siarashield_workspace 0.0.33 → 0.0.35

package/README.md

@@ -1,49 +1,31 @@
-## `siarashield_workspace`
+# `siarashield_workspace`
 
 Angular integration for CyberSiara **SiaraShield** captcha.
 
 ## Angular compatibility
 
-- Minimum supported Angular version: `16`
-- Supported Angular range: `16.x` to `21.x`
-- Peer dependency in package is set to:
+- Minimum supported Angular: `16`
+- Supported range: `16.x` to `21.x`
+- Peer dependencies:
   - `@angular/core >=16.0.0 <22.0.0`
   - `@angular/common >=16.0.0 <22.0.0`
 
-## Install
+## Quick start (recommended, easiest path)
+
+Use this flow first. Most users need only these steps.
+
+1. Install package:
 
 ```bash
 npm i siarashield_workspace
 ```
 
-## Quick setup (clear path)
-
-Choose one integration style only:
-
-- **Recommended:** Angular component (`<siara-shield ...>`).
-- **Alternative:** function API (`initSiaraShield(...)` + `checkSiaraShieldCaptcha...`).
-
-Do not mix both styles on the same page.
-
-1. Install package: `npm i siarashield_workspace`.
-2. Put only the **public key** in Angular environment.
-3. Keep the **private key** on backend only (`.env` or secret store).
-4. Render captcha container (component tag or `<div class="SiaraShield"></div>` for function API).
-5. Keep submit button class: `class="CaptchaSubmit"`.
-6. Initialize captcha once per page load.
-7. On submit, run captcha check before API call.
-8. Call API only when captcha returns success (`result.ok === true` or `ok === true`).
-
-## Get your keys
-
-Get your public and private keys from <a href="https://mycybersiara.com" target="_blank" rel="noopener noreferrer">mycybersiara.com</a>.
-
-## Put keys in the right place
+2. Ensure Angular environment files exist.
+   - If your project does not have `src/environments`, create:
+     - `src/environments/environment.ts`
+     - `src/environments/environment.prod.ts`
 
-- **Frontend (Angular):** public key only
-- **Backend (.env):** private key only
-
-Angular `environment` example:
+3. Put only your **public key** in Angular environment:
 
 ```ts
 export const environment = {
@@ -51,17 +33,7 @@ export const environment = {
 };
 ```
 
-Backend `.env` example:
-
-```dotenv
-SIARASHIELD_PRIVATE_KEY=YOUR-PRIVATE-KEY
-```
-
-Never place the private key in Angular environment files, templates, or browser code.
-
-## Recommended: use the Angular component (easiest)
-
-### 1) Add the component to your template
+4. Render component + submit button in template:
 
 ```html
 <siara-shield
@@ -73,7 +45,7 @@ Never place the private key in Angular environment files, templates, or browser
 <button type="submit" class="CaptchaSubmit" (click)="onSubmit()">Submit</button>
 ```
 
-### 2) Copy-paste TypeScript
+5. Check captcha before API submit:
 
 ```ts
 import { Component, ViewChild } from '@angular/core';
@@ -88,63 +60,76 @@ import { SiaraShieldComponent } from 'siarashield_workspace';
 })
 export class FormComponent {
   protected readonly environment = environment;
-
-  // Recommended: set from server (see CSP section)
   protected readonly cspNonce = (window as any).__cspNonce as string | undefined;
-  private isSubmitting = false;
 
+  private isSubmitting = false;
   @ViewChild(SiaraShieldComponent) private readonly captcha?: SiaraShieldComponent;
 
   onCaptchaToken(token: string) {
-    // Optional: use token immediately if needed
     console.log('SiaraShield token:', token);
   }
 
   async onSubmit() {
     if (this.isSubmitting) return;
     this.isSubmitting = true;
-
     try {
       const ok = await this.captcha?.checkCaptchaAsync();
-      if (!ok) {
-        console.log('Captcha not completed yet');
-        return;
-      }
+      if (!ok) return;
 
-      // When ok=true, token is available in global state and from (token) output.
+      // Call your backend API only after captcha success.
       alert('Form submitted successfully');
     } finally {
-      // Allow next user attempt if captcha or API flow was not completed.
       this.isSubmitting = false;
     }
   }
 }
 ```
 
-Notes:
+6. Keep your submit API logic only in the success branch (`ok === true`).
+
+## Key handling (required)
+
+- **Frontend (Angular): public key only**
+- **Backend (.env or secret store): private key only**
 
-- If you already load jQuery in your app, set `[loadJQuery]="false"` on the component.
-- Keep `class="CaptchaSubmit"` on your submit button (required by vendor flow).
-- The component renders the required captcha container (`<div class="SiaraShield"></div>`) internally at that position in the template.
-- Vendor debug logs are suppressed by default. Set `[allowVendorConsoleLogs]="true"` only while debugging.
+Backend example:
+
+```dotenv
+SIARASHIELD_PRIVATE_KEY=YOUR-PRIVATE-KEY
+```
 
-## Alternative: function API (when you cannot use the component)
+Never place the private key in Angular code or browser-accessible files.
 
