0x1998 - MANAGER

Düzenlenen Dosya: firebase_auth.js.map

{ "version": 3, "sources": ["../../@firebase/auth/src/model/enum_maps.ts", "../../@firebase/auth/src/core/errors.ts", "../../@firebase/auth/src/core/util/log.ts", "../../@firebase/auth/src/core/util/assert.ts", "../../@firebase/auth/src/core/util/location.ts", "../../@firebase/auth/src/core/util/navigator.ts", "../../@firebase/auth/src/core/util/delay.ts", "../../@firebase/auth/src/core/util/emulator.ts", "../../@firebase/auth/src/core/util/fetch_provider.ts", "../../@firebase/auth/src/api/errors.ts", "../../@firebase/auth/src/api/index.ts", "../../@firebase/auth/src/platform_browser/recaptcha/recaptcha.ts", "../../@firebase/auth/src/api/authentication/recaptcha.ts", "../../@firebase/auth/src/api/account_management/account.ts", "../../@firebase/auth/src/core/util/time.ts", "../../@firebase/auth/src/core/user/id_token_result.ts", "../../@firebase/auth/src/core/user/invalidation.ts", "../../@firebase/auth/src/core/user/proactive_refresh.ts", "../../@firebase/auth/src/core/user/user_metadata.ts", "../../@firebase/auth/src/core/user/reload.ts", "../../@firebase/auth/src/api/authentication/token.ts", "../../@firebase/auth/src/core/user/token_manager.ts", "../../@firebase/auth/src/core/user/user_impl.ts", "../../@firebase/auth/src/core/util/instantiator.ts", "../../@firebase/auth/src/core/persistence/in_memory.ts", "../../@firebase/auth/src/core/persistence/persistence_user_manager.ts", "../../@firebase/auth/src/core/util/browser.ts", "../../@firebase/auth/src/core/util/version.ts", "../../@firebase/auth/src/core/auth/middleware.ts", "../../@firebase/auth/src/api/password_policy/get_password_policy.ts", "../../@firebase/auth/src/core/auth/password_policy_impl.ts", "../../@firebase/auth/src/core/auth/auth_impl.ts", "../../@firebase/auth/src/platform_browser/load_js.ts", "../../@firebase/auth/src/platform_browser/recaptcha/recaptcha_mock.ts", "../../@firebase/auth/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.ts", "../../@firebase/auth/src/core/auth/initialize.ts", "../../@firebase/auth/src/core/auth/emulator.ts", "../../@firebase/auth/src/core/credentials/auth_credential.ts", "../../@firebase/auth/src/api/account_management/email_and_password.ts", "../../@firebase/auth/src/api/authentication/email_and_password.ts", "../../@firebase/auth/src/api/authentication/email_link.ts", "../../@firebase/auth/src/core/credentials/email.ts", "../../@firebase/auth/src/api/authentication/idp.ts", "../../@firebase/auth/src/core/credentials/oauth.ts", "../../@firebase/auth/src/api/authentication/sms.ts", "../../@firebase/auth/src/core/credentials/phone.ts", "../../@firebase/auth/src/core/action_code_url.ts", "../../@firebase/auth/src/core/providers/email.ts", "../../@firebase/auth/src/core/providers/federated.ts", "../../@firebase/auth/src/core/providers/oauth.ts", "../../@firebase/auth/src/core/providers/facebook.ts", "../../@firebase/auth/src/core/providers/google.ts", "../../@firebase/auth/src/core/providers/github.ts", "../../@firebase/auth/src/core/credentials/saml.ts", "../../@firebase/auth/src/core/providers/saml.ts", "../../@firebase/auth/src/core/providers/twitter.ts", "../../@firebase/auth/src/api/authentication/sign_up.ts", "../../@firebase/auth/src/core/user/user_credential_impl.ts", "../../@firebase/auth/src/core/strategies/anonymous.ts", "../../@firebase/auth/src/mfa/mfa_error.ts", "../../@firebase/auth/src/core/util/providers.ts", "../../@firebase/auth/src/core/user/link_unlink.ts", "../../@firebase/auth/src/core/user/reauthenticate.ts", "../../@firebase/auth/src/core/strategies/credential.ts", "../../@firebase/auth/src/api/authentication/custom_token.ts", "../../@firebase/auth/src/core/strategies/custom_token.ts", "../../@firebase/auth/src/mfa/mfa_info.ts", "../../@firebase/auth/src/core/strategies/action_code_settings.ts", "../../@firebase/auth/src/core/strategies/email_and_password.ts", "../../@firebase/auth/src/core/strategies/email_link.ts", "../../@firebase/auth/src/api/authentication/create_auth_uri.ts", "../../@firebase/auth/src/core/strategies/email.ts", "../../@firebase/auth/src/api/account_management/profile.ts", "../../@firebase/auth/src/core/user/account_info.ts", "../../@firebase/auth/src/core/user/additional_user_info.ts", "../../@firebase/auth/src/core/index.ts", "../../@firebase/auth/src/mfa/mfa_session.ts", "../../@firebase/auth/src/mfa/mfa_resolver.ts", "../../@firebase/auth/src/api/account_management/mfa.ts", "../../@firebase/auth/src/mfa/mfa_user.ts", "../../@firebase/auth/src/core/persistence/index.ts", "../../@firebase/auth/src/platform_browser/persistence/browser.ts", "../../@firebase/auth/src/platform_browser/persistence/local_storage.ts", "../../@firebase/auth/src/platform_browser/persistence/cookie_storage.ts", "../../@firebase/auth/src/platform_browser/persistence/session_storage.ts", "../../@firebase/auth/src/platform_browser/messagechannel/promise.ts", "../../@firebase/auth/src/platform_browser/messagechannel/receiver.ts", "../../@firebase/auth/src/core/util/event_id.ts", "../../@firebase/auth/src/platform_browser/messagechannel/sender.ts", "../../@firebase/auth/src/platform_browser/auth_window.ts", "../../@firebase/auth/src/platform_browser/util/worker.ts", "../../@firebase/auth/src/platform_browser/persistence/indexed_db.ts", "../../@firebase/auth/src/api/authentication/mfa.ts", "../../@firebase/auth/src/platform_browser/recaptcha/recaptcha_loader.ts", "../../@firebase/auth/src/platform_browser/recaptcha/recaptcha_verifier.ts", "../../@firebase/auth/src/platform_browser/strategies/phone.ts", "../../@firebase/auth/src/platform_browser/providers/phone.ts", "../../@firebase/auth/src/core/util/resolver.ts", "../../@firebase/auth/src/core/strategies/idp.ts", "../../@firebase/auth/src/core/strategies/abstract_popup_redirect_operation.ts", "../../@firebase/auth/src/platform_browser/strategies/popup.ts", "../../@firebase/auth/src/core/strategies/redirect.ts", "../../@firebase/auth/src/platform_browser/strategies/redirect.ts", "../../@firebase/auth/src/core/auth/auth_event_manager.ts", "../../@firebase/auth/src/api/project_config/get_project_config.ts", "../../@firebase/auth/src/core/util/validate_origin.ts", "../../@firebase/auth/src/platform_browser/iframe/gapi.ts", "../../@firebase/auth/src/platform_browser/iframe/iframe.ts", "../../@firebase/auth/src/platform_browser/util/popup.ts", "../../@firebase/auth/src/core/util/handler.ts", "../../@firebase/auth/src/platform_browser/popup_redirect.ts", "../../@firebase/auth/src/mfa/mfa_assertion.ts", "../../@firebase/auth/src/platform_browser/mfa/assertions/phone.ts", "../../@firebase/auth/src/mfa/assertions/totp.ts", "../../@firebase/auth/src/core/auth/firebase_internal.ts", "../../@firebase/auth/src/core/auth/register.ts", "../../@firebase/auth/src/platform_browser/index.ts"], "sourcesContent": ["/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * An enum of factors that may be used for multifactor authentication.\n *\n * @public\n */\nexport const FactorId = {\n /** Phone as second factor */\n PHONE: 'phone',\n TOTP: 'totp'\n} as const;\n\n/**\n * Enumeration of supported providers.\n *\n * @public\n */\nexport const ProviderId = {\n /** Facebook provider ID */\n FACEBOOK: 'facebook.com',\n /** GitHub provider ID */\n GITHUB: 'github.com',\n /** Google provider ID */\n GOOGLE: 'google.com',\n /** Password provider */\n PASSWORD: 'password',\n /** Phone provider */\n PHONE: 'phone',\n /** Twitter provider ID */\n TWITTER: 'twitter.com'\n} as const;\n\n/**\n * Enumeration of supported sign-in methods.\n *\n * @public\n */\nexport const SignInMethod = {\n /** Email link sign in method */\n EMAIL_LINK: 'emailLink',\n /** Email/password sign in method */\n EMAIL_PASSWORD: 'password',\n /** Facebook sign in method */\n FACEBOOK: 'facebook.com',\n /** GitHub sign in method */\n GITHUB: 'github.com',\n /** Google sign in method */\n GOOGLE: 'google.com',\n /** Phone sign in method */\n PHONE: 'phone',\n /** Twitter sign in method */\n TWITTER: 'twitter.com'\n} as const;\n\n/**\n * Enumeration of supported operation types.\n *\n * @public\n */\nexport const OperationType = {\n /** Operation involving linking an additional provider to an already signed-in user. */\n LINK: 'link',\n /** Operation involving using a provider to reauthenticate an already signed-in user. */\n REAUTHENTICATE: 'reauthenticate',\n /** Operation involving signing in a user. */\n SIGN_IN: 'signIn'\n} as const;\n\n/**\n * An enumeration of the possible email action types.\n *\n * @public\n */\nexport const ActionCodeOperation = {\n /** The email link sign-in action. */\n EMAIL_SIGNIN: 'EMAIL_SIGNIN',\n /** The password reset action. */\n PASSWORD_RESET: 'PASSWORD_RESET',\n /** The email revocation action. */\n RECOVER_EMAIL: 'RECOVER_EMAIL',\n /** The revert second factor addition email action. */\n REVERT_SECOND_FACTOR_ADDITION: 'REVERT_SECOND_FACTOR_ADDITION',\n /** The revert second factor addition email action. */\n VERIFY_AND_CHANGE_EMAIL: 'VERIFY_AND_CHANGE_EMAIL',\n /** The email verification action. */\n VERIFY_EMAIL: 'VERIFY_EMAIL'\n} as const;\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorMap, User } from '../model/public_types';\nimport { ErrorFactory, ErrorMap } from '@firebase/util';\n\nimport { IdTokenMfaResponse } from '../api/authentication/mfa';\nimport { AppName } from '../model/auth';\nimport { AuthCredential } from './credentials';\n\n/**\n * Enumeration of Firebase Auth error codes.\n *\n * @internal\n */\nexport const enum AuthErrorCode {\n ADMIN_ONLY_OPERATION = 'admin-restricted-operation',\n ARGUMENT_ERROR = 'argument-error',\n APP_NOT_AUTHORIZED = 'app-not-authorized',\n APP_NOT_INSTALLED = 'app-not-installed',\n CAPTCHA_CHECK_FAILED = 'captcha-check-failed',\n CODE_EXPIRED = 'code-expired',\n CORDOVA_NOT_READY = 'cordova-not-ready',\n CORS_UNSUPPORTED = 'cors-unsupported',\n CREDENTIAL_ALREADY_IN_USE = 'credential-already-in-use',\n CREDENTIAL_MISMATCH = 'custom-token-mismatch',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN = 'requires-recent-login',\n DEPENDENT_SDK_INIT_BEFORE_AUTH = 'dependent-sdk-initialized-before-auth',\n DYNAMIC_LINK_NOT_ACTIVATED = 'dynamic-link-not-activated',\n EMAIL_CHANGE_NEEDS_VERIFICATION = 'email-change-needs-verification',\n EMAIL_EXISTS = 'email-already-in-use',\n EMULATOR_CONFIG_FAILED = 'emulator-config-failed',\n EXPIRED_OOB_CODE = 'expired-action-code',\n EXPIRED_POPUP_REQUEST = 'cancelled-popup-request',\n INTERNAL_ERROR = 'internal-error',\n INVALID_API_KEY = 'invalid-api-key',\n INVALID_APP_CREDENTIAL = 'invalid-app-credential',\n INVALID_APP_ID = 'invalid-app-id',\n INVALID_AUTH = 'invalid-user-token',\n INVALID_AUTH_EVENT = 'invalid-auth-event',\n INVALID_CERT_HASH = 'invalid-cert-hash',\n INVALID_CODE = 'invalid-verification-code',\n INVALID_CONTINUE_URI = 'invalid-continue-uri',\n INVALID_CORDOVA_CONFIGURATION = 'invalid-cordova-configuration',\n INVALID_CUSTOM_TOKEN = 'invalid-custom-token',\n INVALID_DYNAMIC_LINK_DOMAIN = 'invalid-dynamic-link-domain',\n INVALID_EMAIL = 'invalid-email',\n INVALID_EMULATOR_SCHEME = 'invalid-emulator-scheme',\n INVALID_CREDENTIAL = 'invalid-credential',\n INVALID_MESSAGE_PAYLOAD = 'invalid-message-payload',\n INVALID_MFA_SESSION = 'invalid-multi-factor-session',\n INVALID_OAUTH_CLIENT_ID = 'invalid-oauth-client-id',\n INVALID_OAUTH_PROVIDER = 'invalid-oauth-provider',\n INVALID_OOB_CODE = 'invalid-action-code',\n INVALID_ORIGIN = 'unauthorized-domain',\n INVALID_PASSWORD = 'wrong-password',\n INVALID_PERSISTENCE = 'invalid-persistence-type',\n INVALID_PHONE_NUMBER = 'invalid-phone-number',\n INVALID_PROVIDER_ID = 'invalid-provider-id',\n INVALID_RECIPIENT_EMAIL = 'invalid-recipient-email',\n INVALID_SENDER = 'invalid-sender',\n INVALID_SESSION_INFO = 'invalid-verification-id',\n INVALID_TENANT_ID = 'invalid-tenant-id',\n LOGIN_BLOCKED = 'login-blocked',\n MFA_INFO_NOT_FOUND = 'multi-factor-info-not-found',\n MFA_REQUIRED = 'multi-factor-auth-required',\n MISSING_ANDROID_PACKAGE_NAME = 'missing-android-pkg-name',\n MISSING_APP_CREDENTIAL = 'missing-app-credential',\n MISSING_AUTH_DOMAIN = 'auth-domain-config-required',\n MISSING_CODE = 'missing-verification-code',\n MISSING_CONTINUE_URI = 'missing-continue-uri',\n MISSING_IFRAME_START = 'missing-iframe-start',\n MISSING_IOS_BUNDLE_ID = 'missing-ios-bundle-id',\n MISSING_OR_INVALID_NONCE = 'missing-or-invalid-nonce',\n MISSING_MFA_INFO = 'missing-multi-factor-info',\n MISSING_MFA_SESSION = 'missing-multi-factor-session',\n MISSING_PHONE_NUMBER = 'missing-phone-number',\n MISSING_PASSWORD = 'missing-password',\n MISSING_SESSION_INFO = 'missing-verification-id',\n MODULE_DESTROYED = 'app-deleted',\n NEED_CONFIRMATION = 'account-exists-with-different-credential',\n NETWORK_REQUEST_FAILED = 'network-request-failed',\n NULL_USER = 'null-user',\n NO_AUTH_EVENT = 'no-auth-event',\n NO_SUCH_PROVIDER = 'no-such-provider',\n OPERATION_NOT_ALLOWED = 'operation-not-allowed',\n OPERATION_NOT_SUPPORTED = 'operation-not-supported-in-this-environment',\n POPUP_BLOCKED = 'popup-blocked',\n POPUP_CLOSED_BY_USER = 'popup-closed-by-user',\n PROVIDER_ALREADY_LINKED = 'provider-already-linked',\n QUOTA_EXCEEDED = 'quota-exceeded',\n REDIRECT_CANCELLED_BY_USER = 'redirect-cancelled-by-user',\n REDIRECT_OPERATION_PENDING = 'redirect-operation-pending',\n REJECTED_CREDENTIAL = 'rejected-credential',\n SECOND_FACTOR_ALREADY_ENROLLED = 'second-factor-already-in-use',\n SECOND_FACTOR_LIMIT_EXCEEDED = 'maximum-second-factor-count-exceeded',\n TENANT_ID_MISMATCH = 'tenant-id-mismatch',\n TIMEOUT = 'timeout',\n TOKEN_EXPIRED = 'user-token-expired',\n TOO_MANY_ATTEMPTS_TRY_LATER = 'too-many-requests',\n UNAUTHORIZED_DOMAIN = 'unauthorized-continue-uri',\n UNSUPPORTED_FIRST_FACTOR = 'unsupported-first-factor',\n UNSUPPORTED_PERSISTENCE = 'unsupported-persistence-type',\n UNSUPPORTED_TENANT_OPERATION = 'unsupported-tenant-operation',\n UNVERIFIED_EMAIL = 'unverified-email',\n USER_CANCELLED = 'user-cancelled',\n USER_DELETED = 'user-not-found',\n USER_DISABLED = 'user-disabled',\n USER_MISMATCH = 'user-mismatch',\n USER_SIGNED_OUT = 'user-signed-out',\n WEAK_PASSWORD = 'weak-password',\n WEB_STORAGE_UNSUPPORTED = 'web-storage-unsupported',\n ALREADY_INITIALIZED = 'already-initialized',\n RECAPTCHA_NOT_ENABLED = 'recaptcha-not-enabled',\n MISSING_RECAPTCHA_TOKEN = 'missing-recaptcha-token',\n INVALID_RECAPTCHA_TOKEN = 'invalid-recaptcha-token',\n INVALID_RECAPTCHA_ACTION = 'invalid-recaptcha-action',\n MISSING_CLIENT_TYPE = 'missing-client-type',\n MISSING_RECAPTCHA_VERSION = 'missing-recaptcha-version',\n INVALID_RECAPTCHA_VERSION = 'invalid-recaptcha-version',\n INVALID_REQ_TYPE = 'invalid-req-type',\n UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION = 'unsupported-password-policy-schema-version',\n PASSWORD_DOES_NOT_MEET_REQUIREMENTS = 'password-does-not-meet-requirements',\n INVALID_HOSTING_LINK_DOMAIN = 'invalid-hosting-link-domain'\n}\n\nfunction _debugErrorMap(): ErrorMap<AuthErrorCode> {\n return {\n [AuthErrorCode.ADMIN_ONLY_OPERATION]:\n 'This operation is restricted to administrators only.',\n [AuthErrorCode.ARGUMENT_ERROR]: '',\n [AuthErrorCode.APP_NOT_AUTHORIZED]:\n \"This app, identified by the domain where it's hosted, is not \" +\n 'authorized to use Firebase Authentication with the provided API key. ' +\n 'Review your key configuration in the Google API console.',\n [AuthErrorCode.APP_NOT_INSTALLED]:\n 'The requested mobile application corresponding to the identifier (' +\n 'Android package name or iOS bundle ID) provided is not installed on ' +\n 'this device.',\n [AuthErrorCode.CAPTCHA_CHECK_FAILED]:\n 'The reCAPTCHA response token provided is either invalid, expired, ' +\n 'already used or the domain associated with it does not match the list ' +\n 'of whitelisted domains.',\n [AuthErrorCode.CODE_EXPIRED]:\n 'The SMS code has expired. Please re-send the verification code to try ' +\n 'again.',\n [AuthErrorCode.CORDOVA_NOT_READY]: 'Cordova framework is not ready.',\n [AuthErrorCode.CORS_UNSUPPORTED]: 'This browser is not supported.',\n [AuthErrorCode.CREDENTIAL_ALREADY_IN_USE]:\n 'This credential is already associated with a different user account.',\n [AuthErrorCode.CREDENTIAL_MISMATCH]:\n 'The custom token corresponds to a different audience.',\n [AuthErrorCode.CREDENTIAL_TOO_OLD_LOGIN_AGAIN]:\n 'This operation is sensitive and requires recent authentication. Log in ' +\n 'again before retrying this request.',\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]:\n 'Another Firebase SDK was initialized and is trying to use Auth before Auth is ' +\n 'initialized. Please be sure to call `initializeAuth` or `getAuth` before ' +\n 'starting any other Firebase SDK.',\n [AuthErrorCode.DYNAMIC_LINK_NOT_ACTIVATED]:\n 'Please activate Dynamic Links in the Firebase Console and agree to the terms and ' +\n 'conditions.',\n [AuthErrorCode.EMAIL_CHANGE_NEEDS_VERIFICATION]:\n 'Multi-factor users must always have a verified email.',\n [AuthErrorCode.EMAIL_EXISTS]:\n 'The email address is already in use by another account.',\n [AuthErrorCode.EMULATOR_CONFIG_FAILED]:\n 'Auth instance has already been used to make a network call. Auth can ' +\n 'no longer be configured to use the emulator. Try calling ' +\n '\"connectAuthEmulator()\" sooner.',\n [AuthErrorCode.EXPIRED_OOB_CODE]: 'The action code has expired.',\n [AuthErrorCode.EXPIRED_POPUP_REQUEST]:\n 'This operation has been cancelled due to another conflicting popup being opened.',\n [AuthErrorCode.INTERNAL_ERROR]: 'An internal AuthError has occurred.',\n [AuthErrorCode.INVALID_APP_CREDENTIAL]:\n 'The phone verification request contains an invalid application verifier.' +\n ' The reCAPTCHA token response is either invalid or expired.',\n [AuthErrorCode.INVALID_APP_ID]:\n 'The mobile app identifier is not registered for the current project.',\n [AuthErrorCode.INVALID_AUTH]:\n \"This user's credential isn't valid for this project. This can happen \" +\n \"if the user's token has been tampered with, or if the user isn't for \" +\n 'the project associated with this API key.',\n [AuthErrorCode.INVALID_AUTH_EVENT]: 'An internal AuthError has occurred.',\n [AuthErrorCode.INVALID_CODE]:\n 'The SMS verification code used to create the phone auth credential is ' +\n 'invalid. Please resend the verification code sms and be sure to use the ' +\n 'verification code provided by the user.',\n [AuthErrorCode.INVALID_CONTINUE_URI]:\n 'The continue URL provided in the request is invalid.',\n [AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]:\n 'The following Cordova plugins must be installed to enable OAuth sign-in: ' +\n 'cordova-plugin-buildinfo, cordova-universal-links-plugin, ' +\n 'cordova-plugin-browsertab, cordova-plugin-inappbrowser and ' +\n 'cordova-plugin-customurlscheme.',\n [AuthErrorCode.INVALID_CUSTOM_TOKEN]:\n 'The custom token format is incorrect. Please check the documentation.',\n [AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN]:\n 'The provided dynamic link domain is not configured or authorized for the current project.',\n [AuthErrorCode.INVALID_EMAIL]: 'The email address is badly formatted.',\n [AuthErrorCode.INVALID_EMULATOR_SCHEME]:\n 'Emulator URL must start with a valid scheme (http:// or https://).',\n [AuthErrorCode.INVALID_API_KEY]:\n 'Your API key is invalid, please check you have copied it correctly.',\n [AuthErrorCode.INVALID_CERT_HASH]:\n 'The SHA-1 certificate hash provided is invalid.',\n [AuthErrorCode.INVALID_CREDENTIAL]:\n 'The supplied auth credential is incorrect, malformed or has expired.',\n [AuthErrorCode.INVALID_MESSAGE_PAYLOAD]:\n 'The email template corresponding to this action contains invalid characters in its message. ' +\n 'Please fix by going to the Auth email templates section in the Firebase Console.',\n [AuthErrorCode.INVALID_MFA_SESSION]:\n 'The request does not contain a valid proof of first factor successful sign-in.',\n [AuthErrorCode.INVALID_OAUTH_PROVIDER]:\n 'EmailAuthProvider is not supported for this operation. This operation ' +\n 'only supports OAuth providers.',\n [AuthErrorCode.INVALID_OAUTH_CLIENT_ID]:\n 'The OAuth client ID provided is either invalid or does not match the ' +\n 'specified API key.',\n [AuthErrorCode.INVALID_ORIGIN]:\n 'This domain is not authorized for OAuth operations for your Firebase ' +\n 'project. Edit the list of authorized domains from the Firebase console.',\n [AuthErrorCode.INVALID_OOB_CODE]:\n 'The action code is invalid. This can happen if the code is malformed, ' +\n 'expired, or has already been used.',\n [AuthErrorCode.INVALID_PASSWORD]:\n 'The password is invalid or the user does not have a password.',\n [AuthErrorCode.INVALID_PERSISTENCE]:\n 'The specified persistence type is invalid. It can only be local, session or none.',\n [AuthErrorCode.INVALID_PHONE_NUMBER]:\n 'The format of the phone number provided is incorrect. Please enter the ' +\n 'phone number in a format that can be parsed into E.164 format. E.164 ' +\n 'phone numbers are written in the format [+][country code][subscriber ' +\n 'number including area code].',\n [AuthErrorCode.INVALID_PROVIDER_ID]:\n 'The specified provider ID is invalid.',\n [AuthErrorCode.INVALID_RECIPIENT_EMAIL]:\n 'The email corresponding to this action failed to send as the provided ' +\n 'recipient email address is invalid.',\n [AuthErrorCode.INVALID_SENDER]:\n 'The email template corresponding to this action contains an invalid sender email or name. ' +\n 'Please fix by going to the Auth email templates section in the Firebase Console.',\n [AuthErrorCode.INVALID_SESSION_INFO]:\n 'The verification ID used to create the phone auth credential is invalid.',\n [AuthErrorCode.INVALID_TENANT_ID]:\n \"The Auth instance's tenant ID is invalid.\",\n [AuthErrorCode.LOGIN_BLOCKED]:\n 'Login blocked by user-provided method: {$originalMessage}',\n [AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME]:\n 'An Android Package Name must be provided if the Android App is required to be installed.',\n [AuthErrorCode.MISSING_AUTH_DOMAIN]:\n 'Be sure to include authDomain when calling firebase.initializeApp(), ' +\n 'by following the instructions in the Firebase console.',\n [AuthErrorCode.MISSING_APP_CREDENTIAL]:\n 'The phone verification request is missing an application verifier ' +\n 'assertion. A reCAPTCHA response token needs to be provided.',\n [AuthErrorCode.MISSING_CODE]:\n 'The phone auth credential was created with an empty SMS verification code.',\n [AuthErrorCode.MISSING_CONTINUE_URI]:\n 'A continue URL must be provided in the request.',\n [AuthErrorCode.MISSING_IFRAME_START]: 'An internal AuthError has occurred.',\n [AuthErrorCode.MISSING_IOS_BUNDLE_ID]:\n 'An iOS Bundle ID must be provided if an App Store ID is provided.',\n [AuthErrorCode.MISSING_OR_INVALID_NONCE]:\n 'The request does not contain a valid nonce. This can occur if the ' +\n 'SHA-256 hash of the provided raw nonce does not match the hashed nonce ' +\n 'in the ID token payload.',\n [AuthErrorCode.MISSING_PASSWORD]: 'A non-empty password must be provided',\n [AuthErrorCode.MISSING_MFA_INFO]:\n 'No second factor identifier is provided.',\n [AuthErrorCode.MISSING_MFA_SESSION]:\n 'The request is missing proof of first factor successful sign-in.',\n [AuthErrorCode.MISSING_PHONE_NUMBER]:\n 'To send verification codes, provide a phone number for the recipient.',\n [AuthErrorCode.MISSING_SESSION_INFO]:\n 'The phone auth credential was created with an empty verification ID.',\n [AuthErrorCode.MODULE_DESTROYED]:\n 'This instance of FirebaseApp has been deleted.',\n [AuthErrorCode.MFA_INFO_NOT_FOUND]:\n 'The user does not have a second factor matching the identifier provided.',\n [AuthErrorCode.MFA_REQUIRED]:\n 'Proof of ownership of a second factor is required to complete sign-in.',\n [AuthErrorCode.NEED_CONFIRMATION]:\n 'An account already exists with the same email address but different ' +\n 'sign-in credentials. Sign in using a provider associated with this ' +\n 'email address.',\n [AuthErrorCode.NETWORK_REQUEST_FAILED]:\n 'A network AuthError (such as timeout, interrupted connection or unreachable host) has occurred.',\n [AuthErrorCode.NO_AUTH_EVENT]: 'An internal AuthError has occurred.',\n [AuthErrorCode.NO_SUCH_PROVIDER]:\n 'User was not linked to an account with the given provider.',\n [AuthErrorCode.NULL_USER]:\n 'A null user object was provided as the argument for an operation which ' +\n 'requires a non-null user object.',\n [AuthErrorCode.OPERATION_NOT_ALLOWED]:\n 'The given sign-in provider is disabled for this Firebase project. ' +\n 'Enable it in the Firebase console, under the sign-in method tab of the ' +\n 'Auth section.',\n [AuthErrorCode.OPERATION_NOT_SUPPORTED]:\n 'This operation is not supported in the environment this application is ' +\n 'running on. \"location.protocol\" must be http, https or chrome-extension' +\n ' and web storage must be enabled.',\n [AuthErrorCode.POPUP_BLOCKED]:\n 'Unable to establish a connection with the popup. It may have been blocked by the browser.',\n [AuthErrorCode.POPUP_CLOSED_BY_USER]:\n 'The popup has been closed by the user before finalizing the operation.',\n [AuthErrorCode.PROVIDER_ALREADY_LINKED]:\n 'User can only be linked to one identity for the given provider.',\n [AuthErrorCode.QUOTA_EXCEEDED]:\n \"The project's quota for this operation has been exceeded.\",\n [AuthErrorCode.REDIRECT_CANCELLED_BY_USER]:\n 'The redirect operation has been cancelled by the user before finalizing.',\n [AuthErrorCode.REDIRECT_OPERATION_PENDING]:\n 'A redirect sign-in operation is already pending.',\n [AuthErrorCode.REJECTED_CREDENTIAL]:\n 'The request contains malformed or mismatching credentials.',\n [AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED]:\n 'The second factor is already enrolled on this account.',\n [AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED]:\n 'The maximum allowed number of second factors on a user has been exceeded.',\n [AuthErrorCode.TENANT_ID_MISMATCH]:\n \"The provided tenant ID does not match the Auth instance's tenant ID\",\n [AuthErrorCode.TIMEOUT]: 'The operation has timed out.',\n [AuthErrorCode.TOKEN_EXPIRED]:\n \"The user's credential is no longer valid. The user must sign in again.\",\n [AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER]:\n 'We have blocked all requests from this device due to unusual activity. ' +\n 'Try again later.',\n [AuthErrorCode.UNAUTHORIZED_DOMAIN]:\n 'The domain of the continue URL is not whitelisted. Please whitelist ' +\n 'the domain in the Firebase console.',\n [AuthErrorCode.UNSUPPORTED_FIRST_FACTOR]:\n 'Enrolling a second factor or signing in with a multi-factor account requires sign-in with a supported first factor.',\n [AuthErrorCode.UNSUPPORTED_PERSISTENCE]:\n 'The current environment does not support the specified persistence type.',\n [AuthErrorCode.UNSUPPORTED_TENANT_OPERATION]:\n 'This operation is not supported in a multi-tenant context.',\n [AuthErrorCode.UNVERIFIED_EMAIL]:\n 'The operation requires a verified email.',\n [AuthErrorCode.USER_CANCELLED]:\n 'The user did not grant your application the permissions it requested.',\n [AuthErrorCode.USER_DELETED]:\n 'There is no user record corresponding to this identifier. The user may ' +\n 'have been deleted.',\n [AuthErrorCode.USER_DISABLED]:\n 'The user account has been disabled by an administrator.',\n [AuthErrorCode.USER_MISMATCH]:\n 'The supplied credentials do not correspond to the previously signed in user.',\n [AuthErrorCode.USER_SIGNED_OUT]: '',\n [AuthErrorCode.WEAK_PASSWORD]:\n 'The password must be 6 characters long or more.',\n [AuthErrorCode.WEB_STORAGE_UNSUPPORTED]:\n 'This browser is not supported or 3rd party cookies and data may be disabled.',\n [AuthErrorCode.ALREADY_INITIALIZED]:\n 'initializeAuth() has already been called with ' +\n 'different options. To avoid this error, call initializeAuth() with the ' +\n 'same options as when it was originally called, or call getAuth() to return the' +\n ' already initialized instance.',\n [AuthErrorCode.MISSING_RECAPTCHA_TOKEN]:\n 'The reCAPTCHA token is missing when sending request to the backend.',\n [AuthErrorCode.INVALID_RECAPTCHA_TOKEN]:\n 'The reCAPTCHA token is invalid when sending request to the backend.',\n [AuthErrorCode.INVALID_RECAPTCHA_ACTION]:\n 'The reCAPTCHA action is invalid when sending request to the backend.',\n [AuthErrorCode.RECAPTCHA_NOT_ENABLED]:\n 'reCAPTCHA Enterprise integration is not enabled for this project.',\n [AuthErrorCode.MISSING_CLIENT_TYPE]:\n 'The reCAPTCHA client type is missing when sending request to the backend.',\n [AuthErrorCode.MISSING_RECAPTCHA_VERSION]:\n 'The reCAPTCHA version is missing when sending request to the backend.',\n [AuthErrorCode.INVALID_REQ_TYPE]: 'Invalid request parameters.',\n [AuthErrorCode.INVALID_RECAPTCHA_VERSION]:\n 'The reCAPTCHA version is invalid when sending request to the backend.',\n [AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION]:\n 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',\n [AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS]:\n 'The password does not meet the requirements.',\n [AuthErrorCode.INVALID_HOSTING_LINK_DOMAIN]:\n 'The provided Hosting link domain is not configured in Firebase Hosting or is not owned by ' +\n 'the current project. This cannot be a default Hosting domain (`web.app` or `firebaseapp.com`).'\n };\n}\n\nexport interface ErrorMapRetriever extends AuthErrorMap {\n (): ErrorMap<AuthErrorCode>;\n}\n\nfunction _prodErrorMap(): ErrorMap<AuthErrorCode> {\n // We will include this one message in the prod error map since by the very\n // nature of this error, developers will never be able to see the message\n // using the debugErrorMap (which is installed during auth initialization).\n return {\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]:\n 'Another Firebase SDK was initialized and is trying to use Auth before Auth is ' +\n 'initialized. Please be sure to call `initializeAuth` or `getAuth` before ' +\n 'starting any other Firebase SDK.'\n } as ErrorMap<AuthErrorCode>;\n}\n\n/**\n * A verbose error map with detailed descriptions for most error codes.\n *\n * See discussion at {@link AuthErrorMap}\n *\n * @public\n */\nexport const debugErrorMap: AuthErrorMap = _debugErrorMap;\n\n/**\n * A minimal error map with all verbose error messages stripped.\n *\n * See discussion at {@link AuthErrorMap}\n *\n * @public\n */\nexport const prodErrorMap: AuthErrorMap = _prodErrorMap;\n\nexport interface NamedErrorParams {\n appName: AppName;\n credential?: AuthCredential;\n email?: string;\n phoneNumber?: string;\n tenantId?: string;\n user?: User;\n _serverResponse?: object;\n}\n\n/**\n * @internal\n */\ntype GenericAuthErrorParams = {\n [key in Exclude<\n AuthErrorCode,\n | AuthErrorCode.ARGUMENT_ERROR\n | AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH\n | AuthErrorCode.INTERNAL_ERROR\n | AuthErrorCode.MFA_REQUIRED\n | AuthErrorCode.NO_AUTH_EVENT\n | AuthErrorCode.OPERATION_NOT_SUPPORTED\n >]: {\n appName?: AppName;\n email?: string;\n phoneNumber?: string;\n message?: string;\n };\n};\n\n/**\n * @internal\n */\nexport interface AuthErrorParams extends GenericAuthErrorParams {\n [AuthErrorCode.ARGUMENT_ERROR]: { appName?: AppName };\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]: { appName?: AppName };\n [AuthErrorCode.INTERNAL_ERROR]: { appName?: AppName };\n [AuthErrorCode.LOGIN_BLOCKED]: {\n appName?: AppName;\n originalMessage?: string;\n };\n [AuthErrorCode.OPERATION_NOT_SUPPORTED]: { appName?: AppName };\n [AuthErrorCode.NO_AUTH_EVENT]: { appName?: AppName };\n [AuthErrorCode.MFA_REQUIRED]: {\n appName: AppName;\n _serverResponse: IdTokenMfaResponse;\n };\n [AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]: {\n appName: AppName;\n missingPlugin?: string;\n };\n}\n\nexport const _DEFAULT_AUTH_ERROR_FACTORY = new ErrorFactory<\n AuthErrorCode,\n AuthErrorParams\n>('auth', 'Firebase', _prodErrorMap());\n\n/**\n * A map of potential `Auth` error codes, for easier comparison with errors\n * thrown by the SDK.\n *\n * @remarks\n * Note that you can't tree-shake individual keys\n * in the map, so by using the map you might substantially increase your\n * bundle size.