{ "version": 3, "sources": ["(disabled):crypto", "../../node_modules/crypto-js/core.js", "../../node_modules/crypto-js/sha256.js", "../../node_modules/crypto-js/enc-base64.js", "../../node_modules/crypto-js/enc-utf8.js", "../../src/index.ts", "../../src/utils/CryptoUtils.ts", "../../src/utils/Logger.ts", "../../src/utils/Event.ts", "../../node_modules/jwt-decode/lib/atob.js", "../../node_modules/jwt-decode/lib/base64_url_decode.js", "../../node_modules/jwt-decode/lib/index.js", "../../src/utils/JwtUtils.ts", "../../src/utils/PopupUtils.ts", "../../src/utils/Timer.ts", "../../src/utils/UrlUtils.ts", "../../src/errors/ErrorResponse.ts", "../../src/errors/ErrorTimeout.ts", "../../src/AccessTokenEvents.ts", "../../src/CheckSessionIFrame.ts", "../../src/InMemoryWebStorage.ts", "../../src/JsonService.ts", "../../src/MetadataService.ts", "../../src/WebStorageStateStore.ts", "../../src/OidcClientSettings.ts", "../../src/UserInfoService.ts", "../../src/TokenClient.ts", "../../src/ResponseValidator.ts", "../../src/State.ts", "../../src/SigninState.ts", "../../src/SigninRequest.ts", "../../src/SigninResponse.ts", "../../src/SignoutRequest.ts", "../../src/SignoutResponse.ts", "../../src/OidcClient.ts", "../../src/SessionMonitor.ts", "../../src/User.ts", "../../src/navigators/AbstractChildWindow.ts", "../../src/UserManagerSettings.ts", "../../src/navigators/IFrameWindow.ts", "../../src/navigators/IFrameNavigator.ts", "../../src/navigators/PopupWindow.ts", "../../src/navigators/PopupNavigator.ts", "../../src/navigators/RedirectNavigator.ts", "../../src/UserManagerEvents.ts", "../../src/SilentRenewService.ts", "../../src/RefreshState.ts", "../../src/UserManager.ts", "../../src/Version.ts"], "sourcesContent": ["", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory();\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\troot.CryptoJS = factory();\n\t}\n}(this, function () {\n\n\t/*globals window, global, require*/\n\n\t/**\n\t * CryptoJS core components.\n\t */\n\tvar CryptoJS = CryptoJS || (function (Math, undefined) {\n\n\t var crypto;\n\n\t // Native crypto from window (Browser)\n\t if (typeof window !== 'undefined' && window.crypto) {\n\t crypto = window.crypto;\n\t }\n\n\t // Native crypto in web worker (Browser)\n\t if (typeof self !== 'undefined' && self.crypto) {\n\t crypto = self.crypto;\n\t }\n\n\t // Native crypto from worker\n\t if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n\t crypto = globalThis.crypto;\n\t }\n\n\t // Native (experimental IE 11) crypto from window (Browser)\n\t if (!crypto && typeof window !== 'undefined' && window.msCrypto) {\n\t crypto = window.msCrypto;\n\t }\n\n\t // Native crypto from global (NodeJS)\n\t if (!crypto && typeof global !== 'undefined' && global.crypto) {\n\t crypto = global.crypto;\n\t }\n\n\t // Native crypto import via require (NodeJS)\n\t if (!crypto && typeof require === 'function') {\n\t try {\n\t crypto = require('crypto');\n\t } catch (err) {}\n\t }\n\n\t /*\n\t * Cryptographically secure pseudorandom number generator\n\t *\n\t * As Math.random() is cryptographically not safe to use\n\t */\n\t var cryptoSecureRandomInt = function () {\n\t if (crypto) {\n\t // Use getRandomValues method (Browser)\n\t if (typeof crypto.getRandomValues === 'function') {\n\t try {\n\t return crypto.getRandomValues(new Uint32Array(1))[0];\n\t } catch (err) {}\n\t }\n\n\t // Use randomBytes method (NodeJS)\n\t if (typeof crypto.randomBytes === 'function') {\n\t try {\n\t return crypto.randomBytes(4).readInt32LE();\n\t } catch (err) {}\n\t }\n\t }\n\n\t throw new Error('Native crypto module could not be used to get secure random number.');\n\t };\n\n\t /*\n\t * Local polyfill of Object.create\n\n\t */\n\t var create = Object.create || (function () {\n\t function F() {}\n\n\t return function (obj) {\n\t var subtype;\n\n\t F.prototype = obj;\n\n\t subtype = new F();\n\n\t F.prototype = null;\n\n\t return subtype;\n\t };\n\t }());\n\n\t /**\n\t * CryptoJS namespace.\n\t */\n\t var C = {};\n\n\t /**\n\t * Library namespace.\n\t */\n\t var C_lib = C.lib = {};\n\n\t /**\n\t * Base object for prototypal inheritance.\n\t */\n\t var Base = C_lib.Base = (function () {\n\n\n\t return {\n\t /**\n\t * Creates a new object that inherits from this object.\n\t *\n\t * @param {Object} overrides Properties to copy into the new object.\n\t *\n\t * @return {Object} The new object.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var MyType = CryptoJS.lib.Base.extend({\n\t * field: 'value',\n\t *\n\t * method: function () {\n\t * }\n\t * });\n\t */\n\t extend: function (overrides) {\n\t // Spawn\n\t var subtype = create(this);\n\n\t // Augment\n\t if (overrides) {\n\t subtype.mixIn(overrides);\n\t }\n\n\t // Create default initializer\n\t if (!subtype.hasOwnProperty('init') || this.init === subtype.init) {\n\t subtype.init = function () {\n\t subtype.$super.init.apply(this, arguments);\n\t };\n\t }\n\n\t // Initializer's prototype is the subtype object\n\t subtype.init.prototype = subtype;\n\n\t // Reference supertype\n\t subtype.$super = this;\n\n\t return subtype;\n\t },\n\n\t /**\n\t * Extends this object and runs the init method.\n\t * Arguments to create() will be passed to init().\n\t *\n\t * @return {Object} The new object.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var instance = MyType.create();\n\t */\n\t create: function () {\n\t var instance = this.extend();\n\t instance.init.apply(instance, arguments);\n\n\t return instance;\n\t },\n\n\t /**\n\t * Initializes a newly created object.\n\t * Override this method to add some logic when your objects are created.\n\t *\n\t * @example\n\t *\n\t * var MyType = CryptoJS.lib.Base.extend({\n\t * init: function () {\n\t * // ...\n\t * }\n\t * });\n\t */\n\t init: function () {\n\t },\n\n\t /**\n\t * Copies properties into this object.\n\t *\n\t * @param {Object} properties The properties to mix in.\n\t *\n\t * @example\n\t *\n\t * MyType.mixIn({\n\t * field: 'value'\n\t * });\n\t */\n\t mixIn: function (properties) {\n\t for (var propertyName in properties) {\n\t if (properties.hasOwnProperty(propertyName)) {\n\t this[propertyName] = properties[propertyName];\n\t }\n\t }\n\n\t // IE won't copy toString using the loop above\n\t if (properties.hasOwnProperty('toString')) {\n\t this.toString = properties.toString;\n\t }\n\t },\n\n\t /**\n\t * Creates a copy of this object.\n\t *\n\t * @return {Object} The clone.\n\t *\n\t * @example\n\t *\n\t * var clone = instance.clone();\n\t */\n\t clone: function () {\n\t return this.init.prototype.extend(this);\n\t }\n\t };\n\t }());\n\n\t /**\n\t * An array of 32-bit words.\n\t *\n\t * @property {Array} words The array of 32-bit words.\n\t * @property {number} sigBytes The number of significant bytes in this word array.\n\t */\n\t var WordArray = C_lib.WordArray = Base.extend({\n\t /**\n\t * Initializes a newly created word array.\n\t *\n\t * @param {Array} words (Optional) An array of 32-bit words.\n\t * @param {number} sigBytes (Optional) The number of significant bytes in the words.\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.lib.WordArray.create();\n\t * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);\n\t * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);\n\t */\n\t init: function (words, sigBytes) {\n\t words = this.words = words || [];\n\n\t if (sigBytes != undefined) {\n\t this.sigBytes = sigBytes;\n\t } else {\n\t this.sigBytes = words.length * 4;\n\t }\n\t },\n\n\t /**\n\t * Converts this word array to a string.\n\t *\n\t * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex\n\t *\n\t * @return {string} The stringified word array.\n\t *\n\t * @example\n\t *\n\t * var string = wordArray + '';\n\t * var string = wordArray.toString();\n\t * var string = wordArray.toString(CryptoJS.enc.Utf8);\n\t */\n\t toString: function (encoder) {\n\t return (encoder || Hex).stringify(this);\n\t },\n\n\t /**\n\t * Concatenates a word array to this word array.\n\t *\n\t * @param {WordArray} wordArray The word array to append.\n\t *\n\t * @return {WordArray} This word array.\n\t *\n\t * @example\n\t *\n\t * wordArray1.concat(wordArray2);\n\t */\n\t concat: function (wordArray) {\n\t // Shortcuts\n\t var thisWords = this.words;\n\t var thatWords = wordArray.words;\n\t var thisSigBytes = this.sigBytes;\n\t var thatSigBytes = wordArray.sigBytes;\n\n\t // Clamp excess bits\n\t this.clamp();\n\n\t // Concat\n\t if (thisSigBytes % 4) {\n\t // Copy one byte at a time\n\t for (var i = 0; i < thatSigBytes; i++) {\n\t var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);\n\t }\n\t } else {\n\t // Copy one word at a time\n\t for (var j = 0; j < thatSigBytes; j += 4) {\n\t thisWords[(thisSigBytes + j) >>> 2] = thatWords[j >>> 2];\n\t }\n\t }\n\t this.sigBytes += thatSigBytes;\n\n\t // Chainable\n\t return this;\n\t },\n\n\t /**\n\t * Removes insignificant bits.\n\t *\n\t * @example\n\t *\n\t * wordArray.clamp();\n\t */\n\t clamp: function () {\n\t // Shortcuts\n\t var words = this.words;\n\t var sigBytes = this.sigBytes;\n\n\t // Clamp\n\t words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);\n\t words.length = Math.ceil(sigBytes / 4);\n\t },\n\n\t /**\n\t * Creates a copy of this word array.\n\t *\n\t * @return {WordArray} The clone.\n\t *\n\t * @example\n\t *\n\t * var clone = wordArray.clone();\n\t */\n\t clone: function () {\n\t var clone = Base.clone.call(this);\n\t clone.words = this.words.slice(0);\n\n\t return clone;\n\t },\n\n\t /**\n\t * Creates a word array filled with random bytes.\n\t *\n\t * @param {number} nBytes The number of random bytes to generate.\n\t *\n\t * @return {WordArray} The random word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.lib.WordArray.random(16);\n\t */\n\t random: function (nBytes) {\n\t var words = [];\n\n\t for (var i = 0; i < nBytes; i += 4) {\n\t words.push(cryptoSecureRandomInt());\n\t }\n\n\t return new WordArray.init(words, nBytes);\n\t }\n\t });\n\n\t /**\n\t * Encoder namespace.\n\t */\n\t var C_enc = C.enc = {};\n\n\t /**\n\t * Hex encoding strategy.\n\t */\n\t var Hex = C_enc.Hex = {\n\t /**\n\t * Converts a word array to a hex string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The hex string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var hexString = CryptoJS.enc.Hex.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t // Shortcuts\n\t var words = wordArray.words;\n\t var sigBytes = wordArray.sigBytes;\n\n\t // Convert\n\t var hexChars = [];\n\t for (var i = 0; i < sigBytes; i++) {\n\t var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t hexChars.push((bite >>> 4).toString(16));\n\t hexChars.push((bite & 0x0f).toString(16));\n\t }\n\n\t return hexChars.join('');\n\t },\n\n\t /**\n\t * Converts a hex string to a word array.\n\t *\n\t * @param {string} hexStr The hex string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Hex.parse(hexString);\n\t */\n\t parse: function (hexStr) {\n\t // Shortcut\n\t var hexStrLength = hexStr.length;\n\n\t // Convert\n\t var words = [];\n\t for (var i = 0; i < hexStrLength; i += 2) {\n\t words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);\n\t }\n\n\t return new WordArray.init(words, hexStrLength / 2);\n\t }\n\t };\n\n\t /**\n\t * Latin1 encoding strategy.\n\t */\n\t var Latin1 = C_enc.Latin1 = {\n\t /**\n\t * Converts a word array to a Latin1 string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The Latin1 string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t // Shortcuts\n\t var words = wordArray.words;\n\t var sigBytes = wordArray.sigBytes;\n\n\t // Convert\n\t var latin1Chars = [];\n\t for (var i = 0; i < sigBytes; i++) {\n\t var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t latin1Chars.push(String.fromCharCode(bite));\n\t }\n\n\t return latin1Chars.join('');\n\t },\n\n\t /**\n\t * Converts a Latin1 string to a word array.\n\t *\n\t * @param {string} latin1Str The Latin1 string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);\n\t */\n\t parse: function (latin1Str) {\n\t // Shortcut\n\t var latin1StrLength = latin1Str.length;\n\n\t // Convert\n\t var words = [];\n\t for (var i = 0; i < latin1StrLength; i++) {\n\t words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);\n\t }\n\n\t return new WordArray.init(words, latin1StrLength);\n\t }\n\t };\n\n\t /**\n\t * UTF-8 encoding strategy.\n\t */\n\t var Utf8 = C_enc.Utf8 = {\n\t /**\n\t * Converts a word array to a UTF-8 string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The UTF-8 string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t try {\n\t return decodeURIComponent(escape(Latin1.stringify(wordArray)));\n\t } catch (e) {\n\t throw new Error('Malformed UTF-8 data');\n\t }\n\t },\n\n\t /**\n\t * Converts a UTF-8 string to a word array.\n\t *\n\t * @param {string} utf8Str The UTF-8 string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);\n\t */\n\t parse: function (utf8Str) {\n\t return Latin1.parse(unescape(encodeURIComponent(utf8Str)));\n\t }\n\t };\n\n\t /**\n\t * Abstract buffered block algorithm template.\n\t *\n\t * The property blockSize must be implemented in a concrete subtype.\n\t *\n\t * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0\n\t */\n\t var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({\n\t /**\n\t * Resets this block algorithm's data buffer to its initial state.\n\t *\n\t * @example\n\t *\n\t * bufferedBlockAlgorithm.reset();\n\t */\n\t reset: function () {\n\t // Initial values\n\t this._data = new WordArray.init();\n\t this._nDataBytes = 0;\n\t },\n\n\t /**\n\t * Adds new data to this block algorithm's buffer.\n\t *\n\t * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.\n\t *\n\t * @example\n\t *\n\t * bufferedBlockAlgorithm._append('data');\n\t * bufferedBlockAlgorithm._append(wordArray);\n\t */\n\t _append: function (data) {\n\t // Convert string to WordArray, else assume WordArray already\n\t if (typeof data == 'string') {\n\t data = Utf8.parse(data);\n\t }\n\n\t // Append\n\t this._data.concat(data);\n\t this._nDataBytes += data.sigBytes;\n\t },\n\n\t /**\n\t * Processes available data blocks.\n\t *\n\t * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.\n\t *\n\t * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.\n\t *\n\t * @return {WordArray} The processed data.\n\t *\n\t * @example\n\t *\n\t * var processedData = bufferedBlockAlgorithm._process();\n\t * var processedData = bufferedBlockAlgorithm._process(!!'flush');\n\t */\n\t _process: function (doFlush) {\n\t var processedWords;\n\n\t // Shortcuts\n\t var data = this._data;\n\t var dataWords = data.words;\n\t var dataSigBytes = data.sigBytes;\n\t var blockSize = this.blockSize;\n\t var blockSizeBytes = blockSize * 4;\n\n\t // Count blocks ready\n\t var nBlocksReady = dataSigBytes / blockSizeBytes;\n\t if (doFlush) {\n\t // Round up to include partial blocks\n\t nBlocksReady = Math.ceil(nBlocksReady);\n\t } else {\n\t // Round down to include only full blocks,\n\t // less the number of blocks that must remain in the buffer\n\t nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);\n\t }\n\n\t // Count words ready\n\t var nWordsReady = nBlocksReady * blockSize;\n\n\t // Count bytes ready\n\t var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);\n\n\t // Process blocks\n\t if (nWordsReady) {\n\t for (var offset = 0; offset < nWordsReady; offset += blockSize) {\n\t // Perform concrete-algorithm logic\n\t this._doProcessBlock(dataWords, offset);\n\t }\n\n\t // Remove processed words\n\t processedWords = dataWords.splice(0, nWordsReady);\n\t data.sigBytes -= nBytesReady;\n\t }\n\n\t // Return processed words\n\t return new WordArray.init(processedWords, nBytesReady);\n\t },\n\n\t /**\n\t * Creates a copy of this object.\n\t *\n\t * @return {Object} The clone.\n\t *\n\t * @example\n\t *\n\t * var clone = bufferedBlockAlgorithm.clone();\n\t */\n\t clone: function () {\n\t var clone = Base.clone.call(this);\n\t clone._data = this._data.clone();\n\n\t return clone;\n\t },\n\n\t _minBufferSize: 0\n\t });\n\n\t /**\n\t * Abstract hasher template.\n\t *\n\t * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)\n\t */\n\t var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({\n\t /**\n\t * Configuration options.\n\t */\n\t cfg: Base.extend(),\n\n\t /**\n\t * Initializes a newly created hasher.\n\t *\n\t * @param {Object} cfg (Optional) The configuration options to use for this hash computation.\n\t *\n\t * @example\n\t *\n\t * var hasher = CryptoJS.algo.SHA256.create();\n\t */\n\t init: function (cfg) {\n\t // Apply config defaults\n\t this.cfg = this.cfg.extend(cfg);\n\n\t // Set initial values\n\t this.reset();\n\t },\n\n\t /**\n\t * Resets this hasher to its initial state.\n\t *\n\t * @example\n\t *\n\t * hasher.reset();\n\t */\n\t reset: function () {\n\t // Reset data buffer\n\t BufferedBlockAlgorithm.reset.call(this);\n\n\t // Perform concrete-hasher logic\n\t this._doReset();\n\t },\n\n\t /**\n\t * Updates this hasher with a message.\n\t *\n\t * @param {WordArray|string} messageUpdate The message to append.\n\t *\n\t * @return {Hasher} This hasher.\n\t *\n\t * @example\n\t *\n\t * hasher.update('message');\n\t * hasher.update(wordArray);\n\t */\n\t update: function (messageUpdate) {\n\t // Append\n\t this._append(messageUpdate);\n\n\t // Update the hash\n\t this._process();\n\n\t // Chainable\n\t return this;\n\t },\n\n\t /**\n\t * Finalizes the hash computation.\n\t * Note that the finalize operation is effectively a destructive, read-once operation.\n\t *\n\t * @param {WordArray|string} messageUpdate (Optional) A final message update.\n\t *\n\t * @return {WordArray} The hash.\n\t *\n\t * @example\n\t *\n\t * var hash = hasher.finalize();\n\t * var hash = hasher.finalize('message');\n\t * var hash = hasher.finalize(wordArray);\n\t */\n\t finalize: function (messageUpdate) {\n\t // Final message update\n\t if (messageUpdate) {\n\t this._append(messageUpdate);\n\t }\n\n\t // Perform concrete-hasher logic\n\t var hash = this._doFinalize();\n\n\t return hash;\n\t },\n\n\t blockSize: 512/32,\n\n\t /**\n\t * Creates a shortcut function to a hasher's object interface.\n\t *\n\t * @param {Hasher} hasher The hasher to create a helper for.\n\t *\n\t * @return {Function} The shortcut function.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);\n\t */\n\t _createHelper: function (hasher) {\n\t return function (message, cfg) {\n\t return new hasher.init(cfg).finalize(message);\n\t };\n\t },\n\n\t /**\n\t * Creates a shortcut function to the HMAC's object interface.\n\t *\n\t * @param {Hasher} hasher The hasher to use in this HMAC helper.\n\t *\n\t * @return {Function} The shortcut function.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);\n\t */\n\t _createHmacHelper: function (hasher) {\n\t return function (message, key) {\n\t return new C_algo.HMAC.init(hasher, key).finalize(message);\n\t };\n\t }\n\t });\n\n\t /**\n\t * Algorithm namespace.\n\t */\n\t var C_algo = C.algo = {};\n\n\t return C;\n\t}(Math));\n\n\n\treturn CryptoJS;\n\n}));", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory(require(\"./core\"));\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([\"./core\"], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\tfactory(root.CryptoJS);\n\t}\n}(this, function (CryptoJS) {\n\n\t(function (Math) {\n\t // Shortcuts\n\t var C = CryptoJS;\n\t var C_lib = C.lib;\n\t var WordArray = C_lib.WordArray;\n\t var Hasher = C_lib.Hasher;\n\t var C_algo = C.algo;\n\n\t // Initialization and round constants tables\n\t var H = [];\n\t var K = [];\n\n\t // Compute constants\n\t (function () {\n\t function isPrime(n) {\n\t var sqrtN = Math.sqrt(n);\n\t for (var factor = 2; factor <= sqrtN; factor++) {\n\t if (!(n % factor)) {\n\t return false;\n\t }\n\t }\n\n\t return true;\n\t }\n\n\t function getFractionalBits(n) {\n\t return ((n - (n | 0)) * 0x100000000) | 0;\n\t }\n\n\t var n = 2;\n\t var nPrime = 0;\n\t while (nPrime < 64) {\n\t if (isPrime(n)) {\n\t if (nPrime < 8) {\n\t H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));\n\t }\n\t K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));\n\n\t nPrime++;\n\t }\n\n\t n++;\n\t }\n\t }());\n\n\t // Reusable object\n\t var W = [];\n\n\t /**\n\t * SHA-256 hash algorithm.\n\t */\n\t var SHA256 = C_algo.SHA256 = Hasher.extend({\n\t _doReset: function () {\n\t this._hash = new WordArray.init(H.slice(0));\n\t },\n\n\t _doProcessBlock: function (M, offset) {\n\t // Shortcut\n\t var H = this._hash.words;\n\n\t // Working variables\n\t var a = H[0];\n\t var b = H[1];\n\t var c = H[2];\n\t var d = H[3];\n\t var e = H[4];\n\t var f = H[5];\n\t var g = H[6];\n\t var h = H[7];\n\n\t // Computation\n\t for (var i = 0; i < 64; i++) {\n\t if (i < 16) {\n\t W[i] = M[offset + i] | 0;\n\t } else {\n\t var gamma0x = W[i - 15];\n\t var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^\n\t ((gamma0x << 14) | (gamma0x >>> 18)) ^\n\t (gamma0x >>> 3);\n\n\t var gamma1x = W[i - 2];\n\t var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^\n\t ((gamma1x << 13) | (gamma1x >>> 19)) ^\n\t (gamma1x >>> 10);\n\n\t W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];\n\t }\n\n\t var ch = (e & f) ^ (~e & g);\n\t var maj = (a & b) ^ (a & c) ^ (b & c);\n\n\t var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));\n\t var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));\n\n\t var t1 = h + sigma1 + ch + K[i] + W[i];\n\t var t2 = sigma0 + maj;\n\n\t h = g;\n\t g = f;\n\t f = e;\n\t e = (d + t1) | 0;\n\t d = c;\n\t c = b;\n\t b = a;\n\t a = (t1 + t2) | 0;\n\t }\n\n\t // Intermediate hash value\n\t H[0] = (H[0] + a) | 0;\n\t H[1] = (H[1] + b) | 0;\n\t H[2] = (H[2] + c) | 0;\n\t H[3] = (H[3] + d) | 0;\n\t H[4] = (H[4] + e) | 0;\n\t H[5] = (H[5] + f) | 0;\n\t H[6] = (H[6] + g) | 0;\n\t H[7] = (H[7] + h) | 0;\n\t },\n\n\t _doFinalize: function () {\n\t // Shortcuts\n\t var data = this._data;\n\t var dataWords = data.words;\n\n\t var nBitsTotal = this._nDataBytes * 8;\n\t var nBitsLeft = data.sigBytes * 8;\n\n\t // Add padding\n\t dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);\n\t dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);\n\t dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;\n\t data.sigBytes = dataWords.length * 4;\n\n\t // Hash final blocks\n\t this._process();\n\n\t // Return final computed hash\n\t return this._hash;\n\t },\n\n\t clone: function () {\n\t var clone = Hasher.clone.call(this);\n\t clone._hash = this._hash.clone();\n\n\t return clone;\n\t }\n\t });\n\n\t /**\n\t * Shortcut function to the hasher's object interface.\n\t *\n\t * @param {WordArray|string} message The message to hash.\n\t *\n\t * @return {WordArray} The hash.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var hash = CryptoJS.SHA256('message');\n\t * var hash = CryptoJS.SHA256(wordArray);\n\t */\n\t C.SHA256 = Hasher._createHelper(SHA256);\n\n\t /**\n\t * Shortcut function to the HMAC's object interface.\n\t *\n\t * @param {WordArray|string} message The message to hash.\n\t * @param {WordArray|string} key The secret key.\n\t *\n\t * @return {WordArray} The HMAC.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var hmac = CryptoJS.HmacSHA256(message, key);\n\t */\n\t C.HmacSHA256 = Hasher._createHmacHelper(SHA256);\n\t}(Math));\n\n\n\treturn CryptoJS.SHA256;\n\n}));", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory(require(\"./core\"));\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([\"./core\"], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\tfactory(root.CryptoJS);\n\t}\n}(this, function (CryptoJS) {\n\n\t(function () {\n\t // Shortcuts\n\t var C = CryptoJS;\n\t var C_lib = C.lib;\n\t var WordArray = C_lib.WordArray;\n\t var C_enc = C.enc;\n\n\t /**\n\t * Base64 encoding strategy.\n\t */\n\t var Base64 = C_enc.Base64 = {\n\t /**\n\t * Converts a word array to a Base64 string.\n\t *\n\t * @param {WordArray} wordArray The word array.\n\t *\n\t * @return {string} The Base64 string.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var base64String = CryptoJS.enc.Base64.stringify(wordArray);\n\t */\n\t stringify: function (wordArray) {\n\t // Shortcuts\n\t var words = wordArray.words;\n\t var sigBytes = wordArray.sigBytes;\n\t var map = this._map;\n\n\t // Clamp excess bits\n\t wordArray.clamp();\n\n\t // Convert\n\t var base64Chars = [];\n\t for (var i = 0; i < sigBytes; i += 3) {\n\t var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;\n\t var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;\n\t var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;\n\n\t var triplet = (byte1 << 16) | (byte2 << 8) | byte3;\n\n\t for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {\n\t base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));\n\t }\n\t }\n\n\t // Add padding\n\t var paddingChar = map.charAt(64);\n\t if (paddingChar) {\n\t while (base64Chars.length % 4) {\n\t base64Chars.push(paddingChar);\n\t }\n\t }\n\n\t return base64Chars.join('');\n\t },\n\n\t /**\n\t * Converts a Base64 string to a word array.\n\t *\n\t * @param {string} base64Str The Base64 string.\n\t *\n\t * @return {WordArray} The word array.\n\t *\n\t * @static\n\t *\n\t * @example\n\t *\n\t * var wordArray = CryptoJS.enc.Base64.parse(base64String);\n\t */\n\t parse: function (base64Str) {\n\t // Shortcuts\n\t var base64StrLength = base64Str.length;\n\t var map = this._map;\n\t var reverseMap = this._reverseMap;\n\n\t if (!reverseMap) {\n\t reverseMap = this._reverseMap = [];\n\t for (var j = 0; j < map.length; j++) {\n\t reverseMap[map.charCodeAt(j)] = j;\n\t }\n\t }\n\n\t // Ignore padding\n\t var paddingChar = map.charAt(64);\n\t if (paddingChar) {\n\t var paddingIndex = base64Str.indexOf(paddingChar);\n\t if (paddingIndex !