{"version":3,"sources":["node_modules/@azure/msal-common/dist/utils/Constants.mjs","node_modules/@azure/msal-common/dist/error/AuthErrorCodes.mjs","node_modules/@azure/msal-common/dist/error/AuthError.mjs","node_modules/@azure/msal-common/dist/error/ClientAuthErrorCodes.mjs","node_modules/@azure/msal-common/dist/error/ClientAuthError.mjs","node_modules/@azure/msal-common/dist/crypto/ICrypto.mjs","node_modules/@azure/msal-common/dist/utils/TimeUtils.mjs","node_modules/@azure/msal-common/dist/account/ClientInfo.mjs","node_modules/@azure/msal-common/dist/account/AccountInfo.mjs","node_modules/@azure/msal-common/dist/authority/AuthorityType.mjs","node_modules/@azure/msal-common/dist/account/TokenClaims.mjs","node_modules/@azure/msal-common/dist/authority/ProtocolMode.mjs","node_modules/@azure/msal-common/dist/cache/entities/AccountEntity.mjs","node_modules/@azure/msal-common/dist/telemetry/performance/PerformanceEvent.mjs","node_modules/@azure/msal-common/dist/utils/FunctionWrappers.mjs","node_modules/@azure/msal-common/dist/authority/OpenIdConfigResponse.mjs","node_modules/@azure/msal-common/dist/error/ClientConfigurationErrorCodes.mjs","node_modules/@azure/msal-common/dist/error/ClientConfigurationError.mjs","node_modules/@azure/msal-common/dist/utils/StringUtils.mjs","node_modules/@azure/msal-common/dist/utils/UrlUtils.mjs","node_modules/@azure/msal-common/dist/url/UrlString.mjs","node_modules/@azure/msal-common/dist/authority/AuthorityMetadata.mjs","node_modules/@azure/msal-common/dist/authority/AuthorityOptions.mjs","node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryResponse.mjs","node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs","node_modules/@azure/msal-common/dist/authority/RegionDiscovery.mjs","node_modules/@azure/msal-common/dist/cache/utils/CacheHelpers.mjs","node_modules/@azure/msal-common/dist/account/AuthToken.mjs","node_modules/@azure/msal-common/dist/authority/Authority.mjs","node_modules/@azure/msal-common/dist/error/InteractionRequiredAuthErrorCodes.mjs","node_modules/@azure/msal-common/dist/error/InteractionRequiredAuthError.mjs","node_modules/@azure/msal-common/dist/logger/Logger.mjs","node_modules/@azure/msal-common/dist/packageMetadata.mjs","node_modules/@azure/msal-common/dist/request/ScopeSet.mjs","node_modules/@azure/msal-common/dist/cache/CacheManager.mjs","node_modules/@azure/msal-common/dist/config/ClientConfiguration.mjs","node_modules/@azure/msal-common/dist/error/ServerError.mjs","node_modules/@azure/msal-common/dist/network/ThrottlingUtils.mjs","node_modules/@azure/msal-common/dist/network/NetworkManager.mjs","node_modules/@azure/msal-common/dist/account/CcsCredential.mjs","node_modules/@azure/msal-common/dist/constants/AADServerParamKeys.mjs","node_modules/@azure/msal-common/dist/request/RequestValidator.mjs","node_modules/@azure/msal-common/dist/request/RequestParameterBuilder.mjs","node_modules/@azure/msal-common/dist/authority/AuthorityFactory.mjs","node_modules/@azure/msal-common/dist/client/BaseClient.mjs","node_modules/@azure/msal-common/dist/cache/entities/CacheRecord.mjs","node_modules/@azure/msal-common/dist/utils/ProtocolUtils.mjs","node_modules/@azure/msal-common/dist/crypto/PopTokenGenerator.mjs","node_modules/@azure/msal-common/dist/cache/persistence/TokenCacheContext.mjs","node_modules/@azure/msal-common/dist/response/ResponseHandler.mjs","node_modules/@azure/msal-common/dist/client/AuthorizationCodeClient.mjs","node_modules/@azure/msal-common/dist/client/RefreshTokenClient.mjs","node_modules/@azure/msal-common/dist/client/SilentFlowClient.mjs","node_modules/@azure/msal-common/dist/network/INetworkModule.mjs","node_modules/@azure/msal-common/dist/error/JoseHeaderErrorCodes.mjs","node_modules/@azure/msal-common/dist/error/JoseHeaderError.mjs","node_modules/@azure/msal-common/dist/crypto/JoseHeader.mjs","node_modules/@azure/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs","node_modules/@azure/msal-common/dist/telemetry/performance/StubPerformanceClient.mjs","node_modules/@azure/msal-browser/dist/error/BrowserAuthErrorCodes.mjs","node_modules/@azure/msal-browser/dist/error/BrowserAuthError.mjs","node_modules/@azure/msal-browser/dist/utils/BrowserConstants.mjs","node_modules/@azure/msal-browser/dist/crypto/BrowserCrypto.mjs","node_modules/@azure/msal-browser/dist/encode/Base64Encode.mjs","node_modules/@azure/msal-browser/dist/encode/Base64Decode.mjs","node_modules/@azure/msal-browser/dist/cache/DatabaseStorage.mjs","node_modules/@azure/msal-browser/dist/cache/MemoryStorage.mjs","node_modules/@azure/msal-browser/dist/cache/AsyncMemoryStorage.mjs","node_modules/@azure/msal-browser/dist/cache/CryptoKeyStore.mjs","node_modules/@azure/msal-browser/dist/crypto/CryptoOps.mjs","node_modules/@azure/msal-browser/dist/event/EventType.mjs","node_modules/@azure/msal-browser/dist/event/EventHandler.mjs"],"sourcesContent":["/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst Constants = {\n LIBRARY_NAME: \"MSAL.JS\",\n SKU: \"msal.js.common\",\n // Prefix for all library cache entries\n CACHE_PREFIX: \"msal\",\n // default authority\n DEFAULT_AUTHORITY: \"https://login.microsoftonline.com/common/\",\n DEFAULT_AUTHORITY_HOST: \"login.microsoftonline.com\",\n DEFAULT_COMMON_TENANT: \"common\",\n // ADFS String\n ADFS: \"adfs\",\n DSTS: \"dstsv2\",\n // Default AAD Instance Discovery Endpoint\n AAD_INSTANCE_DISCOVERY_ENDPT: \"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=\",\n // CIAM URL\n CIAM_AUTH_URL: \".ciamlogin.com\",\n AAD_TENANT_DOMAIN_SUFFIX: \".onmicrosoft.com\",\n // Resource delimiter - used for certain cache entries\n RESOURCE_DELIM: \"|\",\n // Placeholder for non-existent account ids/objects\n NO_ACCOUNT: \"NO_ACCOUNT\",\n // Claims\n CLAIMS: \"claims\",\n // Consumer UTID\n CONSUMER_UTID: \"9188040d-6c67-4c5b-b112-36a304b66dad\",\n // Default scopes\n OPENID_SCOPE: \"openid\",\n PROFILE_SCOPE: \"profile\",\n OFFLINE_ACCESS_SCOPE: \"offline_access\",\n EMAIL_SCOPE: \"email\",\n // Default response type for authorization code flow\n CODE_RESPONSE_TYPE: \"code\",\n CODE_GRANT_TYPE: \"authorization_code\",\n RT_GRANT_TYPE: \"refresh_token\",\n FRAGMENT_RESPONSE_MODE: \"fragment\",\n S256_CODE_CHALLENGE_METHOD: \"S256\",\n URL_FORM_CONTENT_TYPE: \"application/x-www-form-urlencoded;charset=utf-8\",\n AUTHORIZATION_PENDING: \"authorization_pending\",\n NOT_DEFINED: \"not_defined\",\n EMPTY_STRING: \"\",\n NOT_APPLICABLE: \"N/A\",\n FORWARD_SLASH: \"/\",\n IMDS_ENDPOINT: \"http://169.254.169.254/metadata/instance/compute/location\",\n IMDS_VERSION: \"2020-06-01\",\n IMDS_TIMEOUT: 2000,\n AZURE_REGION_AUTO_DISCOVER_FLAG: \"TryAutoDetect\",\n REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: \"login.microsoft.com\",\n KNOWN_PUBLIC_CLOUDS: [\n \"login.microsoftonline.com\",\n \"login.windows.net\",\n \"login.microsoft.com\",\n \"sts.windows.net\",\n ],\n TOKEN_RESPONSE_TYPE: \"token\",\n ID_TOKEN_RESPONSE_TYPE: \"id_token\",\n SHR_NONCE_VALIDITY: 240,\n INVALID_INSTANCE: \"invalid_instance\",\n};\nconst HttpStatus = {\n SUCCESS_RANGE_START: 200,\n SUCCESS_RANGE_END: 299,\n REDIRECT: 302,\n CLIENT_ERROR_RANGE_START: 400,\n CLIENT_ERROR_RANGE_END: 499,\n SERVER_ERROR_RANGE_START: 500,\n SERVER_ERROR_RANGE_END: 599,\n};\nconst OIDC_DEFAULT_SCOPES = [\n Constants.OPENID_SCOPE,\n Constants.PROFILE_SCOPE,\n Constants.OFFLINE_ACCESS_SCOPE,\n];\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, Constants.EMAIL_SCOPE];\n/**\n * Request header names\n */\nconst HeaderNames = {\n CONTENT_TYPE: \"Content-Type\",\n RETRY_AFTER: \"Retry-After\",\n CCS_HEADER: \"X-AnchorMailbox\",\n WWWAuthenticate: \"WWW-Authenticate\",\n AuthenticationInfo: \"Authentication-Info\",\n X_MS_REQUEST_ID: \"x-ms-request-id\",\n X_MS_HTTP_VERSION: \"x-ms-httpver\",\n};\n/**\n * Persistent cache keys MSAL which stay while user is logged in.\n */\nconst PersistentCacheKeys = {\n ID_TOKEN: \"idtoken\",\n CLIENT_INFO: \"client.info\",\n ADAL_ID_TOKEN: \"adal.idtoken\",\n ERROR: \"error\",\n ERROR_DESC: \"error.description\",\n ACTIVE_ACCOUNT: \"active-account\",\n ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\n};\n/**\n * String constants related to AAD Authority\n */\nconst AADAuthorityConstants = {\n COMMON: \"common\",\n ORGANIZATIONS: \"organizations\",\n CONSUMERS: \"consumers\",\n};\n/**\n * Claims request keys\n */\nconst ClaimsRequestKeys = {\n ACCESS_TOKEN: \"access_token\",\n XMS_CC: \"xms_cc\",\n};\n/**\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\n */\nconst PromptValue = {\n LOGIN: \"login\",\n SELECT_ACCOUNT: \"select_account\",\n CONSENT: \"consent\",\n NONE: \"none\",\n CREATE: \"create\",\n NO_SESSION: \"no_session\",\n};\n/**\n * allowed values for codeVerifier\n */\nconst CodeChallengeMethodValues = {\n PLAIN: \"plain\",\n S256: \"S256\",\n};\n/**\n * allowed values for server response type\n */\nconst ServerResponseType = {\n QUERY: \"query\",\n FRAGMENT: \"fragment\",\n};\n/**\n * allowed values for response_mode\n */\nconst ResponseMode = {\n ...ServerResponseType,\n FORM_POST: \"form_post\",\n};\n/**\n * allowed grant_type\n */\nconst GrantType = {\n IMPLICIT_GRANT: \"implicit\",\n AUTHORIZATION_CODE_GRANT: \"authorization_code\",\n CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\n RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\n REFRESH_TOKEN_GRANT: \"refresh_token\",\n DEVICE_CODE_GRANT: \"device_code\",\n JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\n};\n/**\n * Account types in Cache\n */\nconst CacheAccountType = {\n MSSTS_ACCOUNT_TYPE: \"MSSTS\",\n ADFS_ACCOUNT_TYPE: \"ADFS\",\n MSAV1_ACCOUNT_TYPE: \"MSA\",\n GENERIC_ACCOUNT_TYPE: \"Generic\", // NTLM, Kerberos, FBA, Basic etc\n};\n/**\n * Separators used in cache\n */\nconst Separators = {\n CACHE_KEY_SEPARATOR: \"-\",\n CLIENT_INFO_SEPARATOR: \".\",\n};\n/**\n * Credential Type stored in the cache\n */\nconst CredentialType = {\n ID_TOKEN: \"IdToken\",\n ACCESS_TOKEN: \"AccessToken\",\n ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\n REFRESH_TOKEN: \"RefreshToken\",\n};\n/**\n * Combine all cache types\n */\nconst CacheType = {\n ADFS: 1001,\n MSA: 1002,\n MSSTS: 1003,\n GENERIC: 1004,\n ACCESS_TOKEN: 2001,\n REFRESH_TOKEN: 2002,\n ID_TOKEN: 2003,\n APP_METADATA: 3001,\n UNDEFINED: 9999,\n};\n/**\n * More Cache related constants\n */\nconst APP_METADATA = \"appmetadata\";\nconst CLIENT_INFO = \"client_info\";\nconst THE_FAMILY_ID = \"1\";\nconst AUTHORITY_METADATA_CONSTANTS = {\n CACHE_KEY: \"authority-metadata\",\n REFRESH_TIME_SECONDS: 3600 * 24, // 24 Hours\n};\nconst AuthorityMetadataSource = {\n CONFIG: \"config\",\n CACHE: \"cache\",\n NETWORK: \"network\",\n HARDCODED_VALUES: \"hardcoded_values\",\n};\nconst SERVER_TELEM_CONSTANTS = {\n SCHEMA_VERSION: 5,\n MAX_CUR_HEADER_BYTES: 80,\n MAX_LAST_HEADER_BYTES: 330,\n MAX_CACHED_ERRORS: 50,\n CACHE_KEY: \"server-telemetry\",\n CATEGORY_SEPARATOR: \"|\",\n VALUE_SEPARATOR: \",\",\n OVERFLOW_TRUE: \"1\",\n OVERFLOW_FALSE: \"0\",\n UNKNOWN_ERROR: \"unknown_error\",\n};\n/**\n * Type of the authentication request\n */\nconst AuthenticationScheme = {\n BEARER: \"Bearer\",\n POP: \"pop\",\n SSH: \"ssh-cert\",\n};\n/**\n * Constants related to throttling\n */\nconst ThrottlingConstants = {\n // Default time to throttle RequestThumbprint in seconds\n DEFAULT_THROTTLE_TIME_SECONDS: 60,\n // Default maximum time to throttle in seconds, overrides what the server sends back\n DEFAULT_MAX_THROTTLE_TIME_SECONDS: 3600,\n // Prefix for storing throttling entries\n THROTTLING_PREFIX: \"throttling\",\n // Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\n X_MS_LIB_CAPABILITY_VALUE: \"retry-after, h429\",\n};\nconst Errors = {\n INVALID_GRANT_ERROR: \"invalid_grant\",\n CLIENT_MISMATCH_ERROR: \"client_mismatch\",\n};\n/**\n * Password grant parameters\n */\nconst PasswordGrantConstants = {\n username: \"username\",\n password: \"password\",\n};\n/**\n * Response codes\n */\nconst ResponseCodes = {\n httpSuccess: 200,\n httpBadRequest: 400,\n};\n/**\n * Region Discovery Sources\n */\nconst RegionDiscoverySources = {\n FAILED_AUTO_DETECTION: \"1\",\n INTERNAL_CACHE: \"2\",\n ENVIRONMENT_VARIABLE: \"3\",\n IMDS: \"4\",\n};\n/**\n * Region Discovery Outcomes\n */\nconst RegionDiscoveryOutcomes = {\n CONFIGURED_MATCHES_DETECTED: \"1\",\n CONFIGURED_NO_AUTO_DETECTION: \"2\",\n CONFIGURED_NOT_DETECTED: \"3\",\n AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\n AUTO_DETECTION_REQUESTED_FAILED: \"5\",\n};\n/**\n * Specifies the reason for fetching the access token from the identity provider\n */\nconst CacheOutcome = {\n // When a token is found in the cache or the cache is not supposed to be hit when making the request\n NOT_APPLICABLE: \"0\",\n // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\n FORCE_REFRESH_OR_CLAIMS: \"1\",\n // When the token request goes to the identity provider because no cached access token exists\n NO_CACHED_ACCESS_TOKEN: \"2\",\n // When the token request goes to the identity provider because cached access token expired\n CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\n // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\n PROACTIVELY_REFRESHED: \"4\",\n};\nconst JsonWebTokenTypes = {\n Jwt: \"JWT\",\n Jwk: \"JWK\",\n Pop: \"pop\",\n};\nconst ONE_DAY_IN_MS = 86400000;\n\nexport { AADAuthorityConstants, APP_METADATA, AUTHORITY_METADATA_CONSTANTS, AuthenticationScheme, AuthorityMetadataSource, CLIENT_INFO, CacheAccountType, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, Constants, CredentialType, Errors, GrantType, HeaderNames, HttpStatus, JsonWebTokenTypes, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, PasswordGrantConstants, PersistentCacheKeys, PromptValue, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseCodes, ResponseMode, SERVER_TELEM_CONSTANTS, Separators, ServerResponseType, THE_FAMILY_ID, ThrottlingConstants };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * AuthErrorMessage class containing string constants used by error codes and messages.\n */\nconst unexpectedError = \"unexpected_error\";\nconst postRequestFailed = \"post_request_failed\";\n\nexport { postRequestFailed, unexpectedError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Constants } from '../utils/Constants.mjs';\nimport { unexpectedError, postRequestFailed } from './AuthErrorCodes.mjs';\nimport * as AuthErrorCodes from './AuthErrorCodes.mjs';\nexport { AuthErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst AuthErrorMessages = {\n [unexpectedError]: \"Unexpected error in authentication.\",\n [postRequestFailed]: \"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details.\",\n};\n/**\n * AuthErrorMessage class containing string constants used by error codes and messages.\n * @deprecated Use AuthErrorCodes instead\n */\nconst AuthErrorMessage = {\n unexpectedError: {\n code: unexpectedError,\n desc: AuthErrorMessages[unexpectedError],\n },\n postRequestFailed: {\n code: postRequestFailed,\n desc: AuthErrorMessages[postRequestFailed],\n },\n};\n/**\n * General error class thrown by the MSAL.js library.\n */\nclass AuthError extends Error {\n constructor(errorCode, errorMessage, suberror) {\n const errorString = errorMessage\n ? `${errorCode}: ${errorMessage}`\n : errorCode;\n super(errorString);\n Object.setPrototypeOf(this, AuthError.prototype);\n this.errorCode = errorCode || Constants.EMPTY_STRING;\n this.errorMessage = errorMessage || Constants.EMPTY_STRING;\n this.subError = suberror || Constants.EMPTY_STRING;\n this.name = \"AuthError\";\n }\n setCorrelationId(correlationId) {\n this.correlationId = correlationId;\n }\n}\nfunction createAuthError(code, additionalMessage) {\n return new AuthError(code, additionalMessage\n ? `${AuthErrorMessages[code]} ${additionalMessage}`\n : AuthErrorMessages[code]);\n}\n\nexport { AuthError, AuthErrorMessage, AuthErrorMessages, createAuthError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst clientInfoDecodingError = \"client_info_decoding_error\";\nconst clientInfoEmptyError = \"client_info_empty_error\";\nconst tokenParsingError = \"token_parsing_error\";\nconst nullOrEmptyToken = \"null_or_empty_token\";\nconst endpointResolutionError = \"endpoints_resolution_error\";\nconst networkError = \"network_error\";\nconst openIdConfigError = \"openid_config_error\";\nconst hashNotDeserialized = \"hash_not_deserialized\";\nconst invalidState = \"invalid_state\";\nconst stateMismatch = \"state_mismatch\";\nconst stateNotFound = \"state_not_found\";\nconst nonceMismatch = \"nonce_mismatch\";\nconst authTimeNotFound = \"auth_time_not_found\";\nconst maxAgeTranspired = \"max_age_transpired\";\nconst multipleMatchingTokens = \"multiple_matching_tokens\";\nconst multipleMatchingAccounts = \"multiple_matching_accounts\";\nconst multipleMatchingAppMetadata = \"multiple_matching_appMetadata\";\nconst requestCannotBeMade = \"request_cannot_be_made\";\nconst cannotRemoveEmptyScope = \"cannot_remove_empty_scope\";\nconst cannotAppendScopeSet = \"cannot_append_scopeset\";\nconst emptyInputScopeSet = \"empty_input_scopeset\";\nconst deviceCodePollingCancelled = \"device_code_polling_cancelled\";\nconst deviceCodeExpired = \"device_code_expired\";\nconst deviceCodeUnknownError = \"device_code_unknown_error\";\nconst noAccountInSilentRequest = \"no_account_in_silent_request\";\nconst invalidCacheRecord = \"invalid_cache_record\";\nconst invalidCacheEnvironment = \"invalid_cache_environment\";\nconst noAccountFound = \"no_account_found\";\nconst noCryptoObject = \"no_crypto_object\";\nconst unexpectedCredentialType = \"unexpected_credential_type\";\nconst invalidAssertion = \"invalid_assertion\";\nconst invalidClientCredential = \"invalid_client_credential\";\nconst tokenRefreshRequired = \"token_refresh_required\";\nconst userTimeoutReached = \"user_timeout_reached\";\nconst tokenClaimsCnfRequiredForSignedJwt = \"token_claims_cnf_required_for_signedjwt\";\nconst authorizationCodeMissingFromServerResponse = \"authorization_code_missing_from_server_response\";\nconst bindingKeyNotRemoved = \"binding_key_not_removed\";\nconst endSessionEndpointNotSupported = \"end_session_endpoint_not_supported\";\nconst keyIdMissing = \"key_id_missing\";\nconst noNetworkConnectivity = \"no_network_connectivity\";\nconst userCanceled = \"user_canceled\";\nconst missingTenantIdError = \"missing_tenant_id_error\";\nconst methodNotImplemented = \"method_not_implemented\";\nconst nestedAppAuthBridgeDisabled = \"nested_app_auth_bridge_disabled\";\n\nexport { authTimeNotFound, authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved, cannotAppendScopeSet, cannotRemoveEmptyScope, clientInfoDecodingError, clientInfoEmptyError, deviceCodeExpired, deviceCodePollingCancelled, deviceCodeUnknownError, emptyInputScopeSet, endSessionEndpointNotSupported, endpointResolutionError, hashNotDeserialized, invalidAssertion, invalidCacheEnvironment, invalidCacheRecord, invalidClientCredential, invalidState, keyIdMissing, maxAgeTranspired, methodNotImplemented, missingTenantIdError, multipleMatchingAccounts, multipleMatchingAppMetadata, multipleMatchingTokens, nestedAppAuthBridgeDisabled, networkError, noAccountFound, noAccountInSilentRequest, noCryptoObject, noNetworkConnectivity, nonceMismatch, nullOrEmptyToken, openIdConfigError, requestCannotBeMade, stateMismatch, stateNotFound, tokenClaimsCnfRequiredForSignedJwt, tokenParsingError, tokenRefreshRequired, unexpectedCredentialType, userCanceled, userTimeoutReached };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\nimport { clientInfoDecodingError, clientInfoEmptyError, tokenParsingError, nullOrEmptyToken, endpointResolutionError, networkError, openIdConfigError, hashNotDeserialized, invalidState, stateMismatch, stateNotFound, nonceMismatch, authTimeNotFound, maxAgeTranspired, multipleMatchingTokens, multipleMatchingAccounts, multipleMatchingAppMetadata, requestCannotBeMade, cannotRemoveEmptyScope, cannotAppendScopeSet, emptyInputScopeSet, deviceCodePollingCancelled, deviceCodeExpired, deviceCodeUnknownError, noAccountInSilentRequest, invalidCacheRecord, invalidCacheEnvironment, noAccountFound, noCryptoObject, unexpectedCredentialType, invalidAssertion, invalidClientCredential, tokenRefreshRequired, userTimeoutReached, tokenClaimsCnfRequiredForSignedJwt, authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved, endSessionEndpointNotSupported, keyIdMissing, noNetworkConnectivity, userCanceled, missingTenantIdError, nestedAppAuthBridgeDisabled, methodNotImplemented } from './ClientAuthErrorCodes.mjs';\nimport * as ClientAuthErrorCodes from './ClientAuthErrorCodes.mjs';\nexport { ClientAuthErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * ClientAuthErrorMessage class containing string constants used by error codes and messages.\n */\nconst ClientAuthErrorMessages = {\n [clientInfoDecodingError]: \"The client info could not be parsed/decoded correctly\",\n [clientInfoEmptyError]: \"The client info was empty\",\n [tokenParsingError]: \"Token cannot be parsed\",\n [nullOrEmptyToken]: \"The token is null or empty\",\n [endpointResolutionError]: \"Endpoints cannot be resolved\",\n [networkError]: \"Network request failed\",\n [openIdConfigError]: \"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.\",\n [hashNotDeserialized]: \"The hash parameters could not be deserialized\",\n [invalidState]: \"State was not the expected format\",\n [stateMismatch]: \"State mismatch error\",\n [stateNotFound]: \"State not found\",\n [nonceMismatch]: \"Nonce mismatch error\",\n [authTimeNotFound]: \"Max Age was requested and the ID token is missing the auth_time variable.\" +\n \" auth_time is an optional claim and is not enabled by default - it must be enabled.\" +\n \" See https://aka.ms/msaljs/optional-claims for more information.\",\n [maxAgeTranspired]: \"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.\",\n [multipleMatchingTokens]: \"The cache contains multiple tokens satisfying the requirements. \" +\n \"Call AcquireToken again providing more requirements such as authority or account.\",\n [multipleMatchingAccounts]: \"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account\",\n [multipleMatchingAppMetadata]: \"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata\",\n [requestCannotBeMade]: \"Token request cannot be made without authorization code or refresh token.\",\n [cannotRemoveEmptyScope]: \"Cannot remove null or empty scope from ScopeSet\",\n [cannotAppendScopeSet]: \"Cannot append ScopeSet\",\n [emptyInputScopeSet]: \"Empty input ScopeSet cannot be processed\",\n [deviceCodePollingCancelled]: \"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.\",\n [deviceCodeExpired]: \"Device code is expired.\",\n [deviceCodeUnknownError]: \"Device code stopped polling for unknown reasons.\",\n [noAccountInSilentRequest]: \"Please pass an account object, silent flow is not supported without account information\",\n [invalidCacheRecord]: \"Cache record object was null or undefined.\",\n [invalidCacheEnvironment]: \"Invalid environment when attempting to create cache entry\",\n [noAccountFound]: \"No account found in cache for given key.\",\n [noCryptoObject]: \"No crypto object detected.\",\n [unexpectedCredentialType]: \"Unexpected credential type.\",\n [invalidAssertion]: \"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515\",\n [invalidClientCredential]: \"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential\",\n [tokenRefreshRequired]: \"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.\",\n [userTimeoutReached]: \"User defined timeout for device code polling reached\",\n [tokenClaimsCnfRequiredForSignedJwt]: \"Cannot generate a POP jwt if the token_claims are not populated\",\n [authorizationCodeMissingFromServerResponse]: \"Server response does not contain an authorization code to proceed\",\n [bindingKeyNotRemoved]: \"Could not remove the credential's binding key from storage.\",\n [endSessionEndpointNotSupported]: \"The provided authority does not support logout\",\n [keyIdMissing]: \"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.\",\n [noNetworkConnectivity]: \"No network connectivity. Check your internet connection.\",\n [userCanceled]: \"User cancelled the flow.\",\n [missingTenantIdError]: \"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.\",\n [methodNotImplemented]: \"This method has not been implemented\",\n [nestedAppAuthBridgeDisabled]: \"The nested app auth bridge is disabled\",\n};\n/**\n * String constants used by error codes and messages.\n * @deprecated Use ClientAuthErrorCodes instead\n */\nconst ClientAuthErrorMessage = {\n clientInfoDecodingError: {\n code: clientInfoDecodingError,\n desc: ClientAuthErrorMessages[clientInfoDecodingError],\n },\n clientInfoEmptyError: {\n code: clientInfoEmptyError,\n desc: ClientAuthErrorMessages[clientInfoEmptyError],\n },\n tokenParsingError: {\n code: tokenParsingError,\n desc: ClientAuthErrorMessages[tokenParsingError],\n },\n nullOrEmptyToken: {\n code: nullOrEmptyToken,\n desc: ClientAuthErrorMessages[nullOrEmptyToken],\n },\n endpointResolutionError: {\n code: endpointResolutionError,\n desc: ClientAuthErrorMessages[endpointResolutionError],\n },\n networkError: {\n code: networkError,\n desc: ClientAuthErrorMessages[networkError],\n },\n unableToGetOpenidConfigError: {\n code: openIdConfigError,\n desc: ClientAuthErrorMessages[openIdConfigError],\n },\n hashNotDeserialized: {\n code: hashNotDeserialized,\n desc: ClientAuthErrorMessages[hashNotDeserialized],\n },\n invalidStateError: {\n code: invalidState,\n desc: ClientAuthErrorMessages[invalidState],\n },\n stateMismatchError: {\n code: stateMismatch,\n desc: ClientAuthErrorMessages[stateMismatch],\n },\n stateNotFoundError: {\n code: stateNotFound,\n desc: ClientAuthErrorMessages[stateNotFound],\n },\n nonceMismatchError: {\n code: nonceMismatch,\n desc: ClientAuthErrorMessages[nonceMismatch],\n },\n authTimeNotFoundError: {\n code: authTimeNotFound,\n desc: ClientAuthErrorMessages[authTimeNotFound],\n },\n maxAgeTranspired: {\n code: maxAgeTranspired,\n desc: ClientAuthErrorMessages[maxAgeTranspired],\n },\n multipleMatchingTokens: {\n code: multipleMatchingTokens,\n desc: ClientAuthErrorMessages[multipleMatchingTokens],\n },\n multipleMatchingAccounts: {\n code: multipleMatchingAccounts,\n desc: ClientAuthErrorMessages[multipleMatchingAccounts],\n },\n multipleMatchingAppMetadata: {\n code: multipleMatchingAppMetadata,\n desc: ClientAuthErrorMessages[multipleMatchingAppMetadata],\n },\n tokenRequestCannotBeMade: {\n code: requestCannotBeMade,\n desc: ClientAuthErrorMessages[requestCannotBeMade],\n },\n removeEmptyScopeError: {\n code: cannotRemoveEmptyScope,\n desc: ClientAuthErrorMessages[cannotRemoveEmptyScope],\n },\n appendScopeSetError: {\n code: cannotAppendScopeSet,\n desc: ClientAuthErrorMessages[cannotAppendScopeSet],\n },\n emptyInputScopeSetError: {\n code: emptyInputScopeSet,\n desc: ClientAuthErrorMessages[emptyInputScopeSet],\n },\n DeviceCodePollingCancelled: {\n code: deviceCodePollingCancelled,\n desc: ClientAuthErrorMessages[deviceCodePollingCancelled],\n },\n DeviceCodeExpired: {\n code: deviceCodeExpired,\n desc: ClientAuthErrorMessages[deviceCodeExpired],\n },\n DeviceCodeUnknownError: {\n code: deviceCodeUnknownError,\n desc: ClientAuthErrorMessages[deviceCodeUnknownError],\n },\n NoAccountInSilentRequest: {\n code: noAccountInSilentRequest,\n desc: ClientAuthErrorMessages[noAccountInSilentRequest],\n },\n invalidCacheRecord: {\n code: invalidCacheRecord,\n desc: ClientAuthErrorMessages[invalidCacheRecord],\n },\n invalidCacheEnvironment: {\n code: invalidCacheEnvironment,\n desc: ClientAuthErrorMessages[invalidCacheEnvironment],\n },\n noAccountFound: {\n code: noAccountFound,\n desc: ClientAuthErrorMessages[noAccountFound],\n },\n noCryptoObj: {\n code: noCryptoObject,\n desc: ClientAuthErrorMessages[noCryptoObject],\n },\n unexpectedCredentialType: {\n code: unexpectedCredentialType,\n desc: ClientAuthErrorMessages[unexpectedCredentialType],\n },\n invalidAssertion: {\n code: invalidAssertion,\n desc: ClientAuthErrorMessages[invalidAssertion],\n },\n invalidClientCredential: {\n code: invalidClientCredential,\n desc: ClientAuthErrorMessages[invalidClientCredential],\n },\n tokenRefreshRequired: {\n code: tokenRefreshRequired,\n desc: ClientAuthErrorMessages[tokenRefreshRequired],\n },\n userTimeoutReached: {\n code: userTimeoutReached,\n desc: ClientAuthErrorMessages[userTimeoutReached],\n },\n tokenClaimsRequired: {\n code: tokenClaimsCnfRequiredForSignedJwt,\n desc: ClientAuthErrorMessages[tokenClaimsCnfRequiredForSignedJwt],\n },\n noAuthorizationCodeFromServer: {\n code: authorizationCodeMissingFromServerResponse,\n desc: ClientAuthErrorMessages[authorizationCodeMissingFromServerResponse],\n },\n bindingKeyNotRemovedError: {\n code: bindingKeyNotRemoved,\n desc: ClientAuthErrorMessages[bindingKeyNotRemoved],\n },\n logoutNotSupported: {\n code: endSessionEndpointNotSupported,\n desc: ClientAuthErrorMessages[endSessionEndpointNotSupported],\n },\n keyIdMissing: {\n code: keyIdMissing,\n desc: ClientAuthErrorMessages[keyIdMissing],\n },\n noNetworkConnectivity: {\n code: noNetworkConnectivity,\n desc: ClientAuthErrorMessages[noNetworkConnectivity],\n },\n userCanceledError: {\n code: userCanceled,\n desc: ClientAuthErrorMessages[userCanceled],\n },\n missingTenantIdError: {\n code: missingTenantIdError,\n desc: ClientAuthErrorMessages[missingTenantIdError],\n },\n nestedAppAuthBridgeDisabled: {\n code: nestedAppAuthBridgeDisabled,\n desc: ClientAuthErrorMessages[nestedAppAuthBridgeDisabled],\n },\n};\n/**\n * Error thrown when there is an error in the client code running on the browser.\n */\nclass ClientAuthError extends AuthError {\n constructor(errorCode, additionalMessage) {\n super(errorCode, additionalMessage\n ? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`\n : ClientAuthErrorMessages[errorCode]);\n this.name = \"ClientAuthError\";\n Object.setPrototypeOf(this, ClientAuthError.prototype);\n }\n}\nfunction createClientAuthError(errorCode, additionalMessage) {\n return new ClientAuthError(errorCode, additionalMessage);\n}\n\nexport { ClientAuthError, ClientAuthErrorMessage, ClientAuthErrorMessages, createClientAuthError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { methodNotImplemented } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst DEFAULT_CRYPTO_IMPLEMENTATION = {\n createNewGuid: () => {\n throw createClientAuthError(methodNotImplemented);\n },\n base64Decode: () => {\n throw createClientAuthError(methodNotImplemented);\n },\n base64Encode: () => {\n throw createClientAuthError(methodNotImplemented);\n },\n async getPublicKeyThumbprint() {\n throw createClientAuthError(methodNotImplemented);\n },\n async removeTokenBindingKey() {\n throw createClientAuthError(methodNotImplemented);\n },\n async clearKeystore() {\n throw createClientAuthError(methodNotImplemented);\n },\n async signJwt() {\n throw createClientAuthError(methodNotImplemented);\n },\n async hashString() {\n throw createClientAuthError(methodNotImplemented);\n },\n};\n\nexport { DEFAULT_CRYPTO_IMPLEMENTATION };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Utility functions for managing date and time operations.\n */\n/**\n * return the current time in Unix time (seconds).\n */\nfunction nowSeconds() {\n // Date.getTime() returns in milliseconds.\n return Math.round(new Date().getTime() / 1000.0);\n}\n/**\n * check if a token is expired based on given UTC time in seconds.\n * @param expiresOn\n */\nfunction isTokenExpired(expiresOn, offset) {\n // check for access token expiry\n const expirationSec = Number(expiresOn) || 0;\n const offsetCurrentTimeSec = nowSeconds() + offset;\n // If current time + offset is greater than token expiration time, then token is expired.\n return offsetCurrentTimeSec > expirationSec;\n}\n/**\n * If the current time is earlier than the time that a token was cached at, we must discard the token\n * i.e. The system clock was turned back after acquiring the cached token\n * @param cachedAt\n * @param offset\n */\nfunction wasClockTurnedBack(cachedAt) {\n const cachedAtSec = Number(cachedAt);\n return cachedAtSec > nowSeconds();\n}\n/**\n * Waits for t number of milliseconds\n * @param t number\n * @param value T\n */\nfunction delay(t, value) {\n return new Promise((resolve) => setTimeout(() => resolve(value), t));\n}\n\nexport { delay, isTokenExpired, nowSeconds, wasClockTurnedBack };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { Separators, Constants } from '../utils/Constants.mjs';\nimport { clientInfoEmptyError, clientInfoDecodingError } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Function to build a client info object from server clientInfo string\n * @param rawClientInfo\n * @param crypto\n */\nfunction buildClientInfo(rawClientInfo, base64Decode) {\n if (!rawClientInfo) {\n throw createClientAuthError(clientInfoEmptyError);\n }\n try {\n const decodedClientInfo = base64Decode(rawClientInfo);\n return JSON.parse(decodedClientInfo);\n }\n catch (e) {\n throw createClientAuthError(clientInfoDecodingError);\n }\n}\n/**\n * Function to build a client info object from cached homeAccountId string\n * @param homeAccountId\n */\nfunction buildClientInfoFromHomeAccountId(homeAccountId) {\n if (!homeAccountId) {\n throw createClientAuthError(clientInfoDecodingError);\n }\n const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);\n return {\n uid: clientInfoParts[0],\n utid: clientInfoParts.length < 2\n ? Constants.EMPTY_STRING\n : clientInfoParts[1],\n };\n}\n\nexport { buildClientInfo, buildClientInfoFromHomeAccountId };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Returns true if tenantId matches the utid portion of homeAccountId\n * @param tenantId\n * @param homeAccountId\n * @returns\n */\nfunction tenantIdMatchesHomeTenant(tenantId, homeAccountId) {\n return (!!tenantId &&\n !!homeAccountId &&\n tenantId === homeAccountId.split(\".\")[1]);\n}\nfunction buildTenantProfileFromIdTokenClaims(homeAccountId, idTokenClaims) {\n const { oid, sub, tid, name, tfp, acr } = idTokenClaims;\n /**\n * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:\n * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.\n * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.\n * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.\n */\n const tenantId = tid || tfp || acr || \"\";\n return {\n tenantId: tenantId,\n localAccountId: oid || sub || \"\",\n name: name,\n isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),\n };\n}\n/**\n * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info\n * @param baseAccountInfo\n * @param idTokenClaims\n * @returns\n */\nfunction updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {\n let updatedAccountInfo = baseAccountInfo;\n // Tenant Profile overrides passed in account info\n if (tenantProfile) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;\n updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };\n }\n // ID token claims override passed in account info and tenant profile\n if (idTokenClaims) {\n // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfileFromIdTokenClaims(baseAccountInfo.homeAccountId, idTokenClaims);\n updatedAccountInfo = {\n ...updatedAccountInfo,\n ...claimsSourcedTenantProfile,\n idTokenClaims: idTokenClaims,\n idToken: idTokenSecret,\n };\n return updatedAccountInfo;\n }\n return updatedAccountInfo;\n}\n\nexport { buildTenantProfileFromIdTokenClaims, tenantIdMatchesHomeTenant, updateAccountTenantProfileData };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Authority types supported by MSAL.\n */\nconst AuthorityType = {\n Default: 0,\n Adfs: 1,\n Dsts: 2,\n Ciam: 3,\n};\n\nexport { AuthorityType };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Gets tenantId from available ID token claims to set as credential realm with the following precedence:\n * 1. tid - if the token is acquired from an Azure AD tenant tid will be present\n * 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present\n * 3. acr - if the token is acquired from a legacy B2C tenant acr should be present\n * Downcased to match the realm case-insensitive comparison requirements\n * @param idTokenClaims\n * @returns\n */\nfunction getTenantIdFromIdTokenClaims(idTokenClaims) {\n if (idTokenClaims) {\n const tenantId = idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr;\n return tenantId || null;\n }\n return null;\n}\n\nexport { getTenantIdFromIdTokenClaims };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Protocol modes supported by MSAL.\n */\nconst ProtocolMode = {\n AAD: \"AAD\",\n OIDC: \"OIDC\",\n};\n\nexport { ProtocolMode };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Separators, CacheAccountType } from '../../utils/Constants.mjs';\nimport { buildClientInfo } from '../../account/ClientInfo.mjs';\nimport { buildTenantProfileFromIdTokenClaims } from '../../account/AccountInfo.mjs';\nimport { createClientAuthError } from '../../error/ClientAuthError.mjs';\nimport { AuthorityType } from '../../authority/AuthorityType.mjs';\nimport { getTenantIdFromIdTokenClaims } from '../../account/TokenClaims.mjs';\nimport { ProtocolMode } from '../../authority/ProtocolMode.mjs';\nimport { invalidCacheEnvironment } from '../../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).\n *\n * Key : Value Schema\n *\n * Key: --\n *\n * Value Schema:\n * {\n * homeAccountId: home account identifier for the auth scheme,\n * environment: entity that issued the token, represented as a full host\n * realm: Full tenant or organizational identifier that the account belongs to\n * localAccountId: Original tenant-specific accountID, usually used for legacy cases\n * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt\n * authorityType: Accounts authority type as a string\n * name: Full name for the account, including given name and family name,\n * lastModificationTime: last time this entity was modified in the cache\n * lastModificationApp:\n * nativeAccountId: Account identifier on the native device\n * tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser\n * }\n * @internal\n */\nclass AccountEntity {\n /**\n * Generate Account Id key component as per the schema: -\n */\n generateAccountId() {\n const accountId = [this.homeAccountId, this.environment];\n return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n }\n /**\n * Generate Account Cache Key as per the schema: --\n */\n generateAccountKey() {\n return AccountEntity.generateAccountCacheKey({\n homeAccountId: this.homeAccountId,\n environment: this.environment,\n tenantId: this.realm,\n username: this.username,\n localAccountId: this.localAccountId,\n });\n }\n /**\n * Returns the AccountInfo interface for this account.\n */\n getAccountInfo() {\n return {\n homeAccountId: this.homeAccountId,\n environment: this.environment,\n tenantId: this.realm,\n username: this.username,\n localAccountId: this.localAccountId,\n name: this.name,\n nativeAccountId: this.nativeAccountId,\n authorityType: this.authorityType,\n // Deserialize tenant profiles array into a Map\n tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {\n return [tenantProfile.tenantId, tenantProfile];\n })),\n };\n }\n /**\n * Returns true if the account entity is in single tenant format (outdated), false otherwise\n */\n isSingleTenant() {\n return !this.tenantProfiles;\n }\n /**\n * Generates account key from interface\n * @param accountInterface\n */\n static generateAccountCacheKey(accountInterface) {\n const homeTenantId = accountInterface.homeAccountId.split(\".\")[1];\n const accountKey = [\n accountInterface.homeAccountId,\n accountInterface.environment || \"\",\n homeTenantId || accountInterface.tenantId || \"\",\n ];\n return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n }\n /**\n * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.\n * @param accountDetails\n */\n static createAccount(accountDetails, authority, base64Decode) {\n const account = new AccountEntity();\n if (authority.authorityType === AuthorityType.Adfs) {\n account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;\n }\n else if (authority.protocolMode === ProtocolMode.AAD) {\n account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;\n }\n else {\n account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;\n }\n let clientInfo;\n if (accountDetails.clientInfo && base64Decode) {\n clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);\n }\n account.clientInfo = accountDetails.clientInfo;\n account.homeAccountId = accountDetails.homeAccountId;\n account.nativeAccountId = accountDetails.nativeAccountId;\n const env = accountDetails.environment ||\n (authority && authority.getPreferredCache());\n if (!env) {\n throw createClientAuthError(invalidCacheEnvironment);\n }\n account.environment = env;\n // non AAD scenarios can have empty realm\n account.realm =\n clientInfo?.utid ||\n getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||\n \"\";\n // How do you account for MSA CID here?\n account.localAccountId =\n clientInfo?.uid ||\n accountDetails.idTokenClaims.oid ||\n accountDetails.idTokenClaims.sub ||\n \"\";\n /*\n * In B2C scenarios the emails claim is used instead of preferred_username and it is an array.\n * In most cases it will contain a single email. This field should not be relied upon if a custom\n * policy is configured to return more than 1 email.\n */\n const preferredUsername = accountDetails.idTokenClaims.preferred_username ||\n accountDetails.idTokenClaims.upn;\n const email = accountDetails.idTokenClaims.emails\n ? accountDetails.idTokenClaims.emails[0]\n : null;\n account.username = preferredUsername || email || \"\";\n account.name = accountDetails.idTokenClaims.name;\n account.cloudGraphHostName = accountDetails.cloudGraphHostName;\n account.msGraphHost = accountDetails.msGraphHost;\n if (accountDetails.tenantProfiles) {\n account.tenantProfiles = accountDetails.tenantProfiles;\n }\n else {\n const tenantProfiles = [];\n if (accountDetails.idTokenClaims) {\n const tenantProfile = buildTenantProfileFromIdTokenClaims(accountDetails.homeAccountId, accountDetails.idTokenClaims);\n tenantProfiles.push(tenantProfile);\n }\n account.tenantProfiles = tenantProfiles;\n }\n return account;\n }\n /**\n * Creates an AccountEntity object from AccountInfo\n * @param accountInfo\n * @param cloudGraphHostName\n * @param msGraphHost\n * @returns\n */\n static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {\n const account = new AccountEntity();\n account.authorityType =\n accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;\n account.homeAccountId = accountInfo.homeAccountId;\n account.localAccountId = accountInfo.localAccountId;\n account.nativeAccountId = accountInfo.nativeAccountId;\n account.realm = accountInfo.tenantId;\n account.environment = accountInfo.environment;\n account.username = accountInfo.username;\n account.name = accountInfo.name;\n account.cloudGraphHostName = cloudGraphHostName;\n account.msGraphHost = msGraphHost;\n // Serialize tenant profiles map into an array\n account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);\n return account;\n }\n /**\n * Generate HomeAccountId from server response\n * @param serverClientInfo\n * @param authType\n */\n static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {\n // since ADFS/DSTS do not have tid and does not set client_info\n if (!(authType === AuthorityType.Adfs ||\n authType === AuthorityType.Dsts)) {\n // for cases where there is clientInfo\n if (serverClientInfo) {\n try {\n const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);\n if (clientInfo.uid && clientInfo.utid) {\n return `${clientInfo.uid}.${clientInfo.utid}`;\n }\n }\n catch (e) { }\n }\n logger.warning(\"No client info in response\");\n }\n // default to \"sub\" claim\n return idTokenClaims?.sub || \"\";\n }\n /**\n * Validates an entity: checks for all expected params\n * @param entity\n */\n static isAccountEntity(entity) {\n if (!entity) {\n return false;\n }\n return (entity.hasOwnProperty(\"homeAccountId\") &&\n entity.hasOwnProperty(\"environment\") &&\n entity.hasOwnProperty(\"realm\") &&\n entity.hasOwnProperty(\"localAccountId\") &&\n entity.hasOwnProperty(\"username\") &&\n entity.hasOwnProperty(\"authorityType\"));\n }\n /**\n * Helper function to determine whether 2 accountInfo objects represent the same account\n * @param accountA\n * @param accountB\n * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality\n */\n static accountInfoIsEqual(accountA, accountB, compareClaims) {\n if (!accountA || !accountB) {\n return false;\n }\n let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false\n if (compareClaims) {\n const accountAClaims = (accountA.idTokenClaims ||\n {});\n const accountBClaims = (accountB.idTokenClaims ||\n {});\n // issued at timestamp and nonce are expected to change each time a new id token is acquired\n claimsMatch =\n accountAClaims.iat === accountBClaims.iat &&\n accountAClaims.nonce === accountBClaims.nonce;\n }\n return (accountA.homeAccountId === accountB.homeAccountId &&\n accountA.localAccountId === accountB.localAccountId &&\n accountA.username === accountB.username &&\n accountA.tenantId === accountB.tenantId &&\n accountA.environment === accountB.environment &&\n accountA.nativeAccountId === accountB.nativeAccountId &&\n claimsMatch);\n }\n}\n\nexport { AccountEntity };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.\n *\n * @export\n * @enum {number}\n */\nconst PerformanceEvents = {\n /**\n * acquireTokenByCode API (msal-browser and msal-node).\n * Used to acquire tokens by trading an authorization code against the token endpoint.\n */\n AcquireTokenByCode: \"acquireTokenByCode\",\n /**\n * acquireTokenByRefreshToken API (msal-browser and msal-node).\n * Used to renew an access token using a refresh token against the token endpoint.\n */\n AcquireTokenByRefreshToken: \"acquireTokenByRefreshToken\",\n /**\n * acquireTokenSilent API (msal-browser and msal-node).\n * Used to silently acquire a new access token (from the cache or the network).\n */\n AcquireTokenSilent: \"acquireTokenSilent\",\n /**\n * acquireTokenSilentAsync (msal-browser).\n * Internal API for acquireTokenSilent.\n */\n AcquireTokenSilentAsync: \"acquireTokenSilentAsync\",\n /**\n * acquireTokenPopup (msal-browser).\n * Used to acquire a new access token interactively through pop ups\n */\n AcquireTokenPopup: \"acquireTokenPopup\",\n /**\n * acquireTokenRedirect (msal-browser).\n * Used to acquire a new access token interactively through redirects\n */\n AcquireTokenRedirect: \"acquireTokenRedirect\",\n /**\n * getPublicKeyThumbprint API in CryptoOpts class (msal-browser).\n * Used to generate a public/private keypair and generate a public key thumbprint for pop requests.\n */\n CryptoOptsGetPublicKeyThumbprint: \"cryptoOptsGetPublicKeyThumbprint\",\n /**\n * signJwt API in CryptoOpts class (msal-browser).\n * Used to signed a pop token.\n */\n CryptoOptsSignJwt: \"cryptoOptsSignJwt\",\n /**\n * acquireToken API in the SilentCacheClient class (msal-browser).\n * Used to read access tokens from the cache.\n */\n SilentCacheClientAcquireToken: \"silentCacheClientAcquireToken\",\n /**\n * acquireToken API in the SilentIframeClient class (msal-browser).\n * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.\n */\n SilentIframeClientAcquireToken: \"silentIframeClientAcquireToken\",\n /**\n * acquireToken API in SilentRereshClient (msal-browser).\n * Used to acquire a new set of tokens from the token endpoint using a refresh token.\n */\n SilentRefreshClientAcquireToken: \"silentRefreshClientAcquireToken\",\n /**\n * ssoSilent API (msal-browser).\n * Used to silently acquire an authorization code and set of tokens using a hidden iframe.\n */\n SsoSilent: \"ssoSilent\",\n /**\n * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).\n * Used to load authority metadata for a request.\n */\n StandardInteractionClientGetDiscoveredAuthority: \"standardInteractionClientGetDiscoveredAuthority\",\n /**\n * acquireToken APIs in msal-browser.\n * Used to make an /authorize endpoint call with native brokering enabled.\n */\n FetchAccountIdWithNativeBroker: \"fetchAccountIdWithNativeBroker\",\n /**\n * acquireToken API in NativeInteractionClient class (msal-browser).\n * Used to acquire a token from Native component when native brokering is enabled.\n */\n NativeInteractionClientAcquireToken: \"nativeInteractionClientAcquireToken\",\n /**\n * Time spent creating default headers for requests to token endpoint\n */\n BaseClientCreateTokenRequestHeaders: \"baseClientCreateTokenRequestHeaders\",\n /**\n * Time spent sending/waiting for the response of a request to the token endpoint\n */\n RefreshTokenClientExecutePostToTokenEndpoint: \"refreshTokenClientExecutePostToTokenEndpoint\",\n AuthorizationCodeClientExecutePostToTokenEndpoint: \"authorizationCodeClientExecutePostToTokenEndpoint\",\n /**\n * Used to measure the time taken for completing embedded-broker handshake (PW-Broker).\n */\n BrokerHandhshake: \"brokerHandshake\",\n /**\n * acquireTokenByRefreshToken API in BrokerClientApplication (PW-Broker) .\n */\n AcquireTokenByRefreshTokenInBroker: \"acquireTokenByRefreshTokenInBroker\",\n /**\n * Time taken for token acquisition by broker\n */\n AcquireTokenByBroker: \"acquireTokenByBroker\",\n /**\n * Time spent on the network for refresh token acquisition\n */\n RefreshTokenClientExecuteTokenRequest: \"refreshTokenClientExecuteTokenRequest\",\n /**\n * Time taken for acquiring refresh token , records RT size\n */\n RefreshTokenClientAcquireToken: \"refreshTokenClientAcquireToken\",\n /**\n * Time taken for acquiring cached refresh token\n */\n RefreshTokenClientAcquireTokenWithCachedRefreshToken: \"refreshTokenClientAcquireTokenWithCachedRefreshToken\",\n /**\n * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).\n */\n RefreshTokenClientAcquireTokenByRefreshToken: \"refreshTokenClientAcquireTokenByRefreshToken\",\n /**\n * Helper function to create token request body in RefreshTokenClient (msal-common).\n */\n RefreshTokenClientCreateTokenRequestBody: \"refreshTokenClientCreateTokenRequestBody\",\n /**\n * acquireTokenFromCache (msal-browser).\n * Internal API for acquiring token from cache\n */\n AcquireTokenFromCache: \"acquireTokenFromCache\",\n SilentFlowClientAcquireCachedToken: \"silentFlowClientAcquireCachedToken\",\n SilentFlowClientGenerateResultFromCacheRecord: \"silentFlowClientGenerateResultFromCacheRecord\",\n /**\n * acquireTokenBySilentIframe (msal-browser).\n * Internal API for acquiring token by silent Iframe\n */\n AcquireTokenBySilentIframe: \"acquireTokenBySilentIframe\",\n /**\n * Internal API for initializing base request in BaseInteractionClient (msal-browser)\n */\n InitializeBaseRequest: \"initializeBaseRequest\",\n /**\n * Internal API for initializing silent request in SilentCacheClient (msal-browser)\n */\n InitializeSilentRequest: \"initializeSilentRequest\",\n InitializeClientApplication: \"initializeClientApplication\",\n /**\n * Helper function in SilentIframeClient class (msal-browser).\n */\n SilentIframeClientTokenHelper: \"silentIframeClientTokenHelper\",\n /**\n * SilentHandler\n */\n SilentHandlerInitiateAuthRequest: \"silentHandlerInitiateAuthRequest\",\n SilentHandlerMonitorIframeForHash: \"silentHandlerMonitorIframeForHash\",\n SilentHandlerLoadFrame: \"silentHandlerLoadFrame\",\n SilentHandlerLoadFrameSync: \"silentHandlerLoadFrameSync\",\n /**\n * Helper functions in StandardInteractionClient class (msal-browser)\n */\n StandardInteractionClientCreateAuthCodeClient: \"standardInteractionClientCreateAuthCodeClient\",\n StandardInteractionClientGetClientConfiguration: \"standardInteractionClientGetClientConfiguration\",\n StandardInteractionClientInitializeAuthorizationRequest: \"standardInteractionClientInitializeAuthorizationRequest\",\n StandardInteractionClientInitializeAuthorizationCodeRequest: \"standardInteractionClientInitializeAuthorizationCodeRequest\",\n /**\n * getAuthCodeUrl API (msal-browser and msal-node).\n */\n GetAuthCodeUrl: \"getAuthCodeUrl\",\n /**\n * Functions from InteractionHandler (msal-browser)\n */\n HandleCodeResponseFromServer: \"handleCodeResponseFromServer\",\n HandleCodeResponse: \"handleCodeResponse\",\n UpdateTokenEndpointAuthority: \"updateTokenEndpointAuthority\",\n /**\n * APIs in Authorization Code Client (msal-common)\n */\n AuthClientAcquireToken: \"authClientAcquireToken\",\n AuthClientExecuteTokenRequest: \"authClientExecuteTokenRequest\",\n AuthClientCreateTokenRequestBody: \"authClientCreateTokenRequestBody\",\n AuthClientCreateQueryString: \"authClientCreateQueryString\",\n /**\n * Generate functions in PopTokenGenerator (msal-common)\n */\n PopTokenGenerateCnf: \"popTokenGenerateCnf\",\n PopTokenGenerateKid: \"popTokenGenerateKid\",\n /**\n * handleServerTokenResponse API in ResponseHandler (msal-common)\n */\n HandleServerTokenResponse: \"handleServerTokenResponse\",\n DeserializeResponse: \"deserializeResponse\",\n /**\n * Authority functions\n */\n AuthorityFactoryCreateDiscoveredInstance: \"authorityFactoryCreateDiscoveredInstance\",\n AuthorityResolveEndpointsAsync: \"authorityResolveEndpointsAsync\",\n AuthorityResolveEndpointsFromLocalSources: \"authorityResolveEndpointsFromLocalSources\",\n AuthorityGetCloudDiscoveryMetadataFromNetwork: \"authorityGetCloudDiscoveryMetadataFromNetwork\",\n AuthorityUpdateCloudDiscoveryMetadata: \"authorityUpdateCloudDiscoveryMetadata\",\n AuthorityGetEndpointMetadataFromNetwork: \"authorityGetEndpointMetadataFromNetwork\",\n AuthorityUpdateEndpointMetadata: \"authorityUpdateEndpointMetadata\",\n AuthorityUpdateMetadataWithRegionalInformation: \"authorityUpdateMetadataWithRegionalInformation\",\n /**\n * Region Discovery functions\n */\n RegionDiscoveryDetectRegion: \"regionDiscoveryDetectRegion\",\n RegionDiscoveryGetRegionFromIMDS: \"regionDiscoveryGetRegionFromIMDS\",\n RegionDiscoveryGetCurrentVersion: \"regionDiscoveryGetCurrentVersion\",\n AcquireTokenByCodeAsync: \"acquireTokenByCodeAsync\",\n GetEndpointMetadataFromNetwork: \"getEndpointMetadataFromNetwork\",\n GetCloudDiscoveryMetadataFromNetworkMeasurement: \"getCloudDiscoveryMetadataFromNetworkMeasurement\",\n HandleRedirectPromiseMeasurement: \"handleRedirectPromise\",\n HandleNativeRedirectPromiseMeasurement: \"handleNativeRedirectPromise\",\n UpdateCloudDiscoveryMetadataMeasurement: \"updateCloudDiscoveryMetadataMeasurement\",\n UsernamePasswordClientAcquireToken: \"usernamePasswordClientAcquireToken\",\n NativeMessageHandlerHandshake: \"nativeMessageHandlerHandshake\",\n NativeGenerateAuthResult: \"nativeGenerateAuthResult\",\n RemoveHiddenIframe: \"removeHiddenIframe\",\n /**\n * Cache operations\n */\n ClearTokensAndKeysWithClaims: \"clearTokensAndKeysWithClaims\",\n CacheManagerGetRefreshToken: \"cacheManagerGetRefreshToken\",\n /**\n * Crypto Operations\n */\n GeneratePkceCodes: \"generatePkceCodes\",\n GenerateCodeVerifier: \"generateCodeVerifier\",\n GenerateCodeChallengeFromVerifier: \"generateCodeChallengeFromVerifier\",\n Sha256Digest: \"sha256Digest\",\n GetRandomValues: \"getRandomValues\",\n};\n/**\n * State of the performance event.\n *\n * @export\n * @enum {number}\n */\nconst PerformanceEventStatus = {\n NotStarted: 0,\n InProgress: 1,\n Completed: 2,\n};\nconst IntFields = new Set([\n \"accessTokenSize\",\n \"durationMs\",\n \"idTokenSize\",\n \"matsSilentStatus\",\n \"matsHttpStatus\",\n \"refreshTokenSize\",\n \"queuedTimeMs\",\n \"startTimeMs\",\n \"status\",\n \"multiMatchedAT\",\n \"multiMatchedID\",\n \"multiMatchedRT\",\n]);\n\nexport { IntFields, PerformanceEventStatus, PerformanceEvents };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Wraps a function with a performance measurement.\n * Usage: invoke(functionToCall, performanceClient, \"EventName\", \"correlationId\")(...argsToPassToFunction)\n * @param callback\n * @param eventName\n * @param logger\n * @param telemetryClient\n * @param correlationId\n * @returns\n * @internal\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nconst invoke = (callback, eventName, logger, telemetryClient, correlationId) => {\n return (...args) => {\n logger.trace(`Executing function ${eventName}`);\n const inProgressEvent = telemetryClient?.startMeasurement(eventName, correlationId);\n if (correlationId) {\n // Track number of times this API is called in a single request\n const eventCount = eventName + \"CallCount\";\n telemetryClient?.incrementFields({ [eventCount]: 1 }, correlationId);\n }\n try {\n const result = callback(...args);\n inProgressEvent?.end({\n success: true,\n });\n logger.trace(`Returning result from ${eventName}`);\n return result;\n }\n catch (e) {\n logger.trace(`Error occurred in ${eventName}`);\n try {\n logger.trace(JSON.stringify(e));\n }\n catch (e) {\n logger.trace(\"Unable to print error message.\");\n }\n inProgressEvent?.end({\n success: false,\n });\n throw e;\n }\n };\n};\n/**\n * Wraps an async function with a performance measurement.\n * Usage: invokeAsync(functionToCall, performanceClient, \"EventName\", \"correlationId\")(...argsToPassToFunction)\n * @param callback\n * @param eventName\n * @param logger\n * @param telemetryClient\n * @param correlationId\n * @returns\n * @internal\n *\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nconst invokeAsync = (callback, eventName, logger, telemetryClient, correlationId) => {\n return (...args) => {\n logger.trace(`Executing function ${eventName}`);\n const inProgressEvent = telemetryClient?.startMeasurement(eventName, correlationId);\n if (correlationId) {\n // Track number of times this API is called in a single request\n const eventCount = eventName + \"CallCount\";\n telemetryClient?.incrementFields({ [eventCount]: 1 }, correlationId);\n }\n telemetryClient?.setPreQueueTime(eventName, correlationId);\n return callback(...args)\n .then((response) => {\n logger.trace(`Returning result from ${eventName}`);\n inProgressEvent?.end({\n success: true,\n });\n return response;\n })\n .catch((e) => {\n logger.trace(`Error occurred in ${eventName}`);\n try {\n logger.trace(JSON.stringify(e));\n }\n catch (e) {\n logger.trace(\"Unable to print error message.\");\n }\n inProgressEvent?.end({\n success: false,\n });\n throw e;\n });\n };\n};\n\nexport { invoke, invokeAsync };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nfunction isOpenIdConfigResponse(response) {\n return (response.hasOwnProperty(\"authorization_endpoint\") &&\n response.hasOwnProperty(\"token_endpoint\") &&\n response.hasOwnProperty(\"issuer\") &&\n response.hasOwnProperty(\"jwks_uri\"));\n}\n\nexport { isOpenIdConfigResponse };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst redirectUriEmpty = \"redirect_uri_empty\";\nconst claimsRequestParsingError = \"claims_request_parsing_error\";\nconst authorityUriInsecure = \"authority_uri_insecure\";\nconst urlParseError = \"url_parse_error\";\nconst urlEmptyError = \"empty_url_error\";\nconst emptyInputScopesError = \"empty_input_scopes_error\";\nconst invalidPromptValue = \"invalid_prompt_value\";\nconst invalidClaims = \"invalid_claims\";\nconst tokenRequestEmpty = \"token_request_empty\";\nconst logoutRequestEmpty = \"logout_request_empty\";\nconst invalidCodeChallengeMethod = \"invalid_code_challenge_method\";\nconst pkceParamsMissing = \"pkce_params_missing\";\nconst invalidCloudDiscoveryMetadata = \"invalid_cloud_discovery_metadata\";\nconst invalidAuthorityMetadata = \"invalid_authority_metadata\";\nconst untrustedAuthority = \"untrusted_authority\";\nconst missingSshJwk = \"missing_ssh_jwk\";\nconst missingSshKid = \"missing_ssh_kid\";\nconst missingNonceAuthenticationHeader = \"missing_nonce_authentication_header\";\nconst invalidAuthenticationHeader = \"invalid_authentication_header\";\nconst cannotSetOIDCOptions = \"cannot_set_OIDCOptions\";\nconst cannotAllowNativeBroker = \"cannot_allow_native_broker\";\nconst authorityMismatch = \"authority_mismatch\";\n\nexport { authorityMismatch, authorityUriInsecure, cannotAllowNativeBroker, cannotSetOIDCOptions, claimsRequestParsingError, emptyInputScopesError, invalidAuthenticationHeader, invalidAuthorityMetadata, invalidClaims, invalidCloudDiscoveryMetadata, invalidCodeChallengeMethod, invalidPromptValue, logoutRequestEmpty, missingNonceAuthenticationHeader, missingSshJwk, missingSshKid, pkceParamsMissing, redirectUriEmpty, tokenRequestEmpty, untrustedAuthority, urlEmptyError, urlParseError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\nimport { redirectUriEmpty, claimsRequestParsingError, authorityUriInsecure, urlParseError, urlEmptyError, emptyInputScopesError, invalidPromptValue, invalidClaims, tokenRequestEmpty, logoutRequestEmpty, invalidCodeChallengeMethod, pkceParamsMissing, invalidCloudDiscoveryMetadata, invalidAuthorityMetadata, untrustedAuthority, missingSshJwk, missingSshKid, missingNonceAuthenticationHeader, invalidAuthenticationHeader, cannotSetOIDCOptions, cannotAllowNativeBroker, authorityMismatch } from './ClientConfigurationErrorCodes.mjs';\nimport * as ClientConfigurationErrorCodes from './ClientConfigurationErrorCodes.mjs';\nexport { ClientConfigurationErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst ClientConfigurationErrorMessages = {\n [redirectUriEmpty]: \"A redirect URI is required for all calls, and none has been set.