{ "version": 3, "sources": ["(disabled):crypto", "../../node_modules/crypto-js/core.js", "../../node_modules/crypto-js/sha256.js", "../../node_modules/crypto-js/enc-base64.js", "../../node_modules/crypto-js/enc-utf8.js", "../../src/index.ts", "../../src/utils/CryptoUtils.ts", "../../src/utils/Logger.ts", "../../src/utils/Event.ts", "../../node_modules/jwt-decode/lib/atob.js", "../../node_modules/jwt-decode/lib/base64_url_decode.js", "../../node_modules/jwt-decode/lib/index.js", "../../src/utils/JwtUtils.ts", "../../src/utils/PopupUtils.ts", "../../src/utils/Timer.ts", "../../src/utils/UrlUtils.ts", "../../src/errors/ErrorResponse.ts", "../../src/errors/ErrorTimeout.ts", "../../src/AccessTokenEvents.ts", "../../src/CheckSessionIFrame.ts", "../../src/InMemoryWebStorage.ts", "../../src/JsonService.ts", "../../src/MetadataService.ts", "../../src/WebStorageStateStore.ts", "../../src/OidcClientSettings.ts", "../../src/UserInfoService.ts", "../../src/TokenClient.ts", "../../src/ResponseValidator.ts", "../../src/State.ts", "../../src/SigninState.ts", "../../src/SigninRequest.ts", "../../src/SigninResponse.ts", "../../src/SignoutRequest.ts", "../../src/SignoutResponse.ts", "../../src/OidcClient.ts", "../../src/SessionMonitor.ts", "../../src/User.ts", "../../src/navigators/AbstractChildWindow.ts", "../../src/UserManagerSettings.ts", "../../src/navigators/IFrameWindow.ts", "../../src/navigators/IFrameNavigator.ts", "../../src/navigators/PopupWindow.ts", "../../src/navigators/PopupNavigator.ts", "../../src/navigators/RedirectNavigator.ts", "../../src/UserManagerEvents.ts", "../../src/SilentRenewService.ts", "../../src/RefreshState.ts", "../../src/UserManager.ts", "../../src/Version.ts"], "sourcesContent": ["", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory();\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\troot.CryptoJS = factory();\n\t}\n}(this, function () {\n\n\t/*globals window, global, require*/\n\n\t/**\n\t * CryptoJS core components.\n\t */\n\tvar CryptoJS = CryptoJS || (function (Math, undefined) {\n\n\t var crypto;\n\n\t // Native crypto from window (Browser)\n\t if (typeof window !== 'undefined' && window.crypto) {\n\t crypto = window.crypto;\n\t }\n\n\t // Native crypto in web worker (Browser)\n\t if (typeof self !== 'undefined' && self.crypto) {\n\t crypto = self.crypto;\n\t }\n\n\t // Native crypto from worker\n\t if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n\t crypto = globalThis.crypto;\n\t }\n\n\t // Native (experimental IE 11) crypto from window (Browser)\n\t if (!crypto && typeof window !== 'undefined' && window.msCrypto) {\n\t crypto = window.msCrypto;\n\t }\n\n\t // Native crypto from global (NodeJS)\n\t if (!crypto && typeof global !== 'undefined' && global.crypto) {\n\t crypto = global.crypto;\n\t }\n\n\t // Native crypto import via require (NodeJS)\n\t if (!crypto && typeof require === 'function') {\n\t try {\n\t crypto = require('crypto');\n\t } catch (err) {}\n\t }\n\n\t /*\n\t * Cryptographically secure pseudorandom number generator\n\t *\n\t * As Math.random() is cryptographically not safe to use\n\t */\n\t var cryptoSecureRandomInt = function () {\n\t if (crypto) {\n\t // Use getRandomValues method (Browser)\n\t if (typeof crypto.getRandomValues === 'function') {\n\t try {\n\t return crypto.getRandomValues(new Uint32Array(1))[0];\n\t } catch (err) {}\n\t }\n\n\t // Use randomBytes method (NodeJS)\n\t if (typeof crypto.randomBytes === 'function') {\n\t try {\n\t return crypto.randomBytes(4).readInt32LE();\n\t } catch (err) {}\n\t }\n\t }\n\n\t throw new Error('Native crypto module could not be used to get secure random number.');\n\t };\n\n\t /*\n\t * Local polyfill of Object.create\n\n\t */\n\t var create = Object.create || (function () {\n\t function F() {}\n\n\t return function (obj) {\n\t var subtype;\n\n\t F.prototype = obj;\n\n\t subtype = new F();\n\n\t F.prototype = null;\n\n\t return subtype;\n\t };\n\t }());\n\n\t /**\n\t * CryptoJS namespace.\n\t */\n\t var C = {};\n\n\t /**\n\t * Library namespace.\n\t */\n\t var C_lib = C.lib = {};\n\n\t /**\n\t * Base object for prototypal inheritance.\n\t */\n\t var Base = C_lib.Base = (function () {\n\n\n\t return {\n\t /**\n\t * Creates a new object that inherits from this object.\n\t *\n\t * @param {Object} overrides Properties to copy into the new object.\n\t *\n\t * @return {Object} The new object.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var MyType = CryptoJS.lib.Base.extend({\n\t * field: 'value',\n\t *\n\t * method: function () {\n\t * }\n\t * });\n\t */\n\t extend: function (overrides) {\n\t // Spawn\n\t var subtype = create(this);\n\n\t // Augment\n\t if (overrides) {\n\t subtype.mixIn(overrides);\n\t }\n\n\t // Create default initializer\n\t if (!subtype.hasOwnProperty('init') || this.init === subtype.init) {\n\t subtype.init = function () {\n\t subtype.$super.init.apply(this, arguments);\n\t };\n\t }\n\n\t // Initializer's prototype is the subtype object\n\t subtype.init.prototype = subtype;\n\n\t // Reference supertype\n\t subtype.$super = this;\n\n\t return subtype;\n\t },\n\n\t /**\n\t * Extends this object and runs the init method.\n\t * Arguments to create() will be passed to init().\n\t *\n\t * @return {Object} The new object.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var instance = MyType.create();\n\t */\n\t create: function () {\n\t var instance = this.extend();\n\t instance.init.apply(instance, arguments);\n\n\t return instance;\n\t },\n\n\t /**\n\t * Initializes a newly created object.\n\t * Override this method to add some logic when your objects are created.\n\t *\n\t * @example\n\t *\n\t * var MyType = CryptoJS.lib.Base.extend({\n\t * init: function () {\n\t * // ...\n\t * }\n\t * });\n\t */\n\t init: function () {\n\t },\n\n\t /**\n\t * Copies properties into this object.\n\t *\n\t * @param {Object} properties The properties to mix in.\n\t *\n\t * @example\n\t *\n\t * MyType.mixIn({\n\t * field: 'value'\n\t * });\n\t */\n\t mixIn: function (properties) {\n\t for (var propertyName in properties) {\n\t if (properties.hasOwnProperty(propertyName)) {\n\t this[propertyName] = properties[propertyName];\n\t }\n\t }\n\n\t // IE won't copy toString using the loop above\n\t if (properties.hasOwnProperty('toString')) {\n\t this.toString = properties.toString;\n\t }\n\t },\n\n\t /**\n\t * Creates a copy of this object.\n\t *\n\t * @return {Object} The clone.\n\t *\n\t * @example\n\t *\n\t * var clone = instance.clone();\n\t */\n\t clone: function () {\n\t return this.init.prototype.extend(this);\n\t }\n\t };\n\t }());\n\n\t /**\n\t * An array of 32-bit words.\n\t *\n\t * @property {Array} words The array of 32-bit words.\n\t * @property {number} sigBytes The number of significant bytes in this word array.\n\t */\n\t var WordArray = C_lib.WordArray = Base.extend({\n\t /**\n\t * Initializes a newly created word array.\n\t *\n\t * @param {Array} words (Optional) An array of 32-bit words.\n\t * @param {number} sigBytes (Optional) The number of significant bytes in the words.\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.lib.WordArray.create();\n\t * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);\n\t * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);\n\t */\n\t init: function (words, sigBytes) {\n\t words = this.words = words || [];\n\n\t if (sigBytes != undefined) {\n\t this.sigBytes = sigBytes;\n\t } else {\n\t this.sigBytes = words.length * 4;\n\t }\n\t },\n\n\t /**\n\t * Converts this word array to a string.\n\t *\n\t * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex\n\t *\n\t * @return {string} The stringified word array.\n\t *\n\t * @example\n\t *\n\t * var string = wordArray + '';\n\t * var string = wordArray.toString();\n\t * var string = wordArray.toString(CryptoJS.enc.Utf8);\n\t */\n\t toString: function (encoder) {\n\t return (encoder || Hex).stringify(this);\n\t },\n\n\t /**\n\t * Concatenates a word array to this word array.\n\t *\n\t * @param {WordArray} wordArray The word array to append.\n\t *\n\t * @return {WordArray} This word array.\n\t *\n\t * @example\n\t *\n\t * wordArray1.concat(wordArray2);\n\t */\n\t concat: function (wordArray) {\n\t // Shortcuts\n\t var thisWords = this.words;\n\t var thatWords = wordArray.words;\n\t var thisSigBytes = this.sigBytes;\n\t var thatSigBytes = wordArray.sigBytes;\n\n\t // Clamp excess bits\n\t this.clamp();\n\n\t // Concat\n\t if (thisSigBytes % 4) {\n\t // Copy one byte at a time\n\t for (var i = 0; i < thatSigBytes; i++) {\n\t var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);\n\t }\n\t } else {\n\t // Copy one word at a time\n\t for (var j = 0; j < thatSigBytes; j += 4) {\n\t thisWords[(thisSigBytes + j) >>> 2] = thatWords[j >>> 2];\n\t }\n\t }\n\t this.sigBytes += thatSigBytes;\n\n\t // Chainable\n\t return this;\n\t },\n\n\t /**\n\t * Removes insignificant bits.\n\t *\n\t * @example\n\t *\n\t * wordArray.clamp();\n\t */\n\t clamp: function () {\n\t // Shortcuts\n\t var words = this.words;\n\t var sigBytes = this.sigBytes;\n\n\t // Clamp\n\t words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);\n\t words.length = Math.ceil(sigBytes / 4);\n\t },\n\n\t /**\n\t * Creates a copy of this word array.\n\t *\n\t * @return {WordArray} The clone.\n\t *\n\t * @example\n\t *\n\t * var clone = wordArray.clone();\n\t */\n\t clone: function () {\n\t var clone = Base.clone.call(this);\n\t clone.words = this.words.slice(0);\n\n\t return clone;\n\t },\n\n\t /**\n\t * Creates a word array filled with random bytes.\n\t *\n\t * @param {number} nBytes The number of random bytes to generate.\n\t *\n\t * @return {WordArray} The random word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.lib.WordArray.random(16);\n\t */\n\t random: function (nBytes) {\n\t var words = [];\n\n\t for (var i = 0; i < nBytes; i += 4) {\n\t words.push(cryptoSecureRandomInt());\n\t }\n\n\t return new WordArray.init(words, nBytes);\n\t }\n\t });\n\n\t /**\n\t * Encoder namespace.\n\t */\n\t var C_enc = C.enc = {};\n\n\t /**\n\t * Hex encoding strategy.\n\t */\n\t var Hex = C_enc.Hex = {\n\t /**\n\t * Converts a word array to a hex string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The hex string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var hexString = CryptoJS.enc.Hex.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t // Shortcuts\n\t var words = wordArray.words;\n\t var sigBytes = wordArray.sigBytes;\n\n\t // Convert\n\t var hexChars = [];\n\t for (var i = 0; i < sigBytes; i++) {\n\t var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t hexChars.push((bite >>> 4).toString(16));\n\t hexChars.push((bite & 0x0f).toString(16));\n\t }\n\n\t return hexChars.join('');\n\t },\n\n\t /**\n\t * Converts a hex string to a word array.\n\t *\n\t * @param {string} hexStr The hex string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Hex.parse(hexString);\n\t */\n\t parse: function (hexStr) {\n\t // Shortcut\n\t var hexStrLength = hexStr.length;\n\n\t // Convert\n\t var words = [];\n\t for (var i = 0; i < hexStrLength; i += 2) {\n\t words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);\n\t }\n\n\t return new WordArray.init(words, hexStrLength / 2);\n\t }\n\t };\n\n\t /**\n\t * Latin1 encoding strategy.\n\t */\n\t var Latin1 = C_enc.Latin1 = {\n\t /**\n\t * Converts a word array to a Latin1 string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The Latin1 string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t // Shortcuts\n\t var words = wordArray.words;\n\t var sigBytes = wordArray.sigBytes;\n\n\t // Convert\n\t var latin1Chars = [];\n\t for (var i = 0; i < sigBytes; i++) {\n\t var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t latin1Chars.push(String.fromCharCode(bite));\n\t }\n\n\t return latin1Chars.join('');\n\t },\n\n\t /**\n\t * Converts a Latin1 string to a word array.\n\t *\n\t * @param {string} latin1Str The Latin1 string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);\n\t */\n\t parse: function (latin1Str) {\n\t // Shortcut\n\t var latin1StrLength = latin1Str.length;\n\n\t // Convert\n\t var words = [];\n\t for (var i = 0; i < latin1StrLength; i++) {\n\t words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);\n\t }\n\n\t return new WordArray.init(words, latin1StrLength);\n\t }\n\t };\n\n\t /**\n\t * UTF-8 encoding strategy.\n\t */\n\t var Utf8 = C_enc.Utf8 = {\n\t /**\n\t * Converts a word array to a UTF-8 string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The UTF-8 string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t try {\n\t return decodeURIComponent(escape(Latin1.stringify(wordArray)));\n\t } catch (e) {\n\t throw new Error('Malformed UTF-8 data');\n\t }\n\t },\n\n\t /**\n\t * Converts a UTF-8 string to a word array.\n\t *\n\t * @param {string} utf8Str The UTF-8 string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);\n\t */\n\t parse: function (utf8Str) {\n\t return Latin1.parse(unescape(encodeURIComponent(utf8Str)));\n\t }\n\t };\n\n\t /**\n\t * Abstract buffered block algorithm template.\n\t *\n\t * The property blockSize must be implemented in a concrete subtype.\n\t *\n\t * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0\n\t */\n\t var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({\n\t /**\n\t * Resets this block algorithm's data buffer to its initial state.\n\t *\n\t * @example\n\t *\n\t * bufferedBlockAlgorithm.reset();\n\t */\n\t reset: function () {\n\t // Initial values\n\t this._data = new WordArray.init();\n\t this._nDataBytes = 0;\n\t },\n\n\t /**\n\t * Adds new data to this block algorithm's buffer.\n\t *\n\t * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.\n\t *\n\t * @example\n\t *\n\t * bufferedBlockAlgorithm._append('data');\n\t * bufferedBlockAlgorithm._append(wordArray);\n\t */\n\t _append: function (data) {\n\t // Convert string to WordArray, else assume WordArray already\n\t if (typeof data == 'string') {\n\t data = Utf8.parse(data);\n\t }\n\n\t // Append\n\t this._data.concat(data);\n\t this._nDataBytes += data.sigBytes;\n\t },\n\n\t /**\n\t * Processes available data blocks.\n\t *\n\t * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.\n\t *\n\t * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.\n\t *\n\t * @return {WordArray} The processed data.\n\t *\n\t * @example\n\t *\n\t * var processedData = bufferedBlockAlgorithm._process();\n\t * var processedData = bufferedBlockAlgorithm._process(!!'flush');\n\t */\n\t _process: function (doFlush) {\n\t var processedWords;\n\n\t // Shortcuts\n\t var data = this._data;\n\t var dataWords = data.words;\n\t var dataSigBytes = data.sigBytes;\n\t var blockSize = this.blockSize;\n\t var blockSizeBytes = blockSize * 4;\n\n\t // Count blocks ready\n\t var nBlocksReady = dataSigBytes / blockSizeBytes;\n\t if (doFlush) {\n\t // Round up to include partial blocks\n\t nBlocksReady = Math.ceil(nBlocksReady);\n\t } else {\n\t // Round down to include only full blocks,\n\t // less the number of blocks that must remain in the buffer\n\t nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);\n\t }\n\n\t // Count words ready\n\t var nWordsReady = nBlocksReady * blockSize;\n\n\t // Count bytes ready\n\t var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);\n\n\t // Process blocks\n\t if (nWordsReady) {\n\t for (var offset = 0; offset < nWordsReady; offset += blockSize) {\n\t // Perform concrete-algorithm logic\n\t this._doProcessBlock(dataWords, offset);\n\t }\n\n\t // Remove processed words\n\t processedWords = dataWords.splice(0, nWordsReady);\n\t data.sigBytes -= nBytesReady;\n\t }\n\n\t // Return processed words\n\t return new WordArray.init(processedWords, nBytesReady);\n\t },\n\n\t /**\n\t * Creates a copy of this object.\n\t *\n\t * @return {Object} The clone.\n\t *\n\t * @example\n\t *\n\t * var clone = bufferedBlockAlgorithm.clone();\n\t */\n\t clone: function () {\n\t var clone = Base.clone.call(this);\n\t clone._data = this._data.clone();\n\n\t return clone;\n\t },\n\n\t _minBufferSize: 0\n\t });\n\n\t /**\n\t * Abstract hasher template.\n\t *\n\t * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)\n\t */\n\t var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({\n\t /**\n\t * Configuration options.\n\t */\n\t cfg: Base.extend(),\n\n\t /**\n\t * Initializes a newly created hasher.\n\t *\n\t * @param {Object} cfg (Optional) The configuration options to use for this hash computation.\n\t *\n\t * @example\n\t *\n\t * var hasher = CryptoJS.algo.SHA256.create();\n\t */\n\t init: function (cfg) {\n\t // Apply config defaults\n\t this.cfg = this.cfg.extend(cfg);\n\n\t // Set initial values\n\t this.reset();\n\t },\n\n\t /**\n\t * Resets this hasher to its initial state.\n\t *\n\t * @example\n\t *\n\t * hasher.reset();\n\t */\n\t reset: function () {\n\t // Reset data buffer\n\t BufferedBlockAlgorithm.reset.call(this);\n\n\t // Perform concrete-hasher logic\n\t this._doReset();\n\t },\n\n\t /**\n\t * Updates this hasher with a message.\n\t *\n\t * @param {WordArray|string} messageUpdate The message to append.\n\t *\n\t * @return {Hasher} This hasher.\n\t *\n\t * @example\n\t *\n\t * hasher.update('message');\n\t * hasher.update(wordArray);\n\t */\n\t update: function (messageUpdate) {\n\t // Append\n\t this._append(messageUpdate);\n\n\t // Update the hash\n\t this._process();\n\n\t // Chainable\n\t return this;\n\t },\n\n\t /**\n\t * Finalizes the hash computation.\n\t * Note that the finalize operation is effectively a destructive, read-once operation.\n\t *\n\t * @param {WordArray|string} messageUpdate (Optional) A final message update.\n\t *\n\t * @return {WordArray} The hash.\n\t *\n\t * @example\n\t *\n\t * var hash = hasher.finalize();\n\t * var hash = hasher.finalize('message');\n\t * var hash = hasher.finalize(wordArray);\n\t */\n\t finalize: function (messageUpdate) {\n\t // Final message update\n\t if (messageUpdate) {\n\t this._append(messageUpdate);\n\t }\n\n\t // Perform concrete-hasher logic\n\t var hash = this._doFinalize();\n\n\t return hash;\n\t },\n\n\t blockSize: 512/32,\n\n\t /**\n\t * Creates a shortcut function to a hasher's object interface.\n\t *\n\t * @param {Hasher} hasher The hasher to create a helper for.\n\t *\n\t * @return {Function} The shortcut function.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);\n\t */\n\t _createHelper: function (hasher) {\n\t return function (message, cfg) {\n\t return new hasher.init(cfg).finalize(message);\n\t };\n\t },\n\n\t /**\n\t * Creates a shortcut function to the HMAC's object interface.\n\t *\n\t * @param {Hasher} hasher The hasher to use in this HMAC helper.\n\t *\n\t * @return {Function} The shortcut function.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);\n\t */\n\t _createHmacHelper: function (hasher) {\n\t return function (message, key) {\n\t return new C_algo.HMAC.init(hasher, key).finalize(message);\n\t };\n\t }\n\t });\n\n\t /**\n\t * Algorithm namespace.\n\t */\n\t var C_algo = C.algo = {};\n\n\t return C;\n\t}(Math));\n\n\n\treturn CryptoJS;\n\n}));", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory(require(\"./core\"));\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([\"./core\"], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\tfactory(root.CryptoJS);\n\t}\n}(this, function (CryptoJS) {\n\n\t(function (Math) {\n\t // Shortcuts\n\t var C = CryptoJS;\n\t var C_lib = C.lib;\n\t var WordArray = C_lib.WordArray;\n\t var Hasher = C_lib.Hasher;\n\t var C_algo = C.algo;\n\n\t // Initialization and round constants tables\n\t var H = [];\n\t var K = [];\n\n\t // Compute constants\n\t (function () {\n\t function isPrime(n) {\n\t var sqrtN = Math.sqrt(n);\n\t for (var factor = 2; factor <= sqrtN; factor++) {\n\t if (!(n % factor)) {\n\t return false;\n\t }\n\t }\n\n\t return true;\n\t }\n\n\t function getFractionalBits(n) {\n\t return ((n - (n | 0)) * 0x100000000) | 0;\n\t }\n\n\t var n = 2;\n\t var nPrime = 0;\n\t while (nPrime < 64) {\n\t if (isPrime(n)) {\n\t if (nPrime < 8) {\n\t H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));\n\t }\n\t K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));\n\n\t nPrime++;\n\t }\n\n\t n++;\n\t }\n\t }());\n\n\t // Reusable object\n\t var W = [];\n\n\t /**\n\t * SHA-256 hash algorithm.\n\t */\n\t var SHA256 = C_algo.SHA256 = Hasher.extend({\n\t _doReset: function () {\n\t this._hash = new WordArray.init(H.slice(0));\n\t },\n\n\t _doProcessBlock: function (M, offset) {\n\t // Shortcut\n\t var H = this._hash.words;\n\n\t // Working variables\n\t var a = H[0];\n\t var b = H[1];\n\t var c = H[2];\n\t var d = H[3];\n\t var e = H[4];\n\t var f = H[5];\n\t var g = H[6];\n\t var h = H[7];\n\n\t // Computation\n\t for (var i = 0; i < 64; i++) {\n\t if (i < 16) {\n\t W[i] = M[offset + i] | 0;\n\t } else {\n\t var gamma0x = W[i - 15];\n\t var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^\n\t ((gamma0x << 14) | (gamma0x >>> 18)) ^\n\t (gamma0x >>> 3);\n\n\t var gamma1x = W[i - 2];\n\t var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^\n\t ((gamma1x << 13) | (gamma1x >>> 19)) ^\n\t (gamma1x >>> 10);\n\n\t W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];\n\t }\n\n\t var ch = (e & f) ^ (~e & g);\n\t var maj = (a & b) ^ (a & c) ^ (b & c);\n\n\t var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));\n\t var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));\n\n\t var t1 = h + sigma1 + ch + K[i] + W[i];\n\t var t2 = sigma0 + maj;\n\n\t h = g;\n\t g = f;\n\t f = e;\n\t e = (d + t1) | 0;\n\t d = c;\n\t c = b;\n\t b = a;\n\t a = (t1 + t2) | 0;\n\t }\n\n\t // Intermediate hash value\n\t H[0] = (H[0] + a) | 0;\n\t H[1] = (H[1] + b) | 0;\n\t H[2] = (H[2] + c) | 0;\n\t H[3] = (H[3] + d) | 0;\n\t H[4] = (H[4] + e) | 0;\n\t H[5] = (H[5] + f) | 0;\n\t H[6] = (H[6] + g) | 0;\n\t H[7] = (H[7] + h) | 0;\n\t },\n\n\t _doFinalize: function () {\n\t // Shortcuts\n\t var data = this._data;\n\t var dataWords = data.words;\n\n\t var nBitsTotal = this._nDataBytes * 8;\n\t var nBitsLeft = data.sigBytes * 8;\n\n\t // Add padding\n\t dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);\n\t dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);\n\t dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;\n\t data.sigBytes = dataWords.length * 4;\n\n\t // Hash final blocks\n\t this._process();\n\n\t // Return final computed hash\n\t return this._hash;\n\t },\n\n\t clone: function () {\n\t var clone = Hasher.clone.call(this);\n\t clone._hash = this._hash.clone();\n\n\t return clone;\n\t }\n\t });\n\n\t /**\n\t * Shortcut function to the hasher's object interface.\n\t *\n\t * @param {WordArray|string} message The message to hash.\n\t *\n\t * @return {WordArray} The hash.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var hash = CryptoJS.SHA256('message');\n\t * var hash = CryptoJS.SHA256(wordArray);\n\t */\n\t C.SHA256 = Hasher._createHelper(SHA256);\n\n\t /**\n\t * Shortcut function to the HMAC's object interface.\n\t *\n\t * @param {WordArray|string} message The message to hash.\n\t * @param {WordArray|string} key The secret key.\n\t *\n\t * @return {WordArray} The HMAC.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var hmac = CryptoJS.HmacSHA256(message, key);\n\t */\n\t C.HmacSHA256 = Hasher._createHmacHelper(SHA256);\n\t}(Math));\n\n\n\treturn CryptoJS.SHA256;\n\n}));", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory(require(\"./core\"));\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([\"./core\"], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\tfactory(root.CryptoJS);\n\t}\n}(this, function (CryptoJS) {\n\n\t(function () {\n\t // Shortcuts\n\t var C = CryptoJS;\n\t var C_lib = C.lib;\n\t var WordArray = C_lib.WordArray;\n\t var C_enc = C.enc;\n\n\t /**\n\t * Base64 encoding strategy.\n\t */\n\t var Base64 = C_enc.Base64 = {\n\t /**\n\t * Converts a word array to a Base64 string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The Base64 string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var base64String = CryptoJS.enc.Base64.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t // Shortcuts\n\t var words = wordArray.words;\n\t var sigBytes = wordArray.sigBytes;\n\t var map = this._map;\n\n\t // Clamp excess bits\n\t wordArray.clamp();\n\n\t // Convert\n\t var base64Chars = [];\n\t for (var i = 0; i < sigBytes; i += 3) {\n\t var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;\n\t var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;\n\n\t var triplet = (byte1 << 16) | (byte2 << 8) | byte3;\n\n\t for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {\n\t base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));\n\t }\n\t }\n\n\t // Add padding\n\t var paddingChar = map.charAt(64);\n\t if (paddingChar) {\n\t while (base64Chars.length % 4) {\n\t base64Chars.push(paddingChar);\n\t }\n\t }\n\n\t return base64Chars.join('');\n\t },\n\n\t /**\n\t * Converts a Base64 string to a word array.\n\t *\n\t * @param {string} base64Str The Base64 string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Base64.parse(base64String);\n\t */\n\t parse: function (base64Str) {\n\t // Shortcuts\n\t var base64StrLength = base64Str.length;\n\t var map = this._map;\n\t var reverseMap = this._reverseMap;\n\n\t if (!reverseMap) {\n\t reverseMap = this._reverseMap = [];\n\t for (var j = 0; j < map.length; j++) {\n\t reverseMap[map.charCodeAt(j)] = j;\n\t }\n\t }\n\n\t // Ignore padding\n\t var paddingChar = map.charAt(64);\n\t if (paddingChar) {\n\t var paddingIndex = base64Str.indexOf(paddingChar);\n\t if (paddingIndex !== -1) {\n\t base64StrLength = paddingIndex;\n\t }\n\t }\n\n\t // Convert\n\t return parseLoop(base64Str, base64StrLength, reverseMap);\n\n\t },\n\n\t _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='\n\t };\n\n\t function parseLoop(base64Str, base64StrLength, reverseMap) {\n\t var words = [];\n\t var nBytes = 0;\n\t for (var i = 0; i < base64StrLength; i++) {\n\t if (i % 4) {\n\t var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2);\n\t var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2);\n\t var bitsCombined = bits1 | bits2;\n\t words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8);\n\t nBytes++;\n\t }\n\t }\n\t return WordArray.create(words, nBytes);\n\t }\n\t}());\n\n\n\treturn CryptoJS.enc.Base64;\n\n}));", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory(require(\"./core\"));\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([\"./core\"], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\tfactory(root.CryptoJS);\n\t}\n}(this, function (CryptoJS) {\n\n\treturn CryptoJS.enc.Utf8;\n\n}));", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nexport { ErrorResponse, ErrorTimeout } from \"./errors\";\nexport type { IFrameWindowParams, PopupWindowParams, RedirectParams } from \"./navigators\";\nexport { Log, Logger } from \"./utils\";\nexport type { ILogger, PopupWindowFeatures } from \"./utils\";\nexport type { OidcAddressClaim, OidcStandardClaims, IdTokenClaims, JwtClaims } from \"./Claims\";\n\nexport { AccessTokenEvents } from \"./AccessTokenEvents\";\nexport type { AccessTokenCallback } from \"./AccessTokenEvents\";\nexport { CheckSessionIFrame } from \"./CheckSessionIFrame\";\nexport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\nexport type { AsyncStorage } from \"./AsyncStorage\";\nexport { MetadataService } from \"./MetadataService\";\nexport * from \"./OidcClient\";\nexport { OidcClientSettingsStore } from \"./OidcClientSettings\";\nexport type { OidcClientSettings, SigningKey } from \"./OidcClientSettings\";\nexport type { OidcMetadata } from \"./OidcMetadata\";\nexport { SessionMonitor } from \"./SessionMonitor\";\nexport type { SessionStatus } from \"./SessionStatus\";\nexport type { SigninRequest, SigninRequestArgs } from \"./SigninRequest\";\nexport { SigninResponse } from \"./SigninResponse\";\nexport { SigninState } from \"./SigninState\";\nexport type { SignoutRequest, SignoutRequestArgs } from \"./SignoutRequest\";\nexport { SignoutResponse } from \"./SignoutResponse\";\nexport { State } from \"./State\";\nexport type { StateStore } from \"./StateStore\";\nexport { User } from \"./User\";\nexport type { UserProfile } from \"./User\";\nexport * from \"./UserManager\";\nexport type {\n UserManagerEvents,\n SilentRenewErrorCallback,\n UserLoadedCallback,\n UserSessionChangedCallback,\n UserSignedInCallback,\n UserSignedOutCallback,\n UserUnloadedCallback,\n} from \"./UserManagerEvents\";\nexport { UserManagerSettingsStore } from \"./UserManagerSettings\";\nexport type { UserManagerSettings } from \"./UserManagerSettings\";\nexport { Version } from \"./Version\";\nexport { WebStorageStateStore } from \"./WebStorageStateStore\";\n", "import CryptoJS from \"crypto-js/core.js\";\nimport sha256 from \"crypto-js/sha256.js\";\nimport Base64 from \"crypto-js/enc-base64.js\";\nimport Utf8 from \"crypto-js/enc-utf8.js\";\n\nimport { Logger } from \"./Logger\";\n\nconst UUID_V4_TEMPLATE = \"10000000-1000-4000-8000-100000000000\";\n\n/**\n * @internal\n */\nexport class CryptoUtils {\n private static _randomWord(): number {\n return CryptoJS.lib.WordArray.random(1).words[0];\n }\n\n /**\n * Generates RFC4122 version 4 guid\n */\n public static generateUUIDv4(): string {\n const uuid = UUID_V4_TEMPLATE.replace(/[018]/g, c =>\n (+c ^ CryptoUtils._randomWord() & 15 >> +c / 4).toString(16),\n );\n return uuid.replace(/-/g, \"\");\n }\n\n /**\n * PKCE: Generate a code verifier\n */\n public static generateCodeVerifier(): string {\n return CryptoUtils.generateUUIDv4() + CryptoUtils.generateUUIDv4() + CryptoUtils.generateUUIDv4();\n }\n\n /**\n * PKCE: Generate a code challenge\n */\n public static generateCodeChallenge(code_verifier: string): string {\n try {\n const hashed = sha256(code_verifier);\n return Base64.stringify(hashed).