solid-logic 4.0.7 → 4.0.8-test.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/README.md +3 -1
  2. package/dist/2729812e0bfc062ee77a.js +1 -0
  3. package/dist/a9c30b64ceaae48b72f0.js +2045 -0
  4. package/dist/authSession/authSession.d.ts +41 -2
  5. package/dist/authSession/authSession.d.ts.map +1 -1
  6. package/dist/authSession/events.d.ts +24 -0
  7. package/dist/authSession/events.d.ts.map +1 -0
  8. package/dist/authSession/issuer.d.ts +8 -0
  9. package/dist/authSession/issuer.d.ts.map +1 -0
  10. package/dist/authSession/session.d.ts +45 -0
  11. package/dist/authSession/session.d.ts.map +1 -0
  12. package/dist/authn/SolidAuthnLogic.d.ts +15 -6
  13. package/dist/authn/SolidAuthnLogic.d.ts.map +1 -1
  14. package/dist/authn/serverLogout.d.ts +6 -0
  15. package/dist/authn/serverLogout.d.ts.map +1 -0
  16. package/dist/index.d.ts +2 -1
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/logic/solidLogic.d.ts +3 -3
  19. package/dist/logic/solidLogic.d.ts.map +1 -1
  20. package/dist/logic/solidLogicSingleton.d.ts.map +1 -1
  21. package/dist/solid-logic.esm.js +492 -9622
  22. package/dist/solid-logic.esm.js.map +1 -1
  23. package/dist/solid-logic.esm.min.js +1 -1
  24. package/dist/solid-logic.esm.min.js.map +1 -1
  25. package/dist/solid-logic.js +4082 -8082
  26. package/dist/solid-logic.js.map +1 -1
  27. package/dist/solid-logic.min.js +1 -1
  28. package/dist/solid-logic.min.js.map +1 -1
  29. package/dist/types.d.ts +2 -2
  30. package/dist/types.d.ts.map +1 -1
  31. package/package.json +11 -9
  32. package/dist/acl/aclLogic.js +0 -117
  33. package/dist/acl/aclLogic.js.map +0 -1
  34. package/dist/authSession/authSession.js +0 -3
  35. package/dist/authSession/authSession.js.map +0 -1
  36. package/dist/authn/SolidAuthnLogic.js +0 -109
  37. package/dist/authn/SolidAuthnLogic.js.map +0 -1
  38. package/dist/authn/authUtil.js +0 -64
  39. package/dist/authn/authUtil.js.map +0 -1
  40. package/dist/chat/chatLogic.js +0 -157
  41. package/dist/chat/chatLogic.js.map +0 -1
  42. package/dist/inbox/inboxLogic.js +0 -51
  43. package/dist/inbox/inboxLogic.js.map +0 -1
  44. package/dist/index.js +0 -14
  45. package/dist/index.js.map +0 -1
  46. package/dist/issuer/issuerLogic.js +0 -37
  47. package/dist/issuer/issuerLogic.js.map +0 -1
  48. package/dist/logic/CustomError.js +0 -27
  49. package/dist/logic/CustomError.js.map +0 -1
  50. package/dist/logic/solidLogic.js +0 -64
  51. package/dist/logic/solidLogic.js.map +0 -1
  52. package/dist/logic/solidLogicSingleton.js +0 -31
  53. package/dist/logic/solidLogicSingleton.js.map +0 -1
  54. package/dist/profile/profileAclDocuments.js +0 -13
  55. package/dist/profile/profileAclDocuments.js.map +0 -1
  56. package/dist/profile/profileDocuments.js +0 -11
  57. package/dist/profile/profileDocuments.js.map +0 -1
  58. package/dist/profile/profileLogic.js +0 -344
  59. package/dist/profile/profileLogic.js.map +0 -1
  60. package/dist/typeIndex/typeIndexAclDocuments.js +0 -31
  61. package/dist/typeIndex/typeIndexAclDocuments.js.map +0 -1
  62. package/dist/typeIndex/typeIndexDocuments.js +0 -17
  63. package/dist/typeIndex/typeIndexDocuments.js.map +0 -1
  64. package/dist/typeIndex/typeIndexLogic.js +0 -248
  65. package/dist/typeIndex/typeIndexLogic.js.map +0 -1
  66. package/dist/types.js +0 -2
  67. package/dist/types.js.map +0 -1
  68. package/dist/util/containerLogic.js +0 -49
  69. package/dist/util/containerLogic.js.map +0 -1
  70. package/dist/util/debug.js +0 -13
  71. package/dist/util/debug.js.map +0 -1
  72. package/dist/util/ns.js +0 -5
  73. package/dist/util/ns.js.map +0 -1
  74. package/dist/util/utilityLogic.js +0 -201
  75. package/dist/util/utilityLogic.js.map +0 -1
  76. package/dist/util/utils.js +0 -39
  77. package/dist/util/utils.js.map +0 -1
  78. package/dist/versionInfo.js +0 -36
  79. package/dist/versionInfo.js.map +0 -1
@@ -1 +1 @@
1
- {"version":3,"file":"solid-logic.js","mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AACD,O;;;;;;;ACVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEa;;AAEb;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,EAAE;AACF;AACA;AACA;AACA;AACA,EAAE;AACF;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,mBAAmB;;AAEnB;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;;AAED;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA,kBAAkB,sBAAsB;AACxC;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB;AAChB;AACA;AACA;AACA;AACA,eAAe;AACf;;AAEA;;AAEA;AACA;;AAEA;AACA;AACA,IAAI;AACJ;AACA;AACA,oBAAoB,SAAS;AAC7B;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,gBAAgB;AAChB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;;AAEA,kCAAkC,QAAQ;AAC1C;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,oBAAoB,iBAAiB;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA,QAAQ;AACR;AACA,uCAAuC,QAAQ;AAC/C;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA,MAAM;AACN;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA,kBAAkB,OAAO;AACzB;AACA;AACA;;AAEA;AACA,SAAS,yBAAyB;AAClC;AACA;AACA;;AAEA;AACA;AACA,kBAAkB,gBAAgB;AAClC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA,8DAA8D,YAAY;AAC1E;AACA,8DAA8D,YAAY;AAC1E;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA,qCAAqC,YAAY;AACjD;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,IAAI;AACJ;AACA;AACA;;;;;;;;AChfA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,oBAAoB,KAAK;AACzB;AACA,wBAAwB,mBAAmB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;;;;;;;;ACjFA,kD;;;;;;UCAA;UACA;;UAEA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;;UAEA;UACA;;UAEA;UACA;UACA;;;;;WCtBA;WACA;WACA;WACA;WACA;WACA,iCAAiC,WAAW;WAC5C;WACA,E;;;;;WCPA;WACA;WACA;WACA;WACA,yCAAyC,wCAAwC;WACjF;WACA;WACA,E;;;;;WCPA;WACA;WACA;WACA;WACA,GAAG;WACH;WACA;WACA,CAAC,I;;;;;WCPD,wF;;;;;WCAA;WACA;WACA;WACA,uDAAuD,iBAAiB;WACxE;WACA,gDAAgD,aAAa;WAC7D,E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACLO,SAAS,GAAG,CAAC,GAAG,IAAW;IAChC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;AACtB,CAAC;AAEM,SAAS,IAAI,CAAC,GAAG,IAAW;IACjC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AACvB,CAAC;AAEM,SAAS,KAAK,CAAC,GAAG,IAAW;IAClC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;AACxB,CAAC;AAEM,SAAS,KAAK,CAAC,GAAG,IAAW;IAClC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;AACxB,CAAC;;;;ACfyC;AACnC;AACA;AACP,kBAAkB,uDAAO;AAClB;AACP,wCAAwC,QAAQ;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA,0DAA0D,cAAc,aAAa,MAAM;AAC3F;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACO;AACP;AACA;AACO;AACP;AACA;AACA,uBAAuB,mBAAmB;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AClD0D;AACnD;AACP;AACA;AACA,oBAAoB,OAAO;AAC3B;AACA;AACA;AACA,oBAAoB,sBAAsB;AAC1C;AACA;AACA;AACA;AACO;AACP;AACA;AACO;AACP;AACA;AACA,oBAAoB,mBAAmB;AACvC;AACA;AACA;AACA;AACO;AACP;AACA;AACA,kBAAkB,OAAO;AACzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;ACpCO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA,yBAAyB,SAAS,0BAA0B;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA,yBAAyB,SAAS,0BAA0B;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;;;ACjHqD;AACtC;AACf,wBAAwB,cAAc;AACtC;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA,qBAAqB;AACrB;AACA,qBAAqB;AACrB;AACA,sBAAsB,gBAAgB,QAAQ,KAAK;AACnD;AACA;;;AC3BA,gDAAe,MAAM,EAAC;AACf;;;ACDP,uDAAe;AACf;AACA,gBAAgB,gBAAgB;AAChC;AACA,mCAAmC,KAAK;AACxC;AACA;AACA,CAAC;AAAA,wKAAC;;;ACPF;AACA,2EAA2E,MAAM,UAAU,KAAK;AAChG;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,kBAAkB,OAAO,KAAK;AAC3D;AACA;AACA,6BAA6B,WAAW,KAAK,UAAU;AACvD;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;;;AC5JA;AACA;AACA;AACA;AACA,8BAA8B,iBAAiB,OAAO,KAAK;AAC3D;AACA;AACA,8BAA8B,UAAU,KAAK,SAAS;AACtD;AACA;AACA,0BAA0B,SAAS;AACnC;AACA;AACA,4BAA4B,OAAO;AACnC;AACA;AACA,qCAAqC,YAAY;AACjD;AACA;AACA;AACA,+CAA+C,wBAAwB;AACvE;AACA;AACA;AACA;AACA,wDAAe;AACf;AACA,CAAC;AAAA,0KAAC;AACK;AACP,kCAAkC,KAAK;AACvC;;;AC9B6C;AAC7C,kDAAe;AACf,QAAQ,WAAW;AACnB;AACA;AACA;AACA,CAAC;AAAA,8JAAC;AACK;;;ACPP;AACA;AACA;AACe;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;ACfsC;AAC/B;AACP,WAAW,QAAQ;AACnB;AACO;AACP;AACA;AACO;AACP;AACA;AACO;AACP;AACA;;;ACZoC;AACiB;AACrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,8BAA8B,kBAAkB;AAClF;AACA;AACA;AACA;AACA;AACA,kCAAkC,wCAAwC,kBAAkB;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,qCAAqC;AAC1E;AACA;AACA;AACA;AACA,8BAA8B,gBAAgB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,8BAA8B,gBAAgB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,8BAA8B,gBAAgB;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,gBAAgB;AACtC;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA,YAAY,uBAAuB;AACnC;AACA;AACA;AACA;AACA;AACA,sBAAsB;AACtB;AACA;AACA,WAAW,SAAM;AACjB;AACA,iDAAe,KAAK,EAAC;;;ACvGoB;AACD;AACA;AACxC,8BAA8B,MAAM;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,UAAS,GAAG,aAAa;AACrD;AACA;AACA;AACA,yBAAyB,kBAAkB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,eAAe;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,KAAK;AACb;AACA,mBAAmB,MAAM;AACzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,eAAe;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,KAAK;AACb;AACA,mBAAmB,MAAM;AACzB;AACA;AACA;AACA;AACA;AACA;AACA,oDAAe,EAAE,yCAAyC,EAAC;;;ACnEN;AACI;AACC;AACjB;AACE;AAC5B;AACf;AACA,oBAAoB,aAAS;AAC7B;AACA;AACA,oBAAoB,aAAS;AAC7B;AACA,QAAQ,WAAW;AACnB,QAAQ,iBAAiB;AACzB;AACA;AACA;AACA;AACA,gCAAgC,iBAAe,SAAS,KAAK;AAC7D;AACA,eAAe,SAAM,gCAAgC,aAAa,cAAc,iBAAiB;AACjG;AACA,wBAAwB,iBAAe,SAAS,KAAK;AACrD;;;ACvB8C;AACV;AACe;AACC;AACpD;AACA,4BAA4B,YAAY;AACxC,IAAI,gBAAc;AAClB,sBAAsB,SAAe;AACrC;AACA,qBAAqB,SAAM;AAC3B;AACA;AACA;AACA;AACA;AACA,qDAAe,MAAM,EAAC;;;ACftB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kDAAe,UAAU,EAAC;;;ACrB0C;AACP;AAC1B;AACnC;AACA;AACA;AACA;AACA;AACA;AACA,qGAAqG,MAAM;AAC3G;AACA;AACA,4FAA4F,IAAI;AAChG;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,KAAS;AAC7B,YAAY,WAAe;AAC3B;AACA;AACA;AACA,SAAS,WAAS;AAClB,4BAA4B,OAAe,cAAc,KAAK;AAC9D;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA;AACA,oBAAoB,KAAS;AAC7B;AACA;AACA,oBAAoB,YAAgB;AACpC;AACA;AACA;AACA,oBAAoB,WAAe;AACnC;AACA;AACA;AACA;AACA,SAAS,WAAS;AAClB,4BAA4B,OAAe,cAAc,KAAK;AAC9D;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,EAAE;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qDAAe,mCAAmC,EAAC;AAC5C;;;AC5E8C;AACrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,gBAAgB,gCAAgC,UAAU;AAChF;AACA;AACA,yDAAyD,UAAU;AACnE;AACA;AACA,yDAAyD,UAAU;AACnE;AACA;AACA;AACA;AACA,oDAAe,YAAY,EAAC;;;ACjC5B;AACA;AACA;AACA,gCAAgC,OAAO;AACvC;AACA;AACA;AACA;AACA;AACA;AACA,0DAAe,kBAAkB,EAAC;;;;;;ACVkC;AACD;AAChB;AACE;AACV;AACpC;AACP;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACO;AACP,SAAS,QAAQ;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,MAAe;AAClC;AACA;AACA,0BAA0B,gBAAgB;AAC1C;AACA;AACA;AACA,mBAAmB,UAAW,GAAG,aAAa;AAC9C;AACA,sBAAsB,gBAAgB;AACtC;AACA;;;AC5CiE;AACpB;AACwD;AAChC;AACnB;AACJ;AACoB;AACZ;AACY;AACtB;AACI;AACzC;AACP,SAAS,QAAQ;AACjB,kBAAkB,UAAU;AAC5B;AACA;AACA,kBAAkB,UAAU;AAC5B;AACA;AACA,kBAAkB,UAAU;AAC5B;AACA;AACA,kBAAkB,UAAU;AAC5B;AACA;AACA,kBAAkB,UAAU;AAC5B;AACA,qCAAqC,QAAQ;AAC7C,kBAAkB,UAAU;AAC5B;AACA;AACA;AACA;AACA,oCAAoC,MAAS;AAC7C,oCAAoC,OAAO;AAC3C;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA,SAAS,WAAU;AACnB,kBAAkB,UAAU;AAC5B;AACA;AACA;AACA;AACA;AACA,uBAAuB,aAAY,CAAC,UAAU;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA,YAAY,MAAM;AAClB;AACA,kBAAkB,UAAU;AAC5B;AACA,kCAAkC,mBAAkB;AACpD;AACA,kBAAkB,iBAAiB;AACnC;AACA;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA,kBAAkB,UAAU;AAC5B;AACA;AACA;AACA;AACA;AACA,QAAQ,mBAAmB;AAC3B,YAAY,KAAK;AACjB,wBAAwB,SAAS;AACjC;AACA;AACA;AACA,QAAQ,mBAAmB;AAC3B;AACA,iBAAiB,MAAM,CAAC,OAAO,8BAA8B,OAAO,gDAAgD,OAAO;AAC3H;AACA;AACA,oBAAoB,MAAS;AAC7B;AACA;AACA,kBAAkB,UAAU;AAC5B;AACA,2BAA2B,cAAM;AACjC;AACA,kBAAkB,8BAA8B;AAChD;AACA;AACA;AACA;AACA,sBAAsB,MAAS;AAC/B;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA,kBAAkB,OAAO;AACzB;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA;;;ACzHyD;AACP;AACE;AAC7C;AACP;AACA,cAAc,OAAO;AACrB;AACA;AACA,kBAAkB,UAAU;AAC5B;AACA,YAAY,uDAAuD;AACnE;AACA,kBAAkB,UAAU;AAC5B;AACA,2BAA2B,eAAe,GAAG,gDAAgD;AAC7F,qBAAqB;AACrB;AACA,iBAAiB;AACjB;AACA;AACA;;;ACpBA,4CAAe,2CAA2C;AAAA,kJAAC;;;ACA3D;AACA;AACA;AACA;AACA;AACA;AACA,2CAAe;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AAAA,gJAAC;;;ACtDmF;AACzC;AACb;AACF;AACS;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qDAAe,8CAA8C;AAC7D;AACA;AACA,6BAA6B,OAAO;AACpC;AACA;AACA;AACA,SAAS,QAAQ;AACjB,kBAAkB,UAAU;AAC5B;AACA,YAAY,MAAM;AAClB;AACA;AACA;AACA,kBAAkB,wBAAwB;AAC1C;AACA,YAAY,8DAA8D;AAC1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,wBAAwB,sBAAsB,MAAM;AAC1E;AACA;AACA;AACA;AACA,kBAAkB,wBAAwB;AAC1C;AACA;AACA,kBAAkB,wBAAwB;AAC1C;AACA;AACA;AACA,kBAAkB,wBAAwB;AAC1C;AACA;AACA;AACA;AACA,wBAAwB,IAAI;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,cAAc;AAC1B,gBAAgB,KAAK;AACrB;AACA,kBAAkB,wBAAwB;AAC1C;AACA;AACA;AACA,sBAAsB,wBAAwB;AAC9C;AACA;AACA,sBAAsB,wBAAwB;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,wBAAwB;AAC9C;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA,oEAAoE,IAAI;AACxE;AACA,sBAAsB,UAAU;AAChC;AACA;AACA,sBAAsB,wBAAwB;AAC9C;AACA;AACA;AACA,CAAC;AAAA,oKAAC;;;ACvGuD;AACP;AACH;AACxC;AACP,2BAA2B,aAAa;AACxC;AACA,kBAAkB,UAAU;AAC5B;AACA,oBAAoB,cAAU;AAC9B,qBAAqB;AACrB;AACA,iBAAiB;AACjB;AACA;AACA;;;ACd2D;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,sBAAsB,WAAW;AACjC;AACA,KAAK;AACL;AACA;AACA;AACA,kBAAkB,SAAS;AAC3B;AACA;AACA;AACA;AACA;AACA,kBAAkB,SAAS;AAC3B;AACA;AACA,iDAAe,SAAS,EAAC;;;ACjCoB;AACmE;AACrE;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,gBAAgB;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,WAAW;AACjC;AACA;AACA;AACA;AACA,gBAAgB,WAAW,IAAI;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,gBAAgB,iBAAiB;AACjC;AACA,sBAAsB,iBAAiB;AACvC;AACA;AACA,8BAA8B,wBAAwB;AACtD,oBAAoB,UAAU;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sDAAsD;AACtD;AACA,0BAA0B,SAAS,GAAG,mBAAmB;AACzD;AACA,sBAAsB,WAAW;AACjC;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;AACA;;;AC3HiD;AACK;AACP;AACJ;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,KAAK,GAAG,QAAQ;AACpC;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,QAAQ;AACjB;AACA,qDAAqD,QAAQ;AAC7D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,iBAAiB;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,iBAAiB;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oDAAoD,UAAS;AAC7D;AACA,0BAA0B,iBAAiB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;AACA;AACO,+BAA+B,yDAAS;;;AC1IM;AACK;AACL;AACZ;AACzC;AACA;AACA;AACA;AACA,eAAe,MAAS;AACxB;AACA;AACA,SAAS,WAAW;AACpB,4BAA4B,iBAAe,SAAS,KAAK;AACzD;AACA;AACA;AACA;AACA,YAAY,iCAAiC,QAAQ,SAAM;AAC3D;AACA;AACA,iDAAe,QAAQ,EAAC;;;;;ACpBoC;AACE;AACd;AACzC;AACP;AACA;AACO;AACP;AACA;AACO;AACP,WAAW,UAAQ;AACnB;;;ACX8C;AACV;AACe;AACD;AAClD;AACA,4BAA4B,YAAU;AACtC,IAAI,gBAAc;AAClB,4BAA4B,SAAM,aAAa,SAAe;AAC9D;AACA;AACA,mDAAe,IAAI,EAAC;;;ACV6C;AACxB;AACS;AACA;AACmB;AACH;AACZ;AAC/C;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,UAAU;AAChC;AACA,aAAa,WAAU;AACvB,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA;AACA,2BAA2B,aAAY,CAAC,UAAU;AAClD;AACA;AACA;AACA;AACA,0BAA0B,UAAU;AACpC;AACA;AACA,gBAAgB,MAAM;AACtB;AACA,sBAAsB,UAAU;AAChC;AACA,QAAQ,mBAAmB;AAC3B;AACA;AACA,sBAAsB,OAAO,QAAQ,MAAS;AAC9C;AACA;AACA;AACA,8BAA8B,OAAO,QAAQ,MAAS;AACtD;AACA;AACA,8BAA8B,OAAO;AACrC;AACA,qBAAqB,MAAM,kBAAkB,OAAO;AACpD,gCAAgC,YAAI;AACpC;AACA,uBAAuB,MAAS;AAChC;AACA;AACA;AACA,0BAA0B,OAAO;AACjC;AACA;AACA;AACA;AACA;AACA,4BAA4B,OAAO;AACnC;AACA;AACA;AACA;;;AChFqD;AAC9C;AACP;AACA,8BAA8B,aAAa;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB,cAAc,GAAG,YAAY,GAAG,cAAc;AAChE;AACA;;;AChBoC;AACO;AACT;AAClC;AACA;AACA,uCAAuC,OAAO;AAC9C;AACA;AACA;AACO;AACP,4BAA4B;AAC5B,aAAa,QAAQ;AACrB;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA,8BAA8B,qDAAqD,KAAK;AACxF;AACA;AACA,8BAA8B,uBAAuB,KAAK,eAAe,IAAI;AAC7E;AACA;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA,8BAA8B,0DAA0D,KAAK;AAC7F;AACA;AACA,8BAA8B,uBAAuB,KAAK,eAAe,IAAI;AAC7E;AACA;AACA;AACA;AACA;AACA,8BAA8B,uBAAuB,KAAK;AAC1D;AACA;AACA,8BAA8B,oDAAoD,KAAK;AACvF;AACA;AACA;AACA;AACA,kDAAkD,KAAK,eAAe,IAAI;AAC1E;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;;;AC1EqD;AACN;AACE;AACP;AACnC,sBAAsB,UAAU;AACvC;AACA;AACA;AACA;AACA;AACA,wBAAwB,WAAW,CAAC,OAAO;AAC3C;AACA;AACA;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;;;;;;ACnBoC;AACiB;AACpB;AAC1B;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B,2BAA2B,OAAO;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,sBAAsB,yBAAgB;AACtC;AACA,WAAW,eAAM;AACjB;AACA;AACA;AACA;AACA,kBAAkB,gBAAgB;AAClC;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,cAAc;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,cAAc;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,iCAAiC;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA,8BAA8B,gBAAgB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA,8BAA8B,gBAAgB;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,gBAAgB;AACtC;AACA,WAAW,SAAM;AACjB;;;AC9IqE;AAC9D,eAAe,iCAAe;AACrC,WAAW,eAAQ;AACnB;;;ACHA;AACA,yDAAe,EAAE,YAAY,EAAC;;;ACD9B;AACA;AACe;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;ACVqC;AACrC;AACA,gBAAgB,SAAS;AACzB;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4DAAe,yDAAS,IAAC;;;AClCQ;AACN;AACsB;AACjD;AACA,QAAQ,kBAAM;AACd,eAAe,kBAAM;AACrB;AACA;AACA,sDAAsD,GAAG;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oDAAoD,OAAO,GAAG,aAAa;AAC3E;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA,WAAW,eAAe;AAC1B;AACA,qDAAe,EAAE,EAAC;;;AC1BwE;AAChE;;AAE1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc;AACd,YAAY;AACZ;AACA,wBAAwB,0BAA0B;AAClD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,sBAAsB,wCAAwC;AAC1F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,wBAAwB;AACxB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,2BAA2B,QAAQ,SAAS,UAAU,kBAAkB;AACxF;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,sDAAsD,QAAQ;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,yBAAyB;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mFAAmF,YAAY,iCAAiC,EAAE;AAClI;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC,mDAAmD;AACpF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,cAAE;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+CAA+C,eAAe;AAC9D,+CAA+C,cAAc;AAC7D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,gEAAgE;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uCAAuC,kCAAkC;AACzE;AACA;AACA,6BAA6B,sBAAsB;AACnD;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,yBAAoB;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA,2DAA2D,mBAAmB;AAC9E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iGAAiG,UAAU,KAAK,EAAE;AAClH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qDAAqD,cAAc,IAAI,QAAQ;AAC/E;AACA;AACA,qDAAqD,OAAO,IAAI,QAAQ;AACxE;AACA;AACA,qDAAqD,UAAU,IAAI,QAAQ;AAC3E;AACA;AACA,qDAAqD,YAAY,IAAI,QAAQ;AAC7E;AACA;AACA;AACA;AACA,6CAA6C,SAAS;AACtD,SAAS,IAAI,QAAQ;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gDAAgD,OAAO;AACvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8CAA8C,OAAO,QAAQ,+BAA+B,yDAAyD,OAAO;AAC5J;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,IAAI;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,IAAI,cAAc,OAAO;AAC/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC,wBAAwB;AACjE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB,WAAW;AAC7B;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qEAAqE,cAAc;AACnF;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,OAAO;AACtB;AACA;AACA,aAAa,cAAE;AACf,KAAK;AACL;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,oCAAoC;AACpC;AACA;AACA,YAAY,wBAAwB,QAAQ,iCAAe,6BAA6B,mBAAmB;AAC3G;AACA;AACA,yBAAyB,SAAS;AAClC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC,UAAU;AACnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,UAAU;AACrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,cAAc;AACzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,8DAA8D;AACtF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA,SAAS;AACT;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,qEAAqE;AACrE;AACA,4CAA4C;AAC5C;;AAEs4B;AACt4B;;;;;ACx/CO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA,4BAA4B;AAC5B;AACA;AACA;AACA,8EAA8E,QAAQ;AACtF;AACA;AACA;AACA;AACA;AACA;AACA,yFAAyF,SAAS,GAAG,UAAU;AAC/G;AACA;AACA;AACA;AACA;AACA,uFAAuF,SAAS,GAAG,UAAU;AAC7G;AACA;;;ACxDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC,WAAW;AACZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC,kBAAkB;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wCAAwC,KAAK,GAAG,aAAa;AAC7D;AACA;AACA;AACA;AACA,uBAAuB,KAAK;AAC5B,uBAAuB,QAAQ,EAAE,OAAO;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACuC;AACvC;AACA;AACA;AACA;AACA,aAAa,SAAS;AACtB,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,cAAc,GAAG,eAAe;AAC5D;AACA;AACA;AACA,gBAAgB;AAChB,OAAO;AACP;AACA;AACA;AACA;AACA,cAAc,aAAa,GAAG,iBAAiB;AAC/C;AACA;AACA;AACA;AACA,4BAA4B,cAAc,GAAG,eAAe;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,aAAa,GAAG,iBAAiB;AAC/C;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,4DAA4D,YAAY;AACxE,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,sEAAsE,YAAY;AAClF,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gDAAgD,UAAU;AAC1D;AACA;AACA;AACA;AACA;AACA,QAAQ,kCAAkC;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,wCAAwC,WAAW;AACnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB,aAAa;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kGAAkG,IAAI,GAAG,0DAA0D;AACnK;AACA;;AAEA;AACA;AACA;AACA;AACA,wCAAwC,WAAW;AACnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B;;AAE5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oCAAoC,IAAI;AACxC;AACA;AACA;AACA,oCAAoC,IAAI;AACxC;AACA;AACA;AACA,uCAAuC,IAAI;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,iFAAiF;AACjF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC;AACzC,YAAY,iCAAiC;AAC7C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA,MAAM;AACN;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,IAAI;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oDAAoD,uDAAuD;AAC3G,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA,gEAAgE,gDAAgD,cAAc,IAAI;AAClI;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA,yBAAyB,qBAAqB,GAAG,gBAAgB;AACjE;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,qBAAqB,GAAG,gBAAgB,KAAK,qBAAqB;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oDAAoD,+EAA+E;AACnI,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA,wDAAwD,gDAAgD,cAAc,IAAI;AAC1H;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA,2BAA2B,qBAAqB,GAAG,gBAAgB;AACnE;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,qBAAqB;AAChE;AACA;AACA;AACA;AACA,yBAAyB,qBAAqB,GAAG,gBAAgB,KAAK,qBAAqB;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0EAA0E,sGAAsG;AAChL;AACA,qCAAqC;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iEAAiE,KAAK;AACtE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+DAA+D,0DAA0D;AACzH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,IAAI,IAAI;AACR;AACA;AACA;AACA;AACA;AACA,gCAAgC,IAAI;AACpC;AACA;AACA;AACA;AACA,gCAAgC,IAAI;AACpC;AACA;AACA;AACA;AACA;AACA,mCAAmC,IAAI;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,kBAAkB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB;AACzB,yBAAyB;AACzB,qBAAqB;AACrB;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,mDAAmD,OAAO;AAC1D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC,0BAA0B;AACnE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA,yCAAyC,YAAY;AACrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6DAA6D,4IAA4I;AACzM;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC,YAAY;AACrD;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6DAA6D,kHAAkH;AAC/K;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uDAAuD,gEAAgE;AACvH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4CAA4C,wEAAwE;AACpH;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,iBAAiB;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,WAAW,EAAE,oBAAoB,EAAE,UAAU;AACnE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gDAAgD,uDAAuD;AACvG;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,cAAc,yBAAyB;AACvC;AACA,cAAc,uBAAuB;AACrC;AACA,cAAc,oBAAoB;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC,2CAA2C;AAC5E;AACA;AACA,0BAA0B,WAAW,EAAE,oBAAoB,EAAE,UAAU;AACvE;AACA;AACA;AACA;AACA,gDAAgD,qBAAqB;AACrE;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA,YAAY,kBAAkB;AAC9B,gDAAgD;AAChD;AACA;AACA,uBAAuB;AACvB;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH,wEAAwE,yCAAyC;AACjH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,IAAI;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA,YAAY,kBAAkB;AAC9B;AACA,kDAAkD;AAClD;AACA,MAAM;AACN,4CAA4C;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB;AAClB;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uHAAuH;AACvH;AACA,YAAY;AACZ;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA,UAAU;AACV;AACA;AACA,QAAQ;AACR;AACA,kEAAkE;AAClE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,gBAAgB;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gEAAgE,aAAa;AAC7E;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,gEAAgE,MAAM;AACtE;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,kDAAkD,OAAO;AACzD;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH,8BAA8B,+BAA+B;AAC7D;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B;AAC5B;AACA;AACA,GAAG;AACH;AACA;AACA,8CAA8C,uDAAuD;AACrG;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,wBAAwB,kBAAkB;AAC1C;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,YAAY,0FAA0F;AACtG;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA,8CAA8C,yBAAyB,IAAI,WAAW;AACtF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uDAAuD,wBAAwB;AAC/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC;AAChC;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA,2DAA2D,gBAAgB;AAC3E;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,+BAA+B,kCAAkC;AACjE;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,qBAAqB;AACnC;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA,wDAAwD,wEAAwE;AAChI;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,kCAAkC;AACjE;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA,+CAA+C,UAAU;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yDAAyD,+BAA+B;AACxF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,4BAA4B,4BAA4B;AACxD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,kCAAkC;AACjE;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR,QAAQ;AACR,QAAQ;AACR;AACA;AACA;AACA;AACA,YAAY,QAAQ;AACpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR,QAAQ;AACR,QAAQ;AACR;AACA;AACA;AACA;AACA,YAAY,QAAQ;AACpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oCAAoC;AACpC;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,yDAAyD,+BAA+B;AACxF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,4CAA4C;AAC9E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC;AACjC;AACA;AACA;AACA;AACA,MAAM;AACN,2DAA2D,gBAAgB;AAC3E;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA,+BAA+B,mCAAmC;AAClE;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,wDAAwD,qDAAqD;AAC7G;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC;AACtC;AACA,KAAK;AACL;AACA;AACA;AACA;AACA,+BAA+B,mCAAmC;AAClE;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA,+CAA+C,UAAU;AACzD;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA,yDAAyD,+BAA+B;AACxF;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA,+BAA+B,mCAAmC;AAClE;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,MAAM;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,wBAAwB,GAAG,wBAAwB;AACtE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA,cAAc,uDAAO;;AAErB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAwBE;AACF;;;ACtlH6D;AACyI;AACqB;;AAE3N;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0FAA0F,gCAAgC,iBAAiB,qCAAqC;AAChL;AACA;AACA,4FAA4F,yBAAyB,eAAe,qCAAqC;AACzK;AACA;AACA;AACA,2DAA2D,oBAAoB,IAAI,qCAAqC;AACxH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8FAA8F,6BAA6B;AAC3H;AACA;AACA;AACA;AACA,0FAA0F,4CAA4C,2BAA2B;AACjK;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,mBAAmB,gDAAgD,qBAAqB;AAC/G;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+EAA+E,yBAAyB,EAAE,6BAA6B,IAAI,8BAA8B;AACzK;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uCAAuC,cAAc,0BAA0B,eAAe;AAC9F;AACA;AACA,wCAAwC,cAAc;AACtD;AACA;AACA;AACA;AACA,kBAAkB,iBAAiB,mCAAmC,oBAAoB,GAAG;AAC7F,mBAAmB,gCAAgC;AACnD,iBAAiB,EAAE,sCAAsC,wBAAwB,QAAQ;AACzF;AACA;AACA;AACA;AACA,kBAAkB,oBAAoB;AACtC;AACA;AACA,kBAAkB,oBAAoB;AACtC;AACA;AACA,kBAAkB,oBAAoB;AACtC;AACA;AACA,kBAAkB,oBAAoB;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0GAA0G,yBAAyB;AACnI;AACA;AACA;AACA,yHAAyH,yBAAyB;AAClJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,mBAAmB;AAC3C,6BAA6B,gBAAgB;AAC7C;AACA;AACA;AACA;AACA;AACA,yCAAyC,QAAQ,gBAAgB,GAAG,oBAAoB,GAAG;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,kBAAkB,QAAQ,wBAAwB;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,mBAAU;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,gBAAgB;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oCAAoC,QAAQ,gBAAgB,GAAG,oBAAoB,GAAG;AACtF;AACA;AACA,aAAa,mBAAU;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,wDAAwD,eAAe;AACvE;AACA;AACA,YAAY,QAAQ,QAAQ,wBAAwB;AACpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,kBAAkB;AACzC;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,kBAAkB;AAC9C;AACA;AACA;AACA;AACA,cAAc,kBAAkB,EAAE;AAClC;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA,sBAAsB,oBAAoB,GAAG;AAC7C,UAAU,KAAK;AACf;AACA;AACA,oBAAoB,uBAAuB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEgG;;;ACrYyd;AACtc;AACzF;AACQ;AACyG;;AAE3I;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oCAAoC,cAAc;AAClD;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mCAAmC,yBAAsB;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mDAAmD,oBAAoB;AACvE,aAAa,kBAAkB;AAC/B,+BAA+B,aAAa;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uDAAuD;AACvD;AACA,8BAA8B,MAAM;AACpC;AACA;AACA;AACA;AACA,6BAA6B,kBAAkB;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,kBAAkB,+EAA+E,wBAAwB;AAC/I;AACA;AACA,sBAAsB,kBAAkB,gFAAgF,wBAAwB;AAChJ;AACA;AACA;AACA,yCAAyC,kBAAkB;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,eAAe;AACnC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mDAAmD,wCAAwC;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,UAAU;AAChD;AACA,iFAAiF;AACjF;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL,wBAAwB,0BAA0B;AAClD,gCAAgC,iCAAiC;AACjE,gCAAgC,iCAAiC;AACjE,6BAA6B,8BAA8B;AAC3D,4BAA4B,6BAA6B;AACzD,+BAA+B,gCAAgC;AAC/D;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL,gCAAgC,iCAAiC;AACjE,6BAA6B,8BAA8B;AAC3D,wBAAwB,0BAA0B;AAClD,6BAA6B,+BAA+B;AAC5D,gCAAgC,iCAAiC;AACjE,4BAA4B,6BAA6B;AACzD,kCAAkC,mCAAmC;AACrE,mCAAmC,oCAAoC;AACvE,uCAAuC,uCAAuC;AAC9E,wCAAwC,wCAAwC;AAChF;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,OAAO;AACtC;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,OAAO;AAClD;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,kBAAkB,KAAK,kBAAkB,kCAAkC,YAAY;AAC7G;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,UAAK;AACpB,UAAU,KAAO;AACjB,UAAU,0BAA0B;AACpC;AACA;AACA;AACA;AACA,iCAAiC,sBAAsB;AACvD;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA,gDAAgD,kBAAkB;AAClE;AACA;AACA;AACA;AACA,mEAAmE,eAAe;AAClF,mEAAmE,cAAc;AACjF;AACA;AACA;AACA,wCAAwC,oBAAoB;AAC5D,+CAA+C,UAAU;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,UAAK;AACpB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,YAAY,8DAA8D,EAAE;AAC5G;AACA;AACA;AACA;AACA;AACA,eAAe,yBAAyB;AACxC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,YAAY,8DAA8D,EAAE;AAC5G;AACA;AACA;AACA;AACA,sEAAsE,YAAY;AAClF;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,gBAAgB,4EAA4E,QAAQ,0BAA0B;AAC9H;AACA;AACA,+DAA+D,IAAI,sEAAsE,oBAAoB;AAC7J;AACA;AACA,6DAA6D,iBAAiB;AAC9E;AACA;AACA,4DAA4D,iBAAiB;AAC7E;AACA,8DAA8D,4BAA4B;AAC1F;AACA,6BAA6B,SAAS;AACtC;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA,+CAA+C,WAAW;AAC1D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B,uBAAuB;AACjD;AACA;AACA;AACA;AACA,SAAS;AACT,cAAc,wBAAwB;AACtC;AACA;AACA,4DAA4D,gBAAgB;AAC5E;AACA;AACA;AACA,0BAA0B,2BAA2B;AACrD;AACA;AACA,aAAa;AACb;AACA;AACA;AACA,SAAS;AACT;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uCAAuC,gBAAgB;AACvD;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0CAA0C;AAC1C;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,iBAAiB;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,cAAc;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA,6DAA6D,cAAc;AAC3E;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,YAAY,8DAA8D,EAAE;AAC5G;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,MAAM;AACpC;AACA,eAAe,yBAAyB;AACxC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,0BAA0B;AAC5D;AACA,kEAAkE,WAAW;AAC7E;AACA;AACA,wCAAwC,UAAU;AAClD;AACA;AACA,4CAA4C,UAAU;AACtD;AACA,+BAA+B,OAAO;AACtC;AACA,+BAA+B,MAAM;AACrC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,eAAe;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uEAAuE,uBAAuB;AAC9F;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,6BAA6B,CAAC;AAC7D,2BAA2B,6BAA6B,CAAC;;AAEzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,eAAe;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,sBAAsB;AACpD;AACA;AACA;AACA,mCAAmC;AACnC,0BAA0B,MAAY;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA,kFAAkF;AAClF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wCAAwC,cAAE;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,MAAM;AAC7B,uBAAuB,MAAM;AAC7B,uBAAuB,MAAM;AAC7B;AACA;AACA;AACA;AACA;AACA,wIAAwI,iCAAiC;AACzK;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,oCAAoC;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,MAAM;AACnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,mBAAmB;AACjD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2BAA2B,qCAAqC;AAChE;AACA,qDAAqD;AACrD;AACA;AACA;AACA;AACA;AACA;AACA,6DAA6D,oBAAoB;AACjF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC,MAAM;AACvC;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC,MAAM;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gDAAgD;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,MAAM;AAC7B;AACA,SAAS;AACT;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,eAAe;AAC9B;AACA,qCAAqC,YAAY,GAAG,YAAY,GAAG,aAAa;AAChF,IAAI,6BAA6B,GAAG,eAAe,KAAK,eAAe;AACvE,4BAA4B,cAAc;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,qBAAqB;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,2BAA2B;AAC/B;AACA;AACA;AACA,SAAS,WAAM;AACf;AACA;;AAEuG;AACvG;;;ACz6C2C;AAEpC,MAAM,WAAW,GAAG,IAAI,OAAO,EAAE;;;;;;;;ACJxC,uEAAuE;AAC3B,CAAC,gDAAgD;AAC/D;AAEvB,MAAM,KAAE,GAAG,yBAAc,CAAC,cAAI,CAAC;;;ACJ8B;AAExB;AAGrC,MAAM,QAAQ,GAAG,sBAAG,CACvB,oDAAoD,CACvD;AAEM,SAAS,cAAc,CAAC,KAAK;IAEhC,MAAM,EAAE,GAAG,KAAS;IAEpB,KAAK,UAAU,aAAa,CAAC,GAAc;QACvC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,EAAE,CAAC;QACxD,CAAC;QACD,OAAO,OAAO,CAAC,KAAK;IACxB,CAAC;IACD;;;;;;;;;;;;OAYG;IACH,SAAS,gBAAgB,CACzB,MAAc,EACd,EAAa,EACb,OAGC;QAED,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CACpB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EACjB,QAAQ,CACX;QAED,OAAO,OAAO,CAAC,OAAO,EAAE;aACnB,IAAI,CAAC,GAAG,EAAE;YACX,IAAI,MAAM,EAAE,CAAC;gBACT,OAAO,MAAmB;YAC9B,CAAC;YAED,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBACnC,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1E,CAAC,CAAC;QACF,CAAC,CAAC;aACD,IAAI,CAAC,MAAM,CAAC,EAAE;YACf,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC;YAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC;YAC5D,CAAC;YACD,OAAO,KAAK,CAAC,OAAO;iBACf,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE;gBACjC,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,aAAa;aACzB,CAAC;iBACD,IAAI,CAAC,MAAM,CAAC,EAAE;gBACf,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;oBACb,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,MAAM,CAAC,KAAK,CAAC;gBAC9D,CAAC;gBAED,OAAO,MAAM;YACb,CAAC,CAAC;QACN,CAAC,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,SAAS,WAAW,CAAE,MAAc;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC;QACjE,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;YACtC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAI,MAAc,CAAC,KAAK,CAAC;YAC1E,CAAC;YAED,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CACxB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EACjB,QAAQ,CACP;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,MAAM,CAAC;YACpE,CAAC;YAED,OAAO,MAAmB;QAC9B,CAAC,CAAC;IACN,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,UAAU,CACnB,MAAc,EACd,EAAa,EACb,MAAc,EACd,UAGQ,EAAE;QAEN,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE;QACtC,MAAM,CAAC,GAAG,wBAAK,EAAE;QACjB,MAAM,IAAI,GAAG,4BAAS,CAAC,gCAAgC,CAAC;QACxD,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,KAAK,CAAC;QAC7B,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACzB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,CAAC;QACpD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC;QACpC,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACxB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC;QACvC,CAAC;QACD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC;QAChC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC;QACzC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC;QAC1C,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC;QAE5C,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;YACnB,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,KAAK,CAAC;YACzB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,CAAC;YACpD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC;YACpC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC;YACnD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5C,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAC,kBAAkB;YAClE,CAAC;QACL,CAAC;QACD,OAAO,4BAAS,CAAC,GAAG,EAAE,CAAC,EAAE,MAAM,CAAC;IACpC,CAAC;IACD,OAAO;QACH,aAAa;QACb,gBAAgB;QAChB,UAAU;KACb;AACL,CAAC;;;AC1JsC;AACD;AAEtC;;;;;GAKG;AACI,MAAM,UAAU,GAAG,GAAO,EAAE;IAC/B,IAAI,EAAE,eAAe,EAAE,GAAQ,MAAM;IACrC,eAAe,KAAf,eAAe,GAAK,EAAE;IACtB,eAAe,CAAC,iBAAiB,GAAG,KAAK;IACzC,IAAI,eAAe,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI;QACjD,IAAI,WAAW,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YACrD,eAAe,CAAC,iBAAiB,GAAG,IAAI;YACxC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YACnE,IAAI,MAAM,EAAE,CAAC;gBACT,IAAI,UAAU,GAAG,eAAe,CAAC,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI;gBACvE,IAAI,UAAU,EAAE,CAAC;oBACjB,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;oBAClC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;wBACjD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC;wBAClC,eAAe,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC;wBAC5C,eAAe,CAAC,iBAAiB,GAAG,KAAK;oBAC7C,CAAC;gBACD,CAAC;YACL,CAAC;QACD,CAAC;IACL,CAAC;IACD,OAAO,eAAe;AAC1B,CAAC;AAED;;;;;;GAMG;AACI,SAAS,aAAa;IACzB,MAAM,EAAE,qBAAqB,EAAE,GAAQ,MAAM;IAC7C,IACE,OAAO,qBAAqB,KAAK,WAAW;QAC5C,qBAAqB,CAAC,QAAQ,EAC9B,CAAC;QACD,aAAa;QACb,GAAS,CAAC,uBAAuB,GAAG,qBAAqB,CAAC,QAAQ,CAAC;QACnE,OAAO,sBAAG,CAAC,qBAAqB,CAAC,QAAQ,CAAC;IAC5C,CAAC;IACD,oFAAoF;IACpF,8HAA8H;IAC9H,IACE,OAAO,QAAQ,KAAK,WAAW;QAC/B,QAAQ,CAAC,QAAQ;QACjB,CAAC,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,kBAAkB,EAC5D,CAAC;QACD,MAAM,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC,WAAW,CAAC;QAChD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI;QACrB,MAAM,EAAE,GAAG,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC;QACrC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI;QACpB,GAAS,CAAC,mBAAmB,GAAG,EAAE,CAAC;QACnC,OAAO,sBAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IACD,OAAO,IAAI;AACf,CAAC;;;AClEiD;AACI;AAChB;AAC8B;AAG7D,MAAM,eAAe;IAG1B,YAAY,gBAAyB;QACnC,IAAI,CAAC,OAAO,GAAG,gBAAgB;IACjC,CAAC;IAED,6FAA6F;IAC7F,IAAI,WAAW,KAAa,OAAO,IAAI,CAAC,OAAO,EAAC,CAAC;IAEjD,WAAW;QACT,MAAM,GAAG,GAAG,UAAU,EAAE;QACxB,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC1B,OAAO,sBAAG,CAAC,GAAG,CAAC,KAAK,CAAC;QACvB,CAAC;QACD,IAAI,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACzG,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QACrC,CAAC;QACD,OAAO,aAAa,EAAE,EAAC,sBAAsB;IAC/C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,SAAS,CACb,eAA6C;QAE7C,yCAAyC;QACzC,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI;QAC/D,IAAI,oBAAoB,EAAE,CAAC;YACzB,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,sBAAsB,EAAE,oBAAoB,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC,GAAG,EAAE,EAAE;YACtD,GAAS,CAAC,uBAAuB,GAAG,EAAE,CAAC;YACvC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG;gBAAE,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC;QAC/E,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QACjD,WAAW,CAAC,IAAI,GAAG,EAAE;QACrB,MAAM,IAAI,CAAC,OAAO;aACf,sBAAsB,CAAC;YACtB,sBAAsB,EAAE,IAAI;YAC5B,GAAG,EAAE,WAAW,CAAC,IAAI;SACtB,CAAC;QAEJ,qDAAqD;QACrD,MAAM,qBAAqB,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,sBAAsB,CAAC;QACjF,IAAI,qBAAqB,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;gBAC1C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;oBACtB,2DAA2D;oBAC3D,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,EAAE,qBAAqB,CAAC;gBAChE,CAAC;qBAAM,CAAC;oBACN,gEAAgE;oBAChE,QAAQ,CAAC,IAAI,GAAG,qBAAqB;gBACvC,CAAC;gBACD,MAAM,CAAC,IAAI,GAAG,qBAAqB;YACrC,CAAC;YACD,qHAAqH;YACrH,qHAAqH;YACrH,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC;QACzD,CAAC;QAED,qDAAqD;QACrD,IAAI,EAAE,GAAG,aAAa,EAAE;QACxB,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;QACtD,IAAI,KAAK,EAAE,CAAC;YACV,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAC3B,CAAC;QAED,IAAI,EAAE,EAAE,CAAC;YACP,GAAS,CAAC,iBAAiB,EAAE,qBAAqB,CAAC;QACrD,CAAC;QAED,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACpE,CAAC;IAED;;;;;;OAMG;IACH,QAAQ,CACN,KAAgC,EAChC,OAA+B;QAE/B,IAAI,QAAgB;QACpB,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,GAAG,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG;YAC1D,MAAM,EAAE,GAAG,4BAAS,CAAC,QAAQ,CAAC;YAC9B,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,EAAE,GAAG,EAAE;YACjB,CAAC;YACD,OAAO,EAAE;QACX,CAAC;QACD,OAAO,IAAI;IACb,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAE,OAAiD;QACjE,MAAM,KAAK,GAAG,QAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,KAAI,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI;QACzE,OAAO,KAAK;IACd,CAAC;CAEF;;;;AC9HsC;AAEhC,SAAS,QAAQ,CAAC,GAAc;IACnC,OAAO,sBAAG,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;AACxD,CAAC;AAEM,SAAS,WAAW,CAAE,GAAgB;IACzC,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;IAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC;IAC7C,OAAO,IAAI,EAAC,4DAA4D;AAC5E,CAAC;AAEM,SAAS,aAAa,CAAC,OAAe,EAAE,IAAU;IACrD,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE;IAClC,MAAM,KAAK,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,GAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;IAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAE,CAAC,CAAE;IACxC,OAAO,IAAI,GAAG,CAAC,aAAa,IAAI,IAAI,KAAK,IAAI,GAAG,IAAI,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE;AACvF,CAAC;AAEM,SAAS,eAAe,CAAC,GAAG;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;QACP,OAAO,IAAI;IACf,CAAC;IACD,OAAO,CACH,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,KAAK,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAC7D;AACL,CAAC;AAEM,SAAS,sBAAsB,CAAE,EAAY;IAChD,MAAM,QAAQ,GAAG,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC;IAC1E,uFAAuF;IACvF,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,YAAY;IAC1E,MAAM,OAAO,GAAG,SAAS,GAAG,WAAW;IACvC,OAAO,sBAAG,CAAC,OAAO,CAAC;AACvB,CAAC;AAEM,SAAS,sBAAsB,CAClC,OAAkB,EAClB,OAAkB;IAElB,cAAc;IACd,mEAAmE;IACnE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAC5B,mBAAmB,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,EACjD,OAAO,CAAC,KAAK,CAChB,CAAC,QAAQ,EAAE;IACZ,OAAO,IAAI,wBAAS,CAAC,gBAAgB,CAAC;AAC1C,CAAC;;;ACnDiD;AAEN;AACoB;AAEhE,MAAM,0BAA0B,GAAG,gBAAgB;AAE5C,SAAS,eAAe,CAAC,KAAK,EAAE,YAAY;IAC/C,MAAM,EAAE,GAAG,KAAS;IAEpB,KAAK,UAAU,MAAM,CACjB,aAAwB,EACxB,EAAa,EACb,OAAkB;QAElB,yDAAyD;QACzD,+DAA+D;QAC/D,gCAAgC;QAChC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;QAEvC,2CAA2C;QAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CACxB,aAAa,EACb,IAAI,wBAAS,CAAC,oDAAoD,CAAC,CACtE;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC;QAC9C,CAAC;QAED,MAAM,OAAO,GAAG;;;;yBAIC,EAAE,CAAC,KAAK;;;;;;;yBAOR,OAAO,CAAC,KAAK;;;;;aAKzB;QACL,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE;YACtD,IAAI,EAAE,OAAO;YACb,WAAW,EAAE,aAAa;SAC7B,CAAC;IACN,CAAC;IAED,KAAK,UAAU,qBAAqB,CAAC,SAAS,EAAE,EAAE;QAC9C,4BAA4B;QAC5B,MAAM,gBAAgB,GAAG,KAAK,CAAC,GAAG,CAC9B,EAAE,EACF,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CACX;QACrB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC;QACpD,CAAC;QACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAC1C,MAAM,GAAG,GAAG,QAAQ,CAAC,gBAAgB,CAAC;QACtC,MAAM,GAAG,GAAG;YACR,qBAAE,CACE,GAAG,EACH,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EACd,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAC5B,gBAAgB,CAAC,GAAG,EAAE,CACzB;YACD,qBAAE,CACE,GAAG,EACH,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EACpB,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,EACtB,gBAAgB,CAAC,GAAG,EAAE,CACzB;YACD,qBAAE,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,SAAS,EAAE,gBAAgB,CAAC,GAAG,EAAE,CAAC;SACnE;QACD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,UAAU,IAAI,EAAE,EAAE,EAAE,IAAI;gBAClD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,IAAI,CAAC;gBACjB,CAAC;YACL,CAAC,CAAC;QACN,CAAC,CAAC;IACN,CAAC;IAED,KAAK,UAAU,QAAQ,CAAC,OAAkB;QACtC,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE;QACtC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC;QAC9D,IAAI,MAAM,GAAG,IAAI;QACjB,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CACpB,IAAI,wBAAS,CAAC,aAAa,CAAC,KAAK,GAAG,gBAAgB,CAAC,CACxD;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,GAAG,KAAK;QAClB,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE;IACxC,CAAC;IAED,KAAK,UAAU,eAAe,CAC1B,aAAwB,EACxB,EAAa;QAEb,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC;YAC1B,EAAE;YACF,OAAO,EAAE,aAAa,CAAC,KAAK;SAC/B,CAAC;QACF,OAAO,OAAO,CAAC,WAAW;IAC9B,CAAC;IAED,SAAS,OAAO,CAAC,cAA8B;QAC3C,MAAM,EAAE,GAAG,KAAK;QAChB,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO;QAC1B,IAAI,cAAc,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,cAAc,CAAC,EAAE,CAAC;QACzE,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,cAAc,CAAC,WAAW;YAC3C,cAAc,CAAC,WAAW;gBAC1B,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,GAAG,0BAA0B,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;QAEpC,EAAE,CAAC,GAAG,CACF,WAAW,EACX,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EACd,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,EACtB,UAAU,CACb;QACD,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,UAAU,CAAC;QAC/D,EAAE,CAAC,GAAG,CACF,WAAW,EACX,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,EAChB,uBAAI,CAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAChC,UAAU,CACb;QACD,IAAI,cAAc,CAAC,EAAE,EAAE,CAAC;YACpB,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE,UAAU,CAAC;QACvE,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,UAAU,OAAO,EAAE,MAAM;YACxC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CACR,UAAU,EACV,EAAE,CAAC,kBAAkB,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,EAClE,aAAa,EACb,UAAU,IAAI,EAAE,EAAE,EAAE,OAAO;gBACvB,IAAI,EAAE,EAAE,CAAC;oBACL,OAAO,CAAC;wBACJ,GAAG,cAAc;wBACjB,WAAW;qBACd,CAAC;gBACN,CAAC;qBAAM,CAAC;oBACJ,MAAM,CACF,IAAI,KAAK,CACL,sCAAsC,GAAG,IAAI,GAAG,KAAK,GAAG,OAAO,CAClE,CACJ;gBACL,CAAC;YACL,CAAC,CACJ;QACL,CAAC,CAAC;IACN,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,OAAO,CAClB,OAAkB,EAClB,eAAe,GAAG,IAAI;QAEtB,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QAC7D,IAAI,MAAM,EAAE,CAAC;YACT,OAAO,IAAI,wBAAS,CAAC,aAAa,CAAC,KAAK,GAAG,0BAA0B,CAAC;QAC1E,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,aAAa,EAAE,EAAE,CAAC;YAC1D,MAAM,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC;YACpC,MAAM,MAAM,CAAC,aAAa,EAAE,EAAE,EAAE,OAAO,CAAC;YACxC,MAAM,qBAAqB,CAAC,SAAS,EAAE,EAAE,CAAC;YAC1C,OAAO,SAAS;QACpB,CAAC;QACD,OAAO,IAAI;IACf,CAAC;IAED,KAAK,UAAU,UAAU,CAAC,OAAkB,EAAE,SAAoB;;QAC9D,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,KAAK,CAAC,GAAG,CAC1B,OAAO,EACP,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EACf,SAAS,EACT,OAAO,CAAC,GAAG,EAAE,CAChB;QACD,IAAI,CAAC,YAAY,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,4BAA4B,OAAO,CAAC,KAAK,EAAE,CAAC;QAChE,CAAC;QACD,MAAM,UAAU,GAAG;;UAEjB,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,SAAS,CAAC,KAAK;SACtC;QAED,MAAM,cAAc,GAAG,MAAM,YAAK,CAAC,OAAO,0CAAE,YAAY,CACpD,MAAM,EACN,YAAY,CAAC,KAAK,EAClB;YACI,IAAI,EAAE,UAAU;YAChB,WAAW,EAAE,aAAa;SAC7B,CACJ;QACD,MAAM,WAAW,GAAG,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QAC3D,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,6BAA6B,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,EAAE,CAAC;QAC1E,CAAC;IACL,CAAC;IACD,OAAO;QACH,MAAM,EAAE,qBAAqB,EAAE,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO;KACzF;AACL,CAAC;;;AC9N4C;AAEtC,SAAS,gBAAgB,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ;IAExF,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,IAAY;QAC3D,MAAM,OAAO,GAAc,MAAM,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,OAAO,GAAc,MAAM,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC;QACjE,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,KAAK,eAAe,kBAAkB,CAAC,IAAI,CAAC,GAAG;QAC3E,MAAM,cAAc,CAAC,eAAe,CAAC,QAAQ,CAAC;QAC9C,4DAA4D;QAC5D,MAAM,YAAY,CAAC,mBAAmB,CAAC;YACrC,UAAU,EAAE,OAAO,CAAC,KAAK;YACzB,SAAS;YACT,aAAa,EAAE,YAAY;YAC3B,MAAM,EAAE,QAAQ;SACjB,CAAC;QACF,OAAO,QAAQ;IACnB,CAAC;IAED,KAAK,UAAU,cAAc,CACzB,IAAgB;QAEhB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE;QACpC,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC;QACnD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,mBAAmB,CAAC,KAAK,CAAC;QAC5D,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,UAAU,UAAU,CAAC,GAAW,EAAE,IAAU;QAC/C,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;QAClD,IAAI,UAAU,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,WAAW,GAAG,EAAE,CAAC;QACnC,CAAC;QACD,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC;QAC3C,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM,UAAU,CAAC,IAAI,EAAE;YAC7B,OAAO,EAAE;gBACP,CAAC,cAAc,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,0BAA0B,CAAC;aACvF;SACF;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC;QAChE,IAAI,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1C,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;gBAC9B,MAAM,EAAE,QAAQ;aACjB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO;QACL,cAAc;QACd,cAAc;QACd,UAAU;KACX;AACH,CAAC;;;ACzDD,MAAM,WAAY,SAAQ,KAAK;IAC3B,YAAY,OAAgB;QACxB,KAAK,CAAC,OAAO,CAAC;QACd,0EAA0E;QAC1E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,EAAC,0BAA0B;QAC5E,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAC,qCAAqC;IACrE,CAAC;CACJ;AAEM,MAAM,iBAAkB,SAAQ,WAAW;CAAG;AAE9C,MAAM,yBAA0B,SAAQ,WAAW;CAAG;AAEtD,MAAM,wBAAyB,SAAQ,WAAW;CAAG;AAErD,MAAM,aAAc,SAAQ,WAAW;CAAG;AAE1C,MAAM,gBAAiB,SAAQ,WAAW;CAAI;AAE9C,MAAM,iBAAkB,SAAQ,WAAW;CAAG;AAE9C,MAAM,UAAW,SAAQ,WAAW;IAGvC,YAAY,MAAc,EAAE,OAAgB;QACxC,KAAK,CAAC,OAAO,CAAC;QACd,IAAI,CAAC,MAAM,GAAG,MAAM;IACxB,CAAC;CACJ;;;AC5BM,SAAS,uBAAuB;IACnC,OAAO;QACH,qDAAqD;QACrD,IAAI;QACJ,yBAAyB;QACzB,6BAA6B;KAChC,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;AAEM,SAAS,wBAAwB;IACpC,OAAO;QACH,qDAAqD;QACrD,IAAI;QACJ,yBAAyB;QACzB,+BAA+B;KAClC,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;AChBM,SAAS,0BAA0B,CAAC,KAAa,EAAE,kBAA0B;IAChF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,qBAAqB;IAC/F,OAAO;QACH,0CAA0C;QAC1C,EAAE;QACF,gDAAgD;QAChD,6CAA6C;QAC7C,EAAE;QACF,UAAU;QACV,0BAA0B;QAC1B,EAAE;QACF,eAAe;QACf,YAAY,KAAK,IAAI;QACrB,EAAE;QACF,uBAAuB,QAAQ,IAAI;QACnC,EAAE;QACF,cAAc;QACd,2CAA2C;QAC3C,EAAE;QACF,mBAAmB;QACnB,WAAW;QACX,0BAA0B;QAC1B,EAAE;QACF,gCAAgC;QAChC,EAAE;QACF,uBAAuB,QAAQ,IAAI;QACnC,EAAE;QACF,wBAAwB;KAC3B,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;AC7BM,SAAS,uBAAuB;IACnC,OAAO;QACH,2CAA2C;QAC3C,iDAAiD;QACjD,qDAAqD;QACrD,IAAI;QACJ,+BAA+B;QAC/B,mCAAmC;KACtC,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;ACTM,SAAS,6BAA6B,CAAC,KAAa;IACvD,OAAO;QACH,gDAAgD;QAChD,EAAE;QACF,UAAU;QACV,sBAAsB;QACtB,cAAc,KAAK,IAAI;QACvB,oBAAoB;QACpB,mBAAmB;QACnB,4CAA4C;KAC/C,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;ACXiD;AAElD;;GAEG;AACI,SAAS,oBAAoB,CAAC,KAAK;IAEtC,SAAS,oBAAoB,CAAC,aAAwB;QAClD,OAAO,KAAK;aACP,kBAAkB,CACf,aAAa,EACb,sBAAG,CAAC,mCAAmC,CAAC,EACxC,SAAS,CACZ;aACA,GAAG,CAAC,CAAC,EAAa,EAAE,EAAE,CAAC,EAAE,CAAC,MAAmB,CAAC;IACvD,CAAC;IAED,SAAS,WAAW,CAAC,GAAc;QAC/B,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK;QAC9B,OAAO,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG;IAC/D,CAAC;IAED,KAAK,UAAU,eAAe,CAAC,GAAW;QACtC,MAAM,YAAY,GAAG,sBAAG,CAAC,GAAG,CAAC;QAC7B,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC;QACjD,CAAC;QACD,oHAAoH;QACpH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;YAC3C,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACL,cAAc,EAAE,aAAa;gBAC7B,eAAe,EAAE,GAAG;gBACpB,IAAI,EAAE,uDAAuD,EAAE,+DAA+D;aACjI;YACD,IAAI,EAAE,GAAG,EAAE,iGAAiG;SAC/G,CAAC;QACF,0FAA0F;QAC1F,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACxB,OAAM;QACV,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,eAAe,MAAM,CAAC,MAAM,yCAAyC,GAAG,EAAE,CAAC;QAC/F,CAAC;IACL,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,YAAuB;QACtD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;QACtC,OAAO,oBAAoB,CAAC,YAAY,CAAC;IAC7C,CAAC;IACD,OAAO;QACH,WAAW;QACX,eAAe;QACf,oBAAoB;QACpB,mBAAmB;KACtB;AACL,CAAC;;;ACxDmD;AACV;AACoH;AACxH;AACM;AACuD;AACpB;AACnB;AACS;AACR;AACU;AAGhE,SAAS,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY;IACzD,MAAM,EAAE,GAAG,KAAS;IACpB,MAAM,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC;IAClD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAA8B;IACrE,MAAM,4BAA4B,GAAG,IAAI,GAAG,EAAqB;IAEjE,SAAS,iBAAiB,CAAC,GAA8B;QACrD,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC7E,CAAC;IAED,SAAS,SAAS,CAAC,IAAe;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;QACtB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,EAAE;QACrB,IAAI,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,KAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,GAAG;QAC1D,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG;QACtB,IAAI,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI;QACtD,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC,GAAG,CAAC;QAClD,IAAI,SAAS,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI;QACjC,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,SAAS,6BAA6B,CAAC,eAA0B,EAAE,QAAgB;QAC/E,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,eAAe,CAAC,GAAG,EAAE,CAAC;QACnG,OAAO,sBAAG,CAAC,MAAM,GAAG,QAAQ,CAAC;IACjC,CAAC;IAED,SAAS,eAAe,CAAC,GAAQ;;QAC7B,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG;YAAE,OAAO,IAAI;QAC9C,MAAM,IAAI,GAAG,GAAG,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,OAAO,KAAI,GAAG,IAAI,EAAE,EAAE;QAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;IAC7D,CAAC;IAED,KAAK,UAAU,qBAAqB,CAAC,YAAoB;QACrD,MAAM,aAAa,GAAG,sBAAG,CAAC,YAAY,CAAC;QACvC,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;YACvC,OAAM;QACV,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QACD,MAAM,cAAc,CAAC,eAAe,CAAC,YAAY,CAAC;IACtD,CAAC;IAED,KAAK,UAAU,6BAA6B,CAAC,IAAe,EAAE,eAA0B;;QACpF,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,eAAe,CAAC,GAAG,EAAE,CAAC;QAC5F,MAAM,qBAAqB,CAAC,MAAM,CAAC;QAEnC,MAAM,aAAa,GAAG,sBAAG,CAAC,MAAM,CAAC;QACjC,IAAI,SAA6B;QACjC,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;YACvC,SAAS,GAAG,WAAK,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,0CAAE,KAAK;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QACD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,6EAA6E;YAC7E,SAAS,GAAG,GAAG,MAAM,MAAM;QAC/B,CAAC;QACD,MAAM,MAAM,GAAG,sBAAG,CAAC,SAAS,CAAC;QAC7B,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;YAChC,OAAM;QACV,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QAED,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE;YAChD,IAAI,EAAE,6BAA6B,CAAC,IAAI,CAAC,GAAG,CAAC;YAC7C,WAAW,EAAE,aAAa;SAC7B,CAAC;IACN,CAAC;IAED,KAAK,UAAU,gCAAgC,CAAC,IAAe,EAAE,eAA0B,EAAE,SAAS,GAAG,KAAK;;QAC1G,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,+BAA+B,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;QAC9G,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS;YAAE,OAAM;QAElC,IAAI,SAA6B;QACjC,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC;YACzC,SAAS,GAAG,WAAK,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,0CAAE,KAAK;QAC3D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QACD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,SAAS,GAAG,GAAG,eAAe,CAAC,GAAG,MAAM;QAC5C,CAAC;QAED,MAAM,MAAM,GAAG,sBAAG,CAAC,SAAS,CAAC;QAC7B,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE;gBAChD,IAAI,EAAE,0BAA0B,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC;gBAC/D,WAAW,EAAE,aAAa;gBAC1B,OAAO,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE;aACpC,CAAC;QACN,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,eAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,mCAAI,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM;YACnD,IAAI,MAAM,KAAK,GAAG;gBAAE,MAAM,GAAG;QACjC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,8BAA8B,CAAC,gBAA2B;QACrE,MAAM,YAAY,CAAC,+BAA+B,CAAC,gBAAgB,EAAE,wBAAwB,EAAE,CAAC;IACpG,CAAC;IAED,KAAK,UAAU,6BAA6B,CAAC,IAAe,EAAE,eAA0B;QACpF,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,EAAe;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAe;QAC1C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;QAExC,MAAM,sBAAsB,GACvB,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,UAAU,CAAsB;QACxF,MAAM,0BAA0B,GAC3B,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,cAAc,CAAsB;QAC5F,MAAM,eAAe,GACjB,sBAAsB;YACtB,0BAA0B;YAC1B,6BAA6B,CAAC,eAAe,EAAE,qBAAqB,CAAC;QACzE,MAAM,gBAAgB,GACjB,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,IAAI,EAAE,cAAc,CAAsB;YACzF,6BAA6B,CAAC,eAAe,EAAE,sBAAsB,CAAC;QAE1E,sGAAsG;QACtG,MAAM,iCAAiC,GAAG,CAAC,sBAAsB;QACjE,IAAI,iCAAiC,EAAE,CAAC;YACpC,MAAM,YAAY,CAAC,qCAAqC,CACpD,IAAI,EACJ,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAc,EACxC,eAAe,EACf,UAAU,EACV,uBAAuB,EAAE,CAC5B;QACL,CAAC;QAED,MAAM,QAAQ,GAAU,EAAE;QAC1B,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,cAAc,CAAC,EAAE,CAAC;YAC9F,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,cAAc,CAAC,CAAC;QACpG,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;YAC3E,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,0BAAO,CAAC,kBAAkB,CAAC,EAAE,cAAc,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,eAAe,EAAE,cAAc,CAAC,EAAE,CAAC;YACnF,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,eAAe,EAAE,cAAc,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,gBAAgB,EAAE,cAAc,CAAC,EAAE,CAAC;YACrF,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC;YACxC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;QAC5C,CAAC;QAED,MAAM,gCAAgC,CAAC,IAAI,EAAE,eAAe,EAAE,iCAAiC,CAAC;QAChG,MAAM,8BAA8B,CAAC,gBAAgB,CAAC;IAC1D,CAAC;IAED,KAAK,UAAU,0BAA0B,CAAC,eAA0B;;QAChE,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,+BAA+B,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;YAC9G,IAAI,OAAO,EAAE,CAAC;gBACV,OAAO,IAAI;YACf,CAAC;YACD,OAAO,KAAK;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,UAAG,CAAC,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAC/B,MAAM,IAAI,iBAAiB,EAAE;YACjC,CAAC;YACD,IAAI,UAAG,CAAC,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAC/B,IAAI,eAAe,CAAC,eAAe,CAAC,EAAE,CAAC;oBACnC,MAAM,IAAI,yBAAyB,EAAE;gBACzC,CAAC;gBACD,MAAM,IAAI,wBAAwB,EAAE;YACxC,CAAC;YACD,MAAM,GAAG;QACb,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,uBAAuB,CAAC,IAAe;QAClD,IAAI,CAAC;YACD,OAAO,MAAM,eAAe,CAAC,IAAI,CAAC;QACtC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,OAAO,SAAS;QACpB,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,eAAe,CAAE,IAAe;QAC3C,MAAM,qBAAqB,GAAG,4BAA4B,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;QACxE,IAAI,qBAAqB,EAAE,CAAC;YACxB,OAAO,qBAAqB;QAChC,CAAC;QAED,MAAM,QAAQ,GAAG,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;QACtD,IAAI,QAAQ,EAAE,CAAC;YACX,OAAO,QAAQ;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,KAAK,IAAwB,EAAE;;YAC5C,MAAM,WAAW,CAAC,IAAI,CAAC;YAEvB,MAAM,uBAAuB,GAAG,sBAAsB,CAAC,IAAI,CAAC;YAC5D,IAAI,eAAe;YACnB,IAAI,CAAC;gBACD,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,CAAqB;gBAClH,IAAI,uBAAuB,EAAE,CAAC;oBAC1B,eAAe,GAAG,uBAAuB;gBAC7C,CAAC;qBAAM,CAAC;oBACJ,eAAe,GAAG,MAAM,YAAY,CAAC,kBAAkB,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAc,EAAE,uBAAuB,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChJ,CAAC;gBAED,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;gBACvE,MAAM,0BAA0B,CAAC,eAA4B,CAAC;gBAC9D,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;YAC3E,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,OAAO,GAAG,QAAQ,IAAI,iDAAiD;gBAC7E,IAAU,CAAC,OAAO,CAAC;gBACnB,qCAAqC;gBACrC,IAAI,GAAG,YAAY,gBAAgB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAClD,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBACnD,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBACnD,IAAI,GAAG,YAAY,yBAAyB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAC3D,IAAI,GAAG,YAAY,wBAAwB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAC1D,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAC5C,MAAM,GAAG;YACb,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAA4B,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC,CAAC,+CAA+C;gBAC3D,MAAM,GAAG,GAAG,qCAAqC,IAAI,KAAK,GAAG,EAAE;gBAC/D,IAAI,UAAG,CAAC,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;oBAC/B,gFAAgF;oBAChF,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;oBACvE,MAAM,0BAA0B,CAAC,eAA4B,CAAC;oBAC9D,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;oBACvE,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAA4B,CAAC;oBACtD,OAAO,eAA4B;gBACvC,CAAC;gBACD,IAAU,CAAC,GAAG,CAAC;gBACf,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC9B,MAAM,IAAI,iBAAiB,EAAE;gBACjC,CAAC;gBACD,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC9B,IAAI,eAAe,CAAC,eAAe,CAAC,EAAE,CAAC;wBACvC,MAAM,IAAI,yBAAyB,EAAE;oBACrC,CAAC;oBACD,MAAM,IAAI,wBAAwB,EAAE;gBACxC,CAAC;gBACD;;mBAEG;gBACH,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC;YACxB,CAAC;YACD,4BAA4B,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,eAA4B,CAAC;YACxE,OAAO,eAA4B;QACnC,CAAC,CAAC,EAAE;QAEJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC;QAC1C,IAAI,CAAC;YACD,OAAO,MAAM,GAAG;QACpB,CAAC;gBAAS,CAAC;YACP,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC;gBAChD,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,CAAC;QACL,CAAC;IACL,CAAC;IAED,KAAK,UAAU,WAAW,CAAE,IAAe;QACvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC;QAClD,CAAC;QACD,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,KAAK,GAAG,EAAE,CAAC;QACrE,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,EAAE;IACrB,CAAC;IAED,KAAK,UAAU,MAAM;QACjB,MAAM,EAAE,GAAG,KAAK,CAAC,WAAW,EAAE;QAC9B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC;QAC7D,CAAC;QACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;QAClC,OAAO,EAAE;IACb,CAAC;IAED,SAAS,UAAU,CAAC,IAAe;QAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC;QACjC,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC;QAC/C,CAAC;QACD,OAAO,OAAoB;IAC/B,CAAC;IAED,KAAK,UAAU,YAAY,CAAC,IAAe;QACvC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QACzE,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC;QACjD,CAAC;QACD,OAAO,SAAsB;IACjC,CAAC;IAED,SAAS,WAAW,CAAC,EAAa;QAC9B,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC;IAClE,CAAC;IAED,OAAO;QACH,MAAM;QACN,UAAU;QACV,YAAY;QACZ,WAAW;QACX,eAAe;QACf,WAAW;QACX,uBAAuB;KAC1B;AACL,CAAC;;;AC1V0C;AAEL;AACM;AACJ;AACgD;AAEjF,SAAS,oBAAoB,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY;IACzE,MAAM,EAAE,GAAG,KAAS;IAEpB,SAAS,iBAAiB,CAAC,GAA8B;QACrD,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC7E,CAAC;IAED,SAAS,gBAAgB,CAAC,QAAQ,EAAE,QAAQ;QACxC,OAAO,KAAK;aACP,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC;aAC/C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACV,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC;QACzD,CAAC,CAAC;IACV,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,IAAe;QAC7C,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC;QAC/D,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC;QAEpD,IAAI,UAAU,GAAqB,IAAI;QACvC,IAAI,CAAC;YACD,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,QAAQ,IAAI,gEAAgE;YAC5F,IAAU,CAAC,OAAO,CAAC;QACvB,CAAC;QACD,IAAI,eAAe;QACnB,IAAI,CAAC;YACD,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC;YAChG,IAAI,uBAAuB,EAAE,CAAC;gBAC1B,eAAe,GAAG,uBAAuB;YAC7C,CAAC;iBAAM,IAAI,UAAU,EAAE,CAAC;gBACpB,eAAe,GAAG,MAAM,YAAY,CAAC,qCAAqC,CACtE,IAAI,EACJ,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAc,EACxC,UAAU,EACV,OAAO,EACP,uBAAuB,EAAE,CAC5B;YACL,CAAC;iBAAM,CAAC;gBACJ,eAAe,GAAG,IAAI;YAC1B,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,QAAQ,IAAI,uDAAuD,GAAG,EAAE;YACxF,IAAU,CAAC,OAAO,CAAC;QACvB,CAAC;QACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,eAA4B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;QAEnH,IAAI,eAAe;QACnB,IAAI,CAAC;YACD,eAAe,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,IAAI,CAAC;QACtE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,eAAe,GAAG,IAAI;QAC1B,CAAC;QAED,IAAI,aAAa;QACjB,IAAI,eAAe,EAAE,CAAC,CAAC,0EAA0E;YAC7F,8DAA8D;YAC9D,oDAAoD;YACpD,IAAI,yBAAyB,GAAqB,IAAI;YACtD,IAAI,CAAC;gBACD,yBAAyB,GAAG,uBAAuB,CAAC,eAAe,CAAC;YACxE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,OAAO,GAAG,QAAQ,IAAI,qEAAqE;gBACjG,IAAU,CAAC,OAAO,CAAC;YACvB,CAAC;YACD,IAAI,gBAAgB;YACpB,IAAI,CAAC;gBACD,MAAM,wBAAwB,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC;gBAClG,IAAI,wBAAwB,EAAE,CAAC;oBAC3B,gBAAgB,GAAG,wBAAwB;gBAC/C,CAAC;qBAAM,IAAI,yBAAyB,EAAE,CAAC;oBACnC,gBAAgB,GAAG,MAAM,YAAY,CAAC,qCAAqC,CACvE,IAAI,EACJ,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAc,EACzC,yBAAyB,EACzB,eAAe,EACf,wBAAwB,EAAE,CAC7B;gBACL,CAAC;qBAAM,CAAC;oBACJ,gBAAgB,GAAG,IAAI;gBAC3B,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,OAAO,GAAG,QAAQ,IAAI,gEAAgE,GAAG,EAAE;gBACjG,IAAU,CAAC,OAAO,CAAC;YACvB,CAAC;YACD,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,gBAA6B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;QACrH,CAAC;aAAM,CAAC;YACJ,aAAa,GAAG,EAAE;QACtB,CAAC;QACD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC;QACjD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,MAAM;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;QAC9C,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAU,CAAC,+BAA+B,EAAE,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,MAAM;IACjB,CAAC;IAED,KAAK,UAAU,wBAAwB,CAAC,IAAe;QACnD,IAAI,eAAe;QACnB,IAAI,CAAC;YACD,eAAe,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,IAAI,CAAC;QACtE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,QAAQ,IAAI,iDAAiD;YAC7E,IAAU,CAAC,OAAO,CAAC;QACvB,CAAC;QACD,IAAI,eAAe,EAAE,CAAC,CAAC,0EAA0E;YAC7F,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,eAA4B,CAAC,CAAC,MAAM,CACvG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAe,CAAC,CAC9E;YACD,IAAI,MAAM,GAAG,EAAE;YACf,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;gBAC5B,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,IAAI,CAAC,iBAAiB,CAAE,GAAiB,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7E,IAAU,CAAC,yCAAyC,IAAI,KAAK,GAAG,EAAE,CAAC;oBACnE,SAAQ;gBACZ,CAAC;gBACD,IAAI,CAAC;oBACD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,kBAAkB,CAAC,GAAgB,CAAQ,CAAC;gBAC7E,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACX,IAAU,CAAC,uCAAwC,GAAiB,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;gBACvF,CAAC;YACL,CAAC;YACD,OAAO,MAAM;QACjB,CAAC;QACD,OAAO,EAAE,EAAC,iBAAiB;IAC/B,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,IAAe;QAC7C,OAAO,CAAC,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACxF,CAAC;IAED,KAAK,UAAU,qBAAqB,CAAC,KAAgB,EAAE,IAAe;QAClE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC;QAC7C,IAAI,UAAU,GAAG,EAAE;QACnB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC,KAAK,EAAE,KAAK,CAAQ;YACrE,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC;QAC/C,CAAC;QACD,OAAO,UAAU;IACrB,CAAC;IAED,oEAAoE;IACpE,oFAAoF;IACpF,EAAE;IACF,KAAK,UAAU,eAAe,CAAC,KAAgB;QAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE;QAChC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC;QAC9E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC;QACnE,OAAO,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC5D,CAAC;IAED,SAAS,SAAS,CAAC,IAAe;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;QACtB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,EAAE;QACrB,IAAI,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,KAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,GAAG;QAC1D,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG;QACtB,IAAI,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;YACxC,GAAS,CAAC,iDAAiD,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,EAAE,CAAC;YACvE,OAAO,IAAI;QACf,CAAC;QACD,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC,GAAG,CAAC;QAClD,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;YACnB,GAAS,CAAC,kCAAkC,MAAM,EAAE,CAAC;YACrD,OAAO,IAAI;QACf,CAAC;QACD,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,SAAS,sBAAsB,CAAC,EAAa;QACzC,MAAM,MAAM,GAAG,SAAS,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,uDAAuD,EAAE,CAAC,GAAG,EAAE,CAAC;QAC7F,OAAO,sBAAG,CAAC,MAAM,GAAG,qBAAqB,CAAC;IAC9C,CAAC;IACD,2DAA2D;IAE3D,SAAS,uBAAuB,CAAC,eAA0B;QACvD,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,wDAAwD,eAAe,CAAC,GAAG,EAAE,CAAC;QAC3G,OAAO,sBAAG,CAAC,MAAM,GAAG,sBAAsB,CAAC;IAC/C,CAAC;IAED;;;;MAIE;IACF,KAAK,UAAU,mBAAmB,CAC9B,QAAmB,EACnB,KAAgB,EAChB,QAAmB;QAGnB,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC;QACpC,MAAM,GAAG,GAAG;YACR,2EAA2E;YAC3E,qBAAE,CAAC,YAAY,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,KAAK,CAAC;YACrE,qBAAE,CAAC,YAAY,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC;YACvD,qBAAE,CAAC,YAAY,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC;SAC1D;QACD,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,sBAAsB,QAAQ,aAAa,KAAK,KAAK,GAAG,EAAE;YACtE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YACjB,OAAO,IAAI;QACf,CAAC;QACD,OAAO,YAAY;IACvB,CAAC;IAED,KAAK,UAAU,2BAA2B,CAAC,IAAI;QAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAc;QAC/F,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,0DAA0D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACpG,MAAM,UAAU,GAAG,KAAK,CAAC,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;QAC9E,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAC9C,CAAC;IAED,KAAK,UAAU,sBAAsB,CAAC,KAAqB,EAAE,QAA0B;QACnF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK;QACzB,MAAM,OAAO,GAAgB,EAAE;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;aAClF,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;aAClF,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;YAC/D,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;gBACpE,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACjC,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;gBAChD,CAAC;gBACD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;gBAC9E,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;oBAChC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAClC,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,sBAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAG,KAAK,EAAE,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO;IAClB,CAAC;IAED,OAAO;QACH,mBAAmB;QACnB,gBAAgB;QAChB,kBAAkB;QAClB,wBAAwB;QACxB,kBAAkB;QAClB,qBAAqB;QACrB,eAAe;QACf,sBAAsB;QACtB,uBAAuB;QACvB,2BAA2B;QAC3B,sBAAsB;KACzB;AACL,CAAC;;;ACvQ0C;AAQd;AACS;AACG;AAElC,SAAS,kBAAkB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc;IAChE,KAAK,UAAU,eAAe,CAAC,aAAwB;QACrD,IAAI,CAAC;YACH,IAAI,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9C,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,aAAa,CAAC,aAAa,CAAC;gBAC7D,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;gBAC3D,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,mBAAmB,CAAC,aAAa,CAAC;gBAChF,MAAM,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;YACxE,CAAC;YACD,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAS,CAAC,0BAA0B,aAAa,CAAC,KAAK,oBAAoB,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,uBAAuB,CAAC,GAAc;;QACnD,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QACtC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAClC,IAAI,CAAC;oBACH,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE;wBAC/C,IAAI,EAAE,EAAE;wBACR,WAAW,EAAE,aAAa;wBAC1B,OAAO,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE;qBAClC,CAAC;gBACJ,CAAC;gBAAC,OAAO,MAAW,EAAE,CAAC;oBACrB,MAAM,MAAM,GAAG,kBAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,0CAAE,MAAM,mCAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM;oBACzD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;wBACnB,MAAM,GAAG,GAAG,kCAAkC,GAAG,KAAK,MAAM,EAAE;wBAC9D,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC;oBAClC,CAAC;gBACH,CAAC;gBACD,OAAO,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YACtC,CAAC;YACD,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAClC,MAAM,IAAI,iBAAiB,EAAE;YAC/B,CAAC;YACD,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAClC,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzB,MAAM,IAAI,yBAAyB,EAAE;gBACvC,CAAC;gBACD,MAAM,IAAI,wBAAwB,EAAE;YACtC,CAAC;YACD,MAAM,GAAG,GAAG,qCAAqC,GAAG,KAAK,GAAG,EAAE;YAC9D,MAAM,IAAI,UAAU,CAAC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,EAAE,GAAG,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,OAAO,KAAI,EAAE,GAAG,GAAG,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IAED,KAAK,UAAU,+BAA+B,CAAC,GAAc,EAAE,IAAY;;QACzE,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YAC7B,OAAO,KAAK;QACd,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,eAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,mCAAI,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM;YACnD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,MAAM,GAAG;YACX,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE;gBAC/C,IAAI;gBACJ,WAAW,EAAE,aAAa;gBAC1B,OAAO,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE;aAClC,CAAC;YACF,OAAO,IAAI;QACb,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,eAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,mCAAI,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM;YACnD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,qEAAqE;gBACrE,OAAO,KAAK;YACd,CAAC;YACD,MAAM,GAAG;QACX,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,kBAAkB,CAC/B,OAAkB,EAClB,SAAoB,EACpB,MAAiB,EACjB,GAAc;QAEd,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC;QAEvD,IAAI,MAAM;YAAE,OAAO,MAAmB;QACtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,mCAAmC,GAAG,CAAC,KAAK,EAAE;YAC1D,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,qBAAE,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,4CAA4C,GAAG,OAAO,MAAM,KAAK,GAAG,EAAE;YAClF,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC;QAClC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,uBAAuB,CAAC,MAAM,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAU,CAAC,oEAAoE,MAAM,KAAK,GAAG,EAAE,CAAC;YAChG,MAAM,GAAG;QACX,CAAC;QACD,OAAO,MAAM;IACf,CAAC;IAED,KAAK,UAAU,qCAAqC,CAClD,OAAkB,EAClB,SAAoB,EACpB,MAAiB,EACjB,GAAc,EACd,IAAY;QAEZ,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC;QAEvD,IAAI,MAAM;YAAE,OAAO,MAAmB;QACtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,sDAAsD,GAAG,CAAC,KAAK,EAAE;YAC7E,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,qBAAE,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,+DAA+D,GAAG,OAAO,MAAM,KAAK,GAAG,EAAE;YACrG,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC;QAClC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,+BAA+B,CAAC,MAAM,EAAE,IAAI,CAAC;QACrD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAU,CAAC,uFAAuF,MAAM,KAAK,GAAG,EAAE,CAAC;YACnH,MAAM,GAAG;QACX,CAAC;QACD,OAAO,MAAM;IACf,CAAC;IAED,cAAc;IACd,iGAAiG;IACjG,KAAK,UAAU,mBAAmB,CAAC,OAMlC;QACC,IAAI,GAAG,GAAG;YACR,gDAAgD;YAChD,EAAE;YACF,8CAA8C,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI;YAC1E,mBAAmB,OAAO,CAAC,MAAM,IAAI;YACrC,kBAAkB,OAAO,CAAC,MAAM,IAAI;YACpC,8CAA8C;YAC9C,EAAE;SACH,CAAC,IAAI,CAAC,IAAI,CAAC;QAEZ,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1B,GAAG,IAAI;gBACL,qCAAqC;gBACrC,gBAAgB,OAAO,CAAC,SAAS,IAAI;gBACrC,mBAAmB,OAAO,CAAC,MAAM,IAAI;gBACrC,cAAc,OAAO,CAAC,aAAa,GAAG;gBACtC,EAAE;aACH,CAAC,IAAI,CAAC,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,GAAG,IAAI;gBACL,oCAAoC;gBACpC,gBAAgB,OAAO,CAAC,SAAS,IAAI;gBACrC,kBAAkB,OAAO,CAAC,MAAM,IAAI;gBACpC,cAAc,OAAO,CAAC,YAAY,GAAG;gBACrC,EAAE;aACH,CAAC,IAAI,CAAC,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,aAAa,CAAC,sBAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACnE,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,CAAC,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,iBAAiB,CAAC,GAAc,EAAE,OAAe;QAC9D,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE;YAC/C,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,IAAI,OAAO,IAAI;YACpC,WAAW,EAAE,aAAa;SAC3B,CAAC;IACJ,CAAC;IAED,OAAO;QACL,eAAe;QACf,mBAAmB;QACnB,iBAAiB;QACjB,kBAAkB;QAClB,qCAAqC;QACrC,uBAAuB;QACvB,+BAA+B;KAChC;AACH,CAAC;;;ACnO4B;AAEmB;AACU;AACP;AACG;AACM;AACM;AACL;AACJ;AAEnB;AACtC;;;;;EAKE;AACK,SAAS,gBAAgB,CAAC,YAA4D,EAAE,OAAgB;IAE3G,GAAS,CAAC,0EAA0E,CAAC;IACrF,MAAM,KAAK,GAAc,oBAAS,EAAe;IACjD,sBAAW,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,YAAY,CAAC,KAAK,EAAC,CAAC,EAAC,yCAAyC;IACzF,KAAK,CAAC,OAAO,GAAG,IAAI,4BAAiB,CAAC,KAAK,CAAC,EAAC,2CAA2C;IACxF,KAAK,CAAC,QAAQ,GAAG,EAAE,EAAC,+CAA+C;IAEnE,MAAM,KAAK,GAAe,IAAI,eAAe,CAAC,OAAO,CAAC;IAEtD,MAAM,GAAG,GAAG,cAAc,CAAC,KAAK,CAAC;IACjC,MAAM,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC;IAClD,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,EAAE,GAAG,EAAE,cAAc,CAAC;IACnE,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC;IAC9D,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC;IAC5C,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,GAAG,CAAC;IACjF,MAAM,SAAS,GAAG,oBAAoB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,CAAC;IAC3E,GAAS,CAAC,6BAA6B,CAAC;IAExC,SAAS,IAAI,CAAC,GAAqC;QAC/C,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;IAClC,CAAC;IAED,qEAAqE;IACrE,SAAS,aAAa,CAClB,GAAqB,EACrB,MAAwB,EAAE;QAE1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACvC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,IAAI,EAAE,EAAE,EAAE,SAAS;gBACxD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;gBAC5B,CAAC;qBAAM,CAAC;oBACR,OAAO,EAAE;gBACT,CAAC;YACL,CAAC,CAAC,EAAC,WAAW;QACd,CAAC,CAAC,EAAC,UAAU;IACjB,CAAC;IAED,SAAS,UAAU;QACf,KAAK,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO;QACH,KAAK;QACL,KAAK;QACL,GAAG;QACH,KAAK;QACL,IAAI;QACJ,OAAO;QACP,SAAS;QACT,IAAI;QACJ,aAAa;QACb,UAAU;KACb;AACL,CAAC;;;AC1EqC;AACkB;AACT;AAG/C,MAAM,MAAM,GAAG,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE;IACtC,MAAM,SAAS,GAAG,WAAW,IAAI,WAAW,CAAC,WAAW,IAAI,WAAW,CAAC,WAAW,IAAI,MAAM;IAC7F,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,oDAAoD;QAC5F,uDAAuD;QACvD,OAAO,WAAW,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC;IAC9C,CAAC;SAAM,CAAC;QACJ,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC;IACzC,CAAC;AACL,CAAC;AAED,0EAA0E;AAC1E,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAO5D,MAAM,YAAY,GAAG,CAAC,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,qBAAM,CAAwB;AAE7F,SAAS,oBAAoB;IACzB,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,GAAS,CAAC,qDAAqD,CAAC;QAChE,YAAY,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,WAAW,CAAC;QACjF,GAAS,CAAC,+BAA+B,CAAC;IAC9C,CAAC;SAAM,CAAC;QACJ,GAAS,CAAC,uDAAuD,CAAC;IACtE,CAAC;IACD,OAAO,YAAY,CAAC,gBAAgB,CAAE;AAC1C,CAAC;AACD,mEAAmE;AACnE,MAAM,mBAAmB,GAAG,oBAAoB,EAAE;AAEpB;;;ACtC9B,MAAM,eAAe,GAAG;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,GAAG,EAAE,4BAA4B;KAClC;IACD;QACE,IAAI,EAAE,WAAW;QACjB,GAAG,EAAE,sBAAsB;KAC5B;IACD;QACE,IAAI,EAAE,cAAc;QACpB,GAAG,EAAE,qBAAqB;KAC3B;IACD;QACE,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,0BAA0B;KAChC;CACF;AAED;;GAEG;AACI,SAAS,mBAAmB;IAC/B,yCAAyC;IACzC,MAAM,OAAO,GAAG,CAAC,GAAG,eAAe,CAAC;IAEpC,mDAAmD;IACnD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IACzD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC;QACpF,OAAO,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,OAAO,OAAO;AAChB,CAAC;AAEH,SAAS,aAAa,CAAE,SAAiB,EAAE,MAAc;IACrD,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC;IAChD,OAAO,GAAG,GAAG,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;AAC1E,CAAC;;;ACvCD,mFAAmF;AACnF,8DAA8D;AACG;AAEjE,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK;AACvC,MAAM,eAAW,GAAG,mBAAmB,CAAC,KAAK,CAAC,WAAW;AACzD,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK;AAEE;AACmB;AACF;AACO;AAE2G;AAO3K","sources":["webpack://SolidLogic/webpack/universalModuleDefinition","webpack://SolidLogic/./node_modules/events/events.js","webpack://SolidLogic/./node_modules/solid-namespace/index.js","webpack://SolidLogic/external umd \"$rdf\"","webpack://SolidLogic/webpack/bootstrap","webpack://SolidLogic/webpack/runtime/compat get default export","webpack://SolidLogic/webpack/runtime/define property getters","webpack://SolidLogic/webpack/runtime/global","webpack://SolidLogic/webpack/runtime/hasOwnProperty shorthand","webpack://SolidLogic/webpack/runtime/make namespace object","webpack://SolidLogic/./src/util/debug.ts","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/buffer_utils.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/base64url.js","webpack://SolidLogic/./node_modules/jose/dist/browser/util/errors.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/subtle_dsa.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/webcrypto.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/check_key_length.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/crypto_key.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/invalid_key_input.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/is_key_like.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/is_object.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/is_jwk.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/jwk_to_key.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/normalize_key.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/get_sign_verify_key.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/verify.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/is_disjoint.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/check_key_type.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/validate_crit.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/validate_algorithms.js","webpack://SolidLogic/./node_modules/jose/dist/browser/key/import.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jws/flattened/verify.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jws/compact/verify.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/epoch.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/secs.js","webpack://SolidLogic/./node_modules/jose/dist/browser/lib/jwt_claims_set.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jwt/verify.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/fetch_jwks.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jwks/local.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jwks/remote.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/key_to_jwk.js","webpack://SolidLogic/./node_modules/jose/dist/browser/key/export.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/sign.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jws/flattened/sign.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jws/compact/sign.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jwt/produce.js","webpack://SolidLogic/./node_modules/jose/dist/browser/jwt/sign.js","webpack://SolidLogic/./node_modules/jose/dist/browser/runtime/generate.js","webpack://SolidLogic/./node_modules/jose/dist/browser/key/generate_key_pair.js","webpack://SolidLogic/./node_modules/uuid/dist/esm-browser/native.js","webpack://SolidLogic/./node_modules/uuid/dist/esm-browser/rng.js","webpack://SolidLogic/./node_modules/uuid/dist/esm-browser/stringify.js","webpack://SolidLogic/./node_modules/uuid/dist/esm-browser/v4.js","webpack://SolidLogic/./node_modules/@inrupt/solid-client-authn-core/dist/index.mjs","webpack://SolidLogic/./node_modules/jwt-decode/build/esm/index.js","webpack://SolidLogic/./node_modules/oidc-client-ts/dist/esm/oidc-client-ts.js","webpack://SolidLogic/./node_modules/@inrupt/oidc-client-ext/dist/index.es.js","webpack://SolidLogic/./node_modules/@inrupt/solid-client-authn-browser/dist/index.mjs","webpack://SolidLogic/./src/authSession/authSession.ts","webpack://SolidLogic/./src/util/ns.ts","webpack://SolidLogic/./src/acl/aclLogic.ts","webpack://SolidLogic/./src/authn/authUtil.ts","webpack://SolidLogic/./src/authn/SolidAuthnLogic.ts","webpack://SolidLogic/./src/util/utils.ts","webpack://SolidLogic/./src/chat/chatLogic.ts","webpack://SolidLogic/./src/inbox/inboxLogic.ts","webpack://SolidLogic/./src/logic/CustomError.ts","webpack://SolidLogic/./src/typeIndex/typeIndexDocuments.ts","webpack://SolidLogic/./src/typeIndex/typeIndexAclDocuments.ts","webpack://SolidLogic/./src/profile/profileDocuments.ts","webpack://SolidLogic/./src/profile/profileAclDocuments.ts","webpack://SolidLogic/./src/util/containerLogic.ts","webpack://SolidLogic/./src/profile/profileLogic.ts","webpack://SolidLogic/./src/typeIndex/typeIndexLogic.ts","webpack://SolidLogic/./src/util/utilityLogic.ts","webpack://SolidLogic/./src/logic/solidLogic.ts","webpack://SolidLogic/./src/logic/solidLogicSingleton.ts","webpack://SolidLogic/./src/issuer/issuerLogic.ts","webpack://SolidLogic/./src/index.ts"],"sourcesContent":["(function webpackUniversalModuleDefinition(root, factory) {\n\tif(typeof exports === 'object' && typeof module === 'object')\n\t\tmodule.exports = factory(require(\"$rdf\"));\n\telse if(typeof define === 'function' && define.amd)\n\t\tdefine(\"SolidLogic\", [\"$rdf\"], factory);\n\telse if(typeof exports === 'object')\n\t\texports[\"SolidLogic\"] = factory(require(\"$rdf\"));\n\telse\n\t\troot[\"SolidLogic\"] = factory(root[\"$rdf\"]);\n})(this, (__WEBPACK_EXTERNAL_MODULE__264__) => {\nreturn ","// Copyright Joyent, Inc. and other Node contributors.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n'use strict';\n\nvar R = typeof Reflect === 'object' ? Reflect : null\nvar ReflectApply = R && typeof R.apply === 'function'\n ? R.apply\n : function ReflectApply(target, receiver, args) {\n return Function.prototype.apply.call(target, receiver, args);\n }\n\nvar ReflectOwnKeys\nif (R && typeof R.ownKeys === 'function') {\n ReflectOwnKeys = R.ownKeys\n} else if (Object.getOwnPropertySymbols) {\n ReflectOwnKeys = function ReflectOwnKeys(target) {\n return Object.getOwnPropertyNames(target)\n .concat(Object.getOwnPropertySymbols(target));\n };\n} else {\n ReflectOwnKeys = function ReflectOwnKeys(target) {\n return Object.getOwnPropertyNames(target);\n };\n}\n\nfunction ProcessEmitWarning(warning) {\n if (console && console.warn) console.warn(warning);\n}\n\nvar NumberIsNaN = Number.isNaN || function NumberIsNaN(value) {\n return value !== value;\n}\n\nfunction EventEmitter() {\n EventEmitter.init.call(this);\n}\nmodule.exports = EventEmitter;\nmodule.exports.once = once;\n\n// Backwards-compat with node 0.10.x\nEventEmitter.EventEmitter = EventEmitter;\n\nEventEmitter.prototype._events = undefined;\nEventEmitter.prototype._eventsCount = 0;\nEventEmitter.prototype._maxListeners = undefined;\n\n// By default EventEmitters will print a warning if more than 10 listeners are\n// added to it. This is a useful default which helps finding memory leaks.\nvar defaultMaxListeners = 10;\n\nfunction checkListener(listener) {\n if (typeof listener !== 'function') {\n throw new TypeError('The \"listener\" argument must be of type Function. Received type ' + typeof listener);\n }\n}\n\nObject.defineProperty(EventEmitter, 'defaultMaxListeners', {\n enumerable: true,\n get: function() {\n return defaultMaxListeners;\n },\n set: function(arg) {\n if (typeof arg !== 'number' || arg < 0 || NumberIsNaN(arg)) {\n throw new RangeError('The value of \"defaultMaxListeners\" is out of range. It must be a non-negative number. Received ' + arg + '.');\n }\n defaultMaxListeners = arg;\n }\n});\n\nEventEmitter.init = function() {\n\n if (this._events === undefined ||\n this._events === Object.getPrototypeOf(this)._events) {\n this._events = Object.create(null);\n this._eventsCount = 0;\n }\n\n this._maxListeners = this._maxListeners || undefined;\n};\n\n// Obviously not all Emitters should be limited to 10. This function allows\n// that to be increased. Set to zero for unlimited.\nEventEmitter.prototype.setMaxListeners = function setMaxListeners(n) {\n if (typeof n !== 'number' || n < 0 || NumberIsNaN(n)) {\n throw new RangeError('The value of \"n\" is out of range. It must be a non-negative number. Received ' + n + '.');\n }\n this._maxListeners = n;\n return this;\n};\n\nfunction _getMaxListeners(that) {\n if (that._maxListeners === undefined)\n return EventEmitter.defaultMaxListeners;\n return that._maxListeners;\n}\n\nEventEmitter.prototype.getMaxListeners = function getMaxListeners() {\n return _getMaxListeners(this);\n};\n\nEventEmitter.prototype.emit = function emit(type) {\n var args = [];\n for (var i = 1; i < arguments.length; i++) args.push(arguments[i]);\n var doError = (type === 'error');\n\n var events = this._events;\n if (events !== undefined)\n doError = (doError && events.error === undefined);\n else if (!doError)\n return false;\n\n // If there is no 'error' event listener then throw.\n if (doError) {\n var er;\n if (args.length > 0)\n er = args[0];\n if (er instanceof Error) {\n // Note: The comments on the `throw` lines are intentional, they show\n // up in Node's output if this results in an unhandled exception.\n throw er; // Unhandled 'error' event\n }\n // At least give some kind of context to the user\n var err = new Error('Unhandled error.' + (er ? ' (' + er.message + ')' : ''));\n err.context = er;\n throw err; // Unhandled 'error' event\n }\n\n var handler = events[type];\n\n if (handler === undefined)\n return false;\n\n if (typeof handler === 'function') {\n ReflectApply(handler, this, args);\n } else {\n var len = handler.length;\n var listeners = arrayClone(handler, len);\n for (var i = 0; i < len; ++i)\n ReflectApply(listeners[i], this, args);\n }\n\n return true;\n};\n\nfunction _addListener(target, type, listener, prepend) {\n var m;\n var events;\n var existing;\n\n checkListener(listener);\n\n events = target._events;\n if (events === undefined) {\n events = target._events = Object.create(null);\n target._eventsCount = 0;\n } else {\n // To avoid recursion in the case that type === \"newListener\"! Before\n // adding it to the listeners, first emit \"newListener\".\n if (events.newListener !== undefined) {\n target.emit('newListener', type,\n listener.listener ? listener.listener : listener);\n\n // Re-assign `events` because a newListener handler could have caused the\n // this._events to be assigned to a new object\n events = target._events;\n }\n existing = events[type];\n }\n\n if (existing === undefined) {\n // Optimize the case of one listener. Don't need the extra array object.\n existing = events[type] = listener;\n ++target._eventsCount;\n } else {\n if (typeof existing === 'function') {\n // Adding the second element, need to change to array.\n existing = events[type] =\n prepend ? [listener, existing] : [existing, listener];\n // If we've already got an array, just append.\n } else if (prepend) {\n existing.unshift(listener);\n } else {\n existing.push(listener);\n }\n\n // Check for listener leak\n m = _getMaxListeners(target);\n if (m > 0 && existing.length > m && !existing.warned) {\n existing.warned = true;\n // No error code for this since it is a Warning\n // eslint-disable-next-line no-restricted-syntax\n var w = new Error('Possible EventEmitter memory leak detected. ' +\n existing.length + ' ' + String(type) + ' listeners ' +\n 'added. Use emitter.setMaxListeners() to ' +\n 'increase limit');\n w.name = 'MaxListenersExceededWarning';\n w.emitter = target;\n w.type = type;\n w.count = existing.length;\n ProcessEmitWarning(w);\n }\n }\n\n return target;\n}\n\nEventEmitter.prototype.addListener = function addListener(type, listener) {\n return _addListener(this, type, listener, false);\n};\n\nEventEmitter.prototype.on = EventEmitter.prototype.addListener;\n\nEventEmitter.prototype.prependListener =\n function prependListener(type, listener) {\n return _addListener(this, type, listener, true);\n };\n\nfunction onceWrapper() {\n if (!this.fired) {\n this.target.removeListener(this.type, this.wrapFn);\n this.fired = true;\n if (arguments.length === 0)\n return this.listener.call(this.target);\n return this.listener.apply(this.target, arguments);\n }\n}\n\nfunction _onceWrap(target, type, listener) {\n var state = { fired: false, wrapFn: undefined, target: target, type: type, listener: listener };\n var wrapped = onceWrapper.bind(state);\n wrapped.listener = listener;\n state.wrapFn = wrapped;\n return wrapped;\n}\n\nEventEmitter.prototype.once = function once(type, listener) {\n checkListener(listener);\n this.on(type, _onceWrap(this, type, listener));\n return this;\n};\n\nEventEmitter.prototype.prependOnceListener =\n function prependOnceListener(type, listener) {\n checkListener(listener);\n this.prependListener(type, _onceWrap(this, type, listener));\n return this;\n };\n\n// Emits a 'removeListener' event if and only if the listener was removed.