-Template for function API:
+Get keys from [mycybersiara.com](https://mycybersiara.com).
+
+## Integration rules (important)
+
+- Choose one style per page:
+  - **Recommended:** `<siara-shield ...>`
+  - **Alternative:** function API
+- Do not mix both styles on the same page.
+- Keep submit button class: `CaptchaSubmit`.
+- Initialize captcha once per page load.
+
+## Function API (alternative)
+
+Use this only when component integration is not possible.
+
+Template:
 
 ```html
 <div class="SiaraShield"></div>
 <button type="submit" class="CaptchaSubmit" (click)="onSubmit()">Submit</button>
 ```
 
+TypeScript:
+
 ```ts
 import { environment } from '../environments/environment';
 import { initSiaraShield, checkSiaraShieldCaptcha } from 'siarashield_workspace';
 
 export class FormComponent {
   ngOnInit() {
-    // Angular does not wait for async lifecycle hooks.
-    // Use void to run async init without blocking render.
     void this.initializeCaptcha();
   }
 
@@ -152,68 +137,47 @@ export class FormComponent {
     await initSiaraShield({
       publicKey: environment.siaraShieldPublicKey,
       cspNonce: (window as any).__cspNonce || undefined,
-      // Optional: set true only while debugging vendor/runtime internals.
-      allowVendorConsoleLogs: false,
     });
   }
 
   onSubmit() {
     const result = checkSiaraShieldCaptcha();
-    if (!result.ok) {
-      console.log('Captcha not completed yet');
-      return;
-    }
+    if (!result.ok) return;
 
     console.log(result.token);
     // API call here
-    alert('Form submitted successfully');
   }
 }
 ```
 
-Keep submit API logic inside the successful captcha branch.
-
-If your frontend reads nonce from the DOM instead of `window`, reuse nonce from an existing script tag:
-
-```ts
-const nonce = document.querySelector('script[nonce]')?.getAttribute('nonce') || undefined;
-```
-
-The nonce must be generated on the server for each request. The package NEVER generates a nonce in the browser.
-
-## CSP Compliance (Important)
+## CSP guide
 
-Inline scripts are blocked by CSP unless you allow them with a nonce or a hash. This package does not execute inline JavaScript and does not use `eval()`, `new Function()`, `setTimeout(string)`, `setInterval(string)`, or any other string-based execution path. All scripts are loaded as external resources. Any dynamically created `<script>` elements are assigned the provided CSP nonce when `cspNonce` is passed.
+If your app has no strict CSP, default integration works without extra setup.
 
-For strict CSP deployments:
+If your app uses strict nonce-based CSP:
 
-- Generate the nonce on the server for each request.
-- Use the same nonce in the `Content-Security-Policy` header.
-- Use the same nonce on the `<script>` tag that loads your Angular app or any direct SiaraShield resource.
-- Use the same nonce in `initSiaraShield({ cspNonce: ... })`.
-- The package NEVER generates a nonce in the browser.
-- If a valid CSP nonce is required but not provided, browsers will block script execution and the captcha will fail to load.
+- Generate nonce on server for each request.
+- Use same nonce in:
+  - `Content-Security-Policy` header
+  - script tags loading your Angular app
+  - `cspNonce` option/input
+- Do not generate nonce in browser.
 
-### Production copy-paste policy (recommended for easiest client integration)
+### Strict policy example (recommended for security)
 
-Use this when you want a client-safe setup that avoids popup close issues with current vendor runtime.
-
-```html
-<meta http-equiv="Content-Security-Policy" content="
-  default-src 'self';
-  script-src 'self' 'unsafe-inline' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-  script-src-elem 'self' 'unsafe-inline' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-  connect-src 'self' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-  style-src 'self' https://embed.mycybersiara.com https://mycybersiara.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline';
-  font-src 'self' https://fonts.gstatic.com https://mycybersiara.com https://cdnjs.cloudflare.com data:;
-  img-src 'self' data: https://embed.mycybersiara.com https://embedcdn.mycybersiara.com https://mycybersiara.com;
-">
-
-<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js"></script>
-<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js"></script>
+```http
+default-src 'self';
+script-src 'self' 'nonce-<dynamic>' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+script-src-elem 'self' 'nonce-<dynamic>' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+connect-src 'self' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+style-src 'self' https://embed.mycybersiara.com https://mycybersiara.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;
+font-src 'self' https://fonts.gstatic.com https://mycybersiara.com https://cdnjs.cloudflare.com data:;
+img-src 'self' data: https://embed.mycybersiara.com https://embedcdn.mycybersiara.com https://mycybersiara.com;
 ```
 
-If your backend uses helper functions, generate compatibility policy like this:
+### Compatibility policy (easier integration, weaker security)
+
+Use only when customer policy allows `'unsafe-inline'`:
 