== -1) {\n\t base64StrLength = paddingIndex;\n\t }\n\t }\n\n\t // Convert\n\t return parseLoop(base64Str, base64StrLength, reverseMap);\n\n\t },\n\n\t _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='\n\t };\n\n\t function parseLoop(base64Str, base64StrLength, reverseMap) {\n\t var words = [];\n\t var nBytes = 0;\n\t for (var i = 0; i < base64StrLength; i++) {\n\t if (i % 4) {\n\t var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2);\n\t var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2);\n\t var bitsCombined = bits1 | bits2;\n\t words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8);\n\t nBytes++;\n\t }\n\t }\n\t return WordArray.create(words, nBytes);\n\t }\n\t}());\n\n\n\treturn CryptoJS.enc.Base64;\n\n}));", ";(function (root, factory) {\n\tif (typeof exports === \"object\") {\n\t\t// CommonJS\n\t\tmodule.exports = exports = factory(require(\"./core\"));\n\t}\n\telse if (typeof define === \"function\" && define.amd) {\n\t\t// AMD\n\t\tdefine([\"./core\"], factory);\n\t}\n\telse {\n\t\t// Global (browser)\n\t\tfactory(root.CryptoJS);\n\t}\n}(this, function (CryptoJS) {\n\n\treturn CryptoJS.enc.Utf8;\n\n}));", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nexport { ErrorResponse, ErrorTimeout } from \"./errors\";\nexport type { IFrameWindowParams, PopupWindowParams, RedirectParams } from \"./navigators\";\nexport { Log, Logger } from \"./utils\";\nexport type { ILogger, PopupWindowFeatures } from \"./utils\";\nexport type { OidcAddressClaim, OidcStandardClaims, IdTokenClaims, JwtClaims } from \"./Claims\";\n\nexport { AccessTokenEvents } from \"./AccessTokenEvents\";\nexport type { AccessTokenCallback } from \"./AccessTokenEvents\";\nexport { CheckSessionIFrame } from \"./CheckSessionIFrame\";\nexport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\nexport { MetadataService } from \"./MetadataService\";\nexport * from \"./OidcClient\";\nexport { OidcClientSettingsStore } from \"./OidcClientSettings\";\nexport type { OidcClientSettings, SigningKey } from \"./OidcClientSettings\";\nexport type { OidcMetadata } from \"./OidcMetadata\";\nexport { SessionMonitor } from \"./SessionMonitor\";\nexport type { SessionStatus } from \"./SessionStatus\";\nexport type { SigninRequest, SigninRequestArgs } from \"./SigninRequest\";\nexport { SigninResponse } from \"./SigninResponse\";\nexport { SigninState } from \"./SigninState\";\nexport type { SignoutRequest, SignoutRequestArgs } from \"./SignoutRequest\";\nexport { SignoutResponse } from \"./SignoutResponse\";\nexport { State } from \"./State\";\nexport type { StateStore } from \"./StateStore\";\nexport { User } from \"./User\";\nexport type { UserProfile } from \"./User\";\nexport * from \"./UserManager\";\nexport type {\n UserManagerEvents,\n SilentRenewErrorCallback,\n UserLoadedCallback,\n UserSessionChangedCallback,\n UserSignedInCallback,\n UserSignedOutCallback,\n UserUnloadedCallback,\n} from \"./UserManagerEvents\";\nexport { UserManagerSettingsStore } from \"./UserManagerSettings\";\nexport type { UserManagerSettings } from \"./UserManagerSettings\";\nexport { Version } from \"./Version\";\nexport { WebStorageStateStore } from \"./WebStorageStateStore\";\n", "import CryptoJS from \"crypto-js/core.js\";\nimport sha256 from \"crypto-js/sha256.js\";\nimport Base64 from \"crypto-js/enc-base64.js\";\nimport Utf8 from \"crypto-js/enc-utf8.js\";\n\nimport { Logger } from \"./Logger\";\n\nconst UUID_V4_TEMPLATE = \"10000000-1000-4000-8000-100000000000\";\n\n/**\n * @internal\n */\nexport class CryptoUtils {\n private static _randomWord(): number {\n return CryptoJS.lib.WordArray.random(1).words[0];\n }\n\n /**\n * Generates RFC4122 version 4 guid\n */\n public static generateUUIDv4(): string {\n const uuid = UUID_V4_TEMPLATE.replace(/[018]/g, c =>\n (+c ^ CryptoUtils._randomWord() & 15 >> +c / 4).toString(16),\n );\n return uuid.replace(/-/g, \"\");\n }\n\n /**\n * PKCE: Generate a code verifier\n */\n public static generateCodeVerifier(): string {\n return CryptoUtils.generateUUIDv4() + CryptoUtils.generateUUIDv4() + CryptoUtils.generateUUIDv4();\n }\n\n /**\n * PKCE: Generate a code challenge\n */\n public static generateCodeChallenge(code_verifier: string): string {\n try {\n const hashed = sha256(code_verifier);\n return Base64.stringify(hashed).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n }\n catch (err) {\n Logger.error(\"CryptoUtils.generateCodeChallenge\", err);\n throw err;\n }\n }\n\n /**\n * Generates a base64-encoded string for a basic auth header\n */\n public static generateBasicAuth(client_id: string, client_secret: string): string {\n const basicAuth = Utf8.parse([client_id, client_secret].join(\":\"));\n return Base64.stringify(basicAuth);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * Native interface\n *\n * @public\n */\nexport interface ILogger {\n debug(...args: unknown[]): void;\n info(...args: unknown[]): void;\n warn(...args: unknown[]): void;\n error(...args: unknown[]): void;\n}\n\nconst nopLogger: ILogger = {\n debug: () => undefined,\n info: () => undefined,\n warn: () => undefined,\n error: () => undefined,\n};\n\nlet level: number;\nlet logger: ILogger;\n\n/**\n * Log levels\n *\n * @public\n */\nexport enum Log {\n NONE,\n ERROR,\n WARN,\n INFO,\n DEBUG\n}\n\n/**\n * Log manager\n *\n * @public\n */\nexport namespace Log { // eslint-disable-line @typescript-eslint/no-namespace\n export function reset(): void {\n level = Log.INFO;\n logger = nopLogger;\n }\n\n export function setLevel(value: Log): void {\n if (!(Log.NONE <= value && value <= Log.DEBUG)) {\n throw new Error(\"Invalid log level\");\n }\n level = value;\n }\n\n export function setLogger(value: ILogger): void {\n logger = value;\n }\n}\n\n/**\n * Internal logger instance\n *\n * @public\n */\nexport class Logger {\n private _method?: string;\n public constructor(private _name: string) {}\n\n public debug(...args: unknown[]): void {\n if (level >= Log.DEBUG) {\n logger.debug(Logger._format(this._name, this._method), ...args);\n }\n }\n public info(...args: unknown[]): void {\n if (level >= Log.INFO) {\n logger.info(Logger._format(this._name, this._method), ...args);\n }\n }\n public warn(...args: unknown[]): void {\n if (level >= Log.WARN) {\n logger.warn(Logger._format(this._name, this._method), ...args);\n }\n }\n public error(...args: unknown[]): void {\n if (level >= Log.ERROR) {\n logger.error(Logger._format(this._name, this._method), ...args);\n }\n }\n\n public throw(err: Error): never {\n this.error(err);\n throw err;\n }\n\n public create(method: string): Logger {\n const methodLogger: Logger = Object.create(this);\n methodLogger._method = method;\n methodLogger.debug(\"begin\");\n return methodLogger;\n }\n\n public static createStatic(name: string, staticMethod: string): Logger {\n const staticLogger = new Logger(`${name}.${staticMethod}`);\n staticLogger.debug(\"begin\");\n return staticLogger;\n }\n\n private static _format(name: string, method?: string) {\n const prefix = `[${name}]`;\n return method ? `${prefix} ${method}:` : prefix;\n }\n\n // helpers for static class methods\n public static debug(name: string, ...args: unknown[]): void {\n if (level >= Log.DEBUG) {\n logger.debug(Logger._format(name), ...args);\n }\n }\n public static info(name: string, ...args: unknown[]): void {\n if (level >= Log.INFO) {\n logger.info(Logger._format(name), ...args);\n }\n }\n public static warn(name: string, ...args: unknown[]): void {\n if (level >= Log.WARN) {\n logger.warn(Logger._format(name), ...args);\n }\n }\n public static error(name: string, ...args: unknown[]): void {\n if (level >= Log.ERROR) {\n logger.error(Logger._format(name), ...args);\n }\n }\n}\n\nLog.reset();\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./Logger\";\n\n/**\n * @internal\n */\nexport type Callback = (...ev: EventType) => (Promise | void);\n\n/**\n * @internal\n */\nexport class Event {\n protected readonly _logger = new Logger(`Event('${this._name}')`);\n\n private _callbacks: Array> = [];\n\n public constructor(protected readonly _name: string) {}\n\n public addHandler(cb: Callback): () => void {\n this._callbacks.push(cb);\n return () => this.removeHandler(cb);\n }\n\n public removeHandler(cb: Callback): void {\n const idx = this._callbacks.lastIndexOf(cb);\n if (idx >= 0) {\n this._callbacks.splice(idx, 1);\n }\n }\n\n public raise(...ev: EventType): void {\n this._logger.debug(\"raise:\", ...ev);\n for (const cb of this._callbacks) {\n void cb(...ev);\n }\n }\n}\n", "/**\n * The code was extracted from:\n * https://github.com/davidchambers/Base64.js\n */\n\nvar chars = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\";\n\nfunction InvalidCharacterError(message) {\n this.message = message;\n}\n\nInvalidCharacterError.prototype = new Error();\nInvalidCharacterError.prototype.name = \"InvalidCharacterError\";\n\nfunction polyfill(input) {\n var str = String(input).replace(/=+$/, \"\");\n if (str.length % 4 == 1) {\n throw new InvalidCharacterError(\n \"'atob' failed: The string to be decoded is not correctly encoded.\"\n );\n }\n for (\n // initialize result and counters\n var bc = 0, bs, buffer, idx = 0, output = \"\";\n // get next character\n (buffer = str.charAt(idx++));\n // character found in table? initialize bit storage and add its ascii value;\n ~buffer &&\n ((bs = bc % 4 ? bs * 64 + buffer : buffer),\n // and if not first of each 4 characters,\n // convert the first 8 bits to one ascii character\n bc++ % 4) ?\n (output += String.fromCharCode(255 & (bs >> ((-2 * bc) & 6)))) :\n 0\n ) {\n // try to find character in table (0-63, not found => -1)\n buffer = chars.indexOf(buffer);\n }\n return output;\n}\n\nexport default (typeof window !== \"undefined\" &&\n window.atob &&\n window.atob.bind(window)) ||\npolyfill;", "import atob from \"./atob\";\n\nfunction b64DecodeUnicode(str) {\n return decodeURIComponent(\n atob(str).replace(/(.)/g, function(m, p) {\n var code = p.charCodeAt(0).toString(16).toUpperCase();\n if (code.length < 2) {\n code = \"0\" + code;\n }\n return \"%\" + code;\n })\n );\n}\n\nexport default function(str) {\n var output = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (output.length % 4) {\n case 0:\n break;\n case 2:\n output += \"==\";\n break;\n case 3:\n output += \"=\";\n break;\n default:\n throw \"Illegal base64url string!\";\n }\n\n try {\n return b64DecodeUnicode(output);\n } catch (err) {\n return atob(output);\n }\n}", "\"use strict\";\n\nimport base64_url_decode from \"./base64_url_decode\";\n\nexport function InvalidTokenError(message) {\n this.message = message;\n}\n\nInvalidTokenError.prototype = new Error();\nInvalidTokenError.prototype.name = \"InvalidTokenError\";\n\nexport default function(token, options) {\n if (typeof token !== \"string\") {\n throw new InvalidTokenError(\"Invalid token specified\");\n }\n\n options = options || {};\n var pos = options.header === true ? 0 : 1;\n try {\n return JSON.parse(base64_url_decode(token.split(\".\")[pos]));\n } catch (e) {\n throw new InvalidTokenError(\"Invalid token specified: \" + e.message);\n }\n}", "import jwt_decode from \"jwt-decode\";\n\nimport { Logger } from \"./Logger\";\nimport type { JwtClaims } from \"../Claims\";\n\n/**\n * @internal\n */\nexport class JwtUtils {\n // IMPORTANT: doesn't validate the token\n public static decode(token: string): JwtClaims {\n try {\n return jwt_decode(token);\n }\n catch (err) {\n Logger.error(\"JwtUtils.decode\", err);\n throw err;\n }\n }\n}\n", "/**\n * @see https://developer.mozilla.org/en-US/docs/Web/API/Window/open#window_features\n *\n * @public\n */\nexport interface PopupWindowFeatures {\n left?: number;\n top?: number;\n width?: number;\n height?: number;\n menubar?: boolean | string;\n toolbar?: boolean | string;\n location?: boolean | string;\n status?: boolean | string;\n resizable?: boolean | string;\n scrollbars?: boolean | string;\n\n [k: string]: boolean | string | number | undefined;\n}\n\nexport class PopupUtils {\n /**\n * Populates a map of window features with a placement centered in front of\n * the current window. If no explicit width is given, a default value is\n * binned into [800, 720, 600, 480, 360] based on the current window's width.\n */\n static center({ ...features }: PopupWindowFeatures): PopupWindowFeatures {\n if (features.width == null)\n features.width = [800, 720, 600, 480].find(width => width <= window.outerWidth / 1.618) ?? 360;\n features.left ??= Math.max(0, Math.round(window.screenX + (window.outerWidth - features.width) / 2));\n if (features.height != null)\n features.top ??= Math.max(0, Math.round(window.screenY + (window.outerHeight - features.height) / 2));\n return features;\n }\n\n static serialize(features: PopupWindowFeatures): string {\n return Object.entries(features)\n .filter(([, value]) => value != null)\n .map(([key, value]) => `${key}=${typeof value !== \"boolean\" ? value as string : value ? \"yes\" : \"no\"}`)\n .join(\",\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Event } from \"./Event\";\nimport { Logger } from \"./Logger\";\n\n/**\n * @internal\n */\nexport class Timer extends Event<[void]> {\n protected readonly _logger = new Logger(`Timer('${this._name}')`);\n private _timerHandle: ReturnType | null = null;\n private _expiration = 0;\n\n // get the time\n public static getEpochTime(): number {\n return Math.floor(Date.now() / 1000);\n }\n\n public init(durationInSeconds: number): void {\n const logger = this._logger.create(\"init\");\n durationInSeconds = Math.max(Math.floor(durationInSeconds), 1);\n const expiration = Timer.getEpochTime() + durationInSeconds;\n if (this.expiration === expiration && this._timerHandle) {\n // no need to reinitialize to same expiration, so bail out\n logger.debug(\"skipping since already initialized for expiration at\", this.expiration);\n return;\n }\n\n this.cancel();\n\n logger.debug(\"using duration\", durationInSeconds);\n this._expiration = expiration;\n\n // we're using a fairly short timer and then checking the expiration in the\n // callback to handle scenarios where the browser device sleeps, and then\n // the timers end up getting delayed.\n const timerDurationInSeconds = Math.min(durationInSeconds, 5);\n this._timerHandle = setInterval(this._callback, timerDurationInSeconds * 1000);\n }\n\n public get expiration(): number {\n return this._expiration;\n }\n\n public cancel(): void {\n this._logger.create(\"cancel\");\n if (this._timerHandle) {\n clearInterval(this._timerHandle);\n this._timerHandle = null;\n }\n }\n\n protected _callback = (): void => {\n const diff = this._expiration - Timer.getEpochTime();\n this._logger.debug(\"timer completes in\", diff);\n\n if (this._expiration <= Timer.getEpochTime()) {\n this.cancel();\n super.raise();\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * @internal\n */\nexport class UrlUtils {\n public static readParams(url: string, responseMode: \"query\" | \"fragment\" = \"query\"): URLSearchParams {\n if (!url) throw new TypeError(\"Invalid URL\");\n const parsedUrl = new URL(url, window.location.origin);\n const params = parsedUrl[responseMode === \"fragment\" ? \"hash\" : \"search\"];\n return new URLSearchParams(params.slice(1));\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\n\n/**\n * Error class thrown in case of an authentication error.\n *\n * See https://openid.net/specs/openid-connect-core-1_0.html#AuthError\n *\n * @public\n */\nexport class ErrorResponse extends Error {\n /** Marker to detect class: \"ErrorResponse\" */\n public readonly name: string = \"ErrorResponse\";\n\n /** An error code string that can be used to classify the types of errors that occur and to respond to errors. */\n public readonly error: string | null;\n /** additional information that can help a developer identify the cause of the error.*/\n public readonly error_description: string | null;\n /**\n * URI identifying a human-readable web page with information about the error, used to provide the client\n developer with additional information about the error.\n */\n public readonly error_uri: string | null;\n\n /** custom state data set during the initial signin request */\n public state?: unknown;\n\n public readonly session_state: string | null;\n\n public constructor(\n args: {\n error?: string | null; error_description?: string | null; error_uri?: string | null;\n userState?: unknown; session_state?: string | null;\n },\n /** The x-www-form-urlencoded request body sent to the authority server */\n public readonly form?: URLSearchParams,\n ) {\n super(args.error_description || args.error || \"\");\n\n if (!args.error) {\n Logger.error(\"ErrorResponse\", \"No error passed\");\n throw new Error(\"No error passed\");\n }\n\n this.error = args.error;\n this.error_description = args.error_description ?? null;\n this.error_uri = args.error_uri ?? null;\n\n this.state = args.userState;\n this.session_state = args.session_state ?? null;\n }\n}\n", "// Copyright (C) 2021 AuthTS Contributors\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * Error class thrown in case of network timeouts (e.g IFrame time out).\n *\n * @public\n */\nexport class ErrorTimeout extends Error {\n /** Marker to detect class: \"ErrorTimeout\" */\n public readonly name: string = \"ErrorTimeout\";\n\n public constructor(message?: string) {\n super(message);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport type AccessTokenCallback = (...ev: unknown[]) => (Promise | void);\n\n/**\n * @public\n */\nexport class AccessTokenEvents {\n protected readonly _logger = new Logger(\"AccessTokenEvents\");\n\n private readonly _expiringTimer = new Timer(\"Access token expiring\");\n private readonly _expiredTimer = new Timer(\"Access token expired\");\n private readonly _expiringNotificationTimeInSeconds: number;\n\n public constructor(args: { expiringNotificationTimeInSeconds: number }) {\n this._expiringNotificationTimeInSeconds = args.expiringNotificationTimeInSeconds;\n }\n\n public load(container: User): void {\n const logger = this._logger.create(\"load\");\n // only register events if there's an access token and it has an expiration\n if (container.access_token && container.expires_in !== undefined) {\n const duration = container.expires_in;\n logger.debug(\"access token present, remaining duration:\", duration);\n\n if (duration > 0) {\n // only register expiring if we still have time\n let expiring = duration - this._expiringNotificationTimeInSeconds;\n if (expiring <= 0) {\n expiring = 1;\n }\n\n logger.debug(\"registering expiring timer, raising in\", expiring, \"seconds\");\n this._expiringTimer.init(expiring);\n }\n else {\n logger.debug(\"canceling existing expiring timer because we're past expiration.\");\n this._expiringTimer.cancel();\n }\n\n // if it's negative, it will still fire\n const expired = duration + 1;\n logger.debug(\"registering expired timer, raising in\", expired, \"seconds\");\n this._expiredTimer.init(expired);\n }\n else {\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n }\n\n public unload(): void {\n this._logger.debug(\"unload: canceling existing access token timers\");\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n\n /**\n * Add callback: Raised prior to the access token expiring.\n */\n public addAccessTokenExpiring(cb: AccessTokenCallback): () => void {\n return this._expiringTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised prior to the access token expiring.\n */\n public removeAccessTokenExpiring(cb: AccessTokenCallback): void {\n this._expiringTimer.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised after the access token has expired.\n */\n public addAccessTokenExpired(cb: AccessTokenCallback): () => void {\n return this._expiredTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised after the access token has expired.\n */\n public removeAccessTokenExpired(cb: AccessTokenCallback): void {\n this._expiredTimer.removeHandler(cb);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\n\n/**\n * @internal\n */\nexport class CheckSessionIFrame {\n private readonly _logger = new Logger(\"CheckSessionIFrame\");\n private _frame_origin: string;\n private _frame: HTMLIFrameElement;\n private _timer: ReturnType | null = null;\n private _session_state: string | null = null;\n\n public constructor(\n private _callback: () => Promise,\n private _client_id: string,\n url: string,\n private _intervalInSeconds: number,\n private _stopOnError: boolean,\n ) {\n const parsedUrl = new URL(url);\n this._frame_origin = parsedUrl.origin;\n\n this._frame = window.document.createElement(\"iframe\");\n\n // shotgun approach\n this._frame.style.visibility = \"hidden\";\n this._frame.style.position = \"fixed\";\n this._frame.style.left = \"-1000px\";\n this._frame.style.top = \"0\";\n this._frame.width = \"0\";\n this._frame.height = \"0\";\n this._frame.src = parsedUrl.href;\n }\n\n public load(): Promise {\n return new Promise((resolve) => {\n this._frame.onload = () => {\n resolve();\n };\n\n window.document.body.appendChild(this._frame);\n window.addEventListener(\"message\", this._message, false);\n });\n }\n\n private _message = (e: MessageEvent): void => {\n if (e.origin === this._frame_origin &&\n e.source === this._frame.contentWindow\n ) {\n if (e.data === \"error\") {\n this._logger.error(\"error message from check session op iframe\");\n if (this._stopOnError) {\n this.stop();\n }\n }\n else if (e.data === \"changed\") {\n this._logger.debug(\"changed message from check session op iframe\");\n this.stop();\n void this._callback();\n }\n else {\n this._logger.debug(e.data + \" message from check session op iframe\");\n }\n }\n };\n\n public start(session_state: string): void {\n if (this._session_state === session_state) {\n return;\n }\n\n this._logger.create(\"start\");\n\n this.stop();\n\n this._session_state = session_state;\n\n const send = () => {\n if (!this._frame.contentWindow || !this._session_state) {\n return;\n }\n\n this._frame.contentWindow.postMessage(this._client_id + \" \" + this._session_state, this._frame_origin);\n };\n\n // trigger now\n send();\n\n // and setup timer\n this._timer = setInterval(send, this._intervalInSeconds * 1000);\n }\n\n public stop(): void {\n this._logger.create(\"stop\");\n this._session_state = null;\n\n if (this._timer) {\n\n clearInterval(this._timer);\n this._timer = null;\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\n\n/**\n * @public\n */\nexport class InMemoryWebStorage implements Storage {\n private readonly _logger = new Logger(\"InMemoryWebStorage\");\n private _data: Record = {};\n\n public clear(): void {\n this._logger.create(\"clear\");\n this._data = {};\n }\n\n public getItem(key: string): string {\n this._logger.create(`getItem('${key}')`);\n return this._data[key];\n }\n\n public setItem(key: string, value: string): void {\n this._logger.create(`setItem('${key}')`);\n this._data[key] = value;\n }\n\n public removeItem(key: string): void {\n this._logger.create(`removeItem('${key}')`);\n delete this._data[key];\n }\n\n public get length(): number {\n return Object.getOwnPropertyNames(this._data).length;\n }\n\n public key(index: number): string {\n return Object.getOwnPropertyNames(this._data)[index];\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { ErrorResponse, ErrorTimeout } from \"./errors\";\nimport { Logger } from \"./utils\";\n\n/**\n * @internal\n */\nexport type JwtHandler = (text: string) => Promise>;\n\n/**\n * @internal\n */\nexport interface GetJsonOpts {\n token?: string;\n}\n\n/**\n * @internal\n */\nexport interface PostFormOpts {\n body: URLSearchParams;\n basicAuth?: string;\n timeoutInSeconds?: number;\n}\n\n/**\n * @internal\n */\nexport class JsonService {\n private readonly _logger = new Logger(\"JsonService\");\n\n private _contentTypes: string[] = [];\n\n public constructor(\n additionalContentTypes: string[] = [],\n private _jwtHandler: JwtHandler | null = null,\n ) {\n this._contentTypes.push(...additionalContentTypes, \"application/json\");\n if (_jwtHandler) {\n this._contentTypes.push(\"application/jwt\");\n }\n }\n\n protected async fetchWithTimeout(input: RequestInfo, init: RequestInit & { timeoutInSeconds?: number } = {}) {\n const { timeoutInSeconds, ...initFetch } = init;\n if (!timeoutInSeconds) {\n return await fetch(input, initFetch);\n }\n\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeoutInSeconds * 1000);\n\n try {\n const response = await fetch(input, {\n ...init,\n signal: controller.signal,\n });\n return response;\n }\n catch (err) {\n if (err instanceof DOMException && err.name === \"AbortError\") {\n throw new ErrorTimeout(\"Network timed out\");\n }\n throw err;\n }\n finally {\n clearTimeout(timeoutId);\n }\n }\n\n public async getJson(url: string, {\n token,\n }: GetJsonOpts = {}): Promise> {\n const logger = this._logger.create(\"getJson\");\n const headers: HeadersInit = {\n \"Accept\": this._contentTypes.join(\", \"),\n };\n if (token) {\n logger.debug(\"token passed, setting Authorization header\");\n headers[\"Authorization\"] = \"Bearer \" + token;\n }\n\n let response: Response;\n try {\n logger.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"GET\", headers });\n }\n catch (err) {\n logger.error(\"Network Error\");\n throw err;\n }\n\n logger.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {\n logger.throw(new Error(`Invalid response Content-Type: ${(contentType ?? \"undefined\")}, from URL: ${url}`));\n }\n if (response.ok && this._jwtHandler && contentType?.startsWith(\"application/jwt\")) {\n return await this._jwtHandler(await response.text());\n }\n let json: Record;\n try {\n json = await response.json();\n }\n catch (err) {\n logger.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n if (!response.ok) {\n logger.error(\"Error from server:\", json);\n if (json.error) {\n throw new ErrorResponse(json);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n return json;\n }\n\n public async postForm(url: string, {\n body,\n basicAuth,\n timeoutInSeconds,\n }: PostFormOpts): Promise> {\n const logger = this._logger.create(\"postForm\");\n const headers: HeadersInit = {\n \"Accept\": this._contentTypes.join(\", \"),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n };\n if (basicAuth !