| 1 | {"version":3,"sources":["webpack://Msal/webpack/universalModuleDefinition","webpack://Msal/./node_modules/tslib/tslib.es6.js","webpack://Msal/./src/Account.ts","webpack://Msal/./src/AuthResponse.ts","webpack://Msal/./src/AuthenticationParameters.ts","webpack://Msal/./src/ClientInfo.ts","webpack://Msal/./src/Configuration.ts","webpack://Msal/./src/IdToken.ts","webpack://Msal/./src/Logger.ts","webpack://Msal/./src/ScopeSet.ts","webpack://Msal/./src/ServerRequestParameters.ts","webpack://Msal/./src/UserAgentApplication.ts","webpack://Msal/./src/XHRClient.ts","webpack://Msal/./src/authority/Authority.ts","webpack://Msal/./src/authority/AuthorityFactory.ts","webpack://Msal/./src/authority/TrustedAuthority.ts","webpack://Msal/./src/cache/AccessTokenCacheItem.ts","webpack://Msal/./src/cache/AccessTokenKey.ts","webpack://Msal/./src/cache/AccessTokenValue.ts","webpack://Msal/./src/cache/AuthCache.ts","webpack://Msal/./src/cache/BrowserStorage.ts","webpack://Msal/./src/error/AuthError.ts","webpack://Msal/./src/error/ClientAuthError.ts","webpack://Msal/./src/error/ClientConfigurationError.ts","webpack://Msal/./src/error/InteractionRequiredAuthError.ts","webpack://Msal/./src/error/ServerError.ts","webpack://Msal/./src/index.ts","webpack://Msal/./src/packageMetadata.ts","webpack://Msal/./src/telemetry/ApiEvent.ts","webpack://Msal/./src/telemetry/DefaultEvent.ts","webpack://Msal/./src/telemetry/HttpEvent.ts","webpack://Msal/./src/telemetry/TelemetryConstants.ts","webpack://Msal/./src/telemetry/TelemetryEvent.ts","webpack://Msal/./src/telemetry/TelemetryManager.ts","webpack://Msal/./src/telemetry/TelemetryUtils.ts","webpack://Msal/./src/utils/AuthCacheUtils.ts","webpack://Msal/./src/utils/Constants.ts","webpack://Msal/./src/utils/CryptoUtils.ts","webpack://Msal/./src/utils/RequestUtils.ts","webpack://Msal/./src/utils/ResponseUtils.ts","webpack://Msal/./src/utils/StringUtils.ts","webpack://Msal/./src/utils/TimeUtils.ts","webpack://Msal/./src/utils/TokenUtils.ts","webpack://Msal/./src/utils/UrlUtils.ts","webpack://Msal/./src/utils/WindowUtils.ts","webpack://Msal/webpack/bootstrap","webpack://Msal/webpack/startup"],"names":["root","factory","exports","module","define","amd","self","extendStatics","d","b","Object","setPrototypeOf","__proto__","Array","p","hasOwnProperty","__values","o","m","Symbol","iterator","i","call","next","length","value","done","__read","n","r","e","ar","push","error","__await","v","this","__","constructor","prototype","create","__assign","assign","t","s","arguments","apply","indexOf","getOwnPropertySymbols","propertyIsEnumerable","decorators","target","key","desc","c","getOwnPropertyDescriptor","Reflect","decorate","defineProperty","paramIndex","decorator","metadataKey","metadataValue","metadata","thisArg","_arguments","P","generator","Promise","resolve","reject","fulfilled","step","rejected","result","then","body","f","y","g","_","label","sent","trys","ops","verb","op","TypeError","pop","concat","il","k","a","j","jl","asyncIterator","q","resume","fulfill","settle","shift","cooked","raw","mod","__esModule","default","accountIdentifier","homeAccountIdentifier","userName","name","idTokenClaims","sid","environment","idToken","createAccount","clientInfo","objectId","subject","uid","utid","StringUtils","isEmpty","CryptoUtils","base64Encode","Account","preferredName","claims","issuer","compareAccounts","a1","a2","state","uniqueId","tenantId","tokenType","accessToken","scopes","expiresOn","account","accountState","fromCache","request","claimsRequest","JSON","parse","ClientConfigurationError","createClaimsRequestParsingError","rawClientInfo","authority","decodedClientInfo","base64Decode","ClientInfo","stripPolicyFromUid","ClientAuthError","createClientInfoDecodingError","_uid","_utid","createClientInfoFromIdToken","stringify","uidSegments","split","urlSegments","reverse","policy","slice","join","encodeClientInfo","DEFAULT_AUTH_OPTIONS","clientId","validateAuthority","authorityMetadata","knownAuthorities","redirectUri","UrlUtils","getCurrentUrl","postLogoutRedirectUri","navigateToLoginRequestUrl","DEFAULT_CACHE_OPTIONS","cacheLocation","storeAuthStateInCookie","DEFAULT_SYSTEM_OPTIONS","logger","Logger","loadFrameTimeout","tokenRenewalOffsetSeconds","navigateFrameWait","DEFAULT_FRAMEWORK_OPTIONS","isAngular","unprotectedResources","protectedResourceMap","Map","auth","cache","system","framework","rawIdToken","createIdTokenNullOrEmptyError","TokenUtils","extractIdToken","version","nonce","expiration","homeObjectId","cloudInstance","createIdTokenParsingError","IdToken","LogLevel","localCallback","options","level","Info","correlationId","piiLoggingEnabled","logMessage","logLevel","containsPii","log","timestamp","Date","toUTCString","executeCallback","message","Error","errorPii","warning","Warning","warningPii","info","infoPii","verbose","Verbose","verbosePii","isPiiLoggingEnabled","isIntersectingScopes","cachedScopes","convertedCachedScopes","trimAndConvertArrayToLowerCase","requestScopes","toLowerCase","containsScope","every","toString","trimAndConvertToLowerCase","scope","trim","map","trimScopes","removeElement","scopeVal","filter","parseScope","scopeList","validateInputScope","scopesRequired","isArray","createScopesNonArrayError","createEmptyScopesArrayError","createScopesRequiredError","getScopeFromState","splitIndex","Constants","resourceDelimiter","substring","appendScopes","reqScopes","reqExtraScopesToConsent","convertedExtraScopes","convertedReqScopes","onlyContainsOidcScopes","scopesCount","oidcScopesFound","openidScope","profileScope","containsAnyOidcScopes","containsOpenIdScope","containsProfileScope","onlyContainsClientId","appendDefaultScopes","extendedScopes","removeDefaultScopes","translateClientIdIfSingleScope","oidcScopes","ScopeSet","responseType","authorityInstance","createNewGuid","xClientSku","xClientVer","CanonicalAuthority","populateQueryParams","adalIdTokenObject","silentCall","queryParameters","prompt","promptValue","claimsValue","ServerRequestParameters","isSSOParam","constructUnifiedCacheQueryParameter","addHintParameters","eQParams","extraQueryParameters","generateQueryParametersString","idTokenObject","ssoType","ssoData","SSOTypes","SID","LOGIN_HINT","loginHint","upn","ID_TOKEN","addSSOParameter","params","qParams","PromptState","NONE","ssoParam","paramsString","keys","forEach","domain_hint","encodeURIComponent","determineResponseType","accountsMatch","ResponseTypes","id_token","responseTypeForMatchingAccounts","id_token_token","token","configuration","authResponseCallback","tokenReceivedCallback","errorReceivedCallback","config","buildConfiguration","inCookie","telemetryManager","getTelemetryManagerFromConfig","telemetry","TrustedAuthority","setTrustedAuthoritiesFromConfig","AuthorityFactory","saveMetadataFromConfig","cacheStorage","AuthCache","window","activeRenewals","renewStates","callbackMappedToRenewStates","promiseMappedToRenewStates","msal","urlHash","location","hash","urlContainsHash","WindowUtils","checkIfBackButtonIsPressed","isInteractionInProgress","getResponseState","method","interactionTypeRedirect","handleRedirectAuthenticationResponse","val","CreateInstance","getAuthorityInstance","handleRedirectCallback","authOrTokenCallback","createInvalidCallbackObjectError","redirectError","authErrorHandler","redirectResponse","authResponseHandler","interactionType","response","interactionTypePopup","createInvalidInteractionTypeError","authErr","setInteractionInProgress","loginRedirect","userRequest","RequestUtils","validateRequest","acquireTokenInteractive","acquireTokenRedirect","loginPopup","apiEvent","createAndStartApiEvent","API_EVENT_IDENTIFIER","LoginPopup","resp","stopAndFlushApiEvent","catch","resetTempCacheItems","errorCode","acquireTokenPopup","AcquireTokenPopup","isLoginCall","blockReloadInHiddenIframes","interactionProgress","setItem","TemporaryCacheKeys","REDIRECT_REQUEST","inProgress","thrownError","createLoginInProgressError","createAcquireTokenInProgressError","stateOnlyResponse","buildResponseStateOnly","getAccountState","getAccount","acquireTokenHelper","createUserLoginRequiredError","extractADALIdToken","tokenRequest","buildIDTokenRequest","silentLogin","acquireTokenSilent","requestSignature","acquireTokenAuthority","hasCachedMetadata","saveMetadataFromNetwork","getTokenType","loginStartPage","redirectStartPage","href","serverAuthenticationRequest","getRedirectUri","updateCacheEntries","urlNavigate","createNavigateUrl","response_mode_fragment","generateTemporaryCacheKey","STATE_ACQ_TOKEN","requestType","login","renewToken","registerCallback","popUpWindow","openPopup","popUpWidth","popUpHeight","trackPopup","ClientAuthErrorMessage","popUpWindowError","code","ErrorCacheKeys","ERROR","ERROR_DESC","createPopupWindowError","monitorPopupForHash","handleAuthenticationResponse","broadcast","closePopups","errorMessage","close","onRedirectNavigate","navigateWindow","createEndpointResolutionError","ssoSilent","createEmptyRequestError","createSsoSilentError","interactionTypeSilent","AcquireTokenSilent","createRequestSignature","adalIdToken","getItem","userContainedClaims","forceRefresh","cacheResultResponse","getCachedToken","renewIdToken","res","title","winLeft","screenLeft","screenX","winTop","screenTop","screenY","width","innerWidth","document","documentElement","clientWidth","height","innerHeight","clientHeight","left","top","popupWindow","open","focus","loadIframeTimeout","frameName","expectedState","RENEW_STATUS","loadFrame","loadFrameSync","iframe","monitorIframeForHash","contentWindow","removeItem","removeHiddenIframe","AuthError","createUnexpectedError","logout","logoutAsync","requestCorrelationId","Logout","clearCache","correlationIdParam","postLogoutQueryParam","getPostLogoutRedirectUri","EndSessionEndpoint","tokenCacheItems","getAllTokens","resetCacheItems","clearMsalCookie","clearCacheForScope","accessTokenItems","getAllAccessTokens","isCallback","processCallBack","respStateInfo","parentCallback","stateInfo","saveTokenFromHash","err","parent","ServerHashParamKeys","ACCESS_TOKEN","createErrorInCallbackFunction","locationHash","tokenResponseCallback","clearUrlFragment","loginRequestUrl","LOGIN_REQUEST","currentUrl","removeHashFromUrl","finalRedirectUrl","loginRequestUrlComponents","GetUrlComponents","Hash","stateResponse","parameters","deserializeHash","STATE","parsedState","parseLibraryState","unknown","ts","stateMatch","STATE_LOGIN","silentAuthenticationState","statesInParentContext","getCachedIdToken","authResponse","getCachedAccessToken","ResponseUtils","buildAuthResponse","getTokenCacheItemByAuthority","filteredAuthorityItems","isCommonAuthority","isOrganizationsAuthority","isConsumersAuthority","AuthCacheUtils","filterTokenCacheItemsByDomain","HostNameAndPort","filterTokenCacheItemsByAuthority","accessTokenCacheItem","idTokenCacheItems","getAllIdTokens","matchAuthority","idTokenCacheItem","evaluateTokenExpiration","idTokenValue","scopeFilteredTokenCacheItems","filterTokenCacheItemsByScope","responseAccount","aState","Number","expiresIn","tokenCacheItem","validateExpirationIsWithinOffset","generateFrameName","FramePrefix","TOKEN_FRAME","addHiddenIFrame","urlRemoveQueryStringParameter","prompt_none","ID_TOKEN_FRAME","saveToken","accessTokenKey","AccessTokenKey","accessTokenValue","AccessTokenValue","saveIdToken","idTokenObj","idTokenResponse","saveAccessToken","accessTokenResponse","SCOPE","consentedScopes","accessTokenCacheItems","TimeUtils","parseExpiresIn","EXPIRES_IN","hashParams","authorityKey","acquireTokenAccountKey","ERROR_DESCRIPTION","LOGIN_ERROR","generateAuthorityKey","accountId","no_account","generateAcquireTokenAccountKey","hashErr","hashErrDesc","InteractionRequiredAuthError","isInteractionRequiredError","ServerError","SESSION_STATE","PersistentCacheKeys","IDTOKEN","setResponseIdToken","populateAuthority","CLIENT_INFO","AuthorityType","Adfs","accountKey","acquireTokenAccountKey_noaccount","cachedAccount","acquireTokenAccount","cachedNonce","NONCE_IDTOKEN","createNonceMismatchError","createInvalidIdTokenError","createInvalidStateError","setItemCookie","cachedAuthority","replaceTenantPath","getAllAccounts","accounts","getUniqueAccounts","flags","uniqueAccounts","index","eventName","data","evt","CustomEvent","detail","dispatchEvent","getCachedTokenInternal","accountObject","newAuthority","getScopesForEndpoint","endpoint","size","from","get","getHostFromUri","getLoginInProgress","setloginInProgress","loginInProgress","getAcquireTokenInProgress","setAcquireTokenInProgress","acquireTokenInProgress","getLogger","setLogger","reqRedirectUri","getCurrentConfiguration","createNoSetConfigurationError","setAccountCache","getAccountId","setAuthorityCache","CanonicalizeUri","getTelemetrymanagerStub","applicationName","applicationVersion","telemetryEmitter","createTelemetryConfigError","telemetryManagerConfig","platform","UserAgentApplication","sendRequestAsync","url","enableCaching","xhr","XMLHttpRequest","onload","jsonResponse","status","handleError","responseText","statusCode","onerror","NetworkRequestType","GET","send","XhrClient","IsValidationEnabled","validateAsUri","tenantDiscoveryResponse","isAdfs","authorityUrl","pathSegments","PathSegments","ADFS","Authority","canonicalAuthority","Default","CanonicalAuthorityUrlComponents","validateResolved","AuthorizationEndpoint","replace","Tenant","Issuer","canonicalAuthorityUrlComponents","WELL_KNOWN_SUFFIX","components","ClientConfigurationErrorMessage","invalidAuthorityType","Protocol","authorityUriInsecure","authorityUriInvalidPath","DiscoverEndpoints","openIdConfigurationEndpoint","client","httpMethod","httpEvent","createAndStartHttpEvent","httpResponseStatus","stopEvent","serverErrorCode","resolveEndpointsAsync","host","getTrustedHostList","setTrustedAuthoritiesFromNetwork","IsInTrustedHostList","createUntrustedAuthorityError","openIdConfigurationEndpointResponse","GetOpenIdConfigurationEndpoint","DefaultOpenIdConfigurationEndpoint","metadataMap","set","getMetadata","authorityMetadataJson","parsedMetadata","authorization_endpoint","end_session_endpoint","createInvalidAuthorityMetadataError","TrustedHostList","getAliases","authorityToVerify","instanceDiscoveryEndpoint","AAD_INSTANCE_DISCOVERY_ENDPOINT","entry","AccessTokenCacheItem","temporaryCache","BrowserStorage","SESSION_STORAGE","rollbackEnabled","migrateCacheEntries","idTokenKey","cachePrefix","clientInfoKey","errorKey","errorDescKey","aud","cacheKey","duplicateCacheEntry","newKey","generateCacheKey","addInstanceId","matchKeyForType","parsedKey","validateAndParseJsonCacheKey","accountMatches","match","tokenTypeMatches","enableCookieStorage","setTemporaryItem","getTemporaryItem","storage","stateId","id","isTokenRenewalInProgress","tokenRenewalInProgress","clearItemCookie","cName","cValue","expires","getItemCookie","getAllTokensByType","reduce","tokens","matchedTokenKey","newAccessTokenCacheItem","accessTokens","idTokens","matchClientId","getInteractionInProgress","INTERACTION_STATUS","newInProgressValue","stateValue","renewStatus","cookie","cookieString","cookieName","ACQUIRE_TOKEN_ACCOUNT","AUTHORITY","tempCacheKey","createNoWindowObjectError","createStorageNotSupportedError","clear","cookieStr","getCookieExpirationTime","ca","charAt","decodeURIComponent","cookieLifeDays","today","getTime","AuthErrorMessage","unexpectedError","noWindowObjectError","errDesc","endpointResolutionError","tokenRenewalError","invalidIdToken","invalidStateError","nonceMismatchError","loginProgressError","acquireTokenProgressError","userCancelledError","callbackError","userLoginRequiredError","userDoesNotExistError","clientInfoDecodingError","clientInfoNotPopulatedError","nullOrEmptyIdToken","idTokenNotParsed","tokenEncodingError","invalidInteractionType","cacheParseError","blockTokenRequestsInHiddenIframe","errDetail","createTokenRenewalTimeoutError","invalidState","actualState","invalidNonce","actualNonce","createUserCancelledError","errorDesc","createUserDoesNotExistError","caughtError","createClientInfoNotPopulatedError","invalidRawTokenString","caughtParsingError","createTokenEncodingError","incorrectlyEncodedToken","createCacheParseError","createBlockTokenRequestsInHiddenIframeError","configurationNotSet","storageNotSupported","noRedirectCallbacksSet","invalidCallbackObject","emptyScopes","nonArrayScopes","invalidPrompt","unsupportedAuthorityValidation","untrustedAuthority","b2cAuthorityUriInvalidPath","b2cKnownAuthoritiesNotSet","claimsRequestParsingError","emptyRequestError","invalidCorrelationIdError","telemetryConfigError","ssoSilentError","invalidAuthorityMetadataError","givenCacheLocation","createRedirectCallbacksNotSetError","callbackObject","scopesValue","createInvalidPromptError","claimsRequestParseError","createInvalidCorrelationIdError","createKnownAuthoritiesNotSetError","createInvalidAuthorityTypeError","requiredKeys","InteractionRequiredAuthErrorMessage","interactionRequired","consentRequired","loginRequired","errorString","interactionRequiredCodes","createLoginRequiredAuthError","createInteractionRequiredAuthError","createConsentRequiredAuthError","ServerErrorMessage","serverUnavailable","unknownServerError","createServerUnavailableError","createUnknownServerError","CacheResult","CacheLocation","Configuration","AuthenticationParameters","AuthResponse","API_CODE","EVENT_KEYS","prependEventNamePrefix","AUTHORITY_TYPE","PROMPT","TENANT_ID","USER_ID","WAS_SUCESSFUL","API_ERROR_CODE","mapEventIdentiferToCode","AcquireTokenRedirect","LoginRedirect","piiEnabled","apiEventIdentifier","apiCode","event","TELEMETRY_BLOB_EVENT_NAMES","ApiTelemIdConstStrKey","ApiIdConstStrKey","uri","scrubTenantFromUri","hashPersonalIdentifier","wasSuccessful","authorityType","promptType","eventCount","sdk","sdkVersion","networkInformation","connectionSpeed","UiEventCountTelemetryBatchKey","getEventCount","HttpEventCountTelemetryBatchKey","CacheEventCountConstStrKey","HTTP_PATH","USER_AGENT","QUERY_PARAMETERS","API_VERSION","RESPONSE_CODE","O_AUTH_ERROR_CODE","HTTP_METHOD","REQUEST_ID_HEADER","SPE_INFO","SERVER_ERROR_CODE","SERVER_SUB_ERROR_CODE","URL","eventLabel","scrubbedUri","httpPath","userAgent","queryParams","apiVersion","requestIdHeader","speInfo","subErrorCode","EVENT_NAME_PREFIX","EVENT_NAME_KEY","START_TIME_KEY","ELAPSED_TIME_KEY","MsalCorrelationIdConstStrKey","BrokerAppConstStrKey","IdpConstStrKey","IsSilentTelemetryBatchKey","IsSuccessfulConstStrKey","ResponseTimeConstStrKey","TenantIdConstStrKey","TENANT_PLACEHOLDER","eventId","setElapsedTime","time","stop","now","startTimestamp","endBrowserPerformanceMeasurement","displayName","perfStartMark","perfEndMark","start","startBrowserPerformanceMeasurement","telemetryCorrelationId","completedEvents","inProgressEvents","eventCountByCorrelationId","onlySendFailureTelemetry","telemetryPlatform","libraryName","navigator","connection","effectiveType","startEvent","incrementEventCount","flush","orphanedEvents","getOrphanedEvents","eventsToFlush","eventCountsToFlush","defaultEvent","eventsWithDefaultEvent","apiErrorCode","correlation","memo","eventKey","pathParams","tenantPosition","valueToHash","suffix","supportsBrowserPerformance","performance","mark","measure","measureName","startMark","endMark","clearMeasures","clearMarks","cacheItem","searchScopes","requestDomain","_popUpWidth","_popUpHeight","DEFAULT_AUTHORITY","BlacklistedEQParams","POST","LOGIN","SELECT_ACCOUNT","CONSENT","cryptoObj","crypto","getRandomValues","buffer","Uint8Array","decimalToHex","guidHolder","hex","guidResponse","Math","random","isGuid","guid","test","num","input","btoa","p1","String","fromCharCode","encodedString","atob","charCodeAt","deserialize","query","pl","search","decode","obj","exec","extraScopesToConsent","validatePromptParameter","validateEQParameters","validateClaimsRequest","validateAndGenerateState","validateAndGenerateCorrelationId","param","userState","generateLibraryState","stateObject","stateString","libraryState","originalResponse","exp","idTokeTokenResponse","str","parseInt","round","relativeNowMs","decodeJwt","jwtToken","matches","header","JWSPayload","JWSSig","offset","encodedIdToken","decodedToken","base64IdToken","base64Decoded","serverRequestParams","createNavigationUrlString","authEndpoint","lowerCaseUrl","urlObject","pathArray","common","ORGANIZATIONS","CONSUMERS","constructAuthorityUriFromObject","regEx","RegExp","urlComponents","AbsolutePath","Search","endsWith","regex","getHashFromUrl","urlStringOrFragment","hashIndex1","hashIndex2","urlString","urlFragment","extractedUri","isInIframe","isInPopup","opener","prefix","timeout","timeoutMark","intervalId","setInterval","clearInterval","POLLING_INTERVAL_MS","maxTicks","ticks","closed","timeoutMs","setTimeout","frameHandle","src","iframeId","adalFrame","getElementById","createElement","ifr","setAttribute","style","visibility","position","border","getElementsByTagName","appendChild","insertAdjacentHTML","frames","parentNode","removeChild","getIframeWithHash","iframes","item","getPopups","openedWindows","getPopUpWithHash","popup","redirectCache","splitCache","history","replaceState","pathname","__webpack_module_cache__","__webpack_require__","moduleId","__webpack_modules__"],"mappings":";cAAA,SAA2CA,EAAMC,GAC1B,iBAAZC,SAA0C,iBAAXC,OACxCA,OAAOD,QAAUD,IACQ,mBAAXG,QAAyBA,OAAOC,IAC9CD,OAAO,OAAQ,GAAIH,GACO,iBAAZC,QACdA,QAAc,KAAID,IAElBD,EAAW,KAAIC,IARjB,CASGK,MAAM,WACT,O;;;;;;;;;;;;;;;iDCMA,IAAIC,EAAgB,SAASC,EAAGC,GAI5B,OAHAF,EAAgBG,OAAOC,gBAClB,CAAEC,UAAW,cAAgBC,OAAS,SAAUL,EAAGC,GAAKD,EAAEI,UAAYH,IACvE,SAAUD,EAAGC,GAAK,IAAK,IAAIK,KAAKL,EAAOA,EAAEM,eAAeD,KAAIN,EAAEM,GAAKL,EAAEK,MACpDN,EAAGC,IAwF5B,SAAgBO,EAASC,GACrB,IAAIC,EAAsB,mBAAXC,QAAyBF,EAAEE,OAAOC,UAAWC,EAAI,EAChE,OAAIH,EAAUA,EAAEI,KAAKL,GACd,CACHM,KAAM,WAEF,OADIN,GAAKI,GAAKJ,EAAEO,SAAQP,OAAI,GACrB,CAAEQ,MAAOR,GAAKA,EAAEI,KAAMK,MAAOT,KAKhD,SAAgBU,EAAOV,EAAGW,GACtB,IAAIV,EAAsB,mBAAXC,QAAyBF,EAAEE,OAAOC,UACjD,IAAKF,EAAG,OAAOD,EACf,IAAmBY,EAAYC,EAA3BT,EAAIH,EAAEI,KAAKL,GAAOc,EAAK,GAC3B,IACI,WAAc,IAANH,GAAgBA,KAAM,MAAQC,EAAIR,EAAEE,QAAQG,MAAMK,EAAGC,KAAKH,EAAEJ,OAExE,MAAOQ,GAASH,EAAI,CAAEG,MAAOA,G,QAEzB,IACQJ,IAAMA,EAAEH,OAASR,EAAIG,EAAU,SAAIH,EAAEI,KAAKD,G,QAExC,GAAIS,EAAG,MAAMA,EAAEG,OAE7B,OAAOF,EAiBX,SAAgBG,EAAQC,GACpB,OAAOC,gBAAgBF,GAAWE,KAAKD,EAAIA,EAAGC,MAAQ,IAAIF,EAAQC,GAhItE,qBAA0B3B,EAAGC,GAEzB,SAAS4B,IAAOD,KAAKE,YAAc9B,EADnCD,EAAcC,EAAGC,GAEjBD,EAAE+B,UAAkB,OAAN9B,EAAaC,OAAO8B,OAAO/B,IAAM4B,EAAGE,UAAY9B,EAAE8B,UAAW,IAAIF,IAGxE,EAAAI,SAAW,WAQlB,OAPA,EAAAA,SAAW/B,OAAOgC,QAAU,SAAkBC,GAC1C,IAAK,IAAIC,EAAGvB,EAAI,EAAGO,EAAIiB,UAAUrB,OAAQH,EAAIO,EAAGP,IAE5C,IAAK,IAAIP,KADT8B,EAAIC,UAAUxB,GACOX,OAAO6B,UAAUxB,eAAeO,KAAKsB,EAAG9B,KAAI6B,EAAE7B,GAAK8B,EAAE9B,IAE9E,OAAO6B,GAEJ,EAAAF,SAASK,MAAMV,KAAMS,YAGhC,kBAAuBD,EAAGd,GACtB,IAAIa,EAAI,GACR,IAAK,IAAI7B,KAAK8B,EAAOlC,OAAO6B,UAAUxB,eAAeO,KAAKsB,EAAG9B,IAAMgB,EAAEiB,QAAQjC,GAAK,IAC9E6B,EAAE7B,GAAK8B,EAAE9B,IACb,GAAS,MAAL8B,GAAqD,mBAAjClC,OAAOsC,sBACtB,KAAI3B,EAAI,EAAb,IAAgBP,EAAIJ,OAAOsC,sBAAsBJ,GAAIvB,EAAIP,EAAEU,OAAQH,IAC3DS,EAAEiB,QAAQjC,EAAEO,IAAM,GAAKX,OAAO6B,UAAUU,qBAAqB3B,KAAKsB,EAAG9B,EAAEO,MACvEsB,EAAE7B,EAAEO,IAAMuB,EAAE9B,EAAEO,KAE1B,OAAOsB,GAGX,sBAA2BO,EAAYC,EAAQC,EAAKC,GAChD,IAA2H7C,EAAvH8C,EAAIT,UAAUrB,OAAQK,EAAIyB,EAAI,EAAIH,EAAkB,OAATE,EAAgBA,EAAO3C,OAAO6C,yBAAyBJ,EAAQC,GAAOC,EACrH,GAAuB,iBAAZG,SAAoD,mBAArBA,QAAQC,SAAyB5B,EAAI2B,QAAQC,SAASP,EAAYC,EAAQC,EAAKC,QACpH,IAAK,IAAIhC,EAAI6B,EAAW1B,OAAS,EAAGH,GAAK,EAAGA,KAASb,EAAI0C,EAAW7B,MAAIQ,GAAKyB,EAAI,EAAI9C,EAAEqB,GAAKyB,EAAI,EAAI9C,EAAE2C,EAAQC,EAAKvB,GAAKrB,EAAE2C,EAAQC,KAASvB,GAChJ,OAAOyB,EAAI,GAAKzB,GAAKnB,OAAOgD,eAAeP,EAAQC,EAAKvB,GAAIA,GAGhE,mBAAwB8B,EAAYC,GAChC,OAAO,SAAUT,EAAQC,GAAOQ,EAAUT,EAAQC,EAAKO,KAG3D,sBAA2BE,EAAaC,GACpC,GAAuB,iBAAZN,SAAoD,mBAArBA,QAAQO,SAAyB,OAAOP,QAAQO,SAASF,EAAaC,IAGpH,qBAA0BE,EAASC,EAAYC,EAAGC,GAC9C,OAAO,IAAKD,IAAMA,EAAIE,WAAU,SAAUC,EAASC,GAC/C,SAASC,EAAU9C,GAAS,IAAM+C,EAAKL,EAAU5C,KAAKE,IAAW,MAAOK,GAAKwC,EAAOxC,IACpF,SAAS2C,EAAShD,GAAS,IAAM+C,EAAKL,EAAiB,MAAE1C,IAAW,MAAOK,GAAKwC,EAAOxC,IACvF,SAAS0C,EAAKE,GAAUA,EAAOhD,KAAO2C,EAAQK,EAAOjD,OAAS,IAAIyC,GAAE,SAAUG,GAAWA,EAAQK,EAAOjD,UAAWkD,KAAKJ,EAAWE,GACnID,GAAML,EAAYA,EAAUrB,MAAMkB,EAASC,GAAc,KAAK1C,YAItE,uBAA4ByC,EAASY,GACjC,IAAsGC,EAAGC,EAAGnC,EAAGoC,EAA3GC,EAAI,CAAEC,MAAO,EAAGC,KAAM,WAAa,GAAW,EAAPvC,EAAE,GAAQ,MAAMA,EAAE,GAAI,OAAOA,EAAE,IAAOwC,KAAM,GAAIC,IAAK,IAChG,OAAOL,EAAI,CAAExD,KAAM8D,EAAK,GAAI,MAASA,EAAK,GAAI,OAAUA,EAAK,IAAwB,mBAAXlE,SAA0B4D,EAAE5D,OAAOC,UAAY,WAAa,OAAOgB,OAAU2C,EACvJ,SAASM,EAAKzD,GAAK,OAAO,SAAUO,GAAK,OACzC,SAAcmD,GACV,GAAIT,EAAG,MAAM,IAAIU,UAAU,mCAC3B,KAAOP,OACH,GAAIH,EAAI,EAAGC,IAAMnC,EAAY,EAAR2C,EAAG,GAASR,EAAU,OAAIQ,EAAG,GAAKR,EAAS,SAAOnC,EAAImC,EAAU,SAAMnC,EAAErB,KAAKwD,GAAI,GAAKA,EAAEvD,SAAWoB,EAAIA,EAAErB,KAAKwD,EAAGQ,EAAG,KAAK5D,KAAM,OAAOiB,EAE3J,OADImC,EAAI,EAAGnC,IAAG2C,EAAK,CAAS,EAARA,EAAG,GAAQ3C,EAAElB,QACzB6D,EAAG,IACP,KAAK,EAAG,KAAK,EAAG3C,EAAI2C,EAAI,MACxB,KAAK,EAAc,OAAXN,EAAEC,QAAgB,CAAExD,MAAO6D,EAAG,GAAI5D,MAAM,GAChD,KAAK,EAAGsD,EAAEC,QAASH,EAAIQ,EAAG,GAAIA,EAAK,CAAC,GAAI,SACxC,KAAK,EAAGA,EAAKN,EAAEI,IAAII,MAAOR,EAAEG,KAAKK,MAAO,SACxC,QACI,MAAkB7C,GAAZA,EAAIqC,EAAEG,MAAY3D,OAAS,GAAKmB,EAAEA,EAAEnB,OAAS,KAAkB,IAAV8D,EAAG,IAAsB,IAAVA,EAAG,IAAW,CAAEN,EAAI,EAAG,SACjG,GAAc,IAAVM,EAAG,MAAc3C,GAAM2C,EAAG,GAAK3C,EAAE,IAAM2C,EAAG,GAAK3C,EAAE,IAAM,CAAEqC,EAAEC,MAAQK,EAAG,GAAI,MAC9E,GAAc,IAAVA,EAAG,IAAYN,EAAEC,MAAQtC,EAAE,GAAI,CAAEqC,EAAEC,MAAQtC,EAAE,GAAIA,EAAI2C,EAAI,MAC7D,GAAI3C,GAAKqC,EAAEC,MAAQtC,EAAE,GAAI,CAAEqC,EAAEC,MAAQtC,EAAE,GAAIqC,EAAEI,IAAIpD,KAAKsD,GAAK,MACvD3C,EAAE,IAAIqC,EAAEI,IAAII,MAChBR,EAAEG,KAAKK,MAAO,SAEtBF,EAAKV,EAAKtD,KAAK0C,EAASgB,GAC1B,MAAOlD,GAAKwD,EAAK,CAAC,EAAGxD,GAAIgD,EAAI,E,QAAeD,EAAIlC,EAAI,EACtD,GAAY,EAAR2C,EAAG,GAAQ,MAAMA,EAAG,GAAI,MAAO,CAAE7D,MAAO6D,EAAG,GAAKA,EAAG,QAAK,EAAQ5D,MAAM,GArB9B8C,CAAK,CAAC5C,EAAGO,OAyB7D,wBAA6BjB,EAAGhB,GAC5B,IAAK,IAAIY,KAAKI,EAAQhB,EAAQa,eAAeD,KAAIZ,EAAQY,GAAKI,EAAEJ,KAGpE,aAWA,WAiBA,sBACI,IAAK,IAAIiB,EAAK,GAAIV,EAAI,EAAGA,EAAIwB,UAAUrB,OAAQH,IAC3CU,EAAKA,EAAG0D,OAAO9D,EAAOkB,UAAUxB,KACpC,OAAOU,GAGX,4BACI,IAAK,IAAIa,EAAI,EAAGvB,EAAI,EAAGqE,EAAK7C,UAAUrB,OAAQH,EAAIqE,EAAIrE,IAAKuB,GAAKC,UAAUxB,GAAGG,OACxE,IAAIK,EAAIhB,MAAM+B,GAAI+C,EAAI,EAA3B,IAA8BtE,EAAI,EAAGA,EAAIqE,EAAIrE,IACzC,IAAK,IAAIuE,EAAI/C,UAAUxB,GAAIwE,EAAI,EAAGC,EAAKF,EAAEpE,OAAQqE,EAAIC,EAAID,IAAKF,IAC1D9D,EAAE8D,GAAKC,EAAEC,GACjB,OAAOhE,GAGX,YAIA,4BAAiCmC,EAASC,EAAYE,GAClD,IAAKhD,OAAO4E,cAAe,MAAM,IAAIR,UAAU,wCAC/C,IAAoDlE,EAAhD0D,EAAIZ,EAAUrB,MAAMkB,EAASC,GAAc,IAAQ+B,EAAI,GAC3D,OAAO3E,EAAI,GAAIgE,EAAK,QAASA,EAAK,SAAUA,EAAK,UAAWhE,EAAEF,OAAO4E,eAAiB,WAAc,OAAO3D,MAASf,EACpH,SAASgE,EAAKzD,GAASmD,EAAEnD,KAAIP,EAAEO,GAAK,SAAUO,GAAK,OAAO,IAAIiC,SAAQ,SAAUwB,EAAGnF,GAAKuF,EAAEhE,KAAK,CAACJ,EAAGO,EAAGyD,EAAGnF,IAAM,GAAKwF,EAAOrE,EAAGO,QAC9H,SAAS8D,EAAOrE,EAAGO,GAAK,KACVN,EADqBkD,EAAEnD,GAAGO,IACnBV,iBAAiBS,EAAUkC,QAAQC,QAAQxC,EAAEJ,MAAMU,GAAGwC,KAAKuB,EAAS5B,GAAU6B,EAAOH,EAAE,GAAG,GAAInE,GADpE,MAAOC,GAAKqE,EAAOH,EAAE,GAAG,GAAIlE,GAC3E,IAAcD,EACd,SAASqE,EAAQzE,GAASwE,EAAO,OAAQxE,GACzC,SAAS6C,EAAO7C,GAASwE,EAAO,QAASxE,GACzC,SAAS0E,EAAOtB,EAAG1C,GAAS0C,EAAE1C,GAAI6D,EAAEI,QAASJ,EAAExE,QAAQyE,EAAOD,EAAE,GAAG,GAAIA,EAAE,GAAG,MAGhF,4BAAiC/E,GAC7B,IAAII,EAAGP,EACP,OAAOO,EAAI,GAAIgE,EAAK,QAASA,EAAK,SAAS,SAAUvD,GAAK,MAAMA,KAAOuD,EAAK,UAAWhE,EAAEF,OAAOC,UAAY,WAAc,OAAOgB,MAASf,EAC1I,SAASgE,EAAKzD,EAAGiD,GAAKxD,EAAEO,GAAKX,EAAEW,GAAK,SAAUO,GAAK,OAAQrB,GAAKA,GAAK,CAAEW,MAAOS,EAAQjB,EAAEW,GAAGO,IAAKT,KAAY,WAANE,GAAmBiD,EAAIA,EAAE1C,GAAKA,GAAO0C,IAG/I,yBAA8B5D,GAC1B,IAAKE,OAAO4E,cAAe,MAAM,IAAIR,UAAU,wCAC/C,IAAiClE,EAA7BH,EAAID,EAAEE,OAAO4E,eACjB,OAAO7E,EAAIA,EAAEI,KAAKL,IAAMA,EAAqCD,EAASC,GAA2BI,EAAI,GAAIgE,EAAK,QAASA,EAAK,SAAUA,EAAK,UAAWhE,EAAEF,OAAO4E,eAAiB,WAAc,OAAO3D,MAASf,GAC9M,SAASgE,EAAKzD,GAAKP,EAAEO,GAAKX,EAAEW,IAAM,SAAUO,GAAK,OAAO,IAAIiC,SAAQ,SAAUC,EAASC,IACvF,SAAgBD,EAASC,EAAQ9D,EAAG2B,GAAKiC,QAAQC,QAAQlC,GAAGwC,MAAK,SAASxC,GAAKkC,EAAQ,CAAE5C,MAAOU,EAAGT,KAAMlB,MAAS8D,GADJ6B,CAAO9B,EAASC,GAA7BnC,EAAIlB,EAAEW,GAAGO,IAA8BT,KAAMS,EAAEV,aAIpJ,gCAAqC4E,EAAQC,GAEzC,OADI5F,OAAOgD,eAAkBhD,OAAOgD,eAAe2C,EAAQ,MAAO,CAAE5E,MAAO6E,IAAiBD,EAAOC,IAAMA,EAClGD,GAGX,wBAA6BE,GACzB,GAAIA,GAAOA,EAAIC,WAAY,OAAOD,EAClC,IAAI7B,EAAS,GACb,GAAW,MAAP6B,EAAa,IAAK,IAAIZ,KAAKY,EAAS7F,OAAOK,eAAeO,KAAKiF,EAAKZ,KAAIjB,EAAOiB,GAAKY,EAAIZ,IAE5F,OADAjB,EAAO+B,QAAUF,EACV7B,GAGX,2BAAgC6B,GAC5B,OAAQA,GAAOA,EAAIC,WAAcD,EAAM,CAAEE,QAASF,K,qEC3LtD,aACA,SAYA,aAqBI,WAAYG,EAA2BC,EAA+BC,EAAkBC,EAAcC,EAA2BC,EAAcC,GAC3I5E,KAAKsE,kBAAoBA,EACzBtE,KAAKuE,sBAAwBA,EAC7BvE,KAAKwE,SAAWA,EAChBxE,KAAKyE,KAAOA,EAEZzE,KAAK6E,QAAUH,EACf1E,KAAK0E,cAAgBA,EACrB1E,KAAK2E,IAAMA,EACX3E,KAAK4E,YAAcA,EAyC3B,OAjCW,EAAAE,cAAP,SAAqBD,EAAkBE,GAGnC,IAMIR,EANED,EAA4BO,EAAQG,UAAaH,EAAQI,QAGzDC,EAAcH,EAAaA,EAAWG,IAAM,GAC5CC,EAAeJ,EAAaA,EAAWI,KAAO,GAMpD,OAHK,EAAAC,YAAYC,QAAQH,KACrBX,EAAwB,EAAAa,YAAYC,QAAQF,GAAO,EAAAG,YAAYC,aAAaL,GAAM,EAAAI,YAAYC,aAAaL,GAAO,IAAM,EAAAI,YAAYC,aAAaJ,IAE9I,IAAIK,EAAQlB,EAAmBC,EAAuBM,EAAQY,cAAeZ,EAAQJ,KAAMI,EAAQa,OAAQb,EAAQF,IAAKE,EAAQc,SASpI,EAAAC,gBAAP,SAAuBC,EAAaC,GAChC,SAAKD,GAAOC,GAGRD,EAAGtB,uBAAyBuB,EAAGvB,uBAC3BsB,EAAGtB,wBAA0BuB,EAAGvB,wBAMhD,EAvEA,GAAa,EAAAiB,W,mECGb,kCAAuCO,GACnC,MAAO,CACHC,SAAU,GACVC,SAAU,GACVC,UAAW,GACXrB,QAAS,KACTH,cAAe,KACfyB,YAAa,GACbC,OAAQ,KACRC,UAAW,KACXC,QAAS,KACTC,aAAcR,EACdS,WAAW,K,qEC7BnB,aAyBA,iCAAsCC,GAClC,GAAKA,EAAQC,cAGb,IACIC,KAAKC,MAAMH,EAAQC,eACrB,MAAOhH,GACL,MAAM,EAAAmH,yBAAyBC,gCAAgCpH,M,qECjCvE,aACA,SACA,SAMA,aA6BI,WAAYqH,EAAuBC,GAC/B,IAAKD,GAAiB,EAAA3B,YAAYC,QAAQ0B,GAGtC,OAFA/G,KAAKkF,IAAM,QACXlF,KAAKmF,KAAO,IAIhB,IACI,IAAM8B,EAA4B,EAAA3B,YAAY4B,aAAaH,GACrDhC,EAAqC4B,KAAKC,MAAMK,GAClDlC,IACIA,EAAWpG,eAAe,SAC1BqB,KAAKkF,IAAM8B,EAAYG,EAAWC,mBAAmBrC,EAAWG,IAAK8B,GAAYjC,EAAWG,KAG5FH,EAAWpG,eAAe,UAC1BqB,KAAKmF,KAAOJ,EAAWI,OAGjC,MAAOzF,GACL,MAAM,EAAA2H,gBAAgBC,8BAA8B5H,IA8BhE,OA5EI,sBAAI,kBAAG,C,IAAP,WACI,OAAOM,KAAKuH,KAAOvH,KAAKuH,KAAO,I,IAGnC,SAAQrC,GACJlF,KAAKuH,KAAOrC,G,gCAIhB,sBAAI,mBAAI,C,IAAR,WACI,OAAOlF,KAAKwH,MAAQxH,KAAKwH,MAAQ,I,IAGrC,SAASrC,GACLnF,KAAKwH,MAAQrC,G,gCAGV,EAAAsC,4BAAP,SAAmC5C,EAAiBmC,GAChD,IAAMjC,EAAa,CACfG,IAAKL,EAAQI,QACbE,KAAM,IAGV,OAAO,IAAIgC,EAAW,EAAA7B,YAAYC,aAAaoB,KAAKe,UAAU3C,IAAciC,IA2BzE,EAAAI,mBAAP,SAA0BlC,EAAa8B,GACnC,IAAMW,EAAczC,EAAI0C,MAAM,KAExBC,EAAcb,EAAUY,MAAM,KAAKE,UACrCC,EAAS,GASb,OAPK,EAAA3C,YAAYC,QAAQwC,EAAY,IAE1BA,EAAYzI,OAAS,IAE5B2I,EAASF,EAAY,IAHrBE,EAASF,EAAY,GAMrBF,EAAYA,EAAYvI,OAAS,KAAQ2I,EAElCJ,EAAYK,MAAM,EAAGL,EAAYvI,OAAS,GAAG6I,KAAK,KAGtD/C,GAGJ,YAAAgD,iBAAP,WACI,IAAMnD,EAAa4B,KAAKe,UAAU,CAACxC,IAAKlF,KAAKkF,IAAKC,KAAMnF,KAAKmF,OAE7D,OAAO,EAAAG,YAAYC,aAAaR,IAExC,EA/EA,GAAa,EAAAoC,c,kFCRb,QACA,SA+GMgB,EAAoC,CACtCC,SAAU,GACVpB,UAAW,KACXqB,mBAAmB,EACnBC,kBAAmB,GACnBC,iBAAkB,GAClBC,YAAa,WAAM,SAAAC,SAASC,iBAC5BC,sBAAuB,WAAM,SAAAF,SAASC,iBACtCE,2BAA2B,GAGzBC,EAAsC,CACxCC,cAAe,iBACfC,wBAAwB,GAGtBC,EAAwC,CAC1CC,OAAQ,IAAI,EAAAC,OAAO,MACnBC,iBApHkB,IAqHlBC,0BApHW,IAqHXC,kBApHwB,KAuHtBC,EAA8C,CAChDC,WAAW,EACXC,qBAAsB,IAAI/K,MAC1BgL,qBAAsB,IAAIC,KAe9B,8BAAmC,G,IAAEC,EAAA,EAAAA,KAAM,IAAAC,aAAA,IAAQ,EAAR,KAAY,IAAAC,cAAA,IAAS,EAAT,KAAa,IAAAC,iBAAA,IAAY,EAAZ,KAOhE,MANuC,CACnCH,KAAM,EAAF,YAAOxB,EAAyBwB,GACpCC,MAAO,EAAF,YAAOf,EAA0Be,GACtCC,OAAQ,EAAF,YAAOb,EAA2Ba,GACxCC,UAAW,EAAF,YAAOR,EAA8BQ,M,qEC9JtD,aACA,QAEA,SAKA,EAiBI,SAAYC,GACR,GAAI,EAAA3E,YAAYC,QAAQ0E,GACpB,MAAM,EAAA1C,gBAAgB2C,8BAA8BD,GAExD,IACI/J,KAAK+J,WAAaA,EAClB/J,KAAK0F,OAAS,EAAAuE,WAAWC,eAAeH,GACpC/J,KAAK0F,SACD1F,KAAK0F,OAAO/G,eAAe,SAC3BqB,KAAK2F,OAAS3F,KAAK0F,OAAY,KAG/B1F,KAAK0F,OAAO/G,eAAe,SAC3BqB,KAAKgF,SAAWhF,KAAK0F,OAAY,KAGjC1F,KAAK0F,OAAO/G,eAAe,SAC3BqB,KAAKiF,QAAUjF,KAAK0F,OAAY,KAGhC1F,KAAK0F,OAAO/G,eAAe,SAC3BqB,KAAKiG,SAAWjG,KAAK0F,OAAY,KAGjC1F,KAAK0F,OAAO/G,eAAe,SAC3BqB,KAAKmK,QAAUnK,KAAK0F,OAAY,KAGhC1F,KAAK0F,OAAO/G,eAAe,sBAC3BqB,KAAKyF,cAAgBzF,KAAK0F,OAA2B,mBAC9C1F,KAAK0F,OAAO/G,eAAe,SAClCqB,KAAKyF,cAAgBzF,KAAK0F,OAAY,KAGtC1F,KAAK0F,OAAO/G,eAAe,UAC3BqB,KAAKyE,KAAOzE,KAAK0F,OAAa,MAG9B1F,KAAK0F,OAAO/G,eAAe,WAC3BqB,KAAKoK,MAAQpK,KAAK0F,OAAc,OAGhC1F,KAAK0F,OAAO/G,eAAe,SAC3BqB,KAAKqK,WAAarK,KAAK0F,OAAY,KAGnC1F,KAAK0F,OAAO/G,eAAe,cAC3BqB,KAAKsK,aAAetK,KAAK0F,OAAiB,UAG1C1F,KAAK0F,OAAO/G,eAAe,SAC3BqB,KAAK2E,IAAM3E,KAAK0F,OAAY,KAG5B1F,KAAK0F,OAAO/G,eAAe,8BAC3BqB,KAAKuK,cAAgBvK,KAAK0F,OAAiC,2BAIrE,MAAOhG,GAKL,MAAM,EAAA2H,gBAAgBmD,0BAA0B9K,KAjF/C,EAAA+K,W,oECRb,IAOYC,EAPZ,SACA,UAMA,SAAYA,GACR,qBACA,yBACA,mBACA,yBAJJ,CAAYA,EAAA,EAAAA,WAAA,EAAAA,SAAQ,KAOpB,iBA4BI,WAAYC,EACRC,QAAA,IAAAA,MAAA,IAbI,KAAAC,MAAkBH,EAASI,KAoB3B,QAAAC,qBAAA,IAAgB,EAAhB,KACA,IAAAF,aAAA,IAAQ,EAAR,SACA,IAAAG,yBAAA,IAAoB,GAApB,EAGJhL,KAAK2K,cAAgBA,EACrB3K,KAAK+K,cAAgBA,EACrB/K,KAAK6K,MAAQA,EACb7K,KAAKgL,kBAAoBA,EAyFjC,OAnFY,YAAAC,WAAR,SAAmBC,EAAoBD,EAAoBE,GACvD,KAAKD,EAAWlL,KAAK6K,QAAY7K,KAAKgL,mBAAqBG,GAA3D,CAGA,IACIC,EADEC,GAAY,IAAIC,MAAOC,cAMzBH,EAJC,EAAAhG,YAAYC,QAAQrF,KAAK+K,eAIpBM,EAAY,IAAM,UAAiB,IAAMX,EAASQ,IAAaC,EAAc,OAAS,IAAM,IAAMF,EAHlGI,EAAY,IAAMrL,KAAK+K,cAAgB,IAAM,UAAiB,IAAML,EAASQ,IAAaC,EAAc,OAAS,IAAM,IAAMF,EAKvIjL,KAAKwL,gBAAgBN,EAAUE,EAAKD,KAMxC,YAAAK,gBAAA,SAAgBX,EAAiBY,EAAiBN,GAC1CnL,KAAK2K,eACL3K,KAAK2K,cAAcE,EAAOY,EAASN,IAO3C,YAAAtL,MAAA,SAAM4L,GACFzL,KAAKiL,WAAWP,EAASgB,MAAOD,GAAS,IAM7C,YAAAE,SAAA,SAASF,GACLzL,KAAKiL,WAAWP,EAASgB,MAAOD,GAAS,IAM7C,YAAAG,QAAA,SAAQH,GACJzL,KAAKiL,WAAWP,EAASmB,QAASJ,GAAS,IAM/C,YAAAK,WAAA,SAAWL,GACPzL,KAAKiL,WAAWP,EAASmB,QAASJ,GAAS,IAM/C,YAAAM,KAAA,SAAKN,GACDzL,KAAKiL,WAAWP,EAASI,KAAMW,GAAS,IAM5C,YAAAO,QAAA,SAAQP,GACJzL,KAAKiL,WAAWP,EAASI,KAAMW,GAAS,IAM5C,YAAAQ,QAAA,SAAQR,GACJzL,KAAKiL,WAAWP,EAASwB,QAAST,GAAS,IAM/C,YAAAU,WAAA,SAAWV,GACPzL,KAAKiL,WAAWP,EAASwB,QAAST,GAAS,IAG/C,YAAAW,oBAAA,WACI,OAAOpM,KAAKgL,mBAEpB,EArIA,GAAa,EAAA9B,U,oECdb,aACA,QAEA,2BA+NA,OAtNW,EAAAmD,qBAAP,SAA4BC,EAA6BlG,GAGrD,IAFA,IAAMmG,EAAwBvM,KAAKwM,+BAAmCF,EAAY,SAC5EG,EAAgBzM,KAAKwM,+BAAmCpG,EAAM,SAC3DnH,EAAI,EAAGA,EAAIwN,EAAcrN,OAAQH,IACtC,GAAIsN,EAAsB5L,QAAQ8L,EAAcxN,GAAGyN,gBAAkB,EACjE,OAAO,EAGf,OAAO,GASJ,EAAAC,cAAP,SAAqBL,EAA6BlG,GAC9C,IAAMmG,EAAwBvM,KAAKwM,+BAAmCF,EAAY,SAElF,OADsBtM,KAAKwM,+BAAmCpG,EAAM,SAC/CwG,OAAM,SAACvN,GAA2B,OAAAkN,EAAsB5L,QAAQtB,EAAMwN,WAAWH,gBAAkB,MASrH,EAAAI,0BAAP,SAAiCC,GAC7B,OAAOA,EAAMC,OAAON,eAOjB,EAAAF,+BAAP,SAAsCpG,GAAtC,WACI,OAAOA,EAAO6G,KAAI,SAAAF,GAAS,SAAKD,0BAA0BC,OAOvD,EAAAG,WAAP,SAAkB9G,GACd,OAAOA,EAAO6G,KAAI,SAAAF,GAAS,OAAAA,EAAMC,WAU9B,EAAAG,cAAP,SAAqB/G,EAAuB2G,GACxC,IAAMK,EAAWpN,KAAK8M,0BAA0BC,GAChD,OAAO3G,EAAOiH,QAAO,SAAAhO,GAAS,OAAAA,IAAU+N,MAOrC,EAAAE,WAAP,SAAkBlH,GACd,IAAImH,EAAoB,GACxB,GAAInH,EACA,IAAK,IAAInH,EAAY,EAAGA,EAAImH,EAAOhH,SAAUH,EACzCsO,GAActO,IAAMmH,EAAOhH,OAAS,EAAKgH,EAAOnH,GAAK,IAAMmH,EAAOnH,GAI1E,OAAOsO,GAWJ,EAAAC,mBAAP,SAA0BpH,EAAuBqH,GAC7C,GAAKrH,EAAL,CASA,IAAK3H,MAAMiP,QAAQtH,GACf,MAAM,EAAAS,yBAAyB8G,0BAA0BvH,GAI7D,GAAIA,EAAOhH,OAAS,GAAKqO,EACrB,MAAM,EAAA5G,yBAAyB+G,4BAA4BxH,EAAOyG,iBAdlE,GAAIY,EACA,MAAM,EAAA5G,yBAAyBgH,0BAA0BzH,IAyB9D,EAAA0H,kBAAP,SAAyB/H,GACrB,GAAIA,EAAO,CACP,IAAMgI,EAAahI,EAAMpF,QAAQ,EAAAqN,UAAUC,mBAC3C,GAAIF,GAAc,GAAKA,EAAa,EAAIhI,EAAM3G,OAC1C,OAAO2G,EAAMmI,UAAUH,EAAa,GAG5C,MAAO,IAQJ,EAAAI,aAAP,SAAoBC,EAA0BC,GAC1C,GAAID,EAAW,CACX,IAAME,EAAuBD,EAA0BrO,KAAKwM,+BAAmC6B,EAAuB,SAAK,KACrHE,EAAqBvO,KAAKwM,+BAAmC4B,EAAS,SAC5E,OAAOE,EAA2BC,EAAkB,OAAKD,GAAwBC,EAErF,OAAO,MASJ,EAAAC,uBAAP,SAA8BpI,GAC1B,IAAMqI,EAAcrI,EAAOhH,OACvBsP,EAAkB,EAUtB,OARItI,EAAOzF,QAAQ,EAAAqN,UAAUW,cAAgB,IACzCD,GAAmB,GAGnBtI,EAAOzF,QAAQ,EAAAqN,UAAUY,eAAiB,IAC1CF,GAAmB,GAGfD,EAAc,GAAKA,IAAgBC,GAOxC,EAAAG,sBAAP,SAA6BzI,GACzB,IAAM0I,EAAsB1I,EAAOzF,QAAQ,EAAAqN,UAAUW,cAAgB,EAC/DI,EAAuB3I,EAAOzF,QAAQ,EAAAqN,UAAUY,eAAiB,EAEvE,OAAQE,GAAuBC,GAO5B,EAAAC,qBAAP,SAA4B5I,EAAuBgC,GAE/C,QAAShC,GAAWA,EAAOzF,QAAQyH,IAAa,GAAuB,IAAlBhC,EAAOhH,QAQzD,EAAA6P,oBAAP,SAA2B7I,GACvB,IAAM8I,EAAiB9I,EASvB,OARuD,IAAnD8I,EAAevO,QAAQ,EAAAqN,UAAUW,cACjCO,EAAetP,KAAK,EAAAoO,UAAUW,cAGqB,IAApDO,EAAevO,QAAQ,EAAAqN,UAAUY,eAChCM,EAAetP,KAAK,EAAAoO,UAAUY,cAG3BM,GAOJ,EAAAC,oBAAP,SAA2B/I,GACvB,OAAOA,EAAOiH,QAAO,SAAAN,GACjB,OAAQA,IAAU,EAAAiB,UAAUW,aAAe5B,IAAU,EAAAiB,UAAUY,iBAUhE,EAAAQ,+BAAP,SAAsChJ,EAAuBgC,GACzD,OAAOpI,KAAKgP,qBAAqB5I,EAAQgC,GAAY,EAAA4F,UAAUqB,WAAajJ,GAEpF,EA/NA,GAAa,EAAAkJ,Y,qECFb,aAIA,QACA,SACA,QACA,SAOA,aAoCI,WAAatI,EAAsBoB,EAAkBmH,EAAsB/G,EAAqBpC,EAAuBL,EAAegF,GAClI/K,KAAKwP,kBAAoBxI,EACzBhH,KAAKoI,SAAWA,EAChBpI,KAAKoK,MAAQ,EAAA9E,YAAYmK,gBAGzBzP,KAAKoG,OAASA,EAAcA,EAAM,QAAI,EAAA4H,UAAUqB,WAChDrP,KAAKoG,OAAS,EAAAkJ,SAASpC,WAAWlN,KAAKoG,QAGvCpG,KAAK+F,MAAQA,EAGb/F,KAAK+K,cAAgBA,EAGrB/K,KAAK0P,WAAa,UAClB1P,KAAK2P,WAAa,UAElB3P,KAAKuP,aAAeA,EACpBvP,KAAKwI,YAAcA,EAoO3B,OArQI,sBAAW,wBAAS,C,IAApB,WACI,OAAOxI,KAAKwP,kBAAoBxP,KAAKwP,kBAAkBI,mBAAqB,M,gCA2ChF,YAAAC,oBAAA,SAAoBvJ,EAAkBG,EAAwCqJ,EAA4BC,GACtG,IAAIC,EAA8B,GAE9BvJ,IAEIA,EAAQwJ,SACRjQ,KAAKkQ,YAAczJ,EAAQwJ,QAI3BxJ,EAAQC,gBACR1G,KAAKmQ,YAAc1J,EAAQC,eAI3B0J,EAAwBC,WAAW5J,KACnCuJ,EAAkBhQ,KAAKsQ,oCAAoC7J,EAAS,QAIxEqJ,IACAE,EAAkBhQ,KAAKsQ,oCAAoC,KAAMR,IAOrEE,EAAkBhQ,KAAKuQ,kBAAkBjK,EAAS0J,GAGlD,IAAMQ,EAA4B/J,EAAUA,EAAQgK,qBAAuB,KAG3EzQ,KAAKgQ,gBAAkBI,EAAwBM,8BAA8BV,GAC7EhQ,KAAKyQ,qBAAuBL,EAAwBM,8BAA8BF,EAAUT,IAcxF,YAAAO,oCAAR,SAA4C7J,EAAmCkK,GAG3E,IAAIC,EACAC,EAGJ,GAAIpK,EACA,GAAIA,EAAQH,QAAS,CACjB,IAAMA,EAAmBG,EAAQH,QAC7BA,EAAQ3B,KACRiM,EAAU,EAAAE,SAASC,IACnBF,EAAUvK,EAAQ3B,KAEb2B,EAAQ9B,WACboM,EAAU,EAAAE,SAASE,WACnBH,EAAUvK,EAAQ9B,eAIjBiC,EAAQ9B,KACbiM,EAAU,EAAAE,SAASC,IACnBF,EAAUpK,EAAQ9B,KAGb8B,EAAQwK,YACbL,EAAU,EAAAE,SAASE,WACnBH,EAAUpK,EAAQwK,gBAIjBN,GACDA,EAAchS,eAAe,EAAAqP,UAAUkD,OACvCN,EAAU,EAAAE,SAASK,SACnBN,EAAUF,EAAmB,KAKrC,OADiB3Q,KAAKoR,gBAAgBR,EAASC,IAkB3C,YAAAN,kBAAR,SAA0BjK,EAAkB+K,GAKxC,IAAIC,EAAUD,EAgBd,OAfI/K,IAAYgL,EAAQ,EAAAR,SAASC,QAERO,EAAQ,EAAAR,SAASE,aAAe1K,EAAQ3B,KAAO3E,KAAKkQ,cAAgB,EAAAqB,YAAYC,KAEjGF,EAAUtR,KAAKoR,gBAAgB,EAAAN,SAASC,IAAKzK,EAAQ3B,IAAK2M,IAI/BA,EAAQ,EAAAR,SAASE,aAAe1K,EAAQ9B,WAAa,EAAAY,YAAYC,QAAQiB,EAAQ9B,YAExG8M,EAAUtR,KAAKoR,gBAAgB,EAAAN,SAASE,WAAY1K,EAAQ9B,SAAU8M,KAK3EA,GAOH,YAAAF,gBAAR,SAAwBR,EAAiBC,EAAiBQ,GACtD,IAAMI,EAAWJ,GAAU,GAE3B,IAAKR,EACD,OAAOY,EAGX,OAAQb,GACJ,KAAK,EAAAE,SAASC,IACVU,EAAS,EAAAX,SAASC,KAAOF,EACzB,MAEJ,KAAK,EAAAC,SAASK,SAId,KAAK,EAAAL,SAASE,WACVS,EAAS,EAAAX,SAASE,YAAcH,EAKxC,OAAOY,GAOJ,EAAAf,8BAAP,SAAqCV,EAA8BD,GAC/D,IAAI2B,EAA4B,KAkBhC,OAhBI1B,GACA1R,OAAOqT,KAAK3B,GAAiB4B,SAAQ,SAAC5Q,GAE/BA,IAAQ,EAAAgN,UAAU6D,cAAgB9B,GAAcC,EAAgB,EAAAc,SAASC,QAIvEW,EAIDA,GAAgB,IAAI1Q,EAAG,IAAI8Q,mBAAmB9B,EAAgBhP,IAH9D0Q,EAAkB1Q,EAAG,IAAI8Q,mBAAmB9B,EAAgBhP,QAQjE0Q,GAQJ,EAAArB,WAAP,SAAkB5J,GACd,SAAUA,KAAYA,EAAQH,SAAWG,EAAQ9B,KAAO8B,EAAQwK,aAS7D,EAAAc,sBAAP,SAA6BC,EAAwB5L,GAEjD,OAAI,EAAAkJ,SAASd,uBAAuBpI,GACzB,EAAA6L,cAAcC,SAGlB,EAAkBlS,KAAKmS,gCAAgC/L,GAAU,EAAA6L,cAAcG,gBAQ3E,EAAAD,gCAAf,SAA+C/L,GAE3C,OAAQ,EAAAkJ,SAAST,sBAAsBzI,GAAW,EAAA6L,cAAcG,eAAiB,EAAAH,cAAcI,OAEvG,EA5RA,GAAa,EAAAjC,2B,kFCdb,QACA,SACA,SACA,SACA,SACA,SAEA,SACA,SACA,QACA,SACA,SACA,QACA,QACA,SACA,QACA,SACA,SACA,SAEA,SACA,SACA,SACA,SACA,SACA,SACA,4BAEA,SAEA,QASA,SACA,SACA,QA2EA,aA6EI,WAAYkC,GAvEJ,KAAAC,qBAA6C,KAC7C,KAAAC,sBAA+C,KAC/C,KAAAC,sBAA+C,KAwEnDzS,KAAK0S,OAAS,EAAAC,mBAAmBL,GAEjCtS,KAAKiJ,OAASjJ,KAAK0S,OAAO7I,OAAOZ,OACjCjJ,KAAKoI,SAAWpI,KAAK0S,OAAO/I,KAAKvB,SACjCpI,KAAK4S,SAAW5S,KAAK0S,OAAO9I,MAAMb,uBAElC/I,KAAK6S,iBAAmB7S,KAAK8S,8BAA8B9S,KAAK0S,OAAO7I,OAAOkJ,UAAW/S,KAAKoI,UAE9F,EAAA4K,iBAAiBC,gCAAgCjT,KAAK0S,OAAO/I,KAAKtB,kBAAmBrI,KAAK0S,OAAO/I,KAAKpB,kBACtG,EAAA2K,iBAAiBC,uBAAuBnT,KAAK0S,OAAO/I,KAAK3C,UAAWhH,KAAK0S,OAAO/I,KAAKrB,mBAGrFtI,KAAKgH,UAAYhH,KAAK0S,OAAO/I,KAAK3C,WApKhB,2CAsKlBhH,KAAKoT,aAAe,IAAI,EAAAC,UAAUrT,KAAKoI,SAAUpI,KAAK0S,OAAO9I,MAAMd,cAAe9I,KAAK4S,UAGlFU,OAAOC,iBACRD,OAAOC,eAAiB,IAEvBD,OAAOE,cACRF,OAAOE,YAAc,IAEpBF,OAAOG,8BACRH,OAAOG,4BAA8B,IAEpCH,OAAOI,6BACRJ,OAAOI,2BAA6B,IAExCJ,OAAOK,KAAO3T,KAEd,IAAM4T,EAAUN,OAAOO,SAASC,KAC1BC,EAAkB,EAAAtL,SAASsL,gBAAgBH,GAGjD,EAAAI,YAAYC,2BAA2BjU,KAAKoT,cAGxCW,GAAmB/T,KAAKoT,aAAac,yBAAwB,IAC3ClU,KAAKmU,iBAAiBP,GAC1BQ,SAAW,EAAApG,UAAUqG,yBAC/BrU,KAAKsU,qCAAqCV,GAqnE1D,OA5sEI,sBAAW,wBAAS,C,IASpB,WACI,OAAO5T,KAAKwP,kBAAkBI,oB,IAVlC,SAAqB2E,GACjBvU,KAAKwP,kBAAoB,EAAA0D,iBAAiBsB,eAAeD,EAAKvU,KAAK0S,OAAO/I,KAAKtB,oB,gCAiB5E,YAAAoM,qBAAP,WACI,OAAOzU,KAAKwP,mBAoFhB,YAAAkF,uBAAA,SAAuBC,EAAmElC,GACtF,IAAKkC,EACD,MAAM,EAAA9N,yBAAyB+N,iCAAiCD,GAIhElC,GACAzS,KAAKwS,sBAAwBmC,EAC7B3U,KAAKyS,sBAAwBA,EAC7BzS,KAAKiJ,OAAO2C,QAAQ,kKAEpB5L,KAAKuS,qBAAuBoC,EAG5B3U,KAAK6U,cACL7U,KAAK8U,iBAAiB,EAAA9G,UAAUqG,wBAAyBrU,KAAK6U,cAAe7U,KAAK+U,kBAC3E/U,KAAK+U,kBACZ/U,KAAKgV,oBAAoB,EAAAhH,UAAUqG,wBAAyBrU,KAAK+U,mBAQlE,YAAAhB,gBAAP,SAAuBD,GAEnB,OADA9T,KAAKiJ,OAAOgD,QAAQ,mCACb,EAAAxD,SAASsL,gBAAgBD,IAG5B,YAAAkB,oBAAR,SAA4BC,EAAkCC,EAAwBjT,GAGlF,GAFAjC,KAAKiJ,OAAOgD,QAAQ,uCAEhBgJ,IAAoB,EAAAjH,UAAUqG,wBAC9BrU,KAAKiJ,OAAOgD,QAAQ,gCAChBjM,KAAKyS,uBACLzS,KAAKiJ,OAAOgD,QAAQ,iGACpBjM,KAAKwS,sBAAsB0C,IACpBlV,KAAKuS,uBACZvS,KAAKiJ,OAAOgD,QAAQ,mGACpBjM,KAAKuS,qBAAqB,KAAM2C,QAEjC,IAAID,IAAoB,EAAAjH,UAAUmH,qBAIrC,MAAM,EAAA9N,gBAAgB+N,oCAHtBpV,KAAKiJ,OAAOgD,QAAQ,wCACpBhK,EAAQiT,KAMR,YAAAJ,iBAAR,SAAyBG,EAAkCI,EAAoBH,EAAwBhT,GAKnG,GAJAlC,KAAKiJ,OAAOgD,QAAQ,oCAGpBjM,KAAKoT,aAAakC,0BAAyB,GACvCL,IAAoB,EAAAjH,UAAUqG,wBAE9B,GADArU,KAAKiJ,OAAOgD,QAAQ,gCAChBjM,KAAKyS,sBACLzS,KAAKiJ,OAAOgD,QAAQ,iFACpBjM,KAAKyS,sBAAsB4C,EAASH,EAAS3O,kBAC1C,KAAIvG,KAAKuS,qBAKZ,MADAvS,KAAKiJ,OAAOgD,QAAQ,8FACdoJ,EAJNrV,KAAKiJ,OAAOgD,QAAQ,gGACpBjM,KAAKuS,qBAAqB8C,EAASH,OAKpC,IAAID,IAAoB,EAAAjH,UAAUmH,qBAIrC,MAAM,EAAA9N,gBAAgB+N,oCAHtBpV,KAAKiJ,OAAOgD,QAAQ,wCACpB/J,EAAOmT,KAWf,YAAAE,cAAA,SAAcC,GACVxV,KAAKiJ,OAAOgD,QAAQ,iCAGpB,IAAMxF,EAAoC,EAAAgP,aAAaC,gBAAgBF,GAAa,EAAMxV,KAAKoI,SAAU,EAAA4F,UAAUqG,yBACnHrU,KAAK2V,wBAAwB,EAAA3H,UAAUqG,yBAAyB,EAAM5N,EAAU,KAAM,OAS1F,YAAAmP,qBAAA,SAAqBJ,GACjBxV,KAAKiJ,OAAOgD,QAAQ,wCAGpB,IAAMxF,EAAoC,EAAAgP,aAAaC,gBAAgBF,GAAa,EAAOxV,KAAKoI,SAAU,EAAA4F,UAAUqG,yBACpHrU,KAAK2V,wBAAwB,EAAA3H,UAAUqG,yBAAyB,EAAO5N,EAAS,KAAM,OAU1F,YAAAoP,WAAA,SAAWL,GAAX,WACIxV,KAAKiJ,OAAOgD,QAAQ,8BAGpB,IAAMxF,EAAoC,EAAAgP,aAAaC,gBAAgBF,GAAa,EAAMxV,KAAKoI,SAAU,EAAA4F,UAAUmH,sBAC7GW,EAAqB9V,KAAK6S,iBAAiBkD,uBAAuBtP,EAAQsE,cAAe,EAAAiL,qBAAqBC,YAEpH,OAAO,IAAIjU,SAAsB,SAACC,EAASC,GACvC,EAAKyT,wBAAwB,EAAA3H,UAAUmH,sBAAsB,EAAM1O,EAASxE,EAASC,MAEpFK,MAAK,SAAC2T,GAGH,OAFA,EAAKjN,OAAOgD,QAAQ,0BACpB,EAAK4G,iBAAiBsD,qBAAqB1P,EAAQsE,cAAe+K,GAAU,GACrEI,KAEVE,OAAM,SAACvW,GAGJ,MAFA,EAAKuT,aAAaiD,oBAAoB5P,EAAQV,OAC9C,EAAK8M,iBAAiBsD,qBAAqB1P,EAAQsE,cAAe+K,GAAU,EAAOjW,EAAMyW,WACnFzW,MAWlB,YAAA0W,kBAAA,SAAkBf,GAAlB,WACIxV,KAAKiJ,OAAOgD,QAAQ,qCAGpB,IAAMxF,EAAoC,EAAAgP,aAAaC,gBAAgBF,GAAa,EAAOxV,KAAKoI,SAAU,EAAA4F,UAAUmH,sBAC9GW,EAAqB9V,KAAK6S,iBAAiBkD,uBAAuBtP,EAAQsE,cAAe,EAAAiL,qBAAqBQ,mBAEpH,OAAO,IAAIxU,SAAsB,SAACC,EAASC,GACvC,EAAKyT,wBAAwB,EAAA3H,UAAUmH,sBAAsB,EAAO1O,EAASxE,EAASC,MAErFK,MAAK,SAAC2T,GAGH,OAFA,EAAKjN,OAAOgD,QAAQ,+BACpB,EAAK4G,iBAAiBsD,qBAAqB1P,EAAQsE,cAAe+K,GAAU,GACrEI,KAEVE,OAAM,SAACvW,GAGJ,MAFA,EAAKuT,aAAaiD,oBAAoB5P,EAAQV,OAC9C,EAAK8M,iBAAiBsD,qBAAqB1P,EAAQsE,cAAe+K,GAAU,EAAOjW,EAAMyW,WACnFzW,MAaV,YAAA8V,wBAAR,SAAgCV,EAAkCwB,EAAsBhQ,EAAmCxE,EAAoBC,GAA/I,WACIlC,KAAKiJ,OAAOgD,QAAQ,2CAGpB,EAAA+H,YAAY0C,6BAEZ,IAkBIpQ,EAlBEqQ,EAAsB3W,KAAKoT,aAAac,yBAAwB,GAMtE,GALGe,IAAoB,EAAAjH,UAAUqG,yBAC7BrU,KAAKoT,aAAawD,QAAQ,EAAAC,mBAAmBC,iBAAkB,GAAG,EAAA9I,UAAU+I,WAAa,EAAA/I,UAAUC,kBAAoBxH,EAAQV,OAI/H4Q,EAAqB,CACrB,IAAMK,EAAcP,EAAc,EAAApP,gBAAgB4P,6BAA+B,EAAA5P,gBAAgB6P,oCAC3FC,EAAoB,EAAAC,uBAAuBpX,KAAKqX,gBAAgB5Q,EAAQV,QAM9E,OALA/F,KAAKoT,aAAaiD,oBAAoB5P,EAAQV,YAC9C/F,KAAK8U,iBAAiBG,EAClB+B,EACAG,EACAjV,GAeR,GATIuE,GAAWA,EAAQH,UAAYmQ,GAC/BnQ,EAAUG,EAAQH,QAClBtG,KAAKiJ,OAAOgD,QAAQ,8BAEpB3F,EAAUtG,KAAKsX,aACftX,KAAKiJ,OAAOgD,QAAQ,gCAInB3F,GAAY,EAAA8J,wBAAwBC,WAAW5J,GA8ChDzG,KAAKiJ,OAAOgD,QAAQ,2CACpBjM,KAAKuX,mBAAmBjR,EAAS2O,EAAiBwB,EAAahQ,EAASxE,EAASC,OA/CvB,CAC1D,IAAIuU,EAwCA,OARAzW,KAAKiJ,OAAOgD,QAAQ,kDACpBjM,KAAKiJ,OAAO8C,KAAK,0BACXoL,EAAoB,EAAAC,uBAAuBpX,KAAKqX,gBAAgB5Q,EAAQV,QAC9E/F,KAAKoT,aAAaiD,oBAAoB5P,EAAQV,YAC9C/F,KAAK8U,iBAAiBG,EAClB,EAAA5N,gBAAgBmQ,+BAChBL,EACAjV,GAlCJ,GAHoBlC,KAAKyX,uBAGLhR,EAAQL,OAAQ,CAChCpG,KAAKiJ,OAAO8C,KAAK,2EACjB,IAAM2L,EAAyC1X,KAAK2X,oBAAoBlR,GAExEzG,KAAK4X,aAAc,EACnB5X,KAAK6X,mBAAmBH,GAAcnV,MAAK,SAAA2S,GACvC,EAAK0C,aAAc,EACnB,EAAK3O,OAAO8C,KAAK,oCAEjB,EAAKiJ,oBAAoBC,EAAiBC,EAAUjT,MAErD,SAACpC,GACA,EAAK+X,aAAc,EACnB,EAAK3O,OAAOpJ,MAAM,4CAA8CA,GAGhE,EAAK0X,mBAAmB,KAAMtC,EAAiBwB,EAAahQ,EAASxE,EAASC,WAKlFlC,KAAKiJ,OAAOgD,QAAQ,mDACpBjM,KAAKuX,mBAAmB,KAAMtC,EAAiBwB,EAAahQ,EAASxE,EAASC,KA6BhF,YAAAqV,mBAAd,SAAiCjR,EAAkB2O,EAAkCwB,EAAsBhQ,EAAmCxE,EAAoBC,G,+BAAoBF,SAAO,W,sFACzLhC,KAAKiJ,OAAOgD,QAAQ,sCACpBjM,KAAKiJ,OAAOgD,QAAQ,qBAAqBgJ,EAAe,kBAAkBwB,GAG1EzW,KAAKoT,aAAakC,0BAAyB,GACrCwC,EAAmBrR,EAAQL,OAASK,EAAQL,OAAO6B,KAAK,KAAKyE,cAAgB,EAAAsB,UAAUqB,WAAWpH,KAAK,KAC7GjI,KAAKiJ,OAAOkD,WAAW,sBAAsB2L,GAGvCC,EAAyBtR,GAAWA,EAAQO,UAAa,EAAAkM,iBAAiBsB,eAAe/N,EAAQO,UAAWhH,KAAK0S,OAAO/I,KAAKtB,kBAAmB5B,EAAQ6B,mBAAqBtI,KAAKwP,kB,gDAI/KuI,EAAsBC,oBAAvB,OACAhY,KAAKiJ,OAAOgD,QAAQ,oCACpB,GAAM,EAAAiH,iBAAiB+E,wBAAwBF,EAAuB/X,KAAK6S,iBAAkBpM,EAAQsE,iB,cAArG,S,aAEA/K,KAAKiJ,OAAOgD,QAAQ,uC,iBA6BxB,GAzBMsD,EAAuBkH,EAAc,EAAAxE,cAAcC,SAAWlS,KAAKkY,aAAa5R,EAASG,EAAQL,QAEjG+R,EAAiB1R,EAAQ2R,mBAAqB9E,OAAOO,SAASwE,KAEpEC,EAA8B,IAAI,EAAAlI,wBAC9B2H,EACA/X,KAAKoI,SACLmH,EACAvP,KAAKuY,eAAe9R,GAAWA,EAAQ+B,aACvC/B,EAAQL,OACRK,EAAQV,MACRU,EAAQsE,eAEZ/K,KAAKiJ,OAAOgD,QAAQ,mDAEpBjM,KAAKwY,mBAAmBF,EAA6BhS,EAASmQ,EAAa0B,GAC3EnY,KAAKiJ,OAAOgD,QAAQ,0BAGpBqM,EAA4BzI,oBAAoBvJ,EAASG,GACzDzG,KAAKiJ,OAAOgD,QAAQ,2CAGdwM,EAAc,EAAAhQ,SAASiQ,kBAAkBJ,GAA+B,EAAAtK,UAAU2K,uBAEpF1D,IAAoB,EAAAjH,UAAUqG,wBACzBoC,EAKDzW,KAAKiJ,OAAOgD,QAAQ,uEAJpBjM,KAAKoT,aAAawD,QAAQ,EAAAvD,UAAUuF,0BAA0B,EAAA/B,mBAAmBgC,gBAAiBpS,EAAQV,OAAQuS,EAA4BvS,MAAO/F,KAAK4S,UAC1J5S,KAAKiJ,OAAOgD,QAAQ,6BACpBjM,KAAKiJ,OAAOkD,WAAW,iBAAiBmM,EAA4BvS,YAIrE,IAAIkP,IAAoB,EAAAjH,UAAUmH,qBAUrC,MADAnV,KAAKiJ,OAAOgD,QAAQ,+CACd,EAAA5E,gBAAgB+N,oCATtB9B,OAAOE,YAAY5T,KAAK0Y,EAA4BvS,OACpDuN,OAAOwF,YAAcrC,EAAc,EAAAzI,UAAU+K,MAAQ,EAAA/K,UAAUgL,WAC/DhZ,KAAKiJ,OAAOgD,QAAQ,yBACpBjM,KAAKiJ,OAAOkD,WAAW,gBAAgBmM,EAA4BvS,OAGnE/F,KAAKiZ,iBAAiBX,EAA4BvS,MAAO+R,EAAkB7V,EAASC,G,GAMpF+S,IAAoB,EAAAjH,UAAUmH,qBAA9B,YACAnV,KAAKiJ,OAAOgD,QAAQ,sDAEpB,IACIiN,EAAclZ,KAAKmZ,UAAUV,EAAa,OAAQ,EAAAzK,UAAUoL,WAAY,EAAApL,UAAUqL,aAGlF,EAAArF,YAAYsF,WAAWJ,GACzB,MAAOxZ,GAIL,GAHAM,KAAKiJ,OAAO8C,KAAK,EAAAwN,uBAAuBC,iBAAiBC,KAAO,IAAM,EAAAF,uBAAuBC,iBAAiBvY,MAC9GjB,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeC,MAAO,EAAAJ,uBAAuBC,iBAAiBC,MACxFzZ,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeE,WAAY,EAAAL,uBAAuBC,iBAAiBvY,MACzFiB,EAEA,OADAA,EAAO,EAAAmF,gBAAgBwS,0BACvB,I,IAKJX,EAAA,Y,iBAEiB,O,sBAAA,GAAM,EAAAlF,YAAY8F,oBAAoBZ,EAAalZ,KAAK0S,OAAO7I,OAAOV,iBAAkBsP,EAAazY,KAAKiJ,S,cAAjH6K,EAAO,SAEb9T,KAAK+Z,6BAA6BjG,GAGlC9T,KAAKoT,aAAakC,0BAAyB,GAC3CtV,KAAKiJ,OAAO8C,KAAK,wBAGb/L,KAAK0S,OAAO5I,UAAUP,WACtBvJ,KAAKga,UAAU,wBAAyBlG,GAG5C,EAAAE,YAAYiG,c,+BAER/X,GACAA,EAAO,GAGPlC,KAAK0S,OAAO5I,UAAUP,UACtBvJ,KAAKga,UAAU,mBAAoB,EAAM1D,UAAY,EAAAtI,UAAUC,kBAAoB,EAAMiM,eAGzFla,KAAKoT,aAAakC,0BAAyB,GAC3C4D,EAAYiB,S,iCAMpB1T,EAAQ2T,oBACRpa,KAAKiJ,OAAOgD,QAAQ,yCAKH,IAHAxF,EAAQ2T,mBAAmB3B,IAIxCzY,KAAKiJ,OAAOgD,QAAQ,uDACpBjM,KAAKqa,eAAe5B,IAEpBzY,KAAKiJ,OAAOgD,QAAQ,4DAIxBjM,KAAKiJ,OAAOgD,QAAQ,oCACpBjM,KAAKqa,eAAe5B,I,0DAI5BzY,KAAKiJ,OAAOpJ,MAAM,GAClBG,KAAKoT,aAAaiD,oBAAoB5P,EAAQV,OAC9C/F,KAAK8U,iBAAiBG,EAAiB,EAAA5N,gBAAgBiT,8BAA8B,EAAIzN,UAAW,EAAAuK,uBAAuB3Q,EAAQV,OAAQ7D,GACvIgX,GACAA,EAAYiB,Q,iCASxB,YAAAI,UAAA,SAAU9T,GAIN,GAHAzG,KAAKiJ,OAAOgD,QAAQ,8BAGfxF,EACD,MAAM,EAAAI,yBAAyB2T,0BAInC,IAAK/T,EAAQ9B,MAAQ8B,EAAQwK,UACzB,MAAM,EAAApK,yBAAyB4T,uBAGnC,OAAOza,KAAK6X,mBAAmB,EAAD,YACvBpR,EAAO,CACVL,OAAQ,EAAA4H,UAAUqB,eAgB1B,YAAAwI,mBAAA,SAAmBrC,GAAnB,WACIxV,KAAKiJ,OAAOgD,QAAQ,sCAGpB,IAAMxF,EAAU,EAAAgP,aAAaC,gBAAgBF,GAAa,EAAOxV,KAAKoI,SAAU,EAAA4F,UAAU0M,uBACpF5E,EAAqB9V,KAAK6S,iBAAiBkD,uBAAuBtP,EAAQsE,cAAe,EAAAiL,qBAAqB2E,oBAC9G7C,EAAmB,EAAArC,aAAamF,uBAAuBnU,GAE7D,OAAO,IAAIzE,SAAsB,SAAOC,EAASC,GAAM,+C,wFAsBnD,GAnBA,EAAA8R,YAAY0C,6BAEN3J,EAAQtG,EAAQL,OAAO6B,KAAK,KAAKyE,cACvC1M,KAAKiJ,OAAOkD,WAAW,sBAAsBY,GAIzCtG,EAAQH,SACRA,EAAUG,EAAQH,QAClBtG,KAAKiJ,OAAOgD,QAAQ,8BAEpB3F,EAAUtG,KAAKsX,aACftX,KAAKiJ,OAAOgD,QAAQ,gCAIlB4O,EAAc7a,KAAKoT,aAAa0H,QAAQ,EAAA9M,UAAU6M,cAGnDvU,IAAaG,EAAQ9B,MAAQ8B,EAAQwK,WAAc,EAAA7L,YAAYC,QAAQwV,GAGxE,OAFA7a,KAAKiJ,OAAO8C,KAAK,0BAEV,CAAP,EAAO7J,EAAO,EAAAmF,gBAAgBmQ,iCA0ClC,GAtCMjI,EAAevP,KAAKkY,aAAa5R,EAASG,EAAQL,QACxDpG,KAAKiJ,OAAOgD,QAAQ,kBAAkBsD,GAGhC+I,EAA8B,IAAI,EAAAlI,wBACpC,EAAA8C,iBAAiBsB,eAAe/N,EAAQO,UAAWhH,KAAK0S,OAAO/I,KAAKtB,kBAAmB5B,EAAQ6B,mBAC/FtI,KAAKoI,SACLmH,EACAvP,KAAKuY,eAAe9R,EAAQ+B,aAC5B/B,EAAQL,OACRK,EAAQV,MACRU,EAAQsE,eAGZ/K,KAAKiJ,OAAOgD,QAAQ,mDAGhB,EAAAmE,wBAAwBC,WAAW5J,IAAYH,GAC/CgS,EAA4BzI,oBAAoBvJ,EAASG,EAAS,MAAM,GACxEzG,KAAKiJ,OAAOgD,QAAQ,4DAGd3F,GAAY,EAAAlB,YAAYC,QAAQwV,GAOtC7a,KAAKiJ,OAAOgD,QAAQ,yCALd6D,EAAoB,EAAA7F,WAAWC,eAAe2Q,GACpD7a,KAAKiJ,OAAOgD,QAAQ,wGACpBqM,EAA4BzI,oBAAoBvJ,EAAS,KAAMwJ,GAAmB,MAMhFiL,EAAsBtU,EAAQC,eAAiB4R,EAA4BnI,eAMpD1J,EAAQuU,aACjC,IACIC,EAAsBjb,KAAKkb,eAAe5C,EAA6BhS,GACzE,MAAO5G,GACL2V,EAAU3V,E,OAKdub,GACAjb,KAAKiJ,OAAOgD,QAAQ,+BACpBjM,KAAKiJ,OAAOkD,WAAW,iBAAiBxF,KAAKe,UAAUuT,EAAoB7U,SAC3EnE,EAAQgZ,GACD,CAAP,EAAO,OAJP,M,cAMK5F,GACLrV,KAAKiJ,OAAO+C,QAAQqJ,EAAQiB,UAAY,IAAMjB,EAAQ6E,cACtDhY,EAAOmT,GACA,CAAP,EAAO,OAHF,M,OAQDpK,OAAU,EAEVA,EADA8P,EACa,+CACNtU,EAAQuU,aACF,yEAEA,uCAEjBhb,KAAKiJ,OAAOgD,QAAQhB,GAGfqN,EAA4B9I,oBAC7B8I,EAA4B9I,kBAAoB/I,EAAQO,UACpD,EAAAkM,iBAAiBsB,eAAe/N,EAAQO,UAAWhH,KAAK0S,OAAO/I,KAAKtB,kBAAmB5B,EAAQ6B,mBAC7FtI,KAAKwP,mBAEfxP,KAAKiJ,OAAOkD,WAAW,uBAAuBmM,EAA4BtR,W,8CAGjEsR,EAA4B9I,kBAAkBwI,oBAA/C,OACAhY,KAAKiJ,OAAOgD,QAAQ,oCACpB,GAAM,EAAAiH,iBAAiB+E,wBAAwBK,EAA4B9I,kBAAmBxP,KAAK6S,iBAAkBpM,EAAQsE,iB,cAA7H,SACA/K,KAAKiJ,OAAOgD,QAAQ,+D,aAEpBjM,KAAKiJ,OAAOgD,QAAQ,uC,wBAOpBqH,OAAOC,eAAeuE,IACtB9X,KAAKiJ,OAAOgD,QAAQ,oDAEpBjM,KAAKiZ,iBAAiB3F,OAAOC,eAAeuE,GAAmBA,EAAkB7V,EAASC,IAGtFuE,EAAQL,QAAU,EAAAkJ,SAASd,uBAAuB/H,EAAQL,SAK1DpG,KAAKiJ,OAAOgD,QAAQ,gDACpBjM,KAAK4X,aAAc,EACnB5X,KAAKmb,aAAarD,EAAkB7V,EAASC,EAAQoE,EAASgS,KAG9DtY,KAAKiJ,OAAOgD,QAAQ,yBACpBjM,KAAKgZ,WAAWlB,EAAkB7V,EAASC,EAAQoE,EAASgS,I,aAMpE,O,WAFAtY,KAAKiJ,OAAOpJ,MAAM,GAClBqC,EAAO,EAAAmF,gBAAgBiT,8BAA8B,EAAIzN,aAClD,CAAP,EAAO,M,2BAIdtK,MAAK,SAAA6Y,GAGF,OAFA,EAAKnS,OAAOgD,QAAQ,+BACpB,EAAK4G,iBAAiBsD,qBAAqB1P,EAAQsE,cAAe+K,GAAU,GACrEsF,KAEVhF,OAAM,SAACvW,GAGJ,MAFA,EAAKuT,aAAaiD,oBAAoB5P,EAAQV,OAC9C,EAAK8M,iBAAiBsD,qBAAqB1P,EAAQsE,cAAe+K,GAAU,EAAOjW,EAAMyW,WACnFzW,MAoBV,YAAAsZ,UAAR,SAAkBV,EAAqB4C,EAAejC,EAAoBC,GACtErZ,KAAKiJ,OAAOgD,QAAQ,6BACpB,IAKI,IAAMqP,EAAUhI,OAAOiI,WAAajI,OAAOiI,WAAajI,OAAOkI,QACzDC,EAASnI,OAAOoI,UAAYpI,OAAOoI,UAAYpI,OAAOqI,QAKtDC,EAAQtI,OAAOuI,YAAcC,SAASC,gBAAgBC,aAAeF,SAAStZ,KAAKwZ,YACnFC,EAAS3I,OAAO4I,aAAeJ,SAASC,gBAAgBI,cAAgBL,SAAStZ,KAAK2Z,aACtFC,EAASR,EAAQ,EAAMxC,EAAa,EAAMkC,EAC1Ce,EAAQJ,EAAS,EAAM5C,EAAc,EAAMoC,EAG3Ca,EAAchJ,OAAOiJ,KAAK9D,EAAa4C,EAAO,SAAWjC,EAAa,YAAcC,EAAc,SAAWgD,EAAM,UAAYD,EAAO,oBAC5I,IAAKE,EACD,MAAM,EAAAjV,gBAAgBwS,yBAM1B,OAJIyC,EAAYE,OACZF,EAAYE,QAGTF,EACT,MAAO5c,GAEL,MADAM,KAAKoT,aAAakC,0BAAyB,GACrC,EAAAjO,gBAAgBwS,uBAAuBna,EAAEmN,cAczC,YAAA4P,kBAAd,SAAgChE,EAAqBiE,EAAmB5E,G,+BAA2B9V,SAAO,W,mFAEhG2a,EAAgBrJ,OAAOC,eAAeuE,GAC5C9X,KAAKiJ,OAAOkD,WAAW,qCAAuC2L,EAAmB,IAAM6E,GACvF3c,KAAKoT,aAAawD,QAAQ,EAAAvD,UAAUuF,0BAA0B,EAAA/B,mBAAmB+F,aAAcD,GAAgB,EAAA3O,UAAU+I,YAGvF/W,KAAK0S,OAAO7I,OAAOR,kBACjD,GAAM,EAAA2K,YAAY6I,UAAUpE,EAAaiE,EAAW1c,KAAK0S,OAAO7I,OAAOR,kBAAmBrJ,KAAKiJ,SADjE,M,cAC9B,W,aACA,IAAA+K,YAAY8I,cAAcrE,EAAaiE,EAAW1c,KAAKiJ,Q,iBAFrD8T,EAAM,E,iBAKK,O,sBAAA,GAAM,EAAA/I,YAAYgJ,qBAAqBD,EAAOE,cAAejd,KAAK0S,OAAO7I,OAAOV,iBAAkBsP,EAAazY,KAAKiJ,S,cAA3H6K,EAAO,WAGT9T,KAAK+Z,6BAA6BjG,G,aActC,M,WAXI9T,KAAKoT,aAAa0H,QAAQ,EAAAzH,UAAUuF,0BAA0B,EAAA/B,mBAAmB+F,aAAcD,MAAoB,EAAA3O,UAAU+I,aAE7H/W,KAAKiJ,OAAOgD,QAAQ,sCAAyCjM,KAAK0S,OAAO7I,OAAOV,iBAAmB,IAAQ,gCAAkC2O,EAAmB,IAAM6E,GAElKA,GAAiBrJ,OAAOG,4BAA4BkJ,IACpDrJ,OAAOG,4BAA4BkJ,GAAe,KAAM,GAG5D3c,KAAKoT,aAAa8J,WAAW,EAAA7J,UAAUuF,0BAA0B,EAAA/B,mBAAmB+F,aAAcD,KAEtG,EAAA3I,YAAYmJ,mBAAmBJ,GACzB,E,cAEV,EAAA/I,YAAYmJ,mBAAmBJ,G,YAY3B,YAAA1C,eAAR,SAAuB5B,EAAqB6D,GAExC,IAAI7D,GAAgB,EAAArT,YAAYC,QAAQoT,GAQpC,MADAzY,KAAKiJ,OAAO8C,KAAK,yBACX,EAAAqR,UAAUC,sBAAsB,yBAPtC,IAAMhD,EAAyBiC,GAA4BhJ,OACrDrI,EAAqBqR,EAAc,6BAA+B7D,EAAc,eAAiBA,EACvGzY,KAAKiJ,OAAO+C,QAAQf,GACpBoP,EAAexG,SAASvT,OAAOmY,IAiB/B,YAAAQ,iBAAR,SAAyB0D,EAAuB7E,EAA0B7V,EAAmBC,GAA7F,WAEIoR,OAAOC,eAAeuE,GAAoB6E,EAGrCrJ,OAAOI,2BAA2BiJ,KACnCrJ,OAAOI,2BAA2BiJ,GAAiB,IAGvDrJ,OAAOI,2BAA2BiJ,GAAe/c,KAAK,CAAEqC,QAASA,EAASC,OAAQA,IAG7EoR,OAAOG,4BAA4BkJ,KACpCrJ,OAAOG,4BAA4BkJ,GAAiB,SAACzH,EAAwBrV,UAElEyT,OAAOC,eAAeuE,GAG7B,IAAK,IAAI7Y,EAAI,EAAGA,EAAIqU,OAAOI,2BAA2BiJ,GAAevd,SAAUH,EAC3E,IACI,GAAIY,EACAyT,OAAOI,2BAA2BiJ,GAAe1d,GAAGiD,OAAOrC,OACxD,KAAIqV,EAIP,MADA,EAAK9B,aAAaiD,oBAAoBsG,GAChC,EAAAS,UAAUC,sBAAsB,oCAHtC/J,OAAOI,2BAA2BiJ,GAAe1d,GAAGgD,QAAQiT,IAKlE,MAAOxV,GACL,EAAKuJ,OAAO2C,QAAQlM,UAKrB4T,OAAOI,2BAA2BiJ,UAClCrJ,OAAOG,4BAA4BkJ,MAatD,YAAAW,OAAA,SAAOvS,GACH/K,KAAKiJ,OAAOgD,QAAQ,0BACpBjM,KAAKud,YAAYxS,IAOP,YAAAwS,YAAd,SAA0BxS,G,+BAAyB/I,SAAO,W,8EAChDwb,EAAuBzS,GAAiB,EAAAzF,YAAYmK,gBACpDqG,EAAW9V,KAAK6S,iBAAiBkD,uBAAuByH,EAAsB,EAAAxH,qBAAqByH,QAEzGzd,KAAK0d,aACL1d,KAAKsG,QAAU,K,8CAGNtG,KAAKwP,kBAAkBwI,oBAAxB,OACAhY,KAAKiJ,OAAOgD,QAAQ,oCACpB,GAAM,EAAAiH,iBAAiB+E,wBAAwBjY,KAAKwP,kBAAmBxP,KAAK6S,iBAAkB9H,K,cAA9F,S,aAEA/K,KAAKiJ,OAAOgD,QAAQ,uC,wBAGlB0R,EAAqB,qBAAqBH,EAE5CI,OAAoB,EACpB5d,KAAK6d,4BACLD,EAAuB,6BAA6B9L,mBAAmB9R,KAAK6d,4BAC5E7d,KAAKiJ,OAAOgD,QAAQ,+BAEpB2R,EAAuB,GACvB5d,KAAKiJ,OAAOgD,QAAQ,8DAGpBwM,OAAW,EACXzY,KAAKwP,kBAAkBsO,oBACvBrF,EAAiBzY,KAAKwP,kBAAkBsO,mBAAkB,IAAIH,EAAqBC,EACnF5d,KAAKiJ,OAAOgD,QAAQ,gDACpBjM,KAAKiJ,OAAOkD,WAAW,uBAAuBnM,KAAKwP,kBAAkBsO,sBAErErF,EAAiBzY,KAAKgH,UAAS,sBAAsB2W,EAAqBC,EAC1E5d,KAAKiJ,OAAOgD,QAAQ,4CAGxBjM,KAAK6S,iBAAiBsD,qBAAqBqH,EAAsB1H,GAAU,GAE3E9V,KAAKiJ,OAAOgD,QAAQ,oCACpBjM,KAAKqa,eAAe5B,G,+BAEpBzY,KAAK6S,iBAAiBsD,qBAAqBqH,EAAsB1H,GAAU,EAAO,EAAMQ,W,+BAStF,YAAAoH,WAAV,WACI1d,KAAKiJ,OAAOgD,QAAQ,kBACpBqH,OAAOE,YAAc,GAErB,IADA,IAAMuK,EAAkB/d,KAAKoT,aAAa4K,aAAa,EAAAhQ,UAAU5F,SAAU,EAAA4F,UAAUzJ,uBAC5EtF,EAAI,EAAGA,EAAI8e,EAAgB3e,OAAQH,IACxCe,KAAKoT,aAAa8J,WAAWvW,KAAKe,UAAUqW,EAAgB9e,GAAG+B,MAEnEhB,KAAKoT,aAAa6K,kBAClBje,KAAKoT,aAAa8K,kBAClBle,KAAKiJ,OAAOgD,QAAQ,kBASd,YAAAkS,mBAAV,SAA6BhY,GACzBnG,KAAKiJ,OAAOgD,QAAQ,oCAEpB,IADA,IAAMmS,EAAmBpe,KAAKoT,aAAaiL,mBAAmB,EAAArQ,UAAU5F,SAAU,EAAA4F,UAAUzJ,uBACnFtF,EAAI,EAAGA,EAAImf,EAAiBhf,OAAQH,IAAK,CAC9C,IAAMoT,EAAQ+L,EAAiBnf,GAC3BoT,EAAMhT,MAAM8G,cAAgBA,IAC5BnG,KAAKoT,aAAa8J,WAAWvW,KAAKe,UAAU2K,EAAMrR,MAClDhB,KAAKiJ,OAAOkD,WAAW,yBAAyBkG,EAAMrR,QAgBlE,YAAAsd,WAAA,SAAWxK,GAGP,OAFA9T,KAAKiJ,OAAO8C,KAAK,8EACjB/L,KAAKiJ,OAAOgD,QAAQ,8BACb,EAAAxD,SAASsL,gBAAgBD,IAQ5B,YAAAyK,gBAAR,SAAwBzK,EAAc0K,EAAkCC,GACpEze,KAAKiJ,OAAO8C,KAAK,+EAGjB,IAMImJ,EACAG,EAPAqJ,EAAYF,EACXE,IACD1e,KAAKiJ,OAAOgD,QAAQ,kDACpByS,EAAY1e,KAAKmU,iBAAiBL,IAMtC,IACIoB,EAAWlV,KAAK2e,kBAAkB7K,EAAM4K,GAC1C,MAAOE,GACLvJ,EAAUuJ,EAGd,IAEI5e,KAAKoT,aAAa8K,gBAAgBQ,EAAU3Y,OAC5C,IAAMQ,EAAuBvG,KAAKqX,gBAAgBqH,EAAU3Y,OAC5D,GAAImP,GAcA,GAbKwJ,EAAU5F,cAAgB,EAAA9K,UAAUgL,YAAe9D,EAAS/O,aACzDmN,OAAOuL,SAAWvL,OAClBtT,KAAKiJ,OAAOgD,QAAQ,iDAEpBjM,KAAKiJ,OAAOgD,QAAQ,2CAExBjM,KAAKiJ,OAAOgD,QAAQ,6BAA6B,EAAA6S,oBAAoBC,cACrE7J,EAAShP,UAAY,EAAA4Y,oBAAoBC,cAEpCL,EAAU5F,cAAgB,EAAA9K,UAAU+K,QACzC/Y,KAAKiJ,OAAOgD,QAAQ,6BAA6B,EAAA6S,oBAAoB3N,UACrE+D,EAAShP,UAAY,EAAA4Y,oBAAoB3N,WAExCsN,EAGD,OAFAze,KAAKiJ,OAAOgD,QAAQ,iCACpBjM,KAAK+U,iBAAmBG,QAGzB,IAAKuJ,EAKR,OAJAze,KAAKiJ,OAAOgD,QAAQ,yDACpBjM,KAAK+U,iBAAmB,EAAAqC,uBAAuB7Q,GAC/CvG,KAAK6U,cAAgBQ,OACrBrV,KAAKoT,aAAaiD,oBAAoBqI,EAAU3Y,OAIpD/F,KAAKiJ,OAAOgD,QAAQ,gDACpBwS,EAAevJ,EAAUG,GAC3B,MAAOuJ,GAEL,MADA5e,KAAKiJ,OAAOpJ,MAAM,uDAAyD+e,GACrE,EAAAvX,gBAAgB2X,8BAA8BJ,EAAI/R,cAUxD,YAAAkN,6BAAR,SAAqCjG,GACjC9T,KAAKiJ,OAAOgD,QAAQ,gDAGpB,IAAMgT,EAAenL,GAAQR,OAAOO,SAASC,KAGvC4K,EAAY1e,KAAKmU,iBAAiB8K,GACxCjf,KAAKiJ,OAAOgD,QAAQ,gCAEpB,IAAMiT,EAAwB5L,OAAOG,4BAA4BiL,EAAU3Y,OAC3E/F,KAAKue,gBAAgBU,EAAcP,EAAWQ,IAS1C,YAAA5K,qCAAR,SAA6CR,GACzC9T,KAAKiJ,OAAO8C,KAAK,8BACjB/L,KAAKiJ,OAAOgD,QAAQ,wDAGpB,EAAA+H,YAAYmL,iBAAiB7L,QAC7BtT,KAAKiJ,OAAOgD,QAAQ,gCAGpB,IAAMyS,EAAY1e,KAAKmU,iBAAiBL,GAGxC,GAAI9T,KAAK0S,OAAO/I,KAAKf,2BAA6B0K,OAAOuL,SAAWvL,OAAQ,CACxEtT,KAAKiJ,OAAOgD,QAAQ,mHACpB,IAAMmT,EAAkBpf,KAAKoT,aAAa0H,QAAQ,EAAAzH,UAAUuF,0BAA0B,EAAA/B,mBAAmBwI,cAAeX,EAAU3Y,OAAQ/F,KAAK4S,UAG/I,IAAKwM,GAAuC,SAApBA,EAGpB,OAFApf,KAAKiJ,OAAOpJ,MAAM,mFAClByT,OAAOO,SAASvT,OAAO,KAGvBN,KAAKiJ,OAAOgD,QAAQ,+CACpB,IAAMqT,EAAa,EAAA7W,SAAS8W,kBAAkBjM,OAAOO,SAASwE,MACxDmH,EAAmB,EAAA/W,SAAS8W,kBAAkBH,GACpD,GAAIE,IAAeE,EAIf,OAHAxf,KAAKiJ,OAAOgD,QAAQ,oDACpBjM,KAAKiJ,OAAOkD,WAAW,eAAemT,EAAU,uBAAuBE,QACvElM,OAAOO,SAASvT,OAAO,GAAGkf,EAAmB1L,GAG7C9T,KAAKiJ,OAAOgD,QAAQ,yCACpB,IAAMwT,EAA4B,EAAAhX,SAASiX,iBAAiBN,GACxDK,EAA0BE,OAC1B3f,KAAKiJ,OAAOgD,QAAQ,4DACpBqH,OAAOO,SAASC,KAAO2L,EAA0BE,WAIrD3f,KAAK0S,OAAO/I,KAAKf,2BACzB5I,KAAKiJ,OAAOgD,QAAQ,2DAGxBjM,KAAKue,gBAAgBzK,EAAM4K,EAAW,OAUhC,YAAAvK,iBAAV,SAA2BL,GACvB9T,KAAKiJ,OAAOgD,QAAQ,oCAEpB,IACI2T,EADEC,EAAa,EAAApX,SAASqX,gBAAgBhM,GAE5C,IAAK+L,EACD,MAAM,EAAAzC,UAAUC,sBAAsB,kCAE1C,IAAIwC,EAAWlhB,eAAe,EAAAmgB,oBAAoBiB,OAY9C,MAAM,EAAA3C,UAAUC,sBAAsB,gCAXtCrd,KAAKiJ,OAAOgD,QAAQ,kDACpB,IAAM+T,EAAc,EAAAvK,aAAawK,kBAAkBJ,EAAkB,OAkBzE,IAhBID,EAAgB,CACZ9G,YAAa,EAAA9K,UAAUkS,QACvBna,MAAO8Z,EAAkB,MACzBxU,UAAW2U,EAAYG,GACvB/L,OAAQ4L,EAAY5L,OACpBgM,YAAY,IAWFra,QAAU/F,KAAKoT,aAAa0H,QAAQ,EAAAzH,UAAUuF,0BAA0B,EAAA/B,mBAAmBwJ,YAAaT,EAAc7Z,OAAQ/F,KAAK4S,WAAagN,EAAc7Z,QAAU/F,KAAKsgB,0BAI3L,OAHAtgB,KAAKiJ,OAAOgD,QAAQ,4DACpB2T,EAAc9G,YAAc,EAAA9K,UAAU+K,MACtC6G,EAAcQ,YAAa,EACpBR,EAGN,GAAIA,EAAc7Z,QAAU/F,KAAKoT,aAAa0H,QAAQ,EAAAzH,UAAUuF,0BAA0B,EAAA/B,mBAAmBgC,gBAAiB+G,EAAc7Z,OAAQ/F,KAAK4S,UAI1J,OAHA5S,KAAKiJ,OAAOgD,QAAQ,iEACpB2T,EAAc9G,YAAc,EAAA9K,UAAUgL,WACtC4G,EAAcQ,YAAa,EACpBR,EAIX,IAAKA,EAAcQ,WAAY,CAC3BpgB,KAAKiJ,OAAOgD,QAAQ,8EACpB2T,EAAc9G,YAAcxF,OAAOwF,YAEnC,IADA,IAAMyH,EAAwBjN,OAAOE,YAC5BvU,EAAI,EAAGA,EAAIshB,EAAsBnhB,OAAQH,IAC9C,GAAIshB,EAAsBthB,KAAO2gB,EAAc7Z,MAAO,CAClD/F,KAAKiJ,OAAOgD,QAAQ,oCACpB2T,EAAcQ,YAAa,EAC3B,MAGHR,EAAcQ,YACfpgB,KAAKiJ,OAAOgD,QAAQ,wCAI5B,OAAO2T,GAaH,YAAA1E,eAAR,SAAuB5C,EAAsDhS,GACzEtG,KAAKiJ,OAAOgD,QAAQ,kCACpB,IAAM7F,EAASkS,EAA4BlS,OAMrCvB,EAAU7E,KAAKwgB,iBAAiBlI,EAA6BhS,GAC7Dma,EAAezgB,KAAK0gB,qBAAqBpI,EAA6BhS,EAASF,GAC/EG,EAAevG,KAAKqX,gBAAgBiB,EAA4BvS,OACtE,OAAO,EAAA4a,cAAcC,kBAAkB/b,EAAS4b,EAAcnI,EAA6BhS,EAASF,EAAQG,IAexG,YAAAsa,6BAAR,SAAqC7Z,EAAmB+W,EAA8CtR,EAA8BvG,GAApI,IACQ4a,EADR,OAQI,OAAsC,KAJlCA,EADA,EAAArY,SAASsY,kBAAkB/Z,IAAc,EAAAyB,SAASuY,yBAAyBha,IAAc,EAAAyB,SAASwY,qBAAqBja,GAC9F,EAAAka,eAAeC,8BAA8BpD,EAAiB,EAAAtV,SAASiX,iBAAiB1Y,GAAWoa,iBAEnG,EAAAF,eAAeG,iCAAiCtD,EAAiB/W,IAEnE5H,OAChB0hB,EAAuB,GAEzBA,EAAuB1hB,OAAS,GACrCY,KAAKiJ,OAAO2C,QAAQ,8EACpBkV,EAAuBlP,SAAQ,SAAC0P,GAC5B,EAAKlO,aAAa8J,WAAWvW,KAAKe,UAAU4Z,EAAqBtgB,SAE9D,OAGPhB,KAAKiJ,OAAOgD,QAAQ,8BAA8B/F,EAAS,UACpD,OAaP,YAAAsa,iBAAR,SAAyBlI,EAAsDhS,GAC3EtG,KAAKiJ,OAAOgD,QAAQ,8CACpB,IAAMsV,EAAoBvhB,KAAKoT,aAAaoO,eAAexhB,KAAKoI,SAAU9B,EAAUA,EAAQ/B,sBAAwB,MAC9Gkd,EAAiBnJ,EAA4BtR,WAAahH,KAAKgH,UAC/D0a,EAAmB1hB,KAAK6gB,6BAA6BY,EAAgBF,EAAmB,KAAM,EAAAzC,oBAAoB3N,UAExH,GAAIuQ,EAAkB,CAIlB,GAHA1hB,KAAKiJ,OAAOgD,QAAQ,6BACQjM,KAAK2hB,wBAAwBD,GAEhC,CACrB1hB,KAAKiJ,OAAOgD,QAAQ,uEACpB,IAAM2V,EAAeF,EAAiBriB,MAOtC,OANIuiB,EACA5hB,KAAKiJ,OAAOgD,QAAQ,kDAEpBjM,KAAKiJ,OAAOgD,QAAQ,sCAGjB,EAAiB,IAAI,EAAAxB,QAAQmX,EAAa/c,SAAW,KAI5D,OAFA7E,KAAKiJ,OAAOgD,QAAQ,mDACpBjM,KAAKoT,aAAa8J,WAAWvW,KAAKe,UAAUga,EAAiB1gB,MACtD,KAIX,OADAhB,KAAKiJ,OAAOgD,QAAQ,mBACb,MAcP,YAAAyU,qBAAR,SAA6BpI,EAAsDhS,EAAkBF,GACjGpG,KAAKiJ,OAAOgD,QAAQ,kDACpB,IAAM8R,EAAkB/d,KAAKoT,aAAaiL,mBAAmBre,KAAKoI,SAAU9B,EAAUA,EAAQ/B,sBAAwB,MAEhHsd,EAA+B,EAAAX,eAAeY,6BAA6B/D,EAAiB3X,GAC5Fqb,EAAiBnJ,EAA4BtR,WAAahH,KAAKgH,UAE/Dsa,EAAuBthB,KAAK6gB,6BAA6BY,EAAgBI,EAA8Bzb,EAAQ,EAAA0Y,oBAAoBC,cAEzI,GAAKuC,EAGE,CAMH,GALAhJ,EAA4B9I,kBAAoB,EAAA0D,iBAAiBsB,eAAe8M,EAAqBtgB,IAAIgG,UAAWhH,KAAK0S,OAAO/I,KAAKtB,mBACrIrI,KAAKiJ,OAAOgD,QAAQ,iCACMjM,KAAK2hB,wBAAwBL,GAGhC,CACnBthB,KAAKiJ,OAAOgD,QAAQ,+EACpB,IAAM8V,EAA2Bzb,GAAWtG,KAAKsX,aACjD,IAAKyK,EACD,MAAM,EAAA3E,UAAUC,sBAAsB,oCAG1C,IAAM2E,EAAShiB,KAAKqX,gBAAgBiB,EAA4BvS,OAehE,MAd+B,CAC3BC,SAAU,GACVC,SAAU,GACVC,UAAW,EAAA4Y,oBAAoBC,aAC/Bla,QAAS,KACTH,cAAe,KACfyB,YAAamb,EAAqBjiB,MAAM8G,YACxCC,OAAQkb,EAAqBtgB,IAAIoF,OAAOwB,MAAM,KAC9CvB,UAAW,IAAIiF,KAAoD,IAA/C2W,OAAOX,EAAqBjiB,MAAM6iB,YACtD5b,QAASyb,EACTxb,aAAcyb,EACdxb,WAAW,GAOf,OAFAxG,KAAKiJ,OAAOgD,QAAQ,6CACpBjM,KAAKoT,aAAa8J,WAAWvW,KAAKe,UAAU4Z,EAAqBtgB,MAC1D,KAjCX,OADAhB,KAAKiJ,OAAOgD,QAAQ,iEACb,MA2CP,YAAA0V,wBAAR,SAAgCQ,GAC5B,IAAM9X,EAAa4X,OAAOE,EAAe9iB,MAAM6iB,WAC/C,OAAO,EAAAjY,WAAWmY,iCAAiC/X,EAAYrK,KAAK0S,OAAO7I,OAAOT,4BAQ9E,YAAAqO,mBAAR,WACIzX,KAAKiJ,OAAOgD,QAAQ,sCACpB,IAAM4O,EAAc7a,KAAKoT,aAAa0H,QAAQ,EAAA9M,UAAU6M,aACxD,OAAS,EAAAzV,YAAYC,QAAQwV,GAAyD,KAAzC,EAAA5Q,WAAWC,eAAe2Q,IAQnE,YAAA7B,WAAR,SAAmBlB,EAA0B7V,EAAmBC,EAAkBoE,EAAkBgS,GAChGtY,KAAKiJ,OAAOgD,QAAQ,8BACpBjM,KAAKiJ,OAAOkD,WAAW,mCAAmC2L,GAE1D,IAAM4E,EAAY,EAAA1I,YAAYqO,kBAAkB,EAAAC,YAAYC,YAAazK,GACzE,EAAA9D,YAAYwO,gBAAgB9F,EAAW1c,KAAKiJ,QAE5CjJ,KAAKwY,mBAAmBF,EAA6BhS,GAAS,GAC9DtG,KAAKiJ,OAAOkD,WAAW,8BAA8BmM,EAA4BvS,OAGjF,IAAM0S,EAAc,EAAAhQ,SAASga,8BAA8B,EAAAha,SAASiQ,kBAAkBJ,GAA8B,EAAAtK,UAAUiC,QAAU,EAAAjC,UAAU0U,YAAc,EAAA1U,UAAU2K,uBAE1KrF,OAAOE,YAAY5T,KAAK0Y,EAA4BvS,OACpDuN,OAAOwF,YAAc,EAAA9K,UAAUgL,WAC/BhZ,KAAKiJ,OAAOgD,QAAQ,yCACpBjM,KAAKiZ,iBAAiBX,EAA4BvS,MAAO+R,EAAkB7V,EAASC,GACpFlC,KAAKiJ,OAAO+C,QAAQ,gBAAgByM,GACpCzY,KAAKyc,kBAAkBhE,EAAaiE,EAAW5E,GAAkB1B,OAAM,SAAAvW,GAAS,OAAAqC,EAAOrC,OAQnF,YAAAsb,aAAR,SAAqBrD,EAA0B7V,EAAmBC,EAAkBoE,EAAkBgS,GAClGtY,KAAKiJ,OAAO8C,KAAK,gCAEjB,IAAM2Q,EAAY,EAAA1I,YAAYqO,kBAAkB,EAAAC,YAAYK,eAAgB7K,GAC5E,EAAA9D,YAAYwO,gBAAgB9F,EAAW1c,KAAKiJ,QAE5CjJ,KAAKwY,mBAAmBF,EAA6BhS,GAAS,GAE9DtG,KAAKiJ,OAAOgD,QAAQ,gCAAgCqM,EAA4BvS,OAGhF,IAAM0S,EAAc,EAAAhQ,SAASga,8BAA8B,EAAAha,SAASiQ,kBAAkBJ,GAA8B,EAAAtK,UAAUiC,QAAU,EAAAjC,UAAU0U,YAAc,EAAA1U,UAAU2K,uBAEtK3Y,KAAK4X,aACL5X,KAAKiJ,OAAOgD,QAAQ,uDACpBqH,OAAOwF,YAAc,EAAA9K,UAAU+K,MAC/B/Y,KAAKsgB,0BAA4BhI,EAA4BvS,QAE7D/F,KAAKiJ,OAAOgD,QAAQ,2DACpBqH,OAAOwF,YAAc,EAAA9K,UAAUgL,WAC/B1F,OAAOE,YAAY5T,KAAK0Y,EAA4BvS,QAIxD/F,KAAKiZ,iBAAiBX,EAA4BvS,MAAO+R,EAAkB7V,EAASC,GACpFlC,KAAKiJ,OAAO+C,QAAQ,iBAAiByM,GACrCzY,KAAKyc,kBAAkBhE,EAAaiE,EAAW5E,GAAkB1B,OAAM,SAAAvW,GAAS,OAAAqC,EAAOrC,OAenF,YAAA+iB,UAAR,SAAkB1N,EAAwBlO,EAAmBZ,EAAgBrB,EAAwBsF,GACjG,IAAMwY,EAAiB,IAAI,EAAAC,eAAe9b,EAAWhH,KAAKoI,SAAUhC,EAAQrB,EAAWG,IAAKH,EAAWI,MACjG4d,EAAmB,IAAI,EAAAC,iBAAiB9N,EAAS/O,YAAa+O,EAASrQ,QAAQkF,WAAYM,EAAWwC,WAAY9H,EAAWmD,oBAUnI,OATAlI,KAAKoT,aAAawD,QAAQjQ,KAAKe,UAAUmb,GAAiBlc,KAAKe,UAAUqb,IAErE1Y,GACArK,KAAKiJ,OAAOgD,QAAQ,gCACpBiJ,EAAS7O,UAAY,IAAIiF,KAAkB,IAAbjB,IAE9BrK,KAAKiJ,OAAOpJ,MAAM,wDAGfqV,GAgBH,YAAA+N,YAAR,SAAoB/N,EAAwBlO,EAAmB6Y,EAAoB9a,EAAwBme,GACvGljB,KAAKiJ,OAAOgD,QAAQ,+BACpB,IAAMkX,EAAkB,EAAH,YAAQjO,GAK7BiO,EAAgB/c,OAAS,EAAA4H,UAAUqB,WACnC8T,EAAgBhd,YAAc0Z,EAAW,EAAAf,oBAAoB3N,UAE7D,IAAM9G,EAAa4X,OAAOiB,EAAW7Y,YAIrC,OADArK,KAAKiJ,OAAOgD,QAAQ,4BACbjM,KAAK4iB,UAAUO,EAAiBnc,OATnCZ,EASsDrB,EAAYsF,IAclE,YAAA+Y,gBAAR,SAAwBlO,EAAwBlO,EAAmB6Y,EAAoB9a,GACnF/E,KAAKiJ,OAAOgD,QAAQ,mCACpB,IAAMoX,EAAsB,EAAH,YAAQnO,GAG3BnI,EAAQ8S,EAAW,EAAAf,oBAAoBwE,OACvCC,EAAkBxW,EAAMnF,MAAM,KAG9B4b,EAAwBxjB,KAAKoT,aAAaiL,mBAAmBre,KAAKoI,SAAUpB,GAClFhH,KAAKiJ,OAAOgD,QAAQ,mEAEpB,IAAK,IAAIhN,EAAI,EAAGA,EAAIukB,EAAsBpkB,OAAQH,IAAK,CACnD,IAAMqiB,EAAuBkC,EAAsBvkB,GAEnD,GAAIqiB,EAAqBtgB,IAAIuD,wBAA0B2Q,EAAS5O,QAAQ/B,sBAAuB,CAC3F,IAAM+H,EAAegV,EAAqBtgB,IAAIoF,OAAOwB,MAAM,KACvD,EAAA0H,SAASjD,qBAAqBC,EAAciX,IAC5CvjB,KAAKoT,aAAa8J,WAAWvW,KAAKe,UAAU4Z,EAAqBtgB,OAK7EqiB,EAAoBld,YAAe0Z,EAAW,EAAAf,oBAAoBC,cAClEsE,EAAoBjd,OAASmd,EAE7B,IAAMrB,EAAY,EAAAuB,UAAUC,eAAe7D,EAAW,EAAAf,oBAAoB6E,aAEpEtZ,EADc,EAAAoL,aAAawK,kBAAkBJ,EAAW,EAAAf,oBAAoBiB,QACnDI,GAAK+B,EAGpC,OADAliB,KAAKiJ,OAAOgD,QAAQ,gCACbjM,KAAK4iB,UAAUS,EAAqBrc,EAAW+F,EAAOhI,EAAYsF,IAQnE,YAAAsU,kBAAV,SAA4B7K,EAAc4K,GACtC1e,KAAKiJ,OAAOgD,QAAQ,qCACpBjM,KAAKiJ,OAAO8C,KAAK,iBAAiB2S,EAAU0B,WAAU,mBAAmB1B,EAAU5F,aAEnF,IAcIjZ,EAdAqV,EAA0B,CAC1BlP,SAAU,GACVC,SAAU,GACVC,UAAW,GACXrB,QAAS,KACTH,cAAe,KACfyB,YAAa,KACbC,OAAQ,GACRC,UAAW,KACXC,QAAS,KACTC,aAAc,GACdC,WAAW,GAITod,EAAa,EAAAnb,SAASqX,gBAAgBhM,GACxC+P,EAAuB,GACvBC,EAAiC,GACjCZ,EAAsB,KAG1B,GAAIU,EAAWjlB,eAAe,EAAAmgB,oBAAoBiF,oBAAsBH,EAAWjlB,eAAe,EAAAmgB,oBAAoBnF,OAAQ,CAc1H,GAbA3Z,KAAKiJ,OAAOgD,QAAQ,4BACpBjM,KAAKiJ,OAAO+C,QAAQ,WAAW4X,EAAW,EAAA9E,oBAAoBnF,OAAM,wBAAwBiK,EAAW,EAAA9E,oBAAoBiF,oBAC3H/jB,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeC,MAAOiK,EAAW,EAAA9E,oBAAoBnF,QAC/E3Z,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeE,WAAYgK,EAAW,EAAA9E,oBAAoBiF,oBAGhFrF,EAAU5F,cAAgB,EAAA9K,UAAU+K,QACpC/Y,KAAKiJ,OAAOgD,QAAQ,sEACpBjM,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAesK,YAAaJ,EAAW,EAAA9E,oBAAoBiF,mBAAqB,IAAMH,EAAW,EAAA9E,oBAAoBnF,QAC/IkK,EAAe,EAAAxQ,UAAU4Q,qBAAqBvF,EAAU3Y,QAIxD2Y,EAAU5F,cAAgB,EAAA9K,UAAUgL,WAAY,CAChDhZ,KAAKiJ,OAAOgD,QAAQ,gEACpB4X,EAAe,EAAAxQ,UAAU4Q,qBAAqBvF,EAAU3Y,OAExD,IAAMO,EAAmBtG,KAAKsX,aAC1B4M,OAAS,EAET5d,IAAY,EAAAlB,YAAYC,QAAQiB,EAAQ/B,wBACxC2f,EAAY5d,EAAQ/B,sBACpBvE,KAAKiJ,OAAOgD,QAAQ,sBAGpBiY,EAAY,EAAAlW,UAAUmW,WACtBnkB,KAAKiJ,OAAOgD,QAAQ,mCAGxB6X,EAAyB,EAAAzQ,UAAU+Q,+BAA+BF,EAAWxF,EAAU3Y,OAG3F,IAAMse,EAAUT,EAAW,EAAA9E,oBAAoBnF,OACzC2K,EAAcV,EAAW,EAAA9E,oBAAoBiF,mBAG/ClkB,EAFA,EAAA0kB,6BAA6BC,2BAA2BH,IAChE,EAAAE,6BAA6BC,2BAA2BF,GACxC,IAAI,EAAAC,6BAA6BX,EAAW,EAAA9E,oBAAoBnF,OAAQiK,EAAW,EAAA9E,oBAAoBiF,oBAEvG,IAAI,EAAAU,YAAYb,EAAW,EAAA9E,oBAAoBnF,OAAQiK,EAAW,EAAA9E,oBAAoBiF,yBAOlG,GAFA/jB,KAAKiJ,OAAOgD,QAAQ,0BAEhByS,EAAU0B,WAAY,CACtBpgB,KAAKiJ,OAAO8C,KAAK,kBACb6X,EAAWjlB,eAAe,EAAAmgB,oBAAoB4F,iBAC9C1kB,KAAKiJ,OAAOgD,QAAQ,uCACpBjM,KAAKoT,aAAawD,QAAQ,EAAAvD,UAAUuF,0BAA0B,EAAA/B,mBAAmB6N,cAAehG,EAAU3Y,OAAQ6d,EAAW,EAAA9E,oBAAoB4F,iBAErJxP,EAAS3O,aAAevG,KAAKqX,gBAAgBqH,EAAU3Y,OAEvD,IAAIhB,OAAU,EAGd,GAAI6e,EAAWjlB,eAAe,EAAAmgB,oBAAoBC,cAAe,CAC7D/e,KAAKiJ,OAAO8C,KAAK,6BACjBmJ,EAAS/O,YAAcyd,EAAW,EAAA9E,oBAAoBC,cAElD6E,EAAWjlB,eAAe,EAAAmgB,oBAAoBwE,SAC9CpO,EAAS9O,OAASwd,EAAW,EAAA9E,oBAAoBwE,OAAO1b,MAAM,MAI9Dgc,EAAWjlB,eAAe,EAAAmgB,oBAAoB3N,WAC9CnR,KAAKiJ,OAAOgD,QAAQ,yBACpBiX,EAAa,IAAI,EAAAzY,QAAQmZ,EAAW,EAAA9E,oBAAoB3N,aAExDnR,KAAKiJ,OAAOgD,QAAQ,sDACpBiX,EAAa,IAAI,EAAAzY,QAAQzK,KAAKoT,aAAa0H,QAAQ,EAAA6J,oBAAoBC,WAG3E1P,EAAW,EAAAyL,cAAckE,mBAAmB3P,EAAUgO,GAGtD,IAAMlc,EAAoBhH,KAAK8kB,kBAAkBpG,EAAU3Y,MAAO/F,KAAK4S,SAAU5S,KAAKoT,aAAc8P,GACpGljB,KAAKiJ,OAAOgD,QAAQ,4BAGhB2X,EAAWjlB,eAAe,EAAAmgB,oBAAoBiG,cAC9C/kB,KAAKiJ,OAAOgD,QAAQ,2BACpBlH,EAAa,IAAI,EAAAoC,WAAWyc,EAAW,EAAA9E,oBAAoBiG,aAAc/d,IAClEhH,KAAKwP,kBAAkBwV,gBAAkB,EAAAA,cAAcC,KAC9DlgB,EAAa,EAAAoC,WAAWM,4BAA4Byb,EAAYlc,GAEhEhH,KAAKiJ,OAAO2C,QAAQ,oDAGxBsJ,EAAS5O,QAAU,EAAAd,QAAQV,cAAcoe,EAAYne,GACrD/E,KAAKiJ,OAAOgD,QAAQ,wCAEpB,IAAIiZ,OAAU,EACVhQ,EAAS5O,UAAY,EAAAlB,YAAYC,QAAQ6P,EAAS5O,QAAQ/B,wBAC1DvE,KAAKiJ,OAAOgD,QAAQ,kBACpBiZ,EAAahQ,EAAS5O,QAAQ/B,wBAG9BvE,KAAKiJ,OAAOgD,QAAQ,gCACpBiZ,EAAa,EAAAlX,UAAUmW,YAG3BL,EAAyB,EAAAzQ,UAAU+Q,+BAA+Bc,EAAYxG,EAAU3Y,OACxF,IAAMof,EAAmC,EAAA9R,UAAU+Q,+BAA+B,EAAApW,UAAUmW,WAAYzF,EAAU3Y,OAClH/F,KAAKiJ,OAAOgD,QAAQ,oCAEpB,IAAMmZ,EAAwBplB,KAAKoT,aAAa0H,QAAQgJ,GACpDuB,OAAmB,EAGlB,EAAAjgB,YAAYC,QAAQ+f,GAYf,EAAAhgB,YAAYC,QAAQrF,KAAKoT,aAAa0H,QAAQqK,MACpDnlB,KAAKiJ,OAAOgD,QAAQ,gDACpBiJ,EAAWlV,KAAKojB,gBAAgBlO,EAAUlO,EAAW4c,EAAY7e,KAbjEsgB,EAAsB1e,KAAKC,MAAMwe,GACjCplB,KAAKiJ,OAAOgD,QAAQ,qDAChBiJ,EAAS5O,SAAW+e,GAAuB,EAAA7f,QAAQI,gBAAgBsP,EAAS5O,QAAS+e,IACrFnQ,EAAWlV,KAAKojB,gBAAgBlO,EAAUlO,EAAW4c,EAAY7e,GACjE/E,KAAKiJ,OAAO8C,KAAK,uGAGjB/L,KAAKiJ,OAAO2C,QACR,+GAUhB,GAAIgY,EAAWjlB,eAAe,EAAAmgB,oBAAoB3N,UAuB9C,GAtBAnR,KAAKiJ,OAAO8C,KAAK,wBAGjBmX,EAAa,IAAI,EAAAzY,QAAQmZ,EAAW,EAAA9E,oBAAoB3N,WAGlDnK,EAAoBhH,KAAK8kB,kBAAkBpG,EAAU3Y,MAAO/F,KAAK4S,SAAU5S,KAAKoT,aAAc8P,GAEpGhO,EAAW,EAAAyL,cAAckE,mBAAmB3P,EAAUgO,GAClDU,EAAWjlB,eAAe,EAAAmgB,oBAAoBiG,cAC9C/kB,KAAKiJ,OAAOgD,QAAQ,2BACpBlH,EAAa,IAAI,EAAAoC,WAAWyc,EAAW,EAAA9E,oBAAoBiG,aAAc/d,IAClEhH,KAAKwP,kBAAkBwV,gBAAkB,EAAAA,cAAcC,KAC9DlgB,EAAa,EAAAoC,WAAWM,4BAA4Byb,EAAYlc,GAEhEhH,KAAKiJ,OAAO2C,QAAQ,oDAGxB5L,KAAKsG,QAAU,EAAAd,QAAQV,cAAcoe,EAAYne,GACjDmQ,EAAS5O,QAAUtG,KAAKsG,QACxBtG,KAAKiJ,OAAOgD,QAAQ,wCAEhBiX,GAAcA,EAAW9Y,MAAO,CAChCpK,KAAKiJ,OAAOgD,QAAQ,qBAEpB,IAAMqZ,EAActlB,KAAKoT,aAAa0H,QAAQ,EAAAzH,UAAUuF,0BAA0B,EAAA/B,mBAAmB0O,cAAe7G,EAAU3Y,OAAQ/F,KAAK4S,UACvIsQ,EAAW9Y,QAAUkb,GACrBtlB,KAAKsG,QAAU,KACftG,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAesK,YAAa,mCAAqCsB,EAArC,kBAA4EpC,EAAW9Y,OAC7IpK,KAAKiJ,OAAOpJ,MAAM,mCAAmCylB,EAAW,mBAAmBpC,EAAW9Y,OAC9FvK,EAAQ,EAAAwH,gBAAgBme,yBAAyBF,EAAapC,EAAW9Y,SAIzEpK,KAAKiJ,OAAOgD,QAAQ,0CACpBjM,KAAKoT,aAAawD,QAAQ,EAAA+N,oBAAoBC,QAAShB,EAAW,EAAA9E,oBAAoB3N,UAAWnR,KAAK4S,UACtG5S,KAAKoT,aAAawD,QAAQ,EAAA+N,oBAAoBI,YAAahgB,EAAWmD,mBAAoBlI,KAAK4S,UAG/F5S,KAAKijB,YAAY/N,EAAUlO,EAAW4c,EAAY7e,EAAYme,SAGlEljB,KAAKiJ,OAAOgD,QAAQ,gEACpB4X,EAAenF,EAAU3Y,MACzB+d,EAAyBpF,EAAU3Y,MAEnC/F,KAAKiJ,OAAOpJ,MAAM,6CAClBA,EAAQ,EAAAwH,gBAAgBoe,0BAA0BvC,GAClDljB,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeC,MAAO9Z,EAAMyW,WACtDtW,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeE,WAAY/Z,EAAMqa,kBAKlE,CACDla,KAAKiJ,OAAOgD,QAAQ,kBACpB4X,EAAenF,EAAU3Y,MACzB+d,EAAyBpF,EAAU3Y,MAEnC,IAAM4W,EAAgB3c,KAAKoT,aAAa0H,QAAQ,EAAAzH,UAAUuF,0BAA0B,EAAA/B,mBAAmBwJ,YAAa3B,EAAU3Y,OAAQ/F,KAAK4S,UAC3I5S,KAAKiJ,OAAOpJ,MAAM,mCAAmC8c,EAAa,mBAAmB+B,EAAU3Y,OAC/FlG,EAAQ,EAAAwH,gBAAgBqe,wBAAwBhH,EAAU3Y,MAAO4W,GACjE3c,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeC,MAAO9Z,EAAMyW,WACtDtW,KAAKoT,aAAawD,QAAQ,EAAA8C,eAAeE,WAAY/Z,EAAMqa,cAenE,GAVAla,KAAKoT,aAAa8J,WAAW,EAAA7J,UAAUuF,0BAA0B,EAAA/B,mBAAmB+F,aAAc8B,EAAU3Y,QAC5G/F,KAAKoT,aAAaiD,oBAAoBqI,EAAU3Y,OAChD/F,KAAKiJ,OAAOgD,QAAQ,mDAGhBjM,KAAK4S,WACL5S,KAAKiJ,OAAOgD,QAAQ,oDACpBjM,KAAKoT,aAAauS,cAAc9B,EAAc,IAAK,GACnD7jB,KAAKoT,aAAa8K,gBAAgBQ,EAAU3Y,QAE5ClG,EAEA,MAAMA,EAGV,IAAKqV,EACD,MAAM,EAAAkI,UAAUC,sBAAsB,oBAG1C,OAAOnI,GAWH,YAAA4P,kBAAR,SAA0B/e,EAAe6M,EAAmBQ,EAAyB8P,GACjFljB,KAAKiJ,OAAOgD,QAAQ,qCACpB,IAAM4X,EAAuB,EAAAxQ,UAAU4Q,qBAAqBle,GACtD6f,EAA0BxS,EAAa0H,QAAQ+I,EAAcjR,GAGnE,OAAO,EAAAxN,YAAYC,QAAQugB,GAAmBA,EAAkB,EAAAnd,SAASod,kBAAkBD,EAAiB1C,EAAWjd,WAe3H,YAAAqR,WAAA,WAEI,GAAItX,KAAKsG,QACL,OAAOtG,KAAKsG,QAIhB,IAAMyD,EAAa/J,KAAKoT,aAAa0H,QAAQ,EAAA6J,oBAAoBC,QAAS5kB,KAAK4S,UACzE7L,EAAgB/G,KAAKoT,aAAa0H,QAAQ,EAAA6J,oBAAoBI,YAAa/kB,KAAK4S,UAEtF,IAAK,EAAAxN,YAAYC,QAAQ0E,KAAgB,EAAA3E,YAAYC,QAAQ0B,GAAgB,CACzE,IAAMlC,EAAU,IAAI,EAAA4F,QAAQV,GACtBhF,EAAa,IAAI,EAAAoC,WAAWJ,EAAe,IAEjD,OADA/G,KAAKsG,QAAU,EAAAd,QAAQV,cAAcD,EAASE,GACvC/E,KAAKsG,QAGhB,OAAO,MAUX,YAAA+Q,gBAAA,SAAiBtR,GACb,GAAIA,EAAO,CACP,IAAMgI,EAAahI,EAAMpF,QAAQ,EAAAqN,UAAUC,mBAC3C,GAAIF,GAAc,GAAKA,EAAa,EAAIhI,EAAM3G,OAC1C,OAAO2G,EAAMmI,UAAUH,EAAa,GAG5C,OAAOhI,GAQX,YAAA+f,eAAA,WAII,IAHA,IAAMC,EAA2B,GAC3BvC,EAAwBxjB,KAAKoT,aAAaiL,mBAAmB,EAAArQ,UAAU5F,SAAU,EAAA4F,UAAUzJ,uBAExFtF,EAAI,EAAGA,EAAIukB,EAAsBpkB,OAAQH,IAAK,CACnD,IAAM4F,EAAU,IAAI,EAAA4F,QAAQ+Y,EAAsBvkB,GAAGI,MAAMwF,SACrDE,EAAa,IAAI,EAAAoC,WAAWqc,EAAsBvkB,GAAGI,MAAMkF,sBAAuB,IAClF+B,EAAmB,EAAAd,QAAQV,cAAcD,EAASE,GACxDghB,EAASnmB,KAAK0G,GAGlB,OAAOtG,KAAKgmB,kBAAkBD,IAU1B,YAAAC,kBAAR,SAA0BD,GACtB,IAAKA,GAAYA,EAAS3mB,QAAU,EAChC,OAAO2mB,EAKX,IAFA,IAAME,EAAuB,GACvBC,EAAiC,GAC9BC,EAAQ,EAAGA,EAAQJ,EAAS3mB,SAAU+mB,EACvCJ,EAASI,GAAO5hB,wBAAmF,IAA1D0hB,EAAMtlB,QAAQolB,EAASI,GAAO5hB,yBACvE0hB,EAAMrmB,KAAKmmB,EAASI,GAAO5hB,uBAC3B2hB,EAAetmB,KAAKmmB,EAASI,KAIrC,OAAOD,GAcH,YAAAlM,UAAR,SAAkBoM,EAAmBC,GACjC,IAAMC,EAAM,IAAIC,YAAYH,EAAW,CAAEI,OAAQH,IACjD/S,OAAOmT,cAAcH,IAaf,YAAAI,uBAAV,SAAiCtgB,EAAyBE,EAAkBP,EAAegF,GAEvF,IAAM4b,EAAyBrgB,GAAWtG,KAAKsX,aAC/C,IAAKqP,EACD,OAAO,KAIX,IAAMC,EAAe5mB,KAAKwP,kBAAoBxP,KAAKwP,kBAAoB,EAAA0D,iBAAiBsB,eAAexU,KAAKgH,UAAWhH,KAAK0S,OAAO/I,KAAKtB,mBAClIkH,EAAevP,KAAKkY,aAAayO,EAAevgB,GAEhDkS,EAA8B,IAAI,EAAAlI,wBACpCwW,EACA5mB,KAAKoI,SACLmH,EACAvP,KAAKuY,iBACLnS,EACAL,EACAgF,GAIJ,OAAO/K,KAAKkb,eAAe5C,EAA6BhS,IAWlD,YAAAugB,qBAAV,SAA+BC,GAE3B,GAAI9mB,KAAK0S,OAAO5I,UAAUN,qBAAqBpK,OAAS,EACpD,IAAK,IAAIH,EAAI,EAAGA,EAAIe,KAAK0S,OAAO5I,UAAUN,qBAAqBpK,OAAQH,IACnE,GAAI6nB,EAASnmB,QAAQX,KAAK0S,OAAO5I,UAAUN,qBAAqBvK,KAAO,EACnE,OAAO,KAMnB,GAAIe,KAAK0S,OAAO5I,UAAUL,qBAAqBsd,KAAO,EAClD,IAAkB,UAAAtoB,MAAMuoB,KAAKhnB,KAAK0S,OAAO5I,UAAUL,qBAAqBkI,QAAtD,eAA+D,CAA5E,IAAM3Q,EAAG,KAEV,GAAI8lB,EAASnmB,QAAQK,IAAQ,EACzB,OAAOhB,KAAK0S,OAAO5I,UAAUL,qBAAqBwd,IAAIjmB,GAUlE,OAAI8lB,EAASnmB,QAAQ,YAAc,GAAKmmB,EAASnmB,QAAQ,aAAe,EAChE,EAAA8H,SAASye,eAAeJ,KAAc,EAAAre,SAASye,eAAelnB,KAAKuY,kBAC5D,IAAI9Z,MAAcuB,KAAKoI,UAW/B,KAJI,IAAI3J,MAAcuB,KAAKoI,WAW/B,YAAA+e,mBAAP,WACI,OAAOnnB,KAAKoT,aAAac,yBAAwB,IAS3C,YAAAoB,yBAAV,SAAmCyB,GAC/B/W,KAAKoT,aAAakC,yBAAyByB,IASrC,YAAAqQ,mBAAV,SAA6BC,GACzBrnB,KAAKsV,yBAAyB+R,IASxB,YAAAC,0BAAV,WACI,OAAOtnB,KAAKoT,aAAac,yBAAwB,IAS3C,YAAAqT,0BAAV,SAAoCC,GAChCxnB,KAAKsV,yBAAyBkS,IASlC,YAAAC,UAAA,WACI,OAAOznB,KAAKiJ,QAOhB,YAAAye,UAAA,SAAUze,GACNjJ,KAAKiJ,OAASA,GAaX,YAAAsP,eAAP,SAAsBoP,GAClB,OAAGA,IAG8C,mBAAjC3nB,KAAK0S,OAAO/I,KAAKnB,YACtBxI,KAAK0S,OAAO/I,KAAKnB,cAErBxI,KAAK0S,OAAO/I,KAAKnB,cASrB,YAAAqV,yBAAP,WACI,MAAsD,mBAA3C7d,KAAK0S,OAAO/I,KAAKhB,sBACjB3I,KAAK0S,OAAO/I,KAAKhB,wBAErB3I,KAAK0S,OAAO/I,KAAKhB,uBAQrB,YAAAif,wBAAP,WACI,IAAK5nB,KAAK0S,OACN,MAAM,EAAA7L,yBAAyBghB,gCAEnC,OAAO7nB,KAAK0S,QAaR,YAAAwF,aAAR,SAAqByO,EAAwBvgB,GACzC,IAAM4L,EAAgB,EAAAxM,QAAQI,gBAAgB+gB,EAAe3mB,KAAKsX,cAClE,OAAO,EAAAlH,wBAAwB2B,sBAAsBC,EAAe5L,IAYhE,YAAA0hB,gBAAR,SAAwBxhB,EAAkBP,GAGtC,IAAMme,EAAY5d,EAAUtG,KAAK+nB,aAAazhB,GAAW,EAAA0H,UAAUmW,WAE7DL,EAAyB,EAAAzQ,UAAU+Q,+BAA+BF,EAAWne,GACnF/F,KAAKoT,aAAawD,QAAQkN,EAAwBnd,KAAKe,UAAUpB,KAY7D,YAAA0hB,kBAAR,SAA0BjiB,EAAeiB,GAErC,IAAM6c,EAAe,EAAAxQ,UAAU4Q,qBAAqBle,GACpD/F,KAAKoT,aAAawD,QAAQiN,EAAc,EAAApb,SAASwf,gBAAgBjhB,GAAYhH,KAAK4S,WAU9E,YAAA4F,mBAAR,SAA2BF,EAAsDhS,EAAkBmQ,EAAsB0B,GAEjHA,GACAnY,KAAKoT,aAAawD,QAAQ,EAAAvD,UAAUuF,0BAA0B,EAAA/B,mBAAmBwI,cAAe/G,EAA4BvS,OAAQoS,EAAgBnY,KAAK4S,UAIzJ6D,EAEAzW,KAAKoT,aAAawD,QAAQ,EAAAvD,UAAUuF,0BAA0B,EAAA/B,mBAAmBwJ,YAAa/H,EAA4BvS,OAAQuS,EAA4BvS,MAAO/F,KAAK4S,UAE1K5S,KAAK8nB,gBAAgBxhB,EAASgS,EAA4BvS,OAG9D/F,KAAKgoB,kBAAkB1P,EAA4BvS,MAAOuS,EAA4BtR,WAGtFhH,KAAKoT,aAAawD,QAAQ,EAAAvD,UAAUuF,0BAA0B,EAAA/B,mBAAmB0O,cAAejN,EAA4BvS,OAAQuS,EAA4BlO,MAAOpK,KAAK4S,WASxK,YAAAmV,aAAR,SAAqBzhB,GAUjB,OAPK,EAAAlB,YAAYC,QAAQiB,EAAQ/B,uBAIjB,EAAAyJ,UAAUmW,WAHV7d,EAAQ/B,uBAepB,YAAAoT,oBAAR,SAA4BlR,GAUxB,MAR+C,CAC3CL,OAAQ,EAAA4H,UAAUqB,WAClBrI,UAAWhH,KAAKgH,UAChBV,QAAStG,KAAKsX,aACd7G,qBAAsBhK,EAAQgK,qBAC9B1F,cAAetE,EAAQsE,gBAavB,YAAA+H,8BAAR,SAAsCJ,EAA0BtK,GAC5D,IAAKsK,EACD,OAAO,UAAiBwV,wBAAwB9f,EAAUpI,KAAKiJ,QAG3D,IAAAkf,EAAA,EAAAA,gBAAiBC,EAAA,EAAAA,mBAAoBC,EAAA,EAAAA,iBAC7C,IAAKF,IAAoBC,IAAuBC,EAC5C,MAAM,EAAAxhB,yBAAyByhB,2BAA2B5V,GAG9D,IAIM6V,EAA0C,CAC5CC,SALyC,CACzCL,gBAAe,EACfC,mBAAkB,GAIlBhgB,SAAUA,GAEd,OAAO,IAAI,UAAiBmgB,EAAwBF,EAAkBroB,KAAKiJ,SAInF,EA9uEA,GAAa,EAAAwf,wB,qECrHb,YAQA,2BAwDA,OAtDW,YAAAC,iBAAP,SAAwBC,EAAavU,EAAgBwU,GAArD,WACI,OAAO,IAAI5mB,SAAqB,SAACC,EAASC,GACtC,IAAM2mB,EAAM,IAAIC,eA8BhB,GA7BAD,EAAItM,KAAKnI,EAAQuU,GAAkB,GAQnCE,EAAIE,OAAS,WAIT,IAAIC,GAHAH,EAAII,OAAS,KAAOJ,EAAII,QAAU,MAClC/mB,EAAO,EAAKgnB,YAAYL,EAAIM,eAGhC,IACIH,EAAeriB,KAAKC,MAAMiiB,EAAIM,cAChC,MAAOzpB,GACLwC,EAAO,EAAKgnB,YAAYL,EAAIM,eAEhC,IAAMjU,EAAwB,CAC1BkU,WAAYP,EAAII,OAChBzmB,KAAMwmB,GAEV/mB,EAAQiT,IAGZ2T,EAAIQ,QAAU,WACVnnB,EAAO2mB,EAAII,SAGX7U,IAAW,EAAAkV,mBAAmBC,IAI9B,KAAM,kBAHNV,EAAIW,WAQN,YAAAN,YAAV,SAAsBC,GAClB,IAAIH,EACJ,IAEI,IADAA,EAAeriB,KAAKC,MAAMuiB,IACF,MACpB,OAAOH,EAAoB,MAE3B,MAAMG,EAEZ,MAAOzpB,GACL,OAAOypB,IAGnB,EAxDA,GAAa,EAAAM,a,yECKDzE,E,SAXZ,SACA,SACA,SAGA,SACA,SAKA,SAAYA,GACR,yBACA,mBAFJ,CAAYA,EAAA,EAAAA,gBAAA,EAAAA,cAAa,KAQzB,iBACI,WAAYhe,EAAmBqB,EAA4BC,GACvDtI,KAAK0pB,oBAAsBrhB,EAC3BrI,KAAK4P,mBAAqB5I,EAE1BhH,KAAK2pB,gBACL3pB,KAAK4pB,wBAA0BthB,EA6JvC,OA1JkB,EAAAuhB,OAAd,SAAqBC,GACjB,IACMC,EADa,EAAAthB,SAASiX,iBAAiBoK,GACbE,aAEhC,OAAQD,EAAa3qB,QAAU2qB,EAAa,GAAGrd,gBAAkB,EAAAsB,UAAUic,MAG/E,sBAAWC,EAAA,0BAAa,C,IAAxB,WACI,OAAOA,EAAUL,OAAO7pB,KAAKmqB,oBAAqBnF,EAAcC,KAAOD,EAAcoF,S,gCAKzF,sBAAW,qBAAM,C,IAAjB,WACI,OAAOpqB,KAAKqqB,gCAAgCL,aAAa,I,gCAK7D,sBAAW,oCAAqB,C,IAAhC,WAEI,OADAhqB,KAAKsqB,mBACEtqB,KAAK4pB,wBAAwBW,sBAAsBC,QAAQ,uBAAwBxqB,KAAKyqB,S,gCAGnG,sBAAW,iCAAkB,C,IAA7B,WAEI,OADAzqB,KAAKsqB,mBACEtqB,KAAK4pB,wBAAwB9L,mBAAmB0M,QAAQ,uBAAwBxqB,KAAKyqB,S,gCAGhG,sBAAW,oCAAqB,C,IAAhC,WAEI,OADAzqB,KAAKsqB,mBACEtqB,KAAK4pB,wBAAwBc,OAAOF,QAAQ,uBAAwBxqB,KAAKyqB,S,gCAG5E,YAAAH,iBAAR,WACI,IAAKtqB,KAAKgY,oBACN,KAAM,2CAOd,sBAAW,iCAAkB,C,IAA7B,WACI,OAAOhY,KAAKmqB,oB,IAGhB,SAA8BxB,GAC1B3oB,KAAKmqB,mBAAqB,EAAA1hB,SAASwf,gBAAgBU,GACnD3oB,KAAK2qB,gCAAkC,M,gCAM3C,sBAAW,8CAA+B,C,IAA1C,WAKI,OAJK3qB,KAAK2qB,kCACN3qB,KAAK2qB,gCAAkC,EAAAliB,SAASiX,iBAAiB1f,KAAK4P,qBAGnE5P,KAAK2qB,iC,gCAIhB,sBAAc,iDAAkC,C,IAAhD,WACI,OAAQ3qB,KAAKglB,gBAAkBA,EAAcC,KAAO,GAAGjlB,KAAK4P,mBAAqB,EAAAgb,kBAAyB5qB,KAAK4P,mBAAkB,QAAQ,EAAAgb,mB,gCAMrI,YAAAjB,cAAR,WACI,IAAIkB,EACJ,IACIA,EAAa7qB,KAAKqqB,gCACpB,MAAO3qB,GACL,MAAM,EAAAorB,gCAAgCC,qBAG1C,IAAKF,EAAWG,UAAkD,WAAtCH,EAAWG,SAASte,cAC5C,MAAM,EAAAoe,gCAAgCG,qBAG1C,IAAKJ,EAAWb,cAAgBa,EAAWb,aAAa5qB,OAAS,EAC7D,MAAM,EAAA0rB,gCAAgCI,yBAOtC,YAAAC,kBAAR,SAA0BC,EAAqCvY,EAAoC9H,GAC/F,IAAMsgB,EAAS,IAAI,EAAA5B,UAEb6B,EAAa,EAAAhC,mBAAmBC,IAChCgC,EAAuB1Y,EAAiB2Y,wBAAwBzgB,EAAeugB,EAAYF,EAA6B,+BAE9H,OAAOC,EAAO3C,iBAAiB0C,EAA6BE,GAAiC,GACxF/oB,MAAK,SAAC2S,GAGH,OAFAqW,EAAUE,mBAAqBvW,EAASkU,WACxCvW,EAAiB6Y,UAAUH,GACM,CAC7BhB,sBAAuBrV,EAAS1S,KAA6B,uBAC7Dsb,mBAAoB5I,EAAS1S,KAA2B,qBACxDkoB,OAAQxV,EAAS1S,KAAa,WAGrC4T,OAAM,SAAAwI,GAGH,MAFA2M,EAAUI,gBAAkB/M,EAC5B/L,EAAiB6Y,UAAUH,GACrB3M,MAUL,YAAAgN,sBAAb,SAAmC/Y,EAAoC9H,G,+BAAwB/I,SAAO,W,+EAC9FhC,KAAK0pB,qBACCmC,EAAO7rB,KAAK2qB,gCAAgCvJ,gBACG,IAAjD,EAAApO,iBAAiB8Y,qBAAqB1sB,OAAtC,MACA,GAAM,EAAA4T,iBAAiB+Y,iCAAiC/rB,KAAKmqB,mBAAoBtX,EAAkB9H,KAHvG,M,OAGI,S,iBAGJ,IAAK,EAAAiI,iBAAiBgZ,oBAAoBH,GACtC,MAAM,EAAAhlB,yBAAyBolB,8BAA8BJ,G,iBAItC,OADzBK,EAAsClsB,KAAKmsB,iCACjD,EAAAnsB,KAA+B,GAAMA,KAAKmrB,kBAAkBe,EAAqCrZ,EAAkB9H,I,OAEnH,OAFA,EAAK6e,wBAA0B,SAExB,CAAP,EAAO5pB,KAAK4pB,iCAMT,YAAA5R,kBAAP,WACI,SAAUhY,KAAK4pB,yBACX5pB,KAAK4pB,wBAAwBW,uBAC7BvqB,KAAK4pB,wBAAwB9L,oBAC7B9d,KAAK4pB,wBAAwBc,SAO9B,YAAAyB,+BAAP,WACI,OAAOnsB,KAAKosB,oCAEpB,EAnKA,GAAa,EAAAlC,a,kFClBb,SACA,SACA,SAIA,2BAgDA,OA7CwB,EAAAjS,wBAApB,SAA4CzI,EAA8BqD,EAAoC9H,G,+BAAwB/I,SAAO,W,oEACxH,SAAMwN,EAAkBoc,sBAAsB/Y,EAAkB9H,I,OAEjF,OAFMpJ,EAAW,SACjB3B,KAAKqsB,YAAYC,IAAI9c,EAAkBI,mBAAoBjO,GACpD,CAAP,EAAOA,WAGG,EAAA4qB,YAAd,SAA0BzC,GACtB,OAAO9pB,KAAKqsB,YAAYpF,IAAI6C,IAGlB,EAAA3W,uBAAd,SAAqC2W,EAAsB0C,GACvD,IACI,GAAIA,EAAuB,CACvB,IAAMC,EAAiB9lB,KAAKC,MAAM4lB,GAElC,IAAKC,EAAeC,yBAA2BD,EAAeE,uBAAyBF,EAAe9mB,OAClG,MAAM,EAAAkB,yBAAyB+lB,sCAGnC5sB,KAAKqsB,YAAYC,IAAIxC,EAAc,CAC/BS,sBAAuBkC,EAAeC,uBACtC5O,mBAAoB2O,EAAeE,qBACnCjC,OAAQ+B,EAAe9mB,UAGjC,MAAOjG,GACL,MAAM,EAAAmH,yBAAyB+lB,wCAQzB,EAAApY,eAAd,SAA6BsV,EAAsBzhB,EAA4BC,GAC3E,OAAI,EAAAlD,YAAYC,QAAQykB,GACb,MAGPxhB,GAEAtI,KAAKmT,uBAAuB2W,EAAcxhB,GAEvC,IAAI,EAAA4hB,UAAUJ,EAAczhB,EAAmBrI,KAAKqsB,YAAYpF,IAAI6C,MA7ChE,EAAAuC,YAAc,IAAI3iB,IA+CrC,EAhDA,GAAa,EAAAwJ,oB,kFCRb,SAEA,QACA,SAEA,2BAwEA,OAhEkB,EAAAD,gCAAd,SAA8C5K,EAA4BE,GAClEF,IAAsBrI,KAAK8rB,qBAAqB1sB,QAChDmJ,EAAiBqJ,SAAQ,SAAS5K,GAC9BgM,EAAiB6Z,gBAAgBjtB,KAAKoH,EAAU0F,mBAUvC,EAAAogB,WAArB,SAAgCC,EAA2Bla,EAAoC9H,G,+BAAyB/I,SAAO,W,mDAM3H,OALMqpB,EAAoB,IAAI,EAAA5B,UAExB6B,EAAa,EAAAhC,mBAAmBC,IAChCyD,EAA4B,GAAG,EAAAC,gCAAkCF,EAAiB,wBAClFxB,EAAuB1Y,EAAiB2Y,wBAAwBzgB,EAAeugB,EAAY0B,EAA2B,cACrH,CAAP,EAAO3B,EAAO3C,iBAAiBsE,EAA2B1B,GAAY,GACjE/oB,MAAK,SAAC2S,GAGH,OAFAqW,EAAUE,mBAAqBvW,EAASkU,WACxCvW,EAAiB6Y,UAAUH,GACpBrW,EAAS1S,KAAe,YAElC4T,OAAM,SAAAwI,GAGH,MAFA2M,EAAUI,gBAAkB/M,EAC5B/L,EAAiB6Y,UAAUH,GACrB3M,aASE,EAAAmN,iCAApB,SAAqDgB,EAA2Bla,EAAoC9H,G,+BAAyB/I,SAAO,W,oEAC/H,SAAMhC,KAAK8sB,WAAWC,EAAmBla,EAAkB9H,I,cAA3D,SACR6G,SAAQ,SAASsb,GACaA,EAAe,QACtCtb,SAAQ,SAAS5K,GACzBgM,EAAiB6Z,gBAAgBjtB,KAAKoH,EAAU0F,qBAIlDmf,EAAO,EAAApjB,SAASiX,iBAAiBqN,GAAmB3L,gBACtDpO,EAAiB8Y,qBAAqB1sB,SAAW4T,EAAiBgZ,oBAAoBH,IAEtF7Y,EAAiB6Z,gBAAgBjtB,KAAKisB,EAAKnf,e,YAIrC,EAAAof,mBAAd,WACI,OAAO9rB,KAAK6sB,iBAOF,EAAAb,oBAAd,SAAkCH,GAC9B,OAAO7rB,KAAK6sB,gBAAgBlsB,QAAQkrB,EAAKnf,gBAAkB,GArEhD,EAAAmgB,gBAAiC,GAuEpD,EAxEA,GAAa,EAAA7Z,oB,mECAb,MAKI,SAAYhS,EAAqB3B,GAC7BW,KAAKgB,IAAMA,EACXhB,KAAKX,MAAQA,GAPR,EAAA8tB,wB,oECNb,aACA,SAKA,EAOI,SAAYnmB,EAAmBoB,EAAkBhC,EAAgBlB,EAAaC,GAC1EnF,KAAKgH,UAAY,EAAAyB,SAASwf,gBAAgBjhB,GAC1ChH,KAAKoI,SAAWA,EAChBpI,KAAKoG,OAASA,EACdpG,KAAKuE,sBAAwB,EAAAe,YAAYC,aAAaL,GAAO,IAAM,EAAAI,YAAYC,aAAaJ,IAXvF,EAAA2d,kB,mECHb,MAOI,SAAY3c,EAAqBtB,EAAiBqd,EAAmB3d,GACjEvE,KAAKmG,YAAcA,EACnBnG,KAAK6E,QAAUA,EACf7E,KAAKkiB,UAAYA,EACjBliB,KAAKuE,sBAAwBA,GAXxB,EAAAye,oB,kFCHb,QACA,SAEA,QACA,QAEA,SACA,SAKA,cAMI,WAAY5a,EAAkBU,EAA8BC,GAA5D,MACI,YAAMD,IAAc,K,OACpB,EAAKskB,eAAiB,IAAI,EAAAC,eAAe,EAAAC,iBACzC,EAAKllB,SAAWA,EAEhB,EAAKmlB,iBAAkB,EACvB,EAAKC,oBAAoBzkB,G,EA0XjC,OAtY+B,iBAmBnB,YAAAykB,oBAAR,SAA4BzkB,GAA5B,IASQlE,EATR,OAEU4oB,EAAgB,EAAAzf,UAAU0f,YAAW,IAAI,EAAA/I,oBAAoBC,QAC7D+I,EAAmB,EAAA3f,UAAU0f,YAAW,IAAI,EAAA/I,oBAAoBI,YAChE6I,EAAc,EAAA5f,UAAU0f,YAAW,IAAI,EAAAhU,eAAeC,MACtDkU,EAAkB,EAAA7f,UAAU0f,YAAW,IAAI,EAAAhU,eAAeE,WAE1DgI,EAAe,YAAM9G,QAAO,UAAC2S,GAInC,GAAI7L,EACA,IACI/c,EAAU,IAAI,EAAA4F,QAAQmX,GACxB,MAAOliB,GACL,OAIR,GAAImF,GAAWA,EAAQa,QAAUb,EAAQa,OAAOooB,MAAQ9tB,KAAKoI,SAAU,CACnE,IAIM,EAAS,CAACwZ,EAJQ,YAAM9G,QAAO,UAAC6S,GACnB,YAAM7S,QAAO,UAAC8S,GACV,YAAM9S,QAAO,UAAC+S,IAGf,CAAC,EAAAlJ,oBAAoBC,QAAS,EAAAD,oBAAoBI,YAAY,EAAArL,eAAeC,MAAO,EAAAD,eAAeE,YAE3GhI,SAAQ,SAACmc,EAAU5H,GAAU,SAAK6H,oBAAoBD,EAAU,EAAO5H,GAAQpd,QAU7F,YAAAilB,oBAAR,SAA4BC,EAAgB5uB,EAAe0J,GACnD1J,GACAW,KAAK4W,QAAQqX,EAAQ5uB,EAAO0J,IAS5B,YAAAmlB,iBAAR,SAAyBltB,EAAamtB,GAClC,IAGI,OADAxnB,KAAKC,MAAM5F,GACJA,EACT,MAAOtB,GACL,OAAgD,IAA5CsB,EAAIL,QAAQ,GAAG,EAAAqN,UAAU0f,cAA+D,IAAvC1sB,EAAIL,QAAQ,EAAAqN,UAAU6M,aAChE7Z,EAEJmtB,EAAmB,EAAAngB,UAAU0f,YAAW,IAAI1tB,KAAKoI,SAAQ,IAAIpH,EAAW,EAAAgN,UAAU0f,YAAW,IAAI1sB,IAaxG,YAAAotB,gBAAR,SAAwBptB,EAAYoH,EAAkB7D,EAA+B2B,GAEjF,IAAMmoB,EAAY,EAAAjpB,YAAYkpB,6BAA6BttB,GAE3D,IAAKqtB,EACD,OAAO,KAIX,IAAME,EAAiBvtB,EAAIwtB,MAAMpmB,IAAapH,EAAIwtB,MAAMjqB,GAEpDkqB,GAAmB,EAEvB,OAAQvoB,GACJ,KAAK,EAAA4Y,oBAAoBC,aAErB0P,IAAqBztB,EAAIwtB,MAAM,EAAAxgB,UAAU5H,QACzC,MACJ,KAAK,EAAA0Y,oBAAoB3N,SAErBsd,GAAoBztB,EAAIwtB,MAAM,EAAAxgB,UAAU5H,QAIhD,OAAQmoB,GAAkBE,EAAoBJ,EAAY,MAS9D,YAAAzX,QAAA,SAAQ5V,EAAa3B,EAAeqvB,GAChC,YAAM9X,QAAO,UAAC5W,KAAKkuB,iBAAiBltB,GAAK,GAAO3B,EAAOqvB,GAGnD1uB,KAAKutB,kBAAoBmB,GACzB,YAAM9X,QAAO,UAAC5W,KAAKkuB,iBAAiBltB,GAAK,GAAQ3B,EAAOqvB,IAShE,YAAA5T,QAAA,SAAQ9Z,EAAa0tB,GACjB,OAAO,YAAM5T,QAAO,UAAC9a,KAAKkuB,iBAAiBltB,GAAK,GAAO0tB,IAO3D,YAAAxR,WAAA,SAAWlc,GACPhB,KAAKotB,eAAelQ,WAAWld,KAAKkuB,iBAAiBltB,GAAK,IAC1D,YAAMkc,WAAU,UAACld,KAAKkuB,iBAAiBltB,GAAK,IACxChB,KAAKutB,iBACL,YAAMrQ,WAAU,UAACld,KAAKkuB,iBAAiBltB,GAAK,KAUpD,YAAA2tB,iBAAA,SAAiB3tB,EAAa3B,EAAeqvB,GACzC1uB,KAAKotB,eAAexW,QAAQ5W,KAAKkuB,iBAAiBltB,GAAK,GAAO3B,EAAOqvB,IAQzE,YAAAE,iBAAA,SAAiB5tB,EAAa0tB,GAC1B,OAAO1uB,KAAKotB,eAAetS,QAAQ9a,KAAKkuB,iBAAiBltB,GAAK,GAAO0tB,IAMzE,YAAAzQ,gBAAA,WACI,IACIjd,EADE6tB,EAAUvb,OAAOtT,KAAK8I,eAE5B,IAAK9H,KAAO6tB,EAEJA,EAAQlwB,eAAeqC,KAAiD,IAAxCA,EAAIL,QAAQ,EAAAqN,UAAU0f,cACtD,YAAMxQ,WAAU,UAAClc,IAS7B,YAAAqV,oBAAA,SAAoBtQ,GAApB,WACU+oB,EAAU/oB,GAAS,EAAA0P,aAAawK,kBAAkBla,GAAOgpB,GACzDC,EAA2BhvB,KAAKivB,uBAAuBlpB,GAEvD8oB,EAAUvb,OAAOtT,KAAK8I,eAExBgmB,IAAYE,GACZ1wB,OAAOqT,KAAKkd,GAASjd,SAAQ,SAAA5Q,IACK,IAA1BA,EAAIL,QAAQmuB,KACZ,EAAK5R,WAAWlc,GAChB,YAAMkuB,gBAAe,OAACluB,OAKlChB,KAAKsV,0BAAyB,GAC9BtV,KAAKkd,WAAW,EAAArG,mBAAmBC,mBASvC,YAAA6O,cAAA,SAAcwJ,EAAeC,EAAgBC,GACzC,YAAM1J,cAAa,UAAC3lB,KAAKkuB,iBAAiBiB,GAAO,GAAOC,EAAQC,GAC5DrvB,KAAKutB,iBACL,YAAM5H,cAAa,UAAC3lB,KAAKkuB,iBAAiBiB,GAAO,GAAQC,EAAQC,IAIzE,YAAAH,gBAAA,SAAgBC,GACZ,YAAMD,gBAAe,UAAClvB,KAAKkuB,iBAAiBiB,GAAO,IAC/CnvB,KAAKutB,iBACL,YAAM2B,gBAAe,UAAClvB,KAAKkuB,iBAAiBiB,GAAO,KAQ3D,YAAAG,cAAA,SAAcH,GACV,OAAO,YAAMG,cAAa,UAACtvB,KAAKkuB,iBAAiBiB,GAAO,KAS5D,YAAAI,mBAAA,SAAmBnnB,EAAkB7D,EAA+B2B,GAApE,WAkBI,OAjBgB5H,OAAOqT,KAAK2B,OAAOtT,KAAK8I,gBAAgB0mB,QAAO,SAACC,EAAQzuB,GACpE,IAAM0uB,EAAkC,EAAKtB,gBAAgBptB,EAAKoH,EAAU7D,EAAuB2B,GACnG,GAAIwpB,EAAiB,CACjB,IAAMrwB,EAAQ,EAAKyb,QAAQ9Z,GAC3B,GAAI3B,EACA,IACI,IAAMswB,EAA0B,IAAI,EAAAxC,qBAAqBuC,EAAiB/oB,KAAKC,MAAMvH,IACrF,OAAOowB,EAAOpsB,OAAO,CAAEssB,IACzB,MAAO/Q,GAEL,OAAO6Q,GAKnB,OAAOA,IACR,KASP,YAAApR,mBAAA,SAAmBjW,EAAkB7D,GACjC,OAAOvE,KAAKuvB,mBAAmBnnB,EAAU7D,EAAuB,EAAAua,oBAAoBC,eAOxF,YAAAyC,eAAA,SAAepZ,EAAkB7D,GAC7B,OAAOvE,KAAKuvB,mBAAmBnnB,EAAU7D,EAAuB,EAAAua,oBAAoB3N,WAQxF,YAAA6M,aAAA,SAAa5V,EAAkB7D,GAC3B,IAAMqrB,EAAe5vB,KAAKqe,mBAAmBjW,EAAU7D,GACjDsrB,EAAY7vB,KAAKwhB,eAAepZ,EAAU7D,GAChD,OAAWqrB,EAAY,OAAKC,IAOhC,YAAA3b,wBAAA,SAAwB4b,GACpB,IAAM1nB,EAAWpI,KAAK+vB,2BACtB,OAAID,EACO1nB,IAAapI,KAAKoI,WAEhBA,GAOjB,YAAA2nB,yBAAA,WACI,OAAO/vB,KAAK4uB,iBAAiB5uB,KAAKkuB,iBAAiB,EAAArX,mBAAmBmZ,oBAAoB,KAO9F,YAAA1a,yBAAA,SAAyB2a,GACjBA,IAAuBjwB,KAAKkU,yBAAwB,GAEpDlU,KAAK2uB,iBAAiB3uB,KAAKkuB,iBAAiB,EAAArX,mBAAmBmZ,oBAAoB,GAAQhwB,KAAKoI,WACxF6nB,GAAsBjwB,KAAKkU,yBAAwB,IAE3DlU,KAAKkd,WAAWld,KAAKkuB,iBAAiB,EAAArX,mBAAmBmZ,oBAAoB,KAS7E,YAAAf,uBAAR,SAA+BiB,GAC3B,IAAMC,EAAcnwB,KAAK8a,QAAQzH,EAAUuF,0BAA0B,EAAA/B,mBAAmB+F,aAAcsT,IACtG,SAAUC,GAAeA,IAAgB,EAAAniB,UAAU+I,aAMhD,YAAAmH,gBAAP,SAAuBnY,GAAvB,WAKQA,GACA/F,KAAKkvB,gBAAgB7b,EAAUuF,0BAA0B,EAAA/B,mBAAmB0O,cAAexf,IAC3F/F,KAAKkvB,gBAAgB7b,EAAUuF,0BAA0B,EAAA/B,mBAAmBwJ,YAAata,IACzF/F,KAAKkvB,gBAAgB7b,EAAUuF,0BAA0B,EAAA/B,mBAAmBwI,cAAetZ,IAC3F/F,KAAKkvB,gBAAgB7b,EAAUuF,0BAA0B,EAAA/B,mBAAmBgC,gBAAiB9S,KAE7E+V,SAASsU,OAAOxoB,MAAM,KAC9BgK,SAAQ,SAAAye,GAER,IAAAC,EAAA,uBAGAA,EAAW3vB,QAAQ,EAAAqN,UAAU0f,cAAgB,GAC7C,YAAMwB,gBAAe,OAACoB,OAWxB,EAAAlM,+BAAd,SAA6CF,EAAmBne,GAC5D,IAAM+oB,EAAU,EAAArZ,aAAawK,kBAAkBla,GAAOgpB,GACtD,MAAO,GAAG,EAAAlY,mBAAmB0Z,sBAAwB,EAAAviB,UAAUC,kBAAoBiW,EAAY,EAAAlW,UAAUC,kBAAoB6gB,GAOnH,EAAA7K,qBAAd,SAAmCle,GAC/B,OAAOsN,EAAUuF,0BAA0B,EAAA/B,mBAAmB2Z,UAAWzqB,IAQ/D,EAAA6S,0BAAd,SAAwC6X,EAAkC1qB,GAEtE,IAAM+oB,EAAU,EAAArZ,aAAawK,kBAAkBla,GAAOgpB,GACtD,MAAO,GAAG0B,EAAe,EAAAziB,UAAUC,kBAAoB6gB,GAE/D,EAtYA,CAA+B,EAAAzB,gBAAlB,EAAAha,a,oECXb,aACA,SAKA,aAII,WAAYvK,GACR,IAAKwK,OACD,MAAM,EAAA8J,UAAUsT,0BAA0B,sDAI9C,QAD0D,IAA1Bpd,OAAOxK,IAA4D,OAA1BwK,OAAOxK,GAE5E,MAAM,EAAAjC,yBAAyB8pB,+BAA+B7nB,GAElE9I,KAAK8I,cAAgBA,EA+F7B,OAtFI,YAAA8N,QAAA,SAAQ5V,EAAa3B,EAAeqvB,GAChCpb,OAAOtT,KAAK8I,eAAe8N,QAAQ5V,EAAK3B,GACpCqvB,GACA1uB,KAAK2lB,cAAc3kB,EAAK3B,IAShC,YAAAyb,QAAA,SAAQ9Z,EAAa0tB,GACjB,OAAIA,GAAuB1uB,KAAKsvB,cAActuB,GACnChB,KAAKsvB,cAActuB,GAEvBsS,OAAOtT,KAAK8I,eAAegS,QAAQ9Z,IAO9C,YAAAkc,WAAA,SAAWlc,GACP,OAAOsS,OAAOtT,KAAK8I,eAAeoU,WAAWlc,IAMjD,YAAA4vB,MAAA,WACI,OAAOtd,OAAOtT,KAAK8I,eAAe8nB,SAStC,YAAAjL,cAAA,SAAcwJ,EAAeC,EAAgBC,GACzC,IAAIwB,EAAY/e,mBAAmBqd,GAAS,IAAMrd,mBAAmBsd,GAAU,WAC3EC,IAEAwB,GAAa,WADM7wB,KAAK8wB,wBAAwBzB,GACT,KAG3CvT,SAASsU,OAASS,GAOtB,YAAAvB,cAAA,SAAcH,GAGV,IAFA,IAAM1qB,EAAOqN,mBAAmBqd,GAAS,IACnC4B,EAAKjV,SAASsU,OAAOxoB,MAAM,KACxB3I,EAAI,EAAGA,EAAI8xB,EAAG3xB,OAAQH,IAAK,CAEhC,IADA,IAAIiC,EAAI6vB,EAAG9xB,GACY,MAAhBiC,EAAE8vB,OAAO,IACZ9vB,EAAIA,EAAEgN,UAAU,GAEpB,GAAwB,IAApBhN,EAAEP,QAAQ8D,GACV,OAAOwsB,mBAAmB/vB,EAAEgN,UAAUzJ,EAAKrF,OAAQ8B,EAAE9B,SAG7D,MAAO,IAOX,YAAA8vB,gBAAA,SAAgBC,GACZnvB,KAAK2lB,cAAcwJ,EAAO,IAAK,IAOnC,YAAA2B,wBAAA,SAAwBI,GACpB,IAAMC,EAAQ,IAAI7lB,KAElB,OADa,IAAIA,KAAK6lB,EAAMC,UAA6B,GAAjBF,EAAsB,GAAK,GAAK,KAC5D3lB,eAEpB,EA5GA,GAAa,EAAA8hB,kB,kFCPA,EAAAgE,iBAAmB,CAC5BC,gBAAiB,CACb7X,KAAM,mBACNxY,KAAM,uCAEVswB,oBAAqB,CACjB9X,KAAM,mBACNxY,KAAM,yCAOd,kBAKI,WAAYqV,EAAmB4D,GAA/B,MACI,YAAMA,IAAa,K,OACnB5b,OAAOC,eAAe,EAAM6e,EAAUjd,WAEtC,EAAKmW,UAAYA,EACjB,EAAK4D,aAAeA,EACpB,EAAKzV,KAAO,Y,EAUpB,OArB+B,iBAcpB,EAAA4Y,sBAAP,SAA6BmU,GACzB,OAAO,IAAIpU,EAAU,EAAAiU,iBAAiBC,gBAAgB7X,KAAS,EAAA4X,iBAAiBC,gBAAgBrwB,KAAI,KAAKuwB,IAGtG,EAAAd,0BAAP,SAAiCc,GAC7B,OAAO,IAAIpU,EAAU,EAAAiU,iBAAiBE,oBAAoB9X,KAAS,EAAA4X,iBAAiBE,oBAAoBtwB,KAAI,IAAIuwB,IAExH,EArBA,CAA+B9lB,OAAlB,EAAA0R,a,kFCdb,SAEA,SAEa,EAAA7D,uBAAyB,CAClCkY,wBAAyB,CACrBhY,KAAM,6BACNxY,KAAM,2EAEVuY,iBAAkB,CACdC,KAAM,qBACNxY,KAAM,4GAEVywB,kBAAmB,CACfjY,KAAM,sBACNxY,KAAM,kDAEV0wB,eAAgB,CACZlY,KAAM,mBACNxY,KAAM,4BAEV2wB,kBAAmB,CACfnY,KAAM,sBACNxY,KAAM,kBAEV4wB,mBAAoB,CAChBpY,KAAM,uBACNxY,KAAM,2CAEV6wB,mBAAoB,CAChBrY,KAAM,uBACNxY,KAAM,8EAEV8wB,0BAA2B,CACvBtY,KAAM,8BACNxY,KAAM,qFAEV+wB,mBAAoB,CAChBvY,KAAM,iBACNxY,KAAM,4BAEVgxB,cAAe,CACXxY,KAAM,iBACNxY,KAAM,uDAEVixB,uBAAwB,CACpBzY,KAAM,mBACNxY,KAAM,2FAEVkxB,sBAAuB,CACnB1Y,KAAM,oBACNxY,KAAM,wDAEVmxB,wBAAyB,CACrB3Y,KAAM,6BACNxY,KAAM,+GAEVoxB,4BAA6B,CACzB5Y,KAAM,kCACNxY,KAAM,iGAEVqxB,mBAAoB,CAChB7Y,KAAM,yBACNxY,KAAM,sFAEVsxB,iBAAkB,CACd9Y,KAAM,yBACNxY,KAAM,iFAEVuxB,mBAAoB,CAChB/Y,KAAM,uBACNxY,KAAM,qDAEVwxB,uBAAwB,CACpBhZ,KAAM,2BACNxY,KAAM,uEAEVyxB,gBAAiB,CACbjZ,KAAM,qBACNxY,KAAM,iEAEV0xB,iCAAkC,CAC9BlZ,KAAM,uBACNxY,KAAM,8CAOd,kBAEI,WAAYqV,EAAmB4D,GAA/B,MACI,YAAM5D,EAAW4D,IAAa,K,OAC9B,EAAKzV,KAAO,kBAEZnG,OAAOC,eAAe,EAAM8I,EAAgBlH,W,EA8GpD,OApHqC,iBAS1B,EAAAma,8BAAP,SAAqCsY,GACjC,IAAI1Y,EAAe,EAAAX,uBAAuBkY,wBAAwBxwB,KAIlE,OAHI2xB,IAAc,EAAAxtB,YAAYC,QAAQutB,KAClC1Y,GAAgB,aAAa0Y,GAE1B,IAAIvrB,EAAgB,EAAAkS,uBAAuBkY,wBAAwBhY,KAAMS,IAG7E,EAAAL,uBAAP,SAA8B+Y,GAC1B,IAAI1Y,EAAe,EAAAX,uBAAuBC,iBAAiBvY,KAI3D,OAHI2xB,IAAc,EAAAxtB,YAAYC,QAAQutB,KAClC1Y,GAAgB,aAAa0Y,GAE1B,IAAIvrB,EAAgB,EAAAkS,uBAAuBC,iBAAiBC,KAAMS,IAGtE,EAAA2Y,+BAAP,WACI,OAAO,IAAIxrB,EAAgB,EAAAkS,uBAAuBmY,kBAAkBjY,KAAM,EAAAF,uBAAuBmY,kBAAkBzwB,OAGhH,EAAAwkB,0BAAP,SAAiC5gB,GAC7B,OAAO,IAAIwC,EAAgB,EAAAkS,uBAAuBoY,eAAelY,KAC1D,EAAAF,uBAAuBoY,eAAe1wB,KAAI,iBAAiB4D,IAI/D,EAAA6gB,wBAAP,SAA+BoN,EAAsBC,GACjD,OAAO,IAAI1rB,EAAgB,EAAAkS,uBAAuBqY,kBAAkBnY,KAC7D,EAAAF,uBAAuBqY,kBAAkB3wB,KAAI,IAAI6xB,EAAY,sBAAsBC,EAAW,MAIlG,EAAAvN,yBAAP,SAAgCwN,EAAsBC,GAClD,OAAO,IAAI5rB,EAAgB,EAAAkS,uBAAuBsY,mBAAmBpY,KAC9D,EAAAF,uBAAuBsY,mBAAmB5wB,KAAI,IAAI+xB,EAAY,sBAAsBC,EAAW,MAGnG,EAAAhc,2BAAP,WACI,OAAO,IAAI5P,EAAgB,EAAAkS,uBAAuBuY,mBAAmBrY,KACjE,EAAAF,uBAAuBuY,mBAAmB7wB,OAG3C,EAAAiW,kCAAP,WACI,OAAO,IAAI7P,EAAgB,EAAAkS,uBAAuBwY,0BAA0BtY,KACxE,EAAAF,uBAAuBwY,0BAA0B9wB,OAGlD,EAAAiyB,yBAAP,WACI,OAAO,IAAI7rB,EAAgB,EAAAkS,uBAAuByY,mBAAmBvY,KACjE,EAAAF,uBAAuByY,mBAAmB/wB,OAG3C,EAAA+d,8BAAP,SAAqCmU,GACjC,OAAO,IAAI9rB,EAAgB,EAAAkS,uBAAuB0Y,cAAcxY,KACzD,EAAAF,uBAAuB0Y,cAAchxB,KAAI,IAAIkyB,EAAS,MAG1D,EAAA3b,6BAAP,WACI,OAAO,IAAInQ,EAAgB,EAAAkS,uBAAuB2Y,uBAAuBzY,KACrE,EAAAF,uBAAuB2Y,uBAAuBjxB,OAG/C,EAAAmyB,4BAAP,WACI,OAAO,IAAI/rB,EAAgB,EAAAkS,uBAAuB4Y,sBAAsB1Y,KACpE,EAAAF,uBAAuB4Y,sBAAsBlxB,OAG9C,EAAAqG,8BAAP,SAAqC+rB,GACjC,OAAO,IAAIhsB,EAAgB,EAAAkS,uBAAuB6Y,wBAAwB3Y,KACnE,EAAAF,uBAAuB6Y,wBAAwBnxB,KAAI,uBAAuBoyB,IAG9E,EAAAC,kCAAP,SAAyCD,GACrC,OAAO,IAAIhsB,EAAgB,EAAAkS,uBAAuB8Y,4BAA4B5Y,KACvE,EAAAF,uBAAuB8Y,4BAA4BpxB,KAAI,uBAAuBoyB,IAGlF,EAAArpB,8BAAP,SAAqCupB,GACjC,OAAO,IAAIlsB,EAAgB,EAAAkS,uBAAuB+Y,mBAAmB7Y,KAC9D,EAAAF,uBAAuB+Y,mBAAmBrxB,KAAI,wBAAwBsyB,IAG1E,EAAA/oB,0BAAP,SAAiCgpB,GAC7B,OAAO,IAAInsB,EAAgB,EAAAkS,uBAAuBgZ,iBAAiB9Y,KAC5D,EAAAF,uBAAuBgZ,iBAAiBtxB,KAAI,uBAAuBuyB,IAGvE,EAAAC,yBAAP,SAAgCC,GAC5B,OAAO,IAAIrsB,EAAgB,EAAAkS,uBAAuBiZ,mBAAmB/Y,KAC9D,EAAAF,uBAAuBiZ,mBAAmBvxB,KAAI,yBAAyByyB,IAG3E,EAAAte,kCAAP,WACI,OAAO,IAAI/N,EAAgB,EAAAkS,uBAAuBkZ,uBAAuBhZ,KACrE,EAAAF,uBAAuBkZ,uBAAuBxxB,OAG/C,EAAA0yB,sBAAP,SAA6B3yB,GACzB,IAAMkZ,EAAe,gBAAgBlZ,EAAG,KAAK,EAAAuY,uBAAuBmZ,gBAAgBzxB,KACpF,OAAO,IAAIoG,EAAgB,EAAAkS,uBAAuBmZ,gBAAgBjZ,KAC9DS,IAGD,EAAA0Z,4CAAP,WACI,OAAO,IAAIvsB,EAAgB,EAAAkS,uBAAuBoZ,iCAAiClZ,KAC/E,EAAAF,uBAAuBoZ,iCAAiC1xB,OAEpE,EApHA,CAAqC,EAAAmc,WAAxB,EAAA/V,mB,kFC1Fb,SAQa,EAAAyjB,gCAAoF,CAC7F+I,oBAAqB,CACjBpa,KAAM,gBACNxY,KAAM,uHAEV6yB,oBAAqB,CACjBra,KAAM,wBACNxY,KAAM,qDAEV8yB,uBAAwB,CACpBta,KAAM,wBACNxY,KAAM,iQAGV+yB,sBAAuB,CACnBva,KAAM,0BACNxY,KAAM,4KAGVwM,eAAgB,CACZgM,KAAM,kBACNxY,KAAM,kDAEVgzB,YAAa,CACTxa,KAAM,2BACNxY,KAAM,2CAEVizB,eAAgB,CACZza,KAAM,8BACNxY,KAAM,yCAEVkzB,cAAe,CACX1a,KAAM,uBACNxY,KAAM,+EAEV8pB,qBAAsB,CAClBtR,KAAM,yBACNxY,KAAM,qIAEVgqB,qBAAsB,CAClBxR,KAAM,yBACNxY,KAAM,kCAEViqB,wBAAyB,CACrBzR,KAAM,6BACNxY,KAAM,mCAEVmzB,+BAAgC,CAC5B3a,KAAM,mCACNxY,KAAM,sEAEVozB,mBAAoB,CAChB5a,KAAM,sBACNxY,KAAM,6JAEVqzB,2BAA4B,CACxB7a,KAAM,iCACNxY,KAAM,mDAEVszB,0BAA2B,CACvB9a,KAAM,gCACNxY,KAAM,kFAEVuzB,0BAA2B,CACvB/a,KAAM,+BACNxY,KAAM,oDAEVwzB,kBAAmB,CACfhb,KAAM,sBACNxY,KAAM,+BAEVyzB,0BAA2B,CACvBjb,KAAM,qCACNxY,KAAM,gDAEV0zB,qBAAsB,CAClBlb,KAAM,yBACNxY,KAAM,2DAEV2zB,eAAgB,CACZnb,KAAM,mBACNxY,KAAM,iDAEV4zB,8BAA+B,CAC3Bpb,KAAM,2BACNxY,KAAM,iIAOd,kBAEI,WAAYqV,EAAmB4D,GAA/B,MACI,YAAM5D,EAAW4D,IAAa,K,OAC9B,EAAKzV,KAAO,2BACZnG,OAAOC,eAAe,EAAMsI,EAAyB1G,W,EAgG7D,OArG8C,iBAQnC,EAAA0nB,8BAAP,WACI,OAAO,IAAIhhB,EAAyB,EAAAikB,gCAAgC+I,oBAAoBpa,KACpF,GAAG,EAAAqR,gCAAgC+I,oBAAoB5yB,OAGxD,EAAA0vB,+BAAP,SAAsCmE,GAClC,OAAO,IAAIjuB,EAAyB,EAAAikB,gCAAgCgJ,oBAAoBra,KACjF,EAAAqR,gCAAgCgJ,oBAAoB7yB,KAAI,oBAAoB6zB,IAGhF,EAAAC,mCAAP,WACI,OAAO,IAAIluB,EAAyB,EAAAikB,gCAAgCiJ,uBAAuBta,KAAM,EAAAqR,gCAAgCiJ,uBAAuB9yB,OAGrJ,EAAA2T,iCAAP,SAAwCogB,GACpC,OAAO,IAAInuB,EAAyB,EAAAikB,gCAAgCkJ,sBAAsBva,KACnF,EAAAqR,gCAAgCkJ,sBAAsB/yB,KAAI,uCAAuC+zB,IAGrG,EAAApnB,4BAAP,SAAmCqnB,GAC/B,OAAO,IAAIpuB,EAAyB,EAAAikB,gCAAgCmJ,YAAYxa,KACzE,EAAAqR,gCAAgCmJ,YAAYhzB,KAAI,iBAAiBg0B,EAAW,MAGhF,EAAAtnB,0BAAP,SAAiCsnB,GAC7B,OAAO,IAAIpuB,EAAyB,EAAAikB,gCAAgCoJ,eAAeza,KAC5E,EAAAqR,gCAAgCoJ,eAAejzB,KAAI,iBAAiBg0B,EAAW,MAGnF,EAAApnB,0BAAP,SAAiConB,GAC7B,OAAO,IAAIpuB,EAAyB,EAAAikB,gCAAgCrd,eAAegM,KAC5E,EAAAqR,gCAAgCrd,eAAexM,KAAI,iBAAiBg0B,IAGxE,EAAAC,yBAAP,SAAgChlB,GAC5B,OAAO,IAAIrJ,EAAyB,EAAAikB,gCAAgCqJ,cAAc1a,KAC3E,EAAAqR,gCAAgCqJ,cAAclzB,KAAI,iBAAiBiP,IAGvE,EAAApJ,gCAAP,SAAuCquB,GACnC,OAAO,IAAItuB,EAAyB,EAAAikB,gCAAgC0J,0BAA0B/a,KACvF,EAAAqR,gCAAgC0J,0BAA0BvzB,KAAI,iBAAiBk0B,IAGnF,EAAA3a,wBAAP,WACU,0DACN,OAAO,IAAI3T,EADH,EAAA4S,KAAM,EAAAxY,OAIX,EAAAm0B,gCAAP,WACI,OAAO,IAAIvuB,EAAyB,EAAAikB,gCAAgC4J,0BAA0Bjb,KAC1F,EAAAqR,gCAAgC4J,0BAA0BzzB,OAG3D,EAAAo0B,kCAAP,WACI,OAAO,IAAIxuB,EAAyB,EAAAikB,gCAAgCyJ,0BAA0B9a,KAC1F,EAAAqR,gCAAgCyJ,0BAA0BtzB,OAG3D,EAAAq0B,gCAAP,WACI,OAAO,IAAIzuB,EAAyB,EAAAikB,gCAAgCC,qBAAqBtR,KACrF,EAAAqR,gCAAgCC,qBAAqB9pB,OAGtD,EAAAgrB,8BAAP,SAAqCJ,GACjC,OAAO,IAAIhlB,EAAyB,EAAAikB,gCAAgCuJ,mBAAmB5a,KAChF,EAAAqR,gCAAgCuJ,mBAAmBpzB,KAAI,wBAAwB4qB,IAGnF,EAAAvD,2BAAP,SAAkC5V,GACxB,6DAAE+G,EAAA,EAAAA,KAAMxY,EAAA,EAAAA,KACRs0B,EAAe,CACjBpN,gBAAiB,SACjBC,mBAAoB,SACpBC,iBAAkB,YAQtB,OAAO,IAAIxhB,EAAyB4S,EAASxY,EAAI,mBAL7B3C,OAAOqT,KAAK4jB,GAC3B/F,QAAO,SAAC7d,EAAM3Q,GACX,OAAO0R,EAAO1R,GAAO2Q,EAAOA,EAAKtO,OAAO,CAAKrC,EAAG,KAAKu0B,EAAav0B,GAAI,QACvE,IAEyEiH,KAAK,OAGlF,EAAAwS,qBAAP,WACI,OAAO,IAAI5T,EAAyB,EAAAikB,gCAAgC8J,eAAenb,KAC/E,EAAAqR,gCAAgC8J,eAAe3zB,OAGhD,EAAA2rB,oCAAP,WACI,OAAO,IAAI/lB,EAAyB,EAAAikB,gCAAgC+J,8BAA8Bpb,KAAM,EAAAqR,gCAAgC+J,8BAA8B5zB,OAE9K,EArGA,CAA8C,EAAAoG,iBAAjC,EAAAR,4B,kFCpGb,SAEa,EAAA2uB,oCAAsC,CAC/CC,oBAAqB,CACjBhc,KAAM,wBAEVic,gBAAiB,CACbjc,KAAM,oBAEVkc,cAAe,CACXlc,KAAM,mBAOd,kBAEI,WAAYnD,EAAmB4D,GAA/B,MACI,YAAM5D,EAAW4D,IAAa,K,OAC9B,EAAKzV,KAAO,+BAEZnG,OAAOC,eAAe,EAAMgmB,EAA6BpkB,W,EAwBjE,OA9BkD,iBASvC,EAAAqkB,2BAAP,SAAkCoR,GAC9B,IAAMC,EAA2B,CAC7B,EAAAL,oCAAoCC,oBAAoBhc,KACxD,EAAA+b,oCAAoCE,gBAAgBjc,KACpD,EAAA+b,oCAAoCG,cAAclc,MAGtD,OAAOmc,GAAeC,EAAyBl1B,QAAQi1B,IAAgB,GAGpE,EAAAE,6BAAP,SAAoC3C,GAChC,OAAO,IAAI5O,EAA6B,EAAAiR,oCAAoCG,cAAclc,KAAM0Z,IAG7F,EAAA4C,mCAAP,SAA0C5C,GACtC,OAAO,IAAI5O,EAA6B,EAAAiR,oCAAoCC,oBAAoBhc,KAAM0Z,IAGnG,EAAA6C,+BAAP,SAAsC7C,GAClC,OAAO,IAAI5O,EAA6B,EAAAiR,oCAAoCE,gBAAgBjc,KAAM0Z,IAE1G,EA9BA,CAAkD,EAAA1O,aAArC,EAAAF,gC,kFCjBb,SAEa,EAAA0R,mBAAqB,CAC9BC,kBAAmB,CACfzc,KAAM,qBACNxY,KAAM,sCAEVk1B,mBAAoB,CAChB1c,KAAM,yBAOd,kBAEI,WAAYnD,EAAmB4D,GAA/B,MACI,YAAM5D,EAAW4D,IAAa,K,OAC9B,EAAKzV,KAAO,cAEZnG,OAAOC,eAAe,EAAMkmB,EAAYtkB,W,EAYhD,OAlBiC,iBAStB,EAAAi2B,6BAAP,WACI,OAAO,IAAI3R,EAAY,EAAAwR,mBAAmBC,kBAAkBzc,KACxD,EAAAwc,mBAAmBC,kBAAkBj1B,OAGtC,EAAAo1B,yBAAP,SAAgClD,GAC5B,OAAO,IAAI1O,EAAY,EAAAwR,mBAAmBE,mBAAmB1c,KACzD0Z,IAEZ,EAlBA,CAAiC,EAAA/V,WAApB,EAAAqH,e,qECVb,aAAS,EAAAgE,qBAAA,EAAAA,qBAAsB,EAAAlW,qBAAA,EAAAA,qBAAsB,EAAAE,sBAAA,EAAAA,sBAAuB,EAAAD,sBAAA,EAAAA,sBAC5E,YAAS,EAAAtJ,OAAA,EAAAA,OACT,YAAS,EAAAwB,SAAA,EAAAA,SACT,aAAS,EAAAlF,QAAA,EAAAA,QACT,YAAS,EAAAwI,UAAA,EAAAA,UAAW,EAAA8Q,oBAAA,EAAAA,oBACpB,aAAS,EAAAoL,UAAA,EAAAA,UACT,aAAS,EAAAoM,YAAA,EAAAA,YACT,aAAS,EAAAC,cAAA,EAAAA,cAAe,EAAAC,cAAA,EAAAA,cACxB,aAAS,EAAAC,yBAAA,EAAAA,yBACT,aAAS,EAAAC,aAAA,EAAAA,aACT,aAAS,EAAApxB,YAAA,EAAAA,YACT,aAAS,EAAAmD,SAAA,EAAAA,SACT,aAAS,EAAAuL,YAAA,EAAAA,YAGT,aAAS,EAAAoJ,UAAA,EAAAA,UACT,aAAS,EAAA/V,gBAAA,EAAAA,gBACT,aAAS,EAAAod,YAAA,EAAAA,YACT,aAAS,EAAA5d,yBAAA,EAAAA,yBACT,aAAS,EAAA0d,6BAAA,EAAAA,6BACT,aAAS,EAAApa,QAAA,EAAAA,S,mEC7BI,EAAA1F,KAAO,OACP,EAAA0F,QAAU,U,+ECkBXwsB,EASA3gB,E,SAxBZ,4BACA,SACA,SAEa,EAAA4gB,WAAa,CACtBpG,UAAW,EAAAqG,uBAAuB,aAClCC,eAAgB,EAAAD,uBAAuB,kBACvCE,OAAQ,EAAAF,uBAAuB,eAC/BG,UAAW,EAAAH,uBAAuB,aAClCI,QAAS,EAAAJ,uBAAuB,WAChCK,cAAe,EAAAL,uBAAuB,kBACtCM,eAAgB,EAAAN,uBAAuB,kBACvC7lB,WAAY,EAAA6lB,uBAAuB,eAGvC,SAAYF,GACR,sDACA,kDACA,gDACA,wCACA,kCACA,0BANJ,CAAYA,EAAA,EAAAA,WAAA,EAAAA,SAAQ,KASpB,SAAY3gB,GACR,8CACA,0CACA,wCACA,gCACA,0BACA,kBANJ,CAAYA,EAAA,EAAAA,uBAAA,EAAAA,qBAAoB,KAShC,IAAMohB,IAAuB,MACxBphB,EAAqB2E,oBAAqBgc,EAAShc,mBACpD,EAAC3E,EAAqBQ,mBAAoBmgB,EAASngB,kBACnD,EAACR,EAAqBqhB,sBAAuBV,EAASU,qBACtD,EAACrhB,EAAqBC,YAAa0gB,EAAS1gB,WAC5C,EAACD,EAAqBshB,eAAgBX,EAASW,cAC/C,EAACthB,EAAqByH,QAASkZ,EAASlZ,O,GAG5C,cAII,WAAY1S,EAAuBwsB,EAAqBC,GAAxD,MACI,YAAM,EAAAX,uBAAuB,aAAc9rB,EAAeysB,IAAmB,K,OACzEA,IACA,EAAKC,QAAUL,EAAwBI,GACvC,EAAKA,mBAAqBA,GAE9B,EAAKD,WAAaA,E,EAqD1B,OA/DsC,iBAalC,sBAAW,iCAAkB,C,IAA7B,SAA8BC,GAC1Bx3B,KAAK03B,MAAM,EAAAC,2BAA2BC,uBAAyBJ,G,gCAGnE,sBAAW,sBAAO,C,IAAlB,SAAmBC,GACfz3B,KAAK03B,MAAM,EAAAC,2BAA2BE,kBAAoBJ,G,gCAG9D,sBAAW,wBAAS,C,IAApB,SAAqBK,GACjB93B,KAAK03B,MAAM,EAAAd,WAAWpG,WAAa,EAAAuH,mBAAmBD,GAAKprB,e,gCAG/D,sBAAW,2BAAY,C,IAAvB,SAAwB4J,GACpBtW,KAAK03B,MAAM,EAAAd,WAAWO,gBAAkB7gB,G,gCAG5C,sBAAW,uBAAQ,C,IAAnB,SAAoBrQ,GAChBjG,KAAK03B,MAAM,EAAAd,WAAWI,WAAah3B,KAAKu3B,YAActxB,EAClD,EAAA+xB,uBAAuB/xB,GACrB,M,gCAGV,sBAAW,wBAAS,C,IAApB,SAAqBie,GACjBlkB,KAAK03B,MAAM,EAAAd,WAAWK,SAAWj3B,KAAKu3B,YAAcrT,EAChD,EAAA8T,uBAAuB9T,GACrB,M,gCAGV,sBAAW,4BAAa,C,IAIxB,WACI,OAAgD,IAAzClkB,KAAK03B,MAAM,EAAAd,WAAWM,gB,IALjC,SAAyBe,GACrBj4B,KAAK03B,MAAM,EAAAd,WAAWM,eAAiBe,G,gCAO3C,sBAAW,wBAAS,C,IAApB,SAAqBhnB,GACjBjR,KAAK03B,MAAM,EAAAd,WAAW5lB,YAAchR,KAAKu3B,YAActmB,EACnD,EAAA+mB,uBAAuB/mB,GACrB,M,gCAGV,sBAAW,4BAAa,C,IAAxB,SAAyBinB,GACrBl4B,KAAK03B,MAAM,EAAAd,WAAWE,gBAAkBoB,EAAcxrB,e,gCAG1D,sBAAW,yBAAU,C,IAArB,SAAsByrB,GAClBn4B,KAAK03B,MAAM,EAAAd,WAAWG,QAAUoB,EAAWzrB,e,gCAGnD,EA/DA,CAAsC,W,+FC1CtC,SACA,4BAEA,SAEA,cAEI,WAAY8b,EAA6Bzd,EAAuB3C,EAAkBgwB,GAAlF,MACI,YAAM,EAAAvB,uBAAuB,iBAAkB9rB,EAAe,iBAAe,K,OAC7E,EAAK2sB,MAAM,EAAAb,uBAAuB,cAAgBzuB,EAClD,EAAKsvB,MAAM,EAAAb,uBAAuB,gBAAkBrO,EAAS6P,IAC7D,EAAKX,MAAM,EAAAb,uBAAuB,gBAAkBrO,EAAS8P,WAC7D,EAAKZ,MAAM,EAAAb,uBAAuB,qBAAuBrO,EAASL,gBAClE,EAAKuP,MAAM,EAAAb,uBAAuB,wBAA0BrO,EAASJ,mBACrE,EAAKsP,MAAM,EAAAb,uBAAuB,+BAAiCrO,EAAS+P,oBAAsB/P,EAAS+P,mBAAmBC,gBAC9H,EAAKd,MAAM,GAAG,EAAAC,2BAA2Bc,+BAAmC,EAAKC,cAAc,EAAA7B,uBAAuB,YAAauB,GACnI,EAAKV,MAAM,GAAG,EAAAC,2BAA2BgB,iCAAqC,EAAKD,cAAc,EAAA7B,uBAAuB,cAAeuB,GACvI,EAAKV,MAAM,GAAG,EAAAC,2BAA2BiB,4BAAgC,EAAKF,cAAc,EAAA7B,uBAAuB,eAAgBuB,G,EAU3I,OAtB0C,iBAgB9B,YAAAM,cAAR,SAAsBtS,EAAmBgS,GACrC,OAAKA,EAAWhS,GAGTgS,EAAWhS,GAFP,GAInB,EAtBA,CAA0C,W,+FCL1C,4BACA,SACA,SAGa,EAAAwQ,WAAa,CACtBiC,UAAW,EAAAhC,uBAAuB,aAClCiC,WAAY,EAAAjC,uBAAuB,cACnCkC,iBAAkB,EAAAlC,uBAAuB,oBACzCmC,YAAa,EAAAnC,uBAAuB,eACpCoC,cAAe,EAAApC,uBAAuB,iBACtCqC,kBAAmB,EAAArC,uBAAuB,oBAC1CsC,YAAa,EAAAtC,uBAAuB,eACpCuC,kBAAmB,EAAAvC,uBAAuB,qBAC1CwC,SAAU,EAAAxC,uBAAuB,YACjCyC,kBAAmB,EAAAzC,uBAAuB,qBAC1C0C,sBAAuB,EAAA1C,uBAAuB,yBAC9C2C,IAAK,EAAA3C,uBAAuB,QAGhC,kBAEI,WAAY9rB,EAAuB0uB,G,OAC/B,YAAM,EAAA5C,uBAAuB,cAAe9rB,EAAe0uB,IAAW,KAwD9E,OA3DuC,iBAMnC,sBAAW,kBAAG,C,IAAd,SAAe9Q,GACX,IAAM+Q,EAAc,EAAA3B,mBAAmBpP,GACvC3oB,KAAK03B,MAAM,EAAAd,WAAW4C,KAAOE,GAAeA,EAAYhtB,e,gCAG5D,sBAAW,uBAAQ,C,IAAnB,SAAoBitB,GAChB35B,KAAK03B,MAAM,EAAAd,WAAWiC,WAAa,EAAAd,mBAAmB4B,GAAUjtB,e,gCAGpE,sBAAW,wBAAS,C,IAApB,SAAqBktB,GACjB55B,KAAK03B,MAAM,EAAAd,WAAWkC,YAAcc,G,gCAGxC,sBAAW,0BAAW,C,IAAtB,SAAuBC,GACnB75B,KAAK03B,MAAM,EAAAd,WAAWmC,kBAAoB,EAAA3oB,wBAAwBM,8BAA8BmpB,I,gCAGpG,sBAAW,yBAAU,C,IAArB,SAAsBC,GAClB95B,KAAK03B,MAAM,EAAAd,WAAWoC,aAAec,EAAWptB,e,gCAGpD,sBAAW,iCAAkB,C,IAA7B,SAA8B0c,GAC1BppB,KAAK03B,MAAM,EAAAd,WAAWqC,eAAiB7P,G,gCAG3C,sBAAW,6BAAc,C,IAAzB,SAA0B9S,GACtBtW,KAAK03B,MAAM,EAAAd,WAAWsC,mBAAqB5iB,G,gCAG/C,sBAAW,yBAAU,C,IAArB,SAAsBgV,GAClBtrB,KAAK03B,MAAM,EAAAd,WAAWuC,aAAe7N,G,gCAGzC,sBAAW,8BAAe,C,IAA1B,SAA2ByO,GACvB/5B,KAAK03B,MAAM,EAAAd,WAAWwC,mBAAqBW,G,gCAQ/C,sBAAW,sBAAO,C,IAAlB,SAAmBC,GACfh6B,KAAK03B,MAAM,EAAAd,WAAWyC,UAAYW,G,gCAGtC,sBAAW,8BAAe,C,IAA1B,SAA2B1jB,GACvBtW,KAAK03B,MAAM,EAAAd,WAAW0C,mBAAqBhjB,G,gCAG/C,sBAAW,iCAAkB,C,IAA7B,SAA8B2jB,GAC1Bj6B,KAAK03B,MAAM,EAAAd,WAAW2C,uBAAyBU,G,gCAEvD,EA3DA,CAAuC,W,gFCpB1B,EAAAC,kBAAoB,QACpB,EAAAC,eAAiB,aACjB,EAAAC,eAAiB,aACjB,EAAAC,iBAAoB,eAEpB,EAAA1C,2BAA8B,CACvC2C,6BAA8B,gCAC9B1C,sBAAuB,oBACvBC,iBAAkB,cAClB0C,qBAAsB,4BACtB3B,2BAA4B,mCAC5BD,gCAAiC,kCACjC6B,eAAgB,qBAChBC,0BAA2B,GAC3BC,wBAAyB,+BACzBC,wBAAyB,+BACzBC,oBAAqB,2BACrBnC,8BAA+B,iCAItB,EAAAoC,mBAAqB,Y,kFCrBlC,SAMA,SACA,SAEA,aAQI,WAAYzU,EAAmBrb,EAAuB0uB,G,MAClDz5B,KAAK86B,QAAU,EAAAx1B,YAAYmK,gBAC3BzP,KAAK6C,MAAQ42B,EACbz5B,KAAK03B,QAAK,MACL,EAAAb,uBAAuB,EAAAsD,iBAAkB/T,EAC1C,EAAC,EAAAyQ,uBAAuB,EAAAwD,oBAAqB,EAC7C,EAAC,GAAG,EAAA1C,2BAA2B2C,8BAAiCvvB,E,GAwD5E,OApDY,YAAAgwB,eAAR,SAAuBC,GACnBh7B,KAAK03B,MAAM,EAAAb,uBAAuB,EAAAwD,mBAAqBW,GAGpD,YAAAC,KAAP,WAEIj7B,KAAK+6B,gBAAgBzvB,KAAK4vB,OAASl7B,KAAKm7B,gBAExC,EAAAC,iCAAiCp7B,KAAKq7B,YAAar7B,KAAKs7B,cAAet7B,KAAKu7B,cAGzE,YAAAC,MAAP,WACIx7B,KAAKm7B,eAAiB7vB,KAAK4vB,MAC3Bl7B,KAAK03B,MAAM,EAAAb,uBAAuB,EAAAuD,iBAAmBp6B,KAAKm7B,eAE1D,EAAAM,mCAAmCz7B,KAAKs7B,gBAG5C,sBAAW,qCAAsB,C,IAAjC,WACI,OAAOt7B,KAAK03B,MAAM,GAAG,EAAAC,2BAA2B2C,+B,IAGpD,SAAkCj7B,GAC9BW,KAAK03B,MAAM,GAAG,EAAAC,2BAA2B2C,8BAAkCj7B,G,gCAG/E,sBAAW,wBAAS,C,IAApB,WACI,OAAOW,KAAK03B,MAAM,EAAAb,uBAAuB,EAAAsD,kB,gCAGtC,YAAAlT,IAAP,WACI,OAAO,EAAP,YACOjnB,KAAK03B,MAAK,CACboD,QAAS96B,KAAK86B,WAItB,sBAAW,kBAAG,C,IAAd,WACI,OAAU96B,KAAK07B,uBAAsB,IAAI17B,KAAK86B,QAAO,IAAI96B,KAAKomB,W,gCAGlE,sBAAW,0BAAW,C,IAAtB,WACI,MAAO,QAAQpmB,KAAK6C,MAAK,IAAI7C,KAAK07B,wB,gCAGtC,sBAAY,4BAAa,C,IAAzB,WACI,MAAO,SAAS17B,KAAKgB,K,gCAGzB,sBAAY,0BAAW,C,IAAvB,WACI,MAAO,OAAOhB,KAAKgB,K,gCAE3B,EAtEA,G,+FCCA,4BACA,QACA,4BAEA,4BACA,SAEA,aAgBI,WAAY0R,EAAyB2V,EAAoCpf,GAbjE,KAAA0yB,gBAAmC,GAEnC,KAAAC,iBAAqC,GAErC,KAAAC,0BAAuD,GAGvD,KAAAC,0BAAoC,EAQxC97B,KAAK+7B,kBAAoB,EAAH,UAClB1D,IAAK,EAAArqB,UAAUguB,YACf1D,WAAY,UACZC,mBAAoB,CAEhBC,gBAAsC,oBAAdyD,WAA6BA,UAAUC,YAAcD,UAAUC,WAAWC,gBAEnGzpB,EAAO8V,UAEdxoB,KAAKoI,SAAWsK,EAAOtK,SACvBpI,KAAK87B,yBAA2BppB,EAAOopB,yBAMvC97B,KAAKqoB,iBAAmBA,EACxBroB,KAAKiJ,OAASA,EAqItB,OAlIW,EAAAif,wBAAP,SAA+B9f,EAAkBa,GAa7C,OAAO,IAAIjJ,KALqC,CAC5CwoB,SALyC,CACzCL,gBAJoB,YAKpBC,mBAJuB,OAQvBhgB,SAAUA,IAPW,cAUiCa,IAG9D,YAAAmzB,WAAA,SAAW1E,GACP13B,KAAKiJ,OAAOgD,QAAQ,4BAA4ByrB,EAAM12B,KAEjDhB,KAAKqoB,mBAIVqP,EAAM8D,QACNx7B,KAAK47B,iBAAiBlE,EAAM12B,KAAO02B,IAGvC,YAAAhM,UAAA,SAAUgM,GAGN,GAFA13B,KAAKiJ,OAAOgD,QAAQ,4BAA4ByrB,EAAM12B,KAEjDhB,KAAKqoB,kBAAqBroB,KAAK47B,iBAAiBlE,EAAM12B,KAA3D,CAGA02B,EAAMuD,OACNj7B,KAAKq8B,oBAAoB3E,GAEzB,IAAMiE,EAAkB37B,KAAK27B,gBAAgBjE,EAAMgE,wBAEnD17B,KAAK27B,gBAAgBjE,EAAMgE,yBAA+BC,GAAmB,IAAG,QAAEjE,WAE3E13B,KAAK47B,iBAAiBlE,EAAM12B,OAGvC,YAAAs7B,MAAA,SAAMvxB,GAAN,WAII,GAHA/K,KAAKiJ,OAAOgD,QAAQ,8BAA8BlB,GAG7C/K,KAAKqoB,kBAAqBroB,KAAK27B,gBAAgB5wB,GAApD,CAIA,IAAMwxB,EAAiBv8B,KAAKw8B,kBAAkBzxB,GAC9CwxB,EAAe3qB,SAAQ,SAAA8lB,GAAS,SAAK2E,oBAAoB3E,MACzD,IAAM+E,EACCz8B,KAAK27B,gBAAgB5wB,GAAc,OACnCwxB,UAGAv8B,KAAK27B,gBAAgB5wB,GAC5B,IAAM2xB,EAAiC18B,KAAK67B,0BAA0B9wB,GAKtE,UAHO/K,KAAK67B,0BAA0B9wB,GAGjC0xB,GAAkBA,EAAcr9B,OAArC,CAIA,IAAMu9B,EAA6B,IAAI,UACnC38B,KAAK+7B,kBACLhxB,EACA/K,KAAKoI,SACLs0B,GAGEE,EAA8BH,EAAa,QAAEE,IAEnD38B,KAAKqoB,iBAAiBuU,EAAuB3vB,KAAI,SAAAvN,GAAK,OAAAA,EAAEunB,aAG5D,YAAAlR,uBAAA,SAAuBhL,EAAuBysB,GAC1C,IAAM1hB,EAAW,IAAI,UAAS/K,EAAe/K,KAAKiJ,OAAOmD,sBAAuBorB,GAEhF,OADAx3B,KAAKo8B,WAAWtmB,GACTA,GAGX,YAAAK,qBAAA,SAAqBpL,EAAuB+K,EAAoBmiB,EAAwB3hB,GACpFR,EAASmiB,cAAgBA,EACrB3hB,IACAR,EAAS+mB,aAAevmB,GAE5BtW,KAAK0rB,UAAU5V,GACf9V,KAAKs8B,MAAMvxB,IAGf,YAAAygB,wBAAA,SAAwBsR,EAAqBxR,EAAoB3C,EAAa8Q,GAC1E,IAAMlO,EAAY,IAAI,UAAUuR,EAAarD,GAI7C,OAHAlO,EAAU5C,IAAMA,EAChB4C,EAAUD,WAAaA,EACvBtrB,KAAKo8B,WAAW7Q,GACTA,GAGH,YAAA8Q,oBAAR,SAA4B3E,G,MAKlBtR,EAAYsR,EAAMtR,UAClBgS,EAAap4B,KAAK67B,0BAA0BnE,EAAMgE,wBACnDtD,EAKDA,EAAWhS,GAAagS,EAAWhS,GAAagS,EAAWhS,GAAa,EAAI,EAJ5EpmB,KAAK67B,0BAA0BnE,EAAMgE,0BAAuB,MACvDtV,GAAY,E,IAOjB,YAAAoW,kBAAR,SAA0BzxB,GAA1B,WACI,OAAOzM,OAAOqT,KAAK3R,KAAK47B,kBACnBpM,QAAO,SAACuN,EAAMC,GACX,IAAyC,IAArCA,EAASr8B,QAAQoK,GAAuB,CACxC,IAAM2sB,EAAQ,EAAKkE,iBAAiBoB,GAEpC,cADO,EAAKpB,iBAAiBoB,GAClBD,EAAI,QAAErF,IAErB,OAAOqF,IACR,KAEf,EAxKA,G,kFCjBA,aACA,SACA,SACA,SAEa,EAAAhF,mBAAqB,SAACD,GAE/B,IAAMnP,EAAM,EAAAlgB,SAASiX,iBAAiBoY,GAGtC,GAAI,EAAA5N,UAAUL,OAAOiO,GAMjB,OAAOA,EAGX,IAAMmF,EAAatU,EAAIqB,aAEvB,GAAIiT,GAAcA,EAAW79B,QAAU,EAAG,CACtC,IAAM89B,EAAoC,QAAnBD,EAAW,GAAgB,EAAI,EAClDC,EAAiBD,EAAW79B,SAC5B69B,EAAWC,GAAkB,EAAArC,oBAIrC,OAAWlS,EAAIqC,SAAQ,KAAKrC,EAAIvH,gBAAe,IAAI6b,EAAWh1B,KAAK,MAG1D,EAAA+vB,uBAAyB,SAACmF,GAMnC,OAAO,EAAA73B,YAAYC,aAAa43B,IAGvB,EAAAtG,uBAAyB,SAACuG,GAA2B,SAAG,EAAAlD,mBAAoBkD,GAAU,KAEtF,EAAAC,2BAA6B,WAAe,SACnC,oBAAX/pB,QACH,gBAAiBA,QACjBA,OAAOgqB,YAAYC,MACnBjqB,OAAOgqB,YAAYE,UAGd,EAAApC,iCAAmC,SAACqC,EAAqBC,EAAmBC,GACjF,EAAAN,+BACA/pB,OAAOgqB,YAAYC,KAAKI,GACxBrqB,OAAOgqB,YAAYE,QAAQC,EAAaC,EAAWC,GAEnDrqB,OAAOgqB,YAAYM,cAAcH,GACjCnqB,OAAOgqB,YAAYO,WAAWH,GAC9BpqB,OAAOgqB,YAAYO,WAAWF,KAIzB,EAAAlC,mCAAqC,SAACiC,GAC3C,EAAAL,8BACA/pB,OAAOgqB,YAAYC,KAAKG,K,oEC7DhC,YACA,SAKA,2BAsBA,OArBW,EAAA5b,6BAAP,SAAoC/D,EAA8CtR,GAC9E,OAAOsR,EAAgB1Q,QAAO,SAACywB,GAC3B,IAAMxxB,EAAewxB,EAAU98B,IAAIoF,OAAOwB,MAAM,KAC1Cm2B,EAAe,EAAAzuB,SAASH,oBAAoB1C,GAGlD,OAA+B,IAAxBsxB,EAAa3+B,OAAe,EAAAkQ,SAAS3C,cAAcL,EAAcG,GAAgB,EAAA6C,SAAS3C,cAAcL,EAAcyxB,OAK9H,EAAA1c,iCAAP,SAAwCtD,EAA8C/W,GAClF,OAAO+W,EAAgB1Q,QAAO,SAACywB,GAAoC,SAAAr1B,SAASwf,gBAAgB6V,EAAU98B,IAAIgG,aAAeA,MAGtH,EAAAma,8BAAP,SAAqCpD,EAA8CigB,GAC/E,OAAOjgB,EAAgB1Q,QAAO,SAAAywB,GAE1B,OADwB,EAAAr1B,SAASiX,iBAAiBoe,EAAU98B,IAAIgG,WAAWoa,kBAChD4c,MAGvC,EAtBA,GAAa,EAAA9c,kB,kECHb,IAuHYpQ,EAvHZ,2BAiDA,OAhDI,sBAAW,gBAAW,C,IAAtB,WAAmC,MAAO,W,gCAC1C,sBAAW,WAAM,C,IAAjB,WAA8B,MAAO,U,gCACrC,sBAAW,aAAQ,C,IAAnB,WAAgC,MAAO,Y,gCAEvC,sBAAW,gBAAW,C,IAAtB,WAAmC,MAAO,gB,gCAC1C,sBAAW,gBAAW,C,IAAtB,WAAmC,MAAO,Q,gCAC1C,sBAAW,WAAM,C,IAAjB,WAA8B,MAAO,U,gCAErC,sBAAW,eAAU,C,IAArB,WAAkC,MAAO,c,gCACzC,sBAAW,QAAG,C,IAAd,WAA2B,MAAO,O,gCAClC,sBAAW,gBAAW,C,IAAtB,WAAmC,MAAO,e,gCAE1C,sBAAW,0BAAqB,C,IAAhC,WAA6C,MAAO,0B,gCACpD,sBAAW,gBAAW,C,IAAtB,WAAmC,MAAO,gB,gCAC1C,sBAAW,WAAM,C,IAAjB,WAA8B,MAAO,U,gCAErC,sBAAW,2BAAsB,C,IAAjC,WAA8C,MAAO,2B,gCACrD,sBAAW,sBAAiB,C,IAA5B,WAAyC,MAAO,K,gCAChD,sBAAW,mBAAc,C,IAAzB,WAAsC,MAAO,K,gCAG7C,sBAAW,eAAU,C,IAArB,WAAkC,OAAO9Q,KAAKi+B,a,IAC9C,SAAsBriB,GAClB5b,KAAKi+B,YAAcriB,G,gCAGvB,sBAAW,gBAAW,C,IAAtB,WAAmC,OAAO5b,KAAKk+B,c,IAC/C,SAAuBjiB,GACnBjc,KAAKk+B,aAAejiB,G,gCAGxB,sBAAW,UAAK,C,IAAhB,WAA6B,MAAO,S,gCACpC,sBAAW,eAAU,C,IAArB,WAAkC,MAAO,e,gCACzC,sBAAW,YAAO,C,IAAlB,WAA+B,MAAO,W,gCAEtC,sBAAW,SAAI,C,IAAf,WAA4B,MAAO,Q,gCAEnC,sBAAW,0BAAqB,C,IAAhC,WAA6C,MAAO,yB,gCAEpD,sBAAW,WAAM,C,IAAjB,WAA8B,MAAO,U,gCACrC,sBAAW,gBAAW,C,IAAtB,WAAmC,MAAO,U,gCAC1C,sBAAW,iBAAY,C,IAAvB,WAAoC,MAAO,W,gCAC3C,sBAAW,eAAU,C,IAArB,WAAyC,MAAO,CAACjc,KAAK2O,YAAa3O,KAAK4O,e,gCAExE,sBAAW,4BAAuB,C,IAAlC,WAAwD,MAAO,uB,gCAC/D,sBAAW,yBAAoB,C,IAA/B,WAAqD,MAAO,oB,gCAC5D,sBAAW,0BAAqB,C,IAAhC,WAAsD,MAAO,qB,gCAC7D,sBAAW,eAAU,C,IAArB,WAAkC,MAAO,c,gCA3B1B,EAAAqvB,YAAsB,IAKtB,EAAAC,aAAuB,IAuB1C,EAjDA,GAAa,EAAAlwB,YAmDA,EAAAsf,gBAAkB,iBAK/B,SAAYxO,GACR,gBACA,gBACA,gBACA,wCACA,8BACA,sBACA,0BACA,gCACA,4BATJ,CAAY,EAAAA,sBAAA,EAAAA,oBAAmB,KAmBlB,EAAA7M,cAAgB,CACzBC,SAAU,WACVG,MAAO,QACPD,eAAgB,kBAOpB,SAAYyE,GACR,wBACA,8CACA,gCACA,4BACA,uCACA,4BACA,gCACA,gCACA,oCACA,qBACA,0CACA,sCAZJ,CAAY,EAAAA,qBAAA,EAAAA,mBAAkB,KAe9B,SAAY8N,GACR,oBACA,4BAFJ,CAAY,EAAAA,sBAAA,EAAAA,oBAAmB,KAK/B,SAAYjL,GACR,4BACA,gBACA,iCAHJ,CAAY,EAAAA,iBAAA,EAAAA,eAAc,KAMb,EAAAykB,kBAA4B,4CAC5B,EAAAlR,gCAA6C,EAAAkR,kBAAiB,8DAC9D,EAAAvT,kBAA4B,mCAMzC,SAAY9Z,GACR,oBACA,YACA,0BACA,gCACA,wBACA,sBACA,iCACA,yCARJ,CAAYA,EAAA,EAAAA,WAAA,EAAAA,SAAQ,KAcP,EAAAstB,oBAAsB,CAC/BttB,EAASC,IACTD,EAASE,YAKA,EAAAsY,mBAAqB,CAC9BC,IAAK,MACL8U,KAAM,QASG,EAAA9sB,YAAc,CACvB+sB,MAAO,QACPC,eAAgB,iBAChBC,QAAS,UACThtB,KAAM,QAMG,EAAA8Q,YAAc,CACvBK,eAAgB,mBAChBJ,YAAa,mB,mECpKjB,+BA6JA,OAvJW,EAAA9S,cAAP,WAwBI,IAAMgvB,EAAoBnrB,OAAOorB,OACjC,GAAID,GAAaA,EAAUE,gBAAiB,CACxC,IAAMC,EAAqB,IAAIC,WAAW,IAW1C,OAVAJ,EAAUE,gBAAgBC,GAG1BA,EAAO,IAAM,GACbA,EAAO,IAAM,GAGbA,EAAO,IAAM,IACbA,EAAO,IAAM,IAENt5B,EAAYw5B,aAAaF,EAAO,IAAMt5B,EAAYw5B,aAAaF,EAAO,IACvEt5B,EAAYw5B,aAAaF,EAAO,IAAMt5B,EAAYw5B,aAAaF,EAAO,IACtE,IAAMt5B,EAAYw5B,aAAaF,EAAO,IAAMt5B,EAAYw5B,aAAaF,EAAO,IAC5E,IAAMt5B,EAAYw5B,aAAaF,EAAO,IAAMt5B,EAAYw5B,aAAaF,EAAO,IAC5E,IAAMt5B,EAAYw5B,aAAaF,EAAO,IAAMt5B,EAAYw5B,aAAaF,EAAO,IAC5E,IAAMt5B,EAAYw5B,aAAaF,EAAO,KAAOt5B,EAAYw5B,aAAaF,EAAO,KAC7Et5B,EAAYw5B,aAAaF,EAAO,KAAOt5B,EAAYw5B,aAAaF,EAAO,KACvEt5B,EAAYw5B,aAAaF,EAAO,KAAOt5B,EAAYw5B,aAAaF,EAAO,KAO7E,IAJA,IAAMG,EAAqB,uCACrBC,EAAc,mBAChBv/B,EAAY,EACZw/B,EAAuB,GAClBhgC,EAAY,EAAGA,EAAI,GAAIA,IACN,MAAlB8/B,EAAW9/B,IAAgC,MAAlB8/B,EAAW9/B,KAEpCQ,EAAoB,GAAhBy/B,KAAKC,SAAgB,GAEP,MAAlBJ,EAAW9/B,GACXggC,GAAgBD,EAAIv/B,GACK,MAAlBs/B,EAAW9/B,IAElBQ,GAAK,EAELw/B,GAAgBD,EADhBv/B,GAAK,IAGLw/B,GAAgBF,EAAW9/B,GAGnC,OAAOggC,GAQR,EAAAG,OAAP,SAAcC,GAEV,MADkB,6EACDC,KAAKD,IAQnB,EAAAP,aAAP,SAAoBS,GAEhB,IADA,IAAIP,EAAcO,EAAI1yB,SAAS,IACxBmyB,EAAI5/B,OAAS,GAChB4/B,EAAM,IAAMA,EAEhB,OAAOA,GAUJ,EAAAz5B,aAAP,SAAoBi6B,GAChB,OAAOC,KAAK3tB,mBAAmB0tB,GAAOhV,QAAQ,mBAC1C,SAAsBgE,EAAOkR,GACzB,OAAOC,OAAOC,aAAa3d,OAAO,KAAOyd,SAS9C,EAAAx4B,aAAP,SAAoBs4B,GAChB,IAAIK,EAAgBL,EAAMhV,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAC3D,OAAQqV,EAAczgC,OAAS,GAC3B,KAAK,EACD,MACJ,KAAK,EACDygC,GAAiB,KACjB,MACJ,KAAK,EACDA,GAAiB,IACjB,MACJ,QACI,MAAM,IAAIn0B,MAAM,yBAGxB,OAAOulB,mBAAmB6O,KAAKD,GAAej4B,MAAM,IAAIqF,KAAI,SAAU/L,GAClE,MAAO,KAAO,KAAOA,EAAE6+B,WAAW,GAAGlzB,SAAS,KAAK7E,OAAO,MAC3DC,KAAK,MAQL,EAAA+3B,YAAP,SAAmBC,GACf,IAAIzR,EACE0R,EAAK,MACLC,EAAS,oBACTC,EAAS,SAAC5/B,GAAc,OAAAywB,mBAAmBzwB,EAAEgqB,QAAQ0V,EAAI,OACzDG,EAAU,GAEhB,IADA7R,EAAQ2R,EAAOG,KAAKL,GACbzR,GACH6R,EAAID,EAAO5R,EAAM,KAAO4R,EAAO5R,EAAM,IACrCA,EAAQ2R,EAAOG,KAAKL,GAExB,OAAOI,GAGf,EA7JA,GAAa,EAAA/6B,e,iFCFb,QACA,SACA,QAEA,SACA,SACA,QACA,SAWA,2BA4LA,OAhLW,EAAAoQ,gBAAP,SAAuBjP,EAAmCgQ,EAAsBrO,EAAkB6M,GAG9F,IAAIwB,IAAgBhQ,EAChB,MAAM,EAAAI,yBAAyB2T,0BAGnC,IAAIpU,EACAqK,EAEDhK,IAECL,EAASqQ,EAAc,EAAAnH,SAASnB,aAAa1H,EAAQL,OAAQK,EAAQ85B,sBAAwB95B,EAAQL,OACrG,EAAAkJ,SAAS9B,mBAAmBpH,GAASqQ,GACrCrQ,EAAS,EAAAkJ,SAASF,+BAA+BhJ,EAAQgC,GAGzDpI,KAAKwgC,wBAAwB/5B,EAAQwJ,QAGrCQ,EAAuBzQ,KAAKygC,qBAAqBh6B,EAAQgK,qBAAsBhK,EAAQC,eAGvF1G,KAAK0gC,sBAAsBj6B,EAAQC,gBAIvC,IAAMX,EAAQ/F,KAAK2gC,yBAAyBl6B,GAAWA,EAAQV,MAAOkP,GAChElK,EAAgB/K,KAAK4gC,iCAAiCn6B,GAAWA,EAAQsE,eAU/E,OARsB,cACftE,EAAO,CACVgK,qBAAoB,EACpBrK,OAAM,EACNL,MAAK,EACLgF,cAAa,KAYd,EAAAy1B,wBAAP,SAAgCvwB,GAC5B,GAAGA,GACK,CAAC,EAAAsB,YAAY+sB,MAAO,EAAA/sB,YAAYgtB,eAAgB,EAAAhtB,YAAYitB,QAAS,EAAAjtB,YAAYC,MAAM7Q,QAAQsP,GAAU,EACzG,MAAM,EAAApJ,yBAAyBquB,yBAAyBjlB,IAW7D,EAAAwwB,qBAAP,SAA4BhwB,EAAkC/J,GAC1D,IAAM8J,EAAQ,cAAqBC,GACnC,OAAKD,GAGD9J,UAEO8J,EAAS,EAAAxC,UAAUtI,QAE9B,EAAA04B,oBAAoBxsB,SAAQ,SAAAivB,GACpBrwB,EAASqwB,WAEFrwB,EAASqwB,MAIjBrwB,GAbI,MAuBR,EAAAkwB,sBAAP,SAA6Bh6B,GACzB,GAAKA,EAGL,IACIC,KAAKC,MAAMF,GACb,MAAOhH,GACL,MAAM,EAAAmH,yBAAyBC,gCAAgCpH,KAWhE,EAAAihC,yBAAP,SAAgCG,EAAmB7rB,GAC/C,OAAQ,EAAA7P,YAAYC,QAAQy7B,GAAiHrrB,EAAasrB,qBAAqB9rB,GAAtI,GAAGQ,EAAasrB,qBAAqB9rB,GAAmB,EAAAjH,UAAUC,kBAAoB6yB,GAQ5H,EAAAC,qBAAP,SAA4B9rB,GACxB,IAAM+rB,EAAkC,CACpCjS,GAAI,EAAAzpB,YAAYmK,gBAChB0Q,GAAI,EAAAsD,UAAUyX,MACd9mB,OAAQa,GAGNgsB,EAAct6B,KAAKe,UAAUs5B,GAEnC,OAAO,EAAA17B,YAAYC,aAAa07B,IAS7B,EAAAhhB,kBAAP,SAAyBla,GACrB,IAAMm7B,EAAejQ,mBAAmBlrB,GAAO6B,MAAM,EAAAoG,UAAUC,mBAAmB,GAElF,GAAI,EAAA3I,YAAY85B,OAAO8B,GAEnB,MAAO,CACHnS,GAAImS,EACJ/gB,GAAI,EAAAsD,UAAUyX,MACd9mB,OAAQ,EAAApG,UAAUqG,yBAI1B,IACI,IAAM4sB,EAAc,EAAA37B,YAAY4B,aAAag6B,GAI7C,OAFoBv6B,KAAKC,MAAMq6B,GAGjC,MAAOvhC,GACL,MAAM,EAAA2H,gBAAgBqe,wBAAwB3f,EAAO,QAUtD,EAAA66B,iCAAP,SAAwC71B,GAEpC,GAAGA,IAAkB,EAAAzF,YAAY85B,OAAOr0B,GACpC,MAAM,EAAAlE,yBAAyBuuB,kCAEnC,OAAO,EAAA9vB,YAAY85B,OAAOr0B,GAAgBA,EAAgB,EAAAzF,YAAYmK,iBAOnE,EAAAmL,uBAAP,SAA8BnU,GAC1B,MAAO,GAAGA,EAAQL,OAAO6B,KAAK,KAAKyE,cAAgB,EAAAsB,UAAUC,kBAAoBxH,EAAQO,WAEjG,EA5LA,GAAa,EAAAyO,gB,kFChBb,QAWA,2BA8CA,OA5CW,EAAAoP,mBAAP,SAA0Bsc,EAAgCje,GACtD,IAAKie,EACD,OAAO,KACJ,IAAKje,EACR,OAAOie,EAGX,IAAMC,EAAMnf,OAAOiB,EAAW7Y,YAK9B,OAJI+2B,IAAQD,EAAiB96B,YACzB86B,EAAiB96B,UAAY,IAAIiF,KAAW,IAAN81B,IAGnC,EAAP,YACOD,EAAgB,CACnBt8B,QAASqe,EACTxe,cAAewe,EAAWxd,OAC1BM,SAAUkd,EAAWle,UAAYke,EAAWje,QAC5CgB,SAAUid,EAAWjd,YAItB,EAAA2a,kBAAP,SAAyB/b,EAAkB4b,EAA4BnI,EAAsDhS,EAAkBF,EAAuBG,GAClK,OAAO+R,EAA4B/I,cAC/B,KAAK,EAAA0C,cAAcC,SACf,IAAIiR,EAAe,cACZ1C,EAAY,CACfva,UAAW,EAAA4Y,oBAAoB3N,SAC/B7K,QAASA,EACTF,OAAQA,EACRG,aAAcA,IAIlB,OADA4c,EAAkBxC,EAAckE,mBAAmB1B,EAAiBte,IACrC,QAAIse,EAAkB,KACzD,KAAK,EAAAlR,cAAcG,eACf,IAAMivB,EAAsB1gB,EAAckE,mBAAmBpE,EAAc5b,GAC3E,OAAQw8B,GAAuBA,EAAoBl7B,aAAek7B,EAAoBx8B,QAAWw8B,EAAsB,KAC3H,KAAK,EAAApvB,cAAcI,MAEf,OADsBsO,EAAckE,mBAAmBpE,EAAc5b,GAEzE,QACI,OAAO,OAGvB,EA9CA,GAAa,EAAA8b,iB,mECTb,+BA6BA,OAvBW,EAAAtb,QAAP,SAAei8B,GACX,YAAuB,IAARA,IAAwBA,GAAO,IAAMA,EAAIliC,QAQrD,EAAAkvB,6BAAP,SAAoCgT,GAChC,IACI,IAAMjT,EAAY1nB,KAAKC,MAAM06B,GAO7B,OAAQjT,GAAkC,iBAAdA,EAA0BA,EAAY,KACpE,MAAOxuB,GACL,OAAO,OAGnB,EA7BA,GAAa,EAAAuF,e,kECFb,+BAyBA,OAnBW,EAAAse,eAAP,SAAsBxB,GAGlB,OAAOqf,SADSrf,GAAa,OACJ,KAMtB,EAAAgZ,IAAP,WACI,OAAOgE,KAAKsC,OAAM,IAAIl2B,MAAO8lB,UAAY,MAMtC,EAAAqQ,cAAP,WACI,OAAOnuB,OAAOgqB,YAAYpC,OAElC,EAzBA,GAAa,EAAAzX,a,oECHb,aACA,SACA,QAKA,2BA4DA,OArDW,EAAAie,UAAP,SAAiBC,GACb,GAAI,EAAAv8B,YAAYC,QAAQs8B,GACpB,OAAO,KAEX,IACMC,EADoB,uCACQtB,KAAKqB,GACvC,OAAKC,GAAWA,EAAQxiC,OAAS,EAEtB,KAEU,CACjByiC,OAAQD,EAAQ,GAChBE,WAAYF,EAAQ,GACpBG,OAAQH,EAAQ,KASjB,EAAAxf,iCAAP,SAAwC/X,EAAoBjB,GACxD,IAAM44B,EAAS54B,GAA6B,IAC5C,OAAOiB,GAAeA,EAAa,EAAAoZ,UAAUyX,MAAQ8G,GAQlD,EAAA93B,eAAP,SAAsB+3B,GAElB,IAAMC,EAAeliC,KAAK0hC,UAAUO,GACpC,IAAKC,EACD,OAAO,KAEX,IACI,IAAMC,EAAgBD,EAAyB,WACzCE,EAAgB,EAAA98B,YAAY4B,aAAai7B,GAC/C,OAAKC,EAKEz7B,KAAKC,MAAMw7B,GAHP,KAIb,MAAOxjB,IAIT,OAAO,MAEf,EA5DA,GAAa,EAAA3U,c,qECNb,YAEA,QACA,SACA,SAKA,2BAkRA,OA5QW,EAAAyO,kBAAP,SAAyB2pB,GACrB,IAAMf,EAAMthC,KAAKsiC,0BAA0BD,GACvCE,EAAuBF,EAAoB7yB,kBAAkB+a,sBASjE,OAPIgY,EAAa5hC,QAAQ,KAAO,EAC5B4hC,GAAgB,IAEhBA,GAAgB,IAGO,GAAGA,EAAejB,EAAIr5B,KAAK,MAQnD,EAAAq6B,0BAAP,SAAiCD,GAC7B,IAAMj8B,EAAS,EAAAkJ,SAASL,oBAAoBozB,EAAoBj8B,QAE1Dk7B,EAAqB,GA6B3B,OA5BAA,EAAI1hC,KAAK,iBAAmByiC,EAAoB9yB,cAChD+xB,EAAI1hC,KAAK,SAAWkS,mBAAmB,EAAAxC,SAAShC,WAAWlH,KAC3Dk7B,EAAI1hC,KAAK,aAAekS,mBAAmBuwB,EAAoBj6B,WAC/Dk5B,EAAI1hC,KAAK,gBAAkBkS,mBAAmBuwB,EAAoB75B,cAElE84B,EAAI1hC,KAAK,SAAWkS,mBAAmBuwB,EAAoBt8B,QAC3Du7B,EAAI1hC,KAAK,SAAWkS,mBAAmBuwB,EAAoBj4B,QAE3Dk3B,EAAI1hC,KAAK,iBACT0hC,EAAI1hC,KAAK,gBAAgByiC,EAAoB3yB,YAC7C4xB,EAAI1hC,KAAK,gBAAgByiC,EAAoB1yB,YACzC0yB,EAAoBnyB,aACpBoxB,EAAI1hC,KAAK,UAAYkS,mBAAmBuwB,EAAoBnyB,cAG5DmyB,EAAoBlyB,aACpBmxB,EAAI1hC,KAAK,UAAYkS,mBAAmBuwB,EAAoBlyB,cAG5DkyB,EAAoBryB,iBACpBsxB,EAAI1hC,KAAKyiC,EAAoBryB,iBAG7BqyB,EAAoB5xB,sBACpB6wB,EAAI1hC,KAAKyiC,EAAoB5xB,sBAGjC6wB,EAAI1hC,KAAK,qBAAuBkS,mBAAmBuwB,EAAoBt3B,gBAChEu2B,GAMJ,EAAA54B,cAAP,WACI,OAAO4K,OAAOO,SAASwE,KAAKzQ,MAAM,KAAK,GAAGA,MAAM,KAAK,IAMlD,EAAA2X,kBAAP,SAAyBoJ,GACrB,OAAOA,EAAI/gB,MAAM,KAAK,IAQnB,EAAAie,kBAAP,SAAyB8C,EAAa1iB,GAClC,IAAMu8B,EAAe7Z,EAAIjc,cACnB+1B,EAAYziC,KAAK0f,iBAAiB8iB,GAClCE,EAAYD,EAAUzY,aAI5B,OAHI/jB,GAAkC,IAArBy8B,EAAUtjC,QAAiBsjC,EAAU,KAAO,EAAA10B,UAAU20B,QAAUD,EAAU,KAAO,EAAA5xB,SAAS8xB,eAAiBF,EAAU,KAAO,EAAA5xB,SAAS+xB,YAClJH,EAAU,GAAKz8B,GAEZjG,KAAK8iC,gCAAgCL,EAAWC,IAGpD,EAAAI,gCAAP,SAAuCL,EAAiBC,GACpD,OAAO1iC,KAAKioB,gBAAgBwa,EAAUzX,SAAW,KAAOyX,EAAUrhB,gBAAkB,IAAMshB,EAAUz6B,KAAK,OAQtG,EAAA8Y,kBAAP,SAAyB4H,GACrB,IAAM3hB,EAAahH,KAAKioB,gBAAgBU,GAClC+Z,EAAY1iC,KAAK0f,iBAAiB1Y,GAAWgjB,aACnD,OAA6B,IAArB0Y,EAAUtjC,QAAgBsjC,EAAU,KAAO,EAAA10B,UAAU20B,QAQ1D,EAAA3hB,yBAAP,SAAgC2H,GAC5B,IAAM3hB,EAAahH,KAAKioB,gBAAgBU,GAClC+Z,EAAY1iC,KAAK0f,iBAAiB1Y,GAAWgjB,aACnD,OAA6B,IAArB0Y,EAAUtjC,QAAgBsjC,EAAU,KAAO,EAAA5xB,SAAS8xB,eAQzD,EAAA3hB,qBAAP,SAA4B0H,GACxB,IAAM3hB,EAAahH,KAAKioB,gBAAgBU,GAClC+Z,EAAY1iC,KAAK0f,iBAAiB1Y,GAAWgjB,aACnD,OAA6B,IAArB0Y,EAAUtjC,QAAgBsjC,EAAU,KAAO,EAAA5xB,SAAS+xB,WAOzD,EAAAnjB,iBAAP,SAAwBiJ,GACpB,IAAKA,EACD,KAAM,eAIV,IAAMoa,EAAQC,OAAO,8DAEfxU,EAAQ7F,EAAI6F,MAAMuU,GAExB,IAAKvU,GAASA,EAAMpvB,OAAS,EACzB,KAAM,qBAGV,IAAM6jC,EAAsB,CACxBjY,SAAUwD,EAAM,GAChBpN,gBAAiBoN,EAAM,GACvB0U,aAAc1U,EAAM,IAGpBzE,EAAekZ,EAAcC,aAAat7B,MAAM,KAWpD,OAVAmiB,EAAeA,EAAa1c,QAAO,SAACkH,GAAQ,OAAAA,GAAOA,EAAInV,OAAS,KAChE6jC,EAAcjZ,aAAeD,EAEzByE,EAAM,KACNyU,EAAcE,OAAS3U,EAAM,IAE7BA,EAAM,KACNyU,EAActjB,KAAO6O,EAAM,IAGxByU,GAQJ,EAAAhb,gBAAP,SAAuBU,GACnB,GAAIA,EAAK,CACL,IAAI6Z,EAAe7Z,EAAIjc,cAMvB,OAJKjE,EAAS26B,SAASZ,EAAc,OACjCA,GAAgB,KAGbA,EAGX,OAAO7Z,GAUJ,EAAAya,SAAP,SAAgBza,EAAayU,GACzB,SAAKzU,IAAQyU,KAI+C,IAArDzU,EAAIhoB,QAAQy8B,EAAQzU,EAAIvpB,OAASg+B,EAAOh+B,SAQ5C,EAAAqjB,8BAAP,SAAqCkG,EAAalkB,GAC9C,GAAI,EAAAW,YAAYC,QAAQsjB,GACpB,OAAOA,EAGX,IACI0a,EAAQ,IAAIL,OAAO,OAASv+B,EAAO,WAQvC,OAPakkB,EAAI6B,QAAQ6Y,EAAO,IAEhCA,EAAQ,IAAIL,OAAO,IAAMv+B,EAAO,YACnBkkB,EAAI6B,QAAQ6Y,EAAO,IAEhCA,EAAQ,IAAIL,OAAO,IAAMv+B,EAAO,WACnBkkB,EAAI6B,QAAQ6Y,EAAO,KAU7B,EAAAC,eAAP,SAAsBC,GAClB,IAAMC,EAAaD,EAAoB5iC,QAAQ,KACzC8iC,EAAaF,EAAoB5iC,QAAQ,MAC/C,OAAI8iC,GAAc,EACPF,EAAoBr1B,UAAUu1B,EAAa,GAC3CD,GAAc,EACdD,EAAoBr1B,UAAUs1B,EAAa,GAE/CD,GAQJ,EAAAxvB,gBAAP,SAAuB2vB,GACnB,IAAM7jB,EAAapX,EAASqX,gBAAgB4jB,GAC5C,OACI7jB,EAAWlhB,eAAe,EAAAmgB,oBAAoBiF,oBAC9ClE,EAAWlhB,eAAe,EAAAmgB,oBAAoBnF,QAC9CkG,EAAWlhB,eAAe,EAAAmgB,oBAAoBC,eAC9Cc,EAAWlhB,eAAe,EAAAmgB,oBAAoB3N,WAS/C,EAAA2O,gBAAP,SAAuB6jB,GACnB,IAAM7vB,EAAOrL,EAAS66B,eAAeK,GACrC,OAAO,EAAAr+B,YAAY06B,YAAYlsB,IAU5B,EAAAoT,eAAP,SAAsB4Q,GAElB,IAAI8L,EAAejE,OAAO7H,GAAKtN,QAAQ,iBAAkB,IAEzD,OADAoZ,EAAeA,EAAah8B,MAAM,KAAK,IAG/C,EAlRA,GAAa,EAAAa,Y,qECVb,aACA,SAGA,QACA,QAEA,2BAqVA,OAxUW,EAAAo7B,WAAP,WACI,OAAOvwB,OAAOuL,SAAWvL,QAQtB,EAAAwwB,UAAP,WACI,SAAUxwB,OAAOywB,QAAUzwB,OAAOywB,SAAWzwB,SAS1C,EAAA+O,kBAAP,SAAyB2hB,EAAgBlsB,GACrC,MAAO,GAAGksB,EAAS,EAAAh2B,UAAUC,kBAAoB6J,GAQ9C,EAAAkF,qBAAP,SAA4BC,EAAuBgnB,EAAiBxrB,EAAqBxP,GACrF,OAAO,IAAIjH,SAAQ,SAACC,EAASC,GAKzB,IACMgiC,EADU,EAAAzgB,UAAUge,gBACIwC,EAE9Bh7B,EAAOgD,QAAQ,0CAEf,IAAMk4B,EAAaC,aAAY,WAC3B,GAAI,EAAA3gB,UAAUge,gBAAkByC,EAK5B,OAJAj7B,EAAOpJ,MAAM,+DACboJ,EAAO0C,SAAS,mDAAmD8M,GACnE4rB,cAAcF,QACdjiC,EAAO,EAAAmF,gBAAgBwrB,kCAI3B,IAAIxa,EAEJ,IAMIA,EAAO4E,EAAcpJ,SAASwE,KAChC,MAAO3Y,IAEL2Y,GAAQ,EAAA5P,SAASsL,gBAAgBsE,KACjCpP,EAAOgD,QAAQ,0CACfo4B,cAAcF,GACdliC,EAAQgb,EAAcpJ,SAASC,SAEpCE,EAAYswB,yBAShB,EAAAxqB,oBAAP,SAA2BmD,EAAuBgnB,EAAiBxrB,EAAqBxP,GACpF,OAAO,IAAIjH,SAAQ,SAACC,EAASC,GAKzB,IAAMqiC,EAAWN,EAAUjwB,EAAYswB,oBACnCE,EAAQ,EAEZv7B,EAAOgD,QAAQ,wCAEf,IAAMk4B,EAAaC,aAAY,WAC3B,GAAInnB,EAAcwnB,OAId,OAHAx7B,EAAOpJ,MAAM,sCACbwkC,cAAcF,QACdjiC,EAAO,EAAAmF,gBAAgB6rB,4BAI3B,IAAI7a,EACJ,IAMIA,EAAO4E,EAAcpJ,SAASwE,KAChC,MAAO3Y,IAGT,GAAK2Y,GAAiB,gBAATA,EAUb,GAFAmsB,IAEInsB,GAAQ,EAAA5P,SAASsL,gBAAgBsE,GAAO,CACxCpP,EAAOgD,QAAQ,yCACfo4B,cAAcF,GACd,IAAMrwB,EAAOmJ,EAAcpJ,SAASC,KACpCE,EAAYmL,iBAAiBlC,GAC7Bhb,EAAQ6R,QACD0wB,EAAQD,IACft7B,EAAOpJ,MAAM,8DACboJ,EAAO0C,SAAS,kDAAkD8M,GAClE4rB,cAAcF,GACdjiC,EAAO,EAAAmF,gBAAgBwrB,qCAE5B7e,EAAYswB,yBAShB,EAAAznB,UAAP,SAAiBpE,EAAqBiE,EAAmBgoB,EAAmBz7B,GAA5E,WAOI,OAFAA,EAAO+C,QAAQ,cAAgB0Q,GAExB,IAAI1a,SAAQ,SAACC,EAASC,GACzByiC,YAAW,WACP,IAAMC,EAAc,EAAK9nB,cAAcrE,EAAaiE,EAAWzT,GAE1D27B,EAKL3iC,EAAQ2iC,GAJJ1iC,EAAO,oCAAoCwa,KAKhDgoB,OAWJ,EAAA5nB,cAAP,SAAqBrE,EAAqBiE,EAAmBzT,GACzD,IAAM27B,EAAc5wB,EAAYwO,gBAAgB9F,EAAWzT,GAG3D,OAAK27B,GAGwB,KAApBA,EAAYC,KAAkC,gBAApBD,EAAYC,MAC3CD,EAAYC,IAAMpsB,EAClBxP,EAAO+C,QAAQ,gBAAkB0Q,EAAY,kBAAoBjE,IAG9DmsB,GAPI,MAeR,EAAApiB,gBAAP,SAAuBsiB,EAAkB77B,GACrC,QAAwB,IAAb67B,EACP,OAAO,KAGX77B,EAAO+C,QAAQ,8BAAgC84B,GAC/C,IAAIC,EAAYjpB,SAASkpB,eAAeF,GACxC,IAAKC,EAAW,CACZ,GAAIjpB,SAASmpB,eACjBnpB,SAASC,kBAC4C,IAApDzI,OAAO2oB,UAAUrC,UAAUj5B,QAAQ,YAAqB,CACjD,IAAMukC,EAAMppB,SAASmpB,cAAc,UACnCC,EAAIC,aAAa,KAAML,GACvBI,EAAIC,aAAa,cAAe,QAChCD,EAAIE,MAAMC,WAAa,SACvBH,EAAIE,MAAME,SAAW,WACrBJ,EAAIE,MAAMxpB,MAAQspB,EAAIE,MAAMnpB,OAAS,IACrCipB,EAAIE,MAAMG,OAAS,IACnBL,EAAIC,aAAa,UAAW,+CAC5BJ,EAAajpB,SAAS0pB,qBAAqB,QAAQ,GAAGC,YAAYP,QAC3DppB,SAAStZ,MAAQsZ,SAAStZ,KAAKkjC,oBACtC5pB,SAAStZ,KAAKkjC,mBAAmB,YAAa,iBAAmBZ,EAAW,SAAWA,EAAW,oCAGlGxxB,OAAOqyB,QAAUryB,OAAOqyB,OAAOb,KAC/BC,EAAYzxB,OAAOqyB,OAAOb,IAIlC,OAAOC,GAQJ,EAAA5nB,mBAAP,SAA0BJ,GAClBjB,SAAStZ,OAASua,EAAO6oB,YACzB9pB,SAAStZ,KAAKqjC,YAAY9oB,IAS3B,EAAA+oB,kBAAP,SAAyBhyB,GACrB,IAAMiyB,EAAUjqB,SAAS0pB,qBAAqB,UAG9C,OAF8C/mC,MAAMiC,MAAM,KAAMjC,MAAMsnC,EAAQ3mC,SAAS6N,KAAI,SAAC8P,EAA2BoJ,GAAkB,OAAA4f,EAAQC,KAAK7f,MAEnI9Y,QAAO,SAAC0P,GACvB,IACI,OAAOA,EAAOE,cAAcpJ,SAASC,OAASA,EAChD,MAAOpU,GACL,OAAO,MAEZ,IAQA,EAAAumC,UAAP,WAKI,OAJK3yB,OAAO4yB,gBACR5yB,OAAO4yB,cAAgB,IAGpB5yB,OAAO4yB,eAQX,EAAAC,iBAAP,SAAwBryB,GACpB,OAAOE,EAAYiyB,YAAY54B,QAAO,SAAA+4B,GAClC,IACI,OAAOA,EAAMvyB,SAASC,OAASA,EACjC,MAAOpU,GACL,OAAO,MAEZ,IAQA,EAAA4Z,WAAP,SAAkB8sB,GACdpyB,EAAYiyB,YAAYrmC,KAAKwmC,IAQ1B,EAAAnsB,YAAP,WACIjG,EAAYiyB,YAAYr0B,SAAQ,SAAAw0B,GAAS,OAAAA,EAAMjsB,YAQ5C,EAAAzD,2BAAP,WAEI,GAAI,EAAAjO,SAASsL,gBAAgBT,OAAOO,SAASC,OAASE,EAAY6vB,aAC9D,MAAM,EAAAx8B,gBAAgBusB,+CAQvB,EAAA3f,2BAAP,SAAkCb,GAC9B,IAAMizB,EAAgBjzB,EAAa0H,QAAQ,EAAAjE,mBAAmBC,kBAG9D,GAAGuvB,IAAkB,EAAA59B,SAASsL,gBAAgBT,OAAOO,SAASC,MAAO,CACjE,IAAMwyB,EAAaD,EAAcz+B,MAAM,EAAAoG,UAAUC,mBACjDq4B,EAAWtiC,QACX,IAAM+B,EAAQugC,EAAWlnC,OAAS,EAAIknC,EAAWr+B,KAAK,EAAA+F,UAAUC,mBAAoB,KACpFmF,EAAaiD,oBAAoBtQ,KAOlC,EAAAoZ,iBAAP,SAAwBlC,GACpBA,EAAcpJ,SAASC,KAAO,GAEoB,mBAAvCmJ,EAAcspB,QAAQC,cAE7BvpB,EAAcspB,QAAQC,aAAa,KAAM,KAAM,GAAGvpB,EAAcpJ,SAAS4yB,SAAWxpB,EAAcpJ,SAASssB,SA5UpG,EAAAmE,oBAAsB,GA+UzC,EArVA,GAAa,EAAAtwB,gBCXT0yB,EAA2B,GAG/B,SAASC,EAAoBC,GAE5B,GAAGF,EAAyBE,GAC3B,OAAOF,EAAyBE,GAAU9oC,QAG3C,IAAIC,EAAS2oC,EAAyBE,GAAY,CAGjD9oC,QAAS,IAOV,OAHA+oC,EAAoBD,GAAU7oC,EAAQA,EAAOD,QAAS6oC,GAG/C5oC,EAAOD,QCjBR6oC,CAAoB,K,MDFvBD","file":"msal.min.js","sourcesContent":["(function webpackUniversalModuleDefinition(root, factory) {\n\tif(typeof exports === 'object' && typeof module === 'object')\n\t\tmodule.exports = factory();\n\telse if(typeof define === 'function' && define.amd)\n\t\tdefine(\"Msal\", [], factory);\n\telse if(typeof exports === 'object')\n\t\texports[\"Msal\"] = factory();\n\telse\n\t\troot[\"Msal\"] = factory();\n})(self, function() {\nreturn ","/*! *****************************************************************************\r\nCopyright (c) Microsoft Corporation. All rights reserved.\r\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use\r\nthis file except in compliance with the License. You may obtain a copy of the\r\nLicense at http://www.apache.org/licenses/LICENSE-2.0\r\n\r\nTHIS CODE IS PROVIDED ON AN *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r\nKIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED\r\nWARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE,\r\nMERCHANTABLITY OR NON-INFRINGEMENT.\r\n\r\nSee the Apache Version 2.0 License for specific language governing permissions\r\nand limitations under the License.\r\n***************************************************************************** */\r\n/* global Reflect, Promise */\r\n\r\nvar extendStatics = function(d, b) {\r\n extendStatics = Object.setPrototypeOf ||\r\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\r\n function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };\r\n return extendStatics(d, b);\r\n};\r\n\r\nexport function __extends(d, b) {\r\n extendStatics(d, b);\r\n function __() { this.constructor = d; }\r\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\r\n}\r\n\r\nexport var __assign = function() {\r\n __assign = Object.assign || function __assign(t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];\r\n }\r\n return t;\r\n }\r\n return __assign.apply(this, arguments);\r\n}\r\n\r\nexport function __rest(s, e) {\r\n var t = {};\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)\r\n t[p] = s[p];\r\n if (s != null && typeof Object.getOwnPropertySymbols === \"function\")\r\n for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {\r\n if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))\r\n t[p[i]] = s[p[i]];\r\n }\r\n return t;\r\n}\r\n\r\nexport function __decorate(decorators, target, key, desc) {\r\n var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;\r\n if (typeof Reflect === \"object\" && typeof Reflect.decorate === \"function\") r = Reflect.decorate(decorators, target, key, desc);\r\n else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;\r\n return c > 3 && r && Object.defineProperty(target, key, r), r;\r\n}\r\n\r\nexport function __param(paramIndex, decorator) {\r\n return function (target, key) { decorator(target, key, paramIndex); }\r\n}\r\n\r\nexport function __metadata(metadataKey, metadataValue) {\r\n if (typeof Reflect === \"object\" && typeof Reflect.metadata === \"function\") return Reflect.metadata(metadataKey, metadataValue);\r\n}\r\n\r\nexport function __awaiter(thisArg, _arguments, P, generator) {\r\n return new (P || (P = Promise))(function (resolve, reject) {\r\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\r\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\r\n function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }\r\n step((generator = generator.apply(thisArg, _arguments || [])).next());\r\n });\r\n}\r\n\r\nexport function __generator(thisArg, body) {\r\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\r\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\r\n function verb(n) { return function (v) { return step([n, v]); }; }\r\n function step(op) {\r\n if (f) throw new TypeError(\"Generator is already executing.\");\r\n while (_) try {\r\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\r\n if (y = 0, t) op = [op[0] & 2, t.value];\r\n switch (op[0]) {\r\n case 0: case 1: t = op; break;\r\n case 4: _.label++; return { value: op[1], done: false };\r\n case 5: _.label++; y = op[1]; op = [0]; continue;\r\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\r\n default:\r\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\r\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\r\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\r\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\r\n if (t[2]) _.ops.pop();\r\n _.trys.pop(); continue;\r\n }\r\n op = body.call(thisArg, _);\r\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\r\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\r\n }\r\n}\r\n\r\nexport function __exportStar(m, exports) {\r\n for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];\r\n}\r\n\r\nexport function __values(o) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator], i = 0;\r\n if (m) return m.call(o);\r\n return {\r\n next: function () {\r\n if (o && i >= o.length) o = void 0;\r\n return { value: o && o[i++], done: !o };\r\n }\r\n };\r\n}\r\n\r\nexport function __read(o, n) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator];\r\n if (!m) return o;\r\n var i = m.call(o), r, ar = [], e;\r\n try {\r\n while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);\r\n }\r\n catch (error) { e = { error: error }; }\r\n finally {\r\n try {\r\n if (r && !r.done && (m = i[\"return\"])) m.call(i);\r\n }\r\n finally { if (e) throw e.error; }\r\n }\r\n return ar;\r\n}\r\n\r\nexport function __spread() {\r\n for (var ar = [], i = 0; i < arguments.length; i++)\r\n ar = ar.concat(__read(arguments[i]));\r\n return ar;\r\n}\r\n\r\nexport function __spreadArrays() {\r\n for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length;\r\n for (var r = Array(s), k = 0, i = 0; i < il; i++)\r\n for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)\r\n r[k] = a[j];\r\n return r;\r\n};\r\n\r\nexport function __await(v) {\r\n return this instanceof __await ? (this.v = v, this) : new __await(v);\r\n}\r\n\r\nexport function __asyncGenerator(thisArg, _arguments, generator) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var g = generator.apply(thisArg, _arguments || []), i, q = [];\r\n return i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i;\r\n function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }\r\n function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }\r\n function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }\r\n function fulfill(value) { resume(\"next\", value); }\r\n function reject(value) { resume(\"throw\", value); }\r\n function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }\r\n}\r\n\r\nexport function __asyncDelegator(o) {\r\n var i, p;\r\n return i = {}, verb(\"next\"), verb(\"throw\", function (e) { throw e; }), verb(\"return\"), i[Symbol.iterator] = function () { return this; }, i;\r\n function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === \"return\" } : f ? f(v) : v; } : f; }\r\n}\r\n\r\nexport function __asyncValues(o) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var m = o[Symbol.asyncIterator], i;\r\n return m ? m.call(o) : (o = typeof __values === \"function\" ? __values(o) : o[Symbol.iterator](), i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i);\r\n function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }\r\n function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }\r\n}\r\n\r\nexport function __makeTemplateObject(cooked, raw) {\r\n if (Object.defineProperty) { Object.defineProperty(cooked, \"raw\", { value: raw }); } else { cooked.raw = raw; }\r\n return cooked;\r\n};\r\n\r\nexport function __importStar(mod) {\r\n if (mod && mod.__esModule) return mod;\r\n var result = {};\r\n if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];\r\n result.default = mod;\r\n return result;\r\n}\r\n\r\nexport function __importDefault(mod) {\r\n return (mod && mod.__esModule) ? mod : { default: mod };\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientInfo } from \"./ClientInfo\";\r\nimport { IdToken } from \"./IdToken\";\r\nimport { CryptoUtils } from \"./utils/CryptoUtils\";\r\nimport { StringUtils } from \"./utils/StringUtils\";\r\nimport { StringDict } from \"./MsalTypes\";\r\n\r\n/**\r\n * accountIdentifier combination of idToken.uid and idToken.utid\r\n * homeAccountIdentifier combination of clientInfo.uid and clientInfo.utid\r\n * userName idToken.preferred_username\r\n * name idToken.name\r\n * idToken idToken\r\n * sid idToken.sid - session identifier\r\n * environment idtoken.issuer (the authority that issues the token)\r\n */\r\nexport class Account {\r\n\r\n accountIdentifier: string;\r\n homeAccountIdentifier: string;\r\n userName: string;\r\n name: string;\r\n idToken: StringDict; // will be deprecated soon\r\n idTokenClaims: StringDict;\r\n sid: string;\r\n environment: string;\r\n\r\n /**\r\n * Creates an Account Object\r\n * @praram accountIdentifier\r\n * @param homeAccountIdentifier\r\n * @param userName\r\n * @param name\r\n * @param idToken\r\n * @param sid\r\n * @param environment\r\n */\r\n constructor(accountIdentifier: string, homeAccountIdentifier: string, userName: string, name: string, idTokenClaims: StringDict, sid: string, environment: string) {\r\n this.accountIdentifier = accountIdentifier;\r\n this.homeAccountIdentifier = homeAccountIdentifier;\r\n this.userName = userName;\r\n this.name = name;\r\n // will be deprecated soon\r\n this.idToken = idTokenClaims;\r\n this.idTokenClaims = idTokenClaims;\r\n this.sid = sid;\r\n this.environment = environment;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @param idToken\r\n * @param clientInfo\r\n */\r\n static createAccount(idToken: IdToken, clientInfo: ClientInfo): Account {\r\n\r\n // create accountIdentifier\r\n const accountIdentifier: string = idToken.objectId || idToken.subject;\r\n\r\n // create homeAccountIdentifier\r\n const uid: string = clientInfo ? clientInfo.uid : \"\";\r\n const utid: string = clientInfo ? clientInfo.utid : \"\";\r\n\r\n let homeAccountIdentifier: string;\r\n if (!StringUtils.isEmpty(uid)) {\r\n homeAccountIdentifier = StringUtils.isEmpty(utid)? CryptoUtils.base64Encode(uid): CryptoUtils.base64Encode(uid) + \".\" + CryptoUtils.base64Encode(utid);\r\n }\r\n return new Account(accountIdentifier, homeAccountIdentifier, idToken.preferredName, idToken.name, idToken.claims, idToken.sid, idToken.issuer);\r\n }\r\n\r\n /**\r\n * Utils function to compare two Account objects - used to check if the same user account is logged in\r\n *\r\n * @param a1: Account object\r\n * @param a2: Account object\r\n */\r\n static compareAccounts(a1: Account, a2: Account): boolean {\r\n if (!a1 || !a2) {\r\n return false;\r\n }\r\n if (a1.homeAccountIdentifier && a2.homeAccountIdentifier) {\r\n if (a1.homeAccountIdentifier === a2.homeAccountIdentifier) {\r\n return true;\r\n }\r\n }\r\n return false;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Account } from \"./Account\";\r\nimport { IdToken } from \"./IdToken\";\r\nimport { StringDict } from \"./MsalTypes\";\r\n\r\nexport type AuthResponse = {\r\n uniqueId: string;\r\n tenantId: string;\r\n tokenType: string;\r\n idToken: IdToken;\r\n idTokenClaims: StringDict;\r\n accessToken: string;\r\n scopes: Array<string>;\r\n expiresOn: Date;\r\n account: Account;\r\n accountState: string;\r\n fromCache: boolean\r\n};\r\n\r\nexport function buildResponseStateOnly(state: string) : AuthResponse {\r\n return {\r\n uniqueId: \"\",\r\n tenantId: \"\",\r\n tokenType: \"\",\r\n idToken: null,\r\n idTokenClaims: null,\r\n accessToken: \"\",\r\n scopes: null,\r\n expiresOn: null,\r\n account: null,\r\n accountState: state,\r\n fromCache: false\r\n };\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Account } from \"./Account\";\r\nimport { ClientConfigurationError } from \"./error/ClientConfigurationError\";\r\nimport { StringDict } from \"./MsalTypes\";\r\n\r\n/**\r\n * @link AuthenticationParameters}AuthenticationParameters\r\n */\r\nexport type AuthenticationParameters = {\r\n scopes?: Array<string>;\r\n extraScopesToConsent?: Array<string>;\r\n prompt?: string;\r\n extraQueryParameters?: StringDict;\r\n claimsRequest?: string;\r\n authority?: string;\r\n state?: string;\r\n correlationId?: string;\r\n account?: Account;\r\n sid?: string;\r\n loginHint?: string;\r\n forceRefresh?: boolean;\r\n redirectUri?: string;\r\n redirectStartPage?: string;\r\n authorityMetadata?: string;\r\n onRedirectNavigate?: ((url: string) => void | boolean)\r\n};\r\n\r\nexport function validateClaimsRequest(request: AuthenticationParameters): void {\r\n if (!request.claimsRequest) {\r\n return;\r\n }\r\n try {\r\n JSON.parse(request.claimsRequest);\r\n } catch (e) {\r\n throw ClientConfigurationError.createClaimsRequestParsingError(e);\r\n }\r\n\r\n // TODO: More validation will be added when the server team tells us how they have actually implemented claims\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CryptoUtils } from \"./utils/CryptoUtils\";\r\nimport { ClientAuthError } from \"./error/ClientAuthError\";\r\nimport { StringUtils } from \"./utils/StringUtils\";\r\nimport { IdToken } from \"./IdToken\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class ClientInfo {\r\n\r\n private _uid: string;\r\n get uid(): string {\r\n return this._uid ? this._uid : \"\";\r\n }\r\n\r\n set uid(uid: string) {\r\n this._uid = uid;\r\n }\r\n\r\n private _utid: string;\r\n get utid(): string {\r\n return this._utid ? this._utid : \"\";\r\n }\r\n\r\n set utid(utid: string) {\r\n this._utid = utid;\r\n }\r\n\r\n static createClientInfoFromIdToken(idToken:IdToken, authority: string): ClientInfo {\r\n const clientInfo = {\r\n uid: idToken.subject, \r\n utid: \"\"\r\n };\r\n\r\n return new ClientInfo(CryptoUtils.base64Encode(JSON.stringify(clientInfo)), authority);\r\n }\r\n\r\n constructor(rawClientInfo: string, authority: string) {\r\n if (!rawClientInfo || StringUtils.isEmpty(rawClientInfo)) {\r\n this.uid = \"\";\r\n this.utid = \"\";\r\n return;\r\n }\r\n\r\n try {\r\n const decodedClientInfo: string = CryptoUtils.base64Decode(rawClientInfo);\r\n const clientInfo: ClientInfo = <ClientInfo>JSON.parse(decodedClientInfo);\r\n if (clientInfo) {\r\n if (clientInfo.hasOwnProperty(\"uid\")) {\r\n this.uid = authority ? ClientInfo.stripPolicyFromUid(clientInfo.uid, authority): clientInfo.uid;\r\n }\r\n\r\n if (clientInfo.hasOwnProperty(\"utid\")) {\r\n this.utid = clientInfo.utid;\r\n }\r\n }\r\n } catch (e) {\r\n throw ClientAuthError.createClientInfoDecodingError(e);\r\n }\r\n }\r\n\r\n static stripPolicyFromUid(uid: string, authority: string): string {\r\n const uidSegments = uid.split(\"-\");\r\n // Reverse the url segments so the last one is more easily accessible\r\n const urlSegments = authority.split(\"/\").reverse();\r\n let policy = \"\";\r\n\r\n if (!StringUtils.isEmpty(urlSegments[0])) {\r\n policy = urlSegments[0];\r\n } else if (urlSegments.length > 1) {\r\n // If the original url had a trailing slash, urlSegments[0] would be \"\" so take the next element\r\n policy = urlSegments[1];\r\n }\r\n\r\n if (uidSegments[uidSegments.length - 1] === policy) {\r\n // If the last segment of uid matches the last segment of authority url, remove the last segment of uid\r\n return uidSegments.slice(0, uidSegments.length - 1).join(\"-\");\r\n }\r\n\r\n return uid;\r\n }\r\n\r\n public encodeClientInfo(): string {\r\n const clientInfo = JSON.stringify({uid: this.uid, utid: this.utid});\r\n\r\n return CryptoUtils.base64Encode(clientInfo);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Logger } from \"./Logger\";\r\nimport { UrlUtils } from \"./utils/UrlUtils\";\r\nimport { TelemetryEmitter } from \"./telemetry/TelemetryTypes\";\r\n\r\n/**\r\n * Cache location options supported by MSAL are:\r\n * - local storage: MSAL uses browsers local storage to store its cache\r\n * - session storage: MSAL uses the browsers session storage to store its cache\r\n */\r\nexport type CacheLocation = \"localStorage\" | \"sessionStorage\";\r\n\r\n/**\r\n * Defaults for the Configuration Options\r\n */\r\nconst FRAME_TIMEOUT = 6000;\r\nconst OFFSET = 300;\r\nconst NAVIGATE_FRAME_WAIT = 500;\r\n\r\n/**\r\n * @type AuthOptions: Use this to configure the auth options in the Configuration object\r\n *\r\n * - clientId - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform\r\n * - authority - You can configure a specific authority, defaults to \" \" or \"https://login.microsoftonline.com/common\"\r\n * - validateAuthority - Used to turn authority validation on/off. When set to true (default), MSAL will compare the application's authority against well-known URLs templates representing well-formed authorities. It is useful when the authority is obtained at run time to prevent MSAL from displaying authentication prompts from malicious pages.\r\n * - authorityMetadata - OpenID configuration metadata for the configured authority. Must be passed as a JSON string.\r\n * - knownAuthorities - If validateAuthority is set to True, this will be used to set the Trusted Host list. Defaults to empty array\r\n * - redirectUri - The redirect URI of the application, this should be same as the value in the application registration portal.Defaults to `window.location.href`.\r\n * - postLogoutRedirectUri - Used to redirect the user to this location after logout. Defaults to `window.location.href`.\r\n * - navigateToLoginRequestUrl - Used to turn off default navigation to start page after login. Default is true. This is used only for redirect flows.\r\n *\r\n */\r\nexport type AuthOptions = {\r\n clientId: string;\r\n authority?: string;\r\n validateAuthority?: boolean;\r\n authorityMetadata?: string;\r\n knownAuthorities?: Array<string>;\r\n redirectUri?: string | (() => string);\r\n postLogoutRedirectUri?: string | (() => string);\r\n navigateToLoginRequestUrl?: boolean;\r\n};\r\n\r\n/**\r\n * Use this to configure the below cache configuration options:\r\n *\r\n * - cacheLocation - Used to specify the cacheLocation user wants to set. Valid values are \"localStorage\" and \"sessionStorage\"\r\n * - storeAuthStateInCookie - If set, MSAL store's the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.\r\n */\r\nexport type CacheOptions = {\r\n cacheLocation?: CacheLocation;\r\n storeAuthStateInCookie?: boolean;\r\n};\r\n\r\n/**\r\n * Telemetry Config Options\r\n * - applicationName - Name of the consuming apps application\r\n * - applicationVersion - Verison of the consuming application\r\n * - telemetryEmitter - Function where telemetry events are flushed to\r\n */\r\nexport type TelemetryOptions = {\r\n applicationName: string;\r\n applicationVersion: string;\r\n telemetryEmitter: TelemetryEmitter\r\n // TODO, add onlyAddFailureTelemetry option\r\n};\r\n\r\n/**\r\n * Library Specific Options\r\n *\r\n * - logger - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger\r\n * - loadFrameTimeout - maximum time the library should wait for a frame to load\r\n * - tokenRenewalOffsetSeconds - sets the window of offset needed to renew the token before expiry\r\n * - navigateFrameWait - sets the wait time for hidden iFrame navigation\r\n */\r\nexport type SystemOptions = {\r\n logger?: Logger;\r\n loadFrameTimeout?: number;\r\n tokenRenewalOffsetSeconds?: number;\r\n navigateFrameWait?: number;\r\n telemetry?: TelemetryOptions\r\n};\r\n\r\n/**\r\n * App/Framework specific environment support\r\n *\r\n * - isAngular - flag set to determine if it is Angular Framework. MSAL uses this to broadcast tokens. More to come here: detangle this dependency from core.\r\n * - unprotectedResources - Array of URI's which are unprotected resources. MSAL will not attach a token to outgoing requests that have these URI. Defaults to 'null'.\r\n * - protectedResourceMap - This is mapping of resources to scopes used by MSAL for automatically attaching access tokens in web API calls.A single access token is obtained for the resource. So you can map a specific resource path as follows: {\"https://graph.microsoft.com/v1.0/me\", [\"user.read\"]}, or the app URL of the resource as: {\"https://graph.microsoft.com/\", [\"user.read\", \"mail.send\"]}. This is required for CORS calls.\r\n *\r\n */\r\nexport type FrameworkOptions = {\r\n isAngular?: boolean;\r\n unprotectedResources?: Array<string>;\r\n protectedResourceMap?: Map<string, Array<string>>;\r\n};\r\n\r\n/**\r\n * Use the configuration object to configure MSAL and initialize the UserAgentApplication.\r\n *\r\n * This object allows you to configure important elements of MSAL functionality:\r\n * - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform\r\n * - cache: this is where you configure cache location and whether to store cache in cookies\r\n * - system: this is where you can configure the logger, frame timeout etc.\r\n * - framework: this is where you can configure the running mode of angular. More to come here soon.\r\n */\r\nexport type Configuration = {\r\n auth: AuthOptions,\r\n cache?: CacheOptions,\r\n system?: SystemOptions,\r\n framework?: FrameworkOptions\r\n};\r\n\r\nconst DEFAULT_AUTH_OPTIONS: AuthOptions = {\r\n clientId: \"\",\r\n authority: null,\r\n validateAuthority: true,\r\n authorityMetadata: \"\",\r\n knownAuthorities: [],\r\n redirectUri: () => UrlUtils.getCurrentUrl(),\r\n postLogoutRedirectUri: () => UrlUtils.getCurrentUrl(),\r\n navigateToLoginRequestUrl: true\r\n};\r\n\r\nconst DEFAULT_CACHE_OPTIONS: CacheOptions = {\r\n cacheLocation: \"sessionStorage\",\r\n storeAuthStateInCookie: false\r\n};\r\n\r\nconst DEFAULT_SYSTEM_OPTIONS: SystemOptions = {\r\n logger: new Logger(null),\r\n loadFrameTimeout: FRAME_TIMEOUT,\r\n tokenRenewalOffsetSeconds: OFFSET,\r\n navigateFrameWait: NAVIGATE_FRAME_WAIT\r\n};\r\n\r\nconst DEFAULT_FRAMEWORK_OPTIONS: FrameworkOptions = {\r\n isAngular: false,\r\n unprotectedResources: new Array<string>(),\r\n protectedResourceMap: new Map<string, Array<string>>()\r\n};\r\n\r\n/**\r\n * MSAL function that sets the default options when not explicitly configured from app developer\r\n *\r\n * @param TAuthOptions\r\n * @param TCacheOptions\r\n * @param TSystemOptions\r\n * @param TFrameworkOptions\r\n * @param TAuthorityDataOptions\r\n *\r\n * @returns TConfiguration object\r\n */\r\n\r\nexport function buildConfiguration({ auth, cache = {}, system = {}, framework = {}}: Configuration): Configuration {\r\n const overlayedConfig: Configuration = {\r\n auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },\r\n cache: { ...DEFAULT_CACHE_OPTIONS, ...cache },\r\n system: { ...DEFAULT_SYSTEM_OPTIONS, ...system },\r\n framework: { ...DEFAULT_FRAMEWORK_OPTIONS, ...framework }\r\n };\r\n return overlayedConfig;\r\n}\r\n\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientAuthError } from \"./error/ClientAuthError\";\r\nimport { TokenUtils } from \"./utils/TokenUtils\";\r\nimport { StringDict } from \"./MsalTypes\";\r\nimport { StringUtils } from \"./utils/StringUtils\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class IdToken {\r\n\r\n issuer: string;\r\n objectId: string;\r\n subject: string;\r\n tenantId: string;\r\n version: string;\r\n preferredName: string;\r\n name: string;\r\n homeObjectId: string;\r\n nonce: string;\r\n expiration: string;\r\n rawIdToken: string;\r\n claims: StringDict;\r\n sid: string;\r\n cloudInstance: string;\r\n /* tslint:disable:no-string-literal */\r\n constructor(rawIdToken: string) {\r\n if (StringUtils.isEmpty(rawIdToken)) {\r\n throw ClientAuthError.createIdTokenNullOrEmptyError(rawIdToken);\r\n }\r\n try {\r\n this.rawIdToken = rawIdToken;\r\n this.claims = TokenUtils.extractIdToken(rawIdToken) as StringDict;\r\n if (this.claims) {\r\n if (this.claims.hasOwnProperty(\"iss\")) {\r\n this.issuer = this.claims[\"iss\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"oid\")) {\r\n this.objectId = this.claims[\"oid\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"sub\")) {\r\n this.subject = this.claims[\"sub\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"tid\")) {\r\n this.tenantId = this.claims[\"tid\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"ver\")) {\r\n this.version = this.claims[\"ver\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"preferred_username\")) {\r\n this.preferredName = this.claims[\"preferred_username\"];\r\n } else if (this.claims.hasOwnProperty(\"upn\")) {\r\n this.preferredName = this.claims[\"upn\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"name\")) {\r\n this.name = this.claims[\"name\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"nonce\")) {\r\n this.nonce = this.claims[\"nonce\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"exp\")) {\r\n this.expiration = this.claims[\"exp\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"home_oid\")) {\r\n this.homeObjectId = this.claims[\"home_oid\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"sid\")) {\r\n this.sid = this.claims[\"sid\"];\r\n }\r\n\r\n if (this.claims.hasOwnProperty(\"cloud_instance_host_name\")) {\r\n this.cloudInstance = this.claims[\"cloud_instance_host_name\"];\r\n }\r\n /* tslint:enable:no-string-literal */\r\n }\r\n } catch (e) {\r\n /*\r\n * TODO: This error here won't really every be thrown, since extractIdToken() returns null if the decodeJwt() fails.\r\n * Need to add better error handling here to account for being unable to decode jwts.\r\n */\r\n throw ClientAuthError.createIdTokenParsingError(e);\r\n }\r\n }\r\n\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { StringUtils } from \"./utils/StringUtils\";\r\nimport { version as libraryVersion } from \"./packageMetadata\";\r\n\r\nexport interface ILoggerCallback {\r\n (level: LogLevel, message: string, containsPii: boolean): void;\r\n}\r\n\r\nexport enum LogLevel {\r\n Error,\r\n Warning,\r\n Info,\r\n Verbose\r\n}\r\n\r\nexport class Logger {// Singleton Class\r\n\r\n /**\r\n * @hidden\r\n */\r\n // TODO: This does not seem to be a singleton!! Change or Delete.