| 1 | {"version":3,"file":"auth0-spa-js.development.js","sources":["../node_modules/tslib/tslib.es6.js","../node_modules/browser-tabs-lock/processLock.js","../node_modules/browser-tabs-lock/index.js","../src/version.ts","../src/constants.ts","../src/errors.ts","../src/utils.ts","../src/worker/worker.utils.ts","../src/http.ts","../src/api.ts","../src/scope.ts","../src/cache/shared.ts","../src/cache/cache-localstorage.ts","../src/cache/cache-memory.ts","../src/cache/cache-manager.ts","../src/transaction-manager.ts","../src/jwt.ts","../node_modules/es-cookie/src/es-cookie.js","../src/storage.ts","../src/promise-utils.ts","../src/cache/key-manifest.ts","../src/Auth0Client.utils.ts","../src/Auth0Client.ts","../src/global.ts","../src/index.ts"],"sourcesContent":["/******************************************************************************\r\nCopyright (c) Microsoft Corporation.\r\n\r\nPermission to use, copy, modify, and/or distribute this software for any\r\npurpose with or without fee is hereby granted.\r\n\r\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\r\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\r\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\r\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\r\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\r\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\r\nPERFORMANCE OF THIS SOFTWARE.\r\n***************************************************************************** */\r\n/* global Reflect, Promise */\r\n\r\nvar extendStatics = function(d, b) {\r\n extendStatics = Object.setPrototypeOf ||\r\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\r\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\r\n return extendStatics(d, b);\r\n};\r\n\r\nexport function __extends(d, b) {\r\n if (typeof b !== \"function\" && b !== null)\r\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\r\n extendStatics(d, b);\r\n function __() { this.constructor = d; }\r\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\r\n}\r\n\r\nexport var __assign = function() {\r\n __assign = Object.assign || function __assign(t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];\r\n }\r\n return t;\r\n }\r\n return __assign.apply(this, arguments);\r\n}\r\n\r\nexport function __rest(s, e) {\r\n var t = {};\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)\r\n t[p] = s[p];\r\n if (s != null && typeof Object.getOwnPropertySymbols === \"function\")\r\n for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {\r\n if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))\r\n t[p[i]] = s[p[i]];\r\n }\r\n return t;\r\n}\r\n\r\nexport function __decorate(decorators, target, key, desc) {\r\n var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;\r\n if (typeof Reflect === \"object\" && typeof Reflect.decorate === \"function\") r = Reflect.decorate(decorators, target, key, desc);\r\n else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;\r\n return c > 3 && r && Object.defineProperty(target, key, r), r;\r\n}\r\n\r\nexport function __param(paramIndex, decorator) {\r\n return function (target, key) { decorator(target, key, paramIndex); }\r\n}\r\n\r\nexport function __metadata(metadataKey, metadataValue) {\r\n if (typeof Reflect === \"object\" && typeof Reflect.metadata === \"function\") return Reflect.metadata(metadataKey, metadataValue);\r\n}\r\n\r\nexport function __awaiter(thisArg, _arguments, P, generator) {\r\n function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\r\n return new (P || (P = Promise))(function (resolve, reject) {\r\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\r\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\r\n function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\r\n step((generator = generator.apply(thisArg, _arguments || [])).next());\r\n });\r\n}\r\n\r\nexport function __generator(thisArg, body) {\r\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\r\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\r\n function verb(n) { return function (v) { return step([n, v]); }; }\r\n function step(op) {\r\n if (f) throw new TypeError(\"Generator is already executing.\");\r\n while (_) try {\r\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\r\n if (y = 0, t) op = [op[0] & 2, t.value];\r\n switch (op[0]) {\r\n case 0: case 1: t = op; break;\r\n case 4: _.label++; return { value: op[1], done: false };\r\n case 5: _.label++; y = op[1]; op = [0]; continue;\r\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\r\n default:\r\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\r\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\r\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\r\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\r\n if (t[2]) _.ops.pop();\r\n _.trys.pop(); continue;\r\n }\r\n op = body.call(thisArg, _);\r\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\r\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\r\n }\r\n}\r\n\r\nexport var __createBinding = Object.create ? (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n var desc = Object.getOwnPropertyDescriptor(m, k);\r\n if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\r\n desc = { enumerable: true, get: function() { return m[k]; } };\r\n }\r\n Object.defineProperty(o, k2, desc);\r\n}) : (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n o[k2] = m[k];\r\n});\r\n\r\nexport function __exportStar(m, o) {\r\n for (var p in m) if (p !== \"default\" && !Object.prototype.hasOwnProperty.call(o, p)) __createBinding(o, m, p);\r\n}\r\n\r\nexport function __values(o) {\r\n var s = typeof Symbol === \"function\" && Symbol.iterator, m = s && o[s], i = 0;\r\n if (m) return m.call(o);\r\n if (o && typeof o.length === \"number\") return {\r\n next: function () {\r\n if (o && i >= o.length) o = void 0;\r\n return { value: o && o[i++], done: !o };\r\n }\r\n };\r\n throw new TypeError(s ? \"Object is not iterable.\" : \"Symbol.iterator is not defined.\");\r\n}\r\n\r\nexport function __read(o, n) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator];\r\n if (!m) return o;\r\n var i = m.call(o), r, ar = [], e;\r\n try {\r\n while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);\r\n }\r\n catch (error) { e = { error: error }; }\r\n finally {\r\n try {\r\n if (r && !r.done && (m = i[\"return\"])) m.call(i);\r\n }\r\n finally { if (e) throw e.error; }\r\n }\r\n return ar;\r\n}\r\n\r\n/** @deprecated */\r\nexport function __spread() {\r\n for (var ar = [], i = 0; i < arguments.length; i++)\r\n ar = ar.concat(__read(arguments[i]));\r\n return ar;\r\n}\r\n\r\n/** @deprecated */\r\nexport function __spreadArrays() {\r\n for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length;\r\n for (var r = Array(s), k = 0, i = 0; i < il; i++)\r\n for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)\r\n r[k] = a[j];\r\n return r;\r\n}\r\n\r\nexport function __spreadArray(to, from, pack) {\r\n if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {\r\n if (ar || !(i in from)) {\r\n if (!ar) ar = Array.prototype.slice.call(from, 0, i);\r\n ar[i] = from[i];\r\n }\r\n }\r\n return to.concat(ar || Array.prototype.slice.call(from));\r\n}\r\n\r\nexport function __await(v) {\r\n return this instanceof __await ? (this.v = v, this) : new __await(v);\r\n}\r\n\r\nexport function __asyncGenerator(thisArg, _arguments, generator) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var g = generator.apply(thisArg, _arguments || []), i, q = [];\r\n return i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i;\r\n function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }\r\n function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }\r\n function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }\r\n function fulfill(value) { resume(\"next\", value); }\r\n function reject(value) { resume(\"throw\", value); }\r\n function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }\r\n}\r\n\r\nexport function __asyncDelegator(o) {\r\n var i, p;\r\n return i = {}, verb(\"next\"), verb(\"throw\", function (e) { throw e; }), verb(\"return\"), i[Symbol.iterator] = function () { return this; }, i;\r\n function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === \"return\" } : f ? f(v) : v; } : f; }\r\n}\r\n\r\nexport function __asyncValues(o) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var m = o[Symbol.asyncIterator], i;\r\n return m ? m.call(o) : (o = typeof __values === \"function\" ? __values(o) : o[Symbol.iterator](), i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i);\r\n function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }\r\n function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }\r\n}\r\n\r\nexport function __makeTemplateObject(cooked, raw) {\r\n if (Object.defineProperty) { Object.defineProperty(cooked, \"raw\", { value: raw }); } else { cooked.raw = raw; }\r\n return cooked;\r\n};\r\n\r\nvar __setModuleDefault = Object.create ? (function(o, v) {\r\n Object.defineProperty(o, \"default\", { enumerable: true, value: v });\r\n}) : function(o, v) {\r\n o[\"default\"] = v;\r\n};\r\n\r\nexport function __importStar(mod) {\r\n if (mod && mod.__esModule) return mod;\r\n var result = {};\r\n if (mod != null) for (var k in mod) if (k !== \"default\" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\r\n __setModuleDefault(result, mod);\r\n return result;\r\n}\r\n\r\nexport function __importDefault(mod) {\r\n return (mod && mod.__esModule) ? mod : { default: mod };\r\n}\r\n\r\nexport function __classPrivateFieldGet(receiver, state, kind, f) {\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a getter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot read private member from an object whose class did not declare it\");\r\n return kind === \"m\" ? f : kind === \"a\" ? f.call(receiver) : f ? f.value : state.get(receiver);\r\n}\r\n\r\nexport function __classPrivateFieldSet(receiver, state, value, kind, f) {\r\n if (kind === \"m\") throw new TypeError(\"Private method is not writable\");\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a setter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot write private member to an object whose class did not declare it\");\r\n return (kind === \"a\" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;\r\n}\r\n\r\nexport function __classPrivateFieldIn(state, receiver) {\r\n if (receiver === null || (typeof receiver !== \"object\" && typeof receiver !== \"function\")) throw new TypeError(\"Cannot use 'in' operator on non-object\");\r\n return typeof state === \"function\" ? receiver === state : state.has(receiver);\r\n}\r\n","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nvar ProcessLocking = /** @class */ (function () {\n function ProcessLocking() {\n var _this = this;\n this.locked = new Map();\n this.addToLocked = function (key, toAdd) {\n var callbacks = _this.locked.get(key);\n if (callbacks === undefined) {\n if (toAdd === undefined) {\n _this.locked.set(key, []);\n }\n else {\n _this.locked.set(key, [toAdd]);\n }\n }\n else {\n if (toAdd !== undefined) {\n callbacks.unshift(toAdd);\n _this.locked.set(key, callbacks);\n }\n }\n };\n this.isLocked = function (key) {\n return _this.locked.has(key);\n };\n this.lock = function (key) {\n return new Promise(function (resolve, reject) {\n if (_this.isLocked(key)) {\n _this.addToLocked(key, resolve);\n }\n else {\n _this.addToLocked(key);\n resolve();\n }\n });\n };\n this.unlock = function (key) {\n var callbacks = _this.locked.get(key);\n if (callbacks === undefined || callbacks.length === 0) {\n _this.locked.delete(key);\n return;\n }\n var toCall = callbacks.pop();\n _this.locked.set(key, callbacks);\n if (toCall !== undefined) {\n setTimeout(toCall, 0);\n }\n };\n }\n ProcessLocking.getInstance = function () {\n if (ProcessLocking.instance === undefined) {\n ProcessLocking.instance = new ProcessLocking();\n }\n return ProcessLocking.instance;\n };\n return ProcessLocking;\n}());\nfunction getLock() {\n return ProcessLocking.getInstance();\n}\nexports.default = getLock;\n","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n return new (P || (P = Promise))(function (resolve, reject) {\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }\n step((generator = generator.apply(thisArg, _arguments || [])).next());\n });\n};\nvar __generator = (this && this.__generator) || function (thisArg, body) {\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\n function verb(n) { return function (v) { return step([n, v]); }; }\n function step(op) {\n if (f) throw new TypeError(\"Generator is already executing.\");\n while (_) try {\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\n if (y = 0, t) op = [op[0] & 2, t.value];\n switch (op[0]) {\n case 0: case 1: t = op; break;\n case 4: _.label++; return { value: op[1], done: false };\n case 5: _.label++; y = op[1]; op = [0]; continue;\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\n default:\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\n if (t[2]) _.ops.pop();\n _.trys.pop(); continue;\n }\n op = body.call(thisArg, _);\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\n }\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nvar processLock_1 = require(\"./processLock\");\n/**\n * @author: SuperTokens (https://github.com/supertokens)\n * This library was created as a part of a larger project, SuperTokens(https://supertokens.io) - the best session management solution.\n * You can also check out our other projects on https://github.com/supertokens\n *\n * To contribute to this package visit https://github.com/supertokens/browser-tabs-lock\n * If you face any problems you can file an issue on https://github.com/supertokens/browser-tabs-lock/issues\n *\n * If you have any questions or if you just want to say hi visit https://supertokens.io/discord\n */\n/**\n * @constant\n * @type {string}\n * @default\n * @description All the locks taken by this package will have this as prefix\n*/\nvar LOCK_STORAGE_KEY = 'browser-tabs-lock-key';\n/**\n * @function delay\n * @param {number} milliseconds - How long the delay should be in terms of milliseconds\n * @returns {Promise<void>}\n */\nfunction delay(milliseconds) {\n return new Promise(function (resolve) { return setTimeout(resolve, milliseconds); });\n}\n/**\n * @function generateRandomString\n * @params {number} length - How long the random string should be\n * @returns {string}\n * @description returns random string whose length is equal to the length passed as parameter\n */\nfunction generateRandomString(length) {\n var CHARS = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';\n var randomstring = '';\n for (var i = 0; i < length; i++) {\n var INDEX = Math.floor(Math.random() * CHARS.length);\n randomstring += CHARS[INDEX];\n }\n return randomstring;\n}\n/**\n * @function getLockId\n * @returns {string}\n * @description Generates an id which will be unique for the browser tab\n */\nfunction getLockId() {\n return Date.now().toString() + generateRandomString(15);\n}\nvar SuperTokensLock = /** @class */ (function () {\n function SuperTokensLock() {\n this.acquiredIatSet = new Set();\n this.id = getLockId();\n this.acquireLock = this.acquireLock.bind(this);\n this.releaseLock = this.releaseLock.bind(this);\n this.releaseLock__private__ = this.releaseLock__private__.bind(this);\n this.waitForSomethingToChange = this.waitForSomethingToChange.bind(this);\n this.refreshLockWhileAcquired = this.refreshLockWhileAcquired.bind(this);\n if (SuperTokensLock.waiters === undefined) {\n SuperTokensLock.waiters = [];\n }\n }\n /**\n * @async\n * @memberOf Lock\n * @function acquireLock\n * @param {string} lockKey - Key for which the lock is being acquired\n * @param {number} [timeout=5000] - Maximum time for which the function will wait to acquire the lock\n * @returns {Promise<boolean>}\n * @description Will return true if lock is being acquired, else false.\n * Also the lock can be acquired for maximum 10 secs\n */\n SuperTokensLock.prototype.acquireLock = function (lockKey, timeout) {\n if (timeout === void 0) { timeout = 5000; }\n return __awaiter(this, void 0, void 0, function () {\n var iat, MAX_TIME, STORAGE_KEY, STORAGE, lockObj, TIMEOUT_KEY, lockObjPostDelay;\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0:\n iat = Date.now() + generateRandomString(4);\n MAX_TIME = Date.now() + timeout;\n STORAGE_KEY = LOCK_STORAGE_KEY + \"-\" + lockKey;\n STORAGE = window.localStorage;\n _a.label = 1;\n case 1:\n if (!(Date.now() < MAX_TIME)) return [3 /*break*/, 8];\n return [4 /*yield*/, delay(30)];\n case 2:\n _a.sent();\n lockObj = STORAGE.getItem(STORAGE_KEY);\n if (!(lockObj === null)) return [3 /*break*/, 5];\n TIMEOUT_KEY = this.id + \"-\" + lockKey + \"-\" + iat;\n // there is a problem if setItem happens at the exact same time for 2 different processes.. so we add some random delay here.\n return [4 /*yield*/, delay(Math.floor(Math.random() * 25))];\n case 3:\n // there is a problem if setItem happens at the exact same time for 2 different processes.. so we add some random delay here.\n _a.sent();\n STORAGE.setItem(STORAGE_KEY, JSON.stringify({\n id: this.id,\n iat: iat,\n timeoutKey: TIMEOUT_KEY,\n timeAcquired: Date.now(),\n timeRefreshed: Date.now()\n }));\n return [4 /*yield*/, delay(30)];\n case 4:\n _a.sent(); // this is to prevent race conditions. This time must be more than the time it takes for storage.setItem\n lockObjPostDelay = STORAGE.getItem(STORAGE_KEY);\n if (lockObjPostDelay !== null) {\n lockObjPostDelay = JSON.parse(lockObjPostDelay);\n if (lockObjPostDelay.id === this.id && lockObjPostDelay.iat === iat) {\n this.acquiredIatSet.add(iat);\n this.refreshLockWhileAcquired(STORAGE_KEY, iat);\n return [2 /*return*/, true];\n }\n }\n return [3 /*break*/, 7];\n case 5:\n SuperTokensLock.lockCorrector();\n return [4 /*yield*/, this.waitForSomethingToChange(MAX_TIME)];\n case 6:\n _a.sent();\n _a.label = 7;\n case 7:\n iat = Date.now() + generateRandomString(4);\n return [3 /*break*/, 1];\n case 8: return [2 /*return*/, false];\n }\n });\n });\n };\n SuperTokensLock.prototype.refreshLockWhileAcquired = function (storageKey, iat) {\n return __awaiter(this, void 0, void 0, function () {\n var _this = this;\n return __generator(this, function (_a) {\n setTimeout(function () { return __awaiter(_this, void 0, void 0, function () {\n var STORAGE, lockObj;\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0: return [4 /*yield*/, processLock_1.default().lock(iat)];\n case 1:\n _a.sent();\n if (!this.acquiredIatSet.has(iat)) {\n processLock_1.default().unlock(iat);\n return [2 /*return*/];\n }\n STORAGE = window.localStorage;\n lockObj = STORAGE.getItem(storageKey);\n if (lockObj !== null) {\n lockObj = JSON.parse(lockObj);\n lockObj.timeRefreshed = Date.now();\n STORAGE.setItem(storageKey, JSON.stringify(lockObj));\n processLock_1.default().unlock(iat);\n }\n else {\n processLock_1.default().unlock(iat);\n return [2 /*return*/];\n }\n this.refreshLockWhileAcquired(storageKey, iat);\n return [2 /*return*/];\n }\n });\n }); }, 1000);\n return [2 /*return*/];\n });\n });\n };\n SuperTokensLock.prototype.waitForSomethingToChange = function (MAX_TIME) {\n return __awaiter(this, void 0, void 0, function () {\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0: return [4 /*yield*/, new Promise(function (resolve) {\n var resolvedCalled = false;\n var startedAt = Date.now();\n var MIN_TIME_TO_WAIT = 50; // ms\n var removedListeners = false;\n function stopWaiting() {\n if (!removedListeners) {\n window.removeEventListener('storage', stopWaiting);\n SuperTokensLock.removeFromWaiting(stopWaiting);\n clearTimeout(timeOutId);\n removedListeners = true;\n }\n if (!resolvedCalled) {\n resolvedCalled = true;\n var timeToWait = MIN_TIME_TO_WAIT - (Date.now() - startedAt);\n if (timeToWait > 0) {\n setTimeout(resolve, timeToWait);\n }\n else {\n resolve();\n }\n }\n }\n window.addEventListener('storage', stopWaiting);\n SuperTokensLock.addToWaiting(stopWaiting);\n var timeOutId = setTimeout(stopWaiting, Math.max(0, MAX_TIME - Date.now()));\n })];\n case 1:\n _a.sent();\n return [2 /*return*/];\n }\n });\n });\n };\n SuperTokensLock.addToWaiting = function (func) {\n this.removeFromWaiting(func);\n if (SuperTokensLock.waiters === undefined) {\n return;\n }\n SuperTokensLock.waiters.push(func);\n };\n SuperTokensLock.removeFromWaiting = function (func) {\n if (SuperTokensLock.waiters === undefined) {\n return;\n }\n SuperTokensLock.waiters = SuperTokensLock.waiters.filter(function (i) { return i !