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n }\n catch (err) {\n Logger.error(\"CryptoUtils.generateCodeChallenge\", err);\n throw err;\n }\n }\n\n /**\n * Generates a base64-encoded string for a basic auth header\n */\n public static generateBasicAuth(client_id: string, client_secret: string): string {\n const basicAuth = Utf8.parse([client_id, client_secret].join(\":\"));\n return Base64.stringify(basicAuth);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * Native interface\n *\n * @public\n */\nexport interface ILogger {\n debug(...args: unknown[]): void;\n info(...args: unknown[]): void;\n warn(...args: unknown[]): void;\n error(...args: unknown[]): void;\n}\n\nconst nopLogger: ILogger = {\n debug: () => undefined,\n info: () => undefined,\n warn: () => undefined,\n error: () => undefined,\n};\n\nlet level: number;\nlet logger: ILogger;\n\n/**\n * Log levels\n *\n * @public\n */\nexport enum Log {\n NONE,\n ERROR,\n WARN,\n INFO,\n DEBUG\n}\n\n/**\n * Log manager\n *\n * @public\n */\nexport namespace Log { // eslint-disable-line @typescript-eslint/no-namespace\n export function reset(): void {\n level = Log.INFO;\n logger = nopLogger;\n }\n\n export function setLevel(value: Log): void {\n if (!(Log.NONE <= value && value <= Log.DEBUG)) {\n throw new Error(\"Invalid log level\");\n }\n level = value;\n }\n\n export function setLogger(value: ILogger): void {\n logger = value;\n }\n}\n\n/**\n * Internal logger instance\n *\n * @public\n */\nexport class Logger {\n private _method?: string;\n public constructor(private _name: string) {}\n\n public debug(...args: unknown[]): void {\n if (level >= Log.DEBUG) {\n logger.debug(Logger._format(this._name, this._method), ...args);\n }\n }\n public info(...args: unknown[]): void {\n if (level >= Log.INFO) {\n logger.info(Logger._format(this._name, this._method), ...args);\n }\n }\n public warn(...args: unknown[]): void {\n if (level >= Log.WARN) {\n logger.warn(Logger._format(this._name, this._method), ...args);\n }\n }\n public error(...args: unknown[]): void {\n if (level >= Log.ERROR) {\n logger.error(Logger._format(this._name, this._method), ...args);\n }\n }\n\n public throw(err: Error): never {\n this.error(err);\n throw err;\n }\n\n public create(method: string): Logger {\n const methodLogger: Logger = Object.create(this);\n methodLogger._method = method;\n methodLogger.debug(\"begin\");\n return methodLogger;\n }\n\n public static createStatic(name: string, staticMethod: string): Logger {\n const staticLogger = new Logger(`${name}.${staticMethod}`);\n staticLogger.debug(\"begin\");\n return staticLogger;\n }\n\n private static _format(name: string, method?: string) {\n const prefix = `[${name}]`;\n return method ? `${prefix} ${method}:` : prefix;\n }\n\n // helpers for static class methods\n public static debug(name: string, ...args: unknown[]): void {\n if (level >= Log.DEBUG) {\n logger.debug(Logger._format(name), ...args);\n }\n }\n public static info(name: string, ...args: unknown[]): void {\n if (level >= Log.INFO) {\n logger.info(Logger._format(name), ...args);\n }\n }\n public static warn(name: string, ...args: unknown[]): void {\n if (level >= Log.WARN) {\n logger.warn(Logger._format(name), ...args);\n }\n }\n public static error(name: string, ...args: unknown[]): void {\n if (level >= Log.ERROR) {\n logger.error(Logger._format(name), ...args);\n }\n }\n}\n\nLog.reset();\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./Logger\";\n\n/**\n * @internal\n */\nexport type Callback = (...ev: EventType) => (Promise | void);\n\n/**\n * @internal\n */\nexport class Event {\n protected readonly _logger = new Logger(`Event('${this._name}')`);\n\n private _callbacks: Array> = [];\n\n public constructor(protected readonly _name: string) {}\n\n public addHandler(cb: Callback): () => void {\n this._callbacks.push(cb);\n return () => this.removeHandler(cb);\n }\n\n public removeHandler(cb: Callback): void {\n const idx = this._callbacks.lastIndexOf(cb);\n if (idx >= 0) {\n this._callbacks.splice(idx, 1);\n }\n }\n\n public raise(...ev: EventType): void {\n this._logger.debug(\"raise:\", ...ev);\n for (const cb of this._callbacks) {\n void cb(...ev);\n }\n }\n}\n", "/**\n * The code was extracted from:\n * https://github.com/davidchambers/Base64.js\n */\n\nvar chars = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\";\n\nfunction InvalidCharacterError(message) {\n this.message = message;\n}\n\nInvalidCharacterError.prototype = new Error();\nInvalidCharacterError.prototype.name = \"InvalidCharacterError\";\n\nfunction polyfill(input) {\n var str = String(input).replace(/=+$/, \"\");\n if (str.length % 4 == 1) {\n throw new InvalidCharacterError(\n \"'atob' failed: The string to be decoded is not correctly encoded.\"\n );\n }\n for (\n // initialize result and counters\n var bc = 0, bs, buffer, idx = 0, output = \"\";\n // get next character\n (buffer = str.charAt(idx++));\n // character found in table? initialize bit storage and add its ascii value;\n ~buffer &&\n ((bs = bc % 4 ? bs * 64 + buffer : buffer),\n // and if not first of each 4 characters,\n // convert the first 8 bits to one ascii character\n bc++ % 4) ?\n (output += String.fromCharCode(255 & (bs >> ((-2 * bc) & 6)))) :\n 0\n ) {\n // try to find character in table (0-63, not found => -1)\n buffer = chars.indexOf(buffer);\n }\n return output;\n}\n\nexport default (typeof window !== \"undefined\" &&\n window.atob &&\n window.atob.bind(window)) ||\npolyfill;", "import atob from \"./atob\";\n\nfunction b64DecodeUnicode(str) {\n return decodeURIComponent(\n atob(str).replace(/(.)/g, function(m, p) {\n var code = p.charCodeAt(0).toString(16).toUpperCase();\n if (code.length < 2) {\n code = \"0\" + code;\n }\n return \"%\" + code;\n })\n );\n}\n\nexport default function(str) {\n var output = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (output.length % 4) {\n case 0:\n break;\n case 2:\n output += \"==\";\n break;\n case 3:\n output += \"=\";\n break;\n default:\n throw \"Illegal base64url string!\";\n }\n\n try {\n return b64DecodeUnicode(output);\n } catch (err) {\n return atob(output);\n }\n}", "\"use strict\";\n\nimport base64_url_decode from \"./base64_url_decode\";\n\nexport function InvalidTokenError(message) {\n this.message = message;\n}\n\nInvalidTokenError.prototype = new Error();\nInvalidTokenError.prototype.name = \"InvalidTokenError\";\n\nexport default function(token, options) {\n if (typeof token !== \"string\") {\n throw new InvalidTokenError(\"Invalid token specified\");\n }\n\n options = options || {};\n var pos = options.header === true ? 0 : 1;\n try {\n return JSON.parse(base64_url_decode(token.split(\".\")[pos]));\n } catch (e) {\n throw new InvalidTokenError(\"Invalid token specified: \" + e.message);\n }\n}", "import jwt_decode from \"jwt-decode\";\n\nimport { Logger } from \"./Logger\";\nimport type { JwtClaims } from \"../Claims\";\n\n/**\n * @internal\n */\nexport class JwtUtils {\n // IMPORTANT: doesn't validate the token\n public static decode(token: string): JwtClaims {\n try {\n return jwt_decode(token);\n }\n catch (err) {\n Logger.error(\"JwtUtils.decode\", err);\n throw err;\n }\n }\n}\n", "/**\n * @see https://developer.mozilla.org/en-US/docs/Web/API/Window/open#window_features\n *\n * @public\n */\nexport interface PopupWindowFeatures {\n left?: number;\n top?: number;\n width?: number;\n height?: number;\n menubar?: boolean | string;\n toolbar?: boolean | string;\n location?: boolean | string;\n status?: boolean | string;\n resizable?: boolean | string;\n scrollbars?: boolean | string;\n\n [k: string]: boolean | string | number | undefined;\n}\n\nexport class PopupUtils {\n /**\n * Populates a map of window features with a placement centered in front of\n * the current window. If no explicit width is given, a default value is\n * binned into [800, 720, 600, 480, 360] based on the current window's width.\n */\n static center({ ...features }: PopupWindowFeatures): PopupWindowFeatures {\n if (features.width == null)\n features.width = [800, 720, 600, 480].find(width => width <= window.outerWidth / 1.618) ?? 360;\n features.left ??= Math.max(0, Math.round(window.screenX + (window.outerWidth - features.width) / 2));\n if (features.height != null)\n features.top ??= Math.max(0, Math.round(window.screenY + (window.outerHeight - features.height) / 2));\n return features;\n }\n\n static serialize(features: PopupWindowFeatures): string {\n return Object.entries(features)\n .filter(([, value]) => value != null)\n .map(([key, value]) => `${key}=${typeof value !== \"boolean\" ? value as string : value ? \"yes\" : \"no\"}`)\n .join(\",\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Event } from \"./Event\";\nimport { Logger } from \"./Logger\";\n\n/**\n * @internal\n */\nexport class Timer extends Event<[void]> {\n protected readonly _logger = new Logger(`Timer('${this._name}')`);\n private _timerHandle: ReturnType | null = null;\n private _expiration = 0;\n\n // get the time\n public static getEpochTime(): number {\n return Math.floor(Date.now() / 1000);\n }\n\n public init(durationInSeconds: number): void {\n const logger = this._logger.create(\"init\");\n durationInSeconds = Math.max(Math.floor(durationInSeconds), 1);\n const expiration = Timer.getEpochTime() + durationInSeconds;\n if (this.expiration === expiration && this._timerHandle) {\n // no need to reinitialize to same expiration, so bail out\n logger.debug(\"skipping since already initialized for expiration at\", this.expiration);\n return;\n }\n\n this.cancel();\n\n logger.debug(\"using duration\", durationInSeconds);\n this._expiration = expiration;\n\n // we're using a fairly short timer and then checking the expiration in the\n // callback to handle scenarios where the browser device sleeps, and then\n // the timers end up getting delayed.\n const timerDurationInSeconds = Math.min(durationInSeconds, 5);\n this._timerHandle = setInterval(this._callback, timerDurationInSeconds * 1000);\n }\n\n public get expiration(): number {\n return this._expiration;\n }\n\n public cancel(): void {\n this._logger.create(\"cancel\");\n if (this._timerHandle) {\n clearInterval(this._timerHandle);\n this._timerHandle = null;\n }\n }\n\n protected _callback = (): void => {\n const diff = this._expiration - Timer.getEpochTime();\n this._logger.debug(\"timer completes in\", diff);\n\n if (this._expiration <= Timer.getEpochTime()) {\n this.cancel();\n super.raise();\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * @internal\n */\nexport class UrlUtils {\n public static readParams(url: string, responseMode: \"query\" | \"fragment\" = \"query\"): URLSearchParams {\n if (!url) throw new TypeError(\"Invalid URL\");\n const parsedUrl = new URL(url, window.location.origin);\n const params = parsedUrl[responseMode === \"fragment\" ? \"hash\" : \"search\"];\n return new URLSearchParams(params.slice(1));\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\n\n/**\n * Error class thrown in case of an authentication error.\n *\n * See https://openid.net/specs/openid-connect-core-1_0.html#AuthError\n *\n * @public\n */\nexport class ErrorResponse extends Error {\n /** Marker to detect class: \"ErrorResponse\" */\n public readonly name: string = \"ErrorResponse\";\n\n /** An error code string that can be used to classify the types of errors that occur and to respond to errors. */\n public readonly error: string | null;\n /** additional information that can help a developer identify the cause of the error.*/\n public readonly error_description: string | null;\n /**\n * URI identifying a human-readable web page with information about the error, used to provide the client\n developer with additional information about the error.\n */\n public readonly error_uri: string | null;\n\n /** custom state data set during the initial signin request */\n public state?: unknown;\n\n public readonly session_state: string | null;\n\n public constructor(\n args: {\n error?: string | null; error_description?: string | null; error_uri?: string | null;\n userState?: unknown; session_state?: string | null;\n },\n /** The x-www-form-urlencoded request body sent to the authority server */\n public readonly form?: URLSearchParams,\n ) {\n super(args.error_description || args.error || \"\");\n\n if (!args.error) {\n Logger.error(\"ErrorResponse\", \"No error passed\");\n throw new Error(\"No error passed\");\n }\n\n this.error = args.error;\n this.error_description = args.error_description ?? null;\n this.error_uri = args.error_uri ?? null;\n\n this.state = args.userState;\n this.session_state = args.session_state ?? null;\n }\n}\n", "// Copyright (C) 2021 AuthTS Contributors\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * Error class thrown in case of network timeouts (e.g IFrame time out).\n *\n * @public\n */\nexport class ErrorTimeout extends Error {\n /** Marker to detect class: \"ErrorTimeout\" */\n public readonly name: string = \"ErrorTimeout\";\n\n public constructor(message?: string) {\n super(message);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport type AccessTokenCallback = (...ev: unknown[]) => (Promise | void);\n\n/**\n * @public\n */\nexport class AccessTokenEvents {\n protected readonly _logger = new Logger(\"AccessTokenEvents\");\n\n private readonly _expiringTimer = new Timer(\"Access token expiring\");\n private readonly _expiredTimer = new Timer(\"Access token expired\");\n private readonly _expiringNotificationTimeInSeconds: number;\n\n public constructor(args: { expiringNotificationTimeInSeconds: number }) {\n this._expiringNotificationTimeInSeconds = args.expiringNotificationTimeInSeconds;\n }\n\n public load(container: User): void {\n const logger = this._logger.create(\"load\");\n // only register events if there's an access token and it has an expiration\n if (container.access_token && container.expires_in !== undefined) {\n const duration = container.expires_in;\n logger.debug(\"access token present, remaining duration:\", duration);\n\n if (duration > 0) {\n // only register expiring if we still have time\n let expiring = duration - this._expiringNotificationTimeInSeconds;\n if (expiring <= 0) {\n expiring = 1;\n }\n\n logger.debug(\"registering expiring timer, raising in\", expiring, \"seconds\");\n this._expiringTimer.init(expiring);\n }\n else {\n logger.debug(\"canceling existing expiring timer because we're past expiration.\");\n this._expiringTimer.cancel();\n }\n\n // if it's negative, it will still fire\n const expired = duration + 1;\n logger.debug(\"registering expired timer, raising in\", expired, \"seconds\");\n this._expiredTimer.init(expired);\n }\n else {\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n }\n\n public unload(): void {\n this._logger.debug(\"unload: canceling existing access token timers\");\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n\n /**\n * Add callback: Raised prior to the access token expiring.\n */\n public addAccessTokenExpiring(cb: AccessTokenCallback): () => void {\n return this._expiringTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised prior to the access token expiring.\n */\n public removeAccessTokenExpiring(cb: AccessTokenCallback): void {\n this._expiringTimer.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised after the access token has expired.\n */\n public addAccessTokenExpired(cb: AccessTokenCallback): () => void {\n return this._expiredTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised after the access token has expired.\n */\n public removeAccessTokenExpired(cb: AccessTokenCallback): void {\n this._expiredTimer.removeHandler(cb);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\n\n/**\n * @internal\n */\nexport class CheckSessionIFrame {\n private readonly _logger = new Logger(\"CheckSessionIFrame\");\n private _frame_origin: string;\n private _frame: HTMLIFrameElement;\n private _timer: ReturnType | null = null;\n private _session_state: string | null = null;\n\n public constructor(\n private _callback: () => Promise,\n private _client_id: string,\n url: string,\n private _intervalInSeconds: number,\n private _stopOnError: boolean,\n ) {\n const parsedUrl = new URL(url);\n this._frame_origin = parsedUrl.origin;\n\n this._frame = window.document.createElement(\"iframe\");\n\n // shotgun approach\n this._frame.style.visibility = \"hidden\";\n this._frame.style.position = \"fixed\";\n this._frame.style.left = \"-1000px\";\n this._frame.style.top = \"0\";\n this._frame.width = \"0\";\n this._frame.height = \"0\";\n this._frame.src = parsedUrl.href;\n }\n\n public load(): Promise {\n return new Promise((resolve) => {\n this._frame.onload = () => {\n resolve();\n };\n\n window.document.body.appendChild(this._frame);\n window.addEventListener(\"message\", this._message, false);\n });\n }\n\n private _message = (e: MessageEvent): void => {\n if (e.origin === this._frame_origin &&\n e.source === this._frame.contentWindow\n ) {\n if (e.data === \"error\") {\n this._logger.error(\"error message from check session op iframe\");\n if (this._stopOnError) {\n this.stop();\n }\n }\n else if (e.data === \"changed\") {\n this._logger.debug(\"changed message from check session op iframe\");\n this.stop();\n void this._callback();\n }\n else {\n this._logger.debug(e.data + \" message from check session op iframe\");\n }\n }\n };\n\n public start(session_state: string): void {\n if (this._session_state === session_state) {\n return;\n }\n\n this._logger.create(\"start\");\n\n this.stop();\n\n this._session_state = session_state;\n\n const send = () => {\n if (!this._frame.contentWindow || !this._session_state) {\n return;\n }\n\n this._frame.contentWindow.postMessage(this._client_id + \" \" + this._session_state, this._frame_origin);\n };\n\n // trigger now\n send();\n\n // and setup timer\n this._timer = setInterval(send, this._intervalInSeconds * 1000);\n }\n\n public stop(): void {\n this._logger.create(\"stop\");\n this._session_state = null;\n\n if (this._timer) {\n\n clearInterval(this._timer);\n this._timer = null;\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\n\n/**\n * @public\n */\nexport class InMemoryWebStorage implements Storage {\n private readonly _logger = new Logger(\"InMemoryWebStorage\");\n private _data: Record = {};\n\n public clear(): void {\n this._logger.create(\"clear\");\n this._data = {};\n }\n\n public getItem(key: string): string {\n this._logger.create(`getItem('${key}')`);\n return this._data[key];\n }\n\n public setItem(key: string, value: string): void {\n this._logger.create(`setItem('${key}')`);\n this._data[key] = value;\n }\n\n public removeItem(key: string): void {\n this._logger.create(`removeItem('${key}')`);\n delete this._data[key];\n }\n\n public get length(): number {\n return Object.getOwnPropertyNames(this._data).length;\n }\n\n public key(index: number): string {\n return Object.getOwnPropertyNames(this._data)[index];\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { ErrorResponse, ErrorTimeout } from \"./errors\";\nimport { Logger } from \"./utils\";\n\n/**\n * @internal\n */\nexport type JwtHandler = (text: string) => Promise>;\n\n/**\n * @internal\n */\nexport interface GetJsonOpts {\n token?: string;\n credentials?: RequestCredentials;\n}\n\n/**\n * @internal\n */\nexport interface PostFormOpts {\n body: URLSearchParams;\n basicAuth?: string;\n timeoutInSeconds?: number;\n initCredentials?: \"same-origin\" | \"include\" | \"omit\";\n}\n\n/**\n * @internal\n */\nexport class JsonService {\n private readonly _logger = new Logger(\"JsonService\");\n\n private _contentTypes: string[] = [];\n\n public constructor(\n additionalContentTypes: string[] = [],\n private _jwtHandler: JwtHandler | null = null,\n ) {\n this._contentTypes.push(...additionalContentTypes, \"application/json\");\n if (_jwtHandler) {\n this._contentTypes.push(\"application/jwt\");\n }\n }\n\n protected async fetchWithTimeout(input: RequestInfo, init: RequestInit & { timeoutInSeconds?: number } = {}) {\n const { timeoutInSeconds, ...initFetch } = init;\n if (!timeoutInSeconds) {\n return await fetch(input, initFetch);\n }\n\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeoutInSeconds * 1000);\n\n try {\n const response = await fetch(input, {\n ...init,\n signal: controller.signal,\n });\n return response;\n }\n catch (err) {\n if (err instanceof DOMException && err.name === \"AbortError\") {\n throw new ErrorTimeout(\"Network timed out\");\n }\n throw err;\n }\n finally {\n clearTimeout(timeoutId);\n }\n }\n\n public async getJson(url: string, {\n token,\n credentials,\n }: GetJsonOpts = {}): Promise> {\n const logger = this._logger.create(\"getJson\");\n const headers: HeadersInit = {\n \"Accept\": this._contentTypes.join(\", \"),\n };\n if (token) {\n logger.debug(\"token passed, setting Authorization header\");\n headers[\"Authorization\"] = \"Bearer \" + token;\n }\n\n let response: Response;\n try {\n logger.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"GET\", headers, credentials });\n }\n catch (err) {\n logger.error(\"Network Error\");\n throw err;\n }\n\n logger.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {\n logger.throw(new Error(`Invalid response Content-Type: ${(contentType ?? \"undefined\")}, from URL: ${url}`));\n }\n if (response.ok && this._jwtHandler && contentType?.startsWith(\"application/jwt\")) {\n return await this._jwtHandler(await response.text());\n }\n let json: Record;\n try {\n json = await response.json();\n }\n catch (err) {\n logger.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n if (!response.ok) {\n logger.error(\"Error from server:\", json);\n if (json.error) {\n throw new ErrorResponse(json);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n return json;\n }\n\n public async postForm(url: string, {\n body,\n basicAuth,\n timeoutInSeconds,\n initCredentials,\n }: PostFormOpts): Promise> {\n const logger = this._logger.create(\"postForm\");\n const headers: HeadersInit = {\n \"Accept\": this._contentTypes.join(\", \"),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n };\n if (basicAuth !== undefined) {\n headers[\"Authorization\"] = \"Basic \" + basicAuth;\n }\n\n let response: Response;\n try {\n logger.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"POST\", headers, body, timeoutInSeconds, credentials: initCredentials });\n }\n catch (err) {\n logger.error(\"Network error\");\n throw err;\n }\n\n logger.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {\n throw new Error(`Invalid response Content-Type: ${(contentType ?? \"undefined\")}, from URL: ${url}`);\n }\n\n const responseText = await response.text();\n\n let json: Record = {};\n if (responseText) {\n try {\n json = JSON.parse(responseText);\n }\n catch (err) {\n logger.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n }\n\n if (!response.ok) {\n logger.error(\"Error from server:\", json);\n if (json.error) {\n throw new ErrorResponse(json, body);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n\n return json;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { OidcClientSettingsStore, SigningKey } from \"./OidcClientSettings\";\nimport type { OidcMetadata } from \"./OidcMetadata\";\n\n/**\n * @public\n */\nexport class MetadataService {\n private readonly _logger = new Logger(\"MetadataService\");\n private readonly _jsonService = new JsonService([\"application/jwk-set+json\"]);\n\n // cache\n private _metadataUrl: string;\n private _signingKeys: SigningKey[] | null = null;\n private _metadata: Partial | null = null;\n private _fetchRequestCredentials: RequestCredentials | undefined;\n\n public constructor(private readonly _settings: OidcClientSettingsStore) {\n this._metadataUrl = this._settings.metadataUrl;\n\n if (this._settings.signingKeys) {\n this._logger.debug(\"using signingKeys from settings\");\n this._signingKeys = this._settings.signingKeys;\n }\n\n if (this._settings.metadata) {\n this._logger.debug(\"using metadata from settings\");\n this._metadata = this._settings.metadata;\n }\n\n if (this._settings.fetchRequestCredentials) {\n this._logger.debug(\"using fetchRequestCredentials from settings\");\n this._fetchRequestCredentials = this._settings.fetchRequestCredentials;\n }\n }\n\n public resetSigningKeys(): void {\n this._signingKeys = null;\n }\n\n public async getMetadata(): Promise> {\n const logger = this._logger.create(\"getMetadata\");\n if (this._metadata) {\n logger.debug(\"using cached values\");\n return this._metadata;\n }\n\n if (!this._metadataUrl) {\n logger.throw(new Error(\"No authority or metadataUrl configured on settings\"));\n throw null;\n }\n\n logger.debug(\"getting metadata from\", this._metadataUrl);\n const metadata = await this._jsonService.getJson(this._metadataUrl, { credentials: this._fetchRequestCredentials });\n\n logger.debug(\"merging remote JSON with seed metadata\");\n this._metadata = Object.assign({}, this._settings.metadataSeed, metadata);\n return this._metadata;\n }\n\n public getIssuer(): Promise {\n return this._getMetadataProperty(\"issuer\") as Promise;\n }\n\n public getAuthorizationEndpoint(): Promise {\n return this._getMetadataProperty(\"authorization_endpoint\") as Promise;\n }\n\n public getUserInfoEndpoint(): Promise {\n return this._getMetadataProperty(\"userinfo_endpoint\") as Promise;\n }\n\n public getTokenEndpoint(optional: false): Promise;\n public getTokenEndpoint(optional?: true): Promise;\n public getTokenEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"token_endpoint\", optional) as Promise;\n }\n\n public getCheckSessionIframe(): Promise {\n return this._getMetadataProperty(\"check_session_iframe\", true) as Promise;\n }\n\n public getEndSessionEndpoint(): Promise {\n return this._getMetadataProperty(\"end_session_endpoint\", true) as Promise;\n }\n\n public getRevocationEndpoint(optional: false): Promise;\n public getRevocationEndpoint(optional?: true): Promise;\n public getRevocationEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"revocation_endpoint\", optional) as Promise;\n }\n\n public getKeysEndpoint(optional: false): Promise;\n public getKeysEndpoint(optional?: true): Promise;\n public getKeysEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"jwks_uri\", optional) as Promise;\n }\n\n protected async _getMetadataProperty(name: keyof OidcMetadata, optional=false): Promise {\n const logger = this._logger.create(`_getMetadataProperty('${name}')`);\n\n const metadata = await this.getMetadata();\n logger.debug(\"resolved\");\n\n if (metadata[name] === undefined) {\n if (optional === true) {\n logger.warn(\"Metadata does not contain optional property\");\n return undefined;\n }\n\n logger.throw(new Error(\"Metadata does not contain property \" + name));\n }\n\n return metadata[name];\n }\n\n public async getSigningKeys(): Promise {\n const logger = this._logger.create(\"getSigningKeys\");\n if (this._signingKeys) {\n logger.debug(\"returning signingKeys from cache\");\n return this._signingKeys;\n }\n\n const jwks_uri = await this.getKeysEndpoint(false);\n logger.debug(\"got jwks_uri\", jwks_uri);\n\n const keySet = await this._jsonService.getJson(jwks_uri);\n logger.debug(\"got key set\", keySet);\n\n if (!Array.isArray(keySet.keys)) {\n logger.throw(new Error(\"Missing keys on keyset\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n this._signingKeys = keySet.keys;\n return this._signingKeys;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport type { StateStore } from \"./StateStore\";\nimport type { AsyncStorage } from \"./AsyncStorage\";\n\n/**\n * @public\n */\nexport class WebStorageStateStore implements StateStore {\n private readonly _logger = new Logger(\"WebStorageStateStore\");\n\n private readonly _store: AsyncStorage | Storage;\n private readonly _prefix: string;\n\n public constructor({\n prefix = \"oidc.\",\n store = localStorage,\n }: { prefix?: string; store?: AsyncStorage | Storage } = {}) {\n this._store = store;\n this._prefix = prefix;\n }\n\n public async set(key: string, value: string): Promise {\n this._logger.create(`set('${key}')`);\n\n key = this._prefix + key;\n await this._store.setItem(key, value);\n }\n\n public async get(key: string): Promise {\n this._logger.create(`get('${key}')`);\n\n key = this._prefix + key;\n const item = await this._store.getItem(key);\n return item;\n }\n\n public async remove(key: string): Promise {\n this._logger.create(`remove('${key}')`);\n\n key = this._prefix + key;\n const item = await this._store.getItem(key);\n await this._store.removeItem(key);\n return item;\n }\n\n public async getAllKeys(): Promise {\n this._logger.create(\"getAllKeys\");\n const len = await this._store.length;\n\n const keys = [];\n for (let index = 0; index < len; index++) {\n const key = await this._store.key(index);\n if (key && key.indexOf(this._prefix) === 0) {\n keys.push(key.substr(this._prefix.length));\n }\n }\n return keys;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { WebStorageStateStore } from \"./WebStorageStateStore\";\nimport type { OidcMetadata } from \"./OidcMetadata\";\nimport type { StateStore } from \"./StateStore\";\nimport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\n\nconst DefaultResponseType = \"code\";\nconst DefaultScope = \"openid\";\nconst DefaultClientAuthentication = \"client_secret_post\";\nconst DefaultResponseMode = \"query\";\nconst DefaultStaleStateAgeInSeconds = 60 * 15;\nconst DefaultClockSkewInSeconds = 60 * 5;\n\n/**\n * @public\n */\nexport type SigningKey = Record;\n\n/**\n * The settings used to configure the {@link OidcClient}.