xpandurl 0.1.0

package/dist/index.cjs

@@ -0,0 +1,239 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  ExpandError: () => ExpandError,
+  InvalidUrlError: () => InvalidUrlError,
+  MaxRedirectsError: () => MaxRedirectsError,
+  TimeoutError: () => TimeoutError,
+  expand: () => expand,
+  expandMany: () => expandMany
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/expand.ts
+var import_node_http = __toESM(require("http"), 1);
+var import_node_https = __toESM(require("https"), 1);
+
+// src/errors.ts
+var ExpandError = class extends Error {
+  constructor(message, url) {
+    super(message);
+    this.url = url;
+    this.name = "ExpandError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  url;
+};
+var TimeoutError = class extends ExpandError {
+  constructor(url, timeoutMs) {
+    super(`Request timed out after ${timeoutMs}ms`, url);
+    this.name = "TimeoutError";
+  }
+};
+var MaxRedirectsError = class extends ExpandError {
+  constructor(url, max) {
+    super(`Exceeded maximum of ${max} redirects`, url);
+    this.name = "MaxRedirectsError";
+  }
+};
+var InvalidUrlError = class extends ExpandError {
+  constructor(url) {
+    super(`Invalid or unsupported URL: ${url}`, url);
+    this.name = "InvalidUrlError";
+  }
+};
+
+// src/expand.ts
+var DEFAULT_TIMEOUT = 1e4;
+var DEFAULT_MAX_REDIRECTS = 10;
+var DEFAULT_UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36";
+var BLOCKED_HOSTNAMES = /* @__PURE__ */ new Set([
+  "localhost",
+  "metadata.google.internal"
+  // GCP metadata
+]);
+function isPrivateHost(hostname) {
+  const h = hostname.toLowerCase();
+  if (BLOCKED_HOSTNAMES.has(h)) return true;
+  if (h === "::1" || h.startsWith("fe80:") || h.startsWith("fc") || h.startsWith("fd")) {
+    return true;
+  }
+  const parts = h.split(".");
+  if (parts.length !== 4) return false;
+  const octets = parts.map(Number);
+  if (octets.some((o) => !Number.isInteger(o) || o < 0 || o > 255)) return false;
+  const [a, b] = octets;
+  return a === 0 || // 0.0.0.0/8      unspecified
+  a === 10 || // 10.0.0.0/8     RFC1918
+  a === 127 || // 127.0.0.0/8    loopback
+  a === 169 && b === 254 || // 169.254.0.0/16 link-local + cloud metadata
+  a === 172 && b >= 16 && b <= 31 || // 172.16.0.0/12 RFC1918
+  a === 192 && b === 168 || // 192.168.0.0/16 RFC1918
+  a === 255;
+}
+function makeRequest(url, options) {
+  return new Promise((resolve, reject) => {
+    const timeout = options.timeout ?? DEFAULT_TIMEOUT;
+    const lib = url.startsWith("https") ? import_node_https.default : import_node_http.default;
+    const req = lib.get(
+      url,
+      {
+        headers: {
+          "User-Agent": options.userAgent ?? DEFAULT_UA,
+          Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+          ...options.headers
+        }
+      },
+      (res) => {
+        const result = {
+          statusCode: res.statusCode ?? 0,
+          location: Array.isArray(res.headers.location) ? res.headers.location[0] : res.headers.location
+        };
+        resolve(result);
+        res.destroy();
+      }
+    );
+    req.setTimeout(timeout, () => {
+      req.destroy(new TimeoutError(url, timeout));
+    });
+    req.on("error", (err) => {
+      if (err instanceof TimeoutError) {
+        reject(err);
+        return;
+      }
+      reject(new ExpandError(err.message, url));
+    });
+  });
+}
+function assertHttpProtocol(url) {
+  let protocol;
+  try {
+    protocol = new URL(url).protocol;
+  } catch {
+    throw new InvalidUrlError(url);
+  }
+  if (protocol !== "http:" && protocol !== "https:") {
+    throw new InvalidUrlError(url);
+  }
+}
+function assertHostPolicy(url, options) {
+  const { hostname } = new URL(url);
+  if (options.blockPrivateIPs !== false && isPrivateHost(hostname)) {
+    throw new ExpandError(
+      `Requests to private/local hosts are blocked ("${hostname}"). Set blockPrivateIPs: false to allow.`,
+      url
+    );
+  }
+  if (options.allowedHosts && options.allowedHosts.length > 0) {
+    if (!options.allowedHosts.includes(hostname)) {
+      throw new ExpandError(
+        `"${hostname}" is not in the allowedHosts list`,
+        url
+      );
+    }
+  }
+}
+function assertRedirectPolicy(from, to, options) {
+  if (options.allowHttpDowngrade === false) {
+    const fromProto = new URL(from).protocol;
+    const toProto = new URL(to).protocol;
+    if (fromProto === "https:" && toProto === "http:") {
+      throw new ExpandError(
+        `HTTPS to HTTP downgrade blocked (set allowHttpDowngrade: true to permit)`,
+        from
+      );
+    }
+  }
+  assertHostPolicy(to, options);
+}
+async function expand(url, options = {}) {
+  assertHttpProtocol(url);
+  assertHostPolicy(url, options);
+  const max = options.maxRedirects ?? DEFAULT_MAX_REDIRECTS;
+  const chain = [];
+  let current = url;
+  for (let i = 0; i <= max; i++) {
+    const { statusCode, location } = await makeRequest(current, options);
+    const isRedirect = statusCode >= 300 && statusCode < 400;
+    if (isRedirect && location) {
+      chain.push(current);
+      const next = new URL(location, current).href;
+      assertHttpProtocol(next);
+      assertRedirectPolicy(current, next, options);
+      current = next;
+      continue;
+    }
+    return {
+      originalUrl: url,
+      expandedUrl: current,
+      statusCode,
+      redirectChain: chain
+    };
+  }
+  throw new MaxRedirectsError(url, max);
+}
+
+// src/expand-many.ts
+var DEFAULT_CONCURRENCY = 5;