\n *\n * @public\n */\nexport const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {\n ADMIN_ONLY_OPERATION: 'auth/admin-restricted-operation',\n ARGUMENT_ERROR: 'auth/argument-error',\n APP_NOT_AUTHORIZED: 'auth/app-not-authorized',\n APP_NOT_INSTALLED: 'auth/app-not-installed',\n CAPTCHA_CHECK_FAILED: 'auth/captcha-check-failed',\n CODE_EXPIRED: 'auth/code-expired',\n CORDOVA_NOT_READY: 'auth/cordova-not-ready',\n CORS_UNSUPPORTED: 'auth/cors-unsupported',\n CREDENTIAL_ALREADY_IN_USE: 'auth/credential-already-in-use',\n CREDENTIAL_MISMATCH: 'auth/custom-token-mismatch',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN: 'auth/requires-recent-login',\n DEPENDENT_SDK_INIT_BEFORE_AUTH: 'auth/dependent-sdk-initialized-before-auth',\n DYNAMIC_LINK_NOT_ACTIVATED: 'auth/dynamic-link-not-activated',\n EMAIL_CHANGE_NEEDS_VERIFICATION: 'auth/email-change-needs-verification',\n EMAIL_EXISTS: 'auth/email-already-in-use',\n EMULATOR_CONFIG_FAILED: 'auth/emulator-config-failed',\n EXPIRED_OOB_CODE: 'auth/expired-action-code',\n EXPIRED_POPUP_REQUEST: 'auth/cancelled-popup-request',\n INTERNAL_ERROR: 'auth/internal-error',\n INVALID_API_KEY: 'auth/invalid-api-key',\n INVALID_APP_CREDENTIAL: 'auth/invalid-app-credential',\n INVALID_APP_ID: 'auth/invalid-app-id',\n INVALID_AUTH: 'auth/invalid-user-token',\n INVALID_AUTH_EVENT: 'auth/invalid-auth-event',\n INVALID_CERT_HASH: 'auth/invalid-cert-hash',\n INVALID_CODE: 'auth/invalid-verification-code',\n INVALID_CONTINUE_URI: 'auth/invalid-continue-uri',\n INVALID_CORDOVA_CONFIGURATION: 'auth/invalid-cordova-configuration',\n INVALID_CUSTOM_TOKEN: 'auth/invalid-custom-token',\n INVALID_DYNAMIC_LINK_DOMAIN: 'auth/invalid-dynamic-link-domain',\n INVALID_EMAIL: 'auth/invalid-email',\n INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',\n INVALID_IDP_RESPONSE: 'auth/invalid-credential',\n INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',\n INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',\n INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',\n INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',\n INVALID_OAUTH_PROVIDER: 'auth/invalid-oauth-provider',\n INVALID_OOB_CODE: 'auth/invalid-action-code',\n INVALID_ORIGIN: 'auth/unauthorized-domain',\n INVALID_PASSWORD: 'auth/wrong-password',\n INVALID_PERSISTENCE: 'auth/invalid-persistence-type',\n INVALID_PHONE_NUMBER: 'auth/invalid-phone-number',\n INVALID_PROVIDER_ID: 'auth/invalid-provider-id',\n INVALID_RECIPIENT_EMAIL: 'auth/invalid-recipient-email',\n INVALID_SENDER: 'auth/invalid-sender',\n INVALID_SESSION_INFO: 'auth/invalid-verification-id',\n INVALID_TENANT_ID: 'auth/invalid-tenant-id',\n MFA_INFO_NOT_FOUND: 'auth/multi-factor-info-not-found',\n MFA_REQUIRED: 'auth/multi-factor-auth-required',\n MISSING_ANDROID_PACKAGE_NAME: 'auth/missing-android-pkg-name',\n MISSING_APP_CREDENTIAL: 'auth/missing-app-credential',\n MISSING_AUTH_DOMAIN: 'auth/auth-domain-config-required',\n MISSING_CODE: 'auth/missing-verification-code',\n MISSING_CONTINUE_URI: 'auth/missing-continue-uri',\n MISSING_IFRAME_START: 'auth/missing-iframe-start',\n MISSING_IOS_BUNDLE_ID: 'auth/missing-ios-bundle-id',\n MISSING_OR_INVALID_NONCE: 'auth/missing-or-invalid-nonce',\n MISSING_MFA_INFO: 'auth/missing-multi-factor-info',\n MISSING_MFA_SESSION: 'auth/missing-multi-factor-session',\n MISSING_PHONE_NUMBER: 'auth/missing-phone-number',\n MISSING_PASSWORD: 'auth/missing-password',\n MISSING_SESSION_INFO: 'auth/missing-verification-id',\n MODULE_DESTROYED: 'auth/app-deleted',\n NEED_CONFIRMATION: 'auth/account-exists-with-different-credential',\n NETWORK_REQUEST_FAILED: 'auth/network-request-failed',\n NULL_USER: 'auth/null-user',\n NO_AUTH_EVENT: 'auth/no-auth-event',\n NO_SUCH_PROVIDER: 'auth/no-such-provider',\n OPERATION_NOT_ALLOWED: 'auth/operation-not-allowed',\n OPERATION_NOT_SUPPORTED: 'auth/operation-not-supported-in-this-environment',\n POPUP_BLOCKED: 'auth/popup-blocked',\n POPUP_CLOSED_BY_USER: 'auth/popup-closed-by-user',\n PROVIDER_ALREADY_LINKED: 'auth/provider-already-linked',\n QUOTA_EXCEEDED: 'auth/quota-exceeded',\n REDIRECT_CANCELLED_BY_USER: 'auth/redirect-cancelled-by-user',\n REDIRECT_OPERATION_PENDING: 'auth/redirect-operation-pending',\n REJECTED_CREDENTIAL: 'auth/rejected-credential',\n SECOND_FACTOR_ALREADY_ENROLLED: 'auth/second-factor-already-in-use',\n SECOND_FACTOR_LIMIT_EXCEEDED: 'auth/maximum-second-factor-count-exceeded',\n TENANT_ID_MISMATCH: 'auth/tenant-id-mismatch',\n TIMEOUT: 'auth/timeout',\n TOKEN_EXPIRED: 'auth/user-token-expired',\n TOO_MANY_ATTEMPTS_TRY_LATER: 'auth/too-many-requests',\n UNAUTHORIZED_DOMAIN: 'auth/unauthorized-continue-uri',\n UNSUPPORTED_FIRST_FACTOR: 'auth/unsupported-first-factor',\n UNSUPPORTED_PERSISTENCE: 'auth/unsupported-persistence-type',\n UNSUPPORTED_TENANT_OPERATION: 'auth/unsupported-tenant-operation',\n UNVERIFIED_EMAIL: 'auth/unverified-email',\n USER_CANCELLED: 'auth/user-cancelled',\n USER_DELETED: 'auth/user-not-found',\n USER_DISABLED: 'auth/user-disabled',\n USER_MISMATCH: 'auth/user-mismatch',\n USER_SIGNED_OUT: 'auth/user-signed-out',\n WEAK_PASSWORD: 'auth/weak-password',\n WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',\n ALREADY_INITIALIZED: 'auth/already-initialized',\n RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',\n MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',\n INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',\n INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',\n MISSING_CLIENT_TYPE: 'auth/missing-client-type',\n MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',\n INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',\n INVALID_REQ_TYPE: 'auth/invalid-req-type',\n INVALID_HOSTING_LINK_DOMAIN: 'auth/invalid-hosting-link-domain'\n} as const;\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Logger, LogLevel } from '@firebase/logger';\nimport { SDK_VERSION } from '@firebase/app';\n\nexport { LogLevel };\n\nconst logClient = new Logger('@firebase/auth');\n\n// Helper methods are needed because variables can't be exported as read/write\nexport function _getLogLevel(): LogLevel {\n return logClient.logLevel;\n}\n\nexport function _setLogLevel(newLevel: LogLevel): void {\n logClient.logLevel = newLevel;\n}\n\nexport function _logDebug(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.DEBUG) {\n logClient.debug(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n\nexport function _logWarn(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.WARN) {\n logClient.warn(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n\nexport function _logError(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.ERROR) {\n logClient.error(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth } from '../../model/public_types';\nimport { ErrorFactory, FirebaseError } from '@firebase/util';\nimport { AuthInternal } from '../../model/auth';\nimport {\n _DEFAULT_AUTH_ERROR_FACTORY,\n AuthErrorCode,\n AuthErrorParams,\n prodErrorMap,\n ErrorMapRetriever\n} from '../errors';\nimport { _logError } from './log';\n\ntype AuthErrorListParams<K> = K extends keyof AuthErrorParams\n ? [AuthErrorParams[K]]\n : [];\ntype LessAppName<K extends AuthErrorCode> = Omit<AuthErrorParams[K], 'appName'>;\n\n/**\n * Unconditionally fails, throwing a developer facing INTERNAL_ERROR\n *\n * @example\n * ```javascript\n * fail(auth, AuthErrorCode.MFA_REQUIRED); // Error: the MFA_REQUIRED error needs more params than appName\n * fail(auth, AuthErrorCode.MFA_REQUIRED, {serverResponse}); // Compiles\n * fail(AuthErrorCode.INTERNAL_ERROR); // Compiles; internal error does not need appName\n * fail(AuthErrorCode.USER_DELETED); // Error: USER_DELETED requires app name\n * fail(auth, AuthErrorCode.USER_DELETED); // Compiles; USER_DELETED _only_ needs app name\n * ```\n *\n * @param appName App name for tagging the error\n * @throws FirebaseError\n */\nexport function _fail<K extends AuthErrorCode>(\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): never;\nexport function _fail<K extends AuthErrorCode>(\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): never;\nexport function _fail<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): never {\n throw createErrorInternal(authOrCode, ...rest);\n}\n\nexport function _createError<K extends AuthErrorCode>(\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): FirebaseError;\nexport function _createError<K extends AuthErrorCode>(\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): FirebaseError;\nexport function _createError<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): FirebaseError {\n return createErrorInternal(authOrCode, ...rest);\n}\n\nexport function _errorWithCustomMessage(\n auth: Auth,\n code: AuthErrorCode,\n message: string\n): FirebaseError {\n const errorMap = {\n ...(prodErrorMap as ErrorMapRetriever)(),\n [code]: message\n };\n const factory = new ErrorFactory<AuthErrorCode, AuthErrorParams>(\n 'auth',\n 'Firebase',\n errorMap\n );\n return factory.create(code, {\n appName: auth.name\n });\n}\n\nexport function _serverAppCurrentUserOperationNotSupportedError(\n auth: Auth\n): FirebaseError {\n return _errorWithCustomMessage(\n auth,\n AuthErrorCode.OPERATION_NOT_SUPPORTED,\n 'Operations that alter the current user are not supported in conjunction with FirebaseServerApp'\n );\n}\n\nexport function _assertInstanceOf(\n auth: Auth,\n object: object,\n instance: unknown\n): void {\n const constructorInstance = instance as { new (...args: unknown[]): unknown };\n if (!(object instanceof constructorInstance)) {\n if (constructorInstance.name !== object.constructor.name) {\n _fail(auth, AuthErrorCode.ARGUMENT_ERROR);\n }\n\n throw _errorWithCustomMessage(\n auth,\n AuthErrorCode.ARGUMENT_ERROR,\n `Type of ${object.constructor.name} does not match expected instance.` +\n `Did you pass a reference from a different Auth SDK?`\n );\n }\n}\n\nfunction createErrorInternal<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): FirebaseError {\n if (typeof authOrCode !== 'string') {\n const code = rest[0] as K;\n const fullParams = [...rest.slice(1)] as AuthErrorListParams<K>;\n if (fullParams[0]) {\n fullParams[0].appName = authOrCode.name;\n }\n\n return (authOrCode as AuthInternal)._errorFactory.create(\n code,\n ...fullParams\n );\n }\n\n return _DEFAULT_AUTH_ERROR_FACTORY.create(\n authOrCode,\n ...(rest as AuthErrorListParams<K>)\n );\n}\n\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): asserts assertion;\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): asserts assertion;\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n authOrCode: Auth | K,\n ...rest: unknown[]\n): asserts assertion {\n if (!assertion) {\n throw createErrorInternal(authOrCode, ...rest);\n }\n}\n\n// We really do want to accept literally any function type here\n// eslint-disable-next-line @typescript-eslint/ban-types\ntype TypeExpectation = Function | string | MapType;\n\ninterface MapType extends Record<string, TypeExpectation | Optional> {}\n\nclass Optional {\n constructor(readonly type: TypeExpectation) {}\n}\n\nexport function opt(type: TypeExpectation): Optional {\n return new Optional(type);\n}\n\n/**\n * Asserts the runtime types of arguments. The 'expected' field can be one of\n * a class, a string (representing a \"typeof\" call), or a record map of name\n * to type. Furthermore, the opt() function can be used to mark a field as\n * optional. For example:\n *\n * function foo(auth: Auth, profile: {displayName?: string}, update = false) {\n * assertTypes(arguments, [AuthImpl, {displayName: opt('string')}, opt('boolean')]);\n * }\n *\n * opt() can be used for any type:\n * function foo(auth?: Auth) {\n * assertTypes(arguments, [opt(AuthImpl)]);\n * }\n *\n * The string types can be or'd together, and you can use \"null\" as well (note\n * that typeof null === 'object'; this is an edge case). For example:\n *\n * function foo(profile: {displayName?: string | null}) {\n * assertTypes(arguments, [{displayName: opt('string|null')}]);\n * }\n *\n * @param args\n * @param expected\n */\nexport function assertTypes(\n args: Omit<IArguments, 'callee'>,\n ...expected: Array<TypeExpectation | Optional>\n): void {\n if (args.length > expected.length) {\n _fail(AuthErrorCode.ARGUMENT_ERROR, {});\n }\n\n for (let i = 0; i < expected.length; i++) {\n let expect = expected[i];\n const arg = args[i];\n\n if (expect instanceof Optional) {\n // If the arg is undefined, then it matches \"optional\" and we can move to\n // the next arg\n if (typeof arg === 'undefined') {\n continue;\n }\n expect = expect.type;\n }\n\n if (typeof expect === 'string') {\n // Handle the edge case for null because typeof null === 'object'\n if (expect.includes('null') && arg === null) {\n continue;\n }\n\n const required = expect.split('|');\n _assert(required.includes(typeof arg), AuthErrorCode.ARGUMENT_ERROR, {});\n } else if (typeof expect === 'object') {\n // Recursively check record arguments\n const record = arg as Record<string, unknown>;\n const map = expect as MapType;\n const keys = Object.keys(expect);\n\n assertTypes(\n keys.map(k => record[k]),\n ...keys.map(k => map[k])\n );\n } else {\n _assert(arg instanceof expect, AuthErrorCode.ARGUMENT_ERROR, {});\n }\n }\n}\n\n/**\n * Unconditionally fails, throwing an internal error with the given message.\n *\n * @param failure type of failure encountered\n * @throws Error\n */\nexport function debugFail(failure: string): never {\n // Log the failure in addition to throw an exception, just in case the\n // exception is swallowed.\n const message = `INTERNAL ASSERTION FAILED: ` + failure;\n _logError(message);\n\n // NOTE: We don't use FirebaseError here because these are internal failures\n // that cannot be handled by the user. (Also it would create a circular\n // dependency between the error and assert modules which doesn't work.)\n throw new Error(message);\n}\n\n/**\n * Fails if the given assertion condition is false, throwing an Error with the\n * given message if it did.\n *\n * @param assertion\n * @param message\n */\nexport function debugAssert(\n assertion: unknown,\n message: string\n): asserts assertion {\n if (!assertion) {\n debugFail(message);\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function _getCurrentUrl(): string {\n return (typeof self !== 'undefined' && self.location?.href) || '';\n}\n\nexport function _isHttpOrHttps(): boolean {\n return _getCurrentScheme() === 'http:' || _getCurrentScheme() === 'https:';\n}\n\nexport function _getCurrentScheme(): string | null {\n return (typeof self !== 'undefined' && self.location?.protocol) || null;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isBrowserExtension } from '@firebase/util';\nimport { _isHttpOrHttps } from './location';\n\n/**\n * Determine whether the browser is working online\n */\nexport function _isOnline(): boolean {\n if (\n typeof navigator !== 'undefined' &&\n navigator &&\n 'onLine' in navigator &&\n typeof navigator.onLine === 'boolean' &&\n // Apply only for traditional web apps and Chrome extensions.\n // This is especially true for Cordova apps which have unreliable\n // navigator.onLine behavior unless cordova-plugin-network-information is\n // installed which overwrites the native navigator.onLine value and\n // defines navigator.connection.\n (_isHttpOrHttps() || isBrowserExtension() || 'connection' in navigator)\n ) {\n return navigator.onLine;\n }\n // If we can't determine the state, assume it is online.\n return true;\n}\n\nexport function _getUserLanguage(): string | null {\n if (typeof navigator === 'undefined') {\n return null;\n }\n const navigatorLanguage: NavigatorLanguage = navigator;\n return (\n // Most reliable, but only supported in Chrome/Firefox.\n (navigatorLanguage.languages && navigatorLanguage.languages[0]) ||\n // Supported in most browsers, but returns the language of the browser\n // UI, not the language set in browser settings.\n navigatorLanguage.language ||\n // Couldn't determine language.\n null\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isMobileCordova, isReactNative } from '@firebase/util';\nimport { _isOnline } from './navigator';\nimport { debugAssert } from './assert';\n\nexport const enum DelayMin {\n OFFLINE = 5000\n}\n\n/**\n * A structure to help pick between a range of long and short delay durations\n * depending on the current environment. In general, the long delay is used for\n * mobile environments whereas short delays are used for desktop environments.\n */\nexport class Delay {\n // The default value for the offline delay timeout in ms.\n\n private readonly isMobile: boolean;\n constructor(\n private readonly shortDelay: number,\n private readonly longDelay: number\n ) {\n // Internal error when improperly initialized.\n debugAssert(\n longDelay > shortDelay,\n 'Short delay should be less than long delay!'\n );\n this.isMobile = isMobileCordova() || isReactNative();\n }\n\n get(): number {\n if (!_isOnline()) {\n // Pick the shorter timeout.\n return Math.min(DelayMin.OFFLINE, this.shortDelay);\n }\n // If running in a mobile environment, return the long delay, otherwise\n // return the short delay.\n // This could be improved in the future to dynamically change based on other\n // variables instead of just reading the current environment.\n return this.isMobile ? this.longDelay : this.shortDelay;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ConfigInternal } from '../../model/auth';\nimport { debugAssert } from './assert';\n\nexport function _emulatorUrl(config: ConfigInternal, path?: string): string {\n debugAssert(config.emulator, 'Emulator should always be set here');\n const { url } = config.emulator;\n\n if (!path) {\n return url;\n }\n\n return `${url}${path.startsWith('/') ? path.slice(1) : path}`;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { debugFail } from './assert';\n\nexport class FetchProvider {\n private static fetchImpl: typeof fetch | null;\n private static headersImpl: typeof Headers | null;\n private static responseImpl: typeof Response | null;\n\n static initialize(\n fetchImpl: typeof fetch,\n headersImpl?: typeof Headers,\n responseImpl?: typeof Response\n ): void {\n this.fetchImpl = fetchImpl;\n if (headersImpl) {\n this.headersImpl = headersImpl;\n }\n if (responseImpl) {\n this.responseImpl = responseImpl;\n }\n }\n\n static fetch(): typeof fetch {\n if (this.fetchImpl) {\n return this.fetchImpl;\n }\n if (typeof self !== 'undefined' && 'fetch' in self) {\n return self.fetch;\n }\n if (typeof globalThis !== 'undefined' && globalThis.fetch) {\n return globalThis.fetch;\n }\n if (typeof fetch !== 'undefined') {\n return fetch;\n }\n debugFail(\n 'Could not find fetch implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n\n static headers(): typeof Headers {\n if (this.headersImpl) {\n return this.headersImpl;\n }\n if (typeof self !== 'undefined' && 'Headers' in self) {\n return self.Headers;\n }\n if (typeof globalThis !== 'undefined' && globalThis.Headers) {\n return globalThis.Headers;\n }\n if (typeof Headers !== 'undefined') {\n return Headers;\n }\n debugFail(\n 'Could not find Headers implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n\n static response(): typeof Response {\n if (this.responseImpl) {\n return this.responseImpl;\n }\n if (typeof self !== 'undefined' && 'Response' in self) {\n return self.Response;\n }\n if (typeof globalThis !== 'undefined' && globalThis.Response) {\n return globalThis.Response;\n }\n if (typeof Response !== 'undefined') {\n return Response;\n }\n debugFail(\n 'Could not find Response implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../core/errors';\n\n/**\n * Errors that can be returned by the backend\n */\nexport const enum ServerError {\n ADMIN_ONLY_OPERATION = 'ADMIN_ONLY_OPERATION',\n BLOCKING_FUNCTION_ERROR_RESPONSE = 'BLOCKING_FUNCTION_ERROR_RESPONSE',\n CAPTCHA_CHECK_FAILED = 'CAPTCHA_CHECK_FAILED',\n CORS_UNSUPPORTED = 'CORS_UNSUPPORTED',\n CREDENTIAL_MISMATCH = 'CREDENTIAL_MISMATCH',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN = 'CREDENTIAL_TOO_OLD_LOGIN_AGAIN',\n DYNAMIC_LINK_NOT_ACTIVATED = 'DYNAMIC_LINK_NOT_ACTIVATED',\n EMAIL_CHANGE_NEEDS_VERIFICATION = 'EMAIL_CHANGE_NEEDS_VERIFICATION',\n EMAIL_EXISTS = 'EMAIL_EXISTS',\n EMAIL_NOT_FOUND = 'EMAIL_NOT_FOUND',\n EXPIRED_OOB_CODE = 'EXPIRED_OOB_CODE',\n FEDERATED_USER_ID_ALREADY_LINKED = 'FEDERATED_USER_ID_ALREADY_LINKED',\n INVALID_APP_CREDENTIAL = 'INVALID_APP_CREDENTIAL',\n INVALID_APP_ID = 'INVALID_APP_ID',\n INVALID_CERT_HASH = 'INVALID_CERT_HASH',\n INVALID_CODE = 'INVALID_CODE',\n INVALID_CONTINUE_URI = 'INVALID_CONTINUE_URI',\n INVALID_CUSTOM_TOKEN = 'INVALID_CUSTOM_TOKEN',\n INVALID_DYNAMIC_LINK_DOMAIN = 'INVALID_DYNAMIC_LINK_DOMAIN',\n INVALID_EMAIL = 'INVALID_EMAIL',\n INVALID_ID_TOKEN = 'INVALID_ID_TOKEN',\n INVALID_IDP_RESPONSE = 'INVALID_IDP_RESPONSE',\n INVALID_IDENTIFIER = 'INVALID_IDENTIFIER',\n INVALID_LOGIN_CREDENTIALS = 'INVALID_LOGIN_CREDENTIALS',\n INVALID_MESSAGE_PAYLOAD = 'INVALID_MESSAGE_PAYLOAD',\n INVALID_MFA_PENDING_CREDENTIAL = 'INVALID_MFA_PENDING_CREDENTIAL',\n INVALID_OAUTH_CLIENT_ID = 'INVALID_OAUTH_CLIENT_ID',\n INVALID_OOB_CODE = 'INVALID_OOB_CODE',\n INVALID_PASSWORD = 'INVALID_PASSWORD',\n INVALID_PENDING_TOKEN = 'INVALID_PENDING_TOKEN',\n INVALID_PHONE_NUMBER = 'INVALID_PHONE_NUMBER',\n INVALID_PROVIDER_ID = 'INVALID_PROVIDER_ID',\n INVALID_RECIPIENT_EMAIL = 'INVALID_RECIPIENT_EMAIL',\n INVALID_SENDER = 'INVALID_SENDER',\n INVALID_SESSION_INFO = 'INVALID_SESSION_INFO',\n INVALID_TEMPORARY_PROOF = 'INVALID_TEMPORARY_PROOF',\n INVALID_TENANT_ID = 'INVALID_TENANT_ID',\n MFA_ENROLLMENT_NOT_FOUND = 'MFA_ENROLLMENT_NOT_FOUND',\n MISSING_ANDROID_PACKAGE_NAME = 'MISSING_ANDROID_PACKAGE_NAME',\n MISSING_APP_CREDENTIAL = 'MISSING_APP_CREDENTIAL',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_CONTINUE_URI = 'MISSING_CONTINUE_URI',\n MISSING_CUSTOM_TOKEN = 'MISSING_CUSTOM_TOKEN',\n MISSING_IOS_BUNDLE_ID = 'MISSING_IOS_BUNDLE_ID',\n MISSING_MFA_ENROLLMENT_ID = 'MISSING_MFA_ENROLLMENT_ID',\n MISSING_MFA_PENDING_CREDENTIAL = 'MISSING_MFA_PENDING_CREDENTIAL',\n MISSING_OOB_CODE = 'MISSING_OOB_CODE',\n MISSING_OR_INVALID_NONCE = 'MISSING_OR_INVALID_NONCE',\n MISSING_PASSWORD = 'MISSING_PASSWORD',\n MISSING_REQ_TYPE = 'MISSING_REQ_TYPE',\n MISSING_PHONE_NUMBER = 'MISSING_PHONE_NUMBER',\n MISSING_SESSION_INFO = 'MISSING_SESSION_INFO',\n OPERATION_NOT_ALLOWED = 'OPERATION_NOT_ALLOWED',\n PASSWORD_LOGIN_DISABLED = 'PASSWORD_LOGIN_DISABLED',\n QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n RESET_PASSWORD_EXCEED_LIMIT = 'RESET_PASSWORD_EXCEED_LIMIT',\n REJECTED_CREDENTIAL = 'REJECTED_CREDENTIAL',\n SECOND_FACTOR_EXISTS = 'SECOND_FACTOR_EXISTS',\n SECOND_FACTOR_LIMIT_EXCEEDED = 'SECOND_FACTOR_LIMIT_EXCEEDED',\n SESSION_EXPIRED = 'SESSION_EXPIRED',\n TENANT_ID_MISMATCH = 'TENANT_ID_MISMATCH',\n TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n TOO_MANY_ATTEMPTS_TRY_LATER = 'TOO_MANY_ATTEMPTS_TRY_LATER',\n UNSUPPORTED_FIRST_FACTOR = 'UNSUPPORTED_FIRST_FACTOR',\n UNSUPPORTED_TENANT_OPERATION = 'UNSUPPORTED_TENANT_OPERATION',\n UNAUTHORIZED_DOMAIN = 'UNAUTHORIZED_DOMAIN',\n UNVERIFIED_EMAIL = 'UNVERIFIED_EMAIL',\n USER_CANCELLED = 'USER_CANCELLED',\n USER_DISABLED = 'USER_DISABLED',\n USER_NOT_FOUND = 'USER_NOT_FOUND',\n WEAK_PASSWORD = 'WEAK_PASSWORD',\n RECAPTCHA_NOT_ENABLED = 'RECAPTCHA_NOT_ENABLED',\n MISSING_RECAPTCHA_TOKEN = 'MISSING_RECAPTCHA_TOKEN',\n INVALID_RECAPTCHA_TOKEN = 'INVALID_RECAPTCHA_TOKEN',\n INVALID_RECAPTCHA_ACTION = 'INVALID_RECAPTCHA_ACTION',\n MISSING_CLIENT_TYPE = 'MISSING_CLIENT_TYPE',\n MISSING_RECAPTCHA_VERSION = 'MISSING_RECAPTCHA_VERSION',\n INVALID_RECAPTCHA_VERSION = 'INVALID_RECAPTCHA_VERSION',\n INVALID_REQ_TYPE = 'INVALID_REQ_TYPE',\n PASSWORD_DOES_NOT_MEET_REQUIREMENTS = 'PASSWORD_DOES_NOT_MEET_REQUIREMENTS',\n INVALID_HOSTING_LINK_DOMAIN = 'INVALID_HOSTING_LINK_DOMAIN'\n}\n\n/**\n * API Response in the event of an error\n */\nexport interface JsonError {\n error: {\n code: number;\n message: string;\n errors?: [\n {\n message: ServerError;\n domain: string;\n reason: string;\n }\n ];\n };\n}\n\n/**\n * Type definition for a map from server errors to developer visible errors\n */\nexport declare type ServerErrorMap<ApiError extends string> = {\n readonly [K in ApiError]: AuthErrorCode;\n};\n\n/**\n * Map from errors returned by the server to errors to developer visible errors\n */\nexport const SERVER_ERROR_MAP: Partial<ServerErrorMap<ServerError>> = {\n // Custom token errors.\n [ServerError.CREDENTIAL_MISMATCH]: AuthErrorCode.CREDENTIAL_MISMATCH,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_CUSTOM_TOKEN]: AuthErrorCode.INTERNAL_ERROR,\n\n // Create Auth URI errors.\n [ServerError.INVALID_IDENTIFIER]: AuthErrorCode.INVALID_EMAIL,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_CONTINUE_URI]: AuthErrorCode.INTERNAL_ERROR,\n\n // Sign in with email and password errors (some apply to sign up too).\n [ServerError.INVALID_PASSWORD]: AuthErrorCode.INVALID_PASSWORD,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_PASSWORD]: AuthErrorCode.MISSING_PASSWORD,\n // Thrown if Email Enumeration Protection is enabled in the project and the email or password is\n // invalid.\n [ServerError.INVALID_LOGIN_CREDENTIALS]: AuthErrorCode.INVALID_CREDENTIAL,\n\n // Sign up with email and password errors.\n [ServerError.EMAIL_EXISTS]: AuthErrorCode.EMAIL_EXISTS,\n [ServerError.PASSWORD_LOGIN_DISABLED]: AuthErrorCode.OPERATION_NOT_ALLOWED,\n\n // Verify assertion for sign in with credential errors:\n [ServerError.INVALID_IDP_RESPONSE]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.INVALID_PENDING_TOKEN]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.FEDERATED_USER_ID_ALREADY_LINKED]:\n AuthErrorCode.CREDENTIAL_ALREADY_IN_USE,\n\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_REQ_TYPE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Send Password reset email errors:\n [ServerError.EMAIL_NOT_FOUND]: AuthErrorCode.USER_DELETED,\n [ServerError.RESET_PASSWORD_EXCEED_LIMIT]:\n AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER,\n\n [ServerError.EXPIRED_OOB_CODE]: AuthErrorCode.EXPIRED_OOB_CODE,\n [ServerError.INVALID_OOB_CODE]: AuthErrorCode.INVALID_OOB_CODE,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_OOB_CODE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Operations that require ID token in request:\n [ServerError.CREDENTIAL_TOO_OLD_LOGIN_AGAIN]:\n AuthErrorCode.CREDENTIAL_TOO_OLD_LOGIN_AGAIN,\n [ServerError.INVALID_ID_TOKEN]: AuthErrorCode.INVALID_AUTH,\n [ServerError.TOKEN_EXPIRED]: AuthErrorCode.TOKEN_EXPIRED,\n [ServerError.USER_NOT_FOUND]: AuthErrorCode.TOKEN_EXPIRED,\n\n // Other errors.\n [ServerError.TOO_MANY_ATTEMPTS_TRY_LATER]:\n AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER,\n [ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS]:\n AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS,\n\n // Phone Auth related errors.\n [ServerError.INVALID_CODE]: AuthErrorCode.INVALID_CODE,\n [ServerError.INVALID_SESSION_INFO]: AuthErrorCode.INVALID_SESSION_INFO,\n [ServerError.INVALID_TEMPORARY_PROOF]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.MISSING_SESSION_INFO]: AuthErrorCode.MISSING_SESSION_INFO,\n [ServerError.SESSION_EXPIRED]: AuthErrorCode.CODE_EXPIRED,\n\n // Other action code errors when additional settings passed.\n // MISSING_CONTINUE_URI is getting mapped to INTERNAL_ERROR above.\n // This is OK as this error will be caught by client side validation.\n [ServerError.MISSING_ANDROID_PACKAGE_NAME]:\n AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME,\n [ServerError.UNAUTHORIZED_DOMAIN]: AuthErrorCode.UNAUTHORIZED_DOMAIN,\n\n // getProjectConfig errors when clientId is passed.\n [ServerError.INVALID_OAUTH_CLIENT_ID]: AuthErrorCode.INVALID_OAUTH_CLIENT_ID,\n\n // User actions (sign-up or deletion) disabled errors.\n [ServerError.ADMIN_ONLY_OPERATION]: AuthErrorCode.ADMIN_ONLY_OPERATION,\n\n // Multi factor related errors.\n [ServerError.INVALID_MFA_PENDING_CREDENTIAL]:\n AuthErrorCode.INVALID_MFA_SESSION,\n [ServerError.MFA_ENROLLMENT_NOT_FOUND]: AuthErrorCode.MFA_INFO_NOT_FOUND,\n [ServerError.MISSING_MFA_ENROLLMENT_ID]: AuthErrorCode.MISSING_MFA_INFO,\n [ServerError.MISSING_MFA_PENDING_CREDENTIAL]:\n AuthErrorCode.MISSING_MFA_SESSION,\n [ServerError.SECOND_FACTOR_EXISTS]:\n AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED,\n [ServerError.SECOND_FACTOR_LIMIT_EXCEEDED]:\n AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED,\n\n // Blocking functions related errors.\n [ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Recaptcha related errors.\n [ServerError.RECAPTCHA_NOT_ENABLED]: AuthErrorCode.RECAPTCHA_NOT_ENABLED,\n [ServerError.MISSING_RECAPTCHA_TOKEN]: AuthErrorCode.MISSING_RECAPTCHA_TOKEN,\n [ServerError.INVALID_RECAPTCHA_TOKEN]: AuthErrorCode.INVALID_RECAPTCHA_TOKEN,\n [ServerError.INVALID_RECAPTCHA_ACTION]:\n AuthErrorCode.INVALID_RECAPTCHA_ACTION,\n [ServerError.MISSING_CLIENT_TYPE]: AuthErrorCode.MISSING_CLIENT_TYPE,\n [ServerError.MISSING_RECAPTCHA_VERSION]:\n AuthErrorCode.MISSING_RECAPTCHA_VERSION,\n [ServerError.INVALID_RECAPTCHA_VERSION]:\n AuthErrorCode.INVALID_RECAPTCHA_VERSION,\n [ServerError.INVALID_REQ_TYPE]: AuthErrorCode.INVALID_REQ_TYPE\n};\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n FirebaseError,\n isCloudflareWorker,\n isCloudWorkstation,\n querystring\n} from '@firebase/util';\n\nimport { AuthErrorCode, NamedErrorParams } from '../core/errors';\nimport {\n _createError,\n _errorWithCustomMessage,\n _fail\n} from '../core/util/assert';\nimport { Delay } from '../core/util/delay';\nimport { _emulatorUrl } from '../core/util/emulator';\nimport { FetchProvider } from '../core/util/fetch_provider';\nimport { Auth } from '../model/public_types';\nimport { AuthInternal, ConfigInternal } from '../model/auth';\nimport { IdTokenResponse, TaggedWithTokenResponse } from '../model/id_token';\nimport { IdTokenMfaResponse } from './authentication/mfa';\nimport { SERVER_ERROR_MAP, ServerError, ServerErrorMap } from './errors';\nimport { PersistenceType } from '../core/persistence';\nimport { CookiePersistence } from '../platform_browser/persistence/cookie_storage';\n\nexport const enum HttpMethod {\n POST = 'POST',\n GET = 'GET'\n}\n\nexport const enum HttpHeader {\n CONTENT_TYPE = 'Content-Type',\n X_FIREBASE_LOCALE = 'X-Firebase-Locale',\n X_CLIENT_VERSION = 'X-Client-Version',\n X_FIREBASE_GMPID = 'X-Firebase-gmpid',\n X_FIREBASE_CLIENT = 'X-Firebase-Client',\n X_FIREBASE_APP_CHECK = 'X-Firebase-AppCheck'\n}\n\nexport const enum Endpoint {\n CREATE_AUTH_URI = '/v1/accounts:createAuthUri',\n DELETE_ACCOUNT = '/v1/accounts:delete',\n RESET_PASSWORD = '/v1/accounts:resetPassword',\n SIGN_UP = '/v1/accounts:signUp',\n SIGN_IN_WITH_CUSTOM_TOKEN = '/v1/accounts:signInWithCustomToken',\n SIGN_IN_WITH_EMAIL_LINK = '/v1/accounts:signInWithEmailLink',\n SIGN_IN_WITH_IDP = '/v1/accounts:signInWithIdp',\n SIGN_IN_WITH_PASSWORD = '/v1/accounts:signInWithPassword',\n SIGN_IN_WITH_PHONE_NUMBER = '/v1/accounts:signInWithPhoneNumber',\n SEND_VERIFICATION_CODE = '/v1/accounts:sendVerificationCode',\n SEND_OOB_CODE = '/v1/accounts:sendOobCode',\n SET_ACCOUNT_INFO = '/v1/accounts:update',\n GET_ACCOUNT_INFO = '/v1/accounts:lookup',\n GET_RECAPTCHA_PARAM = '/v1/recaptchaParams',\n START_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:start',\n FINALIZE_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:finalize',\n START_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:start',\n FINALIZE_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:finalize',\n WITHDRAW_MFA = '/v2/accounts/mfaEnrollment:withdraw',\n GET_PROJECT_CONFIG = '/v1/projects',\n GET_RECAPTCHA_CONFIG = '/v2/recaptchaConfig',\n GET_PASSWORD_POLICY = '/v2/passwordPolicy',\n TOKEN = '/v1/token',\n REVOKE_TOKEN = '/v2/accounts:revokeToken'\n}\n\nconst CookieAuthProxiedEndpoints: string[] = [\n Endpoint.SIGN_IN_WITH_CUSTOM_TOKEN,\n Endpoint.SIGN_IN_WITH_EMAIL_LINK,\n Endpoint.SIGN_IN_WITH_IDP,\n Endpoint.SIGN_IN_WITH_PASSWORD,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n Endpoint.TOKEN\n];\n\nexport const enum RecaptchaClientType {\n WEB = 'CLIENT_TYPE_WEB',\n ANDROID = 'CLIENT_TYPE_ANDROID',\n IOS = 'CLIENT_TYPE_IOS'\n}\n\nexport const enum RecaptchaVersion {\n ENTERPRISE = 'RECAPTCHA_ENTERPRISE'\n}\n\nexport const enum RecaptchaActionName {\n SIGN_IN_WITH_PASSWORD = 'signInWithPassword',\n GET_OOB_CODE = 'getOobCode',\n SIGN_UP_PASSWORD = 'signUpPassword',\n SEND_VERIFICATION_CODE = 'sendVerificationCode',\n MFA_SMS_ENROLLMENT = 'mfaSmsEnrollment',\n MFA_SMS_SIGNIN = 'mfaSmsSignIn'\n}\n\nexport const enum EnforcementState {\n ENFORCE = 'ENFORCE',\n AUDIT = 'AUDIT',\n OFF = 'OFF',\n ENFORCEMENT_STATE_UNSPECIFIED = 'ENFORCEMENT_STATE_UNSPECIFIED'\n}\n\n// Providers that have reCAPTCHA Enterprise support.\nexport const enum RecaptchaAuthProvider {\n EMAIL_PASSWORD_PROVIDER = 'EMAIL_PASSWORD_PROVIDER',\n PHONE_PROVIDER = 'PHONE_PROVIDER'\n}\n\nexport const DEFAULT_API_TIMEOUT_MS = new Delay(30_000, 60_000);\n\nexport function _addTidIfNecessary<T extends { tenantId?: string }>(\n auth: Auth,\n request: T\n): T {\n if (auth.tenantId && !request.tenantId) {\n return {\n ...request,\n tenantId: auth.tenantId\n };\n }\n return request;\n}\n\nexport async function _performApiRequest<T, V>(\n auth: Auth,\n method: HttpMethod,\n path: Endpoint,\n request?: T,\n customErrorMap: Partial<ServerErrorMap<ServerError>> = {}\n): Promise<V> {\n return _performFetchWithErrorHandling(auth, customErrorMap, async () => {\n let body = {};\n let params = {};\n if (request) {\n if (method === HttpMethod.GET) {\n params = request;\n } else {\n body = {\n body: JSON.stringify(request)\n };\n }\n }\n\n const query = querystring({\n key: auth.config.apiKey,\n ...params\n }).slice(1);\n\n const headers = await (auth as AuthInternal)._getAdditionalHeaders();\n headers[HttpHeader.CONTENT_TYPE] = 'application/json';\n\n if (auth.languageCode) {\n headers[HttpHeader.X_FIREBASE_LOCALE] = auth.languageCode;\n }\n\n const fetchArgs: RequestInit = {\n method,\n headers,\n ...body\n };\n\n /* Security-conscious server-side frameworks tend to have built in mitigations for referrer\n problems\". See the Cloudflare GitHub issue #487: Error: The 'referrerPolicy' field on\n 'RequestInitializerDict' is not implemented.\"\n https://github.com/cloudflare/next-on-pages/issues/487 */\n if (!isCloudflareWorker()) {\n fetchArgs.referrerPolicy = 'no-referrer';\n }\n\n if (auth.emulatorConfig && isCloudWorkstation(auth.emulatorConfig.host)) {\n fetchArgs.credentials = 'include';\n }\n\n return FetchProvider.fetch()(\n await _getFinalTarget(auth, auth.config.apiHost, path, query),\n fetchArgs\n );\n });\n}\n\nexport async function _performFetchWithErrorHandling<V>(\n auth: Auth,\n customErrorMap: Partial<ServerErrorMap<ServerError>>,\n fetchFn: () => Promise<Response>\n): Promise<V> {\n (auth as AuthInternal)._canInitEmulator = false;\n const errorMap = { ...SERVER_ERROR_MAP, ...customErrorMap };\n try {\n const networkTimeout = new NetworkTimeout<Response>(auth);\n const response: Response = await Promise.race<Promise<Response>>([\n fetchFn(),\n networkTimeout.promise\n ]);\n\n // If we've reached this point, the fetch succeeded and the networkTimeout\n // didn't throw; clear the network timeout delay so that Node won't hang\n networkTimeout.clearNetworkTimeout();\n\n const json = await response.json();\n if ('needConfirmation' in json) {\n throw _makeTaggedError(auth, AuthErrorCode.NEED_CONFIRMATION, json);\n }\n\n if (response.ok && !('errorMessage' in json)) {\n return json;\n } else {\n const errorMessage = response.ok ? json.errorMessage : json.error.message;\n const [serverErrorCode, serverErrorMessage] = errorMessage.split(' : ');\n if (serverErrorCode === ServerError.FEDERATED_USER_ID_ALREADY_LINKED) {\n throw _makeTaggedError(\n auth,\n AuthErrorCode.CREDENTIAL_ALREADY_IN_USE,\n json\n );\n } else if (serverErrorCode === ServerError.EMAIL_EXISTS) {\n throw _makeTaggedError(auth, AuthErrorCode.EMAIL_EXISTS, json);\n } else if (serverErrorCode === ServerError.USER_DISABLED) {\n throw _makeTaggedError(auth, AuthErrorCode.USER_DISABLED, json);\n }\n const authError =\n errorMap[serverErrorCode as ServerError] ||\n (serverErrorCode\n .toLowerCase()\n .replace(/[_\\s]+/g, '-') as unknown as AuthErrorCode);\n if (serverErrorMessage) {\n throw _errorWithCustomMessage(auth, authError, serverErrorMessage);\n } else {\n _fail(auth, authError);\n }\n }\n } catch (e) {\n if (e instanceof FirebaseError) {\n throw e;\n }\n // Changing this to a different error code will log user out when there is a network error\n // because we treat any error other than NETWORK_REQUEST_FAILED as token is invalid.\n // https://github.com/firebase/firebase-js-sdk/blob/4fbc73610d70be4e0852e7de63a39cb7897e8546/packages/auth/src/core/auth/auth_impl.ts#L309-L316\n _fail(auth, AuthErrorCode.NETWORK_REQUEST_FAILED, { 'message': String(e) });\n }\n}\n\nexport async function _performSignInRequest<T, V extends IdTokenResponse>(\n auth: Auth,\n method: HttpMethod,\n path: Endpoint,\n request?: T,\n customErrorMap: Partial<ServerErrorMap<ServerError>> = {}\n): Promise<V> {\n const serverResponse = await _performApiRequest<T, V | IdTokenMfaResponse>(\n auth,\n method,\n path,\n request,\n customErrorMap\n );\n if ('mfaPendingCredential' in serverResponse) {\n _fail(auth, AuthErrorCode.MFA_REQUIRED, {\n _serverResponse: serverResponse\n });\n }\n\n return serverResponse as V;\n}\n\nexport async function _getFinalTarget(\n auth: Auth,\n host: string,\n path: string,\n query: string\n): Promise<string> {\n const base = `${host}${path}?${query}`;\n\n const authInternal = auth as AuthInternal;\n const finalTarget = authInternal.config.emulator\n ? _emulatorUrl(auth.config as ConfigInternal, base)\n : `${auth.config.apiScheme}://${base}`;\n\n // Cookie auth works by MiTMing the signIn and token endpoints from the developer's backend,\n // saving the idToken and refreshToken into cookies, and then redacting the refreshToken\n // from the response\n if (CookieAuthProxiedEndpoints.includes(path)) {\n // Persistence manager is async, we need to await it. We can't just wait for auth initialized\n // here since auth initialization calls this function.