\nEventEmitter.prototype.removeListener =\n function removeListener(type, listener) {\n var list, events, position, i, originalListener;\n\n checkListener(listener);\n\n events = this._events;\n if (events === undefined)\n return this;\n\n list = events[type];\n if (list === undefined)\n return this;\n\n if (list === listener || list.listener === listener) {\n if (--this._eventsCount === 0)\n this._events = Object.create(null);\n else {\n delete events[type];\n if (events.removeListener)\n this.emit('removeListener', type, list.listener || listener);\n }\n } else if (typeof list !== 'function') {\n position = -1;\n\n for (i = list.length - 1; i >= 0; i--) {\n if (list[i] === listener || list[i].listener === listener) {\n originalListener = list[i].listener;\n position = i;\n break;\n }\n }\n\n if (position < 0)\n return this;\n\n if (position === 0)\n list.shift();\n else {\n spliceOne(list, position);\n }\n\n if (list.length === 1)\n events[type] = list[0];\n\n if (events.removeListener !== undefined)\n this.emit('removeListener', type, originalListener || listener);\n }\n\n return this;\n };\n\nEventEmitter.prototype.off = EventEmitter.prototype.removeListener;\n\nEventEmitter.prototype.removeAllListeners =\n function removeAllListeners(type) {\n var listeners, events, i;\n\n events = this._events;\n if (events === undefined)\n return this;\n\n // not listening for removeListener, no need to emit\n if (events.removeListener === undefined) {\n if (arguments.length === 0) {\n this._events = Object.create(null);\n this._eventsCount = 0;\n } else if (events[type] !== undefined) {\n if (--this._eventsCount === 0)\n this._events = Object.create(null);\n else\n delete events[type];\n }\n return this;\n }\n\n // emit removeListener for all listeners on all events\n if (arguments.length === 0) {\n var keys = Object.keys(events);\n var key;\n for (i = 0; i < keys.length; ++i) {\n key = keys[i];\n if (key === 'removeListener') continue;\n this.removeAllListeners(key);\n }\n this.removeAllListeners('removeListener');\n this._events = Object.create(null);\n this._eventsCount = 0;\n return this;\n }\n\n listeners = events[type];\n\n if (typeof listeners === 'function') {\n this.removeListener(type, listeners);\n } else if (listeners !== undefined) {\n // LIFO order\n for (i = listeners.length - 1; i >= 0; i--) {\n this.removeListener(type, listeners[i]);\n }\n }\n\n return this;\n };\n\nfunction _listeners(target, type, unwrap) {\n var events = target._events;\n\n if (events === undefined)\n return [];\n\n var evlistener = events[type];\n if (evlistener === undefined)\n return [];\n\n if (typeof evlistener === 'function')\n return unwrap ? [evlistener.listener || evlistener] : [evlistener];\n\n return unwrap ?\n unwrapListeners(evlistener) : arrayClone(evlistener, evlistener.length);\n}\n\nEventEmitter.prototype.listeners = function listeners(type) {\n return _listeners(this, type, true);\n};\n\nEventEmitter.prototype.rawListeners = function rawListeners(type) {\n return _listeners(this, type, false);\n};\n\nEventEmitter.listenerCount = function(emitter, type) {\n if (typeof emitter.listenerCount === 'function') {\n return emitter.listenerCount(type);\n } else {\n return listenerCount.call(emitter, type);\n }\n};\n\nEventEmitter.prototype.listenerCount = listenerCount;\nfunction listenerCount(type) {\n var events = this._events;\n\n if (events !== undefined) {\n var evlistener = events[type];\n\n if (typeof evlistener === 'function') {\n return 1;\n } else if (evlistener !== undefined) {\n return evlistener.length;\n }\n }\n\n return 0;\n}\n\nEventEmitter.prototype.eventNames = function eventNames() {\n return this._eventsCount > 0 ? ReflectOwnKeys(this._events) : [];\n};\n\nfunction arrayClone(arr, n) {\n var copy = new Array(n);\n for (var i = 0; i < n; ++i)\n copy[i] = arr[i];\n return copy;\n}\n\nfunction spliceOne(list, index) {\n for (; index + 1 < list.length; index++)\n list[index] = list[index + 1];\n list.pop();\n}\n\nfunction unwrapListeners(arr) {\n var ret = new Array(arr.length);\n for (var i = 0; i < ret.length; ++i) {\n ret[i] = arr[i].listener || arr[i];\n }\n return ret;\n}\n\nfunction once(emitter, name) {\n return new Promise(function (resolve, reject) {\n function errorListener(err) {\n emitter.removeListener(name, resolver);\n reject(err);\n }\n\n function resolver() {\n if (typeof emitter.removeListener === 'function') {\n emitter.removeListener('error', errorListener);\n }\n resolve([].slice.call(arguments));\n };\n\n eventTargetAgnosticAddListener(emitter, name, resolver, { once: true });\n if (name !== 'error') {\n addErrorHandlerIfEventEmitter(emitter, errorListener, { once: true });\n }\n });\n}\n\nfunction addErrorHandlerIfEventEmitter(emitter, handler, flags) {\n if (typeof emitter.on === 'function') {\n eventTargetAgnosticAddListener(emitter, 'error', handler, flags);\n }\n}\n\nfunction eventTargetAgnosticAddListener(emitter, name, listener, flags) {\n if (typeof emitter.on === 'function') {\n if (flags.once) {\n emitter.once(name, listener);\n } else {\n emitter.on(name, listener);\n }\n } else if (typeof emitter.addEventListener === 'function') {\n // EventTarget does not have `error` event semantics like Node\n // EventEmitters, we do not listen for `error` events here.\n emitter.addEventListener(name, function wrapListener(arg) {\n // IE does not have builtin `{ once: true }` support so we\n // have to do it manually.\n if (flags.once) {\n emitter.removeEventListener(name, wrapListener);\n }\n listener(arg);\n });\n } else {\n throw new TypeError('The \"emitter\" argument must be of type EventEmitter. Received type ' + typeof emitter);\n }\n}\n","/**\n * Provides a way to access commonly used namespaces\n *\n * Usage:\n *\n * ```\n * const $rdf = require('rdflib'); //or any other RDF/JS-compatible library\n * const ns = require('solid-namespace')($rdf);\n * const store = $rdf.graph();\n *\n * let me = ...;\n * let name = store.any(me, ns.vcard(‘fn’)) || store.any(me, ns.foaf(‘name’));\n * ```\n * @module vocab\n */\nconst aliases = {\n acl: 'http://www.w3.org/ns/auth/acl#',\n arg: 'http://www.w3.org/ns/pim/arg#',\n as: 'https://www.w3.org/ns/activitystreams#',\n bookmark: 'http://www.w3.org/2002/01/bookmark#',\n cal: 'http://www.w3.org/2002/12/cal/ical#',\n cco: 'http://www.ontologyrepository.com/CommonCoreOntologies/',\n cert: 'http://www.w3.org/ns/auth/cert#',\n contact: 'http://www.w3.org/2000/10/swap/pim/contact#',\n dc: 'http://purl.org/dc/elements/1.1/',\n dct: 'http://purl.org/dc/terms/',\n doap: 'http://usefulinc.com/ns/doap#',\n foaf: 'http://xmlns.com/foaf/0.1/',\n geo: 'http://www.w3.org/2003/01/geo/wgs84_pos#',\n gpx: 'http://www.w3.org/ns/pim/gpx#',\n gr: 'http://purl.org/goodrelations/v1#',\n http: 'http://www.w3.org/2007/ont/http#',\n httph: 'http://www.w3.org/2007/ont/httph#',\n icalTZ: 'http://www.w3.org/2002/12/cal/icaltzd#', // Beware: not cal:\n ldp: 'http://www.w3.org/ns/ldp#',\n link: 'http://www.w3.org/2007/ont/link#',\n log: 'http://www.w3.org/2000/10/swap/log#',\n meeting: 'http://www.w3.org/ns/pim/meeting#',\n mo: 'http://purl.org/ontology/mo/',\n org: 'http://www.w3.org/ns/org#',\n owl: 'http://www.w3.org/2002/07/owl#',\n pad: 'http://www.w3.org/ns/pim/pad#',\n patch: 'http://www.w3.org/ns/pim/patch#',\n prov: 'http://www.w3.org/ns/prov#',\n pto: 'http://www.productontology.org/id/',\n qu: 'http://www.w3.org/2000/10/swap/pim/qif#',\n trip: 'http://www.w3.org/ns/pim/trip#',\n rdf: 'http://www.w3.org/1999/02/22-rdf-syntax-ns#',\n rdfs: 'http://www.w3.org/2000/01/rdf-schema#',\n rss: 'http://purl.org/rss/1.0/',\n sched: 'http://www.w3.org/ns/pim/schedule#',\n schema: 'http://schema.org/', // @@ beware confusion with documents no 303\n sioc: 'http://rdfs.org/sioc/ns#',\n skos: 'http://www.w3.org/2004/02/skos/core#',\n solid: 'http://www.w3.org/ns/solid/terms#',\n space: 'http://www.w3.org/ns/pim/space#',\n stat: 'http://www.w3.org/ns/posix/stat#',\n tab: 'http://www.w3.org/2007/ont/link#',\n tabont: 'http://www.w3.org/2007/ont/link#',\n ui: 'http://www.w3.org/ns/ui#',\n vann: 'http://purl.org/vocab/vann/',\n vcard: 'http://www.w3.org/2006/vcard/ns#',\n wf: 'http://www.w3.org/2005/01/wf/flow#',\n xsd: 'http://www.w3.org/2001/XMLSchema#',\n}\n\n/**\n * @param [rdflib] {RDF} Optional RDF Library (such as rdflib.js or rdf-ext) to inject\n */\nfunction vocab (rdf = { namedNode: u => u }) {\n const namespaces = {}\n for (const alias in aliases) {\n const expansion = aliases[alias]\n namespaces[alias] = function (localName = '') {\n return rdf.namedNode(expansion + localName)\n }\n };\n\n return namespaces\n};\n\nmodule.exports = vocab\n","module.exports = __WEBPACK_EXTERNAL_MODULE__264__;","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\t__webpack_modules__[moduleId](module, module.exports, __webpack_require__);\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","// getDefaultExport function for compatibility with non-harmony modules\n__webpack_require__.n = (module) => {\n\tvar getter = module && module.__esModule ?\n\t\t() => (module['default']) :\n\t\t() => (module);\n\t__webpack_require__.d(getter, { a: getter });\n\treturn getter;\n};","// define getter functions for harmony exports\n__webpack_require__.d = (exports, definition) => {\n\tfor(var key in definition) {\n\t\tif(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {\n\t\t\tObject.defineProperty(exports, key, { enumerable: true, get: definition[key] });\n\t\t}\n\t}\n};","__webpack_require__.g = (function() {\n\tif (typeof globalThis === 'object') return globalThis;\n\ttry {\n\t\treturn this || new Function('return this')();\n\t} catch (e) {\n\t\tif (typeof window === 'object') return window;\n\t}\n})();","__webpack_require__.o = (obj, prop) => (Object.prototype.hasOwnProperty.call(obj, prop))","// define __esModule on exports\n__webpack_require__.r = (exports) => {\n\tif(typeof Symbol !== 'undefined' && Symbol.toStringTag) {\n\t\tObject.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });\n\t}\n\tObject.defineProperty(exports, '__esModule', { value: true });\n};","\nexport function log(...args: any[]): void {\n console.log(...args)\n}\n\nexport function warn(...args: any[]): void {\n console.warn(...args)\n}\n\nexport function error(...args: any[]): void {\n console.error(...args)\n}\n\nexport function trace(...args: any[]): void {\n console.trace(...args)\n}\n","import digest from '../runtime/digest.js';\nexport const encoder = new TextEncoder();\nexport const decoder = new TextDecoder();\nconst MAX_INT32 = 2 ** 32;\nexport function concat(...buffers) {\n const size = buffers.reduce((acc, { length }) => acc + length, 0);\n const buf = new Uint8Array(size);\n let i = 0;\n for (const buffer of buffers) {\n buf.set(buffer, i);\n i += buffer.length;\n }\n return buf;\n}\nexport function p2s(alg, p2sInput) {\n return concat(encoder.encode(alg), new Uint8Array([0]), p2sInput);\n}\nfunction writeUInt32BE(buf, value, offset) {\n if (value < 0 || value >= MAX_INT32) {\n throw new RangeError(`value must be >= 0 and <= ${MAX_INT32 - 1}. Received ${value}`);\n }\n buf.set([value >>> 24, value >>> 16, value >>> 8, value & 0xff], offset);\n}\nexport function uint64be(value) {\n const high = Math.floor(value / MAX_INT32);\n const low = value % MAX_INT32;\n const buf = new Uint8Array(8);\n writeUInt32BE(buf, high, 0);\n writeUInt32BE(buf, low, 4);\n return buf;\n}\nexport function uint32be(value) {\n const buf = new Uint8Array(4);\n writeUInt32BE(buf, value);\n return buf;\n}\nexport function lengthAndInput(input) {\n return concat(uint32be(input.length), input);\n}\nexport async function concatKdf(secret, bits, value) {\n const iterations = Math.ceil((bits >> 3) / 32);\n const res = new Uint8Array(iterations * 32);\n for (let iter = 0; iter < iterations; iter++) {\n const buf = new Uint8Array(4 + secret.length + value.length);\n buf.set(uint32be(iter + 1));\n buf.set(secret, 4);\n buf.set(value, 4 + secret.length);\n res.set(await digest('sha256', buf), iter * 32);\n }\n return res.slice(0, bits >> 3);\n}\n","import { encoder, decoder } from '../lib/buffer_utils.js';\nexport const encodeBase64 = (input) => {\n let unencoded = input;\n if (typeof unencoded === 'string') {\n unencoded = encoder.encode(unencoded);\n }\n const CHUNK_SIZE = 0x8000;\n const arr = [];\n for (let i = 0; i < unencoded.length; i += CHUNK_SIZE) {\n arr.push(String.fromCharCode.apply(null, unencoded.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(arr.join(''));\n};\nexport const encode = (input) => {\n return encodeBase64(input).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\nexport const decodeBase64 = (encoded) => {\n const binary = atob(encoded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n};\nexport const decode = (input) => {\n let encoded = input;\n if (encoded instanceof Uint8Array) {\n encoded = decoder.decode(encoded);\n }\n encoded = encoded.replace(/-/g, '+').replace(/_/g, '/').replace(/\\s/g, '');\n try {\n return decodeBase64(encoded);\n }\n catch {\n throw new TypeError('The input to be decoded is not correctly encoded.');\n }\n};\n","export class JOSEError extends Error {\n constructor(message, options) {\n super(message, options);\n this.code = 'ERR_JOSE_GENERIC';\n this.name = this.constructor.name;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nJOSEError.code = 'ERR_JOSE_GENERIC';\nexport class JWTClaimValidationFailed extends JOSEError {\n constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {\n super(message, { cause: { claim, reason, payload } });\n this.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\n this.claim = claim;\n this.reason = reason;\n this.payload = payload;\n }\n}\nJWTClaimValidationFailed.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\nexport class JWTExpired extends JOSEError {\n constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {\n super(message, { cause: { claim, reason, payload } });\n this.code = 'ERR_JWT_EXPIRED';\n this.claim = claim;\n this.reason = reason;\n this.payload = payload;\n }\n}\nJWTExpired.code = 'ERR_JWT_EXPIRED';\nexport class JOSEAlgNotAllowed extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_ALG_NOT_ALLOWED';\n }\n}\nJOSEAlgNotAllowed.code = 'ERR_JOSE_ALG_NOT_ALLOWED';\nexport class JOSENotSupported extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_NOT_SUPPORTED';\n }\n}\nJOSENotSupported.code = 'ERR_JOSE_NOT_SUPPORTED';\nexport class JWEDecryptionFailed extends JOSEError {\n constructor(message = 'decryption operation failed', options) {\n super(message, options);\n this.code = 'ERR_JWE_DECRYPTION_FAILED';\n }\n}\nJWEDecryptionFailed.code = 'ERR_JWE_DECRYPTION_FAILED';\nexport class JWEInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWE_INVALID';\n }\n}\nJWEInvalid.code = 'ERR_JWE_INVALID';\nexport class JWSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWS_INVALID';\n }\n}\nJWSInvalid.code = 'ERR_JWS_INVALID';\nexport class JWTInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWT_INVALID';\n }\n}\nJWTInvalid.code = 'ERR_JWT_INVALID';\nexport class JWKInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWK_INVALID';\n }\n}\nJWKInvalid.code = 'ERR_JWK_INVALID';\nexport class JWKSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWKS_INVALID';\n }\n}\nJWKSInvalid.code = 'ERR_JWKS_INVALID';\nexport class JWKSNoMatchingKey extends JOSEError {\n constructor(message = 'no applicable key found in the JSON Web Key Set', options) {\n super(message, options);\n this.code = 'ERR_JWKS_NO_MATCHING_KEY';\n }\n}\nJWKSNoMatchingKey.code = 'ERR_JWKS_NO_MATCHING_KEY';\nexport class JWKSMultipleMatchingKeys extends JOSEError {\n constructor(message = 'multiple matching keys found in the JSON Web Key Set', options) {\n super(message, options);\n this.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\n }\n}\nSymbol.asyncIterator;\nJWKSMultipleMatchingKeys.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\nexport class JWKSTimeout extends JOSEError {\n constructor(message = 'request timed out', options) {\n super(message, options);\n this.code = 'ERR_JWKS_TIMEOUT';\n }\n}\nJWKSTimeout.code = 'ERR_JWKS_TIMEOUT';\nexport class JWSSignatureVerificationFailed extends JOSEError {\n constructor(message = 'signature verification failed', options) {\n super(message, options);\n this.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n }\n}\nJWSSignatureVerificationFailed.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n","import { JOSENotSupported } from '../util/errors.js';\nexport default function subtleDsa(alg, algorithm) {\n const hash = `SHA-${alg.slice(-3)}`;\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n return { hash, name: 'HMAC' };\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return { hash, name: 'RSA-PSS', saltLength: alg.slice(-3) >> 3 };\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return { hash, name: 'RSASSA-PKCS1-v1_5' };\n case 'ES256':\n case 'ES384':\n case 'ES512':\n return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve };\n case 'Ed25519':\n return { name: 'Ed25519' };\n case 'EdDSA':\n return { name: algorithm.name };\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n","export default crypto;\nexport const isCryptoKey = (key) => key instanceof CryptoKey;\n","export default (alg, key) => {\n if (alg.startsWith('RS') || alg.startsWith('PS')) {\n const { modulusLength } = key.algorithm;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);\n }\n }\n};\n","function unusable(name, prop = 'algorithm.name') {\n return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);\n}\nfunction isAlgorithm(algorithm, name) {\n return algorithm.name === name;\n}\nfunction getHashLength(hash) {\n return parseInt(hash.name.slice(4), 10);\n}\nfunction getNamedCurve(alg) {\n switch (alg) {\n case 'ES256':\n return 'P-256';\n case 'ES384':\n return 'P-384';\n case 'ES512':\n return 'P-521';\n default:\n throw new Error('unreachable');\n }\n}\nfunction checkUsage(key, usages) {\n if (usages.length && !usages.some((expected) => key.usages.includes(expected))) {\n let msg = 'CryptoKey does not support this operation, its usages must include ';\n if (usages.length > 2) {\n const last = usages.pop();\n msg += `one of ${usages.join(', ')}, or ${last}.`;\n }\n else if (usages.length === 2) {\n msg += `one of ${usages[0]} or ${usages[1]}.`;\n }\n else {\n msg += `${usages[0]}.`;\n }\n throw new TypeError(msg);\n }\n}\nexport function checkSigCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512': {\n if (!isAlgorithm(key.algorithm, 'HMAC'))\n throw unusable('HMAC');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'RS256':\n case 'RS384':\n case 'RS512': {\n if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5'))\n throw unusable('RSASSA-PKCS1-v1_5');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'PS256':\n case 'PS384':\n case 'PS512': {\n if (!isAlgorithm(key.algorithm, 'RSA-PSS'))\n throw unusable('RSA-PSS');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'EdDSA': {\n if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') {\n throw unusable('Ed25519 or Ed448');\n }\n break;\n }\n case 'Ed25519': {\n if (!isAlgorithm(key.algorithm, 'Ed25519'))\n throw unusable('Ed25519');\n break;\n }\n case 'ES256':\n case 'ES384':\n case 'ES512': {\n if (!isAlgorithm(key.algorithm, 'ECDSA'))\n throw unusable('ECDSA');\n const expected = getNamedCurve(alg);\n const actual = key.algorithm.namedCurve;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.namedCurve');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\nexport function checkEncCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM': {\n if (!isAlgorithm(key.algorithm, 'AES-GCM'))\n throw unusable('AES-GCM');\n const expected = parseInt(alg.slice(1, 4), 10);\n const actual = key.algorithm.length;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.length');\n break;\n }\n case 'A128KW':\n case 'A192KW':\n case 'A256KW': {\n if (!isAlgorithm(key.algorithm, 'AES-KW'))\n throw unusable('AES-KW');\n const expected = parseInt(alg.slice(1, 4), 10);\n const actual = key.algorithm.length;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.length');\n break;\n }\n case 'ECDH': {\n switch (key.algorithm.name) {\n case 'ECDH':\n case 'X25519':\n case 'X448':\n break;\n default:\n throw unusable('ECDH, X25519, or X448');\n }\n break;\n }\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW':\n if (!isAlgorithm(key.algorithm, 'PBKDF2'))\n throw unusable('PBKDF2');\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512': {\n if (!isAlgorithm(key.algorithm, 'RSA-OAEP'))\n throw unusable('RSA-OAEP');\n const expected = parseInt(alg.slice(9), 10) || 1;\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\n","function message(msg, actual, ...types) {\n types = types.filter(Boolean);\n if (types.length > 2) {\n const last = types.pop();\n msg += `one of type ${types.join(', ')}, or ${last}.`;\n }\n else if (types.length === 2) {\n msg += `one of type ${types[0]} or ${types[1]}.`;\n }\n else {\n msg += `of type ${types[0]}.`;\n }\n if (actual == null) {\n msg += ` Received ${actual}`;\n }\n else if (typeof actual === 'function' && actual.name) {\n msg += ` Received function ${actual.name}`;\n }\n else if (typeof actual === 'object' && actual != null) {\n if (actual.constructor?.name) {\n msg += ` Received an instance of ${actual.constructor.name}`;\n }\n }\n return msg;\n}\nexport default (actual, ...types) => {\n return message('Key must be ', actual, ...types);\n};\nexport function withAlg(alg, actual, ...types) {\n return message(`Key for the ${alg} algorithm must be `, actual, ...types);\n}\n","import { isCryptoKey } from './webcrypto.js';\nexport default (key) => {\n if (isCryptoKey(key)) {\n return true;\n }\n return key?.[Symbol.toStringTag] === 'KeyObject';\n};\nexport const types = ['CryptoKey'];\n","function isObjectLike(value) {\n return typeof value === 'object' && value !== null;\n}\nexport default function isObject(input) {\n if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') {\n return false;\n }\n if (Object.getPrototypeOf(input) === null) {\n return true;\n }\n let proto = input;\n while (Object.getPrototypeOf(proto) !== null) {\n proto = Object.getPrototypeOf(proto);\n }\n return Object.getPrototypeOf(input) === proto;\n}\n","import isObject from './is_object.js';\nexport function isJWK(key) {\n return isObject(key) && typeof key.kty === 'string';\n}\nexport function isPrivateJWK(key) {\n return key.kty !== 'oct' && typeof key.d === 'string';\n}\nexport function isPublicJWK(key) {\n return key.kty !== 'oct' && typeof key.d === 'undefined';\n}\nexport function isSecretJWK(key) {\n return isJWK(key) && key.kty === 'oct' && typeof key.k === 'string';\n}\n","import crypto from './webcrypto.js';\nimport { JOSENotSupported } from '../util/errors.js';\nfunction subtleMapping(jwk) {\n let algorithm;\n let keyUsages;\n switch (jwk.kty) {\n case 'RSA': {\n switch (jwk.alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(jwk.alg.slice(-3), 10) || 1}`,\n };\n keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'EC': {\n switch (jwk.alg) {\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: 'ECDH', namedCurve: jwk.crv };\n keyUsages = jwk.d ? ['deriveBits'] : [];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'OKP': {\n switch (jwk.alg) {\n case 'Ed25519':\n algorithm = { name: 'Ed25519' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'EdDSA':\n algorithm = { name: jwk.crv };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: jwk.crv };\n keyUsages = jwk.d ? ['deriveBits'] : [];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"kty\" (Key Type) Parameter value');\n }\n return { algorithm, keyUsages };\n}\nconst parse = async (jwk) => {\n if (!jwk.alg) {\n throw new TypeError('\"alg\" argument is required when \"jwk.alg\" is not present');\n }\n const { algorithm, keyUsages } = subtleMapping(jwk);\n const rest = [\n algorithm,\n jwk.ext ?? false,\n jwk.key_ops ?? keyUsages,\n ];\n const keyData = { ...jwk };\n delete keyData.alg;\n delete keyData.use;\n return crypto.subtle.importKey('jwk', keyData, ...rest);\n};\nexport default parse;\n","import { isJWK } from '../lib/is_jwk.js';\nimport { decode } from './base64url.js';\nimport importJWK from './jwk_to_key.js';\nconst exportKeyValue = (k) => decode(k);\nlet privCache;\nlet pubCache;\nconst isKeyObject = (key) => {\n return key?.[Symbol.toStringTag] === 'KeyObject';\n};\nconst importAndCache = async (cache, key, jwk, alg, freeze = false) => {\n let cached = cache.get(key);\n if (cached?.[alg]) {\n return cached[alg];\n }\n const cryptoKey = await importJWK({ ...jwk, alg });\n if (freeze)\n Object.freeze(key);\n if (!cached) {\n cache.set(key, { [alg]: cryptoKey });\n }\n else {\n cached[alg] = cryptoKey;\n }\n return cryptoKey;\n};\nconst normalizePublicKey = (key, alg) => {\n if (isKeyObject(key)) {\n let jwk = key.export({ format: 'jwk' });\n delete jwk.d;\n delete jwk.dp;\n delete jwk.dq;\n delete jwk.p;\n delete jwk.q;\n delete jwk.qi;\n if (jwk.k) {\n return exportKeyValue(jwk.k);\n }\n pubCache || (pubCache = new WeakMap());\n return importAndCache(pubCache, key, jwk, alg);\n }\n if (isJWK(key)) {\n if (key.k)\n return decode(key.k);\n pubCache || (pubCache = new WeakMap());\n const cryptoKey = importAndCache(pubCache, key, key, alg, true);\n return cryptoKey;\n }\n return key;\n};\nconst normalizePrivateKey = (key, alg) => {\n if (isKeyObject(key)) {\n let jwk = key.export({ format: 'jwk' });\n if (jwk.k) {\n return exportKeyValue(jwk.k);\n }\n privCache || (privCache = new WeakMap());\n return importAndCache(privCache, key, jwk, alg);\n }\n if (isJWK(key)) {\n if (key.k)\n return decode(key.k);\n privCache || (privCache = new WeakMap());\n const cryptoKey = importAndCache(privCache, key, key, alg, true);\n return cryptoKey;\n }\n return key;\n};\nexport default { normalizePublicKey, normalizePrivateKey };\n","import crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkSigCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nimport normalize from './normalize_key.js';\nexport default async function getCryptoKey(alg, key, usage) {\n if (usage === 'sign') {\n key = await normalize.normalizePrivateKey(key, alg);\n }\n if (usage === 'verify') {\n key = await normalize.normalizePublicKey(key, alg);\n }\n if (isCryptoKey(key)) {\n checkSigCryptoKey(key, alg, usage);\n return key;\n }\n if (key instanceof Uint8Array) {\n if (!alg.startsWith('HS')) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n return crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.slice(-3)}`, name: 'HMAC' }, false, [usage]);\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array', 'JSON Web Key'));\n}\n","import subtleAlgorithm from './subtle_dsa.js';\nimport crypto from './webcrypto.js';\nimport checkKeyLength from './check_key_length.js';\nimport getVerifyKey from './get_sign_verify_key.js';\nconst verify = async (alg, key, signature, data) => {\n const cryptoKey = await getVerifyKey(alg, key, 'verify');\n checkKeyLength(alg, cryptoKey);\n const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm);\n try {\n return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);\n }\n catch {\n return false;\n }\n};\nexport default verify;\n","const isDisjoint = (...headers) => {\n const sources = headers.filter(Boolean);\n if (sources.length === 0 || sources.length === 1) {\n return true;\n }\n let acc;\n for (const header of sources) {\n const parameters = Object.keys(header);\n if (!acc || acc.size === 0) {\n acc = new Set(parameters);\n continue;\n }\n for (const parameter of parameters) {\n if (acc.has(parameter)) {\n return false;\n }\n acc.add(parameter);\n }\n }\n return true;\n};\nexport default isDisjoint;\n","import { withAlg as invalidKeyInput } from './invalid_key_input.js';\nimport isKeyLike, { types } from '../runtime/is_key_like.js';\nimport * as jwk from './is_jwk.js';\nconst tag = (key) => key?.[Symbol.toStringTag];\nconst jwkMatchesOp = (alg, key, usage) => {\n if (key.use !== undefined && key.use !== 'sig') {\n throw new TypeError('Invalid key for this operation, when present its use must be sig');\n }\n if (key.key_ops !== undefined && key.key_ops.includes?.(usage) !== true) {\n throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${usage}`);\n }\n if (key.alg !== undefined && key.alg !== alg) {\n throw new TypeError(`Invalid key for this operation, when present its alg must be ${alg}`);\n }\n return true;\n};\nconst symmetricTypeCheck = (alg, key, usage, allowJwk) => {\n if (key instanceof Uint8Array)\n return;\n if (allowJwk && jwk.isJWK(key)) {\n if (jwk.isSecretJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for symmetric algorithms must have JWK \"kty\" (Key Type) equal to \"oct\" and the JWK \"k\" (Key Value) present`);\n }\n if (!isKeyLike(key)) {\n throw new TypeError(invalidKeyInput(alg, key, ...types, 'Uint8Array', allowJwk ? 'JSON Web Key' : null));\n }\n if (key.type !== 'secret') {\n throw new TypeError(`${tag(key)} instances for symmetric algorithms must be of type \"secret\"`);\n }\n};\nconst asymmetricTypeCheck = (alg, key, usage, allowJwk) => {\n if (allowJwk && jwk.isJWK(key)) {\n switch (usage) {\n case 'sign':\n if (jwk.isPrivateJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for this operation be a private JWK`);\n case 'verify':\n if (jwk.isPublicJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for this operation be a public JWK`);\n }\n }\n if (!isKeyLike(key)) {\n throw new TypeError(invalidKeyInput(alg, key, ...types, allowJwk ? 'JSON Web Key' : null));\n }\n if (key.type === 'secret') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithms must not be of type \"secret\"`);\n }\n if (usage === 'sign' && key.type === 'public') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm signing must be of type \"private\"`);\n }\n if (usage === 'decrypt' && key.type === 'public') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm decryption must be of type \"private\"`);\n }\n if (key.algorithm && usage === 'verify' && key.type === 'private') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm verifying must be of type \"public\"`);\n }\n if (key.algorithm && usage === 'encrypt' && key.type === 'private') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm encryption must be of type \"public\"`);\n }\n};\nfunction checkKeyType(allowJwk, alg, key, usage) {\n const symmetric = alg.startsWith('HS') ||\n alg === 'dir' ||\n alg.startsWith('PBES2') ||\n /^A\\d{3}(?:GCM)?KW$/.test(alg);\n if (symmetric) {\n symmetricTypeCheck(alg, key, usage, allowJwk);\n }\n else {\n asymmetricTypeCheck(alg, key, usage, allowJwk);\n }\n}\nexport default checkKeyType.bind(undefined, false);\nexport const checkKeyTypeWithJwk = checkKeyType.bind(undefined, true);\n","import { JOSENotSupported } from '../util/errors.js';\nfunction validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {\n if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be integrity protected');\n }\n if (!protectedHeader || protectedHeader.crit === undefined) {\n return new Set();\n }\n if (!Array.isArray(protectedHeader.crit) ||\n protectedHeader.crit.length === 0 ||\n protectedHeader.crit.some((input) => typeof input !== 'string' || input.length === 0)) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present');\n }\n let recognized;\n if (recognizedOption !== undefined) {\n recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);\n }\n else {\n recognized = recognizedDefault;\n }\n for (const parameter of protectedHeader.crit) {\n if (!recognized.has(parameter)) {\n throw new JOSENotSupported(`Extension Header Parameter \"${parameter}\" is not recognized`);\n }\n if (joseHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" is missing`);\n }\n if (recognized.get(parameter) && protectedHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" MUST be integrity protected`);\n }\n }\n return new Set(protectedHeader.crit);\n}\nexport default validateCrit;\n","const validateAlgorithms = (option, algorithms) => {\n if (algorithms !== undefined &&\n (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== 'string'))) {\n throw new TypeError(`\"${option}\" option must be an array of strings`);\n }\n if (!algorithms) {\n return undefined;\n }\n return new Set(algorithms);\n};\nexport default validateAlgorithms;\n","import { decode as decodeBase64URL } from '../runtime/base64url.js';\nimport { fromSPKI, fromPKCS8, fromX509 } from '../runtime/asn1.js';\nimport asKeyObject from '../runtime/jwk_to_key.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport isObject from '../lib/is_object.js';\nexport async function importSPKI(spki, alg, options) {\n if (typeof spki !== 'string' || spki.indexOf('-----BEGIN PUBLIC KEY-----') !== 0) {\n throw new TypeError('\"spki\" must be SPKI formatted string');\n }\n return fromSPKI(spki, alg, options);\n}\nexport async function importX509(x509, alg, options) {\n if (typeof x509 !== 'string' || x509.indexOf('-----BEGIN CERTIFICATE-----') !== 0) {\n throw new TypeError('\"x509\" must be X.509 formatted string');\n }\n return fromX509(x509, alg, options);\n}\nexport async function importPKCS8(pkcs8, alg, options) {\n if (typeof pkcs8 !== 'string' || pkcs8.indexOf('-----BEGIN PRIVATE KEY-----') !== 0) {\n throw new TypeError('\"pkcs8\" must be PKCS#8 formatted string');\n }\n return fromPKCS8(pkcs8, alg, options);\n}\nexport async function importJWK(jwk, alg) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n alg || (alg = jwk.alg);\n switch (jwk.kty) {\n case 'oct':\n if (typeof jwk.k !== 'string' || !jwk.k) {\n throw new TypeError('missing \"k\" (Key Value) Parameter value');\n }\n return decodeBase64URL(jwk.k);\n case 'RSA':\n if ('oth' in jwk && jwk.oth !== undefined) {\n throw new JOSENotSupported('RSA JWK \"oth\" (Other Primes Info) Parameter value is not supported');\n }\n case 'EC':\n case 'OKP':\n return asKeyObject({ ...jwk, alg });\n default:\n throw new JOSENotSupported('Unsupported \"kty\" (Key Type) Parameter value');\n }\n}\n","import { decode as base64url } from '../../runtime/base64url.js';\nimport verify from '../../runtime/verify.js';\nimport { JOSEAlgNotAllowed, JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.js';\nimport { concat, encoder, decoder } from '../../lib/buffer_utils.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport isObject from '../../lib/is_object.js';\nimport { checkKeyTypeWithJwk } from '../../lib/check_key_type.js';\nimport validateCrit from '../../lib/validate_crit.js';\nimport validateAlgorithms from '../../lib/validate_algorithms.js';\nimport { isJWK } from '../../lib/is_jwk.js';\nimport { importJWK } from '../../key/import.js';\nexport async function flattenedVerify(jws, key, options) {\n if (!isObject(jws)) {\n throw new JWSInvalid('Flattened JWS must be an object');\n }\n if (jws.protected === undefined && jws.header === undefined) {\n throw new JWSInvalid('Flattened JWS must have either of the \"protected\" or \"header\" members');\n }\n if (jws.protected !== undefined && typeof jws.protected !== 'string') {\n throw new JWSInvalid('JWS Protected Header incorrect type');\n }\n if (jws.payload === undefined) {\n throw new JWSInvalid('JWS Payload missing');\n }\n if (typeof jws.signature !== 'string') {\n throw new JWSInvalid('JWS Signature missing or incorrect type');\n }\n if (jws.header !== undefined && !isObject(jws.header)) {\n throw new JWSInvalid('JWS Unprotected Header incorrect type');\n }\n let parsedProt = {};\n if (jws.protected) {\n try {\n const protectedHeader = base64url(jws.protected);\n parsedProt = JSON.parse(decoder.decode(protectedHeader));\n }\n catch {\n throw new JWSInvalid('JWS Protected Header is invalid');\n }\n }\n if (!isDisjoint(parsedProt, jws.header)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...parsedProt,\n ...jws.header,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, parsedProt, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = parsedProt.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n const algorithms = options && validateAlgorithms('algorithms', options.algorithms);\n if (algorithms && !algorithms.has(alg)) {\n throw new JOSEAlgNotAllowed('\"alg\" (Algorithm) Header Parameter value not allowed');\n }\n if (b64) {\n if (typeof jws.payload !== 'string') {\n throw new JWSInvalid('JWS Payload must be a string');\n }\n }\n else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) {\n throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance');\n }\n let resolvedKey = false;\n if (typeof key === 'function') {\n key = await key(parsedProt, jws);\n resolvedKey = true;\n checkKeyTypeWithJwk(alg, key, 'verify');\n if (isJWK(key)) {\n key = await importJWK(key, alg);\n }\n }\n else {\n checkKeyTypeWithJwk(alg, key, 'verify');\n }\n const data = concat(encoder.encode(jws.protected ?? ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);\n let signature;\n try {\n signature = base64url(jws.signature);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the signature');\n }\n const verified = await verify(alg, key, signature, data);\n if (!verified) {\n throw new JWSSignatureVerificationFailed();\n }\n let payload;\n if (b64) {\n try {\n payload = base64url(jws.payload);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the payload');\n }\n }\n else if (typeof jws.payload === 'string') {\n payload = encoder.encode(jws.payload);\n }\n else {\n payload = jws.payload;\n }\n const result = { payload };\n if (jws.protected !== undefined) {\n result.protectedHeader = parsedProt;\n }\n if (jws.header !== undefined) {\n result.unprotectedHeader = jws.header;\n }\n if (resolvedKey) {\n return { ...result, key };\n }\n return result;\n}\n","import { flattenedVerify } from '../flattened/verify.js';\nimport { JWSInvalid } from '../../util/errors.js';\nimport { decoder } from '../../lib/buffer_utils.js';\nexport async function compactVerify(jws, key, options) {\n if (jws instanceof Uint8Array) {\n jws = decoder.decode(jws);\n }\n if (typeof jws !== 'string') {\n throw new JWSInvalid('Compact JWS must be a string or Uint8Array');\n }\n const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split('.');\n if (length !== 3) {\n throw new JWSInvalid('Invalid Compact JWS');\n }\n const verified = await flattenedVerify({ payload, protected: protectedHeader, signature }, key, options);\n const result = { payload: verified.payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n","export default (date) => Math.floor(date.getTime() / 1000);\n","const minute = 60;\nconst hour = minute * 60;\nconst day = hour * 24;\nconst week = day * 7;\nconst year = day * 365.25;\nconst REGEX = /^(\\+|\\-)? ?(\\d+|\\d+\\.\\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;\nexport default (str) => {\n const matched = REGEX.exec(str);\n if (!matched || (matched[4] && matched[1])) {\n throw new TypeError('Invalid time period format');\n }\n const value = parseFloat(matched[2]);\n const unit = matched[3].toLowerCase();\n let numericDate;\n switch (unit) {\n case 'sec':\n case 'secs':\n case 'second':\n case 'seconds':\n case 's':\n numericDate = Math.round(value);\n break;\n case 'minute':\n case 'minutes':\n case 'min':\n case 'mins':\n case 'm':\n numericDate = Math.round(value * minute);\n break;\n case 'hour':\n case 'hours':\n case 'hr':\n case 'hrs':\n case 'h':\n numericDate = Math.round(value * hour);\n break;\n case 'day':\n case 'days':\n case 'd':\n numericDate = Math.round(value * day);\n break;\n case 'week':\n case 'weeks':\n case 'w':\n numericDate = Math.round(value * week);\n break;\n default:\n numericDate = Math.round(value * year);\n break;\n }\n if (matched[1] === '-' || matched[4] === 'ago') {\n return -numericDate;\n }\n return numericDate;\n};\n","import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js';\nimport { decoder } from './buffer_utils.js';\nimport epoch from './epoch.js';\nimport secs from './secs.js';\nimport isObject from './is_object.js';\nconst normalizeTyp = (value) => value.toLowerCase().replace(/^application\\//, '');\nconst checkAudiencePresence = (audPayload, audOption) => {\n if (typeof audPayload === 'string') {\n return audOption.includes(audPayload);\n }\n if (Array.isArray(audPayload)) {\n return audOption.some(Set.prototype.has.bind(new Set(audPayload)));\n }\n return false;\n};\nexport default (protectedHeader, encodedPayload, options = {}) => {\n let payload;\n try {\n payload = JSON.parse(decoder.decode(encodedPayload));\n }\n catch {\n }\n if (!isObject(payload)) {\n throw new JWTInvalid('JWT Claims Set must be a top-level JSON object');\n }\n const { typ } = options;\n if (typ &&\n (typeof protectedHeader.typ !== 'string' ||\n normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {\n throw new JWTClaimValidationFailed('unexpected \"typ\" JWT header value', payload, 'typ', 'check_failed');\n }\n const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;\n const presenceCheck = [...requiredClaims];\n if (maxTokenAge !== undefined)\n presenceCheck.push('iat');\n if (audience !== undefined)\n presenceCheck.push('aud');\n if (subject !== undefined)\n presenceCheck.push('sub');\n if (issuer !== undefined)\n presenceCheck.push('iss');\n for (const claim of new Set(presenceCheck.reverse())) {\n if (!(claim in payload)) {\n throw new JWTClaimValidationFailed(`missing required \"${claim}\" claim`, payload, claim, 'missing');\n }\n }\n if (issuer &&\n !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {\n throw new JWTClaimValidationFailed('unexpected \"iss\" claim value', payload, 'iss', 'check_failed');\n }\n if (subject && payload.sub !== subject) {\n throw new JWTClaimValidationFailed('unexpected \"sub\" claim value', payload, 'sub', 'check_failed');\n }\n if (audience &&\n !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {\n throw new JWTClaimValidationFailed('unexpected \"aud\" claim value', payload, 'aud', 'check_failed');\n }\n let tolerance;\n switch (typeof options.clockTolerance) {\n case 'string':\n tolerance = secs(options.clockTolerance);\n break;\n case 'number':\n tolerance = options.clockTolerance;\n break;\n case 'undefined':\n tolerance = 0;\n break;\n default:\n throw new TypeError('Invalid clockTolerance option type');\n }\n const { currentDate } = options;\n const now = epoch(currentDate || new Date());\n if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') {\n throw new JWTClaimValidationFailed('\"iat\" claim must be a number', payload, 'iat', 'invalid');\n }\n if (payload.nbf !== undefined) {\n if (typeof payload.nbf !== 'number') {\n throw new JWTClaimValidationFailed('\"nbf\" claim must be a number', payload, 'nbf', 'invalid');\n }\n if (payload.nbf > now + tolerance) {\n throw new JWTClaimValidationFailed('\"nbf\" claim timestamp check failed', payload, 'nbf', 'check_failed');\n }\n }\n if (payload.exp !== undefined) {\n if (typeof payload.exp !== 'number') {\n throw new JWTClaimValidationFailed('\"exp\" claim must be a number', payload, 'exp', 'invalid');\n }\n if (payload.exp <= now - tolerance) {\n throw new JWTExpired('\"exp\" claim timestamp check failed', payload, 'exp', 'check_failed');\n }\n }\n if (maxTokenAge) {\n const age = now - payload.iat;\n const max = typeof maxTokenAge === 'number' ? maxTokenAge : secs(maxTokenAge);\n if (age - tolerance > max) {\n throw new JWTExpired('\"iat\" claim timestamp check failed (too far in the past)', payload, 'iat', 'check_failed');\n }\n if (age < 0 - tolerance) {\n throw new JWTClaimValidationFailed('\"iat\" claim timestamp check failed (it should be in the past)', payload, 'iat', 'check_failed');\n }\n }\n return payload;\n};\n","import { compactVerify } from '../jws/compact/verify.js';\nimport jwtPayload from '../lib/jwt_claims_set.js';\nimport { JWTInvalid } from '../util/errors.js';\nexport async function jwtVerify(jwt, key, options) {\n const verified = await compactVerify(jwt, key, options);\n if (verified.protectedHeader.crit?.includes('b64') && verified.protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n const payload = jwtPayload(verified.protectedHeader, verified.payload, options);\n const result = { payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n","import { JOSEError, JWKSTimeout } from '../util/errors.js';\nconst fetchJwks = async (url, timeout, options) => {\n let controller;\n let id;\n let timedOut = false;\n if (typeof AbortController === 'function') {\n controller = new AbortController();\n id = setTimeout(() => {\n timedOut = true;\n controller.abort();\n }, timeout);\n }\n const response = await fetch(url.href, {\n signal: controller ? controller.signal : undefined,\n redirect: 'manual',\n headers: options.headers,\n }).catch((err) => {\n if (timedOut)\n throw new JWKSTimeout();\n throw err;\n });\n if (id !== undefined)\n clearTimeout(id);\n if (response.status !== 200) {\n throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');\n }\n try {\n return await response.json();\n }\n catch {\n throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');\n }\n};\nexport default fetchJwks;\n","import { importJWK } from '../key/import.js';\nimport { JWKSInvalid, JOSENotSupported, JWKSNoMatchingKey, JWKSMultipleMatchingKeys, } from '../util/errors.js';\nimport isObject from '../lib/is_object.js';\nfunction getKtyFromAlg(alg) {\n switch (typeof alg === 'string' && alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n return 'RSA';\n case 'ES':\n return 'EC';\n case 'Ed':\n return 'OKP';\n default:\n throw new JOSENotSupported('Unsupported \"alg\" value for a JSON Web Key Set');\n }\n}\nfunction isJWKSLike(jwks) {\n return (jwks &&\n typeof jwks === 'object' &&\n Array.isArray(jwks.keys) &&\n jwks.keys.every(isJWKLike));\n}\nfunction isJWKLike(key) {\n return isObject(key);\n}\nfunction clone(obj) {\n if (typeof structuredClone === 'function') {\n return structuredClone(obj);\n }\n return JSON.parse(JSON.stringify(obj));\n}\nclass LocalJWKSet {\n constructor(jwks) {\n this._cached = new WeakMap();\n if (!isJWKSLike(jwks)) {\n throw new JWKSInvalid('JSON Web Key Set malformed');\n }\n this._jwks = clone(jwks);\n }\n async getKey(protectedHeader, token) {\n const { alg, kid } = { ...protectedHeader, ...token?.header };\n const kty = getKtyFromAlg(alg);\n const candidates = this._jwks.keys.filter((jwk) => {\n let candidate = kty === jwk.kty;\n if (candidate && typeof kid === 'string') {\n candidate = kid === jwk.kid;\n }\n if (candidate && typeof jwk.alg === 'string') {\n candidate = alg === jwk.alg;\n }\n if (candidate && typeof jwk.use === 'string') {\n candidate = jwk.use === 'sig';\n }\n if (candidate && Array.isArray(jwk.key_ops)) {\n candidate = jwk.key_ops.includes('verify');\n }\n if (candidate) {\n switch (alg) {\n case 'ES256':\n candidate = jwk.crv === 'P-256';\n break;\n case 'ES256K':\n candidate = jwk.crv === 'secp256k1';\n break;\n case 'ES384':\n candidate = jwk.crv === 'P-384';\n break;\n case 'ES512':\n candidate = jwk.crv === 'P-521';\n break;\n case 'Ed25519':\n candidate = jwk.crv === 'Ed25519';\n break;\n case 'EdDSA':\n candidate = jwk.crv === 'Ed25519' || jwk.crv === 'Ed448';\n break;\n }\n }\n return candidate;\n });\n const { 0: jwk, length } = candidates;\n if (length === 0) {\n throw new JWKSNoMatchingKey();\n }\n if (length !== 1) {\n const error = new JWKSMultipleMatchingKeys();\n const { _cached } = this;\n error[Symbol.asyncIterator] = async function* () {\n for (const jwk of candidates) {\n try {\n yield await importWithAlgCache(_cached, jwk, alg);\n }\n catch { }\n }\n };\n throw error;\n }\n return importWithAlgCache(this._cached, jwk, alg);\n }\n}\nasync function importWithAlgCache(cache, jwk, alg) {\n const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk);\n if (cached[alg] === undefined) {\n const key = await importJWK({ ...jwk, ext: true }, alg);\n if (key instanceof Uint8Array || key.type !== 'public') {\n throw new JWKSInvalid('JSON Web Key Set members must be public keys');\n }\n cached[alg] = key;\n }\n return cached[alg];\n}\nexport function createLocalJWKSet(jwks) {\n const set = new LocalJWKSet(jwks);\n const localJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);\n Object.defineProperties(localJWKSet, {\n jwks: {\n value: () => clone(set._jwks),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n });\n return localJWKSet;\n}\n","import fetchJwks from '../runtime/fetch_jwks.js';\nimport { JWKSNoMatchingKey } from '../util/errors.js';\nimport { createLocalJWKSet } from './local.js';\nimport isObject from '../lib/is_object.js';\nfunction isCloudflareWorkers() {\n return (typeof WebSocketPair !== 'undefined' ||\n (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') ||\n (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel'));\n}\nlet USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'jose';\n const VERSION = 'v5.10.0';\n USER_AGENT = `${NAME}/${VERSION}`;\n}\nexport const jwksCache = Symbol();\nfunction isFreshJwksCache(input, cacheMaxAge) {\n if (typeof input !== 'object' || input === null) {\n return false;\n }\n if (!('uat' in input) || typeof input.uat !== 'number' || Date.now() - input.uat >= cacheMaxAge) {\n return false;\n }\n if (!('jwks' in input) ||\n !isObject(input.jwks) ||\n !Array.isArray(input.jwks.keys) ||\n !Array.prototype.every.call(input.jwks.keys, isObject)) {\n return false;\n }\n return true;\n}\nclass RemoteJWKSet {\n constructor(url, options) {\n if (!(url instanceof URL)) {\n throw new TypeError('url must be an instance of URL');\n }\n this._url = new URL(url.href);\n this._options = { agent: options?.agent, headers: options?.headers };\n this._timeoutDuration =\n typeof options?.timeoutDuration === 'number' ? options?.timeoutDuration : 5000;\n this._cooldownDuration =\n typeof options?.cooldownDuration === 'number' ? options?.cooldownDuration : 30000;\n this._cacheMaxAge = typeof options?.cacheMaxAge === 'number' ? options?.cacheMaxAge : 600000;\n if (options?.[jwksCache] !== undefined) {\n this._cache = options?.[jwksCache];\n if (isFreshJwksCache(options?.[jwksCache], this._cacheMaxAge)) {\n this._jwksTimestamp = this._cache.uat;\n this._local = createLocalJWKSet(this._cache.jwks);\n }\n }\n }\n coolingDown() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cooldownDuration\n : false;\n }\n fresh() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cacheMaxAge\n : false;\n }\n async getKey(protectedHeader, token) {\n if (!this._local || !this.fresh()) {\n await this.reload();\n }\n try {\n return await this._local(protectedHeader, token);\n }\n catch (err) {\n if (err instanceof JWKSNoMatchingKey) {\n if (this.coolingDown() === false) {\n await this.reload();\n return this._local(protectedHeader, token);\n }\n }\n throw err;\n }\n }\n async reload() {\n if (this._pendingFetch && isCloudflareWorkers()) {\n this._pendingFetch = undefined;\n }\n const headers = new Headers(this._options.headers);\n if (USER_AGENT && !headers.has('User-Agent')) {\n headers.set('User-Agent', USER_AGENT);\n this._options.headers = Object.fromEntries(headers.entries());\n }\n this._pendingFetch || (this._pendingFetch = fetchJwks(this._url, this._timeoutDuration, this._options)\n .then((json) => {\n this._local = createLocalJWKSet(json);\n if (this._cache) {\n this._cache.uat = Date.now();\n this._cache.jwks = json;\n }\n this._jwksTimestamp = Date.now();\n this._pendingFetch = undefined;\n })\n .catch((err) => {\n this._pendingFetch = undefined;\n throw err;\n }));\n await this._pendingFetch;\n }\n}\nexport function createRemoteJWKSet(url, options) {\n const set = new RemoteJWKSet(url, options);\n const remoteJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);\n Object.defineProperties(remoteJWKSet, {\n coolingDown: {\n get: () => set.coolingDown(),\n enumerable: true,\n configurable: false,\n },\n fresh: {\n get: () => set.fresh(),\n enumerable: true,\n configurable: false,\n },\n reload: {\n value: () => set.reload(),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n reloading: {\n get: () => !!set._pendingFetch,\n enumerable: true,\n configurable: false,\n },\n jwks: {\n value: () => set._local?.jwks(),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n });\n return remoteJWKSet;\n}\nexport const experimental_jwksCache = jwksCache;\n","import crypto, { isCryptoKey } from './webcrypto.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { encode as base64url } from './base64url.js';\nimport { types } from './is_key_like.js';\nconst keyToJWK = async (key) => {\n if (key instanceof Uint8Array) {\n return {\n kty: 'oct',\n k: base64url(key),\n };\n }\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n }\n if (!key.extractable) {\n throw new TypeError('non-extractable CryptoKey cannot be exported as a JWK');\n }\n const { ext, key_ops, alg, use, ...jwk } = await crypto.subtle.exportKey('jwk', key);\n return jwk;\n};\nexport default keyToJWK;\n","import { toSPKI as exportPublic } from '../runtime/asn1.js';\nimport { toPKCS8 as exportPrivate } from '../runtime/asn1.js';\nimport keyToJWK from '../runtime/key_to_jwk.js';\nexport async function exportSPKI(key) {\n return exportPublic(key);\n}\nexport async function exportPKCS8(key) {\n return exportPrivate(key);\n}\nexport async function exportJWK(key) {\n return keyToJWK(key);\n}\n","import subtleAlgorithm from './subtle_dsa.js';\nimport crypto from './webcrypto.js';\nimport checkKeyLength from './check_key_length.js';\nimport getSignKey from './get_sign_verify_key.js';\nconst sign = async (alg, key, data) => {\n const cryptoKey = await getSignKey(alg, key, 'sign');\n checkKeyLength(alg, cryptoKey);\n const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm), cryptoKey, data);\n return new Uint8Array(signature);\n};\nexport default sign;\n","import { encode as base64url } from '../../runtime/base64url.js';\nimport sign from '../../runtime/sign.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport { JWSInvalid } from '../../util/errors.js';\nimport { encoder, decoder, concat } from '../../lib/buffer_utils.js';\nimport { checkKeyTypeWithJwk } from '../../lib/check_key_type.js';\nimport validateCrit from '../../lib/validate_crit.js';\nexport class FlattenedSign {\n constructor(payload) {\n if (!(payload instanceof Uint8Array)) {\n throw new TypeError('payload must be an instance of Uint8Array');\n }\n this._payload = payload;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = unprotectedHeader;\n return this;\n }\n async sign(key, options) {\n if (!this._protectedHeader && !this._unprotectedHeader) {\n throw new JWSInvalid('either setProtectedHeader or setUnprotectedHeader must be called before #sign()');\n }\n if (!isDisjoint(this._protectedHeader, this._unprotectedHeader)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, this._protectedHeader, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = this._protectedHeader.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n checkKeyTypeWithJwk(alg, key, 'sign');\n let payload = this._payload;\n if (b64) {\n payload = encoder.encode(base64url(payload));\n }\n let protectedHeader;\n if (this._protectedHeader) {\n protectedHeader = encoder.encode(base64url(JSON.stringify(this._protectedHeader)));\n }\n else {\n protectedHeader = encoder.encode('');\n }\n const data = concat(protectedHeader, encoder.encode('.'), payload);\n const signature = await sign(alg, key, data);\n const jws = {\n signature: base64url(signature),\n payload: '',\n };\n if (b64) {\n jws.payload = decoder.decode(payload);\n }\n if (this._unprotectedHeader) {\n jws.header = this._unprotectedHeader;\n }\n if (this._protectedHeader) {\n jws.protected = decoder.decode(protectedHeader);\n }\n return jws;\n }\n}\n","import { FlattenedSign } from '../flattened/sign.js';\nexport class CompactSign {\n constructor(payload) {\n this._flattened = new FlattenedSign(payload);\n }\n setProtectedHeader(protectedHeader) {\n this._flattened.setProtectedHeader(protectedHeader);\n return this;\n }\n async sign(key, options) {\n const jws = await this._flattened.sign(key, options);\n if (jws.payload === undefined) {\n throw new TypeError('use the flattened module for creating JWS with b64: false');\n }\n return `${jws.protected}.${jws.payload}.${jws.signature}`;\n }\n}\n","import epoch from '../lib/epoch.js';\nimport isObject from '../lib/is_object.js';\nimport secs from '../lib/secs.js';\nfunction validateInput(label, input) {\n if (!Number.isFinite(input)) {\n throw new TypeError(`Invalid ${label} input`);\n }\n return input;\n}\nexport class ProduceJWT {\n constructor(payload = {}) {\n if (!isObject(payload)) {\n throw new TypeError('JWT Claims Set MUST be an object');\n }\n this._payload = payload;\n }\n setIssuer(issuer) {\n this._payload = { ...this._payload, iss: issuer };\n return this;\n }\n setSubject(subject) {\n this._payload = { ...this._payload, sub: subject };\n return this;\n }\n setAudience(audience) {\n this._payload = { ...this._payload, aud: audience };\n return this;\n }\n setJti(jwtId) {\n this._payload = { ...this._payload, jti: jwtId };\n return this;\n }\n setNotBefore(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, nbf: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setExpirationTime(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, exp: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setIssuedAt(input) {\n if (typeof input === 'undefined') {\n this._payload = { ...this._payload, iat: epoch(new Date()) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', epoch(input)) };\n }\n else if (typeof input === 'string') {\n this._payload = {\n ...this._payload,\n iat: validateInput('setIssuedAt', epoch(new Date()) + secs(input)),\n };\n }\n else {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', input) };\n }\n return this;\n }\n}\n","import { CompactSign } from '../jws/compact/sign.js';\nimport { JWTInvalid } from '../util/errors.js';\nimport { encoder } from '../lib/buffer_utils.js';\nimport { ProduceJWT } from './produce.js';\nexport class SignJWT extends ProduceJWT {\n setProtectedHeader(protectedHeader) {\n this._protectedHeader = protectedHeader;\n return this;\n }\n async sign(key, options) {\n const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));\n sig.setProtectedHeader(this._protectedHeader);\n if (Array.isArray(this._protectedHeader?.crit) &&\n this._protectedHeader.crit.includes('b64') &&\n this._protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n return sig.sign(key, options);\n }\n}\n","import crypto from './webcrypto.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport random from './random.js';\nexport async function generateSecret(alg, options) {\n let length;\n let algorithm;\n let keyUsages;\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n length = parseInt(alg.slice(-3), 10);\n algorithm = { name: 'HMAC', hash: `SHA-${length}`, length };\n keyUsages = ['sign', 'verify'];\n break;\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n length = parseInt(alg.slice(-3), 10);\n return random(new Uint8Array(length >> 3));\n case 'A128KW':\n case 'A192KW':\n case 'A256KW':\n length = parseInt(alg.slice(1, 4), 10);\n algorithm = { name: 'AES-KW', length };\n keyUsages = ['wrapKey', 'unwrapKey'];\n break;\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW':\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n length = parseInt(alg.slice(1, 4), 10);\n algorithm = { name: 'AES-GCM', length };\n keyUsages = ['encrypt', 'decrypt'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);\n}\nfunction getModulusLengthOption(options) {\n const modulusLength = options?.modulusLength ?? 2048;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');\n }\n return modulusLength;\n}\nexport async function generateKeyPair(alg, options) {\n let algorithm;\n let keyUsages;\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['decrypt', 'unwrapKey', 'encrypt', 'wrapKey'];\n break;\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'Ed25519':\n algorithm = { name: 'Ed25519' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'EdDSA': {\n keyUsages = ['sign', 'verify'];\n const crv = options?.crv ?? 'Ed25519';\n switch (crv) {\n case 'Ed25519':\n case 'Ed448':\n algorithm = { name: crv };\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided');\n }\n break;\n }\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n keyUsages = ['deriveKey', 'deriveBits'];\n const crv = options?.crv ?? 'P-256';\n switch (crv) {\n case 'P-256':\n case 'P-384':\n case 'P-521': {\n algorithm = { name: 'ECDH', namedCurve: crv };\n break;\n }\n case 'X25519':\n case 'X448':\n algorithm = { name: crv };\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');\n }\n break;\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);\n}\n","import { generateKeyPair as generate } from '../runtime/generate.js';\nexport async function generateKeyPair(alg, options) {\n return generate(alg, options);\n}\n","const randomUUID = typeof crypto !== 'undefined' && crypto.randomUUID && crypto.randomUUID.bind(crypto);\nexport default { randomUUID };\n","let getRandomValues;\nconst rnds8 = new Uint8Array(16);\nexport default function rng() {\n if (!getRandomValues) {\n if (typeof crypto === 'undefined' || !crypto.getRandomValues) {\n throw new Error('crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported');\n }\n getRandomValues = crypto.getRandomValues.bind(crypto);\n }\n return getRandomValues(rnds8);\n}\n","import validate from './validate.js';\nconst byteToHex = [];\nfor (let i = 0; i < 256; ++i) {\n byteToHex.push((i + 0x100).toString(16).slice(1));\n}\nexport function unsafeStringify(arr, offset = 0) {\n return (byteToHex[arr[offset + 0]] +\n byteToHex[arr[offset + 1]] +\n byteToHex[arr[offset + 2]] +\n byteToHex[arr[offset + 3]] +\n '-' +\n byteToHex[arr[offset + 4]] +\n byteToHex[arr[offset + 5]] +\n '-' +\n byteToHex[arr[offset + 6]] +\n byteToHex[arr[offset + 7]] +\n '-' +\n byteToHex[arr[offset + 8]] +\n byteToHex[arr[offset + 9]] +\n '-' +\n byteToHex[arr[offset + 10]] +\n byteToHex[arr[offset + 11]] +\n byteToHex[arr[offset + 12]] +\n byteToHex[arr[offset + 13]] +\n byteToHex[arr[offset + 14]] +\n byteToHex[arr[offset + 15]]).toLowerCase();\n}\nfunction stringify(arr, offset = 0) {\n const uuid = unsafeStringify(arr, offset);\n if (!validate(uuid)) {\n throw TypeError('Stringified UUID is invalid');\n }\n return uuid;\n}\nexport default stringify;\n","import native from './native.js';\nimport rng from './rng.js';\nimport { unsafeStringify } from './stringify.js';\nfunction v4(options, buf, offset) {\n if (native.randomUUID && !buf && !options) {\n return native.randomUUID();\n }\n options = options || {};\n const rnds = options.random ?? options.rng?.() ?? rng();\n if (rnds.length < 16) {\n throw new Error('Random bytes length must be >= 16');\n }\n rnds[6] = (rnds[6] & 0x0f) | 0x40;\n rnds[8] = (rnds[8] & 0x3f) | 0x80;\n if (buf) {\n offset = offset || 0;\n if (offset < 0 || offset + 16 > buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n }\n for (let i = 0; i < 16; ++i) {\n buf[offset + i] = rnds[i];\n }\n return buf;\n }\n return unsafeStringify(rnds);\n}\nexport default v4;\n","import { jwtVerify, createRemoteJWKSet, exportJWK, SignJWT, generateKeyPair } from 'jose';\nimport { v4 } from 'uuid';\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * Intended to be used by dependent packages as a common prefix for keys into\n * storage mechanisms (so as to group all keys related to Solid Client Authn\n * within those storage mechanisms, e.g., window.localStorage).\n */\nconst SOLID_CLIENT_AUTHN_KEY_PREFIX = \"solidClientAuthn:\";\n/**\n * Ordered list of signature algorithms, from most preferred to least preferred.\n */\nconst PREFERRED_SIGNING_ALG = [\"ES256\", \"RS256\"];\nconst EVENTS = {\n // Note that an `error` events MUST be listened to: https://nodejs.org/dist/latest-v16.x/docs/api/events.html#error-events.\n ERROR: \"error\",\n LOGIN: \"login\",\n LOGOUT: \"logout\",\n NEW_REFRESH_TOKEN: \"newRefreshToken\",\n NEW_TOKENS: \"newTokens\",\n AUTHORIZATION_REQUEST: \"authorizationRequest\",\n SESSION_EXPIRED: \"sessionExpired\",\n SESSION_EXTENDED: \"sessionExtended\",\n SESSION_RESTORED: \"sessionRestore\",\n TIMEOUT_SET: \"timeoutSet\",\n};\n/**\n * We want to refresh a token 5 seconds before it expires.\n */\nconst REFRESH_BEFORE_EXPIRATION_SECONDS = 5;\n// The openid scope requests an OIDC ID token token to be returned.\nconst SCOPE_OPENID = \"openid\";\n// The offline_access scope requests a refresh token to be returned.\nconst SCOPE_OFFLINE = \"offline_access\";\n// The webid scope is required as per https://solid.github.io/solid-oidc/#webid-scope\nconst SCOPE_WEBID = \"webid\";\nconst DEFAULT_SCOPES = [SCOPE_OPENID, SCOPE_OFFLINE, SCOPE_WEBID];\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass AggregateHandler {\n handleables;\n constructor(handleables) {\n this.handleables = handleables;\n this.handleables = handleables;\n }\n /**\n * Helper function that will asynchronously determine the proper handler to use. If multiple\n * handlers can handle, it will choose the first one in the list\n * @param params Paramerters to feed to the handler\n */\n async getProperHandler(params) {\n // TODO : This function doesn't currently operate as described. Tests need to be written\n // return new Promise<IHandleable<P, R> | null>((resolve, reject) => {\n // const resolvedValues: Array<boolean | null> = Array(this.handleables.length).map(() => null)\n // let numberResolved = 0\n // this.handleables.forEach(async (handleable: IHandleable<P, R>, index: number) => {\n // resolvedValues[index] = await handleable.canHandle(...params)\n // numberResolved++\n // let curResolvedValueIndex = 0\n // while (\n // resolvedValues[curResolvedValueIndex] !== null ||\n // resolvedValues[curResolvedValueIndex] !== undefined\n // ) {\n // if (resolvedValues[curResolvedValueIndex]) {\n // resolve(this.handleables[curResolvedValueIndex])\n // }\n // curResolvedValueIndex++\n // }\n // })\n // })\n const canHandleList = await Promise.all(this.handleables.map((handleable) => handleable.canHandle(...params)));\n for (let i = 0; i < canHandleList.length; i += 1) {\n if (canHandleList[i]) {\n return this.handleables[i];\n }\n }\n return null;\n }\n async canHandle(...params) {\n return (await this.getProperHandler(params)) !== null;\n }\n async handle(...params) {\n const handler = await this.getProperHandler(params);\n if (handler) {\n return handler.handle(...params);\n }\n throw new Error(`[${this.constructor.name}] cannot find a suitable handler for: ${params\n .map((param) => {\n try {\n return JSON.stringify(param);\n }\n catch (_err) {\n /* eslint-disable @typescript-eslint/no-explicit-any */\n return param.toString();\n }\n })\n .join(\", \")}`);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * Extract a WebID and the clientID from an ID token payload based on https://github.com/solid/webid-oidc-spec.\n * Note that this does not yet implement the user endpoint lookup, and only checks\n * for `webid`, `azp` or IRI-like `sub` claims.\n *\n * @param idToken the payload of the ID token from which the WebID can be extracted.\n * @returns an object with entries webId and clientId extracted from the ID token.\n * @internal\n */\nasync function getWebidFromTokenPayload(idToken, jwksIri, issuerIri, clientId) {\n let payload;\n let clientIdInPayload;\n try {\n const { payload: verifiedPayload } = await jwtVerify(idToken, createRemoteJWKSet(new URL(jwksIri)), {\n issuer: issuerIri,\n audience: clientId,\n });\n payload = verifiedPayload;\n }\n catch (e) {\n throw new Error(`Token verification failed: ${e.stack}`);\n }\n if (typeof payload.azp === \"string\") {\n clientIdInPayload = payload.azp;\n }\n if (typeof payload.webid === \"string\") {\n return {\n webId: payload.webid,\n clientId: clientIdInPayload,\n };\n }\n if (typeof payload.sub !== \"string\") {\n throw new Error(`The token ${JSON.stringify(payload)} is invalid: it has no 'webid' claim and no 'sub' claim.`);\n }\n try {\n // This parses the 'sub' claim to check if it is a well-formed IRI.\n // However, the normalized value isn't returned to make sure the WebID is returned\n // as specified by the Identity Provider.\n new URL(payload.sub);\n return {\n webId: payload.sub,\n clientId: clientIdInPayload,\n };\n }\n catch (e) {\n throw new Error(`The token has no 'webid' claim, and its 'sub' claim of [${payload.sub}] is invalid as a URL - error [${e}].`);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nfunction normalizeScopes(scopes) {\n if (!Array.isArray(scopes)) {\n return DEFAULT_SCOPES;\n }\n return Array.from(\n // De-dupe potentia conflicts if any.\n new Set([\n ...DEFAULT_SCOPES,\n ...scopes.filter(\n // Remove user-provided scopes that are not strings or include spaces.\n (scope) => typeof scope === \"string\" && !scope.includes(\" \")),\n ]));\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nfunction isValidRedirectUrl(redirectUrl) {\n // If the redirect URL is not a valid URL, an error will be thrown.\n try {\n const urlObject = new URL(redirectUrl);\n const noReservedQuery = !urlObject.searchParams.has(\"code\") &&\n !urlObject.searchParams.has(\"state\");\n // As per https://tools.ietf.org/html/rfc6749#section-3.1.2, the redirect URL\n // must not include a hash fragment.\n const noHash = urlObject.hash === \"\";\n return noReservedQuery && noHash;\n }\n catch (_e) {\n return false;\n }\n}\nfunction removeOpenIdParams(redirectUrl) {\n const cleanedUpUrl = new URL(redirectUrl);\n // For auth code flow\n cleanedUpUrl.searchParams.delete(\"state\");\n cleanedUpUrl.searchParams.delete(\"code\");\n // For login error\n cleanedUpUrl.searchParams.delete(\"error\");\n cleanedUpUrl.searchParams.delete(\"error_description\");\n // For RFC9207\n cleanedUpUrl.searchParams.delete(\"iss\");\n return cleanedUpUrl;\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n * @packageDocumentation\n */\nfunction booleanWithFallback(value, fallback) {\n if (typeof value === \"boolean\") {\n return Boolean(value);\n }\n return Boolean(fallback);\n}\n/**\n * @hidden\n * Authorization code flow spec: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth\n * PKCE: https://tools.ietf.org/html/rfc7636\n */\nclass AuthorizationCodeWithPkceOidcHandlerBase {\n storageUtility;\n redirector;\n constructor(storageUtility, redirector) {\n this.storageUtility = storageUtility;\n this.redirector = redirector;\n this.storageUtility = storageUtility;\n this.redirector = redirector;\n }\n parametersGuard = (oidcLoginOptions) => {\n return (oidcLoginOptions.issuerConfiguration.grantTypesSupported !== undefined &&\n oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf(\"authorization_code\") > -1 &&\n oidcLoginOptions.redirectUrl !== undefined);\n };\n async canHandle(oidcLoginOptions) {\n return this.parametersGuard(oidcLoginOptions);\n }\n async setupRedirectHandler({ oidcLoginOptions, state, codeVerifier, targetUrl, }) {\n if (!this.parametersGuard(oidcLoginOptions)) {\n throw new Error(\"The authorization code grant requires a redirectUrl.\");\n }\n await Promise.all([\n // We use the OAuth 'state' value (which should be crypto-random) as\n // the key in our storage to store our actual SessionID. We do this\n // 'cos we'll need to lookup our session information again when the\n // browser is redirected back to us (i.e. the OAuth client\n // application) from the Authorization Server.\n // We don't want to use our session ID as the OAuth 'state' value, as\n // that session ID can be any developer-specified value, and therefore\n // may not be appropriate (since the OAuth 'state' value should really\n // be an unguessable crypto-random value).\n this.storageUtility.setForUser(state, {\n sessionId: oidcLoginOptions.sessionId,\n }),\n // Store our login-process state using the session ID as the key.\n // Strictly speaking, this indirection from our OAuth state value to\n // our session ID is unnecessary, but it provides a slightly cleaner\n // separation of concerns.\n this.storageUtility.setForUser(oidcLoginOptions.sessionId, {\n codeVerifier,\n issuer: oidcLoginOptions.issuer.toString(),\n // The redirect URL is read after redirect, so it must be stored now.\n redirectUrl: oidcLoginOptions.redirectUrl,\n dpop: Boolean(oidcLoginOptions.dpop).toString(),\n keepAlive: booleanWithFallback(oidcLoginOptions.keepAlive, true).toString(),\n }),\n ]);\n this.redirector.redirect(targetUrl, {\n handleRedirect: oidcLoginOptions.handleRedirect,\n });\n return undefined;\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass GeneralLogoutHandler {\n sessionInfoManager;\n constructor(sessionInfoManager) {\n this.sessionInfoManager = sessionInfoManager;\n this.sessionInfoManager = sessionInfoManager;\n }\n async canHandle() {\n return true;\n }\n async handle(userId) {\n await this.sessionInfoManager.clear(userId);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nclass IRpLogoutHandler {\n redirector;\n constructor(redirector) {\n this.redirector = redirector;\n this.redirector = redirector;\n }\n async canHandle(userId, options) {\n return options?.logoutType === \"idp\";\n }\n async handle(userId, options) {\n if (options?.logoutType !== \"idp\") {\n throw new Error(\"Attempting to call idp logout handler to perform app logout\");\n }\n if (options.toLogoutUrl === undefined) {\n throw new Error(\"Cannot perform IDP logout. Did you log in using the OIDC authentication flow?\");\n }\n this.redirector.redirect(options.toLogoutUrl(options), {\n handleRedirect: options.handleRedirect,\n });\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nclass IWaterfallLogoutHandler {\n handlers;\n constructor(sessionInfoManager, redirector) {\n this.handlers = [\n new GeneralLogoutHandler(sessionInfoManager),\n new IRpLogoutHandler(redirector),\n ];\n }\n async canHandle() {\n return true;\n }\n async handle(userId, options) {\n for (const handler of this.handlers) {\n if (await handler.canHandle(userId, options))\n await handler.handle(userId, options);\n }\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n * @packageDocumentation\n */\nfunction getUnauthenticatedSession() {\n return {\n isLoggedIn: false,\n sessionId: v4(),\n fetch: (...args) => fetch(...args),\n };\n}\n/**\n * @param sessionId\n * @param storage\n * @hidden\n */\nasync function clear(sessionId, storage) {\n await Promise.all([\n storage.deleteAllUserData(sessionId, { secure: false }),\n storage.deleteAllUserData(sessionId, { secure: true }),\n ]);\n}\n/**\n * @hidden\n */\nclass SessionInfoManagerBase {\n storageUtility;\n constructor(storageUtility) {\n this.storageUtility = storageUtility;\n this.storageUtility = storageUtility;\n }\n update(_sessionId, _options) {\n throw new Error(\"Not Implemented\");\n }\n set(_sessionId, _sessionInfo) {\n throw new Error(\"Not Implemented\");\n }\n get(_) {\n throw new Error(\"Not implemented\");\n }\n async getAll() {\n throw new Error(\"Not implemented\");\n }\n /**\n * This function removes all session-related information from storage.\n * @param sessionId the session identifier\n * @hidden\n */\n async clear(sessionId) {\n return clear(sessionId, this.storageUtility);\n }\n /**\n * Registers a new session, so that its ID can be retrieved.\n */\n async register(_sessionId) {\n throw new Error(\"Not implemented\");\n }\n /**\n * Returns all the registered session IDs. Differs from getAll, which also\n * returns additional session information.\n */\n async getRegisteredSessionIdAll() {\n throw new Error(\"Not implemented\");\n }\n /**\n * Deletes all information about all sessions, including their registrations.\n */\n async clearAll() {\n throw new Error(\"Not implemented\");\n }\n /**\n * Sets authorization request state in storage for a given session ID.\n */\n async setOidcContext(_sessionId, _authorizationRequestState) {\n throw new Error(\"Not implemented\");\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * This function is designed to isomorphically capture the behavior in oidc-client-js and node-oidc-provider\n * - https://github.com/IdentityModel/oidc-client-js/blob/edec8f59897bdeedcb0b4167586d49626203c2c1/src/OidcClient.js#L138\n * - https://github.com/panva/node-openid-client/blob/35758419489ff751a71f5b66f5020087a63e1e88/lib/client.js#L284\n *\n * @param options IEndSessionOptions\n * @returns The URL to redirect to in order to perform RP Initiated Logout\n * @hidden\n */\nfunction getEndSessionUrl({ endSessionEndpoint, idTokenHint, postLogoutRedirectUri, state, }) {\n const url = new URL(endSessionEndpoint);\n if (idTokenHint !== undefined)\n url.searchParams.append(\"id_token_hint\", idTokenHint);\n if (postLogoutRedirectUri !== undefined) {\n url.searchParams.append(\"post_logout_redirect_uri\", postLogoutRedirectUri);\n if (state !== undefined)\n url.searchParams.append(\"state\", state);\n }\n return url.toString();\n}\n/**\n * @param options.endSessionEndpoint The end_session_endpoint advertised by the server\n * @param options.idTokenHint The idToken supplied by the server after logging in\n * Redirects the window to the location required to perform RP initiated logout\n *\n * @hidden\n */\nfunction maybeBuildRpInitiatedLogout({ endSessionEndpoint, idTokenHint, }) {\n if (endSessionEndpoint === undefined)\n return undefined;\n return function logout({ state, postLogoutUrl }) {\n return getEndSessionUrl({\n endSessionEndpoint,\n idTokenHint,\n state,\n postLogoutRedirectUri: postLogoutUrl,\n });\n };\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nfunction isSupportedTokenType(token) {\n return typeof token === \"string\" && [\"DPoP\", \"Bearer\"].includes(token);\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nconst USER_SESSION_PREFIX = \"solidClientAuthenticationUser\";\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nfunction isValidUrl(url) {\n try {\n // Here, the URL constructor is just called to parse the given string and\n // verify if it is a well-formed IRI.\n new URL(url);\n return true;\n }\n catch {\n return false;\n }\n}\nfunction determineSigningAlg(supported, preferred) {\n return (preferred.find((signingAlg) => {\n return supported.includes(signingAlg);\n }) ?? null);\n}\nfunction isStaticClient(options) {\n return options.clientId !== undefined && !isValidUrl(options.clientId);\n}\nfunction isSolidOidcClient(options, issuerConfig) {\n return (issuerConfig.scopesSupported.includes(\"webid\") &&\n options.clientId !== undefined &&\n isValidUrl(options.clientId));\n}\nfunction isKnownClientType(clientType) {\n return (typeof clientType === \"string\" &&\n [\"dynamic\", \"static\", \"solid-oidc\"].includes(clientType));\n}\nasync function handleRegistration(options, issuerConfig, storageUtility, clientRegistrar) {\n let clientInfo;\n if (isSolidOidcClient(options, issuerConfig)) {\n clientInfo = {\n clientId: options.clientId,\n clientName: options.clientName,\n clientType: \"solid-oidc\",\n };\n }\n else if (isStaticClient(options)) {\n clientInfo = {\n clientId: options.clientId,\n clientSecret: options.clientSecret,\n clientName: options.clientName,\n clientType: \"static\",\n };\n }\n else {\n // Case of a dynamically registered client.\n return clientRegistrar.getClient({\n sessionId: options.sessionId,\n clientName: options.clientName,\n redirectUrl: options.redirectUrl,\n }, issuerConfig);\n }\n // If a client_id was provided, and the Identity Provider is Solid-OIDC compliant,\n // or it is not compliant but the client_id isn't an IRI (we assume it has already\n // been registered with the IdP), then the client registration information needs\n // to be stored so that it can be retrieved later after redirect.\n const infoToSave = {\n clientId: clientInfo.clientId,\n clientType: clientInfo.clientType,\n };\n if (clientInfo.clientType === \"static\") {\n infoToSave.clientSecret = clientInfo.clientSecret;\n }\n if (clientInfo.clientName) {\n infoToSave.clientName = clientInfo.clientName;\n }\n // Note that due to the underlying implementation, doing a `Promise.all`\n // on multiple `storageUtility.setForUser` results in the last one\n // overriding the previous calls.\n await storageUtility.setForUser(options.sessionId, infoToSave);\n return clientInfo;\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nconst boundFetch = (request, init) => fetch(request, init);\n/**\n * @hidden\n */\nclass ClientAuthentication {\n loginHandler;\n redirectHandler;\n logoutHandler;\n sessionInfoManager;\n issuerConfigFetcher;\n boundLogout;\n constructor(loginHandler, redirectHandler, logoutHandler, sessionInfoManager, issuerConfigFetcher) {\n this.loginHandler = loginHandler;\n this.redirectHandler = redirectHandler;\n this.logoutHandler = logoutHandler;\n this.sessionInfoManager = sessionInfoManager;\n this.issuerConfigFetcher = issuerConfigFetcher;\n this.loginHandler = loginHandler;\n this.redirectHandler = redirectHandler;\n this.logoutHandler = logoutHandler;\n this.sessionInfoManager = sessionInfoManager;\n this.issuerConfigFetcher = issuerConfigFetcher;\n }\n // By default, our fetch() resolves to the environment fetch() function.\n fetch = boundFetch;\n logout = async (sessionId, options) => {\n // When doing IDP logout this will redirect away from the current page, so we should not expect\n // code after this condition to be run if it is true.\n // We also need to make sure that any other cleanup that we want to do for\n // our session takes place before this condition is run\n await this.logoutHandler.handle(sessionId, options?.logoutType === \"idp\"\n ? {\n ...options,\n toLogoutUrl: this.boundLogout,\n }\n : options);\n // Restore our fetch() function back to the environment fetch(), effectively\n // leaving us with un-authenticated fetches from now on.\n this.fetch = boundFetch;\n // Delete the bound logout function, so that it can't be called after this.\n delete this.boundLogout;\n };\n getSessionInfo = async (sessionId) => {\n // TODO complete\n return this.sessionInfoManager.get(sessionId);\n };\n getAllSessionInfo = async () => {\n return this.sessionInfoManager.getAll();\n };\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n * @packageDocumentation\n */\n/**\n * A helper class that will validate items taken from local storage\n */\nasync function getSessionIdFromOauthState(storageUtility, oauthState) {\n return storageUtility.getForUser(oauthState, \"sessionId\");\n}\n/**\n * Based on the provided state, this looks up contextual information stored\n * before redirecting the user to the OIDC issuer.\n * @param sessionId The state (~ correlation ID) of the OIDC request\n * @param storageUtility\n * @param configFetcher\n * @returns Information stored about the client issuing the request\n */\nasync function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {\n try {\n const [issuerIri, codeVerifier, storedRedirectIri, dpop, keepAlive] = await Promise.all([\n storageUtility.getForUser(sessionId, \"issuer\", {\n errorIfNull: true,\n }),\n storageUtility.getForUser(sessionId, \"codeVerifier\"),\n storageUtility.getForUser(sessionId, \"redirectUrl\"),\n storageUtility.getForUser(sessionId, \"dpop\", { errorIfNull: true }),\n storageUtility.getForUser(sessionId, \"keepAlive\"),\n ]);\n // Clear the code verifier, which is one-time use.\n await storageUtility.deleteForUser(sessionId, \"codeVerifier\");\n // Unlike openid-client, this looks up the configuration from storage\n const issuerConfig = await configFetcher.fetchConfig(issuerIri);\n return {\n codeVerifier,\n redirectUrl: storedRedirectIri,\n issuerConfig,\n dpop: dpop === \"true\",\n // Default keepAlive to true if not found in storage.\n keepAlive: typeof keepAlive === \"string\" ? keepAlive === \"true\" : true,\n };\n }\n catch (e) {\n throw new Error(`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`);\n }\n}\n/**\n * Stores information about the session in the provided storage. Note that not\n * all storage are equally secure, and it is strongly advised not to store either\n * the refresh token or the DPoP key in the browser's local storage.\n *\n * @param storageUtility\n * @param sessionId\n * @param webId\n * @param clientId\n * @param isLoggedIn\n * @param refreshToken\n * @param secure\n * @param dpopKey\n */\nasync function saveSessionInfoToStorage(storageUtility, sessionId, webId, clientId, isLoggedIn, refreshToken, secure, dpopKey) {\n // TODO: Investigate why this does not work with a Promise.all\n if (refreshToken !== undefined) {\n await storageUtility.setForUser(sessionId, { refreshToken }, { secure });\n }\n if (webId !== undefined) {\n await storageUtility.setForUser(sessionId, { webId }, { secure });\n }\n if (clientId !== undefined) {\n await storageUtility.setForUser(sessionId, { clientId }, { secure });\n }\n if (isLoggedIn !== undefined) {\n await storageUtility.setForUser(sessionId, { isLoggedIn }, { secure });\n }\n if (dpopKey !== undefined) {\n await storageUtility.setForUser(sessionId, {\n publicKey: JSON.stringify(dpopKey.publicKey),\n privateKey: JSON.stringify(await exportJWK(dpopKey.privateKey)),\n }, { secure });\n }\n}\n// TOTEST: this does not handle all possible bad inputs for example what if it's not proper JSON\n/**\n * @hidden\n */\nclass StorageUtility {\n secureStorage;\n insecureStorage;\n constructor(secureStorage, insecureStorage) {\n this.secureStorage = secureStorage;\n this.insecureStorage = insecureStorage;\n this.secureStorage = secureStorage;\n this.insecureStorage = insecureStorage;\n }\n getKey(userId) {\n return `solidClientAuthenticationUser:${userId}`;\n }\n async getUserData(userId, secure) {\n const stored = await (secure ? this.secureStorage : this.insecureStorage).get(this.getKey(userId));\n if (stored === undefined) {\n return {};\n }\n try {\n return JSON.parse(stored);\n }\n catch (_err) {\n throw new Error(`Data for user [${userId}] in [${secure ? \"secure\" : \"unsecure\"}] storage is corrupted - expected valid JSON, but got: ${stored}`);\n }\n }\n async setUserData(userId, data, secure) {\n await (secure ? this.secureStorage : this.insecureStorage).set(this.getKey(userId), JSON.stringify(data));\n }\n async get(key, options) {\n const value = await (options?.secure ? this.secureStorage : this.insecureStorage).get(key);\n if (value === undefined && options?.errorIfNull) {\n throw new Error(`[${key}] is not stored`);\n }\n return value;\n }\n async set(key, value, options) {\n return (options?.secure ? this.secureStorage : this.insecureStorage).set(key, value);\n }\n async delete(key, options) {\n return (options?.secure ? this.secureStorage : this.insecureStorage).delete(key);\n }\n async getForUser(userId, key, options) {\n const userData = await this.getUserData(userId, options?.secure);\n let value;\n if (!userData || !userData[key]) {\n value = undefined;\n }\n value = userData[key];\n if (value === undefined && options?.errorIfNull) {\n throw new Error(`Field [${key}] for user [${userId}] is not stored`);\n }\n return value || undefined;\n }\n async setForUser(userId, values, options) {\n let userData;\n try {\n userData = await this.getUserData(userId, options?.secure);\n }\n catch {\n // if reading the user data throws, the data is corrupted, and we want to write over it\n userData = {};\n }\n await this.setUserData(userId, { ...userData, ...values }, options?.secure);\n }\n async deleteForUser(userId, key, options) {\n const userData = await this.getUserData(userId, options?.secure);\n delete userData[key];\n await this.setUserData(userId, userData, options?.secure);\n }\n async deleteAllUserData(userId, options) {\n await (options?.secure ? this.secureStorage : this.insecureStorage).delete(this.getKey(userId));\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass InMemoryStorage {\n map = {};\n async get(key) {\n return this.map[key] || undefined;\n }\n async set(key, value) {\n this.map[key] = value;\n }\n async delete(key) {\n delete this.map[key];\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n * @packageDocumentation\n */\n/**\n * Error to be triggered when a poor configuration is received\n */\n// NOTE: There's a bug with istanbul and typescript that prevents full branch coverages\n// https://github.com/gotwarlost/istanbul/issues/690\n// The workaround is to put istanbul ignore on the constructor\n/**\n * @hidden\n */\nclass ConfigurationError extends Error {\n /* istanbul ignore next */\n constructor(message) {\n super(message);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n * @packageDocumentation\n */\n/**\n * Error to be triggered if a method is not implemented\n * @hidden\n */\nclass NotImplementedError extends Error {\n /* istanbul ignore next */\n constructor(methodName) {\n super(`[${methodName}] is not implemented`);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n * @packageDocumentation\n */\n/**\n * Error to be triggered when receiving a response missing mandatory elements\n */\n// NOTE: There's a bug with istanbul and typescript that prevents full branch coverages\n// https://github.com/gotwarlost/istanbul/issues/690\n// The workaround is to put istanbul ignore on the constructor\n/**\n * @hidden\n */\nclass InvalidResponseError extends Error {\n missingFields;\n /* istanbul ignore next */\n constructor(missingFields) {\n super(`Invalid response from OIDC provider: missing fields ${missingFields}`);\n this.missingFields = missingFields;\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n * @packageDocumentation\n */\n/**\n * Error to be triggered when receiving a response missing mandatory elements\n */\n// NOTE: There's a bug with istanbul and typescript that prevents full branch coverages\n// https://github.com/gotwarlost/istanbul/issues/690\n// The workaround is to put istanbul ignore on the constructor\n/**\n * @hidden\n */\nclass OidcProviderError extends Error {\n error;\n errorDescription;\n /* istanbul ignore next */\n constructor(message, error, errorDescription) {\n super(message);\n this.error = error;\n this.errorDescription = errorDescription;\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * Normalizes a URL in order to generate the DPoP token based on a consistent scheme.\n *\n * @param audience The URL to normalize.\n * @returns The normalized URL as a string.\n * @hidden\n */\nfunction normalizeHTU(audience) {\n const audienceUrl = new URL(audience);\n return new URL(audienceUrl.pathname, audienceUrl.origin).toString();\n}\n/**\n * Creates a DPoP header according to https://tools.ietf.org/html/draft-fett-oauth-dpop-04,\n * based on the target URL and method, using the provided key.\n *\n * @param audience Target URL.\n * @param method HTTP method allowed.\n * @param dpopKey Key used to sign the token.\n * @returns A JWT that can be used as a DPoP Authorization header.\n */\nasync function createDpopHeader(audience, method, dpopKey) {\n return new SignJWT({\n htu: normalizeHTU(audience),\n htm: method.toUpperCase(),\n jti: v4(),\n })\n .setProtectedHeader({\n alg: PREFERRED_SIGNING_ALG[0],\n jwk: dpopKey.publicKey,\n typ: \"dpop+jwt\",\n })\n .setIssuedAt()\n .sign(dpopKey.privateKey, {});\n}\nasync function generateDpopKeyPair() {\n const { privateKey, publicKey } = await generateKeyPair(PREFERRED_SIGNING_ALG[0], { extractable: true });\n const dpopKeyPair = {\n privateKey,\n publicKey: await exportJWK(publicKey),\n };\n // The alg property isn't set by exportJWK, so set it manually.\n [dpopKeyPair.publicKey.alg] = PREFERRED_SIGNING_ALG;\n return dpopKeyPair;\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * If expires_in isn't specified for the access token, we assume its lifetime is\n * 10 minutes.