+async function expandMany(urls, options = {}) {
+  const concurrency = options.concurrency ?? DEFAULT_CONCURRENCY;
+  const results = [];
+  for (let i = 0; i < urls.length; i += concurrency) {
+    const batch = urls.slice(i, i + concurrency);
+    const settled = await Promise.allSettled(batch.map((url) => expand(url, options)));
+    for (let j = 0; j < settled.length; j++) {
+      const outcome = settled[j];
+      if (outcome.status === "fulfilled") {
+        results.push(outcome.value);
+      } else {
+        results.push({
+          originalUrl: urls[i + j],
+          expandedUrl: urls[i + j],
+          statusCode: 0,
+          redirectChain: [],
+          error: outcome.reason instanceof Error ? outcome.reason.message : String(outcome.reason)
+        });
+      }
+    }
+  }
+  return results;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ExpandError,
+  InvalidUrlError,
+  MaxRedirectsError,
+  TimeoutError,
+  expand,
+  expandMany
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/expand.ts","../src/errors.ts","../src/expand-many.ts"],"sourcesContent":["export { expand } from './expand.js'\nexport { expandMany } from './expand-many.js'\nexport type { ExpandOptions, ExpandManyOptions, ExpandResult } from './types.js'\nexport { ExpandError, TimeoutError, MaxRedirectsError, InvalidUrlError } from './errors.js'\n","import http from 'node:http'\nimport https from 'node:https'\nimport { ExpandError, InvalidUrlError, MaxRedirectsError, TimeoutError } from './errors.js'\nimport type { ExpandOptions, ExpandResult } from './types.js'\n\nconst DEFAULT_TIMEOUT = 10_000\nconst DEFAULT_MAX_REDIRECTS = 10\nconst DEFAULT_UA =\n  'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'\n\n// ─── Private / local IP detection ─────────────────────────────────────────────\n\nconst BLOCKED_HOSTNAMES = new Set([\n  'localhost',\n  'metadata.google.internal', // GCP metadata\n])\n\nfunction isPrivateHost(hostname: string): boolean {\n  const h = hostname.toLowerCase()\n\n  if (BLOCKED_HOSTNAMES.has(h)) return true\n\n  // IPv6 loopback, link-local, ULA (fc00::/7)\n  if (h === '::1' || h.startsWith('fe80:') || h.startsWith('fc') || h.startsWith('fd')) {\n    return true\n  }\n\n  // IPv4: must be exactly 4 dot-separated octets\n  const parts = h.split('.')\n  if (parts.length !== 4) return false\n  const octets = parts.map(Number)\n  if (octets.some((o) => !Number.isInteger(o) || o < 0 || o > 255)) return false\n\n  const [a, b] = octets as [number, number, number, number]\n  return (\n    a === 0 ||                          // 0.0.0.0/8      unspecified\n    a === 10 ||                         // 10.0.0.0/8     RFC1918\n    a === 127 ||                        // 127.0.0.0/8    loopback\n    (a === 169 && b === 254) ||         // 169.254.0.0/16 link-local + cloud metadata\n    (a === 172 && b >= 16 && b <= 31) || // 172.16.0.0/12 RFC1918\n    (a === 192 && b === 168) ||         // 192.168.0.0/16 RFC1918\n    a === 255                           // 255.x.x.x      broadcast\n  )\n}\n\n// ─── Request (headers only — body is never read) ───────────────────────────────\n\ninterface RequestResult {\n  statusCode: number\n  location: string | undefined\n}\n\nfunction makeRequest(url: string, options: ExpandOptions): Promise<RequestResult> {\n  return new Promise((resolve, reject) => {\n    const timeout = options.timeout ?? DEFAULT_TIMEOUT\n    const lib = url.startsWith('https') ? https : http\n\n    const req = lib.get(\n      url,\n      {\n        headers: {\n          'User-Agent': options.userAgent ?? DEFAULT_UA,\n          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',\n          ...options.headers,\n        },\n      },\n      (res) => {\n        // Capture headers then immediately close — never read the response body.\n        // This prevents downloading large or malicious payloads (e.g. shell scripts).\n        const result: RequestResult = {\n          statusCode: res.statusCode ?? 0,\n          location: Array.isArray(res.headers.location)\n            ? res.headers.location[0]\n            : res.headers.location,\n        }\n        resolve(result)\n        res.destroy()\n      },\n    )\n\n    req.setTimeout(timeout, () => {\n      req.destroy(new TimeoutError(url, timeout))\n    })\n\n    req.on('error', (err) => {\n      if (err instanceof TimeoutError) {\n        reject(err)\n        return\n      }\n      // Ignore socket errors that result from our own res.destroy() call\n      // (promise is already resolved at that point, so reject is a no-op,\n      // but we guard here to avoid unhandled-rejection noise in edge cases)\n      reject(new ExpandError(err.message, url))\n    })\n  })\n}\n\n// ─── URL validation helpers ────────────────────────────────────────────────────\n\nfunction assertHttpProtocol(url: string): void {\n  let protocol: string\n  try {\n    protocol = new URL(url).protocol\n  } catch {\n    throw new InvalidUrlError(url)\n  }\n  if (protocol !== 'http:' && protocol !== 'https:') {\n    throw new InvalidUrlError(url)\n  }\n}\n\nfunction assertHostPolicy(url: string, options: ExpandOptions): void {\n  const { hostname } = new URL(url)\n\n  if (options.blockPrivateIPs !== false && isPrivateHost(hostname)) {\n    throw new ExpandError(\n      `Requests to private/local hosts are blocked (\"${hostname}\"). Set blockPrivateIPs: false to allow.