== func; });\n };\n SuperTokensLock.notifyWaiters = function () {\n if (SuperTokensLock.waiters === undefined) {\n return;\n }\n var waiters = SuperTokensLock.waiters.slice(); // so that if Lock.waiters is changed it's ok.\n waiters.forEach(function (i) { return i(); });\n };\n /**\n * @function releaseLock\n * @memberOf Lock\n * @param {string} lockKey - Key for which lock is being released\n * @returns {void}\n * @description Release a lock.\n */\n SuperTokensLock.prototype.releaseLock = function (lockKey) {\n return __awaiter(this, void 0, void 0, function () {\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0: return [4 /*yield*/, this.releaseLock__private__(lockKey)];\n case 1: return [2 /*return*/, _a.sent()];\n }\n });\n });\n };\n /**\n * @function releaseLock\n * @memberOf Lock\n * @param {string} lockKey - Key for which lock is being released\n * @returns {void}\n * @description Release a lock.\n */\n SuperTokensLock.prototype.releaseLock__private__ = function (lockKey) {\n return __awaiter(this, void 0, void 0, function () {\n var STORAGE, STORAGE_KEY, lockObj;\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0:\n STORAGE = window.localStorage;\n STORAGE_KEY = LOCK_STORAGE_KEY + \"-\" + lockKey;\n lockObj = STORAGE.getItem(STORAGE_KEY);\n if (lockObj === null) {\n return [2 /*return*/];\n }\n lockObj = JSON.parse(lockObj);\n if (!(lockObj.id === this.id)) return [3 /*break*/, 2];\n return [4 /*yield*/, processLock_1.default().lock(lockObj.iat)];\n case 1:\n _a.sent();\n this.acquiredIatSet.delete(lockObj.iat);\n STORAGE.removeItem(STORAGE_KEY);\n processLock_1.default().unlock(lockObj.iat);\n SuperTokensLock.notifyWaiters();\n _a.label = 2;\n case 2: return [2 /*return*/];\n }\n });\n });\n };\n /**\n * @function lockCorrector\n * @returns {void}\n * @description If a lock is acquired by a tab and the tab is closed before the lock is\n * released, this function will release those locks\n */\n SuperTokensLock.lockCorrector = function () {\n var MIN_ALLOWED_TIME = Date.now() - 5000;\n var STORAGE = window.localStorage;\n var KEYS = Object.keys(STORAGE);\n var notifyWaiters = false;\n for (var i = 0; i < KEYS.length; i++) {\n var LOCK_KEY = KEYS[i];\n if (LOCK_KEY.includes(LOCK_STORAGE_KEY)) {\n var lockObj = STORAGE.getItem(LOCK_KEY);\n if (lockObj !== null) {\n lockObj = JSON.parse(lockObj);\n if ((lockObj.timeRefreshed === undefined && lockObj.timeAcquired < MIN_ALLOWED_TIME) ||\n (lockObj.timeRefreshed !== undefined && lockObj.timeRefreshed < MIN_ALLOWED_TIME)) {\n STORAGE.removeItem(LOCK_KEY);\n notifyWaiters = true;\n }\n }\n }\n }\n if (notifyWaiters) {\n SuperTokensLock.notifyWaiters();\n }\n };\n SuperTokensLock.waiters = undefined;\n return SuperTokensLock;\n}());\nexports.default = SuperTokensLock;\n","export default '2.0.3';\n","import { PopupConfigOptions } from './global';\nimport version from './version';\n\n/**\n * @ignore\n */\nexport const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;\n\n/**\n * @ignore\n */\nexport const DEFAULT_POPUP_CONFIG_OPTIONS: PopupConfigOptions = {\n timeoutInSeconds: DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS\n};\n\n/**\n * @ignore\n */\nexport const DEFAULT_SILENT_TOKEN_RETRY_COUNT = 3;\n\n/**\n * @ignore\n */\nexport const CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;\n\n/**\n * @ignore\n */\nexport const DEFAULT_FETCH_TIMEOUT_MS = 10000;\n\nexport const CACHE_LOCATION_MEMORY = 'memory';\nexport const CACHE_LOCATION_LOCAL_STORAGE = 'localstorage';\n\n/**\n * @ignore\n */\nexport const MISSING_REFRESH_TOKEN_ERROR_MESSAGE = 'Missing Refresh Token';\n\n/**\n * @ignore\n */\nexport const INVALID_REFRESH_TOKEN_ERROR_MESSAGE = 'invalid refresh token';\n\n/**\n * @ignore\n */\nexport const DEFAULT_SCOPE = 'openid profile email';\n\n/**\n * @ignore\n */\nexport const DEFAULT_SESSION_CHECK_EXPIRY_DAYS = 1;\n\n/**\n * @ignore\n */\nexport const DEFAULT_AUTH0_CLIENT = {\n name: 'auth0-spa-js',\n version: version\n};\n\nexport const DEFAULT_NOW_PROVIDER = () => Date.now();\n","/**\n * Thrown when network requests to the Auth server fail.\n */\nexport class GenericError extends Error {\n constructor(public error: string, public error_description: string) {\n super(error_description);\n Object.setPrototypeOf(this, GenericError.prototype);\n }\n\n static fromPayload({\n error,\n error_description\n }: {\n error: string;\n error_description: string;\n }) {\n return new GenericError(error, error_description);\n }\n}\n\n/**\n * Thrown when handling the redirect callback fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class AuthenticationError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, AuthenticationError.prototype);\n }\n}\n\n/**\n * Thrown when silent auth times out (usually due to a configuration issue) or\n * when network requests to the Auth server timeout.\n */\nexport class TimeoutError extends GenericError {\n constructor() {\n super('timeout', 'Timeout');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, TimeoutError.prototype);\n }\n}\n\n/**\n * Error thrown when the login popup times out (if the user does not complete auth)\n */\nexport class PopupTimeoutError extends TimeoutError {\n constructor(public popup: Window) {\n super();\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupTimeoutError.prototype);\n }\n}\n\nexport class PopupCancelledError extends GenericError {\n constructor(public popup: Window) {\n super('cancelled', 'Popup closed');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupCancelledError.prototype);\n }\n}\n\n/**\n * Error thrown when the token exchange results in a `mfa_required` error\n */\nexport class MfaRequiredError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public mfa_token: string\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MfaRequiredError.prototype);\n }\n}\n\n/**\n * Error thrown when there is no refresh token to use\n */\nexport class MissingRefreshTokenError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_refresh_token',\n `Missing Refresh Token (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingRefreshTokenError.prototype);\n }\n}\n\n/**\n * Returns an empty string when value is falsy, or when it's value is included in the exclude argument.\n * @param value The value to check\n * @param exclude An array of values that should result in an empty string.\n * @returns The value, or an empty string when falsy or included in the exclude argument.\n */\nfunction valueOrEmptyString(value: string, exclude: string[] = []) {\n return value && !exclude.includes(value) ? value : '';\n}\n","import { AuthenticationResult, PopupConfigOptions } from './global';\n\nimport {\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n CLEANUP_IFRAME_TIMEOUT_IN_SECONDS\n} from './constants';\n\nimport {\n PopupTimeoutError,\n TimeoutError,\n GenericError,\n PopupCancelledError\n} from './errors';\n\nexport const parseAuthenticationResult = (\n queryString: string\n): AuthenticationResult => {\n if (queryString.indexOf('#') > -1) {\n queryString = queryString.substring(0, queryString.indexOf('#'));\n }\n\n const searchParams = new URLSearchParams(queryString);\n\n return {\n state: searchParams.get('state')!,\n code: searchParams.get('code') || undefined,\n error: searchParams.get('error') || undefined,\n error_description: searchParams.get('error_description') || undefined\n };\n};\n\nexport const runIframe = (\n authorizeUrl: string,\n eventOrigin: string,\n timeoutInSeconds: number = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS\n) => {\n return new Promise<AuthenticationResult>((res, rej) => {\n const iframe = window.document.createElement('iframe');\n\n iframe.setAttribute('width', '0');\n iframe.setAttribute('height', '0');\n iframe.style.display = 'none';\n\n const removeIframe = () => {\n if (window.document.body.contains(iframe)) {\n window.document.body.removeChild(iframe);\n window.removeEventListener('message', iframeEventHandler, false);\n }\n };\n\n let iframeEventHandler: (e: MessageEvent) => void;\n\n const timeoutSetTimeoutId = setTimeout(() => {\n rej(new TimeoutError());\n removeIframe();\n }, timeoutInSeconds * 1000);\n\n iframeEventHandler = function (e: MessageEvent) {\n if (e.origin != eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') return;\n\n const eventSource = e.source;\n\n if (eventSource) {\n (eventSource as any).close();\n }\n\n e.data.response.error\n ? rej(GenericError.fromPayload(e.data.response))\n : res(e.data.response);\n\n clearTimeout(timeoutSetTimeoutId);\n window.removeEventListener('message', iframeEventHandler, false);\n\n // Delay the removal of the iframe to prevent hanging loading status\n // in Chrome: https://github.com/auth0/auth0-spa-js/issues/240\n setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1000);\n };\n\n window.addEventListener('message', iframeEventHandler, false);\n window.document.body.appendChild(iframe);\n iframe.setAttribute('src', authorizeUrl);\n });\n};\n\nexport const openPopup = (url: string) => {\n const width = 400;\n const height = 600;\n const left = window.screenX + (window.innerWidth - width) / 2;\n const top = window.screenY + (window.innerHeight - height) / 2;\n\n return window.open(\n url,\n 'auth0:authorize:popup',\n `left=${left},top=${top},width=${width},height=${height},resizable,scrollbars=yes,status=1`\n );\n};\n\nexport const runPopup = (config: PopupConfigOptions) => {\n return new Promise<AuthenticationResult>((resolve, reject) => {\n let popupEventListener: (e: MessageEvent) => void;\n\n // Check each second if the popup is closed triggering a PopupCancelledError\n const popupTimer = setInterval(() => {\n if (config.popup && config.popup.closed) {\n clearInterval(popupTimer);\n clearTimeout(timeoutId);\n window.removeEventListener('message', popupEventListener, false);\n reject(new PopupCancelledError(config.popup));\n }\n }, 1000);\n\n const timeoutId = setTimeout(() => {\n clearInterval(popupTimer);\n reject(new PopupTimeoutError(config.popup));\n window.removeEventListener('message', popupEventListener, false);\n }, (config.timeoutInSeconds || DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) * 1000);\n\n popupEventListener = function (e: MessageEvent) {\n if (!e.data || e.data.type !== 'authorization_response') {\n return;\n }\n\n clearTimeout(timeoutId);\n clearInterval(popupTimer);\n window.removeEventListener('message', popupEventListener, false);\n config.popup.close();\n\n if (e.data.response.error) {\n return reject(GenericError.fromPayload(e.data.response));\n }\n\n resolve(e.data.response);\n };\n\n window.addEventListener('message', popupEventListener);\n });\n};\n\nexport const getCrypto = () => {\n return window.crypto;\n};\n\nexport const createRandomString = () => {\n const charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';\n let random = '';\n const randomValues = Array.from(\n getCrypto().getRandomValues(new Uint8Array(43))\n );\n randomValues.forEach(v => (random += charset[v % charset.length]));\n return random;\n};\n\nexport const encode = (value: string) => btoa(value);\nexport const decode = (value: string) => atob(value);\n\nconst stripUndefined = (params: any) => {\n return Object.keys(params)\n .filter(k => typeof params[k] !== 'undefined')\n .reduce((acc, key) => ({ ...acc, [key]: params[key] }), {});\n};\n\nexport const createQueryParams = ({ clientId: client_id, ...params }: any) => {\n return new URLSearchParams(\n stripUndefined({ client_id, ...params })\n ).toString();\n};\n\nexport const sha256 = async (s: string) => {\n const digestOp: any = getCrypto().subtle.digest(\n { name: 'SHA-256' },\n new TextEncoder().encode(s)\n );\n\n return await digestOp;\n};\n\nconst urlEncodeB64 = (input: string) => {\n const b64Chars: { [index: string]: string } = { '+': '-', '/': '_', '=': '' };\n return input.replace(/[+/=]/g, (m: string) => b64Chars[m]);\n};\n\n// https://stackoverflow.com/questions/30106476/\nconst decodeB64 = (input: string) =>\n decodeURIComponent(\n atob(input)\n .split('')\n .map(c => {\n return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n })\n .join('')\n );\n\nexport const urlDecodeB64 = (input: string) =>\n decodeB64(input.replace(/_/g, '/').replace(/-/g, '+'));\n\nexport const bufferToBase64UrlEncoded = (input: number[] | Uint8Array) => {\n const ie11SafeInput = new Uint8Array(input);\n return urlEncodeB64(\n window.btoa(String.fromCharCode(...Array.from(ie11SafeInput)))\n );\n};\n\nexport const validateCrypto = () => {\n if (!getCrypto()) {\n throw new Error(\n 'For security reasons, `window.crypto` is required to run `auth0-spa-js`.'\n );\n }\n if (typeof getCrypto().subtle === 'undefined') {\n throw new Error(`\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/master/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n `);\n }\n};\n\n/**\n * @ignore\n */\nexport const getDomain = (domainUrl: string) => {\n if (!/^https?:\\/\\//.test(domainUrl)) {\n return `https://${domainUrl}`;\n }\n\n return domainUrl;\n};\n\n/**\n * @ignore\n */\nexport const getTokenIssuer = (\n issuer: string | undefined,\n domainUrl: string\n) => {\n if (issuer) {\n return issuer.startsWith('https://') ? issuer : `https://${issuer}/`;\n }\n\n return `${domainUrl}/`;\n};\n\nexport const parseNumber = (value: any): number | undefined => {\n if (typeof value !== 'string') {\n return value;\n }\n return parseInt(value, 10) || undefined;\n};\n","import { WorkerRefreshTokenMessage } from './worker.types';\n\n/**\n * Sends the specified message to the web worker\n * @param message The message to send\n * @param to The worker to send the message to\n */\nexport const sendMessage = (message: WorkerRefreshTokenMessage, to: Worker) =>\n new Promise(function (resolve, reject) {\n const messageChannel = new MessageChannel();\n\n messageChannel.port1.onmessage = function (event) {\n // Only for fetch errors, as these get retried\n if (event.data.error) {\n reject(new Error(event.data.error));\n } else {\n resolve(event.data);\n }\n messageChannel.port1.close();\n };\n\n to.postMessage(message, [messageChannel.port2]);\n });\n","import {\n DEFAULT_FETCH_TIMEOUT_MS,\n DEFAULT_SILENT_TOKEN_RETRY_COUNT\n} from './constants';\n\nimport { sendMessage } from './worker/worker.utils';\nimport { FetchOptions } from './global';\nimport { GenericError, MfaRequiredError } from './errors';\n\nexport const createAbortController = () => new AbortController();\n\nconst dofetch = async (fetchUrl: string, fetchOptions: FetchOptions) => {\n const response = await fetch(fetchUrl, fetchOptions);\n\n return {\n ok: response.ok,\n json: await response.json()\n };\n};\n\nconst fetchWithoutWorker = async (\n fetchUrl: string,\n fetchOptions: FetchOptions,\n timeout: number\n) => {\n const controller = createAbortController();\n fetchOptions.signal = controller.signal;\n\n let timeoutId: NodeJS.Timeout;\n\n // The promise will resolve with one of these two promises (the fetch or the timeout), whichever completes first.\n return Promise.race([\n dofetch(fetchUrl, fetchOptions),\n\n new Promise((_, reject) => {\n timeoutId = setTimeout(() => {\n controller.abort();\n reject(new Error(\"Timeout when executing 'fetch'\"));\n }, timeout);\n })\n ]).finally(() => {\n clearTimeout(timeoutId);\n });\n};\n\nconst fetchWithWorker = async (\n fetchUrl: string,\n audience: string,\n scope: string,\n fetchOptions: FetchOptions,\n timeout: number,\n worker: Worker,\n useFormData?: boolean\n) => {\n return sendMessage(\n {\n auth: {\n audience,\n scope\n },\n timeout,\n fetchUrl,\n fetchOptions,\n useFormData\n },\n worker\n );\n};\n\nexport const switchFetch = async (\n fetchUrl: string,\n audience: string,\n scope: string,\n fetchOptions: FetchOptions,\n worker?: Worker,\n useFormData?: boolean,\n timeout = DEFAULT_FETCH_TIMEOUT_MS\n): Promise<any> => {\n if (worker) {\n return fetchWithWorker(\n fetchUrl,\n audience,\n scope,\n fetchOptions,\n timeout,\n worker,\n useFormData\n );\n } else {\n return fetchWithoutWorker(fetchUrl, fetchOptions, timeout);\n }\n};\n\nexport async function getJSON<T>(\n url: string,\n timeout: number | undefined,\n audience: string,\n scope: string,\n options: FetchOptions,\n worker?: Worker,\n useFormData?: boolean\n): Promise<T> {\n let fetchError: null | Error = null;\n let response: any;\n\n for (let i = 0; i < DEFAULT_SILENT_TOKEN_RETRY_COUNT; i++) {\n try {\n response = await switchFetch(\n url,\n audience,\n scope,\n options,\n worker,\n useFormData,\n timeout\n );\n fetchError = null;\n break;\n } catch (e) {\n // Fetch only fails in the case of a network issue, so should be\n // retried here. Failure status (4xx, 5xx, etc) return a resolved Promise\n // with the failure in the body.\n // https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API\n fetchError = e;\n }\n }\n\n if (fetchError) {\n throw fetchError;\n }\n\n const {\n json: { error, error_description, ...data },\n ok\n } = response;\n\n if (!ok) {\n const errorMessage =\n error_description || `HTTP error. Unable to fetch ${url}`;\n\n if (error === 'mfa_required') {\n throw new MfaRequiredError(error, errorMessage, data.mfa_token);\n }\n\n throw new GenericError(error || 'request_error', errorMessage);\n }\n\n return data;\n}\n","import { TokenEndpointOptions, TokenEndpointResponse } from './global';\nimport { DEFAULT_AUTH0_CLIENT } from './constants';\nimport { getJSON } from './http';\nimport { createQueryParams } from './utils';\n\nexport async function oauthToken(\n {\n baseUrl,\n timeout,\n audience,\n scope,\n auth0Client,\n useFormData,\n ...options\n }: TokenEndpointOptions,\n worker?: Worker\n) {\n const body = useFormData\n ? createQueryParams(options)\n : JSON.stringify(options);\n\n return await getJSON<TokenEndpointResponse>(\n `${baseUrl}/oauth/token`,\n timeout,\n audience || 'default',\n scope,\n {\n method: 'POST',\n body,\n headers: {\n 'Content-Type': useFormData\n ? 'application/x-www-form-urlencoded'\n : 'application/json',\n 'Auth0-Client': btoa(\n JSON.stringify(auth0Client || DEFAULT_AUTH0_CLIENT)\n )\n }\n },\n worker,\n useFormData\n );\n}\n","/**\n * @ignore\n */\nconst dedupe = (arr: string[]) => Array.from(new Set(arr));\n\n/**\n * @ignore\n */\nexport const getUniqueScopes = (...scopes: (string | undefined)[]) => {\n return dedupe(scopes.filter(Boolean).join(' ').trim().split(/\\s+/)).join(' ');\n};\n","import { IdToken, User } from '../global';\n\nexport const CACHE_KEY_PREFIX = '@@auth0spajs@@';\nexport const CACHE_KEY_ID_TOKEN_SUFFIX = '@@user@@';\n\nexport type CacheKeyData = {\n audience?: string;\n scope?: string;\n clientId: string;\n};\n\nexport class CacheKey {\n public clientId: string;\n public scope?: string;\n public audience?: string;\n\n constructor(\n data: CacheKeyData,\n public prefix: string = CACHE_KEY_PREFIX,\n public suffix?: string\n ) {\n this.clientId = data.clientId;\n this.scope = data.scope;\n this.audience = data.audience;\n }\n\n /**\n * Converts this `CacheKey` instance into a string for use in a cache\n * @returns A string representation of the key\n */\n toKey(): string {\n return [this.prefix, this.clientId, this.audience, this.scope, this.suffix]\n .filter(Boolean)\n .join('::');\n }\n\n /**\n * Converts a cache key string into a `CacheKey` instance.\n * @param key The key to convert\n * @returns An instance of `CacheKey`\n */\n static fromKey(key: string): CacheKey {\n const [prefix, clientId, audience, scope] = key.split('::');\n\n return new CacheKey({ clientId, scope, audience }, prefix);\n }\n\n /**\n * Utility function to build a `CacheKey` instance from a cache entry\n * @param entry The entry\n * @returns An instance of `CacheKey`\n */\n static fromCacheEntry(entry: CacheEntry): CacheKey {\n const { scope, audience, client_id: clientId } = entry;\n\n return new CacheKey({\n scope,\n audience,\n clientId\n });\n }\n}\n\nexport interface DecodedToken {\n claims: IdToken;\n user: User;\n}\n\nexport interface IdTokenEntry {\n id_token: string;\n decodedToken: DecodedToken;\n}\n\nexport type CacheEntry = {\n id_token?: string;\n access_token: string;\n expires_in: number;\n decodedToken?: DecodedToken;\n audience: string;\n scope: string;\n client_id: string;\n refresh_token?: string;\n oauthTokenScope?: string;\n};\n\nexport type WrappedCacheEntry = {\n body: Partial<CacheEntry>;\n expiresAt: number;\n};\n\nexport type KeyManifestEntry = {\n keys: string[];\n};\n\nexport type Cacheable = WrappedCacheEntry | KeyManifestEntry;\n\nexport type MaybePromise<T> = Promise<T> | T;\n\nexport interface ICache {\n set<T = Cacheable>(key: string, entry: T): MaybePromise<void>;\n get<T = Cacheable>(key: string): MaybePromise<T | undefined>;\n remove(key: string): MaybePromise<void>;\n allKeys?