\n */\nconst DEFAULT_EXPIRATION_TIME_SECONDS = 600;\nfunction isExpectedAuthError(statusCode) {\n // As per https://tools.ietf.org/html/rfc7235#section-3.1 and https://tools.ietf.org/html/rfc7235#section-3.1,\n // a response failing because the provided credentials aren't accepted by the\n // server can get a 401 or a 403 response.\n return [401, 403].includes(statusCode);\n}\nasync function buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions) {\n const headers = new Headers(defaultOptions?.headers);\n // Any pre-existing Authorization header should be overriden.\n headers.set(\"Authorization\", `DPoP ${authToken}`);\n headers.set(\"DPoP\", await createDpopHeader(targetUrl, defaultOptions?.method ?? \"get\", dpopKey));\n return {\n ...defaultOptions,\n headers,\n };\n}\nasync function buildAuthenticatedHeaders(targetUrl, authToken, dpopKey, defaultOptions) {\n if (dpopKey !== undefined) {\n return buildDpopFetchOptions(targetUrl, authToken, dpopKey, defaultOptions);\n }\n const headers = new Headers(defaultOptions?.headers);\n // Any pre-existing Authorization header should be overriden.\n headers.set(\"Authorization\", `Bearer ${authToken}`);\n return {\n ...defaultOptions,\n headers,\n };\n}\nasync function makeAuthenticatedRequest(accessToken, url, defaultRequestInit, dpopKey, unauthFetch = fetch) {\n return unauthFetch(url, await buildAuthenticatedHeaders(url.toString(), accessToken, dpopKey, defaultRequestInit));\n}\nasync function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {\n const tokenSet = await refreshOptions.tokenRefresher.refresh(refreshOptions.sessionId, refreshOptions.refreshToken, dpopKey);\n eventEmitter?.emit(EVENTS.SESSION_EXTENDED, tokenSet.expiresIn ?? DEFAULT_EXPIRATION_TIME_SECONDS);\n return {\n accessToken: tokenSet.accessToken,\n refreshToken: tokenSet.refreshToken,\n expiresIn: tokenSet.expiresIn,\n };\n}\n/**\n *\n * @param expiresIn Delay until the access token expires.\n * @returns a delay until the access token should be refreshed.\n */\nconst computeRefreshDelay = (expiresIn) => {\n if (expiresIn !== undefined) {\n return expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS > 0\n ? // We want to refresh the token 5 seconds before they actually expire.\n expiresIn - REFRESH_BEFORE_EXPIRATION_SECONDS\n : expiresIn;\n }\n return DEFAULT_EXPIRATION_TIME_SECONDS;\n};\n/**\n * @param accessToken an access token, either a Bearer token or a DPoP one.\n * @param options The option object may contain two objects: the DPoP key token\n * is bound to if applicable, and options to customize token renewal behavior.\n * @param {typeof fetch} [options.fetch=fetch] A custom fetch function (defaults to the global fetch).\n *\n * @returns A fetch function that adds an appropriate Authorization header with\n * the provided token, and adds a DPoP header if applicable.\n */\nfunction buildAuthenticatedFetch(accessToken, options) {\n let currentAccessToken = accessToken;\n let latestTimeout;\n const currentRefreshOptions = options?.refreshOptions;\n const emitter = options?.eventEmitter;\n // Setup the refresh timeout outside of the authenticated fetch, so that\n // an idle app will not get logged out if it doesn't issue a fetch before\n // the first expiration date.\n if (options !== undefined && currentRefreshOptions !== undefined) {\n const proactivelyRefreshToken = async () => {\n try {\n const { accessToken: refreshedAccessToken, refreshToken, expiresIn, } = await refreshAccessToken(currentRefreshOptions, options.dpopKey, emitter);\n // Update the tokens in the closure if appropriate.\n currentAccessToken = refreshedAccessToken;\n if (refreshToken !== undefined) {\n currentRefreshOptions.refreshToken = refreshToken;\n }\n // Each time the access token is refreshed, we must plan for the next\n // refresh iteration.\n clearTimeout(latestTimeout);\n latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(expiresIn) * 1000);\n // If currentRefreshOptions is defined, options is necessarily defined too.\n options.eventEmitter?.emit(EVENTS.TIMEOUT_SET, latestTimeout);\n }\n catch (e) {\n // It is possible that an underlying library throws an error on refresh flow failure.\n // If we used a log framework, the error could be logged at the `debug` level,\n // but otherwise the failure of the refresh flow should not blow up in the user's\n // face, so we just swallow the error.\n if (e instanceof OidcProviderError) {\n // The OIDC provider refused to refresh the access token and returned an error instead.\n /* istanbul ignore next 100% coverage would require testing that nothing\n happens here if the emitter is undefined, which is more cumbersome\n than what it's worth. */\n emitter?.emit(EVENTS.ERROR, e.error, e.errorDescription);\n /* istanbul ignore next 100% coverage would require testing that nothing\n happens here if the emitter is undefined, which is more cumbersome\n than what it's worth. */\n emitter?.emit(EVENTS.SESSION_EXPIRED);\n }\n if (e instanceof InvalidResponseError &&\n e.missingFields.includes(\"access_token\")) {\n // In this case, the OIDC provider returned a non-standard response, but\n // did not specify that it was an error. We cannot refresh nonetheless.\n /* istanbul ignore next 100% coverage would require testing that nothing\n happens here if the emitter is undefined, which is more cumbersome\n than what it's worth. */\n emitter?.emit(EVENTS.SESSION_EXPIRED);\n }\n }\n };\n latestTimeout = setTimeout(proactivelyRefreshToken, \n // If currentRefreshOptions is defined, options is necessarily defined too.\n computeRefreshDelay(options.expiresIn) * 1000);\n emitter?.emit(EVENTS.TIMEOUT_SET, latestTimeout);\n }\n else if (emitter !== undefined) {\n // If no refresh options are provided, the session expires when the access token does.\n const expirationTimeout = setTimeout(() => {\n emitter.emit(EVENTS.SESSION_EXPIRED);\n }, computeRefreshDelay(options?.expiresIn) * 1000);\n emitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);\n }\n return async (url, requestInit) => {\n let response = await makeAuthenticatedRequest(currentAccessToken, url, requestInit, options?.dpopKey, options?.fetch);\n const failedButNotExpectedAuthError = !response.ok && !isExpectedAuthError(response.status);\n if (response.ok || failedButNotExpectedAuthError) {\n // If there hasn't been a redirection, or if there has been a non-auth related\n // issue, it should be handled at the application level\n return response;\n }\n const hasBeenRedirected = response.url !== url;\n if (hasBeenRedirected && options?.dpopKey !== undefined) {\n // If the request failed for auth reasons, and has been redirected, we should\n // replay it generating a DPoP header for the rediration target IRI. This\n // doesn't apply to Bearer tokens, as the Bearer tokens aren't specific\n // to a given resource and method, while the DPoP header (associated to a\n // DPoP token) is.\n response = await makeAuthenticatedRequest(currentAccessToken, \n // Replace the original target IRI (`url`) by the redirection target\n response.url, requestInit, options.dpopKey, options.fetch);\n }\n return response;\n };\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nconst StorageUtilityGetResponse = \"getResponse\";\nconst StorageUtilityMock = {\n /* eslint-disable @typescript-eslint/no-unused-vars */\n get: async (key, options) => StorageUtilityGetResponse,\n set: async (key, value) => {\n /* do nothing */\n },\n delete: async (key) => {\n /* do nothing */\n },\n getForUser: async (userId, key, options) => StorageUtilityGetResponse,\n setForUser: async (userId, values, options) => {\n /* do nothing */\n },\n deleteForUser: async (userId, key, options) => {\n /* do nothing */\n },\n deleteAllUserData: async (userId, options) => {\n /* do nothing */\n },\n};\nconst mockStorage = (stored) => {\n const store = stored;\n return {\n get: async (key) => {\n if (store[key] === undefined) {\n return undefined;\n }\n if (typeof store[key] === \"string\") {\n return store[key];\n }\n return JSON.stringify(store[key]);\n },\n set: async (key, value) => {\n store[key] = value;\n },\n delete: async (key) => {\n delete store[key];\n },\n };\n};\nconst mockStorageUtility = (stored, isSecure = false) => {\n if (isSecure) {\n return new StorageUtility(mockStorage(stored), mockStorage({}));\n }\n return new StorageUtility(mockStorage({}), mockStorage(stored));\n};\n\nexport { AggregateHandler, AuthorizationCodeWithPkceOidcHandlerBase, ClientAuthentication, ConfigurationError, DEFAULT_SCOPES, EVENTS, GeneralLogoutHandler, IRpLogoutHandler, IWaterfallLogoutHandler, InMemoryStorage, InvalidResponseError, NotImplementedError, OidcProviderError, PREFERRED_SIGNING_ALG, REFRESH_BEFORE_EXPIRATION_SECONDS, SOLID_CLIENT_AUTHN_KEY_PREFIX, SessionInfoManagerBase, StorageUtility, StorageUtilityGetResponse, StorageUtilityMock, USER_SESSION_PREFIX, buildAuthenticatedFetch, clear, createDpopHeader, determineSigningAlg, generateDpopKeyPair, getEndSessionUrl, getSessionIdFromOauthState, getUnauthenticatedSession, getWebidFromTokenPayload, handleRegistration, isKnownClientType, isSupportedTokenType, isValidRedirectUrl, loadOidcContextFromStorage, maybeBuildRpInitiatedLogout, mockStorage, mockStorageUtility, normalizeScopes, removeOpenIdParams, saveSessionInfoToStorage };\n//# sourceMappingURL=index.mjs.map\n","export class InvalidTokenError extends Error {\n}\nInvalidTokenError.prototype.name = \"InvalidTokenError\";\nfunction b64DecodeUnicode(str) {\n return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {\n let code = p.charCodeAt(0).toString(16).toUpperCase();\n if (code.length < 2) {\n code = \"0\" + code;\n }\n return \"%\" + code;\n }));\n}\nfunction base64UrlDecode(str) {\n let output = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (output.length % 4) {\n case 0:\n break;\n case 2:\n output += \"==\";\n break;\n case 3:\n output += \"=\";\n break;\n default:\n throw new Error(\"base64 string is not of the correct length\");\n }\n try {\n return b64DecodeUnicode(output);\n }\n catch (err) {\n return atob(output);\n }\n}\nexport function jwtDecode(token, options) {\n if (typeof token !== \"string\") {\n throw new InvalidTokenError(\"Invalid token specified: must be a string\");\n }\n options || (options = {});\n const pos = options.header === true ? 0 : 1;\n const part = token.split(\".\")[pos];\n if (typeof part !== \"string\") {\n throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);\n }\n let decoded;\n try {\n decoded = base64UrlDecode(part);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);\n }\n try {\n return JSON.parse(decoded);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);\n }\n}\n","// src/utils/Logger.ts\nvar nopLogger = {\n debug: () => void 0,\n info: () => void 0,\n warn: () => void 0,\n error: () => void 0\n};\nvar level;\nvar logger;\nvar Log = /* @__PURE__ */ ((Log2) => {\n Log2[Log2[\"NONE\"] = 0] = \"NONE\";\n Log2[Log2[\"ERROR\"] = 1] = \"ERROR\";\n Log2[Log2[\"WARN\"] = 2] = \"WARN\";\n Log2[Log2[\"INFO\"] = 3] = \"INFO\";\n Log2[Log2[\"DEBUG\"] = 4] = \"DEBUG\";\n return Log2;\n})(Log || {});\n((Log2) => {\n function reset() {\n level = 3 /* INFO */;\n logger = nopLogger;\n }\n Log2.reset = reset;\n function setLevel(value) {\n if (!(0 /* NONE */ <= value && value <= 4 /* DEBUG */)) {\n throw new Error(\"Invalid log level\");\n }\n level = value;\n }\n Log2.setLevel = setLevel;\n function setLogger(value) {\n logger = value;\n }\n Log2.setLogger = setLogger;\n})(Log || (Log = {}));\nvar Logger = class _Logger {\n constructor(_name) {\n this._name = _name;\n }\n /* eslint-disable @typescript-eslint/no-unsafe-enum-comparison */\n debug(...args) {\n if (level >= 4 /* DEBUG */) {\n logger.debug(_Logger._format(this._name, this._method), ...args);\n }\n }\n info(...args) {\n if (level >= 3 /* INFO */) {\n logger.info(_Logger._format(this._name, this._method), ...args);\n }\n }\n warn(...args) {\n if (level >= 2 /* WARN */) {\n logger.warn(_Logger._format(this._name, this._method), ...args);\n }\n }\n error(...args) {\n if (level >= 1 /* ERROR */) {\n logger.error(_Logger._format(this._name, this._method), ...args);\n }\n }\n /* eslint-enable @typescript-eslint/no-unsafe-enum-comparison */\n throw(err) {\n this.error(err);\n throw err;\n }\n create(method) {\n const methodLogger = Object.create(this);\n methodLogger._method = method;\n methodLogger.debug(\"begin\");\n return methodLogger;\n }\n static createStatic(name, staticMethod) {\n const staticLogger = new _Logger(`${name}.${staticMethod}`);\n staticLogger.debug(\"begin\");\n return staticLogger;\n }\n static _format(name, method) {\n const prefix = `[${name}]`;\n return method ? `${prefix} ${method}:` : prefix;\n }\n /* eslint-disable @typescript-eslint/no-unsafe-enum-comparison */\n // helpers for static class methods\n static debug(name, ...args) {\n if (level >= 4 /* DEBUG */) {\n logger.debug(_Logger._format(name), ...args);\n }\n }\n static info(name, ...args) {\n if (level >= 3 /* INFO */) {\n logger.info(_Logger._format(name), ...args);\n }\n }\n static warn(name, ...args) {\n if (level >= 2 /* WARN */) {\n logger.warn(_Logger._format(name), ...args);\n }\n }\n static error(name, ...args) {\n if (level >= 1 /* ERROR */) {\n logger.error(_Logger._format(name), ...args);\n }\n }\n /* eslint-enable @typescript-eslint/no-unsafe-enum-comparison */\n};\nLog.reset();\n\n// src/utils/JwtUtils.ts\nimport { jwtDecode } from \"jwt-decode\";\nvar JwtUtils = class {\n // IMPORTANT: doesn't validate the token\n static decode(token) {\n try {\n return jwtDecode(token);\n } catch (err) {\n Logger.error(\"JwtUtils.decode\", err);\n throw err;\n }\n }\n static async generateSignedJwt(header, payload, privateKey) {\n const encodedHeader = CryptoUtils.encodeBase64Url(new TextEncoder().encode(JSON.stringify(header)));\n const encodedPayload = CryptoUtils.encodeBase64Url(new TextEncoder().encode(JSON.stringify(payload)));\n const encodedToken = `${encodedHeader}.${encodedPayload}`;\n const signature = await window.crypto.subtle.sign(\n {\n name: \"ECDSA\",\n hash: { name: \"SHA-256\" }\n },\n privateKey,\n new TextEncoder().encode(encodedToken)\n );\n const encodedSignature = CryptoUtils.encodeBase64Url(new Uint8Array(signature));\n return `${encodedToken}.${encodedSignature}`;\n }\n static async generateSignedJwtWithHmac(header, payload, secretKey) {\n const encodedHeader = CryptoUtils.encodeBase64Url(new TextEncoder().encode(JSON.stringify(header)));\n const encodedPayload = CryptoUtils.encodeBase64Url(new TextEncoder().encode(JSON.stringify(payload)));\n const encodedToken = `${encodedHeader}.${encodedPayload}`;\n const signature = await window.crypto.subtle.sign(\n \"HMAC\",\n secretKey,\n new TextEncoder().encode(encodedToken)\n );\n const encodedSignature = CryptoUtils.encodeBase64Url(new Uint8Array(signature));\n return `${encodedToken}.${encodedSignature}`;\n }\n};\n\n// src/utils/CryptoUtils.ts\nvar UUID_V4_TEMPLATE = \"10000000-1000-4000-8000-100000000000\";\nvar toBase64 = (val) => btoa([...new Uint8Array(val)].map((chr) => String.fromCharCode(chr)).join(\"\"));\nvar _CryptoUtils = class _CryptoUtils {\n static _randomWord() {\n const arr = new Uint32Array(1);\n crypto.getRandomValues(arr);\n return arr[0];\n }\n /**\n * Generates RFC4122 version 4 guid\n */\n static generateUUIDv4() {\n const uuid = UUID_V4_TEMPLATE.replace(\n /[018]/g,\n (c) => (+c ^ _CryptoUtils._randomWord() & 15 >> +c / 4).toString(16)\n );\n return uuid.replace(/-/g, \"\");\n }\n /**\n * PKCE: Generate a code verifier\n */\n static generateCodeVerifier() {\n return _CryptoUtils.generateUUIDv4() + _CryptoUtils.generateUUIDv4() + _CryptoUtils.generateUUIDv4();\n }\n /**\n * PKCE: Generate a code challenge\n */\n static async generateCodeChallenge(code_verifier) {\n if (!crypto.subtle) {\n throw new Error(\"Crypto.subtle is available only in secure contexts (HTTPS).\");\n }\n try {\n const encoder = new TextEncoder();\n const data = encoder.encode(code_verifier);\n const hashed = await crypto.subtle.digest(\"SHA-256\", data);\n return toBase64(hashed).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n } catch (err) {\n Logger.error(\"CryptoUtils.generateCodeChallenge\", err);\n throw err;\n }\n }\n /**\n * Generates a base64-encoded string for a basic auth header\n */\n static generateBasicAuth(client_id, client_secret) {\n const encoder = new TextEncoder();\n const data = encoder.encode([client_id, client_secret].join(\":\"));\n return toBase64(data);\n }\n /**\n * Generates a hash of a string using a given algorithm\n * @param alg\n * @param message\n */\n static async hash(alg, message) {\n const msgUint8 = new TextEncoder().encode(message);\n const hashBuffer = await crypto.subtle.digest(alg, msgUint8);\n return new Uint8Array(hashBuffer);\n }\n /**\n * Generates a rfc7638 compliant jwk thumbprint\n * @param jwk\n */\n static async customCalculateJwkThumbprint(jwk) {\n let jsonObject;\n switch (jwk.kty) {\n case \"RSA\":\n jsonObject = {\n \"e\": jwk.e,\n \"kty\": jwk.kty,\n \"n\": jwk.n\n };\n break;\n case \"EC\":\n jsonObject = {\n \"crv\": jwk.crv,\n \"kty\": jwk.kty,\n \"x\": jwk.x,\n \"y\": jwk.y\n };\n break;\n case \"OKP\":\n jsonObject = {\n \"crv\": jwk.crv,\n \"kty\": jwk.kty,\n \"x\": jwk.x\n };\n break;\n case \"oct\":\n jsonObject = {\n \"crv\": jwk.k,\n \"kty\": jwk.kty\n };\n break;\n default:\n throw new Error(\"Unknown jwk type\");\n }\n const utf8encodedAndHashed = await _CryptoUtils.hash(\"SHA-256\", JSON.stringify(jsonObject));\n return _CryptoUtils.encodeBase64Url(utf8encodedAndHashed);\n }\n static async generateDPoPProof({\n url,\n accessToken,\n httpMethod,\n keyPair,\n nonce\n }) {\n let hashedToken;\n let encodedHash;\n const payload = {\n \"jti\": window.crypto.randomUUID(),\n \"htm\": httpMethod != null ? httpMethod : \"GET\",\n \"htu\": url,\n \"iat\": Math.floor(Date.now() / 1e3)\n };\n if (accessToken) {\n hashedToken = await _CryptoUtils.hash(\"SHA-256\", accessToken);\n encodedHash = _CryptoUtils.encodeBase64Url(hashedToken);\n payload.ath = encodedHash;\n }\n if (nonce) {\n payload.nonce = nonce;\n }\n try {\n const publicJwk = await crypto.subtle.exportKey(\"jwk\", keyPair.publicKey);\n const header = {\n \"alg\": \"ES256\",\n \"typ\": \"dpop+jwt\",\n \"jwk\": {\n \"crv\": publicJwk.crv,\n \"kty\": publicJwk.kty,\n \"x\": publicJwk.x,\n \"y\": publicJwk.y\n }\n };\n return await JwtUtils.generateSignedJwt(header, payload, keyPair.privateKey);\n } catch (err) {\n if (err instanceof TypeError) {\n throw new Error(`Error exporting dpop public key: ${err.message}`);\n } else {\n throw err;\n }\n }\n }\n static async generateDPoPJkt(keyPair) {\n try {\n const publicJwk = await crypto.subtle.exportKey(\"jwk\", keyPair.publicKey);\n return await _CryptoUtils.customCalculateJwkThumbprint(publicJwk);\n } catch (err) {\n if (err instanceof TypeError) {\n throw new Error(`Could not retrieve dpop keys from storage: ${err.message}`);\n } else {\n throw err;\n }\n }\n }\n static async generateDPoPKeys() {\n return await window.crypto.subtle.generateKey(\n {\n name: \"ECDSA\",\n namedCurve: \"P-256\"\n },\n false,\n [\"sign\", \"verify\"]\n );\n }\n /**\n * Generates a client assertion JWT for client_secret_jwt authentication\n * @param client_id The client identifier\n * @param client_secret The client secret\n * @param audience The token endpoint URL (audience)\n * @param algorithm The HMAC algorithm to use (HS256, HS384, HS512). Defaults to HS256\n */\n static async generateClientAssertionJwt(client_id, client_secret, audience, algorithm = \"HS256\") {\n const now = Math.floor(Date.now() / 1e3);\n const header = {\n \"alg\": algorithm,\n \"typ\": \"JWT\"\n };\n const payload = {\n \"iss\": client_id,\n \"sub\": client_id,\n \"aud\": audience,\n \"jti\": _CryptoUtils.generateUUIDv4(),\n \"exp\": now + 300,\n // 5 minutes\n \"iat\": now\n };\n const hashMap = {\n \"HS256\": \"SHA-256\",\n \"HS384\": \"SHA-384\",\n \"HS512\": \"SHA-512\"\n };\n const hashFunction = hashMap[algorithm];\n if (!hashFunction) {\n throw new Error(`Unsupported algorithm: ${algorithm}. Supported algorithms are: HS256, HS384, HS512`);\n }\n const encoder = new TextEncoder();\n const secretKey = await crypto.subtle.importKey(\n \"raw\",\n encoder.encode(client_secret),\n { name: \"HMAC\", hash: hashFunction },\n false,\n [\"sign\"]\n );\n return await JwtUtils.generateSignedJwtWithHmac(header, payload, secretKey);\n }\n};\n/**\n * Generates a base64url encoded string\n */\n_CryptoUtils.encodeBase64Url = (input) => {\n return toBase64(input).replace(/=/g, \"\").replace(/\\+/g, \"-\").replace(/\\//g, \"_\");\n};\nvar CryptoUtils = _CryptoUtils;\n\n// src/utils/Event.ts\nvar Event = class {\n constructor(_name) {\n this._name = _name;\n this._callbacks = [];\n this._logger = new Logger(`Event('${this._name}')`);\n }\n addHandler(cb) {\n this._callbacks.push(cb);\n return () => this.removeHandler(cb);\n }\n removeHandler(cb) {\n const idx = this._callbacks.lastIndexOf(cb);\n if (idx >= 0) {\n this._callbacks.splice(idx, 1);\n }\n }\n async raise(...ev) {\n this._logger.debug(\"raise:\", ...ev);\n for (const cb of this._callbacks) {\n await cb(...ev);\n }\n }\n};\n\n// src/utils/PopupUtils.ts\nvar PopupUtils = class {\n /**\n * Populates a map of window features with a placement centered in front of\n * the current window. If no explicit width is given, a default value is\n * binned into [800, 720, 600, 480, 360] based on the current window's width.\n */\n static center({ ...features }) {\n var _a, _b, _c;\n if (features.width == null)\n features.width = (_a = [800, 720, 600, 480].find((width) => width <= window.outerWidth / 1.618)) != null ? _a : 360;\n (_b = features.left) != null ? _b : features.left = Math.max(0, Math.round(window.screenX + (window.outerWidth - features.width) / 2));\n if (features.height != null)\n (_c = features.top) != null ? _c : features.top = Math.max(0, Math.round(window.screenY + (window.outerHeight - features.height) / 2));\n return features;\n }\n static serialize(features) {\n return Object.entries(features).filter(([, value]) => value != null).map(([key, value]) => `${key}=${typeof value !== \"boolean\" ? value : value ? \"yes\" : \"no\"}`).join(\",\");\n }\n};\n\n// src/utils/Timer.ts\nvar Timer = class _Timer extends Event {\n constructor() {\n super(...arguments);\n this._logger = new Logger(`Timer('${this._name}')`);\n this._timerHandle = null;\n this._expiration = 0;\n this._callback = () => {\n const diff = this._expiration - _Timer.getEpochTime();\n this._logger.debug(\"timer completes in\", diff);\n if (this._expiration <= _Timer.getEpochTime()) {\n this.cancel();\n void super.raise();\n }\n };\n }\n // get the time\n static getEpochTime() {\n return Math.floor(Date.now() / 1e3);\n }\n init(durationInSeconds) {\n const logger2 = this._logger.create(\"init\");\n durationInSeconds = Math.max(Math.floor(durationInSeconds), 1);\n const expiration = _Timer.getEpochTime() + durationInSeconds;\n if (this.expiration === expiration && this._timerHandle) {\n logger2.debug(\"skipping since already initialized for expiration at\", this.expiration);\n return;\n }\n this.cancel();\n logger2.debug(\"using duration\", durationInSeconds);\n this._expiration = expiration;\n const timerDurationInSeconds = Math.min(durationInSeconds, 5);\n this._timerHandle = setInterval(this._callback, timerDurationInSeconds * 1e3);\n }\n get expiration() {\n return this._expiration;\n }\n cancel() {\n this._logger.create(\"cancel\");\n if (this._timerHandle) {\n clearInterval(this._timerHandle);\n this._timerHandle = null;\n }\n }\n};\n\n// src/utils/UrlUtils.ts\nvar UrlUtils = class {\n static readParams(url, responseMode = \"query\") {\n if (!url) throw new TypeError(\"Invalid URL\");\n const parsedUrl = new URL(url, \"http://127.0.0.1\");\n const params = parsedUrl[responseMode === \"fragment\" ? \"hash\" : \"search\"];\n return new URLSearchParams(params.slice(1));\n }\n};\nvar URL_STATE_DELIMITER = \";\";\n\n// src/errors/ErrorResponse.ts\nvar ErrorResponse = class extends Error {\n constructor(args, form) {\n var _a, _b, _c;\n super(args.error_description || args.error || \"\");\n this.form = form;\n /** Marker to detect class: \"ErrorResponse\" */\n this.name = \"ErrorResponse\";\n if (!args.error) {\n Logger.error(\"ErrorResponse\", \"No error passed\");\n throw new Error(\"No error passed\");\n }\n this.error = args.error;\n this.error_description = (_a = args.error_description) != null ? _a : null;\n this.error_uri = (_b = args.error_uri) != null ? _b : null;\n this.state = args.userState;\n this.session_state = (_c = args.session_state) != null ? _c : null;\n this.url_state = args.url_state;\n }\n};\n\n// src/errors/ErrorTimeout.ts\nvar ErrorTimeout = class extends Error {\n constructor(message) {\n super(message);\n /** Marker to detect class: \"ErrorTimeout\" */\n this.name = \"ErrorTimeout\";\n }\n};\n\n// src/AccessTokenEvents.ts\nvar AccessTokenEvents = class {\n constructor(args) {\n this._logger = new Logger(\"AccessTokenEvents\");\n this._expiringTimer = new Timer(\"Access token expiring\");\n this._expiredTimer = new Timer(\"Access token expired\");\n this._expiringNotificationTimeInSeconds = args.expiringNotificationTimeInSeconds;\n }\n async load(container) {\n const logger2 = this._logger.create(\"load\");\n if (container.access_token && container.expires_in !== void 0) {\n const duration = container.expires_in;\n logger2.debug(\"access token present, remaining duration:\", duration);\n if (duration > 0) {\n let expiring = duration - this._expiringNotificationTimeInSeconds;\n if (expiring <= 0) {\n expiring = 1;\n }\n logger2.debug(\"registering expiring timer, raising in\", expiring, \"seconds\");\n this._expiringTimer.init(expiring);\n } else {\n logger2.debug(\"canceling existing expiring timer because we're past expiration.\");\n this._expiringTimer.cancel();\n }\n const expired = duration + 1;\n logger2.debug(\"registering expired timer, raising in\", expired, \"seconds\");\n this._expiredTimer.init(expired);\n } else {\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n }\n async unload() {\n this._logger.debug(\"unload: canceling existing access token timers\");\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n /**\n * Add callback: Raised prior to the access token expiring.\n */\n addAccessTokenExpiring(cb) {\n return this._expiringTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised prior to the access token expiring.\n */\n removeAccessTokenExpiring(cb) {\n this._expiringTimer.removeHandler(cb);\n }\n /**\n * Add callback: Raised after the access token has expired.\n */\n addAccessTokenExpired(cb) {\n return this._expiredTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised after the access token has expired.\n */\n removeAccessTokenExpired(cb) {\n this._expiredTimer.removeHandler(cb);\n }\n};\n\n// src/CheckSessionIFrame.ts\nvar CheckSessionIFrame = class {\n constructor(_callback, _client_id, url, _intervalInSeconds, _stopOnError) {\n this._callback = _callback;\n this._client_id = _client_id;\n this._intervalInSeconds = _intervalInSeconds;\n this._stopOnError = _stopOnError;\n this._logger = new Logger(\"CheckSessionIFrame\");\n this._timer = null;\n this._session_state = null;\n this._message = (e) => {\n if (e.origin === this._frame_origin && e.source === this._frame.contentWindow) {\n if (e.data === \"error\") {\n this._logger.error(\"error message from check session op iframe\");\n if (this._stopOnError) {\n this.stop();\n }\n } else if (e.data === \"changed\") {\n this._logger.debug(\"changed message from check session op iframe\");\n this.stop();\n void this._callback();\n } else {\n this._logger.debug(e.data + \" message from check session op iframe\");\n }\n }\n };\n const parsedUrl = new URL(url);\n this._frame_origin = parsedUrl.origin;\n this._frame = window.document.createElement(\"iframe\");\n this._frame.style.visibility = \"hidden\";\n this._frame.style.position = \"fixed\";\n this._frame.style.left = \"-1000px\";\n this._frame.style.top = \"0\";\n this._frame.width = \"0\";\n this._frame.height = \"0\";\n this._frame.src = parsedUrl.href;\n }\n load() {\n return new Promise((resolve) => {\n this._frame.onload = () => {\n resolve();\n };\n window.document.body.appendChild(this._frame);\n window.addEventListener(\"message\", this._message, false);\n });\n }\n start(session_state) {\n if (this._session_state === session_state) {\n return;\n }\n this._logger.create(\"start\");\n this.stop();\n this._session_state = session_state;\n const send = () => {\n if (!this._frame.contentWindow || !this._session_state) {\n return;\n }\n this._frame.contentWindow.postMessage(this._client_id + \" \" + this._session_state, this._frame_origin);\n };\n send();\n this._timer = setInterval(send, this._intervalInSeconds * 1e3);\n }\n stop() {\n this._logger.create(\"stop\");\n this._session_state = null;\n if (this._timer) {\n clearInterval(this._timer);\n this._timer = null;\n }\n }\n};\n\n// src/InMemoryWebStorage.ts\nvar InMemoryWebStorage = class {\n constructor() {\n this._logger = new Logger(\"InMemoryWebStorage\");\n this._data = {};\n }\n clear() {\n this._logger.create(\"clear\");\n this._data = {};\n }\n getItem(key) {\n this._logger.create(`getItem('${key}')`);\n return this._data[key];\n }\n setItem(key, value) {\n this._logger.create(`setItem('${key}')`);\n this._data[key] = value;\n }\n removeItem(key) {\n this._logger.create(`removeItem('${key}')`);\n delete this._data[key];\n }\n get length() {\n return Object.getOwnPropertyNames(this._data).length;\n }\n key(index) {\n return Object.getOwnPropertyNames(this._data)[index];\n }\n};\n\n// src/errors/ErrorDPoPNonce.ts\nvar ErrorDPoPNonce = class extends Error {\n constructor(nonce, message) {\n super(message);\n /** Marker to detect class: \"ErrorDPoPNonce\" */\n this.name = \"ErrorDPoPNonce\";\n this.nonce = nonce;\n }\n};\n\n// src/JsonService.ts\nvar JsonService = class {\n constructor(additionalContentTypes = [], _jwtHandler = null, _extraHeaders = {}) {\n this._jwtHandler = _jwtHandler;\n this._extraHeaders = _extraHeaders;\n this._logger = new Logger(\"JsonService\");\n this._contentTypes = [];\n this._contentTypes.push(...additionalContentTypes, \"application/json\");\n if (_jwtHandler) {\n this._contentTypes.push(\"application/jwt\");\n }\n }\n async fetchWithTimeout(input, init = {}) {\n const { timeoutInSeconds, ...initFetch } = init;\n if (!timeoutInSeconds) {\n return await fetch(input, initFetch);\n }\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeoutInSeconds * 1e3);\n try {\n const response = await fetch(input, {\n ...init,\n signal: controller.signal\n });\n return response;\n } catch (err) {\n if (err instanceof DOMException && err.name === \"AbortError\") {\n throw new ErrorTimeout(\"Network timed out\");\n }\n throw err;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n async getJson(url, {\n token,\n credentials,\n timeoutInSeconds\n } = {}) {\n const logger2 = this._logger.create(\"getJson\");\n const headers = {\n \"Accept\": this._contentTypes.join(\", \")\n };\n if (token) {\n logger2.debug(\"token passed, setting Authorization header\");\n headers[\"Authorization\"] = \"Bearer \" + token;\n }\n this._appendExtraHeaders(headers);\n let response;\n try {\n logger2.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"GET\", headers, timeoutInSeconds, credentials });\n } catch (err) {\n logger2.error(\"Network Error\");\n throw err;\n }\n logger2.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find((item) => contentType.startsWith(item))) {\n logger2.throw(new Error(`Invalid response Content-Type: ${contentType != null ? contentType : \"undefined\"}, from URL: ${url}`));\n }\n if (response.ok && this._jwtHandler && (contentType == null ? void 0 : contentType.startsWith(\"application/jwt\"))) {\n return await this._jwtHandler(await response.text());\n }\n let json;\n try {\n json = await response.json();\n } catch (err) {\n logger2.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n if (!response.ok) {\n logger2.error(\"Error from server:\", json);\n if (json.error) {\n throw new ErrorResponse(json);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n return json;\n }\n async postForm(url, {\n body,\n basicAuth,\n timeoutInSeconds,\n initCredentials,\n extraHeaders\n }) {\n const logger2 = this._logger.create(\"postForm\");\n const headers = {\n \"Accept\": this._contentTypes.join(\", \"),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n ...extraHeaders\n };\n if (basicAuth !== void 0) {\n headers[\"Authorization\"] = \"Basic \" + basicAuth;\n }\n this._appendExtraHeaders(headers);\n let response;\n try {\n logger2.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"POST\", headers, body, timeoutInSeconds, credentials: initCredentials });\n } catch (err) {\n logger2.error(\"Network error\");\n throw err;\n }\n logger2.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find((item) => contentType.startsWith(item))) {\n throw new Error(`Invalid response Content-Type: ${contentType != null ? contentType : \"undefined\"}, from URL: ${url}`);\n }\n const responseText = await response.text();\n let json = {};\n if (responseText) {\n try {\n json = JSON.parse(responseText);\n } catch (err) {\n logger2.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n }\n if (!response.ok) {\n logger2.error(\"Error from server:\", json);\n if (response.headers.has(\"dpop-nonce\")) {\n const nonce = response.headers.get(\"dpop-nonce\");\n throw new ErrorDPoPNonce(nonce, `${JSON.stringify(json)}`);\n }\n if (json.error) {\n throw new ErrorResponse(json, body);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n return json;\n }\n _appendExtraHeaders(headers) {\n const logger2 = this._logger.create(\"appendExtraHeaders\");\n const customKeys = Object.keys(this._extraHeaders);\n const protectedHeaders = [\n \"accept\",\n \"content-type\"\n ];\n const preventOverride = [\n \"authorization\"\n ];\n if (customKeys.length === 0) {\n return;\n }\n customKeys.forEach((headerName) => {\n if (protectedHeaders.includes(headerName.toLocaleLowerCase())) {\n logger2.warn(\"Protected header could not be set\", headerName, protectedHeaders);\n return;\n }\n if (preventOverride.includes(headerName.toLocaleLowerCase()) && Object.keys(headers).includes(headerName)) {\n logger2.warn(\"Header could not be overridden\", headerName, preventOverride);\n return;\n }\n const content = typeof this._extraHeaders[headerName] === \"function\" ? this._extraHeaders[headerName]() : this._extraHeaders[headerName];\n if (content && content !== \"\") {\n headers[headerName] = content;\n }\n });\n }\n};\n\n// src/MetadataService.ts\nvar MetadataService = class {\n constructor(_settings) {\n this._settings = _settings;\n this._logger = new Logger(\"MetadataService\");\n this._signingKeys = null;\n this._metadata = null;\n this._metadataUrl = this._settings.metadataUrl;\n this._jsonService = new JsonService(\n [\"application/jwk-set+json\"],\n null,\n this._settings.extraHeaders\n );\n if (this._settings.signingKeys) {\n this._logger.debug(\"using signingKeys from settings\");\n this._signingKeys = this._settings.signingKeys;\n }\n if (this._settings.metadata) {\n this._logger.debug(\"using metadata from settings\");\n this._metadata = this._settings.metadata;\n }\n if (this._settings.fetchRequestCredentials) {\n this._logger.debug(\"using fetchRequestCredentials from settings\");\n this._fetchRequestCredentials = this._settings.fetchRequestCredentials;\n }\n }\n resetSigningKeys() {\n this._signingKeys = null;\n }\n async getMetadata() {\n const logger2 = this._logger.create(\"getMetadata\");\n if (this._metadata) {\n logger2.debug(\"using cached values\");\n return this._metadata;\n }\n if (!this._metadataUrl) {\n logger2.throw(new Error(\"No authority or metadataUrl configured on settings\"));\n throw null;\n }\n logger2.debug(\"getting metadata from\", this._metadataUrl);\n const metadata = await this._jsonService.getJson(this._metadataUrl, { credentials: this._fetchRequestCredentials, timeoutInSeconds: this._settings.requestTimeoutInSeconds });\n logger2.debug(\"merging remote JSON with seed metadata\");\n this._metadata = Object.assign({}, metadata, this._settings.metadataSeed);\n return this._metadata;\n }\n getIssuer() {\n return this._getMetadataProperty(\"issuer\");\n }\n getAuthorizationEndpoint() {\n return this._getMetadataProperty(\"authorization_endpoint\");\n }\n getUserInfoEndpoint() {\n return this._getMetadataProperty(\"userinfo_endpoint\");\n }\n getTokenEndpoint(optional = true) {\n return this._getMetadataProperty(\"token_endpoint\", optional);\n }\n getCheckSessionIframe() {\n return this._getMetadataProperty(\"check_session_iframe\", true);\n }\n getEndSessionEndpoint() {\n return this._getMetadataProperty(\"end_session_endpoint\", true);\n }\n getRevocationEndpoint(optional = true) {\n return this._getMetadataProperty(\"revocation_endpoint\", optional);\n }\n getKeysEndpoint(optional = true) {\n return this._getMetadataProperty(\"jwks_uri\", optional);\n }\n async _getMetadataProperty(name, optional = false) {\n const logger2 = this._logger.create(`_getMetadataProperty('${name}')`);\n const metadata = await this.getMetadata();\n logger2.debug(\"resolved\");\n if (metadata[name] === void 0) {\n if (optional === true) {\n logger2.warn(\"Metadata does not contain optional property\");\n return void 0;\n }\n logger2.throw(new Error(\"Metadata does not contain property \" + name));\n }\n return metadata[name];\n }\n async getSigningKeys() {\n const logger2 = this._logger.create(\"getSigningKeys\");\n if (this._signingKeys) {\n logger2.debug(\"returning signingKeys from cache\");\n return this._signingKeys;\n }\n const jwks_uri = await this.getKeysEndpoint(false);\n logger2.debug(\"got jwks_uri\", jwks_uri);\n const keySet = await this._jsonService.getJson(jwks_uri, { timeoutInSeconds: this._settings.requestTimeoutInSeconds });\n logger2.debug(\"got key set\", keySet);\n if (!Array.isArray(keySet.keys)) {\n logger2.throw(new Error(\"Missing keys on keyset\"));\n throw null;\n }\n this._signingKeys = keySet.keys;\n return this._signingKeys;\n }\n};\n\n// src/WebStorageStateStore.ts\nvar WebStorageStateStore = class {\n constructor({\n prefix = \"oidc.\",\n store = localStorage\n } = {}) {\n this._logger = new Logger(\"WebStorageStateStore\");\n this._store = store;\n this._prefix = prefix;\n }\n async set(key, value) {\n this._logger.create(`set('${key}')`);\n key = this._prefix + key;\n await this._store.setItem(key, value);\n }\n async get(key) {\n this._logger.create(`get('${key}')`);\n key = this._prefix + key;\n const item = await this._store.getItem(key);\n return item;\n }\n async remove(key) {\n this._logger.create(`remove('${key}')`);\n key = this._prefix + key;\n const item = await this._store.getItem(key);\n await this._store.removeItem(key);\n return item;\n }\n async getAllKeys() {\n this._logger.create(\"getAllKeys\");\n const len = await this._store.length;\n const keys = [];\n for (let index = 0; index < len; index++) {\n const key = await this._store.key(index);\n if (key && key.indexOf(this._prefix) === 0) {\n keys.push(key.substr(this._prefix.length));\n }\n }\n return keys;\n }\n};\n\n// src/OidcClientSettings.ts\nvar DefaultResponseType = \"code\";\nvar DefaultScope = \"openid\";\nvar DefaultClientAuthentication = \"client_secret_post\";\nvar DefaultStaleStateAgeInSeconds = 60 * 15;\nvar OidcClientSettingsStore = class {\n constructor({\n // metadata related\n authority,\n metadataUrl,\n metadata,\n signingKeys,\n metadataSeed,\n // client related\n client_id,\n client_secret,\n response_type = DefaultResponseType,\n scope = DefaultScope,\n redirect_uri,\n post_logout_redirect_uri,\n client_authentication = DefaultClientAuthentication,\n token_endpoint_auth_signing_alg = \"HS256\",\n // optional protocol\n prompt,\n display,\n max_age,\n ui_locales,\n acr_values,\n resource,\n response_mode,\n // behavior flags\n filterProtocolClaims = true,\n loadUserInfo = false,\n requestTimeoutInSeconds,\n staleStateAgeInSeconds = DefaultStaleStateAgeInSeconds,\n mergeClaimsStrategy = { array: \"replace\" },\n disablePKCE = false,\n // other behavior\n stateStore,\n revokeTokenAdditionalContentTypes,\n fetchRequestCredentials,\n refreshTokenAllowedScope,\n // extra\n extraQueryParams = {},\n extraTokenParams = {},\n extraHeaders = {},\n dpop,\n omitScopeWhenRequesting = false\n }) {\n var _a;\n this.authority = authority;\n if (metadataUrl) {\n this.metadataUrl = metadataUrl;\n } else {\n this.metadataUrl = authority;\n if (authority) {\n if (!this.metadataUrl.endsWith(\"/\")) {\n this.metadataUrl += \"/\";\n }\n this.metadataUrl += \".well-known/openid-configuration\";\n }\n }\n this.metadata = metadata;\n this.metadataSeed = metadataSeed;\n this.signingKeys = signingKeys;\n this.client_id = client_id;\n this.client_secret = client_secret;\n this.response_type = response_type;\n this.scope = scope;\n this.redirect_uri = redirect_uri;\n this.post_logout_redirect_uri = post_logout_redirect_uri;\n this.client_authentication = client_authentication;\n this.token_endpoint_auth_signing_alg = token_endpoint_auth_signing_alg;\n this.prompt = prompt;\n this.display = display;\n this.max_age = max_age;\n this.ui_locales = ui_locales;\n this.acr_values = acr_values;\n this.resource = resource;\n this.response_mode = response_mode;\n this.filterProtocolClaims = filterProtocolClaims != null ? filterProtocolClaims : true;\n this.loadUserInfo = !!loadUserInfo;\n this.staleStateAgeInSeconds = staleStateAgeInSeconds;\n this.mergeClaimsStrategy = mergeClaimsStrategy;\n this.omitScopeWhenRequesting = omitScopeWhenRequesting;\n this.disablePKCE = !!disablePKCE;\n this.revokeTokenAdditionalContentTypes = revokeTokenAdditionalContentTypes;\n this.fetchRequestCredentials = fetchRequestCredentials ? fetchRequestCredentials : \"same-origin\";\n this.requestTimeoutInSeconds = requestTimeoutInSeconds;\n if (stateStore) {\n this.stateStore = stateStore;\n } else {\n const store = typeof window !== \"undefined\" ? window.localStorage : new InMemoryWebStorage();\n this.stateStore = new WebStorageStateStore({ store });\n }\n this.refreshTokenAllowedScope = refreshTokenAllowedScope;\n this.extraQueryParams = extraQueryParams;\n this.extraTokenParams = extraTokenParams;\n this.extraHeaders = extraHeaders;\n this.dpop = dpop;\n if (this.dpop && !((_a = this.dpop) == null ? void 0 : _a.store)) {\n throw new Error(\"A DPoPStore is required when dpop is enabled\");\n }\n }\n};\n\n// src/UserInfoService.ts\nvar UserInfoService = class {\n constructor(_settings, _metadataService) {\n this._settings = _settings;\n this._metadataService = _metadataService;\n this._logger = new Logger(\"UserInfoService\");\n this._getClaimsFromJwt = async (responseText) => {\n const logger2 = this._logger.create(\"_getClaimsFromJwt\");\n try {\n const payload = JwtUtils.decode(responseText);\n logger2.debug(\"JWT decoding successful\");\n return payload;\n } catch (err) {\n logger2.error(\"Error parsing JWT response\");\n throw err;\n }\n };\n this._jsonService = new JsonService(\n void 0,\n this._getClaimsFromJwt,\n this._settings.extraHeaders\n );\n }\n async getClaims(token) {\n const logger2 = this._logger.create(\"getClaims\");\n if (!token) {\n this._logger.throw(new Error(\"No token passed\"));\n }\n const url = await this._metadataService.getUserInfoEndpoint();\n logger2.debug(\"got userinfo url\", url);\n const claims = await this._jsonService.getJson(url, {\n token,\n credentials: this._settings.fetchRequestCredentials,\n timeoutInSeconds: this._settings.requestTimeoutInSeconds\n });\n logger2.debug(\"got claims\", claims);\n return claims;\n }\n};\n\n// src/TokenClient.ts\nvar TokenClient = class {\n constructor(_settings, _metadataService) {\n this._settings = _settings;\n this._metadataService = _metadataService;\n this._logger = new Logger(\"TokenClient\");\n this._jsonService = new JsonService(\n this._settings.revokeTokenAdditionalContentTypes,\n null,\n this._settings.extraHeaders\n );\n }\n /**\n * Exchange code.\n *\n * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3\n */\n async exchangeCode({\n grant_type = \"authorization_code\",\n redirect_uri = this._settings.redirect_uri,\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n extraHeaders,\n ...args\n }) {\n const logger2 = this._logger.create(\"exchangeCode\");\n if (!client_id) {\n logger2.throw(new Error(\"A client_id is required\"));\n }\n if (!redirect_uri) {\n logger2.throw(new Error(\"A redirect_uri is required\"));\n }\n if (!args.code) {\n logger2.throw(new Error(\"A code is required\"));\n }\n const params = new URLSearchParams({ grant_type, redirect_uri });\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n if ((this._settings.client_authentication === \"client_secret_basic\" || this._settings.client_authentication === \"client_secret_jwt\") && (client_secret === void 0 || client_secret === null)) {\n logger2.throw(new Error(\"A client_secret is required\"));\n throw null;\n }\n let basicAuth;\n const url = await this._metadataService.getTokenEndpoint(false);\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n case \"client_secret_jwt\": {\n const clientAssertion = await CryptoUtils.generateClientAssertionJwt(client_id, client_secret, url, this._settings.token_endpoint_auth_signing_alg);\n params.append(\"client_id\", client_id);\n params.append(\"client_assertion_type\", \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\");\n params.append(\"client_assertion\", clientAssertion);\n break;\n }\n }\n logger2.debug(\"got token endpoint\");\n const response = await this._jsonService.postForm(url, {\n body: params,\n basicAuth,\n timeoutInSeconds: this._settings.requestTimeoutInSeconds,\n initCredentials: this._settings.fetchRequestCredentials,\n extraHeaders\n });\n logger2.debug(\"got response\");\n return response;\n }\n /**\n * Exchange credentials.\n *\n * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.3.2\n */\n async exchangeCredentials({\n grant_type = \"password\",\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n scope = this._settings.scope,\n ...args\n }) {\n const logger2 = this._logger.create(\"exchangeCredentials\");\n if (!client_id) {\n logger2.throw(new Error(\"A client_id is required\"));\n }\n const params = new URLSearchParams({ grant_type });\n if (!this._settings.omitScopeWhenRequesting) {\n params.set(\"scope\", scope);\n }\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n if ((this._settings.client_authentication === \"client_secret_basic\" || this._settings.client_authentication === \"client_secret_jwt\") && (client_secret === void 0 || client_secret === null)) {\n logger2.throw(new Error(\"A client_secret is required\"));\n throw null;\n }\n let basicAuth;\n const url = await this._metadataService.getTokenEndpoint(false);\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n case \"client_secret_jwt\": {\n const clientAssertion = await CryptoUtils.generateClientAssertionJwt(client_id, client_secret, url, this._settings.token_endpoint_auth_signing_alg);\n params.append(\"client_id\", client_id);\n params.append(\"client_assertion_type\", \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\");\n params.append(\"client_assertion\", clientAssertion);\n break;\n }\n }\n logger2.debug(\"got token endpoint\");\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, timeoutInSeconds: this._settings.requestTimeoutInSeconds, initCredentials: this._settings.fetchRequestCredentials });\n logger2.debug(\"got response\");\n return response;\n }\n /**\n * Exchange a refresh token.\n *\n * @see https://www.rfc-editor.org/rfc/rfc6749#section-6\n */\n async exchangeRefreshToken({\n grant_type = \"refresh_token\",\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n timeoutInSeconds,\n extraHeaders,\n ...args\n }) {\n const logger2 = this._logger.create(\"exchangeRefreshToken\");\n if (!client_id) {\n logger2.throw(new Error(\"A client_id is required\"));\n }\n if (!args.refresh_token) {\n logger2.throw(new Error(\"A refresh_token is required\"));\n }\n const params = new URLSearchParams({ grant_type });\n for (const [key, value] of Object.entries(args)) {\n if (Array.isArray(value)) {\n value.forEach((param) => params.append(key, param));\n } else if (value != null) {\n params.set(key, value);\n }\n }\n if ((this._settings.client_authentication === \"client_secret_basic\" || this._settings.client_authentication === \"client_secret_jwt\") && (client_secret === void 0 || client_secret === null)) {\n logger2.throw(new Error(\"A client_secret is required\"));\n throw null;\n }\n let basicAuth;\n const url = await this._metadataService.getTokenEndpoint(false);\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n case \"client_secret_jwt\": {\n const clientAssertion = await CryptoUtils.generateClientAssertionJwt(client_id, client_secret, url, this._settings.token_endpoint_auth_signing_alg);\n params.append(\"client_id\", client_id);\n params.append(\"client_assertion_type\", \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\");\n params.append(\"client_assertion\", clientAssertion);\n break;\n }\n }\n logger2.debug(\"got token endpoint\");\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, timeoutInSeconds, initCredentials: this._settings.fetchRequestCredentials, extraHeaders });\n logger2.debug(\"got response\");\n return response;\n }\n /**\n * Revoke an access or refresh token.\n *\n * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1\n */\n async revoke(args) {\n var _a;\n const logger2 = this._logger.create(\"revoke\");\n if (!args.token) {\n logger2.throw(new Error(\"A token is required\"));\n }\n const url = await this._metadataService.getRevocationEndpoint(false);\n logger2.debug(`got revocation endpoint, revoking ${(_a = args.token_type_hint) != null ? _a : \"default token type\"}`);\n const params = new URLSearchParams();\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n params.set(\"client_id\", this._settings.client_id);\n if (this._settings.client_secret) {\n params.set(\"client_secret\", this._settings.client_secret);\n }\n await this._jsonService.postForm(url, { body: params, timeoutInSeconds: this._settings.requestTimeoutInSeconds });\n logger2.debug(\"got response\");\n }\n};\n\n// src/ResponseValidator.ts\nvar ResponseValidator = class {\n constructor(_settings, _metadataService, _claimsService) {\n this._settings = _settings;\n this._metadataService = _metadataService;\n this._claimsService = _claimsService;\n this._logger = new Logger(\"ResponseValidator\");\n this._userInfoService = new UserInfoService(this._settings, this._metadataService);\n this._tokenClient = new TokenClient(this._settings, this._metadataService);\n }\n async validateSigninResponse(response, state, extraHeaders) {\n const logger2 = this._logger.create(\"validateSigninResponse\");\n this._processSigninState(response, state);\n logger2.debug(\"state processed\");\n await this._processCode(response, state, extraHeaders);\n logger2.debug(\"code processed\");\n if (response.isOpenId) {\n this._validateIdTokenAttributes(response, \"\", state.nonce);\n }\n logger2.debug(\"tokens validated\");\n await this._processClaims(response, state == null ? void 0 : state.skipUserInfo, response.isOpenId);\n logger2.debug(\"claims processed\");\n }\n async validateCredentialsResponse(response, skipUserInfo) {\n const logger2 = this._logger.create(\"validateCredentialsResponse\");\n const shouldValidateSubClaim = response.isOpenId && !!response.id_token;\n if (shouldValidateSubClaim) {\n this._validateIdTokenAttributes(response);\n }\n logger2.debug(\"tokens validated\");\n await this._processClaims(response, skipUserInfo, shouldValidateSubClaim);\n logger2.debug(\"claims processed\");\n }\n async validateRefreshResponse(response, state) {\n var _a, _b;\n const logger2 = this._logger.create(\"validateRefreshResponse\");\n response.userState = state.data;\n (_a = response.session_state) != null ? _a : response.session_state = state.session_state;\n (_b = response.scope) != null ? _b : response.scope = state.scope;\n if (response.isOpenId && !!response.id_token) {\n this._validateIdTokenAttributes(response, state.id_token);\n logger2.debug(\"ID Token validated\");\n }\n if (!response.id_token) {\n response.id_token = state.id_token;\n response.profile = state.profile;\n }\n const hasIdToken = response.isOpenId && !!response.id_token;\n await this._processClaims(response, false, hasIdToken);\n logger2.debug(\"claims processed\");\n }\n validateSignoutResponse(response, state) {\n const logger2 = this._logger.create(\"validateSignoutResponse\");\n if (state.id !== response.state) {\n logger2.throw(new Error(\"State does not match\"));\n }\n logger2.debug(\"state validated\");\n response.userState = state.data;\n if (response.error) {\n logger2.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n }\n _processSigninState(response, state) {\n var _a;\n const logger2 = this._logger.create(\"_processSigninState\");\n if (state.id !== response.state) {\n logger2.throw(new Error(\"State does not match\"));\n }\n if (!state.client_id) {\n logger2.throw(new Error(\"No client_id on state\"));\n }\n if (!state.authority) {\n logger2.throw(new Error(\"No authority on state\"));\n }\n if (this._settings.authority !== state.authority) {\n logger2.throw(new Error(\"authority mismatch on settings vs. signin state\"));\n }\n if (this._settings.client_id && this._settings.client_id !== state.client_id) {\n logger2.throw(new Error(\"client_id mismatch on settings vs. signin state\"));\n }\n logger2.debug(\"state validated\");\n response.userState = state.data;\n response.url_state = state.url_state;\n (_a = response.scope) != null ? _a : response.scope = state.scope;\n if (response.error) {\n logger2.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n if (state.code_verifier && !response.code) {\n logger2.throw(new Error(\"Expected code in response\"));\n }\n }\n async _processClaims(response, skipUserInfo = false, validateSub = true) {\n const logger2 = this._logger.create(\"_processClaims\");\n response.profile = this._claimsService.filterProtocolClaims(response.profile);\n if (skipUserInfo || !this._settings.loadUserInfo || !response.access_token) {\n logger2.debug(\"not loading user info\");\n return;\n }\n logger2.debug(\"loading user info\");\n const claims = await this._userInfoService.getClaims(response.access_token);\n logger2.debug(\"user info claims received from user info endpoint\");\n if (validateSub && claims.sub !== response.profile.sub) {\n logger2.throw(new Error(\"subject from UserInfo response does not match subject in ID Token\"));\n }\n response.profile = this._claimsService.mergeClaims(response.profile, this._claimsService.filterProtocolClaims(claims));\n logger2.debug(\"user info claims received, updated profile:\", response.profile);\n }\n async _processCode(response, state, extraHeaders) {\n const logger2 = this._logger.create(\"_processCode\");\n if (response.code) {\n logger2.debug(\"Validating code\");\n const tokenResponse = await this._tokenClient.exchangeCode({\n client_id: state.client_id,\n client_secret: state.client_secret,\n code: response.code,\n redirect_uri: state.redirect_uri,\n code_verifier: state.code_verifier,\n extraHeaders,\n ...state.extraTokenParams\n });\n Object.assign(response, tokenResponse);\n } else {\n logger2.debug(\"No code to process\");\n }\n }\n _validateIdTokenAttributes(response, existingToken, nonce) {\n var _a;\n const logger2 = this._logger.create(\"_validateIdTokenAttributes\");\n logger2.debug(\"decoding ID Token JWT\");\n const incoming = JwtUtils.decode((_a = response.id_token) != null ? _a : \"\");\n if (!incoming.sub) {\n logger2.throw(new Error(\"ID Token is missing a subject claim\"));\n }\n if (nonce && incoming.nonce !== nonce) {\n logger2.throw(new Error(\"nonce in id_token does not match nonce in client storage\"));\n }\n if (existingToken) {\n const existing = JwtUtils.decode(existingToken);\n if (incoming.sub !== existing.sub) {\n logger2.throw(new Error(\"sub in id_token does not match current sub\"));\n }\n if (incoming.auth_time && incoming.auth_time !== existing.auth_time) {\n logger2.throw(new Error(\"auth_time in id_token does not match original auth_time\"));\n }\n if (incoming.azp && incoming.azp !== existing.azp) {\n logger2.throw(new Error(\"azp in id_token does not match original azp\"));\n }\n if (!incoming.azp && existing.azp) {\n logger2.throw(new Error(\"azp not in id_token, but present in original id_token\"));\n }\n }\n response.profile = incoming;\n }\n};\n\n// src/State.ts\nvar State = class _State {\n constructor(args) {\n this.id = args.id || CryptoUtils.generateUUIDv4();\n this.data = args.data;\n if (args.created && args.created > 0) {\n this.created = args.created;\n } else {\n this.created = Timer.getEpochTime();\n }\n this.request_type = args.request_type;\n this.url_state = args.url_state;\n }\n toStorageString() {\n new Logger(\"State\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n url_state: this.url_state\n });\n }\n static fromStorageString(storageString) {\n Logger.createStatic(\"State\", \"fromStorageString\");\n return Promise.resolve(new _State(JSON.parse(storageString)));\n }\n static async clearStaleState(storage, age) {\n const logger2 = Logger.createStatic(\"State\", \"clearStaleState\");\n const cutoff = Timer.getEpochTime() - age;\n const keys = await storage.getAllKeys();\n logger2.debug(\"got keys\", keys);\n for (let i = 0; i < keys.length; i++) {\n const key = keys[i];\n const item = await storage.get(key);\n let remove = false;\n if (item) {\n try {\n const state = await _State.fromStorageString(item);\n logger2.debug(\"got item from key:\", key, state.created);\n if (state.created <= cutoff) {\n remove = true;\n }\n } catch (err) {\n logger2.error(\"Error parsing state for key:\", key, err);\n remove = true;\n }\n } else {\n logger2.debug(\"no item in storage for key:\", key);\n remove = true;\n }\n if (remove) {\n logger2.debug(\"removed item for key:\", key);\n void storage.remove(key);\n }\n }\n }\n};\n\n// src/SigninState.ts\nvar SigninState = class _SigninState extends State {\n constructor(args) {\n super(args);\n this.code_verifier = args.code_verifier;\n this.code_challenge = args.code_challenge;\n this.authority = args.authority;\n this.client_id = args.client_id;\n this.redirect_uri = args.redirect_uri;\n this.scope = args.scope;\n this.client_secret = args.client_secret;\n this.extraTokenParams = args.extraTokenParams;\n this.response_mode = args.response_mode;\n this.skipUserInfo = args.skipUserInfo;\n this.nonce = args.nonce;\n }\n static async create(args) {\n const code_verifier = args.code_verifier === true ? CryptoUtils.generateCodeVerifier() : args.code_verifier || void 0;\n const code_challenge = code_verifier ? await CryptoUtils.generateCodeChallenge(code_verifier) : void 0;\n return new _SigninState({\n ...args,\n code_verifier,\n code_challenge\n });\n }\n toStorageString() {\n new Logger(\"SigninState\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n url_state: this.url_state,\n code_verifier: this.code_verifier,\n authority: this.authority,\n client_id: this.client_id,\n redirect_uri: this.redirect_uri,\n scope: this.scope,\n client_secret: this.client_secret,\n extraTokenParams: this.extraTokenParams,\n response_mode: this.response_mode,\n skipUserInfo: this.skipUserInfo,\n nonce: this.nonce\n });\n }\n static fromStorageString(storageString) {\n Logger.createStatic(\"SigninState\", \"fromStorageString\");\n const data = JSON.parse(storageString);\n return _SigninState.create(data);\n }\n};\n\n// src/SigninRequest.ts\nvar _SigninRequest = class _SigninRequest {\n constructor(args) {\n this.url = args.url;\n this.state = args.state;\n }\n static async create({\n // mandatory\n url,\n authority,\n client_id,\n redirect_uri,\n response_type,\n scope,\n // optional\n state_data,\n response_mode,\n request_type,\n client_secret,\n nonce,\n url_state,\n resource,\n skipUserInfo,\n extraQueryParams,\n extraTokenParams,\n disablePKCE,\n dpopJkt,\n omitScopeWhenRequesting,\n ...optionalParams\n }) {\n if (!url) {\n this._logger.error(\"create: No url passed\");\n throw new Error(\"url\");\n }\n if (!client_id) {\n this._logger.error(\"create: No client_id passed\");\n throw new Error(\"client_id\");\n }\n if (!redirect_uri) {\n this._logger.error(\"create: No redirect_uri passed\");\n throw new Error(\"redirect_uri\");\n }\n if (!response_type) {\n this._logger.error(\"create: No response_type passed\");\n throw new Error(\"response_type\");\n }\n if (!scope) {\n this._logger.error(\"create: No scope passed\");\n throw new Error(\"scope\");\n }\n if (!authority) {\n this._logger.error(\"create: No authority passed\");\n throw new Error(\"authority\");\n }\n const state = await SigninState.create({\n data: state_data,\n request_type,\n url_state,\n code_verifier: !disablePKCE,\n client_id,\n authority,\n redirect_uri,\n response_mode,\n client_secret,\n scope,\n extraTokenParams,\n skipUserInfo,\n nonce\n });\n const parsedUrl = new URL(url);\n parsedUrl.searchParams.append(\"client_id\", client_id);\n parsedUrl.searchParams.append(\"redirect_uri\", redirect_uri);\n parsedUrl.searchParams.append(\"response_type\", response_type);\n if (!omitScopeWhenRequesting) {\n parsedUrl.searchParams.append(\"scope\", scope);\n }\n if (nonce) {\n parsedUrl.searchParams.append(\"nonce\", nonce);\n }\n if (dpopJkt) {\n parsedUrl.searchParams.append(\"dpop_jkt\", dpopJkt);\n }\n let stateParam = state.id;\n if (url_state) {\n stateParam = `${stateParam}${URL_STATE_DELIMITER}${url_state}`;\n }\n parsedUrl.searchParams.append(\"state\", stateParam);\n if (state.code_challenge) {\n parsedUrl.searchParams.append(\"code_challenge\", state.code_challenge);\n parsedUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n }\n if (resource) {\n const resources = Array.isArray(resource) ? resource : [resource];\n resources.forEach((r) => parsedUrl.searchParams.append(\"resource\", r));\n }\n for (const [key, value] of Object.entries({ response_mode, ...optionalParams, ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n return new _SigninRequest({\n url: parsedUrl.href,\n state\n });\n }\n};\n_SigninRequest._logger = new Logger(\"SigninRequest\");\nvar SigninRequest = _SigninRequest;\n\n// src/SigninResponse.ts\nvar OidcScope = \"openid\";\nvar SigninResponse = class {\n constructor(params) {\n /** @see {@link User.access_token} */\n this.access_token = \"\";\n /** @see {@link User.token_type} */\n this.token_type = \"\";\n /** @see {@link User.profile} */\n this.profile = {};\n this.state = params.get(\"state\");\n this.session_state = params.get(\"session_state\");\n if (this.state) {\n const splitState = decodeURIComponent(this.state).split(URL_STATE_DELIMITER);\n this.state = splitState[0];\n if (splitState.length > 1) {\n this.url_state = splitState.slice(1).join(URL_STATE_DELIMITER);\n }\n }\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n this.code = params.get(\"code\");\n }\n get expires_in() {\n if (this.expires_at === void 0) {\n return void 0;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n set expires_in(value) {\n if (typeof value === \"string\") value = Number(value);\n if (value !== void 0 && value >= 0) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n get isOpenId() {\n var _a;\n return ((_a = this.scope) == null ? void 0 : _a.split(\" \").includes(OidcScope)) || !!this.id_token;\n }\n};\n\n// src/SignoutRequest.ts\nvar SignoutRequest = class {\n constructor({\n url,\n state_data,\n id_token_hint,\n post_logout_redirect_uri,\n extraQueryParams,\n request_type,\n client_id,\n url_state\n }) {\n this._logger = new Logger(\"SignoutRequest\");\n if (!url) {\n this._logger.error(\"ctor: No url passed\");\n throw new Error(\"url\");\n }\n const parsedUrl = new URL(url);\n if (id_token_hint) {\n parsedUrl.searchParams.append(\"id_token_hint\", id_token_hint);\n }\n if (client_id) {\n parsedUrl.searchParams.append(\"client_id\", client_id);\n }\n if (post_logout_redirect_uri) {\n parsedUrl.searchParams.append(\"post_logout_redirect_uri\", post_logout_redirect_uri);\n if (state_data || url_state) {\n this.state = new State({ data: state_data, request_type, url_state });\n let stateParam = this.state.id;\n if (url_state) {\n stateParam = `${stateParam}${URL_STATE_DELIMITER}${url_state}`;\n }\n parsedUrl.searchParams.append(\"state\", stateParam);\n }\n }\n for (const [key, value] of Object.entries({ ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n this.url = parsedUrl.href;\n }\n};\n\n// src/SignoutResponse.ts\nvar SignoutResponse = class {\n constructor(params) {\n this.state = params.get(\"state\");\n if (this.state) {\n const splitState = decodeURIComponent(this.state).split(URL_STATE_DELIMITER);\n this.state = splitState[0];\n if (splitState.length > 1) {\n this.url_state = splitState.slice(1).join(URL_STATE_DELIMITER);\n }\n }\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n }\n};\n\n// src/ClaimsService.ts\nvar DefaultProtocolClaims = [\n \"nbf\",\n \"jti\",\n \"auth_time\",\n \"nonce\",\n \"acr\",\n \"amr\",\n \"azp\",\n \"at_hash\"\n // https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken\n];\nvar InternalRequiredProtocolClaims = [\"sub\", \"iss\", \"aud\", \"exp\", \"iat\"];\nvar ClaimsService = class {\n constructor(_settings) {\n this._settings = _settings;\n this._logger = new Logger(\"ClaimsService\");\n }\n filterProtocolClaims(claims) {\n const result = { ...claims };\n if (this._settings.filterProtocolClaims) {\n let protocolClaims;\n if (Array.isArray(this._settings.filterProtocolClaims)) {\n protocolClaims = this._settings.filterProtocolClaims;\n } else {\n protocolClaims = DefaultProtocolClaims;\n }\n for (const claim of protocolClaims) {\n if (!InternalRequiredProtocolClaims.includes(claim)) {\n delete result[claim];\n }\n }\n }\n return result;\n }\n mergeClaims(claims1, claims2) {\n const result = { ...claims1 };\n for (const [claim, values] of Object.entries(claims2)) {\n if (result[claim] !== values) {\n if (Array.isArray(result[claim]) || Array.isArray(values)) {\n if (this._settings.mergeClaimsStrategy.array == \"replace\") {\n result[claim] = values;\n } else {\n const mergedValues = Array.isArray(result[claim]) ? result[claim] : [result[claim]];\n for (const value of Array.isArray(values) ? values : [values]) {\n if (!mergedValues.includes(value)) {\n mergedValues.push(value);\n }\n }\n result[claim] = mergedValues;\n }\n } else if (typeof result[claim] === \"object\" && typeof values === \"object\") {\n result[claim] = this.mergeClaims(result[claim], values);\n } else {\n result[claim] = values;\n }\n }\n }\n return result;\n }\n};\n\n// src/DPoPStore.ts\nvar DPoPState = class {\n constructor(keys, nonce) {\n this.keys = keys;\n this.nonce = nonce;\n }\n};\n\n// src/OidcClient.ts\nvar OidcClient = class {\n constructor(settings, metadataService) {\n this._logger = new Logger(\"OidcClient\");\n this.settings = settings instanceof OidcClientSettingsStore ? settings : new OidcClientSettingsStore(settings);\n this.metadataService = metadataService != null ? metadataService : new MetadataService(this.settings);\n this._claimsService = new ClaimsService(this.settings);\n this._validator = new ResponseValidator(this.settings, this.metadataService, this._claimsService);\n this._tokenClient = new TokenClient(this.settings, this.metadataService);\n }\n async createSigninRequest({\n state,\n request,\n request_uri,\n request_type,\n id_token_hint,\n login_hint,\n skipUserInfo,\n nonce,\n url_state,\n response_type = this.settings.response_type,\n scope = this.settings.scope,\n redirect_uri = this.settings.redirect_uri,\n prompt = this.settings.prompt,\n display = this.settings.display,\n max_age = this.settings.max_age,\n ui_locales = this.settings.ui_locales,\n acr_values = this.settings.acr_values,\n resource = this.settings.resource,\n response_mode = this.settings.response_mode,\n extraQueryParams = this.settings.extraQueryParams,\n extraTokenParams = this.settings.extraTokenParams,\n dpopJkt,\n omitScopeWhenRequesting = this.settings.omitScopeWhenRequesting\n }) {\n const logger2 = this._logger.create(\"createSigninRequest\");\n if (response_type !== \"code\") {\n throw new Error(\"Only the Authorization Code flow (with PKCE) is supported\");\n }\n const url = await this.metadataService.getAuthorizationEndpoint();\n logger2.debug(\"Received authorization endpoint\", url);\n const signinRequest = await SigninRequest.create({\n url,\n authority: this.settings.authority,\n client_id: this.settings.client_id,\n redirect_uri,\n response_type,\n scope,\n state_data: state,\n url_state,\n prompt,\n display,\n max_age,\n ui_locales,\n id_token_hint,\n login_hint,\n acr_values,\n dpopJkt,\n resource,\n request,\n request_uri,\n extraQueryParams,\n extraTokenParams,\n request_type,\n response_mode,\n client_secret: this.settings.client_secret,\n skipUserInfo,\n nonce,\n disablePKCE: this.settings.disablePKCE,\n omitScopeWhenRequesting\n });\n await this.clearStaleState();\n const signinState = signinRequest.state;\n await this.settings.stateStore.set(signinState.id, signinState.toStorageString());\n return signinRequest;\n }\n async readSigninResponseState(url, removeState = false) {\n const logger2 = this._logger.create(\"readSigninResponseState\");\n const response = new SigninResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger2.throw(new Error(\"No state in response\"));\n throw null;\n }\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger2.throw(new Error(\"No matching state found in storage\"));\n throw null;\n }\n const state = await SigninState.fromStorageString(storedStateString);\n return { state, response };\n }\n async processSigninResponse(url, extraHeaders, removeState = true) {\n const logger2 = this._logger.create(\"processSigninResponse\");\n const { state, response } = await this.readSigninResponseState(url, removeState);\n logger2.debug(\"received state from storage; validating response\");\n if (this.settings.dpop && this.settings.dpop.store) {\n const dpopProof = await this.getDpopProof(this.settings.dpop.store);\n extraHeaders = { ...extraHeaders, \"DPoP\": dpopProof };\n }\n try {\n await this._validator.validateSigninResponse(response, state, extraHeaders);\n } catch (err) {\n if (err instanceof ErrorDPoPNonce && this.settings.dpop) {\n const dpopProof = await this.getDpopProof(this.settings.dpop.store, err.nonce);\n extraHeaders[\"DPoP\"] = dpopProof;\n await this._validator.validateSigninResponse(response, state, extraHeaders);\n } else {\n throw err;\n }\n }\n return response;\n }\n async getDpopProof(dpopStore, nonce) {\n let keyPair;\n let dpopState;\n if (!(await dpopStore.getAllKeys()).includes(this.settings.client_id)) {\n keyPair = await CryptoUtils.generateDPoPKeys();\n dpopState = new DPoPState(keyPair, nonce);\n await dpopStore.set(this.settings.client_id, dpopState);\n } else {\n dpopState = await dpopStore.get(this.settings.client_id);\n if (dpopState.nonce !== nonce && nonce) {\n dpopState.nonce = nonce;\n await dpopStore.set(this.settings.client_id, dpopState);\n }\n }\n return await CryptoUtils.generateDPoPProof({\n url: await this.metadataService.getTokenEndpoint(false),\n httpMethod: \"POST\",\n keyPair: dpopState.keys,\n nonce: dpopState.nonce\n });\n }\n async processResourceOwnerPasswordCredentials({\n username,\n password,\n skipUserInfo = false,\n extraTokenParams = {}\n }) {\n const tokenResponse = await this._tokenClient.exchangeCredentials({ username, password, ...extraTokenParams });\n const signinResponse = new SigninResponse(new URLSearchParams());\n Object.assign(signinResponse, tokenResponse);\n await this._validator.validateCredentialsResponse(signinResponse, skipUserInfo);\n return signinResponse;\n }\n async useRefreshToken({\n state,\n redirect_uri,\n resource,\n timeoutInSeconds,\n extraHeaders,\n extraTokenParams\n }) {\n var _a;\n const logger2 = this._logger.create(\"useRefreshToken\");\n let scope;\n if (this.settings.refreshTokenAllowedScope === void 0) {\n scope = state.scope;\n } else {\n const allowableScopes = this.settings.refreshTokenAllowedScope.split(\" \");\n const providedScopes = ((_a = state.scope) == null ? void 0 : _a.split(\" \")) || [];\n scope = providedScopes.filter((s) => allowableScopes.includes(s)).join(\" \");\n }\n if (this.settings.dpop && this.settings.dpop.store) {\n const dpopProof = await this.getDpopProof(this.settings.dpop.store);\n extraHeaders = { ...extraHeaders, \"DPoP\": dpopProof };\n }\n let result;\n try {\n result = await this._tokenClient.exchangeRefreshToken({\n refresh_token: state.refresh_token,\n // provide the (possible filtered) scope list\n scope,\n redirect_uri,\n resource,\n timeoutInSeconds,\n extraHeaders,\n ...extraTokenParams\n });\n } catch (err) {\n if (err instanceof ErrorDPoPNonce && this.settings.dpop) {\n extraHeaders[\"DPoP\"] = await this.getDpopProof(this.settings.dpop.store, err.nonce);\n result = await this._tokenClient.exchangeRefreshToken({\n refresh_token: state.refresh_token,\n // provide the (possible filtered) scope list\n scope,\n redirect_uri,\n resource,\n timeoutInSeconds,\n extraHeaders,\n ...extraTokenParams\n });\n } else {\n throw err;\n }\n }\n const response = new SigninResponse(new URLSearchParams());\n Object.assign(response, result);\n logger2.debug(\"validating response\", response);\n await this._validator.validateRefreshResponse(response, {\n ...state,\n // override the scope in the state handed over to the validator\n // so it can set the granted scope to the requested scope in case none is included in the response\n scope\n });\n return response;\n }\n async createSignoutRequest({\n state,\n id_token_hint,\n client_id,\n request_type,\n url_state,\n post_logout_redirect_uri = this.settings.post_logout_redirect_uri,\n extraQueryParams = this.settings.extraQueryParams\n } = {}) {\n const logger2 = this._logger.create(\"createSignoutRequest\");\n const url = await this.metadataService.getEndSessionEndpoint();\n if (!url) {\n logger2.throw(new Error(\"No end session endpoint\"));\n throw null;\n }\n logger2.debug(\"Received end session endpoint\", url);\n if (!client_id && post_logout_redirect_uri && !id_token_hint) {\n client_id = this.settings.client_id;\n }\n const request = new SignoutRequest({\n url,\n id_token_hint,\n client_id,\n post_logout_redirect_uri,\n state_data: state,\n extraQueryParams,\n request_type,\n url_state\n });\n await this.clearStaleState();\n const signoutState = request.state;\n if (signoutState) {\n logger2.debug(\"Signout request has state to persist\");\n await this.settings.stateStore.set(signoutState.id, signoutState.toStorageString());\n }\n return request;\n }\n async readSignoutResponseState(url, removeState = false) {\n const logger2 = this._logger.create(\"readSignoutResponseState\");\n const response = new SignoutResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger2.debug(\"No state in response\");\n if (response.error) {\n logger2.warn(\"Response was error:\", response.error);\n throw new ErrorResponse(response);\n }\n return { state: void 0, response };\n }\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger2.throw(new Error(\"No matching state found in storage\"));\n throw null;\n }\n const state = await State.fromStorageString(storedStateString);\n return { state, response };\n }\n async processSignoutResponse(url) {\n const logger2 = this._logger.create(\"processSignoutResponse\");\n const { state, response } = await this.readSignoutResponseState(url, true);\n if (state) {\n logger2.debug(\"Received state from storage; validating response\");\n this._validator.validateSignoutResponse(response, state);\n } else {\n logger2.debug(\"No state from storage; skipping response validation\");\n }\n return response;\n }\n clearStaleState() {\n this._logger.create(\"clearStaleState\");\n return State.clearStaleState(this.settings.stateStore, this.settings.staleStateAgeInSeconds);\n }\n async revokeToken(token, type) {\n this._logger.create(\"revokeToken\");\n return await this._tokenClient.revoke({\n token,\n token_type_hint: type\n });\n }\n};\n\n// src/SessionMonitor.ts\nvar SessionMonitor = class {\n constructor(_userManager) {\n this._userManager = _userManager;\n this._logger = new Logger(\"SessionMonitor\");\n this._start = async (user) => {\n const session_state = user.session_state;\n if (!session_state) {\n return;\n }\n const logger2 = this._logger.create(\"_start\");\n if (user.profile) {\n this._sub = user.profile.sub;\n logger2.debug(\"session_state\", session_state, \", sub\", this._sub);\n } else {\n this._sub = void 0;\n logger2.debug(\"session_state\", session_state, \", anonymous user\");\n }\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.start(session_state);\n return;\n }\n try {\n const url = await this._userManager.metadataService.getCheckSessionIframe();\n if (url) {\n logger2.debug(\"initializing check session iframe\");\n const client_id = this._userManager.settings.client_id;\n const intervalInSeconds = this._userManager.settings.checkSessionIntervalInSeconds;\n const stopOnError = this._userManager.settings.stopCheckSessionOnError;\n const checkSessionIFrame = new CheckSessionIFrame(this._callback, client_id, url, intervalInSeconds, stopOnError);\n await checkSessionIFrame.load();\n this._checkSessionIFrame = checkSessionIFrame;\n checkSessionIFrame.start(session_state);\n } else {\n logger2.warn(\"no check session iframe found in the metadata\");\n }\n } catch (err) {\n logger2.error(\"Error from getCheckSessionIframe:\", err instanceof Error ? err.message : err);\n }\n };\n this._stop = () => {\n const logger2 = this._logger.create(\"_stop\");\n this._sub = void 0;\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.stop();\n }\n if (this._userManager.settings.monitorAnonymousSession) {\n const timerHandle = setInterval(async () => {\n clearInterval(timerHandle);\n try {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub ? {\n sub: session.sub\n } : null\n };\n void this._start(tmpUser);\n }\n } catch (err) {\n logger2.error(\"error from querySessionStatus\", err instanceof Error ? err.message : err);\n }\n }, 1e3);\n }\n };\n this._callback = async () => {\n const logger2 = this._logger.create(\"_callback\");\n try {\n const session = await this._userManager.querySessionStatus();\n let raiseEvent = true;\n if (session && this._checkSessionIFrame) {\n if (session.sub === this._sub) {\n raiseEvent = false;\n this._checkSessionIFrame.start(session.session_state);\n logger2.debug(\"same sub still logged in at OP, session state has changed, restarting check session iframe; session_state\", session.session_state);\n await this._userManager.events._raiseUserSessionChanged();\n } else {\n logger2.debug(\"different subject signed into OP\", session.sub);\n }\n } else {\n logger2.debug(\"subject no longer signed into OP\");\n }\n if (raiseEvent) {\n if (this._sub) {\n await this._userManager.events._raiseUserSignedOut();\n } else {\n await this._userManager.events._raiseUserSignedIn();\n }\n } else {\n logger2.debug(\"no change in session detected, no event to raise\");\n }\n } catch (err) {\n if (this._sub) {\n logger2.debug(\"Error calling queryCurrentSigninSession; raising signed out event\", err);\n await this._userManager.events._raiseUserSignedOut();\n }\n }\n };\n if (!_userManager) {\n this._logger.throw(new Error(\"No user manager passed\"));\n }\n this._userManager.events.addUserLoaded(this._start);\n this._userManager.events.addUserUnloaded(this._stop);\n this._init().catch((err) => {\n this._logger.error(err);\n });\n }\n async _init() {\n this._logger.create(\"_init\");\n const user = await this._userManager.getUser();\n if (user) {\n void this._start(user);\n } else if (this._userManager.settings.monitorAnonymousSession) {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub ? {\n sub: session.sub\n } : null\n };\n void this._start(tmpUser);\n }\n }\n }\n};\n\n// src/User.ts\nvar User = class _User {\n constructor(args) {\n var _a;\n this.id_token = args.id_token;\n this.session_state = (_a = args.session_state) != null ? _a : null;\n this.access_token = args.access_token;\n this.refresh_token = args.refresh_token;\n this.token_type = args.token_type;\n this.scope = args.scope;\n this.profile = args.profile;\n this.expires_at = args.expires_at;\n this.state = args.userState;\n this.url_state = args.url_state;\n }\n /** Computed number of seconds the access token has remaining. */\n get expires_in() {\n if (this.expires_at === void 0) {\n return void 0;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n set expires_in(value) {\n if (value !== void 0) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n /** Computed value indicating if the access token is expired. */\n get expired() {\n const expires_in = this.expires_in;\n if (expires_in === void 0) {\n return void 0;\n }\n return expires_in <= 0;\n }\n /** Array representing the parsed values from the `scope`. */\n get scopes() {\n var _a, _b;\n return (_b = (_a = this.scope) == null ? void 0 : _a.split(\" \")) != null ? _b : [];\n }\n toStorageString() {\n new Logger(\"User\").create(\"toStorageString\");\n return JSON.stringify({\n id_token: this.id_token,\n session_state: this.session_state,\n access_token: this.access_token,\n refresh_token: this.refresh_token,\n token_type: this.token_type,\n scope: this.scope,\n profile: this.profile,\n expires_at: this.expires_at\n });\n }\n static fromStorageString(storageString) {\n Logger.createStatic(\"User\", \"fromStorageString\");\n return new _User(JSON.parse(storageString));\n }\n};\n\n// src/navigators/AbstractChildWindow.ts\nvar messageSource = \"oidc-client\";\nvar AbstractChildWindow = class {\n constructor() {\n this._abort = new Event(\"Window navigation aborted\");\n this._disposeHandlers = /* @__PURE__ */ new Set();\n this._window = null;\n }\n async navigate(params) {\n const logger2 = this._logger.create(\"navigate\");\n if (!this._window) {\n throw new Error(\"Attempted to navigate on a disposed window\");\n }\n logger2.debug(\"setting URL in window\");\n this._window.location.replace(params.url);\n const { url, keepOpen } = await new Promise((resolve, reject) => {\n const listener = (e) => {\n var _a;\n const data = e.data;\n const origin = (_a = params.scriptOrigin) != null ? _a : window.location.origin;\n if (e.origin !== origin || (data == null ? void 0 : data.source) !== messageSource) {\n return;\n }\n try {\n const state = UrlUtils.readParams(data.url, params.response_mode).get(\"state\");\n if (!state) {\n logger2.warn(\"no state found in response url\");\n }\n if (e.source !== this._window && state !== params.state) {\n return;\n }\n } catch {\n this._dispose();\n reject(new Error(\"Invalid response from window\"));\n }\n resolve(data);\n };\n window.addEventListener(\"message\", listener, false);\n this._disposeHandlers.add(() => window.removeEventListener(\"message\", listener, false));\n const channel = new BroadcastChannel(`oidc-client-popup-${params.state}`);\n channel.addEventListener(\"message\", listener, false);\n this._disposeHandlers.add(() => channel.close());\n this._disposeHandlers.add(this._abort.addHandler((reason) => {\n this._dispose();\n reject(reason);\n }));\n });\n logger2.debug(\"got response from window\");\n this._dispose();\n if (!keepOpen) {\n this.close();\n }\n return { url };\n }\n _dispose() {\n this._logger.create(\"_dispose\");\n for (const dispose of this._disposeHandlers) {\n dispose();\n }\n this._disposeHandlers.clear();\n }\n static _notifyParent(parent, url, keepOpen = false, targetOrigin = window.location.origin) {\n const msgData = {\n source: messageSource,\n url,\n keepOpen\n };\n const logger2 = new Logger(\"_notifyParent\");\n if (parent) {\n logger2.debug(\"With parent. Using parent.postMessage.\");\n parent.postMessage(msgData, targetOrigin);\n } else {\n logger2.debug(\"No parent. Using BroadcastChannel.\");\n const state = new URL(url).searchParams.get(\"state\");\n if (!state) {\n throw new Error(\"No parent and no state in URL. Can't complete notification.\");\n }\n const channel = new BroadcastChannel(`oidc-client-popup-${state}`);\n channel.postMessage(msgData);\n channel.close();\n }\n }\n};\n\n// src/UserManagerSettings.ts\nvar DefaultPopupWindowFeatures = {\n location: false,\n toolbar: false,\n height: 640,\n closePopupWindowAfterInSeconds: -1\n};\nvar DefaultPopupTarget = \"_blank\";\nvar DefaultAccessTokenExpiringNotificationTimeInSeconds = 60;\nvar DefaultCheckSessionIntervalInSeconds = 2;\nvar DefaultSilentRequestTimeoutInSeconds = 10;\nvar UserManagerSettingsStore = class extends OidcClientSettingsStore {\n constructor(args) {\n const {\n popup_redirect_uri = args.redirect_uri,\n popup_post_logout_redirect_uri = args.post_logout_redirect_uri,\n popupWindowFeatures = DefaultPopupWindowFeatures,\n popupWindowTarget = DefaultPopupTarget,\n redirectMethod = \"assign\",\n redirectTarget = \"self\",\n iframeNotifyParentOrigin = args.iframeNotifyParentOrigin,\n iframeScriptOrigin = args.iframeScriptOrigin,\n requestTimeoutInSeconds,\n silent_redirect_uri = args.redirect_uri,\n silentRequestTimeoutInSeconds,\n automaticSilentRenew = true,\n validateSubOnSilentRenew = true,\n includeIdTokenInSilentRenew = false,\n monitorSession = false,\n monitorAnonymousSession = false,\n checkSessionIntervalInSeconds = DefaultCheckSessionIntervalInSeconds,\n query_status_response_type = \"code\",\n stopCheckSessionOnError = true,\n revokeTokenTypes = [\"access_token\", \"refresh_token\"],\n revokeTokensOnSignout = false,\n includeIdTokenInSilentSignout = false,\n accessTokenExpiringNotificationTimeInSeconds = DefaultAccessTokenExpiringNotificationTimeInSeconds,\n maxSilentRenewTimeoutRetries,\n userStore\n } = args;\n super(args);\n this.popup_redirect_uri = popup_redirect_uri;\n this.popup_post_logout_redirect_uri = popup_post_logout_redirect_uri;\n this.popupWindowFeatures = popupWindowFeatures;\n this.popupWindowTarget = popupWindowTarget;\n this.redirectMethod = redirectMethod;\n this.redirectTarget = redirectTarget;\n this.iframeNotifyParentOrigin = iframeNotifyParentOrigin;\n this.iframeScriptOrigin = iframeScriptOrigin;\n this.silent_redirect_uri = silent_redirect_uri;\n this.silentRequestTimeoutInSeconds = silentRequestTimeoutInSeconds || requestTimeoutInSeconds || DefaultSilentRequestTimeoutInSeconds;\n this.automaticSilentRenew = automaticSilentRenew;\n this.validateSubOnSilentRenew = validateSubOnSilentRenew;\n this.includeIdTokenInSilentRenew = includeIdTokenInSilentRenew;\n this.monitorSession = monitorSession;\n this.monitorAnonymousSession = monitorAnonymousSession;\n this.checkSessionIntervalInSeconds = checkSessionIntervalInSeconds;\n this.stopCheckSessionOnError = stopCheckSessionOnError;\n this.query_status_response_type = query_status_response_type;\n this.revokeTokenTypes = revokeTokenTypes;\n this.revokeTokensOnSignout = revokeTokensOnSignout;\n this.includeIdTokenInSilentSignout = includeIdTokenInSilentSignout;\n this.accessTokenExpiringNotificationTimeInSeconds = accessTokenExpiringNotificationTimeInSeconds;\n this.maxSilentRenewTimeoutRetries = maxSilentRenewTimeoutRetries;\n if (userStore) {\n this.userStore = userStore;\n } else {\n const store = typeof window !== \"undefined\" ? window.sessionStorage : new InMemoryWebStorage();\n this.userStore = new WebStorageStateStore({ store });\n }\n }\n};\n\n// src/navigators/IFrameWindow.ts\nvar IFrameWindow = class _IFrameWindow extends AbstractChildWindow {\n constructor({\n silentRequestTimeoutInSeconds = DefaultSilentRequestTimeoutInSeconds\n }) {\n super();\n this._logger = new Logger(\"IFrameWindow\");\n this._timeoutInSeconds = silentRequestTimeoutInSeconds;\n this._frame = _IFrameWindow.createHiddenIframe();\n this._window = this._frame.contentWindow;\n }\n static createHiddenIframe() {\n const iframe = window.document.createElement(\"iframe\");\n iframe.style.visibility = \"hidden\";\n iframe.style.position = \"fixed\";\n iframe.style.left = \"-1000px\";\n iframe.style.top = \"0\";\n iframe.width = \"0\";\n iframe.height = \"0\";\n window.document.body.appendChild(iframe);\n return iframe;\n }\n async navigate(params) {\n this._logger.debug(\"navigate: Using timeout of:\", this._timeoutInSeconds);\n const timer = setTimeout(() => void this._abort.raise(new ErrorTimeout(\"IFrame timed out without a response\")), this._timeoutInSeconds * 1e3);\n this._disposeHandlers.add(() => clearTimeout(timer));\n return await super.navigate(params);\n }\n close() {\n var _a;\n if (this._frame) {\n if (this._frame.parentNode) {\n this._frame.addEventListener(\"load\", (ev) => {\n var _a2;\n const frame = ev.target;\n (_a2 = frame.parentNode) == null ? void 0 : _a2.removeChild(frame);\n void this._abort.raise(new Error(\"IFrame removed from DOM\"));\n }, true);\n (_a = this._frame.contentWindow) == null ? void 0 : _a.location.replace(\"about:blank\");\n }\n this._frame = null;\n }\n this._window = null;\n }\n static notifyParent(url, targetOrigin) {\n return super._notifyParent(window.parent, url, false, targetOrigin);\n }\n};\n\n// src/navigators/IFrameNavigator.ts\nvar IFrameNavigator = class {\n constructor(_settings) {\n this._settings = _settings;\n this._logger = new Logger(\"IFrameNavigator\");\n }\n async prepare({\n silentRequestTimeoutInSeconds = this._settings.silentRequestTimeoutInSeconds\n }) {\n return new IFrameWindow({ silentRequestTimeoutInSeconds });\n }\n async callback(url) {\n this._logger.create(\"callback\");\n IFrameWindow.notifyParent(url, this._settings.iframeNotifyParentOrigin);\n }\n};\n\n// src/navigators/PopupWindow.ts\nvar checkForPopupClosedInterval = 500;\nvar second = 1e3;\nvar PopupWindow = class extends AbstractChildWindow {\n constructor({\n popupWindowTarget = DefaultPopupTarget,\n popupWindowFeatures = {},\n popupSignal,\n popupAbortOnClose\n }) {\n super();\n this._logger = new Logger(\"PopupWindow\");\n const centeredPopup = PopupUtils.center({ ...DefaultPopupWindowFeatures, ...popupWindowFeatures });\n this._window = window.open(void 0, popupWindowTarget, PopupUtils.serialize(centeredPopup));\n this.abortOnClose = Boolean(popupAbortOnClose);\n if (popupSignal) {\n popupSignal.addEventListener(\"abort\", () => {\n var _a;\n void this._abort.raise(new Error((_a = popupSignal.reason) != null ? _a : \"Popup aborted\"));\n });\n }\n if (popupWindowFeatures.closePopupWindowAfterInSeconds && popupWindowFeatures.closePopupWindowAfterInSeconds > 0) {\n setTimeout(() => {\n if (!this._window || typeof this._window.closed !