\n await authInternal._persistenceManagerAvailable;\n if (authInternal._getPersistenceType() === PersistenceType.COOKIE) {\n const cookiePersistence =\n authInternal._getPersistence() as CookiePersistence;\n return cookiePersistence._getFinalTarget(finalTarget).toString();\n }\n }\n\n return finalTarget;\n}\n\nexport function _parseEnforcementState(\n enforcementStateStr: string\n): EnforcementState {\n switch (enforcementStateStr) {\n case 'ENFORCE':\n return EnforcementState.ENFORCE;\n case 'AUDIT':\n return EnforcementState.AUDIT;\n case 'OFF':\n return EnforcementState.OFF;\n default:\n return EnforcementState.ENFORCEMENT_STATE_UNSPECIFIED;\n }\n}\n\nclass NetworkTimeout<T> {\n // Node timers and browser timers are fundamentally incompatible, but we\n // don't care about the value here\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private timer: any | null = null;\n readonly promise = new Promise<T>((_, reject) => {\n this.timer = setTimeout(() => {\n return reject(\n _createError(this.auth, AuthErrorCode.NETWORK_REQUEST_FAILED)\n );\n }, DEFAULT_API_TIMEOUT_MS.get());\n });\n\n clearNetworkTimeout(): void {\n clearTimeout(this.timer);\n }\n\n constructor(private readonly auth: Auth) {}\n}\n\ninterface PotentialResponse extends IdTokenResponse {\n email?: string;\n phoneNumber?: string;\n}\n\nexport function _makeTaggedError(\n auth: Auth,\n code: AuthErrorCode,\n response: PotentialResponse\n): FirebaseError {\n const errorParams: NamedErrorParams = {\n appName: auth.name\n };\n\n if (response.email) {\n errorParams.email = response.email;\n }\n if (response.phoneNumber) {\n errorParams.phoneNumber = response.phoneNumber;\n }\n\n const error = _createError(auth, code, errorParams);\n\n // We know customData is defined on error because errorParams is defined\n (error.customData! as TaggedWithTokenResponse)._tokenResponse = response;\n return error;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { RecaptchaParameters } from '../../model/public_types';\nimport {\n GetRecaptchaConfigResponse,\n RecaptchaEnforcementProviderState\n} from '../../api/authentication/recaptcha';\nimport {\n EnforcementState,\n RecaptchaAuthProvider,\n _parseEnforcementState\n} from '../../api/index';\n\n// reCAPTCHA v2 interface\nexport interface Recaptcha {\n render: (container: HTMLElement, parameters: RecaptchaParameters) => number;\n getResponse: (id: number) => string;\n execute: (id: number) => unknown;\n reset: (id: number) => unknown;\n}\n\nexport function isV2(\n grecaptcha: Recaptcha | GreCAPTCHA | undefined\n): grecaptcha is Recaptcha {\n return (\n grecaptcha !== undefined &&\n (grecaptcha as Recaptcha).getResponse !== undefined\n );\n}\n\n// reCAPTCHA Enterprise & v3 shared interface\nexport interface GreCAPTCHATopLevel extends GreCAPTCHA {\n enterprise: GreCAPTCHA;\n}\n\n// reCAPTCHA Enterprise interface\nexport interface GreCAPTCHA {\n ready: (callback: () => void) => void;\n execute: (siteKey: string, options: { action: string }) => Promise<string>;\n render: (\n container: string | HTMLElement,\n parameters: GreCAPTCHARenderOption\n ) => string;\n}\n\nexport interface GreCAPTCHARenderOption {\n sitekey: string;\n size: 'invisible';\n}\n\nexport function isEnterprise(\n grecaptcha: Recaptcha | GreCAPTCHA | undefined\n): grecaptcha is GreCAPTCHATopLevel {\n return (\n grecaptcha !== undefined &&\n (grecaptcha as GreCAPTCHATopLevel).enterprise !== undefined\n );\n}\n\n// TODO(chuanr): Replace this with the AuthWindow after resolving the dependency issue in Node.js env.\ndeclare global {\n interface Window {\n grecaptcha?: Recaptcha | GreCAPTCHATopLevel;\n }\n}\n\nexport class RecaptchaConfig {\n /**\n * The reCAPTCHA site key.\n */\n siteKey: string = '';\n\n /**\n * The list of providers and their enablement status for reCAPTCHA Enterprise.\n */\n recaptchaEnforcementState: RecaptchaEnforcementProviderState[] = [];\n\n constructor(response: GetRecaptchaConfigResponse) {\n if (response.recaptchaKey === undefined) {\n throw new Error('recaptchaKey undefined');\n }\n // Example response.recaptchaKey: \"projects/proj123/keys/sitekey123\"\n this.siteKey = response.recaptchaKey.split('/')[3];\n this.recaptchaEnforcementState = response.recaptchaEnforcementState;\n }\n\n /**\n * Returns the reCAPTCHA Enterprise enforcement state for the given provider.\n *\n * @param providerStr - The provider whose enforcement state is to be returned.\n * @returns The reCAPTCHA Enterprise enforcement state for the given provider.\n */\n getProviderEnforcementState(providerStr: string): EnforcementState | null {\n if (\n !this.recaptchaEnforcementState ||\n this.recaptchaEnforcementState.length === 0\n ) {\n return null;\n }\n\n for (const recaptchaEnforcementState of this.recaptchaEnforcementState) {\n if (\n recaptchaEnforcementState.provider &&\n recaptchaEnforcementState.provider === providerStr\n ) {\n return _parseEnforcementState(\n recaptchaEnforcementState.enforcementState\n );\n }\n }\n return null;\n }\n\n /**\n * Returns true if the reCAPTCHA Enterprise enforcement state for the provider is set to ENFORCE or AUDIT.\n *\n * @param providerStr - The provider whose enablement state is to be returned.\n * @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider.\n */\n isProviderEnabled(providerStr: string): boolean {\n return (\n this.getProviderEnforcementState(providerStr) ===\n EnforcementState.ENFORCE ||\n this.getProviderEnforcementState(providerStr) === EnforcementState.AUDIT\n );\n }\n\n /**\n * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise\n * returns false.\n *\n * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider.\n */\n isAnyProviderEnabled(): boolean {\n return (\n this.isProviderEnabled(RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER) ||\n this.isProviderEnabled(RecaptchaAuthProvider.PHONE_PROVIDER)\n );\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _performApiRequest,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\ninterface GetRecaptchaParamResponse {\n recaptchaSiteKey?: string;\n}\n\nexport async function getRecaptchaParams(auth: Auth): Promise<string> {\n return (\n (\n await _performApiRequest<void, GetRecaptchaParamResponse>(\n auth,\n HttpMethod.GET,\n Endpoint.GET_RECAPTCHA_PARAM\n )\n ).recaptchaSiteKey || ''\n );\n}\n\n// The following functions are for reCAPTCHA enterprise integration.\ninterface GetRecaptchaConfigRequest {\n tenantId?: string;\n clientType?: RecaptchaClientType;\n version?: RecaptchaVersion;\n}\n\nexport interface RecaptchaEnforcementProviderState {\n provider: string;\n enforcementState: string;\n}\n\nexport interface GetRecaptchaConfigResponse {\n recaptchaKey: string;\n recaptchaEnforcementState: RecaptchaEnforcementProviderState[];\n}\n\nexport async function getRecaptchaConfig(\n auth: Auth,\n request: GetRecaptchaConfigRequest\n): Promise<GetRecaptchaConfigResponse> {\n return _performApiRequest<\n GetRecaptchaConfigRequest,\n GetRecaptchaConfigResponse\n >(\n auth,\n HttpMethod.GET,\n Endpoint.GET_RECAPTCHA_CONFIG,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Endpoint, HttpMethod, _performApiRequest } from '../index';\nimport { MfaEnrollment } from './mfa';\nimport { Auth } from '../../model/public_types';\n\nexport interface DeleteAccountRequest {\n idToken: string;\n}\n\nexport async function deleteAccount(\n auth: Auth,\n request: DeleteAccountRequest\n): Promise<void> {\n return _performApiRequest<DeleteAccountRequest, void>(\n auth,\n HttpMethod.POST,\n Endpoint.DELETE_ACCOUNT,\n request\n );\n}\n\nexport interface ProviderUserInfo {\n providerId: string;\n rawId?: string;\n email?: string;\n displayName?: string;\n photoUrl?: string;\n phoneNumber?: string;\n}\n\nexport interface DeleteLinkedAccountsRequest {\n idToken: string;\n deleteProvider: string[];\n}\n\nexport interface DeleteLinkedAccountsResponse {\n providerUserInfo: ProviderUserInfo[];\n}\n\nexport async function deleteLinkedAccounts(\n auth: Auth,\n request: DeleteLinkedAccountsRequest\n): Promise<DeleteLinkedAccountsResponse> {\n return _performApiRequest<\n DeleteLinkedAccountsRequest,\n DeleteLinkedAccountsResponse\n >(auth, HttpMethod.POST, Endpoint.SET_ACCOUNT_INFO, request);\n}\n\nexport interface APIUserInfo {\n localId?: string;\n displayName?: string;\n photoUrl?: string;\n email?: string;\n emailVerified?: boolean;\n phoneNumber?: string;\n lastLoginAt?: number;\n createdAt?: number;\n tenantId?: string;\n passwordHash?: string;\n providerUserInfo?: ProviderUserInfo[];\n mfaInfo?: MfaEnrollment[];\n}\n\nexport interface GetAccountInfoRequest {\n idToken: string;\n}\n\nexport interface GetAccountInfoResponse {\n users: APIUserInfo[];\n}\n\nexport async function getAccountInfo(\n auth: Auth,\n request: GetAccountInfoRequest\n): Promise<GetAccountInfoResponse> {\n return _performApiRequest<GetAccountInfoRequest, GetAccountInfoResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.GET_ACCOUNT_INFO,\n request\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function utcTimestampToDateString(\n utcTimestamp?: string | number\n): string | undefined {\n if (!utcTimestamp) {\n return undefined;\n }\n try {\n // Convert to date object.\n const date = new Date(Number(utcTimestamp));\n // Test date is valid.\n if (!isNaN(date.getTime())) {\n // Convert to UTC date string.\n return date.toUTCString();\n }\n } catch (e) {\n // Do nothing. undefined will be returned.\n }\n return undefined;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { IdTokenResult, ParsedToken, User } from '../../model/public_types';\nimport { base64Decode, getModularInstance } from '@firebase/util';\n\nimport { UserInternal } from '../../model/user';\nimport { _assert } from '../util/assert';\nimport { _logError } from '../util/log';\nimport { utcTimestampToDateString } from '../util/time';\nimport { AuthErrorCode } from '../errors';\n\n/**\n * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.\n *\n * @remarks\n * Returns the current token if it has not expired or if it will not expire in the next five\n * minutes. Otherwise, this will refresh the token and return a new one.\n *\n * @param user - The user.\n * @param forceRefresh - Force refresh regardless of token expiration.\n *\n * @public\n */\nexport function getIdToken(user: User, forceRefresh = false): Promise<string> {\n return getModularInstance(user).getIdToken(forceRefresh);\n}\n\n/**\n * Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.\n *\n * @remarks\n * Returns the current token if it has not expired or if it will not expire in the next five\n * minutes. Otherwise, this will refresh the token and return a new one.\n *\n * @param user - The user.\n * @param forceRefresh - Force refresh regardless of token expiration.\n *\n * @public\n */\nexport async function getIdTokenResult(\n user: User,\n forceRefresh = false\n): Promise<IdTokenResult> {\n const userInternal = getModularInstance(user) as UserInternal;\n const token = await userInternal.getIdToken(forceRefresh);\n const claims = _parseToken(token);\n\n _assert(\n claims && claims.exp && claims.auth_time && claims.iat,\n userInternal.auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const firebase =\n typeof claims.firebase === 'object' ? claims.firebase : undefined;\n\n const signInProvider: string | undefined = firebase?.['sign_in_provider'];\n\n return {\n claims,\n token,\n authTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.auth_time)\n )!,\n issuedAtTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.iat)\n )!,\n expirationTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.exp)\n )!,\n signInProvider: signInProvider || null,\n signInSecondFactor: firebase?.['sign_in_second_factor'] || null\n };\n}\n\nfunction secondsStringToMilliseconds(seconds: string): number {\n return Number(seconds) * 1000;\n}\n\nexport function _parseToken(token: string): ParsedToken | null {\n const [algorithm, payload, signature] = token.split('.');\n if (\n algorithm === undefined ||\n payload === undefined ||\n signature === undefined\n ) {\n _logError('JWT malformed, contained fewer than 3 sections');\n return null;\n }\n\n try {\n const decoded = base64Decode(payload);\n if (!decoded) {\n _logError('Failed to decode base64 JWT payload');\n return null;\n }\n return JSON.parse(decoded);\n } catch (e) {\n _logError(\n 'Caught error parsing JWT payload as JSON',\n (e as Error)?.toString()\n );\n return null;\n }\n}\n\n/**\n * Extract expiresIn TTL from a token by subtracting the expiration from the issuance.\n */\nexport function _tokenExpiresIn(token: string): number {\n const parsedToken = _parseToken(token);\n _assert(parsedToken, AuthErrorCode.INTERNAL_ERROR);\n _assert(typeof parsedToken.exp !== 'undefined', AuthErrorCode.INTERNAL_ERROR);\n _assert(typeof parsedToken.iat !== 'undefined', AuthErrorCode.INTERNAL_ERROR);\n return Number(parsedToken.exp) - Number(parsedToken.iat);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\n\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\n\nexport async function _logoutIfInvalidated<T>(\n user: UserInternal,\n promise: Promise<T>,\n bypassAuthState = false\n): Promise<T> {\n if (bypassAuthState) {\n return promise;\n }\n try {\n return await promise;\n } catch (e) {\n if (e instanceof FirebaseError && isUserInvalidated(e)) {\n if (user.auth.currentUser === user) {\n await user.auth.signOut();\n }\n }\n\n throw e;\n }\n}\n\nfunction isUserInvalidated({ code }: FirebaseError): boolean {\n return (\n code === `auth/${AuthErrorCode.USER_DISABLED}` ||\n code === `auth/${AuthErrorCode.TOKEN_EXPIRED}`\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\n\n// Refresh the token five minutes before expiration\nexport const enum Duration {\n OFFSET = 5 * 1000 * 60,\n RETRY_BACKOFF_MIN = 30 * 1000,\n RETRY_BACKOFF_MAX = 16 * 60 * 1000\n}\n\nexport class ProactiveRefresh {\n private isRunning = false;\n\n // Node timers and browser timers return fundamentally different types.\n // We don't actually care what the value is but TS won't accept unknown and\n // we can't cast properly in both environments.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private timerId: any | null = null;\n private errorBackoff = Duration.RETRY_BACKOFF_MIN;\n\n constructor(private readonly user: UserInternal) {}\n\n _start(): void {\n if (this.isRunning) {\n return;\n }\n\n this.isRunning = true;\n this.schedule();\n }\n\n _stop(): void {\n if (!this.isRunning) {\n return;\n }\n\n this.isRunning = false;\n if (this.timerId !== null) {\n clearTimeout(this.timerId);\n }\n }\n\n private getInterval(wasError: boolean): number {\n if (wasError) {\n const interval = this.errorBackoff;\n this.errorBackoff = Math.min(\n this.errorBackoff * 2,\n Duration.RETRY_BACKOFF_MAX\n );\n return interval;\n } else {\n // Reset the error backoff\n this.errorBackoff = Duration.RETRY_BACKOFF_MIN;\n const expTime = this.user.stsTokenManager.expirationTime ?? 0;\n const interval = expTime - Date.now() - Duration.OFFSET;\n\n return Math.max(0, interval);\n }\n }\n\n private schedule(wasError = false): void {\n if (!this.isRunning) {\n // Just in case...\n return;\n }\n\n const interval = this.getInterval(wasError);\n this.timerId = setTimeout(async () => {\n await this.iteration();\n }, interval);\n }\n\n private async iteration(): Promise<void> {\n try {\n await this.user.getIdToken(true);\n } catch (e) {\n // Only retry on network errors\n if (\n (e as FirebaseError)?.code ===\n `auth/${AuthErrorCode.NETWORK_REQUEST_FAILED}`\n ) {\n this.schedule(/* wasError */ true);\n }\n\n return;\n }\n this.schedule();\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserMetadata as UserMetadataType } from '../../model/public_types';\n\nimport { utcTimestampToDateString } from '../util/time';\n\nexport class UserMetadata implements UserMetadataType {\n creationTime?: string;\n lastSignInTime?: string;\n\n constructor(\n private createdAt?: string | number,\n private lastLoginAt?: string | number\n ) {\n this._initializeTime();\n }\n\n private _initializeTime(): void {\n this.lastSignInTime = utcTimestampToDateString(this.lastLoginAt);\n this.creationTime = utcTimestampToDateString(this.createdAt);\n }\n\n _copy(metadata: UserMetadata): void {\n this.createdAt = metadata.createdAt;\n this.lastLoginAt = metadata.lastLoginAt;\n this._initializeTime();\n }\n\n toJSON(): object {\n return {\n createdAt: this.createdAt,\n lastLoginAt: this.lastLoginAt\n };\n }\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User, UserInfo } from '../../model/public_types';\n\nimport {\n getAccountInfo,\n ProviderUserInfo\n} from '../../api/account_management/account';\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { UserMetadata } from './user_metadata';\nimport { getModularInstance } from '@firebase/util';\n\nexport async function _reloadWithoutSaving(user: UserInternal): Promise<void> {\n const auth = user.auth;\n const idToken = await user.getIdToken();\n const response = await _logoutIfInvalidated(\n user,\n getAccountInfo(auth, { idToken })\n );\n\n _assert(response?.users.length, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const coreAccount = response.users[0];\n\n user._notifyReloadListener(coreAccount);\n\n const newProviderData = coreAccount.providerUserInfo?.length\n ? extractProviderData(coreAccount.providerUserInfo)\n : [];\n\n const providerData = mergeProviderData(user.providerData, newProviderData);\n\n // Preserves the non-nonymous status of the stored user, even if no more\n // credentials (federated or email/password) are linked to the user. If\n // the user was previously anonymous, then use provider data to update.\n // On the other hand, if it was not anonymous before, it should never be\n // considered anonymous now.\n const oldIsAnonymous = user.isAnonymous;\n const newIsAnonymous =\n !(user.email && coreAccount.passwordHash) && !providerData?.length;\n const isAnonymous = !oldIsAnonymous ? false : newIsAnonymous;\n\n const updates: Partial<UserInternal> = {\n uid: coreAccount.localId,\n displayName: coreAccount.displayName || null,\n photoURL: coreAccount.photoUrl || null,\n email: coreAccount.email || null,\n emailVerified: coreAccount.emailVerified || false,\n phoneNumber: coreAccount.phoneNumber || null,\n tenantId: coreAccount.tenantId || null,\n providerData,\n metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),\n isAnonymous\n };\n\n Object.assign(user, updates);\n}\n\n/**\n * Reloads user account data, if signed in.\n *\n * @param user - The user.\n *\n * @public\n */\nexport async function reload(user: User): Promise<void> {\n const userInternal: UserInternal = getModularInstance(user) as UserInternal;\n await _reloadWithoutSaving(userInternal);\n\n // Even though the current user hasn't changed, update\n // current user will trigger a persistence update w/ the\n // new info.\n await userInternal.auth._persistUserIfCurrent(userInternal);\n userInternal.auth._notifyListenersIfCurrent(userInternal);\n}\n\nfunction mergeProviderData(\n original: UserInfo[],\n newData: UserInfo[]\n): UserInfo[] {\n const deduped = original.filter(\n o => !newData.some(n => n.providerId === o.providerId)\n );\n return [...deduped, ...newData];\n}\n\nexport function extractProviderData(providers: ProviderUserInfo[]): UserInfo[] {\n return providers.map(({ providerId, ...provider }) => {\n return {\n providerId,\n uid: provider.rawId || '',\n displayName: provider.displayName || null,\n email: provider.email || null,\n phoneNumber: provider.phoneNumber || null,\n photoURL: provider.photoUrl || null\n };\n });\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/* eslint-disable camelcase */\n\nimport { isCloudWorkstation, querystring } from '@firebase/util';\n\nimport {\n _getFinalTarget,\n _performFetchWithErrorHandling,\n _performApiRequest,\n _addTidIfNecessary,\n HttpMethod,\n HttpHeader,\n Endpoint\n} from '../index';\nimport { FetchProvider } from '../../core/util/fetch_provider';\nimport { Auth } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\n\nexport const enum TokenType {\n REFRESH_TOKEN = 'REFRESH_TOKEN',\n ACCESS_TOKEN = 'ACCESS_TOKEN'\n}\n\n/** The server responses with snake_case; we convert to camelCase */\ninterface RequestStsTokenServerResponse {\n access_token: string;\n expires_in: string;\n refresh_token: string;\n}\n\nexport interface RequestStsTokenResponse {\n accessToken: string;\n expiresIn: string;\n refreshToken: string;\n}\n\nexport interface RevokeTokenRequest {\n providerId: string;\n tokenType: TokenType;\n token: string;\n idToken: string;\n tenantId?: string;\n}\n\nexport interface RevokeTokenResponse {}\n\nexport async function requestStsToken(\n auth: Auth,\n refreshToken: string\n): Promise<RequestStsTokenResponse> {\n const response =\n await _performFetchWithErrorHandling<RequestStsTokenServerResponse>(\n auth,\n {},\n async () => {\n const body = querystring({\n 'grant_type': 'refresh_token',\n 'refresh_token': refreshToken\n }).slice(1);\n const { tokenApiHost, apiKey } = auth.config;\n const url = await _getFinalTarget(\n auth,\n tokenApiHost,\n Endpoint.TOKEN,\n `key=${apiKey}`\n );\n\n const headers = await (auth as AuthInternal)._getAdditionalHeaders();\n headers[HttpHeader.CONTENT_TYPE] = 'application/x-www-form-urlencoded';\n\n const options: RequestInit = {\n method: HttpMethod.POST,\n headers,\n body\n };\n if (\n auth.emulatorConfig &&\n isCloudWorkstation(auth.emulatorConfig.host)\n ) {\n options.credentials = 'include';\n }\n return FetchProvider.fetch()(url, options);\n }\n );\n\n // The response comes back in snake_case. Convert to camel:\n return {\n accessToken: response.access_token,\n expiresIn: response.expires_in,\n refreshToken: response.refresh_token\n };\n}\n\nexport async function revokeToken(\n auth: Auth,\n request: RevokeTokenRequest\n): Promise<RevokeTokenResponse> {\n return _performApiRequest<RevokeTokenRequest, RevokeTokenResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.REVOKE_TOKEN,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FinalizeMfaResponse } from '../../api/authentication/mfa';\nimport { requestStsToken } from '../../api/authentication/token';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { PersistedBlob } from '../persistence';\nimport { _assert, debugFail } from '../util/assert';\nimport { _tokenExpiresIn } from './id_token_result';\n\n/**\n * The number of milliseconds before the official expiration time of a token\n * to refresh that token, to provide a buffer for RPCs to complete.\n */\nexport const enum Buffer {\n TOKEN_REFRESH = 30_000\n}\n\n/**\n * We need to mark this class as internal explicitly to exclude it in the public typings, because\n * it references AuthInternal which has a circular dependency with UserInternal.\n *\n * @internal\n */\nexport class StsTokenManager {\n refreshToken: string | null = null;\n accessToken: string | null = null;\n expirationTime: number | null = null;\n\n get isExpired(): boolean {\n return (\n !this.expirationTime ||\n Date.now() > this.expirationTime - Buffer.TOKEN_REFRESH\n );\n }\n\n updateFromServerResponse(\n response: IdTokenResponse | FinalizeMfaResponse\n ): void {\n _assert(response.idToken, AuthErrorCode.INTERNAL_ERROR);\n _assert(\n typeof response.idToken !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n _assert(\n typeof response.refreshToken !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n const expiresIn =\n 'expiresIn' in response && typeof response.expiresIn !== 'undefined'\n ? Number(response.expiresIn)\n : _tokenExpiresIn(response.idToken);\n this.updateTokensAndExpiration(\n response.idToken,\n response.refreshToken,\n expiresIn\n );\n }\n\n updateFromIdToken(idToken: string): void {\n _assert(idToken.length !== 0, AuthErrorCode.INTERNAL_ERROR);\n const expiresIn = _tokenExpiresIn(idToken);\n this.updateTokensAndExpiration(idToken, null, expiresIn);\n }\n\n async getToken(\n auth: AuthInternal,\n forceRefresh = false\n ): Promise<string | null> {\n if (!forceRefresh && this.accessToken && !this.isExpired) {\n return this.accessToken;\n }\n\n _assert(this.refreshToken, auth, AuthErrorCode.TOKEN_EXPIRED);\n\n if (this.refreshToken) {\n await this.refresh(auth, this.refreshToken!);\n return this.accessToken;\n }\n\n return null;\n }\n\n clearRefreshToken(): void {\n this.refreshToken = null;\n }\n\n private async refresh(auth: AuthInternal, oldToken: string): Promise<void> {\n const { accessToken, refreshToken, expiresIn } = await requestStsToken(\n auth,\n oldToken\n );\n this.updateTokensAndExpiration(\n accessToken,\n refreshToken,\n Number(expiresIn)\n );\n }\n\n private updateTokensAndExpiration(\n accessToken: string,\n refreshToken: string | null,\n expiresInSec: number\n ): void {\n this.refreshToken = refreshToken || null;\n this.accessToken = accessToken || null;\n this.expirationTime = Date.now() + expiresInSec * 1000;\n }\n\n static fromJSON(appName: string, object: PersistedBlob): StsTokenManager {\n const { refreshToken, accessToken, expirationTime } = object;\n\n const manager = new StsTokenManager();\n if (refreshToken) {\n _assert(typeof refreshToken === 'string', AuthErrorCode.INTERNAL_ERROR, {\n appName\n });\n manager.refreshToken = refreshToken;\n }\n if (accessToken) {\n _assert(typeof accessToken === 'string', AuthErrorCode.INTERNAL_ERROR, {\n appName\n });\n manager.accessToken = accessToken;\n }\n if (expirationTime) {\n _assert(\n typeof expirationTime === 'number',\n AuthErrorCode.INTERNAL_ERROR,\n {\n appName\n }\n );\n manager.expirationTime = expirationTime;\n }\n return manager;\n }\n\n toJSON(): object {\n return {\n refreshToken: this.refreshToken,\n accessToken: this.accessToken,\n expirationTime: this.expirationTime\n };\n }\n\n _assign(stsTokenManager: StsTokenManager): void {\n this.accessToken = stsTokenManager.accessToken;\n this.refreshToken = stsTokenManager.refreshToken;\n this.expirationTime = stsTokenManager.expirationTime;\n }\n\n _clone(): StsTokenManager {\n return Object.assign(new StsTokenManager(), this.toJSON());\n }\n\n _performRefresh(): never {\n return debugFail('not implemented');\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { IdTokenResult, UserInfo } from '../../model/public_types';\nimport { NextFn } from '@firebase/util';\nimport {\n APIUserInfo,\n GetAccountInfoResponse,\n deleteAccount\n} from '../../api/account_management/account';\nimport { FinalizeMfaResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport {\n MutableUserInfo,\n UserInternal,\n UserParameters\n} from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { PersistedBlob } from '../persistence';\nimport {\n _assert,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../util/assert';\nimport { getIdTokenResult } from './id_token_result';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { ProactiveRefresh } from './proactive_refresh';\nimport { extractProviderData, _reloadWithoutSaving, reload } from './reload';\nimport { StsTokenManager } from './token_manager';\nimport { UserMetadata } from './user_metadata';\nimport { ProviderId } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\nfunction assertStringOrUndefined(\n assertion: unknown,\n appName: string\n): asserts assertion is string | undefined {\n _assert(\n typeof assertion === 'string' || typeof assertion === 'undefined',\n AuthErrorCode.INTERNAL_ERROR,\n { appName }\n );\n}\n\nexport class UserImpl implements UserInternal {\n // For the user object, provider is always Firebase.\n readonly providerId = ProviderId.FIREBASE;\n stsTokenManager: StsTokenManager;\n // Last known accessToken so we know when it changes\n private accessToken: string | null;\n\n uid: string;\n auth: AuthInternal;\n emailVerified: boolean;\n isAnonymous: boolean;\n tenantId: string | null;\n readonly metadata: UserMetadata;\n providerData: MutableUserInfo[];\n\n // Optional fields from UserInfo\n displayName: string | null;\n email: string | null;\n phoneNumber: string | null;\n photoURL: string | null;\n\n _redirectEventId?: string;\n private readonly proactiveRefresh = new ProactiveRefresh(this);\n\n constructor({ uid, auth, stsTokenManager, ...opt }: UserParameters) {\n this.uid = uid;\n this.auth = auth;\n this.stsTokenManager = stsTokenManager;\n this.accessToken = stsTokenManager.accessToken;\n this.displayName = opt.displayName || null;\n this.email = opt.email || null;\n this.emailVerified = opt.emailVerified || false;\n this.phoneNumber = opt.phoneNumber || null;\n this.photoURL = opt.photoURL || null;\n this.isAnonymous = opt.isAnonymous || false;\n this.tenantId = opt.tenantId || null;\n this.providerData = opt.providerData ? [...opt.providerData] : [];\n this.metadata = new UserMetadata(\n opt.createdAt || undefined,\n opt.lastLoginAt || undefined\n );\n }\n\n async getIdToken(forceRefresh?: boolean): Promise<string> {\n const accessToken = await _logoutIfInvalidated(\n this,\n this.stsTokenManager.getToken(this.auth, forceRefresh)\n );\n _assert(accessToken, this.auth, AuthErrorCode.INTERNAL_ERROR);\n\n if (this.accessToken !== accessToken) {\n this.accessToken = accessToken;\n await this.auth._persistUserIfCurrent(this);\n this.auth._notifyListenersIfCurrent(this);\n }\n\n return accessToken;\n }\n\n getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult> {\n return getIdTokenResult(this, forceRefresh);\n }\n\n reload(): Promise<void> {\n return reload(this);\n }\n\n private reloadUserInfo: APIUserInfo | null = null;\n private reloadListener: NextFn<APIUserInfo> | null = null;\n\n _assign(user: UserInternal): void {\n if (this === user) {\n return;\n }\n _assert(this.uid === user.uid, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.displayName = user.displayName;\n this.photoURL = user.photoURL;\n this.email = user.email;\n this.emailVerified = user.emailVerified;\n this.phoneNumber = user.phoneNumber;\n this.isAnonymous = user.isAnonymous;\n this.tenantId = user.tenantId;\n this.providerData = user.providerData.map(userInfo => ({ ...userInfo }));\n this.metadata._copy(user.metadata);\n this.stsTokenManager._assign(user.stsTokenManager);\n }\n\n _clone(auth: AuthInternal): UserInternal {\n const newUser = new UserImpl({\n ...this,\n auth,\n stsTokenManager: this.stsTokenManager._clone()\n });\n newUser.metadata._copy(this.metadata);\n return newUser;\n }\n\n _onReload(callback: NextFn<APIUserInfo>): void {\n // There should only ever be one listener, and that is a single instance of MultiFactorUser\n _assert(!this.reloadListener, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.reloadListener = callback;\n if (this.reloadUserInfo) {\n this._notifyReloadListener(this.reloadUserInfo);\n this.reloadUserInfo = null;\n }\n }\n\n _notifyReloadListener(userInfo: APIUserInfo): void {\n if (this.reloadListener) {\n this.reloadListener(userInfo);\n } else {\n // If no listener is subscribed yet, save the result so it's available when they do subscribe\n this.reloadUserInfo = userInfo;\n }\n }\n\n _startProactiveRefresh(): void {\n this.proactiveRefresh._start();\n }\n\n _stopProactiveRefresh(): void {\n this.proactiveRefresh._stop();\n }\n\n async _updateTokensIfNecessary(\n response: IdTokenResponse | FinalizeMfaResponse,\n reload = false\n ): Promise<void> {\n let tokensRefreshed = false;\n if (\n response.idToken &&\n response.idToken !== this.stsTokenManager.accessToken\n ) {\n this.stsTokenManager.updateFromServerResponse(response);\n tokensRefreshed = true;\n }\n\n if (reload) {\n await _reloadWithoutSaving(this);\n }\n\n await this.auth._persistUserIfCurrent(this);\n if (tokensRefreshed) {\n this.auth._notifyListenersIfCurrent(this);\n }\n }\n\n async delete(): Promise<void> {\n if (_isFirebaseServerApp(this.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this.auth)\n );\n }\n const idToken = await this.getIdToken();\n await _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken }));\n this.stsTokenManager.clearRefreshToken();\n\n // TODO: Determine if cancellable-promises are necessary to use in this class so that delete()\n // cancels pending actions...\n\n return this.auth.signOut();\n }\n\n toJSON(): PersistedBlob {\n return {\n uid: this.uid,\n email: this.email || undefined,\n emailVerified: this.emailVerified,\n displayName: this.displayName || undefined,\n isAnonymous: this.isAnonymous,\n photoURL: this.photoURL || undefined,\n phoneNumber: this.phoneNumber || undefined,\n tenantId: this.tenantId || undefined,\n providerData: this.providerData.map(userInfo => ({ ...userInfo })),\n stsTokenManager: this.stsTokenManager.toJSON(),\n // Redirect event ID must be maintained in case there is a pending\n // redirect event.\n _redirectEventId: this._redirectEventId,\n ...this.metadata.toJSON(),\n\n // Required for compatibility with the legacy SDK (go/firebase-auth-sdk-persistence-parsing):\n apiKey: this.auth.config.apiKey,\n appName: this.auth.name\n // Missing authDomain will be tolerated by the legacy SDK.\n // stsTokenManager.apiKey isn't actually required (despite the legacy SDK persisting it).\n };\n }\n\n get refreshToken(): string {\n return this.stsTokenManager.refreshToken || '';\n }\n\n static _fromJSON(auth: AuthInternal, object: PersistedBlob): UserInternal {\n const displayName = object.displayName ?? undefined;\n const email = object.email ?? undefined;\n const phoneNumber = object.phoneNumber ?? undefined;\n const photoURL = object.photoURL ?? undefined;\n const tenantId = object.tenantId ?? undefined;\n const _redirectEventId = object._redirectEventId ?? undefined;\n const createdAt = object.createdAt ?? undefined;\n const lastLoginAt = object.lastLoginAt ?? undefined;\n const {\n uid,\n emailVerified,\n isAnonymous,\n providerData,\n stsTokenManager: plainObjectTokenManager\n } = object;\n\n _assert(uid && plainObjectTokenManager, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const stsTokenManager = StsTokenManager.fromJSON(\n this.name,\n plainObjectTokenManager as PersistedBlob\n );\n\n _assert(typeof uid === 'string', auth, AuthErrorCode.INTERNAL_ERROR);\n assertStringOrUndefined(displayName, auth.name);\n assertStringOrUndefined(email, auth.name);\n _assert(\n typeof emailVerified === 'boolean',\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n _assert(\n typeof isAnonymous === 'boolean',\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n assertStringOrUndefined(phoneNumber, auth.name);\n assertStringOrUndefined(photoURL, auth.name);\n assertStringOrUndefined(tenantId, auth.name);\n assertStringOrUndefined(_redirectEventId, auth.name);\n assertStringOrUndefined(createdAt, auth.name);\n assertStringOrUndefined(lastLoginAt, auth.name);\n const user = new UserImpl({\n uid,\n auth,\n email,\n emailVerified,\n displayName,\n isAnonymous,\n photoURL,\n phoneNumber,\n tenantId,\n stsTokenManager,\n createdAt,\n lastLoginAt\n });\n\n if (providerData && Array.isArray(providerData)) {\n user.providerData = providerData.map(userInfo => ({ ...userInfo }));\n }\n\n if (_redirectEventId) {\n user._redirectEventId = _redirectEventId;\n }\n\n return user;\n }\n\n /**\n * Initialize a User from an idToken server response\n * @param auth\n * @param idTokenResponse\n */\n static async _fromIdTokenResponse(\n auth: AuthInternal,\n idTokenResponse: IdTokenResponse,\n isAnonymous: boolean = false\n ): Promise<UserInternal> {\n const stsTokenManager = new StsTokenManager();\n stsTokenManager.updateFromServerResponse(idTokenResponse);\n\n // Initialize the Firebase Auth user.\n const user = new UserImpl({\n uid: idTokenResponse.localId,\n auth,\n stsTokenManager,\n isAnonymous\n });\n\n // Updates the user info and data and resolves with a user instance.\n await _reloadWithoutSaving(user);\n return user;\n }\n\n /**\n * Initialize a User from an idToken server response\n * @param auth\n * @param idTokenResponse\n */\n static async _fromGetAccountInfoResponse(\n auth: AuthInternal,\n response: GetAccountInfoResponse,\n idToken: string\n ): Promise<UserInternal> {\n const coreAccount = response.users[0];\n _assert(coreAccount.localId !== undefined, AuthErrorCode.INTERNAL_ERROR);\n\n const providerData: UserInfo[] =\n coreAccount.providerUserInfo !== undefined\n ? extractProviderData(coreAccount.providerUserInfo)\n : [];\n\n const isAnonymous =\n !(coreAccount.email && coreAccount.passwordHash) && !providerData?.length;\n\n const stsTokenManager = new StsTokenManager();\n stsTokenManager.updateFromIdToken(idToken);\n\n // Initialize the Firebase Auth user.