`,\n      url,\n    )\n  }\n\n  if (options.allowedHosts && options.allowedHosts.length > 0) {\n    if (!options.allowedHosts.includes(hostname)) {\n      throw new ExpandError(\n        `\"${hostname}\" is not in the allowedHosts list`,\n        url,\n      )\n    }\n  }\n}\n\nfunction assertRedirectPolicy(from: string, to: string, options: ExpandOptions): void {\n  if (options.allowHttpDowngrade === false) {\n    const fromProto = new URL(from).protocol\n    const toProto   = new URL(to).protocol\n    if (fromProto === 'https:' && toProto === 'http:') {\n      throw new ExpandError(\n        `HTTPS to HTTP downgrade blocked (set allowHttpDowngrade: true to permit)`,\n        from,\n      )\n    }\n  }\n\n  assertHostPolicy(to, options)\n}\n\n// ─── Public API ────────────────────────────────────────────────────────────────\n\nexport async function expand(url: string, options: ExpandOptions = {}): Promise<ExpandResult> {\n  assertHttpProtocol(url)\n  assertHostPolicy(url, options)\n\n  const max   = options.maxRedirects ?? DEFAULT_MAX_REDIRECTS\n  const chain: string[] = []\n  let current = url\n\n  for (let i = 0; i <= max; i++) {\n    const { statusCode, location } = await makeRequest(current, options)\n\n    const isRedirect = statusCode >= 300 && statusCode < 400\n    if (isRedirect && location) {\n      chain.push(current)\n      const next = new URL(location, current).href\n      assertHttpProtocol(next)\n      assertRedirectPolicy(current, next, options)\n      current = next\n      continue\n    }\n\n    return {\n      originalUrl: url,\n      expandedUrl: current,\n      statusCode,\n      redirectChain: chain,\n    }\n  }\n\n  throw new MaxRedirectsError(url, max)\n}\n","export class ExpandError extends Error {\n  constructor(\n    message: string,\n    public readonly url: string,\n  ) {\n    super(message)\n    this.name = 'ExpandError'\n    Object.setPrototypeOf(this, new.target.prototype)\n  }\n}\n\nexport class TimeoutError extends ExpandError {\n  constructor(url: string, timeoutMs: number) {\n    super(`Request timed out after ${timeoutMs}ms`, url)\n    this.name = 'TimeoutError'\n  }\n}\n\nexport class MaxRedirectsError extends ExpandError {\n  constructor(url: string, max: number) {\n    super(`Exceeded maximum of ${max} redirects`, url)\n    this.name = 'MaxRedirectsError'\n  }\n}\n\nexport class InvalidUrlError extends ExpandError {\n  constructor(url: string) {\n    super(`Invalid or unsupported URL: ${url}`, url)\n    this.name = 'InvalidUrlError'\n  }\n}\n","import { expand } from './expand.js'\nimport type { ExpandManyOptions, ExpandResult } from './types.js'\n\nconst DEFAULT_CONCURRENCY = 5\n\nexport async function expandMany(\n  urls: string[],\n  options: ExpandManyOptions = {},\n): Promise<ExpandResult[]> {\n  const concurrency = options.concurrency ?? DEFAULT_CONCURRENCY\n  const results: ExpandResult[] = []\n\n  for (let i = 0; i < urls.length; i += concurrency) {\n    const batch = urls.slice(i, i + concurrency)\n    const settled = await Promise.allSettled(batch.map((url) => expand(url, options)))\n\n    for (let j = 0; j < settled.length; j++) {\n      const outcome = settled[j]!\n      if (outcome.status === 'fulfilled') {\n        results.push(outcome.value)\n      } else {\n        results.push({\n          originalUrl: urls[i + j]!,\n          expandedUrl: urls[i + j]!,\n          statusCode: 0,\n          redirectChain: [],\n          error: outcome.reason instanceof Error ? outcome.reason.message : String(outcome.reason),\n        })\n      }\n    }\n  }\n\n  return results\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,uBAAiB;AACjB,wBAAkB;;;ACDX,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC,YACE,SACgB,KAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AAAA,EALkB;AAMpB;AAEO,IAAM,eAAN,cAA2B,YAAY;AAAA,EAC5C,YAAY,KAAa,WAAmB;AAC1C,UAAM,2BAA2B,SAAS,MAAM,GAAG;AACnD,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,oBAAN,cAAgC,YAAY;AAAA,EACjD,YAAY,KAAa,KAAa;AACpC,UAAM,uBAAuB,GAAG,cAAc,GAAG;AACjD,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,kBAAN,cAA8B,YAAY;AAAA,EAC/C,YAAY,KAAa;AACvB,UAAM,+BAA+B,GAAG,IAAI,GAAG;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ADzBA,IAAM,kBAAkB;AACxB,IAAM,wBAAwB;AAC9B,IAAM,aACJ;AAIF,IAAM,oBAAoB,oBAAI,IAAI;AAAA,EAChC;AAAA,EACA;AAAA;AACF,CAAC;AAED,SAAS,cAAc,UAA2B;AAChD,QAAM,IAAI,SAAS,YAAY;AAE/B,MAAI,kBAAkB,IAAI,CAAC,EAAG,QAAO;AAGrC,MAAI,MAAM,SAAS,EAAE,WAAW,OAAO,KAAK,EAAE,WAAW,IAAI,KAAK,EAAE,WAAW,IAAI,GAAG;AACpF,WAAO;AAAA,EACT;AAGA,QAAM,QAAQ,EAAE,MAAM,GAAG;AACzB,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,SAAS,MAAM,IAAI,MAAM;AAC/B,MAAI,OAAO,KAAK,CAAC,MAAM,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,KAAK,IAAI,GAAG,EAAG,QAAO;AAEzE,QAAM,CAAC,GAAG,CAAC,IAAI;AACf,SACE,MAAM;AAAA,EACN,MAAM;AAAA,EACN,MAAM;AAAA,EACL,MAAM,OAAO,MAAM;AAAA,EACnB,MAAM,OAAO,KAAK,MAAM,KAAK;AAAA,EAC7B,MAAM,OAAO,MAAM;AAAA,EACpB,MAAM;AAEV;AASA,SAAS,YAAY,KAAa,SAAgD;AAChF,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,UAAU,QAAQ,WAAW;AACnC,UAAM,MAAM,IAAI,WAAW,OAAO,IAAI,kBAAAA,UAAQ,iBAAAC;AAE9C,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,MACA;AAAA,QACE,SAAS;AAAA,UACP,cAAc,QAAQ,aAAa;AAAA,UACnC,QAAQ;AAAA,UACR,GAAG,QAAQ;AAAA,QACb;AAAA,MACF;AAAA,MACA,CAAC,QAAQ;AAGP,cAAM,SAAwB;AAAA,UAC5B,YAAY,IAAI,cAAc;AAAA,UAC9B,UAAU,MAAM,QAAQ,IAAI,QAAQ,QAAQ,IACxC,IAAI,QAAQ,SAAS,CAAC,IACtB,IAAI,QAAQ;AAAA,QAClB;AACA,gBAAQ,MAAM;AACd,YAAI,QAAQ;AAAA,MACd;AAAA,IACF;AAEA,QAAI,WAAW,SAAS,MAAM;AAC5B,UAAI,QAAQ,IAAI,aAAa,KAAK,OAAO,CAAC;AAAA,IAC5C,CAAC;AAED,QAAI,GAAG,SAAS,CAAC,QAAQ;AACvB,UAAI,eAAe,cAAc;AAC/B,eAAO,GAAG;AACV;AAAA,MACF;AAIA,aAAO,IAAI,