\n *\n * @public\n */\nexport interface OidcClientSettings {\n /** The URL of the OIDC/OAuth2 provider */\n authority: string;\n metadataUrl?: string;\n /** Provide metadata when authority server does not allow CORS on the metadata endpoint */\n metadata?: Partial;\n /** Can be used to seed or add additional values to the results of the discovery request */\n metadataSeed?: Partial;\n /** Provide signingKeys when authority server does not allow CORS on the jwks uri */\n signingKeys?: SigningKey[];\n\n /** Your client application's identifier as registered with the OIDC/OAuth2 */\n client_id: string;\n client_secret?: string;\n /** The type of response desired from the OIDC/OAuth2 provider (default: \"code\") */\n response_type?: string;\n /** The scope being requested from the OIDC/OAuth2 provider (default: \"openid\") */\n scope?: string;\n /** The redirect URI of your client application to receive a response from the OIDC/OAuth2 provider */\n redirect_uri: string;\n /** The OIDC/OAuth2 post-logout redirect URI */\n post_logout_redirect_uri?: string;\n\n /**\n * Client authentication method that is used to authenticate when using the token endpoint (default: \"client_secret_post\")\n * - \"client_secret_basic\": using the HTTP Basic authentication scheme\n * - \"client_secret_post\": including the client credentials in the request body\n *\n * See https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication\n */\n client_authentication?: \"client_secret_basic\" | \"client_secret_post\";\n\n /** optional protocol param */\n prompt?: string;\n /** optional protocol param */\n display?: string;\n /** optional protocol param */\n max_age?: number;\n /** optional protocol param */\n ui_locales?: string;\n /** optional protocol param */\n acr_values?: string;\n /** optional protocol param */\n resource?: string;\n\n /** optional protocol param (default: \"query\") */\n response_mode?: \"query\" | \"fragment\";\n\n /** Should OIDC protocol claims be removed from profile (default: true) */\n filterProtocolClaims?: boolean;\n /** Flag to control if additional identity data is loaded from the user info endpoint in order to populate the user's profile (default: false) */\n loadUserInfo?: boolean;\n /** Number (in seconds) indicating the age of state entries in storage for authorize requests that are considered abandoned and thus can be cleaned up (default: 300) */\n staleStateAgeInSeconds?: number;\n\n /** @deprecated Unused */\n clockSkewInSeconds?: number;\n /** @deprecated Unused */\n userInfoJwtIssuer?: \"ANY\" | \"OP\" | string;\n\n /**\n * Indicates if objects returned from the user info endpoint as claims (e.g. `address`) are merged into the claims from the id token as a single object.\n * Otherwise, they are added to an array as distinct objects for the claim type. (default: false)\n */\n mergeClaims?: boolean;\n\n /**\n * Storage object used to persist interaction state (default: window.localStorage, InMemoryWebStorage iff no window).\n * E.g. `stateStore: new WebStorageStateStore({ store: window.localStorage })`\n */\n stateStore?: StateStore;\n\n /**\n * An object containing additional query string parameters to be including in the authorization request.\n * E.g, when using Azure AD to obtain an access token an additional resource parameter is required. extraQueryParams: `{resource:\"some_identifier\"}`\n */\n extraQueryParams?: Record;\n\n extraTokenParams?: Record;\n\n /**\n * @deprecated since version 2.1.0. Use fetchRequestCredentials instead.\n */\n refreshTokenCredentials?: \"same-origin\" | \"include\" | \"omit\";\n\n /**\n * Will check the content type header of the response of the revocation endpoint to match these passed values (default: [])\n */\n revokeTokenAdditionalContentTypes?: string[];\n\n /**\n * Sets the credentials for fetch requests. (default: \"same-origin\")\n * Use this if you need to send cookies to the OIDC/OAuth2 provider or if you are using a proxy that requires cookies\n */\n fetchRequestCredentials?: RequestCredentials;\n}\n\n/**\n * The settings with defaults applied of the {@link OidcClient}.\n * @see {@link OidcClientSettings}\n *\n * @public\n */\nexport class OidcClientSettingsStore {\n // metadata\n public readonly authority: string;\n public readonly metadataUrl: string;\n public readonly metadata: Partial | undefined;\n public readonly metadataSeed: Partial | undefined;\n public readonly signingKeys: SigningKey[] | undefined;\n\n // client config\n public readonly client_id: string;\n public readonly client_secret: string | undefined;\n public readonly response_type: string;\n public readonly scope: string;\n public readonly redirect_uri: string;\n public readonly post_logout_redirect_uri: string | undefined;\n public readonly client_authentication: \"client_secret_basic\" | \"client_secret_post\";\n\n // optional protocol params\n public readonly prompt: string | undefined;\n public readonly display: string | undefined;\n public readonly max_age: number | undefined;\n public readonly ui_locales: string | undefined;\n public readonly acr_values: string | undefined;\n public readonly resource: string | undefined;\n public readonly response_mode: \"query\" | \"fragment\";\n\n // behavior flags\n public readonly filterProtocolClaims: boolean;\n public readonly loadUserInfo: boolean;\n public readonly staleStateAgeInSeconds: number;\n public readonly clockSkewInSeconds: number;\n public readonly userInfoJwtIssuer: \"ANY\" | \"OP\" | string;\n public readonly mergeClaims: boolean;\n\n public readonly stateStore: StateStore;\n\n // extra\n public readonly extraQueryParams: Record;\n public readonly extraTokenParams: Record;\n\n public readonly revokeTokenAdditionalContentTypes?: string[];\n public readonly fetchRequestCredentials: RequestCredentials;\n\n public constructor({\n // metadata related\n authority, metadataUrl, metadata, signingKeys, metadataSeed,\n // client related\n client_id, client_secret, response_type = DefaultResponseType, scope = DefaultScope,\n redirect_uri, post_logout_redirect_uri,\n client_authentication = DefaultClientAuthentication,\n // optional protocol\n prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode,\n // behavior flags\n filterProtocolClaims = true,\n loadUserInfo = false,\n staleStateAgeInSeconds = DefaultStaleStateAgeInSeconds,\n clockSkewInSeconds = DefaultClockSkewInSeconds,\n userInfoJwtIssuer = \"OP\",\n mergeClaims = false,\n // other behavior\n stateStore,\n refreshTokenCredentials,\n revokeTokenAdditionalContentTypes,\n fetchRequestCredentials,\n // extra query params\n extraQueryParams = {},\n extraTokenParams = {},\n }: OidcClientSettings) {\n\n this.authority = authority;\n\n if (metadataUrl) {\n this.metadataUrl = metadataUrl;\n } else {\n this.metadataUrl = authority;\n if (authority) {\n if (!this.metadataUrl.endsWith(\"/\")) {\n this.metadataUrl += \"/\";\n }\n this.metadataUrl += \".well-known/openid-configuration\";\n }\n }\n\n this.metadata = metadata;\n this.metadataSeed = metadataSeed;\n this.signingKeys = signingKeys;\n\n this.client_id = client_id;\n this.client_secret = client_secret;\n this.response_type = response_type;\n this.scope = scope;\n this.redirect_uri = redirect_uri;\n this.post_logout_redirect_uri = post_logout_redirect_uri;\n this.client_authentication = client_authentication;\n\n this.prompt = prompt;\n this.display = display;\n this.max_age = max_age;\n this.ui_locales = ui_locales;\n this.acr_values = acr_values;\n this.resource = resource;\n this.response_mode = response_mode;\n\n this.filterProtocolClaims = !!filterProtocolClaims;\n this.loadUserInfo = !!loadUserInfo;\n this.staleStateAgeInSeconds = staleStateAgeInSeconds;\n this.clockSkewInSeconds = clockSkewInSeconds;\n this.userInfoJwtIssuer = userInfoJwtIssuer;\n this.mergeClaims = !!mergeClaims;\n\n this.revokeTokenAdditionalContentTypes = revokeTokenAdditionalContentTypes;\n\n if (fetchRequestCredentials && refreshTokenCredentials) {\n console.warn(\"Both fetchRequestCredentials and refreshTokenCredentials is set. Only fetchRequestCredentials will be used.\");\n }\n this.fetchRequestCredentials = fetchRequestCredentials ? fetchRequestCredentials\n : refreshTokenCredentials ? refreshTokenCredentials : \"same-origin\";\n\n if (stateStore) {\n this.stateStore = stateStore;\n }\n else {\n const store = typeof window !== \"undefined\" ? window.localStorage : new InMemoryWebStorage();\n this.stateStore = new WebStorageStateStore({ store });\n }\n\n this.extraQueryParams = extraQueryParams;\n this.extraTokenParams = extraTokenParams;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, JwtUtils } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { MetadataService } from \"./MetadataService\";\nimport type { JwtClaims } from \"./Claims\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\n\n/**\n * @internal\n */\nexport class UserInfoService {\n protected readonly _logger = new Logger(\"UserInfoService\");\n private readonly _jsonService: JsonService;\n\n public constructor(private readonly _settings: OidcClientSettingsStore,\n private readonly _metadataService: MetadataService,\n ) {\n this._jsonService = new JsonService(undefined, this._getClaimsFromJwt);\n }\n\n public async getClaims(token: string): Promise {\n const logger = this._logger.create(\"getClaims\");\n if (!token) {\n this._logger.throw(new Error(\"No token passed\"));\n }\n\n const url = await this._metadataService.getUserInfoEndpoint();\n logger.debug(\"got userinfo url\", url);\n\n const claims = await this._jsonService.getJson(url, {\n token,\n credentials: this._settings.fetchRequestCredentials,\n });\n logger.debug(\"got claims\", claims);\n\n return claims;\n }\n\n protected _getClaimsFromJwt = async (responseText: string): Promise => {\n const logger = this._logger.create(\"_getClaimsFromJwt\");\n try {\n const payload = JwtUtils.decode(responseText);\n logger.debug(\"JWT decoding successful\");\n\n return payload;\n } catch (err) {\n logger.error(\"Error parsing JWT response\");\n throw err;\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { CryptoUtils, Logger } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { MetadataService } from \"./MetadataService\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\n\n/**\n * @internal\n */\nexport interface ExchangeCodeArgs {\n client_id?: string;\n client_secret?: string;\n redirect_uri?: string;\n\n grant_type?: string;\n code: string;\n code_verifier?: string;\n}\n\n/**\n * @internal\n */\nexport interface ExchangeCredentialsArgs {\n client_id?: string;\n client_secret?: string;\n\n grant_type?: string;\n scope?: string;\n\n username: string;\n password: string;\n}\n\n/**\n * @internal\n */\nexport interface ExchangeRefreshTokenArgs {\n client_id?: string;\n client_secret?: string;\n\n grant_type?: string;\n refresh_token: string;\n scope?: string;\n\n timeoutInSeconds?: number;\n}\n\n/**\n * @internal\n */\nexport interface RevokeArgs {\n token: string;\n token_type_hint?: \"access_token\" | \"refresh_token\";\n}\n\n/**\n * @internal\n */\nexport class TokenClient {\n private readonly _logger = new Logger(\"TokenClient\");\n private readonly _jsonService;\n\n public constructor(\n private readonly _settings: OidcClientSettingsStore,\n private readonly _metadataService: MetadataService,\n ) {\n this._jsonService = new JsonService(this._settings.revokeTokenAdditionalContentTypes);\n }\n\n public async exchangeCode({\n grant_type = \"authorization_code\",\n redirect_uri = this._settings.redirect_uri,\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n ...args\n }: ExchangeCodeArgs): Promise> {\n const logger = this._logger.create(\"exchangeCode\");\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n if (!redirect_uri) {\n logger.throw(new Error(\"A redirect_uri is required\"));\n }\n if (!args.code) {\n logger.throw(new Error(\"A code is required\"));\n }\n if (!args.code_verifier) {\n logger.throw(new Error(\"A code_verifier is required\"));\n }\n\n const params = new URLSearchParams({ grant_type, redirect_uri });\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, initCredentials: this._settings.fetchRequestCredentials });\n logger.debug(\"got response\");\n\n return response;\n }\n\n public async exchangeCredentials({\n grant_type = \"password\",\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n scope = this._settings.scope,\n username,\n password,\n }: ExchangeCredentialsArgs): Promise> {\n const logger = this._logger.create(\"exchangeCredentials\");\n\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n\n const params = new URLSearchParams({ grant_type, username, password, scope });\n\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, initCredentials: this._settings.fetchRequestCredentials });\n logger.debug(\"got response\");\n\n return response;\n }\n\n public async exchangeRefreshToken({\n grant_type = \"refresh_token\",\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n timeoutInSeconds,\n ...args\n }: ExchangeRefreshTokenArgs): Promise> {\n const logger = this._logger.create(\"exchangeRefreshToken\");\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n if (!args.refresh_token) {\n logger.throw(new Error(\"A refresh_token is required\"));\n }\n\n const params = new URLSearchParams({ grant_type });\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, timeoutInSeconds, initCredentials: this._settings.fetchRequestCredentials });\n logger.debug(\"got response\");\n\n return response;\n }\n\n /**\n * Revoke an access or refresh token.\n *\n * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1\n */\n public async revoke(args: RevokeArgs): Promise {\n const logger = this._logger.create(\"revoke\");\n if (!args.token) {\n logger.throw(new Error(\"A token is required\"));\n }\n\n const url = await this._metadataService.getRevocationEndpoint(false);\n\n logger.debug(`got revocation endpoint, revoking ${args.token_type_hint ?? \"default token type\"}`);\n\n const params = new URLSearchParams();\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n params.set(\"client_id\", this._settings.client_id);\n if (this._settings.client_secret) {\n params.set(\"client_secret\", this._settings.client_secret);\n }\n\n await this._jsonService.postForm(url, { body: params });\n logger.debug(\"got response\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, JwtUtils } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport type { MetadataService } from \"./MetadataService\";\nimport { UserInfoService } from \"./UserInfoService\";\nimport { TokenClient } from \"./TokenClient\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport type { SigninState } from \"./SigninState\";\nimport type { SigninResponse } from \"./SigninResponse\";\nimport type { State } from \"./State\";\nimport type { SignoutResponse } from \"./SignoutResponse\";\nimport type { UserProfile } from \"./User\";\nimport type { RefreshState } from \"./RefreshState\";\nimport type { JwtClaims, IdTokenClaims } from \"./Claims\";\n\n/**\n * Derived from the following sets of claims:\n * - {@link https://datatracker.ietf.org/doc/html/rfc7519.html#section-4.1}\n * - {@link https://openid.net/specs/openid-connect-core-1_0.html#IDToken}\n * - {@link https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken}\n *\n * @internal\n */\nconst ProtocolClaims = [\n \"iss\",\n // \"sub\" should never be excluded, we need access to it internally\n \"aud\",\n \"exp\",\n \"nbf\",\n \"iat\",\n \"jti\",\n \"auth_time\",\n \"nonce\",\n \"acr\",\n \"amr\",\n \"azp\",\n // https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken\n \"at_hash\",\n] as const;\n\n/**\n * @internal\n */\nexport class ResponseValidator {\n protected readonly _logger = new Logger(\"ResponseValidator\");\n protected readonly _userInfoService = new UserInfoService(this._settings, this._metadataService);\n protected readonly _tokenClient = new TokenClient(this._settings, this._metadataService);\n\n public constructor(\n protected readonly _settings: OidcClientSettingsStore,\n protected readonly _metadataService: MetadataService,\n ) {}\n\n public async validateSigninResponse(response: SigninResponse, state: SigninState): Promise {\n const logger = this._logger.create(\"validateSigninResponse\");\n\n this._processSigninState(response, state);\n logger.debug(\"state processed\");\n\n await this._processCode(response, state);\n logger.debug(\"code processed\");\n\n if (response.isOpenId) {\n this._validateIdTokenAttributes(response);\n }\n logger.debug(\"tokens validated\");\n\n await this._processClaims(response, state?.skipUserInfo, response.isOpenId);\n logger.debug(\"claims processed\");\n }\n\n public async validateCredentialsResponse(response: SigninResponse, skipUserInfo: boolean): Promise {\n const logger = this._logger.create(\"validateCredentialsResponse\");\n\n if (response.isOpenId) {\n this._validateIdTokenAttributes(response);\n }\n logger.debug(\"tokens validated\");\n\n await this._processClaims(response, skipUserInfo, response.isOpenId);\n logger.debug(\"claims processed\");\n }\n\n public async validateRefreshResponse(response: SigninResponse, state: RefreshState): Promise {\n const logger = this._logger.create(\"validateRefreshResponse\");\n\n response.userState = state.data;\n // if there's no session_state on the response, copy over session_state from original request\n response.session_state ??= state.session_state;\n // if there's no scope on the response, then assume all scopes granted (per-spec) and copy over scopes from original request\n response.scope ??= state.scope;\n\n // OpenID Connect Core 1.0 says that id_token is optional in refresh response:\n // https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse\n if (response.isOpenId && !!response.id_token) {\n this._validateIdTokenAttributes(response, state.id_token);\n logger.debug(\"ID Token validated\");\n }\n\n if (!response.id_token) {\n // if there's no id_token on the response, copy over id_token from original request\n response.id_token = state.id_token;\n // and decoded part too\n response.profile = state.profile;\n }\n\n const hasIdToken = response.isOpenId && !!response.id_token;\n await this._processClaims(response, false, hasIdToken);\n logger.debug(\"claims processed\");\n }\n\n public validateSignoutResponse(response: SignoutResponse, state: State): void {\n const logger = this._logger.create(\"validateSignoutResponse\");\n if (state.id !== response.state) {\n logger.throw(new Error(\"State does not match\"));\n }\n\n // now that we know the state matches, take the stored data\n // and set it into the response so callers can get their state\n // this is important for both success & error outcomes\n logger.debug(\"state validated\");\n response.userState = state.data;\n\n if (response.error) {\n logger.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n }\n\n protected _processSigninState(response: SigninResponse, state: SigninState): void {\n const logger = this._logger.create(\"_processSigninState\");\n if (state.id !== response.state) {\n logger.throw(new Error(\"State does not match\"));\n }\n\n if (!state.client_id) {\n logger.throw(new Error(\"No client_id on state\"));\n }\n\n if (!state.authority) {\n logger.throw(new Error(\"No authority on state\"));\n }\n\n // ensure we're using the correct authority\n if (this._settings.authority !== state.authority) {\n logger.throw(new Error(\"authority mismatch on settings vs. signin state\"));\n }\n if (this._settings.client_id && this._settings.client_id !== state.client_id) {\n logger.throw(new Error(\"client_id mismatch on settings vs. signin state\"));\n }\n\n // now that we know the state matches, take the stored data\n // and set it into the response so callers can get their state\n // this is important for both success & error outcomes\n logger.debug(\"state validated\");\n response.userState = state.data;\n // if there's no scope on the response, then assume all scopes granted (per-spec) and copy over scopes from original request\n response.scope ??= state.scope;\n\n if (response.error) {\n logger.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n\n if (state.code_verifier && !response.code) {\n logger.throw(new Error(\"Expected code in response\"));\n }\n\n if (!state.code_verifier && response.code) {\n logger.throw(new Error(\"Unexpected code in response\"));\n }\n }\n\n protected async _processClaims(response: SigninResponse, skipUserInfo = false, validateSub = true): Promise {\n const logger = this._logger.create(\"_processClaims\");\n response.profile = this._filterProtocolClaims(response.profile);\n\n if (skipUserInfo || !this._settings.loadUserInfo || !response.access_token) {\n logger.debug(\"not loading user info\");\n return;\n }\n\n logger.debug(\"loading user info\");\n const claims = await this._userInfoService.getClaims(response.access_token);\n logger.debug(\"user info claims received from user info endpoint\");\n\n if (validateSub && claims.sub !== response.profile.sub) {\n logger.throw(new Error(\"subject from UserInfo response does not match subject in ID Token\"));\n }\n\n response.profile = this._mergeClaims(response.profile, this._filterProtocolClaims(claims as IdTokenClaims));\n logger.debug(\"user info claims received, updated profile:\", response.profile);\n }\n\n protected _mergeClaims(claims1: UserProfile, claims2: JwtClaims): UserProfile {\n const result = { ...claims1 };\n\n for (const [claim, values] of Object.entries(claims2)) {\n for (const value of Array.isArray(values) ? values : [values]) {\n const previousValue = result[claim];\n if (!previousValue) {\n result[claim] = value;\n }\n else if (Array.isArray(previousValue)) {\n if (!previousValue.includes(value)) {\n previousValue.push(value);\n }\n }\n else if (result[claim] !== value) {\n if (typeof value === \"object\" && this._settings.mergeClaims) {\n result[claim] = this._mergeClaims(previousValue as UserProfile, value);\n }\n else {\n result[claim] = [previousValue, value];\n }\n }\n }\n }\n\n return result;\n }\n\n protected _filterProtocolClaims(claims: UserProfile): UserProfile {\n const result = { ...claims };\n\n if (this._settings.filterProtocolClaims) {\n for (const type of ProtocolClaims) {\n delete result[type];\n }\n }\n\n return result;\n }\n\n protected async _processCode(response: SigninResponse, state: SigninState): Promise {\n const logger = this._logger.create(\"_processCode\");\n if (response.code) {\n logger.debug(\"Validating code\");\n const tokenResponse = await this._tokenClient.exchangeCode({\n client_id: state.client_id,\n client_secret: state.client_secret,\n code: response.code,\n redirect_uri: state.redirect_uri,\n code_verifier: state.code_verifier,\n ...state.extraTokenParams,\n });\n Object.assign(response, tokenResponse);\n } else {\n logger.debug(\"No code to process\");\n }\n }\n\n protected _validateIdTokenAttributes(response: SigninResponse, currentToken?: string): void {\n const logger = this._logger.create(\"_validateIdTokenAttributes\");\n\n logger.debug(\"decoding ID Token JWT\");\n const profile = JwtUtils.decode(response.id_token ?? \"\");\n\n if (!profile.sub) {\n logger.throw(new Error(\"ID Token is missing a subject claim\"));\n }\n\n if (currentToken) {\n const current = JwtUtils.decode(currentToken);\n if (current.sub !== profile.sub) {\n logger.throw(new Error(\"sub in id_token does not match current sub\"));\n }\n if (current.auth_time && current.auth_time !== profile.auth_time) {\n logger.throw(new Error(\"auth_time in id_token does not match original auth_time\"));\n }\n if (current.azp && current.azp !== profile.azp) {\n logger.throw(new Error(\"azp in id_token does not match original azp\"));\n }\n if (!current.azp && profile.azp) {\n logger.throw(new Error(\"azp not in id_token, but present in original id_token\"));\n }\n }\n\n response.profile = profile as UserProfile;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, CryptoUtils, Timer } from \"./utils\";\nimport type { StateStore } from \"./StateStore\";\n\n/**\n * @public\n */\nexport class State {\n public readonly id: string;\n public readonly created: number;\n public readonly request_type: string | undefined;\n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n public readonly data: unknown | undefined;\n\n public constructor(args: {\n id?: string;\n data?: unknown;\n created?: number;\n request_type?: string;\n }) {\n this.id = args.id || CryptoUtils.generateUUIDv4();\n this.data = args.data;\n\n if (args.created && args.created > 0) {\n this.created = args.created;\n }\n else {\n this.created = Timer.getEpochTime();\n }\n this.request_type = args.request_type;\n }\n\n public toStorageString(): string {\n new Logger(\"State\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n });\n }\n\n public static fromStorageString(storageString: string): State {\n Logger.createStatic(\"State\", \"fromStorageString\");\n return new State(JSON.parse(storageString));\n }\n\n public static async clearStaleState(storage: StateStore, age: number): Promise {\n const logger = Logger.createStatic(\"State\", \"clearStaleState\");\n const cutoff = Timer.getEpochTime() - age;\n\n const keys = await storage.getAllKeys();\n logger.debug(\"got keys\", keys);\n\n for (let i = 0; i < keys.length; i++) {\n const key = keys[i];\n const item = await storage.get(key);\n let remove = false;\n\n if (item) {\n try {\n const state = State.fromStorageString(item);\n\n logger.debug(\"got item from key:\", key, state.created);\n if (state.created <= cutoff) {\n remove = true;\n }\n }\n catch (err) {\n logger.error(\"Error parsing state for key:\", key, err);\n remove = true;\n }\n }\n else {\n logger.debug(\"no item in storage for key:\", key);\n remove = true;\n }\n\n if (remove) {\n logger.debug(\"removed item for key:\", key);\n void storage.remove(key);\n }\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, CryptoUtils } from \"./utils\";\nimport { State } from \"./State\";\n\n/**\n * @public\n */\nexport class SigninState extends State {\n // isCode\n /** The same code_verifier that was used to obtain the authorization_code via PKCE. */\n public readonly code_verifier: string | undefined;\n /** Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). */\n public readonly code_challenge: string | undefined;\n\n // to ensure state still matches settings\n /** @see {@link OidcClientSettings.authority} */\n public readonly authority: string;\n /** @see {@link OidcClientSettings.client_id} */\n public readonly client_id: string;\n /** @see {@link OidcClientSettings.redirect_uri} */\n public readonly redirect_uri: string;\n /** @see {@link OidcClientSettings.scope} */\n public readonly scope: string;\n /** @see {@link OidcClientSettings.client_secret} */\n public readonly client_secret: string | undefined;\n /** @see {@link OidcClientSettings.extraTokenParams} */\n public readonly extraTokenParams: Record | undefined;\n /** @see {@link OidcClientSettings.response_mode} */\n public readonly response_mode: \"query\" | \"fragment\" | undefined;\n\n public readonly skipUserInfo: boolean | undefined;\n\n public constructor(args: {\n id?: string;\n data?: unknown;\n created?: number;\n request_type?: string;\n\n code_verifier?: string | boolean;\n authority: string;\n client_id: string;\n redirect_uri: string;\n scope: string;\n client_secret?: string;\n extraTokenParams?: Record;\n response_mode?: \"query\" | \"fragment\";\n skipUserInfo?: boolean;\n }) {\n super(args);\n\n if (args.code_verifier === true) {\n this.code_verifier = CryptoUtils.generateCodeVerifier();\n }\n else if (args.code_verifier) {\n this.code_verifier = args.code_verifier;\n }\n\n if (this.code_verifier) {\n this.code_challenge = CryptoUtils.generateCodeChallenge(this.code_verifier);\n }\n\n this.authority = args.authority;\n this.client_id = args.client_id;\n this.redirect_uri = args.redirect_uri;\n this.scope = args.scope;\n this.client_secret = args.client_secret;\n this.extraTokenParams = args.extraTokenParams;\n\n this.response_mode = args.response_mode;\n this.skipUserInfo = args.skipUserInfo;\n }\n\n public toStorageString(): string {\n new Logger(\"SigninState\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n\n code_verifier: this.code_verifier,\n authority: this.authority,\n client_id: this.client_id,\n redirect_uri: this.redirect_uri,\n scope: this.scope,\n client_secret: this.client_secret,\n extraTokenParams : this.extraTokenParams,\n response_mode: this.response_mode,\n skipUserInfo: this.skipUserInfo,\n });\n }\n\n public static fromStorageString(storageString: string): SigninState {\n Logger.createStatic(\"SigninState\", \"fromStorageString\");\n const data = JSON.parse(storageString);\n return new SigninState(data);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { SigninState } from \"./SigninState\";\n\n/**\n * @public\n */\nexport interface SigninRequestArgs {\n // mandatory\n url: string;\n authority: string;\n client_id: string;\n redirect_uri: string;\n response_type: string;\n scope: string;\n\n // optional\n prompt?: string;\n display?: string;\n max_age?: number;\n ui_locales?: string;\n id_token_hint?: string;\n login_hint?: string;\n acr_values?: string;\n resource?: string;\n response_mode?: \"query\" | \"fragment\" ;\n request?: string;\n request_uri?: string;\n extraQueryParams?: Record;\n request_type?: string;\n client_secret?: string;\n extraTokenParams?: Record;\n skipUserInfo?: boolean;\n nonce?: string; \n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state_data?: unknown;\n}\n\n/**\n * @public\n */\nexport class SigninRequest {\n private readonly _logger = new Logger(\"SigninRequest\");\n\n public readonly url: string;\n public readonly state: SigninState;\n\n public constructor({\n // mandatory\n url, authority, client_id, redirect_uri, response_type, scope,\n // optional\n state_data, response_mode, request_type, client_secret, nonce,\n skipUserInfo,\n extraQueryParams,\n extraTokenParams,\n ...optionalParams\n }: SigninRequestArgs) {\n if (!url) {\n this._logger.error(\"ctor: No url passed\");\n throw new Error(\"url\");\n }\n if (!client_id) {\n this._logger.error(\"ctor: No client_id passed\");\n throw new Error(\"client_id\");\n }\n if (!redirect_uri) {\n this._logger.error(\"ctor: No redirect_uri passed\");\n throw new Error(\"redirect_uri\");\n }\n if (!response_type) {\n this._logger.error(\"ctor: No response_type passed\");\n throw new Error(\"response_type\");\n }\n if (!scope) {\n this._logger.error(\"ctor: No scope passed\");\n throw new Error(\"scope\");\n }\n if (!authority) {\n this._logger.error(\"ctor: No authority passed\");\n throw new Error(\"authority\");\n }\n\n this.state = new SigninState({\n data: state_data,\n request_type,\n code_verifier: true,\n client_id, authority, redirect_uri,\n response_mode,\n client_secret, scope, extraTokenParams,\n skipUserInfo,\n });\n\n const parsedUrl = new URL(url);\n parsedUrl.searchParams.append(\"client_id\", client_id);\n parsedUrl.searchParams.append(\"redirect_uri\", redirect_uri);\n parsedUrl.searchParams.append(\"response_type\", response_type);\n parsedUrl.searchParams.append(\"scope\", scope);\n if (nonce) {\n parsedUrl.searchParams.append(\"nonce\", nonce);\n }\n\n parsedUrl.searchParams.append(\"state\", this.state.id);\n if (this.state.code_challenge) {\n parsedUrl.searchParams.append(\"code_challenge\", this.state.code_challenge);\n parsedUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n }\n\n for (const [key, value] of Object.entries({ response_mode, ...optionalParams, ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n\n this.url = parsedUrl.href;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Timer } from \"./utils\";\nimport type { UserProfile } from \"./User\";\n\nconst OidcScope = \"openid\";\n\n/**\n * @public\n */\nexport class SigninResponse {\n // props present in the initial callback response regardless of success\n public readonly state: string | null;\n /** @see {@link User.session_state} */\n public session_state: string | null;\n\n // error props\n /** @see {@link ErrorResponse.error} */\n public readonly error: string | null;\n /** @see {@link ErrorResponse.error_description} */\n public readonly error_description: string | null;\n /** @see {@link ErrorResponse.error_uri} */\n public readonly error_uri: string | null;\n\n // success props\n public readonly code: string | null;\n\n // props set after validation\n /** @see {@link User.id_token} */\n public id_token?: string;\n /** @see {@link User.access_token} */\n public access_token = \"\";\n /** @see {@link User.token_type} */\n public token_type = \"\";\n /** @see {@link User.refresh_token} */\n public refresh_token?: string;\n /** @see {@link User.scope} */\n public scope?: string;\n /** @see {@link User.expires_at} */\n public expires_at?: number;\n\n /** custom state data set during the initial signin request */\n public userState: unknown;\n\n /** @see {@link User.profile} */\n public profile: UserProfile = {} as UserProfile;\n\n public constructor(params: URLSearchParams) {\n this.state = params.get(\"state\");\n this.session_state = params.get(\"session_state\");\n\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n\n this.code = params.get(\"code\");\n }\n\n public get expires_in(): number | undefined {\n if (this.expires_at === undefined) {\n return undefined;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n public set expires_in(value: number | undefined) {\n // spec expects a number, but normalize here just in case\n if (typeof value === \"string\") value = Number(value);\n if (value !== undefined && value >= 0) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n\n public get isOpenId(): boolean {\n return this.scope?.split(\" \").includes(OidcScope) || !!this.id_token;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { State } from \"./State\";\n\n/**\n * @public\n */\nexport interface SignoutRequestArgs {\n // mandatory\n url: string;\n\n // optional\n state_data?: unknown;\n id_token_hint?: string;\n post_logout_redirect_uri?: string;\n extraQueryParams?: Record;\n request_type?: string;\n}\n\n/**\n * @public\n */\nexport class SignoutRequest {\n private readonly _logger = new Logger(\"SignoutRequest\");\n\n public readonly url: string;\n public readonly state?: State;\n\n public constructor({\n url,\n state_data, id_token_hint, post_logout_redirect_uri, extraQueryParams, request_type,\n }: SignoutRequestArgs) {\n if (!url) {\n this._logger.error(\"ctor: No url passed\");\n throw new Error(\"url\");\n }\n\n const parsedUrl = new URL(url);\n if (id_token_hint) {\n parsedUrl.searchParams.append(\"id_token_hint\", id_token_hint);\n }\n\n if (post_logout_redirect_uri) {\n parsedUrl.searchParams.append(\"post_logout_redirect_uri\", post_logout_redirect_uri);\n\n if (state_data) {\n this.state = new State({ data: state_data, request_type });\n\n parsedUrl.searchParams.append(\"state\", this.state.id);\n }\n }\n\n for (const [key, value] of Object.entries({ ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n\n this.url = parsedUrl.href;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * @public\n */\nexport class SignoutResponse {\n public readonly state: string | null;\n\n // error props\n /** @see {@link ErrorResponse.error} */\n public error: string | null;\n /** @see {@link ErrorResponse.error_description} */\n public error_description: string | null;\n /** @see {@link ErrorResponse.error_uri} */\n public error_uri: string | null;\n\n /** custom state data set during the initial signin request */\n public userState: unknown;\n\n public constructor(params: URLSearchParams) {\n this.state = params.get(\"state\");\n\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, UrlUtils } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport { OidcClientSettings, OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport { ResponseValidator } from \"./ResponseValidator\";\nimport { MetadataService } from \"./MetadataService\";\nimport type { RefreshState } from \"./RefreshState\";\nimport { SigninRequest } from \"./SigninRequest\";\nimport { SigninResponse } from \"./SigninResponse\";\nimport { SignoutRequest, SignoutRequestArgs } from \"./SignoutRequest\";\nimport { SignoutResponse } from \"./SignoutResponse\";\nimport { SigninState } from \"./SigninState\";\nimport { State } from \"./State\";\nimport { TokenClient } from \"./TokenClient\";\n\n/**\n * @public\n */\nexport interface CreateSigninRequestArgs {\n redirect_uri?: string;\n response_type?: string;\n scope?: string;\n nonce?: string;\n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state?: unknown;\n\n prompt?: string;\n display?: string;\n max_age?: number;\n ui_locales?: string;\n id_token_hint?: string;\n login_hint?: string;\n acr_values?: string;\n resource?: string;\n response_mode?: \"query\" | \"fragment\";\n request?: string;\n request_uri?: string;\n extraQueryParams?: Record;\n request_type?: string;\n client_secret?: string;\n extraTokenParams?: Record;\n skipUserInfo?: boolean;\n}\n\n/**\n * @public\n */\nexport interface UseRefreshTokenArgs {\n state: RefreshState;\n timeoutInSeconds?: number;\n}\n\n/**\n * @public\n */\nexport type CreateSignoutRequestArgs = Omit & { state?: unknown };\n\n/**\n * @public\n */\nexport type ProcessResourceOwnerPasswordCredentialsArgs = {\n username: string;\n password: string;\n skipUserInfo?: boolean;\n};\n\n/**\n * Provides the raw OIDC/OAuth2 protocol support for the authorization endpoint and the end session endpoint in the\n * authorization server. It provides a bare-bones protocol implementation and is used by the UserManager class.\n * Only use this class if you simply want protocol support without the additional management features of the\n * UserManager class.\n *\n * @public\n */\nexport class OidcClient {\n public readonly settings: OidcClientSettingsStore;\n protected readonly _logger = new Logger(\"OidcClient\");\n\n public readonly metadataService: MetadataService;\n protected readonly _validator: ResponseValidator;\n protected readonly _tokenClient: TokenClient;\n\n public constructor(settings: OidcClientSettings) {\n this.settings = new OidcClientSettingsStore(settings);\n\n this.metadataService = new MetadataService(this.settings);\n this._validator = new ResponseValidator(this.settings, this.metadataService);\n this._tokenClient = new TokenClient(this.settings, this.metadataService);\n }\n\n public async createSigninRequest({\n state,\n request,\n request_uri,\n request_type,\n id_token_hint,\n login_hint,\n skipUserInfo,\n nonce,\n response_type = this.settings.response_type,\n scope = this.settings.scope,\n redirect_uri = this.settings.redirect_uri,\n prompt = this.settings.prompt,\n display = this.settings.display,\n max_age = this.settings.max_age,\n ui_locales = this.settings.ui_locales,\n acr_values = this.settings.acr_values,\n resource = this.settings.resource,\n response_mode = this.settings.response_mode,\n extraQueryParams = this.settings.extraQueryParams,\n extraTokenParams = this.settings.extraTokenParams,\n }: CreateSigninRequestArgs): Promise {\n const logger = this._logger.create(\"createSigninRequest\");\n\n if (response_type !== \"code\") {\n throw new Error(\"Only the Authorization Code flow (with PKCE) is supported\");\n }\n\n const url = await this.metadataService.getAuthorizationEndpoint();\n logger.debug(\"Received authorization endpoint\", url);\n\n const signinRequest = new SigninRequest({\n url,\n authority: this.settings.authority,\n client_id: this.settings.client_id,\n redirect_uri,\n response_type,\n scope,\n state_data: state,\n prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values,\n resource, request, request_uri, extraQueryParams, extraTokenParams, request_type, response_mode,\n client_secret: this.settings.client_secret,\n skipUserInfo,\n nonce,\n });\n\n // house cleaning\n await this.clearStaleState();\n\n const signinState = signinRequest.state;\n await this.settings.stateStore.set(signinState.id, signinState.toStorageString());\n return signinRequest;\n }\n\n public async readSigninResponseState(url: string, removeState = false): Promise<{ state: SigninState; response: SigninResponse }> {\n const logger = this._logger.create(\"readSigninResponseState\");\n\n const response = new SigninResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger.throw(new Error(\"No state in response\"));\n // need to throw within this function's body for type narrowing to work\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger.throw(new Error(\"No matching state found in storage\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const state = SigninState.fromStorageString(storedStateString);\n return { state, response };\n }\n\n public async processSigninResponse(url: string): Promise {\n const logger = this._logger.create(\"processSigninResponse\");\n\n const { state, response } = await this.readSigninResponseState(url, true);\n logger.debug(\"received state from storage; validating response\");\n await this._validator.validateSigninResponse(response, state);\n return response;\n }\n\n public async processResourceOwnerPasswordCredentials({\n username,\n password,\n skipUserInfo = false,\n }: ProcessResourceOwnerPasswordCredentialsArgs): Promise {\n const tokenResponse: Record = await this._tokenClient.exchangeCredentials({ username, password });\n const signinResponse: SigninResponse = new SigninResponse(new URLSearchParams());\n Object.assign(signinResponse, tokenResponse);\n await this._validator.validateCredentialsResponse(signinResponse, skipUserInfo);\n return signinResponse;\n }\n\n public async useRefreshToken({\n state,\n timeoutInSeconds,\n }: UseRefreshTokenArgs): Promise {\n const logger = this._logger.create(\"useRefreshToken\");\n\n const result = await this._tokenClient.exchangeRefreshToken({\n refresh_token: state.refresh_token,\n scope: state.scope,\n timeoutInSeconds,\n });\n const response = new SigninResponse(new URLSearchParams());\n Object.assign(response, result);\n logger.debug(\"validating response\", response);\n await this._validator.validateRefreshResponse(response, state);\n return response;\n }\n\n public async createSignoutRequest({\n state,\n id_token_hint,\n request_type,\n post_logout_redirect_uri = this.settings.post_logout_redirect_uri,\n extraQueryParams = this.settings.extraQueryParams,\n }: CreateSignoutRequestArgs = {}): Promise {\n const logger = this._logger.create(\"createSignoutRequest\");\n\n const url = await this.metadataService.getEndSessionEndpoint();\n if (!url) {\n logger.throw(new Error(\"No end session endpoint\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n logger.debug(\"Received end session endpoint\", url);\n\n const request = new SignoutRequest({\n url,\n id_token_hint,\n post_logout_redirect_uri,\n state_data: state,\n extraQueryParams,\n request_type,\n });\n\n // house cleaning\n await this.clearStaleState();\n\n const signoutState = request.state;\n if (signoutState) {\n logger.debug(\"Signout request has state to persist\");\n await this.settings.stateStore.set(signoutState.id, signoutState.toStorageString());\n }\n\n return request;\n }\n\n public async readSignoutResponseState(url: string, removeState = false): Promise<{ state: State | undefined; response: SignoutResponse }> {\n const logger = this._logger.create(\"readSignoutResponseState\");\n\n const response = new SignoutResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger.debug(\"No state in response\");\n\n if (response.error) {\n logger.warn(\"Response was error:\", response.error);\n throw new ErrorResponse(response);\n }\n\n return { state: undefined, response };\n }\n\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger.throw(new Error(\"No matching state found in storage\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const state = State.fromStorageString(storedStateString);\n return { state, response };\n }\n\n public async processSignoutResponse(url: string): Promise {\n const logger = this._logger.create(\"processSignoutResponse\");\n\n const { state, response } = await this.readSignoutResponseState(url, true);\n if (state) {\n logger.debug(\"Received state from storage; validating response\");\n this._validator.validateSignoutResponse(response, state);\n } else {\n logger.debug(\"No state from storage; skipping response validation\");\n }\n\n return response;\n }\n\n public clearStaleState(): Promise {\n this._logger.create(\"clearStaleState\");\n return State.clearStaleState(this.settings.stateStore, this.settings.staleStateAgeInSeconds);\n }\n\n public async revokeToken(token: string, type?: \"access_token\" | \"refresh_token\"): Promise {\n this._logger.create(\"revokeToken\");\n return await this._tokenClient.revoke({\n token,\n token_type_hint: type,\n });\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { CheckSessionIFrame } from \"./CheckSessionIFrame\";\nimport type { UserManager } from \"./UserManager\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport class SessionMonitor {\n private readonly _logger = new Logger(\"SessionMonitor\");\n\n private _sub: string | undefined;\n private _sid: string | undefined;\n private _checkSessionIFrame?: CheckSessionIFrame;\n\n public constructor(private readonly _userManager: UserManager) {\n if (!_userManager) {\n this._logger.throw(new Error(\"No user manager passed\"));\n }\n\n this._userManager.events.addUserLoaded(this._start);\n this._userManager.events.addUserUnloaded(this._stop);\n\n this._init().catch((err: unknown) => {\n // catch to suppress errors since we're in a ctor\n this._logger.error(err);\n });\n }\n\n protected async _init(): Promise {\n this._logger.create(\"_init\");\n const user = await this._userManager.getUser();\n // doing this manually here since calling getUser\n // doesn't trigger load event.\n if (user) {\n void this._start(user);\n }\n else if (this._userManager.settings.monitorAnonymousSession) {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub && session.sid ? {\n sub: session.sub,\n sid: session.sid,\n } : null,\n };\n void this._start(tmpUser);\n }\n }\n }\n\n protected _start = async (\n user: User | {\n session_state: string;\n profile: { sub: string; sid: string } | null;\n },\n ): Promise => {\n const session_state = user.session_state;\n if (!session_state) {\n return;\n }\n const logger = this._logger.create(\"_start\");\n\n if (user.profile) {\n this._sub = user.profile.sub;\n this._sid = user.profile.sid;\n logger.debug(\"session_state\", session_state, \", sub\", this._sub);\n }\n else {\n this._sub = undefined;\n this._sid = undefined;\n logger.debug(\"session_state\", session_state, \", anonymous user\");\n }\n\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.start(session_state);\n return;\n }\n\n try {\n const url = await this._userManager.metadataService.getCheckSessionIframe();\n if (url) {\n logger.debug(\"initializing check session iframe\");\n\n const client_id = this._userManager.settings.client_id;\n const intervalInSeconds = this._userManager.settings.checkSessionIntervalInSeconds;\n const stopOnError = this._userManager.settings.stopCheckSessionOnError;\n\n const checkSessionIFrame = new CheckSessionIFrame(this._callback, client_id, url, intervalInSeconds, stopOnError);\n await checkSessionIFrame.load();\n this._checkSessionIFrame = checkSessionIFrame;\n checkSessionIFrame.start(session_state);\n }\n else {\n logger.warn(\"no check session iframe found in the metadata\");\n }\n }\n catch (err) {\n // catch to suppress errors since we're in non-promise callback\n logger.error(\"Error from getCheckSessionIframe:\", err instanceof Error ? err.message : err);\n }\n };\n\n protected _stop = (): void => {\n const logger = this._logger.create(\"_stop\");\n this._sub = undefined;\n this._sid = undefined;\n\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.stop();\n }\n\n if (this._userManager.settings.monitorAnonymousSession) {\n // using a timer to delay re-initialization to avoid race conditions during signout\n // TODO rewrite to use promise correctly\n // eslint-disable-next-line @typescript-eslint/no-misused-promises\n const timerHandle = setInterval(async () => {\n clearInterval(timerHandle);\n\n try {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub && session.sid ? {\n sub: session.sub,\n sid: session.sid,\n } : null,\n };\n void this._start(tmpUser);\n }\n }\n catch (err) {\n // catch to suppress errors since we're in a callback\n logger.error(\"error from querySessionStatus\", err instanceof Error ? err.message : err);\n }\n }, 1000);\n }\n };\n\n protected _callback = async (): Promise => {\n const logger = this._logger.create(\"_callback\");\n try {\n const session = await this._userManager.querySessionStatus();\n let raiseEvent = true;\n\n if (session && this._checkSessionIFrame) {\n if (session.sub === this._sub) {\n raiseEvent = false;\n this._checkSessionIFrame.start(session.session_state);\n\n if (session.sid === this._sid) {\n logger.debug(\"same sub still logged in at OP, restarting check session iframe; session_state\", session.session_state);\n }\n else {\n logger.debug(\"same sub still logged in at OP, session state has changed, restarting check session iframe; session_state\", session.session_state);\n this._userManager.events._raiseUserSessionChanged();\n }\n }\n else {\n logger.debug(\"different subject signed into OP\", session.sub);\n }\n }\n else {\n logger.debug(\"subject no longer signed into OP\");\n }\n\n if (raiseEvent) {\n if (this._sub) {\n this._userManager.events._raiseUserSignedOut();\n }\n else {\n this._userManager.events._raiseUserSignedIn();\n }\n } else {\n logger.debug(\"no change in session detected, no event to raise\");\n }\n }\n catch (err) {\n if (this._sub) {\n logger.debug(\"Error calling queryCurrentSigninSession; raising signed out event\", err);\n this._userManager.events._raiseUserSignedOut();\n }\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport type { IdTokenClaims } from \"./Claims\";\n\n/**\n * Holds claims represented by a combination of the `id_token` and the user info endpoint.\n * @public\n */\nexport type UserProfile = IdTokenClaims;\n\n/**\n * @public\n */\nexport class User {\n /**\n * A JSON Web Token (JWT). Only provided if `openid` scope was requested.\n * The application can access the data decoded by using the `profile` property.\n */\n public id_token?: string;\n\n /** The session state value returned from the OIDC provider. */\n public session_state: string | null;\n\n /**\n * The requested access token returned from the OIDC provider. The application can use this token to\n * authenticate itself to the secured resource.\n */\n public access_token: string;\n\n /**\n * An OAuth 2.0 refresh token. The app can use this token to acquire additional access tokens after the\n * current access token expires. Refresh tokens are long-lived and can be used to maintain access to resources\n * for extended periods of time.\n */\n public refresh_token?: string;\n\n /** Typically \"Bearer\" */\n public token_type: string;\n\n /** The scopes that the requested access token is valid for. */\n public scope?: string;\n\n /** The claims represented by a combination of the `id_token` and the user info endpoint. */\n public profile: UserProfile;\n\n /** The expires at returned from the OIDC provider. */\n public expires_at?: number;\n\n /** custom state data set during the initial signin request */\n public readonly state: unknown;\n\n public constructor(args: {\n id_token?: string;\n session_state?: string | null;\n access_token: string;\n refresh_token?: string;\n token_type: string;\n scope?: string;\n profile: UserProfile;\n expires_at?: number;\n userState?: unknown;\n }) {\n this.id_token = args.id_token;\n this.session_state = args.session_state ?? null;\n this.access_token = args.access_token;\n this.refresh_token = args.refresh_token;\n\n this.token_type = args.token_type;\n this.scope = args.scope;\n this.profile = args.profile;\n this.expires_at = args.expires_at;\n this.state = args.userState;\n }\n\n /** Computed number of seconds the access token has remaining. */\n public get expires_in(): number | undefined {\n if (this.expires_at === undefined) {\n return undefined;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n\n public set expires_in(value: number | undefined) {\n if (value !== undefined) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n\n /** Computed value indicating if the access token is expired. */\n public get expired(): boolean | undefined {\n const expires_in = this.expires_in;\n if (expires_in === undefined) {\n return undefined;\n }\n return expires_in <= 0;\n }\n\n /** Array representing the parsed values from the `scope`. */\n public get scopes(): string[] {\n return this.scope?.split(\" \") ?? [];\n }\n\n public toStorageString(): string {\n new Logger(\"User\").create(\"toStorageString\");\n return JSON.stringify({\n id_token: this.id_token,\n session_state: this.session_state,\n access_token: this.access_token,\n refresh_token: this.refresh_token,\n token_type: this.token_type,\n scope: this.scope,\n profile: this.profile,\n expires_at: this.expires_at,\n });\n }\n\n public static fromStorageString(storageString: string): User {\n Logger.createStatic(\"User\", \"fromStorageString\");\n return new User(JSON.parse(storageString));\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Event, Logger, UrlUtils } from \"../utils\";\nimport type { IWindow, NavigateParams, NavigateResponse } from \"./IWindow\";\n\nconst messageSource = \"oidc-client\";\n\ninterface MessageData {\n source: string;\n url: string;\n keepOpen: boolean;\n}\n\n/**\n * Window implementation which resolves via communication from a child window\n * via the `Window.postMessage()` interface.\n *\n * @internal\n */\nexport abstract class AbstractChildWindow implements IWindow {\n protected abstract readonly _logger: Logger;\n protected readonly _abort = new Event<[reason: Error]>(\"Window navigation aborted\");\n protected readonly _disposeHandlers = new Set<() => void>();\n\n protected _window: WindowProxy | null = null;\n\n public async navigate(params: NavigateParams): Promise {\n const logger = this._logger.create(\"navigate\");\n if (!this._window) {\n throw new Error(\"Attempted to navigate on a disposed window\");\n }\n\n logger.debug(\"setting URL in window\");\n this._window.location.replace(params.url);\n\n const { url, keepOpen } = await new Promise((resolve, reject) => {\n const listener = (e: MessageEvent) => {\n const data: MessageData | undefined = e.data;\n const origin = params.scriptOrigin ?? window.location.origin;\n if (e.origin !== origin || data?.source !== messageSource) {\n // silently discard events not intended for us\n return;\n }\n try {\n const state = UrlUtils.readParams(data.url, params.response_mode).get(\"state\");\n if (!state) {\n logger.warn(\"no state found in response url\");\n }\n if (e.source !== this._window && state !== params.state) {\n // MessageEvent source is a relatively modern feature, we can't rely on it\n // so we also inspect the payload for a matching state key as an alternative\n return;\n }\n }\n catch (err) {\n this._dispose();\n reject(new Error(\"Invalid response from window\"));\n }\n resolve(data);\n };\n window.addEventListener(\"message\", listener, false);\n this._disposeHandlers.add(() => window.removeEventListener(\"message\", listener, false));\n this._disposeHandlers.add(this._abort.addHandler((reason) => {\n this._dispose();\n reject(reason);\n }));\n });\n logger.debug(\"got response from window\");\n this._dispose();\n\n if (!keepOpen) {\n this.close();\n }\n\n return { url };\n }\n\n public abstract close(): void;\n\n private _dispose(): void {\n this._logger.create(\"_dispose\");\n\n for (const dispose of this._disposeHandlers) {\n dispose();\n }\n this._disposeHandlers.clear();\n }\n\n protected static _notifyParent(parent: Window, url: string, keepOpen = false, targetOrigin = window.location.origin): void {\n parent.postMessage({\n source: messageSource,\n url,\n keepOpen,\n } as MessageData, targetOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { OidcClientSettings, OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport type { PopupWindowFeatures } from \"./utils/PopupUtils\";\nimport { WebStorageStateStore } from \"./WebStorageStateStore\";\nimport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\n\nexport const DefaultPopupWindowFeatures: PopupWindowFeatures = {\n location: false,\n toolbar: false,\n height: 640,\n};\nexport const DefaultPopupTarget = \"_blank\";\nconst DefaultAccessTokenExpiringNotificationTimeInSeconds = 60;\nconst DefaultCheckSessionIntervalInSeconds = 2;\nexport const DefaultSilentRequestTimeoutInSeconds = 10;\n\n/**\n * The settings used to configure the {@link UserManager}.\n *\n * @public\n */\nexport interface UserManagerSettings extends OidcClientSettings {\n /** The URL for the page containing the call to signinPopupCallback to handle the callback from the OIDC/OAuth2 */\n popup_redirect_uri?: string;\n popup_post_logout_redirect_uri?: string;\n /**\n * The features parameter to window.open for the popup signin window. By default, the popup is\n * placed centered in front of the window opener.