 ```ts
 import { getSiaraShieldCspPolicy } from 'siarashield_workspace';
@@ -224,107 +188,53 @@ const csp = getSiaraShieldCspPolicy({
 });
 ```
 
-### Strict copy-paste quick test (advanced, static nonce for local verification only)
+## Script loading behavior
 
-Use this only for local or staging validation. In production, replace `siarashield-example-nonce` with a server-generated nonce per request.
-
-```html
-<script nonce="siarashield-example-nonce">
-  window.__cspNonce = "siarashield-example-nonce";
-</script>
-<script nonce="siarashield-example-nonce" src="https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js"></script>
-<script nonce="siarashield-example-nonce" src="https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js"></script>
-
-<meta http-equiv="Content-Security-Policy" content="
-  default-src 'self';
-  script-src 'self' 'nonce-siarashield-example-nonce' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-  script-src-elem 'self' 'nonce-siarashield-example-nonce' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-  connect-src 'self' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-  style-src 'self' https://embed.mycybersiara.com https://mycybersiara.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline';
-  font-src 'self' https://fonts.gstatic.com https://mycybersiara.com https://cdnjs.cloudflare.com data:;
-  img-src 'self' data: https://embed.mycybersiara.com https://embedcdn.mycybersiara.com https://mycybersiara.com;
-">
-```
-
-### Strict production CSP policy (advanced)
-
-In production, send CSP as an HTTP response header and inject the same nonce value into script tags and `initSiaraShield({ cspNonce })`.
-
-```http
-default-src 'self';
-script-src 'self' 'nonce-<dynamic>' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-script-src-elem 'self' 'nonce-<dynamic>' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-connect-src 'self' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
-style-src 'self' https://embed.mycybersiara.com https://mycybersiara.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;
-font-src 'self' https://fonts.gstatic.com https://mycybersiara.com https://cdnjs.cloudflare.com data:;
-img-src 'self' data: https://embed.mycybersiara.com https://embedcdn.mycybersiara.com https://mycybersiara.com;
-```
-
-Example with the same server-generated nonce in script tags:
-
-```html
-<script nonce="SIARASHIELD_NONCE">
-  window.__cspNonce = "SIARASHIELD_NONCE";
-</script>
-<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js"></script>
-<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js"></script>
-```
+By default (`loadJQuery: true`) package loads required vendor resources automatically:
 
-If your Angular app initializes SiaraShield from the main application bundle, that bundle `<script>` tag must use the same nonce as the CSP header.
+- `https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js` (fallback when jQuery not already present)
+- `https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js`
+- `https://embed.mycybersiara.com/CaptchaFormate/SiaraShield_Validation.js`
 
-`getSiaraShieldCspPolicy()` and `mergeSiaraShieldCspPolicy()` only generate a baseline CSP string. These helpers do not inject a nonce and do not apply headers. The server must inject the nonce and must apply the final `Content-Security-Policy` header.
+Most users should **not** add these script tags manually.
 
-Notes:
+If your app already has jQuery, set `[loadJQuery]="false"` (or `loadJQuery: false` in function API).
 
-- CSP helpers default to strict policy (no `script-src 'unsafe-inline'`).
-- For easiest client integration, use the compatibility policy above (`includeUnsafeInlineScript: true`, `includeUnsafeInlineStyle: true`).
-- Generating a new nonce in the browser (or per function call) does not help. CSP nonce must match the value from server response headers for that page load.
+## Advanced validation options
 
-The package still works in environments without CSP or with relaxed policies. If your site uses a strict nonce-based CSP, passing the server-generated nonce is required.
+`checkCaptchaAsync(...)` and `checkSiaraShieldCaptchaAsync(...)` support optional tuning:
 
-## jQuery loading behavior
+- `timeoutMs`
+- `pollIntervalMs`
+- `beforeCheckDelayMs`
+- `retryOnFalseMs` (default `0`)
+- `falseResultTokenWaitMs` (default `900`)
 
-- Default `loadJQuery` is `true`.
-- If jQuery is not already available, the package loads:
-  - `https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js`
-- The package also loads:
-  - `https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js`
-  - `https://embed.mycybersiara.com/CaptchaFormate/SiaraShield_Validation.js`
-- jQuery and the captcha bootstrap process may create script elements dynamically (including via HTML strings / DOM fragments).
-- When `cspNonce` is provided, dynamically inserted `<script>` elements are assigned that nonce (including scripts inserted indirectly through DOM manipulation).
-- The plugin includes a built-in guard that blocks vendor synthetic clicks on `.CaptchaSubmit` and suppresses rapid duplicate user clicks.
-- No application code changes are required for this guard.
-- This is required for compatibility with strict nonce-based CSP policies.
-- If a valid CSP nonce is required but not passed, browsers will block those script loads and the captcha will fail to initialize.
-- If your app already loads jQuery, set `loadJQuery: false`.
-- If your app loads jQuery from another CDN, allow that host in `script-src` and `script-src-elem`.
+Default behavior is tuned to avoid requiring a second user click when token arrives slightly after first response.
 
 ## Quick troubleshooting
 
 - Captcha not visible:
-  - If you use `<siara-shield ...>`, confirm the component is rendered (no `*ngIf` hiding it) and the page has finished loading scripts.
-  - If you use the function API, confirm your template contains `<div class="SiaraShield"></div>`.
-  - Confirm your submit button has `class="CaptchaSubmit"`.
+  - Confirm component is rendered and not hidden.
+  - Confirm submit button has `class="CaptchaSubmit"`.
+  - For function API, confirm `<div class="SiaraShield"></div>` exists.
 - `CheckCaptcha` not available:
-  - Ensure initialization completed (for the function API: `await initSiaraShield(...)`).
-  - Ensure CSP allows the required hosts and the correct nonce is used.
-- CSP error in console:
-  - Confirm the same **server-generated nonce** is present in CSP header, bootstrapping `<script>` tag, and initialization (`cspNonce`).
-  - A CSP warning/error on captcha popup close can still appear with current upstream vendor runtime on strict policies; if captcha flow still works, this is non-blocking. Use the compatibility policy (`includeUnsafeInlineScript: true`) when customer policy allows it.
-- `Identifier 'currentLangCode' has already been declared`:
-  - This is a known vendor duplicate-inline-script issue during re-entry/navigation.
-  - The package now blocks duplicate insertion for that vendor snippet; upgrade to the latest build.
-- Token empty -> check browser console and network calls after clicking submit.
-
-## Final checklist (customer handover)
-
-- Public key is in frontend; private key stays only on backend.
-- Submit button includes `class="CaptchaSubmit"`.
-- Captcha container exists (component tag or `<div class="SiaraShield"></div>` for function API).
-- Same nonce value is used in CSP header, script tags, and `initSiaraShield({ cspNonce })`.
-- Captcha check runs before API call.
-
-## Build and pack (library maintainers)
+  - Ensure initialization completed.
+  - Ensure CSP allows required hosts and nonce.
+- Token not available immediately:
+  - Use async check methods (`checkCaptchaAsync` / `checkSiaraShieldCaptchaAsync`).
+- CSP errors:
+  - Confirm same server-generated nonce in header, script tags, and `cspNonce`.
+
+## Final checklist
+
+- Public key in frontend, private key only in backend.
+- Submit button contains `CaptchaSubmit`.
+- Captcha check runs before submit API call.
+- Only one integration style is used per page.
+- CSP nonce is wired correctly for strict CSP deployments.
+
+## Build and pack (maintainers)
 