== undefined) {\n headers[\"Authorization\"] = \"Basic \" + basicAuth;\n }\n\n let response: Response;\n try {\n logger.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"POST\", headers, body, timeoutInSeconds });\n }\n catch (err) {\n logger.error(\"Network error\");\n throw err;\n }\n\n logger.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {\n throw new Error(`Invalid response Content-Type: ${(contentType ?? \"undefined\")}, from URL: ${url}`);\n }\n\n const responseText = await response.text();\n\n let json: Record = {};\n if (responseText) {\n try {\n json = JSON.parse(responseText);\n }\n catch (err) {\n logger.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n }\n\n if (!response.ok) {\n logger.error(\"Error from server:\", json);\n if (json.error) {\n throw new ErrorResponse(json, body);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n\n return json;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { OidcClientSettingsStore, SigningKey } from \"./OidcClientSettings\";\nimport type { OidcMetadata } from \"./OidcMetadata\";\n\n/**\n * @public\n */\nexport class MetadataService {\n private readonly _logger = new Logger(\"MetadataService\");\n private readonly _jsonService = new JsonService([\"application/jwk-set+json\"]);\n\n // cache\n private _metadataUrl: string;\n private _signingKeys: SigningKey[] | null = null;\n private _metadata: Partial | null = null;\n\n public constructor(private readonly _settings: OidcClientSettingsStore) {\n this._metadataUrl = this._settings.metadataUrl;\n\n if (this._settings.signingKeys) {\n this._logger.debug(\"using signingKeys from settings\");\n this._signingKeys = this._settings.signingKeys;\n }\n\n if (this._settings.metadata) {\n this._logger.debug(\"using metadata from settings\");\n this._metadata = this._settings.metadata;\n }\n }\n\n public resetSigningKeys(): void {\n this._signingKeys = null;\n }\n\n public async getMetadata(): Promise> {\n const logger = this._logger.create(\"getMetadata\");\n if (this._metadata) {\n logger.debug(\"using cached values\");\n return this._metadata;\n }\n\n if (!this._metadataUrl) {\n logger.throw(new Error(\"No authority or metadataUrl configured on settings\"));\n throw null;\n }\n\n logger.debug(\"getting metadata from\", this._metadataUrl);\n const metadata = await this._jsonService.getJson(this._metadataUrl);\n\n logger.debug(\"merging remote JSON with seed metadata\");\n this._metadata = Object.assign({}, this._settings.metadataSeed, metadata);\n return this._metadata;\n }\n\n public getIssuer(): Promise {\n return this._getMetadataProperty(\"issuer\") as Promise;\n }\n\n public getAuthorizationEndpoint(): Promise {\n return this._getMetadataProperty(\"authorization_endpoint\") as Promise;\n }\n\n public getUserInfoEndpoint(): Promise {\n return this._getMetadataProperty(\"userinfo_endpoint\") as Promise;\n }\n\n public getTokenEndpoint(optional: false): Promise;\n public getTokenEndpoint(optional?: true): Promise;\n public getTokenEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"token_endpoint\", optional) as Promise;\n }\n\n public getCheckSessionIframe(): Promise {\n return this._getMetadataProperty(\"check_session_iframe\", true) as Promise;\n }\n\n public getEndSessionEndpoint(): Promise {\n return this._getMetadataProperty(\"end_session_endpoint\", true) as Promise;\n }\n\n public getRevocationEndpoint(optional: false): Promise;\n public getRevocationEndpoint(optional?: true): Promise;\n public getRevocationEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"revocation_endpoint\", optional) as Promise;\n }\n\n public getKeysEndpoint(optional: false): Promise;\n public getKeysEndpoint(optional?: true): Promise;\n public getKeysEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"jwks_uri\", optional) as Promise;\n }\n\n protected async _getMetadataProperty(name: keyof OidcMetadata, optional=false): Promise {\n const logger = this._logger.create(`_getMetadataProperty('${name}')`);\n\n const metadata = await this.getMetadata();\n logger.debug(\"resolved\");\n\n if (metadata[name] === undefined) {\n if (optional === true) {\n logger.warn(\"Metadata does not contain optional property\");\n return undefined;\n }\n\n logger.throw(new Error(\"Metadata does not contain property \" + name));\n }\n\n return metadata[name];\n }\n\n public async getSigningKeys(): Promise {\n const logger = this._logger.create(\"getSigningKeys\");\n if (this._signingKeys) {\n logger.debug(\"returning signingKeys from cache\");\n return this._signingKeys;\n }\n\n const jwks_uri = await this.getKeysEndpoint(false);\n logger.debug(\"got jwks_uri\", jwks_uri);\n\n const keySet = await this._jsonService.getJson(jwks_uri);\n logger.debug(\"got key set\", keySet);\n\n if (!Array.isArray(keySet.keys)) {\n logger.throw(new Error(\"Missing keys on keyset\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n this._signingKeys = keySet.keys;\n return this._signingKeys;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport type { StateStore } from \"./StateStore\";\n\n/**\n * @public\n */\nexport class WebStorageStateStore implements StateStore {\n private readonly _logger = new Logger(\"WebStorageStateStore\");\n\n private readonly _store: Storage;\n private readonly _prefix: string;\n\n public constructor({ prefix = \"oidc.\", store = localStorage } = {}) {\n this._store = store;\n this._prefix = prefix;\n }\n\n public set(key: string, value: string): Promise {\n this._logger.create(`set('${key}')`);\n\n key = this._prefix + key;\n this._store.setItem(key, value);\n return Promise.resolve();\n }\n\n public get(key: string): Promise {\n this._logger.create(`get('${key}')`);\n\n key = this._prefix + key;\n const item = this._store.getItem(key);\n return Promise.resolve(item);\n }\n\n public remove(key: string): Promise {\n this._logger.create(`remove('${key}')`);\n\n key = this._prefix + key;\n const item = this._store.getItem(key);\n this._store.removeItem(key);\n return Promise.resolve(item);\n }\n\n public getAllKeys(): Promise {\n this._logger.create(\"getAllKeys\");\n\n const keys = [];\n for (let index = 0; index < this._store.length; index++) {\n const key = this._store.key(index);\n if (key && key.indexOf(this._prefix) === 0) {\n keys.push(key.substr(this._prefix.length));\n }\n }\n return Promise.resolve(keys);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { WebStorageStateStore } from \"./WebStorageStateStore\";\nimport type { OidcMetadata } from \"./OidcMetadata\";\nimport type { StateStore } from \"./StateStore\";\nimport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\n\nconst DefaultResponseType = \"code\";\nconst DefaultScope = \"openid\";\nconst DefaultClientAuthentication = \"client_secret_post\";\nconst DefaultResponseMode = \"query\";\nconst DefaultStaleStateAgeInSeconds = 60 * 15;\nconst DefaultClockSkewInSeconds = 60 * 5;\n\n/**\n * @public\n */\nexport type SigningKey = Record;\n\n/**\n * The settings used to configure the {@link OidcClient}.\n *\n * @public\n */\nexport interface OidcClientSettings {\n /** The URL of the OIDC/OAuth2 provider */\n authority: string;\n metadataUrl?: string;\n /** Provide metadata when authority server does not allow CORS on the metadata endpoint */\n metadata?: Partial;\n /** Can be used to seed or add additional values to the results of the discovery request */\n metadataSeed?: Partial;\n /** Provide signingKeys when authority server does not allow CORS on the jwks uri */\n signingKeys?: SigningKey[];\n\n /** Your client application's identifier as registered with the OIDC/OAuth2 */\n client_id: string;\n client_secret?: string;\n /** The type of response desired from the OIDC/OAuth2 provider (default: \"code\") */\n response_type?: string;\n /** The scope being requested from the OIDC/OAuth2 provider (default: \"openid\") */\n scope?: string;\n /** The redirect URI of your client application to receive a response from the OIDC/OAuth2 provider */\n redirect_uri: string;\n /** The OIDC/OAuth2 post-logout redirect URI */\n post_logout_redirect_uri?: string;\n\n /**\n * Client authentication method that is used to authenticate when using the token endpoint (default: \"client_secret_post\")\n * - \"client_secret_basic\": using the HTTP Basic authentication scheme\n * - \"client_secret_post\": including the client credentials in the request body\n *\n * See https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication\n */\n client_authentication?: \"client_secret_basic\" | \"client_secret_post\";\n\n /** optional protocol param */\n prompt?: string;\n /** optional protocol param */\n display?: string;\n /** optional protocol param */\n max_age?: number;\n /** optional protocol param */\n ui_locales?: string;\n /** optional protocol param */\n acr_values?: string;\n /** optional protocol param */\n resource?: string;\n\n /** optional protocol param (default: \"query\") */\n response_mode?: \"query\" | \"fragment\";\n\n /** Should OIDC protocol claims be removed from profile (default: true) */\n filterProtocolClaims?: boolean;\n /** Flag to control if additional identity data is loaded from the user info endpoint in order to populate the user's profile (default: false) */\n loadUserInfo?: boolean;\n /** Number (in seconds) indicating the age of state entries in storage for authorize requests that are considered abandoned and thus can be cleaned up (default: 300) */\n staleStateAgeInSeconds?: number;\n\n /** @deprecated Unused */\n clockSkewInSeconds?: number;\n /** @deprecated Unused */\n userInfoJwtIssuer?: \"ANY\" | \"OP\" | string;\n\n /**\n * Indicates if objects returned from the user info endpoint as claims (e.g. `address`) are merged into the claims from the id token as a single object.\n * Otherwise, they are added to an array as distinct objects for the claim type. (default: false)\n */\n mergeClaims?: boolean;\n\n /**\n * Storage object used to persist interaction state (default: window.localStorage, InMemoryWebStorage iff no window).\n * E.g. `stateStore: new WebStorageStateStore({ store: window.localStorage })`\n */\n stateStore?: StateStore;\n\n /**\n * An object containing additional query string parameters to be including in the authorization request.\n * E.g, when using Azure AD to obtain an access token an additional resource parameter is required. extraQueryParams: `{resource:\"some_identifier\"}`\n */\n extraQueryParams?: Record;\n\n extraTokenParams?: Record;\n}\n\n/**\n * The settings with defaults applied of the {@link OidcClient}.\n * @see {@link OidcClientSettings}\n *\n * @public\n */\nexport class OidcClientSettingsStore {\n // metadata\n public readonly authority: string;\n public readonly metadataUrl: string;\n public readonly metadata: Partial | undefined;\n public readonly metadataSeed: Partial | undefined;\n public readonly signingKeys: SigningKey[] | undefined;\n\n // client config\n public readonly client_id: string;\n public readonly client_secret: string | undefined;\n public readonly response_type: string;\n public readonly scope: string;\n public readonly redirect_uri: string;\n public readonly post_logout_redirect_uri: string | undefined;\n public readonly client_authentication: \"client_secret_basic\" | \"client_secret_post\";\n\n // optional protocol params\n public readonly prompt: string | undefined;\n public readonly display: string | undefined;\n public readonly max_age: number | undefined;\n public readonly ui_locales: string | undefined;\n public readonly acr_values: string | undefined;\n public readonly resource: string | undefined;\n public readonly response_mode: \"query\" | \"fragment\";\n\n // behavior flags\n public readonly filterProtocolClaims: boolean;\n public readonly loadUserInfo: boolean;\n public readonly staleStateAgeInSeconds: number;\n public readonly clockSkewInSeconds: number;\n public readonly userInfoJwtIssuer: \"ANY\" | \"OP\" | string;\n public readonly mergeClaims: boolean;\n\n public readonly stateStore: StateStore;\n\n // extra\n public readonly extraQueryParams: Record;\n public readonly extraTokenParams: Record;\n\n public constructor({\n // metadata related\n authority, metadataUrl, metadata, signingKeys, metadataSeed,\n // client related\n client_id, client_secret, response_type = DefaultResponseType, scope = DefaultScope,\n redirect_uri, post_logout_redirect_uri,\n client_authentication = DefaultClientAuthentication,\n // optional protocol\n prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode,\n // behavior flags\n filterProtocolClaims = true,\n loadUserInfo = false,\n staleStateAgeInSeconds = DefaultStaleStateAgeInSeconds,\n clockSkewInSeconds = DefaultClockSkewInSeconds,\n userInfoJwtIssuer = \"OP\",\n mergeClaims = false,\n // other behavior\n stateStore,\n // extra query params\n extraQueryParams = {},\n extraTokenParams = {},\n }: OidcClientSettings) {\n\n this.authority = authority;\n\n if (metadataUrl) {\n this.metadataUrl = metadataUrl;\n } else {\n this.metadataUrl = authority;\n if (authority) {\n if (!this.metadataUrl.endsWith(\"/\")) {\n this.metadataUrl += \"/\";\n }\n this.metadataUrl += \".well-known/openid-configuration\";\n }\n }\n\n this.metadata = metadata;\n this.metadataSeed = metadataSeed;\n this.signingKeys = signingKeys;\n\n this.client_id = client_id;\n this.client_secret = client_secret;\n this.response_type = response_type;\n this.scope = scope;\n this.redirect_uri = redirect_uri;\n this.post_logout_redirect_uri = post_logout_redirect_uri;\n this.client_authentication = client_authentication;\n\n this.prompt = prompt;\n this.display = display;\n this.max_age = max_age;\n this.ui_locales = ui_locales;\n this.acr_values = acr_values;\n this.resource = resource;\n this.response_mode = response_mode;\n\n this.filterProtocolClaims = !!filterProtocolClaims;\n this.loadUserInfo = !!loadUserInfo;\n this.staleStateAgeInSeconds = staleStateAgeInSeconds;\n this.clockSkewInSeconds = clockSkewInSeconds;\n this.userInfoJwtIssuer = userInfoJwtIssuer;\n this.mergeClaims = !!mergeClaims;\n\n if (stateStore) {\n this.stateStore = stateStore;\n }\n else {\n const store = typeof window !== \"undefined\" ? window.localStorage : new InMemoryWebStorage();\n this.stateStore = new WebStorageStateStore({ store });\n }\n\n this.extraQueryParams = extraQueryParams;\n this.extraTokenParams = extraTokenParams;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, JwtUtils } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { MetadataService } from \"./MetadataService\";\nimport type { JwtClaims } from \"./Claims\";\n\n/**\n * @internal\n */\nexport class UserInfoService {\n protected readonly _logger = new Logger(\"UserInfoService\");\n private readonly _jsonService: JsonService;\n\n public constructor(private readonly _metadataService: MetadataService) {\n this._jsonService = new JsonService(undefined, this._getClaimsFromJwt);\n }\n\n public async getClaims(token: string): Promise {\n const logger = this._logger.create(\"getClaims\");\n if (!token) {\n this._logger.throw(new Error(\"No token passed\"));\n }\n\n const url = await this._metadataService.getUserInfoEndpoint();\n logger.debug(\"got userinfo url\", url);\n\n const claims = await this._jsonService.getJson(url, { token });\n logger.debug(\"got claims\", claims);\n\n return claims;\n }\n\n protected _getClaimsFromJwt = async (responseText: string): Promise => {\n const logger = this._logger.create(\"_getClaimsFromJwt\");\n try {\n const payload = JwtUtils.decode(responseText);\n logger.debug(\"JWT decoding successful\");\n\n return payload;\n }\n catch (err) {\n logger.error(\"Error parsing JWT response\");\n throw err;\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { CryptoUtils, Logger } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { MetadataService } from \"./MetadataService\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\n\n/**\n * @internal\n */\nexport interface ExchangeCodeArgs {\n client_id?: string;\n client_secret?: string;\n redirect_uri?: string;\n\n grant_type?: string;\n code: string;\n code_verifier?: string;\n}\n\n/**\n * @internal\n */\nexport interface ExchangeRefreshTokenArgs {\n client_id?: string;\n client_secret?: string;\n\n grant_type?: string;\n refresh_token: string;\n scope?: string;\n\n timeoutInSeconds?: number;\n}\n\n/**\n * @internal\n */\nexport interface RevokeArgs {\n token: string;\n token_type_hint?: \"access_token\" | \"refresh_token\";\n}\n\n/**\n * @internal\n */\nexport class TokenClient {\n private readonly _logger = new Logger(\"TokenClient\");\n private readonly _jsonService = new JsonService();\n\n public constructor(\n private readonly _settings: OidcClientSettingsStore,\n private readonly _metadataService: MetadataService,\n ) {}\n\n public async exchangeCode({\n grant_type = \"authorization_code\",\n redirect_uri = this._settings.redirect_uri,\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n ...args\n }: ExchangeCodeArgs): Promise> {\n const logger = this._logger.create(\"exchangeCode\");\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n if (!redirect_uri) {\n logger.throw(new Error(\"A redirect_uri is required\"));\n }\n if (!args.code) {\n logger.throw(new Error(\"A code is required\"));\n }\n if (!args.code_verifier) {\n logger.throw(new Error(\"A code_verifier is required\"));\n }\n\n const params = new URLSearchParams({ grant_type, redirect_uri });\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth });\n logger.debug(\"got response\");\n\n return response;\n }\n\n public async exchangeRefreshToken({\n grant_type = \"refresh_token\",\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n timeoutInSeconds,\n ...args\n }: ExchangeRefreshTokenArgs): Promise> {\n const logger = this._logger.create(\"exchangeRefreshToken\");\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n if (!args.refresh_token) {\n logger.throw(new Error(\"A refresh_token is required\"));\n }\n\n const params = new URLSearchParams({ grant_type });\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, timeoutInSeconds });\n logger.debug(\"got response\");\n\n return response;\n }\n\n /**\n * Revoke an access or refresh token.\n *\n * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1\n */\n public async revoke(args: RevokeArgs): Promise {\n const logger = this._logger.create(\"revoke\");\n if (!args.token) {\n logger.throw(new Error(\"A token is required\"));\n }\n\n const url = await this._metadataService.getRevocationEndpoint(false);\n\n logger.debug(`got revocation endpoint, revoking ${args.token_type_hint ?? \"default token type\"}`);\n\n const params = new URLSearchParams();\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n params.set(\"client_id\", this._settings.client_id);\n if (this._settings.client_secret) {\n params.set(\"client_secret\", this._settings.client_secret);\n }\n\n await this._jsonService.postForm(url, { body: params });\n logger.debug(\"got response\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, JwtUtils } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport type { MetadataService } from \"./MetadataService\";\nimport { UserInfoService } from \"./UserInfoService\";\nimport { TokenClient } from \"./TokenClient\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport type { SigninState } from \"./SigninState\";\nimport type { SigninResponse } from \"./SigninResponse\";\nimport type { State } from \"./State\";\nimport type { SignoutResponse } from \"./SignoutResponse\";\nimport type { UserProfile } from \"./User\";\nimport type { RefreshState } from \"./RefreshState\";\nimport type { JwtClaims, IdTokenClaims } from \"./Claims\";\n\n/**\n * Derived from the following sets of claims:\n * - {@link https://datatracker.ietf.org/doc/html/rfc7519.html#section-4.1}\n * - {@link https://openid.net/specs/openid-connect-core-1_0.html#IDToken}\n * - {@link https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken}\n *\n * @internal\n */\nconst ProtocolClaims = [\n \"iss\",\n // \"sub\" should never be excluded, we need access to it internally\n \"aud\",\n \"exp\",\n \"nbf\",\n \"iat\",\n \"jti\",\n \"auth_time\",\n \"nonce\",\n \"acr\",\n \"amr\",\n \"azp\",\n // https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken\n \"at_hash\",\n] as const;\n\n/**\n * @internal\n */\nexport class ResponseValidator {\n protected readonly _logger = new Logger(\"ResponseValidator\");\n protected readonly _userInfoService = new UserInfoService(this._metadataService);\n protected readonly _tokenClient = new TokenClient(this._settings, this._metadataService);\n\n public constructor(\n protected readonly _settings: OidcClientSettingsStore,\n protected readonly _metadataService: MetadataService,\n ) {}\n\n public async validateSigninResponse(response: SigninResponse, state: SigninState): Promise {\n const logger = this._logger.create(\"validateSigninResponse\");\n\n this._processSigninState(response, state);\n logger.debug(\"state processed\");\n\n await this._processCode(response, state);\n logger.debug(\"code processed\");\n\n if (response.isOpenId) {\n this._validateIdTokenAttributes(response);\n }\n logger.debug(\"tokens validated\");\n\n await this._processClaims(response, state?.skipUserInfo, response.isOpenId);\n logger.debug(\"claims processed\");\n }\n\n public async validateRefreshResponse(response: SigninResponse, state: RefreshState): Promise {\n const logger = this._logger.create(\"validateRefreshResponse\");\n\n response.userState = state.data;\n // if there's no session_state on the response, copy over session_state from original request\n response.session_state ??= state.session_state;\n // if there's no scope on the response, then assume all scopes granted (per-spec) and copy over scopes from original request\n response.scope ??= state.scope;\n\n // OpenID Connect Core 1.0 says that id_token is optional in refresh response:\n // https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse\n const hasIdToken = response.isOpenId && !!response.id_token;\n if (hasIdToken) {\n this._validateIdTokenAttributes(response, state.id_token);\n logger.debug(\"ID Token validated\");\n }\n\n await this._processClaims(response, false, hasIdToken);\n logger.debug(\"claims processed\");\n }\n\n public validateSignoutResponse(response: SignoutResponse, state: State): void {\n const logger = this._logger.create(\"validateSignoutResponse\");\n if (state.id !== response.state) {\n logger.throw(new Error(\"State does not match\"));\n }\n\n // now that we know the state matches, take the stored data\n // and set it into the response so callers can get their state\n // this is important for both success & error outcomes\n logger.debug(\"state validated\");\n response.userState = state.data;\n\n if (response.error) {\n logger.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n }\n\n protected _processSigninState(response: SigninResponse, state: SigninState): void {\n const logger = this._logger.create(\"_processSigninState\");\n if (state.id !== response.state) {\n logger.throw(new Error(\"State does not match\"));\n }\n\n if (!state.client_id) {\n logger.throw(new Error(\"No client_id on state\"));\n }\n\n if (!state.authority) {\n logger.throw(new Error(\"No authority on state\"));\n }\n\n // ensure we're using the correct authority\n if (this._settings.authority !== state.authority) {\n logger.throw(new Error(\"authority mismatch on settings vs. signin state\"));\n }\n if (this._settings.client_id && this._settings.client_id !== state.client_id) {\n logger.throw(new Error(\"client_id mismatch on settings vs. signin state\"));\n }\n\n // now that we know the state matches, take the stored data\n // and set it into the response so callers can get their state\n // this is important for both success & error outcomes\n logger.debug(\"state validated\");\n response.userState = state.data;\n // if there's no scope on the response, then assume all scopes granted (per-spec) and copy over scopes from original request\n response.scope ??= state.scope;\n\n if (response.error) {\n logger.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n\n if (state.code_verifier && !response.code) {\n logger.throw(new Error(\"Expected code in response\"));\n }\n\n if (!state.code_verifier && response.code) {\n logger.throw(new Error(\"Unexpected code in response\"));\n }\n }\n\n protected async _processClaims(response: SigninResponse, skipUserInfo = false, validateSub = true): Promise {\n const logger = this._logger.create(\"_processClaims\");\n response.profile = this._filterProtocolClaims(response.profile);\n\n if (skipUserInfo || !this._settings.loadUserInfo || !response.access_token) {\n logger.debug(\"not loading user info\");\n return;\n }\n\n logger.debug(\"loading user info\");\n const claims = await this._userInfoService.getClaims(response.access_token);\n logger.debug(\"user info claims received from user info endpoint\");\n\n if (validateSub && claims.sub !== response.profile.sub) {\n logger.throw(new Error(\"subject from UserInfo response does not match subject in ID Token\"));\n }\n\n response.profile = this._mergeClaims(response.profile, this._filterProtocolClaims(claims as IdTokenClaims));\n logger.debug(\"user info claims received, updated profile:\", response.profile);\n }\n\n protected _mergeClaims(claims1: UserProfile, claims2: JwtClaims): UserProfile {\n const result = { ...claims1 };\n\n for (const [claim, values] of Object.entries(claims2)) {\n for (const value of Array.isArray(values) ? values : [values]) {\n const previousValue = result[claim];\n if (!previousValue) {\n result[claim] = value;\n }\n else if (Array.isArray(previousValue)) {\n if (!previousValue.includes(value)) {\n previousValue.push(value);\n }\n }\n else if (result[claim] !