YAAY,IAAI,SAAS,GAAG,CAAC;AAAA,IAC1C,CAAC;AAAA,EACH,CAAC;AACH;AAIA,SAAS,mBAAmB,KAAmB;AAC7C,MAAI;AACJ,MAAI;AACF,eAAW,IAAI,IAAI,GAAG,EAAE;AAAA,EAC1B,QAAQ;AACN,UAAM,IAAI,gBAAgB,GAAG;AAAA,EAC/B;AACA,MAAI,aAAa,WAAW,aAAa,UAAU;AACjD,UAAM,IAAI,gBAAgB,GAAG;AAAA,EAC/B;AACF;AAEA,SAAS,iBAAiB,KAAa,SAA8B;AACnE,QAAM,EAAE,SAAS,IAAI,IAAI,IAAI,GAAG;AAEhC,MAAI,QAAQ,oBAAoB,SAAS,cAAc,QAAQ,GAAG;AAChE,UAAM,IAAI;AAAA,MACR,iDAAiD,QAAQ;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,QAAQ,gBAAgB,QAAQ,aAAa,SAAS,GAAG;AAC3D,QAAI,CAAC,QAAQ,aAAa,SAAS,QAAQ,GAAG;AAC5C,YAAM,IAAI;AAAA,QACR,IAAI,QAAQ;AAAA,QACZ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,qBAAqB,MAAc,IAAY,SAA8B;AACpF,MAAI,QAAQ,uBAAuB,OAAO;AACxC,UAAM,YAAY,IAAI,IAAI,IAAI,EAAE;AAChC,UAAM,UAAY,IAAI,IAAI,EAAE,EAAE;AAC9B,QAAI,cAAc,YAAY,YAAY,SAAS;AACjD,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,mBAAiB,IAAI,OAAO;AAC9B;AAIA,eAAsB,OAAO,KAAa,UAAyB,CAAC,GAA0B;AAC5F,qBAAmB,GAAG;AACtB,mBAAiB,KAAK,OAAO;AAE7B,QAAM,MAAQ,QAAQ,gBAAgB;AACtC,QAAM,QAAkB,CAAC;AACzB,MAAI,UAAU;AAEd,WAAS,IAAI,GAAG,KAAK,KAAK,KAAK;AAC7B,UAAM,EAAE,YAAY,SAAS,IAAI,MAAM,YAAY,SAAS,OAAO;AAEnE,UAAM,aAAa,cAAc,OAAO,aAAa;AACrD,QAAI,cAAc,UAAU;AAC1B,YAAM,KAAK,OAAO;AAClB,YAAM,OAAO,IAAI,IAAI,UAAU,OAAO,EAAE;AACxC,yBAAmB,IAAI;AACvB,2BAAqB,SAAS,MAAM,OAAO;AAC3C,gBAAU;AACV;AAAA,IACF;AAEA,WAAO;AAAA,MACL,aAAa;AAAA,MACb,aAAa;AAAA,MACb;AAAA,MACA,eAAe;AAAA,IACjB;AAAA,EACF;AAEA,QAAM,IAAI,kBAAkB,KAAK,GAAG;AACtC;;;AE/KA,IAAM,sBAAsB;AAE5B,eAAsB,WACpB,MACA,UAA6B,CAAC,GACL;AACzB,QAAM,cAAc,QAAQ,eAAe;AAC3C,QAAM,UAA0B,CAAC;AAEjC,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK,aAAa;AACjD,UAAM,QAAQ,KAAK,MAAM,GAAG,IAAI,WAAW;AAC3C,UAAM,UAAU,MAAM,QAAQ,WAAW,MAAM,IAAI,CAAC,QAAQ,OAAO,KAAK,OAAO,CAAC,CAAC;AAEjF,aAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;AACvC,YAAM,UAAU,QAAQ,CAAC;AACzB,UAAI,QAAQ,WAAW,aAAa;AAClC,gBAAQ,KAAK,QAAQ,KAAK;AAAA,MAC5B,OAAO;AACL,gBAAQ,KAAK;AAAA,UACX,aAAa,KAAK,IAAI,CAAC;AAAA,UACvB,aAAa,KAAK,IAAI,CAAC;AAAA,UACvB,YAAY;AAAA,UACZ,eAAe,CAAC;AAAA,UAChB,OAAO,QAAQ,kBAAkB,QAAQ,QAAQ,OAAO,UAAU,OAAO,QAAQ,MAAM;AAAA,QACzF,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;","names":["https","http"]}

package/dist/index.d.cts

@@ -0,0 +1,70 @@
+interface ExpandOptions {
+    /** Request timeout in milliseconds. Default: 10_000 */
+    timeout?: number;
+    /** Maximum number of redirects to follow. Default: 10 */
+    maxRedirects?: number;
+    /** User-Agent header value. Default: realistic browser UA */
+    userAgent?: string;
+    /** Additional headers to send with the request */
+    headers?: Record<string, string>;
+    /**
+     * Allow redirects from https: to http:.
+     * Default: true (backward compatible). Set to false in server-side contexts
+     * where downgrade attacks are a concern.
+     */
+    allowHttpDowngrade?: boolean;
+    /**
+     * If set, only follow redirects to hostnames in this list.
+     * Requests to any other hostname will throw an ExpandError.
+     * Useful for restricting expansion to known URL shorteners.
+     */
+    allowedHosts?: string[];
+    /**
+     * Block requests to private/local IP ranges and metadata endpoints.
+     * Covers: loopback (127.x, ::1), RFC1918 (10.x, 172.16-31.x, 192.168.x),
+     * link-local (169.254.x.x), cloud metadata (169.254.169.254), and common
+     * metadata hostnames (localhost, metadata.google.internal).
+     *
+     * Default: true. Set to false only if you need to expand internal URLs.
+     *
+     * Note: hostname-only check — does not resolve DNS. A hostname that resolves
+     * to a private IP at connection time is not blocked (DNS rebinding gap).
+     */
+    blockPrivateIPs?: boolean;
+}
+interface ExpandManyOptions extends ExpandOptions {
+    /** Maximum number of concurrent expansions. Default: 5 */
+    concurrency?: number;
+}
+interface ExpandResult {
+    /** The original URL passed in */
+    originalUrl: string;
+    /** The final URL after all redirects */
+    expandedUrl: string;
+    /** HTTP status code of the final response */
+    statusCode: number;
+    /** Each intermediate URL visited, not including the final destination */
+    redirectChain: string[];
+    /** Set when expansion failed — only present in expandMany results */
+    error?: string;
+}
+
+declare function expand(url: string, options?: ExpandOptions): Promise<ExpandResult>;
+
+declare function expandMany(urls: string[], options?: ExpandManyOptions): Promise<ExpandResult[]>;
+
+declare class ExpandError extends Error {
+    readonly url: string;
+    constructor(message: string, url: string);
+}
+declare class TimeoutError extends ExpandError {
+    constructor(url: string, timeoutMs: number);
+}
+declare class MaxRedirectsError extends ExpandError {
+    constructor(url: string, max: number);
+}
+declare class InvalidUrlError extends ExpandError {
+    constructor(url: string);
+}
+
+export { ExpandError, type ExpandManyOptions, type ExpandOptions, type ExpandResult, InvalidUrlError, MaxRedirectsError, TimeoutError, expand, expandMany };

package/dist/index.d.ts

@@ -0,0 +1,70 @@
+interface ExpandOptions {
+    /** Request timeout in milliseconds. Default: 10_000 */
+    timeout?: number;
+    /** Maximum number of redirects to follow. Default: 10 */
+    maxRedirects?: number;
+    /** User-Agent header value. Default: realistic browser UA */
+    userAgent?: string;
+    /** Additional headers to send with the request */
+    headers?: Record<string, string>;
+    /**
+     * Allow redirects from https: to http:.