\n const user = new UserImpl({\n uid: coreAccount.localId,\n auth,\n stsTokenManager,\n isAnonymous\n });\n\n // update the user with data from the GetAccountInfo response.\n const updates: Partial<UserInternal> = {\n uid: coreAccount.localId,\n displayName: coreAccount.displayName || null,\n photoURL: coreAccount.photoUrl || null,\n email: coreAccount.email || null,\n emailVerified: coreAccount.emailVerified || false,\n phoneNumber: coreAccount.phoneNumber || null,\n tenantId: coreAccount.tenantId || null,\n providerData,\n metadata: new UserMetadata(\n coreAccount.createdAt,\n coreAccount.lastLoginAt\n ),\n isAnonymous:\n !(coreAccount.email && coreAccount.passwordHash) &&\n !providerData?.length\n };\n\n Object.assign(user, updates);\n return user;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { debugAssert } from './assert';\n\n/**\n * Our API has a lot of one-off constants that are used to do things.\n * Unfortunately we can't export these as classes instantiated directly since\n * the constructor may side effect and therefore can't be proven to be safely\n * culled. Instead, we export these classes themselves as a lowerCamelCase\n * constant, and instantiate them under the hood.\n */\nexport interface SingletonInstantiator<T> {\n new (): T;\n}\n\nconst instanceCache: Map<unknown, unknown> = new Map();\n\nexport function _getInstance<T>(cls: unknown): T {\n debugAssert(cls instanceof Function, 'Expected a class definition');\n let instance = instanceCache.get(cls) as T | undefined;\n\n if (instance) {\n debugAssert(\n instance instanceof cls,\n 'Instance stored in cache mismatched with class'\n );\n return instance;\n }\n\n instance = new (cls as SingletonInstantiator<T>)();\n instanceCache.set(cls, instance);\n return instance;\n}\n\nexport function _clearInstanceMap(): void {\n instanceCache.clear();\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport {\n PersistenceInternal,\n PersistenceType,\n PersistenceValue,\n StorageEventListener\n} from '../persistence';\n\nexport class InMemoryPersistence implements PersistenceInternal {\n static type: 'NONE' = 'NONE';\n readonly type = PersistenceType.NONE;\n storage: Record<string, PersistenceValue> = {};\n\n async _isAvailable(): Promise<boolean> {\n return true;\n }\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n this.storage[key] = value;\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const value = this.storage[key];\n return value === undefined ? null : (value as T);\n }\n\n async _remove(key: string): Promise<void> {\n delete this.storage[key];\n }\n\n _addListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for in-memory storage since it cannot be shared across windows/workers\n return;\n }\n\n _removeListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for in-memory storage since it cannot be shared across windows/workers\n return;\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type 'NONE'.\n *\n * @public\n */\nexport const inMemoryPersistence: Persistence = InMemoryPersistence;\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getAccountInfo } from '../../api/account_management/account';\nimport { ApiKey, AppName, AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { PersistedBlob, PersistenceInternal } from '../persistence';\nimport { UserImpl } from '../user/user_impl';\nimport { _getInstance } from '../util/instantiator';\nimport { inMemoryPersistence } from './in_memory';\n\nexport const enum KeyName {\n AUTH_USER = 'authUser',\n AUTH_EVENT = 'authEvent',\n REDIRECT_USER = 'redirectUser',\n PERSISTENCE_USER = 'persistence'\n}\nexport const enum Namespace {\n PERSISTENCE = 'firebase'\n}\n\nexport function _persistenceKeyName(\n key: string,\n apiKey: ApiKey,\n appName: AppName\n): string {\n return `${Namespace.PERSISTENCE}:${key}:${apiKey}:${appName}`;\n}\n\nexport class PersistenceUserManager {\n private readonly fullUserKey: string;\n private readonly fullPersistenceKey: string;\n private readonly boundEventHandler: () => void;\n\n private constructor(\n public persistence: PersistenceInternal,\n private readonly auth: AuthInternal,\n private readonly userKey: string\n ) {\n const { config, name } = this.auth;\n this.fullUserKey = _persistenceKeyName(this.userKey, config.apiKey, name);\n this.fullPersistenceKey = _persistenceKeyName(\n KeyName.PERSISTENCE_USER,\n config.apiKey,\n name\n );\n this.boundEventHandler = auth._onStorageEvent.bind(auth);\n this.persistence._addListener(this.fullUserKey, this.boundEventHandler);\n }\n\n setCurrentUser(user: UserInternal): Promise<void> {\n return this.persistence._set(this.fullUserKey, user.toJSON());\n }\n\n async getCurrentUser(): Promise<UserInternal | null> {\n const blob = await this.persistence._get<PersistedBlob | string>(\n this.fullUserKey\n );\n if (!blob) {\n return null;\n }\n if (typeof blob === 'string') {\n const response = await getAccountInfo(this.auth, { idToken: blob }).catch(\n () => undefined\n );\n if (!response) {\n return null;\n }\n return UserImpl._fromGetAccountInfoResponse(this.auth, response, blob);\n }\n return UserImpl._fromJSON(this.auth, blob);\n }\n\n removeCurrentUser(): Promise<void> {\n return this.persistence._remove(this.fullUserKey);\n }\n\n savePersistenceForRedirect(): Promise<void> {\n return this.persistence._set(\n this.fullPersistenceKey,\n this.persistence.type\n );\n }\n\n async setPersistence(newPersistence: PersistenceInternal): Promise<void> {\n if (this.persistence === newPersistence) {\n return;\n }\n\n const currentUser = await this.getCurrentUser();\n await this.removeCurrentUser();\n\n this.persistence = newPersistence;\n\n if (currentUser) {\n return this.setCurrentUser(currentUser);\n }\n }\n\n delete(): void {\n this.persistence._removeListener(this.fullUserKey, this.boundEventHandler);\n }\n\n static async create(\n auth: AuthInternal,\n persistenceHierarchy: PersistenceInternal[],\n userKey = KeyName.AUTH_USER\n ): Promise<PersistenceUserManager> {\n if (!persistenceHierarchy.length) {\n return new PersistenceUserManager(\n _getInstance(inMemoryPersistence),\n auth,\n userKey\n );\n }\n\n // Eliminate any persistences that are not available\n const availablePersistences = (\n await Promise.all(\n persistenceHierarchy.map(async persistence => {\n if (await persistence._isAvailable()) {\n return persistence;\n }\n return undefined;\n })\n )\n ).filter(persistence => persistence) as PersistenceInternal[];\n\n // Fall back to the first persistence listed, or in memory if none available\n let selectedPersistence =\n availablePersistences[0] ||\n _getInstance<PersistenceInternal>(inMemoryPersistence);\n\n const key = _persistenceKeyName(userKey, auth.config.apiKey, auth.name);\n\n // Pull out the existing user, setting the chosen persistence to that\n // persistence if the user exists.\n let userToMigrate: UserInternal | null = null;\n // Note, here we check for a user in _all_ persistences, not just the\n // ones deemed available. If we can migrate a user out of a broken\n // persistence, we will (but only if that persistence supports migration).\n for (const persistence of persistenceHierarchy) {\n try {\n const blob = await persistence._get<PersistedBlob | string>(key);\n if (blob) {\n let user: UserInternal;\n if (typeof blob === 'string') {\n const response = await getAccountInfo(auth, {\n idToken: blob\n }).catch(() => undefined);\n if (!response) {\n break;\n }\n user = await UserImpl._fromGetAccountInfoResponse(\n auth,\n response,\n blob\n );\n } else {\n user = UserImpl._fromJSON(auth, blob); // throws for unparsable blob (wrong format)\n }\n if (persistence !== selectedPersistence) {\n userToMigrate = user;\n }\n selectedPersistence = persistence;\n break;\n }\n } catch {}\n }\n\n // If we find the user in a persistence that does support migration, use\n // that migration path (of only persistences that support migration)\n const migrationHierarchy = availablePersistences.filter(\n p => p._shouldAllowMigration\n );\n\n // If the persistence does _not_ allow migration, just finish off here\n if (\n !selectedPersistence._shouldAllowMigration ||\n !migrationHierarchy.length\n ) {\n return new PersistenceUserManager(selectedPersistence, auth, userKey);\n }\n\n selectedPersistence = migrationHierarchy[0];\n if (userToMigrate) {\n // This normally shouldn't throw since chosenPersistence.isAvailable() is true, but if it does\n // we'll just let it bubble to surface the error.\n await selectedPersistence._set(key, userToMigrate.toJSON());\n }\n\n // Attempt to clear the key in other persistences but ignore errors. This helps prevent issues\n // such as users getting stuck with a previous account after signing out and refreshing the tab.\n await Promise.all(\n persistenceHierarchy.map(async persistence => {\n if (persistence !== selectedPersistence) {\n try {\n await persistence._remove(key);\n } catch {}\n }\n })\n );\n return new PersistenceUserManager(selectedPersistence, auth, userKey);\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isIE, getUA } from '@firebase/util';\n\ninterface NavigatorStandalone extends Navigator {\n standalone?: unknown;\n}\n\ninterface Document {\n documentMode?: number;\n}\n\n/**\n * Enums for Browser name.\n */\nexport const enum BrowserName {\n ANDROID = 'Android',\n BLACKBERRY = 'Blackberry',\n EDGE = 'Edge',\n FIREFOX = 'Firefox',\n IE = 'IE',\n IEMOBILE = 'IEMobile',\n OPERA = 'Opera',\n OTHER = 'Other',\n CHROME = 'Chrome',\n SAFARI = 'Safari',\n SILK = 'Silk',\n WEBOS = 'Webos'\n}\n\n/**\n * Determine the browser for the purposes of reporting usage to the API\n */\nexport function _getBrowserName(userAgent: string): BrowserName | string {\n const ua = userAgent.toLowerCase();\n if (ua.includes('opera/') || ua.includes('opr/') || ua.includes('opios/')) {\n return BrowserName.OPERA;\n } else if (_isIEMobile(ua)) {\n // Windows phone IEMobile browser.\n return BrowserName.IEMOBILE;\n } else if (ua.includes('msie') || ua.includes('trident/')) {\n return BrowserName.IE;\n } else if (ua.includes('edge/')) {\n return BrowserName.EDGE;\n } else if (_isFirefox(ua)) {\n return BrowserName.FIREFOX;\n } else if (ua.includes('silk/')) {\n return BrowserName.SILK;\n } else if (_isBlackBerry(ua)) {\n // Blackberry browser.\n return BrowserName.BLACKBERRY;\n } else if (_isWebOS(ua)) {\n // WebOS default browser.\n return BrowserName.WEBOS;\n } else if (_isSafari(ua)) {\n return BrowserName.SAFARI;\n } else if (\n (ua.includes('chrome/') || _isChromeIOS(ua)) &&\n !ua.includes('edge/')\n ) {\n return BrowserName.CHROME;\n } else if (_isAndroid(ua)) {\n // Android stock browser.\n return BrowserName.ANDROID;\n } else {\n // Most modern browsers have name/version at end of user agent string.\n const re = /([a-zA-Z\\d\\.]+)\\/[a-zA-Z\\d\\.]*$/;\n const matches = userAgent.match(re);\n if (matches?.length === 2) {\n return matches[1];\n }\n }\n return BrowserName.OTHER;\n}\n\nexport function _isFirefox(ua = getUA()): boolean {\n return /firefox\\//i.test(ua);\n}\n\nexport function _isSafari(userAgent = getUA()): boolean {\n const ua = userAgent.toLowerCase();\n return (\n ua.includes('safari/') &&\n !ua.includes('chrome/') &&\n !ua.includes('crios/') &&\n !ua.includes('android')\n );\n}\n\nexport function _isChromeIOS(ua = getUA()): boolean {\n return /crios\\//i.test(ua);\n}\n\nexport function _isIEMobile(ua = getUA()): boolean {\n return /iemobile/i.test(ua);\n}\n\nexport function _isAndroid(ua = getUA()): boolean {\n return /android/i.test(ua);\n}\n\nexport function _isBlackBerry(ua = getUA()): boolean {\n return /blackberry/i.test(ua);\n}\n\nexport function _isWebOS(ua = getUA()): boolean {\n return /webos/i.test(ua);\n}\n\nexport function _isIOS(ua = getUA()): boolean {\n return (\n /iphone|ipad|ipod/i.test(ua) ||\n (/macintosh/i.test(ua) && /mobile/i.test(ua))\n );\n}\n\nexport function _isIOS7Or8(ua = getUA()): boolean {\n return (\n /(iPad|iPhone|iPod).*OS 7_\\d/i.test(ua) ||\n /(iPad|iPhone|iPod).*OS 8_\\d/i.test(ua)\n );\n}\n\nexport function _isIOSStandalone(ua = getUA()): boolean {\n return _isIOS(ua) && !!(window.navigator as NavigatorStandalone)?.standalone;\n}\n\nexport function _isIE10(): boolean {\n return isIE() && (document as Document).documentMode === 10;\n}\n\nexport function _isMobileBrowser(ua: string = getUA()): boolean {\n // TODO: implement getBrowserName equivalent for OS.\n return (\n _isIOS(ua) ||\n _isAndroid(ua) ||\n _isWebOS(ua) ||\n _isBlackBerry(ua) ||\n /windows phone/i.test(ua) ||\n _isIEMobile(ua)\n );\n}\n\nexport function _isIframe(): boolean {\n try {\n // Check that the current window is not the top window.\n // If so, return true.\n return !!(window && window !== window.top);\n } catch (e) {\n return false;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { _getBrowserName } from './browser';\nimport { getUA } from '@firebase/util';\n\nexport const enum ClientImplementation {\n CORE = 'JsCore'\n}\n\n/**\n * @internal\n */\nexport const enum ClientPlatform {\n BROWSER = 'Browser',\n NODE = 'Node',\n REACT_NATIVE = 'ReactNative',\n CORDOVA = 'Cordova',\n WORKER = 'Worker',\n WEB_EXTENSION = 'WebExtension'\n}\n\n/*\n * Determine the SDK version string\n */\nexport function _getClientVersion(\n clientPlatform: ClientPlatform,\n frameworks: readonly string[] = []\n): string {\n let reportedPlatform: string;\n switch (clientPlatform) {\n case ClientPlatform.BROWSER:\n // In a browser environment, report the browser name.\n reportedPlatform = _getBrowserName(getUA());\n break;\n case ClientPlatform.WORKER:\n // Technically a worker runs from a browser but we need to differentiate a\n // worker from a browser.\n // For example: Chrome-Worker/JsCore/4.9.1/FirebaseCore-web.\n reportedPlatform = `${_getBrowserName(getUA())}-${clientPlatform}`;\n break;\n default:\n reportedPlatform = clientPlatform;\n }\n const reportedFrameworks = frameworks.length\n ? frameworks.join(',')\n : 'FirebaseCore-web'; /* default value if no other framework is used */\n return `${reportedPlatform}/${ClientImplementation.CORE}/${SDK_VERSION}/${reportedFrameworks}`;\n}\n", "/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthInternal } from '../../model/auth';\nimport { Unsubscribe, User } from '../../model/public_types';\nimport { AuthErrorCode } from '../errors';\n\ninterface MiddlewareEntry {\n (user: User | null): Promise<void>;\n onAbort?: () => void;\n}\n\nexport class AuthMiddlewareQueue {\n private readonly queue: MiddlewareEntry[] = [];\n\n constructor(private readonly auth: AuthInternal) {}\n\n pushCallback(\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n ): Unsubscribe {\n // The callback could be sync or async. Wrap it into a\n // function that is always async.\n const wrappedCallback: MiddlewareEntry = (\n user: User | null\n ): Promise<void> =>\n new Promise((resolve, reject) => {\n try {\n const result = callback(user);\n // Either resolve with existing promise or wrap a non-promise\n // return value into a promise.\n resolve(result);\n } catch (e) {\n // Sync callback throws.\n reject(e);\n }\n });\n // Attach the onAbort if present\n wrappedCallback.onAbort = onAbort;\n this.queue.push(wrappedCallback);\n\n const index = this.queue.length - 1;\n return () => {\n // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb\n // indexing of other elements.\n this.queue[index] = () => Promise.resolve();\n };\n }\n\n async runMiddleware(nextUser: User | null): Promise<void> {\n if (this.auth.currentUser === nextUser) {\n return;\n }\n\n // While running the middleware, build a temporary stack of onAbort\n // callbacks to call if one middleware callback rejects.\n\n const onAbortStack: Array<() => void> = [];\n try {\n for (const beforeStateCallback of this.queue) {\n await beforeStateCallback(nextUser);\n\n // Only push the onAbort if the callback succeeds\n if (beforeStateCallback.onAbort) {\n onAbortStack.push(beforeStateCallback.onAbort);\n }\n }\n } catch (e) {\n // Run all onAbort, with separate try/catch to ignore any errors and\n // continue\n onAbortStack.reverse();\n for (const onAbort of onAbortStack) {\n try {\n onAbort();\n } catch (_) {\n /* swallow error */\n }\n }\n\n throw this.auth._errorFactory.create(AuthErrorCode.LOGIN_BLOCKED, {\n originalMessage: (e as Error)?.message\n });\n }\n }\n}\n", "/**\n * @license\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performApiRequest,\n Endpoint,\n HttpMethod,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\n/**\n * Request object for fetching the password policy.\n */\nexport interface GetPasswordPolicyRequest {\n tenantId?: string;\n}\n\n/**\n * Response object for fetching the password policy.\n */\nexport interface GetPasswordPolicyResponse {\n customStrengthOptions: {\n minPasswordLength?: number;\n maxPasswordLength?: number;\n containsLowercaseCharacter?: boolean;\n containsUppercaseCharacter?: boolean;\n containsNumericCharacter?: boolean;\n containsNonAlphanumericCharacter?: boolean;\n };\n allowedNonAlphanumericCharacters?: string[];\n enforcementState: string;\n forceUpgradeOnSignin?: boolean;\n schemaVersion: number;\n}\n\n/**\n * Fetches the password policy for the currently set tenant or the project if no tenant is set.\n *\n * @param auth Auth object.\n * @param request Password policy request.\n * @returns Password policy response.\n */\nexport async function _getPasswordPolicy(\n auth: Auth,\n request: GetPasswordPolicyRequest = {}\n): Promise<GetPasswordPolicyResponse> {\n return _performApiRequest<\n GetPasswordPolicyRequest,\n GetPasswordPolicyResponse\n >(\n auth,\n HttpMethod.GET,\n Endpoint.GET_PASSWORD_POLICY,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { GetPasswordPolicyResponse } from '../../api/password_policy/get_password_policy';\nimport {\n PasswordPolicyCustomStrengthOptions,\n PasswordPolicyInternal,\n PasswordValidationStatusInternal\n} from '../../model/password_policy';\nimport { PasswordValidationStatus } from '../../model/public_types';\n\n// Minimum min password length enforced by the backend, even if no minimum length is set.\nconst MINIMUM_MIN_PASSWORD_LENGTH = 6;\n\n/**\n * Stores password policy requirements and provides password validation against the policy.\n *\n * @internal\n */\nexport class PasswordPolicyImpl implements PasswordPolicyInternal {\n readonly customStrengthOptions: PasswordPolicyCustomStrengthOptions;\n readonly allowedNonAlphanumericCharacters: string;\n readonly enforcementState: string;\n readonly forceUpgradeOnSignin: boolean;\n readonly schemaVersion: number;\n\n constructor(response: GetPasswordPolicyResponse) {\n // Only include custom strength options defined in the response.\n const responseOptions = response.customStrengthOptions;\n this.customStrengthOptions = {};\n // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.\n this.customStrengthOptions.minPasswordLength =\n responseOptions.minPasswordLength ?? MINIMUM_MIN_PASSWORD_LENGTH;\n if (responseOptions.maxPasswordLength) {\n this.customStrengthOptions.maxPasswordLength =\n responseOptions.maxPasswordLength;\n }\n if (responseOptions.containsLowercaseCharacter !== undefined) {\n this.customStrengthOptions.containsLowercaseLetter =\n responseOptions.containsLowercaseCharacter;\n }\n if (responseOptions.containsUppercaseCharacter !== undefined) {\n this.customStrengthOptions.containsUppercaseLetter =\n responseOptions.containsUppercaseCharacter;\n }\n if (responseOptions.containsNumericCharacter !== undefined) {\n this.customStrengthOptions.containsNumericCharacter =\n responseOptions.containsNumericCharacter;\n }\n if (responseOptions.containsNonAlphanumericCharacter !== undefined) {\n this.customStrengthOptions.containsNonAlphanumericCharacter =\n responseOptions.containsNonAlphanumericCharacter;\n }\n\n this.enforcementState = response.enforcementState;\n if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {\n this.enforcementState = 'OFF';\n }\n\n // Use an empty string if no non-alphanumeric characters are specified in the response.\n this.allowedNonAlphanumericCharacters =\n response.allowedNonAlphanumericCharacters?.join('') ?? '';\n\n this.forceUpgradeOnSignin = response.forceUpgradeOnSignin ?? false;\n this.schemaVersion = response.schemaVersion;\n }\n\n validatePassword(password: string): PasswordValidationStatus {\n const status: PasswordValidationStatusInternal = {\n isValid: true,\n passwordPolicy: this\n };\n\n // Check the password length and character options.\n this.validatePasswordLengthOptions(password, status);\n this.validatePasswordCharacterOptions(password, status);\n\n // Combine the status into single isValid property.\n status.isValid &&= status.meetsMinPasswordLength ?? true;\n status.isValid &&= status.meetsMaxPasswordLength ?? true;\n status.isValid &&= status.containsLowercaseLetter ?? true;\n status.isValid &&= status.containsUppercaseLetter ?? true;\n status.isValid &&= status.containsNumericCharacter ?? true;\n status.isValid &&= status.containsNonAlphanumericCharacter ?? true;\n\n return status;\n }\n\n /**\n * Validates that the password meets the length options for the policy.\n *\n * @param password Password to validate.\n * @param status Validation status.\n */\n private validatePasswordLengthOptions(\n password: string,\n status: PasswordValidationStatusInternal\n ): void {\n const minPasswordLength = this.customStrengthOptions.minPasswordLength;\n const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;\n if (minPasswordLength) {\n status.meetsMinPasswordLength = password.length >= minPasswordLength;\n }\n if (maxPasswordLength) {\n status.meetsMaxPasswordLength = password.length <= maxPasswordLength;\n }\n }\n\n /**\n * Validates that the password meets the character options for the policy.\n *\n * @param password Password to validate.\n * @param status Validation status.\n */\n private validatePasswordCharacterOptions(\n password: string,\n status: PasswordValidationStatusInternal\n ): void {\n // Assign statuses for requirements even if the password is an empty string.\n this.updatePasswordCharacterOptionsStatuses(\n status,\n /* containsLowercaseCharacter= */ false,\n /* containsUppercaseCharacter= */ false,\n /* containsNumericCharacter= */ false,\n /* containsNonAlphanumericCharacter= */ false\n );\n\n let passwordChar;\n for (let i = 0; i < password.length; i++) {\n passwordChar = password.charAt(i);\n this.updatePasswordCharacterOptionsStatuses(\n status,\n /* containsLowercaseCharacter= */ passwordChar >= 'a' &&\n passwordChar <= 'z',\n /* containsUppercaseCharacter= */ passwordChar >= 'A' &&\n passwordChar <= 'Z',\n /* containsNumericCharacter= */ passwordChar >= '0' &&\n passwordChar <= '9',\n /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(\n passwordChar\n )\n );\n }\n }\n\n /**\n * Updates the running validation status with the statuses for the character options.\n * Expected to be called each time a character is processed to update each option status\n * based on the current character.\n *\n * @param status Validation status.\n * @param containsLowercaseCharacter Whether the character is a lowercase letter.\n * @param containsUppercaseCharacter Whether the character is an uppercase letter.\n * @param containsNumericCharacter Whether the character is a numeric character.\n * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.\n */\n private updatePasswordCharacterOptionsStatuses(\n status: PasswordValidationStatusInternal,\n containsLowercaseCharacter: boolean,\n containsUppercaseCharacter: boolean,\n containsNumericCharacter: boolean,\n containsNonAlphanumericCharacter: boolean\n ): void {\n if (this.customStrengthOptions.containsLowercaseLetter) {\n status.containsLowercaseLetter ||= containsLowercaseCharacter;\n }\n if (this.customStrengthOptions.containsUppercaseLetter) {\n status.containsUppercaseLetter ||= containsUppercaseCharacter;\n }\n if (this.customStrengthOptions.containsNumericCharacter) {\n status.containsNumericCharacter ||= containsNumericCharacter;\n }\n if (this.customStrengthOptions.containsNonAlphanumericCharacter) {\n status.containsNonAlphanumericCharacter ||=\n containsNonAlphanumericCharacter;\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _isFirebaseServerApp,\n _FirebaseService,\n FirebaseApp\n} from '@firebase/app';\nimport { Provider } from '@firebase/component';\nimport { AppCheckInternalComponentName } from '@firebase/app-check-interop-types';\nimport {\n Auth,\n AuthErrorMap,\n AuthSettings,\n EmulatorConfig,\n NextOrObserver,\n Persistence,\n PopupRedirectResolver,\n User,\n UserCredential,\n CompleteFn,\n ErrorFn,\n NextFn,\n Unsubscribe,\n PasswordValidationStatus\n} from '../../model/public_types';\nimport {\n createSubscribe,\n ErrorFactory,\n FirebaseError,\n getModularInstance,\n Observer,\n Subscribe\n} from '@firebase/util';\n\nimport { AuthInternal, ConfigInternal } from '../../model/auth';\nimport { PopupRedirectResolverInternal } from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport {\n AuthErrorCode,\n AuthErrorParams,\n ErrorMapRetriever,\n _DEFAULT_AUTH_ERROR_FACTORY\n} from '../errors';\nimport { PersistenceInternal } from '../persistence';\nimport {\n KeyName,\n PersistenceUserManager\n} from '../persistence/persistence_user_manager';\nimport { _reloadWithoutSaving } from '../user/reload';\nimport {\n _assert,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../util/assert';\nimport { _getInstance } from '../util/instantiator';\nimport { _getUserLanguage } from '../util/navigator';\nimport { _getClientVersion } from '../util/version';\nimport { HttpHeader } from '../../api';\nimport {\n RevokeTokenRequest,\n TokenType,\n revokeToken\n} from '../../api/authentication/token';\nimport { AuthMiddlewareQueue } from './middleware';\nimport { RecaptchaConfig } from '../../platform_browser/recaptcha/recaptcha';\nimport { _logWarn } from '../util/log';\nimport { _getPasswordPolicy } from '../../api/password_policy/get_password_policy';\nimport { PasswordPolicyInternal } from '../../model/password_policy';\nimport { PasswordPolicyImpl } from './password_policy_impl';\nimport { getAccountInfo } from '../../api/account_management/account';\nimport { UserImpl } from '../user/user_impl';\n\ninterface AsyncAction {\n (): Promise<void>;\n}\n\nexport const enum DefaultConfig {\n TOKEN_API_HOST = 'securetoken.googleapis.com',\n API_HOST = 'identitytoolkit.googleapis.com',\n API_SCHEME = 'https'\n}\n\nexport class AuthImpl implements AuthInternal, _FirebaseService {\n currentUser: User | null = null;\n emulatorConfig: EmulatorConfig | null = null;\n private operations = Promise.resolve();\n private persistenceManager?: PersistenceUserManager;\n private redirectPersistenceManager?: PersistenceUserManager;\n private authStateSubscription = new Subscription<User>(this);\n private idTokenSubscription = new Subscription<User>(this);\n private readonly beforeStateQueue = new AuthMiddlewareQueue(this);\n private redirectUser: UserInternal | null = null;\n private isProactiveRefreshEnabled = false;\n private readonly EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION: number = 1;\n\n // Any network calls will set this to true and prevent subsequent emulator\n // initialization\n _canInitEmulator = true;\n _isInitialized = false;\n _deleted = false;\n _initializationPromise: Promise<void> | null = null;\n _popupRedirectResolver: PopupRedirectResolverInternal | null = null;\n _errorFactory: ErrorFactory<AuthErrorCode, AuthErrorParams> =\n _DEFAULT_AUTH_ERROR_FACTORY;\n _agentRecaptchaConfig: RecaptchaConfig | null = null;\n _tenantRecaptchaConfigs: Record<string, RecaptchaConfig> = {};\n _projectPasswordPolicy: PasswordPolicyInternal | null = null;\n _tenantPasswordPolicies: Record<string, PasswordPolicyInternal> = {};\n _resolvePersistenceManagerAvailable:\n | ((value: void | PromiseLike<void>) => void)\n | undefined = undefined;\n _persistenceManagerAvailable: Promise<void>;\n readonly name: string;\n\n // Tracks the last notified UID for state change listeners to prevent\n // repeated calls to the callbacks. Undefined means it's never been\n // called, whereas null means it's been called with a signed out user\n private lastNotifiedUid: string | null | undefined = undefined;\n\n languageCode: string | null = null;\n tenantId: string | null = null;\n settings: AuthSettings = { appVerificationDisabledForTesting: false };\n\n constructor(\n public readonly app: FirebaseApp,\n private readonly heartbeatServiceProvider: Provider<'heartbeat'>,\n private readonly appCheckServiceProvider: Provider<AppCheckInternalComponentName>,\n public readonly config: ConfigInternal\n ) {\n this.name = app.name;\n this.clientVersion = config.sdkClientVersion;\n // TODO(jamesdaniels) explore less hacky way to do this, cookie authentication needs\n // persistenceMananger to be available. see _getFinalTarget for more context\n this._persistenceManagerAvailable = new Promise<void>(\n resolve => (this._resolvePersistenceManagerAvailable = resolve)\n );\n }\n\n _initializeWithPersistence(\n persistenceHierarchy: PersistenceInternal[],\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n if (popupRedirectResolver) {\n this._popupRedirectResolver = _getInstance(popupRedirectResolver);\n }\n\n // Have to check for app deletion throughout initialization (after each\n // promise resolution)\n this._initializationPromise = this.queue(async () => {\n if (this._deleted) {\n return;\n }\n\n this.persistenceManager = await PersistenceUserManager.create(\n this,\n persistenceHierarchy\n );\n this._resolvePersistenceManagerAvailable?.();\n\n if (this._deleted) {\n return;\n }\n\n // Initialize the resolver early if necessary (only applicable to web:\n // this will cause the iframe to load immediately in certain cases)\n if (this._popupRedirectResolver?._shouldInitProactively) {\n // If this fails, don't halt auth loading\n try {\n await this._popupRedirectResolver._initialize(this);\n } catch (e) {\n /* Ignore the error */\n }\n }\n\n await this.initializeCurrentUser(popupRedirectResolver);\n\n this.lastNotifiedUid = this.currentUser?.uid || null;\n\n if (this._deleted) {\n return;\n }\n\n this._isInitialized = true;\n });\n\n return this._initializationPromise;\n }\n\n /**\n * If the persistence is changed in another window, the user manager will let us know\n */\n async _onStorageEvent(): Promise<void> {\n if (this._deleted) {\n return;\n }\n\n const user = await this.assertedPersistence.getCurrentUser();\n\n if (!this.currentUser && !user) {\n // No change, do nothing (was signed out and remained signed out).\n return;\n }\n\n // If the same user is to be synchronized.\n if (this.currentUser && user && this.currentUser.uid === user.uid) {\n // Data update, simply copy data changes.\n this._currentUser._assign(user);\n // If tokens changed from previous user tokens, this will trigger\n // notifyAuthListeners_.\n await this.currentUser.getIdToken();\n return;\n }\n\n // Update current Auth state. Either a new login or logout.\n // Skip blocking callbacks, they should not apply to a change in another tab.\n await this._updateCurrentUser(user, /* skipBeforeStateCallbacks */ true);\n }\n\n private async initializeCurrentUserFromIdToken(\n idToken: string\n ): Promise<void> {\n try {\n const response = await getAccountInfo(this, { idToken });\n const user = await UserImpl._fromGetAccountInfoResponse(\n this,\n response,\n idToken\n );\n await this.directlySetCurrentUser(user);\n } catch (err) {\n console.warn(\n 'FirebaseServerApp could not login user with provided authIdToken: ',\n err\n );\n await this.directlySetCurrentUser(null);\n }\n }\n\n private async initializeCurrentUser(\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n const idToken = this.app.settings.authIdToken;\n if (idToken) {\n // Start the auth operation in the next tick to allow a moment for the customer's app to\n // attach an emulator, if desired.\n return new Promise<void>(resolve => {\n setTimeout(() =>\n this.initializeCurrentUserFromIdToken(idToken).then(\n resolve,\n resolve\n )\n );\n });\n } else {\n return this.directlySetCurrentUser(null);\n }\n }\n\n // First check to see if we have a pending redirect event.\n const previouslyStoredUser =\n (await this.assertedPersistence.getCurrentUser()) as UserInternal | null;\n let futureCurrentUser = previouslyStoredUser;\n let needsTocheckMiddleware = false;\n if (popupRedirectResolver && this.config.authDomain) {\n await this.getOrInitRedirectPersistenceManager();\n const redirectUserEventId = this.redirectUser?._redirectEventId;\n const storedUserEventId = futureCurrentUser?._redirectEventId;\n const result = await this.tryRedirectSignIn(popupRedirectResolver);\n\n // If the stored user (i.e. the old \"currentUser\") has a redirectId that\n // matches the redirect user, then we want to initially sign in with the\n // new user object from result.\n // TODO(samgho): More thoroughly test all of this\n if (\n (!redirectUserEventId || redirectUserEventId === storedUserEventId) &&\n result?.user\n ) {\n futureCurrentUser = result.user as UserInternal;\n needsTocheckMiddleware = true;\n }\n }\n\n // If no user in persistence, there is no current user. Set to null.\n if (!futureCurrentUser) {\n return this.directlySetCurrentUser(null);\n }\n\n if (!futureCurrentUser._redirectEventId) {\n // This isn't a redirect link operation, we can reload and bail.\n // First though, ensure that we check the middleware is happy.\n if (needsTocheckMiddleware) {\n try {\n await this.beforeStateQueue.runMiddleware(futureCurrentUser);\n } catch (e) {\n futureCurrentUser = previouslyStoredUser;\n // We know this is available since the bit is only set when the\n // resolver is available\n this._popupRedirectResolver!._overrideRedirectResult(this, () =>\n Promise.reject(e)\n );\n }\n }\n\n if (futureCurrentUser) {\n return this.reloadAndSetCurrentUserOrClear(futureCurrentUser);\n } else {\n return this.directlySetCurrentUser(null);\n }\n }\n\n _assert(this._popupRedirectResolver, this, AuthErrorCode.ARGUMENT_ERROR);\n await this.getOrInitRedirectPersistenceManager();\n\n // If the redirect user's event ID matches the current user's event ID,\n // DO NOT reload the current user, otherwise they'll be cleared from storage.\n // This is important for the reauthenticateWithRedirect() flow.\n if (\n this.redirectUser &&\n this.redirectUser._redirectEventId === futureCurrentUser._redirectEventId\n ) {\n return this.directlySetCurrentUser(futureCurrentUser);\n }\n\n return this.reloadAndSetCurrentUserOrClear(futureCurrentUser);\n }\n\n private async tryRedirectSignIn(\n redirectResolver: PopupRedirectResolver\n ): Promise<UserCredential | null> {\n // The redirect user needs to be checked (and signed in if available)\n // during auth initialization. All of the normal sign in and link/reauth\n // flows call back into auth and push things onto the promise queue. We\n // need to await the result of the redirect sign in *inside the promise\n // queue*. This presents a problem: we run into deadlock. See:\n // ┌> [Initialization] ─────┐\n // ┌> [<other queue tasks>] │\n // └─ [getRedirectResult] <─┘\n // where [] are tasks on the queue and arrows denote awaits\n // Initialization will never complete because it's waiting on something\n // that's waiting for initialization to complete!\n //\n // Instead, this method calls getRedirectResult() (stored in\n // _completeRedirectFn) with an optional parameter that instructs all of\n // the underlying auth operations to skip anything that mutates auth state.\n\n let result: UserCredential | null = null;\n try {\n // We know this._popupRedirectResolver is set since redirectResolver\n // is passed in. The _completeRedirectFn expects the unwrapped extern.