\",\n [claimsRequestParsingError]: \"Could not parse the given claims request object.\",\n [authorityUriInsecure]: \"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options\",\n [urlParseError]: \"URL could not be parsed into appropriate segments.\",\n [urlEmptyError]: \"URL was empty or null.\",\n [emptyInputScopesError]: \"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.\",\n [invalidPromptValue]: \"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest\",\n [invalidClaims]: \"Given claims parameter must be a stringified JSON object.\",\n [tokenRequestEmpty]: \"Token request was empty and not found in cache.\",\n [logoutRequestEmpty]: \"The logout request was null or undefined.\",\n [invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are \"plain\" and \"S256\".',\n [pkceParamsMissing]: \"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request\",\n [invalidCloudDiscoveryMetadata]: \"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields\",\n [invalidAuthorityMetadata]: \"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.\",\n [untrustedAuthority]: \"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.\",\n [missingSshJwk]: \"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.\",\n [missingSshKid]: \"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.\",\n [missingNonceAuthenticationHeader]: \"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.\",\n [invalidAuthenticationHeader]: \"Invalid authentication header provided\",\n [cannotSetOIDCOptions]: \"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.\",\n [cannotAllowNativeBroker]: \"Cannot set allowNativeBroker parameter to true when not in AAD protocol mode.\",\n [authorityMismatch]: \"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.\",\n};\n/**\n * ClientConfigurationErrorMessage class containing string constants used by error codes and messages.\n * @deprecated Use ClientConfigurationErrorCodes instead\n */\nconst ClientConfigurationErrorMessage = {\n redirectUriNotSet: {\n code: redirectUriEmpty,\n desc: ClientConfigurationErrorMessages[redirectUriEmpty],\n },\n claimsRequestParsingError: {\n code: claimsRequestParsingError,\n desc: ClientConfigurationErrorMessages[claimsRequestParsingError],\n },\n authorityUriInsecure: {\n code: authorityUriInsecure,\n desc: ClientConfigurationErrorMessages[authorityUriInsecure],\n },\n urlParseError: {\n code: urlParseError,\n desc: ClientConfigurationErrorMessages[urlParseError],\n },\n urlEmptyError: {\n code: urlEmptyError,\n desc: ClientConfigurationErrorMessages[urlEmptyError],\n },\n emptyScopesError: {\n code: emptyInputScopesError,\n desc: ClientConfigurationErrorMessages[emptyInputScopesError],\n },\n invalidPrompt: {\n code: invalidPromptValue,\n desc: ClientConfigurationErrorMessages[invalidPromptValue],\n },\n invalidClaimsRequest: {\n code: invalidClaims,\n desc: ClientConfigurationErrorMessages[invalidClaims],\n },\n tokenRequestEmptyError: {\n code: tokenRequestEmpty,\n desc: ClientConfigurationErrorMessages[tokenRequestEmpty],\n },\n logoutRequestEmptyError: {\n code: logoutRequestEmpty,\n desc: ClientConfigurationErrorMessages[logoutRequestEmpty],\n },\n invalidCodeChallengeMethod: {\n code: invalidCodeChallengeMethod,\n desc: ClientConfigurationErrorMessages[invalidCodeChallengeMethod],\n },\n invalidCodeChallengeParams: {\n code: pkceParamsMissing,\n desc: ClientConfigurationErrorMessages[pkceParamsMissing],\n },\n invalidCloudDiscoveryMetadata: {\n code: invalidCloudDiscoveryMetadata,\n desc: ClientConfigurationErrorMessages[invalidCloudDiscoveryMetadata],\n },\n invalidAuthorityMetadata: {\n code: invalidAuthorityMetadata,\n desc: ClientConfigurationErrorMessages[invalidAuthorityMetadata],\n },\n untrustedAuthority: {\n code: untrustedAuthority,\n desc: ClientConfigurationErrorMessages[untrustedAuthority],\n },\n missingSshJwk: {\n code: missingSshJwk,\n desc: ClientConfigurationErrorMessages[missingSshJwk],\n },\n missingSshKid: {\n code: missingSshKid,\n desc: ClientConfigurationErrorMessages[missingSshKid],\n },\n missingNonceAuthenticationHeader: {\n code: missingNonceAuthenticationHeader,\n desc: ClientConfigurationErrorMessages[missingNonceAuthenticationHeader],\n },\n invalidAuthenticationHeader: {\n code: invalidAuthenticationHeader,\n desc: ClientConfigurationErrorMessages[invalidAuthenticationHeader],\n },\n cannotSetOIDCOptions: {\n code: cannotSetOIDCOptions,\n desc: ClientConfigurationErrorMessages[cannotSetOIDCOptions],\n },\n cannotAllowNativeBroker: {\n code: cannotAllowNativeBroker,\n desc: ClientConfigurationErrorMessages[cannotAllowNativeBroker],\n },\n authorityMismatch: {\n code: authorityMismatch,\n desc: ClientConfigurationErrorMessages[authorityMismatch],\n },\n};\n/**\n * Error thrown when there is an error in configuration of the MSAL.js library.\n */\nclass ClientConfigurationError extends AuthError {\n constructor(errorCode) {\n super(errorCode, ClientConfigurationErrorMessages[errorCode]);\n this.name = \"ClientConfigurationError\";\n Object.setPrototypeOf(this, ClientConfigurationError.prototype);\n }\n}\nfunction createClientConfigurationError(errorCode) {\n return new ClientConfigurationError(errorCode);\n}\n\nexport { ClientConfigurationError, ClientConfigurationErrorMessage, ClientConfigurationErrorMessages, createClientConfigurationError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * @hidden\n */\nclass StringUtils {\n /**\n * Check if stringified object is empty\n * @param strObj\n */\n static isEmptyObj(strObj) {\n if (strObj) {\n try {\n const obj = JSON.parse(strObj);\n return Object.keys(obj).length === 0;\n }\n catch (e) { }\n }\n return true;\n }\n static startsWith(str, search) {\n return str.indexOf(search) === 0;\n }\n static endsWith(str, search) {\n return (str.length >= search.length &&\n str.lastIndexOf(search) === str.length - search.length);\n }\n /**\n * Parses string into an object.\n *\n * @param query\n */\n static queryStringToObject(query) {\n const obj = {};\n const params = query.split(\"&\");\n const decode = (s) => decodeURIComponent(s.replace(/\\+/g, \" \"));\n params.forEach((pair) => {\n if (pair.trim()) {\n const [key, value] = pair.split(/=(.+)/g, 2); // Split on the first occurence of the '=' character\n if (key && value) {\n obj[decode(key)] = decode(value);\n }\n }\n });\n return obj;\n }\n /**\n * Trims entries in an array.\n *\n * @param arr\n */\n static trimArrayEntries(arr) {\n return arr.map((entry) => entry.trim());\n }\n /**\n * Removes empty strings from array\n * @param arr\n */\n static removeEmptyStringsFromArray(arr) {\n return arr.filter((entry) => {\n return !!entry;\n });\n }\n /**\n * Attempts to parse a string into JSON\n * @param str\n */\n static jsonParseHelper(str) {\n try {\n return JSON.parse(str);\n }\n catch (e) {\n return null;\n }\n }\n /**\n * Tests if a given string matches a given pattern, with support for wildcards and queries.\n * @param pattern Wildcard pattern to string match. Supports \"*\" for wildcards and \"?\" for queries\n * @param input String to match against\n */\n static matchPattern(pattern, input) {\n /**\n * Wildcard support: https://stackoverflow.com/a/3117248/4888559\n * Queries: replaces \"?\" in string with escaped \"\\?\" for regex test\n */\n // eslint-disable-next-line security/detect-non-literal-regexp\n const regex = new RegExp(pattern\n .replace(/\\\\/g, \"\\\\\\\\\")\n .replace(/\\*/g, \"[^ ]*\")\n .replace(/\\?/g, \"\\\\?\"));\n return regex.test(input);\n }\n}\n\nexport { StringUtils };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { hashNotDeserialized } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Parses hash string from given string. Returns empty string if no hash symbol is found.\n * @param hashString\n */\nfunction stripLeadingHashOrQuery(responseString) {\n if (responseString.startsWith(\"#/\")) {\n return responseString.substring(2);\n }\n else if (responseString.startsWith(\"#\") ||\n responseString.startsWith(\"?\")) {\n return responseString.substring(1);\n }\n return responseString;\n}\n/**\n * Returns URL hash as server auth code response object.\n */\nfunction getDeserializedResponse(responseString) {\n // Check if given hash is empty\n if (!responseString || responseString.indexOf(\"=\") < 0) {\n return null;\n }\n try {\n // Strip the # or ? symbol if present\n const normalizedResponse = stripLeadingHashOrQuery(responseString);\n // If # symbol was not present, above will return empty string, so give original hash value\n const deserializedHash = Object.fromEntries(new URLSearchParams(normalizedResponse));\n // Check for known response properties\n if (deserializedHash.code ||\n deserializedHash.error ||\n deserializedHash.error_description ||\n deserializedHash.state) {\n return deserializedHash;\n }\n }\n catch (e) {\n throw createClientAuthError(hashNotDeserialized);\n }\n return null;\n}\n\nexport { getDeserializedResponse, stripLeadingHashOrQuery };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { StringUtils } from '../utils/StringUtils.mjs';\nimport { AADAuthorityConstants, Constants } from '../utils/Constants.mjs';\nimport { getDeserializedResponse } from '../utils/UrlUtils.mjs';\nimport { urlEmptyError, urlParseError, authorityUriInsecure } from '../error/ClientConfigurationErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Url object class which can perform various transformations on url strings.\n */\nclass UrlString {\n get urlString() {\n return this._urlString;\n }\n constructor(url) {\n this._urlString = url;\n if (!this._urlString) {\n // Throws error if url is empty\n throw createClientConfigurationError(urlEmptyError);\n }\n if (!url.includes(\"#\")) {\n this._urlString = UrlString.canonicalizeUri(url);\n }\n }\n /**\n * Ensure urls are lower case and end with a / character.\n * @param url\n */\n static canonicalizeUri(url) {\n if (url) {\n let lowerCaseUrl = url.toLowerCase();\n if (StringUtils.endsWith(lowerCaseUrl, \"?\")) {\n lowerCaseUrl = lowerCaseUrl.slice(0, -1);\n }\n else if (StringUtils.endsWith(lowerCaseUrl, \"?/\")) {\n lowerCaseUrl = lowerCaseUrl.slice(0, -2);\n }\n if (!StringUtils.endsWith(lowerCaseUrl, \"/\")) {\n lowerCaseUrl += \"/\";\n }\n return lowerCaseUrl;\n }\n return url;\n }\n /**\n * Throws if urlString passed is not a valid authority URI string.\n */\n validateAsUri() {\n // Attempts to parse url for uri components\n let components;\n try {\n components = this.getUrlComponents();\n }\n catch (e) {\n throw createClientConfigurationError(urlParseError);\n }\n // Throw error if URI or path segments are not parseable.\n if (!components.HostNameAndPort || !components.PathSegments) {\n throw createClientConfigurationError(urlParseError);\n }\n // Throw error if uri is insecure.\n if (!components.Protocol ||\n components.Protocol.toLowerCase() !== \"https:\") {\n throw createClientConfigurationError(authorityUriInsecure);\n }\n }\n /**\n * Given a url and a query string return the url with provided query string appended\n * @param url\n * @param queryString\n */\n static appendQueryString(url, queryString) {\n if (!queryString) {\n return url;\n }\n return url.indexOf(\"?\") < 0\n ? `${url}?${queryString}`\n : `${url}&${queryString}`;\n }\n /**\n * Returns a url with the hash removed\n * @param url\n */\n static removeHashFromUrl(url) {\n return UrlString.canonicalizeUri(url.split(\"#\")[0]);\n }\n /**\n * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d\n * @param href The url\n * @param tenantId The tenant id to replace\n */\n replaceTenantPath(tenantId) {\n const urlObject = this.getUrlComponents();\n const pathArray = urlObject.PathSegments;\n if (tenantId &&\n pathArray.length !== 0 &&\n (pathArray[0] === AADAuthorityConstants.COMMON ||\n pathArray[0] === AADAuthorityConstants.ORGANIZATIONS)) {\n pathArray[0] = tenantId;\n }\n return UrlString.constructAuthorityUriFromObject(urlObject);\n }\n /**\n * Parses out the components from a url string.\n * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url.\n */\n getUrlComponents() {\n // https://gist.github.com/curtisz/11139b2cfcaef4a261e0\n const regEx = RegExp(\"^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\\\?([^#]*))?(#(.*))?\");\n // If url string does not match regEx, we throw an error\n const match = this.urlString.match(regEx);\n if (!match) {\n throw createClientConfigurationError(urlParseError);\n }\n // Url component object\n const urlComponents = {\n Protocol: match[1],\n HostNameAndPort: match[4],\n AbsolutePath: match[5],\n QueryString: match[7],\n };\n let pathSegments = urlComponents.AbsolutePath.split(\"/\");\n pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements\n urlComponents.PathSegments = pathSegments;\n if (urlComponents.QueryString &&\n urlComponents.QueryString.endsWith(\"/\")) {\n urlComponents.QueryString = urlComponents.QueryString.substring(0, urlComponents.QueryString.length - 1);\n }\n return urlComponents;\n }\n static getDomainFromUrl(url) {\n const regEx = RegExp(\"^([^:/?#]+://)?([^/?#]*)\");\n const match = url.match(regEx);\n if (!match) {\n throw createClientConfigurationError(urlParseError);\n }\n return match[2];\n }\n static getAbsoluteUrl(relativeUrl, baseUrl) {\n if (relativeUrl[0] === Constants.FORWARD_SLASH) {\n const url = new UrlString(baseUrl);\n const baseComponents = url.getUrlComponents();\n return (baseComponents.Protocol +\n \"//\" +\n baseComponents.HostNameAndPort +\n relativeUrl);\n }\n return relativeUrl;\n }\n static constructAuthorityUriFromObject(urlObject) {\n return new UrlString(urlObject.Protocol +\n \"//\" +\n urlObject.HostNameAndPort +\n \"/\" +\n urlObject.PathSegments.join(\"/\"));\n }\n /**\n * Check if the hash of the URL string contains known properties\n * @deprecated This API will be removed in a future version\n */\n static hashContainsKnownProperties(response) {\n return !!getDeserializedResponse(response);\n }\n}\n\nexport { UrlString };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { UrlString } from '../url/UrlString.mjs';\nimport { AuthorityMetadataSource } from '../utils/Constants.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst rawMetdataJSON = {\n endpointMetadata: {\n \"login.microsoftonline.com\": {\n token_endpoint: \"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token\",\n jwks_uri: \"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys\",\n issuer: \"https://login.microsoftonline.com/{tenantid}/v2.0\",\n authorization_endpoint: \"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize\",\n end_session_endpoint: \"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout\",\n },\n \"login.chinacloudapi.cn\": {\n token_endpoint: \"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token\",\n jwks_uri: \"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys\",\n issuer: \"https://login.partner.microsoftonline.cn/{tenantid}/v2.0\",\n authorization_endpoint: \"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize\",\n end_session_endpoint: \"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout\",\n },\n \"login.microsoftonline.us\": {\n token_endpoint: \"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token\",\n jwks_uri: \"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys\",\n issuer: \"https://login.microsoftonline.us/{tenantid}/v2.0\",\n authorization_endpoint: \"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize\",\n end_session_endpoint: \"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout\",\n },\n },\n instanceDiscoveryMetadata: {\n tenant_discovery_endpoint: \"https://{canonicalAuthority}/v2.0/.well-known/openid-configuration\",\n metadata: [\n {\n preferred_network: \"login.microsoftonline.com\",\n preferred_cache: \"login.windows.net\",\n aliases: [\n \"login.microsoftonline.com\",\n \"login.windows.net\",\n \"login.microsoft.com\",\n \"sts.windows.net\",\n ],\n },\n {\n preferred_network: \"login.partner.microsoftonline.cn\",\n preferred_cache: \"login.partner.microsoftonline.cn\",\n aliases: [\n \"login.partner.microsoftonline.cn\",\n \"login.chinacloudapi.cn\",\n ],\n },\n {\n preferred_network: \"login.microsoftonline.de\",\n preferred_cache: \"login.microsoftonline.de\",\n aliases: [\"login.microsoftonline.de\"],\n },\n {\n preferred_network: \"login.microsoftonline.us\",\n preferred_cache: \"login.microsoftonline.us\",\n aliases: [\n \"login.microsoftonline.us\",\n \"login.usgovcloudapi.net\",\n ],\n },\n {\n preferred_network: \"login-us.microsoftonline.com\",\n preferred_cache: \"login-us.microsoftonline.com\",\n aliases: [\"login-us.microsoftonline.com\"],\n },\n ],\n },\n};\nconst EndpointMetadata = rawMetdataJSON.endpointMetadata;\nconst InstanceDiscoveryMetadata = rawMetdataJSON.instanceDiscoveryMetadata;\nconst InstanceDiscoveryMetadataAliases = new Set();\nInstanceDiscoveryMetadata.metadata.forEach((metadataEntry) => {\n metadataEntry.aliases.forEach((alias) => {\n InstanceDiscoveryMetadataAliases.add(alias);\n });\n});\n/**\n * Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host\n * @param staticAuthorityOptions\n * @param logger\n * @returns\n */\nfunction getAliasesFromStaticSources(staticAuthorityOptions, logger) {\n let staticAliases;\n const canonicalAuthority = staticAuthorityOptions.canonicalAuthority;\n if (canonicalAuthority) {\n const authorityHost = new UrlString(canonicalAuthority).getUrlComponents().HostNameAndPort;\n staticAliases =\n getAliasesFromMetadata(authorityHost, staticAuthorityOptions.cloudDiscoveryMetadata?.metadata, AuthorityMetadataSource.CONFIG, logger) ||\n getAliasesFromMetadata(authorityHost, InstanceDiscoveryMetadata.metadata, AuthorityMetadataSource.HARDCODED_VALUES, logger) ||\n staticAuthorityOptions.knownAuthorities;\n }\n return staticAliases || [];\n}\n/**\n * Returns aliases for from the raw cloud discovery metadata passed in\n * @param authorityHost\n * @param rawCloudDiscoveryMetadata\n * @returns\n */\nfunction getAliasesFromMetadata(authorityHost, cloudDiscoveryMetadata, source, logger) {\n logger?.trace(`getAliasesFromMetadata called with source: ${source}`);\n if (authorityHost && cloudDiscoveryMetadata) {\n const metadata = getCloudDiscoveryMetadataFromNetworkResponse(cloudDiscoveryMetadata, authorityHost);\n if (metadata) {\n logger?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${source}, returning aliases`);\n return metadata.aliases;\n }\n else {\n logger?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${source}`);\n }\n }\n return null;\n}\n/**\n * Get cloud discovery metadata for common authorities\n */\nfunction getCloudDiscoveryMetadataFromHardcodedValues(authorityHost) {\n const metadata = getCloudDiscoveryMetadataFromNetworkResponse(InstanceDiscoveryMetadata.metadata, authorityHost);\n return metadata;\n}\n/**\n * Searches instance discovery network response for the entry that contains the host in the aliases list\n * @param response\n * @param authority\n */\nfunction getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {\n for (let i = 0; i < response.length; i++) {\n const metadata = response[i];\n if (metadata.aliases.includes(authorityHost)) {\n return metadata;\n }\n }\n return null;\n}\n\nexport { EndpointMetadata, InstanceDiscoveryMetadata, InstanceDiscoveryMetadataAliases, getAliasesFromMetadata, getAliasesFromStaticSources, getCloudDiscoveryMetadataFromHardcodedValues, getCloudDiscoveryMetadataFromNetworkResponse, rawMetdataJSON };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst AzureCloudInstance = {\n // AzureCloudInstance is not specified.\n None: \"none\",\n // Microsoft Azure public cloud\n AzurePublic: \"https://login.microsoftonline.com\",\n // Microsoft PPE\n AzurePpe: \"https://login.windows-ppe.net\",\n // Microsoft Chinese national/regional cloud\n AzureChina: \"https://login.chinacloudapi.cn\",\n // Microsoft German national/regional cloud (\"Black Forest\")\n AzureGermany: \"https://login.microsoftonline.de\",\n // US Government cloud\n AzureUsGovernment: \"https://login.microsoftonline.us\",\n};\n\nexport { AzureCloudInstance };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nfunction isCloudInstanceDiscoveryResponse(response) {\n return (response.hasOwnProperty(\"tenant_discovery_endpoint\") &&\n response.hasOwnProperty(\"metadata\"));\n}\n\nexport { isCloudInstanceDiscoveryResponse };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nfunction isCloudInstanceDiscoveryErrorResponse(response) {\n return (response.hasOwnProperty(\"error\") &&\n response.hasOwnProperty(\"error_description\"));\n}\n\nexport { isCloudInstanceDiscoveryErrorResponse };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Constants, ResponseCodes, RegionDiscoverySources } from '../utils/Constants.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { invokeAsync } from '../utils/FunctionWrappers.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nclass RegionDiscovery {\n constructor(networkInterface, logger, performanceClient, correlationId) {\n this.networkInterface = networkInterface;\n this.logger = logger;\n this.performanceClient = performanceClient;\n this.correlationId = correlationId;\n }\n /**\n * Detect the region from the application's environment.\n *\n * @returns Promise\n */\n async detectRegion(environmentRegion, regionDiscoveryMetadata) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryDetectRegion, this.correlationId);\n // Initialize auto detected region with the region from the envrionment\n let autodetectedRegionName = environmentRegion;\n // Check if a region was detected from the environment, if not, attempt to get the region from IMDS\n if (!autodetectedRegionName) {\n const options = RegionDiscovery.IMDS_OPTIONS;\n try {\n const localIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(Constants.IMDS_VERSION, options);\n if (localIMDSVersionResponse.status ===\n ResponseCodes.httpSuccess) {\n autodetectedRegionName = localIMDSVersionResponse.body;\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.IMDS;\n }\n // If the response using the local IMDS version failed, try to fetch the current version of IMDS and retry.\n if (localIMDSVersionResponse.status ===\n ResponseCodes.httpBadRequest) {\n const currentIMDSVersion = await invokeAsync(this.getCurrentVersion.bind(this), PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.logger, this.performanceClient, this.correlationId)(options);\n if (!currentIMDSVersion) {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.FAILED_AUTO_DETECTION;\n return null;\n }\n const currentIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(currentIMDSVersion, options);\n if (currentIMDSVersionResponse.status ===\n ResponseCodes.httpSuccess) {\n autodetectedRegionName =\n currentIMDSVersionResponse.body;\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.IMDS;\n }\n }\n }\n catch (e) {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.FAILED_AUTO_DETECTION;\n return null;\n }\n }\n else {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.ENVIRONMENT_VARIABLE;\n }\n // If no region was auto detected from the environment or from the IMDS endpoint, mark the attempt as a FAILED_AUTO_DETECTION\n if (!autodetectedRegionName) {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.FAILED_AUTO_DETECTION;\n }\n return autodetectedRegionName || null;\n }\n /**\n * Make the call to the IMDS endpoint\n *\n * @param imdsEndpointUrl\n * @returns Promise>\n */\n async getRegionFromIMDS(version, options) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.correlationId);\n return this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?api-version=${version}&format=text`, options, Constants.IMDS_TIMEOUT);\n }\n /**\n * Get the most recent version of the IMDS endpoint available\n *\n * @returns Promise\n */\n async getCurrentVersion(options) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.correlationId);\n try {\n const response = await this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?format=json`, options);\n // When IMDS endpoint is called without the api version query param, bad request response comes back with latest version.\n if (response.status === ResponseCodes.httpBadRequest &&\n response.body &&\n response.body[\"newest-versions\"] &&\n response.body[\"newest-versions\"].length > 0) {\n return response.body[\"newest-versions\"][0];\n }\n return null;\n }\n catch (e) {\n return null;\n }\n }\n}\n// Options for the IMDS endpoint request\nRegionDiscovery.IMDS_OPTIONS = {\n headers: {\n Metadata: \"true\",\n },\n};\n\nexport { RegionDiscovery };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { extractTokenClaims } from '../../account/AuthToken.mjs';\nimport { createClientAuthError } from '../../error/ClientAuthError.mjs';\nimport { Separators, CredentialType, AuthenticationScheme, SERVER_TELEM_CONSTANTS, ThrottlingConstants, APP_METADATA, AUTHORITY_METADATA_CONSTANTS } from '../../utils/Constants.mjs';\nimport { nowSeconds } from '../../utils/TimeUtils.mjs';\nimport { tokenClaimsCnfRequiredForSignedJwt } from '../../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Cache Key: -------\n * IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com\n * AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop\n * RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com\n * @param credentialEntity\n * @returns\n */\nfunction generateCredentialKey(credentialEntity) {\n const credentialKey = [\n generateAccountId(credentialEntity),\n generateCredentialId(credentialEntity),\n generateTarget(credentialEntity),\n generateClaimsHash(credentialEntity),\n generateScheme(credentialEntity),\n ];\n return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n}\n/**\n * Create IdTokenEntity\n * @param homeAccountId\n * @param authenticationResult\n * @param clientId\n * @param authority\n */\nfunction createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {\n const idTokenEntity = {\n credentialType: CredentialType.ID_TOKEN,\n homeAccountId: homeAccountId,\n environment: environment,\n clientId: clientId,\n secret: idToken,\n realm: tenantId,\n };\n return idTokenEntity;\n}\n/**\n * Create AccessTokenEntity\n * @param homeAccountId\n * @param environment\n * @param accessToken\n * @param clientId\n * @param tenantId\n * @param scopes\n * @param expiresOn\n * @param extExpiresOn\n */\nfunction createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) {\n const atEntity = {\n homeAccountId: homeAccountId,\n credentialType: CredentialType.ACCESS_TOKEN,\n secret: accessToken,\n cachedAt: nowSeconds().toString(),\n expiresOn: expiresOn.toString(),\n extendedExpiresOn: extExpiresOn.toString(),\n environment: environment,\n clientId: clientId,\n realm: tenantId,\n target: scopes,\n tokenType: tokenType || AuthenticationScheme.BEARER,\n };\n if (userAssertionHash) {\n atEntity.userAssertionHash = userAssertionHash;\n }\n if (refreshOn) {\n atEntity.refreshOn = refreshOn.toString();\n }\n if (requestedClaims) {\n atEntity.requestedClaims = requestedClaims;\n atEntity.requestedClaimsHash = requestedClaimsHash;\n }\n /*\n * Create Access Token With Auth Scheme instead of regular access token\n * Cast to lower to handle \"bearer\" from ADFS\n */\n if (atEntity.tokenType?.toLowerCase() !==\n AuthenticationScheme.BEARER.toLowerCase()) {\n atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;\n switch (atEntity.tokenType) {\n case AuthenticationScheme.POP:\n // Make sure keyId is present and add it to credential\n const tokenClaims = extractTokenClaims(accessToken, base64Decode);\n if (!tokenClaims?.cnf?.kid) {\n throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);\n }\n atEntity.keyId = tokenClaims.cnf.kid;\n break;\n case AuthenticationScheme.SSH:\n atEntity.keyId = keyId;\n }\n }\n return atEntity;\n}\n/**\n * Create RefreshTokenEntity\n * @param homeAccountId\n * @param authenticationResult\n * @param clientId\n * @param authority\n */\nfunction createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {\n const rtEntity = {\n credentialType: CredentialType.REFRESH_TOKEN,\n homeAccountId: homeAccountId,\n environment: environment,\n clientId: clientId,\n secret: refreshToken,\n };\n if (userAssertionHash) {\n rtEntity.userAssertionHash = userAssertionHash;\n }\n if (familyId) {\n rtEntity.familyId = familyId;\n }\n if (expiresOn) {\n rtEntity.expiresOn = expiresOn.toString();\n }\n return rtEntity;\n}\nfunction isCredentialEntity(entity) {\n return (entity.hasOwnProperty(\"homeAccountId\") &&\n entity.hasOwnProperty(\"environment\") &&\n entity.hasOwnProperty(\"credentialType\") &&\n entity.hasOwnProperty(\"clientId\") &&\n entity.hasOwnProperty(\"secret\"));\n}\n/**\n * Validates an entity: checks for all expected params\n * @param entity\n */\nfunction isAccessTokenEntity(entity) {\n if (!entity) {\n return false;\n }\n return (isCredentialEntity(entity) &&\n entity.hasOwnProperty(\"realm\") &&\n entity.hasOwnProperty(\"target\") &&\n (entity[\"credentialType\"] === CredentialType.ACCESS_TOKEN ||\n entity[\"credentialType\"] ===\n CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));\n}\n/**\n * Validates an entity: checks for all expected params\n * @param entity\n */\nfunction isIdTokenEntity(entity) {\n if (!entity) {\n return false;\n }\n return (isCredentialEntity(entity) &&\n entity.hasOwnProperty(\"realm\") &&\n entity[\"credentialType\"] === CredentialType.ID_TOKEN);\n}\n/**\n * Validates an entity: checks for all expected params\n * @param entity\n */\nfunction isRefreshTokenEntity(entity) {\n if (!entity) {\n return false;\n }\n return (isCredentialEntity(entity) &&\n entity[\"credentialType\"] === CredentialType.REFRESH_TOKEN);\n}\n/**\n * Generate Account Id key component as per the schema: -\n */\nfunction generateAccountId(credentialEntity) {\n const accountId = [\n credentialEntity.homeAccountId,\n credentialEntity.environment,\n ];\n return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n}\n/**\n * Generate Credential Id key component as per the schema: --\n */\nfunction generateCredentialId(credentialEntity) {\n const clientOrFamilyId = credentialEntity.credentialType === CredentialType.REFRESH_TOKEN\n ? credentialEntity.familyId || credentialEntity.clientId\n : credentialEntity.clientId;\n const credentialId = [\n credentialEntity.credentialType,\n clientOrFamilyId,\n credentialEntity.realm || \"\",\n ];\n return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n}\n/**\n * Generate target key component as per schema: \n */\nfunction generateTarget(credentialEntity) {\n return (credentialEntity.target || \"\").toLowerCase();\n}\n/**\n * Generate requested claims key component as per schema: \n */\nfunction generateClaimsHash(credentialEntity) {\n return (credentialEntity.requestedClaimsHash || \"\").toLowerCase();\n}\n/**\n * Generate scheme key componenet as per schema: \n */\nfunction generateScheme(credentialEntity) {\n /*\n * PoP Tokens and SSH certs include scheme in cache key\n * Cast to lowercase to handle \"bearer\" from ADFS\n */\n return credentialEntity.tokenType &&\n credentialEntity.tokenType.toLowerCase() !==\n AuthenticationScheme.BEARER.toLowerCase()\n ? credentialEntity.tokenType.toLowerCase()\n : \"\";\n}\n/**\n * validates if a given cache entry is \"Telemetry\", parses \n * @param key\n * @param entity\n */\nfunction isServerTelemetryEntity(key, entity) {\n const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;\n let validateEntity = true;\n if (entity) {\n validateEntity =\n entity.hasOwnProperty(\"failedRequests\") &&\n entity.hasOwnProperty(\"errors\") &&\n entity.hasOwnProperty(\"cacheHits\");\n }\n return validateKey && validateEntity;\n}\n/**\n * validates if a given cache entry is \"Throttling\", parses \n * @param key\n * @param entity\n */\nfunction isThrottlingEntity(key, entity) {\n let validateKey = false;\n if (key) {\n validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;\n }\n let validateEntity = true;\n if (entity) {\n validateEntity = entity.hasOwnProperty(\"throttleTime\");\n }\n return validateKey && validateEntity;\n}\n/**\n * Generate AppMetadata Cache Key as per the schema: appmetadata--\n */\nfunction generateAppMetadataKey({ environment, clientId, }) {\n const appMetaDataKeyArray = [\n APP_METADATA,\n environment,\n clientId,\n ];\n return appMetaDataKeyArray\n .join(Separators.CACHE_KEY_SEPARATOR)\n .toLowerCase();\n}\n/*\n * Validates an entity: checks for all expected params\n * @param entity\n */\nfunction isAppMetadataEntity(key, entity) {\n if (!entity) {\n return false;\n }\n return (key.indexOf(APP_METADATA) === 0 &&\n entity.hasOwnProperty(\"clientId\") &&\n entity.hasOwnProperty(\"environment\"));\n}\n/**\n * Validates an entity: checks for all expected params\n * @param entity\n */\nfunction isAuthorityMetadataEntity(key, entity) {\n if (!entity) {\n return false;\n }\n return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&\n entity.hasOwnProperty(\"aliases\") &&\n entity.hasOwnProperty(\"preferred_cache\") &&\n entity.hasOwnProperty(\"preferred_network\") &&\n entity.hasOwnProperty(\"canonical_authority\") &&\n entity.hasOwnProperty(\"authorization_endpoint\") &&\n entity.hasOwnProperty(\"token_endpoint\") &&\n entity.hasOwnProperty(\"issuer\") &&\n entity.hasOwnProperty(\"aliasesFromNetwork\") &&\n entity.hasOwnProperty(\"endpointsFromNetwork\") &&\n entity.hasOwnProperty(\"expiresAt\") &&\n entity.hasOwnProperty(\"jwks_uri\"));\n}\n/**\n * Reset the exiresAt value\n */\nfunction generateAuthorityMetadataExpiresAt() {\n return (nowSeconds() +\n AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS);\n}\nfunction updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {\n authorityMetadata.authorization_endpoint =\n updatedValues.authorization_endpoint;\n authorityMetadata.token_endpoint = updatedValues.token_endpoint;\n authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;\n authorityMetadata.issuer = updatedValues.issuer;\n authorityMetadata.endpointsFromNetwork = fromNetwork;\n authorityMetadata.jwks_uri = updatedValues.jwks_uri;\n}\nfunction updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {\n authorityMetadata.aliases = updatedValues.aliases;\n authorityMetadata.preferred_cache = updatedValues.preferred_cache;\n authorityMetadata.preferred_network = updatedValues.preferred_network;\n authorityMetadata.aliasesFromNetwork = fromNetwork;\n}\n/**\n * Returns whether or not the data needs to be refreshed\n */\nfunction isAuthorityMetadataExpired(metadata) {\n return metadata.expiresAt <= nowSeconds();\n}\n\nexport { createAccessTokenEntity, createIdTokenEntity, createRefreshTokenEntity, generateAppMetadataKey, generateAuthorityMetadataExpiresAt, generateCredentialKey, isAccessTokenEntity, isAppMetadataEntity, isAuthorityMetadataEntity, isAuthorityMetadataExpired, isCredentialEntity, isIdTokenEntity, isRefreshTokenEntity, isServerTelemetryEntity, isThrottlingEntity, updateAuthorityEndpointMetadata, updateCloudDiscoveryMetadata };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Extract token by decoding the rawToken\n *\n * @param encodedToken\n */\nfunction extractTokenClaims(encodedToken, base64Decode) {\n const jswPayload = getJWSPayload(encodedToken);\n // token will be decoded to get the username\n try {\n // base64Decode() should throw an error if there is an issue\n const base64Decoded = base64Decode(jswPayload);\n return JSON.parse(base64Decoded);\n }\n catch (err) {\n throw createClientAuthError(tokenParsingError);\n }\n}\n/**\n * decode a JWT\n *\n * @param authToken\n */\nfunction getJWSPayload(authToken) {\n if (!authToken) {\n throw createClientAuthError(nullOrEmptyToken);\n }\n const tokenPartsRegex = /^([^\\.\\s]*)\\.([^\\.\\s]+)\\.([^\\.\\s]*)$/;\n const matches = tokenPartsRegex.exec(authToken);\n if (!matches || matches.length < 4) {\n throw createClientAuthError(tokenParsingError);\n }\n /**\n * const crackedToken = {\n * header: matches[1],\n * JWSPayload: matches[2],\n * JWSSig: matches[3],\n * };\n */\n return matches[2];\n}\n/**\n * Determine if the token's max_age has transpired\n */\nfunction checkMaxAge(authTime, maxAge) {\n /*\n * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest\n * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,\n * provide a value of 0 for the max_age parameter and the AS will force a fresh login.\n */\n const fiveMinuteSkew = 300000; // five minutes in milliseconds\n if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {\n throw createClientAuthError(maxAgeTranspired);\n }\n}\n\nexport { checkMaxAge, extractTokenClaims, getJWSPayload };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { AuthorityType } from './AuthorityType.mjs';\nimport { isOpenIdConfigResponse } from './OpenIdConfigResponse.mjs';\nimport { UrlString } from '../url/UrlString.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { Constants, AuthorityMetadataSource, RegionDiscoveryOutcomes, AADAuthorityConstants } from '../utils/Constants.mjs';\nimport { EndpointMetadata, getCloudDiscoveryMetadataFromHardcodedValues, getCloudDiscoveryMetadataFromNetworkResponse, InstanceDiscoveryMetadataAliases } from './AuthorityMetadata.mjs';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { ProtocolMode } from './ProtocolMode.mjs';\nimport { AzureCloudInstance } from './AuthorityOptions.mjs';\nimport { isCloudInstanceDiscoveryResponse } from './CloudInstanceDiscoveryResponse.mjs';\nimport { isCloudInstanceDiscoveryErrorResponse } from './CloudInstanceDiscoveryErrorResponse.mjs';\nimport { RegionDiscovery } from './RegionDiscovery.mjs';\nimport { AuthError } from '../error/AuthError.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { invokeAsync } from '../utils/FunctionWrappers.mjs';\nimport { generateAuthorityMetadataExpiresAt, updateAuthorityEndpointMetadata, isAuthorityMetadataExpired, updateCloudDiscoveryMetadata } from '../cache/utils/CacheHelpers.mjs';\nimport { endpointResolutionError, endSessionEndpointNotSupported, openIdConfigError } from '../error/ClientAuthErrorCodes.mjs';\nimport { invalidAuthorityMetadata, untrustedAuthority, invalidCloudDiscoveryMetadata } from '../error/ClientConfigurationErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the\n * endpoint. It will store the pertinent config data in this object for use during token calls.\n * @internal\n */\nclass Authority {\n constructor(authority, networkInterface, cacheManager, authorityOptions, logger, correlationId, performanceClient) {\n this.canonicalAuthority = authority;\n this._canonicalAuthority.validateAsUri();\n this.networkInterface = networkInterface;\n this.cacheManager = cacheManager;\n this.authorityOptions = authorityOptions;\n this.regionDiscoveryMetadata = {\n region_used: undefined,\n region_source: undefined,\n region_outcome: undefined,\n };\n this.logger = logger;\n this.performanceClient = performanceClient;\n this.correlationId = correlationId;\n this.regionDiscovery = new RegionDiscovery(networkInterface, this.logger, this.performanceClient, this.correlationId);\n }\n /**\n * Get {@link AuthorityType}\n * @param authorityUri {@link IUri}\n * @private\n */\n getAuthorityType(authorityUri) {\n // CIAM auth url pattern is being standardized as: .ciamlogin.com\n if (authorityUri.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) {\n return AuthorityType.Ciam;\n }\n const pathSegments = authorityUri.PathSegments;\n if (pathSegments.length) {\n switch (pathSegments[0].toLowerCase()) {\n case Constants.ADFS:\n return AuthorityType.Adfs;\n case Constants.DSTS:\n return AuthorityType.Dsts;\n }\n }\n return AuthorityType.Default;\n }\n // See above for AuthorityType\n get authorityType() {\n return this.getAuthorityType(this.canonicalAuthorityUrlComponents);\n }\n /**\n * ProtocolMode enum representing the way endpoints are constructed.\n */\n get protocolMode() {\n return this.authorityOptions.protocolMode;\n }\n /**\n * Returns authorityOptions which can be used to reinstantiate a new authority instance\n */\n get options() {\n return this.authorityOptions;\n }\n /**\n * A URL that is the authority set by the developer\n */\n get canonicalAuthority() {\n return this._canonicalAuthority.urlString;\n }\n /**\n * Sets canonical authority.\n */\n set canonicalAuthority(url) {\n this._canonicalAuthority = new UrlString(url);\n this._canonicalAuthority.validateAsUri();\n this._canonicalAuthorityUrlComponents = null;\n }\n /**\n * Get authority components.\n */\n get canonicalAuthorityUrlComponents() {\n if (!this._canonicalAuthorityUrlComponents) {\n this._canonicalAuthorityUrlComponents =\n this._canonicalAuthority.getUrlComponents();\n }\n return this._canonicalAuthorityUrlComponents;\n }\n /**\n * Get hostname and port i.e. login.microsoftonline.com\n */\n get hostnameAndPort() {\n return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase();\n }\n /**\n * Get tenant for authority.\n */\n get tenant() {\n return this.canonicalAuthorityUrlComponents.PathSegments[0];\n }\n /**\n * OAuth /authorize endpoint for requests\n */\n get authorizationEndpoint() {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.authorization_endpoint);\n }\n else {\n throw createClientAuthError(endpointResolutionError);\n }\n }\n /**\n * OAuth /token endpoint for requests\n */\n get tokenEndpoint() {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.token_endpoint);\n }\n else {\n throw createClientAuthError(endpointResolutionError);\n }\n }\n get deviceCodeEndpoint() {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.token_endpoint.replace(\"/token\", \"/devicecode\"));\n }\n else {\n throw createClientAuthError(endpointResolutionError);\n }\n }\n /**\n * OAuth logout endpoint for requests\n */\n get endSessionEndpoint() {\n if (this.discoveryComplete()) {\n // ROPC policies may not have end_session_endpoint set\n if (!this.metadata.end_session_endpoint) {\n throw createClientAuthError(endSessionEndpointNotSupported);\n }\n return this.replacePath(this.metadata.end_session_endpoint);\n }\n else {\n throw createClientAuthError(endpointResolutionError);\n }\n }\n /**\n * OAuth issuer for requests\n */\n get selfSignedJwtAudience() {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.issuer);\n }\n else {\n throw createClientAuthError(endpointResolutionError);\n }\n }\n /**\n * Jwks_uri for token signing keys\n */\n get jwksUri() {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.jwks_uri);\n }\n else {\n throw createClientAuthError(endpointResolutionError);\n }\n }\n /**\n * Returns a flag indicating that tenant name can be replaced in authority {@link IUri}\n * @param authorityUri {@link IUri}\n * @private\n */\n canReplaceTenant(authorityUri) {\n return (authorityUri.PathSegments.length === 1 &&\n !Authority.reservedTenantDomains.has(authorityUri.PathSegments[0]) &&\n this.getAuthorityType(authorityUri) === AuthorityType.Default &&\n this.protocolMode === ProtocolMode.AAD);\n }\n /**\n * Replaces tenant in url path with current tenant. Defaults to common.\n * @param urlString\n */\n replaceTenant(urlString) {\n return urlString.replace(/{tenant}|{tenantid}/g, this.tenant);\n }\n /**\n * Replaces path such as tenant or policy with the current tenant or policy.\n * @param urlString\n */\n replacePath(urlString) {\n let endpoint = urlString;\n const cachedAuthorityUrl = new UrlString(this.metadata.canonical_authority);\n const cachedAuthorityUrlComponents = cachedAuthorityUrl.getUrlComponents();\n const cachedAuthorityParts = cachedAuthorityUrlComponents.PathSegments;\n const currentAuthorityParts = this.canonicalAuthorityUrlComponents.PathSegments;\n currentAuthorityParts.forEach((currentPart, index) => {\n let cachedPart = cachedAuthorityParts[index];\n if (index === 0 &&\n this.canReplaceTenant(cachedAuthorityUrlComponents)) {\n const tenantId = new UrlString(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];\n /**\n * Check if AAD canonical authority contains tenant domain name, for example \"testdomain.onmicrosoft.com\",\n * by comparing its first path segment to the corresponding authorization endpoint path segment, which is\n * always resolved with tenant id by OIDC.\n */\n if (cachedPart !== tenantId) {\n this.logger.verbose(`Replacing tenant domain name ${cachedPart} with id ${tenantId}`);\n cachedPart = tenantId;\n }\n }\n if (currentPart !== cachedPart) {\n endpoint = endpoint.replace(`/${cachedPart}/`, `/${currentPart}/`);\n }\n });\n return this.replaceTenant(endpoint);\n }\n /**\n * The default open id configuration endpoint for any canonical authority.\n */\n get defaultOpenIdConfigurationEndpoint() {\n const canonicalAuthorityHost = this.hostnameAndPort;\n if (this.canonicalAuthority.endsWith(\"v2.0/\") ||\n this.authorityType === AuthorityType.Adfs ||\n (this.protocolMode !== ProtocolMode.AAD &&\n !this.isAliasOfKnownMicrosoftAuthority(canonicalAuthorityHost))) {\n return `${this.canonicalAuthority}.well-known/openid-configuration`;\n }\n return `${this.canonicalAuthority}v2.0/.well-known/openid-configuration`;\n }\n /**\n * Boolean that returns whethr or not tenant discovery has been completed.\n */\n discoveryComplete() {\n return !!this.metadata;\n }\n /**\n * Perform endpoint discovery to discover aliases, preferred_cache, preferred_network\n * and the /authorize, /token and logout endpoints.\n */\n async resolveEndpointsAsync() {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityResolveEndpointsAsync, this.correlationId);\n const metadataEntity = this.getCurrentMetadataEntity();\n const cloudDiscoverySource = await invokeAsync(this.updateCloudDiscoveryMetadata.bind(this), PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity);\n this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, metadataEntity.preferred_network);\n const endpointSource = await invokeAsync(this.updateEndpointMetadata.bind(this), PerformanceEvents.AuthorityUpdateEndpointMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity);\n this.updateCachedMetadata(metadataEntity, cloudDiscoverySource, {\n source: endpointSource,\n });\n this.performanceClient?.addFields({\n cloudDiscoverySource: cloudDiscoverySource,\n authorityEndpointSource: endpointSource,\n }, this.correlationId);\n }\n /**\n * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built\n * from the configured canonical authority\n * @returns\n */\n getCurrentMetadataEntity() {\n let metadataEntity = this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);\n if (!metadataEntity) {\n metadataEntity = {\n aliases: [],\n preferred_cache: this.hostnameAndPort,\n preferred_network: this.hostnameAndPort,\n canonical_authority: this.canonicalAuthority,\n authorization_endpoint: \"\",\n token_endpoint: \"\",\n end_session_endpoint: \"\",\n issuer: \"\",\n aliasesFromNetwork: false,\n endpointsFromNetwork: false,\n expiresAt: generateAuthorityMetadataExpiresAt(),\n jwks_uri: \"\",\n };\n }\n return metadataEntity;\n }\n /**\n * Updates cached metadata based on metadata source and sets the instance's metadata\n * property to the same value\n * @param metadataEntity\n * @param cloudDiscoverySource\n * @param endpointMetadataResult\n */\n updateCachedMetadata(metadataEntity, cloudDiscoverySource, endpointMetadataResult) {\n if (cloudDiscoverySource !== AuthorityMetadataSource.CACHE &&\n endpointMetadataResult?.source !== AuthorityMetadataSource.CACHE) {\n // Reset the expiration time unless both values came from a successful cache lookup\n metadataEntity.expiresAt =\n generateAuthorityMetadataExpiresAt();\n metadataEntity.canonical_authority = this.canonicalAuthority;\n }\n const cacheKey = this.cacheManager.generateAuthorityMetadataCacheKey(metadataEntity.preferred_cache);\n this.cacheManager.setAuthorityMetadata(cacheKey, metadataEntity);\n this.metadata = metadataEntity;\n }\n /**\n * Update AuthorityMetadataEntity with new endpoints and return where the information came from\n * @param metadataEntity\n */\n async updateEndpointMetadata(metadataEntity) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateEndpointMetadata, this.correlationId);\n const localMetadata = this.updateEndpointMetadataFromLocalSources(metadataEntity);\n // Further update may be required for hardcoded metadata if regional metadata is preferred\n if (localMetadata) {\n if (localMetadata.source ===\n AuthorityMetadataSource.HARDCODED_VALUES) {\n // If the user prefers to use an azure region replace the global endpoints with regional information.\n if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {\n if (localMetadata.metadata) {\n const hardcodedMetadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(localMetadata.metadata);\n updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false);\n metadataEntity.canonical_authority =\n this.canonicalAuthority;\n }\n }\n }\n return localMetadata.source;\n }\n // Get metadata from network if local sources aren't available\n let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();\n if (metadata) {\n // If the user prefers to use an azure region replace the global endpoints with regional information.\n if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {\n metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);\n }\n updateAuthorityEndpointMetadata(metadataEntity, metadata, true);\n return AuthorityMetadataSource.NETWORK;\n }\n else {\n // Metadata could not be obtained from the config, cache, network or hardcoded values\n throw createClientAuthError(openIdConfigError, this.defaultOpenIdConfigurationEndpoint);\n }\n }\n /**\n * Updates endpoint metadata from local sources and returns where the information was retrieved from and the metadata config\n * response if the source is hardcoded metadata\n * @param metadataEntity\n * @returns\n */\n updateEndpointMetadataFromLocalSources(metadataEntity) {\n this.logger.verbose(\"Attempting to get endpoint metadata from authority configuration\");\n const configMetadata = this.getEndpointMetadataFromConfig();\n if (configMetadata) {\n this.logger.verbose(\"Found endpoint metadata in authority configuration\");\n updateAuthorityEndpointMetadata(metadataEntity, configMetadata, false);\n return {\n source: AuthorityMetadataSource.CONFIG,\n };\n }\n this.logger.verbose(\"Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.\");\n // skipAuthorityMetadataCache is used to bypass hardcoded authority metadata and force a network metadata cache lookup and network metadata request if no cached response is available.\n if (this.authorityOptions.skipAuthorityMetadataCache) {\n this.logger.verbose(\"Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.\");\n }\n else {\n const hardcodedMetadata = this.getEndpointMetadataFromHardcodedValues();\n if (hardcodedMetadata) {\n updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false);\n return {\n source: AuthorityMetadataSource.HARDCODED_VALUES,\n metadata: hardcodedMetadata,\n };\n }\n else {\n this.logger.verbose(\"Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.\");\n }\n }\n // Check cached metadata entity expiration status\n const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity);\n if (this.isAuthoritySameType(metadataEntity) &&\n metadataEntity.endpointsFromNetwork &&\n !metadataEntityExpired) {\n // No need to update\n this.logger.verbose(\"Found endpoint metadata in the cache.\");\n return { source: AuthorityMetadataSource.CACHE };\n }\n else if (metadataEntityExpired) {\n this.logger.verbose(\"The metadata entity is expired.\");\n }\n return null;\n }\n /**\n * Compares the number of url components after the domain to determine if the cached\n * authority metadata can be used for the requested authority. Protects against same domain different\n * authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy\n * @param metadataEntity\n */\n isAuthoritySameType(metadataEntity) {\n const cachedAuthorityUrl = new UrlString(metadataEntity.canonical_authority);\n const cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments;\n return (cachedParts.length ===\n this.canonicalAuthorityUrlComponents.PathSegments.length);\n }\n /**\n * Parse authorityMetadata config option\n */\n getEndpointMetadataFromConfig() {\n if (this.authorityOptions.authorityMetadata) {\n try {\n return JSON.parse(this.authorityOptions.authorityMetadata);\n }\n catch (e) {\n throw createClientConfigurationError(invalidAuthorityMetadata);\n }\n }\n return null;\n }\n /**\n * Gets OAuth endpoints from the given OpenID configuration endpoint.\n *\n * @param hasHardcodedMetadata boolean\n */\n async getEndpointMetadataFromNetwork() {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.correlationId);\n const options = {};\n /*\n * TODO: Add a timeout if the authority exists in our library's\n * hardcoded list of metadata\n */\n const openIdConfigurationEndpoint = this.defaultOpenIdConfigurationEndpoint;\n this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${openIdConfigurationEndpoint}`);\n try {\n const response = await this.networkInterface.sendGetRequestAsync(openIdConfigurationEndpoint, options);\n const isValidResponse = isOpenIdConfigResponse(response.body);\n if (isValidResponse) {\n return response.body;\n }\n else {\n this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration`);\n return null;\n }\n }\n catch (e) {\n this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${e}`);\n return null;\n }\n }\n /**\n * Get OAuth endpoints for common authorities.\n */\n getEndpointMetadataFromHardcodedValues() {\n if (this.hostnameAndPort in EndpointMetadata) {\n return EndpointMetadata[this.hostnameAndPort];\n }\n return null;\n }\n /**\n * Update the retrieved metadata with regional information.\n * User selected Azure region will be used if configured.\n */\n async updateMetadataWithRegionalInformation(metadata) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.correlationId);\n const userConfiguredAzureRegion = this.authorityOptions.azureRegionConfiguration?.azureRegion;\n if (userConfiguredAzureRegion) {\n if (userConfiguredAzureRegion !==\n Constants.AZURE_REGION_AUTO_DISCOVER_FLAG) {\n this.regionDiscoveryMetadata.region_outcome =\n RegionDiscoveryOutcomes.CONFIGURED_NO_AUTO_DETECTION;\n this.regionDiscoveryMetadata.region_used =\n userConfiguredAzureRegion;\n return Authority.replaceWithRegionalInformation(metadata, userConfiguredAzureRegion);\n }\n const autodetectedRegionName = await invokeAsync(this.regionDiscovery.detectRegion.bind(this.regionDiscovery), PerformanceEvents.RegionDiscoveryDetectRegion, this.logger, this.performanceClient, this.correlationId)(this.authorityOptions.azureRegionConfiguration\n ?.environmentRegion, this.regionDiscoveryMetadata);\n if (autodetectedRegionName) {\n this.regionDiscoveryMetadata.region_outcome =\n RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_SUCCESSFUL;\n this.regionDiscoveryMetadata.region_used =\n autodetectedRegionName;\n return Authority.replaceWithRegionalInformation(metadata, autodetectedRegionName);\n }\n this.regionDiscoveryMetadata.region_outcome =\n RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_FAILED;\n }\n return metadata;\n }\n /**\n * Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache\n * and returns where the information was retrieved from\n * @param metadataEntity\n * @returns AuthorityMetadataSource\n */\n async updateCloudDiscoveryMetadata(metadataEntity) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.correlationId);\n const localMetadataSource = this.updateCloudDiscoveryMetadataFromLocalSources(metadataEntity);\n if (localMetadataSource) {\n return localMetadataSource;\n }\n // Fallback to network as metadata source\n const metadata = await invokeAsync(this.getCloudDiscoveryMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();\n if (metadata) {\n updateCloudDiscoveryMetadata(metadataEntity, metadata, true);\n return AuthorityMetadataSource.NETWORK;\n }\n // Metadata could not be obtained from the config, cache, network or hardcoded values\n throw createClientConfigurationError(untrustedAuthority);\n }\n updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {\n this.logger.verbose(\"Attempting to get cloud discovery metadata from authority configuration\");\n this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities ||\n Constants.NOT_APPLICABLE}`);\n this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata ||\n Constants.NOT_APPLICABLE}`);\n this.logger.verbosePii(`Canonical Authority: ${metadataEntity.canonical_authority || Constants.NOT_APPLICABLE}`);\n const metadata = this.getCloudDiscoveryMetadataFromConfig();\n if (metadata) {\n this.logger.verbose(\"Found cloud discovery metadata in authority configuration\");\n updateCloudDiscoveryMetadata(metadataEntity, metadata, false);\n return AuthorityMetadataSource.CONFIG;\n }\n // If the cached metadata came from config but that config was not passed to this instance, we must go to hardcoded values\n this.logger.verbose(\"Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.\");\n if (this.options.skipAuthorityMetadataCache) {\n this.logger.verbose(\"Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.\");\n }\n else {\n const hardcodedMetadata = getCloudDiscoveryMetadataFromHardcodedValues(this.hostnameAndPort);\n if (hardcodedMetadata) {\n this.logger.verbose(\"Found cloud discovery metadata from hardcoded values.\");\n updateCloudDiscoveryMetadata(metadataEntity, hardcodedMetadata, false);\n return AuthorityMetadataSource.HARDCODED_VALUES;\n }\n this.logger.verbose(\"Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.\");\n }\n const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity);\n if (this.isAuthoritySameType(metadataEntity) &&\n metadataEntity.aliasesFromNetwork &&\n !metadataEntityExpired) {\n this.logger.verbose(\"Found cloud discovery metadata in the cache.\");\n // No need to update\n return AuthorityMetadataSource.CACHE;\n }\n else if (metadataEntityExpired) {\n this.logger.verbose(\"The metadata entity is expired.\");\n }\n return null;\n }\n /**\n * Parse cloudDiscoveryMetadata config or check knownAuthorities\n */\n getCloudDiscoveryMetadataFromConfig() {\n // CIAM does not support cloud discovery metadata\n if (this.authorityType === AuthorityType.Ciam) {\n this.logger.verbose(\"CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host.\");\n return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);\n }\n // Check if network response was provided in config\n if (this.authorityOptions.cloudDiscoveryMetadata) {\n this.logger.verbose(\"The cloud discovery metadata has been provided as a network response, in the config.\");\n try {\n this.logger.verbose(\"Attempting to parse the cloud discovery metadata.\");\n const parsedResponse = JSON.parse(this.authorityOptions.cloudDiscoveryMetadata);\n const metadata = getCloudDiscoveryMetadataFromNetworkResponse(parsedResponse.metadata, this.hostnameAndPort);\n this.logger.verbose(\"Parsed the cloud discovery metadata.\");\n if (metadata) {\n this.logger.verbose(\"There is returnable metadata attached to the parsed cloud discovery metadata.