕐",yopf:"𝕪",Yscr:"𝒴",yscr:"𝓎",YUcy:"Ю",yucy:"ю",Yuml:"Ÿ",yuml:"ÿ",Zacute:"Ź",zacute:"ź",Zcaron:"Ž",zcaron:"ž",Zcy:"З",zcy:"з",Zdot:"Ż",zdot:"ż",zeetrf:"ℨ",ZeroWidthSpace:"​",Zeta:"Ζ",zeta:"ζ",Zfr:"ℨ",zfr:"𝔷",ZHcy:"Ж",zhcy:"ж",zigrarr:"⇝",Zopf:"ℤ",zopf:"𝕫",Zscr:"𝒵",zscr:"𝓏",zwj:"‍",zwnj:"‌"}),t.entityMap=t.HTML_ENTITIES})(Qy);var Uf={},Qo=nr.NAMESPACE,tp=/[A-Z_a-z\xC0-\xD6\xD8-\xF6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,im=new RegExp("[\\-\\.0-9"+tp.source.slice(1,-1)+"\\u00B7\\u0300-\\u036F\\u203F-\\u2040]"),om=new RegExp("^"+tp.source+im.source+"*(?::"+tp.source+im.source+"*)?$"),ho=0,sr=1,pi=2,go=3,fi=4,hi=5,mo=6,Ms=7;function Ki(t,e){this.message=t,this.locator=e,Error.captureStackTrace&&Error.captureStackTrace(this,Ki)}Ki.prototype=new Error;Ki.prototype.name=Ki.name;function ew(){}ew.prototype={parse:function(t,e,n){var r=this.domBuilder;r.startDocument(),tw(e,e={}),EE(t,e,n,r,this.errorHandler),r.endDocument()}};function EE(t,e,n,r,i){function o(j){if(j>65535){j-=65536;var V=55296+(j>>10),de=56320+(j&1023);return String.fromCharCode(V,de)}else return String.fromCharCode(j)}function a(j){var V=j.slice(1,-1);return Object.hasOwnProperty.call(n,V)?n[V]:V.charAt(0)==="#"?o(parseInt(V.substr(1).replace("x","0x"))):(i.error("entity not found:"+j),j)}function l(j){if(j>$){var V=t.substring($,j).replace(/&#?\w+;/g,a);g&&u($),r.characters(V,0,j-$),$=j}}function u(j,V){for(;j>=p&&(V=h.exec(t));)d=V.index,p=d+V[0].length,g.lineNumber++;g.columnNumber=j-d+1}for(var d=0,p=0,h=/.*(?:\r\n?|\n)|.*$/g,g=r.locator,A=[{currentNSMap:e}],m={},$=0;;){try{var k=t.indexOf("<",$);if(k<0){if(!t.substr($).match(/^\s*$/)){var S=r.doc,b=S.createTextNode(t.substr($));S.appendChild(b),r.currentElement=b}return}switch(k>$&&l(k),t.charAt(k+1)){case"/":var B=t.indexOf(">",k+3),T=t.substring(k+2,B).replace(/[ \t\n\r]+$/g,""),M=A.pop();B<0?(T=t.substring(k+2).replace(/[\s<].*/,""),i.error("end tag name: "+T+" is not complete:"+M.tagName),B=k+1+T.length):T.match(/\s</)&&(T=T.replace(/[\s<].*/,""),i.error("end tag name: "+T+" maybe not complete"),B=k+1+T.length);var U=M.localNSMap,H=M.tagName==T,W=H||M.tagName&&M.tagName.toLowerCase()==T.toLowerCase();if(W){if(r.endElement(M.uri,M.localName,T),U)for(var J in U)Object.prototype.hasOwnProperty.call(U,J)&&r.endPrefixMapping(J);H||i.fatalError("end tag name: "+T+" is not match the current start tagName:"+M.tagName)}else A.push(M);B++;break;case"?":g&&u(k),B=IE(t,k,r);break;case"!":g&&u(k),B=CE(t,k,r,i);break;default:g&&u(k);var ue=new nw,Ne=A[A.length-1].currentNSMap,B=SE(t,k,ue,Ne,a,i),L=ue.length;if(!ue.closed&&NE(t,B,ue.tagName,m)&&(ue.closed=!0,n.nbsp||i.warning("unclosed xml attribute")),g&&L){for(var P=sm(g,{}),I=0;I<L;I++){var C=ue[I];u(C.offset),C.locator=sm(g,{})}r.locator=P,am(ue,r,Ne)&&A.push(ue),r.locator=g}else am(ue,r,Ne)&&A.push(ue);Qo.isHTML(ue.uri)&&!ue.closed?B=kE(t,B,ue.tagName,a,r):B++}}catch(j){if(j instanceof Ki)throw j;i.error("element parse error: "+j),B=-1}B>$?$=B:l(Math.max(k,$)+1)}}function sm(t,e){return e.lineNumber=t.lineNumber,e.columnNumber=t.columnNumber,e}function SE(t,e,n,r,i,o){function a(g,A,m){n.attributeNames.hasOwnProperty(g)&&o.fatalError("Attribute "+g+" redefined"),n.addValue(g,A.replace(/[\t\n\r]/g," ").replace(/&#?\w+;/g,i),m)}for(var l,u,d=++e,p=ho;;){var h=t.charAt(d);switch(h){case"=":if(p===sr)l=t.slice(e,d),p=go;else if(p===pi)p=go;else throw new Error("attribute equal must after attrName");break;case"'":case'"':if(p===go||p===sr)if(p===sr&&(o.warning('attribute value must after "="'),l=t.slice(e,d)),e=d+1,d=t.indexOf(h,e),d>0)u=t.slice(e,d),a(l,u,e-1),p=hi;else throw new Error("attribute value no end '"+h+"' match");else if(p==fi)u=t.slice(e,d),a(l,u,e),o.warning('attribute "'+l+'" missed start quot('+h+")!!"),e=d+1,p=hi;else throw new Error('attribute value must after "="');break;case"/":switch(p){case ho:n.setTagName(t.slice(e,d));case hi:case mo:case Ms:p=Ms,n.closed=!0;case fi:case sr:break;case pi:n.closed=!0;break;default:throw new Error("attribute invalid close char('/')")}break;case"":return o.error("unexpected end of input"),p==ho&&n.setTagName(t.slice(e,d)),d;case">":switch(p){case ho:n.setTagName(t.slice(e,d));case hi:case mo:case Ms:break;case fi:case sr:u=t.slice(e,d),u.slice(-1)==="/"&&(n.closed=!0,u=u.slice(0,-1));case pi:p===pi&&(u=l),p==fi?(o.warning('attribute "'+u+'" missed quot(")!'),a(l,u,e)):((!Qo.isHTML(r[""])||!u.match(/^(?:disabled|checked|selected)$/i))&&o.warning('attribute "'+u+'" missed value!! "'+u+'" instead!!'),a(u,u,e));break;case go:throw new Error("attribute value missed!!")}return d;case"€":h=" ";default:if(h<=" ")switch(p){case ho:n.setTagName(t.slice(e,d)),p=mo;break;case sr:l=t.slice(e,d),p=pi;break;case fi:var u=t.slice(e,d);o.warning('attribute "'+u+'" missed quot(")!!'),a(l,u,e);case hi:p=mo;break}else switch(p){case pi:n.tagName,(!Qo.isHTML(r[""])||!l.match(/^(?:disabled|checked|selected)$/i))&&o.warning('attribute "'+l+'" missed value!! "'+l+'" instead2!!'),a(l,l,e),e=d,p=sr;break;case hi:o.warning('attribute space is required"'+l+'"!!');case mo:p=sr,e=d;break;case go:p=fi,e=d;break;case Ms:throw new Error("elements closed character '/' and '>' must be connected to")}}d++}}function am(t,e,n){for(var r=t.tagName,i=null,h=t.length;h--;){var o=t[h],a=o.qName,l=o.value,g=a.indexOf(":");if(g>0)var u=o.prefix=a.slice(0,g),d=a.slice(g+1),p=u==="xmlns"&&d;else d=a,u=null,p=a==="xmlns"&&"";o.localName=d,p!==!1&&(i==null&&(i={},tw(n,n={})),n[p]=i[p]=l,o.uri=Qo.XMLNS,e.startPrefixMapping(p,l))}for(var h=t.length;h--;){o=t[h];var u=o.prefix;u&&(u==="xml"&&(o.uri=Qo.XML),u!=="xmlns"&&(o.uri=n[u||""]))}var g=r.indexOf(":");g>0?(u=t.prefix=r.slice(0,g),d=t.localName=r.slice(g+1)):(u=null,d=t.localName=r);var A=t.uri=n[u||""];if(e.startElement(A,d,r,t),t.closed){if(e.endElement(A,d,r),i)for(u in i)Object.prototype.hasOwnProperty.call(i,u)&&e.endPrefixMapping(u)}else return t.currentNSMap=n,t.localNSMap=i,!0}function kE(t,e,n,r,i){if(/^(?:script|textarea)$/i.test(n)){var o=t.indexOf("</"+n+">",e),a=t.substring(e+1,o);if(/[&<]/.test(a))return/^script$/i.test(n)?(i.characters(a,0,a.length),o):(a=a.replace(/&#?\w+;/g,r),i.characters(a,0,a.length),o)}return e+1}function NE(t,e,n,r){var i=r[n];return i==null&&(i=t.lastIndexOf("</"+n+">"),i<e&&(i=t.lastIndexOf("</"+n)),r[n]=i),i<e}function tw(t,e){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])}function CE(t,e,n,r){var i=t.charAt(e+2);switch(i){case"-":if(t.charAt(e+3)==="-"){var o=t.indexOf("-->",e+4);return o>e?(n.comment(t,e+4,o-e-4),o+3):(r.error("Unclosed comment"),-1)}else return-1;default:if(t.substr(e+3,6)=="CDATA["){var o=t.indexOf("]]>",e+9);return n.startCDATA(),n.characters(t,e+9,o-e-9),n.endCDATA(),o+3}var a=TE(t,e),l=a.length;if(l>1&&/!doctype/i.test(a[0][0])){var u=a[1][0],d=!1,p=!1;l>3&&(/^public$/i.test(a[2][0])?(d=a[3][0],p=l>4&&a[4][0]):/^system$/i.test(a[2][0])&&(p=a[3][0]));var h=a[l-1];return n.startDTD(u,d,p),n.endDTD(),h.index+h[0].length}}return-1}function IE(t,e,n){var r=t.indexOf("?>",e);if(r){var i=t.substring(e,r).match(/^<\?(\S*)\s*([\s\S]*?)\s*$/);return i?(i[0].length,n.processingInstruction(i[1],i[2]),r+2):-1}return-1}function nw(){this.attributeNames={}}nw.prototype={setTagName:function(t){if(!om.test(t))throw new Error("invalid tagName:"+t);this.tagName=t},addValue:function(t,e,n){if(!om.test(t))throw new Error("invalid attribute:"+t);this.attributeNames[t]=this.length,this[this.length++]={qName:t,value:e,offset:n}},length:0,getLocalName:function(t){return this[t].localName},getLocator:function(t){return this[t].locator},getQName:function(t){return this[t].qName},getURI:function(t){return this[t].uri},getValue:function(t){return this[t].value}};function TE(t,e){var n,r=[],i=/'[^']+'|"[^"]+"|[^\s<>\/=]+=?|(\/?\s*>|<)/g;for(i.lastIndex=e,i.exec(t);n=i.exec(t);)if(r.push(n),n[1])return r}Uf.XMLReader=ew;Uf.ParseError=Ki;var OE=nr,DE=tr,cm=Qy,rw=Uf,zE=DE.DOMImplementation,lm=OE.NAMESPACE,RE=rw.ParseError,PE=rw.XMLReader;function iw(t){return t.replace(/\r[\n\u0085]/g,`
282
282
  `).replace(/[\r\u0085\u2028]/g,`
283
283