\r\n private static instance: Logger;\r\n\r\n /**\r\n * @hidden\r\n */\r\n private correlationId: string;\r\n\r\n /**\r\n * @hidden\r\n */\r\n private level: LogLevel = LogLevel.Info;\r\n\r\n /**\r\n * @hidden\r\n */\r\n private piiLoggingEnabled: boolean;\r\n\r\n /**\r\n * @hidden\r\n */\r\n private localCallback: ILoggerCallback;\r\n\r\n constructor(localCallback: ILoggerCallback,\r\n options:\r\n {\r\n correlationId?: string,\r\n level?: LogLevel,\r\n piiLoggingEnabled?: boolean,\r\n } = {}) {\r\n const {\r\n correlationId = \"\",\r\n level = LogLevel.Info,\r\n piiLoggingEnabled = false\r\n } = options;\r\n\r\n this.localCallback = localCallback;\r\n this.correlationId = correlationId;\r\n this.level = level;\r\n this.piiLoggingEnabled = piiLoggingEnabled;\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n private logMessage(logLevel: LogLevel, logMessage: string, containsPii: boolean): void {\r\n if ((logLevel > this.level) || (!this.piiLoggingEnabled && containsPii)) {\r\n return;\r\n }\r\n const timestamp = new Date().toUTCString();\r\n let log: string;\r\n if (!StringUtils.isEmpty(this.correlationId)) {\r\n log = timestamp + \":\" + this.correlationId + \"-\" + libraryVersion + \"-\" + LogLevel[logLevel] + (containsPii ? \"-pii\" : \"\") + \" \" + logMessage;\r\n }\r\n else {\r\n log = timestamp + \":\" + libraryVersion + \"-\" + LogLevel[logLevel] + (containsPii ? \"-pii\" : \"\") + \" \" + logMessage;\r\n }\r\n this.executeCallback(logLevel, log, containsPii);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n executeCallback(level: LogLevel, message: string, containsPii: boolean): void {\r\n if (this.localCallback) {\r\n this.localCallback(level, message, containsPii);\r\n }\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n error(message: string): void {\r\n this.logMessage(LogLevel.Error, message, false);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n errorPii(message: string): void {\r\n this.logMessage(LogLevel.Error, message, true);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n warning(message: string): void {\r\n this.logMessage(LogLevel.Warning, message, false);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n warningPii(message: string): void {\r\n this.logMessage(LogLevel.Warning, message, true);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n info(message: string): void {\r\n this.logMessage(LogLevel.Info, message, false);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n infoPii(message: string): void {\r\n this.logMessage(LogLevel.Info, message, true);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n verbose(message: string): void {\r\n this.logMessage(LogLevel.Verbose, message, false);\r\n }\r\n\r\n /**\r\n * @hidden\r\n */\r\n verbosePii(message: string): void {\r\n this.logMessage(LogLevel.Verbose, message, true);\r\n }\r\n\r\n isPiiLoggingEnabled(): boolean {\r\n return this.piiLoggingEnabled;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientConfigurationError } from \"./error/ClientConfigurationError\";\r\nimport { Constants } from \"./utils/Constants\";\r\n\r\nexport class ScopeSet {\r\n\r\n /**\r\n * Check if there are dup scopes in a given request\r\n *\r\n * @param cachedScopes\r\n * @param scopes\r\n */\r\n // TODO: Rename this, intersecting scopes isn't a great name for duplicate checker\r\n static isIntersectingScopes(cachedScopes: Array<string>, scopes: Array<string>): boolean {\r\n const convertedCachedScopes = this.trimAndConvertArrayToLowerCase([...cachedScopes]);\r\n const requestScopes = this.trimAndConvertArrayToLowerCase([...scopes]);\r\n for (let i = 0; i < requestScopes.length; i++) {\r\n if (convertedCachedScopes.indexOf(requestScopes[i].toLowerCase()) > -1) {\r\n return true;\r\n }\r\n }\r\n return false;\r\n }\r\n\r\n /**\r\n * Check if a given scope is present in the request\r\n *\r\n * @param cachedScopes\r\n * @param scopes\r\n */\r\n static containsScope(cachedScopes: Array<string>, scopes: Array<string>): boolean {\r\n const convertedCachedScopes = this.trimAndConvertArrayToLowerCase([...cachedScopes]);\r\n const requestScopes = this.trimAndConvertArrayToLowerCase([...scopes]);\r\n return requestScopes.every((value: string): boolean => convertedCachedScopes.indexOf(value.toString().toLowerCase()) >= 0);\r\n }\r\n\r\n /**\r\n * Trims and converts string to lower case\r\n *\r\n * @param scopes\r\n */\r\n // TODO: Rename this, too generic name for a function that only deals with scopes\r\n static trimAndConvertToLowerCase(scope: string): string {\r\n return scope.trim().toLowerCase();\r\n }\r\n\r\n /**\r\n * Performs trimAndConvertToLowerCase on string array\r\n * @param scopes \r\n */\r\n static trimAndConvertArrayToLowerCase(scopes: Array<string>): Array<string> {\r\n return scopes.map(scope => this.trimAndConvertToLowerCase(scope));\r\n }\r\n\r\n /**\r\n * Trims each scope in scopes array\r\n * @param scopes \r\n */\r\n static trimScopes(scopes: Array<string>): Array<string> {\r\n return scopes.map(scope => scope.trim());\r\n }\r\n\r\n /**\r\n * Remove one element from a scope array\r\n *\r\n * @param scopes\r\n * @param scope\r\n */\r\n // TODO: Rename this, too generic name for a function that only deals with scopes\r\n static removeElement(scopes: Array<string>, scope: string): Array<string> {\r\n const scopeVal = this.trimAndConvertToLowerCase(scope);\r\n return scopes.filter(value => value !== scopeVal);\r\n }\r\n\r\n /**\r\n * Parse the scopes into a formatted scopeList\r\n * @param scopes\r\n */\r\n static parseScope(scopes: Array<string>): string {\r\n let scopeList: string = \"\";\r\n if (scopes) {\r\n for (let i: number = 0; i < scopes.length; ++i) {\r\n scopeList += (i !== scopes.length - 1) ? scopes[i] + \" \" : scopes[i];\r\n }\r\n }\r\n\r\n return scopeList;\r\n }\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Used to validate the scopes input parameter requested by the developer.\r\n * @param {Array<string>} scopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.\r\n * @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not\r\n * @ignore\r\n */\r\n static validateInputScope(scopes: Array<string>, scopesRequired: boolean): void {\r\n if (!scopes) {\r\n if (scopesRequired) {\r\n throw ClientConfigurationError.createScopesRequiredError(scopes);\r\n } else {\r\n return;\r\n }\r\n }\r\n\r\n // Check that scopes is an array object (also throws error if scopes == null)\r\n if (!Array.isArray(scopes)) {\r\n throw ClientConfigurationError.createScopesNonArrayError(scopes);\r\n }\r\n\r\n // Check that scopes is not an empty array\r\n if (scopes.length < 1 && scopesRequired) {\r\n throw ClientConfigurationError.createEmptyScopesArrayError(scopes.toString());\r\n }\r\n }\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Extracts scope value from the state sent with the authentication request.\r\n * @param {string} state\r\n * @returns {string} scope.\r\n * @ignore\r\n */\r\n static getScopeFromState(state: string): string {\r\n if (state) {\r\n const splitIndex = state.indexOf(Constants.resourceDelimiter);\r\n if (splitIndex > -1 && splitIndex + 1 < state.length) {\r\n return state.substring(splitIndex + 1);\r\n }\r\n }\r\n return \"\";\r\n }\r\n\r\n /**\r\n * @ignore\r\n * Appends extraScopesToConsent if passed\r\n * @param {@link AuthenticationParameters}\r\n */\r\n static appendScopes(reqScopes: Array<string>, reqExtraScopesToConsent: Array<string>): Array<string> {\r\n if (reqScopes) {\r\n const convertedExtraScopes = reqExtraScopesToConsent ? this.trimAndConvertArrayToLowerCase([...reqExtraScopesToConsent]) : null;\r\n const convertedReqScopes = this.trimAndConvertArrayToLowerCase([...reqScopes]);\r\n return convertedExtraScopes ? [...convertedReqScopes, ...convertedExtraScopes] : convertedReqScopes;\r\n }\r\n return null;\r\n }\r\n\r\n // #endregion\r\n\r\n /**\r\n * @ignore\r\n * Returns true if the scopes array only contains openid and/or profile\r\n */\r\n static onlyContainsOidcScopes(scopes: Array<string>): boolean {\r\n const scopesCount = scopes.length;\r\n let oidcScopesFound = 0;\r\n\r\n if (scopes.indexOf(Constants.openidScope) > -1) {\r\n oidcScopesFound += 1;\r\n }\r\n\r\n if (scopes.indexOf(Constants.profileScope) > -1) {\r\n oidcScopesFound += 1;\r\n }\r\n\r\n return (scopesCount > 0 && scopesCount === oidcScopesFound);\r\n }\r\n\r\n /**\r\n * @ignore\r\n * Returns true if the scopes array only contains openid and/or profile\r\n */\r\n static containsAnyOidcScopes(scopes: Array<string>): boolean {\r\n const containsOpenIdScope = scopes.indexOf(Constants.openidScope) > -1;\r\n const containsProfileScope = scopes.indexOf(Constants.profileScope) > -1;\r\n\r\n return (containsOpenIdScope || containsProfileScope);\r\n }\r\n\r\n /**\r\n * @ignore\r\n * Returns true if the clientId is the only scope in the array\r\n */\r\n static onlyContainsClientId(scopes: Array<String>, clientId: string): boolean {\r\n // Double negation to force false value returned in case scopes is null\r\n return !!scopes && (scopes.indexOf(clientId) > -1 && scopes.length === 1);\r\n }\r\n\r\n /**\r\n * @ignore\r\n * Adds missing OIDC scopes to scopes array without duplication. Since STS requires OIDC scopes for\r\n * all implicit flow requests, 'openid' and 'profile' should always be included in the final request\r\n */\r\n static appendDefaultScopes(scopes: Array<string>): Array<string> {\r\n const extendedScopes = scopes;\r\n if (extendedScopes.indexOf(Constants.openidScope) === -1) {\r\n extendedScopes.push(Constants.openidScope);\r\n }\r\n\r\n if(extendedScopes.indexOf(Constants.profileScope) === -1) {\r\n extendedScopes.push(Constants.profileScope);\r\n }\r\n\r\n return extendedScopes;\r\n }\r\n\r\n /**\r\n * @ignore\r\n * Removes present OIDC scopes from scopes array.\r\n */\r\n static removeDefaultScopes(scopes: Array<string>): Array<string> {\r\n return scopes.filter(scope => {\r\n return (scope !== Constants.openidScope && scope !== Constants.profileScope);\r\n });\r\n }\r\n\r\n /**\r\n * @ignore\r\n * Removes clientId from scopes array if included as only scope. If it's not the only scope, it is treated as a resource scope.\r\n * @param scopes Array<string>: Pre-normalized scopes array\r\n * @param clientId string: The application's clientId that is searched for in the scopes array\r\n */\r\n static translateClientIdIfSingleScope(scopes: Array<string>, clientId: string): Array<string> {\r\n return this.onlyContainsClientId(scopes, clientId) ? Constants.oidcScopes : scopes;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Authority } from \"./authority/Authority\";\r\nimport { CryptoUtils } from \"./utils/CryptoUtils\";\r\nimport { AuthenticationParameters } from \"./AuthenticationParameters\";\r\nimport { StringDict } from \"./MsalTypes\";\r\nimport { Account } from \"./Account\";\r\nimport { SSOTypes, Constants, PromptState, ResponseTypes } from \"./utils/Constants\";\r\nimport { StringUtils } from \"./utils/StringUtils\";\r\nimport { ScopeSet } from \"./ScopeSet\";\r\nimport { version as libraryVersion } from \"./packageMetadata\";\r\n\r\n/**\r\n * Nonce: OIDC Nonce definition: https://openid.net/specs/openid-connect-core-1_0.html#IDToken\r\n * State: OAuth Spec: https://tools.ietf.org/html/rfc6749#section-10.12\r\n * @hidden\r\n */\r\nexport class ServerRequestParameters {\r\n\r\n authorityInstance: Authority;\r\n clientId: string;\r\n scopes: Array<string>;\r\n\r\n nonce: string;\r\n state: string;\r\n\r\n // telemetry information\r\n xClientVer: string;\r\n xClientSku: string;\r\n correlationId: string;\r\n\r\n responseType: string;\r\n redirectUri: string;\r\n\r\n promptValue: string;\r\n claimsValue: string;\r\n\r\n queryParameters: string;\r\n extraQueryParameters: string;\r\n\r\n public get authority(): string {\r\n return this.authorityInstance ? this.authorityInstance.CanonicalAuthority : null;\r\n }\r\n\r\n /**\r\n * Constructor\r\n * @param authority\r\n * @param clientId\r\n * @param scope\r\n * @param responseType\r\n * @param redirectUri\r\n * @param state\r\n */\r\n constructor (authority: Authority, clientId: string, responseType: string, redirectUri: string, scopes: Array<string>, state: string, correlationId: string) {\r\n this.authorityInstance = authority;\r\n this.clientId = clientId;\r\n this.nonce = CryptoUtils.createNewGuid();\r\n\r\n // set scope to clientId if null\r\n this.scopes = scopes ? [ ...scopes] : Constants.oidcScopes;\r\n this.scopes = ScopeSet.trimScopes(this.scopes);\r\n\r\n // set state (already set at top level)\r\n this.state = state;\r\n\r\n // set correlationId\r\n this.correlationId = correlationId;\r\n\r\n // telemetry information\r\n this.xClientSku = \"MSAL.JS\";\r\n this.xClientVer = libraryVersion;\r\n\r\n this.responseType = responseType;\r\n this.redirectUri = redirectUri;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * Utility to populate QueryParameters and ExtraQueryParameters to ServerRequestParamerers\r\n * @param request\r\n * @param serverAuthenticationRequest\r\n */\r\n populateQueryParams(account: Account, request: AuthenticationParameters|null, adalIdTokenObject?: object, silentCall?: boolean): void {\r\n let queryParameters: StringDict = {};\r\n\r\n if (request) {\r\n // add the prompt parameter to serverRequestParameters if passed\r\n if (request.prompt) {\r\n this.promptValue = request.prompt;\r\n }\r\n\r\n // Add claims challenge to serverRequestParameters if passed\r\n if (request.claimsRequest) {\r\n this.claimsValue = request.claimsRequest;\r\n }\r\n\r\n // if the developer provides one of these, give preference to developer choice\r\n if (ServerRequestParameters.isSSOParam(request)) {\r\n queryParameters = this.constructUnifiedCacheQueryParameter(request, null);\r\n }\r\n }\r\n\r\n if (adalIdTokenObject) {\r\n queryParameters = this.constructUnifiedCacheQueryParameter(null, adalIdTokenObject);\r\n }\r\n\r\n /*\r\n * adds sid/login_hint if not populated\r\n * this.logger.verbose(\"Calling addHint parameters\");\r\n */\r\n queryParameters = this.addHintParameters(account, queryParameters);\r\n\r\n // sanity check for developer passed extraQueryParameters\r\n const eQParams: StringDict|null = request ? request.extraQueryParameters : null;\r\n\r\n // Populate the extraQueryParameters to be sent to the server\r\n this.queryParameters = ServerRequestParameters.generateQueryParametersString(queryParameters);\r\n this.extraQueryParameters = ServerRequestParameters.generateQueryParametersString(eQParams, silentCall);\r\n }\r\n\r\n // #region QueryParam helpers\r\n\r\n /**\r\n * Constructs extraQueryParameters to be sent to the server for the AuthenticationParameters set by the developer\r\n * in any login() or acquireToken() calls\r\n * @param idTokenObject\r\n * @param extraQueryParameters\r\n * @param sid\r\n * @param loginHint\r\n */\r\n // TODO: check how this behaves when domain_hint only is sent in extraparameters and idToken has no upn.\r\n private constructUnifiedCacheQueryParameter(request: AuthenticationParameters, idTokenObject: object): StringDict {\r\n\r\n // preference order: account > sid > login_hint\r\n let ssoType;\r\n let ssoData;\r\n let serverReqParam: StringDict = {};\r\n // if account info is passed, account.sid > account.login_hint\r\n if (request) {\r\n if (request.account) {\r\n const account: Account = request.account;\r\n if (account.sid) {\r\n ssoType = SSOTypes.SID;\r\n ssoData = account.sid;\r\n }\r\n else if (account.userName) {\r\n ssoType = SSOTypes.LOGIN_HINT;\r\n ssoData = account.userName;\r\n }\r\n }\r\n // sid from request\r\n else if (request.sid) {\r\n ssoType = SSOTypes.SID;\r\n ssoData = request.sid;\r\n }\r\n // loginHint from request\r\n else if (request.loginHint) {\r\n ssoType = SSOTypes.LOGIN_HINT;\r\n ssoData = request.loginHint;\r\n }\r\n }\r\n // adalIdToken retrieved from cache\r\n else if (idTokenObject) {\r\n if (idTokenObject.hasOwnProperty(Constants.upn)) {\r\n ssoType = SSOTypes.ID_TOKEN;\r\n ssoData = idTokenObject[\"upn\"];\r\n }\r\n }\r\n\r\n serverReqParam = this.addSSOParameter(ssoType, ssoData);\r\n return serverReqParam;\r\n }\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Adds login_hint to authorization URL which is used to pre-fill the username field of sign in page for the user if known ahead of time\r\n * domain_hint if added skips the email based discovery process of the user - only supported for interactive calls in implicit_flow\r\n * domain_req utid received as part of the clientInfo\r\n * login_req uid received as part of clientInfo\r\n * Also does a sanity check for extraQueryParameters passed by the user to ensure no repeat queryParameters\r\n *\r\n * @param {@link Account} account - Account for which the token is requested\r\n * @param queryparams\r\n * @param {@link ServerRequestParameters}\r\n * @ignore\r\n */\r\n private addHintParameters(account: Account, params: StringDict): StringDict {\r\n /*\r\n * This is a final check for all queryParams added so far; preference order: sid > login_hint\r\n * sid cannot be passed along with login_hint or domain_hint, hence we check both are not populated yet in queryParameters\r\n */\r\n let qParams = params;\r\n if (account && !qParams[SSOTypes.SID]) {\r\n // sid - populate only if login_hint is not already populated and the account has sid\r\n const populateSID = !qParams[SSOTypes.LOGIN_HINT] && account.sid && this.promptValue === PromptState.NONE;\r\n if (populateSID) {\r\n qParams = this.addSSOParameter(SSOTypes.SID, account.sid, qParams);\r\n }\r\n // login_hint - account.userName\r\n else {\r\n const populateLoginHint = !qParams[SSOTypes.LOGIN_HINT] && account.userName && !StringUtils.isEmpty(account.userName);\r\n if (populateLoginHint) {\r\n qParams = this.addSSOParameter(SSOTypes.LOGIN_HINT, account.userName, qParams);\r\n }\r\n }\r\n }\r\n\r\n return qParams;\r\n }\r\n\r\n /**\r\n * Add SID to extraQueryParameters\r\n * @param sid\r\n */\r\n private addSSOParameter(ssoType: string, ssoData: string, params?: StringDict): StringDict {\r\n const ssoParam = params || {};\r\n\r\n if (!ssoData) {\r\n return ssoParam;\r\n }\r\n\r\n switch (ssoType) {\r\n case SSOTypes.SID: {\r\n ssoParam[SSOTypes.SID] = ssoData;\r\n break;\r\n }\r\n case SSOTypes.ID_TOKEN: {\r\n ssoParam[SSOTypes.LOGIN_HINT] = ssoData;\r\n break;\r\n }\r\n case SSOTypes.LOGIN_HINT: {\r\n ssoParam[SSOTypes.LOGIN_HINT] = ssoData;\r\n break;\r\n }\r\n }\r\n\r\n return ssoParam;\r\n }\r\n\r\n /**\r\n * Utility to generate a QueryParameterString from a Key-Value mapping of extraQueryParameters passed\r\n * @param extraQueryParameters\r\n */\r\n static generateQueryParametersString(queryParameters?: StringDict, silentCall?: boolean): string|null {\r\n let paramsString: string|null = null;\r\n\r\n if (queryParameters) {\r\n Object.keys(queryParameters).forEach((key: string) => {\r\n // sid cannot be passed along with login_hint or domain_hint\r\n if(key === Constants.domain_hint && (silentCall || queryParameters[SSOTypes.SID])) {\r\n return;\r\n }\r\n\r\n if (!paramsString) {\r\n paramsString = `${key}=${encodeURIComponent(queryParameters[key])}`;\r\n }\r\n else {\r\n paramsString += `&${key}=${encodeURIComponent(queryParameters[key])}`;\r\n }\r\n });\r\n }\r\n\r\n return paramsString;\r\n }\r\n // #endregion\r\n\r\n /**\r\n * Check to see if there are SSO params set in the Request\r\n * @param request\r\n */\r\n static isSSOParam(request: AuthenticationParameters): boolean {\r\n return !!(request && (request.account || request.sid || request.loginHint));\r\n }\r\n\r\n /**\r\n * Returns the correct response_type string attribute for an acquireToken request configuration\r\n * @param accountsMatch boolean: Determines whether the account in the request matches the cached account\r\n * @param scopes Array<string>: AuthenticationRequest scopes configuration\r\n * @param loginScopesOnly boolean: True if the scopes array ONLY contains the clientId or any combination of OIDC scopes, without resource scopes\r\n */\r\n static determineResponseType(accountsMatch: boolean, scopes: Array<string>): string {\r\n // Supports getting an id_token by sending in clientId as only scope or OIDC scopes as only scopes\r\n if (ScopeSet.onlyContainsOidcScopes(scopes)) {\r\n return ResponseTypes.id_token;\r\n }\r\n // If accounts match, check if OIDC scopes are included, otherwise return id_token_token\r\n return (accountsMatch) ? this.responseTypeForMatchingAccounts(scopes) : ResponseTypes.id_token_token;\r\n }\r\n\r\n /**\r\n * Returns the correct response_type string attribute for an acquireToken request configuration that contains an\r\n * account that matches the account in the MSAL cache.\r\n * @param scopes Array<string>: AuthenticationRequest scopes configuration\r\n */\r\n private static responseTypeForMatchingAccounts(scopes: Array<string>): string {\r\n // Opt-into also requesting an ID token by sending in 'openid', 'profile' or both along with resource scopes when login is not necessary.\r\n return (ScopeSet.containsAnyOidcScopes(scopes)) ? ResponseTypes.id_token_token : ResponseTypes.token;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AccessTokenCacheItem } from \"./cache/AccessTokenCacheItem\";\r\nimport { AccessTokenKey } from \"./cache/AccessTokenKey\";\r\nimport { AccessTokenValue } from \"./cache/AccessTokenValue\";\r\nimport { ServerRequestParameters } from \"./ServerRequestParameters\";\r\nimport { Authority, AuthorityType } from \"./authority/Authority\";\r\nimport { ClientInfo } from \"./ClientInfo\";\r\nimport { IdToken } from \"./IdToken\";\r\nimport { Logger } from \"./Logger\";\r\nimport { AuthCache } from \"./cache/AuthCache\";\r\nimport { Account } from \"./Account\";\r\nimport { ScopeSet } from \"./ScopeSet\";\r\nimport { StringUtils } from \"./utils/StringUtils\";\r\nimport { WindowUtils } from \"./utils/WindowUtils\";\r\nimport { TokenUtils } from \"./utils/TokenUtils\";\r\nimport { TimeUtils } from \"./utils/TimeUtils\";\r\nimport { UrlUtils } from \"./utils/UrlUtils\";\r\nimport { RequestUtils } from \"./utils/RequestUtils\";\r\nimport { ResponseUtils } from \"./utils/ResponseUtils\";\r\nimport { AuthorityFactory } from \"./authority/AuthorityFactory\";\r\nimport { Configuration, buildConfiguration, TelemetryOptions } from \"./Configuration\";\r\nimport { AuthenticationParameters } from \"./AuthenticationParameters\";\r\nimport { ClientConfigurationError } from \"./error/ClientConfigurationError\";\r\nimport { AuthError } from \"./error/AuthError\";\r\nimport { ClientAuthError, ClientAuthErrorMessage } from \"./error/ClientAuthError\";\r\nimport { ServerError } from \"./error/ServerError\";\r\nimport { InteractionRequiredAuthError } from \"./error/InteractionRequiredAuthError\";\r\nimport { AuthResponse, buildResponseStateOnly } from \"./AuthResponse\";\r\nimport TelemetryManager from \"./telemetry/TelemetryManager\";\r\nimport { TelemetryPlatform, TelemetryConfig } from \"./telemetry/TelemetryTypes\";\r\nimport ApiEvent, { API_EVENT_IDENTIFIER } from \"./telemetry/ApiEvent\";\r\n\r\nimport { Constants,\r\n ServerHashParamKeys,\r\n InteractionType,\r\n ResponseTypes,\r\n TemporaryCacheKeys,\r\n PersistentCacheKeys,\r\n ErrorCacheKeys,\r\n FramePrefix\r\n} from \"./utils/Constants\";\r\nimport { CryptoUtils } from \"./utils/CryptoUtils\";\r\nimport { TrustedAuthority } from \"./authority/TrustedAuthority\";\r\nimport { AuthCacheUtils } from \"./utils/AuthCacheUtils\";\r\n\r\n// default authority\r\nconst DEFAULT_AUTHORITY = \"https://login.microsoftonline.com/common\";\r\n\r\n/**\r\n * Interface to handle iFrame generation, Popup Window creation and redirect handling\r\n */\r\ndeclare global {\r\n // eslint-disable-next-line\r\n interface Window {\r\n msal: Object;\r\n CustomEvent: CustomEvent;\r\n Event: Event;\r\n activeRenewals: {};\r\n renewStates: Array<string>;\r\n callbackMappedToRenewStates : {};\r\n promiseMappedToRenewStates: {};\r\n openedWindows: Array<Window>;\r\n requestType: string;\r\n }\r\n}\r\n\r\n/**\r\n * @hidden\r\n * @ignore\r\n */\r\nexport interface CacheResult {\r\n errorDesc: string;\r\n token: string;\r\n error: string;\r\n}\r\n\r\n/**\r\n * @hidden\r\n * @ignore\r\n * Data type to hold information about state returned from the server\r\n */\r\nexport type ResponseStateInfo = {\r\n state: string;\r\n timestamp: number,\r\n method: string;\r\n stateMatch: boolean;\r\n requestType: string;\r\n};\r\n\r\n/**\r\n * A type alias for an authResponseCallback function.\r\n * {@link (authResponseCallback:type)}\r\n * @param authErr error created for failure cases\r\n * @param response response containing token strings in success cases, or just state value in error cases\r\n */\r\nexport type authResponseCallback = (authErr: AuthError, response?: AuthResponse) => void;\r\n\r\n/**\r\n * A type alias for a tokenReceivedCallback function.\r\n * {@link (tokenReceivedCallback:type)}\r\n * @returns response of type {@link (AuthResponse:type)}\r\n * The function that will get the call back once this API is completed (either successfully or with a failure).\r\n */\r\nexport type tokenReceivedCallback = (response: AuthResponse) => void;\r\n\r\n/**\r\n * A type alias for a errorReceivedCallback function.\r\n * {@link (errorReceivedCallback:type)}\r\n * @returns response of type {@link (AuthError:class)}\r\n * @returns {string} account state\r\n */\r\nexport type errorReceivedCallback = (authErr: AuthError, accountState: string) => void;\r\n\r\n/**\r\n * UserAgentApplication class\r\n *\r\n * Object Instance that the developer can use to make loginXX OR acquireTokenXX functions\r\n */\r\nexport class UserAgentApplication {\r\n\r\n // input Configuration by the developer/user\r\n private config: Configuration;\r\n\r\n // callbacks for token/error\r\n private authResponseCallback: authResponseCallback = null;\r\n private tokenReceivedCallback: tokenReceivedCallback = null;\r\n private errorReceivedCallback: errorReceivedCallback = null;\r\n\r\n // Added for readability as these params are very frequently used\r\n private logger: Logger;\r\n private clientId: string;\r\n private inCookie: boolean;\r\n private telemetryManager: TelemetryManager;\r\n\r\n // Cache and Account info referred across token grant flow\r\n protected cacheStorage: AuthCache;\r\n private account: Account;\r\n\r\n // state variables\r\n private silentAuthenticationState: string;\r\n private silentLogin: boolean;\r\n private redirectResponse: AuthResponse;\r\n private redirectError: AuthError;\r\n\r\n // Authority Functionality\r\n protected authorityInstance: Authority;\r\n\r\n /**\r\n * setter for the authority URL\r\n * @param {string} authority\r\n */\r\n // If the developer passes an authority, create an instance\r\n public set authority(val: string) {\r\n this.authorityInstance = AuthorityFactory.CreateInstance(val, this.config.auth.validateAuthority);\r\n }\r\n\r\n /**\r\n * Method to manage the authority URL.\r\n *\r\n * @returns {string} authority\r\n */\r\n public get authority(): string {\r\n return this.authorityInstance.CanonicalAuthority;\r\n }\r\n\r\n /**\r\n * Get the current authority instance from the MSAL configuration object\r\n *\r\n * @returns {@link Authority} authority instance\r\n */\r\n public getAuthorityInstance(): Authority {\r\n return this.authorityInstance;\r\n }\r\n\r\n /**\r\n * @constructor\r\n * Constructor for the UserAgentApplication used to instantiate the UserAgentApplication object\r\n *\r\n * Important attributes in the Configuration object for auth are:\r\n * - clientID: the application ID of your application.\r\n * You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview\r\n * - authority: the authority URL for your application.\r\n *\r\n * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens.\r\n * It is of the form https://login.microsoftonline.com/<Enter_the_Tenant_Info_Here>.\r\n * If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\r\n * If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\r\n * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\r\n * To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\r\n *\r\n *\r\n * In Azure B2C, authority is of the form https://<instance>/tfp/<tenant>/<policyName>/\r\n *\r\n * @param {@link (Configuration:type)} configuration object for the MSAL UserAgentApplication instance\r\n */\r\n constructor(configuration: Configuration) {\r\n \r\n // Set the Configuration\r\n this.config = buildConfiguration(configuration);\r\n\r\n this.logger = this.config.system.logger;\r\n this.clientId = this.config.auth.clientId;\r\n this.inCookie = this.config.cache.storeAuthStateInCookie;\r\n\r\n this.telemetryManager = this.getTelemetryManagerFromConfig(this.config.system.telemetry, this.clientId);\r\n\r\n TrustedAuthority.setTrustedAuthoritiesFromConfig(this.config.auth.validateAuthority, this.config.auth.knownAuthorities);\r\n AuthorityFactory.saveMetadataFromConfig(this.config.auth.authority, this.config.auth.authorityMetadata);\r\n\r\n // if no authority is passed, set the default: \"https://login.microsoftonline.com/common\"\r\n this.authority = this.config.auth.authority || DEFAULT_AUTHORITY;\r\n // cache keys msal - typescript throws an error if any value other than \"localStorage\" or \"sessionStorage\" is passed\r\n this.cacheStorage = new AuthCache(this.clientId, this.config.cache.cacheLocation, this.inCookie);\r\n\r\n // Initialize window handling code\r\n if (!window.activeRenewals) {\r\n window.activeRenewals = {};\r\n }\r\n if (!window.renewStates) {\r\n window.renewStates = [];\r\n }\r\n if (!window.callbackMappedToRenewStates) {\r\n window.callbackMappedToRenewStates = {};\r\n }\r\n if (!window.promiseMappedToRenewStates) {\r\n window.promiseMappedToRenewStates = {};\r\n }\r\n window.msal = this;\r\n\r\n const urlHash = window.location.hash;\r\n const urlContainsHash = UrlUtils.urlContainsHash(urlHash);\r\n\r\n // check if back button is pressed\r\n WindowUtils.checkIfBackButtonIsPressed(this.cacheStorage);\r\n\r\n // On the server 302 - Redirect, handle this\r\n if (urlContainsHash && this.cacheStorage.isInteractionInProgress(true)) {\r\n const stateInfo = this.getResponseState(urlHash);\r\n if (stateInfo.method === Constants.interactionTypeRedirect) {\r\n this.handleRedirectAuthenticationResponse(urlHash);\r\n }\r\n }\r\n }\r\n\r\n // #region Redirect Callbacks\r\n /**\r\n * @hidden\r\n * @ignore\r\n * Set the callback functions for the redirect flow to send back the success or error object.\r\n * @param {@link (tokenReceivedCallback:type)} successCallback - Callback which contains the AuthResponse object, containing data from the server.\r\n * @param {@link (errorReceivedCallback:type)} errorCallback - Callback which contains a AuthError object, containing error data from either the server\r\n * or the library, depending on the origin of the error.\r\n */\r\n handleRedirectCallback(tokenReceivedCallback: tokenReceivedCallback, errorReceivedCallback: errorReceivedCallback): void;\r\n handleRedirectCallback(authCallback: authResponseCallback): void;\r\n handleRedirectCallback(authOrTokenCallback: authResponseCallback | tokenReceivedCallback, errorReceivedCallback?: errorReceivedCallback): void {\r\n if (!authOrTokenCallback) {\r\n throw ClientConfigurationError.createInvalidCallbackObjectError(authOrTokenCallback);\r\n }\r\n\r\n // Set callbacks\r\n if (errorReceivedCallback) {\r\n this.tokenReceivedCallback = authOrTokenCallback as tokenReceivedCallback;\r\n this.errorReceivedCallback = errorReceivedCallback;\r\n this.logger.warning(\"This overload for callback is deprecated - please change the format of the callbacks to a single callback as shown: (err: AuthError, response: AuthResponse).\");\r\n } else {\r\n this.authResponseCallback = authOrTokenCallback as authResponseCallback;\r\n }\r\n\r\n if (this.redirectError) {\r\n this.authErrorHandler(Constants.interactionTypeRedirect, this.redirectError, this.redirectResponse);\r\n } else if (this.redirectResponse) {\r\n this.authResponseHandler(Constants.interactionTypeRedirect, this.redirectResponse);\r\n }\r\n }\r\n\r\n /**\r\n * Public API to verify if the URL contains the hash with known properties\r\n * @param hash\r\n */\r\n public urlContainsHash(hash: string): boolean {\r\n this.logger.verbose(\"UrlContainsHash has been called\");\r\n return UrlUtils.urlContainsHash(hash);\r\n }\r\n\r\n private authResponseHandler(interactionType: InteractionType, response: AuthResponse, resolve?: Function) : void {\r\n this.logger.verbose(\"AuthResponseHandler has been called\");\r\n\r\n if (interactionType === Constants.interactionTypeRedirect) {\r\n this.logger.verbose(\"Interaction type is redirect\");\r\n if (this.errorReceivedCallback) {\r\n this.logger.verbose(\"Two callbacks were provided to handleRedirectCallback, calling success callback with response\");\r\n this.tokenReceivedCallback(response);\r\n } else if (this.authResponseCallback) {\r\n this.logger.verbose(\"One callback was provided to handleRedirectCallback, calling authResponseCallback with response\");\r\n this.authResponseCallback(null, response);\r\n }\r\n } else if (interactionType === Constants.interactionTypePopup) {\r\n this.logger.verbose(\"Interaction type is popup, resolving\");\r\n resolve(response);\r\n } else {\r\n throw ClientAuthError.createInvalidInteractionTypeError();\r\n }\r\n }\r\n\r\n private authErrorHandler(interactionType: InteractionType, authErr: AuthError, response: AuthResponse, reject?: Function) : void {\r\n this.logger.verbose(\"AuthErrorHandler has been called\");\r\n\r\n // set interaction_status to complete\r\n this.cacheStorage.setInteractionInProgress(false);\r\n if (interactionType === Constants.interactionTypeRedirect) {\r\n this.logger.verbose(\"Interaction type is redirect\");\r\n if (this.errorReceivedCallback) {\r\n this.logger.verbose(\"Two callbacks were provided to handleRedirectCallback, calling error callback\");\r\n this.errorReceivedCallback(authErr, response.accountState);\r\n } else if (this.authResponseCallback) {\r\n this.logger.verbose(\"One callback was provided to handleRedirectCallback, calling authResponseCallback with error\");\r\n this.authResponseCallback(authErr, response);\r\n } else {\r\n this.logger.verbose(\"handleRedirectCallback has not been called and no callbacks are registered, throwing error\");\r\n throw authErr;\r\n }\r\n } else if (interactionType === Constants.interactionTypePopup) {\r\n this.logger.verbose(\"Interaction type is popup, rejecting\");\r\n reject(authErr);\r\n } else {\r\n throw ClientAuthError.createInvalidInteractionTypeError();\r\n }\r\n }\r\n\r\n // #endregion\r\n /**\r\n * Use when initiating the login process by redirecting the user's browser to the authorization endpoint.\r\n * @param {@link (AuthenticationParameters:type)}\r\n */\r\n loginRedirect(userRequest?: AuthenticationParameters): void {\r\n this.logger.verbose(\"LoginRedirect has been called\");\r\n\r\n // validate request\r\n const request: AuthenticationParameters = RequestUtils.validateRequest(userRequest, true, this.clientId, Constants.interactionTypeRedirect);\r\n this.acquireTokenInteractive(Constants.interactionTypeRedirect, true, request, null, null);\r\n }\r\n\r\n /**\r\n * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint.\r\n * @param {@link (AuthenticationParameters:type)}\r\n *\r\n * To renew idToken, please pass clientId as the only scope in the Authentication Parameters\r\n */\r\n acquireTokenRedirect(userRequest: AuthenticationParameters): void {\r\n this.logger.verbose(\"AcquireTokenRedirect has been called\");\r\n\r\n // validate request\r\n const request: AuthenticationParameters = RequestUtils.validateRequest(userRequest, false, this.clientId, Constants.interactionTypeRedirect);\r\n this.acquireTokenInteractive(Constants.interactionTypeRedirect, false, request, null, null);\r\n }\r\n\r\n /**\r\n * Use when initiating the login process via opening a popup window in the user's browser\r\n *\r\n * @param {@link (AuthenticationParameters:type)}\r\n *\r\n * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object\r\n */\r\n loginPopup(userRequest?: AuthenticationParameters): Promise<AuthResponse> {\r\n this.logger.verbose(\"LoginPopup has been called\");\r\n\r\n // validate request\r\n const request: AuthenticationParameters = RequestUtils.validateRequest(userRequest, true, this.clientId, Constants.interactionTypePopup);\r\n const apiEvent: ApiEvent = this.telemetryManager.createAndStartApiEvent(request.correlationId, API_EVENT_IDENTIFIER.LoginPopup);\r\n\r\n return new Promise<AuthResponse>((resolve, reject) => {\r\n this.acquireTokenInteractive(Constants.interactionTypePopup, true, request, resolve, reject);\r\n })\r\n .then((resp) => {\r\n this.logger.verbose(\"Successfully logged in\");\r\n this.telemetryManager.stopAndFlushApiEvent(request.correlationId, apiEvent, true);\r\n return resp;\r\n })\r\n .catch((error: AuthError) => {\r\n this.cacheStorage.resetTempCacheItems(request.state);\r\n this.telemetryManager.stopAndFlushApiEvent(request.correlationId, apiEvent, false, error.errorCode);\r\n throw error;\r\n });\r\n }\r\n\r\n /**\r\n * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser\r\n * @param {@link AuthenticationParameters}\r\n *\r\n * To renew idToken, please pass clientId as the only scope in the Authentication Parameters\r\n * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object\r\n */\r\n acquireTokenPopup(userRequest: AuthenticationParameters): Promise<AuthResponse> {\r\n this.logger.verbose(\"AcquireTokenPopup has been called\");\r\n\r\n // validate request\r\n const request: AuthenticationParameters = RequestUtils.validateRequest(userRequest, false, this.clientId, Constants.interactionTypePopup);\r\n const apiEvent: ApiEvent = this.telemetryManager.createAndStartApiEvent(request.correlationId, API_EVENT_IDENTIFIER.AcquireTokenPopup);\r\n\r\n return new Promise<AuthResponse>((resolve, reject) => {\r\n this.acquireTokenInteractive(Constants.interactionTypePopup, false, request, resolve, reject);\r\n })\r\n .then((resp) => {\r\n this.logger.verbose(\"Successfully acquired token\");\r\n this.telemetryManager.stopAndFlushApiEvent(request.correlationId, apiEvent, true);\r\n return resp;\r\n })\r\n .catch((error: AuthError) => {\r\n this.cacheStorage.resetTempCacheItems(request.state);\r\n this.telemetryManager.stopAndFlushApiEvent(request.correlationId, apiEvent, false, error.errorCode);\r\n throw error;\r\n });\r\n }\r\n\r\n // #region Acquire Token\r\n\r\n /**\r\n * Use when initiating the login process or when you want to obtain an access_token for your API,\r\n * either by redirecting the user's browser window to the authorization endpoint or via opening a popup window in the user's browser.\r\n * @param {@link (AuthenticationParameters:type)}\r\n *\r\n * To renew idToken, please pass clientId as the only scope in the Authentication Parameters\r\n */\r\n private acquireTokenInteractive(interactionType: InteractionType, isLoginCall: boolean, request: AuthenticationParameters, resolve?: Function, reject?: Function): void {\r\n this.logger.verbose(\"AcquireTokenInteractive has been called\");\r\n\r\n // block the request if made from the hidden iframe\r\n WindowUtils.blockReloadInHiddenIframes();\r\n\r\n const interactionProgress = this.cacheStorage.isInteractionInProgress(false);\r\n if(interactionType === Constants.interactionTypeRedirect) {\r\n this.cacheStorage.setItem(TemporaryCacheKeys.REDIRECT_REQUEST, `${Constants.inProgress}${Constants.resourceDelimiter}${request.state}`);\r\n }\r\n\r\n // If already in progress, do not proceed\r\n if (interactionProgress) {\r\n const thrownError = isLoginCall ? ClientAuthError.createLoginInProgressError() : ClientAuthError.createAcquireTokenInProgressError();\r\n const stateOnlyResponse = buildResponseStateOnly(this.getAccountState(request.state));\r\n this.cacheStorage.resetTempCacheItems(request.state);\r\n this.authErrorHandler(interactionType,\r\n thrownError,\r\n stateOnlyResponse,\r\n reject);\r\n return;\r\n }\r\n\r\n // Get the account object if a session exists\r\n let account: Account;\r\n if (request && request.account && !isLoginCall) {\r\n account = request.account;\r\n this.logger.verbose(\"Account set from request\");\r\n } else {\r\n account = this.getAccount();\r\n this.logger.verbose(\"Account set from MSAL Cache\");\r\n }\r\n\r\n // If no session exists, prompt the user to login.\r\n if (!account && !ServerRequestParameters.isSSOParam(request)) {\r\n if (isLoginCall) {\r\n // extract ADAL id_token if exists\r\n const adalIdToken = this.extractADALIdToken();\r\n\r\n // silent login if ADAL id_token is retrieved successfully - SSO\r\n if (adalIdToken && !request.scopes) {\r\n this.logger.info(\"ADAL's idToken exists. Extracting login information from ADAL's idToken\");\r\n const tokenRequest: AuthenticationParameters = this.buildIDTokenRequest(request);\r\n\r\n this.silentLogin = true;\r\n this.acquireTokenSilent(tokenRequest).then(response => {\r\n this.silentLogin = false;\r\n this.logger.info(\"Unified cache call is successful\");\r\n\r\n this.authResponseHandler(interactionType, response, resolve);\r\n return;\r\n }, (error) => {\r\n this.silentLogin = false;\r\n this.logger.error(\"Error occurred during unified cache ATS: \" + error);\r\n\r\n // proceed to login since ATS failed\r\n this.acquireTokenHelper(null, interactionType, isLoginCall, request, resolve, reject);\r\n });\r\n }\r\n // No ADAL token found, proceed to login\r\n else {\r\n this.logger.verbose(\"Login call but no token found, proceed to login\");\r\n this.acquireTokenHelper(null, interactionType, isLoginCall, request, resolve, reject);\r\n }\r\n }\r\n // AcquireToken call, but no account or context given, so throw error\r\n else {\r\n this.logger.verbose(\"AcquireToken call, no context or account given\");\r\n this.logger.info(\"User login is required\");\r\n const stateOnlyResponse = buildResponseStateOnly(this.getAccountState(request.state));\r\n this.cacheStorage.resetTempCacheItems(request.state);\r\n this.authErrorHandler(interactionType,\r\n ClientAuthError.createUserLoginRequiredError(),\r\n stateOnlyResponse,\r\n reject);\r\n return;\r\n }\r\n }\r\n // User session exists\r\n else {\r\n this.logger.verbose(\"User session exists, login not required\");\r\n this.acquireTokenHelper(account, interactionType, isLoginCall, request, resolve, reject);\r\n }\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n * Helper function to acquireToken\r\n *\r\n */\r\n private async acquireTokenHelper(account: Account, interactionType: InteractionType, isLoginCall: boolean, request: AuthenticationParameters, resolve?: Function, reject?: Function): Promise<void> {\r\n this.logger.verbose(\"AcquireTokenHelper has been called\");\r\n this.logger.verbose(`Interaction type: ${interactionType}. isLoginCall: ${isLoginCall}`);\r\n\r\n // Track the acquireToken progress\r\n this.cacheStorage.setInteractionInProgress(true);\r\n const requestSignature = request.scopes ? request.scopes.join(\" \").toLowerCase() : Constants.oidcScopes.join(\" \");\r\n this.logger.verbosePii(`Request signature: ${requestSignature}`);\r\n\r\n let serverAuthenticationRequest: ServerRequestParameters;\r\n const acquireTokenAuthority = (request && request.authority) ? AuthorityFactory.CreateInstance(request.authority, this.config.auth.validateAuthority, request.authorityMetadata) : this.authorityInstance;\r\n let popUpWindow: Window;\r\n\r\n try {\r\n if (!acquireTokenAuthority.hasCachedMetadata()) {\r\n this.logger.verbose(\"No cached metadata for authority\");\r\n await AuthorityFactory.saveMetadataFromNetwork(acquireTokenAuthority, this.telemetryManager, request.correlationId);\r\n } else {\r\n this.logger.verbose(\"Cached metadata found for authority\");\r\n }\r\n\r\n // On Fulfillment\r\n const responseType: string = isLoginCall ? ResponseTypes.id_token : this.getTokenType(account, request.scopes);\r\n\r\n const loginStartPage = request.redirectStartPage || window.location.href;\r\n\r\n serverAuthenticationRequest = new ServerRequestParameters(\r\n acquireTokenAuthority,\r\n this.clientId,\r\n responseType,\r\n this.getRedirectUri(request && request.redirectUri),\r\n request.scopes,\r\n request.state,\r\n request.correlationId\r\n );\r\n this.logger.verbose(\"Finished building server authentication request\");\r\n\r\n this.updateCacheEntries(serverAuthenticationRequest, account, isLoginCall, loginStartPage);\r\n this.logger.verbose(\"Updating cache entries\");\r\n\r\n // populate QueryParameters (sid/login_hint) and any other extraQueryParameters set by the developer\r\n serverAuthenticationRequest.populateQueryParams(account, request);\r\n this.logger.verbose(\"Query parameters populated from account\");\r\n\r\n // Construct urlNavigate\r\n const urlNavigate = UrlUtils.createNavigateUrl(serverAuthenticationRequest) + Constants.response_mode_fragment;\r\n // set state in cache\r\n if (interactionType === Constants.interactionTypeRedirect) {\r\n if (!isLoginCall) {\r\n this.cacheStorage.setItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.STATE_ACQ_TOKEN, request.state), serverAuthenticationRequest.state, this.inCookie);\r\n this.logger.verbose(\"State cached for redirect\");\r\n this.logger.verbosePii(`State cached: ${serverAuthenticationRequest.state}`);\r\n } else {\r\n this.logger.verbose(\"Interaction type redirect but login call is true. State not cached\");\r\n }\r\n } else if (interactionType === Constants.interactionTypePopup) {\r\n window.renewStates.push(serverAuthenticationRequest.state);\r\n window.requestType = isLoginCall ? Constants.login : Constants.renewToken;\r\n this.logger.verbose(\"State saved to window\");\r\n this.logger.verbosePii(`State saved: ${serverAuthenticationRequest.state}`);\r\n\r\n // Register callback to capture results from server\r\n this.registerCallback(serverAuthenticationRequest.state, requestSignature, resolve, reject);\r\n } else {\r\n this.logger.verbose(\"Invalid interaction error. State not cached\");\r\n throw ClientAuthError.createInvalidInteractionTypeError();\r\n }\r\n\r\n if (interactionType === Constants.interactionTypePopup) {\r\n this.logger.verbose(\"Interaction type is popup. Generating popup window\");\r\n // Generate a popup window\r\n try {\r\n popUpWindow = this.openPopup(urlNavigate, \"msal\", Constants.popUpWidth, Constants.popUpHeight);\r\n \r\n // Push popup window handle onto stack for tracking\r\n WindowUtils.trackPopup(popUpWindow);\r\n } catch (e) {\r\n this.logger.info(ClientAuthErrorMessage.popUpWindowError.code + \":\" + ClientAuthErrorMessage.popUpWindowError.desc);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR, ClientAuthErrorMessage.popUpWindowError.code);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR_DESC, ClientAuthErrorMessage.popUpWindowError.desc);\r\n if (reject) {\r\n reject(ClientAuthError.createPopupWindowError());\r\n return;\r\n }\r\n }\r\n \r\n // popUpWindow will be null for redirects, so we dont need to attempt to monitor the window\r\n if (popUpWindow) {\r\n try {\r\n const hash = await WindowUtils.monitorPopupForHash(popUpWindow, this.config.system.loadFrameTimeout, urlNavigate, this.logger);\r\n\r\n this.handleAuthenticationResponse(hash);\r\n\r\n // Request completed successfully, set to completed\r\n this.cacheStorage.setInteractionInProgress(false);\r\n this.logger.info(\"Closing popup window\");\r\n\r\n // TODO: Check how this can be extracted for any framework specific code?\r\n if (this.config.framework.isAngular) {\r\n this.broadcast(\"msal:popUpHashChanged\", hash);\r\n }\r\n \r\n WindowUtils.closePopups();\r\n } catch (error) {\r\n if (reject) {\r\n reject(error);\r\n }\r\n\r\n if (this.config.framework.isAngular) {\r\n this.broadcast(\"msal:popUpClosed\", error.errorCode + Constants.resourceDelimiter + error.errorMessage);\r\n } else {\r\n // Request failed, set to canceled\r\n this.cacheStorage.setInteractionInProgress(false);\r\n popUpWindow.close();\r\n }\r\n }\r\n }\r\n } else {\r\n // If onRedirectNavigate is implemented, invoke it and provide urlNavigate\r\n if (request.onRedirectNavigate) {\r\n this.logger.verbose(\"Invoking onRedirectNavigate callback\");\r\n\r\n const navigate = request.onRedirectNavigate(urlNavigate);\r\n\r\n // Returning false from onRedirectNavigate will stop navigation\r\n if (navigate !