\n * (default: \\{ location: false, menubar: false, height: 640 \\})\n */\n popupWindowFeatures?: PopupWindowFeatures;\n /** The target parameter to window.open for the popup signin window (default: \"_blank\") */\n popupWindowTarget?: string;\n /** The methods window.location method used to redirect (default: \"assign\") */\n redirectMethod?: \"replace\" | \"assign\";\n /** The methods target window being redirected (default: \"self\") */\n redirectTarget?: \"top\" | \"self\";\n\n /** The target to pass while calling postMessage inside iframe for callback (default: window.location.origin) */\n iframeNotifyParentOrigin?: string;\n\n /** The script origin to check during 'message' callback execution while performing silent auth via iframe (default: window.location.origin) */\n iframeScriptOrigin?: string;\n\n /** The URL for the page containing the code handling the silent renew */\n silent_redirect_uri?: string;\n /** Number of seconds to wait for the silent renew to return before assuming it has failed or timed out (default: 10) */\n silentRequestTimeoutInSeconds?: number;\n /** Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration (default: true) */\n automaticSilentRenew?: boolean;\n /** Flag to validate user.profile.sub in silent renew calls (default: true) */\n validateSubOnSilentRenew?: boolean;\n /** Flag to control if id_token is included as id_token_hint in silent renew calls (default: false) */\n includeIdTokenInSilentRenew?: boolean;\n\n /** Will raise events for when user has performed a signout at the OP (default: false) */\n monitorSession?: boolean;\n monitorAnonymousSession?: boolean;\n /** Interval in seconds to check the user's session (default: 2) */\n checkSessionIntervalInSeconds?: number;\n query_status_response_type?: string;\n stopCheckSessionOnError?: boolean;\n\n /**\n * The `token_type_hint`s to pass to the authority server by default (default: [\"access_token\", \"refresh_token\"])\n *\n * Token types will be revoked in the same order as they are given here.\n */\n revokeTokenTypes?: (\"access_token\" | \"refresh_token\")[];\n /** Will invoke the revocation endpoint on signout if there is an access token for the user (default: false) */\n revokeTokensOnSignout?: boolean;\n /** Flag to control if id_token is included as id_token_hint in silent signout calls (default: false) */\n includeIdTokenInSilentSignout?: boolean;\n\n /** The number of seconds before an access token is to expire to raise the accessTokenExpiring event (default: 60) */\n accessTokenExpiringNotificationTimeInSeconds?: number;\n\n /**\n * Storage object used to persist User for currently authenticated user (default: window.sessionStorage, InMemoryWebStorage iff no window).\n * E.g. `userStore: new WebStorageStateStore({ store: window.localStorage })`\n */\n userStore?: WebStorageStateStore;\n}\n\n/**\n * The settings with defaults applied of the {@link UserManager}.\n * @see {@link UserManagerSettings}\n *\n * @public\n */\nexport class UserManagerSettingsStore extends OidcClientSettingsStore {\n public readonly popup_redirect_uri: string;\n public readonly popup_post_logout_redirect_uri: string | undefined;\n public readonly popupWindowFeatures: PopupWindowFeatures;\n public readonly popupWindowTarget: string;\n public readonly redirectMethod: \"replace\" | \"assign\";\n public readonly redirectTarget: \"top\" | \"self\";\n\n public readonly iframeNotifyParentOrigin: string | undefined;\n public readonly iframeScriptOrigin: string | undefined;\n\n public readonly silent_redirect_uri: string;\n public readonly silentRequestTimeoutInSeconds: number;\n public readonly automaticSilentRenew: boolean;\n public readonly validateSubOnSilentRenew: boolean;\n public readonly includeIdTokenInSilentRenew: boolean;\n\n public readonly monitorSession: boolean;\n public readonly monitorAnonymousSession: boolean;\n public readonly checkSessionIntervalInSeconds: number;\n public readonly query_status_response_type: string;\n public readonly stopCheckSessionOnError: boolean;\n\n public readonly revokeTokenTypes: (\"access_token\" | \"refresh_token\")[];\n public readonly revokeTokensOnSignout: boolean;\n public readonly includeIdTokenInSilentSignout: boolean;\n\n public readonly accessTokenExpiringNotificationTimeInSeconds: number;\n\n public readonly userStore: WebStorageStateStore;\n\n public constructor(args: UserManagerSettings) {\n const {\n popup_redirect_uri = args.redirect_uri,\n popup_post_logout_redirect_uri = args.post_logout_redirect_uri,\n popupWindowFeatures = DefaultPopupWindowFeatures,\n popupWindowTarget = DefaultPopupTarget,\n redirectMethod = \"assign\",\n redirectTarget = \"self\",\n\n iframeNotifyParentOrigin = args.iframeNotifyParentOrigin,\n iframeScriptOrigin = args.iframeScriptOrigin,\n\n silent_redirect_uri = args.redirect_uri,\n silentRequestTimeoutInSeconds = DefaultSilentRequestTimeoutInSeconds,\n automaticSilentRenew = true,\n validateSubOnSilentRenew = true,\n includeIdTokenInSilentRenew = false,\n\n monitorSession = false,\n monitorAnonymousSession = false,\n checkSessionIntervalInSeconds = DefaultCheckSessionIntervalInSeconds,\n query_status_response_type = \"code\",\n stopCheckSessionOnError = true,\n\n revokeTokenTypes = [\"access_token\", \"refresh_token\"],\n revokeTokensOnSignout = false,\n includeIdTokenInSilentSignout = false,\n\n accessTokenExpiringNotificationTimeInSeconds = DefaultAccessTokenExpiringNotificationTimeInSeconds,\n\n userStore,\n } = args;\n\n super(args);\n\n this.popup_redirect_uri = popup_redirect_uri;\n this.popup_post_logout_redirect_uri = popup_post_logout_redirect_uri;\n this.popupWindowFeatures = popupWindowFeatures;\n this.popupWindowTarget = popupWindowTarget;\n this.redirectMethod = redirectMethod;\n this.redirectTarget = redirectTarget;\n\n this.iframeNotifyParentOrigin = iframeNotifyParentOrigin;\n this.iframeScriptOrigin = iframeScriptOrigin;\n\n this.silent_redirect_uri = silent_redirect_uri;\n this.silentRequestTimeoutInSeconds = silentRequestTimeoutInSeconds;\n this.automaticSilentRenew = automaticSilentRenew;\n this.validateSubOnSilentRenew = validateSubOnSilentRenew;\n this.includeIdTokenInSilentRenew = includeIdTokenInSilentRenew;\n\n this.monitorSession = monitorSession;\n this.monitorAnonymousSession = monitorAnonymousSession;\n this.checkSessionIntervalInSeconds = checkSessionIntervalInSeconds;\n this.stopCheckSessionOnError = stopCheckSessionOnError;\n this.query_status_response_type = query_status_response_type;\n\n this.revokeTokenTypes = revokeTokenTypes;\n this.revokeTokensOnSignout = revokeTokensOnSignout;\n this.includeIdTokenInSilentSignout = includeIdTokenInSilentSignout;\n\n this.accessTokenExpiringNotificationTimeInSeconds = accessTokenExpiringNotificationTimeInSeconds;\n\n if (userStore) {\n this.userStore = userStore;\n }\n else {\n const store = typeof window !== \"undefined\" ? window.sessionStorage : new InMemoryWebStorage();\n this.userStore = new WebStorageStateStore({ store });\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport { ErrorTimeout } from \"../errors\";\nimport type { NavigateParams, NavigateResponse } from \"./IWindow\";\nimport { AbstractChildWindow } from \"./AbstractChildWindow\";\nimport { DefaultSilentRequestTimeoutInSeconds } from \"../UserManagerSettings\";\n\n/**\n * @public\n */\nexport interface IFrameWindowParams {\n silentRequestTimeoutInSeconds?: number;\n}\n\n/**\n * @internal\n */\nexport class IFrameWindow extends AbstractChildWindow {\n protected readonly _logger = new Logger(\"IFrameWindow\");\n private _frame: HTMLIFrameElement | null;\n private _timeoutInSeconds: number;\n\n public constructor({\n silentRequestTimeoutInSeconds = DefaultSilentRequestTimeoutInSeconds,\n }: IFrameWindowParams) {\n super();\n this._timeoutInSeconds = silentRequestTimeoutInSeconds;\n\n this._frame = IFrameWindow.createHiddenIframe();\n this._window = this._frame.contentWindow;\n }\n\n private static createHiddenIframe(): HTMLIFrameElement {\n const iframe = window.document.createElement(\"iframe\");\n\n // shotgun approach\n iframe.style.visibility = \"hidden\";\n iframe.style.position = \"fixed\";\n iframe.style.left = \"-1000px\";\n iframe.style.top = \"0\";\n iframe.width = \"0\";\n iframe.height = \"0\";\n iframe.setAttribute(\"sandbox\", \"allow-scripts allow-same-origin allow-forms\");\n\n window.document.body.appendChild(iframe);\n return iframe;\n }\n\n public async navigate(params: NavigateParams): Promise {\n this._logger.debug(\"navigate: Using timeout of:\", this._timeoutInSeconds);\n const timer = setTimeout(() => this._abort.raise(new ErrorTimeout(\"IFrame timed out without a response\")), this._timeoutInSeconds * 1000);\n this._disposeHandlers.add(() => clearTimeout(timer));\n\n return await super.navigate(params);\n }\n\n public close(): void {\n if (this._frame) {\n if (this._frame.parentNode) {\n this._frame.addEventListener(\"load\", (ev) => {\n const frame = ev.target as HTMLIFrameElement;\n frame.parentNode?.removeChild(frame);\n this._abort.raise(new Error(\"IFrame removed from DOM\"));\n }, true);\n this._frame.contentWindow?.location.replace(\"about:blank\");\n }\n this._frame = null;\n }\n this._window = null;\n }\n\n public static notifyParent(url: string, targetOrigin?: string): void {\n return super._notifyParent(window.parent, url, false, targetOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\nimport { IFrameWindow, IFrameWindowParams } from \"./IFrameWindow\";\nimport type { INavigator } from \"./INavigator\";\n\n/**\n * @internal\n */\nexport class IFrameNavigator implements INavigator {\n private readonly _logger = new Logger(\"IFrameNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n silentRequestTimeoutInSeconds = this._settings.silentRequestTimeoutInSeconds,\n }: IFrameWindowParams): Promise {\n return new IFrameWindow({ silentRequestTimeoutInSeconds });\n }\n\n public async callback(url: string): Promise {\n this._logger.create(\"callback\");\n IFrameWindow.notifyParent(url, this._settings.iframeNotifyParentOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, PopupUtils, PopupWindowFeatures } from \"../utils\";\nimport { DefaultPopupWindowFeatures, DefaultPopupTarget } from \"../UserManagerSettings\";\nimport { AbstractChildWindow } from \"./AbstractChildWindow\";\nimport type { NavigateParams, NavigateResponse } from \"./IWindow\";\n\nconst checkForPopupClosedInterval = 500;\n\n/**\n * @public\n */\nexport interface PopupWindowParams {\n popupWindowFeatures?: PopupWindowFeatures;\n popupWindowTarget?: string;\n}\n\n/**\n * @internal\n */\nexport class PopupWindow extends AbstractChildWindow {\n protected readonly _logger = new Logger(\"PopupWindow\");\n\n protected _window: WindowProxy | null;\n\n public constructor({\n popupWindowTarget = DefaultPopupTarget,\n popupWindowFeatures = {},\n }: PopupWindowParams) {\n super();\n const centeredPopup = PopupUtils.center({ ...DefaultPopupWindowFeatures, ...popupWindowFeatures });\n this._window = window.open(undefined, popupWindowTarget, PopupUtils.serialize(centeredPopup));\n }\n\n public async navigate(params: NavigateParams): Promise {\n this._window?.focus();\n\n const popupClosedInterval = setInterval(() => {\n if (!this._window || this._window.closed) {\n this._abort.raise(new Error(\"Popup closed by user\"));\n }\n }, checkForPopupClosedInterval);\n this._disposeHandlers.add(() => clearInterval(popupClosedInterval));\n\n return await super.navigate(params);\n }\n\n public close(): void {\n if (this._window) {\n if (!this._window.closed) {\n this._window.close();\n this._abort.raise(new Error(\"Popup closed\"));\n }\n }\n this._window = null;\n }\n\n public static notifyOpener(url: string, keepOpen: boolean): void {\n if (!window.opener) {\n throw new Error(\"No window.opener. Can't complete notification.\");\n }\n return super._notifyParent(window.opener, url, keepOpen);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport { PopupWindow, PopupWindowParams } from \"./PopupWindow\";\nimport type { INavigator } from \"./INavigator\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\n\n/**\n * @internal\n */\nexport class PopupNavigator implements INavigator {\n private readonly _logger = new Logger(\"PopupNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n popupWindowFeatures = this._settings.popupWindowFeatures,\n popupWindowTarget = this._settings.popupWindowTarget,\n }: PopupWindowParams): Promise {\n return new PopupWindow({ popupWindowFeatures, popupWindowTarget });\n }\n\n public async callback(url: string, keepOpen = false): Promise {\n this._logger.create(\"callback\");\n\n PopupWindow.notifyOpener(url, keepOpen);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\nimport type { INavigator } from \"./INavigator\";\nimport type { IWindow } from \"./IWindow\";\n\n/**\n * @public\n */\nexport interface RedirectParams {\n redirectMethod?: \"replace\" | \"assign\";\n redirectTarget?: \"top\" | \"self\";\n}\n\n/**\n * @internal\n */\nexport class RedirectNavigator implements INavigator {\n private readonly _logger = new Logger(\"RedirectNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n redirectMethod = this._settings.redirectMethod,\n redirectTarget = this._settings.redirectTarget,\n }: RedirectParams): Promise {\n this._logger.create(\"prepare\");\n let targetWindow = window.self as Window;\n\n if (redirectTarget === \"top\") {\n targetWindow = window.top ?? window.self;\n }\n \n const redirect = targetWindow.location[redirectMethod].bind(targetWindow.location) as (url: string) => never;\n let abort: (reason: Error) => void;\n return {\n navigate: async (params): Promise => {\n this._logger.create(\"navigate\");\n // We use a promise that never resolves to block the caller\n const promise = new Promise((resolve, reject) => {\n abort = reject;\n });\n redirect(params.url);\n return await (promise as Promise);\n },\n close: () => {\n this._logger.create(\"close\");\n abort?.(new Error(\"Redirect aborted\"));\n targetWindow.stop();\n },\n };\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Event } from \"./utils\";\nimport { AccessTokenEvents } from \"./AccessTokenEvents\";\nimport type { UserManagerSettingsStore } from \"./UserManagerSettings\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport type UserLoadedCallback = (user: User) => Promise | void;\n/**\n * @public\n */\nexport type UserUnloadedCallback = () => Promise | void;\n/**\n * @public\n */\nexport type SilentRenewErrorCallback = (error: Error) => Promise | void;\n/**\n * @public\n */\nexport type UserSignedInCallback = () => Promise | void;\n/**\n * @public\n */\nexport type UserSignedOutCallback = () => Promise | void;\n/**\n * @public\n */\nexport type UserSessionChangedCallback = () => Promise | void;\n\n/**\n * @public\n */\nexport class UserManagerEvents extends AccessTokenEvents {\n protected readonly _logger = new Logger(\"UserManagerEvents\");\n\n private readonly _userLoaded = new Event<[User]>(\"User loaded\");\n private readonly _userUnloaded = new Event<[]>(\"User unloaded\");\n private readonly _silentRenewError = new Event<[Error]>(\"Silent renew error\");\n private readonly _userSignedIn = new Event<[]>(\"User signed in\");\n private readonly _userSignedOut = new Event<[]>(\"User signed out\");\n private readonly _userSessionChanged = new Event<[]>(\"User session changed\");\n\n public constructor(settings: UserManagerSettingsStore) {\n super({ expiringNotificationTimeInSeconds: settings.accessTokenExpiringNotificationTimeInSeconds });\n }\n\n public load(user: User, raiseEvent=true): void {\n super.load(user);\n if (raiseEvent) {\n this._userLoaded.raise(user);\n }\n }\n public unload(): void {\n super.unload();\n this._userUnloaded.raise();\n }\n\n /**\n * Add callback: Raised when a user session has been established (or re-established).\n */\n public addUserLoaded(cb: UserLoadedCallback): () => void {\n return this._userLoaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been established (or re-established).\n */\n public removeUserLoaded(cb: UserLoadedCallback): void {\n return this._userLoaded.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised when a user session has been terminated.\n */\n public addUserUnloaded(cb: UserUnloadedCallback): () => void {\n return this._userUnloaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been terminated.\n */\n public removeUserUnloaded(cb: UserUnloadedCallback): void {\n return this._userUnloaded.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised when the automatic silent renew has failed.\n */\n public addSilentRenewError(cb: SilentRenewErrorCallback): () => void {\n return this._silentRenewError.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the automatic silent renew has failed.\n */\n public removeSilentRenewError(cb: SilentRenewErrorCallback): void {\n return this._silentRenewError.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseSilentRenewError(e: Error): void {\n this._silentRenewError.raise(e);\n }\n\n /**\n * Add callback: Raised when the user is signed in (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSignedIn(cb: UserSignedInCallback): () => void {\n return this._userSignedIn.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user is signed in (when `monitorSession` is set).\n */\n public removeUserSignedIn(cb: UserSignedInCallback): void {\n this._userSignedIn.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseUserSignedIn(): void {\n this._userSignedIn.raise();\n }\n\n /**\n * Add callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSignedOut(cb: UserSignedOutCallback): () => void {\n return this._userSignedOut.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n */\n public removeUserSignedOut(cb: UserSignedOutCallback): void {\n this._userSignedOut.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseUserSignedOut(): void {\n this._userSignedOut.raise();\n }\n\n /**\n * Add callback: Raised when the user session changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSessionChanged(cb: UserSessionChangedCallback): () => void {\n return this._userSessionChanged.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user session changed (when `monitorSession` is set).\n */\n public removeUserSessionChanged(cb: UserSessionChangedCallback): void {\n this._userSessionChanged.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseUserSessionChanged(): void {\n this._userSessionChanged.raise();\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport { ErrorTimeout } from \"./errors\";\nimport type { UserManager } from \"./UserManager\";\nimport type { AccessTokenCallback } from \"./AccessTokenEvents\";\n\n/**\n * @internal\n */\nexport class SilentRenewService {\n protected _logger = new Logger(\"SilentRenewService\");\n private _isStarted = false;\n private readonly _retryTimer = new Timer(\"Retry Silent Renew\");\n\n public constructor(private _userManager: UserManager) {}\n\n public async start(): Promise {\n const logger = this._logger.create(\"start\");\n if (!this._isStarted) {\n this._isStarted = true;\n this._userManager.events.addAccessTokenExpiring(this._tokenExpiring);\n this._retryTimer.addHandler(this._tokenExpiring);\n\n // this will trigger loading of the user so the expiring events can be initialized\n try {\n await this._userManager.getUser();\n // deliberate nop\n }\n catch (err) {\n // catch to suppress errors since we're in a ctor\n logger.error(\"getUser error\", err);\n }\n }\n }\n\n public stop(): void {\n if (this._isStarted) {\n this._retryTimer.cancel();\n this._retryTimer.removeHandler(this._tokenExpiring);\n this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring);\n this._isStarted = false;\n }\n }\n\n protected _tokenExpiring: AccessTokenCallback = async () => {\n const logger = this._logger.create(\"_tokenExpiring\");\n try {\n await this._userManager.signinSilent();\n logger.debug(\"silent token renewal successful\");\n }\n catch (err) {\n if (err instanceof ErrorTimeout) {\n // no response from authority server, e.g. IFrame timeout, ...\n logger.warn(\"ErrorTimeout from signinSilent:\", err, \"retry in 5s\");\n this._retryTimer.init(5);\n return;\n }\n\n logger.error(\"Error from signinSilent:\", err);\n this._userManager.events._raiseSilentRenewError(err as Error);\n }\n };\n}\n", "// Copyright (C) AuthTS Contributors\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport type { UserProfile } from \"./User\";\n\n/**\n * Fake state store implementation necessary for validating refresh token requests.\n *\n * @internal\n */\nexport class RefreshState {\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n public readonly data: unknown | undefined;\n\n public readonly refresh_token: string;\n public readonly id_token?: string;\n public readonly session_state: string | null;\n public readonly scope?: string;\n public readonly profile: UserProfile;\n\n constructor(args: {\n refresh_token: string;\n id_token?: string;\n session_state: string | null;\n scope?: string;\n profile: UserProfile;\n\n state?: unknown;\n }) {\n this.refresh_token = args.refresh_token;\n this.id_token = args.id_token;\n this.session_state = args.session_state;\n this.scope = args.scope;\n this.profile = args.profile;\n\n this.data = args.state;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport { IFrameNavigator, NavigateResponse, PopupNavigator, RedirectNavigator, PopupWindowParams,\n IWindow, IFrameWindowParams, RedirectParams } from \"./navigators\";\nimport { OidcClient, CreateSigninRequestArgs, CreateSignoutRequestArgs, ProcessResourceOwnerPasswordCredentialsArgs } from \"./OidcClient\";\nimport { UserManagerSettings, UserManagerSettingsStore } from \"./UserManagerSettings\";\nimport { User } from \"./User\";\nimport { UserManagerEvents } from \"./UserManagerEvents\";\nimport { SilentRenewService } from \"./SilentRenewService\";\nimport { SessionMonitor } from \"./SessionMonitor\";\nimport type { SessionStatus } from \"./SessionStatus\";\nimport type { SignoutResponse } from \"./SignoutResponse\";\nimport type { MetadataService } from \"./MetadataService\";\nimport { RefreshState } from \"./RefreshState\";\nimport type { SigninResponse } from \"./SigninResponse\";\n\n/**\n * @public\n */\nexport type ExtraSigninRequestArgs = Pick;\n/**\n * @public\n */\nexport type ExtraSignoutRequestArgs = Pick;\n\n/**\n * @public\n */\nexport type RevokeTokensTypes = UserManagerSettings[\"revokeTokenTypes\"];\n\n/**\n * @public\n */\nexport type SigninRedirectArgs = RedirectParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninPopupArgs = PopupWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninSilentArgs = IFrameWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninResourceOwnerCredentialsArgs = ProcessResourceOwnerPasswordCredentialsArgs;\n\n/**\n * @public\n */\nexport type QuerySessionStatusArgs = IFrameWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutRedirectArgs = RedirectParams & ExtraSignoutRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutPopupArgs = PopupWindowParams & ExtraSignoutRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutSilentArgs = IFrameWindowParams & ExtraSignoutRequestArgs;\n\n/**\n * Provides a higher level API for signing a user in, signing out, managing the user's claims returned from the OIDC provider,\n * and managing an access token returned from the OIDC/OAuth2 provider.\n *\n * @public\n */\nexport class UserManager {\n /** Returns the settings used to configure the `UserManager`. */\n public readonly settings: UserManagerSettingsStore;\n protected readonly _logger = new Logger(\"UserManager\");\n\n protected readonly _client: OidcClient;\n protected readonly _redirectNavigator: RedirectNavigator;\n protected readonly _popupNavigator: PopupNavigator;\n protected readonly _iframeNavigator: IFrameNavigator;\n protected readonly _events: UserManagerEvents;\n protected readonly _silentRenewService: SilentRenewService;\n protected readonly _sessionMonitor: SessionMonitor | null;\n\n public constructor(settings: UserManagerSettings) {\n this.settings = new UserManagerSettingsStore(settings);\n\n this._client = new OidcClient(settings);\n\n this._redirectNavigator = new RedirectNavigator(this.settings);\n this._popupNavigator = new PopupNavigator(this.settings);\n this._iframeNavigator = new IFrameNavigator(this.settings);\n\n this._events = new UserManagerEvents(this.settings);\n this._silentRenewService = new SilentRenewService(this);\n\n // order is important for the following properties; these services depend upon the events.\n if (this.settings.automaticSilentRenew) {\n this.startSilentRenew();\n }\n\n this._sessionMonitor = null;\n if (this.settings.monitorSession) {\n this._sessionMonitor = new SessionMonitor(this);\n }\n\n }\n\n /** Returns an object used to register for events raised by the `UserManager`. */\n public get events(): UserManagerEvents {\n return this._events;\n }\n\n /** Returns an object used to access the metadata configuration of the OIDC provider. */\n public get metadataService(): MetadataService {\n return this._client.metadataService;\n }\n\n /**\n * Returns promise to load the `User` object for the currently authenticated user.\n */\n public async getUser(): Promise {\n const logger = this._logger.create(\"getUser\");\n const user = await this._loadUser();\n if (user) {\n logger.info(\"user loaded\");\n this._events.load(user, false);\n return user;\n }\n\n logger.info(\"user not found in storage\");\n return null;\n }\n\n /**\n * Returns promise to remove from any storage the currently authenticated user.\n */\n public async removeUser(): Promise {\n const logger = this._logger.create(\"removeUser\");\n await this.storeUser(null);\n logger.info(\"user removed from storage\");\n this._events.unload();\n }\n\n /**\n * Returns promise to trigger a redirect of the current window to the authorization endpoint.\n */\n public async signinRedirect(args: SigninRedirectArgs = {}): Promise {\n this._logger.create(\"signinRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signinStart({\n request_type: \"si:r\",\n ...requestArgs,\n }, handle);\n }\n\n /**\n * Returns promise to process response from the authorization endpoint. The result of the promise is the authenticated `User`.\n */\n public async signinRedirectCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signinRedirectCallback\");\n const user = await this._signinEnd(url);\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n\n return user;\n }\n\n /**\n * Returns promise to process the signin with user/password. The result of the promise is the authenticated `User`.\n *\n * Throws an ErrorResponse in case of wrong authentication.\n */\n public async signinResourceOwnerCredentials({\n username,\n password,\n skipUserInfo = false,\n }: SigninResourceOwnerCredentialsArgs ) {\n const logger = this._logger.create(\"signinResourceOwnerCredential\");\n\n const signinResponse = await this._client.processResourceOwnerPasswordCredentials({ username, password, skipUserInfo });\n logger.debug(\"got signin response\");\n\n const user = await this._buildUser(signinResponse);\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n } else {\n logger.info(\"no subject\");\n }\n return user;\n }\n\n /**\n * Returns promise to trigger a request (via a popup window) to the authorization endpoint. The result of the promise is the authenticated `User`.\n */\n public async signinPopup(args: SigninPopupArgs = {}): Promise {\n const logger = this._logger.create(\"signinPopup\");\n const {\n popupWindowFeatures,\n popupWindowTarget,\n ...requestArgs\n } = args;\n const url = this.settings.popup_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No popup_redirect_uri configured\"));\n }\n\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget });\n const user = await this._signin({\n request_type: \"si:p\",\n redirect_uri: url,\n display: \"popup\",\n ...requestArgs,\n }, handle);\n if (user) {\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n }\n\n return user;\n }\n /**\n * Returns promise to notify the opening window of response from the authorization endpoint.\n */\n public async signinPopupCallback(url = window.location.href, keepOpen = false): Promise {\n const logger = this._logger.create(\"signinPopupCallback\");\n await this._popupNavigator.callback(url, keepOpen);\n logger.info(\"success\");\n }\n\n /**\n * Returns promise to trigger a silent request (via an iframe) to the authorization endpoint.\n * The result of the promise is the authenticated `User`.\n */\n public async signinSilent(args: SigninSilentArgs = {}): Promise {\n const logger = this._logger.create(\"signinSilent\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n // first determine if we have a refresh token, or need to use iframe\n let user = await this._loadUser();\n if (user?.refresh_token) {\n logger.debug(\"using refresh token\");\n const state = new RefreshState(user as Required);\n return await this._useRefreshToken(state);\n }\n\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n\n let verifySub: string | undefined;\n if (user && this.settings.validateSubOnSilentRenew) {\n logger.debug(\"subject prior to silent renew:\", user.profile.sub);\n verifySub = user.profile.sub;\n }\n\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n user = await this._signin({\n request_type: \"si:s\",\n redirect_uri: url,\n prompt: \"none\",\n id_token_hint: this.settings.includeIdTokenInSilentRenew ? user?.id_token : undefined,\n ...requestArgs,\n }, handle, verifySub);\n if (user) {\n if (user.profile?.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n }\n\n return user;\n }\n\n protected async _useRefreshToken(state: RefreshState): Promise {\n const response = await this._client.useRefreshToken({\n state,\n timeoutInSeconds: this.settings.silentRequestTimeoutInSeconds,\n });\n const user = new User({ ...state, ...response });\n\n await this.storeUser(user);\n this._events.load(user);\n return user;\n }\n\n /**\n * Returns promise to notify the parent window of response from the authorization endpoint.