\n result = await this._popupRedirectResolver!._completeRedirectFn(\n this,\n redirectResolver,\n true\n );\n } catch (e) {\n // Swallow any errors here; the code can retrieve them in\n // getRedirectResult().\n await this._setRedirectUser(null);\n }\n\n return result;\n }\n\n private async reloadAndSetCurrentUserOrClear(\n user: UserInternal\n ): Promise<void> {\n try {\n await _reloadWithoutSaving(user);\n } catch (e) {\n if (\n (e as FirebaseError)?.code !==\n `auth/${AuthErrorCode.NETWORK_REQUEST_FAILED}`\n ) {\n // Something's wrong with the user's token. Log them out and remove\n // them from storage\n return this.directlySetCurrentUser(null);\n }\n }\n\n return this.directlySetCurrentUser(user);\n }\n\n useDeviceLanguage(): void {\n this.languageCode = _getUserLanguage();\n }\n\n async _delete(): Promise<void> {\n this._deleted = true;\n }\n\n async updateCurrentUser(userExtern: User | null): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this)\n );\n }\n // The public updateCurrentUser method needs to make a copy of the user,\n // and also check that the project matches\n const user = userExtern\n ? (getModularInstance(userExtern) as UserInternal)\n : null;\n if (user) {\n _assert(\n user.auth.config.apiKey === this.config.apiKey,\n this,\n AuthErrorCode.INVALID_AUTH\n );\n }\n return this._updateCurrentUser(user && user._clone(this));\n }\n\n async _updateCurrentUser(\n user: User | null,\n skipBeforeStateCallbacks: boolean = false\n ): Promise<void> {\n if (this._deleted) {\n return;\n }\n if (user) {\n _assert(\n this.tenantId === user.tenantId,\n this,\n AuthErrorCode.TENANT_ID_MISMATCH\n );\n }\n\n if (!skipBeforeStateCallbacks) {\n await this.beforeStateQueue.runMiddleware(user);\n }\n\n return this.queue(async () => {\n await this.directlySetCurrentUser(user as UserInternal | null);\n this.notifyAuthListeners();\n });\n }\n\n async signOut(): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this)\n );\n }\n // Run first, to block _setRedirectUser() if any callbacks fail.\n await this.beforeStateQueue.runMiddleware(null);\n // Clear the redirect user when signOut is called\n if (this.redirectPersistenceManager || this._popupRedirectResolver) {\n await this._setRedirectUser(null);\n }\n\n // Prevent callbacks from being called again in _updateCurrentUser, as\n // they were already called in the first line.\n return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);\n }\n\n setPersistence(persistence: Persistence): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this)\n );\n }\n return this.queue(async () => {\n await this.assertedPersistence.setPersistence(_getInstance(persistence));\n });\n }\n\n _getRecaptchaConfig(): RecaptchaConfig | null {\n if (this.tenantId == null) {\n return this._agentRecaptchaConfig;\n } else {\n return this._tenantRecaptchaConfigs[this.tenantId];\n }\n }\n\n async validatePassword(password: string): Promise<PasswordValidationStatus> {\n if (!this._getPasswordPolicyInternal()) {\n await this._updatePasswordPolicy();\n }\n\n // Password policy will be defined after fetching.\n const passwordPolicy: PasswordPolicyInternal =\n this._getPasswordPolicyInternal()!;\n\n // Check that the policy schema version is supported by the SDK.\n // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.\n if (\n passwordPolicy.schemaVersion !==\n this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION\n ) {\n return Promise.reject(\n this._errorFactory.create(\n AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION,\n {}\n )\n );\n }\n\n return passwordPolicy.validatePassword(password);\n }\n\n _getPasswordPolicyInternal(): PasswordPolicyInternal | null {\n if (this.tenantId === null) {\n return this._projectPasswordPolicy;\n } else {\n return this._tenantPasswordPolicies[this.tenantId];\n }\n }\n\n async _updatePasswordPolicy(): Promise<void> {\n const response = await _getPasswordPolicy(this);\n\n const passwordPolicy: PasswordPolicyInternal = new PasswordPolicyImpl(\n response\n );\n\n if (this.tenantId === null) {\n this._projectPasswordPolicy = passwordPolicy;\n } else {\n this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;\n }\n }\n\n _getPersistenceType(): string {\n return this.assertedPersistence.persistence.type;\n }\n\n _getPersistence(): PersistenceInternal {\n return this.assertedPersistence.persistence;\n }\n\n _updateErrorMap(errorMap: AuthErrorMap): void {\n this._errorFactory = new ErrorFactory<AuthErrorCode, AuthErrorParams>(\n 'auth',\n 'Firebase',\n (errorMap as ErrorMapRetriever)()\n );\n }\n\n onAuthStateChanged(\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n return this.registerStateListener(\n this.authStateSubscription,\n nextOrObserver,\n error,\n completed\n );\n }\n\n beforeAuthStateChanged(\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n ): Unsubscribe {\n return this.beforeStateQueue.pushCallback(callback, onAbort);\n }\n\n onIdTokenChanged(\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n return this.registerStateListener(\n this.idTokenSubscription,\n nextOrObserver,\n error,\n completed\n );\n }\n\n authStateReady(): Promise<void> {\n return new Promise((resolve, reject) => {\n if (this.currentUser) {\n resolve();\n } else {\n const unsubscribe = this.onAuthStateChanged(() => {\n unsubscribe();\n resolve();\n }, reject);\n }\n });\n }\n\n /**\n * Revokes the given access token. Currently only supports Apple OAuth access tokens.\n */\n async revokeAccessToken(token: string): Promise<void> {\n if (this.currentUser) {\n const idToken = await this.currentUser.getIdToken();\n // Generalize this to accept other providers once supported.\n const request: RevokeTokenRequest = {\n providerId: 'apple.com',\n tokenType: TokenType.ACCESS_TOKEN,\n token,\n idToken\n };\n if (this.tenantId != null) {\n request.tenantId = this.tenantId;\n }\n await revokeToken(this, request);\n }\n }\n\n toJSON(): object {\n return {\n apiKey: this.config.apiKey,\n authDomain: this.config.authDomain,\n appName: this.name,\n currentUser: this._currentUser?.toJSON()\n };\n }\n\n async _setRedirectUser(\n user: UserInternal | null,\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n const redirectManager = await this.getOrInitRedirectPersistenceManager(\n popupRedirectResolver\n );\n return user === null\n ? redirectManager.removeCurrentUser()\n : redirectManager.setCurrentUser(user);\n }\n\n private async getOrInitRedirectPersistenceManager(\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<PersistenceUserManager> {\n if (!this.redirectPersistenceManager) {\n const resolver: PopupRedirectResolverInternal | null =\n (popupRedirectResolver && _getInstance(popupRedirectResolver)) ||\n this._popupRedirectResolver;\n _assert(resolver, this, AuthErrorCode.ARGUMENT_ERROR);\n this.redirectPersistenceManager = await PersistenceUserManager.create(\n this,\n [_getInstance(resolver._redirectPersistence)],\n KeyName.REDIRECT_USER\n );\n this.redirectUser =\n await this.redirectPersistenceManager.getCurrentUser();\n }\n\n return this.redirectPersistenceManager;\n }\n\n async _redirectUserForId(id: string): Promise<UserInternal | null> {\n // Make sure we've cleared any pending persistence actions if we're not in\n // the initializer\n if (this._isInitialized) {\n await this.queue(async () => {});\n }\n\n if (this._currentUser?._redirectEventId === id) {\n return this._currentUser;\n }\n\n if (this.redirectUser?._redirectEventId === id) {\n return this.redirectUser;\n }\n\n return null;\n }\n\n async _persistUserIfCurrent(user: UserInternal): Promise<void> {\n if (user === this.currentUser) {\n return this.queue(async () => this.directlySetCurrentUser(user));\n }\n }\n\n /** Notifies listeners only if the user is current */\n _notifyListenersIfCurrent(user: UserInternal): void {\n if (user === this.currentUser) {\n this.notifyAuthListeners();\n }\n }\n\n _key(): string {\n return `${this.config.authDomain}:${this.config.apiKey}:${this.name}`;\n }\n\n _startProactiveRefresh(): void {\n this.isProactiveRefreshEnabled = true;\n if (this.currentUser) {\n this._currentUser._startProactiveRefresh();\n }\n }\n\n _stopProactiveRefresh(): void {\n this.isProactiveRefreshEnabled = false;\n if (this.currentUser) {\n this._currentUser._stopProactiveRefresh();\n }\n }\n\n /** Returns the current user cast as the internal type */\n get _currentUser(): UserInternal {\n return this.currentUser as UserInternal;\n }\n\n private notifyAuthListeners(): void {\n if (!this._isInitialized) {\n return;\n }\n\n this.idTokenSubscription.next(this.currentUser);\n\n const currentUid = this.currentUser?.uid ?? null;\n if (this.lastNotifiedUid !== currentUid) {\n this.lastNotifiedUid = currentUid;\n this.authStateSubscription.next(this.currentUser);\n }\n }\n\n private registerStateListener(\n subscription: Subscription<User>,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n if (this._deleted) {\n return () => {};\n }\n\n const cb =\n typeof nextOrObserver === 'function'\n ? nextOrObserver\n : nextOrObserver.next.bind(nextOrObserver);\n\n let isUnsubscribed = false;\n\n const promise = this._isInitialized\n ? Promise.resolve()\n : this._initializationPromise;\n _assert(promise, this, AuthErrorCode.INTERNAL_ERROR);\n // The callback needs to be called asynchronously per the spec.\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n promise.then(() => {\n if (isUnsubscribed) {\n return;\n }\n cb(this.currentUser);\n });\n\n if (typeof nextOrObserver === 'function') {\n const unsubscribe = subscription.addObserver(\n nextOrObserver,\n error,\n completed\n );\n return () => {\n isUnsubscribed = true;\n unsubscribe();\n };\n } else {\n const unsubscribe = subscription.addObserver(nextOrObserver);\n return () => {\n isUnsubscribed = true;\n unsubscribe();\n };\n }\n }\n\n /**\n * Unprotected (from race conditions) method to set the current user. This\n * should only be called from within a queued callback. This is necessary\n * because the queue shouldn't rely on another queued callback.\n */\n private async directlySetCurrentUser(\n user: UserInternal | null\n ): Promise<void> {\n if (this.currentUser && this.currentUser !== user) {\n this._currentUser._stopProactiveRefresh();\n }\n if (user && this.isProactiveRefreshEnabled) {\n user._startProactiveRefresh();\n }\n\n this.currentUser = user;\n\n if (user) {\n await this.assertedPersistence.setCurrentUser(user);\n } else {\n await this.assertedPersistence.removeCurrentUser();\n }\n }\n\n private queue(action: AsyncAction): Promise<void> {\n // In case something errors, the callback still should be called in order\n // to keep the promise chain alive\n this.operations = this.operations.then(action, action);\n return this.operations;\n }\n\n private get assertedPersistence(): PersistenceUserManager {\n _assert(this.persistenceManager, this, AuthErrorCode.INTERNAL_ERROR);\n return this.persistenceManager;\n }\n\n private frameworks: string[] = [];\n private clientVersion: string;\n _logFramework(framework: string): void {\n if (!framework || this.frameworks.includes(framework)) {\n return;\n }\n this.frameworks.push(framework);\n\n // Sort alphabetically so that \"FirebaseCore-web,FirebaseUI-web\" and\n // \"FirebaseUI-web,FirebaseCore-web\" aren't viewed as different.\n this.frameworks.sort();\n this.clientVersion = _getClientVersion(\n this.config.clientPlatform,\n this._getFrameworks()\n );\n }\n _getFrameworks(): readonly string[] {\n return this.frameworks;\n }\n async _getAdditionalHeaders(): Promise<Record<string, string>> {\n // Additional headers on every request\n const headers: Record<string, string> = {\n [HttpHeader.X_CLIENT_VERSION]: this.clientVersion\n };\n\n if (this.app.options.appId) {\n headers[HttpHeader.X_FIREBASE_GMPID] = this.app.options.appId;\n }\n\n // If the heartbeat service exists, add the heartbeat string\n const heartbeatsHeader = await this.heartbeatServiceProvider\n .getImmediate({\n optional: true\n })\n ?.getHeartbeatsHeader();\n if (heartbeatsHeader) {\n headers[HttpHeader.X_FIREBASE_CLIENT] = heartbeatsHeader;\n }\n\n // If the App Check service exists, add the App Check token in the headers\n const appCheckToken = await this._getAppCheckToken();\n if (appCheckToken) {\n headers[HttpHeader.X_FIREBASE_APP_CHECK] = appCheckToken;\n }\n\n return headers;\n }\n\n async _getAppCheckToken(): Promise<string | undefined> {\n if (_isFirebaseServerApp(this.app) && this.app.settings.appCheckToken) {\n return this.app.settings.appCheckToken;\n }\n const appCheckTokenResult = await this.appCheckServiceProvider\n .getImmediate({ optional: true })\n ?.getToken();\n if (appCheckTokenResult?.error) {\n // Context: appCheck.getToken() will never throw even if an error happened.\n // In the error case, a dummy token will be returned along with an error field describing\n // the error. In general, we shouldn't care about the error condition and just use\n // the token (actual or dummy) to send requests.\n _logWarn(\n `Error while retrieving App Check token: ${appCheckTokenResult.error}`\n );\n }\n return appCheckTokenResult?.token;\n }\n}\n\n/**\n * Method to be used to cast down to our private implementation of Auth.\n * It will also handle unwrapping from the compat type if necessary\n *\n * @param auth Auth object passed in from developer\n */\nexport function _castAuth(auth: Auth): AuthInternal {\n return getModularInstance(auth) as AuthInternal;\n}\n\n/** Helper class to wrap subscriber logic */\nclass Subscription<T> {\n private observer: Observer<T | null> | null = null;\n readonly addObserver: Subscribe<T | null> = createSubscribe(\n observer => (this.observer = observer)\n );\n\n constructor(readonly auth: AuthInternal) {}\n\n get next(): NextFn<T | null> {\n _assert(this.observer, this.auth, AuthErrorCode.INTERNAL_ERROR);\n return this.observer.next.bind(this.observer);\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\ninterface ExternalJSProvider {\n loadJS(url: string): Promise<Event>;\n recaptchaV2Script: string;\n recaptchaEnterpriseScript: string;\n gapiScript: string;\n}\n\nlet externalJSProvider: ExternalJSProvider = {\n async loadJS() {\n throw new Error('Unable to load external scripts');\n },\n\n recaptchaV2Script: '',\n recaptchaEnterpriseScript: '',\n gapiScript: ''\n};\n\nexport function _setExternalJSProvider(p: ExternalJSProvider): void {\n externalJSProvider = p;\n}\n\nexport function _loadJS(url: string): Promise<Event> {\n return externalJSProvider.loadJS(url);\n}\n\nexport function _recaptchaV2ScriptUrl(): string {\n return externalJSProvider.recaptchaV2Script;\n}\n\nexport function _recaptchaEnterpriseScriptUrl(): string {\n return externalJSProvider.recaptchaEnterpriseScript;\n}\n\nexport function _gapiScriptUrl(): string {\n return externalJSProvider.gapiScript;\n}\n\nexport function _generateCallbackName(prefix: string): string {\n return `__${prefix}${Math.floor(Math.random() * 1000000)}`;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\nimport { AuthInternal } from '../../model/auth';\nimport { RecaptchaParameters } from '../../model/public_types';\nimport {\n Recaptcha,\n GreCAPTCHATopLevel,\n GreCAPTCHARenderOption,\n GreCAPTCHA\n} from './recaptcha';\n\nexport const _SOLVE_TIME_MS = 500;\nexport const _EXPIRATION_TIME_MS = 60_000;\nexport const _WIDGET_ID_START = 1_000_000_000_000;\n\nexport interface Widget {\n getResponse: () => string | null;\n delete: () => void;\n execute: () => void;\n}\n\nexport class MockReCaptcha implements Recaptcha {\n private counter = _WIDGET_ID_START;\n _widgets = new Map<number, Widget>();\n\n constructor(private readonly auth: AuthInternal) {}\n\n render(\n container: string | HTMLElement,\n parameters?: RecaptchaParameters\n ): number {\n const id = this.counter;\n this._widgets.set(\n id,\n new MockWidget(container, this.auth.name, parameters || {})\n );\n this.counter++;\n return id;\n }\n\n reset(optWidgetId?: number): void {\n const id = optWidgetId || _WIDGET_ID_START;\n void this._widgets.get(id)?.delete();\n this._widgets.delete(id);\n }\n\n getResponse(optWidgetId?: number): string {\n const id = optWidgetId || _WIDGET_ID_START;\n return this._widgets.get(id)?.getResponse() || '';\n }\n\n async execute(optWidgetId?: number | string): Promise<string> {\n const id: number = (optWidgetId as number) || _WIDGET_ID_START;\n void this._widgets.get(id)?.execute();\n return '';\n }\n}\n\nexport class MockGreCAPTCHATopLevel implements GreCAPTCHATopLevel {\n enterprise: GreCAPTCHA = new MockGreCAPTCHA();\n ready(callback: () => void): void {\n callback();\n }\n\n execute(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _siteKey: string,\n _options: { action: string }\n ): Promise<string> {\n return Promise.resolve('token');\n }\n render(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _container: string | HTMLElement,\n _parameters: GreCAPTCHARenderOption\n ): string {\n return '';\n }\n}\n\nexport class MockGreCAPTCHA implements GreCAPTCHA {\n ready(callback: () => void): void {\n callback();\n }\n\n execute(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _siteKey: string,\n _options: { action: string }\n ): Promise<string> {\n return Promise.resolve('token');\n }\n render(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _container: string | HTMLElement,\n _parameters: GreCAPTCHARenderOption\n ): string {\n return '';\n }\n}\n\nexport class MockWidget {\n private readonly container: HTMLElement;\n private readonly isVisible: boolean;\n private timerId: number | null = null;\n private deleted = false;\n private responseToken: string | null = null;\n private readonly clickHandler = (): void => {\n this.execute();\n };\n\n constructor(\n containerOrId: string | HTMLElement,\n appName: string,\n private readonly params: RecaptchaParameters\n ) {\n const container =\n typeof containerOrId === 'string'\n ? document.getElementById(containerOrId)\n : containerOrId;\n _assert(container, AuthErrorCode.ARGUMENT_ERROR, { appName });\n\n this.container = container;\n this.isVisible = this.params.size !== 'invisible';\n if (this.isVisible) {\n this.execute();\n } else {\n this.container.addEventListener('click', this.clickHandler);\n }\n }\n\n getResponse(): string | null {\n this.checkIfDeleted();\n return this.responseToken;\n }\n\n delete(): void {\n this.checkIfDeleted();\n this.deleted = true;\n if (this.timerId) {\n clearTimeout(this.timerId);\n this.timerId = null;\n }\n this.container.removeEventListener('click', this.clickHandler);\n }\n\n execute(): void {\n this.checkIfDeleted();\n if (this.timerId) {\n return;\n }\n\n this.timerId = window.setTimeout(() => {\n this.responseToken = generateRandomAlphaNumericString(50);\n const { callback, 'expired-callback': expiredCallback } = this.params;\n if (callback) {\n try {\n callback(this.responseToken);\n } catch (e) {}\n }\n\n this.timerId = window.setTimeout(() => {\n this.timerId = null;\n this.responseToken = null;\n if (expiredCallback) {\n try {\n expiredCallback();\n } catch (e) {}\n }\n\n if (this.isVisible) {\n this.execute();\n }\n }, _EXPIRATION_TIME_MS);\n }, _SOLVE_TIME_MS);\n }\n\n private checkIfDeleted(): void {\n if (this.deleted) {\n throw new Error('reCAPTCHA mock was already deleted!');\n }\n }\n}\n\nfunction generateRandomAlphaNumericString(len: number): string {\n const chars = [];\n const allowedChars =\n '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';\n for (let i = 0; i < len; i++) {\n chars.push(\n allowedChars.charAt(Math.floor(Math.random() * allowedChars.length))\n );\n }\n return chars.join('');\n}\n", "/* eslint-disable @typescript-eslint/no-require-imports */\n/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isEnterprise, RecaptchaConfig } from './recaptcha';\nimport { getRecaptchaConfig } from '../../api/authentication/recaptcha';\nimport {\n RecaptchaClientType,\n RecaptchaVersion,\n RecaptchaActionName,\n RecaptchaAuthProvider,\n EnforcementState\n} from '../../api';\n\nimport { Auth } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport * as jsHelpers from '../load_js';\nimport { AuthErrorCode } from '../../core/errors';\nimport { StartPhoneMfaEnrollmentRequest } from '../../api/account_management/mfa';\nimport { StartPhoneMfaSignInRequest } from '../../api/authentication/mfa';\nimport { MockGreCAPTCHATopLevel } from './recaptcha_mock';\n\nexport const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';\nexport const FAKE_TOKEN = 'NO_RECAPTCHA';\n\nexport class RecaptchaEnterpriseVerifier {\n /**\n * Identifies the type of application verifier (e.g. \"recaptcha-enterprise\").\n */\n readonly type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;\n\n private readonly auth: AuthInternal;\n\n /**\n *\n * @param authExtern - The corresponding Firebase {@link Auth} instance.\n *\n */\n constructor(authExtern: Auth) {\n this.auth = _castAuth(authExtern);\n }\n\n /**\n * Executes the verification process.\n *\n * @returns A Promise for a token that can be used to assert the validity of a request.\n */\n async verify(\n action: string = 'verify',\n forceRefresh = false\n ): Promise<string> {\n async function retrieveSiteKey(auth: AuthInternal): Promise<string> {\n if (!forceRefresh) {\n if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {\n return auth._agentRecaptchaConfig.siteKey;\n }\n if (\n auth.tenantId != null &&\n auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined\n ) {\n return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;\n }\n }\n\n return new Promise<string>(async (resolve, reject) => {\n getRecaptchaConfig(auth, {\n clientType: RecaptchaClientType.WEB,\n version: RecaptchaVersion.ENTERPRISE\n })\n .then(response => {\n if (response.recaptchaKey === undefined) {\n reject(new Error('recaptcha Enterprise site key undefined'));\n } else {\n const config = new RecaptchaConfig(response);\n if (auth.tenantId == null) {\n auth._agentRecaptchaConfig = config;\n } else {\n auth._tenantRecaptchaConfigs[auth.tenantId] = config;\n }\n return resolve(config.siteKey);\n }\n })\n .catch(error => {\n reject(error);\n });\n });\n }\n\n function retrieveRecaptchaToken(\n siteKey: string,\n resolve: (value: string | PromiseLike<string>) => void,\n reject: (reason?: unknown) => void\n ): void {\n const grecaptcha = window.grecaptcha;\n if (isEnterprise(grecaptcha)) {\n grecaptcha.enterprise.ready(() => {\n grecaptcha.enterprise\n .execute(siteKey, { action })\n .then(token => {\n resolve(token);\n })\n .catch(() => {\n resolve(FAKE_TOKEN);\n });\n });\n } else {\n reject(Error('No reCAPTCHA enterprise script loaded.'));\n }\n }\n\n // Returns Promise for a mock token when appVerificationDisabledForTesting is true.\n if (this.auth.settings.appVerificationDisabledForTesting) {\n const mockRecaptcha = new MockGreCAPTCHATopLevel();\n return mockRecaptcha.execute('siteKey', { action: 'verify' });\n }\n\n return new Promise<string>((resolve, reject) => {\n retrieveSiteKey(this.auth)\n .then(siteKey => {\n if (!forceRefresh && isEnterprise(window.grecaptcha)) {\n retrieveRecaptchaToken(siteKey, resolve, reject);\n } else {\n if (typeof window === 'undefined') {\n reject(\n new Error('RecaptchaVerifier is only supported in browser')\n );\n return;\n }\n let url = jsHelpers._recaptchaEnterpriseScriptUrl();\n if (url.length !== 0) {\n url += siteKey;\n }\n jsHelpers\n ._loadJS(url)\n .then(() => {\n retrieveRecaptchaToken(siteKey, resolve, reject);\n })\n .catch(error => {\n reject(error);\n });\n }\n })\n .catch(error => {\n reject(error);\n });\n });\n }\n}\n\nexport async function injectRecaptchaFields<T extends object>(\n auth: AuthInternal,\n request: T,\n action: RecaptchaActionName,\n isCaptchaResp = false,\n isFakeToken = false\n): Promise<T> {\n const verifier = new RecaptchaEnterpriseVerifier(auth);\n let captchaResponse;\n\n if (isFakeToken) {\n captchaResponse = FAKE_TOKEN;\n } else {\n try {\n captchaResponse = await verifier.verify(action);\n } catch (error) {\n captchaResponse = await verifier.verify(action, true);\n }\n }\n\n const newRequest = { ...request };\n if (\n action === RecaptchaActionName.MFA_SMS_ENROLLMENT ||\n action === RecaptchaActionName.MFA_SMS_SIGNIN\n ) {\n if ('phoneEnrollmentInfo' in newRequest) {\n const phoneNumber = (\n newRequest as unknown as StartPhoneMfaEnrollmentRequest\n ).phoneEnrollmentInfo.phoneNumber;\n const recaptchaToken = (\n newRequest as unknown as StartPhoneMfaEnrollmentRequest\n ).phoneEnrollmentInfo.recaptchaToken;\n\n Object.assign(newRequest, {\n 'phoneEnrollmentInfo': {\n phoneNumber,\n recaptchaToken,\n captchaResponse,\n 'clientType': RecaptchaClientType.WEB,\n 'recaptchaVersion': RecaptchaVersion.ENTERPRISE\n }\n });\n } else if ('phoneSignInInfo' in newRequest) {\n const recaptchaToken = (\n newRequest as unknown as StartPhoneMfaSignInRequest\n ).phoneSignInInfo.recaptchaToken;\n\n Object.assign(newRequest, {\n 'phoneSignInInfo': {\n recaptchaToken,\n captchaResponse,\n 'clientType': RecaptchaClientType.WEB,\n 'recaptchaVersion': RecaptchaVersion.ENTERPRISE\n }\n });\n }\n return newRequest;\n }\n\n if (!isCaptchaResp) {\n Object.assign(newRequest, { captchaResponse });\n } else {\n Object.assign(newRequest, { 'captchaResp': captchaResponse });\n }\n Object.assign(newRequest, { 'clientType': RecaptchaClientType.WEB });\n Object.assign(newRequest, {\n 'recaptchaVersion': RecaptchaVersion.ENTERPRISE\n });\n return newRequest;\n}\n\ntype ActionMethod<TRequest, TResponse> = (\n auth: AuthInternal,\n request: TRequest\n) => Promise<TResponse>;\n\nexport async function handleRecaptchaFlow<TRequest extends object, TResponse>(\n authInstance: AuthInternal,\n request: TRequest,\n actionName: RecaptchaActionName,\n actionMethod: ActionMethod<TRequest, TResponse>,\n recaptchaAuthProvider: RecaptchaAuthProvider\n): Promise<TResponse> {\n if (recaptchaAuthProvider === RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER) {\n if (\n authInstance\n ._getRecaptchaConfig()\n ?.isProviderEnabled(RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER)\n ) {\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n actionName === RecaptchaActionName.GET_OOB_CODE\n );\n return actionMethod(authInstance, requestWithRecaptcha);\n } else {\n return actionMethod(authInstance, request).catch(async error => {\n if (error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}`) {\n console.log(\n `${actionName} is protected by reCAPTCHA Enterprise for this project. Automatically triggering the reCAPTCHA flow and restarting the flow.`\n );\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n actionName === RecaptchaActionName.GET_OOB_CODE\n );\n return actionMethod(authInstance, requestWithRecaptcha);\n } else {\n return Promise.reject(error);\n }\n });\n }\n } else if (recaptchaAuthProvider === RecaptchaAuthProvider.PHONE_PROVIDER) {\n if (\n authInstance\n ._getRecaptchaConfig()\n ?.isProviderEnabled(RecaptchaAuthProvider.PHONE_PROVIDER)\n ) {\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName\n );\n\n return actionMethod(authInstance, requestWithRecaptcha).catch(\n async error => {\n if (\n authInstance\n ._getRecaptchaConfig()\n ?.getProviderEnforcementState(\n RecaptchaAuthProvider.PHONE_PROVIDER\n ) === EnforcementState.AUDIT\n ) {\n // AUDIT mode\n if (\n error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}` ||\n error.code === `auth/${AuthErrorCode.INVALID_APP_CREDENTIAL}`\n ) {\n console.log(\n `Failed to verify with reCAPTCHA Enterprise. Automatically triggering the reCAPTCHA v2 flow to complete the ${actionName} flow.`\n );\n // reCAPTCHA Enterprise token is missing or reCAPTCHA Enterprise token\n // check fails.\n // Fallback to reCAPTCHA v2 flow.\n const requestWithRecaptchaFields = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n false, // isCaptchaResp\n true // isFakeToken\n );\n // This will call the PhoneApiCaller to fetch and inject reCAPTCHA v2 token.\n return actionMethod(authInstance, requestWithRecaptchaFields);\n }\n }\n // ENFORCE mode or AUDIT mode with any other error.\n return Promise.reject(error);\n }\n );\n } else {\n // Do reCAPTCHA v2 flow.\n const requestWithRecaptchaFields = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n false, // isCaptchaResp\n true // isFakeToken\n );\n\n // This will call the PhoneApiCaller to fetch and inject v2 token.\n return actionMethod(authInstance, requestWithRecaptchaFields);\n }\n } else {\n return Promise.reject(\n recaptchaAuthProvider + ' provider is not supported.'\n );\n }\n}\n\nexport async function _initializeRecaptchaConfig(auth: Auth): Promise<void> {\n const authInternal = _castAuth(auth);\n\n const response = await getRecaptchaConfig(authInternal, {\n clientType: RecaptchaClientType.WEB,\n version: RecaptchaVersion.ENTERPRISE\n });\n\n const config = new RecaptchaConfig(response);\n if (authInternal.tenantId == null) {\n authInternal._agentRecaptchaConfig = config;\n } else {\n authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;\n }\n\n if (config.isAnyProviderEnabled()) {\n const verifier = new RecaptchaEnterpriseVerifier(authInternal);\n void verifier.verify();\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _getProvider, FirebaseApp } from '@firebase/app';\nimport { deepEqual } from '@firebase/util';\nimport { Auth, Dependencies } from '../../model/public_types';\n\nimport { AuthErrorCode } from '../errors';\nimport { PersistenceInternal } from '../persistence';\nimport { _fail } from '../util/assert';\nimport { _getInstance } from '../util/instantiator';\nimport { AuthImpl } from './auth_impl';\n\n/**\n * Initializes an {@link Auth} instance with fine-grained control over\n * {@link Dependencies}.\n *\n * @remarks\n *\n * This function allows more control over the {@link Auth} instance than\n * {@link getAuth}. `getAuth` uses platform-specific defaults to supply\n * the {@link Dependencies}. In general, `getAuth` is the easiest way to\n * initialize Auth and works for most use cases. Use `initializeAuth` if you\n * need control over which persistence layer is used, or to minimize bundle\n * size if you're not using either `signInWithPopup` or `signInWithRedirect`.\n *\n * For example, if your app only uses anonymous accounts and you only want\n * accounts saved for the current session, initialize `Auth` with:\n *\n * ```js\n * const auth = initializeAuth(app, {\n * persistence: browserSessionPersistence,\n * popupRedirectResolver: undefined,\n * });\n * ```\n *\n * @public\n */\nexport function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth {\n const provider = _getProvider(app, 'auth');\n\n if (provider.isInitialized()) {\n const auth = provider.getImmediate() as AuthImpl;\n const initialOptions = provider.getOptions() as Dependencies;\n if (deepEqual(initialOptions, deps ?? {})) {\n return auth;\n } else {\n _fail(auth, AuthErrorCode.ALREADY_INITIALIZED);\n }\n }\n\n const auth = provider.initialize({ options: deps }) as AuthImpl;\n\n return auth;\n}\n\nexport function _initializeAuthInstance(\n auth: AuthImpl,\n deps?: Dependencies\n): void {\n const persistence = deps?.persistence || [];\n const hierarchy = (\n Array.isArray(persistence) ? persistence : [persistence]\n ).map<PersistenceInternal>(_getInstance);\n if (deps?.errorMap) {\n auth._updateErrorMap(deps.errorMap);\n }\n\n // This promise is intended to float; auth initialization happens in the\n // background, meanwhile the auth object may be used by the app.\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n auth._initializeWithPersistence(hierarchy, deps?.popupRedirectResolver);\n}\n", "/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Auth } from '../../model/public_types';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _castAuth } from './auth_impl';\nimport {\n deepEqual,\n isCloudWorkstation,\n pingServer,\n updateEmulatorBanner\n} from '@firebase/util';\n\n/**\n * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production\n * Firebase Auth services.\n *\n * @remarks\n * This must be called synchronously immediately following the first call to\n * {@link initializeAuth}. Do not use with production credentials as emulator\n * traffic is not encrypted.\n *\n *\n * @example\n * ```javascript\n * connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').\n * @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to\n * `true` to disable the warning banner attached to the DOM.\n *\n * @public\n */\nexport function connectAuthEmulator(\n auth: Auth,\n url: string,\n options?: { disableWarnings: boolean }\n): void {\n const authInternal = _castAuth(auth);\n _assert(\n /^https?:\\/\\//.test(url),\n authInternal,\n AuthErrorCode.INVALID_EMULATOR_SCHEME\n );\n\n const disableWarnings = !!options?.disableWarnings;\n\n const protocol = extractProtocol(url);\n const { host, port } = extractHostAndPort(url);\n const portStr = port === null ? '' : `:${port}`;\n\n // Always replace path with \"/\" (even if input url had no path at all, or had a different one).\n const emulator = { url: `${protocol}//${host}${portStr}/` };\n const emulatorConfig = Object.freeze({\n host,\n port,\n protocol: protocol.replace(':', ''),\n options: Object.freeze({ disableWarnings })\n });\n\n // There are a few scenarios to guard against if the Auth instance has already started:\n if (!authInternal._canInitEmulator) {\n // Applications may not initialize the emulator for the first time if Auth has already started\n // to make network requests.\n _assert(\n authInternal.config.emulator && authInternal.emulatorConfig,\n authInternal,\n AuthErrorCode.EMULATOR_CONFIG_FAILED\n );\n\n // Applications may not alter the configuration of the emulator (aka pass a different config)\n // once Auth has started to make network requests.\n _assert(\n deepEqual(emulator, authInternal.config.emulator) &&\n deepEqual(emulatorConfig, authInternal.emulatorConfig),\n authInternal,\n AuthErrorCode.EMULATOR_CONFIG_FAILED\n );\n\n // It's valid, however, to invoke connectAuthEmulator() after Auth has started making\n // connections, so long as the config matches the existing config. This results in a no-op.\n return;\n }\n\n authInternal.config.emulator = emulator;\n authInternal.emulatorConfig = emulatorConfig;\n authInternal.settings.appVerificationDisabledForTesting = true;\n\n // Workaround to get cookies in Firebase Studio\n if (isCloudWorkstation(host)) {\n void pingServer(`${protocol}//${host}${portStr}`);\n updateEmulatorBanner('Auth', true);\n } else if (!disableWarnings) {\n emitEmulatorWarning();\n }\n}\n\nfunction extractProtocol(url: string): string {\n const protocolEnd = url.indexOf(':');\n return protocolEnd < 0 ? '' : url.substr(0, protocolEnd + 1);\n}\n\nfunction extractHostAndPort(url: string): {\n host: string;\n port: number | null;\n} {\n const protocol = extractProtocol(url);\n const authority = /(\\/\\/)?([^?#/]+)/.exec(url.substr(protocol.length)); // Between // and /, ? or #.\n if (!authority) {\n return { host: '', port: null };\n }\n const hostAndPort = authority[2].split('@').pop() || ''; // Strip out \"username:password@\".\n const bracketedIPv6 = /^(\\[[^\\]]+\\])(:|$)/.exec(hostAndPort);\n if (bracketedIPv6) {\n const host = bracketedIPv6[1];\n return { host, port: parsePort(hostAndPort.substr(host.length + 1)) };\n } else {\n const [host, port] = hostAndPort.split(':');\n return { host, port: parsePort(port) };\n }\n}\n\nfunction parsePort(portStr: string): number | null {\n if (!portStr) {\n return null;\n }\n const port = Number(portStr);\n if (isNaN(port)) {\n return null;\n }\n return port;\n}\n\nfunction emitEmulatorWarning(): void {\n function attachBanner(): void {\n const el = document.createElement('p');\n const sty = el.style;\n el.innerText =\n 'Running in emulator mode. Do not use with production credentials.';\n sty.position = 'fixed';\n sty.width = '100%';\n sty.backgroundColor = '#ffffff';\n sty.border = '.1em solid #000000';\n sty.color = '#b50000';\n sty.bottom = '0px';\n sty.left = '0px';\n sty.margin = '0px';\n sty.zIndex = '10000';\n sty.textAlign = 'center';\n el.classList.add('firebase-emulator-warning');\n document.body.appendChild(el);\n }\n\n if (typeof console !