(): MaybePromise<string[]>;\n}\n","import { ICache, Cacheable, CACHE_KEY_PREFIX, MaybePromise } from './shared';\n\nexport class LocalStorageCache implements ICache {\n public set<T = Cacheable>(key: string, entry: T) {\n localStorage.setItem(key, JSON.stringify(entry));\n }\n\n public get<T = Cacheable>(key: string): MaybePromise<T | undefined> {\n const json = window.localStorage.getItem(key);\n\n if (!json) return;\n\n try {\n const payload = JSON.parse(json) as T;\n return payload;\n /* c8 ignore next 3 */\n } catch (e) {\n return;\n }\n }\n\n public remove(key: string) {\n localStorage.removeItem(key);\n }\n\n public allKeys() {\n return Object.keys(window.localStorage).filter(key =>\n key.startsWith(CACHE_KEY_PREFIX)\n );\n }\n}\n","import { Cacheable, ICache, MaybePromise } from './shared';\n\nexport class InMemoryCache {\n public enclosedCache: ICache = (function () {\n let cache: Record<string, unknown> = {};\n\n return {\n set<T = Cacheable>(key: string, entry: T) {\n cache[key] = entry;\n },\n\n get<T = Cacheable>(key: string): MaybePromise<T | undefined> {\n const cacheEntry = cache[key] as T;\n\n if (!cacheEntry) {\n return;\n }\n\n return cacheEntry;\n },\n\n remove(key: string) {\n delete cache[key];\n },\n\n allKeys(): string[] {\n return Object.keys(cache);\n }\n };\n })();\n}\n","import { DEFAULT_NOW_PROVIDER } from '../constants';\nimport { CacheKeyManifest } from './key-manifest';\n\nimport {\n CacheEntry,\n ICache,\n CacheKey,\n CACHE_KEY_PREFIX,\n WrappedCacheEntry,\n DecodedToken,\n CACHE_KEY_ID_TOKEN_SUFFIX,\n IdTokenEntry\n} from './shared';\n\nconst DEFAULT_EXPIRY_ADJUSTMENT_SECONDS = 0;\n\nexport class CacheManager {\n private nowProvider: () => number | Promise<number>;\n\n constructor(\n private cache: ICache,\n private keyManifest?: CacheKeyManifest,\n nowProvider?: () => number | Promise<number>\n ) {\n this.nowProvider = nowProvider || DEFAULT_NOW_PROVIDER;\n }\n\n async setIdToken(\n clientId: string,\n idToken: string,\n decodedToken: DecodedToken\n ): Promise<void> {\n const cacheKey = this.getIdTokenCacheKey(clientId);\n await this.cache.set(cacheKey, {\n id_token: idToken,\n decodedToken\n });\n await this.keyManifest?.add(cacheKey);\n }\n\n async getIdToken(cacheKey: CacheKey): Promise<IdTokenEntry | undefined> {\n const entry = await this.cache.get<IdTokenEntry>(\n this.getIdTokenCacheKey(cacheKey.clientId)\n );\n\n if (!entry && cacheKey.scope && cacheKey.audience) {\n const entryByScope = await this.get(cacheKey);\n\n if (!entryByScope) {\n return;\n }\n\n if (!entryByScope.id_token || !entryByScope.decodedToken) {\n return;\n }\n\n return {\n id_token: entryByScope.id_token,\n decodedToken: entryByScope.decodedToken\n };\n }\n\n if (!entry) {\n return;\n }\n\n return { id_token: entry.id_token, decodedToken: entry.decodedToken };\n }\n\n async get(\n cacheKey: CacheKey,\n expiryAdjustmentSeconds = DEFAULT_EXPIRY_ADJUSTMENT_SECONDS\n ): Promise<Partial<CacheEntry> | undefined> {\n let wrappedEntry = await this.cache.get<WrappedCacheEntry>(\n cacheKey.toKey()\n );\n\n if (!wrappedEntry) {\n const keys = await this.getCacheKeys();\n\n if (!keys) return;\n\n const matchedKey = this.matchExistingCacheKey(cacheKey, keys);\n\n if (matchedKey) {\n wrappedEntry = await this.cache.get<WrappedCacheEntry>(matchedKey);\n }\n }\n\n // If we still don't have an entry, exit.\n if (!wrappedEntry) {\n return;\n }\n\n const now = await this.nowProvider();\n const nowSeconds = Math.floor(now / 1000);\n\n if (wrappedEntry.expiresAt - expiryAdjustmentSeconds < nowSeconds) {\n if (wrappedEntry.body.refresh_token) {\n wrappedEntry.body = {\n refresh_token: wrappedEntry.body.refresh_token\n };\n\n await this.cache.set(cacheKey.toKey(), wrappedEntry);\n return wrappedEntry.body;\n }\n\n await this.cache.remove(cacheKey.toKey());\n await this.keyManifest?.remove(cacheKey.toKey());\n\n return;\n }\n\n return wrappedEntry.body;\n }\n\n async set(entry: CacheEntry): Promise<void> {\n const cacheKey = new CacheKey({\n clientId: entry.client_id,\n scope: entry.scope,\n audience: entry.audience\n });\n\n const wrappedEntry = await this.wrapCacheEntry(entry);\n\n await this.cache.set(cacheKey.toKey(), wrappedEntry);\n await this.keyManifest?.add(cacheKey.toKey());\n }\n\n async clear(clientId?: string): Promise<void> {\n const keys = await this.getCacheKeys();\n\n /* c8 ignore next */\n if (!keys) return;\n\n await keys\n .filter(key => (clientId ? key.includes(clientId) : true))\n .reduce(async (memo, key) => {\n await memo;\n await this.cache.remove(key);\n }, Promise.resolve());\n\n await this.keyManifest?.clear();\n }\n\n private async wrapCacheEntry(entry: CacheEntry): Promise<WrappedCacheEntry> {\n const now = await this.nowProvider();\n const expiresInTime = Math.floor(now / 1000) + entry.expires_in;\n\n return {\n body: entry,\n expiresAt: expiresInTime\n };\n }\n\n private async getCacheKeys(): Promise<string[] | undefined> {\n if (this.keyManifest) {\n return (await this.keyManifest.get())?.keys;\n } else if (this.cache.allKeys) {\n return this.cache.allKeys();\n }\n }\n\n /**\n * Returns the cache key to be used to store the id token\n * @param clientId The client id used to link to the id token\n * @returns The constructed cache key, as a string, to store the id token\n */\n private getIdTokenCacheKey(clientId: string) {\n return new CacheKey(\n { clientId },\n CACHE_KEY_PREFIX,\n CACHE_KEY_ID_TOKEN_SUFFIX\n ).toKey();\n }\n\n /**\n * Finds the corresponding key in the cache based on the provided cache key.\n * The keys inside the cache are in the format {prefix}::{clientId}::{audience}::{scope}.\n * The first key in the cache that satisfies the following conditions is returned\n * - `prefix` is strict equal to Auth0's internally configured `keyPrefix`\n * - `clientId` is strict equal to the `cacheKey.clientId`\n * - `audience` is strict equal to the `cacheKey.audience`\n * - `scope` contains at least all the `cacheKey.scope` values\n * *\n * @param keyToMatch The provided cache key\n * @param allKeys A list of existing cache keys\n */\n private matchExistingCacheKey(keyToMatch: CacheKey, allKeys: Array<string>) {\n return allKeys.filter(key => {\n const cacheKey = CacheKey.fromKey(key);\n const scopeSet = new Set(cacheKey.scope && cacheKey.scope.split(' '));\n const scopesToMatch = keyToMatch.scope?.split(' ') || [];\n\n const hasAllScopes =\n cacheKey.scope &&\n scopesToMatch.reduce(\n (acc, current) => acc && scopeSet.has(current),\n true\n );\n\n return (\n cacheKey.prefix === CACHE_KEY_PREFIX &&\n cacheKey.clientId === keyToMatch.clientId &&\n cacheKey.audience === keyToMatch.audience &&\n hasAllScopes\n );\n })[0];\n }\n}\n","import { ClientStorage } from './storage';\n\nconst TRANSACTION_STORAGE_KEY_PREFIX = 'a0.spajs.txs';\n\ninterface Transaction {\n nonce: string;\n scope: string;\n audience: string;\n appState?: any;\n code_verifier: string;\n redirect_uri?: string;\n organizationId?: string;\n state?: string;\n}\n\nexport class TransactionManager {\n private transaction: Transaction | undefined;\n private storageKey: string;\n\n constructor(private storage: ClientStorage, private clientId: string) {\n this.storageKey = `${TRANSACTION_STORAGE_KEY_PREFIX}.${this.clientId}`;\n this.transaction = this.storage.get(this.storageKey);\n }\n\n public create(transaction: Transaction) {\n this.transaction = transaction;\n\n this.storage.save(this.storageKey, transaction, {\n daysUntilExpire: 1\n });\n }\n\n public get(): Transaction | undefined {\n return this.transaction;\n }\n\n public remove() {\n delete this.transaction;\n this.storage.remove(this.storageKey);\n }\n}\n","import { urlDecodeB64 } from './utils';\nimport { IdToken, JWTVerifyOptions } from './global';\n\nconst isNumber = (n: any) => typeof n === 'number';\n\nconst idTokendecoded = [\n 'iss',\n 'aud',\n 'exp',\n 'nbf',\n 'iat',\n 'jti',\n 'azp',\n 'nonce',\n 'auth_time',\n 'at_hash',\n 'c_hash',\n 'acr',\n 'amr',\n 'sub_jwk',\n 'cnf',\n 'sip_from_tag',\n 'sip_date',\n 'sip_callid',\n 'sip_cseq_num',\n 'sip_via_branch',\n 'orig',\n 'dest',\n 'mky',\n 'events',\n 'toe',\n 'txn',\n 'rph',\n 'sid',\n 'vot',\n 'vtm'\n];\n\nexport const decode = (token: string) => {\n const parts = token.split('.');\n const [header, payload, signature] = parts;\n\n if (parts.length !== 3 || !header || !payload || !signature) {\n throw new Error('ID token could not be decoded');\n }\n const payloadJSON = JSON.parse(urlDecodeB64(payload));\n const claims: IdToken = { __raw: token };\n const user: any = {};\n Object.keys(payloadJSON).forEach(k => {\n claims[k] = payloadJSON[k];\n if (!idTokendecoded.includes(k)) {\n user[k] = payloadJSON[k];\n }\n });\n return {\n encoded: { header, payload, signature },\n header: JSON.parse(urlDecodeB64(header)),\n claims,\n user\n };\n};\n\nexport const verify = (options: JWTVerifyOptions) => {\n if (!options.id_token) {\n throw new Error('ID token is required but missing');\n }\n\n const decoded = decode(options.id_token);\n\n if (!decoded.claims.iss) {\n throw new Error(\n 'Issuer (iss) claim must be a string present in the ID token'\n );\n }\n\n if (decoded.claims.iss !== options.iss) {\n throw new Error(\n `Issuer (iss) claim mismatch in the ID token; expected \"${options.iss}\", found \"${decoded.claims.iss}\"`\n );\n }\n\n if (!decoded.user.sub) {\n throw new Error(\n 'Subject (sub) claim must be a string present in the ID token'\n );\n }\n\n if (decoded.header.alg !== 'RS256') {\n throw new Error(\n `Signature algorithm of \"${decoded.header.alg}\" is not supported. Expected the ID token to be signed with \"RS256\".`\n );\n }\n\n if (\n !decoded.claims.aud ||\n !(\n typeof decoded.claims.aud === 'string' ||\n Array.isArray(decoded.claims.aud)\n )\n ) {\n throw new Error(\n 'Audience (aud) claim must be a string or array of strings present in the ID token'\n );\n }\n if (Array.isArray(decoded.claims.aud)) {\n if (!decoded.claims.aud.includes(options.aud)) {\n throw new Error(\n `Audience (aud) claim mismatch in the ID token; expected \"${\n options.aud\n }\" but was not one of \"${decoded.claims.aud.join(', ')}\"`\n );\n }\n if (decoded.claims.aud.length > 1) {\n if (!decoded.claims.azp) {\n throw new Error(\n 'Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values'\n );\n }\n if (decoded.claims.azp !== options.aud) {\n throw new Error(\n `Authorized Party (azp) claim mismatch in the ID token; expected \"${options.aud}\", found \"${decoded.claims.azp}\"`\n );\n }\n }\n } else if (decoded.claims.aud !== options.aud) {\n throw new Error(\n `Audience (aud) claim mismatch in the ID token; expected \"${options.aud}\" but found \"${decoded.claims.aud}\"`\n );\n }\n if (options.nonce) {\n if (!decoded.claims.nonce) {\n throw new Error(\n 'Nonce (nonce) claim must be a string present in the ID token'\n );\n }\n if (decoded.claims.nonce !== options.nonce) {\n throw new Error(\n `Nonce (nonce) claim mismatch in the ID token; expected \"${options.nonce}\", found \"${decoded.claims.nonce}\"`\n );\n }\n }\n\n if (options.max_age && !isNumber(decoded.claims.auth_time)) {\n throw new Error(\n 'Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified'\n );\n }\n\n /* c8 ignore next 5 */\n if (decoded.claims.exp == null || !isNumber(decoded.claims.exp)) {\n throw new Error(\n 'Expiration Time (exp) claim must be a number present in the ID token'\n );\n }\n if (!isNumber(decoded.claims.iat)) {\n throw new Error(\n 'Issued At (iat) claim must be a number present in the ID token'\n );\n }\n\n const leeway = options.leeway || 60;\n const now = new Date(options.now || Date.now());\n const expDate = new Date(0);\n\n expDate.setUTCSeconds(decoded.claims.exp + leeway);\n\n if (now > expDate) {\n throw new Error(\n `Expiration Time (exp) claim error in the ID token; current time (${now}) is after expiration time (${expDate})`\n );\n }\n\n if (decoded.claims.nbf != null && isNumber(decoded.claims.nbf)) {\n const nbfDate = new Date(0);\n nbfDate.setUTCSeconds(decoded.claims.nbf - leeway);\n if (now < nbfDate) {\n throw new Error(\n `Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${now}) is before ${nbfDate}`\n );\n }\n }\n\n if (decoded.claims.auth_time != null && isNumber(decoded.claims.auth_time)) {\n const authTimeDate = new Date(0);\n authTimeDate.setUTCSeconds(\n parseInt(decoded.claims.auth_time) + (options.max_age as number) + leeway\n );\n\n if (now > authTimeDate) {\n throw new Error(\n `Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${now}) is after last auth at ${authTimeDate}`\n );\n }\n }\n\n if (options.organizationId) {\n if (!decoded.claims.org_id) {\n throw new Error(\n 'Organization ID (org_id) claim must be a string present in the ID token'\n );\n } else if (options.organizationId !== decoded.claims.org_id) {\n throw new Error(\n `Organization ID (org_id) claim mismatch in the ID token; expected \"${options.organizationId}\", found \"${decoded.claims.org_id}\"`\n );\n }\n }\n\n return decoded;\n};\n","\"use strict\";\r\nvar __assign = (this && this.__assign) || function () {\r\n __assign = Object.assign || function(t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))\r\n t[p] = s[p];\r\n }\r\n return t;\r\n };\r\n return __assign.apply(this, arguments);\r\n};\r\nexports.__esModule = true;\r\nfunction stringifyAttribute(name, value) {\r\n if (!value) {\r\n return '';\r\n }\r\n var stringified = '; ' + name;\r\n if (value === true) {\r\n return stringified; // boolean attributes shouldn't have a value\r\n }\r\n return stringified + '=' + value;\r\n}\r\nfunction stringifyAttributes(attributes) {\r\n if (typeof attributes.expires === 'number') {\r\n var expires = new Date();\r\n expires.setMilliseconds(expires.getMilliseconds() + attributes.expires * 864e+5);\r\n attributes.expires = expires;\r\n }\r\n return stringifyAttribute('Expires', attributes.expires ? attributes.expires.toUTCString() : '')\r\n + stringifyAttribute('Domain', attributes.domain)\r\n + stringifyAttribute('Path', attributes.path)\r\n + stringifyAttribute('Secure', attributes.secure)\r\n + stringifyAttribute('SameSite', attributes.sameSite);\r\n}\r\nfunction encode(name, value, attributes) {\r\n return encodeURIComponent(name)\r\n .replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent) // allowed special characters\r\n .replace(/\\(/g, '%28').replace(/\\)/g, '%29') // replace opening and closing parens\r\n + '=' + encodeURIComponent(value)\r\n // allowed special characters\r\n .replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent)\r\n + stringifyAttributes(attributes);\r\n}\r\nexports.encode = encode;\r\nfunction parse(cookieString) {\r\n var result = {};\r\n var cookies = cookieString ? cookieString.split('; ') : [];\r\n var rdecode = /(%[\\dA-F]{2})+/gi;\r\n for (var i = 0; i < cookies.length; i++) {\r\n var parts = cookies[i].split('=');\r\n var cookie = parts.slice(1).join('=');\r\n if (cookie.charAt(0) === '\"') {\r\n cookie = cookie.slice(1, -1);\r\n }\r\n try {\r\n var name_1 = parts[0].replace(rdecode, decodeURIComponent);\r\n result[name_1] = cookie.replace(rdecode, decodeURIComponent);\r\n }\r\n catch (e) {\r\n // ignore cookies with invalid name/value encoding\r\n }\r\n }\r\n return result;\r\n}\r\nexports.parse = parse;\r\nfunction getAll() {\r\n return parse(document.cookie);\r\n}\r\nexports.getAll = getAll;\r\nfunction get(name) {\r\n return getAll()[name];\r\n}\r\nexports.get = get;\r\nfunction set(name, value, attributes) {\r\n document.cookie = encode(name, value, __assign({ path: '/' }, attributes));\r\n}\r\nexports.set = set;\r\nfunction remove(name, attributes) {\r\n set(name, '', __assign(__assign({}, attributes), { expires: -1 }));\r\n}\r\nexports.remove = remove;\r\n","import * as Cookies from 'es-cookie';\n\ninterface ClientStorageOptions {\n daysUntilExpire?: number;\n cookieDomain?: string;\n}\n\n/**\n * Defines a type that handles storage to/from a storage location\n */\nexport type ClientStorage = {\n get<T extends Object>(key: string): T | undefined;\n save(key: string, value: any, options?: ClientStorageOptions): void;\n remove(key: string, options?: ClientStorageOptions): void;\n};\n\n/**\n * A storage protocol for marshalling data to/from cookies\n */\nexport const CookieStorage = {\n get<T extends Object>(key: string) {\n const value = Cookies.get(key);\n\n if (typeof value === 'undefined') {\n return;\n }\n\n return <T>JSON.parse(value);\n },\n\n save(key: string, value: any, options?: ClientStorageOptions): void {\n let cookieAttributes: Cookies.CookieAttributes = {};\n\n if ('https:' === window.location.protocol) {\n cookieAttributes = {\n secure: true,\n sameSite: 'none'\n };\n }\n\n if (options?.daysUntilExpire) {\n cookieAttributes.expires = options.daysUntilExpire;\n }\n\n if (options?.cookieDomain) {\n cookieAttributes.domain = options.cookieDomain;\n }\n\n Cookies.set(key, JSON.stringify(value), cookieAttributes);\n },\n\n remove(key: string, options?: ClientStorageOptions) {\n let cookieAttributes: Cookies.CookieAttributes = {};\n\n if (options?.cookieDomain) {\n cookieAttributes.domain = options.cookieDomain;\n }\n\n Cookies.remove(key, cookieAttributes);\n }\n} as ClientStorage;\n\n/**\n * @ignore\n */\nconst LEGACY_PREFIX = '_legacy_';\n\n/**\n * Cookie storage that creates a cookie for modern and legacy browsers.\n * See: https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients\n */\nexport const CookieStorageWithLegacySameSite = {\n get<T extends Object>(key: string) {\n const value = CookieStorage.get<T>(key);\n\n if (value) {\n return value;\n }\n\n return CookieStorage.get<T>(`${LEGACY_PREFIX}${key}`);\n },\n\n save(key: string, value: any, options?: ClientStorageOptions): void {\n let cookieAttributes: Cookies.CookieAttributes = {};\n\n if ('https:' === window.location.protocol) {\n cookieAttributes = { secure: true };\n }\n\n if (options?.daysUntilExpire) {\n cookieAttributes.expires = options.daysUntilExpire;\n }\n\n if (options?.cookieDomain) {\n cookieAttributes.domain = options.cookieDomain;\n }\n\n Cookies.set(\n `${LEGACY_PREFIX}${key}`,\n JSON.stringify(value),\n cookieAttributes\n );\n CookieStorage.save(key, value, options);\n },\n\n remove(key: string, options?: ClientStorageOptions) {\n let cookieAttributes: Cookies.CookieAttributes = {};\n\n if (options?.cookieDomain) {\n cookieAttributes.domain = options.cookieDomain;\n }\n\n Cookies.remove(key, cookieAttributes);\n CookieStorage.remove(key, options);\n CookieStorage.remove(`${LEGACY_PREFIX}${key}`, options);\n }\n} as ClientStorage;\n\n/**\n * A storage protocol for marshalling data to/from session storage\n */\nexport const SessionStorage = {\n get<T extends Object>(key: string) {\n /* c8 ignore next 3 */\n if (typeof sessionStorage === 'undefined') {\n return;\n }\n\n const value = sessionStorage.getItem(key);\n\n if (value == null) {\n return;\n }\n\n return <T>JSON.parse(value);\n },\n\n save(key: string, value: any): void {\n sessionStorage.setItem(key, JSON.stringify(value));\n },\n\n remove(key: string) {\n sessionStorage.removeItem(key);\n }\n} as ClientStorage;\n","const singlePromiseMap: Record<string, Promise<any>> = {};\n\nexport const singlePromise = <T>(\n cb: () => Promise<T>,\n key: string\n): Promise<T> => {\n let promise: null | Promise<T> = singlePromiseMap[key];\n if (!promise) {\n promise = cb().finally(() => {\n delete singlePromiseMap[key];\n promise = null;\n });\n singlePromiseMap[key] = promise;\n }\n return promise;\n};\n\nexport const retryPromise = async (\n cb: () => Promise<boolean>,\n maxNumberOfRetries = 3\n) => {\n for (let i = 0; i < maxNumberOfRetries; i++) {\n if (await cb()) {\n return true;\n }\n }\n\n return false;\n};\n","import {\n CACHE_KEY_PREFIX,\n ICache,\n KeyManifestEntry,\n MaybePromise\n} from './shared';\n\nexport class CacheKeyManifest {\n private readonly manifestKey: string;\n\n constructor(private cache: ICache, private clientId: string) {\n this.manifestKey = this.createManifestKeyFrom(this.clientId);\n }\n\n async add(key: string): Promise<void> {\n const keys = new Set(\n (await this.cache.get<KeyManifestEntry>(this.manifestKey))?.keys || []\n );\n\n keys.add(key);\n\n await this.cache.set<KeyManifestEntry>(this.manifestKey, {\n keys: [...keys]\n });\n }\n\n async remove(key: string): Promise<void> {\n const entry = await this.cache.get<KeyManifestEntry>(this.manifestKey);\n\n if (entry) {\n const keys = new Set(entry.keys);\n keys.delete(key);\n\n if (keys.size > 0) {\n return await this.cache.set(this.manifestKey, { keys: [...keys] });\n }\n\n return await this.cache.remove(this.manifestKey);\n }\n }\n\n get(): MaybePromise<KeyManifestEntry | undefined> {\n return this.cache.get<KeyManifestEntry>(this.manifestKey);\n }\n\n clear(): MaybePromise<void> {\n return this.cache.remove(this.manifestKey);\n }\n\n private createManifestKeyFrom(clientId: string): string {\n return `${CACHE_KEY_PREFIX}::${clientId}`;\n }\n}\n","import { ICache, InMemoryCache, LocalStorageCache } from './cache';\nimport {\n Auth0ClientOptions,\n AuthorizationParams,\n AuthorizeOptions,\n LogoutOptions\n} from './global';\nimport { getUniqueScopes } from './scope';\n\n/**\n * @ignore\n */\nexport const GET_TOKEN_SILENTLY_LOCK_KEY = 'auth0.lock.getTokenSilently';\n\n/**\n * @ignore\n */\nexport const buildOrganizationHintCookieName = (clientId: string) =>\n `auth0.