  `)}function ow(t){this.options=t||{locator:{}}}ow.prototype.parseFromString=function(t,e){var n=this.options,r=new PE,i=n.domBuilder||new Is,o=n.errorHandler,a=n.locator,l=n.xmlns||{},u=/\/x?html?$/.test(e),d=u?cm.HTML_ENTITIES:cm.XML_ENTITIES;a&&i.setDocumentLocator(a),r.errorHandler=BE(o,i,a),r.domBuilder=n.domBuilder||i,u&&(l[""]=lm.HTML),l.xml=l.xml||lm.XML;var p=n.normalizeLineEndings||iw;return t&&typeof t=="string"?r.parse(p(t),l,d):r.errorHandler.error("invalid doc source"),i.doc};function BE(t,e,n){if(!t){if(e instanceof Is)return e;t=e}var r={},i=t instanceof Function;n=n||{};function o(a){var l=t[a];!l&&i&&(l=t.length==2?function(u){t(a,u)}:t),r[a]=l&&function(u){l("[xmldom "+a+"] "+u+np(n))}||function(){}}return o("warning"),o("error"),o("fatalError"),r}function Is(){this.cdata=!1}function gi(t,e){e.lineNumber=t.lineNumber,e.columnNumber=t.columnNumber}Is.prototype={startDocument:function(){this.doc=new zE().createDocument(null,null,null),this.locator&&(this.doc.documentURI=this.locator.systemId)},startElement:function(t,e,n,r){var i=this.doc,o=i.createElementNS(t,n||e),a=r.length;qs(this,o),this.currentElement=o,this.locator&&gi(this.locator,o);for(var l=0;l<a;l++){var t=r.getURI(l),u=r.getValue(l),n=r.getQName(l),d=i.createAttributeNS(t,n);this.locator&&gi(r.getLocator(l),d),d.value=d.nodeValue=u,o.setAttributeNode(d)}},endElement:function(t,e,n){var r=this.currentElement;r.tagName,this.currentElement=r.parentNode},startPrefixMapping:function(t,e){},endPrefixMapping:function(t){},processingInstruction:function(t,e){var n=this.doc.createProcessingInstruction(t,e);this.locator&&gi(this.locator,n),qs(this,n)},ignorableWhitespace:function(t,e,n){},characters:function(t,e,n){if(t=um.apply(this,arguments),t){if(this.cdata)var r=this.doc.createCDATASection(t);else var r=this.doc.createTextNode(t);this.currentElement?this.currentElement.appendChild(r):/^\s*$/.test(t)&&this.doc.appendChild(r),this.locator&&gi(this.locator,r)}},skippedEntity:function(t){},endDocument:function(){this.doc.normalize()},setDocumentLocator:function(t){(this.locator=t)&&(t.lineNumber=0)},comment:function(t,e,n){t=um.apply(this,arguments);var r=this.doc.createComment(t);this.locator&&gi(this.locator,r),qs(this,r)},startCDATA:function(){this.cdata=!0},endCDATA:function(){this.cdata=!1},startDTD:function(t,e,n){var r=this.doc.implementation;if(r&&r.createDocumentType){var i=r.createDocumentType(t,e,n);this.locator&&gi(this.locator,i),qs(this,i),this.doc.doctype=i}},warning:function(t){console.warn("[xmldom warning] "+t,np(this.locator))},error:function(t){console.error("[xmldom error] "+t,np(this.locator))},fatalError:function(t){throw new RE(t,this.locator)}};function np(t){if(t)return`
284
- @`+(t.systemId||"")+"#[line:"+t.lineNumber+",col:"+t.columnNumber+"]"}function um(t,e,n){return typeof t=="string"?t.substr(e,n):t.length>=e+n||e?new java.lang.String(t,e,n)+"":t}"endDTD,startEntity,endEntity,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,resolveEntity,getExternalSubset,notationDecl,unparsedEntityDecl".replace(/\w+/g,function(t){Is.prototype[t]=function(){return null}});function qs(t,e){t.currentElement?t.currentElement.appendChild(e):t.doc.appendChild(e)}Tl.__DOMHandler=Is;Tl.normalizeLineEndings=iw;Tl.DOMParser=ow;var sw=tr;Nl.DOMImplementation=sw.DOMImplementation;Nl.XMLSerializer=sw.XMLSerializer;Nl.DOMParser=Tl.DOMParser;var Ol={};Object.defineProperty(Ol,"__esModule",{value:!0});Ol.EnvelopedSignature=void 0;const Vs=El,lu=be;class jE{constructor(){this.includeComments=!1,this.includeComments=!1}process(e,n){if(n.signatureNode==null){const o=Vs.select1("./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return lu.isNodeLike(o)&&o.parentNode&&o.parentNode.removeChild(o),e}const r=n.signatureNode,i=Vs.select1(".//*[local-name(.)='SignatureValue']/text()",r);if(lu.isTextNode(i)){const o=i.data,a=Vs.select(".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);for(const l of Array.isArray(a)?a:[]){const u=Vs.select1(".//*[local-name(.)='SignatureValue']/text()",l);if(lu.isTextNode(u)){const d=u.data;o===d&&l.parentNode&&l.parentNode.removeChild(l)}}}return e}getAlgorithmName(){return"http://www.w3.org/2000/09/xmldsig#enveloped-signature"}}Ol.EnvelopedSignature=jE;var hr={};Object.defineProperty(hr,"__esModule",{value:!0});hr.Sha512=hr.Sha256=hr.Sha1=void 0;const Mf=vc;class LE{constructor(){this.getHash=function(e){const n=Mf.createHash("sha1");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2000/09/xmldsig#sha1"}}}hr.Sha1=LE;class FE{constructor(){this.getHash=function(e){const n=Mf.createHash("sha256");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha256"}}}hr.Sha256=FE;class UE{constructor(){this.getHash=function(e){const n=Mf.createHash("sha512");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha512"}}}hr.Sha512=UE;var vn={},Ts={};Object.defineProperty(Ts,"__esModule",{value:!0});Ts.createOptionalCallbackFunction=void 0;function ME(t){return typeof t=="function"}function qE(t){return(...e)=>{const n=e[e.length-1];if(ME(n))try{const r=t(...e.slice(0,-1));n(null,r)}catch(r){n(r instanceof Error?r:new Error("Unknown error"))}else return t(...e)}}Ts.createOptionalCallbackFunction=qE;Object.defineProperty(vn,"__esModule",{value:!0});vn.HmacSha1=vn.RsaSha512=vn.RsaSha256=vn.RsaSha1=void 0;const br=vc,xr=Ts;class VE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA1");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA1");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#rsa-sha1"}}vn.RsaSha1=VE;class HE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA256");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA256");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"}}vn.RsaSha256=HE;class KE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA512");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA512");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"}}vn.RsaSha512=KE;class GE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createHmac("SHA1",n);return r.update(e),r.digest("base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createHmac("SHA1",n);return i.update(e),i.digest("base64")===r}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#hmac-sha1"}}vn.HmacSha1=GE;Object.defineProperty(kl,"__esModule",{value:!0});kl.SignedXml=void 0;const zt=be,Ir=Nl,WE=vc,Mt=El,dm=ti,XE=Ol,pm=ni,uu=hr,Hs=vn,Oe=Ss;class Pn{constructor(e={}){this.signatureAlgorithm=void 0,this.canonicalizationAlgorithm=void 0,this.inclusiveNamespacesPrefixList=[],this.namespaceResolver={lookupNamespaceURI:function(){throw new Error("Not implemented")}},this.implicitTransforms=[],this.keyInfoAttributes={},this.getKeyInfoContent=Pn.getKeyInfoContent,this.getCertFromKeyInfo=Pn.getCertFromKeyInfo,this.id=0,this.signedXml="",this.signatureXml="",this.signatureNode=null,this.signatureValue="",this.originalXmlWithIds="",this.keyInfo=null,this.references=[],this.signedReferences=[],this.CanonicalizationAlgorithms={"http://www.w3.org/TR/2001/REC-xml-c14n-20010315":dm.C14nCanonicalization,"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments":dm.C14nCanonicalizationWithComments,"http://www.w3.org/2001/10/xml-exc-c14n#":pm.ExclusiveCanonicalization,"http://www.w3.org/2001/10/xml-exc-c14n#WithComments":pm.ExclusiveCanonicalizationWithComments,"http://www.w3.org/2000/09/xmldsig#enveloped-signature":XE.EnvelopedSignature},this.HashAlgorithms={"http://www.w3.org/2000/09/xmldsig#sha1":uu.Sha1,"http://www.w3.org/2001/04/xmlenc#sha256":uu.Sha256,"http://www.w3.org/2001/04/xmlenc#sha512":uu.Sha512},this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#rsa-sha1":Hs.RsaSha1,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256":Hs.RsaSha256,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512":Hs.RsaSha512};const{idMode:n,idAttribute:r,privateKey:i,publicCert:o,signatureAlgorithm:a,canonicalizationAlgorithm:l,inclusiveNamespacesPrefixList:u,implicitTransforms:d,keyInfoAttributes:p,getKeyInfoContent:h,getCertFromKeyInfo:g}=e;this.idMode=n,this.idAttributes=["Id","ID","id"],r&&this.idAttributes.unshift(r),this.privateKey=i,this.publicCert=o,this.signatureAlgorithm=a??this.signatureAlgorithm,this.canonicalizationAlgorithm=l,typeof u=="string"?this.inclusiveNamespacesPrefixList=u.split(" "):Oe.isArrayHasLength(u)&&(this.inclusiveNamespacesPrefixList=u),this.implicitTransforms=d??this.implicitTransforms,this.keyInfoAttributes=p??this.keyInfoAttributes,this.getKeyInfoContent=h??this.getKeyInfoContent,this.getCertFromKeyInfo=g??Pn.noop,this.CanonicalizationAlgorithms,this.HashAlgorithms,this.SignatureAlgorithms}enableHMAC(){this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#hmac-sha1":Hs.HmacSha1},this.getKeyInfoContent=Pn.noop}static getKeyInfoContent({publicCert:e,prefix:n}){if(e==null)return null;n=n?`${n}:`:"";let r="";Buffer.isBuffer(e)&&(e=e.toString("latin1"));let i=[];return typeof e=="string"&&(i=e.match(Oe.EXTRACT_X509_CERTS)||[]),i.length>0&&(r=i.map(o=>`<${n}X509Certificate>${Oe.pemToDer(o).toString("base64")}</${n}X509Certificate>`).join("")),`<${n}X509Data>${r}</${n}X509Data>`}static getCertFromKeyInfo(e){if(e!=null){const n=Mt.select1(".//*[local-name(.)='X509Certificate']",e);if(zt.isNodeLike(n))return Oe.derToPem(n.textContent??"","CERTIFICATE")}return null}checkSignature(e,n){if(n!=null&&typeof n!