\");\n return metadata;\n }\n else {\n this.logger.verbose(\"There is no metadata attached to the parsed cloud discovery metadata.\");\n }\n }\n catch (e) {\n this.logger.verbose(\"Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error.\");\n throw createClientConfigurationError(invalidCloudDiscoveryMetadata);\n }\n }\n // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities\n if (this.isInKnownAuthorities()) {\n this.logger.verbose(\"The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.\");\n return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);\n }\n return null;\n }\n /**\n * Called to get metadata from network if CloudDiscoveryMetadata was not populated by config\n *\n * @param hasHardcodedMetadata boolean\n */\n async getCloudDiscoveryMetadataFromNetwork() {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.correlationId);\n const instanceDiscoveryEndpoint = `${Constants.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`;\n const options = {};\n /*\n * TODO: Add a timeout if the authority exists in our library's\n * hardcoded list of metadata\n */\n let match = null;\n try {\n const response = await this.networkInterface.sendGetRequestAsync(instanceDiscoveryEndpoint, options);\n let typedResponseBody;\n let metadata;\n if (isCloudInstanceDiscoveryResponse(response.body)) {\n typedResponseBody =\n response.body;\n metadata = typedResponseBody.metadata;\n this.logger.verbosePii(`tenant_discovery_endpoint is: ${typedResponseBody.tenant_discovery_endpoint}`);\n }\n else if (isCloudInstanceDiscoveryErrorResponse(response.body)) {\n this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${response.status}`);\n typedResponseBody =\n response.body;\n if (typedResponseBody.error === Constants.INVALID_INSTANCE) {\n this.logger.error(\"The CloudInstanceDiscoveryErrorResponse error is invalid_instance.\");\n return null;\n }\n this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${typedResponseBody.error}`);\n this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${typedResponseBody.error_description}`);\n this.logger.warning(\"Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []\");\n metadata = [];\n }\n else {\n this.logger.error(\"AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse\");\n return null;\n }\n this.logger.verbose(\"Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request.\");\n match = getCloudDiscoveryMetadataFromNetworkResponse(metadata, this.hostnameAndPort);\n }\n catch (error) {\n if (error instanceof AuthError) {\n this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.\\nError: ${error.errorCode}\\nError Description: ${error.errorMessage}`);\n }\n else {\n const typedError = error;\n this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\\nError: ${typedError.name}\\nError Description: ${typedError.message}`);\n }\n return null;\n }\n // Custom Domain scenario, host is trusted because Instance Discovery call succeeded\n if (!match) {\n this.logger.warning(\"The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request.\");\n this.logger.verbose(\"Creating custom Authority for custom domain scenario.\");\n match = Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);\n }\n return match;\n }\n /**\n * Helper function to determine if this host is included in the knownAuthorities config option\n */\n isInKnownAuthorities() {\n const matches = this.authorityOptions.knownAuthorities.filter((authority) => {\n return (authority &&\n UrlString.getDomainFromUrl(authority).toLowerCase() ===\n this.hostnameAndPort);\n });\n return matches.length > 0;\n }\n /**\n * helper function to populate the authority based on azureCloudOptions\n * @param authorityString\n * @param azureCloudOptions\n */\n static generateAuthority(authorityString, azureCloudOptions) {\n let authorityAzureCloudInstance;\n if (azureCloudOptions &&\n azureCloudOptions.azureCloudInstance !== AzureCloudInstance.None) {\n const tenant = azureCloudOptions.tenant\n ? azureCloudOptions.tenant\n : Constants.DEFAULT_COMMON_TENANT;\n authorityAzureCloudInstance = `${azureCloudOptions.azureCloudInstance}/${tenant}/`;\n }\n return authorityAzureCloudInstance\n ? authorityAzureCloudInstance\n : authorityString;\n }\n /**\n * Creates cloud discovery metadata object from a given host\n * @param host\n */\n static createCloudDiscoveryMetadataFromHost(host) {\n return {\n preferred_network: host,\n preferred_cache: host,\n aliases: [host],\n };\n }\n /**\n * helper function to generate environment from authority object\n */\n getPreferredCache() {\n if (this.discoveryComplete()) {\n return this.metadata.preferred_cache;\n }\n else {\n throw createClientAuthError(endpointResolutionError);\n }\n }\n /**\n * Returns whether or not the provided host is an alias of this authority instance\n * @param host\n */\n isAlias(host) {\n return this.metadata.aliases.indexOf(host) > -1;\n }\n /**\n * Returns whether or not the provided host is an alias of a known Microsoft authority for purposes of endpoint discovery\n * @param host\n */\n isAliasOfKnownMicrosoftAuthority(host) {\n return InstanceDiscoveryMetadataAliases.has(host);\n }\n /**\n * Checks whether the provided host is that of a public cloud authority\n *\n * @param authority string\n * @returns bool\n */\n static isPublicCloudAuthority(host) {\n return Constants.KNOWN_PUBLIC_CLOUDS.indexOf(host) >= 0;\n }\n /**\n * Rebuild the authority string with the region\n *\n * @param host string\n * @param region string\n */\n static buildRegionalAuthorityString(host, region, queryString) {\n // Create and validate a Url string object with the initial authority string\n const authorityUrlInstance = new UrlString(host);\n authorityUrlInstance.validateAsUri();\n const authorityUrlParts = authorityUrlInstance.getUrlComponents();\n let hostNameAndPort = `${region}.${authorityUrlParts.HostNameAndPort}`;\n if (this.isPublicCloudAuthority(authorityUrlParts.HostNameAndPort)) {\n hostNameAndPort = `${region}.${Constants.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`;\n }\n // Include the query string portion of the url\n const url = UrlString.constructAuthorityUriFromObject({\n ...authorityUrlInstance.getUrlComponents(),\n HostNameAndPort: hostNameAndPort,\n }).urlString;\n // Add the query string if a query string was provided\n if (queryString)\n return `${url}?${queryString}`;\n return url;\n }\n /**\n * Replace the endpoints in the metadata object with their regional equivalents.\n *\n * @param metadata OpenIdConfigResponse\n * @param azureRegion string\n */\n static replaceWithRegionalInformation(metadata, azureRegion) {\n const regionalMetadata = { ...metadata };\n regionalMetadata.authorization_endpoint =\n Authority.buildRegionalAuthorityString(regionalMetadata.authorization_endpoint, azureRegion);\n regionalMetadata.token_endpoint =\n Authority.buildRegionalAuthorityString(regionalMetadata.token_endpoint, azureRegion);\n if (regionalMetadata.end_session_endpoint) {\n regionalMetadata.end_session_endpoint =\n Authority.buildRegionalAuthorityString(regionalMetadata.end_session_endpoint, azureRegion);\n }\n return regionalMetadata;\n }\n /**\n * Transform CIAM_AUTHORIY as per the below rules:\n * If no path segments found and it is a CIAM authority (hostname ends with .ciamlogin.com), then transform it\n *\n * NOTE: The transformation path should go away once STS supports CIAM with the format: `tenantIdorDomain.ciamlogin.com`\n * `ciamlogin.com` can also change in the future and we should accommodate the same\n *\n * @param authority\n */\n static transformCIAMAuthority(authority) {\n let ciamAuthority = authority;\n const authorityUrl = new UrlString(authority);\n const authorityUrlComponents = authorityUrl.getUrlComponents();\n // check if transformation is needed\n if (authorityUrlComponents.PathSegments.length === 0 &&\n authorityUrlComponents.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) {\n const tenantIdOrDomain = authorityUrlComponents.HostNameAndPort.split(\".\")[0];\n ciamAuthority = `${ciamAuthority}${tenantIdOrDomain}${Constants.AAD_TENANT_DOMAIN_SUFFIX}`;\n }\n return ciamAuthority;\n }\n}\n// Reserved tenant domain names that will not be replaced with tenant id\nAuthority.reservedTenantDomains = new Set([\n \"{tenant}\",\n \"{tenantid}\",\n AADAuthorityConstants.COMMON,\n AADAuthorityConstants.CONSUMERS,\n AADAuthorityConstants.ORGANIZATIONS,\n]);\n/**\n * Extract tenantId from authority\n */\nfunction getTenantFromAuthorityString(authority) {\n const authorityUrl = new UrlString(authority);\n const authorityUrlComponents = authorityUrl.getUrlComponents();\n /**\n * For credential matching purposes, tenantId is the last path segment of the authority URL:\n * AAD Authority - domain/tenantId -> Credentials are cached with realm = tenantId\n * B2C Authority - domain/{tenantId}?/.../policy -> Credentials are cached with realm = policy\n * tenantId is downcased because B2C policies can have mixed case but tfp claim is downcased\n *\n * Note that we may not have any path segments in certain OIDC scenarios.\n */\n const tenantId = authorityUrlComponents.PathSegments.slice(-1)[0]?.toLowerCase();\n switch (tenantId) {\n case AADAuthorityConstants.COMMON:\n case AADAuthorityConstants.ORGANIZATIONS:\n case AADAuthorityConstants.CONSUMERS:\n return undefined;\n default:\n return tenantId;\n }\n}\nfunction formatAuthorityUri(authorityUri) {\n return authorityUri.endsWith(Constants.FORWARD_SLASH)\n ? authorityUri\n : `${authorityUri}${Constants.FORWARD_SLASH}`;\n}\nfunction buildStaticAuthorityOptions(authOptions) {\n const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata;\n let cloudDiscoveryMetadata = undefined;\n if (rawCloudDiscoveryMetadata) {\n try {\n cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata);\n }\n catch (e) {\n throw createClientConfigurationError(invalidCloudDiscoveryMetadata);\n }\n }\n return {\n canonicalAuthority: authOptions.authority\n ? formatAuthorityUri(authOptions.authority)\n : undefined,\n knownAuthorities: authOptions.knownAuthorities,\n cloudDiscoveryMetadata: cloudDiscoveryMetadata,\n };\n}\n\nexport { Authority, buildStaticAuthorityOptions, formatAuthorityUri, getTenantFromAuthorityString };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n// Codes defined by MSAL\nconst noTokensFound = \"no_tokens_found\";\nconst nativeAccountUnavailable = \"native_account_unavailable\";\nconst refreshTokenExpired = \"refresh_token_expired\";\n// Codes potentially returned by server\nconst interactionRequired = \"interaction_required\";\nconst consentRequired = \"consent_required\";\nconst loginRequired = \"login_required\";\nconst badToken = \"bad_token\";\n\nexport { badToken, consentRequired, interactionRequired, loginRequired, nativeAccountUnavailable, noTokensFound, refreshTokenExpired };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Constants } from '../utils/Constants.mjs';\nimport { AuthError } from './AuthError.mjs';\nimport { noTokensFound, nativeAccountUnavailable, badToken, refreshTokenExpired, interactionRequired, consentRequired, loginRequired } from './InteractionRequiredAuthErrorCodes.mjs';\nimport * as InteractionRequiredAuthErrorCodes from './InteractionRequiredAuthErrorCodes.mjs';\nexport { InteractionRequiredAuthErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required\n */\nconst InteractionRequiredServerErrorMessage = [\n interactionRequired,\n consentRequired,\n loginRequired,\n badToken,\n];\nconst InteractionRequiredAuthSubErrorMessage = [\n \"message_only\",\n \"additional_action\",\n \"basic_action\",\n \"user_password_expired\",\n \"consent_required\",\n \"bad_token\",\n];\nconst InteractionRequiredAuthErrorMessages = {\n [noTokensFound]: \"No refresh token found in the cache. Please sign-in.\",\n [nativeAccountUnavailable]: \"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.\",\n [refreshTokenExpired]: \"Refresh token has expired.\",\n [badToken]: \"Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.\",\n};\n/**\n * Interaction required errors defined by the SDK\n * @deprecated Use InteractionRequiredAuthErrorCodes instead\n */\nconst InteractionRequiredAuthErrorMessage = {\n noTokensFoundError: {\n code: noTokensFound,\n desc: InteractionRequiredAuthErrorMessages[noTokensFound],\n },\n native_account_unavailable: {\n code: nativeAccountUnavailable,\n desc: InteractionRequiredAuthErrorMessages[nativeAccountUnavailable],\n },\n bad_token: {\n code: badToken,\n desc: InteractionRequiredAuthErrorMessages[badToken],\n },\n};\n/**\n * Error thrown when user interaction is required.\n */\nclass InteractionRequiredAuthError extends AuthError {\n constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims) {\n super(errorCode, errorMessage, subError);\n Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);\n this.timestamp = timestamp || Constants.EMPTY_STRING;\n this.traceId = traceId || Constants.EMPTY_STRING;\n this.correlationId = correlationId || Constants.EMPTY_STRING;\n this.claims = claims || Constants.EMPTY_STRING;\n this.name = \"InteractionRequiredAuthError\";\n }\n}\n/**\n * Helper function used to determine if an error thrown by the server requires interaction to resolve\n * @param errorCode\n * @param errorString\n * @param subError\n */\nfunction isInteractionRequiredError(errorCode, errorString, subError) {\n const isInteractionRequiredErrorCode = !!errorCode &&\n InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;\n const isInteractionRequiredSubError = !!subError &&\n InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;\n const isInteractionRequiredErrorDesc = !!errorString &&\n InteractionRequiredServerErrorMessage.some((irErrorCode) => {\n return errorString.indexOf(irErrorCode) > -1;\n });\n return (isInteractionRequiredErrorCode ||\n isInteractionRequiredErrorDesc ||\n isInteractionRequiredSubError);\n}\n/**\n * Creates an InteractionRequiredAuthError\n */\nfunction createInteractionRequiredAuthError(errorCode) {\n return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);\n}\n\nexport { InteractionRequiredAuthError, InteractionRequiredAuthErrorMessage, InteractionRequiredAuthSubErrorMessage, InteractionRequiredServerErrorMessage, createInteractionRequiredAuthError, isInteractionRequiredError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Constants } from '../utils/Constants.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Log message level.\n */\nvar LogLevel;\n(function (LogLevel) {\n LogLevel[LogLevel[\"Error\"] = 0] = \"Error\";\n LogLevel[LogLevel[\"Warning\"] = 1] = \"Warning\";\n LogLevel[LogLevel[\"Info\"] = 2] = \"Info\";\n LogLevel[LogLevel[\"Verbose\"] = 3] = \"Verbose\";\n LogLevel[LogLevel[\"Trace\"] = 4] = \"Trace\";\n})(LogLevel || (LogLevel = {}));\n/**\n * Class which facilitates logging of messages to a specific place.\n */\nclass Logger {\n constructor(loggerOptions, packageName, packageVersion) {\n // Current log level, defaults to info.\n this.level = LogLevel.Info;\n const defaultLoggerCallback = () => {\n return;\n };\n const setLoggerOptions = loggerOptions || Logger.createDefaultLoggerOptions();\n this.localCallback =\n setLoggerOptions.loggerCallback || defaultLoggerCallback;\n this.piiLoggingEnabled = setLoggerOptions.piiLoggingEnabled || false;\n this.level =\n typeof setLoggerOptions.logLevel === \"number\"\n ? setLoggerOptions.logLevel\n : LogLevel.Info;\n this.correlationId =\n setLoggerOptions.correlationId || Constants.EMPTY_STRING;\n this.packageName = packageName || Constants.EMPTY_STRING;\n this.packageVersion = packageVersion || Constants.EMPTY_STRING;\n }\n static createDefaultLoggerOptions() {\n return {\n loggerCallback: () => {\n // allow users to not set loggerCallback\n },\n piiLoggingEnabled: false,\n logLevel: LogLevel.Info,\n };\n }\n /**\n * Create new Logger with existing configurations.\n */\n clone(packageName, packageVersion, correlationId) {\n return new Logger({\n loggerCallback: this.localCallback,\n piiLoggingEnabled: this.piiLoggingEnabled,\n logLevel: this.level,\n correlationId: correlationId || this.correlationId,\n }, packageName, packageVersion);\n }\n /**\n * Log message with required options.\n */\n logMessage(logMessage, options) {\n if (options.logLevel > this.level ||\n (!this.piiLoggingEnabled && options.containsPii)) {\n return;\n }\n const timestamp = new Date().toUTCString();\n // Add correlationId to logs if set, correlationId provided on log messages take precedence\n const logHeader = `[${timestamp}] : [${options.correlationId || this.correlationId || \"\"}]`;\n const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`;\n // debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? \"-Pii\": Constants.EMPTY_STRING}${options.context ? `:${options.context}` : Constants.EMPTY_STRING}`)(logMessage);\n this.executeCallback(options.logLevel, log, options.containsPii || false);\n }\n /**\n * Execute callback with message.\n */\n executeCallback(level, message, containsPii) {\n if (this.localCallback) {\n this.localCallback(level, message, containsPii);\n }\n }\n /**\n * Logs error messages.\n */\n error(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Error,\n containsPii: false,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs error messages with PII.\n */\n errorPii(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Error,\n containsPii: true,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs warning messages.\n */\n warning(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Warning,\n containsPii: false,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs warning messages with PII.\n */\n warningPii(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Warning,\n containsPii: true,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs info messages.\n */\n info(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Info,\n containsPii: false,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs info messages with PII.\n */\n infoPii(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Info,\n containsPii: true,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs verbose messages.\n */\n verbose(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Verbose,\n containsPii: false,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs verbose messages with PII.\n */\n verbosePii(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Verbose,\n containsPii: true,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs trace messages.\n */\n trace(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Trace,\n containsPii: false,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Logs trace messages with PII.\n */\n tracePii(message, correlationId) {\n this.logMessage(message, {\n logLevel: LogLevel.Trace,\n containsPii: true,\n correlationId: correlationId || Constants.EMPTY_STRING,\n });\n }\n /**\n * Returns whether PII Logging is enabled or not.\n */\n isPiiLoggingEnabled() {\n return this.piiLoggingEnabled || false;\n }\n}\n\nexport { LogLevel, Logger };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/* eslint-disable header/header */\nconst name = \"@azure/msal-common\";\nconst version = \"14.7.1\";\n\nexport { name, version };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { StringUtils } from '../utils/StringUtils.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { Constants, OIDC_SCOPES } from '../utils/Constants.mjs';\nimport { emptyInputScopesError } from '../error/ClientConfigurationErrorCodes.mjs';\nimport { cannotAppendScopeSet, cannotRemoveEmptyScope, emptyInputScopeSet } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * The ScopeSet class creates a set of scopes. Scopes are case-insensitive, unique values, so the Set object in JS makes\n * the most sense to implement for this class. All scopes are trimmed and converted to lower case strings in intersection and union functions\n * to ensure uniqueness of strings.\n */\nclass ScopeSet {\n constructor(inputScopes) {\n // Filter empty string and null/undefined array items\n const scopeArr = inputScopes\n ? StringUtils.trimArrayEntries([...inputScopes])\n : [];\n const filteredInput = scopeArr\n ? StringUtils.removeEmptyStringsFromArray(scopeArr)\n : [];\n // Validate and filter scopes (validate function throws if validation fails)\n this.validateInputScopes(filteredInput);\n this.scopes = new Set(); // Iterator in constructor not supported by IE11\n filteredInput.forEach((scope) => this.scopes.add(scope));\n }\n /**\n * Factory method to create ScopeSet from space-delimited string\n * @param inputScopeString\n * @param appClientId\n * @param scopesRequired\n */\n static fromString(inputScopeString) {\n const scopeString = inputScopeString || Constants.EMPTY_STRING;\n const inputScopes = scopeString.split(\" \");\n return new ScopeSet(inputScopes);\n }\n /**\n * Creates the set of scopes to search for in cache lookups\n * @param inputScopeString\n * @returns\n */\n static createSearchScopes(inputScopeString) {\n const scopeSet = new ScopeSet(inputScopeString);\n if (!scopeSet.containsOnlyOIDCScopes()) {\n scopeSet.removeOIDCScopes();\n }\n else {\n scopeSet.removeScope(Constants.OFFLINE_ACCESS_SCOPE);\n }\n return scopeSet;\n }\n /**\n * Used to validate the scopes input parameter requested by the developer.\n * @param {Array} inputScopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.\n * @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not\n */\n validateInputScopes(inputScopes) {\n // Check if scopes are required but not given or is an empty array\n if (!inputScopes || inputScopes.length < 1) {\n throw createClientConfigurationError(emptyInputScopesError);\n }\n }\n /**\n * Check if a given scope is present in this set of scopes.\n * @param scope\n */\n containsScope(scope) {\n const lowerCaseScopes = this.printScopesLowerCase().split(\" \");\n const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes);\n // compare lowercase scopes\n return scope\n ? lowerCaseScopesSet.scopes.has(scope.toLowerCase())\n : false;\n }\n /**\n * Check if a set of scopes is present in this set of scopes.\n * @param scopeSet\n */\n containsScopeSet(scopeSet) {\n if (!scopeSet || scopeSet.scopes.size <= 0) {\n return false;\n }\n return (this.scopes.size >= scopeSet.scopes.size &&\n scopeSet.asArray().every((scope) => this.containsScope(scope)));\n }\n /**\n * Check if set of scopes contains only the defaults\n */\n containsOnlyOIDCScopes() {\n let defaultScopeCount = 0;\n OIDC_SCOPES.forEach((defaultScope) => {\n if (this.containsScope(defaultScope)) {\n defaultScopeCount += 1;\n }\n });\n return this.scopes.size === defaultScopeCount;\n }\n /**\n * Appends single scope if passed\n * @param newScope\n */\n appendScope(newScope) {\n if (newScope) {\n this.scopes.add(newScope.trim());\n }\n }\n /**\n * Appends multiple scopes if passed\n * @param newScopes\n */\n appendScopes(newScopes) {\n try {\n newScopes.forEach((newScope) => this.appendScope(newScope));\n }\n catch (e) {\n throw createClientAuthError(cannotAppendScopeSet);\n }\n }\n /**\n * Removes element from set of scopes.\n * @param scope\n */\n removeScope(scope) {\n if (!scope) {\n throw createClientAuthError(cannotRemoveEmptyScope);\n }\n this.scopes.delete(scope.trim());\n }\n /**\n * Removes default scopes from set of scopes\n * Primarily used to prevent cache misses if the default scopes are not returned from the server\n */\n removeOIDCScopes() {\n OIDC_SCOPES.forEach((defaultScope) => {\n this.scopes.delete(defaultScope);\n });\n }\n /**\n * Combines an array of scopes with the current set of scopes.\n * @param otherScopes\n */\n unionScopeSets(otherScopes) {\n if (!otherScopes) {\n throw createClientAuthError(emptyInputScopeSet);\n }\n const unionScopes = new Set(); // Iterator in constructor not supported in IE11\n otherScopes.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase()));\n this.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase()));\n return unionScopes;\n }\n /**\n * Check if scopes intersect between this set and another.\n * @param otherScopes\n */\n intersectingScopeSets(otherScopes) {\n if (!otherScopes) {\n throw createClientAuthError(emptyInputScopeSet);\n }\n // Do not allow OIDC scopes to be the only intersecting scopes\n if (!otherScopes.containsOnlyOIDCScopes()) {\n otherScopes.removeOIDCScopes();\n }\n const unionScopes = this.unionScopeSets(otherScopes);\n const sizeOtherScopes = otherScopes.getScopeCount();\n const sizeThisScopes = this.getScopeCount();\n const sizeUnionScopes = unionScopes.size;\n return sizeUnionScopes < sizeThisScopes + sizeOtherScopes;\n }\n /**\n * Returns size of set of scopes.\n */\n getScopeCount() {\n return this.scopes.size;\n }\n /**\n * Returns the scopes as an array of string values\n */\n asArray() {\n const array = [];\n this.scopes.forEach((val) => array.push(val));\n return array;\n }\n /**\n * Prints scopes into a space-delimited string\n */\n printScopes() {\n if (this.scopes) {\n const scopeArr = this.asArray();\n return scopeArr.join(\" \");\n }\n return Constants.EMPTY_STRING;\n }\n /**\n * Prints scopes into a space-delimited lower-case string (used for caching)\n */\n printScopesLowerCase() {\n return this.printScopes().toLowerCase();\n }\n}\n\nexport { ScopeSet };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Separators, CredentialType, AuthenticationScheme, THE_FAMILY_ID, APP_METADATA, AUTHORITY_METADATA_CONSTANTS } from '../utils/Constants.mjs';\nimport { generateCredentialKey } from './utils/CacheHelpers.mjs';\nimport { ScopeSet } from '../request/ScopeSet.mjs';\nimport { AccountEntity } from './entities/AccountEntity.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { updateAccountTenantProfileData, tenantIdMatchesHomeTenant } from '../account/AccountInfo.mjs';\nimport { extractTokenClaims } from '../account/AuthToken.mjs';\nimport { name, version } from '../packageMetadata.mjs';\nimport { getAliasesFromStaticSources } from '../authority/AuthorityMetadata.mjs';\nimport { invalidCacheRecord, bindingKeyNotRemoved, multipleMatchingAppMetadata, methodNotImplemented } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.\n * @internal\n */\nclass CacheManager {\n constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) {\n this.clientId = clientId;\n this.cryptoImpl = cryptoImpl;\n this.commonLogger = logger.clone(name, version);\n this.staticAuthorityOptions = staticAuthorityOptions;\n }\n /**\n * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.\n * @param accountFilter - (Optional) filter to narrow down the accounts returned\n * @returns Array of AccountInfo objects in cache\n */\n getAllAccounts(accountFilter) {\n return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter || {}), accountFilter);\n }\n /**\n * Gets first tenanted AccountInfo object found based on provided filters\n */\n getAccountInfoFilteredBy(accountFilter) {\n const allAccounts = this.getAllAccounts(accountFilter);\n if (allAccounts.length > 1) {\n // If one or more accounts are found, prioritize accounts that have an ID token\n const sortedAccounts = allAccounts.sort((account) => {\n return account.idTokenClaims ? -1 : 1;\n });\n return sortedAccounts[0];\n }\n else if (allAccounts.length === 1) {\n // If only one account is found, return it regardless of whether a matching ID token was found\n return allAccounts[0];\n }\n else {\n return null;\n }\n }\n /**\n * Returns a single matching\n * @param accountFilter\n * @returns\n */\n getBaseAccountInfo(accountFilter) {\n const accountEntities = this.getAccountsFilteredBy(accountFilter);\n if (accountEntities.length > 0) {\n return accountEntities[0].getAccountInfo();\n }\n else {\n return null;\n }\n }\n /**\n * Matches filtered account entities with cached ID tokens that match the tenant profile-specific account filters\n * and builds the account info objects from the matching ID token's claims\n * @param cachedAccounts\n * @param accountFilter\n * @returns Array of AccountInfo objects that match account and tenant profile filters\n */\n buildTenantProfiles(cachedAccounts, accountFilter) {\n return cachedAccounts.flatMap((accountEntity) => {\n return this.getAccountInfoForTenantProfiles(accountEntity, accountFilter);\n });\n }\n getAccountInfoForTenantProfiles(accountEntity, accountFilter) {\n return this.getTenantProfilesFromAccountEntity(accountEntity, accountFilter?.tenantId, accountFilter);\n }\n getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter) {\n let tenantedAccountInfo = null;\n let idTokenClaims;\n if (tenantProfileFilter) {\n if (!this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter)) {\n return null;\n }\n }\n const idToken = this.getIdToken(accountInfo, tokenKeys, tenantProfile.tenantId);\n if (idToken) {\n idTokenClaims = extractTokenClaims(idToken.secret, this.cryptoImpl.base64Decode);\n if (!this.idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter)) {\n // ID token sourced claims don't match so this tenant profile is not a match\n return null;\n }\n }\n // Expand tenant profile into account info based on matching tenant profile and if available matching ID token claims\n tenantedAccountInfo = updateAccountTenantProfileData(accountInfo, tenantProfile, idTokenClaims, idToken?.secret);\n return tenantedAccountInfo;\n }\n getTenantProfilesFromAccountEntity(accountEntity, targetTenantId, tenantProfileFilter) {\n const accountInfo = accountEntity.getAccountInfo();\n let searchTenantProfiles = accountInfo.tenantProfiles || new Map();\n const tokenKeys = this.getTokenKeys();\n // If a tenant ID was provided, only return the tenant profile for that tenant ID if it exists\n if (targetTenantId) {\n const tenantProfile = searchTenantProfiles.get(targetTenantId);\n if (tenantProfile) {\n // Reduce search field to just this tenant profile\n searchTenantProfiles = new Map([\n [targetTenantId, tenantProfile],\n ]);\n }\n else {\n // No tenant profile for search tenant ID, return empty array\n return [];\n }\n }\n const matchingTenantProfiles = [];\n searchTenantProfiles.forEach((tenantProfile) => {\n const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter);\n if (tenantedAccountInfo) {\n matchingTenantProfiles.push(tenantedAccountInfo);\n }\n });\n return matchingTenantProfiles;\n }\n tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter) {\n if (!!tenantProfileFilter.localAccountId &&\n !this.matchLocalAccountIdFromTenantProfile(tenantProfile, tenantProfileFilter.localAccountId)) {\n return false;\n }\n if (!!tenantProfileFilter.name &&\n !(tenantProfile.name === tenantProfileFilter.name)) {\n return false;\n }\n if (tenantProfileFilter.isHomeTenant !== undefined &&\n !(tenantProfile.isHomeTenant === tenantProfileFilter.isHomeTenant)) {\n return false;\n }\n return true;\n }\n idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter) {\n // Tenant Profile filtering\n if (tenantProfileFilter) {\n if (!!tenantProfileFilter.localAccountId &&\n !this.matchLocalAccountIdFromTokenClaims(idTokenClaims, tenantProfileFilter.localAccountId)) {\n return false;\n }\n if (!!tenantProfileFilter.loginHint &&\n !this.matchLoginHintFromTokenClaims(idTokenClaims, tenantProfileFilter.loginHint)) {\n return false;\n }\n if (!!tenantProfileFilter.username &&\n !this.matchUsername(idTokenClaims.preferred_username, tenantProfileFilter.username)) {\n return false;\n }\n if (!!tenantProfileFilter.name &&\n !this.matchName(idTokenClaims, tenantProfileFilter.name)) {\n return false;\n }\n if (!!tenantProfileFilter.sid &&\n !this.matchSid(idTokenClaims, tenantProfileFilter.sid)) {\n return false;\n }\n }\n return true;\n }\n /**\n * saves a cache record\n * @param cacheRecord\n */\n async saveCacheRecord(cacheRecord, storeInCache) {\n if (!cacheRecord) {\n throw createClientAuthError(invalidCacheRecord);\n }\n if (!!cacheRecord.account) {\n this.setAccount(cacheRecord.account);\n }\n if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {\n this.setIdTokenCredential(cacheRecord.idToken);\n }\n if (!!cacheRecord.accessToken && storeInCache?.accessToken !== false) {\n await this.saveAccessToken(cacheRecord.accessToken);\n }\n if (!!cacheRecord.refreshToken &&\n storeInCache?.refreshToken !== false) {\n this.setRefreshTokenCredential(cacheRecord.refreshToken);\n }\n if (!!cacheRecord.appMetadata) {\n this.setAppMetadata(cacheRecord.appMetadata);\n }\n }\n /**\n * saves access token credential\n * @param credential\n */\n async saveAccessToken(credential) {\n const accessTokenFilter = {\n clientId: credential.clientId,\n credentialType: credential.credentialType,\n environment: credential.environment,\n homeAccountId: credential.homeAccountId,\n realm: credential.realm,\n tokenType: credential.tokenType,\n requestedClaimsHash: credential.requestedClaimsHash,\n };\n const tokenKeys = this.getTokenKeys();\n const currentScopes = ScopeSet.fromString(credential.target);\n const removedAccessTokens = [];\n tokenKeys.accessToken.forEach((key) => {\n if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {\n return;\n }\n const tokenEntity = this.getAccessTokenCredential(key);\n if (tokenEntity &&\n this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {\n const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);\n if (tokenScopeSet.intersectingScopeSets(currentScopes)) {\n removedAccessTokens.push(this.removeAccessToken(key));\n }\n }\n });\n await Promise.all(removedAccessTokens);\n this.setAccessTokenCredential(credential);\n }\n /**\n * Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache\n * Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared\n * @param accountFilter - An object containing Account properties to filter by\n */\n getAccountsFilteredBy(accountFilter) {\n const allAccountKeys = this.getAccountKeys();\n const matchingAccounts = [];\n allAccountKeys.forEach((cacheKey) => {\n if (!this.isAccountKey(cacheKey, accountFilter.homeAccountId)) {\n // Don't parse value if the key doesn't match the account filters\n return;\n }\n const entity = this.getAccount(cacheKey, this.commonLogger);\n // Match base account fields\n if (!entity) {\n return;\n }\n if (!!accountFilter.homeAccountId &&\n !this.matchHomeAccountId(entity, accountFilter.homeAccountId)) {\n return;\n }\n if (!!accountFilter.username &&\n !this.matchUsername(entity.username, accountFilter.username)) {\n return;\n }\n if (!!accountFilter.environment &&\n !this.matchEnvironment(entity, accountFilter.environment)) {\n return;\n }\n if (!!accountFilter.realm &&\n !this.matchRealm(entity, accountFilter.realm)) {\n return;\n }\n if (!!accountFilter.nativeAccountId &&\n !this.matchNativeAccountId(entity, accountFilter.nativeAccountId)) {\n return;\n }\n if (!!accountFilter.authorityType &&\n !this.matchAuthorityType(entity, accountFilter.authorityType)) {\n return;\n }\n // If at least one tenant profile matches the tenant profile filter, add the account to the list of matching accounts\n const tenantProfileFilter = {\n localAccountId: accountFilter?.localAccountId,\n name: accountFilter?.name,\n };\n const matchingTenantProfiles = entity.tenantProfiles?.filter((tenantProfile) => {\n return this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter);\n });\n if (matchingTenantProfiles && matchingTenantProfiles.length === 0) {\n // No tenant profile for this account matches filter, don't add to list of matching accounts\n return;\n }\n matchingAccounts.push(entity);\n });\n return matchingAccounts;\n }\n /**\n * Returns true if the given key matches our account key schema. Also matches homeAccountId and/or tenantId if provided\n * @param key\n * @param homeAccountId\n * @param tenantId\n * @returns\n */\n isAccountKey(key, homeAccountId, tenantId) {\n if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 3) {\n // Account cache keys contain 3 items separated by '-' (each item may also contain '-')\n return false;\n }\n if (homeAccountId &&\n !key.toLowerCase().includes(homeAccountId.toLowerCase())) {\n return false;\n }\n if (tenantId && !key.toLowerCase().includes(tenantId.toLowerCase())) {\n return false;\n }\n // Do not check environment as aliasing can cause false negatives\n return true;\n }\n /**\n * Returns true if the given key matches our credential key schema.\n * @param key\n */\n isCredentialKey(key) {\n if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 6) {\n // Credential cache keys contain 6 items separated by '-' (each item may also contain '-')\n return false;\n }\n const lowerCaseKey = key.toLowerCase();\n // Credential keys must indicate what credential type they represent\n if (lowerCaseKey.indexOf(CredentialType.ID_TOKEN.toLowerCase()) ===\n -1 &&\n lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN.toLowerCase()) ===\n -1 &&\n lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) === -1 &&\n lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) ===\n -1) {\n return false;\n }\n if (lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) >\n -1) {\n // Refresh tokens must contain the client id or family id\n const clientIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${this.clientId}${Separators.CACHE_KEY_SEPARATOR}`;\n const familyIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${THE_FAMILY_ID}${Separators.CACHE_KEY_SEPARATOR}`;\n if (lowerCaseKey.indexOf(clientIdValidation.toLowerCase()) === -1 &&\n lowerCaseKey.indexOf(familyIdValidation.toLowerCase()) === -1) {\n return false;\n }\n }\n else if (lowerCaseKey.indexOf(this.clientId.toLowerCase()) === -1) {\n // Tokens must contain the clientId\n return false;\n }\n return true;\n }\n /**\n * Returns whether or not the given credential entity matches the filter\n * @param entity\n * @param filter\n * @returns\n */\n credentialMatchesFilter(entity, filter) {\n if (!!filter.clientId && !this.matchClientId(entity, filter.clientId)) {\n return false;\n }\n if (!!filter.userAssertionHash &&\n !this.matchUserAssertionHash(entity, filter.userAssertionHash)) {\n return false;\n }\n /*\n * homeAccountId can be undefined, and we want to filter out cached items that have a homeAccountId of \"\"\n * because we don't want a client_credential request to return a cached token that has a homeAccountId\n */\n if (typeof filter.homeAccountId === \"string\" &&\n !this.matchHomeAccountId(entity, filter.homeAccountId)) {\n return false;\n }\n if (!!filter.environment &&\n !this.matchEnvironment(entity, filter.environment)) {\n return false;\n }\n if (!!filter.realm && !this.matchRealm(entity, filter.realm)) {\n return false;\n }\n if (!!filter.credentialType &&\n !this.matchCredentialType(entity, filter.credentialType)) {\n return false;\n }\n if (!!filter.familyId && !this.matchFamilyId(entity, filter.familyId)) {\n return false;\n }\n /*\n * idTokens do not have \"target\", target specific refreshTokens do exist for some types of authentication\n * Resource specific refresh tokens case will be added when the support is deemed necessary\n */\n if (!!filter.target && !this.matchTarget(entity, filter.target)) {\n return false;\n }\n // If request OR cached entity has requested Claims Hash, check if they match\n if (filter.requestedClaimsHash || entity.requestedClaimsHash) {\n // Don't match if either is undefined or they are different\n if (entity.requestedClaimsHash !== filter.requestedClaimsHash) {\n return false;\n }\n }\n // Access Token with Auth Scheme specific matching\n if (entity.credentialType ===\n CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME) {\n if (!!filter.tokenType &&\n !this.matchTokenType(entity, filter.tokenType)) {\n return false;\n }\n // KeyId (sshKid) in request must match cached SSH certificate keyId because SSH cert is bound to a specific key\n if (filter.tokenType === AuthenticationScheme.SSH) {\n if (filter.keyId && !this.matchKeyId(entity, filter.keyId)) {\n return false;\n }\n }\n }\n return true;\n }\n /**\n * retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata\n * @param filter\n */\n getAppMetadataFilteredBy(filter) {\n return this.getAppMetadataFilteredByInternal(filter.environment, filter.clientId);\n }\n /**\n * Support function to help match appMetadata\n * @param environment\n * @param clientId\n */\n getAppMetadataFilteredByInternal(environment, clientId) {\n const allCacheKeys = this.getKeys();\n const matchingAppMetadata = {};\n allCacheKeys.forEach((cacheKey) => {\n // don't parse any non-appMetadata type cache entities\n if (!this.isAppMetadata(cacheKey)) {\n return;\n }\n // Attempt retrieval\n const entity = this.getAppMetadata(cacheKey);\n if (!entity) {\n return;\n }\n if (!!environment && !this.matchEnvironment(entity, environment)) {\n return;\n }\n if (!!clientId && !this.matchClientId(entity, clientId)) {\n return;\n }\n matchingAppMetadata[cacheKey] = entity;\n });\n return matchingAppMetadata;\n }\n /**\n * retrieve authorityMetadata that contains a matching alias\n * @param filter\n */\n getAuthorityMetadataByAlias(host) {\n const allCacheKeys = this.getAuthorityMetadataKeys();\n let matchedEntity = null;\n allCacheKeys.forEach((cacheKey) => {\n // don't parse any non-authorityMetadata type cache entities\n if (!this.isAuthorityMetadata(cacheKey) ||\n cacheKey.indexOf(this.clientId) === -1) {\n return;\n }\n // Attempt retrieval\n const entity = this.getAuthorityMetadata(cacheKey);\n if (!entity) {\n return;\n }\n if (entity.aliases.indexOf(host) === -1) {\n return;\n }\n matchedEntity = entity;\n });\n return matchedEntity;\n }\n /**\n * Removes all accounts and related tokens from cache.\n */\n async removeAllAccounts() {\n const allAccountKeys = this.getAccountKeys();\n const removedAccounts = [];\n allAccountKeys.forEach((cacheKey) => {\n removedAccounts.push(this.removeAccount(cacheKey));\n });\n await Promise.all(removedAccounts);\n }\n /**\n * Removes the account and related tokens for a given account key\n * @param account\n */\n async removeAccount(accountKey) {\n const account = this.getAccount(accountKey, this.commonLogger);\n if (!account) {\n return;\n }\n await this.removeAccountContext(account);\n this.removeItem(accountKey);\n }\n /**\n * Removes credentials associated with the provided account\n * @param account\n */\n async removeAccountContext(account) {\n const allTokenKeys = this.getTokenKeys();\n const accountId = account.generateAccountId();\n const removedCredentials = [];\n allTokenKeys.idToken.forEach((key) => {\n if (key.indexOf(accountId) === 0) {\n this.removeIdToken(key);\n }\n });\n allTokenKeys.accessToken.forEach((key) => {\n if (key.indexOf(accountId) === 0) {\n removedCredentials.push(this.removeAccessToken(key));\n }\n });\n allTokenKeys.refreshToken.forEach((key) => {\n if (key.indexOf(accountId) === 0) {\n this.removeRefreshToken(key);\n }\n });\n await Promise.all(removedCredentials);\n }\n /**\n * Migrates a single-tenant account and all it's associated alternate cross-tenant account objects in the\n * cache into a condensed multi-tenant account object with tenant profiles.\n * @param accountKey\n * @param accountEntity\n * @param logger\n * @returns\n */\n updateOutdatedCachedAccount(accountKey, accountEntity, logger) {\n // Only update if account entity is defined and has no tenantProfiles object (is outdated)\n if (accountEntity && accountEntity.isSingleTenant()) {\n this.commonLogger?.verbose(\"updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity\");\n // Get keys of all accounts belonging to user\n const matchingAccountKeys = this.getAccountKeys().filter((key) => {\n return key.startsWith(accountEntity.homeAccountId);\n });\n // Get all account entities belonging to user\n const accountsToMerge = [];\n matchingAccountKeys.forEach((key) => {\n const account = this.getCachedAccountEntity(key);\n if (account) {\n accountsToMerge.push(account);\n }\n });\n // Set base account to home account if available, any account if not\n const baseAccount = accountsToMerge.find((account) => {\n return tenantIdMatchesHomeTenant(account.realm, account.homeAccountId);\n }) || accountsToMerge[0];\n // Populate tenant profiles built from each account entity belonging to the user\n baseAccount.tenantProfiles = accountsToMerge.map((account) => {\n return {\n tenantId: account.realm,\n localAccountId: account.localAccountId,\n name: account.name,\n isHomeTenant: tenantIdMatchesHomeTenant(account.realm, account.homeAccountId),\n };\n });\n const updatedAccount = CacheManager.toObject(new AccountEntity(), {\n ...baseAccount,\n });\n const newAccountKey = updatedAccount.generateAccountKey();\n // Clear cache of legacy account objects that have been collpsed into tenant profiles\n matchingAccountKeys.forEach((key) => {\n if (key !== newAccountKey) {\n this.removeOutdatedAccount(accountKey);\n }\n });\n // Cache updated account object\n this.setAccount(updatedAccount);\n logger?.verbose(\"Updated an outdated account entity in the cache\");\n return updatedAccount;\n }\n // No update is necessary\n return accountEntity;\n }\n /**\n * returns a boolean if the given credential is removed\n * @param credential\n */\n async removeAccessToken(key) {\n const credential = this.getAccessTokenCredential(key);\n if (!credential) {\n return;\n }\n // Remove Token Binding Key from key store for PoP Tokens Credentials\n if (credential.credentialType.toLowerCase() ===\n CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {\n if (credential.tokenType === AuthenticationScheme.POP) {\n const accessTokenWithAuthSchemeEntity = credential;\n const kid = accessTokenWithAuthSchemeEntity.keyId;\n if (kid) {\n try {\n await this.cryptoImpl.removeTokenBindingKey(kid);\n }\n catch (error) {\n throw createClientAuthError(bindingKeyNotRemoved);\n }\n }\n }\n }\n return this.removeItem(key);\n }\n /**\n * Removes all app metadata objects from cache.\n */\n removeAppMetadata() {\n const allCacheKeys = this.getKeys();\n allCacheKeys.forEach((cacheKey) => {\n if (this.isAppMetadata(cacheKey)) {\n this.removeItem(cacheKey);\n }\n });\n return true;\n }\n /**\n * Retrieve AccountEntity from cache\n * @param account\n */\n readAccountFromCache(account) {\n const accountKey = AccountEntity.generateAccountCacheKey(account);\n return this.getAccount(accountKey, this.commonLogger);\n }\n /**\n * Retrieve IdTokenEntity from cache\n * @param account {AccountInfo}\n * @param tokenKeys {?TokenKeys}\n * @param targetRealm {?string}\n * @param performanceClient {?IPerformanceClient}\n * @param correlationId {?string}\n */\n getIdToken(account, tokenKeys, targetRealm, performanceClient, correlationId) {\n this.commonLogger.trace(\"CacheManager - getIdToken called\");\n const idTokenFilter = {\n homeAccountId: account.homeAccountId,\n environment: account.environment,\n credentialType: CredentialType.ID_TOKEN,\n clientId: this.clientId,\n realm: targetRealm,\n };\n const idTokenMap = this.getIdTokensByFilter(idTokenFilter, tokenKeys);\n const numIdTokens = idTokenMap.size;\n if (numIdTokens < 1) {\n this.commonLogger.info(\"CacheManager:getIdToken - No token found\");\n return null;\n }\n else if (numIdTokens > 1) {\n let tokensToBeRemoved = idTokenMap;\n // Multiple tenant profiles and no tenant specified, pick home account\n if (!targetRealm) {\n const homeIdTokenMap = new Map();\n idTokenMap.forEach((idToken, key) => {\n if (idToken.realm === account.tenantId) {\n homeIdTokenMap.set(key, idToken);\n }\n });\n const numHomeIdTokens = homeIdTokenMap.size;\n if (numHomeIdTokens < 1) {\n this.commonLogger.info(\"CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result\");\n return idTokenMap.values().next().value;\n }\n else if (numHomeIdTokens === 1) {\n this.commonLogger.info(\"CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile\");\n return homeIdTokenMap.values().next().value;\n }\n else {\n // Multiple ID tokens for home tenant profile, remove all and return null\n tokensToBeRemoved = homeIdTokenMap;\n }\n }\n // Multiple tokens for a single tenant profile, remove all and return null\n this.commonLogger.info(\"CacheManager:getIdToken - Multiple matching ID tokens found, clearing them\");\n tokensToBeRemoved.forEach((idToken, key) => {\n this.removeIdToken(key);\n });\n if (performanceClient && correlationId) {\n performanceClient.addFields({ multiMatchedID: idTokenMap.size }, correlationId);\n }\n return null;\n }\n this.commonLogger.info(\"CacheManager:getIdToken - Returning ID token\");\n return idTokenMap.values().next().value;\n }\n /**\n * Gets all idTokens matching the given filter\n * @param filter\n * @returns\n */\n getIdTokensByFilter(filter, tokenKeys) {\n const idTokenKeys = (tokenKeys && tokenKeys.idToken) || this.getTokenKeys().idToken;\n const idTokens = new Map();\n idTokenKeys.forEach((key) => {\n if (!this.idTokenKeyMatchesFilter(key, {\n clientId: this.clientId,\n ...filter,\n })) {\n return;\n }\n const idToken = this.getIdTokenCredential(key);\n if (idToken && this.credentialMatchesFilter(idToken, filter)) {\n idTokens.set(key, idToken);\n }\n });\n return idTokens;\n }\n /**\n * Validate the cache key against filter before retrieving and parsing cache value\n * @param key\n * @param filter\n * @returns\n */\n idTokenKeyMatchesFilter(inputKey, filter) {\n const key = inputKey.toLowerCase();\n if (filter.clientId &&\n key.indexOf(filter.clientId.toLowerCase()) === -1) {\n return false;\n }\n if (filter.homeAccountId &&\n key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {\n return false;\n }\n return true;\n }\n /**\n * Removes idToken from the cache\n * @param key\n */\n removeIdToken(key) {\n this.removeItem(key);\n }\n /**\n * Removes refresh token from the cache\n * @param key\n */\n removeRefreshToken(key) {\n this.removeItem(key);\n }\n /**\n * Retrieve AccessTokenEntity from cache\n * @param account {AccountInfo}\n * @param request {BaseAuthRequest}\n * @param tokenKeys {?TokenKeys}\n * @param performanceClient {?IPerformanceClient}\n * @param correlationId {?string}\n */\n getAccessToken(account, request, tokenKeys, targetRealm, performanceClient, correlationId) {\n this.commonLogger.trace(\"CacheManager - getAccessToken called\");\n const scopes = ScopeSet.createSearchScopes(request.scopes);\n const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;\n /*\n * Distinguish between Bearer and PoP/SSH token cache types\n * Cast to lowercase to handle \"bearer\" from ADFS\n */\n const credentialType = authScheme &&\n authScheme.toLowerCase() !==\n AuthenticationScheme.BEARER.toLowerCase()\n ? CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME\n : CredentialType.ACCESS_TOKEN;\n const accessTokenFilter = {\n homeAccountId: account.homeAccountId,\n environment: account.environment,\n credentialType: credentialType,\n clientId: this.clientId,\n realm: targetRealm || account.tenantId,\n target: scopes,\n tokenType: authScheme,\n keyId: request.sshKid,\n requestedClaimsHash: request.requestedClaimsHash,\n };\n const accessTokenKeys = (tokenKeys && tokenKeys.accessToken) ||\n this.getTokenKeys().accessToken;\n const accessTokens = [];\n accessTokenKeys.forEach((key) => {\n // Validate key\n if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) {\n const accessToken = this.getAccessTokenCredential(key);\n // Validate value\n if (accessToken &&\n this.credentialMatchesFilter(accessToken, accessTokenFilter)) {\n accessTokens.push(accessToken);\n }\n }\n });\n const numAccessTokens = accessTokens.length;\n if (numAccessTokens < 1) {\n this.commonLogger.info(\"CacheManager:getAccessToken - No token found\");\n return null;\n }\n else if (numAccessTokens > 1) {\n this.commonLogger.info(\"CacheManager:getAccessToken - Multiple access tokens found, clearing them\");\n accessTokens.forEach((accessToken) => {\n void this.removeAccessToken(generateCredentialKey(accessToken));\n });\n if (performanceClient && correlationId) {\n performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);\n }\n return null;\n }\n this.commonLogger.info(\"CacheManager:getAccessToken - Returning access token\");\n return accessTokens[0];\n }\n /**\n * Validate the cache key against filter before retrieving and parsing cache value\n * @param key\n * @param filter\n * @param keyMustContainAllScopes\n * @returns\n */\n accessTokenKeyMatchesFilter(inputKey, filter, keyMustContainAllScopes) {\n const key = inputKey.toLowerCase();\n if (filter.clientId &&\n key.indexOf(filter.clientId.toLowerCase()) === -1) {\n return false;\n }\n if (filter.homeAccountId &&\n key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {\n return false;\n }\n if (filter.realm && key.indexOf(filter.realm.toLowerCase()) === -1) {\n return false;\n }\n if (filter.requestedClaimsHash &&\n key.indexOf(filter.requestedClaimsHash.toLowerCase()) === -1) {\n return false;\n }\n if (filter.target) {\n const scopes = filter.target.asArray();\n for (let i = 0; i < scopes.length; i++) {\n if (keyMustContainAllScopes &&\n !key.includes(scopes[i].toLowerCase())) {\n // When performing a cache lookup a missing scope would be a cache miss\n return false;\n }\n else if (!keyMustContainAllScopes &&\n key.includes(scopes[i].toLowerCase())) {\n // When performing a cache write, any token with a subset of requested scopes should be replaced\n return true;\n }\n }\n }\n return true;\n }\n /**\n * Gets all access tokens matching the filter\n * @param filter\n * @returns\n */\n getAccessTokensByFilter(filter) {\n const tokenKeys = this.getTokenKeys();\n const accessTokens = [];\n tokenKeys.accessToken.forEach((key) => {\n if (!this.accessTokenKeyMatchesFilter(key, filter, true)) {\n return;\n }\n const accessToken = this.getAccessTokenCredential(key);\n if (accessToken &&\n this.credentialMatchesFilter(accessToken, filter)) {\n accessTokens.push(accessToken);\n }\n });\n return accessTokens;\n }\n /**\n * Helper to retrieve the appropriate refresh token from cache\n * @param account {AccountInfo}\n * @param familyRT {boolean}\n * @param tokenKeys {?TokenKeys}\n * @param performanceClient {?IPerformanceClient}\n * @param correlationId {?string}\n */\n getRefreshToken(account, familyRT, tokenKeys, performanceClient, correlationId) {\n this.commonLogger.trace(\"CacheManager - getRefreshToken called\");\n const id = familyRT ? THE_FAMILY_ID : undefined;\n const refreshTokenFilter = {\n homeAccountId: account.homeAccountId,\n environment: account.environment,\n credentialType: CredentialType.REFRESH_TOKEN,\n clientId: this.clientId,\n familyId: id,\n };\n const refreshTokenKeys = (tokenKeys && tokenKeys.refreshToken) ||\n this.getTokenKeys().refreshToken;\n const refreshTokens = [];\n refreshTokenKeys.forEach((key) => {\n // Validate key\n if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {\n const refreshToken = this.getRefreshTokenCredential(key);\n // Validate value\n if (refreshToken &&\n this.credentialMatchesFilter(refreshToken, refreshTokenFilter)) {\n refreshTokens.push(refreshToken);\n }\n }\n });\n const numRefreshTokens = refreshTokens.length;\n if (numRefreshTokens < 1) {\n this.commonLogger.info(\"CacheManager:getRefreshToken - No refresh token found.\");\n return null;\n }\n // address the else case after remove functions address environment aliases\n if (numRefreshTokens > 1 && performanceClient && correlationId) {\n performanceClient.addFields({ multiMatchedRT: numRefreshTokens }, correlationId);\n }\n this.commonLogger.info(\"CacheManager:getRefreshToken - returning refresh token\");\n return refreshTokens[0];\n }\n /**\n * Validate the cache key against filter before retrieving and parsing cache value\n * @param key\n * @param filter\n */\n refreshTokenKeyMatchesFilter(inputKey, filter) {\n const key = inputKey.toLowerCase();\n if (filter.familyId &&\n key.indexOf(filter.familyId.toLowerCase()) === -1) {\n return false;\n }\n // If familyId is used, clientId is not in the key\n if (!filter.familyId &&\n filter.clientId &&\n key.indexOf(filter.clientId.toLowerCase()) === -1) {\n return false;\n }\n if (filter.homeAccountId &&\n key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {\n return false;\n }\n return true;\n }\n /**\n * Retrieve AppMetadataEntity from cache\n */\n readAppMetadataFromCache(environment) {\n const appMetadataFilter = {\n environment,\n clientId: this.clientId,\n };\n const appMetadata = this.getAppMetadataFilteredBy(appMetadataFilter);\n const appMetadataEntries = Object.keys(appMetadata).map((key) => appMetadata[key]);\n const numAppMetadata = appMetadataEntries.length;\n if (numAppMetadata < 1) {\n return null;\n }\n else if (numAppMetadata > 1) {\n throw createClientAuthError(multipleMatchingAppMetadata);\n }\n return appMetadataEntries[0];\n }\n /**\n * Return the family_id value associated with FOCI\n * @param environment\n * @param clientId\n */\n isAppMetadataFOCI(environment) {\n const appMetadata = this.readAppMetadataFromCache(environment);\n return !!(appMetadata && appMetadata.familyId === THE_FAMILY_ID);\n }\n /**\n * helper to match account ids\n * @param value\n * @param homeAccountId\n */\n matchHomeAccountId(entity, homeAccountId) {\n return !!(typeof entity.homeAccountId === \"string\" &&\n homeAccountId === entity.homeAccountId);\n }\n /**\n * helper to match account ids\n * @param entity\n * @param localAccountId\n * @returns\n */\n matchLocalAccountIdFromTokenClaims(tokenClaims, localAccountId) {\n const idTokenLocalAccountId = tokenClaims.oid || tokenClaims.sub;\n return localAccountId === idTokenLocalAccountId;\n }\n matchLocalAccountIdFromTenantProfile(tenantProfile, localAccountId) {\n return tenantProfile.localAccountId === localAccountId;\n }\n /**\n * helper to match names\n * @param entity\n * @param name\n * @returns true if the downcased name properties are present and match in the filter and the entity\n */\n matchName(claims, name) {\n return !!(name.toLowerCase() === claims.name?.toLowerCase());\n }\n /**\n * helper to match usernames\n * @param entity\n * @param username\n * @returns\n */\n matchUsername(cachedUsername, filterUsername) {\n return !!(cachedUsername &&\n typeof cachedUsername === \"string\" &&\n filterUsername?.toLowerCase() === cachedUsername.toLowerCase());\n }\n /**\n * helper to match assertion\n * @param value\n * @param oboAssertion\n */\n matchUserAssertionHash(entity, userAssertionHash) {\n return !!(entity.userAssertionHash &&\n userAssertionHash === entity.userAssertionHash);\n }\n /**\n * helper to match environment\n * @param value\n * @param environment\n */\n matchEnvironment(entity, environment) {\n // Check static authority options first for cases where authority metadata has not been resolved and cached yet\n if (this.staticAuthorityOptions) {\n const staticAliases = getAliasesFromStaticSources(this.staticAuthorityOptions, this.commonLogger);\n if (staticAliases.includes(environment) &&\n staticAliases.includes(entity.environment)) {\n return true;\n }\n }\n // Query metadata cache if no static authority configuration has aliases that match enviroment\n const cloudMetadata = this.getAuthorityMetadataByAlias(environment);\n if (cloudMetadata &&\n cloudMetadata.aliases.indexOf(entity.environment) > -1) {\n return true;\n }\n return false;\n }\n /**\n * helper to match credential type\n * @param entity\n * @param credentialType\n */\n matchCredentialType(entity, credentialType) {\n return (entity.credentialType &&\n credentialType.toLowerCase() === entity.credentialType.toLowerCase());\n }\n /**\n * helper to match client ids\n * @param entity\n * @param clientId\n */\n matchClientId(entity, clientId) {\n return !!(entity.clientId && clientId === entity.clientId);\n }\n /**\n * helper to match family ids\n * @param entity\n * @param familyId\n */\n matchFamilyId(entity, familyId) {\n return !!(entity.familyId && familyId === entity.familyId);\n }\n /**\n * helper to match realm\n * @param entity\n * @param realm\n */\n matchRealm(entity, realm) {\n return !!(entity.realm?.toLowerCase() === realm.toLowerCase());\n }\n /**\n * helper to match nativeAccountId\n * @param entity\n * @param nativeAccountId\n * @returns boolean indicating the match result\n */\n matchNativeAccountId(entity, nativeAccountId) {\n return !!