== \"boolean\" || this._window.closed) {\n void this._abort.raise(new Error(\"Popup blocked by user\"));\n return;\n }\n this.close();\n }, popupWindowFeatures.closePopupWindowAfterInSeconds * second);\n }\n }\n async navigate(params) {\n var _a;\n (_a = this._window) == null ? void 0 : _a.focus();\n const popupClosedInterval = setInterval(() => {\n if (!this._window || this._window.closed) {\n this._logger.debug(\"Popup closed by user or isolated by redirect\");\n clearPopupClosedInterval();\n this._disposeHandlers.delete(clearPopupClosedInterval);\n if (this.abortOnClose) {\n void this._abort.raise(new Error(\"Popup closed by user\"));\n }\n }\n }, checkForPopupClosedInterval);\n const clearPopupClosedInterval = () => clearInterval(popupClosedInterval);\n this._disposeHandlers.add(clearPopupClosedInterval);\n return await super.navigate(params);\n }\n close() {\n if (this._window) {\n if (!this._window.closed) {\n this._window.close();\n void this._abort.raise(new Error(\"Popup closed\"));\n }\n }\n this._window = null;\n }\n static notifyOpener(url, keepOpen) {\n super._notifyParent(window.opener, url, keepOpen);\n if (!keepOpen && !window.opener) {\n window.close();\n }\n }\n};\n\n// src/navigators/PopupNavigator.ts\nvar PopupNavigator = class {\n constructor(_settings) {\n this._settings = _settings;\n this._logger = new Logger(\"PopupNavigator\");\n }\n async prepare({\n popupWindowFeatures = this._settings.popupWindowFeatures,\n popupWindowTarget = this._settings.popupWindowTarget,\n popupSignal,\n popupAbortOnClose\n }) {\n return new PopupWindow({\n popupWindowFeatures,\n popupWindowTarget,\n popupSignal,\n popupAbortOnClose\n });\n }\n async callback(url, { keepOpen = false }) {\n this._logger.create(\"callback\");\n PopupWindow.notifyOpener(url, keepOpen);\n }\n};\n\n// src/navigators/RedirectNavigator.ts\nvar RedirectNavigator = class {\n constructor(_settings) {\n this._settings = _settings;\n this._logger = new Logger(\"RedirectNavigator\");\n }\n async prepare({\n redirectMethod = this._settings.redirectMethod,\n redirectTarget = this._settings.redirectTarget\n }) {\n var _a;\n this._logger.create(\"prepare\");\n let targetWindow = window.self;\n if (redirectTarget === \"top\") {\n targetWindow = (_a = window.top) != null ? _a : window.self;\n }\n const redirect = targetWindow.location[redirectMethod].bind(targetWindow.location);\n let abort;\n return {\n navigate: async (params) => {\n this._logger.create(\"navigate\");\n const promise = new Promise((resolve, reject) => {\n abort = reject;\n window.addEventListener(\"pageshow\", () => resolve(window.location.href));\n redirect(params.url);\n });\n return await promise;\n },\n close: () => {\n this._logger.create(\"close\");\n abort == null ? void 0 : abort(new Error(\"Redirect aborted\"));\n targetWindow.stop();\n }\n };\n }\n async callback() {\n return;\n }\n};\n\n// src/UserManagerEvents.ts\nvar UserManagerEvents = class extends AccessTokenEvents {\n constructor(settings) {\n super({ expiringNotificationTimeInSeconds: settings.accessTokenExpiringNotificationTimeInSeconds });\n this._logger = new Logger(\"UserManagerEvents\");\n this._userLoaded = new Event(\"User loaded\");\n this._userUnloaded = new Event(\"User unloaded\");\n this._silentRenewError = new Event(\"Silent renew error\");\n this._userSignedIn = new Event(\"User signed in\");\n this._userSignedOut = new Event(\"User signed out\");\n this._userSessionChanged = new Event(\"User session changed\");\n }\n async load(user, raiseEvent = true) {\n await super.load(user);\n if (raiseEvent) {\n await this._userLoaded.raise(user);\n }\n }\n async unload() {\n await super.unload();\n await this._userUnloaded.raise();\n }\n /**\n * Add callback: Raised when a user session has been established (or re-established).\n */\n addUserLoaded(cb) {\n return this._userLoaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been established (or re-established).\n */\n removeUserLoaded(cb) {\n return this._userLoaded.removeHandler(cb);\n }\n /**\n * Add callback: Raised when a user session has been terminated.\n */\n addUserUnloaded(cb) {\n return this._userUnloaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been terminated.\n */\n removeUserUnloaded(cb) {\n return this._userUnloaded.removeHandler(cb);\n }\n /**\n * Add callback: Raised when the automatic silent renew has failed.\n */\n addSilentRenewError(cb) {\n return this._silentRenewError.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the automatic silent renew has failed.\n */\n removeSilentRenewError(cb) {\n return this._silentRenewError.removeHandler(cb);\n }\n /**\n * @internal\n */\n async _raiseSilentRenewError(e) {\n await this._silentRenewError.raise(e);\n }\n /**\n * Add callback: Raised when the user is signed in (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n addUserSignedIn(cb) {\n return this._userSignedIn.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user is signed in (when `monitorSession` is set).\n */\n removeUserSignedIn(cb) {\n this._userSignedIn.removeHandler(cb);\n }\n /**\n * @internal\n */\n async _raiseUserSignedIn() {\n await this._userSignedIn.raise();\n }\n /**\n * Add callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n addUserSignedOut(cb) {\n return this._userSignedOut.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n */\n removeUserSignedOut(cb) {\n this._userSignedOut.removeHandler(cb);\n }\n /**\n * @internal\n */\n async _raiseUserSignedOut() {\n await this._userSignedOut.raise();\n }\n /**\n * Add callback: Raised when the user session changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n addUserSessionChanged(cb) {\n return this._userSessionChanged.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user session changed (when `monitorSession` is set).\n */\n removeUserSessionChanged(cb) {\n this._userSessionChanged.removeHandler(cb);\n }\n /**\n * @internal\n */\n async _raiseUserSessionChanged() {\n await this._userSessionChanged.raise();\n }\n};\n\n// src/SilentRenewService.ts\nvar SilentRenewService = class {\n constructor(_userManager) {\n this._userManager = _userManager;\n this._logger = new Logger(\"SilentRenewService\");\n this._isStarted = false;\n this._retryTimer = new Timer(\"Retry Silent Renew\");\n this._timeoutRetryCount = 0;\n this._tokenExpiring = async () => {\n const logger2 = this._logger.create(\"_tokenExpiring\");\n try {\n await this._userManager.signinSilent();\n this._timeoutRetryCount = 0;\n logger2.debug(\"silent token renewal successful\");\n } catch (err) {\n if (err instanceof ErrorTimeout) {\n this._timeoutRetryCount++;\n const maxRetries = this._userManager.settings.maxSilentRenewTimeoutRetries;\n const hasReachedLimit = maxRetries !== void 0 && this._timeoutRetryCount > maxRetries;\n if (hasReachedLimit) {\n logger2.error(\n `Timeout retry limit reached (${this._timeoutRetryCount} > ${maxRetries}), raising silentRenewError:`,\n err\n );\n this._timeoutRetryCount = 0;\n await this._userManager.events._raiseSilentRenewError(err);\n return;\n }\n logger2.warn(\n `ErrorTimeout from signinSilent (attempt ${this._timeoutRetryCount}), retry in 5s:`,\n err\n );\n this._retryTimer.init(5);\n return;\n }\n logger2.error(\"Error from signinSilent:\", err);\n this._timeoutRetryCount = 0;\n await this._userManager.events._raiseSilentRenewError(err);\n }\n };\n }\n async start() {\n const logger2 = this._logger.create(\"start\");\n if (!this._isStarted) {\n this._isStarted = true;\n this._userManager.events.addAccessTokenExpiring(this._tokenExpiring);\n this._retryTimer.addHandler(this._tokenExpiring);\n try {\n await this._userManager.getUser();\n } catch (err) {\n logger2.error(\"getUser error\", err);\n }\n }\n }\n stop() {\n if (this._isStarted) {\n this._retryTimer.cancel();\n this._retryTimer.removeHandler(this._tokenExpiring);\n this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring);\n this._isStarted = false;\n }\n }\n};\n\n// src/RefreshState.ts\nvar RefreshState = class {\n constructor(args) {\n this.refresh_token = args.refresh_token;\n this.id_token = args.id_token;\n this.session_state = args.session_state;\n this.scope = args.scope;\n this.profile = args.profile;\n this.data = args.state;\n }\n};\n\n// src/UserManager.ts\nvar UserManager = class {\n constructor(settings, redirectNavigator, popupNavigator, iframeNavigator) {\n this._logger = new Logger(\"UserManager\");\n this.settings = new UserManagerSettingsStore(settings);\n this._client = new OidcClient(settings);\n this._redirectNavigator = redirectNavigator != null ? redirectNavigator : new RedirectNavigator(this.settings);\n this._popupNavigator = popupNavigator != null ? popupNavigator : new PopupNavigator(this.settings);\n this._iframeNavigator = iframeNavigator != null ? iframeNavigator : new IFrameNavigator(this.settings);\n this._events = new UserManagerEvents(this.settings);\n this._silentRenewService = new SilentRenewService(this);\n if (this.settings.automaticSilentRenew) {\n this.startSilentRenew();\n }\n this._sessionMonitor = null;\n if (this.settings.monitorSession) {\n this._sessionMonitor = new SessionMonitor(this);\n }\n }\n /**\n * Get object used to register for events raised by the `UserManager`.\n */\n get events() {\n return this._events;\n }\n /**\n * Get object used to access the metadata configuration of the identity provider.\n */\n get metadataService() {\n return this._client.metadataService;\n }\n /**\n * Load the `User` object for the currently authenticated user.\n *\n * @param raiseEvent - If `true`, the `UserLoaded` event will be raised. Defaults to false.\n * @returns A promise\n */\n async getUser(raiseEvent = false) {\n const logger2 = this._logger.create(\"getUser\");\n const user = await this._loadUser();\n if (user) {\n logger2.info(\"user loaded\");\n await this._events.load(user, raiseEvent);\n return user;\n }\n logger2.info(\"user not found in storage\");\n return null;\n }\n /**\n * Remove from any storage the currently authenticated user.\n *\n * @returns A promise\n */\n async removeUser() {\n const logger2 = this._logger.create(\"removeUser\");\n await this.storeUser(null);\n logger2.info(\"user removed from storage\");\n await this._events.unload();\n }\n /**\n * Trigger a redirect of the current window to the authorization endpoint.\n *\n * @returns A promise\n *\n * @throws `Error` In cases of wrong authentication.\n */\n async signinRedirect(args = {}) {\n var _a;\n this._logger.create(\"signinRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n let dpopJkt;\n if ((_a = this.settings.dpop) == null ? void 0 : _a.bind_authorization_code) {\n dpopJkt = await this.generateDPoPJkt(this.settings.dpop);\n }\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signinStart({\n request_type: \"si:r\",\n dpopJkt,\n ...requestArgs\n }, handle);\n }\n /**\n * Process the response (callback) from the authorization endpoint.\n * It is recommended to use {@link UserManager.signinCallback} instead.\n *\n * @returns A promise containing the authenticated `User`.\n *\n * @see {@link UserManager.signinCallback}\n */\n async signinRedirectCallback(url = window.location.href) {\n const logger2 = this._logger.create(\"signinRedirectCallback\");\n const user = await this._signinEnd(url);\n if (user.profile && user.profile.sub) {\n logger2.info(\"success, signed in subject\", user.profile.sub);\n } else {\n logger2.info(\"no subject\");\n }\n return user;\n }\n /**\n * Trigger the signin with user/password.\n *\n * @returns A promise containing the authenticated `User`.\n * @throws {@link ErrorResponse} In cases of wrong authentication.\n */\n async signinResourceOwnerCredentials({\n username,\n password,\n skipUserInfo = false\n }) {\n const logger2 = this._logger.create(\"signinResourceOwnerCredential\");\n const signinResponse = await this._client.processResourceOwnerPasswordCredentials({\n username,\n password,\n skipUserInfo,\n extraTokenParams: this.settings.extraTokenParams\n });\n logger2.debug(\"got signin response\");\n const user = await this._buildUser(signinResponse);\n if (user.profile && user.profile.sub) {\n logger2.info(\"success, signed in subject\", user.profile.sub);\n } else {\n logger2.info(\"no subject\");\n }\n return user;\n }\n /**\n * Trigger a request (via a popup window) to the authorization endpoint.\n *\n * @returns A promise containing the authenticated `User`.\n * @throws `Error` In cases of wrong authentication.\n */\n async signinPopup(args = {}) {\n var _a;\n const logger2 = this._logger.create(\"signinPopup\");\n let dpopJkt;\n if ((_a = this.settings.dpop) == null ? void 0 : _a.bind_authorization_code) {\n dpopJkt = await this.generateDPoPJkt(this.settings.dpop);\n }\n const {\n popupWindowFeatures,\n popupWindowTarget,\n popupSignal,\n popupAbortOnClose,\n ...requestArgs\n } = args;\n const url = this.settings.popup_redirect_uri;\n if (!url) {\n logger2.throw(new Error(\"No popup_redirect_uri configured\"));\n }\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget, popupSignal, popupAbortOnClose });\n const user = await this._signin({\n request_type: \"si:p\",\n redirect_uri: url,\n display: \"popup\",\n dpopJkt,\n ...requestArgs\n }, handle);\n if (user) {\n if (user.profile && user.profile.sub) {\n logger2.info(\"success, signed in subject\", user.profile.sub);\n } else {\n logger2.info(\"no subject\");\n }\n }\n return user;\n }\n /**\n * Notify the opening window of response (callback) from the authorization endpoint.\n * It is recommended to use {@link UserManager.signinCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signinCallback}\n */\n async signinPopupCallback(url = window.location.href, keepOpen = false) {\n const logger2 = this._logger.create(\"signinPopupCallback\");\n await this._popupNavigator.callback(url, { keepOpen });\n logger2.info(\"success\");\n }\n /**\n * Trigger a silent request (via refresh token or an iframe) to the authorization endpoint.\n *\n * @returns A promise that contains the authenticated `User`.\n */\n async signinSilent(args = {}) {\n var _a, _b;\n const logger2 = this._logger.create(\"signinSilent\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n let user = await this._loadUser();\n if (!args.forceIframeAuth && (user == null ? void 0 : user.refresh_token)) {\n logger2.debug(\"using refresh token\");\n const state = new RefreshState(user);\n return await this._useRefreshToken({\n state,\n redirect_uri: requestArgs.redirect_uri,\n resource: requestArgs.resource,\n extraTokenParams: requestArgs.extraTokenParams,\n timeoutInSeconds: silentRequestTimeoutInSeconds\n });\n }\n let dpopJkt;\n if ((_a = this.settings.dpop) == null ? void 0 : _a.bind_authorization_code) {\n dpopJkt = await this.generateDPoPJkt(this.settings.dpop);\n }\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger2.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n let verifySub;\n if (user && this.settings.validateSubOnSilentRenew) {\n logger2.debug(\"subject prior to silent renew:\", user.profile.sub);\n verifySub = user.profile.sub;\n }\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n user = await this._signin({\n request_type: \"si:s\",\n redirect_uri: url,\n prompt: \"none\",\n id_token_hint: this.settings.includeIdTokenInSilentRenew ? user == null ? void 0 : user.id_token : void 0,\n dpopJkt,\n ...requestArgs\n }, handle, verifySub);\n if (user) {\n if ((_b = user.profile) == null ? void 0 : _b.sub) {\n logger2.info(\"success, signed in subject\", user.profile.sub);\n } else {\n logger2.info(\"no subject\");\n }\n }\n return user;\n }\n async _useRefreshToken(args) {\n const response = await this._client.useRefreshToken({\n timeoutInSeconds: this.settings.silentRequestTimeoutInSeconds,\n ...args\n });\n const user = new User({ ...args.state, ...response });\n await this.storeUser(user);\n await this._events.load(user);\n return user;\n }\n /**\n *\n * Notify the parent window of response (callback) from the authorization endpoint.\n * It is recommended to use {@link UserManager.signinCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signinCallback}\n */\n async signinSilentCallback(url = window.location.href) {\n const logger2 = this._logger.create(\"signinSilentCallback\");\n await this._iframeNavigator.callback(url);\n logger2.info(\"success\");\n }\n /**\n * Process any response (callback) from the authorization endpoint, by dispatching the request_type\n * and executing one of the following functions:\n * - {@link UserManager.signinRedirectCallback}\n * - {@link UserManager.signinPopupCallback}\n * - {@link UserManager.signinSilentCallback}\n *\n * @throws `Error` If request_type is unknown or signin cannot be processed.\n */\n async signinCallback(url = window.location.href) {\n const { state } = await this._client.readSigninResponseState(url);\n switch (state.request_type) {\n case \"si:r\":\n return await this.signinRedirectCallback(url);\n case \"si:p\":\n await this.signinPopupCallback(url);\n break;\n case \"si:s\":\n await this.signinSilentCallback(url);\n break;\n default:\n throw new Error(\"invalid request_type in state\");\n }\n return void 0;\n }\n /**\n * Process any response (callback) from the end session endpoint, by dispatching the request_type\n * and executing one of the following functions:\n * - {@link UserManager.signoutRedirectCallback}\n * - {@link UserManager.signoutPopupCallback}\n * - {@link UserManager.signoutSilentCallback}\n *\n * @throws `Error` If request_type is unknown or signout cannot be processed.\n */\n async signoutCallback(url = window.location.href, keepOpen = false) {\n const { state } = await this._client.readSignoutResponseState(url);\n if (!state) {\n return void 0;\n }\n switch (state.request_type) {\n case \"so:r\":\n return await this.signoutRedirectCallback(url);\n case \"so:p\":\n await this.signoutPopupCallback(url, keepOpen);\n break;\n case \"so:s\":\n await this.signoutSilentCallback(url);\n break;\n default:\n throw new Error(\"invalid request_type in state\");\n }\n return void 0;\n }\n /**\n * Query OP for user's current signin status.\n *\n * @returns A promise object with session_state and subject identifier.\n */\n async querySessionStatus(args = {}) {\n const logger2 = this._logger.create(\"querySessionStatus\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger2.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n const user = await this._loadUser();\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n const navResponse = await this._signinStart({\n request_type: \"si:s\",\n // this acts like a signin silent\n redirect_uri: url,\n prompt: \"none\",\n id_token_hint: this.settings.includeIdTokenInSilentRenew ? user == null ? void 0 : user.id_token : void 0,\n response_type: this.settings.query_status_response_type,\n scope: \"openid\",\n skipUserInfo: true,\n ...requestArgs\n }, handle);\n try {\n const extraHeaders = {};\n const signinResponse = await this._client.processSigninResponse(navResponse.url, extraHeaders);\n logger2.debug(\"got signin response\");\n if (signinResponse.session_state && signinResponse.profile.sub) {\n logger2.info(\"success for subject\", signinResponse.profile.sub);\n return {\n session_state: signinResponse.session_state,\n sub: signinResponse.profile.sub\n };\n }\n logger2.info(\"success, user not authenticated\");\n return null;\n } catch (err) {\n if (this.settings.monitorAnonymousSession && err instanceof ErrorResponse) {\n switch (err.error) {\n case \"login_required\":\n case \"consent_required\":\n case \"interaction_required\":\n case \"account_selection_required\":\n logger2.info(\"success for anonymous user\");\n return {\n session_state: err.session_state\n };\n }\n }\n throw err;\n }\n }\n async _signin(args, handle, verifySub) {\n const navResponse = await this._signinStart(args, handle);\n return await this._signinEnd(navResponse.url, verifySub);\n }\n async _signinStart(args, handle) {\n const logger2 = this._logger.create(\"_signinStart\");\n try {\n const signinRequest = await this._client.createSigninRequest(args);\n logger2.debug(\"got signin request\");\n return await handle.navigate({\n url: signinRequest.url,\n state: signinRequest.state.id,\n response_mode: signinRequest.state.response_mode,\n scriptOrigin: this.settings.iframeScriptOrigin\n });\n } catch (err) {\n logger2.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n async _signinEnd(url, verifySub) {\n const logger2 = this._logger.create(\"_signinEnd\");\n const extraHeaders = {};\n const signinResponse = await this._client.processSigninResponse(url, extraHeaders);\n logger2.debug(\"got signin response\");\n const user = await this._buildUser(signinResponse, verifySub);\n return user;\n }\n async _buildUser(signinResponse, verifySub) {\n const logger2 = this._logger.create(\"_buildUser\");\n const user = new User(signinResponse);\n if (verifySub) {\n if (verifySub !== user.profile.sub) {\n logger2.debug(\"current user does not match user returned from signin. sub from signin:\", user.profile.sub);\n throw new ErrorResponse({ ...signinResponse, error: \"login_required\" });\n }\n logger2.debug(\"current user matches user returned from signin\");\n }\n await this.storeUser(user);\n logger2.debug(\"user stored\");\n await this._events.load(user);\n return user;\n }\n /**\n * Trigger a redirect of the current window to the end session endpoint.\n *\n * @returns A promise\n */\n async signoutRedirect(args = {}) {\n const logger2 = this._logger.create(\"signoutRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signoutStart({\n request_type: \"so:r\",\n post_logout_redirect_uri: this.settings.post_logout_redirect_uri,\n ...requestArgs\n }, handle);\n logger2.info(\"success\");\n }\n /**\n * Process response (callback) from the end session endpoint.\n * It is recommended to use {@link UserManager.signoutCallback} instead.\n *\n * @returns A promise containing signout response\n *\n * @see {@link UserManager.signoutCallback}\n */\n async signoutRedirectCallback(url = window.location.href) {\n const logger2 = this._logger.create(\"signoutRedirectCallback\");\n const response = await this._signoutEnd(url);\n logger2.info(\"success\");\n return response;\n }\n /**\n * Trigger a redirect of a popup window to the end session endpoint.\n *\n * @returns A promise\n */\n async signoutPopup(args = {}) {\n const logger2 = this._logger.create(\"signoutPopup\");\n const {\n popupWindowFeatures,\n popupWindowTarget,\n popupSignal,\n ...requestArgs\n } = args;\n const url = this.settings.popup_post_logout_redirect_uri;\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget, popupSignal });\n await this._signout({\n request_type: \"so:p\",\n post_logout_redirect_uri: url,\n // we're putting a dummy entry in here because we\n // need a unique id from the state for notification\n // to the parent window, which is necessary if we\n // plan to return back to the client after signout\n // and so we can close the popup after signout\n state: url == null ? void 0 : {},\n ...requestArgs\n }, handle);\n logger2.info(\"success\");\n }\n /**\n * Process response (callback) from the end session endpoint from a popup window.\n * It is recommended to use {@link UserManager.signoutCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signoutCallback}\n */\n async signoutPopupCallback(url = window.location.href, keepOpen = false) {\n const logger2 = this._logger.create(\"signoutPopupCallback\");\n await this._popupNavigator.callback(url, { keepOpen });\n logger2.info(\"success\");\n }\n async _signout(args, handle) {\n const navResponse = await this._signoutStart(args, handle);\n return await this._signoutEnd(navResponse.url);\n }\n async _signoutStart(args = {}, handle) {\n var _a;\n const logger2 = this._logger.create(\"_signoutStart\");\n try {\n const user = await this._loadUser();\n logger2.debug(\"loaded current user from storage\");\n if (this.settings.revokeTokensOnSignout) {\n await this._revokeInternal(user);\n }\n const id_token = args.id_token_hint || user && user.id_token;\n if (id_token) {\n logger2.debug(\"setting id_token_hint in signout request\");\n args.id_token_hint = id_token;\n }\n await this.removeUser();\n logger2.debug(\"user removed, creating signout request\");\n const signoutRequest = await this._client.createSignoutRequest(args);\n logger2.debug(\"got signout request\");\n return await handle.navigate({\n url: signoutRequest.url,\n state: (_a = signoutRequest.state) == null ? void 0 : _a.id,\n scriptOrigin: this.settings.iframeScriptOrigin\n });\n } catch (err) {\n logger2.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n async _signoutEnd(url) {\n const logger2 = this._logger.create(\"_signoutEnd\");\n const signoutResponse = await this._client.processSignoutResponse(url);\n logger2.debug(\"got signout response\");\n return signoutResponse;\n }\n /**\n * Trigger a silent request (via an iframe) to the end session endpoint.\n *\n * @returns A promise\n */\n async signoutSilent(args = {}) {\n var _a;\n const logger2 = this._logger.create(\"signoutSilent\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n const id_token_hint = this.settings.includeIdTokenInSilentSignout ? (_a = await this._loadUser()) == null ? void 0 : _a.id_token : void 0;\n const url = this.settings.popup_post_logout_redirect_uri;\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n await this._signout({\n request_type: \"so:s\",\n post_logout_redirect_uri: url,\n id_token_hint,\n ...requestArgs\n }, handle);\n logger2.info(\"success\");\n }\n /**\n * Notify the parent window of response (callback) from the end session endpoint.\n * It is recommended to use {@link UserManager.signoutCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signoutCallback}\n */\n async signoutSilentCallback(url = window.location.href) {\n const logger2 = this._logger.create(\"signoutSilentCallback\");\n await this._iframeNavigator.callback(url);\n logger2.info(\"success\");\n }\n async revokeTokens(types) {\n const user = await this._loadUser();\n await this._revokeInternal(user, types);\n }\n async _revokeInternal(user, types = this.settings.revokeTokenTypes) {\n const logger2 = this._logger.create(\"_revokeInternal\");\n if (!user) return;\n const typesPresent = types.filter((type) => typeof user[type] === \"string\");\n if (!typesPresent.length) {\n logger2.debug(\"no need to revoke due to no token(s)\");\n return;\n }\n for (const type of typesPresent) {\n await this._client.revokeToken(\n user[type],\n type\n );\n logger2.info(`${type} revoked successfully`);\n if (type !== \"access_token\") {\n user[type] = null;\n }\n }\n await this.storeUser(user);\n logger2.debug(\"user stored\");\n await this._events.load(user);\n }\n /**\n * Enables silent renew for the `UserManager`.\n */\n startSilentRenew() {\n this._logger.create(\"startSilentRenew\");\n void this._silentRenewService.start();\n }\n /**\n * Disables silent renew for the `UserManager`.\n */\n stopSilentRenew() {\n this._silentRenewService.stop();\n }\n get _userStoreKey() {\n return `user:${this.settings.authority}:${this.settings.client_id}`;\n }\n async _loadUser() {\n const logger2 = this._logger.create(\"_loadUser\");\n const storageString = await this.settings.userStore.get(this._userStoreKey);\n if (storageString) {\n logger2.debug(\"user storageString loaded\");\n return User.fromStorageString(storageString);\n }\n logger2.debug(\"no user storageString\");\n return null;\n }\n async storeUser(user) {\n const logger2 = this._logger.create(\"storeUser\");\n if (user) {\n logger2.debug(\"storing user\");\n const storageString = user.toStorageString();\n await this.settings.userStore.set(this._userStoreKey, storageString);\n } else {\n this._logger.debug(\"removing user\");\n await this.settings.userStore.remove(this._userStoreKey);\n if (this.settings.dpop) {\n await this.settings.dpop.store.remove(this.settings.client_id);\n }\n }\n }\n /**\n * Removes stale state entries in storage for incomplete authorize requests.\n */\n async clearStaleState() {\n await this._client.clearStaleState();\n }\n /**\n * Dynamically generates a DPoP proof for a given user, URL and optional Http method.\n * This method is useful when you need to make a request to a resource server\n * with fetch or similar, and you need to include a DPoP proof in a DPoP header.\n * @param url - The URL to generate the DPoP proof for\n * @param user - The user to generate the DPoP proof for\n * @param httpMethod - Optional, defaults to \"GET\"\n * @param nonce - Optional nonce provided by the resource server\n *\n * @returns A promise containing the DPoP proof or undefined if DPoP is not enabled/no user is found.\n */\n async dpopProof(url, user, httpMethod, nonce) {\n var _a, _b;\n const dpopState = await ((_b = (_a = this.settings.dpop) == null ? void 0 : _a.store) == null ? void 0 : _b.get(this.settings.client_id));\n if (dpopState) {\n return await CryptoUtils.generateDPoPProof({\n url,\n accessToken: user == null ? void 0 : user.access_token,\n httpMethod,\n keyPair: dpopState.keys,\n nonce\n });\n }\n return void 0;\n }\n async generateDPoPJkt(dpopSettings) {\n let dpopState = await dpopSettings.store.get(this.settings.client_id);\n if (!dpopState) {\n const dpopKeys = await CryptoUtils.generateDPoPKeys();\n dpopState = new DPoPState(dpopKeys);\n await dpopSettings.store.set(this.settings.client_id, dpopState);\n }\n return await CryptoUtils.generateDPoPJkt(dpopState.keys);\n }\n};\n\n// package.json\nvar version = \"3.5.0\";\n\n// src/Version.ts\nvar Version = version;\n\n// src/IndexedDbDPoPStore.ts\nvar IndexedDbDPoPStore = class {\n constructor() {\n this._dbName = \"oidc\";\n this._storeName = \"dpop\";\n }\n async set(key, value) {\n const store = await this.createStore(this._dbName, this._storeName);\n await store(\"readwrite\", (str) => {\n str.put(value, key);\n return this.promisifyRequest(str.transaction);\n });\n }\n async get(key) {\n const store = await this.createStore(this._dbName, this._storeName);\n return await store(\"readonly\", (str) => {\n return this.promisifyRequest(str.get(key));\n });\n }\n async remove(key) {\n const item = await this.get(key);\n const store = await this.createStore(this._dbName, this._storeName);\n await store(\"readwrite\", (str) => {\n return this.promisifyRequest(str.delete(key));\n });\n return item;\n }\n async getAllKeys() {\n const store = await this.createStore(this._dbName, this._storeName);\n return await store(\"readonly\", (str) => {\n return this.promisifyRequest(str.getAllKeys());\n });\n }\n promisifyRequest(request) {\n return new Promise((resolve, reject) => {\n request.oncomplete = request.onsuccess = () => resolve(request.result);\n request.onabort = request.onerror = () => reject(request.error);\n });\n }\n async createStore(dbName, storeName) {\n const request = indexedDB.open(dbName);\n request.onupgradeneeded = () => request.result.createObjectStore(storeName);\n const db = await this.promisifyRequest(request);\n return async (txMode, callback) => {\n const tx = db.transaction(storeName, txMode);\n const store = tx.objectStore(storeName);\n return await callback(store);\n };\n }\n};\nexport {\n AccessTokenEvents,\n CheckSessionIFrame,\n DPoPState,\n ErrorResponse,\n ErrorTimeout,\n InMemoryWebStorage,\n IndexedDbDPoPStore,\n Log,\n Logger,\n MetadataService,\n OidcClient,\n OidcClientSettingsStore,\n SessionMonitor,\n SigninResponse,\n SigninState,\n SignoutResponse,\n State,\n User,\n UserManager,\n UserManagerSettingsStore,\n Version,\n WebStorageStateStore\n};\n//# sourceMappingURL=oidc-client-ts.js.map\n","import { WebStorageStateStore, State } from 'oidc-client-ts';\nexport { AccessTokenEvents, CheckSessionIFrame, InMemoryWebStorage, Log, MetadataService, OidcClient, SessionMonitor, SigninResponse, User, UserManager, WebStorageStateStore } from 'oidc-client-ts';\nimport { determineSigningAlg, PREFERRED_SIGNING_ALG, generateDpopKeyPair, createDpopHeader, getWebidFromTokenPayload, OidcProviderError, InvalidResponseError, removeOpenIdParams } from '@inrupt/solid-client-authn-core';\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n// Camelcase identifiers are required in the OIDC specification.\n/* eslint-disable camelcase*/\nfunction processErrorResponse(\n// The type is any here because the object is parsed from a JSON response\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nresponseBody, options) {\n // The following errors are defined by the spec, and allow providing some context.\n // See https://tools.ietf.org/html/rfc7591#section-3.2.2 for more information\n if (responseBody.error === \"invalid_redirect_uri\") {\n throw new Error(`Dynamic client registration failed: the provided redirect uri [${options.redirectUrl?.toString()}] is invalid - ${responseBody.error_description ?? \"\"}`);\n }\n if (responseBody.error === \"invalid_client_metadata\") {\n throw new Error(`Dynamic client registration failed: the provided client metadata ${JSON.stringify(options)} is invalid - ${responseBody.error_description ?? \"\"}`);\n }\n // We currently don't support software statements, so no related error should happen.\n // If an error outside of the spec happens, no additional context can be provided\n throw new Error(`Dynamic client registration failed: ${responseBody.error} - ${responseBody.error_description ?? \"\"}`);\n}\nfunction hasClientId(body) {\n return typeof body.client_id === \"string\";\n}\nfunction hasRedirectUri(body) {\n return (Array.isArray(body.redirect_uris) &&\n body.redirect_uris.every((uri) => typeof uri === \"string\"));\n}\nfunction validateRegistrationResponse(responseBody, options) {\n if (!hasClientId(responseBody)) {\n throw new Error(`Dynamic client registration failed: no client_id has been found on ${JSON.stringify(responseBody)}`);\n }\n if (options.redirectUrl &&\n hasRedirectUri(responseBody) &&\n responseBody.redirect_uris[0] !== options.redirectUrl.toString()) {\n throw new Error(`Dynamic client registration failed: the returned redirect URIs ${JSON.stringify(responseBody.redirect_uris)} don't match the provided ${JSON.stringify([\n options.redirectUrl.toString(),\n ])}`);\n }\n return true;\n}\nasync function registerClient(options, issuerConfig) {\n if (!issuerConfig.registrationEndpoint) {\n throw new Error(\"Dynamic Registration could not be completed because the issuer has no registration endpoint.\");\n }\n if (!Array.isArray(issuerConfig.idTokenSigningAlgValuesSupported)) {\n throw new Error(\"The OIDC issuer discovery profile is missing the 'id_token_signing_alg_values_supported' value, which is mandatory.\");\n }\n const signingAlg = determineSigningAlg(issuerConfig.idTokenSigningAlgValuesSupported, PREFERRED_SIGNING_ALG);\n const config = {\n client_name: options.clientName,\n application_type: \"web\",\n redirect_uris: [options.redirectUrl?.toString()],\n subject_type: \"public\",\n token_endpoint_auth_method: \"client_secret_basic\",\n id_token_signed_response_alg: signingAlg,\n grant_types: [\"authorization_code\", \"refresh_token\"],\n };\n const headers = {\n \"Content-Type\": \"application/json\",\n };\n const registerResponse = await fetch(issuerConfig.registrationEndpoint.toString(), {\n method: \"POST\",\n headers,\n body: JSON.stringify(config),\n });\n if (registerResponse.ok) {\n const responseBody = await registerResponse.json();\n validateRegistrationResponse(responseBody, options);\n return {\n clientId: responseBody.client_id,\n clientSecret: responseBody.client_secret,\n expiresAt: responseBody.client_secret_expires_at,\n idTokenSignedResponseAlg: responseBody.id_token_signed_response_alg,\n clientType: \"dynamic\",\n };\n }\n if (registerResponse.status === 400) {\n processErrorResponse(await registerResponse.json(), options);\n }\n throw new Error(`Dynamic client registration failed: the server returned ${registerResponse.status} ${registerResponse.statusText} - ${await registerResponse.text()}`);\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n// Camelcase identifiers are required in the OAuth specification.\n/* eslint-disable camelcase*/\nfunction hasError(value) {\n return value.error !== undefined && typeof value.error === \"string\";\n}\nfunction hasErrorDescription(value) {\n return (value.error_description !== undefined &&\n typeof value.error_description === \"string\");\n}\nfunction hasErrorUri(value) {\n return value.error_uri !== undefined && typeof value.error_uri === \"string\";\n}\nfunction hasAccessToken(value) {\n return (value.access_token !== undefined && typeof value.access_token === \"string\");\n}\nfunction hasIdToken(value) {\n return value.id_token !== undefined && typeof value.id_token === \"string\";\n}\nfunction hasRefreshToken(value) {\n return (value.refresh_token !== undefined && typeof value.refresh_token === \"string\");\n}\nfunction hasTokenType(value) {\n return value.token_type !== undefined && typeof value.token_type === \"string\";\n}\nfunction hasExpiresIn(value) {\n return value.expires_in === undefined || typeof value.expires_in === \"number\";\n}\nfunction validatePreconditions(issuer, data) {\n if (data.grantType &&\n (!issuer.grantTypesSupported ||\n !issuer.grantTypesSupported.includes(data.grantType))) {\n throw new Error(`The issuer [${issuer.issuer}] does not support the [${data.grantType}] grant`);\n }\n if (!issuer.tokenEndpoint) {\n throw new Error(`This issuer [${issuer.issuer}] does not have a token endpoint`);\n }\n}\nfunction validateTokenEndpointResponse(tokenResponse, dpop) {\n if (hasError(tokenResponse)) {\n throw new OidcProviderError(`Token endpoint returned error [${tokenResponse.error}]${hasErrorDescription(tokenResponse)\n ? `: ${tokenResponse.error_description}`\n : \"\"}${hasErrorUri(tokenResponse) ? ` (see ${tokenResponse.error_uri})` : \"\"}`, tokenResponse.error, hasErrorDescription(tokenResponse)\n ? tokenResponse.error_description\n : undefined);\n }\n if (!hasAccessToken(tokenResponse)) {\n throw new InvalidResponseError([\"access_token\"]);\n }\n if (!hasIdToken(tokenResponse)) {\n throw new InvalidResponseError([\"id_token\"]);\n }\n if (!hasTokenType(tokenResponse)) {\n throw new InvalidResponseError([\"token_type\"]);\n }\n if (!hasExpiresIn(tokenResponse)) {\n throw new InvalidResponseError([\"expires_in\"]);\n }\n // TODO: Due to a bug in both the ESS ID broker AND NSS (what were the odds), a DPoP token is returned\n // with a token_type 'Bearer'. To work around this, this test is currently disabled.\n // https://github.com/solid/oidc-op/issues/26\n // Fixed, but unreleased for the ESS (current version: inrupt-oidc-server-0.5.2)\n // if (dpop && tokenResponse.token_type.toLowerCase() !== \"dpop\") {\n // throw new Error(\n // `Invalid token endpoint response: requested a [DPoP] token, but got a 'token_type' value of [${tokenResponse.token_type}].`\n // );\n // }\n if (!dpop && tokenResponse.token_type.toLowerCase() !== \"bearer\") {\n throw new Error(`Invalid token endpoint response: requested a [Bearer] token, but got a 'token_type' value of [${tokenResponse.token_type}].`);\n }\n return tokenResponse;\n}\nasync function getTokens(issuer, client, data, dpop) {\n validatePreconditions(issuer, data);\n const headers = {\n \"content-type\": \"application/x-www-form-urlencoded\",\n };\n let dpopKey;\n if (dpop) {\n dpopKey = await generateDpopKeyPair();\n headers.DPoP = await createDpopHeader(issuer.tokenEndpoint, \"POST\", dpopKey);\n }\n // Note: this defaults to client_secret_basic. client_secret_post\n // is currently not supported. See https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication\n // for details.\n if (client.clientSecret) {\n headers.Authorization = `Basic ${btoa(`${client.clientId}:${client.clientSecret}`)}`;\n }\n const requestBody = {\n grant_type: data.grantType,\n redirect_uri: data.redirectUrl,\n code: data.code,\n code_verifier: data.codeVerifier,\n client_id: client.clientId,\n };\n const tokenRequestInit = {\n method: \"POST\",\n headers,\n body: new URLSearchParams(requestBody).toString(),\n };\n const rawTokenResponse = await fetch(issuer.tokenEndpoint, tokenRequestInit);\n const jsonTokenResponse = (await rawTokenResponse.json());\n const tokenResponse = validateTokenEndpointResponse(jsonTokenResponse, dpop);\n const { webId, clientId } = await getWebidFromTokenPayload(tokenResponse.id_token, issuer.jwksUri, issuer.issuer, client.clientId);\n return {\n accessToken: tokenResponse.access_token,\n idToken: tokenResponse.id_token,\n refreshToken: hasRefreshToken(tokenResponse)\n ? tokenResponse.refresh_token\n : undefined,\n webId,\n clientId,\n dpopKey,\n expiresIn: tokenResponse.expires_in,\n };\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nconst isValidUrl = (url) => {\n try {\n // Here, the URL constructor is just called to parse the given string and\n // verify if it is a well-formed IRI.\n new URL(url);\n return true;\n }\n catch {\n return false;\n }\n};\n// Identifiers in snake_case are mandated by the OAuth spec.\nasync function refresh(refreshToken, issuer, client, dpopKey) {\n if (client.clientId === undefined) {\n throw new Error(\"No client ID available when trying to refresh the access token.\");\n }\n const requestBody = {\n grant_type: \"refresh_token\",\n refresh_token: refreshToken,\n };\n let dpopHeader = {};\n if (dpopKey !== undefined) {\n dpopHeader = {\n DPoP: await createDpopHeader(issuer.tokenEndpoint, \"POST\", dpopKey),\n };\n }\n let authHeader = {};\n if (client.clientSecret !== undefined) {\n authHeader = {\n // We assume that client_secret_basic is the client authentication method.\n // TODO: Get the authentication method from the IClient configuration object.\n Authorization: `Basic ${btoa(`${client.clientId}:${client.clientSecret}`)}`,\n };\n }\n else if (isValidUrl(client.clientId)) {\n // If the client ID is an URL, and there is no client secret, the client\n // has a Solid-OIDC Client Identifier, and it should be present in the\n // request body.\n requestBody.client_id = client.clientId;\n }\n const rawResponse = await fetch(issuer.tokenEndpoint, {\n method: \"POST\",\n body: new URLSearchParams(requestBody).toString(),\n headers: {\n ...dpopHeader,\n ...authHeader,\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n });\n let response;\n try {\n response = await rawResponse.json();\n }\n catch (_e) {\n // The response is left out of the error on purpose not to leak any sensitive information.\n throw new Error(`The token endpoint of issuer ${issuer.issuer} returned a malformed response.`);\n }\n const validatedResponse = validateTokenEndpointResponse(response, dpopKey !== undefined);\n const { webId } = await getWebidFromTokenPayload(validatedResponse.id_token, issuer.jwksUri, issuer.issuer, client.clientId);\n return {\n accessToken: validatedResponse.access_token,\n idToken: validatedResponse.id_token,\n refreshToken: typeof validatedResponse.refresh_token === \"string\"\n ? validatedResponse.refresh_token\n : undefined,\n webId,\n dpopKey,\n expiresIn: validatedResponse.expires_in,\n };\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * Removes OIDC-specific query parameters from a given URL (state, code...), and\n * sanitizes the URL (e.g. removes the hash fragment).\n * @param redirectUrl The URL to clean up.\n * @returns A copy of the URL, without OIDC-specific query params.\n */\nfunction normalizeCallbackUrl(redirectUrl) {\n const cleanedUrl = removeOpenIdParams(redirectUrl);\n // As per https://tools.ietf.org/html/rfc6749#section-3.1.2, the redirect URL\n // must not include a hash fragment.\n cleanedUrl.hash = \"\";\n // Do not normalize the trailing slash, and respect the original redirect URL.\n if (\n // The trailing slash is present in the original redirect URL\n redirectUrl.includes(`${cleanedUrl.origin}/`)) {\n return cleanedUrl.href;\n }\n // Calling cleanedUrl.href appends a trailing slash to the origin, which may\n // create a redirect URL mismatch if it wasn't originally present.\n return `${cleanedUrl.origin}${cleanedUrl.href.substring(\n // Adds 1 to the origin length to remove the trailing slash\n cleanedUrl.origin.length + 1)}`;\n}\n/**\n * Clears any OIDC-related data lingering in the local storage.\n */\nasync function clearOidcPersistentStorage() {\n const store = new WebStorageStateStore({});\n await State.clearStaleState(store, 60 * 15);\n const myStorage = window.localStorage;\n const itemsToRemove = [];\n for (let i = 0; i <= myStorage.length; i += 1) {\n const key = myStorage.key(i);\n if (key &&\n (key.match(/^oidc\\..+$/) ||\n key.match(/^solidClientAuthenticationUser:.+$/))) {\n itemsToRemove.push(key);\n }\n }\n itemsToRemove.forEach((key) => myStorage.removeItem(key));\n}\n\nexport { clearOidcPersistentStorage, getTokens, normalizeCallbackUrl, refresh, registerClient };\n","import { StorageUtility, ClientAuthentication as ClientAuthentication$1, isValidRedirectUrl, EVENTS, removeOpenIdParams, ConfigurationError, handleRegistration, normalizeScopes, AuthorizationCodeWithPkceOidcHandlerBase, SessionInfoManagerBase, isSupportedTokenType, clear as clear$1, getUnauthenticatedSession, loadOidcContextFromStorage, buildAuthenticatedFetch, saveSessionInfoToStorage, maybeBuildRpInitiatedLogout, AggregateHandler, isKnownClientType, InMemoryStorage, IWaterfallLogoutHandler, SOLID_CLIENT_AUTHN_KEY_PREFIX } from '@inrupt/solid-client-authn-core';\nexport { ConfigurationError, EVENTS, InMemoryStorage, NotImplementedError } from '@inrupt/solid-client-authn-core';\nimport { v4 } from 'uuid';\nimport EventEmitter from 'events';\nimport { normalizeCallbackUrl, OidcClient, clearOidcPersistentStorage, getTokens, registerClient, refresh } from '@inrupt/oidc-client-ext';\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * This class in a no-value-added extension of StorageUtility from the core module.\n * The reason it has to be declared is for TSyringe to find the decorators in the\n * same modules as where the dependency container is declared (in this case,\n * the browser module, with the dependancy container in dependencies.ts).\n * @hidden\n */\nclass StorageUtilityBrowser extends StorageUtility {\n constructor(secureStorage, insecureStorage) {\n super(secureStorage, insecureStorage);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * Checks if a client's registration has expired.\n */\nfunction isClientExpired(sessionInfo) {\n // clientExpiresAt === 0 means the client never expires (per OIDC DCR spec)\n if (sessionInfo.clientExpiresAt === undefined ||\n sessionInfo.clientExpiresAt === 0) {\n return false;\n }\n return sessionInfo.clientExpiresAt < Math.floor(Date.now() / 1000);\n}\n/**\n * @hidden\n */\nclass ClientAuthentication extends ClientAuthentication$1 {\n // Define these functions as properties so that they don't get accidentally re-bound.\n // Isn't Javascript fun?\n login = async (options, eventEmitter) => {\n // In order to get a clean start, make sure that the session is logged out\n // on login, except when doing a silent login so that Dynamic Client information\n // is preserved.\n if (options.prompt !== \"none\") {\n await this.sessionInfoManager.clear(options.sessionId);\n }\n // In the case of the user hitting the 'back' button in their browser, they\n // could return to a previous redirect URL that contains OIDC params that\n // are now longer valid. To be safe, strip relevant params now.\n // If the user is providing a redirect IRI, it should not be modified, so\n // normalization only applies if we default to the current location (which is\n // a bad practice and should be discouraged).\n const redirectUrl = options.redirectUrl ?? normalizeCallbackUrl(window.location.href);\n if (!isValidRedirectUrl(redirectUrl)) {\n throw new Error(`${redirectUrl} is not a valid redirect URL, it is either a malformed IRI, includes a hash fragment, or reserved query parameters ('code' or 'state').`);\n }\n await this.loginHandler.handle({\n ...options,\n redirectUrl,\n // If no clientName is provided, the clientId may be used instead.\n clientName: options.clientName ?? options.clientId,\n eventEmitter,\n });\n };\n // Collects session information from storage, and returns them. Returns null\n // if the expected information cannot be found or if the client has expired.\n // Note that the ID token is not stored, which means the session information\n // cannot be validated at this point.\n validateCurrentSession = async (currentSessionId) => {\n const sessionInfo = await this.sessionInfoManager.get(currentSessionId);\n if (sessionInfo === undefined ||\n sessionInfo.clientAppId === undefined ||\n sessionInfo.issuer === undefined ||\n isClientExpired(sessionInfo)) {\n return null;\n }\n return sessionInfo;\n };\n handleIncomingRedirect = async (url, eventEmitter) => {\n try {\n const redirectInfo = await this.redirectHandler.handle(url, eventEmitter, undefined);\n // The `FallbackRedirectHandler` directly returns the global `fetch` for\n // his value, so we should ensure it's bound to `window` rather than to\n // ClientAuthentication, to avoid the following error:\n // > 'fetch' called on an object that does not implement interface Window.\n this.fetch = redirectInfo.fetch.bind(window);\n this.boundLogout = redirectInfo.getLogoutUrl;\n // Strip the oauth params:\n await this.cleanUrlAfterRedirect(url);\n return {\n isLoggedIn: redirectInfo.isLoggedIn,\n webId: redirectInfo.webId,\n sessionId: redirectInfo.sessionId,\n expirationDate: redirectInfo.expirationDate,\n clientAppId: redirectInfo.clientAppId,\n };\n }\n catch (err) {\n // Strip the oauth params:\n await this.cleanUrlAfterRedirect(url);\n // FIXME: EVENTS.ERROR should be errorCode, errorDescription\n //\n // I'm not sure if \"redirect\" is a good error code, and in theory `err`\n // maybe an Error object and not a string; Maybe we want to just hardcode\n // a description instead?\n eventEmitter.emit(EVENTS.ERROR, \"redirect\", err);\n return undefined;\n }\n };\n async cleanUrlAfterRedirect(url) {\n const cleanedUpUrl = removeOpenIdParams(url).href;\n // Remove OAuth-specific query params (since the login flow finishes with\n // the browser being redirected back with OAuth2 query params (e.g. for\n // 'code' and 'state'), and so if the user simply refreshes this page our\n // authentication library will be called again with what are now invalid\n // query parameters!).\n window.history.replaceState(null, \"\", cleanedUpUrl);\n while (window.location.href !== cleanedUpUrl) {\n // Poll the current URL every ms. Active polling is required because\n // window.history.replaceState is asynchronous, but the associated\n // 'popstate' event which should be listened to is only sent on active\n // navigation, which we will not have here.\n // See https://developer.mozilla.org/en-US/docs/Web/API/Window/popstate_event#when_popstate_is_sent\n await new Promise((resolve) => {\n setTimeout(() => resolve(), 1);\n });\n }\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nfunction hasIssuer(options) {\n return typeof options.oidcIssuer === \"string\";\n}\nfunction hasRedirectUrl(options) {\n return typeof options.redirectUrl === \"string\";\n}\n/**\n * @hidden\n */\nclass OidcLoginHandler {\n storageUtility;\n oidcHandler;\n issuerConfigFetcher;\n clientRegistrar;\n constructor(storageUtility, oidcHandler, issuerConfigFetcher, clientRegistrar) {\n this.storageUtility = storageUtility;\n this.oidcHandler = oidcHandler;\n this.issuerConfigFetcher = issuerConfigFetcher;\n this.clientRegistrar = clientRegistrar;\n this.storageUtility = storageUtility;\n this.oidcHandler = oidcHandler;\n this.issuerConfigFetcher = issuerConfigFetcher;\n this.clientRegistrar = clientRegistrar;\n }\n async canHandle(options) {\n return hasIssuer(options) && hasRedirectUrl(options);\n }\n async handle(options) {\n if (!hasIssuer(options)) {\n throw new ConfigurationError(`OidcLoginHandler requires an OIDC issuer: missing property 'oidcIssuer' in ${JSON.stringify(options)}`);\n }\n if (!hasRedirectUrl(options)) {\n throw new ConfigurationError(`OidcLoginHandler requires a redirect URL: missing property 'redirectUrl' in ${JSON.stringify(options)}`);\n }\n // Fetch issuer config.\n const issuerConfig = await this.issuerConfigFetcher.fetchConfig(options.oidcIssuer);\n const clientRegistration = await handleRegistration(options, issuerConfig, this.storageUtility, this.clientRegistrar);\n // Construct OIDC Options\n const OidcOptions = {\n // Note that here, the issuer is not the one from the received options, but\n // from the issuer's config. This enforces the canonical URL is used and stored,\n // which is also the one present in the ID token, so storing a technically\n // valid, but different issuer URL (e.g. using a trailing slash or not) now\n // could prevent from validating the ID token later.\n issuer: issuerConfig.issuer,\n // TODO: differentiate if DPoP should be true\n dpop: options.tokenType.toLowerCase() === \"dpop\",\n ...options,\n issuerConfiguration: issuerConfig,\n client: clientRegistration,\n scopes: normalizeScopes(options.customScopes),\n };\n // Call proper OIDC Handler\n return this.oidcHandler.handle(OidcOptions);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n// Camelcase identifiers are required in the OIDC specification.\n/* eslint-disable camelcase*/\n/**\n * @hidden\n * Authorization code flow spec: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth\n * PKCE: https://tools.ietf.org/html/rfc7636\n */\nclass AuthorizationCodeWithPkceOidcHandler extends AuthorizationCodeWithPkceOidcHandlerBase {\n async handle(oidcLoginOptions) {\n const redirectUri = oidcLoginOptions.redirectUrl ?? \"\";\n const oidcOptions = {\n authority: oidcLoginOptions.issuer.toString(),\n client_id: oidcLoginOptions.client.clientId,\n client_secret: oidcLoginOptions.client.clientSecret,\n redirect_uri: redirectUri,\n response_type: \"code\",\n scope: oidcLoginOptions.scopes.join(\" \"),\n filterProtocolClaims: true,\n // The userinfo endpoint on NSS fails, so disable this for now\n // Note that in Solid, information should be retrieved from the\n // profile referenced by the WebId.\n loadUserInfo: false,\n prompt: oidcLoginOptions.prompt ?? \"consent\",\n };\n const oidcClientLibrary = new OidcClient(oidcOptions);\n try {\n const signingRequest = await oidcClientLibrary.createSigninRequest({});\n // Make sure to await the promise before returning so that the error is caught.\n return await this.setupRedirectHandler({\n oidcLoginOptions,\n state: signingRequest.state.id,\n codeVerifier: signingRequest.state.code_verifier ?? \"\",\n targetUrl: signingRequest.url.toString(),\n });\n }\n catch (err) {\n console.error(err);\n }\n // The login is only completed AFTER redirect, so nothing to return here.\n return undefined;\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n// Camelcase identifiers are required in the OIDC specification.\n/* eslint-disable camelcase*/\nconst WELL_KNOWN_OPENID_CONFIG = \".well-known/openid-configuration\";\nconst issuerConfigKeyMap = {\n issuer: {\n toKey: \"issuer\",\n convertToUrl: true,\n },\n authorization_endpoint: {\n toKey: \"authorizationEndpoint\",\n convertToUrl: true,\n },\n token_endpoint: {\n toKey: \"tokenEndpoint\",\n convertToUrl: true,\n },\n userinfo_endpoint: {\n toKey: \"userinfoEndpoint\",\n convertToUrl: true,\n },\n jwks_uri: {\n toKey: \"jwksUri\",\n convertToUrl: true,\n },\n registration_endpoint: {\n toKey: \"registrationEndpoint\",\n convertToUrl: true,\n },\n end_session_endpoint: {\n toKey: \"endSessionEndpoint\",\n convertToUrl: true,\n },\n scopes_supported: { toKey: \"scopesSupported\" },\n response_types_supported: { toKey: \"responseTypesSupported\" },\n response_modes_supported: { toKey: \"responseModesSupported\" },\n grant_types_supported: { toKey: \"grantTypesSupported\" },\n acr_values_supported: { toKey: \"acrValuesSupported\" },\n subject_types_supported: { toKey: \"subjectTypesSupported\" },\n id_token_signing_alg_values_supported: {\n toKey: \"idTokenSigningAlgValuesSupported\",\n },\n id_token_encryption_alg_values_supported: {\n toKey: \"idTokenEncryptionAlgValuesSupported\",\n },\n id_token_encryption_enc_values_supported: {\n toKey: \"idTokenEncryptionEncValuesSupported\",\n },\n userinfo_signing_alg_values_supported: {\n toKey: \"userinfoSigningAlgValuesSupported\",\n },\n userinfo_encryption_alg_values_supported: {\n toKey: \"userinfoEncryptionAlgValuesSupported\",\n },\n userinfo_encryption_enc_values_supported: {\n toKey: \"userinfoEncryptionEncValuesSupported\",\n },\n request_object_signing_alg_values_supported: {\n toKey: \"requestObjectSigningAlgValuesSupported\",\n },\n request_object_encryption_alg_values_supported: {\n toKey: \"requestObjectEncryptionAlgValuesSupported\",\n },\n request_object_encryption_enc_values_supported: {\n toKey: \"requestObjectEncryptionEncValuesSupported\",\n },\n token_endpoint_auth_methods_supported: {\n toKey: \"tokenEndpointAuthMethodsSupported\",\n },\n token_endpoint_auth_signing_alg_values_supported: {\n toKey: \"tokenEndpointAuthSigningAlgValuesSupported\",\n },\n display_values_supported: { toKey: \"displayValuesSupported\" },\n claim_types_supported: { toKey: \"claimTypesSupported\" },\n claims_supported: { toKey: \"claimsSupported\" },\n service_documentation: { toKey: \"serviceDocumentation\" },\n claims_locales_supported: { toKey: \"claimsLocalesSupported\" },\n ui_locales_supported: { toKey: \"uiLocalesSupported\" },\n claims_parameter_supported: { toKey: \"claimsParameterSupported\" },\n request_parameter_supported: { toKey: \"requestParameterSupported\" },\n request_uri_parameter_supported: { toKey: \"requestUriParameterSupported\" },\n require_request_uri_registration: { toKey: \"requireRequestUriRegistration\" },\n op_policy_uri: {\n toKey: \"opPolicyUri\",\n convertToUrl: true,\n },\n op_tos_uri: {\n toKey: \"opTosUri\",\n convertToUrl: true,\n },\n};\nfunction processConfig(config) {\n const parsedConfig = {};\n Object.keys(config).forEach((key) => {\n if (issuerConfigKeyMap[key]) {\n // TODO: PMcB55: Validate URL if \"issuerConfigKeyMap[key].convertToUrl\"\n // if (issuerConfigKeyMap[key].convertToUrl) {\n // validateUrl(config[key]);\n // }\n parsedConfig[issuerConfigKeyMap[key].toKey] = config[key];\n }\n });\n if (!Array.isArray(parsedConfig.scopesSupported)) {\n parsedConfig.scopesSupported = [\"openid\"];\n }\n return parsedConfig;\n}\n/**\n * @hidden\n */\nclass IssuerConfigFetcher {\n storageUtility;\n constructor(storageUtility) {\n this.storageUtility = storageUtility;\n this.storageUtility = storageUtility;\n }\n // This method needs no state (so can be static), and can be exposed to allow\n // callers to know where this implementation puts state it needs.\n static getLocalStorageKey(issuer) {\n return `issuerConfig:${issuer}`;\n }\n async fetchConfig(issuer) {\n let issuerConfig;\n const openIdConfigUrl = new URL(WELL_KNOWN_OPENID_CONFIG, \n // Make sure to append a slash at issuer URL, so that the .well-known URL\n // includes the full issuer path. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig.\n issuer.endsWith(\"/\") ? issuer : `${issuer}/`).href;\n const issuerConfigRequestBody = await fetch(openIdConfigUrl);\n // Check the validity of the fetched config\n try {\n issuerConfig = processConfig(await issuerConfigRequestBody.json());\n }\n catch (err) {\n throw new ConfigurationError(`[${issuer.toString()}] has an invalid configuration: ${err.message}`);\n }\n // Update store with fetched config\n await this.storageUtility.set(IssuerConfigFetcher.getLocalStorageKey(issuer), JSON.stringify(issuerConfig));\n return issuerConfig;\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @param sessionId\n * @param storage\n * @hidden\n */\nasync function clear(sessionId, storage) {\n await clear$1(sessionId, storage);\n await clearOidcPersistentStorage();\n}\n/**\n * @hidden\n */\nclass SessionInfoManager extends SessionInfoManagerBase {\n async get(sessionId) {\n const [isLoggedIn, webId, clientId, clientSecret, redirectUrl, refreshToken, issuer, tokenType, expiresAt,] = await Promise.all([\n this.storageUtility.getForUser(sessionId, \"isLoggedIn\", {\n secure: true,\n }),\n this.storageUtility.getForUser(sessionId, \"webId\", {\n secure: true,\n }),\n this.storageUtility.getForUser(sessionId, \"clientId\", {\n secure: false,\n }),\n this.storageUtility.getForUser(sessionId, \"clientSecret\", {\n secure: false,\n }),\n this.storageUtility.getForUser(sessionId, \"redirectUrl\", {\n secure: false,\n }),\n this.storageUtility.getForUser(sessionId, \"refreshToken\", {\n secure: true,\n }),\n this.storageUtility.getForUser(sessionId, \"issuer\", {\n secure: false,\n }),\n this.storageUtility.getForUser(sessionId, \"tokenType\", {\n secure: false,\n }),\n this.storageUtility.getForUser(sessionId, \"expiresAt\", {\n secure: false,\n }),\n ]);\n if (typeof redirectUrl === \"string\" && !isValidRedirectUrl(redirectUrl)) {\n // This resolves the issue for people experiencing https://github.com/inrupt/solid-client-authn-js/issues/2891.\n // An invalid redirect URL is present in the storage, and the session should\n // be cleared to get a fresh start. This will require the user to log back in.\n await Promise.all([\n this.storageUtility.deleteAllUserData(sessionId, { secure: false }),\n this.storageUtility.deleteAllUserData(sessionId, { secure: true }),\n ]);\n return undefined;\n }\n if (tokenType !== undefined && !isSupportedTokenType(tokenType)) {\n throw new Error(`Tokens of type [${tokenType}] are not supported.`);\n }\n if (clientId === undefined &&\n isLoggedIn === undefined &&\n webId === undefined &&\n refreshToken === undefined) {\n return undefined;\n }\n return {\n sessionId,\n webId,\n isLoggedIn: isLoggedIn === \"true\",\n redirectUrl,\n refreshToken,\n issuer,\n clientAppId: clientId,\n clientAppSecret: clientSecret,\n // Default the token type to DPoP if unspecified.\n tokenType: tokenType ?? \"DPoP\",\n clientExpiresAt: expiresAt !== undefined ? Number.parseInt(expiresAt, 10) : undefined,\n };\n }\n /**\n * This function removes all session-related information from storage.\n * @param sessionId the session identifier\n * @param storage the storage where session info is stored\n * @hidden\n */\n async clear(sessionId) {\n return clear(sessionId, this.storageUtility);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * This class handles redirect IRIs without any query params, and returns an unauthenticated\n * session. It serves as a fallback so that consuming libraries don't have to test\n * for the query params themselves, and can always try to use them as a redirect IRI.\n * @hidden\n */\nclass FallbackRedirectHandler {\n async canHandle(redirectUrl) {\n try {\n // The next URL object is built for validating it.\n new URL(redirectUrl);\n return true;\n }\n catch (e) {\n throw new Error(`[${redirectUrl}] is not a valid URL, and cannot be used as a redirect URL: ${e}`);\n }\n }\n async handle(\n // The argument is ignored, but must be present to implement the interface\n _redirectUrl) {\n return getUnauthenticatedSession();\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass AuthCodeRedirectHandler {\n storageUtility;\n sessionInfoManager;\n issuerConfigFetcher;\n clientRegistrar;\n tokerRefresher;\n constructor(storageUtility, sessionInfoManager, issuerConfigFetcher, clientRegistrar, tokerRefresher) {\n this.storageUtility = storageUtility;\n this.sessionInfoManager = sessionInfoManager;\n this.issuerConfigFetcher = issuerConfigFetcher;\n this.clientRegistrar = clientRegistrar;\n this.tokerRefresher = tokerRefresher;\n this.storageUtility = storageUtility;\n this.sessionInfoManager = sessionInfoManager;\n this.issuerConfigFetcher = issuerConfigFetcher;\n this.clientRegistrar = clientRegistrar;\n this.tokerRefresher = tokerRefresher;\n }\n async canHandle(redirectUrl) {\n try {\n const myUrl = new URL(redirectUrl);\n return (myUrl.searchParams.get(\"code\") !== null &&\n myUrl.searchParams.get(\"state\") !== null);\n }\n catch (e) {\n throw new Error(`[${redirectUrl}] is not a valid URL, and cannot be used as a redirect URL: ${e}`);\n }\n }\n async handle(redirectUrl, eventEmitter) {\n if (!(await this.canHandle(redirectUrl))) {\n throw new Error(`AuthCodeRedirectHandler cannot handle [${redirectUrl}]: it is missing one of [code, state].`);\n }\n const url = new URL(redirectUrl);\n const oauthState = url.searchParams.get(\"state\");\n const storedSessionId = (await this.storageUtility.getForUser(oauthState, \"sessionId\", {\n errorIfNull: true,\n }));\n const { issuerConfig, codeVerifier, redirectUrl: storedRedirectIri, dpop: isDpop, } = await loadOidcContextFromStorage(storedSessionId, this.storageUtility, this.issuerConfigFetcher);\n const iss = url.searchParams.get(\"iss\");\n if (typeof iss === \"string\" && iss !== issuerConfig.issuer) {\n throw new Error(`The value of the iss parameter (${iss}) does not match the issuer identifier of the authorization server (${issuerConfig.issuer}). See [rfc9207](https://www.rfc-editor.org/rfc/rfc9207.html#section-2.3-3.1.1)`);\n }\n if (codeVerifier === undefined) {\n throw new Error(`The code verifier for session ${storedSessionId} is missing from storage.`);\n }\n if (storedRedirectIri === undefined) {\n throw new Error(`The redirect URL for session ${storedSessionId} is missing from storage.`);\n }\n const client = await this.clientRegistrar.getClient({ sessionId: storedSessionId }, issuerConfig);\n const tokenCreatedAt = Date.now();\n const tokens = await getTokens(issuerConfig, client, {\n grantType: \"authorization_code\",\n // We rely on our 'canHandle' function checking that the OAuth 'code'\n // parameter is present in our query string.\n code: url.searchParams.get(\"code\"),\n codeVerifier,\n redirectUrl: storedRedirectIri,\n }, isDpop);\n // Delete oidc-client-specific session information from storage. oidc-client\n // is no longer used for the token exchange, so it doesn't perform this automatically.\n window.localStorage.removeItem(`oidc.${oauthState}`);\n let refreshOptions;\n if (tokens.refreshToken !== undefined) {\n refreshOptions = {\n sessionId: storedSessionId,\n refreshToken: tokens.refreshToken,\n tokenRefresher: this.tokerRefresher,\n };\n }\n const authFetch = buildAuthenticatedFetch(tokens.accessToken, {\n dpopKey: tokens.dpopKey,\n refreshOptions,\n eventEmitter,\n expiresIn: tokens.expiresIn,\n });\n await saveSessionInfoToStorage(this.storageUtility, storedSessionId, tokens.webId, tokens.clientId, \"true\", undefined, true);\n const sessionInfo = await this.sessionInfoManager.get(storedSessionId);\n if (!sessionInfo) {\n throw new Error(`Could not retrieve session: [${storedSessionId}].`);\n }\n return Object.assign(sessionInfo, {\n fetch: authFetch,\n getLogoutUrl: maybeBuildRpInitiatedLogout({\n idTokenHint: tokens.idToken,\n endSessionEndpoint: issuerConfig.endSessionEndpoint,\n }),\n expirationDate: typeof tokens.expiresIn === \"number\"\n ? tokenCreatedAt + tokens.expiresIn * 1000\n : undefined,\n });\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass AggregateRedirectHandler extends AggregateHandler {\n constructor(redirectHandlers) {\n super(redirectHandlers);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass BrowserStorage {\n get storage() {\n return window.localStorage;\n }\n async get(key) {\n return this.storage.getItem(key) || undefined;\n }\n async set(key, value) {\n this.storage.setItem(key, value);\n }\n async delete(key) {\n this.storage.removeItem(key);\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass Redirector {\n redirect(redirectUrl, options) {\n if (options && options.handleRedirect) {\n options.handleRedirect(redirectUrl);\n }\n else if (options && options.redirectByReplacingState) {\n window.history.replaceState({}, \"\", redirectUrl);\n }\n else {\n window.location.href = redirectUrl;\n }\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @hidden\n */\nclass ClientRegistrar {\n storageUtility;\n constructor(storageUtility) {\n this.storageUtility = storageUtility;\n this.storageUtility = storageUtility;\n }\n async getClient(options, issuerConfig) {\n // If client secret and/or client id are stored in storage, use those.\n const [storedClientId, storedClientSecret, expiresAt, storedClientName, storedClientType,] = await Promise.all([\n this.storageUtility.getForUser(options.sessionId, \"clientId\", {\n secure: false,\n }),\n this.storageUtility.getForUser(options.sessionId, \"clientSecret\", {\n secure: false,\n }),\n this.storageUtility.getForUser(options.sessionId, \"expiresAt\", {\n secure: false,\n }),\n this.storageUtility.getForUser(options.sessionId, \"clientName\", {\n secure: false,\n }),\n this.storageUtility.getForUser(options.sessionId, \"clientType\", {\n secure: false,\n }),\n ]);\n // -1 is used as a default to identify legacy cases when a value should\n // have been stored, but wasn't. It will be treated as an expired client.\n const expirationDate = expiresAt !== undefined ? Number.parseInt(expiresAt, 10) : -1;\n // Expiration is only applicable to confidential clients.\n // If the client registration never expires, then the expirationDate is 0.\n // Note that Date.now() is in milliseconds, and expirationDate in seconds.\n const expired = storedClientSecret !== undefined &&\n expirationDate !== 0 &&\n Math.floor(Date.now() / 1000) > expirationDate;\n if (storedClientId && isKnownClientType(storedClientType) && !expired) {\n return storedClientSecret !== undefined\n ? {\n clientId: storedClientId,\n clientSecret: storedClientSecret,\n clientName: storedClientName,\n // Note: static clients are not applicable in a browser context.\n clientType: \"dynamic\",\n expiresAt: expirationDate,\n }\n : {\n clientId: storedClientId,\n clientName: storedClientName,\n // Note: static clients are not applicable in a browser context.\n clientType: storedClientType,\n // The type assertion is required even though the type should match the declaration.\n };\n }\n try {\n const registeredClient = await registerClient(options, issuerConfig);\n // Save info\n const infoToSave = {\n clientId: registeredClient.clientId,\n clientType: \"dynamic\",\n };\n if (registeredClient.clientSecret !== undefined) {\n infoToSave.clientSecret = registeredClient.clientSecret;\n infoToSave.expiresAt = String(registeredClient.expiresAt);\n }\n if (registeredClient.idTokenSignedResponseAlg) {\n infoToSave.idTokenSignedResponseAlg =\n registeredClient.idTokenSignedResponseAlg;\n }\n await this.storageUtility.setForUser(options.sessionId, infoToSave, {\n // FIXME: figure out how to persist secure storage at reload\n // Otherwise, the client info cannot be retrieved from storage, and\n // the lib tries to re-register the client on each fetch\n secure: false,\n });\n return registeredClient;\n }\n catch (error) {\n throw new Error(`Client registration failed.`, { cause: error });\n }\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * This class handles redirect IRIs without any query params, and returns an unauthenticated\n * session. It serves as a fallback so that consuming libraries don't have to test\n * for the query params themselves, and can always try to use them as a redirect IRI.\n * @hidden\n */\nclass ErrorOidcHandler {\n async canHandle(redirectUrl) {\n try {\n return new URL(redirectUrl).searchParams.has(\"error\");\n }\n catch (e) {\n throw new Error(`[${redirectUrl}] is not a valid URL, and cannot be used as a redirect URL: ${e}`);\n }\n }\n async handle(redirectUrl, eventEmitter) {\n if (eventEmitter !== undefined) {\n const url = new URL(redirectUrl);\n const errorUrl = url.searchParams.get(\"error\");\n const errorDescriptionUrl = url.searchParams.get(\"error_description\");\n eventEmitter.emit(EVENTS.ERROR, errorUrl, errorDescriptionUrl);\n }\n return getUnauthenticatedSession();\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n// Some identifiers are not in camelcase on purpose, as they are named using the\n// official names from the OIDC/OAuth2 specifications.\n/**\n * @hidden\n */\nclass TokenRefresher {\n storageUtility;\n issuerConfigFetcher;\n clientRegistrar;\n constructor(storageUtility, issuerConfigFetcher, clientRegistrar) {\n this.storageUtility = storageUtility;\n this.issuerConfigFetcher = issuerConfigFetcher;\n this.clientRegistrar = clientRegistrar;\n this.storageUtility = storageUtility;\n this.issuerConfigFetcher = issuerConfigFetcher;\n this.clientRegistrar = clientRegistrar;\n }\n async refresh(sessionId, refreshToken, dpopKey, eventEmitter) {\n const oidcContext = await loadOidcContextFromStorage(sessionId, this.storageUtility, this.issuerConfigFetcher);\n // This should also retrieve the client from storage\n const clientInfo = await this.clientRegistrar.getClient({ sessionId }, oidcContext.issuerConfig);\n if (refreshToken === undefined) {\n // TODO: in a next PR, look up storage for a refresh token\n throw new Error(`Session [${sessionId}] has no refresh token to allow it to refresh its access token.`);\n }\n if (oidcContext.dpop && dpopKey === undefined) {\n throw new Error(`For session [${sessionId}], the key bound to the DPoP access token must be provided to refresh said access token.`);\n }\n const tokenSet = await refresh(refreshToken, oidcContext.issuerConfig, clientInfo, dpopKey);\n if (tokenSet.refreshToken !== undefined) {\n eventEmitter?.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);\n }\n return tokenSet;\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\n/**\n * @param dependencies\n * @hidden\n */\nfunction getClientAuthenticationWithDependencies(dependencies) {\n const inMemoryStorage = new InMemoryStorage();\n const secureStorage = dependencies.secureStorage || inMemoryStorage;\n const insecureStorage = dependencies.insecureStorage || new BrowserStorage();\n const storageUtility = new StorageUtilityBrowser(secureStorage, insecureStorage);\n const issuerConfigFetcher = new IssuerConfigFetcher(storageUtility);\n const clientRegistrar = new ClientRegistrar(storageUtility);\n const sessionInfoManager = new SessionInfoManager(storageUtility);\n const tokenRefresher = new TokenRefresher(storageUtility, issuerConfigFetcher, clientRegistrar);\n const redirector = new Redirector();\n // make new handler for redirect and login\n const loginHandler = new OidcLoginHandler(storageUtility, new AuthorizationCodeWithPkceOidcHandler(storageUtility, redirector), issuerConfigFetcher, clientRegistrar);\n const redirectHandler = new AggregateRedirectHandler([\n new ErrorOidcHandler(),\n new AuthCodeRedirectHandler(storageUtility, sessionInfoManager, issuerConfigFetcher, clientRegistrar, tokenRefresher),\n // This catch-all class will always be able to handle the\n // redirect IRI, so it must be registered last.\n new FallbackRedirectHandler(),\n ]);\n return new ClientAuthentication(loginHandler, redirectHandler, new IWaterfallLogoutHandler(sessionInfoManager, redirector), sessionInfoManager, issuerConfigFetcher);\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nconst KEY_CURRENT_SESSION = `${SOLID_CLIENT_AUTHN_KEY_PREFIX}currentSession`;\nconst KEY_CURRENT_URL = `${SOLID_CLIENT_AUTHN_KEY_PREFIX}currentUrl`;\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nasync function silentlyAuthenticate(sessionId, clientAuthn, session) {\n const storedSessionInfo = await clientAuthn.validateCurrentSession(sessionId);\n if (storedSessionInfo !== null) {\n // It can be really useful to save the user's current browser location,\n // so that we can restore it after completing the silent authentication\n // on incoming redirect. This way, the user is eventually redirected back\n // to the page they were on and not to the app's redirect page.\n window.localStorage.setItem(KEY_CURRENT_URL, window.location.href);\n await clientAuthn.login({\n sessionId,\n prompt: \"none\",\n oidcIssuer: storedSessionInfo.issuer,\n redirectUrl: storedSessionInfo.redirectUrl,\n clientId: storedSessionInfo.clientAppId,\n clientSecret: storedSessionInfo.clientAppSecret,\n tokenType: storedSessionInfo.tokenType ?? \"DPoP\",\n }, session.events);\n return true;\n }\n return false;\n}\nfunction isLoggedIn(sessionInfo) {\n return !!sessionInfo?.isLoggedIn;\n}\n/**\n * A {@link Session} object represents a user's session on an application. The session holds state, as it stores information enabling access to private resources after login for instance.\n */\nclass Session {\n /**\n * Information regarding the current session.\n */\n info;\n /**\n * Session attribute exposing the EventEmitter interface, to listen on session\n * events such as login, logout, etc.\n * @since 1.15.0\n */\n events;\n clientAuthentication;\n tokenRequestInProgress = false;\n /**\n * Session object constructor. Typically called as follows:\n *\n * ```typescript\n * const session = new Session();\n * ```\n *\n * See also [getDefaultSession](https://docs.inrupt.com/developer-tools/api/javascript/solid-client-authn-browser/functions.html#getdefaultsession).\n *\n * @param sessionOptions The options enabling the correct instantiation of\n * the session. Either both storages or clientAuthentication are required. For\n * more information, see {@link ISessionOptions}.\n * @param sessionId A string uniquely identifying the session.\n *\n */\n constructor(sessionOptions = {}, sessionId = undefined) {\n this.events = new EventEmitter();\n if (sessionOptions.clientAuthentication) {\n this.clientAuthentication = sessionOptions.clientAuthentication;\n }\n else if (sessionOptions.secureStorage && sessionOptions.insecureStorage) {\n this.clientAuthentication = getClientAuthenticationWithDependencies({\n secureStorage: sessionOptions.secureStorage,\n insecureStorage: sessionOptions.insecureStorage,\n });\n }\n else {\n this.clientAuthentication = getClientAuthenticationWithDependencies({});\n }\n if (sessionOptions.sessionInfo) {\n this.info = {\n sessionId: sessionOptions.sessionInfo.sessionId,\n isLoggedIn: false,\n webId: sessionOptions.sessionInfo.webId,\n clientAppId: sessionOptions.sessionInfo.clientAppId,\n };\n }\n else {\n this.info = {\n sessionId: sessionId ?? v4(),\n isLoggedIn: false,\n };\n }\n // When a session is logged in, we want to track its ID in local storage to\n // enable silent refresh. The current session ID specifically stored in 'localStorage'\n // (as opposed to using our storage abstraction layer) because it is only\n // used in a browser-specific mechanism.\n this.events.on(EVENTS.LOGIN, () => window.localStorage.setItem(KEY_CURRENT_SESSION, this.info.sessionId));\n this.events.on(EVENTS.SESSION_EXPIRED, () => this.internalLogout(false));\n this.events.on(EVENTS.ERROR, () => this.internalLogout(false));\n }\n /**\n * Triggers the login process. Note that this method will redirect the user away from your app.\n *\n * @param options Parameter to customize the login behaviour. In particular, two options are mandatory: `options.oidcIssuer`, the user's identity provider, and `options.redirectUrl`, the URL to which the user will be redirected after logging in their identity provider.\n * @returns This method should redirect the user away from the app: it does not return anything. The login process is completed by {@linkcode handleIncomingRedirect}.\n */\n // Define these functions as properties so that they don't get accidentally re-bound.\n // Isn't Javascript fun?\n login = async (options) => {\n await this.clientAuthentication.login({\n sessionId: this.info.sessionId,\n ...options,\n // Defaults the token type to DPoP\n tokenType: options.tokenType ?? \"DPoP\",\n }, this.events);\n // `login` redirects the user away from the app,\n // so unless it throws an error, there is no code that should run afterwards\n // (since there is no \"after\" in the lifetime of the script).\n // Hence, this Promise never resolves:\n return new Promise(() => { });\n };\n /**\n * Fetches data using available login information. If the user is not logged in, this will behave as a regular `fetch`. The signature of this method is identical to the [canonical `fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API).\n *\n * @param url The URL from which data should be fetched.\n * @param init Optional parameters customizing the request, by specifying an HTTP method, headers, a body, etc. Follows the [WHATWG Fetch Standard](https://fetch.spec.whatwg.org/).\n */\n fetch = (url, init) => this.clientAuthentication.fetch(url, init);\n /**\n * An internal logout function, to control whether or not the logout signal\n * should be sent, i.e. if the logout was user-initiated or is the result of\n * an external event.\n *\n * @hidden\n */\n internalLogout = async (emitSignal, options) => {\n // Clearing this value means that silent refresh will no longer be attempted.\n // In particular, in the case of a silent authentication error it prevents\n // from getting stuck in an authentication retries loop.\n window.localStorage.removeItem(KEY_CURRENT_SESSION);\n await this.clientAuthentication.logout(this.info.sessionId, options);\n this.info.isLoggedIn = false;\n if (emitSignal) {\n this.events.emit(EVENTS.LOGOUT);\n }\n };\n /**\n * Logs the user out of the application.\n *\n * There are 2 types of logout supported by this library,\n * `app` logout and `idp` logout.\n *\n * App logout will log the user out within the application\n * by clearing any session data from the browser. It does\n * not log the user out of their Solid identity provider,\n * and should not redirect the user away.\n * App logout can be performed as follows:\n * ```typescript\n * await session.logout({ logoutType: 'app' });\n * ```\n *\n * IDP logout will log the user out of their Solid identity provider,\n * and will redirect the user away from the application to do so. In order\n * for users to be redirected back to `postLogoutUrl` you MUST include the\n * `postLogoutUrl` value in the `post_logout_redirect_uris` field in the\n * [Client ID Document](https://docs.inrupt.com/ess/latest/security/authentication/#client-identifier-client-id).\n * IDP logout can be performed as follows:\n * ```typescript\n * await session.logout({\n * logoutType: 'idp',\n * // An optional URL to redirect to after logout has completed;\n * // this MUST match a logout URL listed in the Client ID Document\n * // of the application that is logged in.\n * // If the application is logged in with a Client ID that is not\n * // a URI dereferencing to a Client ID Document then users will\n * // not be redirected back to the `postLogoutUrl` after logout.\n * postLogoutUrl: 'https://example.com/logout',\n * // An optional value to be included in the query parameters\n * // when the IDP provider redirects the user to the postLogoutRedirectUrl.\n * state: \"my-state\"\n * });\n * ```\n */\n logout = async (options) => this.internalLogout(true, options);\n /**\n * Completes the login process by processing the information provided by the\n * Solid identity provider through redirect.\n *\n * @param options See {@link IHandleIncomingRedirectOptions}.\n */\n handleIncomingRedirect = async (inputOptions = {}) => {\n if (this.info.isLoggedIn) {\n return this.info;\n }\n if (this.tokenRequestInProgress) {\n return undefined;\n }\n const options = typeof inputOptions === \"string\" ? { url: inputOptions } : inputOptions;\n const url = options.url ?? window.location.href;\n this.tokenRequestInProgress = true;\n const sessionInfo = await this.clientAuthentication.handleIncomingRedirect(url, this.events);\n if (isLoggedIn(sessionInfo)) {\n this.setSessionInfo(sessionInfo);\n const currentUrl = window.localStorage.getItem(KEY_CURRENT_URL);\n if (currentUrl === null) {\n // The login event can only be triggered **after** the user has been\n // redirected from the IdP with access and ID tokens.\n this.events.emit(EVENTS.LOGIN);\n }\n else {\n // If an URL is stored in local storage, we are being logged in after a\n // silent authentication, so remove our currently stored URL location\n // to clean up our state now that we are completing the re-login process.\n window.localStorage.removeItem(KEY_CURRENT_URL);\n this.events.emit(EVENTS.SESSION_RESTORED, currentUrl);\n }\n }\n else if (options.restorePreviousSession === true) {\n // Silent authentication happens after a refresh, which means there are no\n // OAuth params in the current location IRI. It can only succeed if a session\n // was previously logged in, in which case its ID will be present with a known\n // identifier in local storage.\n // Check if we have a locally stored session ID...\n const storedSessionId = window.localStorage.getItem(KEY_CURRENT_SESSION);\n // ...if not, then there is no ID token, and so silent authentication cannot happen, but\n // if we do have a stored session ID, attempt to re-authenticate now silently.\n if (storedSessionId !== null) {\n const attemptedSilentAuthentication = await silentlyAuthenticate(storedSessionId, this.clientAuthentication, this);\n // At this point, we know that the main window will imminently be redirected.\n // However, this redirect is asynchronous and there is no way to halt execution\n // until it happens precisely. That's why the current Promise simply does not\n // resolve.\n if (attemptedSilentAuthentication) {\n return new Promise(() => { });\n }\n }\n }\n this.tokenRequestInProgress = false;\n return sessionInfo;\n };\n setSessionInfo(sessionInfo) {\n this.info.isLoggedIn = sessionInfo.isLoggedIn;\n this.info.webId = sessionInfo.webId;\n this.info.sessionId = sessionInfo.sessionId;\n this.info.clientAppId = sessionInfo.clientAppId;\n this.info.expirationDate = sessionInfo.expirationDate;\n this.events.on(EVENTS.SESSION_EXTENDED, (expiresIn) => {\n this.info.expirationDate = Date.now() + expiresIn * 1000;\n });\n }\n}\n\n// Copyright Inrupt Inc.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal in\n// the Software without restriction, including without limitation the rights to use,\n// copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the\n// Software, and to permit persons to whom the Software is furnished to do so,\n// subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in\n// all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\n// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A\n// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\n// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n//\nlet defaultSession;\n/**\n * Obtain the {@link Session} used when not explicitly instantiating one yourself.\n *\n * When using the top-level exports {@link fetch}, {@link login}, {@link logout},\n * {@link handleIncomingRedirect}, {@link onLogin} and {@link onLogout}, these apply to an\n * implicitly-instantiated {@link Session}.\n * This function returns a reference to that Session in order to obtain e.g. the current user's\n * WebID.\n * @since 1.3.0\n */\nfunction getDefaultSession() {\n if (typeof defaultSession === \"undefined\") {\n defaultSession = new Session();\n }\n return defaultSession;\n}\n/**\n * This function's signature is equal to `window.fetch`, but if the current user is authenticated\n * (see [[login]] and [[handleIncomingRedirect]]), requests made using it will include that user's\n * credentials. If not, this will behave just like the regular `window.fetch`.\n *\n * @see {@link https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch}\n * @since 1.3.0\n */\nfunction fetch$1(...args) {\n const session = getDefaultSession();\n return session.fetch(...args);\n}\n/**\n * Triggers the login process. Note that this method will redirect the user away from your app.\n *\n * @param options Parameter to customize the login behaviour. In particular, two options are mandatory: `options.oidcIssuer`, the user's identity provider, and `options.redirectUrl`, the URL to which the user will be redirected after logging in their identity provider.\n * @returns This method should redirect the user away from the app: it does not return anything. The login process is completed by [[handleIncomingRedirect]].\n * @since 1.3.0\n */\nfunction login(...args) {\n const session = getDefaultSession();\n return session.login(...args);\n}\n/**\n * Logs the user out of the application.\n *\n * By default this does not log the user out of their Solid identity provider.\n * In order to do so, you must set the logoutType to `idp`. For usage details\n * see {@link Session.logout}.\n *\n * @since 1.3.0\n */\nfunction logout(...args) {\n const session = getDefaultSession();\n return session.logout(...args);\n}\n/**\n * Completes the login process by processing the information provided by the Solid identity provider through redirect.\n *\n * @param url The URL of the page handling the redirect, including the query parameters — these contain the information to process the login.\n * @since 1.3.0\n */\nfunction handleIncomingRedirect(...args) {\n const session = getDefaultSession();\n return session.handleIncomingRedirect(...args);\n}\n/**\n * {@link SessionEventEmitter} instance to subscribe to events by the default session.\n *\n * @since 1.14.0\n */\nfunction events() {\n return getDefaultSession().events;\n}\n\nexport { Session, events, fetch$1 as fetch, getDefaultSession, handleIncomingRedirect, login, logout };\n//# sourceMappingURL=index.mjs.map\n","import {\n Session,\n} from '@inrupt/solid-client-authn-browser'\n\nexport const authSession = new Session()\n\n ","// Namespaces we commonly use and have common prefixes for around Solid\nimport solidNamespace from 'solid-namespace' // Delegate to this which takes RDFlib as param.\nimport * as $rdf from 'rdflib'\n\nexport const ns = solidNamespace($rdf)","import { graph, NamedNode, Namespace, serialize, sym } from 'rdflib'\nimport { AclLogic } from '../types'\nimport { ns as namespace } from '../util/ns'\n\n\nexport const ACL_LINK = sym(\n 'http://www.iana.org/assignments/link-relations/acl'\n)\n\nexport function createAclLogic(store): AclLogic {\n\n const ns = namespace\n \n async function findAclDocUrl(url: NamedNode) {\n await store.fetcher.load(url)\n const docNode = store.any(url, ACL_LINK)\n if (!docNode) {\n throw new Error(`No ACL link discovered for ${url}`)\n }\n return docNode.value\n }\n /**\n * Simple Access Control\n *\n * This function sets up a simple default ACL for a resource, with\n * RWC for the owner, and a specified access (default none) for the public.\n * In all cases owner has read write control.\n * Parameter lists modes allowed to public\n *\n * @param options\n * @param options.public eg ['Read', 'Write']\n *\n * @returns Resolves with aclDoc uri on successful write\n */\n function setACLUserPublic ( \n docURI: string,\n me: NamedNode,\n options: {\n defaultForNew?: boolean,\n public?: []\n }\n ): Promise<NamedNode> {\n const aclDoc = store.any(\n store.sym(docURI),\n ACL_LINK\n )\n\n return Promise.resolve()\n .then(() => {\n if (aclDoc) {\n return aclDoc as NamedNode\n }\n\n return fetchACLRel(docURI).catch(err => {\n throw new Error(`Error fetching rel=ACL header for ${docURI}: ${err}`)\n })\n })\n .then(aclDoc => {\n const aclText = genACLText(docURI, me, aclDoc.uri, options)\n if (!store.fetcher) {\n throw new Error('Cannot PUT this, store has no fetcher')\n }\n return store.fetcher\n .webOperation('PUT', aclDoc.uri, {\n data: aclText,\n contentType: 'text/turtle'\n })\n .then(result => {\n if (!result.ok) {\n throw new Error('Error writing ACL text: ' + result.error)\n }\n\n return aclDoc\n })\n })\n }\n\n /**\n * @param docURI\n * @returns\n */\n function fetchACLRel (docURI: string): Promise<NamedNode> {\n const fetcher = store.fetcher\n if (!fetcher) {\n throw new Error('Cannot fetch ACL rel, store has no fetcher')\n }\n\n return fetcher.load(docURI).then(result => {\n if (!result.ok) {\n throw new Error('fetchACLRel: While loading:' + (result as any).error)\n }\n\n const aclDoc = store.any(\n store.sym(docURI),\n ACL_LINK\n )\n\n if (!aclDoc) {\n throw new Error('fetchACLRel: No Link rel=ACL header for ' + docURI)\n }\n\n return aclDoc as NamedNode\n })\n }\n\n /**\n * @param docURI\n * @param me\n * @param aclURI\n * @param options\n *\n * @returns Serialized ACL\n */\n function genACLText (\n docURI: string,\n me: NamedNode,\n aclURI: string,\n options: {\n defaultForNew?: boolean,\n public?: []\n } = {}\n ): string | undefined {\n const optPublic = options.public || []\n const g = graph()\n const auth = Namespace('http://www.w3.org/ns/auth/acl#')\n let a = g.sym(`${aclURI}#a1`)\n const acl = g.sym(aclURI)\n const doc = g.sym(docURI)\n g.add(a, ns.rdf('type'), auth('Authorization'), acl)\n g.add(a, auth('accessTo'), doc, acl)\n if (options.defaultForNew) {\n g.add(a, auth('default'), doc, acl)\n }\n g.add(a, auth('agent'), me, acl)\n g.add(a, auth('mode'), auth('Read'), acl)\n g.add(a, auth('mode'), auth('Write'), acl)\n g.add(a, auth('mode'), auth('Control'), acl)\n\n if (optPublic.length) {\n a = g.sym(`${aclURI}#a2`)\n g.add(a, ns.rdf('type'), auth('Authorization'), acl)\n g.add(a, auth('accessTo'), doc, acl)\n g.add(a, auth('agentClass'), ns.foaf('Agent'), acl)\n for (let p = 0; p < optPublic.length; p++) {\n g.add(a, auth('mode'), auth(optPublic[p]), acl) // Like 'Read' etc\n }\n }\n return serialize(acl, g, aclURI)\n }\n return {\n findAclDocUrl,\n setACLUserPublic,\n genACLText\n }\n}","import { NamedNode, sym } from 'rdflib'\nimport * as debug from '../util/debug'\n\n/**\n * find a user or app's context as set in window.SolidAppContext\n * this is a const, not a function, because we have problems to jest mock it otherwise\n * see: https://github.com/facebook/jest/issues/936#issuecomment-545080082 for more\n * @return {any} - an appContext object\n */\nexport const appContext = ():any => {\n let { SolidAppContext }: any = window\n SolidAppContext ||= {}\n SolidAppContext.viewingNoAuthPage = false\n if (SolidAppContext.noAuth && window.document) {\n const currentPage = window.document.location.href\n if (currentPage.startsWith(SolidAppContext.noAuth)) {\n SolidAppContext.viewingNoAuthPage = true\n const params = new URLSearchParams(window.document.location.search)\n if (params) {\n let viewedPage = SolidAppContext.viewedPage = params.get('uri') || null\n if (viewedPage) {\n viewedPage = decodeURI(viewedPage)\n if (!viewedPage.startsWith(SolidAppContext.noAuth)) {\n const ary = viewedPage.split(/\\//)\n SolidAppContext.idp = ary[0] + '//' + ary[2]\n SolidAppContext.viewingNoAuthPage = false\n }\n }\n }\n }\n }\n return SolidAppContext\n}\n\n/**\n * Returns `sym($SolidTestEnvironment.username)` if\n * `$SolidTestEnvironment.username` is defined as a global\n * or \n * returns testID defined in the HTML page\n * @returns {NamedNode|null}\n */\nexport function offlineTestID (): NamedNode | null {\n const { $SolidTestEnvironment }: any = window\n if (\n typeof $SolidTestEnvironment !