="function")throw new Error("Last parameter must be a callback function");this.signedXml=e;const r=new Ir.DOMParser().parseFromString(e);this.references=[];const i=this.getCanonSignedInfoXml(r);if(!i){if(n){n(new Error("Canonical signed info cannot be empty"),!1);return}throw new Error("Canonical signed info cannot be empty")}const a=new Ir.DOMParser().parseFromString(i,"text/xml").documentElement;if(!a){if(n){n(new Error("Could not parse unverifiedSignedInfoCanon into a document"),!1);return}throw new Error("Could not parse unverifiedSignedInfoCanon into a document")}const l=Oe.findChildren(a,"Reference");if(!Oe.isArrayHasLength(l)){if(n){n(new Error("could not find any Reference elements"),!1);return}throw new Error("could not find any Reference elements")}for(const h of l)this.loadReference(h);if(!this.getReferences().every(h=>this.validateReference(h,r))){if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error("Could not validate all references"),!1);return}return!1}const u=this.findSignatureAlgorithm(this.signatureAlgorithm),d=this.getCertFromKeyInfo(this.keyInfo)||this.publicCert||this.privateKey;if(d==null)throw new Error("KeyInfo or publicCert or privateKey is required to validate signature");if(u.verifySignature(i,d,this.signatureValue)===!0)if(n)n(null,!0);else return!0;else if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`));return}else throw new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`)}getCanonSignedInfoXml(e){if(this.signatureNode==null)throw new Error("No signature found.");if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to get signed info for XML");const n=Oe.findChildren(this.signatureNode,"SignedInfo");if(n.length===0)throw new Error("could not find SignedInfo element in the message");if(n.length>1)throw new Error("could not get canonicalized signed info for a signature that contains multiple SignedInfo nodes");if((this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(!e||typeof e!="object"))throw new Error("When canonicalization method is non-exclusive, whole xml dom must be provided as an argument");const i={ancestorNamespaces:Oe.findAncestorNs(e,"//*[local-name()='SignedInfo']")};return this.getCanonXml([this.canonicalizationAlgorithm],n[0],i)}getCanonReferenceXml(e,n,r){Array.isArray(n.transforms)&&(n.ancestorNamespaces=Oe.findAncestorNs(e,n.xpath,this.namespaceResolver));const i={inclusiveNamespacesPrefixList:n.inclusiveNamespacesPrefixList,ancestorNamespaces:n.ancestorNamespaces};return this.getCanonXml(n.transforms,r,i)}calculateSignatureValue(e,n){const r=this.getCanonSignedInfoXml(e),i=this.findSignatureAlgorithm(this.signatureAlgorithm);if(this.privateKey==null)throw new Error("Private key is required to compute signature");typeof n=="function"?i.getSignature(r,this.privateKey,n):this.signatureValue=i.getSignature(r,this.privateKey)}findSignatureAlgorithm(e){if(e==null)throw new Error("signatureAlgorithm is required");const n=this.SignatureAlgorithms[e];if(n)return new n;throw new Error(`signature algorithm '${e}' is not supported`)}findCanonicalizationAlgorithm(e){if(e!=null){const n=this.CanonicalizationAlgorithms[e];if(n)return new n}throw new Error(`canonicalization algorithm '${e}' is not supported`)}findHashAlgorithm(e){const n=this.HashAlgorithms[e];if(n)return new n;throw new Error(`hash algorithm '${e}' is not supported`)}validateElementAgainstReferences(e,n){var i;let r;if(typeof e=="string"){const o=Mt.select1(e,n);zt.assertIsElementNode(o),r=o}else r=e;for(const o of this.getReferences()){const a=((i=o.uri)==null?void 0:i[0])==="#"?o.uri.substring(1):o.uri;for(const p of this.idAttributes){const h=r.getAttribute(p);if(a===h){o.xpath=`//*[@*[local-name(.)='${p}']='${a}']`;break}}const l=this.getCanonReferenceXml(n,o,r),d=this.findHashAlgorithm(o.digestAlgorithm).getHash(l);if(Oe.validateDigestValue(d,o.digestValue))return o}throw new Error("No references passed validation")}validateReference(e,n){var u;const r=((u=e.uri)==null?void 0:u[0])==="#"?e.uri.substring(1):e.uri;let i=null;if(r==="")i=Mt.select1("//*",n);else{if((r==null?void 0:r.indexOf("'"))!==-1)throw new Error("Cannot validate a uri with quotes inside it");{let d=0;for(const p of this.idAttributes){const h=`//*[@*[local-name(.)='${p}']='${r}']`,g=Mt.select(h,n);if(Oe.isArrayHasLength(g)){if(d+=g.length,d>1)throw new Error("Cannot validate a document which contains multiple elements with the same value for the ID / Id / Id attributes, in order to prevent signature wrapping attack.");i=g[0],e.xpath=h}}}}if(e.getValidatedNode=(0,WE.deprecate)(d=>{if(d=d||e.xpath,typeof d!="string"||e.validationError!=null)return null;const p=Mt.select1(d,n);return zt.isNodeLike(p)?p:null},"`ref.getValidatedNode()` is deprecated and insecure. Use `ref.signedReference` or `this.getSignedReferences()` instead."),!zt.isNodeLike(i)){const d=new Error(`invalid signature: the signature references an element with uri ${e.uri} but could not find such element in the xml`);return e.validationError=d,!1}const o=this.getCanonReferenceXml(n,e,i),l=this.findHashAlgorithm(e.digestAlgorithm).getHash(o);if(!Oe.validateDigestValue(l,e.digestValue)){const d=new Error(`invalid signature: for uri ${e.uri} calculated digest is ${l} but the xml to validate supplies digest ${e.digestValue}`);return e.validationError=d,!1}return this.signedReferences.push(o),e.signedReference=o,!0}findSignatures(e){const n=Mt.select("//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return zt.isArrayOfNodes(n)?n:[]}loadSignature(e){typeof e=="string"?this.signatureNode=e=new Ir.DOMParser().parseFromString(e):this.signatureNode=e,this.signatureXml=e.toString();const n=Mt.select1(".//*[local-name(.)='CanonicalizationMethod']/@Algorithm",e);if(!zt.isNodeLike(n))throw new Error("could not find CanonicalizationMethod/@Algorithm element");zt.isAttributeNode(n)&&(this.canonicalizationAlgorithm=n.value);const r=Mt.select1(".//*[local-name(.)='SignatureMethod']/@Algorithm",e);zt.isAttributeNode(r)&&(this.signatureAlgorithm=r.value);const i=Oe.findChildren(this.signatureNode,"SignedInfo");if(!Oe.isArrayHasLength(i))throw new Error("no signed info node found");if(i.length>1)throw new Error("could not load signature that contains multiple SignedInfo nodes");let o=this.canonicalizationAlgorithm;(!o||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(o="http://www.w3.org/2001/10/xml-exc-c14n#");const a=this.getCanonXml([o],i[0]),u=new Ir.DOMParser().parseFromString(a,"text/xml").documentElement;this.references=[];const d=Oe.findChildren(u,"Reference");if(!Oe.isArrayHasLength(d))throw new Error("could not find any Reference elements");for(const g of d)this.loadReference(g);const p=Mt.select1(".//*[local-name(.)='SignatureValue']/text()",e);zt.isTextNode(p)&&(this.signatureValue=p.data.replace(/\r?\n/g,""));const h=Mt.select1(".//*[local-name(.)='KeyInfo']",e);zt.isNodeLike(h)&&(this.keyInfo=h)}loadReference(e){let n=Oe.findChildren(e,"DigestMethod");if(n.length===0)throw new Error(`could not find DigestMethod in reference ${e.toString()}`);const r=n[0],i=Oe.findAttr(r,"Algorithm");if(!i)throw new Error(`could not find Algorithm attribute in node ${r.toString()}`);const o=i.value;if(n=Oe.findChildren(e,"DigestValue"),n.length===0)throw new Error(`could not find DigestValue node in reference ${e.toString()}`);if(n.length>1)throw new Error(`could not load reference for a node that contains multiple DigestValue nodes: ${e.toString()}`);const a=n[0].textContent;if(!a)throw new Error(`could not find the value of DigestValue in ${e.toString()}`);const l=[];let u=[];if(n=Oe.findChildren(e,"Transforms"),n.length!==0){const p=n[0],h=Oe.findChildren(p,"Transform");for(const A of h){const m=Oe.findAttr(A,"Algorithm");m&&l.push(m.value)}const g=Oe.findChildren(h[h.length-1],"InclusiveNamespaces");Oe.isArrayHasLength(g)&&(u=g.flatMap(A=>(A.getAttribute("PrefixList")??"").split(" ")).filter(A=>A.length>0))}Oe.isArrayHasLength(this.implicitTransforms)&&this.implicitTransforms.forEach(function(p){l.push(p)}),(l.length===0||l[l.length-1]==="http://www.w3.org/2000/09/xmldsig#enveloped-signature")&&l.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");const d=zt.isElementNode(e)&&e.getAttribute("URI")||void 0;this.addReference({transforms:l,digestAlgorithm:o,uri:d,digestValue:a,inclusiveNamespacesPrefixList:u,isEmptyUri:!1})}addReference({xpath:e,transforms:n,digestAlgorithm:r,uri:i="",digestValue:o,inclusiveNamespacesPrefixList:a=[],isEmptyUri:l=!1}){if(r==null)throw new Error("digestAlgorithm is required");if(!Oe.isArrayHasLength(n))throw new Error("transforms must contain at least one transform algorithm");this.references.push({xpath:e,transforms:n,digestAlgorithm:r,uri:i,digestValue:o,inclusiveNamespacesPrefixList:a,isEmptyUri:l,getValidatedNode:()=>{throw new Error("Reference has not been validated yet; Did you call `sig.checkSignature()`?")}})}getReferences(){return this.references}getSignedReferences(){return[...this.signedReferences]}computeSignature(e,n,r){let i;typeof n=="function"&&r==null?(i=n,n={}):(i=r,n=n??