== value) {\n if (typeof value === \"object\" && this._settings.mergeClaims) {\n result[claim] = this._mergeClaims(previousValue as UserProfile, value);\n }\n else {\n result[claim] = [previousValue, value];\n }\n }\n }\n }\n\n return result;\n }\n\n protected _filterProtocolClaims(claims: UserProfile): UserProfile {\n const result = { ...claims };\n\n if (this._settings.filterProtocolClaims) {\n for (const type of ProtocolClaims) {\n delete result[type];\n }\n }\n\n return result;\n }\n\n protected async _processCode(response: SigninResponse, state: SigninState): Promise {\n const logger = this._logger.create(\"_processCode\");\n if (response.code) {\n logger.debug(\"Validating code\");\n const tokenResponse = await this._tokenClient.exchangeCode({\n client_id: state.client_id,\n client_secret: state.client_secret,\n code: response.code,\n redirect_uri: state.redirect_uri,\n code_verifier: state.code_verifier,\n ...state.extraTokenParams,\n });\n Object.assign(response, tokenResponse);\n } else {\n logger.debug(\"No code to process\");\n }\n }\n\n protected _validateIdTokenAttributes(response: SigninResponse, currentToken?: string): void {\n const logger = this._logger.create(\"_validateIdTokenAttributes\");\n\n logger.debug(\"decoding ID Token JWT\");\n const profile = JwtUtils.decode(response.id_token ?? \"\");\n\n if (!profile.sub) {\n logger.throw(new Error(\"ID Token is missing a subject claim\"));\n }\n\n if (currentToken) {\n const current = JwtUtils.decode(currentToken);\n if (current.sub !== profile.sub) {\n logger.throw(new Error(\"sub in id_token does not match current sub\"));\n }\n if (current.auth_time && current.auth_time !== profile.auth_time) {\n logger.throw(new Error(\"auth_time in id_token does not match original auth_time\"));\n }\n if (current.azp && current.azp !== profile.azp) {\n logger.throw(new Error(\"azp in id_token does not match original azp\"));\n }\n if (!current.azp && profile.azp) {\n logger.throw(new Error(\"azp not in id_token, but present in original id_token\"));\n }\n }\n\n response.profile = profile as UserProfile;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, CryptoUtils, Timer } from \"./utils\";\nimport type { StateStore } from \"./StateStore\";\n\n/**\n * @public\n */\nexport class State {\n public readonly id: string;\n public readonly created: number;\n public readonly request_type: string | undefined;\n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n public readonly data: unknown | undefined;\n\n public constructor(args: {\n id?: string;\n data?: unknown;\n created?: number;\n request_type?: string;\n }) {\n this.id = args.id || CryptoUtils.generateUUIDv4();\n this.data = args.data;\n\n if (args.created && args.created > 0) {\n this.created = args.created;\n }\n else {\n this.created = Timer.getEpochTime();\n }\n this.request_type = args.request_type;\n }\n\n public toStorageString(): string {\n new Logger(\"State\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n });\n }\n\n public static fromStorageString(storageString: string): State {\n Logger.createStatic(\"State\", \"fromStorageString\");\n return new State(JSON.parse(storageString));\n }\n\n public static async clearStaleState(storage: StateStore, age: number): Promise {\n const logger = Logger.createStatic(\"State\", \"clearStaleState\");\n const cutoff = Timer.getEpochTime() - age;\n\n const keys = await storage.getAllKeys();\n logger.debug(\"got keys\", keys);\n\n for (let i = 0; i < keys.length; i++) {\n const key = keys[i];\n const item = await storage.get(key);\n let remove = false;\n\n if (item) {\n try {\n const state = State.fromStorageString(item);\n\n logger.debug(\"got item from key:\", key, state.created);\n if (state.created <= cutoff) {\n remove = true;\n }\n }\n catch (err) {\n logger.error(\"Error parsing state for key:\", key, err);\n remove = true;\n }\n }\n else {\n logger.debug(\"no item in storage for key:\", key);\n remove = true;\n }\n\n if (remove) {\n logger.debug(\"removed item for key:\", key);\n void storage.remove(key);\n }\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, CryptoUtils } from \"./utils\";\nimport { State } from \"./State\";\n\n/**\n * @public\n */\nexport class SigninState extends State {\n // isCode\n /** The same code_verifier that was used to obtain the authorization_code via PKCE. */\n public readonly code_verifier: string | undefined;\n /** Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). */\n public readonly code_challenge: string | undefined;\n\n // to ensure state still matches settings\n /** @see {@link OidcClientSettings.authority} */\n public readonly authority: string;\n /** @see {@link OidcClientSettings.client_id} */\n public readonly client_id: string;\n /** @see {@link OidcClientSettings.redirect_uri} */\n public readonly redirect_uri: string;\n /** @see {@link OidcClientSettings.scope} */\n public readonly scope: string;\n /** @see {@link OidcClientSettings.client_secret} */\n public readonly client_secret: string | undefined;\n /** @see {@link OidcClientSettings.extraTokenParams} */\n public readonly extraTokenParams: Record | undefined;\n /** @see {@link OidcClientSettings.response_mode} */\n public readonly response_mode: \"query\" | \"fragment\" | undefined;\n\n public readonly skipUserInfo: boolean | undefined;\n\n public constructor(args: {\n id?: string;\n data?: unknown;\n created?: number;\n request_type?: string;\n\n code_verifier?: string | boolean;\n authority: string;\n client_id: string;\n redirect_uri: string;\n scope: string;\n client_secret?: string;\n extraTokenParams?: Record;\n response_mode?: \"query\" | \"fragment\";\n skipUserInfo?: boolean;\n }) {\n super(args);\n\n if (args.code_verifier === true) {\n this.code_verifier = CryptoUtils.generateCodeVerifier();\n }\n else if (args.code_verifier) {\n this.code_verifier = args.code_verifier;\n }\n\n if (this.code_verifier) {\n this.code_challenge = CryptoUtils.generateCodeChallenge(this.code_verifier);\n }\n\n this.authority = args.authority;\n this.client_id = args.client_id;\n this.redirect_uri = args.redirect_uri;\n this.scope = args.scope;\n this.client_secret = args.client_secret;\n this.extraTokenParams = args.extraTokenParams;\n\n this.response_mode = args.response_mode;\n this.skipUserInfo = args.skipUserInfo;\n }\n\n public toStorageString(): string {\n new Logger(\"SigninState\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n\n code_verifier: this.code_verifier,\n authority: this.authority,\n client_id: this.client_id,\n redirect_uri: this.redirect_uri,\n scope: this.scope,\n client_secret: this.client_secret,\n extraTokenParams : this.extraTokenParams,\n response_mode: this.response_mode,\n skipUserInfo: this.skipUserInfo,\n });\n }\n\n public static fromStorageString(storageString: string): SigninState {\n Logger.createStatic(\"SigninState\", \"fromStorageString\");\n const data = JSON.parse(storageString);\n return new SigninState(data);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { SigninState } from \"./SigninState\";\n\n/**\n * @public\n */\nexport interface SigninRequestArgs {\n // mandatory\n url: string;\n authority: string;\n client_id: string;\n redirect_uri: string;\n response_type: string;\n scope: string;\n\n // optional\n prompt?: string;\n display?: string;\n max_age?: number;\n ui_locales?: string;\n id_token_hint?: string;\n login_hint?: string;\n acr_values?: string;\n resource?: string;\n response_mode?: \"query\" | \"fragment\" ;\n request?: string;\n request_uri?: string;\n extraQueryParams?: Record;\n request_type?: string;\n client_secret?: string;\n extraTokenParams?: Record;\n skipUserInfo?: boolean;\n nonce?: string; \n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state_data?: unknown;\n}\n\n/**\n * @public\n */\nexport class SigninRequest {\n private readonly _logger = new Logger(\"SigninRequest\");\n\n public readonly url: string;\n public readonly state: SigninState;\n\n public constructor({\n // mandatory\n url, authority, client_id, redirect_uri, response_type, scope,\n // optional\n state_data, response_mode, request_type, client_secret, nonce,\n skipUserInfo,\n extraQueryParams,\n extraTokenParams,\n ...optionalParams\n }: SigninRequestArgs) {\n if (!url) {\n this._logger.error(\"ctor: No url passed\");\n throw new Error(\"url\");\n }\n if (!client_id) {\n this._logger.error(\"ctor: No client_id passed\");\n throw new Error(\"client_id\");\n }\n if (!redirect_uri) {\n this._logger.error(\"ctor: No redirect_uri passed\");\n throw new Error(\"redirect_uri\");\n }\n if (!response_type) {\n this._logger.error(\"ctor: No response_type passed\");\n throw new Error(\"response_type\");\n }\n if (!scope) {\n this._logger.error(\"ctor: No scope passed\");\n throw new Error(\"scope\");\n }\n if (!authority) {\n this._logger.error(\"ctor: No authority passed\");\n throw new Error(\"authority\");\n }\n\n this.state = new SigninState({\n data: state_data,\n request_type,\n code_verifier: true,\n client_id, authority, redirect_uri,\n response_mode,\n client_secret, scope, extraTokenParams,\n skipUserInfo,\n });\n\n const parsedUrl = new URL(url);\n parsedUrl.searchParams.append(\"client_id\", client_id);\n parsedUrl.searchParams.append(\"redirect_uri\", redirect_uri);\n parsedUrl.searchParams.append(\"response_type\", response_type);\n parsedUrl.searchParams.append(\"scope\", scope);\n if (nonce) {\n parsedUrl.searchParams.append(\"nonce\", nonce);\n }\n\n parsedUrl.searchParams.append(\"state\", this.state.id);\n if (this.state.code_challenge) {\n parsedUrl.searchParams.append(\"code_challenge\", this.state.code_challenge);\n parsedUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n }\n\n for (const [key, value] of Object.entries({ response_mode, ...optionalParams, ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n\n this.url = parsedUrl.href;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Timer } from \"./utils\";\nimport type { UserProfile } from \"./User\";\n\nconst OidcScope = \"openid\";\n\n/**\n * @public\n */\nexport class SigninResponse {\n // props present in the initial callback response regardless of success\n public readonly state: string | null;\n /** @see {@link User.session_state} */\n public session_state: string | null;\n\n // error props\n /** @see {@link ErrorResponse.error} */\n public readonly error: string | null;\n /** @see {@link ErrorResponse.error_description} */\n public readonly error_description: string | null;\n /** @see {@link ErrorResponse.error_uri} */\n public readonly error_uri: string | null;\n\n // success props\n public readonly code: string | null;\n\n // props set after validation\n /** @see {@link User.id_token} */\n public id_token?: string;\n /** @see {@link User.access_token} */\n public access_token = \"\";\n /** @see {@link User.token_type} */\n public token_type = \"\";\n /** @see {@link User.refresh_token} */\n public refresh_token?: string;\n /** @see {@link User.scope} */\n public scope?: string;\n /** @see {@link User.expires_at} */\n public expires_at?: number;\n\n /** custom state data set during the initial signin request */\n public userState: unknown;\n\n /** @see {@link User.profile} */\n public profile: UserProfile = {} as UserProfile;\n\n public constructor(params: URLSearchParams) {\n this.state = params.get(\"state\");\n this.session_state = params.get(\"session_state\");\n\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n\n this.code = params.get(\"code\");\n }\n\n public get expires_in(): number | undefined {\n if (this.expires_at === undefined) {\n return undefined;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n public set expires_in(value: number | undefined) {\n // spec expects a number, but normalize here just in case\n if (typeof value === \"string\") value = Number(value);\n if (value !== undefined && value >= 0) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n\n public get isOpenId(): boolean {\n return this.scope?.split(\" \").includes(OidcScope) || !!this.id_token;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { State } from \"./State\";\n\n/**\n * @public\n */\nexport interface SignoutRequestArgs {\n // mandatory\n url: string;\n\n // optional\n state_data?: unknown;\n id_token_hint?: string;\n post_logout_redirect_uri?: string;\n extraQueryParams?: Record;\n request_type?: string;\n}\n\n/**\n * @public\n */\nexport class SignoutRequest {\n private readonly _logger = new Logger(\"SignoutRequest\");\n\n public readonly url: string;\n public readonly state?: State;\n\n public constructor({\n url,\n state_data, id_token_hint, post_logout_redirect_uri, extraQueryParams, request_type,\n }: SignoutRequestArgs) {\n if (!url) {\n this._logger.error(\"ctor: No url passed\");\n throw new Error(\"url\");\n }\n\n const parsedUrl = new URL(url);\n if (id_token_hint) {\n parsedUrl.searchParams.append(\"id_token_hint\", id_token_hint);\n }\n\n if (post_logout_redirect_uri) {\n parsedUrl.searchParams.append(\"post_logout_redirect_uri\", post_logout_redirect_uri);\n\n if (state_data) {\n this.state = new State({ data: state_data, request_type });\n\n parsedUrl.searchParams.append(\"state\", this.state.id);\n }\n }\n\n for (const [key, value] of Object.entries({ ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n\n this.url = parsedUrl.href;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * @public\n */\nexport class SignoutResponse {\n public readonly state: string | null;\n\n // error props\n /** @see {@link ErrorResponse.error} */\n public error: string | null;\n /** @see {@link ErrorResponse.error_description} */\n public error_description: string | null;\n /** @see {@link ErrorResponse.error_uri} */\n public error_uri: string | null;\n\n /** custom state data set during the initial signin request */\n public userState: unknown;\n\n public constructor(params: URLSearchParams) {\n this.state = params.get(\"state\");\n\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, UrlUtils } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport { OidcClientSettings, OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport { ResponseValidator } from \"./ResponseValidator\";\nimport { MetadataService } from \"./MetadataService\";\nimport type { RefreshState } from \"./RefreshState\";\nimport { SigninRequest } from \"./SigninRequest\";\nimport { SigninResponse } from \"./SigninResponse\";\nimport { SignoutRequest, SignoutRequestArgs } from \"./SignoutRequest\";\nimport { SignoutResponse } from \"./SignoutResponse\";\nimport { SigninState } from \"./SigninState\";\nimport { State } from \"./State\";\nimport { TokenClient } from \"./TokenClient\";\n\n/**\n * @public\n */\nexport interface CreateSigninRequestArgs {\n redirect_uri?: string;\n response_type?: string;\n scope?: string;\n nonce?: string;\n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state?: unknown;\n\n prompt?: string;\n display?: string;\n max_age?: number;\n ui_locales?: string;\n id_token_hint?: string;\n login_hint?: string;\n acr_values?: string;\n resource?: string;\n response_mode?: \"query\" | \"fragment\";\n request?: string;\n request_uri?: string;\n extraQueryParams?: Record;\n request_type?: string;\n client_secret?: string;\n extraTokenParams?: Record;\n skipUserInfo?: boolean;\n}\n\n/**\n * @public\n */\nexport interface UseRefreshTokenArgs {\n state: RefreshState;\n timeoutInSeconds?: number;\n}\n\n/**\n * @public\n */\nexport type CreateSignoutRequestArgs = Omit & { state?: unknown };\n\n/**\n * Provides the raw OIDC/OAuth2 protocol support for the authorization endpoint and the end session endpoint in the\n * authorization server. It provides a bare-bones protocol implementation and is used by the UserManager class.\n * Only use this class if you simply want protocol support without the additional management features of the\n * UserManager class.\n *\n * @public\n */\nexport class OidcClient {\n public readonly settings: OidcClientSettingsStore;\n protected readonly _logger = new Logger(\"OidcClient\");\n\n public readonly metadataService: MetadataService;\n protected readonly _validator: ResponseValidator;\n protected readonly _tokenClient: TokenClient;\n\n public constructor(settings: OidcClientSettings) {\n this.settings = new OidcClientSettingsStore(settings);\n\n this.metadataService = new MetadataService(this.settings);\n this._validator = new ResponseValidator(this.settings, this.metadataService);\n this._tokenClient = new TokenClient(this.settings, this.metadataService);\n }\n\n public async createSigninRequest({\n state,\n request,\n request_uri,\n request_type,\n id_token_hint,\n login_hint,\n skipUserInfo,\n nonce,\n response_type = this.settings.response_type,\n scope = this.settings.scope,\n redirect_uri = this.settings.redirect_uri,\n prompt = this.settings.prompt,\n display = this.settings.display,\n max_age = this.settings.max_age,\n ui_locales = this.settings.ui_locales,\n acr_values = this.settings.acr_values,\n resource = this.settings.resource,\n response_mode = this.settings.response_mode,\n extraQueryParams = this.settings.extraQueryParams,\n extraTokenParams = this.settings.extraTokenParams,\n }: CreateSigninRequestArgs): Promise {\n const logger = this._logger.create(\"createSigninRequest\");\n\n if (response_type !== \"code\") {\n throw new Error(\"Only the Authorization Code flow (with PKCE) is supported\");\n }\n\n const url = await this.metadataService.getAuthorizationEndpoint();\n logger.debug(\"Received authorization endpoint\", url);\n\n const signinRequest = new SigninRequest({\n url,\n authority: this.settings.authority,\n client_id: this.settings.client_id,\n redirect_uri,\n response_type,\n scope,\n state_data: state,\n prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values,\n resource, request, request_uri, extraQueryParams, extraTokenParams, request_type, response_mode,\n client_secret: this.settings.client_secret,\n skipUserInfo,\n nonce,\n });\n\n // house cleaning\n await this.clearStaleState();\n\n const signinState = signinRequest.state;\n await this.settings.stateStore.set(signinState.id, signinState.toStorageString());\n return signinRequest;\n }\n\n public async readSigninResponseState(url: string, removeState = false): Promise<{ state: SigninState; response: SigninResponse }> {\n const logger = this._logger.create(\"readSigninResponseState\");\n\n const response = new SigninResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger.throw(new Error(\"No state in response\"));\n // need to throw within this function's body for type narrowing to work\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger.throw(new Error(\"No matching state found in storage\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const state = SigninState.fromStorageString(storedStateString);\n return { state, response };\n }\n\n public async processSigninResponse(url: string): Promise {\n const logger = this._logger.create(\"processSigninResponse\");\n\n const { state, response } = await this.readSigninResponseState(url, true);\n logger.debug(\"received state from storage; validating response\");\n await this._validator.validateSigninResponse(response, state);\n return response;\n }\n\n public async useRefreshToken({\n state,\n timeoutInSeconds,\n }: UseRefreshTokenArgs): Promise {\n const logger = this._logger.create(\"useRefreshToken\");\n\n const result = await this._tokenClient.exchangeRefreshToken({\n refresh_token: state.refresh_token,\n scope: state.scope,\n timeoutInSeconds,\n });\n const response = new SigninResponse(new URLSearchParams());\n Object.assign(response, result);\n logger.debug(\"validating response\", response);\n await this._validator.validateRefreshResponse(response, state);\n return response;\n }\n\n public async createSignoutRequest({\n state,\n id_token_hint,\n request_type,\n post_logout_redirect_uri = this.settings.post_logout_redirect_uri,\n extraQueryParams = this.settings.extraQueryParams,\n }: CreateSignoutRequestArgs = {}): Promise {\n const logger = this._logger.create(\"createSignoutRequest\");\n\n const url = await this.metadataService.getEndSessionEndpoint();\n if (!url) {\n logger.throw(new Error(\"No end session endpoint\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n logger.debug(\"Received end session endpoint\", url);\n\n const request = new SignoutRequest({\n url,\n id_token_hint,\n post_logout_redirect_uri,\n state_data: state,\n extraQueryParams,\n request_type,\n });\n\n // house cleaning\n await this.clearStaleState();\n\n const signoutState = request.state;\n if (signoutState) {\n logger.debug(\"Signout request has state to persist\");\n await this.settings.stateStore.set(signoutState.id, signoutState.toStorageString());\n }\n\n return request;\n }\n\n public async readSignoutResponseState(url: string, removeState = false): Promise<{ state: State | undefined; response: SignoutResponse }> {\n const logger = this._logger.create(\"readSignoutResponseState\");\n\n const response = new SignoutResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger.debug(\"No state in response\");\n\n if (response.error) {\n logger.warn(\"Response was error:\", response.error);\n throw new ErrorResponse(response);\n }\n\n return { state: undefined, response };\n }\n\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger.throw(new Error(\"No matching state found in storage\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const state = State.fromStorageString(storedStateString);\n return { state, response };\n }\n\n public async processSignoutResponse(url: string): Promise {\n const logger = this._logger.create(\"processSignoutResponse\");\n\n const { state, response } = await this.readSignoutResponseState(url, true);\n if (state) {\n logger.debug(\"Received state from storage; validating response\");\n this._validator.validateSignoutResponse(response, state);\n } else {\n logger.debug(\"No state from storage; skipping response validation\");\n }\n\n return response;\n }\n\n public clearStaleState(): Promise {\n this._logger.create(\"clearStaleState\");\n return State.clearStaleState(this.settings.stateStore, this.settings.staleStateAgeInSeconds);\n }\n\n public async revokeToken(token: string, type?: \"access_token\" | \"refresh_token\"): Promise {\n this._logger.create(\"revokeToken\");\n return await this._tokenClient.revoke({\n token,\n token_type_hint: type,\n });\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { CheckSessionIFrame } from \"./CheckSessionIFrame\";\nimport type { UserManager } from \"./UserManager\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport class SessionMonitor {\n private readonly _logger = new Logger(\"SessionMonitor\");\n\n private _sub: string | undefined;\n private _sid: string | undefined;\n private _checkSessionIFrame?: CheckSessionIFrame;\n\n public constructor(private readonly _userManager: UserManager) {\n if (!_userManager) {\n this._logger.throw(new Error(\"No user manager passed\"));\n }\n\n this._userManager.events.addUserLoaded(this._start);\n this._userManager.events.addUserUnloaded(this._stop);\n\n this._init().catch((err: unknown) => {\n // catch to suppress errors since we're in a ctor\n this._logger.error(err);\n });\n }\n\n protected async _init(): Promise {\n this._logger.create(\"_init\");\n const user = await this._userManager.getUser();\n // doing this manually here since calling getUser\n // doesn't trigger load event.\n if (user) {\n void this._start(user);\n }\n else if (this._userManager.settings.monitorAnonymousSession) {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub && session.sid ? {\n sub: session.sub,\n sid: session.sid,\n } : null,\n };\n void this._start(tmpUser);\n }\n }\n }\n\n protected _start = async (\n user: User | {\n session_state: string;\n profile: { sub: string; sid: string } | null;\n },\n ): Promise => {\n const session_state = user.session_state;\n if (!session_state) {\n return;\n }\n const logger = this._logger.create(\"_start\");\n\n if (user.profile) {\n this._sub = user.profile.sub;\n this._sid = user.profile.sid;\n logger.debug(\"session_state\", session_state, \", sub\", this._sub);\n }\n else {\n this._sub = undefined;\n this._sid = undefined;\n logger.debug(\"session_state\", session_state, \", anonymous user\");\n }\n\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.start(session_state);\n return;\n }\n\n try {\n const url = await this._userManager.metadataService.getCheckSessionIframe();\n if (url) {\n logger.debug(\"initializing check session iframe\");\n\n const client_id = this._userManager.settings.client_id;\n const intervalInSeconds = this._userManager.settings.checkSessionIntervalInSeconds;\n const stopOnError = this._userManager.settings.stopCheckSessionOnError;\n\n const checkSessionIFrame = new CheckSessionIFrame(this._callback, client_id, url, intervalInSeconds, stopOnError);\n await checkSessionIFrame.load();\n this._checkSessionIFrame = checkSessionIFrame;\n checkSessionIFrame.start(session_state);\n }\n else {\n logger.warn(\"no check session iframe found in the metadata\");\n }\n }\n catch (err) {\n // catch to suppress errors since we're in non-promise callback\n logger.error(\"Error from getCheckSessionIframe:\", err instanceof Error ? err.message : err);\n }\n };\n\n protected _stop = (): void => {\n const logger = this._logger.create(\"_stop\");\n this._sub = undefined;\n this._sid = undefined;\n\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.stop();\n }\n\n if (this._userManager.settings.monitorAnonymousSession) {\n // using a timer to delay re-initialization to avoid race conditions during signout\n // TODO rewrite to use promise correctly\n // eslint-disable-next-line @typescript-eslint/no-misused-promises\n const timerHandle = setInterval(async () => {\n clearInterval(timerHandle);\n\n try {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub && session.sid ? {\n sub: session.sub,\n sid: session.sid,\n } : null,\n };\n void this._start(tmpUser);\n }\n }\n catch (err) {\n // catch to suppress errors since we're in a callback\n logger.error(\"error from querySessionStatus\", err instanceof Error ? err.message : err);\n }\n }, 1000);\n }\n };\n\n protected _callback = async (): Promise => {\n const logger = this._logger.create(\"_callback\");\n try {\n const session = await this._userManager.querySessionStatus();\n let raiseEvent = true;\n\n if (session && this._checkSessionIFrame) {\n if (session.sub === this._sub) {\n raiseEvent = false;\n this._checkSessionIFrame.start(session.session_state);\n\n if (session.sid === this._sid) {\n logger.debug(\"same sub still logged in at OP, restarting check session iframe; session_state\", session.session_state);\n }\n else {\n logger.debug(\"same sub still logged in at OP, session state has changed, restarting check session iframe; session_state\", session.session_state);\n this._userManager.events._raiseUserSessionChanged();\n }\n }\n else {\n logger.debug(\"different subject signed into OP\", session.sub);\n }\n }\n else {\n logger.debug(\"subject no longer signed into OP\");\n }\n\n if (raiseEvent) {\n if (this._sub) {\n this._userManager.events._raiseUserSignedOut();\n }\n else {\n this._userManager.events._raiseUserSignedIn();\n }\n } else {\n logger.debug(\"no change in session detected, no event to raise\");\n }\n }\n catch (err) {\n if (this._sub) {\n logger.debug(\"Error calling queryCurrentSigninSession; raising signed out event\", err);\n this._userManager.events._raiseUserSignedOut();\n }\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport type { IdTokenClaims } from \"./Claims\";\n\n/**\n * Holds claims represented by a combination of the `id_token` and the user info endpoint.