(entity.nativeAccountId && nativeAccountId === entity.nativeAccountId);\n }\n /**\n * helper to match loginHint which can be either:\n * 1. login_hint ID token claim\n * 2. username in cached account object\n * 3. upn in ID token claims\n * @param entity\n * @param loginHint\n * @returns\n */\n matchLoginHintFromTokenClaims(tokenClaims, loginHint) {\n if (tokenClaims.login_hint === loginHint) {\n return true;\n }\n if (tokenClaims.preferred_username === loginHint) {\n return true;\n }\n if (tokenClaims.upn === loginHint) {\n return true;\n }\n return false;\n }\n /**\n * Helper to match sid\n * @param entity\n * @param sid\n * @returns true if the sid claim is present and matches the filter\n */\n matchSid(idTokenClaims, sid) {\n return idTokenClaims.sid === sid;\n }\n matchAuthorityType(entity, authorityType) {\n return !!(entity.authorityType &&\n authorityType.toLowerCase() === entity.authorityType.toLowerCase());\n }\n /**\n * Returns true if the target scopes are a subset of the current entity's scopes, false otherwise.\n * @param entity\n * @param target\n */\n matchTarget(entity, target) {\n const isNotAccessTokenCredential = entity.credentialType !== CredentialType.ACCESS_TOKEN &&\n entity.credentialType !==\n CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;\n if (isNotAccessTokenCredential || !entity.target) {\n return false;\n }\n const entityScopeSet = ScopeSet.fromString(entity.target);\n return entityScopeSet.containsScopeSet(target);\n }\n /**\n * Returns true if the credential's tokenType or Authentication Scheme matches the one in the request, false otherwise\n * @param entity\n * @param tokenType\n */\n matchTokenType(entity, tokenType) {\n return !!(entity.tokenType && entity.tokenType === tokenType);\n }\n /**\n * Returns true if the credential's keyId matches the one in the request, false otherwise\n * @param entity\n * @param tokenType\n */\n matchKeyId(entity, keyId) {\n return !!(entity.keyId && entity.keyId === keyId);\n }\n /**\n * returns if a given cache entity is of the type appmetadata\n * @param key\n */\n isAppMetadata(key) {\n return key.indexOf(APP_METADATA) !== -1;\n }\n /**\n * returns if a given cache entity is of the type authoritymetadata\n * @param key\n */\n isAuthorityMetadata(key) {\n return key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) !== -1;\n }\n /**\n * returns cache key used for cloud instance metadata\n */\n generateAuthorityMetadataCacheKey(authority) {\n return `${AUTHORITY_METADATA_CONSTANTS.CACHE_KEY}-${this.clientId}-${authority}`;\n }\n /**\n * Helper to convert serialized data to object\n * @param obj\n * @param json\n */\n static toObject(obj, json) {\n for (const propertyName in json) {\n obj[propertyName] = json[propertyName];\n }\n return obj;\n }\n}\n/** @internal */\nclass DefaultStorageClass extends CacheManager {\n setAccount() {\n throw createClientAuthError(methodNotImplemented);\n }\n getAccount() {\n throw createClientAuthError(methodNotImplemented);\n }\n getCachedAccountEntity() {\n throw createClientAuthError(methodNotImplemented);\n }\n setIdTokenCredential() {\n throw createClientAuthError(methodNotImplemented);\n }\n getIdTokenCredential() {\n throw createClientAuthError(methodNotImplemented);\n }\n setAccessTokenCredential() {\n throw createClientAuthError(methodNotImplemented);\n }\n getAccessTokenCredential() {\n throw createClientAuthError(methodNotImplemented);\n }\n setRefreshTokenCredential() {\n throw createClientAuthError(methodNotImplemented);\n }\n getRefreshTokenCredential() {\n throw createClientAuthError(methodNotImplemented);\n }\n setAppMetadata() {\n throw createClientAuthError(methodNotImplemented);\n }\n getAppMetadata() {\n throw createClientAuthError(methodNotImplemented);\n }\n setServerTelemetry() {\n throw createClientAuthError(methodNotImplemented);\n }\n getServerTelemetry() {\n throw createClientAuthError(methodNotImplemented);\n }\n setAuthorityMetadata() {\n throw createClientAuthError(methodNotImplemented);\n }\n getAuthorityMetadata() {\n throw createClientAuthError(methodNotImplemented);\n }\n getAuthorityMetadataKeys() {\n throw createClientAuthError(methodNotImplemented);\n }\n setThrottlingCache() {\n throw createClientAuthError(methodNotImplemented);\n }\n getThrottlingCache() {\n throw createClientAuthError(methodNotImplemented);\n }\n removeItem() {\n throw createClientAuthError(methodNotImplemented);\n }\n containsKey() {\n throw createClientAuthError(methodNotImplemented);\n }\n getKeys() {\n throw createClientAuthError(methodNotImplemented);\n }\n getAccountKeys() {\n throw createClientAuthError(methodNotImplemented);\n }\n getTokenKeys() {\n throw createClientAuthError(methodNotImplemented);\n }\n async clear() {\n throw createClientAuthError(methodNotImplemented);\n }\n updateCredentialCacheKey() {\n throw createClientAuthError(methodNotImplemented);\n }\n removeOutdatedAccount() {\n throw createClientAuthError(methodNotImplemented);\n }\n}\n\nexport { CacheManager, DefaultStorageClass };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { DEFAULT_CRYPTO_IMPLEMENTATION } from '../crypto/ICrypto.mjs';\nimport { Logger, LogLevel } from '../logger/Logger.mjs';\nimport { Constants } from '../utils/Constants.mjs';\nimport { version } from '../packageMetadata.mjs';\nimport { AzureCloudInstance } from '../authority/AuthorityOptions.mjs';\nimport { DefaultStorageClass } from '../cache/CacheManager.mjs';\nimport { ProtocolMode } from '../authority/ProtocolMode.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { methodNotImplemented } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n// Token renewal offset default in seconds\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\nconst DEFAULT_SYSTEM_OPTIONS = {\n tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,\n preventCorsPreflight: false,\n};\nconst DEFAULT_LOGGER_IMPLEMENTATION = {\n loggerCallback: () => {\n // allow users to not set loggerCallback\n },\n piiLoggingEnabled: false,\n logLevel: LogLevel.Info,\n correlationId: Constants.EMPTY_STRING,\n};\nconst DEFAULT_CACHE_OPTIONS = {\n claimsBasedCachingEnabled: false,\n};\nconst DEFAULT_NETWORK_IMPLEMENTATION = {\n async sendGetRequestAsync() {\n throw createClientAuthError(methodNotImplemented);\n },\n async sendPostRequestAsync() {\n throw createClientAuthError(methodNotImplemented);\n },\n};\nconst DEFAULT_LIBRARY_INFO = {\n sku: Constants.SKU,\n version: version,\n cpu: Constants.EMPTY_STRING,\n os: Constants.EMPTY_STRING,\n};\nconst DEFAULT_CLIENT_CREDENTIALS = {\n clientSecret: Constants.EMPTY_STRING,\n clientAssertion: undefined,\n};\nconst DEFAULT_AZURE_CLOUD_OPTIONS = {\n azureCloudInstance: AzureCloudInstance.None,\n tenant: `${Constants.DEFAULT_COMMON_TENANT}`,\n};\nconst DEFAULT_TELEMETRY_OPTIONS = {\n application: {\n appName: \"\",\n appVersion: \"\",\n },\n};\n/**\n * Function that sets the default options when not explicitly configured from app developer\n *\n * @param Configuration\n *\n * @returns Configuration\n */\nfunction buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {\n const loggerOptions = {\n ...DEFAULT_LOGGER_IMPLEMENTATION,\n ...userLoggerOption,\n };\n return {\n authOptions: buildAuthOptions(userAuthOptions),\n systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },\n loggerOptions: loggerOptions,\n cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },\n storageInterface: storageImplementation ||\n new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)),\n networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,\n cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,\n clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,\n libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },\n telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },\n serverTelemetryManager: serverTelemetryManager || null,\n persistencePlugin: persistencePlugin || null,\n serializableCache: serializableCache || null,\n };\n}\n/**\n * Construct authoptions from the client and platform passed values\n * @param authOptions\n */\nfunction buildAuthOptions(authOptions) {\n return {\n clientCapabilities: [],\n azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,\n skipAuthorityMetadataCache: false,\n ...authOptions,\n };\n}\n/**\n * Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise\n * @param ClientConfiguration\n */\nfunction isOidcProtocolMode(config) {\n return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);\n}\n\nexport { DEFAULT_SYSTEM_OPTIONS, buildClientConfiguration, isOidcProtocolMode };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Error thrown when there is an error with the server code, for example, unavailability.\n */\nclass ServerError extends AuthError {\n constructor(errorCode, errorMessage, subError) {\n super(errorCode, errorMessage, subError);\n this.name = \"ServerError\";\n Object.setPrototypeOf(this, ServerError.prototype);\n }\n}\n\nexport { ServerError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { ThrottlingConstants, Constants, HeaderNames } from '../utils/Constants.mjs';\nimport { ServerError } from '../error/ServerError.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/** @internal */\nclass ThrottlingUtils {\n /**\n * Prepares a RequestThumbprint to be stored as a key.\n * @param thumbprint\n */\n static generateThrottlingStorageKey(thumbprint) {\n return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`;\n }\n /**\n * Performs necessary throttling checks before a network request.\n * @param cacheManager\n * @param thumbprint\n */\n static preProcess(cacheManager, thumbprint) {\n const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);\n const value = cacheManager.getThrottlingCache(key);\n if (value) {\n if (value.throttleTime < Date.now()) {\n cacheManager.removeItem(key);\n return;\n }\n throw new ServerError(value.errorCodes?.join(\" \") || Constants.EMPTY_STRING, value.errorMessage, value.subError);\n }\n }\n /**\n * Performs necessary throttling checks after a network request.\n * @param cacheManager\n * @param thumbprint\n * @param response\n */\n static postProcess(cacheManager, thumbprint, response) {\n if (ThrottlingUtils.checkResponseStatus(response) ||\n ThrottlingUtils.checkResponseForRetryAfter(response)) {\n const thumbprintValue = {\n throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])),\n error: response.body.error,\n errorCodes: response.body.error_codes,\n errorMessage: response.body.error_description,\n subError: response.body.suberror,\n };\n cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);\n }\n }\n /**\n * Checks a NetworkResponse object's status codes against 429 or 5xx\n * @param response\n */\n static checkResponseStatus(response) {\n return (response.status === 429 ||\n (response.status >= 500 && response.status < 600));\n }\n /**\n * Checks a NetworkResponse object's RetryAfter header\n * @param response\n */\n static checkResponseForRetryAfter(response) {\n if (response.headers) {\n return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) &&\n (response.status < 200 || response.status >= 300));\n }\n return false;\n }\n /**\n * Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.\n * @param throttleTime\n */\n static calculateThrottleTime(throttleTime) {\n const time = throttleTime <= 0 ? 0 : throttleTime;\n const currentSeconds = Date.now() / 1000;\n return Math.floor(Math.min(currentSeconds +\n (time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds +\n ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000);\n }\n static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {\n const thumbprint = {\n clientId: clientId,\n authority: request.authority,\n scopes: request.scopes,\n homeAccountIdentifier: homeAccountIdentifier,\n claims: request.claims,\n authenticationScheme: request.authenticationScheme,\n resourceRequestMethod: request.resourceRequestMethod,\n resourceRequestUri: request.resourceRequestUri,\n shrClaims: request.shrClaims,\n sshKid: request.sshKid,\n };\n const key = this.generateThrottlingStorageKey(thumbprint);\n cacheManager.removeItem(key);\n }\n}\n\nexport { ThrottlingUtils };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { ThrottlingUtils } from './ThrottlingUtils.mjs';\nimport { AuthError } from '../error/AuthError.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { networkError } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/** @internal */\nclass NetworkManager {\n constructor(networkClient, cacheManager) {\n this.networkClient = networkClient;\n this.cacheManager = cacheManager;\n }\n /**\n * Wraps sendPostRequestAsync with necessary preflight and postflight logic\n * @param thumbprint\n * @param tokenEndpoint\n * @param options\n */\n async sendPostRequest(thumbprint, tokenEndpoint, options) {\n ThrottlingUtils.preProcess(this.cacheManager, thumbprint);\n let response;\n try {\n response = await this.networkClient.sendPostRequestAsync(tokenEndpoint, options);\n }\n catch (e) {\n if (e instanceof AuthError) {\n throw e;\n }\n else {\n throw createClientAuthError(networkError);\n }\n }\n ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);\n return response;\n }\n}\n\nexport { NetworkManager };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst CcsCredentialType = {\n HOME_ACCOUNT_ID: \"home_account_id\",\n UPN: \"UPN\",\n};\n\nexport { CcsCredentialType };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst CLIENT_ID = \"client_id\";\nconst REDIRECT_URI = \"redirect_uri\";\nconst RESPONSE_TYPE = \"response_type\";\nconst RESPONSE_MODE = \"response_mode\";\nconst GRANT_TYPE = \"grant_type\";\nconst CLAIMS = \"claims\";\nconst SCOPE = \"scope\";\nconst ERROR = \"error\";\nconst ERROR_DESCRIPTION = \"error_description\";\nconst ACCESS_TOKEN = \"access_token\";\nconst ID_TOKEN = \"id_token\";\nconst REFRESH_TOKEN = \"refresh_token\";\nconst EXPIRES_IN = \"expires_in\";\nconst REFRESH_TOKEN_EXPIRES_IN = \"refresh_token_expires_in\";\nconst STATE = \"state\";\nconst NONCE = \"nonce\";\nconst PROMPT = \"prompt\";\nconst SESSION_STATE = \"session_state\";\nconst CLIENT_INFO = \"client_info\";\nconst CODE = \"code\";\nconst CODE_CHALLENGE = \"code_challenge\";\nconst CODE_CHALLENGE_METHOD = \"code_challenge_method\";\nconst CODE_VERIFIER = \"code_verifier\";\nconst CLIENT_REQUEST_ID = \"client-request-id\";\nconst X_CLIENT_SKU = \"x-client-SKU\";\nconst X_CLIENT_VER = \"x-client-VER\";\nconst X_CLIENT_OS = \"x-client-OS\";\nconst X_CLIENT_CPU = \"x-client-CPU\";\nconst X_CLIENT_CURR_TELEM = \"x-client-current-telemetry\";\nconst X_CLIENT_LAST_TELEM = \"x-client-last-telemetry\";\nconst X_MS_LIB_CAPABILITY = \"x-ms-lib-capability\";\nconst X_APP_NAME = \"x-app-name\";\nconst X_APP_VER = \"x-app-ver\";\nconst POST_LOGOUT_URI = \"post_logout_redirect_uri\";\nconst ID_TOKEN_HINT = \"id_token_hint\";\nconst DEVICE_CODE = \"device_code\";\nconst CLIENT_SECRET = \"client_secret\";\nconst CLIENT_ASSERTION = \"client_assertion\";\nconst CLIENT_ASSERTION_TYPE = \"client_assertion_type\";\nconst TOKEN_TYPE = \"token_type\";\nconst REQ_CNF = \"req_cnf\";\nconst OBO_ASSERTION = \"assertion\";\nconst REQUESTED_TOKEN_USE = \"requested_token_use\";\nconst ON_BEHALF_OF = \"on_behalf_of\";\nconst FOCI = \"foci\";\nconst CCS_HEADER = \"X-AnchorMailbox\";\nconst RETURN_SPA_CODE = \"return_spa_code\";\nconst NATIVE_BROKER = \"nativebroker\";\nconst LOGOUT_HINT = \"logout_hint\";\nconst SID = \"sid\";\nconst LOGIN_HINT = \"login_hint\";\nconst DOMAIN_HINT = \"domain_hint\";\n\nexport { ACCESS_TOKEN, CCS_HEADER, CLAIMS, CLIENT_ASSERTION, CLIENT_ASSERTION_TYPE, CLIENT_ID, CLIENT_INFO, CLIENT_REQUEST_ID, CLIENT_SECRET, CODE, CODE_CHALLENGE, CODE_CHALLENGE_METHOD, CODE_VERIFIER, DEVICE_CODE, DOMAIN_HINT, ERROR, ERROR_DESCRIPTION, EXPIRES_IN, FOCI, GRANT_TYPE, ID_TOKEN, ID_TOKEN_HINT, LOGIN_HINT, LOGOUT_HINT, NATIVE_BROKER, NONCE, OBO_ASSERTION, ON_BEHALF_OF, POST_LOGOUT_URI, PROMPT, REDIRECT_URI, REFRESH_TOKEN, REFRESH_TOKEN_EXPIRES_IN, REQUESTED_TOKEN_USE, REQ_CNF, RESPONSE_MODE, RESPONSE_TYPE, RETURN_SPA_CODE, SCOPE, SESSION_STATE, SID, STATE, TOKEN_TYPE, X_APP_NAME, X_APP_VER, X_CLIENT_CPU, X_CLIENT_CURR_TELEM, X_CLIENT_LAST_TELEM, X_CLIENT_OS, X_CLIENT_SKU, X_CLIENT_VER, X_MS_LIB_CAPABILITY };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { CodeChallengeMethodValues, PromptValue } from '../utils/Constants.mjs';\nimport { redirectUriEmpty, invalidPromptValue, invalidClaims, pkceParamsMissing, invalidCodeChallengeMethod } from '../error/ClientConfigurationErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Validates server consumable params from the \"request\" objects\n */\nclass RequestValidator {\n /**\n * Utility to check if the `redirectUri` in the request is a non-null value\n * @param redirectUri\n */\n static validateRedirectUri(redirectUri) {\n if (!redirectUri) {\n throw createClientConfigurationError(redirectUriEmpty);\n }\n }\n /**\n * Utility to validate prompt sent by the user in the request\n * @param prompt\n */\n static validatePrompt(prompt) {\n const promptValues = [];\n for (const value in PromptValue) {\n promptValues.push(PromptValue[value]);\n }\n if (promptValues.indexOf(prompt) < 0) {\n throw createClientConfigurationError(invalidPromptValue);\n }\n }\n static validateClaims(claims) {\n try {\n JSON.parse(claims);\n }\n catch (e) {\n throw createClientConfigurationError(invalidClaims);\n }\n }\n /**\n * Utility to validate code_challenge and code_challenge_method\n * @param codeChallenge\n * @param codeChallengeMethod\n */\n static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {\n if (!codeChallenge || !codeChallengeMethod) {\n throw createClientConfigurationError(pkceParamsMissing);\n }\n else {\n this.validateCodeChallengeMethod(codeChallengeMethod);\n }\n }\n /**\n * Utility to validate code_challenge_method\n * @param codeChallengeMethod\n */\n static validateCodeChallengeMethod(codeChallengeMethod) {\n if ([\n CodeChallengeMethodValues.PLAIN,\n CodeChallengeMethodValues.S256,\n ].indexOf(codeChallengeMethod) < 0) {\n throw createClientConfigurationError(invalidCodeChallengeMethod);\n }\n }\n /**\n * Removes unnecessary, duplicate, and empty string query parameters from extraQueryParameters\n * @param request\n */\n static sanitizeEQParams(eQParams, queryParams) {\n if (!eQParams) {\n return {};\n }\n // Remove any query parameters already included in SSO params\n queryParams.forEach((_value, key) => {\n if (eQParams[key]) {\n delete eQParams[key];\n }\n });\n // remove empty string parameters\n return Object.fromEntries(Object.entries(eQParams).filter((kv) => kv[1] !== \"\"));\n }\n}\n\nexport { RequestValidator };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Constants, ResponseMode, OIDC_DEFAULT_SCOPES, HeaderNames, CLIENT_INFO, ClaimsRequestKeys, PasswordGrantConstants, AuthenticationScheme, ThrottlingConstants } from '../utils/Constants.mjs';\nimport { RESPONSE_TYPE, RESPONSE_MODE, NATIVE_BROKER, SCOPE, CLIENT_ID, REDIRECT_URI, POST_LOGOUT_URI, ID_TOKEN_HINT, DOMAIN_HINT, LOGIN_HINT, SID, CLAIMS, CLIENT_REQUEST_ID, X_CLIENT_SKU, X_CLIENT_VER, X_CLIENT_OS, X_CLIENT_CPU, X_APP_NAME, X_APP_VER, PROMPT, STATE, NONCE, CODE_CHALLENGE, CODE_CHALLENGE_METHOD, CODE, DEVICE_CODE, REFRESH_TOKEN, CODE_VERIFIER, CLIENT_SECRET, CLIENT_ASSERTION, CLIENT_ASSERTION_TYPE, OBO_ASSERTION, REQUESTED_TOKEN_USE, GRANT_TYPE, TOKEN_TYPE, REQ_CNF, X_CLIENT_CURR_TELEM, X_CLIENT_LAST_TELEM, X_MS_LIB_CAPABILITY, LOGOUT_HINT } from '../constants/AADServerParamKeys.mjs';\nimport { ScopeSet } from './ScopeSet.mjs';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { RequestValidator } from './RequestValidator.mjs';\nimport { pkceParamsMissing, invalidClaims } from '../error/ClientConfigurationErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/** @internal */\nclass RequestParameterBuilder {\n constructor() {\n this.parameters = new Map();\n }\n /**\n * add response_type = code\n */\n addResponseTypeCode() {\n this.parameters.set(RESPONSE_TYPE, encodeURIComponent(Constants.CODE_RESPONSE_TYPE));\n }\n /**\n * add response_type = token id_token\n */\n addResponseTypeForTokenAndIdToken() {\n this.parameters.set(RESPONSE_TYPE, encodeURIComponent(`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`));\n }\n /**\n * add response_mode. defaults to query.\n * @param responseMode\n */\n addResponseMode(responseMode) {\n this.parameters.set(RESPONSE_MODE, encodeURIComponent(responseMode ? responseMode : ResponseMode.QUERY));\n }\n /**\n * Add flag to indicate STS should attempt to use WAM if available\n */\n addNativeBroker() {\n this.parameters.set(NATIVE_BROKER, encodeURIComponent(\"1\"));\n }\n /**\n * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios\n * @param scopeSet\n * @param addOidcScopes\n */\n addScopes(scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {\n // Always add openid to the scopes when adding OIDC scopes\n if (addOidcScopes &&\n !defaultScopes.includes(\"openid\") &&\n !scopes.includes(\"openid\")) {\n defaultScopes.push(\"openid\");\n }\n const requestScopes = addOidcScopes\n ? [...(scopes || []), ...defaultScopes]\n : scopes || [];\n const scopeSet = new ScopeSet(requestScopes);\n this.parameters.set(SCOPE, encodeURIComponent(scopeSet.printScopes()));\n }\n /**\n * add clientId\n * @param clientId\n */\n addClientId(clientId) {\n this.parameters.set(CLIENT_ID, encodeURIComponent(clientId));\n }\n /**\n * add redirect_uri\n * @param redirectUri\n */\n addRedirectUri(redirectUri) {\n RequestValidator.validateRedirectUri(redirectUri);\n this.parameters.set(REDIRECT_URI, encodeURIComponent(redirectUri));\n }\n /**\n * add post logout redirectUri\n * @param redirectUri\n */\n addPostLogoutRedirectUri(redirectUri) {\n RequestValidator.validateRedirectUri(redirectUri);\n this.parameters.set(POST_LOGOUT_URI, encodeURIComponent(redirectUri));\n }\n /**\n * add id_token_hint to logout request\n * @param idTokenHint\n */\n addIdTokenHint(idTokenHint) {\n this.parameters.set(ID_TOKEN_HINT, encodeURIComponent(idTokenHint));\n }\n /**\n * add domain_hint\n * @param domainHint\n */\n addDomainHint(domainHint) {\n this.parameters.set(DOMAIN_HINT, encodeURIComponent(domainHint));\n }\n /**\n * add login_hint\n * @param loginHint\n */\n addLoginHint(loginHint) {\n this.parameters.set(LOGIN_HINT, encodeURIComponent(loginHint));\n }\n /**\n * Adds the CCS (Cache Credential Service) query parameter for login_hint\n * @param loginHint\n */\n addCcsUpn(loginHint) {\n this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`UPN:${loginHint}`));\n }\n /**\n * Adds the CCS (Cache Credential Service) query parameter for account object\n * @param loginHint\n */\n addCcsOid(clientInfo) {\n this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`Oid:${clientInfo.uid}@${clientInfo.utid}`));\n }\n /**\n * add sid\n * @param sid\n */\n addSid(sid) {\n this.parameters.set(SID, encodeURIComponent(sid));\n }\n /**\n * add claims\n * @param claims\n */\n addClaims(claims, clientCapabilities) {\n const mergedClaims = this.addClientCapabilitiesToClaims(claims, clientCapabilities);\n RequestValidator.validateClaims(mergedClaims);\n this.parameters.set(CLAIMS, encodeURIComponent(mergedClaims));\n }\n /**\n * add correlationId\n * @param correlationId\n */\n addCorrelationId(correlationId) {\n this.parameters.set(CLIENT_REQUEST_ID, encodeURIComponent(correlationId));\n }\n /**\n * add library info query params\n * @param libraryInfo\n */\n addLibraryInfo(libraryInfo) {\n // Telemetry Info\n this.parameters.set(X_CLIENT_SKU, libraryInfo.sku);\n this.parameters.set(X_CLIENT_VER, libraryInfo.version);\n if (libraryInfo.os) {\n this.parameters.set(X_CLIENT_OS, libraryInfo.os);\n }\n if (libraryInfo.cpu) {\n this.parameters.set(X_CLIENT_CPU, libraryInfo.cpu);\n }\n }\n /**\n * Add client telemetry parameters\n * @param appTelemetry\n */\n addApplicationTelemetry(appTelemetry) {\n if (appTelemetry?.appName) {\n this.parameters.set(X_APP_NAME, appTelemetry.appName);\n }\n if (appTelemetry?.appVersion) {\n this.parameters.set(X_APP_VER, appTelemetry.appVersion);\n }\n }\n /**\n * add prompt\n * @param prompt\n */\n addPrompt(prompt) {\n RequestValidator.validatePrompt(prompt);\n this.parameters.set(`${PROMPT}`, encodeURIComponent(prompt));\n }\n /**\n * add state\n * @param state\n */\n addState(state) {\n if (state) {\n this.parameters.set(STATE, encodeURIComponent(state));\n }\n }\n /**\n * add nonce\n * @param nonce\n */\n addNonce(nonce) {\n this.parameters.set(NONCE, encodeURIComponent(nonce));\n }\n /**\n * add code_challenge and code_challenge_method\n * - throw if either of them are not passed\n * @param codeChallenge\n * @param codeChallengeMethod\n */\n addCodeChallengeParams(codeChallenge, codeChallengeMethod) {\n RequestValidator.validateCodeChallengeParams(codeChallenge, codeChallengeMethod);\n if (codeChallenge && codeChallengeMethod) {\n this.parameters.set(CODE_CHALLENGE, encodeURIComponent(codeChallenge));\n this.parameters.set(CODE_CHALLENGE_METHOD, encodeURIComponent(codeChallengeMethod));\n }\n else {\n throw createClientConfigurationError(pkceParamsMissing);\n }\n }\n /**\n * add the `authorization_code` passed by the user to exchange for a token\n * @param code\n */\n addAuthorizationCode(code) {\n this.parameters.set(CODE, encodeURIComponent(code));\n }\n /**\n * add the `authorization_code` passed by the user to exchange for a token\n * @param code\n */\n addDeviceCode(code) {\n this.parameters.set(DEVICE_CODE, encodeURIComponent(code));\n }\n /**\n * add the `refreshToken` passed by the user\n * @param refreshToken\n */\n addRefreshToken(refreshToken) {\n this.parameters.set(REFRESH_TOKEN, encodeURIComponent(refreshToken));\n }\n /**\n * add the `code_verifier` passed by the user to exchange for a token\n * @param codeVerifier\n */\n addCodeVerifier(codeVerifier) {\n this.parameters.set(CODE_VERIFIER, encodeURIComponent(codeVerifier));\n }\n /**\n * add client_secret\n * @param clientSecret\n */\n addClientSecret(clientSecret) {\n this.parameters.set(CLIENT_SECRET, encodeURIComponent(clientSecret));\n }\n /**\n * add clientAssertion for confidential client flows\n * @param clientAssertion\n */\n addClientAssertion(clientAssertion) {\n if (clientAssertion) {\n this.parameters.set(CLIENT_ASSERTION, encodeURIComponent(clientAssertion));\n }\n }\n /**\n * add clientAssertionType for confidential client flows\n * @param clientAssertionType\n */\n addClientAssertionType(clientAssertionType) {\n if (clientAssertionType) {\n this.parameters.set(CLIENT_ASSERTION_TYPE, encodeURIComponent(clientAssertionType));\n }\n }\n /**\n * add OBO assertion for confidential client flows\n * @param clientAssertion\n */\n addOboAssertion(oboAssertion) {\n this.parameters.set(OBO_ASSERTION, encodeURIComponent(oboAssertion));\n }\n /**\n * add grant type\n * @param grantType\n */\n addRequestTokenUse(tokenUse) {\n this.parameters.set(REQUESTED_TOKEN_USE, encodeURIComponent(tokenUse));\n }\n /**\n * add grant type\n * @param grantType\n */\n addGrantType(grantType) {\n this.parameters.set(GRANT_TYPE, encodeURIComponent(grantType));\n }\n /**\n * add client info\n *\n */\n addClientInfo() {\n this.parameters.set(CLIENT_INFO, \"1\");\n }\n /**\n * add extraQueryParams\n * @param eQParams\n */\n addExtraQueryParameters(eQParams) {\n const sanitizedEQParams = RequestValidator.sanitizeEQParams(eQParams, this.parameters);\n Object.keys(sanitizedEQParams).forEach((key) => {\n this.parameters.set(key, eQParams[key]);\n });\n }\n addClientCapabilitiesToClaims(claims, clientCapabilities) {\n let mergedClaims;\n // Parse provided claims into JSON object or initialize empty object\n if (!claims) {\n mergedClaims = {};\n }\n else {\n try {\n mergedClaims = JSON.parse(claims);\n }\n catch (e) {\n throw createClientConfigurationError(invalidClaims);\n }\n }\n if (clientCapabilities && clientCapabilities.length > 0) {\n if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {\n // Add access_token key to claims object\n mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};\n }\n // Add xms_cc claim with provided clientCapabilities to access_token key\n mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] = {\n values: clientCapabilities,\n };\n }\n return JSON.stringify(mergedClaims);\n }\n /**\n * adds `username` for Password Grant flow\n * @param username\n */\n addUsername(username) {\n this.parameters.set(PasswordGrantConstants.username, encodeURIComponent(username));\n }\n /**\n * adds `password` for Password Grant flow\n * @param password\n */\n addPassword(password) {\n this.parameters.set(PasswordGrantConstants.password, encodeURIComponent(password));\n }\n /**\n * add pop_jwk to query params\n * @param cnfString\n */\n addPopToken(cnfString) {\n if (cnfString) {\n this.parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);\n this.parameters.set(REQ_CNF, encodeURIComponent(cnfString));\n }\n }\n /**\n * add SSH JWK and key ID to query params\n */\n addSshJwk(sshJwkString) {\n if (sshJwkString) {\n this.parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);\n this.parameters.set(REQ_CNF, encodeURIComponent(sshJwkString));\n }\n }\n /**\n * add server telemetry fields\n * @param serverTelemetryManager\n */\n addServerTelemetry(serverTelemetryManager) {\n this.parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());\n this.parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());\n }\n /**\n * Adds parameter that indicates to the server that throttling is supported\n */\n addThrottling() {\n this.parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);\n }\n /**\n * Adds logout_hint parameter for \"silent\" logout which prevent server account picker\n */\n addLogoutHint(logoutHint) {\n this.parameters.set(LOGOUT_HINT, encodeURIComponent(logoutHint));\n }\n /**\n * Utility to create a URL from the params map\n */\n createQueryString() {\n const queryParameterArray = new Array();\n this.parameters.forEach((value, key) => {\n queryParameterArray.push(`${key}=${value}`);\n });\n return queryParameterArray.join(\"&\");\n }\n}\n\nexport { RequestParameterBuilder };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Authority, formatAuthorityUri } from './Authority.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { invokeAsync } from '../utils/FunctionWrappers.mjs';\nimport { endpointResolutionError } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Create an authority object of the correct type based on the url\n * Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs)\n *\n * Also performs endpoint discovery.\n *\n * @param authorityUri\n * @param networkClient\n * @param protocolMode\n * @internal\n */\nasync function createDiscoveredInstance(authorityUri, networkClient, cacheManager, authorityOptions, logger, correlationId, performanceClient) {\n performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, correlationId);\n const authorityUriFinal = Authority.transformCIAMAuthority(formatAuthorityUri(authorityUri));\n // Initialize authority and perform discovery endpoint check.\n const acquireTokenAuthority = new Authority(authorityUriFinal, networkClient, cacheManager, authorityOptions, logger, correlationId, performanceClient);\n try {\n await invokeAsync(acquireTokenAuthority.resolveEndpointsAsync.bind(acquireTokenAuthority), PerformanceEvents.AuthorityResolveEndpointsAsync, logger, performanceClient, correlationId)();\n return acquireTokenAuthority;\n }\n catch (e) {\n throw createClientAuthError(endpointResolutionError);\n }\n}\n\nexport { createDiscoveredInstance };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { buildClientConfiguration } from '../config/ClientConfiguration.mjs';\nimport { NetworkManager } from '../network/NetworkManager.mjs';\nimport { Logger } from '../logger/Logger.mjs';\nimport { HeaderNames, Constants } from '../utils/Constants.mjs';\nimport { name, version } from '../packageMetadata.mjs';\nimport { CcsCredentialType } from '../account/CcsCredential.mjs';\nimport { buildClientInfoFromHomeAccountId } from '../account/ClientInfo.mjs';\nimport { RequestParameterBuilder } from '../request/RequestParameterBuilder.mjs';\nimport { createDiscoveredInstance } from '../authority/AuthorityFactory.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Base application class which will construct requests to send to and handle responses from the Microsoft STS using the authorization code flow.\n * @internal\n */\nclass BaseClient {\n constructor(configuration, performanceClient) {\n // Set the configuration\n this.config = buildClientConfiguration(configuration);\n // Initialize the logger\n this.logger = new Logger(this.config.loggerOptions, name, version);\n // Initialize crypto\n this.cryptoUtils = this.config.cryptoInterface;\n // Initialize storage interface\n this.cacheManager = this.config.storageInterface;\n // Set the network interface\n this.networkClient = this.config.networkInterface;\n // Set the NetworkManager\n this.networkManager = new NetworkManager(this.networkClient, this.cacheManager);\n // Set TelemetryManager\n this.serverTelemetryManager = this.config.serverTelemetryManager;\n // set Authority\n this.authority = this.config.authOptions.authority;\n // set performance telemetry client\n this.performanceClient = performanceClient;\n }\n /**\n * Creates default headers for requests to token endpoint\n */\n createTokenRequestHeaders(ccsCred) {\n const headers = {};\n headers[HeaderNames.CONTENT_TYPE] = Constants.URL_FORM_CONTENT_TYPE;\n if (!this.config.systemOptions.preventCorsPreflight && ccsCred) {\n switch (ccsCred.type) {\n case CcsCredentialType.HOME_ACCOUNT_ID:\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);\n headers[HeaderNames.CCS_HEADER] = `Oid:${clientInfo.uid}@${clientInfo.utid}`;\n }\n catch (e) {\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" +\n e);\n }\n break;\n case CcsCredentialType.UPN:\n headers[HeaderNames.CCS_HEADER] = `UPN: ${ccsCred.credential}`;\n break;\n }\n }\n return headers;\n }\n /**\n * Http post to token endpoint\n * @param tokenEndpoint\n * @param queryString\n * @param headers\n * @param thumbprint\n */\n async executePostToTokenEndpoint(tokenEndpoint, queryString, headers, thumbprint, correlationId, queuedEvent) {\n if (queuedEvent) {\n this.performanceClient?.addQueueMeasurement(queuedEvent, correlationId);\n }\n const response = await this.networkManager.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers });\n this.performanceClient?.addFields({\n refreshTokenSize: response.body.refresh_token?.length || 0,\n httpVerToken: response.headers?.[HeaderNames.X_MS_HTTP_VERSION] || \"\",\n }, correlationId);\n if (this.config.serverTelemetryManager &&\n response.status < 500 &&\n response.status !== 429) {\n // Telemetry data successfully logged by server, clear Telemetry cache\n this.config.serverTelemetryManager.clearTelemetryCache();\n }\n return response;\n }\n /**\n * Updates the authority object of the client. Endpoint discovery must be completed.\n * @param updatedAuthority\n */\n async updateAuthority(cloudInstanceHostname, correlationId) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.UpdateTokenEndpointAuthority, correlationId);\n const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`;\n const cloudInstanceAuthority = await createDiscoveredInstance(cloudInstanceAuthorityUri, this.networkClient, this.cacheManager, this.authority.options, this.logger, correlationId, this.performanceClient);\n this.authority = cloudInstanceAuthority;\n }\n /**\n * Creates query string for the /token request\n * @param request\n */\n createTokenQueryParameters(request) {\n const parameterBuilder = new RequestParameterBuilder();\n if (request.tokenQueryParameters) {\n parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters);\n }\n return parameterBuilder.createQueryString();\n }\n}\n\nexport { BaseClient };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/** @internal */\nclass CacheRecord {\n constructor(accountEntity, idTokenEntity, accessTokenEntity, refreshTokenEntity, appMetadataEntity) {\n this.account = accountEntity || null;\n this.idToken = idTokenEntity || null;\n this.accessToken = accessTokenEntity || null;\n this.refreshToken = refreshTokenEntity || null;\n this.appMetadata = appMetadataEntity || null;\n }\n}\n\nexport { CacheRecord };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { Constants } from './Constants.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { noCryptoObject, invalidState } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Class which provides helpers for OAuth 2.0 protocol specific values\n */\nclass ProtocolUtils {\n /**\n * Appends user state with random guid, or returns random guid.\n * @param userState\n * @param randomGuid\n */\n static setRequestState(cryptoObj, userState, meta) {\n const libraryState = ProtocolUtils.generateLibraryState(cryptoObj, meta);\n return userState\n ? `${libraryState}${Constants.RESOURCE_DELIM}${userState}`\n : libraryState;\n }\n /**\n * Generates the state value used by the common library.\n * @param randomGuid\n * @param cryptoObj\n */\n static generateLibraryState(cryptoObj, meta) {\n if (!cryptoObj) {\n throw createClientAuthError(noCryptoObject);\n }\n // Create a state object containing a unique id and the timestamp of the request creation\n const stateObj = {\n id: cryptoObj.createNewGuid(),\n };\n if (meta) {\n stateObj.meta = meta;\n }\n const stateString = JSON.stringify(stateObj);\n return cryptoObj.base64Encode(stateString);\n }\n /**\n * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.\n * @param state\n * @param cryptoObj\n */\n static parseRequestState(cryptoObj, state) {\n if (!cryptoObj) {\n throw createClientAuthError(noCryptoObject);\n }\n if (!state) {\n throw createClientAuthError(invalidState);\n }\n try {\n // Split the state between library state and user passed state and decode them separately\n const splitState = state.split(Constants.RESOURCE_DELIM);\n const libraryState = splitState[0];\n const userState = splitState.length > 1\n ? splitState.slice(1).join(Constants.RESOURCE_DELIM)\n : Constants.EMPTY_STRING;\n const libraryStateString = cryptoObj.base64Decode(libraryState);\n const libraryStateObj = JSON.parse(libraryStateString);\n return {\n userRequestState: userState || Constants.EMPTY_STRING,\n libraryState: libraryStateObj,\n };\n }\n catch (e) {\n throw createClientAuthError(invalidState);\n }\n }\n}\n\nexport { ProtocolUtils };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { nowSeconds } from '../utils/TimeUtils.mjs';\nimport { UrlString } from '../url/UrlString.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { invokeAsync } from '../utils/FunctionWrappers.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst KeyLocation = {\n SW: \"sw\",\n UHW: \"uhw\",\n};\n/** @internal */\nclass PopTokenGenerator {\n constructor(cryptoUtils, performanceClient) {\n this.cryptoUtils = cryptoUtils;\n this.performanceClient = performanceClient;\n }\n /**\n * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters\n * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash\n * @param request\n * @returns\n */\n async generateCnf(request, logger) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.PopTokenGenerateCnf, request.correlationId);\n const reqCnf = await invokeAsync(this.generateKid.bind(this), PerformanceEvents.PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);\n const reqCnfString = this.cryptoUtils.base64Encode(JSON.stringify(reqCnf));\n return {\n kid: reqCnf.kid,\n reqCnfString,\n reqCnfHash: await this.cryptoUtils.hashString(reqCnfString),\n };\n }\n /**\n * Generates key_id for a SHR token request\n * @param request\n * @returns\n */\n async generateKid(request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.PopTokenGenerateKid, request.correlationId);\n const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);\n return {\n kid: kidThumbprint,\n xms_ksl: KeyLocation.SW,\n };\n }\n /**\n * Signs the POP access_token with the local generated key-pair\n * @param accessToken\n * @param request\n * @returns\n */\n async signPopToken(accessToken, keyId, request) {\n return this.signPayload(accessToken, keyId, request);\n }\n /**\n * Utility function to generate the signed JWT for an access_token\n * @param payload\n * @param kid\n * @param request\n * @param claims\n * @returns\n */\n async signPayload(payload, keyId, request, claims) {\n // Deconstruct request to extract SHR parameters\n const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;\n const resourceUrlString = resourceRequestUri\n ? new UrlString(resourceRequestUri)\n : undefined;\n const resourceUrlComponents = resourceUrlString?.getUrlComponents();\n return this.cryptoUtils.signJwt({\n at: payload,\n ts: nowSeconds(),\n m: resourceRequestMethod?.toUpperCase(),\n u: resourceUrlComponents?.HostNameAndPort,\n nonce: shrNonce || this.cryptoUtils.createNewGuid(),\n p: resourceUrlComponents?.AbsolutePath,\n q: resourceUrlComponents?.QueryString\n ? [[], resourceUrlComponents.QueryString]\n : undefined,\n client_claims: shrClaims || undefined,\n ...claims,\n }, keyId, shrOptions, request.correlationId);\n }\n}\n\nexport { PopTokenGenerator };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * This class instance helps track the memory changes facilitating\n * decisions to read from and write to the persistent cache\n */ class TokenCacheContext {\n constructor(tokenCache, hasChanged) {\n this.cache = tokenCache;\n this.hasChanged = hasChanged;\n }\n /**\n * boolean which indicates the changes in cache\n */\n get cacheHasChanged() {\n return this.hasChanged;\n }\n /**\n * function to retrieve the token cache\n */\n get tokenCache() {\n return this.cache;\n }\n}\n\nexport { TokenCacheContext };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { ServerError } from '../error/ServerError.mjs';\nimport { ScopeSet } from '../request/ScopeSet.mjs';\nimport { AccountEntity } from '../cache/entities/AccountEntity.mjs';\nimport { isInteractionRequiredError, InteractionRequiredAuthError } from '../error/InteractionRequiredAuthError.mjs';\nimport { CacheRecord } from '../cache/entities/CacheRecord.mjs';\nimport { ProtocolUtils } from '../utils/ProtocolUtils.mjs';\nimport { HttpStatus, Constants, AuthenticationScheme, THE_FAMILY_ID } from '../utils/Constants.mjs';\nimport { PopTokenGenerator } from '../crypto/PopTokenGenerator.mjs';\nimport { TokenCacheContext } from '../cache/persistence/TokenCacheContext.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { extractTokenClaims, checkMaxAge } from '../account/AuthToken.mjs';\nimport { getTenantIdFromIdTokenClaims } from '../account/TokenClaims.mjs';\nimport { updateAccountTenantProfileData, buildTenantProfileFromIdTokenClaims } from '../account/AccountInfo.mjs';\nimport { createAccessTokenEntity, createRefreshTokenEntity, createIdTokenEntity } from '../cache/utils/CacheHelpers.mjs';\nimport { stateNotFound, invalidState, stateMismatch, nonceMismatch, authTimeNotFound, invalidCacheEnvironment, keyIdMissing } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Class that handles response parsing.\n * @internal\n */\nclass ResponseHandler {\n constructor(clientId, cacheStorage, cryptoObj, logger, serializableCache, persistencePlugin, performanceClient) {\n this.clientId = clientId;\n this.cacheStorage = cacheStorage;\n this.cryptoObj = cryptoObj;\n this.logger = logger;\n this.serializableCache = serializableCache;\n this.persistencePlugin = persistencePlugin;\n this.performanceClient = performanceClient;\n }\n /**\n * Function which validates server authorization code response.\n * @param serverResponseHash\n * @param requestState\n * @param cryptoObj\n */\n validateServerAuthorizationCodeResponse(serverResponse, requestState) {\n if (!serverResponse.state || !requestState) {\n throw serverResponse.state\n ? createClientAuthError(stateNotFound, \"Cached State\")\n : createClientAuthError(stateNotFound, \"Server State\");\n }\n let decodedServerResponseState;\n let decodedRequestState;\n try {\n decodedServerResponseState = decodeURIComponent(serverResponse.state);\n }\n catch (e) {\n throw createClientAuthError(invalidState, serverResponse.state);\n }\n try {\n decodedRequestState = decodeURIComponent(requestState);\n }\n catch (e) {\n throw createClientAuthError(invalidState, serverResponse.state);\n }\n if (decodedServerResponseState !== decodedRequestState) {\n throw createClientAuthError(stateMismatch);\n }\n // Check for error\n if (serverResponse.error ||\n serverResponse.error_description ||\n serverResponse.suberror) {\n if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {\n throw new InteractionRequiredAuthError(serverResponse.error || \"\", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || \"\", serverResponse.trace_id || \"\", serverResponse.correlation_id || \"\", serverResponse.claims || \"\");\n }\n throw new ServerError(serverResponse.error || \"\", serverResponse.error_description, serverResponse.suberror);\n }\n }\n /**\n * Function which validates server authorization token response.\n * @param serverResponse\n * @param refreshAccessToken\n */\n validateTokenResponse(serverResponse, refreshAccessToken) {\n // Check for error\n if (serverResponse.error ||\n serverResponse.error_description ||\n serverResponse.suberror) {\n const errString = `${serverResponse.error_codes} - [${serverResponse.timestamp}]: ${serverResponse.error_description} - Correlation ID: ${serverResponse.correlation_id} - Trace ID: ${serverResponse.trace_id}`;\n const serverError = new ServerError(serverResponse.error, errString, serverResponse.suberror);\n // check if 500 error\n if (refreshAccessToken &&\n serverResponse.status &&\n serverResponse.status >= HttpStatus.SERVER_ERROR_RANGE_START &&\n serverResponse.status <= HttpStatus.SERVER_ERROR_RANGE_END) {\n this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.\\n${serverError}`);\n // don't throw an exception, but alert the user via a log that the token was unable to be refreshed\n return;\n // check if 400 error\n }\n else if (refreshAccessToken &&\n serverResponse.status &&\n serverResponse.status >= HttpStatus.CLIENT_ERROR_RANGE_START &&\n serverResponse.status <= HttpStatus.CLIENT_ERROR_RANGE_END) {\n this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.\\n${serverError}`);\n // don't throw an exception, but alert the user via a log that the token was unable to be refreshed\n return;\n }\n if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {\n throw new InteractionRequiredAuthError(serverResponse.error, serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || Constants.EMPTY_STRING, serverResponse.trace_id || Constants.EMPTY_STRING, serverResponse.correlation_id || Constants.EMPTY_STRING, serverResponse.claims || Constants.EMPTY_STRING);\n }\n throw serverError;\n }\n }\n /**\n * Returns a constructed token response based on given string. Also manages the cache updates and cleanups.\n * @param serverTokenResponse\n * @param authority\n */\n async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id);\n // create an idToken object (not entity)\n let idTokenClaims;\n if (serverTokenResponse.id_token) {\n idTokenClaims = extractTokenClaims(serverTokenResponse.id_token || Constants.EMPTY_STRING, this.cryptoObj.base64Decode);\n // token nonce check (TODO: Add a warning if no nonce is given?)\n if (authCodePayload && authCodePayload.nonce) {\n if (idTokenClaims.nonce !== authCodePayload.nonce) {\n throw createClientAuthError(nonceMismatch);\n }\n }\n // token max_age check\n if (request.maxAge || request.maxAge === 0) {\n const authTime = idTokenClaims.auth_time;\n if (!authTime) {\n throw createClientAuthError(authTimeNotFound);\n }\n checkMaxAge(authTime, request.maxAge);\n }\n }\n // generate homeAccountId\n this.homeAccountIdentifier = AccountEntity.generateHomeAccountId(serverTokenResponse.client_info || Constants.EMPTY_STRING, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims);\n // save the response tokens\n let requestStateObj;\n if (!!authCodePayload && !!authCodePayload.state) {\n requestStateObj = ProtocolUtils.parseRequestState(this.cryptoObj, authCodePayload.state);\n }\n // Add keyId from request to serverTokenResponse if defined\n serverTokenResponse.key_id =\n serverTokenResponse.key_id || request.sshKid || undefined;\n const cacheRecord = this.generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload);\n let cacheContext;\n try {\n if (this.persistencePlugin && this.serializableCache) {\n this.logger.verbose(\"Persistence enabled, calling beforeCacheAccess\");\n cacheContext = new TokenCacheContext(this.serializableCache, true);\n await this.persistencePlugin.beforeCacheAccess(cacheContext);\n }\n /*\n * When saving a refreshed tokens to the cache, it is expected that the account that was used is present in the cache.\n * If not present, we should return null, as it's the case that another application called removeAccount in between\n * the calls to getAllAccounts and acquireTokenSilent. We should not overwrite that removal, unless explicitly flagged by\n * the developer, as in the case of refresh token flow used in ADAL Node to MSAL Node migration.\n */\n if (handlingRefreshTokenResponse &&\n !forceCacheRefreshTokenResponse &&\n cacheRecord.account) {\n const key = cacheRecord.account.generateAccountKey();\n const account = this.cacheStorage.getAccount(key, this.logger);\n if (!account) {\n this.logger.warning(\"Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache\");\n return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);\n }\n }\n await this.cacheStorage.saveCacheRecord(cacheRecord, request.storeInCache);\n }\n finally {\n if (this.persistencePlugin &&\n this.serializableCache &&\n cacheContext) {\n this.logger.verbose(\"Persistence enabled, calling afterCacheAccess\");\n await this.persistencePlugin.afterCacheAccess(cacheContext);\n }\n }\n return ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, serverTokenResponse, serverRequestId);\n }\n /**\n * Generates CacheRecord\n * @param serverTokenResponse\n * @param idTokenObj\n * @param authority\n */\n generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload) {\n const env = authority.getPreferredCache();\n if (!env) {\n throw createClientAuthError(invalidCacheEnvironment);\n }\n const claimsTenantId = getTenantIdFromIdTokenClaims(idTokenClaims);\n // IdToken: non AAD scenarios can have empty realm\n let cachedIdToken;\n let cachedAccount;\n if (serverTokenResponse.id_token && !!idTokenClaims) {\n cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || \"\");\n cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, idTokenClaims, this.cryptoObj.base64Decode, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId\n this.logger);\n }\n // AccessToken\n let cachedAccessToken = null;\n if (serverTokenResponse.access_token) {\n // If scopes not returned in server response, use request scopes\n const responseScopes = serverTokenResponse.scope\n ? ScopeSet.fromString(serverTokenResponse.scope)\n : new ScopeSet(request.scopes || []);\n /*\n * Use timestamp calculated before request\n * Server may return timestamps as strings, parse to numbers if so.\n */\n const expiresIn = (typeof serverTokenResponse.expires_in === \"string\"\n ? parseInt(serverTokenResponse.expires_in, 10)\n : serverTokenResponse.expires_in) || 0;\n const extExpiresIn = (typeof serverTokenResponse.ext_expires_in === \"string\"\n ? parseInt(serverTokenResponse.ext_expires_in, 10)\n : serverTokenResponse.ext_expires_in) || 0;\n const refreshIn = (typeof serverTokenResponse.refresh_in === \"string\"\n ? parseInt(serverTokenResponse.refresh_in, 10)\n : serverTokenResponse.refresh_in) || undefined;\n const tokenExpirationSeconds = reqTimestamp + expiresIn;\n const extendedTokenExpirationSeconds = tokenExpirationSeconds + extExpiresIn;\n const refreshOnSeconds = refreshIn && refreshIn > 0\n ? reqTimestamp + refreshIn\n : undefined;\n // non AAD scenarios can have empty realm\n cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || \"\", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id, request.claims, request.requestedClaimsHash);\n }\n // refreshToken\n let cachedRefreshToken = null;\n if (serverTokenResponse.refresh_token) {\n let rtExpiresOn;\n if (serverTokenResponse.refresh_token_expires_in) {\n const rtExpiresIn = typeof serverTokenResponse.refresh_token_expires_in ===\n \"string\"\n ? parseInt(serverTokenResponse.refresh_token_expires_in, 10)\n : serverTokenResponse.refresh_token_expires_in;\n rtExpiresOn = reqTimestamp + rtExpiresIn;\n }\n cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn);\n }\n // appMetadata\n let cachedAppMetadata = null;\n if (serverTokenResponse.foci) {\n cachedAppMetadata = {\n clientId: this.clientId,\n environment: env,\n familyId: serverTokenResponse.foci,\n };\n }\n return new CacheRecord(cachedAccount, cachedIdToken, cachedAccessToken, cachedRefreshToken, cachedAppMetadata);\n }\n /**\n * Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache.\n *\n * Optionally takes a state string that is set as-is in the response.\n *\n * @param cacheRecord\n * @param idTokenObj\n * @param fromTokenCache\n * @param stateString\n */\n static async generateAuthenticationResult(cryptoObj, authority, cacheRecord, fromTokenCache, request, idTokenClaims, requestState, serverTokenResponse, requestId) {\n let accessToken = Constants.EMPTY_STRING;\n let responseScopes = [];\n let expiresOn = null;\n let extExpiresOn;\n let refreshOn;\n let familyId = Constants.EMPTY_STRING;\n if (cacheRecord.accessToken) {\n if (cacheRecord.accessToken.tokenType === AuthenticationScheme.POP) {\n const popTokenGenerator = new PopTokenGenerator(cryptoObj);\n const { secret, keyId } = cacheRecord.accessToken;\n if (!keyId) {\n throw createClientAuthError(keyIdMissing);\n }\n accessToken = await popTokenGenerator.signPopToken(secret, keyId, request);\n }\n else {\n accessToken = cacheRecord.accessToken.secret;\n }\n responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray();\n expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000);\n extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000);\n if (cacheRecord.accessToken.refreshOn) {\n refreshOn = new Date(Number(cacheRecord.accessToken.refreshOn) * 1000);\n }\n }\n if (cacheRecord.appMetadata) {\n familyId =\n cacheRecord.appMetadata.familyId === THE_FAMILY_ID\n ? THE_FAMILY_ID\n : \"\";\n }\n const uid = idTokenClaims?.oid || idTokenClaims?.sub || \"\";\n const tid = idTokenClaims?.tid || \"\";\n // for hybrid + native bridge enablement, send back the native account Id\n if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) {\n cacheRecord.account.nativeAccountId =\n serverTokenResponse?.spa_accountid;\n }\n const accountInfo = cacheRecord.account\n ? updateAccountTenantProfileData(cacheRecord.account.getAccountInfo(), undefined, // tenantProfile optional\n idTokenClaims, cacheRecord.idToken?.secret)\n : null;\n return {\n authority: authority.canonicalAuthority,\n uniqueId: uid,\n tenantId: tid,\n scopes: responseScopes,\n account: accountInfo,\n idToken: cacheRecord?.idToken?.secret || \"\",\n idTokenClaims: idTokenClaims || {},\n accessToken: accessToken,\n fromCache: fromTokenCache,\n expiresOn: expiresOn,\n extExpiresOn: extExpiresOn,\n refreshOn: refreshOn,\n correlationId: request.correlationId,\n requestId: requestId || Constants.EMPTY_STRING,\n familyId: familyId,\n tokenType: cacheRecord.accessToken?.tokenType || Constants.EMPTY_STRING,\n state: requestState\n ? requestState.userRequestState\n : Constants.EMPTY_STRING,\n cloudGraphHostName: cacheRecord.account?.cloudGraphHostName ||\n Constants.EMPTY_STRING,\n msGraphHost: cacheRecord.account?.msGraphHost || Constants.EMPTY_STRING,\n code: serverTokenResponse?.spa_code,\n fromNativeBroker: false,\n };\n }\n}\nfunction buildAccountToCache(cacheStorage, authority, homeAccountId, idTokenClaims, base64Decode, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {\n logger?.verbose(\"setCachedAccount called\");\n // Check if base account is already cached\n const accountKeys = cacheStorage.getAccountKeys();\n const baseAccountKey = accountKeys.find((accountKey) => {\n return accountKey.startsWith(homeAccountId);\n });\n let cachedAccount = null;\n if (baseAccountKey) {\n cachedAccount = cacheStorage.getAccount(baseAccountKey, logger);\n }\n const baseAccount = cachedAccount ||\n AccountEntity.createAccount({\n homeAccountId,\n idTokenClaims,\n clientInfo,\n environment,\n cloudGraphHostName: authCodePayload?.cloud_graph_host_name,\n msGraphHost: authCodePayload?.msgraph_host,\n nativeAccountId: nativeAccountId,\n }, authority, base64Decode);\n const tenantProfiles = baseAccount.tenantProfiles || [];\n if (claimsTenantId &&\n !tenantProfiles.find((tenantProfile) => {\n return tenantProfile.tenantId === claimsTenantId;\n })) {\n const newTenantProfile = buildTenantProfileFromIdTokenClaims(homeAccountId, idTokenClaims);\n tenantProfiles.push(newTenantProfile);\n }\n baseAccount.tenantProfiles = tenantProfiles;\n return baseAccount;\n}\n\nexport { ResponseHandler, buildAccountToCache };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { BaseClient } from './BaseClient.mjs';\nimport { RequestParameterBuilder } from '../request/RequestParameterBuilder.mjs';\nimport { Separators, GrantType, AuthenticationScheme, PromptValue, HeaderNames } from '../utils/Constants.mjs';\nimport { CLIENT_ID, RETURN_SPA_CODE } from '../constants/AADServerParamKeys.mjs';\nimport { isOidcProtocolMode } from '../config/ClientConfiguration.mjs';\nimport { ResponseHandler } from '../response/ResponseHandler.mjs';\nimport { StringUtils } from '../utils/StringUtils.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { UrlString } from '../url/UrlString.mjs';\nimport { PopTokenGenerator } from '../crypto/PopTokenGenerator.mjs';\nimport { nowSeconds } from '../utils/TimeUtils.mjs';\nimport { buildClientInfo, buildClientInfoFromHomeAccountId } from '../account/ClientInfo.mjs';\nimport { CcsCredentialType } from '../account/CcsCredential.mjs';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { RequestValidator } from '../request/RequestValidator.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { invokeAsync } from '../utils/FunctionWrappers.mjs';\nimport { requestCannotBeMade, authorizationCodeMissingFromServerResponse } from '../error/ClientAuthErrorCodes.mjs';\nimport { logoutRequestEmpty, missingSshJwk } from '../error/ClientConfigurationErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Oauth2.0 Authorization Code client\n * @internal\n */\nclass AuthorizationCodeClient extends BaseClient {\n constructor(configuration, performanceClient) {\n super(configuration, performanceClient);\n // Flag to indicate if client is for hybrid spa auth code redemption\n this.includeRedirectUri = true;\n this.oidcDefaultScopes =\n this.config.authOptions.authority.options.OIDCOptions?.defaultScopes;\n }\n /**\n * Creates the URL of the authorization request letting the user input credentials and consent to the\n * application. The URL target the /authorize endpoint of the authority configured in the\n * application object.\n *\n * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\n * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\n * acquireToken(AuthorizationCodeRequest)\n * @param request\n */\n async getAuthCodeUrl(request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId);\n const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request);\n return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString);\n }\n /**\n * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the\n * authorization_code_grant\n * @param request\n */\n async acquireToken(request, authCodePayload) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId);\n if (!request.code) {\n throw createClientAuthError(requestCannotBeMade);\n }\n const reqTimestamp = nowSeconds();\n const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.AuthClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(this.authority, request);\n // Retrieve requestId from response headers\n const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID];\n const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient);\n // Validate response. This function throws a server error if an error is returned by the server.