+     * Default: true (backward compatible). Set to false in server-side contexts
+     * where downgrade attacks are a concern.
+     */
+    allowHttpDowngrade?: boolean;
+    /**
+     * If set, only follow redirects to hostnames in this list.
+     * Requests to any other hostname will throw an ExpandError.
+     * Useful for restricting expansion to known URL shorteners.
+     */
+    allowedHosts?: string[];
+    /**
+     * Block requests to private/local IP ranges and metadata endpoints.
+     * Covers: loopback (127.x, ::1), RFC1918 (10.x, 172.16-31.x, 192.168.x),
+     * link-local (169.254.x.x), cloud metadata (169.254.169.254), and common
+     * metadata hostnames (localhost, metadata.google.internal).
+     *
+     * Default: true. Set to false only if you need to expand internal URLs.
+     *
+     * Note: hostname-only check — does not resolve DNS. A hostname that resolves
+     * to a private IP at connection time is not blocked (DNS rebinding gap).
+     */
+    blockPrivateIPs?: boolean;
+}
+interface ExpandManyOptions extends ExpandOptions {
+    /** Maximum number of concurrent expansions. Default: 5 */
+    concurrency?: number;
+}
+interface ExpandResult {
+    /** The original URL passed in */
+    originalUrl: string;
+    /** The final URL after all redirects */
+    expandedUrl: string;
+    /** HTTP status code of the final response */
+    statusCode: number;
+    /** Each intermediate URL visited, not including the final destination */
+    redirectChain: string[];
+    /** Set when expansion failed — only present in expandMany results */
+    error?: string;
+}
+
+declare function expand(url: string, options?: ExpandOptions): Promise<ExpandResult>;
+
+declare function expandMany(urls: string[], options?: ExpandManyOptions): Promise<ExpandResult[]>;
+
+declare class ExpandError extends Error {
+    readonly url: string;
+    constructor(message: string, url: string);
+}
+declare class TimeoutError extends ExpandError {
+    constructor(url: string, timeoutMs: number);
+}
+declare class MaxRedirectsError extends ExpandError {
+    constructor(url: string, max: number);
+}
+declare class InvalidUrlError extends ExpandError {
+    constructor(url: string);
+}
+
+export { ExpandError, type ExpandManyOptions, type ExpandOptions, type ExpandResult, InvalidUrlError, MaxRedirectsError, TimeoutError, expand, expandMany };

package/dist/index.js

@@ -0,0 +1,197 @@
+// src/expand.ts
+import http from "http";
+import https from "https";
+
+// src/errors.ts
+var ExpandError = class extends Error {
+  constructor(message, url) {
+    super(message);
+    this.url = url;
+    this.name = "ExpandError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  url;
+};
+var TimeoutError = class extends ExpandError {
+  constructor(url, timeoutMs) {
+    super(`Request timed out after ${timeoutMs}ms`, url);
+    this.name = "TimeoutError";
+  }
+};
+var MaxRedirectsError = class extends ExpandError {
+  constructor(url, max) {
+    super(`Exceeded maximum of ${max} redirects`, url);
+    this.name = "MaxRedirectsError";
+  }
+};
+var InvalidUrlError = class extends ExpandError {
+  constructor(url) {
+    super(`Invalid or unsupported URL: ${url}`, url);
+    this.name = "InvalidUrlError";
+  }
+};
+
+// src/expand.ts
+var DEFAULT_TIMEOUT = 1e4;
+var DEFAULT_MAX_REDIRECTS = 10;
+var DEFAULT_UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36";
+var BLOCKED_HOSTNAMES = /* @__PURE__ */ new Set([
+  "localhost",
+  "metadata.google.internal"
+  // GCP metadata
+]);
+function isPrivateHost(hostname) {
+  const h = hostname.toLowerCase();
+  if (BLOCKED_HOSTNAMES.has(h)) return true;
+  if (h === "::1" || h.startsWith("fe80:") || h.startsWith("fc") || h.startsWith("fd")) {
+    return true;
+  }
+  const parts = h.split(".");
+  if (parts.length !== 4) return false;
+  const octets = parts.map(Number);
+  if (octets.some((o) => !Number.isInteger(o) || o < 0 || o > 255)) return false;
+  const [a, b] = octets;
+  return a === 0 || // 0.0.0.0/8      unspecified
+  a === 10 || // 10.0.0.0/8     RFC1918
+  a === 127 || // 127.0.0.0/8    loopback
+  a === 169 && b === 254 || // 169.254.0.0/16 link-local + cloud metadata
+  a === 172 && b >= 16 && b <= 31 || // 172.16.0.0/12 RFC1918
+  a === 192 && b === 168 || // 192.168.0.0/16 RFC1918
+  a === 255;
+}
+function makeRequest(url, options) {
+  return new Promise((resolve, reject) => {
+    const timeout = options.timeout ?? DEFAULT_TIMEOUT;
+    const lib = url.startsWith("https") ? https : http;
+    const req = lib.get(
+      url,
+      {
+        headers: {
+          "User-Agent": options.userAgent ?? DEFAULT_UA,
+          Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+          ...options.headers
+        }
+      },
+      (res) => {
+        const result = {
+          statusCode: res.statusCode ?? 0,
+          location: Array.isArray(res.headers.location) ? res.headers.location[0] : res.headers.location
+        };
+        resolve(result);
+        res.destroy();
+      }
+    );