== false) {\r\n this.logger.verbose(\"onRedirectNavigate did not return false, navigating\");\r\n this.navigateWindow(urlNavigate);\r\n } else {\r\n this.logger.verbose(\"onRedirectNavigate returned false, stopping navigation\");\r\n }\r\n } else {\r\n // Otherwise, perform navigation\r\n this.logger.verbose(\"Navigating window to urlNavigate\");\r\n this.navigateWindow(urlNavigate);\r\n }\r\n }\r\n } catch (err) {\r\n this.logger.error(err);\r\n this.cacheStorage.resetTempCacheItems(request.state);\r\n this.authErrorHandler(interactionType, ClientAuthError.createEndpointResolutionError(err.toString), buildResponseStateOnly(request.state), reject);\r\n if (popUpWindow) {\r\n popUpWindow.close();\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * API interfacing idToken request when applications already have a session/hint acquired by authorization client applications\r\n * @param request\r\n */\r\n ssoSilent(request: AuthenticationParameters): Promise<AuthResponse> {\r\n this.logger.verbose(\"ssoSilent has been called\");\r\n \r\n // throw an error on an empty request\r\n if (!request) {\r\n throw ClientConfigurationError.createEmptyRequestError();\r\n }\r\n\r\n // throw an error on no hints passed\r\n if (!request.sid && !request.loginHint) {\r\n throw ClientConfigurationError.createSsoSilentError();\r\n }\r\n\r\n return this.acquireTokenSilent({\r\n ...request,\r\n scopes: Constants.oidcScopes\r\n });\r\n }\r\n\r\n /**\r\n * Use this function to obtain a token before every call to the API / resource provider\r\n *\r\n * MSAL return's a cached token when available\r\n * Or it send's a request to the STS to obtain a new token using a hidden iframe.\r\n *\r\n * @param {@link AuthenticationParameters}\r\n *\r\n * To renew idToken, please pass clientId as the only scope in the Authentication Parameters\r\n * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object\r\n *\r\n */\r\n acquireTokenSilent(userRequest: AuthenticationParameters): Promise<AuthResponse> {\r\n this.logger.verbose(\"AcquireTokenSilent has been called\");\r\n\r\n // validate the request\r\n const request = RequestUtils.validateRequest(userRequest, false, this.clientId, Constants.interactionTypeSilent);\r\n const apiEvent: ApiEvent = this.telemetryManager.createAndStartApiEvent(request.correlationId, API_EVENT_IDENTIFIER.AcquireTokenSilent);\r\n const requestSignature = RequestUtils.createRequestSignature(request);\r\n\r\n return new Promise<AuthResponse>(async (resolve, reject) => {\r\n\r\n // block the request if made from the hidden iframe\r\n WindowUtils.blockReloadInHiddenIframes();\r\n\r\n const scope = request.scopes.join(\" \").toLowerCase();\r\n this.logger.verbosePii(`Serialized scopes: ${scope}`);\r\n\r\n // if the developer passes an account, give that account the priority\r\n let account: Account;\r\n if (request.account) {\r\n account = request.account;\r\n this.logger.verbose(\"Account set from request\");\r\n } else {\r\n account = this.getAccount();\r\n this.logger.verbose(\"Account set from MSAL Cache\");\r\n }\r\n\r\n // Extract adalIdToken if stashed in the cache to allow for seamless ADAL to MSAL migration\r\n const adalIdToken = this.cacheStorage.getItem(Constants.adalIdToken);\r\n\r\n // In the event of no account being passed in the config, no session id, and no pre-existing adalIdToken, user will need to log in\r\n if (!account && !(request.sid || request.loginHint) && StringUtils.isEmpty(adalIdToken) ) {\r\n this.logger.info(\"User login is required\");\r\n // The promise rejects with a UserLoginRequiredError, which should be caught and user should be prompted to log in interactively\r\n return reject(ClientAuthError.createUserLoginRequiredError());\r\n }\r\n\r\n // set the response type based on the current cache status / scopes set\r\n const responseType = this.getTokenType(account, request.scopes);\r\n this.logger.verbose(`Response type: ${responseType}`);\r\n\r\n // create a serverAuthenticationRequest populating the `queryParameters` to be sent to the Server\r\n const serverAuthenticationRequest = new ServerRequestParameters(\r\n AuthorityFactory.CreateInstance(request.authority, this.config.auth.validateAuthority, request.authorityMetadata),\r\n this.clientId,\r\n responseType,\r\n this.getRedirectUri(request.redirectUri),\r\n request.scopes,\r\n request.state,\r\n request.correlationId,\r\n );\r\n\r\n this.logger.verbose(\"Finished building server authentication request\");\r\n\r\n // populate QueryParameters (sid/login_hint) and any other extraQueryParameters set by the developer\r\n if (ServerRequestParameters.isSSOParam(request) || account) {\r\n serverAuthenticationRequest.populateQueryParams(account, request, null, true);\r\n this.logger.verbose(\"Query parameters populated from existing SSO or account\");\r\n }\r\n // if user didn't pass login_hint/sid and adal's idtoken is present, extract the login_hint from the adalIdToken\r\n else if (!account && !StringUtils.isEmpty(adalIdToken)) {\r\n // if adalIdToken exists, extract the SSO info from the same\r\n const adalIdTokenObject = TokenUtils.extractIdToken(adalIdToken);\r\n this.logger.verbose(\"ADAL's idToken exists. Extracting login information from ADAL's idToken to populate query parameters\");\r\n serverAuthenticationRequest.populateQueryParams(account, null, adalIdTokenObject, true);\r\n }\r\n else {\r\n this.logger.verbose(\"No additional query parameters added\");\r\n }\r\n\r\n const userContainedClaims = request.claimsRequest || serverAuthenticationRequest.claimsValue;\r\n\r\n let authErr: AuthError;\r\n let cacheResultResponse;\r\n\r\n // If request.forceRefresh is set to true, force a request for a new token instead of getting it from the cache\r\n if (!userContainedClaims && !request.forceRefresh) {\r\n try {\r\n cacheResultResponse = this.getCachedToken(serverAuthenticationRequest, account);\r\n } catch (e) {\r\n authErr = e;\r\n }\r\n }\r\n \r\n // resolve/reject based on cacheResult\r\n if (cacheResultResponse) {\r\n this.logger.verbose(\"Token found in cache lookup\");\r\n this.logger.verbosePii(`Scopes found: ${JSON.stringify(cacheResultResponse.scopes)}`);\r\n resolve(cacheResultResponse);\r\n return null;\r\n }\r\n else if (authErr) {\r\n this.logger.infoPii(authErr.errorCode + \":\" + authErr.errorMessage);\r\n reject(authErr);\r\n return null;\r\n }\r\n // else proceed with login\r\n else {\r\n \r\n let logMessage;\r\n if (userContainedClaims) {\r\n logMessage = \"Skipped cache lookup since claims were given\";\r\n } else if (request.forceRefresh) {\r\n logMessage = \"Skipped cache lookup since request.forceRefresh option was set to true\";\r\n } else {\r\n logMessage = \"No valid token found in cache lookup\";\r\n }\r\n this.logger.verbose(logMessage);\r\n \r\n // Cache result can return null if cache is empty. In that case, set authority to default value if no authority is passed to the API.\r\n if (!serverAuthenticationRequest.authorityInstance) {\r\n serverAuthenticationRequest.authorityInstance = request.authority ? \r\n AuthorityFactory.CreateInstance(request.authority, this.config.auth.validateAuthority, request.authorityMetadata)\r\n : this.authorityInstance;\r\n } \r\n this.logger.verbosePii(`Authority instance: ${serverAuthenticationRequest.authority}`);\r\n \r\n try {\r\n if (!serverAuthenticationRequest.authorityInstance.hasCachedMetadata()) {\r\n this.logger.verbose(\"No cached metadata for authority\");\r\n await AuthorityFactory.saveMetadataFromNetwork(serverAuthenticationRequest.authorityInstance, this.telemetryManager, request.correlationId);\r\n this.logger.verbose(\"Authority has been updated with endpoint discovery response\");\r\n } else {\r\n this.logger.verbose(\"Cached metadata found for authority\");\r\n }\r\n\r\n /*\r\n * refresh attempt with iframe\r\n * Already renewing for this scope, callback when we get the token.\r\n */\r\n if (window.activeRenewals[requestSignature]) {\r\n this.logger.verbose(\"Renewing token in progress. Registering callback\");\r\n // Active renewals contains the state for each renewal.\r\n this.registerCallback(window.activeRenewals[requestSignature], requestSignature, resolve, reject);\r\n }\r\n else {\r\n if (request.scopes && ScopeSet.onlyContainsOidcScopes(request.scopes)) {\r\n /*\r\n * App uses idToken to send to api endpoints\r\n * Default scope is tracked as OIDC scopes to store this token\r\n */\r\n this.logger.verbose(\"OpenID Connect scopes only, renewing idToken\");\r\n this.silentLogin = true;\r\n this.renewIdToken(requestSignature, resolve, reject, account, serverAuthenticationRequest);\r\n } else {\r\n // renew access token\r\n this.logger.verbose(\"Renewing access token\");\r\n this.renewToken(requestSignature, resolve, reject, account, serverAuthenticationRequest);\r\n }\r\n }\r\n } catch (err) {\r\n this.logger.error(err);\r\n reject(ClientAuthError.createEndpointResolutionError(err.toString()));\r\n return null;\r\n }\r\n }\r\n })\r\n .then(res => {\r\n this.logger.verbose(\"Successfully acquired token\");\r\n this.telemetryManager.stopAndFlushApiEvent(request.correlationId, apiEvent, true);\r\n return res;\r\n })\r\n .catch((error: AuthError) => {\r\n this.cacheStorage.resetTempCacheItems(request.state);\r\n this.telemetryManager.stopAndFlushApiEvent(request.correlationId, apiEvent, false, error.errorCode);\r\n throw error;\r\n });\r\n }\r\n\r\n // #endregion\r\n\r\n // #region Popup Window Creation\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Configures popup window for login.\r\n *\r\n * @param urlNavigate\r\n * @param title\r\n * @param popUpWidth\r\n * @param popUpHeight\r\n * @ignore\r\n * @hidden\r\n */\r\n private openPopup(urlNavigate: string, title: string, popUpWidth: number, popUpHeight: number) {\r\n this.logger.verbose(\"OpenPopup has been called\");\r\n try {\r\n /**\r\n * adding winLeft and winTop to account for dual monitor\r\n * using screenLeft and screenTop for IE8 and earlier\r\n */\r\n const winLeft = window.screenLeft ? window.screenLeft : window.screenX;\r\n const winTop = window.screenTop ? window.screenTop : window.screenY;\r\n /**\r\n * window.innerWidth displays browser window\"s height and width excluding toolbars\r\n * using document.documentElement.clientWidth for IE8 and earlier\r\n */\r\n const width = window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth;\r\n const height = window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight;\r\n const left = ((width / 2) - (popUpWidth / 2)) + winLeft;\r\n const top = ((height / 2) - (popUpHeight / 2)) + winTop;\r\n\r\n // open the window\r\n const popupWindow = window.open(urlNavigate, title, \"width=\" + popUpWidth + \", height=\" + popUpHeight + \", top=\" + top + \", left=\" + left + \", scrollbars=yes\");\r\n if (!popupWindow) {\r\n throw ClientAuthError.createPopupWindowError();\r\n }\r\n if (popupWindow.focus) {\r\n popupWindow.focus();\r\n }\r\n\r\n return popupWindow;\r\n } catch (e) {\r\n this.cacheStorage.setInteractionInProgress(false);\r\n throw ClientAuthError.createPopupWindowError(e.toString());\r\n }\r\n }\r\n\r\n // #endregion\r\n\r\n // #region Iframe Management\r\n\r\n /**\r\n * @hidden\r\n * Calling _loadFrame but with a timeout to signal failure in loadframeStatus. Callbacks are left.\r\n * registered when network errors occur and subsequent token requests for same resource are registered to the pending request.\r\n * @ignore\r\n */\r\n private async loadIframeTimeout(urlNavigate: string, frameName: string, requestSignature: string): Promise<void> {\r\n // set iframe session to pending\r\n const expectedState = window.activeRenewals[requestSignature];\r\n this.logger.verbosePii(\"Set loading state to pending for: \" + requestSignature + \":\" + expectedState);\r\n this.cacheStorage.setItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.RENEW_STATUS, expectedState), Constants.inProgress);\r\n\r\n // render the iframe synchronously if app chooses no timeout, else wait for the set timer to expire\r\n const iframe: HTMLIFrameElement = this.config.system.navigateFrameWait ?\r\n await WindowUtils.loadFrame(urlNavigate, frameName, this.config.system.navigateFrameWait, this.logger):\r\n WindowUtils.loadFrameSync(urlNavigate, frameName, this.logger);\r\n\r\n try {\r\n const hash = await WindowUtils.monitorIframeForHash(iframe.contentWindow, this.config.system.loadFrameTimeout, urlNavigate, this.logger);\r\n\r\n if (hash) {\r\n this.handleAuthenticationResponse(hash);\r\n }\r\n } catch (error) {\r\n if (this.cacheStorage.getItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.RENEW_STATUS, expectedState)) === Constants.inProgress) {\r\n // fail the iframe session if it's in pending state\r\n this.logger.verbose(\"Loading frame has timed out after: \" + (this.config.system.loadFrameTimeout / 1000) + \" seconds for scope/authority \" + requestSignature + \":\" + expectedState);\r\n // Error after timeout\r\n if (expectedState && window.callbackMappedToRenewStates[expectedState]) {\r\n window.callbackMappedToRenewStates[expectedState](null, error);\r\n }\r\n\r\n this.cacheStorage.removeItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.RENEW_STATUS, expectedState));\r\n }\r\n WindowUtils.removeHiddenIframe(iframe);\r\n throw error;\r\n }\r\n WindowUtils.removeHiddenIframe(iframe);\r\n }\r\n\r\n // #endregion\r\n\r\n // #region General Helpers\r\n\r\n /**\r\n * @hidden\r\n * Used to redirect the browser to the STS authorization endpoint\r\n * @param {string} urlNavigate - URL of the authorization endpoint\r\n */\r\n private navigateWindow(urlNavigate: string, popupWindow?: Window) {\r\n // Navigate if valid URL\r\n if (urlNavigate && !StringUtils.isEmpty(urlNavigate)) {\r\n const navigateWindow: Window = popupWindow ? popupWindow : window;\r\n const logMessage: string = popupWindow ? \"Navigated Popup window to:\" + urlNavigate : \"Navigate to:\" + urlNavigate;\r\n this.logger.infoPii(logMessage);\r\n navigateWindow.location.assign(urlNavigate);\r\n }\r\n else {\r\n this.logger.info(\"Navigate url is empty\");\r\n throw AuthError.createUnexpectedError(\"Navigate url is empty\");\r\n }\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Used to add the developer requested callback to the array of callbacks for the specified scopes. The updated array is stored on the window object\r\n * @param {string} expectedState - Unique state identifier (guid).\r\n * @param {string} scope - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.\r\n * @param {Function} resolve - The resolve function of the promise object.\r\n * @param {Function} reject - The reject function of the promise object.\r\n * @ignore\r\n */\r\n private registerCallback(expectedState: string, requestSignature: string, resolve: Function, reject: Function): void {\r\n // track active renewals\r\n window.activeRenewals[requestSignature] = expectedState;\r\n\r\n // initialize callbacks mapped array\r\n if (!window.promiseMappedToRenewStates[expectedState]) {\r\n window.promiseMappedToRenewStates[expectedState] = [];\r\n }\r\n // indexing on the current state, push the callback params to callbacks mapped\r\n window.promiseMappedToRenewStates[expectedState].push({ resolve: resolve, reject: reject });\r\n\r\n // Store the server response in the current window??\r\n if (!window.callbackMappedToRenewStates[expectedState]) {\r\n window.callbackMappedToRenewStates[expectedState] = (response: AuthResponse, error: AuthError) => {\r\n // reset active renewals\r\n delete window.activeRenewals[requestSignature];\r\n\r\n // for all promiseMappedtoRenewStates for a given 'state' - call the reject/resolve with error/token respectively\r\n for (let i = 0; i < window.promiseMappedToRenewStates[expectedState].length; ++i) {\r\n try {\r\n if (error) {\r\n window.promiseMappedToRenewStates[expectedState][i].reject(error);\r\n } else if (response) {\r\n window.promiseMappedToRenewStates[expectedState][i].resolve(response);\r\n } else {\r\n this.cacheStorage.resetTempCacheItems(expectedState);\r\n throw AuthError.createUnexpectedError(\"Error and response are both null\");\r\n }\r\n } catch (e) {\r\n this.logger.warning(e);\r\n }\r\n }\r\n\r\n // reset\r\n delete window.promiseMappedToRenewStates[expectedState];\r\n delete window.callbackMappedToRenewStates[expectedState];\r\n };\r\n }\r\n }\r\n\r\n // #endregion\r\n\r\n // #region Logout\r\n\r\n /**\r\n * Use to log out the current user, and redirect the user to the postLogoutRedirectUri.\r\n * Default behaviour is to redirect the user to `window.location.href`.\r\n */\r\n logout(correlationId?: string): void {\r\n this.logger.verbose(\"Logout has been called\");\r\n this.logoutAsync(correlationId);\r\n }\r\n\r\n /**\r\n * Async version of logout(). Use to log out the current user.\r\n * @param correlationId Request correlationId\r\n */\r\n private async logoutAsync(correlationId?: string): Promise<void> {\r\n const requestCorrelationId = correlationId || CryptoUtils.createNewGuid();\r\n const apiEvent = this.telemetryManager.createAndStartApiEvent(requestCorrelationId, API_EVENT_IDENTIFIER.Logout);\r\n\r\n this.clearCache();\r\n this.account = null;\r\n\r\n try {\r\n if (!this.authorityInstance.hasCachedMetadata()) {\r\n this.logger.verbose(\"No cached metadata for authority\");\r\n await AuthorityFactory.saveMetadataFromNetwork(this.authorityInstance, this.telemetryManager, correlationId);\r\n } else {\r\n this.logger.verbose(\"Cached metadata found for authority\");\r\n }\r\n\r\n const correlationIdParam = `client-request-id=${requestCorrelationId}`;\r\n\r\n let postLogoutQueryParam: string;\r\n if (this.getPostLogoutRedirectUri()) {\r\n postLogoutQueryParam = `&post_logout_redirect_uri=${encodeURIComponent(this.getPostLogoutRedirectUri())}`;\r\n this.logger.verbose(\"redirectUri found and set\");\r\n } else {\r\n postLogoutQueryParam = \"\";\r\n this.logger.verbose(\"No redirectUri set for app. postLogoutQueryParam is empty\");\r\n }\r\n\r\n let urlNavigate: string;\r\n if (this.authorityInstance.EndSessionEndpoint) {\r\n urlNavigate = `${this.authorityInstance.EndSessionEndpoint}?${correlationIdParam}${postLogoutQueryParam}`;\r\n this.logger.verbose(\"EndSessionEndpoint found and urlNavigate set\");\r\n this.logger.verbosePii(`urlNavigate set to: ${this.authorityInstance.EndSessionEndpoint}`);\r\n } else {\r\n urlNavigate = `${this.authority}oauth2/v2.0/logout?${correlationIdParam}${postLogoutQueryParam}`;\r\n this.logger.verbose(\"No endpoint, urlNavigate set to default\");\r\n }\r\n\r\n this.telemetryManager.stopAndFlushApiEvent(requestCorrelationId, apiEvent, true);\r\n\r\n this.logger.verbose(\"Navigating window to urlNavigate\");\r\n this.navigateWindow(urlNavigate);\r\n } catch (error) {\r\n this.telemetryManager.stopAndFlushApiEvent(requestCorrelationId, apiEvent, false, error.errorCode);\r\n }\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Clear all access tokens and ID tokens in the cache.\r\n * @ignore\r\n */\r\n protected clearCache(): void {\r\n this.logger.verbose(\"Clearing cache\");\r\n window.renewStates = [];\r\n const tokenCacheItems = this.cacheStorage.getAllTokens(Constants.clientId, Constants.homeAccountIdentifier);\r\n for (let i = 0; i < tokenCacheItems.length; i++) {\r\n this.cacheStorage.removeItem(JSON.stringify(tokenCacheItems[i].key));\r\n }\r\n this.cacheStorage.resetCacheItems();\r\n this.cacheStorage.clearMsalCookie();\r\n this.logger.verbose(\"Cache cleared\");\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Clear a given access token from the cache.\r\n *\r\n * @param accessToken\r\n */\r\n protected clearCacheForScope(accessToken: string): void {\r\n this.logger.verbose(\"Clearing access token from cache\");\r\n const accessTokenItems = this.cacheStorage.getAllAccessTokens(Constants.clientId, Constants.homeAccountIdentifier);\r\n for (let i = 0; i < accessTokenItems.length; i++) {\r\n const token = accessTokenItems[i];\r\n if (token.value.accessToken === accessToken) {\r\n this.cacheStorage.removeItem(JSON.stringify(token.key));\r\n this.logger.verbosePii(`Access token removed: ${token.key}`);\r\n }\r\n }\r\n }\r\n\r\n // #endregion\r\n\r\n // #region Response\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n * Checks if the redirect response is received from the STS. In case of redirect, the url fragment has either id_token, access_token or error.\r\n * @param {string} hash - Hash passed from redirect page.\r\n * @returns {Boolean} - true if response contains id_token, access_token or error, false otherwise.\r\n */\r\n isCallback(hash: string): boolean {\r\n this.logger.info(\"isCallback will be deprecated in favor of urlContainsHash in MSAL.js v2.0.\");\r\n this.logger.verbose(\"isCallback has been called\");\r\n return UrlUtils.urlContainsHash(hash);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Used to call the constructor callback with the token/error\r\n * @param {string} [hash=window.location.hash] - Hash fragment of Url.\r\n */\r\n private processCallBack(hash: string, respStateInfo: ResponseStateInfo, parentCallback?: Function): void {\r\n this.logger.info(\"ProcessCallBack has been called. Processing callback from redirect response\");\r\n\r\n // get the state info from the hash\r\n let stateInfo = respStateInfo;\r\n if (!stateInfo) {\r\n this.logger.verbose(\"StateInfo is null, getting stateInfo from hash\");\r\n stateInfo = this.getResponseState(hash);\r\n }\r\n\r\n let response : AuthResponse;\r\n let authErr : AuthError;\r\n // Save the token info from the hash\r\n try {\r\n response = this.saveTokenFromHash(hash, stateInfo);\r\n } catch (err) {\r\n authErr = err;\r\n }\r\n\r\n try {\r\n // Clear the cookie in the hash\r\n this.cacheStorage.clearMsalCookie(stateInfo.state);\r\n const accountState: string = this.getAccountState(stateInfo.state);\r\n if (response) {\r\n if ((stateInfo.requestType === Constants.renewToken) || response.accessToken) {\r\n if (window.parent !== window) {\r\n this.logger.verbose(\"Window is in iframe, acquiring token silently\");\r\n } else {\r\n this.logger.verbose(\"Acquiring token interactive in progress\");\r\n }\r\n this.logger.verbose(`Response tokenType set to ${ServerHashParamKeys.ACCESS_TOKEN}`);\r\n response.tokenType = ServerHashParamKeys.ACCESS_TOKEN;\r\n }\r\n else if (stateInfo.requestType === Constants.login) {\r\n this.logger.verbose(`Response tokenType set to ${ServerHashParamKeys.ID_TOKEN}`);\r\n response.tokenType = ServerHashParamKeys.ID_TOKEN;\r\n }\r\n if (!parentCallback) {\r\n this.logger.verbose(\"Setting redirectResponse\");\r\n this.redirectResponse = response;\r\n return;\r\n }\r\n } else if (!parentCallback) {\r\n this.logger.verbose(\"Response is null, setting redirectResponse with state\");\r\n this.redirectResponse = buildResponseStateOnly(accountState);\r\n this.redirectError = authErr;\r\n this.cacheStorage.resetTempCacheItems(stateInfo.state);\r\n return;\r\n }\r\n\r\n this.logger.verbose(\"Calling callback provided to processCallback\");\r\n parentCallback(response, authErr);\r\n } catch (err) {\r\n this.logger.error(\"Error occurred in token received callback function: \" + err);\r\n throw ClientAuthError.createErrorInCallbackFunction(err.toString());\r\n }\r\n }\r\n\r\n /**\r\n * @hidden\r\n * This method must be called for processing the response received from the STS if using popups or iframes. It extracts the hash, processes the token or error\r\n * information and saves it in the cache. It then resolves the promises with the result.\r\n * @param {string} [hash=window.location.hash] - Hash fragment of Url.\r\n */\r\n private handleAuthenticationResponse(hash: string): void {\r\n this.logger.verbose(\"HandleAuthenticationResponse has been called\");\r\n\r\n // retrieve the hash\r\n const locationHash = hash || window.location.hash;\r\n\r\n // if (window.parent !== window), by using self, window.parent becomes equal to window in getResponseState method specifically\r\n const stateInfo = this.getResponseState(locationHash);\r\n this.logger.verbose(\"Obtained state from response\");\r\n\r\n const tokenResponseCallback = window.callbackMappedToRenewStates[stateInfo.state];\r\n this.processCallBack(locationHash, stateInfo, tokenResponseCallback);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * This method must be called for processing the response received from the STS when using redirect flows. It extracts the hash, processes the token or error\r\n * information and saves it in the cache. The result can then be accessed by user registered callbacks.\r\n * @param {string} [hash=window.location.hash] - Hash fragment of Url.\r\n */\r\n private handleRedirectAuthenticationResponse(hash: string): void {\r\n this.logger.info(\"Returned from redirect url\");\r\n this.logger.verbose(\"HandleRedirectAuthenticationResponse has been called\");\r\n\r\n // clear hash from window\r\n WindowUtils.clearUrlFragment(window);\r\n this.logger.verbose(\"Window.location.hash cleared\");\r\n\r\n // if (window.parent !== window), by using self, window.parent becomes equal to window in getResponseState method specifically\r\n const stateInfo = this.getResponseState(hash);\r\n \r\n // if set to navigate to loginRequest page post login\r\n if (this.config.auth.navigateToLoginRequestUrl && window.parent === window) {\r\n this.logger.verbose(\"Window.parent is equal to window, not in popup or iframe. Navigation to login request url after login turned on\");\r\n const loginRequestUrl = this.cacheStorage.getItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.LOGIN_REQUEST, stateInfo.state), this.inCookie);\r\n\r\n // Redirect to home page if login request url is null (real null or the string null)\r\n if (!loginRequestUrl || loginRequestUrl === \"null\") {\r\n this.logger.error(\"Unable to get valid login request url from cache, redirecting to home page\");\r\n window.location.assign(\"/\");\r\n return;\r\n } else {\r\n this.logger.verbose(\"Valid login request url obtained from cache\");\r\n const currentUrl = UrlUtils.removeHashFromUrl(window.location.href);\r\n const finalRedirectUrl = UrlUtils.removeHashFromUrl(loginRequestUrl);\r\n if (currentUrl !== finalRedirectUrl) {\r\n this.logger.verbose(\"Current url is not login request url, navigating\");\r\n this.logger.verbosePii(`CurrentUrl: ${currentUrl}, finalRedirectUrl: ${finalRedirectUrl}`);\r\n window.location.assign(`${finalRedirectUrl}${hash}`);\r\n return;\r\n } else {\r\n this.logger.verbose(\"Current url matches login request url\");\r\n const loginRequestUrlComponents = UrlUtils.GetUrlComponents(loginRequestUrl);\r\n if (loginRequestUrlComponents.Hash){\r\n this.logger.verbose(\"Login request url contains hash, resetting non-msal hash\");\r\n window.location.hash = loginRequestUrlComponents.Hash;\r\n }\r\n }\r\n }\r\n } else if (!this.config.auth.navigateToLoginRequestUrl) {\r\n this.logger.verbose(\"Default navigation to start page after login turned off\");\r\n }\r\n\r\n this.processCallBack(hash, stateInfo, null);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Creates a stateInfo object from the URL fragment and returns it.\r\n * @param {string} hash - Hash passed from redirect page\r\n * @returns {TokenResponse} an object created from the redirect response from AAD comprising of the keys - parameters, requestType, stateMatch, stateResponse and valid.\r\n * @ignore\r\n */\r\n protected getResponseState(hash: string): ResponseStateInfo {\r\n this.logger.verbose(\"GetResponseState has been called\");\r\n\r\n const parameters = UrlUtils.deserializeHash(hash);\r\n let stateResponse: ResponseStateInfo;\r\n if (!parameters) {\r\n throw AuthError.createUnexpectedError(\"Hash was not parsed correctly.\");\r\n }\r\n if (parameters.hasOwnProperty(ServerHashParamKeys.STATE)) {\r\n this.logger.verbose(\"Hash contains state. Creating stateInfo object\");\r\n const parsedState = RequestUtils.parseLibraryState(parameters[\"state\"]);\r\n\r\n stateResponse = {\r\n requestType: Constants.unknown,\r\n state: parameters[\"state\"],\r\n timestamp: parsedState.ts,\r\n method: parsedState.method,\r\n stateMatch: false\r\n };\r\n } else {\r\n throw AuthError.createUnexpectedError(\"Hash does not contain state.\");\r\n }\r\n /*\r\n * async calls can fire iframe and login request at the same time if developer does not use the API as expected\r\n * incoming callback needs to be looked up to find the request type\r\n */\r\n\r\n // loginRedirect\r\n if (stateResponse.state === this.cacheStorage.getItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.STATE_LOGIN, stateResponse.state), this.inCookie) || stateResponse.state === this.silentAuthenticationState) {\r\n this.logger.verbose(\"State matches cached state, setting requestType to login\");\r\n stateResponse.requestType = Constants.login;\r\n stateResponse.stateMatch = true;\r\n return stateResponse;\r\n }\r\n // acquireTokenRedirect\r\n else if (stateResponse.state === this.cacheStorage.getItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.STATE_ACQ_TOKEN, stateResponse.state), this.inCookie)) {\r\n this.logger.verbose(\"State matches cached state, setting requestType to renewToken\");\r\n stateResponse.requestType = Constants.renewToken;\r\n stateResponse.stateMatch = true;\r\n return stateResponse;\r\n }\r\n\r\n // external api requests may have many renewtoken requests for different resource\r\n if (!stateResponse.stateMatch) {\r\n this.logger.verbose(\"State does not match cached state, setting requestType to type from window\");\r\n stateResponse.requestType = window.requestType;\r\n const statesInParentContext = window.renewStates;\r\n for (let i = 0; i < statesInParentContext.length; i++) {\r\n if (statesInParentContext[i] === stateResponse.state) {\r\n this.logger.verbose(\"Matching state found for request\");\r\n stateResponse.stateMatch = true;\r\n break;\r\n }\r\n }\r\n if (!stateResponse.stateMatch) {\r\n this.logger.verbose(\"Matching state not found for request\");\r\n }\r\n }\r\n\r\n return stateResponse;\r\n }\r\n\r\n // #endregion\r\n\r\n // #region Token Processing (Extract to TokenProcessing.ts)\r\n\r\n /**\r\n * @hidden\r\n * Used to get token for the specified set of scopes from the cache\r\n * @param {@link ServerRequestParameters} - Request sent to the STS to obtain an id_token/access_token\r\n * @param {Account} account - Account for which the scopes were requested\r\n */\r\n private getCachedToken(serverAuthenticationRequest: ServerRequestParameters, account: Account): AuthResponse {\r\n this.logger.verbose(\"GetCachedToken has been called\");\r\n const scopes = serverAuthenticationRequest.scopes;\r\n\r\n /**\r\n * Id Token should be returned in every acquireTokenSilent call. The only exception is a response_type = token\r\n * request when a valid ID Token is not present in the cache.\r\n */\r\n const idToken = this.getCachedIdToken(serverAuthenticationRequest, account);\r\n const authResponse = this.getCachedAccessToken(serverAuthenticationRequest, account, scopes);\r\n const accountState = this.getAccountState(serverAuthenticationRequest.state);\r\n return ResponseUtils.buildAuthResponse(idToken, authResponse, serverAuthenticationRequest, account, scopes, accountState);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * \r\n * Uses passed in authority to further filter an array of tokenCacheItems until only the token being searched for remains, then returns that tokenCacheItem.\r\n * This method will throw if authority filtering still yields multiple matching tokens and will return null if not tokens match the authority passed in.\r\n * \r\n * @param authority \r\n * @param tokenCacheItems \r\n * @param request \r\n * @param requestScopes \r\n * @param tokenType \r\n */\r\n private getTokenCacheItemByAuthority(authority: string, tokenCacheItems: Array<AccessTokenCacheItem>, requestScopes: Array<string>, tokenType: string): AccessTokenCacheItem {\r\n let filteredAuthorityItems: Array<AccessTokenCacheItem>;\r\n \r\n if (UrlUtils.isCommonAuthority(authority) || UrlUtils.isOrganizationsAuthority(authority) || UrlUtils.isConsumersAuthority(authority)) {\r\n filteredAuthorityItems = AuthCacheUtils.filterTokenCacheItemsByDomain(tokenCacheItems, UrlUtils.GetUrlComponents(authority).HostNameAndPort);\r\n } else {\r\n filteredAuthorityItems = AuthCacheUtils.filterTokenCacheItemsByAuthority(tokenCacheItems, authority);\r\n }\r\n if (filteredAuthorityItems.length === 1) {\r\n return filteredAuthorityItems[0];\r\n }\r\n else if (filteredAuthorityItems.length > 1) {\r\n this.logger.warning(\"Multiple matching tokens found. Cleaning cache and requesting a new token.\");\r\n filteredAuthorityItems.forEach((accessTokenCacheItem) => {\r\n this.cacheStorage.removeItem(JSON.stringify(accessTokenCacheItem.key));\r\n });\r\n return null;\r\n }\r\n else {\r\n this.logger.verbose(`No matching tokens of type ${tokenType} found`);\r\n return null;\r\n } \r\n }\r\n\r\n /**\r\n * \r\n * @hidden\r\n * \r\n * Searches the token cache for an ID Token that matches the request parameter and returns it as an IdToken object.\r\n * \r\n * @param serverAuthenticationRequest \r\n * @param account \r\n */\r\n private getCachedIdToken(serverAuthenticationRequest: ServerRequestParameters, account: Account): IdToken {\r\n this.logger.verbose(\"Getting all cached tokens of type ID Token\");\r\n const idTokenCacheItems = this.cacheStorage.getAllIdTokens(this.clientId, account ? account.homeAccountIdentifier : null);\r\n const matchAuthority = serverAuthenticationRequest.authority || this.authority;\r\n const idTokenCacheItem = this.getTokenCacheItemByAuthority(matchAuthority, idTokenCacheItems, null, ServerHashParamKeys.ID_TOKEN);\r\n \r\n if (idTokenCacheItem) {\r\n this.logger.verbose(\"Evaluating ID token found\");\r\n const idTokenIsStillValid = this.evaluateTokenExpiration(idTokenCacheItem);\r\n\r\n if (idTokenIsStillValid) {\r\n this.logger.verbose(\"ID token expiration is within offset, using ID token found in cache\");\r\n const idTokenValue = idTokenCacheItem.value;\r\n if (idTokenValue) {\r\n this.logger.verbose(\"ID Token found in cache is valid and unexpired\");\r\n } else {\r\n this.logger.verbose(\"ID Token found in cache is invalid\");\r\n }\r\n \r\n return (idTokenValue) ? new IdToken(idTokenValue.idToken) : null;\r\n } else {\r\n this.logger.verbose(\"Cached ID token is expired, removing from cache\");\r\n this.cacheStorage.removeItem(JSON.stringify(idTokenCacheItem.key));\r\n return null;\r\n }\r\n } else {\r\n this.logger.verbose(\"No tokens found\");\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * \r\n * @hidden\r\n * \r\n * Searches the token cache for an access token that matches the request parameters and returns it as an AuthResponse.\r\n * \r\n * @param serverAuthenticationRequest \r\n * @param account \r\n * @param scopes \r\n */\r\n private getCachedAccessToken(serverAuthenticationRequest: ServerRequestParameters, account: Account, scopes: string[]): AuthResponse {\r\n this.logger.verbose(\"Getting all cached tokens of type Access Token\");\r\n const tokenCacheItems = this.cacheStorage.getAllAccessTokens(this.clientId, account ? account.homeAccountIdentifier : null);\r\n \r\n const scopeFilteredTokenCacheItems = AuthCacheUtils.filterTokenCacheItemsByScope(tokenCacheItems, scopes);\r\n const matchAuthority = serverAuthenticationRequest.authority || this.authority;\r\n // serverAuthenticationRequest.authority can only be common or organizations if not null\r\n const accessTokenCacheItem = this.getTokenCacheItemByAuthority(matchAuthority, scopeFilteredTokenCacheItems, scopes, ServerHashParamKeys.ACCESS_TOKEN);\r\n \r\n if (!accessTokenCacheItem) {\r\n this.logger.verbose(\"No matching token found when filtering by scope and authority\");\r\n return null;\r\n } else {\r\n serverAuthenticationRequest.authorityInstance = AuthorityFactory.CreateInstance(accessTokenCacheItem.key.authority, this.config.auth.validateAuthority);\r\n this.logger.verbose(\"Evaluating access token found\");\r\n const tokenIsStillValid = this.evaluateTokenExpiration(accessTokenCacheItem);\r\n // The response value will stay null if token retrieved from the cache is expired, otherwise it will be populated with said token's data\r\n \r\n if (tokenIsStillValid) {\r\n this.logger.verbose(\"Access token expiration is within offset, using access token found in cache\");\r\n const responseAccount: Account = account || this.getAccount();\r\n if (!responseAccount) {\r\n throw AuthError.createUnexpectedError(\"Account should not be null here.\");\r\n }\r\n\r\n const aState = this.getAccountState(serverAuthenticationRequest.state);\r\n const response: AuthResponse = {\r\n uniqueId: \"\",\r\n tenantId: \"\",\r\n tokenType: ServerHashParamKeys.ACCESS_TOKEN,\r\n idToken: null,\r\n idTokenClaims: null,\r\n accessToken: accessTokenCacheItem.value.accessToken,\r\n scopes: accessTokenCacheItem.key.scopes.split(\" \"),\r\n expiresOn: new Date(Number(accessTokenCacheItem.value.expiresIn) * 1000),\r\n account: responseAccount,\r\n accountState: aState,\r\n fromCache: true\r\n }; \r\n \r\n return response;\r\n } else {\r\n this.logger.verbose(\"Access token expired, removing from cache\");\r\n this.cacheStorage.removeItem(JSON.stringify(accessTokenCacheItem.key));\r\n return null;\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * Returns true if the token passed in is within the acceptable expiration time offset, false if it is expired.\r\n * @param tokenCacheItem \r\n * @param serverAuthenticationRequest \r\n */\r\n private evaluateTokenExpiration(tokenCacheItem: AccessTokenCacheItem): Boolean {\r\n const expiration = Number(tokenCacheItem.value.expiresIn);\r\n return TokenUtils.validateExpirationIsWithinOffset(expiration, this.config.system.tokenRenewalOffsetSeconds);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Check if ADAL id_token exists and return if exists.\r\n *\r\n */\r\n private extractADALIdToken(): object {\r\n this.logger.verbose(\"ExtractADALIdToken has been called\");\r\n const adalIdToken = this.cacheStorage.getItem(Constants.adalIdToken);\r\n return (!StringUtils.isEmpty(adalIdToken)) ? TokenUtils.extractIdToken(adalIdToken) : null;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Acquires access token using a hidden iframe.\r\n * @ignore\r\n */\r\n private renewToken(requestSignature: string, resolve: Function, reject: Function, account: Account, serverAuthenticationRequest: ServerRequestParameters): void {\r\n this.logger.verbose(\"RenewToken has been called\");\r\n this.logger.verbosePii(`RenewToken scope and authority: ${requestSignature}`);\r\n\r\n const frameName = WindowUtils.generateFrameName(FramePrefix.TOKEN_FRAME, requestSignature);\r\n WindowUtils.addHiddenIFrame(frameName, this.logger);\r\n\r\n this.updateCacheEntries(serverAuthenticationRequest, account, false);\r\n this.logger.verbosePii(`RenewToken expected state: ${serverAuthenticationRequest.state}`);\r\n\r\n // Build urlNavigate with \"prompt=none\" and navigate to URL in hidden iFrame\r\n const urlNavigate = UrlUtils.urlRemoveQueryStringParameter(UrlUtils.createNavigateUrl(serverAuthenticationRequest), Constants.prompt) + Constants.prompt_none + Constants.response_mode_fragment;\r\n\r\n window.renewStates.push(serverAuthenticationRequest.state);\r\n window.requestType = Constants.renewToken;\r\n this.logger.verbose(\"Set window.renewState and requestType\");\r\n this.registerCallback(serverAuthenticationRequest.state, requestSignature, resolve, reject);\r\n this.logger.infoPii(`Navigate to: ${urlNavigate}`);\r\n this.loadIframeTimeout(urlNavigate, frameName, requestSignature).catch(error => reject(error));\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Renews idtoken for app's own backend when clientId is passed as a single scope in the scopes array.\r\n * @ignore\r\n */\r\n private renewIdToken(requestSignature: string, resolve: Function, reject: Function, account: Account, serverAuthenticationRequest: ServerRequestParameters): void {\r\n this.logger.info(\"RenewIdToken has been called\");\r\n\r\n const frameName = WindowUtils.generateFrameName(FramePrefix.ID_TOKEN_FRAME, requestSignature);\r\n WindowUtils.addHiddenIFrame(frameName, this.logger);\r\n\r\n this.updateCacheEntries(serverAuthenticationRequest, account, false);\r\n\r\n this.logger.verbose(`RenewIdToken expected state: ${serverAuthenticationRequest.state}`);\r\n\r\n // Build urlNavigate with \"prompt=none\" and navigate to URL in hidden iFrame\r\n const urlNavigate = UrlUtils.urlRemoveQueryStringParameter(UrlUtils.createNavigateUrl(serverAuthenticationRequest), Constants.prompt) + Constants.prompt_none + Constants.response_mode_fragment;\r\n\r\n if (this.silentLogin) {\r\n this.logger.verbose(\"Silent login is true, set silentAuthenticationState\");\r\n window.requestType = Constants.login;\r\n this.silentAuthenticationState = serverAuthenticationRequest.state;\r\n } else {\r\n this.logger.verbose(\"Not silent login, set window.renewState and requestType\");\r\n window.requestType = Constants.renewToken;\r\n window.renewStates.push(serverAuthenticationRequest.state);\r\n }\r\n\r\n // note: scope here is clientId\r\n this.registerCallback(serverAuthenticationRequest.state, requestSignature, resolve, reject);\r\n this.logger.infoPii(`Navigate to:\" ${urlNavigate}`);\r\n this.loadIframeTimeout(urlNavigate, frameName, requestSignature).catch(error => reject(error));\r\n }\r\n\r\n /**\r\n * @hidden\r\n * \r\n * This method builds an Access Token Cache item and saves it to the cache, returning the original\r\n * AuthResponse augmented with a parsed expiresOn attribute.\r\n * \r\n * @param response The AuthResponse object that contains the token to be saved\r\n * @param authority The authority under which the ID token will be cached\r\n * @param scopes The scopes to be added to the cache item key (undefined for ID token cache items)\r\n * @param clientInfo Client Info object that is used to generate the homeAccountIdentifier\r\n * @param expiration Token expiration timestamp\r\n */\r\n private saveToken(response: AuthResponse, authority: string, scopes: string, clientInfo: ClientInfo, expiration: number): AuthResponse {\r\n const accessTokenKey = new AccessTokenKey(authority, this.clientId, scopes, clientInfo.uid, clientInfo.utid);\r\n const accessTokenValue = new AccessTokenValue(response.accessToken, response.idToken.rawIdToken, expiration.toString(), clientInfo.encodeClientInfo());\r\n this.cacheStorage.setItem(JSON.stringify(accessTokenKey), JSON.stringify(accessTokenValue));\r\n\r\n if (expiration) {\r\n this.logger.verbose(\"New expiration set for token\");\r\n response.expiresOn = new Date(expiration * 1000);\r\n } else {\r\n this.logger.error(\"Could not parse expiresIn parameter for access token\");\r\n }\r\n\r\n return response;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * \r\n * This method sets up the elements of an ID Token cache item and calls saveToken to save it in\r\n * Access Token Cache item format for the client application to use.\r\n * \r\n * @param response The AuthResponse object that will be used to build the cache item\r\n * @param authority The authority under which the ID token will be cached\r\n * @param parameters The response's Hash Params, which contain the ID token returned from the server\r\n * @param clientInfo Client Info object that is used to generate the homeAccountIdentifier\r\n * @param idTokenObj ID Token object from which the ID token's expiration is extracted\r\n */\r\n /* tslint:disable:no-string-literal */\r\n private saveIdToken(response: AuthResponse, authority: string, parameters: object, clientInfo: ClientInfo, idTokenObj: IdToken): AuthResponse {\r\n this.logger.verbose(\"SaveIdToken has been called\");\r\n const idTokenResponse = { ...response };\r\n\r\n // Scopes are undefined so they don't show up in ID token cache key\r\n let scopes: string;\r\n\r\n idTokenResponse.scopes = Constants.oidcScopes;\r\n idTokenResponse.accessToken = parameters[ServerHashParamKeys.ID_TOKEN];\r\n\r\n const expiration = Number(idTokenObj.expiration);\r\n\r\n // Set ID Token item in cache\r\n this.logger.verbose(\"Saving ID token to cache\");\r\n return this.saveToken(idTokenResponse, authority, scopes, clientInfo, expiration);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * \r\n * This method sets up the elements of an Access Token cache item and calls saveToken to save it to the cache\r\n * \r\n * @param response The AuthResponse object that will be used to build the cache item\r\n * @param authority The authority under which the access token will be cached\r\n * @param parameters The response's Hash Params, which contain the access token returned from the server\r\n * @param clientInfo Client Info object that is used to generate the homeAccountIdentifier\r\n */\r\n /* tslint:disable:no-string-literal */\r\n private saveAccessToken(response: AuthResponse, authority: string, parameters: object, clientInfo: ClientInfo): AuthResponse {\r\n this.logger.verbose(\"SaveAccessToken has been called\");\r\n const accessTokenResponse = { ...response };\r\n\r\n // read the scopes\r\n const scope = parameters[ServerHashParamKeys.SCOPE];\r\n const consentedScopes = scope.split(\" \");\r\n\r\n // retrieve all access tokens from the cache, remove the dup scopes\r\n const accessTokenCacheItems = this.cacheStorage.getAllAccessTokens(this.clientId, authority);\r\n this.logger.verbose(\"Retrieving all access tokens from cache and removing duplicates\");\r\n\r\n for (let i = 0; i < accessTokenCacheItems.length; i++) {\r\n const accessTokenCacheItem = accessTokenCacheItems[i];\r\n\r\n if (accessTokenCacheItem.key.homeAccountIdentifier === response.account.homeAccountIdentifier) {\r\n const cachedScopes = accessTokenCacheItem.key.scopes.split(\" \");\r\n if (ScopeSet.isIntersectingScopes(cachedScopes, consentedScopes)) {\r\n this.cacheStorage.removeItem(JSON.stringify(accessTokenCacheItem.key));\r\n }\r\n }\r\n }\r\n\r\n accessTokenResponse.accessToken = parameters[ServerHashParamKeys.ACCESS_TOKEN];\r\n accessTokenResponse.scopes = consentedScopes;\r\n\r\n const expiresIn = TimeUtils.parseExpiresIn(parameters[ServerHashParamKeys.EXPIRES_IN]);\r\n const parsedState = RequestUtils.parseLibraryState(parameters[ServerHashParamKeys.STATE]);\r\n const expiration = parsedState.ts + expiresIn;\r\n\r\n this.logger.verbose(\"Saving access token to cache\");\r\n return this.saveToken(accessTokenResponse, authority, scope, clientInfo, expiration);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Saves token or error received in the response from AAD in the cache. In case of id_token, it also creates the account object.