\n responseHandler.validateTokenResponse(response.body);\n return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);\n }\n /**\n * Handles the hash fragment response from public client code request. Returns a code response used by\n * the client to exchange for a token in acquireToken.\n * @param hashFragment\n */\n handleFragmentResponse(serverParams, cachedState) {\n // Handle responses.\n const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null);\n // Get code response\n responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState);\n // throw when there is no auth code in the response\n if (!serverParams.code) {\n throw createClientAuthError(authorizationCodeMissingFromServerResponse);\n }\n return serverParams;\n }\n /**\n * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.\n * Default behaviour is to redirect the user to `window.location.href`.\n * @param authorityUri\n */\n getLogoutUri(logoutRequest) {\n // Throw error if logoutRequest is null/undefined\n if (!logoutRequest) {\n throw createClientConfigurationError(logoutRequestEmpty);\n }\n const queryString = this.createLogoutUrlQueryString(logoutRequest);\n // Construct logout URI\n return UrlString.appendQueryString(this.authority.endSessionEndpoint, queryString);\n }\n /**\n * Executes POST request to token endpoint\n * @param authority\n * @param request\n */\n async executeTokenRequest(authority, request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientExecuteTokenRequest, request.correlationId);\n const queryParametersString = this.createTokenQueryParameters(request);\n const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString);\n const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.AuthClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request);\n let ccsCredential = undefined;\n if (request.clientInfo) {\n try {\n const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils.base64Decode);\n ccsCredential = {\n credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`,\n type: CcsCredentialType.HOME_ACCOUNT_ID,\n };\n }\n catch (e) {\n this.logger.verbose(\"Could not parse client info for CCS Header: \" + e);\n }\n }\n const headers = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential);\n const thumbprint = {\n clientId: request.tokenBodyParameters?.clientId ||\n this.config.authOptions.clientId,\n authority: authority.canonicalAuthority,\n scopes: request.scopes,\n claims: request.claims,\n authenticationScheme: request.authenticationScheme,\n resourceRequestMethod: request.resourceRequestMethod,\n resourceRequestUri: request.resourceRequestUri,\n shrClaims: request.shrClaims,\n sshKid: request.sshKid,\n };\n return invokeAsync(this.executePostToTokenEndpoint.bind(this), PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint, this.logger, this.performanceClient, request.correlationId)(endpoint, requestBody, headers, thumbprint, request.correlationId, PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint);\n }\n /**\n * Generates a map for all the params to be sent to the service\n * @param request\n */\n async createTokenRequestBody(request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);\n const parameterBuilder = new RequestParameterBuilder();\n parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] ||\n this.config.authOptions.clientId);\n /*\n * For hybrid spa flow, there will be a code but no verifier\n * In this scenario, don't include redirect uri as auth code will not be bound to redirect URI\n */\n if (!this.includeRedirectUri) {\n // Just validate\n RequestValidator.validateRedirectUri(request.redirectUri);\n }\n else {\n // Validate and include redirect uri\n parameterBuilder.addRedirectUri(request.redirectUri);\n }\n // Add scope array, parameter builder will add default scopes and dedupe\n parameterBuilder.addScopes(request.scopes, true, this.oidcDefaultScopes);\n // add code: user set, not validated\n parameterBuilder.addAuthorizationCode(request.code);\n // Add library metadata\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\n parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);\n parameterBuilder.addThrottling();\n if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {\n parameterBuilder.addServerTelemetry(this.serverTelemetryManager);\n }\n // add code_verifier if passed\n if (request.codeVerifier) {\n parameterBuilder.addCodeVerifier(request.codeVerifier);\n }\n if (this.config.clientCredentials.clientSecret) {\n parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);\n }\n if (this.config.clientCredentials.clientAssertion) {\n const clientAssertion = this.config.clientCredentials.clientAssertion;\n parameterBuilder.addClientAssertion(clientAssertion.assertion);\n parameterBuilder.addClientAssertionType(clientAssertion.assertionType);\n }\n parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);\n parameterBuilder.addClientInfo();\n if (request.authenticationScheme === AuthenticationScheme.POP) {\n const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);\n const reqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger);\n // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)\n parameterBuilder.addPopToken(reqCnfData.reqCnfString);\n }\n else if (request.authenticationScheme === AuthenticationScheme.SSH) {\n if (request.sshJwk) {\n parameterBuilder.addSshJwk(request.sshJwk);\n }\n else {\n throw createClientConfigurationError(missingSshJwk);\n }\n }\n const correlationId = request.correlationId ||\n this.config.cryptoInterface.createNewGuid();\n parameterBuilder.addCorrelationId(correlationId);\n if (!StringUtils.isEmptyObj(request.claims) ||\n (this.config.authOptions.clientCapabilities &&\n this.config.authOptions.clientCapabilities.length > 0)) {\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\n }\n let ccsCred = undefined;\n if (request.clientInfo) {\n try {\n const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils.base64Decode);\n ccsCred = {\n credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`,\n type: CcsCredentialType.HOME_ACCOUNT_ID,\n };\n }\n catch (e) {\n this.logger.verbose(\"Could not parse client info for CCS Header: \" + e);\n }\n }\n else {\n ccsCred = request.ccsCredential;\n }\n // Adds these as parameters in the request instead of headers to prevent CORS preflight request\n if (this.config.systemOptions.preventCorsPreflight && ccsCred) {\n switch (ccsCred.type) {\n case CcsCredentialType.HOME_ACCOUNT_ID:\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);\n parameterBuilder.addCcsOid(clientInfo);\n }\n catch (e) {\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" +\n e);\n }\n break;\n case CcsCredentialType.UPN:\n parameterBuilder.addCcsUpn(ccsCred.credential);\n break;\n }\n }\n if (request.tokenBodyParameters) {\n parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);\n }\n // Add hybrid spa parameters if not already provided\n if (request.enableSpaAuthorizationCode &&\n (!request.tokenBodyParameters ||\n !request.tokenBodyParameters[RETURN_SPA_CODE])) {\n parameterBuilder.addExtraQueryParameters({\n [RETURN_SPA_CODE]: \"1\",\n });\n }\n return parameterBuilder.createQueryString();\n }\n /**\n * This API validates the `AuthorizationCodeUrlRequest` and creates a URL\n * @param request\n */\n async createAuthCodeUrlQueryString(request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, request.correlationId);\n const parameterBuilder = new RequestParameterBuilder();\n parameterBuilder.addClientId(request.extraQueryParameters?.[CLIENT_ID] ||\n this.config.authOptions.clientId);\n const requestScopes = [\n ...(request.scopes || []),\n ...(request.extraScopesToConsent || []),\n ];\n parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);\n // validate the redirectUri (to be a non null value)\n parameterBuilder.addRedirectUri(request.redirectUri);\n // generate the correlationId if not set by the user and add\n const correlationId = request.correlationId ||\n this.config.cryptoInterface.createNewGuid();\n parameterBuilder.addCorrelationId(correlationId);\n // add response_mode. If not passed in it defaults to query.\n parameterBuilder.addResponseMode(request.responseMode);\n // add response_type = code\n parameterBuilder.addResponseTypeCode();\n // add library info parameters\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\n if (!isOidcProtocolMode(this.config)) {\n parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);\n }\n // add client_info=1\n parameterBuilder.addClientInfo();\n if (request.codeChallenge && request.codeChallengeMethod) {\n parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod);\n }\n if (request.prompt) {\n parameterBuilder.addPrompt(request.prompt);\n }\n if (request.domainHint) {\n parameterBuilder.addDomainHint(request.domainHint);\n }\n // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object\n if (request.prompt !== PromptValue.SELECT_ACCOUNT) {\n // AAD will throw if prompt=select_account is passed with an account hint\n if (request.sid && request.prompt === PromptValue.NONE) {\n // SessionID is only used in silent calls\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is none, adding sid from request\");\n parameterBuilder.addSid(request.sid);\n }\n else if (request.account) {\n const accountSid = this.extractAccountSid(request.account);\n const accountLoginHintClaim = this.extractLoginHint(request.account);\n // If login_hint claim is present, use it over sid/username\n if (accountLoginHintClaim) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: login_hint claim present on account\");\n parameterBuilder.addLoginHint(accountLoginHintClaim);\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\n parameterBuilder.addCcsOid(clientInfo);\n }\n catch (e) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header\");\n }\n }\n else if (accountSid && request.prompt === PromptValue.NONE) {\n /*\n * If account and loginHint are provided, we will check account first for sid before adding loginHint\n * SessionId is only used in silent calls\n */\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is none, adding sid from account\");\n parameterBuilder.addSid(accountSid);\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\n parameterBuilder.addCcsOid(clientInfo);\n }\n catch (e) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header\");\n }\n }\n else if (request.loginHint) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Adding login_hint from request\");\n parameterBuilder.addLoginHint(request.loginHint);\n parameterBuilder.addCcsUpn(request.loginHint);\n }\n else if (request.account.username) {\n // Fallback to account username if provided\n this.logger.verbose(\"createAuthCodeUrlQueryString: Adding login_hint from account\");\n parameterBuilder.addLoginHint(request.account.username);\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\n parameterBuilder.addCcsOid(clientInfo);\n }\n catch (e) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header\");\n }\n }\n }\n else if (request.loginHint) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: No account, adding login_hint from request\");\n parameterBuilder.addLoginHint(request.loginHint);\n parameterBuilder.addCcsUpn(request.loginHint);\n }\n }\n else {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints\");\n }\n if (request.nonce) {\n parameterBuilder.addNonce(request.nonce);\n }\n if (request.state) {\n parameterBuilder.addState(request.state);\n }\n if (request.claims ||\n (this.config.authOptions.clientCapabilities &&\n this.config.authOptions.clientCapabilities.length > 0)) {\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\n }\n if (request.extraQueryParameters) {\n parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);\n }\n if (request.nativeBroker) {\n // signal ests that this is a WAM call\n parameterBuilder.addNativeBroker();\n // pass the req_cnf for POP\n if (request.authenticationScheme === AuthenticationScheme.POP) {\n const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);\n // to reduce the URL length, it is recommended to send the hash of the req_cnf instead of the whole string\n const reqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger);\n parameterBuilder.addPopToken(reqCnfData.reqCnfHash);\n }\n }\n return parameterBuilder.createQueryString();\n }\n /**\n * This API validates the `EndSessionRequest` and creates a URL\n * @param request\n */\n createLogoutUrlQueryString(request) {\n const parameterBuilder = new RequestParameterBuilder();\n if (request.postLogoutRedirectUri) {\n parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);\n }\n if (request.correlationId) {\n parameterBuilder.addCorrelationId(request.correlationId);\n }\n if (request.idTokenHint) {\n parameterBuilder.addIdTokenHint(request.idTokenHint);\n }\n if (request.state) {\n parameterBuilder.addState(request.state);\n }\n if (request.logoutHint) {\n parameterBuilder.addLogoutHint(request.logoutHint);\n }\n if (request.extraQueryParameters) {\n parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);\n }\n return parameterBuilder.createQueryString();\n }\n /**\n * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.\n * @param account\n */\n extractAccountSid(account) {\n return account.idTokenClaims?.sid || null;\n }\n extractLoginHint(account) {\n return account.idTokenClaims?.login_hint || null;\n }\n}\n\nexport { AuthorizationCodeClient };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { isOidcProtocolMode } from '../config/ClientConfiguration.mjs';\nimport { BaseClient } from './BaseClient.mjs';\nimport { RequestParameterBuilder } from '../request/RequestParameterBuilder.mjs';\nimport { GrantType, AuthenticationScheme, HeaderNames, Errors } from '../utils/Constants.mjs';\nimport { CLIENT_ID } from '../constants/AADServerParamKeys.mjs';\nimport { ResponseHandler } from '../response/ResponseHandler.mjs';\nimport { PopTokenGenerator } from '../crypto/PopTokenGenerator.mjs';\nimport { StringUtils } from '../utils/StringUtils.mjs';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { ServerError } from '../error/ServerError.mjs';\nimport { nowSeconds, isTokenExpired } from '../utils/TimeUtils.mjs';\nimport { UrlString } from '../url/UrlString.mjs';\nimport { CcsCredentialType } from '../account/CcsCredential.mjs';\nimport { buildClientInfoFromHomeAccountId } from '../account/ClientInfo.mjs';\nimport { createInteractionRequiredAuthError, InteractionRequiredAuthError } from '../error/InteractionRequiredAuthError.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { invokeAsync, invoke } from '../utils/FunctionWrappers.mjs';\nimport { generateCredentialKey } from '../cache/utils/CacheHelpers.mjs';\nimport { tokenRequestEmpty, missingSshJwk } from '../error/ClientConfigurationErrorCodes.mjs';\nimport { noAccountInSilentRequest } from '../error/ClientAuthErrorCodes.mjs';\nimport { noTokensFound, refreshTokenExpired, badToken } from '../error/InteractionRequiredAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS = 300; // 5 Minutes\n/**\n * OAuth2.0 refresh token client\n * @internal\n */\nclass RefreshTokenClient extends BaseClient {\n constructor(configuration, performanceClient) {\n super(configuration, performanceClient);\n }\n async acquireToken(request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId);\n const reqTimestamp = nowSeconds();\n const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority);\n // Retrieve requestId from response headers\n const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID];\n const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);\n responseHandler.validateTokenResponse(response.body);\n return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, undefined, undefined, true, request.forceCache, requestId);\n }\n /**\n * Gets cached refresh token and attaches to request, then calls acquireToken API\n * @param request\n */\n async acquireTokenByRefreshToken(request) {\n // Cannot renew token if no request object is given.\n if (!request) {\n throw createClientConfigurationError(tokenRequestEmpty);\n }\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, request.correlationId);\n // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases\n if (!request.account) {\n throw createClientAuthError(noAccountInSilentRequest);\n }\n // try checking if FOCI is enabled for the given application\n const isFOCI = this.cacheManager.isAppMetadataFOCI(request.account.environment);\n // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest\n if (isFOCI) {\n try {\n return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true);\n }\n catch (e) {\n const noFamilyRTInCache = e instanceof InteractionRequiredAuthError &&\n e.errorCode ===\n noTokensFound;\n const clientMismatchErrorWithFamilyRT = e instanceof ServerError &&\n e.errorCode === Errors.INVALID_GRANT_ERROR &&\n e.subError === Errors.CLIENT_MISMATCH_ERROR;\n // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)\n if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {\n return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);\n // throw in all other cases\n }\n else {\n throw e;\n }\n }\n }\n // fall back to application refresh token acquisition\n return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);\n }\n /**\n * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached\n * @param request\n */\n async acquireTokenWithCachedRefreshToken(request, foci) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);\n // fetches family RT or application RT based on FOCI value\n const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, undefined, this.performanceClient, request.correlationId);\n if (!refreshToken) {\n throw createInteractionRequiredAuthError(noTokensFound);\n }\n if (refreshToken.expiresOn &&\n isTokenExpired(refreshToken.expiresOn, request.refreshTokenExpirationOffsetSeconds ||\n DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS)) {\n throw createInteractionRequiredAuthError(refreshTokenExpired);\n }\n // attach cached RT size to the current measurement\n const refreshTokenRequest = {\n ...request,\n refreshToken: refreshToken.secret,\n authenticationScheme: request.authenticationScheme || AuthenticationScheme.BEARER,\n ccsCredential: {\n credential: request.account.homeAccountId,\n type: CcsCredentialType.HOME_ACCOUNT_ID,\n },\n };\n try {\n return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest);\n }\n catch (e) {\n if (e instanceof InteractionRequiredAuthError &&\n e.subError === badToken) {\n // Remove bad refresh token from cache\n this.logger.verbose(\"acquireTokenWithRefreshToken: bad refresh token, removing from cache\");\n const badRefreshTokenKey = generateCredentialKey(refreshToken);\n this.cacheManager.removeRefreshToken(badRefreshTokenKey);\n }\n throw e;\n }\n }\n /**\n * Constructs the network message and makes a NW call to the underlying secure token service\n * @param request\n * @param authority\n */\n async executeTokenRequest(request, authority) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientExecuteTokenRequest, request.correlationId);\n const queryParametersString = this.createTokenQueryParameters(request);\n const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString);\n const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request);\n const headers = this.createTokenRequestHeaders(request.ccsCredential);\n const thumbprint = {\n clientId: request.tokenBodyParameters?.clientId ||\n this.config.authOptions.clientId,\n authority: authority.canonicalAuthority,\n scopes: request.scopes,\n claims: request.claims,\n authenticationScheme: request.authenticationScheme,\n resourceRequestMethod: request.resourceRequestMethod,\n resourceRequestUri: request.resourceRequestUri,\n shrClaims: request.shrClaims,\n sshKid: request.sshKid,\n };\n return invokeAsync(this.executePostToTokenEndpoint.bind(this), PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint, this.logger, this.performanceClient, request.correlationId)(endpoint, requestBody, headers, thumbprint, request.correlationId, PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint);\n }\n /**\n * Helper function to create the token request body\n * @param request\n */\n async createTokenRequestBody(request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId);\n const correlationId = request.correlationId;\n const parameterBuilder = new RequestParameterBuilder();\n parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] ||\n this.config.authOptions.clientId);\n if (request.redirectUri) {\n parameterBuilder.addRedirectUri(request.redirectUri);\n }\n parameterBuilder.addScopes(request.scopes, true, this.config.authOptions.authority.options.OIDCOptions?.defaultScopes);\n parameterBuilder.addGrantType(GrantType.REFRESH_TOKEN_GRANT);\n parameterBuilder.addClientInfo();\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\n parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);\n parameterBuilder.addThrottling();\n if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {\n parameterBuilder.addServerTelemetry(this.serverTelemetryManager);\n }\n parameterBuilder.addCorrelationId(correlationId);\n parameterBuilder.addRefreshToken(request.refreshToken);\n if (this.config.clientCredentials.clientSecret) {\n parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);\n }\n if (this.config.clientCredentials.clientAssertion) {\n const clientAssertion = this.config.clientCredentials.clientAssertion;\n parameterBuilder.addClientAssertion(clientAssertion.assertion);\n parameterBuilder.addClientAssertionType(clientAssertion.assertionType);\n }\n if (request.authenticationScheme === AuthenticationScheme.POP) {\n const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);\n const reqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger);\n // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)\n parameterBuilder.addPopToken(reqCnfData.reqCnfString);\n }\n else if (request.authenticationScheme === AuthenticationScheme.SSH) {\n if (request.sshJwk) {\n parameterBuilder.addSshJwk(request.sshJwk);\n }\n else {\n throw createClientConfigurationError(missingSshJwk);\n }\n }\n if (!StringUtils.isEmptyObj(request.claims) ||\n (this.config.authOptions.clientCapabilities &&\n this.config.authOptions.clientCapabilities.length > 0)) {\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\n }\n if (this.config.systemOptions.preventCorsPreflight &&\n request.ccsCredential) {\n switch (request.ccsCredential.type) {\n case CcsCredentialType.HOME_ACCOUNT_ID:\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(request.ccsCredential.credential);\n parameterBuilder.addCcsOid(clientInfo);\n }\n catch (e) {\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" +\n e);\n }\n break;\n case CcsCredentialType.UPN:\n parameterBuilder.addCcsUpn(request.ccsCredential.credential);\n break;\n }\n }\n if (request.tokenBodyParameters) {\n parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);\n }\n return parameterBuilder.createQueryString();\n }\n}\n\nexport { RefreshTokenClient };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { BaseClient } from './BaseClient.mjs';\nimport { wasClockTurnedBack, isTokenExpired } from '../utils/TimeUtils.mjs';\nimport { RefreshTokenClient } from './RefreshTokenClient.mjs';\nimport { ClientAuthError, createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { ResponseHandler } from '../response/ResponseHandler.mjs';\nimport { CacheOutcome } from '../utils/Constants.mjs';\nimport { StringUtils } from '../utils/StringUtils.mjs';\nimport { extractTokenClaims, checkMaxAge } from '../account/AuthToken.mjs';\nimport { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';\nimport { invokeAsync } from '../utils/FunctionWrappers.mjs';\nimport { getTenantFromAuthorityString } from '../authority/Authority.mjs';\nimport { tokenRefreshRequired, noAccountInSilentRequest, authTimeNotFound } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/** @internal */\nclass SilentFlowClient extends BaseClient {\n constructor(configuration, performanceClient) {\n super(configuration, performanceClient);\n }\n /**\n * Retrieves a token from cache if it is still valid, or uses the cached refresh token to renew\n * the given token and returns the renewed token\n * @param request\n */\n async acquireToken(request) {\n try {\n const [authResponse, cacheOutcome] = await this.acquireCachedToken(request);\n // if the token is not expired but must be refreshed; get a new one in the background\n if (cacheOutcome === CacheOutcome.PROACTIVELY_REFRESHED) {\n this.logger.info(\"SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed.\");\n // refresh the access token in the background\n const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient);\n refreshTokenClient\n .acquireTokenByRefreshToken(request)\n .catch(() => {\n // do nothing, this is running in the background and no action is to be taken upon success or failure\n });\n }\n // return the cached token\n return authResponse;\n }\n catch (e) {\n if (e instanceof ClientAuthError &&\n e.errorCode === tokenRefreshRequired) {\n const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient);\n return refreshTokenClient.acquireTokenByRefreshToken(request);\n }\n else {\n throw e;\n }\n }\n }\n /**\n * Retrieves token from cache or throws an error if it must be refreshed.\n * @param request\n */\n async acquireCachedToken(request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientAcquireCachedToken, request.correlationId);\n let lastCacheOutcome = CacheOutcome.NOT_APPLICABLE;\n if (request.forceRefresh ||\n (!this.config.cacheOptions.claimsBasedCachingEnabled &&\n !StringUtils.isEmptyObj(request.claims))) {\n // Must refresh due to present force_refresh flag.\n this.setCacheOutcome(CacheOutcome.FORCE_REFRESH_OR_CLAIMS, request.correlationId);\n throw createClientAuthError(tokenRefreshRequired);\n }\n // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases\n if (!request.account) {\n throw createClientAuthError(noAccountInSilentRequest);\n }\n const requestTenantId = request.account.tenantId ||\n getTenantFromAuthorityString(request.authority);\n const tokenKeys = this.cacheManager.getTokenKeys();\n const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId);\n if (!cachedAccessToken) {\n // must refresh due to non-existent access_token\n this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);\n throw createClientAuthError(tokenRefreshRequired);\n }\n else if (wasClockTurnedBack(cachedAccessToken.cachedAt) ||\n isTokenExpired(cachedAccessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) {\n // must refresh due to the expires_in value\n this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);\n throw createClientAuthError(tokenRefreshRequired);\n }\n else if (cachedAccessToken.refreshOn &&\n isTokenExpired(cachedAccessToken.refreshOn, 0)) {\n // must refresh (in the background) due to the refresh_in value\n lastCacheOutcome = CacheOutcome.PROACTIVELY_REFRESHED;\n // don't throw ClientAuthError.createRefreshRequiredError(), return cached token instead\n }\n const environment = request.authority || this.authority.getPreferredCache();\n const cacheRecord = {\n account: this.cacheManager.readAccountFromCache(request.account),\n accessToken: cachedAccessToken,\n idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient, request.correlationId),\n refreshToken: null,\n appMetadata: this.cacheManager.readAppMetadataFromCache(environment),\n };\n this.setCacheOutcome(lastCacheOutcome, request.correlationId);\n if (this.config.serverTelemetryManager) {\n this.config.serverTelemetryManager.incrementCacheHits();\n }\n return [\n await invokeAsync(this.generateResultFromCacheRecord.bind(this), PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, this.logger, this.performanceClient, request.correlationId)(cacheRecord, request),\n lastCacheOutcome,\n ];\n }\n setCacheOutcome(cacheOutcome, correlationId) {\n this.serverTelemetryManager?.setCacheOutcome(cacheOutcome);\n this.performanceClient?.addFields({\n cacheOutcome: cacheOutcome,\n }, correlationId);\n if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) {\n this.logger.info(`Token refresh is required due to cache outcome: ${cacheOutcome}`);\n }\n }\n /**\n * Helper function to build response object from the CacheRecord\n * @param cacheRecord\n */\n async generateResultFromCacheRecord(cacheRecord, request) {\n this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId);\n let idTokenClaims;\n if (cacheRecord.idToken) {\n idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode);\n }\n // token max_age check\n if (request.maxAge || request.maxAge === 0) {\n const authTime = idTokenClaims?.auth_time;\n if (!authTime) {\n throw createClientAuthError(authTimeNotFound);\n }\n checkMaxAge(authTime, request.maxAge);\n }\n return ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenClaims);\n }\n}\n\nexport { SilentFlowClient };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { methodNotImplemented } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst StubbedNetworkModule = {\n sendGetRequestAsync: () => {\n return Promise.reject(createClientAuthError(methodNotImplemented));\n },\n sendPostRequestAsync: () => {\n return Promise.reject(createClientAuthError(methodNotImplemented));\n },\n};\n\nexport { StubbedNetworkModule };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst missingKidError = \"missing_kid_error\";\nconst missingAlgError = \"missing_alg_error\";\n\nexport { missingAlgError, missingKidError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\nimport { missingKidError, missingAlgError } from './JoseHeaderErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst JoseHeaderErrorMessages = {\n [missingKidError]: \"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.\",\n [missingAlgError]: \"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided.\",\n};\n/**\n * Error thrown when there is an error in the client code running on the browser.\n */\nclass JoseHeaderError extends AuthError {\n constructor(errorCode, errorMessage) {\n super(errorCode, errorMessage);\n this.name = \"JoseHeaderError\";\n Object.setPrototypeOf(this, JoseHeaderError.prototype);\n }\n}\n/** Returns JoseHeaderError object */\nfunction createJoseHeaderError(code) {\n return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);\n}\n\nexport { JoseHeaderError, JoseHeaderErrorMessages, createJoseHeaderError };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { createJoseHeaderError } from '../error/JoseHeaderError.mjs';\nimport { JsonWebTokenTypes } from '../utils/Constants.mjs';\nimport { missingKidError, missingAlgError } from '../error/JoseHeaderErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/** @internal */\nclass JoseHeader {\n constructor(options) {\n this.typ = options.typ;\n this.alg = options.alg;\n this.kid = options.kid;\n }\n /**\n * Builds SignedHttpRequest formatted JOSE Header from the\n * JOSE Header options provided or previously set on the object and returns\n * the stringified header object.\n * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.\n * @param shrHeaderOptions\n * @returns\n */\n static getShrHeaderString(shrHeaderOptions) {\n // KeyID is required on the SHR header\n if (!shrHeaderOptions.kid) {\n throw createJoseHeaderError(missingKidError);\n }\n // Alg is required on the SHR header\n if (!shrHeaderOptions.alg) {\n throw createJoseHeaderError(missingAlgError);\n }\n const shrHeader = new JoseHeader({\n // Access Token PoP headers must have type pop, but the type header can be overriden for special cases\n typ: shrHeaderOptions.typ || JsonWebTokenTypes.Pop,\n kid: shrHeaderOptions.kid,\n alg: shrHeaderOptions.alg,\n });\n return JSON.stringify(shrHeader);\n }\n}\n\nexport { JoseHeader };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { CacheOutcome, Constants, SERVER_TELEM_CONSTANTS, Separators } from '../../utils/Constants.mjs';\nimport { AuthError } from '../../error/AuthError.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/** @internal */\nclass ServerTelemetryManager {\n constructor(telemetryRequest, cacheManager) {\n this.cacheOutcome = CacheOutcome.NOT_APPLICABLE;\n this.cacheManager = cacheManager;\n this.apiId = telemetryRequest.apiId;\n this.correlationId = telemetryRequest.correlationId;\n this.wrapperSKU = telemetryRequest.wrapperSKU || Constants.EMPTY_STRING;\n this.wrapperVer = telemetryRequest.wrapperVer || Constants.EMPTY_STRING;\n this.telemetryCacheKey =\n SERVER_TELEM_CONSTANTS.CACHE_KEY +\n Separators.CACHE_KEY_SEPARATOR +\n telemetryRequest.clientId;\n }\n /**\n * API to add MSER Telemetry to request\n */\n generateCurrentRequestHeaderValue() {\n const request = `${this.apiId}${SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR}${this.cacheOutcome}`;\n const platformFields = [this.wrapperSKU, this.wrapperVer].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);\n const regionDiscoveryFields = this.getRegionDiscoveryFields();\n const requestWithRegionDiscoveryFields = [\n request,\n regionDiscoveryFields,\n ].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);\n return [\n SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,\n requestWithRegionDiscoveryFields,\n platformFields,\n ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);\n }\n /**\n * API to add MSER Telemetry for the last failed request\n */\n generateLastRequestHeaderValue() {\n const lastRequests = this.getLastRequests();\n const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests);\n const failedRequests = lastRequests.failedRequests\n .slice(0, 2 * maxErrors)\n .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);\n const errors = lastRequests.errors\n .slice(0, maxErrors)\n .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);\n const errorCount = lastRequests.errors.length;\n // Indicate whether this header contains all data or partial data\n const overflow = maxErrors < errorCount\n ? SERVER_TELEM_CONSTANTS.OVERFLOW_TRUE\n : SERVER_TELEM_CONSTANTS.OVERFLOW_FALSE;\n const platformFields = [errorCount, overflow].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);\n return [\n SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,\n lastRequests.cacheHits,\n failedRequests,\n errors,\n platformFields,\n ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);\n }\n /**\n * API to cache token failures for MSER data capture\n * @param error\n */\n cacheFailedRequest(error) {\n const lastRequests = this.getLastRequests();\n if (lastRequests.errors.length >=\n SERVER_TELEM_CONSTANTS.MAX_CACHED_ERRORS) {\n // Remove a cached error to make room, first in first out\n lastRequests.failedRequests.shift(); // apiId\n lastRequests.failedRequests.shift(); // correlationId\n lastRequests.errors.shift();\n }\n lastRequests.failedRequests.push(this.apiId, this.correlationId);\n if (error instanceof Error && !!error && error.toString()) {\n if (error instanceof AuthError) {\n if (error.subError) {\n lastRequests.errors.push(error.subError);\n }\n else if (error.errorCode) {\n lastRequests.errors.push(error.errorCode);\n }\n else {\n lastRequests.errors.push(error.toString());\n }\n }\n else {\n lastRequests.errors.push(error.toString());\n }\n }\n else {\n lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR);\n }\n this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);\n return;\n }\n /**\n * Update server telemetry cache entry by incrementing cache hit counter\n */\n incrementCacheHits() {\n const lastRequests = this.getLastRequests();\n lastRequests.cacheHits += 1;\n this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);\n return lastRequests.cacheHits;\n }\n /**\n * Get the server telemetry entity from cache or initialize a new one\n */\n getLastRequests() {\n const initialValue = {\n failedRequests: [],\n errors: [],\n cacheHits: 0,\n };\n const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey);\n return lastRequests || initialValue;\n }\n /**\n * Remove server telemetry cache entry\n */\n clearTelemetryCache() {\n const lastRequests = this.getLastRequests();\n const numErrorsFlushed = ServerTelemetryManager.maxErrorsToSend(lastRequests);\n const errorCount = lastRequests.errors.length;\n if (numErrorsFlushed === errorCount) {\n // All errors were sent on last request, clear Telemetry cache\n this.cacheManager.removeItem(this.telemetryCacheKey);\n }\n else {\n // Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed\n const serverTelemEntity = {\n failedRequests: lastRequests.failedRequests.slice(numErrorsFlushed * 2),\n errors: lastRequests.errors.slice(numErrorsFlushed),\n cacheHits: 0,\n };\n this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity);\n }\n }\n /**\n * Returns the maximum number of errors that can be flushed to the server in the next network request\n * @param serverTelemetryEntity\n */\n static maxErrorsToSend(serverTelemetryEntity) {\n let i;\n let maxErrors = 0;\n let dataSize = 0;\n const errorCount = serverTelemetryEntity.errors.length;\n for (i = 0; i < errorCount; i++) {\n // failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs\n const apiId = serverTelemetryEntity.failedRequests[2 * i] ||\n Constants.EMPTY_STRING;\n const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] ||\n Constants.EMPTY_STRING;\n const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING;\n // Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators\n dataSize +=\n apiId.toString().length +\n correlationId.toString().length +\n errorCode.length +\n 3;\n if (dataSize < SERVER_TELEM_CONSTANTS.MAX_LAST_HEADER_BYTES) {\n // Adding this entry to the header would still keep header size below the limit\n maxErrors += 1;\n }\n else {\n break;\n }\n }\n return maxErrors;\n }\n /**\n * Get the region discovery fields\n *\n * @returns string\n */\n getRegionDiscoveryFields() {\n const regionDiscoveryFields = [];\n regionDiscoveryFields.push(this.regionUsed || Constants.EMPTY_STRING);\n regionDiscoveryFields.push(this.regionSource || Constants.EMPTY_STRING);\n regionDiscoveryFields.push(this.regionOutcome || Constants.EMPTY_STRING);\n return regionDiscoveryFields.join(\",\");\n }\n /**\n * Update the region discovery metadata\n *\n * @param regionDiscoveryMetadata\n * @returns void\n */\n updateRegionDiscoveryMetadata(regionDiscoveryMetadata) {\n this.regionUsed = regionDiscoveryMetadata.region_used;\n this.regionSource = regionDiscoveryMetadata.region_source;\n this.regionOutcome = regionDiscoveryMetadata.region_outcome;\n }\n /**\n * Set cache outcome\n */\n setCacheOutcome(cacheOutcome) {\n this.cacheOutcome = cacheOutcome;\n }\n}\n\nexport { ServerTelemetryManager };\n\n","/*! @azure/msal-common v14.7.1 2024-02-17 */\n'use strict';\nimport { PerformanceEventStatus } from './PerformanceEvent.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nclass StubPerformanceMeasurement {\n startMeasurement() {\n return;\n }\n endMeasurement() {\n return;\n }\n flushMeasurement() {\n return null;\n }\n}\nclass StubPerformanceClient {\n generateId() {\n return \"callback-id\";\n }\n startMeasurement(measureName, correlationId) {\n return {\n end: () => null,\n discard: () => { },\n add: () => { },\n increment: () => { },\n event: {\n eventId: this.generateId(),\n status: PerformanceEventStatus.InProgress,\n authority: \"\",\n libraryName: \"\",\n libraryVersion: \"\",\n clientId: \"\",\n name: measureName,\n startTimeMs: Date.now(),\n correlationId: correlationId || \"\",\n },\n measurement: new StubPerformanceMeasurement(),\n };\n }\n startPerformanceMeasurement() {\n return new StubPerformanceMeasurement();\n }\n calculateQueuedTime() {\n return 0;\n }\n addQueueMeasurement() {\n return;\n }\n setPreQueueTime() {\n return;\n }\n endMeasurement() {\n return null;\n }\n discardMeasurements() {\n return;\n }\n removePerformanceCallback() {\n return true;\n }\n addPerformanceCallback() {\n return \"\";\n }\n emitEvents() {\n return;\n }\n addFields() {\n return;\n }\n incrementFields() {\n return;\n }\n cacheEventByCorrelationId() {\n return;\n }\n}\n\nexport { StubPerformanceClient, StubPerformanceMeasurement };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst pkceNotCreated = \"pkce_not_created\";\nconst cryptoNonExistent = \"crypto_nonexistent\";\nconst emptyNavigateUri = \"empty_navigate_uri\";\nconst hashEmptyError = \"hash_empty_error\";\nconst noStateInHash = \"no_state_in_hash\";\nconst hashDoesNotContainKnownProperties = \"hash_does_not_contain_known_properties\";\nconst unableToParseState = \"unable_to_parse_state\";\nconst stateInteractionTypeMismatch = \"state_interaction_type_mismatch\";\nconst interactionInProgress = \"interaction_in_progress\";\nconst popupWindowError = \"popup_window_error\";\nconst emptyWindowError = \"empty_window_error\";\nconst userCancelled = \"user_cancelled\";\nconst monitorPopupTimeout = \"monitor_popup_timeout\";\nconst monitorWindowTimeout = \"monitor_window_timeout\";\nconst redirectInIframe = \"redirect_in_iframe\";\nconst blockIframeReload = \"block_iframe_reload\";\nconst blockNestedPopups = \"block_nested_popups\";\nconst iframeClosedPrematurely = \"iframe_closed_prematurely\";\nconst silentLogoutUnsupported = \"silent_logout_unsupported\";\nconst noAccountError = \"no_account_error\";\nconst silentPromptValueError = \"silent_prompt_value_error\";\nconst noTokenRequestCacheError = \"no_token_request_cache_error\";\nconst unableToParseTokenRequestCacheError = \"unable_to_parse_token_request_cache_error\";\nconst noCachedAuthorityError = \"no_cached_authority_error\";\nconst authRequestNotSetError = \"auth_request_not_set_error\";\nconst invalidCacheType = \"invalid_cache_type\";\nconst nonBrowserEnvironment = \"non_browser_environment\";\nconst databaseNotOpen = \"database_not_open\";\nconst noNetworkConnectivity = \"no_network_connectivity\";\nconst postRequestFailed = \"post_request_failed\";\nconst getRequestFailed = \"get_request_failed\";\nconst failedToParseResponse = \"failed_to_parse_response\";\nconst unableToLoadToken = \"unable_to_load_token\";\nconst cryptoKeyNotFound = \"crypto_key_not_found\";\nconst authCodeRequired = \"auth_code_required\";\nconst authCodeOrNativeAccountIdRequired = \"auth_code_or_nativeAccountId_required\";\nconst spaCodeAndNativeAccountIdPresent = \"spa_code_and_nativeAccountId_present\";\nconst databaseUnavailable = \"database_unavailable\";\nconst unableToAcquireTokenFromNativePlatform = \"unable_to_acquire_token_from_native_platform\";\nconst nativeHandshakeTimeout = \"native_handshake_timeout\";\nconst nativeExtensionNotInstalled = \"native_extension_not_installed\";\nconst nativeConnectionNotEstablished = \"native_connection_not_established\";\nconst uninitializedPublicClientApplication = \"uninitialized_public_client_application\";\nconst nativePromptNotSupported = \"native_prompt_not_supported\";\nconst invalidBase64String = \"invalid_base64_string\";\n\nexport { authCodeOrNativeAccountIdRequired, authCodeRequired, authRequestNotSetError, blockIframeReload, blockNestedPopups, cryptoKeyNotFound, cryptoNonExistent, databaseNotOpen, databaseUnavailable, emptyNavigateUri, emptyWindowError, failedToParseResponse, getRequestFailed, hashDoesNotContainKnownProperties, hashEmptyError, iframeClosedPrematurely, interactionInProgress, invalidBase64String, invalidCacheType, monitorPopupTimeout, monitorWindowTimeout, nativeConnectionNotEstablished, nativeExtensionNotInstalled, nativeHandshakeTimeout, nativePromptNotSupported, noAccountError, noCachedAuthorityError, noNetworkConnectivity, noStateInHash, noTokenRequestCacheError, nonBrowserEnvironment, pkceNotCreated, popupWindowError, postRequestFailed, redirectInIframe, silentLogoutUnsupported, silentPromptValueError, spaCodeAndNativeAccountIdPresent, stateInteractionTypeMismatch, unableToAcquireTokenFromNativePlatform, unableToLoadToken, unableToParseState, unableToParseTokenRequestCacheError, uninitializedPublicClientApplication, userCancelled };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { AuthError } from '@azure/msal-common';\nimport { pkceNotCreated, cryptoNonExistent, emptyNavigateUri, hashEmptyError, noStateInHash, hashDoesNotContainKnownProperties, unableToParseState, stateInteractionTypeMismatch, interactionInProgress, popupWindowError, emptyWindowError, userCancelled, monitorPopupTimeout, monitorWindowTimeout, redirectInIframe, blockIframeReload, blockNestedPopups, iframeClosedPrematurely, silentLogoutUnsupported, noAccountError, silentPromptValueError, noTokenRequestCacheError, unableToParseTokenRequestCacheError, noCachedAuthorityError, authRequestNotSetError, invalidCacheType, nonBrowserEnvironment, databaseNotOpen, noNetworkConnectivity, postRequestFailed, getRequestFailed, failedToParseResponse, unableToLoadToken, cryptoKeyNotFound, authCodeRequired, authCodeOrNativeAccountIdRequired, spaCodeAndNativeAccountIdPresent, databaseUnavailable, unableToAcquireTokenFromNativePlatform, nativeHandshakeTimeout, nativeExtensionNotInstalled, nativeConnectionNotEstablished, uninitializedPublicClientApplication, nativePromptNotSupported, invalidBase64String } from './BrowserAuthErrorCodes.mjs';\nimport * as BrowserAuthErrorCodes from './BrowserAuthErrorCodes.mjs';\nexport { BrowserAuthErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst ErrorLink = \"For more visit: aka.ms/msaljs/browser-errors\";\n/**\n * BrowserAuthErrorMessage class containing string constants used by error codes and messages.\n */\nconst BrowserAuthErrorMessages = {\n [pkceNotCreated]: \"The PKCE code challenge and verifier could not be generated.\",\n [cryptoNonExistent]: \"The crypto object or function is not available.\",\n [emptyNavigateUri]: \"Navigation URI is empty. Please check stack trace for more info.\",\n [hashEmptyError]: `Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ErrorLink}`,\n [noStateInHash]: \"Hash does not contain state. Please verify that the request originated from msal.\",\n [hashDoesNotContainKnownProperties]: `Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${ErrorLink}`,\n [unableToParseState]: \"Unable to parse state. Please verify that the request originated from msal.\",\n [stateInteractionTypeMismatch]: \"Hash contains state but the interaction type does not match the caller.\",\n [interactionInProgress]: `Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${ErrorLink}`,\n [popupWindowError]: \"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.\",\n [emptyWindowError]: \"window.open returned null or undefined window object.\",\n [userCancelled]: \"User cancelled the flow.\",\n [monitorPopupTimeout]: `Token acquisition in popup failed due to timeout. ${ErrorLink}`,\n [monitorWindowTimeout]: `Token acquisition in iframe failed due to timeout. ${ErrorLink}`,\n [redirectInIframe]: \"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.\",\n [blockIframeReload]: `Request was blocked inside an iframe because MSAL detected an authentication response. ${ErrorLink}`,\n [blockNestedPopups]: \"Request was blocked inside a popup because MSAL detected it was running in a popup.\",\n [iframeClosedPrematurely]: \"The iframe being monitored was closed prematurely.\",\n [silentLogoutUnsupported]: \"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.\",\n [noAccountError]: \"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.\",\n [silentPromptValueError]: \"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.\",\n [noTokenRequestCacheError]: \"No token request found in cache.\",\n [unableToParseTokenRequestCacheError]: \"The cached token request could not be parsed.\",\n [noCachedAuthorityError]: \"No cached authority found.\",\n [authRequestNotSetError]: \"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler\",\n [invalidCacheType]: \"Invalid cache type\",\n [nonBrowserEnvironment]: \"Login and token requests are not supported in non-browser environments.\",\n [databaseNotOpen]: \"Database is not open!\",\n [noNetworkConnectivity]: \"No network connectivity. Check your internet connection.\",\n [postRequestFailed]: \"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'\",\n [getRequestFailed]: \"Network request failed. Please check the network trace to determine root cause.\",\n [failedToParseResponse]: \"Failed to parse network response. Check network trace.\",\n [unableToLoadToken]: \"Error loading token to cache.\",\n [cryptoKeyNotFound]: \"Cryptographic Key or Keypair not found in browser storage.\",\n [authCodeRequired]: \"An authorization code must be provided (as the `code` property on the request) to this flow.\",\n [authCodeOrNativeAccountIdRequired]: \"An authorization code or nativeAccountId must be provided to this flow.\",\n [spaCodeAndNativeAccountIdPresent]: \"Request cannot contain both spa code and native account id.\",\n [databaseUnavailable]: \"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.\",\n [unableToAcquireTokenFromNativePlatform]: `Unable to acquire token from native platform. ${ErrorLink}`,\n [nativeHandshakeTimeout]: \"Timed out while attempting to establish connection to browser extension\",\n [nativeExtensionNotInstalled]: \"Native extension is not installed. If you think this is a mistake call the initialize function.\",\n [nativeConnectionNotEstablished]: `Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${ErrorLink}`,\n [uninitializedPublicClientApplication]: `You must call and await the initialize function before attempting to call any other MSAL API. ${ErrorLink}`,\n [nativePromptNotSupported]: \"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.\",\n [invalidBase64String]: \"Invalid base64 encoded string.\",\n};\n/**\n * BrowserAuthErrorMessage class containing string constants used by error codes and messages.\n * @deprecated Use exported BrowserAuthErrorCodes instead.\n * In your app you can do :\n * ```\n * import { BrowserAuthErrorCodes } from \"@azure/msal-browser\";\n * ```\n */\nconst BrowserAuthErrorMessage = {\n pkceNotGenerated: {\n code: pkceNotCreated,\n desc: BrowserAuthErrorMessages[pkceNotCreated],\n },\n cryptoDoesNotExist: {\n code: cryptoNonExistent,\n desc: BrowserAuthErrorMessages[cryptoNonExistent],\n },\n emptyNavigateUriError: {\n code: emptyNavigateUri,\n desc: BrowserAuthErrorMessages[emptyNavigateUri],\n },\n hashEmptyError: {\n code: hashEmptyError,\n desc: BrowserAuthErrorMessages[hashEmptyError],\n },\n hashDoesNotContainStateError: {\n code: noStateInHash,\n desc: BrowserAuthErrorMessages[noStateInHash],\n },\n hashDoesNotContainKnownPropertiesError: {\n code: hashDoesNotContainKnownProperties,\n desc: BrowserAuthErrorMessages[hashDoesNotContainKnownProperties],\n },\n unableToParseStateError: {\n code: unableToParseState,\n desc: BrowserAuthErrorMessages[unableToParseState],\n },\n stateInteractionTypeMismatchError: {\n code: stateInteractionTypeMismatch,\n desc: BrowserAuthErrorMessages[stateInteractionTypeMismatch],\n },\n interactionInProgress: {\n code: interactionInProgress,\n desc: BrowserAuthErrorMessages[interactionInProgress],\n },\n popupWindowError: {\n code: popupWindowError,\n desc: BrowserAuthErrorMessages[popupWindowError],\n },\n emptyWindowError: {\n code: emptyWindowError,\n desc: BrowserAuthErrorMessages[emptyWindowError],\n },\n userCancelledError: {\n code: userCancelled,\n desc: BrowserAuthErrorMessages[userCancelled],\n },\n monitorPopupTimeoutError: {\n code: monitorPopupTimeout,\n desc: BrowserAuthErrorMessages[monitorPopupTimeout],\n },\n monitorIframeTimeoutError: {\n code: monitorWindowTimeout,\n desc: BrowserAuthErrorMessages[monitorWindowTimeout],\n },\n redirectInIframeError: {\n code: redirectInIframe,\n desc: BrowserAuthErrorMessages[redirectInIframe],\n },\n blockTokenRequestsInHiddenIframeError: {\n code: blockIframeReload,\n desc: BrowserAuthErrorMessages[blockIframeReload],\n },\n blockAcquireTokenInPopupsError: {\n code: blockNestedPopups,\n desc: BrowserAuthErrorMessages[blockNestedPopups],\n },\n iframeClosedPrematurelyError: {\n code: iframeClosedPrematurely,\n desc: BrowserAuthErrorMessages[iframeClosedPrematurely],\n },\n silentLogoutUnsupportedError: {\n code: silentLogoutUnsupported,\n desc: BrowserAuthErrorMessages[silentLogoutUnsupported],\n },\n noAccountError: {\n code: noAccountError,\n desc: BrowserAuthErrorMessages[noAccountError],\n },\n silentPromptValueError: {\n code: silentPromptValueError,\n desc: BrowserAuthErrorMessages[silentPromptValueError],\n },\n noTokenRequestCacheError: {\n code: noTokenRequestCacheError,\n desc: BrowserAuthErrorMessages[noTokenRequestCacheError],\n },\n unableToParseTokenRequestCacheError: {\n code: unableToParseTokenRequestCacheError,\n desc: BrowserAuthErrorMessages[unableToParseTokenRequestCacheError],\n },\n noCachedAuthorityError: {\n code: noCachedAuthorityError,\n desc: BrowserAuthErrorMessages[noCachedAuthorityError],\n },\n authRequestNotSet: {\n code: authRequestNotSetError,\n desc: BrowserAuthErrorMessages[authRequestNotSetError],\n },\n invalidCacheType: {\n code: invalidCacheType,\n desc: BrowserAuthErrorMessages[invalidCacheType],\n },\n notInBrowserEnvironment: {\n code: nonBrowserEnvironment,\n desc: BrowserAuthErrorMessages[nonBrowserEnvironment],\n },\n databaseNotOpen: {\n code: databaseNotOpen,\n desc: BrowserAuthErrorMessages[databaseNotOpen],\n },\n noNetworkConnectivity: {\n code: noNetworkConnectivity,\n desc: BrowserAuthErrorMessages[noNetworkConnectivity],\n },\n postRequestFailed: {\n code: postRequestFailed,\n desc: BrowserAuthErrorMessages[postRequestFailed],\n },\n getRequestFailed: {\n code: getRequestFailed,\n desc: BrowserAuthErrorMessages[getRequestFailed],\n },\n failedToParseNetworkResponse: {\n code: failedToParseResponse,\n desc: BrowserAuthErrorMessages[failedToParseResponse],\n },\n unableToLoadTokenError: {\n code: unableToLoadToken,\n desc: BrowserAuthErrorMessages[unableToLoadToken],\n },\n signingKeyNotFoundInStorage: {\n code: cryptoKeyNotFound,\n desc: BrowserAuthErrorMessages[cryptoKeyNotFound],\n },\n authCodeRequired: {\n code: authCodeRequired,\n desc: BrowserAuthErrorMessages[authCodeRequired],\n },\n authCodeOrNativeAccountRequired: {\n code: authCodeOrNativeAccountIdRequired,\n desc: BrowserAuthErrorMessages[authCodeOrNativeAccountIdRequired],\n },\n spaCodeAndNativeAccountPresent: {\n code: spaCodeAndNativeAccountIdPresent,\n desc: BrowserAuthErrorMessages[spaCodeAndNativeAccountIdPresent],\n },\n databaseUnavailable: {\n code: databaseUnavailable,\n desc: BrowserAuthErrorMessages[databaseUnavailable],\n },\n unableToAcquireTokenFromNativePlatform: {\n code: unableToAcquireTokenFromNativePlatform,\n desc: BrowserAuthErrorMessages[unableToAcquireTokenFromNativePlatform],\n },\n nativeHandshakeTimeout: {\n code: nativeHandshakeTimeout,\n desc: BrowserAuthErrorMessages[nativeHandshakeTimeout],\n },\n nativeExtensionNotInstalled: {\n code: nativeExtensionNotInstalled,\n desc: BrowserAuthErrorMessages[nativeExtensionNotInstalled],\n },\n nativeConnectionNotEstablished: {\n code: nativeConnectionNotEstablished,\n desc: BrowserAuthErrorMessages[nativeConnectionNotEstablished],\n },\n uninitializedPublicClientApplication: {\n code: uninitializedPublicClientApplication,\n desc: BrowserAuthErrorMessages[uninitializedPublicClientApplication],\n },\n nativePromptNotSupported: {\n code: nativePromptNotSupported,\n desc: BrowserAuthErrorMessages[nativePromptNotSupported],\n },\n invalidBase64StringError: {\n code: invalidBase64String,\n desc: BrowserAuthErrorMessages[invalidBase64String],\n },\n};\n/**\n * Browser library error class thrown by the MSAL.js library for SPAs\n */\nclass BrowserAuthError extends AuthError {\n constructor(errorCode) {\n super(errorCode, BrowserAuthErrorMessages[errorCode]);\n Object.setPrototypeOf(this, BrowserAuthError.prototype);\n this.name = \"BrowserAuthError\";\n }\n}\nfunction createBrowserAuthError(errorCode) {\n return new BrowserAuthError(errorCode);\n}\n\nexport { BrowserAuthError, BrowserAuthErrorMessage, BrowserAuthErrorMessages, createBrowserAuthError };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { OIDC_DEFAULT_SCOPES } from '@azure/msal-common';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Constants\n */\nconst BrowserConstants = {\n /**\n * Interaction in progress cache value\n */\n INTERACTION_IN_PROGRESS_VALUE: \"interaction_in_progress\",\n /**\n * Invalid grant error code\n */\n INVALID_GRANT_ERROR: \"invalid_grant\",\n /**\n * Default popup window width\n */\n POPUP_WIDTH: 483,\n /**\n * Default popup window height\n */\n POPUP_HEIGHT: 600,\n /**\n * Name of the popup window starts with\n */\n POPUP_NAME_PREFIX: \"msal\",\n /**\n * Default popup monitor poll interval in milliseconds\n */\n DEFAULT_POLL_INTERVAL_MS: 30,\n /**\n * Msal-browser SKU\n */\n MSAL_SKU: \"msal.js.browser\",\n};\nconst NativeConstants = {\n CHANNEL_ID: \"53ee284d-920a-4b59-9d30-a60315b26836\",\n PREFERRED_EXTENSION_ID: \"ppnbnpeolgkicgegkbkbjmhlideopiji\",\n MATS_TELEMETRY: \"MATS\",\n};\nconst NativeExtensionMethod = {\n HandshakeRequest: \"Handshake\",\n HandshakeResponse: \"HandshakeResponse\",\n GetToken: \"GetToken\",\n Response: \"Response\",\n};\nconst BrowserCacheLocation = {\n LocalStorage: \"localStorage\",\n SessionStorage: \"sessionStorage\",\n MemoryStorage: \"memoryStorage\",\n};\n/**\n * HTTP Request types supported by MSAL.\n */\nconst HTTP_REQUEST_TYPE = {\n GET: \"GET\",\n POST: \"POST\",\n};\n/**\n * Temporary cache keys for MSAL, deleted after any request.\n */\nconst TemporaryCacheKeys = {\n AUTHORITY: \"authority\",\n ACQUIRE_TOKEN_ACCOUNT: \"acquireToken.account\",\n SESSION_STATE: \"session.state\",\n REQUEST_STATE: \"request.state\",\n NONCE_IDTOKEN: \"nonce.id_token\",\n ORIGIN_URI: \"request.origin\",\n RENEW_STATUS: \"token.renew.status\",\n URL_HASH: \"urlHash\",\n REQUEST_PARAMS: \"request.params\",\n SCOPES: \"scopes\",\n INTERACTION_STATUS_KEY: \"interaction.status\",\n CCS_CREDENTIAL: \"ccs.credential\",\n CORRELATION_ID: \"request.correlationId\",\n NATIVE_REQUEST: \"request.native\",\n REDIRECT_CONTEXT: \"request.redirect.context\",\n};\nconst StaticCacheKeys = {\n ACCOUNT_KEYS: \"msal.account.keys\",\n TOKEN_KEYS: \"msal.token.keys\",\n};\n/**\n * Cache keys stored in-memory\n */\nconst InMemoryCacheKeys = {\n WRAPPER_SKU: \"wrapper.sku\",\n WRAPPER_VER: \"wrapper.version\",\n};\n/**\n * API Codes for Telemetry purposes.\n * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs\n * 0-99 Silent Flow\n * 800-899 Auth Code Flow\n */\nconst ApiId = {\n acquireTokenRedirect: 861,\n acquireTokenPopup: 862,\n ssoSilent: 863,\n acquireTokenSilent_authCode: 864,\n handleRedirectPromise: 865,\n acquireTokenByCode: 866,\n acquireTokenSilent_silentFlow: 61,\n logout: 961,\n logoutPopup: 962,\n};\n/*\n * Interaction type of the API - used for state and telemetry\n */\nvar InteractionType;\n(function (InteractionType) {\n InteractionType[\"Redirect\"] = \"redirect\";\n InteractionType[\"Popup\"] = \"popup\";\n InteractionType[\"Silent\"] = \"silent\";\n InteractionType[\"None\"] = \"none\";\n})(InteractionType || (InteractionType = {}));\n/**\n * Types of interaction currently in progress.\n * Used in events in wrapper libraries to invoke functions when certain interaction is in progress or all interactions are complete.\n */\nconst InteractionStatus = {\n /**\n * Initial status before interaction occurs\n */\n Startup: \"startup\",\n /**\n * Status set when all login calls occuring\n */\n Login: \"login\",\n /**\n * Status set when logout call occuring\n */\n Logout: \"logout\",\n /**\n * Status set for acquireToken calls\n */\n AcquireToken: \"acquireToken\",\n /**\n * Status set for ssoSilent calls\n */\n SsoSilent: \"ssoSilent\",\n /**\n * Status set when handleRedirect in progress\n */\n HandleRedirect: \"handleRedirect\",\n /**\n * Status set when interaction is complete\n */\n None: \"none\",\n};\nconst DEFAULT_REQUEST = {\n scopes: OIDC_DEFAULT_SCOPES,\n};\n/**\n * JWK Key Format string (Type MUST be defined for window crypto APIs)\n */\nconst KEY_FORMAT_JWK = \"jwk\";\n// Supported wrapper SKUs\nconst WrapperSKU = {\n React: \"@azure/msal-react\",\n Angular: \"@azure/msal-angular\",\n};\n// DatabaseStorage Constants\nconst DB_NAME = \"msal.db\";\nconst DB_VERSION = 1;\nconst DB_TABLE_NAME = `${DB_NAME}.keys`;\nconst CacheLookupPolicy = {\n /*\n * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired\n * or cannot be found the refresh token will be used to acquire a new one. Finally, if the refresh token\n * is expired acquireTokenSilent will attempt to acquire new access and refresh tokens.