{});const o=new Ir.DOMParser().parseFromString(e);let a="xmlns";const l=[];let u;const d=["append","prepend","before","after"],p=n.prefix,h=n.attrs||{},g=n.location||{},A=n.existingPrefixes||{};if(this.namespaceResolver={lookupNamespaceURI:function(H){return H?A[H]:null}},g.reference=g.reference||"/*",g.action=g.action||"append",d.indexOf(g.action)===-1){const H=new Error(`location.action option has an invalid action: ${g.action}, must be any of the following values: ${d.join(", ")}`);if(i){i(H);return}else throw H}p?(a+=`:${p}`,u=`${p}:`):u="",Object.keys(h).forEach(function(H){H!=="xmlns"&&H!==a&&l.push(`${H}="${h[H]}"`)}),l.push(`${a}="http://www.w3.org/2000/09/xmldsig#"`);let m=`<${u}Signature ${l.join(" ")}>`;m+=this.createSignedInfo(o,p),m+=this.getKeyInfo(p),m+=`</${u}Signature>`,this.originalXmlWithIds=o.toString();let $="";Object.keys(A).forEach(function(H){$+=`xmlns:${H}="${A[H]}" `});const k=`<Dummy ${$}>${m}</Dummy>`,b=new Ir.DOMParser().parseFromString(k).documentElement.firstChild,T=Mt.select1(g.reference,o);if(!zt.isNodeLike(T)){const H=new Error(`the following xpath cannot be used because it was not found: ${g.reference}`);if(i){i(H);return}else throw H}if(g.action==="append")T.appendChild(b);else if(g.action==="prepend")T.insertBefore(b,T.firstChild);else if(g.action==="before"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `before`");T.parentNode.insertBefore(b,T)}else if(g.action==="after"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `after`");T.parentNode.insertBefore(b,T.nextSibling)}this.signatureNode=b;const M=Oe.findChildren(this.signatureNode,"SignedInfo");if(M.length===0){const H=new Error("could not find SignedInfo element in the message");if(i){i(H);return}else throw H}const U=M[0];typeof i=="function"?this.calculateSignatureValue(o,(H,W)=>{H?i(H):(this.signatureValue=W||"",b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString(),i(null,this))}):(this.calculateSignatureValue(o),b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString())}getKeyInfo(e){const n=e?`${e}:`:"";let r="";this.keyInfoAttributes&&Object.keys(this.keyInfoAttributes).forEach(o=>{r+=` ${o}="${this.keyInfoAttributes[o]}"`});const i=this.getKeyInfoContent({publicCert:this.publicCert,prefix:e});return r||i?`<${n}KeyInfo${r}>${i}</${n}KeyInfo>`:""}createReferences(e,n){let r="";n=n||"",n=n&&`${n}:`;for(const i of this.getReferences()){const o=Mt.selectWithResolver(i.xpath??"",e,this.namespaceResolver);if(!Oe.isArrayHasLength(o))throw new Error(`the following xpath cannot be signed because it was not found: ${i.xpath}`);for(const a of o){if(i.isEmptyUri)r+=`<${n}Reference URI="">`;else{const d=this.ensureHasId(a);i.uri=d,r+=`<${n}Reference URI="#${d}">`}r+=`<${n}Transforms>`;for(const d of i.transforms||[]){const p=this.findCanonicalizationAlgorithm(d);r+=`<${n}Transform Algorithm="${p.getAlgorithmName()}"`,Oe.isArrayHasLength(i.inclusiveNamespacesPrefixList)?(r+=">",r+=`<InclusiveNamespaces PrefixList="${i.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${p.getAlgorithmName()}"/>`,r+=`</${n}Transform>`):r+=" />"}const l=this.getCanonReferenceXml(e,i,a),u=this.findHashAlgorithm(i.digestAlgorithm);r+=`</${n}Transforms><${n}DigestMethod Algorithm="${u.getAlgorithmName()}" /><${n}DigestValue>${u.getHash(l)}</${n}DigestValue></${n}Reference>`}}return r}getCanonXml(e,n,r={}){r.defaultNsForPrefix=r.defaultNsForPrefix??Pn.defaultNsForPrefix,r.signatureNode=this.signatureNode;let o=n.cloneNode(!0);return e.forEach(a=>{zt.isNodeLike(o)&&(o=this.findCanonicalizationAlgorithm(a).process(o,r))}),o.toString()}ensureHasId(e){let n;if(this.idMode==="wssecurity"?n=Oe.findAttr(e,"Id","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"):this.idAttributes.some(i=>(n=Oe.findAttr(e,i),!!n)),n)return n.value;const r=`_${this.id++}`;return this.idMode==="wssecurity"?(e.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"),e.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd","wsu:Id",r)):e.setAttribute("Id",r),r}createSignedInfo(e,n){if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to create signed info for XML");const r=this.findCanonicalizationAlgorithm(this.canonicalizationAlgorithm),i=this.findSignatureAlgorithm(this.signatureAlgorithm);let o;o=n||"",o=o&&`${o}:`;let a=`<${o}SignedInfo>`;return a+=`<${o}CanonicalizationMethod Algorithm="${r.getAlgorithmName()}"`,Oe.isArrayHasLength(this.inclusiveNamespacesPrefixList)?(a+=">",a+=`<InclusiveNamespaces PrefixList="${this.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${r.getAlgorithmName()}"/>`,a+=`</${o}CanonicalizationMethod>`):a+=" />",a+=`<${o}SignatureMethod Algorithm="${i.getAlgorithmName()}" />`,a+=this.createReferences(e,n),a+=`</${o}SignedInfo>`,a}createSignature(e){let n="xmlns";e?(n+=`:${e}`,e+=":"):e="";const r=`<${e}SignatureValue>${this.signatureValue}</${e}SignatureValue>`,i=`<${e}Signature ${n}="http://www.w3.org/2000/09/xmldsig#">${r}</${e}Signature>`;return new Ir.DOMParser().parseFromString(i).documentElement.firstChild}getSignatureXml(){return this.signatureXml}getOriginalXmlWithIds(){return this.originalXmlWithIds}getSignedXml(){return this.signedXml}}kl.SignedXml=Pn;Pn.defaultNsForPrefix={ds:"http://www.w3.org/2000/09/xmldsig#"};Pn.noop=()=>null;(function(t){var e=cr&&cr.__createBinding||(Object.create?function(a,l,u,d){d===void 0&&(d=u);var p=Object.getOwnPropertyDescriptor(l,u);(!p||("get"in p?!l.__esModule:p.writable||p.configurable))&&(p={enumerable:!0,get:function(){return l[u]}}),Object.defineProperty(a,d,p)}:function(a,l,u,d){d===void 0&&(d=u),a[d]=l[u]}),n=cr&&cr.__exportStar||function(a,l){for(var u in a)u!=="default"&&!Object.prototype.hasOwnProperty.call(l,u)&&e(l,a,u)};Object.defineProperty(t,"__esModule",{value:!0}),t.SignedXml=t.ExclusiveCanonicalizationWithComments=t.ExclusiveCanonicalization=t.C14nCanonicalizationWithComments=t.C14nCanonicalization=void 0;var r=ti;Object.defineProperty(t,"C14nCanonicalization",{enumerable:!0,get:function(){return r.C14nCanonicalization}}),Object.defineProperty(t,"C14nCanonicalizationWithComments",{enumerable:!0,get:function(){return r.C14nCanonicalizationWithComments}});var i=ni;Object.defineProperty(t,"ExclusiveCanonicalization",{enumerable:!0,get:function(){return i.ExclusiveCanonicalization}}),Object.defineProperty(t,"ExclusiveCanonicalizationWithComments",{enumerable:!0,get:function(){return i.ExclusiveCanonicalizationWithComments}});var o=kl;Object.defineProperty(t,"SignedXml",{enumerable:!0,get:function(){return o.SignedXml}}),n(Ts,t),n(Ss,t)})(M8);async function JE(t){const e=new DecompressionStream("deflate-raw"),n=new Blob([t]).stream().pipeThrough(e);return new Uint8Array(await new Response(n).arrayBuffer())}async function YE(t){const e=await c2.decode(t.replace(/ /g,"+"));try{const n=await JE(e);return new TextDecoder().decode(n)}catch(n){return console.warn("Decompression failed, assuming data is not compressed:",n),new TextDecoder().decode(e)}}async function ZE(t){const e=await YE(t),r=new mp.XMLParser({attributeNamePrefix:"@_",alwaysCreateTextNode:!0,ignoreAttributes:!1}).parse(e);return L8.parse(r)}function QE(t){const e=[{":@":{"@_entityID":t.entityId,"@_xmlns":"urn:oasis:names:tc:SAML:2.0:metadata"},EntityDescriptor:[{":@":{"@_protocolSupportEnumeration":"urn:oasis:names:tc:SAML:2.0:protocol"},IDPSSODescriptor:[{":@":{"@_use":"signing"},KeyDescriptor:[{":@":{"@_xmlns":"http://www.w3.org/2000/09/xmldsig#"},KeyInfo:[{X509Data:[{X509Certificate:[{"#text":t.cert}]}]}]}]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"}]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"E-Mail Address","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Given Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Surname","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name ID","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]}]}]}];return new mp.