\r\n * @ignore\r\n */\r\n protected saveTokenFromHash(hash: string, stateInfo: ResponseStateInfo): AuthResponse {\r\n this.logger.verbose(\"SaveTokenFromHash has been called\");\r\n this.logger.info(`State status: ${stateInfo.stateMatch}; Request type: ${stateInfo.requestType}`);\r\n\r\n let response : AuthResponse = {\r\n uniqueId: \"\",\r\n tenantId: \"\",\r\n tokenType: \"\",\r\n idToken: null,\r\n idTokenClaims: null,\r\n accessToken: null,\r\n scopes: [],\r\n expiresOn: null,\r\n account: null,\r\n accountState: \"\",\r\n fromCache: false\r\n };\r\n\r\n let error: AuthError;\r\n const hashParams = UrlUtils.deserializeHash(hash);\r\n let authorityKey: string = \"\";\r\n let acquireTokenAccountKey: string = \"\";\r\n let idTokenObj: IdToken = null;\r\n\r\n // If server returns an error\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.ERROR_DESCRIPTION) || hashParams.hasOwnProperty(ServerHashParamKeys.ERROR)) {\r\n this.logger.verbose(\"Server returned an error\");\r\n this.logger.infoPii(`Error : ${hashParams[ServerHashParamKeys.ERROR]}; Error description: ${hashParams[ServerHashParamKeys.ERROR_DESCRIPTION]}`);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR, hashParams[ServerHashParamKeys.ERROR]);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR_DESC, hashParams[ServerHashParamKeys.ERROR_DESCRIPTION]);\r\n\r\n // login\r\n if (stateInfo.requestType === Constants.login) {\r\n this.logger.verbose(\"RequestType is login, caching login error, generating authorityKey\");\r\n this.cacheStorage.setItem(ErrorCacheKeys.LOGIN_ERROR, hashParams[ServerHashParamKeys.ERROR_DESCRIPTION] + \":\" + hashParams[ServerHashParamKeys.ERROR]);\r\n authorityKey = AuthCache.generateAuthorityKey(stateInfo.state);\r\n }\r\n\r\n // acquireToken\r\n if (stateInfo.requestType === Constants.renewToken) {\r\n this.logger.verbose(\"RequestType is renewToken, generating acquireTokenAccountKey\");\r\n authorityKey = AuthCache.generateAuthorityKey(stateInfo.state);\r\n\r\n const account: Account = this.getAccount();\r\n let accountId;\r\n\r\n if (account && !StringUtils.isEmpty(account.homeAccountIdentifier)) {\r\n accountId = account.homeAccountIdentifier;\r\n this.logger.verbose(\"AccountId is set\");\r\n }\r\n else {\r\n accountId = Constants.no_account;\r\n this.logger.verbose(\"AccountId is set as no_account\");\r\n }\r\n\r\n acquireTokenAccountKey = AuthCache.generateAcquireTokenAccountKey(accountId, stateInfo.state);\r\n }\r\n\r\n const hashErr = hashParams[ServerHashParamKeys.ERROR];\r\n const hashErrDesc = hashParams[ServerHashParamKeys.ERROR_DESCRIPTION];\r\n if (InteractionRequiredAuthError.isInteractionRequiredError(hashErr) ||\r\n InteractionRequiredAuthError.isInteractionRequiredError(hashErrDesc)) {\r\n error = new InteractionRequiredAuthError(hashParams[ServerHashParamKeys.ERROR], hashParams[ServerHashParamKeys.ERROR_DESCRIPTION]);\r\n } else {\r\n error = new ServerError(hashParams[ServerHashParamKeys.ERROR], hashParams[ServerHashParamKeys.ERROR_DESCRIPTION]);\r\n }\r\n }\r\n // If the server returns \"Success\"\r\n else {\r\n this.logger.verbose(\"Server returns success\");\r\n // Verify the state from redirect and record tokens to storage if exists\r\n if (stateInfo.stateMatch) {\r\n this.logger.info(\"State is right\");\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.SESSION_STATE)) {\r\n this.logger.verbose(\"Fragment has session state, caching\");\r\n this.cacheStorage.setItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.SESSION_STATE, stateInfo.state), hashParams[ServerHashParamKeys.SESSION_STATE]);\r\n }\r\n response.accountState = this.getAccountState(stateInfo.state);\r\n\r\n let clientInfo: ClientInfo;\r\n\r\n // Process access_token\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.ACCESS_TOKEN)) {\r\n this.logger.info(\"Fragment has access token\");\r\n response.accessToken = hashParams[ServerHashParamKeys.ACCESS_TOKEN];\r\n\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.SCOPE)) {\r\n response.scopes = hashParams[ServerHashParamKeys.SCOPE].split(\" \");\r\n }\r\n\r\n // retrieve the id_token from response if present\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.ID_TOKEN)) {\r\n this.logger.verbose(\"Fragment has id_token\");\r\n idTokenObj = new IdToken(hashParams[ServerHashParamKeys.ID_TOKEN]);\r\n } else {\r\n this.logger.verbose(\"No idToken on fragment, getting idToken from cache\");\r\n idTokenObj = new IdToken(this.cacheStorage.getItem(PersistentCacheKeys.IDTOKEN));\r\n }\r\n\r\n response = ResponseUtils.setResponseIdToken(response, idTokenObj);\r\n\r\n // set authority\r\n const authority: string = this.populateAuthority(stateInfo.state, this.inCookie, this.cacheStorage, idTokenObj);\r\n this.logger.verbose(\"Got authority from cache\");\r\n\r\n // retrieve client_info - if it is not found, generate the uid and utid from idToken\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.CLIENT_INFO)) {\r\n this.logger.verbose(\"Fragment has clientInfo\");\r\n clientInfo = new ClientInfo(hashParams[ServerHashParamKeys.CLIENT_INFO], authority);\r\n } else if (this.authorityInstance.AuthorityType === AuthorityType.Adfs) {\r\n clientInfo = ClientInfo.createClientInfoFromIdToken(idTokenObj, authority);\r\n } else {\r\n this.logger.warning(\"ClientInfo not received in the response from AAD\");\r\n }\r\n\r\n response.account = Account.createAccount(idTokenObj, clientInfo);\r\n this.logger.verbose(\"Account object created from response\");\r\n\r\n let accountKey: string;\r\n if (response.account && !StringUtils.isEmpty(response.account.homeAccountIdentifier)) {\r\n this.logger.verbose(\"AccountKey set\");\r\n accountKey = response.account.homeAccountIdentifier;\r\n }\r\n else {\r\n this.logger.verbose(\"AccountKey set as no_account\");\r\n accountKey = Constants.no_account;\r\n }\r\n\r\n acquireTokenAccountKey = AuthCache.generateAcquireTokenAccountKey(accountKey, stateInfo.state);\r\n const acquireTokenAccountKey_noaccount = AuthCache.generateAcquireTokenAccountKey(Constants.no_account, stateInfo.state);\r\n this.logger.verbose(\"AcquireTokenAccountKey generated\");\r\n\r\n const cachedAccount: string = this.cacheStorage.getItem(acquireTokenAccountKey);\r\n let acquireTokenAccount: Account;\r\n\r\n // Check with the account in the Cache\r\n if (!StringUtils.isEmpty(cachedAccount)) {\r\n acquireTokenAccount = JSON.parse(cachedAccount);\r\n this.logger.verbose(\"AcquireToken request account retrieved from cache\");\r\n if (response.account && acquireTokenAccount && Account.compareAccounts(response.account, acquireTokenAccount)) {\r\n response = this.saveAccessToken(response, authority, hashParams, clientInfo);\r\n this.logger.info(\"The user object received in the response is the same as the one passed in the acquireToken request\");\r\n }\r\n else {\r\n this.logger.warning(\r\n \"The account object created from the response is not the same as the one passed in the acquireToken request\");\r\n }\r\n }\r\n else if (!StringUtils.isEmpty(this.cacheStorage.getItem(acquireTokenAccountKey_noaccount))) {\r\n this.logger.verbose(\"No acquireToken account retrieved from cache\");\r\n response = this.saveAccessToken(response, authority, hashParams, clientInfo);\r\n }\r\n }\r\n\r\n // Process id_token\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.ID_TOKEN)) {\r\n this.logger.info(\"Fragment has idToken\");\r\n\r\n // set the idToken\r\n idTokenObj = new IdToken(hashParams[ServerHashParamKeys.ID_TOKEN]);\r\n\r\n // set authority\r\n const authority: string = this.populateAuthority(stateInfo.state, this.inCookie, this.cacheStorage, idTokenObj);\r\n\r\n response = ResponseUtils.setResponseIdToken(response, idTokenObj);\r\n if (hashParams.hasOwnProperty(ServerHashParamKeys.CLIENT_INFO)) {\r\n this.logger.verbose(\"Fragment has clientInfo\");\r\n clientInfo = new ClientInfo(hashParams[ServerHashParamKeys.CLIENT_INFO], authority);\r\n } else if (this.authorityInstance.AuthorityType === AuthorityType.Adfs) {\r\n clientInfo = ClientInfo.createClientInfoFromIdToken(idTokenObj, authority);\r\n } else {\r\n this.logger.warning(\"ClientInfo not received in the response from AAD\");\r\n }\r\n\r\n this.account = Account.createAccount(idTokenObj, clientInfo);\r\n response.account = this.account;\r\n this.logger.verbose(\"Account object created from response\");\r\n\r\n if (idTokenObj && idTokenObj.nonce) {\r\n this.logger.verbose(\"IdToken has nonce\");\r\n // check nonce integrity if idToken has nonce - throw an error if not matched\r\n const cachedNonce = this.cacheStorage.getItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.NONCE_IDTOKEN, stateInfo.state), this.inCookie);\r\n if (idTokenObj.nonce !== cachedNonce) {\r\n this.account = null;\r\n this.cacheStorage.setItem(ErrorCacheKeys.LOGIN_ERROR, \"Nonce Mismatch. Expected Nonce: \" + cachedNonce + \",\" + \"Actual Nonce: \" + idTokenObj.nonce);\r\n this.logger.error(`Nonce Mismatch. Expected Nonce: ${cachedNonce}, Actual Nonce: ${idTokenObj.nonce}`);\r\n error = ClientAuthError.createNonceMismatchError(cachedNonce, idTokenObj.nonce);\r\n }\r\n // Save the token\r\n else {\r\n this.logger.verbose(\"Nonce matches, saving idToken to cache\");\r\n this.cacheStorage.setItem(PersistentCacheKeys.IDTOKEN, hashParams[ServerHashParamKeys.ID_TOKEN], this.inCookie);\r\n this.cacheStorage.setItem(PersistentCacheKeys.CLIENT_INFO, clientInfo.encodeClientInfo(), this.inCookie);\r\n\r\n // Save idToken as access token item for app itself\r\n this.saveIdToken(response, authority, hashParams, clientInfo, idTokenObj);\r\n }\r\n } else {\r\n this.logger.verbose(\"No idToken or no nonce. Cache key for Authority set as state\");\r\n authorityKey = stateInfo.state;\r\n acquireTokenAccountKey = stateInfo.state;\r\n\r\n this.logger.error(\"Invalid id_token received in the response\");\r\n error = ClientAuthError.createInvalidIdTokenError(idTokenObj);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR, error.errorCode);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR_DESC, error.errorMessage);\r\n }\r\n }\r\n }\r\n // State mismatch - unexpected/invalid state\r\n else {\r\n this.logger.verbose(\"State mismatch\");\r\n authorityKey = stateInfo.state;\r\n acquireTokenAccountKey = stateInfo.state;\r\n\r\n const expectedState = this.cacheStorage.getItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.STATE_LOGIN, stateInfo.state), this.inCookie);\r\n this.logger.error(`State Mismatch. Expected State: ${expectedState}, Actual State: ${stateInfo.state}`);\r\n error = ClientAuthError.createInvalidStateError(stateInfo.state, expectedState);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR, error.errorCode);\r\n this.cacheStorage.setItem(ErrorCacheKeys.ERROR_DESC, error.errorMessage);\r\n }\r\n }\r\n\r\n // Set status to completed\r\n this.cacheStorage.removeItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.RENEW_STATUS, stateInfo.state));\r\n this.cacheStorage.resetTempCacheItems(stateInfo.state);\r\n this.logger.verbose(\"Status set to complete, temporary cache cleared\");\r\n\r\n // this is required if navigateToLoginRequestUrl=false\r\n if (this.inCookie) {\r\n this.logger.verbose(\"InCookie is true, setting authorityKey in cookie\");\r\n this.cacheStorage.setItemCookie(authorityKey, \"\", -1);\r\n this.cacheStorage.clearMsalCookie(stateInfo.state);\r\n }\r\n if (error) {\r\n // Error case, set status to cancelled\r\n throw error;\r\n }\r\n\r\n if (!response) {\r\n throw AuthError.createUnexpectedError(\"Response is null\");\r\n }\r\n\r\n return response;\r\n }\r\n\r\n /**\r\n * Set Authority when saving Token from the hash\r\n * @param state\r\n * @param inCookie\r\n * @param cacheStorage\r\n * @param idTokenObj\r\n * @param response\r\n */\r\n private populateAuthority(state: string, inCookie: boolean, cacheStorage: AuthCache, idTokenObj: IdToken): string {\r\n this.logger.verbose(\"PopulateAuthority has been called\");\r\n const authorityKey: string = AuthCache.generateAuthorityKey(state);\r\n const cachedAuthority: string = cacheStorage.getItem(authorityKey, inCookie);\r\n\r\n // retrieve the authority from cache and replace with tenantID\r\n return StringUtils.isEmpty(cachedAuthority) ? cachedAuthority : UrlUtils.replaceTenantPath(cachedAuthority, idTokenObj.tenantId);\r\n }\r\n\r\n /* tslint:enable:no-string-literal */\r\n\r\n // #endregion\r\n\r\n // #region Account\r\n\r\n /**\r\n * Returns the signed in account\r\n * (the account object is created at the time of successful login)\r\n * or null when no state is found\r\n * @returns {@link Account} - the account object stored in MSAL\r\n */\r\n getAccount(): Account {\r\n // if a session already exists, get the account from the session\r\n if (this.account) {\r\n return this.account;\r\n }\r\n\r\n // frame is used to get idToken and populate the account for the given session\r\n const rawIdToken = this.cacheStorage.getItem(PersistentCacheKeys.IDTOKEN, this.inCookie);\r\n const rawClientInfo = this.cacheStorage.getItem(PersistentCacheKeys.CLIENT_INFO, this.inCookie);\r\n\r\n if (!StringUtils.isEmpty(rawIdToken) && !StringUtils.isEmpty(rawClientInfo)) {\r\n const idToken = new IdToken(rawIdToken);\r\n const clientInfo = new ClientInfo(rawClientInfo, \"\");\r\n this.account = Account.createAccount(idToken, clientInfo);\r\n return this.account;\r\n }\r\n // if login not yet done, return null\r\n return null;\r\n }\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Extracts state value from the accountState sent with the authentication request.\r\n * @returns {string} scope.\r\n * @ignore\r\n */\r\n getAccountState (state: string): string {\r\n if (state) {\r\n const splitIndex = state.indexOf(Constants.resourceDelimiter);\r\n if (splitIndex > -1 && splitIndex + 1 < state.length) {\r\n return state.substring(splitIndex + 1);\r\n }\r\n }\r\n return state;\r\n }\r\n\r\n /**\r\n * Use to get a list of unique accounts in MSAL cache based on homeAccountIdentifier.\r\n *\r\n * @param {@link Array<Account>} Account - all unique accounts in MSAL cache.\r\n */\r\n getAllAccounts(): Array<Account> {\r\n const accounts: Array<Account> = [];\r\n const accessTokenCacheItems = this.cacheStorage.getAllAccessTokens(Constants.clientId, Constants.homeAccountIdentifier);\r\n\r\n for (let i = 0; i < accessTokenCacheItems.length; i++) {\r\n const idToken = new IdToken(accessTokenCacheItems[i].value.idToken);\r\n const clientInfo = new ClientInfo(accessTokenCacheItems[i].value.homeAccountIdentifier, \"\");\r\n const account: Account = Account.createAccount(idToken, clientInfo);\r\n accounts.push(account);\r\n }\r\n\r\n return this.getUniqueAccounts(accounts);\r\n }\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Used to filter accounts based on homeAccountIdentifier\r\n * @param {Array<Account>} Accounts - accounts saved in the cache\r\n * @ignore\r\n */\r\n private getUniqueAccounts(accounts: Array<Account>): Array<Account> {\r\n if (!accounts || accounts.length <= 1) {\r\n return accounts;\r\n }\r\n\r\n const flags: Array<string> = [];\r\n const uniqueAccounts: Array<Account> = [];\r\n for (let index = 0; index < accounts.length; ++index) {\r\n if (accounts[index].homeAccountIdentifier && flags.indexOf(accounts[index].homeAccountIdentifier) === -1) {\r\n flags.push(accounts[index].homeAccountIdentifier);\r\n uniqueAccounts.push(accounts[index]);\r\n }\r\n }\r\n\r\n return uniqueAccounts;\r\n }\r\n\r\n // #endregion\r\n\r\n // #region Angular\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Broadcast messages - Used only for Angular? *\r\n * @param eventName\r\n * @param data\r\n */\r\n private broadcast(eventName: string, data: string) {\r\n const evt = new CustomEvent(eventName, { detail: data });\r\n window.dispatchEvent(evt);\r\n }\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Helper function to retrieve the cached token\r\n *\r\n * @param scopes\r\n * @param {@link Account} account\r\n * @param state\r\n * @return {@link AuthResponse} AuthResponse\r\n */\r\n protected getCachedTokenInternal(scopes : Array<string> , account: Account, state: string, correlationId?: string): AuthResponse {\r\n // Get the current session's account object\r\n const accountObject: Account = account || this.getAccount();\r\n if (!accountObject) {\r\n return null;\r\n }\r\n\r\n // Construct AuthenticationRequest based on response type; set \"redirectUri\" from the \"request\" which makes this call from Angular - for this.getRedirectUri()\r\n const newAuthority = this.authorityInstance ? this.authorityInstance : AuthorityFactory.CreateInstance(this.authority, this.config.auth.validateAuthority);\r\n const responseType = this.getTokenType(accountObject, scopes);\r\n\r\n const serverAuthenticationRequest = new ServerRequestParameters(\r\n newAuthority,\r\n this.clientId,\r\n responseType,\r\n this.getRedirectUri(),\r\n scopes,\r\n state,\r\n correlationId\r\n );\r\n\r\n // get cached token\r\n return this.getCachedToken(serverAuthenticationRequest, account);\r\n }\r\n\r\n /**\r\n * @hidden\r\n *\r\n * Get scopes for the Endpoint - Used in Angular to track protected and unprotected resources without interaction from the developer app\r\n * Note: Please check if we need to set the \"redirectUri\" from the \"request\" which makes this call from Angular - for this.getRedirectUri()\r\n *\r\n * @param endpoint\r\n */\r\n protected getScopesForEndpoint(endpoint: string) : Array<string> {\r\n // if user specified list of unprotectedResources, no need to send token to these endpoints, return null.\r\n if (this.config.framework.unprotectedResources.length > 0) {\r\n for (let i = 0; i < this.config.framework.unprotectedResources.length; i++) {\r\n if (endpoint.indexOf(this.config.framework.unprotectedResources[i]) > -1) {\r\n return null;\r\n }\r\n }\r\n }\r\n\r\n // process all protected resources and send the matched one\r\n if (this.config.framework.protectedResourceMap.size > 0) {\r\n for (const key of Array.from(this.config.framework.protectedResourceMap.keys())) {\r\n // configEndpoint is like /api/Todo requested endpoint can be /api/Todo/1\r\n if (endpoint.indexOf(key) > -1) {\r\n return this.config.framework.protectedResourceMap.get(key);\r\n }\r\n }\r\n }\r\n\r\n /*\r\n * default resource will be clientid if nothing specified\r\n * App will use idtoken for calls to itself\r\n * check if it's staring from http or https, needs to match with app host\r\n */\r\n if (endpoint.indexOf(\"http://\") > -1 || endpoint.indexOf(\"https://\") > -1) {\r\n if (UrlUtils.getHostFromUri(endpoint) === UrlUtils.getHostFromUri(this.getRedirectUri())) {\r\n return new Array<string>(this.clientId);\r\n }\r\n } else {\r\n /*\r\n * in angular level, the url for $http interceptor call could be relative url,\r\n * if it's relative call, we'll treat it as app backend call.\r\n */\r\n return new Array<string>(this.clientId);\r\n }\r\n\r\n // if not the app's own backend or not a domain listed in the endpoints structure\r\n return null;\r\n }\r\n\r\n /**\r\n * Return boolean flag to developer to help inform if login is in progress\r\n * @returns {boolean} true/false\r\n */\r\n public getLoginInProgress(): boolean {\r\n return this.cacheStorage.isInteractionInProgress(true);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * @param loginInProgress\r\n */\r\n protected setInteractionInProgress(inProgress: boolean): void {\r\n this.cacheStorage.setInteractionInProgress(inProgress);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * @param loginInProgress\r\n */\r\n protected setloginInProgress(loginInProgress : boolean): void {\r\n this.setInteractionInProgress(loginInProgress);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * returns the status of acquireTokenInProgress\r\n */\r\n protected getAcquireTokenInProgress(): boolean {\r\n return this.cacheStorage.isInteractionInProgress(true);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * @param acquireTokenInProgress\r\n */\r\n protected setAcquireTokenInProgress(acquireTokenInProgress : boolean): void {\r\n this.setInteractionInProgress(acquireTokenInProgress);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * returns the logger handle\r\n */\r\n getLogger(): Logger {\r\n return this.logger;\r\n }\r\n\r\n /**\r\n * Sets the logger callback.\r\n * @param logger Logger callback\r\n */\r\n setLogger(logger: Logger): void {\r\n this.logger = logger;\r\n }\r\n\r\n // #endregion\r\n\r\n // #region Getters and Setters\r\n\r\n /**\r\n * Use to get the redirect uri configured in MSAL or null.\r\n * Evaluates redirectUri if its a function, otherwise simply returns its value.\r\n *\r\n * @returns {string} redirect URL\r\n */\r\n public getRedirectUri(reqRedirectUri?: string): string {\r\n if(reqRedirectUri) {\r\n return reqRedirectUri;\r\n }\r\n else if (typeof this.config.auth.redirectUri === \"function\") {\r\n return this.config.auth.redirectUri();\r\n }\r\n return this.config.auth.redirectUri;\r\n }\r\n\r\n /**\r\n * Use to get the post logout redirect uri configured in MSAL or null.\r\n * Evaluates postLogoutredirectUri if its a function, otherwise simply returns its value.\r\n *\r\n * @returns {string} post logout redirect URL\r\n */\r\n public getPostLogoutRedirectUri(): string {\r\n if (typeof this.config.auth.postLogoutRedirectUri === \"function\") {\r\n return this.config.auth.postLogoutRedirectUri();\r\n }\r\n return this.config.auth.postLogoutRedirectUri;\r\n }\r\n\r\n /**\r\n * Use to get the current {@link Configuration} object in MSAL\r\n *\r\n * @returns {@link Configuration}\r\n */\r\n public getCurrentConfiguration(): Configuration {\r\n if (!this.config) {\r\n throw ClientConfigurationError.createNoSetConfigurationError();\r\n }\r\n return this.config;\r\n }\r\n\r\n /**\r\n * @ignore\r\n *\r\n * Utils function to create the Authentication\r\n * @param {@link account} account object\r\n * @param scopes\r\n *\r\n * @returns {string} token type: token, id_token or id_token token\r\n *\r\n */\r\n private getTokenType(accountObject: Account, scopes: string[]): string {\r\n const accountsMatch = Account.compareAccounts(accountObject, this.getAccount());\r\n return ServerRequestParameters.determineResponseType(accountsMatch, scopes);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * Sets the cachekeys for and stores the account information in cache\r\n * @param account\r\n * @param state\r\n * @hidden\r\n */\r\n private setAccountCache(account: Account, state: string) {\r\n\r\n // Cache acquireTokenAccountKey\r\n const accountId = account ? this.getAccountId(account) : Constants.no_account;\r\n\r\n const acquireTokenAccountKey = AuthCache.generateAcquireTokenAccountKey(accountId, state);\r\n this.cacheStorage.setItem(acquireTokenAccountKey, JSON.stringify(account));\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * Sets the cacheKey for and stores the authority information in cache\r\n * @param state\r\n * @param authority\r\n * @hidden\r\n */\r\n private setAuthorityCache(state: string, authority: string) {\r\n // Cache authorityKey\r\n const authorityKey = AuthCache.generateAuthorityKey(state);\r\n this.cacheStorage.setItem(authorityKey, UrlUtils.CanonicalizeUri(authority), this.inCookie);\r\n }\r\n\r\n /**\r\n * Updates account, authority, and nonce in cache\r\n * @param serverAuthenticationRequest\r\n * @param account\r\n * @hidden\r\n * @ignore\r\n */\r\n private updateCacheEntries(serverAuthenticationRequest: ServerRequestParameters, account: Account, isLoginCall: boolean, loginStartPage?: string) {\r\n // Cache Request Originator Page\r\n if (loginStartPage) {\r\n this.cacheStorage.setItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.LOGIN_REQUEST, serverAuthenticationRequest.state), loginStartPage, this.inCookie);\r\n }\r\n\r\n // Cache account and authority\r\n if (isLoginCall) {\r\n // Cache the state\r\n this.cacheStorage.setItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.STATE_LOGIN, serverAuthenticationRequest.state), serverAuthenticationRequest.state, this.inCookie);\r\n } else {\r\n this.setAccountCache(account, serverAuthenticationRequest.state);\r\n }\r\n // Cache authorityKey\r\n this.setAuthorityCache(serverAuthenticationRequest.state, serverAuthenticationRequest.authority);\r\n\r\n // Cache nonce\r\n this.cacheStorage.setItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.NONCE_IDTOKEN, serverAuthenticationRequest.state), serverAuthenticationRequest.nonce, this.inCookie);\r\n }\r\n\r\n /**\r\n * Returns the unique identifier for the logged in account\r\n * @param account\r\n * @hidden\r\n * @ignore\r\n */\r\n private getAccountId(account: Account): string {\r\n // return `${account.accountIdentifier}` + Constants.resourceDelimiter + `${account.homeAccountIdentifier}`;\r\n let accountId: string;\r\n if (!StringUtils.isEmpty(account.homeAccountIdentifier)) {\r\n accountId = account.homeAccountIdentifier;\r\n }\r\n else {\r\n accountId = Constants.no_account;\r\n }\r\n\r\n return accountId;\r\n }\r\n\r\n /**\r\n * @ignore\r\n * @param extraQueryParameters\r\n *\r\n * Construct 'tokenRequest' from the available data in adalIdToken\r\n */\r\n private buildIDTokenRequest(request: AuthenticationParameters): AuthenticationParameters {\r\n\r\n const tokenRequest: AuthenticationParameters = {\r\n scopes: Constants.oidcScopes,\r\n authority: this.authority,\r\n account: this.getAccount(),\r\n extraQueryParameters: request.extraQueryParameters,\r\n correlationId: request.correlationId\r\n };\r\n\r\n return tokenRequest;\r\n }\r\n\r\n /**\r\n * @ignore\r\n * @param config\r\n * @param clientId\r\n *\r\n * Construct TelemetryManager from Configuration\r\n */\r\n private getTelemetryManagerFromConfig(config: TelemetryOptions, clientId: string): TelemetryManager {\r\n if (!config) { // if unset\r\n return TelemetryManager.getTelemetrymanagerStub(clientId, this.logger);\r\n }\r\n // if set then validate\r\n const { applicationName, applicationVersion, telemetryEmitter } = config;\r\n if (!applicationName || !applicationVersion || !telemetryEmitter) {\r\n throw ClientConfigurationError.createTelemetryConfigError(config);\r\n }\r\n // if valid then construct\r\n const telemetryPlatform: TelemetryPlatform = {\r\n applicationName,\r\n applicationVersion\r\n };\r\n const telemetryManagerConfig: TelemetryConfig = {\r\n platform: telemetryPlatform,\r\n clientId: clientId\r\n };\r\n return new TelemetryManager(telemetryManagerConfig, telemetryEmitter, this.logger);\r\n }\r\n\r\n // #endregion\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { NetworkRequestType } from \"./utils/Constants\";\r\n\r\n/**\r\n * XHR client for JSON endpoints\r\n * https://www.npmjs.com/package/async-promise\r\n * @hidden\r\n */\r\n\r\nexport class XhrClient {\r\n\r\n public sendRequestAsync(url: string, method: string, enableCaching?: boolean): Promise<XhrResponse> {\r\n return new Promise<XhrResponse>((resolve, reject) => {\r\n const xhr = new XMLHttpRequest();\r\n xhr.open(method, url, /* async: */ true);\r\n if (enableCaching) {\r\n /*\r\n * TODO: (shivb) ensure that this can be cached\r\n * xhr.setRequestHeader(\"Cache-Control\", \"Public\");\r\n */\r\n }\r\n\r\n xhr.onload = () => {\r\n if (xhr.status < 200 || xhr.status >= 300) {\r\n reject(this.handleError(xhr.responseText));\r\n }\r\n let jsonResponse;\r\n try {\r\n jsonResponse = JSON.parse(xhr.responseText);\r\n } catch (e) {\r\n reject(this.handleError(xhr.responseText));\r\n }\r\n const response: XhrResponse = {\r\n statusCode: xhr.status,\r\n body: jsonResponse\r\n };\r\n resolve(response);\r\n };\r\n\r\n xhr.onerror = () => {\r\n reject(xhr.status);\r\n };\r\n\r\n if (method === NetworkRequestType.GET) {\r\n xhr.send();\r\n }\r\n else {\r\n throw \"not implemented\";\r\n }\r\n });\r\n }\r\n\r\n protected handleError(responseText: string): string {\r\n let jsonResponse: object;\r\n try {\r\n jsonResponse = JSON.parse(responseText);\r\n if (jsonResponse[\"error\"]) {\r\n return jsonResponse[\"error\"];\r\n } else {\r\n throw responseText;\r\n }\r\n } catch (e) {\r\n return responseText;\r\n }\r\n }\r\n}\r\n\r\nexport type XhrResponse = {\r\n body: object,\r\n statusCode: number\r\n};\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { IUri } from \"../IUri\";\r\nimport { ITenantDiscoveryResponse } from \"./ITenantDiscoveryResponse\";\r\nimport { ClientConfigurationErrorMessage, ClientConfigurationError } from \"../error/ClientConfigurationError\";\r\nimport { XhrClient, XhrResponse } from \"../XHRClient\";\r\nimport { UrlUtils } from \"../utils/UrlUtils\";\r\nimport TelemetryManager from \"../telemetry/TelemetryManager\";\r\nimport HttpEvent from \"../telemetry/HttpEvent\";\r\nimport { TrustedAuthority } from \"./TrustedAuthority\";\r\nimport { NetworkRequestType, Constants, WELL_KNOWN_SUFFIX } from \"../utils/Constants\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport enum AuthorityType {\r\n Default,\r\n Adfs\r\n}\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class Authority {\r\n constructor(authority: string, validateAuthority: boolean, authorityMetadata?: ITenantDiscoveryResponse) {\r\n this.IsValidationEnabled = validateAuthority;\r\n this.CanonicalAuthority = authority;\r\n\r\n this.validateAsUri();\r\n this.tenantDiscoveryResponse = authorityMetadata;\r\n }\r\n\r\n public static isAdfs(authorityUrl: string): boolean {\r\n const components = UrlUtils.GetUrlComponents(authorityUrl);\r\n const pathSegments = components.PathSegments;\r\n\r\n return (pathSegments.length && pathSegments[0].toLowerCase() === Constants.ADFS);\r\n }\r\n\r\n public get AuthorityType(): AuthorityType {\r\n return Authority.isAdfs(this.canonicalAuthority)? AuthorityType.Adfs : AuthorityType.Default;\r\n }\r\n\r\n public IsValidationEnabled: boolean;\r\n\r\n public get Tenant(): string {\r\n return this.CanonicalAuthorityUrlComponents.PathSegments[0];\r\n }\r\n\r\n private tenantDiscoveryResponse: ITenantDiscoveryResponse;\r\n\r\n public get AuthorizationEndpoint(): string {\r\n this.validateResolved();\r\n return this.tenantDiscoveryResponse.AuthorizationEndpoint.replace(/{tenant}|{tenantid}/g, this.Tenant);\r\n }\r\n\r\n public get EndSessionEndpoint(): string {\r\n this.validateResolved();\r\n return this.tenantDiscoveryResponse.EndSessionEndpoint.replace(/{tenant}|{tenantid}/g, this.Tenant);\r\n }\r\n\r\n public get SelfSignedJwtAudience(): string {\r\n this.validateResolved();\r\n return this.tenantDiscoveryResponse.Issuer.replace(/{tenant}|{tenantid}/g, this.Tenant);\r\n }\r\n\r\n private validateResolved() {\r\n if (!this.hasCachedMetadata()) {\r\n throw \"Please call ResolveEndpointsAsync first\";\r\n }\r\n }\r\n\r\n /**\r\n * A URL that is the authority set by the developer\r\n */\r\n public get CanonicalAuthority(): string {\r\n return this.canonicalAuthority;\r\n }\r\n\r\n public set CanonicalAuthority(url: string) {\r\n this.canonicalAuthority = UrlUtils.CanonicalizeUri(url);\r\n this.canonicalAuthorityUrlComponents = null;\r\n }\r\n\r\n private canonicalAuthority: string;\r\n private canonicalAuthorityUrlComponents: IUri;\r\n\r\n public get CanonicalAuthorityUrlComponents(): IUri {\r\n if (!this.canonicalAuthorityUrlComponents) {\r\n this.canonicalAuthorityUrlComponents = UrlUtils.GetUrlComponents(this.CanonicalAuthority);\r\n }\r\n\r\n return this.canonicalAuthorityUrlComponents;\r\n }\r\n\r\n // http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata\r\n protected get DefaultOpenIdConfigurationEndpoint(): string {\r\n return (this.AuthorityType === AuthorityType.Adfs)? `${this.CanonicalAuthority}${WELL_KNOWN_SUFFIX}` : `${this.CanonicalAuthority}v2.0/${WELL_KNOWN_SUFFIX}`;\r\n }\r\n\r\n /**\r\n * Given a string, validate that it is of the form https://domain/path\r\n */\r\n private validateAsUri() {\r\n let components;\r\n try {\r\n components = this.CanonicalAuthorityUrlComponents;\r\n } catch (e) {\r\n throw ClientConfigurationErrorMessage.invalidAuthorityType;\r\n }\r\n\r\n if (!components.Protocol || components.Protocol.toLowerCase() !== \"https:\") {\r\n throw ClientConfigurationErrorMessage.authorityUriInsecure;\r\n }\r\n\r\n if (!components.PathSegments || components.PathSegments.length < 1) {\r\n throw ClientConfigurationErrorMessage.authorityUriInvalidPath;\r\n }\r\n }\r\n\r\n /**\r\n * Calls the OIDC endpoint and returns the response\r\n */\r\n private DiscoverEndpoints(openIdConfigurationEndpoint: string, telemetryManager: TelemetryManager, correlationId: string): Promise<ITenantDiscoveryResponse> {\r\n const client = new XhrClient();\r\n\r\n const httpMethod = NetworkRequestType.GET;\r\n const httpEvent: HttpEvent = telemetryManager.createAndStartHttpEvent(correlationId, httpMethod, openIdConfigurationEndpoint, \"openIdConfigurationEndpoint\");\r\n\r\n return client.sendRequestAsync(openIdConfigurationEndpoint, httpMethod, /* enableCaching: */ true)\r\n .then((response: XhrResponse) => {\r\n httpEvent.httpResponseStatus = response.statusCode;\r\n telemetryManager.stopEvent(httpEvent);\r\n return <ITenantDiscoveryResponse>{\r\n AuthorizationEndpoint: response.body[\"authorization_endpoint\"],\r\n EndSessionEndpoint: response.body[\"end_session_endpoint\"],\r\n Issuer: response.body[\"issuer\"]\r\n };\r\n })\r\n .catch(err => {\r\n httpEvent.serverErrorCode = err;\r\n telemetryManager.stopEvent(httpEvent);\r\n throw err;\r\n });\r\n }\r\n\r\n /**\r\n * Returns a promise.\r\n * Checks to see if the authority is in the cache\r\n * Discover endpoints via openid-configuration\r\n * If successful, caches the endpoint for later use in OIDC\r\n */\r\n public async resolveEndpointsAsync(telemetryManager: TelemetryManager, correlationId: string): Promise<ITenantDiscoveryResponse> {\r\n if (this.IsValidationEnabled) {\r\n const host = this.canonicalAuthorityUrlComponents.HostNameAndPort;\r\n if (TrustedAuthority.getTrustedHostList().length === 0) {\r\n await TrustedAuthority.setTrustedAuthoritiesFromNetwork(this.canonicalAuthority, telemetryManager, correlationId);\r\n }\r\n\r\n if (!TrustedAuthority.IsInTrustedHostList(host)) {\r\n throw ClientConfigurationError.createUntrustedAuthorityError(host);\r\n }\r\n }\r\n const openIdConfigurationEndpointResponse = this.GetOpenIdConfigurationEndpoint();\r\n this.tenantDiscoveryResponse = await this.DiscoverEndpoints(openIdConfigurationEndpointResponse, telemetryManager, correlationId);\r\n\r\n return this.tenantDiscoveryResponse;\r\n }\r\n\r\n /**\r\n * Checks if there is a cached tenant discovery response with required fields.\r\n */\r\n public hasCachedMetadata(): boolean {\r\n return !!(this.tenantDiscoveryResponse &&\r\n this.tenantDiscoveryResponse.AuthorizationEndpoint &&\r\n this.tenantDiscoveryResponse.EndSessionEndpoint &&\r\n this.tenantDiscoveryResponse.Issuer);\r\n }\r\n\r\n /**\r\n * Returns a promise which resolves to the OIDC endpoint\r\n * Only responds with the endpoint\r\n */\r\n public GetOpenIdConfigurationEndpoint(): string {\r\n return this.DefaultOpenIdConfigurationEndpoint;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * @hidden\r\n */\r\nimport { Authority } from \"./Authority\";\r\nimport { StringUtils } from \"../utils/StringUtils\";\r\nimport { ClientConfigurationError } from \"../error/ClientConfigurationError\";\r\nimport { ITenantDiscoveryResponse, OpenIdConfiguration } from \"./ITenantDiscoveryResponse\";\r\nimport TelemetryManager from \"../telemetry/TelemetryManager\";\r\n\r\nexport class AuthorityFactory {\r\n private static metadataMap = new Map<string, ITenantDiscoveryResponse>();\r\n\r\n public static async saveMetadataFromNetwork(authorityInstance: Authority, telemetryManager: TelemetryManager, correlationId: string): Promise<ITenantDiscoveryResponse> {\r\n const metadata = await authorityInstance.resolveEndpointsAsync(telemetryManager, correlationId);\r\n this.metadataMap.set(authorityInstance.CanonicalAuthority, metadata);\r\n return metadata;\r\n }\r\n\r\n public static getMetadata(authorityUrl: string): ITenantDiscoveryResponse {\r\n return this.metadataMap.get(authorityUrl);\r\n }\r\n\r\n public static saveMetadataFromConfig(authorityUrl: string, authorityMetadataJson: string): void {\r\n try {\r\n if (authorityMetadataJson) {\r\n const parsedMetadata = JSON.parse(authorityMetadataJson) as OpenIdConfiguration;\r\n\r\n if (!parsedMetadata.authorization_endpoint || !parsedMetadata.end_session_endpoint || !parsedMetadata.issuer) {\r\n throw ClientConfigurationError.createInvalidAuthorityMetadataError();\r\n }\r\n\r\n this.metadataMap.set(authorityUrl, {\r\n AuthorizationEndpoint: parsedMetadata.authorization_endpoint,\r\n EndSessionEndpoint: parsedMetadata.end_session_endpoint,\r\n Issuer: parsedMetadata.issuer\r\n });\r\n }\r\n } catch (e) {\r\n throw ClientConfigurationError.createInvalidAuthorityMetadataError();\r\n }\r\n }\r\n\r\n /**\r\n * Create an authority object of the correct type based on the url\r\n * Performs basic authority validation - checks to see if the authority is of a valid type (eg aad, b2c)\r\n */\r\n public static CreateInstance(authorityUrl: string, validateAuthority: boolean, authorityMetadata?: string): Authority {\r\n if (StringUtils.isEmpty(authorityUrl)) {\r\n return null;\r\n }\r\n\r\n if (authorityMetadata) {\r\n // todo: log statements\r\n this.saveMetadataFromConfig(authorityUrl, authorityMetadata);\r\n }\r\n return new Authority(authorityUrl, validateAuthority, this.metadataMap.get(authorityUrl));\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport TelemetryManager from \"../telemetry/TelemetryManager\";\r\nimport { XhrClient, XhrResponse } from \"../XHRClient\";\r\nimport HttpEvent from \"../telemetry/HttpEvent\";\r\nimport { AAD_INSTANCE_DISCOVERY_ENDPOINT, NetworkRequestType } from \"../utils/Constants\";\r\nimport { UrlUtils } from \"../utils/UrlUtils\";\r\n\r\nexport class TrustedAuthority {\r\n private static TrustedHostList: Array<string> = [];\r\n\r\n /**\r\n * \r\n * @param validateAuthority \r\n * @param knownAuthorities \r\n */\r\n public static setTrustedAuthoritiesFromConfig(validateAuthority: boolean, knownAuthorities: Array<string>): void{\r\n if (validateAuthority && !this.getTrustedHostList().length){\r\n knownAuthorities.forEach(function(authority) {\r\n TrustedAuthority.TrustedHostList.push(authority.toLowerCase());\r\n });\r\n }\r\n }\r\n\r\n /**\r\n * \r\n * @param telemetryManager \r\n * @param correlationId \r\n */\r\n private static async getAliases(authorityToVerify: string, telemetryManager: TelemetryManager, correlationId?: string): Promise<Array<object>> {\r\n const client: XhrClient = new XhrClient();\r\n\r\n const httpMethod = NetworkRequestType.GET;\r\n const instanceDiscoveryEndpoint = `${AAD_INSTANCE_DISCOVERY_ENDPOINT}${authorityToVerify}oauth2/v2.0/authorize`;\r\n const httpEvent: HttpEvent = telemetryManager.createAndStartHttpEvent(correlationId, httpMethod, instanceDiscoveryEndpoint, \"getAliases\");\r\n return client.sendRequestAsync(instanceDiscoveryEndpoint, httpMethod, true)\r\n .then((response: XhrResponse) => {\r\n httpEvent.httpResponseStatus = response.statusCode;\r\n telemetryManager.stopEvent(httpEvent);\r\n return response.body[\"metadata\"];\r\n })\r\n .catch(err => {\r\n httpEvent.serverErrorCode = err;\r\n telemetryManager.stopEvent(httpEvent);\r\n throw err;\r\n });\r\n }\r\n\r\n /**\r\n * \r\n * @param telemetryManager \r\n * @param correlationId \r\n */\r\n public static async setTrustedAuthoritiesFromNetwork(authorityToVerify: string, telemetryManager: TelemetryManager, correlationId?: string): Promise<void> {\r\n const metadata = await this.getAliases(authorityToVerify, telemetryManager, correlationId);\r\n metadata.forEach(function(entry: object){\r\n const authorities: Array<string> = entry[\"aliases\"];\r\n authorities.forEach(function(authority: string) {\r\n TrustedAuthority.TrustedHostList.push(authority.toLowerCase());\r\n });\r\n });\r\n\r\n const host = UrlUtils.GetUrlComponents(authorityToVerify).HostNameAndPort;\r\n if (TrustedAuthority.getTrustedHostList().length && !TrustedAuthority.IsInTrustedHostList(host)){\r\n // Custom Domain scenario, host is trusted because Instance Discovery call succeeded\r\n TrustedAuthority.TrustedHostList.push(host.toLowerCase());\r\n }\r\n } \r\n\r\n public static getTrustedHostList(): Array<string> {\r\n return this.TrustedHostList;\r\n }\r\n\r\n /**\r\n * Checks to see if the host is in a list of trusted hosts\r\n * @param host \r\n */\r\n public static IsInTrustedHostList(host: string): boolean {\r\n return this.TrustedHostList.indexOf(host.toLowerCase()) > -1;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AccessTokenKey } from \"./AccessTokenKey\";\r\nimport { AccessTokenValue } from \"./AccessTokenValue\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class AccessTokenCacheItem {\r\n\r\n key: AccessTokenKey;\r\n value: AccessTokenValue;\r\n\r\n constructor(key: AccessTokenKey, value: AccessTokenValue) {\r\n this.key = key;\r\n this.value = value;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CryptoUtils } from \"../utils/CryptoUtils\";\r\nimport { UrlUtils } from \"../utils/UrlUtils\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class AccessTokenKey {\r\n\r\n authority: string;\r\n clientId: string;\r\n scopes: string;\r\n homeAccountIdentifier: string;\r\n\r\n constructor(authority: string, clientId: string, scopes: string, uid: string, utid: string) {\r\n this.authority = UrlUtils.CanonicalizeUri(authority);\r\n this.clientId = clientId;\r\n this.scopes = scopes;\r\n this.homeAccountIdentifier = CryptoUtils.base64Encode(uid) + \".\" + CryptoUtils.base64Encode(utid);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class AccessTokenValue {\r\n\r\n accessToken: string;\r\n idToken: string;\r\n expiresIn: string;\r\n homeAccountIdentifier: string;\r\n\r\n constructor(accessToken: string, idToken: string, expiresIn: string, homeAccountIdentifier: string) {\r\n this.accessToken = accessToken;\r\n this.idToken = idToken;\r\n this.expiresIn = expiresIn;\r\n this.homeAccountIdentifier = homeAccountIdentifier;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants, PersistentCacheKeys, TemporaryCacheKeys, ErrorCacheKeys, ServerHashParamKeys, SESSION_STORAGE} from \"../utils/Constants\";\r\nimport { AccessTokenCacheItem } from \"./AccessTokenCacheItem\";\r\nimport { CacheLocation } from \"../Configuration\";\r\nimport { BrowserStorage } from \"./BrowserStorage\";\r\nimport { RequestUtils } from \"../utils/RequestUtils\";\r\nimport { AccessTokenKey } from \"./AccessTokenKey\";\r\nimport { StringUtils } from \"../utils/StringUtils\";\r\nimport { IdToken } from \"../IdToken\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class AuthCache extends BrowserStorage {// Singleton\r\n\r\n private clientId: string;\r\n private rollbackEnabled: boolean;\r\n private temporaryCache: BrowserStorage;\r\n\r\n constructor(clientId: string, cacheLocation: CacheLocation, storeAuthStateInCookie: boolean) {\r\n super(cacheLocation);\r\n this.temporaryCache = new BrowserStorage(SESSION_STORAGE);\r\n this.clientId = clientId;\r\n // This is hardcoded to true for now. We may make this configurable in the future\r\n this.rollbackEnabled = true;\r\n this.migrateCacheEntries(storeAuthStateInCookie);\r\n }\r\n\r\n /**\r\n * Support roll back to old cache schema until the next major release: true by default now\r\n * @param storeAuthStateInCookie\r\n */\r\n private migrateCacheEntries(storeAuthStateInCookie: boolean) {\r\n\r\n const idTokenKey = `${Constants.cachePrefix}.${PersistentCacheKeys.IDTOKEN}`;\r\n const clientInfoKey = `${Constants.cachePrefix}.${PersistentCacheKeys.CLIENT_INFO}`;\r\n const errorKey = `${Constants.cachePrefix}.${ErrorCacheKeys.ERROR}`;\r\n const errorDescKey = `${Constants.cachePrefix}.${ErrorCacheKeys.ERROR_DESC}`;\r\n\r\n const idTokenValue = super.getItem(idTokenKey);\r\n\r\n let idToken;\r\n\r\n if (idTokenValue) {\r\n try {\r\n idToken = new IdToken(idTokenValue);\r\n } catch (e) {\r\n return;\r\n }\r\n }\r\n\r\n if (idToken && idToken.claims && idToken.claims.aud === this.clientId) {\r\n const clientInfoValue = super.getItem(clientInfoKey);\r\n const errorValue = super.getItem(errorKey);\r\n const errorDescValue = super.getItem(errorDescKey);\r\n\r\n const values = [idTokenValue, clientInfoValue, errorValue, errorDescValue];\r\n const keysToMigrate = [PersistentCacheKeys.IDTOKEN, PersistentCacheKeys.CLIENT_INFO,ErrorCacheKeys.ERROR, ErrorCacheKeys.ERROR_DESC];\r\n\r\n keysToMigrate.forEach((cacheKey, index) => this.duplicateCacheEntry(cacheKey, values[index], storeAuthStateInCookie));\r\n }\r\n }\r\n\r\n /**\r\n * Utility function to help with roll back keys\r\n * @param newKey\r\n * @param value\r\n * @param storeAuthStateInCookie\r\n */\r\n private duplicateCacheEntry(newKey: string, value: string, storeAuthStateInCookie?: boolean) {\r\n if (value) {\r\n this.setItem(newKey, value, storeAuthStateInCookie);\r\n }\r\n }\r\n\r\n /**\r\n * Prepend msal.<client-id> to each key; Skip for any JSON object as Key (defined schemas do not need the key appended: AccessToken Keys or the upcoming schema)\r\n * @param key\r\n * @param addInstanceId\r\n */\r\n private generateCacheKey(key: string, addInstanceId: boolean): string {\r\n try {\r\n // Defined schemas do not need the key appended\r\n JSON.parse(key);\r\n return key;\r\n } catch (e) {\r\n if (key.indexOf(`${Constants.cachePrefix}`) === 0 || key.indexOf(Constants.adalIdToken) === 0){\r\n return key;\r\n }\r\n return addInstanceId ? `${Constants.cachePrefix}.${this.clientId}.${key}` : `${Constants.cachePrefix}.${key}`;\r\n }\r\n }\r\n\r\n /**\r\n * Validates that the input cache key contains the account search terms (clientId and homeAccountIdentifier) and\r\n * then whether or not it contains the \"scopes\", depending on the token type being searched for. With matching account\r\n * search terms, Access Token search tries to match the \"scopes\" keyword, while Id Token search expects \"scopes\" to not be included.\r\n * @param key \r\n * @param clientId \r\n * @param homeAccountIdentifier \r\n * @param tokenType \r\n */\r\n private matchKeyForType(key:string, clientId: string, homeAccountIdentifier: string, tokenType: string): AccessTokenKey {\r\n // All valid token cache item keys are valid JSON objects, ignore keys that aren't\r\n const parsedKey = StringUtils.validateAndParseJsonCacheKey(key);\r\n\r\n if (!parsedKey) {\r\n return null;\r\n }\r\n\r\n // Does the cache item match the request account\r\n const accountMatches = key.match(clientId) && key.match(homeAccountIdentifier);\r\n // Does the cache item match the requested token type\r\n let tokenTypeMatches = false;\r\n\r\n switch (tokenType) {\r\n case ServerHashParamKeys.ACCESS_TOKEN:\r\n // Cache item is an access token if scopes are included in the cache item key\r\n tokenTypeMatches = !!key.match(Constants.scopes);\r\n break;\r\n case ServerHashParamKeys.ID_TOKEN:\r\n // Cache may be an ID token if scopes are NOT included in the cache item key\r\n tokenTypeMatches = !key.match(Constants.scopes);\r\n break;\r\n }\r\n\r\n return (accountMatches && tokenTypeMatches) ? parsedKey : null;\r\n }\r\n\r\n /**\r\n * add value to storage\r\n * @param key\r\n * @param value\r\n * @param enableCookieStorage\r\n */\r\n setItem(key: string, value: string, enableCookieStorage?: boolean): void {\r\n super.setItem(this.generateCacheKey(key, true), value, enableCookieStorage);\r\n\r\n // Values stored in cookies will have rollback disabled to minimize cookie length\r\n if (this.rollbackEnabled && !enableCookieStorage) {\r\n super.setItem(this.generateCacheKey(key, false), value, enableCookieStorage);\r\n }\r\n }\r\n\r\n /**\r\n * get one item by key from storage\r\n * @param key\r\n * @param enableCookieStorage\r\n */\r\n getItem(key: string, enableCookieStorage?: boolean): string {\r\n return super.getItem(this.generateCacheKey(key, true), enableCookieStorage);\r\n }\r\n\r\n /**\r\n * remove value from storage\r\n * @param key\r\n */\r\n removeItem(key: string): void {\r\n this.temporaryCache.removeItem(this.generateCacheKey(key, true));\r\n super.removeItem(this.generateCacheKey(key, true));\r\n if (this.rollbackEnabled) {\r\n super.removeItem(this.generateCacheKey(key, false));\r\n }\r\n }\r\n\r\n /**\r\n * Sets temporary cache value\r\n * @param key \r\n * @param value \r\n * @param enableCookieStorage \r\n */\r\n setTemporaryItem(key: string, value: string, enableCookieStorage?: boolean): void {\r\n this.temporaryCache.setItem(this.generateCacheKey(key, true), value, enableCookieStorage);\r\n }\r\n\r\n /**\r\n * Gets temporary cache value\r\n * @param key \r\n * @param enableCookieStorage \r\n */\r\n getTemporaryItem(key: string, enableCookieStorage?: boolean): string {\r\n return this.temporaryCache.getItem(this.generateCacheKey(key, true), enableCookieStorage);\r\n }\r\n\r\n /**\r\n * Reset the cache items\r\n */\r\n resetCacheItems(): void {\r\n const storage = window[this.cacheLocation];\r\n let key: string;\r\n for (key in storage) {\r\n // Check if key contains msal prefix; For now, we are clearing all cache items created by MSAL.js\r\n if (storage.hasOwnProperty(key) && (key.indexOf(Constants.cachePrefix) !== -1)) {\r\n super.removeItem(key);\r\n // TODO: Clear cache based on client id (clarify use cases where this is needed)\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * Reset all temporary cache items\r\n */\r\n resetTempCacheItems(state?: string): void {\r\n const stateId = state && RequestUtils.parseLibraryState(state).id;\r\n const isTokenRenewalInProgress = this.tokenRenewalInProgress(state);\r\n\r\n const storage = window[this.cacheLocation];\r\n // check state and remove associated cache\r\n if (stateId && !isTokenRenewalInProgress) {\r\n Object.keys(storage).forEach(key => {\r\n if (key.indexOf(stateId) !