\n */\n Default: 0,\n /*\n * acquireTokenSilent will only look for access tokens in the cache. It will not attempt to renew access or\n * refresh tokens.\n */\n AccessToken: 1,\n /*\n * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired or\n * cannot be found, the refresh token will be used to acquire a new one. If the refresh token is expired, it\n * will not be renewed and acquireTokenSilent will fail.\n */\n AccessTokenAndRefreshToken: 2,\n /*\n * acquireTokenSilent will not attempt to retrieve access tokens from the cache and will instead attempt to\n * exchange the cached refresh token for a new access token. If the refresh token is expired, it will not be\n * renewed and acquireTokenSilent will fail.\n */\n RefreshToken: 3,\n /*\n * acquireTokenSilent will not look in the cache for the access token. It will go directly to network with the\n * cached refresh token. If the refresh token is expired an attempt will be made to renew it. This is equivalent to\n * setting \"forceRefresh: true\".\n */\n RefreshTokenAndNetwork: 4,\n /*\n * acquireTokenSilent will attempt to renew both access and refresh tokens. It will not look in the cache. This will\n * always fail if 3rd party cookies are blocked by the browser.\n */\n Skip: 5,\n};\nconst iFrameRenewalPolicies = [\n CacheLookupPolicy.Default,\n CacheLookupPolicy.Skip,\n CacheLookupPolicy.RefreshTokenAndNetwork,\n];\nconst LOG_LEVEL_CACHE_KEY = \"msal.browser.log.level\";\nconst LOG_PII_CACHE_KEY = \"msal.browser.log.pii\";\nconst BROWSER_PERF_ENABLED_KEY = \"msal.browser.performance.enabled\";\n\nexport { ApiId, BROWSER_PERF_ENABLED_KEY, BrowserCacheLocation, BrowserConstants, CacheLookupPolicy, DB_NAME, DB_TABLE_NAME, DB_VERSION, DEFAULT_REQUEST, HTTP_REQUEST_TYPE, InMemoryCacheKeys, InteractionStatus, InteractionType, KEY_FORMAT_JWK, LOG_LEVEL_CACHE_KEY, LOG_PII_CACHE_KEY, NativeConstants, NativeExtensionMethod, StaticCacheKeys, TemporaryCacheKeys, WrapperSKU, iFrameRenewalPolicies };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { createBrowserAuthError } from '../error/BrowserAuthError.mjs';\nimport { PerformanceEvents } from '@azure/msal-common';\nimport { KEY_FORMAT_JWK } from '../utils/BrowserConstants.mjs';\nimport { cryptoNonExistent } from '../error/BrowserAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * This file defines functions used by the browser library to perform cryptography operations such as\n * hashing and encoding. It also has helper functions to validate the availability of specific APIs.\n */\n/**\n * See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams\n */\n// RSA KeyGen Algorithm\nconst PKCS1_V15_KEYGEN_ALG = \"RSASSA-PKCS1-v1_5\";\n// SHA-256 hashing algorithm\nconst S256_HASH_ALG = \"SHA-256\";\n// MOD length for PoP tokens\nconst MODULUS_LENGTH = 2048;\n// Public Exponent\nconst PUBLIC_EXPONENT = new Uint8Array([0x01, 0x00, 0x01]);\n// UUID hex digits\nconst UUID_CHARS = \"0123456789abcdef\";\n// Array to store UINT32 random value\nconst UINT32_ARR = new Uint32Array(1);\nconst keygenAlgorithmOptions = {\n name: PKCS1_V15_KEYGEN_ALG,\n hash: S256_HASH_ALG,\n modulusLength: MODULUS_LENGTH,\n publicExponent: PUBLIC_EXPONENT,\n};\n/**\n * Check whether browser crypto is available.\n */\nfunction validateCryptoAvailable(logger) {\n if (\"crypto\" in window) {\n logger.verbose(\"BrowserCrypto: modern crypto interface available\");\n }\n else {\n logger.error(\"BrowserCrypto: crypto interface is unavailable\");\n throw createBrowserAuthError(cryptoNonExistent);\n }\n}\n/**\n * Returns a sha-256 hash of the given dataString as an ArrayBuffer.\n * @param dataString {string} data string\n * @param performanceClient {?IPerformanceClient}\n * @param correlationId {?string} correlation id\n */\nasync function sha256Digest(dataString, performanceClient, correlationId) {\n performanceClient?.addQueueMeasurement(PerformanceEvents.Sha256Digest, correlationId);\n const encoder = new TextEncoder();\n const data = encoder.encode(dataString);\n return window.crypto.subtle.digest(S256_HASH_ALG, data);\n}\n/**\n * Populates buffer with cryptographically random values.\n * @param dataBuffer\n */\nfunction getRandomValues(dataBuffer) {\n return window.crypto.getRandomValues(dataBuffer);\n}\n/**\n * Returns random Uint32 value.\n * @returns {number}\n */\nfunction getRandomUint32() {\n window.crypto.getRandomValues(UINT32_ARR);\n return UINT32_ARR[0];\n}\n/**\n * Creates a UUID v7 from the current timestamp.\n * Implementation relies on the system clock to guarantee increasing order of generated identifiers.\n * @returns {number}\n */\nfunction createNewGuid() {\n const currentTimestamp = Date.now();\n const baseRand = getRandomUint32() * 0x400 + (getRandomUint32() & 0x3ff);\n // Result byte array\n const bytes = new Uint8Array(16);\n // A 12-bit `rand_a` field value\n const randA = Math.trunc(baseRand / 2 ** 30);\n // The higher 30 bits of 62-bit `rand_b` field value\n const randBHi = baseRand & (2 ** 30 - 1);\n // The lower 32 bits of 62-bit `rand_b` field value\n const randBLo = getRandomUint32();\n bytes[0] = currentTimestamp / 2 ** 40;\n bytes[1] = currentTimestamp / 2 ** 32;\n bytes[2] = currentTimestamp / 2 ** 24;\n bytes[3] = currentTimestamp / 2 ** 16;\n bytes[4] = currentTimestamp / 2 ** 8;\n bytes[5] = currentTimestamp;\n bytes[6] = 0x70 | (randA >>> 8);\n bytes[7] = randA;\n bytes[8] = 0x80 | (randBHi >>> 24);\n bytes[9] = randBHi >>> 16;\n bytes[10] = randBHi >>> 8;\n bytes[11] = randBHi;\n bytes[12] = randBLo >>> 24;\n bytes[13] = randBLo >>> 16;\n bytes[14] = randBLo >>> 8;\n bytes[15] = randBLo;\n let text = \"\";\n for (let i = 0; i < bytes.length; i++) {\n text += UUID_CHARS.charAt(bytes[i] >>> 4);\n text += UUID_CHARS.charAt(bytes[i] & 0xf);\n if (i === 3 || i === 5 || i === 7 || i === 9) {\n text += \"-\";\n }\n }\n return text;\n}\n/**\n * Generates a keypair based on current keygen algorithm config.\n * @param extractable\n * @param usages\n */\nasync function generateKeyPair(extractable, usages) {\n return window.crypto.subtle.generateKey(keygenAlgorithmOptions, extractable, usages);\n}\n/**\n * Export key as Json Web Key (JWK)\n * @param key\n */\nasync function exportJwk(key) {\n return window.crypto.subtle.exportKey(KEY_FORMAT_JWK, key);\n}\n/**\n * Imports key as Json Web Key (JWK), can set extractable and usages.\n * @param key\n * @param extractable\n * @param usages\n */\nasync function importJwk(key, extractable, usages) {\n return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, keygenAlgorithmOptions, extractable, usages);\n}\n/**\n * Signs given data with given key\n * @param key\n * @param data\n */\nasync function sign(key, data) {\n return window.crypto.subtle.sign(keygenAlgorithmOptions, key, data);\n}\n\nexport { createNewGuid, exportJwk, generateKeyPair, getRandomValues, importJwk, sha256Digest, sign, validateCryptoAvailable };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Class which exposes APIs to encode plaintext to base64 encoded string. See here for implementation details:\n * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64\n */\n/**\n * Returns URL Safe b64 encoded string from a plaintext string.\n * @param input\n */\nfunction urlEncode(input) {\n return encodeURIComponent(base64Encode(input)\n .replace(/=/g, \"\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\"));\n}\n/**\n * Returns URL Safe b64 encoded string from an int8Array.\n * @param inputArr\n */\nfunction urlEncodeArr(inputArr) {\n return base64EncArr(inputArr)\n .replace(/=/g, \"\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\");\n}\n/**\n * Returns b64 encoded string from plaintext string.\n * @param input\n */\nfunction base64Encode(input) {\n return base64EncArr(new TextEncoder().encode(input));\n}\n/**\n * Base64 encode byte array\n * @param aBytes\n */\nfunction base64EncArr(aBytes) {\n const binString = Array.from(aBytes, (x) => String.fromCodePoint(x)).join(\"\");\n return btoa(binString);\n}\n\nexport { base64Encode, urlEncode, urlEncodeArr };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { createBrowserAuthError } from '../error/BrowserAuthError.mjs';\nimport { invalidBase64String } from '../error/BrowserAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:\n * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem\n */\n/**\n * Returns a URL-safe plaintext decoded string from b64 encoded input.\n * @param input\n */\nfunction base64Decode(input) {\n return new TextDecoder().decode(base64DecToArr(input));\n}\n/**\n * Decodes base64 into Uint8Array\n * @param base64String\n */\nfunction base64DecToArr(base64String) {\n let encodedString = base64String.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (encodedString.length % 4) {\n case 0:\n break;\n case 2:\n encodedString += \"==\";\n break;\n case 3:\n encodedString += \"=\";\n break;\n default:\n throw createBrowserAuthError(invalidBase64String);\n }\n const binString = atob(encodedString);\n return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);\n}\n\nexport { base64Decode };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { createBrowserAuthError } from '../error/BrowserAuthError.mjs';\nimport { DB_NAME, DB_VERSION, DB_TABLE_NAME } from '../utils/BrowserConstants.mjs';\nimport { databaseUnavailable, databaseNotOpen } from '../error/BrowserAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Storage wrapper for IndexedDB storage in browsers: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API\n */\nclass DatabaseStorage {\n constructor() {\n this.dbName = DB_NAME;\n this.version = DB_VERSION;\n this.tableName = DB_TABLE_NAME;\n this.dbOpen = false;\n }\n /**\n * Opens IndexedDB instance.\n */\n async open() {\n return new Promise((resolve, reject) => {\n const openDB = window.indexedDB.open(this.dbName, this.version);\n openDB.addEventListener(\"upgradeneeded\", (e) => {\n const event = e;\n event.target.result.createObjectStore(this.tableName);\n });\n openDB.addEventListener(\"success\", (e) => {\n const event = e;\n this.db = event.target.result;\n this.dbOpen = true;\n resolve();\n });\n openDB.addEventListener(\"error\", () => reject(createBrowserAuthError(databaseUnavailable)));\n });\n }\n /**\n * Closes the connection to IndexedDB database when all pending transactions\n * complete.\n */\n closeConnection() {\n const db = this.db;\n if (db && this.dbOpen) {\n db.close();\n this.dbOpen = false;\n }\n }\n /**\n * Opens database if it's not already open\n */\n async validateDbIsOpen() {\n if (!this.dbOpen) {\n return this.open();\n }\n }\n /**\n * Retrieves item from IndexedDB instance.\n * @param key\n */\n async getItem(key) {\n await this.validateDbIsOpen();\n return new Promise((resolve, reject) => {\n // TODO: Add timeouts?\n if (!this.db) {\n return reject(createBrowserAuthError(databaseNotOpen));\n }\n const transaction = this.db.transaction([this.tableName], \"readonly\");\n const objectStore = transaction.objectStore(this.tableName);\n const dbGet = objectStore.get(key);\n dbGet.addEventListener(\"success\", (e) => {\n const event = e;\n this.closeConnection();\n resolve(event.target.result);\n });\n dbGet.addEventListener(\"error\", (e) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n /**\n * Adds item to IndexedDB under given key\n * @param key\n * @param payload\n */\n async setItem(key, payload) {\n await this.validateDbIsOpen();\n return new Promise((resolve, reject) => {\n // TODO: Add timeouts?\n if (!this.db) {\n return reject(createBrowserAuthError(databaseNotOpen));\n }\n const transaction = this.db.transaction([this.tableName], \"readwrite\");\n const objectStore = transaction.objectStore(this.tableName);\n const dbPut = objectStore.put(payload, key);\n dbPut.addEventListener(\"success\", () => {\n this.closeConnection();\n resolve();\n });\n dbPut.addEventListener(\"error\", (e) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n /**\n * Removes item from IndexedDB under given key\n * @param key\n */\n async removeItem(key) {\n await this.validateDbIsOpen();\n return new Promise((resolve, reject) => {\n if (!this.db) {\n return reject(createBrowserAuthError(databaseNotOpen));\n }\n const transaction = this.db.transaction([this.tableName], \"readwrite\");\n const objectStore = transaction.objectStore(this.tableName);\n const dbDelete = objectStore.delete(key);\n dbDelete.addEventListener(\"success\", () => {\n this.closeConnection();\n resolve();\n });\n dbDelete.addEventListener(\"error\", (e) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n /**\n * Get all the keys from the storage object as an iterable array of strings.\n */\n async getKeys() {\n await this.validateDbIsOpen();\n return new Promise((resolve, reject) => {\n if (!this.db) {\n return reject(createBrowserAuthError(databaseNotOpen));\n }\n const transaction = this.db.transaction([this.tableName], \"readonly\");\n const objectStore = transaction.objectStore(this.tableName);\n const dbGetKeys = objectStore.getAllKeys();\n dbGetKeys.addEventListener(\"success\", (e) => {\n const event = e;\n this.closeConnection();\n resolve(event.target.result);\n });\n dbGetKeys.addEventListener(\"error\", (e) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n /**\n *\n * Checks whether there is an object under the search key in the object store\n */\n async containsKey(key) {\n await this.validateDbIsOpen();\n return new Promise((resolve, reject) => {\n if (!this.db) {\n return reject(createBrowserAuthError(databaseNotOpen));\n }\n const transaction = this.db.transaction([this.tableName], \"readonly\");\n const objectStore = transaction.objectStore(this.tableName);\n const dbContainsKey = objectStore.count(key);\n dbContainsKey.addEventListener(\"success\", (e) => {\n const event = e;\n this.closeConnection();\n resolve(event.target.result === 1);\n });\n dbContainsKey.addEventListener(\"error\", (e) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n /**\n * Deletes the MSAL database. The database is deleted rather than cleared to make it possible\n * for client applications to downgrade to a previous MSAL version without worrying about forward compatibility issues\n * with IndexedDB database versions.\n */\n async deleteDatabase() {\n // Check if database being deleted exists\n if (this.db && this.dbOpen) {\n this.closeConnection();\n }\n return new Promise((resolve, reject) => {\n const deleteDbRequest = window.indexedDB.deleteDatabase(DB_NAME);\n deleteDbRequest.addEventListener(\"success\", () => resolve(true));\n deleteDbRequest.addEventListener(\"blocked\", () => resolve(true));\n deleteDbRequest.addEventListener(\"error\", () => reject(false));\n });\n }\n}\n\nexport { DatabaseStorage };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nclass MemoryStorage {\n constructor() {\n this.cache = new Map();\n }\n getItem(key) {\n return this.cache.get(key) || null;\n }\n setItem(key, value) {\n this.cache.set(key, value);\n }\n removeItem(key) {\n this.cache.delete(key);\n }\n getKeys() {\n const cacheKeys = [];\n this.cache.forEach((value, key) => {\n cacheKeys.push(key);\n });\n return cacheKeys;\n }\n containsKey(key) {\n return this.cache.has(key);\n }\n clear() {\n this.cache.clear();\n }\n}\n\nexport { MemoryStorage };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { BrowserAuthError } from '../error/BrowserAuthError.mjs';\nimport { DatabaseStorage } from './DatabaseStorage.mjs';\nimport { MemoryStorage } from './MemoryStorage.mjs';\nimport { databaseUnavailable } from '../error/BrowserAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * This class allows MSAL to store artifacts asynchronously using the DatabaseStorage IndexedDB wrapper,\n * backed up with the more volatile MemoryStorage object for cases in which IndexedDB may be unavailable.\n */\nclass AsyncMemoryStorage {\n constructor(logger, storeName) {\n this.inMemoryCache = new MemoryStorage();\n this.indexedDBCache = new DatabaseStorage();\n this.logger = logger;\n this.storeName = storeName;\n }\n handleDatabaseAccessError(error) {\n if (error instanceof BrowserAuthError &&\n error.errorCode === databaseUnavailable) {\n this.logger.error(\"Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.\");\n }\n else {\n throw error;\n }\n }\n /**\n * Get the item matching the given key. Tries in-memory cache first, then in the asynchronous\n * storage object if item isn't found in-memory.\n * @param key\n */\n async getItem(key) {\n const item = this.inMemoryCache.getItem(key);\n if (!item) {\n try {\n this.logger.verbose(\"Queried item not found in in-memory cache, now querying persistent storage.\");\n return await this.indexedDBCache.getItem(key);\n }\n catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n return item;\n }\n /**\n * Sets the item in the in-memory cache and then tries to set it in the asynchronous\n * storage object with the given key.\n * @param key\n * @param value\n */\n async setItem(key, value) {\n this.inMemoryCache.setItem(key, value);\n try {\n await this.indexedDBCache.setItem(key, value);\n }\n catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n /**\n * Removes the item matching the key from the in-memory cache, then tries to remove it from the asynchronous storage object.\n * @param key\n */\n async removeItem(key) {\n this.inMemoryCache.removeItem(key);\n try {\n await this.indexedDBCache.removeItem(key);\n }\n catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n /**\n * Get all the keys from the in-memory cache as an iterable array of strings. If no keys are found, query the keys in the\n * asynchronous storage object.\n */\n async getKeys() {\n const cacheKeys = this.inMemoryCache.getKeys();\n if (cacheKeys.length === 0) {\n try {\n this.logger.verbose(\"In-memory cache is empty, now querying persistent storage.\");\n return await this.indexedDBCache.getKeys();\n }\n catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n return cacheKeys;\n }\n /**\n * Returns true or false if the given key is present in the cache.\n * @param key\n */\n async containsKey(key) {\n const containsKey = this.inMemoryCache.containsKey(key);\n if (!containsKey) {\n try {\n this.logger.verbose(\"Key not found in in-memory cache, now querying persistent storage.\");\n return await this.indexedDBCache.containsKey(key);\n }\n catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n return containsKey;\n }\n /**\n * Clears in-memory Map\n */\n clearInMemory() {\n // InMemory cache is a Map instance, clear is straightforward\n this.logger.verbose(`Deleting in-memory keystore ${this.storeName}`);\n this.inMemoryCache.clear();\n this.logger.verbose(`In-memory keystore ${this.storeName} deleted`);\n }\n /**\n * Tries to delete the IndexedDB database\n * @returns\n */\n async clearPersistent() {\n try {\n this.logger.verbose(\"Deleting persistent keystore\");\n const dbDeleted = await this.indexedDBCache.deleteDatabase();\n if (dbDeleted) {\n this.logger.verbose(\"Persistent keystore deleted\");\n }\n return dbDeleted;\n }\n catch (e) {\n this.handleDatabaseAccessError(e);\n return false;\n }\n }\n}\n\nexport { AsyncMemoryStorage };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { AsyncMemoryStorage } from './AsyncMemoryStorage.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst CryptoKeyStoreNames = {\n asymmetricKeys: \"asymmetricKeys\",\n symmetricKeys: \"symmetricKeys\",\n};\n/**\n * MSAL CryptoKeyStore DB Version 2\n */\nclass CryptoKeyStore {\n constructor(logger) {\n this.logger = logger;\n this.asymmetricKeys = new AsyncMemoryStorage(this.logger, CryptoKeyStoreNames.asymmetricKeys);\n this.symmetricKeys = new AsyncMemoryStorage(this.logger, CryptoKeyStoreNames.symmetricKeys);\n }\n async clear() {\n // Delete in-memory keystores\n this.asymmetricKeys.clearInMemory();\n this.symmetricKeys.clearInMemory();\n /**\n * There is only one database, so calling clearPersistent on asymmetric keystore takes care of\n * every persistent keystore\n */\n try {\n await this.asymmetricKeys.clearPersistent();\n return true;\n }\n catch (e) {\n if (e instanceof Error) {\n this.logger.error(`Clearing keystore failed with error: ${e.message}`);\n }\n else {\n this.logger.error(\"Clearing keystore failed with unknown error\");\n }\n return false;\n }\n }\n}\n\nexport { CryptoKeyStore, CryptoKeyStoreNames };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { PerformanceEvents, JoseHeader } from '@azure/msal-common';\nimport { base64Encode, urlEncode, urlEncodeArr } from '../encode/Base64Encode.mjs';\nimport { base64Decode } from '../encode/Base64Decode.mjs';\nimport { validateCryptoAvailable, createNewGuid, generateKeyPair, exportJwk, importJwk, sign, sha256Digest } from './BrowserCrypto.mjs';\nimport { createBrowserAuthError } from '../error/BrowserAuthError.mjs';\nimport { CryptoKeyStore } from '../cache/CryptoKeyStore.mjs';\nimport { cryptoKeyNotFound } from '../error/BrowserAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\n */\nclass CryptoOps {\n constructor(logger, performanceClient) {\n this.logger = logger;\n // Browser crypto needs to be validated first before any other classes can be set.\n validateCryptoAvailable(logger);\n this.cache = new CryptoKeyStore(this.logger);\n this.performanceClient = performanceClient;\n }\n /**\n * Creates a new random GUID - used to populate state and nonce.\n * @returns string (GUID)\n */\n createNewGuid() {\n return createNewGuid();\n }\n /**\n * Encodes input string to base64.\n * @param input\n */\n base64Encode(input) {\n return base64Encode(input);\n }\n /**\n * Decodes input string from base64.\n * @param input\n */\n base64Decode(input) {\n return base64Decode(input);\n }\n /**\n * Generates a keypair, stores it and returns a thumbprint\n * @param request\n */\n async getPublicKeyThumbprint(request) {\n const publicKeyThumbMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsGetPublicKeyThumbprint, request.correlationId);\n // Generate Keypair\n const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES);\n // Generate Thumbprint for Public Key\n const publicKeyJwk = await exportJwk(keyPair.publicKey);\n const pubKeyThumprintObj = {\n e: publicKeyJwk.e,\n kty: publicKeyJwk.kty,\n n: publicKeyJwk.n,\n };\n const publicJwkString = getSortedObjectString(pubKeyThumprintObj);\n const publicJwkHash = await this.hashString(publicJwkString);\n // Generate Thumbprint for Private Key\n const privateKeyJwk = await exportJwk(keyPair.privateKey);\n // Re-import private key to make it unextractable\n const unextractablePrivateKey = await importJwk(privateKeyJwk, false, [\"sign\"]);\n // Store Keypair data in keystore\n await this.cache.asymmetricKeys.setItem(publicJwkHash, {\n privateKey: unextractablePrivateKey,\n publicKey: keyPair.publicKey,\n requestMethod: request.resourceRequestMethod,\n requestUri: request.resourceRequestUri,\n });\n if (publicKeyThumbMeasurement) {\n publicKeyThumbMeasurement.end({\n success: true,\n });\n }\n return publicJwkHash;\n }\n /**\n * Removes cryptographic keypair from key store matching the keyId passed in\n * @param kid\n */\n async removeTokenBindingKey(kid) {\n await this.cache.asymmetricKeys.removeItem(kid);\n const keyFound = await this.cache.asymmetricKeys.containsKey(kid);\n return !keyFound;\n }\n /**\n * Removes all cryptographic keys from IndexedDB storage\n */\n async clearKeystore() {\n return this.cache.clear();\n }\n /**\n * Signs the given object as a jwt payload with private key retrieved by given kid.\n * @param payload\n * @param kid\n */\n async signJwt(payload, kid, shrOptions, correlationId) {\n const signJwtMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsSignJwt, correlationId);\n const cachedKeyPair = await this.cache.asymmetricKeys.getItem(kid);\n if (!cachedKeyPair) {\n throw createBrowserAuthError(cryptoKeyNotFound);\n }\n // Get public key as JWK\n const publicKeyJwk = await exportJwk(cachedKeyPair.publicKey);\n const publicKeyJwkString = getSortedObjectString(publicKeyJwk);\n // Base64URL encode public key thumbprint with keyId only: BASE64URL({ kid: \"FULL_PUBLIC_KEY_HASH\" })\n const encodedKeyIdThumbprint = urlEncode(JSON.stringify({ kid: kid }));\n // Generate header\n const shrHeader = JoseHeader.getShrHeaderString({\n ...shrOptions?.header,\n alg: publicKeyJwk.alg,\n kid: encodedKeyIdThumbprint,\n });\n const encodedShrHeader = urlEncode(shrHeader);\n // Generate payload\n payload.cnf = {\n jwk: JSON.parse(publicKeyJwkString),\n };\n const encodedPayload = urlEncode(JSON.stringify(payload));\n // Form token string\n const tokenString = `${encodedShrHeader}.${encodedPayload}`;\n // Sign token\n const encoder = new TextEncoder();\n const tokenBuffer = encoder.encode(tokenString);\n const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer);\n const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer));\n const signedJwt = `${tokenString}.${encodedSignature}`;\n if (signJwtMeasurement) {\n signJwtMeasurement.end({\n success: true,\n });\n }\n return signedJwt;\n }\n /**\n * Returns the SHA-256 hash of an input string\n * @param plainText\n */\n async hashString(plainText) {\n const hashBuffer = await sha256Digest(plainText);\n const hashBytes = new Uint8Array(hashBuffer);\n return urlEncodeArr(hashBytes);\n }\n}\nCryptoOps.POP_KEY_USAGES = [\"sign\", \"verify\"];\nCryptoOps.EXTRACTABLE = true;\nfunction getSortedObjectString(obj) {\n return JSON.stringify(obj, Object.keys(obj).sort());\n}\n\nexport { CryptoOps };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst EventType = {\n INITIALIZE_START: \"msal:initializeStart\",\n INITIALIZE_END: \"msal:initializeEnd\",\n ACCOUNT_ADDED: \"msal:accountAdded\",\n ACCOUNT_REMOVED: \"msal:accountRemoved\",\n ACTIVE_ACCOUNT_CHANGED: \"msal:activeAccountChanged\",\n LOGIN_START: \"msal:loginStart\",\n LOGIN_SUCCESS: \"msal:loginSuccess\",\n LOGIN_FAILURE: \"msal:loginFailure\",\n ACQUIRE_TOKEN_START: \"msal:acquireTokenStart\",\n ACQUIRE_TOKEN_SUCCESS: \"msal:acquireTokenSuccess\",\n ACQUIRE_TOKEN_FAILURE: \"msal:acquireTokenFailure\",\n ACQUIRE_TOKEN_NETWORK_START: \"msal:acquireTokenFromNetworkStart\",\n SSO_SILENT_START: \"msal:ssoSilentStart\",\n SSO_SILENT_SUCCESS: \"msal:ssoSilentSuccess\",\n SSO_SILENT_FAILURE: \"msal:ssoSilentFailure\",\n ACQUIRE_TOKEN_BY_CODE_START: \"msal:acquireTokenByCodeStart\",\n ACQUIRE_TOKEN_BY_CODE_SUCCESS: \"msal:acquireTokenByCodeSuccess\",\n ACQUIRE_TOKEN_BY_CODE_FAILURE: \"msal:acquireTokenByCodeFailure\",\n HANDLE_REDIRECT_START: \"msal:handleRedirectStart\",\n HANDLE_REDIRECT_END: \"msal:handleRedirectEnd\",\n POPUP_OPENED: \"msal:popupOpened\",\n LOGOUT_START: \"msal:logoutStart\",\n LOGOUT_SUCCESS: \"msal:logoutSuccess\",\n LOGOUT_FAILURE: \"msal:logoutFailure\",\n LOGOUT_END: \"msal:logoutEnd\",\n RESTORE_FROM_BFCACHE: \"msal:restoreFromBFCache\",\n};\n\nexport { EventType };\n\n","/*! @azure/msal-browser v3.10.0 2024-02-17 */\n'use strict';\nimport { PersistentCacheKeys, AccountEntity, CacheManager } from '@azure/msal-common';\nimport { EventType } from './EventType.mjs';\nimport { createNewGuid } from '../crypto/BrowserCrypto.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nclass EventHandler {\n constructor(logger, browserCrypto) {\n this.eventCallbacks = new Map();\n this.logger = logger;\n this.browserCrypto = browserCrypto;\n this.listeningToStorageEvents = false;\n this.handleAccountCacheChange =\n this.handleAccountCacheChange.bind(this);\n }\n /**\n * Adds event callbacks to array\n * @param callback\n */\n addEventCallback(callback) {\n if (typeof window !== \"undefined\") {\n const callbackId = createNewGuid();\n this.eventCallbacks.set(callbackId, callback);\n this.logger.verbose(`Event callback registered with id: ${callbackId}`);\n return callbackId;\n }\n return null;\n }\n /**\n * Removes callback with provided id from callback array\n * @param callbackId\n */\n removeEventCallback(callbackId) {\n this.eventCallbacks.delete(callbackId);\n this.logger.verbose(`Event callback ${callbackId} removed.`);\n }\n /**\n * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window\n */\n enableAccountStorageEvents() {\n if (typeof window === \"undefined\") {\n return;\n }\n if (!this.listeningToStorageEvents) {\n this.logger.verbose(\"Adding account storage listener.\");\n this.listeningToStorageEvents = true;\n window.addEventListener(\"storage\", this.handleAccountCacheChange);\n }\n else {\n this.logger.verbose(\"Account storage listener already registered.\");\n }\n }\n /**\n * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window\n */\n disableAccountStorageEvents() {\n if (typeof window === \"undefined\") {\n return;\n }\n if (this.listeningToStorageEvents) {\n this.logger.verbose(\"Removing account storage listener.\");\n window.removeEventListener(\"storage\", this.handleAccountCacheChange);\n this.listeningToStorageEvents = false;\n }\n else {\n this.logger.verbose(\"No account storage listener registered.\");\n }\n }\n /**\n * Emits events by calling callback with event message\n * @param eventType\n * @param interactionType\n * @param payload\n * @param error\n */\n emitEvent(eventType, interactionType, payload, error) {\n if (typeof window !== \"undefined\") {\n const message = {\n eventType: eventType,\n interactionType: interactionType || null,\n payload: payload || null,\n error: error || null,\n timestamp: Date.now(),\n };\n this.logger.info(`Emitting event: ${eventType}`);\n this.eventCallbacks.forEach((callback, callbackId) => {\n this.logger.verbose(`Emitting event to callback ${callbackId}: ${eventType}`);\n callback.apply(null, [message]);\n });\n }\n }\n /**\n * Emit account added/removed events when cached accounts are changed in a different tab or frame\n */\n handleAccountCacheChange(e) {\n try {\n // Handle active account filter change\n if (e.key?.includes(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS)) {\n // This event has no payload, it only signals cross-tab app instances that the results of calling getActiveAccount() will have changed\n this.emitEvent(EventType.ACTIVE_ACCOUNT_CHANGED);\n }\n // Handle account object change\n const cacheValue = e.newValue || e.oldValue;\n if (!cacheValue) {\n return;\n }\n const parsedValue = JSON.parse(cacheValue);\n if (typeof parsedValue !== \"object\" ||\n !AccountEntity.isAccountEntity(parsedValue)) {\n return;\n }\n const accountEntity = CacheManager.toObject(new AccountEntity(), parsedValue);\n const accountInfo = accountEntity.getAccountInfo();\n if (!e.oldValue && e.newValue) {\n this.logger.info(\"Account was added to cache in a different window\");\n this.emitEvent(EventType.ACCOUNT_ADDED, undefined, accountInfo);\n }\n else if (!e.newValue && e.oldValue) {\n this.logger.info(\"Account was removed from cache in a different window\");\n this.emitEvent(EventType.ACCOUNT_REMOVED, undefined, accountInfo);\n }\n }\n catch (e) {\n return;\n }\n }\n}\n\nexport { EventHandler };\n\n"],"mappings":";;;;;;;;;AAMA,IAAM,YAAY;AAAA,EACd,cAAc;AAAA,EACd,KAAK;AAAA;AAAA,EAEL,cAAc;AAAA;AAAA,EAEd,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,uBAAuB;AAAA;AAAA,EAEvB,MAAM;AAAA,EACN,MAAM;AAAA;AAAA,EAEN,8BAA8B;AAAA;AAAA,EAE9B,eAAe;AAAA,EACf,0BAA0B;AAAA;AAAA,EAE1B,gBAAgB;AAAA;AAAA,EAEhB,YAAY;AAAA;AAAA,EAEZ,QAAQ;AAAA;AAAA,EAER,eAAe;AAAA;AAAA,EAEf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,sBAAsB;AAAA,EACtB,aAAa;AAAA;AAAA,EAEb,oBAAoB;AAAA,EACpB,iBAAiB;AAAA,EACjB,eAAe;AAAA,EACf,wBAAwB;AAAA,EACxB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,uBAAuB;AAAA,EACvB,aAAa;AAAA,EACb,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,cAAc;AAAA,EACd,iCAAiC;AAAA,EACjC,mCAAmC;AAAA,EACnC,qBAAqB;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AAAA,EACA,qBAAqB;AAAA,EACrB,wBAAwB;AAAA,EACxB,oBAAoB;AAAA,EACpB,kBAAkB;AACtB;AACA,IAAM,aAAa;AAAA,EACf,qBAAqB;AAAA,EACrB,mBAAmB;AAAA,EACnB,UAAU;AAAA,EACV,0BAA0B;AAAA,EAC1B,wBAAwB;AAAA,EACxB,0BAA0B;AAAA,EAC1B,wBAAwB;AAC5B;AACA,IAAM,sBAAsB;AAAA,EACxB,UAAU;AAAA,EACV,UAAU;AAAA,EACV,UAAU;AACd;AACA,IAAM,cAAc,CAAC,GAAG,qBAAqB,UAAU,WAAW;AAIlE,IAAM,cAAc;AAAA,EAChB,cAAc;AAAA,EACd,aAAa;AAAA,EACb,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,oBAAoB;AAAA,EACpB,iBAAiB;AAAA,EACjB,mBAAmB;AACvB;AAIA,IAAM,sBAAsB;AAAA,EACxB,UAAU;AAAA,EACV,aAAa;AAAA,EACb,eAAe;AAAA,EACf,OAAO;AAAA,EACP,YAAY;AAAA,EACZ,gBAAgB;AAAA,EAChB,wBAAwB;AAAA;AAC5B;AAIA,IAAM,wBAAwB;AAAA,EAC1B,QAAQ;AAAA,EACR,eAAe;AAAA,EACf,WAAW;AACf;AAIA,IAAM,oBAAoB;AAAA,EACtB,cAAc;AAAA,EACd,QAAQ;AACZ;AAMA,IAAM,cAAc;AAAA,EAChB,OAAO;AAAA,EACP,gBAAgB;AAAA,EAChB,SAAS;AAAA,EACT,MAAM;AAAA,EACN,QAAQ;AAAA,EACR,YAAY;AAChB;AAIA,IAAM,4BAA4B;AAAA,EAC9B,OAAO;AAAA,EACP,MAAM;AACV;AAIA,IAAM,qBAAqB;AAAA,EACvB,OAAO;AAAA,EACP,UAAU;AACd;AAIA,IAAM,eAAe,iCACd,qBADc;AAAA,EAEjB,WAAW;AACf;AAIA,IAAM,YAAY;AAAA,EACd,gBAAgB;AAAA,EAChB,0BAA0B;AAAA,EAC1B,0BAA0B;AAAA,EAC1B,+BAA+B;AAAA,EAC/B,qBAAqB;AAAA,EACrB,mBAAmB;AAAA,EACnB,YAAY;AAChB;AAIA,IAAM,mBAAmB;AAAA,EACrB,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,oBAAoB;AAAA,EACpB,sBAAsB;AAAA;AAC1B;AAIA,IAAM,aAAa;AAAA,EACf,qBAAqB;AAAA,EACrB,uBAAuB;AAC3B;AAIA,IAAM,iBAAiB;AAAA,EACnB,UAAU;AAAA,EACV,cAAc;AAAA,EACd,+BAA+B;AAAA,EAC/B,eAAe;AACnB;AAkBA,IAAM,eAAe;AACrB,IAAM,cAAc;AACpB,IAAM,gBAAgB;AACtB,IAAM,+BAA+B;AAAA,EACjC,WAAW;AAAA,EACX,sBAAsB,OAAO;AAAA;AACjC;AACA,IAAM,0BAA0B;AAAA,EAC5B,QAAQ;AAAA,EACR,OAAO;AAAA,EACP,SAAS;AAAA,EACT,kBAAkB;AACtB;AACA,IAAM,yBAAyB;AAAA,EAC3B,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,mBAAmB;AAAA,EACnB,WAAW;AAAA,EACX,oBAAoB;AAAA,EACpB,iBAAiB;AAAA,EACjB,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,eAAe;AACnB;AAIA,IAAM,uBAAuB;AAAA,EACzB,QAAQ;AAAA,EACR,KAAK;AAAA,EACL,KAAK;AACT;AAIA,IAAM,sBAAsB;AAAA;AAAA,EAExB,+BAA+B;AAAA;AAAA,EAE/B,mCAAmC;AAAA;AAAA,EAEnC,mBAAmB;AAAA;AAAA,EAEnB,2BAA2B;AAC/B;AACA,IAAM,SAAS;AAAA,EACX,qBAAqB;AAAA,EACrB,uBAAuB;AAC3B;AAIA,IAAM,yBAAyB;AAAA,EAC3B,UAAU;AAAA,EACV,UAAU;AACd;AAIA,IAAM,gBAAgB;AAAA,EAClB,aAAa;AAAA,EACb,gBAAgB;AACpB;AAIA,IAAM,yBAAyB;AAAA,EAC3B,uBAAuB;AAAA,EACvB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,MAAM;AACV;AAIA,IAAM,0BAA0B;AAAA,EAC5B,6BAA6B;AAAA,EAC7B,8BAA8B;AAAA,EAC9B,yBAAyB;AAAA,EACzB,qCAAqC;AAAA,EACrC,iCAAiC;AACrC;AAIA,IAAM,eAAe;AAAA;AAAA,EAEjB,gBAAgB;AAAA;AAAA,EAEhB,yBAAyB;AAAA;AAAA,EAEzB,wBAAwB;AAAA;AAAA,EAExB,6BAA6B;AAAA;AAAA,EAE7B,uBAAuB;AAC3B;AACA,IAAM,oBAAoB;AAAA,EACtB,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AACT;;;ACpTA;AAAA;AAAA;AAAA;AAAA;AASA,IAAM,kBAAkB;AACxB,IAAM,oBAAoB;;;ACC1B,IAAM,oBAAoB;AAAA,EACtB,CAAC,eAAe,GAAG;AAAA,EACnB,CAAC,iBAAiB,GAAG;AACzB;AAKA,IAAM,mBAAmB;AAAA,EACrB,iBAAiB;AAAA,IACb,MAAM;AAAA,IACN,MAAM,kBAAkB,eAAe;AAAA,EAC3C;AAAA,EACA,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,kBAAkB,iBAAiB;AAAA,EAC7C;AACJ;AAIA,IAAM,YAAN,MAAM,mBAAkB,MAAM;AAAA,EAC1B,YAAY,WAAW,cAAc,UAAU;AAC3C,UAAM,cAAc,eACd,GAAG,SAAS,KAAK,YAAY,KAC7B;AACN,UAAM,WAAW;AACjB,WAAO,eAAe,MAAM,WAAU,SAAS;AAC/C,SAAK,YAAY,aAAa,UAAU;AACxC,SAAK,eAAe,gBAAgB,UAAU;AAC9C,SAAK,WAAW,YAAY,UAAU;AACtC,SAAK,OAAO;AAAA,EAChB;AAAA,EACA,iBAAiB,eAAe;AAC5B,SAAK,gBAAgB;AAAA,EACzB;AACJ;AACA,SAAS,gBAAgB,MAAM,mBAAmB;AAC9C,SAAO,IAAI,UAAU,MAAM,oBACrB,GAAG,kBAAkB,IAAI,CAAC,IAAI,iBAAiB,KAC/C,kBAAkB,IAAI,CAAC;AACjC;;;ACpDA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,IAAM,0BAA0B;AAChC,IAAM,uBAAuB;AAC7B,IAAM,oBAAoB;AAC1B,IAAM,mBAAmB;AACzB,IAAM,0BAA0B;AAChC,IAAM,eAAe;AACrB,IAAM,oBAAoB;AAC1B,IAAM,sBAAsB;AAC5B,IAAM,eAAe;AACrB,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,mBAAmB;AACzB,IAAM,mBAAmB;AACzB,IAAM,yBAAyB;AAC/B,IAAM,2BAA2B;AACjC,IAAM,8BAA8B;AACpC,IAAM,sBAAsB;AAC5B,IAAM,yBAAyB;AAC/B,IAAM,uBAAuB;AAC7B,IAAM,qBAAqB;AAC3B,IAAM,6BAA6B;AACnC,IAAM,oBAAoB;AAC1B,IAAM,yBAAyB;AAC/B,IAAM,2BAA2B;AACjC,IAAM,qBAAqB;AAC3B,IAAM,0BAA0B;AAChC,IAAM,iBAAiB;AACvB,IAAM,iBAAiB;AACvB,IAAM,2BAA2B;AACjC,IAAM,mBAAmB;AACzB,IAAM,0BAA0B;AAChC,IAAM,uBAAuB;AAC7B,IAAM,qBAAqB;AAC3B,IAAM,qCAAqC;AAC3C,IAAM,6CAA6C;AACnD,IAAM,uBAAuB;AAC7B,IAAM,iCAAiC;AACvC,IAAM,eAAe;AACrB,IAAM,wBAAwB;AAC9B,IAAM,eAAe;AACrB,IAAM,uBAAuB;AAC7B,IAAM,uBAAuB;AAC7B,IAAM,8BAA8B;;;ACnCpC,IAAM,0BAA0B;AAAA,EAC5B,CAAC,uBAAuB,GAAG;AAAA,EAC3B,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,uBAAuB,GAAG;AAAA,EAC3B,CAAC,YAAY,GAAG;AAAA,EAChB,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,mBAAmB,GAAG;AAAA,EACvB,CAAC,YAAY,GAAG;AAAA,EAChB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,gBAAgB,GAAG;AAAA,EAGpB,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,sBAAsB,GAAG;AAAA,EAE1B,CAAC,wBAAwB,GAAG;AAAA,EAC5B,CAAC,2BAA2B,GAAG;AAAA,EAC/B,CAAC,mBAAmB,GAAG;AAAA,EACvB,CAAC,sBAAsB,GAAG;AAAA,EAC1B,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,kBAAkB,GAAG;AAAA,EACtB,CAAC,0BAA0B,GAAG;AAAA,EAC9B,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,sBAAsB,GAAG;AAAA,EAC1B,CAAC,wBAAwB,GAAG;AAAA,EAC5B,CAAC,kBAAkB,GAAG;AAAA,EACtB,CAAC,uBAAuB,GAAG;AAAA,EAC3B,CAAC,cAAc,GAAG;AAAA,EAClB,CAAC,cAAc,GAAG;AAAA,EAClB,CAAC,wBAAwB,GAAG;AAAA,EAC5B,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,uBAAuB,GAAG;AAAA,EAC3B,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,kBAAkB,GAAG;AAAA,EACtB,CAAC,kCAAkC,GAAG;AAAA,EACtC,CAAC,0CAA0C,GAAG;AAAA,EAC9C,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,8BAA8B,GAAG;AAAA,EAClC,CAAC,YAAY,GAAG;AAAA,EAChB,CAAC,qBAAqB,GAAG;AAAA,EACzB,CAAC,YAAY,GAAG;AAAA,EAChB,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,2BAA2B,GAAG;AACnC;AAKA,IAAM,yBAAyB;AAAA,EAC3B,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,wBAAwB,uBAAuB;AAAA,EACzD;AAAA,EACA,sBAAsB;AAAA,IAClB,MAAM;AAAA,IACN,MAAM,wBAAwB,oBAAoB;AAAA,EACtD;AAAA,EACA,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,wBAAwB,iBAAiB;AAAA,EACnD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,wBAAwB,gBAAgB;AAAA,EAClD;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,wBAAwB,uBAAuB;AAAA,EACzD;AAAA,EACA,cAAc;AAAA,IACV,MAAM;AAAA,IACN,MAAM,wBAAwB,YAAY;AAAA,EAC9C;AAAA,EACA,8BAA8B;AAAA,IAC1B,MAAM;AAAA,IACN,MAAM,wBAAwB,iBAAiB;AAAA,EACnD;AAAA,EACA,qBAAqB;AAAA,IACjB,MAAM;AAAA,IACN,MAAM,wBAAwB,mBAAmB;AAAA,EACrD;AAAA,EACA,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,wBAAwB,YAAY;AAAA,EAC9C;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,wBAAwB,aAAa;AAAA,EAC/C;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,wBAAwB,aAAa;AAAA,EAC/C;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,wBAAwB,aAAa;AAAA,EAC/C;AAAA,EACA,uBAAuB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM,wBAAwB,gBAAgB;AAAA,EAClD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,wBAAwB,gBAAgB;AAAA,EAClD;AAAA,EACA,wBAAwB;AAAA,IACpB,MAAM;AAAA,IACN,MAAM,wBAAwB,sBAAsB;AAAA,EACxD;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,wBAAwB,wBAAwB;AAAA,EAC1D;AAAA,EACA,6BAA6B;AAAA,IACzB,MAAM;AAAA,IACN,MAAM,wBAAwB,2BAA2B;AAAA,EAC7D;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,wBAAwB,mBAAmB;AAAA,EACrD;AAAA,EACA,uBAAuB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM,wBAAwB,sBAAsB;AAAA,EACxD;AAAA,EACA,qBAAqB;AAAA,IACjB,MAAM;AAAA,IACN,MAAM,wBAAwB,oBAAoB;AAAA,EACtD;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,wBAAwB,kBAAkB;AAAA,EACpD;AAAA,EACA,4BAA4B;AAAA,IACxB,MAAM;AAAA,IACN,MAAM,wBAAwB,0BAA0B;AAAA,EAC5D;AAAA,EACA,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,wBAAwB,iBAAiB;AAAA,EACnD;AAAA,EACA,wBAAwB;AAAA,IACpB,MAAM;AAAA,IACN,MAAM,wBAAwB,sBAAsB;AAAA,EACxD;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,wBAAwB,wBAAwB;AAAA,EAC1D;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,wBAAwB,kBAAkB;AAAA,EACpD;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,wBAAwB,uBAAuB;AAAA,EACzD;AAAA,EACA,gBAAgB;AAAA,IACZ,MAAM;AAAA,IACN,MAAM,wBAAwB,cAAc;AAAA,EAChD;AAAA,EACA,aAAa;AAAA,IACT,MAAM;AAAA,IACN,MAAM,wBAAwB,cAAc;AAAA,EAChD;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,wBAAwB,wBAAwB;AAAA,EAC1D;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,wBAAwB,gBAAgB;AAAA,EAClD;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,wBAAwB,uBAAuB;AAAA,EACzD;AAAA,EACA,sBAAsB;AAAA,IAClB,MAAM;AAAA,IACN,MAAM,wBAAwB,oBAAoB;AAAA,EACtD;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,wBAAwB,kBAAkB;AAAA,EACpD;AAAA,EACA,qBAAqB;AAAA,IACjB,MAAM;AAAA,IACN,MAAM,wBAAwB,kCAAkC;AAAA,EACpE;AAAA,EACA,+BAA+B;AAAA,IAC3B,MAAM;AAAA,IACN,MAAM,wBAAwB,0CAA0C;AAAA,EAC5E;AAAA,EACA,2BAA2B;AAAA,IACvB,MAAM;AAAA,IACN,MAAM,wBAAwB,oBAAoB;AAAA,EACtD;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,wBAAwB,8BAA8B;AAAA,EAChE;AAAA,EACA,cAAc;AAAA,IACV,MAAM;AAAA,IACN,MAAM,wBAAwB,YAAY;AAAA,EAC9C;AAAA,EACA,uBAAuB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM,wBAAwB,qBAAqB;AAAA,EACvD;AAAA,EACA,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,wBAAwB,YAAY;AAAA,EAC9C;AAAA,EACA,sBAAsB;AAAA,IAClB,MAAM;AAAA,IACN,MAAM,wBAAwB,oBAAoB;AAAA,EACtD;AAAA,EACA,6BAA6B;AAAA,IACzB,MAAM;AAAA,IACN,MAAM,wBAAwB,2BAA2B;AAAA,EAC7D;AACJ;AAIA,IAAM,kBAAN,MAAM,yBAAwB,UAAU;AAAA,EACpC,YAAY,WAAW,mBAAmB;AACtC,UAAM,WAAW,oBACX,GAAG,wBAAwB,SAAS,CAAC,KAAK,iBAAiB,KAC3D,wBAAwB,SAAS,CAAC;AACxC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,iBAAgB,SAAS;AAAA,EACzD;AACJ;AACA,SAAS,sBAAsB,WAAW,mBAAmB;AACzD,SAAO,IAAI,gBAAgB,WAAW,iBAAiB;AAC3D;;;ACtPA,IAAM,gCAAgC;AAAA,EAClC,eAAe,MAAM;AACjB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,cAAc,MAAM;AAChB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,cAAc,MAAM;AAChB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACM,yBAAyB;AAAA;AAC3B,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AAAA,EACM,wBAAwB;AAAA;AAC1B,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AAAA,EACM,gBAAgB;AAAA;AAClB,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AAAA,EACM,UAAU;AAAA;AACZ,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AAAA,EACM,aAAa;AAAA;AACf,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AACJ;;;AClCA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYA,SAAS,aAAa;AAElB,SAAO,KAAK,OAAM,oBAAI,KAAK,GAAE,QAAQ,IAAI,GAAM;AACnD;AAKA,SAAS,eAAe,WAAW,QAAQ;AAEvC,QAAM,gBAAgB,OAAO,SAAS,KAAK;AAC3C,QAAM,uBAAuB,WAAW,IAAI;AAE5C,SAAO,uBAAuB;AAClC;AAOA,SAAS,mBAAmB,UAAU;AAClC,QAAM,cAAc,OAAO,QAAQ;AACnC,SAAO,cAAc,WAAW;AACpC;AAMA,SAAS,MAAM,GAAG,OAAO;AACrB,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,MAAM,QAAQ,KAAK,GAAG,CAAC,CAAC;AACvE;;;AC7BA,SAAS,gBAAgB,eAAeA,eAAc;AAClD,MAAI,CAAC,eAAe;AAChB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AACA,MAAI;AACA,UAAM,oBAAoBA,cAAa,aAAa;AACpD,WAAO,KAAK,MAAM,iBAAiB;AAAA,EACvC,SACO,GAAG;AACN,UAAM,sBAAsB,uBAAuB;AAAA,EACvD;AACJ;AAKA,SAAS,iCAAiC,eAAe;AACrD,MAAI,CAAC,eAAe;AAChB,UAAM,sBAAsB,uBAAuB;AAAA,EACvD;AACA,QAAM,kBAAkB,cAAc,MAAM,WAAW,uBAAuB,CAAC;AAC/E,SAAO;AAAA,IACH,KAAK,gBAAgB,CAAC;AAAA,IACtB,MAAM,gBAAgB,SAAS,IACzB,UAAU,eACV,gBAAgB,CAAC;AAAA,EAC3B;AACJ;;;AC9BA,SAAS,0BAA0B,UAAU,eAAe;AACxD,SAAQ,CAAC,CAAC,YACN,CAAC,CAAC,iBACF,aAAa,cAAc,MAAM,GAAG,EAAE,CAAC;AAC/C;AACA,SAAS,oCAAoC,eAAe,eAAe;AACvE,QAAM,EAAE,KAAK,KAAK,KAAK,MAAAC,OAAM,KAAK,IAAI,IAAI;AAO1C,QAAM,WAAW,OAAO,OAAO,OAAO;AACtC,SAAO;AAAA,IACH;AAAA,IACA,gBAAgB,OAAO,OAAO;AAAA,IAC9B,MAAMA;AAAA,IACN,cAAc,0BAA0B,UAAU,aAAa;AAAA,EACnE;AACJ;AAOA,SAAS,+BAA+B,iBAAiB,eAAe,eAAe,eAAe;AAClG,MAAI,qBAAqB;AAEzB,MAAI,eAAe;AAEf,UAAmD,oBAA3C,eA5ChB,IA4C2D,IAA1B,kCAA0B,IAA1B,CAAjB;AACR,yBAAqB,kCAAK,kBAAoB;AAAA,EAClD;AAEA,MAAI,eAAe;AAGf,UAAwD,yCAAoC,gBAAgB,eAAe,aAAa,GAAhI,eAnDhB,IAmDgE,IAA/B,uCAA+B,IAA/B,CAAjB;AACR,yBAAqB,gDACd,qBACA,6BAFc;AAAA,MAGjB;AAAA,MACA,SAAS;AAAA,IACb;AACA,WAAO;AAAA,EACX;AACA,SAAO;AACX;;;ACpDA,IAAM,gBAAgB;AAAA,EAClB,SAAS;AAAA,EACT,MAAM;AAAA,EACN,MAAM;AAAA,EACN,MAAM;AACV;;;ACCA,SAAS,6BAA6B,eAAe;AACjD,MAAI,eAAe;AACf,UAAM,WAAW,cAAc,OAAO,cAAc,OAAO,cAAc;AACzE,WAAO,YAAY;AAAA,EACvB;AACA,SAAO;AACX;;;ACZA,IAAM,eAAe;AAAA,EACjB,KAAK;AAAA,EACL,MAAM;AACV;;;AC0BA,IAAM,gBAAN,MAAM,eAAc;AAAA;AAAA;AAAA;AAAA,EAIhB,oBAAoB;AAChB,UAAM,YAAY,CAAC,KAAK,eAAe,KAAK,WAAW;AACvD,WAAO,UAAU,KAAK,WAAW,mBAAmB,EAAE,YAAY;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAIA,qBAAqB;AACjB,WAAO,eAAc,wBAAwB;AAAA,MACzC,eAAe,KAAK;AAAA,MACpB,aAAa,KAAK;AAAA,MAClB,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACzB,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,iBAAiB;AACb,WAAO;AAAA,MACH,eAAe,KAAK;AAAA,MACpB,aAAa,KAAK;AAAA,MAClB,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,MACrB,MAAM,KAAK;AAAA,MACX,iBAAiB,KAAK;AAAA,MACtB,eAAe,KAAK;AAAA;AAAA,MAEpB,gBAAgB,IAAI,KAAK,KAAK,kBAAkB,CAAC,GAAG,IAAI,CAAC,kBAAkB;AACvE,eAAO,CAAC,cAAc,UAAU,aAAa;AAAA,MACjD,CAAC,CAAC;AAAA,IACN;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,iBAAiB;AACb,WAAO,CAAC,KAAK;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,wBAAwB,kBAAkB;AAC7C,UAAM,eAAe,iBAAiB,cAAc,MAAM,GAAG,EAAE,CAAC;AAChE,UAAM,aAAa;AAAA,MACf,iBAAiB;AAAA,MACjB,iBAAiB,eAAe;AAAA,MAChC,gBAAgB,iBAAiB,YAAY;AAAA,IACjD;AACA,WAAO,WAAW,KAAK,WAAW,mBAAmB,EAAE,YAAY;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,cAAc,gBAAgB,WAAWC,eAAc;AAC1D,UAAM,UAAU,IAAI,eAAc;AAClC,QAAI,UAAU,kBAAkB,cAAc,MAAM;AAChD,cAAQ,gBAAgB,iBAAiB;AAAA,IAC7C,WACS,UAAU,iBAAiB,aAAa,KAAK;AAClD,cAAQ,gBAAgB,iBAAiB;AAAA,IAC7C,OACK;AACD,cAAQ,gBAAgB,iBAAiB;AAAA,IAC7C;AACA,QAAI;AACJ,QAAI,eAAe,cAAcA,eAAc;AAC3C,mBAAa,gBAAgB,eAAe,YAAYA,aAAY;AAAA,IACxE;AACA,YAAQ,aAAa,eAAe;AACpC,YAAQ,gBAAgB,eAAe;AACvC,YAAQ,kBAAkB,eAAe;AACzC,UAAM,MAAM,eAAe,eACtB,aAAa,UAAU,kBAAkB;AAC9C,QAAI,CAAC,KAAK;AACN,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AACA,YAAQ,cAAc;AAEtB,YAAQ,QACJ,YAAY,QACR,6BAA6B,eAAe,aAAa,KACzD;AAER,YAAQ,iBACJ,YAAY,OACR,eAAe,cAAc,OAC7B,eAAe,cAAc,OAC7B;AAMR,UAAM,oBAAoB,eAAe,cAAc,sBACnD,eAAe,cAAc;AACjC,UAAM,QAAQ,eAAe,cAAc,SACrC,eAAe,cAAc,OAAO,CAAC,IACrC;AACN,YAAQ,WAAW,qBAAqB,SAAS;AACjD,YAAQ,OAAO,eAAe,cAAc;AAC5C,YAAQ,qBAAqB,eAAe;AAC5C,YAAQ,cAAc,eAAe;AACrC,QAAI,eAAe,gBAAgB;AAC/B,cAAQ,iBAAiB,eAAe;AAAA,IAC5C,OACK;AACD,YAAM,iBAAiB,CAAC;AACxB,UAAI,eAAe,eAAe;AAC9B,cAAM,gBAAgB,oCAAoC,eAAe,eAAe,eAAe,aAAa;AACpH,uBAAe,KAAK,aAAa;AAAA,MACrC;AACA,cAAQ,iBAAiB;AAAA,IAC7B;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,sBAAsB,aAAa,oBAAoB,aAAa;AACvE,UAAM,UAAU,IAAI,eAAc;AAClC,YAAQ,gBACJ,YAAY,iBAAiB,iBAAiB;AAClD,YAAQ,gBAAgB,YAAY;AACpC,YAAQ,iBAAiB,YAAY;AACrC,YAAQ,kBAAkB,YAAY;AACtC,YAAQ,QAAQ,YAAY;AAC5B,YAAQ,cAAc,YAAY;AAClC,YAAQ,WAAW,YAAY;AAC/B,YAAQ,OAAO,YAAY;AAC3B,YAAQ,qBAAqB;AAC7B,YAAQ,cAAc;AAEtB,YAAQ,iBAAiB,MAAM,KAAK,YAAY,gBAAgB,OAAO,KAAK,CAAC,CAAC;AAC9E,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,sBAAsB,kBAAkB,UAAU,QAAQ,WAAW,eAAe;AAEvF,QAAI,EAAE,aAAa,cAAc,QAC7B,aAAa,cAAc,OAAO;AAElC,UAAI,kBAAkB;AAClB,YAAI;AACA,gBAAM,aAAa,gBAAgB,kBAAkB,UAAU,YAAY;AAC3E,cAAI,WAAW,OAAO,WAAW,MAAM;AACnC,mBAAO,GAAG,WAAW,GAAG,IAAI,WAAW,IAAI;AAAA,UAC/C;AAAA,QACJ,SACO,GAAG;AAAA,QAAE;AAAA,MAChB;AACA,aAAO,QAAQ,4BAA4B;AAAA,IAC/C;AAEA,WAAO,eAAe,OAAO;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,gBAAgB,QAAQ;AAC3B,QAAI,CAAC,QAAQ;AACT,aAAO;AAAA,IACX;AACA,WAAQ,OAAO,eAAe,eAAe,KACzC,OAAO,eAAe,aAAa,KACnC,OAAO,eAAe,OAAO,KAC7B,OAAO,eAAe,gBAAgB,KACtC,OAAO,eAAe,UAAU,KAChC,OAAO,eAAe,eAAe;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,mBAAmB,UAAU,UAAU,eAAe;AACzD,QAAI,CAAC,YAAY,CAAC,UAAU;AACxB,aAAO;AAAA,IACX;AACA,QAAI,cAAc;AAClB,QAAI,eAAe;AACf,YAAM,iBAAkB,SAAS,iBAC7B,CAAC;AACL,YAAM,iBAAkB,SAAS,iBAC7B,CAAC;AAEL,oBACI,eAAe,QAAQ,eAAe,OAClC,eAAe,UAAU,eAAe;AAAA,IACpD;AACA,WAAQ,SAAS,kBAAkB,SAAS,iBACxC,SAAS,mBAAmB,SAAS,kBACrC,SAAS,aAAa,SAAS,YAC/B,SAAS,aAAa,SAAS,YAC/B,SAAS,gBAAgB,SAAS,eAClC,SAAS,oBAAoB,SAAS,mBACtC;AAAA,EACR;AACJ;;;AClPA,IAAM,oBAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKtB,oBAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKpB,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA,EAK5B,oBAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKpB,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKzB,mBAAmB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKnB,sBAAsB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKtB,kCAAkC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKlC,mBAAmB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKnB,+BAA+B;AAAA;AAAA;AAAA;AAAA;AAAA,EAK/B,gCAAgC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKhC,iCAAiC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKjC,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA,EAKX,iDAAiD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKjD,gCAAgC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKhC,qCAAqC;AAAA;AAAA;AAAA;AAAA,EAIrC,qCAAqC;AAAA;AAAA;AAAA;AAAA,EAIrC,8CAA8C;AAAA,EAC9C,mDAAmD;AAAA;AAAA;AAAA;AAAA,EAInD,kBAAkB;AAAA;AAAA;AAAA;AAAA,EAIlB,oCAAoC;AAAA;AAAA;AAAA;AAAA,EAIpC,sBAAsB;AAAA;AAAA;AAAA;AAAA,EAItB,uCAAuC;AAAA;AAAA;AAAA;AAAA,EAIvC,gCAAgC;AAAA;AAAA;AAAA;AAAA,EAIhC,sDAAsD;AAAA;AAAA;AAAA;AAAA,EAItD,8CAA8C;AAAA;AAAA;AAAA;AAAA,EAI9C,0CAA0C;AAAA;AAAA;AAAA;AAAA;AAAA,EAK1C,uBAAuB;AAAA,EACvB,oCAAoC;AAAA,EACpC,+CAA+C;AAAA;AAAA;AAAA;AAAA;AAAA,EAK/C,4BAA4B;AAAA;AAAA;AAAA;AAAA,EAI5B,uBAAuB;AAAA;AAAA;AAAA;AAAA,EAIvB,yBAAyB;AAAA,EACzB,6BAA6B;AAAA;AAAA;AAAA;AAAA,EAI7B,+BAA+B;AAAA;AAAA;AAAA;AAAA,EAI/B,kCAAkC;AAAA,EAClC,mCAAmC;AAAA,EACnC,wBAAwB;AAAA,EACxB,4BAA4B;AAAA;AAAA;AAAA;AAAA,EAI5B,+CAA+C;AAAA,EAC/C,iDAAiD;AAAA,EACjD,yDAAyD;AAAA,EACzD,6DAA6D;AAAA;AAAA;AAAA;AAAA,EAI7D,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIhB,8BAA8B;AAAA,EAC9B,oBAAoB;AAAA,EACpB,8BAA8B;AAAA;AAAA;AAAA;AAAA,EAI9B,wBAAwB;AAAA,EACxB,+BAA+B;AAAA,EAC/B,kCAAkC;AAAA,EAClC,6BAA6B;AAAA;AAAA;AAAA;AAAA,EAI7B,qBAAqB;AAAA,EACrB,qBAAqB;AAAA;AAAA;AAAA;AAAA,EAIrB,2BAA2B;AAAA,EAC3B,qBAAqB;AAAA;AAAA;AAAA;AAAA,EAIrB,0CAA0C;AAAA,EAC1C,gCAAgC;AAAA,EAChC,2CAA2C;AAAA,EAC3C,+CAA+C;AAAA,EAC/C,uCAAuC;AAAA,EACvC,yCAAyC;AAAA,EACzC,iCAAiC;AAAA,EACjC,gDAAgD;AAAA;AAAA;AAAA;AAAA,EAIhD,6BAA6B;AAAA,EAC7B,kCAAkC;AAAA,EAClC,kCAAkC;AAAA,EAClC,yBAAyB;AAAA,EACzB,gCAAgC;AAAA,EAChC,iDAAiD;AAAA,EACjD,kCAAkC;AAAA,EAClC,wCAAwC;AAAA,EACxC,yCAAyC;AAAA,EACzC,oCAAoC;AAAA,EACpC,+BAA+B;AAAA,EAC/B,0BAA0B;AAAA,EAC1B,oBAAoB;AAAA;AAAA;AAAA;AAAA,EAIpB,8BAA8B;AAAA,EAC9B,6BAA6B;AAAA;AAAA;AAAA;AAAA,EAI7B,mBAAmB;AAAA,EACnB,sBAAsB;AAAA,EACtB,mCAAmC;AAAA,EACnC,cAAc;AAAA,EACd,iBAAiB;AACrB;AAOA,IAAM,yBAAyB;AAAA,EAC3B,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,WAAW;AACf;;;ACpOA,IAAM,SAAS,CAAC,UAAU,WAAW,QAAQ,iBAAiB,kBAAkB;AAC5E,SAAO,IAAI,SAAS;AAChB,WAAO,MAAM,sBAAsB,SAAS,EAAE;AAC9C,UAAM,kBAAkB,iBAAiB,iBAAiB,WAAW,aAAa;AAClF,QAAI,eAAe;AAEf,YAAM,aAAa,YAAY;AAC/B,uBAAiB,gBAAgB,EAAE,CAAC,UAAU,GAAG,EAAE,GAAG,aAAa;AAAA,IACvE;AACA,QAAI;AACA,YAAM,SAAS,SAAS,GAAG,IAAI;AAC/B,uBAAiB,IAAI;AAAA,QACjB,SAAS;AAAA,MACb,CAAC;AACD,aAAO,MAAM,yBAAyB,SAAS,EAAE;AACjD,aAAO;AAAA,IACX,SACO,GAAG;AACN,aAAO,MAAM,qBAAqB,SAAS,EAAE;AAC7C,UAAI;AACA,eAAO,MAAM,KAAK,UAAU,CAAC,CAAC;AAAA,MAClC,SACOC,IAAG;AACN,eAAO,MAAM,gCAAgC;AAAA,MACjD;AACA,uBAAiB,IAAI;AAAA,QACjB,SAAS;AAAA,MACb,CAAC;AACD,YAAM;AAAA,IACV;AAAA,EACJ;AACJ;AAcA,IAAM,cAAc,CAAC,UAAU,WAAW,QAAQ,iBAAiB,kBAAkB;AACjF,SAAO,IAAI,SAAS;AAChB,WAAO,MAAM,sBAAsB,SAAS,EAAE;AAC9C,UAAM,kBAAkB,iBAAiB,iBAAiB,WAAW,aAAa;AAClF,QAAI,eAAe;AAEf,YAAM,aAAa,YAAY;AAC/B,uBAAiB,gBAAgB,EAAE,CAAC,UAAU,GAAG,EAAE,GAAG,aAAa;AAAA,IACvE;AACA,qBAAiB,gBAAgB,WAAW,aAAa;AACzD,WAAO,SAAS,GAAG,IAAI,EAClB,KAAK,CAAC,aAAa;AACpB,aAAO,MAAM,yBAAyB,SAAS,EAAE;AACjD,uBAAiB,IAAI;AAAA,QACjB,SAAS;AAAA,MACb,CAAC;AACD,aAAO;AAAA,IACX,CAAC,EACI,MAAM,CAAC,MAAM;AACd,aAAO,MAAM,qBAAqB,SAAS,EAAE;AAC7C,UAAI;AACA,eAAO,MAAM,KAAK,UAAU,CAAC,CAAC;AAAA,MAClC,SACOA,IAAG;AACN,eAAO,MAAM,gCAAgC;AAAA,MACjD;AACA,uBAAiB,IAAI;AAAA,QACjB,SAAS;AAAA,MACb,CAAC;AACD,YAAM;AAAA,IACV,CAAC;AAAA,EACL;AACJ;;;ACzFA,SAAS,uBAAuB,UAAU;AACtC,SAAQ,SAAS,eAAe,wBAAwB,KACpD,SAAS,eAAe,gBAAgB,KACxC,SAAS,eAAe,QAAQ,KAChC,SAAS,eAAe,UAAU;AAC1C;;;ACXA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,IAAM,mBAAmB;AACzB,IAAM,4BAA4B;AAClC,IAAM,uBAAuB;AAC7B,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,wBAAwB;AAC9B,IAAM,qBAAqB;AAC3B,IAAM,gBAAgB;AACtB,IAAM,oBAAoB;AAC1B,IAAM,qBAAqB;AAC3B,IAAM,6BAA6B;AACnC,IAAM,oBAAoB;AAC1B,IAAM,gCAAgC;AACtC,IAAM,2BAA2B;AACjC,IAAM,qBAAqB;AAC3B,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,mCAAmC;AACzC,IAAM,8BAA8B;AACpC,IAAM,uBAAuB;AAC7B,IAAM,0BAA0B;AAChC,IAAM,oBAAoB;;;AChB1B,IAAM,mCAAmC;AAAA,EACrC,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,yBAAyB,GAAG;AAAA,EAC7B,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,qBAAqB,GAAG;AAAA,EACzB,CAAC,kBAAkB,GAAG;AAAA,EACtB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,kBAAkB,GAAG;AAAA,EACtB,CAAC,0BAA0B,GAAG;AAAA,EAC9B,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,6BAA6B,GAAG;AAAA,EACjC,CAAC,wBAAwB,GAAG;AAAA,EAC5B,CAAC,kBAAkB,GAAG;AAAA,EACtB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,gCAAgC,GAAG;AAAA,EACpC,CAAC,2BAA2B,GAAG;AAAA,EAC/B,CAAC,oBAAoB,GAAG;AAAA,EACxB,CAAC,uBAAuB,GAAG;AAAA,EAC3B,CAAC,iBAAiB,GAAG;AACzB;AAKA,IAAM,kCAAkC;AAAA,EACpC,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,iCAAiC,gBAAgB;AAAA,EAC3D;AAAA,EACA,2BAA2B;AAAA,IACvB,MAAM;AAAA,IACN,MAAM,iCAAiC,yBAAyB;AAAA,EACpE;AAAA,EACA,sBAAsB;AAAA,IAClB,MAAM;AAAA,IACN,MAAM,iCAAiC,oBAAoB;AAAA,EAC/D;AAAA,EACA,eAAe;AAAA,IACX,MAAM;AAAA,IACN,MAAM,iCAAiC,aAAa;AAAA,EACxD;AAAA,EACA,eAAe;AAAA,IACX,MAAM;AAAA,IACN,MAAM,iCAAiC,aAAa;AAAA,EACxD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,iCAAiC,qBAAqB;AAAA,EAChE;AAAA,EACA,eAAe;AAAA,IACX,MAAM;AAAA,IACN,MAAM,iCAAiC,kBAAkB;AAAA,EAC7D;AAAA,EACA,sBAAsB;AAAA,IAClB,MAAM;AAAA,IACN,MAAM,iCAAiC,aAAa;AAAA,EACxD;AAAA,EACA,wBAAwB;AAAA,IACpB,MAAM;AAAA,IACN,MAAM,iCAAiC,iBAAiB;AAAA,EAC5D;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,iCAAiC,kBAAkB;AAAA,EAC7D;AAAA,EACA,4BAA4B;AAAA,IACxB,MAAM;AAAA,IACN,MAAM,iCAAiC,0BAA0B;AAAA,EACrE;AAAA,EACA,4BAA4B;AAAA,IACxB,MAAM;AAAA,IACN,MAAM,iCAAiC,iBAAiB;AAAA,EAC5D;AAAA,EACA,+BAA+B;AAAA,IAC3B,MAAM;AAAA,IACN,MAAM,iCAAiC,6BAA6B;AAAA,EACxE;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,iCAAiC,wBAAwB;AAAA,EACnE;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,iCAAiC,kBAAkB;AAAA,EAC7D;AAAA,EACA,eAAe;AAAA,IACX,MAAM;AAAA,IACN,MAAM,iCAAiC,aAAa;AAAA,EACxD;AAAA,EACA,eAAe;AAAA,IACX,MAAM;AAAA,IACN,MAAM,iCAAiC,aAAa;AAAA,EACxD;AAAA,EACA,kCAAkC;AAAA,IAC9B,MAAM;AAAA,IACN,MAAM,iCAAiC,gCAAgC;AAAA,EAC3E;AAAA,EACA,6BAA6B;AAAA,IACzB,MAAM;AAAA,IACN,MAAM,iCAAiC,2BAA2B;AAAA,EACtE;AAAA,EACA,sBAAsB;AAAA,IAClB,MAAM;AAAA,IACN,MAAM,iCAAiC,oBAAoB;AAAA,EAC/D;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,iCAAiC,uBAAuB;AAAA,EAClE;AAAA,EACA,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,iCAAiC,iBAAiB;AAAA,EAC5D;AACJ;AAIA,IAAM,2BAAN,MAAM,kCAAiC,UAAU;AAAA,EAC7C,YAAY,WAAW;AACnB,UAAM,WAAW,iCAAiC,SAAS,CAAC;AAC5D,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,0BAAyB,SAAS;AAAA,EAClE;AACJ;AACA,SAAS,+BAA+B,WAAW;AAC/C,SAAO,IAAI,yBAAyB,SAAS;AACjD;;;ACpIA,IAAM,cAAN,MAAkB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKd,OAAO,WAAW,QAAQ;AACtB,QAAI,QAAQ;AACR,UAAI;AACA,cAAM,MAAM,KAAK,MAAM,MAAM;AAC7B,eAAO,OAAO,KAAK,GAAG,EAAE,WAAW;AAAA,MACvC,SACO,GAAG;AAAA,MAAE;AAAA,IAChB;AACA,WAAO;AAAA,EACX;AAAA,EACA,OAAO,WAAW,KAAK,QAAQ;AAC3B,WAAO,IAAI,QAAQ,MAAM,MAAM;AAAA,EACnC;AAAA,EACA,OAAO,SAAS,KAAK,QAAQ;AACzB,WAAQ,IAAI,UAAU,OAAO,UACzB,IAAI,YAAY,MAAM,MAAM,IAAI,SAAS,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,oBAAoB,OAAO;AAC9B,UAAM,MAAM,CAAC;AACb,UAAM,SAAS,MAAM,MAAM,GAAG;AAC9B,UAAM,SAAS,CAAC,MAAM,mBAAmB,EAAE,QAAQ,OAAO,GAAG,CAAC;AAC9D,WAAO,QAAQ,CAAC,SAAS;AACrB,UAAI,KAAK,KAAK,GAAG;AACb,cAAM,CAAC,KAAK,KAAK,IAAI,KAAK,MAAM,UAAU,CAAC;AAC3C,YAAI,OAAO,OAAO;AACd,cAAI,OAAO,GAAG,CAAC,IAAI,OAAO,KAAK;AAAA,QACnC;AAAA,MACJ;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,iBAAiB,KAAK;AACzB,WAAO,IAAI,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,4BAA4B,KAAK;AACpC,WAAO,IAAI,OAAO,CAAC,UAAU;AACzB,aAAO,CAAC,CAAC;AAAA,IACb,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,gBAAgB,KAAK;AACxB,QAAI;AACA,aAAO,KAAK,MAAM,GAAG;AAAA,IACzB,SACO,GAAG;AACN,aAAO;AAAA,IACX;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,aAAa,SAAS,OAAO;AAMhC,UAAM,QAAQ,IAAI,OAAO,QACpB,QAAQ,OAAO,MAAM,EACrB,QAAQ,OAAO,OAAO,EACtB,QAAQ,OAAO,KAAK,CAAC;AAC1B,WAAO,MAAM,KAAK,KAAK;AAAA,EAC3B;AACJ;;;AChGA;AAAA;AAAA;AAAA;AAAA;AAaA,SAAS,wBAAwB,gBAAgB;AAC7C,MAAI,eAAe,WAAW,IAAI,GAAG;AACjC,WAAO,eAAe,UAAU,CAAC;AAAA,EACrC,WACS,eAAe,WAAW,GAAG,KAClC,eAAe,WAAW,GAAG,GAAG;AAChC,WAAO,eAAe,UAAU,CAAC;AAAA,EACrC;AACA,SAAO;AACX;AAIA,SAAS,wBAAwB,gBAAgB;AAE7C,MAAI,CAAC,kBAAkB,eAAe,QAAQ,GAAG,IAAI,GAAG;AACpD,WAAO;AAAA,EACX;AACA,MAAI;AAEA,UAAM,qBAAqB,wBAAwB,cAAc;AAEjE,UAAM,mBAAmB,OAAO,YAAY,IAAI,gBAAgB,kBAAkB,CAAC;AAEnF,QAAI,iBAAiB,QACjB,iBAAiB,SACjB,iBAAiB,qBACjB,iBAAiB,OAAO;AACxB,aAAO;AAAA,IACX;AAAA,EACJ,SACO,GAAG;AACN,UAAM,sBAAsB,mBAAmB;AAAA,EACnD;AACA,SAAO;AACX;;;ACjCA,IAAM,YAAN,MAAM,WAAU;AAAA,EACZ,IAAI,YAAY;AACZ,WAAO,KAAK;AAAA,EAChB;AAAA,EACA,YAAY,KAAK;AACb,SAAK,aAAa;AAClB,QAAI,CAAC,KAAK,YAAY;AAElB,YAAM,+BAA+B,aAAa;AAAA,IACtD;AACA,QAAI,CAAC,IAAI,SAAS,GAAG,GAAG;AACpB,WAAK,aAAa,WAAU,gBAAgB,GAAG;AAAA,IACnD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,gBAAgB,KAAK;AACxB,QAAI,KAAK;AACL,UAAI,eAAe,IAAI,YAAY;AACnC,UAAI,YAAY,SAAS,cAAc,GAAG,GAAG;AACzC,uBAAe,aAAa,MAAM,GAAG,EAAE;AAAA,MAC3C,WACS,YAAY,SAAS,cAAc,IAAI,GAAG;AAC/C,uBAAe,aAAa,MAAM,GAAG,EAAE;AAAA,MAC3C;AACA,UAAI,CAAC,YAAY,SAAS,cAAc,GAAG,GAAG;AAC1C,wBAAgB;AAAA,MACpB;AACA,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA,EAIA,gBAAgB;AAEZ,QAAI;AACJ,QAAI;AACA,mBAAa,KAAK,iBAAiB;AAAA,IACvC,SACO,GAAG;AACN,YAAM,+BAA+B,aAAa;AAAA,IACtD;AAEA,QAAI,CAAC,WAAW,mBAAmB,CAAC,WAAW,cAAc;AACzD,YAAM,+BAA+B,aAAa;AAAA,IACtD;AAEA,QAAI,CAAC,WAAW,YACZ,WAAW,SAAS,YAAY,MAAM,UAAU;AAChD,YAAM,+BAA+B,oBAAoB;AAAA,IAC7D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,kBAAkB,KAAK,aAAa;AACvC,QAAI,CAAC,aAAa;AACd,aAAO;AAAA,IACX;AACA,WAAO,IAAI,QAAQ,GAAG,IAAI,IACpB,GAAG,GAAG,IAAI,WAAW,KACrB,GAAG,GAAG,IAAI,WAAW;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,kBAAkB,KAAK;AAC1B,WAAO,WAAU,gBAAgB,IAAI,MAAM,GAAG,EAAE,CAAC,CAAC;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBAAkB,UAAU;AACxB,UAAM,YAAY,KAAK,iBAAiB;AACxC,UAAM,YAAY,UAAU;AAC5B,QAAI,YACA,UAAU,WAAW,MACpB,UAAU,CAAC,MAAM,sBAAsB,UACpC,UAAU,CAAC,MAAM,sBAAsB,gBAAgB;AAC3D,gBAAU,CAAC,IAAI;AAAA,IACnB;AACA,WAAO,WAAU,gCAAgC,SAAS;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB;AAEf,UAAM,QAAQ,OAAO,4DAA4D;AAEjF,UAAM,QAAQ,KAAK,UAAU,MAAM,KAAK;AACxC,QAAI,CAAC,OAAO;AACR,YAAM,+BAA+B,aAAa;AAAA,IACtD;AAEA,UAAM,gBAAgB;AAAA,MAClB,UAAU,MAAM,CAAC;AAAA,MACjB,iBAAiB,MAAM,CAAC;AAAA,MACxB,cAAc,MAAM,CAAC;AAAA,MACrB,aAAa,MAAM,CAAC;AAAA,IACxB;AACA,QAAI,eAAe,cAAc,aAAa,MAAM,GAAG;AACvD,mBAAe,aAAa,OAAO,CAAC,QAAQ,OAAO,IAAI,SAAS,CAAC;AACjE,kBAAc,eAAe;AAC7B,QAAI,cAAc,eACd,cAAc,YAAY,SAAS,GAAG,GAAG;AACzC,oBAAc,cAAc,cAAc,YAAY,UAAU,GAAG,cAAc,YAAY,SAAS,CAAC;AAAA,IAC3G;AACA,WAAO;AAAA,EACX;AAAA,EACA,OAAO,iBAAiB,KAAK;AACzB,UAAM,QAAQ,OAAO,0BAA0B;AAC/C,UAAM,QAAQ,IAAI,MAAM,KAAK;AAC7B,QAAI,CAAC,OAAO;AACR,YAAM,+BAA+B,aAAa;AAAA,IACtD;AACA,WAAO,MAAM,CAAC;AAAA,EAClB;AAAA,EACA,OAAO,eAAe,aAAa,SAAS;AACxC,QAAI,YAAY,CAAC,MAAM,UAAU,eAAe;AAC5C,YAAM,MAAM,IAAI,WAAU,OAAO;AACjC,YAAM,iBAAiB,IAAI,iBAAiB;AAC5C,aAAQ,eAAe,WACnB,OACA,eAAe,kBACf;AAAA,IACR;AACA,WAAO;AAAA,EACX;AAAA,EACA,OAAO,gCAAgC,WAAW;AAC9C,WAAO,IAAI,WAAU,UAAU,WAC3B,OACA,UAAU,kBACV,MACA,UAAU,aAAa,KAAK,GAAG,CAAC;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,4BAA4B,UAAU;AACzC,WAAO,CAAC,CAAC,wBAAwB,QAAQ;AAAA,EAC7C;AACJ;;;AC/JA,IAAM,iBAAiB;AAAA,EACnB,kBAAkB;AAAA,IACd,6BAA6B;AAAA,MACzB,gBAAgB;AAAA,MAChB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,wBAAwB;AAAA,MACxB,sBAAsB;AAAA,IAC1B;AAAA,IACA,0BAA0B;AAAA,MACtB,gBAAgB;AAAA,MAChB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,wBAAwB;AAAA,MACxB,sBAAsB;AAAA,IAC1B;AAAA,IACA,4BAA4B;AAAA,MACxB,gBAAgB;AAAA,MAChB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,wBAAwB;AAAA,MACxB,sBAAsB;AAAA,IAC1B;AAAA,EACJ;AAAA,EACA,2BAA2B;AAAA,IACvB,2BAA2B;AAAA,IAC3B,UAAU;AAAA,MACN;AAAA,QACI,mBAAmB;AAAA,QACnB,iBAAiB;AAAA,QACjB,SAAS;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACJ;AAAA,MACJ;AAAA,MACA;AAAA,QACI,mBAAmB;AAAA,QACnB,iBAAiB;AAAA,QACjB,SAAS;AAAA,UACL;AAAA,UACA;AAAA,QACJ;AAAA,MACJ;AAAA,MACA;AAAA,QACI,mBAAmB;AAAA,QACnB,iBAAiB;AAAA,QACjB,SAAS,CAAC,0BAA0B;AAAA,MACxC;AAAA,MACA;AAAA,QACI,mBAAmB;AAAA,QACnB,iBAAiB;AAAA,QACjB,SAAS;AAAA,UACL;AAAA,UACA;AAAA,QACJ;AAAA,MACJ;AAAA,MACA;AAAA,QACI,mBAAmB;AAAA,QACnB,iBAAiB;AAAA,QACjB,SAAS,CAAC,8BAA8B;AAAA,MAC5C;AAAA,IACJ;AAAA,EACJ;AACJ;AACA,IAAM,mBAAmB,eAAe;AACxC,IAAM,4BAA4B,eAAe;AACjD,IAAM,mCAAmC,oBAAI,IAAI;AACjD,0BAA0B,SAAS,QAAQ,CAAC,kBAAkB;AAC1D,gBAAc,QAAQ,QAAQ,CAAC,UAAU;AACrC,qCAAiC,IAAI,KAAK;AAAA,EAC9C,CAAC;AACL,CAAC;AAOD,SAAS,4BAA4B,wBAAwB,QAAQ;AACjE,MAAI;AACJ,QAAM,qBAAqB,uBAAuB;AAClD,MAAI,oBAAoB;AACpB,UAAM,gBAAgB,IAAI,UAAU,kBAAkB,EAAE,iBAAiB,EAAE;AAC3E,oBACI,uBAAuB,eAAe,uBAAuB,wBAAwB,UAAU,wBAAwB,QAAQ,MAAM,KACjI,uBAAuB,eAAe,0BAA0B,UAAU,wBAAwB,kBAAkB,MAAM,KAC1H,uBAAuB;AAAA,EACnC;AACA,SAAO,iBAAiB,CAAC;AAC7B;AAOA,SAAS,uBAAuB,eAAe,wBAAwB,QAAQ,QAAQ;AACnF,UAAQ,MAAM,8CAA8C,MAAM,EAAE;AACpE,MAAI,iBAAiB,wBAAwB;AACzC,UAAM,WAAW,6CAA6C,wBAAwB,aAAa;AACnG,QAAI,UAAU;AACV,cAAQ,MAAM,6DAA6D,MAAM,qBAAqB;AACtG,aAAO,SAAS;AAAA,IACpB,OACK;AACD,cAAQ,MAAM,oEAAoE,MAAM,EAAE;AAAA,IAC9F;AAAA,EACJ;AACA,SAAO;AACX;AAIA,SAAS,6CAA6C,eAAe;AACjE,QAAM,WAAW,6CAA6C,0BAA0B,UAAU,aAAa;AAC/G,SAAO;AACX;AAMA,SAAS,6CAA6C,UAAU,eAAe;AAC3E,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACtC,UAAM,WAAW,SAAS,CAAC;AAC3B,QAAI,SAAS,QAAQ,SAAS,aAAa,GAAG;AAC1C,aAAO;AAAA,IACX;AAAA,EACJ;AACA,SAAO;AACX;;;ACvIA,IAAM,qBAAqB;AAAA;AAAA,EAEvB,MAAM;AAAA;AAAA,EAEN,aAAa;AAAA;AAAA,EAEb,UAAU;AAAA;AAAA,EAEV,YAAY;AAAA;AAAA,EAEZ,cAAc;AAAA;AAAA,EAEd,mBAAmB;AACvB;;;ACbA,SAAS,iCAAiC,UAAU;AAChD,SAAQ,SAAS,eAAe,2BAA2B,KACvD,SAAS,eAAe,UAAU;AAC1C;;;ACHA,SAAS,sCAAsC,UAAU;AACrD,SAAQ,SAAS,eAAe,OAAO,KACnC,SAAS,eAAe,mBAAmB;AACnD;;;ACCA,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EAClB,YAAY,kBAAkB,QAAQ,mBAAmB,eAAe;AACpE,SAAK,mBAAmB;AACxB,SAAK,SAAS;AACd,SAAK,oBAAoB;AACzB,SAAK,gBAAgB;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,aAAa,mBAAmB,yBAAyB;AAAA;AAC3D,WAAK,mBAAmB,oBAAoB,kBAAkB,6BAA6B,KAAK,aAAa;AAE7G,UAAI,yBAAyB;AAE7B,UAAI,CAAC,wBAAwB;AACzB,cAAM,UAAU,iBAAgB;AAChC,YAAI;AACA,gBAAM,2BAA2B,MAAM,YAAY,KAAK,kBAAkB,KAAK,IAAI,GAAG,kBAAkB,kCAAkC,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,UAAU,cAAc,OAAO;AAClO,cAAI,yBAAyB,WACzB,cAAc,aAAa;AAC3B,qCAAyB,yBAAyB;AAClD,oCAAwB,gBACpB,uBAAuB;AAAA,UAC/B;AAEA,cAAI,yBAAyB,WACzB,cAAc,gBAAgB;AAC9B,kBAAM,qBAAqB,MAAM,YAAY,KAAK,kBAAkB,KAAK,IAAI,GAAG,kBAAkB,kCAAkC,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,OAAO;AACpM,gBAAI,CAAC,oBAAoB;AACrB,sCAAwB,gBACpB,uBAAuB;AAC3B,qBAAO;AAAA,YACX;AACA,kBAAM,6BAA6B,MAAM,YAAY,KAAK,kBAAkB,KAAK,IAAI,GAAG,kBAAkB,kCAAkC,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,oBAAoB,OAAO;AAChO,gBAAI,2BAA2B,WAC3B,cAAc,aAAa;AAC3B,uCACI,2BAA2B;AAC/B,sCAAwB,gBACpB,uBAAuB;AAAA,YAC/B;AAAA,UACJ;AAAA,QACJ,SACO,GAAG;AACN,kCAAwB,gBACpB,uBAAuB;AAC3B,iBAAO;AAAA,QACX;AAAA,MACJ,OACK;AACD,gCAAwB,gBACpB,uBAAuB;AAAA,MAC/B;AAEA,UAAI,CAAC,wBAAwB;AACzB,gCAAwB,gBACpB,uBAAuB;AAAA,MAC/B;AACA,aAAO,0BAA0B;AAAA,IACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOM,kBAAkBC,UAAS,SAAS;AAAA;AACtC,WAAK,mBAAmB,oBAAoB,kBAAkB,kCAAkC,KAAK,aAAa;AAClH,aAAO,KAAK,iBAAiB,oBAAoB,GAAG,UAAU,aAAa,gBAAgBA,QAAO,gBAAgB,SAAS,UAAU,YAAY;AAAA,IACrJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,kBAAkB,SAAS;AAAA;AAC7B,WAAK,mBAAmB,oBAAoB,kBAAkB,kCAAkC,KAAK,aAAa;AAClH,UAAI;AACA,cAAM,WAAW,MAAM,KAAK,iBAAiB,oBAAoB,GAAG,UAAU,aAAa,gBAAgB,OAAO;AAElH,YAAI,SAAS,WAAW,cAAc,kBAClC,SAAS,QACT,SAAS,KAAK,iBAAiB,KAC/B,SAAS,KAAK,iBAAiB,EAAE,SAAS,GAAG;AAC7C,iBAAO,SAAS,KAAK,iBAAiB,EAAE,CAAC;AAAA,QAC7C;AACA,eAAO;AAAA,MACX,SACO,GAAG;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAAA;AACJ;AAEA,gBAAgB,eAAe;AAAA,EAC3B,SAAS;AAAA,IACL,UAAU;AAAA,EACd;AACJ;;;AC/GA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcA,SAAS,mBAAmB,cAAcC,eAAc;AACpD,QAAM,aAAa,cAAc,YAAY;AAE7C,MAAI;AAEA,UAAM,gBAAgBA,cAAa,UAAU;AAC7C,WAAO,KAAK,MAAM,aAAa;AAAA,EACnC,SACO,KAAK;AACR,UAAM,sBAAsB,iBAAiB;AAAA,EACjD;AACJ;AAMA,SAAS,cAAc,WAAW;AAC9B,MAAI,CAAC,WAAW;AACZ,UAAM,sBAAsB,gBAAgB;AAAA,EAChD;AACA,QAAM,kBAAkB;AACxB,QAAM,UAAU,gBAAgB,KAAK,SAAS;AAC9C,MAAI,CAAC,WAAW,QAAQ,SAAS,GAAG;AAChC,UAAM,sBAAsB,iBAAiB;AAAA,EACjD;AAQA,SAAO,QAAQ,CAAC;AACpB;AAIA,SAAS,YAAY,UAAU,QAAQ;AAMnC,QAAM,iBAAiB;AACvB,MAAI,WAAW,KAAK,KAAK,IAAI,IAAI,iBAAiB,WAAW,QAAQ;AACjE,UAAM,sBAAsB,gBAAgB;AAAA,EAChD;AACJ;;;AD1CA,SAAS,sBAAsB,kBAAkB;AAC7C,QAAM,gBAAgB;AAAA,IAClB,kBAAkB,gBAAgB;AAAA,IAClC,qBAAqB,gBAAgB;AAAA,IACrC,eAAe,gBAAgB;AAAA,IAC/B,mBAAmB,gBAAgB;AAAA,IACnC,eAAe,gBAAgB;AAAA,EACnC;AACA,SAAO,cAAc,KAAK,WAAW,mBAAmB,EAAE,YAAY;AAC1E;AAQA,SAAS,oBAAoB,eAAe,aAAa,SAAS,UAAU,UAAU;AAClF,QAAM,gBAAgB;AAAA,IAClB,gBAAgB,eAAe;AAAA,IAC/B;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,OAAO;AAAA,EACX;AACA,SAAO;AACX;AAYA,SAAS,wBAAwB,eAAe,aAAa,aAAa,UAAU,UAAU,QAAQ,WAAW,cAAcC,eAAc,WAAW,WAAW,mBAAmB,OAAO,iBAAiB,qBAAqB;AAC/N,QAAM,WAAW;AAAA,IACb;AAAA,IACA,gBAAgB,eAAe;AAAA,IAC/B,QAAQ;AAAA,IACR,UAAU,WAAW,EAAE,SAAS;AAAA,IAChC,WAAW,UAAU,SAAS;AAAA,IAC9B,mBAAmB,aAAa,SAAS;AAAA,IACzC;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW,aAAa,qBAAqB;AAAA,EACjD;AACA,MAAI,mBAAmB;AACnB,aAAS,oBAAoB;AAAA,EACjC;AACA,MAAI,WAAW;AACX,aAAS,YAAY,UAAU,SAAS;AAAA,EAC5C;AACA,MAAI,iBAAiB;AACjB,aAAS,kBAAkB;AAC3B,aAAS,sBAAsB;AAAA,EACnC;AAKA,MAAI,SAAS,WAAW,YAAY,MAChC,qBAAqB,OAAO,YAAY,GAAG;AAC3C,aAAS,iBAAiB,eAAe;AACzC,YAAQ,SAAS,WAAW;AAAA,MACxB,KAAK,qBAAqB;AAEtB,cAAM,cAAc,mBAAmB,aAAaA,aAAY;AAChE,YAAI,CAAC,aAAa,KAAK,KAAK;AACxB,gBAAM,sBAAsB,kCAAkC;AAAA,QAClE;AACA,iBAAS,QAAQ,YAAY,IAAI;AACjC;AAAA,MACJ,KAAK,qBAAqB;AACtB,iBAAS,QAAQ;AAAA,IACzB;AAAA,EACJ;AACA,SAAO;AACX;AAQA,SAAS,yBAAyB,eAAe,aAAa,cAAc,UAAU,UAAU,mBAAmB,WAAW;AAC1H,QAAM,WAAW;AAAA,IACb,gBAAgB,eAAe;AAAA,IAC/B;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,EACZ;AACA,MAAI,mBAAmB;AACnB,aAAS,oBAAoB;AAAA,EACjC;AACA,MAAI,UAAU;AACV,aAAS,WAAW;AAAA,EACxB;AACA,MAAI,WAAW;AACX,aAAS,YAAY,UAAU,SAAS;AAAA,EAC5C;AACA,SAAO;AACX;AACA,SAAS,mBAAmB,QAAQ;AAChC,SAAQ,OAAO,eAAe,eAAe,KACzC,OAAO,eAAe,aAAa,KACnC,OAAO,eAAe,gBAAgB,KACtC,OAAO,eAAe,UAAU,KAChC,OAAO,eAAe,QAAQ;AACtC;AAKA,SAAS,oBAAoB,QAAQ;AACjC,MAAI,CAAC,QAAQ;AACT,WAAO;AAAA,EACX;AACA,SAAQ,mBAAmB,MAAM,KAC7B,OAAO,eAAe,OAAO,KAC7B,OAAO,eAAe,QAAQ,MAC7B,OAAO,gBAAgB,MAAM,eAAe,gBACzC,OAAO,gBAAgB,MACnB,eAAe;AAC/B;AAKA,SAAS,gBAAgB,QAAQ;AAC7B,MAAI,CAAC,QAAQ;AACT,WAAO;AAAA,EACX;AACA,SAAQ,mBAAmB,MAAM,KAC7B,OAAO,eAAe,OAAO,KAC7B,OAAO,gBAAgB,MAAM,eAAe;AACpD;AAKA,SAAS,qBAAqB,QAAQ;AAClC,MAAI,CAAC,QAAQ;AACT,WAAO;AAAA,EACX;AACA,SAAQ,mBAAmB,MAAM,KAC7B,OAAO,gBAAgB,MAAM,eAAe;AACpD;AAIA,SAAS,kBAAkB,kBAAkB;AACzC,QAAM,YAAY;AAAA,IACd,iBAAiB;AAAA,IACjB,iBAAiB;AAAA,EACrB;AACA,SAAO,UAAU,KAAK,WAAW,mBAAmB,EAAE,YAAY;AACtE;AAIA,SAAS,qBAAqB,kBAAkB;AAC5C,QAAM,mBAAmB,iBAAiB,mBAAmB,eAAe,gBACtE,iBAAiB,YAAY,iBAAiB,WAC9C,iBAAiB;AACvB,QAAM,eAAe;AAAA,IACjB,iBAAiB;AAAA,IACjB;AAAA,IACA,iBAAiB,SAAS;AAAA,EAC9B;AACA,SAAO,aAAa,KAAK,WAAW,mBAAmB,EAAE,YAAY;AACzE;AAIA,SAAS,eAAe,kBAAkB;AACtC,UAAQ,iBAAiB,UAAU,IAAI,YAAY;AACvD;AAIA,SAAS,mBAAmB,kBAAkB;AAC1C,UAAQ,iBAAiB,uBAAuB,IAAI,YAAY;AACpE;AAIA,SAAS,eAAe,kBAAkB;AAKtC,SAAO,iBAAiB,aACpB,iBAAiB,UAAU,YAAY,MACnC,qBAAqB,OAAO,YAAY,IAC1C,iBAAiB,UAAU,YAAY,IACvC;AACV;AAMA,SAAS,wBAAwB,KAAK,QAAQ;AAC1C,QAAM,cAAc,IAAI,QAAQ,uBAAuB,SAAS,MAAM;AACtE,MAAI,iBAAiB;AACrB,MAAI,QAAQ;AACR,qBACI,OAAO,eAAe,gBAAgB,KAClC,OAAO,eAAe,QAAQ,KAC9B,OAAO,eAAe,WAAW;AAAA,EAC7C;AACA,SAAO,eAAe;AAC1B;AAMA,SAAS,mBAAmB,KAAK,QAAQ;AACrC,MAAI,cAAc;AAClB,MAAI,KAAK;AACL,kBAAc,IAAI,QAAQ,oBAAoB,iBAAiB,MAAM;AAAA,EACzE;AACA,MAAI,iBAAiB;AACrB,MAAI,QAAQ;AACR,qBAAiB,OAAO,eAAe,cAAc;AAAA,EACzD;AACA,SAAO,eAAe;AAC1B;AAIA,SAAS,uBAAuB,EAAE,aAAa,SAAU,GAAG;AACxD,QAAM,sBAAsB;AAAA,IACxB;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACA,SAAO,oBACF,KAAK,WAAW,mBAAmB,EACnC,YAAY;AACrB;AAKA,SAAS,oBAAoB,KAAK,QAAQ;AACtC,MAAI,CAAC,QAAQ;AACT,WAAO;AAAA,EACX;AACA,SAAQ,IAAI,QAAQ,YAAY,MAAM,KAClC,OAAO,eAAe,UAAU,KAChC,OAAO,eAAe,aAAa;AAC3C;AAKA,SAAS,0BAA0B,KAAK,QAAQ;AAC5C,MAAI,CAAC,QAAQ;AACT,WAAO;AAAA,EACX;AACA,SAAQ,IAAI,QAAQ,6BAA6B,SAAS,MAAM,KAC5D,OAAO,eAAe,SAAS,KAC/B,OAAO,eAAe,iBAAiB,KACvC,OAAO,eAAe,mBAAmB,KACzC,OAAO,eAAe,qBAAqB,KAC3C,OAAO,eAAe,wBAAwB,KAC9C,OAAO,eAAe,gBAAgB,KACtC,OAAO,eAAe,QAAQ,KAC9B,OAAO,eAAe,oBAAoB,KAC1C,OAAO,eAAe,sBAAsB,KAC5C,OAAO,eAAe,WAAW,KACjC,OAAO,eAAe,UAAU;AACxC;AAIA,SAAS,qCAAqC;AAC1C,SAAQ,WAAW,IACf,6BAA6B;AACrC;AACA,SAAS,gCAAgC,mBAAmB,eAAe,aAAa;AACpF,oBAAkB,yBACd,cAAc;AAClB,oBAAkB,iBAAiB,cAAc;AACjD,oBAAkB,uBAAuB,cAAc;AACvD,oBAAkB,SAAS,cAAc;AACzC,oBAAkB,uBAAuB;AACzC,oBAAkB,WAAW,cAAc;AAC/C;AACA,SAAS,6BAA6B,mBAAmB,eAAe,aAAa;AACjF,oBAAkB,UAAU,cAAc;AAC1C,oBAAkB,kBAAkB,cAAc;AAClD,oBAAkB,oBAAoB,cAAc;AACpD,oBAAkB,qBAAqB;AAC3C;AAIA,SAAS,2BAA2B,UAAU;AAC1C,SAAO,SAAS,aAAa,WAAW;AAC5C;;;AE7SA,IAAM,YAAN,MAAM,WAAU;AAAA,EACZ,YAAY,WAAW,kBAAkB,cAAc,kBAAkB,QAAQ,eAAe,mBAAmB;AAC/G,SAAK,qBAAqB;AAC1B,SAAK,oBAAoB,cAAc;AACvC,SAAK,mBAAmB;AACxB,SAAK,eAAe;AACpB,SAAK,mBAAmB;AACxB,SAAK,0BAA0B;AAAA,MAC3B,aAAa;AAAA,MACb,eAAe;AAAA,MACf,gBAAgB;AAAA,IACpB;AACA,SAAK,SAAS;AACd,SAAK,oBAAoB;AACzB,SAAK,gBAAgB;AACrB,SAAK,kBAAkB,IAAI,gBAAgB,kBAAkB,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa;AAAA,EACxH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,iBAAiB,cAAc;AAE3B,QAAI,aAAa,gBAAgB,SAAS,UAAU,aAAa,GAAG;AAChE,aAAO,cAAc;AAAA,IACzB;AACA,UAAM,eAAe,aAAa;AAClC,QAAI,aAAa,QAAQ;AACrB,cAAQ,aAAa,CAAC,EAAE,YAAY,GAAG;AAAA,QACnC,KAAK,UAAU;AACX,iBAAO,cAAc;AAAA,QACzB,KAAK,UAAU;AACX,iBAAO,cAAc;AAAA,MAC7B;AAAA,IACJ;AACA,WAAO,cAAc;AAAA,EACzB;AAAA;AAAA,EAEA,IAAI,gBAAgB;AAChB,WAAO,KAAK,iBAAiB,KAAK,+BAA+B;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,eAAe;AACf,WAAO,KAAK,iBAAiB;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,UAAU;AACV,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,qBAAqB;AACrB,WAAO,KAAK,oBAAoB;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,mBAAmB,KAAK;AACxB,SAAK,sBAAsB,IAAI,UAAU,GAAG;AAC5C,SAAK,oBAAoB,cAAc;AACvC,SAAK,mCAAmC;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,kCAAkC;AAClC,QAAI,CAAC,KAAK,kCAAkC;AACxC,WAAK,mCACD,KAAK,oBAAoB,iBAAiB;AAAA,IAClD;AACA,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,kBAAkB;AAClB,WAAO,KAAK,gCAAgC,gBAAgB,YAAY;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,SAAS;AACT,WAAO,KAAK,gCAAgC,aAAa,CAAC;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,wBAAwB;AACxB,QAAI,KAAK,kBAAkB,GAAG;AAC1B,aAAO,KAAK,YAAY,KAAK,SAAS,sBAAsB;AAAA,IAChE,OACK;AACD,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,gBAAgB;AAChB,QAAI,KAAK,kBAAkB,GAAG;AAC1B,aAAO,KAAK,YAAY,KAAK,SAAS,cAAc;AAAA,IACxD,OACK;AACD,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA,EACA,IAAI,qBAAqB;AACrB,QAAI,KAAK,kBAAkB,GAAG;AAC1B,aAAO,KAAK,YAAY,KAAK,SAAS,eAAe,QAAQ,UAAU,aAAa,CAAC;AAAA,IACzF,OACK;AACD,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,qBAAqB;AACrB,QAAI,KAAK,kBAAkB,GAAG;AAE1B,UAAI,CAAC,KAAK,SAAS,sBAAsB;AACrC,cAAM,sBAAsB,8BAA8B;AAAA,MAC9D;AACA,aAAO,KAAK,YAAY,KAAK,SAAS,oBAAoB;AAAA,IAC9D,OACK;AACD,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,wBAAwB;AACxB,QAAI,KAAK,kBAAkB,GAAG;AAC1B,aAAO,KAAK,YAAY,KAAK,SAAS,MAAM;AAAA,IAChD,OACK;AACD,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,UAAU;AACV,QAAI,KAAK,kBAAkB,GAAG;AAC1B,aAAO,KAAK,YAAY,KAAK,SAAS,QAAQ;AAAA,IAClD,OACK;AACD,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,iBAAiB,cAAc;AAC3B,WAAQ,aAAa,aAAa,WAAW,KACzC,CAAC,WAAU,sBAAsB,IAAI,aAAa,aAAa,CAAC,CAAC,KACjE,KAAK,iBAAiB,YAAY,MAAM,cAAc,WACtD,KAAK,iBAAiB,aAAa;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,WAAW;AACrB,WAAO,UAAU,QAAQ,wBAAwB,KAAK,MAAM;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,WAAW;AACnB,QAAI,WAAW;AACf,UAAM,qBAAqB,IAAI,UAAU,KAAK,SAAS,mBAAmB;AAC1E,UAAM,+BAA+B,mBAAmB,iBAAiB;AACzE,UAAM,uBAAuB,6BAA6B;AAC1D,UAAM,wBAAwB,KAAK,gCAAgC;AACnE,0BAAsB,QAAQ,CAAC,aAAa,UAAU;AAClD,UAAI,aAAa,qBAAqB,KAAK;AAC3C,UAAI,UAAU,KACV,KAAK,iBAAiB,4BAA4B,GAAG;AACrD,cAAM,WAAW,IAAI,UAAU,KAAK,SAAS,sBAAsB,EAAE,iBAAiB,EAAE,aAAa,CAAC;AAMtG,YAAI,eAAe,UAAU;AACzB,eAAK,OAAO,QAAQ,gCAAgC,UAAU,YAAY,QAAQ,EAAE;AACpF,uBAAa;AAAA,QACjB;AAAA,MACJ;AACA,UAAI,gBAAgB,YAAY;AAC5B,mBAAW,SAAS,QAAQ,IAAI,UAAU,KAAK,IAAI,WAAW,GAAG;AAAA,MACrE;AAAA,IACJ,CAAC;AACD,WAAO,KAAK,cAAc,QAAQ;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,qCAAqC;AACrC,UAAM,yBAAyB,KAAK;AACpC,QAAI,KAAK,mBAAmB,SAAS,OAAO,KACxC,KAAK,kBAAkB,cAAc,QACpC,KAAK,iBAAiB,aAAa,OAChC,CAAC,KAAK,iCAAiC,sBAAsB,GAAI;AACrE,aAAO,GAAG,KAAK,kBAAkB;AAAA,IACrC;AACA,WAAO,GAAG,KAAK,kBAAkB;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAIA,oBAAoB;AAChB,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,wBAAwB;AAAA;AAC1B,WAAK,mBAAmB,oBAAoB,kBAAkB,gCAAgC,KAAK,aAAa;AAChH,YAAM,iBAAiB,KAAK,yBAAyB;AACrD,YAAM,uBAAuB,MAAM,YAAY,KAAK,6BAA6B,KAAK,IAAI,GAAG,kBAAkB,uCAAuC,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,cAAc;AAC7N,WAAK,qBAAqB,KAAK,mBAAmB,QAAQ,KAAK,iBAAiB,eAAe,iBAAiB;AAChH,YAAM,iBAAiB,MAAM,YAAY,KAAK,uBAAuB,KAAK,IAAI,GAAG,kBAAkB,iCAAiC,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,cAAc;AAC3M,WAAK,qBAAqB,gBAAgB,sBAAsB;AAAA,QAC5D,QAAQ;AAAA,MACZ,CAAC;AACD,WAAK,mBAAmB,UAAU;AAAA,QAC9B;AAAA,QACA,yBAAyB;AAAA,MAC7B,GAAG,KAAK,aAAa;AAAA,IACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,2BAA2B;AACvB,QAAI,iBAAiB,KAAK,aAAa,4BAA4B,KAAK,eAAe;AACvF,QAAI,CAAC,gBAAgB;AACjB,uBAAiB;AAAA,QACb,SAAS,CAAC;AAAA,QACV,iBAAiB,KAAK;AAAA,QACtB,mBAAmB,KAAK;AAAA,QACxB,qBAAqB,KAAK;AAAA,QAC1B,wBAAwB;AAAA,QACxB,gBAAgB;AAAA,QAChB,sBAAsB;AAAA,QACtB,QAAQ;AAAA,QACR,oBAAoB;AAAA,QACpB,sBAAsB;AAAA,QACtB,WAAW,mCAAmC;AAAA,QAC9C,UAAU;AAAA,MACd;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,qBAAqB,gBAAgB,sBAAsB,wBAAwB;AAC/E,QAAI,yBAAyB,wBAAwB,SACjD,wBAAwB,WAAW,wBAAwB,OAAO;AAElE,qBAAe,YACX,mCAAmC;AACvC,qBAAe,sBAAsB,KAAK;AAAA,IAC9C;AACA,UAAM,WAAW,KAAK,aAAa,kCAAkC,eAAe,eAAe;AACnG,SAAK,aAAa,qBAAqB,UAAU,cAAc;AAC/D,SAAK,WAAW;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,uBAAuB,gBAAgB;AAAA;AACzC,WAAK,mBAAmB,oBAAoB,kBAAkB,iCAAiC,KAAK,aAAa;AACjH,YAAM,gBAAgB,KAAK,uCAAuC,cAAc;AAEhF,UAAI,eAAe;AACf,YAAI,cAAc,WACd,wBAAwB,kBAAkB;AAE1C,cAAI,KAAK,iBAAiB,0BAA0B,aAAa;AAC7D,gBAAI,cAAc,UAAU;AACxB,oBAAM,oBAAoB,MAAM,YAAY,KAAK,sCAAsC,KAAK,IAAI,GAAG,kBAAkB,gDAAgD,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,cAAc,QAAQ;AACpP,8CAAgC,gBAAgB,mBAAmB,KAAK;AACxE,6BAAe,sBACX,KAAK;AAAA,YACb;AAAA,UACJ;AAAA,QACJ;AACA,eAAO,cAAc;AAAA,MACzB;AAEA,UAAI,WAAW,MAAM,YAAY,KAAK,+BAA+B,KAAK,IAAI,GAAG,kBAAkB,yCAAyC,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE;AACrM,UAAI,UAAU;AAEV,YAAI,KAAK,iBAAiB,0BAA0B,aAAa;AAC7D,qBAAW,MAAM,YAAY,KAAK,sCAAsC,KAAK,IAAI,GAAG,kBAAkB,gDAAgD,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,QAAQ;AAAA,QAC3N;AACA,wCAAgC,gBAAgB,UAAU,IAAI;AAC9D,eAAO,wBAAwB;AAAA,MACnC,OACK;AAED,cAAM,sBAAsB,mBAAmB,KAAK,kCAAkC;AAAA,MAC1F;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,uCAAuC,gBAAgB;AACnD,SAAK,OAAO,QAAQ,kEAAkE;AACtF,UAAM,iBAAiB,KAAK,8BAA8B;AAC1D,QAAI,gBAAgB;AAChB,WAAK,OAAO,QAAQ,oDAAoD;AACxE,sCAAgC,gBAAgB,gBAAgB,KAAK;AACrE,aAAO;AAAA,QACH,QAAQ,wBAAwB;AAAA,MACpC;AAAA,IACJ;AACA,SAAK,OAAO,QAAQ,gHAAgH;AAEpI,QAAI,KAAK,iBAAiB,4BAA4B;AAClD,WAAK,OAAO,QAAQ,yJAAyJ;AAAA,IACjL,OACK;AACD,YAAM,oBAAoB,KAAK,uCAAuC;AACtE,UAAI,mBAAmB;AACnB,wCAAgC,gBAAgB,mBAAmB,KAAK;AACxE,eAAO;AAAA,UACH,QAAQ,wBAAwB;AAAA,UAChC,UAAU;AAAA,QACd;AAAA,MACJ,OACK;AACD,aAAK,OAAO,QAAQ,4HAA4H;AAAA,MACpJ;AAAA,IACJ;AAEA,UAAM,wBAAwB,2BAA2B,cAAc;AACvE,QAAI,KAAK,oBAAoB,cAAc,KACvC,eAAe,wBACf,CAAC,uBAAuB;AAExB,WAAK,OAAO,QAAQ,uCAAuC;AAC3D,aAAO,EAAE,QAAQ,wBAAwB,MAAM;AAAA,IACnD,WACS,uBAAuB;AAC5B,WAAK,OAAO,QAAQ,iCAAiC;AAAA,IACzD;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,oBAAoB,gBAAgB;AAChC,UAAM,qBAAqB,IAAI,UAAU,eAAe,mBAAmB;AAC3E,UAAM,cAAc,mBAAmB,iBAAiB,EAAE;AAC1D,WAAQ,YAAY,WAChB,KAAK,gCAAgC,aAAa;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA,EAIA,gCAAgC;AAC5B,QAAI,KAAK,iBAAiB,mBAAmB;AACzC,UAAI;AACA,eAAO,KAAK,MAAM,KAAK,iBAAiB,iBAAiB;AAAA,MAC7D,SACO,GAAG;AACN,cAAM,+BAA+B,wBAAwB;AAAA,MACjE;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,iCAAiC;AAAA;AACnC,WAAK,mBAAmB,oBAAoB,kBAAkB,yCAAyC,KAAK,aAAa;AACzH,YAAM,UAAU,CAAC;AAKjB,YAAM,8BAA8B,KAAK;AACzC,WAAK,OAAO,QAAQ,yFAAyF,2BAA2B,EAAE;AAC1I,UAAI;AACA,cAAM,WAAW,MAAM,KAAK,iBAAiB,oBAAoB,6BAA6B,OAAO;AACrG,cAAM,kBAAkB,uBAAuB,SAAS,IAAI;AAC5D,YAAI,iBAAiB;AACjB,iBAAO,SAAS;AAAA,QACpB,OACK;AACD,eAAK,OAAO,QAAQ,4FAA4F;AAChH,iBAAO;AAAA,QACX;AAAA,MACJ,SACO,GAAG;AACN,aAAK,OAAO,QAAQ,6CAA6C,CAAC,EAAE;AACpE,eAAO;AAAA,MACX;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAIA,yCAAyC;AACrC,QAAI,KAAK,mBAAmB,kBAAkB;AAC1C,aAAO,iBAAiB,KAAK,eAAe;AAAA,IAChD;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,sCAAsC,UAAU;AAAA;AAClD,WAAK,mBAAmB,oBAAoB,kBAAkB,gDAAgD,KAAK,aAAa;AAChI,YAAM,4BAA4B,KAAK,iBAAiB,0BAA0B;AAClF,UAAI,2BAA2B;AAC3B,YAAI,8BACA,UAAU,iCAAiC;AAC3C,eAAK,wBAAwB,iBACzB,wBAAwB;AAC5B,eAAK,wBAAwB,cACzB;AACJ,iBAAO,WAAU,+BAA+B,UAAU,yBAAyB;AAAA,QACvF;AACA,cAAM,yBAAyB,MAAM,YAAY,KAAK,gBAAgB,aAAa,KAAK,KAAK,eAAe,GAAG,kBAAkB,6BAA6B,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE,KAAK,iBAAiB,0BACvO,mBAAmB,KAAK,uBAAuB;AACrD,YAAI,wBAAwB;AACxB,eAAK,wBAAwB,iBACzB,wBAAwB;AAC5B,eAAK,wBAAwB,cACzB;AACJ,iBAAO,WAAU,+BAA+B,UAAU,sBAAsB;AAAA,QACpF;AACA,aAAK,wBAAwB,iBACzB,wBAAwB;AAAA,MAChC;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOM,6BAA6B,gBAAgB;AAAA;AAC/C,WAAK,mBAAmB,oBAAoB,kBAAkB,uCAAuC,KAAK,aAAa;AACvH,YAAM,sBAAsB,KAAK,6CAA6C,cAAc;AAC5F,UAAI,qBAAqB;AACrB,eAAO;AAAA,MACX;AAEA,YAAM,WAAW,MAAM,YAAY,KAAK,qCAAqC,KAAK,IAAI,GAAG,kBAAkB,+CAA+C,KAAK,QAAQ,KAAK,mBAAmB,KAAK,aAAa,EAAE;AACnN,UAAI,UAAU;AACV,qCAA6B,gBAAgB,UAAU,IAAI;AAC3D,eAAO,wBAAwB;AAAA,MACnC;AAEA,YAAM,+BAA+B,kBAAkB;AAAA,IAC3D;AAAA;AAAA,EACA,6CAA6C,gBAAgB;AACzD,SAAK,OAAO,QAAQ,0EAA0E;AAC9F,SAAK,OAAO,WAAW,sBAAsB,KAAK,iBAAiB,oBAC/D,UAAU,cAAc,EAAE;AAC9B,SAAK,OAAO,WAAW,uBAAuB,KAAK,iBAAiB,qBAChE,UAAU,cAAc,EAAE;AAC9B,SAAK,OAAO,WAAW,wBAAwB,eAAe,uBAAuB,UAAU,cAAc,EAAE;AAC/G,UAAM,WAAW,KAAK,oCAAoC;AAC1D,QAAI,UAAU;AACV,WAAK,OAAO,QAAQ,2DAA2D;AAC/E,mCAA6B,gBAAgB,UAAU,KAAK;AAC5D,aAAO,wBAAwB;AAAA,IACnC;AAEA,SAAK,OAAO,QAAQ,8HAA8H;AAClJ,QAAI,KAAK,QAAQ,4BAA4B;AACzC,WAAK,OAAO,QAAQ,gLAAgL;AAAA,IACxM,OACK;AACD,YAAM,oBAAoB,6CAA6C,KAAK,eAAe;AAC3F,UAAI,mBAAmB;AACnB,aAAK,OAAO,QAAQ,uDAAuD;AAC3E,qCAA6B,gBAAgB,mBAAmB,KAAK;AACrE,eAAO,wBAAwB;AAAA,MACnC;AACA,WAAK,OAAO,QAAQ,0IAA0I;AAAA,IAClK;AACA,UAAM,wBAAwB,2BAA2B,cAAc;AACvE,QAAI,KAAK,oBAAoB,cAAc,KACvC,eAAe,sBACf,CAAC,uBAAuB;AACxB,WAAK,OAAO,QAAQ,8CAA8C;AAElE,aAAO,wBAAwB;AAAA,IACnC,WACS,uBAAuB;AAC5B,WAAK,OAAO,QAAQ,iCAAiC;AAAA,IACzD;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA,EAIA,sCAAsC;AAElC,QAAI,KAAK,kBAAkB,cAAc,MAAM;AAC3C,WAAK,OAAO,QAAQ,qGAAqG;AACzH,aAAO,WAAU,qCAAqC,KAAK,eAAe;AAAA,IAC9E;AAEA,QAAI,KAAK,iBAAiB,wBAAwB;AAC9C,WAAK,OAAO,QAAQ,sFAAsF;AAC1G,UAAI;AACA,aAAK,OAAO,QAAQ,mDAAmD;AACvE,cAAM,iBAAiB,KAAK,MAAM,KAAK,iBAAiB,sBAAsB;AAC9E,cAAM,WAAW,6CAA6C,eAAe,UAAU,KAAK,eAAe;AAC3G,aAAK,OAAO,QAAQ,sCAAsC;AAC1D,YAAI,UAAU;AACV,eAAK,OAAO,QAAQ,+EAA+E;AACnG,iBAAO;AAAA,QACX,OACK;AACD,eAAK,OAAO,QAAQ,uEAAuE;AAAA,QAC/F;AAAA,MACJ,SACO,GAAG;AACN,aAAK,OAAO,QAAQ,gGAAgG;AACpH,cAAM,+BAA+B,6BAA6B;AAAA,MACtE;AAAA,IACJ;AAEA,QAAI,KAAK,qBAAqB,GAAG;AAC7B,WAAK,OAAO,QAAQ,gGAAgG;AACpH,aAAO,WAAU,qCAAqC,KAAK,eAAe;AAAA,IAC9E;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,uCAAuC;AAAA;AACzC,WAAK,mBAAmB,oBAAoB,kBAAkB,+CAA+C,KAAK,aAAa;AAC/H,YAAM,4BAA4B,GAAG,UAAU,4BAA4B,GAAG,KAAK,kBAAkB;AACrG,YAAM,UAAU,CAAC;AAKjB,UAAI,QAAQ;AACZ,UAAI;AACA,cAAM,WAAW,MAAM,KAAK,iBAAiB,oBAAoB,2BAA2B,OAAO;AACnG,YAAI;AACJ,YAAI;AACJ,YAAI,iCAAiC,SAAS,IAAI,GAAG;AACjD,8BACI,SAAS;AACb,qBAAW,kBAAkB;AAC7B,eAAK,OAAO,WAAW,iCAAiC,kBAAkB,yBAAyB,EAAE;AAAA,QACzG,WACS,sCAAsC,SAAS,IAAI,GAAG;AAC3D,eAAK,OAAO,QAAQ,sHAAsH,SAAS,MAAM,EAAE;AAC3J,8BACI,SAAS;AACb,cAAI,kBAAkB,UAAU,UAAU,kBAAkB;AACxD,iBAAK,OAAO,MAAM,oEAAoE;AACtF,mBAAO;AAAA,UACX;AACA,eAAK,OAAO,QAAQ,oDAAoD,kBAAkB,KAAK,EAAE;AACjG,eAAK,OAAO,QAAQ,gEAAgE,kBAAkB,iBAAiB,EAAE;AACzH,eAAK,OAAO,QAAQ,2FAA2F;AAC/G,qBAAW,CAAC;AAAA,QAChB,OACK;AACD,eAAK,OAAO,MAAM,4FAA4F;AAC9G,iBAAO;AAAA,QACX;AACA,aAAK,OAAO,QAAQ,wIAAwI;AAC5J,gBAAQ,6CAA6C,UAAU,KAAK,eAAe;AAAA,MACvF,SACO,OAAO;AACV,YAAI,iBAAiB,WAAW;AAC5B,eAAK,OAAO,MAAM;AAAA,SAAoG,MAAM,SAAS;AAAA,qBAAwB,MAAM,YAAY,EAAE;AAAA,QACrL,OACK;AACD,gBAAM,aAAa;AACnB,eAAK,OAAO,MAAM;AAAA,SAAwG,WAAW,IAAI;AAAA,qBAAwB,WAAW,OAAO,EAAE;AAAA,QACzL;AACA,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,OAAO;AACR,aAAK,OAAO,QAAQ,sHAAsH;AAC1I,aAAK,OAAO,QAAQ,uDAAuD;AAC3E,gBAAQ,WAAU,qCAAqC,KAAK,eAAe;AAAA,MAC/E;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAIA,uBAAuB;AACnB,UAAM,UAAU,KAAK,iBAAiB,iBAAiB,OAAO,CAAC,cAAc;AACzE,aAAQ,aACJ,UAAU,iBAAiB,SAAS,EAAE,YAAY,MAC9C,KAAK;AAAA,IACjB,CAAC;AACD,WAAO,QAAQ,SAAS;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,kBAAkB,iBAAiB,mBAAmB;AACzD,QAAI;AACJ,QAAI,qBACA,kBAAkB,uBAAuB,mBAAmB,MAAM;AAClE,YAAM,SAAS,kBAAkB,SAC3B,kBAAkB,SAClB,UAAU;AAChB,oCAA8B,GAAG,kBAAkB,kBAAkB,IAAI,MAAM;AAAA,IACnF;AACA,WAAO,8BACD,8BACA;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,qCAAqC,MAAM;AAC9C,WAAO;AAAA,MACH,mBAAmB;AAAA,MACnB,iBAAiB;AAAA,MACjB,SAAS,CAAC,IAAI;AAAA,IAClB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,oBAAoB;AAChB,QAAI,KAAK,kBAAkB,GAAG;AAC1B,aAAO,KAAK,SAAS;AAAA,IACzB,OACK;AACD,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,MAAM;AACV,WAAO,KAAK,SAAS,QAAQ,QAAQ,IAAI,IAAI;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,iCAAiC,MAAM;AACnC,WAAO,iCAAiC,IAAI,IAAI;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,uBAAuB,MAAM;AAChC,WAAO,UAAU,oBAAoB,QAAQ,IAAI,KAAK;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,6BAA6B,MAAM,QAAQ,aAAa;AAE3D,UAAM,uBAAuB,IAAI,UAAU,IAAI;AAC/C,yBAAqB,cAAc;AACnC,UAAM,oBAAoB,qBAAqB,iBAAiB;AAChE,QAAI,kBAAkB,GAAG,MAAM,IAAI,kBAAkB,eAAe;AACpE,QAAI,KAAK,uBAAuB,kBAAkB,eAAe,GAAG;AAChE,wBAAkB,GAAG,MAAM,IAAI,UAAU,iCAAiC;AAAA,IAC9E;AAEA,UAAM,MAAM,UAAU,gCAAgC,iCAC/C,qBAAqB,iBAAiB,IADS;AAAA,MAElD,iBAAiB;AAAA,IACrB,EAAC,EAAE;AAEH,QAAI;AACA,aAAO,GAAG,GAAG,IAAI,WAAW;AAChC,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,+BAA+B,UAAU,aAAa;AACzD,UAAM,mBAAmB,mBAAK;AAC9B,qBAAiB,yBACb,WAAU,6BAA6B,iBAAiB,wBAAwB,WAAW;AAC/F,qBAAiB,iBACb,WAAU,6BAA6B,iBAAiB,gBAAgB,WAAW;AACvF,QAAI,iBAAiB,sBAAsB;AACvC,uBAAiB,uBACb,WAAU,6BAA6B,iBAAiB,sBAAsB,WAAW;AAAA,IACjG;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,OAAO,uBAAuB,WAAW;AACrC,QAAI,gBAAgB;AACpB,UAAM,eAAe,IAAI,UAAU,SAAS;AAC5C,UAAM,yBAAyB,aAAa,iBAAiB;AAE7D,QAAI,uBAAuB,aAAa,WAAW,KAC/C,uBAAuB,gBAAgB,SAAS,UAAU,aAAa,GAAG;AAC1E,YAAM,mBAAmB,uBAAuB,gBAAgB,MAAM,GAAG,EAAE,CAAC;AAC5E,sBAAgB,GAAG,aAAa,GAAG,gBAAgB,GAAG,UAAU,wBAAwB;AAAA,IAC5F;AACA,WAAO;AAAA,EACX;AACJ;AAEA,UAAU,wBAAwB,oBAAI,IAAI;AAAA,EACtC;AAAA,EACA;AAAA,EACA,sBAAsB;AAAA,EACtB,sBAAsB;AAAA,EACtB,sBAAsB;AAC1B,CAAC;AAID,SAAS,6BAA6B,WAAW;AAC7C,QAAM,eAAe,IAAI,UAAU,SAAS;AAC5C,QAAM,yBAAyB,aAAa,iBAAiB;AAS7D,QAAM,WAAW,uBAAuB,aAAa,MAAM,EAAE,EAAE,CAAC,GAAG,YAAY;AAC/E,UAAQ,UAAU;AAAA,IACd,KAAK,sBAAsB;AAAA,IAC3B,KAAK,sBAAsB;AAAA,IAC3B,KAAK,sBAAsB;AACvB,aAAO;AAAA,IACX;AACI,aAAO;AAAA,EACf;AACJ;AACA,SAAS,mBAAmB,cAAc;AACtC,SAAO,aAAa,SAAS,UAAU,aAAa,IAC9C,eACA,GAAG,YAAY,GAAG,UAAU,aAAa;AACnD;AACA,SAAS,4BAA4B,aAAa;AAC9C,QAAM,4BAA4B,YAAY;AAC9C,MAAI,yBAAyB;AAC7B,MAAI,2BAA2B;AAC3B,QAAI;AACA,+BAAyB,KAAK,MAAM,yBAAyB;AAAA,IACjE,SACO,GAAG;AACN,YAAM,+BAA+B,6BAA6B;AAAA,IACtE;AAAA,EACJ;AACA,SAAO;AAAA,IACH,oBAAoB,YAAY,YAC1B,mBAAmB,YAAY,SAAS,IACxC;AAAA,IACN,kBAAkB,YAAY;AAAA,IAC9B;AAAA,EACJ;AACJ;;;ACp1BA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,IAAM,gBAAgB;AACtB,IAAM,2BAA2B;AACjC,IAAM,sBAAsB;AAE5B,IAAM,sBAAsB;AAC5B,IAAM,kBAAkB;AACxB,IAAM,gBAAgB;AACtB,IAAM,WAAW;;;ACCjB,IAAM,wCAAwC;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACJ;AACA,IAAM,yCAAyC;AAAA,EAC3C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACJ;AACA,IAAM,uCAAuC;AAAA,EACzC,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,wBAAwB,GAAG;AAAA,EAC5B,CAAC,mBAAmB,GAAG;AAAA,EACvB,CAAC,QAAQ,GAAG;AAChB;AAKA,IAAM,sCAAsC;AAAA,EACxC,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,qCAAqC,aAAa;AAAA,EAC5D;AAAA,EACA,4BAA4B;AAAA,IACxB,MAAM;AAAA,IACN,MAAM,qCAAqC,wBAAwB;AAAA,EACvE;AAAA,EACA,WAAW;AAAA,IACP,MAAM;AAAA,IACN,MAAM,qCAAqC,QAAQ;AAAA,EACvD;AACJ;AAIA,IAAM,+BAAN,MAAM,sCAAqC,UAAU;AAAA,EACjD,YAAY,WAAW,cAAc,UAAU,WAAW,SAAS,eAAe,QAAQ;AACtF,UAAM,WAAW,cAAc,QAAQ;AACvC,WAAO,eAAe,MAAM,8BAA6B,SAAS;AAClE,SAAK,YAAY,aAAa,UAAU;AACxC,SAAK,UAAU,WAAW,UAAU;AACpC,SAAK,gBAAgB,iBAAiB,UAAU;AAChD,SAAK,SAAS,UAAU,UAAU;AAClC,SAAK,OAAO;AAAA,EAChB;AACJ;AAOA,SAAS,2BAA2B,WAAW,aAAa,UAAU;AAClE,QAAM,iCAAiC,CAAC,CAAC,aACrC,sCAAsC,QAAQ,SAAS,IAAI;AAC/D,QAAM,gCAAgC,CAAC,CAAC,YACpC,uCAAuC,QAAQ,QAAQ,IAAI;AAC/D,QAAM,iCAAiC,CAAC,CAAC,eACrC,sCAAsC,KAAK,CAAC,gBAAgB;AACxD,WAAO,YAAY,QAAQ,WAAW,IAAI;AAAA,EAC9C,CAAC;AACL,SAAQ,kCACJ,kCACA;AACR;AAIA,SAAS,mCAAmC,WAAW;AACnD,SAAO,IAAI,6BAA6B,WAAW,qCAAqC,SAAS,CAAC;AACtG;;;AChFA,IAAI;AAAA,CACH,SAAUC,WAAU;AACjB,EAAAA,UAASA,UAAS,OAAO,IAAI,CAAC,IAAI;AAClC,EAAAA,UAASA,UAAS,SAAS,IAAI,CAAC,IAAI;AACpC,EAAAA,UAASA,UAAS,MAAM,IAAI,CAAC,IAAI;AACjC,EAAAA,UAASA,UAAS,SAAS,IAAI,CAAC,IAAI;AACpC,EAAAA,UAASA,UAAS,OAAO,IAAI,CAAC,IAAI;AACtC,GAAG,aAAa,WAAW,CAAC,EAAE;AAI9B,IAAM,SAAN,MAAM,QAAO;AAAA,EACT,YAAY,eAAe,aAAa,gBAAgB;AAEpD,SAAK,QAAQ,SAAS;AACtB,UAAM,wBAAwB,MAAM;AAChC;AAAA,IACJ;AACA,UAAM,mBAAmB,iBAAiB,QAAO,2BAA2B;AAC5E,SAAK,gBACD,iBAAiB,kBAAkB;AACvC,SAAK,oBAAoB,iBAAiB,qBAAqB;AAC/D,SAAK,QACD,OAAO,iBAAiB,aAAa,WAC/B,iBAAiB,WACjB,SAAS;AACnB,SAAK,gBACD,iBAAiB,iBAAiB,UAAU;AAChD,SAAK,cAAc,eAAe,UAAU;AAC5C,SAAK,iBAAiB,kBAAkB,UAAU;AAAA,EACtD;AAAA,EACA,OAAO,6BAA6B;AAChC,WAAO;AAAA,MACH,gBAAgB,MAAM;AAAA,MAEtB;AAAA,MACA,mBAAmB;AAAA,MACnB,UAAU,SAAS;AAAA,IACvB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,aAAa,gBAAgB,eAAe;AAC9C,WAAO,IAAI,QAAO;AAAA,MACd,gBAAgB,KAAK;AAAA,MACrB,mBAAmB,KAAK;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,eAAe,iBAAiB,KAAK;AAAA,IACzC,GAAG,aAAa,cAAc;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAIA,WAAW,YAAY,SAAS;AAC5B,QAAI,QAAQ,WAAW,KAAK,SACvB,CAAC,KAAK,qBAAqB,QAAQ,aAAc;AAClD;AAAA,IACJ;AACA,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AAEzC,UAAM,YAAY,IAAI,SAAS,QAAQ,QAAQ,iBAAiB,KAAK,iBAAiB,EAAE;AACxF,UAAM,MAAM,GAAG,SAAS,MAAM,KAAK,WAAW,IAAI,KAAK,cAAc,MAAM,SAAS,QAAQ,QAAQ,CAAC,MAAM,UAAU;AAErH,SAAK,gBAAgB,QAAQ,UAAU,KAAK,QAAQ,eAAe,KAAK;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAIA,gBAAgB,OAAO,SAAS,aAAa;AACzC,QAAI,KAAK,eAAe;AACpB,WAAK,cAAc,OAAO,SAAS,WAAW;AAAA,IAClD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,SAAS,eAAe;AAC1B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,SAAS,SAAS,eAAe;AAC7B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,QAAQ,SAAS,eAAe;AAC5B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,WAAW,SAAS,eAAe;AAC/B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,KAAK,SAAS,eAAe;AACzB,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,QAAQ,SAAS,eAAe;AAC5B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,QAAQ,SAAS,eAAe;AAC5B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,WAAW,SAAS,eAAe;AAC/B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,SAAS,eAAe;AAC1B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,SAAS,SAAS,eAAe;AAC7B,SAAK,WAAW,SAAS;AAAA,MACrB,UAAU,SAAS;AAAA,MACnB,aAAa;AAAA,MACb,eAAe,iBAAiB,UAAU;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAIA,sBAAsB;AAClB,WAAO,KAAK,qBAAqB;AAAA,EACrC;AACJ;;;AC5LA,IAAM,OAAO;AACb,IAAM,UAAU;;;ACchB,IAAM,WAAN,MAAM,UAAS;AAAA,EACX,YAAY,aAAa;AAErB,UAAM,WAAW,cACX,YAAY,iBAAiB,CAAC,GAAG,WAAW,CAAC,IAC7C,CAAC;AACP,UAAM,gBAAgB,WAChB,YAAY,4BAA4B,QAAQ,IAChD,CAAC;AAEP,SAAK,oBAAoB,aAAa;AACtC,SAAK,SAAS,oBAAI,IAAI;AACtB,kBAAc,QAAQ,CAAC,UAAU,KAAK,OAAO,IAAI,KAAK,CAAC;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,WAAW,kBAAkB;AAChC,UAAM,cAAc,oBAAoB,UAAU;AAClD,UAAM,cAAc,YAAY,MAAM,GAAG;AACzC,WAAO,IAAI,UAAS,WAAW;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,mBAAmB,kBAAkB;AACxC,UAAM,WAAW,IAAI,UAAS,gBAAgB;AAC9C,QAAI,CAAC,SAAS,uBAAuB,GAAG;AACpC,eAAS,iBAAiB;AAAA,IAC9B,OACK;AACD,eAAS,YAAY,UAAU,oBAAoB;AAAA,IACvD;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBAAoB,aAAa;AAE7B,QAAI,CAAC,eAAe,YAAY,SAAS,GAAG;AACxC,YAAM,+BAA+B,qBAAqB;AAAA,IAC9D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,OAAO;AACjB,UAAM,kBAAkB,KAAK,qBAAqB,EAAE,MAAM,GAAG;AAC7D,UAAM,qBAAqB,IAAI,UAAS,eAAe;AAEvD,WAAO,QACD,mBAAmB,OAAO,IAAI,MAAM,YAAY,CAAC,IACjD;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,iBAAiB,UAAU;AACvB,QAAI,CAAC,YAAY,SAAS,OAAO,QAAQ,GAAG;AACxC,aAAO;AAAA,IACX;AACA,WAAQ,KAAK,OAAO,QAAQ,SAAS,OAAO,QACxC,SAAS,QAAQ,EAAE,MAAM,CAAC,UAAU,KAAK,cAAc,KAAK,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAIA,yBAAyB;AACrB,QAAI,oBAAoB;AACxB,gBAAY,QAAQ,CAAC,iBAAiB;AAClC,UAAI,KAAK,cAAc,YAAY,GAAG;AAClC,6BAAqB;AAAA,MACzB;AAAA,IACJ,CAAC;AACD,WAAO,KAAK,OAAO,SAAS;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,UAAU;AAClB,QAAI,UAAU;AACV,WAAK,OAAO,IAAI,SAAS,KAAK,CAAC;AAAA,IACnC;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,WAAW;AACpB,QAAI;AACA,gBAAU,QAAQ,CAAC,aAAa,KAAK,YAAY,QAAQ,CAAC;AAAA,IAC9D,SACO,GAAG;AACN,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,OAAO;AACf,QAAI,CAAC,OAAO;AACR,YAAM,sBAAsB,sBAAsB;AAAA,IACtD;AACA,SAAK,OAAO,OAAO,MAAM,KAAK,CAAC;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB;AACf,gBAAY,QAAQ,CAAC,iBAAiB;AAClC,WAAK,OAAO,OAAO,YAAY;AAAA,IACnC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,aAAa;AACxB,QAAI,CAAC,aAAa;AACd,YAAM,sBAAsB,kBAAkB;AAAA,IAClD;AACA,UAAM,cAAc,oBAAI,IAAI;AAC5B,gBAAY,OAAO,QAAQ,CAAC,UAAU,YAAY,IAAI,MAAM,YAAY,CAAC,CAAC;AAC1E,SAAK,OAAO,QAAQ,CAAC,UAAU,YAAY,IAAI,MAAM,YAAY,CAAC,CAAC;AACnE,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,aAAa;AAC/B,QAAI,CAAC,aAAa;AACd,YAAM,sBAAsB,kBAAkB;AAAA,IAClD;AAEA,QAAI,CAAC,YAAY,uBAAuB,GAAG;AACvC,kBAAY,iBAAiB;AAAA,IACjC;AACA,UAAM,cAAc,KAAK,eAAe,WAAW;AACnD,UAAM,kBAAkB,YAAY,cAAc;AAClD,UAAM,iBAAiB,KAAK,cAAc;AAC1C,UAAM,kBAAkB,YAAY;AACpC,WAAO,kBAAkB,iBAAiB;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAIA,gBAAgB;AACZ,WAAO,KAAK,OAAO;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAIA,UAAU;AACN,UAAM,QAAQ,CAAC;AACf,SAAK,OAAO,QAAQ,CAAC,QAAQ,MAAM,KAAK,GAAG,CAAC;AAC5C,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA,EAIA,cAAc;AACV,QAAI,KAAK,QAAQ;AACb,YAAM,WAAW,KAAK,QAAQ;AAC9B,aAAO,SAAS,KAAK,GAAG;AAAA,IAC5B;AACA,WAAO,UAAU;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAIA,uBAAuB;AACnB,WAAO,KAAK,YAAY,EAAE,YAAY;AAAA,EAC1C;AACJ;;;ACxLA,IAAM,eAAN,MAAM,cAAa;AAAA,EACf,YAAY,UAAU,YAAY,QAAQ,wBAAwB;AAC9D,SAAK,WAAW;AAChB,SAAK,aAAa;AAClB,SAAK,eAAe,OAAO,MAAM,MAAM,OAAO;AAC9C,SAAK,yBAAyB;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe,eAAe;AAC1B,WAAO,KAAK,oBAAoB,KAAK,sBAAsB,iBAAiB,CAAC,CAAC,GAAG,aAAa;AAAA,EAClG;AAAA;AAAA;AAAA;AAAA,EAIA,yBAAyB,eAAe;AACpC,UAAM,cAAc,KAAK,eAAe,aAAa;AACrD,QAAI,YAAY,SAAS,GAAG;AAExB,YAAM,iBAAiB,YAAY,KAAK,CAAC,YAAY;AACjD,eAAO,QAAQ,gBAAgB,KAAK;AAAA,MACxC,CAAC;AACD,aAAO,eAAe,CAAC;AAAA,IAC3B,WACS,YAAY,WAAW,GAAG;AAE/B,aAAO,YAAY,CAAC;AAAA,IACxB,OACK;AACD,aAAO;AAAA,IACX;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBAAmB,eAAe;AAC9B,UAAM,kBAAkB,KAAK,sBAAsB,aAAa;AAChE,QAAI,gBAAgB,SAAS,GAAG;AAC5B,aAAO,gBAAgB,CAAC,EAAE,eAAe;AAAA,IAC7C,OACK;AACD,aAAO;AAAA,IACX;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,oBAAoB,gBAAgB,eAAe;AAC/C,WAAO,eAAe,QAAQ,CAAC,kBAAkB;AAC7C,aAAO,KAAK,gCAAgC,eAAe,aAAa;AAAA,IAC5E,CAAC;AAAA,EACL;AAAA,EACA,gCAAgC,eAAe,eAAe;AAC1D,WAAO,KAAK,mCAAmC,eAAe,eAAe,UAAU,aAAa;AAAA,EACxG;AAAA,EACA,+BAA+B,aAAa,WAAW,eAAe,qBAAqB;AACvF,QAAI,sBAAsB;AAC1B,QAAI;AACJ,QAAI,qBAAqB;AACrB,UAAI,CAAC,KAAK,2BAA2B,eAAe,mBAAmB,GAAG;AACtE,eAAO;AAAA,MACX;AAAA,IACJ;AACA,UAAM,UAAU,KAAK,WAAW,aAAa,WAAW,cAAc,QAAQ;AAC9E,QAAI,SAAS;AACT,sBAAgB,mBAAmB,QAAQ,QAAQ,KAAK,WAAW,YAAY;AAC/E,UAAI,CAAC,KAAK,sCAAsC,eAAe,mBAAmB,GAAG;AAEjF,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,0BAAsB,+BAA+B,aAAa,eAAe,eAAe,SAAS,MAAM;AAC/G,WAAO;AAAA,EACX;AAAA,EACA,mCAAmC,eAAe,gBAAgB,qBAAqB;AACnF,UAAM,cAAc,cAAc,eAAe;AACjD,QAAI,uBAAuB,YAAY,kBAAkB,oBAAI,IAAI;AACjE,UAAM,YAAY,KAAK,aAAa;AAEpC,QAAI,gBAAgB;AAChB,YAAM,gBAAgB,qBAAqB,IAAI,cAAc;AAC7D,UAAI,eAAe;AAEf,+BAAuB,oBAAI,IAAI;AAAA,UAC3B,CAAC,gBAAgB,aAAa;AAAA,QAClC,CAAC;AAAA,MACL,OACK;AAED,eAAO,CAAC;AAAA,MACZ;AAAA,IACJ;AACA,UAAM,yBAAyB,CAAC;AAChC,yBAAqB,QAAQ,CAAC,kBAAkB;AAC5C,YAAM,sBAAsB,KAAK,+BAA+B,aAAa,WAAW,eAAe,mBAAmB;AAC1H,UAAI,qBAAqB;AACrB,+BAAuB,KAAK,mBAAmB;AAAA,MACnD;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,EACX;AAAA,EACA,2BAA2B,eAAe,qBAAqB;AAC3D,QAAI,CAAC,CAAC,oBAAoB,kBACtB,CAAC,KAAK,qCAAqC,eAAe,oBAAoB,cAAc,GAAG;AAC/F,aAAO;AAAA,IACX;AACA,QAAI,CAAC,CAAC,oBAAoB,QACtB,EAAE,cAAc,SAAS,oBAAoB,OAAO;AACpD,aAAO;AAAA,IACX;AACA,QAAI,oBAAoB,iBAAiB,UACrC,EAAE,cAAc,iBAAiB,oBAAoB,eAAe;AACpE,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA,EACA,sCAAsC,eAAe,qBAAqB;AAEtE,QAAI,qBAAqB;AACrB,UAAI,CAAC,CAAC,oBAAoB,kBACtB,CAAC,KAAK,mCAAmC,eAAe,oBAAoB,cAAc,GAAG;AAC7F,eAAO;AAAA,MACX;AACA,UAAI,CAAC,CAAC,oBAAoB,aACtB,CAAC,KAAK,8BAA8B,eAAe,oBAAoB,SAAS,GAAG;AACnF,eAAO;AAAA,MACX;AACA,UAAI,CAAC,CAAC,oBAAoB,YACtB,CAAC,KAAK,cAAc,cAAc,oBAAoB,oBAAoB,QAAQ,GAAG;AACrF,eAAO;AAAA,MACX;AACA,UAAI,CAAC,CAAC,oBAAoB,QACtB,CAAC,KAAK,UAAU,eAAe,oBAAoB,IAAI,GAAG;AAC1D,eAAO;AAAA,MACX;AACA,UAAI,CAAC,CAAC,oBAAoB,OACtB,CAAC,KAAK,SAAS,eAAe,oBAAoB,GAAG,GAAG;AACxD,eAAO;AAAA,MACX;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,gBAAgB,aAAa,cAAc;AAAA;AAC7C,UAAI,CAAC,aAAa;AACd,cAAM,sBAAsB,kBAAkB;AAAA,MAClD;AACA,UAAI,CAAC,CAAC,YAAY,SAAS;AACvB,aAAK,WAAW,YAAY,OAAO;AAAA,MACvC;AACA,UAAI,CAAC,CAAC,YAAY,WAAW,cAAc,YAAY,OAAO;AAC1D,aAAK,qBAAqB,YAAY,OAAO;AAAA,MACjD;AACA,UAAI,CAAC,CAAC,YAAY,eAAe,cAAc,gBAAgB,OAAO;AAClE,cAAM,KAAK,gBAAgB,YAAY,WAAW;AAAA,MACtD;AACA,UAAI,CAAC,CAAC,YAAY,gBACd,cAAc,iBAAiB,OAAO;AACtC,aAAK,0BAA0B,YAAY,YAAY;AAAA,MAC3D;AACA,UAAI,CAAC,CAAC,YAAY,aAAa;AAC3B,aAAK,eAAe,YAAY,WAAW;AAAA,MAC/C;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,gBAAgB,YAAY;AAAA;AAC9B,YAAM,oBAAoB;AAAA,QACtB,UAAU,WAAW;AAAA,QACrB,gBAAgB,WAAW;AAAA,QAC3B,aAAa,WAAW;AAAA,QACxB,eAAe,WAAW;AAAA,QAC1B,OAAO,WAAW;AAAA,QAClB,WAAW,WAAW;AAAA,QACtB,qBAAqB,WAAW;AAAA,MACpC;AACA,YAAM,YAAY,KAAK,aAAa;AACpC,YAAM,gBAAgB,SAAS,WAAW,WAAW,MAAM;AAC3D,YAAM,sBAAsB,CAAC;AAC7B,gBAAU,YAAY,QAAQ,CAAC,QAAQ;AACnC,YAAI,CAAC,KAAK,4BAA4B,KAAK,mBAAmB,KAAK,GAAG;AAClE;AAAA,QACJ;AACA,cAAM,cAAc,KAAK,yBAAyB,GAAG;AACrD,YAAI,eACA,KAAK,wBAAwB,aAAa,iBAAiB,GAAG;AAC9D,gBAAM,gBAAgB,SAAS,WAAW,YAAY,MAAM;AAC5D,cAAI,cAAc,sBAAsB,aAAa,GAAG;AACpD,gCAAoB,KAAK,KAAK,kBAAkB,GAAG,CAAC;AAAA,UACxD;AAAA,QACJ;AAAA,MACJ,CAAC;AACD,YAAM,QAAQ,IAAI,mBAAmB;AACrC,WAAK,yBAAyB,UAAU;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBAAsB,eAAe;AACjC,UAAM,iBAAiB,KAAK,eAAe;AAC3C,UAAM,mBAAmB,CAAC;AAC1B,mBAAe,QAAQ,CAAC,aAAa;AACjC,UAAI,CAAC,KAAK,aAAa,UAAU,cAAc,aAAa,GAAG;AAE3D;AAAA,MACJ;AACA,YAAM,SAAS,KAAK,WAAW,UAAU,KAAK,YAAY;AAE1D,UAAI,CAAC,QAAQ;AACT;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,cAAc,iBAChB,CAAC,KAAK,mBAAmB,QAAQ,cAAc,aAAa,GAAG;AAC/D;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,cAAc,YAChB,CAAC,KAAK,cAAc,OAAO,UAAU,cAAc,QAAQ,GAAG;AAC9D;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,cAAc,eAChB,CAAC,KAAK,iBAAiB,QAAQ,cAAc,WAAW,GAAG;AAC3D;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,cAAc,SAChB,CAAC,KAAK,WAAW,QAAQ,cAAc,KAAK,GAAG;AAC/C;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,cAAc,mBAChB,CAAC,KAAK,qBAAqB,QAAQ,cAAc,eAAe,GAAG;AACnE;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,cAAc,iBAChB,CAAC,KAAK,mBAAmB,QAAQ,cAAc,aAAa,GAAG;AAC/D;AAAA,MACJ;AAEA,YAAM,sBAAsB;AAAA,QACxB,gBAAgB,eAAe;AAAA,QAC/B,MAAM,eAAe;AAAA,MACzB;AACA,YAAM,yBAAyB,OAAO,gBAAgB,OAAO,CAAC,kBAAkB;AAC5E,eAAO,KAAK,2BAA2B,eAAe,mBAAmB;AAAA,MAC7E,CAAC;AACD,UAAI,0BAA0B,uBAAuB,WAAW,GAAG;AAE/D;AAAA,MACJ;AACA,uBAAiB,KAAK,MAAM;AAAA,IAChC,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,KAAK,eAAe,UAAU;AACvC,QAAI,IAAI,MAAM,WAAW,mBAAmB,EAAE,SAAS,GAAG;AAEtD,aAAO;AAAA,IACX;AACA,QAAI,iBACA,CAAC,IAAI,YAAY,EAAE,SAAS,cAAc,YAAY,CAAC,GAAG;AAC1D,aAAO;AAAA,IACX;AACA,QAAI,YAAY,CAAC,IAAI,YAAY,EAAE,SAAS,SAAS,YAAY,CAAC,GAAG;AACjE,aAAO;AAAA,IACX;AAEA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB,KAAK;AACjB,QAAI,IAAI,MAAM,WAAW,mBAAmB,EAAE,SAAS,GAAG;AAEtD,aAAO;AAAA,IACX;AACA,UAAM,eAAe,IAAI,YAAY;AAErC,QAAI,aAAa,QAAQ,eAAe,SAAS,YAAY,CAAC,MAC1D,MACA,aAAa,QAAQ,eAAe,aAAa,YAAY,CAAC,MAC1D,MACJ,aAAa,QAAQ,eAAe,8BAA8B,YAAY,CAAC,MAAM,MACrF,aAAa,QAAQ,eAAe,cAAc,YAAY,CAAC,MAC3D,IAAI;AACR,aAAO;AAAA,IACX;AACA,QAAI,aAAa,QAAQ,eAAe,cAAc,YAAY,CAAC,IAC/D,IAAI;AAEJ,YAAM,qBAAqB,GAAG,eAAe,aAAa,GAAG,WAAW,mBAAmB,GAAG,KAAK,QAAQ,GAAG,WAAW,mBAAmB;AAC5I,YAAM,qBAAqB,GAAG,eAAe,aAAa,GAAG,WAAW,mBAAmB,GAAG,aAAa,GAAG,WAAW,mBAAmB;AAC5I,UAAI,aAAa,QAAQ,mBAAmB,YAAY,CAAC,MAAM,MAC3D,aAAa,QAAQ,mBAAmB,YAAY,CAAC,MAAM,IAAI;AAC/D,eAAO;AAAA,MACX;AAAA,IACJ,WACS,aAAa,QAAQ,KAAK,SAAS,YAAY,CAAC,MAAM,IAAI;AAE/D,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,wBAAwB,QAAQ,QAAQ;AACpC,QAAI,CAAC,CAAC,OAAO,YAAY,CAAC,KAAK,cAAc,QAAQ,OAAO,QAAQ,GAAG;AACnE,aAAO;AAAA,IACX;AACA,QAAI,CAAC,CAAC,OAAO,qBACT,CAAC,KAAK,uBAAuB,QAAQ,OAAO,iBAAiB,GAAG;AAChE,aAAO;AAAA,IACX;AAKA,QAAI,OAAO,OAAO,kBAAkB,YAChC,CAAC,KAAK,mBAAmB,QAAQ,OAAO,aAAa,GAAG;AACxD,aAAO;AAAA,IACX;AACA,QAAI,CAAC,CAAC,OAAO,eACT,CAAC,KAAK,iBAAiB,QAAQ,OAAO,WAAW,GAAG;AACpD,aAAO;AAAA,IACX;AACA,QAAI,CAAC,CAAC,OAAO,SAAS,CAAC,KAAK,WAAW,QAAQ,OAAO,KAAK,GAAG;AAC1D,aAAO;AAAA,IACX;AACA,QAAI,CAAC,CAAC,OAAO,kBACT,CAAC,KAAK,oBAAoB,QAAQ,OAAO,cAAc,GAAG;AAC1D,aAAO;AAAA,IACX;AACA,QAAI,CAAC,CAAC,OAAO,YAAY,CAAC,KAAK,cAAc,QAAQ,OAAO,QAAQ,GAAG;AACnE,aAAO;AAAA,IACX;AAKA,QAAI,CAAC,CAAC,OAAO,UAAU,CAAC,KAAK,YAAY,QAAQ,OAAO,MAAM,GAAG;AAC7D,aAAO;AAAA,IACX;AAEA,QAAI,OAAO,uBAAuB,OAAO,qBAAqB;AAE1D,UAAI,OAAO,wBAAwB,OAAO,qBAAqB;AAC3D,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,QAAI,OAAO,mBACP,eAAe,+BAA+B;AAC9C,UAAI,CAAC,CAAC,OAAO,aACT,CAAC,KAAK,eAAe,QAAQ,OAAO,SAAS,GAAG;AAChD,eAAO;AAAA,MACX;AAEA,UAAI,OAAO,cAAc,qBAAqB,KAAK;AAC/C,YAAI,OAAO,SAAS,CAAC,KAAK,WAAW,QAAQ,OAAO,KAAK,GAAG;AACxD,iBAAO;AAAA,QACX;AAAA,MACJ;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,yBAAyB,QAAQ;AAC7B,WAAO,KAAK,iCAAiC,OAAO,aAAa,OAAO,QAAQ;AAAA,EACpF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,iCAAiC,aAAa,UAAU;AACpD,UAAM,eAAe,KAAK,QAAQ;AAClC,UAAM,sBAAsB,CAAC;AAC7B,iBAAa,QAAQ,CAAC,aAAa;AAE/B,UAAI,CAAC,KAAK,cAAc,QAAQ,GAAG;AAC/B;AAAA,MACJ;AAEA,YAAM,SAAS,KAAK,eAAe,QAAQ;AAC3C,UAAI,CAAC,QAAQ;AACT;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,eAAe,CAAC,KAAK,iBAAiB,QAAQ,WAAW,GAAG;AAC9D;AAAA,MACJ;AACA,UAAI,CAAC,CAAC,YAAY,CAAC,KAAK,cAAc,QAAQ,QAAQ,GAAG;AACrD;AAAA,MACJ;AACA,0BAAoB,QAAQ,IAAI;AAAA,IACpC,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,4BAA4B,MAAM;AAC9B,UAAM,eAAe,KAAK,yBAAyB;AACnD,QAAI,gBAAgB;AACpB,iBAAa,QAAQ,CAAC,aAAa;AAE/B,UAAI,CAAC,KAAK,oBAAoB,QAAQ,KAClC,SAAS,QAAQ,KAAK,QAAQ,MAAM,IAAI;AACxC;AAAA,MACJ;AAEA,YAAM,SAAS,KAAK,qBAAqB,QAAQ;AACjD,UAAI,CAAC,QAAQ;AACT;AAAA,MACJ;AACA,UAAI,OAAO,QAAQ,QAAQ,IAAI,MAAM,IAAI;AACrC;AAAA,MACJ;AACA,sBAAgB;AAAA,IACpB,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA,EAIM,oBAAoB;AAAA;AACtB,YAAM,iBAAiB,KAAK,eAAe;AAC3C,YAAM,kBAAkB,CAAC;AACzB,qBAAe,QAAQ,CAAC,aAAa;AACjC,wBAAgB,KAAK,KAAK,cAAc,QAAQ,CAAC;AAAA,MACrD,CAAC;AACD,YAAM,QAAQ,IAAI,eAAe;AAAA,IACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,cAAc,YAAY;AAAA;AAC5B,YAAM,UAAU,KAAK,WAAW,YAAY,KAAK,YAAY;AAC7D,UAAI,CAAC,SAAS;AACV;AAAA,MACJ;AACA,YAAM,KAAK,qBAAqB,OAAO;AACvC,WAAK,WAAW,UAAU;AAAA,IAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,qBAAqB,SAAS;AAAA;AAChC,YAAM,eAAe,KAAK,aAAa;AACvC,YAAM,YAAY,QAAQ,kBAAkB;AAC5C,YAAM,qBAAqB,CAAC;AAC5B,mBAAa,QAAQ,QAAQ,CAAC,QAAQ;AAClC,YAAI,IAAI,QAAQ,SAAS,MAAM,GAAG;AAC9B,eAAK,cAAc,GAAG;AAAA,QAC1B;AAAA,MACJ,CAAC;AACD,mBAAa,YAAY,QAAQ,CAAC,QAAQ;AACtC,YAAI,IAAI,QAAQ,SAAS,MAAM,GAAG;AAC9B,6BAAmB,KAAK,KAAK,kBAAkB,GAAG,CAAC;AAAA,QACvD;AAAA,MACJ,CAAC;AACD,mBAAa,aAAa,QAAQ,CAAC,QAAQ;AACvC,YAAI,IAAI,QAAQ,SAAS,MAAM,GAAG;AAC9B,eAAK,mBAAmB,GAAG;AAAA,QAC/B;AAAA,MACJ,CAAC;AACD,YAAM,QAAQ,IAAI,kBAAkB;AAAA,IACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,4BAA4B,YAAY,eAAe,QAAQ;AAE3D,QAAI,iBAAiB,cAAc,eAAe,GAAG;AACjD,WAAK,cAAc,QAAQ,qIAAqI;AAEhK,YAAM,sBAAsB,KAAK,eAAe,EAAE,OAAO,CAAC,QAAQ;AAC9D,eAAO,IAAI,WAAW,cAAc,aAAa;AAAA,MACrD,CAAC;AAED,YAAM,kBAAkB,CAAC;AACzB,0BAAoB,QAAQ,CAAC,QAAQ;AACjC,cAAM,UAAU,KAAK,uBAAuB,GAAG;AAC/C,YAAI,SAAS;AACT,0BAAgB,KAAK,OAAO;AAAA,QAChC;AAAA,MACJ,CAAC;AAED,YAAM,cAAc,gBAAgB,KAAK,CAAC,YAAY;AAClD,eAAO,0BAA0B,QAAQ,OAAO,QAAQ,aAAa;AAAA,MACzE,CAAC,KAAK,gBAAgB,CAAC;AAEvB,kBAAY,iBAAiB,gBAAgB,IAAI,CAAC,YAAY;AAC1D,eAAO;AAAA,UACH,UAAU,QAAQ;AAAA,UAClB,gBAAgB,QAAQ;AAAA,UACxB,MAAM,QAAQ;AAAA,UACd,cAAc,0BAA0B,QAAQ,OAAO,QAAQ,aAAa;AAAA,QAChF;AAAA,MACJ,CAAC;AACD,YAAM,iBAAiB,cAAa,SAAS,IAAI,cAAc,GAAG,mBAC3D,YACN;AACD,YAAM,gBAAgB,eAAe,mBAAmB;AAExD,0BAAoB,QAAQ,CAAC,QAAQ;AACjC,YAAI,QAAQ,eAAe;AACvB,eAAK,sBAAsB,UAAU;AAAA,QACzC;AAAA,MACJ,CAAC;AAED,WAAK,WAAW,cAAc;AAC9B,cAAQ,QAAQ,iDAAiD;AACjE,aAAO;AAAA,IACX;AAEA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,kBAAkB,KAAK;AAAA;AACzB,YAAM,aAAa,KAAK,yBAAyB,GAAG;AACpD,UAAI,CAAC,YAAY;AACb;AAAA,MACJ;AAEA,UAAI,WAAW,eAAe,YAAY,MACtC,eAAe,8BAA8B,YAAY,GAAG;AAC5D,YAAI,WAAW,cAAc,qBAAqB,KAAK;AACnD,gBAAM,kCAAkC;AACxC,gBAAM,MAAM,gCAAgC;AAC5C,cAAI,KAAK;AACL,gBAAI;AACA,oBAAM,KAAK,WAAW,sBAAsB,GAAG;AAAA,YACnD,SACO,OAAO;AACV,oBAAM,sBAAsB,oBAAoB;AAAA,YACpD;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AACA,aAAO,KAAK,WAAW,GAAG;AAAA,IAC9B;AAAA;AAAA;AAAA;AAAA;AAAA,EAIA,oBAAoB;AAChB,UAAM,eAAe,KAAK,QAAQ;AAClC,iBAAa,QAAQ,CAAC,aAAa;AAC/B,UAAI,KAAK,cAAc,QAAQ,GAAG;AAC9B,aAAK,WAAW,QAAQ;AAAA,MAC5B;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,qBAAqB,SAAS;AAC1B,UAAM,aAAa,cAAc,wBAAwB,OAAO;AAChE,WAAO,KAAK,WAAW,YAAY,KAAK,YAAY;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,WAAW,SAAS,WAAW,aAAa,mBAAmB,eAAe;AAC1E,SAAK,aAAa,MAAM,kCAAkC;AAC1D,UAAM,gBAAgB;AAAA,MAClB,eAAe,QAAQ;AAAA,MACvB,aAAa,QAAQ;AAAA,MACrB,gBAAgB,eAAe;AAAA,MAC/B,UAAU,KAAK;AAAA,MACf,OAAO;AAAA,IACX;AACA,UAAM,aAAa,KAAK,oBAAoB,eAAe,SAAS;AACpE,UAAM,cAAc,WAAW;AAC/B,QAAI,cAAc,GAAG;AACjB,WAAK,aAAa,KAAK,0CAA0C;AACjE,aAAO;AAAA,IACX,WACS,cAAc,GAAG;AACtB,UAAI,oBAAoB;AAExB,UAAI,CAAC,aAAa;AACd,cAAM,iBAAiB,oBAAI,IAAI;AAC/B,mBAAW,QAAQ,CAAC,SAAS,QAAQ;AACjC,cAAI,QAAQ,UAAU,QAAQ,UAAU;AACpC,2BAAe,IAAI,KAAK,OAAO;AAAA,UACnC;AAAA,QACJ,CAAC;AACD,cAAM,kBAAkB,eAAe;AACvC,YAAI,kBAAkB,GAAG;AACrB,eAAK,aAAa,KAAK,gIAAgI;AACvJ,iBAAO,WAAW,OAAO,EAAE,KAAK,EAAE;AAAA,QACtC,WACS,oBAAoB,GAAG;AAC5B,eAAK,aAAa,KAAK,mGAAmG;AAC1H,iBAAO,eAAe,OAAO,EAAE,KAAK,EAAE;AAAA,QAC1C,OACK;AAED,8BAAoB;AAAA,QACxB;AAAA,MACJ;AAEA,WAAK,aAAa,KAAK,4EAA4E;AACnG,wBAAkB,QAAQ,CAAC,SAAS,QAAQ;AACxC,aAAK,cAAc,GAAG;AAAA,MAC1B,CAAC;AACD,UAAI,qBAAqB,eAAe;AACpC,0BAAkB,UAAU,EAAE,gBAAgB,WAAW,KAAK,GAAG,aAAa;AAAA,MAClF;AACA,aAAO;AAAA,IACX;AACA,SAAK,aAAa,KAAK,8CAA8C;AACrE,WAAO,WAAW,OAAO,EAAE,KAAK,EAAE;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBAAoB,QAAQ,WAAW;AACnC,UAAM,cAAe,aAAa,UAAU,WAAY,KAAK,aAAa,EAAE;AAC5E,UAAM,WAAW,oBAAI,IAAI;AACzB,gBAAY,QAAQ,CAAC,QAAQ;AACzB,UAAI,CAAC,KAAK,wBAAwB,KAAK;AAAA,QACnC,UAAU,KAAK;AAAA,SACZ,OACN,GAAG;AACA;AAAA,MACJ;AACA,YAAM,UAAU,KAAK,qBAAqB,GAAG;AAC7C,UAAI,WAAW,KAAK,wBAAwB,SAAS,MAAM,GAAG;AAC1D,iBAAS,IAAI,KAAK,OAAO;AAAA,MAC7B;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,wBAAwB,UAAU,QAAQ;AACtC,UAAM,MAAM,SAAS,YAAY;AACjC,QAAI,OAAO,YACP,IAAI,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,IAAI;AACnD,aAAO;AAAA,IACX;AACA,QAAI,OAAO,iBACP,IAAI,QAAQ,OAAO,cAAc,YAAY,CAAC,MAAM,IAAI;AACxD,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,KAAK;AACf,SAAK,WAAW,GAAG;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,KAAK;AACpB,SAAK,WAAW,GAAG;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,eAAe,SAAS,SAAS,WAAW,aAAa,mBAAmB,eAAe;AACvF,SAAK,aAAa,MAAM,sCAAsC;AAC9D,UAAM,SAAS,SAAS,mBAAmB,QAAQ,MAAM;AACzD,UAAM,aAAa,QAAQ,wBAAwB,qBAAqB;AAKxE,UAAM,iBAAiB,cACnB,WAAW,YAAY,MACnB,qBAAqB,OAAO,YAAY,IAC1C,eAAe,gCACf,eAAe;AACrB,UAAM,oBAAoB;AAAA,MACtB,eAAe,QAAQ;AAAA,MACvB,aAAa,QAAQ;AAAA,MACrB;AAAA,MACA,UAAU,KAAK;AAAA,MACf,OAAO,eAAe,QAAQ;AAAA,MAC9B,QAAQ;AAAA,MACR,WAAW;AAAA,MACX,OAAO,QAAQ;AAAA,MACf,qBAAqB,QAAQ;AAAA,IACjC;AACA,UAAM,kBAAmB,aAAa,UAAU,eAC5C,KAAK,aAAa,EAAE;AACxB,UAAM,eAAe,CAAC;AACtB,oBAAgB,QAAQ,CAAC,QAAQ;AAE7B,UAAI,KAAK,4BAA4B,KAAK,mBAAmB,IAAI,GAAG;AAChE,cAAM,cAAc,KAAK,yBAAyB,GAAG;AAErD,YAAI,eACA,KAAK,wBAAwB,aAAa,iBAAiB,GAAG;AAC9D,uBAAa,KAAK,WAAW;AAAA,QACjC;AAAA,MACJ;AAAA,IACJ,CAAC;AACD,UAAM,kBAAkB,aAAa;AACrC,QAAI,kBAAkB,GAAG;AACrB,WAAK,aAAa,KAAK,8CAA8C;AACrE,aAAO;AAAA,IACX,WACS,kBAAkB,GAAG;AAC1B,WAAK,aAAa,KAAK,2EAA2E;AAClG,mBAAa,QAAQ,CAAC,gBAAgB;AAClC,aAAK,KAAK,kBAAkB,sBAAsB,WAAW,CAAC;AAAA,MAClE,CAAC;AACD,UAAI,qBAAqB,eAAe;AACpC,0BAAkB,UAAU,EAAE,gBAAgB,aAAa,OAAO,GAAG,aAAa;AAAA,MACtF;AACA,aAAO;AAAA,IACX;AACA,SAAK,aAAa,KAAK,sDAAsD;AAC7E,WAAO,aAAa,CAAC;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,4BAA4B,UAAU,QAAQ,yBAAyB;AACnE,UAAM,MAAM,SAAS,YAAY;AACjC,QAAI,OAAO,YACP,IAAI,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,IAAI;AACnD,aAAO;AAAA,IACX;AACA,QAAI,OAAO,iBACP,IAAI,QAAQ,OAAO,cAAc,YAAY,CAAC,MAAM,IAAI;AACxD,aAAO;AAAA,IACX;AACA,QAAI,OAAO,SAAS,IAAI,QAAQ,OAAO,MAAM,YAAY,CAAC,MAAM,IAAI;AAChE,aAAO;AAAA,IACX;AACA,QAAI,OAAO,uBACP,IAAI,QAAQ,OAAO,oBAAoB,YAAY,CAAC,MAAM,IAAI;AAC9D,aAAO;AAAA,IACX;AACA,QAAI,OAAO,QAAQ;AACf,YAAM,SAAS,OAAO,OAAO,QAAQ;AACrC,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACpC,YAAI,2BACA,CAAC,IAAI,SAAS,OAAO,CAAC,EAAE,YAAY,CAAC,GAAG;AAExC,iBAAO;AAAA,QACX,WACS,CAAC,2BACN,IAAI,SAAS,OAAO,CAAC,EAAE,YAAY,CAAC,GAAG;AAEvC,iBAAO;AAAA,QACX;AAAA,MACJ;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,wBAAwB,QAAQ;AAC5B,UAAM,YAAY,KAAK,aAAa;AACpC,UAAM,eAAe,CAAC;AACtB,cAAU,YAAY,QAAQ,CAAC,QAAQ;AACnC,UAAI,CAAC,KAAK,4BAA4B,KAAK,QAAQ,IAAI,GAAG;AACtD;AAAA,MACJ;AACA,YAAM,cAAc,KAAK,yBAAyB,GAAG;AACrD,UAAI,eACA,KAAK,wBAAwB,aAAa,MAAM,GAAG;AACnD,qBAAa,KAAK,WAAW;AAAA,MACjC;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,gBAAgB,SAAS,UAAU,WAAW,mBAAmB,eAAe;AAC5E,SAAK,aAAa,MAAM,uCAAuC;AAC/D,UAAM,KAAK,WAAW,gBAAgB;AACtC,UAAM,qBAAqB;AAAA,MACvB,eAAe,QAAQ;AAAA,MACvB,aAAa,QAAQ;AAAA,MACrB,gBAAgB,eAAe;AAAA,MAC/B,UAAU,KAAK;AAAA,MACf,UAAU;AAAA,IACd;AACA,UAAM,mBAAoB,aAAa,UAAU,gBAC7C,KAAK,aAAa,EAAE;AACxB,UAAM,gBAAgB,CAAC;AACvB,qBAAiB,QAAQ,CAAC,QAAQ;AAE9B,UAAI,KAAK,6BAA6B,KAAK,kBAAkB,GAAG;AAC5D,cAAM,eAAe,KAAK,0BAA0B,GAAG;AAEvD,YAAI,gBACA,KAAK,wBAAwB,cAAc,kBAAkB,GAAG;AAChE,wBAAc,KAAK,YAAY;AAAA,QACnC;AAAA,MACJ;AAAA,IACJ,CAAC;AACD,UAAM,mBAAmB,cAAc;AACvC,QAAI,mBAAmB,GAAG;AACtB,WAAK,aAAa,KAAK,wDAAwD;AAC/E,aAAO;AAAA,IACX;AAEA,QAAI,mBAAmB,KAAK,qBAAqB,eAAe;AAC5D,wBAAkB,UAAU,EAAE,gBAAgB,iBAAiB,GAAG,aAAa;AAAA,IACnF;AACA,SAAK,aAAa,KAAK,wDAAwD;AAC/E,WAAO,cAAc,CAAC;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,6BAA6B,UAAU,QAAQ;AAC3C,UAAM,MAAM,SAAS,YAAY;AACjC,QAAI,OAAO,YACP,IAAI,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,IAAI;AACnD,aAAO;AAAA,IACX;AAEA,QAAI,CAAC,OAAO,YACR,OAAO,YACP,IAAI,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,IAAI;AACnD,aAAO;AAAA,IACX;AACA,QAAI,OAAO,iBACP,IAAI,QAAQ,OAAO,cAAc,YAAY,CAAC,MAAM,IAAI;AACxD,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA,EAIA,yBAAyB,aAAa;AAClC,UAAM,oBAAoB;AAAA,MACtB;AAAA,MACA,UAAU,KAAK;AAAA,IACnB;AACA,UAAM,cAAc,KAAK,yBAAyB,iBAAiB;AACnE,UAAM,qBAAqB,OAAO,KAAK,WAAW,EAAE,IAAI,CAAC,QAAQ,YAAY,GAAG,CAAC;AACjF,UAAM,iBAAiB,mBAAmB;AAC1C,QAAI,iBAAiB,GAAG;AACpB,aAAO;AAAA,IACX,WACS,iBAAiB,GAAG;AACzB,YAAM,sBAAsB,2BAA2B;AAAA,IAC3D;AACA,WAAO,mBAAmB,CAAC;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBAAkB,aAAa;AAC3B,UAAM,cAAc,KAAK,yBAAyB,WAAW;AAC7D,WAAO,CAAC,EAAE,eAAe,YAAY,aAAa;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBAAmB,QAAQ,eAAe;AACtC,WAAO,CAAC,EAAE,OAAO,OAAO,kBAAkB,YACtC,kBAAkB,OAAO;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,mCAAmC,aAAa,gBAAgB;AAC5D,UAAM,wBAAwB,YAAY,OAAO,YAAY;AAC7D,WAAO,mBAAmB;AAAA,EAC9B;AAAA,EACA,qCAAqC,eAAe,gBAAgB;AAChE,WAAO,cAAc,mBAAmB;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,UAAU,QAAQC,OAAM;AACpB,WAAO,CAAC,EAAEA,MAAK,YAAY,MAAM,OAAO,MAAM,YAAY;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,cAAc,gBAAgB,gBAAgB;AAC1C,WAAO,CAAC,EAAE,kBACN,OAAO,mBAAmB,YAC1B,gBAAgB,YAAY,MAAM,eAAe,YAAY;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,uBAAuB,QAAQ,mBAAmB;AAC9C,WAAO,CAAC,EAAE,OAAO,qBACb,sBAAsB,OAAO;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,iBAAiB,QAAQ,aAAa;AAElC,QAAI,KAAK,wBAAwB;AAC7B,YAAM,gBAAgB,4BAA4B,KAAK,wBAAwB,KAAK,YAAY;AAChG,UAAI,cAAc,SAAS,WAAW,KAClC,cAAc,SAAS,OAAO,WAAW,GAAG;AAC5C,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,UAAM,gBAAgB,KAAK,4BAA4B,WAAW;AAClE,QAAI,iBACA,cAAc,QAAQ,QAAQ,OAAO,WAAW,IAAI,IAAI;AACxD,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBAAoB,QAAQ,gBAAgB;AACxC,WAAQ,OAAO,kBACX,eAAe,YAAY,MAAM,OAAO,eAAe,YAAY;AAAA,EAC3E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc,QAAQ,UAAU;AAC5B,WAAO,CAAC,EAAE,OAAO,YAAY,aAAa,OAAO;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc,QAAQ,UAAU;AAC5B,WAAO,CAAC,EAAE,OAAO,YAAY,aAAa,OAAO;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAW,QAAQ,OAAO;AACtB,WAAO,CAAC,EAAE,OAAO,OAAO,YAAY,MAAM,MAAM,YAAY;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,qBAAqB,QAAQ,iBAAiB;AAC1C,WAAO,CAAC,EAAE,OAAO,mBAAmB,oBAAoB,OAAO;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,8BAA8B,aAAa,WAAW;AAClD,QAAI,YAAY,eAAe,WAAW;AACtC,aAAO;AAAA,IACX;AACA,QAAI,YAAY,uBAAuB,WAAW;AAC9C,aAAO;AAAA,IACX;AACA,QAAI,YAAY,QAAQ,WAAW;AAC/B,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,SAAS,eAAe,KAAK;AACzB,WAAO,cAAc,QAAQ;AAAA,EACjC;AAAA,EACA,mBAAmB,QAAQ,eAAe;AACtC,WAAO,CAAC,EAAE,OAAO,iBACb,cAAc,YAAY,MAAM,OAAO,cAAc,YAAY;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,QAAQ,QAAQ;AACxB,UAAM,6BAA6B,OAAO,mBAAmB,eAAe,gBACxE,OAAO,mBACH,eAAe;AACvB,QAAI,8BAA8B,CAAC,OAAO,QAAQ;AAC9C,aAAO;AAAA,IACX;AACA,UAAM,iBAAiB,SAAS,WAAW,OAAO,MAAM;AACxD,WAAO,eAAe,iBAAiB,MAAM;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe,QAAQ,WAAW;AAC9B,WAAO,CAAC,EAAE,OAAO,aAAa,OAAO,cAAc;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAW,QAAQ,OAAO;AACtB,WAAO,CAAC,EAAE,OAAO,SAAS,OAAO,UAAU;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,KAAK;AACf,WAAO,IAAI,QAAQ,YAAY,MAAM;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,KAAK;AACrB,WAAO,IAAI,QAAQ,6BAA6B,SAAS,MAAM;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAIA,kCAAkC,WAAW;AACzC,WAAO,GAAG,6BAA6B,SAAS,IAAI,KAAK,QAAQ,IAAI,SAAS;AAAA,EAClF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,SAAS,KAAK,MAAM;AACvB,eAAW,gBAAgB,MAAM;AAC7B,UAAI,YAAY,IAAI,KAAK,YAAY;AAAA,IACzC;AACA,WAAO;AAAA,EACX;AACJ;AAEA,IAAM,sBAAN,cAAkC,aAAa;AAAA,EAC3C,aAAa;AACT,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,aAAa;AACT,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,yBAAyB;AACrB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,uBAAuB;AACnB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,uBAAuB;AACnB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,2BAA2B;AACvB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,2BAA2B;AACvB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,4BAA4B;AACxB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,4BAA4B;AACxB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,iBAAiB;AACb,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,iBAAiB;AACb,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,qBAAqB;AACjB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,qBAAqB;AACjB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,uBAAuB;AACnB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,uBAAuB;AACnB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,2BAA2B;AACvB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,qBAAqB;AACjB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,qBAAqB;AACjB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,aAAa;AACT,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,cAAc;AACV,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,UAAU;AACN,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,iBAAiB;AACb,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,eAAe;AACX,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACM,QAAQ;AAAA;AACV,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AAAA,EACA,2BAA2B;AACvB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AAAA,EACA,wBAAwB;AACpB,UAAM,sBAAsB,oBAAoB;AAAA,EACpD;AACJ;;;AChtCA,IAAM,mCAAmC;AACzC,IAAM,yBAAyB;AAAA,EAC3B,2BAA2B;AAAA,EAC3B,sBAAsB;AAC1B;AACA,IAAM,gCAAgC;AAAA,EAClC,gBAAgB,MAAM;AAAA,EAEtB;AAAA,EACA,mBAAmB;AAAA,EACnB,UAAU,SAAS;AAAA,EACnB,eAAe,UAAU;AAC7B;AACA,IAAM,wBAAwB;AAAA,EAC1B,2BAA2B;AAC/B;AACA,IAAM,iCAAiC;AAAA,EAC7B,sBAAsB;AAAA;AACxB,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AAAA,EACM,uBAAuB;AAAA;AACzB,YAAM,sBAAsB,oBAAoB;AAAA,IACpD;AAAA;AACJ;AACA,IAAM,uBAAuB;AAAA,EACzB,KAAK,UAAU;AAAA,EACf;AAAA,EACA,KAAK,UAAU;AAAA,EACf,IAAI,UAAU;AAClB;AACA,IAAM,6BAA6B;AAAA,EAC/B,cAAc,UAAU;AAAA,EACxB,iBAAiB;AACrB;AACA,IAAM,8BAA8B;AAAA,EAChC,oBAAoB,mBAAmB;AAAA,EACvC,QAAQ,GAAG,UAAU,qBAAqB;AAC9C;AACA,IAAM,4BAA4B;AAAA,EAC9B,aAAa;AAAA,IACT,SAAS;AAAA,IACT,YAAY;AAAA,EAChB;AACJ;AAQA,SAAS,yBAAyB,EAAE,aAAa,iBAAiB,eAAe,mBAAmB,eAAe,kBAAkB,cAAc,kBAAkB,kBAAkB,uBAAuB,kBAAkB,uBAAuB,iBAAiB,sBAAsB,mBAAsC,aAA0B,WAAsB,wBAAgD,mBAAsC,kBAAsC,GAAG;AAC/e,QAAM,gBAAgB,kCACf,gCACA;AAEP,SAAO;AAAA,IACH,aAAa,iBAAiB,eAAe;AAAA,IAC7C,eAAe,kCAAK,yBAA2B;AAAA,IAC/C;AAAA,IACA,cAAc,kCAAK,wBAA0B;AAAA,IAC7C,kBAAkB,yBACd,IAAI,oBAAoB,gBAAgB,UAAU,+BAA+B,IAAI,OAAO,aAAa,CAAC;AAAA,IAC9G,kBAAkB,yBAAyB;AAAA,IAC3C,iBAAiB,wBAAwB;AAAA,IACzC,mBAAmB,qBAAqB;AAAA,IACxC,aAAa,kCAAK,uBAAyB;AAAA,IAC3C,WAAW,kCAAK,4BAA8B;AAAA,IAC9C,wBAAwB,0BAA0B;AAAA,IAClD,mBAAmB,qBAAqB;AAAA,IACxC,mBAAmB,qBAAqB;AAAA,EAC5C;AACJ;AAKA,SAAS,iBAAiB,aAAa;AACnC,SAAO;AAAA,IACH,oBAAoB,CAAC;AAAA,IACrB,mBAAmB;AAAA,IACnB,4BAA4B;AAAA,KACzB;AAEX;AAKA,SAAS,mBAAmB,QAAQ;AAChC,SAAQ,OAAO,YAAY,UAAU,QAAQ,iBAAiB,aAAa;AAC/E;;;ACjGA,IAAM,cAAN,MAAM,qBAAoB,UAAU;AAAA,EAChC,YAAY,WAAW,cAAc,UAAU;AAC3C,UAAM,WAAW,cAAc,QAAQ;AACvC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,aAAY,SAAS;AAAA,EACrD;AACJ;;;ACPA,IAAM,kBAAN,MAAM,iBAAgB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKlB,OAAO,6BAA6B,YAAY;AAC5C,WAAO,GAAG,oBAAoB,iBAAiB,IAAI,KAAK,UAAU,UAAU,CAAC;AAAA,EACjF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,WAAW,cAAc,YAAY;AACxC,UAAM,MAAM,iBAAgB,6BAA6B,UAAU;AACnE,UAAM,QAAQ,aAAa,mBAAmB,GAAG;AACjD,QAAI,OAAO;AACP,UAAI,MAAM,eAAe,KAAK,IAAI,GAAG;AACjC,qBAAa,WAAW,GAAG;AAC3B;AAAA,MACJ;AACA,YAAM,IAAI,YAAY,MAAM,YAAY,KAAK,GAAG,KAAK,UAAU,cAAc,MAAM,cAAc,MAAM,QAAQ;AAAA,IACnH;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YAAY,cAAc,YAAY,UAAU;AACnD,QAAI,iBAAgB,oBAAoB,QAAQ,KAC5C,iBAAgB,2BAA2B,QAAQ,GAAG;AACtD,YAAM,kBAAkB;AAAA,QACpB,cAAc,iBAAgB,sBAAsB,SAAS,SAAS,QAAQ,YAAY,WAAW,CAAC,CAAC;AAAA,QACvG,OAAO,SAAS,KAAK;AAAA,QACrB,YAAY,SAAS,KAAK;AAAA,QAC1B,cAAc,SAAS,KAAK;AAAA,QAC5B,UAAU,SAAS,KAAK;AAAA,MAC5B;AACA,mBAAa,mBAAmB,iBAAgB,6BAA6B,UAAU,GAAG,eAAe;AAAA,IAC7G;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,oBAAoB,UAAU;AACjC,WAAQ,SAAS,WAAW,OACvB,SAAS,UAAU,OAAO,SAAS,SAAS;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,2BAA2B,UAAU;AACxC,QAAI,SAAS,SAAS;AAClB,aAAQ,SAAS,QAAQ,eAAe,YAAY,WAAW,MAC1D,SAAS,SAAS,OAAO,SAAS,UAAU;AAAA,IACrD;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,sBAAsB,cAAc;AACvC,UAAM,OAAO,gBAAgB,IAAI,IAAI;AACrC,UAAM,iBAAiB,KAAK,IAAI,IAAI;AACpC,WAAO,KAAK,MAAM,KAAK,IAAI,kBACtB,QAAQ,oBAAoB,gCAAgC,iBAC7D,oBAAoB,iCAAiC,IAAI,GAAI;AAAA,EACrE;AAAA,EACA,OAAO,eAAe,cAAc,UAAU,SAAS,uBAAuB;AAC1E,UAAM,aAAa;AAAA,MACf;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB,QAAQ,QAAQ;AAAA,MAChB;AAAA,MACA,QAAQ,QAAQ;AAAA,MAChB,sBAAsB,QAAQ;AAAA,MAC9B,uBAAuB,QAAQ;AAAA,MAC/B,oBAAoB,QAAQ;AAAA,MAC5B,WAAW,QAAQ;AAAA,MACnB,QAAQ,QAAQ;AAAA,IACpB;AACA,UAAM,MAAM,KAAK,6BAA6B,UAAU;AACxD,iBAAa,WAAW,GAAG;AAAA,EAC/B;AACJ;;;ACvFA,IAAM,iBAAN,MAAqB;AAAA,EACjB,YAAY,eAAe,cAAc;AACrC,SAAK,gBAAgB;AACrB,SAAK,eAAe;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOM,gBAAgB,YAAY,eAAe,SAAS;AAAA;AACtD,sBAAgB,WAAW,KAAK,cAAc,UAAU;AACxD,UAAI;AACJ,UAAI;AACA,mBAAW,MAAM,KAAK,cAAc,qBAAqB,eAAe,OAAO;AAAA,MACnF,SACO,GAAG;AACN,YAAI,aAAa,WAAW;AACxB,gBAAM;AAAA,QACV,OACK;AACD,gBAAM,sBAAsB,YAAY;AAAA,QAC5C;AAAA,MACJ;AACA,sBAAgB,YAAY,KAAK,cAAc,YAAY,QAAQ;AACnE,aAAO;AAAA,IACX;AAAA;AACJ;;;AClCA,IAAM,oBAAoB;AAAA,EACtB,iBAAiB;AAAA,EACjB,KAAK;AACT;;;ACTA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAAC;AAAA,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,IAAM,YAAY;AAClB,IAAM,eAAe;AACrB,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AACtB,IAAM,aAAa;AACnB,IAAM,SAAS;AACf,IAAM,QAAQ;AACd,IAAM,QAAQ;AACd,IAAM,oBAAoB;AAC1B,IAAM,eAAe;AACrB,IAAM,WAAW;AACjB,IAAM,gBAAgB;AACtB,IAAM,aAAa;AACnB,IAAM,2BAA2B;AACjC,IAAM,QAAQ;AACd,IAAM,QAAQ;AACd,IAAM,SAAS;AACf,IAAM,gBAAgB;AACtB,IAAMA,eAAc;AACpB,IAAM,OAAO;AACb,IAAM,iBAAiB;AACvB,IAAM,wBAAwB;AAC9B,IAAM,gBAAgB;AACtB,IAAM,oBAAoB;AAC1B,IAAM,eAAe;AACrB,IAAM,eAAe;AACrB,IAAM,cAAc;AACpB,IAAM,eAAe;AACrB,IAAM,sBAAsB;AAC5B,IAAM,sBAAsB;AAC5B,IAAM,sBAAsB;AAC5B,IAAM,aAAa;AACnB,IAAM,YAAY;AAClB,IAAM,kBAAkB;AACxB,IAAM,gBAAgB;AACtB,IAAM,cAAc;AACpB,IAAM,gBAAgB;AACtB,IAAM,mBAAmB;AACzB,IAAM,wBAAwB;AAC9B,IAAM,aAAa;AACnB,IAAM,UAAU;AAChB,IAAM,gBAAgB;AACtB,IAAM,sBAAsB;AAC5B,IAAM,eAAe;AACrB,IAAM,OAAO;AACb,IAAM,aAAa;AACnB,IAAM,kBAAkB;AACxB,IAAM,gBAAgB;AACtB,IAAM,cAAc;AACpB,IAAM,MAAM;AACZ,IAAM,aAAa;AACnB,IAAM,cAAc;;;AC5CpB,IAAM,mBAAN,MAAuB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKnB,OAAO,oBAAoB,aAAa;AACpC,QAAI,CAAC,aAAa;AACd,YAAM,+BAA+B,gBAAgB;AAAA,IACzD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,eAAe,QAAQ;AAC1B,UAAM,eAAe,CAAC;AACtB,eAAW,SAAS,aAAa;AAC7B,mBAAa,KAAK,YAAY,KAAK,CAAC;AAAA,IACxC;AACA,QAAI,aAAa,QAAQ,MAAM,IAAI,GAAG;AAClC,YAAM,+BAA+B,kBAAkB;AAAA,IAC3D;AAAA,EACJ;AAAA,EACA,OAAO,eAAe,QAAQ;AAC1B,QAAI;AACA,WAAK,MAAM,MAAM;AAAA,IACrB,SACO,GAAG;AACN,YAAM,+BAA+B,aAAa;AAAA,IACtD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,4BAA4B,eAAe,qBAAqB;AACnE,QAAI,CAAC,iBAAiB,CAAC,qBAAqB;AACxC,YAAM,+BAA+B,iBAAiB;AAAA,IAC1D,OACK;AACD,WAAK,4BAA4B,mBAAmB;AAAA,IACxD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,4BAA4B,qBAAqB;AACpD,QAAI;AAAA,MACA,0BAA0B;AAAA,MAC1B,0BAA0B;AAAA,IAC9B,EAAE,QAAQ,mBAAmB,IAAI,GAAG;AAChC,YAAM,+BAA+B,0BAA0B;AAAA,IACnE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,iBAAiB,UAAU,aAAa;AAC3C,QAAI,CAAC,UAAU;AACX,aAAO,CAAC;AAAA,IACZ;AAEA,gBAAY,QAAQ,CAAC,QAAQ,QAAQ;AACjC,UAAI,SAAS,GAAG,GAAG;AACf,eAAO,SAAS,GAAG;AAAA,MACvB;AAAA,IACJ,CAAC;AAED,WAAO,OAAO,YAAY,OAAO,QAAQ,QAAQ,EAAE,OAAO,CAAC,OAAO,GAAG,CAAC,MAAM,EAAE,CAAC;AAAA,EACnF;AACJ;;;ACxEA,IAAM,0BAAN,MAA8B;AAAA,EAC1B,cAAc;AACV,SAAK,aAAa,oBAAI,IAAI;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAIA,sBAAsB;AAClB,SAAK,WAAW,IAAI,eAAe,mBAAmB,UAAU,kBAAkB,CAAC;AAAA,EACvF;AAAA;AAAA;AAAA;AAAA,EAIA,oCAAoC;AAChC,SAAK,WAAW,IAAI,eAAe,mBAAmB,GAAG,UAAU,mBAAmB,IAAI,UAAU,sBAAsB,EAAE,CAAC;AAAA,EACjI;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB,cAAc;AAC1B,SAAK,WAAW,IAAI,eAAe,mBAAmB,eAAe,eAAe,aAAa,KAAK,CAAC;AAAA,EAC3G;AAAA;AAAA;AAAA;AAAA,EAIA,kBAAkB;AACd,SAAK,WAAW,IAAI,eAAe,mBAAmB,GAAG,CAAC;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAU,QAAQ,gBAAgB,MAAM,gBAAgB,qBAAqB;AAEzE,QAAI,iBACA,CAAC,cAAc,SAAS,QAAQ,KAChC,CAAC,OAAO,SAAS,QAAQ,GAAG;AAC5B,oBAAc,KAAK,QAAQ;AAAA,IAC/B;AACA,UAAM,gBAAgB,gBAChB,CAAC,GAAI,UAAU,CAAC,GAAI,GAAG,aAAa,IACpC,UAAU,CAAC;AACjB,UAAM,WAAW,IAAI,SAAS,aAAa;AAC3C,SAAK,WAAW,IAAI,OAAO,mBAAmB,SAAS,YAAY,CAAC,CAAC;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,UAAU;AAClB,SAAK,WAAW,IAAI,WAAW,mBAAmB,QAAQ,CAAC;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,aAAa;AACxB,qBAAiB,oBAAoB,WAAW;AAChD,SAAK,WAAW,IAAI,cAAc,mBAAmB,WAAW,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,yBAAyB,aAAa;AAClC,qBAAiB,oBAAoB,WAAW;AAChD,SAAK,WAAW,IAAI,iBAAiB,mBAAmB,WAAW,CAAC;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,aAAa;AACxB,SAAK,WAAW,IAAI,eAAe,mBAAmB,WAAW,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,YAAY;AACtB,SAAK,WAAW,IAAI,aAAa,mBAAmB,UAAU,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,WAAW;AACpB,SAAK,WAAW,IAAI,YAAY,mBAAmB,SAAS,CAAC;AAAA,EACjE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,WAAW;AACjB,SAAK,WAAW,IAAI,YAAY,YAAY,mBAAmB,OAAO,SAAS,EAAE,CAAC;AAAA,EACtF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,YAAY;AAClB,SAAK,WAAW,IAAI,YAAY,YAAY,mBAAmB,OAAO,WAAW,GAAG,IAAI,WAAW,IAAI,EAAE,CAAC;AAAA,EAC9G;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAK;AACR,SAAK,WAAW,IAAI,KAAK,mBAAmB,GAAG,CAAC;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,QAAQ,oBAAoB;AAClC,UAAM,eAAe,KAAK,8BAA8B,QAAQ,kBAAkB;AAClF,qBAAiB,eAAe,YAAY;AAC5C,SAAK,WAAW,IAAI,QAAQ,mBAAmB,YAAY,CAAC;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,iBAAiB,eAAe;AAC5B,SAAK,WAAW,IAAI,mBAAmB,mBAAmB,aAAa,CAAC;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,aAAa;AAExB,SAAK,WAAW,IAAI,cAAc,YAAY,GAAG;AACjD,SAAK,WAAW,IAAI,cAAc,YAAY,OAAO;AACrD,QAAI,YAAY,IAAI;AAChB,WAAK,WAAW,IAAI,aAAa,YAAY,EAAE;AAAA,IACnD;AACA,QAAI,YAAY,KAAK;AACjB,WAAK,WAAW,IAAI,cAAc,YAAY,GAAG;AAAA,IACrD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,wBAAwB,cAAc;AAClC,QAAI,cAAc,SAAS;AACvB,WAAK,WAAW,IAAI,YAAY,aAAa,OAAO;AAAA,IACxD;AACA,QAAI,cAAc,YAAY;AAC1B,WAAK,WAAW,IAAI,WAAW,aAAa,UAAU;AAAA,IAC1D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,QAAQ;AACd,qBAAiB,eAAe,MAAM;AACtC,SAAK,WAAW,IAAI,GAAG,MAAM,IAAI,mBAAmB,MAAM,CAAC;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,OAAO;AACZ,QAAI,OAAO;AACP,WAAK,WAAW,IAAI,OAAO,mBAAmB,KAAK,CAAC;AAAA,IACxD;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,OAAO;AACZ,SAAK,WAAW,IAAI,OAAO,mBAAmB,KAAK,CAAC;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,uBAAuB,eAAe,qBAAqB;AACvD,qBAAiB,4BAA4B,eAAe,mBAAmB;AAC/E,QAAI,iBAAiB,qBAAqB;AACtC,WAAK,WAAW,IAAI,gBAAgB,mBAAmB,aAAa,CAAC;AACrE,WAAK,WAAW,IAAI,uBAAuB,mBAAmB,mBAAmB,CAAC;AAAA,IACtF,OACK;AACD,YAAM,+BAA+B,iBAAiB;AAAA,IAC1D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