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0,format:!0}).build(e)}const e9=new s.OpenAPIHono().openapi(s.createRoute({tags:["saml"],method:"get",path:"/metadata/{client_id}",request:{params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{var l,u;const{client_id:e}=t.req.valid("param"),n=await t.env.data.clients.get(e);if(!n)throw new z(404,{message:"Client not found"});const[r]=await t.env.data.keys.list();if(!r)throw new z(500,{message:"No signing key found"});const i=new gl(r.cert),o=t.env.ISSUER,a=QE({entityId:((u=(l=n.addons)==null?void 0:l.samlp)==null?void 0:u.audience)||n.id,cert:i.toString("base64"),assertionConsumerServiceUrl:`${o}samlp/${e}`,singleLogoutServiceUrl:`${o}samlp/${e}/logout`});return new Response(a,{headers:{"Content-Type":"text/xml"}})}).openapi(s.createRoute({tags:["saml"],method:"get",path:"/{client_id}",request:{query:s.z.object({SAMLRequest:s.z.string(),RelayState:s.z.string().optional(),SigAlg:s.z.string().optional(),Signature:s.z.string().optional()}),params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{const{client_id:e}=t.req.valid("param"),{SAMLRequest:n,RelayState:r}=t.req.valid("query"),i=await t.env.data.clients.get(e);if(!i)throw new z(404,{message:"Client not found"});t.set("client_id",i.id),t.set("tenant_id",i.tenant.id);const o=await ZE(n),a=o["samlp:AuthnRequest"]["saml:Issuer"]["#text"],l=await t.env.data.loginSessions.create(t.var.tenant_id,{csrf_token:qe(),authParams:{client_id:e,state:JSON.stringify({requestId:o["samlp:AuthnRequest"]["@_ID"],relayState:r}),response_mode:bn.SAML_POST,redirect_uri:o["samlp:AuthnRequest"]["@_AssertionConsumerServiceURL"],audience:a},expires_at:new Date(Date.now()+Ci*1e3).toISOString(),ip:t.get("ip"),useragent:t.get("useragent"),auth0Client:yr(t.get("auth0_client"))});return t.redirect(`/u/login/identifier?state=${l.id}`)});function t9(t){const e=new s.OpenAPIHono;e.use(async(r,i)=>{const o=ts(r,t.dataAdapter),a=vl(o,{defaultTtl:3e5,cacheEntities:["tenants","connections","clients"]});return r.env.data=_l(r,a),i()}),e.use(wl).use(yl).use(lf(e));const n=e.route("/",e9);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"SAML API"},security:[{oauth2:["openid","email","profile"]}]}),cf(n),n}const n9="Account detected",r9="Account",i9="We have detected that you have already created an account through",o9="By signing in, you agree to our",s9="and",a9="email address",c9="email or phone number",l9="phone number",u9="Callback URL mismatch",d9="The provided redirect_uri is not in the list of allowed callback URLs.",p9="continue with user",f9="Please click the button to create a new password account.",h9="Enter the code at {{vendorName}} to complete the login",g9="Welcome to {{vendorName}}! {{code}} is the login code",m9="Welcome to {{vendorName}}! {{code}} is the login code",_9="Code expired",y9="Invalid code",w9="Please check <0>{{username}}</0> and enter the six-digit code that we've sent you.",v9="The code is already used",b9="The code is valid for 30 minutes",x9="Confirm password",$9="Need Help?",A9="Contact us",E9="or continue with social account",S9="Continue with {{provider}}",k9="Would you like to continue with your existing account?",N9="Copyright © 2023 SESAMY. All rights reserved.",C9="©2023 Sesamy",I9="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",T9="Please enter a valid email address.",O9="The passwords didn't match. Try again.",D9="Choose password",z9="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",R9="Create new account",P9="Sign up with password",B9="You are currently logged in as <0>{{email}}</0>",j9="Email",L9="Email changed to <0>{{email}}</0> ",F9="Email or Phone Number",U9="Email address",M9="Your email address has been validated",q9="Now enter your password to login again",V9="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",H9="Email verification sent",K9="Enter a code",G9="We'll send you a verification link to ensure you own this email address.",W9="Enter new email",X9="Enter new password",J9="Enter password",Y9="Enter your email address and password to login.",Z9="Enter your password",Q9="The magic link has expired. Please click on the button below to receive a new link in your inbox.",eS="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",tS="Send password reset email",nS="Click the button below and we’ll send instructions on how to reset your password.",rS="Password reset email sent",iS="Forgot password?",oS="Forgot password?",sS="Go back",aS="Hide password",cS="Invalid identifier",lS="Invalid password",uS=`The link is no longer valid.
284
+ @`+(t.systemId||"")+"#[line:"+t.lineNumber+",col:"+t.columnNumber+"]"}function um(t,e,n){return typeof t=="string"?t.substr(e,n):t.length>=e+n||e?new java.lang.String(t,e,n)+"":t}"endDTD,startEntity,endEntity,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,resolveEntity,getExternalSubset,notationDecl,unparsedEntityDecl".replace(/\w+/g,function(t){Is.prototype[t]=function(){return null}});function qs(t,e){t.currentElement?t.currentElement.appendChild(e):t.doc.appendChild(e)}Tl.__DOMHandler=Is;Tl.normalizeLineEndings=iw;Tl.DOMParser=ow;var sw=tr;Nl.DOMImplementation=sw.DOMImplementation;Nl.XMLSerializer=sw.XMLSerializer;Nl.DOMParser=Tl.DOMParser;var Ol={};Object.defineProperty(Ol,"__esModule",{value:!0});Ol.EnvelopedSignature=void 0;const Vs=El,lu=be;class jE{constructor(){this.includeComments=!1,this.includeComments=!1}process(e,n){if(n.signatureNode==null){const o=Vs.select1("./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return lu.isNodeLike(o)&&o.parentNode&&o.parentNode.removeChild(o),e}const r=n.signatureNode,i=Vs.select1(".//*[local-name(.)='SignatureValue']/text()",r);if(lu.isTextNode(i)){const o=i.data,a=Vs.select(".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);for(const l of Array.isArray(a)?a:[]){const u=Vs.select1(".//*[local-name(.)='SignatureValue']/text()",l);if(lu.isTextNode(u)){const d=u.data;o===d&&l.parentNode&&l.parentNode.removeChild(l)}}}return e}getAlgorithmName(){return"http://www.w3.org/2000/09/xmldsig#enveloped-signature"}}Ol.EnvelopedSignature=jE;var hr={};Object.defineProperty(hr,"__esModule",{value:!0});hr.Sha512=hr.Sha256=hr.Sha1=void 0;const Mf=vc;class LE{constructor(){this.getHash=function(e){const n=Mf.createHash("sha1");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2000/09/xmldsig#sha1"}}}hr.Sha1=LE;class FE{constructor(){this.getHash=function(e){const n=Mf.createHash("sha256");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha256"}}}hr.Sha256=FE;class UE{constructor(){this.getHash=function(e){const n=Mf.createHash("sha512");return n.update(e,"utf8"),n.digest("base64")},this.getAlgorithmName=function(){return"http://www.w3.org/2001/04/xmlenc#sha512"}}}hr.Sha512=UE;var vn={},Ts={};Object.defineProperty(Ts,"__esModule",{value:!0});Ts.createOptionalCallbackFunction=void 0;function ME(t){return typeof t=="function"}function qE(t){return(...e)=>{const n=e[e.length-1];if(ME(n))try{const r=t(...e.slice(0,-1));n(null,r)}catch(r){n(r instanceof Error?r:new Error("Unknown error"))}else return t(...e)}}Ts.createOptionalCallbackFunction=qE;Object.defineProperty(vn,"__esModule",{value:!0});vn.HmacSha1=vn.RsaSha512=vn.RsaSha256=vn.RsaSha1=void 0;const br=vc,xr=Ts;class VE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA1");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA1");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#rsa-sha1"}}vn.RsaSha1=VE;class HE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA256");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA256");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"}}vn.RsaSha256=HE;class KE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createSign("RSA-SHA512");return r.update(e),r.sign(n,"base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createVerify("RSA-SHA512");return i.update(e),i.verify(n,r,"base64")}),this.getAlgorithmName=()=>"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"}}vn.RsaSha512=KE;class GE{constructor(){this.getSignature=(0,xr.createOptionalCallbackFunction)((e,n)=>{const r=br.createHmac("SHA1",n);return r.update(e),r.digest("base64")}),this.verifySignature=(0,xr.createOptionalCallbackFunction)((e,n,r)=>{const i=br.createHmac("SHA1",n);return i.update(e),i.digest("base64")===r}),this.getAlgorithmName=()=>"http://www.w3.org/2000/09/xmldsig#hmac-sha1"}}vn.HmacSha1=GE;Object.defineProperty(kl,"__esModule",{value:!0});kl.SignedXml=void 0;const zt=be,Ir=Nl,WE=vc,Mt=El,dm=ti,XE=Ol,pm=ni,uu=hr,Hs=vn,Oe=Ss;class Pn{constructor(e={}){this.signatureAlgorithm=void 0,this.canonicalizationAlgorithm=void 0,this.inclusiveNamespacesPrefixList=[],this.namespaceResolver={lookupNamespaceURI:function(){throw new Error("Not implemented")}},this.implicitTransforms=[],this.keyInfoAttributes={},this.getKeyInfoContent=Pn.getKeyInfoContent,this.getCertFromKeyInfo=Pn.getCertFromKeyInfo,this.id=0,this.signedXml="",this.signatureXml="",this.signatureNode=null,this.signatureValue="",this.originalXmlWithIds="",this.keyInfo=null,this.references=[],this.signedReferences=[],this.CanonicalizationAlgorithms={"http://www.w3.org/TR/2001/REC-xml-c14n-20010315":dm.C14nCanonicalization,"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments":dm.C14nCanonicalizationWithComments,"http://www.w3.org/2001/10/xml-exc-c14n#":pm.ExclusiveCanonicalization,"http://www.w3.org/2001/10/xml-exc-c14n#WithComments":pm.ExclusiveCanonicalizationWithComments,"http://www.w3.org/2000/09/xmldsig#enveloped-signature":XE.EnvelopedSignature},this.HashAlgorithms={"http://www.w3.org/2000/09/xmldsig#sha1":uu.Sha1,"http://www.w3.org/2001/04/xmlenc#sha256":uu.Sha256,"http://www.w3.org/2001/04/xmlenc#sha512":uu.Sha512},this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#rsa-sha1":Hs.RsaSha1,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256":Hs.RsaSha256,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512":Hs.RsaSha512};const{idMode:n,idAttribute:r,privateKey:i,publicCert:o,signatureAlgorithm:a,canonicalizationAlgorithm:l,inclusiveNamespacesPrefixList:u,implicitTransforms:d,keyInfoAttributes:p,getKeyInfoContent:h,getCertFromKeyInfo:g}=e;this.idMode=n,this.idAttributes=["Id","ID","id"],r&&this.idAttributes.unshift(r),this.privateKey=i,this.publicCert=o,this.signatureAlgorithm=a??this.signatureAlgorithm,this.canonicalizationAlgorithm=l,typeof u=="string"?this.inclusiveNamespacesPrefixList=u.split(" "):Oe.isArrayHasLength(u)&&(this.inclusiveNamespacesPrefixList=u),this.implicitTransforms=d??this.implicitTransforms,this.keyInfoAttributes=p??this.keyInfoAttributes,this.getKeyInfoContent=h??this.getKeyInfoContent,this.getCertFromKeyInfo=g??Pn.noop,this.CanonicalizationAlgorithms,this.HashAlgorithms,this.SignatureAlgorithms}enableHMAC(){this.SignatureAlgorithms={"http://www.w3.org/2000/09/xmldsig#hmac-sha1":Hs.HmacSha1},this.getKeyInfoContent=Pn.noop}static getKeyInfoContent({publicCert:e,prefix:n}){if(e==null)return null;n=n?