== -1) {\r\n this.removeItem(key);\r\n super.clearItemCookie(key);\r\n }\r\n });\r\n }\r\n // delete the interaction status cache\r\n this.setInteractionInProgress(false);\r\n this.removeItem(TemporaryCacheKeys.REDIRECT_REQUEST);\r\n }\r\n\r\n /**\r\n * Set cookies for IE\r\n * @param cName\r\n * @param cValue\r\n * @param expires\r\n */\r\n setItemCookie(cName: string, cValue: string, expires?: number): void {\r\n super.setItemCookie(this.generateCacheKey(cName, true), cValue, expires);\r\n if (this.rollbackEnabled) {\r\n super.setItemCookie(this.generateCacheKey(cName, false), cValue, expires);\r\n }\r\n }\r\n\r\n clearItemCookie(cName: string): void {\r\n super.clearItemCookie(this.generateCacheKey(cName, true));\r\n if (this.rollbackEnabled) {\r\n super.clearItemCookie(this.generateCacheKey(cName, false));\r\n }\r\n }\r\n\r\n /**\r\n * get one item by key from cookies\r\n * @param cName\r\n */\r\n getItemCookie(cName: string): string {\r\n return super.getItemCookie(this.generateCacheKey(cName, true));\r\n }\r\n\r\n /**\r\n * Get all tokens of a certain type from the cache\r\n * @param clientId \r\n * @param homeAccountIdentifier \r\n * @param tokenType\r\n */\r\n getAllTokensByType(clientId: string, homeAccountIdentifier: string, tokenType: string): Array<AccessTokenCacheItem> {\r\n const results = Object.keys(window[this.cacheLocation]).reduce((tokens, key) => {\r\n const matchedTokenKey: AccessTokenKey = this.matchKeyForType(key, clientId, homeAccountIdentifier, tokenType);\r\n if (matchedTokenKey) {\r\n const value = this.getItem(key);\r\n if (value) {\r\n try {\r\n const newAccessTokenCacheItem = new AccessTokenCacheItem(matchedTokenKey, JSON.parse(value));\r\n return tokens.concat([ newAccessTokenCacheItem ]);\r\n } catch (err) {\r\n // Skip cache items with non-valid JSON values\r\n return tokens;\r\n }\r\n }\r\n }\r\n\r\n return tokens;\r\n }, []);\r\n return results;\r\n }\r\n\r\n /**\r\n * Get all access tokens in the cache\r\n * @param clientId\r\n * @param homeAccountIdentifier\r\n */\r\n getAllAccessTokens(clientId: string, homeAccountIdentifier: string): Array<AccessTokenCacheItem> {\r\n return this.getAllTokensByType(clientId, homeAccountIdentifier, ServerHashParamKeys.ACCESS_TOKEN);\r\n }\r\n\r\n /**\r\n * Get all id tokens in the cache in the form of AccessTokenCacheItem objects so they are \r\n * in a normalized format and can make use of the existing cached access token validation logic\r\n */\r\n getAllIdTokens(clientId: string, homeAccountIdentifier: string): Array<AccessTokenCacheItem> {\r\n return this.getAllTokensByType(clientId, homeAccountIdentifier, ServerHashParamKeys.ID_TOKEN);\r\n }\r\n\r\n /**\r\n * Get all access and ID tokens in the cache\r\n * @param clientId \r\n * @param homeAccountIdentifier \r\n */\r\n getAllTokens(clientId: string, homeAccountIdentifier: string): Array<AccessTokenCacheItem> {\r\n const accessTokens = this.getAllAccessTokens(clientId, homeAccountIdentifier);\r\n const idTokens = this.getAllIdTokens(clientId, homeAccountIdentifier);\r\n return [...accessTokens, ...idTokens];\r\n }\r\n\r\n /**\r\n * Returns whether or not interaction is currently in progress. Optionally scope it to just this clientId\r\n * @param forThisClient \r\n */\r\n isInteractionInProgress(matchClientId: boolean): boolean {\r\n const clientId = this.getInteractionInProgress();\r\n if (matchClientId) {\r\n return clientId === this.clientId;\r\n } else {\r\n return !!clientId;\r\n }\r\n }\r\n\r\n /**\r\n * Returns the clientId of the interaction currently in progress\r\n */\r\n getInteractionInProgress(): string {\r\n return this.getTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS, false));\r\n }\r\n\r\n /**\r\n * Sets interaction in progress state\r\n * @param isInProgress \r\n */\r\n setInteractionInProgress(newInProgressValue: boolean): void {\r\n if (newInProgressValue && !this.isInteractionInProgress(false)) {\r\n // Ensure we don't overwrite interaction in progress for a different clientId\r\n this.setTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS, false), this.clientId);\r\n } else if (!newInProgressValue && this.isInteractionInProgress(true)) {\r\n // Only remove if the current in progress interaction is for this clientId\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS, false));\r\n }\r\n }\r\n\r\n /**\r\n * Return if the token renewal is still in progress\r\n * \r\n * @param stateValue\r\n */\r\n private tokenRenewalInProgress(stateValue: string): boolean {\r\n const renewStatus = this.getItem(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.RENEW_STATUS, stateValue));\r\n return !!(renewStatus && renewStatus === Constants.inProgress);\r\n }\r\n\r\n /**\r\n * Clear all cookies\r\n */\r\n public clearMsalCookie(state?: string): void {\r\n /*\r\n * If state is truthy, remove values associated with that request.\r\n * Otherwise, remove all MSAL cookies.\r\n */\r\n if (state) {\r\n this.clearItemCookie(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.NONCE_IDTOKEN, state));\r\n this.clearItemCookie(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.STATE_LOGIN, state));\r\n this.clearItemCookie(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.LOGIN_REQUEST, state));\r\n this.clearItemCookie(AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.STATE_ACQ_TOKEN, state));\r\n } else {\r\n const cookies = document.cookie.split(\";\");\r\n cookies.forEach(cookieString => {\r\n const [\r\n cookieName\r\n ] = cookieString.trim().split(\"=\");\r\n\r\n if (cookieName.indexOf(Constants.cachePrefix) > -1) {\r\n super.clearItemCookie(cookieName);\r\n }\r\n });\r\n }\r\n }\r\n\r\n /**\r\n * Create acquireTokenAccountKey to cache account object\r\n * @param accountId\r\n * @param state\r\n */\r\n public static generateAcquireTokenAccountKey(accountId: string, state: string): string {\r\n const stateId = RequestUtils.parseLibraryState(state).id;\r\n return `${TemporaryCacheKeys.ACQUIRE_TOKEN_ACCOUNT}${Constants.resourceDelimiter}${accountId}${Constants.resourceDelimiter}${stateId}`;\r\n }\r\n\r\n /**\r\n * Create authorityKey to cache authority\r\n * @param state\r\n */\r\n public static generateAuthorityKey(state: string): string {\r\n return AuthCache.generateTemporaryCacheKey(TemporaryCacheKeys.AUTHORITY, state);\r\n }\r\n\r\n /**\r\n * Generates the cache key for temporary cache items, using request state\r\n * @param tempCacheKey Cache key prefix\r\n * @param state Request state value\r\n */\r\n public static generateTemporaryCacheKey(tempCacheKey: TemporaryCacheKeys, state: string): string {\r\n // Use the state id (a guid), in the interest of shorter key names, which is important for cookies.\r\n const stateId = RequestUtils.parseLibraryState(state).id;\r\n return `${tempCacheKey}${Constants.resourceDelimiter}${stateId}`;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CacheLocation } from \"../Configuration\";\r\nimport { ClientConfigurationError } from \"../error/ClientConfigurationError\";\r\nimport { AuthError } from \"../error/AuthError\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class BrowserStorage {// Singleton\r\n\r\n protected cacheLocation: CacheLocation;\r\n\r\n constructor(cacheLocation: CacheLocation) {\r\n if (!window) {\r\n throw AuthError.createNoWindowObjectError(\"Browser storage class could not find window object\");\r\n }\r\n\r\n const storageSupported = typeof window[cacheLocation] !== \"undefined\" && window[cacheLocation] !== null;\r\n if (!storageSupported) {\r\n throw ClientConfigurationError.createStorageNotSupportedError(cacheLocation);\r\n }\r\n this.cacheLocation = cacheLocation;\r\n }\r\n\r\n /**\r\n * add value to storage\r\n * @param key\r\n * @param value\r\n * @param enableCookieStorage\r\n */\r\n setItem(key: string, value: string, enableCookieStorage?: boolean): void {\r\n window[this.cacheLocation].setItem(key, value);\r\n if (enableCookieStorage) {\r\n this.setItemCookie(key, value);\r\n }\r\n }\r\n\r\n /**\r\n * get one item by key from storage\r\n * @param key\r\n * @param enableCookieStorage\r\n */\r\n getItem(key: string, enableCookieStorage?: boolean): string {\r\n if (enableCookieStorage && this.getItemCookie(key)) {\r\n return this.getItemCookie(key);\r\n }\r\n return window[this.cacheLocation].getItem(key);\r\n }\r\n\r\n /**\r\n * remove value from storage\r\n * @param key\r\n */\r\n removeItem(key: string): void {\r\n return window[this.cacheLocation].removeItem(key);\r\n }\r\n\r\n /**\r\n * clear storage (remove all items from it)\r\n */\r\n clear(): void {\r\n return window[this.cacheLocation].clear();\r\n }\r\n\r\n /**\r\n * add value to cookies\r\n * @param cName\r\n * @param cValue\r\n * @param expires\r\n */\r\n setItemCookie(cName: string, cValue: string, expires?: number): void {\r\n let cookieStr = encodeURIComponent(cName) + \"=\" + encodeURIComponent(cValue) + \";path=/;\";\r\n if (expires) {\r\n const expireTime = this.getCookieExpirationTime(expires);\r\n cookieStr += \"expires=\" + expireTime + \";\";\r\n }\r\n\r\n document.cookie = cookieStr;\r\n }\r\n\r\n /**\r\n * get one item by key from cookies\r\n * @param cName\r\n */\r\n getItemCookie(cName: string): string {\r\n const name = encodeURIComponent(cName) + \"=\";\r\n const ca = document.cookie.split(\";\");\r\n for (let i = 0; i < ca.length; i++) {\r\n let c = ca[i];\r\n while (c.charAt(0) === \" \") {\r\n c = c.substring(1);\r\n }\r\n if (c.indexOf(name) === 0) {\r\n return decodeURIComponent(c.substring(name.length, c.length));\r\n }\r\n }\r\n return \"\";\r\n }\r\n\r\n /**\r\n * Clear an item in the cookies by key\r\n * @param cName\r\n */\r\n clearItemCookie(cName: string): void {\r\n this.setItemCookie(cName, \"\", -1);\r\n }\r\n\r\n /**\r\n * Get cookie expiration time\r\n * @param cookieLifeDays\r\n */\r\n getCookieExpirationTime(cookieLifeDays: number): string {\r\n const today = new Date();\r\n const expr = new Date(today.getTime() + cookieLifeDays * 24 * 60 * 60 * 1000);\r\n return expr.toUTCString();\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nexport const AuthErrorMessage = {\r\n unexpectedError: {\r\n code: \"unexpected_error\",\r\n desc: \"Unexpected error in authentication.\"\r\n },\r\n noWindowObjectError: {\r\n code: \"no_window_object\",\r\n desc: \"No window object available. Details:\"\r\n }\r\n};\r\n\r\n/**\r\n * General error class thrown by the MSAL.js library.\r\n */\r\nexport class AuthError extends Error {\r\n\r\n errorCode: string;\r\n errorMessage: string;\r\n\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorMessage);\r\n Object.setPrototypeOf(this, AuthError.prototype);\r\n\r\n this.errorCode = errorCode;\r\n this.errorMessage = errorMessage;\r\n this.name = \"AuthError\";\r\n }\r\n\r\n static createUnexpectedError(errDesc: string): AuthError {\r\n return new AuthError(AuthErrorMessage.unexpectedError.code, `${AuthErrorMessage.unexpectedError.desc}: ${errDesc}`);\r\n }\r\n\r\n static createNoWindowObjectError(errDesc: string): AuthError {\r\n return new AuthError(AuthErrorMessage.noWindowObjectError.code, `${AuthErrorMessage.noWindowObjectError.desc} ${errDesc}`);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthError } from \"./AuthError\";\r\nimport { IdToken } from \"../IdToken\";\r\nimport { StringUtils } from \"../utils/StringUtils\";\r\n\r\nexport const ClientAuthErrorMessage = {\r\n endpointResolutionError: {\r\n code: \"endpoints_resolution_error\",\r\n desc: \"Error: could not resolve endpoints. Please check network and try again.\"\r\n },\r\n popUpWindowError: {\r\n code: \"popup_window_error\",\r\n desc: \"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.\"\r\n },\r\n tokenRenewalError: {\r\n code: \"token_renewal_error\",\r\n desc: \"Token renewal operation failed due to timeout.\"\r\n },\r\n invalidIdToken: {\r\n code: \"invalid_id_token\",\r\n desc: \"Invalid ID token format.\"\r\n },\r\n invalidStateError: {\r\n code: \"invalid_state_error\",\r\n desc: \"Invalid state.\"\r\n },\r\n nonceMismatchError: {\r\n code: \"nonce_mismatch_error\",\r\n desc: \"Nonce is not matching, Nonce received: \"\r\n },\r\n loginProgressError: {\r\n code: \"login_progress_error\",\r\n desc: \"Login_In_Progress: Error during login call - login is already in progress.\"\r\n },\r\n acquireTokenProgressError: {\r\n code: \"acquiretoken_progress_error\",\r\n desc: \"AcquireToken_In_Progress: Error during login call - login is already in progress.\"\r\n },\r\n userCancelledError: {\r\n code: \"user_cancelled\",\r\n desc: \"User cancelled the flow.\"\r\n },\r\n callbackError: {\r\n code: \"callback_error\",\r\n desc: \"Error occurred in token received callback function.\"\r\n },\r\n userLoginRequiredError: {\r\n code: \"user_login_error\",\r\n desc: \"User login is required. For silent calls, request must contain either sid or login_hint\"\r\n },\r\n userDoesNotExistError: {\r\n code: \"user_non_existent\",\r\n desc: \"User object does not exist. Please call a login API.\"\r\n },\r\n clientInfoDecodingError: {\r\n code: \"client_info_decoding_error\",\r\n desc: \"The client info could not be parsed/decoded correctly. Please review the trace to determine the root cause.\"\r\n },\r\n clientInfoNotPopulatedError: {\r\n code: \"client_info_not_populated_error\",\r\n desc: \"The service did not populate client_info in the response, Please verify with the service team\"\r\n },\r\n nullOrEmptyIdToken: {\r\n code: \"null_or_empty_id_token\",\r\n desc: \"The idToken is null or empty. Please review the trace to determine the root cause.\"\r\n },\r\n idTokenNotParsed: {\r\n code: \"id_token_parsing_error\",\r\n desc: \"ID token cannot be parsed. Please review stack trace to determine root cause.\"\r\n },\r\n tokenEncodingError: {\r\n code: \"token_encoding_error\",\r\n desc: \"The token to be decoded is not encoded correctly.\"\r\n },\r\n invalidInteractionType: {\r\n code: \"invalid_interaction_type\",\r\n desc: \"The interaction type passed to the handler was incorrect or unknown\"\r\n },\r\n cacheParseError: {\r\n code: \"cannot_parse_cache\",\r\n desc: \"The cached token key is not a valid JSON and cannot be parsed\"\r\n },\r\n blockTokenRequestsInHiddenIframe: {\r\n code: \"block_token_requests\",\r\n desc: \"Token calls are blocked in hidden iframes\"\r\n }\r\n};\r\n\r\n/**\r\n * Error thrown when there is an error in the client code running on the browser.\r\n */\r\nexport class ClientAuthError extends AuthError {\r\n\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorCode, errorMessage);\r\n this.name = \"ClientAuthError\";\r\n\r\n Object.setPrototypeOf(this, ClientAuthError.prototype);\r\n }\r\n\r\n static createEndpointResolutionError(errDetail?: string): ClientAuthError {\r\n let errorMessage = ClientAuthErrorMessage.endpointResolutionError.desc;\r\n if (errDetail && !StringUtils.isEmpty(errDetail)) {\r\n errorMessage += ` Details: ${errDetail}`;\r\n }\r\n return new ClientAuthError(ClientAuthErrorMessage.endpointResolutionError.code, errorMessage);\r\n }\r\n\r\n static createPopupWindowError(errDetail?: string): ClientAuthError {\r\n let errorMessage = ClientAuthErrorMessage.popUpWindowError.desc;\r\n if (errDetail && !StringUtils.isEmpty(errDetail)) {\r\n errorMessage += ` Details: ${errDetail}`;\r\n }\r\n return new ClientAuthError(ClientAuthErrorMessage.popUpWindowError.code, errorMessage);\r\n }\r\n\r\n static createTokenRenewalTimeoutError(): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.tokenRenewalError.code, ClientAuthErrorMessage.tokenRenewalError.desc);\r\n }\r\n\r\n static createInvalidIdTokenError(idToken: IdToken) : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidIdToken.code,\r\n `${ClientAuthErrorMessage.invalidIdToken.desc} Given token: ${idToken}`);\r\n }\r\n\r\n // TODO: Is this not a security flaw to send the user the state expected??\r\n static createInvalidStateError(invalidState: string, actualState: string): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidStateError.code,\r\n `${ClientAuthErrorMessage.invalidStateError.desc} ${invalidState}, state expected : ${actualState}.`);\r\n }\r\n\r\n // TODO: Is this not a security flaw to send the user the Nonce expected??\r\n static createNonceMismatchError(invalidNonce: string, actualNonce: string): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.nonceMismatchError.code,\r\n `${ClientAuthErrorMessage.nonceMismatchError.desc} ${invalidNonce}, nonce expected : ${actualNonce}.`);\r\n }\r\n\r\n static createLoginInProgressError(): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.loginProgressError.code,\r\n ClientAuthErrorMessage.loginProgressError.desc);\r\n }\r\n\r\n static createAcquireTokenInProgressError(): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.acquireTokenProgressError.code,\r\n ClientAuthErrorMessage.acquireTokenProgressError.desc);\r\n }\r\n\r\n static createUserCancelledError(): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.userCancelledError.code,\r\n ClientAuthErrorMessage.userCancelledError.desc);\r\n }\r\n\r\n static createErrorInCallbackFunction(errorDesc: string): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.callbackError.code,\r\n `${ClientAuthErrorMessage.callbackError.desc} ${errorDesc}.`);\r\n }\r\n\r\n static createUserLoginRequiredError() : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.userLoginRequiredError.code,\r\n ClientAuthErrorMessage.userLoginRequiredError.desc);\r\n }\r\n\r\n static createUserDoesNotExistError() : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.userDoesNotExistError.code,\r\n ClientAuthErrorMessage.userDoesNotExistError.desc);\r\n }\r\n\r\n static createClientInfoDecodingError(caughtError: string) : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.clientInfoDecodingError.code,\r\n `${ClientAuthErrorMessage.clientInfoDecodingError.desc} Failed with error: ${caughtError}`);\r\n }\r\n\r\n static createClientInfoNotPopulatedError(caughtError: string) : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.clientInfoNotPopulatedError.code,\r\n `${ClientAuthErrorMessage.clientInfoNotPopulatedError.desc} Failed with error: ${caughtError}`);\r\n }\r\n\r\n static createIdTokenNullOrEmptyError(invalidRawTokenString: string) : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.nullOrEmptyIdToken.code,\r\n `${ClientAuthErrorMessage.nullOrEmptyIdToken.desc} Raw ID Token Value: ${invalidRawTokenString}`);\r\n }\r\n\r\n static createIdTokenParsingError(caughtParsingError: string) : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.idTokenNotParsed.code,\r\n `${ClientAuthErrorMessage.idTokenNotParsed.desc} Failed with error: ${caughtParsingError}`);\r\n }\r\n\r\n static createTokenEncodingError(incorrectlyEncodedToken: string) : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.tokenEncodingError.code,\r\n `${ClientAuthErrorMessage.tokenEncodingError.desc} Attempted to decode: ${incorrectlyEncodedToken}`);\r\n }\r\n\r\n static createInvalidInteractionTypeError() : ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidInteractionType.code,\r\n ClientAuthErrorMessage.invalidInteractionType.desc);\r\n }\r\n\r\n static createCacheParseError(key: string) : ClientAuthError {\r\n const errorMessage = `invalid key: ${key}, ${ClientAuthErrorMessage.cacheParseError.desc}`;\r\n return new ClientAuthError(ClientAuthErrorMessage.cacheParseError.code,\r\n errorMessage);\r\n }\r\n\r\n static createBlockTokenRequestsInHiddenIframeError(): ClientAuthError {\r\n return new ClientAuthError(ClientAuthErrorMessage.blockTokenRequestsInHiddenIframe.code,\r\n ClientAuthErrorMessage.blockTokenRequestsInHiddenIframe.desc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientAuthError } from \"./ClientAuthError\";\r\nimport { TelemetryOptions } from \"../Configuration\";\r\n\r\ninterface IClientConfigurationErrorMessage {\r\n code: string,\r\n desc: string\r\n}\r\n\r\nexport const ClientConfigurationErrorMessage: Record<string, IClientConfigurationErrorMessage> = {\r\n configurationNotSet: {\r\n code: \"no_config_set\",\r\n desc: \"Configuration has not been set. Please call the UserAgentApplication constructor with a valid Configuration object.\"\r\n },\r\n storageNotSupported: {\r\n code: \"storage_not_supported\",\r\n desc: \"The value for the cacheLocation is not supported.\"\r\n },\r\n noRedirectCallbacksSet: {\r\n code: \"no_redirect_callbacks\",\r\n desc: \"No redirect callbacks have been set. Please call handleRedirectCallback() with the appropriate function arguments before continuing. \" +\r\n \"More information is available here: https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/MSAL-basics.\"\r\n },\r\n invalidCallbackObject: {\r\n code: \"invalid_callback_object\",\r\n desc: \"The object passed for the callback was invalid. \" +\r\n \"More information is available here: https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/MSAL-basics.\"\r\n },\r\n scopesRequired: {\r\n code: \"scopes_required\",\r\n desc: \"Scopes are required to obtain an access token.\"\r\n },\r\n emptyScopes: {\r\n code: \"empty_input_scopes_error\",\r\n desc: \"Scopes cannot be passed as empty array.\"\r\n },\r\n nonArrayScopes: {\r\n code: \"nonarray_input_scopes_error\",\r\n desc: \"Scopes cannot be passed as non-array.\"\r\n },\r\n invalidPrompt: {\r\n code: \"invalid_prompt_value\",\r\n desc: \"Supported prompt values are 'login', 'select_account', 'consent' and 'none'\",\r\n },\r\n invalidAuthorityType: {\r\n code: \"invalid_authority_type\",\r\n desc: \"The given authority is not a valid type of authority supported by MSAL. Please see here for valid authorities: <insert URL here>.\"\r\n },\r\n authorityUriInsecure: {\r\n code: \"authority_uri_insecure\",\r\n desc: \"Authority URIs must use https.\"\r\n },\r\n authorityUriInvalidPath: {\r\n code: \"authority_uri_invalid_path\",\r\n desc: \"Given authority URI is invalid.\"\r\n },\r\n unsupportedAuthorityValidation: {\r\n code: \"unsupported_authority_validation\",\r\n desc: \"The authority validation is not supported for this authority type.\"\r\n },\r\n untrustedAuthority: {\r\n code: \"untrusted_authority\",\r\n desc: \"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter or set validateAuthority=false.\"\r\n },\r\n b2cAuthorityUriInvalidPath: {\r\n code: \"b2c_authority_uri_invalid_path\",\r\n desc: \"The given URI for the B2C authority is invalid.\"\r\n },\r\n b2cKnownAuthoritiesNotSet: {\r\n code: \"b2c_known_authorities_not_set\",\r\n desc: \"Must set known authorities when validateAuthority is set to True and using B2C\"\r\n },\r\n claimsRequestParsingError: {\r\n code: \"claims_request_parsing_error\",\r\n desc: \"Could not parse the given claims request object.\"\r\n },\r\n emptyRequestError: {\r\n code: \"empty_request_error\",\r\n desc: \"Request object is required.\"\r\n },\r\n invalidCorrelationIdError: {\r\n code: \"invalid_guid_sent_as_correlationId\",\r\n desc: \"Please set the correlationId as a valid guid\"\r\n },\r\n telemetryConfigError: {\r\n code: \"telemetry_config_error\",\r\n desc: \"Telemetry config is not configured with required values\"\r\n },\r\n ssoSilentError: {\r\n code: \"sso_silent_error\",\r\n desc: \"request must contain either sid or login_hint\"\r\n },\r\n invalidAuthorityMetadataError: {\r\n code: \"authority_metadata_error\",\r\n desc: \"Invalid authorityMetadata. Must be a JSON object containing authorization_endpoint, end_session_endpoint, and issuer fields.\"\r\n }\r\n};\r\n\r\n/**\r\n * Error thrown when there is an error in configuration of the .js library.\r\n */\r\nexport class ClientConfigurationError extends ClientAuthError {\r\n\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorCode, errorMessage);\r\n this.name = \"ClientConfigurationError\";\r\n Object.setPrototypeOf(this, ClientConfigurationError.prototype);\r\n }\r\n\r\n static createNoSetConfigurationError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.configurationNotSet.code,\r\n `${ClientConfigurationErrorMessage.configurationNotSet.desc}`);\r\n }\r\n\r\n static createStorageNotSupportedError(givenCacheLocation: string) : ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.storageNotSupported.code,\r\n `${ClientConfigurationErrorMessage.storageNotSupported.desc} Given location: ${givenCacheLocation}`);\r\n }\r\n\r\n static createRedirectCallbacksNotSetError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.noRedirectCallbacksSet.code, ClientConfigurationErrorMessage.noRedirectCallbacksSet.desc);\r\n }\r\n\r\n static createInvalidCallbackObjectError(callbackObject: object): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidCallbackObject.code,\r\n `${ClientConfigurationErrorMessage.invalidCallbackObject.desc} Given value for callback function: ${callbackObject}`);\r\n }\r\n\r\n static createEmptyScopesArrayError(scopesValue: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.emptyScopes.code,\r\n `${ClientConfigurationErrorMessage.emptyScopes.desc} Given value: ${scopesValue}.`);\r\n }\r\n\r\n static createScopesNonArrayError(scopesValue: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.nonArrayScopes.code,\r\n `${ClientConfigurationErrorMessage.nonArrayScopes.desc} Given value: ${scopesValue}.`);\r\n }\r\n\r\n static createScopesRequiredError(scopesValue: string[]): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.scopesRequired.code,\r\n `${ClientConfigurationErrorMessage.scopesRequired.desc} Given value: ${scopesValue}`);\r\n }\r\n\r\n static createInvalidPromptError(promptValue: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidPrompt.code,\r\n `${ClientConfigurationErrorMessage.invalidPrompt.desc} Given value: ${promptValue}`);\r\n }\r\n\r\n static createClaimsRequestParsingError(claimsRequestParseError: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.claimsRequestParsingError.code,\r\n `${ClientConfigurationErrorMessage.claimsRequestParsingError.desc} Given value: ${claimsRequestParseError}`);\r\n }\r\n\r\n static createEmptyRequestError(): ClientConfigurationError {\r\n const { code, desc } = ClientConfigurationErrorMessage.emptyRequestError;\r\n return new ClientConfigurationError(code, desc);\r\n }\r\n\r\n static createInvalidCorrelationIdError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidCorrelationIdError.code,\r\n ClientConfigurationErrorMessage.invalidCorrelationIdError.desc);\r\n }\r\n\r\n static createKnownAuthoritiesNotSetError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.b2cKnownAuthoritiesNotSet.code,\r\n ClientConfigurationErrorMessage.b2cKnownAuthoritiesNotSet.desc);\r\n }\r\n\r\n static createInvalidAuthorityTypeError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidAuthorityType.code,\r\n ClientConfigurationErrorMessage.invalidAuthorityType.desc);\r\n }\r\n\r\n static createUntrustedAuthorityError(host: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.untrustedAuthority.code,\r\n `${ClientConfigurationErrorMessage.untrustedAuthority.desc} Provided Authority: ${host}`);\r\n }\r\n\r\n static createTelemetryConfigError(config: TelemetryOptions): ClientConfigurationError {\r\n const { code, desc } = ClientConfigurationErrorMessage.telemetryConfigError;\r\n const requiredKeys = {\r\n applicationName: \"string\",\r\n applicationVersion: \"string\",\r\n telemetryEmitter: \"function\"\r\n };\r\n\r\n const missingKeys = Object.keys(requiredKeys)\r\n .reduce((keys, key) => {\r\n return config[key] ? keys : keys.concat([ `${key} (${requiredKeys[key]})` ]);\r\n }, []);\r\n\r\n return new ClientConfigurationError(code, `${desc} mising values: ${missingKeys.join(\",\")}`);\r\n }\r\n\r\n static createSsoSilentError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.ssoSilentError.code,\r\n ClientConfigurationErrorMessage.ssoSilentError.desc);\r\n }\r\n\r\n static createInvalidAuthorityMetadataError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidAuthorityMetadataError.code, ClientConfigurationErrorMessage.invalidAuthorityMetadataError.desc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ServerError } from \"./ServerError\";\r\n\r\nexport const InteractionRequiredAuthErrorMessage = {\r\n interactionRequired: {\r\n code: \"interaction_required\"\r\n },\r\n consentRequired: {\r\n code: \"consent_required\"\r\n },\r\n loginRequired: {\r\n code: \"login_required\"\r\n },\r\n};\r\n\r\n/**\r\n * Error thrown when the user is required to perform an interactive token request.\r\n */\r\nexport class InteractionRequiredAuthError extends ServerError {\r\n\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorCode, errorMessage);\r\n this.name = \"InteractionRequiredAuthError\";\r\n\r\n Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);\r\n }\r\n\r\n static isInteractionRequiredError(errorString: string) : boolean {\r\n const interactionRequiredCodes = [\r\n InteractionRequiredAuthErrorMessage.interactionRequired.code,\r\n InteractionRequiredAuthErrorMessage.consentRequired.code,\r\n InteractionRequiredAuthErrorMessage.loginRequired.code\r\n ];\r\n\r\n return errorString && interactionRequiredCodes.indexOf(errorString) > -1;\r\n }\r\n\r\n static createLoginRequiredAuthError(errorDesc: string): InteractionRequiredAuthError {\r\n return new InteractionRequiredAuthError(InteractionRequiredAuthErrorMessage.loginRequired.code, errorDesc);\r\n }\r\n\r\n static createInteractionRequiredAuthError(errorDesc: string): InteractionRequiredAuthError {\r\n return new InteractionRequiredAuthError(InteractionRequiredAuthErrorMessage.interactionRequired.code, errorDesc);\r\n }\r\n\r\n static createConsentRequiredAuthError(errorDesc: string): InteractionRequiredAuthError {\r\n return new InteractionRequiredAuthError(InteractionRequiredAuthErrorMessage.consentRequired.code, errorDesc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthError } from \"./AuthError\";\r\n\r\nexport const ServerErrorMessage = {\r\n serverUnavailable: {\r\n code: \"server_unavailable\",\r\n desc: \"Server is temporarily unavailable.\"\r\n },\r\n unknownServerError: {\r\n code: \"unknown_server_error\"\r\n },\r\n};\r\n\r\n/**\r\n * Error thrown when there is an error with the server code, for example, unavailability.\r\n */\r\nexport class ServerError extends AuthError {\r\n\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorCode, errorMessage);\r\n this.name = \"ServerError\";\r\n\r\n Object.setPrototypeOf(this, ServerError.prototype);\r\n }\r\n\r\n static createServerUnavailableError(): ServerError {\r\n return new ServerError(ServerErrorMessage.serverUnavailable.code,\r\n ServerErrorMessage.serverUnavailable.desc);\r\n }\r\n\r\n static createUnknownServerError(errorDesc: string): ServerError {\r\n return new ServerError(ServerErrorMessage.unknownServerError.code,\r\n errorDesc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * @packageDocumentation\r\n * @module @azure/msal\r\n */\r\n\r\nexport { UserAgentApplication, authResponseCallback, errorReceivedCallback, tokenReceivedCallback } from \"./UserAgentApplication\";\r\nexport { Logger } from \"./Logger\";\r\nexport { LogLevel } from \"./Logger\";\r\nexport { Account } from \"./Account\";\r\nexport { Constants, ServerHashParamKeys } from \"./utils/Constants\";\r\nexport { Authority } from \"./authority/Authority\";\r\nexport { CacheResult } from \"./UserAgentApplication\";\r\nexport { CacheLocation, Configuration } from \"./Configuration\";\r\nexport { AuthenticationParameters } from \"./AuthenticationParameters\";\r\nexport { AuthResponse } from \"./AuthResponse\";\r\nexport { CryptoUtils } from \"./utils/CryptoUtils\";\r\nexport { UrlUtils } from \"./utils/UrlUtils\";\r\nexport { WindowUtils } from \"./utils/WindowUtils\";\r\n\r\n// Errors\r\nexport { AuthError } from \"./error/AuthError\";\r\nexport { ClientAuthError } from \"./error/ClientAuthError\";\r\nexport { ServerError } from \"./error/ServerError\";\r\nexport { ClientConfigurationError } from \"./error/ClientConfigurationError\";\r\nexport { InteractionRequiredAuthError } from \"./error/InteractionRequiredAuthError\";\r\nexport { version } from \"./packageMetadata\";\r\n","/* eslint-disable header/header */\r\nexport const name = \"msal\";\r\nexport const version = \"1.4.14\";\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport TelemetryEvent from \"./TelemetryEvent\";\r\nimport { TELEMETRY_BLOB_EVENT_NAMES } from \"./TelemetryConstants\";\r\nimport { scrubTenantFromUri, hashPersonalIdentifier, prependEventNamePrefix } from \"./TelemetryUtils\";\r\n\r\nexport const EVENT_KEYS = {\r\n AUTHORITY: prependEventNamePrefix(\"authority\"),\r\n AUTHORITY_TYPE: prependEventNamePrefix(\"authority_type\"),\r\n PROMPT: prependEventNamePrefix(\"ui_behavior\"),\r\n TENANT_ID: prependEventNamePrefix(\"tenant_id\"),\r\n USER_ID: prependEventNamePrefix(\"user_id\"),\r\n WAS_SUCESSFUL: prependEventNamePrefix(\"was_successful\"),\r\n API_ERROR_CODE: prependEventNamePrefix(\"api_error_code\"),\r\n LOGIN_HINT: prependEventNamePrefix(\"login_hint\")\r\n};\r\n\r\nexport enum API_CODE {\r\n AcquireTokenRedirect = 2001,\r\n AcquireTokenSilent = 2002,\r\n AcquireTokenPopup = 2003,\r\n LoginRedirect = 2004,\r\n LoginPopup = 2005,\r\n Logout = 2006\r\n}\r\n\r\nexport enum API_EVENT_IDENTIFIER {\r\n AcquireTokenRedirect = \"AcquireTokenRedirect\",\r\n AcquireTokenSilent = \"AcquireTokenSilent\",\r\n AcquireTokenPopup = \"AcquireTokenPopup\",\r\n LoginRedirect = \"LoginRedirect\",\r\n LoginPopup = \"LoginPopup\",\r\n Logout = \"Logout\"\r\n}\r\n\r\nconst mapEventIdentiferToCode = {\r\n [API_EVENT_IDENTIFIER.AcquireTokenSilent]: API_CODE.AcquireTokenSilent,\r\n [API_EVENT_IDENTIFIER.AcquireTokenPopup]: API_CODE.AcquireTokenPopup,\r\n [API_EVENT_IDENTIFIER.AcquireTokenRedirect]: API_CODE.AcquireTokenRedirect,\r\n [API_EVENT_IDENTIFIER.LoginPopup]: API_CODE.LoginPopup,\r\n [API_EVENT_IDENTIFIER.LoginRedirect]: API_CODE.LoginRedirect,\r\n [API_EVENT_IDENTIFIER.Logout]: API_CODE.Logout\r\n};\r\n\r\nexport default class ApiEvent extends TelemetryEvent {\r\n\r\n private piiEnabled: boolean;\r\n\r\n constructor(correlationId: string, piiEnabled: boolean, apiEventIdentifier?: API_EVENT_IDENTIFIER) {\r\n super(prependEventNamePrefix(\"api_event\"), correlationId, apiEventIdentifier);\r\n if (apiEventIdentifier) {\r\n this.apiCode = mapEventIdentiferToCode[apiEventIdentifier];\r\n this.apiEventIdentifier = apiEventIdentifier;\r\n }\r\n this.piiEnabled = piiEnabled;\r\n }\r\n\r\n public set apiEventIdentifier(apiEventIdentifier: string) {\r\n this.event[TELEMETRY_BLOB_EVENT_NAMES.ApiTelemIdConstStrKey] = apiEventIdentifier;\r\n }\r\n\r\n public set apiCode(apiCode: number) {\r\n this.event[TELEMETRY_BLOB_EVENT_NAMES.ApiIdConstStrKey] = apiCode;\r\n }\r\n\r\n public set authority(uri: string) {\r\n this.event[EVENT_KEYS.AUTHORITY] = scrubTenantFromUri(uri).toLowerCase();\r\n }\r\n\r\n public set apiErrorCode(errorCode: string) {\r\n this.event[EVENT_KEYS.API_ERROR_CODE] = errorCode;\r\n }\r\n\r\n public set tenantId(tenantId: string) {\r\n this.event[EVENT_KEYS.TENANT_ID] = this.piiEnabled && tenantId ?\r\n hashPersonalIdentifier(tenantId)\r\n : null;\r\n }\r\n\r\n public set accountId(accountId: string) {\r\n this.event[EVENT_KEYS.USER_ID] = this.piiEnabled && accountId ?\r\n hashPersonalIdentifier(accountId)\r\n : null;\r\n }\r\n\r\n public set wasSuccessful(wasSuccessful: boolean) {\r\n this.event[EVENT_KEYS.WAS_SUCESSFUL] = wasSuccessful;\r\n }\r\n\r\n public get wasSuccessful(): boolean {\r\n return this.event[EVENT_KEYS.WAS_SUCESSFUL] === true;\r\n }\r\n\r\n public set loginHint(loginHint: string) {\r\n this.event[EVENT_KEYS.LOGIN_HINT] = this.piiEnabled && loginHint ?\r\n hashPersonalIdentifier(loginHint)\r\n : null;\r\n }\r\n\r\n public set authorityType(authorityType: string) {\r\n this.event[EVENT_KEYS.AUTHORITY_TYPE] = authorityType.toLowerCase();\r\n }\r\n\r\n public set promptType(promptType: string) {\r\n this.event[EVENT_KEYS.PROMPT] = promptType.toLowerCase();\r\n }\r\n\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { TELEMETRY_BLOB_EVENT_NAMES } from \"./TelemetryConstants\";\r\nimport TelemetryEvent from \"./TelemetryEvent\";\r\nimport { EventCount, TelemetryPlatform } from \"./TelemetryTypes\";\r\nimport { prependEventNamePrefix } from \"./TelemetryUtils\";\r\n\r\nexport default class DefaultEvent extends TelemetryEvent {\r\n // TODO Platform Type\r\n constructor(platform: TelemetryPlatform, correlationId: string, clientId: string, eventCount: EventCount) {\r\n super(prependEventNamePrefix(\"default_event\"), correlationId, \"DefaultEvent\");\r\n this.event[prependEventNamePrefix(\"client_id\")] = clientId;\r\n this.event[prependEventNamePrefix(\"sdk_plaform\")] = platform.sdk;\r\n this.event[prependEventNamePrefix(\"sdk_version\")] = platform.sdkVersion;\r\n this.event[prependEventNamePrefix(\"application_name\")] = platform.applicationName;\r\n this.event[prependEventNamePrefix(\"application_version\")] = platform.applicationVersion;\r\n this.event[prependEventNamePrefix(\"effective_connection_speed\")] = platform.networkInformation && platform.networkInformation.connectionSpeed;\r\n this.event[`${TELEMETRY_BLOB_EVENT_NAMES.UiEventCountTelemetryBatchKey}`] = this.getEventCount(prependEventNamePrefix(\"ui_event\"), eventCount);\r\n this.event[`${TELEMETRY_BLOB_EVENT_NAMES.HttpEventCountTelemetryBatchKey}`] = this.getEventCount(prependEventNamePrefix(\"http_event\"), eventCount);\r\n this.event[`${TELEMETRY_BLOB_EVENT_NAMES.CacheEventCountConstStrKey}`] = this.getEventCount(prependEventNamePrefix(\"cache_event\"), eventCount);\r\n // / Device id?\r\n }\r\n\r\n private getEventCount(eventName: string, eventCount: EventCount): number {\r\n if (!eventCount[eventName]) {\r\n return 0;\r\n }\r\n return eventCount[eventName];\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport TelemetryEvent from \"./TelemetryEvent\";\r\nimport { scrubTenantFromUri, prependEventNamePrefix } from \"./TelemetryUtils\";\r\nimport { ServerRequestParameters } from \"../ServerRequestParameters\";\r\nimport { StringDict } from \"../MsalTypes\";\r\n\r\nexport const EVENT_KEYS = {\r\n HTTP_PATH: prependEventNamePrefix(\"http_path\"),\r\n USER_AGENT: prependEventNamePrefix(\"user_agent\"),\r\n QUERY_PARAMETERS: prependEventNamePrefix(\"query_parameters\"),\r\n API_VERSION: prependEventNamePrefix(\"api_version\"),\r\n RESPONSE_CODE: prependEventNamePrefix(\"response_code\"),\r\n O_AUTH_ERROR_CODE: prependEventNamePrefix(\"oauth_error_code\"),\r\n HTTP_METHOD: prependEventNamePrefix(\"http_method\"),\r\n REQUEST_ID_HEADER: prependEventNamePrefix(\"request_id_header\"),\r\n SPE_INFO: prependEventNamePrefix(\"spe_info\"),\r\n SERVER_ERROR_CODE: prependEventNamePrefix(\"server_error_code\"),\r\n SERVER_SUB_ERROR_CODE: prependEventNamePrefix(\"server_sub_error_code\"),\r\n URL: prependEventNamePrefix(\"url\")\r\n};\r\n\r\nexport default class HttpEvent extends TelemetryEvent {\r\n\r\n constructor(correlationId: string, eventLabel: string) {\r\n super(prependEventNamePrefix(\"http_event\"), correlationId, eventLabel);\r\n }\r\n\r\n public set url(url: string) {\r\n const scrubbedUri = scrubTenantFromUri(url);\r\n this.event[EVENT_KEYS.URL] = scrubbedUri && scrubbedUri.toLowerCase();\r\n }\r\n\r\n public set httpPath(httpPath: string) {\r\n this.event[EVENT_KEYS.HTTP_PATH] = scrubTenantFromUri(httpPath).toLowerCase();\r\n }\r\n\r\n public set userAgent(userAgent: string) {\r\n this.event[EVENT_KEYS.USER_AGENT] = userAgent;\r\n }\r\n\r\n public set queryParams(queryParams: StringDict) {\r\n this.event[EVENT_KEYS.QUERY_PARAMETERS] = ServerRequestParameters.generateQueryParametersString(queryParams);\r\n }\r\n\r\n public set apiVersion(apiVersion: string) {\r\n this.event[EVENT_KEYS.API_VERSION] = apiVersion.toLowerCase();\r\n }\r\n\r\n public set httpResponseStatus(statusCode: number) {\r\n this.event[EVENT_KEYS.RESPONSE_CODE] = statusCode;\r\n }\r\n\r\n public set oAuthErrorCode(errorCode: string) {\r\n this.event[EVENT_KEYS.O_AUTH_ERROR_CODE] = errorCode;\r\n }\r\n\r\n public set httpMethod(httpMethod: string) {\r\n this.event[EVENT_KEYS.HTTP_METHOD] = httpMethod;\r\n }\r\n\r\n public set requestIdHeader(requestIdHeader: string) {\r\n this.event[EVENT_KEYS.REQUEST_ID_HEADER] = requestIdHeader;\r\n }\r\n\r\n /**\r\n * Indicates whether the request was executed on a ring serving SPE traffic.\r\n * An empty string indicates this occurred on an outer ring, and the string \"I\"\r\n * indicates the request occurred on the inner ring\r\n */\r\n public set speInfo(speInfo: string) {\r\n this.event[EVENT_KEYS.SPE_INFO] = speInfo;\r\n }\r\n\r\n public set serverErrorCode(errorCode: string) {\r\n this.event[EVENT_KEYS.SERVER_ERROR_CODE] = errorCode;\r\n }\r\n\r\n public set serverSubErrorCode(subErrorCode: string) {\r\n this.event[EVENT_KEYS.SERVER_SUB_ERROR_CODE] = subErrorCode;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nexport const EVENT_NAME_PREFIX = \"msal.\";\r\nexport const EVENT_NAME_KEY = \"event_name\";\r\nexport const START_TIME_KEY = \"start_time\";\r\nexport const ELAPSED_TIME_KEY = \"elapsed_time\";\r\n\r\nexport const TELEMETRY_BLOB_EVENT_NAMES = {\r\n MsalCorrelationIdConstStrKey: \"Microsoft.MSAL.correlation_id\",\r\n ApiTelemIdConstStrKey: \"msal.api_telem_id\",\r\n ApiIdConstStrKey: \"msal.api_id\",\r\n BrokerAppConstStrKey: \"Microsoft_MSAL_broker_app\",\r\n CacheEventCountConstStrKey: \"Microsoft_MSAL_cache_event_count\",\r\n HttpEventCountTelemetryBatchKey: \"Microsoft_MSAL_http_event_count\",\r\n IdpConstStrKey: \"Microsoft_MSAL_idp\",\r\n IsSilentTelemetryBatchKey: \"\",\r\n IsSuccessfulConstStrKey: \"Microsoft_MSAL_is_successful\",\r\n ResponseTimeConstStrKey: \"Microsoft_MSAL_response_time\",\r\n TenantIdConstStrKey: \"Microsoft_MSAL_tenant_id\",\r\n UiEventCountTelemetryBatchKey: \"Microsoft_MSAL_ui_event_count\"\r\n};\r\n\r\n// This is used to replace the real tenant in telemetry info\r\nexport const TENANT_PLACEHOLDER = \"<tenant>\";\r\n\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n TELEMETRY_BLOB_EVENT_NAMES,\r\n EVENT_NAME_KEY,\r\n START_TIME_KEY,\r\n ELAPSED_TIME_KEY\r\n} from \"./TelemetryConstants\";\r\nimport { prependEventNamePrefix, startBrowserPerformanceMeasurement, endBrowserPerformanceMeasurement } from \"./TelemetryUtils\";\r\nimport { CryptoUtils } from \"../utils/CryptoUtils\";\r\n\r\nexport default class TelemetryEvent {\r\n\r\n private startTimestamp: number;\r\n // eslint-disable-next-line\r\n protected event: any; // TODO TYPE THIS\r\n public eventId: string;\r\n private label: string;\r\n\r\n constructor(eventName: string, correlationId: string, eventLabel: string) {\r\n this.eventId = CryptoUtils.createNewGuid();\r\n this.label = eventLabel;\r\n this.event = {\r\n [prependEventNamePrefix(EVENT_NAME_KEY)]: eventName,\r\n [prependEventNamePrefix(ELAPSED_TIME_KEY)]: -1,\r\n [`${TELEMETRY_BLOB_EVENT_NAMES.MsalCorrelationIdConstStrKey}`]: correlationId\r\n };\r\n }\r\n\r\n private setElapsedTime(time: Number): void {\r\n this.event[prependEventNamePrefix(ELAPSED_TIME_KEY)] = time;\r\n }\r\n\r\n public stop(): void {\r\n // Set duration of event\r\n this.setElapsedTime(+Date.now() - +this.startTimestamp);\r\n\r\n endBrowserPerformanceMeasurement(this.displayName, this.perfStartMark, this.perfEndMark);\r\n }\r\n\r\n public start(): void {\r\n this.startTimestamp = Date.now();\r\n this.event[prependEventNamePrefix(START_TIME_KEY)] = this.startTimestamp;\r\n\r\n startBrowserPerformanceMeasurement(this.perfStartMark);\r\n }\r\n\r\n public get telemetryCorrelationId(): string {\r\n return this.event[`${TELEMETRY_BLOB_EVENT_NAMES.MsalCorrelationIdConstStrKey}`];\r\n }\r\n\r\n public set telemetryCorrelationId(value: string) {\r\n this.event[`${TELEMETRY_BLOB_EVENT_NAMES.MsalCorrelationIdConstStrKey}`] = value;\r\n }\r\n\r\n public get eventName(): string {\r\n return this.event[prependEventNamePrefix(EVENT_NAME_KEY)];\r\n }\r\n\r\n public get(): object {\r\n return {\r\n ...this.event,\r\n eventId: this.eventId\r\n };\r\n }\r\n\r\n public get key(): string {\r\n return `${this.telemetryCorrelationId}_${this.eventId}-${this.eventName}`;\r\n }\r\n\r\n public get displayName(): string {\r\n return `Msal-${this.label}-${this.telemetryCorrelationId}`;\r\n }\r\n\r\n private get perfStartMark() {\r\n return `start-${this.key}`;\r\n }\r\n\r\n private get perfEndMark() {\r\n return `end-${this.key}`;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport TelemetryEvent from \"./TelemetryEvent\";\r\nimport {\r\n CompletedEvents,\r\n EventCount,\r\n EventCountByCorrelationId,\r\n InProgressEvents,\r\n TelemetryConfig,\r\n TelemetryPlatform,\r\n TelemetryEmitter\r\n} from \"./TelemetryTypes\";\r\nimport DefaultEvent from \"./DefaultEvent\";\r\nimport { Constants } from \"../utils/Constants\";\r\nimport ApiEvent, { API_EVENT_IDENTIFIER } from \"./ApiEvent\";\r\nimport { Logger } from \"../Logger\";\r\nimport HttpEvent from \"./HttpEvent\";\r\nimport { version as libraryVersion } from \"../packageMetadata\";\r\n\r\nexport default class TelemetryManager {\r\n\r\n // correlation Id to list of events\r\n private completedEvents: CompletedEvents = {};\r\n // event key to event\r\n private inProgressEvents: InProgressEvents = {};\r\n // correlation id to map of eventname to count\r\n private eventCountByCorrelationId: EventCountByCorrelationId = {};\r\n\r\n // Implement after API EVENT\r\n private onlySendFailureTelemetry: boolean = false;\r\n private telemetryPlatform: TelemetryPlatform;\r\n private clientId: string;\r\n private telemetryEmitter: TelemetryEmitter;\r\n private logger: Logger;\r\n\r\n constructor(config: TelemetryConfig, telemetryEmitter: TelemetryEmitter, logger: Logger) {\r\n // TODO THROW if bad options\r\n this.telemetryPlatform = {\r\n sdk: Constants.libraryName,\r\n sdkVersion: libraryVersion,\r\n networkInformation: {\r\n // @ts-ignore\r\n connectionSpeed: typeof navigator !== \"undefined\" && navigator.connection && navigator.connection.effectiveType\r\n },\r\n ...config.platform\r\n };\r\n this.clientId = config.clientId;\r\n this.onlySendFailureTelemetry = config.onlySendFailureTelemetry;\r\n /*\r\n * TODO, when i get to wiring this through, think about what it means if\r\n * a developer does not implement telem at all, we still instrument, but telemetryEmitter can be\r\n * optional?\r\n */\r\n this.telemetryEmitter = telemetryEmitter;\r\n this.logger = logger;\r\n }\r\n\r\n static getTelemetrymanagerStub(clientId: string, logger: Logger) : TelemetryManager {\r\n const applicationName = \"UnSetStub\";\r\n const applicationVersion = \"0.0\";\r\n const telemetryEmitter = () => {};\r\n const telemetryPlatform: TelemetryPlatform = {\r\n applicationName,\r\n applicationVersion\r\n };\r\n const telemetryManagerConfig: TelemetryConfig = {\r\n platform: telemetryPlatform,\r\n clientId: clientId\r\n };\r\n\r\n return new this(telemetryManagerConfig, telemetryEmitter, logger);\r\n }\r\n\r\n startEvent(event: TelemetryEvent): void {\r\n this.logger.verbose(`Telemetry Event started: ${event.key}`);\r\n\r\n if (!this.telemetryEmitter) {\r\n return;\r\n }\r\n\r\n event.start();\r\n this.inProgressEvents[event.key] = event;\r\n }\r\n\r\n stopEvent(event: TelemetryEvent): void {\r\n this.logger.verbose(`Telemetry Event stopped: ${event.key}`);\r\n\r\n if (!this.telemetryEmitter || !this.inProgressEvents[event.key]) {\r\n return;\r\n }\r\n event.stop();\r\n this.incrementEventCount(event);\r\n\r\n const completedEvents = this.completedEvents[event.telemetryCorrelationId];\r\n\r\n this.completedEvents[event.telemetryCorrelationId] = [...(completedEvents || []), event];\r\n\r\n delete this.inProgressEvents[event.key];\r\n }\r\n\r\n flush(correlationId: string): void {\r\n this.logger.verbose(`Flushing telemetry events: ${correlationId}`);\r\n\r\n // If there is only unfinished events should this still return them?\r\n if (!this.telemetryEmitter || !this.completedEvents[correlationId]) {\r\n return;\r\n }\r\n\r\n const orphanedEvents = this.getOrphanedEvents(correlationId);\r\n orphanedEvents.forEach(event => this.incrementEventCount(event));\r\n const eventsToFlush: Array<TelemetryEvent> = [\r\n ...this.completedEvents[correlationId],\r\n ...orphanedEvents\r\n ];\r\n\r\n delete this.completedEvents[correlationId];\r\n const eventCountsToFlush: EventCount = this.eventCountByCorrelationId[correlationId];\r\n\r\n delete this.eventCountByCorrelationId[correlationId];\r\n // TODO add funcitonality for onlyFlushFailures after implementing api event? ??\r\n\r\n if (!eventsToFlush || !eventsToFlush.length) {\r\n return;\r\n }\r\n\r\n const defaultEvent: DefaultEvent = new DefaultEvent(\r\n this.telemetryPlatform,\r\n correlationId,\r\n this.clientId,\r\n eventCountsToFlush\r\n );\r\n\r\n const eventsWithDefaultEvent = [ ...eventsToFlush, defaultEvent ];\r\n\r\n this.telemetryEmitter(eventsWithDefaultEvent.map(e => e.get()));\r\n }\r\n\r\n createAndStartApiEvent(correlationId: string, apiEventIdentifier: API_EVENT_IDENTIFIER): ApiEvent {\r\n const apiEvent = new ApiEvent(correlationId, this.logger.isPiiLoggingEnabled(), apiEventIdentifier);\r\n this.startEvent(apiEvent);\r\n return apiEvent;\r\n }\r\n\r\n stopAndFlushApiEvent(correlationId: string, apiEvent: ApiEvent, wasSuccessful: boolean, errorCode?: string): void {\r\n apiEvent.wasSuccessful = wasSuccessful;\r\n if (errorCode) {\r\n apiEvent.apiErrorCode = errorCode;\r\n }\r\n this.stopEvent(apiEvent);\r\n this.flush(correlationId);\r\n }\r\n\r\n createAndStartHttpEvent(correlation: string, httpMethod: string, url: string, eventLabel: string): HttpEvent {\r\n const httpEvent = new HttpEvent(correlation, eventLabel);\r\n httpEvent.url = url;\r\n httpEvent.httpMethod = httpMethod;\r\n this.startEvent(httpEvent);\r\n return httpEvent;\r\n }\r\n\r\n private incrementEventCount(event: TelemetryEvent): void {\r\n /*\r\n * TODO, name cache event different?\r\n * if type is cache event, change name\r\n */\r\n const eventName = event.eventName;\r\n const eventCount = this.eventCountByCorrelationId[event.telemetryCorrelationId];\r\n if (!eventCount) {\r\n this.eventCountByCorrelationId[event.telemetryCorrelationId] = {\r\n [eventName]: 1\r\n };\r\n } else {\r\n eventCount[eventName] = eventCount[eventName] ? eventCount[eventName] + 1 : 1;\r\n }\r\n }\r\n\r\n private getOrphanedEvents(correlationId: string): Array<TelemetryEvent> {\r\n return Object.keys(this.inProgressEvents)\r\n .reduce((memo, eventKey) => {\r\n if (eventKey.indexOf(correlationId) !