== 'undefined' &&\n $SolidTestEnvironment.username\n ) {\n // Test setup\n debug.log('Assuming the user is ' + $SolidTestEnvironment.username)\n return sym($SolidTestEnvironment.username)\n }\n // hack that makes SolidOS work in offline mode by adding the webId directly in html\n // example usage: https://github.com/solidos/mashlib/blob/29b8b53c46bf02e0e219f0bacd51b0e9951001dd/test/contact/local.html#L37\n if (\n typeof document !== 'undefined' &&\n document.location &&\n ('' + document.location).slice(0, 16) === 'http://localhost'\n ) {\n const div = document.getElementById('appTarget')\n if (!div) return null\n const id = div.getAttribute('testID')\n if (!id) return null\n debug.log('Assuming user is ' + id)\n return sym(id)\n }\n return null\n}\n","import { namedNode, NamedNode, sym } from 'rdflib'\nimport { appContext, offlineTestID } from './authUtil'\nimport * as debug from '../util/debug'\nimport { EVENTS, Session } from '@inrupt/solid-client-authn-browser'\nimport { AuthenticationContext, AuthnLogic } from '../types'\n\nexport class SolidAuthnLogic implements AuthnLogic {\n private session: Session\n\n constructor(solidAuthSession: Session) {\n this.session = solidAuthSession\n }\n\n // we created authSession getter because we want to access it as authn.authSession externally\n get authSession():Session { return this.session }\n\n currentUser(): NamedNode | null {\n const app = appContext()\n if (app.viewingNoAuthPage) {\n return sym(app.webId)\n }\n if (this && this.session && this.session.info && this.session.info.webId && this.session.info.isLoggedIn) {\n return sym(this.session.info.webId)\n }\n return offlineTestID() // null unless testing\n }\n\n /**\n * Retrieves currently logged in webId from either\n * defaultTestUser or SolidAuth\n * Also activates a session after login\n * @param [setUserCallback] Optional callback\n * @returns Resolves with webId uri, if no callback provided\n */\n async checkUser<T> (\n setUserCallback?: (me: NamedNode | null) => T\n ): Promise<NamedNode | T | null> {\n // Save hash for \"restorePreviousSession\"\n const preLoginRedirectHash = new URL(window.location.href).hash\n if (preLoginRedirectHash) {\n window.localStorage.setItem('preLoginRedirectHash', preLoginRedirectHash)\n }\n this.session.events.on(EVENTS.SESSION_RESTORED, (url) => {\n debug.log(`Session restored to ${url}`)\n if (document.location.toString() !== url) history.replaceState(null, '', url)\n })\n\n /**\n * Handle a successful authentication redirect\n */\n const redirectUrl = new URL(window.location.href)\n redirectUrl.hash = ''\n await this.session\n .handleIncomingRedirect({\n restorePreviousSession: true,\n url: redirectUrl.href\n })\n\n // Check to see if a hash was stored in local storage\n const postLoginRedirectHash = window.localStorage.getItem('preLoginRedirectHash')\n if (postLoginRedirectHash) {\n const curUrl = new URL(window.location.href)\n if (curUrl.hash !== postLoginRedirectHash) {\n if (history.pushState) {\n // debug.log('Setting window.location.has using pushState')\n history.pushState(null, document.title, postLoginRedirectHash)\n } else {\n // debug.warn('Setting window.location.has using location.hash')\n location.hash = postLoginRedirectHash\n }\n curUrl.hash = postLoginRedirectHash\n }\n // See https://stackoverflow.com/questions/3870057/how-can-i-update-window-location-hash-without-jumping-the-document\n // window.location.href = curUrl.toString()// @@ See https://developer.mozilla.org/en-US/docs/Web/API/Window/location\n window.localStorage.setItem('preLoginRedirectHash', '')\n }\n\n // Check to see if already logged in / have the WebID\n let me = offlineTestID()\n if (me) {\n return Promise.resolve(setUserCallback ? setUserCallback(me) : me)\n }\n\n const webId = this.webIdFromSession(this.session.info)\n if (webId) {\n me = this.saveUser(webId)\n }\n\n if (me) {\n debug.log(`(Logged in as ${me} by authentication)`)\n }\n\n return Promise.resolve(setUserCallback ? setUserCallback(me) : me)\n }\n\n /**\n * Saves `webId` in `context.me`\n * @param webId\n * @param context\n *\n * @returns Returns the WebID, after setting it\n */\n saveUser (\n webId: NamedNode | string | null,\n context?: AuthenticationContext\n ): NamedNode | null {\n let webIdUri: string\n if (webId) {\n webIdUri = (typeof webId === 'string') ? webId : webId.uri\n const me = namedNode(webIdUri)\n if (context) {\n context.me = me\n }\n return me\n }\n return null\n }\n\n /**\n * @returns {Promise<string|null>} Resolves with WebID URI or null\n */\n webIdFromSession (session?: { webId?: string, isLoggedIn: boolean }): string | null {\n const webId = session?.webId && session.isLoggedIn ? session.webId : null\n return webId\n }\n\n}\n","import { NamedNode, sym } from 'rdflib'\n\nexport function newThing(doc: NamedNode): NamedNode {\n return sym(doc.uri + '#' + 'id' + ('' + Date.now()))\n}\n\nexport function uniqueNodes (arr: NamedNode[]): NamedNode[] {\n const uris = arr.map(x => x.uri)\n const set = new Set(uris)\n const uris2 = Array.from(set)\n const arr2 = uris2.map(u => new NamedNode(u))\n return arr2 // Array.from(new Set(arr.map(x => x.uri))).map(u => sym(u))\n}\n\nexport function getArchiveUrl(baseUrl: string, date: Date) {\n const year = date.getUTCFullYear()\n const month = ('0' + (date.getUTCMonth()+1)).slice(-2)\n const day = ('0' + (date.getUTCDate())).slice(-2)\n const parts = baseUrl.split('/')\n const filename = parts[parts.length -1 ]\n return new URL(`./archive/${year}/${month}/${day}/${filename}`, baseUrl).toString()\n}\n\nexport function differentOrigin(doc): boolean {\n if (!doc) {\n return true\n }\n return (\n `${window.location.origin}/` !== new URL(doc.value).origin\n )\n}\n\nexport function suggestPreferencesFile (me:NamedNode) {\n const stripped = me.uri.replace('/profile/', '/').replace('/public/', '/')\n // const stripped = me.uri.replace(\\/[p|P]rofile/\\g, '/').replace(\\/[p|P]ublic/\\g, '/')\n const folderURI = stripped.split('/').slice(0,-1).join('/') + '/settings/'\n const fileURI = folderURI + 'prefs.ttl'\n return sym(fileURI)\n}\n\nexport function determineChatContainer(\n invitee: NamedNode,\n podRoot: NamedNode\n): NamedNode {\n // Create chat\n // See https://gitter.im/solid/chat-app?at=5f3c800f855be416a23ae74a\n const chatContainerStr = new URL(\n `IndividualChats/${new URL(invitee.value).host}/`,\n podRoot.value\n ).toString()\n return new NamedNode(chatContainerStr)\n}\n","import { NamedNode, Node, st, term } from 'rdflib'\nimport { ChatLogic, CreatedPaneOptions, NewPaneOptions, Chat } from '../types'\nimport { ns as namespace } from '../util/ns'\nimport { determineChatContainer, newThing } from '../util/utils'\n\nconst CHAT_LOCATION_IN_CONTAINER = 'index.ttl#this'\n\nexport function createChatLogic(store, profileLogic): ChatLogic {\n const ns = namespace\n\n async function setAcl(\n chatContainer: NamedNode,\n me: NamedNode,\n invitee: NamedNode\n ): Promise<void> {\n // Some servers don't present a Link http response header\n // if the container doesn't exist yet, so refetch the container\n // now that it has been created:\n await store.fetcher.load(chatContainer)\n\n // FIXME: check the Why value on this quad:\n const chatAclDoc = store.any(\n chatContainer,\n new NamedNode('http://www.iana.org/assignments/link-relations/acl')\n )\n if (!chatAclDoc) {\n throw new Error('Chat ACL doc not found!')\n }\n\n const aclBody = `\n @prefix acl: <http://www.w3.org/ns/auth/acl#>.\n <#owner>\n a acl:Authorization;\n acl:agent <${me.value}>;\n acl:accessTo <.>;\n acl:default <.>;\n acl:mode\n acl:Read, acl:Write, acl:Control.\n <#invitee>\n a acl:Authorization;\n acl:agent <${invitee.value}>;\n acl:accessTo <.>;\n acl:default <.>;\n acl:mode\n acl:Read, acl:Append.\n `\n await store.fetcher.webOperation('PUT', chatAclDoc.value, {\n data: aclBody,\n contentType: 'text/turtle',\n })\n }\n\n async function addToPrivateTypeIndex(chatThing, me) {\n // Add to private type index\n const privateTypeIndex = store.any(\n me,\n ns.solid('privateTypeIndex')\n ) as NamedNode | null\n if (!privateTypeIndex) {\n throw new Error('Private type index not found!')\n }\n await store.fetcher.load(privateTypeIndex)\n const reg = newThing(privateTypeIndex)\n const ins = [\n st(\n reg,\n ns.rdf('type'),\n ns.solid('TypeRegistration'),\n privateTypeIndex.doc()\n ),\n st(\n reg,\n ns.solid('forClass'),\n ns.meeting('LongChat'),\n privateTypeIndex.doc()\n ),\n st(reg, ns.solid('instance'), chatThing, privateTypeIndex.doc()),\n ]\n await new Promise((resolve, reject) => {\n store.updater.update([], ins, function (_uri, ok, errm) {\n if (!ok) {\n reject(new Error(errm))\n } else {\n resolve(null)\n }\n })\n })\n }\n\n async function findChat(invitee: NamedNode): Promise<Chat> {\n const me = await profileLogic.loadMe()\n const podRoot = await profileLogic.getPodRoot(me)\n const chatContainer = determineChatContainer(invitee, podRoot)\n let exists = true\n try {\n await store.fetcher.load(\n new NamedNode(chatContainer.value + 'index.ttl#this')\n )\n } catch (e) {\n exists = false\n }\n return { me, chatContainer, exists }\n }\n\n async function createChatThing(\n chatContainer: NamedNode,\n me: NamedNode\n ): Promise<NamedNode> {\n const created = await mintNew({\n me,\n newBase: chatContainer.value,\n })\n return created.newInstance\n }\n\n function mintNew(newPaneOptions: NewPaneOptions): Promise<CreatedPaneOptions> {\n const kb = store\n const updater = kb.updater\n if (newPaneOptions.me && !newPaneOptions.me.uri) {\n throw new Error('chat mintNew: Invalid userid ' + newPaneOptions.me)\n }\n\n const newInstance = (newPaneOptions.newInstance =\n newPaneOptions.newInstance ||\n kb.sym(newPaneOptions.newBase + CHAT_LOCATION_IN_CONTAINER))\n const newChatDoc = newInstance.doc()\n\n kb.add(\n newInstance,\n ns.rdf('type'),\n ns.meeting('LongChat'),\n newChatDoc\n )\n kb.add(newInstance, ns.dc('title'), 'Chat channel', newChatDoc)\n kb.add(\n newInstance,\n ns.dc('created'),\n term<Node>(new Date(Date.now())),\n newChatDoc\n )\n if (newPaneOptions.me) {\n kb.add(newInstance, ns.dc('author'), newPaneOptions.me, newChatDoc)\n }\n\n return new Promise(function (resolve, reject) {\n updater?.put(\n newChatDoc,\n kb.statementsMatching(undefined, undefined, undefined, newChatDoc),\n 'text/turtle',\n function (uri2, ok, message) {\n if (ok) {\n resolve({\n ...newPaneOptions,\n newInstance,\n })\n } else {\n reject(\n new Error(\n 'FAILED to save new chat channel at: ' + uri2 + ' : ' + message\n )\n )\n }\n }\n )\n })\n }\n\n /**\n * Find (and optionally create) an individual chat between the current user and the given invitee\n * @param invitee - The person to chat with\n * @param createIfMissing - Whether the chat should be created, if missing\n * @returns null if missing, or a node referring to an already existing chat, or the newly created chat\n */\n async function getChat(\n invitee: NamedNode,\n createIfMissing = true\n ): Promise<NamedNode | null> {\n const { me, chatContainer, exists } = await findChat(invitee)\n if (exists) {\n return new NamedNode(chatContainer.value + CHAT_LOCATION_IN_CONTAINER)\n }\n\n if (createIfMissing) {\n const chatThing = await createChatThing(chatContainer, me)\n await sendInvite(invitee, chatThing)\n await setAcl(chatContainer, me, invitee)\n await addToPrivateTypeIndex(chatThing, me)\n return chatThing\n }\n return null\n }\n\n async function sendInvite(invitee: NamedNode, chatThing: NamedNode) {\n await store.fetcher.load(invitee.doc())\n const inviteeInbox = store.any(\n invitee,\n ns.ldp('inbox'),\n undefined,\n invitee.doc()\n )\n if (!inviteeInbox) {\n throw new Error(`Invitee inbox not found! ${invitee.value}`)\n }\n const inviteBody = `\n <> a <http://www.w3.org/ns/pim/meeting#LongChatInvite> ;\n ${ns.rdf('seeAlso')} <${chatThing.value}> .\n `\n\n const inviteResponse = await store.fetcher?.webOperation(\n 'POST',\n inviteeInbox.value,\n {\n data: inviteBody,\n contentType: 'text/turtle',\n }\n )\n const locationStr = inviteResponse?.headers.get('location')\n if (!locationStr) {\n throw new Error(`Invite sending returned a ${inviteResponse?.status}`)\n }\n }\n return {\n setAcl, addToPrivateTypeIndex, findChat, createChatThing, getChat, sendInvite, mintNew\n }\n}\n","import { NamedNode } from 'rdflib'\nimport { InboxLogic } from '../types'\nimport { getArchiveUrl } from '../util/utils'\n\nexport function createInboxLogic(store, profileLogic, utilityLogic, containerLogic, aclLogic): InboxLogic {\n\n async function createInboxFor(peerWebId: string, nick: string) {\n const myWebId: NamedNode = await profileLogic.loadMe()\n const podRoot: NamedNode = await profileLogic.getPodRoot(myWebId)\n const ourInbox = `${podRoot.value}p2p-inboxes/${encodeURIComponent(nick)}/`\n await containerLogic.createContainer(ourInbox)\n // const aclDocUrl = await aclLogic.findAclDocUrl(ourInbox);\n await utilityLogic.setSinglePeerAccess({\n ownerWebId: myWebId.value,\n peerWebId,\n accessToModes: 'acl:Append',\n target: ourInbox\n })\n return ourInbox\n }\n\n async function getNewMessages(\n user?: NamedNode\n ): Promise<NamedNode[]> {\n if (!user) {\n user = await profileLogic.loadMe()\n }\n const inbox = await profileLogic.getMainInbox(user)\n const urls = await containerLogic.getContainerMembers(inbox)\n return urls.filter(url => !containerLogic.isContainer(url))\n }\n\n async function markAsRead(url: string, date: Date) {\n const downloaded = await store.fetcher._fetch(url)\n if (downloaded.status !== 200) {\n throw new Error(`Not OK! ${url}`)\n }\n const archiveUrl = getArchiveUrl(url, date)\n const options = {\n method: 'PUT',\n body: await downloaded.text(),\n headers: [\n ['Content-Type', downloaded.headers.get('Content-Type') || 'application/octet-stream']\n ]\n }\n const uploaded = await store.fetcher._fetch(archiveUrl, options)\n if (uploaded.status.toString()[0] === '2') {\n await store.fetcher._fetch(url, {\n method: 'DELETE'\n })\n }\n }\n return {\n createInboxFor,\n getNewMessages,\n markAsRead\n }\n}\n","class CustomError extends Error {\n constructor(message?: string) {\n super(message)\n // see: typescriptlang.org/docs/handbook/release-notes/typescript-2-2.html\n Object.setPrototypeOf(this, new.target.prototype) // restore prototype chain\n this.name = new.target.name // stack traces display correctly now\n }\n}\n\nexport class UnauthorizedError extends CustomError {}\n\nexport class CrossOriginForbiddenError extends CustomError {}\n\nexport class SameOriginForbiddenError extends CustomError {}\n\nexport class NotFoundError extends CustomError {}\n\nexport class NotEditableError extends CustomError { }\n\nexport class WebOperationError extends CustomError {}\n\nexport class FetchError extends CustomError {\n status: number\n\n constructor(status: number, message?: string) {\n super(message)\n this.status = status\n }\n}","export function publicTypeIndexDocument(): string {\n return [\n '@prefix solid: <http://www.w3.org/ns/solid/terms#>.',\n '<>',\n ' a solid:TypeIndex ;',\n ' a solid:ListedDocument.'\n ].join('\\n')\n}\n\nexport function privateTypeIndexDocument(): string {\n return [\n '@prefix solid: <http://www.w3.org/ns/solid/terms#>.',\n '<>',\n ' a solid:TypeIndex ;',\n ' a solid:UnlistedDocument.'\n ].join('\\n')\n}","export function publicTypeIndexAclDocument(webId: string, publicTypeIndexUri: string): string {\n const fileName = new URL(publicTypeIndexUri).pathname.split('/').pop() || 'publicTypeIndex.ttl'\n return [\n '# ACL resource for the Public Type Index',\n '',\n '@prefix acl: <http://www.w3.org/ns/auth/acl#>.',\n '@prefix foaf: <http://xmlns.com/foaf/0.1/>.',\n '',\n '<#owner>',\n ' a acl:Authorization;',\n '',\n ' acl:agent',\n ` <${webId}>;`,\n '',\n ` acl:accessTo <./${fileName}>;`,\n '',\n ' acl:mode',\n ' acl:Read, acl:Write, acl:Control.',\n '',\n '# Public-readable',\n '<#public>',\n ' a acl:Authorization;',\n '',\n ' acl:agentClass foaf:Agent;',\n '',\n ` acl:accessTo <./${fileName}>;`,\n '',\n ' acl:mode acl:Read.'\n ].join('\\n')\n}\n","export function preferencesFileDocument(): string {\n return [\n '@prefix dct: <http://purl.org/dc/terms/>.',\n '@prefix pim: <http://www.w3.org/ns/pim/space#>.',\n '@prefix solid: <http://www.w3.org/ns/solid/terms#>.',\n '<>',\n ' a pim:ConfigurationFile ;',\n ' dct:title \"Preferences file\".'\n ].join('\\n')\n}\n","export function ownerOnlyContainerAclDocument(webId: string): string {\n return [\n '@prefix acl: <http://www.w3.org/ns/auth/acl#>.',\n '',\n '<#owner>',\n 'a acl:Authorization;',\n `acl:agent <${webId}>;`,\n 'acl:accessTo <./>;',\n 'acl:default <./>;',\n 'acl:mode acl:Read, acl:Write, acl:Control.'\n ].join('\\n')\n}\n","import { NamedNode, Statement, sym } from 'rdflib'\n\n/**\n * Container-related class\n */\nexport function createContainerLogic(store) {\n\n function getContainerElements(containerNode: NamedNode): NamedNode[] {\n return store\n .statementsMatching(\n containerNode,\n sym('http://www.w3.org/ns/ldp#contains'),\n undefined\n )\n .map((st: Statement) => st.object as NamedNode)\n }\n\n function isContainer(url: NamedNode) {\n const nodeToString = url.value\n return nodeToString.charAt(nodeToString.length - 1) === '/'\n }\n\n async function createContainer(url: string) {\n const stringToNode = sym(url)\n if (!isContainer(stringToNode)) {\n throw new Error(`Not a container URL ${url}`)\n }\n // Copied from https://github.com/solidos/solid-crud-tests/blob/v3.1.0/test/surface/create-container.test.ts#L56-L64\n const result = await store.fetcher._fetch(url, {\n method: 'PUT',\n headers: {\n 'Content-Type': 'text/turtle',\n 'If-None-Match': '*',\n Link: '<http://www.w3.org/ns/ldp#BasicContainer>; rel=\"type\"', // See https://github.com/solidos/node-solid-server/issues/1465\n },\n body: ' ', // work around https://github.com/michielbdejong/community-server/issues/4#issuecomment-776222863\n })\n // Treat 409 as idempotent success: another process/request already created the container.\n if (result.status === 409) {\n return\n }\n if (result.status.toString()[0] !== '2') {\n throw new Error(`Not OK: got ${result.status} response while creating container at ${url}`)\n }\n }\n\n async function getContainerMembers(containerUrl: NamedNode): Promise<NamedNode[]> {\n await store.fetcher.load(containerUrl)\n return getContainerElements(containerUrl)\n }\n return {\n isContainer,\n createContainer,\n getContainerElements,\n getContainerMembers\n }\n}","import { literal, NamedNode, st, sym } from 'rdflib'\nimport { ACL_LINK } from '../acl/aclLogic'\nimport { CrossOriginForbiddenError, FetchError, NotEditableError, SameOriginForbiddenError, UnauthorizedError, WebOperationError } from '../logic/CustomError'\nimport * as debug from '../util/debug'\nimport { ns as namespace } from '../util/ns'\nimport { privateTypeIndexDocument, publicTypeIndexDocument } from '../typeIndex/typeIndexDocuments'\nimport { publicTypeIndexAclDocument } from '../typeIndex/typeIndexAclDocuments'\nimport { preferencesFileDocument } from './profileDocuments'\nimport { ownerOnlyContainerAclDocument } from './profileAclDocuments'\nimport { createContainerLogic } from '../util/containerLogic'\nimport { differentOrigin, suggestPreferencesFile } from '../util/utils'\nimport { ProfileLogic } from '../types'\n\nexport function createProfileLogic(store, authn, utilityLogic): ProfileLogic {\n const ns = namespace\n const containerLogic = createContainerLogic(store)\n const loadPreferencesInFlight = new Map<string, Promise<NamedNode>>()\n const cachedPreferencesFileByWebId = new Map<string, NamedNode>()\n\n function isAbsoluteHttpUri(uri: string | null | undefined): boolean {\n return !!uri && (uri.startsWith('https://') || uri.startsWith('http://'))\n }\n\n function docDirUri(node: NamedNode): string | null {\n const doc = node.doc()\n const dir = doc.dir()\n if (dir?.uri && isAbsoluteHttpUri(dir.uri)) return dir.uri\n const docUri = doc.uri\n if (!docUri || !isAbsoluteHttpUri(docUri)) return null\n const withoutFragment = docUri.split('#')[0]\n const lastSlash = withoutFragment.lastIndexOf('/')\n if (lastSlash === -1) return null\n return withoutFragment.slice(0, lastSlash + 1)\n }\n\n function suggestTypeIndexInPreferences(preferencesFile: NamedNode, filename: string): NamedNode {\n const dirUri = docDirUri(preferencesFile)\n if (!dirUri) throw new Error(`Cannot derive directory for preferences file ${preferencesFile.uri}`)\n return sym(dirUri + filename)\n }\n\n function isNotFoundError(err: any): boolean {\n if (err?.response?.status === 404) return true\n const text = `${err?.message || err || ''}`\n return text.includes('404') || text.includes('Not Found')\n }\n\n async function ensureContainerExists(containerUri: string): Promise<void> {\n const containerNode = sym(containerUri)\n try {\n await store.fetcher.load(containerNode)\n return\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n await containerLogic.createContainer(containerUri)\n }\n\n async function ensureOwnerOnlyAclForSettings(user: NamedNode, preferencesFile: NamedNode): Promise<void> {\n const dirUri = docDirUri(preferencesFile)\n if (!dirUri) throw new Error(`Cannot derive settings directory from ${preferencesFile.uri}`)\n await ensureContainerExists(dirUri)\n\n const containerNode = sym(dirUri)\n let aclDocUri: string | undefined\n try {\n await store.fetcher.load(containerNode)\n aclDocUri = store.any(containerNode, ACL_LINK)?.value\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n if (!aclDocUri) {\n // Fallback for servers/tests where rel=acl is not exposed in mocked headers.\n aclDocUri = `${dirUri}.acl`\n }\n const aclDoc = sym(aclDocUri)\n try {\n await store.fetcher.load(aclDoc)\n return\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n\n await store.fetcher.webOperation('PUT', aclDoc.uri, {\n data: ownerOnlyContainerAclDocument(user.uri),\n contentType: 'text/turtle'\n })\n }\n\n async function ensurePublicTypeIndexAclOnCreate(user: NamedNode, publicTypeIndex: NamedNode, ensureAcl = false): Promise<void> {\n const created = await utilityLogic.loadOrCreateWithContentOnCreate(publicTypeIndex, publicTypeIndexDocument())\n if (!created && !ensureAcl) return\n\n let aclDocUri: string | undefined\n try {\n await store.fetcher.load(publicTypeIndex)\n aclDocUri = store.any(publicTypeIndex, ACL_LINK)?.value\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n if (!aclDocUri) {\n aclDocUri = `${publicTypeIndex.uri}.acl`\n }\n\n const aclDoc = sym(aclDocUri)\n try {\n await store.fetcher.webOperation('PUT', aclDoc.uri, {\n data: publicTypeIndexAclDocument(user.uri, publicTypeIndex.uri),\n contentType: 'text/turtle',\n headers: { 'If-None-Match': '*' }\n })\n } catch (err: any) {\n const status = err?.response?.status ?? err?.status\n if (status !== 412) throw err\n }\n }\n\n async function ensurePrivateTypeIndexOnCreate(privateTypeIndex: NamedNode): Promise<void> {\n await utilityLogic.loadOrCreateWithContentOnCreate(privateTypeIndex, privateTypeIndexDocument())\n }\n\n async function initializePreferencesDefaults(user: NamedNode, preferencesFile: NamedNode): Promise<void> {\n const preferencesDoc = preferencesFile.doc() as NamedNode\n const profileDoc = user.doc() as NamedNode\n await store.fetcher.load(preferencesDoc)\n\n const profilePublicTypeIndex =\n (store.any(user, ns.solid('publicTypeIndex'), null, profileDoc) as NamedNode | null)\n const preferencesPublicTypeIndex =\n (store.any(user, ns.solid('publicTypeIndex'), null, preferencesDoc) as NamedNode | null)\n const publicTypeIndex =\n profilePublicTypeIndex ||\n preferencesPublicTypeIndex ||\n suggestTypeIndexInPreferences(preferencesFile, 'publicTypeIndex.ttl')\n const privateTypeIndex =\n (store.any(user, ns.solid('privateTypeIndex'), null, preferencesDoc) as NamedNode | null) ||\n suggestTypeIndexInPreferences(preferencesFile, 'privateTypeIndex.ttl')\n\n // Keep discovery consistent with typeIndexLogic, which resolves publicTypeIndex from the profile doc.\n const createdProfilePublicTypeIndexLink = !profilePublicTypeIndex\n if (createdProfilePublicTypeIndexLink) {\n await utilityLogic.followOrCreateLinkWithContentOnCreate(\n user,\n ns.solid('publicTypeIndex') as NamedNode,\n publicTypeIndex,\n profileDoc,\n publicTypeIndexDocument()\n )\n }\n\n const toInsert: any[] = []\n if (!store.holds(preferencesDoc, ns.rdf('type'), ns.space('ConfigurationFile'), preferencesDoc)) {\n toInsert.push(st(preferencesDoc, ns.rdf('type'), ns.space('ConfigurationFile'), preferencesDoc))\n }\n if (!store.holds(preferencesDoc, ns.dct('title'), undefined, preferencesDoc)) {\n toInsert.push(st(preferencesDoc, ns.dct('title'), literal('Preferences file'), preferencesDoc))\n }\n if (!store.holds(user, ns.solid('publicTypeIndex'), publicTypeIndex, preferencesDoc)) {\n toInsert.push(st(user, ns.solid('publicTypeIndex'), publicTypeIndex, preferencesDoc))\n }\n if (!store.holds(user, ns.solid('privateTypeIndex'), privateTypeIndex, preferencesDoc)) {\n toInsert.push(st(user, ns.solid('privateTypeIndex'), privateTypeIndex, preferencesDoc))\n }\n\n if (toInsert.length > 0) {\n await store.updater.update([], toInsert)\n await store.fetcher.load(preferencesDoc)\n }\n\n await ensurePublicTypeIndexAclOnCreate(user, publicTypeIndex, createdProfilePublicTypeIndexLink)\n await ensurePrivateTypeIndexOnCreate(privateTypeIndex)\n }\n\n async function ensurePreferencesDocExists(preferencesFile: NamedNode): Promise<boolean> {\n try {\n const created = await utilityLogic.loadOrCreateWithContentOnCreate(preferencesFile, preferencesFileDocument())\n if (created) {\n return true\n }\n return false\n } catch (err) {\n if (err.response?.status === 401) {\n throw new UnauthorizedError()\n }\n if (err.response?.status === 403) {\n if (differentOrigin(preferencesFile)) {\n throw new CrossOriginForbiddenError()\n }\n throw new SameOriginForbiddenError()\n }\n throw err\n }\n }\n\n /**\n * loads the preference without throwing errors - if it can create it it does so.\n * remark: it still throws error if it cannot load profile.\n * @param user\n * @returns undefined if preferenceFile cannot be returned or NamedNode if it can find it or create it\n */\n async function silencedLoadPreferences(user: NamedNode): Promise <NamedNode | undefined> {\n try {\n return await loadPreferences(user)\n } catch (err) {\n return undefined\n }\n }\n\n /**\n * loads the preference without returning different errors if it cannot create or load it.\n * remark: it also throws error if it cannot load profile.\n * @param user\n * @returns undefined if preferenceFile cannot be an Error or NamedNode if it can find it or create it\n */\n async function loadPreferences (user: NamedNode): Promise <NamedNode> {\n const cachedPreferencesFile = cachedPreferencesFileByWebId.get(user.uri)\n if (cachedPreferencesFile) {\n return cachedPreferencesFile\n }\n\n const inFlight = loadPreferencesInFlight.get(user.uri)\n if (inFlight) {\n return inFlight\n }\n\n const run = (async (): Promise<NamedNode> => {\n await loadProfile(user)\n\n const possiblePreferencesFile = suggestPreferencesFile(user)\n let preferencesFile\n try {\n const existingPreferencesFile = store.any(user, ns.space('preferencesFile'), null, user.doc()) as NamedNode | null\n if (existingPreferencesFile) {\n preferencesFile = existingPreferencesFile\n } else {\n preferencesFile = await utilityLogic.followOrCreateLink(user, ns.space('preferencesFile') as NamedNode, possiblePreferencesFile, user.doc())\n }\n\n await ensureOwnerOnlyAclForSettings(user, preferencesFile as NamedNode)\n await ensurePreferencesDocExists(preferencesFile as NamedNode)\n await initializePreferencesDefaults(user, preferencesFile as NamedNode)\n } catch (err) {\n const message = `User ${user} has no pointer in profile to preferences file.`\n debug.warn(message)\n // we are listing the possible errors\n if (err instanceof NotEditableError) { throw err }\n if (err instanceof WebOperationError) { throw err }\n if (err instanceof UnauthorizedError) { throw err }\n if (err instanceof CrossOriginForbiddenError) { throw err }\n if (err instanceof SameOriginForbiddenError) { throw err }\n if (err instanceof FetchError) { throw err }\n throw err\n }\n\n try {\n await store.fetcher.load(preferencesFile as NamedNode)\n } catch (err) { // Maybe a permission problem or origin problem\n const msg = `Unable to load preference of user ${user}: ${err}`\n if (err.response?.status === 404) {\n // Self-heal when a stale profile pointer references a missing preferences file.\n await ensureOwnerOnlyAclForSettings(user, preferencesFile as NamedNode)\n await ensurePreferencesDocExists(preferencesFile as NamedNode)\n await initializePreferencesDefaults(user, preferencesFile as NamedNode)\n await store.fetcher.load(preferencesFile as NamedNode)\n return preferencesFile as NamedNode\n }\n debug.warn(msg)\n if (err.response.status === 401) {\n throw new UnauthorizedError()\n }\n if (err.response.status === 403) {\n if (differentOrigin(preferencesFile)) {\n throw new CrossOriginForbiddenError()\n }\n throw new SameOriginForbiddenError()\n }\n /*if (err.response.status === 404) {\n throw new NotFoundError();\n }*/\n throw new Error(msg)\n }\n cachedPreferencesFileByWebId.set(user.uri, preferencesFile as NamedNode)\n return preferencesFile as NamedNode\n })()\n\n loadPreferencesInFlight.set(user.uri, run)\n try {\n return await run\n } finally {\n if (loadPreferencesInFlight.get(user.uri) === run) {\n loadPreferencesInFlight.delete(user.uri)\n }\n }\n }\n\n async function loadProfile (user: NamedNode):Promise <NamedNode> {\n if (!user) {\n throw new Error('loadProfile: no user given.')\n }\n try {\n await store.fetcher.load(user.doc())\n } catch (err) {\n throw new Error(`Unable to load profile of user ${user}: ${err}`)\n }\n return user.doc()\n }\n\n async function loadMe(): Promise<NamedNode> {\n const me = authn.currentUser()\n if (me === null) {\n throw new Error('Current user not found! Not logged in?')\n }\n await store.fetcher.load(me.doc())\n return me\n }\n\n function getPodRoot(user: NamedNode): NamedNode {\n const podRoot = findStorage(user)\n if (!podRoot) {\n throw new Error('User pod root not found!')\n }\n return podRoot as NamedNode\n }\n\n async function getMainInbox(user: NamedNode): Promise<NamedNode> {\n await store.fetcher.load(user)\n const mainInbox = store.any(user, ns.ldp('inbox'), undefined, user.doc())\n if (!mainInbox) {\n throw new Error('User main inbox not found!')\n }\n return mainInbox as NamedNode\n }\n\n function findStorage(me: NamedNode) {\n return store.any(me, ns.space('storage'), undefined, me.doc())\n }\n\n return {\n loadMe,\n getPodRoot,\n getMainInbox,\n findStorage,\n loadPreferences,\n loadProfile,\n silencedLoadPreferences\n }\n}\n","import { NamedNode, st, sym } from 'rdflib'\nimport { ScopedApp, TypeIndexLogic, TypeIndexScope } from '../types'\nimport * as debug from '../util/debug'\nimport { ns as namespace } from '../util/ns'\nimport { newThing } from '../util/utils'\nimport { privateTypeIndexDocument, publicTypeIndexDocument } from './typeIndexDocuments'\n\nexport function createTypeIndexLogic(store, authn, profileLogic, utilityLogic): TypeIndexLogic {\n const ns = namespace\n\n function isAbsoluteHttpUri(uri: string | null | undefined): boolean {\n return !!uri && (uri.startsWith('https://') || uri.startsWith('http://'))\n }\n\n function getRegistrations(instance, theClass) {\n return store\n .each(undefined, ns.solid('instance'), instance)\n .filter((r) => {\n return store.holds(r, ns.solid('forClass'), theClass)\n })\n }\n\n async function loadTypeIndexesFor(user: NamedNode): Promise<Array<TypeIndexScope>> {\n if (!user) throw new Error('loadTypeIndexesFor: No user given')\n const profile = await profileLogic.loadProfile(user)\n\n let suggestion: NamedNode | null = null\n try {\n suggestion = suggestPublicTypeIndex(user)\n } catch (err) {\n const message = `User ${user} has no usable profile document directory for publicTypeIndex.`\n debug.warn(message)\n }\n let publicTypeIndex\n try {\n const existingPublicTypeIndex = store.any(user, ns.solid('publicTypeIndex'), undefined, profile)\n if (existingPublicTypeIndex) {\n publicTypeIndex = existingPublicTypeIndex\n } else if (suggestion) {\n publicTypeIndex = await utilityLogic.followOrCreateLinkWithContentOnCreate(\n user,\n ns.solid('publicTypeIndex') as NamedNode,\n suggestion,\n profile,\n publicTypeIndexDocument()\n )\n } else {\n publicTypeIndex = null\n }\n } catch (err) {\n const message = `User ${user} has no pointer in profile to publicTypeIndex file: ${err}`\n debug.warn(message)\n }\n const publicScopes = publicTypeIndex ? [{ label: 'public', index: publicTypeIndex as NamedNode, agent: user }] : []\n\n let preferencesFile\n try {\n preferencesFile = await profileLogic.silencedLoadPreferences(user)\n } catch (err) {\n preferencesFile = null\n }\n\n let privateScopes\n if (preferencesFile) { // watch out - can be in either as spec was not clear. Legacy is profile.\n // If there is a legacy one linked from the profile, use that.\n // Otherwiae use or make one linked from Preferences\n let suggestedPrivateTypeIndex: NamedNode | null = null\n try {\n suggestedPrivateTypeIndex = suggestPrivateTypeIndex(preferencesFile)\n } catch (err) {\n const message = `User ${user} has no usable preferences document directory for privateTypeIndex.`\n debug.warn(message)\n }\n let privateTypeIndex\n try {\n const existingPrivateTypeIndex = store.any(user, ns.solid('privateTypeIndex'), undefined, profile)\n if (existingPrivateTypeIndex) {\n privateTypeIndex = existingPrivateTypeIndex\n } else if (suggestedPrivateTypeIndex) {\n privateTypeIndex = await utilityLogic.followOrCreateLinkWithContentOnCreate(\n user,\n ns.solid('privateTypeIndex') as NamedNode,\n suggestedPrivateTypeIndex,\n preferencesFile,\n privateTypeIndexDocument()\n )\n } else {\n privateTypeIndex = null\n }\n } catch (err) {\n const message = `User ${user} has no pointer in preference file to privateTypeIndex file: ${err}`\n debug.warn(message)\n }\n privateScopes = privateTypeIndex ? [{ label: 'private', index: privateTypeIndex as NamedNode, agent: user }] : []\n } else {\n privateScopes = []\n }\n const scopes = publicScopes.concat(privateScopes)\n if (scopes.length === 0) return scopes\n const files = scopes.map(scope => scope.index)\n try {\n await store.fetcher.load(files)\n } catch (err) {\n debug.warn('Problems loading type index: ', err)\n }\n return scopes\n }\n\n async function loadCommunityTypeIndexes(user: NamedNode): Promise<TypeIndexScope[]> {\n let preferencesFile\n try {\n preferencesFile = await profileLogic.silencedLoadPreferences(user)\n } catch (err) {\n const message = `User ${user} has no pointer in profile to preferences file.`\n debug.warn(message)\n }\n if (preferencesFile) { // For now, pick up communities as simple links from the preferences file.\n const communities = store.each(user, ns.solid('community'), undefined, preferencesFile as NamedNode).concat(\n store.each(user, ns.solid('community'), undefined, user.doc() as NamedNode)\n )\n let result = []\n for (const org of communities) {\n if (org.termType !== 'NamedNode' || !isAbsoluteHttpUri((org as NamedNode).uri)) {\n debug.warn(`Skipping malformed community node for ${user}: ${org}`)\n continue\n }\n try {\n result = result.concat(await loadTypeIndexesFor(org as NamedNode) as any)\n } catch (err) {\n debug.warn(`Skipping community type indexes for ${(org as NamedNode).uri}: ${err}`)\n }\n }\n return result\n }\n return [] // No communities\n }\n\n async function loadAllTypeIndexes(user: NamedNode) {\n return (await loadTypeIndexesFor(user)).concat(await loadCommunityTypeIndexes(user))\n }\n\n async function getScopedAppInstances(klass: NamedNode, user: NamedNode): Promise<ScopedApp[]> {\n const scopes = await loadAllTypeIndexes(user)\n let scopedApps = []\n for (const scope of scopes) {\n const scopedApps0 = await getScopedAppsFromIndex(scope, klass) as any\n scopedApps = scopedApps.concat(scopedApps0)\n }\n return scopedApps\n }\n\n // This is the function signature which used to be in solid-ui/logic\n // Recommended to use getScopedAppInstances instead as it provides more information.\n //\n async function getAppInstances(klass: NamedNode): Promise<NamedNode[]> {\n const user = authn.currentUser()\n if (!user) throw new Error('getAppInstances: Must be logged in to find apps.')\n const scopedAppInstances = await getScopedAppInstances(klass, user)\n return scopedAppInstances.map(scoped => scoped.instance)\n }\n\n function docDirUri(node: NamedNode): string | null {\n const doc = node.doc()\n const dir = doc.dir()\n if (dir?.uri && isAbsoluteHttpUri(dir.uri)) return dir.uri\n const docUri = doc.uri\n if (!docUri || !isAbsoluteHttpUri(docUri)) {\n debug.log(`docDirUri: missing or non-http(s) doc uri for ${node?.uri}`)\n return null\n }\n const withoutFragment = docUri.split('#')[0]\n const lastSlash = withoutFragment.lastIndexOf('/')\n if (lastSlash === -1) {\n debug.log(`docDirUri: no slash in doc uri ${docUri}`)\n return null\n }\n return withoutFragment.slice(0, lastSlash + 1)\n }\n\n function suggestPublicTypeIndex(me: NamedNode) {\n const dirUri = docDirUri(me)\n if (!dirUri) throw new Error(`suggestPublicTypeIndex: Cannot derive directory for ${me.uri}`)\n return sym(dirUri + 'publicTypeIndex.ttl')\n }\n // Note this one is based off the pref file not the profile\n\n function suggestPrivateTypeIndex(preferencesFile: NamedNode) {\n const dirUri = docDirUri(preferencesFile)\n if (!dirUri) throw new Error(`suggestPrivateTypeIndex: Cannot derive directory for ${preferencesFile.uri}`)\n return sym(dirUri + 'privateTypeIndex.ttl')\n }\n\n /*\n * Register a new app in a type index\n * used in chat in bookmark.js (solid-ui)\n * Returns the registration object if successful else null\n */\n async function registerInTypeIndex(\n instance: NamedNode,\n index: NamedNode,\n theClass: NamedNode,\n // agent: NamedNode\n ): Promise<NamedNode | null> {\n const registration = newThing(index)\n const ins = [\n // See https://github.com/solid/solid/blob/main/proposals/data-discovery.md\n st(registration, ns.rdf('type'), ns.solid('TypeRegistration'), index),\n st(registration, ns.solid('forClass'), theClass, index),\n st(registration, ns.solid('instance'), instance, index)\n ]\n try {\n await store.updater.update([], ins)\n } catch (err) {\n const msg = `Unable to register ${instance} in index ${index}: ${err}`\n console.warn(msg)\n return null\n }\n return registration\n }\n\n async function deleteTypeIndexRegistration(item) {\n const reg = store.the(null, ns.solid('instance'), item.instance, item.scope.index) as NamedNode\n if (!reg) throw new Error(`deleteTypeIndexRegistration: No registration found for ${item.instance}`)\n const statements = store.statementsMatching(reg, null, null, item.scope.index)\n await store.updater.update(statements, [])\n }\n\n async function getScopedAppsFromIndex(scope: TypeIndexScope, theClass: NamedNode | null): Promise<ScopedApp[]> {\n const index = scope.index\n const results: ScopedApp[] = []\n const registrations = store.statementsMatching(null, ns.solid('instance'), null, index)\n .concat(store.statementsMatching(null, ns.solid('instanceContainer'), null, index))\n .map(st => st.subject)\n for (const reg of registrations) {\n const klass = store.any(reg, ns.solid('forClass'), null, index)\n if (!theClass || klass.sameTerm(theClass)) {\n const instances = store.each(reg, ns.solid('instance'), null, index)\n for (const instance of instances) {\n results.push({ instance, type: klass, scope })\n }\n const containers = store.each(reg, ns.solid('instanceContainer'), null, index)\n for (const instance of containers) {\n await store.fetcher.load(instance)\n results.push({ instance: sym(instance.value), type: klass, scope })\n }\n }\n }\n return results\n }\n\n return {\n registerInTypeIndex,\n getRegistrations,\n loadTypeIndexesFor,\n loadCommunityTypeIndexes,\n loadAllTypeIndexes,\n getScopedAppInstances,\n getAppInstances,\n suggestPublicTypeIndex,\n suggestPrivateTypeIndex,\n deleteTypeIndexRegistration,\n getScopedAppsFromIndex\n }\n}\n","import { NamedNode, st, sym } from 'rdflib'\nimport {\n CrossOriginForbiddenError,\n FetchError,\n NotEditableError,\n SameOriginForbiddenError,\n UnauthorizedError,\n WebOperationError\n} from '../logic/CustomError'\nimport * as debug from '../util/debug'\nimport { differentOrigin } from './utils'\n\nexport function createUtilityLogic(store, aclLogic, containerLogic) {\n async function recursiveDelete(containerNode: NamedNode) {\n try {\n if (containerLogic.isContainer(containerNode)) {\n const aclDocUrl = await aclLogic.findAclDocUrl(containerNode)\n await store.fetcher._fetch(aclDocUrl, { method: 'DELETE' })\n const containerMembers = await containerLogic.getContainerMembers(containerNode)\n await Promise.all(containerMembers.map((url) => recursiveDelete(url)))\n }\n return store.fetcher._fetch(containerNode.value, { method: 'DELETE' })\n } catch (e) {\n debug.log(`Please manually remove ${containerNode.value} from your system.`, e)\n }\n }\n\n /**\n * Create a resource if it really does not exist.\n * Be absolutely sure something does not exist before creating a new empty file,\n * as otherwise existing content could be deleted.\n */\n async function loadOrCreateIfNotExists(doc: NamedNode) {\n try {\n return await store.fetcher.load(doc)\n } catch (err: any) {\n if (err?.response?.status === 404) {\n try {\n await store.fetcher.webOperation('PUT', doc.uri, {\n data: '',\n contentType: 'text/turtle',\n headers: { 'If-None-Match': '*' }\n })\n } catch (putErr: any) {\n const status = putErr?.response?.status ?? putErr?.status\n if (status !== 412) {\n const msg = `createIfNotExists: PUT FAILED: ${doc}: ${putErr}`\n throw new WebOperationError(msg)\n }\n }\n return await store.fetcher.load(doc)\n }\n if (err?.response?.status === 401) {\n throw new UnauthorizedError()\n }\n if (err?.response?.status === 403) {\n if (differentOrigin(doc)) {\n throw new CrossOriginForbiddenError()\n }\n throw new SameOriginForbiddenError()\n }\n const msg = `createIfNotExists doc load error: ${doc}: ${err}`\n throw new FetchError(err?.status, `${err?.message || ''}${msg}`)\n }\n }\n\n async function loadOrCreateWithContentOnCreate(doc: NamedNode, data: string): Promise<boolean> {\n try {\n await store.fetcher.load(doc)\n return false\n } catch (err: any) {\n const status = err?.response?.status ?? err?.status\n if (status !== 404) {\n throw err\n }\n }\n\n try {\n await store.fetcher.webOperation('PUT', doc.uri, {\n data,\n contentType: 'text/turtle',\n headers: { 'If-None-Match': '*' }\n })\n return true\n } catch (err: any) {\n const status = err?.response?.status ?? err?.status\n if (status === 412) {\n // Another client created the resource between our 404 check and PUT.\n return false\n }\n throw err\n }\n }\n\n /*\n * Follow link from this doc to another thing, or else make a new link.\n * Returns existing object, or creates it if non-existent.\n */\n async function followOrCreateLink(\n subject: NamedNode,\n predicate: NamedNode,\n object: NamedNode,\n doc: NamedNode\n ): Promise<NamedNode | null> {\n await store.fetcher.load(doc)\n const result = store.any(subject, predicate, null, doc)\n\n if (result) return result as NamedNode\n if (!store.updater.editable(doc)) {\n const msg = `followOrCreateLink: cannot edit ${doc.value}`\n debug.warn(msg)\n throw new NotEditableError(msg)\n }\n\n try {\n await store.updater.update([], [st(subject, predicate, object, doc)])\n } catch (err) {\n const msg = `followOrCreateLink: Error making link in ${doc} to ${object}: ${err}`\n debug.warn(msg)\n throw new WebOperationError(err)\n }\n\n try {\n await loadOrCreateIfNotExists(object)\n } catch (err) {\n debug.warn(`followOrCreateLink: Error loading or saving new linked document: ${object}: ${err}`)\n throw err\n }\n return object\n }\n\n async function followOrCreateLinkWithContentOnCreate(\n subject: NamedNode,\n predicate: NamedNode,\n object: NamedNode,\n doc: NamedNode,\n data: string\n ): Promise<NamedNode | null> {\n await store.fetcher.load(doc)\n const result = store.any(subject, predicate, null, doc)\n\n if (result) return result as NamedNode\n if (!store.updater.editable(doc)) {\n const msg = `followOrCreateLinkWithContentOnCreate: cannot edit ${doc.value}`\n debug.warn(msg)\n throw new NotEditableError(msg)\n }\n\n try {\n await store.updater.update([], [st(subject, predicate, object, doc)])\n } catch (err) {\n const msg = `followOrCreateLinkWithContentOnCreate: Error making link in ${doc} to ${object}: ${err}`\n debug.warn(msg)\n throw new WebOperationError(msg)\n }\n\n try {\n await loadOrCreateWithContentOnCreate(object, data)\n } catch (err) {\n debug.warn(`followOrCreateLinkWithContentOnCreate: Error loading or saving new linked document: ${object}: ${err}`)\n throw err\n }\n return object\n }\n\n // Copied from\n // https://github.com/solidos/web-access-control-tests/blob/v3.0.0/test/surface/delete.test.ts#L5\n async function setSinglePeerAccess(options: {\n ownerWebId: string,\n peerWebId: string,\n accessToModes?: string,\n defaultModes?: string,\n target: string\n }) {\n let str = [\n '@prefix acl: <http://www.w3.org/ns/auth/acl#>.',\n '',\n '<#alice> a acl:Authorization;\\n acl:agent <' + options.ownerWebId + '>;',\n ` acl:accessTo <${options.target}>;`,\n ` acl:default <${options.target}>;`,\n ' acl:mode acl:Read, acl:Write, acl:Control.',\n ''\n ].join('\\n')\n\n if (options.accessToModes) {\n str += [\n '<#bobAccessTo> a acl:Authorization;',\n ` acl:agent <${options.peerWebId}>;`,\n ` acl:accessTo <${options.target}>;`,\n ` acl:mode ${options.accessToModes}.`,\n ''\n ].join('\\n')\n }\n\n if (options.defaultModes) {\n str += [\n '<#bobDefault> a acl:Authorization;',\n ` acl:agent <${options.peerWebId}>;`,\n ` acl:default <${options.target}>;`,\n ` acl:mode ${options.defaultModes}.`,\n ''\n ].join('\\n')\n }\n\n const aclDocUrl = await aclLogic.findAclDocUrl(sym(options.target))\n return store.fetcher._fetch(aclDocUrl, {\n method: 'PUT',\n body: str,\n headers: [['Content-Type', 'text/turtle']]\n })\n }\n\n async function createEmptyRdfDoc(doc: NamedNode, comment: string) {\n await store.fetcher.webOperation('PUT', doc.uri, {\n data: `# ${new Date()} ${comment}\\n`,\n contentType: 'text/turtle'\n })\n }\n\n return {\n recursiveDelete,\n setSinglePeerAccess,\n createEmptyRdfDoc,\n followOrCreateLink,\n followOrCreateLinkWithContentOnCreate,\n loadOrCreateIfNotExists,\n loadOrCreateWithContentOnCreate\n }\n}\n","import { Session } from '@inrupt/solid-client-authn-browser'\nimport * as rdf from 'rdflib'\nimport { LiveStore, NamedNode, Statement } from 'rdflib'\nimport { createAclLogic } from '../acl/aclLogic'\nimport { SolidAuthnLogic } from '../authn/SolidAuthnLogic'\nimport { createChatLogic } from '../chat/chatLogic'\nimport { createInboxLogic } from '../inbox/inboxLogic'\nimport { createProfileLogic } from '../profile/profileLogic'\nimport { createTypeIndexLogic } from '../typeIndex/typeIndexLogic'\nimport { createContainerLogic } from '../util/containerLogic'\nimport { createUtilityLogic } from '../util/utilityLogic'\nimport { AuthnLogic, SolidLogic } from '../types'\nimport * as debug from '../util/debug'\n/*\n** It is important to distinquish `fetch`, a function provided by the browser\n** and `Fetcher`, a helper object for the rdflib Store which turns it\n** into a `ConnectedStore` or a `LiveStore`. A Fetcher object is\n** available at store.fetcher, and `fetch` function at `store.fetcher._fetch`,\n*/\nexport function createSolidLogic(specialFetch: { fetch: (url: any, requestInit: any) => any }, session: Session): SolidLogic {\n\n debug.log('SolidLogic: Unique instance created. There should only be one of these.')\n const store: LiveStore = rdf.graph() as LiveStore\n rdf.fetcher(store, {fetch: specialFetch.fetch}) // Attach a web I/O module, store.fetcher\n store.updater = new rdf.UpdateManager(store) // Add real-time live updates store.updater\n store.features = [] // disable automatic node merging on store load\n\n const authn: AuthnLogic = new SolidAuthnLogic(session)\n \n const acl = createAclLogic(store)\n const containerLogic = createContainerLogic(store)\n const utilityLogic = createUtilityLogic(store, acl, containerLogic)\n const profile = createProfileLogic(store, authn, utilityLogic)\n const chat = createChatLogic(store, profile)\n const inbox = createInboxLogic(store, profile, utilityLogic, containerLogic, acl)\n const typeIndex = createTypeIndexLogic(store, authn, profile, utilityLogic)\n debug.log('SolidAuthnLogic initialized')\n\n function load(doc: NamedNode | NamedNode[] | string) {\n return store.fetcher.load(doc)\n }\n\n // @@@@ use the one in rdflib.js when it is available and delete this\n function updatePromise(\n del: Array<Statement>,\n ins: Array<Statement> = []\n ): Promise<void> {\n return new Promise((resolve, reject) => {\n store.updater.update(del, ins, function (_uri, ok, errorBody) {\n if (!ok) {\n reject(new Error(errorBody))\n } else {\n resolve()\n }\n }) // callback\n }) // promise\n }\n\n function clearStore() {\n store.statements.slice().forEach(store.remove.bind(store))\n }\n\n return {\n store,\n authn,\n acl,\n inbox,\n chat,\n profile,\n typeIndex,\n load,\n updatePromise,\n clearStore\n }\n}\n","import * as debug from '../util/debug'\nimport { authSession } from '../authSession/authSession'\nimport { createSolidLogic } from './solidLogic'\nimport { SolidLogic } from '../types'\n\nconst _fetch = async (url, requestInit) => {\n const omitCreds = requestInit && requestInit.credentials && requestInit.credentials == 'omit'\n if (authSession.info.webId && !omitCreds) { // see https://github.com/solidos/solidos/issues/114\n // In fact fetch should respect credentials omit itself\n return authSession.fetch(url, requestInit)\n } else {\n return window.fetch(url, requestInit)\n }\n}\n\n// Global singleton pattern to ensure unique store across library versions\nconst SINGLETON_SYMBOL = Symbol.for('solid-logic-singleton')\n\n// Type the global object properly with the singleton\ninterface GlobalWithSingleton {\n [SINGLETON_SYMBOL]?: SolidLogic\n}\n\nconst globalTarget = (typeof window !== 'undefined' ? window : global) as GlobalWithSingleton\n\nfunction getOrCreateSingleton(): SolidLogic {\n if (!globalTarget[SINGLETON_SYMBOL]) {\n debug.log('SolidLogic: Creating new global singleton instance.')\n globalTarget[SINGLETON_SYMBOL] = createSolidLogic({ fetch: _fetch }, authSession)\n debug.log('Unique quadstore initialized.')\n } else {\n debug.log('SolidLogic: Using existing global singleton instance.')\n }\n return globalTarget[SINGLETON_SYMBOL]!\n}\n//this const makes solidLogicSingleton global accessible in mashlib\nconst solidLogicSingleton = getOrCreateSingleton()\n\nexport { solidLogicSingleton }","const DEFAULT_ISSUERS = [\n {\n name: 'Solid Community',\n uri: 'https://solidcommunity.net'\n },\n {\n name: 'Solid Web',\n uri: 'https://solidweb.org'\n },\n {\n name: 'Solid Web ME',\n uri: 'https://solidweb.me'\n },\n {\n name: 'Inrupt.com',\n uri: 'https://login.inrupt.com'\n }\n]\n\n/**\n * @returns - A list of suggested OIDC issuers\n */\nexport function getSuggestedIssuers (): { name: string, uri: string }[] {\n // Suggest a default list of OIDC issuers\n const issuers = [...DEFAULT_ISSUERS]\n \n // Suggest the current host if not already included\n const { host, origin } = new URL(location.href)\n const hosts = issuers.map(({ uri }) => new URL(uri).host)\n if (!hosts.includes(host) && !hosts.some(existing => isSubdomainOf(host, existing))) {\n issuers.unshift({ name: host, uri: origin })\n }\n \n return issuers\n }\n \nfunction isSubdomainOf (subdomain: string, domain: string): boolean {\n const dot = subdomain.length - domain.length - 1\n return dot > 0 && subdomain[dot] === '.' && subdomain.endsWith(domain)\n}","// Make these variables directly accessible as it is what you need most of the time\n// This also makes these variable globaly accesible in mashlib\nimport { solidLogicSingleton } from './logic/solidLogicSingleton'\n\nconst authn = solidLogicSingleton.authn\nconst authSession = solidLogicSingleton.authn.authSession\nconst store = solidLogicSingleton.store\n\nexport { ACL_LINK } from './acl/aclLogic'\nexport { offlineTestID, appContext } from './authn/authUtil'\nexport { getSuggestedIssuers } from './issuer/issuerLogic'\nexport { createTypeIndexLogic } from './typeIndex/typeIndexLogic'\nexport type { AppDetails, SolidNamespace, AuthenticationContext, SolidLogic, ChatLogic } from './types'\nexport { UnauthorizedError, CrossOriginForbiddenError, SameOriginForbiddenError, NotFoundError, FetchError, NotEditableError, WebOperationError } from './logic/CustomError'\n\nexport {\n solidLogicSingleton, // solidLogicSingleton is exported entirely because it is used in solid-panes\n store,\n authn,\n authSession\n}\n\n"],"names":[],"sourceRoot":""}
1
+ {"version":3,"file":"solid-logic.js","mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AACD,O;;;;;;ACVA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,oBAAoB,KAAK;AACzB;AACA,wBAAwB,mBAAmB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;;;;;;;;;;;;;;;;ACjFA,kD;;;;;;UCAA;UACA;;UAEA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;;UAEA;UACA;;UAEA;UACA;UACA;;UAEA;UACA;;;;;WCzBA;WACA;WACA;WACA;WACA;WACA,iCAAiC,WAAW;WAC5C;WACA,E;;;;;WCPA;WACA;WACA;WACA;WACA,yCAAyC,wCAAwC;WACjF;WACA;WACA,E;;;;;WCPA;WACA;WACA;WACA;WACA,GAAG;WACH;WACA;WACA,CAAC,I;;;;;WCPD,wF;;;;;WCAA;WACA;WACA;WACA,uDAAuD,iBAAiB;WACxE;WACA,gDAAgD,aAAa;WAC7D,E;;;;;WCNA,2B;;;;;WCAA;;WAEA;WACA;WACA;WACA;WACA;WACA;;WAEA;;WAEA;;WAEA;;WAEA;;WAEA;;WAEA;;WAEA,oB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACpBO,SAAS,GAAG,CAAC,GAAG,IAAW;IAChC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;AACtB,CAAC;AAEM,SAAS,IAAI,CAAC,GAAG,IAAW;IACjC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AACvB,CAAC;AAEM,SAAS,KAAK,CAAC,GAAG,IAAW;IAClC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;AACxB,CAAC;AAEM,SAAS,KAAK,CAAC,GAAG,IAAW;IAClC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;AACxB,CAAC;;;ACfD;AACA;;AAEA;AACA,gCAAgC,oBAAoB;AACpD;AACA;AACA;;AAEA;AACA;AACA;AACA,wCAAwC,QAAQ;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,sBAAsB;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,mBAAmB;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,SAAS,0BAA0B;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,SAAS,0BAA0B;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,2EAA2E,MAAM,UAAU,KAAK;AAChG;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,kBAAkB,OAAO,KAAK;AAC3D;AACA;AACA,6BAA6B,WAAW,KAAK,UAAU;AACvD;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,8BAA8B,iBAAiB,OAAO,KAAK;AAC3D;AACA;AACA,8BAA8B,UAAU,KAAK,SAAS;AACtD;AACA;AACA,0BAA0B,SAAS;AACnC;AACA;AACA,4BAA4B,OAAO;AACnC;AACA;AACA,qCAAqC,YAAY;AACjD;AACA;AACA;AACA,+CAA+C,wBAAwB;AACvE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,KAAK;AACvC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,gBAAgB,gBAAgB;AAChC;AACA,mCAAmC,KAAK;AACxC;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,8BAA8B,kBAAkB;AAClF;AACA;AACA;AACA;AACA;AACA,kCAAkC,wCAAwC,kBAAkB;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,qCAAqC;AAC1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA,YAAY,uBAAuB;AACnC;AACA;AACA;AACA;AACA;AACA,sBAAsB;AACtB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0CAA0C,aAAa;AACvD;AACA;AACA;AACA,yBAAyB,kBAAkB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,eAAe;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,eAAe;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB;;AAElB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC,aAAa;AAC9C;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,qGAAqG,MAAM;AAC3G;AACA;AACA,4FAA4F,IAAI;AAChG;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA,+BAA+B,UAAU;AACzC;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,EAAE;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sEAAsE,UAAU;AAChF;AACA;AACA,yDAAyD,UAAU;AACnE;AACA;AACA,yDAAyD,UAAU;AACnE;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,gCAAgC,OAAO;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,iCAAiC;AAC7C;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,wBAAwB,cAAc;AACtC;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA,qBAAqB;AACrB;AACA,qBAAqB;AACrB;AACA,8CAA8C,KAAK;AACnD;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uDAAuD,aAAa,cAAc,iBAAiB;AACnG;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,MAAM;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,uDAAuD;AACnE;AACA;AACA;AACA,6CAA6C,gDAAgD;AAC7F,qBAAqB;AACrB;AACA,iBAAiB;AACjB;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+DAA+D;AAC/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,MAAM;AAClB;AACA;AACA;AACA;AACA;AACA,YAAY,8DAA8D;AAC1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oEAAoE,MAAM;AAC1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,cAAc;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA,iBAAiB;AACjB;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,MAAM;AACtB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB,cAAc,GAAG,YAAY,GAAG,cAAc;AAChE;AACA;;AAEA;AACA;AACA,uCAAuC,OAAO;AAC9C;AACA;AACA;AACA;AACA,4BAA4B;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA,8BAA8B;AAC9B;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA,8BAA8B;AAC9B;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,gCAAgC,aAAa;AAC7C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA,2BAA2B;AAC3B;AACA;AACA;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,WAAW,IAAI;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,gBAAgB,iBAAiB;AACjC;AACA;AACA;AACA;AACA;AACA,oBAAoB,UAAU;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sDAAsD;AACtD;AACA,sCAAsC,mBAAmB;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,KAAK,GAAG,QAAQ;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;AACA;;AAEA;;AAEA;AACA;AACA;AACA,YAAY,qBAAqB;AACjC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,cAAc;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,cAAc;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,iCAAiC;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA,KAAK;AACL;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gDAAgD,WAAW;AAC3D;AACA;AACA,mDAAmD,gBAAgB;AACnE;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,oEAAoE;AACpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sHAAsH,oCAAoC;AAC1J;AACA;AACA,uDAAuD,gBAAgB;AACvE;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,0CAA0C;AACtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,sCAAsC;AAC/D;AACA,sBAAsB,8BAA8B;AACpD;AACA,2BAA2B,oBAAoB;AAC/C,kBAAkB,WAAW;AAC7B,2BAA2B;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mDAAmD,gBAAgB;AACnE;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,UAAU;AACtB;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B;AAC5B,0BAA0B;AAC1B;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uDAAuD,gBAAgB;AACvE;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,UAAU;AAC1B;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;;AAEA;AACA;AACA;AACA;AACA;AACA,CAAC,sCAAsC;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,sBAAsB;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,WAAW,EAAE,aAAa;AAC9C;AACA;AACA;AACA;AACA;AACA,6CAA6C,2CAA2C;AACxF,6BAA6B;AAC7B,wCAAwC;AACxC,8CAA8C,kBAAkB;AAChE;AACA;AACA,4BAA4B,kBAAkB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC;AACtC;AACA;AACA,2CAA2C;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kDAAkD;AAClD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qEAAqE;AACrE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yEAAyE,UAAU,8CAA8C;AACjI;AACA;AACA,+EAA+E,UAAU,mCAAmC;AAC5H;AACA;AACA;AACA;AACA;;AAEA;AACA,mCAAmC,kEAAqC;;AAExE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC,kDAAkD;;AAEnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oDAAoD,mBAAmB;AACvE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kEAAkE,GAAG,SAAS,mBAAmB;AACjG;AACA;AACA,oEAAoE,GAAG,SAAS,mBAAmB;AACnG;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kEAAkE,GAAG,KAAK,mBAAmB;AAC7F;AACA;AACA,oEAAoE,GAAG,KAAK,mBAAmB;AAC/F;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qEAAqE,GAAG,KAAK,mBAAmB;AAChG;AACA;AACA,uEAAuE,GAAG,KAAK,mBAAmB;AAClG;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mEAAmE,mBAAmB;AACtF;AACA;AACA,qEAAqE,mBAAmB;AACxF;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,oDAAoD,gBAAgB;AACpE;AACA;AACA;AACA;AACA,2CAA2C,sCAAsC;AACjF,SAAS;AACT;AACA;AACA,gBAAgB,uBAAuB;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B;AAC7B;AACA;AACA,2BAA2B;AAC3B,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,uCAAuC,mCAAmC;AAC1E;AACA;AACA;AACA,uCAAuC,gCAAgC;AACvE;AACA;AACA;;AAEkE;AAClE;;;AC1mFA,IAAI,aAAQ;AACZ,MAAM,gBAAW;;AAEjB,MAAM,WAAM;AACZ,gCAAgC,oBAAoB;AACpD,gCAAgC,aAAQ;AACxC;AACA,IAAI,aAAQ,GAAG,WAAM;;AAErB,MAAM,YAAO;AACb,MAAM,YAAO;AACb,SAAS,WAAM;AACf,wCAAwC,QAAQ;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,MAAM,iBAAY;AAClB;AACA;AACA,oBAAoB,YAAO;AAC3B;AACA;AACA;AACA,oBAAoB,sBAAsB;AAC1C;AACA;AACA;AACA;AACA,MAAM,WAAM;AACZ,WAAW,iBAAY;AACvB;AACA,MAAM,iBAAY;AAClB;AACA;AACA,oBAAoB,mBAAmB;AACvC;AACA;AACA;AACA;AACA,MAAM,aAAQ;AACd;AACA;AACA,kBAAkB,YAAO;AACzB;AACA;AACA;AACA,eAAe,iBAAY;AAC3B;AACA;AACA;AACA;AACA;;AAEA,MAAM,cAAS;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAS;AACT,MAAM,6BAAwB,SAAS,cAAS;AAChD;AACA,yBAAyB,SAAS,0BAA0B;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA,6BAAwB;AACxB,MAAM,eAAU,SAAS,cAAS;AAClC;AACA,yBAAyB,SAAS,0BAA0B;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA,eAAU;AACV,MAAM,sBAAiB,SAAS,cAAS;AACzC;AACA;AACA;AACA;AACA;AACA,sBAAiB;AACjB,MAAM,qBAAgB,SAAS,cAAS;AACxC;AACA;AACA;AACA;AACA;AACA,qBAAgB;AAChB,MAAM,wBAAmB,SAAS,cAAS;AAC3C;AACA;AACA;AACA;AACA;AACA,wBAAmB;AACnB,MAAM,eAAU,SAAS,cAAS;AAClC;AACA;AACA;AACA;AACA;AACA,eAAU;AACV,MAAM,eAAU,SAAS,cAAS;AAClC;AACA;AACA;AACA;AACA;AACA,eAAU;AACV,MAAM,eAAU,SAAS,cAAS;AAClC;AACA;AACA;AACA;AACA;AACA,eAAU;AACV,MAAM,eAAU,SAAS,cAAS;AAClC;AACA;AACA;AACA;AACA;AACA,eAAU;AACV,MAAM,gBAAW,SAAS,cAAS;AACnC;AACA;AACA;AACA;AACA;AACA,gBAAW;AACX,MAAM,sBAAiB,SAAS,cAAS;AACzC;AACA;AACA;AACA;AACA;AACA,sBAAiB;AACjB,MAAM,6BAAwB,SAAS,cAAS;AAChD;AACA;AACA;AACA;AACA;AACA,6BAAwB;AACxB,MAAM,gBAAW,SAAS,cAAS;AACnC;AACA;AACA;AACA;AACA;AACA,gBAAW;AACX,MAAM,mCAA8B,SAAS,cAAS;AACtD;AACA;AACA;AACA;AACA;AACA,mCAA8B;;AAE9B,SAAS,aAAQ;AACjB,2EAA2E,MAAM,UAAU,KAAK;AAChG;AACA,SAAS,gBAAW;AACpB;AACA;AACA,SAAS,kBAAa;AACtB;AACA;AACA,SAAS,kBAAa;AACtB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,eAAU;AACnB;AACA;AACA;AACA;AACA,6BAA6B,kBAAkB,OAAO,KAAK;AAC3D;AACA;AACA,6BAA6B,WAAW,KAAK,UAAU;AACvD;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA,SAAS,sBAAiB;AAC1B;AACA;AACA;AACA;AACA,iBAAiB,gBAAW;AAC5B,sBAAsB,aAAQ;AAC9B;AACA,2BAA2B,kBAAa;AACxC;AACA,sBAAsB,aAAQ,QAAQ,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA,iBAAiB,gBAAW;AAC5B,sBAAsB,aAAQ;AAC9B;AACA,2BAA2B,kBAAa;AACxC;AACA,sBAAsB,aAAQ,QAAQ,SAAS;AAC/C;AACA;AACA;AACA;AACA;AACA,iBAAiB,gBAAW;AAC5B,sBAAsB,aAAQ;AAC9B;AACA,2BAA2B,kBAAa;AACxC;AACA,sBAAsB,aAAQ,QAAQ,SAAS;AAC/C;AACA;AACA;AACA;AACA,sBAAsB,aAAQ;AAC9B;AACA;AACA;AACA;AACA,iBAAiB,gBAAW;AAC5B,sBAAsB,aAAQ;AAC9B;AACA;AACA;AACA;AACA;AACA,iBAAiB,gBAAW;AAC5B,sBAAsB,aAAQ;AAC9B,6BAA6B,kBAAa;AAC1C;AACA;AACA,sBAAsB,aAAQ;AAC9B;AACA;AACA;AACA;AACA;AACA,IAAI,eAAU;AACd;;AAEA,SAAS,YAAO;AAChB;AACA;AACA;AACA,8BAA8B,iBAAiB,OAAO,KAAK;AAC3D;AACA;AACA,8BAA8B,UAAU,KAAK,SAAS;AACtD;AACA;AACA,0BAA0B,SAAS;AACnC;AACA;AACA,4BAA4B,OAAO;AACnC;AACA;AACA,qCAAqC,YAAY;AACjD;AACA;AACA;AACA,+CAA+C,wBAAwB;AACvE;AACA;AACA;AACA;AACA,IAAI,oBAAe;AACnB,WAAW,YAAO;AAClB;AACA,SAAS,YAAO;AAChB,WAAW,YAAO,gBAAgB,KAAK;AACvC;;AAEA,IAAI,cAAS;AACb,QAAQ,gBAAW;AACnB;AACA;AACA;AACA;AACA,MAAM,UAAK;;AAEX,MAAM,eAAU;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,iBAAY,GAAG,eAAU;;AAE7B,SAAS,iBAAY;AACrB;AACA;AACA,SAAS,aAAQ;AACjB,SAAS,iBAAY;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,IAAI,mBAAc;AAClB;AACA,gBAAgB,gBAAgB;AAChC;AACA,mCAAmC,KAAK;AACxC;AACA;AACA;;AAEA,SAAS,UAAK;AACd,WAAW,aAAQ;AACnB;AACA,SAAS,iBAAY;AACrB;AACA;AACA,SAAS,gBAAW;AACpB;AACA;AACA,SAAS,gBAAW;AACpB,WAAW,UAAK;AAChB;;AAEA,SAAS,kBAAa;AACtB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,8BAA8B,kBAAkB;AAClF;AACA;AACA;AACA;AACA;AACA,kCAAkC,wCAAwC,kBAAkB;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,qCAAqC;AAC1E;AACA;AACA;AACA;AACA,8BAA8B,qBAAgB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,8BAA8B,qBAAgB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA,8BAA8B,qBAAgB;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,qBAAgB;AACtC;AACA,aAAa;AACb;AACA,MAAM,UAAK;AACX;AACA;AACA;AACA,YAAY,uBAAuB,EAAE,kBAAa;AAClD;AACA;AACA;AACA;AACA;AACA,sBAAsB;AACtB;AACA;AACA,WAAW,aAAQ;AACnB;AACA,IAAI,gBAAW,GAAG,UAAK;;AAEvB,MAAM,mBAAc,UAAU,aAAQ;AACtC,IAAI,cAAS;AACb,IAAI,aAAQ;AACZ,MAAM,gBAAW;AACjB;AACA;AACA,MAAM,mBAAc;AACpB;AACA;AACA;AACA;AACA,4BAA4B,gBAAW,GAAG,aAAa;AACvD;AACA;AACA;AACA,yBAAyB,kBAAkB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,uBAAkB;AACxB,QAAQ,gBAAW;AACnB,+BAA+B,eAAe;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,mBAAc;AACjC;AACA,QAAQ,aAAQ,KAAK,aAAQ;AAC7B,eAAe,mBAAc,CAAC,aAAQ;AACtC;AACA,QAAQ,UAAK;AACb;AACA,mBAAmB,aAAQ;AAC3B,QAAQ,aAAQ,KAAK,aAAQ;AAC7B,0BAA0B,mBAAc,CAAC,aAAQ;AACjD;AACA;AACA;AACA;AACA,MAAM,wBAAmB;AACzB,QAAQ,gBAAW;AACnB,+BAA+B,eAAe;AAC9C;AACA,mBAAmB,mBAAc;AACjC;AACA,QAAQ,cAAS,KAAK,cAAS;AAC/B,eAAe,mBAAc,CAAC,cAAS;AACvC;AACA,QAAQ,UAAK;AACb;AACA,mBAAmB,aAAQ;AAC3B,QAAQ,cAAS,KAAK,cAAS;AAC/B,0BAA0B,mBAAc,CAAC,cAAS;AAClD;AACA;AACA;AACA;AACA,IAAI,cAAS,KAAK,kBAAkB,8CAAqB;;AAEzD,eAAe,cAAS;AACxB,SAAS,aAAQ;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,aAAQ;AAC3B;AACA;AACA,0BAA0B,qBAAgB;AAC1C;AACA;AACA;AACA,mBAAmB,gBAAW,GAAG,aAAa;AAC9C;AACA,sBAAsB,qBAAgB;AACtC;AACA;;AAEA,MAAM,QAAG;AACT,MAAM,iBAAY;AAClB;AACA;AACA;AACA;AACA,qGAAqG,MAAM;AAC3G;AACA;AACA,4FAA4F,IAAI;AAChG;AACA;AACA;AACA,MAAM,uBAAkB;AACxB;AACA;AACA,oBAAoB,UAAK;AACzB,YAAY,gBAAW,SAAS,iBAAY;AAC5C;AACA;AACA;AACA,SAAS,cAAS;AAClB,4BAA4B,YAAO,cAAc,UAAK;AACtD;AACA;AACA,+BAA+B,QAAG,OAAO;AACzC;AACA;AACA,MAAM,wBAAmB;AACzB,oBAAoB,UAAK;AACzB;AACA;AACA,oBAAoB,iBAAY,SAAS,iBAAY;AACrD;AACA;AACA;AACA,oBAAoB,gBAAW,SAAS,iBAAY;AACpD;AACA;AACA;AACA;AACA,SAAS,cAAS;AAClB,4BAA4B,YAAO,cAAc,UAAK;AACtD;AACA;AACA,+BAA+B,QAAG,OAAO;AACzC;AACA;AACA,+BAA+B,QAAG,OAAO;AACzC;AACA;AACA,+BAA+B,QAAG,OAAO;AACzC;AACA;AACA,+BAA+B,QAAG,OAAO;AACzC;AACA;AACA,+BAA+B,QAAG,OAAO;AACzC;AACA;AACA,SAAS,iBAAY;AACrB;AACA;AACA;AACA,cAAc,EAAE;AAChB;AACA,QAAQ,uBAAkB;AAC1B;AACA;AACA,QAAQ,wBAAmB;AAC3B;AACA;AACA,iBAAY;AACZ,MAAM,wBAAmB,GAAG,iBAAY;;AAExC,SAAS,iBAAY;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,qBAAgB,gCAAgC,UAAU;AAChF;AACA;AACA,yDAAyD,UAAU;AACnE;AACA;AACA,yDAAyD,UAAU;AACnE;AACA;AACA;AACA;;AAEA,MAAM,uBAAkB;AACxB;AACA;AACA,gCAAgC,OAAO;AACvC;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,yBAAoB,GAAG,uBAAkB;;AAE7C,MAAM,aAAQ;AACd;AACA;AACA;AACA,eAAe,WAAM;AACrB;AACA;AACA,SAAS,gBAAW;AACpB,4BAA4B,oBAAe,SAAS,UAAK;AACzD;AACA;AACA;AACA;AACA,YAAY,iCAAiC,QAAQ,aAAQ;AAC7D;AACA;AACA,IAAI,eAAU,GAAG,aAAQ;;AAEzB,eAAe,cAAS;AACxB,WAAW,eAAU;AACrB;;AAEA,SAAS,cAAS;AAClB,wBAAwB,cAAc;AACtC;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA,qBAAqB;AACrB;AACA,qBAAqB;AACrB;AACA,qBAAqB;AACrB;AACA,sBAAsB,qBAAgB,QAAQ,KAAK;AACnD;AACA;;AAEA,eAAe,iBAAY;AAC3B;AACA,oBAAoB,cAAS;AAC7B;AACA;AACA,oBAAoB,cAAS;AAC7B;AACA,QAAQ,gBAAW;AACnB,QAAQ,sBAAiB;AACzB;AACA;AACA;AACA;AACA,gCAAgC,oBAAe,SAAS,UAAK;AAC7D;AACA,eAAe,aAAQ,gCAAgC,aAAa,cAAc,iBAAiB;AACnG;AACA,wBAAwB,oBAAe,SAAS,UAAK;AACrD;;AAEA,MAAM,WAAM;AACZ,4BAA4B,iBAAY;AACxC,IAAI,mBAAc;AAClB,sBAAsB,cAAS;AAC/B;AACA,qBAAqB,aAAQ;AAC7B;AACA;AACA;AACA;AACA;AACA,IAAI,aAAQ,GAAG,WAAM;;AAErB,eAAe,oBAAe;AAC9B,SAAS,aAAQ;AACjB,kBAAkB,eAAU;AAC5B;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA,qCAAqC,aAAQ;AAC7C,kBAAkB,eAAU;AAC5B;AACA;AACA;AACA;AACA,oCAAoC,aAAQ;AAC5C,oCAAoC,YAAO;AAC3C;AACA;AACA,sBAAsB,eAAU;AAChC;AACA;AACA,SAAS,iBAAY;AACrB,kBAAkB,eAAU;AAC5B;AACA;AACA;AACA;AACA;AACA,uBAAuB,iBAAY,CAAC,eAAU;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,eAAU;AAChC;AACA;AACA,YAAY,MAAM;AAClB;AACA,kBAAkB,eAAU;AAC5B;AACA,kCAAkC,yBAAoB;AACtD;AACA,kBAAkB,sBAAiB;AACnC;AACA;AACA;AACA,sBAAsB,eAAU;AAChC;AACA;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA;AACA;AACA;AACA;AACA,QAAQ,wBAAmB;AAC3B,YAAY,UAAK;AACjB,wBAAwB,cAAS;AACjC;AACA;AACA;AACA,QAAQ,wBAAmB;AAC3B;AACA,iBAAiB,WAAM,CAAC,YAAO,8BAA8B,YAAO,gDAAgD,YAAO;AAC3H;AACA;AACA,oBAAoB,aAAQ;AAC5B;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA,2BAA2B,aAAQ;AACnC;AACA,kBAAkB,mCAA8B;AAChD;AACA;AACA;AACA;AACA,sBAAsB,aAAQ;AAC9B;AACA;AACA,sBAAsB,eAAU;AAChC;AACA;AACA;AACA,kBAAkB,YAAO;AACzB;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA;;AAEA,eAAe,kBAAa;AAC5B;AACA,cAAc,YAAO;AACrB;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA,YAAY,uDAAuD;AACnE;AACA,kBAAkB,eAAU;AAC5B;AACA,2BAA2B,oBAAe,GAAG,gDAAgD;AAC7F,qBAAqB;AACrB;AACA,iBAAiB;AACjB;AACA;AACA;;AAEA,IAAI,UAAK;;AAET,MAAM,WAAM;AACZ,MAAM,SAAI,GAAG,WAAM;AACnB,MAAM,QAAG,GAAG,SAAI;AAChB,MAAM,SAAI,GAAG,QAAG;AAChB,MAAM,SAAI,GAAG,QAAG;AAChB,MAAM,UAAK;AACX,IAAI,SAAI;AACR,oBAAoB,UAAK;AACzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6CAA6C,WAAM;AACnD;AACA;AACA;AACA;AACA;AACA;AACA,6CAA6C,SAAI;AACjD;AACA;AACA;AACA;AACA,6CAA6C,QAAG;AAChD;AACA;AACA;AACA;AACA,6CAA6C,SAAI;AACjD;AACA;AACA,6CAA6C,SAAI;AACjD;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,MAAM,iBAAY;AAClB,MAAM,0BAAqB;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAU,iDAAiD;AAC/D;AACA;AACA,6BAA6B,YAAO;AACpC;AACA;AACA;AACA,SAAS,aAAQ;AACjB,kBAAkB,eAAU;AAC5B;AACA,YAAY,MAAM;AAClB;AACA;AACA,YAAY,iBAAY,0BAA0B,iBAAY;AAC9D,kBAAkB,6BAAwB;AAC1C;AACA,YAAY,8DAA8D;AAC1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,6BAAwB,sBAAsB,MAAM;AAC1E;AACA;AACA;AACA;AACA,kBAAkB,6BAAwB;AAC1C;AACA;AACA,kBAAkB,6BAAwB;AAC1C;AACA;AACA,SAAS,0BAAqB;AAC9B,kBAAkB,6BAAwB;AAC1C;AACA;AACA;AACA;AACA,wBAAwB,SAAI;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,cAAc;AAC1B,gBAAgB,UAAK;AACrB;AACA,kBAAkB,6BAAwB;AAC1C;AACA;AACA;AACA,sBAAsB,6BAAwB;AAC9C;AACA;AACA,sBAAsB,6BAAwB;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,6BAAwB;AAC9C;AACA;AACA,sBAAsB,eAAU;AAChC;AACA;AACA;AACA;AACA,oEAAoE,SAAI;AACxE;AACA,sBAAsB,eAAU;AAChC;AACA;AACA,sBAAsB,6BAAwB;AAC9C;AACA;AACA;AACA;;AAEA,eAAe,cAAS;AACxB,2BAA2B,kBAAa;AACxC;AACA,kBAAkB,eAAU;AAC5B;AACA,oBAAoB,eAAU;AAC9B,qBAAqB;AACrB;AACA,iBAAiB;AACjB;AACA;AACA;;AAEA,MAAM,SAAI;AACV,4BAA4B,iBAAY;AACxC,IAAI,mBAAc;AAClB,4BAA4B,aAAQ,aAAa,cAAS;AAC1D;AACA;AACA,IAAI,WAAM,GAAG,SAAI;;AAEjB,MAAM,kBAAa;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,eAAU;AAChC;AACA,aAAa,iBAAY;AACzB,sBAAsB,eAAU;AAChC;AACA;AACA;AACA;AACA;AACA,2BAA2B,iBAAY,CAAC,eAAU;AAClD;AACA;AACA;AACA;AACA,0BAA0B,eAAU;AACpC;AACA;AACA,gBAAgB,MAAM;AACtB;AACA,sBAAsB,eAAU;AAChC;AACA,QAAQ,wBAAmB;AAC3B;AACA;AACA,sBAAsB,YAAO,QAAQ,WAAM;AAC3C;AACA;AACA;AACA,8BAA8B,YAAO,QAAQ,WAAM;AACnD;AACA;AACA,8BAA8B,YAAO;AACrC;AACA,qBAAqB,WAAM,kBAAkB,YAAO;AACpD,gCAAgC,WAAM;AACtC;AACA,uBAAuB,WAAM;AAC7B;AACA;AACA;AACA,0BAA0B,YAAO;AACjC;AACA;AACA;AACA;AACA;AACA,4BAA4B,YAAO;AACnC;AACA;AACA;AACA;;AAEA,MAAM,gBAAW;AACjB;AACA,8BAA8B,kBAAa;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB,cAAc,GAAG,YAAY,GAAG,cAAc;AAChE;AACA;;AAEA,SAAS,kBAAa;AACtB;AACA,uCAAuC,OAAO;AAC9C;AACA;AACA;AACA,MAAM,eAAU;AAChB,4BAA4B;AAC5B,aAAa,aAAQ;AACrB;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA,8BAA8B,uBAAuB,kBAAa;AAClE;AACA;AACA,8BAA8B,uBAAuB,kBAAa,iBAAiB,UAAK;AACxF;AACA;AACA,8BAA8B,uBAAuB,UAAK,eAAe,SAAI;AAC7E;AACA;AACA;AACA;AACA;AACA,8BAA8B,uBAAuB,kBAAa;AAClE;AACA;AACA,8BAA8B,uBAAuB,kBAAa,sBAAsB,UAAK;AAC7F;AACA;AACA,8BAA8B,uBAAuB,UAAK,eAAe,SAAI;AAC7E;AACA;AACA;AACA;AACA;AACA,8BAA8B,uBAAuB,UAAK;AAC1D;AACA;AACA,8BAA8B,uBAAuB,kBAAa,gBAAgB,UAAK;AACvF;AACA;AACA;AACA;AACA,qBAAqB,kBAAa,gBAAgB,UAAK,eAAe,SAAI;AAC1E;AACA;AACA;AACA,8BAA8B,uBAAuB,kBAAa;AAClE;AACA;AACA;AACA;;AAEA,MAAM,YAAO,SAAS,eAAU;AAChC;AACA;AACA;AACA;AACA;AACA,wBAAwB,gBAAW,CAAC,YAAO;AAC3C;AACA;AACA;AACA;AACA,sBAAsB,eAAU;AAChC;AACA;AACA;AACA;;AAEA,MAAM,UAAK;AACX;AACA,kBAAkB,eAAU,IAAI,aAAa;AAC7C;AACA;AACA,eAAe,2BAAsB;AACrC,SAAS,aAAQ;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,UAAK;AACjB,YAAY,UAAK;AACjB,YAAY,UAAK;AACjB,2BAA2B;AAC3B;AACA;AACA,YAAY,UAAK;AACjB,YAAY,UAAK;AACjB,2BAA2B;AAC3B;AACA;AACA,YAAY,UAAK;AACjB,YAAY,UAAK;AACjB,2BAA2B;AAC3B;AACA;AACA,YAAY,UAAK;AACjB,2BAA2B;AAC3B;AACA;AACA,sBAAsB,qBAAgB;AACtC;AACA,iBAAiB,YAAO;AACxB,WAAW,WAAM,OAAO,aAAQ;AAChC;;AAEA,SAAS,kBAAa;AACtB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,qBAAgB;AACtC;AACA;AACA,SAAS,eAAU;AACnB;AACA;AACA;AACA,wBAAwB,cAAS;AACjC;AACA,SAAS,cAAS;AAClB,WAAW,aAAQ;AACnB;AACA,SAAS,UAAK;AACd;AACA;AACA;AACA;AACA;AACA,MAAM,gBAAW;AACjB;AACA;AACA,aAAa,eAAU;AACvB,sBAAsB,gBAAW;AACjC;AACA,qBAAqB,UAAK;AAC1B;AACA;AACA,gBAAgB,WAAW,IAAI;AAC/B,oBAAoB,kBAAa;AACjC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,gBAAgB,iBAAiB;AACjC;AACA,sBAAsB,sBAAiB;AACvC;AACA;AACA,8BAA8B,6BAAwB;AACtD,oBAAoB,UAAU;AAC9B;AACA;AACA;AACA,oCAAoC,uBAAkB;AACtD;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,uBAAkB;AACjC;AACA;AACA,eAAe,uBAAkB;AACjC,sDAAsD;AACtD;AACA,0BAA0B,cAAS,GAAG,mBAAmB;AACzD;AACA,sBAAsB,gBAAW;AACjC;AACA;AACA;AACA;AACA;AACA,SAAS,sBAAiB;AAC1B,oBAAoB,gBAAW;AAC/B;AACA;AACA;AACA,yBAAyB,UAAK;AAC9B;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;AACA;;AAEA,MAAM,cAAS;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,sBAAsB,gBAAW;AACjC;AACA,KAAK;AACL;AACA;AACA;AACA,kBAAkB,cAAS;AAC3B;AACA;AACA;AACA;AACA;AACA,kBAAkB,cAAS;AAC3B;AACA;AACA,IAAI,gBAAW,GAAG,cAAS;;AAE3B,SAAS,wBAAmB;AAC5B;AACA;AACA;AACA;AACA,IAAI,eAAU;AACd;AACA;AACA;AACA,IAAI,eAAU,MAAM,KAAK,GAAG,QAAQ;AACpC;AACA,MAAM,cAAS;AACf,SAAS,qBAAgB;AACzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAQ;AACjB;AACA,qDAAqD,aAAQ;AAC7D;AACA;AACA;AACA;AACA,MAAM,iBAAY;AAClB;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA,sBAAsB,cAAS;AAC/B,oCAAoC,cAAS;AAC7C,gBAAgB,qBAAgB,WAAW,cAAS;AACpD;AACA,8BAA8B,sBAAiB;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,sBAAiB;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,wBAAmB;AACrD;AACA;AACA;AACA,YAAY,eAAU;AACtB,sCAAsC,eAAU;AAChD;AACA;AACA,oDAAoD,gBAAW;AAC/D;AACA,0BAA0B,sBAAiB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,SAAS,uBAAkB;AAC3B,oBAAoB,iBAAY;AAChC;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;AACA;;AAEA,MAAM,WAAM,GAAG,aAAQ;;AAEvB,SAAS,cAAS;AAClB;AACA,kBAAkB,eAAU;AAC5B,YAAY,qBAAqB;AACjC;AACA,kBAAkB,eAAU;AAC5B;AACA,kBAAkB,eAAU;AAC5B;AACA,kBAAkB,eAAU;AAC5B;AACA;AACA,kBAAkB,WAAM;AACxB;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA;AACA;AACA,4BAA4B,YAAO;AACnC;AACA;AACA,kBAAkB,eAAU;AAC5B;AACA,SAAS,aAAQ;AACjB,kBAAkB,eAAU;AAC5B;AACA;;AAEA,SAAS,2BAAsB;AAC/B;AACA;AACA,kBAAkB,qBAAgB;AAClC;AACA;AACA;AACA,eAAe,sBAAiB;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,cAAc;AAC3C;AACA,+BAA+B,2BAAsB;AACrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,cAAc;AAC3C;AACA,+BAA+B,2BAAsB;AACrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,iCAAiC;AAC9D;AACA,+BAA+B,2BAAsB;AACrD;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA,8BAA8B,qBAAgB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA,8BAA8B,qBAAgB;AAC9C;AACA;AACA;AACA;AACA,sBAAsB,qBAAgB;AACtC;AACA,WAAW,aAAQ;AACnB;;AAEA,eAAe,oBAAe;AAC9B,WAAW,sBAAiB;AAC5B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,qCAAgC;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA,KAAK;AACL;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,qBAAgB;AACtB;AACA;AACA;AACA;AACA;AACA,gDAAgD,WAAW;AAC3D;AACA;AACA,mDAAmD,gBAAgB;AACnE;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,oEAAoE;AACpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0CAA0C,qCAAgC,4CAA4C,oCAAoC;AAC1J;AACA;AACA,uDAAuD,gBAAgB;AACvE;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,0CAA0C,QAAQ,gBAAW;AACzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,sCAAsC;AAC/D;AACA,sBAAsB,8BAA8B;AACpD;AACA,2BAA2B,oBAAoB;AAC/C,kBAAkB,WAAW;AAC7B,2BAA2B;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,gBAAW;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,uBAAkB;AACxB;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2BAA2B,oBAAe;AAC1C;AACA,iCAAiC,uBAAkB;AACnD;AACA;AACA,mDAAmD,gBAAgB;AACnE;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,uBAAkB;AACnC,YAAY,UAAU,QAAQ,cAAS;AACvC;AACA;AACA;AACA,KAAK;AACL;AACA,iCAAiC,2BAAsB,OAAO,cAAS;AACvE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B;AAC5B,0BAA0B;AAC1B;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,uBAAkB;AACxB;AACA,iCAAiC,cAAS;AAC1C;AACA;AACA,2BAA2B,YAAO;AAClC;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;;AAEA,MAAM,gBAAW;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,uBAAkB;AACvD;AACA;AACA,uDAAuD,gBAAgB;AACvE;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB,uBAAkB;AACvC,gBAAgB,UAAU,QAAQ,cAAS;AAC3C;AACA;AACA;AACA,SAAS;AACT;AACA,qCAAqC,2BAAsB,OAAO,cAAS;AAC3E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,uBAAkB;AACxB;AACA,iCAAiC,cAAS;AAC1C;AACA;AACA,2BAA2B,YAAO;AAClC;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,SAAS;AACT,KAAK;AACL;;AAEA,IAAI,kBAAa;AACjB;AACA;AACA;AACA;AACA,CAAC,EAAE,kBAAa,KAAK,kBAAa,KAAK;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,sBAAsB;AACtC;AACA;AACA;AACA;AACA;AACA,MAAM,gBAAW;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B;AAC7B;AACA;AACA,kCAAkC,kBAAa;AAC/C;AACA,kCAAkC,kBAAa;AAC/C;AACA,kCAAkC,kBAAa;AAC/C;AACA;AACA,cAAc,qBAAgB;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,uBAAkB;AACvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA,QAAQ,gBAAW;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,WAAW,EAAE,aAAa;AAC9C;AACA;AACA;AACA;AACA;AACA,6CAA6C,2CAA2C;AACxF,6BAA6B;AAC7B,wCAAwC;AACxC,8CAA8C,kBAAkB;AAChE;AACA;AACA,4BAA4B,kBAAkB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC;AACtC;AACA;AACA,2CAA2C;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kDAAkD;AAClD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,cAAS;AAC9C,mBAAmB,YAAO;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC,cAAS;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qEAAqE;AACrE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,kBAAa,iBAAiB,UAAU,8CAA8C;AACjI;AACA;AACA,2CAA2C,kBAAa,uBAAuB,UAAU,mCAAmC;AAC5H;AACA;AACA,2CAA2C,kBAAa;AACxD;AACA;;AAEsC;AACtC;;;AC92EA;;;;;;;;;;;;;;;GAeG;AAIsC;AACwB;AAGjE,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAEvE,MAAM,qBAAqB;IAAlC;QACmB,QAAG,GAAG,IAAI,GAAG,EAAe;IAkC/C,CAAC;IAhCS,kCAAkC,CAAC,EAAU,EAAE,KAAU;QAC/D,OAAO,EAAE,KAAK,eAAe,IAAI,CAAC,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO,IAAI;IACb,CAAC;IAED,KAAK,CAAC,OAAO,CAAE,EAAU,EAAE,KAAU;QACnC,qEAAqE;QACrE,yEAAyE;QACzE,IAAI,IAAI,CAAC,kCAAkC,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;YACvD,OAAM;QACR,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,OAAO,CAAE,EAAU;QACvB,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI;IACnD,CAAC;IAED,KAAK,CAAC,UAAU,CAAE,EAAU;QAC1B,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE;IAClB,CAAC;IAED,KAAK;QACH,+BAA+B;IACjC,CAAC;CACF;AAEM,MAAM,wBAAwB;IAArC;QACU,OAAE,GAAuB,IAAI;QACpB,WAAM,GAAG,OAAO;QAChB,cAAS,GAAG,SAAS;QACrB,cAAS,GAAG,CAAC;IAyFhC,CAAC;IAvFS,KAAK,CAAC,kCAAkC,CAAC,EAAU,EAAE,KAAU;QACrE,IAAI,EAAE,KAAK,eAAe,IAAI,CAAC,CAAC,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC,EAAE,CAAC;YAC/D,OAAO,KAAK;QACd,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO,QAAQ,IAAI,IAAI,IAAI,QAAQ,KAAK,EAAE;IAC5C,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI;QACxB,IAAI,OAAO,SAAS,KAAK,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC;QACnE,CAAC;QAED,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;YAE3D,OAAO,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;YAC7C,OAAO,CAAC,SAAS,GAAG,GAAG,EAAE;gBACvB,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,MAAM;gBACxB,OAAO,EAAE;YACX,CAAC;YACD,OAAO,CAAC,eAAe,GAAG,GAAG,EAAE;gBAC7B,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM;gBACzB,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBAClD,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC;gBACtC,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,OAAO,IAAI;IACb,CAAC;IAED,KAAK,CAAC,OAAO,CAAE,EAAU,EAAE,KAAU;QACnC,MAAM,IAAI,CAAC,IAAI,EAAE;QACjB,qEAAqE;QACrE,yEAAyE;QACzE,IAAI,MAAM,IAAI,CAAC,kCAAkC,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;YAC7D,OAAM;QACR,CAAC;QACD,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,OAAO,CAAE,EAAU;QACvB,MAAM,IAAI,CAAC,IAAI,EAAE;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,UAAU,CAAE,EAAU;QAC1B,MAAM,IAAI,CAAC,IAAI,EAAE;QACjB,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,IAAI,EAAE;QACjB,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IAC3D,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE;YACf,IAAI,CAAC,EAAE,GAAG,IAAI;QAChB,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,IAAwB,EAAE,EAA8C;QACxF,OAAO,IAAI,OAAO,CAAM,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;gBACrD,OAAM;YACR,CAAC;YAED,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC;YACpD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC;YAC5C,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC;YACzB,IAAI,MAAM,GAAQ,IAAI;YAEtB,EAAE,CAAC,OAAO,GAAG,GAAG,EAAE,WAAC,aAAM,CAAC,QAAE,CAAC,KAAK,mCAAI,OAAO,CAAC,KAAK,CAAC;YACpD,EAAE,CAAC,OAAO,GAAG,GAAG,EAAE,eAAC,aAAM,CAAC,cAAE,CAAC,KAAK,mCAAI,OAAO,CAAC,KAAK,mCAAI,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAClG,EAAE,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;YAErC,OAAO,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;YAC7C,OAAO,CAAC,SAAS,GAAG,GAAG,EAAE;;gBACvB,MAAM,GAAG,aAAO,CAAC,MAAM,mCAAI,IAAI;YACjC,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;CACF;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,SAAS,kBAAkB;;IACzB,MAAM,OAAO,GAAG,oBAAe;IAC/B,MAAM,SAAS,GAAG,mBAAO,CAAC,WAAW,mCAAI,aAAO,CAAC,OAAO,0CAAE,WAAW,mCAAI,OAAO,CAAC,OAAO;IAExF,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,IAAI;IACb,CAAC;IAED,OAAO,SAAgD;AACzD,CAAC;AAED,MAAM,eAAe,GAAG,kBAAkB,EAAE;AAE5C,SAAS,aAAa;IACpB,MAAM,0BAA0B,GAAG,OAAO,MAAM,KAAK,WAAW,IAAI,CAAC,GAAG,EAAE;QACxE,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ;QACrC,uEAAuE;QACvE,wEAAwE;QACxE,gEAAgE;QAChE,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;IACpF,CAAC,CAAC,EAAE;IAEJ,IAAI,0BAA0B,EAAE,CAAC;QAC/B,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,IAAI,eAAe,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,IAAI,wBAAwB,EAAE,EAAE,CAAC;QACrF,CAAC;QACD,OAAO,IAAI,gBAAU,EAAE;IACzB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,gBAAU,EAAE;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,uFAAuF;QACvF,kFAAkF;QAClF,uEAAuE;QACvE,OAAO,CAAC,IAAI,CAAC,uDAAuD,EAAE,KAAK,CAAC;QAC5E,IAAI,CAAC;YACH,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,IAAI,eAAe,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,IAAI,wBAAwB,EAAE,EAAE,CAAC;YACrF,CAAC;YACD,OAAO,IAAI,gBAAU,EAAE;QACzB,CAAC;QAAC,OAAO,OAAO,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,uEAAuE,EAAE,OAAO,CAAC;YAC9F,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,IAAI,eAAe,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,IAAI,qBAAqB,EAAE,EAAE,CAAC;YAClF,CAAC;YACD,OAAO,IAAI,gBAAU,EAAE;QACzB,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,QAAQ,GAAG,aAAa,EAAE;AAEb;;;AC5NnB;;;;;GAKG;AAEH,KAAK,UAAU,2BAA2B,CAAE,MAAc;IACxD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;QACjC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,mCAAmC,EAAE,SAAS,CAAC,MAAM,CAAC;QACnF,MAAM,iBAAiB,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;QAC1F,IAAI,CAAC,iBAAiB,CAAC,EAAE,EAAE,CAAC;YAC1B,OAAO,IAAI;QACb,CAAC;QAED,MAAM,gBAAgB,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE;QACvD,IAAI,OAAO,iBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,MAAM,MAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;YAC7E,OAAO,IAAI;QACb,CAAC;QAED,OAAO,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IACnD,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,IAAI;IACb,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAE,MAAc;IACzD,mFAAmF;IACnF,sFAAsF;IACtF,MAAM,gBAAgB,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC;IAClE,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,gBAAgB;IACzB,CAAC;IACD,OAAO,MAAM;AACf,CAAC;;;ACnCD;;;;;GAKG;AAKH;;;;;;;GAOG;AACI,MAAM,oBAAa;IAA1B;QACmB,cAAS,GAAyC,IAAI,GAAG,EAAE;IAc9E,CAAC;IAZC,EAAE,CAAE,KAAsB,EAAE,OAA2B;QACrD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,GAAG,EAAE,CAAC;QACpE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC,GAAG,CAAC,OAAO,CAAC;IACzC,CAAC;IAED,GAAG,CAAE,KAAsB,EAAE,OAA2B;;QACtD,UAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,0CAAE,MAAM,CAAC,OAAO,CAAC;IAC5C,CAAC;IAED,IAAI,CAAE,KAAsB,EAAE,GAAG,IAAe;;QAC9C,UAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,0CAAE,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACrD,CAAC;CACF;;;ACjCD;;;;;;;;;;GAUG;;AAGiC;AACY;AACR;AAgCxC,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAC9E,mEAAmE;AACnE,yDAAyD;AACzD,+CAA+C;AAC/C,EAAE;AACF,uBAAuB;AACvB,kEAAkE;AAClE,+DAA+D;AAC/D,4CAA4C;AAC5C,2DAA2D;AAC3D,uEAAuE;AACvE,4DAA4D;AAC5D,qEAAqE;AACrE,EAAE;AACF,8CAA8C;AAC9C,qEAAqE;AACrE,uBAAuB;AAEvB,MAAM,UAAU,GAAG,QAAe;AAClC,MAAM,aAAa,GAAG,OAAO,UAAU,CAAC,KAAK,KAAK,UAAU;IAC1D,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;IACjC,CAAC,CAAC,SAAS;AAEb,IAAI,aAAa,EAAE,CAAC;IAClB,MAAM,WAAW,GAAG,KAAK,EAAE,YAAiB,EAAE,WAAoB,EAAoB,EAAE;;QACtF,IAAI,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YACrF,MAAM,UAAU,GAAG,wBAAY,CAAC,UAAU,mCAAI,YAAY,CAAC,GAAG,mCAAI,YAAY,CAAC,MAAM;YACrF,MAAM,WAAW,GAAG,wBAAY,CAAC,WAAW,mCAAI,YAAY,CAAC,YAAY,mCAAI,YAAY,CAAC,WAAW;YACrG,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACtE,OAAO,aAAa,CAAC,MAAM,qBAAqB,CAAC,UAAU,CAAC,EAAE,WAAW,CAAC;YAC5E,CAAC;QACH,CAAC;QACD,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrC,OAAO,aAAa,CAAC,MAAM,qBAAqB,CAAC,YAAY,CAAC,EAAE,WAAW,CAAC;QAC9E,CAAC;QACD,OAAO,aAAa,CAAC,YAAY,EAAE,WAAW,CAAC;IACjD,CAAC;IACD,UAAU,CAAC,KAAK,GAAG,WAA0B;AAC/C,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,MAAM,GAAG,IAAI,oBAAa,EAAE;AAElC,uFAAuF;AACvF,0EAA0E;AAC1E,sEAAsE;AACtE,IAAI,UAAU,GAAG,MAAC,QAAgB,CAAC,QAAQ,mCAAI,OAAO,CAAE,QAAgB,CAAC,KAAK,CAAC;AAC/E,IAAI,OAAQ,QAAmC,CAAC,gBAAgB,KAAK,UAAU,EAAE,CAAC;IAChF,CAAC;IAAC,QAAmC,CAAC,gBAAgB,CAAC,oBAAoB,EAAE,GAAG,EAAE;;QAChF,MAAM,WAAW,GAAG,MAAC,QAAgB,CAAC,QAAQ,mCAAI,OAAO,CAAE,QAAgB,CAAC,KAAK,CAAC;QAClF,IAAI,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,UAAU,GAAG,WAAW;IAC1B,CAAC,CAAC;AACJ,CAAC;AAEM,MAAM,WAAW,GAA4B,MAAM,CAAC,MAAM,CAC/D,QAA+D,EAC/D,EAAE,MAAM,EAAE,CACX;;;;;;;;AChHD,uEAAuE;AAC3B,CAAC,gDAAgD;AAC/D;AAEvB,MAAM,KAAE,GAAG,yBAAc,CAAC,cAAI,CAAC;;;ACJ8B;AAExB;AAGrC,MAAM,QAAQ,GAAG,sBAAG,CACvB,oDAAoD,CACvD;AAEM,SAAS,cAAc,CAAC,KAAK;IAEhC,MAAM,EAAE,GAAG,KAAS;IAEpB,KAAK,UAAU,aAAa,CAAC,GAAc;QACvC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,EAAE,CAAC;QACxD,CAAC;QACD,OAAO,OAAO,CAAC,KAAK;IACxB,CAAC;IACD;;;;;;;;;;;;OAYG;IACH,SAAS,gBAAgB,CACzB,MAAc,EACd,EAAa,EACb,OAGC;QAED,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CACpB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EACjB,QAAQ,CACX;QAED,OAAO,OAAO,CAAC,OAAO,EAAE;aACnB,IAAI,CAAC,GAAG,EAAE;YACX,IAAI,MAAM,EAAE,CAAC;gBACT,OAAO,MAAmB;YAC9B,CAAC;YAED,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBACnC,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1E,CAAC,CAAC;QACF,CAAC,CAAC;aACD,IAAI,CAAC,MAAM,CAAC,EAAE;YACf,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC;YAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC;YAC5D,CAAC;YACD,OAAO,KAAK,CAAC,OAAO;iBACf,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE;gBACjC,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,aAAa;aACzB,CAAC;iBACD,IAAI,CAAC,MAAM,CAAC,EAAE;gBACf,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;oBACb,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,MAAM,CAAC,KAAK,CAAC;gBAC9D,CAAC;gBAED,OAAO,MAAM;YACb,CAAC,CAAC;QACN,CAAC,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,SAAS,WAAW,CAAE,MAAc;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC;QACjE,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;YACtC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAI,MAAc,CAAC,KAAK,CAAC;YAC1E,CAAC;YAED,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CACxB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EACjB,QAAQ,CACP;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,MAAM,CAAC;YACpE,CAAC;YAED,OAAO,MAAmB;QAC9B,CAAC,CAAC;IACN,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,UAAU,CACnB,MAAc,EACd,EAAa,EACb,MAAc,EACd,UAGQ,EAAE;QAEN,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE;QACtC,MAAM,CAAC,GAAG,wBAAK,EAAE;QACjB,MAAM,IAAI,GAAG,4BAAS,CAAC,gCAAgC,CAAC;QACxD,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,KAAK,CAAC;QAC7B,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACzB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,CAAC;QACpD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC;QACpC,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACxB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC;QACvC,CAAC;QACD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC;QAChC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC;QACzC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC;QAC1C,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC;QAE5C,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;YACnB,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,KAAK,CAAC;YACzB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,CAAC;YACpD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC;YACpC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC;YACnD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5C,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAC,kBAAkB;YAClE,CAAC;QACL,CAAC;QACD,OAAO,4BAAS,CAAC,GAAG,EAAE,CAAC,EAAE,MAAM,CAAC;IACpC,CAAC;IACD,OAAO;QACH,aAAa;QACb,gBAAgB;QAChB,UAAU;KACb;AACL,CAAC;;;AC1JsC;AACD;AAEtC;;;;;GAKG;AACI,MAAM,UAAU,GAAG,GAAO,EAAE;IAC/B,IAAI,EAAE,eAAe,EAAE,GAAQ,MAAM;IACrC,eAAe,KAAf,eAAe,GAAK,EAAE;IACtB,eAAe,CAAC,iBAAiB,GAAG,KAAK;IACzC,IAAI,eAAe,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI;QACjD,IAAI,WAAW,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YACrD,eAAe,CAAC,iBAAiB,GAAG,IAAI;YACxC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YACnE,IAAI,MAAM,EAAE,CAAC;gBACT,IAAI,UAAU,GAAG,eAAe,CAAC,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI;gBACvE,IAAI,UAAU,EAAE,CAAC;oBACjB,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;oBAClC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;wBACjD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC;wBAClC,eAAe,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC;wBAC5C,eAAe,CAAC,iBAAiB,GAAG,KAAK;oBAC7C,CAAC;gBACD,CAAC;YACL,CAAC;QACD,CAAC;IACL,CAAC;IACD,OAAO,eAAe;AAC1B,CAAC;AAED;;;;;;GAMG;AACI,SAAS,aAAa;IACzB,MAAM,EAAE,qBAAqB,EAAE,GAAQ,MAAM;IAC7C,IACE,OAAO,qBAAqB,KAAK,WAAW;QAC5C,qBAAqB,CAAC,QAAQ,EAC9B,CAAC;QACD,aAAa;QACb,GAAS,CAAC,uBAAuB,GAAG,qBAAqB,CAAC,QAAQ,CAAC;QACnE,OAAO,sBAAG,CAAC,qBAAqB,CAAC,QAAQ,CAAC;IAC5C,CAAC;IACD,oFAAoF;IACpF,8HAA8H;IAC9H,IACE,OAAO,QAAQ,KAAK,WAAW;QAC/B,QAAQ,CAAC,QAAQ;QACjB,CAAC,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,kBAAkB,EAC5D,CAAC;QACD,MAAM,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC,WAAW,CAAC;QAChD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI;QACrB,MAAM,EAAE,GAAG,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC;QACrC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI;QACpB,GAAS,CAAC,mBAAmB,GAAG,EAAE,CAAC;QACnC,OAAO,sBAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IACD,OAAO,IAAI;AACf,CAAC;;;AClEiD;AACI;AAChB;AAI/B,MAAM,eAAe;IAM1B,YAAY,gBAAyC;QAJ7C,sBAAiB,GAAqC,IAAI;QAC1D,+BAA0B,GAAG,KAAK;QAClC,kBAAa,GAAkB,IAAI;QAGzC,IAAI