,qBAAqB,MAAM;AACvB,SAAK,WAAW,IAAI,MAAM,mBAAmB,IAAI,CAAC;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,MAAM;AAChB,SAAK,WAAW,IAAI,aAAa,mBAAmB,IAAI,CAAC;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB,cAAc;AAC1B,SAAK,WAAW,IAAI,eAAe,mBAAmB,YAAY,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB,cAAc;AAC1B,SAAK,WAAW,IAAI,eAAe,mBAAmB,YAAY,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB,cAAc;AAC1B,SAAK,WAAW,IAAI,eAAe,mBAAmB,YAAY,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,iBAAiB;AAChC,QAAI,iBAAiB;AACjB,WAAK,WAAW,IAAI,kBAAkB,mBAAmB,eAAe,CAAC;AAAA,IAC7E;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,uBAAuB,qBAAqB;AACxC,QAAI,qBAAqB;AACrB,WAAK,WAAW,IAAI,uBAAuB,mBAAmB,mBAAmB,CAAC;AAAA,IACtF;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB,cAAc;AAC1B,SAAK,WAAW,IAAI,eAAe,mBAAmB,YAAY,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,UAAU;AACzB,SAAK,WAAW,IAAI,qBAAqB,mBAAmB,QAAQ,CAAC;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,WAAW;AACpB,SAAK,WAAW,IAAI,YAAY,mBAAmB,SAAS,CAAC;AAAA,EACjE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB;AACZ,SAAK,WAAW,IAAI,aAAa,GAAG;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,wBAAwB,UAAU;AAC9B,UAAM,oBAAoB,iBAAiB,iBAAiB,UAAU,KAAK,UAAU;AACrF,WAAO,KAAK,iBAAiB,EAAE,QAAQ,CAAC,QAAQ;AAC5C,WAAK,WAAW,IAAI,KAAK,SAAS,GAAG,CAAC;AAAA,IAC1C,CAAC;AAAA,EACL;AAAA,EACA,8BAA8B,QAAQ,oBAAoB;AACtD,QAAI;AAEJ,QAAI,CAAC,QAAQ;AACT,qBAAe,CAAC;AAAA,IACpB,OACK;AACD,UAAI;AACA,uBAAe,KAAK,MAAM,MAAM;AAAA,MACpC,SACO,GAAG;AACN,cAAM,+BAA+B,aAAa;AAAA,MACtD;AAAA,IACJ;AACA,QAAI,sBAAsB,mBAAmB,SAAS,GAAG;AACrD,UAAI,CAAC,aAAa,eAAe,kBAAkB,YAAY,GAAG;AAE9D,qBAAa,kBAAkB,YAAY,IAAI,CAAC;AAAA,MACpD;AAEA,mBAAa,kBAAkB,YAAY,EAAE,kBAAkB,MAAM,IAAI;AAAA,QACrE,QAAQ;AAAA,MACZ;AAAA,IACJ;AACA,WAAO,KAAK,UAAU,YAAY;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,UAAU;AAClB,SAAK,WAAW,IAAI,uBAAuB,UAAU,mBAAmB,QAAQ,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,UAAU;AAClB,SAAK,WAAW,IAAI,uBAAuB,UAAU,mBAAmB,QAAQ,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,WAAW;AACnB,QAAI,WAAW;AACX,WAAK,WAAW,IAAI,YAAY,qBAAqB,GAAG;AACxD,WAAK,WAAW,IAAI,SAAS,mBAAmB,SAAS,CAAC;AAAA,IAC9D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,UAAU,cAAc;AACpB,QAAI,cAAc;AACd,WAAK,WAAW,IAAI,YAAY,qBAAqB,GAAG;AACxD,WAAK,WAAW,IAAI,SAAS,mBAAmB,YAAY,CAAC;AAAA,IACjE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,wBAAwB;AACvC,SAAK,WAAW,IAAI,qBAAqB,uBAAuB,kCAAkC,CAAC;AACnG,SAAK,WAAW,IAAI,qBAAqB,uBAAuB,+BAA+B,CAAC;AAAA,EACpG;AAAA;AAAA;AAAA;AAAA,EAIA,gBAAgB;AACZ,SAAK,WAAW,IAAI,qBAAqB,oBAAoB,yBAAyB;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA,EAIA,cAAc,YAAY;AACtB,SAAK,WAAW,IAAI,aAAa,mBAAmB,UAAU,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAIA,oBAAoB;AAChB,UAAM,sBAAsB,IAAI,MAAM;AACtC,SAAK,WAAW,QAAQ,CAAC,OAAO,QAAQ;AACpC,0BAAoB,KAAK,GAAG,GAAG,IAAI,KAAK,EAAE;AAAA,IAC9C,CAAC;AACD,WAAO,oBAAoB,KAAK,GAAG;AAAA,EACvC;AACJ;;;ACrYA;AAAA;AAAA;AAAA;AAuBA,SAAe,yBAAyB,cAAc,eAAe,cAAc,kBAAkB,QAAQ,eAAe,mBAAmB;AAAA;AAC3I,uBAAmB,oBAAoB,kBAAkB,0CAA0C,aAAa;AAChH,UAAM,oBAAoB,UAAU,uBAAuB,mBAAmB,YAAY,CAAC;AAE3F,UAAM,wBAAwB,IAAI,UAAU,mBAAmB,eAAe,cAAc,kBAAkB,QAAQ,eAAe,iBAAiB;AACtJ,QAAI;AACA,YAAM,YAAY,sBAAsB,sBAAsB,KAAK,qBAAqB,GAAG,kBAAkB,gCAAgC,QAAQ,mBAAmB,aAAa,EAAE;AACvL,aAAO;AAAA,IACX,SACO,GAAG;AACN,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AAAA,EACJ;AAAA;;;ACdA,IAAM,aAAN,MAAiB;AAAA,EACb,YAAY,eAAe,mBAAmB;AAE1C,SAAK,SAAS,yBAAyB,aAAa;AAEpD,SAAK,SAAS,IAAI,OAAO,KAAK,OAAO,eAAe,MAAM,OAAO;AAEjE,SAAK,cAAc,KAAK,OAAO;AAE/B,SAAK,eAAe,KAAK,OAAO;AAEhC,SAAK,gBAAgB,KAAK,OAAO;AAEjC,SAAK,iBAAiB,IAAI,eAAe,KAAK,eAAe,KAAK,YAAY;AAE9E,SAAK,yBAAyB,KAAK,OAAO;AAE1C,SAAK,YAAY,KAAK,OAAO,YAAY;AAEzC,SAAK,oBAAoB;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAIA,0BAA0B,SAAS;AAC/B,UAAM,UAAU,CAAC;AACjB,YAAQ,YAAY,YAAY,IAAI,UAAU;AAC9C,QAAI,CAAC,KAAK,OAAO,cAAc,wBAAwB,SAAS;AAC5D,cAAQ,QAAQ,MAAM;AAAA,QAClB,KAAK,kBAAkB;AACnB,cAAI;AACA,kBAAM,aAAa,iCAAiC,QAAQ,UAAU;AACtE,oBAAQ,YAAY,UAAU,IAAI,OAAO,WAAW,GAAG,IAAI,WAAW,IAAI;AAAA,UAC9E,SACO,GAAG;AACN,iBAAK,OAAO,QAAQ,qDAChB,CAAC;AAAA,UACT;AACA;AAAA,QACJ,KAAK,kBAAkB;AACnB,kBAAQ,YAAY,UAAU,IAAI,QAAQ,QAAQ,UAAU;AAC5D;AAAA,MACR;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQM,2BAA2B,eAAe,aAAa,SAAS,YAAY,eAAe,aAAa;AAAA;AAC1G,UAAI,aAAa;AACb,aAAK,mBAAmB,oBAAoB,aAAa,aAAa;AAAA,MAC1E;AACA,YAAM,WAAW,MAAM,KAAK,eAAe,gBAAgB,YAAY,eAAe,EAAE,MAAM,aAAa,QAAiB,CAAC;AAC7H,WAAK,mBAAmB,UAAU;AAAA,QAC9B,kBAAkB,SAAS,KAAK,eAAe,UAAU;AAAA,QACzD,cAAc,SAAS,UAAU,YAAY,iBAAiB,KAAK;AAAA,MACvE,GAAG,aAAa;AAChB,UAAI,KAAK,OAAO,0BACZ,SAAS,SAAS,OAClB,SAAS,WAAW,KAAK;AAEzB,aAAK,OAAO,uBAAuB,oBAAoB;AAAA,MAC3D;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,gBAAgB,uBAAuB,eAAe;AAAA;AACxD,WAAK,mBAAmB,oBAAoB,kBAAkB,8BAA8B,aAAa;AACzG,YAAM,4BAA4B,WAAW,qBAAqB,IAAI,KAAK,UAAU,MAAM;AAC3F,YAAM,yBAAyB,MAAM,yBAAyB,2BAA2B,KAAK,eAAe,KAAK,cAAc,KAAK,UAAU,SAAS,KAAK,QAAQ,eAAe,KAAK,iBAAiB;AAC1M,WAAK,YAAY;AAAA,IACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,2BAA2B,SAAS;AAChC,UAAM,mBAAmB,IAAI,wBAAwB;AACrD,QAAI,QAAQ,sBAAsB;AAC9B,uBAAiB,wBAAwB,QAAQ,oBAAoB;AAAA,IACzE;AACA,WAAO,iBAAiB,kBAAkB;AAAA,EAC9C;AACJ;;;ACzGA,IAAM,cAAN,MAAkB;AAAA,EACd,YAAY,eAAe,eAAe,mBAAmB,oBAAoB,mBAAmB;AAChG,SAAK,UAAU,iBAAiB;AAChC,SAAK,UAAU,iBAAiB;AAChC,SAAK,cAAc,qBAAqB;AACxC,SAAK,eAAe,sBAAsB;AAC1C,SAAK,cAAc,qBAAqB;AAAA,EAC5C;AACJ;;;ACFA,IAAM,gBAAN,MAAM,eAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMhB,OAAO,gBAAgB,WAAW,WAAW,MAAM;AAC/C,UAAM,eAAe,eAAc,qBAAqB,WAAW,IAAI;AACvE,WAAO,YACD,GAAG,YAAY,GAAG,UAAU,cAAc,GAAG,SAAS,KACtD;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,qBAAqB,WAAW,MAAM;AACzC,QAAI,CAAC,WAAW;AACZ,YAAM,sBAAsB,cAAc;AAAA,IAC9C;AAEA,UAAM,WAAW;AAAA,MACb,IAAI,UAAU,cAAc;AAAA,IAChC;AACA,QAAI,MAAM;AACN,eAAS,OAAO;AAAA,IACpB;AACA,UAAM,cAAc,KAAK,UAAU,QAAQ;AAC3C,WAAO,UAAU,aAAa,WAAW;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,kBAAkB,WAAW,OAAO;AACvC,QAAI,CAAC,WAAW;AACZ,YAAM,sBAAsB,cAAc;AAAA,IAC9C;AACA,QAAI,CAAC,OAAO;AACR,YAAM,sBAAsB,YAAY;AAAA,IAC5C;AACA,QAAI;AAEA,YAAM,aAAa,MAAM,MAAM,UAAU,cAAc;AACvD,YAAM,eAAe,WAAW,CAAC;AACjC,YAAM,YAAY,WAAW,SAAS,IAChC,WAAW,MAAM,CAAC,EAAE,KAAK,UAAU,cAAc,IACjD,UAAU;AAChB,YAAM,qBAAqB,UAAU,aAAa,YAAY;AAC9D,YAAM,kBAAkB,KAAK,MAAM,kBAAkB;AACrD,aAAO;AAAA,QACH,kBAAkB,aAAa,UAAU;AAAA,QACzC,cAAc;AAAA,MAClB;AAAA,IACJ,SACO,GAAG;AACN,YAAM,sBAAsB,YAAY;AAAA,IAC5C;AAAA,EACJ;AACJ;;;AC/DA,IAAM,cAAc;AAAA,EAChB,IAAI;AAAA,EACJ,KAAK;AACT;AAEA,IAAM,oBAAN,MAAwB;AAAA,EACpB,YAAY,aAAa,mBAAmB;AACxC,SAAK,cAAc;AACnB,SAAK,oBAAoB;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOM,YAAY,SAAS,QAAQ;AAAA;AAC/B,WAAK,mBAAmB,oBAAoB,kBAAkB,qBAAqB,QAAQ,aAAa;AACxG,YAAM,SAAS,MAAM,YAAY,KAAK,YAAY,KAAK,IAAI,GAAG,kBAAkB,qBAAqB,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,OAAO;AACnK,YAAM,eAAe,KAAK,YAAY,aAAa,KAAK,UAAU,MAAM,CAAC;AACzE,aAAO;AAAA,QACH,KAAK,OAAO;AAAA,QACZ;AAAA,QACA,YAAY,MAAM,KAAK,YAAY,WAAW,YAAY;AAAA,MAC9D;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,YAAY,SAAS;AAAA;AACvB,WAAK,mBAAmB,oBAAoB,kBAAkB,qBAAqB,QAAQ,aAAa;AACxG,YAAM,gBAAgB,MAAM,KAAK,YAAY,uBAAuB,OAAO;AAC3E,aAAO;AAAA,QACH,KAAK;AAAA,QACL,SAAS,YAAY;AAAA,MACzB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOM,aAAa,aAAa,OAAO,SAAS;AAAA;AAC5C,aAAO,KAAK,YAAY,aAAa,OAAO,OAAO;AAAA,IACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASM,YAAY,SAAS,OAAO,SAAS,QAAQ;AAAA;AAE/C,YAAM,EAAE,uBAAuB,oBAAoB,WAAW,UAAU,WAAY,IAAI;AACxF,YAAM,oBAAoB,qBACpB,IAAI,UAAU,kBAAkB,IAChC;AACN,YAAM,wBAAwB,mBAAmB,iBAAiB;AAClE,aAAO,KAAK,YAAY,QAAQ;AAAA,QAC5B,IAAI;AAAA,QACJ,IAAI,WAAW;AAAA,QACf,GAAG,uBAAuB,YAAY;AAAA,QACtC,GAAG,uBAAuB;AAAA,QAC1B,OAAO,YAAY,KAAK,YAAY,cAAc;AAAA,QAClD,GAAG,uBAAuB;AAAA,QAC1B,GAAG,uBAAuB,cACpB,CAAC,CAAC,GAAG,sBAAsB,WAAW,IACtC;AAAA,QACN,eAAe,aAAa;AAAA,SACzB,SACJ,OAAO,YAAY,QAAQ,aAAa;AAAA,IAC/C;AAAA;AACJ;;;AC/EI,IAAM,oBAAN,MAAwB;AAAA,EACxB,YAAY,YAAY,YAAY;AAChC,SAAK,QAAQ;AACb,SAAK,aAAa;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,kBAAkB;AAClB,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,aAAa;AACb,WAAO,KAAK;AAAA,EAChB;AACJ;;;ACCA,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EAClB,YAAY,UAAU,cAAc,WAAW,QAAQ,mBAAmB,mBAAmB,mBAAmB;AAC5G,SAAK,WAAW;AAChB,SAAK,eAAe;AACpB,SAAK,YAAY;AACjB,SAAK,SAAS;AACd,SAAK,oBAAoB;AACzB,SAAK,oBAAoB;AACzB,SAAK,oBAAoB;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,wCAAwC,gBAAgB,cAAc;AAClE,QAAI,CAAC,eAAe,SAAS,CAAC,cAAc;AACxC,YAAM,eAAe,QACf,sBAAsB,eAAe,cAAc,IACnD,sBAAsB,eAAe,cAAc;AAAA,IAC7D;AACA,QAAI;AACJ,QAAI;AACJ,QAAI;AACA,mCAA6B,mBAAmB,eAAe,KAAK;AAAA,IACxE,SACO,GAAG;AACN,YAAM,sBAAsB,cAAc,eAAe,KAAK;AAAA,IAClE;AACA,QAAI;AACA,4BAAsB,mBAAmB,YAAY;AAAA,IACzD,SACO,GAAG;AACN,YAAM,sBAAsB,cAAc,eAAe,KAAK;AAAA,IAClE;AACA,QAAI,+BAA+B,qBAAqB;AACpD,YAAM,sBAAsB,aAAa;AAAA,IAC7C;AAEA,QAAI,eAAe,SACf,eAAe,qBACf,eAAe,UAAU;AACzB,UAAI,2BAA2B,eAAe,OAAO,eAAe,mBAAmB,eAAe,QAAQ,GAAG;AAC7G,cAAM,IAAI,6BAA6B,eAAe,SAAS,IAAI,eAAe,mBAAmB,eAAe,UAAU,eAAe,aAAa,IAAI,eAAe,YAAY,IAAI,eAAe,kBAAkB,IAAI,eAAe,UAAU,EAAE;AAAA,MACjQ;AACA,YAAM,IAAI,YAAY,eAAe,SAAS,IAAI,eAAe,mBAAmB,eAAe,QAAQ;AAAA,IAC/G;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBAAsB,gBAAgB,oBAAoB;AAEtD,QAAI,eAAe,SACf,eAAe,qBACf,eAAe,UAAU;AACzB,YAAM,YAAY,GAAG,eAAe,WAAW,OAAO,eAAe,SAAS,MAAM,eAAe,iBAAiB,sBAAsB,eAAe,cAAc,gBAAgB,eAAe,QAAQ;AAC9M,YAAM,cAAc,IAAI,YAAY,eAAe,OAAO,WAAW,eAAe,QAAQ;AAE5F,UAAI,sBACA,eAAe,UACf,eAAe,UAAU,WAAW,4BACpC,eAAe,UAAU,WAAW,wBAAwB;AAC5D,aAAK,OAAO,QAAQ;AAAA,EAA6H,WAAW,EAAE;AAE9J;AAAA,MAEJ,WACS,sBACL,eAAe,UACf,eAAe,UAAU,WAAW,4BACpC,eAAe,UAAU,WAAW,wBAAwB;AAC5D,aAAK,OAAO,QAAQ;AAAA,EAAsH,WAAW,EAAE;AAEvJ;AAAA,MACJ;AACA,UAAI,2BAA2B,eAAe,OAAO,eAAe,mBAAmB,eAAe,QAAQ,GAAG;AAC7G,cAAM,IAAI,6BAA6B,eAAe,OAAO,eAAe,mBAAmB,eAAe,UAAU,eAAe,aAAa,UAAU,cAAc,eAAe,YAAY,UAAU,cAAc,eAAe,kBAAkB,UAAU,cAAc,eAAe,UAAU,UAAU,YAAY;AAAA,MAC3U;AACA,YAAM;AAAA,IACV;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,0BAA0B,qBAAqB,WAAW,cAAc,SAAS,iBAAiB,mBAAmB,8BAA8B,gCAAgC,iBAAiB;AAAA;AACtM,WAAK,mBAAmB,oBAAoB,kBAAkB,2BAA2B,oBAAoB,cAAc;AAE3H,UAAI;AACJ,UAAI,oBAAoB,UAAU;AAC9B,wBAAgB,mBAAmB,oBAAoB,YAAY,UAAU,cAAc,KAAK,UAAU,YAAY;AAEtH,YAAI,mBAAmB,gBAAgB,OAAO;AAC1C,cAAI,cAAc,UAAU,gBAAgB,OAAO;AAC/C,kBAAM,sBAAsB,aAAa;AAAA,UAC7C;AAAA,QACJ;AAEA,YAAI,QAAQ,UAAU,QAAQ,WAAW,GAAG;AACxC,gBAAM,WAAW,cAAc;AAC/B,cAAI,CAAC,UAAU;AACX,kBAAM,sBAAsB,gBAAgB;AAAA,UAChD;AACA,sBAAY,UAAU,QAAQ,MAAM;AAAA,QACxC;AAAA,MACJ;AAEA,WAAK,wBAAwB,cAAc,sBAAsB,oBAAoB,eAAe,UAAU,cAAc,UAAU,eAAe,KAAK,QAAQ,KAAK,WAAW,aAAa;AAE/L,UAAI;AACJ,UAAI,CAAC,CAAC,mBAAmB,CAAC,CAAC,gBAAgB,OAAO;AAC9C,0BAAkB,cAAc,kBAAkB,KAAK,WAAW,gBAAgB,KAAK;AAAA,MAC3F;AAEA,0BAAoB,SAChB,oBAAoB,UAAU,QAAQ,UAAU;AACpD,YAAM,cAAc,KAAK,oBAAoB,qBAAqB,WAAW,cAAc,SAAS,eAAe,mBAAmB,eAAe;AACrJ,UAAI;AACJ,UAAI;AACA,YAAI,KAAK,qBAAqB,KAAK,mBAAmB;AAClD,eAAK,OAAO,QAAQ,gDAAgD;AACpE,yBAAe,IAAI,kBAAkB,KAAK,mBAAmB,IAAI;AACjE,gBAAM,KAAK,kBAAkB,kBAAkB,YAAY;AAAA,QAC/D;AAOA,YAAI,gCACA,CAAC,kCACD,YAAY,SAAS;AACrB,gBAAM,MAAM,YAAY,QAAQ,mBAAmB;AACnD,gBAAM,UAAU,KAAK,aAAa,WAAW,KAAK,KAAK,MAAM;AAC7D,cAAI,CAAC,SAAS;AACV,iBAAK,OAAO,QAAQ,qGAAqG;AACzH,mBAAO,MAAM,iBAAgB,6BAA6B,KAAK,WAAW,WAAW,aAAa,OAAO,SAAS,eAAe,iBAAiB,QAAW,eAAe;AAAA,UAChL;AAAA,QACJ;AACA,cAAM,KAAK,aAAa,gBAAgB,aAAa,QAAQ,YAAY;AAAA,MAC7E,UACA;AACI,YAAI,KAAK,qBACL,KAAK,qBACL,cAAc;AACd,eAAK,OAAO,QAAQ,+CAA+C;AACnE,gBAAM,KAAK,kBAAkB,iBAAiB,YAAY;AAAA,QAC9D;AAAA,MACJ;AACA,aAAO,iBAAgB,6BAA6B,KAAK,WAAW,WAAW,aAAa,OAAO,SAAS,eAAe,iBAAiB,qBAAqB,eAAe;AAAA,IACpL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,oBAAoB,qBAAqB,WAAW,cAAc,SAAS,eAAe,mBAAmB,iBAAiB;AAC1H,UAAM,MAAM,UAAU,kBAAkB;AACxC,QAAI,CAAC,KAAK;AACN,YAAM,sBAAsB,uBAAuB;AAAA,IACvD;AACA,UAAM,iBAAiB,6BAA6B,aAAa;AAEjE,QAAI;AACJ,QAAI;AACJ,QAAI,oBAAoB,YAAY,CAAC,CAAC,eAAe;AACjD,sBAAgB,oBAAoB,KAAK,uBAAuB,KAAK,oBAAoB,UAAU,KAAK,UAAU,kBAAkB,EAAE;AACtI,sBAAgB;AAAA,QAAoB,KAAK;AAAA,QAAc;AAAA,QAAW,KAAK;AAAA,QAAuB;AAAA,QAAe,KAAK,UAAU;AAAA,QAAc,oBAAoB;AAAA,QAAa;AAAA,QAAK;AAAA,QAAgB;AAAA,QAAiB;AAAA;AAAA,QACjN,KAAK;AAAA,MAAM;AAAA,IACf;AAEA,QAAI,oBAAoB;AACxB,QAAI,oBAAoB,cAAc;AAElC,YAAM,iBAAiB,oBAAoB,QACrC,SAAS,WAAW,oBAAoB,KAAK,IAC7C,IAAI,SAAS,QAAQ,UAAU,CAAC,CAAC;AAKvC,YAAM,aAAa,OAAO,oBAAoB,eAAe,WACvD,SAAS,oBAAoB,YAAY,EAAE,IAC3C,oBAAoB,eAAe;AACzC,YAAM,gBAAgB,OAAO,oBAAoB,mBAAmB,WAC9D,SAAS,oBAAoB,gBAAgB,EAAE,IAC/C,oBAAoB,mBAAmB;AAC7C,YAAM,aAAa,OAAO,oBAAoB,eAAe,WACvD,SAAS,oBAAoB,YAAY,EAAE,IAC3C,oBAAoB,eAAe;AACzC,YAAM,yBAAyB,eAAe;AAC9C,YAAM,iCAAiC,yBAAyB;AAChE,YAAM,mBAAmB,aAAa,YAAY,IAC5C,eAAe,YACf;AAEN,0BAAoB,wBAAwB,KAAK,uBAAuB,KAAK,oBAAoB,cAAc,KAAK,UAAU,kBAAkB,UAAU,UAAU,IAAI,eAAe,YAAY,GAAG,wBAAwB,gCAAgC,KAAK,UAAU,cAAc,kBAAkB,oBAAoB,YAAY,mBAAmB,oBAAoB,QAAQ,QAAQ,QAAQ,QAAQ,mBAAmB;AAAA,IAC3a;AAEA,QAAI,qBAAqB;AACzB,QAAI,oBAAoB,eAAe;AACnC,UAAI;AACJ,UAAI,oBAAoB,0BAA0B;AAC9C,cAAM,cAAc,OAAO,oBAAoB,6BAC3C,WACE,SAAS,oBAAoB,0BAA0B,EAAE,IACzD,oBAAoB;AAC1B,sBAAc,eAAe;AAAA,MACjC;AACA,2BAAqB,yBAAyB,KAAK,uBAAuB,KAAK,oBAAoB,eAAe,KAAK,UAAU,oBAAoB,MAAM,mBAAmB,WAAW;AAAA,IAC7L;AAEA,QAAI,oBAAoB;AACxB,QAAI,oBAAoB,MAAM;AAC1B,0BAAoB;AAAA,QAChB,UAAU,KAAK;AAAA,QACf,aAAa;AAAA,QACb,UAAU,oBAAoB;AAAA,MAClC;AAAA,IACJ;AACA,WAAO,IAAI,YAAY,eAAe,eAAe,mBAAmB,oBAAoB,iBAAiB;AAAA,EACjH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAa,6BAA6B,WAAW,WAAW,aAAa,gBAAgB,SAAS,eAAe,cAAc,qBAAqB,WAAW;AAAA;AAC/J,UAAI,cAAc,UAAU;AAC5B,UAAI,iBAAiB,CAAC;AACtB,UAAI,YAAY;AAChB,UAAI;AACJ,UAAI;AACJ,UAAI,WAAW,UAAU;AACzB,UAAI,YAAY,aAAa;AACzB,YAAI,YAAY,YAAY,cAAc,qBAAqB,KAAK;AAChE,gBAAM,oBAAoB,IAAI,kBAAkB,SAAS;AACzD,gBAAM,EAAE,QAAQ,MAAM,IAAI,YAAY;AACtC,cAAI,CAAC,OAAO;AACR,kBAAM,sBAAsB,YAAY;AAAA,UAC5C;AACA,wBAAc,MAAM,kBAAkB,aAAa,QAAQ,OAAO,OAAO;AAAA,QAC7E,OACK;AACD,wBAAc,YAAY,YAAY;AAAA,QAC1C;AACA,yBAAiB,SAAS,WAAW,YAAY,YAAY,MAAM,EAAE,QAAQ;AAC7E,oBAAY,IAAI,KAAK,OAAO,YAAY,YAAY,SAAS,IAAI,GAAI;AACrE,uBAAe,IAAI,KAAK,OAAO,YAAY,YAAY,iBAAiB,IAAI,GAAI;AAChF,YAAI,YAAY,YAAY,WAAW;AACnC,sBAAY,IAAI,KAAK,OAAO,YAAY,YAAY,SAAS,IAAI,GAAI;AAAA,QACzE;AAAA,MACJ;AACA,UAAI,YAAY,aAAa;AACzB,mBACI,YAAY,YAAY,aAAa,gBAC/B,gBACA;AAAA,MACd;AACA,YAAM,MAAM,eAAe,OAAO,eAAe,OAAO;AACxD,YAAM,MAAM,eAAe,OAAO;AAElC,UAAI,qBAAqB,iBAAiB,CAAC,CAAC,YAAY,SAAS;AAC7D,oBAAY,QAAQ,kBAChB,qBAAqB;AAAA,MAC7B;AACA,YAAM,cAAc,YAAY,UAC1B;AAAA,QAA+B,YAAY,QAAQ,eAAe;AAAA,QAAG;AAAA;AAAA,QACvE;AAAA,QAAe,YAAY,SAAS;AAAA,MAAM,IACxC;AACN,aAAO;AAAA,QACH,WAAW,UAAU;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,SAAS,aAAa,SAAS,UAAU;AAAA,QACzC,eAAe,iBAAiB,CAAC;AAAA,QACjC;AAAA,QACA,WAAW;AAAA,QACX;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe,QAAQ;AAAA,QACvB,WAAW,aAAa,UAAU;AAAA,QAClC;AAAA,QACA,WAAW,YAAY,aAAa,aAAa,UAAU;AAAA,QAC3D,OAAO,eACD,aAAa,mBACb,UAAU;AAAA,QAChB,oBAAoB,YAAY,SAAS,sBACrC,UAAU;AAAA,QACd,aAAa,YAAY,SAAS,eAAe,UAAU;AAAA,QAC3D,MAAM,qBAAqB;AAAA,QAC3B,kBAAkB;AAAA,MACtB;AAAA,IACJ;AAAA;AACJ;AACA,SAAS,oBAAoB,cAAc,WAAW,eAAe,eAAeC,eAAc,YAAY,aAAa,gBAAgB,iBAAiB,iBAAiB,QAAQ;AACjL,UAAQ,QAAQ,yBAAyB;AAEzC,QAAM,cAAc,aAAa,eAAe;AAChD,QAAM,iBAAiB,YAAY,KAAK,CAAC,eAAe;AACpD,WAAO,WAAW,WAAW,aAAa;AAAA,EAC9C,CAAC;AACD,MAAI,gBAAgB;AACpB,MAAI,gBAAgB;AAChB,oBAAgB,aAAa,WAAW,gBAAgB,MAAM;AAAA,EAClE;AACA,QAAM,cAAc,iBAChB,cAAc,cAAc;AAAA,IACxB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,oBAAoB,iBAAiB;AAAA,IACrC,aAAa,iBAAiB;AAAA,IAC9B;AAAA,EACJ,GAAG,WAAWA,aAAY;AAC9B,QAAM,iBAAiB,YAAY,kBAAkB,CAAC;AACtD,MAAI,kBACA,CAAC,eAAe,KAAK,CAAC,kBAAkB;AACpC,WAAO,cAAc,aAAa;AAAA,EACtC,CAAC,GAAG;AACJ,UAAM,mBAAmB,oCAAoC,eAAe,aAAa;AACzF,mBAAe,KAAK,gBAAgB;AAAA,EACxC;AACA,cAAY,iBAAiB;AAC7B,SAAO;AACX;;;AClVA,IAAM,0BAAN,cAAsC,WAAW;AAAA,EAC7C,YAAY,eAAe,mBAAmB;AAC1C,UAAM,eAAe,iBAAiB;AAEtC,SAAK,qBAAqB;AAC1B,SAAK,oBACD,KAAK,OAAO,YAAY,UAAU,QAAQ,aAAa;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWM,eAAe,SAAS;AAAA;AAC1B,WAAK,mBAAmB,oBAAoB,kBAAkB,gBAAgB,QAAQ,aAAa;AACnG,YAAM,cAAc,MAAM,YAAY,KAAK,6BAA6B,KAAK,IAAI,GAAG,kBAAkB,6BAA6B,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,OAAO;AACtM,aAAO,UAAU,kBAAkB,KAAK,UAAU,uBAAuB,WAAW;AAAA,IACxF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,aAAa,SAAS,iBAAiB;AAAA;AACzC,WAAK,mBAAmB,oBAAoB,kBAAkB,wBAAwB,QAAQ,aAAa;AAC3G,UAAI,CAAC,QAAQ,MAAM;AACf,cAAM,sBAAsB,mBAAmB;AAAA,MACnD;AACA,YAAM,eAAe,WAAW;AAChC,YAAM,WAAW,MAAM,YAAY,KAAK,oBAAoB,KAAK,IAAI,GAAG,kBAAkB,+BAA+B,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,KAAK,WAAW,OAAO;AAE5M,YAAM,YAAY,SAAS,UAAU,YAAY,eAAe;AAChE,YAAM,kBAAkB,IAAI,gBAAgB,KAAK,OAAO,YAAY,UAAU,KAAK,cAAc,KAAK,aAAa,KAAK,QAAQ,KAAK,OAAO,mBAAmB,KAAK,OAAO,mBAAmB,KAAK,iBAAiB;AAEpN,sBAAgB,sBAAsB,SAAS,IAAI;AACnD,aAAO,YAAY,gBAAgB,0BAA0B,KAAK,eAAe,GAAG,kBAAkB,2BAA2B,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,MAAM,KAAK,WAAW,cAAc,SAAS,iBAAiB,QAAW,QAAW,QAAW,SAAS;AAAA,IAClT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,uBAAuB,cAAc,aAAa;AAE9C,UAAM,kBAAkB,IAAI,gBAAgB,KAAK,OAAO,YAAY,UAAU,KAAK,cAAc,KAAK,aAAa,KAAK,QAAQ,MAAM,IAAI;AAE1I,oBAAgB,wCAAwC,cAAc,WAAW;AAEjF,QAAI,CAAC,aAAa,MAAM;AACpB,YAAM,sBAAsB,0CAA0C;AAAA,IAC1E;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa,eAAe;AAExB,QAAI,CAAC,eAAe;AAChB,YAAM,+BAA+B,kBAAkB;AAAA,IAC3D;AACA,UAAM,cAAc,KAAK,2BAA2B,aAAa;AAEjE,WAAO,UAAU,kBAAkB,KAAK,UAAU,oBAAoB,WAAW;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,oBAAoB,WAAW,SAAS;AAAA;AAC1C,WAAK,mBAAmB,oBAAoB,kBAAkB,+BAA+B,QAAQ,aAAa;AAClH,YAAM,wBAAwB,KAAK,2BAA2B,OAAO;AACrE,YAAM,WAAW,UAAU,kBAAkB,UAAU,eAAe,qBAAqB;AAC3F,YAAM,cAAc,MAAM,YAAY,KAAK,uBAAuB,KAAK,IAAI,GAAG,kBAAkB,kCAAkC,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,OAAO;AACrM,UAAI,gBAAgB;AACpB,UAAI,QAAQ,YAAY;AACpB,YAAI;AACA,gBAAM,aAAa,gBAAgB,QAAQ,YAAY,KAAK,YAAY,YAAY;AACpF,0BAAgB;AAAA,YACZ,YAAY,GAAG,WAAW,GAAG,GAAG,WAAW,qBAAqB,GAAG,WAAW,IAAI;AAAA,YAClF,MAAM,kBAAkB;AAAA,UAC5B;AAAA,QACJ,SACO,GAAG;AACN,eAAK,OAAO,QAAQ,iDAAiD,CAAC;AAAA,QAC1E;AAAA,MACJ;AACA,YAAM,UAAU,KAAK,0BAA0B,iBAAiB,QAAQ,aAAa;AACrF,YAAM,aAAa;AAAA,QACf,UAAU,QAAQ,qBAAqB,YACnC,KAAK,OAAO,YAAY;AAAA,QAC5B,WAAW,UAAU;AAAA,QACrB,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,sBAAsB,QAAQ;AAAA,QAC9B,uBAAuB,QAAQ;AAAA,QAC/B,oBAAoB,QAAQ;AAAA,QAC5B,WAAW,QAAQ;AAAA,QACnB,QAAQ,QAAQ;AAAA,MACpB;AACA,aAAO,YAAY,KAAK,2BAA2B,KAAK,IAAI,GAAG,kBAAkB,mDAAmD,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,UAAU,aAAa,SAAS,YAAY,QAAQ,eAAe,kBAAkB,iDAAiD;AAAA,IAC1U;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,uBAAuB,SAAS;AAAA;AAClC,WAAK,mBAAmB,oBAAoB,kBAAkB,kCAAkC,QAAQ,aAAa;AACrH,YAAM,mBAAmB,IAAI,wBAAwB;AACrD,uBAAiB,YAAY,QAAQ,sBAAsB,SAAS,KAChE,KAAK,OAAO,YAAY,QAAQ;AAKpC,UAAI,CAAC,KAAK,oBAAoB;AAE1B,yBAAiB,oBAAoB,QAAQ,WAAW;AAAA,MAC5D,OACK;AAED,yBAAiB,eAAe,QAAQ,WAAW;AAAA,MACvD;AAEA,uBAAiB,UAAU,QAAQ,QAAQ,MAAM,KAAK,iBAAiB;AAEvE,uBAAiB,qBAAqB,QAAQ,IAAI;AAElD,uBAAiB,eAAe,KAAK,OAAO,WAAW;AACvD,uBAAiB,wBAAwB,KAAK,OAAO,UAAU,WAAW;AAC1E,uBAAiB,cAAc;AAC/B,UAAI,KAAK,0BAA0B,CAAC,mBAAmB,KAAK,MAAM,GAAG;AACjE,yBAAiB,mBAAmB,KAAK,sBAAsB;AAAA,MACnE;AAEA,UAAI,QAAQ,cAAc;AACtB,yBAAiB,gBAAgB,QAAQ,YAAY;AAAA,MACzD;AACA,UAAI,KAAK,OAAO,kBAAkB,cAAc;AAC5C,yBAAiB,gBAAgB,KAAK,OAAO,kBAAkB,YAAY;AAAA,MAC/E;AACA,UAAI,KAAK,OAAO,kBAAkB,iBAAiB;AAC/C,cAAM,kBAAkB,KAAK,OAAO,kBAAkB;AACtD,yBAAiB,mBAAmB,gBAAgB,SAAS;AAC7D,yBAAiB,uBAAuB,gBAAgB,aAAa;AAAA,MACzE;AACA,uBAAiB,aAAa,UAAU,wBAAwB;AAChE,uBAAiB,cAAc;AAC/B,UAAI,QAAQ,yBAAyB,qBAAqB,KAAK;AAC3D,cAAM,oBAAoB,IAAI,kBAAkB,KAAK,aAAa,KAAK,iBAAiB;AACxF,cAAM,aAAa,MAAM,YAAY,kBAAkB,YAAY,KAAK,iBAAiB,GAAG,kBAAkB,qBAAqB,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,KAAK,MAAM;AAEnN,yBAAiB,YAAY,WAAW,YAAY;AAAA,MACxD,WACS,QAAQ,yBAAyB,qBAAqB,KAAK;AAChE,YAAI,QAAQ,QAAQ;AAChB,2BAAiB,UAAU,QAAQ,MAAM;AAAA,QAC7C,OACK;AACD,gBAAM,+BAA+B,aAAa;AAAA,QACtD;AAAA,MACJ;AACA,YAAM,gBAAgB,QAAQ,iBAC1B,KAAK,OAAO,gBAAgB,cAAc;AAC9C,uBAAiB,iBAAiB,aAAa;AAC/C,UAAI,CAAC,YAAY,WAAW,QAAQ,MAAM,KACrC,KAAK,OAAO,YAAY,sBACrB,KAAK,OAAO,YAAY,mBAAmB,SAAS,GAAI;AAC5D,yBAAiB,UAAU,QAAQ,QAAQ,KAAK,OAAO,YAAY,kBAAkB;AAAA,MACzF;AACA,UAAI,UAAU;AACd,UAAI,QAAQ,YAAY;AACpB,YAAI;AACA,gBAAM,aAAa,gBAAgB,QAAQ,YAAY,KAAK,YAAY,YAAY;AACpF,oBAAU;AAAA,YACN,YAAY,GAAG,WAAW,GAAG,GAAG,WAAW,qBAAqB,GAAG,WAAW,IAAI;AAAA,YAClF,MAAM,kBAAkB;AAAA,UAC5B;AAAA,QACJ,SACO,GAAG;AACN,eAAK,OAAO,QAAQ,iDAAiD,CAAC;AAAA,QAC1E;AAAA,MACJ,OACK;AACD,kBAAU,QAAQ;AAAA,MACtB;AAEA,UAAI,KAAK,OAAO,cAAc,wBAAwB,SAAS;AAC3D,gBAAQ,QAAQ,MAAM;AAAA,UAClB,KAAK,kBAAkB;AACnB,gBAAI;AACA,oBAAM,aAAa,iCAAiC,QAAQ,UAAU;AACtE,+BAAiB,UAAU,UAAU;AAAA,YACzC,SACO,GAAG;AACN,mBAAK,OAAO,QAAQ,qDAChB,CAAC;AAAA,YACT;AACA;AAAA,UACJ,KAAK,kBAAkB;AACnB,6BAAiB,UAAU,QAAQ,UAAU;AAC7C;AAAA,QACR;AAAA,MACJ;AACA,UAAI,QAAQ,qBAAqB;AAC7B,yBAAiB,wBAAwB,QAAQ,mBAAmB;AAAA,MACxE;AAEA,UAAI,QAAQ,+BACP,CAAC,QAAQ,uBACN,CAAC,QAAQ,oBAAoB,eAAe,IAAI;AACpD,yBAAiB,wBAAwB;AAAA,UACrC,CAAC,eAAe,GAAG;AAAA,QACvB,CAAC;AAAA,MACL;AACA,aAAO,iBAAiB,kBAAkB;AAAA,IAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,6BAA6B,SAAS;AAAA;AACxC,WAAK,mBAAmB,oBAAoB,kBAAkB,6BAA6B,QAAQ,aAAa;AAChH,YAAM,mBAAmB,IAAI,wBAAwB;AACrD,uBAAiB,YAAY,QAAQ,uBAAuB,SAAS,KACjE,KAAK,OAAO,YAAY,QAAQ;AACpC,YAAM,gBAAgB;AAAA,QAClB,GAAI,QAAQ,UAAU,CAAC;AAAA,QACvB,GAAI,QAAQ,wBAAwB,CAAC;AAAA,MACzC;AACA,uBAAiB,UAAU,eAAe,MAAM,KAAK,iBAAiB;AAEtE,uBAAiB,eAAe,QAAQ,WAAW;AAEnD,YAAM,gBAAgB,QAAQ,iBAC1B,KAAK,OAAO,gBAAgB,cAAc;AAC9C,uBAAiB,iBAAiB,aAAa;AAE/C,uBAAiB,gBAAgB,QAAQ,YAAY;AAErD,uBAAiB,oBAAoB;AAErC,uBAAiB,eAAe,KAAK,OAAO,WAAW;AACvD,UAAI,CAAC,mBAAmB,KAAK,MAAM,GAAG;AAClC,yBAAiB,wBAAwB,KAAK,OAAO,UAAU,WAAW;AAAA,MAC9E;AAEA,uBAAiB,cAAc;AAC/B,UAAI,QAAQ,iBAAiB,QAAQ,qBAAqB;AACtD,yBAAiB,uBAAuB,QAAQ,eAAe,QAAQ,mBAAmB;AAAA,MAC9F;AACA,UAAI,QAAQ,QAAQ;AAChB,yBAAiB,UAAU,QAAQ,MAAM;AAAA,MAC7C;AACA,UAAI,QAAQ,YAAY;AACpB,yBAAiB,cAAc,QAAQ,UAAU;AAAA,MACrD;AAEA,UAAI,QAAQ,WAAW,YAAY,gBAAgB;AAE/C,YAAI,QAAQ,OAAO,QAAQ,WAAW,YAAY,MAAM;AAEpD,eAAK,OAAO,QAAQ,uEAAuE;AAC3F,2BAAiB,OAAO,QAAQ,GAAG;AAAA,QACvC,WACS,QAAQ,SAAS;AACtB,gBAAM,aAAa,KAAK,kBAAkB,QAAQ,OAAO;AACzD,gBAAM,wBAAwB,KAAK,iBAAiB,QAAQ,OAAO;AAEnE,cAAI,uBAAuB;AACvB,iBAAK,OAAO,QAAQ,mEAAmE;AACvF,6BAAiB,aAAa,qBAAqB;AACnD,gBAAI;AACA,oBAAM,aAAa,iCAAiC,QAAQ,QAAQ,aAAa;AACjF,+BAAiB,UAAU,UAAU;AAAA,YACzC,SACO,GAAG;AACN,mBAAK,OAAO,QAAQ,8EAA8E;AAAA,YACtG;AAAA,UACJ,WACS,cAAc,QAAQ,WAAW,YAAY,MAAM;AAKxD,iBAAK,OAAO,QAAQ,uEAAuE;AAC3F,6BAAiB,OAAO,UAAU;AAClC,gBAAI;AACA,oBAAM,aAAa,iCAAiC,QAAQ,QAAQ,aAAa;AACjF,+BAAiB,UAAU,UAAU;AAAA,YACzC,SACO,GAAG;AACN,mBAAK,OAAO,QAAQ,8EAA8E;AAAA,YACtG;AAAA,UACJ,WACS,QAAQ,WAAW;AACxB,iBAAK,OAAO,QAAQ,8DAA8D;AAClF,6BAAiB,aAAa,QAAQ,SAAS;AAC/C,6BAAiB,UAAU,QAAQ,SAAS;AAAA,UAChD,WACS,QAAQ,QAAQ,UAAU;AAE/B,iBAAK,OAAO,QAAQ,8DAA8D;AAClF,6BAAiB,aAAa,QAAQ,QAAQ,QAAQ;AACtD,gBAAI;AACA,oBAAM,aAAa,iCAAiC,QAAQ,QAAQ,aAAa;AACjF,+BAAiB,UAAU,UAAU;AAAA,YACzC,SACO,GAAG;AACN,mBAAK,OAAO,QAAQ,8EAA8E;AAAA,YACtG;AAAA,UACJ;AAAA,QACJ,WACS,QAAQ,WAAW;AACxB,eAAK,OAAO,QAAQ,0EAA0E;AAC9F,2BAAiB,aAAa,QAAQ,SAAS;AAC/C,2BAAiB,UAAU,QAAQ,SAAS;AAAA,QAChD;AAAA,MACJ,OACK;AACD,aAAK,OAAO,QAAQ,gFAAgF;AAAA,MACxG;AACA,UAAI,QAAQ,OAAO;AACf,yBAAiB,SAAS,QAAQ,KAAK;AAAA,MAC3C;AACA,UAAI,QAAQ,OAAO;AACf,yBAAiB,SAAS,QAAQ,KAAK;AAAA,MAC3C;AACA,UAAI,QAAQ,UACP,KAAK,OAAO,YAAY,sBACrB,KAAK,OAAO,YAAY,mBAAmB,SAAS,GAAI;AAC5D,yBAAiB,UAAU,QAAQ,QAAQ,KAAK,OAAO,YAAY,kBAAkB;AAAA,MACzF;AACA,UAAI,QAAQ,sBAAsB;AAC9B,yBAAiB,wBAAwB,QAAQ,oBAAoB;AAAA,MACzE;AACA,UAAI,QAAQ,cAAc;AAEtB,yBAAiB,gBAAgB;AAEjC,YAAI,QAAQ,yBAAyB,qBAAqB,KAAK;AAC3D,gBAAM,oBAAoB,IAAI,kBAAkB,KAAK,WAAW;AAEhE,gBAAM,aAAa,MAAM,YAAY,kBAAkB,YAAY,KAAK,iBAAiB,GAAG,kBAAkB,qBAAqB,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,KAAK,MAAM;AACnN,2BAAiB,YAAY,WAAW,UAAU;AAAA,QACtD;AAAA,MACJ;AACA,aAAO,iBAAiB,kBAAkB;AAAA,IAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,2BAA2B,SAAS;AAChC,UAAM,mBAAmB,IAAI,wBAAwB;AACrD,QAAI,QAAQ,uBAAuB;AAC/B,uBAAiB,yBAAyB,QAAQ,qBAAqB;AAAA,IAC3E;AACA,QAAI,QAAQ,eAAe;AACvB,uBAAiB,iBAAiB,QAAQ,aAAa;AAAA,IAC3D;AACA,QAAI,QAAQ,aAAa;AACrB,uBAAiB,eAAe,QAAQ,WAAW;AAAA,IACvD;AACA,QAAI,QAAQ,OAAO;AACf,uBAAiB,SAAS,QAAQ,KAAK;AAAA,IAC3C;AACA,QAAI,QAAQ,YAAY;AACpB,uBAAiB,cAAc,QAAQ,UAAU;AAAA,IACrD;AACA,QAAI,QAAQ,sBAAsB;AAC9B,uBAAiB,wBAAwB,QAAQ,oBAAoB;AAAA,IACzE;AACA,WAAO,iBAAiB,kBAAkB;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,SAAS;AACvB,WAAO,QAAQ,eAAe,OAAO;AAAA,EACzC;AAAA,EACA,iBAAiB,SAAS;AACtB,WAAO,QAAQ,eAAe,cAAc;AAAA,EAChD;AACJ;;;AC1YA,IAAM,kDAAkD;AAKxD,IAAM,qBAAN,cAAiC,WAAW;AAAA,EACxC,YAAY,eAAe,mBAAmB;AAC1C,UAAM,eAAe,iBAAiB;AAAA,EAC1C;AAAA,EACM,aAAa,SAAS;AAAA;AACxB,WAAK,mBAAmB,oBAAoB,kBAAkB,gCAAgC,QAAQ,aAAa;AACnH,YAAM,eAAe,WAAW;AAChC,YAAM,WAAW,MAAM,YAAY,KAAK,oBAAoB,KAAK,IAAI,GAAG,kBAAkB,uCAAuC,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,KAAK,SAAS;AAEpN,YAAM,YAAY,SAAS,UAAU,YAAY,eAAe;AAChE,YAAM,kBAAkB,IAAI,gBAAgB,KAAK,OAAO,YAAY,UAAU,KAAK,cAAc,KAAK,aAAa,KAAK,QAAQ,KAAK,OAAO,mBAAmB,KAAK,OAAO,iBAAiB;AAC5L,sBAAgB,sBAAsB,SAAS,IAAI;AACnD,aAAO,YAAY,gBAAgB,0BAA0B,KAAK,eAAe,GAAG,kBAAkB,2BAA2B,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,MAAM,KAAK,WAAW,cAAc,SAAS,QAAW,QAAW,MAAM,QAAQ,YAAY,SAAS;AAAA,IAChT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,2BAA2B,SAAS;AAAA;AAEtC,UAAI,CAAC,SAAS;AACV,cAAM,+BAA+B,iBAAiB;AAAA,MAC1D;AACA,WAAK,mBAAmB,oBAAoB,kBAAkB,8CAA8C,QAAQ,aAAa;AAEjI,UAAI,CAAC,QAAQ,SAAS;AAClB,cAAM,sBAAsB,wBAAwB;AAAA,MACxD;AAEA,YAAM,SAAS,KAAK,aAAa,kBAAkB,QAAQ,QAAQ,WAAW;AAE9E,UAAI,QAAQ;AACR,YAAI;AACA,iBAAO,MAAM,YAAY,KAAK,mCAAmC,KAAK,IAAI,GAAG,kBAAkB,sDAAsD,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,IAAI;AAAA,QAClO,SACO,GAAG;AACN,gBAAM,oBAAoB,aAAa,gCACnC,EAAE,cACE;AACR,gBAAM,kCAAkC,aAAa,eACjD,EAAE,cAAc,OAAO,uBACvB,EAAE,aAAa,OAAO;AAE1B,cAAI,qBAAqB,iCAAiC;AACtD,mBAAO,YAAY,KAAK,mCAAmC,KAAK,IAAI,GAAG,kBAAkB,sDAAsD,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,KAAK;AAAA,UAE7N,OACK;AACD,kBAAM;AAAA,UACV;AAAA,QACJ;AAAA,MACJ;AAEA,aAAO,YAAY,KAAK,mCAAmC,KAAK,IAAI,GAAG,kBAAkB,sDAAsD,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,KAAK;AAAA,IAC7N;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,mCAAmC,SAAS,MAAM;AAAA;AACpD,WAAK,mBAAmB,oBAAoB,kBAAkB,sDAAsD,QAAQ,aAAa;AAEzI,YAAM,eAAe,OAAO,KAAK,aAAa,gBAAgB,KAAK,KAAK,YAAY,GAAG,kBAAkB,6BAA6B,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,QAAQ,SAAS,MAAM,QAAW,KAAK,mBAAmB,QAAQ,aAAa;AACjR,UAAI,CAAC,cAAc;AACf,cAAM,mCAAmC,aAAa;AAAA,MAC1D;AACA,UAAI,aAAa,aACb,eAAe,aAAa,WAAW,QAAQ,uCAC3C,+CAA+C,GAAG;AACtD,cAAM,mCAAmC,mBAAmB;AAAA,MAChE;AAEA,YAAM,sBAAsB,iCACrB,UADqB;AAAA,QAExB,cAAc,aAAa;AAAA,QAC3B,sBAAsB,QAAQ,wBAAwB,qBAAqB;AAAA,QAC3E,eAAe;AAAA,UACX,YAAY,QAAQ,QAAQ;AAAA,UAC5B,MAAM,kBAAkB;AAAA,QAC5B;AAAA,MACJ;AACA,UAAI;AACA,eAAO,MAAM,YAAY,KAAK,aAAa,KAAK,IAAI,GAAG,kBAAkB,gCAAgC,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,mBAAmB;AAAA,MAC5L,SACO,GAAG;AACN,YAAI,aAAa,gCACb,EAAE,aAAa,UAAU;AAEzB,eAAK,OAAO,QAAQ,sEAAsE;AAC1F,gBAAM,qBAAqB,sBAAsB,YAAY;AAC7D,eAAK,aAAa,mBAAmB,kBAAkB;AAAA,QAC3D;AACA,cAAM;AAAA,MACV;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,oBAAoB,SAAS,WAAW;AAAA;AAC1C,WAAK,mBAAmB,oBAAoB,kBAAkB,uCAAuC,QAAQ,aAAa;AAC1H,YAAM,wBAAwB,KAAK,2BAA2B,OAAO;AACrE,YAAM,WAAW,UAAU,kBAAkB,UAAU,eAAe,qBAAqB;AAC3F,YAAM,cAAc,MAAM,YAAY,KAAK,uBAAuB,KAAK,IAAI,GAAG,kBAAkB,0CAA0C,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,OAAO;AAC7M,YAAM,UAAU,KAAK,0BAA0B,QAAQ,aAAa;AACpE,YAAM,aAAa;AAAA,QACf,UAAU,QAAQ,qBAAqB,YACnC,KAAK,OAAO,YAAY;AAAA,QAC5B,WAAW,UAAU;AAAA,QACrB,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,sBAAsB,QAAQ;AAAA,QAC9B,uBAAuB,QAAQ;AAAA,QAC/B,oBAAoB,QAAQ;AAAA,QAC5B,WAAW,QAAQ;AAAA,QACnB,QAAQ,QAAQ;AAAA,MACpB;AACA,aAAO,YAAY,KAAK,2BAA2B,KAAK,IAAI,GAAG,kBAAkB,8CAA8C,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,UAAU,aAAa,SAAS,YAAY,QAAQ,eAAe,kBAAkB,4CAA4C;AAAA,IAChU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,uBAAuB,SAAS;AAAA;AAClC,WAAK,mBAAmB,oBAAoB,kBAAkB,0CAA0C,QAAQ,aAAa;AAC7H,YAAM,gBAAgB,QAAQ;AAC9B,YAAM,mBAAmB,IAAI,wBAAwB;AACrD,uBAAiB,YAAY,QAAQ,sBAAsB,SAAS,KAChE,KAAK,OAAO,YAAY,QAAQ;AACpC,UAAI,QAAQ,aAAa;AACrB,yBAAiB,eAAe,QAAQ,WAAW;AAAA,MACvD;AACA,uBAAiB,UAAU,QAAQ,QAAQ,MAAM,KAAK,OAAO,YAAY,UAAU,QAAQ,aAAa,aAAa;AACrH,uBAAiB,aAAa,UAAU,mBAAmB;AAC3D,uBAAiB,cAAc;AAC/B,uBAAiB,eAAe,KAAK,OAAO,WAAW;AACvD,uBAAiB,wBAAwB,KAAK,OAAO,UAAU,WAAW;AAC1E,uBAAiB,cAAc;AAC/B,UAAI,KAAK,0BAA0B,CAAC,mBAAmB,KAAK,MAAM,GAAG;AACjE,yBAAiB,mBAAmB,KAAK,sBAAsB;AAAA,MACnE;AACA,uBAAiB,iBAAiB,aAAa;AAC/C,uBAAiB,gBAAgB,QAAQ,YAAY;AACrD,UAAI,KAAK,OAAO,kBAAkB,cAAc;AAC5C,yBAAiB,gBAAgB,KAAK,OAAO,kBAAkB,YAAY;AAAA,MAC/E;AACA,UAAI,KAAK,OAAO,kBAAkB,iBAAiB;AAC/C,cAAM,kBAAkB,KAAK,OAAO,kBAAkB;AACtD,yBAAiB,mBAAmB,gBAAgB,SAAS;AAC7D,yBAAiB,uBAAuB,gBAAgB,aAAa;AAAA,MACzE;AACA,UAAI,QAAQ,yBAAyB,qBAAqB,KAAK;AAC3D,cAAM,oBAAoB,IAAI,kBAAkB,KAAK,aAAa,KAAK,iBAAiB;AACxF,cAAM,aAAa,MAAM,YAAY,kBAAkB,YAAY,KAAK,iBAAiB,GAAG,kBAAkB,qBAAqB,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,SAAS,KAAK,MAAM;AAEnN,yBAAiB,YAAY,WAAW,YAAY;AAAA,MACxD,WACS,QAAQ,yBAAyB,qBAAqB,KAAK;AAChE,YAAI,QAAQ,QAAQ;AAChB,2BAAiB,UAAU,QAAQ,MAAM;AAAA,QAC7C,OACK;AACD,gBAAM,+BAA+B,aAAa;AAAA,QACtD;AAAA,MACJ;AACA,UAAI,CAAC,YAAY,WAAW,QAAQ,MAAM,KACrC,KAAK,OAAO,YAAY,sBACrB,KAAK,OAAO,YAAY,mBAAmB,SAAS,GAAI;AAC5D,yBAAiB,UAAU,QAAQ,QAAQ,KAAK,OAAO,YAAY,kBAAkB;AAAA,MACzF;AACA,UAAI,KAAK,OAAO,cAAc,wBAC1B,QAAQ,eAAe;AACvB,gBAAQ,QAAQ,cAAc,MAAM;AAAA,UAChC,KAAK,kBAAkB;AACnB,gBAAI;AACA,oBAAM,aAAa,iCAAiC,QAAQ,cAAc,UAAU;AACpF,+BAAiB,UAAU,UAAU;AAAA,YACzC,SACO,GAAG;AACN,mBAAK,OAAO,QAAQ,qDAChB,CAAC;AAAA,YACT;AACA;AAAA,UACJ,KAAK,kBAAkB;AACnB,6BAAiB,UAAU,QAAQ,cAAc,UAAU;AAC3D;AAAA,QACR;AAAA,MACJ;AACA,UAAI,QAAQ,qBAAqB;AAC7B,yBAAiB,wBAAwB,QAAQ,mBAAmB;AAAA,MACxE;AACA,aAAO,iBAAiB,kBAAkB;AAAA,IAC9C;AAAA;AACJ;;;AChNA,IAAM,mBAAN,cAA+B,WAAW;AAAA,EACtC,YAAY,eAAe,mBAAmB;AAC1C,UAAM,eAAe,iBAAiB;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,aAAa,SAAS;AAAA;AACxB,UAAI;AACA,cAAM,CAAC,cAAc,YAAY,IAAI,MAAM,KAAK,mBAAmB,OAAO;AAE1E,YAAI,iBAAiB,aAAa,uBAAuB;AACrD,eAAK,OAAO,KAAK,6IAA6I;AAE9J,gBAAM,qBAAqB,IAAI,mBAAmB,KAAK,QAAQ,KAAK,iBAAiB;AACrF,6BACK,2BAA2B,OAAO,EAClC,MAAM,MAAM;AAAA,UAEjB,CAAC;AAAA,QACL;AAEA,eAAO;AAAA,MACX,SACO,GAAG;AACN,YAAI,aAAa,mBACb,EAAE,cAAc,sBAAsB;AACtC,gBAAM,qBAAqB,IAAI,mBAAmB,KAAK,QAAQ,KAAK,iBAAiB;AACrF,iBAAO,mBAAmB,2BAA2B,OAAO;AAAA,QAChE,OACK;AACD,gBAAM;AAAA,QACV;AAAA,MACJ;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,mBAAmB,SAAS;AAAA;AAC9B,WAAK,mBAAmB,oBAAoB,kBAAkB,oCAAoC,QAAQ,aAAa;AACvH,UAAI,mBAAmB,aAAa;AACpC,UAAI,QAAQ,gBACP,CAAC,KAAK,OAAO,aAAa,6BACvB,CAAC,YAAY,WAAW,QAAQ,MAAM,GAAI;AAE9C,aAAK,gBAAgB,aAAa,yBAAyB,QAAQ,aAAa;AAChF,cAAM,sBAAsB,oBAAoB;AAAA,MACpD;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,cAAM,sBAAsB,wBAAwB;AAAA,MACxD;AACA,YAAM,kBAAkB,QAAQ,QAAQ,YACpC,6BAA6B,QAAQ,SAAS;AAClD,YAAM,YAAY,KAAK,aAAa,aAAa;AACjD,YAAM,oBAAoB,KAAK,aAAa,eAAe,QAAQ,SAAS,SAAS,WAAW,iBAAiB,KAAK,mBAAmB,QAAQ,aAAa;AAC9J,UAAI,CAAC,mBAAmB;AAEpB,aAAK,gBAAgB,aAAa,wBAAwB,QAAQ,aAAa;AAC/E,cAAM,sBAAsB,oBAAoB;AAAA,MACpD,WACS,mBAAmB,kBAAkB,QAAQ,KAClD,eAAe,kBAAkB,WAAW,KAAK,OAAO,cAAc,yBAAyB,GAAG;AAElG,aAAK,gBAAgB,aAAa,6BAA6B,QAAQ,aAAa;AACpF,cAAM,sBAAsB,oBAAoB;AAAA,MACpD,WACS,kBAAkB,aACvB,eAAe,kBAAkB,WAAW,CAAC,GAAG;AAEhD,2BAAmB,aAAa;AAAA,MAEpC;AACA,YAAM,cAAc,QAAQ,aAAa,KAAK,UAAU,kBAAkB;AAC1E,YAAM,cAAc;AAAA,QAChB,SAAS,KAAK,aAAa,qBAAqB,QAAQ,OAAO;AAAA,QAC/D,aAAa;AAAA,QACb,SAAS,KAAK,aAAa,WAAW,QAAQ,SAAS,WAAW,iBAAiB,KAAK,mBAAmB,QAAQ,aAAa;AAAA,QAChI,cAAc;AAAA,QACd,aAAa,KAAK,aAAa,yBAAyB,WAAW;AAAA,MACvE;AACA,WAAK,gBAAgB,kBAAkB,QAAQ,aAAa;AAC5D,UAAI,KAAK,OAAO,wBAAwB;AACpC,aAAK,OAAO,uBAAuB,mBAAmB;AAAA,MAC1D;AACA,aAAO;AAAA,QACH,MAAM,YAAY,KAAK,8BAA8B,KAAK,IAAI,GAAG,kBAAkB,+CAA+C,KAAK,QAAQ,KAAK,mBAAmB,QAAQ,aAAa,EAAE,aAAa,OAAO;AAAA,QAClN;AAAA,MACJ;AAAA,IACJ;AAAA;AAAA,EACA,gBAAgB,cAAc,eAAe;AACzC,SAAK,wBAAwB,gBAAgB,YAAY;AACzD,SAAK,mBAAmB,UAAU;AAAA,MAC9B;AAAA,IACJ,GAAG,aAAa;AAChB,QAAI,iBAAiB,aAAa,gBAAgB;AAC9C,WAAK,OAAO,KAAK,mDAAmD,YAAY,EAAE;AAAA,IACtF;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,8BAA8B,aAAa,SAAS;AAAA;AACtD,WAAK,mBAAmB,oBAAoB,kBAAkB,+CAA+C,QAAQ,aAAa;AAClI,UAAI;AACJ,UAAI,YAAY,SAAS;AACrB,wBAAgB,mBAAmB,YAAY,QAAQ,QAAQ,KAAK,OAAO,gBAAgB,YAAY;AAAA,MAC3G;AAEA,UAAI,QAAQ,UAAU,QAAQ,WAAW,GAAG;AACxC,cAAM,WAAW,eAAe;AAChC,YAAI,CAAC,UAAU;AACX,gBAAM,sBAAsB,gBAAgB;AAAA,QAChD;AACA,oBAAY,UAAU,QAAQ,MAAM;AAAA,MACxC;AACA,aAAO,gBAAgB,6BAA6B,KAAK,aAAa,KAAK,WAAW,aAAa,MAAM,SAAS,aAAa;AAAA,IACnI;AAAA;AACJ;;;ACrIA,IAAM,uBAAuB;AAAA,EACzB,qBAAqB,MAAM;AACvB,WAAO,QAAQ,OAAO,sBAAsB,oBAAoB,CAAC;AAAA,EACrE;AAAA,EACA,sBAAsB,MAAM;AACxB,WAAO,QAAQ,OAAO,sBAAsB,oBAAoB,CAAC;AAAA,EACrE;AACJ;;;ACVA,IAAM,kBAAkB;AACxB,IAAM,kBAAkB;;;ACExB,IAAM,0BAA0B;AAAA,EAC5B,CAAC,eAAe,GAAG;AAAA,EACnB,CAAC,eAAe,GAAG;AACvB;AAIA,IAAM,kBAAN,MAAM,yBAAwB,UAAU;AAAA,EACpC,YAAY,WAAW,cAAc;AACjC,UAAM,WAAW,YAAY;AAC7B,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,iBAAgB,SAAS;AAAA,EACzD;AACJ;AAEA,SAAS,sBAAsB,MAAM;AACjC,SAAO,IAAI,gBAAgB,MAAM,wBAAwB,IAAI,CAAC;AAClE;;;ACfA,IAAM,aAAN,MAAM,YAAW;AAAA,EACb,YAAY,SAAS;AACjB,SAAK,MAAM,QAAQ;AACnB,SAAK,MAAM,QAAQ;AACnB,SAAK,MAAM,QAAQ;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,mBAAmB,kBAAkB;AAExC,QAAI,CAAC,iBAAiB,KAAK;AACvB,YAAM,sBAAsB,eAAe;AAAA,IAC/C;AAEA,QAAI,CAAC,iBAAiB,KAAK;AACvB,YAAM,sBAAsB,eAAe;AAAA,IAC/C;AACA,UAAM,YAAY,IAAI,YAAW;AAAA;AAAA,MAE7B,KAAK,iBAAiB,OAAO,kBAAkB;AAAA,MAC/C,KAAK,iBAAiB;AAAA,MACtB,KAAK,iBAAiB;AAAA,IAC1B,CAAC;AACD,WAAO,KAAK,UAAU,SAAS;AAAA,EACnC;AACJ;;;AChCA,IAAM,yBAAN,MAAM,wBAAuB;AAAA,EACzB,YAAY,kBAAkB,cAAc;AACxC,SAAK,eAAe,aAAa;AACjC,SAAK,eAAe;AACpB,SAAK,QAAQ,iBAAiB;AAC9B,SAAK,gBAAgB,iBAAiB;AACtC,SAAK,aAAa,iBAAiB,cAAc,UAAU;AAC3D,SAAK,aAAa,iBAAiB,cAAc,UAAU;AAC3D,SAAK,oBACD,uBAAuB,YACnB,WAAW,sBACX,iBAAiB;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAIA,oCAAoC;AAChC,UAAM,UAAU,GAAG,KAAK,KAAK,GAAG,uBAAuB,eAAe,GAAG,KAAK,YAAY;AAC1F,UAAM,iBAAiB,CAAC,KAAK,YAAY,KAAK,UAAU,EAAE,KAAK,uBAAuB,eAAe;AACrG,UAAM,wBAAwB,KAAK,yBAAyB;AAC5D,UAAM,mCAAmC;AAAA,MACrC;AAAA,MACA;AAAA,IACJ,EAAE,KAAK,uBAAuB,eAAe;AAC7C,WAAO;AAAA,MACH,uBAAuB;AAAA,MACvB;AAAA,MACA;AAAA,IACJ,EAAE,KAAK,uBAAuB,kBAAkB;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA,EAIA,iCAAiC;AAC7B,UAAM,eAAe,KAAK,gBAAgB;AAC1C,UAAM,YAAY,wBAAuB,gBAAgB,YAAY;AACrE,UAAM,iBAAiB,aAAa,eAC/B,MAAM,GAAG,IAAI,SAAS,EACtB,KAAK,uBAAuB,eAAe;AAChD,UAAM,SAAS,aAAa,OACvB,MAAM,GAAG,SAAS,EAClB,KAAK,uBAAuB,eAAe;AAChD,UAAM,aAAa,aAAa,OAAO;AAEvC,UAAM,WAAW,YAAY,aACvB,uBAAuB,gBACvB,uBAAuB;AAC7B,UAAM,iBAAiB,CAAC,YAAY,QAAQ,EAAE,KAAK,uBAAuB,eAAe;AACzF,WAAO;AAAA,MACH,uBAAuB;AAAA,MACvB,aAAa;AAAA,MACb;AAAA,MACA;AAAA,MACA;AAAA,IACJ,EAAE,KAAK,uBAAuB,kBAAkB;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,OAAO;AACtB,UAAM,eAAe,KAAK,gBAAgB;AAC1C,QAAI,aAAa,OAAO,UACpB,uBAAuB,mBAAmB;AAE1C,mBAAa,eAAe,MAAM;AAClC,mBAAa,eAAe,MAAM;AAClC,mBAAa,OAAO,MAAM;AAAA,IAC9B;AACA,iBAAa,eAAe,KAAK,KAAK,OAAO,KAAK,aAAa;AAC/D,QAAI,iBAAiB,SAAS,CAAC,CAAC,SAAS,MAAM,SAAS,GAAG;AACvD,UAAI,iBAAiB,WAAW;AAC5B,YAAI,MAAM,UAAU;AAChB,uBAAa,OAAO,KAAK,MAAM,QAAQ;AAAA,QAC3C,WACS,MAAM,WAAW;AACtB,uBAAa,OAAO,KAAK,MAAM,SAAS;AAAA,QAC5C,OACK;AACD,uBAAa,OAAO,KAAK,MAAM,SAAS,CAAC;AAAA,QAC7C;AAAA,MACJ,OACK;AACD,qBAAa,OAAO,KAAK,MAAM,SAAS,CAAC;AAAA,MAC7C;AAAA,IACJ,OACK;AACD,mBAAa,OAAO,KAAK,uBAAuB,aAAa;AAAA,IACjE;AACA,SAAK,aAAa,mBAAmB,KAAK,mBAAmB,YAAY;AACzE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,qBAAqB;AACjB,UAAM,eAAe,KAAK,gBAAgB;AAC1C,iBAAa,aAAa;AAC1B,SAAK,aAAa,mBAAmB,KAAK,mBAAmB,YAAY;AACzE,WAAO,aAAa;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA,EAIA,kBAAkB;AACd,UAAM,eAAe;AAAA,MACjB,gBAAgB,CAAC;AAAA,MACjB,QAAQ,CAAC;AAAA,MACT,WAAW;AAAA,IACf;AACA,UAAM,eAAe,KAAK,aAAa,mBAAmB,KAAK,iBAAiB;AAChF,WAAO,gBAAgB;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAIA,sBAAsB;AAClB,UAAM,eAAe,KAAK,gBAAgB;AAC1C,UAAM,mBAAmB,wBAAuB,gBAAgB,YAAY;AAC5E,UAAM,aAAa,aAAa,OAAO;AACvC,QAAI,qBAAqB,YAAY;AAEjC,WAAK,aAAa,WAAW,KAAK,iBAAiB;AAAA,IACvD,OACK;AAED,YAAM,oBAAoB;AAAA,QACtB,gBAAgB,aAAa,eAAe,MAAM,mBAAmB,CAAC;AAAA,QACtE,QAAQ,aAAa,OAAO,MAAM,gBAAgB;AAAA,QAClD,WAAW;AAAA,MACf;AACA,WAAK,aAAa,mBAAmB,KAAK,mBAAmB,iBAAiB;AAAA,IAClF;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,gBAAgB,uBAAuB;AAC1C,QAAI;AACJ,QAAI,YAAY;AAChB,QAAI,WAAW;AACf,UAAM,aAAa,sBAAsB,OAAO;AAChD,SAAK,IAAI,GAAG,IAAI,YAAY,KAAK;AAE7B,YAAM,QAAQ,sBAAsB,eAAe,IAAI,CAAC,KACpD,UAAU;AACd,YAAM,gBAAgB,sBAAsB,eAAe,IAAI,IAAI,CAAC,KAChE,UAAU;AACd,YAAM,YAAY,sBAAsB,OAAO,CAAC,KAAK,UAAU;AAE/D,kBACI,MAAM,SAAS,EAAE,SACb,cAAc,SAAS,EAAE,SACzB,UAAU,SACV;AACR,UAAI,WAAW,uBAAuB,uBAAuB;AAEzD,qBAAa;AAAA,MACjB,OACK;AACD;AAAA,MACJ;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,2BAA2B;AACvB,UAAM,wBAAwB,CAAC;AAC/B,0BAAsB,KAAK,KAAK,cAAc,UAAU,YAAY;AACpE,0BAAsB,KAAK,KAAK,gBAAgB,UAAU,YAAY;AACtE,0BAAsB,KAAK,KAAK,iBAAiB,UAAU,YAAY;AACvE,WAAO,sBAAsB,KAAK,GAAG;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,8BAA8B,yBAAyB;AACnD,SAAK,aAAa,wBAAwB;AAC1C,SAAK,eAAe,wBAAwB;AAC5C,SAAK,gBAAgB,wBAAwB;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAIA,gBAAgB,cAAc;AAC1B,SAAK,eAAe;AAAA,EACxB;AACJ;;;ACrMA,IAAM,6BAAN,MAAiC;AAAA,EAC7B,mBAAmB;AACf;AAAA,EACJ;AAAA,EACA,iBAAiB;AACb;AAAA,EACJ;AAAA,EACA,mBAAmB;AACf,WAAO;AAAA,EACX;AACJ;AACA,IAAM,wBAAN,MAA4B;AAAA,EACxB,aAAa;AACT,WAAO;AAAA,EACX;AAAA,EACA,iBAAiB,aAAa,eAAe;AACzC,WAAO;AAAA,MACH,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AAAA,MAAE;AAAA,MACjB,KAAK,MAAM;AAAA,MAAE;AAAA,MACb,WAAW,MAAM;AAAA,MAAE;AAAA,MACnB,OAAO;AAAA,QACH,SAAS,KAAK,WAAW;AAAA,QACzB,QAAQ,uBAAuB;AAAA,QAC/B,WAAW;AAAA,QACX,aAAa;AAAA,QACb,gBAAgB;AAAA,QAChB,UAAU;AAAA,QACV,MAAM;AAAA,QACN,aAAa,KAAK,IAAI;AAAA,QACtB,eAAe,iBAAiB;AAAA,MACpC;AAAA,MACA,aAAa,IAAI,2BAA2B;AAAA,IAChD;AAAA,EACJ;AAAA,EACA,8BAA8B;AAC1B,WAAO,IAAI,2BAA2B;AAAA,EAC1C;AAAA,EACA,sBAAsB;AAClB,WAAO;AAAA,EACX;AAAA,EACA,sBAAsB;AAClB;AAAA,EACJ;AAAA,EACA,kBAAkB;AACd;AAAA,EACJ;AAAA,EACA,iBAAiB;AACb,WAAO;AAAA,EACX;AAAA,EACA,sBAAsB;AAClB;AAAA,EACJ;AAAA,EACA,4BAA4B;AACxB,WAAO;AAAA,EACX;AAAA,EACA,yBAAyB;AACrB,WAAO;AAAA,EACX;AAAA,EACA,aAAa;AACT;AAAA,EACJ;AAAA,EACA,YAAY;AACR;AAAA,EACJ;AAAA,EACA,kBAAkB;AACd;AAAA,EACJ;AAAA,EACA,4BAA4B;AACxB;AAAA,EACJ;AACJ;;;ACzEA,IAAM,iBAAiB;AACvB,IAAM,oBAAoB;AAC1B,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AACvB,IAAM,gBAAgB;AACtB,IAAM,oCAAoC;AAC1C,IAAM,qBAAqB;AAC3B,IAAM,+BAA+B;AACrC,IAAM,wBAAwB;AAC9B,IAAM,mBAAmB;AACzB,IAAM,mBAAmB;AACzB,IAAM,gBAAgB;AACtB,IAAM,sBAAsB;AAC5B,IAAM,uBAAuB;AAC7B,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAC1B,IAAM,oBAAoB;AAC1B,IAAM,0BAA0B;AAChC,IAAM,0BAA0B;AAChC,IAAM,iBAAiB;AACvB,IAAM,yBAAyB;AAC/B,IAAM,2BAA2B;AACjC,IAAM,sCAAsC;AAC5C,IAAM,yBAAyB;AAC/B,IAAM,yBAAyB;AAC/B,IAAM,mBAAmB;AACzB,IAAM,wBAAwB;AAC9B,IAAM,kBAAkB;AACxB,IAAMC,yBAAwB;AAC9B,IAAMC,qBAAoB;AAC1B,IAAM,mBAAmB;AACzB,IAAM,wBAAwB;AAC9B,IAAM,oBAAoB;AAC1B,IAAM,oBAAoB;AAC1B,IAAM,mBAAmB;AACzB,IAAM,oCAAoC;AAC1C,IAAM,mCAAmC;AACzC,IAAM,sBAAsB;AAC5B,IAAM,yCAAyC;AAC/C,IAAM,yBAAyB;AAC/B,IAAM,8BAA8B;AACpC,IAAM,iCAAiC;AACvC,IAAM,uCAAuC;AAC7C,IAAM,2BAA2B;AACjC,IAAM,sBAAsB;;;ACvC5B,IAAM,YAAY;AAIlB,IAAM,2BAA2B;AAAA,EAC7B,CAAC,cAAc,GAAG;AAAA,EAClB,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,cAAc,GAAG,qHAAqH,SAAS;AAAA,EAChJ,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,iCAAiC,GAAG,0GAA0G,SAAS;AAAA,EACxJ,CAAC,kBAAkB,GAAG;AAAA,EACtB,CAAC,4BAA4B,GAAG;AAAA,EAChC,CAAC,qBAAqB,GAAG,qIAAqI,SAAS;AAAA,EACvK,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,aAAa,GAAG;AAAA,EACjB,CAAC,mBAAmB,GAAG,sDAAsD,SAAS;AAAA,EACtF,CAAC,oBAAoB,GAAG,uDAAuD,SAAS;AAAA,EACxF,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,iBAAiB,GAAG,2FAA2F,SAAS;AAAA,EACzH,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,uBAAuB,GAAG;AAAA,EAC3B,CAAC,uBAAuB,GAAG;AAAA,EAC3B,CAAC,cAAc,GAAG;AAAA,EAClB,CAAC,sBAAsB,GAAG;AAAA,EAC1B,CAAC,wBAAwB,GAAG;AAAA,EAC5B,CAAC,mCAAmC,GAAG;AAAA,EACvC,CAAC,sBAAsB,GAAG;AAAA,EAC1B,CAAC,sBAAsB,GAAG;AAAA,EAC1B,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,qBAAqB,GAAG;AAAA,EACzB,CAAC,eAAe,GAAG;AAAA,EACnB,CAACC,sBAAqB,GAAG;AAAA,EACzB,CAACC,kBAAiB,GAAG;AAAA,EACrB,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,qBAAqB,GAAG;AAAA,EACzB,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,iBAAiB,GAAG;AAAA,EACrB,CAAC,gBAAgB,GAAG;AAAA,EACpB,CAAC,iCAAiC,GAAG;AAAA,EACrC,CAAC,gCAAgC,GAAG;AAAA,EACpC,CAAC,mBAAmB,GAAG;AAAA,EACvB,CAAC,sCAAsC,GAAG,kDAAkD,SAAS;AAAA,EACrG,CAAC,sBAAsB,GAAG;AAAA,EAC1B,CAAC,2BAA2B,GAAG;AAAA,EAC/B,CAAC,8BAA8B,GAAG,gIAAgI,SAAS;AAAA,EAC3K,CAAC,oCAAoC,GAAG,kGAAkG,SAAS;AAAA,EACnJ,CAAC,wBAAwB,GAAG;AAAA,EAC5B,CAAC,mBAAmB,GAAG;AAC3B;AASA,IAAM,0BAA0B;AAAA,EAC5B,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,yBAAyB,cAAc;AAAA,EACjD;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,yBAAyB,iBAAiB;AAAA,EACpD;AAAA,EACA,uBAAuB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM,yBAAyB,gBAAgB;AAAA,EACnD;AAAA,EACA,gBAAgB;AAAA,IACZ,MAAM;AAAA,IACN,MAAM,yBAAyB,cAAc;AAAA,EACjD;AAAA,EACA,8BAA8B;AAAA,IAC1B,MAAM;AAAA,IACN,MAAM,yBAAyB,aAAa;AAAA,EAChD;AAAA,EACA,wCAAwC;AAAA,IACpC,MAAM;AAAA,IACN,MAAM,yBAAyB,iCAAiC;AAAA,EACpE;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,yBAAyB,kBAAkB;AAAA,EACrD;AAAA,EACA,mCAAmC;AAAA,IAC/B,MAAM;AAAA,IACN,MAAM,yBAAyB,4BAA4B;AAAA,EAC/D;AAAA,EACA,uBAAuB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM,yBAAyB,qBAAqB;AAAA,EACxD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,yBAAyB,gBAAgB;AAAA,EACnD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,yBAAyB,gBAAgB;AAAA,EACnD;AAAA,EACA,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,MAAM,yBAAyB,aAAa;AAAA,EAChD;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,yBAAyB,mBAAmB;AAAA,EACtD;AAAA,EACA,2BAA2B;AAAA,IACvB,MAAM;AAAA,IACN,MAAM,yBAAyB,oBAAoB;AAAA,EACvD;AAAA,EACA,uBAAuB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM,yBAAyB,gBAAgB;AAAA,EACnD;AAAA,EACA,uCAAuC;AAAA,IACnC,MAAM;AAAA,IACN,MAAM,yBAAyB,iBAAiB;AAAA,EACpD;AAAA,EACA,gCAAgC;AAAA,IAC5B,MAAM;AAAA,IACN,MAAM,yBAAyB,iBAAiB;AAAA,EACpD;AAAA,EACA,8BAA8B;AAAA,IAC1B,MAAM;AAAA,IACN,MAAM,yBAAyB,uBAAuB;AAAA,EAC1D;AAAA,EACA,8BAA8B;AAAA,IAC1B,MAAM;AAAA,IACN,MAAM,yBAAyB,uBAAuB;AAAA,EAC1D;AAAA,EACA,gBAAgB;AAAA,IACZ,MAAM;AAAA,IACN,MAAM,yBAAyB,cAAc;AAAA,EACjD;AAAA,EACA,wBAAwB;AAAA,IACpB,MAAM;AAAA,IACN,MAAM,yBAAyB,sBAAsB;AAAA,EACzD;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,yBAAyB,wBAAwB;AAAA,EAC3D;AAAA,EACA,qCAAqC;AAAA,IACjC,MAAM;AAAA,IACN,MAAM,yBAAyB,mCAAmC;AAAA,EACtE;AAAA,EACA,wBAAwB;AAAA,IACpB,MAAM;AAAA,IACN,MAAM,yBAAyB,sBAAsB;AAAA,EACzD;AAAA,EACA,mBAAmB;AAAA,IACf,MAAM;AAAA,IACN,MAAM,yBAAyB,sBAAsB;AAAA,EACzD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,yBAAyB,gBAAgB;AAAA,EACnD;AAAA,EACA,yBAAyB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM,yBAAyB,qBAAqB;AAAA,EACxD;AAAA,EACA,iBAAiB;AAAA,IACb,MAAM;AAAA,IACN,MAAM,yBAAyB,eAAe;AAAA,EAClD;AAAA,EACA,uBAAuB;AAAA,IACnB,MAAMD;AAAA,IACN,MAAM,yBAAyBA,sBAAqB;AAAA,EACxD;AAAA,EACA,mBAAmB;AAAA,IACf,MAAMC;AAAA,IACN,MAAM,yBAAyBA,kBAAiB;AAAA,EACpD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,yBAAyB,gBAAgB;AAAA,EACnD;AAAA,EACA,8BAA8B;AAAA,IAC1B,MAAM;AAAA,IACN,MAAM,yBAAyB,qBAAqB;AAAA,EACxD;AAAA,EACA,wBAAwB;AAAA,IACpB,MAAM;AAAA,IACN,MAAM,yBAAyB,iBAAiB;AAAA,EACpD;AAAA,EACA,6BAA6B;AAAA,IACzB,MAAM;AAAA,IACN,MAAM,yBAAyB,iBAAiB;AAAA,EACpD;AAAA,EACA,kBAAkB;AAAA,IACd,MAAM;AAAA,IACN,MAAM,yBAAyB,gBAAgB;AAAA,EACnD;AAAA,EACA,iCAAiC;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM,yBAAyB,iCAAiC;AAAA,EACpE;AAAA,EACA,gCAAgC;AAAA,IAC5B,MAAM;AAAA,IACN,MAAM,yBAAyB,gCAAgC;AAAA,EACnE;AAAA,EACA,qBAAqB;AAAA,IACjB,MAAM;AAAA,IACN,MAAM,yBAAyB,mBAAmB;AAAA,EACtD;AAAA,EACA,wCAAwC;AAAA,IACpC,MAAM;AAAA,IACN,MAAM,yBAAyB,sCAAsC;AAAA,EACzE;AAAA,EACA,wBAAwB;AAAA,IACpB,MAAM;AAAA,IACN,MAAM,yBAAyB,sBAAsB;AAAA,EACzD;AAAA,EACA,6BAA6B;AAAA,IACzB,MAAM;AAAA,IACN,MAAM,yBAAyB,2BAA2B;AAAA,EAC9D;AAAA,EACA,gCAAgC;AAAA,IAC5B,MAAM;AAAA,IACN,MAAM,yBAAyB,8BAA8B;AAAA,EACjE;AAAA,EACA,sCAAsC;AAAA,IAClC,MAAM;AAAA,IACN,MAAM,yBAAyB,oCAAoC;AAAA,EACvE;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,yBAAyB,wBAAwB;AAAA,EAC3D;AAAA,EACA,0BAA0B;AAAA,IACtB,MAAM;AAAA,IACN,MAAM,yBAAyB,mBAAmB;AAAA,EACtD;AACJ;AAIA,IAAM,mBAAN,MAAM,0BAAyB,UAAU;AAAA,EACrC,YAAY,WAAW;AACnB,UAAM,WAAW,yBAAyB,SAAS,CAAC;AACpD,WAAO,eAAe,MAAM,kBAAiB,SAAS;AACtD,SAAK,OAAO;AAAA,EAChB;AACJ;AACA,SAAS,uBAAuB,WAAW;AACvC,SAAO,IAAI,iBAAiB,SAAS;AACzC;;;AC7PA,IAAM,mBAAmB;AAAA;AAAA;AAAA;AAAA,EAIrB,+BAA+B;AAAA;AAAA;AAAA;AAAA,EAI/B,qBAAqB;AAAA;AAAA;AAAA;AAAA,EAIrB,aAAa;AAAA;AAAA;AAAA;AAAA,EAIb,cAAc;AAAA;AAAA;AAAA;AAAA,EAId,mBAAmB;AAAA;AAAA;AAAA;AAAA,EAInB,0BAA0B;AAAA;AAAA;AAAA;AAAA,EAI1B,UAAU;AACd;AACA,IAAM,kBAAkB;AAAA,EACpB,YAAY;AAAA,EACZ,wBAAwB;AAAA,EACxB,gBAAgB;AACpB;AACA,IAAM,wBAAwB;AAAA,EAC1B,kBAAkB;AAAA,EAClB,mBAAmB;AAAA,EACnB,UAAU;AAAA,EACV,UAAU;AACd;AACA,IAAM,uBAAuB;AAAA,EACzB,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AACnB;AAIA,IAAM,oBAAoB;AAAA,EACtB,KAAK;AAAA,EACL,MAAM;AACV;AAIA,IAAM,qBAAqB;AAAA,EACvB,WAAW;AAAA,EACX,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,YAAY;AAAA,EACZ,cAAc;AAAA,EACd,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,wBAAwB;AAAA,EACxB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,kBAAkB;AACtB;AACA,IAAM,kBAAkB;AAAA,EACpB,cAAc;AAAA,EACd,YAAY;AAChB;AAIA,IAAM,oBAAoB;AAAA,EACtB,aAAa;AAAA,EACb,aAAa;AACjB;AAOA,IAAM,QAAQ;AAAA,EACV,sBAAsB;AAAA,EACtB,mBAAmB;AAAA,EACnB,WAAW;AAAA,EACX,6BAA6B;AAAA,EAC7B,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,+BAA+B;AAAA,EAC/B,QAAQ;AAAA,EACR,aAAa;AACjB;AAIA,IAAI;AAAA,CACH,SAAUC,kBAAiB;AACxB,EAAAA,iBAAgB,UAAU,IAAI;AAC9B,EAAAA,iBAAgB,OAAO,IAAI;AAC3B,EAAAA,iBAAgB,QAAQ,IAAI;AAC5B,EAAAA,iBAAgB,MAAM,IAAI;AAC9B,GAAG,oBAAoB,kBAAkB,CAAC,EAAE;AAK5C,IAAM,oBAAoB;AAAA;AAAA;AAAA;AAAA,EAItB,SAAS;AAAA;AAAA;AAAA;AAAA,EAIT,OAAO;AAAA;AAAA;AAAA;AAAA,EAIP,QAAQ;AAAA;AAAA;AAAA;AAAA,EAIR,cAAc;AAAA;AAAA;AAAA;AAAA,EAId,WAAW;AAAA;AAAA;AAAA;AAAA,EAIX,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIhB,MAAM;AACV;AACA,IAAM,kBAAkB;AAAA,EACpB,QAAQ;AACZ;AAIA,IAAM,iBAAiB;AAEvB,IAAM,aAAa;AAAA,EACf,OAAO;AAAA,EACP,SAAS;AACb;AAEA,IAAM,UAAU;AAChB,IAAM,aAAa;AACnB,IAAM,gBAAgB,GAAG,OAAO;AAChC,IAAM,oBAAoB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMtB,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAKT,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMb,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAM5B,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKxB,MAAM;AACV;AACA,IAAM,wBAAwB;AAAA,EAC1B,kBAAkB;AAAA,EAClB,kBAAkB;AAAA,EAClB,kBAAkB;AACtB;AACA,IAAM,sBAAsB;AAC5B,IAAM,oBAAoB;;;ACnM1B,IAAM,uBAAuB;AAE7B,IAAM,gBAAgB;AAEtB,IAAM,iBAAiB;AAEvB,IAAM,kBAAkB,IAAI,WAAW,CAAC,GAAM,GAAM,CAAI,CAAC;AAEzD,IAAM,aAAa;AAEnB,IAAM,aAAa,IAAI,YAAY,CAAC;AACpC,IAAM,yBAAyB;AAAA,EAC3B,MAAM;AAAA,EACN,MAAM;AAAA,EACN,eAAe;AAAA,EACf,gBAAgB;AACpB;AAIA,SAAS,wBAAwB,QAAQ;AACrC,MAAI,YAAY,QAAQ;AACpB,WAAO,QAAQ,kDAAkD;AAAA,EACrE,OACK;AACD,WAAO,MAAM,gDAAgD;AAC7D,UAAM,uBAAuB,iBAAiB;AAAA,EAClD;AACJ;AAOA,SAAe,aAAa,YAAY,mBAAmB,eAAe;AAAA;AACtE,uBAAmB,oBAAoB,kBAAkB,cAAc,aAAa;AACpF,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,OAAO,QAAQ,OAAO,UAAU;AACtC,WAAO,OAAO,OAAO,OAAO,OAAO,eAAe,IAAI;AAAA,EAC1D;AAAA;AAKA,SAAS,gBAAgB,YAAY;AACjC,SAAO,OAAO,OAAO,gBAAgB,UAAU;AACnD;AAKA,SAAS,kBAAkB;AACvB,SAAO,OAAO,gBAAgB,UAAU;AACxC,SAAO,WAAW,CAAC;AACvB;AAMA,SAAS,gBAAgB;AACrB,QAAM,mBAAmB,KAAK,IAAI;AAClC,QAAM,WAAW,gBAAgB,IAAI,QAAS,gBAAgB,IAAI;AAElE,QAAM,QAAQ,IAAI,WAAW,EAAE;AAE/B,QAAM,QAAQ,KAAK,MAAM,WAAW,KAAK,EAAE;AAE3C,QAAM,UAAU,WAAY,KAAK,KAAK;AAEtC,QAAM,UAAU,gBAAgB;AAChC,QAAM,CAAC,IAAI,mBAAmB,KAAK;AACnC,QAAM,CAAC,IAAI,mBAAmB,KAAK;AACnC,QAAM,CAAC,IAAI,mBAAmB,KAAK;AACnC,QAAM,CAAC,IAAI,mBAAmB,KAAK;AACnC,QAAM,CAAC,IAAI,mBAAmB,KAAK;AACnC,QAAM,CAAC,IAAI;AACX,QAAM,CAAC,IAAI,MAAQ,UAAU;AAC7B,QAAM,CAAC,IAAI;AACX,QAAM,CAAC,IAAI,MAAQ,YAAY;AAC/B,QAAM,CAAC,IAAI,YAAY;AACvB,QAAM,EAAE,IAAI,YAAY;AACxB,QAAM,EAAE,IAAI;AACZ,QAAM,EAAE,IAAI,YAAY;AACxB,QAAM,EAAE,IAAI,YAAY;AACxB,QAAM,EAAE,IAAI,YAAY;AACxB,QAAM,EAAE,IAAI;AACZ,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,YAAQ,WAAW,OAAO,MAAM,CAAC,MAAM,CAAC;AACxC,YAAQ,WAAW,OAAO,MAAM,CAAC,IAAI,EAAG;AACxC,QAAI,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,GAAG;AAC1C,cAAQ;AAAA,IACZ;AAAA,EACJ;AACA,SAAO;AACX;AAMA,SAAe,gBAAgB,aAAa,QAAQ;AAAA;AAChD,WAAO,OAAO,OAAO,OAAO,YAAY,wBAAwB,aAAa,MAAM;AAAA,EACvF;AAAA;AAKA,SAAe,UAAU,KAAK;AAAA;AAC1B,WAAO,OAAO,OAAO,OAAO,UAAU,gBAAgB,GAAG;AAAA,EAC7D;AAAA;AAOA,SAAe,UAAU,KAAK,aAAa,QAAQ;AAAA;AAC/C,WAAO,OAAO,OAAO,OAAO,UAAU,gBAAgB,KAAK,wBAAwB,aAAa,MAAM;AAAA,EAC1G;AAAA;AAMA,SAAe,KAAK,KAAK,MAAM;AAAA;AAC3B,WAAO,OAAO,OAAO,OAAO,KAAK,wBAAwB,KAAK,IAAI;AAAA,EACtE;AAAA;;;ACtIA,SAAS,UAAU,OAAO;AACtB,SAAO,mBAAmB,aAAa,KAAK,EACvC,QAAQ,MAAM,EAAE,EAChB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,CAAC;AAC5B;AAKA,SAAS,aAAa,UAAU;AAC5B,SAAO,aAAa,QAAQ,EACvB,QAAQ,MAAM,EAAE,EAChB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG;AAC3B;AAKA,SAAS,aAAa,OAAO;AACzB,SAAO,aAAa,IAAI,YAAY,EAAE,OAAO,KAAK,CAAC;AACvD;AAKA,SAAS,aAAa,QAAQ;AAC1B,QAAM,YAAY,MAAM,KAAK,QAAQ,CAAC,MAAM,OAAO,cAAc,CAAC,CAAC,EAAE,KAAK,EAAE;AAC5E,SAAO,KAAK,SAAS;AACzB;;;AC3BA,SAAS,aAAa,OAAO;AACzB,SAAO,IAAI,YAAY,EAAE,OAAO,eAAe,KAAK,CAAC;AACzD;AAKA,SAAS,eAAe,cAAc;AAClC,MAAI,gBAAgB,aAAa,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACrE,UAAQ,cAAc,SAAS,GAAG;AAAA,IAC9B,KAAK;AACD;AAAA,IACJ,KAAK;AACD,uBAAiB;AACjB;AAAA,IACJ,KAAK;AACD,uBAAiB;AACjB;AAAA,IACJ;AACI,YAAM,uBAAuB,mBAAmB;AAAA,EACxD;AACA,QAAM,YAAY,KAAK,aAAa;AACpC,SAAO,WAAW,KAAK,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC;AAClE;;;AC3BA,IAAM,kBAAN,MAAsB;AAAA,EAClB,cAAc;AACV,SAAK,SAAS;AACd,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAIM,OAAO;AAAA;AACT,aAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACpC,cAAM,SAAS,OAAO,UAAU,KAAK,KAAK,QAAQ,KAAK,OAAO;AAC9D,eAAO,iBAAiB,iBAAiB,CAAC,MAAM;AAC5C,gBAAM,QAAQ;AACd,gBAAM,OAAO,OAAO,kBAAkB,KAAK,SAAS;AAAA,QACxD,CAAC;AACD,eAAO,iBAAiB,WAAW,CAAC,MAAM;AACtC,gBAAM,QAAQ;AACd,eAAK,KAAK,MAAM,OAAO;AACvB,eAAK,SAAS;AACd,kBAAQ;AAAA,QACZ,CAAC;AACD,eAAO,iBAAiB,SAAS,MAAM,OAAO,uBAAuB,mBAAmB,CAAC,CAAC;AAAA,MAC9F,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB;AACd,UAAM,KAAK,KAAK;AAChB,QAAI,MAAM,KAAK,QAAQ;AACnB,SAAG,MAAM;AACT,WAAK,SAAS;AAAA,IAClB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIM,mBAAmB;AAAA;AACrB,UAAI,CAAC,KAAK,QAAQ;AACd,eAAO,KAAK,KAAK;AAAA,MACrB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,QAAQ,KAAK;AAAA;AACf,YAAM,KAAK,iBAAiB;AAC5B,aAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AAEpC,YAAI,CAAC,KAAK,IAAI;AACV,iBAAO,OAAO,uBAAuB,eAAe,CAAC;AAAA,QACzD;AACA,cAAM,cAAc,KAAK,GAAG,YAAY,CAAC,KAAK,SAAS,GAAG,UAAU;AACpE,cAAM,cAAc,YAAY,YAAY,KAAK,SAAS;AAC1D,cAAM,QAAQ,YAAY,IAAI,GAAG;AACjC,cAAM,iBAAiB,WAAW,CAAC,MAAM;AACrC,gBAAM,QAAQ;AACd,eAAK,gBAAgB;AACrB,kBAAQ,MAAM,OAAO,MAAM;AAAA,QAC/B,CAAC;AACD,cAAM,iBAAiB,SAAS,CAAC,MAAM;AACnC,eAAK,gBAAgB;AACrB,iBAAO,CAAC;AAAA,QACZ,CAAC;AAAA,MACL,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,QAAQ,KAAK,SAAS;AAAA;AACxB,YAAM,KAAK,iBAAiB;AAC5B,aAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AAEpC,YAAI,CAAC,KAAK,IAAI;AACV,iBAAO,OAAO,uBAAuB,eAAe,CAAC;AAAA,QACzD;AACA,cAAM,cAAc,KAAK,GAAG,YAAY,CAAC,KAAK,SAAS,GAAG,WAAW;AACrE,cAAM,cAAc,YAAY,YAAY,KAAK,SAAS;AAC1D,cAAM,QAAQ,YAAY,IAAI,SAAS,GAAG;AAC1C,cAAM,iBAAiB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,kBAAQ;AAAA,QACZ,CAAC;AACD,cAAM,iBAAiB,SAAS,CAAC,MAAM;AACnC,eAAK,gBAAgB;AACrB,iBAAO,CAAC;AAAA,QACZ,CAAC;AAAA,MACL,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,WAAW,KAAK;AAAA;AAClB,YAAM,KAAK,iBAAiB;AAC5B,aAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACpC,YAAI,CAAC,KAAK,IAAI;AACV,iBAAO,OAAO,uBAAuB,eAAe,CAAC;AAAA,QACzD;AACA,cAAM,cAAc,KAAK,GAAG,YAAY,CAAC,KAAK,SAAS,GAAG,WAAW;AACrE,cAAM,cAAc,YAAY,YAAY,KAAK,SAAS;AAC1D,cAAM,WAAW,YAAY,OAAO,GAAG;AACvC,iBAAS,iBAAiB,WAAW,MAAM;AACvC,eAAK,gBAAgB;AACrB,kBAAQ;AAAA,QACZ,CAAC;AACD,iBAAS,iBAAiB,SAAS,CAAC,MAAM;AACtC,eAAK,gBAAgB;AACrB,iBAAO,CAAC;AAAA,QACZ,CAAC;AAAA,MACL,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAIM,UAAU;AAAA;AACZ,YAAM,KAAK,iBAAiB;AAC5B,aAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACpC,YAAI,CAAC,KAAK,IAAI;AACV,iBAAO,OAAO,uBAAuB,eAAe,CAAC;AAAA,QACzD;AACA,cAAM,cAAc,KAAK,GAAG,YAAY,CAAC,KAAK,SAAS,GAAG,UAAU;AACpE,cAAM,cAAc,YAAY,YAAY,KAAK,SAAS;AAC1D,cAAM,YAAY,YAAY,WAAW;AACzC,kBAAU,iBAAiB,WAAW,CAAC,MAAM;AACzC,gBAAM,QAAQ;AACd,eAAK,gBAAgB;AACrB,kBAAQ,MAAM,OAAO,MAAM;AAAA,QAC/B,CAAC;AACD,kBAAU,iBAAiB,SAAS,CAAC,MAAM;AACvC,eAAK,gBAAgB;AACrB,iBAAO,CAAC;AAAA,QACZ,CAAC;AAAA,MACL,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,YAAY,KAAK;AAAA;AACnB,YAAM,KAAK,iBAAiB;AAC5B,aAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACpC,YAAI,CAAC,KAAK,IAAI;AACV,iBAAO,OAAO,uBAAuB,eAAe,CAAC;AAAA,QACzD;AACA,cAAM,cAAc,KAAK,GAAG,YAAY,CAAC,KAAK,SAAS,GAAG,UAAU;AACpE,cAAM,cAAc,YAAY,YAAY,KAAK,SAAS;AAC1D,cAAM,gBAAgB,YAAY,MAAM,GAAG;AAC3C,sBAAc,iBAAiB,WAAW,CAAC,MAAM;AAC7C,gBAAM,QAAQ;AACd,eAAK,gBAAgB;AACrB,kBAAQ,MAAM,OAAO,WAAW,CAAC;AAAA,QACrC,CAAC;AACD,sBAAc,iBAAiB,SAAS,CAAC,MAAM;AAC3C,eAAK,gBAAgB;AACrB,iBAAO,CAAC;AAAA,QACZ,CAAC;AAAA,MACL,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,iBAAiB;AAAA;AAEnB,UAAI,KAAK,MAAM,KAAK,QAAQ;AACxB,aAAK,gBAAgB;AAAA,MACzB;AACA,aAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACpC,cAAM,kBAAkB,OAAO,UAAU,eAAe,OAAO;AAC/D,wBAAgB,iBAAiB,WAAW,MAAM,QAAQ,IAAI,CAAC;AAC/D,wBAAgB,iBAAiB,WAAW,MAAM,QAAQ,IAAI,CAAC;AAC/D,wBAAgB,iBAAiB,SAAS,MAAM,OAAO,KAAK,CAAC;AAAA,MACjE,CAAC;AAAA,IACL;AAAA;AACJ;;;AC7LA,IAAM,gBAAN,MAAoB;AAAA,EAChB,cAAc;AACV,SAAK,QAAQ,oBAAI,IAAI;AAAA,EACzB;AAAA,EACA,QAAQ,KAAK;AACT,WAAO,KAAK,MAAM,IAAI,GAAG,KAAK;AAAA,EAClC;AAAA,EACA,QAAQ,KAAK,OAAO;AAChB,SAAK,MAAM,IAAI,KAAK,KAAK;AAAA,EAC7B;AAAA,EACA,WAAW,KAAK;AACZ,SAAK,MAAM,OAAO,GAAG;AAAA,EACzB;AAAA,EACA,UAAU;AACN,UAAM,YAAY,CAAC;AACnB,SAAK,MAAM,QAAQ,CAAC,OAAO,QAAQ;AAC/B,gBAAU,KAAK,GAAG;AAAA,IACtB,CAAC;AACD,WAAO;AAAA,EACX;AAAA,EACA,YAAY,KAAK;AACb,WAAO,KAAK,MAAM,IAAI,GAAG;AAAA,EAC7B;AAAA,EACA,QAAQ;AACJ,SAAK,MAAM,MAAM;AAAA,EACrB;AACJ;;;ACjBA,IAAM,qBAAN,MAAyB;AAAA,EACrB,YAAY,QAAQ,WAAW;AAC3B,SAAK,gBAAgB,IAAI,cAAc;AACvC,SAAK,iBAAiB,IAAI,gBAAgB;AAC1C,SAAK,SAAS;AACd,SAAK,YAAY;AAAA,EACrB;AAAA,EACA,0BAA0B,OAAO;AAC7B,QAAI,iBAAiB,oBACjB,MAAM,cAAc,qBAAqB;AACzC,WAAK,OAAO,MAAM,6IAA6I;AAAA,IACnK,OACK;AACD,YAAM;AAAA,IACV;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,QAAQ,KAAK;AAAA;AACf,YAAM,OAAO,KAAK,cAAc,QAAQ,GAAG;AAC3C,UAAI,CAAC,MAAM;AACP,YAAI;AACA,eAAK,OAAO,QAAQ,6EAA6E;AACjG,iBAAO,MAAM,KAAK,eAAe,QAAQ,GAAG;AAAA,QAChD,SACO,GAAG;AACN,eAAK,0BAA0B,CAAC;AAAA,QACpC;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOM,QAAQ,KAAK,OAAO;AAAA;AACtB,WAAK,cAAc,QAAQ,KAAK,KAAK;AACrC,UAAI;AACA,cAAM,KAAK,eAAe,QAAQ,KAAK,KAAK;AAAA,MAChD,SACO,GAAG;AACN,aAAK,0BAA0B,CAAC;AAAA,MACpC;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,WAAW,KAAK;AAAA;AAClB,WAAK,cAAc,WAAW,GAAG;AACjC,UAAI;AACA,cAAM,KAAK,eAAe,WAAW,GAAG;AAAA,MAC5C,SACO,GAAG;AACN,aAAK,0BAA0B,CAAC;AAAA,MACpC;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,UAAU;AAAA;AACZ,YAAM,YAAY,KAAK,cAAc,QAAQ;AAC7C,UAAI,UAAU,WAAW,GAAG;AACxB,YAAI;AACA,eAAK,OAAO,QAAQ,4DAA4D;AAChF,iBAAO,MAAM,KAAK,eAAe,QAAQ;AAAA,QAC7C,SACO,GAAG;AACN,eAAK,0BAA0B,CAAC;AAAA,QACpC;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,YAAY,KAAK;AAAA;AACnB,YAAM,cAAc,KAAK,cAAc,YAAY,GAAG;AACtD,UAAI,CAAC,aAAa;AACd,YAAI;AACA,eAAK,OAAO,QAAQ,oEAAoE;AACxF,iBAAO,MAAM,KAAK,eAAe,YAAY,GAAG;AAAA,QACpD,SACO,GAAG;AACN,eAAK,0BAA0B,CAAC;AAAA,QACpC;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAIA,gBAAgB;AAEZ,SAAK,OAAO,QAAQ,+BAA+B,KAAK,SAAS,EAAE;AACnE,SAAK,cAAc,MAAM;AACzB,SAAK,OAAO,QAAQ,sBAAsB,KAAK,SAAS,UAAU;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,kBAAkB;AAAA;AACpB,UAAI;AACA,aAAK,OAAO,QAAQ,8BAA8B;AAClD,cAAM,YAAY,MAAM,KAAK,eAAe,eAAe;AAC3D,YAAI,WAAW;AACX,eAAK,OAAO,QAAQ,6BAA6B;AAAA,QACrD;AACA,eAAO;AAAA,MACX,SACO,GAAG;AACN,aAAK,0BAA0B,CAAC;AAChC,eAAO;AAAA,MACX;AAAA,IACJ;AAAA;AACJ;;;AClIA,IAAM,sBAAsB;AAAA,EACxB,gBAAgB;AAAA,EAChB,eAAe;AACnB;AAIA,IAAM,iBAAN,MAAqB;AAAA,EACjB,YAAY,QAAQ;AAChB,SAAK,SAAS;AACd,SAAK,iBAAiB,IAAI,mBAAmB,KAAK,QAAQ,oBAAoB,cAAc;AAC5F,SAAK,gBAAgB,IAAI,mBAAmB,KAAK,QAAQ,oBAAoB,aAAa;AAAA,EAC9F;AAAA,EACM,QAAQ;AAAA;AAEV,WAAK,eAAe,cAAc;AAClC,WAAK,cAAc,cAAc;AAKjC,UAAI;AACA,cAAM,KAAK,eAAe,gBAAgB;AAC1C,eAAO;AAAA,MACX,SACO,GAAG;AACN,YAAI,aAAa,OAAO;AACpB,eAAK,OAAO,MAAM,wCAAwC,EAAE,OAAO,EAAE;AAAA,QACzE,OACK;AACD,eAAK,OAAO,MAAM,6CAA6C;AAAA,QACnE;AACA,eAAO;AAAA,MACX;AAAA,IACJ;AAAA;AACJ;;;ACzBA,IAAM,YAAN,MAAM,WAAU;AAAA,EACZ,YAAY,QAAQ,mBAAmB;AACnC,SAAK,SAAS;AAEd,4BAAwB,MAAM;AAC9B,SAAK,QAAQ,IAAI,eAAe,KAAK,MAAM;AAC3C,SAAK,oBAAoB;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB;AACZ,WAAO,cAAc;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,OAAO;AAChB,WAAO,aAAa,KAAK;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,OAAO;AAChB,WAAO,aAAa,KAAK;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,uBAAuB,SAAS;AAAA;AAClC,YAAM,4BAA4B,KAAK,mBAAmB,iBAAiB,kBAAkB,kCAAkC,QAAQ,aAAa;AAEpJ,YAAM,UAAU,MAAM,gBAAgB,WAAU,aAAa,WAAU,cAAc;AAErF,YAAM,eAAe,MAAM,UAAU,QAAQ,SAAS;AACtD,YAAM,qBAAqB;AAAA,QACvB,GAAG,aAAa;AAAA,QAChB,KAAK,aAAa;AAAA,QAClB,GAAG,aAAa;AAAA,MACpB;AACA,YAAM,kBAAkB,sBAAsB,kBAAkB;AAChE,YAAM,gBAAgB,MAAM,KAAK,WAAW,eAAe;AAE3D,YAAM,gBAAgB,MAAM,UAAU,QAAQ,UAAU;AAExD,YAAM,0BAA0B,MAAM,UAAU,eAAe,OAAO,CAAC,MAAM,CAAC;AAE9E,YAAM,KAAK,MAAM,eAAe,QAAQ,eAAe;AAAA,QACnD,YAAY;AAAA,QACZ,WAAW,QAAQ;AAAA,QACnB,eAAe,QAAQ;AAAA,QACvB,YAAY,QAAQ;AAAA,MACxB,CAAC;AACD,UAAI,2BAA2B;AAC3B,kCAA0B,IAAI;AAAA,UAC1B,SAAS;AAAA,QACb,CAAC;AAAA,MACL;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,sBAAsB,KAAK;AAAA;AAC7B,YAAM,KAAK,MAAM,eAAe,WAAW,GAAG;AAC9C,YAAM,WAAW,MAAM,KAAK,MAAM,eAAe,YAAY,GAAG;AAChE,aAAO,CAAC;AAAA,IACZ;AAAA;AAAA;AAAA;AAAA;AAAA,EAIM,gBAAgB;AAAA;AAClB,aAAO,KAAK,MAAM,MAAM;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMM,QAAQ,SAAS,KAAK,YAAY,eAAe;AAAA;AACnD,YAAM,qBAAqB,KAAK,mBAAmB,iBAAiB,kBAAkB,mBAAmB,aAAa;AACtH,YAAM,gBAAgB,MAAM,KAAK,MAAM,eAAe,QAAQ,GAAG;AACjE,UAAI,CAAC,eAAe;AAChB,cAAM,uBAAuB,iBAAiB;AAAA,MAClD;AAEA,YAAM,eAAe,MAAM,UAAU,cAAc,SAAS;AAC5D,YAAM,qBAAqB,sBAAsB,YAAY;AAE7D,YAAM,yBAAyB,UAAU,KAAK,UAAU,EAAE,IAAS,CAAC,CAAC;AAErE,YAAM,YAAY,WAAW,mBAAmB,iCACzC,YAAY,SAD6B;AAAA,QAE5C,KAAK,aAAa;AAAA,QAClB,KAAK;AAAA,MACT,EAAC;AACD,YAAM,mBAAmB,UAAU,SAAS;AAE5C,cAAQ,MAAM;AAAA,QACV,KAAK,KAAK,MAAM,kBAAkB;AAAA,MACtC;AACA,YAAM,iBAAiB,UAAU,KAAK,UAAU,OAAO,CAAC;AAExD,YAAM,cAAc,GAAG,gBAAgB,IAAI,cAAc;AAEzD,YAAM,UAAU,IAAI,YAAY;AAChC,YAAM,cAAc,QAAQ,OAAO,WAAW;AAC9C,YAAM,kBAAkB,MAAM,KAAK,cAAc,YAAY,WAAW;AACxE,YAAM,mBAAmB,aAAa,IAAI,WAAW,eAAe,CAAC;AACrE,YAAM,YAAY,GAAG,WAAW,IAAI,gBAAgB;AACpD,UAAI,oBAAoB;AACpB,2BAAmB,IAAI;AAAA,UACnB,SAAS;AAAA,QACb,CAAC;AAAA,MACL;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKM,WAAW,WAAW;AAAA;AACxB,YAAM,aAAa,MAAM,aAAa,SAAS;AAC/C,YAAM,YAAY,IAAI,WAAW,UAAU;AAC3C,aAAO,aAAa,SAAS;AAAA,IACjC;AAAA;AACJ;AACA,UAAU,iBAAiB,CAAC,QAAQ,QAAQ;AAC5C,UAAU,cAAc;AACxB,SAAS,sBAAsB,KAAK;AAChC,SAAO,KAAK,UAAU,KAAK,OAAO,KAAK,GAAG,EAAE,KAAK,CAAC;AACtD;;;ACpJA,IAAM,YAAY;AAAA,EACd,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,eAAe;AAAA,EACf,eAAe;AAAA,EACf,qBAAqB;AAAA,EACrB,uBAAuB;AAAA,EACvB,uBAAuB;AAAA,EACvB,6BAA6B;AAAA,EAC7B,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,oBAAoB;AAAA,EACpB,6BAA6B;AAAA,EAC7B,+BAA+B;AAAA,EAC/B,+BAA+B;AAAA,EAC/B,uBAAuB;AAAA,EACvB,qBAAqB;AAAA,EACrB,cAAc;AAAA,EACd,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,YAAY;AAAA,EACZ,sBAAsB;AAC1B;;;ACvBA,IAAM,eAAN,MAAmB;AAAA,EACf,YAAY,QAAQ,eAAe;AAC/B,SAAK,iBAAiB,oBAAI,IAAI;AAC9B,SAAK,SAAS;AACd,SAAK,gBAAgB;AACrB,SAAK,2BAA2B;AAChC,SAAK,2BACD,KAAK,yBAAyB,KAAK,IAAI;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,iBAAiB,UAAU;AACvB,QAAI,OAAO,WAAW,aAAa;AAC/B,YAAM,aAAa,cAAc;AACjC,WAAK,eAAe,IAAI,YAAY,QAAQ;AAC5C,WAAK,OAAO,QAAQ,sCAAsC,UAAU,EAAE;AACtE,aAAO;AAAA,IACX;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,YAAY;AAC5B,SAAK,eAAe,OAAO,UAAU;AACrC,SAAK,OAAO,QAAQ,kBAAkB,UAAU,WAAW;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA,EAIA,6BAA6B;AACzB,QAAI,OAAO,WAAW,aAAa;AAC/B;AAAA,IACJ;AACA,QAAI,CAAC,KAAK,0BAA0B;AAChC,WAAK,OAAO,QAAQ,kCAAkC;AACtD,WAAK,2BAA2B;AAChC,aAAO,iBAAiB,WAAW,KAAK,wBAAwB;AAAA,IACpE,OACK;AACD,WAAK,OAAO,QAAQ,8CAA8C;AAAA,IACtE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,8BAA8B;AAC1B,QAAI,OAAO,WAAW,aAAa;AAC/B;AAAA,IACJ;AACA,QAAI,KAAK,0BAA0B;AAC/B,WAAK,OAAO,QAAQ,oCAAoC;AACxD,aAAO,oBAAoB,WAAW,KAAK,wBAAwB;AACnE,WAAK,2BAA2B;AAAA,IACpC,OACK;AACD,WAAK,OAAO,QAAQ,yCAAyC;AAAA,IACjE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,UAAU,WAAW,iBAAiB,SAAS,OAAO;AAClD,QAAI,OAAO,WAAW,aAAa;AAC/B,YAAM,UAAU;AAAA,QACZ;AAAA,QACA,iBAAiB,mBAAmB;AAAA,QACpC,SAAS,WAAW;AAAA,QACpB,OAAO,SAAS;AAAA,QAChB,WAAW,KAAK,IAAI;AAAA,MACxB;AACA,WAAK,OAAO,KAAK,mBAAmB,SAAS,EAAE;AAC/C,WAAK,eAAe,QAAQ,CAAC,UAAU,eAAe;AAClD,aAAK,OAAO,QAAQ,8BAA8B,UAAU,KAAK,SAAS,EAAE;AAC5E,iBAAS,MAAM,MAAM,CAAC,OAAO,CAAC;AAAA,MAClC,CAAC;AAAA,IACL;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAIA,yBAAyB,GAAG;AACxB,QAAI;AAEA,UAAI,EAAE,KAAK,SAAS,oBAAoB,sBAAsB,GAAG;AAE7D,aAAK,UAAU,UAAU,sBAAsB;AAAA,MACnD;AAEA,YAAM,aAAa,EAAE,YAAY,EAAE;AACnC,UAAI,CAAC,YAAY;AACb;AAAA,MACJ;AACA,YAAM,cAAc,KAAK,MAAM,UAAU;AACzC,UAAI,OAAO,gBAAgB,YACvB,CAAC,cAAc,gBAAgB,WAAW,GAAG;AAC7C;AAAA,MACJ;AACA,YAAM,gBAAgB,aAAa,SAAS,IAAI,cAAc,GAAG,WAAW;AAC5E,YAAM,cAAc,cAAc,eAAe;AACjD,UAAI,CAAC,EAAE,YAAY,EAAE,UAAU;AAC3B,aAAK,OAAO,KAAK,kDAAkD;AACnE,aAAK,UAAU,UAAU,eAAe,QAAW,WAAW;AAAA,MAClE,WACS,CAAC,EAAE,YAAY,EAAE,UAAU;AAChC,aAAK,OAAO,KAAK,sDAAsD;AACvE,aAAK,UAAU,UAAU,iBAAiB,QAAW,WAAW;AAAA,MACpE;AAAA,IACJ,SACOC,IAAG;AACN;AAAA,IACJ;AAAA,EACJ;AACJ;","names":["base64Decode","name","base64Decode","e","version","base64Decode","base64Decode","LogLevel","name","CLIENT_INFO","base64Decode","noNetworkConnectivity","postRequestFailed","noNetworkConnectivity","postRequestFailed","InteractionType","e"],"x_google_ignoreList":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71]}