+    req.setTimeout(timeout, () => {
+      req.destroy(new TimeoutError(url, timeout));
+    });
+    req.on("error", (err) => {
+      if (err instanceof TimeoutError) {
+        reject(err);
+        return;
+      }
+      reject(new ExpandError(err.message, url));
+    });
+  });
+}
+function assertHttpProtocol(url) {
+  let protocol;
+  try {
+    protocol = new URL(url).protocol;
+  } catch {
+    throw new InvalidUrlError(url);
+  }
+  if (protocol !== "http:" && protocol !== "https:") {
+    throw new InvalidUrlError(url);
+  }
+}
+function assertHostPolicy(url, options) {
+  const { hostname } = new URL(url);
+  if (options.blockPrivateIPs !== false && isPrivateHost(hostname)) {
+    throw new ExpandError(
+      `Requests to private/local hosts are blocked ("${hostname}"). Set blockPrivateIPs: false to allow.`,
+      url
+    );
+  }
+  if (options.allowedHosts && options.allowedHosts.length > 0) {
+    if (!options.allowedHosts.includes(hostname)) {
+      throw new ExpandError(
+        `"${hostname}" is not in the allowedHosts list`,
+        url
+      );
+    }
+  }
+}
+function assertRedirectPolicy(from, to, options) {
+  if (options.allowHttpDowngrade === false) {
+    const fromProto = new URL(from).protocol;
+    const toProto = new URL(to).protocol;
+    if (fromProto === "https:" && toProto === "http:") {
+      throw new ExpandError(
+        `HTTPS to HTTP downgrade blocked (set allowHttpDowngrade: true to permit)`,
+        from
+      );
+    }
+  }
+  assertHostPolicy(to, options);
+}
+async function expand(url, options = {}) {
+  assertHttpProtocol(url);
+  assertHostPolicy(url, options);
+  const max = options.maxRedirects ?? DEFAULT_MAX_REDIRECTS;
+  const chain = [];
+  let current = url;
+  for (let i = 0; i <= max; i++) {
+    const { statusCode, location } = await makeRequest(current, options);
+    const isRedirect = statusCode >= 300 && statusCode < 400;
+    if (isRedirect && location) {
+      chain.push(current);
+      const next = new URL(location, current).href;
+      assertHttpProtocol(next);
+      assertRedirectPolicy(current, next, options);
+      current = next;
+      continue;
+    }
+    return {
+      originalUrl: url,
+      expandedUrl: current,
+      statusCode,
+      redirectChain: chain
+    };
+  }
+  throw new MaxRedirectsError(url, max);
+}
+
+// src/expand-many.ts
+var DEFAULT_CONCURRENCY = 5;
+async function expandMany(urls, options = {}) {
+  const concurrency = options.concurrency ?? DEFAULT_CONCURRENCY;
+  const results = [];
+  for (let i = 0; i < urls.length; i += concurrency) {
+    const batch = urls.slice(i, i + concurrency);
+    const settled = await Promise.allSettled(batch.map((url) => expand(url, options)));
+    for (let j = 0; j < settled.length; j++) {
+      const outcome = settled[j];
+      if (outcome.status === "fulfilled") {
+        results.push(outcome.value);
+      } else {
+        results.push({
+          originalUrl: urls[i + j],
+          expandedUrl: urls[i + j],
+          statusCode: 0,
+          redirectChain: [],
+          error: outcome.reason instanceof Error ? outcome.reason.message : String(outcome.reason)
+        });
+      }
+    }
+  }
+  return results;
+}
+export {
+  ExpandError,
+  InvalidUrlError,
+  MaxRedirectsError,
+  TimeoutError,
+  expand,
+  expandMany
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/expand.ts","../src/errors.ts","../src/expand-many.ts"],"sourcesContent":["import http from 'node:http'\nimport https from 'node:https'\nimport { ExpandError, InvalidUrlError, MaxRedirectsError, TimeoutError } from './errors.js'\nimport type { ExpandOptions, ExpandResult } from './types.js'\n\nconst DEFAULT_TIMEOUT = 10_000\nconst DEFAULT_MAX_REDIRECTS = 10\nconst DEFAULT_UA =\n  'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'\n\n// ─── Private / local IP detection ─────────────────────────────────────────────\n\nconst BLOCKED_HOSTNAMES = new Set([\n  'localhost',\n  'metadata.google.internal', // GCP metadata\n])\n\nfunction isPrivateHost(hostname: string): boolean {\n  const h = hostname.toLowerCase()\n\n  if (BLOCKED_HOSTNAMES.has(h)) return true\n\n  // IPv6 loopback, link-local, ULA (fc00::/7)\n  if (h === '::1' || h.startsWith('fe80:') || h.startsWith('fc') || h.startsWith('fd')) {\n    return true\n  }\n\n  // IPv4: must be exactly 4 dot-separated octets\n  const parts = h.split('.')\n  if (parts.length !