,CAAC,OAAO,GAAG,gBAAgB;IACjC,CAAC;IAED,6FAA6F;IAC7F,IAAI,WAAW,KAA8B,OAAO,IAAI,CAAC,OAAO,EAAC,CAAC;IAElE,WAAW;;QACT,MAAM,GAAG,GAAG,UAAU,EAAE;QACxB,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC1B,OAAO,sBAAG,CAAC,GAAG,CAAC,KAAK,CAAC;QACvB,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAc;QACtC,MAAM,SAAS,GAAG,gBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,IAAI,0CAAE,KAAK;QACzC,MAAM,YAAY,GAAG,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,KAAK;QACtC,MAAM,KAAK,GAAG,SAAS,IAAI,YAAY,IAAI,IAAI,CAAC,aAAa;QAC7D,MAAM,YAAY,GAAG,gBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,IAAI,0CAAE,UAAU;QACjD,MAAM,aAAa,GAAG,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,QAAQ;QAC1C,MAAM,UAAU,GAAG,YAAY,KAAK,IAAI,IAAI,aAAa,KAAK,IAAI;YAChE,CAAC,CAAC,YAAY,IAAI,IAAI,IAAI,aAAa,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1E,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;QAC7B,IAAI,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,KAAK,IAAI,UAAU,EAAE,CAAC;YAChD,OAAO,sBAAG,CAAC,KAAK,CAAC;QACnB,CAAC;QACD,OAAO,aAAa,EAAE,EAAC,sBAAsB;IAC/C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,SAAS,CACb,eAA6C;;QAE7C,yCAAyC;QACzC,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI;QAC/D,IAAI,oBAAoB,EAAE,CAAC;YACzB,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,sBAAsB,EAAE,oBAAoB,CAAC;QAC3E,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAc;QACtC,IAAI,CAAC,IAAI,CAAC,0BAA0B,IAAI,OAAO,iBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,0CAAE,EAAE,MAAK,UAAU,EAAE,CAAC;YACrF,gFAAgF;YAChF,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,GAAW,EAAE,EAAE;gBACrD,GAAS,CAAC,uBAAuB,GAAG,EAAE,CAAC;gBACvC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG;oBAAE,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC;YAC/E,CAAC,CAAC;YACF,IAAI,CAAC,0BAA0B,GAAG,IAAI;QACxC,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,kBAAkB,EAAE;QACpD,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB;QACvC,IAAI,EAAoB;QACxB,IAAI,CAAC;YACH,EAAE,GAAG,MAAM,QAAQ;QACrB,CAAC;gBAAS,CAAC;YACT,IAAI,IAAI,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;gBACxC,IAAI,CAAC,iBAAiB,GAAG,IAAI;YAC/B,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACpE,CAAC;IAEO,KAAK,CAAC,kBAAkB;;QAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAc;QAEtC;;WAEG;QACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QACjD,WAAW,CAAC,IAAI,GAAG,EAAE;QACrB,IAAI,OAAO,WAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,sBAAsB,MAAK,UAAU,EAAE,CAAC;YAC7D,MAAM,UAAU,CAAC,sBAAsB,CAAC;gBACtC,sBAAsB,EAAE,IAAI;gBAC5B,GAAG,EAAE,WAAW,CAAC,IAAI;aACtB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,OAAO,WAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,OAAO,MAAK,UAAU,EAAE,CAAC;gBAC9C,MAAM,SAAS,GAAG,gBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,QAAQ,mCAAI,OAAO,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,KAAK,CAAC;gBACpE,IAAI,CAAC;oBACH,MAAM,UAAU,CAAC,OAAO,EAAE;gBAC5B,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;oBACtE,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC5C,MAAM,KAAK;oBACb,CAAC;oBACD,GAAS,CAAC,gCAAgC,CAAC;gBAC7C,CAAC;gBACD,MAAM,WAAW,GAAG,gBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,QAAQ,mCAAI,OAAO,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,KAAK,CAAC;gBACtE,IAAI,CAAC,SAAS,IAAI,WAAW,EAAE,CAAC;oBAC9B,gBAAU,CAAC,MAAM,0CAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACjE,CAAC;YACH,CAAC;YACD,IAAI,OAAO,WAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,uBAAuB,MAAK,UAAU,EAAE,CAAC;gBAC9D,MAAM,SAAS,GAAG,gBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,QAAQ,mCAAI,OAAO,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,KAAK,CAAC;gBACpE,MAAM,UAAU,CAAC,uBAAuB,EAAE;gBAC1C,MAAM,WAAW,GAAG,gBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,QAAQ,mCAAI,OAAO,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,KAAK,CAAC;gBACtE,IAAI,CAAC,SAAS,IAAI,WAAW,EAAE,CAAC;oBAC9B,gBAAU,CAAC,MAAM,0CAAE,IAAI,CAAC,OAAO,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,qBAAqB,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,sBAAsB,CAAC;QACjF,IAAI,qBAAqB,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;gBAC1C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;oBACtB,2DAA2D;oBAC3D,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,EAAE,qBAAqB,CAAC;gBAChE,CAAC;qBAAM,CAAC;oBACN,gEAAgE;oBAChE,QAAQ,CAAC,IAAI,GAAG,qBAAqB;gBACvC,CAAC;gBACD,MAAM,CAAC,IAAI,GAAG,qBAAqB;YACrC,CAAC;YACD,qHAAqH;YACrH,qHAAqH;YACrH,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC;QACzD,CAAC;QAED,qDAAqD;QACrD,IAAI,EAAE,GAAG,aAAa,EAAE;QACxB,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,EAAE;QACX,CAAC;QAED,IAAI,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,IAAI,EAAE,UAAU,CAAC;QAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,6FAA6F;YAC7F,KAAK,GAAG,MAAM,IAAI,CAAC,yBAAyB,EAAE;QAChD,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,aAAa,GAAG,KAAK;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,aAAa,GAAG,IAAI;QAC3B,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAC3B,CAAC;QAED,IAAI,EAAE,EAAE,CAAC;YACP,GAAS,CAAC,iBAAiB,EAAE,qBAAqB,CAAC;QACrD,CAAC;QAED,OAAO,EAAE;IACX,CAAC;IAEO,KAAK,CAAC,yBAAyB;QACrC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,IAAI;QACb,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC,QAAQ;QACpD,MAAM,eAAe,GAAG,YAAY;QACpC,sDAAsD;QACtD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACxC,OAAO,IAAI;QACb,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC;QAC1D,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjE,OAAO,IAAI;QACb,CAAC;QAED,IAAI,CAAC;YACH,yEAAyE;YACzE,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,0BAA0B,EAAE;gBAC5D,WAAW,EAAE,SAAS;gBACtB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,UAAU;aAClB,CAAC;YACF,IAAI,aAAa,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACjC,OAAO,IAAI;YACb,CAAC;YACD,MAAM,MAAM,GAAG,GAAG,QAAQ,KAAK,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;YAClE,OAAO,GAAG,MAAM,kBAAkB;QACpC,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,OAAO,IAAI;QACb,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,QAAQ,CACN,KAAgC,EAChC,OAA+B;QAE/B,IAAI,QAAgB;QACpB,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,GAAG,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG;YAC1D,MAAM,EAAE,GAAG,4BAAS,CAAC,QAAQ,CAAC;YAC9B,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,EAAE,GAAG,EAAE;YACjB,CAAC;YACD,OAAO,EAAE;QACX,CAAC;QACD,OAAO,IAAI;IACb,CAAC;IAED;;OAEG;IACH,gBAAgB,CACd,WAAsD,EACtD,WAA0E;QAE1E,MAAM,KAAK,GAAG,YAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,KAAK,MAAI,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,KAAK;QACtD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI;QACb,CAAC;QACD,MAAM,YAAY,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU;QAC5C,MAAM,YAAY,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU;QAC5C,MAAM,UAAU,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,QAAQ;QACxC,IAAI,YAAY,KAAK,IAAI,IAAI,YAAY,KAAK,IAAI,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YAC1E,OAAO,KAAK;QACd,CAAC;QACD,IAAI,YAAY,KAAK,KAAK,IAAI,YAAY,KAAK,KAAK,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;YAC7E,OAAO,IAAI;QACb,CAAC;QACD,OAAO,KAAK;IACd,CAAC;CAEF;;;;ACzPsC;AAEhC,SAAS,QAAQ,CAAC,GAAc;IACnC,OAAO,sBAAG,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;AACxD,CAAC;AAEM,SAAS,WAAW,CAAE,GAAgB;IACzC,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;IAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC;IAC7C,OAAO,IAAI,EAAC,4DAA4D;AAC5E,CAAC;AAEM,SAAS,aAAa,CAAC,OAAe,EAAE,IAAU;IACrD,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE;IAClC,MAAM,KAAK,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,GAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;IAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAE,CAAC,CAAE;IACxC,OAAO,IAAI,GAAG,CAAC,aAAa,IAAI,IAAI,KAAK,IAAI,GAAG,IAAI,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE;AACvF,CAAC;AAEM,SAAS,eAAe,CAAC,GAAG;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;QACP,OAAO,IAAI;IACf,CAAC;IACD,OAAO,CACH,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,KAAK,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAC7D;AACL,CAAC;AAEM,SAAS,sBAAsB,CAAE,EAAY;IAChD,MAAM,QAAQ,GAAG,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC;IAC1E,uFAAuF;IACvF,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,YAAY;IAC1E,MAAM,OAAO,GAAG,SAAS,GAAG,WAAW;IACvC,OAAO,sBAAG,CAAC,OAAO,CAAC;AACvB,CAAC;AAEM,SAAS,sBAAsB,CAClC,OAAkB,EAClB,OAAkB;IAElB,cAAc;IACd,mEAAmE;IACnE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAC5B,mBAAmB,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,EACjD,OAAO,CAAC,KAAK,CAChB,CAAC,QAAQ,EAAE;IACZ,OAAO,IAAI,wBAAS,CAAC,gBAAgB,CAAC;AAC1C,CAAC;;;ACnDiD;AAEN;AACoB;AAEhE,MAAM,0BAA0B,GAAG,gBAAgB;AAE5C,SAAS,eAAe,CAAC,KAAK,EAAE,YAAY;IAC/C,MAAM,EAAE,GAAG,KAAS;IAEpB,KAAK,UAAU,MAAM,CACjB,aAAwB,EACxB,EAAa,EACb,OAAkB;QAElB,yDAAyD;QACzD,+DAA+D;QAC/D,gCAAgC;QAChC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;QAEvC,2CAA2C;QAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CACxB,aAAa,EACb,IAAI,wBAAS,CAAC,oDAAoD,CAAC,CACtE;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC;QAC9C,CAAC;QAED,MAAM,OAAO,GAAG;;;;yBAIC,EAAE,CAAC,KAAK;;;;;;;yBAOR,OAAO,CAAC,KAAK;;;;;aAKzB;QACL,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE;YACtD,IAAI,EAAE,OAAO;YACb,WAAW,EAAE,aAAa;SAC7B,CAAC;IACN,CAAC;IAED,KAAK,UAAU,qBAAqB,CAAC,SAAS,EAAE,EAAE;QAC9C,4BAA4B;QAC5B,MAAM,gBAAgB,GAAG,KAAK,CAAC,GAAG,CAC9B,EAAE,EACF,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CACX;QACrB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC;QACpD,CAAC;QACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAC1C,MAAM,GAAG,GAAG,QAAQ,CAAC,gBAAgB,CAAC;QACtC,MAAM,GAAG,GAAG;YACR,qBAAE,CACE,GAAG,EACH,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EACd,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAC5B,gBAAgB,CAAC,GAAG,EAAE,CACzB;YACD,qBAAE,CACE,GAAG,EACH,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EACpB,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,EACtB,gBAAgB,CAAC,GAAG,EAAE,CACzB;YACD,qBAAE,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,SAAS,EAAE,gBAAgB,CAAC,GAAG,EAAE,CAAC;SACnE;QACD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,UAAU,IAAI,EAAE,EAAE,EAAE,IAAI;gBAClD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,IAAI,CAAC;gBACjB,CAAC;YACL,CAAC,CAAC;QACN,CAAC,CAAC;IACN,CAAC;IAED,KAAK,UAAU,QAAQ,CAAC,OAAkB;QACtC,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE;QACtC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC;QAC9D,IAAI,MAAM,GAAG,IAAI;QACjB,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CACpB,IAAI,wBAAS,CAAC,aAAa,CAAC,KAAK,GAAG,gBAAgB,CAAC,CACxD;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,GAAG,KAAK;QAClB,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE;IACxC,CAAC;IAED,KAAK,UAAU,eAAe,CAC1B,aAAwB,EACxB,EAAa;QAEb,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC;YAC1B,EAAE;YACF,OAAO,EAAE,aAAa,CAAC,KAAK;SAC/B,CAAC;QACF,OAAO,OAAO,CAAC,WAAW;IAC9B,CAAC;IAED,SAAS,OAAO,CAAC,cAA8B;QAC3C,MAAM,EAAE,GAAG,KAAK;QAChB,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO;QAC1B,IAAI,cAAc,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,cAAc,CAAC,EAAE,CAAC;QACzE,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,cAAc,CAAC,WAAW;YAC3C,cAAc,CAAC,WAAW;gBAC1B,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,GAAG,0BAA0B,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;QAEpC,EAAE,CAAC,GAAG,CACF,WAAW,EACX,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EACd,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,EACtB,UAAU,CACb;QACD,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,UAAU,CAAC;QAC/D,EAAE,CAAC,GAAG,CACF,WAAW,EACX,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,EAChB,uBAAI,CAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAChC,UAAU,CACb;QACD,IAAI,cAAc,CAAC,EAAE,EAAE,CAAC;YACpB,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE,UAAU,CAAC;QACvE,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,UAAU,OAAO,EAAE,MAAM;YACxC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CACR,UAAU,EACV,EAAE,CAAC,kBAAkB,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,EAClE,aAAa,EACb,UAAU,IAAI,EAAE,EAAE,EAAE,OAAO;gBACvB,IAAI,EAAE,EAAE,CAAC;oBACL,OAAO,CAAC;wBACJ,GAAG,cAAc;wBACjB,WAAW;qBACd,CAAC;gBACN,CAAC;qBAAM,CAAC;oBACJ,MAAM,CACF,IAAI,KAAK,CACL,sCAAsC,GAAG,IAAI,GAAG,KAAK,GAAG,OAAO,CAClE,CACJ;gBACL,CAAC;YACL,CAAC,CACJ;QACL,CAAC,CAAC;IACN,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,OAAO,CAClB,OAAkB,EAClB,eAAe,GAAG,IAAI;QAEtB,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QAC7D,IAAI,MAAM,EAAE,CAAC;YACT,OAAO,IAAI,wBAAS,CAAC,aAAa,CAAC,KAAK,GAAG,0BAA0B,CAAC;QAC1E,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,aAAa,EAAE,EAAE,CAAC;YAC1D,MAAM,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC;YACpC,MAAM,MAAM,CAAC,aAAa,EAAE,EAAE,EAAE,OAAO,CAAC;YACxC,MAAM,qBAAqB,CAAC,SAAS,EAAE,EAAE,CAAC;YAC1C,OAAO,SAAS;QACpB,CAAC;QACD,OAAO,IAAI;IACf,CAAC;IAED,KAAK,UAAU,UAAU,CAAC,OAAkB,EAAE,SAAoB;;QAC9D,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,KAAK,CAAC,GAAG,CAC1B,OAAO,EACP,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EACf,SAAS,EACT,OAAO,CAAC,GAAG,EAAE,CAChB;QACD,IAAI,CAAC,YAAY,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,4BAA4B,OAAO,CAAC,KAAK,EAAE,CAAC;QAChE,CAAC;QACD,MAAM,UAAU,GAAG;;UAEjB,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,SAAS,CAAC,KAAK;SACtC;QAED,MAAM,cAAc,GAAG,MAAM,YAAK,CAAC,OAAO,0CAAE,YAAY,CACpD,MAAM,EACN,YAAY,CAAC,KAAK,EAClB;YACI,IAAI,EAAE,UAAU;YAChB,WAAW,EAAE,aAAa;SAC7B,CACJ;QACD,MAAM,WAAW,GAAG,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QAC3D,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,6BAA6B,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,EAAE,CAAC;QAC1E,CAAC;IACL,CAAC;IACD,OAAO;QACH,MAAM,EAAE,qBAAqB,EAAE,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO;KACzF;AACL,CAAC;;;AC9N4C;AAEtC,SAAS,gBAAgB,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ;IAExF,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,IAAY;QAC3D,MAAM,OAAO,GAAc,MAAM,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,OAAO,GAAc,MAAM,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC;QACjE,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,KAAK,eAAe,kBAAkB,CAAC,IAAI,CAAC,GAAG;QAC3E,MAAM,cAAc,CAAC,eAAe,CAAC,QAAQ,CAAC;QAC9C,4DAA4D;QAC5D,MAAM,YAAY,CAAC,mBAAmB,CAAC;YACrC,UAAU,EAAE,OAAO,CAAC,KAAK;YACzB,SAAS;YACT,aAAa,EAAE,YAAY;YAC3B,MAAM,EAAE,QAAQ;SACjB,CAAC;QACF,OAAO,QAAQ;IACnB,CAAC;IAED,KAAK,UAAU,cAAc,CACzB,IAAgB;QAEhB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE;QACpC,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC;QACnD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,mBAAmB,CAAC,KAAK,CAAC;QAC5D,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,UAAU,UAAU,CAAC,GAAW,EAAE,IAAU;QAC/C,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;QAClD,IAAI,UAAU,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,WAAW,GAAG,EAAE,CAAC;QACnC,CAAC;QACD,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC;QAC3C,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM,UAAU,CAAC,IAAI,EAAE;YAC7B,OAAO,EAAE;gBACP,CAAC,cAAc,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,0BAA0B,CAAC;aACvF;SACF;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC;QAChE,IAAI,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1C,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;gBAC9B,MAAM,EAAE,QAAQ;aACjB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO;QACL,cAAc;QACd,cAAc;QACd,UAAU;KACX;AACH,CAAC;;;ACzDD,MAAM,WAAY,SAAQ,KAAK;IAC3B,YAAY,OAAgB;QACxB,KAAK,CAAC,OAAO,CAAC;QACd,0EAA0E;QAC1E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,EAAC,0BAA0B;QAC5E,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAC,qCAAqC;IACrE,CAAC;CACJ;AAEM,MAAM,iBAAkB,SAAQ,WAAW;CAAG;AAE9C,MAAM,yBAA0B,SAAQ,WAAW;CAAG;AAEtD,MAAM,wBAAyB,SAAQ,WAAW;CAAG;AAErD,MAAM,aAAc,SAAQ,WAAW;CAAG;AAE1C,MAAM,gBAAiB,SAAQ,WAAW;CAAI;AAE9C,MAAM,iBAAkB,SAAQ,WAAW;CAAG;AAE9C,MAAM,UAAW,SAAQ,WAAW;IAGvC,YAAY,MAAc,EAAE,OAAgB;QACxC,KAAK,CAAC,OAAO,CAAC;QACd,IAAI,CAAC,MAAM,GAAG,MAAM;IACxB,CAAC;CACJ;;;AC5BM,SAAS,uBAAuB;IACnC,OAAO;QACH,qDAAqD;QACrD,IAAI;QACJ,yBAAyB;QACzB,6BAA6B;KAChC,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;AAEM,SAAS,wBAAwB;IACpC,OAAO;QACH,qDAAqD;QACrD,IAAI;QACJ,yBAAyB;QACzB,+BAA+B;KAClC,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;AChBM,SAAS,0BAA0B,CAAC,KAAa,EAAE,kBAA0B;IAChF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,qBAAqB;IAC/F,OAAO;QACH,0CAA0C;QAC1C,EAAE;QACF,gDAAgD;QAChD,6CAA6C;QAC7C,EAAE;QACF,UAAU;QACV,0BAA0B;QAC1B,EAAE;QACF,eAAe;QACf,YAAY,KAAK,IAAI;QACrB,EAAE;QACF,uBAAuB,QAAQ,IAAI;QACnC,EAAE;QACF,cAAc;QACd,2CAA2C;QAC3C,EAAE;QACF,mBAAmB;QACnB,WAAW;QACX,0BAA0B;QAC1B,EAAE;QACF,gCAAgC;QAChC,EAAE;QACF,uBAAuB,QAAQ,IAAI;QACnC,EAAE;QACF,wBAAwB;KAC3B,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;AC7BM,SAAS,uBAAuB;IACnC,OAAO;QACH,2CAA2C;QAC3C,iDAAiD;QACjD,qDAAqD;QACrD,IAAI;QACJ,+BAA+B;QAC/B,mCAAmC;KACtC,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;ACTM,SAAS,6BAA6B,CAAC,KAAa;IACvD,OAAO;QACH,gDAAgD;QAChD,EAAE;QACF,UAAU;QACV,sBAAsB;QACtB,cAAc,KAAK,IAAI;QACvB,oBAAoB;QACpB,mBAAmB;QACnB,4CAA4C;KAC/C,CAAC,IAAI,CAAC,IAAI,CAAC;AAChB,CAAC;;;ACXiD;AAElD;;GAEG;AACI,SAAS,oBAAoB,CAAC,KAAK;IAEtC,SAAS,oBAAoB,CAAC,aAAwB;QAClD,OAAO,KAAK;aACP,kBAAkB,CACf,aAAa,EACb,sBAAG,CAAC,mCAAmC,CAAC,EACxC,SAAS,CACZ;aACA,GAAG,CAAC,CAAC,EAAa,EAAE,EAAE,CAAC,EAAE,CAAC,MAAmB,CAAC;IACvD,CAAC;IAED,SAAS,WAAW,CAAC,GAAc;QAC/B,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK;QAC9B,OAAO,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG;IAC/D,CAAC;IAED,KAAK,UAAU,eAAe,CAAC,GAAW;QACtC,MAAM,YAAY,GAAG,sBAAG,CAAC,GAAG,CAAC;QAC7B,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC;QACjD,CAAC;QACD,oHAAoH;QACpH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;YAC3C,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACL,cAAc,EAAE,aAAa;gBAC7B,eAAe,EAAE,GAAG;gBACpB,IAAI,EAAE,uDAAuD,EAAE,+DAA+D;aACjI;YACD,IAAI,EAAE,GAAG,EAAE,iGAAiG;SAC/G,CAAC;QACF,0FAA0F;QAC1F,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACxB,OAAM;QACV,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,eAAe,MAAM,CAAC,MAAM,yCAAyC,GAAG,EAAE,CAAC;QAC/F,CAAC;IACL,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,YAAuB;QACtD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;QACtC,OAAO,oBAAoB,CAAC,YAAY,CAAC;IAC7C,CAAC;IACD,OAAO;QACH,WAAW;QACX,eAAe;QACf,oBAAoB;QACpB,mBAAmB;KACtB;AACL,CAAC;;;ACxDmD;AACV;AACoH;AACxH;AACM;AACuD;AACpB;AACnB;AACS;AACR;AACU;AAGhE,SAAS,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY;IACzD,MAAM,EAAE,GAAG,KAAS;IACpB,MAAM,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC;IAClD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAA8B;IACrE,MAAM,4BAA4B,GAAG,IAAI,GAAG,EAAqB;IAEjE,SAAS,iBAAiB,CAAC,GAA8B;QACrD,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC7E,CAAC;IAED,SAAS,SAAS,CAAC,IAAe;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;QACtB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,EAAE;QACrB,IAAI,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,KAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,GAAG;QAC1D,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG;QACtB,IAAI,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI;QACtD,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC,GAAG,CAAC;QAClD,IAAI,SAAS,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI;QACjC,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,SAAS,6BAA6B,CAAC,eAA0B,EAAE,QAAgB;QAC/E,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,eAAe,CAAC,GAAG,EAAE,CAAC;QACnG,OAAO,sBAAG,CAAC,MAAM,GAAG,QAAQ,CAAC;IACjC,CAAC;IAED,SAAS,eAAe,CAAC,GAAQ;;QAC7B,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG;YAAE,OAAO,IAAI;QAC9C,MAAM,IAAI,GAAG,GAAG,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,OAAO,KAAI,GAAG,IAAI,EAAE,EAAE;QAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;IAC7D,CAAC;IAED,KAAK,UAAU,qBAAqB,CAAC,YAAoB;QACrD,MAAM,aAAa,GAAG,sBAAG,CAAC,YAAY,CAAC;QACvC,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;YACvC,OAAM;QACV,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QACD,MAAM,cAAc,CAAC,eAAe,CAAC,YAAY,CAAC;IACtD,CAAC;IAED,KAAK,UAAU,6BAA6B,CAAC,IAAe,EAAE,eAA0B;;QACpF,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,eAAe,CAAC,GAAG,EAAE,CAAC;QAC5F,MAAM,qBAAqB,CAAC,MAAM,CAAC;QAEnC,MAAM,aAAa,GAAG,sBAAG,CAAC,MAAM,CAAC;QACjC,IAAI,SAA6B;QACjC,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;YACvC,SAAS,GAAG,WAAK,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,0CAAE,KAAK;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QACD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,6EAA6E;YAC7E,SAAS,GAAG,GAAG,MAAM,MAAM;QAC/B,CAAC;QACD,MAAM,MAAM,GAAG,sBAAG,CAAC,SAAS,CAAC;QAC7B,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;YAChC,OAAM;QACV,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QAED,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE;YAChD,IAAI,EAAE,6BAA6B,CAAC,IAAI,CAAC,GAAG,CAAC;YAC7C,WAAW,EAAE,aAAa;SAC7B,CAAC;IACN,CAAC;IAED,KAAK,UAAU,gCAAgC,CAAC,IAAe,EAAE,eAA0B,EAAE,SAAS,GAAG,KAAK;;QAC1G,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,+BAA+B,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;QAC9G,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS;YAAE,OAAM;QAElC,IAAI,SAA6B;QACjC,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC;YACzC,SAAS,GAAG,WAAK,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,0CAAE,KAAK;QAC3D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG;QACxC,CAAC;QACD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,SAAS,GAAG,GAAG,eAAe,CAAC,GAAG,MAAM;QAC5C,CAAC;QAED,MAAM,MAAM,GAAG,sBAAG,CAAC,SAAS,CAAC;QAC7B,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE;gBAChD,IAAI,EAAE,0BAA0B,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC;gBAC/D,WAAW,EAAE,aAAa;gBAC1B,OAAO,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE;aACpC,CAAC;QACN,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,eAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,mCAAI,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM;YACnD,IAAI,MAAM,KAAK,GAAG;gBAAE,MAAM,GAAG;QACjC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,8BAA8B,CAAC,gBAA2B;QACrE,MAAM,YAAY,CAAC,+BAA+B,CAAC,gBAAgB,EAAE,wBAAwB,EAAE,CAAC;IACpG,CAAC;IAED,KAAK,UAAU,6BAA6B,CAAC,IAAe,EAAE,eAA0B;QACpF,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,EAAe;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAe;QAC1C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;QAExC,MAAM,sBAAsB,GACvB,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,UAAU,CAAsB;QACxF,MAAM,0BAA0B,GAC3B,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,cAAc,CAAsB;QAC5F,MAAM,eAAe,GACjB,sBAAsB;YACtB,0BAA0B;YAC1B,6BAA6B,CAAC,eAAe,EAAE,qBAAqB,CAAC;QACzE,MAAM,gBAAgB,GACjB,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,IAAI,EAAE,cAAc,CAAsB;YACzF,6BAA6B,CAAC,eAAe,EAAE,sBAAsB,CAAC;QAE1E,sGAAsG;QACtG,MAAM,iCAAiC,GAAG,CAAC,sBAAsB;QACjE,IAAI,iCAAiC,EAAE,CAAC;YACpC,MAAM,YAAY,CAAC,qCAAqC,CACpD,IAAI,EACJ,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAc,EACxC,eAAe,EACf,UAAU,EACV,uBAAuB,EAAE,CAC5B;QACL,CAAC;QAED,MAAM,QAAQ,GAAU,EAAE;QAC1B,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,cAAc,CAAC,EAAE,CAAC;YAC9F,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,cAAc,CAAC,CAAC;QACpG,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;YAC3E,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,0BAAO,CAAC,kBAAkB,CAAC,EAAE,cAAc,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,eAAe,EAAE,cAAc,CAAC,EAAE,CAAC;YACnF,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,eAAe,EAAE,cAAc,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,gBAAgB,EAAE,cAAc,CAAC,EAAE,CAAC;YACrF,QAAQ,CAAC,IAAI,CAAC,qBAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC;YACxC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;QAC5C,CAAC;QAED,MAAM,gCAAgC,CAAC,IAAI,EAAE,eAAe,EAAE,iCAAiC,CAAC;QAChG,MAAM,8BAA8B,CAAC,gBAAgB,CAAC;IAC1D,CAAC;IAED,KAAK,UAAU,0BAA0B,CAAC,eAA0B;;QAChE,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,+BAA+B,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;YAC9G,IAAI,OAAO,EAAE,CAAC;gBACV,OAAO,IAAI;YACf,CAAC;YACD,OAAO,KAAK;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,UAAG,CAAC,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAC/B,MAAM,IAAI,iBAAiB,EAAE;YACjC,CAAC;YACD,IAAI,UAAG,CAAC,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAC/B,IAAI,eAAe,CAAC,eAAe,CAAC,EAAE,CAAC;oBACnC,MAAM,IAAI,yBAAyB,EAAE;gBACzC,CAAC;gBACD,MAAM,IAAI,wBAAwB,EAAE;YACxC,CAAC;YACD,MAAM,GAAG;QACb,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,uBAAuB,CAAC,IAAe;QAClD,IAAI,CAAC;YACD,OAAO,MAAM,eAAe,CAAC,IAAI,CAAC;QACtC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,OAAO,SAAS;QACpB,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,eAAe,CAAE,IAAe;QAC3C,MAAM,qBAAqB,GAAG,4BAA4B,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;QACxE,IAAI,qBAAqB,EAAE,CAAC;YACxB,OAAO,qBAAqB;QAChC,CAAC;QAED,MAAM,QAAQ,GAAG,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;QACtD,IAAI,QAAQ,EAAE,CAAC;YACX,OAAO,QAAQ;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,KAAK,IAAwB,EAAE;;YAC5C,MAAM,WAAW,CAAC,IAAI,CAAC;YAEvB,MAAM,uBAAuB,GAAG,sBAAsB,CAAC,IAAI,CAAC;YAC5D,IAAI,eAAe;YACnB,IAAI,CAAC;gBACD,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,CAAqB;gBAClH,IAAI,uBAAuB,EAAE,CAAC;oBAC1B,eAAe,GAAG,uBAAuB;gBAC7C,CAAC;qBAAM,CAAC;oBACJ,eAAe,GAAG,MAAM,YAAY,CAAC,kBAAkB,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAc,EAAE,uBAAuB,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChJ,CAAC;gBAED,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;gBACvE,MAAM,0BAA0B,CAAC,eAA4B,CAAC;gBAC9D,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;YAC3E,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,OAAO,GAAG,QAAQ,IAAI,iDAAiD;gBAC7E,IAAU,CAAC,OAAO,CAAC;gBACnB,qCAAqC;gBACrC,IAAI,GAAG,YAAY,gBAAgB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAClD,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBACnD,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBACnD,IAAI,GAAG,YAAY,yBAAyB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAC3D,IAAI,GAAG,YAAY,wBAAwB,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAC1D,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;oBAAC,MAAM,GAAG;gBAAC,CAAC;gBAC5C,MAAM,GAAG;YACb,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAA4B,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC,CAAC,+CAA+C;gBAC3D,MAAM,GAAG,GAAG,qCAAqC,IAAI,KAAK,GAAG,EAAE;gBAC/D,IAAI,UAAG,CAAC,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;oBAC/B,gFAAgF;oBAChF,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;oBACvE,MAAM,0BAA0B,CAAC,eAA4B,CAAC;oBAC9D,MAAM,6BAA6B,CAAC,IAAI,EAAE,eAA4B,CAAC;oBACvE,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAA4B,CAAC;oBACtD,OAAO,eAA4B;gBACvC,CAAC;gBACD,IAAU,CAAC,GAAG,CAAC;gBACf,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC9B,MAAM,IAAI,iBAAiB,EAAE;gBACjC,CAAC;gBACD,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC9B,IAAI,eAAe,CAAC,eAAe,CAAC,EAAE,CAAC;wBACvC,MAAM,IAAI,yBAAyB,EAAE;oBACrC,CAAC;oBACD,MAAM,IAAI,wBAAwB,EAAE;gBACxC,CAAC;gBACD;;mBAEG;gBACH,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC;YACxB,CAAC;YACD,4BAA4B,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,eAA4B,CAAC;YACxE,OAAO,eAA4B;QACnC,CAAC,CAAC,EAAE;QAEJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC;QAC1C,IAAI,CAAC;YACD,OAAO,MAAM,GAAG;QACpB,CAAC;gBAAS,CAAC;YACP,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC;gBAChD,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YAC5C,CAAC;QACL,CAAC;IACL,CAAC;IAED,KAAK,UAAU,WAAW,CAAE,IAAe;QACvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC;QAClD,CAAC;QACD,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,KAAK,GAAG,EAAE,CAAC;QACrE,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,EAAE;IACrB,CAAC;IAED,KAAK,UAAU,MAAM;QACjB,MAAM,EAAE,GAAG,KAAK,CAAC,WAAW,EAAE;QAC9B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC;QAC7D,CAAC;QACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;QAClC,OAAO,EAAE;IACb,CAAC;IAED,SAAS,UAAU,CAAC,IAAe;QAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC;QACjC,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC;QAC/C,CAAC;QACD,OAAO,OAAoB;IAC/B,CAAC;IAED,KAAK,UAAU,YAAY,CAAC,IAAe;QACvC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QACzE,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC;QACjD,CAAC;QACD,OAAO,SAAsB;IACjC,CAAC;IAED,SAAS,WAAW,CAAC,EAAa;QAC9B,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC;IAClE,CAAC;IAED,OAAO;QACH,MAAM;QACN,UAAU;QACV,YAAY;QACZ,WAAW;QACX,eAAe;QACf,WAAW;QACX,uBAAuB;KAC1B;AACL,CAAC;;;AC1V0C;AAEL;AACM;AACJ;AACgD;AAEjF,SAAS,oBAAoB,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY;IACzE,MAAM,EAAE,GAAG,KAAS;IAEpB,SAAS,iBAAiB,CAAC,GAA8B;QACrD,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC7E,CAAC;IAED,SAAS,gBAAgB,CAAC,QAAQ,EAAE,QAAQ;QACxC,OAAO,KAAK;aACP,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC;aAC/C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACV,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC;QACzD,CAAC,CAAC;IACV,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,IAAe;QAC7C,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC;QAC/D,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC;QAEpD,IAAI,UAAU,GAAqB,IAAI;QACvC,IAAI,CAAC;YACD,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,QAAQ,IAAI,gEAAgE;YAC5F,IAAU,CAAC,OAAO,CAAC;QACvB,CAAC;QACD,IAAI,eAAe;QACnB,IAAI,CAAC;YACD,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC;YAChG,IAAI,uBAAuB,EAAE,CAAC;gBAC1B,eAAe,GAAG,uBAAuB;YAC7C,CAAC;iBAAM,IAAI,UAAU,EAAE,CAAC;gBACpB,eAAe,GAAG,MAAM,YAAY,CAAC,qCAAqC,CACtE,IAAI,EACJ,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAc,EACxC,UAAU,EACV,OAAO,EACP,uBAAuB,EAAE,CAC5B;YACL,CAAC;iBAAM,CAAC;gBACJ,eAAe,GAAG,IAAI;YAC1B,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,QAAQ,IAAI,uDAAuD,GAAG,EAAE;YACxF,IAAU,CAAC,OAAO,CAAC;QACvB,CAAC;QACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,eAA4B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;QAEnH,IAAI,eAAe;QACnB,IAAI,CAAC;YACD,eAAe,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,IAAI,CAAC;QACtE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,eAAe,GAAG,IAAI;QAC1B,CAAC;QAED,IAAI,aAAa;QACjB,IAAI,eAAe,EAAE,CAAC,CAAC,0EAA0E;YAC7F,8DAA8D;YAC9D,oDAAoD;YACpD,IAAI,yBAAyB,GAAqB,IAAI;YACtD,IAAI,CAAC;gBACD,yBAAyB,GAAG,uBAAuB,CAAC,eAAe,CAAC;YACxE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,OAAO,GAAG,QAAQ,IAAI,qEAAqE;gBACjG,IAAU,CAAC,OAAO,CAAC;YACvB,CAAC;YACD,IAAI,gBAAgB;YACpB,IAAI,CAAC;gBACD,MAAM,wBAAwB,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC;gBAClG,IAAI,wBAAwB,EAAE,CAAC;oBAC3B,gBAAgB,GAAG,wBAAwB;gBAC/C,CAAC;qBAAM,IAAI,yBAAyB,EAAE,CAAC;oBACnC,gBAAgB,GAAG,MAAM,YAAY,CAAC,qCAAqC,CACvE,IAAI,EACJ,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAc,EACzC,yBAAyB,EACzB,eAAe,EACf,wBAAwB,EAAE,CAC7B;gBACL,CAAC;qBAAM,CAAC;oBACJ,gBAAgB,GAAG,IAAI;gBAC3B,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,OAAO,GAAG,QAAQ,IAAI,gEAAgE,GAAG,EAAE;gBACjG,IAAU,CAAC,OAAO,CAAC;YACvB,CAAC;YACD,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,gBAA6B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;QACrH,CAAC;aAAM,CAAC;YACJ,aAAa,GAAG,EAAE;QACtB,CAAC;QACD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC;QACjD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,MAAM;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;QAC9C,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAU,CAAC,+BAA+B,EAAE,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,MAAM;IACjB,CAAC;IAED,KAAK,UAAU,wBAAwB,CAAC,IAAe;QACnD,IAAI,eAAe;QACnB,IAAI,CAAC;YACD,eAAe,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,IAAI,CAAC;QACtE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,QAAQ,IAAI,iDAAiD;YAC7E,IAAU,CAAC,OAAO,CAAC;QACvB,CAAC;QACD,IAAI,eAAe,EAAE,CAAC,CAAC,0EAA0E;YAC7F,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,eAA4B,CAAC,CAAC,MAAM,CACvG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAe,CAAC,CAC9E;YACD,IAAI,MAAM,GAAG,EAAE;YACf,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;gBAC5B,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,IAAI,CAAC,iBAAiB,CAAE,GAAiB,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7E,IAAU,CAAC,yCAAyC,IAAI,KAAK,GAAG,EAAE,CAAC;oBACnE,SAAQ;gBACZ,CAAC;gBACD,IAAI,CAAC;oBACD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,kBAAkB,CAAC,GAAgB,CAAQ,CAAC;gBAC7E,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACX,IAAU,CAAC,uCAAwC,GAAiB,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;gBACvF,CAAC;YACL,CAAC;YACD,OAAO,MAAM;QACjB,CAAC;QACD,OAAO,EAAE,EAAC,iBAAiB;IAC/B,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,IAAe;QAC7C,OAAO,CAAC,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACxF,CAAC;IAED,KAAK,UAAU,qBAAqB,CAAC,KAAgB,EAAE,IAAe;QAClE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC;QAC7C,IAAI,UAAU,GAAG,EAAE;QACnB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC,KAAK,EAAE,KAAK,CAAQ;YACrE,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC;QAC/C,CAAC;QACD,OAAO,UAAU;IACrB,CAAC;IAED,oEAAoE;IACpE,oFAAoF;IACpF,EAAE;IACF,KAAK,UAAU,eAAe,CAAC,KAAgB;QAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE;QAChC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC;QAC9E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC;QACnE,OAAO,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC5D,CAAC;IAED,SAAS,SAAS,CAAC,IAAe;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;QACtB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,EAAE;QACrB,IAAI,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,KAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,GAAG;QAC1D,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG;QACtB,IAAI,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;YACxC,GAAS,CAAC,iDAAiD,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,EAAE,CAAC;YACvE,OAAO,IAAI;QACf,CAAC;QACD,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC,GAAG,CAAC;QAClD,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;YACnB,GAAS,CAAC,kCAAkC,MAAM,EAAE,CAAC;YACrD,OAAO,IAAI;QACf,CAAC;QACD,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,SAAS,sBAAsB,CAAC,EAAa;QACzC,MAAM,MAAM,GAAG,SAAS,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,uDAAuD,EAAE,CAAC,GAAG,EAAE,CAAC;QAC7F,OAAO,sBAAG,CAAC,MAAM,GAAG,qBAAqB,CAAC;IAC9C,CAAC;IACD,2DAA2D;IAE3D,SAAS,uBAAuB,CAAC,eAA0B;QACvD,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,wDAAwD,eAAe,CAAC,GAAG,EAAE,CAAC;QAC3G,OAAO,sBAAG,CAAC,MAAM,GAAG,sBAAsB,CAAC;IAC/C,CAAC;IAED;;;;MAIE;IACF,KAAK,UAAU,mBAAmB,CAC9B,QAAmB,EACnB,KAAgB,EAChB,QAAmB;QAGnB,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC;QACpC,MAAM,GAAG,GAAG;YACR,2EAA2E;YAC3E,qBAAE,CAAC,YAAY,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,KAAK,CAAC;YACrE,qBAAE,CAAC,YAAY,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC;YACvD,qBAAE,CAAC,YAAY,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC;SAC1D;QACD,IAAI,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,sBAAsB,QAAQ,aAAa,KAAK,KAAK,GAAG,EAAE;YACtE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YACjB,OAAO,IAAI;QACf,CAAC;QACD,OAAO,YAAY;IACvB,CAAC;IAED,KAAK,UAAU,2BAA2B,CAAC,IAAI;QAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAc;QAC/F,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,0DAA0D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACpG,MAAM,UAAU,GAAG,KAAK,CAAC,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;QAC9E,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAC9C,CAAC;IAED,KAAK,UAAU,sBAAsB,CAAC,KAAqB,EAAE,QAA0B;QACnF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK;QACzB,MAAM,OAAO,GAAgB,EAAE;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;aAClF,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;aAClF,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;YAC/D,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;gBACpE,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACjC,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;gBAChD,CAAC;gBACD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC;gBAC9E,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;oBAChC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAClC,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,sBAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAG,KAAK,EAAE,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO;IAClB,CAAC;IAED,OAAO;QACH,mBAAmB;QACnB,gBAAgB;QAChB,kBAAkB;QAClB,wBAAwB;QACxB,kBAAkB;QAClB,qBAAqB;QACrB,eAAe;QACf,sBAAsB;QACtB,uBAAuB;QACvB,2BAA2B;QAC3B,sBAAsB;KACzB;AACL,CAAC;;;ACvQ0C;AAQd;AACS;AACG;AAElC,SAAS,kBAAkB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc;IAChE,KAAK,UAAU,eAAe,CAAC,aAAwB;QACrD,IAAI,CAAC;YACH,IAAI,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9C,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,aAAa,CAAC,aAAa,CAAC;gBAC7D,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;gBAC3D,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,mBAAmB,CAAC,aAAa,CAAC;gBAChF,MAAM,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;YACxE,CAAC;YACD,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAS,CAAC,0BAA0B,aAAa,CAAC,KAAK,oBAAoB,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,uBAAuB,CAAC,GAAc;;QACnD,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QACtC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAClC,IAAI,CAAC;oBACH,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE;wBAC/C,IAAI,EAAE,EAAE;wBACR,WAAW,EAAE,aAAa;wBAC1B,OAAO,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE;qBAClC,CAAC;gBACJ,CAAC;gBAAC,OAAO,MAAW,EAAE,CAAC;oBACrB,MAAM,MAAM,GAAG,kBAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,0CAAE,MAAM,mCAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM;oBACzD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;wBACnB,MAAM,GAAG,GAAG,kCAAkC,GAAG,KAAK,MAAM,EAAE;wBAC9D,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC;oBAClC,CAAC;gBACH,CAAC;gBACD,OAAO,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YACtC,CAAC;YACD,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAClC,MAAM,IAAI,iBAAiB,EAAE;YAC/B,CAAC;YACD,IAAI,UAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBAClC,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzB,MAAM,IAAI,yBAAyB,EAAE;gBACvC,CAAC;gBACD,MAAM,IAAI,wBAAwB,EAAE;YACtC,CAAC;YACD,MAAM,GAAG,GAAG,qCAAqC,GAAG,KAAK,GAAG,EAAE;YAC9D,MAAM,IAAI,UAAU,CAAC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,EAAE,GAAG,IAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,OAAO,KAAI,EAAE,GAAG,GAAG,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IAED,KAAK,UAAU,+BAA+B,CAAC,GAAc,EAAE,IAAY;;QACzE,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YAC7B,OAAO,KAAK;QACd,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,eAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,mCAAI,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM;YACnD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,MAAM,GAAG;YACX,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE;gBAC/C,IAAI;gBACJ,WAAW,EAAE,aAAa;gBAC1B,OAAO,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE;aAClC,CAAC;YACF,OAAO,IAAI;QACb,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,eAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,0CAAE,MAAM,mCAAI,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM;YACnD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,qEAAqE;gBACrE,OAAO,KAAK;YACd,CAAC;YACD,MAAM,GAAG;QACX,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,kBAAkB,CAC/B,OAAkB,EAClB,SAAoB,EACpB,MAAiB,EACjB,GAAc;QAEd,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC;QAEvD,IAAI,MAAM;YAAE,OAAO,MAAmB;QACtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,mCAAmC,GAAG,CAAC,KAAK,EAAE;YAC1D,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,qBAAE,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,4CAA4C,GAAG,OAAO,MAAM,KAAK,GAAG,EAAE;YAClF,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC;QAClC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,uBAAuB,CAAC,MAAM,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAU,CAAC,oEAAoE,MAAM,KAAK,GAAG,EAAE,CAAC;YAChG,MAAM,GAAG;QACX,CAAC;QACD,OAAO,MAAM;IACf,CAAC;IAED,KAAK,UAAU,qCAAqC,CAClD,OAAkB,EAClB,SAAoB,EACpB,MAAiB,EACjB,GAAc,EACd,IAAY;QAEZ,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC;QAEvD,IAAI,MAAM;YAAE,OAAO,MAAmB;QACtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,sDAAsD,GAAG,CAAC,KAAK,EAAE;YAC7E,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,qBAAE,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,+DAA+D,GAAG,OAAO,MAAM,KAAK,GAAG,EAAE;YACrG,IAAU,CAAC,GAAG,CAAC;YACf,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC;QAClC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,+BAA+B,CAAC,MAAM,EAAE,IAAI,CAAC;QACrD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAU,CAAC,uFAAuF,MAAM,KAAK,GAAG,EAAE,CAAC;YACnH,MAAM,GAAG;QACX,CAAC;QACD,OAAO,MAAM;IACf,CAAC;IAED,cAAc;IACd,iGAAiG;IACjG,KAAK,UAAU,mBAAmB,CAAC,OAMlC;QACC,IAAI,GAAG,GAAG;YACR,gDAAgD;YAChD,EAAE;YACF,8CAA8C,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI;YAC1E,mBAAmB,OAAO,CAAC,MAAM,IAAI;YACrC,kBAAkB,OAAO,CAAC,MAAM,IAAI;YACpC,8CAA8C;YAC9C,EAAE;SACH,CAAC,IAAI,CAAC,IAAI,CAAC;QAEZ,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1B,GAAG,IAAI;gBACL,qCAAqC;gBACrC,gBAAgB,OAAO,CAAC,SAAS,IAAI;gBACrC,mBAAmB,OAAO,CAAC,MAAM,IAAI;gBACrC,cAAc,OAAO,CAAC,aAAa,GAAG;gBACtC,EAAE;aACH,CAAC,IAAI,CAAC,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,GAAG,IAAI;gBACL,oCAAoC;gBACpC,gBAAgB,OAAO,CAAC,SAAS,IAAI;gBACrC,kBAAkB,OAAO,CAAC,MAAM,IAAI;gBACpC,cAAc,OAAO,CAAC,YAAY,GAAG;gBACrC,EAAE;aACH,CAAC,IAAI,CAAC,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,aAAa,CAAC,sBAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACnE,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,CAAC,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,iBAAiB,CAAC,GAAc,EAAE,OAAe;QAC9D,MAAM,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE;YAC/C,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,IAAI,OAAO,IAAI;YACpC,WAAW,EAAE,aAAa;SAC3B,CAAC;IACJ,CAAC;IAED,OAAO;QACL,eAAe;QACf,mBAAmB;QACnB,iBAAiB;QACjB,kBAAkB;QAClB,qCAAqC;QACrC,uBAAuB;QACvB,+BAA+B;KAChC;AACH,CAAC;;;ACpO4B;AAEmB;AACU;AAEP;AACG;AACM;AACM;AACL;AACJ;AAEnB;AACtC;;;;;EAKE;AACK,SAAS,gBAAgB,CAAC,YAA4D,EAAE,OAAgC;IAE3H,GAAS,CAAC,0EAA0E,CAAC;IACrF,MAAM,KAAK,GAAc,oBAAS,EAAe;IACjD,sBAAW,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,YAAY,CAAC,KAAK,EAAC,CAAC,EAAC,yCAAyC;IACzF,KAAK,CAAC,OAAO,GAAG,IAAI,4BAAiB,CAAC,KAAK,CAAC,EAAC,2CAA2C;IACxF,KAAK,CAAC,QAAQ,GAAG,EAAE,EAAC,+CAA+C;IAEnE,MAAM,KAAK,GAAe,IAAI,eAAe,CAAC,OAAO,CAAC;IAEtD,MAAM,GAAG,GAAG,cAAc,CAAC,KAAK,CAAC;IACjC,MAAM,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC;IAClD,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,EAAE,GAAG,EAAE,cAAc,CAAC;IACnE,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC;IAC9D,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC;IAC5C,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,GAAG,CAAC;IACjF,MAAM,SAAS,GAAG,oBAAoB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,CAAC;IAC3E,GAAS,CAAC,6BAA6B,CAAC;IAExC,SAAS,IAAI,CAAC,GAAqC;QAC/C,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;IAClC,CAAC;IAED,qEAAqE;IACrE,SAAS,aAAa,CAClB,GAAqB,EACrB,MAAwB,EAAE;QAE1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACvC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,IAAI,EAAE,EAAE,EAAE,SAAS;gBACxD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;gBAC5B,CAAC;qBAAM,CAAC;oBACR,OAAO,EAAE;gBACT,CAAC;YACL,CAAC,CAAC,EAAC,WAAW;QACd,CAAC,CAAC,EAAC,UAAU;IACjB,CAAC;IAED,SAAS,UAAU;QACf,KAAK,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO;QACH,KAAK;QACL,KAAK;QACL,GAAG;QACH,KAAK;QACL,IAAI;QACJ,OAAO;QACP,SAAS;QACT,IAAI;QACJ,aAAa;QACb,UAAU;KACb;AACL,CAAC;;;AC1EqC;AACkB;AACT;AAG/C,MAAM,MAAM,GAAG,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE;;IACtC,MAAM,SAAS,GAAG,WAAW,IAAI,WAAW,CAAC,WAAW,IAAI,WAAW,CAAC,WAAW,IAAI,MAAM;IAC7F,MAAM,UAAU,GAAG,WAAkB;IACrC,MAAM,YAAY,GAAG,iBAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,IAAI,0CAAE,KAAK,MAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,KAAK;IACjE,IAAI,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,oDAAoD;QAClF,uDAAuD;QACvD,MAAM,kBAAkB,GAAG,CAAC,OAAO,UAAU,CAAC,KAAK,KAAK,UAAU,CAAC;YAC/D,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;YACnC,CAAC,CAAC,CAAC,OAAO,UAAU,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjG,IAAI,kBAAkB,EAAE,CAAC;YACrB,OAAO,kBAAkB,CAAC,GAAG,EAAE,WAAW,CAAC;QAC/C,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC;IACzC,CAAC;SAAM,CAAC;QACJ,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC;IACzC,CAAC;AACL,CAAC;AAED,0EAA0E;AAC1E,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAO5D,MAAM,YAAY,GAAG,CAAC,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,qBAAM,CAAwB;AAE7F,SAAS,oBAAoB;IACzB,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,GAAS,CAAC,qDAAqD,CAAC;QAChE,YAAY,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,WAAW,CAAC;QACjF,GAAS,CAAC,+BAA+B,CAAC;IAC9C,CAAC;SAAM,CAAC;QACJ,GAAS,CAAC,uDAAuD,CAAC;IACtE,CAAC;IACD,OAAO,YAAY,CAAC,gBAAgB,CAAE;AAC1C,CAAC;AACD,mEAAmE;AACnE,MAAM,mBAAmB,GAAG,oBAAoB,EAAE;AAEpB;;;ACzCvB,KAAK,UAAU,uBAAuB,CAAE,UAA+B,EAAE;IAC9E,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,KAAK;IACd,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE;IACnC,MAAM,sBAAsB,GAAG,OAAO,CAAC,sBAAsB,IAAI,GAAG;IAEpE,2EAA2E;IAC3E,IAAI,CAAC;QACH,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;YACpC,YAAY,CAAC,QAAQ,GAAG,mCAAmC;YAC3D,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;YAExF,IAAI,eAAe,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnC,MAAM,mBAAmB,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE;gBACxD,IAAI,mBAAmB,IAAI,mBAAmB,CAAC,oBAAoB,EAAE,CAAC;oBACpE,MAAM,KAAK,CAAC,mBAAmB,CAAC,oBAAoB,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;gBACnF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,qEAAqE;IACvE,CAAC;IAED,uEAAuE;IACvE,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,2BAA2B,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;QAC3F,IAAI,cAAc,CAAC,EAAE,IAAI,cAAc,CAAC,UAAU,EAAE,CAAC;YACnD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,sBAAsB,CAAC;YAC9C,OAAO,IAAI;QACb,CAAC;IACH,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,4CAA4C;IAC9C,CAAC;IAED,OAAO,KAAK;AACd,CAAC;;;AC1CD,MAAM,eAAe,GAAG;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,GAAG,EAAE,4BAA4B;KAClC;IACD;QACE,IAAI,EAAE,WAAW;QACjB,GAAG,EAAE,sBAAsB;KAC5B;IACD;QACE,IAAI,EAAE,cAAc;QACpB,GAAG,EAAE,qBAAqB;KAC3B;IACD;QACE,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,0BAA0B;KAChC;CACF;AAED;;GAEG;AACI,SAAS,mBAAmB;IAC/B,yCAAyC;IACzC,MAAM,OAAO,GAAG,CAAC,GAAG,eAAe,CAAC;IAEpC,mDAAmD;IACnD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IACzD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,OAAO,OAAO;AAChB,CAAC;;;AClCH,mFAAmF;AACnF,8DAA8D;AACG;AAEjE,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK;AACvC,MAAM,eAAW,GAAG,mBAAmB,CAAC,KAAK,CAAC,WAAW;AACzD,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK;AAEE;AACmB;AACE;AACJ;AACO;AAE2G;AAO3K","sources":["webpack://SolidLogic/webpack/universalModuleDefinition","webpack://SolidLogic/./node_modules/solid-namespace/index.js","webpack://SolidLogic/external umd \"$rdf\"","webpack://SolidLogic/webpack/bootstrap","webpack://SolidLogic/webpack/runtime/compat get default export","webpack://SolidLogic/webpack/runtime/define property getters","webpack://SolidLogic/webpack/runtime/global","webpack://SolidLogic/webpack/runtime/hasOwnProperty shorthand","webpack://SolidLogic/webpack/runtime/make namespace object","webpack://SolidLogic/webpack/runtime/publicPath","webpack://SolidLogic/webpack/runtime/jsonp chunk loading","webpack://SolidLogic/./src/util/debug.ts","webpack://SolidLogic/./node_modules/@uvdsl/solid-oidc-client-browser/dist/esm/web/index.js","webpack://SolidLogic/./node_modules/@uvdsl/solid-oidc-client-browser/dist/esm/core/index.js","webpack://SolidLogic/./src/authSession/session.ts","webpack://SolidLogic/./src/authSession/issuer.ts","webpack://SolidLogic/./src/authSession/events.ts","webpack://SolidLogic/./src/authSession/authSession.ts","webpack://SolidLogic/./src/util/ns.ts","webpack://SolidLogic/./src/acl/aclLogic.ts","webpack://SolidLogic/./src/authn/authUtil.ts","webpack://SolidLogic/./src/authn/SolidAuthnLogic.ts","webpack://SolidLogic/./src/util/utils.ts","webpack://SolidLogic/./src/chat/chatLogic.ts","webpack://SolidLogic/./src/inbox/inboxLogic.ts","webpack://SolidLogic/./src/logic/CustomError.ts","webpack://SolidLogic/./src/typeIndex/typeIndexDocuments.ts","webpack://SolidLogic/./src/typeIndex/typeIndexAclDocuments.ts","webpack://SolidLogic/./src/profile/profileDocuments.ts","webpack://SolidLogic/./src/profile/profileAclDocuments.ts","webpack://SolidLogic/./src/util/containerLogic.ts","webpack://SolidLogic/./src/profile/profileLogic.ts","webpack://SolidLogic/./src/typeIndex/typeIndexLogic.ts","webpack://SolidLogic/./src/util/utilityLogic.ts","webpack://SolidLogic/./src/logic/solidLogic.ts","webpack://SolidLogic/./src/logic/solidLogicSingleton.ts","webpack://SolidLogic/./src/authn/serverLogout.ts","webpack://SolidLogic/./src/issuer/issuerLogic.ts","webpack://SolidLogic/./src/index.ts"],"sourcesContent":["(function webpackUniversalModuleDefinition(root, factory) {\n\tif(typeof exports === 'object' && typeof module === 'object')\n\t\tmodule.exports = factory(require(\"$rdf\"));\n\telse if(typeof define === 'function' && define.amd)\n\t\tdefine(\"SolidLogic\", [\"$rdf\"], factory);\n\telse if(typeof exports === 'object')\n\t\texports[\"SolidLogic\"] = factory(require(\"$rdf\"));\n\telse\n\t\troot[\"SolidLogic\"] = factory(root[\"$rdf\"]);\n})(this, (__WEBPACK_EXTERNAL_MODULE__264__) => {\nreturn ","/**\n * Provides a way to access commonly used namespaces\n *\n * Usage:\n *\n * ```\n * const $rdf = require('rdflib'); //or any other RDF/JS-compatible library\n * const ns = require('solid-namespace')($rdf);\n * const store = $rdf.graph();\n *\n * let me = ...;\n * let name = store.any(me, ns.vcard(‘fn’)) || store.any(me, ns.foaf(‘name’));\n * ```\n * @module vocab\n */\nconst aliases = {\n acl: 'http://www.w3.org/ns/auth/acl#',\n arg: 'http://www.w3.org/ns/pim/arg#',\n as: 'https://www.w3.org/ns/activitystreams#',\n bookmark: 'http://www.w3.org/2002/01/bookmark#',\n cal: 'http://www.w3.org/2002/12/cal/ical#',\n cco: 'http://www.ontologyrepository.com/CommonCoreOntologies/',\n cert: 'http://www.w3.org/ns/auth/cert#',\n contact: 'http://www.w3.org/2000/10/swap/pim/contact#',\n dc: 'http://purl.org/dc/elements/1.1/',\n dct: 'http://purl.org/dc/terms/',\n doap: 'http://usefulinc.com/ns/doap#',\n foaf: 'http://xmlns.com/foaf/0.1/',\n geo: 'http://www.w3.org/2003/01/geo/wgs84_pos#',\n gpx: 'http://www.w3.org/ns/pim/gpx#',\n gr: 'http://purl.org/goodrelations/v1#',\n http: 'http://www.w3.org/2007/ont/http#',\n httph: 'http://www.w3.org/2007/ont/httph#',\n icalTZ: 'http://www.w3.org/2002/12/cal/icaltzd#', // Beware: not cal:\n ldp: 'http://www.w3.org/ns/ldp#',\n link: 'http://www.w3.org/2007/ont/link#',\n log: 'http://www.w3.org/2000/10/swap/log#',\n meeting: 'http://www.w3.org/ns/pim/meeting#',\n mo: 'http://purl.org/ontology/mo/',\n org: 'http://www.w3.org/ns/org#',\n owl: 'http://www.w3.org/2002/07/owl#',\n pad: 'http://www.w3.org/ns/pim/pad#',\n patch: 'http://www.w3.org/ns/pim/patch#',\n prov: 'http://www.w3.org/ns/prov#',\n pto: 'http://www.productontology.org/id/',\n qu: 'http://www.w3.org/2000/10/swap/pim/qif#',\n trip: 'http://www.w3.org/ns/pim/trip#',\n rdf: 'http://www.w3.org/1999/02/22-rdf-syntax-ns#',\n rdfs: 'http://www.w3.org/2000/01/rdf-schema#',\n rss: 'http://purl.org/rss/1.0/',\n sched: 'http://www.w3.org/ns/pim/schedule#',\n schema: 'http://schema.org/', // @@ beware confusion with documents no 303\n sioc: 'http://rdfs.org/sioc/ns#',\n skos: 'http://www.w3.org/2004/02/skos/core#',\n solid: 'http://www.w3.org/ns/solid/terms#',\n space: 'http://www.w3.org/ns/pim/space#',\n stat: 'http://www.w3.org/ns/posix/stat#',\n tab: 'http://www.w3.org/2007/ont/link#',\n tabont: 'http://www.w3.org/2007/ont/link#',\n ui: 'http://www.w3.org/ns/ui#',\n vann: 'http://purl.org/vocab/vann/',\n vcard: 'http://www.w3.org/2006/vcard/ns#',\n wf: 'http://www.w3.org/2005/01/wf/flow#',\n xsd: 'http://www.w3.org/2001/XMLSchema#',\n}\n\n/**\n * @param [rdflib] {RDF} Optional RDF Library (such as rdflib.js or rdf-ext) to inject\n */\nfunction vocab (rdf = { namedNode: u => u }) {\n const namespaces = {}\n for (const alias in aliases) {\n const expansion = aliases[alias]\n namespaces[alias] = function (localName = '') {\n return rdf.namedNode(expansion + localName)\n }\n };\n\n return namespaces\n};\n\nmodule.exports = vocab\n","module.exports = __WEBPACK_EXTERNAL_MODULE__264__;","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\t__webpack_modules__[moduleId](module, module.exports, __webpack_require__);\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n// expose the modules object (__webpack_modules__)\n__webpack_require__.m = __webpack_modules__;\n\n","// getDefaultExport function for compatibility with non-harmony modules\n__webpack_require__.n = (module) => {\n\tvar getter = module && module.__esModule ?\n\t\t() => (module['default']) :\n\t\t() => (module);\n\t__webpack_require__.d(getter, { a: getter });\n\treturn getter;\n};","// define getter functions for harmony exports\n__webpack_require__.d = (exports, definition) => {\n\tfor(var key in definition) {\n\t\tif(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {\n\t\t\tObject.defineProperty(exports, key, { enumerable: true, get: definition[key] });\n\t\t}\n\t}\n};","__webpack_require__.g = (function() {\n\tif (typeof globalThis === 'object') return globalThis;\n\ttry {\n\t\treturn this || new Function('return this')();\n\t} catch (e) {\n\t\tif (typeof window === 'object') return window;\n\t}\n})();","__webpack_require__.o = (obj, prop) => (Object.prototype.hasOwnProperty.call(obj, prop))","// define __esModule on exports\n__webpack_require__.r = (exports) => {\n\tif(typeof Symbol !== 'undefined' && Symbol.toStringTag) {\n\t\tObject.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });\n\t}\n\tObject.defineProperty(exports, '__esModule', { value: true });\n};","__webpack_require__.p = \"\";","__webpack_require__.b = (typeof document !== 'undefined' && document.baseURI) || self.location.href;\n\n// object to store loaded and loading chunks\n// undefined = chunk not loaded, null = chunk preloaded/prefetched\n// [resolve, reject, Promise] = chunk loading, 0 = chunk loaded\nvar installedChunks = {\n\t792: 0\n};\n\n// no chunk on demand loading\n\n// no prefetching\n\n// no preloaded\n\n// no HMR\n\n// no HMR manifest\n\n// no on chunks loaded\n\n// no jsonp function","\nexport function log(...args: any[]): void {\n console.log(...args)\n}\n\nexport function warn(...args: any[]): void {\n console.warn(...args)\n}\n\nexport function error(...args: any[]): void {\n console.error(...args)\n}\n\nexport function trace(...args: any[]): void {\n console.trace(...args)\n}\n","var crypto$1 = crypto;\nconst isCryptoKey = (key) => key instanceof CryptoKey;\n\nconst digest = async (algorithm, data) => {\n const subtleDigest = `SHA-${algorithm.slice(-3)}`;\n return new Uint8Array(await crypto$1.subtle.digest(subtleDigest, data));\n};\nvar digest$1 = digest;\n\nconst encoder = new TextEncoder();\nconst decoder = new TextDecoder();\nfunction concat(...buffers) {\n const size = buffers.reduce((acc, { length }) => acc + length, 0);\n const buf = new Uint8Array(size);\n let i = 0;\n for (const buffer of buffers) {\n buf.set(buffer, i);\n i += buffer.length;\n }\n return buf;\n}\n\nconst encodeBase64 = (input) => {\n let unencoded = input;\n if (typeof unencoded === 'string') {\n unencoded = encoder.encode(unencoded);\n }\n const CHUNK_SIZE = 0x8000;\n const arr = [];\n for (let i = 0; i < unencoded.length; i += CHUNK_SIZE) {\n arr.push(String.fromCharCode.apply(null, unencoded.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(arr.join(''));\n};\nconst encode = (input) => {\n return encodeBase64(input).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\nconst decodeBase64 = (encoded) => {\n const binary = atob(encoded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n};\nconst decode$1 = (input) => {\n let encoded = input;\n if (encoded instanceof Uint8Array) {\n encoded = decoder.decode(encoded);\n }\n encoded = encoded.replace(/-/g, '+').replace(/_/g, '/').replace(/\\s/g, '');\n try {\n return decodeBase64(encoded);\n }\n catch {\n throw new TypeError('The input to be decoded is not correctly encoded.');\n }\n};\n\nclass JOSEError extends Error {\n constructor(message, options) {\n super(message, options);\n this.code = 'ERR_JOSE_GENERIC';\n this.name = this.constructor.name;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nJOSEError.code = 'ERR_JOSE_GENERIC';\nclass JWTClaimValidationFailed extends JOSEError {\n constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {\n super(message, { cause: { claim, reason, payload } });\n this.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\n this.claim = claim;\n this.reason = reason;\n this.payload = payload;\n }\n}\nJWTClaimValidationFailed.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\nclass JWTExpired extends JOSEError {\n constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {\n super(message, { cause: { claim, reason, payload } });\n this.code = 'ERR_JWT_EXPIRED';\n this.claim = claim;\n this.reason = reason;\n this.payload = payload;\n }\n}\nJWTExpired.code = 'ERR_JWT_EXPIRED';\nclass JOSEAlgNotAllowed extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_ALG_NOT_ALLOWED';\n }\n}\nJOSEAlgNotAllowed.code = 'ERR_JOSE_ALG_NOT_ALLOWED';\nclass JOSENotSupported extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_NOT_SUPPORTED';\n }\n}\nJOSENotSupported.code = 'ERR_JOSE_NOT_SUPPORTED';\nclass JWEDecryptionFailed extends JOSEError {\n constructor(message = 'decryption operation failed', options) {\n super(message, options);\n this.code = 'ERR_JWE_DECRYPTION_FAILED';\n }\n}\nJWEDecryptionFailed.code = 'ERR_JWE_DECRYPTION_FAILED';\nclass JWEInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWE_INVALID';\n }\n}\nJWEInvalid.code = 'ERR_JWE_INVALID';\nclass JWSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWS_INVALID';\n }\n}\nJWSInvalid.code = 'ERR_JWS_INVALID';\nclass JWTInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWT_INVALID';\n }\n}\nJWTInvalid.code = 'ERR_JWT_INVALID';\nclass JWKInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWK_INVALID';\n }\n}\nJWKInvalid.code = 'ERR_JWK_INVALID';\nclass JWKSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWKS_INVALID';\n }\n}\nJWKSInvalid.code = 'ERR_JWKS_INVALID';\nclass JWKSNoMatchingKey extends JOSEError {\n constructor(message = 'no applicable key found in the JSON Web Key Set', options) {\n super(message, options);\n this.code = 'ERR_JWKS_NO_MATCHING_KEY';\n }\n}\nJWKSNoMatchingKey.code = 'ERR_JWKS_NO_MATCHING_KEY';\nclass JWKSMultipleMatchingKeys extends JOSEError {\n constructor(message = 'multiple matching keys found in the JSON Web Key Set', options) {\n super(message, options);\n this.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\n }\n}\nJWKSMultipleMatchingKeys.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\nclass JWKSTimeout extends JOSEError {\n constructor(message = 'request timed out', options) {\n super(message, options);\n this.code = 'ERR_JWKS_TIMEOUT';\n }\n}\nJWKSTimeout.code = 'ERR_JWKS_TIMEOUT';\nclass JWSSignatureVerificationFailed extends JOSEError {\n constructor(message = 'signature verification failed', options) {\n super(message, options);\n this.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n }\n}\nJWSSignatureVerificationFailed.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n\nfunction unusable(name, prop = 'algorithm.name') {\n return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);\n}\nfunction isAlgorithm(algorithm, name) {\n return algorithm.name === name;\n}\nfunction getHashLength(hash) {\n return parseInt(hash.name.slice(4), 10);\n}\nfunction getNamedCurve(alg) {\n switch (alg) {\n case 'ES256':\n return 'P-256';\n case 'ES384':\n return 'P-384';\n case 'ES512':\n return 'P-521';\n default:\n throw new Error('unreachable');\n }\n}\nfunction checkUsage(key, usages) {\n if (usages.length && !usages.some((expected) => key.usages.includes(expected))) {\n let msg = 'CryptoKey does not support this operation, its usages must include ';\n if (usages.length > 2) {\n const last = usages.pop();\n msg += `one of ${usages.join(', ')}, or ${last}.`;\n }\n else if (usages.length === 2) {\n msg += `one of ${usages[0]} or ${usages[1]}.`;\n }\n else {\n msg += `${usages[0]}.`;\n }\n throw new TypeError(msg);\n }\n}\nfunction checkSigCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512': {\n if (!isAlgorithm(key.algorithm, 'HMAC'))\n throw unusable('HMAC');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'RS256':\n case 'RS384':\n case 'RS512': {\n if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5'))\n throw unusable('RSASSA-PKCS1-v1_5');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'PS256':\n case 'PS384':\n case 'PS512': {\n if (!isAlgorithm(key.algorithm, 'RSA-PSS'))\n throw unusable('RSA-PSS');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'EdDSA': {\n if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') {\n throw unusable('Ed25519 or Ed448');\n }\n break;\n }\n case 'Ed25519': {\n if (!isAlgorithm(key.algorithm, 'Ed25519'))\n throw unusable('Ed25519');\n break;\n }\n case 'ES256':\n case 'ES384':\n case 'ES512': {\n if (!isAlgorithm(key.algorithm, 'ECDSA'))\n throw unusable('ECDSA');\n const expected = getNamedCurve(alg);\n const actual = key.algorithm.namedCurve;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.namedCurve');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\n\nfunction message(msg, actual, ...types) {\n types = types.filter(Boolean);\n if (types.length > 2) {\n const last = types.pop();\n msg += `one of type ${types.join(', ')}, or ${last}.`;\n }\n else if (types.length === 2) {\n msg += `one of type ${types[0]} or ${types[1]}.`;\n }\n else {\n msg += `of type ${types[0]}.`;\n }\n if (actual == null) {\n msg += ` Received ${actual}`;\n }\n else if (typeof actual === 'function' && actual.name) {\n msg += ` Received function ${actual.name}`;\n }\n else if (typeof actual === 'object' && actual != null) {\n if (actual.constructor?.name) {\n msg += ` Received an instance of ${actual.constructor.name}`;\n }\n }\n return msg;\n}\nvar invalidKeyInput = (actual, ...types) => {\n return message('Key must be ', actual, ...types);\n};\nfunction withAlg(alg, actual, ...types) {\n return message(`Key for the ${alg} algorithm must be `, actual, ...types);\n}\n\nvar isKeyLike = (key) => {\n if (isCryptoKey(key)) {\n return true;\n }\n return key?.[Symbol.toStringTag] === 'KeyObject';\n};\nconst types = ['CryptoKey'];\n\nconst isDisjoint = (...headers) => {\n const sources = headers.filter(Boolean);\n if (sources.length === 0 || sources.length === 1) {\n return true;\n }\n let acc;\n for (const header of sources) {\n const parameters = Object.keys(header);\n if (!acc || acc.size === 0) {\n acc = new Set(parameters);\n continue;\n }\n for (const parameter of parameters) {\n if (acc.has(parameter)) {\n return false;\n }\n acc.add(parameter);\n }\n }\n return true;\n};\nvar isDisjoint$1 = isDisjoint;\n\nfunction isObjectLike(value) {\n return typeof value === 'object' && value !== null;\n}\nfunction isObject(input) {\n if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') {\n return false;\n }\n if (Object.getPrototypeOf(input) === null) {\n return true;\n }\n let proto = input;\n while (Object.getPrototypeOf(proto) !== null) {\n proto = Object.getPrototypeOf(proto);\n }\n return Object.getPrototypeOf(input) === proto;\n}\n\nvar checkKeyLength = (alg, key) => {\n if (alg.startsWith('RS') || alg.startsWith('PS')) {\n const { modulusLength } = key.algorithm;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);\n }\n }\n};\n\nfunction isJWK(key) {\n return isObject(key) && typeof key.kty === 'string';\n}\nfunction isPrivateJWK(key) {\n return key.kty !== 'oct' && typeof key.d === 'string';\n}\nfunction isPublicJWK(key) {\n return key.kty !== 'oct' && typeof key.d === 'undefined';\n}\nfunction isSecretJWK(key) {\n return isJWK(key) && key.kty === 'oct' && typeof key.k === 'string';\n}\n\nfunction subtleMapping(jwk) {\n let algorithm;\n let keyUsages;\n switch (jwk.kty) {\n case 'RSA': {\n switch (jwk.alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(jwk.alg.slice(-3), 10) || 1}`,\n };\n keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'EC': {\n switch (jwk.alg) {\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: 'ECDH', namedCurve: jwk.crv };\n keyUsages = jwk.d ? ['deriveBits'] : [];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'OKP': {\n switch (jwk.alg) {\n case 'Ed25519':\n algorithm = { name: 'Ed25519' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'EdDSA':\n algorithm = { name: jwk.crv };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: jwk.crv };\n keyUsages = jwk.d ? ['deriveBits'] : [];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"kty\" (Key Type) Parameter value');\n }\n return { algorithm, keyUsages };\n}\nconst parse = async (jwk) => {\n if (!jwk.alg) {\n throw new TypeError('\"alg\" argument is required when \"jwk.alg\" is not present');\n }\n const { algorithm, keyUsages } = subtleMapping(jwk);\n const rest = [\n algorithm,\n jwk.ext ?? false,\n jwk.key_ops ?? keyUsages,\n ];\n const keyData = { ...jwk };\n delete keyData.alg;\n delete keyData.use;\n return crypto$1.subtle.importKey('jwk', keyData, ...rest);\n};\nvar asKeyObject = parse;\n\nconst exportKeyValue = (k) => decode$1(k);\nlet privCache;\nlet pubCache;\nconst isKeyObject = (key) => {\n return key?.[Symbol.toStringTag] === 'KeyObject';\n};\nconst importAndCache = async (cache, key, jwk, alg, freeze = false) => {\n let cached = cache.get(key);\n if (cached?.[alg]) {\n return cached[alg];\n }\n const cryptoKey = await asKeyObject({ ...jwk, alg });\n if (freeze)\n Object.freeze(key);\n if (!cached) {\n cache.set(key, { [alg]: cryptoKey });\n }\n else {\n cached[alg] = cryptoKey;\n }\n return cryptoKey;\n};\nconst normalizePublicKey = (key, alg) => {\n if (isKeyObject(key)) {\n let jwk = key.export({ format: 'jwk' });\n delete jwk.d;\n delete jwk.dp;\n delete jwk.dq;\n delete jwk.p;\n delete jwk.q;\n delete jwk.qi;\n if (jwk.k) {\n return exportKeyValue(jwk.k);\n }\n pubCache || (pubCache = new WeakMap());\n return importAndCache(pubCache, key, jwk, alg);\n }\n if (isJWK(key)) {\n if (key.k)\n return decode$1(key.k);\n pubCache || (pubCache = new WeakMap());\n const cryptoKey = importAndCache(pubCache, key, key, alg, true);\n return cryptoKey;\n }\n return key;\n};\nconst normalizePrivateKey = (key, alg) => {\n if (isKeyObject(key)) {\n let jwk = key.export({ format: 'jwk' });\n if (jwk.k) {\n return exportKeyValue(jwk.k);\n }\n privCache || (privCache = new WeakMap());\n return importAndCache(privCache, key, jwk, alg);\n }\n if (isJWK(key)) {\n if (key.k)\n return decode$1(key.k);\n privCache || (privCache = new WeakMap());\n const cryptoKey = importAndCache(privCache, key, key, alg, true);\n return cryptoKey;\n }\n return key;\n};\nvar normalize = { normalizePublicKey, normalizePrivateKey };\n\nasync function importJWK(jwk, alg) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n alg || (alg = jwk.alg);\n switch (jwk.kty) {\n case 'oct':\n if (typeof jwk.k !== 'string' || !jwk.k) {\n throw new TypeError('missing \"k\" (Key Value) Parameter value');\n }\n return decode$1(jwk.k);\n case 'RSA':\n if ('oth' in jwk && jwk.oth !== undefined) {\n throw new JOSENotSupported('RSA JWK \"oth\" (Other Primes Info) Parameter value is not supported');\n }\n case 'EC':\n case 'OKP':\n return asKeyObject({ ...jwk, alg });\n default:\n throw new JOSENotSupported('Unsupported \"kty\" (Key Type) Parameter value');\n }\n}\n\nconst tag = (key) => key?.[Symbol.toStringTag];\nconst jwkMatchesOp = (alg, key, usage) => {\n if (key.use !== undefined && key.use !== 'sig') {\n throw new TypeError('Invalid key for this operation, when present its use must be sig');\n }\n if (key.key_ops !== undefined && key.key_ops.includes?.(usage) !== true) {\n throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${usage}`);\n }\n if (key.alg !== undefined && key.alg !== alg) {\n throw new TypeError(`Invalid key for this operation, when present its alg must be ${alg}`);\n }\n return true;\n};\nconst symmetricTypeCheck = (alg, key, usage, allowJwk) => {\n if (key instanceof Uint8Array)\n return;\n if (allowJwk && isJWK(key)) {\n if (isSecretJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for symmetric algorithms must have JWK \"kty\" (Key Type) equal to \"oct\" and the JWK \"k\" (Key Value) present`);\n }\n if (!isKeyLike(key)) {\n throw new TypeError(withAlg(alg, key, ...types, 'Uint8Array', allowJwk ? 'JSON Web Key' : null));\n }\n if (key.type !== 'secret') {\n throw new TypeError(`${tag(key)} instances for symmetric algorithms must be of type \"secret\"`);\n }\n};\nconst asymmetricTypeCheck = (alg, key, usage, allowJwk) => {\n if (allowJwk && isJWK(key)) {\n switch (usage) {\n case 'sign':\n if (isPrivateJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for this operation be a private JWK`);\n case 'verify':\n if (isPublicJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for this operation be a public JWK`);\n }\n }\n if (!isKeyLike(key)) {\n throw new TypeError(withAlg(alg, key, ...types, allowJwk ? 'JSON Web Key' : null));\n }\n if (key.type === 'secret') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithms must not be of type \"secret\"`);\n }\n if (usage === 'sign' && key.type === 'public') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm signing must be of type \"private\"`);\n }\n if (usage === 'decrypt' && key.type === 'public') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm decryption must be of type \"private\"`);\n }\n if (key.algorithm && usage === 'verify' && key.type === 'private') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm verifying must be of type \"public\"`);\n }\n if (key.algorithm && usage === 'encrypt' && key.type === 'private') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm encryption must be of type \"public\"`);\n }\n};\nfunction checkKeyType(allowJwk, alg, key, usage) {\n const symmetric = alg.startsWith('HS') ||\n alg === 'dir' ||\n alg.startsWith('PBES2') ||\n /^A\\d{3}(?:GCM)?KW$/.test(alg);\n if (symmetric) {\n symmetricTypeCheck(alg, key, usage, allowJwk);\n }\n else {\n asymmetricTypeCheck(alg, key, usage, allowJwk);\n }\n}\ncheckKeyType.bind(undefined, false);\nconst checkKeyTypeWithJwk = checkKeyType.bind(undefined, true);\n\nfunction validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {\n if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be integrity protected');\n }\n if (!protectedHeader || protectedHeader.crit === undefined) {\n return new Set();\n }\n if (!Array.isArray(protectedHeader.crit) ||\n protectedHeader.crit.length === 0 ||\n protectedHeader.crit.some((input) => typeof input !== 'string' || input.length === 0)) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present');\n }\n let recognized;\n if (recognizedOption !== undefined) {\n recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);\n }\n else {\n recognized = recognizedDefault;\n }\n for (const parameter of protectedHeader.crit) {\n if (!recognized.has(parameter)) {\n throw new JOSENotSupported(`Extension Header Parameter \"${parameter}\" is not recognized`);\n }\n if (joseHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" is missing`);\n }\n if (recognized.get(parameter) && protectedHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" MUST be integrity protected`);\n }\n }\n return new Set(protectedHeader.crit);\n}\n\nconst validateAlgorithms = (option, algorithms) => {\n if (algorithms !== undefined &&\n (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== 'string'))) {\n throw new TypeError(`\"${option}\" option must be an array of strings`);\n }\n if (!algorithms) {\n return undefined;\n }\n return new Set(algorithms);\n};\nvar validateAlgorithms$1 = validateAlgorithms;\n\nconst keyToJWK = async (key) => {\n if (key instanceof Uint8Array) {\n return {\n kty: 'oct',\n k: encode(key),\n };\n }\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n }\n if (!key.extractable) {\n throw new TypeError('non-extractable CryptoKey cannot be exported as a JWK');\n }\n const { ext, key_ops, alg, use, ...jwk } = await crypto$1.subtle.exportKey('jwk', key);\n return jwk;\n};\nvar keyToJWK$1 = keyToJWK;\n\nasync function exportJWK(key) {\n return keyToJWK$1(key);\n}\n\nfunction subtleDsa(alg, algorithm) {\n const hash = `SHA-${alg.slice(-3)}`;\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n return { hash, name: 'HMAC' };\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return { hash, name: 'RSA-PSS', saltLength: alg.slice(-3) >> 3 };\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return { hash, name: 'RSASSA-PKCS1-v1_5' };\n case 'ES256':\n case 'ES384':\n case 'ES512':\n return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve };\n case 'Ed25519':\n return { name: 'Ed25519' };\n case 'EdDSA':\n return { name: algorithm.name };\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n\nasync function getCryptoKey(alg, key, usage) {\n if (usage === 'sign') {\n key = await normalize.normalizePrivateKey(key, alg);\n }\n if (usage === 'verify') {\n key = await normalize.normalizePublicKey(key, alg);\n }\n if (isCryptoKey(key)) {\n checkSigCryptoKey(key, alg, usage);\n return key;\n }\n if (key instanceof Uint8Array) {\n if (!alg.startsWith('HS')) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n return crypto$1.subtle.importKey('raw', key, { hash: `SHA-${alg.slice(-3)}`, name: 'HMAC' }, false, [usage]);\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array', 'JSON Web Key'));\n}\n\nconst verify = async (alg, key, signature, data) => {\n const cryptoKey = await getCryptoKey(alg, key, 'verify');\n checkKeyLength(alg, cryptoKey);\n const algorithm = subtleDsa(alg, cryptoKey.algorithm);\n try {\n return await crypto$1.subtle.verify(algorithm, cryptoKey, signature, data);\n }\n catch {\n return false;\n }\n};\nvar verify$1 = verify;\n\nasync function flattenedVerify(jws, key, options) {\n if (!isObject(jws)) {\n throw new JWSInvalid('Flattened JWS must be an object');\n }\n if (jws.protected === undefined && jws.header === undefined) {\n throw new JWSInvalid('Flattened JWS must have either of the \"protected\" or \"header\" members');\n }\n if (jws.protected !== undefined && typeof jws.protected !== 'string') {\n throw new JWSInvalid('JWS Protected Header incorrect type');\n }\n if (jws.payload === undefined) {\n throw new JWSInvalid('JWS Payload missing');\n }\n if (typeof jws.signature !== 'string') {\n throw new JWSInvalid('JWS Signature missing or incorrect type');\n }\n if (jws.header !== undefined && !isObject(jws.header)) {\n throw new JWSInvalid('JWS Unprotected Header incorrect type');\n }\n let parsedProt = {};\n if (jws.protected) {\n try {\n const protectedHeader = decode$1(jws.protected);\n parsedProt = JSON.parse(decoder.decode(protectedHeader));\n }\n catch {\n throw new JWSInvalid('JWS Protected Header is invalid');\n }\n }\n if (!isDisjoint$1(parsedProt, jws.header)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...parsedProt,\n ...jws.header,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, parsedProt, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = parsedProt.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n const algorithms = options && validateAlgorithms$1('algorithms', options.algorithms);\n if (algorithms && !algorithms.has(alg)) {\n throw new JOSEAlgNotAllowed('\"alg\" (Algorithm) Header Parameter value not allowed');\n }\n if (b64) {\n if (typeof jws.payload !== 'string') {\n throw new JWSInvalid('JWS Payload must be a string');\n }\n }\n else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) {\n throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance');\n }\n let resolvedKey = false;\n if (typeof key === 'function') {\n key = await key(parsedProt, jws);\n resolvedKey = true;\n checkKeyTypeWithJwk(alg, key, 'verify');\n if (isJWK(key)) {\n key = await importJWK(key, alg);\n }\n }\n else {\n checkKeyTypeWithJwk(alg, key, 'verify');\n }\n const data = concat(encoder.encode(jws.protected ?? ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);\n let signature;\n try {\n signature = decode$1(jws.signature);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the signature');\n }\n const verified = await verify$1(alg, key, signature, data);\n if (!verified) {\n throw new JWSSignatureVerificationFailed();\n }\n let payload;\n if (b64) {\n try {\n payload = decode$1(jws.payload);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the payload');\n }\n }\n else if (typeof jws.payload === 'string') {\n payload = encoder.encode(jws.payload);\n }\n else {\n payload = jws.payload;\n }\n const result = { payload };\n if (jws.protected !== undefined) {\n result.protectedHeader = parsedProt;\n }\n if (jws.header !== undefined) {\n result.unprotectedHeader = jws.header;\n }\n if (resolvedKey) {\n return { ...result, key };\n }\n return result;\n}\n\nasync function compactVerify(jws, key, options) {\n if (jws instanceof Uint8Array) {\n jws = decoder.decode(jws);\n }\n if (typeof jws !== 'string') {\n throw new JWSInvalid('Compact JWS must be a string or Uint8Array');\n }\n const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split('.');\n if (length !== 3) {\n throw new JWSInvalid('Invalid Compact JWS');\n }\n const verified = await flattenedVerify({ payload, protected: protectedHeader, signature }, key, options);\n const result = { payload: verified.payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n\nvar epoch = (date) => Math.floor(date.getTime() / 1000);\n\nconst minute = 60;\nconst hour = minute * 60;\nconst day = hour * 24;\nconst week = day * 7;\nconst year = day * 365.25;\nconst REGEX = /^(\\+|\\-)? ?(\\d+|\\d+\\.\\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;\nvar secs = (str) => {\n const matched = REGEX.exec(str);\n if (!matched || (matched[4] && matched[1])) {\n throw new TypeError('Invalid time period format');\n }\n const value = parseFloat(matched[2]);\n const unit = matched[3].toLowerCase();\n let numericDate;\n switch (unit) {\n case 'sec':\n case 'secs':\n case 'second':\n case 'seconds':\n case 's':\n numericDate = Math.round(value);\n break;\n case 'minute':\n case 'minutes':\n case 'min':\n case 'mins':\n case 'm':\n numericDate = Math.round(value * minute);\n break;\n case 'hour':\n case 'hours':\n case 'hr':\n case 'hrs':\n case 'h':\n numericDate = Math.round(value * hour);\n break;\n case 'day':\n case 'days':\n case 'd':\n numericDate = Math.round(value * day);\n break;\n case 'week':\n case 'weeks':\n case 'w':\n numericDate = Math.round(value * week);\n break;\n default:\n numericDate = Math.round(value * year);\n break;\n }\n if (matched[1] === '-' || matched[4] === 'ago') {\n return -numericDate;\n }\n return numericDate;\n};\n\nconst normalizeTyp = (value) => value.toLowerCase().replace(/^application\\//, '');\nconst checkAudiencePresence = (audPayload, audOption) => {\n if (typeof audPayload === 'string') {\n return audOption.includes(audPayload);\n }\n if (Array.isArray(audPayload)) {\n return audOption.some(Set.prototype.has.bind(new Set(audPayload)));\n }\n return false;\n};\nvar jwtPayload = (protectedHeader, encodedPayload, options = {}) => {\n let payload;\n try {\n payload = JSON.parse(decoder.decode(encodedPayload));\n }\n catch {\n }\n if (!isObject(payload)) {\n throw new JWTInvalid('JWT Claims Set must be a top-level JSON object');\n }\n const { typ } = options;\n if (typ &&\n (typeof protectedHeader.typ !== 'string' ||\n normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {\n throw new JWTClaimValidationFailed('unexpected \"typ\" JWT header value', payload, 'typ', 'check_failed');\n }\n const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;\n const presenceCheck = [...requiredClaims];\n if (maxTokenAge !== undefined)\n presenceCheck.push('iat');\n if (audience !== undefined)\n presenceCheck.push('aud');\n if (subject !== undefined)\n presenceCheck.push('sub');\n if (issuer !== undefined)\n presenceCheck.push('iss');\n for (const claim of new Set(presenceCheck.reverse())) {\n if (!(claim in payload)) {\n throw new JWTClaimValidationFailed(`missing required \"${claim}\" claim`, payload, claim, 'missing');\n }\n }\n if (issuer &&\n !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {\n throw new JWTClaimValidationFailed('unexpected \"iss\" claim value', payload, 'iss', 'check_failed');\n }\n if (subject && payload.sub !== subject) {\n throw new JWTClaimValidationFailed('unexpected \"sub\" claim value', payload, 'sub', 'check_failed');\n }\n if (audience &&\n !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {\n throw new JWTClaimValidationFailed('unexpected \"aud\" claim value', payload, 'aud', 'check_failed');\n }\n let tolerance;\n switch (typeof options.clockTolerance) {\n case 'string':\n tolerance = secs(options.clockTolerance);\n break;\n case 'number':\n tolerance = options.clockTolerance;\n break;\n case 'undefined':\n tolerance = 0;\n break;\n default:\n throw new TypeError('Invalid clockTolerance option type');\n }\n const { currentDate } = options;\n const now = epoch(currentDate || new Date());\n if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') {\n throw new JWTClaimValidationFailed('\"iat\" claim must be a number', payload, 'iat', 'invalid');\n }\n if (payload.nbf !== undefined) {\n if (typeof payload.nbf !== 'number') {\n throw new JWTClaimValidationFailed('\"nbf\" claim must be a number', payload, 'nbf', 'invalid');\n }\n if (payload.nbf > now + tolerance) {\n throw new JWTClaimValidationFailed('\"nbf\" claim timestamp check failed', payload, 'nbf', 'check_failed');\n }\n }\n if (payload.exp !== undefined) {\n if (typeof payload.exp !== 'number') {\n throw new JWTClaimValidationFailed('\"exp\" claim must be a number', payload, 'exp', 'invalid');\n }\n if (payload.exp <= now - tolerance) {\n throw new JWTExpired('\"exp\" claim timestamp check failed', payload, 'exp', 'check_failed');\n }\n }\n if (maxTokenAge) {\n const age = now - payload.iat;\n const max = typeof maxTokenAge === 'number' ? maxTokenAge : secs(maxTokenAge);\n if (age - tolerance > max) {\n throw new JWTExpired('\"iat\" claim timestamp check failed (too far in the past)', payload, 'iat', 'check_failed');\n }\n if (age < 0 - tolerance) {\n throw new JWTClaimValidationFailed('\"iat\" claim timestamp check failed (it should be in the past)', payload, 'iat', 'check_failed');\n }\n }\n return payload;\n};\n\nasync function jwtVerify(jwt, key, options) {\n const verified = await compactVerify(jwt, key, options);\n if (verified.protectedHeader.crit?.includes('b64') && verified.protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n const payload = jwtPayload(verified.protectedHeader, verified.payload, options);\n const result = { payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n\nconst sign = async (alg, key, data) => {\n const cryptoKey = await getCryptoKey(alg, key, 'sign');\n checkKeyLength(alg, cryptoKey);\n const signature = await crypto$1.subtle.sign(subtleDsa(alg, cryptoKey.algorithm), cryptoKey, data);\n return new Uint8Array(signature);\n};\nvar sign$1 = sign;\n\nclass FlattenedSign {\n constructor(payload) {\n if (!(payload instanceof Uint8Array)) {\n throw new TypeError('payload must be an instance of Uint8Array');\n }\n this._payload = payload;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = unprotectedHeader;\n return this;\n }\n async sign(key, options) {\n if (!this._protectedHeader && !this._unprotectedHeader) {\n throw new JWSInvalid('either setProtectedHeader or setUnprotectedHeader must be called before #sign()');\n }\n if (!isDisjoint$1(this._protectedHeader, this._unprotectedHeader)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, this._protectedHeader, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = this._protectedHeader.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n checkKeyTypeWithJwk(alg, key, 'sign');\n let payload = this._payload;\n if (b64) {\n payload = encoder.encode(encode(payload));\n }\n let protectedHeader;\n if (this._protectedHeader) {\n protectedHeader = encoder.encode(encode(JSON.stringify(this._protectedHeader)));\n }\n else {\n protectedHeader = encoder.encode('');\n }\n const data = concat(protectedHeader, encoder.encode('.'), payload);\n const signature = await sign$1(alg, key, data);\n const jws = {\n signature: encode(signature),\n payload: '',\n };\n if (b64) {\n jws.payload = decoder.decode(payload);\n }\n if (this._unprotectedHeader) {\n jws.header = this._unprotectedHeader;\n }\n if (this._protectedHeader) {\n jws.protected = decoder.decode(protectedHeader);\n }\n return jws;\n }\n}\n\nclass CompactSign {\n constructor(payload) {\n this._flattened = new FlattenedSign(payload);\n }\n setProtectedHeader(protectedHeader) {\n this._flattened.setProtectedHeader(protectedHeader);\n return this;\n }\n async sign(key, options) {\n const jws = await this._flattened.sign(key, options);\n if (jws.payload === undefined) {\n throw new TypeError('use the flattened module for creating JWS with b64: false');\n }\n return `${jws.protected}.${jws.payload}.${jws.signature}`;\n }\n}\n\nfunction validateInput(label, input) {\n if (!Number.isFinite(input)) {\n throw new TypeError(`Invalid ${label} input`);\n }\n return input;\n}\nclass ProduceJWT {\n constructor(payload = {}) {\n if (!isObject(payload)) {\n throw new TypeError('JWT Claims Set MUST be an object');\n }\n this._payload = payload;\n }\n setIssuer(issuer) {\n this._payload = { ...this._payload, iss: issuer };\n return this;\n }\n setSubject(subject) {\n this._payload = { ...this._payload, sub: subject };\n return this;\n }\n setAudience(audience) {\n this._payload = { ...this._payload, aud: audience };\n return this;\n }\n setJti(jwtId) {\n this._payload = { ...this._payload, jti: jwtId };\n return this;\n }\n setNotBefore(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, nbf: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setExpirationTime(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, exp: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setIssuedAt(input) {\n if (typeof input === 'undefined') {\n this._payload = { ...this._payload, iat: epoch(new Date()) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', epoch(input)) };\n }\n else if (typeof input === 'string') {\n this._payload = {\n ...this._payload,\n iat: validateInput('setIssuedAt', epoch(new Date()) + secs(input)),\n };\n }\n else {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', input) };\n }\n return this;\n }\n}\n\nclass SignJWT extends ProduceJWT {\n setProtectedHeader(protectedHeader) {\n this._protectedHeader = protectedHeader;\n return this;\n }\n async sign(key, options) {\n const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));\n sig.setProtectedHeader(this._protectedHeader);\n if (Array.isArray(this._protectedHeader?.crit) &&\n this._protectedHeader.crit.includes('b64') &&\n this._protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n return sig.sign(key, options);\n }\n}\n\nconst check = (value, description) => {\n if (typeof value !== 'string' || !value) {\n throw new JWKInvalid(`${description} missing or invalid`);\n }\n};\nasync function calculateJwkThumbprint(jwk, digestAlgorithm) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n digestAlgorithm ?? (digestAlgorithm = 'sha256');\n if (digestAlgorithm !== 'sha256' &&\n digestAlgorithm !== 'sha384' &&\n digestAlgorithm !== 'sha512') {\n throw new TypeError('digestAlgorithm must one of \"sha256\", \"sha384\", or \"sha512\"');\n }\n let components;\n switch (jwk.kty) {\n case 'EC':\n check(jwk.crv, '\"crv\" (Curve) Parameter');\n check(jwk.x, '\"x\" (X Coordinate) Parameter');\n check(jwk.y, '\"y\" (Y Coordinate) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };\n break;\n case 'OKP':\n check(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter');\n check(jwk.x, '\"x\" (Public Key) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x };\n break;\n case 'RSA':\n check(jwk.e, '\"e\" (Exponent) Parameter');\n check(jwk.n, '\"n\" (Modulus) Parameter');\n components = { e: jwk.e, kty: jwk.kty, n: jwk.n };\n break;\n case 'oct':\n check(jwk.k, '\"k\" (Key Value) Parameter');\n components = { k: jwk.k, kty: jwk.kty };\n break;\n default:\n throw new JOSENotSupported('\"kty\" (Key Type) Parameter missing or unsupported');\n }\n const data = encoder.encode(JSON.stringify(components));\n return encode(await digest$1(digestAlgorithm, data));\n}\n\nfunction getKtyFromAlg(alg) {\n switch (typeof alg === 'string' && alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n return 'RSA';\n case 'ES':\n return 'EC';\n case 'Ed':\n return 'OKP';\n default:\n throw new JOSENotSupported('Unsupported \"alg\" value for a JSON Web Key Set');\n }\n}\nfunction isJWKSLike(jwks) {\n return (jwks &&\n typeof jwks === 'object' &&\n Array.isArray(jwks.keys) &&\n jwks.keys.every(isJWKLike));\n}\nfunction isJWKLike(key) {\n return isObject(key);\n}\nfunction clone(obj) {\n if (typeof structuredClone === 'function') {\n return structuredClone(obj);\n }\n return JSON.parse(JSON.stringify(obj));\n}\nclass LocalJWKSet {\n constructor(jwks) {\n this._cached = new WeakMap();\n if (!isJWKSLike(jwks)) {\n throw new JWKSInvalid('JSON Web Key Set malformed');\n }\n this._jwks = clone(jwks);\n }\n async getKey(protectedHeader, token) {\n const { alg, kid } = { ...protectedHeader, ...token?.header };\n const kty = getKtyFromAlg(alg);\n const candidates = this._jwks.keys.filter((jwk) => {\n let candidate = kty === jwk.kty;\n if (candidate && typeof kid === 'string') {\n candidate = kid === jwk.kid;\n }\n if (candidate && typeof jwk.alg === 'string') {\n candidate = alg === jwk.alg;\n }\n if (candidate && typeof jwk.use === 'string') {\n candidate = jwk.use === 'sig';\n }\n if (candidate && Array.isArray(jwk.key_ops)) {\n candidate = jwk.key_ops.includes('verify');\n }\n if (candidate) {\n switch (alg) {\n case 'ES256':\n candidate = jwk.crv === 'P-256';\n break;\n case 'ES256K':\n candidate = jwk.crv === 'secp256k1';\n break;\n case 'ES384':\n candidate = jwk.crv === 'P-384';\n break;\n case 'ES512':\n candidate = jwk.crv === 'P-521';\n break;\n case 'Ed25519':\n candidate = jwk.crv === 'Ed25519';\n break;\n case 'EdDSA':\n candidate = jwk.crv === 'Ed25519' || jwk.crv === 'Ed448';\n break;\n }\n }\n return candidate;\n });\n const { 0: jwk, length } = candidates;\n if (length === 0) {\n throw new JWKSNoMatchingKey();\n }\n if (length !== 1) {\n const error = new JWKSMultipleMatchingKeys();\n const { _cached } = this;\n error[Symbol.asyncIterator] = async function* () {\n for (const jwk of candidates) {\n try {\n yield await importWithAlgCache(_cached, jwk, alg);\n }\n catch { }\n }\n };\n throw error;\n }\n return importWithAlgCache(this._cached, jwk, alg);\n }\n}\nasync function importWithAlgCache(cache, jwk, alg) {\n const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk);\n if (cached[alg] === undefined) {\n const key = await importJWK({ ...jwk, ext: true }, alg);\n if (key instanceof Uint8Array || key.type !== 'public') {\n throw new JWKSInvalid('JSON Web Key Set members must be public keys');\n }\n cached[alg] = key;\n }\n return cached[alg];\n}\nfunction createLocalJWKSet(jwks) {\n const set = new LocalJWKSet(jwks);\n const localJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);\n Object.defineProperties(localJWKSet, {\n jwks: {\n value: () => clone(set._jwks),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n });\n return localJWKSet;\n}\n\nconst fetchJwks = async (url, timeout, options) => {\n let controller;\n let id;\n let timedOut = false;\n if (typeof AbortController === 'function') {\n controller = new AbortController();\n id = setTimeout(() => {\n timedOut = true;\n controller.abort();\n }, timeout);\n }\n const response = await fetch(url.href, {\n signal: controller ? controller.signal : undefined,\n redirect: 'manual',\n headers: options.headers,\n }).catch((err) => {\n if (timedOut)\n throw new JWKSTimeout();\n throw err;\n });\n if (id !