\n */\n public async signinSilentCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signinSilentCallback\");\n await this._iframeNavigator.callback(url);\n logger.info(\"success\");\n }\n\n public async signinCallback(url = window.location.href): Promise {\n const { state } = await this._client.readSigninResponseState(url);\n switch (state.request_type) {\n case \"si:r\":\n return await this.signinRedirectCallback(url);\n case \"si:p\":\n return await this.signinPopupCallback(url);\n case \"si:s\":\n return await this.signinSilentCallback(url);\n default:\n throw new Error(\"invalid response_type in state\");\n }\n }\n\n public async signoutCallback(url = window.location.href, keepOpen = false): Promise {\n const { state } = await this._client.readSignoutResponseState(url);\n if (!state) {\n return;\n }\n\n switch (state.request_type) {\n case \"so:r\":\n await this.signoutRedirectCallback(url);\n break;\n case \"so:p\":\n await this.signoutPopupCallback(url, keepOpen);\n break;\n case \"so:s\":\n await this.signoutSilentCallback(url);\n break;\n default:\n throw new Error(\"invalid response_type in state\");\n }\n }\n\n /**\n * Returns promise to query OP for user's current signin status. Returns object with session_state and subject identifier.\n */\n public async querySessionStatus(args: QuerySessionStatusArgs = {}): Promise {\n const logger = this._logger.create(\"querySessionStatus\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n\n const user = await this._loadUser();\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n const navResponse = await this._signinStart({\n request_type: \"si:s\", // this acts like a signin silent\n redirect_uri: url,\n prompt: \"none\",\n id_token_hint: this.settings.includeIdTokenInSilentRenew ? user?.id_token : undefined,\n response_type: this.settings.query_status_response_type,\n scope: \"openid\",\n skipUserInfo: true,\n ...requestArgs,\n }, handle);\n try {\n const signinResponse = await this._client.processSigninResponse(navResponse.url);\n logger.debug(\"got signin response\");\n\n if (signinResponse.session_state && signinResponse.profile.sub) {\n logger.info(\"success for subject\", signinResponse.profile.sub);\n return {\n session_state: signinResponse.session_state,\n sub: signinResponse.profile.sub,\n sid: signinResponse.profile.sid,\n };\n }\n\n logger.info(\"success, user not authenticated\");\n return null;\n }\n catch (err) {\n if (this.settings.monitorAnonymousSession && err instanceof ErrorResponse) {\n switch (err.error) {\n case \"login_required\":\n case \"consent_required\":\n case \"interaction_required\":\n case \"account_selection_required\":\n logger.info(\"success for anonymous user\");\n return {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n session_state: err.session_state!,\n };\n }\n }\n throw err;\n }\n }\n\n protected async _signin(args: CreateSigninRequestArgs, handle: IWindow, verifySub?: string): Promise {\n const navResponse = await this._signinStart(args, handle);\n return await this._signinEnd(navResponse.url, verifySub);\n }\n protected async _signinStart(args: CreateSigninRequestArgs, handle: IWindow): Promise {\n const logger = this._logger.create(\"_signinStart\");\n\n try {\n const signinRequest = await this._client.createSigninRequest(args);\n logger.debug(\"got signin request\");\n\n return await handle.navigate({\n url: signinRequest.url,\n state: signinRequest.state.id,\n response_mode: signinRequest.state.response_mode,\n scriptOrigin: this.settings.iframeScriptOrigin,\n });\n }\n catch (err) {\n logger.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n protected async _signinEnd(url: string, verifySub?: string): Promise {\n const logger = this._logger.create(\"_signinEnd\");\n const signinResponse = await this._client.processSigninResponse(url);\n logger.debug(\"got signin response\");\n\n const user = await this._buildUser(signinResponse, verifySub);\n return user;\n }\n\n protected async _buildUser(signinResponse: SigninResponse, verifySub?: string) {\n const logger = this._logger.create(\"_buildUser\");\n const user = new User(signinResponse);\n if (verifySub) {\n if (verifySub !== user.profile.sub) {\n logger.debug(\"current user does not match user returned from signin. sub from signin:\", user.profile.sub);\n throw new ErrorResponse({ ...signinResponse, error: \"login_required\" });\n }\n logger.debug(\"current user matches user returned from signin\");\n }\n\n await this.storeUser(user);\n logger.debug(\"user stored\");\n this._events.load(user);\n\n return user;\n }\n\n /**\n * Returns promise to trigger a redirect of the current window to the end session endpoint.\n */\n public async signoutRedirect(args: SignoutRedirectArgs = {}): Promise {\n const logger = this._logger.create(\"signoutRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signoutStart({\n request_type: \"so:r\",\n post_logout_redirect_uri: this.settings.post_logout_redirect_uri,\n ...requestArgs,\n }, handle);\n logger.info(\"success\");\n }\n\n /**\n * Returns promise to process response from the end session endpoint.\n */\n public async signoutRedirectCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signoutRedirectCallback\");\n const response = await this._signoutEnd(url);\n logger.info(\"success\");\n return response;\n }\n\n /**\n * Returns promise to trigger a redirect of a popup window window to the end session endpoint.\n */\n public async signoutPopup(args: SignoutPopupArgs = {}): Promise {\n const logger = this._logger.create(\"signoutPopup\");\n const {\n popupWindowFeatures,\n popupWindowTarget,\n ...requestArgs\n } = args;\n const url = this.settings.popup_post_logout_redirect_uri;\n\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget });\n await this._signout({\n request_type: \"so:p\",\n post_logout_redirect_uri: url,\n // we're putting a dummy entry in here because we\n // need a unique id from the state for notification\n // to the parent window, which is necessary if we\n // plan to return back to the client after signout\n // and so we can close the popup after signout\n state: url == null ? undefined : {},\n ...requestArgs,\n }, handle);\n logger.info(\"success\");\n }\n\n /**\n * Returns promise to process response from the end session endpoint from a popup window.\n */\n public async signoutPopupCallback(url = window.location.href, keepOpen = false): Promise {\n const logger = this._logger.create(\"signoutPopupCallback\");\n await this._popupNavigator.callback(url, keepOpen);\n logger.info(\"success\");\n }\n\n protected async _signout(args: CreateSignoutRequestArgs, handle: IWindow): Promise {\n const navResponse = await this._signoutStart(args, handle);\n return await this._signoutEnd(navResponse.url);\n }\n protected async _signoutStart(args: CreateSignoutRequestArgs = {}, handle: IWindow): Promise {\n const logger = this._logger.create(\"_signoutStart\");\n\n try {\n const user = await this._loadUser();\n logger.debug(\"loaded current user from storage\");\n\n if (this.settings.revokeTokensOnSignout) {\n await this._revokeInternal(user);\n }\n\n const id_token = args.id_token_hint || user && user.id_token;\n if (id_token) {\n logger.debug(\"setting id_token_hint in signout request\");\n args.id_token_hint = id_token;\n }\n\n await this.removeUser();\n logger.debug(\"user removed, creating signout request\");\n\n const signoutRequest = await this._client.createSignoutRequest(args);\n logger.debug(\"got signout request\");\n\n return await handle.navigate({\n url: signoutRequest.url,\n state: signoutRequest.state?.id,\n });\n }\n catch (err) {\n logger.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n protected async _signoutEnd(url: string): Promise {\n const logger = this._logger.create(\"_signoutEnd\");\n const signoutResponse = await this._client.processSignoutResponse(url);\n logger.debug(\"got signout response\");\n\n return signoutResponse;\n }\n\n /**\n * Returns promise to trigger a silent request (via an iframe) to the end session endpoint.\n */\n public async signoutSilent(args: SignoutSilentArgs = {}): Promise {\n const logger = this._logger.create(\"signoutSilent\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n\n const id_token_hint = this.settings.includeIdTokenInSilentSignout\n ? (await this._loadUser())?.id_token\n : undefined;\n\n const url = this.settings.popup_post_logout_redirect_uri;\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n await this._signout({\n request_type: \"so:s\",\n post_logout_redirect_uri: url,\n id_token_hint: id_token_hint,\n ...requestArgs,\n }, handle);\n\n logger.info(\"success\");\n }\n\n /**\n * Returns promise to notify the parent window of response from the end session endpoint.\n */\n public async signoutSilentCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signoutSilentCallback\");\n await this._iframeNavigator.callback(url);\n logger.info(\"success\");\n }\n\n public async revokeTokens(types?: RevokeTokensTypes): Promise {\n const user = await this._loadUser();\n await this._revokeInternal(user, types);\n }\n\n protected async _revokeInternal(user: User | null, types = this.settings.revokeTokenTypes): Promise {\n const logger = this._logger.create(\"_revokeInternal\");\n if (!user) return;\n\n const typesPresent = types.filter(type => typeof user[type] === \"string\");\n\n if (!typesPresent.length) {\n logger.debug(\"no need to revoke due to no token(s)\");\n return;\n }\n\n // don't Promise.all, order matters\n for (const type of typesPresent) {\n await this._client.revokeToken(\n user[type]!, // eslint-disable-line @typescript-eslint/no-non-null-assertion\n type,\n );\n logger.info(`${type} revoked successfully`);\n if (type !== \"access_token\") {\n user[type] = null as never;\n }\n }\n\n await this.storeUser(user);\n logger.debug(\"user stored\");\n this._events.load(user);\n }\n\n /**\n * Enables silent renew for the `UserManager`.\n */\n public startSilentRenew(): void {\n this._logger.create(\"startSilentRenew\");\n void this._silentRenewService.start();\n }\n\n /**\n * Disables silent renew for the `UserManager`.\n */\n public stopSilentRenew(): void {\n this._silentRenewService.stop();\n }\n\n protected get _userStoreKey(): string {\n return `user:${this.settings.authority}:${this.settings.client_id}`;\n }\n\n protected async _loadUser(): Promise {\n const logger = this._logger.create(\"_loadUser\");\n const storageString = await this.settings.userStore.get(this._userStoreKey);\n if (storageString) {\n logger.debug(\"user storageString loaded\");\n return User.fromStorageString(storageString);\n }\n\n logger.debug(\"no user storageString\");\n return null;\n }\n\n public async storeUser(user: User | null): Promise {\n const logger = this._logger.create(\"storeUser\");\n if (user) {\n logger.debug(\"storing user\");\n const storageString = user.toStorageString();\n await this.settings.userStore.set(this._userStoreKey, storageString);\n }\n else {\n this._logger.debug(\"removing user\");\n await this.settings.userStore.remove(this._userStoreKey);\n }\n }\n\n /**\n * Removes stale state entries in storage for incomplete authorize requests.\n */\n public async clearStaleState(): Promise {\n await this._client.clearStaleState();\n }\n}\n", "// @ts-expect-error avoid enabling resolveJsonModule to keep build process simple\nimport { version } from \"../package.json\";\n\n/**\n * @public\n */\nexport const Version: string = version;\n"], "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;;;ACAA;AAAA;AAAC,OAAC,SAAU,MAAM,SAAS;AAC1B,YAAI,OAAO,YAAY,UAAU;AAEhC,iBAAO,UAAU,UAAU,QAAQ;AAAA,QACpC,WACS,OAAO,WAAW,cAAc,OAAO,KAAK;AAEpD,iBAAO,CAAC,GAAG,OAAO;AAAA,QACnB,OACK;AAEJ,eAAK,WAAW,QAAQ;AAAA,QACzB;AAAA,MACD,GAAE,SAAM,WAAY;AAOnB,YAAIA,YAAWA,aAAa,SAAUC,OAAMC,YAAW;AAEnD,cAAI;AAGJ,cAAI,OAAO,WAAW,eAAe,OAAO,QAAQ;AAChD,qBAAS,OAAO;AAAA,UACpB;AAGA,cAAI,OAAO,SAAS,eAAe,KAAK,QAAQ;AAC5C,qBAAS,KAAK;AAAA,UAClB;AAGA,cAAI,OAAO,eAAe,eAAe,WAAW,QAAQ;AACxD,qBAAS,WAAW;AAAA,UACxB;AAGA,cAAI,CAAC,UAAU,OAAO,WAAW,eAAe,OAAO,UAAU;AAC7D,qBAAS,OAAO;AAAA,UACpB;AAGA,cAAI,CAAC,UAAU,OAAO,WAAW,eAAe,OAAO,QAAQ;AAC3D,qBAAS,OAAO;AAAA,UACpB;AAGA,cAAI,CAAC,UAAU,OAAO,cAAY,YAAY;AAC1C,gBAAI;AACA,uBAAS;AAAA,YACb,SAAS,KAAP;AAAA,YAAa;AAAA,UACnB;AAOA,cAAI,wBAAwB,WAAY;AACpC,gBAAI,QAAQ;AAER,kBAAI,OAAO,OAAO,oBAAoB,YAAY;AAC9C,oBAAI;AACA,yBAAO,OAAO,gBAAgB,IAAI,YAAY,CAAC,CAAC,EAAE;AAAA,gBACtD,SAAS,KAAP;AAAA,gBAAa;AAAA,cACnB;AAGA,kBAAI,OAAO,OAAO,gBAAgB,YAAY;AAC1C,oBAAI;AACA,yBAAO,OAAO,YAAY,CAAC,EAAE,YAAY;AAAA,gBAC7C,SAAS,KAAP;AAAA,gBAAa;AAAA,cACnB;AAAA,YACJ;AAEA,kBAAM,IAAI,MAAM,qEAAqE;AAAA,UACzF;AAMA,cAAI,SAAS,OAAO,UAAW,WAAY;AACvC,qBAAS,IAAI;AAAA,YAAC;AAEd,mBAAO,SAAU,KAAK;AAClB,kBAAI;AAEJ,gBAAE,YAAY;AAEd,wBAAU,IAAI,EAAE;AAEhB,gBAAE,YAAY;AAEd,qBAAO;AAAA,YACX;AAAA,UACJ,EAAE;AAKF,cAAI,IAAI,CAAC;AAKT,cAAI,QAAQ,EAAE,MAAM,CAAC;AAKrB,cAAI,OAAO,MAAM,OAAQ,WAAY;AAGjC,mBAAO;AAAA,cAmBH,QAAQ,SAAU,WAAW;AAEzB,oBAAI,UAAU,OAAO,IAAI;AAGzB,oBAAI,WAAW;AACX,0BAAQ,MAAM,SAAS;AAAA,gBAC3B;AAGA,oBAAI,CAAC,QAAQ,eAAe,MAAM,KAAK,KAAK,SAAS,QAAQ,MAAM;AAC/D,0BAAQ,OAAO,WAAY;AACvB,4BAAQ,OAAO,KAAK,MAAM,MAAM,SAAS;AAAA,kBAC7C;AAAA,gBACJ;AAGA,wBAAQ,KAAK,YAAY;AAGzB,wBAAQ,SAAS;AAEjB,uBAAO;AAAA,cACX;AAAA,cAcA,QAAQ,WAAY;AAChB,oBAAI,WAAW,KAAK,OAAO;AAC3B,yBAAS,KAAK,MAAM,UAAU,SAAS;AAEvC,uBAAO;AAAA,cACX;AAAA,cAcA,MAAM,WAAY;AAAA,cAClB;AAAA,cAaA,OAAO,SAAU,YAAY;AACzB,yBAAS,gBAAgB,YAAY;AACjC,sBAAI,WAAW,eAAe,YAAY,GAAG;AACzC,yBAAK,gBAAgB,WAAW;AAAA,kBACpC;AAAA,gBACJ;AAGA,oBAAI,WAAW,eAAe,UAAU,GAAG;AACvC,uBAAK,WAAW,WAAW;AAAA,gBAC/B;AAAA,cACJ;AAAA,cAWA,OAAO,WAAY;AACf,uBAAO,KAAK,KAAK,UAAU,OAAO,IAAI;AAAA,cAC1C;AAAA,YACJ;AAAA,UACJ,EAAE;AAQF,cAAI,YAAY,MAAM,YAAY,KAAK,OAAO;AAAA,YAa1C,MAAM,SAAU,OAAO,UAAU;AAC7B,sBAAQ,KAAK,QAAQ,SAAS,CAAC;AAE/B,kBAAI,YAAYA,YAAW;AACvB,qBAAK,WAAW;AAAA,cACpB,OAAO;AACH,qBAAK,WAAW,MAAM,SAAS;AAAA,cACnC;AAAA,YACJ;AAAA,YAeA,UAAU,SAAU,SAAS;AACzB,sBAAQ,WAAW,KAAK,UAAU,IAAI;AAAA,YAC1C;AAAA,YAaA,QAAQ,SAAU,WAAW;AAEzB,kBAAI,YAAY,KAAK;AACrB,kBAAI,YAAY,UAAU;AAC1B,kBAAI,eAAe,KAAK;AACxB,kBAAI,eAAe,UAAU;AAG7B,mBAAK,MAAM;AAGX,kBAAI,eAAe,GAAG;AAElB,yBAAS,IAAI,GAAG,IAAI,cAAc,KAAK;AACnC,sBAAI,WAAY,UAAU,MAAM,OAAQ,KAAM,IAAI,IAAK,IAAM;AAC7D,4BAAW,eAAe,MAAO,MAAM,YAAa,MAAO,eAAe,KAAK,IAAK;AAAA,gBACxF;AAAA,cACJ,OAAO;AAEH,yBAAS,IAAI,GAAG,IAAI,cAAc,KAAK,GAAG;AACtC,4BAAW,eAAe,MAAO,KAAK,UAAU,MAAM;AAAA,gBAC1D;AAAA,cACJ;AACA,mBAAK,YAAY;AAGjB,qBAAO;AAAA,YACX;AAAA,YASA,OAAO,WAAY;AAEf,kBAAI,QAAQ,KAAK;AACjB,kBAAI,WAAW,KAAK;AAGpB,oBAAM,aAAa,MAAM,cAAe,KAAM,WAAW,IAAK;AAC9D,oBAAM,SAASD,MAAK,KAAK,WAAW,CAAC;AAAA,YACzC;AAAA,YAWA,OAAO,WAAY;AACf,kBAAI,QAAQ,KAAK,MAAM,KAAK,IAAI;AAChC,oBAAM,QAAQ,KAAK,MAAM,MAAM,CAAC;AAEhC,qBAAO;AAAA,YACX;AAAA,YAeA,QAAQ,SAAU,QAAQ;AACtB,kBAAI,QAAQ,CAAC;AAEb,uBAAS,IAAI,GAAG,IAAI,QAAQ,KAAK,GAAG;AAChC,sBAAM,KAAK,sBAAsB,CAAC;AAAA,cACtC;AAEA,qBAAO,IAAI,UAAU,KAAK,OAAO,MAAM;AAAA,YAC3C;AAAA,UACJ,CAAC;AAKD,cAAI,QAAQ,EAAE,MAAM,CAAC;AAKrB,cAAI,MAAM,MAAM,MAAM;AAAA,YAclB,WAAW,SAAU,WAAW;AAE5B,kBAAI,QAAQ,UAAU;AACtB,kBAAI,WAAW,UAAU;AAGzB,kBAAI,WAAW,CAAC;AAChB,uBAAS,IAAI,GAAG,IAAI,UAAU,KAAK;AAC/B,oBAAI,OAAQ,MAAM,MAAM,OAAQ,KAAM,IAAI,IAAK,IAAM;AACrD,yBAAS,MAAM,SAAS,GAAG,SAAS,EAAE,CAAC;AACvC,yBAAS,MAAM,OAAO,IAAM,SAAS,EAAE,CAAC;AAAA,cAC5C;AAEA,qBAAO,SAAS,KAAK,EAAE;AAAA,YAC3B;AAAA,YAeA,OAAO,SAAU,QAAQ;AAErB,kBAAI,eAAe,OAAO;AAG1B,kBAAI,QAAQ,CAAC;AACb,uBAAS,IAAI,GAAG,IAAI,cAAc,KAAK,GAAG;AACtC,sBAAM,MAAM,MAAM,SAAS,OAAO,OAAO,GAAG,CAAC,GAAG,EAAE,KAAM,KAAM,IAAI,IAAK;AAAA,cAC3E;AAEA,qBAAO,IAAI,UAAU,KAAK,OAAO,eAAe,CAAC;AAAA,YACrD;AAAA,UACJ;AAKA,cAAI,SAAS,MAAM,SAAS;AAAA,YAcxB,WAAW,SAAU,WAAW;AAE5B,kBAAI,QAAQ,UAAU;AACtB,kBAAI,WAAW,UAAU;AAGzB,kBAAI,cAAc,CAAC;AACnB,uBAAS,IAAI,GAAG,IAAI,UAAU,KAAK;AAC/B,oBAAI,OAAQ,MAAM,MAAM,OAAQ,KAAM,IAAI,IAAK,IAAM;AACrD,4BAAY,KAAK,OAAO,aAAa,IAAI,CAAC;AAAA,cAC9C;AAEA,qBAAO,YAAY,KAAK,EAAE;AAAA,YAC9B;AAAA,YAeA,OAAO,SAAU,WAAW;AAExB,kBAAI,kBAAkB,UAAU;AAGhC,kBAAI,QAAQ,CAAC;AACb,uBAAS,IAAI,GAAG,IAAI,iBAAiB,KAAK;AACtC,sBAAM,MAAM,OAAO,UAAU,WAAW,CAAC,IAAI,QAAU,KAAM,IAAI,IAAK;AAAA,cAC1E;AAEA,qBAAO,IAAI,UAAU,KAAK,OAAO,eAAe;AAAA,YACpD;AAAA,UACJ;AAKA,cAAIE,QAAO,MAAM,OAAO;AAAA,YAcpB,WAAW,SAAU,WAAW;AAC5B,kBAAI;AACA,uBAAO,mBAAmB,OAAO,OAAO,UAAU,SAAS,CAAC,CAAC;AAAA,cACjE,SAASC,IAAP;AACE,sBAAM,IAAI,MAAM,sBAAsB;AAAA,cAC1C;AAAA,YACJ;AAAA,YAeA,OAAO,SAAU,SAAS;AACtB,qBAAO,OAAO,MAAM,SAAS,mBAAmB,OAAO,CAAC,CAAC;AAAA,YAC7D;AAAA,UACJ;AASA,cAAI,yBAAyB,MAAM,yBAAyB,KAAK,OAAO;AAAA,YAQpE,OAAO,WAAY;AAEf,mBAAK,QAAQ,IAAI,UAAU,KAAK;AAChC,mBAAK,cAAc;AAAA,YACvB;AAAA,YAYA,SAAS,SAAU,MAAM;AAErB,kBAAI,OAAO,QAAQ,UAAU;AACzB,uBAAOD,MAAK,MAAM,IAAI;AAAA,cAC1B;AAGA,mBAAK,MAAM,OAAO,IAAI;AACtB,mBAAK,eAAe,KAAK;AAAA,YAC7B;AAAA,YAgBA,UAAU,SAAU,SAAS;AACzB,kBAAI;AAGJ,kBAAI,OAAO,KAAK;AAChB,kBAAI,YAAY,KAAK;AACrB,kBAAI,eAAe,KAAK;AACxB,kBAAI,YAAY,KAAK;AACrB,kBAAI,iBAAiB,YAAY;AAGjC,kBAAI,eAAe,eAAe;AAClC,kBAAI,SAAS;AAET,+BAAeF,MAAK,KAAK,YAAY;AAAA,cACzC,OAAO;AAGH,+BAAeA,MAAK,KAAK,eAAe,KAAK,KAAK,gBAAgB,CAAC;AAAA,cACvE;AAGA,kBAAI,cAAc,eAAe;AAGjC,kBAAI,cAAcA,MAAK,IAAI,cAAc,GAAG,YAAY;AAGxD,kBAAI,aAAa;AACb,yBAAS,SAAS,GAAG,SAAS,aAAa,UAAU,WAAW;AAE5D,uBAAK,gBAAgB,WAAW,MAAM;AAAA,gBAC1C;AAGA,iCAAiB,UAAU,OAAO,GAAG,WAAW;AAChD,qBAAK,YAAY;AAAA,cACrB;AAGA,qBAAO,IAAI,UAAU,KAAK,gBAAgB,WAAW;AAAA,YACzD;AAAA,YAWA,OAAO,WAAY;AACf,kBAAI,QAAQ,KAAK,MAAM,KAAK,IAAI;AAChC,oBAAM,QAAQ,KAAK,MAAM,MAAM;AAE/B,qBAAO;AAAA,YACX;AAAA,YAEA,gBAAgB;AAAA,UACpB,CAAC;AAOD,cAAI,SAAS,MAAM,SAAS,uBAAuB,OAAO;AAAA,YAItD,KAAK,KAAK,OAAO;AAAA,YAWjB,MAAM,SAAU,KAAK;AAEjB,mBAAK,MAAM,KAAK,IAAI,OAAO,GAAG;AAG9B,mBAAK,MAAM;AAAA,YACf;AAAA,YASA,OAAO,WAAY;AAEf,qCAAuB,MAAM,KAAK,IAAI;AAGtC,mBAAK,SAAS;AAAA,YAClB;AAAA,YAcA,QAAQ,SAAU,eAAe;AAE7B,mBAAK,QAAQ,aAAa;AAG1B,mBAAK,SAAS;AAGd,qBAAO;AAAA,YACX;AAAA,YAgBA,UAAU,SAAU,eAAe;AAE/B,kBAAI,eAAe;AACf,qBAAK,QAAQ,aAAa;AAAA,cAC9B;AAGA,kBAAI,OAAO,KAAK,YAAY;AAE5B,qBAAO;AAAA,YACX;AAAA,YAEA,WAAW,MAAI;AAAA,YAef,eAAe,SAAU,QAAQ;AAC7B,qBAAO,SAAU,SAAS,KAAK;AAC3B,uBAAO,IAAI,OAAO,KAAK,GAAG,EAAE,SAAS,OAAO;AAAA,cAChD;AAAA,YACJ;AAAA,YAeA,mBAAmB,SAAU,QAAQ;AACjC,qBAAO,SAAU,SAAS,KAAK;AAC3B,uBAAO,IAAI,OAAO,KAAK,KAAK,QAAQ,GAAG,EAAE,SAAS,OAAO;AAAA,cAC7D;AAAA,YACJ;AAAA,UACJ,CAAC;AAKD,cAAI,SAAS,EAAE,OAAO,CAAC;AAEvB,iBAAO;AAAA,QACX,EAAE,IAAI;AAGN,eAAOD;AAAA,MAER,CAAC;AAAA;AAAA;;;ACtyBD;AAAA;AAAC,OAAC,SAAU,MAAM,SAAS;AAC1B,YAAI,OAAO,YAAY,UAAU;AAEhC,iBAAO,UAAU,UAAU,QAAQ,cAAiB;AAAA,QACrD,WACS,OAAO,WAAW,cAAc,OAAO,KAAK;AAEpD,iBAAO,CAAC,QAAQ,GAAG,OAAO;AAAA,QAC3B,OACK;AAEJ,kBAAQ,KAAK,QAAQ;AAAA,QACtB;AAAA,MACD,GAAE,SAAM,SAAUK,WAAU;AAE3B,SAAC,SAAUC,OAAM;AAEb,cAAI,IAAID;AACR,cAAI,QAAQ,EAAE;AACd,cAAI,YAAY,MAAM;AACtB,cAAI,SAAS,MAAM;AACnB,cAAI,SAAS,EAAE;AAGf,cAAI,IAAI,CAAC;AACT,cAAI,IAAI,CAAC;AAGT,WAAC,WAAY;AACT,qBAAS,QAAQE,IAAG;AAChB,kBAAI,QAAQD,MAAK,KAAKC,EAAC;AACvB,uBAAS,SAAS,GAAG,UAAU,OAAO,UAAU;AAC5C,oBAAI,EAAEA,KAAI,SAAS;AACf,yBAAO;AAAA,gBACX;AAAA,cACJ;AAEA,qBAAO;AAAA,YACX;AAEA,qBAAS,kBAAkBA,IAAG;AAC1B,sBAASA,MAAKA,KAAI,MAAM,aAAe;AAAA,YAC3C;AAEA,gBAAIA,KAAI;AACR,gBAAI,SAAS;AACb,mBAAO,SAAS,IAAI;AAChB,kBAAI,QAAQA,EAAC,GAAG;AACZ,oBAAI,SAAS,GAAG;AACZ,oBAAE,UAAU,kBAAkBD,MAAK,IAAIC,IAAG,IAAI,CAAC,CAAC;AAAA,gBACpD;AACA,kBAAE,UAAU,kBAAkBD,MAAK,IAAIC,IAAG,IAAI,CAAC,CAAC;AAEhD;AAAA,cACJ;AAEA,cAAAA;AAAA,YACJ;AAAA,UACJ,GAAE;AAGF,cAAI,IAAI,CAAC;AAKT,cAAI,SAAS,OAAO,SAAS,OAAO,OAAO;AAAA,YACvC,UAAU,WAAY;AAClB,mBAAK,QAAQ,IAAI,UAAU,KAAK,EAAE,MAAM,CAAC,CAAC;AAAA,YAC9C;AAAA,YAEA,iBAAiB,SAAU,GAAG,QAAQ;AAElC,kBAAIC,KAAI,KAAK,MAAM;AAGnB,kBAAI,IAAIA,GAAE;AACV,kBAAI,IAAIA,GAAE;AACV,kBAAI,IAAIA,GAAE;AACV,kBAAI,IAAIA,GAAE;AACV,kBAAIC,KAAID,GAAE;AACV,kBAAI,IAAIA,GAAE;AACV,kBAAI,IAAIA,GAAE;AACV,kBAAI,IAAIA,GAAE;AAGV,uBAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AACzB,oBAAI,IAAI,IAAI;AACR,oBAAE,KAAK,EAAE,SAAS,KAAK;AAAA,gBAC3B,OAAO;AACH,sBAAI,UAAU,EAAE,IAAI;AACpB,sBAAI,UAAY,WAAW,KAAO,YAAY,MAC9B,WAAW,KAAO,YAAY,MAC9B,YAAY;AAE5B,sBAAI,UAAU,EAAE,IAAI;AACpB,sBAAI,UAAY,WAAW,KAAO,YAAY,OAC9B,WAAW,KAAO,YAAY,MAC9B,YAAY;AAE5B,oBAAE,KAAK,SAAS,EAAE,IAAI,KAAK,SAAS,EAAE,IAAI;AAAA,gBAC9C;AAEA,oBAAI,KAAOC,KAAI,IAAM,CAACA,KAAI;AAC1B,oBAAI,MAAO,IAAI,IAAM,IAAI,IAAM,IAAI;AAEnC,oBAAI,UAAW,KAAK,KAAO,MAAM,MAAQ,KAAK,KAAO,MAAM,OAAS,KAAK,KAAO,MAAM;AACtF,oBAAI,UAAWA,MAAK,KAAOA,OAAM,MAAQA,MAAK,KAAOA,OAAM,OAASA,MAAK,IAAOA,OAAM;AAEtF,oBAAI,KAAK,IAAI,SAAS,KAAK,EAAE,KAAK,EAAE;AACpC,oBAAI,KAAK,SAAS;AAElB,oBAAI;AACJ,oBAAI;AACJ,oBAAIA;AACJ,gBAAAA,KAAK,IAAI,KAAM;AACf,oBAAI;AACJ,oBAAI;AACJ,oBAAI;AACJ,oBAAK,KAAK,KAAM;AAAA,cACpB;AAGA,cAAAD,GAAE,KAAMA,GAAE,KAAK,IAAK;AACpB,cAAAA,GAAE,KAAMA,GAAE,KAAK,IAAK;AACpB,cAAAA,GAAE,KAAMA,GAAE,KAAK,IAAK;AACpB,cAAAA,GAAE,KAAMA,GAAE,KAAK,IAAK;AACpB,cAAAA,GAAE,KAAMA,GAAE,KAAKC,KAAK;AACpB,cAAAD,GAAE,KAAMA,GAAE,KAAK,IAAK;AACpB,cAAAA,GAAE,KAAMA,GAAE,KAAK,IAAK;AACpB,cAAAA,GAAE,KAAMA,GAAE,KAAK,IAAK;AAAA,YACxB;AAAA,YAEA,aAAa,WAAY;AAErB,kBAAI,OAAO,KAAK;AAChB,kBAAI,YAAY,KAAK;AAErB,kBAAI,aAAa,KAAK,cAAc;AACpC,kBAAI,YAAY,KAAK,WAAW;AAGhC,wBAAU,cAAc,MAAM,OAAS,KAAK,YAAY;AACxD,yBAAa,YAAY,OAAQ,KAAM,KAAK,MAAMF,MAAK,MAAM,aAAa,UAAW;AACrF,yBAAa,YAAY,OAAQ,KAAM,KAAK,MAAM;AAClD,mBAAK,WAAW,UAAU,SAAS;AAGnC,mBAAK,SAAS;AAGd,qBAAO,KAAK;AAAA,YAChB;AAAA,YAEA,OAAO,WAAY;AACf,kBAAI,QAAQ,OAAO,MAAM,KAAK,IAAI;AAClC,oBAAM,QAAQ,KAAK,MAAM,MAAM;AAE/B,qBAAO;AAAA,YACX;AAAA,UACJ,CAAC;AAgBD,YAAE,SAAS,OAAO,cAAc,MAAM;AAgBtC,YAAE,aAAa,OAAO,kBAAkB,MAAM;AAAA,QAClD,GAAE,IAAI;AAGN,eAAOD,UAAS;AAAA,MAEjB,CAAC;AAAA;AAAA;;;ACtMD;AAAA;AAAC,OAAC,SAAU,MAAM,SAAS;AAC1B,YAAI,OAAO,YAAY,UAAU;AAEhC,iBAAO,UAAU,UAAU,QAAQ,cAAiB;AAAA,QACrD,WACS,OAAO,WAAW,cAAc,OAAO,KAAK;AAEpD,iBAAO,CAAC,QAAQ,GAAG,OAAO;AAAA,QAC3B,OACK;AAEJ,kBAAQ,KAAK,QAAQ;AAAA,QACtB;AAAA,MACD,GAAE,SAAM,SAAUK,WAAU;AAE3B,SAAC,WAAY;AAET,cAAI,IAAIA;AACR,cAAI,QAAQ,EAAE;AACd,cAAI,YAAY,MAAM;AACtB,cAAI,QAAQ,EAAE;AAKd,cAAIC,UAAS,MAAM,SAAS;AAAA,YAcxB,WAAW,SAAU,WAAW;AAE5B,kBAAI,QAAQ,UAAU;AACtB,kBAAI,WAAW,UAAU;AACzB,kBAAI,MAAM,KAAK;AAGf,wBAAU,MAAM;AAGhB,kBAAI,cAAc,CAAC;AACnB,uBAAS,IAAI,GAAG,IAAI,UAAU,KAAK,GAAG;AAClC,oBAAI,QAAS,MAAM,MAAM,OAAc,KAAM,IAAI,IAAK,IAAY;AAClE,oBAAI,QAAS,MAAO,IAAI,MAAO,OAAQ,MAAO,IAAI,KAAK,IAAK,IAAM;AAClE,oBAAI,QAAS,MAAO,IAAI,MAAO,OAAQ,MAAO,IAAI,KAAK,IAAK,IAAM;AAElE,oBAAI,UAAW,SAAS,KAAO,SAAS,IAAK;AAE7C,yBAAS,IAAI,GAAI,IAAI,KAAO,IAAI,IAAI,OAAO,UAAW,KAAK;AACvD,8BAAY,KAAK,IAAI,OAAQ,YAAa,KAAK,IAAI,KAAO,EAAI,CAAC;AAAA,gBACnE;AAAA,cACJ;AAGA,kBAAI,cAAc,IAAI,OAAO,EAAE;AAC/B,kBAAI,aAAa;AACb,uBAAO,YAAY,SAAS,GAAG;AAC3B,8BAAY,KAAK,WAAW;AAAA,gBAChC;AAAA,cACJ;AAEA,qBAAO,YAAY,KAAK,EAAE;AAAA,YAC9B;AAAA,YAeA,OAAO,SAAU,WAAW;AAExB,kBAAI,kBAAkB,UAAU;AAChC,kBAAI,MAAM,KAAK;AACf,kBAAI,aAAa,KAAK;AAEtB,kBAAI,CAAC,YAAY;AACT,6BAAa,KAAK,cAAc,CAAC;AACjC,yBAAS,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK;AACjC,6BAAW,IAAI,WAAW,CAAC,KAAK;AAAA,gBACpC;AAAA,cACR;AAGA,kBAAI,cAAc,IAAI,OAAO,EAAE;AAC/B,kBAAI,aAAa;AACb,oBAAI,eAAe,UAAU,QAAQ,WAAW;AAChD,oBAAI,iBAAiB,IAAI;AACrB,oCAAkB;AAAA,gBACtB;AAAA,cACJ;AAGA,qBAAO,UAAU,WAAW,iBAAiB,UAAU;AAAA,YAE3D;AAAA,YAEA,MAAM;AAAA,UACV;AAEA,mBAAS,UAAU,WAAW,iBAAiB,YAAY;AACzD,gBAAI,QAAQ,CAAC;AACb,gBAAI,SAAS;AACb,qBAAS,IAAI,GAAG,IAAI,iBAAiB,KAAK;AACtC,kBAAI,IAAI,GAAG;AACP,oBAAI,QAAQ,WAAW,UAAU,WAAW,IAAI,CAAC,MAAQ,IAAI,IAAK;AAClE,oBAAI,QAAQ,WAAW,UAAU,WAAW,CAAC,OAAQ,IAAK,IAAI,IAAK;AACnE,oBAAI,eAAe,QAAQ;AAC3B,sBAAM,WAAW,MAAM,gBAAiB,KAAM,SAAS,IAAK;AAC5D;AAAA,cACJ;AAAA,YACJ;AACA,mBAAO,UAAU,OAAO,OAAO,MAAM;AAAA,UACvC;AAAA,QACJ,GAAE;AAGF,eAAOD,UAAS,IAAI;AAAA,MAErB,CAAC;AAAA;AAAA;;;ACvID;AAAA;AAAC,OAAC,SAAU,MAAM,SAAS;AAC1B,YAAI,OAAO,YAAY,UAAU;AAEhC,iBAAO,UAAU,UAAU,QAAQ,cAAiB;AAAA,QACrD,WACS,OAAO,WAAW,cAAc,OAAO,KAAK;AAEpD,iBAAO,CAAC,QAAQ,GAAG,OAAO;AAAA,QAC3B,OACK;AAEJ,kBAAQ,KAAK,QAAQ;AAAA,QACtB;AAAA,MACD,GAAE,SAAM,SAAUE,WAAU;AAE3B,eAAOA,UAAS,IAAI;AAAA,MAErB,CAAC;AAAA;AAAA;;;ACjBD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,oBAAqB;AACrB,sBAAmB;AACnB,0BAAmB;AACnB,wBAAiB;;;ACYjB,MAAM,YAAqB;AAAA,IACvB,OAAO,MAAM;AAAA,IACb,MAAM,MAAM;AAAA,IACZ,MAAM,MAAM;AAAA,IACZ,OAAO,MAAM;AAAA,EACjB;AAEA,MAAI;AACJ,MAAI;AAOG,MAAK,MAAL,kBAAKC,SAAL;AACH,IAAAA,UAAA;AACA,IAAAA,UAAA;AACA,IAAAA,UAAA;AACA,IAAAA,UAAA;AACA,IAAAA,UAAA;AALQ,WAAAA;AAAA,KAAA;AAaL,IAAUA,SAAV;AACI,aAAS,QAAc;AAC1B,cAAQ;AACR,eAAS;AAAA,IACb;AAHO,IAAAA,KAAS;AAKT,aAAS,SAAS,OAAkB;AACvC,UAAI,EAAE,gBAAY,SAAS,SAAS,gBAAY;AAC5C,cAAM,IAAI,MAAM,mBAAmB;AAAA,MACvC;AACA,cAAQ;AAAA,IACZ;AALO,IAAAA,KAAS;AAOT,aAAS,UAAU,OAAsB;AAC5C,eAAS;AAAA,IACb;AAFO,IAAAA,KAAS;AAAA,KAbH;AAuBV,MAAM,SAAN,MAAa;AAAA,IAET,YAAoB,OAAe;AAAf;AAAA,IAAgB;AAAA,IAEpC,SAAS,MAAuB;AACnC,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,OAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MAClE;AAAA,IACJ;AAAA,IACO,QAAQ,MAAuB;AAClC,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,OAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MACjE;AAAA,IACJ;AAAA,IACO,QAAQ,MAAuB;AAClC,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,OAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MACjE;AAAA,IACJ;AAAA,IACO,SAAS,MAAuB;AACnC,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,OAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MAClE;AAAA,IACJ;AAAA,IAEO,MAAM,KAAmB;AAC5B,WAAK,MAAM,GAAG;AACd,YAAM;AAAA,IACV;AAAA,IAEO,OAAO,QAAwB;AAClC,YAAM,eAAuB,OAAO,OAAO,IAAI;AAC/C,mBAAa,UAAU;AACvB,mBAAa,MAAM,OAAO;AAC1B,aAAO;AAAA,IACX;AAAA,IAEA,OAAc,aAAa,MAAc,cAA8B;AACnE,YAAM,eAAe,IAAI,OAAO,GAAG,QAAQ,cAAc;AACzD,mBAAa,MAAM,OAAO;AAC1B,aAAO;AAAA,IACX;AAAA,IAEA,OAAe,QAAQ,MAAc,QAAiB;AAClD,YAAM,SAAS,IAAI;AACnB,aAAO,SAAS,GAAG,UAAU,YAAY;AAAA,IAC7C;AAAA,IAGA,OAAc,MAAM,SAAiB,MAAuB;AACxD,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,OAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC9C;AAAA,IACJ;AAAA,IACA,OAAc,KAAK,SAAiB,MAAuB;AACvD,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,OAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC7C;AAAA,IACJ;AAAA,IACA,OAAc,KAAK,SAAiB,MAAuB;AACvD,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,OAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC7C;AAAA,IACJ;AAAA,IACA,OAAc,MAAM,SAAiB,MAAuB;AACxD,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,OAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC9C;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,MAAM;;;ADlIV,MAAM,mBAAmB;AAKlB,MAAM,cAAN,MAAkB;AAAA,IACrB,OAAe,cAAsB;AACjC,aAAO,YAAAC,QAAS,IAAI,UAAU,OAAO,CAAC,EAAE,MAAM;AAAA,IAClD;AAAA,IAKA,OAAc,iBAAyB;AACnC,YAAM,OAAO,iBAAiB;AAAA,QAAQ;AAAA,QAAU,QAC3C,CAAC,IAAI,YAAY,YAAY,IAAI,MAAM,CAAC,IAAI,GAAG,SAAS,EAAE;AAAA,MAC/D;AACA,aAAO,KAAK,QAAQ,MAAM,EAAE;AAAA,IAChC;AAAA,IAKA,OAAc,uBAA+B;AACzC,aAAO,YAAY,eAAe,IAAI,YAAY,eAAe,IAAI,YAAY,eAAe;AAAA,IACpG;AAAA,IAKA,OAAc,sBAAsB,eAA+B;AAC/D,UAAI;AACA,cAAM,aAAS,cAAAC,SAAO,aAAa;AACnC,eAAO,kBAAAC,QAAO,UAAU,MAAM,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,MAC7F,SACO,KAAP;AACI,eAAO,MAAM,qCAAqC,GAAG;AACrD,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,IAKA,OAAc,kBAAkB,WAAmB,eAA+B;AAC9E,YAAM,YAAY,gBAAAC,QAAK,MAAM,CAAC,WAAW,aAAa,EAAE,KAAK,GAAG,CAAC;AACjE,aAAO,kBAAAD,QAAO,UAAU,SAAS;AAAA,IACrC;AAAA,EACJ;;;AE1CO,MAAM,QAAN,MAAyC;AAAA,IAKrC,YAA+B,OAAe;AAAf;AAJtC,WAAmB,UAAU,IAAI,OAAO,UAAU,KAAK,SAAS;AAEhE,WAAQ,aAAyC,CAAC;AAAA,IAEI;AAAA,IAE/C,WAAW,IAAqC;AACnD,WAAK,WAAW,KAAK,EAAE;AACvB,aAAO,MAAM,KAAK,cAAc,EAAE;AAAA,IACtC;AAAA,IAEO,cAAc,IAA+B;AAChD,YAAM,MAAM,KAAK,WAAW,YAAY,EAAE;AAC1C,UAAI,OAAO,GAAG;AACV,aAAK,WAAW,OAAO,KAAK,CAAC;AAAA,MACjC;AAAA,IACJ;AAAA,IAEO,SAAS,IAAqB;AACjC,WAAK,QAAQ,MAAM,UAAU,GAAG,EAAE;AAClC,iBAAW,MAAM,KAAK,YAAY;AAC9B,aAAK,GAAG,GAAG,EAAE;AAAA,MACjB;AAAA,IACJ;AAAA,EACJ;;;AC/BA,WAASE,EAAsBC,IAAAA;AAC3BC,SAAKD,UAAUA;EAAAA;AAGnBD,IAAsBG,YAAY,IAAIC,SACtCJ,EAAsBG,UAAUE,OAAO;AA6BvC,MAAA,IAAkC,eAAA,OAAXC,UACnBA,OAAOC,QACPD,OAAOC,KAAKC,KAAKF,MAAAA,KA7BrB,SAAkBG,IAAAA;AACd,QAAIC,KAAMC,OAAOF,EAAAA,EAAOG,QAAQ,OAAO,EAAA;AACvC,QAAIF,GAAIG,SAAS,KAAK;AAClB,YAAM,IAAIb,EACN,mEAAA;AAGR,aAEgBc,IAAIC,IAAZC,IAAK,GAAeC,IAAM,GAAGC,IAAS,IAEzCH,KAASL,GAAIS,OAAOF,GAAAA,GAAAA,CAEpBF,OACCD,KAAKE,IAAK,IAAS,KAALF,KAAUC,KAASA,IAG/BC,MAAO,KACVE,KAAUP,OAAOS,aAAa,MAAON,OAAAA,KAAaE,IAAM,EAAA,IACzD;AAGAD,MAAAA,KA/BI,oEA+BWM,QAAQN,EAAAA;AAE3B,WAAOG;EAAAA;ACxBI,WAAA,EAASR,IAAAA;AACpB,QAAIQ,KAASR,GAAIE,QAAQ,MAAM,GAAA,EAAKA,QAAQ,MAAM,GAAA;AAClD,YAAQM,GAAOL,SAAS,GAAA;MACpB,KAAK;AACD;MACJ,KAAK;AACDK,QAAAA,MAAU;AACV;MACJ,KAAK;AACDA,QAAAA,MAAU;AACV;MACJ;AACI,cAAM;IAAA;AAGd,QAAA;AACI,aA5BR,SAA0BR,IAAAA;AACtB,eAAOY,mBACHf,EAAKG,EAAAA,EAAKE,QAAQ,QAAQ,SAASW,IAAGC,IAAAA;AAClC,cAAIC,KAAOD,GAAEE,WAAW,CAAA,EAAGC,SAAS,EAAA,EAAIC,YAAAA;AAIxC,iBAHIH,GAAKZ,SAAS,MACdY,KAAO,MAAMA,KAEV,MAAMA;QAAAA,CAAAA,CAAAA;MAAAA,EAqBOP,EAAAA;IAAAA,SACnBW,IAAP;AACE,aAAOtB,EAAKW,EAAAA;IAAAA;EAAAA;AC5Bb,WAASY,EAAkB7B,IAAAA;AAC9BC,SAAKD,UAAUA;EAAAA;AAMJ,WAAA,EAAS8B,IAAOC,IAAAA;AAC3B,QAAqB,YAAA,OAAVD;AACP,YAAM,IAAID,EAAkB,yBAAA;AAIhC,QAAIG,KAAAA,UADJD,KAAUA,MAAW,CAAA,GACHE,SAAkB,IAAI;AACxC,QAAA;AACI,aAAOC,KAAKC,MAAMC,EAAkBN,GAAMO,MAAM,GAAA,EAAKL,GAAAA,CAAAA;IAAAA,SAChDM,IAAP;AACE,YAAM,IAAIT,EAAkB,8BAA8BS,GAAEtC,OAAAA;IAAAA;EAAAA;AAbpE6B,IAAkB3B,YAAY,IAAIC,SAClC0B,EAAkB3B,UAAUE,OAAO;AAAA,MAAA,yBAAA;;;ACD5B,MAAM,WAAN,MAAe;AAAA,IAElB,OAAc,OAAO,OAA0B;AAC3C,UAAI;AACA,eAAO,uBAAsB,KAAK;AAAA,MACtC,SACO,KAAP;AACI,eAAO,MAAM,mBAAmB,GAAG;AACnC,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,EACJ;;;ACCO,MAAM,aAAN,MAAiB;AAAA,IAMpB,OAAO,OAAO,KAAK,SAAS,GAA6C;AA1B7E;AA2BQ,UAAI,SAAS,SAAS;AAClB,iBAAS,SAAQ,MAAC,KAAK,KAAK,KAAK,GAAG,EAAE,KAAK,WAAS,SAAS,OAAO,aAAa,KAAK,MAArE,YAA0E;AAC/F,qBAAS,SAAT,qBAAS,OAAS,KAAK,IAAI,GAAG,KAAK,MAAM,OAAO,WAAW,OAAO,aAAa,SAAS,SAAS,CAAC,CAAC;AACnG,UAAI,SAAS,UAAU;AACnB,uBAAS,QAAT,qBAAS,MAAQ,KAAK,IAAI,GAAG,KAAK,MAAM,OAAO,WAAW,OAAO,cAAc,SAAS,UAAU,CAAC,CAAC;AACxG,aAAO;AAAA,IACX;AAAA,IAEA,OAAO,UAAU,UAAuC;AACpD,aAAO,OAAO,QAAQ,QAAQ,EACzB,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,SAAS,IAAI,EACnC,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,OAAO,OAAO,UAAU,YAAY,QAAkB,QAAQ,QAAQ,MAAM,EACrG,KAAK,GAAG;AAAA,IACjB;AAAA,EACJ;;;AChCO,MAAM,QAAN,cAAoB,MAAc;AAAA,IAAlC;AAAA;AACH,WAAmB,UAAU,IAAI,OAAO,UAAU,KAAK,SAAS;AAChE,WAAQ,eAAsD;AAC9D,WAAQ,cAAc;AAyCtB,WAAU,YAAY,MAAY;AAC9B,cAAM,OAAO,KAAK,cAAc,MAAM,aAAa;AACnD,aAAK,QAAQ,MAAM,sBAAsB,IAAI;AAE7C,YAAI,KAAK,eAAe,MAAM,aAAa,GAAG;AAC1C,eAAK,OAAO;AACZ,gBAAM,MAAM;AAAA,QAChB;AAAA,MACJ;AAAA;AAAA,IA9CA,OAAc,eAAuB;AACjC,aAAO,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAAA,IACvC;AAAA,IAEO,KAAK,mBAAiC;AACzC,YAAMmC,UAAS,KAAK,QAAQ,OAAO,MAAM;AACzC,0BAAoB,KAAK,IAAI,KAAK,MAAM,iBAAiB,GAAG,CAAC;AAC7D,YAAM,aAAa,MAAM,aAAa,IAAI;AAC1C,UAAI,KAAK,eAAe,cAAc,KAAK,cAAc;AAErD,QAAAA,QAAO,MAAM,wDAAwD,KAAK,UAAU;AACpF;AAAA,MACJ;AAEA,WAAK,OAAO;AAEZ,MAAAA,QAAO,MAAM,kBAAkB,iBAAiB;AAChD,WAAK,cAAc;AAKnB,YAAM,yBAAyB,KAAK,IAAI,mBAAmB,CAAC;AAC5D,WAAK,eAAe,YAAY,KAAK,WAAW,yBAAyB,GAAI;AAAA,IACjF;AAAA,IAEA,IAAW,aAAqB;AAC5B,aAAO,KAAK;AAAA,IAChB;AAAA,IAEO,SAAe;AAClB,WAAK,QAAQ,OAAO,QAAQ;AAC5B,UAAI,KAAK,cAAc;AACnB,sBAAc,KAAK,YAAY;AAC/B,aAAK,eAAe;AAAA,MACxB;AAAA,IACJ;AAAA,EAWJ;;;ACxDO,MAAM,WAAN,MAAe;AAAA,IAClB,OAAc,WAAW,KAAa,eAAqC,SAA0B;AACjG,UAAI,CAAC;AAAK,cAAM,IAAI,UAAU,aAAa;AAC3C,YAAM,YAAY,IAAI,IAAI,KAAK,OAAO,SAAS,MAAM;AACrD,YAAM,SAAS,UAAU,iBAAiB,aAAa,SAAS;AAChE,aAAO,IAAI,gBAAgB,OAAO,MAAM,CAAC,CAAC;AAAA,IAC9C;AAAA,EACJ;;;ACDO,MAAM,gBAAN,cAA4B,MAAM;AAAA,IAmB9B,YACH,MAKgB,MAClB;AAtCN;AAuCQ,YAAM,KAAK,qBAAqB,KAAK,SAAS,EAAE;AAFhC;AAvBpB,WAAgB,OAAe;AA2B3B,UAAI,CAAC,KAAK,OAAO;AACb,eAAO,MAAM,iBAAiB,iBAAiB;AAC/C,cAAM,IAAI,MAAM,iBAAiB;AAAA,MACrC;AAEA,WAAK,QAAQ,KAAK;AAClB,WAAK,qBAAoB,UAAK,sBAAL,YAA0B;AACnD,WAAK,aAAY,UAAK,cAAL,YAAkB;AAEnC,WAAK,QAAQ,KAAK;AAClB,WAAK,iBAAgB,UAAK,kBAAL,YAAsB;AAAA,IAC/C;AAAA,EACJ;;;AC7CO,MAAM,eAAN,cAA2B,MAAM;AAAA,IAI7B,YAAY,SAAkB;AACjC,YAAM,OAAO;AAHjB,WAAgB,OAAe;AAAA,IAI/B;AAAA,EACJ;;;ACDO,MAAM,oBAAN,MAAwB;AAAA,IAOpB,YAAY,MAAqD;AANxE,WAAmB,UAAU,IAAI,OAAO,mBAAmB;AAE3D,WAAiB,iBAAiB,IAAI,MAAM,uBAAuB;AACnE,WAAiB,gBAAgB,IAAI,MAAM,sBAAsB;AAI7D,WAAK,qCAAqC,KAAK;AAAA,IACnD;AAAA,IAEO,KAAK,WAAuB;AAC/B,YAAMC,UAAS,KAAK,QAAQ,OAAO,MAAM;AAEzC,UAAI,UAAU,gBAAgB,UAAU,eAAe,QAAW;AAC9D,cAAM,WAAW,UAAU;AAC3B,QAAAA,QAAO,MAAM,6CAA6C,QAAQ;AAElE,YAAI,WAAW,GAAG;AAEd,cAAI,WAAW,WAAW,KAAK;AAC/B,cAAI,YAAY,GAAG;AACf,uBAAW;AAAA,UACf;AAEA,UAAAA,QAAO,MAAM,0CAA0C,UAAU,SAAS;AAC1E,eAAK,eAAe,KAAK,QAAQ;AAAA,QACrC,OACK;AACD,UAAAA,QAAO,MAAM,kEAAkE;AAC/E,eAAK,eAAe,OAAO;AAAA,QAC/B;AAGA,cAAM,UAAU,WAAW;AAC3B,QAAAA,QAAO,MAAM,yCAAyC,SAAS,SAAS;AACxE,aAAK,cAAc,KAAK,OAAO;AAAA,MACnC,OACK;AACD,aAAK,eAAe,OAAO;AAC3B,aAAK,cAAc,OAAO;AAAA,MAC9B;AAAA,IACJ;AAAA,IAEO,SAAe;AAClB,WAAK,QAAQ,MAAM,gDAAgD;AACnE,WAAK,eAAe,OAAO;AAC3B,WAAK,cAAc,OAAO;AAAA,IAC9B;AAAA,IAKO,uBAAuB,IAAqC;AAC/D,aAAO,KAAK,eAAe,WAAW,EAAE;AAAA,IAC5C;AAAA,IAIO,0BAA0B,IAA+B;AAC5D,WAAK,eAAe,cAAc,EAAE;AAAA,IACxC;AAAA,IAKO,sBAAsB,IAAqC;AAC9D,aAAO,KAAK,cAAc,WAAW,EAAE;AAAA,IAC3C;AAAA,IAIO,yBAAyB,IAA+B;AAC3D,WAAK,cAAc,cAAc,EAAE;AAAA,IACvC;AAAA,EACJ;;;ACjFO,MAAM,qBAAN,MAAyB;AAAA,IAOrB,YACK,WACA,YACR,KACQ,oBACA,cACV;AALU;AACA;AAEA;AACA;AAXZ,WAAiB,UAAU,IAAI,OAAO,oBAAoB;AAG1D,WAAQ,SAAgD;AACxD,WAAQ,iBAAgC;AAmCxC,WAAQ,WAAW,CAACC,OAAkC;AAClD,YAAIA,GAAE,WAAW,KAAK,iBAClBA,GAAE,WAAW,KAAK,OAAO,eAC3B;AACE,cAAIA,GAAE,SAAS,SAAS;AACpB,iBAAK,QAAQ,MAAM,4CAA4C;AAC/D,gBAAI,KAAK,cAAc;AACnB,mBAAK,KAAK;AAAA,YACd;AAAA,UACJ,WACSA,GAAE,SAAS,WAAW;AAC3B,iBAAK,QAAQ,MAAM,8CAA8C;AACjE,iBAAK,KAAK;AACV,iBAAK,KAAK,UAAU;AAAA,UACxB,OACK;AACD,iBAAK,QAAQ,MAAMA,GAAE,OAAO,uCAAuC;AAAA,UACvE;AAAA,QACJ;AAAA,MACJ;AA7CI,YAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,WAAK,gBAAgB,UAAU;AAE/B,WAAK,SAAS,OAAO,SAAS,cAAc,QAAQ;AAGpD,WAAK,OAAO,MAAM,aAAa;AAC/B,WAAK,OAAO,MAAM,WAAW;AAC7B,WAAK,OAAO,MAAM,OAAO;AACzB,WAAK,OAAO,MAAM,MAAM;AACxB,WAAK,OAAO,QAAQ;AACpB,WAAK,OAAO,SAAS;AACrB,WAAK,OAAO,MAAM,UAAU;AAAA,IAChC;AAAA,IAEO,OAAsB;AACzB,aAAO,IAAI,QAAc,CAAC,YAAY;AAClC,aAAK,OAAO,SAAS,MAAM;AACvB,kBAAQ;AAAA,QACZ;AAEA,eAAO,SAAS,KAAK,YAAY,KAAK,MAAM;AAC5C,eAAO,iBAAiB,WAAW,KAAK,UAAU,KAAK;AAAA,MAC3D,CAAC;AAAA,IACL;AAAA,IAuBO,MAAM,eAA6B;AACtC,UAAI,KAAK,mBAAmB,eAAe;AACvC;AAAA,MACJ;AAEA,WAAK,QAAQ,OAAO,OAAO;AAE3B,WAAK,KAAK;AAEV,WAAK,iBAAiB;AAEtB,YAAM,OAAO,MAAM;AACf,YAAI,CAAC,KAAK,OAAO,iBAAiB,CAAC,KAAK,gBAAgB;AACpD;AAAA,QACJ;AAEA,aAAK,OAAO,cAAc,YAAY,KAAK,aAAa,MAAM,KAAK,gBAAgB,KAAK,aAAa;AAAA,MACzG;AAGA,WAAK;AAGL,WAAK,SAAS,YAAY,MAAM,KAAK,qBAAqB,GAAI;AAAA,IAClE;AAAA,IAEO,OAAa;AAChB,WAAK,QAAQ,OAAO,MAAM;AAC1B,WAAK,iBAAiB;AAEtB,UAAI,KAAK,QAAQ;AAEb,sBAAc,KAAK,MAAM;AACzB,aAAK,SAAS;AAAA,MAClB;AAAA,IACJ;AAAA,EACJ;;;ACjGO,MAAM,qBAAN,MAA4C;AAAA,IAA5C;AACH,WAAiB,UAAU,IAAI,OAAO,oBAAoB;AAC1D,WAAQ,QAAgC,CAAC;AAAA;AAAA,IAElC,QAAc;AACjB,WAAK,QAAQ,OAAO,OAAO;AAC3B,WAAK,QAAQ,CAAC;AAAA,IAClB;AAAA,IAEO,QAAQ,KAAqB;AAChC,WAAK,QAAQ,OAAO,YAAY,OAAO;AACvC,aAAO,KAAK,MAAM;AAAA,IACtB;AAAA,IAEO,QAAQ,KAAa,OAAqB;AAC7C,WAAK,QAAQ,OAAO,YAAY,OAAO;AACvC,WAAK,MAAM,OAAO;AAAA,IACtB;AAAA,IAEO,WAAW,KAAmB;AACjC,WAAK,QAAQ,OAAO,eAAe,OAAO;AAC1C,aAAO,KAAK,MAAM;AAAA,IACtB;AAAA,IAEA,IAAW,SAAiB;AACxB,aAAO,OAAO,oBAAoB,KAAK,KAAK,EAAE;AAAA,IAClD;AAAA,IAEO,IAAI,OAAuB;AAC9B,aAAO,OAAO,oBAAoB,KAAK,KAAK,EAAE;AAAA,IAClD;AAAA,EACJ;;;ACPO,MAAM,cAAN,MAAkB;AAAA,IAKd,YACH,yBAAmC,CAAC,GAC5B,cAAiC,MAC3C;AADU;AANZ,WAAiB,UAAU,IAAI,OAAO,aAAa;AAEnD,WAAQ,gBAA0B,CAAC;AAM/B,WAAK,cAAc,KAAK,GAAG,wBAAwB,kBAAkB;AACrE,UAAI,aAAa;AACb,aAAK,cAAc,KAAK,iBAAiB;AAAA,MAC7C;AAAA,IACJ;AAAA,IAEA,MAAgB,iBAAiB,OAAoB,OAAoD,CAAC,GAAG;AACzG,YAAM,EAAE,qBAAqB,UAAU,IAAI;AAC3C,UAAI,CAAC,kBAAkB;AACnB,eAAO,MAAM,MAAM,OAAO,SAAS;AAAA,MACvC;AAEA,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,mBAAmB,GAAI;AAE9E,UAAI;AACA,cAAM,WAAW,MAAM,MAAM,OAAO;AAAA,UAChC,GAAG;AAAA,UACH,QAAQ,WAAW;AAAA,QACvB,CAAC;AACD,eAAO;AAAA,MACX,SACO,KAAP;AACI,YAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC1D,gBAAM,IAAI,aAAa,mBAAmB;AAAA,QAC9C;AACA,cAAM;AAAA,MACV,UACA;AACI,qBAAa,SAAS;AAAA,MAC1B;AAAA,IACJ;AAAA,IAEA,MAAa,QAAQ,KAAa;AAAA,MAC9B;AAAA,MACA;AAAA,IACJ,IAAiB,CAAC,GAAqC;AACnD,YAAMC,UAAS,KAAK,QAAQ,OAAO,SAAS;AAC5C,YAAM,UAAuB;AAAA,QACzB,UAAU,KAAK,cAAc,KAAK,IAAI;AAAA,MAC1C;AACA,UAAI,OAAO;AACP,QAAAA,QAAO,MAAM,4CAA4C;AACzD,gBAAQ,mBAAmB,YAAY;AAAA,MAC3C;AAEA,UAAI;AACJ,UAAI;AACA,QAAAA,QAAO,MAAM,QAAQ,GAAG;AACxB,mBAAW,MAAM,KAAK,iBAAiB,KAAK,EAAE,QAAQ,OAAO,SAAS,YAAY,CAAC;AAAA,MACvF,SACO,KAAP;AACI,QAAAA,QAAO,MAAM,eAAe;AAC5B,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,kCAAkC,SAAS,MAAM;AAC9D,YAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,UAAI,eAAe,CAAC,KAAK,cAAc,KAAK,UAAQ,YAAY,WAAW,IAAI,CAAC,GAAG;AAC/E,QAAAA,QAAO,MAAM,IAAI,MAAM,kCAAmC,oCAAe,0BAA2B,KAAK,CAAC;AAAA,MAC9G;AACA,UAAI,SAAS,MAAM,KAAK,gBAAe,2CAAa,WAAW,qBAAoB;AAC/E,eAAO,MAAM,KAAK,YAAY,MAAM,SAAS,KAAK,CAAC;AAAA,MACvD;AACA,UAAI;AACJ,UAAI;AACA,eAAO,MAAM,SAAS,KAAK;AAAA,MAC/B,SACO,KAAP;AACI,QAAAA,QAAO,MAAM,+BAA+B,GAAG;AAC/C,YAAI,SAAS;AAAI,gBAAM;AACvB,cAAM,IAAI,MAAM,GAAG,SAAS,eAAe,SAAS,SAAS;AAAA,MACjE;AACA,UAAI,CAAC,SAAS,IAAI;AACd,QAAAA,QAAO,MAAM,sBAAsB,IAAI;AACvC,YAAI,KAAK,OAAO;AACZ,gBAAM,IAAI,cAAc,IAAI;AAAA,QAChC;AACA,cAAM,IAAI,MAAM,GAAG,SAAS,eAAe,SAAS,YAAY,KAAK,UAAU,IAAI,GAAG;AAAA,MAC1F;AACA,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,SAAS,KAAa;AAAA,MAC/B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,GAAmD;AAC/C,YAAMA,UAAS,KAAK,QAAQ,OAAO,UAAU;AAC7C,YAAM,UAAuB;AAAA,QACzB,UAAU,KAAK,cAAc,KAAK,IAAI;AAAA,QACtC,gBAAgB;AAAA,MACpB;AACA,UAAI,cAAc,QAAW;AACzB,gBAAQ,mBAAmB,WAAW;AAAA,MAC1C;AAEA,UAAI;AACJ,UAAI;AACA,QAAAA,QAAO,MAAM,QAAQ,GAAG;AACxB,mBAAW,MAAM,KAAK,iBAAiB,KAAK,EAAE,QAAQ,QAAQ,SAAS,MAAM,kBAAkB,aAAa,gBAAgB,CAAC;AAAA,MACjI,SACO,KAAP;AACI,QAAAA,QAAO,MAAM,eAAe;AAC5B,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,kCAAkC,SAAS,MAAM;AAC9D,YAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,UAAI,eAAe,CAAC,KAAK,cAAc,KAAK,UAAQ,YAAY,WAAW,IAAI,CAAC,GAAG;AAC/E,cAAM,IAAI,MAAM,kCAAmC,oCAAe,0BAA2B,KAAK;AAAA,MACtG;AAEA,YAAM,eAAe,MAAM,SAAS,KAAK;AAEzC,UAAI,OAAgC,CAAC;AACrC,UAAI,cAAc;AACd,YAAI;AACA,iBAAO,KAAK,MAAM,YAAY;AAAA,QAClC,SACO,KAAP;AACI,UAAAA,QAAO,MAAM,+BAA+B,GAAG;AAC/C,cAAI,SAAS;AAAI,kBAAM;AACvB,gBAAM,IAAI,MAAM,GAAG,SAAS,eAAe,SAAS,SAAS;AAAA,QACjE;AAAA,MACJ;AAEA,UAAI,CAAC,SAAS,IAAI;AACd,QAAAA,QAAO,MAAM,sBAAsB,IAAI;AACvC,YAAI,KAAK,OAAO;AACZ,gBAAM,IAAI,cAAc,MAAM,IAAI;AAAA,QACtC;AACA,cAAM,IAAI,MAAM,GAAG,SAAS,eAAe,SAAS,YAAY,KAAK,UAAU,IAAI,GAAG;AAAA,MAC1F;AAEA,aAAO;AAAA,IACX;AAAA,EACJ;;;ACxKO,MAAM,kBAAN,MAAsB;AAAA,IAUlB,YAA6B,WAAoC;AAApC;AATpC,WAAiB,UAAU,IAAI,OAAO,iBAAiB;AACvD,WAAiB,eAAe,IAAI,YAAY,CAAC,0BAA0B,CAAC;AAI5E,WAAQ,eAAoC;AAC5C,WAAQ,YAA0C;AAI9C,WAAK,eAAe,KAAK,UAAU;AAEnC,UAAI,KAAK,UAAU,aAAa;AAC5B,aAAK,QAAQ,MAAM,iCAAiC;AACpD,aAAK,eAAe,KAAK,UAAU;AAAA,MACvC;AAEA,UAAI,KAAK,UAAU,UAAU;AACzB,aAAK,QAAQ,MAAM,8BAA8B;AACjD,aAAK,YAAY,KAAK,UAAU;AAAA,MACpC;AAEA,UAAI,KAAK,UAAU,yBAAyB;AACxC,aAAK,QAAQ,MAAM,6CAA6C;AAChE,aAAK,2BAA2B,KAAK,UAAU;AAAA,MACnD;AAAA,IACJ;AAAA,IAEO,mBAAyB;AAC5B,WAAK,eAAe;AAAA,IACxB;AAAA,IAEA,MAAa,cAA8C;AACvD,YAAMC,UAAS,KAAK,QAAQ,OAAO,aAAa;AAChD,UAAI,KAAK,WAAW;AAChB,QAAAA,QAAO,MAAM,qBAAqB;AAClC,eAAO,KAAK;AAAA,MAChB;AAEA,UAAI,CAAC,KAAK,cAAc;AACpB,QAAAA,QAAO,MAAM,IAAI,MAAM,oDAAoD,CAAC;AAC5E,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,yBAAyB,KAAK,YAAY;AACvD,YAAM,WAAW,MAAM,KAAK,aAAa,QAAQ,KAAK,cAAc,EAAE,aAAa,KAAK,yBAAyB,CAAC;AAElH,MAAAA,QAAO,MAAM,wCAAwC;AACrD,WAAK,YAAY,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,cAAc,QAAQ;AACxE,aAAO,KAAK;AAAA,IAChB;AAAA,IAEO,YAA6B;AAChC,aAAO,KAAK,qBAAqB,QAAQ;AAAA,IAC7C;AAAA,IAEO,2BAA4C;AAC/C,aAAO,KAAK,qBAAqB,wBAAwB;AAAA,IAC7D;AAAA,IAEO,sBAAuC;AAC1C,aAAO,KAAK,qBAAqB,mBAAmB;AAAA,IACxD;AAAA,IAIO,iBAAiB,WAAW,MAAmC;AAClE,aAAO,KAAK,qBAAqB,kBAAkB,QAAQ;AAAA,IAC/D;AAAA,IAEO,wBAAqD;AACxD,aAAO,KAAK,qBAAqB,wBAAwB,IAAI;AAAA,IACjE;AAAA,IAEO,wBAAqD;AACxD,aAAO,KAAK,qBAAqB,wBAAwB,IAAI;AAAA,IACjE;AAAA,IAIO,sBAAsB,WAAW,MAAmC;AACvE,aAAO,KAAK,qBAAqB,uBAAuB,QAAQ;AAAA,IACpE;AAAA,IAIO,gBAAgB,WAAW,MAAmC;AACjE,aAAO,KAAK,qBAAqB,YAAY,QAAQ;AAAA,IACzD;AAAA,IAEA,MAAgB,qBAAqB,MAA0B,WAAS,OAAyD;AAC7H,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB,QAAQ;AAEpE,YAAM,WAAW,MAAM,KAAK,YAAY;AACxC,MAAAA,QAAO,MAAM,UAAU;AAEvB,UAAI,SAAS,UAAU,QAAW;AAC9B,YAAI,aAAa,MAAM;AACnB,UAAAA,QAAO,KAAK,6CAA6C;AACzD,iBAAO;AAAA,QACX;AAEA,QAAAA,QAAO,MAAM,IAAI,MAAM,wCAAwC,IAAI,CAAC;AAAA,MACxE;AAEA,aAAO,SAAS;AAAA,IACpB;AAAA,IAEA,MAAa,iBAA+C;AACxD,YAAMA,UAAS,KAAK,QAAQ,OAAO,gBAAgB;AACnD,UAAI,KAAK,cAAc;AACnB,QAAAA,QAAO,MAAM,kCAAkC;AAC/C,eAAO,KAAK;AAAA,MAChB;AAEA,YAAM,WAAW,MAAM,KAAK,gBAAgB,KAAK;AACjD,MAAAA,QAAO,MAAM,gBAAgB,QAAQ;AAErC,YAAM,SAAS,MAAM,KAAK,aAAa,QAAQ,QAAQ;AACvD,MAAAA,QAAO,MAAM,eAAe,MAAM;AAElC,UAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,GAAG;AAC7B,QAAAA,QAAO,MAAM,IAAI,MAAM,wBAAwB,CAAC;AAChD,cAAM;AAAA,MACV;AAEA,WAAK,eAAe,OAAO;AAC3B,aAAO,KAAK;AAAA,IAChB;AAAA,EACJ;;;ACnIO,MAAM,uBAAN,MAAiD;AAAA,IAM7C,YAAY;AAAA,MACf,SAAS;AAAA,MACT,QAAQ;AAAA,IACZ,IAAyD,CAAC,GAAG;AAR7D,WAAiB,UAAU,IAAI,OAAO,sBAAsB;AASxD,WAAK,SAAS;AACd,WAAK,UAAU;AAAA,IACnB;AAAA,IAEA,MAAa,IAAI,KAAa,OAA8B;AACxD,WAAK,QAAQ,OAAO,QAAQ,OAAO;AAEnC,YAAM,KAAK,UAAU;AACrB,YAAM,KAAK,OAAO,QAAQ,KAAK,KAAK;AAAA,IACxC;AAAA,IAEA,MAAa,IAAI,KAAqC;AAClD,WAAK,QAAQ,OAAO,QAAQ,OAAO;AAEnC,YAAM,KAAK,UAAU;AACrB,YAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,GAAG;AAC1C,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,OAAO,KAAqC;AACrD,WAAK,QAAQ,OAAO,WAAW,OAAO;AAEtC,YAAM,KAAK,UAAU;AACrB,YAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,GAAG;AAC1C,YAAM,KAAK,OAAO,WAAW,GAAG;AAChC,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,aAAgC;AACzC,WAAK,QAAQ,OAAO,YAAY;AAChC,YAAM,MAAM,MAAM,KAAK,OAAO;AAE9B,YAAM,OAAO,CAAC;AACd,eAAS,QAAQ,GAAG,QAAQ,KAAK,SAAS;AACtC,cAAM,MAAM,MAAM,KAAK,OAAO,IAAI,KAAK;AACvC,YAAI,OAAO,IAAI,QAAQ,KAAK,OAAO,MAAM,GAAG;AACxC,eAAK,KAAK,IAAI,OAAO,KAAK,QAAQ,MAAM,CAAC;AAAA,QAC7C;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA,EACJ;;;ACrDA,MAAM,sBAAsB;AAC5B,MAAM,eAAe;AACrB,MAAM,8BAA8B;AACpC,MAAM,sBAAsB;AAC5B,MAAM,gCAAgC,KAAK;AAC3C,MAAM,4BAA4B,KAAK;AAmHhC,MAAM,0BAAN,MAA8B;AAAA,IA2C1B,YAAY;AAAA,MAEf;AAAA,MAAW;AAAA,MAAa;AAAA,MAAU;AAAA,MAAa;AAAA,MAE/C;AAAA,MAAW;AAAA,MAAe,gBAAgB;AAAA,MAAqB,QAAQ;AAAA,MACvE;AAAA,MAAc;AAAA,MACd,wBAAwB;AAAA,MAExB;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAS;AAAA,MAAY;AAAA,MAAY;AAAA,MAAU,gBAAgB;AAAA,MAE5E,uBAAuB;AAAA,MACvB,eAAe;AAAA,MACf,yBAAyB;AAAA,MACzB,qBAAqB;AAAA,MACrB,oBAAoB;AAAA,MACpB,cAAc;AAAA,MAEd;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,mBAAmB,CAAC;AAAA,MACpB,mBAAmB,CAAC;AAAA,IACxB,GAAuB;AAEnB,WAAK,YAAY;AAEjB,UAAI,aAAa;AACb,aAAK,cAAc;AAAA,MACvB,OAAO;AACH,aAAK,cAAc;AACnB,YAAI,WAAW;AACX,cAAI,CAAC,KAAK,YAAY,SAAS,GAAG,GAAG;AACjC,iBAAK,eAAe;AAAA,UACxB;AACA,eAAK,eAAe;AAAA,QACxB;AAAA,MACJ;AAEA,WAAK,WAAW;AAChB,WAAK,eAAe;AACpB,WAAK,cAAc;AAEnB,WAAK,YAAY;AACjB,WAAK,gBAAgB;AACrB,WAAK,gBAAgB;AACrB,WAAK,QAAQ;AACb,WAAK,eAAe;AACpB,WAAK,2BAA2B;AAChC,WAAK,wBAAwB;AAE7B,WAAK,SAAS;AACd,WAAK,UAAU;AACf,WAAK,UAAU;AACf,WAAK,aAAa;AAClB,WAAK,aAAa;AAClB,WAAK,WAAW;AAChB,WAAK,gBAAgB;AAErB,WAAK,uBAAuB,CAAC,CAAC;AAC9B,WAAK,eAAe,CAAC,CAAC;AACtB,WAAK,yBAAyB;AAC9B,WAAK,qBAAqB;AAC1B,WAAK,oBAAoB;AACzB,WAAK,cAAc,CAAC,CAAC;AAErB,WAAK,oCAAoC;AAEzC,UAAI,2BAA2B,yBAAyB;AACpD,gBAAQ,KAAK,6GAA6G;AAAA,MAC9H;AACA,WAAK,0BAA0B,0BAA0B,0BACnD,0BAA0B,0BAA0B;AAE1D,UAAI,YAAY;AACZ,aAAK,aAAa;AAAA,MACtB,OACK;AACD,cAAM,QAAQ,OAAO,WAAW,cAAc,OAAO,eAAe,IAAI,mBAAmB;AAC3F,aAAK,aAAa,IAAI,qBAAqB,EAAE,MAAM,CAAC;AAAA,MACxD;AAEA,WAAK,mBAAmB;AACxB,WAAK,mBAAmB;AAAA,IAC5B;AAAA,EACJ;;;ACrPO,MAAM,kBAAN,MAAsB;AAAA,IAIlB,YAA6B,WACf,kBACnB;AAFkC;AACf;AAJrB,WAAmB,UAAU,IAAI,OAAO,iBAAiB;AA2BzD,WAAU,oBAAoB,OAAO,iBAA6C;AAC9E,cAAMC,UAAS,KAAK,QAAQ,OAAO,mBAAmB;AACtD,YAAI;AACA,gBAAM,UAAU,SAAS,OAAO,YAAY;AAC5C,UAAAA,QAAO,MAAM,yBAAyB;AAEtC,iBAAO;AAAA,QACX,SAAS,KAAP;AACE,UAAAA,QAAO,MAAM,4BAA4B;AACzC,gBAAM;AAAA,QACV;AAAA,MACJ;AAhCI,WAAK,eAAe,IAAI,YAAY,QAAW,KAAK,iBAAiB;AAAA,IACzE;AAAA,IAEA,MAAa,UAAU,OAAmC;AACtD,YAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,UAAI,CAAC,OAAO;AACR,aAAK,QAAQ,MAAM,IAAI,MAAM,iBAAiB,CAAC;AAAA,MACnD;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,oBAAoB;AAC5D,MAAAA,QAAO,MAAM,oBAAoB,GAAG;AAEpC,YAAM,SAAS,MAAM,KAAK,aAAa,QAAQ,KAAK;AAAA,QAChD;AAAA,QACA,aAAa,KAAK,UAAU;AAAA,MAChC,CAAC;AACD,MAAAA,QAAO,MAAM,cAAc,MAAM;AAEjC,aAAO;AAAA,IACX;AAAA,EAcJ;;;ACQO,MAAM,cAAN,MAAkB;AAAA,IAId,YACc,WACA,kBACnB;AAFmB;AACA;AALrB,WAAiB,UAAU,IAAI,OAAO,aAAa;AAO/C,WAAK,eAAe,IAAI,YAAY,KAAK,UAAU,iCAAiC;AAAA,IACxF;AAAA,IAEA,MAAa,aAAa;AAAA,MACtB,aAAa;AAAA,MACb,eAAe,KAAK,UAAU;AAAA,MAC9B,YAAY,KAAK,UAAU;AAAA,MAC3B,gBAAgB,KAAK,UAAU;AAAA,SAC5B;AAAA,IACP,GAAuD;AACnD,YAAMC,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,UAAI,CAAC,WAAW;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,MACrD;AACA,UAAI,CAAC,cAAc;AACf,QAAAA,QAAO,MAAM,IAAI,MAAM,4BAA4B,CAAC;AAAA,MACxD;AACA,UAAI,CAAC,KAAK,MAAM;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,oBAAoB,CAAC;AAAA,MAChD;AACA,UAAI,CAAC,KAAK,eAAe;AACrB,QAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,MACzD;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,aAAa,CAAC;AAC/D,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC7C,YAAI,SAAS,MAAM;AACf,iBAAO,IAAI,KAAK,KAAK;AAAA,QACzB;AAAA,MACJ;AACA,UAAI;AACJ,cAAQ,KAAK,UAAU,uBAAuB;AAAA,QAC1C,KAAK;AACD,cAAI,CAAC,eAAe;AAChB,YAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AACrD,kBAAM;AAAA,UACV;AACA,sBAAY,YAAY,kBAAkB,WAAW,aAAa;AAClE;AAAA,QACJ,KAAK;AACD,iBAAO,OAAO,aAAa,SAAS;AACpC,cAAI,eAAe;AACf,mBAAO,OAAO,iBAAiB,aAAa;AAAA,UAChD;AACA;AAAA,MACR;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,iBAAiB,KAAK;AAC9D,MAAAA,QAAO,MAAM,oBAAoB;AAEjC,YAAM,WAAW,MAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,QAAQ,WAAW,iBAAiB,KAAK,UAAU,wBAAwB,CAAC;AAC3I,MAAAA,QAAO,MAAM,cAAc;AAE3B,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,oBAAoB;AAAA,MAC7B,aAAa;AAAA,MACb,YAAY,KAAK,UAAU;AAAA,MAC3B,gBAAgB,KAAK,UAAU;AAAA,MAC/B,QAAQ,KAAK,UAAU;AAAA,MACvB;AAAA,MACA;AAAA,IACJ,GAA8D;AAC1D,YAAMA,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AAExD,UAAI,CAAC,WAAW;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,MACrD;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,UAAU,UAAU,MAAM,CAAC;AAE5E,UAAI;AACJ,cAAQ,KAAK,UAAU,uBAAuB;AAAA,QAC1C,KAAK;AACD,cAAI,CAAC,eAAe;AAChB,YAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AACrD,kBAAM;AAAA,UACV;AACA,sBAAY,YAAY,kBAAkB,WAAW,aAAa;AAClE;AAAA,QACJ,KAAK;AACD,iBAAO,OAAO,aAAa,SAAS;AACpC,cAAI,eAAe;AACf,mBAAO,OAAO,iBAAiB,aAAa;AAAA,UAChD;AACA;AAAA,MACR;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,iBAAiB,KAAK;AAC9D,MAAAA,QAAO,MAAM,oBAAoB;AAEjC,YAAM,WAAW,MAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,QAAQ,WAAW,iBAAiB,KAAK,UAAU,wBAAwB,CAAC;AAC3I,MAAAA,QAAO,MAAM,cAAc;AAE3B,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,qBAAqB;AAAA,MAC9B,aAAa;AAAA,MACb,YAAY,KAAK,UAAU;AAAA,MAC3B,gBAAgB,KAAK,UAAU;AAAA,MAC/B;AAAA,SACG;AAAA,IACP,GAA+D;AAC3D,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AACzD,UAAI,CAAC,WAAW;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,MACrD;AACA,UAAI,CAAC,KAAK,eAAe;AACrB,QAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,MACzD;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,WAAW,CAAC;AACjD,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC7C,YAAI,SAAS,MAAM;AACf,iBAAO,IAAI,KAAK,KAAK;AAAA,QACzB;AAAA,MACJ;AACA,UAAI;AACJ,cAAQ,KAAK,UAAU,uBAAuB;AAAA,QAC1C,KAAK;AACD,cAAI,CAAC,eAAe;AAChB,YAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AACrD,kBAAM;AAAA,UACV;AACA,sBAAY,YAAY,kBAAkB,WAAW,aAAa;AAClE;AAAA,QACJ,KAAK;AACD,iBAAO,OAAO,aAAa,SAAS;AACpC,cAAI,eAAe;AACf,mBAAO,OAAO,iBAAiB,aAAa;AAAA,UAChD;AACA;AAAA,MACR;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,iBAAiB,KAAK;AAC9D,MAAAA,QAAO,MAAM,oBAAoB;AAEjC,YAAM,WAAW,MAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,QAAQ,WAAW,kBAAkB,iBAAiB,KAAK,UAAU,wBAAwB,CAAC;AAC7J,MAAAA,QAAO,MAAM,cAAc;AAE3B,aAAO;AAAA,IACX;AAAA,IAOA,MAAa,OAAO,MAAiC;AA1NzD;AA2NQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,QAAQ;AAC3C,UAAI,CAAC,KAAK,OAAO;AACb,QAAAA,QAAO,MAAM,IAAI,MAAM,qBAAqB,CAAC;AAAA,MACjD;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,sBAAsB,KAAK;AAEnE,MAAAA,QAAO,MAAM,sCAAqC,UAAK,oBAAL,YAAwB,sBAAsB;AAEhG,YAAM,SAAS,IAAI,gBAAgB;AACnC,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC7C,YAAI,SAAS,MAAM;AACf,iBAAO,IAAI,KAAK,KAAK;AAAA,QACzB;AAAA,MACJ;AACA,aAAO,IAAI,aAAa,KAAK,UAAU,SAAS;AAChD,UAAI,KAAK,UAAU,eAAe;AAC9B,eAAO,IAAI,iBAAiB,KAAK,UAAU,aAAa;AAAA,MAC5D;AAEA,YAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC;AACtD,MAAAA,QAAO,MAAM,cAAc;AAAA,IAC/B;AAAA,EACJ;;;ACzNA,MAAM,iBAAiB;AAAA,IACnB;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IAEA;AAAA,EACJ;AAKO,MAAM,oBAAN,MAAwB;AAAA,IAKpB,YACgB,WACA,kBACrB;AAFqB;AACA;AANvB,WAAmB,UAAU,IAAI,OAAO,mBAAmB;AAC3D,WAAmB,mBAAmB,IAAI,gBAAgB,KAAK,WAAW,KAAK,gBAAgB;AAC/F,WAAmB,eAAe,IAAI,YAAY,KAAK,WAAW,KAAK,gBAAgB;AAAA,IAKpF;AAAA,IAEH,MAAa,uBAAuB,UAA0B,OAAmC;AAC7F,YAAMC,UAAS,KAAK,QAAQ,OAAO,wBAAwB;AAE3D,WAAK,oBAAoB,UAAU,KAAK;AACxC,MAAAA,QAAO,MAAM,iBAAiB;AAE9B,YAAM,KAAK,aAAa,UAAU,KAAK;AACvC,MAAAA,QAAO,MAAM,gBAAgB;AAE7B,UAAI,SAAS,UAAU;AACnB,aAAK,2BAA2B,QAAQ;AAAA,MAC5C;AACA,MAAAA,QAAO,MAAM,kBAAkB;AAE/B,YAAM,KAAK,eAAe,UAAU,+BAAO,cAAc,SAAS,QAAQ;AAC1E,MAAAA,QAAO,MAAM,kBAAkB;AAAA,IACnC;AAAA,IAEA,MAAa,4BAA4B,UAA0B,cAAsC;AACrG,YAAMA,UAAS,KAAK,QAAQ,OAAO,6BAA6B;AAEhE,UAAI,SAAS,UAAU;AACnB,aAAK,2BAA2B,QAAQ;AAAA,MAC5C;AACA,MAAAA,QAAO,MAAM,kBAAkB;AAE/B,YAAM,KAAK,eAAe,UAAU,cAAc,SAAS,QAAQ;AACnE,MAAAA,QAAO,MAAM,kBAAkB;AAAA,IACnC;AAAA,IAEA,MAAa,wBAAwB,UAA0B,OAAoC;AArFvG;AAsFQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAE5D,eAAS,YAAY,MAAM;AAE3B,qBAAS,kBAAT,qBAAS,gBAAkB,MAAM;AAEjC,qBAAS,UAAT,qBAAS,QAAU,MAAM;AAIzB,UAAI,SAAS,YAAY,CAAC,CAAC,SAAS,UAAU;AAC1C,aAAK,2BAA2B,UAAU,MAAM,QAAQ;AACxD,QAAAA,QAAO,MAAM,oBAAoB;AAAA,MACrC;AAEA,UAAI,CAAC,SAAS,UAAU;AAEpB,iBAAS,WAAW,MAAM;AAE1B,iBAAS,UAAU,MAAM;AAAA,MAC7B;AAEA,YAAM,aAAa,SAAS,YAAY,CAAC,CAAC,SAAS;AACnD,YAAM,KAAK,eAAe,UAAU,OAAO,UAAU;AACrD,MAAAA,QAAO,MAAM,kBAAkB;AAAA,IACnC;AAAA,IAEO,wBAAwB,UAA2B,OAAoB;AAC1E,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAC5D,UAAI,MAAM,OAAO,SAAS,OAAO;AAC7B,QAAAA,QAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAAA,MAClD;AAKA,MAAAA,QAAO,MAAM,iBAAiB;AAC9B,eAAS,YAAY,MAAM;AAE3B,UAAI,SAAS,OAAO;AAChB,QAAAA,QAAO,KAAK,sBAAsB,SAAS,KAAK;AAChD,cAAM,IAAI,cAAc,QAAQ;AAAA,MACpC;AAAA,IACJ;AAAA,IAEU,oBAAoB,UAA0B,OAA0B;AAnItF;AAoIQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AACxD,UAAI,MAAM,OAAO,SAAS,OAAO;AAC7B,QAAAA,QAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAAA,MAClD;AAEA,UAAI,CAAC,MAAM,WAAW;AAClB,QAAAA,QAAO,MAAM,IAAI,MAAM,uBAAuB,CAAC;AAAA,MACnD;AAEA,UAAI,CAAC,MAAM,WAAW;AAClB,QAAAA,QAAO,MAAM,IAAI,MAAM,uBAAuB,CAAC;AAAA,MACnD;AAGA,UAAI,KAAK,UAAU,cAAc,MAAM,WAAW;AAC9C,QAAAA,QAAO,MAAM,IAAI,MAAM,iDAAiD,CAAC;AAAA,MAC7E;AACA,UAAI,KAAK,UAAU,aAAa,KAAK,UAAU,cAAc,MAAM,WAAW;AAC1E,QAAAA,QAAO,MAAM,IAAI,MAAM,iDAAiD,CAAC;AAAA,MAC7E;AAKA,MAAAA,QAAO,MAAM,iBAAiB;AAC9B,eAAS,YAAY,MAAM;AAE3B,qBAAS,UAAT,qBAAS,QAAU,MAAM;AAEzB,UAAI,SAAS,OAAO;AAChB,QAAAA,QAAO,KAAK,sBAAsB,SAAS,KAAK;AAChD,cAAM,IAAI,cAAc,QAAQ;AAAA,MACpC;AAEA,UAAI,MAAM,iBAAiB,CAAC,SAAS,MAAM;AACvC,QAAAA,QAAO,MAAM,IAAI,MAAM,2BAA2B,CAAC;AAAA,MACvD;AAEA,UAAI,CAAC,MAAM,iBAAiB,SAAS,MAAM;AACvC,QAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,MACzD;AAAA,IACJ;AAAA,IAEA,MAAgB,eAAe,UAA0B,eAAe,OAAO,cAAc,MAAqB;AAC9G,YAAMA,UAAS,KAAK,QAAQ,OAAO,gBAAgB;AACnD,eAAS,UAAU,KAAK,sBAAsB,SAAS,OAAO;AAE9D,UAAI,gBAAgB,CAAC,KAAK,UAAU,gBAAgB,CAAC,SAAS,cAAc;AACxE,QAAAA,QAAO,MAAM,uBAAuB;AACpC;AAAA,MACJ;AAEA,MAAAA,QAAO,MAAM,mBAAmB;AAChC,YAAM,SAAS,MAAM,KAAK,iBAAiB,UAAU,SAAS,YAAY;AAC1E,MAAAA,QAAO,MAAM,mDAAmD;AAEhE,UAAI,eAAe,OAAO,QAAQ,SAAS,QAAQ,KAAK;AACpD,QAAAA,QAAO,MAAM,IAAI,MAAM,mEAAmE,CAAC;AAAA,MAC/F;AAEA,eAAS,UAAU,KAAK,aAAa,SAAS,SAAS,KAAK,sBAAsB,MAAuB,CAAC;AAC1G,MAAAA,QAAO,MAAM,+CAA+C,SAAS,OAAO;AAAA,IAChF;AAAA,IAEU,aAAa,SAAsB,SAAiC;AAC1E,YAAM,SAAS,EAAE,GAAG,QAAQ;AAE5B,iBAAW,CAAC,OAAO,MAAM,KAAK,OAAO,QAAQ,OAAO,GAAG;AACnD,mBAAW,SAAS,MAAM,QAAQ,MAAM,IAAI,SAAS,CAAC,MAAM,GAAG;AAC3D,gBAAM,gBAAgB,OAAO;AAC7B,cAAI,CAAC,eAAe;AAChB,mBAAO,SAAS;AAAA,UACpB,WACS,MAAM,QAAQ,aAAa,GAAG;AACnC,gBAAI,CAAC,cAAc,SAAS,KAAK,GAAG;AAChC,4BAAc,KAAK,KAAK;AAAA,YAC5B;AAAA,UACJ,WACS,OAAO,WAAW,OAAO;AAC9B,gBAAI,OAAO,UAAU,YAAY,KAAK,UAAU,aAAa;AACzD,qBAAO,SAAS,KAAK,aAAa,eAA8B,KAAK;AAAA,YACzE,OACK;AACD,qBAAO,SAAS,CAAC,eAAe,KAAK;AAAA,YACzC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA,IAEU,sBAAsB,QAAkC;AAC9D,YAAM,SAAS,EAAE,GAAG,OAAO;AAE3B,UAAI,KAAK,UAAU,sBAAsB;AACrC,mBAAW,QAAQ,gBAAgB;AAC/B,iBAAO,OAAO;AAAA,QAClB;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA,IAEA,MAAgB,aAAa,UAA0B,OAAmC;AACtF,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,UAAI,SAAS,MAAM;AACf,QAAAA,QAAO,MAAM,iBAAiB;AAC9B,cAAM,gBAAgB,MAAM,KAAK,aAAa,aAAa;AAAA,UACvD,WAAW,MAAM;AAAA,UACjB,eAAe,MAAM;AAAA,UACrB,MAAM,SAAS;AAAA,UACf,cAAc,MAAM;AAAA,UACpB,eAAe,MAAM;AAAA,UACrB,GAAG,MAAM;AAAA,QACb,CAAC;AACD,eAAO,OAAO,UAAU,aAAa;AAAA,MACzC,OAAO;AACH,QAAAA,QAAO,MAAM,oBAAoB;AAAA,MACrC;AAAA,IACJ;AAAA,IAEU,2BAA2B,UAA0B,cAA6B;AA9PhG;AA+PQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,4BAA4B;AAE/D,MAAAA,QAAO,MAAM,uBAAuB;AACpC,YAAM,UAAU,SAAS,QAAO,cAAS,aAAT,YAAqB,EAAE;AAEvD,UAAI,CAAC,QAAQ,KAAK;AACd,QAAAA,QAAO,MAAM,IAAI,MAAM,qCAAqC,CAAC;AAAA,MACjE;AAEA,UAAI,cAAc;AACd,cAAM,UAAU,SAAS,OAAO,YAAY;AAC5C,YAAI,QAAQ,QAAQ,QAAQ,KAAK;AAC7B,UAAAA,QAAO,MAAM,IAAI,MAAM,4CAA4C,CAAC;AAAA,QACxE;AACA,YAAI,QAAQ,aAAa,QAAQ,cAAc,QAAQ,WAAW;AAC9D,UAAAA,QAAO,MAAM,IAAI,MAAM,yDAAyD,CAAC;AAAA,QACrF;AACA,YAAI,QAAQ,OAAO,QAAQ,QAAQ,QAAQ,KAAK;AAC5C,UAAAA,QAAO,MAAM,IAAI,MAAM,6CAA6C,CAAC;AAAA,QACzE;AACA,YAAI,CAAC,QAAQ,OAAO,QAAQ,KAAK;AAC7B,UAAAA,QAAO,MAAM,IAAI,MAAM,uDAAuD,CAAC;AAAA,QACnF;AAAA,MACJ;AAEA,eAAS,UAAU;AAAA,IACvB;AAAA,EACJ;;;ACjRO,MAAM,QAAN,MAAY;AAAA,IAQR,YAAY,MAKhB;AACC,WAAK,KAAK,KAAK,MAAM,YAAY,eAAe;AAChD,WAAK,OAAO,KAAK;AAEjB,UAAI,KAAK,WAAW,KAAK,UAAU,GAAG;AAClC,aAAK,UAAU,KAAK;AAAA,MACxB,OACK;AACD,aAAK,UAAU,MAAM,aAAa;AAAA,MACtC;AACA,WAAK,eAAe,KAAK;AAAA,IAC7B;AAAA,IAEO,kBAA0B;AAC7B,UAAI,OAAO,OAAO,EAAE,OAAO,iBAAiB;AAC5C,aAAO,KAAK,UAAU;AAAA,QAClB,IAAI,KAAK;AAAA,QACT,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,cAAc,KAAK;AAAA,MACvB,CAAC;AAAA,IACL;AAAA,IAEA,OAAc,kBAAkB,eAA8B;AAC1D,aAAO,aAAa,SAAS,mBAAmB;AAChD,aAAO,IAAI,MAAM,KAAK,MAAM,aAAa,CAAC;AAAA,IAC9C;AAAA,IAEA,aAAoB,gBAAgB,SAAqB,KAA4B;AACjF,YAAMC,UAAS,OAAO,aAAa,SAAS,iBAAiB;AAC7D,YAAM,SAAS,MAAM,aAAa,IAAI;AAEtC,YAAM,OAAO,MAAM,QAAQ,WAAW;AACtC,MAAAA,QAAO,MAAM,YAAY,IAAI;AAE7B,eAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AAClC,cAAM,MAAM,KAAK;AACjB,cAAM,OAAO,MAAM,QAAQ,IAAI,GAAG;AAClC,YAAI,SAAS;AAEb,YAAI,MAAM;AACN,cAAI;AACA,kBAAM,QAAQ,MAAM,kBAAkB,IAAI;AAE1C,YAAAA,QAAO,MAAM,sBAAsB,KAAK,MAAM,OAAO;AACrD,gBAAI,MAAM,WAAW,QAAQ;AACzB,uBAAS;AAAA,YACb;AAAA,UACJ,SACO,KAAP;AACI,YAAAA,QAAO,MAAM,gCAAgC,KAAK,GAAG;AACrD,qBAAS;AAAA,UACb;AAAA,QACJ,OACK;AACD,UAAAA,QAAO,MAAM,+BAA+B,GAAG;AAC/C,mBAAS;AAAA,QACb;AAEA,YAAI,QAAQ;AACR,UAAAA,QAAO,MAAM,yBAAyB,GAAG;AACzC,eAAK,QAAQ,OAAO,GAAG;AAAA,QAC3B;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;;;AC9EO,MAAM,cAAN,cAA0B,MAAM;AAAA,IAyB5B,YAAY,MAehB;AACC,YAAM,IAAI;AAEV,UAAI,KAAK,kBAAkB,MAAM;AAC7B,aAAK,gBAAgB,YAAY,qBAAqB;AAAA,MAC1D,WACS,KAAK,eAAe;AACzB,aAAK,gBAAgB,KAAK;AAAA,MAC9B;AAEA,UAAI,KAAK,eAAe;AACpB,aAAK,iBAAiB,YAAY,sBAAsB,KAAK,aAAa;AAAA,MAC9E;AAEA,WAAK,YAAY,KAAK;AACtB,WAAK,YAAY,KAAK;AACtB,WAAK,eAAe,KAAK;AACzB,WAAK,QAAQ,KAAK;AAClB,WAAK,gBAAgB,KAAK;AAC1B,WAAK,mBAAmB,KAAK;AAE7B,WAAK,gBAAgB,KAAK;AAC1B,WAAK,eAAe,KAAK;AAAA,IAC7B;AAAA,IAEO,kBAA0B;AAC7B,UAAI,OAAO,aAAa,EAAE,OAAO,iBAAiB;AAClD,aAAO,KAAK,UAAU;AAAA,QAClB,IAAI,KAAK;AAAA,QACT,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,cAAc,KAAK;AAAA,QAEnB,eAAe,KAAK;AAAA,QACpB,WAAW,KAAK;AAAA,QAChB,WAAW,KAAK;AAAA,QAChB,cAAc,KAAK;AAAA,QACnB,OAAO,KAAK;AAAA,QACZ,eAAe,KAAK;AAAA,QACpB,kBAAmB,KAAK;AAAA,QACxB,eAAe,KAAK;AAAA,QACpB,cAAc,KAAK;AAAA,MACvB,CAAC;AAAA,IACL;AAAA,IAEA,OAAc,kBAAkB,eAAoC;AAChE,aAAO,aAAa,eAAe,mBAAmB;AACtD,YAAM,OAAO,KAAK,MAAM,aAAa;AACrC,aAAO,IAAI,YAAY,IAAI;AAAA,IAC/B;AAAA,EACJ;;;ACvDO,MAAM,gBAAN,MAAoB;AAAA,IAMhB,YAAY;AAAA,MAEf;AAAA,MAAK;AAAA,MAAW;AAAA,MAAW;AAAA,MAAc;AAAA,MAAe;AAAA,MAExD;AAAA,MAAY;AAAA,MAAe;AAAA,MAAc;AAAA,MAAe;AAAA,MACxD;AAAA,MACA;AAAA,MACA;AAAA,SACG;AAAA,IACP,GAAsB;AAdtB,WAAiB,UAAU,IAAI,OAAO,eAAe;AAejD,UAAI,CAAC,KAAK;AACN,aAAK,QAAQ,MAAM,qBAAqB;AACxC,cAAM,IAAI,MAAM,KAAK;AAAA,MACzB;AACA,UAAI,CAAC,WAAW;AACZ,aAAK,QAAQ,MAAM,2BAA2B;AAC9C,cAAM,IAAI,MAAM,WAAW;AAAA,MAC/B;AACA,UAAI,CAAC,cAAc;AACf,aAAK,QAAQ,MAAM,8BAA8B;AACjD,cAAM,IAAI,MAAM,cAAc;AAAA,MAClC;AACA,UAAI,CAAC,eAAe;AAChB,aAAK,QAAQ,MAAM,+BAA+B;AAClD,cAAM,IAAI,MAAM,eAAe;AAAA,MACnC;AACA,UAAI,CAAC,OAAO;AACR,aAAK,QAAQ,MAAM,uBAAuB;AAC1C,cAAM,IAAI,MAAM,OAAO;AAAA,MAC3B;AACA,UAAI,CAAC,WAAW;AACZ,aAAK,QAAQ,MAAM,2BAA2B;AAC9C,cAAM,IAAI,MAAM,WAAW;AAAA,MAC/B;AAEA,WAAK,QAAQ,IAAI,YAAY;AAAA,QACzB,MAAM;AAAA,QACN;AAAA,QACA,eAAe;AAAA,QACf;AAAA,QAAW;AAAA,QAAW;AAAA,QACtB;AAAA,QACA;AAAA,QAAe;AAAA,QAAO;AAAA,QACtB;AAAA,MACJ,CAAC;AAED,YAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,gBAAU,aAAa,OAAO,aAAa,SAAS;AACpD,gBAAU,aAAa,OAAO,gBAAgB,YAAY;AAC1D,gBAAU,aAAa,OAAO,iBAAiB,aAAa;AAC5D,gBAAU,aAAa,OAAO,SAAS,KAAK;AAC5C,UAAI,OAAO;AACP,kBAAU,aAAa,OAAO,SAAS,KAAK;AAAA,MAChD;AAEA,gBAAU,aAAa,OAAO,SAAS,KAAK,MAAM,EAAE;AACpD,UAAI,KAAK,MAAM,gBAAgB;AAC3B,kBAAU,aAAa,OAAO,kBAAkB,KAAK,MAAM,cAAc;AACzE,kBAAU,aAAa,OAAO,yBAAyB,MAAM;AAAA,MACjE;AAEA,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,EAAE,eAAe,GAAG,gBAAgB,GAAG,iBAAiB,CAAC,GAAG;AAClG,YAAI,SAAS,MAAM;AACf,oBAAU,aAAa,OAAO,KAAK,MAAM,SAAS,CAAC;AAAA,QACvD;AAAA,MACJ;AAEA,WAAK,MAAM,UAAU;AAAA,IACzB;AAAA,EACJ;;;AChHA,MAAM,YAAY;AAKX,MAAM,iBAAN,MAAqB;AAAA,IAqCjB,YAAY,QAAyB;AAhB5C,WAAO,eAAe;AAEtB,WAAO,aAAa;AAYpB,WAAO,UAAuB,CAAC;AAG3B,WAAK,QAAQ,OAAO,IAAI,OAAO;AAC/B,WAAK,gBAAgB,OAAO,IAAI,eAAe;AAE/C,WAAK,QAAQ,OAAO,IAAI,OAAO;AAC/B,WAAK,oBAAoB,OAAO,IAAI,mBAAmB;AACvD,WAAK,YAAY,OAAO,IAAI,WAAW;AAEvC,WAAK,OAAO,OAAO,IAAI,MAAM;AAAA,IACjC;AAAA,IAEA,IAAW,aAAiC;AACxC,UAAI,KAAK,eAAe,QAAW;AAC/B,eAAO;AAAA,MACX;AACA,aAAO,KAAK,aAAa,MAAM,aAAa;AAAA,IAChD;AAAA,IACA,IAAW,WAAW,OAA2B;AAE7C,UAAI,OAAO,UAAU;AAAU,gBAAQ,OAAO,KAAK;AACnD,UAAI,UAAU,UAAa,SAAS,GAAG;AACnC,aAAK,aAAa,KAAK,MAAM,KAAK,IAAI,MAAM,aAAa;AAAA,MAC7D;AAAA,IACJ;AAAA,IAEA,IAAW,WAAoB;AAzEnC;AA0EQ,eAAO,UAAK,UAAL,mBAAY,MAAM,KAAK,SAAS,eAAc,CAAC,CAAC,KAAK;AAAA,IAChE;AAAA,EACJ;;;ACpDO,MAAM,iBAAN,MAAqB;AAAA,IAMjB,YAAY;AAAA,MACf;AAAA,MACA;AAAA,MAAY;AAAA,MAAe;AAAA,MAA0B;AAAA,MAAkB;AAAA,IAC3E,GAAuB;AARvB,WAAiB,UAAU,IAAI,OAAO,gBAAgB;AASlD,UAAI,CAAC,KAAK;AACN,aAAK,QAAQ,MAAM,qBAAqB;AACxC,cAAM,IAAI,MAAM,KAAK;AAAA,MACzB;AAEA,YAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,UAAI,eAAe;AACf,kBAAU,aAAa,OAAO,iBAAiB,aAAa;AAAA,MAChE;AAEA,UAAI,0BAA0B;AAC1B,kBAAU,aAAa,OAAO,4BAA4B,wBAAwB;AAElF,YAAI,YAAY;AACZ,eAAK,QAAQ,IAAI,MAAM,EAAE,MAAM,YAAY,aAAa,CAAC;AAEzD,oBAAU,aAAa,OAAO,SAAS,KAAK,MAAM,EAAE;AAAA,QACxD;AAAA,MACJ;AAEA,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,EAAE,GAAG,iBAAiB,CAAC,GAAG;AAChE,YAAI,SAAS,MAAM;AACf,oBAAU,aAAa,OAAO,KAAK,MAAM,SAAS,CAAC;AAAA,QACvD;AAAA,MACJ;AAEA,WAAK,MAAM,UAAU;AAAA,IACzB;AAAA,EACJ;;;ACxDO,MAAM,kBAAN,MAAsB;AAAA,IAclB,YAAY,QAAyB;AACxC,WAAK,QAAQ,OAAO,IAAI,OAAO;AAE/B,WAAK,QAAQ,OAAO,IAAI,OAAO;AAC/B,WAAK,oBAAoB,OAAO,IAAI,mBAAmB;AACvD,WAAK,YAAY,OAAO,IAAI,WAAW;AAAA,IAC3C;AAAA,EACJ;;;ACkDO,MAAM,aAAN,MAAiB;AAAA,IAQb,YAAY,UAA8B;AANjD,WAAmB,UAAU,IAAI,OAAO,YAAY;AAOhD,WAAK,WAAW,IAAI,wBAAwB,QAAQ;AAEpD,WAAK,kBAAkB,IAAI,gBAAgB,KAAK,QAAQ;AACxD,WAAK,aAAa,IAAI,kBAAkB,KAAK,UAAU,KAAK,eAAe;AAC3E,WAAK,eAAe,IAAI,YAAY,KAAK,UAAU,KAAK,eAAe;AAAA,IAC3E;AAAA,IAEA,MAAa,oBAAoB;AAAA,MAC7B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,gBAAgB,KAAK,SAAS;AAAA,MAC9B,QAAQ,KAAK,SAAS;AAAA,MACtB,eAAe,KAAK,SAAS;AAAA,MAC7B,SAAS,KAAK,SAAS;AAAA,MACvB,UAAU,KAAK,SAAS;AAAA,MACxB,UAAU,KAAK,SAAS;AAAA,MACxB,aAAa,KAAK,SAAS;AAAA,MAC3B,aAAa,KAAK,SAAS;AAAA,MAC3B,WAAW