== 'undefined' && typeof console.info === 'function') {\n console.info(\n 'WARNING: You are using the Auth Emulator,' +\n ' which is intended for local testing only. Do not use with' +\n ' production credentials.'\n );\n }\n if (typeof window !== 'undefined' && typeof document !== 'undefined') {\n if (document.readyState === 'loading') {\n window.addEventListener('DOMContentLoaded', attachBanner);\n } else {\n attachBanner();\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { debugFail } from '../util/assert';\n\n/**\n * Interface that represents the credentials returned by an {@link AuthProvider}.\n *\n * @remarks\n * Implementations specify the details about each auth provider's credential requirements.\n *\n * @public\n */\nexport class AuthCredential {\n /** @internal */\n protected constructor(\n /**\n * The authentication provider ID for the credential.\n *\n * @remarks\n * For example, 'facebook.com', or 'google.com'.\n */\n readonly providerId: string,\n /**\n * The authentication sign in method for the credential.\n *\n * @remarks\n * For example, {@link SignInMethod}.EMAIL_PASSWORD, or\n * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method\n * identifier as returned in {@link fetchSignInMethodsForEmail}.\n */\n readonly signInMethod: string\n ) {}\n\n /**\n * Returns a JSON-serializable representation of this object.\n *\n * @returns a JSON-serializable representation of this object.\n */\n toJSON(): object {\n return debugFail('not implemented');\n }\n\n /** @internal */\n _getIdTokenResponse(_auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return debugFail('not implemented');\n }\n /** @internal */\n _linkToIdToken(\n _auth: AuthInternal,\n _idToken: string\n ): Promise<IdTokenResponse> {\n return debugFail('not implemented');\n }\n /** @internal */\n _getReauthenticationResolver(_auth: AuthInternal): Promise<IdTokenResponse> {\n return debugFail('not implemented');\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeOperation, Auth } from '../../model/public_types';\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { MfaEnrollment } from './mfa';\nimport { SignUpRequest, SignUpResponse } from '../authentication/sign_up';\n\nexport interface ResetPasswordRequest {\n oobCode: string;\n newPassword?: string;\n tenantId?: string;\n}\n\nexport interface ResetPasswordResponse {\n email: string;\n newEmail?: string;\n requestType?: ActionCodeOperation;\n mfaInfo?: MfaEnrollment;\n}\n\nexport async function resetPassword(\n auth: Auth,\n request: ResetPasswordRequest\n): Promise<ResetPasswordResponse> {\n return _performApiRequest<ResetPasswordRequest, ResetPasswordResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.RESET_PASSWORD,\n _addTidIfNecessary(auth, request)\n );\n}\nexport interface UpdateEmailPasswordRequest {\n idToken: string;\n returnSecureToken?: boolean;\n email?: string;\n password?: string;\n}\n\nexport interface UpdateEmailPasswordResponse extends IdTokenResponse {}\n\nexport async function updateEmailPassword(\n auth: Auth,\n request: UpdateEmailPasswordRequest\n): Promise<UpdateEmailPasswordResponse> {\n return _performApiRequest<\n UpdateEmailPasswordRequest,\n UpdateEmailPasswordResponse\n >(auth, HttpMethod.POST, Endpoint.SET_ACCOUNT_INFO, request);\n}\n\n// Used for linking an email/password account to an existing idToken. Uses the same request/response\n// format as updateEmailPassword.\nexport async function linkEmailPassword(\n auth: Auth,\n request: SignUpRequest\n): Promise<SignUpResponse> {\n return _performApiRequest<SignUpRequest, SignUpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_UP,\n request\n );\n}\n\nexport interface ApplyActionCodeRequest {\n oobCode: string;\n tenantId?: string;\n}\n\nexport interface ApplyActionCodeResponse {}\n\nexport async function applyActionCode(\n auth: Auth,\n request: ApplyActionCodeRequest\n): Promise<ApplyActionCodeResponse> {\n return _performApiRequest<ApplyActionCodeRequest, ApplyActionCodeResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SET_ACCOUNT_INFO,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeOperation, Auth } from '../../model/public_types';\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performApiRequest,\n _performSignInRequest\n} from '../index';\nimport { IdToken, IdTokenResponse } from '../../model/id_token';\n\nexport interface SignInWithPasswordRequest {\n returnSecureToken?: boolean;\n email: string;\n password: string;\n tenantId?: string;\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SignInWithPasswordResponse extends IdTokenResponse {\n email: string;\n displayName: string;\n}\n\nexport async function signInWithPassword(\n auth: Auth,\n request: SignInWithPasswordRequest\n): Promise<SignInWithPasswordResponse> {\n return _performSignInRequest<\n SignInWithPasswordRequest,\n SignInWithPasswordResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PASSWORD,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface GetOobCodeRequest {\n email?: string; // Everything except VERIFY_AND_CHANGE_EMAIL\n continueUrl?: string;\n iOSBundleId?: string;\n iosAppStoreId?: string;\n androidPackageName?: string;\n androidInstallApp?: boolean;\n androidMinimumVersionCode?: string;\n canHandleCodeInApp?: boolean;\n dynamicLinkDomain?: string;\n tenantId?: string;\n targetProjectid?: string;\n linkDomain?: string;\n}\n\nexport interface VerifyEmailRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.VERIFY_EMAIL;\n idToken: IdToken;\n}\n\nexport interface PasswordResetRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.PASSWORD_RESET;\n email: string;\n captchaResp?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface EmailSignInRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.EMAIL_SIGNIN;\n email: string;\n captchaResp?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface VerifyAndChangeEmailRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL;\n idToken: IdToken;\n newEmail: string;\n}\n\ninterface GetOobCodeResponse {\n email: string;\n}\n\nexport interface VerifyEmailResponse extends GetOobCodeResponse {}\nexport interface PasswordResetResponse extends GetOobCodeResponse {}\nexport interface EmailSignInResponse extends GetOobCodeResponse {}\nexport interface VerifyAndChangeEmailResponse extends GetOobCodeRequest {}\n\nasync function sendOobCode(\n auth: Auth,\n request: GetOobCodeRequest\n): Promise<GetOobCodeResponse> {\n return _performApiRequest<GetOobCodeRequest, GetOobCodeResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SEND_OOB_CODE,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport async function sendEmailVerification(\n auth: Auth,\n request: VerifyEmailRequest\n): Promise<VerifyEmailResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function sendPasswordResetEmail(\n auth: Auth,\n request: PasswordResetRequest\n): Promise<PasswordResetResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function sendSignInLinkToEmail(\n auth: Auth,\n request: EmailSignInRequest\n): Promise<EmailSignInResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function verifyAndChangeEmail(\n auth: Auth,\n request: VerifyAndChangeEmailRequest\n): Promise<VerifyAndChangeEmailResponse> {\n return sendOobCode(auth, request);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performSignInRequest,\n Endpoint,\n HttpMethod,\n _addTidIfNecessary\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithEmailLinkRequest {\n email: string;\n oobCode: string;\n tenantId?: string;\n}\n\nexport interface SignInWithEmailLinkResponse extends IdTokenResponse {\n email: string;\n isNewUser: boolean;\n}\n\nexport async function signInWithEmailLink(\n auth: Auth,\n request: SignInWithEmailLinkRequest\n): Promise<SignInWithEmailLinkResponse> {\n return _performSignInRequest<\n SignInWithEmailLinkRequest,\n SignInWithEmailLinkResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_EMAIL_LINK,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface SignInWithEmailLinkForLinkingRequest\n extends SignInWithEmailLinkRequest {\n idToken: string;\n}\n\nexport async function signInWithEmailLinkForLinking(\n auth: Auth,\n request: SignInWithEmailLinkForLinkingRequest\n): Promise<SignInWithEmailLinkResponse> {\n return _performSignInRequest<\n SignInWithEmailLinkForLinkingRequest,\n SignInWithEmailLinkResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_EMAIL_LINK,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\nimport { linkEmailPassword } from '../../api/account_management/email_and_password';\nimport {\n signInWithPassword,\n SignInWithPasswordRequest\n} from '../../api/authentication/email_and_password';\nimport {\n signInWithEmailLink,\n signInWithEmailLinkForLinking\n} from '../../api/authentication/email_link';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from '../util/assert';\nimport { AuthCredential } from './auth_credential';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport {\n RecaptchaActionName,\n RecaptchaClientType,\n RecaptchaAuthProvider\n} from '../../api';\nimport { SignUpRequest } from '../../api/authentication/sign_up';\n/**\n * Interface that represents the credentials returned by {@link EmailAuthProvider} for\n * {@link ProviderId}.PASSWORD\n *\n * @remarks\n * Covers both {@link SignInMethod}.EMAIL_PASSWORD and\n * {@link SignInMethod}.EMAIL_LINK.\n *\n * @public\n */\nexport class EmailAuthCredential extends AuthCredential {\n /** @internal */\n private constructor(\n /** @internal */\n readonly _email: string,\n /** @internal */\n readonly _password: string,\n signInMethod: SignInMethod,\n /** @internal */\n readonly _tenantId: string | null = null\n ) {\n super(ProviderId.PASSWORD, signInMethod);\n }\n\n /** @internal */\n static _fromEmailAndPassword(\n email: string,\n password: string\n ): EmailAuthCredential {\n return new EmailAuthCredential(\n email,\n password,\n SignInMethod.EMAIL_PASSWORD\n );\n }\n\n /** @internal */\n static _fromEmailAndCode(\n email: string,\n oobCode: string,\n tenantId: string | null = null\n ): EmailAuthCredential {\n return new EmailAuthCredential(\n email,\n oobCode,\n SignInMethod.EMAIL_LINK,\n tenantId\n );\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n email: this._email,\n password: this._password,\n signInMethod: this.signInMethod,\n tenantId: this._tenantId\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.\n *\n * @param json - Either `object` or the stringified representation of the object. When string is\n * provided, `JSON.parse` would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: object | string): EmailAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n if (obj?.email && obj?.password) {\n if (obj.signInMethod === SignInMethod.EMAIL_PASSWORD) {\n return this._fromEmailAndPassword(obj.email, obj.password);\n } else if (obj.signInMethod === SignInMethod.EMAIL_LINK) {\n return this._fromEmailAndCode(obj.email, obj.password, obj.tenantId);\n }\n }\n return null;\n }\n\n /** @internal */\n async _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n switch (this.signInMethod) {\n case SignInMethod.EMAIL_PASSWORD:\n const request: SignInWithPasswordRequest = {\n returnSecureToken: true,\n email: this._email,\n password: this._password,\n clientType: RecaptchaClientType.WEB\n };\n return handleRecaptchaFlow(\n auth,\n request,\n RecaptchaActionName.SIGN_IN_WITH_PASSWORD,\n signInWithPassword,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n case SignInMethod.EMAIL_LINK:\n return signInWithEmailLink(auth, {\n email: this._email,\n oobCode: this._password\n });\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n /** @internal */\n async _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n switch (this.signInMethod) {\n case SignInMethod.EMAIL_PASSWORD:\n const request: SignUpRequest = {\n idToken,\n returnSecureToken: true,\n email: this._email,\n password: this._password,\n clientType: RecaptchaClientType.WEB\n };\n return handleRecaptchaFlow(\n auth,\n request,\n RecaptchaActionName.SIGN_UP_PASSWORD,\n linkEmailPassword,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n case SignInMethod.EMAIL_LINK:\n return signInWithEmailLinkForLinking(auth, {\n idToken,\n email: this._email,\n oobCode: this._password\n });\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return this._getIdTokenResponse(auth);\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdToken, IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithIdpRequest {\n requestUri: string;\n postBody?: string;\n sessionId?: string;\n tenantId?: string;\n returnSecureToken: boolean;\n returnIdpCredential?: boolean;\n idToken?: IdToken;\n autoCreate?: boolean;\n pendingToken?: string;\n}\n\n/**\n * @internal\n */\nexport interface SignInWithIdpResponse extends IdTokenResponse {\n oauthAccessToken?: string;\n oauthTokenSecret?: string;\n nonce?: string;\n oauthIdToken?: string;\n pendingToken?: string;\n}\n\nexport async function signInWithIdp(\n auth: Auth,\n request: SignInWithIdpRequest\n): Promise<SignInWithIdpResponse> {\n return _performSignInRequest<SignInWithIdpRequest, SignInWithIdpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_IDP,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { querystring } from '@firebase/util';\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from '../util/assert';\nimport { AuthCredential } from './auth_credential';\n\nconst IDP_REQUEST_URI = 'http://localhost';\n\nexport interface OAuthCredentialParams {\n // OAuth 2 uses either id token or access token\n idToken?: string | null;\n accessToken?: string | null;\n\n // These fields are used with OAuth 1\n oauthToken?: string;\n secret?: string;\n oauthTokenSecret?: string;\n\n // Nonce is only set if pendingToken is not present\n nonce?: string;\n pendingToken?: string;\n\n // Utilities\n providerId: string;\n signInMethod: string;\n}\n\n/**\n * Represents the OAuth credentials returned by an {@link OAuthProvider}.\n *\n * @remarks\n * Implementations specify the details about each auth provider's credential requirements.\n *\n * @public\n */\nexport class OAuthCredential extends AuthCredential {\n /**\n * The OAuth ID token associated with the credential if it belongs to an OIDC provider,\n * such as `google.com`.\n * @readonly\n */\n idToken?: string;\n /**\n * The OAuth access token associated with the credential if it belongs to an\n * {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.\n * @readonly\n */\n accessToken?: string;\n /**\n * The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0\n * provider, such as `twitter.com`.\n * @readonly\n */\n secret?: string;\n\n private nonce?: string;\n private pendingToken: string | null = null;\n\n /** @internal */\n static _fromParams(params: OAuthCredentialParams): OAuthCredential {\n const cred = new OAuthCredential(params.providerId, params.signInMethod);\n\n if (params.idToken || params.accessToken) {\n // OAuth 2 and either ID token or access token.\n if (params.idToken) {\n cred.idToken = params.idToken;\n }\n\n if (params.accessToken) {\n cred.accessToken = params.accessToken;\n }\n\n // Add nonce if available and no pendingToken is present.\n if (params.nonce && !params.pendingToken) {\n cred.nonce = params.nonce;\n }\n\n if (params.pendingToken) {\n cred.pendingToken = params.pendingToken;\n }\n } else if (params.oauthToken && params.oauthTokenSecret) {\n // OAuth 1 and OAuth token with token secret\n cred.accessToken = params.oauthToken;\n cred.secret = params.oauthTokenSecret;\n } else {\n _fail(AuthErrorCode.ARGUMENT_ERROR);\n }\n\n return cred;\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n idToken: this.idToken,\n accessToken: this.accessToken,\n secret: this.secret,\n nonce: this.nonce,\n pendingToken: this.pendingToken,\n providerId: this.providerId,\n signInMethod: this.signInMethod\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an\n * {@link AuthCredential}.\n *\n * @param json - Input can be either Object or the stringified representation of the object.\n * When string is provided, JSON.parse would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: string | object): OAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n const { providerId, signInMethod, ...rest }: OAuthCredentialParams = obj;\n if (!providerId || !signInMethod) {\n return null;\n }\n\n const cred = new OAuthCredential(providerId, signInMethod);\n cred.idToken = rest.idToken || undefined;\n cred.accessToken = rest.accessToken || undefined;\n cred.secret = rest.secret;\n cred.nonce = rest.nonce;\n cred.pendingToken = rest.pendingToken || null;\n return cred;\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.idToken = idToken;\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.autoCreate = false;\n return signInWithIdp(auth, request);\n }\n\n private buildRequest(): SignInWithIdpRequest {\n const request: SignInWithIdpRequest = {\n requestUri: IDP_REQUEST_URI,\n returnSecureToken: true\n };\n\n if (this.pendingToken) {\n request.pendingToken = this.pendingToken;\n } else {\n const postBody: Record<string, string> = {};\n if (this.idToken) {\n postBody['id_token'] = this.idToken;\n }\n if (this.accessToken) {\n postBody['access_token'] = this.accessToken;\n }\n if (this.secret) {\n postBody['oauth_token_secret'] = this.secret;\n }\n\n postBody['providerId'] = this.providerId;\n if (this.nonce && !this.pendingToken) {\n postBody['nonce'] = this.nonce;\n }\n\n request.postBody = querystring(postBody);\n }\n\n return request;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _makeTaggedError,\n _performApiRequest,\n _performSignInRequest\n} from '../index';\nimport { AuthErrorCode } from '../../core/errors';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { ServerError, ServerErrorMap } from '../errors';\nimport { Auth } from '../../model/public_types';\n\nexport interface SendPhoneVerificationCodeRequest {\n phoneNumber: string;\n // reCAPTCHA v2 token\n recaptchaToken?: string;\n tenantId?: string;\n // reCAPTCHA Enterprise token\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SendPhoneVerificationCodeResponse {\n sessionInfo: string;\n}\n\nexport async function sendPhoneVerificationCode(\n auth: Auth,\n request: SendPhoneVerificationCodeRequest\n): Promise<SendPhoneVerificationCodeResponse> {\n return _performApiRequest<\n SendPhoneVerificationCodeRequest,\n SendPhoneVerificationCodeResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SEND_VERIFICATION_CODE,\n _addTidIfNecessary(auth, request)\n );\n}\n\n/**\n * @internal\n */\nexport interface SignInWithPhoneNumberRequest {\n temporaryProof?: string;\n phoneNumber?: string;\n sessionInfo?: string;\n code?: string;\n tenantId?: string;\n}\n\nexport interface LinkWithPhoneNumberRequest\n extends SignInWithPhoneNumberRequest {\n idToken: string;\n}\n\n/**\n * @internal\n */\nexport interface SignInWithPhoneNumberResponse extends IdTokenResponse {\n temporaryProof?: string;\n phoneNumber?: string;\n}\n\nexport async function signInWithPhoneNumber(\n auth: Auth,\n request: SignInWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n return _performSignInRequest<\n SignInWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport async function linkWithPhoneNumber(\n auth: Auth,\n request: LinkWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n const response = await _performSignInRequest<\n LinkWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, request)\n );\n if (response.temporaryProof) {\n throw _makeTaggedError(auth, AuthErrorCode.NEED_CONFIRMATION, response);\n }\n return response;\n}\n\ninterface VerifyPhoneNumberForExistingRequest\n extends SignInWithPhoneNumberRequest {\n operation: 'REAUTH';\n}\n\nconst VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_: Partial<\n ServerErrorMap<ServerError>\n> = {\n [ServerError.USER_NOT_FOUND]: AuthErrorCode.USER_DELETED\n};\n\nexport async function verifyPhoneNumberForExisting(\n auth: Auth,\n request: SignInWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n const apiRequest: VerifyPhoneNumberForExistingRequest = {\n ...request,\n operation: 'REAUTH'\n };\n return _performSignInRequest<\n VerifyPhoneNumberForExistingRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, apiRequest),\n VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport {\n linkWithPhoneNumber,\n signInWithPhoneNumber,\n SignInWithPhoneNumberRequest,\n verifyPhoneNumberForExisting\n} from '../../api/authentication/sms';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthCredential } from './auth_credential';\n\nexport interface PhoneAuthCredentialParameters {\n verificationId?: string;\n verificationCode?: string;\n phoneNumber?: string;\n temporaryProof?: string;\n}\n\n/**\n * Represents the credentials returned by {@link PhoneAuthProvider}.\n *\n * @public\n */\nexport class PhoneAuthCredential extends AuthCredential {\n private constructor(private readonly params: PhoneAuthCredentialParameters) {\n super(ProviderId.PHONE, SignInMethod.PHONE);\n }\n\n /** @internal */\n static _fromVerification(\n verificationId: string,\n verificationCode: string\n ): PhoneAuthCredential {\n return new PhoneAuthCredential({ verificationId, verificationCode });\n }\n\n /** @internal */\n static _fromTokenResponse(\n phoneNumber: string,\n temporaryProof: string\n ): PhoneAuthCredential {\n return new PhoneAuthCredential({ phoneNumber, temporaryProof });\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return signInWithPhoneNumber(auth, this._makeVerificationRequest());\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n return linkWithPhoneNumber(auth, {\n idToken,\n ...this._makeVerificationRequest()\n });\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return verifyPhoneNumberForExisting(auth, this._makeVerificationRequest());\n }\n\n /** @internal */\n _makeVerificationRequest(): SignInWithPhoneNumberRequest {\n const { temporaryProof, phoneNumber, verificationId, verificationCode } =\n this.params;\n if (temporaryProof && phoneNumber) {\n return { temporaryProof, phoneNumber };\n }\n\n return {\n sessionInfo: verificationId,\n code: verificationCode\n };\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n const obj: Record<string, string> = {\n providerId: this.providerId\n };\n if (this.params.phoneNumber) {\n obj.phoneNumber = this.params.phoneNumber;\n }\n if (this.params.temporaryProof) {\n obj.temporaryProof = this.params.temporaryProof;\n }\n if (this.params.verificationCode) {\n obj.verificationCode = this.params.verificationCode;\n }\n if (this.params.verificationId) {\n obj.verificationId = this.params.verificationId;\n }\n\n return obj;\n }\n\n /** Generates a phone credential based on a plain object or a JSON string. */\n static fromJSON(json: object | string): PhoneAuthCredential | null {\n if (typeof json === 'string') {\n json = JSON.parse(json);\n }\n\n const { verificationId, verificationCode, phoneNumber, temporaryProof } =\n json as { [key: string]: string };\n if (\n !verificationCode &&\n !verificationId &&\n !phoneNumber &&\n !temporaryProof\n ) {\n return null;\n }\n\n return new PhoneAuthCredential({\n verificationId,\n verificationCode,\n phoneNumber,\n temporaryProof\n });\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { extractQuerystring, querystringDecode } from '@firebase/util';\nimport { ActionCodeOperation } from '../model/public_types';\nimport { AuthErrorCode } from './errors';\nimport { _assert } from './util/assert';\n\n/**\n * Enums for fields in URL query string.\n *\n * @enum {string}\n */\nconst enum QueryField {\n API_KEY = 'apiKey',\n CODE = 'oobCode',\n CONTINUE_URL = 'continueUrl',\n LANGUAGE_CODE = 'lang',\n MODE = 'mode',\n TENANT_ID = 'tenantId'\n}\n\n/**\n * Maps the mode string in action code URL to Action Code Info operation.\n *\n * @param mode\n */\nfunction parseMode(mode: string | null): ActionCodeOperation | null {\n switch (mode) {\n case 'recoverEmail':\n return ActionCodeOperation.RECOVER_EMAIL;\n case 'resetPassword':\n return ActionCodeOperation.PASSWORD_RESET;\n case 'signIn':\n return ActionCodeOperation.EMAIL_SIGNIN;\n case 'verifyEmail':\n return ActionCodeOperation.VERIFY_EMAIL;\n case 'verifyAndChangeEmail':\n return ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL;\n case 'revertSecondFactorAddition':\n return ActionCodeOperation.REVERT_SECOND_FACTOR_ADDITION;\n default:\n return null;\n }\n}\n\n/**\n * Helper to parse FDL links\n *\n * @param url\n */\nfunction parseDeepLink(url: string): string {\n const link = querystringDecode(extractQuerystring(url))['link'];\n\n // Double link case (automatic redirect).\n const doubleDeepLink = link\n ? querystringDecode(extractQuerystring(link))['deep_link_id']\n : null;\n // iOS custom scheme links.\n const iOSDeepLink = querystringDecode(extractQuerystring(url))[\n 'deep_link_id'\n ];\n const iOSDoubleDeepLink = iOSDeepLink\n ? querystringDecode(extractQuerystring(iOSDeepLink))['link']\n : null;\n return iOSDoubleDeepLink || iOSDeepLink || doubleDeepLink || link || url;\n}\n\n/**\n * A utility class to parse email action URLs such as password reset, email verification,\n * email link sign in, etc.\n *\n * @public\n */\nexport class ActionCodeURL {\n /**\n * The API key of the email action link.\n */\n readonly apiKey: string;\n /**\n * The action code of the email action link.\n */\n readonly code: string;\n /**\n * The continue URL of the email action link. Null if not provided.\n */\n readonly continueUrl: string | null;\n /**\n * The language code of the email action link. Null if not provided.\n */\n readonly languageCode: string | null;\n /**\n * The action performed by the email action link. It returns from one of the types from\n * {@link ActionCodeInfo}\n */\n readonly operation: string;\n /**\n * The tenant ID of the email action link. Null if the email action is from the parent project.\n */\n readonly tenantId: string | null;\n\n /**\n * @param actionLink - The link from which to extract the URL.\n * @returns The {@link ActionCodeURL} object, or null if the link is invalid.\n *\n * @internal\n */\n constructor(actionLink: string) {\n const searchParams = querystringDecode(extractQuerystring(actionLink));\n const apiKey = searchParams[QueryField.API_KEY] ?? null;\n const code = searchParams[QueryField.CODE] ?? null;\n const operation = parseMode(searchParams[QueryField.MODE] ?? null);\n // Validate API key, code and mode.\n _assert(apiKey && code && operation, AuthErrorCode.ARGUMENT_ERROR);\n this.apiKey = apiKey;\n this.operation = operation;\n this.code = code;\n this.continueUrl = searchParams[QueryField.CONTINUE_URL] ?? null;\n this.languageCode = searchParams[QueryField.LANGUAGE_CODE] ?? null;\n this.tenantId = searchParams[QueryField.TENANT_ID] ?? null;\n }\n\n /**\n * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,\n * otherwise returns null.\n *\n * @param link - The email action link string.\n * @returns The {@link ActionCodeURL} object, or null if the link is invalid.\n *\n * @public\n */\n static parseLink(link: string): ActionCodeURL | null {\n const actionLink = parseDeepLink(link);\n try {\n return new ActionCodeURL(actionLink);\n } catch {\n return null;\n }\n }\n}\n\n/**\n * Parses the email action link string and returns an {@link ActionCodeURL} if\n * the link is valid, otherwise returns null.\n *\n * @public\n */\nexport function parseActionCodeURL(link: string): ActionCodeURL | null {\n return ActionCodeURL.parseLink(link);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\nimport { AuthProvider } from '../../model/public_types';\n\nimport { ActionCodeURL } from '../action_code_url';\nimport { EmailAuthCredential } from '../credentials/email';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\n\n/**\n * Provider for generating {@link EmailAuthCredential}.\n *\n * @public\n */\nexport class EmailAuthProvider implements AuthProvider {\n /**\n * Always set to {@link ProviderId}.PASSWORD, even for email link.\n */\n static readonly PROVIDER_ID: 'password' = ProviderId.PASSWORD;\n /**\n * Always set to {@link SignInMethod}.EMAIL_PASSWORD.\n */\n static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password' =\n SignInMethod.EMAIL_PASSWORD;\n /**\n * Always set to {@link SignInMethod}.EMAIL_LINK.\n */\n static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink' =\n SignInMethod.EMAIL_LINK;\n /**\n * Always set to {@link ProviderId}.PASSWORD, even for email link.\n */\n readonly providerId = EmailAuthProvider.PROVIDER_ID;\n\n /**\n * Initialize an {@link AuthCredential} using an email and password.\n *\n * @example\n * ```javascript\n * const authCredential = EmailAuthProvider.credential(email, password);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * ```javascript\n * const userCredential = await signInWithEmailAndPassword(auth, email, password);\n * ```\n *\n * @param email - Email address.\n * @param password - User account password.\n * @returns The auth provider credential.\n */\n static credential(email: string, password: string): EmailAuthCredential {\n return EmailAuthCredential._fromEmailAndPassword(email, password);\n }\n\n /**\n * Initialize an {@link AuthCredential} using an email and an email link after a sign in with\n * email link operation.\n *\n * @example\n * ```javascript\n * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * ```javascript\n * await sendSignInLinkToEmail(auth, email);\n * // Obtain emailLink from user.\n * const userCredential = await signInWithEmailLink(auth, email, emailLink);\n * ```\n *\n * @param auth - The {@link Auth} instance used to verify the link.\n * @param email - Email address.\n * @param emailLink - Sign-in email link.\n * @returns - The auth provider credential.\n */\n static credentialWithLink(\n email: string,\n emailLink: string\n ): EmailAuthCredential {\n const actionCodeUrl = ActionCodeURL.parseLink(emailLink);\n _assert(actionCodeUrl, AuthErrorCode.ARGUMENT_ERROR);\n\n return EmailAuthCredential._fromEmailAndCode(\n email,\n actionCodeUrl.code,\n actionCodeUrl.tenantId\n );\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider } from '../../model/public_types';\n\n/**\n * Map of OAuth Custom Parameters.\n *\n * @public\n */\nexport type CustomParameters = Record<string, string>;\n\n/**\n * The base class for all Federated providers (OAuth (including OIDC), SAML).\n *\n * This class is not meant to be instantiated directly.\n *\n * @public\n */\nexport abstract class FederatedAuthProvider implements AuthProvider {\n /** @internal */\n defaultLanguageCode: string | null = null;\n /** @internal */\n private customParameters: CustomParameters = {};\n\n /**\n * Constructor for generic OAuth providers.\n *\n * @param providerId - Provider for which credentials should be generated.\n */\n constructor(readonly providerId: string) {}\n\n /**\n * Set the language gode.\n *\n * @param languageCode - language code\n */\n setDefaultLanguage(languageCode: string | null): void {\n this.defaultLanguageCode = languageCode;\n }\n\n /**\n * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in\n * operations.\n *\n * @remarks\n * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,\n * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.\n *\n * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.\n */\n setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider {\n this.customParameters = customOAuthParameters;\n return this;\n }\n\n /**\n * Retrieve the current list of {@link CustomParameters}.\n */\n getCustomParameters(): CustomParameters {\n return this.customParameters;\n }\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider, UserCredential } from '../../model/public_types';\n\nimport { _assert } from '../util/assert';\nimport { AuthErrorCode } from '../errors';\n\nimport { OAuthCredential, OAuthCredentialParams } from '../credentials/oauth';\nimport { UserCredentialInternal } from '../../model/user';\nimport { FirebaseError } from '@firebase/util';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { SignInWithIdpResponse } from '../../../internal';\nimport { FederatedAuthProvider } from './federated';\n\n/**\n * Defines the options for initializing an {@link OAuthCredential}.\n *\n * @remarks\n * For ID tokens with nonce claim, the raw nonce has to also be provided.\n *\n * @public\n */\nexport interface OAuthCredentialOptions {\n /**\n * The OAuth ID token used to initialize the {@link OAuthCredential}.\n */\n idToken?: string;\n /**\n * The OAuth access token used to initialize the {@link OAuthCredential}.\n */\n accessToken?: string;\n /**\n * The raw nonce associated with the ID token.\n *\n * @remarks\n * It is required when an ID token with a nonce field is provided. The SHA-256 hash of the\n * raw nonce must match the nonce field in the ID token.\n */\n rawNonce?: string;\n}\n\n/**\n * Common code to all OAuth providers. This is separate from the\n * {@link OAuthProvider} so that child providers (like\n * {@link GoogleAuthProvider}) don't inherit the `credential` instance method.\n * Instead, they rely on a static `credential` method.\n */\nexport abstract class BaseOAuthProvider\n extends FederatedAuthProvider\n implements AuthProvider\n{\n /** @internal */\n private scopes: string[] = [];\n\n /**\n * Add an OAuth scope to the credential.\n *\n * @param scope - Provider OAuth scope to add.\n */\n addScope(scope: string): AuthProvider {\n // If not already added, add scope to list.\n if (!this.scopes.includes(scope)) {\n this.scopes.push(scope);\n }\n return this;\n }\n\n /**\n * Retrieve the current list of OAuth scopes.\n */\n getScopes(): string[] {\n return [...this.scopes];\n }\n}\n\n/**\n * Provider for generating generic {@link OAuthCredential}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new OAuthProvider('google.com');\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('profile');\n * provider.addScope('email');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a OAuth Access Token for the provider.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new OAuthProvider('google.com');\n * provider.addScope('profile');\n * provider.addScope('email');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a OAuth Access Token for the provider.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * ```\n * @public\n */\nexport class OAuthProvider extends BaseOAuthProvider {\n /**\n * Creates an {@link OAuthCredential} from a JSON string or a plain object.\n * @param json - A plain object or a JSON string\n */\n static credentialFromJSON(json: object | string): OAuthCredential {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n _assert(\n 'providerId' in obj && 'signInMethod' in obj,\n AuthErrorCode.ARGUMENT_ERROR\n );\n return OAuthCredential._fromParams(obj);\n }\n\n /**\n * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.\n *\n * @remarks\n * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of\n * the raw nonce must match the nonce field in the ID token.\n *\n * @example\n * ```javascript\n * // `googleUser` from the onsuccess Google Sign In callback.\n * // Initialize a generate OAuth provider with a `google.com` providerId.