`${n}:`:"";let r="";Buffer.isBuffer(e)&&(e=e.toString("latin1"));let i=[];return typeof e=="string"&&(i=e.match(Oe.EXTRACT_X509_CERTS)||[]),i.length>0&&(r=i.map(o=>`<${n}X509Certificate>${Oe.pemToDer(o).toString("base64")}</${n}X509Certificate>`).join("")),`<${n}X509Data>${r}</${n}X509Data>`}static getCertFromKeyInfo(e){if(e!=null){const n=Mt.select1(".//*[local-name(.)='X509Certificate']",e);if(zt.isNodeLike(n))return Oe.derToPem(n.textContent??"","CERTIFICATE")}return null}checkSignature(e,n){if(n!=null&&typeof n!="function")throw new Error("Last parameter must be a callback function");this.signedXml=e;const r=new Ir.DOMParser().parseFromString(e);this.references=[];const i=this.getCanonSignedInfoXml(r);if(!i){if(n){n(new Error("Canonical signed info cannot be empty"),!1);return}throw new Error("Canonical signed info cannot be empty")}const a=new Ir.DOMParser().parseFromString(i,"text/xml").documentElement;if(!a){if(n){n(new Error("Could not parse unverifiedSignedInfoCanon into a document"),!1);return}throw new Error("Could not parse unverifiedSignedInfoCanon into a document")}const l=Oe.findChildren(a,"Reference");if(!Oe.isArrayHasLength(l)){if(n){n(new Error("could not find any Reference elements"),!1);return}throw new Error("could not find any Reference elements")}for(const h of l)this.loadReference(h);if(!this.getReferences().every(h=>this.validateReference(h,r))){if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error("Could not validate all references"),!1);return}return!1}const u=this.findSignatureAlgorithm(this.signatureAlgorithm),d=this.getCertFromKeyInfo(this.keyInfo)||this.publicCert||this.privateKey;if(d==null)throw new Error("KeyInfo or publicCert or privateKey is required to validate signature");if(u.verifySignature(i,d,this.signatureValue)===!0)if(n)n(null,!0);else return!0;else if(this.signedReferences=[],this.references.forEach(h=>{h.signedReference=void 0}),n){n(new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`));return}else throw new Error(`invalid signature: the signature value ${this.signatureValue} is incorrect`)}getCanonSignedInfoXml(e){if(this.signatureNode==null)throw new Error("No signature found.");if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to get signed info for XML");const n=Oe.findChildren(this.signatureNode,"SignedInfo");if(n.length===0)throw new Error("could not find SignedInfo element in the message");if(n.length>1)throw new Error("could not get canonicalized signed info for a signature that contains multiple SignedInfo nodes");if((this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||this.canonicalizationAlgorithm==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(!e||typeof e!="object"))throw new Error("When canonicalization method is non-exclusive, whole xml dom must be provided as an argument");const i={ancestorNamespaces:Oe.findAncestorNs(e,"//*[local-name()='SignedInfo']")};return this.getCanonXml([this.canonicalizationAlgorithm],n[0],i)}getCanonReferenceXml(e,n,r){Array.isArray(n.transforms)&&(n.ancestorNamespaces=Oe.findAncestorNs(e,n.xpath,this.namespaceResolver));const i={inclusiveNamespacesPrefixList:n.inclusiveNamespacesPrefixList,ancestorNamespaces:n.ancestorNamespaces};return this.getCanonXml(n.transforms,r,i)}calculateSignatureValue(e,n){const r=this.getCanonSignedInfoXml(e),i=this.findSignatureAlgorithm(this.signatureAlgorithm);if(this.privateKey==null)throw new Error("Private key is required to compute signature");typeof n=="function"?i.getSignature(r,this.privateKey,n):this.signatureValue=i.getSignature(r,this.privateKey)}findSignatureAlgorithm(e){if(e==null)throw new Error("signatureAlgorithm is required");const n=this.SignatureAlgorithms[e];if(n)return new n;throw new Error(`signature algorithm '${e}' is not supported`)}findCanonicalizationAlgorithm(e){if(e!=null){const n=this.CanonicalizationAlgorithms[e];if(n)return new n}throw new Error(`canonicalization algorithm '${e}' is not supported`)}findHashAlgorithm(e){const n=this.HashAlgorithms[e];if(n)return new n;throw new Error(`hash algorithm '${e}' is not supported`)}validateElementAgainstReferences(e,n){var i;let r;if(typeof e=="string"){const o=Mt.select1(e,n);zt.assertIsElementNode(o),r=o}else r=e;for(const o of this.getReferences()){const a=((i=o.uri)==null?void 0:i[0])==="#"?o.uri.substring(1):o.uri;for(const p of this.idAttributes){const h=r.getAttribute(p);if(a===h){o.xpath=`//*[@*[local-name(.)='${p}']='${a}']`;break}}const l=this.getCanonReferenceXml(n,o,r),d=this.findHashAlgorithm(o.digestAlgorithm).getHash(l);if(Oe.validateDigestValue(d,o.digestValue))return o}throw new Error("No references passed validation")}validateReference(e,n){var u;const r=((u=e.uri)==null?void 0:u[0])==="#"?e.uri.substring(1):e.uri;let i=null;if(r==="")i=Mt.select1("//*",n);else{if((r==null?void 0:r.indexOf("'"))!==-1)throw new Error("Cannot validate a uri with quotes inside it");{let d=0;for(const p of this.idAttributes){const h=`//*[@*[local-name(.)='${p}']='${r}']`,g=Mt.select(h,n);if(Oe.isArrayHasLength(g)){if(d+=g.length,d>1)throw new Error("Cannot validate a document which contains multiple elements with the same value for the ID / Id / Id attributes, in order to prevent signature wrapping attack.");i=g[0],e.xpath=h}}}}if(e.getValidatedNode=(0,WE.deprecate)(d=>{if(d=d||e.xpath,typeof d!="string"||e.validationError!=null)return null;const p=Mt.select1(d,n);return zt.isNodeLike(p)?p:null},"`ref.getValidatedNode()` is deprecated and insecure. Use `ref.signedReference` or `this.getSignedReferences()` instead."),!zt.isNodeLike(i)){const d=new Error(`invalid signature: the signature references an element with uri ${e.uri} but could not find such element in the xml`);return e.validationError=d,!1}const o=this.getCanonReferenceXml(n,e,i),l=this.findHashAlgorithm(e.digestAlgorithm).getHash(o);if(!Oe.validateDigestValue(l,e.digestValue)){const d=new Error(`invalid signature: for uri ${e.uri} calculated digest is ${l} but the xml to validate supplies digest ${e.digestValue}`);return e.validationError=d,!1}return this.signedReferences.push(o),e.signedReference=o,!0}findSignatures(e){const n=Mt.select("//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",e);return zt.isArrayOfNodes(n)?n:[]}loadSignature(e){typeof e=="string"?this.signatureNode=e=new Ir.DOMParser().parseFromString(e):this.signatureNode=e,this.signatureXml=e.toString();const n=Mt.select1(".//*[local-name(.)='CanonicalizationMethod']/@Algorithm",e);if(!zt.isNodeLike(n))throw new Error("could not find CanonicalizationMethod/@Algorithm element");zt.isAttributeNode(n)&&(this.canonicalizationAlgorithm=n.value);const r=Mt.select1(".//*[local-name(.)='SignatureMethod']/@Algorithm",e);zt.isAttributeNode(r)&&(this.signatureAlgorithm=r.value);const i=Oe.findChildren(this.signatureNode,"SignedInfo");if(!Oe.isArrayHasLength(i))throw new Error("no signed info node found");if(i.length>1)throw new Error("could not load signature that contains multiple SignedInfo nodes");let o=this.canonicalizationAlgorithm;(!o||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"||o==="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")&&(o="http://www.w3.org/2001/10/xml-exc-c14n#");const a=this.getCanonXml([o],i[0]),u=new Ir.DOMParser().parseFromString(a,"text/xml").documentElement;this.references=[];const d=Oe.findChildren(u,"Reference");if(!Oe.isArrayHasLength(d))throw new Error("could not find any Reference elements");for(const g of d)this.loadReference(g);const p=Mt.select1(".//*[local-name(.)='SignatureValue']/text()",e);zt.isTextNode(p)&&(this.signatureValue=p.data.replace(/\r?\n/g,""));const h=Mt.select1(".//*[local-name(.)='KeyInfo']",e);zt.isNodeLike(h)&&(this.keyInfo=h)}loadReference(e){let n=Oe.findChildren(e,"DigestMethod");if(n.length===0)throw new Error(`could not find DigestMethod in reference ${e.toString()}`);const r=n[0],i=Oe.findAttr(r,"Algorithm");if(!i)throw new Error(`could not find Algorithm attribute in node ${r.toString()}`);const o=i.value;if(n=Oe.findChildren(e,"DigestValue"),n.length===0)throw new Error(`could not find DigestValue node in reference ${e.toString()}`);if(n.length>1)throw new Error(`could not load reference for a node that contains multiple DigestValue nodes: ${e.toString()}`);const a=n[0].textContent;if(!a)throw new Error(`could not find the value of DigestValue in ${e.toString()}`);const l=[];let u=[];if(n=Oe.findChildren(e,"Transforms"),n.length!