== undefined)\n clearTimeout(id);\n if (response.status !== 200) {\n throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');\n }\n try {\n return await response.json();\n }\n catch {\n throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');\n }\n};\nvar fetchJwks$1 = fetchJwks;\n\nfunction isCloudflareWorkers() {\n return (typeof WebSocketPair !== 'undefined' ||\n (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') ||\n (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel'));\n}\nlet USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'jose';\n const VERSION = 'v5.10.0';\n USER_AGENT = `${NAME}/${VERSION}`;\n}\nconst jwksCache = Symbol();\nfunction isFreshJwksCache(input, cacheMaxAge) {\n if (typeof input !== 'object' || input === null) {\n return false;\n }\n if (!('uat' in input) || typeof input.uat !== 'number' || Date.now() - input.uat >= cacheMaxAge) {\n return false;\n }\n if (!('jwks' in input) ||\n !isObject(input.jwks) ||\n !Array.isArray(input.jwks.keys) ||\n !Array.prototype.every.call(input.jwks.keys, isObject)) {\n return false;\n }\n return true;\n}\nclass RemoteJWKSet {\n constructor(url, options) {\n if (!(url instanceof URL)) {\n throw new TypeError('url must be an instance of URL');\n }\n this._url = new URL(url.href);\n this._options = { agent: options?.agent, headers: options?.headers };\n this._timeoutDuration =\n typeof options?.timeoutDuration === 'number' ? options?.timeoutDuration : 5000;\n this._cooldownDuration =\n typeof options?.cooldownDuration === 'number' ? options?.cooldownDuration : 30000;\n this._cacheMaxAge = typeof options?.cacheMaxAge === 'number' ? options?.cacheMaxAge : 600000;\n if (options?.[jwksCache] !== undefined) {\n this._cache = options?.[jwksCache];\n if (isFreshJwksCache(options?.[jwksCache], this._cacheMaxAge)) {\n this._jwksTimestamp = this._cache.uat;\n this._local = createLocalJWKSet(this._cache.jwks);\n }\n }\n }\n coolingDown() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cooldownDuration\n : false;\n }\n fresh() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cacheMaxAge\n : false;\n }\n async getKey(protectedHeader, token) {\n if (!this._local || !this.fresh()) {\n await this.reload();\n }\n try {\n return await this._local(protectedHeader, token);\n }\n catch (err) {\n if (err instanceof JWKSNoMatchingKey) {\n if (this.coolingDown() === false) {\n await this.reload();\n return this._local(protectedHeader, token);\n }\n }\n throw err;\n }\n }\n async reload() {\n if (this._pendingFetch && isCloudflareWorkers()) {\n this._pendingFetch = undefined;\n }\n const headers = new Headers(this._options.headers);\n if (USER_AGENT && !headers.has('User-Agent')) {\n headers.set('User-Agent', USER_AGENT);\n this._options.headers = Object.fromEntries(headers.entries());\n }\n this._pendingFetch || (this._pendingFetch = fetchJwks$1(this._url, this._timeoutDuration, this._options)\n .then((json) => {\n this._local = createLocalJWKSet(json);\n if (this._cache) {\n this._cache.uat = Date.now();\n this._cache.jwks = json;\n }\n this._jwksTimestamp = Date.now();\n this._pendingFetch = undefined;\n })\n .catch((err) => {\n this._pendingFetch = undefined;\n throw err;\n }));\n await this._pendingFetch;\n }\n}\nfunction createRemoteJWKSet(url, options) {\n const set = new RemoteJWKSet(url, options);\n const remoteJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);\n Object.defineProperties(remoteJWKSet, {\n coolingDown: {\n get: () => set.coolingDown(),\n enumerable: true,\n configurable: false,\n },\n fresh: {\n get: () => set.fresh(),\n enumerable: true,\n configurable: false,\n },\n reload: {\n value: () => set.reload(),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n reloading: {\n get: () => !!set._pendingFetch,\n enumerable: true,\n configurable: false,\n },\n jwks: {\n value: () => set._local?.jwks(),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n });\n return remoteJWKSet;\n}\n\nconst decode = decode$1;\n\nfunction decodeJwt(jwt) {\n if (typeof jwt !== 'string')\n throw new JWTInvalid('JWTs must use Compact JWS serialization, JWT must be a string');\n const { 1: payload, length } = jwt.split('.');\n if (length === 5)\n throw new JWTInvalid('Only JWTs using Compact JWS serialization can be decoded');\n if (length !== 3)\n throw new JWTInvalid('Invalid JWT');\n if (!payload)\n throw new JWTInvalid('JWTs must contain a payload');\n let decoded;\n try {\n decoded = decode(payload);\n }\n catch {\n throw new JWTInvalid('Failed to base64url decode the payload');\n }\n let result;\n try {\n result = JSON.parse(decoder.decode(decoded));\n }\n catch {\n throw new JWTInvalid('Failed to parse the decoded payload as JSON');\n }\n if (!isObject(result))\n throw new JWTInvalid('Invalid JWT Claims Set');\n return result;\n}\n\nfunction getModulusLengthOption(options) {\n const modulusLength = options?.modulusLength ?? 2048;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');\n }\n return modulusLength;\n}\nasync function generateKeyPair$1(alg, options) {\n let algorithm;\n let keyUsages;\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['decrypt', 'unwrapKey', 'encrypt', 'wrapKey'];\n break;\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'Ed25519':\n algorithm = { name: 'Ed25519' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'EdDSA': {\n keyUsages = ['sign', 'verify'];\n const crv = options?.crv ?? 'Ed25519';\n switch (crv) {\n case 'Ed25519':\n case 'Ed448':\n algorithm = { name: crv };\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided');\n }\n break;\n }\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n keyUsages = ['deriveKey', 'deriveBits'];\n const crv = options?.crv ?? 'P-256';\n switch (crv) {\n case 'P-256':\n case 'P-384':\n case 'P-521': {\n algorithm = { name: 'ECDH', namedCurve: crv };\n break;\n }\n case 'X25519':\n case 'X448':\n algorithm = { name: crv };\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');\n }\n break;\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n return crypto$1.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);\n}\n\nasync function generateKeyPair(alg, options) {\n return generateKeyPair$1(alg, options);\n}\n\n/**\n * When the client does not have a webid profile document, use this.\n *\n * @param registration_endpoint\n * @param redirect__uris\n * @returns\n */\nconst requestDynamicClientRegistration = async (registration_endpoint, client_details) => {\n // prepare dynamic client registration\n const client_registration_request_body = {\n ...client_details,\n grant_types: [\"authorization_code\", \"refresh_token\"],\n // id_token_signed_response_alg: \"ES256\", // omitting as NSS does not support ES256 while CSS does not support RS256\n token_endpoint_auth_method: \"none\",\n application_type: \"web\",\n subject_type: \"public\",\n };\n // register\n return fetch(registration_endpoint, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(client_registration_request_body),\n });\n};\n\n/**\n * Login with the idp, using a provided `client_id` or dynamic client registration if none provided.\n *\n * @param idp\n * @param redirect_uri\n */\nconst redirectForLogin = async (idp, redirect_uri, client_details) => {\n // RFC 6749 - Section 3.1.2 - sanitize redirect_uri\n const redirect_uri_ = new URL(redirect_uri);\n const redirect_uri_sane = redirect_uri_.origin + redirect_uri_.pathname + redirect_uri_.search;\n // lookup openid configuration of idp\n const idp_origin = new URL(idp).origin;\n const openid_configuration = await fetch(`${idp_origin}/.well-known/openid-configuration`)\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n // RFC 9207 iss check: remember the identity provider (idp) / issuer (iss) - relaxing for trailing slash\n const issuer = openid_configuration[\"issuer\"];\n const trim_trailing_slash = (url) => (url.endsWith('/') ? url.slice(0, -1) : url);\n if (trim_trailing_slash(idp) !== trim_trailing_slash(issuer)) { // expected idp matches received issuer mod trailing slash?\n throw new Error(\"RFC 9207 - iss !== idp - \" + issuer + \" !== \" + idp);\n }\n sessionStorage.setItem(\"idp\", issuer);\n // remember token endpoint\n sessionStorage.setItem(\"token_endpoint\", openid_configuration[\"token_endpoint\"]);\n // remember jwks_uri for later token verification\n sessionStorage.setItem(\"jwks_uri\", openid_configuration[\"jwks_uri\"]);\n let client_id = client_details?.client_id;\n // no client_id => attempt dynamic registration\n if (!client_id) {\n // use registration endpoint\n const registration_endpoint = openid_configuration[\"registration_endpoint\"];\n // get client registration\n const client_registration = await requestDynamicClientRegistration(registration_endpoint, client_details ?? { redirect_uris: [redirect_uri_sane] })\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n client_id = client_registration[\"client_id\"];\n }\n // remember client_id if not URL\n try {\n new URL(client_id);\n }\n catch {\n sessionStorage.setItem(\"client_id\", client_id);\n }\n // RFC 7636 PKCE, remember code verifer\n const { pkce_code_verifier, pkce_code_challenge } = await getPKCEcode();\n sessionStorage.setItem(\"pkce_code_verifier\", pkce_code_verifier);\n // RFC 6749 OAuth 2.0 - CSRF token\n const csrf_token = window.crypto.randomUUID();\n sessionStorage.setItem(\"csrf_token\", csrf_token);\n // redirect to idp\n const redirect_to_idp = openid_configuration[\"authorization_endpoint\"] +\n `?response_type=code` +\n `&redirect_uri=${encodeURIComponent(redirect_uri_sane)}` +\n `&scope=openid offline_access webid` +\n `&client_id=${encodeURIComponent(client_id)}` +\n `&code_challenge_method=S256` +\n `&code_challenge=${pkce_code_challenge}` +\n `&state=${csrf_token}` +\n `&prompt=consent`; // this query parameter value MUST be present for CSS v7 to issue a refresh token ( // TODO open issue because prompting is the default behaviour but without this query param no refresh token is provided despite the \"remember this client\" box being checked)\n window.location.href = redirect_to_idp;\n};\n/**\n * RFC 7636 PKCE\n * @returns PKCE code verifier and PKCE code challenge\n */\nconst getPKCEcode = async () => {\n // create random string as PKCE code verifier\n const pkce_code_verifier = window.crypto.randomUUID() + \"-\" + window.crypto.randomUUID();\n // hash the verifier and base64URL encode as PKCE code challenge\n const digest = new Uint8Array(await window.crypto.subtle.digest(\"SHA-256\", new TextEncoder().encode(pkce_code_verifier)));\n const pkce_code_challenge = btoa(String.fromCharCode(...digest))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n return { pkce_code_verifier, pkce_code_challenge };\n};\n/**\n * On incoming redirect from OpenID provider (idp/iss),\n * URL contains authrization code, issuer (idp) and state (csrf token),\n * get an access token for the authrization code.\n */\nconst onIncomingRedirect = async (client_details, database) => {\n const url = new URL(window.location.href);\n // authorization code\n const authorization_code = url.searchParams.get(\"code\");\n // if no code, session remains unauthenticated at this point\n if (authorization_code === null) {\n return { clientDetails: client_details };\n }\n // RFC 9207 issuer check\n const idp = sessionStorage.getItem(\"idp\");\n if (idp === null || url.searchParams.get(\"iss\") !== idp) {\n throw new Error(\"RFC 9207 - iss !== idp - \" + url.searchParams.get(\"iss\") + \" !== \" + idp);\n }\n // RFC 6749 OAuth 2.0\n if (url.searchParams.get(\"state\") !== sessionStorage.getItem(\"csrf_token\")) {\n throw new Error(\"RFC 6749 - state !== csrf_token - \" + url.searchParams.get(\"state\") + \" !== \" + sessionStorage.getItem(\"csrf_token\"));\n }\n // remove redirect query parameters from URL\n url.searchParams.delete(\"iss\");\n url.searchParams.delete(\"state\");\n url.searchParams.delete(\"code\");\n window.history.pushState({}, document.title, url.toString());\n // prepare token request\n const pkce_code_verifier = sessionStorage.getItem(\"pkce_code_verifier\");\n if (pkce_code_verifier === null) {\n throw new Error(\"Access Token Request preparation - Could not find in sessionStorage: pkce_code_verifier\");\n }\n const client_id = client_details?.client_id || sessionStorage.getItem(\"client_id\");\n if (!client_id) {\n throw new Error(\"Access Token Request preparation - Could not find in sessionStorage: client_id (dynamic registration)\");\n }\n const token_endpoint = sessionStorage.getItem(\"token_endpoint\");\n if (token_endpoint === null) {\n throw new Error(\"Access Token Request preparation - Could not find in sessionStorage: token_endpoint\");\n }\n // RFC 9449 DPoP\n const key_pair = await generateKeyPair(\"ES256\");\n // get access token\n const token_response = await requestAccessToken(authorization_code, pkce_code_verifier, url.toString(), client_id, token_endpoint, key_pair)\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n // verify access_token // ! Solid-OIDC specification says it should be a dpop-bound `id token` but implementations provide a dpop-bound `access token`\n const accessToken = token_response[\"access_token\"];\n const jwks_uri = sessionStorage.getItem(\"jwks_uri\");\n if (jwks_uri === null) {\n throw new Error(\"Access Token validation preparation - Could not find in sessionStorage: jwks_uri\");\n }\n const jwks = createRemoteJWKSet(new URL(jwks_uri));\n const { payload } = await jwtVerify(accessToken, jwks, {\n issuer: idp, // RFC 9207\n audience: \"solid\", // RFC 7519 // ! \"solid\" as per implementations ...\n // exp, nbf, iat - handled automatically\n });\n // check dpop thumbprint\n const dpopThumbprint = await calculateJwkThumbprint(await exportJWK(key_pair.publicKey));\n if (payload[\"cnf\"][\"jkt\"] !== dpopThumbprint) {\n throw new Error(\"Access Token validation failed on `jkt`: jkt !== DPoP thumbprint - \" + payload[\"cnf\"][\"jkt\"] + \" !== \" + dpopThumbprint);\n }\n // check client_id\n if (payload[\"client_id\"] !== client_id) {\n throw new Error(\"Access Token validation failed on `client_id`: JWT payload !== client_id - \" + payload[\"client_id\"] + \" !== \" + client_id);\n }\n // summarise session info\n const token_details = { ...token_response, dpop_key_pair: key_pair };\n const idp_details = { idp, jwks_uri, token_endpoint };\n if (!client_details)\n client_details = { redirect_uris: [url.toString()] };\n client_details.client_id = client_id;\n // and persist refresh token details\n if (database) {\n await database.init();\n await Promise.all([\n database.setItem(\"idp\", idp),\n database.setItem(\"jwks_uri\", jwks_uri),\n database.setItem(\"token_endpoint\", token_endpoint),\n database.setItem(\"client_id\", client_id),\n database.setItem(\"dpop_keypair\", key_pair),\n database.setItem(\"refresh_token\", token_response[\"refresh_token\"])\n ]);\n database.close();\n }\n // clean session storage\n sessionStorage.removeItem(\"csrf_token\");\n sessionStorage.removeItem(\"pkce_code_verifier\");\n sessionStorage.removeItem(\"idp\");\n sessionStorage.removeItem(\"jwks_uri\");\n sessionStorage.removeItem(\"token_endpoint\");\n sessionStorage.removeItem(\"client_id\");\n // return session information\n return {\n clientDetails: client_details,\n idpDetails: idp_details,\n tokenDetails: token_details\n };\n};\n/**\n * Request an dpop-bound access token from a token endpoint\n * @param authorization_code\n * @param pkce_code_verifier\n * @param redirect_uri\n * @param client_id\n * @param token_endpoint\n * @param key_pair\n * @returns\n */\nconst requestAccessToken = async (authorization_code, pkce_code_verifier, redirect_uri, client_id, token_endpoint, key_pair) => {\n // prepare public key to bind access token to\n const jwk_public_key = await exportJWK(key_pair.publicKey);\n jwk_public_key.alg = \"ES256\";\n // sign the access token request DPoP token\n const dpop = await new SignJWT({\n htu: token_endpoint,\n htm: \"POST\",\n })\n .setIssuedAt()\n .setJti(window.crypto.randomUUID())\n .setProtectedHeader({\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: jwk_public_key,\n })\n .sign(key_pair.privateKey);\n return fetch(token_endpoint, {\n method: \"POST\",\n headers: {\n dpop,\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n code: authorization_code,\n code_verifier: pkce_code_verifier,\n redirect_uri: redirect_uri,\n client_id: client_id,\n }),\n });\n};\n\nconst renewTokens = async (sessionDatabase) => {\n // remember session details\n try {\n await sessionDatabase.init();\n const client_id = await sessionDatabase.getItem(\"client_id\");\n const token_endpoint = await sessionDatabase.getItem(\"token_endpoint\");\n const key_pair = await sessionDatabase.getItem(\"dpop_keypair\");\n const refresh_token = await sessionDatabase.getItem(\"refresh_token\");\n if (client_id === null || token_endpoint === null || key_pair === null || refresh_token === null) {\n // we can not restore the old session\n throw new Error(\"Could not refresh tokens: details missing from database.\");\n }\n const token_response = await requestFreshTokens(refresh_token, client_id, token_endpoint, key_pair)\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n // verify access_token // ! Solid-OIDC specification says it should be a dpop-bound `id token` but implementations provide a dpop-bound `access token`\n const accessToken = token_response[\"access_token\"];\n const idp = await sessionDatabase.getItem(\"idp\");\n if (idp === null) {\n throw new Error(\"Access Token validation preparation - Could not find in sessionDatabase: idp\");\n }\n const jwks_uri = await sessionDatabase.getItem(\"jwks_uri\");\n if (jwks_uri === null) {\n throw new Error(\"Access Token validation preparation - Could not find in sessionDatabase: jwks_uri\");\n }\n const jwks = createRemoteJWKSet(new URL(jwks_uri));\n const { payload } = await jwtVerify(accessToken, jwks, {\n issuer: idp, // RFC 9207\n audience: \"solid\", // RFC 7519 // ! \"solid\" as per implementations ...\n // exp, nbf, iat - handled automatically\n });\n // check dpop thumbprint\n const dpopThumbprint = await calculateJwkThumbprint(await exportJWK(key_pair.publicKey));\n if (payload[\"cnf\"][\"jkt\"] !== dpopThumbprint) {\n throw new Error(\"Access Token validation failed on `jkt`: jkt !== DPoP thumbprint - \" + payload[\"cnf\"][\"jkt\"] + \" !== \" + dpopThumbprint);\n }\n // check client_id\n if (payload[\"client_id\"] !== client_id) {\n throw new Error(\"Access Token validation failed on `client_id`: JWT payload !== client_id - \" + payload[\"client_id\"] + \" !== \" + client_id);\n }\n // set new refresh token for token rotation\n await sessionDatabase.setItem(\"refresh_token\", token_response[\"refresh_token\"]);\n return {\n ...token_response,\n dpop_key_pair: key_pair,\n };\n }\n finally {\n sessionDatabase.close();\n }\n};\n/**\n * Request an dpop-bound access token from a token endpoint using a refresh token\n * @param authorization_code\n * @param pkce_code_verifier\n * @param redirect_uri\n * @param client_id\n * @param token_endpoint\n * @param key_pair\n * @returns\n */\nconst requestFreshTokens = async (refresh_token, client_id, token_endpoint, key_pair) => {\n // prepare public key to bind access token to\n const jwk_public_key = await exportJWK(key_pair.publicKey);\n jwk_public_key.alg = \"ES256\";\n // sign the access token request DPoP token\n const dpop = await new SignJWT({\n htu: token_endpoint,\n htm: \"POST\",\n })\n .setIssuedAt()\n .setJti(self.crypto.randomUUID())\n .setProtectedHeader({\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: jwk_public_key,\n })\n .sign(key_pair.privateKey);\n return fetch(token_endpoint, {\n method: \"POST\",\n headers: {\n dpop,\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n refresh_token,\n client_id\n }),\n });\n};\n\nvar SessionEvents;\n(function (SessionEvents) {\n SessionEvents[\"STATE_CHANGE\"] = \"sessionStateChange\";\n SessionEvents[\"EXPIRATION_WARNING\"] = \"sessionExpirationWarning\";\n SessionEvents[\"EXPIRATION\"] = \"sessionExpiration\";\n})(SessionEvents || (SessionEvents = {}));\n//\n//\n// Basic implementation\n//\n//\n/**\n * The SessionCore class manages session state and core logic but does not handle the refresh lifecycle.\n * It receives {@link SessionOptions} with a database to be able to restore a session.\n * That database can be re-used by (your!) surrounding implementation to handle the refresh lifecycle.\n * If no database was provided, refresh information cannot be stored, and thus token refresh (via the refresh token grant) is not possible in this case.\n *\n * If you are building a web app, use the Session implementation provided in the default `/web` version of this library.\n */\nclass SessionCore extends EventTarget {\n isActive_ = false;\n exp_;\n webId_ = undefined;\n currentAth_ = undefined;\n information;\n database;\n refreshPromise;\n resolveRefresh;\n rejectRefresh;\n constructor(clientDetails, sessionOptions) {\n super();\n this.authFetch = this.authFetch.bind(this);\n this.information = { clientDetails };\n this.database = sessionOptions?.database;\n if (sessionOptions?.onSessionStateChange)\n this.addEventListener(SessionEvents.STATE_CHANGE, (event) => sessionOptions.onSessionStateChange?.(event));\n if (sessionOptions?.onSessionExpirationWarning)\n this.addEventListener(SessionEvents.EXPIRATION_WARNING, (event) => sessionOptions?.onSessionExpirationWarning?.(event));\n if (sessionOptions?.onSessionExpiration)\n this.addEventListener(SessionEvents.EXPIRATION, (event) => sessionOptions?.onSessionExpiration?.(event));\n }\n async login(idp, redirect_uri) {\n await redirectForLogin(idp, redirect_uri, this.information.clientDetails);\n }\n /**\n * Handles the redirect from the identity provider after a login attempt.\n * It attempts to retrieve tokens using the authorization code.\n * Upon success, it tries to persist information to refresh tokens in the session database.\n * If no database was provided, no information is persisted.\n */\n async handleRedirectFromLogin() {\n // Redirect after Authorization Code Grant // memory via sessionStorage\n const newSessionInfo = await onIncomingRedirect(this.information.clientDetails, this.database);\n // no session - we remain unauthenticated\n if (!newSessionInfo.tokenDetails)\n return;\n // we got a session\n this.information.clientDetails = newSessionInfo.clientDetails;\n this.information.idpDetails = newSessionInfo.idpDetails;\n await this.setTokenDetails(newSessionInfo.tokenDetails);\n // callback state change \n this.dispatchStateChangeEvent(); // we logged in\n }\n /**\n * Handles session restoration using the refresh token grant.\n */\n async restore() {\n if (!this.database) {\n throw new Error(\"Could not refresh tokens: missing database. Provide database in sessionOption.\");\n }\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n this.refreshPromise = new Promise((resolve, reject) => {\n this.resolveRefresh = resolve;\n this.rejectRefresh = reject;\n });\n // Restore session using Refresh Token Grant \n const wasActive = this.isActive;\n renewTokens(this.database)\n .then(tokenDetails => this.setTokenDetails(tokenDetails))\n .then(() => this.resolveRefresh())\n .catch(error => {\n if (this.isActive) {\n this.rejectRefresh(new Error(error || 'Token refresh failed'));\n // do not change state (yet), let the app decide if they want to logout or if they just want to retry.\n if (!this.isExpired()) {\n this.dispatchExpirationWarningEvent();\n }\n else {\n this.dispatchExpirationEvent();\n }\n }\n else {\n this.rejectRefresh(new Error(\"No session to restore.\"));\n }\n }).finally(() => {\n this.clearRefreshPromise();\n if (wasActive !== this.isActive)\n this.dispatchStateChangeEvent();\n });\n return this.refreshPromise;\n }\n /**\n * This logs the user out.\n * Clears all session-related information, including IDP details and tokens.\n * Client ID is preserved if it is a URI.\n */\n async logout() {\n // clean session data\n this.isActive_ = false;\n this.exp_ = undefined;\n this.webId_ = undefined;\n this.currentAth_ = undefined;\n this.information.idpDetails = undefined;\n this.information.tokenDetails = undefined;\n // client details are preserved\n if (this.refreshPromise && this.rejectRefresh) {\n this.rejectRefresh(new Error('Logout during token refresh.'));\n this.clearRefreshPromise();\n }\n // clean session database\n if (this.database) {\n await this.database.init();\n await this.database.clear();\n this.database.close();\n }\n // callback state change\n this.dispatchStateChangeEvent(); // we logged out\n }\n /**\n * Makes an HTTP fetch request.\n * If a session is active, it includes the DPoP token and the access token in the `Authorization` header.\n *\n * @param input The URL or Request object to fetch.\n * @param init Optional fetch request options (RequestInit). Headers for `Authorization` and `DPoP` will be overwritten if a session is active.\n * @param dpopPayload Optional payload for the DPoP token. If provided, it overrides the default `htu` and `htm` claims.\n * @returns A promise that resolves to the fetch Response.\n */\n async authFetch(input, init, dpopPayload) {\n // if there is not session established, just delegate to the default fetch\n if (!this.isActive) {\n return fetch(input, init);\n }\n // TODO\n // TODO do HEAD request to check if authentication is actually required, only then include tokens\n // TODO\n // prepare authenticated call using a DPoP token (either provided payload, or default)\n let url;\n let method;\n let headers;\n // wrangle fetch input parameters into place\n if (input instanceof Request) {\n url = new URL(input.url);\n method = init?.method || input?.method || 'GET';\n headers = new Headers(input.headers);\n }\n else {\n init = init || {};\n url = new URL(input.toString());\n method = init.method || 'GET';\n headers = init.headers ? new Headers(init.headers) : new Headers();\n }\n // create DPoP token, and add tokens to request\n await this._renewTokensIfExpired();\n dpopPayload = dpopPayload ?? {\n htu: `${url.origin}${url.pathname}`,\n htm: method.toUpperCase()\n };\n const dpop = await this._createSignedDPoPToken(dpopPayload);\n // overwrite headers: authorization, dpop\n headers.set(\"dpop\", dpop);\n headers.set(\"authorization\", `DPoP ${this.information.tokenDetails.access_token}`);\n // check explicitly; to avoid unexpected behaviour\n if (input instanceof Request) { // clone the provided request, and override the headers\n return fetch(new Request(input, { ...init, headers }));\n }\n // just override the headers\n return fetch(url, { ...init, headers });\n }\n // \n // Setters\n //\n async setTokenDetails(tokenDetails) {\n this.information.tokenDetails = tokenDetails;\n await this._updateSessionDetailsFromToken(tokenDetails.access_token);\n }\n clearRefreshPromise() {\n this.refreshPromise = undefined;\n this.resolveRefresh = undefined;\n this.rejectRefresh = undefined;\n }\n //\n // Getters\n //\n get isActive() {\n return this.isActive_;\n }\n get webId() {\n return this.webId_;\n }\n isExpired() {\n if (!this.exp_)\n return true;\n return this._isTokenExpired(this.exp_);\n }\n getExpiresIn() {\n if (!this.exp_)\n return -1;\n return this._getTokenTTL(this.exp_);\n }\n getTokenDetails() {\n return this.information.tokenDetails;\n }\n //\n // Helpers\n //\n /**\n * Check if the current token is expired (which may happen during device/browser/tab hibernation),\n * and if expired, restore the session.\n */\n async _renewTokensIfExpired() {\n if (this.isExpired()) {\n if (!this.refreshPromise) {\n await this.restore(); // Initiate and wait\n }\n else {\n await this.refreshPromise; // Wait for already pending\n }\n }\n }\n /**\n * RFC 9449 - Hash of the access token\n */\n async _computeAth(accessToken) {\n // Convert the ASCII string of the token to a Uint8Array\n const encoder = new TextEncoder();\n const data = encoder.encode(accessToken); // ASCII by default\n // Compute SHA-256 hash\n const hashBuffer = await crypto.subtle.digest('SHA-256', data);\n // Convert ArrayBuffer to base64url string\n const hashArray = Array.from(new Uint8Array(hashBuffer));\n const base64 = btoa(String.fromCharCode(...hashArray));\n // Convert base64 to base64url\n const base64url = base64\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '');\n return base64url;\n }\n /**\n * Creates a signed DPoP (Demonstration of Proof-of-Possession) token.\n *\n * @param payload The payload to include in the DPoP token. By default, it includes `htu` (HTTP target URI) and `htm` (HTTP method).\n * @returns A promise that resolves to the signed DPoP token string.\n * @throws Error if the session has not been initialized - if no token details are available.\n */\n async _createSignedDPoPToken(payload) {\n if (!this.information.tokenDetails || !this.currentAth_) {\n throw new Error(\"Session not established.\");\n }\n payload.ath = this.currentAth_;\n const jwk_public_key = await exportJWK(this.information.tokenDetails.dpop_key_pair.publicKey);\n return new SignJWT(payload)\n .setIssuedAt()\n .setJti(window.crypto.randomUUID())\n .setProtectedHeader({\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: jwk_public_key,\n })\n .sign(this.information.tokenDetails.dpop_key_pair.privateKey);\n }\n async _updateSessionDetailsFromToken(access_token) {\n if (!access_token) {\n await this.logout();\n return;\n }\n try {\n const decodedToken = decodeJwt(access_token);\n const webId = decodedToken.webid;\n if (!webId) {\n throw new Error('Missing webid claim in access token');\n }\n const exp = decodedToken.exp;\n if (!exp) {\n throw new Error('Missing exp claim in access token');\n }\n this.currentAth_ = await this._computeAth(access_token); // must be done before session set to active\n this.webId_ = webId;\n this.exp_ = exp;\n this.isActive_ = true;\n }\n catch (error) {\n await this.logout();\n }\n }\n /**\n * Checks if a JWT expiration timestamp ('exp') has passed.\n */\n _isTokenExpired(exp, bufferSeconds = 0) {\n if (typeof exp !== 'number' || isNaN(exp)) {\n return true;\n }\n return this._getTokenTTL(exp, bufferSeconds) < 0;\n }\n _getTokenTTL(exp, bufferSeconds = 0) {\n const currentTimeSeconds = Math.floor(Date.now() / 1000);\n return exp - (currentTimeSeconds + bufferSeconds);\n }\n // \n // Events\n //\n dispatchStateChangeEvent() {\n this.dispatchEvent(new CustomEvent(SessionEvents.STATE_CHANGE, { detail: { isActive: this.isActive, webId: this.webId } }));\n }\n dispatchExpirationWarningEvent() {\n this.dispatchEvent(new CustomEvent(SessionEvents.EXPIRATION_WARNING, { detail: { expires_in: this.getExpiresIn() } }));\n }\n dispatchExpirationEvent() {\n this.dispatchEvent(new CustomEvent(SessionEvents.EXPIRATION));\n }\n}\n\n// extracting this from Session.ts such that the jest tests would compile :)\nconst getWorkerUrl = () => new URL('./RefreshWorker.js', import.meta.url);\n\nvar RefreshMessageTypes;\n(function (RefreshMessageTypes) {\n RefreshMessageTypes[\"SCHEDULE\"] = \"SCHEDULE\";\n RefreshMessageTypes[\"REFRESH\"] = \"REFRESH\";\n RefreshMessageTypes[\"STOP\"] = \"STOP\";\n RefreshMessageTypes[\"DISCONNECT\"] = \"DISCONNECT\";\n RefreshMessageTypes[\"TOKEN_DETAILS\"] = \"TOKEN_DETAILS\";\n RefreshMessageTypes[\"ERROR_ON_REFRESH\"] = \"ERROR_ON_REFRESH\";\n RefreshMessageTypes[\"EXPIRED\"] = \"EXPIRED\";\n})(RefreshMessageTypes || (RefreshMessageTypes = {}));\n\n/**\n * A simple IndexedDB wrapper.\n */\nclass SessionIDB {\n dbName;\n storeName;\n dbVersion;\n db = null;\n /**\n * Creates a new instance\n * @param dbName The name of the IndexedDB database\n * @param storeName The name of the object store\n * @param dbVersion The database version\n */\n constructor(dbName = 'soidc', storeName = 'session', dbVersion = 1) {\n this.dbName = dbName;\n this.storeName = storeName;\n this.dbVersion = dbVersion;\n }\n /**\n * Initializes the IndexedDB database\n * @returns Promise that resolves when the database is ready\n */\n async init() {\n return new Promise((resolve, reject) => {\n const request = indexedDB.open(this.dbName, this.dbVersion);\n request.onerror = (event) => {\n reject(new Error(`Database error: ${event.target.error}`));\n };\n request.onsuccess = (event) => {\n this.db = event.target.result;\n resolve(this);\n };\n request.onupgradeneeded = (event) => {\n const db = event.target.result;\n // Check if the object store already exists, if not create it\n if (!db.objectStoreNames.contains(this.storeName)) {\n db.createObjectStore(this.storeName);\n }\n };\n });\n }\n /**\n * Stores any value in the database with the given ID as key\n * @param id The identifier/key for the value\n * @param value The value to store\n */\n async setItem(id, value) {\n if (!this.db) {\n await this.init();\n }\n return new Promise((resolve, reject) => {\n const transaction = this.db.transaction(this.storeName, 'readwrite');\n // Handle transation\n transaction.oncomplete = () => {\n resolve();\n };\n transaction.onerror = (event) => {\n reject(new Error(`Transaction error for setItem(${id},...): ${event.target.error}`));\n };\n transaction.onabort = (event) => {\n reject(new Error(`Transaction aborted for setItem(${id},...): ${event.target.error}`));\n };\n // Perform the request within the transaction\n const store = transaction.objectStore(this.storeName);\n store.put(value, id);\n });\n }\n /**\n * Retrieves a value from the database by ID\n * @param id The identifier/key for the value\n * @returns The stored value or null if not found\n */\n async getItem(id) {\n if (!this.db) {\n await this.init();\n }\n return new Promise((resolve, reject) => {\n const transaction = this.db.transaction(this.storeName, 'readonly');\n // Handle transation\n transaction.onerror = (event) => {\n reject(new Error(`Transaction error for getItem(${id}): ${event.target.error}`));\n };\n transaction.onabort = (event) => {\n reject(new Error(`Transaction aborted for getItem(${id}): ${event.target.error}`));\n };\n // Perform the request within the transaction\n const store = transaction.objectStore(this.storeName);\n const request = store.get(id);\n request.onsuccess = () => {\n resolve(request.result || null);\n };\n });\n }\n /**\n * Removes an item from the database\n * @param id The identifier of the item to remove\n */\n async deleteItem(id) {\n if (!this.db) {\n await this.init();\n }\n return new Promise((resolve, reject) => {\n const transaction = this.db.transaction(this.storeName, 'readwrite');\n // Handle transation\n transaction.oncomplete = () => {\n resolve();\n };\n transaction.onerror = (event) => {\n reject(new Error(`Transaction error for deleteItem(${id}): ${event.target.error}`));\n };\n transaction.onabort = (event) => {\n reject(new Error(`Transaction aborted for deleteItem(${id}): ${event.target.error}`));\n };\n // Perform the request within the transaction\n const store = transaction.objectStore(this.storeName);\n store.delete(id);\n });\n }\n /**\n * Clears all items from the database\n */\n async clear() {\n if (!this.db) {\n await this.init();\n }\n return new Promise((resolve, reject) => {\n const transaction = this.db.transaction(this.storeName, 'readwrite');\n // Handle transation\n transaction.oncomplete = () => {\n resolve();\n };\n transaction.onerror = (event) => {\n reject(new Error(`Transaction error for clear(): ${event.target.error}`));\n };\n transaction.onabort = (event) => {\n reject(new Error(`Transaction aborted for clear(): ${event.target.error}`));\n };\n // Perform the request within the transaction\n const store = transaction.objectStore(this.storeName);\n store.clear();\n });\n }\n /**\n * Closes the database connection\n */\n close() {\n if (this.db) {\n this.db.close();\n this.db = null;\n }\n }\n}\n\n/**\n * This Session provides background token refreshing using a Web Worker.\n */\nclass WebWorkerSession extends SessionCore {\n worker;\n constructor(clientDetails, sessionOptions) {\n const database = new SessionIDB();\n const options = { ...sessionOptions, database };\n super(clientDetails, options);\n // Allow consumer to provide worker URL, or use default\n const workerUrl = sessionOptions?.workerUrl ?? getWorkerUrl();\n this.worker = new SharedWorker(workerUrl, { type: 'module' });\n this.worker.port.onmessage = (event) => {\n this.handleWorkerMessage(event.data).catch(console.error);\n };\n window.addEventListener('beforeunload', () => {\n this.worker.port.postMessage({ type: RefreshMessageTypes.DISCONNECT });\n });\n }\n async handleWorkerMessage(data) {\n const { type, payload, error } = data;\n switch (type) {\n case RefreshMessageTypes.TOKEN_DETAILS:\n const wasActive = this.isActive;\n await this.setTokenDetails(payload.tokenDetails);\n if (wasActive !== this.isActive)\n this.dispatchStateChangeEvent();\n if (this.refreshPromise && this.resolveRefresh) {\n this.resolveRefresh();\n this.clearRefreshPromise();\n }\n break;\n case RefreshMessageTypes.ERROR_ON_REFRESH:\n if (this.isActive)\n this.dispatchExpirationWarningEvent();\n if (this.refreshPromise && this.rejectRefresh) {\n if (this.isActive) {\n this.rejectRefresh(new Error(error || 'Token refresh failed'));\n }\n else {\n this.rejectRefresh(new Error(\"No session to restore\"));\n }\n this.clearRefreshPromise();\n }\n break;\n case RefreshMessageTypes.EXPIRED:\n if (this.isActive) {\n this.dispatchExpirationEvent();\n await this.logout();\n }\n if (this.refreshPromise && this.rejectRefresh) {\n this.rejectRefresh(new Error(error || 'Token refresh failed'));\n this.clearRefreshPromise();\n }\n break;\n }\n }\n ;\n async handleRedirectFromLogin() {\n await super.handleRedirectFromLogin();\n if (this.isActive) { // If login was successful, tell the worker to schedule refreshing\n this.worker.port.postMessage({\n type: RefreshMessageTypes.SCHEDULE,\n payload: { ...this.getTokenDetails(), expires_in: this.getExpiresIn() }\n });\n }\n }\n async restore() {\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n this.refreshPromise = new Promise((resolve, reject) => {\n this.resolveRefresh = resolve;\n this.rejectRefresh = reject;\n });\n this.worker.port.postMessage({ type: RefreshMessageTypes.REFRESH });\n return this.refreshPromise;\n }\n async logout() {\n this.worker.port.postMessage({ type: RefreshMessageTypes.STOP });\n await super.logout();\n }\n}\n\nexport { WebWorkerSession as Session, SessionEvents, SessionIDB };\n//# sourceMappingURL=index.js.map\n","var crypto$1 = crypto;\nconst isCryptoKey = (key) => key instanceof CryptoKey;\n\nconst digest = async (algorithm, data) => {\n const subtleDigest = `SHA-${algorithm.slice(-3)}`;\n return new Uint8Array(await crypto$1.subtle.digest(subtleDigest, data));\n};\nvar digest$1 = digest;\n\nconst encoder = new TextEncoder();\nconst decoder = new TextDecoder();\nfunction concat(...buffers) {\n const size = buffers.reduce((acc, { length }) => acc + length, 0);\n const buf = new Uint8Array(size);\n let i = 0;\n for (const buffer of buffers) {\n buf.set(buffer, i);\n i += buffer.length;\n }\n return buf;\n}\n\nconst encodeBase64 = (input) => {\n let unencoded = input;\n if (typeof unencoded === 'string') {\n unencoded = encoder.encode(unencoded);\n }\n const CHUNK_SIZE = 0x8000;\n const arr = [];\n for (let i = 0; i < unencoded.length; i += CHUNK_SIZE) {\n arr.push(String.fromCharCode.apply(null, unencoded.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(arr.join(''));\n};\nconst encode = (input) => {\n return encodeBase64(input).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\nconst decodeBase64 = (encoded) => {\n const binary = atob(encoded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n};\nconst decode$1 = (input) => {\n let encoded = input;\n if (encoded instanceof Uint8Array) {\n encoded = decoder.decode(encoded);\n }\n encoded = encoded.replace(/-/g, '+').replace(/_/g, '/').replace(/\\s/g, '');\n try {\n return decodeBase64(encoded);\n }\n catch {\n throw new TypeError('The input to be decoded is not correctly encoded.');\n }\n};\n\nclass JOSEError extends Error {\n constructor(message, options) {\n super(message, options);\n this.code = 'ERR_JOSE_GENERIC';\n this.name = this.constructor.name;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nJOSEError.code = 'ERR_JOSE_GENERIC';\nclass JWTClaimValidationFailed extends JOSEError {\n constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {\n super(message, { cause: { claim, reason, payload } });\n this.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\n this.claim = claim;\n this.reason = reason;\n this.payload = payload;\n }\n}\nJWTClaimValidationFailed.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\nclass JWTExpired extends JOSEError {\n constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {\n super(message, { cause: { claim, reason, payload } });\n this.code = 'ERR_JWT_EXPIRED';\n this.claim = claim;\n this.reason = reason;\n this.payload = payload;\n }\n}\nJWTExpired.code = 'ERR_JWT_EXPIRED';\nclass JOSEAlgNotAllowed extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_ALG_NOT_ALLOWED';\n }\n}\nJOSEAlgNotAllowed.code = 'ERR_JOSE_ALG_NOT_ALLOWED';\nclass JOSENotSupported extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_NOT_SUPPORTED';\n }\n}\nJOSENotSupported.code = 'ERR_JOSE_NOT_SUPPORTED';\nclass JWEDecryptionFailed extends JOSEError {\n constructor(message = 'decryption operation failed', options) {\n super(message, options);\n this.code = 'ERR_JWE_DECRYPTION_FAILED';\n }\n}\nJWEDecryptionFailed.code = 'ERR_JWE_DECRYPTION_FAILED';\nclass JWEInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWE_INVALID';\n }\n}\nJWEInvalid.code = 'ERR_JWE_INVALID';\nclass JWSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWS_INVALID';\n }\n}\nJWSInvalid.code = 'ERR_JWS_INVALID';\nclass JWTInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWT_INVALID';\n }\n}\nJWTInvalid.code = 'ERR_JWT_INVALID';\nclass JWKInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWK_INVALID';\n }\n}\nJWKInvalid.code = 'ERR_JWK_INVALID';\nclass JWKSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWKS_INVALID';\n }\n}\nJWKSInvalid.code = 'ERR_JWKS_INVALID';\nclass JWKSNoMatchingKey extends JOSEError {\n constructor(message = 'no applicable key found in the JSON Web Key Set', options) {\n super(message, options);\n this.code = 'ERR_JWKS_NO_MATCHING_KEY';\n }\n}\nJWKSNoMatchingKey.code = 'ERR_JWKS_NO_MATCHING_KEY';\nclass JWKSMultipleMatchingKeys extends JOSEError {\n constructor(message = 'multiple matching keys found in the JSON Web Key Set', options) {\n super(message, options);\n this.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\n }\n}\nJWKSMultipleMatchingKeys.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\nclass JWKSTimeout extends JOSEError {\n constructor(message = 'request timed out', options) {\n super(message, options);\n this.code = 'ERR_JWKS_TIMEOUT';\n }\n}\nJWKSTimeout.code = 'ERR_JWKS_TIMEOUT';\nclass JWSSignatureVerificationFailed extends JOSEError {\n constructor(message = 'signature verification failed', options) {\n super(message, options);\n this.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n }\n}\nJWSSignatureVerificationFailed.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n\nfunction unusable(name, prop = 'algorithm.name') {\n return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);\n}\nfunction isAlgorithm(algorithm, name) {\n return algorithm.name === name;\n}\nfunction getHashLength(hash) {\n return parseInt(hash.name.slice(4), 10);\n}\nfunction getNamedCurve(alg) {\n switch (alg) {\n case 'ES256':\n return 'P-256';\n case 'ES384':\n return 'P-384';\n case 'ES512':\n return 'P-521';\n default:\n throw new Error('unreachable');\n }\n}\nfunction checkUsage(key, usages) {\n if (usages.length && !usages.some((expected) => key.usages.includes(expected))) {\n let msg = 'CryptoKey does not support this operation, its usages must include ';\n if (usages.length > 2) {\n const last = usages.pop();\n msg += `one of ${usages.join(', ')}, or ${last}.`;\n }\n else if (usages.length === 2) {\n msg += `one of ${usages[0]} or ${usages[1]}.`;\n }\n else {\n msg += `${usages[0]}.`;\n }\n throw new TypeError(msg);\n }\n}\nfunction checkSigCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512': {\n if (!isAlgorithm(key.algorithm, 'HMAC'))\n throw unusable('HMAC');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'RS256':\n case 'RS384':\n case 'RS512': {\n if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5'))\n throw unusable('RSASSA-PKCS1-v1_5');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'PS256':\n case 'PS384':\n case 'PS512': {\n if (!isAlgorithm(key.algorithm, 'RSA-PSS'))\n throw unusable('RSA-PSS');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'EdDSA': {\n if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') {\n throw unusable('Ed25519 or Ed448');\n }\n break;\n }\n case 'Ed25519': {\n if (!isAlgorithm(key.algorithm, 'Ed25519'))\n throw unusable('Ed25519');\n break;\n }\n case 'ES256':\n case 'ES384':\n case 'ES512': {\n if (!isAlgorithm(key.algorithm, 'ECDSA'))\n throw unusable('ECDSA');\n const expected = getNamedCurve(alg);\n const actual = key.algorithm.namedCurve;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.namedCurve');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\n\nfunction message(msg, actual, ...types) {\n types = types.filter(Boolean);\n if (types.length > 2) {\n const last = types.pop();\n msg += `one of type ${types.join(', ')}, or ${last}.`;\n }\n else if (types.length === 2) {\n msg += `one of type ${types[0]} or ${types[1]}.`;\n }\n else {\n msg += `of type ${types[0]}.`;\n }\n if (actual == null) {\n msg += ` Received ${actual}`;\n }\n else if (typeof actual === 'function' && actual.name) {\n msg += ` Received function ${actual.name}`;\n }\n else if (typeof actual === 'object' && actual != null) {\n if (actual.constructor?.name) {\n msg += ` Received an instance of ${actual.constructor.name}`;\n }\n }\n return msg;\n}\nvar invalidKeyInput = (actual, ...types) => {\n return message('Key must be ', actual, ...types);\n};\nfunction withAlg(alg, actual, ...types) {\n return message(`Key for the ${alg} algorithm must be `, actual, ...types);\n}\n\nvar isKeyLike = (key) => {\n if (isCryptoKey(key)) {\n return true;\n }\n return key?.[Symbol.toStringTag] === 'KeyObject';\n};\nconst types = ['CryptoKey'];\n\nconst isDisjoint = (...headers) => {\n const sources = headers.filter(Boolean);\n if (sources.length === 0 || sources.length === 1) {\n return true;\n }\n let acc;\n for (const header of sources) {\n const parameters = Object.keys(header);\n if (!acc || acc.size === 0) {\n acc = new Set(parameters);\n continue;\n }\n for (const parameter of parameters) {\n if (acc.has(parameter)) {\n return false;\n }\n acc.add(parameter);\n }\n }\n return true;\n};\nvar isDisjoint$1 = isDisjoint;\n\nfunction isObjectLike(value) {\n return typeof value === 'object' && value !== null;\n}\nfunction isObject(input) {\n if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') {\n return false;\n }\n if (Object.getPrototypeOf(input) === null) {\n return true;\n }\n let proto = input;\n while (Object.getPrototypeOf(proto) !== null) {\n proto = Object.getPrototypeOf(proto);\n }\n return Object.getPrototypeOf(input) === proto;\n}\n\nvar checkKeyLength = (alg, key) => {\n if (alg.startsWith('RS') || alg.startsWith('PS')) {\n const { modulusLength } = key.algorithm;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);\n }\n }\n};\n\nfunction isJWK(key) {\n return isObject(key) && typeof key.kty === 'string';\n}\nfunction isPrivateJWK(key) {\n return key.kty !== 'oct' && typeof key.d === 'string';\n}\nfunction isPublicJWK(key) {\n return key.kty !== 'oct' && typeof key.d === 'undefined';\n}\nfunction isSecretJWK(key) {\n return isJWK(key) && key.kty === 'oct' && typeof key.k === 'string';\n}\n\nfunction subtleMapping(jwk) {\n let algorithm;\n let keyUsages;\n switch (jwk.kty) {\n case 'RSA': {\n switch (jwk.alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(jwk.alg.slice(-3), 10) || 1}`,\n };\n keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'EC': {\n switch (jwk.alg) {\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: 'ECDH', namedCurve: jwk.crv };\n keyUsages = jwk.d ? ['deriveBits'] : [];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'OKP': {\n switch (jwk.alg) {\n case 'Ed25519':\n algorithm = { name: 'Ed25519' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'EdDSA':\n algorithm = { name: jwk.crv };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: jwk.crv };\n keyUsages = jwk.d ? ['deriveBits'] : [];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"kty\" (Key Type) Parameter value');\n }\n return { algorithm, keyUsages };\n}\nconst parse = async (jwk) => {\n if (!jwk.alg) {\n throw new TypeError('\"alg\" argument is required when \"jwk.alg\" is not present');\n }\n const { algorithm, keyUsages } = subtleMapping(jwk);\n const rest = [\n algorithm,\n jwk.ext ?? false,\n jwk.key_ops ?? keyUsages,\n ];\n const keyData = { ...jwk };\n delete keyData.alg;\n delete keyData.use;\n return crypto$1.subtle.importKey('jwk', keyData, ...rest);\n};\nvar asKeyObject = parse;\n\nconst exportKeyValue = (k) => decode$1(k);\nlet privCache;\nlet pubCache;\nconst isKeyObject = (key) => {\n return key?.[Symbol.toStringTag] === 'KeyObject';\n};\nconst importAndCache = async (cache, key, jwk, alg, freeze = false) => {\n let cached = cache.get(key);\n if (cached?.[alg]) {\n return cached[alg];\n }\n const cryptoKey = await asKeyObject({ ...jwk, alg });\n if (freeze)\n Object.freeze(key);\n if (!cached) {\n cache.set(key, { [alg]: cryptoKey });\n }\n else {\n cached[alg] = cryptoKey;\n }\n return cryptoKey;\n};\nconst normalizePublicKey = (key, alg) => {\n if (isKeyObject(key)) {\n let jwk = key.export({ format: 'jwk' });\n delete jwk.d;\n delete jwk.dp;\n delete jwk.dq;\n delete jwk.p;\n delete jwk.q;\n delete jwk.qi;\n if (jwk.k) {\n return exportKeyValue(jwk.k);\n }\n pubCache || (pubCache = new WeakMap());\n return importAndCache(pubCache, key, jwk, alg);\n }\n if (isJWK(key)) {\n if (key.k)\n return decode$1(key.k);\n pubCache || (pubCache = new WeakMap());\n const cryptoKey = importAndCache(pubCache, key, key, alg, true);\n return cryptoKey;\n }\n return key;\n};\nconst normalizePrivateKey = (key, alg) => {\n if (isKeyObject(key)) {\n let jwk = key.export({ format: 'jwk' });\n if (jwk.k) {\n return exportKeyValue(jwk.k);\n }\n privCache || (privCache = new WeakMap());\n return importAndCache(privCache, key, jwk, alg);\n }\n if (isJWK(key)) {\n if (key.k)\n return decode$1(key.k);\n privCache || (privCache = new WeakMap());\n const cryptoKey = importAndCache(privCache, key, key, alg, true);\n return cryptoKey;\n }\n return key;\n};\nvar normalize = { normalizePublicKey, normalizePrivateKey };\n\nasync function importJWK(jwk, alg) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n alg || (alg = jwk.alg);\n switch (jwk.kty) {\n case 'oct':\n if (typeof jwk.k !== 'string' || !jwk.k) {\n throw new TypeError('missing \"k\" (Key Value) Parameter value');\n }\n return decode$1(jwk.k);\n case 'RSA':\n if ('oth' in jwk && jwk.oth !== undefined) {\n throw new JOSENotSupported('RSA JWK \"oth\" (Other Primes Info) Parameter value is not supported');\n }\n case 'EC':\n case 'OKP':\n return asKeyObject({ ...jwk, alg });\n default:\n throw new JOSENotSupported('Unsupported \"kty\" (Key Type) Parameter value');\n }\n}\n\nconst tag = (key) => key?.[Symbol.toStringTag];\nconst jwkMatchesOp = (alg, key, usage) => {\n if (key.use !== undefined && key.use !== 'sig') {\n throw new TypeError('Invalid key for this operation, when present its use must be sig');\n }\n if (key.key_ops !== undefined && key.key_ops.includes?.(usage) !== true) {\n throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${usage}`);\n }\n if (key.alg !== undefined && key.alg !== alg) {\n throw new TypeError(`Invalid key for this operation, when present its alg must be ${alg}`);\n }\n return true;\n};\nconst symmetricTypeCheck = (alg, key, usage, allowJwk) => {\n if (key instanceof Uint8Array)\n return;\n if (allowJwk && isJWK(key)) {\n if (isSecretJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for symmetric algorithms must have JWK \"kty\" (Key Type) equal to \"oct\" and the JWK \"k\" (Key Value) present`);\n }\n if (!isKeyLike(key)) {\n throw new TypeError(withAlg(alg, key, ...types, 'Uint8Array', allowJwk ? 'JSON Web Key' : null));\n }\n if (key.type !== 'secret') {\n throw new TypeError(`${tag(key)} instances for symmetric algorithms must be of type \"secret\"`);\n }\n};\nconst asymmetricTypeCheck = (alg, key, usage, allowJwk) => {\n if (allowJwk && isJWK(key)) {\n switch (usage) {\n case 'sign':\n if (isPrivateJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for this operation be a private JWK`);\n case 'verify':\n if (isPublicJWK(key) && jwkMatchesOp(alg, key, usage))\n return;\n throw new TypeError(`JSON Web Key for this operation be a public JWK`);\n }\n }\n if (!isKeyLike(key)) {\n throw new TypeError(withAlg(alg, key, ...types, allowJwk ? 'JSON Web Key' : null));\n }\n if (key.type === 'secret') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithms must not be of type \"secret\"`);\n }\n if (usage === 'sign' && key.type === 'public') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm signing must be of type \"private\"`);\n }\n if (usage === 'decrypt' && key.type === 'public') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm decryption must be of type \"private\"`);\n }\n if (key.algorithm && usage === 'verify' && key.type === 'private') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm verifying must be of type \"public\"`);\n }\n if (key.algorithm && usage === 'encrypt' && key.type === 'private') {\n throw new TypeError(`${tag(key)} instances for asymmetric algorithm encryption must be of type \"public\"`);\n }\n};\nfunction checkKeyType(allowJwk, alg, key, usage) {\n const symmetric = alg.startsWith('HS') ||\n alg === 'dir' ||\n alg.startsWith('PBES2') ||\n /^A\\d{3}(?:GCM)?KW$/.test(alg);\n if (symmetric) {\n symmetricTypeCheck(alg, key, usage, allowJwk);\n }\n else {\n asymmetricTypeCheck(alg, key, usage, allowJwk);\n }\n}\ncheckKeyType.bind(undefined, false);\nconst checkKeyTypeWithJwk = checkKeyType.bind(undefined, true);\n\nfunction validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {\n if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be integrity protected');\n }\n if (!protectedHeader || protectedHeader.crit === undefined) {\n return new Set();\n }\n if (!Array.isArray(protectedHeader.crit) ||\n protectedHeader.crit.length === 0 ||\n protectedHeader.crit.some((input) => typeof input !== 'string' || input.length === 0)) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present');\n }\n let recognized;\n if (recognizedOption !== undefined) {\n recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);\n }\n else {\n recognized = recognizedDefault;\n }\n for (const parameter of protectedHeader.crit) {\n if (!recognized.has(parameter)) {\n throw new JOSENotSupported(`Extension Header Parameter \"${parameter}\" is not recognized`);\n }\n if (joseHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" is missing`);\n }\n if (recognized.get(parameter) && protectedHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" MUST be integrity protected`);\n }\n }\n return new Set(protectedHeader.crit);\n}\n\nconst validateAlgorithms = (option, algorithms) => {\n if (algorithms !== undefined &&\n (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== 'string'))) {\n throw new TypeError(`\"${option}\" option must be an array of strings`);\n }\n if (!algorithms) {\n return undefined;\n }\n return new Set(algorithms);\n};\nvar validateAlgorithms$1 = validateAlgorithms;\n\nconst keyToJWK = async (key) => {\n if (key instanceof Uint8Array) {\n return {\n kty: 'oct',\n k: encode(key),\n };\n }\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n }\n if (!key.extractable) {\n throw new TypeError('non-extractable CryptoKey cannot be exported as a JWK');\n }\n const { ext, key_ops, alg, use, ...jwk } = await crypto$1.subtle.exportKey('jwk', key);\n return jwk;\n};\nvar keyToJWK$1 = keyToJWK;\n\nasync function exportJWK(key) {\n return keyToJWK$1(key);\n}\n\nfunction subtleDsa(alg, algorithm) {\n const hash = `SHA-${alg.slice(-3)}`;\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n return { hash, name: 'HMAC' };\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return { hash, name: 'RSA-PSS', saltLength: alg.slice(-3) >> 3 };\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return { hash, name: 'RSASSA-PKCS1-v1_5' };\n case 'ES256':\n case 'ES384':\n case 'ES512':\n return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve };\n case 'Ed25519':\n return { name: 'Ed25519' };\n case 'EdDSA':\n return { name: algorithm.name };\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n\nasync function getCryptoKey(alg, key, usage) {\n if (usage === 'sign') {\n key = await normalize.normalizePrivateKey(key, alg);\n }\n if (usage === 'verify') {\n key = await normalize.normalizePublicKey(key, alg);\n }\n if (isCryptoKey(key)) {\n checkSigCryptoKey(key, alg, usage);\n return key;\n }\n if (key instanceof Uint8Array) {\n if (!alg.startsWith('HS')) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n return crypto$1.subtle.importKey('raw', key, { hash: `SHA-${alg.slice(-3)}`, name: 'HMAC' }, false, [usage]);\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array', 'JSON Web Key'));\n}\n\nconst verify = async (alg, key, signature, data) => {\n const cryptoKey = await getCryptoKey(alg, key, 'verify');\n checkKeyLength(alg, cryptoKey);\n const algorithm = subtleDsa(alg, cryptoKey.algorithm);\n try {\n return await crypto$1.subtle.verify(algorithm, cryptoKey, signature, data);\n }\n catch {\n return false;\n }\n};\nvar verify$1 = verify;\n\nasync function flattenedVerify(jws, key, options) {\n if (!isObject(jws)) {\n throw new JWSInvalid('Flattened JWS must be an object');\n }\n if (jws.protected === undefined && jws.header === undefined) {\n throw new JWSInvalid('Flattened JWS must have either of the \"protected\" or \"header\" members');\n }\n if (jws.protected !== undefined && typeof jws.protected !== 'string') {\n throw new JWSInvalid('JWS Protected Header incorrect type');\n }\n if (jws.payload === undefined) {\n throw new JWSInvalid('JWS Payload missing');\n }\n if (typeof jws.signature !== 'string') {\n throw new JWSInvalid('JWS Signature missing or incorrect type');\n }\n if (jws.header !== undefined && !isObject(jws.header)) {\n throw new JWSInvalid('JWS Unprotected Header incorrect type');\n }\n let parsedProt = {};\n if (jws.protected) {\n try {\n const protectedHeader = decode$1(jws.protected);\n parsedProt = JSON.parse(decoder.decode(protectedHeader));\n }\n catch {\n throw new JWSInvalid('JWS Protected Header is invalid');\n }\n }\n if (!isDisjoint$1(parsedProt, jws.header)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...parsedProt,\n ...jws.header,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, parsedProt, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = parsedProt.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n const algorithms = options && validateAlgorithms$1('algorithms', options.algorithms);\n if (algorithms && !algorithms.has(alg)) {\n throw new JOSEAlgNotAllowed('\"alg\" (Algorithm) Header Parameter value not allowed');\n }\n if (b64) {\n if (typeof jws.payload !== 'string') {\n throw new JWSInvalid('JWS Payload must be a string');\n }\n }\n else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) {\n throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance');\n }\n let resolvedKey = false;\n if (typeof key === 'function') {\n key = await key(parsedProt, jws);\n resolvedKey = true;\n checkKeyTypeWithJwk(alg, key, 'verify');\n if (isJWK(key)) {\n key = await importJWK(key, alg);\n }\n }\n else {\n checkKeyTypeWithJwk(alg, key, 'verify');\n }\n const data = concat(encoder.encode(jws.protected ?? ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);\n let signature;\n try {\n signature = decode$1(jws.signature);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the signature');\n }\n const verified = await verify$1(alg, key, signature, data);\n if (!verified) {\n throw new JWSSignatureVerificationFailed();\n }\n let payload;\n if (b64) {\n try {\n payload = decode$1(jws.payload);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the payload');\n }\n }\n else if (typeof jws.payload === 'string') {\n payload = encoder.encode(jws.payload);\n }\n else {\n payload = jws.payload;\n }\n const result = { payload };\n if (jws.protected !== undefined) {\n result.protectedHeader = parsedProt;\n }\n if (jws.header !== undefined) {\n result.unprotectedHeader = jws.header;\n }\n if (resolvedKey) {\n return { ...result, key };\n }\n return result;\n}\n\nasync function compactVerify(jws, key, options) {\n if (jws instanceof Uint8Array) {\n jws = decoder.decode(jws);\n }\n if (typeof jws !== 'string') {\n throw new JWSInvalid('Compact JWS must be a string or Uint8Array');\n }\n const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split('.');\n if (length !== 3) {\n throw new JWSInvalid('Invalid Compact JWS');\n }\n const verified = await flattenedVerify({ payload, protected: protectedHeader, signature }, key, options);\n const result = { payload: verified.payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n\nvar epoch = (date) => Math.floor(date.getTime() / 1000);\n\nconst minute = 60;\nconst hour = minute * 60;\nconst day = hour * 24;\nconst week = day * 7;\nconst year = day * 365.25;\nconst REGEX = /^(\\+|\\-)? ?(\\d+|\\d+\\.\\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;\nvar secs = (str) => {\n const matched = REGEX.exec(str);\n if (!matched || (matched[4] && matched[1])) {\n throw new TypeError('Invalid time period format');\n }\n const value = parseFloat(matched[2]);\n const unit = matched[3].toLowerCase();\n let numericDate;\n switch (unit) {\n case 'sec':\n case 'secs':\n case 'second':\n case 'seconds':\n case 's':\n numericDate = Math.round(value);\n break;\n case 'minute':\n case 'minutes':\n case 'min':\n case 'mins':\n case 'm':\n numericDate = Math.round(value * minute);\n break;\n case 'hour':\n case 'hours':\n case 'hr':\n case 'hrs':\n case 'h':\n numericDate = Math.round(value * hour);\n break;\n case 'day':\n case 'days':\n case 'd':\n numericDate = Math.round(value * day);\n break;\n case 'week':\n case 'weeks':\n case 'w':\n numericDate = Math.round(value * week);\n break;\n default:\n numericDate = Math.round(value * year);\n break;\n }\n if (matched[1] === '-' || matched[4] === 'ago') {\n return -numericDate;\n }\n return numericDate;\n};\n\nconst normalizeTyp = (value) => value.toLowerCase().replace(/^application\\//, '');\nconst checkAudiencePresence = (audPayload, audOption) => {\n if (typeof audPayload === 'string') {\n return audOption.includes(audPayload);\n }\n if (Array.isArray(audPayload)) {\n return audOption.some(Set.prototype.has.bind(new Set(audPayload)));\n }\n return false;\n};\nvar jwtPayload = (protectedHeader, encodedPayload, options = {}) => {\n let payload;\n try {\n payload = JSON.parse(decoder.decode(encodedPayload));\n }\n catch {\n }\n if (!isObject(payload)) {\n throw new JWTInvalid('JWT Claims Set must be a top-level JSON object');\n }\n const { typ } = options;\n if (typ &&\n (typeof protectedHeader.typ !== 'string' ||\n normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {\n throw new JWTClaimValidationFailed('unexpected \"typ\" JWT header value', payload, 'typ', 'check_failed');\n }\n const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;\n const presenceCheck = [...requiredClaims];\n if (maxTokenAge !== undefined)\n presenceCheck.push('iat');\n if (audience !== undefined)\n presenceCheck.push('aud');\n if (subject !== undefined)\n presenceCheck.push('sub');\n if (issuer !== undefined)\n presenceCheck.push('iss');\n for (const claim of new Set(presenceCheck.reverse())) {\n if (!(claim in payload)) {\n throw new JWTClaimValidationFailed(`missing required \"${claim}\" claim`, payload, claim, 'missing');\n }\n }\n if (issuer &&\n !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {\n throw new JWTClaimValidationFailed('unexpected \"iss\" claim value', payload, 'iss', 'check_failed');\n }\n if (subject && payload.sub !== subject) {\n throw new JWTClaimValidationFailed('unexpected \"sub\" claim value', payload, 'sub', 'check_failed');\n }\n if (audience &&\n !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {\n throw new JWTClaimValidationFailed('unexpected \"aud\" claim value', payload, 'aud', 'check_failed');\n }\n let tolerance;\n switch (typeof options.clockTolerance) {\n case 'string':\n tolerance = secs(options.clockTolerance);\n break;\n case 'number':\n tolerance = options.clockTolerance;\n break;\n case 'undefined':\n tolerance = 0;\n break;\n default:\n throw new TypeError('Invalid clockTolerance option type');\n }\n const { currentDate } = options;\n const now = epoch(currentDate || new Date());\n if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') {\n throw new JWTClaimValidationFailed('\"iat\" claim must be a number', payload, 'iat', 'invalid');\n }\n if (payload.nbf !== undefined) {\n if (typeof payload.nbf !== 'number') {\n throw new JWTClaimValidationFailed('\"nbf\" claim must be a number', payload, 'nbf', 'invalid');\n }\n if (payload.nbf > now + tolerance) {\n throw new JWTClaimValidationFailed('\"nbf\" claim timestamp check failed', payload, 'nbf', 'check_failed');\n }\n }\n if (payload.exp !== undefined) {\n if (typeof payload.exp !== 'number') {\n throw new JWTClaimValidationFailed('\"exp\" claim must be a number', payload, 'exp', 'invalid');\n }\n if (payload.exp <= now - tolerance) {\n throw new JWTExpired('\"exp\" claim timestamp check failed', payload, 'exp', 'check_failed');\n }\n }\n if (maxTokenAge) {\n const age = now - payload.iat;\n const max = typeof maxTokenAge === 'number' ? maxTokenAge : secs(maxTokenAge);\n if (age - tolerance > max) {\n throw new JWTExpired('\"iat\" claim timestamp check failed (too far in the past)', payload, 'iat', 'check_failed');\n }\n if (age < 0 - tolerance) {\n throw new JWTClaimValidationFailed('\"iat\" claim timestamp check failed (it should be in the past)', payload, 'iat', 'check_failed');\n }\n }\n return payload;\n};\n\nasync function jwtVerify(jwt, key, options) {\n const verified = await compactVerify(jwt, key, options);\n if (verified.protectedHeader.crit?.includes('b64') && verified.protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n const payload = jwtPayload(verified.protectedHeader, verified.payload, options);\n const result = { payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n\nconst sign = async (alg, key, data) => {\n const cryptoKey = await getCryptoKey(alg, key, 'sign');\n checkKeyLength(alg, cryptoKey);\n const signature = await crypto$1.subtle.sign(subtleDsa(alg, cryptoKey.algorithm), cryptoKey, data);\n return new Uint8Array(signature);\n};\nvar sign$1 = sign;\n\nclass FlattenedSign {\n constructor(payload) {\n if (!(payload instanceof Uint8Array)) {\n throw new TypeError('payload must be an instance of Uint8Array');\n }\n this._payload = payload;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = unprotectedHeader;\n return this;\n }\n async sign(key, options) {\n if (!this._protectedHeader && !this._unprotectedHeader) {\n throw new JWSInvalid('either setProtectedHeader or setUnprotectedHeader must be called before #sign()');\n }\n if (!isDisjoint$1(this._protectedHeader, this._unprotectedHeader)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, this._protectedHeader, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = this._protectedHeader.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n checkKeyTypeWithJwk(alg, key, 'sign');\n let payload = this._payload;\n if (b64) {\n payload = encoder.encode(encode(payload));\n }\n let protectedHeader;\n if (this._protectedHeader) {\n protectedHeader = encoder.encode(encode(JSON.stringify(this._protectedHeader)));\n }\n else {\n protectedHeader = encoder.encode('');\n }\n const data = concat(protectedHeader, encoder.encode('.'), payload);\n const signature = await sign$1(alg, key, data);\n const jws = {\n signature: encode(signature),\n payload: '',\n };\n if (b64) {\n jws.payload = decoder.decode(payload);\n }\n if (this._unprotectedHeader) {\n jws.header = this._unprotectedHeader;\n }\n if (this._protectedHeader) {\n jws.protected = decoder.decode(protectedHeader);\n }\n return jws;\n }\n}\n\nclass CompactSign {\n constructor(payload) {\n this._flattened = new FlattenedSign(payload);\n }\n setProtectedHeader(protectedHeader) {\n this._flattened.setProtectedHeader(protectedHeader);\n return this;\n }\n async sign(key, options) {\n const jws = await this._flattened.sign(key, options);\n if (jws.payload === undefined) {\n throw new TypeError('use the flattened module for creating JWS with b64: false');\n }\n return `${jws.protected}.${jws.payload}.${jws.signature}`;\n }\n}\n\nfunction validateInput(label, input) {\n if (!Number.isFinite(input)) {\n throw new TypeError(`Invalid ${label} input`);\n }\n return input;\n}\nclass ProduceJWT {\n constructor(payload = {}) {\n if (!isObject(payload)) {\n throw new TypeError('JWT Claims Set MUST be an object');\n }\n this._payload = payload;\n }\n setIssuer(issuer) {\n this._payload = { ...this._payload, iss: issuer };\n return this;\n }\n setSubject(subject) {\n this._payload = { ...this._payload, sub: subject };\n return this;\n }\n setAudience(audience) {\n this._payload = { ...this._payload, aud: audience };\n return this;\n }\n setJti(jwtId) {\n this._payload = { ...this._payload, jti: jwtId };\n return this;\n }\n setNotBefore(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, nbf: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setExpirationTime(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, exp: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setIssuedAt(input) {\n if (typeof input === 'undefined') {\n this._payload = { ...this._payload, iat: epoch(new Date()) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', epoch(input)) };\n }\n else if (typeof input === 'string') {\n this._payload = {\n ...this._payload,\n iat: validateInput('setIssuedAt', epoch(new Date()) + secs(input)),\n };\n }\n else {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', input) };\n }\n return this;\n }\n}\n\nclass SignJWT extends ProduceJWT {\n setProtectedHeader(protectedHeader) {\n this._protectedHeader = protectedHeader;\n return this;\n }\n async sign(key, options) {\n const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));\n sig.setProtectedHeader(this._protectedHeader);\n if (Array.isArray(this._protectedHeader?.crit) &&\n this._protectedHeader.crit.includes('b64') &&\n this._protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n return sig.sign(key, options);\n }\n}\n\nconst check = (value, description) => {\n if (typeof value !== 'string' || !value) {\n throw new JWKInvalid(`${description} missing or invalid`);\n }\n};\nasync function calculateJwkThumbprint(jwk, digestAlgorithm) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n digestAlgorithm ?? (digestAlgorithm = 'sha256');\n if (digestAlgorithm !== 'sha256' &&\n digestAlgorithm !== 'sha384' &&\n digestAlgorithm !== 'sha512') {\n throw new TypeError('digestAlgorithm must one of \"sha256\", \"sha384\", or \"sha512\"');\n }\n let components;\n switch (jwk.kty) {\n case 'EC':\n check(jwk.crv, '\"crv\" (Curve) Parameter');\n check(jwk.x, '\"x\" (X Coordinate) Parameter');\n check(jwk.y, '\"y\" (Y Coordinate) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };\n break;\n case 'OKP':\n check(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter');\n check(jwk.x, '\"x\" (Public Key) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x };\n break;\n case 'RSA':\n check(jwk.e, '\"e\" (Exponent) Parameter');\n check(jwk.n, '\"n\" (Modulus) Parameter');\n components = { e: jwk.e, kty: jwk.kty, n: jwk.n };\n break;\n case 'oct':\n check(jwk.k, '\"k\" (Key Value) Parameter');\n components = { k: jwk.k, kty: jwk.kty };\n break;\n default:\n throw new JOSENotSupported('\"kty\" (Key Type) Parameter missing or unsupported');\n }\n const data = encoder.encode(JSON.stringify(components));\n return encode(await digest$1(digestAlgorithm, data));\n}\n\nfunction getKtyFromAlg(alg) {\n switch (typeof alg === 'string' && alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n return 'RSA';\n case 'ES':\n return 'EC';\n case 'Ed':\n return 'OKP';\n default:\n throw new JOSENotSupported('Unsupported \"alg\" value for a JSON Web Key Set');\n }\n}\nfunction isJWKSLike(jwks) {\n return (jwks &&\n typeof jwks === 'object' &&\n Array.isArray(jwks.keys) &&\n jwks.keys.every(isJWKLike));\n}\nfunction isJWKLike(key) {\n return isObject(key);\n}\nfunction clone(obj) {\n if (typeof structuredClone === 'function') {\n return structuredClone(obj);\n }\n return JSON.parse(JSON.stringify(obj));\n}\nclass LocalJWKSet {\n constructor(jwks) {\n this._cached = new WeakMap();\n if (!isJWKSLike(jwks)) {\n throw new JWKSInvalid('JSON Web Key Set malformed');\n }\n this._jwks = clone(jwks);\n }\n async getKey(protectedHeader, token) {\n const { alg, kid } = { ...protectedHeader, ...token?.header };\n const kty = getKtyFromAlg(alg);\n const candidates = this._jwks.keys.filter((jwk) => {\n let candidate = kty === jwk.kty;\n if (candidate && typeof kid === 'string') {\n candidate = kid === jwk.kid;\n }\n if (candidate && typeof jwk.alg === 'string') {\n candidate = alg === jwk.alg;\n }\n if (candidate && typeof jwk.use === 'string') {\n candidate = jwk.use === 'sig';\n }\n if (candidate && Array.isArray(jwk.key_ops)) {\n candidate = jwk.key_ops.includes('verify');\n }\n if (candidate) {\n switch (alg) {\n case 'ES256':\n candidate = jwk.crv === 'P-256';\n break;\n case 'ES256K':\n candidate = jwk.crv === 'secp256k1';\n break;\n case 'ES384':\n candidate = jwk.crv === 'P-384';\n break;\n case 'ES512':\n candidate = jwk.crv === 'P-521';\n break;\n case 'Ed25519':\n candidate = jwk.crv === 'Ed25519';\n break;\n case 'EdDSA':\n candidate = jwk.crv === 'Ed25519' || jwk.crv === 'Ed448';\n break;\n }\n }\n return candidate;\n });\n const { 0: jwk, length } = candidates;\n if (length === 0) {\n throw new JWKSNoMatchingKey();\n }\n if (length !== 1) {\n const error = new JWKSMultipleMatchingKeys();\n const { _cached } = this;\n error[Symbol.asyncIterator] = async function* () {\n for (const jwk of candidates) {\n try {\n yield await importWithAlgCache(_cached, jwk, alg);\n }\n catch { }\n }\n };\n throw error;\n }\n return importWithAlgCache(this._cached, jwk, alg);\n }\n}\nasync function importWithAlgCache(cache, jwk, alg) {\n const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk);\n if (cached[alg] === undefined) {\n const key = await importJWK({ ...jwk, ext: true }, alg);\n if (key instanceof Uint8Array || key.type !== 'public') {\n throw new JWKSInvalid('JSON Web Key Set members must be public keys');\n }\n cached[alg] = key;\n }\n return cached[alg];\n}\nfunction createLocalJWKSet(jwks) {\n const set = new LocalJWKSet(jwks);\n const localJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);\n Object.defineProperties(localJWKSet, {\n jwks: {\n value: () => clone(set._jwks),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n });\n return localJWKSet;\n}\n\nconst fetchJwks = async (url, timeout, options) => {\n let controller;\n let id;\n let timedOut = false;\n if (typeof AbortController === 'function') {\n controller = new AbortController();\n id = setTimeout(() => {\n timedOut = true;\n controller.abort();\n }, timeout);\n }\n const response = await fetch(url.href, {\n signal: controller ? controller.signal : undefined,\n redirect: 'manual',\n headers: options.headers,\n }).catch((err) => {\n if (timedOut)\n throw new JWKSTimeout();\n throw err;\n });\n if (id !== undefined)\n clearTimeout(id);\n if (response.status !== 200) {\n throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');\n }\n try {\n return await response.json();\n }\n catch {\n throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');\n }\n};\nvar fetchJwks$1 = fetchJwks;\n\nfunction isCloudflareWorkers() {\n return (typeof WebSocketPair !== 'undefined' ||\n (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') ||\n (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel'));\n}\nlet USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'jose';\n const VERSION = 'v5.10.0';\n USER_AGENT = `${NAME}/${VERSION}`;\n}\nconst jwksCache = Symbol();\nfunction isFreshJwksCache(input, cacheMaxAge) {\n if (typeof input !== 'object' || input === null) {\n return false;\n }\n if (!('uat' in input) || typeof input.uat !== 'number' || Date.now() - input.uat >= cacheMaxAge) {\n return false;\n }\n if (!('jwks' in input) ||\n !isObject(input.jwks) ||\n !Array.isArray(input.jwks.keys) ||\n !Array.prototype.every.call(input.jwks.keys, isObject)) {\n return false;\n }\n return true;\n}\nclass RemoteJWKSet {\n constructor(url, options) {\n if (!(url instanceof URL)) {\n throw new TypeError('url must be an instance of URL');\n }\n this._url = new URL(url.href);\n this._options = { agent: options?.agent, headers: options?.headers };\n this._timeoutDuration =\n typeof options?.timeoutDuration === 'number' ? options?.timeoutDuration : 5000;\n this._cooldownDuration =\n typeof options?.cooldownDuration === 'number' ? options?.cooldownDuration : 30000;\n this._cacheMaxAge = typeof options?.cacheMaxAge === 'number' ? options?.cacheMaxAge : 600000;\n if (options?.[jwksCache] !== undefined) {\n this._cache = options?.[jwksCache];\n if (isFreshJwksCache(options?.[jwksCache], this._cacheMaxAge)) {\n this._jwksTimestamp = this._cache.uat;\n this._local = createLocalJWKSet(this._cache.jwks);\n }\n }\n }\n coolingDown() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cooldownDuration\n : false;\n }\n fresh() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cacheMaxAge\n : false;\n }\n async getKey(protectedHeader, token) {\n if (!this._local || !this.fresh()) {\n await this.reload();\n }\n try {\n return await this._local(protectedHeader, token);\n }\n catch (err) {\n if (err instanceof JWKSNoMatchingKey) {\n if (this.coolingDown() === false) {\n await this.reload();\n return this._local(protectedHeader, token);\n }\n }\n throw err;\n }\n }\n async reload() {\n if (this._pendingFetch && isCloudflareWorkers()) {\n this._pendingFetch = undefined;\n }\n const headers = new Headers(this._options.headers);\n if (USER_AGENT && !headers.has('User-Agent')) {\n headers.set('User-Agent', USER_AGENT);\n this._options.headers = Object.fromEntries(headers.entries());\n }\n this._pendingFetch || (this._pendingFetch = fetchJwks$1(this._url, this._timeoutDuration, this._options)\n .then((json) => {\n this._local = createLocalJWKSet(json);\n if (this._cache) {\n this._cache.uat = Date.now();\n this._cache.jwks = json;\n }\n this._jwksTimestamp = Date.now();\n this._pendingFetch = undefined;\n })\n .catch((err) => {\n this._pendingFetch = undefined;\n throw err;\n }));\n await this._pendingFetch;\n }\n}\nfunction createRemoteJWKSet(url, options) {\n const set = new RemoteJWKSet(url, options);\n const remoteJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);\n Object.defineProperties(remoteJWKSet, {\n coolingDown: {\n get: () => set.coolingDown(),\n enumerable: true,\n configurable: false,\n },\n fresh: {\n get: () => set.fresh(),\n enumerable: true,\n configurable: false,\n },\n reload: {\n value: () => set.reload(),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n reloading: {\n get: () => !!set._pendingFetch,\n enumerable: true,\n configurable: false,\n },\n jwks: {\n value: () => set._local?.jwks(),\n enumerable: true,\n configurable: false,\n writable: false,\n },\n });\n return remoteJWKSet;\n}\n\nconst decode = decode$1;\n\nfunction decodeJwt(jwt) {\n if (typeof jwt !== 'string')\n throw new JWTInvalid('JWTs must use Compact JWS serialization, JWT must be a string');\n const { 1: payload, length } = jwt.split('.');\n if (length === 5)\n throw new JWTInvalid('Only JWTs using Compact JWS serialization can be decoded');\n if (length !== 3)\n throw new JWTInvalid('Invalid JWT');\n if (!payload)\n throw new JWTInvalid('JWTs must contain a payload');\n let decoded;\n try {\n decoded = decode(payload);\n }\n catch {\n throw new JWTInvalid('Failed to base64url decode the payload');\n }\n let result;\n try {\n result = JSON.parse(decoder.decode(decoded));\n }\n catch {\n throw new JWTInvalid('Failed to parse the decoded payload as JSON');\n }\n if (!isObject(result))\n throw new JWTInvalid('Invalid JWT Claims Set');\n return result;\n}\n\nfunction getModulusLengthOption(options) {\n const modulusLength = options?.modulusLength ?? 2048;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');\n }\n return modulusLength;\n}\nasync function generateKeyPair$1(alg, options) {\n let algorithm;\n let keyUsages;\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['decrypt', 'unwrapKey', 'encrypt', 'wrapKey'];\n break;\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'Ed25519':\n algorithm = { name: 'Ed25519' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'EdDSA': {\n keyUsages = ['sign', 'verify'];\n const crv = options?.crv ?? 'Ed25519';\n switch (crv) {\n case 'Ed25519':\n case 'Ed448':\n algorithm = { name: crv };\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided');\n }\n break;\n }\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n keyUsages = ['deriveKey', 'deriveBits'];\n const crv = options?.crv ?? 'P-256';\n switch (crv) {\n case 'P-256':\n case 'P-384':\n case 'P-521': {\n algorithm = { name: 'ECDH', namedCurve: crv };\n break;\n }\n case 'X25519':\n case 'X448':\n algorithm = { name: crv };\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');\n }\n break;\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n return crypto$1.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);\n}\n\nasync function generateKeyPair(alg, options) {\n return generateKeyPair$1(alg, options);\n}\n\n/**\n * When the client does not have a webid profile document, use this.\n *\n * @param registration_endpoint\n * @param redirect__uris\n * @returns\n */\nconst requestDynamicClientRegistration = async (registration_endpoint, client_details) => {\n // prepare dynamic client registration\n const client_registration_request_body = {\n ...client_details,\n grant_types: [\"authorization_code\", \"refresh_token\"],\n // id_token_signed_response_alg: \"ES256\", // omitting as NSS does not support ES256 while CSS does not support RS256\n token_endpoint_auth_method: \"none\",\n application_type: \"web\",\n subject_type: \"public\",\n };\n // register\n return fetch(registration_endpoint, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(client_registration_request_body),\n });\n};\n\n/**\n * Login with the idp, using a provided `client_id` or dynamic client registration if none provided.\n *\n * @param idp\n * @param redirect_uri\n */\nconst redirectForLogin = async (idp, redirect_uri, client_details) => {\n // RFC 6749 - Section 3.1.2 - sanitize redirect_uri\n const redirect_uri_ = new URL(redirect_uri);\n const redirect_uri_sane = redirect_uri_.origin + redirect_uri_.pathname + redirect_uri_.search;\n // lookup openid configuration of idp\n const idp_origin = new URL(idp).origin;\n const openid_configuration = await fetch(`${idp_origin}/.well-known/openid-configuration`)\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n // RFC 9207 iss check: remember the identity provider (idp) / issuer (iss) - relaxing for trailing slash\n const issuer = openid_configuration[\"issuer\"];\n const trim_trailing_slash = (url) => (url.endsWith('/') ? url.slice(0, -1) : url);\n if (trim_trailing_slash(idp) !== trim_trailing_slash(issuer)) { // expected idp matches received issuer mod trailing slash?\n throw new Error(\"RFC 9207 - iss !== idp - \" + issuer + \" !== \" + idp);\n }\n sessionStorage.setItem(\"idp\", issuer);\n // remember token endpoint\n sessionStorage.setItem(\"token_endpoint\", openid_configuration[\"token_endpoint\"]);\n // remember jwks_uri for later token verification\n sessionStorage.setItem(\"jwks_uri\", openid_configuration[\"jwks_uri\"]);\n let client_id = client_details?.client_id;\n // no client_id => attempt dynamic registration\n if (!client_id) {\n // use registration endpoint\n const registration_endpoint = openid_configuration[\"registration_endpoint\"];\n // get client registration\n const client_registration = await requestDynamicClientRegistration(registration_endpoint, client_details ?? { redirect_uris: [redirect_uri_sane] })\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n client_id = client_registration[\"client_id\"];\n }\n // remember client_id if not URL\n try {\n new URL(client_id);\n }\n catch {\n sessionStorage.setItem(\"client_id\", client_id);\n }\n // RFC 7636 PKCE, remember code verifer\n const { pkce_code_verifier, pkce_code_challenge } = await getPKCEcode();\n sessionStorage.setItem(\"pkce_code_verifier\", pkce_code_verifier);\n // RFC 6749 OAuth 2.0 - CSRF token\n const csrf_token = window.crypto.randomUUID();\n sessionStorage.setItem(\"csrf_token\", csrf_token);\n // redirect to idp\n const redirect_to_idp = openid_configuration[\"authorization_endpoint\"] +\n `?response_type=code` +\n `&redirect_uri=${encodeURIComponent(redirect_uri_sane)}` +\n `&scope=openid offline_access webid` +\n `&client_id=${encodeURIComponent(client_id)}` +\n `&code_challenge_method=S256` +\n `&code_challenge=${pkce_code_challenge}` +\n `&state=${csrf_token}` +\n `&prompt=consent`; // this query parameter value MUST be present for CSS v7 to issue a refresh token ( // TODO open issue because prompting is the default behaviour but without this query param no refresh token is provided despite the \"remember this client\" box being checked)\n window.location.href = redirect_to_idp;\n};\n/**\n * RFC 7636 PKCE\n * @returns PKCE code verifier and PKCE code challenge\n */\nconst getPKCEcode = async () => {\n // create random string as PKCE code verifier\n const pkce_code_verifier = window.crypto.randomUUID() + \"-\" + window.crypto.randomUUID();\n // hash the verifier and base64URL encode as PKCE code challenge\n const digest = new Uint8Array(await window.crypto.subtle.digest(\"SHA-256\", new TextEncoder().encode(pkce_code_verifier)));\n const pkce_code_challenge = btoa(String.fromCharCode(...digest))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n return { pkce_code_verifier, pkce_code_challenge };\n};\n/**\n * On incoming redirect from OpenID provider (idp/iss),\n * URL contains authrization code, issuer (idp) and state (csrf token),\n * get an access token for the authrization code.\n */\nconst onIncomingRedirect = async (client_details, database) => {\n const url = new URL(window.location.href);\n // authorization code\n const authorization_code = url.searchParams.get(\"code\");\n // if no code, session remains unauthenticated at this point\n if (authorization_code === null) {\n return { clientDetails: client_details };\n }\n // RFC 9207 issuer check\n const idp = sessionStorage.getItem(\"idp\");\n if (idp === null || url.searchParams.get(\"iss\") !== idp) {\n throw new Error(\"RFC 9207 - iss !== idp - \" + url.searchParams.get(\"iss\") + \" !== \" + idp);\n }\n // RFC 6749 OAuth 2.0\n if (url.searchParams.get(\"state\") !== sessionStorage.getItem(\"csrf_token\")) {\n throw new Error(\"RFC 6749 - state !== csrf_token - \" + url.searchParams.get(\"state\") + \" !== \" + sessionStorage.getItem(\"csrf_token\"));\n }\n // remove redirect query parameters from URL\n url.searchParams.delete(\"iss\");\n url.searchParams.delete(\"state\");\n url.searchParams.delete(\"code\");\n window.history.pushState({}, document.title, url.toString());\n // prepare token request\n const pkce_code_verifier = sessionStorage.getItem(\"pkce_code_verifier\");\n if (pkce_code_verifier === null) {\n throw new Error(\"Access Token Request preparation - Could not find in sessionStorage: pkce_code_verifier\");\n }\n const client_id = client_details?.client_id || sessionStorage.getItem(\"client_id\");\n if (!client_id) {\n throw new Error(\"Access Token Request preparation - Could not find in sessionStorage: client_id (dynamic registration)\");\n }\n const token_endpoint = sessionStorage.getItem(\"token_endpoint\");\n if (token_endpoint === null) {\n throw new Error(\"Access Token Request preparation - Could not find in sessionStorage: token_endpoint\");\n }\n // RFC 9449 DPoP\n const key_pair = await generateKeyPair(\"ES256\");\n // get access token\n const token_response = await requestAccessToken(authorization_code, pkce_code_verifier, url.toString(), client_id, token_endpoint, key_pair)\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n // verify access_token // ! Solid-OIDC specification says it should be a dpop-bound `id token` but implementations provide a dpop-bound `access token`\n const accessToken = token_response[\"access_token\"];\n const jwks_uri = sessionStorage.getItem(\"jwks_uri\");\n if (jwks_uri === null) {\n throw new Error(\"Access Token validation preparation - Could not find in sessionStorage: jwks_uri\");\n }\n const jwks = createRemoteJWKSet(new URL(jwks_uri));\n const { payload } = await jwtVerify(accessToken, jwks, {\n issuer: idp, // RFC 9207\n audience: \"solid\", // RFC 7519 // ! \"solid\" as per implementations ...\n // exp, nbf, iat - handled automatically\n });\n // check dpop thumbprint\n const dpopThumbprint = await calculateJwkThumbprint(await exportJWK(key_pair.publicKey));\n if (payload[\"cnf\"][\"jkt\"] !== dpopThumbprint) {\n throw new Error(\"Access Token validation failed on `jkt`: jkt !== DPoP thumbprint - \" + payload[\"cnf\"][\"jkt\"] + \" !== \" + dpopThumbprint);\n }\n // check client_id\n if (payload[\"client_id\"] !== client_id) {\n throw new Error(\"Access Token validation failed on `client_id`: JWT payload !== client_id - \" + payload[\"client_id\"] + \" !== \" + client_id);\n }\n // summarise session info\n const token_details = { ...token_response, dpop_key_pair: key_pair };\n const idp_details = { idp, jwks_uri, token_endpoint };\n if (!client_details)\n client_details = { redirect_uris: [url.toString()] };\n client_details.client_id = client_id;\n // and persist refresh token details\n if (database) {\n await database.init();\n await Promise.all([\n database.setItem(\"idp\", idp),\n database.setItem(\"jwks_uri\", jwks_uri),\n database.setItem(\"token_endpoint\", token_endpoint),\n database.setItem(\"client_id\", client_id),\n database.setItem(\"dpop_keypair\", key_pair),\n database.setItem(\"refresh_token\", token_response[\"refresh_token\"])\n ]);\n database.close();\n }\n // clean session storage\n sessionStorage.removeItem(\"csrf_token\");\n sessionStorage.removeItem(\"pkce_code_verifier\");\n sessionStorage.removeItem(\"idp\");\n sessionStorage.removeItem(\"jwks_uri\");\n sessionStorage.removeItem(\"token_endpoint\");\n sessionStorage.removeItem(\"client_id\");\n // return session information\n return {\n clientDetails: client_details,\n idpDetails: idp_details,\n tokenDetails: token_details\n };\n};\n/**\n * Request an dpop-bound access token from a token endpoint\n * @param authorization_code\n * @param pkce_code_verifier\n * @param redirect_uri\n * @param client_id\n * @param token_endpoint\n * @param key_pair\n * @returns\n */\nconst requestAccessToken = async (authorization_code, pkce_code_verifier, redirect_uri, client_id, token_endpoint, key_pair) => {\n // prepare public key to bind access token to\n const jwk_public_key = await exportJWK(key_pair.publicKey);\n jwk_public_key.alg = \"ES256\";\n // sign the access token request DPoP token\n const dpop = await new SignJWT({\n htu: token_endpoint,\n htm: \"POST\",\n })\n .setIssuedAt()\n .setJti(window.crypto.randomUUID())\n .setProtectedHeader({\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: jwk_public_key,\n })\n .sign(key_pair.privateKey);\n return fetch(token_endpoint, {\n method: \"POST\",\n headers: {\n dpop,\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n code: authorization_code,\n code_verifier: pkce_code_verifier,\n redirect_uri: redirect_uri,\n client_id: client_id,\n }),\n });\n};\n\nconst renewTokens = async (sessionDatabase) => {\n // remember session details\n try {\n await sessionDatabase.init();\n const client_id = await sessionDatabase.getItem(\"client_id\");\n const token_endpoint = await sessionDatabase.getItem(\"token_endpoint\");\n const key_pair = await sessionDatabase.getItem(\"dpop_keypair\");\n const refresh_token = await sessionDatabase.getItem(\"refresh_token\");\n if (client_id === null || token_endpoint === null || key_pair === null || refresh_token === null) {\n // we can not restore the old session\n throw new Error(\"Could not refresh tokens: details missing from database.