\n * const provider = new OAuthProvider('google.com');\n * const credential = provider.credential({\n * idToken: googleUser.getAuthResponse().id_token,\n * });\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param params - Either the options object containing the ID token, access token and raw nonce\n * or the ID token string.\n */\n credential(params: OAuthCredentialOptions): OAuthCredential {\n return this._credential({ ...params, nonce: params.rawNonce });\n }\n\n /** An internal credential method that accepts more permissive options */\n private _credential(\n params: Omit<OAuthCredentialParams, 'signInMethod' | 'providerId'>\n ): OAuthCredential {\n _assert(params.idToken || params.accessToken, AuthErrorCode.ARGUMENT_ERROR);\n // For OAuthCredential, sign in method is same as providerId.\n return OAuthCredential._fromParams({\n ...params,\n providerId: this.providerId,\n signInMethod: this.providerId\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return OAuthProvider.oauthCredentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return OAuthProvider.oauthCredentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static oauthCredentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const {\n oauthIdToken,\n oauthAccessToken,\n oauthTokenSecret,\n pendingToken,\n nonce,\n providerId\n } = tokenResponse as SignInWithIdpResponse;\n if (\n !oauthAccessToken &&\n !oauthTokenSecret &&\n !oauthIdToken &&\n !pendingToken\n ) {\n return null;\n }\n\n if (!providerId) {\n return null;\n }\n\n try {\n return new OAuthProvider(providerId)._credential({\n idToken: oauthIdToken,\n accessToken: oauthAccessToken,\n nonce,\n pendingToken\n });\n } catch (e) {\n return null;\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('user_birthday');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = FacebookAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new FacebookAuthProvider();\n * provider.addScope('user_birthday');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = FacebookAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n *\n * @public\n */\nexport class FacebookAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.FACEBOOK. */\n static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com' =\n SignInMethod.FACEBOOK;\n /** Always set to {@link ProviderId}.FACEBOOK. */\n static readonly PROVIDER_ID: 'facebook.com' = ProviderId.FACEBOOK;\n\n constructor() {\n super(ProviderId.FACEBOOK);\n }\n\n /**\n * Creates a credential for Facebook.\n *\n * @example\n * ```javascript\n * // `event` from the Facebook auth.authResponseChange callback.\n * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param accessToken - Facebook access token.\n */\n static credential(accessToken: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: FacebookAuthProvider.PROVIDER_ID,\n signInMethod: FacebookAuthProvider.FACEBOOK_SIGN_IN_METHOD,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return FacebookAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return FacebookAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse || !('oauthAccessToken' in tokenResponse)) {\n return null;\n }\n\n if (!tokenResponse.oauthAccessToken) {\n return null;\n }\n\n try {\n return FacebookAuthProvider.credential(tokenResponse.oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new GoogleAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('profile');\n * provider.addScope('email');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Google Access Token.\n * const credential = GoogleAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new GoogleAuthProvider();\n * provider.addScope('profile');\n * provider.addScope('email');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Google Access Token.\n * const credential = GoogleAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n *\n * @public\n */\nexport class GoogleAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.GOOGLE. */\n static readonly GOOGLE_SIGN_IN_METHOD: 'google.com' = SignInMethod.GOOGLE;\n /** Always set to {@link ProviderId}.GOOGLE. */\n static readonly PROVIDER_ID: 'google.com' = ProviderId.GOOGLE;\n\n constructor() {\n super(ProviderId.GOOGLE);\n this.addScope('profile');\n }\n\n /**\n * Creates a credential for Google. At least one of ID token and access token is required.\n *\n * @example\n * ```javascript\n * // \\`googleUser\\` from the onsuccess Google Sign In callback.\n * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param idToken - Google ID token.\n * @param accessToken - Google access token.\n */\n static credential(\n idToken?: string | null,\n accessToken?: string | null\n ): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: GoogleAuthProvider.PROVIDER_ID,\n signInMethod: GoogleAuthProvider.GOOGLE_SIGN_IN_METHOD,\n idToken,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return GoogleAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return GoogleAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const { oauthIdToken, oauthAccessToken } =\n tokenResponse as SignInWithIdpResponse;\n if (!oauthIdToken && !oauthAccessToken) {\n // This could be an oauth 1 credential or a phone credential\n return null;\n }\n\n try {\n return GoogleAuthProvider.credential(oauthIdToken, oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.\n *\n * @remarks\n * GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use\n * the {@link signInWithPopup} handler:\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new GithubAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('repo');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a GitHub Access Token.\n * const credential = GithubAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new GithubAuthProvider();\n * provider.addScope('repo');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a GitHub Access Token.\n * const credential = GithubAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n * @public\n */\nexport class GithubAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.GITHUB. */\n static readonly GITHUB_SIGN_IN_METHOD: 'github.com' = SignInMethod.GITHUB;\n /** Always set to {@link ProviderId}.GITHUB. */\n static readonly PROVIDER_ID: 'github.com' = ProviderId.GITHUB;\n\n constructor() {\n super(ProviderId.GITHUB);\n }\n\n /**\n * Creates a credential for GitHub.\n *\n * @param accessToken - GitHub access token.\n */\n static credential(accessToken: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: GithubAuthProvider.PROVIDER_ID,\n signInMethod: GithubAuthProvider.GITHUB_SIGN_IN_METHOD,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return GithubAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return GithubAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse || !('oauthAccessToken' in tokenResponse)) {\n return null;\n }\n\n if (!tokenResponse.oauthAccessToken) {\n return null;\n }\n\n try {\n return GithubAuthProvider.credential(tokenResponse.oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Represents the SAML credentials returned by an {@link SAMLAuthProvider}.\n *\n * @public\n */\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthCredential } from './auth_credential';\n\nconst IDP_REQUEST_URI = 'http://localhost';\n\n/**\n * @public\n */\nexport class SAMLAuthCredential extends AuthCredential {\n /** @internal */\n private constructor(\n providerId: string,\n private readonly pendingToken: string\n ) {\n super(providerId, providerId);\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.idToken = idToken;\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.autoCreate = false;\n return signInWithIdp(auth, request);\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n signInMethod: this.signInMethod,\n providerId: this.providerId,\n pendingToken: this.pendingToken\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an\n * {@link AuthCredential}.\n *\n * @param json - Input can be either Object or the stringified representation of the object.\n * When string is provided, JSON.parse would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: string | object): SAMLAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n const { providerId, signInMethod, pendingToken }: Record<string, string> =\n obj;\n if (\n !providerId ||\n !signInMethod ||\n !pendingToken ||\n providerId !== signInMethod\n ) {\n return null;\n }\n\n return new SAMLAuthCredential(providerId, pendingToken);\n }\n\n /**\n * Helper static method to avoid exposing the constructor to end users.\n *\n * @internal\n */\n static _create(providerId: string, pendingToken: string): SAMLAuthCredential {\n return new SAMLAuthCredential(providerId, pendingToken);\n }\n\n private buildRequest(): SignInWithIdpRequest {\n return {\n requestUri: IDP_REQUEST_URI,\n returnSecureToken: true,\n pendingToken: this.pendingToken\n };\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredential } from '../../model/public_types';\nimport { UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { SAMLAuthCredential } from '../credentials/saml';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { FederatedAuthProvider } from './federated';\n\nconst SAML_PROVIDER_PREFIX = 'saml.';\n\n/**\n * An {@link AuthProvider} for SAML.\n *\n * @public\n */\nexport class SAMLAuthProvider extends FederatedAuthProvider {\n /**\n * Constructor. The providerId must start with \"saml.\"\n * @param providerId - SAML provider ID.\n */\n constructor(providerId: string) {\n _assert(\n providerId.startsWith(SAML_PROVIDER_PREFIX),\n AuthErrorCode.ARGUMENT_ERROR\n );\n super(providerId);\n }\n\n /**\n * Generates an {@link AuthCredential} from a {@link UserCredential} after a\n * successful SAML flow completes.\n *\n * @remarks\n *\n * For example, to get an {@link AuthCredential}, you could write the\n * following code:\n *\n * ```js\n * const userCredential = await signInWithPopup(auth, samlProvider);\n * const credential = SAMLAuthProvider.credentialFromResult(userCredential);\n * ```\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): AuthCredential | null {\n return SAMLAuthProvider.samlCredentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): AuthCredential | null {\n return SAMLAuthProvider.samlCredentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n /**\n * Creates an {@link AuthCredential} from a JSON string or a plain object.\n * @param json - A plain object or a JSON string\n */\n static credentialFromJSON(json: string | object): AuthCredential {\n const credential = SAMLAuthCredential.fromJSON(json);\n _assert(credential, AuthErrorCode.ARGUMENT_ERROR);\n return credential;\n }\n\n private static samlCredentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): SAMLAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const { pendingToken, providerId } = tokenResponse as SignInWithIdpResponse;\n\n if (!pendingToken || !providerId) {\n return null;\n }\n\n try {\n return SAMLAuthCredential._create(providerId, pendingToken);\n } catch (e) {\n return null;\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @license\n * Copyright 2020 Twitter LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new TwitterAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Twitter Access Token and Secret.\n * const credential = TwitterAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * const secret = credential.secret;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new TwitterAuthProvider();\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Twitter Access Token and Secret.\n * const credential = TwitterAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * const secret = credential.secret;\n * ```\n *\n * @public\n */\nexport class TwitterAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.TWITTER. */\n static readonly TWITTER_SIGN_IN_METHOD: 'twitter.com' = SignInMethod.TWITTER;\n /** Always set to {@link ProviderId}.TWITTER. */\n static readonly PROVIDER_ID: 'twitter.com' = ProviderId.TWITTER;\n\n constructor() {\n super(ProviderId.TWITTER);\n }\n\n /**\n * Creates a credential for Twitter.\n *\n * @param token - Twitter access token.\n * @param secret - Twitter secret.\n */\n static credential(token: string, secret: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: TwitterAuthProvider.PROVIDER_ID,\n signInMethod: TwitterAuthProvider.TWITTER_SIGN_IN_METHOD,\n oauthToken: token,\n oauthTokenSecret: secret\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return TwitterAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return TwitterAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n const { oauthAccessToken, oauthTokenSecret } =\n tokenResponse as SignInWithIdpResponse;\n if (!oauthAccessToken || !oauthTokenSecret) {\n return null;\n }\n\n try {\n return TwitterAuthProvider.credential(oauthAccessToken, oauthTokenSecret);\n } catch {\n return null;\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignUpRequest {\n idToken?: string;\n returnSecureToken?: boolean;\n email?: string;\n password?: string;\n tenantId?: string;\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SignUpResponse extends IdTokenResponse {\n displayName?: string;\n email?: string;\n}\n\nexport async function signUp(\n auth: Auth,\n request: SignUpRequest\n): Promise<SignUpResponse> {\n return _performSignInRequest<SignUpRequest, SignUpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_UP,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { UserImpl } from './user_impl';\nimport { AuthInternal } from '../../model/auth';\nimport { OperationType, ProviderId } from '../../model/enums';\n\ninterface UserCredentialParams {\n readonly user: UserInternal;\n readonly providerId: ProviderId | string | null;\n readonly _tokenResponse?: PhoneOrOauthTokenResponse;\n readonly operationType: OperationType;\n}\n\nexport class UserCredentialImpl\n implements UserCredentialInternal, UserCredentialParams\n{\n readonly user: UserInternal;\n readonly providerId: ProviderId | string | null;\n readonly _tokenResponse: PhoneOrOauthTokenResponse | undefined;\n readonly operationType: OperationType;\n\n constructor(params: UserCredentialParams) {\n this.user = params.user;\n this.providerId = params.providerId;\n this._tokenResponse = params._tokenResponse;\n this.operationType = params.operationType;\n }\n\n static async _fromIdTokenResponse(\n auth: AuthInternal,\n operationType: OperationType,\n idTokenResponse: IdTokenResponse,\n isAnonymous: boolean = false\n ): Promise<UserCredentialInternal> {\n const user = await UserImpl._fromIdTokenResponse(\n auth,\n idTokenResponse,\n isAnonymous\n );\n const providerId = providerIdForResponse(idTokenResponse);\n const userCred = new UserCredentialImpl({\n user,\n providerId,\n _tokenResponse: idTokenResponse,\n operationType\n });\n return userCred;\n }\n\n static async _forOperation(\n user: UserInternal,\n operationType: OperationType,\n response: PhoneOrOauthTokenResponse\n ): Promise<UserCredentialImpl> {\n await user._updateTokensIfNecessary(response, /* reload */ true);\n const providerId = providerIdForResponse(response);\n return new UserCredentialImpl({\n user,\n providerId,\n _tokenResponse: response,\n operationType\n });\n }\n}\n\nfunction providerIdForResponse(\n response: IdTokenResponse\n): ProviderId | string | null {\n if (response.providerId) {\n return response.providerId;\n }\n\n if ('phoneNumber' in response) {\n return ProviderId.PHONE;\n }\n\n return null;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, UserCredential } from '../../model/public_types';\nimport { signUp } from '../../api/authentication/sign_up';\nimport { UserInternal } from '../../model/user';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { OperationType } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\n/**\n * Asynchronously signs in as an anonymous user.\n *\n * @remarks\n * If there is already an anonymous user signed in, that user will be returned; otherwise, a\n * new anonymous user identity will be created and returned.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport async function signInAnonymously(auth: Auth): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n await authInternal._initializationPromise;\n if (authInternal.currentUser?.isAnonymous) {\n // If an anonymous user is already signed in, no need to sign them in again.\n return new UserCredentialImpl({\n user: authInternal.currentUser as UserInternal,\n providerId: null,\n operationType: OperationType.SIGN_IN\n });\n }\n const response = await signUp(authInternal, {\n returnSecureToken: true\n });\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response,\n true\n );\n await authInternal._updateCurrentUser(userCredential.user);\n return userCredential;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { MultiFactorError as MultiFactorErrorPublic } from '../model/public_types';\nimport { FirebaseError } from '@firebase/util';\nimport { AuthInternal } from '../model/auth';\nimport { IdTokenResponse } from '../model/id_token';\nimport { AuthErrorCode } from '../core/errors';\nimport { UserInternal } from '../model/user';\nimport { AuthCredential } from '../core/credentials';\nimport { IdTokenMfaResponse } from '../api/authentication/mfa';\nimport { OperationType } from '../model/enums';\n\nexport type MultiFactorErrorData = MultiFactorErrorPublic['customData'] & {\n _serverResponse: IdTokenMfaResponse;\n};\n\nexport class MultiFactorError\n extends FirebaseError\n implements MultiFactorErrorPublic\n{\n readonly customData: MultiFactorErrorData;\n\n private constructor(\n auth: AuthInternal,\n error: FirebaseError,\n readonly operationType: OperationType,\n readonly user?: UserInternal\n ) {\n super(error.code, error.message);\n // https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MultiFactorError.prototype);\n this.customData = {\n appName: auth.name,\n tenantId: auth.tenantId ?? undefined,\n _serverResponse: error.customData!._serverResponse as IdTokenMfaResponse,\n operationType\n };\n }\n\n static _fromErrorAndOperation(\n auth: AuthInternal,\n error: FirebaseError,\n operationType: OperationType,\n user?: UserInternal\n ): MultiFactorError {\n return new MultiFactorError(auth, error, operationType, user);\n }\n}\n\nexport function _processCredentialSavingMfaContextIfNecessary(\n auth: AuthInternal,\n operationType: OperationType,\n credential: AuthCredential,\n user?: UserInternal\n): Promise<IdTokenResponse> {\n const idTokenProvider =\n operationType === OperationType.REAUTHENTICATE\n ? credential._getReauthenticationResolver(auth)\n : credential._getIdTokenResponse(auth);\n\n return idTokenProvider.catch(error => {\n if (error.code === `auth/${AuthErrorCode.MFA_REQUIRED}`) {\n throw MultiFactorError._fromErrorAndOperation(\n auth,\n error,\n operationType,\n user\n );\n }\n\n throw error;\n });\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport interface ProviderAssociatedObject {\n providerId?: string;\n}\n\n/**\n * Takes a set of UserInfo provider data and converts it to a set of names\n */\nexport function providerDataAsNames<T extends ProviderAssociatedObject>(\n providerData: T[]\n): Set<string> {\n return new Set(\n providerData\n .map(({ providerId }) => providerId)\n .filter(pid => !!pid) as string[]\n );\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User } from '../../model/public_types';\n\nimport { deleteLinkedAccounts } from '../../api/account_management/account';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { providerDataAsNames } from '../util/providers';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { _reloadWithoutSaving } from './reload';\nimport { UserCredentialImpl } from './user_credential_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType, ProviderId } from '../../model/enums';\n\n/**\n * Unlinks a provider from a user account.\n *\n * @param user - The user.\n * @param providerId - The provider to unlink.\n *\n * @public\n */\nexport async function unlink(user: User, providerId: string): Promise<User> {\n const userInternal = getModularInstance(user) as UserInternal;\n await _assertLinkedStatus(true, userInternal, providerId);\n const { providerUserInfo } = await deleteLinkedAccounts(userInternal.auth, {\n idToken: await userInternal.getIdToken(),\n deleteProvider: [providerId]\n });\n\n const providersLeft = providerDataAsNames(providerUserInfo || []);\n\n userInternal.providerData = userInternal.providerData.filter(pd =>\n providersLeft.has(pd.providerId)\n );\n if (!providersLeft.has(ProviderId.PHONE)) {\n userInternal.phoneNumber = null;\n }\n\n await userInternal.auth._persistUserIfCurrent(userInternal);\n return userInternal;\n}\n\nexport async function _link(\n user: UserInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredentialInternal> {\n const response = await _logoutIfInvalidated(\n user,\n credential._linkToIdToken(user.auth, await user.getIdToken()),\n bypassAuthState\n );\n return UserCredentialImpl._forOperation(user, OperationType.LINK, response);\n}\n\nexport async function _assertLinkedStatus(\n expected: boolean,\n user: UserInternal,\n provider: string\n): Promise<void> {\n await _reloadWithoutSaving(user);\n const providerIds = providerDataAsNames(user.providerData);\n\n const code =\n expected === false\n ? AuthErrorCode.PROVIDER_ALREADY_LINKED\n : AuthErrorCode.NO_SUCH_PROVIDER;\n _assert(providerIds.has(provider) === expected, user.auth, code);\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { _processCredentialSavingMfaContextIfNecessary } from '../../mfa/mfa_error';\nimport { OperationType } from '../../model/enums';\nimport { UserInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { AuthErrorCode } from '../errors';\nimport { _assert, _fail } from '../util/assert';\nimport { _parseToken } from './id_token_result';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { UserCredentialImpl } from './user_credential_impl';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\nexport async function _reauthenticate(\n user: UserInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredentialImpl> {\n const { auth } = user;\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const operationType = OperationType.REAUTHENTICATE;\n\n try {\n const response = await _logoutIfInvalidated(\n user,\n _processCredentialSavingMfaContextIfNecessary(\n auth,\n operationType,\n credential,\n user\n ),\n bypassAuthState\n );\n _assert(response.idToken, auth, AuthErrorCode.INTERNAL_ERROR);\n const parsed = _parseToken(response.idToken);\n _assert(parsed, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const { sub: localId } = parsed;\n _assert(user.uid === localId, auth, AuthErrorCode.USER_MISMATCH);\n\n return UserCredentialImpl._forOperation(user, operationType, response);\n } catch (e) {\n // Convert user deleted error into user mismatch\n if ((e as FirebaseError)?.code === `auth/${AuthErrorCode.USER_DELETED}`) {\n _fail(auth, AuthErrorCode.USER_MISMATCH);\n }\n throw e;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential, Auth, User } from '../../model/public_types';\n\nimport { _processCredentialSavingMfaContextIfNecessary } from '../../mfa/mfa_error';\nimport { AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { _assertLinkedStatus, _link } from '../user/link_unlink';\nimport { _reauthenticate } from '../user/reauthenticate';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\nexport async function _signInWithCredential(\n auth: AuthInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const operationType = OperationType.SIGN_IN;\n const response = await _processCredentialSavingMfaContextIfNecessary(\n auth,\n operationType,\n credential\n );\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n auth,\n operationType,\n response\n );\n\n if (!bypassAuthState) {\n await auth._updateCurrentUser(userCredential.user);\n }\n return userCredential;\n}\n\n/**\n * Asynchronously signs in with the given credentials.\n *\n * @remarks\n * An {@link AuthProvider} can be used to generate the credential.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function signInWithCredential(\n auth: Auth,\n credential: AuthCredential\n): Promise<UserCredential> {\n return _signInWithCredential(_castAuth(auth), credential);\n}\n\n/**\n * Links the user account with the given credentials.\n *\n * @remarks\n * An {@link AuthProvider} can be used to generate the credential.\n *\n * @param user - The user.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function linkWithCredential(\n user: User,\n credential: AuthCredential\n): Promise<UserCredential> {\n const userInternal = getModularInstance(user) as UserInternal;\n\n await _assertLinkedStatus(false, userInternal, credential.providerId);\n\n return _link(userInternal, credential);\n}\n\n/**\n * Re-authenticates a user using a fresh credential.\n *\n * @remarks\n * Use before operations such as {@link updatePassword} that require tokens from recent sign-in\n * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error\n * or a `TOKEN_EXPIRED` error.\n *\n * This method is not supported on any {@link User} signed in by {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @param user - The user.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function reauthenticateWithCredential(\n user: User,\n credential: AuthCredential\n): Promise<UserCredential> {\n return _reauthenticate(getModularInstance(user) as UserInternal, credential);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithCustomTokenRequest {\n token: string;\n returnSecureToken: boolean;\n tenantId?: string;\n}\n\nexport interface SignInWithCustomTokenResponse extends IdTokenResponse {}\n\nexport async function signInWithCustomToken(\n auth: Auth,\n request: SignInWithCustomTokenRequest\n): Promise<SignInWithCustomTokenResponse> {\n return _performSignInRequest<\n SignInWithCustomTokenRequest,\n SignInWithCustomTokenResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_CUSTOM_TOKEN,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, UserCredential } from '../../model/public_types';\n\nimport { signInWithCustomToken as getIdTokenResponse } from '../../api/authentication/custom_token';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { OperationType } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n/**\n * Asynchronously signs in using a custom token.\n *\n * @remarks\n * Custom tokens are used to integrate Firebase Auth with existing auth systems, and must\n * be generated by an auth backend using the\n * {@link https://firebase.google.com/docs/reference/admin/node/admin.auth.Auth#createcustomtoken | createCustomToken}\n * method in the {@link https://firebase.google.com/docs/auth/admin | Admin SDK} .\n *\n * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n * @param customToken - The custom token to sign in with.\n *\n * @public\n */\nexport async function signInWithCustomToken(\n auth: Auth,\n customToken: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n const response: IdTokenResponse = await getIdTokenResponse(authInternal, {\n token: customToken,\n returnSecureToken: true\n });\n const cred = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response\n );\n await authInternal._updateCurrentUser(cred.user);\n return cred;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n FactorId,\n MultiFactorInfo,\n PhoneMultiFactorInfo,\n TotpMultiFactorInfo\n} from '../model/public_types';\nimport {\n PhoneMfaEnrollment,\n MfaEnrollment,\n TotpMfaEnrollment\n} from '../api/account_management/mfa';\nimport { AuthErrorCode } from '../core/errors';\nimport { _fail } from '../core/util/assert';\nimport { AuthInternal } from '../model/auth';\n\nexport abstract class MultiFactorInfoImpl implements MultiFactorInfo {\n readonly uid: string;\n readonly displayName?: string | null;\n readonly enrollmentTime: string;\n\n protected constructor(readonly factorId: FactorId, response: MfaEnrollment) {\n this.uid = response.mfaEnrollmentId;\n this.enrollmentTime = new Date(response.enrolledAt).toUTCString();\n this.displayName = response.displayName;\n }\n\n static _fromServerResponse(\n auth: AuthInternal,\n enrollment: MfaEnrollment\n ): MultiFactorInfoImpl {\n if ('phoneInfo' in enrollment) {\n return PhoneMultiFactorInfoImpl._fromServerResponse(auth, enrollment);\n } else if ('totpInfo' in enrollment) {\n return TotpMultiFactorInfoImpl._fromServerResponse(auth, enrollment);\n }\n return _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n}\n\nexport class PhoneMultiFactorInfoImpl\n extends MultiFactorInfoImpl\n implements PhoneMultiFactorInfo\n{\n readonly phoneNumber: string;\n\n private constructor(response: PhoneMfaEnrollment) {\n super(FactorId.PHONE, response);\n this.phoneNumber = response.phoneInfo;\n }\n\n static _fromServerResponse(\n _auth: AuthInternal,\n enrollment: MfaEnrollment\n ): PhoneMultiFactorInfoImpl {\n return new PhoneMultiFactorInfoImpl(enrollment as PhoneMfaEnrollment);\n }\n}\nexport class TotpMultiFactorInfoImpl\n extends MultiFactorInfoImpl\n implements TotpMultiFactorInfo\n{\n private constructor(response: TotpMfaEnrollment) {\n super(FactorId.TOTP, response);\n }\n\n static _fromServerResponse(\n _auth: AuthInternal,\n enrollment: MfaEnrollment\n ): TotpMultiFactorInfoImpl {\n return new TotpMultiFactorInfoImpl(enrollment as TotpMfaEnrollment);\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeSettings, Auth } from '../../model/public_types';\n\nimport { GetOobCodeRequest } from '../../api/authentication/email_and_password';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\n\nexport function _setActionCodeSettingsOnRequest(\n auth: Auth,\n request: GetOobCodeRequest,\n actionCodeSettings: ActionCodeSettings\n): void {\n _assert(\n actionCodeSettings.url?.length > 0,\n auth,\n AuthErrorCode.INVALID_CONTINUE_URI\n );\n _assert(\n typeof actionCodeSettings.dynamicLinkDomain === 'undefined' ||\n actionCodeSettings.dynamicLinkDomain.length > 0,\n auth,\n AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN\n );\n _assert(\n typeof actionCodeSettings.linkDomain === 'undefined' ||\n actionCodeSettings.linkDomain.length > 0,\n auth,\n AuthErrorCode.INVALID_HOSTING_LINK_DOMAIN\n );\n\n request.continueUrl = actionCodeSettings.url;\n request.dynamicLinkDomain = actionCodeSettings.dynamicLinkDomain;\n request.linkDomain = actionCodeSettings.linkDomain;\n request.canHandleCodeInApp = actionCodeSettings.handleCodeInApp;\n\n if (actionCodeSettings.iOS) {\n _assert(\n actionCodeSettings.iOS.bundleId.length > 0,\n auth,\n AuthErrorCode.MISSING_IOS_BUNDLE_ID\n );\n request.iOSBundleId = actionCodeSettings.iOS.bundleId;\n }\n\n if (actionCodeSettings.android) {\n _assert(\n actionCodeSettings.android.packageName.length > 0,\n auth,\n AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME\n );\n request.androidInstallApp = actionCodeSettings.android.installApp;\n request.androidMinimumVersionCode =\n actionCodeSettings.android.minimumVersion;\n request.androidPackageName = actionCodeSettings.android.packageName;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeInfo,\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n UserCredential\n} from '../../model/public_types';\n\nimport * as account from '../../api/account_management/email_and_password';\nimport * as authentication from '../../api/authentication/email_and_password';\nimport { signUp, SignUpRequest } from '../../api/authentication/sign_up';\nimport { MultiFactorInfoImpl } from '../../mfa/mfa_info';\nimport { EmailAuthProvider } from '../providers/email';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport {\n _assert,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../util/assert';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { signInWithCredential } from './credential';\nimport { _castAuth } from '../auth/auth_impl';\nimport { AuthErrorCode } from '../errors';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../../model/enums';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { IdTokenResponse } from '../../model/id_token';\nimport {\n RecaptchaActionName,\n RecaptchaClientType,\n RecaptchaAuthProvider\n} from '../../api';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\n/**\n * Updates the password policy cached in the {@link Auth} instance if a policy is already\n * cached for the project or tenant.\n *\n * @remarks\n * We only fetch the password policy if the password did not meet policy requirements and\n * there is an existing policy cached. A developer must call validatePassword at least\n * once for the cache to be automatically updated.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @private\n */\nasync function recachePasswordPolicy(auth: Auth): Promise<void> {\n const authInternal = _castAuth(auth);\n if (authInternal._getPasswordPolicyInternal()) {\n await authInternal._updatePasswordPolicy();\n }\n}\n\n/**\n * Sends a password reset email to the given email address. This method does not throw an error when\n * there's no user account with the given email address and\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled.\n *\n * @remarks\n * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in\n * the email sent to the user, along with the new password specified by the user.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendPasswordResetEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain code from user.\n * await confirmPasswordReset('user@example.com', code);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendPasswordResetEmail(\n auth: Auth,\n email: string,\n actionCodeSettings?: ActionCodeSettings\n): Promise<void> {\n const authInternal = _castAuth(auth);\n const request: authentication.PasswordResetRequest = {\n requestType: ActionCodeOperation.PASSWORD_RESET,\n email,\n clientType: RecaptchaClientType.WEB\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);\n }\n await handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.GET_OOB_CODE,\n authentication.sendPasswordResetEmail,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n}\n\n/**\n * Completes the password reset process, given a confirmation code and new password.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A confirmation code sent to the user.\n * @param newPassword - The new password.\n *\n * @public\n */\nexport async function confirmPasswordReset(\n auth: Auth,\n oobCode: string,\n newPassword: string\n): Promise<void> {\n await account\n .resetPassword(getModularInstance(auth), {\n oobCode,\n newPassword\n })\n .catch(async error => {\n if (\n error.code ===\n `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n // Do not return the email.\n}\n\n/**\n * Applies a verification code sent to the user by email or other out-of-band mechanism.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A verification code sent to the user.\n *\n * @public\n */\nexport async function applyActionCode(\n auth: Auth,\n oobCode: string\n): Promise<void> {\n await account.applyActionCode(getModularInstance(auth), { oobCode });\n}\n\n/**\n * Checks a verification code sent to the user by email or other out-of-band mechanism.\n *\n * @returns metadata about the code.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A verification code sent to the user.\n *\n * @public\n */\nexport async function checkActionCode(\n auth: Auth,\n oobCode: string\n): Promise<ActionCodeInfo> {\n const authModular = getModularInstance(auth);\n const response = await account.resetPassword(authModular, { oobCode });\n\n // Email could be empty only if the request type is EMAIL_SIGNIN or\n // VERIFY_AND_CHANGE_EMAIL.\n // New email should not be empty if the request type is\n // VERIFY_AND_CHANGE_EMAIL.\n // Multi-factor info could not be empty if the request type is\n // REVERT_SECOND_FACTOR_ADDITION.