,KAAK,SAAS;AAAA,MACzB,gBAAgB,KAAK,SAAS;AAAA,MAC9B,mBAAmB,KAAK,SAAS;AAAA,MACjC,mBAAmB,KAAK,SAAS;AAAA,IACrC,GAAoD;AAChD,YAAMC,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AAExD,UAAI,kBAAkB,QAAQ;AAC1B,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC/E;AAEA,YAAM,MAAM,MAAM,KAAK,gBAAgB,yBAAyB;AAChE,MAAAA,QAAO,MAAM,mCAAmC,GAAG;AAEnD,YAAM,gBAAgB,IAAI,cAAc;AAAA,QACpC;AAAA,QACA,WAAW,KAAK,SAAS;AAAA,QACzB,WAAW,KAAK,SAAS;AAAA,QACzB;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY;AAAA,QACZ;AAAA,QAAQ;AAAA,QAAS;AAAA,QAAS;AAAA,QAAY;AAAA,QAAe;AAAA,QAAY;AAAA,QACjE;AAAA,QAAU;AAAA,QAAS;AAAA,QAAa;AAAA,QAAkB;AAAA,QAAkB;AAAA,QAAc;AAAA,QAClF,eAAe,KAAK,SAAS;AAAA,QAC7B;AAAA,QACA;AAAA,MACJ,CAAC;AAGD,YAAM,KAAK,gBAAgB;AAE3B,YAAM,cAAc,cAAc;AAClC,YAAM,KAAK,SAAS,WAAW,IAAI,YAAY,IAAI,YAAY,gBAAgB,CAAC;AAChF,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,wBAAwB,KAAa,cAAc,OAAkE;AAC9H,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAE5D,YAAM,WAAW,IAAI,eAAe,SAAS,WAAW,KAAK,KAAK,SAAS,aAAa,CAAC;AACzF,UAAI,CAAC,SAAS,OAAO;AACjB,QAAAA,QAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAE9C,cAAM;AAAA,MACV;AAEA,YAAM,oBAAoB,MAAM,KAAK,SAAS,WAAW,cAAc,WAAW,OAAO,SAAS,KAAK;AACvG,UAAI,CAAC,mBAAmB;AACpB,QAAAA,QAAO,MAAM,IAAI,MAAM,oCAAoC,CAAC;AAC5D,cAAM;AAAA,MACV;AAEA,YAAM,QAAQ,YAAY,kBAAkB,iBAAiB;AAC7D,aAAO,EAAE,OAAO,SAAS;AAAA,IAC7B;AAAA,IAEA,MAAa,sBAAsB,KAAsC;AACrE,YAAMA,UAAS,KAAK,QAAQ,OAAO,uBAAuB;AAE1D,YAAM,EAAE,OAAO,SAAS,IAAI,MAAM,KAAK,wBAAwB,KAAK,IAAI;AACxE,MAAAA,QAAO,MAAM,kDAAkD;AAC/D,YAAM,KAAK,WAAW,uBAAuB,UAAU,KAAK;AAC5D,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,wCAAwC;AAAA,MACjD;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACnB,GAAyE;AACrE,YAAM,gBAAyC,MAAM,KAAK,aAAa,oBAAoB,EAAE,UAAU,SAAS,CAAC;AACjH,YAAM,iBAAiC,IAAI,eAAe,IAAI,gBAAgB,CAAC;AAC/E,aAAO,OAAO,gBAAgB,aAAa;AAC3C,YAAM,KAAK,WAAW,4BAA4B,gBAAgB,YAAY;AAC9E,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,gBAAgB;AAAA,MACzB;AAAA,MACA;AAAA,IACJ,GAAiD;AAC7C,YAAMA,UAAS,KAAK,QAAQ,OAAO,iBAAiB;AAEpD,YAAM,SAAS,MAAM,KAAK,aAAa,qBAAqB;AAAA,QACxD,eAAe,MAAM;AAAA,QACrB,OAAO,MAAM;AAAA,QACb;AAAA,MACJ,CAAC;AACD,YAAM,WAAW,IAAI,eAAe,IAAI,gBAAgB,CAAC;AACzD,aAAO,OAAO,UAAU,MAAM;AAC9B,MAAAA,QAAO,MAAM,uBAAuB,QAAQ;AAC5C,YAAM,KAAK,WAAW,wBAAwB,UAAU,KAAK;AAC7D,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,qBAAqB;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,MACA,2BAA2B,KAAK,SAAS;AAAA,MACzC,mBAAmB,KAAK,SAAS;AAAA,IACrC,IAA8B,CAAC,GAA4B;AACvD,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AAEzD,YAAM,MAAM,MAAM,KAAK,gBAAgB,sBAAsB;AAC7D,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AACjD,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,iCAAiC,GAAG;AAEjD,YAAM,UAAU,IAAI,eAAe;AAAA,QAC/B;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,MACJ,CAAC;AAGD,YAAM,KAAK,gBAAgB;AAE3B,YAAM,eAAe,QAAQ;AAC7B,UAAI,cAAc;AACd,QAAAA,QAAO,MAAM,sCAAsC;AACnD,cAAM,KAAK,SAAS,WAAW,IAAI,aAAa,IAAI,aAAa,gBAAgB,CAAC;AAAA,MACtF;AAEA,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,yBAAyB,KAAa,cAAc,OAAyE;AACtI,YAAMA,UAAS,KAAK,QAAQ,OAAO,0BAA0B;AAE7D,YAAM,WAAW,IAAI,gBAAgB,SAAS,WAAW,KAAK,KAAK,SAAS,aAAa,CAAC;AAC1F,UAAI,CAAC,SAAS,OAAO;AACjB,QAAAA,QAAO,MAAM,sBAAsB;AAEnC,YAAI,SAAS,OAAO;AAChB,UAAAA,QAAO,KAAK,uBAAuB,SAAS,KAAK;AACjD,gBAAM,IAAI,cAAc,QAAQ;AAAA,QACpC;AAEA,eAAO,EAAE,OAAO,QAAW,SAAS;AAAA,MACxC;AAEA,YAAM,oBAAoB,MAAM,KAAK,SAAS,WAAW,cAAc,WAAW,OAAO,SAAS,KAAK;AACvG,UAAI,CAAC,mBAAmB;AACpB,QAAAA,QAAO,MAAM,IAAI,MAAM,oCAAoC,CAAC;AAC5D,cAAM;AAAA,MACV;AAEA,YAAM,QAAQ,MAAM,kBAAkB,iBAAiB;AACvD,aAAO,EAAE,OAAO,SAAS;AAAA,IAC7B;AAAA,IAEA,MAAa,uBAAuB,KAAuC;AACvE,YAAMA,UAAS,KAAK,QAAQ,OAAO,wBAAwB;AAE3D,YAAM,EAAE,OAAO,SAAS,IAAI,MAAM,KAAK,yBAAyB,KAAK,IAAI;AACzE,UAAI,OAAO;AACP,QAAAA,QAAO,MAAM,kDAAkD;AAC/D,aAAK,WAAW,wBAAwB,UAAU,KAAK;AAAA,MAC3D,OAAO;AACH,QAAAA,QAAO,MAAM,qDAAqD;AAAA,MACtE;AAEA,aAAO;AAAA,IACX;AAAA,IAEO,kBAAiC;AACpC,WAAK,QAAQ,OAAO,iBAAiB;AACrC,aAAO,MAAM,gBAAgB,KAAK,SAAS,YAAY,KAAK,SAAS,sBAAsB;AAAA,IAC/F;AAAA,IAEA,MAAa,YAAY,OAAe,MAAwD;AAC5F,WAAK,QAAQ,OAAO,aAAa;AACjC,aAAO,MAAM,KAAK,aAAa,OAAO;AAAA,QAClC;AAAA,QACA,iBAAiB;AAAA,MACrB,CAAC;AAAA,IACL;AAAA,EACJ;;;AC5RO,MAAM,iBAAN,MAAqB;AAAA,IAOjB,YAA6B,cAA2B;AAA3B;AANpC,WAAiB,UAAU,IAAI,OAAO,gBAAgB;AA2CtD,WAAU,SAAS,OACf,SAIgB;AAChB,cAAM,gBAAgB,KAAK;AAC3B,YAAI,CAAC,eAAe;AAChB;AAAA,QACJ;AACA,cAAMC,UAAS,KAAK,QAAQ,OAAO,QAAQ;AAE3C,YAAI,KAAK,SAAS;AACd,eAAK,OAAO,KAAK,QAAQ;AACzB,eAAK,OAAO,KAAK,QAAQ;AACzB,UAAAA,QAAO,MAAM,iBAAiB,eAAe,SAAS,KAAK,IAAI;AAAA,QACnE,OACK;AACD,eAAK,OAAO;AACZ,eAAK,OAAO;AACZ,UAAAA,QAAO,MAAM,iBAAiB,eAAe,kBAAkB;AAAA,QACnE;AAEA,YAAI,KAAK,qBAAqB;AAC1B,eAAK,oBAAoB,MAAM,aAAa;AAC5C;AAAA,QACJ;AAEA,YAAI;AACA,gBAAM,MAAM,MAAM,KAAK,aAAa,gBAAgB,sBAAsB;AAC1E,cAAI,KAAK;AACL,YAAAA,QAAO,MAAM,mCAAmC;AAEhD,kBAAM,YAAY,KAAK,aAAa,SAAS;AAC7C,kBAAM,oBAAoB,KAAK,aAAa,SAAS;AACrD,kBAAM,cAAc,KAAK,aAAa,SAAS;AAE/C,kBAAM,qBAAqB,IAAI,mBAAmB,KAAK,WAAW,WAAW,KAAK,mBAAmB,WAAW;AAChH,kBAAM,mBAAmB,KAAK;AAC9B,iBAAK,sBAAsB;AAC3B,+BAAmB,MAAM,aAAa;AAAA,UAC1C,OACK;AACD,YAAAA,QAAO,KAAK,+CAA+C;AAAA,UAC/D;AAAA,QACJ,SACO,KAAP;AAEI,UAAAA,QAAO,MAAM,qCAAqC,eAAe,QAAQ,IAAI,UAAU,GAAG;AAAA,QAC9F;AAAA,MACJ;AAEA,WAAU,QAAQ,MAAY;AAC1B,cAAMA,UAAS,KAAK,QAAQ,OAAO,OAAO;AAC1C,aAAK,OAAO;AACZ,aAAK,OAAO;AAEZ,YAAI,KAAK,qBAAqB;AAC1B,eAAK,oBAAoB,KAAK;AAAA,QAClC;AAEA,YAAI,KAAK,aAAa,SAAS,yBAAyB;AAIpD,gBAAM,cAAc,YAAY,YAAY;AACxC,0BAAc,WAAW;AAEzB,gBAAI;AACA,oBAAM,UAAU,MAAM,KAAK,aAAa,mBAAmB;AAC3D,kBAAI,SAAS;AACT,sBAAM,UAAU;AAAA,kBACZ,eAAe,QAAQ;AAAA,kBACvB,SAAS,QAAQ,OAAO,QAAQ,MAAM;AAAA,oBAClC,KAAK,QAAQ;AAAA,oBACb,KAAK,QAAQ;AAAA,kBACjB,IAAI;AAAA,gBACR;AACA,qBAAK,KAAK,OAAO,OAAO;AAAA,cAC5B;AAAA,YACJ,SACO,KAAP;AAEI,cAAAA,QAAO,MAAM,iCAAiC,eAAe,QAAQ,IAAI,UAAU,GAAG;AAAA,YAC1F;AAAA,UACJ,GAAG,GAAI;AAAA,QACX;AAAA,MACJ;AAEA,WAAU,YAAY,YAA2B;AAC7C,cAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,YAAI;AACA,gBAAM,UAAU,MAAM,KAAK,aAAa,mBAAmB;AAC3D,cAAI,aAAa;AAEjB,cAAI,WAAW,KAAK,qBAAqB;AACrC,gBAAI,QAAQ,QAAQ,KAAK,MAAM;AAC3B,2BAAa;AACb,mBAAK,oBAAoB,MAAM,QAAQ,aAAa;AAEpD,kBAAI,QAAQ,QAAQ,KAAK,MAAM;AAC3B,gBAAAA,QAAO,MAAM,kFAAkF,QAAQ,aAAa;AAAA,cACxH,OACK;AACD,gBAAAA,QAAO,MAAM,6GAA6G,QAAQ,aAAa;AAC/I,qBAAK,aAAa,OAAO,yBAAyB;AAAA,cACtD;AAAA,YACJ,OACK;AACD,cAAAA,QAAO,MAAM,oCAAoC,QAAQ,GAAG;AAAA,YAChE;AAAA,UACJ,OACK;AACD,YAAAA,QAAO,MAAM,kCAAkC;AAAA,UACnD;AAEA,cAAI,YAAY;AACZ,gBAAI,KAAK,MAAM;AACX,mBAAK,aAAa,OAAO,oBAAoB;AAAA,YACjD,OACK;AACD,mBAAK,aAAa,OAAO,mBAAmB;AAAA,YAChD;AAAA,UACJ,OAAO;AACH,YAAAA,QAAO,MAAM,kDAAkD;AAAA,UACnE;AAAA,QACJ,SACO,KAAP;AACI,cAAI,KAAK,MAAM;AACX,YAAAA,QAAO,MAAM,qEAAqE,GAAG;AACrF,iBAAK,aAAa,OAAO,oBAAoB;AAAA,UACjD;AAAA,QACJ;AAAA,MACJ;AAzKI,UAAI,CAAC,cAAc;AACf,aAAK,QAAQ,MAAM,IAAI,MAAM,wBAAwB,CAAC;AAAA,MAC1D;AAEA,WAAK,aAAa,OAAO,cAAc,KAAK,MAAM;AAClD,WAAK,aAAa,OAAO,gBAAgB,KAAK,KAAK;AAEnD,WAAK,MAAM,EAAE,MAAM,CAAC,QAAiB;AAEjC,aAAK,QAAQ,MAAM,GAAG;AAAA,MAC1B,CAAC;AAAA,IACL;AAAA,IAEA,MAAgB,QAAuB;AACnC,WAAK,QAAQ,OAAO,OAAO;AAC3B,YAAM,OAAO,MAAM,KAAK,aAAa,QAAQ;AAG7C,UAAI,MAAM;AACN,aAAK,KAAK,OAAO,IAAI;AAAA,MACzB,WACS,KAAK,aAAa,SAAS,yBAAyB;AACzD,cAAM,UAAU,MAAM,KAAK,aAAa,mBAAmB;AAC3D,YAAI,SAAS;AACT,gBAAM,UAAU;AAAA,YACZ,eAAe,QAAQ;AAAA,YACvB,SAAS,QAAQ,OAAO,QAAQ,MAAM;AAAA,cAClC,KAAK,QAAQ;AAAA,cACb,KAAK,QAAQ;AAAA,YACjB,IAAI;AAAA,UACR;AACA,eAAK,KAAK,OAAO,OAAO;AAAA,QAC5B;AAAA,MACJ;AAAA,IACJ;AAAA,EAwIJ;;;AC9KO,MAAM,OAAN,MAAW;AAAA,IAsCP,YAAY,MAUhB;AA/DP;AAgEQ,WAAK,WAAW,KAAK;AACrB,WAAK,iBAAgB,UAAK,kBAAL,YAAsB;AAC3C,WAAK,eAAe,KAAK;AACzB,WAAK,gBAAgB,KAAK;AAE1B,WAAK,aAAa,KAAK;AACvB,WAAK,QAAQ,KAAK;AAClB,WAAK,UAAU,KAAK;AACpB,WAAK,aAAa,KAAK;AACvB,WAAK,QAAQ,KAAK;AAAA,IACtB;AAAA,IAGA,IAAW,aAAiC;AACxC,UAAI,KAAK,eAAe,QAAW;AAC/B,eAAO;AAAA,MACX;AACA,aAAO,KAAK,aAAa,MAAM,aAAa;AAAA,IAChD;AAAA,IAEA,IAAW,WAAW,OAA2B;AAC7C,UAAI,UAAU,QAAW;AACrB,aAAK,aAAa,KAAK,MAAM,KAAK,IAAI,MAAM,aAAa;AAAA,MAC7D;AAAA,IACJ;AAAA,IAGA,IAAW,UAA+B;AACtC,YAAM,aAAa,KAAK;AACxB,UAAI,eAAe,QAAW;AAC1B,eAAO;AAAA,MACX;AACA,aAAO,cAAc;AAAA,IACzB;AAAA,IAGA,IAAW,SAAmB;AApGlC;AAqGQ,cAAO,gBAAK,UAAL,mBAAY,MAAM,SAAlB,YAA0B,CAAC;AAAA,IACtC;AAAA,IAEO,kBAA0B;AAC7B,UAAI,OAAO,MAAM,EAAE,OAAO,iBAAiB;AAC3C,aAAO,KAAK,UAAU;AAAA,QAClB,UAAU,KAAK;AAAA,QACf,eAAe,KAAK;AAAA,QACpB,cAAc,KAAK;AAAA,QACnB,eAAe,KAAK;AAAA,QACpB,YAAY,KAAK;AAAA,QACjB,OAAO,KAAK;AAAA,QACZ,SAAS,KAAK;AAAA,QACd,YAAY,KAAK;AAAA,MACrB,CAAC;AAAA,IACL;AAAA,IAEA,OAAc,kBAAkB,eAA6B;AACzD,aAAO,aAAa,QAAQ,mBAAmB;AAC/C,aAAO,IAAI,KAAK,KAAK,MAAM,aAAa,CAAC;AAAA,IAC7C;AAAA,EACJ;;;ACpHA,MAAM,gBAAgB;AAcf,MAAe,sBAAf,MAAsD;AAAA,IAAtD;AAEH,WAAmB,SAAS,IAAI,MAAuB,2BAA2B;AAClF,WAAmB,mBAAmB,oBAAI,IAAgB;AAE1D,WAAU,UAA8B;AAAA;AAAA,IAExC,MAAa,SAAS,QAAmD;AACrE,YAAMC,UAAS,KAAK,QAAQ,OAAO,UAAU;AAC7C,UAAI,CAAC,KAAK,SAAS;AACf,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAChE;AAEA,MAAAA,QAAO,MAAM,uBAAuB;AACpC,WAAK,QAAQ,SAAS,QAAQ,OAAO,GAAG;AAExC,YAAM,EAAE,KAAK,SAAS,IAAI,MAAM,IAAI,QAAqB,CAAC,SAAS,WAAW;AAC1E,cAAM,WAAW,CAACC,OAAoB;AArClD;AAsCgB,gBAAM,OAAgCA,GAAE;AACxC,gBAAM,UAAS,YAAO,iBAAP,YAAuB,OAAO,SAAS;AACtD,cAAIA,GAAE,WAAW,WAAU,6BAAM,YAAW,eAAe;AAEvD;AAAA,UACJ;AACA,cAAI;AACA,kBAAM,QAAQ,SAAS,WAAW,KAAK,KAAK,OAAO,aAAa,EAAE,IAAI,OAAO;AAC7E,gBAAI,CAAC,OAAO;AACR,cAAAD,QAAO,KAAK,gCAAgC;AAAA,YAChD;AACA,gBAAIC,GAAE,WAAW,KAAK,WAAW,UAAU,OAAO,OAAO;AAGrD;AAAA,YACJ;AAAA,UACJ,SACO,KAAP;AACI,iBAAK,SAAS;AACd,mBAAO,IAAI,MAAM,8BAA8B,CAAC;AAAA,UACpD;AACA,kBAAQ,IAAI;AAAA,QAChB;AACA,eAAO,iBAAiB,WAAW,UAAU,KAAK;AAClD,aAAK,iBAAiB,IAAI,MAAM,OAAO,oBAAoB,WAAW,UAAU,KAAK,CAAC;AACtF,aAAK,iBAAiB,IAAI,KAAK,OAAO,WAAW,CAAC,WAAW;AACzD,eAAK,SAAS;AACd,iBAAO,MAAM;AAAA,QACjB,CAAC,CAAC;AAAA,MACN,CAAC;AACD,MAAAD,QAAO,MAAM,0BAA0B;AACvC,WAAK,SAAS;AAEd,UAAI,CAAC,UAAU;AACX,aAAK,MAAM;AAAA,MACf;AAEA,aAAO,EAAE,IAAI;AAAA,IACjB;AAAA,IAIQ,WAAiB;AACrB,WAAK,QAAQ,OAAO,UAAU;AAE9B,iBAAW,WAAW,KAAK,kBAAkB;AACzC,gBAAQ;AAAA,MACZ;AACA,WAAK,iBAAiB,MAAM;AAAA,IAChC;AAAA,IAEA,OAAiB,cAAc,QAAgB,KAAa,WAAW,OAAO,eAAe,OAAO,SAAS,QAAc;AACvH,aAAO,YAAY;AAAA,QACf,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACJ,GAAkB,YAAY;AAAA,IAClC;AAAA,EACJ;;;ACxFO,MAAM,6BAAkD;AAAA,IAC3D,UAAU;AAAA,IACV,SAAS;AAAA,IACT,QAAQ;AAAA,EACZ;AACO,MAAM,qBAAqB;AAClC,MAAM,sDAAsD;AAC5D,MAAM,uCAAuC;AACtC,MAAM,uCAAuC;AA4E7C,MAAM,2BAAN,cAAuC,wBAAwB;AAAA,IA+B3D,YAAY,MAA2B;AAC1C,YAAM;AAAA,QACF,qBAAqB,KAAK;AAAA,QAC1B,iCAAiC,KAAK;AAAA,QACtC,sBAAsB;AAAA,QACtB,oBAAoB;AAAA,QACpB,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,QAEjB,2BAA2B,KAAK;AAAA,QAChC,qBAAqB,KAAK;AAAA,QAE1B,sBAAsB,KAAK;AAAA,QAC3B,gCAAgC;AAAA,QAChC,uBAAuB;AAAA,QACvB,2BAA2B;AAAA,QAC3B,8BAA8B;AAAA,QAE9B,iBAAiB;AAAA,QACjB,0BAA0B;AAAA,QAC1B,gCAAgC;AAAA,QAChC,6BAA6B;AAAA,QAC7B,0BAA0B;AAAA,QAE1B,mBAAmB,CAAC,gBAAgB,eAAe;AAAA,QACnD,wBAAwB;AAAA,QACxB,gCAAgC;AAAA,QAEhC,+CAA+C;AAAA,QAE/C;AAAA,MACJ,IAAI;AAEJ,YAAM,IAAI;AAEV,WAAK,qBAAqB;AAC1B,WAAK,iCAAiC;AACtC,WAAK,sBAAsB;AAC3B,WAAK,oBAAoB;AACzB,WAAK,iBAAiB;AACtB,WAAK,iBAAiB;AAEtB,WAAK,2BAA2B;AAChC,WAAK,qBAAqB;AAE1B,WAAK,sBAAsB;AAC3B,WAAK,gCAAgC;AACrC,WAAK,uBAAuB;AAC5B,WAAK,2BAA2B;AAChC,WAAK,8BAA8B;AAEnC,WAAK,iBAAiB;AACtB,WAAK,0BAA0B;AAC/B,WAAK,gCAAgC;AACrC,WAAK,0BAA0B;AAC/B,WAAK,6BAA6B;AAElC,WAAK,mBAAmB;AACxB,WAAK,wBAAwB;AAC7B,WAAK,gCAAgC;AAErC,WAAK,+CAA+C;AAEpD,UAAI,WAAW;AACX,aAAK,YAAY;AAAA,MACrB,OACK;AACD,cAAM,QAAQ,OAAO,WAAW,cAAc,OAAO,iBAAiB,IAAI,mBAAmB;AAC7F,aAAK,YAAY,IAAI,qBAAqB,EAAE,MAAM,CAAC;AAAA,MACvD;AAAA,IACJ;AAAA,EACJ;;;AC/KO,MAAM,eAAN,cAA2B,oBAAoB;AAAA,IAK3C,YAAY;AAAA,MACf,gCAAgC;AAAA,IACpC,GAAuB;AACnB,YAAM;AAPV,WAAmB,UAAU,IAAI,OAAO,cAAc;AAQlD,WAAK,oBAAoB;AAEzB,WAAK,SAAS,aAAa,mBAAmB;AAC9C,WAAK,UAAU,KAAK,OAAO;AAAA,IAC/B;AAAA,IAEA,OAAe,qBAAwC;AACnD,YAAM,SAAS,OAAO,SAAS,cAAc,QAAQ;AAGrD,aAAO,MAAM,aAAa;AAC1B,aAAO,MAAM,WAAW;AACxB,aAAO,MAAM,OAAO;AACpB,aAAO,MAAM,MAAM;AACnB,aAAO,QAAQ;AACf,aAAO,SAAS;AAChB,aAAO,aAAa,WAAW,6CAA6C;AAE5E,aAAO,SAAS,KAAK,YAAY,MAAM;AACvC,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,SAAS,QAAmD;AACrE,WAAK,QAAQ,MAAM,+BAA+B,KAAK,iBAAiB;AACxE,YAAM,QAAQ,WAAW,MAAM,KAAK,OAAO,MAAM,IAAI,aAAa,qCAAqC,CAAC,GAAG,KAAK,oBAAoB,GAAI;AACxI,WAAK,iBAAiB,IAAI,MAAM,aAAa,KAAK,CAAC;AAEnD,aAAO,MAAM,MAAM,SAAS,MAAM;AAAA,IACtC;AAAA,IAEO,QAAc;AA1DzB;AA2DQ,UAAI,KAAK,QAAQ;AACb,YAAI,KAAK,OAAO,YAAY;AACxB,eAAK,OAAO,iBAAiB,QAAQ,CAAC,OAAO;AA7D7D,gBAAAE;AA8DoB,kBAAM,QAAQ,GAAG;AACjB,aAAAA,MAAA,MAAM,eAAN,gBAAAA,IAAkB,YAAY;AAC9B,iBAAK,OAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,UAC1D,GAAG,IAAI;AACP,qBAAK,OAAO,kBAAZ,mBAA2B,SAAS,QAAQ;AAAA,QAChD;AACA,aAAK,SAAS;AAAA,MAClB;AACA,WAAK,UAAU;AAAA,IACnB;AAAA,IAEA,OAAc,aAAa,KAAa,cAA6B;AACjE,aAAO,MAAM,cAAc,OAAO,QAAQ,KAAK,OAAO,YAAY;AAAA,IACtE;AAAA,EACJ;;;ACjEO,MAAM,kBAAN,MAA4C;AAAA,IAG/C,YAAoB,WAAqC;AAArC;AAFpB,WAAiB,UAAU,IAAI,OAAO,iBAAiB;AAAA,IAEG;AAAA,IAE1D,MAAa,QAAQ;AAAA,MACjB,gCAAgC,KAAK,UAAU;AAAA,IACnD,GAA8C;AAC1C,aAAO,IAAI,aAAa,EAAE,8BAA8B,CAAC;AAAA,IAC7D;AAAA,IAEA,MAAa,SAAS,KAA4B;AAC9C,WAAK,QAAQ,OAAO,UAAU;AAC9B,mBAAa,aAAa,KAAK,KAAK,UAAU,wBAAwB;AAAA,IAC1E;AAAA,EACJ;;;AClBA,MAAM,8BAA8B;AAa7B,MAAM,cAAN,cAA0B,oBAAoB;AAAA,IAK1C,YAAY;AAAA,MACf,oBAAoB;AAAA,MACpB,sBAAsB,CAAC;AAAA,IAC3B,GAAsB;AAClB,YAAM;AARV,WAAmB,UAAU,IAAI,OAAO,aAAa;AASjD,YAAM,gBAAgB,WAAW,OAAO,EAAE,GAAG,4BAA4B,GAAG,oBAAoB,CAAC;AACjG,WAAK,UAAU,OAAO,KAAK,QAAW,mBAAmB,WAAW,UAAU,aAAa,CAAC;AAAA,IAChG;AAAA,IAEA,MAAa,SAAS,QAAmD;AAnC7E;AAoCQ,iBAAK,YAAL,mBAAc;AAEd,YAAM,sBAAsB,YAAY,MAAM;AAC1C,YAAI,CAAC,KAAK,WAAW,KAAK,QAAQ,QAAQ;AACtC,eAAK,OAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAAA,QACvD;AAAA,MACJ,GAAG,2BAA2B;AAC9B,WAAK,iBAAiB,IAAI,MAAM,cAAc,mBAAmB,CAAC;AAElE,aAAO,MAAM,MAAM,SAAS,MAAM;AAAA,IACtC;AAAA,IAEO,QAAc;AACjB,UAAI,KAAK,SAAS;AACd,YAAI,CAAC,KAAK,QAAQ,QAAQ;AACtB,eAAK,QAAQ,MAAM;AACnB,eAAK,OAAO,MAAM,IAAI,MAAM,cAAc,CAAC;AAAA,QAC/C;AAAA,MACJ;AACA,WAAK,UAAU;AAAA,IACnB;AAAA,IAEA,OAAc,aAAa,KAAa,UAAyB;AAC7D,UAAI,CAAC,OAAO,QAAQ;AAChB,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE;AACA,aAAO,MAAM,cAAc,OAAO,QAAQ,KAAK,QAAQ;AAAA,IAC3D;AAAA,EACJ;;;ACrDO,MAAM,iBAAN,MAA2C;AAAA,IAG9C,YAAoB,WAAqC;AAArC;AAFpB,WAAiB,UAAU,IAAI,OAAO,gBAAgB;AAAA,IAEI;AAAA,IAE1D,MAAa,QAAQ;AAAA,MACjB,sBAAsB,KAAK,UAAU;AAAA,MACrC,oBAAoB,KAAK,UAAU;AAAA,IACvC,GAA4C;AACxC,aAAO,IAAI,YAAY,EAAE,qBAAqB,kBAAkB,CAAC;AAAA,IACrE;AAAA,IAEA,MAAa,SAAS,KAAa,WAAW,OAAsB;AAChE,WAAK,QAAQ,OAAO,UAAU;AAE9B,kBAAY,aAAa,KAAK,QAAQ;AAAA,IAC1C;AAAA,EACJ;;;ACTO,MAAM,oBAAN,MAA8C;AAAA,IAGjD,YAAoB,WAAqC;AAArC;AAFpB,WAAiB,UAAU,IAAI,OAAO,mBAAmB;AAAA,IAEC;AAAA,IAE1D,MAAa,QAAQ;AAAA,MACjB,iBAAiB,KAAK,UAAU;AAAA,MAChC,iBAAiB,KAAK,UAAU;AAAA,IACpC,GAAqC;AA3BzC;AA4BQ,WAAK,QAAQ,OAAO,SAAS;AAC7B,UAAI,eAAe,OAAO;AAE1B,UAAI,mBAAmB,OAAO;AAC1B,wBAAe,YAAO,QAAP,YAAc,OAAO;AAAA,MACxC;AAEA,YAAM,WAAW,aAAa,SAAS,gBAAgB,KAAK,aAAa,QAAQ;AACjF,UAAI;AACJ,aAAO;AAAA,QACH,UAAU,OAAO,WAA2B;AACxC,eAAK,QAAQ,OAAO,UAAU;AAE9B,gBAAM,UAAU,IAAI,QAAQ,CAAC,SAAS,WAAW;AAC7C,oBAAQ;AAAA,UACZ,CAAC;AACD,mBAAS,OAAO,GAAG;AACnB,iBAAO,MAAO;AAAA,QAClB;AAAA,QACA,OAAO,MAAM;AACT,eAAK,QAAQ,OAAO,OAAO;AAC3B,yCAAQ,IAAI,MAAM,kBAAkB;AACpC,uBAAa,KAAK;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;;;AClBO,MAAM,oBAAN,cAAgC,kBAAkB;AAAA,IAU9C,YAAY,UAAoC;AACnD,YAAM,EAAE,mCAAmC,SAAS,6CAA6C,CAAC;AAVtG,WAAmB,UAAU,IAAI,OAAO,mBAAmB;AAE3D,WAAiB,cAAc,IAAI,MAAc,aAAa;AAC9D,WAAiB,gBAAgB,IAAI,MAAU,eAAe;AAC9D,WAAiB,oBAAoB,IAAI,MAAe,oBAAoB;AAC5E,WAAiB,gBAAgB,IAAI,MAAU,gBAAgB;AAC/D,WAAiB,iBAAiB,IAAI,MAAU,iBAAiB;AACjE,WAAiB,sBAAsB,IAAI,MAAU,sBAAsB;AAAA,IAI3E;AAAA,IAEO,KAAK,MAAY,aAAW,MAAY;AAC3C,YAAM,KAAK,IAAI;AACf,UAAI,YAAY;AACZ,aAAK,YAAY,MAAM,IAAI;AAAA,MAC/B;AAAA,IACJ;AAAA,IACO,SAAe;AAClB,YAAM,OAAO;AACb,WAAK,cAAc,MAAM;AAAA,IAC7B;AAAA,IAKO,cAAc,IAAoC;AACrD,aAAO,KAAK,YAAY,WAAW,EAAE;AAAA,IACzC;AAAA,IAIO,iBAAiB,IAA8B;AAClD,aAAO,KAAK,YAAY,cAAc,EAAE;AAAA,IAC5C;AAAA,IAKO,gBAAgB,IAAsC;AACzD,aAAO,KAAK,cAAc,WAAW,EAAE;AAAA,IAC3C;AAAA,IAIO,mBAAmB,IAAgC;AACtD,aAAO,KAAK,cAAc,cAAc,EAAE;AAAA,IAC9C;AAAA,IAKO,oBAAoB,IAA0C;AACjE,aAAO,KAAK,kBAAkB,WAAW,EAAE;AAAA,IAC/C;AAAA,IAIO,uBAAuB,IAAoC;AAC9D,aAAO,KAAK,kBAAkB,cAAc,EAAE;AAAA,IAClD;AAAA,IAIO,uBAAuBC,IAAgB;AAC1C,WAAK,kBAAkB,MAAMA,EAAC;AAAA,IAClC;AAAA,IAMO,gBAAgB,IAAsC;AACzD,aAAO,KAAK,cAAc,WAAW,EAAE;AAAA,IAC3C;AAAA,IAIO,mBAAmB,IAAgC;AACtD,WAAK,cAAc,cAAc,EAAE;AAAA,IACvC;AAAA,IAIO,qBAA2B;AAC9B,WAAK,cAAc,MAAM;AAAA,IAC7B;AAAA,IAMO,iBAAiB,IAAuC;AAC3D,aAAO,KAAK,eAAe,WAAW,EAAE;AAAA,IAC5C;AAAA,IAIO,oBAAoB,IAAiC;AACxD,WAAK,eAAe,cAAc,EAAE;AAAA,IACxC;AAAA,IAIO,sBAA4B;AAC/B,WAAK,eAAe,MAAM;AAAA,IAC9B;AAAA,IAMO,sBAAsB,IAA4C;AACrE,aAAO,KAAK,oBAAoB,WAAW,EAAE;AAAA,IACjD;AAAA,IAIO,yBAAyB,IAAsC;AAClE,WAAK,oBAAoB,cAAc,EAAE;AAAA,IAC7C;AAAA,IAIO,2BAAiC;AACpC,WAAK,oBAAoB,MAAM;AAAA,IACnC;AAAA,EACJ;;;AC1JO,MAAM,qBAAN,MAAyB;AAAA,IAKrB,YAAoB,cAA2B;AAA3B;AAJ3B,WAAU,UAAU,IAAI,OAAO,oBAAoB;AACnD,WAAQ,aAAa;AACrB,WAAiB,cAAc,IAAI,MAAM,oBAAoB;AAgC7D,WAAU,iBAAsC,YAAY;AACxD,cAAMC,UAAS,KAAK,QAAQ,OAAO,gBAAgB;AACnD,YAAI;AACA,gBAAM,KAAK,aAAa,aAAa;AACrC,UAAAA,QAAO,MAAM,iCAAiC;AAAA,QAClD,SACO,KAAP;AACI,cAAI,eAAe,cAAc;AAE7B,YAAAA,QAAO,KAAK,mCAAmC,KAAK,aAAa;AACjE,iBAAK,YAAY,KAAK,CAAC;AACvB;AAAA,UACJ;AAEA,UAAAA,QAAO,MAAM,4BAA4B,GAAG;AAC5C,eAAK,aAAa,OAAO,uBAAuB,GAAY;AAAA,QAChE;AAAA,MACJ;AAAA,IA/CuD;AAAA,IAEvD,MAAa,QAAuB;AAChC,YAAMA,UAAS,KAAK,QAAQ,OAAO,OAAO;AAC1C,UAAI,CAAC,KAAK,YAAY;AAClB,aAAK,aAAa;AAClB,aAAK,aAAa,OAAO,uBAAuB,KAAK,cAAc;AACnE,aAAK,YAAY,WAAW,KAAK,cAAc;AAG/C,YAAI;AACA,gBAAM,KAAK,aAAa,QAAQ;AAAA,QAEpC,SACO,KAAP;AAEI,UAAAA,QAAO,MAAM,iBAAiB,GAAG;AAAA,QACrC;AAAA,MACJ;AAAA,IACJ;AAAA,IAEO,OAAa;AAChB,UAAI,KAAK,YAAY;AACjB,aAAK,YAAY,OAAO;AACxB,aAAK,YAAY,cAAc,KAAK,cAAc;AAClD,aAAK,aAAa,OAAO,0BAA0B,KAAK,cAAc;AACtE,aAAK,aAAa;AAAA,MACtB;AAAA,IACJ;AAAA,EAoBJ;;;ACtDO,MAAM,eAAN,MAAmB;AAAA,IAUtB,YAAY,MAQT;AACC,WAAK,gBAAgB,KAAK;AAC1B,WAAK,WAAW,KAAK;AACrB,WAAK,gBAAgB,KAAK;AAC1B,WAAK,QAAQ,KAAK;AAClB,WAAK,UAAU,KAAK;AAEpB,WAAK,OAAO,KAAK;AAAA,IACrB;AAAA,EACJ;;;AC0CO,MAAM,cAAN,MAAkB;AAAA,IAad,YAAY,UAA+B;AAVlD,WAAmB,UAAU,IAAI,OAAO,aAAa;AAWjD,WAAK,WAAW,IAAI,yBAAyB,QAAQ;AAErD,WAAK,UAAU,IAAI,WAAW,QAAQ;AAEtC,WAAK,qBAAqB,IAAI,kBAAkB,KAAK,QAAQ;AAC7D,WAAK,kBAAkB,IAAI,eAAe,KAAK,QAAQ;AACvD,WAAK,mBAAmB,IAAI,gBAAgB,KAAK,QAAQ;AAEzD,WAAK,UAAU,IAAI,kBAAkB,KAAK,QAAQ;AAClD,WAAK,sBAAsB,IAAI,mBAAmB,IAAI;AAGtD,UAAI,KAAK,SAAS,sBAAsB;AACpC,aAAK,iBAAiB;AAAA,MAC1B;AAEA,WAAK,kBAAkB;AACvB,UAAI,KAAK,SAAS,gBAAgB;AAC9B,aAAK,kBAAkB,IAAI,eAAe,IAAI;AAAA,MAClD;AAAA,IAEJ;AAAA,IAGA,IAAW,SAA4B;AACnC,aAAO,KAAK;AAAA,IAChB;AAAA,IAGA,IAAW,kBAAmC;AAC1C,aAAO,KAAK,QAAQ;AAAA,IACxB;AAAA,IAKA,MAAa,UAAgC;AACzC,YAAMC,UAAS,KAAK,QAAQ,OAAO,SAAS;AAC5C,YAAM,OAAO,MAAM,KAAK,UAAU;AAClC,UAAI,MAAM;AACN,QAAAA,QAAO,KAAK,aAAa;AACzB,aAAK,QAAQ,KAAK,MAAM,KAAK;AAC7B,eAAO;AAAA,MACX;AAEA,MAAAA,QAAO,KAAK,2BAA2B;AACvC,aAAO;AAAA,IACX;AAAA,IAKA,MAAa,aAA4B;AACrC,YAAMA,UAAS,KAAK,QAAQ,OAAO,YAAY;AAC/C,YAAM,KAAK,UAAU,IAAI;AACzB,MAAAA,QAAO,KAAK,2BAA2B;AACvC,WAAK,QAAQ,OAAO;AAAA,IACxB;AAAA,IAKA,MAAa,eAAe,OAA2B,CAAC,GAAkB;AACtE,WAAK,QAAQ,OAAO,gBAAgB;AACpC,YAAM;AAAA,QACF;AAAA,WACG;AAAA,MACP,IAAI;AACJ,YAAM,SAAS,MAAM,KAAK,mBAAmB,QAAQ,EAAE,eAAe,CAAC;AACvE,YAAM,KAAK,aAAa;AAAA,QACpB,cAAc;AAAA,QACd,GAAG;AAAA,MACP,GAAG,MAAM;AAAA,IACb;AAAA,IAKA,MAAa,uBAAuB,MAAM,OAAO,SAAS,MAAqB;AAC3E,YAAMA,UAAS,KAAK,QAAQ,OAAO,wBAAwB;AAC3D,YAAM,OAAO,MAAM,KAAK,WAAW,GAAG;AACtC,UAAI,KAAK,WAAW,KAAK,QAAQ,KAAK;AAClC,QAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,MAC9D,OACK;AACD,QAAAA,QAAO,KAAK,YAAY;AAAA,MAC5B;AAEA,aAAO;AAAA,IACX;AAAA,IAOA,MAAa,+BAA+B;AAAA,MACxC;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACnB,GAAwC;AACpC,YAAMA,UAAS,KAAK,QAAQ,OAAO,+BAA+B;AAElE,YAAM,iBAAiB,MAAM,KAAK,QAAQ,wCAAwC,EAAE,UAAU,UAAU,aAAa,CAAC;AACtH,MAAAA,QAAO,MAAM,qBAAqB;AAElC,YAAM,OAAO,MAAM,KAAK,WAAW,cAAc;AACjD,UAAI,KAAK,WAAW,KAAK,QAAQ,KAAK;AAClC,QAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,MAC9D,OAAO;AACH,QAAAA,QAAO,KAAK,YAAY;AAAA,MAC5B;AACA,aAAO;AAAA,IACX;AAAA,IAKA,MAAa,YAAY,OAAwB,CAAC,GAAkB;AAChE,YAAMA,UAAS,KAAK,QAAQ,OAAO,aAAa;AAChD,YAAM;AAAA,QACF;AAAA,QACA;AAAA,WACG;AAAA,MACP,IAAI;AACJ,YAAM,MAAM,KAAK,SAAS;AAC1B,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,kCAAkC,CAAC;AAAA,MAC9D;AAEA,YAAM,SAAS,MAAM,KAAK,gBAAgB,QAAQ,EAAE,qBAAqB,kBAAkB,CAAC;AAC5F,YAAM,OAAO,MAAM,KAAK,QAAQ;AAAA,QAC5B,cAAc;AAAA,QACd,cAAc;AAAA,QACd,SAAS;AAAA,QACT,GAAG;AAAA,MACP,GAAG,MAAM;AACT,UAAI,MAAM;AACN,YAAI,KAAK,WAAW,KAAK,QAAQ,KAAK;AAClC,UAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,QAC9D,OACK;AACD,UAAAA,QAAO,KAAK,YAAY;AAAA,QAC5B;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA,IAIA,MAAa,oBAAoB,MAAM,OAAO,SAAS,MAAM,WAAW,OAAsB;AAC1F,YAAMA,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AACxD,YAAM,KAAK,gBAAgB,SAAS,KAAK,QAAQ;AACjD,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAMA,MAAa,aAAa,OAAyB,CAAC,GAAyB;AA9PjF;AA+PQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,YAAM;AAAA,QACF;AAAA,WACG;AAAA,MACP,IAAI;AAEJ,UAAI,OAAO,MAAM,KAAK,UAAU;AAChC,UAAI,6BAAM,eAAe;AACrB,QAAAA,QAAO,MAAM,qBAAqB;AAClC,cAAM,QAAQ,IAAI,aAAa,IAAsB;AACrD,eAAO,MAAM,KAAK,iBAAiB,KAAK;AAAA,MAC5C;AAEA,YAAM,MAAM,KAAK,SAAS;AAC1B,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,mCAAmC,CAAC;AAAA,MAC/D;AAEA,UAAI;AACJ,UAAI,QAAQ,KAAK,SAAS,0BAA0B;AAChD,QAAAA,QAAO,MAAM,kCAAkC,KAAK,QAAQ,GAAG;AAC/D,oBAAY,KAAK,QAAQ;AAAA,MAC7B;AAEA,YAAM,SAAS,MAAM,KAAK,iBAAiB,QAAQ,EAAE,8BAA8B,CAAC;AACpF,aAAO,MAAM,KAAK,QAAQ;AAAA,QACtB,cAAc;AAAA,QACd,cAAc;AAAA,QACd,QAAQ;AAAA,QACR,eAAe,KAAK,SAAS,8BAA8B,6BAAM,WAAW;AAAA,QAC5E,GAAG;AAAA,MACP,GAAG,QAAQ,SAAS;AACpB,UAAI,MAAM;AACN,aAAI,UAAK,YAAL,mBAAc,KAAK;AACnB,UAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,QAC9D,OACK;AACD,UAAAA,QAAO,KAAK,YAAY;AAAA,QAC5B;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA,IAEA,MAAgB,iBAAiB,OAAoC;AACjE,YAAM,WAAW,MAAM,KAAK,QAAQ,gBAAgB;AAAA,QAChD;AAAA,QACA,kBAAkB,KAAK,SAAS;AAAA,MACpC,CAAC;AACD,YAAM,OAAO,IAAI,KAAK,EAAE,GAAG,OAAO,GAAG,SAAS,CAAC;AAE/C,YAAM,KAAK,UAAU,IAAI;AACzB,WAAK,QAAQ,KAAK,IAAI;AACtB,aAAO;AAAA,IACX;AAAA,IAKA,MAAa,qBAAqB,MAAM,OAAO,SAAS,MAAqB;AACzE,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AACzD,YAAM,KAAK,iBAAiB,SAAS,GAAG;AACxC,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAEA,MAAa,eAAe,MAAM,OAAO,SAAS,MAA4B;AAC1E,YAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,wBAAwB,GAAG;AAChE,cAAQ,MAAM,cAAc;AAAA,QACxB,KAAK;AACD,iBAAO,MAAM,KAAK,uBAAuB,GAAG;AAAA,QAChD,KAAK;AACD,iBAAO,MAAM,KAAK,oBAAoB,GAAG;AAAA,QAC7C,KAAK;AACD,iBAAO,MAAM,KAAK,qBAAqB,GAAG;AAAA,QAC9C;AACI,gBAAM,IAAI,MAAM,gCAAgC;AAAA,MACxD;AAAA,IACJ;AAAA,IAEA,MAAa,gBAAgB,MAAM,OAAO,SAAS,MAAM,WAAW,OAAsB;AACtF,YAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,yBAAyB,GAAG;AACjE,UAAI,CAAC,OAAO;AACR;AAAA,MACJ;AAEA,cAAQ,MAAM,cAAc;AAAA,QACxB,KAAK;AACD,gBAAM,KAAK,wBAAwB,GAAG;AACtC;AAAA,QACJ,KAAK;AACD,gBAAM,KAAK,qBAAqB,KAAK,QAAQ;AAC7C;AAAA,QACJ,KAAK;AACD,gBAAM,KAAK,sBAAsB,GAAG;AACpC;AAAA,QACJ;AACI,gBAAM,IAAI,MAAM,gCAAgC;AAAA,MACxD;AAAA,IACJ;AAAA,IAKA,MAAa,mBAAmB,OAA+B,CAAC,GAAkC;AAC9F,YAAMA,UAAS,KAAK,QAAQ,OAAO,oBAAoB;AACvD,YAAM;AAAA,QACF;AAAA,WACG;AAAA,MACP,IAAI;AACJ,YAAM,MAAM,KAAK,SAAS;AAC1B,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,mCAAmC,CAAC;AAAA,MAC/D;AAEA,YAAM,OAAO,MAAM,KAAK,UAAU;AAClC,YAAM,SAAS,MAAM,KAAK,iBAAiB,QAAQ,EAAE,8BAA8B,CAAC;AACpF,YAAM,cAAc,MAAM,KAAK,aAAa;AAAA,QACxC,cAAc;AAAA,QACd,cAAc;AAAA,QACd,QAAQ;AAAA,QACR,eAAe,KAAK,SAAS,8BAA8B,6BAAM,WAAW;AAAA,QAC5E,eAAe,KAAK,SAAS;AAAA,QAC7B,OAAO;AAAA,QACP,cAAc;AAAA,QACd,GAAG;AAAA,MACP,GAAG,MAAM;AACT,UAAI;AACA,cAAM,iBAAiB,MAAM,KAAK,QAAQ,sBAAsB,YAAY,GAAG;AAC/E,QAAAA,QAAO,MAAM,qBAAqB;AAElC,YAAI,eAAe,iBAAiB,eAAe,QAAQ,KAAK;AAC5D,UAAAA,QAAO,KAAK,uBAAuB,eAAe,QAAQ,GAAG;AAC7D,iBAAO;AAAA,YACH,eAAe,eAAe;AAAA,YAC9B,KAAK,eAAe,QAAQ;AAAA,YAC5B,KAAK,eAAe,QAAQ;AAAA,UAChC;AAAA,QACJ;AAEA,QAAAA,QAAO,KAAK,iCAAiC;AAC7C,eAAO;AAAA,MACX,SACO,KAAP;AACI,YAAI,KAAK,SAAS,2BAA2B,eAAe,eAAe;AACvE,kBAAQ,IAAI,OAAO;AAAA,YACf,KAAK;AAAA,YACL,KAAK;AAAA,YACL,KAAK;AAAA,YACL,KAAK;AACD,cAAAA,QAAO,KAAK,4BAA4B;AACxC,qBAAO;AAAA,gBAEH,eAAe,IAAI;AAAA,cACvB;AAAA,UACR;AAAA,QACJ;AACA,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,IAEA,MAAgB,QAAQ,MAA+B,QAAiB,WAAmC;AACvG,YAAM,cAAc,MAAM,KAAK,aAAa,MAAM,MAAM;AACxD,aAAO,MAAM,KAAK,WAAW,YAAY,KAAK,SAAS;AAAA,IAC3D;AAAA,IACA,MAAgB,aAAa,MAA+B,QAA4C;AACpG,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AAEjD,UAAI;AACA,cAAM,gBAAgB,MAAM,KAAK,QAAQ,oBAAoB,IAAI;AACjE,QAAAA,QAAO,MAAM,oBAAoB;AAEjC,eAAO,MAAM,OAAO,SAAS;AAAA,UACzB,KAAK,cAAc;AAAA,UACnB,OAAO,cAAc,MAAM;AAAA,UAC3B,eAAe,cAAc,MAAM;AAAA,UACnC,cAAc,KAAK,SAAS;AAAA,QAChC,CAAC;AAAA,MACL,SACO,KAAP;AACI,QAAAA,QAAO,MAAM,2DAA2D;AACxE,eAAO,MAAM;AACb,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,IACA,MAAgB,WAAW,KAAa,WAAmC;AACvE,YAAMA,UAAS,KAAK,QAAQ,OAAO,YAAY;AAC/C,YAAM,iBAAiB,MAAM,KAAK,QAAQ,sBAAsB,GAAG;AACnE,MAAAA,QAAO,MAAM,qBAAqB;AAElC,YAAM,OAAO,MAAM,KAAK,WAAW,gBAAgB,SAAS;AAC5D,aAAO;AAAA,IACX;AAAA,IAEA,MAAgB,WAAW,gBAAgC,WAAoB;AAC3E,YAAMA,UAAS,KAAK,QAAQ,OAAO,YAAY;AAC/C,YAAM,OAAO,IAAI,KAAK,cAAc;AACpC,UAAI,WAAW;AACX,YAAI,cAAc,KAAK,QAAQ,KAAK;AAChC,UAAAA,QAAO,MAAM,2EAA2E,KAAK,QAAQ,GAAG;AACxG,gBAAM,IAAI,cAAc,EAAE,GAAG,gBAAgB,OAAO,iBAAiB,CAAC;AAAA,QAC1E;AACA,QAAAA,QAAO,MAAM,gDAAgD;AAAA,MACjE;AAEA,YAAM,KAAK,UAAU,IAAI;AACzB,MAAAA,QAAO,MAAM,aAAa;AAC1B,WAAK,QAAQ,KAAK,IAAI;AAEtB,aAAO;AAAA,IACX;AAAA,IAKA,MAAa,gBAAgB,OAA4B,CAAC,GAAkB;AACxE,YAAMA,UAAS,KAAK,QAAQ,OAAO,iBAAiB;AACpD,YAAM;AAAA,QACF;AAAA,WACG;AAAA,MACP,IAAI;AACJ,YAAM,SAAS,MAAM,KAAK,mBAAmB,QAAQ,EAAE,eAAe,CAAC;AACvE,YAAM,KAAK,cAAc;AAAA,QACrB,cAAc;AAAA,QACd,0BAA0B,KAAK,SAAS;AAAA,QACxC,GAAG;AAAA,MACP,GAAG,MAAM;AACT,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAKA,MAAa,wBAAwB,MAAM,OAAO,SAAS,MAAgC;AACvF,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAC5D,YAAM,WAAW,MAAM,KAAK,YAAY,GAAG;AAC3C,MAAAA,QAAO,KAAK,SAAS;AACrB,aAAO;AAAA,IACX;AAAA,IAKA,MAAa,aAAa,OAAyB,CAAC,GAAkB;AAClE,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,YAAM;AAAA,QACF;AAAA,QACA;AAAA,WACG;AAAA,MACP,IAAI;AACJ,YAAM,MAAM,KAAK,SAAS;AAE1B,YAAM,SAAS,MAAM,KAAK,gBAAgB,QAAQ,EAAE,qBAAqB,kBAAkB,CAAC;AAC5F,YAAM,KAAK,SAAS;AAAA,QAChB,cAAc;AAAA,QACd,0BAA0B;AAAA,QAM1B,OAAO,OAAO,OAAO,SAAY,CAAC;AAAA,QAClC,GAAG;AAAA,MACP,GAAG,MAAM;AACT,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAKA,MAAa,qBAAqB,MAAM,OAAO,SAAS,MAAM,WAAW,OAAsB;AAC3F,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AACzD,YAAM,KAAK,gBAAgB,SAAS,KAAK,QAAQ;AACjD,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAEA,MAAgB,SAAS,MAAgC,QAA2C;AAChG,YAAM,cAAc,MAAM,KAAK,cAAc,MAAM,MAAM;AACzD,aAAO,MAAM,KAAK,YAAY,YAAY,GAAG;AAAA,IACjD;AAAA,IACA,MAAgB,cAAc,OAAiC,CAAC,GAAG,QAA4C;AAthBnH;AAuhBQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,eAAe;AAElD,UAAI;AACA,cAAM,OAAO,MAAM,KAAK,UAAU;AAClC,QAAAA,QAAO,MAAM,kCAAkC;AAE/C,YAAI,KAAK,SAAS,uBAAuB;AACrC,gBAAM,KAAK,gBAAgB,IAAI;AAAA,QACnC;AAEA,cAAM,WAAW,KAAK,iBAAiB,QAAQ,KAAK;AACpD,YAAI,UAAU;AACV,UAAAA,QAAO,MAAM,0CAA0C;AACvD,eAAK,gBAAgB;AAAA,QACzB;AAEA,cAAM,KAAK,WAAW;AACtB,QAAAA,QAAO,MAAM,wCAAwC;AAErD,cAAM,iBAAiB,MAAM,KAAK,QAAQ,qBAAqB,IAAI;AACnE,QAAAA,QAAO,MAAM,qBAAqB;AAElC,eAAO,MAAM,OAAO,SAAS;AAAA,UACzB,KAAK,eAAe;AAAA,UACpB,QAAO,oBAAe,UAAf,mBAAsB;AAAA,QACjC,CAAC;AAAA,MACL,SACO,KAAP;AACI,QAAAA,QAAO,MAAM,2DAA2D;AACxE,eAAO,MAAM;AACb,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,IACA,MAAgB,YAAY,KAAuC;AAC/D,YAAMA,UAAS,KAAK,QAAQ,OAAO,aAAa;AAChD,YAAM,kBAAkB,MAAM,KAAK,QAAQ,uBAAuB,GAAG;AACrE,MAAAA,QAAO,MAAM,sBAAsB;AAEnC,aAAO;AAAA,IACX;AAAA,IAKA,MAAa,cAAc,OAA0B,CAAC,GAAkB;AAnkB5E;AAokBQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,eAAe;AAClD,YAAM;AAAA,QACF;AAAA,WACG;AAAA,MACP,IAAI;AAEJ,YAAM,gBAAgB,KAAK,SAAS,iCAC7B,WAAM,KAAK,UAAU,MAArB,mBAAyB,WAC1B;AAEN,YAAM,MAAM,KAAK,SAAS;AAC1B,YAAM,SAAS,MAAM,KAAK,iBAAiB,QAAQ,EAAE,8BAA8B,CAAC;AACpF,YAAM,KAAK,SAAS;AAAA,QAChB,cAAc;AAAA,QACd,0BAA0B;AAAA,QAC1B;AAAA,QACA,GAAG;AAAA,MACP,GAAG,MAAM;AAET,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAKA,MAAa,sBAAsB,MAAM,OAAO,SAAS,MAAqB;AAC1E,YAAMA,UAAS,KAAK,QAAQ,OAAO,uBAAuB;AAC1D,YAAM,KAAK,iBAAiB,SAAS,GAAG;AACxC,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAEA,MAAa,aAAa,OAA0C;AAChE,YAAM,OAAO,MAAM,KAAK,UAAU;AAClC,YAAM,KAAK,gBAAgB,MAAM,KAAK;AAAA,IAC1C;AAAA,IAEA,MAAgB,gBAAgB,MAAmB,QAAQ,KAAK,SAAS,kBAAiC;AACtG,YAAMA,UAAS,KAAK,QAAQ,OAAO,iBAAiB;AACpD,UAAI,CAAC;AAAM;AAEX,YAAM,eAAe,MAAM,OAAO,UAAQ,OAAO,KAAK,UAAU,QAAQ;AAExE,UAAI,CAAC,aAAa,QAAQ;AACtB,QAAAA,QAAO,MAAM,sCAAsC;AACnD;AAAA,MACJ;AAGA,iBAAW,QAAQ,cAAc;AAC7B,cAAM,KAAK,QAAQ;AAAA,UACf,KAAK;AAAA,UACL;AAAA,QACJ;AACA,QAAAA,QAAO,KAAK,GAAG,2BAA2B;AAC1C,YAAI,SAAS,gBAAgB;AACzB,eAAK,QAAQ;AAAA,QACjB;AAAA,MACJ;AAEA,YAAM,KAAK,UAAU,IAAI;AACzB,MAAAA,QAAO,MAAM,aAAa;AAC1B,WAAK,QAAQ,KAAK,IAAI;AAAA,IAC1B;AAAA,IAKO,mBAAyB;AAC5B,WAAK,QAAQ,OAAO,kBAAkB;AACtC,WAAK,KAAK,oBAAoB,MAAM;AAAA,IACxC;AAAA,IAKO,kBAAwB;AAC3B,WAAK,oBAAoB,KAAK;AAAA,IAClC;AAAA,IAEA,IAAc,gBAAwB;AAClC,aAAO,QAAQ,KAAK,SAAS,aAAa,KAAK,SAAS;AAAA,IAC5D;AAAA,IAEA,MAAgB,YAAkC;AAC9C,YAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,YAAM,gBAAgB,MAAM,KAAK,SAAS,UAAU,IAAI,KAAK,aAAa;AAC1E,UAAI,eAAe;AACf,QAAAA,QAAO,MAAM,2BAA2B;AACxC,eAAO,KAAK,kBAAkB,aAAa;AAAA,MAC/C;AAEA,MAAAA,QAAO,MAAM,uBAAuB;AACpC,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,UAAU,MAAkC;AACrD,YAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,UAAI,MAAM;AACN,QAAAA,QAAO,MAAM,cAAc;AAC3B,cAAM,gBAAgB,KAAK,gBAAgB;AAC3C,cAAM,KAAK,SAAS,UAAU,IAAI,KAAK,eAAe,aAAa;AAAA,MACvE,OACK;AACD,aAAK,QAAQ,MAAM,eAAe;AAClC,cAAM,KAAK,SAAS,UAAU,OAAO,KAAK,aAAa;AAAA,MAC3D;AAAA,IACJ;AAAA,IAKA,MAAa,kBAAiC;AAC1C,YAAM,KAAK,QAAQ,gBAAgB;AAAA,IACvC;AAAA,EACJ;;;;;;AChrBO,MAAM,UAAkB;", "names": ["CryptoJS", "Math", "undefined", "Utf8", "e", "CryptoJS", "Math", "n", "H", "e", "CryptoJS", "Base64", "CryptoJS", "Log", "CryptoJS", "sha256", "Base64", "Utf8", "InvalidCharacterError", "message", "this", "prototype", "Error", "name", "window", "atob", "bind", "input", "str", "String", "replace", "length", "bs", "buffer", "bc", "idx", "output", "charAt", "fromCharCode", "indexOf", "decodeURIComponent", "m", "p", "code", "charCodeAt", "toString", "toUpperCase", "err", "InvalidTokenError", "token", "options", "pos", "header", "JSON", "parse", "base64_url_decode", "split", "e", "logger", "logger", "e", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "e", "_a", "e", "logger", "logger"] }