\n * @public\n */\nexport type UserProfile = IdTokenClaims;\n\n/**\n * @public\n */\nexport class User {\n /**\n * A JSON Web Token (JWT). Only provided if `openid` scope was requested.\n * The application can access the data decoded by using the `profile` property.\n */\n public id_token?: string;\n\n /** The session state value returned from the OIDC provider. */\n public session_state: string | null;\n\n /**\n * The requested access token returned from the OIDC provider. The application can use this token to\n * authenticate itself to the secured resource.\n */\n public access_token: string;\n\n /**\n * An OAuth 2.0 refresh token. The app can use this token to acquire additional access tokens after the\n * current access token expires. Refresh tokens are long-lived and can be used to maintain access to resources\n * for extended periods of time.\n */\n public refresh_token?: string;\n\n /** Typically \"Bearer\" */\n public token_type: string;\n\n /** The scopes that the requested access token is valid for. */\n public scope?: string;\n\n /** The claims represented by a combination of the `id_token` and the user info endpoint. */\n public profile: UserProfile;\n\n /** The expires at returned from the OIDC provider. */\n public expires_at?: number;\n\n /** custom state data set during the initial signin request */\n public readonly state: unknown;\n\n public constructor(args: {\n id_token?: string;\n session_state?: string | null;\n access_token: string;\n refresh_token?: string;\n token_type: string;\n scope?: string;\n profile: UserProfile;\n expires_at?: number;\n userState?: unknown;\n }) {\n this.id_token = args.id_token;\n this.session_state = args.session_state ?? null;\n this.access_token = args.access_token;\n this.refresh_token = args.refresh_token;\n\n this.token_type = args.token_type;\n this.scope = args.scope;\n this.profile = args.profile;\n this.expires_at = args.expires_at;\n this.state = args.userState;\n }\n\n /** Computed number of seconds the access token has remaining. */\n public get expires_in(): number | undefined {\n if (this.expires_at === undefined) {\n return undefined;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n\n public set expires_in(value: number | undefined) {\n if (value !== undefined) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n\n /** Computed value indicating if the access token is expired. */\n public get expired(): boolean | undefined {\n const expires_in = this.expires_in;\n if (expires_in === undefined) {\n return undefined;\n }\n return expires_in <= 0;\n }\n\n /** Array representing the parsed values from the `scope`. */\n public get scopes(): string[] {\n return this.scope?.split(\" \") ?? [];\n }\n\n public toStorageString(): string {\n new Logger(\"User\").create(\"toStorageString\");\n return JSON.stringify({\n id_token: this.id_token,\n session_state: this.session_state,\n access_token: this.access_token,\n refresh_token: this.refresh_token,\n token_type: this.token_type,\n scope: this.scope,\n profile: this.profile,\n expires_at: this.expires_at,\n });\n }\n\n public static fromStorageString(storageString: string): User {\n Logger.createStatic(\"User\", \"fromStorageString\");\n return new User(JSON.parse(storageString));\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Event, Logger, UrlUtils } from \"../utils\";\nimport type { IWindow, NavigateParams, NavigateResponse } from \"./IWindow\";\n\nconst messageSource = \"oidc-client\";\n\ninterface MessageData {\n source: string;\n url: string;\n keepOpen: boolean;\n}\n\n/**\n * Window implementation which resolves via communication from a child window\n * via the `Window.postMessage()` interface.\n *\n * @internal\n */\nexport abstract class AbstractChildWindow implements IWindow {\n protected abstract readonly _logger: Logger;\n protected readonly _abort = new Event<[reason: Error]>(\"Window navigation aborted\");\n protected readonly _disposeHandlers = new Set<() => void>();\n\n protected _window: WindowProxy | null = null;\n\n public async navigate(params: NavigateParams): Promise {\n const logger = this._logger.create(\"navigate\");\n if (!this._window) {\n throw new Error(\"Attempted to navigate on a disposed window\");\n }\n\n logger.debug(\"setting URL in window\");\n this._window.location.replace(params.url);\n\n const { url, keepOpen } = await new Promise((resolve, reject) => {\n const listener = (e: MessageEvent) => {\n const data: MessageData | undefined = e.data;\n const origin = params.scriptOrigin ?? window.location.origin;\n if (e.origin !== origin || data?.source !== messageSource) {\n // silently discard events not intended for us\n return;\n }\n try {\n const state = UrlUtils.readParams(data.url, params.response_mode).get(\"state\");\n if (!state) {\n logger.warn(\"no state found in response url\");\n }\n if (e.source !== this._window && state !== params.state) {\n // MessageEvent source is a relatively modern feature, we can't rely on it\n // so we also inspect the payload for a matching state key as an alternative\n return;\n }\n }\n catch (err) {\n this._dispose();\n reject(new Error(\"Invalid response from window\"));\n }\n resolve(data);\n };\n window.addEventListener(\"message\", listener, false);\n this._disposeHandlers.add(() => window.removeEventListener(\"message\", listener, false));\n this._disposeHandlers.add(this._abort.addHandler((reason) => {\n this._dispose();\n reject(reason);\n }));\n });\n logger.debug(\"got response from window\");\n this._dispose();\n\n if (!keepOpen) {\n this.close();\n }\n\n return { url };\n }\n\n public abstract close(): void;\n\n private _dispose(): void {\n this._logger.create(\"_dispose\");\n\n for (const dispose of this._disposeHandlers) {\n dispose();\n }\n this._disposeHandlers.clear();\n }\n\n protected static _notifyParent(parent: Window, url: string, keepOpen = false, targetOrigin = window.location.origin): void {\n parent.postMessage({\n source: messageSource,\n url,\n keepOpen,\n } as MessageData, targetOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { OidcClientSettings, OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport type { PopupWindowFeatures } from \"./utils/PopupUtils\";\nimport { WebStorageStateStore } from \"./WebStorageStateStore\";\nimport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\n\nexport const DefaultPopupWindowFeatures: PopupWindowFeatures = {\n location: false,\n toolbar: false,\n height: 640,\n};\nexport const DefaultPopupTarget = \"_blank\";\nconst DefaultAccessTokenExpiringNotificationTimeInSeconds = 60;\nconst DefaultCheckSessionIntervalInSeconds = 2;\nexport const DefaultSilentRequestTimeoutInSeconds = 10;\n\n/**\n * The settings used to configure the {@link UserManager}.\n *\n * @public\n */\nexport interface UserManagerSettings extends OidcClientSettings {\n /** The URL for the page containing the call to signinPopupCallback to handle the callback from the OIDC/OAuth2 */\n popup_redirect_uri?: string;\n popup_post_logout_redirect_uri?: string;\n /**\n * The features parameter to window.open for the popup signin window. By default, the popup is\n * placed centered in front of the window opener.\n * (default: \\{ location: false, menubar: false, height: 640 \\})\n */\n popupWindowFeatures?: PopupWindowFeatures;\n /** The target parameter to window.open for the popup signin window (default: \"_blank\") */\n popupWindowTarget?: string;\n /** The methods window.location method used to redirect (default: \"assign\") */\n redirectMethod?: \"replace\" | \"assign\";\n /** The methods target window being redirected (default: \"self\") */\n redirectTarget?: \"top\" | \"self\";\n\n /** The target to pass while calling postMessage inside iframe for callback (default: window.location.origin) */\n iframeNotifyParentOrigin?: string;\n\n /** The script origin to check during 'message' callback execution while performing silent auth via iframe (default: window.location.origin) */\n iframeScriptOrigin?: string;\n\n /** The URL for the page containing the code handling the silent renew */\n silent_redirect_uri?: string;\n /** Number of seconds to wait for the silent renew to return before assuming it has failed or timed out (default: 10) */\n silentRequestTimeoutInSeconds?: number;\n /** Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration (default: true) */\n automaticSilentRenew?: boolean;\n /** Flag to validate user.profile.sub in silent renew calls (default: true) */\n validateSubOnSilentRenew?: boolean;\n /** Flag to control if id_token is included as id_token_hint in silent renew calls (default: false) */\n includeIdTokenInSilentRenew?: boolean;\n\n /** Will raise events for when user has performed a signout at the OP (default: false) */\n monitorSession?: boolean;\n monitorAnonymousSession?: boolean;\n /** Interval in seconds to check the user's session (default: 2) */\n checkSessionIntervalInSeconds?: number;\n query_status_response_type?: string;\n stopCheckSessionOnError?: boolean;\n\n /**\n * The `token_type_hint`s to pass to the authority server by default (default: [\"access_token\", \"refresh_token\"])\n *\n * Token types will be revoked in the same order as they are given here.\n */\n revokeTokenTypes?: (\"access_token\" | \"refresh_token\")[];\n /** Will invoke the revocation endpoint on signout if there is an access token for the user (default: false) */\n revokeTokensOnSignout?: boolean;\n /** The number of seconds before an access token is to expire to raise the accessTokenExpiring event (default: 60) */\n accessTokenExpiringNotificationTimeInSeconds?: number;\n\n /**\n * Storage object used to persist User for currently authenticated user (default: window.sessionStorage, InMemoryWebStorage iff no window).\n * E.g. `userStore: new WebStorageStateStore({ store: window.localStorage })`\n */\n userStore?: WebStorageStateStore;\n}\n\n/**\n * The settings with defaults applied of the {@link UserManager}.\n * @see {@link UserManagerSettings}\n *\n * @public\n */\nexport class UserManagerSettingsStore extends OidcClientSettingsStore {\n public readonly popup_redirect_uri: string;\n public readonly popup_post_logout_redirect_uri: string | undefined;\n public readonly popupWindowFeatures: PopupWindowFeatures;\n public readonly popupWindowTarget: string;\n public readonly redirectMethod: \"replace\" | \"assign\";\n public readonly redirectTarget: \"top\" | \"self\";\n\n public readonly iframeNotifyParentOrigin: string | undefined;\n public readonly iframeScriptOrigin: string | undefined;\n\n public readonly silent_redirect_uri: string;\n public readonly silentRequestTimeoutInSeconds: number;\n public readonly automaticSilentRenew: boolean;\n public readonly validateSubOnSilentRenew: boolean;\n public readonly includeIdTokenInSilentRenew: boolean;\n\n public readonly monitorSession: boolean;\n public readonly monitorAnonymousSession: boolean;\n public readonly checkSessionIntervalInSeconds: number;\n public readonly query_status_response_type: string;\n public readonly stopCheckSessionOnError: boolean;\n\n public readonly revokeTokenTypes: (\"access_token\" | \"refresh_token\")[];\n public readonly revokeTokensOnSignout: boolean;\n public readonly accessTokenExpiringNotificationTimeInSeconds: number;\n\n public readonly userStore: WebStorageStateStore;\n\n public constructor(args: UserManagerSettings) {\n const {\n popup_redirect_uri = args.redirect_uri,\n popup_post_logout_redirect_uri = args.post_logout_redirect_uri,\n popupWindowFeatures = DefaultPopupWindowFeatures,\n popupWindowTarget = DefaultPopupTarget,\n redirectMethod = \"assign\",\n redirectTarget = \"self\",\n\n iframeNotifyParentOrigin = args.iframeNotifyParentOrigin,\n iframeScriptOrigin = args.iframeScriptOrigin,\n\n silent_redirect_uri = args.redirect_uri,\n silentRequestTimeoutInSeconds = DefaultSilentRequestTimeoutInSeconds,\n automaticSilentRenew = true,\n validateSubOnSilentRenew = true,\n includeIdTokenInSilentRenew = false,\n\n monitorSession = false,\n monitorAnonymousSession = false,\n checkSessionIntervalInSeconds = DefaultCheckSessionIntervalInSeconds,\n query_status_response_type = \"code\",\n stopCheckSessionOnError = true,\n\n revokeTokenTypes = [\"access_token\", \"refresh_token\"],\n revokeTokensOnSignout = false,\n accessTokenExpiringNotificationTimeInSeconds = DefaultAccessTokenExpiringNotificationTimeInSeconds,\n\n userStore,\n } = args;\n\n super(args);\n\n this.popup_redirect_uri = popup_redirect_uri;\n this.popup_post_logout_redirect_uri = popup_post_logout_redirect_uri;\n this.popupWindowFeatures = popupWindowFeatures;\n this.popupWindowTarget = popupWindowTarget;\n this.redirectMethod = redirectMethod;\n this.redirectTarget = redirectTarget;\n\n this.iframeNotifyParentOrigin = iframeNotifyParentOrigin;\n this.iframeScriptOrigin = iframeScriptOrigin;\n\n this.silent_redirect_uri = silent_redirect_uri;\n this.silentRequestTimeoutInSeconds = silentRequestTimeoutInSeconds;\n this.automaticSilentRenew = automaticSilentRenew;\n this.validateSubOnSilentRenew = validateSubOnSilentRenew;\n this.includeIdTokenInSilentRenew = includeIdTokenInSilentRenew;\n\n this.monitorSession = monitorSession;\n this.monitorAnonymousSession = monitorAnonymousSession;\n this.checkSessionIntervalInSeconds = checkSessionIntervalInSeconds;\n this.stopCheckSessionOnError = stopCheckSessionOnError;\n this.query_status_response_type = query_status_response_type;\n\n this.revokeTokenTypes = revokeTokenTypes;\n this.revokeTokensOnSignout = revokeTokensOnSignout;\n this.accessTokenExpiringNotificationTimeInSeconds = accessTokenExpiringNotificationTimeInSeconds;\n\n if (userStore) {\n this.userStore = userStore;\n }\n else {\n const store = typeof window !== \"undefined\" ? window.sessionStorage : new InMemoryWebStorage();\n this.userStore = new WebStorageStateStore({ store });\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport { ErrorTimeout } from \"../errors\";\nimport type { NavigateParams, NavigateResponse } from \"./IWindow\";\nimport { AbstractChildWindow } from \"./AbstractChildWindow\";\nimport { DefaultSilentRequestTimeoutInSeconds } from \"../UserManagerSettings\";\n\n/**\n * @public\n */\nexport interface IFrameWindowParams {\n silentRequestTimeoutInSeconds?: number;\n}\n\n/**\n * @internal\n */\nexport class IFrameWindow extends AbstractChildWindow {\n protected readonly _logger = new Logger(\"IFrameWindow\");\n private _frame: HTMLIFrameElement | null;\n private _timeoutInSeconds: number;\n\n public constructor({\n silentRequestTimeoutInSeconds = DefaultSilentRequestTimeoutInSeconds,\n }: IFrameWindowParams) {\n super();\n this._timeoutInSeconds = silentRequestTimeoutInSeconds;\n\n this._frame = IFrameWindow.createHiddenIframe();\n this._window = this._frame.contentWindow;\n }\n\n private static createHiddenIframe(): HTMLIFrameElement {\n const iframe = window.document.createElement(\"iframe\");\n\n // shotgun approach\n iframe.style.visibility = \"hidden\";\n iframe.style.position = \"fixed\";\n iframe.style.left = \"-1000px\";\n iframe.style.top = \"0\";\n iframe.width = \"0\";\n iframe.height = \"0\";\n iframe.setAttribute(\"sandbox\", \"allow-scripts allow-same-origin allow-forms\");\n\n window.document.body.appendChild(iframe);\n return iframe;\n }\n\n public async navigate(params: NavigateParams): Promise {\n this._logger.debug(\"navigate: Using timeout of:\", this._timeoutInSeconds);\n const timer = setTimeout(() => this._abort.raise(new ErrorTimeout(\"IFrame timed out without a response\")), this._timeoutInSeconds * 1000);\n this._disposeHandlers.add(() => clearTimeout(timer));\n\n return await super.navigate(params);\n }\n\n public close(): void {\n if (this._frame) {\n if (this._frame.parentNode) {\n this._frame.addEventListener(\"load\", (ev) => {\n const frame = ev.target as HTMLIFrameElement;\n frame.parentNode?.removeChild(frame);\n this._abort.raise(new Error(\"IFrame removed from DOM\"));\n }, true);\n this._frame.contentWindow?.location.replace(\"about:blank\");\n }\n this._frame = null;\n }\n this._window = null;\n }\n\n public static notifyParent(url: string, targetOrigin?: string): void {\n return super._notifyParent(window.parent, url, false, targetOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\nimport { IFrameWindow, IFrameWindowParams } from \"./IFrameWindow\";\nimport type { INavigator } from \"./INavigator\";\n\n/**\n * @internal\n */\nexport class IFrameNavigator implements INavigator {\n private readonly _logger = new Logger(\"IFrameNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n silentRequestTimeoutInSeconds = this._settings.silentRequestTimeoutInSeconds,\n }: IFrameWindowParams): Promise {\n return new IFrameWindow({ silentRequestTimeoutInSeconds });\n }\n\n public async callback(url: string): Promise {\n this._logger.create(\"callback\");\n IFrameWindow.notifyParent(url, this._settings.iframeNotifyParentOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, PopupUtils, PopupWindowFeatures } from \"../utils\";\nimport { DefaultPopupWindowFeatures, DefaultPopupTarget } from \"../UserManagerSettings\";\nimport { AbstractChildWindow } from \"./AbstractChildWindow\";\nimport type { NavigateParams, NavigateResponse } from \"./IWindow\";\n\nconst checkForPopupClosedInterval = 500;\n\n/**\n * @public\n */\nexport interface PopupWindowParams {\n popupWindowFeatures?: PopupWindowFeatures;\n popupWindowTarget?: string;\n}\n\n/**\n * @internal\n */\nexport class PopupWindow extends AbstractChildWindow {\n protected readonly _logger = new Logger(\"PopupWindow\");\n\n protected _window: WindowProxy | null;\n\n public constructor({\n popupWindowTarget = DefaultPopupTarget,\n popupWindowFeatures = {},\n }: PopupWindowParams) {\n super();\n const centeredPopup = PopupUtils.center({ ...DefaultPopupWindowFeatures, ...popupWindowFeatures });\n this._window = window.open(undefined, popupWindowTarget, PopupUtils.serialize(centeredPopup));\n }\n\n public async navigate(params: NavigateParams): Promise {\n this._window?.focus();\n\n const popupClosedInterval = setInterval(() => {\n if (!this._window || this._window.closed) {\n this._abort.raise(new Error(\"Popup closed by user\"));\n }\n }, checkForPopupClosedInterval);\n this._disposeHandlers.add(() => clearInterval(popupClosedInterval));\n\n return await super.navigate(params);\n }\n\n public close(): void {\n if (this._window) {\n if (!this._window.closed) {\n this._window.close();\n this._abort.raise(new Error(\"Popup closed\"));\n }\n }\n this._window = null;\n }\n\n public static notifyOpener(url: string, keepOpen: boolean): void {\n if (!window.opener) {\n throw new Error(\"No window.opener. Can't complete notification.\");\n }\n return super._notifyParent(window.opener, url, keepOpen);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport { PopupWindow, PopupWindowParams } from \"./PopupWindow\";\nimport type { INavigator } from \"./INavigator\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\n\n/**\n * @internal\n */\nexport class PopupNavigator implements INavigator {\n private readonly _logger = new Logger(\"PopupNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n popupWindowFeatures = this._settings.popupWindowFeatures,\n popupWindowTarget = this._settings.popupWindowTarget,\n }: PopupWindowParams): Promise {\n return new PopupWindow({ popupWindowFeatures, popupWindowTarget });\n }\n\n public async callback(url: string, keepOpen = false): Promise {\n this._logger.create(\"callback\");\n\n PopupWindow.notifyOpener(url, keepOpen);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\nimport type { INavigator } from \"./INavigator\";\nimport type { IWindow } from \"./IWindow\";\n\n/**\n * @public\n */\nexport interface RedirectParams {\n redirectMethod?: \"replace\" | \"assign\";\n redirectTarget?: \"top\" | \"self\";\n}\n\n/**\n * @internal\n */\nexport class RedirectNavigator implements INavigator {\n private readonly _logger = new Logger(\"RedirectNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n redirectMethod = this._settings.redirectMethod,\n redirectTarget = this._settings.redirectTarget,\n }: RedirectParams): Promise {\n this._logger.create(\"prepare\");\n let targetWindow = window.self as Window;\n\n if (redirectTarget === \"top\") {\n targetWindow = window.top ?? window.self;\n }\n \n const redirect = targetWindow.location[redirectMethod].bind(targetWindow.location) as (url: string) => never;\n let abort: (reason: Error) => void;\n return {\n navigate: async (params): Promise => {\n this._logger.create(\"navigate\");\n // We use a promise that never resolves to block the caller\n const promise = new Promise((resolve, reject) => {\n abort = reject;\n });\n redirect(params.url);\n return await (promise as Promise);\n },\n close: () => {\n this._logger.create(\"close\");\n abort?.(new Error(\"Redirect aborted\"));\n targetWindow.stop();\n },\n };\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Event } from \"./utils\";\nimport { AccessTokenEvents } from \"./AccessTokenEvents\";\nimport type { UserManagerSettingsStore } from \"./UserManagerSettings\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport type UserLoadedCallback = (user: User) => Promise | void;\n/**\n * @public\n */\nexport type UserUnloadedCallback = () => Promise | void;\n/**\n * @public\n */\nexport type SilentRenewErrorCallback = (error: Error) => Promise | void;\n/**\n * @public\n */\nexport type UserSignedInCallback = () => Promise | void;\n/**\n * @public\n */\nexport type UserSignedOutCallback = () => Promise | void;\n/**\n * @public\n */\nexport type UserSessionChangedCallback = () => Promise | void;\n\n/**\n * @public\n */\nexport class UserManagerEvents extends AccessTokenEvents {\n protected readonly _logger = new Logger(\"UserManagerEvents\");\n\n private readonly _userLoaded = new Event<[User]>(\"User loaded\");\n private readonly _userUnloaded = new Event<[]>(\"User unloaded\");\n private readonly _silentRenewError = new Event<[Error]>(\"Silent renew error\");\n private readonly _userSignedIn = new Event<[]>(\"User signed in\");\n private readonly _userSignedOut = new Event<[]>(\"User signed out\");\n private readonly _userSessionChanged = new Event<[]>(\"User session changed\");\n\n public constructor(settings: UserManagerSettingsStore) {\n super({ expiringNotificationTimeInSeconds: settings.accessTokenExpiringNotificationTimeInSeconds });\n }\n\n public load(user: User, raiseEvent=true): void {\n super.load(user);\n if (raiseEvent) {\n this._userLoaded.raise(user);\n }\n }\n public unload(): void {\n super.unload();\n this._userUnloaded.raise();\n }\n\n /**\n * Add callback: Raised when a user session has been established (or re-established).\n */\n public addUserLoaded(cb: UserLoadedCallback): () => void {\n return this._userLoaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been established (or re-established).\n */\n public removeUserLoaded(cb: UserLoadedCallback): void {\n return this._userLoaded.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised when a user session has been terminated.\n */\n public addUserUnloaded(cb: UserUnloadedCallback): () => void {\n return this._userUnloaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been terminated.\n */\n public removeUserUnloaded(cb: UserUnloadedCallback): void {\n return this._userUnloaded.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised when the automatic silent renew has failed.\n */\n public addSilentRenewError(cb: SilentRenewErrorCallback): () => void {\n return this._silentRenewError.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the automatic silent renew has failed.\n */\n public removeSilentRenewError(cb: SilentRenewErrorCallback): void {\n return this._silentRenewError.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseSilentRenewError(e: Error): void {\n this._silentRenewError.raise(e);\n }\n\n /**\n * Add callback: Raised when the user is signed in (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSignedIn(cb: UserSignedInCallback): () => void {\n return this._userSignedIn.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user is signed in (when `monitorSession` is set).\n */\n public removeUserSignedIn(cb: UserSignedInCallback): void {\n this._userSignedIn.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseUserSignedIn(): void {\n this._userSignedIn.raise();\n }\n\n /**\n * Add callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSignedOut(cb: UserSignedOutCallback): () => void {\n return this._userSignedOut.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n */\n public removeUserSignedOut(cb: UserSignedOutCallback): void {\n this._userSignedOut.