== 4) return false\n  const octets = parts.map(Number)\n  if (octets.some((o) => !Number.isInteger(o) || o < 0 || o > 255)) return false\n\n  const [a, b] = octets as [number, number, number, number]\n  return (\n    a === 0 ||                          // 0.0.0.0/8      unspecified\n    a === 10 ||                         // 10.0.0.0/8     RFC1918\n    a === 127 ||                        // 127.0.0.0/8    loopback\n    (a === 169 && b === 254) ||         // 169.254.0.0/16 link-local + cloud metadata\n    (a === 172 && b >= 16 && b <= 31) || // 172.16.0.0/12 RFC1918\n    (a === 192 && b === 168) ||         // 192.168.0.0/16 RFC1918\n    a === 255                           // 255.x.x.x      broadcast\n  )\n}\n\n// ─── Request (headers only — body is never read) ───────────────────────────────\n\ninterface RequestResult {\n  statusCode: number\n  location: string | undefined\n}\n\nfunction makeRequest(url: string, options: ExpandOptions): Promise<RequestResult> {\n  return new Promise((resolve, reject) => {\n    const timeout = options.timeout ?? DEFAULT_TIMEOUT\n    const lib = url.startsWith('https') ? https : http\n\n    const req = lib.get(\n      url,\n      {\n        headers: {\n          'User-Agent': options.userAgent ?? DEFAULT_UA,\n          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',\n          ...options.headers,\n        },\n      },\n      (res) => {\n        // Capture headers then immediately close — never read the response body.\n        // This prevents downloading large or malicious payloads (e.g. shell scripts).\n        const result: RequestResult = {\n          statusCode: res.statusCode ?? 0,\n          location: Array.isArray(res.headers.location)\n            ? res.headers.location[0]\n            : res.headers.location,\n        }\n        resolve(result)\n        res.destroy()\n      },\n    )\n\n    req.setTimeout(timeout, () => {\n      req.destroy(new TimeoutError(url, timeout))\n    })\n\n    req.on('error', (err) => {\n      if (err instanceof TimeoutError) {\n        reject(err)\n        return\n      }\n      // Ignore socket errors that result from our own res.destroy() call\n      // (promise is already resolved at that point, so reject is a no-op,\n      // but we guard here to avoid unhandled-rejection noise in edge cases)\n      reject(new ExpandError(err.message, url))\n    })\n  })\n}\n\n// ─── URL validation helpers ────────────────────────────────────────────────────\n\nfunction assertHttpProtocol(url: string): void {\n  let protocol: string\n  try {\n    protocol = new URL(url).protocol\n  } catch {\n    throw new InvalidUrlError(url)\n  }\n  if (protocol !== 'http:' && protocol !== 'https:') {\n    throw new InvalidUrlError(url)\n  }\n}\n\nfunction assertHostPolicy(url: string, options: ExpandOptions): void {\n  const { hostname } = new URL(url)\n\n  if (options.blockPrivateIPs !== false && isPrivateHost(hostname)) {\n    throw new ExpandError(\n      `Requests to private/local hosts are blocked (\"${hostname}\"). Set blockPrivateIPs: false to allow.`,\n      url,\n    )\n  }\n\n  if (options.allowedHosts && options.allowedHosts.length > 0) {\n    if (!options.allowedHosts.includes(hostname)) {\n      throw new ExpandError(\n        `\"${hostname}\" is not in the allowedHosts list`,\n        url,\n      )\n    }\n  }\n}\n\nfunction assertRedirectPolicy(from: string, to: string, options: ExpandOptions): void {\n  if (options.allowHttpDowngrade === false) {\n    const fromProto = new URL(from).protocol\n    const toProto   = new URL(to).protocol\n    if (fromProto === 'https:' && toProto === 'http:') {\n      throw new ExpandError(\n        `HTTPS to HTTP downgrade blocked (set allowHttpDowngrade: true to permit)`,\n        from,\n      )\n    }\n  }\n\n  assertHostPolicy(to, options)\n}\n\n// ─── Public API ────────────────────────────────────────────────────────────────\n\nexport async function expand(url: string, options: ExpandOptions = {}): Promise<ExpandResult> {\n  assertHttpProtocol(url)\n  assertHostPolicy(url, options)\n\n  const max   = options.maxRedirects ?? DEFAULT_MAX_REDIRECTS\n  const chain: string[] = []\n  let current = url\n\n  for (let i = 0; i <= max; i++) {\n    const { statusCode, location } = await makeRequest(current, options)\n\n    const isRedirect = statusCode >= 300 && statusCode < 400\n    if (isRedirect && location) {\n      chain.push(current)\n      const next = new URL(location, current).href\n      assertHttpProtocol(next)\n      assertRedirectPolicy(current, next, options)\n      current = next\n      continue\n    }\n\n    return {\n      originalUrl: url,\n      expandedUrl: current,\n      statusCode,\n      redirectChain: chain,\n    }\n  }\n\n  throw new MaxRedirectsError(url, max)\n}\n","export class ExpandError extends Error {\n  constructor(\n    message: string,\n    public readonly url: string,\n  ) {\n    super(message)\n    this.name = 'ExpandError'\n    Object.setPrototypeOf(this, new.target.prototype)\n  }\n}\n\nexport class TimeoutError extends ExpandError {\n  constructor(url: string, timeoutMs: number) {\n    super(`Request timed out after ${timeoutMs}ms`, url)\n    this.name = 'TimeoutError'\n  }\n}\n\nexport class MaxRedirectsError extends ExpandError {\n  constructor(url: string, max: number) {\n    super(`Exceeded maximum of ${max} redirects`, url)\n    this.name = 'MaxRedirectsError'\n  }\n}\n\nexport class InvalidUrlError extends ExpandError {\n  constructor(url: string) {\n    super(`Invalid or unsupported URL: ${url}`, url)\n    this.name = 'InvalidUrlError'\n  }\n}\n","import { expand } from './expand.js'\nimport type { ExpandManyOptions, ExpandResult } from './types.js'\n\nconst DEFAULT_CONCURRENCY = 5\n\nexport async function expandMany(\n  urls: string[],\n  options: ExpandManyOptions = {},\n): Promise<ExpandResult[]> {\n  const concurrency = options.concurrency ?? DEFAULT_CONCURRENCY\n  const results: ExpandResult[] = []\n\n  for (let i = 0; i < urls.length; i += concurrency) {\n    const batch = urls.slice(i, i + concurrency)\n    const settled = await Promise.allSettled(batch.map((url) => expand(url, options)))\n\n    for (let j = 0; j < settled.length; j++) {\n      const outcome = settled[j]!