 ```bash
 npm run build:lib

package/esm2022/lib/siara-shield-vendor-runtime.mjs

@@ -0,0 +1,98 @@
+import { getSiaraShieldGlobals } from './siara-shield.globals';
+const VENDOR_RUNTIME_PATCH_KEY = '__siaraShieldVendorRuntimePatchInstalled__';
+const VENDOR_TOKEN_BRIDGE_KEY = '__siaraShieldVendorTokenBridgeInstalled__';
+const WRAPPED_FN_PREFIX = '__siaraShieldWrappedVendorFn__';
+function isKnownVendorNullDomError(error) {
+    const msg = error instanceof Error ? error.message.toLowerCase() : String(error ?? '').toLowerCase();
+    return (msg.includes("cannot read properties of null (reading 'style')") ||
+        msg.includes("cannot read properties of null (reading 'queryselector')") ||
+        msg.includes("cannot read properties of null (reading 'removechild')"));
+}
+function runFallbackChallengeOpen(excluding) {
+    const globals = getSiaraShieldGlobals();
+    const candidates = ['OpenCaptchaSlid', 'GetCyberSiara', 'Open_Pluin', 'Open_Plugin', 'Open_Plugin_'];
+    for (const name of candidates) {
+        if (name === excluding)
+            continue;
+        const fn = globals[name];
+        if (typeof fn !== 'function')
+            continue;
+        try {
+            fn();
+            return;
+        }
+        catch {
+            // Try next candidate.
+        }
+    }
+}
+function wrapVendorOpenFunction(name) {
+    const globals = getSiaraShieldGlobals();
+    const marker = `${WRAPPED_FN_PREFIX}${name}`;
+    if (globals[marker] === true)
+        return;
+    const candidate = globals[name];
+    if (typeof candidate !== 'function')
+        return;
+    const original = candidate;
+    globals[name] = ((...args) => {
+        try {
+            return original(...args);
+        }
+        catch (error) {
+            if (!isKnownVendorNullDomError(error)) {
+                throw error;
+            }
+            // Vendor challenge opener hit a missing DOM node.
+            // Try alternative open functions so challenge can still render.
+            runFallbackChallengeOpen(name);
+            return undefined;
+        }
+    });
+    globals[marker] = true;
+}
+function installVerifiedSubmitTokenBridge() {
+    const globals = getSiaraShieldGlobals();
+    if (globals[VENDOR_TOKEN_BRIDGE_KEY])
+        return;
+    const patchAjaxOwner = (owner) => {
+        if (!owner || typeof owner.ajax !== 'function')
+            return;
+        const originalAjax = owner.ajax.bind(owner);
+        owner.ajax = ((...args) => {
+            const firstArg = args[0];
+            if (!firstArg || typeof firstArg !== 'object') {
+                return originalAjax(...args);
+            }
+            const options = firstArg;
+            const url = String(options['url'] ?? '').toLowerCase();
+            const originalSuccess = options['success'];
+            if (!url.includes('/submitcaptcha/verifiedsubmit') || typeof originalSuccess !== 'function') {
+                return originalAjax(options);
+            }