==0){const p=n[0],h=Oe.findChildren(p,"Transform");for(const A of h){const m=Oe.findAttr(A,"Algorithm");m&&l.push(m.value)}const g=Oe.findChildren(h[h.length-1],"InclusiveNamespaces");Oe.isArrayHasLength(g)&&(u=g.flatMap(A=>(A.getAttribute("PrefixList")??"").split(" ")).filter(A=>A.length>0))}Oe.isArrayHasLength(this.implicitTransforms)&&this.implicitTransforms.forEach(function(p){l.push(p)}),(l.length===0||l[l.length-1]==="http://www.w3.org/2000/09/xmldsig#enveloped-signature")&&l.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");const d=zt.isElementNode(e)&&e.getAttribute("URI")||void 0;this.addReference({transforms:l,digestAlgorithm:o,uri:d,digestValue:a,inclusiveNamespacesPrefixList:u,isEmptyUri:!1})}addReference({xpath:e,transforms:n,digestAlgorithm:r,uri:i="",digestValue:o,inclusiveNamespacesPrefixList:a=[],isEmptyUri:l=!1}){if(r==null)throw new Error("digestAlgorithm is required");if(!Oe.isArrayHasLength(n))throw new Error("transforms must contain at least one transform algorithm");this.references.push({xpath:e,transforms:n,digestAlgorithm:r,uri:i,digestValue:o,inclusiveNamespacesPrefixList:a,isEmptyUri:l,getValidatedNode:()=>{throw new Error("Reference has not been validated yet; Did you call `sig.checkSignature()`?")}})}getReferences(){return this.references}getSignedReferences(){return[...this.signedReferences]}computeSignature(e,n,r){let i;typeof n=="function"&&r==null?(i=n,n={}):(i=r,n=n??{});const o=new Ir.DOMParser().parseFromString(e);let a="xmlns";const l=[];let u;const d=["append","prepend","before","after"],p=n.prefix,h=n.attrs||{},g=n.location||{},A=n.existingPrefixes||{};if(this.namespaceResolver={lookupNamespaceURI:function(H){return H?A[H]:null}},g.reference=g.reference||"/*",g.action=g.action||"append",d.indexOf(g.action)===-1){const H=new Error(`location.action option has an invalid action: ${g.action}, must be any of the following values: ${d.join(", ")}`);if(i){i(H);return}else throw H}p?(a+=`:${p}`,u=`${p}:`):u="",Object.keys(h).forEach(function(H){H!=="xmlns"&&H!==a&&l.push(`${H}="${h[H]}"`)}),l.push(`${a}="http://www.w3.org/2000/09/xmldsig#"`);let m=`<${u}Signature ${l.join(" ")}>`;m+=this.createSignedInfo(o,p),m+=this.getKeyInfo(p),m+=`</${u}Signature>`,this.originalXmlWithIds=o.toString();let $="";Object.keys(A).forEach(function(H){$+=`xmlns:${H}="${A[H]}" `});const k=`<Dummy ${$}>${m}</Dummy>`,b=new Ir.DOMParser().parseFromString(k).documentElement.firstChild,T=Mt.select1(g.reference,o);if(!zt.isNodeLike(T)){const H=new Error(`the following xpath cannot be used because it was not found: ${g.reference}`);if(i){i(H);return}else throw H}if(g.action==="append")T.appendChild(b);else if(g.action==="prepend")T.insertBefore(b,T.firstChild);else if(g.action==="before"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `before`");T.parentNode.insertBefore(b,T)}else if(g.action==="after"){if(T.parentNode==null)throw new Error("`location.reference` refers to the root node (by default), so we can't insert `after`");T.parentNode.insertBefore(b,T.nextSibling)}this.signatureNode=b;const M=Oe.findChildren(this.signatureNode,"SignedInfo");if(M.length===0){const H=new Error("could not find SignedInfo element in the message");if(i){i(H);return}else throw H}const U=M[0];typeof i=="function"?this.calculateSignatureValue(o,(H,W)=>{H?i(H):(this.signatureValue=W||"",b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString(),i(null,this))}):(this.calculateSignatureValue(o),b.insertBefore(this.createSignature(p),U.nextSibling),this.signatureXml=b.toString(),this.signedXml=o.toString())}getKeyInfo(e){const n=e?`${e}:`:"";let r="";this.keyInfoAttributes&&Object.keys(this.keyInfoAttributes).forEach(o=>{r+=` ${o}="${this.keyInfoAttributes[o]}"`});const i=this.getKeyInfoContent({publicCert:this.publicCert,prefix:e});return r||i?`<${n}KeyInfo${r}>${i}</${n}KeyInfo>`:""}createReferences(e,n){let r="";n=n||"",n=n&&`${n}:`;for(const i of this.getReferences()){const o=Mt.selectWithResolver(i.xpath??"",e,this.namespaceResolver);if(!Oe.isArrayHasLength(o))throw new Error(`the following xpath cannot be signed because it was not found: ${i.xpath}`);for(const a of o){if(i.isEmptyUri)r+=`<${n}Reference URI="">`;else{const d=this.ensureHasId(a);i.uri=d,r+=`<${n}Reference URI="#${d}">`}r+=`<${n}Transforms>`;for(const d of i.transforms||[]){const p=this.findCanonicalizationAlgorithm(d);r+=`<${n}Transform Algorithm="${p.getAlgorithmName()}"`,Oe.isArrayHasLength(i.inclusiveNamespacesPrefixList)?(r+=">",r+=`<InclusiveNamespaces PrefixList="${i.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${p.getAlgorithmName()}"/>`,r+=`</${n}Transform>`):r+=" />"}const l=this.getCanonReferenceXml(e,i,a),u=this.findHashAlgorithm(i.digestAlgorithm);r+=`</${n}Transforms><${n}DigestMethod Algorithm="${u.getAlgorithmName()}" /><${n}DigestValue>${u.getHash(l)}</${n}DigestValue></${n}Reference>`}}return r}getCanonXml(e,n,r={}){r.defaultNsForPrefix=r.defaultNsForPrefix??Pn.defaultNsForPrefix,r.signatureNode=this.signatureNode;let o=n.cloneNode(!0);return e.forEach(a=>{zt.isNodeLike(o)&&(o=this.findCanonicalizationAlgorithm(a).process(o,r))}),o.toString()}ensureHasId(e){let n;if(this.idMode==="wssecurity"?n=Oe.findAttr(e,"Id","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"):this.idAttributes.some(i=>(n=Oe.findAttr(e,i),!!n)),n)return n.value;const r=`_${this.id++}`;return this.idMode==="wssecurity"?(e.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"),e.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd","wsu:Id",r)):e.setAttribute("Id",r),r}createSignedInfo(e,n){if(typeof this.canonicalizationAlgorithm!="string")throw new Error("Missing canonicalizationAlgorithm when trying to create signed info for XML");const r=this.findCanonicalizationAlgorithm(this.canonicalizationAlgorithm),i=this.findSignatureAlgorithm(this.signatureAlgorithm);let o;o=n||"",o=o&&`${o}:`;let a=`<${o}SignedInfo>`;return a+=`<${o}CanonicalizationMethod Algorithm="${r.getAlgorithmName()}"`,Oe.isArrayHasLength(this.inclusiveNamespacesPrefixList)?(a+=">",a+=`<InclusiveNamespaces PrefixList="${this.inclusiveNamespacesPrefixList.join(" ")}" xmlns="${r.getAlgorithmName()}"/>`,a+=`</${o}CanonicalizationMethod>`):a+=" />",a+=`<${o}SignatureMethod Algorithm="${i.getAlgorithmName()}" />`,a+=this.createReferences(e,n),a+=`</${o}SignedInfo>`,a}createSignature(e){let n="xmlns";e?(n+=`:${e}`,e+=":"):e="";const r=`<${e}SignatureValue>${this.signatureValue}</${e}SignatureValue>`,i=`<${e}Signature ${n}="http://www.w3.org/2000/09/xmldsig#">${r}</${e}Signature>`;return new Ir.DOMParser().parseFromString(i).documentElement.firstChild}getSignatureXml(){return this.signatureXml}getOriginalXmlWithIds(){return this.originalXmlWithIds}getSignedXml(){return this.signedXml}}kl.SignedXml=Pn;Pn.defaultNsForPrefix={ds:"http://www.w3.org/2000/09/xmldsig#"};Pn.noop=()=>null;(function(t){var e=cr&&cr.__createBinding||(Object.create?function(a,l,u,d){d===void 0&&(d=u);var p=Object.getOwnPropertyDescriptor(l,u);(!p||("get"in p?!l.__esModule:p.writable||p.configurable))&&(p={enumerable:!0,get:function(){return l[u]}}),Object.defineProperty(a,d,p)}:function(a,l,u,d){d===void 0&&(d=u),a[d]=l[u]}),n=cr&&cr.__exportStar||function(a,l){for(var u in a)u!