${clientId}.organization_hint`;\n\n/**\n * @ignore\n */\nexport const OLD_IS_AUTHENTICATED_COOKIE_NAME = 'auth0.is.authenticated';\n\n/**\n * @ignore\n */\nexport const buildIsAuthenticatedCookieName = (clientId: string) =>\n `auth0.${clientId}.is.authenticated`;\n\n/**\n * @ignore\n */\nconst cacheLocationBuilders: Record<string, () => ICache> = {\n memory: () => new InMemoryCache().enclosedCache,\n localstorage: () => new LocalStorageCache()\n};\n\n/**\n * @ignore\n */\nexport const cacheFactory = (location: string) => {\n return cacheLocationBuilders[location];\n};\n\n/**\n * @ignore\n */\nexport const getAuthorizeParams = (\n clientOptions: Auth0ClientOptions & {\n authorizationParams: AuthorizationParams;\n },\n scope: string,\n authorizationParams: AuthorizationParams,\n state: string,\n nonce: string,\n code_challenge: string,\n redirect_uri: string | undefined,\n response_mode: string | undefined\n): AuthorizeOptions => {\n return {\n client_id: clientOptions.clientId,\n ...clientOptions.authorizationParams,\n ...authorizationParams,\n scope: getUniqueScopes(scope, authorizationParams.scope),\n response_type: 'code',\n response_mode: response_mode || 'query',\n state,\n nonce,\n redirect_uri:\n redirect_uri || clientOptions.authorizationParams.redirect_uri,\n code_challenge,\n code_challenge_method: 'S256'\n };\n};\n\n/**\n * @ignore\n *\n * Function used to provide support for the deprecated onRedirect through openUrl.\n */\nexport const patchOpenUrlWithOnRedirect = <\n T extends Pick<LogoutOptions, 'openUrl' | 'onRedirect'>\n>(\n options: T\n) => {\n const { openUrl, onRedirect, ...originalOptions } = options;\n\n const result = {\n ...originalOptions,\n openUrl: openUrl === false || openUrl ? openUrl : onRedirect\n };\n\n return result as T;\n};\n","import Lock from 'browser-tabs-lock';\n\nimport {\n createQueryParams,\n runPopup,\n parseAuthenticationResult,\n encode,\n createRandomString,\n runIframe,\n sha256,\n bufferToBase64UrlEncoded,\n validateCrypto,\n openPopup,\n getDomain,\n getTokenIssuer,\n parseNumber\n} from './utils';\n\nimport { oauthToken } from './api';\n\nimport { getUniqueScopes } from './scope';\n\nimport {\n InMemoryCache,\n ICache,\n CacheKey,\n CacheManager,\n CacheEntry,\n IdTokenEntry,\n CACHE_KEY_ID_TOKEN_SUFFIX,\n DecodedToken\n} from './cache';\n\nimport { TransactionManager } from './transaction-manager';\nimport { verify as verifyIdToken } from './jwt';\nimport {\n AuthenticationError,\n GenericError,\n MissingRefreshTokenError,\n TimeoutError\n} from './errors';\n\nimport {\n ClientStorage,\n CookieStorage,\n CookieStorageWithLegacySameSite,\n SessionStorage\n} from './storage';\n\nimport {\n CACHE_LOCATION_MEMORY,\n DEFAULT_POPUP_CONFIG_OPTIONS,\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n MISSING_REFRESH_TOKEN_ERROR_MESSAGE,\n DEFAULT_SCOPE,\n DEFAULT_SESSION_CHECK_EXPIRY_DAYS,\n DEFAULT_AUTH0_CLIENT,\n INVALID_REFRESH_TOKEN_ERROR_MESSAGE,\n DEFAULT_NOW_PROVIDER,\n DEFAULT_FETCH_TIMEOUT_MS\n} from './constants';\n\nimport {\n Auth0ClientOptions,\n AuthorizationParams,\n AuthorizeOptions,\n RedirectLoginOptions,\n PopupLoginOptions,\n PopupConfigOptions,\n RedirectLoginResult,\n GetTokenSilentlyOptions,\n GetTokenWithPopupOptions,\n LogoutOptions,\n CacheLocation,\n LogoutUrlOptions,\n User,\n IdToken,\n GetTokenSilentlyVerboseResponse,\n TokenEndpointResponse\n} from './global';\n\n// @ts-ignore\nimport TokenWorker from './worker/token.worker.ts';\nimport { singlePromise, retryPromise } from './promise-utils';\nimport { CacheKeyManifest } from './cache/key-manifest';\nimport {\n buildIsAuthenticatedCookieName,\n buildOrganizationHintCookieName,\n cacheFactory,\n getAuthorizeParams,\n GET_TOKEN_SILENTLY_LOCK_KEY,\n OLD_IS_AUTHENTICATED_COOKIE_NAME,\n patchOpenUrlWithOnRedirect\n} from './Auth0Client.utils';\n\n/**\n * @ignore\n */\ntype GetTokenSilentlyResult = TokenEndpointResponse & {\n decodedToken: ReturnType<typeof verifyIdToken>;\n scope: string;\n oauthTokenScope?: string;\n audience: string;\n};\n\n/**\n * @ignore\n */\nconst lock = new Lock();\n\n/**\n * Auth0 SDK for Single Page Applications using [Authorization Code Grant Flow with PKCE](https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce).\n */\nexport class Auth0Client {\n private readonly transactionManager: TransactionManager;\n private readonly cacheManager: CacheManager;\n private readonly domainUrl: string;\n private readonly tokenIssuer: string;\n private readonly scope: string;\n private readonly cookieStorage: ClientStorage;\n private readonly sessionCheckExpiryDays: number;\n private readonly orgHintCookieName: string;\n private readonly isAuthenticatedCookieName: string;\n private readonly nowProvider: () => number | Promise<number>;\n private readonly httpTimeoutMs: number;\n private readonly options: Auth0ClientOptions & {\n authorizationParams: AuthorizationParams;\n };\n private readonly userCache: ICache = new InMemoryCache().enclosedCache;\n\n private worker?: Worker;\n\n private readonly defaultOptions: Partial<Auth0ClientOptions> = {\n authorizationParams: {\n scope: DEFAULT_SCOPE\n },\n useRefreshTokensFallback: false,\n useFormData: true\n };\n\n constructor(options: Auth0ClientOptions) {\n this.options = {\n ...this.defaultOptions,\n ...options,\n authorizationParams: {\n ...this.defaultOptions.authorizationParams,\n ...options.authorizationParams\n }\n };\n\n typeof window !== 'undefined' && validateCrypto();\n\n if (options.cache && options.cacheLocation) {\n console.warn(\n 'Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`.'\n );\n }\n\n let cacheLocation: CacheLocation | undefined;\n let cache: ICache;\n\n if (options.cache) {\n cache = options.cache;\n } else {\n cacheLocation = options.cacheLocation || CACHE_LOCATION_MEMORY;\n\n if (!cacheFactory(cacheLocation)) {\n throw new Error(`Invalid cache location \"${cacheLocation}\"`);\n }\n\n cache = cacheFactory(cacheLocation)();\n }\n\n this.httpTimeoutMs = options.httpTimeoutInSeconds\n ? options.httpTimeoutInSeconds * 1000\n : DEFAULT_FETCH_TIMEOUT_MS;\n\n this.cookieStorage =\n options.legacySameSiteCookie === false\n ? CookieStorage\n : CookieStorageWithLegacySameSite;\n\n this.orgHintCookieName = buildOrganizationHintCookieName(\n this.options.clientId\n );\n\n this.isAuthenticatedCookieName = buildIsAuthenticatedCookieName(\n this.options.clientId\n );\n\n this.sessionCheckExpiryDays =\n options.sessionCheckExpiryDays || DEFAULT_SESSION_CHECK_EXPIRY_DAYS;\n\n const transactionStorage = options.useCookiesForTransactions\n ? this.cookieStorage\n : SessionStorage;\n\n // Construct the scopes based on the following:\n // 1. Always include `openid`\n // 2. Include the scopes provided in `authorizationParams. This defaults to `profile email`\n // 3. Add `offline_access` if `useRefreshTokens` is enabled\n this.scope = getUniqueScopes(\n 'openid',\n this.options.authorizationParams.scope,\n this.options.useRefreshTokens ? 'offline_access' : ''\n );\n\n this.transactionManager = new TransactionManager(\n transactionStorage,\n this.options.clientId\n );\n\n this.nowProvider = this.options.nowProvider || DEFAULT_NOW_PROVIDER;\n\n this.cacheManager = new CacheManager(\n cache,\n !cache.allKeys\n ? new CacheKeyManifest(cache, this.options.clientId)\n : undefined,\n this.nowProvider\n );\n\n this.domainUrl = getDomain(this.options.domain);\n this.tokenIssuer = getTokenIssuer(this.options.issuer, this.domainUrl);\n\n // Don't use web workers unless using refresh tokens in memory\n if (\n typeof window !== 'undefined' &&\n window.Worker &&\n this.options.useRefreshTokens &&\n cacheLocation === CACHE_LOCATION_MEMORY\n ) {\n this.worker = new TokenWorker();\n }\n }\n\n private _url(path: string) {\n const auth0Client = encodeURIComponent(\n btoa(JSON.stringify(this.options.auth0Client || DEFAULT_AUTH0_CLIENT))\n );\n return `${this.domainUrl}${path}&auth0Client=${auth0Client}`;\n }\n\n private _authorizeUrl(authorizeOptions: AuthorizeOptions) {\n return this._url(`/authorize?${createQueryParams(authorizeOptions)}`);\n }\n\n private async _verifyIdToken(\n id_token: string,\n nonce?: string,\n organizationId?: string\n ) {\n const now = await this.nowProvider();\n\n return verifyIdToken({\n iss: this.tokenIssuer,\n aud: this.options.clientId,\n id_token,\n nonce,\n organizationId,\n leeway: this.options.leeway,\n max_age: parseNumber(this.options.authorizationParams.max_age),\n now\n });\n }\n\n private _processOrgIdHint(organizationId?: string) {\n if (organizationId) {\n this.cookieStorage.save(this.orgHintCookieName, organizationId, {\n daysUntilExpire: this.sessionCheckExpiryDays,\n cookieDomain: this.options.cookieDomain\n });\n } else {\n this.cookieStorage.remove(this.orgHintCookieName, {\n cookieDomain: this.options.cookieDomain\n });\n }\n }\n\n private async _prepareAuthorizeUrl(\n authorizationParams: AuthorizationParams,\n authorizeOptions?: Partial<AuthorizeOptions>,\n fallbackRedirectUri?: string\n ): Promise<{\n scope: string;\n audience: string;\n redirect_uri?: string;\n nonce: string;\n code_verifier: string;\n state: string;\n url: string;\n }> {\n const state = encode(createRandomString());\n const nonce = encode(createRandomString());\n const code_verifier = createRandomString();\n const code_challengeBuffer = await sha256(code_verifier);\n const code_challenge = bufferToBase64UrlEncoded(code_challengeBuffer);\n\n const params = getAuthorizeParams(\n this.options,\n this.scope,\n authorizationParams,\n state,\n nonce,\n code_challenge,\n authorizationParams.redirect_uri ||\n this.options.authorizationParams.redirect_uri ||\n fallbackRedirectUri,\n authorizeOptions?.response_mode\n );\n\n const url = this._authorizeUrl(params);\n\n return {\n nonce,\n code_verifier,\n scope: params.scope,\n audience: params.audience || 'default',\n redirect_uri: params.redirect_uri,\n state,\n url\n };\n }\n\n /**\n * ```js\n * try {\n * await auth0.loginWithPopup(options);\n * } catch(e) {\n * if (e instanceof PopupCancelledError) {\n * // Popup was closed before login completed\n * }\n * }\n * ```\n *\n * Opens a popup with the `/authorize` URL using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated. If the response is successful,\n * results will be valid according to their expiration times.\n *\n * IMPORTANT: This method has to be called from an event handler\n * that was started by the user like a button click, for example,\n * otherwise the popup will be blocked in most browsers.\n *\n * @param options\n * @param config\n */\n public async loginWithPopup(\n options?: PopupLoginOptions,\n config?: PopupConfigOptions\n ) {\n options = options || {};\n config = config || {};\n\n if (!config.popup) {\n config.popup = openPopup('');\n\n if (!config.popup) {\n throw new Error(\n 'Unable to open a popup for loginWithPopup - window.open returned `null`'\n );\n }\n }\n\n const params = await this._prepareAuthorizeUrl(\n options.authorizationParams || {},\n { response_mode: 'web_message' },\n window.location.origin\n );\n\n config.popup.location.href = params.url;\n\n const codeResult = await runPopup({\n ...config,\n timeoutInSeconds:\n config.timeoutInSeconds ||\n this.options.authorizeTimeoutInSeconds ||\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS\n });\n\n if (params.state !== codeResult.state) {\n throw new Error('Invalid state');\n }\n\n const organizationId =\n options.authorizationParams?.organization ||\n this.options.authorizationParams.organization;\n\n await this._requestToken(\n {\n audience: params.audience,\n scope: params.scope,\n code_verifier: params.code_verifier,\n grant_type: 'authorization_code',\n code: codeResult.code as string,\n redirect_uri: params.redirect_uri\n },\n {\n nonceIn: params.nonce,\n organizationId\n }\n );\n }\n\n /**\n * ```js\n * const user = await auth0.getUser();\n * ```\n *\n * Returns the user information if available (decoded\n * from the `id_token`).\n *\n * @typeparam TUser The type to return, has to extend {@link User}.\n */\n public async getUser<TUser extends User>(): Promise<TUser | undefined> {\n const cache = await this._getIdTokenFromCache();\n\n return cache?.decodedToken?.user as TUser;\n }\n\n /**\n * ```js\n * const claims = await auth0.getIdTokenClaims();\n * ```\n *\n * Returns all claims from the id_token if available.\n */\n public async getIdTokenClaims(): Promise<IdToken | undefined> {\n const cache = await this._getIdTokenFromCache();\n\n return cache?.decodedToken?.claims;\n }\n\n /**\n * ```js\n * await auth0.loginWithRedirect(options);\n * ```\n *\n * Performs a redirect to `/authorize` using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated.\n *\n * @param options\n */\n public async loginWithRedirect<TAppState = any>(\n options: RedirectLoginOptions<TAppState> = {}\n ) {\n const { openUrl, fragment, appState, ...urlOptions } =\n patchOpenUrlWithOnRedirect(options);\n\n const organizationId =\n urlOptions.authorizationParams?.organization ||\n this.options.authorizationParams.organization;\n\n const { url, ...transaction } = await this._prepareAuthorizeUrl(\n urlOptions.authorizationParams || {}\n );\n\n this.transactionManager.create({\n ...transaction,\n appState,\n ...(organizationId && { organizationId })\n });\n\n const urlWithFragment = fragment ? `${url}#${fragment}` : url;\n\n if (openUrl) {\n await openUrl(urlWithFragment);\n } else {\n window.location.assign(urlWithFragment);\n }\n }\n\n /**\n * After the browser redirects back to the callback page,\n * call `handleRedirectCallback` to handle success and error\n * responses from Auth0. If the response is successful, results\n * will be valid according to their expiration times.\n */\n public async handleRedirectCallback<TAppState = any>(\n url: string = window.location.href\n ): Promise<RedirectLoginResult<TAppState>> {\n const queryStringFragments = url.split('?').slice(1);\n\n if (queryStringFragments.length === 0) {\n throw new Error('There are no query params available for parsing.');\n }\n\n const { state, code, error, error_description } = parseAuthenticationResult(\n queryStringFragments.join('')\n );\n\n const transaction = this.transactionManager.get();\n\n if (!transaction) {\n throw new Error('Invalid state');\n }\n\n this.transactionManager.remove();\n\n if (error) {\n throw new AuthenticationError(\n error,\n error_description || error,\n state,\n transaction.appState\n );\n }\n\n // Transaction should have a `code_verifier` to do PKCE for CSRF protection\n if (\n !transaction.code_verifier ||\n (transaction.state && transaction.state !== state)\n ) {\n throw new Error('Invalid state');\n }\n\n const organizationId = transaction.organizationId;\n const nonceIn = transaction.nonce;\n const redirect_uri = transaction.redirect_uri;\n\n await this._requestToken(\n {\n audience: transaction.audience,\n scope: transaction.scope,\n code_verifier: transaction.code_verifier,\n grant_type: 'authorization_code',\n code: code as string,\n ...(redirect_uri ? { redirect_uri } : {})\n },\n { nonceIn, organizationId }\n );\n\n return {\n appState: transaction.appState\n };\n }\n\n /**\n * ```js\n * await auth0.checkSession();\n * ```\n *\n * Check if the user is logged in using `getTokenSilently`. The difference\n * with `getTokenSilently` is that this doesn't return a token, but it will\n * pre-fill the token cache.\n *\n * This method also heeds the `auth0.{clientId}.is.authenticated` cookie, as an optimization\n * to prevent calling Auth0 unnecessarily. If the cookie is not present because\n * there was no previous login (or it has expired) then tokens will not be refreshed.\n *\n * It should be used for silently logging in the user when you instantiate the\n * `Auth0Client` constructor. You should not need this if you are using the\n * `createAuth0Client` factory.\n *\n * **Note:** the cookie **may not** be present if running an app using a private tab, as some\n * browsers clear JS cookie data and local storage when the tab or page is closed, or on page reload. This effectively\n * means that `checkSession` could silently return without authenticating the user on page refresh when\n * using a private tab, despite having previously logged in. As a workaround, use `getTokenSilently` instead\n * and handle the possible `login_required` error [as shown in the readme](https://github.com/auth0/auth0-spa-js#creating-the-client).\n *\n * @param options\n */\n public async checkSession(options?: GetTokenSilentlyOptions) {\n if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {\n if (!this.cookieStorage.get(OLD_IS_AUTHENTICATED_COOKIE_NAME)) {\n return;\n } else {\n // Migrate the existing cookie to the new name scoped by client ID\n this.cookieStorage.save(this.isAuthenticatedCookieName, true, {\n daysUntilExpire: this.sessionCheckExpiryDays,\n cookieDomain: this.options.cookieDomain\n });\n\n this.cookieStorage.remove(OLD_IS_AUTHENTICATED_COOKIE_NAME);\n }\n }\n\n try {\n await this.getTokenSilently(options);\n } catch (_) {}\n }\n\n /**\n * Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.\n *\n * @param options\n */\n public async getTokenSilently(\n options: GetTokenSilentlyOptions & { detailedResponse: true }\n ): Promise<GetTokenSilentlyVerboseResponse>;\n\n /**\n * Fetches a new access token and returns it.\n *\n * @param options\n */\n public async getTokenSilently(\n options?: GetTokenSilentlyOptions\n ): Promise<string>;\n\n /**\n * Fetches a new access token, and either returns just the access token (the default) or the response from the /oauth/token endpoint, depending on the `detailedResponse` option.\n *\n * ```js\n * const token = await auth0.getTokenSilently(options);\n * ```\n *\n * If there's a valid token stored and it has more than 60 seconds\n * remaining before expiration, return the token. Otherwise, attempt\n * to obtain a new token.\n *\n * A new token will be obtained either by opening an iframe or a\n * refresh token (if `useRefreshTokens` is `true`).\n\n * If iframes are used, opens an iframe with the `/authorize` URL\n * using the parameters provided as arguments. Random and secure `state`\n * and `nonce` parameters will be auto-generated. If the response is successful,\n * results will be validated according to their expiration times.\n *\n * If refresh tokens are used, the token endpoint is called directly with the\n * 'refresh_token' grant. If no refresh token is available to make this call,\n * the SDK will only fall back to using an iframe to the '/authorize' URL if \n * the `useRefreshTokensFallback` setting has been set to `true`. By default this\n * setting is `false`.\n *\n * This method may use a web worker to perform the token call if the in-memory\n * cache is used.\n *\n * If an `audience` value is given to this function, the SDK always falls\n * back to using an iframe to make the token exchange.\n *\n * Note that in all cases, falling back to an iframe requires access to\n * the `auth0` cookie.