\n      if (outcome.status === 'fulfilled') {\n        results.push(outcome.value)\n      } else {\n        results.push({\n          originalUrl: urls[i + j]!,\n          expandedUrl: urls[i + j]!,\n          statusCode: 0,\n          redirectChain: [],\n          error: outcome.reason instanceof Error ? outcome.reason.message : String(outcome.reason),\n        })\n      }\n    }\n  }\n\n  return results\n}\n"],"mappings":";AAAA,OAAO,UAAU;AACjB,OAAO,WAAW;;;ACDX,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC,YACE,SACgB,KAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AAAA,EALkB;AAMpB;AAEO,IAAM,eAAN,cAA2B,YAAY;AAAA,EAC5C,YAAY,KAAa,WAAmB;AAC1C,UAAM,2BAA2B,SAAS,MAAM,GAAG;AACnD,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,oBAAN,cAAgC,YAAY;AAAA,EACjD,YAAY,KAAa,KAAa;AACpC,UAAM,uBAAuB,GAAG,cAAc,GAAG;AACjD,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,kBAAN,cAA8B,YAAY;AAAA,EAC/C,YAAY,KAAa;AACvB,UAAM,+BAA+B,GAAG,IAAI,GAAG;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ADzBA,IAAM,kBAAkB;AACxB,IAAM,wBAAwB;AAC9B,IAAM,aACJ;AAIF,IAAM,oBAAoB,oBAAI,IAAI;AAAA,EAChC;AAAA,EACA;AAAA;AACF,CAAC;AAED,SAAS,cAAc,UAA2B;AAChD,QAAM,IAAI,SAAS,YAAY;AAE/B,MAAI,kBAAkB,IAAI,CAAC,EAAG,QAAO;AAGrC,MAAI,MAAM,SAAS,EAAE,WAAW,OAAO,KAAK,EAAE,WAAW,IAAI,KAAK,EAAE,WAAW,IAAI,GAAG;AACpF,WAAO;AAAA,EACT;AAGA,QAAM,QAAQ,EAAE,MAAM,GAAG;AACzB,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,SAAS,MAAM,IAAI,MAAM;AAC/B,MAAI,OAAO,KAAK,CAAC,MAAM,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,KAAK,IAAI,GAAG,EAAG,QAAO;AAEzE,QAAM,CAAC,GAAG,CAAC,IAAI;AACf,SACE,MAAM;AAAA,EACN,MAAM;AAAA,EACN,MAAM;AAAA,EACL,MAAM,OAAO,MAAM;AAAA,EACnB,MAAM,OAAO,KAAK,MAAM,KAAK;AAAA,EAC7B,MAAM,OAAO,MAAM;AAAA,EACpB,MAAM;AAEV;AASA,SAAS,YAAY,KAAa,SAAgD;AAChF,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,UAAU,QAAQ,WAAW;AACnC,UAAM,MAAM,IAAI,WAAW,OAAO,IAAI,QAAQ;AAE9C,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,MACA;AAAA,QACE,SAAS;AAAA,UACP,cAAc,QAAQ,aAAa;AAAA,UACnC,QAAQ;AAAA,UACR,GAAG,QAAQ;AAAA,QACb;AAAA,MACF;AAAA,MACA,CAAC,QAAQ;AAGP,cAAM,SAAwB;AAAA,UAC5B,YAAY,IAAI,cAAc;AAAA,UAC9B,UAAU,MAAM,QAAQ,IAAI,QAAQ,QAAQ,IACxC,IAAI,QAAQ,SAAS,CAAC,IACtB,IAAI,QAAQ;AAAA,QAClB;AACA,gBAAQ,MAAM;AACd,YAAI,QAAQ;AAAA,MACd;AAAA,IACF;AAEA,QAAI,WAAW,SAAS,MAAM;AAC5B,UAAI,QAAQ,IAAI,aAAa,KAAK,OAAO,CAAC;AAAA,IAC5C,CAAC;AAED,QAAI,GAAG,SAAS,CAAC,QAAQ;AACvB,UAAI,eAAe,cAAc;AAC/B,eAAO,GAAG;AACV;AAAA,MACF;AAIA,aAAO,IAAI,YAAY,IAAI,SAAS,GAAG,CAAC;AAAA,IAC1C,CAAC;AAAA,EACH,CAAC;AACH;AAIA,SAAS,mBAAmB,KAAmB;AAC7C,MAAI;AACJ,MAAI;AACF,eAAW,IAAI,IAAI,GAAG,EAAE;AAAA,EAC1B,QAAQ;AACN,UAAM,IAAI,gBAAgB,GAAG;AAAA,EAC/B;AACA,MAAI,aAAa,WAAW,aAAa,UAAU;AACjD,UAAM,IAAI,gBAAgB,GAAG;AAAA,EAC/B;AACF;AAEA,SAAS,iBAAiB,KAAa,SAA8B;AACnE,QAAM,EAAE,SAAS,IAAI,IAAI,IAAI,GAAG;AAEhC,MAAI,QAAQ,oBAAoB,SAAS,cAAc,QAAQ,GAAG;AAChE,UAAM,IAAI;AAAA,MACR,iDAAiD,QAAQ;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,QAAQ,gBAAgB,QAAQ,aAAa,SAAS,GAAG;AAC3D,QAAI,CAAC,QAAQ,aAAa,SAAS,QAAQ,GAAG;AAC5C,YAAM,IAAI;AAAA,QACR,IAAI,QAAQ;AAAA,QACZ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,qBAAqB,MAAc,IAAY,SAA8B;AACpF,MAAI,QAAQ,uBAAuB,OAAO;AACxC,UAAM,YAAY,IAAI,IAAI,IAAI,EAAE;AAChC,UAAM,UAAY,IAAI,IAAI,EAAE,EAAE;AAC9B,QAAI,cAAc,YAAY,YAAY,SAAS;AACjD,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,mBAAiB,IAAI,OAAO;AAC9B;AAIA,eAAsB,OAAO,KAAa,UAAyB,CAAC,GAA0B;AAC5F,qBAAmB,GAAG;AACtB,mBAAiB,KAAK,OAAO;AAE7B,QAAM,MAAQ,QAAQ,gBAAgB;AACtC,QAAM,QAAkB,CAAC;AACzB,MAAI,UAAU;AAEd,WAAS,IAAI,GAAG,KAAK,KAAK,KAAK;AAC7B,UAAM,EAAE,YAAY,SAAS,IAAI,MAAM,YAAY,SAAS,OAAO;AAEnE,UAAM,aAAa,cAAc,OAAO,aAAa;AACrD,QAAI,cAAc,UAAU;AAC1B,YAAM,KAAK,OAAO;AAClB,YAAM,OAAO,IAAI,IAAI,UAAU,OAAO,EAAE;AACxC,yBAAmB,IAAI;AACvB,2BAAqB,SAAS,MAAM,OAAO;AAC3C,gBAAU;AACV;AAAA,IACF;AAEA,WAAO;AAAA,MACL,aAAa;AAAA,MACb,aAAa;AAAA,MACb;AAAA,MACA,eAAe;AAAA,IACjB;AAAA,EACF;AAEA,QAAM,IAAI,kBAAkB,KAAK,GAAG;AACtC;;;AE/KA,IAAM,sBAAsB;AAE5B,eAAsB,WACpB,MACA,UAA6B,CAAC,GACL;AACzB,QAAM,cAAc,QAAQ,eAAe;AAC3C,QAAM,UAA0B,CAAC;AAEjC,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK,aAAa;AACjD,UAAM,QAAQ,KAAK,MAAM,GAAG,IAAI,WAAW;AAC3C,UAAM,UAAU,MAAM,QAAQ,WAAW,MAAM,IAAI,CAAC,QAAQ,OAAO,KAAK,OAAO,CAAC,CAAC;AAEjF,aAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;AACvC,YAAM,UAAU,QAAQ,CAAC;AACzB,UAAI,QAAQ,WAAW,aAAa;AAClC,gBAAQ,KAAK,QAAQ,KAAK;AAAA,MAC5B,OAAO;AACL,gBAAQ,KAAK;AAAA,UACX,aAAa,KAAK,IAAI,CAAC;AAAA,UACvB,aAAa,KAAK,IAAI,CAAC;AAAA,UACvB,YAAY;AAAA,UACZ,eAAe,CAAC;AAAA,UAChB,OAAO,QAAQ,kBAAkB,QAAQ,QAAQ,OAAO,UAAU,OAAO,QAAQ,MAAM;AAAA,QACzF,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}