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseUserSignedOut(): void {\n this._userSignedOut.raise();\n }\n\n /**\n * Add callback: Raised when the user session changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSessionChanged(cb: UserSessionChangedCallback): () => void {\n return this._userSessionChanged.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user session changed (when `monitorSession` is set).\n */\n public removeUserSessionChanged(cb: UserSessionChangedCallback): void {\n this._userSessionChanged.removeHandler(cb);\n }\n /**\n * @internal\n */\n public _raiseUserSessionChanged(): void {\n this._userSessionChanged.raise();\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport { ErrorTimeout } from \"./errors\";\nimport type { UserManager } from \"./UserManager\";\nimport type { AccessTokenCallback } from \"./AccessTokenEvents\";\n\n/**\n * @internal\n */\nexport class SilentRenewService {\n protected _logger = new Logger(\"SilentRenewService\");\n private _isStarted = false;\n private readonly _retryTimer = new Timer(\"Retry Silent Renew\");\n\n public constructor(private _userManager: UserManager) {}\n\n public async start(): Promise {\n const logger = this._logger.create(\"start\");\n if (!this._isStarted) {\n this._isStarted = true;\n this._userManager.events.addAccessTokenExpiring(this._tokenExpiring);\n this._retryTimer.addHandler(this._tokenExpiring);\n\n // this will trigger loading of the user so the expiring events can be initialized\n try {\n await this._userManager.getUser();\n // deliberate nop\n }\n catch (err) {\n // catch to suppress errors since we're in a ctor\n logger.error(\"getUser error\", err);\n }\n }\n }\n\n public stop(): void {\n if (this._isStarted) {\n this._retryTimer.cancel();\n this._retryTimer.removeHandler(this._tokenExpiring);\n this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring);\n this._isStarted = false;\n }\n }\n\n protected _tokenExpiring: AccessTokenCallback = async () => {\n const logger = this._logger.create(\"_tokenExpiring\");\n try {\n await this._userManager.signinSilent();\n logger.debug(\"silent token renewal successful\");\n }\n catch (err) {\n if (err instanceof ErrorTimeout) {\n // no response from authority server, e.g. IFrame timeout, ...\n logger.warn(\"ErrorTimeout from signinSilent:\", err, \"retry in 5s\");\n this._retryTimer.init(5);\n return;\n }\n\n logger.error(\"Error from signinSilent:\", err);\n this._userManager.events._raiseSilentRenewError(err as Error);\n }\n };\n}\n", "// Copyright (C) AuthTS Contributors\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * Fake state store implementation necessary for validating refresh token requests.\n *\n * @internal\n */\nexport class RefreshState {\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n public readonly data: unknown | undefined;\n\n public readonly refresh_token: string;\n public readonly id_token?: string;\n public readonly session_state: string | null;\n public readonly scope?: string;\n\n constructor(args: {\n refresh_token: string;\n id_token?: string;\n session_state: string | null;\n scope?: string;\n state?: unknown;\n }) {\n this.refresh_token = args.refresh_token;\n this.id_token = args.id_token;\n this.session_state = args.session_state;\n this.scope = args.scope;\n this.data = args.state;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport { IFrameNavigator, NavigateResponse, PopupNavigator, RedirectNavigator, PopupWindowParams,\n IWindow, IFrameWindowParams, RedirectParams } from \"./navigators\";\nimport { OidcClient, CreateSigninRequestArgs, CreateSignoutRequestArgs } from \"./OidcClient\";\nimport { UserManagerSettings, UserManagerSettingsStore } from \"./UserManagerSettings\";\nimport { User } from \"./User\";\nimport { UserManagerEvents } from \"./UserManagerEvents\";\nimport { SilentRenewService } from \"./SilentRenewService\";\nimport { SessionMonitor } from \"./SessionMonitor\";\nimport type { SessionStatus } from \"./SessionStatus\";\nimport type { SignoutResponse } from \"./SignoutResponse\";\nimport type { MetadataService } from \"./MetadataService\";\nimport { RefreshState } from \"./RefreshState\";\n\n/**\n * @public\n */\nexport type ExtraSigninRequestArgs = Pick;\n/**\n * @public\n */\nexport type ExtraSignoutRequestArgs = Pick;\n\n/**\n * @public\n */\nexport type RevokeTokensTypes = UserManagerSettings[\"revokeTokenTypes\"];\n\n/**\n * @public\n */\nexport type SigninRedirectArgs = RedirectParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninPopupArgs = PopupWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninSilentArgs = IFrameWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type QuerySessionStatusArgs = IFrameWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutRedirectArgs = RedirectParams & ExtraSignoutRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutPopupArgs = PopupWindowParams & ExtraSignoutRequestArgs;\n\n/**\n * Provides a higher level API for signing a user in, signing out, managing the user's claims returned from the OIDC provider,\n * and managing an access token returned from the OIDC/OAuth2 provider.\n *\n * @public\n */\nexport class UserManager {\n /** Returns the settings used to configure the `UserManager`. */\n public readonly settings: UserManagerSettingsStore;\n protected readonly _logger = new Logger(\"UserManager\");\n\n protected readonly _client: OidcClient;\n protected readonly _redirectNavigator: RedirectNavigator;\n protected readonly _popupNavigator: PopupNavigator;\n protected readonly _iframeNavigator: IFrameNavigator;\n protected readonly _events: UserManagerEvents;\n protected readonly _silentRenewService: SilentRenewService;\n protected readonly _sessionMonitor: SessionMonitor | null;\n\n public constructor(settings: UserManagerSettings) {\n this.settings = new UserManagerSettingsStore(settings);\n\n this._client = new OidcClient(settings);\n\n this._redirectNavigator = new RedirectNavigator(this.settings);\n this._popupNavigator = new PopupNavigator(this.settings);\n this._iframeNavigator = new IFrameNavigator(this.settings);\n\n this._events = new UserManagerEvents(this.settings);\n this._silentRenewService = new SilentRenewService(this);\n\n // order is important for the following properties; these services depend upon the events.\n if (this.settings.automaticSilentRenew) {\n this.startSilentRenew();\n }\n\n this._sessionMonitor = null;\n if (this.settings.monitorSession) {\n this._sessionMonitor = new SessionMonitor(this);\n }\n\n }\n\n /** Returns an object used to register for events raised by the `UserManager`. */\n public get events(): UserManagerEvents {\n return this._events;\n }\n\n /** Returns an object used to access the metadata configuration of the OIDC provider. */\n public get metadataService(): MetadataService {\n return this._client.metadataService;\n }\n\n /**\n * Returns promise to load the `User` object for the currently authenticated user.\n */\n public async getUser(): Promise {\n const logger = this._logger.create(\"getUser\");\n const user = await this._loadUser();\n if (user) {\n logger.info(\"user loaded\");\n this._events.load(user, false);\n return user;\n }\n\n logger.info(\"user not found in storage\");\n return null;\n }\n\n /**\n * Returns promise to remove from any storage the currently authenticated user.\n */\n public async removeUser(): Promise {\n const logger = this._logger.create(\"removeUser\");\n await this.storeUser(null);\n logger.info(\"user removed from storage\");\n this._events.unload();\n }\n\n /**\n * Returns promise to trigger a redirect of the current window to the authorization endpoint.\n */\n public async signinRedirect(args: SigninRedirectArgs = {}): Promise {\n this._logger.create(\"signinRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signinStart({\n request_type: \"si:r\",\n ...requestArgs,\n }, handle);\n }\n\n /**\n * Returns promise to process response from the authorization endpoint. The result of the promise is the authenticated `User`.\n */\n public async signinRedirectCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signinRedirectCallback\");\n const user = await this._signinEnd(url);\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n\n return user;\n }\n\n /**\n * Returns promise to trigger a request (via a popup window) to the authorization endpoint. The result of the promise is the authenticated `User`.\n */\n public async signinPopup(args: SigninPopupArgs = {}): Promise {\n const logger = this._logger.create(\"signinPopup\");\n const {\n popupWindowFeatures,\n popupWindowTarget,\n ...requestArgs\n } = args;\n const url = this.settings.popup_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No popup_redirect_uri configured\"));\n }\n\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget });\n const user = await this._signin({\n request_type: \"si:p\",\n redirect_uri: url,\n display: \"popup\",\n ...requestArgs,\n }, handle);\n if (user) {\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n }\n\n return user;\n }\n /**\n * Returns promise to notify the opening window of response from the authorization endpoint.\n */\n public async signinPopupCallback(url = window.location.href, keepOpen = false): Promise {\n const logger = this._logger.create(\"signinPopupCallback\");\n await this._popupNavigator.callback(url, keepOpen);\n logger.info(\"success\");\n }\n\n /**\n * Returns promise to trigger a silent request (via an iframe) to the authorization endpoint.\n * The result of the promise is the authenticated `User`.\n */\n public async signinSilent(args: SigninSilentArgs = {}): Promise {\n const logger = this._logger.create(\"signinSilent\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n // first determine if we have a refresh token, or need to use iframe\n let user = await this._loadUser();\n if (user?.refresh_token) {\n logger.debug(\"using refresh token\");\n const state = new RefreshState(user as Required);\n return await this._useRefreshToken(state);\n }\n\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n\n let verifySub: string | undefined;\n if (user && this.settings.validateSubOnSilentRenew) {\n logger.debug(\"subject prior to silent renew:\", user.profile.sub);\n verifySub = user.profile.sub;\n }\n\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n user = await this._signin({\n request_type: \"si:s\",\n redirect_uri: url,\n prompt: \"none\",\n id_token_hint: this.settings.includeIdTokenInSilentRenew ? user?.id_token : undefined,\n ...requestArgs,\n }, handle, verifySub);\n if (user) {\n if (user.profile?.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n }\n\n return user;\n }\n\n protected async _useRefreshToken(state: RefreshState): Promise {\n const response = await this._client.useRefreshToken({\n state,\n timeoutInSeconds: this.settings.silentRequestTimeoutInSeconds,\n });\n const user = new User({ ...state, ...response });\n\n await this.storeUser(user);\n this._events.load(user);\n return user;\n }\n\n /**\n * Returns promise to notify the parent window of response from the authorization endpoint.\n */\n public async signinSilentCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signinSilentCallback\");\n await this._iframeNavigator.callback(url);\n logger.info(\"success\");\n }\n\n public async signinCallback(url = window.location.href): Promise {\n const { state } = await this._client.readSigninResponseState(url);\n switch (state.request_type) {\n case \"si:r\":\n return await this.signinRedirectCallback(url);\n case \"si:p\":\n return await this.signinPopupCallback(url);\n case \"si:s\":\n return await this.signinSilentCallback(url);\n default:\n throw new Error(\"invalid response_type in state\");\n }\n }\n\n public async signoutCallback(url = window.location.href, keepOpen = false): Promise {\n const { state } = await this._client.readSignoutResponseState(url);\n if (!state) {\n return;\n }\n\n switch (state.request_type) {\n case \"so:r\":\n await this.signoutRedirectCallback(url);\n break;\n case \"so:p\":\n await this.signoutPopupCallback(url, keepOpen);\n break;\n default:\n throw new Error(\"invalid response_type in state\");\n }\n }\n\n /**\n * Returns promise to query OP for user's current signin status. Returns object with session_state and subject identifier.\n */\n public async querySessionStatus(args: QuerySessionStatusArgs = {}): Promise {\n const logger = this._logger.create(\"querySessionStatus\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n const navResponse = await this._signinStart({\n request_type: \"si:s\", // this acts like a signin silent\n redirect_uri: url,\n prompt: \"none\",\n response_type: this.settings.query_status_response_type,\n scope: \"openid\",\n skipUserInfo: true,\n ...requestArgs,\n }, handle);\n try {\n const signinResponse = await this._client.processSigninResponse(navResponse.url);\n logger.debug(\"got signin response\");\n\n if (signinResponse.session_state && signinResponse.profile.sub) {\n logger.info(\"success for subject\", signinResponse.profile.sub);\n return {\n session_state: signinResponse.session_state,\n sub: signinResponse.profile.sub,\n sid: signinResponse.profile.sid,\n };\n }\n\n logger.info(\"success, user not authenticated\");\n return null;\n }\n catch (err) {\n if (this.settings.monitorAnonymousSession && err instanceof ErrorResponse) {\n switch (err.error) {\n case \"login_required\":\n case \"consent_required\":\n case \"interaction_required\":\n case \"account_selection_required\":\n logger.info(\"success for anonymous user\");\n return {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n session_state: err.session_state!,\n };\n }\n }\n throw err;\n }\n }\n\n protected async _signin(args: CreateSigninRequestArgs, handle: IWindow, verifySub?: string): Promise {\n const navResponse = await this._signinStart(args, handle);\n return await this._signinEnd(navResponse.url, verifySub);\n }\n protected async _signinStart(args: CreateSigninRequestArgs, handle: IWindow): Promise {\n const logger = this._logger.create(\"_signinStart\");\n\n try {\n const signinRequest = await this._client.createSigninRequest(args);\n logger.debug(\"got signin request\");\n\n return await handle.navigate({\n url: signinRequest.url,\n state: signinRequest.state.id,\n response_mode: signinRequest.state.response_mode,\n scriptOrigin: this.settings.iframeScriptOrigin,\n });\n }\n catch (err) {\n logger.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n protected async _signinEnd(url: string, verifySub?: string): Promise {\n const logger = this._logger.create(\"_signinEnd\");\n const signinResponse = await this._client.processSigninResponse(url);\n logger.debug(\"got signin response\");\n\n const user = new User(signinResponse);\n if (verifySub) {\n if (verifySub !== user.profile.sub) {\n logger.debug(\"current user does not match user returned from signin. sub from signin:\", user.profile.sub);\n throw new ErrorResponse({ ...signinResponse, error: \"login_required\" });\n }\n logger.debug(\"current user matches user returned from signin\");\n }\n\n await this.storeUser(user);\n logger.debug(\"user stored\");\n this._events.load(user);\n\n return user;\n }\n\n /**\n * Returns promise to trigger a redirect of the current window to the end session endpoint.\n */\n public async signoutRedirect(args: SignoutRedirectArgs = {}): Promise {\n const logger = this._logger.create(\"signoutRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signoutStart({\n request_type: \"so:r\",\n post_logout_redirect_uri: this.settings.post_logout_redirect_uri,\n ...requestArgs,\n }, handle);\n logger.info(\"success\");\n }\n\n /**\n * Returns promise to process response from the end session endpoint.\n */\n public async signoutRedirectCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signoutRedirectCallback\");\n const response = await this._signoutEnd(url);\n logger.info(\"success\");\n return response;\n }\n\n /**\n * Returns promise to trigger a redirect of a popup window window to the end session endpoint.\n */\n public async signoutPopup(args: SignoutPopupArgs = {}): Promise {\n const logger = this._logger.create(\"signoutPopup\");\n const {\n popupWindowFeatures,\n popupWindowTarget,\n ...requestArgs\n } = args;\n const url = this.settings.popup_post_logout_redirect_uri;\n\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget });\n await this._signout({\n request_type: \"so:p\",\n post_logout_redirect_uri: url,\n // we're putting a dummy entry in here because we\n // need a unique id from the state for notification\n // to the parent window, which is necessary if we\n // plan to return back to the client after signout\n // and so we can close the popup after signout\n state: url == null ? undefined : {},\n ...requestArgs,\n }, handle);\n logger.info(\"success\");\n }\n\n /**\n * Returns promise to process response from the end session endpoint from a popup window.\n */\n public async signoutPopupCallback(url = window.location.href, keepOpen = false): Promise {\n const logger = this._logger.create(\"signoutPopupCallback\");\n await this._popupNavigator.callback(url, keepOpen);\n logger.info(\"success\");\n }\n\n protected async _signout(args: CreateSignoutRequestArgs, handle: IWindow): Promise {\n const navResponse = await this._signoutStart(args, handle);\n return await this._signoutEnd(navResponse.url);\n }\n protected async _signoutStart(args: CreateSignoutRequestArgs = {}, handle: IWindow): Promise {\n const logger = this._logger.create(\"_signoutStart\");\n\n try {\n const user = await this._loadUser();\n logger.debug(\"loaded current user from storage\");\n\n if (this.settings.revokeTokensOnSignout) {\n await this._revokeInternal(user);\n }\n\n const id_token = args.id_token_hint || user && user.id_token;\n if (id_token) {\n logger.debug(\"setting id_token_hint in signout request\");\n args.id_token_hint = id_token;\n }\n\n await this.removeUser();\n logger.debug(\"user removed, creating signout request\");\n\n const signoutRequest = await this._client.createSignoutRequest(args);\n logger.debug(\"got signout request\");\n\n return await handle.navigate({\n url: signoutRequest.url,\n state: signoutRequest.state?.id,\n });\n }\n catch (err) {\n logger.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n protected async _signoutEnd(url: string): Promise {\n const logger = this._logger.create(\"_signoutEnd\");\n const signoutResponse = await this._client.processSignoutResponse(url);\n logger.debug(\"got signout response\");\n\n return signoutResponse;\n }\n\n public async revokeTokens(types?: RevokeTokensTypes): Promise {\n const user = await this._loadUser();\n await this._revokeInternal(user, types);\n }\n\n protected async _revokeInternal(user: User | null, types = this.settings.revokeTokenTypes): Promise {\n const logger = this._logger.create(\"_revokeInternal\");\n if (!user) return;\n\n const typesPresent = types.filter(type => typeof user[type] === \"string\");\n\n if (!typesPresent.length) {\n logger.debug(\"no need to revoke due to no token(s)\");\n return;\n }\n\n // don't Promise.all, order matters\n for (const type of typesPresent) {\n await this._client.revokeToken(\n user[type]!, // eslint-disable-line @typescript-eslint/no-non-null-assertion\n type,\n );\n logger.info(`${type} revoked successfully`);\n if (type !== \"access_token\") {\n user[type] = null as never;\n }\n }\n\n await this.storeUser(user);\n logger.debug(\"user stored\");\n this._events.load(user);\n }\n\n /**\n * Enables silent renew for the `UserManager`.\n */\n public startSilentRenew(): void {\n this._logger.create(\"startSilentRenew\");\n void this._silentRenewService.start();\n }\n\n /**\n * Disables silent renew for the `UserManager`.\n */\n public stopSilentRenew(): void {\n this._silentRenewService.stop();\n }\n\n protected get _userStoreKey(): string {\n return `user:${this.settings.authority}:${this.settings.client_id}`;\n }\n\n protected async _loadUser(): Promise {\n const logger = this._logger.create(\"_loadUser\");\n const storageString = await this.settings.userStore.get(this._userStoreKey);\n if (storageString) {\n logger.debug(\"user storageString loaded\");\n return User.fromStorageString(storageString);\n }\n\n logger.debug(\"no user storageString\");\n return null;\n }\n\n public async storeUser(user: User | null): Promise {\n const logger = this._logger.create(\"storeUser\");\n if (user) {\n logger.debug(\"storing user\");\n const storageString = user.toStorageString();\n await this.settings.userStore.set(this._userStoreKey, storageString);\n }\n else {\n this._logger.debug(\"removing user\");\n await this.settings.userStore.remove(this._userStoreKey);\n }\n }\n\n /**\n * Removes stale state entries in storage for incomplete authorize requests.\n */\n public async clearStaleState(): Promise {\n await this._client.clearStaleState();\n }\n}\n", "// @ts-expect-error avoid enabling resolveJsonModule to keep build process simple\nimport { version } from \"../package.json\";\n\n/**\n * @public\n */\nexport const Version: string = version;\n"], "mappings": "86BAAA,kBCAA,oBAAC,AAAC,UAAU,EAAM,EAAS,CAC1B,AAAI,MAAO,KAAY,SAEtB,GAAO,QAAU,GAAU,EAAQ,EAE/B,AAAI,MAAO,SAAW,YAAc,OAAO,IAE/C,OAAO,CAAC,EAAG,CAAO,EAIlB,EAAK,SAAW,EAAQ,CAE1B,GAAE,GAAM,UAAY,CAOnB,GAAI,GAAW,GAAa,SAAU,EAAM,EAAW,CAEnD,GAAI,GA4BJ,GAzBI,MAAO,QAAW,KAAe,OAAO,QACxC,GAAS,OAAO,QAIhB,MAAO,MAAS,KAAe,KAAK,QACpC,GAAS,KAAK,QAId,MAAO,YAAe,KAAe,WAAW,QAChD,GAAS,WAAW,QAIpB,CAAC,GAAU,MAAO,QAAW,KAAe,OAAO,UACnD,GAAS,OAAO,UAIhB,CAAC,GAAU,MAAO,QAAW,KAAe,OAAO,QACnD,GAAS,OAAO,QAIhB,CAAC,GAAU,MAAO,KAAY,WAC9B,GAAI,CACA,EAAS,IACb,MAAE,CAAa,CAQnB,GAAI,GAAwB,UAAY,CACpC,GAAI,EAAQ,CAER,GAAI,MAAO,GAAO,iBAAoB,WAClC,GAAI,CACA,MAAO,GAAO,gBAAgB,GAAI,aAAY,CAAC,CAAC,EAAE,EACtD,MAAE,CAAa,CAInB,GAAI,MAAO,GAAO,aAAgB,WAC9B,GAAI,CACA,MAAO,GAAO,YAAY,CAAC,EAAE,YAAY,CAC7C,MAAE,CAAa,CAEvB,CAEA,KAAM,IAAI,OAAM,qEAAqE,CACzF,EAMI,EAAS,OAAO,QAAW,UAAY,CACvC,YAAa,CAAC,CAEd,MAAO,UAAU,EAAK,CAClB,GAAI,GAEJ,SAAE,UAAY,EAEd,EAAU,GAAI,GAEd,EAAE,UAAY,KAEP,CACX,CACJ,EAAE,EAKE,EAAI,CAAC,EAKL,EAAQ,EAAE,IAAM,CAAC,EAKjB,EAAO,EAAM,KAAQ,UAAY,CAGjC,MAAO,CAmBH,OAAQ,SAAU,EAAW,CAEzB,GAAI,GAAU,EAAO,IAAI,EAGzB,MAAI,IACA,EAAQ,MAAM,CAAS,EAIvB,EAAC,EAAQ,eAAe,MAAM,GAAK,KAAK,OAAS,EAAQ,OACzD,GAAQ,KAAO,UAAY,CACvB,EAAQ,OAAO,KAAK,MAAM,KAAM,SAAS,CAC7C,GAIJ,EAAQ,KAAK,UAAY,EAGzB,EAAQ,OAAS,KAEV,CACX,EAcA,OAAQ,UAAY,CAChB,GAAI,GAAW,KAAK,OAAO,EAC3B,SAAS,KAAK,MAAM,EAAU,SAAS,EAEhC,CACX,EAcA,KAAM,UAAY,CAClB,EAaA,MAAO,SAAU,EAAY,CACzB,OAAS,KAAgB,GACrB,AAAI,EAAW,eAAe,CAAY,GACtC,MAAK,GAAgB,EAAW,IAKxC,AAAI,EAAW,eAAe,UAAU,GACpC,MAAK,SAAW,EAAW,SAEnC,EAWA,MAAO,UAAY,CACf,MAAO,MAAK,KAAK,UAAU,OAAO,IAAI,CAC1C,CACJ,CACJ,EAAE,EAQE,EAAY,EAAM,UAAY,EAAK,OAAO,CAa1C,KAAM,SAAU,EAAO,EAAU,CAC7B,EAAQ,KAAK,MAAQ,GAAS,CAAC,EAE/B,AAAI,GAAY,EACZ,KAAK,SAAW,EAEhB,KAAK,SAAW,EAAM,OAAS,CAEvC,EAeA,SAAU,SAAU,EAAS,CACzB,MAAQ,IAAW,GAAK,UAAU,IAAI,CAC1C,EAaA,OAAQ,SAAU,EAAW,CAEzB,GAAI,GAAY,KAAK,MACjB,EAAY,EAAU,MACtB,EAAe,KAAK,SACpB,EAAe,EAAU,SAM7B,GAHA,KAAK,MAAM,EAGP,EAAe,EAEf,OAAS,GAAI,EAAG,EAAI,EAAc,IAAK,CACnC,GAAI,GAAY,EAAU,IAAM,KAAQ,GAAM,EAAI,EAAK,EAAM,IAC7D,EAAW,EAAe,IAAO,IAAM,GAAa,GAAO,GAAe,GAAK,EAAK,CACxF,KAGA,QAAS,GAAI,EAAG,EAAI,EAAc,GAAK,EACnC,EAAW,EAAe,IAAO,GAAK,EAAU,IAAM,GAG9D,YAAK,UAAY,EAGV,IACX,EASA,MAAO,UAAY,CAEf,GAAI,GAAQ,KAAK,MACb,EAAW,KAAK,SAGpB,EAAM,IAAa,IAAM,YAAe,GAAM,EAAW,EAAK,EAC9D,EAAM,OAAS,EAAK,KAAK,EAAW,CAAC,CACzC,EAWA,MAAO,UAAY,CACf,GAAI,GAAQ,EAAK,MAAM,KAAK,IAAI,EAChC,SAAM,MAAQ,KAAK,MAAM,MAAM,CAAC,EAEzB,CACX,EAeA,OAAQ,SAAU,EAAQ,CAGtB,OAFI,GAAQ,CAAC,EAEJ,EAAI,EAAG,EAAI,EAAQ,GAAK,EAC7B,EAAM,KAAK,EAAsB,CAAC,EAGtC,MAAO,IAAI,GAAU,KAAK,EAAO,CAAM,CAC3C,CACJ,CAAC,EAKG,EAAQ,EAAE,IAAM,CAAC,EAKjB,EAAM,EAAM,IAAM,CAclB,UAAW,SAAU,EAAW,CAO5B,OALI,GAAQ,EAAU,MAClB,EAAW,EAAU,SAGrB,EAAW,CAAC,EACP,EAAI,EAAG,EAAI,EAAU,IAAK,CAC/B,GAAI,GAAQ,EAAM,IAAM,KAAQ,GAAM,EAAI,EAAK,EAAM,IACrD,EAAS,KAAM,KAAS,GAAG,SAAS,EAAE,CAAC,EACvC,EAAS,KAAM,GAAO,IAAM,SAAS,EAAE,CAAC,CAC5C,CAEA,MAAO,GAAS,KAAK,EAAE,CAC3B,EAeA,MAAO,SAAU,EAAQ,CAMrB,OAJI,GAAe,EAAO,OAGtB,EAAQ,CAAC,EACJ,EAAI,EAAG,EAAI,EAAc,GAAK,EACnC,EAAM,IAAM,IAAM,SAAS,EAAO,OAAO,EAAG,CAAC,EAAG,EAAE,GAAM,GAAM,EAAI,EAAK,EAG3E,MAAO,IAAI,GAAU,KAAK,EAAO,EAAe,CAAC,CACrD,CACJ,EAKI,EAAS,EAAM,OAAS,CAcxB,UAAW,SAAU,EAAW,CAO5B,OALI,GAAQ,EAAU,MAClB,EAAW,EAAU,SAGrB,EAAc,CAAC,EACV,EAAI,EAAG,EAAI,EAAU,IAAK,CAC/B,GAAI,GAAQ,EAAM,IAAM,KAAQ,GAAM,EAAI,EAAK,EAAM,IACrD,EAAY,KAAK,OAAO,aAAa,CAAI,CAAC,CAC9C,CAEA,MAAO,GAAY,KAAK,EAAE,CAC9B,EAeA,MAAO,SAAU,EAAW,CAMxB,OAJI,GAAkB,EAAU,OAG5B,EAAQ,CAAC,EACJ,EAAI,EAAG,EAAI,EAAiB,IACjC,EAAM,IAAM,IAAO,GAAU,WAAW,CAAC,EAAI,MAAU,GAAM,EAAI,EAAK,EAG1E,MAAO,IAAI,GAAU,KAAK,EAAO,CAAe,CACpD,CACJ,EAKI,EAAO,EAAM,KAAO,CAcpB,UAAW,SAAU,EAAW,CAC5B,GAAI,CACA,MAAO,oBAAmB,OAAO,EAAO,UAAU,CAAS,CAAC,CAAC,CACjE,MAAE,CACE,KAAM,IAAI,OAAM,sBAAsB,CAC1C,CACJ,EAeA,MAAO,SAAU,EAAS,CACtB,MAAO,GAAO,MAAM,SAAS,mBAAmB,CAAO,CAAC,CAAC,CAC7D,CACJ,EASI,EAAyB,EAAM,uBAAyB,EAAK,OAAO,CAQpE,MAAO,UAAY,CAEf,KAAK,MAAQ,GAAI,GAAU,KAC3B,KAAK,YAAc,CACvB,EAYA,QAAS,SAAU,EAAM,CAErB,AAAI,MAAO,IAAQ,UACf,GAAO,EAAK,MAAM,CAAI,GAI1B,KAAK,MAAM,OAAO,CAAI,EACtB,KAAK,aAAe,EAAK,QAC7B,EAgBA,SAAU,SAAU,EAAS,CACzB,GAAI,GAGA,EAAO,KAAK,MACZ,EAAY,EAAK,MACjB,EAAe,EAAK,SACpB,EAAY,KAAK,UACjB,EAAiB,EAAY,EAG7B,EAAe,EAAe,EAClC,AAAI,EAEA,EAAe,EAAK,KAAK,CAAY,EAIrC,EAAe,EAAK,IAAK,GAAe,GAAK,KAAK,eAAgB,CAAC,EAIvE,GAAI,GAAc,EAAe,EAG7B,EAAc,EAAK,IAAI,EAAc,EAAG,CAAY,EAGxD,GAAI,EAAa,CACb,OAAS,GAAS,EAAG,EAAS,EAAa,GAAU,EAEjD,KAAK,gBAAgB,EAAW,CAAM,EAI1C,EAAiB,EAAU,OAAO,EAAG,CAAW,EAChD,EAAK,UAAY,CACrB,CAGA,MAAO,IAAI,GAAU,KAAK,EAAgB,CAAW,CACzD,EAWA,MAAO,UAAY,CACf,GAAI,GAAQ,EAAK,MAAM,KAAK,IAAI,EAChC,SAAM,MAAQ,KAAK,MAAM,MAAM,EAExB,CACX,EAEA,eAAgB,CACpB,CAAC,EAOG,EAAS,EAAM,OAAS,EAAuB,OAAO,CAItD,IAAK,EAAK,OAAO,EAWjB,KAAM,SAAU,EAAK,CAEjB,KAAK,IAAM,KAAK,IAAI,OAAO,CAAG,EAG9B,KAAK,MAAM,CACf,EASA,MAAO,UAAY,CAEf,EAAuB,MAAM,KAAK,IAAI,EAGtC,KAAK,SAAS,CAClB,EAcA,OAAQ,SAAU,EAAe,CAE7B,YAAK,QAAQ,CAAa,EAG1B,KAAK,SAAS,EAGP,IACX,EAgBA,SAAU,SAAU,EAAe,CAE/B,AAAI,GACA,KAAK,QAAQ,CAAa,EAI9B,GAAI,GAAO,KAAK,YAAY,EAE5B,MAAO,EACX,EAEA,UAAW,IAAI,GAef,cAAe,SAAU,EAAQ,CAC7B,MAAO,UAAU,EAAS,EAAK,CAC3B,MAAO,IAAI,GAAO,KAAK,CAAG,EAAE,SAAS,CAAO,CAChD,CACJ,EAeA,kBAAmB,SAAU,EAAQ,CACjC,MAAO,UAAU,EAAS,EAAK,CAC3B,MAAO,IAAI,GAAO,KAAK,KAAK,EAAQ,CAAG,EAAE,SAAS,CAAO,CAC7D,CACJ,CACJ,CAAC,EAKG,EAAS,EAAE,KAAO,CAAC,EAEvB,MAAO,EACX,EAAE,IAAI,EAGN,MAAO,EAER,CAAC,ICtyBD,oBAAC,AAAC,UAAU,EAAM,EAAS,CAC1B,AAAI,MAAO,KAAY,SAEtB,GAAO,QAAU,GAAU,EAAQ,IAAiB,EAEhD,AAAI,MAAO,SAAW,YAAc,OAAO,IAE/C,OAAO,CAAC,QAAQ,EAAG,CAAO,EAI1B,EAAQ,EAAK,QAAQ,CAEvB,GAAE,GAAM,SAAU,EAAU,CAE3B,MAAC,UAAU,EAAM,CAEb,GAAI,GAAI,EACJ,EAAQ,EAAE,IACV,EAAY,EAAM,UAClB,EAAS,EAAM,OACf,EAAS,EAAE,KAGX,EAAI,CAAC,EACL,EAAI,CAAC,EAGT,AAAC,WAAY,CACT,WAAiB,EAAG,CAEhB,OADI,GAAQ,EAAK,KAAK,CAAC,EACd,EAAS,EAAG,GAAU,EAAO,IAClC,GAAI,CAAE,GAAI,GACN,MAAO,GAIf,MAAO,EACX,CAEA,WAA2B,EAAG,CAC1B,MAAS,GAAK,GAAI,IAAM,WAAe,CAC3C,CAIA,OAFI,GAAI,EACJ,EAAS,EACN,EAAS,IACZ,AAAI,EAAQ,CAAC,GACL,GAAS,GACT,GAAE,GAAU,EAAkB,EAAK,IAAI,EAAG,EAAI,CAAC,CAAC,GAEpD,EAAE,GAAU,EAAkB,EAAK,IAAI,EAAG,EAAI,CAAC,CAAC,EAEhD,KAGJ,GAER,GAAE,EAGF,GAAI,GAAI,CAAC,EAKL,EAAS,EAAO,OAAS,EAAO,OAAO,CACvC,SAAU,UAAY,CAClB,KAAK,MAAQ,GAAI,GAAU,KAAK,EAAE,MAAM,CAAC,CAAC,CAC9C,EAEA,gBAAiB,SAAU,EAAG,EAAQ,CAelC,OAbI,GAAI,KAAK,MAAM,MAGf,EAAI,EAAE,GACN,EAAI,EAAE,GACN,EAAI,EAAE,GACN,EAAI,EAAE,GACN,EAAI,EAAE,GACN,EAAI,EAAE,GACN,EAAI,EAAE,GACN,EAAI,EAAE,GAGD,EAAI,EAAG,EAAI,GAAI,IAAK,CACzB,GAAI,EAAI,GACJ,EAAE,GAAK,EAAE,EAAS,GAAK,MACpB,CACH,GAAI,GAAU,EAAE,EAAI,IAChB,EAAY,IAAW,GAAO,IAAY,GAC9B,IAAW,GAAO,IAAY,IAC9B,IAAY,EAExB,EAAU,EAAE,EAAI,GAChB,EAAY,IAAW,GAAO,IAAY,IAC9B,IAAW,GAAO,IAAY,IAC9B,IAAY,GAE5B,EAAE,GAAK,EAAS,EAAE,EAAI,GAAK,EAAS,EAAE,EAAI,GAC9C,CAEA,GAAI,GAAO,EAAI,EAAM,CAAC,EAAI,EACtB,GAAO,EAAI,EAAM,EAAI,EAAM,EAAI,EAE/B,GAAW,IAAK,GAAO,IAAM,GAAQ,IAAK,GAAO,IAAM,IAAS,IAAK,GAAO,IAAM,IAClF,GAAW,IAAK,GAAO,IAAM,GAAQ,IAAK,GAAO,IAAM,IAAS,IAAK,EAAO,IAAM,IAElF,GAAK,EAAI,GAAS,EAAK,EAAE,GAAK,EAAE,GAChC,GAAK,GAAS,GAElB,EAAI,EACJ,EAAI,EACJ,EAAI,EACJ,EAAK,EAAI,GAAM,EACf,EAAI,EACJ,EAAI,EACJ,EAAI,EACJ,EAAK,GAAK,GAAM,CACpB,CAGA,EAAE,GAAM,EAAE,GAAK,EAAK,EACpB,EAAE,GAAM,EAAE,GAAK,EAAK,EACpB,EAAE,GAAM,EAAE,GAAK,EAAK,EACpB,EAAE,GAAM,EAAE,GAAK,EAAK,EACpB,EAAE,GAAM,EAAE,GAAK,EAAK,EACpB,EAAE,GAAM,EAAE,GAAK,EAAK,EACpB,EAAE,GAAM,EAAE,GAAK,EAAK,EACpB,EAAE,GAAM,EAAE,GAAK,EAAK,CACxB,EAEA,YAAa,UAAY,CAErB,GAAI,GAAO,KAAK,MACZ,EAAY,EAAK,MAEjB,EAAa,KAAK,YAAc,EAChC,EAAY,EAAK,SAAW,EAGhC,SAAU,IAAc,IAAM,KAAS,GAAK,EAAY,GACxD,EAAa,GAAY,KAAQ,GAAM,GAAK,IAAM,EAAK,MAAM,EAAa,UAAW,EACrF,EAAa,GAAY,KAAQ,GAAM,GAAK,IAAM,EAClD,EAAK,SAAW,EAAU,OAAS,EAGnC,KAAK,SAAS,EAGP,KAAK,KAChB,EAEA,MAAO,UAAY,CACf,GAAI,GAAQ,EAAO,MAAM,KAAK,IAAI,EAClC,SAAM,MAAQ,KAAK,MAAM,MAAM,EAExB,CACX,CACJ,CAAC,EAgBD,EAAE,OAAS,EAAO,cAAc,CAAM,EAgBtC,EAAE,WAAa,EAAO,kBAAkB,CAAM,CAClD,EAAE,IAAI,EAGC,EAAS,MAEjB,CAAC,ICtMD,oBAAC,AAAC,UAAU,EAAM,EAAS,CAC1B,AAAI,MAAO,KAAY,SAEtB,GAAO,QAAU,GAAU,EAAQ,IAAiB,EAEhD,AAAI,MAAO,SAAW,YAAc,OAAO,IAE/C,OAAO,CAAC,QAAQ,EAAG,CAAO,EAI1B,EAAQ,EAAK,QAAQ,CAEvB,GAAE,GAAM,SAAU,EAAU,CAE3B,MAAC,WAAY,CAET,GAAI,GAAI,EACJ,EAAQ,EAAE,IACV,EAAY,EAAM,UAClB,EAAQ,EAAE,IAKV,EAAS,EAAM,OAAS,CAcxB,UAAW,SAAU,EAAW,CAE5B,GAAI,GAAQ,EAAU,MAClB,EAAW,EAAU,SACrB,EAAM,KAAK,KAGf,EAAU,MAAM,EAIhB,OADI,GAAc,CAAC,EACV,EAAI,EAAG,EAAI,EAAU,GAAK,EAO/B,OANI,GAAS,EAAM,IAAM,KAAc,GAAM,EAAI,EAAK,EAAY,IAC9D,EAAS,EAAO,EAAI,IAAO,KAAQ,GAAO,GAAI,GAAK,EAAK,EAAM,IAC9D,EAAS,EAAO,EAAI,IAAO,KAAQ,GAAO,GAAI,GAAK,EAAK,EAAM,IAE9D,EAAW,GAAS,GAAO,GAAS,EAAK,EAEpC,EAAI,EAAI,EAAI,GAAO,EAAI,EAAI,IAAO,EAAW,IAClD,EAAY,KAAK,EAAI,OAAQ,IAAa,EAAK,GAAI,GAAO,EAAI,CAAC,EAKvE,GAAI,GAAc,EAAI,OAAO,EAAE,EAC/B,GAAI,EACA,KAAO,EAAY,OAAS,GACxB,EAAY,KAAK,CAAW,EAIpC,MAAO,GAAY,KAAK,EAAE,CAC9B,EAeA,MAAO,SAAU,EAAW,CAExB,GAAI,GAAkB,EAAU,OAC5B,EAAM,KAAK,KACX,EAAa,KAAK,YAEtB,GAAI,CAAC,EAAY,CACT,EAAa,KAAK,YAAc,CAAC,EACjC,OAAS,GAAI,EAAG,EAAI,EAAI,OAAQ,IAC5B,EAAW,EAAI,WAAW,CAAC,GAAK,CAE5C,CAGA,GAAI,GAAc,EAAI,OAAO,EAAE,EAC/B,GAAI,EAAa,CACb,GAAI,GAAe,EAAU,QAAQ,CAAW,EAChD,AAAI,IAAiB,IACjB,GAAkB,EAE1B,CAGA,MAAO,GAAU,EAAW,EAAiB,CAAU,CAE3D,EAEA,KAAM,mEACV,EAEA,WAAmB,EAAW,EAAiB,EAAY,CAGzD,OAFI,GAAQ,CAAC,EACT,EAAS,EACJ,EAAI,EAAG,EAAI,EAAiB,IACjC,GAAI,EAAI,EAAG,CACP,GAAI,GAAQ,EAAW,EAAU,WAAW,EAAI,CAAC,IAAQ,EAAI,EAAK,EAC9D,EAAQ,EAAW,EAAU,WAAW,CAAC,KAAQ,EAAK,EAAI,EAAK,EAC/D,EAAe,EAAQ,EAC3B,EAAM,IAAW,IAAM,GAAiB,GAAM,EAAS,EAAK,EAC5D,GACJ,CAEJ,MAAO,GAAU,OAAO,EAAO,CAAM,CACvC,CACJ,EAAE,EAGK,EAAS,IAAI,MAErB,CAAC,ICvID,oBAAC,AAAC,UAAU,EAAM,EAAS,CAC1B,AAAI,MAAO,KAAY,SAEtB,GAAO,QAAU,GAAU,EAAQ,IAAiB,EAEhD,AAAI,MAAO,SAAW,YAAc,OAAO,IAE/C,OAAO,CAAC,QAAQ,EAAG,CAAO,EAI1B,EAAQ,EAAK,QAAQ,CAEvB,GAAE,GAAM,SAAU,EAAU,CAE3B,MAAO,GAAS,IAAI,IAErB,CAAC,ICjBD,uaCAA,OAAqB,SACrB,GAAmB,SACnB,GAAmB,SACnB,GAAiB,SCYjB,GAAM,IAAqB,CACvB,MAAO,IAAG,GACV,KAAM,IAAG,GACT,KAAM,IAAG,GACT,MAAO,IAAG,EACd,EAEI,EACA,EAOQ,EAAL,CAAK,GACR,oBACA,qBACA,mBACA,mBACA,qBALQ,WAaL,CAAU,GAAV,CACI,YAAuB,CAC1B,EAAQ,EACR,EAAS,EACb,CAHO,EAAS,QAKT,WAAkB,EAAkB,CACvC,GAAI,CAAE,IAAY,GAAS,GAAS,GAChC,KAAM,IAAI,OAAM,mBAAmB,EAEvC,EAAQ,CACZ,CALO,EAAS,WAOT,WAAmB,EAAsB,CAC5C,EAAS,CACb,CAFO,EAAS,cAbH,WAuBV,GAAM,GAAN,KAAa,CAEhB,AAAO,YAAoB,EAAe,CAAf,YAAgB,CAE3C,AAAO,SAAS,EAAuB,CACnC,AAAI,GAAS,GACT,EAAO,MAAM,EAAO,QAAQ,KAAK,MAAO,KAAK,OAAO,EAAG,GAAG,CAAI,CAEtE,CACA,AAAO,QAAQ,EAAuB,CAClC,AAAI,GAAS,GACT,EAAO,KAAK,EAAO,QAAQ,KAAK,MAAO,KAAK,OAAO,EAAG,GAAG,CAAI,CAErE,CACA,AAAO,QAAQ,EAAuB,CAClC,AAAI,GAAS,GACT,EAAO,KAAK,EAAO,QAAQ,KAAK,MAAO,KAAK,OAAO,EAAG,GAAG,CAAI,CAErE,CACA,AAAO,SAAS,EAAuB,CACnC,AAAI,GAAS,GACT,EAAO,MAAM,EAAO,QAAQ,KAAK,MAAO,KAAK,OAAO,EAAG,GAAG,CAAI,CAEtE,CAEA,AAAO,MAAM,EAAmB,CAC5B,WAAK,MAAM,CAAG,EACR,CACV,CAEA,AAAO,OAAO,EAAwB,CAClC,GAAM,GAAuB,OAAO,OAAO,IAAI,EAC/C,SAAa,QAAU,EACvB,EAAa,MAAM,OAAO,EACnB,CACX,CAEA,MAAc,cAAa,EAAc,EAA8B,CACnE,GAAM,GAAe,GAAI,GAAO,GAAG,KAAQ,GAAc,EACzD,SAAa,MAAM,OAAO,EACnB,CACX,CAEA,MAAe,SAAQ,EAAc,EAAiB,CAClD,GAAM,GAAS,IAAI,KACnB,MAAO,GAAS,GAAG,KAAU,KAAY,CAC7C,CAGA,MAAc,OAAM,KAAiB,EAAuB,CACxD,AAAI,GAAS,GACT,EAAO,MAAM,EAAO,QAAQ,CAAI,EAAG,GAAG,CAAI,CAElD,CACA,MAAc,MAAK,KAAiB,EAAuB,CACvD,AAAI,GAAS,GACT,EAAO,KAAK,EAAO,QAAQ,CAAI,EAAG,GAAG,CAAI,CAEjD,CACA,MAAc,MAAK,KAAiB,EAAuB,CACvD,AAAI,GAAS,GACT,EAAO,KAAK,EAAO,QAAQ,CAAI,EAAG,GAAG,CAAI,CAEjD,CACA,MAAc,OAAM,KAAiB,EAAuB,CACxD,AAAI,GAAS,GACT,EAAO,MAAM,EAAO,QAAQ,CAAI,EAAG,GAAG,CAAI,CAElD,CACJ,EAEA,EAAI,MAAM,EDlIV,GAAM,IAAmB,uCAKZ,EAAN,KAAkB,CACrB,MAAe,cAAsB,CACjC,MAAO,YAAS,IAAI,UAAU,OAAO,CAAC,EAAE,MAAM,EAClD,CAKA,MAAc,iBAAyB,CAInC,MAAO,AAHM,IAAiB,QAAQ,SAAU,GAC3C,EAAC,EAAI,EAAY,YAAY,EAAI,IAAM,CAAC,EAAI,GAAG,SAAS,EAAE,CAC/D,EACY,QAAQ,KAAM,EAAE,CAChC,CAKA,MAAc,uBAA+B,CACzC,MAAO,GAAY,eAAe,EAAI,EAAY,eAAe,EAAI,EAAY,eAAe,CACpG,CAKA,MAAc,uBAAsB,EAA+B,CAC/D,GAAI,CACA,GAAM,GAAS,eAAO,CAAa,EACnC,MAAO,YAAO,UAAU,CAAM,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,CAC7F,OACO,EAAP,CACI,QAAO,MAAM,oCAAqC,CAAG,EAC/C,CACV,CACJ,CAKA,MAAc,mBAAkB,EAAmB,EAA+B,CAC9E,GAAM,GAAY,WAAK,MAAM,CAAC,EAAW,CAAa,EAAE,KAAK,GAAG,CAAC,EACjE,MAAO,YAAO,UAAU,CAAS,CACrC,CACJ,EE1CO,GAAM,GAAN,KAAyC,CAK5C,AAAO,YAA+B,EAAe,CAAf,aAJtC,KAAmB,QAAU,GAAI,GAAO,UAAU,KAAK,SAAS,EAEhE,KAAQ,WAAyC,CAAC,CAEI,CAEtD,AAAO,WAAW,EAAqC,CACnD,YAAK,WAAW,KAAK,CAAE,EAChB,IAAM,KAAK,cAAc,CAAE,CACtC,CAEA,AAAO,cAAc,EAA+B,CAChD,GAAM,GAAM,KAAK,WAAW,YAAY,CAAE,EAC1C,AAAI,GAAO,GACP,KAAK,WAAW,OAAO,EAAK,CAAC,CAErC,CAEA,AAAO,SAAS,EAAqB,CACjC,KAAK,QAAQ,MAAM,SAAU,GAAG,CAAE,EAClC,OAAW,KAAM,MAAK,WAClB,AAAK,EAAG,GAAG,CAAE,CAErB,CACJ,EC/BA,YAA+B,EAAA,CAC3B,KAAK,QAAU,CAAA,CAGnB,GAAsB,UAAY,GAAI,OACtC,GAAsB,UAAU,KAAO,wBA6BvC,GAAA,IAAkC,AAAA,MAAX,QAAW,KAC9B,OAAO,MACP,OAAO,KAAK,KAAK,MAAA,GA7BrB,SAAkB,EAAA,CACd,GAAI,GAAM,OAAO,CAAA,EAAO,QAAQ,MAAO,EAAA,EACvC,GAAI,EAAI,OAAS,GAAK,EAClB,KAAM,IAAI,IACN,mEAAA,EAGR,OAEgB,GAAI,EAAZ,EAAK,EAAe,EAAM,EAAG,EAAS,GAEzC,EAAS,EAAI,OAAO,GAAA,EAAA,CAEpB,GACC,GAAK,EAAK,EAAS,GAAL,EAAU,EAAS,EAG/B,IAAO,GACV,GAAU,OAAO,aAAa,IAAO,GAAA,IAAa,EAAM,EAAA,EACzD,EAGA,EA/BI,oEA+BW,QAAQ,CAAA,EAE3B,MAAO,EAAA,ECxBI,YAAS,EAAA,CACpB,GAAI,GAAS,EAAI,QAAQ,KAAM,GAAA,EAAK,QAAQ,KAAM,GAAA,EAClD,OAAQ,EAAO,OAAS,OACf,GACD,UACC,GACD,GAAU,KACV,UACC,GACD,GAAU,IACV,cAEA,KAAM,4BAGd,GAAA,CACI,MA5BR,UAA0B,EAAA,CACtB,MAAO,oBACH,GAAK,CAAA,EAAK,QAAQ,OAAQ,SAAS,EAAG,EAAA,CAClC,GAAI,GAAO,EAAE,WAAW,CAAA,EAAG,SAAS,EAAA,EAAI,YAAA,EAIxC,MAHI,GAAK,OAAS,GACd,GAAO,IAAM,GAEV,IAAM,CAAA,CAAA,CAAA,CAAA,EAqBO,CAAA,CAAA,MAC1B,CACE,MAAO,IAAK,CAAA,CAAA,CAAA,CC5Bb,YAA2B,EAAA,CAC9B,KAAK,QAAU,CAAA,CAMJ,YAAS,EAAO,EAAA,CAC3B,GAAqB,AAAA,MAAV,IAAU,SACjB,KAAM,IAAI,IAAkB,yBAAA,EAIhC,GAAI,GAAA,AADJ,GAAU,GAAW,CAAA,GACH,SAAd,GAAgC,EAAI,EACxC,GAAA,CACI,MAAO,MAAK,MAAM,GAAkB,EAAM,MAAM,GAAA,EAAK,EAAA,CAAA,CAAA,OAChD,EAAP,CACE,KAAM,IAAI,IAAkB,4BAA8B,EAAE,OAAA,CAAA,CAAA,CAbpE,GAAkB,UAAY,GAAI,OAClC,GAAkB,UAAU,KAAO,oBAAA,GAAA,IAAA,GCD5B,GAAM,GAAN,KAAe,CAElB,MAAc,QAAO,EAA0B,CAC3C,GAAI,CACA,MAAO,IAAsB,CAAK,CACtC,OACO,EAAP,CACI,QAAO,MAAM,kBAAmB,CAAG,EAC7B,CACV,CACJ,CACJ,ECCO,GAAM,IAAN,KAAiB,CAMpB,MAAO,QAAO,IAAK,GAAsD,CA1B7E,UA2BQ,MAAI,GAAS,OAAS,MAClB,GAAS,MAAQ,IAAC,IAAK,IAAK,IAAK,GAAG,EAAE,KAAK,GAAS,GAAS,OAAO,WAAa,KAAK,IAArE,OAA0E,KAC/F,KAAS,OAAT,SAAS,KAAS,KAAK,IAAI,EAAG,KAAK,MAAM,OAAO,QAAW,QAAO,WAAa,EAAS,OAAS,CAAC,CAAC,GAC/F,EAAS,QAAU,MACnB,MAAS,MAAT,SAAS,IAAQ,KAAK,IAAI,EAAG,KAAK,MAAM,OAAO,QAAW,QAAO,YAAc,EAAS,QAAU,CAAC,CAAC,IACjG,CACX,CAEA,MAAO,WAAU,EAAuC,CACpD,MAAO,QAAO,QAAQ,CAAQ,EACzB,OAAO,CAAC,CAAC,CAAE,KAAW,GAAS,IAAI,EACnC,IAAI,CAAC,CAAC,EAAK,KAAW,GAAG,KAAO,MAAO,IAAU,UAAY,EAAkB,EAAQ,MAAQ,MAAM,EACrG,KAAK,GAAG,CACjB,CACJ,EChCO,GAAM,GAAN,aAAoB,EAAc,CAAlC,kCACH,KAAmB,QAAU,GAAI,GAAO,UAAU,KAAK,SAAS,EAChE,KAAQ,aAAsD,KAC9D,KAAQ,YAAc,EAyCtB,KAAU,UAAY,IAAY,CAC9B,GAAM,GAAO,KAAK,YAAc,EAAM,aAAa,EACnD,KAAK,QAAQ,MAAM,qBAAsB,CAAI,EAEzC,KAAK,aAAe,EAAM,aAAa,GACvC,MAAK,OAAO,EACZ,MAAM,MAAM,EAEpB,EA9CA,MAAc,eAAuB,CACjC,MAAO,MAAK,MAAM,KAAK,IAAI,EAAI,GAAI,CACvC,CAEA,AAAO,KAAK,EAAiC,CACzC,GAAM,GAAS,KAAK,QAAQ,OAAO,MAAM,EACzC,EAAoB,KAAK,IAAI,KAAK,MAAM,CAAiB,EAAG,CAAC,EAC7D,GAAM,GAAa,EAAM,aAAa,EAAI,EAC1C,GAAI,KAAK,aAAe,GAAc,KAAK,aAAc,CAErD,EAAO,MAAM,uDAAwD,KAAK,UAAU,EACpF,MACJ,CAEA,KAAK,OAAO,EAEZ,EAAO,MAAM,iBAAkB,CAAiB,EAChD,KAAK,YAAc,EAKnB,GAAM,GAAyB,KAAK,IAAI,EAAmB,CAAC,EAC5D,KAAK,aAAe,YAAY,KAAK,UAAW,EAAyB,GAAI,CACjF,CAEA,GAAW,aAAqB,CAC5B,MAAO,MAAK,WAChB,CAEA,AAAO,QAAe,CAClB,KAAK,QAAQ,OAAO,QAAQ,EACxB,KAAK,cACL,eAAc,KAAK,YAAY,EAC/B,KAAK,aAAe,KAE5B,CAWJ,ECxDO,GAAM,GAAN,KAAe,CAClB,MAAc,YAAW,EAAa,EAAqC,QAA0B,CACjG,GAAI,CAAC,EAAK,KAAM,IAAI,WAAU,aAAa,EAE3C,GAAM,GAAS,AADG,GAAI,KAAI,EAAK,OAAO,SAAS,MAAM,EAC5B,IAAiB,WAAa,OAAS,UAChE,MAAO,IAAI,iBAAgB,EAAO,MAAM,CAAC,CAAC,CAC9C,CACJ,ECDO,GAAM,GAAN,aAA4B,MAAM,CAmBrC,AAAO,YACH,EAKgB,EAClB,CAtCN,UAuCQ,MAAM,EAAK,mBAAqB,EAAK,OAAS,EAAE,EAFhC,YAvBpB,KAAgB,KAAe,gBA2BvB,IAAC,EAAK,MACN,QAAO,MAAM,gBAAiB,iBAAiB,EACzC,GAAI,OAAM,iBAAiB,EAGrC,KAAK,MAAQ,EAAK,MAClB,KAAK,kBAAoB,KAAK,oBAAL,OAA0B,KACnD,KAAK,UAAY,KAAK,YAAL,OAAkB,KAEnC,KAAK,MAAQ,EAAK,UAClB,KAAK,cAAgB,KAAK,gBAAL,OAAsB,IAC/C,CACJ,EC7CO,GAAM,GAAN,aAA2B,MAAM,CAIpC,AAAO,YAAY,EAAkB,CACjC,MAAM,CAAO,EAHjB,KAAgB,KAAe,cAI/B,CACJ,ECDO,GAAM,GAAN,KAAwB,CAO3B,AAAO,YAAY,EAAqD,CANxE,KAAmB,QAAU,GAAI,GAAO,mBAAmB,EAE3D,KAAiB,eAAiB,GAAI,GAAM,uBAAuB,EACnE,KAAiB,cAAgB,GAAI,GAAM,sBAAsB,EAI7D,KAAK,mCAAqC,EAAK,iCACnD,CAEA,AAAO,KAAK,EAAuB,CAC/B,GAAM,GAAS,KAAK,QAAQ,OAAO,MAAM,EAEzC,GAAI,EAAU,cAAgB,EAAU,aAAe,OAAW,CAC9D,GAAM,GAAW,EAAU,WAG3B,GAFA,EAAO,MAAM,4CAA6C,CAAQ,EAE9D,EAAW,EAAG,CAEd,GAAI,GAAW,EAAW,KAAK,mCAC/B,AAAI,GAAY,GACZ,GAAW,GAGf,EAAO,MAAM,yCAA0C,EAAU,SAAS,EAC1E,KAAK,eAAe,KAAK,CAAQ,CACrC,KAEI,GAAO,MAAM,kEAAkE,EAC/E,KAAK,eAAe,OAAO,EAI/B,GAAM,GAAU,EAAW,EAC3B,EAAO,MAAM,wCAAyC,EAAS,SAAS,EACxE,KAAK,cAAc,KAAK,CAAO,CACnC,KAEI,MAAK,eAAe,OAAO,EAC3B,KAAK,cAAc,OAAO,CAElC,CAEA,AAAO,QAAe,CAClB,KAAK,QAAQ,MAAM,gDAAgD,EACnE,KAAK,eAAe,OAAO,EAC3B,KAAK,cAAc,OAAO,CAC9B,CAKA,AAAO,uBAAuB,EAAqC,CAC/D,MAAO,MAAK,eAAe,WAAW,CAAE,CAC5C,CAIA,AAAO,0BAA0B,EAA+B,CAC5D,KAAK,eAAe,cAAc,CAAE,CACxC,CAKA,AAAO,sBAAsB,EAAqC,CAC9D,MAAO,MAAK,cAAc,WAAW,CAAE,CAC3C,CAIA,AAAO,yBAAyB,EAA+B,CAC3D,KAAK,cAAc,cAAc,CAAE,CACvC,CACJ,ECjFO,GAAM,GAAN,KAAyB,CAO5B,AAAO,YACK,EACA,EACR,EACQ,EACA,EACV,CALU,iBACA,kBAEA,0BACA,oBAXZ,KAAiB,QAAU,GAAI,GAAO,oBAAoB,EAG1D,KAAQ,OAAgD,KACxD,KAAQ,eAAgC,KAmCxC,KAAQ,SAAW,AAAC,GAAkC,CAClD,AAAI,EAAE,SAAW,KAAK,eAClB,EAAE,SAAW,KAAK,OAAO,eAEzB,CAAI,EAAE,OAAS,QACX,MAAK,QAAQ,MAAM,4CAA4C,EAC3D,KAAK,cACL,KAAK,KAAK,GAGb,AAAI,EAAE,OAAS,UAChB,MAAK,QAAQ,MAAM,8CAA8C,EACjE,KAAK,KAAK,EACL,KAAK,UAAU,GAGpB,KAAK,QAAQ,MAAM,EAAE,KAAO,uCAAuC,EAG/E,EA7CI,GAAM,GAAY,GAAI,KAAI,CAAG,EAC7B,KAAK,cAAgB,EAAU,OAE/B,KAAK,OAAS,OAAO,SAAS,cAAc,QAAQ,EAGpD,KAAK,OAAO,MAAM,WAAa,SAC/B,KAAK,OAAO,MAAM,SAAW,QAC7B,KAAK,OAAO,MAAM,KAAO,UACzB,KAAK,OAAO,MAAM,IAAM,IACxB,KAAK,OAAO,MAAQ,IACpB,KAAK,OAAO,OAAS,IACrB,KAAK,OAAO,IAAM,EAAU,IAChC,CAEA,AAAO,MAAsB,CACzB,MAAO,IAAI,SAAc,AAAC,GAAY,CAClC,KAAK,OAAO,OAAS,IAAM,CACvB,EAAQ,CACZ,EAEA,OAAO,SAAS,KAAK,YAAY,KAAK,MAAM,EAC5C,OAAO,iBAAiB,UAAW,KAAK,SAAU,EAAK,CAC3D,CAAC,CACL,CAuBA,AAAO,MAAM,EAA6B,CACtC,GAAI,KAAK,iBAAmB,EACxB,OAGJ,KAAK,QAAQ,OAAO,OAAO,EAE3B,KAAK,KAAK,EAEV,KAAK,eAAiB,EAEtB,GAAM,GAAO,IAAM,CACf,AAAI,CAAC,KAAK,OAAO,eAAiB,CAAC,KAAK,gBAIxC,KAAK,OAAO,cAAc,YAAY,KAAK,WAAa,IAAM,KAAK,eAAgB,KAAK,aAAa,CACzG,EAGA,EAAK,EAGL,KAAK,OAAS,YAAY,EAAM,KAAK,mBAAqB,GAAI,CAClE,CAEA,AAAO,MAAa,CAChB,KAAK,QAAQ,OAAO,MAAM,EAC1B,KAAK,eAAiB,KAElB,KAAK,QAEL,eAAc,KAAK,MAAM,EACzB,KAAK,OAAS,KAEtB,CACJ,ECjGO,GAAM,GAAN,KAA4C,CAA5C,cACH,KAAiB,QAAU,GAAI,GAAO,oBAAoB,EAC1D,KAAQ,MAAgC,CAAC,EAEzC,AAAO,OAAc,CACjB,KAAK,QAAQ,OAAO,OAAO,EAC3B,KAAK,MAAQ,CAAC,CAClB,CAEA,AAAO,QAAQ,EAAqB,CAChC,YAAK,QAAQ,OAAO,YAAY,KAAO,EAChC,KAAK,MAAM,EACtB,CAEA,AAAO,QAAQ,EAAa,EAAqB,CAC7C,KAAK,QAAQ,OAAO,YAAY,KAAO,EACvC,KAAK,MAAM,GAAO,CACtB,CAEA,AAAO,WAAW,EAAmB,CACjC,KAAK,QAAQ,OAAO,eAAe,KAAO,EAC1C,MAAO,MAAK,MAAM,EACtB,CAEA,GAAW,SAAiB,CACxB,MAAO,QAAO,oBAAoB,KAAK,KAAK,EAAE,MAClD,CAEA,AAAO,IAAI,EAAuB,CAC9B,MAAO,QAAO,oBAAoB,KAAK,KAAK,EAAE,EAClD,CACJ,ECTO,GAAM,GAAN,KAAkB,CAKrB,AAAO,YACH,EAAmC,CAAC,EAC5B,EAAiC,KAC3C,CADU,mBANZ,KAAiB,QAAU,GAAI,GAAO,aAAa,EAEnD,KAAQ,cAA0B,CAAC,EAM/B,KAAK,cAAc,KAAK,GAAG,EAAwB,kBAAkB,EACjE,GACA,KAAK,cAAc,KAAK,iBAAiB,CAEjD,CAEA,KAAgB,kBAAiB,EAAoB,EAAoD,CAAC,EAAG,CACzG,GAAM,CAAE,sBAAqB,GAAc,EAC3C,GAAI,CAAC,EACD,MAAO,MAAM,OAAM,EAAO,CAAS,EAGvC,GAAM,GAAa,GAAI,iBACjB,EAAY,WAAW,IAAM,EAAW,MAAM,EAAG,EAAmB,GAAI,EAE9E,GAAI,CAKA,MAJiB,MAAM,OAAM,EAAO,CAChC,GAAG,EACH,OAAQ,EAAW,MACvB,CAAC,CAEL,OACO,EAAP,CACI,KAAI,aAAe,eAAgB,EAAI,OAAS,aACtC,GAAI,GAAa,mBAAmB,EAExC,CACV,QACA,CACI,aAAa,CAAS,CAC1B,CACJ,CAEA,KAAa,SAAQ,EAAa,CAC9B,SACa,CAAC,EAAqC,CACnD,GAAM,GAAS,KAAK,QAAQ,OAAO,SAAS,EACtC,EAAuB,CACzB,OAAU,KAAK,cAAc,KAAK,IAAI,CAC1C,EACA,AAAI,GACA,GAAO,MAAM,4CAA4C,EACzD,EAAQ,cAAmB,UAAY,GAG3C,GAAI,GACJ,GAAI,CACA,EAAO,MAAM,OAAQ,CAAG,EACxB,EAAW,KAAM,MAAK,iBAAiB,EAAK,CAAE,OAAQ,MAAO,SAAQ,CAAC,CAC1E,OACO,EAAP,CACI,QAAO,MAAM,eAAe,EACtB,CACV,CAEA,EAAO,MAAM,iCAAkC,EAAS,MAAM,EAC9D,GAAM,GAAc,EAAS,QAAQ,IAAI,cAAc,EAIvD,GAHI,GAAe,CAAC,KAAK,cAAc,KAAK,GAAQ,EAAY,WAAW,CAAI,CAAC,GAC5E,EAAO,MAAM,GAAI,OAAM,kCAAmC,UAAe,0BAA2B,GAAK,CAAC,EAE1G,EAAS,IAAM,KAAK,aAAe,kBAAa,WAAW,oBAC3D,MAAO,MAAM,MAAK,YAAY,KAAM,GAAS,KAAK,CAAC,EAEvD,GAAI,GACJ,GAAI,CACA,EAAO,KAAM,GAAS,KAAK,CAC/B,OACO,EAAP,CAEI,KADA,GAAO,MAAM,8BAA+B,CAAG,EAC3C,EAAS,GAAU,EACjB,GAAI,OAAM,GAAG,EAAS,eAAe,EAAS,SAAS,CACjE,CACA,GAAI,CAAC,EAAS,GAEV,KADA,GAAO,MAAM,qBAAsB,CAAI,EACnC,EAAK,MACC,GAAI,GAAc,CAAI,EAE1B,GAAI,OAAM,GAAG,EAAS,eAAe,EAAS,YAAY,KAAK,UAAU,CAAI,GAAG,EAE1F,MAAO,EACX,CAEA,KAAa,UAAS,EAAa,CAC/B,OACA,YACA,oBAC+C,CAC/C,GAAM,GAAS,KAAK,QAAQ,OAAO,UAAU,EACvC,EAAuB,CACzB,OAAU,KAAK,cAAc,KAAK,IAAI,EACtC,eAAgB,mCACpB,EACA,AAAI,IAAc,QACd,GAAQ,cAAmB,SAAW,GAG1C,GAAI,GACJ,GAAI,CACA,EAAO,MAAM,OAAQ,CAAG,EACxB,EAAW,KAAM,MAAK,iBAAiB,EAAK,CAAE,OAAQ,OAAQ,UAAS,OAAM,kBAAiB,CAAC,CACnG,OACO,EAAP,CACI,QAAO,MAAM,eAAe,EACtB,CACV,CAEA,EAAO,MAAM,iCAAkC,EAAS,MAAM,EAC9D,GAAM,GAAc,EAAS,QAAQ,IAAI,cAAc,EACvD,GAAI,GAAe,CAAC,KAAK,cAAc,KAAK,GAAQ,EAAY,WAAW,CAAI,CAAC,EAC5E,KAAM,IAAI,OAAM,kCAAmC,UAAe,0BAA2B,GAAK,EAGtG,GAAM,GAAe,KAAM,GAAS,KAAK,EAErC,EAAgC,CAAC,EACrC,GAAI,EACA,GAAI,CACA,EAAO,KAAK,MAAM,CAAY,CAClC,OACO,EAAP,CAEI,KADA,GAAO,MAAM,8BAA+B,CAAG,EAC3C,EAAS,GAAU,EACjB,GAAI,OAAM,GAAG,EAAS,eAAe,EAAS,SAAS,CACjE,CAGJ,GAAI,CAAC,EAAS,GAEV,KADA,GAAO,MAAM,qBAAsB,CAAI,EACnC,EAAK,MACC,GAAI,GAAc,EAAM,CAAI,EAEhC,GAAI,OAAM,GAAG,EAAS,eAAe,EAAS,YAAY,KAAK,UAAU,CAAI,GAAG,EAG1F,MAAO,EACX,CACJ,ECpKO,GAAM,GAAN,KAAsB,CASzB,AAAO,YAA6B,EAAoC,CAApC,iBARpC,KAAiB,QAAU,GAAI,GAAO,iBAAiB,EACvD,KAAiB,aAAe,GAAI,GAAY,CAAC,0BAA0B,CAAC,EAI5E,KAAQ,aAAoC,KAC5C,KAAQ,UAA0C,KAG9C,KAAK,aAAe,KAAK,UAAU,YAE/B,KAAK,UAAU,aACf,MAAK,QAAQ,MAAM,iCAAiC,EACpD,KAAK,aAAe,KAAK,UAAU,aAGnC,KAAK,UAAU,UACf,MAAK,QAAQ,MAAM,8BAA8B,EACjD,KAAK,UAAY,KAAK,UAAU,SAExC,CAEA,AAAO,kBAAyB,CAC5B,KAAK,aAAe,IACxB,CAEA,KAAa,cAA8C,CACvD,GAAM,GAAS,KAAK,QAAQ,OAAO,aAAa,EAChD,GAAI,KAAK,UACL,SAAO,MAAM,qBAAqB,EAC3B,KAAK,UAGhB,GAAI,CAAC,KAAK,aACN,QAAO,MAAM,GAAI,OAAM,oDAAoD,CAAC,EACtE,KAGV,EAAO,MAAM,wBAAyB,KAAK,YAAY,EACvD,GAAM,GAAW,KAAM,MAAK,aAAa,QAAQ,KAAK,YAAY,EAElE,SAAO,MAAM,wCAAwC,EACrD,KAAK,UAAY,OAAO,OAAO,CAAC,EAAG,KAAK,UAAU,aAAc,CAAQ,EACjE,KAAK,SAChB,CAEA,AAAO,WAA6B,CAChC,MAAO,MAAK,qBAAqB,QAAQ,CAC7C,CAEA,AAAO,0BAA4C,CAC/C,MAAO,MAAK,qBAAqB,wBAAwB,CAC7D,CAEA,AAAO,qBAAuC,CAC1C,MAAO,MAAK,qBAAqB,mBAAmB,CACxD,CAIA,AAAO,iBAAiB,EAAW,GAAmC,CAClE,MAAO,MAAK,qBAAqB,iBAAkB,CAAQ,CAC/D,CAEA,AAAO,uBAAqD,CACxD,MAAO,MAAK,qBAAqB,uBAAwB,EAAI,CACjE,CAEA,AAAO,uBAAqD,CACxD,MAAO,MAAK,qBAAqB,uBAAwB,EAAI,CACjE,CAIA,AAAO,sBAAsB,EAAW,GAAmC,CACvE,MAAO,MAAK,qBAAqB,sBAAuB,CAAQ,CACpE,CAIA,AAAO,gBAAgB,EAAW,GAAmC,CACjE,MAAO,MAAK,qBAAqB,WAAY,CAAQ,CACzD,CAEA,KAAgB,sBAAqB,EAA0B,EAAS,GAAyD,CAC7H,GAAM,GAAS,KAAK,QAAQ,OAAO,yBAAyB,KAAQ,EAE9D,EAAW,KAAM,MAAK,YAAY,EAGxC,GAFA,EAAO,MAAM,UAAU,EAEnB,EAAS,KAAU,OAAW,CAC9B,GAAI,IAAa,GAAM,CACnB,EAAO,KAAK,6CAA6C,EACzD,MACJ,CAEA,EAAO,MAAM,GAAI,OAAM,sCAAwC,CAAI,CAAC,CACxE,CAEA,MAAO,GAAS,EACpB,CAEA,KAAa,iBAA+C,CACxD,GAAM,GAAS,KAAK,QAAQ,OAAO,gBAAgB,EACnD,GAAI,KAAK,aACL,SAAO,MAAM,kCAAkC,EACxC,KAAK,aAGhB,GAAM,GAAW,KAAM,MAAK,gBAAgB,EAAK,EACjD,EAAO,MAAM,eAAgB,CAAQ,EAErC,GAAM,GAAS,KAAM,MAAK,aAAa,QAAQ,CAAQ,EAGvD,GAFA,EAAO,MAAM,cAAe,CAAM,EAE9B,CAAC,MAAM,QAAQ,EAAO,IAAI,EAC1B,QAAO,MAAM,GAAI,OAAM,wBAAwB,CAAC,EAC1C,KAGV,YAAK,aAAe,EAAO,KACpB,KAAK,YAChB,CACJ,EC9HO,GAAM,GAAN,KAAiD,CAMpD,AAAO,YAAY,CAAE,SAAS,QAAS,QAAQ,cAAiB,CAAC,EAAG,CALpE,KAAiB,QAAU,GAAI,GAAO,sBAAsB,EAMxD,KAAK,OAAS,EACd,KAAK,QAAU,CACnB,CAEA,AAAO,IAAI,EAAa,EAA8B,CAClD,YAAK,QAAQ,OAAO,QAAQ,KAAO,EAEnC,EAAM,KAAK,QAAU,EACrB,KAAK,OAAO,QAAQ,EAAK,CAAK,EACvB,QAAQ,QAAQ,CAC3B,CAEA,AAAO,IAAI,EAAqC,CAC5C,KAAK,QAAQ,OAAO,QAAQ,KAAO,EAEnC,EAAM,KAAK,QAAU,EACrB,GAAM,GAAO,KAAK,OAAO,QAAQ,CAAG,EACpC,MAAO,SAAQ,QAAQ,CAAI,CAC/B,CAEA,AAAO,OAAO,EAAqC,CAC/C,KAAK,QAAQ,OAAO,WAAW,KAAO,EAEtC,EAAM,KAAK,QAAU,EACrB,GAAM,GAAO,KAAK,OAAO,QAAQ,CAAG,EACpC,YAAK,OAAO,WAAW,CAAG,EACnB,QAAQ,QAAQ,CAAI,CAC/B,CAEA,AAAO,YAAgC,CACnC,KAAK,QAAQ,OAAO,YAAY,EAEhC,GAAM,GAAO,CAAC,EACd,OAAS,GAAQ,EAAG,EAAQ,KAAK,OAAO,OAAQ,IAAS,CACrD,GAAM,GAAM,KAAK,OAAO,IAAI,CAAK,EACjC,AAAI,GAAO,EAAI,QAAQ,KAAK,OAAO,IAAM,GACrC,EAAK,KAAK,EAAI,OAAO,KAAK,QAAQ,MAAM,CAAC,CAEjD,CACA,MAAO,SAAQ,QAAQ,CAAI,CAC/B,CACJ,ECjDA,GAAM,IAAsB,OACtB,GAAe,SACf,GAA8B,qBAC9B,GAAsB,QACtB,GAAgC,GAAK,GACrC,GAA4B,GAAK,EAmG1B,EAAN,KAA8B,CAwCjC,AAAO,YAAY,CAEf,YAAW,cAAa,WAAU,cAAa,eAE/C,YAAW,gBAAe,gBAAgB,GAAqB,QAAQ,GACvE,eAAc,2BACd,wBAAwB,GAExB,SAAQ,UAAS,UAAS,aAAY,aAAY,WAAU,gBAAgB,GAE5E,uBAAuB,GACvB,eAAe,GACf,yBAAyB,GACzB,qBAAqB,GACrB,oBAAoB,KACpB,cAAc,GAEd,aAEA,mBAAmB,CAAC,EACpB,oBAAmB,CAAC,GACD,CA2CnB,GAzCA,KAAK,UAAY,EAEjB,AAAI,EACA,KAAK,YAAc,EAEnB,MAAK,YAAc,EACf,GACK,MAAK,YAAY,SAAS,GAAG,GAC9B,MAAK,aAAe,KAExB,KAAK,aAAe,qCAI5B,KAAK,SAAW,EAChB,KAAK,aAAe,EACpB,KAAK,YAAc,EAEnB,KAAK,UAAY,EACjB,KAAK,cAAgB,EACrB,KAAK,cAAgB,EACrB,KAAK,MAAQ,EACb,KAAK,aAAe,EACpB,KAAK,yBAA2B,EAChC,KAAK,sBAAwB,EAE7B,KAAK,OAAS,EACd,KAAK,QAAU,EACf,KAAK,QAAU,EACf,KAAK,WAAa,EAClB,KAAK,WAAa,EAClB,KAAK,SAAW,EAChB,KAAK,cAAgB,EAErB,KAAK,qBAAuB,CAAC,CAAC,EAC9B,KAAK,aAAe,CAAC,CAAC,EACtB,KAAK,uBAAyB,EAC9B,KAAK,mBAAqB,EAC1B,KAAK,kBAAoB,EACzB,KAAK,YAAc,CAAC,CAAC,EAEjB,EACA,KAAK,WAAa,MAEjB,CACD,GAAM,IAAQ,MAAO,SAAW,YAAc,OAAO,aAAe,GAAI,GACxE,KAAK,WAAa,GAAI,GAAqB,CAAE,QAAM,CAAC,CACxD,CAEA,KAAK,iBAAmB,EACxB,KAAK,iBAAmB,EAC5B,CACJ,ECxNO,GAAM,IAAN,KAAsB,CAIzB,AAAO,YAA6B,EAAmC,CAAnC,wBAHpC,KAAmB,QAAU,GAAI,GAAO,iBAAiB,EAsBzD,KAAU,kBAAoB,KAAO,IAA6C,CAC9E,GAAM,GAAS,KAAK,QAAQ,OAAO,mBAAmB,EACtD,GAAI,CACA,GAAM,GAAU,EAAS,OAAO,CAAY,EAC5C,SAAO,MAAM,yBAAyB,EAE/B,CACX,OACO,EAAP,CACI,QAAO,MAAM,4BAA4B,EACnC,CACV,CACJ,EA9BI,KAAK,aAAe,GAAI,GAAY,OAAW,KAAK,iBAAiB,CACzE,CAEA,KAAa,WAAU,EAAmC,CACtD,GAAM,GAAS,KAAK,QAAQ,OAAO,WAAW,EAC9C,AAAK,GACD,KAAK,QAAQ,MAAM,GAAI,OAAM,iBAAiB,CAAC,EAGnD,GAAM,GAAM,KAAM,MAAK,iBAAiB,oBAAoB,EAC5D,EAAO,MAAM,mBAAoB,CAAG,EAEpC,GAAM,GAAS,KAAM,MAAK,aAAa,QAAQ,EAAK,CAAE,OAAM,CAAC,EAC7D,SAAO,MAAM,aAAc,CAAM,EAE1B,CACX,CAeJ,ECDO,GAAM,GAAN,KAAkB,CAIrB,AAAO,YACc,EACA,EACnB,CAFmB,iBACA,wBALrB,KAAiB,QAAU,GAAI,GAAO,aAAa,EACnD,KAAiB,aAAe,GAAI,EAKjC,CAEH,KAAa,cAAa,CACtB,aAAa,qBACb,eAAe,KAAK,UAAU,aAC9B,YAAY,KAAK,UAAU,UAC3B,gBAAgB,KAAK,UAAU,iBAC5B,GACgD,CACnD,GAAM,GAAS,KAAK,QAAQ,OAAO,cAAc,EACjD,AAAK,GACD,EAAO,MAAM,GAAI,OAAM,yBAAyB,CAAC,EAEhD,GACD,EAAO,MAAM,GAAI,OAAM,4BAA4B,CAAC,EAEnD,EAAK,MACN,EAAO,MAAM,GAAI,OAAM,oBAAoB,CAAC,EAE3C,EAAK,eACN,EAAO,MAAM,GAAI,OAAM,6BAA6B,CAAC,EAGzD,GAAM,GAAS,GAAI,iBAAgB,CAAE,aAAY,cAAa,CAAC,EAC/D,OAAW,CAAC,EAAK,IAAU,QAAO,QAAQ,CAAI,EAC1C,AAAI,GAAS,MACT,EAAO,IAAI,EAAK,CAAK,EAG7B,GAAI,GACJ,OAAQ,KAAK,UAAU,2BACd,sBACD,GAAI,CAAC,EACD,QAAO,MAAM,GAAI,OAAM,6BAA6B,CAAC,EAC/C,KAEV,EAAY,EAAY,kBAAkB,EAAW,CAAa,EAClE,UACC,qBACD,EAAO,OAAO,YAAa,CAAS,EAChC,GACA,EAAO,OAAO,gBAAiB,CAAa,EAEhD,MAGR,GAAM,GAAM,KAAM,MAAK,iBAAiB,iBAAiB,EAAK,EAC9D,EAAO,MAAM,oBAAoB,EAEjC,GAAM,GAAW,KAAM,MAAK,aAAa,SAAS,EAAK,CAAE,KAAM,EAAQ,WAAU,CAAC,EAClF,SAAO,MAAM,cAAc,EAEpB,CACX,CAEA,KAAa,sBAAqB,CAC9B,aAAa,gBACb,YAAY,KAAK,UAAU,UAC3B,gBAAgB,KAAK,UAAU,cAC/B,sBACG,GACwD,CAC3D,GAAM,GAAS,KAAK,QAAQ,OAAO,sBAAsB,EACzD,AAAK,GACD,EAAO,MAAM,GAAI,OAAM,yBAAyB,CAAC,EAEhD,EAAK,eACN,EAAO,MAAM,GAAI,OAAM,6BAA6B,CAAC,EAGzD,GAAM,GAAS,GAAI,iBAAgB,CAAE,YAAW,CAAC,EACjD,OAAW,CAAC,EAAK,IAAU,QAAO,QAAQ,CAAI,EAC1C,AAAI,GAAS,MACT,EAAO,IAAI,EAAK,CAAK,EAG7B,GAAI,GACJ,OAAQ,KAAK,UAAU,2BACd,sBACD,GAAI,CAAC,EACD,QAAO,MAAM,GAAI,OAAM,6BAA6B,CAAC,EAC/C,KAEV,EAAY,EAAY,kBAAkB,EAAW,CAAa,EAClE,UACC,qBACD,EAAO,OAAO,YAAa,CAAS,EAChC,GACA,EAAO,OAAO,gBAAiB,CAAa,EAEhD,MAGR,GAAM,GAAM,KAAM,MAAK,iBAAiB,iBAAiB,EAAK,EAC9D,EAAO,MAAM,oBAAoB,EAEjC,GAAM,GAAW,KAAM,MAAK,aAAa,SAAS,EAAK,CAAE,KAAM,EAAQ,YAAW,kBAAiB,CAAC,EACpG,SAAO,MAAM,cAAc,EAEpB,CACX,CAOA,KAAa,QAAO,EAAiC,CAhKzD,MAiKQ,GAAM,GAAS,KAAK,QAAQ,OAAO,QAAQ,EAC3C,AAAK,EAAK,OACN,EAAO,MAAM,GAAI,OAAM,qBAAqB,CAAC,EAGjD,GAAM,GAAM,KAAM,MAAK,iBAAiB,sBAAsB,EAAK,EAEnE,EAAO,MAAM,qCAAqC,KAAK,kBAAL,OAAwB,sBAAsB,EAEhG,GAAM,GAAS,GAAI,iBACnB,OAAW,CAAC,EAAK,IAAU,QAAO,QAAQ,CAAI,EAC1C,AAAI,GAAS,MACT,EAAO,IAAI,EAAK,CAAK,EAG7B,EAAO,IAAI,YAAa,KAAK,UAAU,SAAS,EAC5C,KAAK,UAAU,eACf,EAAO,IAAI,gBAAiB,KAAK,UAAU,aAAa,EAG5D,KAAM,MAAK,aAAa,SAAS,EAAK,CAAE,KAAM,CAAO,CAAC,EACtD,EAAO,MAAM,cAAc,CAC/B,CACJ,EC/JA,GAAM,IAAiB,CACnB,MAEA,MACA,MACA,MACA,MACA,MACA,YACA,QACA,MACA,MACA,MAEA,SACJ,EAKa,GAAN,KAAwB,CAK3B,AAAO,YACgB,EACA,EACrB,CAFqB,iBACA,wBANvB,KAAmB,QAAU,GAAI,GAAO,mBAAmB,EAC3D,KAAmB,iBAAmB,GAAI,IAAgB,KAAK,gBAAgB,EAC/E,KAAmB,aAAe,GAAI,GAAY,KAAK,UAAW,KAAK,gBAAgB,CAKpF,CAEH,KAAa,wBAAuB,EAA0B,EAAmC,CAC7F,GAAM,GAAS,KAAK,QAAQ,OAAO,wBAAwB,EAE3D,KAAK,oBAAoB,EAAU,CAAK,EACxC,EAAO,MAAM,iBAAiB,EAE9B,KAAM,MAAK,aAAa,EAAU,CAAK,EACvC,EAAO,MAAM,gBAAgB,EAEzB,EAAS,UACT,KAAK,2BAA2B,CAAQ,EAE5C,EAAO,MAAM,kBAAkB,EAE/B,KAAM,MAAK,eAAe,EAAU,iBAAO,aAAc,EAAS,QAAQ,EAC1E,EAAO,MAAM,kBAAkB,CACnC,CAEA,KAAa,yBAAwB,EAA0B,EAAoC,CAzEvG,QA0EQ,GAAM,GAAS,KAAK,QAAQ,OAAO,yBAAyB,EAE5D,EAAS,UAAY,EAAM,KAE3B,KAAS,gBAAT,SAAS,cAAkB,EAAM,eAEjC,KAAS,QAAT,SAAS,MAAU,EAAM,OAIzB,GAAM,GAAa,EAAS,UAAY,CAAC,CAAC,EAAS,SACnD,AAAI,GACA,MAAK,2BAA2B,EAAU,EAAM,QAAQ,EACxD,EAAO,MAAM,oBAAoB,GAGrC,KAAM,MAAK,eAAe,EAAU,GAAO,CAAU,EACrD,EAAO,MAAM,kBAAkB,CACnC,CAEA,AAAO,wBAAwB,EAA2B,EAAoB,CAC1E,GAAM,GAAS,KAAK,QAAQ,OAAO,yBAAyB,EAW5D,GAVI,EAAM,KAAO,EAAS,OACtB,EAAO,MAAM,GAAI,OAAM,sBAAsB,CAAC,EAMlD,EAAO,MAAM,iBAAiB,EAC9B,EAAS,UAAY,EAAM,KAEvB,EAAS,MACT,QAAO,KAAK,qBAAsB,EAAS,KAAK,EAC1C,GAAI,GAAc,CAAQ,CAExC,CAEA,AAAU,oBAAoB,EAA0B,EAA0B,CAhHtF,MAiHQ,GAAM,GAAS,KAAK,QAAQ,OAAO,qBAAqB,EA6BxD,GA5BI,EAAM,KAAO,EAAS,OACtB,EAAO,MAAM,GAAI,OAAM,sBAAsB,CAAC,EAG7C,EAAM,WACP,EAAO,MAAM,GAAI,OAAM,uBAAuB,CAAC,EAG9C,EAAM,WACP,EAAO,MAAM,GAAI,OAAM,uBAAuB,CAAC,EAI/C,KAAK,UAAU,YAAc,EAAM,WACnC,EAAO,MAAM,GAAI,OAAM,iDAAiD,CAAC,EAEzE,KAAK,UAAU,WAAa,KAAK,UAAU,YAAc,EAAM,WAC/D,EAAO,MAAM,GAAI,OAAM,iDAAiD,CAAC,EAM7E,EAAO,MAAM,iBAAiB,EAC9B,EAAS,UAAY,EAAM,KAE3B,KAAS,QAAT,SAAS,MAAU,EAAM,OAErB,EAAS,MACT,QAAO,KAAK,qBAAsB,EAAS,KAAK,EAC1C,GAAI,GAAc,CAAQ,EAGpC,AAAI,EAAM,eAAiB,CAAC,EAAS,MACjC,EAAO,MAAM,GAAI,OAAM,2BAA2B,CAAC,EAGnD,CAAC,EAAM,eAAiB,EAAS,MACjC,EAAO,MAAM,GAAI,OAAM,6BAA6B,CAAC,CAE7D,CAEA,KAAgB,gBAAe,EAA0B,EAAe,GAAO,EAAc,GAAqB,CAC9G,GAAM,GAAS,KAAK,QAAQ,OAAO,gBAAgB,EAGnD,GAFA,EAAS,QAAU,KAAK,sBAAsB,EAAS,OAAO,EAE1D,GAAgB,CAAC,KAAK,UAAU,cAAgB,CAAC,EAAS,aAAc,CACxE,EAAO,MAAM,uBAAuB,EACpC,MACJ,CAEA,EAAO,MAAM,mBAAmB,EAChC,GAAM,GAAS,KAAM,MAAK,iBAAiB,UAAU,EAAS,YAAY,EAC1E,EAAO,MAAM,mDAAmD,EAE5D,GAAe,EAAO,MAAQ,EAAS,QAAQ,KAC/C,EAAO,MAAM,GAAI,OAAM,mEAAmE,CAAC,EAG/F,EAAS,QAAU,KAAK,aAAa,EAAS,QAAS,KAAK,sBAAsB,CAAuB,CAAC,EAC1G,EAAO,MAAM,8CAA+C,EAAS,OAAO,CAChF,CAEA,AAAU,aAAa,EAAsB,EAAiC,CAC1E,GAAM,GAAS,CAAE,GAAG,CAAQ,EAE5B,OAAW,CAAC,EAAO,IAAW,QAAO,QAAQ,CAAO,EAChD,OAAW,KAAS,OAAM,QAAQ,CAAM,EAAI,EAAS,CAAC,CAAM,EAAG,CAC3D,GAAM,GAAgB,EAAO,GAC7B,AAAK,EAGA,AAAI,MAAM,QAAQ,CAAa,EAC3B,EAAc,SAAS,CAAK,GAC7B,EAAc,KAAK,CAAK,EAGvB,EAAO,KAAW,GACvB,CAAI,MAAO,IAAU,UAAY,KAAK,UAAU,YAC5C,EAAO,GAAS,KAAK,aAAa,EAA8B,CAAK,EAGrE,EAAO,GAAS,CAAC,EAAe,CAAK,GAZzC,EAAO,GAAS,CAexB,CAGJ,MAAO,EACX,CAEA,AAAU,sBAAsB,EAAkC,CAC9D,GAAM,GAAS,CAAE,GAAG,CAAO,EAE3B,GAAI,KAAK,UAAU,qBACf,OAAW,KAAQ,IACf,MAAO,GAAO,GAItB,MAAO,EACX,CAEA,KAAgB,cAAa,EAA0B,EAAmC,CACtF,GAAM,GAAS,KAAK,QAAQ,OAAO,cAAc,EACjD,GAAI,EAAS,KAAM,CACf,EAAO,MAAM,iBAAiB,EAC9B,GAAM,GAAgB,KAAM,MAAK,aAAa,aAAa,CACvD,UAAW,EAAM,UACjB,cAAe,EAAM,cACrB,KAAM,EAAS,KACf,aAAc,EAAM,aACpB,cAAe,EAAM,cACrB,GAAG,EAAM,gBACb,CAAC,EACD,OAAO,OAAO,EAAU,CAAa,CACzC,KACI,GAAO,MAAM,oBAAoB,CAEzC,CAEA,AAAU,2BAA2B,EAA0B,EAA6B,CA3OhG,MA4OQ,GAAM,GAAS,KAAK,QAAQ,OAAO,4BAA4B,EAE/D,EAAO,MAAM,uBAAuB,EACpC,GAAM,GAAU,EAAS,OAAO,KAAS,WAAT,OAAqB,EAAE,EAMvD,GAJK,EAAQ,KACT,EAAO,MAAM,GAAI,OAAM,qCAAqC,CAAC,EAG7D,EAAc,CACd,GAAM,GAAU,EAAS,OAAO,CAAY,EAC5C,AAAI,EAAQ,MAAQ,EAAQ,KACxB,EAAO,MAAM,GAAI,OAAM,4CAA4C,CAAC,EAEpE,EAAQ,WAAa,EAAQ,YAAc,EAAQ,WACnD,EAAO,MAAM,GAAI,OAAM,yDAAyD,CAAC,EAEjF,EAAQ,KAAO,EAAQ,MAAQ,EAAQ,KACvC,EAAO,MAAM,GAAI,OAAM,6CAA6C,CAAC,EAErE,CAAC,EAAQ,KAAO,EAAQ,KACxB,EAAO,MAAM,GAAI,OAAM,uDAAuD,CAAC,CAEvF,CAEA,EAAS,QAAU,CACvB,CACJ,EC9PO,GAAM,GAAN,KAAY,CAQf,AAAO,YAAY,EAKhB,CACC,KAAK,GAAK,EAAK,IAAM,EAAY,eAAe,EAChD,KAAK,KAAO,EAAK,KAEjB,AAAI,EAAK,SAAW,EAAK,QAAU,EAC/B,KAAK,QAAU,EAAK,QAGpB,KAAK,QAAU,EAAM,aAAa,EAEtC,KAAK,aAAe,EAAK,YAC7B,CAEA,AAAO,iBAA0B,CAC7B,UAAI,GAAO,OAAO,EAAE,OAAO,iBAAiB,EACrC,KAAK,UAAU,CAClB,GAAI,KAAK,GACT,KAAM,KAAK,KACX,QAAS,KAAK,QACd,aAAc,KAAK,YACvB,CAAC,CACL,CAEA,MAAc,mBAAkB,EAA8B,CAC1D,SAAO,aAAa,QAAS,mBAAmB,EACzC,GAAI,GAAM,KAAK,MAAM,CAAa,CAAC,CAC9C,CAEA,YAAoB,iBAAgB,EAAqB,EAA4B,CACjF,GAAM,GAAS,EAAO,aAAa,QAAS,iBAAiB,EACvD,EAAS,EAAM,aAAa,EAAI,EAEhC,EAAO,KAAM,GAAQ,WAAW,EACtC,EAAO,MAAM,WAAY,CAAI,EAE7B,OAAS,GAAI,EAAG,EAAI,EAAK,OAAQ,IAAK,CAClC,GAAM,GAAM,EAAK,GACX,EAAO,KAAM,GAAQ,IAAI,CAAG,EAC9B,EAAS,GAEb,GAAI,EACA,GAAI,CACA,GAAM,GAAQ,EAAM,kBAAkB,CAAI,EAE1C,EAAO,MAAM,qBAAsB,EAAK,EAAM,OAAO,EACjD,EAAM,SAAW,GACjB,GAAS,GAEjB,OACO,EAAP,CACI,EAAO,MAAM,+BAAgC,EAAK,CAAG,EACrD,EAAS,EACb,KAGA,GAAO,MAAM,8BAA+B,CAAG,EAC/C,EAAS,GAGb,AAAI,GACA,GAAO,MAAM,wBAAyB,CAAG,EACpC,EAAQ,OAAO,CAAG,EAE/B,CACJ,CACJ,EC9EO,GAAM,GAAN,aAA0B,EAAM,CAyBnC,AAAO,YAAY,EAehB,CACC,MAAM,CAAI,EAEV,AAAI,EAAK,gBAAkB,GACvB,KAAK,cAAgB,EAAY,qBAAqB,EAEjD,EAAK,eACV,MAAK,cAAgB,EAAK,eAG1B,KAAK,eACL,MAAK,eAAiB,EAAY,sBAAsB,KAAK,aAAa,GAG9E,KAAK,UAAY,EAAK,UACtB,KAAK,UAAY,EAAK,UACtB,KAAK,aAAe,EAAK,aACzB,KAAK,MAAQ,EAAK,MAClB,KAAK,cAAgB,EAAK,cAC1B,KAAK,iBAAmB,EAAK,iBAE7B,KAAK,cAAgB,EAAK,cAC1B,KAAK,aAAe,EAAK,YAC7B,CAEA,AAAO,iBAA0B,CAC7B,UAAI,GAAO,aAAa,EAAE,OAAO,iBAAiB,EAC3C,KAAK,UAAU,CAClB,GAAI,KAAK,GACT,KAAM,KAAK,KACX,QAAS,KAAK,QACd,aAAc,KAAK,aAEnB,cAAe,KAAK,cACpB,UAAW,KAAK,UAChB,UAAW,KAAK,UAChB,aAAc,KAAK,aACnB,MAAO,KAAK,MACZ,cAAe,KAAK,cACpB,iBAAmB,KAAK,iBACxB,cAAe,KAAK,cACpB,aAAc,KAAK,YACvB,CAAC,CACL,CAEA,MAAc,mBAAkB,EAAoC,CAChE,EAAO,aAAa,cAAe,mBAAmB,EACtD,GAAM,GAAO,KAAK,MAAM,CAAa,EACrC,MAAO,IAAI,GAAY,CAAI,CAC/B,CACJ,ECvDO,GAAM,IAAN,KAAoB,CAMvB,AAAO,YAAY,CAEf,MAAK,YAAW,YAAW,eAAc,gBAAe,QAExD,aAAY,gBAAe,eAAc,gBAAe,QACxD,eACA,mBACA,sBACG,GACe,CAdtB,KAAiB,QAAU,GAAI,GAAO,eAAe,EAejD,GAAI,CAAC,EACD,WAAK,QAAQ,MAAM,qBAAqB,EAClC,GAAI,OAAM,KAAK,EAEzB,GAAI,CAAC,EACD,WAAK,QAAQ,MAAM,2BAA2B,EACxC,GAAI,OAAM,WAAW,EAE/B,GAAI,CAAC,EACD,WAAK,QAAQ,MAAM,8BAA8B,EAC3C,GAAI,OAAM,cAAc,EAElC,GAAI,CAAC,EACD,WAAK,QAAQ,MAAM,+BAA+B,EAC5C,GAAI,OAAM,eAAe,EAEnC,GAAI,CAAC,EACD,WAAK,QAAQ,MAAM,uBAAuB,EACpC,GAAI,OAAM,OAAO,EAE3B,GAAI,CAAC,EACD,WAAK,QAAQ,MAAM,2BAA2B,EACxC,GAAI,OAAM,WAAW,EAG/B,KAAK,MAAQ,GAAI,GAAY,CACzB,KAAM,EACN,eACA,cAAe,GACf,YAAW,YAAW,eACtB,gBACA,gBAAe,QAAO,mBACtB,cACJ,CAAC,EAED,GAAM,GAAY,GAAI,KAAI,CAAG,EAC7B,EAAU,aAAa,OAAO,YAAa,CAAS,EACpD,EAAU,aAAa,OAAO,eAAgB,CAAY,EAC1D,EAAU,aAAa,OAAO,gBAAiB,CAAa,EAC5D,EAAU,aAAa,OAAO,QAAS,CAAK,EACxC,GACA,EAAU,aAAa,OAAO,QAAS,CAAK,EAGhD,EAAU,aAAa,OAAO,QAAS,KAAK,MAAM,EAAE,EAChD,KAAK,MAAM,gBACX,GAAU,aAAa,OAAO,iBAAkB,KAAK,MAAM,cAAc,EACzE,EAAU,aAAa,OAAO,wBAAyB,MAAM,GAGjE,OAAW,CAAC,EAAK,IAAU,QAAO,QAAQ,CAAE,gBAAe,GAAG,EAAgB,GAAG,CAAiB,CAAC,EAC/F,AAAI,GAAS,MACT,EAAU,aAAa,OAAO,EAAK,EAAM,SAAS,CAAC,EAI3D,KAAK,IAAM,EAAU,IACzB,CACJ,EChHA,GAAM,IAAY,SAKL,EAAN,KAAqB,CAqCxB,AAAO,YAAY,EAAyB,CAhB5C,KAAO,aAAe,GAEtB,KAAO,WAAa,GAYpB,KAAO,QAAuB,CAAC,EAG3B,KAAK,MAAQ,EAAO,IAAI,OAAO,EAC/B,KAAK,cAAgB,EAAO,IAAI,eAAe,EAE/C,KAAK,MAAQ,EAAO,IAAI,OAAO,EAC/B,KAAK,kBAAoB,EAAO,IAAI,mBAAmB,EACvD,KAAK,UAAY,EAAO,IAAI,WAAW,EAEvC,KAAK,KAAO,EAAO,IAAI,MAAM,CACjC,CAEA,GAAW,aAAiC,CACxC,GAAI,KAAK,aAAe,OAGxB,MAAO,MAAK,WAAa,EAAM,aAAa,CAChD,CACA,GAAW,YAAW,EAA2B,CAE7C,AAAI,MAAO,IAAU,UAAU,GAAQ,OAAO,CAAK,GAC/C,IAAU,QAAa,GAAS,GAChC,MAAK,WAAa,KAAK,MAAM,CAAK,EAAI,EAAM,aAAa,EAEjE,CAEA,GAAW,WAAoB,CAzEnC,MA0EQ,MAAO,SAAK,QAAL,cAAY,MAAM,KAAK,SAAS,MAAc,CAAC,CAAC,KAAK,QAChE,CACJ,ECpDO,GAAM,IAAN,KAAqB,CAMxB,AAAO,YAAY,CACf,MACA,aAAY,gBAAe,2BAA0B,mBAAkB,gBACpD,CARvB,KAAiB,QAAU,GAAI,GAAO,gBAAgB,EASlD,GAAI,CAAC,EACD,WAAK,QAAQ,MAAM,qBAAqB,EAClC,GAAI,OAAM,KAAK,EAGzB,GAAM,GAAY,GAAI,KAAI,CAAG,EAC7B,AAAI,GACA,EAAU,aAAa,OAAO,gBAAiB,CAAa,EAG5D,GACA,GAAU,aAAa,OAAO,2BAA4B,CAAwB,EAE9E,GACA,MAAK,MAAQ,GAAI,GAAM,CAAE,KAAM,EAAY,cAAa,CAAC,EAEzD,EAAU,aAAa,OAAO,QAAS,KAAK,MAAM,EAAE,IAI5D,OAAW,CAAC,EAAK,IAAU,QAAO,QAAQ,CAAE,GAAG,CAAiB,CAAC,EAC7D,AAAI,GAAS,MACT,EAAU,aAAa,OAAO,EAAK,EAAM,SAAS,CAAC,EAI3D,KAAK,IAAM,EAAU,IACzB,CACJ,ECxDO,GAAM,GAAN,KAAsB,CAczB,AAAO,YAAY,EAAyB,CACxC,KAAK,MAAQ,EAAO,IAAI,OAAO,EAE/B,KAAK,MAAQ,EAAO,IAAI,OAAO,EAC/B,KAAK,kBAAoB,EAAO,IAAI,mBAAmB,EACvD,KAAK,UAAY,EAAO,IAAI,WAAW,CAC3C,CACJ,ECyCO,GAAM,IAAN,KAAiB,CAQpB,AAAO,YAAY,EAA8B,CANjD,KAAmB,QAAU,GAAI,GAAO,YAAY,EAOhD,KAAK,SAAW,GAAI,GAAwB,CAAQ,EAEpD,KAAK,gBAAkB,GAAI,GAAgB,KAAK,QAAQ,EACxD,KAAK,WAAa,GAAI,IAAkB,KAAK,SAAU,KAAK,eAAe,EAC3E,KAAK,aAAe,GAAI,GAAY,KAAK,SAAU,KAAK,eAAe,CAC3E,CAEA,KAAa,qBAAoB,CAC7B,QACA,UACA,cACA,eACA,gBACA,aACA,eACA,QACA,gBAAgB,KAAK,SAAS,cAC9B,QAAQ,KAAK,SAAS,MACtB,eAAe,KAAK,SAAS,aAC7B,SAAS,KAAK,SAAS,OACvB,UAAU,KAAK,SAAS,QACxB,UAAU,KAAK,SAAS,QACxB,aAAa,KAAK,SAAS,WAC3B,aAAa,KAAK,SAAS,WAC3B,WAAW,KAAK,SAAS,SACzB,gBAAgB,KAAK,SAAS,cAC9B,mBAAmB,KAAK,SAAS,iBACjC,mBAAmB,KAAK,SAAS,kBACe,CAChD,GAAM,GAAS,KAAK,QAAQ,OAAO,qBAAqB,EAExD,GAAI,IAAkB,OAClB,KAAM,IAAI,OAAM,2DAA2D,EAG/E,GAAM,GAAM,KAAM,MAAK,gBAAgB,yBAAyB,EAChE,EAAO,MAAM,kCAAmC,CAAG,EAEnD,GAAM,GAAgB,GAAI,IAAc,CACpC,MACA,UAAW,KAAK,SAAS,UACzB,UAAW,KAAK,SAAS,UACzB,eACA,gBACA,QACA,WAAY,EACZ,SAAQ,UAAS,UAAS,aAAY,gBAAe,aAAY,aACjE,WAAU,UAAS,cAAa,mBAAkB,mBAAkB,eAAc,gBAClF,cAAe,KAAK,SAAS,cAC7B,eACA,OACJ,CAAC,EAGD,KAAM,MAAK,gBAAgB,EAE3B,GAAM,GAAc,EAAc,MAClC,YAAM,MAAK,SAAS,WAAW,IAAI,EAAY,GAAI,EAAY,gBAAgB,CAAC,EACzE,CACX,CAEA,KAAa,yBAAwB,EAAa,EAAc,GAAkE,CAC9H,GAAM,GAAS,KAAK,QAAQ,OAAO,yBAAyB,EAEtD,EAAW,GAAI,GAAe,EAAS,WAAW,EAAK,KAAK,SAAS,aAAa,CAAC,EACzF,GAAI,CAAC,EAAS,MACV,QAAO,MAAM,GAAI,OAAM,sBAAsB,CAAC,EAExC,KAGV,GAAM,GAAoB,KAAM,MAAK,SAAS,WAAW,EAAc,SAAW,OAAO,EAAS,KAAK,EACvG,GAAI,CAAC,EACD,QAAO,MAAM,GAAI,OAAM,oCAAoC,CAAC,EACtD,KAIV,MAAO,CAAE,MADK,EAAY,kBAAkB,CAAiB,EAC7C,UAAS,CAC7B,CAEA,KAAa,uBAAsB,EAAsC,CACrE,GAAM,GAAS,KAAK,QAAQ,OAAO,uBAAuB,EAEpD,CAAE,QAAO,YAAa,KAAM,MAAK,wBAAwB,EAAK,EAAI,EACxE,SAAO,MAAM,kDAAkD,EAC/D,KAAM,MAAK,WAAW,uBAAuB,EAAU,CAAK,EACrD,CACX,CAEA,KAAa,iBAAgB,CACzB,QACA,oBAC6C,CAC7C,GAAM,GAAS,KAAK,QAAQ,OAAO,iBAAiB,EAE9C,EAAS,KAAM,MAAK,aAAa,qBAAqB,CACxD,cAAe,EAAM,cACrB,MAAO,EAAM,MACb,kBACJ,CAAC,EACK,EAAW,GAAI,GAAe,GAAI,gBAAiB,EACzD,cAAO,OAAO,EAAU,CAAM,EAC9B,EAAO,MAAM,sBAAuB,CAAQ,EAC5C,KAAM,MAAK,WAAW,wBAAwB,EAAU,CAAK,EACtD,CACX,CAEA,KAAa,sBAAqB,CAC9B,QACA,gBACA,eACA,2BAA2B,KAAK,SAAS,yBACzC,mBAAmB,KAAK,SAAS,kBACP,CAAC,EAA4B,CACvD,GAAM,GAAS,KAAK,QAAQ,OAAO,sBAAsB,EAEnD,EAAM,KAAM,MAAK,gBAAgB,sBAAsB,EAC7D,GAAI,CAAC,EACD,QAAO,MAAM,GAAI,OAAM,yBAAyB,CAAC,EAC3C,KAGV,EAAO,MAAM,gCAAiC,CAAG,EAEjD,GAAM,GAAU,GAAI,IAAe,CAC/B,MACA,gBACA,2BACA,WAAY,EACZ,mBACA,cACJ,CAAC,EAGD,KAAM,MAAK,gBAAgB,EAE3B,GAAM,GAAe,EAAQ,MAC7B,MAAI,IACA,GAAO,MAAM,sCAAsC,EACnD,KAAM,MAAK,SAAS,WAAW,IAAI,EAAa,GAAI,EAAa,gBAAgB,CAAC,GAG/E,CACX,CAEA,KAAa,0BAAyB,EAAa,EAAc,GAAyE,CACtI,GAAM,GAAS,KAAK,QAAQ,OAAO,0BAA0B,EAEvD,EAAW,GAAI,GAAgB,EAAS,WAAW,EAAK,KAAK,SAAS,aAAa,CAAC,EAC1F,GAAI,CAAC,EAAS,MAAO,CAGjB,GAFA,EAAO,MAAM,sBAAsB,EAE/B,EAAS,MACT,QAAO,KAAK,sBAAuB,EAAS,KAAK,EAC3C,GAAI,GAAc,CAAQ,EAGpC,MAAO,CAAE,MAAO,OAAW,UAAS,CACxC,CAEA,GAAM,GAAoB,KAAM,MAAK,SAAS,WAAW,EAAc,SAAW,OAAO,EAAS,KAAK,EACvG,GAAI,CAAC,EACD,QAAO,MAAM,GAAI,OAAM,oCAAoC,CAAC,EACtD,KAIV,MAAO,CAAE,MADK,EAAM,kBAAkB,CAAiB,EACvC,UAAS,CAC7B,CAEA,KAAa,wBAAuB,EAAuC,CACvE,GAAM,GAAS,KAAK,QAAQ,OAAO,wBAAwB,EAErD,CAAE,QAAO,YAAa,KAAM,MAAK,yBAAyB,EAAK,EAAI,EACzE,MAAI,GACA,GAAO,MAAM,kDAAkD,EAC/D,KAAK,WAAW,wBAAwB,EAAU,CAAK,GAEvD,EAAO,MAAM,qDAAqD,EAG/D,CACX,CAEA,AAAO,iBAAiC,CACpC,YAAK,QAAQ,OAAO,iBAAiB,EAC9B,EAAM,gBAAgB,KAAK,SAAS,WAAY,KAAK,SAAS,sBAAsB,CAC/F,CAEA,KAAa,aAAY,EAAe,EAAwD,CAC5F,YAAK,QAAQ,OAAO,aAAa,EAC1B,KAAM,MAAK,aAAa,OAAO,CAClC,QACA,gBAAiB,CACrB,CAAC,CACL,CACJ,ECvQO,GAAM,GAAN,KAAqB,CAOxB,AAAO,YAA6B,EAA2B,CAA3B,oBANpC,KAAiB,QAAU,GAAI,GAAO,gBAAgB,EA2CtD,KAAU,OAAS,KACf,IAIgB,CAChB,GAAM,GAAgB,EAAK,cAC3B,GAAI,CAAC,EACD,OAEJ,GAAM,GAAS,KAAK,QAAQ,OAAO,QAAQ,EAa3C,GAXA,AAAI,EAAK,QACL,MAAK,KAAO,EAAK,QAAQ,IACzB,KAAK,KAAO,EAAK,QAAQ,IACzB,EAAO,MAAM,gBAAiB,EAAe,QAAS,KAAK,IAAI,GAG/D,MAAK,KAAO,OACZ,KAAK,KAAO,OACZ,EAAO,MAAM,gBAAiB,EAAe,kBAAkB,GAG/D,KAAK,oBAAqB,CAC1B,KAAK,oBAAoB,MAAM,CAAa,EAC5C,MACJ,CAEA,GAAI,CACA,GAAM,GAAM,KAAM,MAAK,aAAa,gBAAgB,sBAAsB,EAC1E,GAAI,EAAK,CACL,EAAO,MAAM,mCAAmC,EAEhD,GAAM,GAAY,KAAK,aAAa,SAAS,UACvC,EAAoB,KAAK,aAAa,SAAS,8BAC/C,EAAc,KAAK,aAAa,SAAS,wBAEzC,EAAqB,GAAI,GAAmB,KAAK,UAAW,EAAW,EAAK,EAAmB,CAAW,EAChH,KAAM,GAAmB,KAAK,EAC9B,KAAK,oBAAsB,EAC3B,EAAmB,MAAM,CAAa,CAC1C,KAEI,GAAO,KAAK,+CAA+C,CAEnE,OACO,EAAP,CAEI,EAAO,MAAM,oCAAqC,YAAe,OAAQ,EAAI,QAAU,CAAG,CAC9F,CACJ,EAEA,KAAU,MAAQ,IAAY,CAC1B,GAAM,GAAS,KAAK,QAAQ,OAAO,OAAO,EAQ1C,GAPA,KAAK,KAAO,OACZ,KAAK,KAAO,OAER,KAAK,qBACL,KAAK,oBAAoB,KAAK,EAG9B,KAAK,aAAa,SAAS,wBAAyB,CAIpD,GAAM,GAAc,YAAY,SAAY,CACxC,cAAc,CAAW,EAEzB,GAAI,CACA,GAAM,GAAU,KAAM,MAAK,aAAa,mBAAmB,EAC3D,GAAI,EAAS,CACT,GAAM,GAAU,CACZ,cAAe,EAAQ,cACvB,QAAS,EAAQ,KAAO,EAAQ,IAAM,CAClC,IAAK,EAAQ,IACb,IAAK,EAAQ,GACjB,EAAI,IACR,EACA,AAAK,KAAK,OAAO,CAAO,CAC5B,CACJ,OACO,EAAP,CAEI,EAAO,MAAM,gCAAiC,YAAe,OAAQ,EAAI,QAAU,CAAG,CAC1F,CACJ,EAAG,GAAI,CACX,CACJ,EAEA,KAAU,UAAY,SAA2B,CAC7C,GAAM,GAAS,KAAK,QAAQ,OAAO,WAAW,EAC9C,GAAI,CACA,GAAM,GAAU,KAAM,MAAK,aAAa,mBAAmB,EACvD,EAAa,GAEjB,AAAI,GAAW,KAAK,oBAChB,AAAI,EAAQ,MAAQ,KAAK,KACrB,GAAa,GACb,KAAK,oBAAoB,MAAM,EAAQ,aAAa,EAEpD,AAAI,EAAQ,MAAQ,KAAK,KACrB,EAAO,MAAM,iFAAkF,EAAQ,aAAa,EAGpH,GAAO,MAAM,4GAA6G,EAAQ,aAAa,EAC/I,KAAK,aAAa,OAAO,yBAAyB,IAItD,EAAO,MAAM,mCAAoC,EAAQ,GAAG,EAIhE,EAAO,MAAM,kCAAkC,EAGnD,AAAI,EACA,AAAI,KAAK,KACL,KAAK,aAAa,OAAO,oBAAoB,EAG7C,KAAK,aAAa,OAAO,mBAAmB,EAGhD,EAAO,MAAM,kDAAkD,CAEvE,OACO,EAAP,CACI,AAAI,KAAK,MACL,GAAO,MAAM,oEAAqE,CAAG,EACrF,KAAK,aAAa,OAAO,oBAAoB,EAErD,CACJ,EAzKI,AAAK,GACD,KAAK,QAAQ,MAAM,GAAI,OAAM,wBAAwB,CAAC,EAG1D,KAAK,aAAa,OAAO,cAAc,KAAK,MAAM,EAClD,KAAK,aAAa,OAAO,gBAAgB,KAAK,KAAK,EAEnD,KAAK,MAAM,EAAE,MAAM,AAAC,GAAiB,CAEjC,KAAK,QAAQ,MAAM,CAAG,CAC1B,CAAC,CACL,CAEA,KAAgB,QAAuB,CACnC,KAAK,QAAQ,OAAO,OAAO,EAC3B,GAAM,GAAO,KAAM,MAAK,aAAa,QAAQ,EAG7C,GAAI,EACA,AAAK,KAAK,OAAO,CAAI,UAEhB,KAAK,aAAa,SAAS,wBAAyB,CACzD,GAAM,GAAU,KAAM,MAAK,aAAa,mBAAmB,EAC3D,GAAI,EAAS,CACT,GAAM,GAAU,CACZ,cAAe,EAAQ,cACvB,QAAS,EAAQ,KAAO,EAAQ,IAAM,CAClC,IAAK,EAAQ,IACb,IAAK,EAAQ,GACjB,EAAI,IACR,EACA,AAAK,KAAK,OAAO,CAAO,CAC5B,CACJ,CACJ,CAwIJ,EC9KO,GAAM,GAAN,KAAW,CAsCd,AAAO,YAAY,EAUhB,CA/DP,MAgEQ,KAAK,SAAW,EAAK,SACrB,KAAK,cAAgB,KAAK,gBAAL,OAAsB,KAC3C,KAAK,aAAe,EAAK,aACzB,KAAK,cAAgB,EAAK,cAE1B,KAAK,WAAa,EAAK,WACvB,KAAK,MAAQ,EAAK,MAClB,KAAK,QAAU,EAAK,QACpB,KAAK,WAAa,EAAK,WACvB,KAAK,MAAQ,EAAK,SACtB,CAGA,GAAW,aAAiC,CACxC,GAAI,KAAK,aAAe,OAGxB,MAAO,MAAK,WAAa,EAAM,aAAa,CAChD,CAEA,GAAW,YAAW,EAA2B,CAC7C,AAAI,IAAU,QACV,MAAK,WAAa,KAAK,MAAM,CAAK,EAAI,EAAM,aAAa,EAEjE,CAGA,GAAW,UAA+B,CACtC,GAAM,GAAa,KAAK,WACxB,GAAI,IAAe,OAGnB,MAAO,IAAc,CACzB,CAGA,GAAW,SAAmB,CApGlC,QAqGQ,MAAO,WAAK,QAAL,cAAY,MAAM,OAAlB,OAA0B,CAAC,CACtC,CAEA,AAAO,iBAA0B,CAC7B,UAAI,GAAO,MAAM,EAAE,OAAO,iBAAiB,EACpC,KAAK,UAAU,CAClB,SAAU,KAAK,SACf,cAAe,KAAK,cACpB,aAAc,KAAK,aACnB,cAAe,KAAK,cACpB,WAAY,KAAK,WACjB,MAAO,KAAK,MACZ,QAAS,KAAK,QACd,WAAY,KAAK,UACrB,CAAC,CACL,CAEA,MAAc,mBAAkB,EAA6B,CACzD,SAAO,aAAa,OAAQ,mBAAmB,EACxC,GAAI,GAAK,KAAK,MAAM,CAAa,CAAC,CAC7C,CACJ,ECpHA,GAAM,IAAgB,cAcA,GAAf,KAAsD,CAAtD,cAEH,KAAmB,OAAS,GAAI,GAAuB,2BAA2B,EAClF,KAAmB,iBAAmB,GAAI,KAE1C,KAAU,QAA8B,KAExC,KAAa,UAAS,EAAmD,CACrE,GAAM,GAAS,KAAK,QAAQ,OAAO,UAAU,EAC7C,GAAI,CAAC,KAAK,QACN,KAAM,IAAI,OAAM,4CAA4C,EAGhE,EAAO,MAAM,uBAAuB,EACpC,KAAK,QAAQ,SAAS,QAAQ,EAAO,GAAG,EAExC,GAAM,CAAE,MAAK,YAAa,KAAM,IAAI,SAAqB,CAAC,EAAS,IAAW,CAC1E,GAAM,GAAW,AAAC,GAAoB,CArClD,MAsCgB,GAAM,GAAgC,EAAE,KAClC,EAAS,KAAO,eAAP,OAAuB,OAAO,SAAS,OACtD,GAAI,IAAE,SAAW,GAAU,kBAAM,UAAW,IAI5C,IAAI,CACA,GAAM,GAAQ,EAAS,WAAW,EAAK,IAAK,EAAO,aAAa,EAAE,IAAI,OAAO,EAI7E,GAHK,GACD,EAAO,KAAK,gCAAgC,EAE5C,EAAE,SAAW,KAAK,SAAW,IAAU,EAAO,MAG9C,MAER,MACA,CACI,KAAK,SAAS,EACd,EAAO,GAAI,OAAM,8BAA8B,CAAC,CACpD,CACA,EAAQ,CAAI,EAChB,EACA,OAAO,iBAAiB,UAAW,EAAU,EAAK,EAClD,KAAK,iBAAiB,IAAI,IAAM,OAAO,oBAAoB,UAAW,EAAU,EAAK,CAAC,EACtF,KAAK,iBAAiB,IAAI,KAAK,OAAO,WAAW,AAAC,GAAW,CACzD,KAAK,SAAS,EACd,EAAO,CAAM,CACjB,CAAC,CAAC,CACN,CAAC,EACD,SAAO,MAAM,0BAA0B,EACvC,KAAK,SAAS,EAET,GACD,KAAK,MAAM,EAGR,CAAE,KAAI,CACjB,CAIA,AAAQ,UAAiB,CACrB,KAAK,QAAQ,OAAO,UAAU,EAE9B,OAAW,KAAW,MAAK,iBACvB,EAAQ,EAEZ,KAAK,iBAAiB,MAAM,CAChC,CAEA,MAAiB,eAAc,EAAgB,EAAa,EAAW,GAAO,EAAe,OAAO,SAAS,OAAc,CACvH,EAAO,YAAY,CACf,OAAQ,GACR,MACA,UACJ,EAAkB,CAAY,CAClC,CACJ,ECxFO,GAAM,IAAkD,CAC3D,SAAU,GACV,QAAS,GACT,OAAQ,GACZ,EACa,GAAqB,SAC5B,GAAsD,GACtD,GAAuC,EAChC,GAAuC,GAyEvC,GAAN,aAAuC,EAAwB,CA6BlE,AAAO,YAAY,EAA2B,CAC1C,GAAM,CACF,qBAAqB,EAAK,aAC1B,iCAAiC,EAAK,yBACtC,sBAAsB,GACtB,oBAAoB,GACpB,iBAAiB,SACjB,iBAAiB,OAEjB,2BAA2B,EAAK,yBAChC,qBAAqB,EAAK,mBAE1B,sBAAsB,EAAK,aAC3B,gCAAgC,GAChC,uBAAuB,GACvB,2BAA2B,GAC3B,8BAA8B,GAE9B,iBAAiB,GACjB,0BAA0B,GAC1B,gCAAgC,GAChC,6BAA6B,OAC7B,0BAA0B,GAE1B,mBAAmB,CAAC,eAAgB,eAAe,EACnD,wBAAwB,GACxB,+CAA+C,GAE/C,aACA,EAEJ,MAAM,CAAI,EAEV,QAAK,mBAAqB,EAC1B,KAAK,+BAAiC,EACtC,KAAK,oBAAsB,EAC3B,KAAK,kBAAoB,EACzB,KAAK,eAAiB,EACtB,KAAK,eAAiB,EAEtB,KAAK,yBAA2B,EAChC,KAAK,mBAAqB,EAE1B,KAAK,oBAAsB,EAC3B,KAAK,8BAAgC,EACrC,KAAK,qBAAuB,EAC5B,KAAK,yBAA2B,EAChC,KAAK,4BAA8B,EAEnC,KAAK,eAAiB,EACtB,KAAK,wBAA0B,EAC/B,KAAK,8BAAgC,EACrC,KAAK,wBAA0B,EAC/B,KAAK,2BAA6B,EAElC,KAAK,iBAAmB,EACxB,KAAK,sBAAwB,EAC7B,KAAK,6CAA+C,EAEhD,EACA,KAAK,UAAY,MAEhB,CACD,GAAM,GAAQ,MAAO,SAAW,YAAc,OAAO,eAAiB,GAAI,GAC1E,KAAK,UAAY,GAAI,GAAqB,CAAE,OAAM,CAAC,CACvD,CACJ,CACJ,ECtKO,GAAM,GAAN,aAA2B,GAAoB,CAKlD,AAAO,YAAY,CACf,gCAAgC,IACb,CACnB,MAAM,EAPV,KAAmB,QAAU,GAAI,GAAO,cAAc,EAQlD,KAAK,kBAAoB,EAEzB,KAAK,OAAS,EAAa,mBAAmB,EAC9C,KAAK,QAAU,KAAK,OAAO,aAC/B,CAEA,MAAe,qBAAwC,CACnD,GAAM,GAAS,OAAO,SAAS,cAAc,QAAQ,EAGrD,SAAO,MAAM,WAAa,SAC1B,EAAO,MAAM,SAAW,QACxB,EAAO,MAAM,KAAO,UACpB,EAAO,MAAM,IAAM,IACnB,EAAO,MAAQ,IACf,EAAO,OAAS,IAChB,EAAO,aAAa,UAAW,6CAA6C,EAE5E,OAAO,SAAS,KAAK,YAAY,CAAM,EAChC,CACX,CAEA,KAAa,UAAS,EAAmD,CACrE,KAAK,QAAQ,MAAM,8BAA+B,KAAK,iBAAiB,EACxE,GAAM,GAAQ,WAAW,IAAM,KAAK,OAAO,MAAM,GAAI,GAAa,qCAAqC,CAAC,EAAG,KAAK,kBAAoB,GAAI,EACxI,YAAK,iBAAiB,IAAI,IAAM,aAAa,CAAK,CAAC,EAE5C,KAAM,OAAM,SAAS,CAAM,CACtC,CAEA,AAAO,OAAc,CA1DzB,MA2DQ,AAAI,KAAK,QACD,MAAK,OAAO,YACZ,MAAK,OAAO,iBAAiB,OAAQ,AAAC,GAAO,CA7D7D,MA8DoB,GAAM,GAAQ,EAAG,OACjB,KAAM,aAAN,QAAkB,YAAY,GAC9B,KAAK,OAAO,MAAM,GAAI,OAAM,yBAAyB,CAAC,CAC1D,EAAG,EAAI,EACP,QAAK,OAAO,gBAAZ,QAA2B,SAAS,QAAQ,gBAEhD,KAAK,OAAS,MAElB,KAAK,QAAU,IACnB,CAEA,MAAc,cAAa,EAAa,EAA6B,CACjE,MAAO,OAAM,cAAc,OAAO,OAAQ,EAAK,GAAO,CAAY,CACtE,CACJ,ECjEO,GAAM,IAAN,KAA4C,CAG/C,YAAoB,EAAqC,CAArC,iBAFpB,KAAiB,QAAU,GAAI,GAAO,iBAAiB,CAEG,CAE1D,KAAa,SAAQ,CACjB,gCAAgC,KAAK,UAAU,+BACL,CAC1C,MAAO,IAAI,GAAa,CAAE,+BAA8B,CAAC,CAC7D,CAEA,KAAa,UAAS,EAA4B,CAC9C,KAAK,QAAQ,OAAO,UAAU,EAC9B,EAAa,aAAa,EAAK,KAAK,UAAU,wBAAwB,CAC1E,CACJ,EClBA,GAAM,IAA8B,IAavB,GAAN,aAA0B,GAAoB,CAKjD,AAAO,YAAY,CACf,oBAAoB,GACpB,sBAAsB,CAAC,GACL,CAClB,MAAM,EARV,KAAmB,QAAU,GAAI,GAAO,aAAa,EASjD,GAAM,GAAgB,GAAW,OAAO,CAAE,GAAG,GAA4B,GAAG,CAAoB,CAAC,EACjG,KAAK,QAAU,OAAO,KAAK,OAAW,EAAmB,GAAW,UAAU,CAAa,CAAC,CAChG,CAEA,KAAa,UAAS,EAAmD,CAnC7E,MAoCQ,QAAK,UAAL,QAAc,QAEd,GAAM,GAAsB,YAAY,IAAM,CAC1C,AAAI,EAAC,KAAK,SAAW,KAAK,QAAQ,SAC9B,KAAK,OAAO,MAAM,GAAI,OAAM,sBAAsB,CAAC,CAE3D,EAAG,EAA2B,EAC9B,YAAK,iBAAiB,IAAI,IAAM,cAAc,CAAmB,CAAC,EAE3D,KAAM,OAAM,SAAS,CAAM,CACtC,CAEA,AAAO,OAAc,CACjB,AAAI,KAAK,SACA,MAAK,QAAQ,QACd,MAAK,QAAQ,MAAM,EACnB,KAAK,OAAO,MAAM,GAAI,OAAM,cAAc,CAAC,IAGnD,KAAK,QAAU,IACnB,CAEA,MAAc,cAAa,EAAa,EAAyB,CAC7D,GAAI,CAAC,OAAO,OACR,KAAM,IAAI,OAAM,gDAAgD,EAEpE,MAAO,OAAM,cAAc,OAAO,OAAQ,EAAK,CAAQ,CAC3D,CACJ,ECrDO,GAAM,IAAN,KAA2C,CAG9C,YAAoB,EAAqC,CAArC,iBAFpB,KAAiB,QAAU,GAAI,GAAO,gBAAgB,CAEI,CAE1D,KAAa,SAAQ,CACjB,sBAAsB,KAAK,UAAU,oBACrC,oBAAoB,KAAK,UAAU,mBACK,CACxC,MAAO,IAAI,IAAY,CAAE,sBAAqB,mBAAkB,CAAC,CACrE,CAEA,KAAa,UAAS,EAAa,EAAW,GAAsB,CAChE,KAAK,QAAQ,OAAO,UAAU,EAE9B,GAAY,aAAa,EAAK,CAAQ,CAC1C,CACJ,ECTO,GAAM,IAAN,KAA8C,CAGjD,YAAoB,EAAqC,CAArC,iBAFpB,KAAiB,QAAU,GAAI,GAAO,mBAAmB,CAEC,CAE1D,KAAa,SAAQ,CACjB,iBAAiB,KAAK,UAAU,eAChC,iBAAiB,KAAK,UAAU,gBACC,CA3BzC,MA4BQ,KAAK,QAAQ,OAAO,SAAS,EAC7B,GAAI,GAAe,OAAO,KAE1B,AAAI,IAAmB,OACnB,GAAe,UAAO,MAAP,OAAc,OAAO,MAGxC,GAAM,GAAW,EAAa,SAAS,GAAgB,KAAK,EAAa,QAAQ,EAC7E,EACJ,MAAO,CACH,SAAU,KAAO,IAA2B,CACxC,KAAK,QAAQ,OAAO,UAAU,EAE9B,GAAM,GAAU,GAAI,SAAQ,CAAC,EAAS,IAAW,CAC7C,EAAQ,CACZ,CAAC,EACD,SAAS,EAAO,GAAG,EACZ,KAAO,EAClB,EACA,MAAO,IAAM,CACT,KAAK,QAAQ,OAAO,OAAO,EAC3B,WAAQ,GAAI,OAAM,kBAAkB,GACpC,EAAa,KAAK,CACtB,CACJ,CACJ,CACJ,EClBO,GAAM,IAAN,aAAgC,EAAkB,CAUrD,AAAO,YAAY,EAAoC,CACnD,MAAM,CAAE,kCAAmC,EAAS,4CAA6C,CAAC,EAVtG,KAAmB,QAAU,GAAI,GAAO,mBAAmB,EAE3D,KAAiB,YAAc,GAAI,GAAc,aAAa,EAC9D,KAAiB,cAAgB,GAAI,GAAU,eAAe,EAC9D,KAAiB,kBAAoB,GAAI,GAAe,oBAAoB,EAC5E,KAAiB,cAAgB,GAAI,GAAU,gBAAgB,EAC/D,KAAiB,eAAiB,GAAI,GAAU,iBAAiB,EACjE,KAAiB,oBAAsB,GAAI,GAAU,sBAAsB,CAI3E,CAEA,AAAO,KAAK,EAAY,EAAW,GAAY,CAC3C,MAAM,KAAK,CAAI,EACX,GACA,KAAK,YAAY,MAAM,CAAI,CAEnC,CACA,AAAO,QAAe,CAClB,MAAM,OAAO,EACb,KAAK,cAAc,MAAM,CAC7B,CAKA,AAAO,cAAc,EAAoC,CACrD,MAAO,MAAK,YAAY,WAAW,CAAE,CACzC,CAIA,AAAO,iBAAiB,EAA8B,CAClD,MAAO,MAAK,YAAY,cAAc,CAAE,CAC5C,CAKA,AAAO,gBAAgB,EAAsC,CACzD,MAAO,MAAK,cAAc,WAAW,CAAE,CAC3C,CAIA,AAAO,mBAAmB,EAAgC,CACtD,MAAO,MAAK,cAAc,cAAc,CAAE,CAC9C,CAKA,AAAO,oBAAoB,EAA0C,CACjE,MAAO,MAAK,kBAAkB,WAAW,CAAE,CAC/C,CAIA,AAAO,uBAAuB,EAAoC,CAC9D,MAAO,MAAK,kBAAkB,cAAc,CAAE,CAClD,CAIA,AAAO,uBAAuB,EAAgB,CAC1C,KAAK,kBAAkB,MAAM,CAAC,CAClC,CAMA,AAAO,gBAAgB,EAAsC,CACzD,MAAO,MAAK,cAAc,WAAW,CAAE,CAC3C,CAIA,AAAO,mBAAmB,EAAgC,CACtD,KAAK,cAAc,cAAc,CAAE,CACvC,CAIA,AAAO,oBAA2B,CAC9B,KAAK,cAAc,MAAM,CAC7B,CAMA,AAAO,iBAAiB,EAAuC,CAC3D,MAAO,MAAK,eAAe,WAAW,CAAE,CAC5C,CAIA,AAAO,oBAAoB,EAAiC,CACxD,KAAK,eAAe,cAAc,CAAE,CACxC,CAIA,AAAO,qBAA4B,CAC/B,KAAK,eAAe,MAAM,CAC9B,CAMA,AAAO,sBAAsB,EAA4C,CACrE,MAAO,MAAK,oBAAoB,WAAW,CAAE,CACjD,CAIA,AAAO,yBAAyB,EAAsC,CAClE,KAAK,oBAAoB,cAAc,CAAE,CAC7C,CAIA,AAAO,0BAAiC,CACpC,KAAK,oBAAoB,MAAM,CACnC,CACJ,EC1JO,GAAM,IAAN,KAAyB,CAK5B,AAAO,YAAoB,EAA2B,CAA3B,oBAJ3B,KAAU,QAAU,GAAI,GAAO,oBAAoB,EACnD,KAAQ,WAAa,GACrB,KAAiB,YAAc,GAAI,GAAM,oBAAoB,EAgC7D,KAAU,eAAsC,SAAY,CACxD,GAAM,GAAS,KAAK,QAAQ,OAAO,gBAAgB,EACnD,GAAI,CACA,KAAM,MAAK,aAAa,aAAa,EACrC,EAAO,MAAM,iCAAiC,CAClD,OACO,EAAP,CACI,GAAI,YAAe,GAAc,CAE7B,EAAO,KAAK,kCAAmC,EAAK,aAAa,EACjE,KAAK,YAAY,KAAK,CAAC,EACvB,MACJ,CAEA,EAAO,MAAM,2BAA4B,CAAG,EAC5C,KAAK,aAAa,OAAO,uBAAuB,CAAY,CAChE,CACJ,CA/CuD,CAEvD,KAAa,QAAuB,CAChC,GAAM,GAAS,KAAK,QAAQ,OAAO,OAAO,EAC1C,GAAI,CAAC,KAAK,WAAY,CAClB,KAAK,WAAa,GAClB,KAAK,aAAa,OAAO,uBAAuB,KAAK,cAAc,EACnE,KAAK,YAAY,WAAW,KAAK,cAAc,EAG/C,GAAI,CACA,KAAM,MAAK,aAAa,QAAQ,CAEpC,OACO,EAAP,CAEI,EAAO,MAAM,gBAAiB,CAAG,CACrC,CACJ,CACJ,CAEA,AAAO,MAAa,CAChB,AAAI,KAAK,YACL,MAAK,YAAY,OAAO,EACxB,KAAK,YAAY,cAAc,KAAK,cAAc,EAClD,KAAK,aAAa,OAAO,0BAA0B,KAAK,cAAc,EACtE,KAAK,WAAa,GAE1B,CAoBJ,ECxDO,GAAM,IAAN,KAAmB,CAStB,YAAY,EAMT,CACC,KAAK,cAAgB,EAAK,cAC1B,KAAK,SAAW,EAAK,SACrB,KAAK,cAAgB,EAAK,cAC1B,KAAK,MAAQ,EAAK,MAClB,KAAK,KAAO,EAAK,KACrB,CACJ,ECsCO,GAAM,IAAN,KAAkB,CAarB,AAAO,YAAY,EAA+B,CAVlD,KAAmB,QAAU,GAAI,GAAO,aAAa,EAWjD,KAAK,SAAW,GAAI,IAAyB,CAAQ,EAErD,KAAK,QAAU,GAAI,IAAW,CAAQ,EAEtC,KAAK,mBAAqB,GAAI,IAAkB,KAAK,QAAQ,EAC7D,KAAK,gBAAkB,GAAI,IAAe,KAAK,QAAQ,EACvD,KAAK,iBAAmB,GAAI,IAAgB,KAAK,QAAQ,EAEzD,KAAK,QAAU,GAAI,IAAkB,KAAK,QAAQ,EAClD,KAAK,oBAAsB,GAAI,IAAmB,IAAI,EAGlD,KAAK,SAAS,sBACd,KAAK,iBAAiB,EAG1B,KAAK,gBAAkB,KACnB,KAAK,SAAS,gBACd,MAAK,gBAAkB,GAAI,GAAe,IAAI,EAGtD,CAGA,GAAW,SAA4B,CACnC,MAAO,MAAK,OAChB,CAGA,GAAW,kBAAmC,CAC1C,MAAO,MAAK,QAAQ,eACxB,CAKA,KAAa,UAAgC,CACzC,GAAM,GAAS,KAAK,QAAQ,OAAO,SAAS,EACtC,EAAO,KAAM,MAAK,UAAU,EAClC,MAAI,GACA,GAAO,KAAK,aAAa,EACzB,KAAK,QAAQ,KAAK,EAAM,EAAK,EACtB,GAGX,GAAO,KAAK,2BAA2B,EAChC,KACX,CAKA,KAAa,aAA4B,CACrC,GAAM,GAAS,KAAK,QAAQ,OAAO,YAAY,EAC/C,KAAM,MAAK,UAAU,IAAI,EACzB,EAAO,KAAK,2BAA2B,EACvC,KAAK,QAAQ,OAAO,CACxB,CAKA,KAAa,gBAAe,EAA2B,CAAC,EAAkB,CACtE,KAAK,QAAQ,OAAO,gBAAgB,EACpC,GAAM,CACF,oBACG,GACH,EACE,EAAS,KAAM,MAAK,mBAAmB,QAAQ,CAAE,gBAAe,CAAC,EACvE,KAAM,MAAK,aAAa,CACpB,aAAc,OACd,GAAG,CACP,EAAG,CAAM,CACb,CAKA,KAAa,wBAAuB,EAAM,OAAO,SAAS,KAAqB,CAC3E,GAAM,GAAS,KAAK,QAAQ,OAAO,wBAAwB,EACrD,EAAO,KAAM,MAAK,WAAW,CAAG,EACtC,MAAI,GAAK,SAAW,EAAK,QAAQ,IAC7B,EAAO,KAAK,6BAA8B,EAAK,QAAQ,GAAG,EAG1D,EAAO,KAAK,YAAY,EAGrB,CACX,CAKA,KAAa,aAAY,EAAwB,CAAC,EAAkB,CAChE,GAAM,GAAS,KAAK,QAAQ,OAAO,aAAa,EAC1C,CACF,sBACA,uBACG,GACH,EACE,EAAM,KAAK,SAAS,mBAC1B,AAAK,GACD,EAAO,MAAM,GAAI,OAAM,kCAAkC,CAAC,EAG9D,GAAM,GAAS,KAAM,MAAK,gBAAgB,QAAQ,CAAE,sBAAqB,mBAAkB,CAAC,EACtF,EAAO,KAAM,MAAK,QAAQ,CAC5B,aAAc,OACd,aAAc,EACd,QAAS,QACT,GAAG,CACP,EAAG,CAAM,EACT,MAAI,IACA,CAAI,EAAK,SAAW,EAAK,QAAQ,IAC7B,EAAO,KAAK,6BAA8B,EAAK,QAAQ,GAAG,EAG1D,EAAO,KAAK,YAAY,GAIzB,CACX,CAIA,KAAa,qBAAoB,EAAM,OAAO,SAAS,KAAM,EAAW,GAAsB,CAC1F,GAAM,GAAS,KAAK,QAAQ,OAAO,qBAAqB,EACxD,KAAM,MAAK,gBAAgB,SAAS,EAAK,CAAQ,EACjD,EAAO,KAAK,SAAS,CACzB,CAMA,KAAa,cAAa,EAAyB,CAAC,EAAyB,CA3NjF,MA4NQ,GAAM,GAAS,KAAK,QAAQ,OAAO,cAAc,EAC3C,CACF,mCACG,GACH,EAEA,EAAO,KAAM,MAAK,UAAU,EAChC,GAAI,WAAM,cAAe,CACrB,EAAO,MAAM,qBAAqB,EAClC,GAAM,GAAQ,GAAI,IAAa,CAAsB,EACrD,MAAO,MAAM,MAAK,iBAAiB,CAAK,CAC5C,CAEA,GAAM,GAAM,KAAK,SAAS,oBAC1B,AAAK,GACD,EAAO,MAAM,GAAI,OAAM,mCAAmC,CAAC,EAG/D,GAAI,GACJ,AAAI,GAAQ,KAAK,SAAS,0BACtB,GAAO,MAAM,iCAAkC,EAAK,QAAQ,GAAG,EAC/D,EAAY,EAAK,QAAQ,KAG7B,GAAM,GAAS,KAAM,MAAK,iBAAiB,QAAQ,CAAE,+BAA8B,CAAC,EACpF,SAAO,KAAM,MAAK,QAAQ,CACtB,aAAc,OACd,aAAc,EACd,OAAQ,OACR,cAAe,KAAK,SAAS,4BAA8B,iBAAM,SAAW,OAC5E,GAAG,CACP,EAAG,EAAQ,CAAS,EAChB,GACA,CAAI,KAAK,UAAL,QAAc,IACd,EAAO,KAAK,6BAA8B,EAAK,QAAQ,GAAG,EAG1D,EAAO,KAAK,YAAY,GAIzB,CACX,CAEA,KAAgB,kBAAiB,EAAoC,CACjE,GAAM,GAAW,KAAM,MAAK,QAAQ,gBAAgB,CAChD,QACA,iBAAkB,KAAK,SAAS,6BACpC,CAAC,EACK,EAAO,GAAI,GAAK,CAAE,GAAG,EAAO,GAAG,CAAS,CAAC,EAE/C,YAAM,MAAK,UAAU,CAAI,EACzB,KAAK,QAAQ,KAAK,CAAI,EACf,CACX,CAKA,KAAa,sBAAqB,EAAM,OAAO,SAAS,KAAqB,CACzE,GAAM,GAAS,KAAK,QAAQ,OAAO,sBAAsB,EACzD,KAAM,MAAK,iBAAiB,SAAS,CAAG,EACxC,EAAO,KAAK,SAAS,CACzB,CAEA,KAAa,gBAAe,EAAM,OAAO,SAAS,KAA4B,CAC1E,GAAM,CAAE,SAAU,KAAM,MAAK,QAAQ,wBAAwB,CAAG,EAChE,OAAQ,EAAM,kBACL,OACD,MAAO,MAAM,MAAK,uBAAuB,CAAG,MAC3C,OACD,MAAO,MAAM,MAAK,oBAAoB,CAAG,MACxC,OACD,MAAO,MAAM,MAAK,qBAAqB,CAAG,UAE1C,KAAM,IAAI,OAAM,gCAAgC,EAE5D,CAEA,KAAa,iBAAgB,EAAM,OAAO,SAAS,KAAM,EAAW,GAAsB,CACtF,GAAM,CAAE,SAAU,KAAM,MAAK,QAAQ,yBAAyB,CAAG,EACjE,GAAI,EAAC,EAIL,OAAQ,EAAM,kBACL,OACD,KAAM,MAAK,wBAAwB,CAAG,EACtC,UACC,OACD,KAAM,MAAK,qBAAqB,EAAK,CAAQ,EAC7C,cAEA,KAAM,IAAI,OAAM,gCAAgC,EAE5D,CAKA,KAAa,oBAAmB,EAA+B,CAAC,EAAkC,CAC9F,GAAM,GAAS,KAAK,QAAQ,OAAO,oBAAoB,EACjD,CACF,mCACG,GACH,EACE,EAAM,KAAK,SAAS,oBAC1B,AAAK,GACD,EAAO,MAAM,GAAI,OAAM,mCAAmC,CAAC,EAG/D,GAAM,GAAS,KAAM,MAAK,iBAAiB,QAAQ,CAAE,+BAA8B,CAAC,EAC9E,EAAc,KAAM,MAAK,aAAa,CACxC,aAAc,OACd,aAAc,EACd,OAAQ,OACR,cAAe,KAAK,SAAS,2BAC7B,MAAO,SACP,aAAc,GACd,GAAG,CACP,EAAG,CAAM,EACT,GAAI,CACA,GAAM,GAAiB,KAAM,MAAK,QAAQ,sBAAsB,EAAY,GAAG,EAG/E,MAFA,GAAO,MAAM,qBAAqB,EAE9B,EAAe,eAAiB,EAAe,QAAQ,IACvD,GAAO,KAAK,sBAAuB,EAAe,QAAQ,GAAG,EACtD,CACH,cAAe,EAAe,cAC9B,IAAK,EAAe,QAAQ,IAC5B,IAAK,EAAe,QAAQ,GAChC,GAGJ,GAAO,KAAK,iCAAiC,EACtC,KACX,OACO,EAAP,CACI,GAAI,KAAK,SAAS,yBAA2B,YAAe,GACxD,OAAQ,EAAI,WACH,qBACA,uBACA,2BACA,6BACD,SAAO,KAAK,4BAA4B,EACjC,CAEH,cAAe,EAAI,aACvB,EAGZ,KAAM,EACV,CACJ,CAEA,KAAgB,SAAQ,EAA+B,EAAiB,EAAmC,CACvG,GAAM,GAAc,KAAM,MAAK,aAAa,EAAM,CAAM,EACxD,MAAO,MAAM,MAAK,WAAW,EAAY,IAAK,CAAS,CAC3D,CACA,KAAgB,cAAa,EAA+B,EAA4C,CACpG,GAAM,GAAS,KAAK,QAAQ,OAAO,cAAc,EAEjD,GAAI,CACA,GAAM,GAAgB,KAAM,MAAK,QAAQ,oBAAoB,CAAI,EACjE,SAAO,MAAM,oBAAoB,EAE1B,KAAM,GAAO,SAAS,CACzB,IAAK,EAAc,IACnB,MAAO,EAAc,MAAM,GAC3B,cAAe,EAAc,MAAM,cACnC,aAAc,KAAK,SAAS,kBAChC,CAAC,CACL,OACO,EAAP,CACI,QAAO,MAAM,2DAA2D,EACxE,EAAO,MAAM,EACP,CACV,CACJ,CACA,KAAgB,YAAW,EAAa,EAAmC,CACvE,GAAM,GAAS,KAAK,QAAQ,OAAO,YAAY,EACzC,EAAiB,KAAM,MAAK,QAAQ,sBAAsB,CAAG,EACnE,EAAO,MAAM,qBAAqB,EAElC,GAAM,GAAO,GAAI,GAAK,CAAc,EACpC,GAAI,EAAW,CACX,GAAI,IAAc,EAAK,QAAQ,IAC3B,QAAO,MAAM,0EAA2E,EAAK,QAAQ,GAAG,EAClG,GAAI,GAAc,CAAE,GAAG,EAAgB,MAAO,gBAAiB,CAAC,EAE1E,EAAO,MAAM,gDAAgD,CACjE,CAEA,YAAM,MAAK,UAAU,CAAI,EACzB,EAAO,MAAM,aAAa,EAC1B,KAAK,QAAQ,KAAK,CAAI,EAEf,CACX,CAKA,KAAa,iBAAgB,EAA4B,CAAC,EAAkB,CACxE,GAAM,GAAS,KAAK,QAAQ,OAAO,iBAAiB,EAC9C,CACF,oBACG,GACH,EACE,EAAS,KAAM,MAAK,mBAAmB,QAAQ,CAAE,gBAAe,CAAC,EACvE,KAAM,MAAK,cAAc,CACrB,aAAc,OACd,yBAA0B,KAAK,SAAS,yBACxC,GAAG,CACP,EAAG,CAAM,EACT,EAAO,KAAK,SAAS,CACzB,CAKA,KAAa,yBAAwB,EAAM,OAAO,SAAS,KAAgC,CACvF,GAAM,GAAS,KAAK,QAAQ,OAAO,yBAAyB,EACtD,EAAW,KAAM,MAAK,YAAY,CAAG,EAC3C,SAAO,KAAK,SAAS,EACd,CACX,CAKA,KAAa,cAAa,EAAyB,CAAC,EAAkB,CAClE,GAAM,GAAS,KAAK,QAAQ,OAAO,cAAc,EAC3C,CACF,sBACA,uBACG,GACH,EACE,EAAM,KAAK,SAAS,+BAEpB,EAAS,KAAM,MAAK,gBAAgB,QAAQ,CAAE,sBAAqB,mBAAkB,CAAC,EAC5F,KAAM,MAAK,SAAS,CAChB,aAAc,OACd,yBAA0B,EAM1B,MAAO,GAAO,KAAO,OAAY,CAAC,EAClC,GAAG,CACP,EAAG,CAAM,EACT,EAAO,KAAK,SAAS,CACzB,CAKA,KAAa,sBAAqB,EAAM,OAAO,SAAS,KAAM,EAAW,GAAsB,CAC3F,GAAM,GAAS,KAAK,QAAQ,OAAO,sBAAsB,EACzD,KAAM,MAAK,gBAAgB,SAAS,EAAK,CAAQ,EACjD,EAAO,KAAK,SAAS,CACzB,CAEA,KAAgB,UAAS,EAAgC,EAA2C,CAChG,GAAM,GAAc,KAAM,MAAK,cAAc,EAAM,CAAM,EACzD,MAAO,MAAM,MAAK,YAAY,EAAY,GAAG,CACjD,CACA,KAAgB,eAAc,EAAiC,CAAC,EAAG,EAA4C,CAxenH,MAyeQ,GAAM,GAAS,KAAK,QAAQ,OAAO,eAAe,EAElD,GAAI,CACA,GAAM,GAAO,KAAM,MAAK,UAAU,EAClC,EAAO,MAAM,kCAAkC,EAE3C,KAAK,SAAS,uBACd,KAAM,MAAK,gBAAgB,CAAI,EAGnC,GAAM,GAAW,EAAK,eAAiB,GAAQ,EAAK,SACpD,AAAI,GACA,GAAO,MAAM,0CAA0C,EACvD,EAAK,cAAgB,GAGzB,KAAM,MAAK,WAAW,EACtB,EAAO,MAAM,wCAAwC,EAErD,GAAM,GAAiB,KAAM,MAAK,QAAQ,qBAAqB,CAAI,EACnE,SAAO,MAAM,qBAAqB,EAE3B,KAAM,GAAO,SAAS,CACzB,IAAK,EAAe,IACpB,MAAO,KAAe,QAAf,cAAsB,EACjC,CAAC,CACL,OACO,EAAP,CACI,QAAO,MAAM,2DAA2D,EACxE,EAAO,MAAM,EACP,CACV,CACJ,CACA,KAAgB,aAAY,EAAuC,CAC/D,GAAM,GAAS,KAAK,QAAQ,OAAO,aAAa,EAC1C,EAAkB,KAAM,MAAK,QAAQ,uBAAuB,CAAG,EACrE,SAAO,MAAM,sBAAsB,EAE5B,CACX,CAEA,KAAa,cAAa,EAA0C,CAChE,GAAM,GAAO,KAAM,MAAK,UAAU,EAClC,KAAM,MAAK,gBAAgB,EAAM,CAAK,CAC1C,CAEA,KAAgB,iBAAgB,EAAmB,EAAQ,KAAK,SAAS,iBAAiC,CACtG,GAAM,GAAS,KAAK,QAAQ,OAAO,iBAAiB,EACpD,GAAI,CAAC,EAAM,OAEX,GAAM,GAAe,EAAM,OAAO,GAAQ,MAAO,GAAK,IAAU,QAAQ,EAExE,GAAI,CAAC,EAAa,OAAQ,CACtB,EAAO,MAAM,sCAAsC,EACnD,MACJ,CAGA,OAAW,KAAQ,GACf,KAAM,MAAK,QAAQ,YACf,EAAK,GACL,CACJ,EACA,EAAO,KAAK,GAAG,wBAA2B,EACtC,IAAS,gBACT,GAAK,GAAQ,MAIrB,KAAM,MAAK,UAAU,CAAI,EACzB,EAAO,MAAM,aAAa,EAC1B,KAAK,QAAQ,KAAK,CAAI,CAC1B,CAKA,AAAO,kBAAyB,CAC5B,KAAK,QAAQ,OAAO,kBAAkB,EACjC,KAAK,oBAAoB,MAAM,CACxC,CAKA,AAAO,iBAAwB,CAC3B,KAAK,oBAAoB,KAAK,CAClC,CAEA,GAAc,gBAAwB,CAClC,MAAO,QAAQ,KAAK,SAAS,aAAa,KAAK,SAAS,WAC5D,CAEA,KAAgB,YAAkC,CAC9C,GAAM,GAAS,KAAK,QAAQ,OAAO,WAAW,EACxC,EAAgB,KAAM,MAAK,SAAS,UAAU,IAAI,KAAK,aAAa,EAC1E,MAAI,GACA,GAAO,MAAM,2BAA2B,EACjC,EAAK,kBAAkB,CAAa,GAG/C,GAAO,MAAM,uBAAuB,EAC7B,KACX,CAEA,KAAa,WAAU,EAAkC,CACrD,GAAM,GAAS,KAAK,QAAQ,OAAO,WAAW,EAC9C,GAAI,EAAM,CACN,EAAO,MAAM,cAAc,EAC3B,GAAM,GAAgB,EAAK,gBAAgB,EAC3C,KAAM,MAAK,SAAS,UAAU,IAAI,KAAK,cAAe,CAAa,CACvE,KAEI,MAAK,QAAQ,MAAM,eAAe,EAClC,KAAM,MAAK,SAAS,UAAU,OAAO,KAAK,aAAa,CAE/D,CAKA,KAAa,kBAAiC,CAC1C,KAAM,MAAK,QAAQ,gBAAgB,CACvC,CACJ,iBC/lBO,GAAM,IAAkB", "names": [] }