\n *\n * @param options\n */\n public async getTokenSilently(\n options: GetTokenSilentlyOptions = {}\n ): Promise<undefined | string | GetTokenSilentlyVerboseResponse> {\n const localOptions: GetTokenSilentlyOptions & {\n authorizationParams: AuthorizationParams & { scope: string };\n } = {\n cacheMode: 'on',\n ...options,\n authorizationParams: {\n ...this.options.authorizationParams,\n ...options.authorizationParams,\n scope: getUniqueScopes(this.scope, options.authorizationParams?.scope)\n }\n };\n\n const result = await singlePromise(\n () => this._getTokenSilently(localOptions),\n `${this.options.clientId}::${localOptions.authorizationParams.audience}::${localOptions.authorizationParams.scope}`\n );\n\n return options.detailedResponse ? result : result?.access_token;\n }\n\n private async _getTokenSilently(\n options: GetTokenSilentlyOptions & {\n authorizationParams: AuthorizationParams & { scope: string };\n }\n ): Promise<undefined | GetTokenSilentlyVerboseResponse> {\n const { cacheMode, ...getTokenOptions } = options;\n\n // Check the cache before acquiring the lock to avoid the latency of\n // `lock.acquireLock` when the cache is populated.\n if (cacheMode !== 'off') {\n const entry = await this._getEntryFromCache({\n scope: getTokenOptions.authorizationParams.scope,\n audience: getTokenOptions.authorizationParams.audience || 'default',\n clientId: this.options.clientId\n });\n\n if (entry) {\n return entry;\n }\n }\n\n if (cacheMode === 'cache-only') {\n return;\n }\n\n if (\n await retryPromise(\n () => lock.acquireLock(GET_TOKEN_SILENTLY_LOCK_KEY, 5000),\n 10\n )\n ) {\n try {\n window.addEventListener('pagehide', this._releaseLockOnPageHide);\n\n // Check the cache a second time, because it may have been populated\n // by a previous call while this call was waiting to acquire the lock.\n if (cacheMode !== 'off') {\n const entry = await this._getEntryFromCache({\n scope: getTokenOptions.authorizationParams.scope,\n audience: getTokenOptions.authorizationParams.audience || 'default',\n clientId: this.options.clientId\n });\n\n if (entry) {\n return entry;\n }\n }\n\n const authResult = this.options.useRefreshTokens\n ? await this._getTokenUsingRefreshToken(getTokenOptions)\n : await this._getTokenFromIFrame(getTokenOptions);\n\n const { id_token, access_token, oauthTokenScope, expires_in } =\n authResult;\n\n return {\n id_token,\n access_token,\n ...(oauthTokenScope ? { scope: oauthTokenScope } : null),\n expires_in\n };\n } finally {\n await lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);\n window.removeEventListener('pagehide', this._releaseLockOnPageHide);\n }\n } else {\n throw new TimeoutError();\n }\n }\n\n /**\n * ```js\n * const token = await auth0.getTokenWithPopup(options);\n * ```\n * Opens a popup with the `/authorize` URL using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated. If the response is successful,\n * results will be valid according to their expiration times.\n *\n * @param options\n * @param config\n */\n public async getTokenWithPopup(\n options: GetTokenWithPopupOptions = {},\n config: PopupConfigOptions = {}\n ) {\n const localOptions = {\n ...options,\n authorizationParams: {\n ...this.options.authorizationParams,\n ...options.authorizationParams,\n scope: getUniqueScopes(this.scope, options.authorizationParams?.scope)\n }\n };\n\n config = {\n ...DEFAULT_POPUP_CONFIG_OPTIONS,\n ...config\n };\n\n await this.loginWithPopup(localOptions, config);\n\n const cache = await this.cacheManager.get(\n new CacheKey({\n scope: localOptions.authorizationParams.scope,\n audience: localOptions.authorizationParams.audience || 'default',\n clientId: this.options.clientId\n })\n );\n\n return cache!.access_token;\n }\n\n /**\n * ```js\n * const isAuthenticated = await auth0.isAuthenticated();\n * ```\n *\n * Returns `true` if there's valid information stored,\n * otherwise returns `false`.\n *\n */\n public async isAuthenticated() {\n const user = await this.getUser();\n return !!user;\n }\n\n /**\n * ```js\n * await auth0.buildLogoutUrl(options);\n * ```\n *\n * Builds a URL to the logout endpoint using the parameters provided as arguments.\n * @param options\n */\n private _buildLogoutUrl(options: LogoutUrlOptions): string {\n if (options.clientId !== null) {\n options.clientId = options.clientId || this.options.clientId;\n } else {\n delete options.clientId;\n }\n\n const { federated, ...logoutOptions } = options.logoutParams || {};\n const federatedQuery = federated ? `&federated` : '';\n const url = this._url(\n `/v2/logout?${createQueryParams({\n clientId: options.clientId,\n ...logoutOptions\n })}`\n );\n\n return url + federatedQuery;\n }\n\n /**\n * ```js\n * await auth0.logout(options);\n * ```\n *\n * Clears the application session and performs a redirect to `/v2/logout`, using\n * the parameters provided as arguments, to clear the Auth0 session.\n *\n * If the `federated` option is specified it also clears the Identity Provider session.\n * [Read more about how Logout works at Auth0](https://auth0.com/docs/logout).\n *\n * @param options\n */\n public async logout(options: LogoutOptions = {}): Promise<void> {\n const { openUrl, ...logoutOptions } = patchOpenUrlWithOnRedirect(options);\n\n if (options.clientId === null) {\n await this.cacheManager.clear();\n } else {\n await this.cacheManager.clear(options.clientId || this.options.clientId);\n }\n\n this.cookieStorage.remove(this.orgHintCookieName, {\n cookieDomain: this.options.cookieDomain\n });\n this.cookieStorage.remove(this.isAuthenticatedCookieName, {\n cookieDomain: this.options.cookieDomain\n });\n this.userCache.remove(CACHE_KEY_ID_TOKEN_SUFFIX);\n\n const url = this._buildLogoutUrl(logoutOptions);\n\n if (openUrl) {\n await openUrl(url);\n } else if (openUrl !== false) {\n window.location.assign(url);\n }\n }\n\n private async _getTokenFromIFrame(\n options: GetTokenSilentlyOptions & {\n authorizationParams: AuthorizationParams & { scope: string };\n }\n ): Promise<GetTokenSilentlyResult> {\n const params: AuthorizationParams & { scope: string } = {\n ...options.authorizationParams,\n prompt: 'none'\n };\n\n const orgIdHint = this.cookieStorage.get<string>(this.orgHintCookieName);\n\n if (orgIdHint && !params.organization) {\n params.organization = orgIdHint;\n }\n\n const {\n url,\n state: stateIn,\n nonce: nonceIn,\n code_verifier,\n redirect_uri,\n scope,\n audience\n } = await this._prepareAuthorizeUrl(\n params,\n { response_mode: 'web_message' },\n window.location.origin\n );\n\n try {\n // When a browser is running in a Cross-Origin Isolated context, using iframes is not possible.\n // It doesn't throw an error but times out instead, so we should exit early and inform the user about the reason.\n // https://developer.mozilla.org/en-US/docs/Web/API/crossOriginIsolated\n if ((window as any).crossOriginIsolated) {\n throw new GenericError(\n 'login_required',\n 'The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.'\n );\n }\n\n const authorizeTimeout =\n options.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;\n\n const codeResult = await runIframe(url, this.domainUrl, authorizeTimeout);\n\n if (stateIn !== codeResult.state) {\n throw new Error('Invalid state');\n }\n\n const tokenResult = await this._requestToken(\n {\n ...options.authorizationParams,\n code_verifier,\n code: codeResult.code as string,\n grant_type: 'authorization_code',\n redirect_uri,\n timeout: options.authorizationParams.timeout || this.httpTimeoutMs\n },\n {\n nonceIn\n }\n );\n\n return {\n ...tokenResult,\n scope: scope,\n oauthTokenScope: tokenResult.scope,\n audience: audience\n };\n } catch (e) {\n if (e.error === 'login_required') {\n this.logout({\n openUrl: false\n });\n }\n throw e;\n }\n }\n\n private async _getTokenUsingRefreshToken(\n options: GetTokenSilentlyOptions & {\n authorizationParams: AuthorizationParams & { scope: string };\n }\n ): Promise<GetTokenSilentlyResult> {\n const cache = await this.cacheManager.get(\n new CacheKey({\n scope: options.authorizationParams.scope,\n audience: options.authorizationParams.audience || 'default',\n clientId: this.options.clientId\n })\n );\n\n // If you don't have a refresh token in memory\n // and you don't have a refresh token in web worker memory\n // and useRefreshTokensFallback was explicitly enabled\n // fallback to an iframe\n if ((!cache || !cache.refresh_token) && !this.worker) {\n if (this.options.useRefreshTokensFallback) {\n return await this._getTokenFromIFrame(options);\n }\n\n throw new MissingRefreshTokenError(\n options.authorizationParams.audience || 'default',\n options.authorizationParams.scope\n );\n }\n\n const redirect_uri =\n options.authorizationParams.redirect_uri ||\n this.options.authorizationParams.redirect_uri ||\n window.location.origin;\n\n const timeout =\n typeof options.timeoutInSeconds === 'number'\n ? options.timeoutInSeconds * 1000\n : null;\n\n try {\n const tokenResult = await this._requestToken({\n ...options.authorizationParams,\n grant_type: 'refresh_token',\n refresh_token: cache && cache.refresh_token,\n redirect_uri,\n ...(timeout && { timeout })\n });\n\n return {\n ...tokenResult,\n scope: options.authorizationParams.scope,\n oauthTokenScope: tokenResult.scope,\n audience: options.authorizationParams.audience || 'default'\n };\n } catch (e) {\n if (\n // The web worker didn't have a refresh token in memory so\n // fallback to an iframe.\n (e.message.indexOf(MISSING_REFRESH_TOKEN_ERROR_MESSAGE) > -1 ||\n // A refresh token was found, but is it no longer valid\n // and useRefreshTokensFallback is explicitly enabled. Fallback to an iframe.\n (e.message &&\n e.message.indexOf(INVALID_REFRESH_TOKEN_ERROR_MESSAGE) > -1)) &&\n this.options.useRefreshTokensFallback\n ) {\n return await this._getTokenFromIFrame(options);\n }\n\n throw e;\n }\n }\n\n private async _saveEntryInCache(\n entry: CacheEntry & { id_token: string; decodedToken: DecodedToken }\n ) {\n const { id_token, decodedToken, ...entryWithoutIdToken } = entry;\n\n this.userCache.set(CACHE_KEY_ID_TOKEN_SUFFIX, {\n id_token,\n decodedToken\n });\n\n await this.cacheManager.setIdToken(\n this.options.clientId,\n entry.id_token,\n entry.decodedToken\n );\n\n await this.cacheManager.set(entryWithoutIdToken);\n }\n\n private async _getIdTokenFromCache() {\n const audience = this.options.authorizationParams.audience || 'default';\n\n const cache = await this.cacheManager.getIdToken(\n new CacheKey({\n clientId: this.options.clientId,\n audience,\n scope: this.scope\n })\n );\n\n const currentCache = this.userCache.get<IdTokenEntry>(\n CACHE_KEY_ID_TOKEN_SUFFIX\n ) as IdTokenEntry;\n\n // If the id_token in the cache matches the value we previously cached in memory return the in-memory\n // value so that object comparison will work\n if (cache && cache.id_token === currentCache?.id_token) {\n return currentCache;\n }\n\n this.userCache.set(CACHE_KEY_ID_TOKEN_SUFFIX, cache);\n return cache;\n }\n\n private async _getEntryFromCache({\n scope,\n audience,\n clientId\n }: {\n scope: string;\n audience: string;\n clientId: string;\n }): Promise<undefined | GetTokenSilentlyVerboseResponse> {\n const entry = await this.cacheManager.get(\n new CacheKey({\n scope,\n audience,\n clientId\n }),\n 60 // get a new token if within 60 seconds of expiring\n );\n\n if (entry && entry.access_token) {\n const { access_token, oauthTokenScope, expires_in } = entry as CacheEntry;\n const cache = await this._getIdTokenFromCache();\n return (\n cache && {\n id_token: cache.id_token,\n access_token,\n ...(oauthTokenScope ? { scope: oauthTokenScope } : null),\n expires_in\n }\n );\n }\n }\n\n /**\n * Releases any lock acquired by the current page that's not released yet\n *\n * Get's called on the `pagehide` event.\n * https://developer.mozilla.org/en-US/docs/Web/API/Window/pagehide_event\n */\n private _releaseLockOnPageHide = async () => {\n await lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);\n\n window.removeEventListener('pagehide', this._releaseLockOnPageHide);\n };\n\n private async _requestToken(\n options: PKCERequestTokenOptions | RefreshTokenRequestTokenOptions,\n additionalParameters?: RequestTokenAdditionalParameters\n ) {\n const { nonceIn, organizationId } = additionalParameters || {};\n const authResult = await oauthToken(\n {\n baseUrl: this.domainUrl,\n client_id: this.options.clientId,\n auth0Client: this.options.auth0Client,\n useFormData: this.options.useFormData,\n timeout: this.httpTimeoutMs,\n ...options\n },\n this.worker\n );\n\n const decodedToken = await this._verifyIdToken(\n authResult.id_token,\n nonceIn,\n organizationId\n );\n\n await this._saveEntryInCache({\n ...authResult,\n decodedToken,\n scope: options.scope,\n audience: options.audience || 'default',\n ...(authResult.scope ? { oauthTokenScope: authResult.scope } : null),\n client_id: this.options.clientId\n });\n\n this.cookieStorage.save(this.isAuthenticatedCookieName, true, {\n daysUntilExpire: this.sessionCheckExpiryDays,\n cookieDomain: this.options.cookieDomain\n });\n\n this._processOrgIdHint(decodedToken.claims.org_id);\n\n return { ...authResult, decodedToken };\n }\n}\n\ninterface BaseRequestTokenOptions {\n audience?: string;\n scope: string;\n timeout?: number;\n redirect_uri?: string;\n}\n\ninterface PKCERequestTokenOptions extends BaseRequestTokenOptions {\n code: string;\n grant_type: 'authorization_code';\n code_verifier: string;\n}\n\ninterface RefreshTokenRequestTokenOptions extends BaseRequestTokenOptions {\n grant_type: 'refresh_token';\n refresh_token?: string;\n}\n\ninterface RequestTokenAdditionalParameters {\n nonceIn?: string;\n organizationId?: string;\n}\n","import { ICache } from './cache';\n\nexport interface AuthorizationParams {\n /**\n * - `'page'`: displays the UI with a full page view\n * - `'popup'`: displays the UI with a popup window\n * - `'touch'`: displays the UI in a way that leverages a touch interface\n * - `'wap'`: displays the UI with a \"feature phone\" type interface\n */\n display?: 'page' | 'popup' | 'touch' | 'wap';\n\n /**\n * - `'none'`: do not prompt user for login or consent on reauthentication\n * - `'login'`: prompt user for reauthentication\n * - `'consent'`: prompt user for consent before processing request\n * - `'select_account'`: prompt user to select an account\n */\n prompt?: 'none' | 'login' | 'consent' | 'select_account';\n\n /**\n * Maximum allowable elapsed time (in seconds) since authentication.\n * If the last time the user authenticated is greater than this value,\n * the user must be reauthenticated.\n */\n max_age?: string | number;\n\n /**\n * The space-separated list of language tags, ordered by preference.\n * For example: `'fr-CA fr en'`.\n */\n ui_locales?: string;\n\n /**\n * Previously issued ID Token.\n */\n id_token_hint?: string;\n\n /**\n * Provides a hint to Auth0 as to what flow should be displayed.\n * The default behavior is to show a login page but you can override\n * this by passing 'signup' to show the signup page instead.\n *\n * This only affects the New Universal Login Experience.\n */\n screen_hint?: 'signup' | 'login' | string;\n\n /**\n * The user's email address or other identifier. When your app knows\n * which user is trying to authenticate, you can provide this parameter\n * to pre-fill the email box or select the right session for sign-in.\n *\n * This currently only affects the classic Lock experience.\n */\n login_hint?: string;\n\n acr_values?: string;\n\n /**\n * The default scope to be used on authentication requests.\n *\n * This defaults to `profile email` if not set. If you are setting extra scopes and require\n * `profile` and `email` to be included then you must include them in the provided scope.\n *\n * Note: The `openid` scope is **always applied** regardless of this setting.\n */\n scope?: string;\n\n /**\n * The default audience to be used for requesting API access.\n */\n audience?: string;\n\n /**\n * The name of the connection configured for your application.\n * If null, it will redirect to the Auth0 Login Page and show\n * the Login Widget.\n */\n connection?: string;\n\n /**\n * The Id of an organization to log in to.\n *\n * This will specify an `organization` parameter in your user's login request and will add a step to validate\n * the `org_id` claim in your user's ID Token.\n */\n organization?: string;\n\n /**\n * The Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.\n */\n invitation?: string;\n\n /**\n * The default URL where Auth0 will redirect your browser to with\n * the authentication result. It must be whitelisted in\n * the \"Allowed Callback URLs\" field in your Auth0 Application's\n * settings. If not provided here, it should be provided in the other\n * methods that provide authentication.\n */\n redirect_uri?: string;\n\n /**\n * If you need to send custom parameters to the Authorization Server,\n * make sure to use the original parameter name.\n */\n [key: string]: any;\n}\n\ninterface BaseLoginOptions {\n /**\n * URL parameters that will be sent back to the Authorization Server. This can be known parameters\n * defined by Auth0 or custom parameters that you define.\n */\n authorizationParams?: AuthorizationParams;\n}\n\nexport interface Auth0ClientOptions extends BaseLoginOptions {\n /**\n * Your Auth0 account domain such as `'example.auth0.com'`,\n * `'example.eu.auth0.com'` or , `'example.mycompany.com'`\n * (when using [custom domains](https://auth0.com/docs/custom-domains))\n */\n domain: string;\n /**\n * The issuer to be used for validation of JWTs, optionally defaults to the domain above\n */\n issuer?: string;\n /**\n * The Client ID found on your Application settings page\n */\n clientId: string;\n /**\n * The value in seconds used to account for clock skew in JWT expirations.\n * Typically, this value is no more than a minute or two at maximum.\n * Defaults to 60s.\n */\n leeway?: number;\n\n /**\n * The location to use when storing cache data. Valid values are `memory` or `localstorage`.\n * The default setting is `memory`.\n *\n * Read more about [changing storage options in the Auth0 docs](https://auth0.com/docs/libraries/auth0-single-page-app-sdk#change-storage-options)\n */\n cacheLocation?: CacheLocation;\n\n /**\n * Specify a custom cache implementation to use for token storage and retrieval. This setting takes precedence over `cacheLocation` if they are both specified.\n */\n cache?: ICache;\n\n /**\n * If true, refresh tokens are used to fetch new access tokens from the Auth0 server. If false, the legacy technique of using a hidden iframe and the `authorization_code` grant with `prompt=none` is used.\n * The default setting is `false`.\n *\n * **Note**: Use of refresh tokens must be enabled by an administrator on your Auth0 client application.\n */\n useRefreshTokens?: boolean;\n\n /**\n * If true, fallback to the technique of using a hidden iframe and the `authorization_code` grant with `prompt=none` when unable to use refresh tokens. If false, the iframe fallback is not used and\n * errors relating to a failed `refresh_token` grant should be handled appropriately. The default setting is `false`.\n *\n * **Note**: There might be situations where doing silent auth with a Web Message response from an iframe is not possible,\n * like when you're serving your application from the file system or a custom protocol (like in a Desktop or Native app).\n * In situations like this you can disable the iframe fallback and handle the failed `refresh_token` grant and prompt the user to login interactively with `loginWithRedirect` or `loginWithPopup`.\"\n *\n * E.g. Using the `file:` protocol in an Electron application does not support that legacy technique.\n *\n * @example\n * let token: string;\n * try {\n * token = await auth0.getTokenSilently();\n * } catch (e) {\n * if (e.error === 'missing_refresh_token' || e.error === 'invalid_grant') {\n * auth0.loginWithRedirect();\n * }\n * }\n */\n useRefreshTokensFallback?: boolean;\n\n /**\n * A maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout\n * Defaults to 60s.\n */\n authorizeTimeoutInSeconds?: number;\n\n /**\n * Specify the timeout for HTTP calls using `fetch`. The default is 10 seconds.\n */\n httpTimeoutInSeconds?: number;\n\n /**\n * Internal property to send information about the client to the authorization server.\n * @internal\n */\n auth0Client?: {\n name: string;\n version: string;\n env?: { [key: string]: string };\n };\n\n /**\n * Sets an additional cookie with no SameSite attribute to support legacy browsers\n * that are not compatible with the latest SameSite changes.