=="default"&&!Object.prototype.hasOwnProperty.call(l,u)&&e(l,a,u)};Object.defineProperty(t,"__esModule",{value:!0}),t.SignedXml=t.ExclusiveCanonicalizationWithComments=t.ExclusiveCanonicalization=t.C14nCanonicalizationWithComments=t.C14nCanonicalization=void 0;var r=ti;Object.defineProperty(t,"C14nCanonicalization",{enumerable:!0,get:function(){return r.C14nCanonicalization}}),Object.defineProperty(t,"C14nCanonicalizationWithComments",{enumerable:!0,get:function(){return r.C14nCanonicalizationWithComments}});var i=ni;Object.defineProperty(t,"ExclusiveCanonicalization",{enumerable:!0,get:function(){return i.ExclusiveCanonicalization}}),Object.defineProperty(t,"ExclusiveCanonicalizationWithComments",{enumerable:!0,get:function(){return i.ExclusiveCanonicalizationWithComments}});var o=kl;Object.defineProperty(t,"SignedXml",{enumerable:!0,get:function(){return o.SignedXml}}),n(Ts,t),n(Ss,t)})(M8);async function JE(t){const e=new DecompressionStream("deflate-raw"),n=new Blob([t]).stream().pipeThrough(e);return new Uint8Array(await new Response(n).arrayBuffer())}async function YE(t){const e=await c2.decode(t.replace(/ /g,"+"));try{const n=await JE(e);return new TextDecoder().decode(n)}catch(n){return console.warn("Decompression failed, assuming data is not compressed:",n),new TextDecoder().decode(e)}}async function ZE(t){const e=await YE(t),r=new mp.XMLParser({attributeNamePrefix:"@_",alwaysCreateTextNode:!0,ignoreAttributes:!1}).parse(e);return L8.parse(r)}function QE(t){const e=t.certificates.map(i=>({":@":{"@_use":"signing"},KeyDescriptor:[{":@":{"@_xmlns":"http://www.w3.org/2000/09/xmldsig#"},KeyInfo:[{X509Data:[{X509Certificate:[{"#text":i}]}]}]}]})),n=[{":@":{"@_entityID":t.entityId,"@_xmlns":"urn:oasis:names:tc:SAML:2.0:metadata"},EntityDescriptor:[{":@":{"@_protocolSupportEnumeration":"urn:oasis:names:tc:SAML:2.0:protocol"},IDPSSODescriptor:[...e,{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.singleLogoutServiceUrl},SingleLogoutService:[]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}]},{NameIDFormat:[{"#text":"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"}]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","@_Location":t.assertionConsumerServiceUrl},SingleSignOnService:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"E-Mail Address","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Given Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Surname","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]},{":@":{"@_Name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:uri","@_FriendlyName":"Name ID","@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion"},Attribute:[]}]}]}];return new mp.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0,format:!0}).build(n)}const e9=new s.OpenAPIHono().openapi(s.createRoute({tags:["saml"],method:"get",path:"/metadata/{client_id}",request:{params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{var l,u;const{client_id:e}=t.req.valid("param"),n=await t.env.data.clients.get(e);if(!n)throw new z(404,{message:"Client not found"});const r=await t.env.data.keys.list();if(!r.length)throw new z(500,{message:"No signing key found"});const i=r.map(d=>new gl(d.cert).toString("base64")),o=t.env.ISSUER,a=QE({entityId:((u=(l=n.addons)==null?void 0:l.samlp)==null?void 0:u.audience)||n.id,certificates:i,assertionConsumerServiceUrl:`${o}samlp/${e}`,singleLogoutServiceUrl:`${o}samlp/${e}/logout`});return new Response(a,{headers:{"Content-Type":"text/xml"}})}).openapi(s.createRoute({tags:["saml"],method:"get",path:"/{client_id}",request:{query:s.z.object({SAMLRequest:s.z.string(),RelayState:s.z.string().optional(),SigAlg:s.z.string().optional(),Signature:s.z.string().optional()}),params:s.z.object({client_id:s.z.string()})},responses:{200:{description:"Decoded SAML Request",content:{"text/xml":{schema:s.z.string()}}},400:{description:"Bad Request"}}}),async t=>{const{client_id:e}=t.req.valid("param"),{SAMLRequest:n,RelayState:r}=t.req.valid("query"),i=await t.env.data.clients.get(e);if(!i)throw new z(404,{message:"Client not found"});t.set("client_id",i.id),t.set("tenant_id",i.tenant.id);const o=await ZE(n),a=o["samlp:AuthnRequest"]["saml:Issuer"]["#text"],l=await t.env.data.loginSessions.create(t.var.tenant_id,{csrf_token:qe(),authParams:{client_id:e,state:JSON.stringify({requestId:o["samlp:AuthnRequest"]["@_ID"],relayState:r}),response_mode:bn.SAML_POST,redirect_uri:o["samlp:AuthnRequest"]["@_AssertionConsumerServiceURL"],audience:a},expires_at:new Date(Date.now()+Ci*1e3).toISOString(),ip:t.get("ip"),useragent:t.get("useragent"),auth0Client:yr(t.get("auth0_client"))});return t.redirect(`/u/login/identifier?state=${l.id}`)});function t9(t){const e=new s.OpenAPIHono;e.use(async(r,i)=>{const o=ts(r,t.dataAdapter),a=vl(o,{defaultTtl:3e5,cacheEntities:["tenants","connections","clients"]});return r.env.data=_l(r,a),i()}),e.use(wl).use(yl).use(lf(e));const n=e.route("/",e9);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"SAML API"},security:[{oauth2:["openid","email","profile"]}]}),cf(n),n}const n9="Account detected",r9="Account",i9="We have detected that you have already created an account through",o9="By signing in, you agree to our",s9="and",a9="email address",c9="email or phone number",l9="phone number",u9="Callback URL mismatch",d9="The provided redirect_uri is not in the list of allowed callback URLs.",p9="continue with user",f9="Please click the button to create a new password account.",h9="Enter the code at {{vendorName}} to complete the login",g9="Welcome to {{vendorName}}! {{code}} is the login code",m9="Welcome to {{vendorName}}! {{code}} is the login code",_9="Code expired",y9="Invalid code",w9="Please check <0>{{username}}</0> and enter the six-digit code that we've sent you.",v9="The code is already used",b9="The code is valid for 30 minutes",x9="Confirm password",$9="Need Help?",A9="Contact us",E9="or continue with social account",S9="Continue with {{provider}}",k9="Would you like to continue with your existing account?",N9="Copyright © 2023 SESAMY. All rights reserved.",C9="©2023 Sesamy",I9="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",T9="Please enter a valid email address.",O9="The passwords didn't match. Try again.",D9="Choose password",z9="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",R9="Create new account",P9="Sign up with password",B9="You are currently logged in as <0>{{email}}</0>",j9="Email",L9="Email changed to <0>{{email}}</0> ",F9="Email or Phone Number",U9="Email address",M9="Your email address has been validated",q9="Now enter your password to login again",V9="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",H9="Email verification sent",K9="Enter a code",G9="We'll send you a verification link to ensure you own this email address.",W9="Enter new email",X9="Enter new password",J9="Enter password",Y9="Enter your email address and password to login.",Z9="Enter your password",Q9="The magic link has expired. Please click on the button below to receive a new link in your inbox.",eS="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",tS="Send password reset email",nS="Click the button below and we’ll send instructions on how to reset your password.",rS="Password reset email sent",iS="Forgot password?",oS="Forgot password?",sS="Go back",aS="Hide password",cS="Invalid identifier",lS="Invalid password",uS=`The link is no longer valid.
285
285
 
286
286
  Please make sure to open the login link in the same browser you started the login with.
287
287
 
package/dist/authhero.mjs CHANGED
@@ -36020,7 +36020,29 @@ async function FE(t) {
36020
36020
  return SA.parse(r);
36021
36021
  }
36022
36022
  function UE(t) {
36023
- const e = [
36023
+ const e = t.certificates.map((i) => ({
36024
+ ":@": {
36025
+ "@_use": "signing"
36026
+ },
36027
+ KeyDescriptor: [
36028
+ {
36029
+ ":@": {
36030
+ "@_xmlns": "http://www.w3.org/2000/09/xmldsig#"
36031
+ },
36032
+ KeyInfo: [
36033
+ {
36034
+ X509Data: [
36035
+ {
36036
+ X509Certificate: [
36037
+ { "#text": i }
36038
+ ]
36039
+ }
36040
+ ]
36041
+ }
36042
+ ]
36043
+ }
36044
+ ]
36045
+ })), n = [
36024
36046
  {
36025
36047
  ":@": {
36026
36048
  "@_entityID": t.entityId,
@@ -36032,29 +36054,8 @@ function UE(t) {
36032
36054
  "@_protocolSupportEnumeration": "urn:oasis:names:tc:SAML:2.0:protocol"
36033
36055
  },
36034
36056
  IDPSSODescriptor: [
36035
- {
36036
- ":@": {
36037
- "@_use": "signing"
36038
- },
36039
- KeyDescriptor: [
36040
- {
36041
- ":@": {
36042
- "@_xmlns": "http://www.w3.org/2000/09/xmldsig#"
36043
- },
36044
- KeyInfo: [
36045
- {
36046
- X509Data: [
36047
- {
36048
- X509Certificate: [
36049
- { "#text": t.cert }
36050
- ]
36051
- }
36052
- ]
36053
- }
36054
- ]
36055
- }
36056
- ]
36057
- },
36057
+ // Add all key descriptors
36058
+ ...e,
36058
36059
  {
36059
36060
  ":@": {
36060
36061
  "@_Binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
@@ -36159,7 +36160,7 @@ function UE(t) {
36159
36160
  suppressEmptyNode: !0,
36160
36161
  preserveOrder: !0,
36161
36162
  format: !0
36162
- }).build(e);
36163
+ }).build(n);
36163
36164
  }
36164
36165
  const ME = new Ae().openapi(
36165
36166
  z({
@@ -36192,14 +36193,16 @@ const ME = new Ae().openapi(
36192
36193
  throw new R(404, {
36193
36194
  message: "Client not found"
36194
36195
  });
36195
- const [r] = await t.env.data.keys.list();
36196
- if (!r)
36196
+ const r = await t.env.data.keys.list();
36197
+ if (!r.length)
36197
36198
  throw new R(500, {
36198
36199
  message: "No signing key found"
36199
36200
  });
36200
- const i = new tl(r.cert), o = t.env.ISSUER, a = UE({
36201
+ const i = r.map(
36202
+ (d) => new tl(d.cert).toString("base64")
36203
+ ), o = t.env.ISSUER, a = UE({
36201
36204
  entityId: ((u = (l = n.addons) == null ? void 0 : l.samlp) == null ? void 0 : u.audience) || n.id,
36202
- cert: i.toString("base64"),
36205
+ certificates: i,
36203
36206
  assertionConsumerServiceUrl: `${o}samlp/${e}`,
36204
36207
  singleLogoutServiceUrl: `${o}samlp/${e}/logout`
36205
36208
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authhero",
3
- "version": "0.189.0",
3
+ "version": "0.190.0",
4
4
  "files": [
5
5
  "dist"
6
6
  ],