== -1) {\r\n const event = this.inProgressEvents[eventKey];\r\n delete this.inProgressEvents[eventKey];\r\n return [...memo, event];\r\n }\r\n return memo;\r\n }, []);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { TENANT_PLACEHOLDER, EVENT_NAME_PREFIX } from \"./TelemetryConstants\";\r\nimport { CryptoUtils } from \"../utils/CryptoUtils\";\r\nimport { UrlUtils } from \"../utils/UrlUtils\";\r\nimport { Authority } from \"../authority/Authority\";\r\n\r\nexport const scrubTenantFromUri = (uri: string): String => {\r\n\r\n const url = UrlUtils.GetUrlComponents(uri);\r\n\r\n // validate trusted host\r\n if (Authority.isAdfs(uri)) {\r\n /**\r\n * returning what was passed because the library needs to work with uris that are non\r\n * AAD trusted but passed by users such as B2C or others.\r\n * HTTP Events for instance can take a url to the open id config endpoint\r\n */\r\n return uri;\r\n }\r\n\r\n const pathParams = url.PathSegments;\r\n\r\n if (pathParams && pathParams.length >= 2) {\r\n const tenantPosition = pathParams[1] === \"tfp\" ? 2 : 1;\r\n if (tenantPosition < pathParams.length) {\r\n pathParams[tenantPosition] = TENANT_PLACEHOLDER;\r\n }\r\n }\r\n\r\n return `${url.Protocol}//${url.HostNameAndPort}/${pathParams.join(\"/\")}`;\r\n};\r\n\r\nexport const hashPersonalIdentifier = (valueToHash: string): string => {\r\n /*\r\n * TODO sha256 this\r\n * Current test runner is being funny with node libs that are webpacked anyway\r\n * need a different solution\r\n */\r\n return CryptoUtils.base64Encode(valueToHash);\r\n};\r\n\r\nexport const prependEventNamePrefix = (suffix: string): string => `${EVENT_NAME_PREFIX}${suffix || \"\"}`;\r\n\r\nexport const supportsBrowserPerformance = (): boolean => !!(\r\n typeof window !== \"undefined\" &&\r\n \"performance\" in window &&\r\n window.performance.mark && \r\n window.performance.measure\r\n);\r\n\r\nexport const endBrowserPerformanceMeasurement = (measureName: string, startMark: string, endMark: string): void => {\r\n if (supportsBrowserPerformance()) {\r\n window.performance.mark(endMark);\r\n window.performance.measure(measureName, startMark, endMark);\r\n\r\n window.performance.clearMeasures(measureName);\r\n window.performance.clearMarks(startMark);\r\n window.performance.clearMarks(endMark);\r\n }\r\n};\r\n\r\nexport const startBrowserPerformanceMeasurement = (startMark: string): void => {\r\n if (supportsBrowserPerformance()) {\r\n window.performance.mark(startMark);\r\n }\r\n};\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AccessTokenCacheItem } from \"../cache/AccessTokenCacheItem\";\r\nimport { ScopeSet } from \"../ScopeSet\";\r\nimport { UrlUtils } from \"./UrlUtils\"; \r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class AuthCacheUtils {\r\n static filterTokenCacheItemsByScope(tokenCacheItems: Array<AccessTokenCacheItem>, requestScopes: string []): Array<AccessTokenCacheItem> {\r\n return tokenCacheItems.filter((cacheItem: AccessTokenCacheItem) => {\r\n const cachedScopes = cacheItem.key.scopes.split(\" \");\r\n const searchScopes = ScopeSet.removeDefaultScopes(requestScopes);\r\n\r\n // If requestScopes contain only default scopes search for default scopes otherwise search for everything but default scopes\r\n return searchScopes.length === 0 ? ScopeSet.containsScope(cachedScopes, requestScopes): ScopeSet.containsScope(cachedScopes, searchScopes);\r\n });\r\n\r\n }\r\n\r\n static filterTokenCacheItemsByAuthority(tokenCacheItems: Array<AccessTokenCacheItem>, authority: string): Array<AccessTokenCacheItem> {\r\n return tokenCacheItems.filter((cacheItem: AccessTokenCacheItem) => UrlUtils.CanonicalizeUri(cacheItem.key.authority) === authority);\r\n }\r\n\r\n static filterTokenCacheItemsByDomain(tokenCacheItems: Array<AccessTokenCacheItem>, requestDomain: string): Array<AccessTokenCacheItem> {\r\n return tokenCacheItems.filter(cacheItem => {\r\n const cacheItemDomain = UrlUtils.GetUrlComponents(cacheItem.key.authority).HostNameAndPort;\r\n return cacheItemDomain === requestDomain;\r\n });\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * @hidden\r\n * Constants\r\n */\r\nexport class Constants {\r\n static get libraryName(): string { return \"Msal.js\"; } // used in telemetry sdkName\r\n static get claims(): string { return \"claims\"; }\r\n static get clientId(): string { return \"clientId\"; }\r\n\r\n static get adalIdToken(): string { return \"adal.idtoken\"; }\r\n static get cachePrefix(): string { return \"msal\"; }\r\n static get scopes(): string { return \"scopes\"; }\r\n\r\n static get no_account(): string { return \"NO_ACCOUNT\"; }\r\n static get upn(): string { return \"upn\"; }\r\n static get domain_hint(): string { return \"domain_hint\"; }\r\n\r\n static get prompt_select_account(): string { return \"&prompt=select_account\"; }\r\n static get prompt_none(): string { return \"&prompt=none\"; }\r\n static get prompt(): string { return \"prompt\"; }\r\n\r\n static get response_mode_fragment(): string { return \"&response_mode=fragment\"; }\r\n static get resourceDelimiter(): string { return \"|\"; }\r\n static get cacheDelimiter(): string { return \".\"; }\r\n\r\n private static _popUpWidth: number = 483;\r\n static get popUpWidth(): number { return this._popUpWidth; }\r\n static set popUpWidth(width: number) {\r\n this._popUpWidth = width;\r\n }\r\n private static _popUpHeight: number = 600;\r\n static get popUpHeight(): number { return this._popUpHeight; }\r\n static set popUpHeight(height: number) {\r\n this._popUpHeight = height;\r\n }\r\n\r\n static get login(): string { return \"LOGIN\"; }\r\n static get renewToken(): string { return \"RENEW_TOKEN\"; }\r\n static get unknown(): string { return \"UNKNOWN\"; }\r\n\r\n static get ADFS(): string { return \"adfs\"; }\r\n\r\n static get homeAccountIdentifier(): string { return \"homeAccountIdentifier\"; }\r\n\r\n static get common(): string { return \"common\"; }\r\n static get openidScope(): string { return \"openid\"; }\r\n static get profileScope(): string { return \"profile\"; }\r\n static get oidcScopes(): Array<string> { return [this.openidScope, this.profileScope] ;}\r\n\r\n static get interactionTypeRedirect(): InteractionType { return \"redirectInteraction\"; }\r\n static get interactionTypePopup(): InteractionType { return \"popupInteraction\"; }\r\n static get interactionTypeSilent(): InteractionType { return \"silentInteraction\"; }\r\n static get inProgress(): string { return \"inProgress\"; }\r\n}\r\n\r\nexport const SESSION_STORAGE = \"sessionStorage\";\r\n\r\n/**\r\n * Keys in the hashParams\r\n */\r\nexport enum ServerHashParamKeys {\r\n SCOPE = \"scope\",\r\n STATE = \"state\",\r\n ERROR = \"error\",\r\n ERROR_DESCRIPTION = \"error_description\",\r\n ACCESS_TOKEN = \"access_token\",\r\n ID_TOKEN = \"id_token\",\r\n EXPIRES_IN = \"expires_in\",\r\n SESSION_STATE = \"session_state\",\r\n CLIENT_INFO = \"client_info\"\r\n}\r\n\r\n/**\r\n * @hidden\r\n * @ignore\r\n * response_type from OpenIDConnect\r\n * References: https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html & https://tools.ietf.org/html/rfc6749#section-4.2.1\r\n *\r\n */\r\nexport const ResponseTypes = {\r\n id_token: \"id_token\",\r\n token: \"token\",\r\n id_token_token: \"id_token token\"\r\n};\r\n\r\n/**\r\n * @hidden\r\n * CacheKeys for MSAL\r\n */\r\nexport enum TemporaryCacheKeys {\r\n AUTHORITY = \"authority\",\r\n ACQUIRE_TOKEN_ACCOUNT = \"acquireTokenAccount\",\r\n SESSION_STATE = \"session.state\",\r\n STATE_LOGIN = \"state.login\",\r\n STATE_ACQ_TOKEN = \"state.acquireToken\",\r\n STATE_RENEW = \"state.renew\",\r\n NONCE_IDTOKEN = \"nonce.idtoken\",\r\n LOGIN_REQUEST = \"login.request\",\r\n RENEW_STATUS = \"token.renew.status\",\r\n URL_HASH = \"urlHash\",\r\n INTERACTION_STATUS = \"interaction.status\",\r\n REDIRECT_REQUEST = \"redirect_request\"\r\n}\r\n\r\nexport enum PersistentCacheKeys {\r\n IDTOKEN = \"idtoken\",\r\n CLIENT_INFO = \"client.info\"\r\n}\r\n\r\nexport enum ErrorCacheKeys {\r\n LOGIN_ERROR = \"login.error\",\r\n ERROR = \"error\",\r\n ERROR_DESC = \"error.description\"\r\n}\r\n\r\nexport const DEFAULT_AUTHORITY: string = \"https://login.microsoftonline.com/common/\";\r\nexport const AAD_INSTANCE_DISCOVERY_ENDPOINT: string = `${DEFAULT_AUTHORITY}/discovery/instance?api-version=1.1&authorization_endpoint=`;\r\nexport const WELL_KNOWN_SUFFIX: string = \".well-known/openid-configuration\";\r\n\r\n/**\r\n * @hidden\r\n * SSO Types - generated to populate hints\r\n */\r\nexport enum SSOTypes {\r\n ACCOUNT = \"account\",\r\n SID = \"sid\",\r\n LOGIN_HINT = \"login_hint\",\r\n ORGANIZATIONS = \"organizations\",\r\n CONSUMERS = \"consumers\",\r\n ID_TOKEN =\"id_token\",\r\n ACCOUNT_ID = \"accountIdentifier\",\r\n HOMEACCOUNT_ID = \"homeAccountIdentifier\"\r\n}\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport const BlacklistedEQParams = [\r\n SSOTypes.SID,\r\n SSOTypes.LOGIN_HINT\r\n];\r\n\r\nexport type InteractionType = \"redirectInteraction\" | \"popupInteraction\" | \"silentInteraction\";\r\n\r\nexport const NetworkRequestType = {\r\n GET: \"GET\",\r\n POST: \"POST\"\r\n};\r\n\r\n/**\r\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\r\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\r\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\r\n * @hidden\r\n */\r\nexport const PromptState = {\r\n LOGIN: \"login\",\r\n SELECT_ACCOUNT: \"select_account\",\r\n CONSENT: \"consent\",\r\n NONE: \"none\"\r\n};\r\n\r\n/**\r\n * Frame name prefixes for the hidden iframe created in silent frames\r\n */\r\nexport const FramePrefix = {\r\n ID_TOKEN_FRAME: \"msalIdTokenFrame\",\r\n TOKEN_FRAME: \"msalRenewFrame\"\r\n};\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class CryptoUtils {\r\n\r\n /**\r\n * Creates a new random GUID\r\n * @returns string (GUID)\r\n */\r\n static createNewGuid(): string {\r\n /*\r\n * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or\r\n * pseudo-random numbers.\r\n * The algorithm is as follows:\r\n * Set the two most significant bits (bits 6 and 7) of the\r\n * clock_seq_hi_and_reserved to zero and one, respectively.\r\n * Set the four most significant bits (bits 12 through 15) of the\r\n * time_hi_and_version field to the 4-bit version number from\r\n * Section 4.1.3. Version4\r\n * Set all the other bits to randomly (or pseudo-randomly) chosen\r\n * values.\r\n * UUID = time-low \"-\" time-mid \"-\"time-high-and-version \"-\"clock-seq-reserved and low(2hexOctet)\"-\" node\r\n * time-low = 4hexOctet\r\n * time-mid = 2hexOctet\r\n * time-high-and-version = 2hexOctet\r\n * clock-seq-and-reserved = hexOctet:\r\n * clock-seq-low = hexOctet\r\n * node = 6hexOctet\r\n * Format: xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\r\n * y could be 1000, 1001, 1010, 1011 since most significant two bits needs to be 10\r\n * y values are 8, 9, A, B\r\n */\r\n\r\n const cryptoObj: Crypto = window.crypto; // for IE 11\r\n if (cryptoObj && cryptoObj.getRandomValues) {\r\n const buffer: Uint8Array = new Uint8Array(16);\r\n cryptoObj.getRandomValues(buffer);\r\n\r\n // buffer[6] and buffer[7] represents the time_hi_and_version field. We will set the four most significant bits (4 through 7) of buffer[6] to represent decimal number 4 (UUID version number).\r\n buffer[6] |= 0x40; // buffer[6] | 01000000 will set the 6 bit to 1.\r\n buffer[6] &= 0x4f; // buffer[6] & 01001111 will set the 4, 5, and 7 bit to 0 such that bits 4-7 == 0100 = \"4\".\r\n\r\n // buffer[8] represents the clock_seq_hi_and_reserved field. We will set the two most significant bits (6 and 7) of the clock_seq_hi_and_reserved to zero and one, respectively.\r\n buffer[8] |= 0x80; // buffer[8] | 10000000 will set the 7 bit to 1.\r\n buffer[8] &= 0xbf; // buffer[8] & 10111111 will set the 6 bit to 0.\r\n\r\n return CryptoUtils.decimalToHex(buffer[0]) + CryptoUtils.decimalToHex(buffer[1])\r\n + CryptoUtils.decimalToHex(buffer[2]) + CryptoUtils.decimalToHex(buffer[3])\r\n + \"-\" + CryptoUtils.decimalToHex(buffer[4]) + CryptoUtils.decimalToHex(buffer[5])\r\n + \"-\" + CryptoUtils.decimalToHex(buffer[6]) + CryptoUtils.decimalToHex(buffer[7])\r\n + \"-\" + CryptoUtils.decimalToHex(buffer[8]) + CryptoUtils.decimalToHex(buffer[9])\r\n + \"-\" + CryptoUtils.decimalToHex(buffer[10]) + CryptoUtils.decimalToHex(buffer[11])\r\n + CryptoUtils.decimalToHex(buffer[12]) + CryptoUtils.decimalToHex(buffer[13])\r\n + CryptoUtils.decimalToHex(buffer[14]) + CryptoUtils.decimalToHex(buffer[15]);\r\n }\r\n else {\r\n const guidHolder: string = \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\";\r\n const hex: string = \"0123456789abcdef\";\r\n let r: number = 0;\r\n let guidResponse: string = \"\";\r\n for (let i: number = 0; i < 36; i++) {\r\n if (guidHolder[i] !== \"-\" && guidHolder[i] !== \"4\") {\r\n // each x and y needs to be random\r\n r = Math.random() * 16 | 0;\r\n }\r\n if (guidHolder[i] === \"x\") {\r\n guidResponse += hex[r];\r\n } else if (guidHolder[i] === \"y\") {\r\n // clock-seq-and-reserved first hex is filtered and remaining hex values are random\r\n r &= 0x3; // bit and with 0011 to set pos 2 to zero ?0??\r\n r |= 0x8; // set pos 3 to 1 as 1???\r\n guidResponse += hex[r];\r\n } else {\r\n guidResponse += guidHolder[i];\r\n }\r\n }\r\n return guidResponse;\r\n }\r\n }\r\n\r\n /**\r\n * verifies if a string is GUID\r\n * @param guid\r\n */\r\n static isGuid(guid: string): boolean {\r\n const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\r\n return regexGuid.test(guid);\r\n }\r\n\r\n /**\r\n * Decimal to Hex\r\n *\r\n * @param num\r\n */\r\n static decimalToHex(num: number): string {\r\n let hex: string = num.toString(16);\r\n while (hex.length < 2) {\r\n hex = \"0\" + hex;\r\n }\r\n return hex;\r\n }\r\n\r\n // See: https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_4_%E2%80%93_escaping_the_string_before_encoding_it\r\n\r\n /**\r\n * encoding string to base64 - platform specific check\r\n *\r\n * @param input\r\n */\r\n static base64Encode(input: string): string {\r\n return btoa(encodeURIComponent(input).replace(/%([0-9A-F]{2})/g,\r\n function toSolidBytes(match, p1) {\r\n return String.fromCharCode(Number(\"0x\" + p1));\r\n }));\r\n }\r\n\r\n /**\r\n * Decodes a base64 encoded string.\r\n *\r\n * @param input\r\n */\r\n static base64Decode(input: string): string {\r\n let encodedString = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\r\n switch (encodedString.length % 4) {\r\n case 0:\r\n break;\r\n case 2:\r\n encodedString += \"==\";\r\n break;\r\n case 3:\r\n encodedString += \"=\";\r\n break;\r\n default:\r\n throw new Error(\"Invalid base64 string\");\r\n }\r\n\r\n return decodeURIComponent(atob(encodedString).split(\"\").map(function (c) {\r\n return \"%\" + (\"00\" + c.charCodeAt(0).toString(16)).slice(-2);\r\n }).join(\"\"));\r\n }\r\n\r\n /**\r\n * deserialize a string\r\n *\r\n * @param query\r\n */\r\n static deserialize(query: string): object {\r\n let match: Array<string>; // Regex for replacing addition symbol with a space\r\n const pl = /\\+/g;\r\n const search = /([^&=]+)=([^&]*)/g;\r\n const decode = (s: string) => decodeURIComponent(s.replace(pl, \" \"));\r\n const obj: {} = {};\r\n match = search.exec(query);\r\n while (match) {\r\n obj[decode(match[1])] = decode(match[2]);\r\n match = search.exec(query);\r\n }\r\n return obj;\r\n }\r\n\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthenticationParameters } from \"../AuthenticationParameters\";\r\nimport { Constants, PromptState, BlacklistedEQParams, InteractionType } from \"./Constants\";\r\nimport { ClientConfigurationError } from \"../error/ClientConfigurationError\";\r\nimport { ScopeSet } from \"../ScopeSet\";\r\nimport { StringDict } from \"../MsalTypes\";\r\nimport { StringUtils } from \"./StringUtils\";\r\nimport { CryptoUtils } from \"./CryptoUtils\";\r\nimport { TimeUtils } from \"./TimeUtils\";\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\n\r\nexport type LibraryStateObject = {\r\n id: string,\r\n ts: number\r\n method: string\r\n};\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class RequestUtils {\r\n\r\n /**\r\n * @ignore\r\n *\r\n * @param request\r\n * @param isLoginCall\r\n * @param cacheStorage\r\n * @param clientId\r\n *\r\n * validates all request parameters and generates a consumable request object\r\n */\r\n static validateRequest(request: AuthenticationParameters, isLoginCall: boolean, clientId: string, interactionType: InteractionType): AuthenticationParameters {\r\n\r\n // Throw error if request is empty for acquire * calls\r\n if(!isLoginCall && !request) {\r\n throw ClientConfigurationError.createEmptyRequestError();\r\n }\r\n\r\n let scopes: Array<string>;\r\n let extraQueryParameters: StringDict;\r\n\r\n if(request) {\r\n // if extraScopesToConsent is passed in loginCall, append them to the login request; Validate and filter scopes (the validate function will throw if validation fails)\r\n scopes = isLoginCall ? ScopeSet.appendScopes(request.scopes, request.extraScopesToConsent) : request.scopes;\r\n ScopeSet.validateInputScope(scopes, !isLoginCall);\r\n scopes = ScopeSet.translateClientIdIfSingleScope(scopes, clientId);\r\n\r\n // validate prompt parameter\r\n this.validatePromptParameter(request.prompt);\r\n\r\n // validate extraQueryParameters\r\n extraQueryParameters = this.validateEQParameters(request.extraQueryParameters, request.claimsRequest);\r\n\r\n // validate claimsRequest\r\n this.validateClaimsRequest(request.claimsRequest);\r\n }\r\n\r\n // validate and generate state and correlationId\r\n const state = this.validateAndGenerateState(request && request.state, interactionType);\r\n const correlationId = this.validateAndGenerateCorrelationId(request && request.correlationId);\r\n\r\n const validatedRequest: AuthenticationParameters = {\r\n ...request,\r\n extraQueryParameters,\r\n scopes,\r\n state,\r\n correlationId\r\n };\r\n \r\n return validatedRequest;\r\n }\r\n\r\n /**\r\n * @ignore\r\n *\r\n * Utility to test if valid prompt value is passed in the request\r\n * @param request\r\n */\r\n static validatePromptParameter (prompt: string): void {\r\n if(prompt) {\r\n if ([PromptState.LOGIN, PromptState.SELECT_ACCOUNT, PromptState.CONSENT, PromptState.NONE].indexOf(prompt) < 0) {\r\n throw ClientConfigurationError.createInvalidPromptError(prompt);\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * @ignore\r\n *\r\n * Removes unnecessary or duplicate query parameters from extraQueryParameters\r\n * @param request\r\n */\r\n static validateEQParameters(extraQueryParameters: StringDict, claimsRequest: string) : StringDict {\r\n const eQParams : StringDict = { ...extraQueryParameters};\r\n if (!eQParams) {\r\n return null;\r\n }\r\n if (claimsRequest) {\r\n // this.logger.warning(\"Removed duplicate claims from extraQueryParameters. Please use either the claimsRequest field OR pass as extraQueryParameter - not both.\");\r\n delete eQParams[Constants.claims];\r\n }\r\n BlacklistedEQParams.forEach(param => {\r\n if (eQParams[param]) {\r\n // this.logger.warning(\"Removed duplicate \" + param + \" from extraQueryParameters. Please use the \" + param + \" field in request object.\");\r\n delete eQParams[param];\r\n }\r\n });\r\n\r\n return eQParams;\r\n }\r\n\r\n /**\r\n * @ignore\r\n *\r\n * Validates the claims passed in request is a JSON\r\n * TODO: More validation will be added when the server team tells us how they have actually implemented claims\r\n * @param claimsRequest\r\n */\r\n static validateClaimsRequest(claimsRequest: string): void {\r\n if (!claimsRequest) {\r\n return;\r\n }\r\n try {\r\n JSON.parse(claimsRequest);\r\n } catch (e) {\r\n throw ClientConfigurationError.createClaimsRequestParsingError(e);\r\n }\r\n }\r\n\r\n /**\r\n * @ignore\r\n *\r\n * generate unique state per request\r\n * @param userState User-provided state value\r\n * @returns State string include library state and user state\r\n */\r\n static validateAndGenerateState(userState: string, interactionType: InteractionType): string {\r\n return !StringUtils.isEmpty(userState) ? `${RequestUtils.generateLibraryState(interactionType)}${Constants.resourceDelimiter}${userState}` : RequestUtils.generateLibraryState(interactionType);\r\n }\r\n\r\n /**\r\n * Generates the state value used by the library.\r\n *\r\n * @returns Base64 encoded string representing the state\r\n */\r\n static generateLibraryState(interactionType: InteractionType): string {\r\n const stateObject: LibraryStateObject = {\r\n id: CryptoUtils.createNewGuid(),\r\n ts: TimeUtils.now(),\r\n method: interactionType\r\n };\r\n\r\n const stateString = JSON.stringify(stateObject);\r\n\r\n return CryptoUtils.base64Encode(stateString);\r\n }\r\n\r\n /**\r\n * Decodes the state value into a StateObject\r\n *\r\n * @param state State value returned in the request\r\n * @returns Parsed values from the encoded state value\r\n */\r\n static parseLibraryState(state: string): LibraryStateObject {\r\n const libraryState = decodeURIComponent(state).split(Constants.resourceDelimiter)[0];\r\n\r\n if (CryptoUtils.isGuid(libraryState)) {\r\n // If state is guid, assume timestamp is now and is redirect, as redirect should be only method where this can happen.\r\n return {\r\n id: libraryState,\r\n ts: TimeUtils.now(),\r\n method: Constants.interactionTypeRedirect\r\n };\r\n }\r\n\r\n try {\r\n const stateString = CryptoUtils.base64Decode(libraryState);\r\n\r\n const stateObject = JSON.parse(stateString);\r\n\r\n return stateObject;\r\n } catch (e) {\r\n throw ClientAuthError.createInvalidStateError(state, null);\r\n }\r\n }\r\n\r\n /**\r\n * @ignore\r\n *\r\n * validate correlationId and generate if not valid or not set by the user\r\n * @param correlationId\r\n */\r\n static validateAndGenerateCorrelationId(correlationId: string): string {\r\n // validate user set correlationId or set one for the user if null\r\n if(correlationId && !CryptoUtils.isGuid(correlationId)) {\r\n throw ClientConfigurationError.createInvalidCorrelationIdError();\r\n }\r\n return CryptoUtils.isGuid(correlationId)? correlationId : CryptoUtils.createNewGuid();\r\n }\r\n\r\n /**\r\n * Create a request signature\r\n * @param request\r\n */\r\n static createRequestSignature(request: AuthenticationParameters): string {\r\n return `${request.scopes.join(\" \").toLowerCase()}${Constants.resourceDelimiter}${request.authority}`;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthResponse } from \"../AuthResponse\";\r\nimport { Account } from \"../Account\";\r\nimport { IdToken } from \"../IdToken\";\r\nimport { ResponseTypes, ServerHashParamKeys } from \"./Constants\";\r\nimport { ServerRequestParameters } from \"../ServerRequestParameters\";\r\n\r\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class ResponseUtils {\r\n\r\n static setResponseIdToken(originalResponse: AuthResponse, idTokenObj: IdToken) : AuthResponse {\r\n if (!originalResponse) {\r\n return null;\r\n } else if (!idTokenObj) {\r\n return originalResponse;\r\n }\r\n\r\n const exp = Number(idTokenObj.expiration);\r\n if (exp && !originalResponse.expiresOn) {\r\n originalResponse.expiresOn = new Date(exp * 1000);\r\n }\r\n \r\n return {\r\n ...originalResponse,\r\n idToken: idTokenObj,\r\n idTokenClaims: idTokenObj.claims,\r\n uniqueId: idTokenObj.objectId || idTokenObj.subject,\r\n tenantId: idTokenObj.tenantId,\r\n };\r\n }\r\n\r\n static buildAuthResponse(idToken: IdToken, authResponse: AuthResponse, serverAuthenticationRequest: ServerRequestParameters, account: Account, scopes: Array<string>, accountState: string): AuthResponse {\r\n switch(serverAuthenticationRequest.responseType) {\r\n case ResponseTypes.id_token:\r\n let idTokenResponse: AuthResponse = {\r\n ...authResponse,\r\n tokenType: ServerHashParamKeys.ID_TOKEN,\r\n account: account,\r\n scopes: scopes,\r\n accountState: accountState\r\n };\r\n \r\n idTokenResponse = ResponseUtils.setResponseIdToken(idTokenResponse, idToken);\r\n return (idTokenResponse.idToken) ? idTokenResponse : null;\r\n case ResponseTypes.id_token_token:\r\n const idTokeTokenResponse = ResponseUtils.setResponseIdToken(authResponse, idToken);\r\n return (idTokeTokenResponse && idTokeTokenResponse.accessToken && idTokeTokenResponse.idToken) ? idTokeTokenResponse : null;\r\n case ResponseTypes.token:\r\n const tokenResponse = ResponseUtils.setResponseIdToken(authResponse, idToken);\r\n return tokenResponse;\r\n default: \r\n return null;\r\n }\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AccessTokenKey } from \"../cache/AccessTokenKey\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class StringUtils {\r\n /**\r\n * Check if a string is empty\r\n *\r\n * @param str\r\n */\r\n static isEmpty(str: string): boolean {\r\n return (typeof str === \"undefined\" || !str || 0 === str.length);\r\n }\r\n\r\n /**\r\n * Check if a string's value is a valid JSON object\r\n *\r\n * @param str\r\n */\r\n static validateAndParseJsonCacheKey(str: string): AccessTokenKey {\r\n try {\r\n const parsedKey = JSON.parse(str);\r\n /**\r\n * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object \r\n * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check\r\n * of the parsed value is necessary in order to be certain that the string represents a valid JSON object.\r\n *\r\n */\r\n return (parsedKey && typeof parsedKey === \"object\") ? parsedKey : null;\r\n } catch (error) {\r\n return null;\r\n }\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class TimeUtils {\r\n /**\r\n * Returns time in seconds for expiration based on string value passed in.\r\n *\r\n * @param expiresIn\r\n */\r\n static parseExpiresIn(expiresIn: string): number {\r\n // if AAD did not send \"expires_in\" property, use default expiration of 3599 seconds, for some reason AAD sends 3599 as \"expires_in\" value instead of 3600\r\n const expires = expiresIn || \"3599\";\r\n return parseInt(expires, 10);\r\n }\r\n\r\n /**\r\n * Return the current time in Unix time (seconds). Date.getTime() returns in milliseconds.\r\n */\r\n static now(): number {\r\n return Math.round(new Date().getTime() / 1000.0);\r\n }\r\n\r\n /**\r\n * Returns the amount of time in milliseconds since the page loaded.\r\n */\r\n static relativeNowMs(): number {\r\n return window.performance.now();\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CryptoUtils } from \"./CryptoUtils\";\r\nimport { StringUtils } from \"./StringUtils\";\r\nimport { TimeUtils } from \"./TimeUtils\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class TokenUtils {\r\n\r\n /**\r\n * decode a JWT\r\n *\r\n * @param jwtToken\r\n */\r\n static decodeJwt(jwtToken: string): object {\r\n if (StringUtils.isEmpty(jwtToken)) {\r\n return null;\r\n }\r\n const idTokenPartsRegex = /^([^\\.\\s]*)\\.([^\\.\\s]+)\\.([^\\.\\s]*)$/;\r\n const matches = idTokenPartsRegex.exec(jwtToken);\r\n if (!matches || matches.length < 4) {\r\n // this._requestContext.logger.warn(\"The returned id_token is not parseable.\");\r\n return null;\r\n }\r\n const crackedToken = {\r\n header: matches[1],\r\n JWSPayload: matches[2],\r\n JWSSig: matches[3]\r\n };\r\n return crackedToken;\r\n }\r\n\r\n /**\r\n * Evaluates whether token cache item expiration is within expiration offset range\r\n * @param tokenCacheItem \r\n */\r\n static validateExpirationIsWithinOffset(expiration: number, tokenRenewalOffsetSeconds: number): Boolean {\r\n const offset = tokenRenewalOffsetSeconds || 300;\r\n return expiration && (expiration > TimeUtils.now() + offset);\r\n }\r\n\r\n /**\r\n * Extract IdToken by decoding the RAWIdToken\r\n *\r\n * @param encodedIdToken\r\n */\r\n static extractIdToken(encodedIdToken: string): object {\r\n // id token will be decoded to get the username\r\n const decodedToken = this.decodeJwt(encodedIdToken);\r\n if (!decodedToken) {\r\n return null;\r\n }\r\n try {\r\n const base64IdToken = decodedToken[\"JWSPayload\"];\r\n const base64Decoded = CryptoUtils.base64Decode(base64IdToken);\r\n if (!base64Decoded) {\r\n // this._requestContext.logger.info(\"The returned id_token could not be base64 url safe decoded.\");\r\n return null;\r\n }\r\n // ECMA script has JSON built-in support\r\n return JSON.parse(base64Decoded);\r\n } catch (err) {\r\n // this._requestContext.logger.error(\"The returned id_token could not be decoded\" + err);\r\n }\r\n\r\n return null;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { IUri } from \"../IUri\";\r\nimport { Constants, SSOTypes, ServerHashParamKeys } from \"./Constants\";\r\nimport { ServerRequestParameters } from \"../ServerRequestParameters\";\r\nimport { ScopeSet } from \"../ScopeSet\";\r\nimport { StringUtils } from \"./StringUtils\";\r\nimport { CryptoUtils } from \"./CryptoUtils\";\r\n\r\n/**\r\n * @hidden\r\n */\r\nexport class UrlUtils {\r\n\r\n /**\r\n * generates the URL with QueryString Parameters\r\n * @param scopes\r\n */\r\n static createNavigateUrl(serverRequestParams: ServerRequestParameters): string {\r\n const str = this.createNavigationUrlString(serverRequestParams);\r\n let authEndpoint: string = serverRequestParams.authorityInstance.AuthorizationEndpoint;\r\n // if the endpoint already has queryparams, lets add to it, otherwise add the first one\r\n if (authEndpoint.indexOf(\"?\") < 0) {\r\n authEndpoint += \"?\";\r\n } else {\r\n authEndpoint += \"&\";\r\n }\r\n\r\n const requestUrl: string = `${authEndpoint}${str.join(\"&\")}`;\r\n return requestUrl;\r\n }\r\n\r\n /**\r\n * Generate the array of all QueryStringParams to be sent to the server\r\n * @param scopes\r\n */\r\n static createNavigationUrlString(serverRequestParams: ServerRequestParameters): Array<string> {\r\n const scopes = ScopeSet.appendDefaultScopes(serverRequestParams.scopes);\r\n\r\n const str: Array<string> = [];\r\n str.push(\"response_type=\" + serverRequestParams.responseType);\r\n str.push(\"scope=\" + encodeURIComponent(ScopeSet.parseScope(scopes)));\r\n str.push(\"client_id=\" + encodeURIComponent(serverRequestParams.clientId));\r\n str.push(\"redirect_uri=\" + encodeURIComponent(serverRequestParams.redirectUri));\r\n\r\n str.push(\"state=\" + encodeURIComponent(serverRequestParams.state));\r\n str.push(\"nonce=\" + encodeURIComponent(serverRequestParams.nonce));\r\n\r\n str.push(\"client_info=1\");\r\n str.push(`x-client-SKU=${serverRequestParams.xClientSku}`);\r\n str.push(`x-client-Ver=${serverRequestParams.xClientVer}`);\r\n if (serverRequestParams.promptValue) {\r\n str.push(\"prompt=\" + encodeURIComponent(serverRequestParams.promptValue));\r\n }\r\n\r\n if (serverRequestParams.claimsValue) {\r\n str.push(\"claims=\" + encodeURIComponent(serverRequestParams.claimsValue));\r\n }\r\n\r\n if (serverRequestParams.queryParameters) {\r\n str.push(serverRequestParams.queryParameters);\r\n }\r\n\r\n if (serverRequestParams.extraQueryParameters) {\r\n str.push(serverRequestParams.extraQueryParameters);\r\n }\r\n\r\n str.push(\"client-request-id=\" + encodeURIComponent(serverRequestParams.correlationId));\r\n return str;\r\n }\r\n\r\n /**\r\n * Returns current window URL as redirect uri\r\n */\r\n static getCurrentUrl(): string {\r\n return window.location.href.split(\"?\")[0].split(\"#\")[0];\r\n }\r\n\r\n /**\r\n * Returns given URL with query string removed\r\n */\r\n static removeHashFromUrl(url: string): string {\r\n return url.split(\"#\")[0];\r\n }\r\n\r\n /**\r\n * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d\r\n * @param href The url\r\n * @param tenantId The tenant id to replace\r\n */\r\n static replaceTenantPath(url: string, tenantId: string): string {\r\n const lowerCaseUrl = url.toLowerCase();\r\n const urlObject = this.GetUrlComponents(lowerCaseUrl);\r\n const pathArray = urlObject.PathSegments;\r\n if (tenantId && (pathArray.length !== 0 && (pathArray[0] === Constants.common || pathArray[0] === SSOTypes.ORGANIZATIONS || pathArray[0] === SSOTypes.CONSUMERS))) {\r\n pathArray[0] = tenantId;\r\n }\r\n return this.constructAuthorityUriFromObject(urlObject, pathArray);\r\n }\r\n\r\n static constructAuthorityUriFromObject(urlObject: IUri, pathArray: string[]): string {\r\n return this.CanonicalizeUri(urlObject.Protocol + \"//\" + urlObject.HostNameAndPort + \"/\" + pathArray.join(\"/\"));\r\n }\r\n \r\n /**\r\n * Checks if an authority is common (ex. https://a:b/common/)\r\n * @param url The url\r\n * @returns true if authority is common and false otherwise \r\n */\r\n static isCommonAuthority(url: string): boolean {\r\n const authority = this.CanonicalizeUri(url);\r\n const pathArray = this.GetUrlComponents(authority).PathSegments;\r\n return (pathArray.length !== 0 && pathArray[0] === Constants.common);\r\n }\r\n\r\n /**\r\n * Checks if an authority is for organizations (ex. https://a:b/organizations/)\r\n * @param url The url\r\n * @returns true if authority is for and false otherwise \r\n */\r\n static isOrganizationsAuthority(url: string): boolean {\r\n const authority = this.CanonicalizeUri(url);\r\n const pathArray = this.GetUrlComponents(authority).PathSegments;\r\n return (pathArray.length !== 0 && pathArray[0] === SSOTypes.ORGANIZATIONS);\r\n }\r\n\r\n /**\r\n * Checks if an authority is for consumers (ex. https://a:b/consumers/)\r\n * @param url The url\r\n * @returns true if authority is for and false otherwise \r\n */\r\n static isConsumersAuthority(url: string): boolean {\r\n const authority = this.CanonicalizeUri(url);\r\n const pathArray = this.GetUrlComponents(authority).PathSegments;\r\n return (pathArray.length !== 0 && pathArray[0] === SSOTypes.CONSUMERS);\r\n }\r\n\r\n /**\r\n * Parses out the components from a url string.\r\n * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url.\r\n */\r\n static GetUrlComponents(url: string): IUri {\r\n if (!url) {\r\n throw \"Url required\";\r\n }\r\n\r\n // https://gist.github.com/curtisz/11139b2cfcaef4a261e0\r\n const regEx = RegExp(\"^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\\\?([^#]*))?(#(.*))?\");\r\n\r\n const match = url.match(regEx);\r\n\r\n if (!match || match.length < 6) {\r\n throw \"Valid url required\";\r\n }\r\n\r\n const urlComponents = <IUri>{\r\n Protocol: match[1],\r\n HostNameAndPort: match[4],\r\n AbsolutePath: match[5]\r\n };\r\n\r\n let pathSegments = urlComponents.AbsolutePath.split(\"/\");\r\n pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements\r\n urlComponents.PathSegments = pathSegments;\r\n\r\n if (match[6]){\r\n urlComponents.Search = match[6];\r\n }\r\n if (match[8]){\r\n urlComponents.Hash = match[8];\r\n }\r\n \r\n return urlComponents;\r\n }\r\n\r\n /**\r\n * Given a url or path, append a trailing slash if one doesnt exist\r\n *\r\n * @param url\r\n */\r\n static CanonicalizeUri(url: string): string {\r\n if (url) {\r\n let lowerCaseUrl = url.toLowerCase();\r\n\r\n if (!UrlUtils.endsWith(lowerCaseUrl, \"/\")) {\r\n lowerCaseUrl += \"/\";\r\n }\r\n\r\n return lowerCaseUrl;\r\n }\r\n\r\n return url;\r\n }\r\n\r\n /**\r\n * Checks to see if the url ends with the suffix\r\n * Required because we are compiling for es5 instead of es6\r\n * @param url\r\n * @param str\r\n */\r\n // TODO: Rename this, not clear what it is supposed to do\r\n static endsWith(url: string, suffix: string): boolean {\r\n if (!url || !suffix) {\r\n return false;\r\n }\r\n\r\n return url.indexOf(suffix, url.length - suffix.length) !== -1;\r\n }\r\n\r\n /**\r\n * Utils function to remove the login_hint and domain_hint from the i/p extraQueryParameters\r\n * @param url\r\n * @param name\r\n */\r\n static urlRemoveQueryStringParameter(url: string, name: string): string {\r\n if (StringUtils.isEmpty(url)) {\r\n return url;\r\n }\r\n\r\n let updatedUrl = url;\r\n let regex = new RegExp(\"(\\\\&\" + name + \"=)[^\\&]+\");\r\n updatedUrl = url.replace(regex, \"\");\r\n // name=value&\r\n regex = new RegExp(\"(\" + name + \"=)[^\\&]+&\");\r\n updatedUrl = url.replace(regex, \"\");\r\n // name=value\r\n regex = new RegExp(\"(\" + name + \"=)[^\\&]+\");\r\n updatedUrl = url.replace(regex, \"\");\r\n return updatedUrl;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @ignore\r\n *\r\n * Returns the anchor part(#) of the URL\r\n */\r\n static getHashFromUrl(urlStringOrFragment: string): string {\r\n const hashIndex1 = urlStringOrFragment.indexOf(\"#\");\r\n const hashIndex2 = urlStringOrFragment.indexOf(\"#/\");\r\n if (hashIndex2 > -1) {\r\n return urlStringOrFragment.substring(hashIndex2 + 2);\r\n } else if (hashIndex1 > -1) {\r\n return urlStringOrFragment.substring(hashIndex1 + 1);\r\n }\r\n return urlStringOrFragment;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Check if the url contains a hash with known properties\r\n * @ignore\r\n */\r\n static urlContainsHash(urlString: string): boolean {\r\n const parameters = UrlUtils.deserializeHash(urlString);\r\n return (\r\n parameters.hasOwnProperty(ServerHashParamKeys.ERROR_DESCRIPTION) ||\r\n parameters.hasOwnProperty(ServerHashParamKeys.ERROR) ||\r\n parameters.hasOwnProperty(ServerHashParamKeys.ACCESS_TOKEN) ||\r\n parameters.hasOwnProperty(ServerHashParamKeys.ID_TOKEN)\r\n );\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Returns deserialized portion of URL hash\r\n * @ignore\r\n */\r\n static deserializeHash(urlFragment: string): object {\r\n const hash = UrlUtils.getHashFromUrl(urlFragment);\r\n return CryptoUtils.deserialize(hash);\r\n }\r\n\r\n /**\r\n * @ignore\r\n * @param {string} URI\r\n * @returns {string} host from the URI\r\n *\r\n * extract URI from the host\r\n */\r\n static getHostFromUri(uri: string): string {\r\n // remove http:// or https:// from uri\r\n let extractedUri = String(uri).replace(/^(https?:)\\/\\//, \"\");\r\n extractedUri = extractedUri.split(\"/\")[0];\r\n return extractedUri;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\nimport { UrlUtils } from \"./UrlUtils\";\r\nimport { Logger } from \"../Logger\";\r\nimport { AuthCache } from \"../cache/AuthCache\";\r\nimport { TemporaryCacheKeys, Constants } from \"./Constants\";\r\nimport { TimeUtils } from \"./TimeUtils\";\r\n\r\nexport class WindowUtils {\r\n /**\r\n * @hidden\r\n * Interval in milliseconds that we poll a window\r\n * @ignore\r\n */\r\n private static POLLING_INTERVAL_MS = 50;\r\n\r\n /**\r\n * @hidden\r\n * Checks if the current page is running in an iframe.\r\n * @ignore\r\n */\r\n static isInIframe(): boolean {\r\n return window.parent !== window;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Check if the current page is running in a popup.\r\n * @ignore\r\n */\r\n static isInPopup(): boolean {\r\n return !!(window.opener && window.opener !== window);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * @param prefix\r\n * @param scopes\r\n * @param authority\r\n */\r\n static generateFrameName(prefix: string, requestSignature: string): string {\r\n return `${prefix}${Constants.resourceDelimiter}${requestSignature}`;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Polls an iframe until it loads a url with a hash\r\n * @ignore\r\n */\r\n static monitorIframeForHash(contentWindow: Window, timeout: number, urlNavigate: string, logger: Logger): Promise<string> {\r\n return new Promise((resolve, reject) => {\r\n /*\r\n * Polling for iframes can be purely timing based,\r\n * since we don't need to account for interaction.\r\n */\r\n const nowMark = TimeUtils.relativeNowMs();\r\n const timeoutMark = nowMark + timeout;\r\n\r\n logger.verbose(\"monitorWindowForIframe polling started\");\r\n\r\n const intervalId = setInterval(() => {\r\n if (TimeUtils.relativeNowMs() > timeoutMark) {\r\n logger.error(\"monitorIframeForHash unable to find hash in url, timing out\");\r\n logger.errorPii(`monitorIframeForHash polling timed out for url: ${urlNavigate}`);\r\n clearInterval(intervalId);\r\n reject(ClientAuthError.createTokenRenewalTimeoutError());\r\n return;\r\n }\r\n\r\n let href;\r\n\r\n try {\r\n /*\r\n * Will throw if cross origin,\r\n * which should be caught and ignored\r\n * since we need the interval to keep running while on STS UI.\r\n */\r\n href = contentWindow.location.href;\r\n } catch (e) {}\r\n\r\n if (href && UrlUtils.urlContainsHash(href)) {\r\n logger.verbose(\"monitorIframeForHash found url in hash\");\r\n clearInterval(intervalId);\r\n resolve(contentWindow.location.hash);\r\n } \r\n }, WindowUtils.POLLING_INTERVAL_MS);\r\n });\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Polls a popup until it loads a url with a hash\r\n * @ignore\r\n */\r\n static monitorPopupForHash(contentWindow: Window, timeout: number, urlNavigate: string, logger: Logger): Promise<string> {\r\n return new Promise((resolve, reject) => {\r\n /*\r\n * Polling for popups needs to be tick-based,\r\n * since a non-trivial amount of time can be spent on interaction (which should not count against the timeout).\r\n */\r\n const maxTicks = timeout / WindowUtils.POLLING_INTERVAL_MS;\r\n let ticks = 0;\r\n\r\n logger.verbose(\"monitorWindowForHash polling started\");\r\n\r\n const intervalId = setInterval(() => {\r\n if (contentWindow.closed) {\r\n logger.error(\"monitorWindowForHash window closed\");\r\n clearInterval(intervalId);\r\n reject(ClientAuthError.createUserCancelledError());\r\n return;\r\n }\r\n\r\n let href;\r\n try {\r\n /*\r\n * Will throw if cross origin,\r\n * which should be caught and ignored\r\n * since we need the interval to keep running while on STS UI.\r\n */\r\n href = contentWindow.location.href;\r\n } catch (e) {}\r\n\r\n // Don't process blank pages or cross domain\r\n if (!href || href === \"about:blank\") {\r\n return;\r\n }\r\n\r\n /*\r\n * Only run clock when we are on same domain for popups\r\n * as popup operations can take a long time.\r\n */\r\n ticks++;\r\n\r\n if (href && UrlUtils.urlContainsHash(href)) {\r\n logger.verbose(\"monitorPopupForHash found url in hash\");\r\n clearInterval(intervalId);\r\n const hash = contentWindow.location.hash;\r\n WindowUtils.clearUrlFragment(contentWindow);\r\n resolve(hash);\r\n } else if (ticks > maxTicks) {\r\n logger.error(\"monitorPopupForHash unable to find hash in url, timing out\");\r\n logger.errorPii(`monitorPopupForHash polling timed out for url: ${urlNavigate}`);\r\n clearInterval(intervalId);\r\n reject(ClientAuthError.createTokenRenewalTimeoutError());\r\n }\r\n }, WindowUtils.POLLING_INTERVAL_MS);\r\n });\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Loads iframe with authorization endpoint URL\r\n * @ignore\r\n */\r\n static loadFrame(urlNavigate: string, frameName: string, timeoutMs: number, logger: Logger): Promise<HTMLIFrameElement> {\r\n /*\r\n * This trick overcomes iframe navigation in IE\r\n * IE does not load the page consistently in iframe\r\n */\r\n logger.infoPii(\"LoadFrame: \" + frameName);\r\n\r\n return new Promise((resolve, reject) => {\r\n setTimeout(() => {\r\n const frameHandle = this.loadFrameSync(urlNavigate, frameName, logger);\r\n\r\n if (!frameHandle) {\r\n reject(`Unable to load iframe with name: ${frameName}`);\r\n return;\r\n }\r\n\r\n resolve(frameHandle);\r\n }, timeoutMs);\r\n });\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Loads the iframe synchronously when the navigateTimeFrame is set to `0`\r\n * @param urlNavigate\r\n * @param frameName\r\n * @param logger\r\n */\r\n static loadFrameSync(urlNavigate: string, frameName: string, logger: Logger): HTMLIFrameElement{\r\n const frameHandle = WindowUtils.addHiddenIFrame(frameName, logger);\r\n\r\n // returning to handle null in loadFrame, also to avoid null object access errors\r\n if (!frameHandle) {\r\n return null;\r\n }\r\n else if (frameHandle.src === \"\" || frameHandle.src === \"about:blank\") {\r\n frameHandle.src = urlNavigate;\r\n logger.infoPii(\"Frame Name : \" + frameName + \" Navigated to: \" + urlNavigate);\r\n }\r\n\r\n return frameHandle;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Adds the hidden iframe for silent token renewal.\r\n * @ignore\r\n */\r\n static addHiddenIFrame(iframeId: string, logger: Logger): HTMLIFrameElement {\r\n if (typeof iframeId === \"undefined\") {\r\n return null;\r\n }\r\n\r\n logger.infoPii(\"Add msal frame to document:\" + iframeId);\r\n let adalFrame = document.getElementById(iframeId) as HTMLIFrameElement;\r\n if (!adalFrame) {\r\n if (document.createElement &&\r\n document.documentElement &&\r\n (window.navigator.userAgent.indexOf(\"MSIE 5.0\") === -1)) {\r\n const ifr = document.createElement(\"iframe\");\r\n ifr.setAttribute(\"id\", iframeId);\r\n ifr.setAttribute(\"aria-hidden\", \"true\");\r\n ifr.style.visibility = \"hidden\";\r\n ifr.style.position = \"absolute\";\r\n ifr.style.width = ifr.style.height = \"0\";\r\n ifr.style.border = \"0\";\r\n ifr.setAttribute(\"sandbox\", \"allow-scripts allow-same-origin allow-forms\");\r\n adalFrame = (document.getElementsByTagName(\"body\")[0].appendChild(ifr) as HTMLIFrameElement);\r\n } else if (document.body && document.body.insertAdjacentHTML) {\r\n document.body.insertAdjacentHTML(\"beforeend\", \"<iframe name='\" + iframeId + \"' id='\" + iframeId + \"' style='display:none'></iframe>\");\r\n }\r\n\r\n if (window.frames && window.frames[iframeId]) {\r\n adalFrame = window.frames[iframeId];\r\n }\r\n }\r\n\r\n return adalFrame;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Removes a hidden iframe from the page.\r\n * @ignore\r\n */\r\n static removeHiddenIframe(iframe: HTMLIFrameElement): void {\r\n if (document.body === iframe.parentNode) {\r\n document.body.removeChild(iframe);\r\n }\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Find and return the iframe element with the given hash\r\n * @ignore\r\n */\r\n static getIframeWithHash(hash: string): HTMLIFrameElement {\r\n const iframes = document.getElementsByTagName(\"iframe\");\r\n const iframeArray: Array<HTMLIFrameElement> = Array.apply(null, Array(iframes.length)).map((iframe: HTMLIFrameElement, index: number) => iframes.item(index)); // eslint-disable-line prefer-spread\r\n\r\n return iframeArray.filter((iframe: HTMLIFrameElement) => {\r\n try {\r\n return iframe.contentWindow.location.hash === hash;\r\n } catch (e) {\r\n return false;\r\n }\r\n })[0];\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Returns an array of all the popups opened by MSAL\r\n * @ignore\r\n */\r\n static getPopups(): Array<Window> {\r\n if (!window.openedWindows) {\r\n window.openedWindows = [];\r\n }\r\n\r\n return window.openedWindows;\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Find and return the popup with the given hash\r\n * @ignore\r\n */\r\n static getPopUpWithHash(hash: string): Window {\r\n return WindowUtils.getPopups().filter(popup => {\r\n try {\r\n return popup.location.hash === hash;\r\n } catch (e) {\r\n return false;\r\n }\r\n })[0];\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Add the popup to the known list of popups\r\n * @ignore\r\n */\r\n static trackPopup(popup: Window): void {\r\n WindowUtils.getPopups().push(popup);\r\n }\r\n\r\n /**\r\n * @hidden\r\n * Close all popups\r\n * @ignore\r\n */\r\n static closePopups(): void {\r\n WindowUtils.getPopups().forEach(popup => popup.close());\r\n }\r\n\r\n /**\r\n * @ignore\r\n *\r\n * blocks any login/acquireToken calls to reload from within a hidden iframe (generated for silent calls)\r\n */\r\n static blockReloadInHiddenIframes(): void {\r\n // return an error if called from the hidden iframe created by the msal js silent calls\r\n if (UrlUtils.urlContainsHash(window.location.hash) && WindowUtils.isInIframe()) {\r\n throw ClientAuthError.createBlockTokenRequestsInHiddenIframeError();\r\n }\r\n }\r\n\r\n /**\r\n *\r\n * @param cacheStorage\r\n */\r\n static checkIfBackButtonIsPressed(cacheStorage: AuthCache): void {\r\n const redirectCache = cacheStorage.getItem(TemporaryCacheKeys.REDIRECT_REQUEST);\r\n\r\n // if redirect request is set and there is no hash\r\n if(redirectCache && !UrlUtils.urlContainsHash(window.location.hash)) {\r\n const splitCache = redirectCache.split(Constants.resourceDelimiter);\r\n splitCache.shift();\r\n const state = splitCache.length > 0 ? splitCache.join(Constants.resourceDelimiter): null;\r\n cacheStorage.resetTempCacheItems(state);\r\n }\r\n }\r\n\r\n /**\r\n * Removes url fragment from browser url\r\n */\r\n static clearUrlFragment(contentWindow: Window): void {\r\n contentWindow.location.hash = \"\";\r\n // Office.js sets history.replaceState to null\r\n if (typeof contentWindow.history.replaceState === \"function\") {\r\n // Full removes \"#\" from url\r\n contentWindow.history.replaceState(null, null, `${contentWindow.location.pathname}${contentWindow.location.search}`);\r\n }\r\n }\r\n}\r\n","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tif(__webpack_module_cache__[moduleId]) {\n\t\treturn __webpack_module_cache__[moduleId].exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\t__webpack_modules__[moduleId](module, module.exports, __webpack_require__);\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","// module exports must be returned from runtime so entry inlining is disabled\n// startup\n// Load entry module and return exports\nreturn __webpack_require__(432);\n"],"sourceRoot":""} |