\");\n }\n const token_response = await requestFreshTokens(refresh_token, client_id, token_endpoint, key_pair)\n .then((response) => {\n if (!response.ok) {\n throw new Error(`HTTP error! Status: ${response.status}`);\n }\n return response.json();\n });\n // verify access_token // ! Solid-OIDC specification says it should be a dpop-bound `id token` but implementations provide a dpop-bound `access token`\n const accessToken = token_response[\"access_token\"];\n const idp = await sessionDatabase.getItem(\"idp\");\n if (idp === null) {\n throw new Error(\"Access Token validation preparation - Could not find in sessionDatabase: idp\");\n }\n const jwks_uri = await sessionDatabase.getItem(\"jwks_uri\");\n if (jwks_uri === null) {\n throw new Error(\"Access Token validation preparation - Could not find in sessionDatabase: jwks_uri\");\n }\n const jwks = createRemoteJWKSet(new URL(jwks_uri));\n const { payload } = await jwtVerify(accessToken, jwks, {\n issuer: idp, // RFC 9207\n audience: \"solid\", // RFC 7519 // ! \"solid\" as per implementations ...\n // exp, nbf, iat - handled automatically\n });\n // check dpop thumbprint\n const dpopThumbprint = await calculateJwkThumbprint(await exportJWK(key_pair.publicKey));\n if (payload[\"cnf\"][\"jkt\"] !== dpopThumbprint) {\n throw new Error(\"Access Token validation failed on `jkt`: jkt !== DPoP thumbprint - \" + payload[\"cnf\"][\"jkt\"] + \" !== \" + dpopThumbprint);\n }\n // check client_id\n if (payload[\"client_id\"] !== client_id) {\n throw new Error(\"Access Token validation failed on `client_id`: JWT payload !== client_id - \" + payload[\"client_id\"] + \" !== \" + client_id);\n }\n // set new refresh token for token rotation\n await sessionDatabase.setItem(\"refresh_token\", token_response[\"refresh_token\"]);\n return {\n ...token_response,\n dpop_key_pair: key_pair,\n };\n }\n finally {\n sessionDatabase.close();\n }\n};\n/**\n * Request an dpop-bound access token from a token endpoint using a refresh token\n * @param authorization_code\n * @param pkce_code_verifier\n * @param redirect_uri\n * @param client_id\n * @param token_endpoint\n * @param key_pair\n * @returns\n */\nconst requestFreshTokens = async (refresh_token, client_id, token_endpoint, key_pair) => {\n // prepare public key to bind access token to\n const jwk_public_key = await exportJWK(key_pair.publicKey);\n jwk_public_key.alg = \"ES256\";\n // sign the access token request DPoP token\n const dpop = await new SignJWT({\n htu: token_endpoint,\n htm: \"POST\",\n })\n .setIssuedAt()\n .setJti(self.crypto.randomUUID())\n .setProtectedHeader({\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: jwk_public_key,\n })\n .sign(key_pair.privateKey);\n return fetch(token_endpoint, {\n method: \"POST\",\n headers: {\n dpop,\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n refresh_token,\n client_id\n }),\n });\n};\n\nvar SessionEvents;\n(function (SessionEvents) {\n SessionEvents[\"STATE_CHANGE\"] = \"sessionStateChange\";\n SessionEvents[\"EXPIRATION_WARNING\"] = \"sessionExpirationWarning\";\n SessionEvents[\"EXPIRATION\"] = \"sessionExpiration\";\n})(SessionEvents || (SessionEvents = {}));\n//\n//\n// Basic implementation\n//\n//\n/**\n * The SessionCore class manages session state and core logic but does not handle the refresh lifecycle.\n * It receives {@link SessionOptions} with a database to be able to restore a session.\n * That database can be re-used by (your!) surrounding implementation to handle the refresh lifecycle.\n * If no database was provided, refresh information cannot be stored, and thus token refresh (via the refresh token grant) is not possible in this case.\n *\n * If you are building a web app, use the Session implementation provided in the default `/web` version of this library.\n */\nclass SessionCore extends EventTarget {\n isActive_ = false;\n exp_;\n webId_ = undefined;\n currentAth_ = undefined;\n information;\n database;\n refreshPromise;\n resolveRefresh;\n rejectRefresh;\n constructor(clientDetails, sessionOptions) {\n super();\n this.authFetch = this.authFetch.bind(this);\n this.information = { clientDetails };\n this.database = sessionOptions?.database;\n if (sessionOptions?.onSessionStateChange)\n this.addEventListener(SessionEvents.STATE_CHANGE, (event) => sessionOptions.onSessionStateChange?.(event));\n if (sessionOptions?.onSessionExpirationWarning)\n this.addEventListener(SessionEvents.EXPIRATION_WARNING, (event) => sessionOptions?.onSessionExpirationWarning?.(event));\n if (sessionOptions?.onSessionExpiration)\n this.addEventListener(SessionEvents.EXPIRATION, (event) => sessionOptions?.onSessionExpiration?.(event));\n }\n async login(idp, redirect_uri) {\n await redirectForLogin(idp, redirect_uri, this.information.clientDetails);\n }\n /**\n * Handles the redirect from the identity provider after a login attempt.\n * It attempts to retrieve tokens using the authorization code.\n * Upon success, it tries to persist information to refresh tokens in the session database.\n * If no database was provided, no information is persisted.\n */\n async handleRedirectFromLogin() {\n // Redirect after Authorization Code Grant // memory via sessionStorage\n const newSessionInfo = await onIncomingRedirect(this.information.clientDetails, this.database);\n // no session - we remain unauthenticated\n if (!newSessionInfo.tokenDetails)\n return;\n // we got a session\n this.information.clientDetails = newSessionInfo.clientDetails;\n this.information.idpDetails = newSessionInfo.idpDetails;\n await this.setTokenDetails(newSessionInfo.tokenDetails);\n // callback state change \n this.dispatchStateChangeEvent(); // we logged in\n }\n /**\n * Handles session restoration using the refresh token grant.\n */\n async restore() {\n if (!this.database) {\n throw new Error(\"Could not refresh tokens: missing database. Provide database in sessionOption.\");\n }\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n this.refreshPromise = new Promise((resolve, reject) => {\n this.resolveRefresh = resolve;\n this.rejectRefresh = reject;\n });\n // Restore session using Refresh Token Grant \n const wasActive = this.isActive;\n renewTokens(this.database)\n .then(tokenDetails => this.setTokenDetails(tokenDetails))\n .then(() => this.resolveRefresh())\n .catch(error => {\n if (this.isActive) {\n this.rejectRefresh(new Error(error || 'Token refresh failed'));\n // do not change state (yet), let the app decide if they want to logout or if they just want to retry.\n if (!this.isExpired()) {\n this.dispatchExpirationWarningEvent();\n }\n else {\n this.dispatchExpirationEvent();\n }\n }\n else {\n this.rejectRefresh(new Error(\"No session to restore.\"));\n }\n }).finally(() => {\n this.clearRefreshPromise();\n if (wasActive !== this.isActive)\n this.dispatchStateChangeEvent();\n });\n return this.refreshPromise;\n }\n /**\n * This logs the user out.\n * Clears all session-related information, including IDP details and tokens.\n * Client ID is preserved if it is a URI.\n */\n async logout() {\n // clean session data\n this.isActive_ = false;\n this.exp_ = undefined;\n this.webId_ = undefined;\n this.currentAth_ = undefined;\n this.information.idpDetails = undefined;\n this.information.tokenDetails = undefined;\n // client details are preserved\n if (this.refreshPromise && this.rejectRefresh) {\n this.rejectRefresh(new Error('Logout during token refresh.'));\n this.clearRefreshPromise();\n }\n // clean session database\n if (this.database) {\n await this.database.init();\n await this.database.clear();\n this.database.close();\n }\n // callback state change\n this.dispatchStateChangeEvent(); // we logged out\n }\n /**\n * Makes an HTTP fetch request.\n * If a session is active, it includes the DPoP token and the access token in the `Authorization` header.\n *\n * @param input The URL or Request object to fetch.\n * @param init Optional fetch request options (RequestInit). Headers for `Authorization` and `DPoP` will be overwritten if a session is active.\n * @param dpopPayload Optional payload for the DPoP token. If provided, it overrides the default `htu` and `htm` claims.\n * @returns A promise that resolves to the fetch Response.\n */\n async authFetch(input, init, dpopPayload) {\n // if there is not session established, just delegate to the default fetch\n if (!this.isActive) {\n return fetch(input, init);\n }\n // TODO\n // TODO do HEAD request to check if authentication is actually required, only then include tokens\n // TODO\n // prepare authenticated call using a DPoP token (either provided payload, or default)\n let url;\n let method;\n let headers;\n // wrangle fetch input parameters into place\n if (input instanceof Request) {\n url = new URL(input.url);\n method = init?.method || input?.method || 'GET';\n headers = new Headers(input.headers);\n }\n else {\n init = init || {};\n url = new URL(input.toString());\n method = init.method || 'GET';\n headers = init.headers ? new Headers(init.headers) : new Headers();\n }\n // create DPoP token, and add tokens to request\n await this._renewTokensIfExpired();\n dpopPayload = dpopPayload ?? {\n htu: `${url.origin}${url.pathname}`,\n htm: method.toUpperCase()\n };\n const dpop = await this._createSignedDPoPToken(dpopPayload);\n // overwrite headers: authorization, dpop\n headers.set(\"dpop\", dpop);\n headers.set(\"authorization\", `DPoP ${this.information.tokenDetails.access_token}`);\n // check explicitly; to avoid unexpected behaviour\n if (input instanceof Request) { // clone the provided request, and override the headers\n return fetch(new Request(input, { ...init, headers }));\n }\n // just override the headers\n return fetch(url, { ...init, headers });\n }\n // \n // Setters\n //\n async setTokenDetails(tokenDetails) {\n this.information.tokenDetails = tokenDetails;\n await this._updateSessionDetailsFromToken(tokenDetails.access_token);\n }\n clearRefreshPromise() {\n this.refreshPromise = undefined;\n this.resolveRefresh = undefined;\n this.rejectRefresh = undefined;\n }\n //\n // Getters\n //\n get isActive() {\n return this.isActive_;\n }\n get webId() {\n return this.webId_;\n }\n isExpired() {\n if (!this.exp_)\n return true;\n return this._isTokenExpired(this.exp_);\n }\n getExpiresIn() {\n if (!this.exp_)\n return -1;\n return this._getTokenTTL(this.exp_);\n }\n getTokenDetails() {\n return this.information.tokenDetails;\n }\n //\n // Helpers\n //\n /**\n * Check if the current token is expired (which may happen during device/browser/tab hibernation),\n * and if expired, restore the session.\n */\n async _renewTokensIfExpired() {\n if (this.isExpired()) {\n if (!this.refreshPromise) {\n await this.restore(); // Initiate and wait\n }\n else {\n await this.refreshPromise; // Wait for already pending\n }\n }\n }\n /**\n * RFC 9449 - Hash of the access token\n */\n async _computeAth(accessToken) {\n // Convert the ASCII string of the token to a Uint8Array\n const encoder = new TextEncoder();\n const data = encoder.encode(accessToken); // ASCII by default\n // Compute SHA-256 hash\n const hashBuffer = await crypto.subtle.digest('SHA-256', data);\n // Convert ArrayBuffer to base64url string\n const hashArray = Array.from(new Uint8Array(hashBuffer));\n const base64 = btoa(String.fromCharCode(...hashArray));\n // Convert base64 to base64url\n const base64url = base64\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '');\n return base64url;\n }\n /**\n * Creates a signed DPoP (Demonstration of Proof-of-Possession) token.\n *\n * @param payload The payload to include in the DPoP token. By default, it includes `htu` (HTTP target URI) and `htm` (HTTP method).\n * @returns A promise that resolves to the signed DPoP token string.\n * @throws Error if the session has not been initialized - if no token details are available.\n */\n async _createSignedDPoPToken(payload) {\n if (!this.information.tokenDetails || !this.currentAth_) {\n throw new Error(\"Session not established.\");\n }\n payload.ath = this.currentAth_;\n const jwk_public_key = await exportJWK(this.information.tokenDetails.dpop_key_pair.publicKey);\n return new SignJWT(payload)\n .setIssuedAt()\n .setJti(window.crypto.randomUUID())\n .setProtectedHeader({\n alg: \"ES256\",\n typ: \"dpop+jwt\",\n jwk: jwk_public_key,\n })\n .sign(this.information.tokenDetails.dpop_key_pair.privateKey);\n }\n async _updateSessionDetailsFromToken(access_token) {\n if (!access_token) {\n await this.logout();\n return;\n }\n try {\n const decodedToken = decodeJwt(access_token);\n const webId = decodedToken.webid;\n if (!webId) {\n throw new Error('Missing webid claim in access token');\n }\n const exp = decodedToken.exp;\n if (!exp) {\n throw new Error('Missing exp claim in access token');\n }\n this.currentAth_ = await this._computeAth(access_token); // must be done before session set to active\n this.webId_ = webId;\n this.exp_ = exp;\n this.isActive_ = true;\n }\n catch (error) {\n await this.logout();\n }\n }\n /**\n * Checks if a JWT expiration timestamp ('exp') has passed.\n */\n _isTokenExpired(exp, bufferSeconds = 0) {\n if (typeof exp !== 'number' || isNaN(exp)) {\n return true;\n }\n return this._getTokenTTL(exp, bufferSeconds) < 0;\n }\n _getTokenTTL(exp, bufferSeconds = 0) {\n const currentTimeSeconds = Math.floor(Date.now() / 1000);\n return exp - (currentTimeSeconds + bufferSeconds);\n }\n // \n // Events\n //\n dispatchStateChangeEvent() {\n this.dispatchEvent(new CustomEvent(SessionEvents.STATE_CHANGE, { detail: { isActive: this.isActive, webId: this.webId } }));\n }\n dispatchExpirationWarningEvent() {\n this.dispatchEvent(new CustomEvent(SessionEvents.EXPIRATION_WARNING, { detail: { expires_in: this.getExpiresIn() } }));\n }\n dispatchExpirationEvent() {\n this.dispatchEvent(new CustomEvent(SessionEvents.EXPIRATION));\n }\n}\n\nexport { SessionCore, SessionEvents };\n//# sourceMappingURL=index.js.map\n","/**\n * OIDC session factory.\n *\n * Everything needed to create and configure the underlying auth session:\n * - Session database backends (in-memory and IndexedDB)\n * - Session instantiation (WebSession or SessionCore, with local-dev\n * fallbacks for environments where the service worker can't load)\n * - Login compatibility shim that normalises legacy call-site signatures\n * and resolves the canonical issuer through /.well-known discovery\n *\n * The raw session instance (_session) is consumed by authSession.ts where\n * the legacy event layer and logout listener are attached.\n *\n * DO NOT import _session directly — always go through authSession.ts so\n * the event wiring is guaranteed to run.\n */\n\nimport {\n Session as WebSession,\n} from '@uvdsl/solid-oidc-client-browser'\nimport * as OidcCore from '@uvdsl/solid-oidc-client-browser/core'\nimport type { Session as OidcSession, SessionDatabase } from '@uvdsl/solid-oidc-client-browser/core'\n\n// ---------------------------------------------------------------------------\n// Session databases\n// ---------------------------------------------------------------------------\n\nexport class MemorySessionDatabase implements SessionDatabase {\n private readonly map = new Map<string, any>()\n\n private shouldPreserveExistingRefreshToken(id: string, value: any): boolean {\n return id === 'refresh_token' && (value == null || value === '') && this.map.has(id)\n }\n\n async init (): Promise<SessionDatabase> {\n return this\n }\n\n async setItem (id: string, value: any): Promise<void> {\n // Some Solid IdPs do not include refresh_token on refresh responses.\n // Keep the previous token instead of overwriting it with null/undefined.\n if (this.shouldPreserveExistingRefreshToken(id, value)) {\n return\n }\n this.map.set(id, value)\n }\n\n async getItem (id: string): Promise<any> {\n return this.map.has(id) ? this.map.get(id) : null\n }\n\n async deleteItem (id: string): Promise<void> {\n this.map.delete(id)\n }\n\n async clear (): Promise<void> {\n this.map.clear()\n }\n\n close (): void {\n // No-op for in-memory database\n }\n}\n\nexport class IndexedDbSessionDatabase implements SessionDatabase {\n private db: IDBDatabase | null = null\n private readonly dbName = 'soidc'\n private readonly storeName = 'session'\n private readonly dbVersion = 1\n\n private async shouldPreserveExistingRefreshToken(id: string, value: any): Promise<boolean> {\n if (id !== 'refresh_token' || !(value == null || value === '')) {\n return false\n }\n const existing = await this.getItem(id)\n return existing != null && existing !== ''\n }\n\n async init (): Promise<SessionDatabase> {\n if (this.db) return this\n if (typeof indexedDB === 'undefined') {\n throw new Error('IndexedDB is not available in this environment')\n }\n\n await new Promise<void>((resolve, reject) => {\n const request = indexedDB.open(this.dbName, this.dbVersion)\n\n request.onerror = () => reject(request.error)\n request.onsuccess = () => {\n this.db = request.result\n resolve()\n }\n request.onupgradeneeded = () => {\n const db = request.result\n if (!db.objectStoreNames.contains(this.storeName)) {\n db.createObjectStore(this.storeName)\n }\n }\n })\n\n return this\n }\n\n async setItem (id: string, value: any): Promise<void> {\n await this.init()\n // Some Solid IdPs do not include refresh_token on refresh responses.\n // Keep the previous token instead of overwriting it with null/undefined.\n if (await this.shouldPreserveExistingRefreshToken(id, value)) {\n return\n }\n await this.withStore('readwrite', store => store.put(value, id))\n }\n\n async getItem (id: string): Promise<any> {\n await this.init()\n return this.withStore('readonly', store => store.get(id))\n }\n\n async deleteItem (id: string): Promise<void> {\n await this.init()\n await this.withStore('readwrite', store => store.delete(id))\n }\n\n async clear (): Promise<void> {\n await this.init()\n await this.withStore('readwrite', store => store.clear())\n }\n\n close (): void {\n if (this.db) {\n this.db.close()\n this.db = null\n }\n }\n\n private withStore(mode: IDBTransactionMode, op: (store: IDBObjectStore) => IDBRequest<any>): Promise<any> {\n return new Promise<any>((resolve, reject) => {\n if (!this.db) {\n reject(new Error('Session database not initialized'))\n return\n }\n\n const tx = this.db.transaction(this.storeName, mode)\n const store = tx.objectStore(this.storeName)\n const request = op(store)\n let result: any = null\n\n tx.onerror = () => reject(tx.error ?? request.error)\n tx.onabort = () => reject(tx.error ?? request.error ?? new Error('IndexedDB transaction aborted'))\n tx.oncomplete = () => resolve(result)\n\n request.onerror = () => reject(request.error)\n request.onsuccess = () => {\n result = request.result ?? null\n }\n })\n }\n}\n\n// ---------------------------------------------------------------------------\n// Session instantiation\n// ---------------------------------------------------------------------------\n\nfunction getSessionCoreCtor (): (new (...args: any[]) => OidcSession) | null {\n const coreAny = OidcCore as any\n const candidate = coreAny.SessionCore ?? coreAny.default?.SessionCore ?? coreAny.default\n\n if (typeof candidate !== 'function') {\n return null\n }\n\n return candidate as new (...args: any[]) => OidcSession\n}\n\nconst SessionCoreCtor = getSessionCoreCtor()\n\nfunction createSession (): OidcSession {\n const shouldSkipWorkerInLocalDev = typeof window !== 'undefined' && (() => {\n const host = window.location.hostname\n // In local NSS setups (including subdomain mode like alice.localhost),\n // worker-based session storage can be brittle and lose state on reload.\n // Prefer SessionCore + IndexedDB for deterministic persistence.\n return host === 'localhost' || host === '127.0.0.1' || host.endsWith('.localhost')\n })()\n\n if (shouldSkipWorkerInLocalDev) {\n if (SessionCoreCtor) {\n return new SessionCoreCtor(undefined, { database: new IndexedDbSessionDatabase() })\n }\n return new WebSession()\n }\n\n try {\n return new WebSession()\n } catch (error) {\n // In some deployments, worker URL resolution can become file:// and fail cross-origin.\n // Fall back to SessionCore so auth still works without background refresh worker.\n // Use IndexedDB to keep refresh-token persistence across page reloads.\n console.warn('solid-logic: falling back to non-worker auth session:', error)\n try {\n if (SessionCoreCtor) {\n return new SessionCoreCtor(undefined, { database: new IndexedDbSessionDatabase() })\n }\n return new WebSession()\n } catch (dbError) {\n console.warn('solid-logic: IndexedDB unavailable, using in-memory session database:', dbError)\n if (SessionCoreCtor) {\n return new SessionCoreCtor(undefined, { database: new MemorySessionDatabase() })\n }\n return new WebSession()\n }\n }\n}\n\n// ---------------------------------------------------------------------------\n// Singleton session\n// ---------------------------------------------------------------------------\n\nconst _session = createSession()\n\nexport { _session }\n","/**\n * Issuer discovery utilities.\n *\n * Resolves OIDC issuer endpoints from /.well-known/openid-configuration\n * so that login can use the canonical issuer host.\n */\n\nasync function discoverIssuerFromWellKnown (issuer: string): Promise<string | null> {\n try {\n const issuerUrl = new URL(issuer)\n const wellKnownUrl = new URL('/.well-known/openid-configuration', issuerUrl.origin)\n const wellKnownResponse = await fetch(wellKnownUrl.toString(), { credentials: 'include' })\n if (!wellKnownResponse.ok) {\n return null\n }\n\n const wellKnownPayload = await wellKnownResponse.json()\n if (typeof wellKnownPayload?.issuer !== 'string' || !wellKnownPayload.issuer) {\n return null\n }\n\n return wellKnownPayload.issuer.replace(/\\/$/, '')\n } catch (_err) {\n return null\n }\n}\n\nexport async function resolveIssuerForLogin (issuer: string): Promise<string> {\n // Prefer the issuer advertised by discovery; if app and issuer hosts still differ,\n // redirecting to the canonical issuer host is cleaner than rewriting the issuer here.\n const discoveredIssuer = await discoverIssuerFromWellKnown(issuer)\n if (discoveredIssuer) {\n return discoveredIssuer\n }\n return issuer\n}\n","/**\n * Legacy event compatibility layer.\n *\n * Pure EventEmitter-style shim — no side effects, no uvdsl dependencies.\n * Wired into the auth session by authSession.ts.\n */\n\ntype LegacyEventName = 'login' | 'logout' | 'sessionRestore'\ntype LegacyEventHandler = (...args: unknown[]) => void\n\n/**\n * Minimal EventEmitter-style shim so that existing consumers using\n * `authSession.events.on('login' | 'logout' | 'sessionRestore', handler)`\n * continue working without modification.\n *\n * Events are emitted by SolidAuthnLogic.checkUser() (login/sessionRestore)\n * and by the sessionStateChange listener in authSession.ts (logout).\n */\nexport class SessionEvents {\n private readonly listeners: Map<string, Set<LegacyEventHandler>> = new Map()\n\n on (event: LegacyEventName, handler: LegacyEventHandler): void {\n if (!this.listeners.has(event)) this.listeners.set(event, new Set())\n this.listeners.get(event)!.add(handler)\n }\n\n off (event: LegacyEventName, handler: LegacyEventHandler): void {\n this.listeners.get(event)?.delete(handler)\n }\n\n emit (event: LegacyEventName, ...args: unknown[]): void {\n this.listeners.get(event)?.forEach(h => h(...args))\n }\n}\n\n","/**\n * Auth session wiring.\n *\n * Takes the raw OIDC session from session.ts and layers on:\n * - Login compatibility shim (normalises legacy call-site signatures\n * and resolves the canonical issuer)\n * - SessionEvents shim (legacy EventEmitter-style API)\n * - Logout listener (emits 'logout' on session deactivation)\n *\n * Exports the fully assembled authSession.\n */\n\nimport type { Session as OidcSession } from '@uvdsl/solid-oidc-client-browser/core'\nimport { _session } from './session'\nimport { resolveIssuerForLogin } from './issuer'\nimport { SessionEvents } from './events'\n\ntype SessionCompatibilityShape = {\n webId?: string\n isActive?: boolean\n info?: {\n webId?: string\n isLoggedIn?: boolean\n }\n fetch?: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>\n authFetch?: (input: string | URL | Request, init?: RequestInit, dpopPayload?: any) => Promise<Response>\n}\n\ntype LoginOptionsLegacy = {\n oidcIssuer?: string\n idp?: string\n issuer?: string\n redirectUrl?: string\n redirect_uri?: string\n redirectUri?: string\n}\n\ntype LoginCompat = {\n (issuer: string, redirectUrl: string): Promise<unknown>\n (options: LoginOptionsLegacy): Promise<unknown>\n}\n\nexport type SessionWithLegacyEvents = Omit<OidcSession, 'login'> & SessionCompatibilityShape & {\n login: LoginCompat\n events: SessionEvents\n}\n\n// ---------------------------------------------------------------------------\n// Login compatibility shim\n// ---------------------------------------------------------------------------\n// Wraps _session.login() so that call sites with different calling\n// conventions all work. The underlying session expects:\n// login(issuer: string, redirectUrl: string)\n//\n// idpOrOptions can be:\n// - a string (issuer URL) — passed through with less resolution\n// - an options object with any of these field-name variants:\n// issuer: oidcIssuer | idp | issuer\n// redirect: redirectUrl | redirect_uri | redirectUri\n// (all redirect field names map to the same value: the URL the IdP\n// should send the browser back to after authentication)\n// - anything else — passed through to the underlying session as-is\n//\n// In all cases the issuer is resolved through\n// /.well-known/openid-configuration before redirect so the canonical\n// issuer host is used.\n\nconst sessionAny = _session as any\nconst originalLogin = typeof sessionAny.login === 'function'\n ? sessionAny.login.bind(_session)\n : undefined\n\nif (originalLogin) {\n const compatLogin = async (idpOrOptions: any, redirectUri?: string): Promise<unknown> => {\n if (idpOrOptions && typeof idpOrOptions === 'object' && !Array.isArray(idpOrOptions)) {\n const oidcIssuer = idpOrOptions.oidcIssuer ?? idpOrOptions.idp ?? idpOrOptions.issuer\n const redirectUrl = idpOrOptions.redirectUrl ?? idpOrOptions.redirect_uri ?? idpOrOptions.redirectUri\n if (typeof oidcIssuer === 'string' && typeof redirectUrl === 'string') {\n return originalLogin(await resolveIssuerForLogin(oidcIssuer), redirectUrl)\n }\n }\n if (typeof idpOrOptions === 'string') {\n return originalLogin(await resolveIssuerForLogin(idpOrOptions), redirectUri)\n }\n return originalLogin(idpOrOptions, redirectUri)\n }\n sessionAny.login = compatLogin as LoginCompat\n}\n\n// ---------------------------------------------------------------------------\n// Legacy event layer\n// ---------------------------------------------------------------------------\n\nconst events = new SessionEvents()\n\n// Emit the legacy 'logout' event when the session transitions from active to inactive.\n// 'login' and 'sessionRestore' are emitted in SolidAuthnLogic.checkUser()\n// because only that call site knows which path activated the session.\nlet _wasActive = (_session as any).isActive ?? Boolean((_session as any).webId)\nif (typeof (_session as unknown as EventTarget).addEventListener === 'function') {\n ;(_session as unknown as EventTarget).addEventListener('sessionStateChange', () => {\n const isNowActive = (_session as any).isActive ?? Boolean((_session as any).webId)\n if (_wasActive && !isNowActive) {\n events.emit('logout')\n }\n _wasActive = isNowActive\n })\n}\n\nexport const authSession: SessionWithLegacyEvents = Object.assign(\n _session as Omit<OidcSession, 'login'> & { login: LoginCompat },\n { events }\n)\n ","// Namespaces we commonly use and have common prefixes for around Solid\nimport solidNamespace from 'solid-namespace' // Delegate to this which takes RDFlib as param.\nimport * as $rdf from 'rdflib'\n\nexport const ns = solidNamespace($rdf)","import { graph, NamedNode, Namespace, serialize, sym } from 'rdflib'\nimport { AclLogic } from '../types'\nimport { ns as namespace } from '../util/ns'\n\n\nexport const ACL_LINK = sym(\n 'http://www.iana.org/assignments/link-relations/acl'\n)\n\nexport function createAclLogic(store): AclLogic {\n\n const ns = namespace\n \n async function findAclDocUrl(url: NamedNode) {\n await store.fetcher.load(url)\n const docNode = store.any(url, ACL_LINK)\n if (!docNode) {\n throw new Error(`No ACL link discovered for ${url}`)\n }\n return docNode.value\n }\n /**\n * Simple Access Control\n *\n * This function sets up a simple default ACL for a resource, with\n * RWC for the owner, and a specified access (default none) for the public.\n * In all cases owner has read write control.\n * Parameter lists modes allowed to public\n *\n * @param options\n * @param options.public eg ['Read', 'Write']\n *\n * @returns Resolves with aclDoc uri on successful write\n */\n function setACLUserPublic ( \n docURI: string,\n me: NamedNode,\n options: {\n defaultForNew?: boolean,\n public?: []\n }\n ): Promise<NamedNode> {\n const aclDoc = store.any(\n store.sym(docURI),\n ACL_LINK\n )\n\n return Promise.resolve()\n .then(() => {\n if (aclDoc) {\n return aclDoc as NamedNode\n }\n\n return fetchACLRel(docURI).catch(err => {\n throw new Error(`Error fetching rel=ACL header for ${docURI}: ${err}`)\n })\n })\n .then(aclDoc => {\n const aclText = genACLText(docURI, me, aclDoc.uri, options)\n if (!store.fetcher) {\n throw new Error('Cannot PUT this, store has no fetcher')\n }\n return store.fetcher\n .webOperation('PUT', aclDoc.uri, {\n data: aclText,\n contentType: 'text/turtle'\n })\n .then(result => {\n if (!result.ok) {\n throw new Error('Error writing ACL text: ' + result.error)\n }\n\n return aclDoc\n })\n })\n }\n\n /**\n * @param docURI\n * @returns\n */\n function fetchACLRel (docURI: string): Promise<NamedNode> {\n const fetcher = store.fetcher\n if (!fetcher) {\n throw new Error('Cannot fetch ACL rel, store has no fetcher')\n }\n\n return fetcher.load(docURI).then(result => {\n if (!result.ok) {\n throw new Error('fetchACLRel: While loading:' + (result as any).error)\n }\n\n const aclDoc = store.any(\n store.sym(docURI),\n ACL_LINK\n )\n\n if (!aclDoc) {\n throw new Error('fetchACLRel: No Link rel=ACL header for ' + docURI)\n }\n\n return aclDoc as NamedNode\n })\n }\n\n /**\n * @param docURI\n * @param me\n * @param aclURI\n * @param options\n *\n * @returns Serialized ACL\n */\n function genACLText (\n docURI: string,\n me: NamedNode,\n aclURI: string,\n options: {\n defaultForNew?: boolean,\n public?: []\n } = {}\n ): string | undefined {\n const optPublic = options.public || []\n const g = graph()\n const auth = Namespace('http://www.w3.org/ns/auth/acl#')\n let a = g.sym(`${aclURI}#a1`)\n const acl = g.sym(aclURI)\n const doc = g.sym(docURI)\n g.add(a, ns.rdf('type'), auth('Authorization'), acl)\n g.add(a, auth('accessTo'), doc, acl)\n if (options.defaultForNew) {\n g.add(a, auth('default'), doc, acl)\n }\n g.add(a, auth('agent'), me, acl)\n g.add(a, auth('mode'), auth('Read'), acl)\n g.add(a, auth('mode'), auth('Write'), acl)\n g.add(a, auth('mode'), auth('Control'), acl)\n\n if (optPublic.length) {\n a = g.sym(`${aclURI}#a2`)\n g.add(a, ns.rdf('type'), auth('Authorization'), acl)\n g.add(a, auth('accessTo'), doc, acl)\n g.add(a, auth('agentClass'), ns.foaf('Agent'), acl)\n for (let p = 0; p < optPublic.length; p++) {\n g.add(a, auth('mode'), auth(optPublic[p]), acl) // Like 'Read' etc\n }\n }\n return serialize(acl, g, aclURI)\n }\n return {\n findAclDocUrl,\n setACLUserPublic,\n genACLText\n }\n}","import { NamedNode, sym } from 'rdflib'\nimport * as debug from '../util/debug'\n\n/**\n * find a user or app's context as set in window.SolidAppContext\n * this is a const, not a function, because we have problems to jest mock it otherwise\n * see: https://github.com/facebook/jest/issues/936#issuecomment-545080082 for more\n * @return {any} - an appContext object\n */\nexport const appContext = ():any => {\n let { SolidAppContext }: any = window\n SolidAppContext ||= {}\n SolidAppContext.viewingNoAuthPage = false\n if (SolidAppContext.noAuth && window.document) {\n const currentPage = window.document.location.href\n if (currentPage.startsWith(SolidAppContext.noAuth)) {\n SolidAppContext.viewingNoAuthPage = true\n const params = new URLSearchParams(window.document.location.search)\n if (params) {\n let viewedPage = SolidAppContext.viewedPage = params.get('uri') || null\n if (viewedPage) {\n viewedPage = decodeURI(viewedPage)\n if (!viewedPage.startsWith(SolidAppContext.noAuth)) {\n const ary = viewedPage.split(/\\//)\n SolidAppContext.idp = ary[0] + '//' + ary[2]\n SolidAppContext.viewingNoAuthPage = false\n }\n }\n }\n }\n }\n return SolidAppContext\n}\n\n/**\n * Returns `sym($SolidTestEnvironment.username)` if\n * `$SolidTestEnvironment.username` is defined as a global\n * or \n * returns testID defined in the HTML page\n * @returns {NamedNode|null}\n */\nexport function offlineTestID (): NamedNode | null {\n const { $SolidTestEnvironment }: any = window\n if (\n typeof $SolidTestEnvironment !== 'undefined' &&\n $SolidTestEnvironment.username\n ) {\n // Test setup\n debug.log('Assuming the user is ' + $SolidTestEnvironment.username)\n return sym($SolidTestEnvironment.username)\n }\n // hack that makes SolidOS work in offline mode by adding the webId directly in html\n // example usage: https://github.com/solidos/mashlib/blob/29b8b53c46bf02e0e219f0bacd51b0e9951001dd/test/contact/local.html#L37\n if (\n typeof document !== 'undefined' &&\n document.location &&\n ('' + document.location).slice(0, 16) === 'http://localhost'\n ) {\n const div = document.getElementById('appTarget')\n if (!div) return null\n const id = div.getAttribute('testID')\n if (!id) return null\n debug.log('Assuming user is ' + id)\n return sym(id)\n }\n return null\n}\n","import { namedNode, NamedNode, sym } from 'rdflib'\nimport { appContext, offlineTestID } from './authUtil'\nimport * as debug from '../util/debug'\nimport type { SessionWithLegacyEvents } from '../authSession/authSession'\nimport type { AuthenticationContext, AuthnLogic } from '../types'\n\nexport class SolidAuthnLogic implements AuthnLogic {\n private session: SessionWithLegacyEvents\n private checkUserInFlight: Promise<NamedNode | null> | null = null\n private sessionRestoreHookAttached = false\n private fallbackWebId: string | null = null\n\n constructor(solidAuthSession: SessionWithLegacyEvents) {\n this.session = solidAuthSession\n }\n\n // we created authSession getter because we want to access it as authn.authSession externally\n get authSession(): SessionWithLegacyEvents { return this.session }\n\n currentUser(): NamedNode | null {\n const app = appContext()\n if (app.viewingNoAuthPage) {\n return sym(app.webId)\n }\n const sessionAny = this.session as any\n const infoWebId = sessionAny?.info?.webId\n const sessionWebId = sessionAny?.webId\n const webId = infoWebId || sessionWebId || this.fallbackWebId\n const infoLoggedIn = sessionAny?.info?.isLoggedIn\n const sessionActive = sessionAny?.isActive\n const isLoggedIn = infoLoggedIn === true || sessionActive === true ||\n ((infoLoggedIn == null && sessionActive == null) ? Boolean(webId) : false) ||\n Boolean(this.fallbackWebId)\n if (this && this.session && webId && isLoggedIn) {\n return sym(webId)\n }\n return offlineTestID() // null unless testing\n }\n\n /**\n * Retrieves currently logged in webId from either\n * defaultTestUser or SolidAuth\n * Also activates a session after login\n * @param [setUserCallback] Optional callback\n * @returns Resolves with webId uri, if no callback provided\n */\n async checkUser<T> (\n setUserCallback?: (me: NamedNode | null) => T\n ): Promise<NamedNode | T | null> {\n // Save hash for \"restorePreviousSession\"\n const preLoginRedirectHash = new URL(window.location.href).hash\n if (preLoginRedirectHash) {\n window.localStorage.setItem('preLoginRedirectHash', preLoginRedirectHash)\n }\n const sessionAny = this.session as any\n if (!this.sessionRestoreHookAttached && typeof sessionAny?.events?.on === 'function') {\n // Backward-compatible hook for auth clients exposing an EventEmitter-style API.\n sessionAny.events.on('sessionRestore', (url: string) => {\n debug.log(`Session restored to ${url}`)\n if (document.location.toString() !== url) history.replaceState(null, '', url)\n })\n this.sessionRestoreHookAttached = true\n }\n\n if (!this.checkUserInFlight) {\n this.checkUserInFlight = this.resolveCurrentUser()\n }\n\n const inFlight = this.checkUserInFlight\n let me: NamedNode | null\n try {\n me = await inFlight\n } finally {\n if (this.checkUserInFlight === inFlight) {\n this.checkUserInFlight = null\n }\n }\n\n return Promise.resolve(setUserCallback ? setUserCallback(me) : me)\n }\n\n private async resolveCurrentUser (): Promise<NamedNode | null> {\n const sessionAny = this.session as any\n\n /**\n * Handle a successful authentication redirect\n */\n const redirectUrl = new URL(window.location.href)\n redirectUrl.hash = ''\n if (typeof sessionAny?.handleIncomingRedirect === 'function') {\n await sessionAny.handleIncomingRedirect({\n restorePreviousSession: true,\n url: redirectUrl.href\n })\n } else {\n if (typeof sessionAny?.restore === 'function') {\n const wasActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)\n try {\n await sessionAny.restore()\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error)\n if (!/no session to restore/i.test(message)) {\n throw error\n }\n debug.log('No previous session to restore')\n }\n const isNowActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)\n if (!wasActive && isNowActive) {\n sessionAny.events?.emit('sessionRestore', window.location.href)\n }\n }\n if (typeof sessionAny?.handleRedirectFromLogin === 'function') {\n const wasActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)\n await sessionAny.handleRedirectFromLogin()\n const isNowActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)\n if (!wasActive && isNowActive) {\n sessionAny.events?.emit('login')\n }\n }\n }\n\n // Check to see if a hash was stored in local storage\n const postLoginRedirectHash = window.localStorage.getItem('preLoginRedirectHash')\n if (postLoginRedirectHash) {\n const curUrl = new URL(window.location.href)\n if (curUrl.hash !== postLoginRedirectHash) {\n if (history.pushState) {\n // debug.log('Setting window.location.has using pushState')\n history.pushState(null, document.title, postLoginRedirectHash)\n } else {\n // debug.warn('Setting window.location.has using location.hash')\n location.hash = postLoginRedirectHash\n }\n curUrl.hash = postLoginRedirectHash\n }\n // See https://stackoverflow.com/questions/3870057/how-can-i-update-window-location-hash-without-jumping-the-document\n // window.location.href = curUrl.toString()// @@ See https://developer.mozilla.org/en-US/docs/Web/API/Window/location\n window.localStorage.setItem('preLoginRedirectHash', '')\n }\n\n // Check to see if already logged in / have the WebID\n let me = offlineTestID()\n if (me) {\n return me\n }\n\n let webId = this.webIdFromSession(sessionAny?.info, sessionAny)\n if (!webId) {\n // NSS-specific fallback: recover WebID from NSS cookie session when client restore is empty.\n webId = await this.probeNssCookieBackedWebId()\n }\n\n if (webId) {\n this.fallbackWebId = webId\n } else {\n this.fallbackWebId = null\n }\n\n if (webId) {\n me = this.saveUser(webId)\n }\n\n if (me) {\n debug.log(`(Logged in as ${me} by authentication)`)\n }\n\n return me\n }\n\n private async probeNssCookieBackedWebId (): Promise<string | null> {\n if (typeof window === 'undefined') {\n return null\n }\n\n const { hostname, port, protocol } = window.location\n const localhostSuffix = '.localhost'\n // NSS local pods use subdomains like alice.localhost.\n if (!hostname.endsWith(localhostSuffix)) {\n return null\n }\n\n const podName = hostname.slice(0, -localhostSuffix.length)\n if (!podName || podName === 'localhost' || podName.includes('.')) {\n return null\n }\n\n try {\n // NSS returns 403 on this account page when the cookie session is valid.\n const probeResponse = await fetch('/account/password/change', {\n credentials: 'include',\n redirect: 'manual',\n cache: 'no-store'\n })\n if (probeResponse.status !== 403) {\n return null\n }\n const origin = `${protocol}//${hostname}${port ? `:${port}` : ''}`\n return `${origin}/profile/card#me`\n } catch (_error) {\n return null\n }\n }\n\n /**\n * Saves `webId` in `context.me`\n * @param webId\n * @param context\n *\n * @returns Returns the WebID, after setting it\n */\n saveUser (\n webId: NamedNode | string | null,\n context?: AuthenticationContext\n ): NamedNode | null {\n let webIdUri: string\n if (webId) {\n webIdUri = (typeof webId === 'string') ? webId : webId.uri\n const me = namedNode(webIdUri)\n if (context) {\n context.me = me\n }\n return me\n }\n return null\n }\n\n /**\n * @returns {Promise<string|null>} Resolves with WebID URI or null\n */\n webIdFromSession (\n sessionInfo?: { webId?: string, isLoggedIn?: boolean },\n sessionRoot?: { webId?: string, isLoggedIn?: boolean, isActive?: boolean }\n ): string | null {\n const webId = sessionInfo?.webId || sessionRoot?.webId\n if (!webId) {\n return null\n }\n const infoLoggedIn = sessionInfo?.isLoggedIn\n const rootLoggedIn = sessionRoot?.isLoggedIn\n const rootActive = sessionRoot?.isActive\n if (infoLoggedIn === true || rootLoggedIn === true || rootActive === true) {\n return webId\n }\n if (infoLoggedIn === false && rootLoggedIn === false && rootActive === false) {\n return null\n }\n return webId\n }\n\n}\n","import { NamedNode, sym } from 'rdflib'\n\nexport function newThing(doc: NamedNode): NamedNode {\n return sym(doc.uri + '#' + 'id' + ('' + Date.now()))\n}\n\nexport function uniqueNodes (arr: NamedNode[]): NamedNode[] {\n const uris = arr.map(x => x.uri)\n const set = new Set(uris)\n const uris2 = Array.from(set)\n const arr2 = uris2.map(u => new NamedNode(u))\n return arr2 // Array.from(new Set(arr.map(x => x.uri))).map(u => sym(u))\n}\n\nexport function getArchiveUrl(baseUrl: string, date: Date) {\n const year = date.getUTCFullYear()\n const month = ('0' + (date.getUTCMonth()+1)).slice(-2)\n const day = ('0' + (date.getUTCDate())).slice(-2)\n const parts = baseUrl.split('/')\n const filename = parts[parts.length -1 ]\n return new URL(`./archive/${year}/${month}/${day}/${filename}`, baseUrl).toString()\n}\n\nexport function differentOrigin(doc): boolean {\n if (!doc) {\n return true\n }\n return (\n `${window.location.origin}/` !== new URL(doc.value).origin\n )\n}\n\nexport function suggestPreferencesFile (me:NamedNode) {\n const stripped = me.uri.replace('/profile/', '/').replace('/public/', '/')\n // const stripped = me.uri.replace(\\/[p|P]rofile/\\g, '/').replace(\\/[p|P]ublic/\\g, '/')\n const folderURI = stripped.split('/').slice(0,-1).join('/') + '/settings/'\n const fileURI = folderURI + 'prefs.ttl'\n return sym(fileURI)\n}\n\nexport function determineChatContainer(\n invitee: NamedNode,\n podRoot: NamedNode\n): NamedNode {\n // Create chat\n // See https://gitter.im/solid/chat-app?at=5f3c800f855be416a23ae74a\n const chatContainerStr = new URL(\n `IndividualChats/${new URL(invitee.value).host}/`,\n podRoot.value\n ).toString()\n return new NamedNode(chatContainerStr)\n}\n","import { NamedNode, Node, st, term } from 'rdflib'\nimport { ChatLogic, CreatedPaneOptions, NewPaneOptions, Chat } from '../types'\nimport { ns as namespace } from '../util/ns'\nimport { determineChatContainer, newThing } from '../util/utils'\n\nconst CHAT_LOCATION_IN_CONTAINER = 'index.ttl#this'\n\nexport function createChatLogic(store, profileLogic): ChatLogic {\n const ns = namespace\n\n async function setAcl(\n chatContainer: NamedNode,\n me: NamedNode,\n invitee: NamedNode\n ): Promise<void> {\n // Some servers don't present a Link http response header\n // if the container doesn't exist yet, so refetch the container\n // now that it has been created:\n await store.fetcher.load(chatContainer)\n\n // FIXME: check the Why value on this quad:\n const chatAclDoc = store.any(\n chatContainer,\n new NamedNode('http://www.iana.org/assignments/link-relations/acl')\n )\n if (!chatAclDoc) {\n throw new Error('Chat ACL doc not found!')\n }\n\n const aclBody = `\n @prefix acl: <http://www.w3.org/ns/auth/acl#>.\n <#owner>\n a acl:Authorization;\n acl:agent <${me.value}>;\n acl:accessTo <.>;\n acl:default <.>;\n acl:mode\n acl:Read, acl:Write, acl:Control.\n <#invitee>\n a acl:Authorization;\n acl:agent <${invitee.value}>;\n acl:accessTo <.>;\n acl:default <.>;\n acl:mode\n acl:Read, acl:Append.\n `\n await store.fetcher.webOperation('PUT', chatAclDoc.value, {\n data: aclBody,\n contentType: 'text/turtle',\n })\n }\n\n async function addToPrivateTypeIndex(chatThing, me) {\n // Add to private type index\n const privateTypeIndex = store.any(\n me,\n ns.solid('privateTypeIndex')\n ) as NamedNode | null\n if (!privateTypeIndex) {\n throw new Error('Private type index not found!')\n }\n await store.fetcher.load(privateTypeIndex)\n const reg = newThing(privateTypeIndex)\n const ins = [\n st(\n reg,\n ns.rdf('type'),\n ns.solid('TypeRegistration'),\n privateTypeIndex.doc()\n ),\n st(\n reg,\n ns.solid('forClass'),\n ns.meeting('LongChat'),\n privateTypeIndex.doc()\n ),\n st(reg, ns.solid('instance'), chatThing, privateTypeIndex.doc()),\n ]\n await new Promise((resolve, reject) => {\n store.updater.update([], ins, function (_uri, ok, errm) {\n if (!ok) {\n reject(new Error(errm))\n } else {\n resolve(null)\n }\n })\n })\n }\n\n async function findChat(invitee: NamedNode): Promise<Chat> {\n const me = await profileLogic.loadMe()\n const podRoot = await profileLogic.getPodRoot(me)\n const chatContainer = determineChatContainer(invitee, podRoot)\n let exists = true\n try {\n await store.fetcher.load(\n new NamedNode(chatContainer.value + 'index.ttl#this')\n )\n } catch (e) {\n exists = false\n }\n return { me, chatContainer, exists }\n }\n\n async function createChatThing(\n chatContainer: NamedNode,\n me: NamedNode\n ): Promise<NamedNode> {\n const created = await mintNew({\n me,\n newBase: chatContainer.value,\n })\n return created.newInstance\n }\n\n function mintNew(newPaneOptions: NewPaneOptions): Promise<CreatedPaneOptions> {\n const kb = store\n const updater = kb.updater\n if (newPaneOptions.me && !newPaneOptions.me.uri) {\n throw new Error('chat mintNew: Invalid userid ' + newPaneOptions.me)\n }\n\n const newInstance = (newPaneOptions.newInstance =\n newPaneOptions.newInstance ||\n kb.sym(newPaneOptions.newBase + CHAT_LOCATION_IN_CONTAINER))\n const newChatDoc = newInstance.doc()\n\n kb.add(\n newInstance,\n ns.rdf('type'),\n ns.meeting('LongChat'),\n newChatDoc\n )\n kb.add(newInstance, ns.dc('title'), 'Chat channel', newChatDoc)\n kb.add(\n newInstance,\n ns.dc('created'),\n term<Node>(new Date(Date.now())),\n newChatDoc\n )\n if (newPaneOptions.me) {\n kb.add(newInstance, ns.dc('author'), newPaneOptions.me, newChatDoc)\n }\n\n return new Promise(function (resolve, reject) {\n updater?.put(\n newChatDoc,\n kb.statementsMatching(undefined, undefined, undefined, newChatDoc),\n 'text/turtle',\n function (uri2, ok, message) {\n if (ok) {\n resolve({\n ...newPaneOptions,\n newInstance,\n })\n } else {\n reject(\n new Error(\n 'FAILED to save new chat channel at: ' + uri2 + ' : ' + message\n )\n )\n }\n }\n )\n })\n }\n\n /**\n * Find (and optionally create) an individual chat between the current user and the given invitee\n * @param invitee - The person to chat with\n * @param createIfMissing - Whether the chat should be created, if missing\n * @returns null if missing, or a node referring to an already existing chat, or the newly created chat\n */\n async function getChat(\n invitee: NamedNode,\n createIfMissing = true\n ): Promise<NamedNode | null> {\n const { me, chatContainer, exists } = await findChat(invitee)\n if (exists) {\n return new NamedNode(chatContainer.value + CHAT_LOCATION_IN_CONTAINER)\n }\n\n if (createIfMissing) {\n const chatThing = await createChatThing(chatContainer, me)\n await sendInvite(invitee, chatThing)\n await setAcl(chatContainer, me, invitee)\n await addToPrivateTypeIndex(chatThing, me)\n return chatThing\n }\n return null\n }\n\n async function sendInvite(invitee: NamedNode, chatThing: NamedNode) {\n await store.fetcher.load(invitee.doc())\n const inviteeInbox = store.any(\n invitee,\n ns.ldp('inbox'),\n undefined,\n invitee.doc()\n )\n if (!inviteeInbox) {\n throw new Error(`Invitee inbox not found! ${invitee.value}`)\n }\n const inviteBody = `\n <> a <http://www.w3.org/ns/pim/meeting#LongChatInvite> ;\n ${ns.rdf('seeAlso')} <${chatThing.value}> .\n `\n\n const inviteResponse = await store.fetcher?.webOperation(\n 'POST',\n inviteeInbox.value,\n {\n data: inviteBody,\n contentType: 'text/turtle',\n }\n )\n const locationStr = inviteResponse?.headers.get('location')\n if (!locationStr) {\n throw new Error(`Invite sending returned a ${inviteResponse?.status}`)\n }\n }\n return {\n setAcl, addToPrivateTypeIndex, findChat, createChatThing, getChat, sendInvite, mintNew\n }\n}\n","import { NamedNode } from 'rdflib'\nimport { InboxLogic } from '../types'\nimport { getArchiveUrl } from '../util/utils'\n\nexport function createInboxLogic(store, profileLogic, utilityLogic, containerLogic, aclLogic): InboxLogic {\n\n async function createInboxFor(peerWebId: string, nick: string) {\n const myWebId: NamedNode = await profileLogic.loadMe()\n const podRoot: NamedNode = await profileLogic.getPodRoot(myWebId)\n const ourInbox = `${podRoot.value}p2p-inboxes/${encodeURIComponent(nick)}/`\n await containerLogic.createContainer(ourInbox)\n // const aclDocUrl = await aclLogic.findAclDocUrl(ourInbox);\n await utilityLogic.setSinglePeerAccess({\n ownerWebId: myWebId.value,\n peerWebId,\n accessToModes: 'acl:Append',\n target: ourInbox\n })\n return ourInbox\n }\n\n async function getNewMessages(\n user?: NamedNode\n ): Promise<NamedNode[]> {\n if (!user) {\n user = await profileLogic.loadMe()\n }\n const inbox = await profileLogic.getMainInbox(user)\n const urls = await containerLogic.getContainerMembers(inbox)\n return urls.filter(url => !containerLogic.isContainer(url))\n }\n\n async function markAsRead(url: string, date: Date) {\n const downloaded = await store.fetcher._fetch(url)\n if (downloaded.status !== 200) {\n throw new Error(`Not OK! ${url}`)\n }\n const archiveUrl = getArchiveUrl(url, date)\n const options = {\n method: 'PUT',\n body: await downloaded.text(),\n headers: [\n ['Content-Type', downloaded.headers.get('Content-Type') || 'application/octet-stream']\n ]\n }\n const uploaded = await store.fetcher._fetch(archiveUrl, options)\n if (uploaded.status.toString()[0] === '2') {\n await store.fetcher._fetch(url, {\n method: 'DELETE'\n })\n }\n }\n return {\n createInboxFor,\n getNewMessages,\n markAsRead\n }\n}\n","class CustomError extends Error {\n constructor(message?: string) {\n super(message)\n // see: typescriptlang.org/docs/handbook/release-notes/typescript-2-2.html\n Object.setPrototypeOf(this, new.target.prototype) // restore prototype chain\n this.name = new.target.name // stack traces display correctly now\n }\n}\n\nexport class UnauthorizedError extends CustomError {}\n\nexport class CrossOriginForbiddenError extends CustomError {}\n\nexport class SameOriginForbiddenError extends CustomError {}\n\nexport class NotFoundError extends CustomError {}\n\nexport class NotEditableError extends CustomError { }\n\nexport class WebOperationError extends CustomError {}\n\nexport class FetchError extends CustomError {\n status: number\n\n constructor(status: number, message?: string) {\n super(message)\n this.status = status\n }\n}","export function publicTypeIndexDocument(): string {\n return [\n '@prefix solid: <http://www.w3.org/ns/solid/terms#>.',\n '<>',\n ' a solid:TypeIndex ;',\n ' a solid:ListedDocument.'\n ].join('\\n')\n}\n\nexport function privateTypeIndexDocument(): string {\n return [\n '@prefix solid: <http://www.w3.org/ns/solid/terms#>.',\n '<>',\n ' a solid:TypeIndex ;',\n ' a solid:UnlistedDocument.'\n ].join('\\n')\n}","export function publicTypeIndexAclDocument(webId: string, publicTypeIndexUri: string): string {\n const fileName = new URL(publicTypeIndexUri).pathname.split('/').pop() || 'publicTypeIndex.ttl'\n return [\n '# ACL resource for the Public Type Index',\n '',\n '@prefix acl: <http://www.w3.org/ns/auth/acl#>.',\n '@prefix foaf: <http://xmlns.com/foaf/0.1/>.',\n '',\n '<#owner>',\n ' a acl:Authorization;',\n '',\n ' acl:agent',\n ` <${webId}>;`,\n '',\n ` acl:accessTo <./${fileName}>;`,\n '',\n ' acl:mode',\n ' acl:Read, acl:Write, acl:Control.',\n '',\n '# Public-readable',\n '<#public>',\n ' a acl:Authorization;',\n '',\n ' acl:agentClass foaf:Agent;',\n '',\n ` acl:accessTo <./${fileName}>;`,\n '',\n ' acl:mode acl:Read.'\n ].join('\\n')\n}\n","export function preferencesFileDocument(): string {\n return [\n '@prefix dct: <http://purl.org/dc/terms/>.',\n '@prefix pim: <http://www.w3.org/ns/pim/space#>.',\n '@prefix solid: <http://www.w3.org/ns/solid/terms#>.',\n '<>',\n ' a pim:ConfigurationFile ;',\n ' dct:title \"Preferences file\".'\n ].join('\\n')\n}\n","export function ownerOnlyContainerAclDocument(webId: string): string {\n return [\n '@prefix acl: <http://www.w3.org/ns/auth/acl#>.',\n '',\n '<#owner>',\n 'a acl:Authorization;',\n `acl:agent <${webId}>;`,\n 'acl:accessTo <./>;',\n 'acl:default <./>;',\n 'acl:mode acl:Read, acl:Write, acl:Control.'\n ].join('\\n')\n}\n","import { NamedNode, Statement, sym } from 'rdflib'\n\n/**\n * Container-related class\n */\nexport function createContainerLogic(store) {\n\n function getContainerElements(containerNode: NamedNode): NamedNode[] {\n return store\n .statementsMatching(\n containerNode,\n sym('http://www.w3.org/ns/ldp#contains'),\n undefined\n )\n .map((st: Statement) => st.object as NamedNode)\n }\n\n function isContainer(url: NamedNode) {\n const nodeToString = url.value\n return nodeToString.charAt(nodeToString.length - 1) === '/'\n }\n\n async function createContainer(url: string) {\n const stringToNode = sym(url)\n if (!isContainer(stringToNode)) {\n throw new Error(`Not a container URL ${url}`)\n }\n // Copied from https://github.com/solidos/solid-crud-tests/blob/v3.1.0/test/surface/create-container.test.ts#L56-L64\n const result = await store.fetcher._fetch(url, {\n method: 'PUT',\n headers: {\n 'Content-Type': 'text/turtle',\n 'If-None-Match': '*',\n Link: '<http://www.w3.org/ns/ldp#BasicContainer>; rel=\"type\"', // See https://github.com/solidos/node-solid-server/issues/1465\n },\n body: ' ', // work around https://github.com/michielbdejong/community-server/issues/4#issuecomment-776222863\n })\n // Treat 409 as idempotent success: another process/request already created the container.\n if (result.status === 409) {\n return\n }\n if (result.status.toString()[0] !== '2') {\n throw new Error(`Not OK: got ${result.status} response while creating container at ${url}`)\n }\n }\n\n async function getContainerMembers(containerUrl: NamedNode): Promise<NamedNode[]> {\n await store.fetcher.load(containerUrl)\n return getContainerElements(containerUrl)\n }\n return {\n isContainer,\n createContainer,\n getContainerElements,\n getContainerMembers\n }\n}","import { literal, NamedNode, st, sym } from 'rdflib'\nimport { ACL_LINK } from '../acl/aclLogic'\nimport { CrossOriginForbiddenError, FetchError, NotEditableError, SameOriginForbiddenError, UnauthorizedError, WebOperationError } from '../logic/CustomError'\nimport * as debug from '../util/debug'\nimport { ns as namespace } from '../util/ns'\nimport { privateTypeIndexDocument, publicTypeIndexDocument } from '../typeIndex/typeIndexDocuments'\nimport { publicTypeIndexAclDocument } from '../typeIndex/typeIndexAclDocuments'\nimport { preferencesFileDocument } from './profileDocuments'\nimport { ownerOnlyContainerAclDocument } from './profileAclDocuments'\nimport { createContainerLogic } from '../util/containerLogic'\nimport { differentOrigin, suggestPreferencesFile } from '../util/utils'\nimport { ProfileLogic } from '../types'\n\nexport function createProfileLogic(store, authn, utilityLogic): ProfileLogic {\n const ns = namespace\n const containerLogic = createContainerLogic(store)\n const loadPreferencesInFlight = new Map<string, Promise<NamedNode>>()\n const cachedPreferencesFileByWebId = new Map<string, NamedNode>()\n\n function isAbsoluteHttpUri(uri: string | null | undefined): boolean {\n return !!uri && (uri.startsWith('https://') || uri.startsWith('http://'))\n }\n\n function docDirUri(node: NamedNode): string | null {\n const doc = node.doc()\n const dir = doc.dir()\n if (dir?.uri && isAbsoluteHttpUri(dir.uri)) return dir.uri\n const docUri = doc.uri\n if (!docUri || !isAbsoluteHttpUri(docUri)) return null\n const withoutFragment = docUri.split('#')[0]\n const lastSlash = withoutFragment.lastIndexOf('/')\n if (lastSlash === -1) return null\n return withoutFragment.slice(0, lastSlash + 1)\n }\n\n function suggestTypeIndexInPreferences(preferencesFile: NamedNode, filename: string): NamedNode {\n const dirUri = docDirUri(preferencesFile)\n if (!dirUri) throw new Error(`Cannot derive directory for preferences file ${preferencesFile.uri}`)\n return sym(dirUri + filename)\n }\n\n function isNotFoundError(err: any): boolean {\n if (err?.response?.status === 404) return true\n const text = `${err?.message || err || ''}`\n return text.includes('404') || text.includes('Not Found')\n }\n\n async function ensureContainerExists(containerUri: string): Promise<void> {\n const containerNode = sym(containerUri)\n try {\n await store.fetcher.load(containerNode)\n return\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n await containerLogic.createContainer(containerUri)\n }\n\n async function ensureOwnerOnlyAclForSettings(user: NamedNode, preferencesFile: NamedNode): Promise<void> {\n const dirUri = docDirUri(preferencesFile)\n if (!dirUri) throw new Error(`Cannot derive settings directory from ${preferencesFile.uri}`)\n await ensureContainerExists(dirUri)\n\n const containerNode = sym(dirUri)\n let aclDocUri: string | undefined\n try {\n await store.fetcher.load(containerNode)\n aclDocUri = store.any(containerNode, ACL_LINK)?.value\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n if (!aclDocUri) {\n // Fallback for servers/tests where rel=acl is not exposed in mocked headers.\n aclDocUri = `${dirUri}.acl`\n }\n const aclDoc = sym(aclDocUri)\n try {\n await store.fetcher.load(aclDoc)\n return\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n\n await store.fetcher.webOperation('PUT', aclDoc.uri, {\n data: ownerOnlyContainerAclDocument(user.uri),\n contentType: 'text/turtle'\n })\n }\n\n async function ensurePublicTypeIndexAclOnCreate(user: NamedNode, publicTypeIndex: NamedNode, ensureAcl = false): Promise<void> {\n const created = await utilityLogic.loadOrCreateWithContentOnCreate(publicTypeIndex, publicTypeIndexDocument())\n if (!created && !ensureAcl) return\n\n let aclDocUri: string | undefined\n try {\n await store.fetcher.load(publicTypeIndex)\n aclDocUri = store.any(publicTypeIndex, ACL_LINK)?.value\n } catch (err) {\n if (!isNotFoundError(err)) throw err\n }\n if (!aclDocUri) {\n aclDocUri = `${publicTypeIndex.uri}.acl`\n }\n\n const aclDoc = sym(aclDocUri)\n try {\n await store.fetcher.webOperation('PUT', aclDoc.uri, {\n data: publicTypeIndexAclDocument(user.uri, publicTypeIndex.uri),\n contentType: 'text/turtle',\n headers: { 'If-None-Match': '*' }\n })\n } catch (err: any) {\n const status = err?.response?.status ?? err?.status\n if (status !== 412) throw err\n }\n }\n\n async function ensurePrivateTypeIndexOnCreate(privateTypeIndex: NamedNode): Promise<void> {\n await utilityLogic.loadOrCreateWithContentOnCreate(privateTypeIndex, privateTypeIndexDocument())\n }\n\n async function initializePreferencesDefaults(user: NamedNode, preferencesFile: NamedNode): Promise<void> {\n const preferencesDoc = preferencesFile.doc() as NamedNode\n const profileDoc = user.doc() as NamedNode\n await store.fetcher.load(preferencesDoc)\n\n const profilePublicTypeIndex =\n (store.any(user, ns.solid('publicTypeIndex'), null, profileDoc) as NamedNode | null)\n const preferencesPublicTypeIndex =\n (store.any(user, ns.solid('publicTypeIndex'), null, preferencesDoc) as NamedNode | null)\n const publicTypeIndex =\n profilePublicTypeIndex ||\n preferencesPublicTypeIndex ||\n suggestTypeIndexInPreferences(preferencesFile, 'publicTypeIndex.ttl')\n const privateTypeIndex =\n (store.any(user, ns.solid('privateTypeIndex'), null, preferencesDoc) as NamedNode | null) ||\n suggestTypeIndexInPreferences(preferencesFile, 'privateTypeIndex.ttl')\n\n // Keep discovery consistent with typeIndexLogic, which resolves publicTypeIndex from the profile doc.\n const createdProfilePublicTypeIndexLink = !profilePublicTypeIndex\n if (createdProfilePublicTypeIndexLink) {\n await utilityLogic.followOrCreateLinkWithContentOnCreate(\n user,\n ns.solid('publicTypeIndex') as NamedNode,\n publicTypeIndex,\n profileDoc,\n publicTypeIndexDocument()\n )\n }\n\n const toInsert: any[] = []\n if (!store.holds(preferencesDoc, ns.rdf('type'), ns.space('ConfigurationFile'), preferencesDoc)) {\n toInsert.push(st(preferencesDoc, ns.rdf('type'), ns.space('ConfigurationFile'), preferencesDoc))\n }\n if (!store.holds(preferencesDoc, ns.dct('title'), undefined, preferencesDoc)) {\n toInsert.push(st(preferencesDoc, ns.dct('title'), literal('Preferences file'), preferencesDoc))\n }\n if (!store.holds(user, ns.solid('publicTypeIndex'), publicTypeIndex, preferencesDoc)) {\n toInsert.push(st(user, ns.solid('publicTypeIndex'), publicTypeIndex, preferencesDoc))\n }\n if (!store.holds(user, ns.solid('privateTypeIndex'), privateTypeIndex, preferencesDoc)) {\n toInsert.push(st(user, ns.solid('privateTypeIndex'), privateTypeIndex, preferencesDoc))\n }\n\n if (toInsert.length > 0) {\n await store.updater.update([], toInsert)\n await store.fetcher.load(preferencesDoc)\n }\n\n await ensurePublicTypeIndexAclOnCreate(user, publicTypeIndex, createdProfilePublicTypeIndexLink)\n await ensurePrivateTypeIndexOnCreate(privateTypeIndex)\n }\n\n async function ensurePreferencesDocExists(preferencesFile: NamedNode): Promise<boolean> {\n try {\n const created = await utilityLogic.loadOrCreateWithContentOnCreate(preferencesFile, preferencesFileDocument())\n if (created) {\n return true\n }\n return false\n } catch (err) {\n if (err.response?.status === 401) {\n throw new UnauthorizedError()\n }\n if (err.response?.status === 403) {\n if (differentOrigin(preferencesFile)) {\n throw new CrossOriginForbiddenError()\n }\n throw new SameOriginForbiddenError()\n }\n throw err\n }\n }\n\n /**\n * loads the preference without throwing errors - if it can create it it does so.\n * remark: it still throws error if it cannot load profile.\n * @param user\n * @returns undefined if preferenceFile cannot be returned or NamedNode if it can find it or create it\n */\n async function silencedLoadPreferences(user: NamedNode): Promise <NamedNode | undefined> {\n try {\n return await loadPreferences(user)\n } catch (err) {\n return undefined\n }\n }\n\n /**\n * loads the preference without returning different errors if it cannot create or load it.\n * remark: it also throws error if it cannot load profile.\n * @param user\n * @returns undefined if preferenceFile cannot be an Error or NamedNode if it can find it or create it\n */\n async function loadPreferences (user: NamedNode): Promise <NamedNode> {\n const cachedPreferencesFile = cachedPreferencesFileByWebId.get(user.uri)\n if (cachedPreferencesFile) {\n return cachedPreferencesFile\n }\n\n const inFlight = loadPreferencesInFlight.get(user.uri)\n if (inFlight) {\n return inFlight\n }\n\n const run = (async (): Promise<NamedNode> => {\n await loadProfile(user)\n\n const possiblePreferencesFile = suggestPreferencesFile(user)\n let preferencesFile\n try {\n const existingPreferencesFile = store.any(user, ns.space('preferencesFile'), null, user.doc()) as NamedNode | null\n if (existingPreferencesFile) {\n preferencesFile = existingPreferencesFile\n } else {\n preferencesFile = await utilityLogic.followOrCreateLink(user, ns.space('preferencesFile') as NamedNode, possiblePreferencesFile, user.doc())\n }\n\n await ensureOwnerOnlyAclForSettings(user, preferencesFile as NamedNode)\n await ensurePreferencesDocExists(preferencesFile as NamedNode)\n await initializePreferencesDefaults(user, preferencesFile as NamedNode)\n } catch (err) {\n const message = `User ${user} has no pointer in profile to preferences file.`\n debug.warn(message)\n // we are listing the possible errors\n if (err instanceof NotEditableError) { throw err }\n if (err instanceof WebOperationError) { throw err }\n if (err instanceof UnauthorizedError) { throw err }\n if (err instanceof CrossOriginForbiddenError) { throw err }\n if (err instanceof SameOriginForbiddenError) { throw err }\n if (err instanceof FetchError) { throw err }\n throw err\n }\n\n try {\n await store.fetcher.load(preferencesFile as NamedNode)\n } catch (err) { // Maybe a permission problem or origin problem\n const msg = `Unable to load preference of user ${user}: ${err}`\n if (err.response?.status === 404) {\n // Self-heal when a stale profile pointer references a missing preferences file.\n await ensureOwnerOnlyAclForSettings(user, preferencesFile as NamedNode)\n await ensurePreferencesDocExists(preferencesFile as NamedNode)\n await initializePreferencesDefaults(user, preferencesFile as NamedNode)\n await store.fetcher.load(preferencesFile as NamedNode)\n return preferencesFile as NamedNode\n }\n debug.warn(msg)\n if (err.response.status === 401) {\n throw new UnauthorizedError()\n }\n if (err.response.status === 403) {\n if (differentOrigin(preferencesFile)) {\n throw new CrossOriginForbiddenError()\n }\n throw new SameOriginForbiddenError()\n }\n /*if (err.response.status === 404) {\n throw new NotFoundError();\n }*/\n throw new Error(msg)\n }\n cachedPreferencesFileByWebId.set(user.uri, preferencesFile as NamedNode)\n return preferencesFile as NamedNode\n })()\n\n loadPreferencesInFlight.set(user.uri, run)\n try {\n return await run\n } finally {\n if (loadPreferencesInFlight.get(user.uri) === run) {\n loadPreferencesInFlight.delete(user.uri)\n }\n }\n }\n\n async function loadProfile (user: NamedNode):Promise <NamedNode> {\n if (!user) {\n throw new Error('loadProfile: no user given.')\n }\n try {\n await store.fetcher.load(user.doc())\n } catch (err) {\n throw new Error(`Unable to load profile of user ${user}: ${err}`)\n }\n return user.doc()\n }\n\n async function loadMe(): Promise<NamedNode> {\n const me = authn.currentUser()\n if (me === null) {\n throw new Error('Current user not found! Not logged in?')\n }\n await store.fetcher.load(me.doc())\n return me\n }\n\n function getPodRoot(user: NamedNode): NamedNode {\n const podRoot = findStorage(user)\n if (!podRoot) {\n throw new Error('User pod root not found!')\n }\n return podRoot as NamedNode\n }\n\n async function getMainInbox(user: NamedNode): Promise<NamedNode> {\n await store.fetcher.load(user)\n const mainInbox = store.any(user, ns.ldp('inbox'), undefined, user.doc())\n if (!mainInbox) {\n throw new Error('User main inbox not found!')\n }\n return mainInbox as NamedNode\n }\n\n function findStorage(me: NamedNode) {\n return store.any(me, ns.space('storage'), undefined, me.doc())\n }\n\n return {\n loadMe,\n getPodRoot,\n getMainInbox,\n findStorage,\n loadPreferences,\n loadProfile,\n silencedLoadPreferences\n }\n}\n","import { NamedNode, st, sym } from 'rdflib'\nimport { ScopedApp, TypeIndexLogic, TypeIndexScope } from '../types'\nimport * as debug from '../util/debug'\nimport { ns as namespace } from '../util/ns'\nimport { newThing } from '../util/utils'\nimport { privateTypeIndexDocument, publicTypeIndexDocument } from './typeIndexDocuments'\n\nexport function createTypeIndexLogic(store, authn, profileLogic, utilityLogic): TypeIndexLogic {\n const ns = namespace\n\n function isAbsoluteHttpUri(uri: string | null | undefined): boolean {\n return !!uri && (uri.startsWith('https://') || uri.startsWith('http://'))\n }\n\n function getRegistrations(instance, theClass) {\n return store\n .each(undefined, ns.solid('instance'), instance)\n .filter((r) => {\n return store.holds(r, ns.solid('forClass'), theClass)\n })\n }\n\n async function loadTypeIndexesFor(user: NamedNode): Promise<Array<TypeIndexScope>> {\n if (!user) throw new Error('loadTypeIndexesFor: No user given')\n const profile = await profileLogic.loadProfile(user)\n\n let suggestion: NamedNode | null = null\n try {\n suggestion = suggestPublicTypeIndex(user)\n } catch (err) {\n const message = `User ${user} has no usable profile document directory for publicTypeIndex.`\n debug.warn(message)\n }\n let publicTypeIndex\n try {\n const existingPublicTypeIndex = store.any(user, ns.solid('publicTypeIndex'), undefined, profile)\n if (existingPublicTypeIndex) {\n publicTypeIndex = existingPublicTypeIndex\n } else if (suggestion) {\n publicTypeIndex = await utilityLogic.followOrCreateLinkWithContentOnCreate(\n user,\n ns.solid('publicTypeIndex') as NamedNode,\n suggestion,\n profile,\n publicTypeIndexDocument()\n )\n } else {\n publicTypeIndex = null\n }\n } catch (err) {\n const message = `User ${user} has no pointer in profile to publicTypeIndex file: ${err}`\n debug.warn(message)\n }\n const publicScopes = publicTypeIndex ? [{ label: 'public', index: publicTypeIndex as NamedNode, agent: user }] : []\n\n let preferencesFile\n try {\n preferencesFile = await profileLogic.silencedLoadPreferences(user)\n } catch (err) {\n preferencesFile = null\n }\n\n let privateScopes\n if (preferencesFile) { // watch out - can be in either as spec was not clear. Legacy is profile.\n // If there is a legacy one linked from the profile, use that.\n // Otherwiae use or make one linked from Preferences\n let suggestedPrivateTypeIndex: NamedNode | null = null\n try {\n suggestedPrivateTypeIndex = suggestPrivateTypeIndex(preferencesFile)\n } catch (err) {\n const message = `User ${user} has no usable preferences document directory for privateTypeIndex.`\n debug.warn(message)\n }\n let privateTypeIndex\n try {\n const existingPrivateTypeIndex = store.any(user, ns.solid('privateTypeIndex'), undefined, profile)\n if (existingPrivateTypeIndex) {\n privateTypeIndex = existingPrivateTypeIndex\n } else if (suggestedPrivateTypeIndex) {\n privateTypeIndex = await utilityLogic.followOrCreateLinkWithContentOnCreate(\n user,\n ns.solid('privateTypeIndex') as NamedNode,\n suggestedPrivateTypeIndex,\n preferencesFile,\n privateTypeIndexDocument()\n )\n } else {\n privateTypeIndex = null\n }\n } catch (err) {\n const message = `User ${user} has no pointer in preference file to privateTypeIndex file: ${err}`\n debug.warn(message)\n }\n privateScopes = privateTypeIndex ? [{ label: 'private', index: privateTypeIndex as NamedNode, agent: user }] : []\n } else {\n privateScopes = []\n }\n const scopes = publicScopes.concat(privateScopes)\n if (scopes.length === 0) return scopes\n const files = scopes.map(scope => scope.index)\n try {\n await store.fetcher.load(files)\n } catch (err) {\n debug.warn('Problems loading type index: ', err)\n }\n return scopes\n }\n\n async function loadCommunityTypeIndexes(user: NamedNode): Promise<TypeIndexScope[]> {\n let preferencesFile\n try {\n preferencesFile = await profileLogic.silencedLoadPreferences(user)\n } catch (err) {\n const message = `User ${user} has no pointer in profile to preferences file.`\n debug.warn(message)\n }\n if (preferencesFile) { // For now, pick up communities as simple links from the preferences file.\n const communities = store.each(user, ns.solid('community'), undefined, preferencesFile as NamedNode).concat(\n store.each(user, ns.solid('community'), undefined, user.doc() as NamedNode)\n )\n let result = []\n for (const org of communities) {\n if (org.termType !== 'NamedNode' || !isAbsoluteHttpUri((org as NamedNode).uri)) {\n debug.warn(`Skipping malformed community node for ${user}: ${org}`)\n continue\n }\n try {\n result = result.concat(await loadTypeIndexesFor(org as NamedNode) as any)\n } catch (err) {\n debug.warn(`Skipping community type indexes for ${(org as NamedNode).uri}: ${err}`)\n }\n }\n return result\n }\n return [] // No communities\n }\n\n async function loadAllTypeIndexes(user: NamedNode) {\n return (await loadTypeIndexesFor(user)).concat(await loadCommunityTypeIndexes(user))\n }\n\n async function getScopedAppInstances(klass: NamedNode, user: NamedNode): Promise<ScopedApp[]> {\n const scopes = await loadAllTypeIndexes(user)\n let scopedApps = []\n for (const scope of scopes) {\n const scopedApps0 = await getScopedAppsFromIndex(scope, klass) as any\n scopedApps = scopedApps.concat(scopedApps0)\n }\n return scopedApps\n }\n\n // This is the function signature which used to be in solid-ui/logic\n // Recommended to use getScopedAppInstances instead as it provides more information.\n //\n async function getAppInstances(klass: NamedNode): Promise<NamedNode[]> {\n const user = authn.currentUser()\n if (!user) throw new Error('getAppInstances: Must be logged in to find apps.')\n const scopedAppInstances = await getScopedAppInstances(klass, user)\n return scopedAppInstances.map(scoped => scoped.instance)\n }\n\n function docDirUri(node: NamedNode): string | null {\n const doc = node.doc()\n const dir = doc.dir()\n if (dir?.uri && isAbsoluteHttpUri(dir.uri)) return dir.uri\n const docUri = doc.uri\n if (!docUri || !isAbsoluteHttpUri(docUri)) {\n debug.log(`docDirUri: missing or non-http(s) doc uri for ${node?.uri}`)\n return null\n }\n const withoutFragment = docUri.split('#')[0]\n const lastSlash = withoutFragment.lastIndexOf('/')\n if (lastSlash === -1) {\n debug.log(`docDirUri: no slash in doc uri ${docUri}`)\n return null\n }\n return withoutFragment.slice(0, lastSlash + 1)\n }\n\n function suggestPublicTypeIndex(me: NamedNode) {\n const dirUri = docDirUri(me)\n if (!dirUri) throw new Error(`suggestPublicTypeIndex: Cannot derive directory for ${me.uri}`)\n return sym(dirUri + 'publicTypeIndex.ttl')\n }\n // Note this one is based off the pref file not the profile\n\n function suggestPrivateTypeIndex(preferencesFile: NamedNode) {\n const dirUri = docDirUri(preferencesFile)\n if (!dirUri) throw new Error(`suggestPrivateTypeIndex: Cannot derive directory for ${preferencesFile.uri}`)\n return sym(dirUri + 'privateTypeIndex.ttl')\n }\n\n /*\n * Register a new app in a type index\n * used in chat in bookmark.js (solid-ui)\n * Returns the registration object if successful else null\n */\n async function registerInTypeIndex(\n instance: NamedNode,\n index: NamedNode,\n theClass: NamedNode,\n // agent: NamedNode\n ): Promise<NamedNode | null> {\n const registration = newThing(index)\n const ins = [\n // See https://github.com/solid/solid/blob/main/proposals/data-discovery.md\n st(registration, ns.rdf('type'), ns.solid('TypeRegistration'), index),\n st(registration, ns.solid('forClass'), theClass, index),\n st(registration, ns.solid('instance'), instance, index)\n ]\n try {\n await store.updater.update([], ins)\n } catch (err) {\n const msg = `Unable to register ${instance} in index ${index}: ${err}`\n console.warn(msg)\n return null\n }\n return registration\n }\n\n async function deleteTypeIndexRegistration(item) {\n const reg = store.the(null, ns.solid('instance'), item.instance, item.scope.index) as NamedNode\n if (!reg) throw new Error(`deleteTypeIndexRegistration: No registration found for ${item.instance}`)\n const statements = store.statementsMatching(reg, null, null, item.scope.index)\n await store.updater.update(statements, [])\n }\n\n async function getScopedAppsFromIndex(scope: TypeIndexScope, theClass: NamedNode | null): Promise<ScopedApp[]> {\n const index = scope.index\n const results: ScopedApp[] = []\n const registrations = store.statementsMatching(null, ns.solid('instance'), null, index)\n .concat(store.statementsMatching(null, ns.solid('instanceContainer'), null, index))\n .map(st => st.subject)\n for (const reg of registrations) {\n const klass = store.any(reg, ns.solid('forClass'), null, index)\n if (!theClass || klass.sameTerm(theClass)) {\n const instances = store.each(reg, ns.solid('instance'), null, index)\n for (const instance of instances) {\n results.push({ instance, type: klass, scope })\n }\n const containers = store.each(reg, ns.solid('instanceContainer'), null, index)\n for (const instance of containers) {\n await store.fetcher.load(instance)\n results.push({ instance: sym(instance.value), type: klass, scope })\n }\n }\n }\n return results\n }\n\n return {\n registerInTypeIndex,\n getRegistrations,\n loadTypeIndexesFor,\n loadCommunityTypeIndexes,\n loadAllTypeIndexes,\n getScopedAppInstances,\n getAppInstances,\n suggestPublicTypeIndex,\n suggestPrivateTypeIndex,\n deleteTypeIndexRegistration,\n getScopedAppsFromIndex\n }\n}\n","import { NamedNode, st, sym } from 'rdflib'\nimport {\n CrossOriginForbiddenError,\n FetchError,\n NotEditableError,\n SameOriginForbiddenError,\n UnauthorizedError,\n WebOperationError\n} from '../logic/CustomError'\nimport * as debug from '../util/debug'\nimport { differentOrigin } from './utils'\n\nexport function createUtilityLogic(store, aclLogic, containerLogic) {\n async function recursiveDelete(containerNode: NamedNode) {\n try {\n if (containerLogic.isContainer(containerNode)) {\n const aclDocUrl = await aclLogic.findAclDocUrl(containerNode)\n await store.fetcher._fetch(aclDocUrl, { method: 'DELETE' })\n const containerMembers = await containerLogic.getContainerMembers(containerNode)\n await Promise.all(containerMembers.map((url) => recursiveDelete(url)))\n }\n return store.fetcher._fetch(containerNode.value, { method: 'DELETE' })\n } catch (e) {\n debug.log(`Please manually remove ${containerNode.value} from your system.`, e)\n }\n }\n\n /**\n * Create a resource if it really does not exist.\n * Be absolutely sure something does not exist before creating a new empty file,\n * as otherwise existing content could be deleted.\n */\n async function loadOrCreateIfNotExists(doc: NamedNode) {\n try {\n return await store.fetcher.load(doc)\n } catch (err: any) {\n if (err?.response?.status === 404) {\n try {\n await store.fetcher.webOperation('PUT', doc.uri, {\n data: '',\n contentType: 'text/turtle',\n headers: { 'If-None-Match': '*' }\n })\n } catch (putErr: any) {\n const status = putErr?.response?.status ?? putErr?.status\n if (status !== 412) {\n const msg = `createIfNotExists: PUT FAILED: ${doc}: ${putErr}`\n throw new WebOperationError(msg)\n }\n }\n return await store.fetcher.load(doc)\n }\n if (err?.response?.status === 401) {\n throw new UnauthorizedError()\n }\n if (err?.response?.status === 403) {\n if (differentOrigin(doc)) {\n throw new CrossOriginForbiddenError()\n }\n throw new SameOriginForbiddenError()\n }\n const msg = `createIfNotExists doc load error: ${doc}: ${err}`\n throw new FetchError(err?.status, `${err?.message || ''}${msg}`)\n }\n }\n\n async function loadOrCreateWithContentOnCreate(doc: NamedNode, data: string): Promise<boolean> {\n try {\n await store.fetcher.load(doc)\n return false\n } catch (err: any) {\n const status = err?.response?.status ?? err?.status\n if (status !== 404) {\n throw err\n }\n }\n\n try {\n await store.fetcher.webOperation('PUT', doc.uri, {\n data,\n contentType: 'text/turtle',\n headers: { 'If-None-Match': '*' }\n })\n return true\n } catch (err: any) {\n const status = err?.response?.status ?? err?.status\n if (status === 412) {\n // Another client created the resource between our 404 check and PUT.\n return false\n }\n throw err\n }\n }\n\n /*\n * Follow link from this doc to another thing, or else make a new link.\n * Returns existing object, or creates it if non-existent.\n */\n async function followOrCreateLink(\n subject: NamedNode,\n predicate: NamedNode,\n object: NamedNode,\n doc: NamedNode\n ): Promise<NamedNode | null> {\n await store.fetcher.load(doc)\n const result = store.any(subject, predicate, null, doc)\n\n if (result) return result as NamedNode\n if (!store.updater.editable(doc)) {\n const msg = `followOrCreateLink: cannot edit ${doc.value}`\n debug.warn(msg)\n throw new NotEditableError(msg)\n }\n\n try {\n await store.updater.update([], [st(subject, predicate, object, doc)])\n } catch (err) {\n const msg = `followOrCreateLink: Error making link in ${doc} to ${object}: ${err}`\n debug.warn(msg)\n throw new WebOperationError(err)\n }\n\n try {\n await loadOrCreateIfNotExists(object)\n } catch (err) {\n debug.warn(`followOrCreateLink: Error loading or saving new linked document: ${object}: ${err}`)\n throw err\n }\n return object\n }\n\n async function followOrCreateLinkWithContentOnCreate(\n subject: NamedNode,\n predicate: NamedNode,\n object: NamedNode,\n doc: NamedNode,\n data: string\n ): Promise<NamedNode | null> {\n await store.fetcher.load(doc)\n const result = store.any(subject, predicate, null, doc)\n\n if (result) return result as NamedNode\n if (!store.updater.editable(doc)) {\n const msg = `followOrCreateLinkWithContentOnCreate: cannot edit ${doc.value}`\n debug.warn(msg)\n throw new NotEditableError(msg)\n }\n\n try {\n await store.updater.update([], [st(subject, predicate, object, doc)])\n } catch (err) {\n const msg = `followOrCreateLinkWithContentOnCreate: Error making link in ${doc} to ${object}: ${err}`\n debug.warn(msg)\n throw new WebOperationError(msg)\n }\n\n try {\n await loadOrCreateWithContentOnCreate(object, data)\n } catch (err) {\n debug.warn(`followOrCreateLinkWithContentOnCreate: Error loading or saving new linked document: ${object}: ${err}`)\n throw err\n }\n return object\n }\n\n // Copied from\n // https://github.com/solidos/web-access-control-tests/blob/v3.0.0/test/surface/delete.test.ts#L5\n async function setSinglePeerAccess(options: {\n ownerWebId: string,\n peerWebId: string,\n accessToModes?: string,\n defaultModes?: string,\n target: string\n }) {\n let str = [\n '@prefix acl: <http://www.w3.org/ns/auth/acl#>.',\n '',\n '<#alice> a acl:Authorization;\\n acl:agent <' + options.ownerWebId + '>;',\n ` acl:accessTo <${options.target}>;`,\n ` acl:default <${options.target}>;`,\n ' acl:mode acl:Read, acl:Write, acl:Control.',\n ''\n ].join('\\n')\n\n if (options.accessToModes) {\n str += [\n '<#bobAccessTo> a acl:Authorization;',\n ` acl:agent <${options.peerWebId}>;`,\n ` acl:accessTo <${options.target}>;`,\n ` acl:mode ${options.accessToModes}.`,\n ''\n ].join('\\n')\n }\n\n if (options.defaultModes) {\n str += [\n '<#bobDefault> a acl:Authorization;',\n ` acl:agent <${options.peerWebId}>;`,\n ` acl:default <${options.target}>;`,\n ` acl:mode ${options.defaultModes}.`,\n ''\n ].join('\\n')\n }\n\n const aclDocUrl = await aclLogic.findAclDocUrl(sym(options.target))\n return store.fetcher._fetch(aclDocUrl, {\n method: 'PUT',\n body: str,\n headers: [['Content-Type', 'text/turtle']]\n })\n }\n\n async function createEmptyRdfDoc(doc: NamedNode, comment: string) {\n await store.fetcher.webOperation('PUT', doc.uri, {\n data: `# ${new Date()} ${comment}\\n`,\n contentType: 'text/turtle'\n })\n }\n\n return {\n recursiveDelete,\n setSinglePeerAccess,\n createEmptyRdfDoc,\n followOrCreateLink,\n followOrCreateLinkWithContentOnCreate,\n loadOrCreateIfNotExists,\n loadOrCreateWithContentOnCreate\n }\n}\n","import * as rdf from 'rdflib'\nimport { LiveStore, NamedNode, Statement } from 'rdflib'\nimport { createAclLogic } from '../acl/aclLogic'\nimport { SolidAuthnLogic } from '../authn/SolidAuthnLogic'\nimport type { SessionWithLegacyEvents } from '../authSession/authSession'\nimport { createChatLogic } from '../chat/chatLogic'\nimport { createInboxLogic } from '../inbox/inboxLogic'\nimport { createProfileLogic } from '../profile/profileLogic'\nimport { createTypeIndexLogic } from '../typeIndex/typeIndexLogic'\nimport { createContainerLogic } from '../util/containerLogic'\nimport { createUtilityLogic } from '../util/utilityLogic'\nimport type { AuthnLogic, SolidLogic } from '../types'\nimport * as debug from '../util/debug'\n/*\n** It is important to distinquish `fetch`, a function provided by the browser\n** and `Fetcher`, a helper object for the rdflib Store which turns it\n** into a `ConnectedStore` or a `LiveStore`. A Fetcher object is\n** available at store.fetcher, and `fetch` function at `store.fetcher._fetch`,\n*/\nexport function createSolidLogic(specialFetch: { fetch: (url: any, requestInit: any) => any }, session: SessionWithLegacyEvents): SolidLogic {\n\n debug.log('SolidLogic: Unique instance created. There should only be one of these.')\n const store: LiveStore = rdf.graph() as LiveStore\n rdf.fetcher(store, {fetch: specialFetch.fetch}) // Attach a web I/O module, store.fetcher\n store.updater = new rdf.UpdateManager(store) // Add real-time live updates store.updater\n store.features = [] // disable automatic node merging on store load\n\n const authn: AuthnLogic = new SolidAuthnLogic(session)\n \n const acl = createAclLogic(store)\n const containerLogic = createContainerLogic(store)\n const utilityLogic = createUtilityLogic(store, acl, containerLogic)\n const profile = createProfileLogic(store, authn, utilityLogic)\n const chat = createChatLogic(store, profile)\n const inbox = createInboxLogic(store, profile, utilityLogic, containerLogic, acl)\n const typeIndex = createTypeIndexLogic(store, authn, profile, utilityLogic)\n debug.log('SolidAuthnLogic initialized')\n\n function load(doc: NamedNode | NamedNode[] | string) {\n return store.fetcher.load(doc)\n }\n\n // @@@@ use the one in rdflib.js when it is available and delete this\n function updatePromise(\n del: Array<Statement>,\n ins: Array<Statement> = []\n ): Promise<void> {\n return new Promise((resolve, reject) => {\n store.updater.update(del, ins, function (_uri, ok, errorBody) {\n if (!ok) {\n reject(new Error(errorBody))\n } else {\n resolve()\n }\n }) // callback\n }) // promise\n }\n\n function clearStore() {\n store.statements.slice().forEach(store.remove.bind(store))\n }\n\n return {\n store,\n authn,\n acl,\n inbox,\n chat,\n profile,\n typeIndex,\n load,\n updatePromise,\n clearStore\n }\n}\n","import * as debug from '../util/debug'\nimport { authSession } from '../authSession/authSession'\nimport { createSolidLogic } from './solidLogic'\nimport { SolidLogic } from '../types'\n\nconst _fetch = async (url, requestInit) => {\n const omitCreds = requestInit && requestInit.credentials && requestInit.credentials == 'omit'\n const sessionAny = authSession as any\n const sessionWebId = sessionAny?.info?.webId || sessionAny?.webId\n if (sessionWebId && !omitCreds) { // see https://github.com/solidos/solidos/issues/114\n // In fact fetch should respect credentials omit itself\n const authenticatedFetch = (typeof sessionAny.fetch === 'function')\n ? sessionAny.fetch.bind(sessionAny)\n : (typeof sessionAny.authFetch === 'function' ? sessionAny.authFetch.bind(sessionAny) : null)\n if (authenticatedFetch) {\n return authenticatedFetch(url, requestInit)\n }\n return window.fetch(url, requestInit)\n } else {\n return window.fetch(url, requestInit)\n }\n}\n\n// Global singleton pattern to ensure unique store across library versions\nconst SINGLETON_SYMBOL = Symbol.for('solid-logic-singleton')\n\n// Type the global object properly with the singleton\ninterface GlobalWithSingleton {\n [SINGLETON_SYMBOL]?: SolidLogic\n}\n\nconst globalTarget = (typeof window !== 'undefined' ? window : global) as GlobalWithSingleton\n\nfunction getOrCreateSingleton(): SolidLogic {\n if (!globalTarget[SINGLETON_SYMBOL]) {\n debug.log('SolidLogic: Creating new global singleton instance.')\n globalTarget[SINGLETON_SYMBOL] = createSolidLogic({ fetch: _fetch }, authSession)\n debug.log('Unique quadstore initialized.')\n } else {\n debug.log('SolidLogic: Using existing global singleton instance.')\n }\n return globalTarget[SINGLETON_SYMBOL]!\n}\n//this const makes solidLogicSingleton global accessible in mashlib\nconst solidLogicSingleton = getOrCreateSingleton()\n\nexport { solidLogicSingleton }","export type ServerLogoutOptions = {\n issuer?: string\n postLogoutRedirectPath?: string\n}\n\nexport async function performServerSideLogout (options: ServerLogoutOptions = {}): Promise<boolean> {\n if (typeof window === 'undefined') {\n return false\n }\n const issuer = options.issuer || ''\n const postLogoutRedirectPath = options.postLogoutRedirectPath || '/'\n\n // Provider-specific logout endpoint discovery (OIDC end_session_endpoint).\n try {\n if (issuer) {\n const wellKnownUri = new URL(issuer)\n wellKnownUri.pathname = '/.well-known/openid-configuration'\n const wellKnownResult = await fetch(wellKnownUri.toString(), { credentials: 'include' })\n\n if (wellKnownResult.status === 200) {\n const openidConfiguration = await wellKnownResult.json()\n if (openidConfiguration && openidConfiguration.end_session_endpoint) {\n await fetch(openidConfiguration.end_session_endpoint, { credentials: 'include' })\n }\n }\n }\n } catch (_err) {\n // Continue with local logout even if provider logout is unavailable.\n }\n\n // NSS well-known logout endpoint clears cookie-backed server sessions.\n try {\n const logoutResponse = await fetch('/.well-known/solid/logout', { credentials: 'include' })\n if (logoutResponse.ok || logoutResponse.redirected) {\n window.location.assign(postLogoutRedirectPath)\n return true\n }\n } catch (_err) {\n // Not all deployments expose this endpoint.\n }\n\n return false\n}","const DEFAULT_ISSUERS = [\n {\n name: 'Solid Community',\n uri: 'https://solidcommunity.net'\n },\n {\n name: 'Solid Web',\n uri: 'https://solidweb.org'\n },\n {\n name: 'Solid Web ME',\n uri: 'https://solidweb.me'\n },\n {\n name: 'Inrupt.com',\n uri: 'https://login.inrupt.com'\n }\n]\n\n/**\n * @returns - A list of suggested OIDC issuers\n */\nexport function getSuggestedIssuers (): { name: string, uri: string }[] {\n // Suggest a default list of OIDC issuers\n const issuers = [...DEFAULT_ISSUERS]\n \n // Suggest the current host if not already included\n const { host, origin } = new URL(location.href)\n const hosts = issuers.map(({ uri }) => new URL(uri).host)\n if (!hosts.includes(host)) {\n issuers.unshift({ name: host, uri: origin })\n }\n \n return issuers\n }","// Make these variables directly accessible as it is what you need most of the time\n// This also makes these variable globaly accesible in mashlib\nimport { solidLogicSingleton } from './logic/solidLogicSingleton'\n\nconst authn = solidLogicSingleton.authn\nconst authSession = solidLogicSingleton.authn.authSession\nconst store = solidLogicSingleton.store\n\nexport { ACL_LINK } from './acl/aclLogic'\nexport { offlineTestID, appContext } from './authn/authUtil'\nexport { performServerSideLogout } from './authn/serverLogout'\nexport { getSuggestedIssuers } from './issuer/issuerLogic'\nexport { createTypeIndexLogic } from './typeIndex/typeIndexLogic'\nexport type { AppDetails, SolidNamespace, AuthenticationContext, SolidLogic, ChatLogic } from './types'\nexport { UnauthorizedError, CrossOriginForbiddenError, SameOriginForbiddenError, NotFoundError, FetchError, NotEditableError, WebOperationError } from './logic/CustomError'\n\nexport {\n solidLogicSingleton, // solidLogicSingleton is exported entirely because it is used in solid-panes\n store,\n authn,\n authSession\n}\n\n"],"names":[],"sourceRoot":""}