+            options['success'] = ((response, ...rest) => {
+                const payload = response;
+                const maybeTokenRaw = payload?.data ?? payload?.Data;
+                if (typeof maybeTokenRaw === 'string' && maybeTokenRaw.trim()) {
+                    globals.CyberSiaraToken = maybeTokenRaw.trim();
+                }
+                return originalSuccess(response, ...rest);
+            });
+            return originalAjax(options);
+        });
+    };
+    patchAjaxOwner(globals.$);
+    patchAjaxOwner(globals.JQuryName);
+    globals[VENDOR_TOKEN_BRIDGE_KEY] = true;
+}
+export function installVendorChallengeRuntimePatch() {
+    const globals = getSiaraShieldGlobals();
+    if (globals[VENDOR_RUNTIME_PATCH_KEY])
+        return;
+    wrapVendorOpenFunction('Open_Pluin');
+    wrapVendorOpenFunction('Open_Plugin');
+    wrapVendorOpenFunction('Open_Plugin_');
+    installVerifiedSubmitTokenBridge();
+    globals[VENDOR_RUNTIME_PATCH_KEY] = true;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2lhcmEtc2hpZWxkLXZlbmRvci1ydW50aW1lLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vcHJvamVjdHMvc2lhcmFzaGllbGQtd29ya3NwYWNlL3NyYy9saWIvc2lhcmEtc2hpZWxkLXZlbmRvci1ydW50aW1lLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBRS9ELE1BQU0sd0JBQXdCLEdBQUcsNENBQTRDLENBQUM7QUFDOUUsTUFBTSx1QkFBdUIsR0FBRywyQ0FBMkMsQ0FBQztBQUM1RSxNQUFNLGlCQUFpQixHQUFHLGdDQUFnQyxDQUFDO0FBTTNELFNBQVMseUJBQXlCLENBQUMsS0FBYztJQUMvQyxNQUFNLEdBQUcsR0FBRyxLQUFLLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsS0FBSyxJQUFJLEVBQUUsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JHLE9BQU8sQ0FDTCxHQUFHLENBQUMsUUFBUSxDQUFDLGtEQUFrRCxDQUFDO1FBQ2hFLEdBQUcsQ0FBQyxRQUFRLENBQUMsMERBQTBELENBQUM7UUFDeEUsR0FBRyxDQUFDLFFBQVEsQ0FBQyx3REFBd0QsQ0FBQyxDQUN2RSxDQUFDO0FBQ0osQ0FBQztBQUVELFNBQVMsd0JBQXdCLENBQUMsU0FBK0I7SUFDL0QsTUFBTSxPQUFPLEdBQUcscUJBQXFCLEVBQWlELENBQUM7SUFDdkYsTUFBTSxVQUFVLEdBQTJCLENBQUMsaUJBQWlCLEVBQUUsZUFBZSxFQUFFLFlBQVksRUFBRSxhQUFhLEVBQUUsY0FBYyxDQUFDLENBQUM7SUFFN0gsS0FBSyxNQUFNLElBQUksSUFBSSxVQUFVLEVBQUUsQ0FBQztRQUM5QixJQUFJLElBQUksS0FBSyxTQUFTO1lBQUUsU0FBUztRQUNqQyxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDekIsSUFBSSxPQUFPLEVBQUUsS0FBSyxVQUFVO1lBQUUsU0FBUztRQUN2QyxJQUFJLENBQUM7WUFDRixFQUFlLEVBQUUsQ0FBQztZQUNuQixPQUFPO1FBQ1QsQ0FBQztRQUFDLE1BQU0sQ0FBQztZQUNQLHNCQUFzQjtRQUN4QixDQUFDO0lBQ0gsQ0FBQztBQUNILENBQUM7QUFFRCxTQUFTLHNCQUFzQixDQUFDLElBQWtCO0lBQ2hELE1BQU0sT0FBTyxHQUFHLHFCQUFxQixFQUFpRCxDQUFDO0lBQ3ZGLE1BQU0sTUFBTSxHQUFHLEdBQUcsaUJBQWlCLEdBQUcsSUFBSSxFQUFFLENBQUM7SUFDN0MsSUFBSSxPQUFPLENBQUMsTUFBTSxDQUFDLEtBQUssSUFBSTtRQUFFLE9BQU87SUFFckMsTUFBTSxTQUFTLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ2hDLElBQUksT0FBTyxTQUFTLEtBQUssVUFBVTtRQUFFLE9BQU87SUFFNUMsTUFBTSxRQUFRLEdBQUcsU0FBcUIsQ0FBQztJQUN2QyxPQUFPLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsSUFBZSxFQUFFLEVBQUU7UUFDdEMsSUFBSSxDQUFDO1lBQ0gsT0FBTyxRQUFRLENBQUMsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUMzQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUN0QyxNQUFNLEtBQUssQ0FBQztZQUNkLENBQUM7WUFFRCxrREFBa0Q7WUFDbEQsZ0VBQWdFO1lBQ2hFLHdCQUF3QixDQUFDLElBQUksQ0FBQyxDQUFDO1lBQy9CLE9BQU8sU0FBUyxDQUFDO1FBQ25CLENBQUM7SUFDSCxDQUFDLENBQVksQ0FBQztJQUNkLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxJQUFJLENBQUM7QUFDekIsQ0FBQztBQUVELFNBQVMsZ0NBQWdDO0lBQ3ZDLE1BQU0sT0FBTyxHQUFHLHFCQUFxQixFQUtwQyxDQUFDO0lBQ0YsSUFBSSxPQUFPLENBQUMsdUJBQXVCLENBQUM7UUFBRSxPQUFPO0lBRTdDLE1BQU0sY0FBYyxHQUFHLENBQUMsS0FBNkQsRUFBUSxFQUFFO1FBQzdGLElBQUksQ0FBQyxLQUFLLElBQUksT0FBTyxLQUFLLENBQUMsSUFBSSxLQUFLLFVBQVU7WUFBRSxPQUFPO1FBQ3ZELE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTVDLEtBQUssQ0FBQyxJQUFJLEdBQUcsQ0FBQyxDQUFDLEdBQUcsSUFBZSxFQUFFLEVBQUU7WUFDbkMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3pCLElBQUksQ0FBQyxRQUFRLElBQUksT0FBTyxRQUFRLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQzlDLE9BQU8sWUFBWSxDQUFDLEdBQUcsSUFBSSxDQUFDLENBQUM7WUFDL0IsQ0FBQztZQUVELE1BQU0sT0FBTyxHQUFHLFFBQW1DLENBQUM7WUFDcEQsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUN2RCxNQUFNLGVBQWUsR0FBRyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDM0MsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsK0JBQStCLENBQUMsSUFBSSxPQUFPLGVBQWUsS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDNUYsT0FBTyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDL0IsQ0FBQztZQUVELE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsUUFBaUIsRUFBRSxHQUFHLElBQWUsRUFBRSxFQUFFO2dCQUM5RCxNQUFNLE9BQU8sR0FBRyxRQUFxRCxDQUFDO2dCQUN0RSxNQUFNLGFBQWEsR0FBRyxPQUFPLEVBQUUsSUFBSSxJQUFJLE9BQU8sRUFBRSxJQUFJLENBQUM7Z0JBQ3JELElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxJQUFJLGFBQWEsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDO29CQUM5RCxPQUFPLENBQUMsZUFBZSxHQUFHLGFBQWEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDakQsQ0FBQztnQkFFRCxPQUFRLGVBQXFELENBQUMsUUFBUSxFQUFFLEdBQUcsSUFBSSxDQUFDLENBQUM7WUFDbkYsQ0FBQyxDQUFZLENBQUM7WUFFZCxPQUFPLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMvQixDQUFDLENBQXNCLENBQUM7SUFDMUIsQ0FBQyxDQUFDO0lBRUYsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUMxQixjQUFjLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQ2xDLE9BQU8sQ0FBQyx1QkFBdUIsQ0FBQyxHQUFHLElBQUksQ0FBQztBQUMxQyxDQUFDO0FBRUQsTUFBTSxVQUFVLGtDQUFrQztJQUNoRCxNQUFNLE9BQU8sR0FBRyxxQkFBcUIsRUFFcEMsQ0FBQztJQUNGLElBQUksT0FBTyxDQUFDLHdCQUF3QixDQUFDO1FBQUUsT0FBTztJQUU5QyxzQkFBc0IsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUNyQyxzQkFBc0IsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUN0QyxzQkFBc0IsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUN2QyxnQ0FBZ0MsRUFBRSxDQUFDO0lBQ25DLE9BQU8sQ0FBQyx3QkFBd0IsQ0FBQyxHQUFHLElBQUksQ0FBQztBQUMzQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgZ2V0U2lhcmFTaGllbGRHbG9iYWxzIH0gZnJvbSAnLi9zaWFyYS1zaGllbGQuZ2xvYmFscyc7XHJcblxyXG5jb25zdCBWRU5ET1JfUlVOVElNRV9QQVRDSF9LRVkgPSAnX19zaWFyYVNoaWVsZFZlbmRvclJ1bnRpbWVQYXRjaEluc3RhbGxlZF9fJztcclxuY29uc3QgVkVORE9SX1RPS0VOX0JSSURHRV9LRVkgPSAnX19zaWFyYVNoaWVsZFZlbmRvclRva2VuQnJpZGdlSW5zdGFsbGVkX18nO1xyXG5jb25zdCBXUkFQUEVEX0ZOX1BSRUZJWCA9ICdfX3NpYXJhU2hpZWxkV3JhcHBlZFZlbmRvckZuX18nO1xyXG5cclxudHlwZSBWZW5kb3JGbk5hbWUgPSAnT3Blbl9QbHVpbicgfCAnT3Blbl9QbHVnaW4nIHwgJ09wZW5fUGx1Z2luXyc7XHJcbnR5cGUgT3B0aW9uYWxWZW5kb3JGbk5hbWUgPSBWZW5kb3JGbk5hbWUgfCAnT3BlbkNhcHRjaGFTbGlkJyB8ICdHZXRDeWJlclNpYXJhJztcclxudHlwZSBWZW5kb3JGbiA9ICguLi5hcmdzOiB1bmtub3duW10pID0+IHVua25vd247XHJcblxyXG5mdW5jdGlvbiBpc0tub3duVmVuZG9yTnVsbERvbUVycm9yKGVycm9yOiB1bmtub3duKTogYm9vbGVhbiB7XHJcbiAgY29uc3QgbXNnID0gZXJyb3IgaW5zdGFuY2VvZiBFcnJvciA/IGVycm9yLm1lc3NhZ2UudG9Mb3dlckNhc2UoKSA6IFN0cmluZyhlcnJvciA/PyAnJykudG9Mb3dlckNhc2UoKTtcclxuICByZXR1cm4gKFxyXG4gICAgbXNnLmluY2x1ZGVzKFwiY2Fubm90IHJlYWQgcHJvcGVydGllcyBvZiBudWxsIChyZWFkaW5nICdzdHlsZScpXCIpIHx8XHJcbiAgICBtc2cuaW5jbHVkZXMoXCJjYW5ub3QgcmVhZCBwcm9wZXJ0aWVzIG9mIG51bGwgKHJlYWRpbmcgJ3F1ZXJ5c2VsZWN0b3InKVwiKSB8fFxyXG4gICAgbXNnLmluY2x1ZGVzKFwiY2Fubm90IHJlYWQgcHJvcGVydGllcyBvZiBudWxsIChyZWFkaW5nICdyZW1vdmVjaGlsZCcpXCIpXHJcbiAgKTtcclxufVxyXG5cclxuZnVuY3Rpb24gcnVuRmFsbGJhY2tDaGFsbGVuZ2VPcGVuKGV4Y2x1ZGluZzogT3B0aW9uYWxWZW5kb3JGbk5hbWUpOiB2b2lkIHtcclxuICBjb25zdCBnbG9iYWxzID0gZ2V0U2lhcmFTaGllbGRHbG9iYWxzKCkgYXMgdHlwZW9mIGdsb2JhbFRoaXMgJiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPjtcclxuICBjb25zdCBjYW5kaWRhdGVzOiBPcHRpb25hbFZlbmRvckZuTmFtZVtdID0gWydPcGVuQ2FwdGNoYVNsaWQnLCAnR2V0Q3liZXJTaWFyYScsICdPcGVuX1BsdWluJywgJ09wZW5fUGx1Z2luJywgJ09wZW5fUGx1Z2luXyddO1xyXG5cclxuICBmb3IgKGNvbnN0IG5hbWUgb2YgY2FuZGlkYXRlcykge1xyXG4gICAgaWYgKG5hbWUgPT09IGV4Y2x1ZGluZykgY29udGludWU7XHJcbiAgICBjb25zdCBmbiA9IGdsb2JhbHNbbmFtZV07XHJcbiAgICBpZiAodHlwZW9mIGZuICE9PSAnZnVuY3Rpb24nKSBjb250aW51ZTtcclxuICAgIHRyeSB7XHJcbiAgICAgIChmbiBhcyBWZW5kb3JGbikoKTtcclxuICAgICAgcmV0dXJuO1xyXG4gICAgfSBjYXRjaCB7XHJcbiAgICAgIC8vIFRyeSBuZXh0IGNhbmRpZGF0ZS5cclxuICAgIH1cclxuICB9XHJcbn1cclxuXHJcbmZ1bmN0aW9uIHdyYXBWZW5kb3JPcGVuRnVuY3Rpb24obmFtZTogVmVuZG9yRm5OYW1lKTogdm9pZCB7XHJcbiAgY29uc3QgZ2xvYmFscyA9IGdldFNpYXJhU2hpZWxkR2xvYmFscygpIGFzIHR5cGVvZiBnbG9iYWxUaGlzICYgUmVjb3JkPHN0cmluZywgdW5rbm93bj47XHJcbiAgY29uc3QgbWFya2VyID0gYCR7V1JBUFBFRF9GTl9QUkVGSVh9JHtuYW1lfWA7XHJcbiAgaWYgKGdsb2JhbHNbbWFya2VyXSA9PT0gdHJ1ZSkgcmV0dXJuO1xyXG5cclxuICBjb25zdCBjYW5kaWRhdGUgPSBnbG9iYWxzW25hbWVdO1xyXG4gIGlmICh0eXBlb2YgY2FuZGlkYXRlICE9PSAnZnVuY3Rpb24nKSByZXR1cm47XHJcblxyXG4gIGNvbnN0IG9yaWdpbmFsID0gY2FuZGlkYXRlIGFzIFZlbmRvckZuO1xyXG4gIGdsb2JhbHNbbmFtZV0gPSAoKC4uLmFyZ3M6IHVua25vd25bXSkgPT4ge1xyXG4gICAgdHJ5IHtcclxuICAgICAgcmV0dXJuIG9yaWdpbmFsKC4uLmFyZ3MpO1xyXG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcclxuICAgICAgaWYgKCFpc0tub3duVmVuZG9yTnVsbERvbUVycm9yKGVycm9yKSkge1xyXG4gICAgICAgIHRocm93IGVycm9yO1xyXG4gICAgICB9XHJcblxyXG4gICAgICAvLyBWZW5kb3IgY2hhbGxlbmdlIG9wZW5lciBoaXQgYSBtaXNzaW5nIERPTSBub2RlLlxyXG4gICAgICAvLyBUcnkgYWx0ZXJuYXRpdmUgb3BlbiBmdW5jdGlvbnMgc28gY2hhbGxlbmdlIGNhbiBzdGlsbCByZW5kZXIuXHJcbiAgICAgIHJ1bkZhbGxiYWNrQ2hhbGxlbmdlT3BlbihuYW1lKTtcclxuICAgICAgcmV0dXJuIHVuZGVmaW5lZDtcclxuICAgIH1cclxuICB9KSBhcyB1bmtub3duO1xyXG4gIGdsb2JhbHNbbWFya2VyXSA9IHRydWU7XHJcbn1cclxuXHJcbmZ1bmN0aW9uIGluc3RhbGxWZXJpZmllZFN1Ym1pdFRva2VuQnJpZGdlKCk6IHZvaWQge1xyXG4gIGNvbnN0IGdsb2JhbHMgPSBnZXRTaWFyYVNoaWVsZEdsb2JhbHMoKSBhcyB0eXBlb2YgZ2xvYmFsVGhpcyAmIHtcclxuICAgIFtWRU5ET1JfVE9LRU5fQlJJREdFX0tFWV0/OiBib29sZWFuO1xyXG4gICAgSlF1cnlOYW1lPzogeyBhamF4PzogKC4uLmFyZ3M6IHVua25vd25bXSkgPT4gdW5rbm93biB9O1xyXG4gICAgJD86IHsgYWpheD86ICguLi5hcmdzOiB1bmtub3duW10pID0+IHVua25vd24gfTtcclxuICAgIEN5YmVyU2lhcmFUb2tlbj86IHN0cmluZztcclxuICB9O1xyXG4gIGlmIChnbG9iYWxzW1ZFTkRPUl9UT0tFTl9CUklER0VfS0VZXSkgcmV0dXJuO1xyXG5cclxuICBjb25zdCBwYXRjaEFqYXhPd25lciA9IChvd25lcjogeyBhamF4PzogKC4uLmFyZ3M6IHVua25vd25bXSkgPT4gdW5rbm93biB9IHwgdW5kZWZpbmVkKTogdm9pZCA9PiB7XHJcbiAgICBpZiAoIW93bmVyIHx8IHR5cGVvZiBvd25lci5hamF4ICE9PSAnZnVuY3Rpb24nKSByZXR1cm47XHJcbiAgICBjb25zdCBvcmlnaW5hbEFqYXggPSBvd25lci5hamF4LmJpbmQob3duZXIpO1xyXG5cclxuICAgIG93bmVyLmFqYXggPSAoKC4uLmFyZ3M6IHVua25vd25bXSkgPT4ge1xyXG4gICAgICBjb25zdCBmaXJzdEFyZyA9IGFyZ3NbMF07XHJcbiAgICAgIGlmICghZmlyc3RBcmcgfHwgdHlwZW9mIGZpcnN0QXJnICE9PSAnb2JqZWN0Jykge1xyXG4gICAgICAgIHJldHVybiBvcmlnaW5hbEFqYXgoLi4uYXJncyk7XHJcbiAgICAgIH1cclxuXHJcbiAgICAgIGNvbnN0IG9wdGlvbnMgPSBmaXJzdEFyZyBhcyBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPjtcclxuICAgICAgY29uc3QgdXJsID0gU3RyaW5nKG9wdGlvbnNbJ3VybCddID8/ICcnKS50b0xvd2VyQ2FzZSgpO1xyXG4gICAgICBjb25zdCBvcmlnaW5hbFN1Y2Nlc3MgPSBvcHRpb25zWydzdWNjZXNzJ107XHJcbiAgICAgIGlmICghdXJsLmluY2x1ZGVzKCcvc3VibWl0Y2FwdGNoYS92ZXJpZmllZHN1Ym1pdCcpIHx8IHR5cGVvZiBvcmlnaW5hbFN1Y2Nlc3MgIT09ICdmdW5jdGlvbicpIHtcclxuICAgICAgICByZXR1cm4gb3JpZ2luYWxBamF4KG9wdGlvbnMpO1xyXG4gICAgICB9XHJcblxyXG4gICAgICBvcHRpb25zWydzdWNjZXNzJ10gPSAoKHJlc3BvbnNlOiB1bmtub3duLCAuLi5yZXN0OiB1bmtub3duW10pID0+IHtcclxuICAgICAgICBjb25zdCBwYXlsb2FkID0gcmVzcG9uc2UgYXMgeyBkYXRhPzogdW5rbm93bjsgRGF0YT86IHVua25vd24gfSB8IG51bGw7XHJcbiAgICAgICAgY29uc3QgbWF5YmVUb2tlblJhdyA9IHBheWxvYWQ/LmRhdGEgPz8gcGF5bG9hZD8uRGF0YTtcclxuICAgICAgICBpZiAodHlwZW9mIG1heWJlVG9rZW5SYXcgPT09ICdzdHJpbmcnICYmIG1heWJlVG9rZW5SYXcudHJpbSgpKSB7XHJcbiAgICAgICAgICBnbG9iYWxzLkN5YmVyU2lhcmFUb2tlbiA9IG1heWJlVG9rZW5SYXcudHJpbSgpO1xyXG4gICAgICAgIH1cclxuXHJcbiAgICAgICAgcmV0dXJuIChvcmlnaW5hbFN1Y2Nlc3MgYXMgKC4uLmZuQXJnczogdW5rbm93bltdKSA9PiB1bmtub3duKShyZXNwb25zZSwgLi4ucmVzdCk7XHJcbiAgICAgIH0pIGFzIHVua25vd247XHJcblxyXG4gICAgICByZXR1cm4gb3JpZ2luYWxBamF4KG9wdGlvbnMpO1xyXG4gICAgfSkgYXMgdHlwZW9mIG93bmVyLmFqYXg7XHJcbiAgfTtcclxuXHJcbiAgcGF0Y2hBamF4T3duZXIoZ2xvYmFscy4kKTtcclxuICBwYXRjaEFqYXhPd25lcihnbG9iYWxzLkpRdXJ5TmFtZSk7XHJcbiAgZ2xvYmFsc1tWRU5ET1JfVE9LRU5fQlJJREdFX0tFWV0gPSB0cnVlO1xyXG59XHJcblxyXG5leHBvcnQgZnVuY3Rpb24gaW5zdGFsbFZlbmRvckNoYWxsZW5nZVJ1bnRpbWVQYXRjaCgpOiB2b2lkIHtcclxuICBjb25zdCBnbG9iYWxzID0gZ2V0U2lhcmFTaGllbGRHbG9iYWxzKCkgYXMgdHlwZW9mIGdsb2JhbFRoaXMgJiB7XHJcbiAgICBbVkVORE9SX1JVTlRJTUVfUEFUQ0hfS0VZXT86IGJvb2xlYW47XHJcbiAgfTtcclxuICBpZiAoZ2xvYmFsc1tWRU5ET1JfUlVOVElNRV9QQVRDSF9LRVldKSByZXR1cm47XHJcblxyXG4gIHdyYXBWZW5kb3JPcGVuRnVuY3Rpb24oJ09wZW5fUGx1aW4nKTtcclxuICB3cmFwVmVuZG9yT3BlbkZ1bmN0aW9uKCdPcGVuX1BsdWdpbicpO1xyXG4gIHdyYXBWZW5kb3JPcGVuRnVuY3Rpb24oJ09wZW5fUGx1Z2luXycpO1xyXG4gIGluc3RhbGxWZXJpZmllZFN1Ym1pdFRva2VuQnJpZGdlKCk7XHJcbiAgZ2xvYmFsc1tWRU5ET1JfUlVOVElNRV9QQVRDSF9LRVldID0gdHJ1ZTtcclxufVxyXG4iXX0=