\n * This will log a warning on modern browsers, you can disable the warning by setting\n * this to false but be aware that some older useragents will not work,\n * See https://www.chromium.org/updates/same-site/incompatible-clients\n * Defaults to true\n */\n legacySameSiteCookie?: boolean;\n\n /**\n * If `true`, the SDK will use a cookie when storing information about the auth transaction while\n * the user is going through the authentication flow on the authorization server.\n *\n * The default is `false`, in which case the SDK will use session storage.\n *\n * @notes\n *\n * You might want to enable this if you rely on your users being able to authenticate using flows that\n * may end up spanning across multiple tabs (e.g. magic links) or you cannot otherwise rely on session storage being available.\n */\n useCookiesForTransactions?: boolean;\n\n /**\n * Number of days until the cookie `auth0.is.authenticated` will expire\n * Defaults to 1.\n */\n sessionCheckExpiryDays?: number;\n\n /**\n * The domain the cookie is accessible from. If not set, the cookie is scoped to\n * the current domain, including the subdomain.\n *\n * Note: setting this incorrectly may cause silent authentication to stop working\n * on page load.\n *\n *\n * To keep a user logged in across multiple subdomains set this to your\n * top-level domain and prefixed with a `.` (eg: `.example.com`).\n */\n cookieDomain?: string;\n\n /**\n * If true, data to the token endpoint is transmitted as x-www-form-urlencoded data, if false it will be transmitted as JSON. The default setting is `true`.\n *\n * **Note:** Setting this to `false` may affect you if you use Auth0 Rules and are sending custom, non-primitive data. If you disable this,\n * please verify that your Auth0 Rules continue to work as intended.\n */\n useFormData?: boolean;\n\n /**\n * Modify the value used as the current time during the token validation.\n *\n * **Note**: Using this improperly can potentially compromise the token validation.\n */\n nowProvider?: () => Promise<number> | number;\n}\n\n/**\n * The possible locations where tokens can be stored\n */\nexport type CacheLocation = 'memory' | 'localstorage';\n\n/**\n * @ignore\n */\nexport interface AuthorizeOptions extends AuthorizationParams {\n response_type: string;\n response_mode: string;\n redirect_uri?: string;\n nonce: string;\n state: string;\n scope: string;\n code_challenge: string;\n code_challenge_method: string;\n}\n\nexport interface RedirectLoginOptions<TAppState = any>\n extends BaseLoginOptions {\n /**\n * Used to store state before doing the redirect\n */\n appState?: TAppState;\n /**\n * Used to add to the URL fragment before redirecting\n */\n fragment?: string;\n /**\n * Used to control the redirect and not rely on the SDK to do the actual redirect.\n *\n * @example\n * const client = new Auth0Client({\n * async onRedirect(url) {\n * window.location.replace(url);\n * }\n * });\n * @deprecated since v2.0.1, use `openUrl` instead.\n */\n onRedirect?: (url: string) => Promise<void>;\n\n /**\n * Used to control the redirect and not rely on the SDK to do the actual redirect.\n *\n * @example\n * const client = new Auth0Client({\n * async openUrl(url) {\n * window.location.replace(url);\n * }\n * });\n */\n openUrl?: (url: string) => Promise<void>;\n}\n\nexport interface RedirectLoginResult<TAppState = any> {\n /**\n * State stored when the redirect request was made\n */\n appState?: TAppState;\n}\n\nexport interface PopupLoginOptions extends BaseLoginOptions {}\n\nexport interface PopupConfigOptions {\n /**\n * The number of seconds to wait for a popup response before\n * throwing a timeout error. Defaults to 60s\n */\n timeoutInSeconds?: number;\n\n /**\n * Accepts an already-created popup window to use. If not specified, the SDK\n * will create its own. This may be useful for platforms like iOS that have\n * security restrictions around when popups can be invoked (e.g. from a user click event)\n */\n popup?: any;\n}\n\nexport interface GetTokenSilentlyOptions {\n /**\n * When `off`, ignores the cache and always sends a\n * request to Auth0.\n * When `cache-only`, only reads from the cache and never sends a request to Auth0.\n * Defaults to `on`, where it both reads from the cache and sends a request to Auth0 as needed.\n */\n cacheMode?: 'on' | 'off' | 'cache-only';\n\n /**\n * Parameters that will be sent back to Auth0 as part of a request.\n */\n authorizationParams?: {\n /**\n * There's no actual redirect when getting a token silently,\n * but, according to the spec, a `redirect_uri` param is required.\n * Auth0 uses this parameter to validate that the current `origin`\n * matches the `redirect_uri` `origin` when sending the response.\n * It must be whitelisted in the \"Allowed Web Origins\" in your\n * Auth0 Application's settings.\n */\n redirect_uri?: string;\n\n /**\n * The scope that was used in the authentication request\n */\n scope?: string;\n\n /**\n * The audience that was used in the authentication request\n */\n audience?: string;\n\n /**\n * If you need to send custom parameters to the Authorization Server,\n * make sure to use the original parameter name.\n */\n [key: string]: any;\n };\n\n /** A maximum number of seconds to wait before declaring the background /authorize call as failed for timeout\n * Defaults to 60s.\n */\n timeoutInSeconds?: number;\n\n /**\n * If true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned\n * (minus `refresh_token` if one was issued). Otherwise, just the access token is returned.\n *\n * The default is `false`.\n */\n detailedResponse?: boolean;\n}\n\nexport interface GetTokenWithPopupOptions extends PopupLoginOptions {\n /**\n * When `off`, ignores the cache and always sends a request to Auth0.\n * When `cache-only`, only reads from the cache and never sends a request to Auth0.\n * Defaults to `on`, where it both reads from the cache and sends a request to Auth0 as needed.\n */\n cacheMode?: 'on' | 'off' | 'cache-only';\n}\n\nexport interface LogoutUrlOptions {\n /**\n * The `clientId` of your application.\n *\n * If this property is not set, then the `clientId` that was used during initialization of the SDK is sent to the logout endpoint.\n *\n * If this property is set to `null`, then no client ID value is sent to the logout endpoint.\n *\n * [Read more about how redirecting after logout works](https://auth0.com/docs/logout/guides/redirect-users-after-logout)\n */\n clientId?: string | null;\n\n /**\n * Parameters to pass to the logout endpoint. This can be known parameters defined by Auth0 or custom parameters\n * you wish to provide.\n */\n logoutParams?: {\n /**\n * When supported by the upstream identity provider,\n * forces the user to logout of their identity provider\n * and from Auth0.\n * [Read more about how federated logout works at Auth0](https://auth0.com/docs/logout/guides/logout-idps)\n */\n federated?: boolean;\n /**\n * The URL where Auth0 will redirect your browser to after the logout.\n *\n * **Note**: If the `client_id` parameter is included, the\n * `returnTo` URL that is provided must be listed in the\n * Application's \"Allowed Logout URLs\" in the Auth0 dashboard.\n * However, if the `client_id` parameter is not included, the\n * `returnTo` URL must be listed in the \"Allowed Logout URLs\" at\n * the account level in the Auth0 dashboard.\n *\n * [Read more about how redirecting after logout works](https://auth0.com/docs/logout/guides/redirect-users-after-logout)\n */\n returnTo?: string;\n\n /**\n * If you need to send custom parameters to the logout endpoint, make sure to use the original parameter name.\n */\n [key: string]: any;\n };\n}\n\nexport interface LogoutOptions extends LogoutUrlOptions {\n /**\n * Used to control the redirect and not rely on the SDK to do the actual redirect.\n *\n * @example\n * await auth0.logout({\n * async onRedirect(url) {\n * window.location.replace(url);\n * }\n * });\n * @deprecated since v2.0.1, use `openUrl` instead.\n */\n onRedirect?: (url: string) => Promise<void>;\n\n /**\n * Used to control the redirect and not rely on the SDK to do the actual redirect.\n *\n * Set to `false` to disable the redirect, or provide a function to handle the actual redirect yourself.\n *\n * @example\n * await auth0.logout({\n * async openUrl(url) {\n * window.location.replace(url);\n * }\n * });\n */\n openUrl?: false | ((url: string) => Promise<void>);\n}\n\n/**\n * @ignore\n */\nexport interface AuthenticationResult {\n state: string;\n code?: string;\n error?: string;\n error_description?: string;\n}\n\n/**\n * @ignore\n */\nexport interface TokenEndpointOptions {\n baseUrl: string;\n client_id: string;\n grant_type: string;\n timeout?: number;\n auth0Client: any;\n useFormData?: boolean;\n [key: string]: any;\n}\n\nexport type TokenEndpointResponse = {\n id_token: string;\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n scope?: string;\n};\n\n/**\n * @ignore\n */\nexport interface OAuthTokenOptions extends TokenEndpointOptions {\n code_verifier: string;\n code: string;\n redirect_uri: string;\n audience: string;\n scope: string;\n}\n\n/**\n * @ignore\n */\nexport interface RefreshTokenOptions extends TokenEndpointOptions {\n refresh_token: string;\n}\n\n/**\n * @ignore\n */\nexport interface JWTVerifyOptions {\n iss: string;\n aud: string;\n id_token: string;\n nonce?: string;\n leeway?: number;\n max_age?: number;\n organizationId?: string;\n now?: number;\n}\n\nexport interface IdToken {\n __raw: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n middle_name?: string;\n nickname?: string;\n preferred_username?: string;\n profile?: string;\n picture?: string;\n website?: string;\n email?: string;\n email_verified?: boolean;\n gender?: string;\n birthdate?: string;\n zoneinfo?: string;\n locale?: string;\n phone_number?: string;\n phone_number_verified?: boolean;\n address?: string;\n updated_at?: string;\n iss?: string;\n aud?: string;\n exp?: number;\n nbf?: number;\n iat?: number;\n jti?: string;\n azp?: string;\n nonce?: string;\n auth_time?: string;\n at_hash?: string;\n c_hash?: string;\n acr?: string;\n amr?: string;\n sub_jwk?: string;\n cnf?: string;\n sid?: string;\n org_id?: string;\n [key: string]: any;\n}\n\nexport class User {\n name?: string;\n given_name?: string;\n family_name?: string;\n middle_name?: string;\n nickname?: string;\n preferred_username?: string;\n profile?: string;\n picture?: string;\n website?: string;\n email?: string;\n email_verified?: boolean;\n gender?: string;\n birthdate?: string;\n zoneinfo?: string;\n locale?: string;\n phone_number?: string;\n phone_number_verified?: boolean;\n address?: string;\n updated_at?: string;\n sub?: string;\n [key: string]: any;\n}\n\n/**\n * @ignore\n */\nexport type FetchOptions = {\n method?: string;\n headers?: Record<string, string>;\n credentials?: 'include' | 'omit';\n body?: string;\n signal?: AbortSignal;\n};\n\nexport type GetTokenSilentlyVerboseResponse = Omit<\n TokenEndpointResponse,\n 'refresh_token'\n>;\n","import { Auth0Client } from './Auth0Client';\nimport { Auth0ClientOptions } from './global';\n\nimport './global';\n\nexport * from './global';\n\n/**\n * Asynchronously creates the Auth0Client instance and calls `checkSession`.\n *\n * **Note:** There are caveats to using this in a private browser tab, which may not silently authenticae\n * a user on page refresh. Please see [the checkSession docs](https://auth0.github.io/auth0-spa-js/classes/Auth0Client.html#checksession) for more info.\n *\n * @param options The client options\n * @returns An instance of Auth0Client\n */\nexport async function createAuth0Client(options: Auth0ClientOptions) {\n const auth0 = new Auth0Client(options);\n await auth0.checkSession();\n return auth0;\n}\n\nexport { Auth0Client };\n\nexport {\n GenericError,\n AuthenticationError,\n TimeoutError,\n PopupTimeoutError,\n PopupCancelledError,\n MfaRequiredError,\n MissingRefreshTokenError\n} from './errors';\n\nexport {\n ICache,\n LocalStorageCache,\n InMemoryCache,\n Cacheable,\n DecodedToken,\n CacheEntry,\n WrappedCacheEntry,\n KeyManifestEntry,\n MaybePromise,\n CacheKey,\n CacheKeyData\n} from './cache';\n"],"names":["__rest","s","e","t","p","Object","prototype","hasOwnProperty","call","indexOf","getOwnPropertySymbols","i","length","propertyIsEnumerable","defineProperty","exports","value","ProcessLocking","_this","this","locked","Map","addToLocked","key","toAdd","callbacks","get","undefined","set","unshift","isLocked","has","lock","Promise","resolve","reject","unlock","delete","toCall","pop","setTimeout","getInstance","instance","getLock","default","__awaiter","thisArg","_arguments","P","generator","fulfilled","step","next","rejected","result","done","then","apply","__generator","body","_","label","sent","trys","ops","f","y","g","verb","throw","return","Symbol","iterator","n","v","op","TypeError","push","LOCK_STORAGE_KEY","delay","milliseconds","generateRandomString","CHARS","randomstring","INDEX","Math","floor","random","getLockId","Date","now","toString","SuperTokensLock","acquiredIatSet","Set","id","acquireLock","bind","releaseLock","releaseLock__private__","waitForSomethingToChange","refreshLockWhileAcquired","waiters","lockKey","timeout","iat","MAX_TIME","STORAGE_KEY","STORAGE","lockObj","TIMEOUT_KEY","lockObjPostDelay","_a","window","localStorage","getItem","setItem","JSON","stringify","timeoutKey","timeAcquired","timeRefreshed","parse","add","lockCorrector","storageKey","processLock_1","resolvedCalled","startedAt","MIN_TIME_TO_WAIT","removedListeners","stopWaiting","removeEventListener","removeFromWaiting","clearTimeout","timeOutId","timeToWait","addEventListener","addToWaiting","max","func","filter","notifyWaiters","slice","forEach","removeItem","MIN_ALLOWED_TIME","KEYS","keys","LOCK_KEY","includes","version","DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS","DEFAULT_POPUP_CONFIG_OPTIONS","timeoutInSeconds","DEFAULT_SILENT_TOKEN_RETRY_COUNT","CLEANUP_IFRAME_TIMEOUT_IN_SECONDS","DEFAULT_FETCH_TIMEOUT_MS","CACHE_LOCATION_MEMORY","MISSING_REFRESH_TOKEN_ERROR_MESSAGE","INVALID_REFRESH_TOKEN_ERROR_MESSAGE","DEFAULT_SCOPE","DEFAULT_SESSION_CHECK_EXPIRY_DAYS","DEFAULT_AUTH0_CLIENT","name","DEFAULT_NOW_PROVIDER","GenericError","Error","constructor","error","error_description","super","setPrototypeOf","static","AuthenticationError","state","appState","TimeoutError","PopupTimeoutError","popup","PopupCancelledError","MfaRequiredError","mfa_token","MissingRefreshTokenError","audience","scope","valueOrEmptyString","exclude","parseAuthenticationResult","queryString","substring","searchParams","URLSearchParams","code","runIframe","authorizeUrl","eventOrigin","res","rej","iframe","document","createElement","setAttribute","style","display","removeIframe","contains","removeChild","iframeEventHandler","timeoutSetTimeoutId","origin","data","type","eventSource","source","close","response","fromPayload","appendChild","openPopup","url","width","height","left","screenX","innerWidth","top","screenY","innerHeight","open","runPopup","config","popupEventListener","popupTimer","setInterval","closed","clearInterval","timeoutId","getCrypto","crypto","createRandomString","charset","randomValues","Array","from","getRandomValues","Uint8Array","encode","btoa","stripUndefined","params","k","reduce","acc","assign","createQueryParams","clientId","client_id","sha256","async","digestOp","subtle","digest","TextEncoder","urlEncodeB64","input","b64Chars","replace","m","decodeB64","decodeURIComponent","atob","split","map","c","charCodeAt","join","urlDecodeB64","bufferToBase64UrlEncoded","ie11SafeInput","String","fromCharCode","validateCrypto","getDomain","domainUrl","test","getTokenIssuer","issuer","startsWith","parseNumber","parseInt","sendMessage","message","to","messageChannel","MessageChannel","port1","onmessage","event","postMessage","port2","createAbortController","AbortController","dofetch","fetchUrl","fetchOptions","fetch","ok","json","fetchWithoutWorker","controller","signal","race","abort","finally","fetchWithWorker","worker","useFormData","auth","switchFetch","getJSON","options","fetchError","errorMessage","oauthToken","baseUrl","auth0Client","method","headers","dedupe","arr","getUniqueScopes","scopes","Boolean","trim","CACHE_KEY_PREFIX","CACHE_KEY_ID_TOKEN_SUFFIX","CacheKey","prefix","suffix","toKey","entry","LocalStorageCache","payload","remove","allKeys","InMemoryCache","enclosedCache","cache","cacheEntry","DEFAULT_EXPIRY_ADJUSTMENT_SECONDS","CacheManager","keyManifest","nowProvider","idToken","decodedToken","cacheKey","getIdTokenCacheKey","id_token","entryByScope","expiryAdjustmentSeconds","wrappedEntry","getCacheKeys","matchedKey","matchExistingCacheKey","nowSeconds","expiresAt","refresh_token","wrapCacheEntry","memo","clear","expiresInTime","expires_in","keyToMatch","fromKey","scopeSet","scopesToMatch","hasAllScopes","current","TRANSACTION_STORAGE_KEY_PREFIX","TransactionManager","storage","transaction","create","save","daysUntilExpire","isNumber","idTokendecoded","decode","token","parts","header","signature","payloadJSON","claims","__raw","user","encoded","verify","decoded","iss","sub","alg","aud","isArray","azp","nonce","max_age","auth_time","exp","leeway","expDate","setUTCSeconds","nbf","nbfDate","authTimeDate","organizationId","org_id","__assign","arguments","__esModule","stringifyAttribute","stringified","stringifyAttributes","attributes","expires","setMilliseconds","getMilliseconds","toUTCString","domain","path","secure","sameSite","encodeURIComponent","cookieString","cookies","rdecode","cookie","charAt","name_1","getAll","CookieStorage","Cookies.get","cookieAttributes","location","protocol","cookieDomain","Cookies.set","Cookies.remove","LEGACY_PREFIX","CookieStorageWithLegacySameSite","SessionStorage","sessionStorage","singlePromiseMap","singlePromise","cb","promise","retryPromise","maxNumberOfRetries","CacheKeyManifest","manifestKey","createManifestKeyFrom","size","GET_TOKEN_SILENTLY_LOCK_KEY","buildOrganizationHintCookieName","OLD_IS_AUTHENTICATED_COOKIE_NAME","buildIsAuthenticatedCookieName","cacheLocationBuilders","memory","localstorage","cacheFactory","getAuthorizeParams","clientOptions","authorizationParams","code_challenge","redirect_uri","response_mode","response_type","code_challenge_method","patchOpenUrlWithOnRedirect","openUrl","onRedirect","originalOptions","Lock","Auth0Client","userCache","defaultOptions","useRefreshTokensFallback","_releaseLockOnPageHide","cacheLocation","console","warn","httpTimeoutMs","httpTimeoutInSeconds","cookieStorage","legacySameSiteCookie","orgHintCookieName","isAuthenticatedCookieName","sessionCheckExpiryDays","transactionStorage","useCookiesForTransactions","useRefreshTokens","transactionManager","cacheManager","tokenIssuer","Worker","TokenWorker","_url","_authorizeUrl","authorizeOptions","verifyIdToken","_processOrgIdHint","fallbackRedirectUri","code_verifier","code_challengeBuffer","_prepareAuthorizeUrl","href","codeResult","authorizeTimeoutInSeconds","organization","_requestToken","grant_type","nonceIn","_getIdTokenFromCache","_b","fragment","urlOptions","_c","urlWithFragment","queryStringFragments","getTokenSilently","localOptions","cacheMode","_getTokenSilently","detailedResponse","access_token","getTokenOptions","_getEntryFromCache","authResult","_getTokenUsingRefreshToken","_getTokenFromIFrame","oauthTokenScope","loginWithPopup","getUser","_buildLogoutUrl","logoutParams","federated","logoutOptions","federatedQuery","prompt","orgIdHint","stateIn","crossOriginIsolated","authorizeTimeout","tokenResult","logout","entryWithoutIdToken","setIdToken","getIdToken","currentCache","additionalParameters","_verifyIdToken","_saveEntryInCache","User","createAuth0Client","auth0","checkSession"],"mappings":";;;;;IA0CO,SAASA,OAAOC,GAAGC;QACtB,IAAIC,IAAI,CAAA;QACR,KAAK,IAAIC,KAAKH,GAAG,IAAII,OAAOC,UAAUC,eAAeC,KAAKP,GAAGG,MAAMF,EAAEO,QAAQL,KAAK,GAC9ED,EAAEC,KAAKH,EAAEG;QACb,IAAIH,KAAK,eAAeI,OAAOK,0BAA0B,YACrD,KAAK,IAAIC,IAAI,GAAGP,IAAIC,OAAOK,sBAAsBT,IAAIU,IAAIP,EAAEQ,QAAQD,KAAK;YACpE,IAAIT,EAAEO,QAAQL,EAAEO,MAAM,KAAKN,OAAOC,UAAUO,qBAAqBL,KAAKP,GAAGG,EAAEO,KACvER,EAAEC,EAAEO,MAAMV,EAAEG,EAAEO;AACrB;QACL,OAAOR;AACX;;;;;;;;;;;QCnDAE,OAAOS,eAAeC,SAAS,cAAc;YAAEC,OAAO;;QACtD,IAAIC,iBAAgC;YAChC,SAASA;gBACL,IAAIC,QAAQC;gBACZA,KAAKC,SAAS,IAAIC;gBAClBF,KAAKG,cAAc,SAAUC,KAAKC;oBAC9B,IAAIC,YAAYP,MAAME,OAAOM,IAAIH;oBACjC,IAAIE,cAAcE,WAAW;wBACzB,IAAIH,UAAUG,WAAW;4BACrBT,MAAME,OAAOQ,IAAIL,KAAK;AACzB,+BACI;4BACDL,MAAME,OAAOQ,IAAIL,KAAK,EAACC;AAC1B;AACJ,2BACI;wBACD,IAAIA,UAAUG,WAAW;4BACrBF,UAAUI,QAAQL;4BAClBN,MAAME,OAAOQ,IAAIL,KAAKE;AACzB;AACJ;AACb;gBACQN,KAAKW,WAAW,SAAUP;oBACtB,OAAOL,MAAME,OAAOW,IAAIR;AACpC;gBACQJ,KAAKa,OAAO,SAAUT;oBAClB,OAAO,IAAIU,SAAQ,SAAUC,SAASC;wBAClC,IAAIjB,MAAMY,SAASP,MAAM;4BACrBL,MAAMI,YAAYC,KAAKW;AAC1B,+BACI;4BACDhB,MAAMI,YAAYC;4BAClBW;AACH;AACjB;AACA;gBACQf,KAAKiB,SAAS,SAAUb;oBACpB,IAAIE,YAAYP,MAAME,OAAOM,IAAIH;oBACjC,IAAIE,cAAcE,aAAaF,UAAUb,WAAW,GAAG;wBACnDM,MAAME,OAAOiB,OAAOd;wBACpB;AACH;oBACD,IAAIe,SAASb,UAAUc;oBACvBrB,MAAME,OAAOQ,IAAIL,KAAKE;oBACtB,IAAIa,WAAWX,WAAW;wBACtBa,WAAWF,QAAQ;AACtB;AACb;AACK;YACDrB,eAAewB,cAAc;gBACzB,IAAIxB,eAAeyB,aAAaf,WAAW;oBACvCV,eAAeyB,WAAW,IAAIzB;AACjC;gBACD,OAAOA,eAAeyB;AAC9B;YACI,OAAOzB;AACX;QACA,SAAS0B;YACL,OAAO1B,eAAewB;AAC1B;QACA1B,QAAA6B,UAAkBD;;;;QC5DlB,IAAIE,YAAa1B,kBAAQA,eAAK0B,aAAc,SAAUC,SAASC,YAAYC,GAAGC;YAC1E,OAAO,KAAKD,MAAMA,IAAIf,WAAU,SAAUC,SAASC;gBAC/C,SAASe,UAAUlC;oBAAS;wBAAMmC,KAAKF,UAAUG,KAAKpC;sBAAW,OAAOd;wBAAKiC,OAAOjC;;AAAO;gBAC3F,SAASmD,SAASrC;oBAAS;wBAAMmC,KAAKF,UAAU,SAASjC;sBAAW,OAAOd;wBAAKiC,OAAOjC;;AAAO;gBAC9F,SAASiD,KAAKG;oBAAUA,OAAOC,OAAOrB,QAAQoB,OAAOtC,SAAS,IAAIgC,GAAE,SAAUd;wBAAWA,QAAQoB,OAAOtC;wBAAWwC,KAAKN,WAAWG;AAAY;gBAC/IF,MAAMF,YAAYA,UAAUQ,MAAMX,SAASC,cAAc,KAAKK;AACtE;AACA;QACA,IAAIM,cAAevC,kBAAQA,eAAKuC,eAAgB,SAAUZ,SAASa;YAC/D,IAAIC,IAAI;gBAAEC,OAAO;gBAAGC,MAAM;oBAAa,IAAI3D,EAAE,KAAK,GAAG,MAAMA,EAAE;oBAAI,OAAOA,EAAE;AAAK;gBAAE4D,MAAM;gBAAIC,KAAK;eAAMC,GAAGC,GAAG/D,GAAGgE;YAC/G,OAAOA,IAAI;gBAAEf,MAAMgB,KAAK;gBAAIC,OAASD,KAAK;gBAAIE,QAAUF,KAAK;sBAAaG,WAAW,eAAeJ,EAAEI,OAAOC,YAAY;gBAAa,OAAOrD;AAAO,gBAAGgD;YACvJ,SAASC,KAAKK;gBAAK,OAAO,SAAUC;oBAAK,OAAOvB,KAAK,EAACsB,GAAGC;AAAM;AAAG;YAClE,SAASvB,KAAKwB;gBACV,IAAIV,GAAG,MAAM,IAAIW,UAAU;gBAC3B,OAAOhB;oBACH,IAAIK,IAAI,GAAGC,MAAM/D,IAAIwE,GAAG,KAAK,IAAIT,EAAE,YAAYS,GAAG,KAAKT,EAAE,cAAc/D,IAAI+D,EAAE,cAAc/D,EAAEK,KAAK0D;oBAAI,KAAKA,EAAEd,WAAWjD,IAAIA,EAAEK,KAAK0D,GAAGS,GAAG,KAAKpB,MAAM,OAAOpD;oBAC3J,IAAI+D,IAAI,GAAG/D,GAAGwE,KAAK,EAACA,GAAG,KAAK,GAAGxE,EAAEa;oBACjC,QAAQ2D,GAAG;sBACP,KAAK;sBAAG,KAAK;wBAAGxE,IAAIwE;wBAAI;;sBACxB,KAAK;wBAAGf,EAAEC;wBAAS,OAAO;4BAAE7C,OAAO2D,GAAG;4BAAIpB,MAAM;;;sBAChD,KAAK;wBAAGK,EAAEC;wBAASK,IAAIS,GAAG;wBAAIA,KAAK,EAAC;wBAAI;;sBACxC,KAAK;wBAAGA,KAAKf,EAAEI,IAAIzB;wBAAOqB,EAAEG,KAAKxB;wBAAO;;sBACxC;wBACI,MAAMpC,IAAIyD,EAAEG,MAAM5D,IAAIA,EAAES,SAAS,KAAKT,EAAEA,EAAES,SAAS,QAAQ+D,GAAG,OAAO,KAAKA,GAAG,OAAO,IAAI;4BAAEf,IAAI;4BAAG;AAAW;wBAC5G,IAAIe,GAAG,OAAO,OAAOxE,KAAMwE,GAAG,KAAKxE,EAAE,MAAMwE,GAAG,KAAKxE,EAAE,KAAM;4BAAEyD,EAAEC,QAAQc,GAAG;4BAAI;AAAQ;wBACtF,IAAIA,GAAG,OAAO,KAAKf,EAAEC,QAAQ1D,EAAE,IAAI;4BAAEyD,EAAEC,QAAQ1D,EAAE;4BAAIA,IAAIwE;4BAAI;AAAQ;wBACrE,IAAIxE,KAAKyD,EAAEC,QAAQ1D,EAAE,IAAI;4BAAEyD,EAAEC,QAAQ1D,EAAE;4BAAIyD,EAAEI,IAAIa,KAAKF;4BAAK;AAAQ;wBACnE,IAAIxE,EAAE,IAAIyD,EAAEI,IAAIzB;wBAChBqB,EAAEG,KAAKxB;wBAAO;;oBAEtBoC,KAAKhB,KAAKnD,KAAKsC,SAASc;kBAC1B,OAAO1D;oBAAKyE,KAAK,EAAC,GAAGzE;oBAAIgE,IAAI;AAAE,kBAAW;oBAAED,IAAI9D,IAAI;AAAI;gBAC1D,IAAIwE,GAAG,KAAK,GAAG,MAAMA,GAAG;gBAAI,OAAO;oBAAE3D,OAAO2D,GAAG,KAAKA,GAAG,UAAU;oBAAGpB,MAAM;;AAC7E;AACL;QACAlD,OAAOS,eAAeC,SAAS,cAAc;YAAEC,OAAO;;QAkBtD,IAAI8D,mBAAmB;QAMvB,SAASC,MAAMC;YACX,OAAO,IAAI/C,SAAQ,SAAUC;gBAAW,OAAOM,WAAWN,SAAS8C;AAAc;AACrF;QAOA,SAASC,qBAAqBrE;YAC1B,IAAIsE,QAAQ;YACZ,IAAIC,eAAe;YACnB,KAAK,IAAIxE,IAAI,GAAGA,IAAIC,QAAQD,KAAK;gBAC7B,IAAIyE,QAAQC,KAAKC,MAAMD,KAAKE,WAAWL,MAAMtE;gBAC7CuE,gBAAgBD,MAAME;AACzB;YACD,OAAOD;AACX;QAMA,SAASK;YACL,OAAOC,KAAKC,MAAMC,aAAaV,qBAAqB;AACxD;QACA,IAAIW,kBAAiC;YACjC,SAASA;gBACLzE,KAAK0E,iBAAiB,IAAIC;gBAC1B3E,KAAK4E,KAAKP;gBACVrE,KAAK6E,cAAc7E,KAAK6E,YAAYC,KAAK9E;gBACzCA,KAAK+E,cAAc/E,KAAK+E,YAAYD,KAAK9E;gBACzCA,KAAKgF,yBAAyBhF,KAAKgF,uBAAuBF,KAAK9E;gBAC/DA,KAAKiF,2BAA2BjF,KAAKiF,yBAAyBH,KAAK9E;gBACnEA,KAAKkF,2BAA2BlF,KAAKkF,yBAAyBJ,KAAK9E;gBACnE,IAAIyE,gBAAgBU,YAAY3E,WAAW;oBACvCiE,gBAAgBU,UAAU;AAC7B;AACJ;YAWDV,gBAAgBtF,UAAU0F,cAAc,SAAUO,SAASC;gBACvD,IAAIA,iBAAiB,GAAG;oBAAEA,UAAU;AAAO;gBAC3C,OAAO3D,UAAU1B,WAAW,QAAQ,IAAG;oBACnC,IAAIsF,KAAKC,UAAUC,aAAaC,SAASC,SAASC,aAAaC;oBAC/D,OAAOrD,YAAYvC,OAAM,SAAU6F;wBAC/B,QAAQA,GAAGnD;0BACP,KAAK;4BACD4C,MAAMhB,KAAKC,QAAQT,qBAAqB;4BACxCyB,WAAWjB,KAAKC,QAAQc;4BACxBG,cAAc7B,mBAAmB,MAAMyB;4BACvCK,UAAUK,OAAOC;4BACjBF,GAAGnD,QAAQ;;0BACf,KAAK;4BACD,MAAM4B,KAAKC,QAAQgB,WAAW,OAAO,EAAC,GAAa;4BACnD,OAAO,EAAC,GAAa3B,MAAM;;0BAC/B,KAAK;4BACDiC,GAAGlD;4BACH+C,UAAUD,QAAQO,QAAQR;4BAC1B,MAAME,YAAY,OAAO,OAAO,EAAC,GAAa;4BAC9CC,cAAc3F,KAAK4E,KAAK,MAAMQ,UAAU,MAAME;4BAE9C,OAAO,EAAC,GAAa1B,MAAMM,KAAKC,MAAMD,KAAKE,WAAW;;0BAC1D,KAAK;4BAEDyB,GAAGlD;4BACH8C,QAAQQ,QAAQT,aAAaU,KAAKC,UAAU;gCACxCvB,IAAI5E,KAAK4E;gCACTU,KAAKA;gCACLc,YAAYT;gCACZU,cAAc/B,KAAKC;gCACnB+B,eAAehC,KAAKC;;4BAExB,OAAO,EAAC,GAAaX,MAAM;;0BAC/B,KAAK;4BACDiC,GAAGlD;4BACHiD,mBAAmBH,QAAQO,QAAQR;4BACnC,IAAII,qBAAqB,MAAM;gCAC3BA,mBAAmBM,KAAKK,MAAMX;gCAC9B,IAAIA,iBAAiBhB,OAAO5E,KAAK4E,MAAMgB,iBAAiBN,QAAQA,KAAK;oCACjEtF,KAAK0E,eAAe8B,IAAIlB;oCACxBtF,KAAKkF,yBAAyBM,aAAaF;oCAC3C,OAAO,EAAC,GAAc;AACzB;AACJ;4BACD,OAAO,EAAC,GAAa;;0BACzB,KAAK;4BACDb,gBAAgBgC;4BAChB,OAAO,EAAC,GAAazG,KAAKiF,yBAAyBM;;0BACvD,KAAK;4BACDM,GAAGlD;4BACHkD,GAAGnD,QAAQ;;0BACf,KAAK;4BACD4C,MAAMhB,KAAKC,QAAQT,qBAAqB;4BACxC,OAAO,EAAC,GAAa;;0BACzB,KAAK;4BAAG,OAAO,EAAC,GAAc;;AAElD;AACA;AACA;YACIW,gBAAgBtF,UAAU+F,2BAA2B,SAAUwB,YAAYpB;gBACvE,OAAO5D,UAAU1B,WAAW,QAAQ,IAAG;oBACnC,IAAID,QAAQC;oBACZ,OAAOuC,YAAYvC,OAAM,SAAU6F;wBAC/BxE,YAAW;4BAAc,OAAOK,UAAU3B,YAAY,QAAQ,IAAG;gCAC7D,IAAI0F,SAASC;gCACb,OAAOnD,YAAYvC,OAAM,SAAU6F;oCAC/B,QAAQA,GAAGnD;sCACP,KAAK;wCAAG,OAAO,EAAC,GAAaiE,YAAclF,UAAUZ,KAAKyE;;sCAC1D,KAAK;wCACDO,GAAGlD;wCACH,KAAK3C,KAAK0E,eAAe9D,IAAI0E,MAAM;4CAC/BqB,YAAclF,UAAUR,OAAOqE;4CAC/B,OAAO,EAAC;AACX;wCACDG,UAAUK,OAAOC;wCACjBL,UAAUD,QAAQO,QAAQU;wCAC1B,IAAIhB,YAAY,MAAM;4CAClBA,UAAUQ,KAAKK,MAAMb;4CACrBA,QAAQY,gBAAgBhC,KAAKC;4CAC7BkB,QAAQQ,QAAQS,YAAYR,KAAKC,UAAUT;4CAC3CiB,YAAclF,UAAUR,OAAOqE;AAClC,+CACI;4CACDqB,YAAclF,UAAUR,OAAOqE;4CAC/B,OAAO,EAAC;AACX;wCACDtF,KAAKkF,yBAAyBwB,YAAYpB;wCAC1C,OAAO,EAAC;;AAExC;AACA;AAAmB,4BAAI;wBACP,OAAO,EAAC;AACxB;AACA;AACA;YACIb,gBAAgBtF,UAAU8F,2BAA2B,SAAUM;gBAC3D,OAAO7D,UAAU1B,WAAW,QAAQ,IAAG;oBACnC,OAAOuC,YAAYvC,OAAM,SAAU6F;wBAC/B,QAAQA,GAAGnD;0BACP,KAAK;4BAAG,OAAO,EAAC,GAAa,IAAI5B,SAAQ,SAAUC;gCAC3C,IAAI6F,iBAAiB;gCACrB,IAAIC,YAAYvC,KAAKC;gCACrB,IAAIuC,mBAAmB;gCACvB,IAAIC,mBAAmB;gCACvB,SAASC;oCACL,KAAKD,kBAAkB;wCACnBjB,OAAOmB,oBAAoB,WAAWD;wCACtCvC,gBAAgByC,kBAAkBF;wCAClCG,aAAaC;wCACbL,mBAAmB;AACtB;oCACD,KAAKH,gBAAgB;wCACjBA,iBAAiB;wCACjB,IAAIS,aAAaP,oBAAoBxC,KAAKC,QAAQsC;wCAClD,IAAIQ,aAAa,GAAG;4CAChBhG,WAAWN,SAASsG;AACvB,+CACI;4CACDtG;AACH;AACJ;AACJ;gCACD+E,OAAOwB,iBAAiB,WAAWN;gCACnCvC,gBAAgB8C,aAAaP;gCAC7B,IAAII,YAAY/F,WAAW2F,aAAa9C,KAAKsD,IAAI,GAAGjC,WAAWjB,KAAKC;AACvE;;0BACL,KAAK;4BACDsB,GAAGlD;4BACH,OAAO,EAAC;;AAEhC;AACA;AACA;YACI8B,gBAAgB8C,eAAe,SAAUE;gBACrCzH,KAAKkH,kBAAkBO;gBACvB,IAAIhD,gBAAgBU,YAAY3E,WAAW;oBACvC;AACH;gBACDiE,gBAAgBU,QAAQzB,KAAK+D;AACrC;YACIhD,gBAAgByC,oBAAoB,SAAUO;gBAC1C,IAAIhD,gBAAgBU,YAAY3E,WAAW;oBACvC;AACH;gBACDiE,gBAAgBU,UAAUV,gBAAgBU,QAAQuC,QAAO,SAAUlI;oBAAK,OAAOA,MAAMiI;AAAO;AACpG;YACIhD,gBAAgBkD,gBAAgB;gBAC5B,IAAIlD,gBAAgBU,YAAY3E,WAAW;oBACvC;AACH;gBACD,IAAI2E,UAAUV,gBAAgBU,QAAQyC;gBACtCzC,QAAQ0C,SAAQ,SAAUrI;oBAAK,OAAOA;AAAI;AAClD;YAQIiF,gBAAgBtF,UAAU4F,cAAc,SAAUK;gBAC9C,OAAO1D,UAAU1B,WAAW,QAAQ,IAAG;oBACnC,OAAOuC,YAAYvC,OAAM,SAAU6F;wBAC/B,QAAQA,GAAGnD;0BACP,KAAK;4BAAG,OAAO,EAAC,GAAa1C,KAAKgF,uBAAuBI;;0BACzD,KAAK;4BAAG,OAAO,EAAC,GAAcS,GAAGlD;;AAErD;AACA;AACA;YAQI8B,gBAAgBtF,UAAU6F,yBAAyB,SAAUI;gBACzD,OAAO1D,UAAU1B,WAAW,QAAQ,IAAG;oBACnC,IAAIyF,SAASD,aAAaE;oBAC1B,OAAOnD,YAAYvC,OAAM,SAAU6F;wBAC/B,QAAQA,GAAGnD;0BACP,KAAK;4BACD+C,UAAUK,OAAOC;4BACjBP,cAAc7B,mBAAmB,MAAMyB;4BACvCM,UAAUD,QAAQO,QAAQR;4BAC1B,IAAIE,YAAY,MAAM;gCAClB,OAAO,EAAC;AACX;4BACDA,UAAUQ,KAAKK,MAAMb;4BACrB,MAAMA,QAAQd,OAAO5E,KAAK4E,KAAK,OAAO,EAAC,GAAa;4BACpD,OAAO,EAAC,GAAa+B,YAAclF,UAAUZ,KAAK6E,QAAQJ;;0BAC9D,KAAK;4BACDO,GAAGlD;4BACH3C,KAAK0E,eAAexD,OAAOwE,QAAQJ;4BACnCG,QAAQqC,WAAWtC;4BACnBmB,YAAclF,UAAUR,OAAOyE,QAAQJ;4BACvCb,gBAAgBkD;4BAChB9B,GAAGnD,QAAQ;;0BACf,KAAK;4BAAG,OAAO,EAAC;;AAEpC;AACA;AACA;YAOI+B,gBAAgBgC,gBAAgB;gBAC5B,IAAIsB,mBAAmBzD,KAAKC,QAAQ;gBACpC,IAAIkB,UAAUK,OAAOC;gBACrB,IAAIiC,OAAO9I,OAAO+I,KAAKxC;gBACvB,IAAIkC,gBAAgB;gBACpB,KAAK,IAAInI,IAAI,GAAGA,IAAIwI,KAAKvI,QAAQD,KAAK;oBAClC,IAAI0I,WAAWF,KAAKxI;oBACpB,IAAI0I,SAASC,SAASxE,mBAAmB;wBACrC,IAAI+B,UAAUD,QAAQO,QAAQkC;wBAC9B,IAAIxC,YAAY,MAAM;4BAClBA,UAAUQ,KAAKK,MAAMb;4BACrB,IAAKA,QAAQY,kBAAkB9F,aAAakF,QAAQW,eAAe0B,oBAC9DrC,QAAQY,kBAAkB9F,aAAakF,QAAQY,gBAAgByB,kBAAmB;gCACnFtC,QAAQqC,WAAWI;gCACnBP,gBAAgB;AACnB;AACJ;AACJ;AACJ;gBACD,IAAIA,eAAe;oBACflD,gBAAgBkD;AACnB;AACT;YACIlD,gBAAgBU,UAAU3E;YAC1B,OAAOiE;AACX;QACA7E,QAAA6B,UAAkBgD;;;ICzVlB,IAAA2D,UAAe;ICMR,MAAMC,uCAAuC;IAK7C,MAAMC,+BAAmD;QAC9DC,kBAAkBF;;IAMb,MAAMG,mCAAmC;IAKzC,MAAMC,oCAAoC;IAK1C,MAAMC,2BAA2B;IAEjC,MAAMC,wBAAwB;IAM9B,MAAMC,sCAAsC;IAK5C,MAAMC,sCAAsC;IAK5C,MAAMC,gBAAgB;IAKtB,MAAMC,oCAAoC;IAK1C,MAAMC,uBAAuB;QAClCC,MAAM;QACNb,SAASA;;IAGJ,MAAMc,uBAAuB,MAAM5E,KAAKC;IC1DzC,MAAO4E,qBAAqBC;QAChCC,YAAmBC,OAAsBC;YACvCC,MAAMD;YADWvJ,KAAKsJ,QAALA;YAAsBtJ,KAAiBuJ,oBAAjBA;YAEvCrK,OAAOuK,eAAezJ,MAAMmJ,aAAahK;AAC1C;QAEDuK,oBAAmBJ,OACjBA,OAAKC,mBACLA;YAKA,OAAO,IAAIJ,aAAaG,OAAOC;AAChC;;IAOG,MAAOI,4BAA4BR;QACvCE,YACEC,OACAC,mBACOK,OACAC,WAAgB;YAEvBL,MAAMF,OAAOC;YAHNvJ,KAAK4J,QAALA;YACA5J,KAAQ6J,WAARA;YAIP3K,OAAOuK,eAAezJ,MAAM2J,oBAAoBxK;AACjD;;IAOG,MAAO2K,qBAAqBX;QAChCE;YACEG,MAAM,WAAW;YAEjBtK,OAAOuK,eAAezJ,MAAM8J,aAAa3K;AAC1C;;IAMG,MAAO4K,0BAA0BD;QACrCT,YAAmBW;YACjBR;YADiBxJ,KAAKgK,QAALA;YAGjB9K,OAAOuK,eAAezJ,MAAM+J,kBAAkB5K;AAC/C;;IAGG,MAAO8K,4BAA4Bd;QACvCE,YAAmBW;YACjBR,MAAM,aAAa;YADFxJ,KAAKgK,QAALA;YAGjB9K,OAAOuK,eAAezJ,MAAMiK,oBAAoB9K;AACjD;;IAMG,MAAO+K,yBAAyBf;QACpCE,YACEC,OACAC,mBACOY;YAEPX,MAAMF,OAAOC;YAFNvJ,KAASmK,YAATA;YAIPjL,OAAOuK,eAAezJ,MAAMkK,iBAAiB/K;AAC9C;;IAMG,MAAOiL,iCAAiCjB;QAC5CE,YAAmBgB,UAAyBC;YAC1Cd,MACE,yBACA,qCAAqCe,mBAAmBF,UAAU,EAChE,0BACcE,mBAAmBD;YALpBtK,KAAQqK,WAARA;YAAyBrK,KAAKsK,QAALA;YAO1CpL,OAAOuK,eAAezJ,MAAMoK,yBAAyBjL;AACtD;;IASH,SAASoL,mBAAmB1K,OAAe2K,UAAoB;QAC7D,OAAO3K,UAAU2K,QAAQrC,SAAStI,SAASA,QAAQ;AACrD;IC5FO,MAAM4K,4BACXC;QAEA,IAAIA,YAAYpL,QAAQ,QAAQ,GAAG;YACjCoL,cAAcA,YAAYC,UAAU,GAAGD,YAAYpL,QAAQ;AAC5D;QAED,MAAMsL,eAAe,IAAIC,gBAAgBH;QAEzC,OAAO;YACLd,OAAOgB,aAAarK,IAAI;YACxBuK,MAAMF,aAAarK,IAAI,WAAWC;YAClC8I,OAAOsB,aAAarK,IAAI,YAAYC;YACpC+I,mBAAmBqB,aAAarK,IAAI,wBAAwBC;;AAC7D;IAGI,MAAMuK,YAAY,CACvBC,cACAC,aACA1C,mBAA2BF,yCAEpB,IAAIvH,SAA8B,CAACoK,KAAKC;QAC7C,MAAMC,SAAStF,OAAOuF,SAASC,cAAc;QAE7CF,OAAOG,aAAa,SAAS;QAC7BH,OAAOG,aAAa,UAAU;QAC9BH,OAAOI,MAAMC,UAAU;QAEvB,MAAMC,eAAe;YACnB,IAAI5F,OAAOuF,SAAS7I,KAAKmJ,SAASP,SAAS;gBACzCtF,OAAOuF,SAAS7I,KAAKoJ,YAAYR;gBACjCtF,OAAOmB,oBAAoB,WAAW4E,oBAAoB;AAC3D;AAAA;QAGH,IAAIA;QAEJ,MAAMC,sBAAsBzK,YAAW;YACrC8J,IAAI,IAAIrB;YACR4B;AAAc,YACbnD,mBAAmB;QAEtBsD,qBAAqB,SAAU9M;YAC7B,IAAIA,EAAEgN,UAAUd,aAAa;YAC7B,KAAKlM,EAAEiN,QAAQjN,EAAEiN,KAAKC,SAAS,0BAA0B;YAEzD,MAAMC,cAAcnN,EAAEoN;YAEtB,IAAID,aAAa;gBACdA,YAAoBE;AACtB;YAEDrN,EAAEiN,KAAKK,SAAS/C,QACZ6B,IAAIhC,aAAamD,YAAYvN,EAAEiN,KAAKK,aACpCnB,IAAInM,EAAEiN,KAAKK;YAEflF,aAAa2E;YACbhG,OAAOmB,oBAAoB,WAAW4E,oBAAoB;YAI1DxK,WAAWqK,cAAcjD,oCAAoC;AAC/D;QAEA3C,OAAOwB,iBAAiB,WAAWuE,oBAAoB;QACvD/F,OAAOuF,SAAS7I,KAAK+J,YAAYnB;QACjCA,OAAOG,aAAa,OAAOP;AAAa;IAIrC,MAAMwB,YAAaC;QACxB,MAAMC,QAAQ;QACd,MAAMC,SAAS;QACf,MAAMC,OAAO9G,OAAO+G,WAAW/G,OAAOgH,aAAaJ,SAAS;QAC5D,MAAMK,MAAMjH,OAAOkH,WAAWlH,OAAOmH,cAAcN,UAAU;QAE7D,OAAO7G,OAAOoH,KACZT,KACA,yBACA,QAAQG,YAAYG,aAAaL,gBAAgBC;AAClD;IAGI,MAAMQ,WAAYC,UAChB,IAAItM,SAA8B,CAACC,SAASC;QACjD,IAAIqM;QAGJ,MAAMC,aAAaC,aAAY;YAC7B,IAAIH,OAAOpD,SAASoD,OAAOpD,MAAMwD,QAAQ;gBACvCC,cAAcH;gBACdnG,aAAauG;gBACb5H,OAAOmB,oBAAoB,WAAWoG,oBAAoB;gBAC1DrM,OAAO,IAAIiJ,oBAAoBmD,OAAOpD;AACvC;AAAA,YACA;QAEH,MAAM0D,YAAYrM,YAAW;YAC3BoM,cAAcH;YACdtM,OAAO,IAAI+I,kBAAkBqD,OAAOpD;YACpClE,OAAOmB,oBAAoB,WAAWoG,oBAAoB;AAAM,aAC9DD,OAAO7E,oBAAoBF,wCAAwC;QAEvEgF,qBAAqB,SAAUtO;YAC7B,KAAKA,EAAEiN,QAAQjN,EAAEiN,KAAKC,SAAS,0BAA0B;gBACvD;AACD;YAED9E,aAAauG;YACbD,cAAcH;YACdxH,OAAOmB,oBAAoB,WAAWoG,oBAAoB;YAC1DD,OAAOpD,MAAMoC;YAEb,IAAIrN,EAAEiN,KAAKK,SAAS/C,OAAO;gBACzB,OAAOtI,OAAOmI,aAAamD,YAAYvN,EAAEiN,KAAKK;AAC/C;YAEDtL,QAAQhC,EAAEiN,KAAKK;AACjB;QAEAvG,OAAOwB,iBAAiB,WAAW+F;AAAmB;IAInD,MAAMM,YAAY,MAChB7H,OAAO8H;IAGT,MAAMC,qBAAqB;QAChC,MAAMC,UACJ;QACF,IAAI1J,SAAS;QACb,MAAM2J,eAAeC,MAAMC,KACzBN,YAAYO,gBAAgB,IAAIC,WAAW;QAE7CJ,aAAalG,SAAQtE,KAAMa,UAAU0J,QAAQvK,IAAIuK,QAAQrO;QACzD,OAAO2E;AAAM;IAGR,MAAMgK,SAAUvO,SAAkBwO,KAAKxO;IAG9C,MAAMyO,iBAAkBC,UACfrP,OAAO+I,KAAKsG,QAChB7G,QAAO8G,YAAYD,OAAOC,OAAO,cACjCC,QAAO,CAACC,KAAKtO,QAAQlB,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAAMD,MAAG;QAAEtO,CAACA,MAAMmO,OAAOnO;SAAS,CAAA;IAGrD,MAAMwO,oBAAqB/I;aAAEgJ,UAAUC,aAASjJ,IAAK0I,SAAM1P,OAAAgH,IAAhC;QAChC,OAAO,IAAIgF,gBACTyD,eAAiBpP,OAAAyP,OAAA;YAAAG;WAAcP,UAC/B/J;AAAU;IAGP,MAAMuK,SAASC,MAAOlQ;QAC3B,MAAMmQ,WAAgBtB,YAAYuB,OAAOC,OACvC;YAAElG,MAAM;YACR,IAAImG,aAAchB,OAAOtP;QAG3B,aAAamQ;AAAQ;IAGvB,MAAMI,eAAgBC;QACpB,MAAMC,WAAwC;YAAE,KAAK;YAAK,KAAK;YAAK,KAAK;;QACzE,OAAOD,MAAME,QAAQ,WAAWC,KAAcF,SAASE;AAAG;IAI5D,MAAMC,YAAaJ,SACjBK,mBACEC,KAAKN,OACFO,MAAM,IACNC,KAAIC,KACI,OAAO,OAAOA,EAAEC,WAAW,GAAGxL,SAAS,KAAKoD,OAAO,KAE3DqI,KAAK;IAGL,MAAMC,eAAgBZ,SAC3BI,UAAUJ,MAAME,QAAQ,MAAM,KAAKA,QAAQ,MAAM;IAE5C,MAAMW,2BAA4Bb;QACvC,MAAMc,gBAAgB,IAAIjC,WAAWmB;QACrC,OAAOD,aACLvJ,OAAOuI,KAAKgC,OAAOC,gBAAgBtC,MAAMC,KAAKmC;AAC/C;IAGI,MAAMG,iBAAiB;QAC5B,KAAK5C,aAAa;YAChB,MAAM,IAAIvE,MACR;AAEH;QACD,WAAWuE,YAAYuB,WAAW,aAAa;YAC7C,MAAM,IAAI9F,MAAM;AAGjB;AAAA;IAMI,MAAMoH,YAAaC;QACxB,KAAK,eAAeC,KAAKD,YAAY;YACnC,OAAO,WAAWA;AACnB;QAED,OAAOA;AAAS;IAMX,MAAME,iBAAiB,CAC5BC,QACAH;QAEA,IAAIG,QAAQ;YACV,OAAOA,OAAOC,WAAW,cAAcD,SAAS,WAAWA;AAC5D;QAED,OAAO,GAAGH;AAAY;IAGjB,MAAMK,cAAejR;QAC1B,WAAWA,UAAU,UAAU;YAC7B,OAAOA;AACR;QACD,OAAOkR,SAASlR,OAAO,OAAOW;AAAS;IC/OlC,MAAMwQ,cAAc,CAACC,SAAoCC,OAC9D,IAAIpQ,SAAQ,SAAUC,SAASC;QAC7B,MAAMmQ,iBAAiB,IAAIC;QAE3BD,eAAeE,MAAMC,YAAY,SAAUC;YAEzC,IAAIA,MAAMvF,KAAK1C,OAAO;gBACpBtI,OAAO,IAAIoI,MAAMmI,MAAMvF,KAAK1C;AAC7B,mBAAM;gBACLvI,QAAQwQ,MAAMvF;AACf;YACDmF,eAAeE,MAAMjF;AACvB;QAEA8E,GAAGM,YAAYP,SAAS,EAACE,eAAeM;AAC1C;ICbK,MAAMC,wBAAwB,MAAM,IAAIC;IAE/C,MAAMC,UAAU5C,OAAO6C,UAAkBC;QACvC,MAAMzF,iBAAiB0F,MAAMF,UAAUC;QAEvC,OAAO;YACLE,IAAI3F,SAAS2F;YACbC,YAAY5F,SAAS4F;;AACtB;IAGH,MAAMC,qBAAqBlD,OACzB6C,UACAC,cACAzM;QAEA,MAAM8M,aAAaT;QACnBI,aAAaM,SAASD,WAAWC;QAEjC,IAAI1E;QAGJ,OAAO5M,QAAQuR,KAAK,EAClBT,QAAQC,UAAUC,eAElB,IAAIhR,SAAQ,CAAC2B,GAAGzB;YACd0M,YAAYrM,YAAW;gBACrB8Q,WAAWG;gBACXtR,OAAO,IAAIoI,MAAM;AAAkC,gBAClD/D;AAAQ,eAEZkN,SAAQ;YACTpL,aAAauG;AAAU;AACvB;IAGJ,MAAM8E,kBAAkBxD,OACtB6C,UACAxH,UACAC,OACAwH,cACAzM,SACAoN,QACAC,gBAEO1B,YACL;QACE2B,MAAM;YACJtI;YACAC;;QAEFjF;QACAwM;QACAC;QACAY;OAEFD;IAIG,MAAMG,cAAc5D,OACzB6C,UACAxH,UACAC,OACAwH,cACAW,QACAC,aACArN,UAAUqD;QAEV,IAAI+J,QAAQ;YACV,OAAOD,gBACLX,UACAxH,UACAC,OACAwH,cACAzM,SACAoN,QACAC;AAEH,eAAM;YACL,OAAOR,mBAAmBL,UAAUC,cAAczM;AACnD;AAAA;IAGI2J,eAAe6D,QACpBpG,KACApH,SACAgF,UACAC,OACAwI,SACAL,QACAC;QAEA,IAAIK,aAA2B;QAC/B,IAAI1G;QAEJ,KAAK,IAAI7M,IAAI,GAAGA,IAAIgJ,kCAAkChJ,KAAK;YACzD;gBACE6M,iBAAiBuG,YACfnG,KACApC,UACAC,OACAwI,SACAL,QACAC,aACArN;gBAEF0N,aAAa;gBACb;AAOD,cANC,OAAOhU;gBAKPgU,aAAahU;AACd;AACF;QAED,IAAIgU,YAAY;YACd,MAAMA;AACP;QAED,MACElN,KAEEwG,SAAQ4F,OAFV3I,OAAQA,OAAKC,mBAAEA,qBAAiB1D,IAAKmG,OAAInN,OAAAgH,IAAnC,oCADFmM,IAEJA,MACE3F;QAEJ,KAAK2F,IAAI;YACP,MAAMgB,eACJzJ,qBAAqB,+BAA+BkD;YAEtD,IAAInD,UAAU,gBAAgB;gBAC5B,MAAM,IAAIY,iBAAiBZ,OAAO0J,cAAchH,KAAK7B;AACtD;YAED,MAAM,IAAIhB,aAAaG,SAAS,iBAAiB0J;AAClD;QAED,OAAOhH;AACT;IC/IOgD,eAAeiE,WACpBpN,IASA4M;QATA,KAAAS,SACEA,SAAO7N,SACPA,SAAOgF,UACPA,UAAQC,OACRA,OAAK6I,aACLA,aAAWT,aACXA,eAEqB7M,IADlBiN,UAAOjU,OAAAgH,IAPZ;QAWA,MAAMrD,OAAOkQ,cACT9D,kBAAkBkE,WAClB5M,KAAKC,UAAU2M;QAEnB,aAAaD,QACX,GAAGK,uBACH7N,SACAgF,YAAY,WACZC,OACA;YACE8I,QAAQ;YACR5Q;YACA6Q,SAAS;gBACP,gBAAgBX,cACZ,sCACA;gBACJ,gBAAgBrE,KACdnI,KAAKC,UAAUgN,eAAenK;;WAIpCyJ,QACAC;AAEJ;ICtCA,MAAMY,SAAUC,OAAkBvF,MAAMC,KAAK,IAAItJ,IAAI4O;IAK9C,MAAMC,kBAAkB,IAAIC,WAC1BH,OAAOG,OAAO/L,OAAOgM,SAASzD,KAAK,KAAK0D,OAAO9D,MAAM,QAAQI,KAAK;ICPpE,MAAM2D,mBAAmB;IACzB,MAAMC,4BAA4B;UAQ5BC;QAKXzK,YACE2C,MACO+H,SAAiBH,kBACjBI;YADAhU,KAAM+T,SAANA;YACA/T,KAAMgU,SAANA;YAEPhU,KAAK6O,WAAW7C,KAAK6C;YACrB7O,KAAKsK,QAAQ0B,KAAK1B;YAClBtK,KAAKqK,WAAW2B,KAAK3B;AACtB;QAMD4J;YACE,OAAO,EAACjU,KAAK+T,QAAQ/T,KAAK6O,UAAU7O,KAAKqK,UAAUrK,KAAKsK,OAAOtK,KAAKgU,SACjEtM,OAAOgM,SACPzD,KAAK;AACT;QAODvG,eAAetJ;YACb,OAAO2T,QAAQlF,UAAUxE,UAAUC,SAASlK,IAAIyP,MAAM;YAEtD,OAAO,IAAIiE,SAAS;gBAAEjF;gBAAUvE;gBAAOD;eAAY0J;AACpD;QAODrK,sBAAsBwK;YACpB,OAAM5J,OAAEA,OAAKD,UAAEA,UAAUyE,WAAWD,YAAaqF;YAEjD,OAAO,IAAIJ,SAAS;gBAClBxJ;gBACAD;gBACAwE;;AAEH;;UC1DUsF;QACJ1T,IAAmBL,KAAa8T;YACrCnO,aAAaE,QAAQ7F,KAAK8F,KAAKC,UAAU+N;AAC1C;QAEM3T,IAAmBH;YACxB,MAAM6R,OAAOnM,OAAOC,aAAaC,QAAQ5F;YAEzC,KAAK6R,MAAM;YAEX;gBACE,MAAMmC,UAAUlO,KAAKK,MAAM0L;gBAC3B,OAAOmC;AAIR,cAFC,OAAOrV;gBACP;AACD;AACF;QAEMsV,OAAOjU;YACZ2F,aAAa+B,WAAW1H;AACzB;QAEMkU;YACL,OAAOpV,OAAO+I,KAAKnC,OAAOC,cAAc2B,QAAOtH,OAC7CA,IAAIyQ,WAAW+C;AAElB;;UC3BUW;QAAblL;YACSrJ,KAAAwU,gBAAwB;gBAC7B,IAAIC,QAAiC,CAAA;gBAErC,OAAO;oBACLhU,IAAmBL,KAAa8T;wBAC9BO,MAAMrU,OAAO8T;AACd;oBAED3T,IAAmBH;wBACjB,MAAMsU,aAAaD,MAAMrU;wBAEzB,KAAKsU,YAAY;4BACf;AACD;wBAED,OAAOA;AACR;oBAEDL,OAAOjU;+BACEqU,MAAMrU;AACd;oBAEDkU;wBACE,OAAOpV,OAAO+I,KAAKwM;AACpB;;AAEJ,aA1B8B;AA2BhC;;IChBD,MAAME,oCAAoC;UAE7BC;QAGXvL,YACUoL,OACAI,aACRC;YAFQ9U,KAAKyU,QAALA;YACAzU,KAAW6U,cAAXA;YAGR7U,KAAK8U,cAAcA,eAAe5L;AACnC;QAED8F,iBACEH,UACAkG,SACAC;;YAEA,MAAMC,WAAWjV,KAAKkV,mBAAmBrG;kBACnC7O,KAAKyU,MAAMhU,IAAIwU,UAAU;gBAC7BE,UAAUJ;gBACVC;;oBAEInP,KAAA7F,KAAK6U,iBAAa,QAAAhP,YAAA,SAAA,IAAAA,GAAAW,IAAIyO;AAC7B;QAEDjG,iBAAiBiG;YACf,MAAMf,cAAclU,KAAKyU,MAAMlU,IAC7BP,KAAKkV,mBAAmBD,SAASpG;YAGnC,KAAKqF,SAASe,SAAS3K,SAAS2K,SAAS5K,UAAU;gBACjD,MAAM+K,qBAAqBpV,KAAKO,IAAI0U;gBAEpC,KAAKG,cAAc;oBACjB;AACD;gBAED,KAAKA,aAAaD,aAAaC,aAAaJ,cAAc;oBACxD;AACD;gBAED,OAAO;oBACLG,UAAUC,aAAaD;oBACvBH,cAAcI,aAAaJ;;AAE9B;YAED,KAAKd,OAAO;gBACV;AACD;YAED,OAAO;gBAAEiB,UAAUjB,MAAMiB;gBAAUH,cAAcd,MAAMc;;AACxD;QAEDhG,UACEiG,UACAI,0BAA0BV;;YAE1B,IAAIW,qBAAqBtV,KAAKyU,MAAMlU,IAClC0U,SAAShB;YAGX,KAAKqB,cAAc;gBACjB,MAAMrN,aAAajI,KAAKuV;gBAExB,KAAKtN,MAAM;gBAEX,MAAMuN,aAAaxV,KAAKyV,sBAAsBR,UAAUhN;gBAExD,IAAIuN,YAAY;oBACdF,qBAAqBtV,KAAKyU,MAAMlU,IAAuBiV;AACxD;AACF;YAGD,KAAKF,cAAc;gBACjB;AACD;YAED,MAAM/Q,YAAYvE,KAAK8U;YACvB,MAAMY,aAAaxR,KAAKC,MAAMI,MAAM;YAEpC,IAAI+Q,aAAaK,YAAYN,0BAA0BK,YAAY;gBACjE,IAAIJ,aAAa9S,KAAKoT,eAAe;oBACnCN,aAAa9S,OAAO;wBAClBoT,eAAeN,aAAa9S,KAAKoT;;0BAG7B5V,KAAKyU,MAAMhU,IAAIwU,SAAShB,SAASqB;oBACvC,OAAOA,aAAa9S;AACrB;sBAEKxC,KAAKyU,MAAMJ,OAAOY,SAAShB;wBAC3BpO,KAAA7F,KAAK6U,iBAAa,QAAAhP,YAAA,SAAA,IAAAA,GAAAwO,OAAOY,SAAShB;gBAExC;AACD;YAED,OAAOqB,aAAa9S;AACrB;QAEDwM,UAAUkF;;YACR,MAAMe,WAAW,IAAInB,SAAS;gBAC5BjF,UAAUqF,MAAMpF;gBAChBxE,OAAO4J,MAAM5J;gBACbD,UAAU6J,MAAM7J;;YAGlB,MAAMiL,qBAAqBtV,KAAK6V,eAAe3B;kBAEzClU,KAAKyU,MAAMhU,IAAIwU,SAAShB,SAASqB;oBACjCzP,KAAA7F,KAAK6U,iBAAa,QAAAhP,YAAA,SAAA,IAAAA,GAAAW,IAAIyO,SAAShB;AACtC;QAEDjF,YAAYH;;YACV,MAAM5G,aAAajI,KAAKuV;YAGxB,KAAKtN,MAAM;kBAELA,KACHP,QAAOtH,OAAQyO,WAAWzO,IAAI+H,SAAS0G,YAAY,OACnDJ,QAAOO,OAAO8G,MAAM1V;sBACb0V;sBACA9V,KAAKyU,MAAMJ,OAAOjU;AAAI,gBAC3BU,QAAQC;yBAEPf,KAAK6U,iBAAa,QAAAhP,YAAA,SAAA,IAAAA,GAAAkQ;AACzB;QAEO/G,qBAAqBkF;YAC3B,MAAM3P,YAAYvE,KAAK8U;YACvB,MAAMkB,gBAAgB9R,KAAKC,MAAMI,MAAM,OAAQ2P,MAAM+B;YAErD,OAAO;gBACLzT,MAAM0R;gBACNyB,WAAWK;;AAEd;QAEOhH;;YACN,IAAIhP,KAAK6U,aAAa;gBACpB,QAAOhP,WAAO7F,KAAK6U,YAAYtU,WAAQ,QAAAsF,YAAA,SAAA,IAAAA,GAAAoC;AACxC,mBAAM,IAAIjI,KAAKyU,MAAMH,SAAS;gBAC7B,OAAOtU,KAAKyU,MAAMH;AACnB;AACF;QAOOY,mBAAmBrG;YACzB,OAAO,IAAIiF,SACT;gBAAEjF;eACF+E,kBACAC,2BACAI;AACH;QAcOwB,sBAAsBS,YAAsB5B;YAClD,OAAOA,QAAQ5M,QAAOtH;;gBACpB,MAAM6U,WAAWnB,SAASqC,QAAQ/V;gBAClC,MAAMgW,WAAW,IAAIzR,IAAIsQ,SAAS3K,SAAS2K,SAAS3K,MAAMuF,MAAM;gBAChE,MAAMwG,kBAAgBxQ,KAAAqQ,WAAW5L,WAAO,QAAAzE,YAAA,SAAA,IAAAA,GAAAgK,MAAM,SAAQ;gBAEtD,MAAMyG,eACJrB,SAAS3K,SACT+L,cAAc5H,QACZ,CAACC,KAAK6H,YAAY7H,OAAO0H,SAASxV,IAAI2V,WACtC;gBAGJ,OACEtB,SAASlB,WAAWH,oBACpBqB,SAASpG,aAAaqH,WAAWrH,YACjCoG,SAAS5K,aAAa6L,WAAW7L,YACjCiM;AACA,gBACD;AACJ;;IC9MH,MAAME,iCAAiC;UAa1BC;QAIXpN,YAAoBqN,SAAgC7H;YAAhC7O,KAAO0W,UAAPA;YAAgC1W,KAAQ6O,WAARA;YAClD7O,KAAK0G,aAAa,GAAG8P,kCAAkCxW,KAAK6O;YAC5D7O,KAAK2W,cAAc3W,KAAK0W,QAAQnW,IAAIP,KAAK0G;AAC1C;QAEMkQ,OAAOD;YACZ3W,KAAK2W,cAAcA;YAEnB3W,KAAK0W,QAAQG,KAAK7W,KAAK0G,YAAYiQ,aAAa;gBAC9CG,iBAAiB;;AAEpB;QAEMvW;YACL,OAAOP,KAAK2W;AACb;QAEMtC;mBACErU,KAAK2W;YACZ3W,KAAK0W,QAAQrC,OAAOrU,KAAK0G;AAC1B;;ICpCH,MAAMqQ,WAAYzT,YAAkBA,MAAM;IAE1C,MAAM0T,iBAAiB,EACrB,OACA,OACA,OACA,OACA,OACA,OACA,OACA,SACA,aACA,WACA,UACA,OACA,OACA,WACA,OACA,gBACA,YACA,cACA,gBACA,kBACA,QACA,QACA,OACA,UACA,OACA,OACA,OACA,OACA,OACA;IAGK,MAAMC,SAAUC;QACrB,MAAMC,QAAQD,MAAMrH,MAAM;QAC1B,OAAOuH,QAAQhD,SAASiD,aAAaF;QAErC,IAAIA,MAAM1X,WAAW,MAAM2X,WAAWhD,YAAYiD,WAAW;YAC3D,MAAM,IAAIjO,MAAM;AACjB;QACD,MAAMkO,cAAcpR,KAAKK,MAAM2J,aAAakE;QAC5C,MAAMmD,SAAkB;YAAEC,OAAON;;QACjC,MAAMO,OAAY,CAAA;QAClBvY,OAAO+I,KAAKqP,aAAazP,SAAQ2G;YAC/B+I,OAAO/I,KAAK8I,YAAY9I;YACxB,KAAKwI,eAAe7O,SAASqG,IAAI;gBAC/BiJ,KAAKjJ,KAAK8I,YAAY9I;AACvB;AAAA;QAEH,OAAO;YACLkJ,SAAS;gBAAEN;gBAAQhD;gBAASiD;;YAC5BD,QAAQlR,KAAKK,MAAM2J,aAAakH;YAChCG;YACAE;;AACD;IAGI,MAAME,SAAU7E;QACrB,KAAKA,QAAQqC,UAAU;YACrB,MAAM,IAAI/L,MAAM;AACjB;QAED,MAAMwO,UAAUX,OAAOnE,QAAQqC;QAE/B,KAAKyC,QAAQL,OAAOM,KAAK;YACvB,MAAM,IAAIzO,MACR;AAEH;QAED,IAAIwO,QAAQL,OAAOM,QAAQ/E,QAAQ+E,KAAK;YACtC,MAAM,IAAIzO,MACR,0DAA0D0J,QAAQ+E,gBAAgBD,QAAQL,OAAOM;AAEpG;QAED,KAAKD,QAAQH,KAAKK,KAAK;YACrB,MAAM,IAAI1O,MACR;AAEH;QAED,IAAIwO,QAAQR,OAAOW,QAAQ,SAAS;YAClC,MAAM,IAAI3O,MACR,2BAA2BwO,QAAQR,OAAOW;AAE7C;QAED,KACGH,QAAQL,OAAOS,gBAEPJ,QAAQL,OAAOS,QAAQ,YAC9BhK,MAAMiK,QAAQL,QAAQL,OAAOS,OAE/B;YACA,MAAM,IAAI5O,MACR;AAEH;QACD,IAAI4E,MAAMiK,QAAQL,QAAQL,OAAOS,MAAM;YACrC,KAAKJ,QAAQL,OAAOS,IAAI7P,SAAS2K,QAAQkF,MAAM;gBAC7C,MAAM,IAAI5O,MACR,4DACE0J,QAAQkF,4BACeJ,QAAQL,OAAOS,IAAI/H,KAAK;AAEpD;YACD,IAAI2H,QAAQL,OAAOS,IAAIvY,SAAS,GAAG;gBACjC,KAAKmY,QAAQL,OAAOW,KAAK;oBACvB,MAAM,IAAI9O,MACR;AAEH;gBACD,IAAIwO,QAAQL,OAAOW,QAAQpF,QAAQkF,KAAK;oBACtC,MAAM,IAAI5O,MACR,oEAAoE0J,QAAQkF,gBAAgBJ,QAAQL,OAAOW;AAE9G;AACF;AACF,eAAM,IAAIN,QAAQL,OAAOS,QAAQlF,QAAQkF,KAAK;YAC7C,MAAM,IAAI5O,MACR,4DAA4D0J,QAAQkF,mBAAmBJ,QAAQL,OAAOS;AAEzG;QACD,IAAIlF,QAAQqF,OAAO;YACjB,KAAKP,QAAQL,OAAOY,OAAO;gBACzB,MAAM,IAAI/O,MACR;AAEH;YACD,IAAIwO,QAAQL,OAAOY,UAAUrF,QAAQqF,OAAO;gBAC1C,MAAM,IAAI/O,MACR,2DAA2D0J,QAAQqF,kBAAkBP,QAAQL,OAAOY;AAEvG;AACF;QAED,IAAIrF,QAAQsF,YAAYrB,SAASa,QAAQL,OAAOc,YAAY;YAC1D,MAAM,IAAIjP,MACR;AAEH;QAGD,IAAIwO,QAAQL,OAAOe,OAAO,SAASvB,SAASa,QAAQL,OAAOe,MAAM;YAC/D,MAAM,IAAIlP,MACR;AAEH;QACD,KAAK2N,SAASa,QAAQL,OAAOjS,MAAM;YACjC,MAAM,IAAI8D,MACR;AAEH;QAED,MAAMmP,SAASzF,QAAQyF,UAAU;QACjC,MAAMhU,MAAM,IAAID,KAAKwO,QAAQvO,OAAOD,KAAKC;QACzC,MAAMiU,UAAU,IAAIlU,KAAK;QAEzBkU,QAAQC,cAAcb,QAAQL,OAAOe,MAAMC;QAE3C,IAAIhU,MAAMiU,SAAS;YACjB,MAAM,IAAIpP,MACR,oEAAoE7E,kCAAkCiU;AAEzG;QAED,IAAIZ,QAAQL,OAAOmB,OAAO,QAAQ3B,SAASa,QAAQL,OAAOmB,MAAM;YAC9D,MAAMC,UAAU,IAAIrU,KAAK;YACzBqU,QAAQF,cAAcb,QAAQL,OAAOmB,MAAMH;YAC3C,IAAIhU,MAAMoU,SAAS;gBACjB,MAAM,IAAIvP,MACR,+GAA+G7E,kBAAkBoU;AAEpI;AACF;QAED,IAAIf,QAAQL,OAAOc,aAAa,QAAQtB,SAASa,QAAQL,OAAOc,YAAY;YAC1E,MAAMO,eAAe,IAAItU,KAAK;YAC9BsU,aAAaH,cACX1H,SAAS6G,QAAQL,OAAOc,aAAcvF,QAAQsF,UAAqBG;YAGrE,IAAIhU,MAAMqU,cAAc;gBACtB,MAAM,IAAIxP,MACR,uJAAuJ7E,8BAA8BqU;AAExL;AACF;QAED,IAAI9F,QAAQ+F,gBAAgB;YAC1B,KAAKjB,QAAQL,OAAOuB,QAAQ;gBAC1B,MAAM,IAAI1P,MACR;AAEH,mBAAM,IAAI0J,QAAQ+F,mBAAmBjB,QAAQL,OAAOuB,QAAQ;gBAC3D,MAAM,IAAI1P,MACR,sEAAsE0J,QAAQ+F,2BAA2BjB,QAAQL,OAAOuB;AAE3H;AACF;QAED,OAAOlB;AAAO;;QC9MhB,IAAImB,WAAY/Y,kBAAQA,eAAK+Y,YAAa;YACtCA,WAAW7Z,OAAOyP,UAAU,SAAS3P;gBACjC,KAAK,IAAIF,GAAGU,IAAI,GAAG8D,IAAI0V,UAAUvZ,QAAQD,IAAI8D,GAAG9D,KAAK;oBACjDV,IAAIka,UAAUxZ;oBACd,KAAK,IAAIP,KAAKH,GAAG,IAAII,OAAOC,UAAUC,eAAeC,KAAKP,GAAGG,IACzDD,EAAEC,KAAKH,EAAEG;AAChB;gBACD,OAAOD;AACf;YACI,OAAO+Z,SAASzW,MAAMtC,MAAMgZ;AAChC;QACApZ,QAAkBqZ,aAAG;QACrB,SAASC,mBAAmBjQ,MAAMpJ;YAC9B,KAAKA,OAAO;gBACR,OAAO;AACV;YACD,IAAIsZ,cAAc,OAAOlQ;YACzB,IAAIpJ,UAAU,MAAM;gBAChB,OAAOsZ;AACV;YACD,OAAOA,cAAc,MAAMtZ;AAC/B;QACA,SAASuZ,oBAAoBC;YACzB,WAAWA,WAAWC,YAAY,UAAU;gBACxC,IAAIA,UAAU,IAAIhV;gBAClBgV,QAAQC,gBAAgBD,QAAQE,oBAAoBH,WAAWC,UAAU;gBACzED,WAAWC,UAAUA;AACxB;YACD,OAAOJ,mBAAmB,WAAWG,WAAWC,UAAUD,WAAWC,QAAQG,gBAAgB,MACvFP,mBAAmB,UAAUG,WAAWK,UACxCR,mBAAmB,QAAQG,WAAWM,QACtCT,mBAAmB,UAAUG,WAAWO,UACxCV,mBAAmB,YAAYG,WAAWQ;AACpD;QACA,SAASzL,OAAOnF,MAAMpJ,OAAOwZ;YACzB,OAAOS,mBAAmB7Q,MACrBuG,QAAQ,4BAA4BG,oBACpCH,QAAQ,OAAO,OAAOA,QAAQ,OAAO,SACpC,MAAMsK,mBAAmBja,OAE1B2P,QAAQ,6DAA6DG,sBACpEyJ,oBAAoBC;AAC9B;QACAzZ,QAAcwO,SAAGA;QACjB,SAAS7H,MAAMwT;YACX,IAAI5X,SAAS,CAAA;YACb,IAAI6X,UAAUD,eAAeA,aAAalK,MAAM,QAAQ;YACxD,IAAIoK,UAAU;YACd,KAAK,IAAIza,IAAI,GAAGA,IAAIwa,QAAQva,QAAQD,KAAK;gBACrC,IAAI2X,QAAQ6C,QAAQxa,GAAGqQ,MAAM;gBAC7B,IAAIqK,SAAS/C,MAAMvP,MAAM,GAAGqI,KAAK;gBACjC,IAAIiK,OAAOC,OAAO,OAAO,KAAK;oBAC1BD,SAASA,OAAOtS,MAAM,IAAI;AAC7B;gBACD;oBACI,IAAIwS,SAASjD,MAAM,GAAG3H,QAAQyK,SAAStK;oBACvCxN,OAAOiY,UAAUF,OAAO1K,QAAQyK,SAAStK;AAI5C,kBAFD,OAAO5Q,IAEN;AACJ;YACD,OAAOoD;AACX;QACAvC,QAAa2G,QAAGA;QAChB,SAAS8T;YACL,OAAO9T,MAAM8E,SAAS6O;AAC1B;QACAta,QAAcya,SAAGA;QACjB,SAAS9Z,IAAI0I;YACT,OAAOoR,SAASpR;AACpB;QACArJ,QAAWW,MAAGA;QACd,SAASE,IAAIwI,MAAMpJ,OAAOwZ;YACtBhO,SAAS6O,SAAS9L,OAAOnF,MAAMpJ,OAAOkZ,SAAS;gBAAEY,MAAM;eAAON;AAClE;QACAzZ,QAAWa,MAAGA;QACd,SAAS4T,OAAOpL,MAAMoQ;YAClB5Y,IAAIwI,MAAM,IAAI8P,SAASA,SAAS,CAAA,GAAIM,aAAa;gBAAEC,UAAU;;AACjE;QACA1Z,QAAAyU,SAAiBA;;;;;;;;;IC9DV,MAAMiG,gBAAgB;QAC3B/Z,IAAsBH;YACpB,MAAMP,QAAQ0a,WAAYna;YAE1B,WAAWP,UAAU,aAAa;gBAChC;AACD;YAED,OAAUqG,KAAKK,MAAM1G;AACtB;QAEDgX,KAAKzW,KAAaP,OAAYiT;YAC5B,IAAI0H,mBAA6C,CAAA;YAEjD,IAAI,aAAa1U,OAAO2U,SAASC,UAAU;gBACzCF,mBAAmB;oBACjBZ,QAAQ;oBACRC,UAAU;;AAEb;YAED,IAAI/G,YAAA,QAAAA,8BAAAA,QAASgE,iBAAiB;gBAC5B0D,iBAAiBlB,UAAUxG,QAAQgE;AACpC;YAED,IAAIhE,YAAA,QAAAA,8BAAAA,QAAS6H,cAAc;gBACzBH,iBAAiBd,SAAS5G,QAAQ6H;AACnC;YAEDC,WAAYxa,KAAK8F,KAAKC,UAAUtG,QAAQ2a;AACzC;QAEDnG,OAAOjU,KAAa0S;YAClB,IAAI0H,mBAA6C,CAAA;YAEjD,IAAI1H,YAAA,QAAAA,8BAAAA,QAAS6H,cAAc;gBACzBH,iBAAiBd,SAAS5G,QAAQ6H;AACnC;YAEDE,WAAeza,KAAKoa;AACrB;;IAMH,MAAMM,gBAAgB;IAMf,MAAMC,kCAAkC;QAC7Cxa,IAAsBH;YACpB,MAAMP,QAAQya,cAAc/Z,IAAOH;YAEnC,IAAIP,OAAO;gBACT,OAAOA;AACR;YAED,OAAOya,cAAc/Z,IAAO,GAAGua,gBAAgB1a;AAChD;QAEDyW,KAAKzW,KAAaP,OAAYiT;YAC5B,IAAI0H,mBAA6C,CAAA;YAEjD,IAAI,aAAa1U,OAAO2U,SAASC,UAAU;gBACzCF,mBAAmB;oBAAEZ,QAAQ;;AAC9B;YAED,IAAI9G,YAAA,QAAAA,8BAAAA,QAASgE,iBAAiB;gBAC5B0D,iBAAiBlB,UAAUxG,QAAQgE;AACpC;YAED,IAAIhE,YAAA,QAAAA,8BAAAA,QAAS6H,cAAc;gBACzBH,iBAAiBd,SAAS5G,QAAQ6H;AACnC;YAEDC,WACE,GAAGE,gBAAgB1a,OACnB8F,KAAKC,UAAUtG,QACf2a;YAEFF,cAAczD,KAAKzW,KAAKP,OAAOiT;AAChC;QAEDuB,OAAOjU,KAAa0S;YAClB,IAAI0H,mBAA6C,CAAA;YAEjD,IAAI1H,YAAA,QAAAA,8BAAAA,QAAS6H,cAAc;gBACzBH,iBAAiBd,SAAS5G,QAAQ6H;AACnC;YAEDE,WAAeza,KAAKoa;YACpBF,cAAcjG,OAAOjU,KAAK0S;YAC1BwH,cAAcjG,OAAO,GAAGyG,gBAAgB1a,OAAO0S;AAChD;;IAMI,MAAMkI,iBAAiB;QAC5Bza,IAAsBH;YAEpB,WAAW6a,mBAAmB,aAAa;gBACzC;AACD;YAED,MAAMpb,QAAQob,eAAejV,QAAQ5F;YAErC,IAAIP,SAAS,MAAM;gBACjB;AACD;YAED,OAAUqG,KAAKK,MAAM1G;AACtB;QAEDgX,KAAKzW,KAAaP;YAChBob,eAAehV,QAAQ7F,KAAK8F,KAAKC,UAAUtG;AAC5C;QAEDwU,OAAOjU;YACL6a,eAAenT,WAAW1H;AAC3B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IC/IH,MAAM8a,mBAAiD,CAAA;IAEhD,MAAMC,gBAAgB,CAC3BC,IACAhb;QAEA,IAAIib,UAA6BH,iBAAiB9a;QAClD,KAAKib,SAAS;YACZA,UAAUD,KAAK7I,SAAQ;uBACd2I,iBAAiB9a;gBACxBib,UAAU;AAAI;YAEhBH,iBAAiB9a,OAAOib;AACzB;QACD,OAAOA;AAAO;IAGT,MAAMC,eAAetM,OAC1BoM,IACAG,qBAAqB;QAErB,KAAK,IAAI/b,IAAI,GAAGA,IAAI+b,oBAAoB/b,KAAK;YAC3C,UAAU4b,MAAM;gBACd,OAAO;AACR;AACF;QAED,OAAO;AAAK;UCpBDI;QAGXnS,YAAoBoL,OAAuB5F;YAAvB7O,KAAKyU,QAALA;YAAuBzU,KAAQ6O,WAARA;YACzC7O,KAAKyb,cAAczb,KAAK0b,sBAAsB1b,KAAK6O;AACpD;QAEDG,UAAU5O;;YACR,MAAM6H,OAAO,IAAItD,MACfkB,WAAO7F,KAAKyU,MAAMlU,IAAsBP,KAAKyb,kBAAa,QAAA5V,YAAA,SAAA,IAAAA,GAAEoC,SAAQ;YAGtEA,KAAKzB,IAAIpG;kBAEHJ,KAAKyU,MAAMhU,IAAsBT,KAAKyb,aAAa;gBACvDxT,MAAM,KAAIA;;AAEb;QAED+G,aAAa5O;YACX,MAAM8T,cAAclU,KAAKyU,MAAMlU,IAAsBP,KAAKyb;YAE1D,IAAIvH,OAAO;gBACT,MAAMjM,OAAO,IAAItD,IAAIuP,MAAMjM;gBAC3BA,KAAK/G,OAAOd;gBAEZ,IAAI6H,KAAK0T,OAAO,GAAG;oBACjB,aAAa3b,KAAKyU,MAAMhU,IAAIT,KAAKyb,aAAa;wBAAExT,MAAM,KAAIA;;AAC3D;gBAED,aAAajI,KAAKyU,MAAMJ,OAAOrU,KAAKyb;AACrC;AACF;QAEDlb;YACE,OAAOP,KAAKyU,MAAMlU,IAAsBP,KAAKyb;AAC9C;QAED1F;YACE,OAAO/V,KAAKyU,MAAMJ,OAAOrU,KAAKyb;AAC/B;QAEOC,sBAAsB7M;YAC5B,OAAO,GAAG+E,qBAAqB/E;AAChC;;ICvCI,MAAM+M,8BAA8B;IAKpC,MAAMC,kCAAmChN,YAC9C,SAASA;IAKJ,MAAMiN,mCAAmC;IAKzC,MAAMC,iCAAkClN,YAC7C,SAASA;IAKX,MAAMmN,wBAAsD;QAC1DC,QAAQ,OAAM,IAAI1H,eAAgBC;QAClC0H,cAAc,MAAM,IAAI/H;;IAMnB,MAAMgI,eAAgB1B,YACpBuB,sBAAsBvB;IAMxB,MAAM2B,qBAAqB,CAChCC,eAGA/R,OACAgS,qBACA1S,OACAuO,OACAoE,gBACAC,cACAC,kBAEAvd,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAA;QACEG,WAAWuN,cAAcxN;OACtBwN,cAAcC,sBACdA,sBACH;QAAAhS,OAAOkJ,gBAAgBlJ,OAAOgS,oBAAoBhS;QAClDoS,eAAe;QACfD,eAAeA,iBAAiB;QAChC7S;QACAuO;QACAqE,cACEA,gBAAgBH,cAAcC,oBAAoBE;QACpDD;QACAI,uBAAuB;;IASpB,MAAMC,6BAGX9J;QAEA,OAAM+J,SAAEA,SAAOC,YAAEA,cAAmChK,SAApBiK,kBAAoBle,OAAAiU,SAA9C,EAAA,WAAA;QAEN,MAAM3Q,yCACD4a,kBAAe;YAClBF,SAASA,YAAY,SAASA,UAAUA,UAAUC;;QAGpD,OAAO3a;AAAW;ICcpB,MAAMtB,OAAO,IAAImc;UAKJC;QA2BX5T,YAAYyJ;YAZK9S,KAAAkd,aAAoB,IAAI3I,eAAgBC;YAIxCxU,KAAAmd,iBAA8C;gBAC7Db,qBAAqB;oBACnBhS,OAAOxB;;gBAETsU,0BAA0B;gBAC1B1K,aAAa;;YAq7BP1S,KAAsBqd,yBAAGrO;sBACzBnO,KAAKkE,YAAY6W;gBAEvB9V,OAAOmB,oBAAoB,YAAYjH,KAAKqd;AAAuB;YAp7BnErd,KAAK8S,UACA5T,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAAA3O,KAAKmd,iBACLrK,UACH;gBAAAwJ,qDACKtc,KAAKmd,eAAeb,sBACpBxJ,QAAQwJ;;mBAIRxW,WAAW,eAAeyK;YAEjC,IAAIuC,QAAQ2B,SAAS3B,QAAQwK,eAAe;gBAC1CC,QAAQC,KACN;AAEH;YAED,IAAIF;YACJ,IAAI7I;YAEJ,IAAI3B,QAAQ2B,OAAO;gBACjBA,QAAQ3B,QAAQ2B;AACjB,mBAAM;gBACL6I,gBAAgBxK,QAAQwK,iBAAiB3U;gBAEzC,KAAKwT,aAAamB,gBAAgB;oBAChC,MAAM,IAAIlU,MAAM,2BAA2BkU;AAC5C;gBAED7I,QAAQ0H,aAAamB,cAAbnB;AACT;YAEDnc,KAAKyd,gBAAgB3K,QAAQ4K,uBACzB5K,QAAQ4K,uBAAuB,MAC/BhV;YAEJ1I,KAAK2d,gBACH7K,QAAQ8K,yBAAyB,QAC7BtD,gBACAS;YAEN/a,KAAK6d,oBAAoBhC,gCACvB7b,KAAK8S,QAAQjE;YAGf7O,KAAK8d,4BAA4B/B,+BAC/B/b,KAAK8S,QAAQjE;YAGf7O,KAAK+d,yBACHjL,QAAQiL,0BAA0BhV;YAEpC,MAAMiV,qBAAqBlL,QAAQmL,4BAC/Bje,KAAK2d,gBACL3C;YAMJhb,KAAKsK,QAAQkJ,gBACX,UACAxT,KAAK8S,QAAQwJ,oBAAoBhS,OACjCtK,KAAK8S,QAAQoL,mBAAmB,mBAAmB;YAGrDle,KAAKme,qBAAqB,IAAI1H,mBAC5BuH,oBACAhe,KAAK8S,QAAQjE;YAGf7O,KAAK8U,cAAc9U,KAAK8S,QAAQgC,eAAe5L;YAE/ClJ,KAAKoe,eAAe,IAAIxJ,aACtBH,QACCA,MAAMH,UACH,IAAIkH,iBAAiB/G,OAAOzU,KAAK8S,QAAQjE,YACzCrO,WACJR,KAAK8U;YAGP9U,KAAKyQ,YAAYD,UAAUxQ,KAAK8S,QAAQ4G;YACxC1Z,KAAKqe,cAAc1N,eAAe3Q,KAAK8S,QAAQlC,QAAQ5Q,KAAKyQ;YAG5D,WACS3K,WAAW,eAClBA,OAAOwY,UACPte,KAAK8S,QAAQoL,oBACbZ,kBAAkB3U,uBAClB;gBACA3I,KAAKyS,SAAS,IAAI8L;AACnB;AACF;QAEOC,KAAK7E;YACX,MAAMxG,cAAc2G,mBAClBzL,KAAKnI,KAAKC,UAAUnG,KAAK8S,QAAQK,eAAenK;YAElD,OAAO,GAAGhJ,KAAKyQ,YAAYkJ,oBAAoBxG;AAChD;QAEOsL,cAAcC;YACpB,OAAO1e,KAAKwe,KAAK,cAAc5P,kBAAkB8P;AAClD;QAEO1P,qBACNmG,UACAgD,OACAU;YAEA,MAAMtU,YAAYvE,KAAK8U;YAEvB,OAAO6J,OAAc;gBACnB9G,KAAK7X,KAAKqe;gBACVrG,KAAKhY,KAAK8S,QAAQjE;gBAClBsG;gBACAgD;gBACAU;gBACAN,QAAQvY,KAAK8S,QAAQyF;gBACrBH,SAAStH,YAAY9Q,KAAK8S,QAAQwJ,oBAAoBlE;gBACtD7T;;AAEH;QAEOqa,kBAAkB/F;YACxB,IAAIA,gBAAgB;gBAClB7Y,KAAK2d,cAAc9G,KAAK7W,KAAK6d,mBAAmBhF,gBAAgB;oBAC9D/B,iBAAiB9W,KAAK+d;oBACtBpD,cAAc3a,KAAK8S,QAAQ6H;;AAE9B,mBAAM;gBACL3a,KAAK2d,cAActJ,OAAOrU,KAAK6d,mBAAmB;oBAChDlD,cAAc3a,KAAK8S,QAAQ6H;;AAE9B;AACF;QAEO3L,2BACNsN,qBACAoC,kBACAG;YAUA,MAAMjV,QAAQwE,OAAOP;YACrB,MAAMsK,QAAQ/J,OAAOP;YACrB,MAAMiR,gBAAgBjR;YACtB,MAAMkR,6BAA6BhQ,OAAO+P;YAC1C,MAAMvC,iBAAiBpM,yBAAyB4O;YAEhD,MAAMxQ,SAAS6N,mBACbpc,KAAK8S,SACL9S,KAAKsK,OACLgS,qBACA1S,OACAuO,OACAoE,gBACAD,oBAAoBE,gBAClBxc,KAAK8S,QAAQwJ,oBAAoBE,gBACjCqC,qBACFH,qBAAA,QAAAA,uCAAAA,iBAAkBjC;YAGpB,MAAMhQ,MAAMzM,KAAKye,cAAclQ;YAE/B,OAAO;gBACL4J;gBACA2G;gBACAxU,OAAOiE,OAAOjE;gBACdD,UAAUkE,OAAOlE,YAAY;gBAC7BmS,cAAcjO,OAAOiO;gBACrB5S;gBACA6C;;AAEH;QAyBMuC,qBACL8D,SACA1F;;YAEA0F,UAAUA,WAAW;YACrB1F,SAASA,UAAU;YAEnB,KAAKA,OAAOpD,OAAO;gBACjBoD,OAAOpD,QAAQwC,UAAU;gBAEzB,KAAKY,OAAOpD,OAAO;oBACjB,MAAM,IAAIZ,MACR;AAEH;AACF;YAED,MAAMmF,eAAevO,KAAKgf,qBACxBlM,QAAQwJ,uBAAuB,CAAA,GAC/B;gBAAEG,eAAe;eACjB3W,OAAO2U,SAAS1O;YAGlBqB,OAAOpD,MAAMyQ,SAASwE,OAAO1Q,OAAO9B;YAEpC,MAAMyS,mBAAmB/R,SAAQjO,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAC5BvB,SAAM;gBACT7E,kBACE6E,OAAO7E,oBACPvI,KAAK8S,QAAQqM,6BACb9W;;YAGJ,IAAIkG,OAAO3E,UAAUsV,WAAWtV,OAAO;gBACrC,MAAM,IAAIR,MAAM;AACjB;YAED,MAAMyP,mBACJhT,KAAAiN,QAAQwJ,6DAAqB8C,iBAC7Bpf,KAAK8S,QAAQwJ,oBAAoB8C;kBAE7Bpf,KAAKqf,cACT;gBACEhV,UAAUkE,OAAOlE;gBACjBC,OAAOiE,OAAOjE;gBACdwU,eAAevQ,OAAOuQ;gBACtBQ,YAAY;gBACZxU,MAAMoU,WAAWpU;gBACjB0R,cAAcjO,OAAOiO;eAEvB;gBACE+C,SAAShR,OAAO4J;gBAChBU;;AAGL;QAYM7J;;YACL,MAAMyF,cAAczU,KAAKwf;YAEzB,QAAO3Z,KAAA4O,UAAK,QAALA,eAAK,SAAA,IAALA,MAAOO,kBAAc,QAAAnP,YAAA,SAAA,IAAAA,GAAA4R;AAC7B;QASMzI;;YACL,MAAMyF,cAAczU,KAAKwf;YAEzB,QAAO3Z,KAAA4O,UAAK,QAALA,eAAK,SAAA,IAALA,MAAOO,kBAAc,QAAAnP,YAAA,SAAA,IAAAA,GAAA0R;AAC7B;QAaMvI,wBACL8D,UAA2C;;YAE3C,MAAM2M,KACJ7C,2BAA2B9J,WADvB+J,SAAEA,SAAO6C,UAAEA,UAAQ7V,UAAEA,YACU4V,IADGE,aAAlC9gB,OAAA4gB,IAAA,EAAA,WAAA,YAAA;YAGN,MAAM5G,mBACJhT,KAAA8Z,WAAWrD,6DAAqB8C,iBAChCpf,KAAK8S,QAAQwJ,oBAAoB8C;YAEnC,MAAMQ,WAAgC5f,KAAKgf,qBACzCW,WAAWrD,uBAAuB,MAD9B7P,KAAEA,OAAGmT,IAAKjJ,cAAW9X,OAAA+gB,IAArB,EAAuB;YAI7B5f,KAAKme,mBAAmBvH,OAAM1X,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GACzBgI,cACH;gBAAA9M;gBACIgP,kBAAkB;gBAAEA;;YAG1B,MAAMgH,kBAAkBH,WAAW,GAAGjT,OAAOiT,aAAajT;YAE1D,IAAIoQ,SAAS;sBACLA,QAAQgD;AACf,mBAAM;gBACL/Z,OAAO2U,SAAS9L,OAAOkR;AACxB;AACF;QAQM7Q,6BACLvC,MAAc3G,OAAO2U,SAASwE;YAE9B,MAAMa,uBAAuBrT,IAAIoD,MAAM,KAAKjI,MAAM;YAElD,IAAIkY,qBAAqBrgB,WAAW,GAAG;gBACrC,MAAM,IAAI2J,MAAM;AACjB;YAED,OAAMQ,OAAEA,OAAKkB,MAAEA,MAAIxB,OAAEA,OAAKC,mBAAEA,qBAAsBkB,0BAChDqV,qBAAqB7P,KAAK;YAG5B,MAAM0G,cAAc3W,KAAKme,mBAAmB5d;YAE5C,KAAKoW,aAAa;gBAChB,MAAM,IAAIvN,MAAM;AACjB;YAEDpJ,KAAKme,mBAAmB9J;YAExB,IAAI/K,OAAO;gBACT,MAAM,IAAIK,oBACRL,OACAC,qBAAqBD,OACrBM,OACA+M,YAAY9M;AAEf;YAGD,KACG8M,YAAYmI,iBACZnI,YAAY/M,SAAS+M,YAAY/M,UAAUA,OAC5C;gBACA,MAAM,IAAIR,MAAM;AACjB;YAED,MAAMyP,iBAAiBlC,YAAYkC;YACnC,MAAM0G,UAAU5I,YAAYwB;YAC5B,MAAMqE,eAAe7F,YAAY6F;kBAE3Bxc,KAAKqf,cAAangB,OAAAyP,OAAA;gBAEpBtE,UAAUsM,YAAYtM;gBACtBC,OAAOqM,YAAYrM;gBACnBwU,eAAenI,YAAYmI;gBAC3BQ,YAAY;gBACZxU,MAAMA;eACF0R,eAAe;gBAAEA;gBAAiB,CAAE,IAE1C;gBAAE+C;gBAAS1G;;YAGb,OAAO;gBACLhP,UAAU8M,YAAY9M;;AAEzB;QA2BMmF,mBAAmB8D;YACxB,KAAK9S,KAAK2d,cAAcpd,IAAIP,KAAK8d,4BAA4B;gBAC3D,KAAK9d,KAAK2d,cAAcpd,IAAIub,mCAAmC;oBAC7D;AACD,uBAAM;oBAEL9b,KAAK2d,cAAc9G,KAAK7W,KAAK8d,2BAA2B,MAAM;wBAC5DhH,iBAAiB9W,KAAK+d;wBACtBpD,cAAc3a,KAAK8S,QAAQ6H;;oBAG7B3a,KAAK2d,cAActJ,OAAOyH;AAC3B;AACF;YAED;sBACQ9b,KAAK+f,iBAAiBjN;AAChB,cAAZ,OAAOrQ,IAAK;AACf;QAwDMuM,uBACL8D,UAAmC;;YAEnC,MAAMkN,eAGJ9gB,OAAAyP,OAAAzP,OAAAyP,OAAA;gBAAAsR,WAAW;eACRnN,UAAO;gBACVwJ,qBAAmBpd,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAA,IACd3O,KAAK8S,QAAQwJ,sBACbxJ,QAAQwJ,sBAAmB;oBAC9BhS,OAAOkJ,gBAAgBxT,KAAKsK,QAAOzE,KAAAiN,QAAQwJ,yBAAmB,QAAAzW,YAAA,SAAA,IAAAA,GAAEyE;;;YAIpE,MAAMnI,eAAegZ,eACnB,MAAMnb,KAAKkgB,kBAAkBF,gBAC7B,GAAGhgB,KAAK8S,QAAQjE,aAAamR,aAAa1D,oBAAoBjS,aAAa2V,aAAa1D,oBAAoBhS;YAG9G,OAAOwI,QAAQqN,mBAAmBhe,SAASA,WAAA,QAAAA,6BAAAA,OAAQie;AACpD;QAEOpR,wBACN8D;YAIA,OAAMmN,WAAEA,aAAkCnN,SAApBuN,kBAAexhB,OAAKiU,SAApC,EAAiC;YAIvC,IAAImN,cAAc,OAAO;gBACvB,MAAM/L,cAAclU,KAAKsgB,mBAAmB;oBAC1ChW,OAAO+V,gBAAgB/D,oBAAoBhS;oBAC3CD,UAAUgW,gBAAgB/D,oBAAoBjS,YAAY;oBAC1DwE,UAAU7O,KAAK8S,QAAQjE;;gBAGzB,IAAIqF,OAAO;oBACT,OAAOA;AACR;AACF;YAED,IAAI+L,cAAc,cAAc;gBAC9B;AACD;YAED,UACQ3E,cACJ,MAAMza,KAAKgE,YAAY+W,6BAA6B,OACpD,KAEF;gBACA;oBACE9V,OAAOwB,iBAAiB,YAAYtH,KAAKqd;oBAIzC,IAAI4C,cAAc,OAAO;wBACvB,MAAM/L,cAAclU,KAAKsgB,mBAAmB;4BAC1ChW,OAAO+V,gBAAgB/D,oBAAoBhS;4BAC3CD,UAAUgW,gBAAgB/D,oBAAoBjS,YAAY;4BAC1DwE,UAAU7O,KAAK8S,QAAQjE;;wBAGzB,IAAIqF,OAAO;4BACT,OAAOA;AACR;AACF;oBAED,MAAMqM,aAAavgB,KAAK8S,QAAQoL,yBACtBle,KAAKwgB,2BAA2BH,yBAChCrgB,KAAKygB,oBAAoBJ;oBAEnC,OAAMlL,UAAEA,UAAQiL,cAAEA,cAAYM,iBAAEA,iBAAezK,YAAEA,cAC/CsK;oBAEF,OAAArhB,OAAAyP,OAAAzP,OAAAyP,OAAA;wBACEwG;wBACAiL;uBACIM,kBAAkB;wBAAEpW,OAAOoW;wBAAoB,OAAK;wBACxDzK;;AAKH,kBAHS;0BACFpV,KAAKkE,YAAY6W;oBACvB9V,OAAOmB,oBAAoB,YAAYjH,KAAKqd;AAC7C;AACF,mBAAM;gBACL,MAAM,IAAIvT;AACX;AACF;QAcMkF,wBACL8D,UAAoC,IACpC1F,SAA6B,CAAA;;YAE7B,MAAM4S,eAAY9gB,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GACbmE,UAAO;gBACVwJ,qBACKpd,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAAA3O,KAAK8S,QAAQwJ,sBACbxJ,QAAQwJ,sBAAmB;oBAC9BhS,OAAOkJ,gBAAgBxT,KAAKsK,QAAOzE,KAAAiN,QAAQwJ,yBAAmB,QAAAzW,YAAA,SAAA,IAAAA,GAAEyE;;;YAIpE8C,SACKlO,OAAAyP,OAAAzP,OAAAyP,OAAA,IAAArG,+BACA8E;kBAGCpN,KAAK2gB,eAAeX,cAAc5S;YAExC,MAAMqH,cAAczU,KAAKoe,aAAa7d,IACpC,IAAIuT,SAAS;gBACXxJ,OAAO0V,aAAa1D,oBAAoBhS;gBACxCD,UAAU2V,aAAa1D,oBAAoBjS,YAAY;gBACvDwE,UAAU7O,KAAK8S,QAAQjE;;YAI3B,OAAO4F,MAAO2L;AACf;QAWMpR;YACL,MAAMyI,aAAazX,KAAK4gB;YACxB,SAASnJ;AACV;QAUOoJ,gBAAgB/N;YACtB,IAAIA,QAAQjE,aAAa,MAAM;gBAC7BiE,QAAQjE,WAAWiE,QAAQjE,YAAY7O,KAAK8S,QAAQjE;AACrD,mBAAM;uBACEiE,QAAQjE;AAChB;YAED,MAAMhJ,KAAkCiN,QAAQgO,gBAAgB,CAAA,IAA1DC,WAAEA,iBAAcC,gBAAhBniB,OAAAgH,IAAA,EAAA;YACN,MAAMob,iBAAiBF,YAAY,eAAe;YAClD,MAAMtU,MAAMzM,KAAKwe,KACf,cAAc5P,kBAAiB1P,OAAAyP,OAAA;gBAC7BE,UAAUiE,QAAQjE;eACfmS;YAIP,OAAOvU,MAAMwU;AACd;QAeMjS,aAAa8D,UAAyB;YAC3C,MAAMjN,KAAgC+W,2BAA2B9J,WAA3D+J,SAAEA,WAAOhX,IAAKmb,gBAAdniB,OAAAgH,IAAA,EAAA;YAEN,IAAIiN,QAAQjE,aAAa,MAAM;sBACvB7O,KAAKoe,aAAarI;AACzB,mBAAM;sBACC/V,KAAKoe,aAAarI,MAAMjD,QAAQjE,YAAY7O,KAAK8S,QAAQjE;AAChE;YAED7O,KAAK2d,cAActJ,OAAOrU,KAAK6d,mBAAmB;gBAChDlD,cAAc3a,KAAK8S,QAAQ6H;;YAE7B3a,KAAK2d,cAActJ,OAAOrU,KAAK8d,2BAA2B;gBACxDnD,cAAc3a,KAAK8S,QAAQ6H;;YAE7B3a,KAAKkd,UAAU7I,OAAOR;YAEtB,MAAMpH,MAAMzM,KAAK6gB,gBAAgBG;YAEjC,IAAInE,SAAS;sBACLA,QAAQpQ;AACf,mBAAM,IAAIoQ,YAAY,OAAO;gBAC5B/W,OAAO2U,SAAS9L,OAAOlC;AACxB;AACF;QAEOuC,0BACN8D;YAIA,MAAMvE,SACDrP,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAAAmE,QAAQwJ;gBACX4E,QAAQ;;YAGV,MAAMC,YAAYnhB,KAAK2d,cAAcpd,IAAYP,KAAK6d;YAEtD,IAAIsD,cAAc5S,OAAO6Q,cAAc;gBACrC7Q,OAAO6Q,eAAe+B;AACvB;YAED,OAAM1U,KACJA,KACA7C,OAAOwX,SACPjJ,OAAOoH,SAAOT,eACdA,eAAatC,cACbA,cAAYlS,OACZA,OAAKD,UACLA,kBACQrK,KAAKgf,qBACbzQ,QACA;gBAAEkO,eAAe;eACjB3W,OAAO2U,SAAS1O;YAGlB;gBAIE,IAAKjG,OAAeub,qBAAqB;oBACvC,MAAM,IAAIlY,aACR,kBACA;AAEH;gBAED,MAAMmY,mBACJxO,QAAQvK,oBAAoBvI,KAAK8S,QAAQqM;gBAE3C,MAAMD,mBAAmBnU,UAAU0B,KAAKzM,KAAKyQ,WAAW6Q;gBAExD,IAAIF,YAAYlC,WAAWtV,OAAO;oBAChC,MAAM,IAAIR,MAAM;AACjB;gBAED,MAAMmY,oBAAoBvhB,KAAKqf,cAExBngB,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAAAmE,QAAQwJ;oBACXwC;oBACAhU,MAAMoU,WAAWpU;oBACjBwU,YAAY;oBACZ9C;oBACAnX,SAASyN,QAAQwJ,oBAAoBjX,WAAWrF,KAAKyd;oBAEvD;oBACE8B;;gBAIJ,OAAArgB,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GACK4S,cAAW;oBACdjX,OAAOA;oBACPoW,iBAAiBa,YAAYjX;oBAC7BD,UAAUA;;AASb,cAPC,OAAOtL;gBACP,IAAIA,EAAEuK,UAAU,kBAAkB;oBAChCtJ,KAAKwhB,OAAO;wBACV3E,SAAS;;AAEZ;gBACD,MAAM9d;AACP;AACF;QAEOiQ,iCACN8D;YAIA,MAAM2B,cAAczU,KAAKoe,aAAa7d,IACpC,IAAIuT,SAAS;gBACXxJ,OAAOwI,QAAQwJ,oBAAoBhS;gBACnCD,UAAUyI,QAAQwJ,oBAAoBjS,YAAY;gBAClDwE,UAAU7O,KAAK8S,QAAQjE;;YAQ3B,MAAM4F,UAAUA,MAAMmB,mBAAmB5V,KAAKyS,QAAQ;gBACpD,IAAIzS,KAAK8S,QAAQsK,0BAA0B;oBACzC,aAAapd,KAAKygB,oBAAoB3N;AACvC;gBAED,MAAM,IAAI1I,yBACR0I,QAAQwJ,oBAAoBjS,YAAY,WACxCyI,QAAQwJ,oBAAoBhS;AAE/B;YAED,MAAMkS,eACJ1J,QAAQwJ,oBAAoBE,gBAC5Bxc,KAAK8S,QAAQwJ,oBAAoBE,gBACjC1W,OAAO2U,SAAS1O;YAElB,MAAM1G,iBACGyN,QAAQvK,qBAAqB,WAChCuK,QAAQvK,mBAAmB,MAC3B;YAEN;gBACE,MAAMgZ,oBAAoBvhB,KAAKqf,cAAangB,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GACvCmE,QAAQwJ,sBAAmB;oBAC9BgD,YAAY;oBACZ1J,eAAenB,SAASA,MAAMmB;oBAC9B4G;oBACInX,WAAW;oBAAEA;;gBAGnB,OACKnG,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAAA4S,cACH;oBAAAjX,OAAOwI,QAAQwJ,oBAAoBhS;oBACnCoW,iBAAiBa,YAAYjX;oBAC7BD,UAAUyI,QAAQwJ,oBAAoBjS,YAAY;;AAiBrD,cAfC,OAAOtL;gBACP,KAGGA,EAAEkS,QAAQ3R,QAAQsJ,wCAAwC,KAGxD7J,EAAEkS,WACDlS,EAAEkS,QAAQ3R,QAAQuJ,wCAAwC,MAC9D7I,KAAK8S,QAAQsK,0BACb;oBACA,aAAapd,KAAKygB,oBAAoB3N;AACvC;gBAED,MAAM/T;AACP;AACF;QAEOiQ,wBACNkF;YAEA,OAAMiB,UAAEA,UAAQH,cAAEA,gBAAyCd,OAAxBuN,sBAAwB5iB,OAAAqV,OAArD,EAAA,YAAA;YAENlU,KAAKkd,UAAUzc,IAAIoT,2BAA2B;gBAC5CsB;gBACAH;;kBAGIhV,KAAKoe,aAAasD,WACtB1hB,KAAK8S,QAAQjE,UACbqF,MAAMiB,UACNjB,MAAMc;kBAGFhV,KAAKoe,aAAa3d,IAAIghB;AAC7B;QAEOzS;YACN,MAAM3E,WAAWrK,KAAK8S,QAAQwJ,oBAAoBjS,YAAY;YAE9D,MAAMoK,cAAczU,KAAKoe,aAAauD,WACpC,IAAI7N,SAAS;gBACXjF,UAAU7O,KAAK8S,QAAQjE;gBACvBxE;gBACAC,OAAOtK,KAAKsK;;YAIhB,MAAMsX,eAAe5hB,KAAKkd,UAAU3c,IAClCsT;YAKF,IAAIY,SAASA,MAAMU,cAAayM,iBAAA,QAAAA,sBAAA,SAAA,IAAAA,aAAczM,WAAU;gBACtD,OAAOyM;AACR;YAED5hB,KAAKkd,UAAUzc,IAAIoT,2BAA2BY;YAC9C,OAAOA;AACR;QAEOzF,0BAAyB1E,OAC/BA,OAAKD,UACLA,UAAQwE,UACRA;YAMA,MAAMqF,cAAclU,KAAKoe,aAAa7d,IACpC,IAAIuT,SAAS;gBACXxJ;gBACAD;gBACAwE;gBAEF;YAGF,IAAIqF,SAASA,MAAMkM,cAAc;gBAC/B,OAAMA,cAAEA,cAAYM,iBAAEA,iBAAezK,YAAEA,cAAe/B;gBACtD,MAAMO,cAAczU,KAAKwf;gBACzB,OACE/K,SACEvV,OAAAyP,OAAAzP,OAAAyP,OAAA;oBAAAwG,UAAUV,MAAMU;oBAChBiL;mBACIM,kBAAkB;oBAAEpW,OAAOoW;oBAAoB,OAAK;oBACxDzK;;AAGL;AACF;QAcOjH,oBACN8D,SACA+O;YAEA,OAAMtC,SAAEA,SAAO1G,gBAAEA,kBAAmBgJ,wBAAwB,CAAA;YAC5D,MAAMtB,mBAAmBtN;gBAErBC,SAASlT,KAAKyQ;gBACd3B,WAAW9O,KAAK8S,QAAQjE;gBACxBsE,aAAanT,KAAK8S,QAAQK;gBAC1BT,aAAa1S,KAAK8S,QAAQJ;gBAC1BrN,SAASrF,KAAKyd;eACX3K,UAEL9S,KAAKyS;YAGP,MAAMuC,qBAAqBhV,KAAK8hB,eAC9BvB,WAAWpL,UACXoK,SACA1G;kBAGI7Y,KAAK+hB,kBAAiB7iB,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GACvB4R,aACH;gBAAAvL;gBACA1K,OAAOwI,QAAQxI;gBACfD,UAAUyI,QAAQzI,YAAY;gBAC1BkW,WAAWjW,QAAQ;gBAAEoW,iBAAiBH,WAAWjW;gBAAU,OAC/D;gBAAAwE,WAAW9O,KAAK8S,QAAQjE;;YAG1B7O,KAAK2d,cAAc9G,KAAK7W,KAAK8d,2BAA2B,MAAM;gBAC5DhH,iBAAiB9W,KAAK+d;gBACtBpD,cAAc3a,KAAK8S,QAAQ6H;;YAG7B3a,KAAK4e,kBAAkB5J,aAAauC,OAAOuB;YAE3C,OAAY5Z,OAAAyP,OAAAzP,OAAAyP,OAAA,CAAA,GAAA4R,aAAY;gBAAAvL;;AACzB;;UCxiBUgN;ICpjBNhT,eAAeiT,kBAAkBnP;QACtC,MAAMoP,QAAQ,IAAIjF,YAAYnK;cACxBoP,MAAMC;QACZ,OAAOD;AACT;;;;;;;;;;;;;;;;;"} |