\n const operation = response.requestType;\n _assert(operation, authModular, AuthErrorCode.INTERNAL_ERROR);\n switch (operation) {\n case ActionCodeOperation.EMAIL_SIGNIN:\n break;\n case ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL:\n _assert(response.newEmail, authModular, AuthErrorCode.INTERNAL_ERROR);\n break;\n case ActionCodeOperation.REVERT_SECOND_FACTOR_ADDITION:\n _assert(response.mfaInfo, authModular, AuthErrorCode.INTERNAL_ERROR);\n // fall through\n default:\n _assert(response.email, authModular, AuthErrorCode.INTERNAL_ERROR);\n }\n\n // The multi-factor info for revert second factor addition\n let multiFactorInfo: MultiFactorInfoImpl | null = null;\n if (response.mfaInfo) {\n multiFactorInfo = MultiFactorInfoImpl._fromServerResponse(\n _castAuth(authModular),\n response.mfaInfo\n );\n }\n\n return {\n data: {\n email:\n (response.requestType === ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL\n ? response.newEmail\n : response.email) || null,\n previousEmail:\n (response.requestType === ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL\n ? response.email\n : response.newEmail) || null,\n multiFactorInfo\n },\n operation\n };\n}\n\n/**\n * Checks a password reset code sent to the user by email or other out-of-band mechanism.\n *\n * @returns the user's email address if valid.\n *\n * @param auth - The {@link Auth} instance.\n * @param code - A verification code sent to the user.\n *\n * @public\n */\nexport async function verifyPasswordResetCode(\n auth: Auth,\n code: string\n): Promise<string> {\n const { data } = await checkActionCode(getModularInstance(auth), code);\n // Email should always be present since a code was sent to it\n return data.email!;\n}\n\n/**\n * Creates a new user account associated with the specified email address and password.\n *\n * @remarks\n * On successful creation of the user account, this user will also be signed in to your application.\n *\n * User account creation can fail if the account already exists or the password is invalid.\n *\n * This method is not supported on {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * Note: The email address acts as a unique identifier for the user and enables an email-based\n * password reset. This function will create a new user account and set the initial user password.\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param password - The user's chosen password.\n *\n * @public\n */\nexport async function createUserWithEmailAndPassword(\n auth: Auth,\n email: string,\n password: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n const request: SignUpRequest = {\n returnSecureToken: true,\n email,\n password,\n clientType: RecaptchaClientType.WEB\n };\n const signUpResponse: Promise<IdTokenResponse> = handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.SIGN_UP_PASSWORD,\n signUp,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n const response = await signUpResponse.catch(error => {\n if (\n error.code === `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response\n );\n await authInternal._updateCurrentUser(userCredential.user);\n\n return userCredential;\n}\n\n/**\n * Asynchronously signs in using an email and password.\n *\n * @remarks\n * Fails with an error if the email address and password do not match. When\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled, this method fails with \"auth/invalid-credential\" in case of an invalid\n * email/password.\n *\n * This method is not supported on {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * Note: The user's password is NOT the password used to access the user's email account. The\n * email address serves as a unique identifier for the user, and the password is used to access\n * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.\n *\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The users email address.\n * @param password - The users password.\n *\n * @public\n */\nexport function signInWithEmailAndPassword(\n auth: Auth,\n email: string,\n password: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n return signInWithCredential(\n getModularInstance(auth),\n EmailAuthProvider.credential(email, password)\n ).catch(async error => {\n if (\n error.code === `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n UserCredential\n} from '../../model/public_types';\n\nimport * as api from '../../api/authentication/email_and_password';\nimport { ActionCodeURL } from '../action_code_url';\nimport { EmailAuthProvider } from '../providers/email';\nimport { _getCurrentUrl } from '../util/location';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { signInWithCredential } from './credential';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { getModularInstance } from '@firebase/util';\nimport { _castAuth } from '../auth/auth_impl';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport {\n RecaptchaActionName,\n RecaptchaClientType,\n RecaptchaAuthProvider\n} from '../../api';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\n/**\n * Sends a sign-in email link to the user with the specified email.\n *\n * @remarks\n * The sign-in operation has to always be completed in the app unlike other out of band email\n * actions (password reset and email verifications). This is because, at the end of the flow,\n * the user is expected to be signed in and their Auth state persisted within the app.\n *\n * To complete sign in with the email link, call {@link signInWithEmailLink} with the email\n * address and the email link supplied in the email sent to the user.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain emailLink from the user.\n * if(isSignInWithEmailLink(auth, emailLink)) {\n * await signInWithEmailLink(auth, 'user@example.com', emailLink);\n * }\n * ```\n *\n * @param authInternal - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendSignInLinkToEmail(\n auth: Auth,\n email: string,\n actionCodeSettings: ActionCodeSettings\n): Promise<void> {\n const authInternal = _castAuth(auth);\n const request: api.EmailSignInRequest = {\n requestType: ActionCodeOperation.EMAIL_SIGNIN,\n email,\n clientType: RecaptchaClientType.WEB\n };\n function setActionCodeSettings(\n request: api.EmailSignInRequest,\n actionCodeSettings: ActionCodeSettings\n ): void {\n _assert(\n actionCodeSettings.handleCodeInApp,\n authInternal,\n AuthErrorCode.ARGUMENT_ERROR\n );\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n authInternal,\n request,\n actionCodeSettings\n );\n }\n }\n setActionCodeSettings(request, actionCodeSettings);\n await handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.GET_OOB_CODE,\n api.sendSignInLinkToEmail,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n}\n\n/**\n * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.\n *\n * @param auth - The {@link Auth} instance.\n * @param emailLink - The link sent to the user's email address.\n *\n * @public\n */\nexport function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean {\n const actionCodeUrl = ActionCodeURL.parseLink(emailLink);\n return actionCodeUrl?.operation === ActionCodeOperation.EMAIL_SIGNIN;\n}\n\n/**\n * Asynchronously signs in using an email and sign-in email link.\n *\n * @remarks\n * If no link is passed, the link is inferred from the current URL.\n *\n * Fails with an error if the email address is invalid or OTP in email link expires.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain emailLink from the user.\n * if(isSignInWithEmailLink(auth, emailLink)) {\n * await signInWithEmailLink(auth, 'user@example.com', emailLink);\n * }\n * ```\n *\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param emailLink - The link sent to the user's email address.\n *\n * @public\n */\nexport async function signInWithEmailLink(\n auth: Auth,\n email: string,\n emailLink?: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authModular = getModularInstance(auth);\n const credential = EmailAuthProvider.credentialWithLink(\n email,\n emailLink || _getCurrentUrl()\n );\n // Check if the tenant ID in the email link matches the tenant ID on Auth\n // instance.\n _assert(\n credential._tenantId === (authModular.tenantId || null),\n authModular,\n AuthErrorCode.TENANT_ID_MISMATCH\n );\n return signInWithCredential(authModular, credential);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\nexport interface CreateAuthUriRequest {\n identifier: string;\n continueUri: string;\n tenantId?: string;\n}\n\nexport interface CreateAuthUriResponse {\n signinMethods: string[];\n}\n\nexport async function createAuthUri(\n auth: Auth,\n request: CreateAuthUriRequest\n): Promise<CreateAuthUriResponse> {\n return _performApiRequest<CreateAuthUriRequest, CreateAuthUriResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.CREATE_AUTH_URI,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n User\n} from '../../model/public_types';\n\nimport {\n createAuthUri,\n CreateAuthUriRequest\n} from '../../api/authentication/create_auth_uri';\nimport * as api from '../../api/authentication/email_and_password';\nimport { UserInternal } from '../../model/user';\nimport { _getCurrentUrl, _isHttpOrHttps } from '../util/location';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { getModularInstance } from '@firebase/util';\n\n/**\n * Gets the list of possible sign in methods for the given email address. This method returns an\n * empty list when\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled, irrespective of the number of authentication methods available for the given email.\n *\n * @remarks\n * This is useful to differentiate methods of sign-in for the same provider, eg.\n * {@link EmailAuthProvider} which has 2 methods of sign-in,\n * {@link SignInMethod}.EMAIL_PASSWORD and\n * {@link SignInMethod}.EMAIL_LINK.\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n *\n * Deprecated. Migrating off of this method is recommended as a security best-practice.\n * Learn more in the Identity Platform documentation for\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}.\n * @public\n */\nexport async function fetchSignInMethodsForEmail(\n auth: Auth,\n email: string\n): Promise<string[]> {\n // createAuthUri returns an error if continue URI is not http or https.\n // For environments like Cordova, Chrome extensions, native frameworks, file\n // systems, etc, use http://localhost as continue URL.\n const continueUri = _isHttpOrHttps() ? _getCurrentUrl() : 'http://localhost';\n const request: CreateAuthUriRequest = {\n identifier: email,\n continueUri\n };\n\n const { signinMethods } = await createAuthUri(\n getModularInstance(auth),\n request\n );\n\n return signinMethods || [];\n}\n\n/**\n * Sends a verification email to a user.\n *\n * @remarks\n * The verification process is completed by calling {@link applyActionCode}.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendEmailVerification(user, actionCodeSettings);\n * // Obtain code from the user.\n * await applyActionCode(auth, code);\n * ```\n *\n * @param user - The user.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendEmailVerification(\n user: User,\n actionCodeSettings?: ActionCodeSettings | null\n): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await user.getIdToken();\n const request: api.VerifyEmailRequest = {\n requestType: ActionCodeOperation.VERIFY_EMAIL,\n idToken\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n userInternal.auth,\n request,\n actionCodeSettings\n );\n }\n\n const { email } = await api.sendEmailVerification(userInternal.auth, request);\n\n if (email !== user.email) {\n await user.reload();\n }\n}\n\n/**\n * Sends a verification email to a new email address.\n *\n * @remarks\n * The user's email will be updated to the new one after being verified.\n *\n * If you have a custom email action handler, you can complete the verification process by calling\n * {@link applyActionCode}.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await verifyBeforeUpdateEmail(user, 'newemail@example.com', actionCodeSettings);\n * // Obtain code from the user.\n * await applyActionCode(auth, code);\n * ```\n *\n * @param user - The user.\n * @param newEmail - The new email address to be verified before update.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function verifyBeforeUpdateEmail(\n user: User,\n newEmail: string,\n actionCodeSettings?: ActionCodeSettings | null\n): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await user.getIdToken();\n const request: api.VerifyAndChangeEmailRequest = {\n requestType: ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL,\n idToken,\n newEmail\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n userInternal.auth,\n request,\n actionCodeSettings\n );\n }\n\n const { email } = await api.verifyAndChangeEmail(userInternal.auth, request);\n\n if (email !== user.email) {\n // If the local copy of the email on user is outdated, reload the\n // user.\n await user.reload();\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Endpoint, HttpMethod, _performApiRequest } from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface UpdateProfileRequest {\n idToken: string;\n displayName?: string | null;\n photoUrl?: string | null;\n returnSecureToken: boolean;\n}\n\nexport interface UpdateProfileResponse extends IdTokenResponse {\n displayName?: string | null;\n photoUrl?: string | null;\n}\n\nexport async function updateProfile(\n auth: Auth,\n request: UpdateProfileRequest\n): Promise<UpdateProfileResponse> {\n return _performApiRequest<UpdateProfileRequest, UpdateProfileResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SET_ACCOUNT_INFO,\n request\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User } from '../../model/public_types';\n\nimport {\n updateEmailPassword as apiUpdateEmailPassword,\n UpdateEmailPasswordRequest\n} from '../../api/account_management/email_and_password';\nimport { updateProfile as apiUpdateProfile } from '../../api/account_management/profile';\nimport { UserInternal } from '../../model/user';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { getModularInstance } from '@firebase/util';\nimport { ProviderId } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\n/**\n * Updates a user's profile data.\n *\n * @param user - The user.\n * @param profile - The profile's `displayName` and `photoURL` to update.\n *\n * @public\n */\nexport async function updateProfile(\n user: User,\n {\n displayName,\n photoURL: photoUrl\n }: { displayName?: string | null; photoURL?: string | null }\n): Promise<void> {\n if (displayName === undefined && photoUrl === undefined) {\n return;\n }\n\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await userInternal.getIdToken();\n const profileRequest = {\n idToken,\n displayName,\n photoUrl,\n returnSecureToken: true\n };\n const response = await _logoutIfInvalidated(\n userInternal,\n apiUpdateProfile(userInternal.auth, profileRequest)\n );\n\n userInternal.displayName = response.displayName || null;\n userInternal.photoURL = response.photoUrl || null;\n\n // Update the password provider as well\n const passwordProvider = userInternal.providerData.find(\n ({ providerId }) => providerId === ProviderId.PASSWORD\n );\n if (passwordProvider) {\n passwordProvider.displayName = userInternal.displayName;\n passwordProvider.photoURL = userInternal.photoURL;\n }\n\n await userInternal._updateTokensIfNecessary(response);\n}\n\n/**\n * Updates the user's email address.\n *\n * @remarks\n * An email will be sent to the original email address (if it was set) that allows to revoke the\n * email address change, in order to protect them from account hijacking.\n *\n * This method is not supported on any {@link User} signed in by {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * Important: this is a security sensitive operation that requires the user to have recently signed\n * in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n * @param newEmail - The new email address.\n *\n * Throws \"auth/operation-not-allowed\" error when\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled.\n * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.\n *\n * @public\n */\nexport function updateEmail(user: User, newEmail: string): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n if (_isFirebaseServerApp(userInternal.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(userInternal.auth)\n );\n }\n return updateEmailOrPassword(userInternal, newEmail, null);\n}\n\n/**\n * Updates the user's password.\n *\n * @remarks\n * Important: this is a security sensitive operation that requires the user to have recently signed\n * in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n * @param newPassword - The new password.\n *\n * @public\n */\nexport function updatePassword(user: User, newPassword: string): Promise<void> {\n return updateEmailOrPassword(\n getModularInstance(user) as UserInternal,\n null,\n newPassword\n );\n}\n\nasync function updateEmailOrPassword(\n user: UserInternal,\n email: string | null,\n password: string | null\n): Promise<void> {\n const { auth } = user;\n const idToken = await user.getIdToken();\n const request: UpdateEmailPasswordRequest = {\n idToken,\n returnSecureToken: true\n };\n\n if (email) {\n request.email = email;\n }\n\n if (password) {\n request.password = password;\n }\n\n const response = await _logoutIfInvalidated(\n user,\n apiUpdateEmailPassword(auth, request)\n );\n await user._updateTokensIfNecessary(response, /* reload */ true);\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AdditionalUserInfo, UserCredential } from '../../model/public_types';\nimport { IdTokenResponse, IdTokenResponseKind } from '../../model/id_token';\nimport { _parseToken } from './id_token_result';\nimport { UserCredentialInternal } from '../../model/user';\nimport { ProviderId } from '../../model/enums';\n\n/**\n * Parse the `AdditionalUserInfo` from the ID token response.\n *\n */\nexport function _fromIdTokenResponse(\n idTokenResponse?: IdTokenResponse\n): AdditionalUserInfo | null {\n if (!idTokenResponse) {\n return null;\n }\n const { providerId } = idTokenResponse;\n const profile = idTokenResponse.rawUserInfo\n ? JSON.parse(idTokenResponse.rawUserInfo)\n : {};\n const isNewUser =\n idTokenResponse.isNewUser ||\n idTokenResponse.kind === IdTokenResponseKind.SignupNewUser;\n if (!providerId && idTokenResponse?.idToken) {\n const signInProvider = _parseToken(idTokenResponse.idToken)?.firebase?.[\n 'sign_in_provider'\n ];\n if (signInProvider) {\n const filteredProviderId =\n signInProvider !== ProviderId.ANONYMOUS &&\n signInProvider !== ProviderId.CUSTOM\n ? (signInProvider as ProviderId)\n : null;\n // Uses generic class in accordance with the legacy SDK.\n return new GenericAdditionalUserInfo(isNewUser, filteredProviderId);\n }\n }\n if (!providerId) {\n return null;\n }\n switch (providerId) {\n case ProviderId.FACEBOOK:\n return new FacebookAdditionalUserInfo(isNewUser, profile);\n case ProviderId.GITHUB:\n return new GithubAdditionalUserInfo(isNewUser, profile);\n case ProviderId.GOOGLE:\n return new GoogleAdditionalUserInfo(isNewUser, profile);\n case ProviderId.TWITTER:\n return new TwitterAdditionalUserInfo(\n isNewUser,\n profile,\n idTokenResponse.screenName || null\n );\n case ProviderId.CUSTOM:\n case ProviderId.ANONYMOUS:\n return new GenericAdditionalUserInfo(isNewUser, null);\n default:\n return new GenericAdditionalUserInfo(isNewUser, providerId, profile);\n }\n}\n\nclass GenericAdditionalUserInfo implements AdditionalUserInfo {\n constructor(\n readonly isNewUser: boolean,\n readonly providerId: ProviderId | string | null,\n readonly profile: Record<string, unknown> = {}\n ) {}\n}\n\nclass FederatedAdditionalUserInfoWithUsername extends GenericAdditionalUserInfo {\n constructor(\n isNewUser: boolean,\n providerId: ProviderId,\n profile: Record<string, unknown>,\n readonly username: string | null\n ) {\n super(isNewUser, providerId, profile);\n }\n}\n\nclass FacebookAdditionalUserInfo extends GenericAdditionalUserInfo {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(isNewUser, ProviderId.FACEBOOK, profile);\n }\n}\n\nclass GithubAdditionalUserInfo extends FederatedAdditionalUserInfoWithUsername {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(\n isNewUser,\n ProviderId.GITHUB,\n profile,\n typeof profile?.login === 'string' ? profile?.login : null\n );\n }\n}\n\nclass GoogleAdditionalUserInfo extends GenericAdditionalUserInfo {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(isNewUser, ProviderId.GOOGLE, profile);\n }\n}\n\nclass TwitterAdditionalUserInfo extends FederatedAdditionalUserInfoWithUsername {\n constructor(\n isNewUser: boolean,\n profile: Record<string, unknown>,\n screenName: string | null\n ) {\n super(isNewUser, ProviderId.TWITTER, profile, screenName);\n }\n}\n\n/**\n * Extracts provider specific {@link AdditionalUserInfo} for the given credential.\n *\n * @param userCredential - The user credential.\n *\n * @public\n */\nexport function getAdditionalUserInfo(\n userCredential: UserCredential\n): AdditionalUserInfo | null {\n const { user, _tokenResponse } = userCredential as UserCredentialInternal;\n if (user.isAnonymous && !_tokenResponse) {\n // Handle the special case where signInAnonymously() gets called twice.\n // No network call is made so there's nothing to actually fill this in\n return {\n providerId: null,\n isNewUser: false,\n profile: null\n };\n }\n\n return _fromIdTokenResponse(_tokenResponse);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getModularInstance } from '@firebase/util';\nimport {\n Auth,\n NextOrObserver,\n Persistence,\n User,\n CompleteFn,\n ErrorFn,\n Unsubscribe,\n PasswordValidationStatus\n} from '../model/public_types';\nimport { _initializeRecaptchaConfig } from '../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { _castAuth } from '../core/auth/auth_impl';\n\nexport {\n debugErrorMap,\n prodErrorMap,\n AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as AuthErrorCodes\n} from './errors';\n\n// Non-optional auth methods.\n/**\n * Changes the type of persistence on the {@link Auth} instance for the currently saved\n * `Auth` session and applies this type of persistence for future sign-in requests, including\n * sign-in with redirect requests.\n *\n * @remarks\n * This makes it easy for a user signing in to specify whether their session should be\n * remembered or not. It also makes it easier to never persist the `Auth` state for applications\n * that are shared by other users or have sensitive data.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * setPersistence(auth, browserSessionPersistence);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param persistence - The {@link Persistence} to use.\n * @returns A `Promise` that resolves once the persistence change has completed\n *\n * @public\n */\nexport function setPersistence(\n auth: Auth,\n persistence: Persistence\n): Promise<void> {\n return getModularInstance(auth).setPersistence(persistence);\n}\n\n/**\n * Loads the reCAPTCHA configuration into the `Auth` instance.\n *\n * @remarks\n * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA\n * verification flow should be triggered for each auth provider, into the\n * current Auth session.\n *\n * If initializeRecaptchaConfig() is not invoked, the auth flow will always start\n * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA\n * verification, the SDK will transparently load the reCAPTCHA config and restart the\n * auth flows.\n *\n * Thus, by calling this optional method, you will reduce the latency of future auth flows.\n * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * initializeRecaptchaConfig(auth);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function initializeRecaptchaConfig(auth: Auth): Promise<void> {\n return _initializeRecaptchaConfig(auth);\n}\n\n/**\n * Validates the password against the password policy configured for the project or tenant.\n *\n * @remarks\n * If no tenant ID is set on the `Auth` instance, then this method will use the password\n * policy configured for the project. Otherwise, this method will use the policy configured\n * for the tenant. If a password policy has not been configured, then the default policy\n * configured for all projects will be used.\n *\n * If an auth flow fails because a submitted password does not meet the password policy\n * requirements and this method has previously been called, then this method will use the\n * most recent policy available when called again.\n *\n * @example\n * ```javascript\n * validatePassword(auth, 'some-password');\n * ```\n *\n * @param auth The {@link Auth} instance.\n * @param password The password to validate.\n *\n * @public\n */\nexport async function validatePassword(\n auth: Auth,\n password: string\n): Promise<PasswordValidationStatus> {\n const authInternal = _castAuth(auth);\n return authInternal.validatePassword(password);\n}\n\n/**\n * Adds an observer for changes to the signed-in user's ID token.\n *\n * @remarks\n * This includes sign-in, sign-out, and token refresh events.\n * This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.\n *\n * @param auth - The {@link Auth} instance.\n * @param nextOrObserver - callback triggered on change.\n * @param error - Deprecated. This callback is never triggered. Errors\n * on signing in/out can be caught in promises returned from\n * sign-in/sign-out functions.\n * @param completed - Deprecated. This callback is never triggered.\n *\n * @public\n */\nexport function onIdTokenChanged(\n auth: Auth,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n): Unsubscribe {\n return getModularInstance(auth).onIdTokenChanged(\n nextOrObserver,\n error,\n completed\n );\n}\n/**\n * Adds a blocking callback that runs before an auth state change\n * sets a new user.\n *\n * @param auth - The {@link Auth} instance.\n * @param callback - callback triggered before new user value is set.\n * If this throws, it blocks the user from being set.\n * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`\n * callback throws, allowing you to undo any side effects.\n */\nexport function beforeAuthStateChanged(\n auth: Auth,\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n): Unsubscribe {\n return getModularInstance(auth).beforeAuthStateChanged(callback, onAbort);\n}\n/**\n * Adds an observer for changes to the user's sign-in state.\n *\n * @remarks\n * To keep the old behavior, see {@link onIdTokenChanged}.\n *\n * @param auth - The {@link Auth} instance.\n * @param nextOrObserver - callback triggered on change.\n * @param error - Deprecated. This callback is never triggered. Errors\n * on signing in/out can be caught in promises returned from\n * sign-in/sign-out functions.\n * @param completed - Deprecated. This callback is never triggered.\n *\n * @public\n */\nexport function onAuthStateChanged(\n auth: Auth,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n): Unsubscribe {\n return getModularInstance(auth).onAuthStateChanged(\n nextOrObserver,\n error,\n completed\n );\n}\n/**\n * Sets the current language to the default device/browser preference.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function useDeviceLanguage(auth: Auth): void {\n getModularInstance(auth).useDeviceLanguage();\n}\n/**\n * Asynchronously sets the provided user as {@link Auth.currentUser} on the\n * {@link Auth} instance.\n *\n * @remarks\n * A new instance copy of the user provided will be made and set as currentUser.\n *\n * This will trigger {@link onAuthStateChanged} and {@link onIdTokenChanged} listeners\n * like other sign in methods.\n *\n * The operation fails with an error if the user to be updated belongs to a different Firebase\n * project.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n * @param user - The new {@link User}.\n *\n * @public\n */\nexport function updateCurrentUser(\n auth: Auth,\n user: User | null\n): Promise<void> {\n return getModularInstance(auth).updateCurrentUser(user);\n}\n/**\n * Signs out the current user.\n *\n * @remarks\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function signOut(auth: Auth): Promise<void> {\n return getModularInstance(auth).signOut();\n}\n\n/**\n * Revokes the given access token. Currently only supports Apple OAuth access tokens.\n *\n * @param auth - The {@link Auth} instance.\n * @param token - The Apple OAuth access token.\n *\n * @public\n */\nexport function revokeAccessToken(auth: Auth, token: string): Promise<void> {\n const authInternal = _castAuth(auth);\n return authInternal.revokeAccessToken(token);\n}\n\nexport { initializeAuth } from './auth/initialize';\nexport { connectAuthEmulator } from './auth/emulator';\n\n// credentials\nexport { AuthCredential } from './credentials';\nexport { EmailAuthCredential } from './credentials/email';\nexport { OAuthCredential } from './credentials/oauth';\nexport { PhoneAuthCredential } from './credentials/phone';\n\n// persistence\nexport { inMemoryPersistence } from './persistence/in_memory';\n\n// providers\nexport { EmailAuthProvider } from './providers/email';\nexport { FacebookAuthProvider } from './providers/facebook';\nexport { CustomParameters } from './providers/federated';\nexport { GoogleAuthProvider } from './providers/google';\nexport { GithubAuthProvider } from './providers/github';\nexport { OAuthProvider, OAuthCredentialOptions } from './providers/oauth';\nexport { SAMLAuthProvider } from './providers/saml';\nexport { TwitterAuthProvider } from './providers/twitter';\n\n// strategies\nexport { signInAnonymously } from './strategies/anonymous';\nexport {\n signInWithCredential,\n linkWithCredential,\n reauthenticateWithCredential\n} from './strategies/credential';\nexport { signInWithCustomToken } from './strategies/custom_token';\nexport {\n sendPasswordResetEmail,\n confirmPasswordReset,\n applyActionCode,\n checkActionCode,\n verifyPasswordResetCode,\n createUserWithEmailAndPassword,\n signInWithEmailAndPassword\n} from './strategies/email_and_password';\nexport {\n sendSignInLinkToEmail,\n isSignInWithEmailLink,\n signInWithEmailLink\n} from './strategies/email_link';\nexport {\n fetchSignInMethodsForEmail,\n sendEmailVerification,\n verifyBeforeUpdateEmail\n} from './strategies/email';\n\n// core\nexport { ActionCodeURL, parseActionCodeURL } from './action_code_url';\n\n// user\nexport {\n updateProfile,\n updateEmail,\n updatePassword\n} from './user/account_info';\nexport { getIdToken, getIdTokenResult } from './user/id_token_result';\nexport { unlink } from './user/link_unlink';\nexport { getAdditionalUserInfo } from './user/additional_user_info';\n\n// Non-optional user methods.\nexport { reload } from './user/reload';\n/**\n * Deletes and signs out the user.\n *\n * @remarks\n * Important: this is a security-sensitive operation that requires the user to have recently\n * signed in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n *\n * @public\n */\nexport async function deleteUser(user: User): Promise<void> {\n return getModularInstance(user).delete();\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserInternal } from '../model/user';\nimport { MultiFactorSession } from '../model/public_types';\n\nexport const enum MultiFactorSessionType {\n ENROLL = 'enroll',\n SIGN_IN = 'signin'\n}\n\ninterface SerializedMultiFactorSession {\n multiFactorSession: {\n idToken?: string;\n pendingCredential?: string;\n };\n}\n\nexport class MultiFactorSessionImpl implements MultiFactorSession {\n private constructor(\n readonly type: MultiFactorSessionType,\n readonly credential: string,\n readonly user?: UserInternal\n ) {}\n\n static _fromIdtoken(\n idToken: string,\n user?: UserInternal\n ): MultiFactorSessionImpl {\n return new MultiFactorSessionImpl(\n MultiFactorSessionType.ENROLL,\n idToken,\n user\n );\n }\n\n static _fromMfaPendingCredential(\n mfaPendingCredential: string\n ): MultiFactorSessionImpl {\n return new MultiFactorSessionImpl(\n MultiFactorSessionType.SIGN_IN,\n mfaPendingCredential\n );\n }\n\n toJSON(): SerializedMultiFactorSession {\n const key =\n this.type === MultiFactorSessionType.ENROLL\n ? 'idToken'\n : 'pendingCredential';\n return {\n multiFactorSession: {\n [key]: this.credential\n }\n };\n }\n\n static fromJSON(\n obj: Partial<SerializedMultiFactorSession>\n ): MultiFactorSessionImpl | null {\n if (obj?.multiFactorSession) {\n if (obj.multiFactorSession?.pendingCredential) {\n return MultiFactorSessionImpl._fromMfaPendingCredential(\n obj.multiFactorSession.pendingCredential\n );\n } else if (obj.multiFactorSession?.idToken) {\n return MultiFactorSessionImpl._fromIdtoken(\n obj.multiFactorSession.idToken\n );\n }\n }\n return null;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n MultiFactorResolver,\n UserCredential,\n MultiFactorError\n} from '../model/public_types';\n\nimport { _castAuth } from '../core/auth/auth_impl';\nimport { AuthErrorCode } from '../core/errors';\nimport { UserCredentialImpl } from '../core/user/user_credential_impl';\nimport { _assert, _fail } from '../core/util/assert';\nimport { UserCredentialInternal } from '../model/user';\nimport { MultiFactorAssertionImpl } from './mfa_assertion';\nimport { MultiFactorError as MultiFactorErrorInternal } from './mfa_error';\nimport { MultiFactorInfoImpl } from './mfa_info';\nimport { MultiFactorSessionImpl } from './mfa_session';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../model/enums';\n\nexport class MultiFactorResolverImpl implements MultiFactorResolver {\n private constructor(\n readonly session: MultiFactorSessionImpl,\n readonly hints: MultiFactorInfoImpl[],\n private readonly signInResolver: (\n assertion: MultiFactorAssertionImpl\n ) => Promise<UserCredentialInternal>\n ) {}\n\n /** @internal */\n static _fromError(\n authExtern: Auth,\n error: MultiFactorErrorInternal\n ): MultiFactorResolverImpl {\n const auth = _castAuth(authExtern);\n const serverResponse = error.customData._serverResponse;\n const hints = (serverResponse.mfaInfo || []).map(enrollment =>\n MultiFactorInfoImpl._fromServerResponse(auth, enrollment)\n );\n\n _assert(\n serverResponse.mfaPendingCredential,\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const session = MultiFactorSessionImpl._fromMfaPendingCredential(\n serverResponse.mfaPendingCredential\n );\n\n return new MultiFactorResolverImpl(\n session,\n hints,\n async (\n assertion: MultiFactorAssertionImpl\n ): Promise<UserCredentialInternal> => {\n const mfaResponse = await assertion._process(auth, session);\n // Clear out the unneeded fields from the old login response\n delete serverResponse.mfaInfo;\n delete serverResponse.mfaPendingCredential;\n\n // Use in the new token & refresh token in the old response\n const idTokenResponse = {\n ...serverResponse,\n idToken: mfaResponse.idToken,\n refreshToken: mfaResponse.refreshToken\n };\n\n // TODO: we should collapse this switch statement into UserCredentialImpl._forOperation and have it support the SIGN_IN case\n switch (error.operationType) {\n case OperationType.SIGN_IN:\n const userCredential =\n await UserCredentialImpl._fromIdTokenResponse(\n auth,\n error.operationType,\n idTokenResponse\n );\n await auth._updateCurrentUser(userCredential.user);\n return userCredential;\n case OperationType.REAUTHENTICATE:\n _assert(error.user, auth, AuthErrorCode.INTERNAL_ERROR);\n return UserCredentialImpl._forOperation(\n error.user,\n error.operationType,\n idTokenResponse\n );\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n );\n }\n\n async resolveSignIn(\n assertionExtern: MultiFactorAssertionImpl\n ): Promise<UserCredential> {\n const assertion = assertionExtern as MultiFactorAssertionImpl;\n return this.signInResolver(assertion);\n }\n}\n\n/**\n * Provides a {@link MultiFactorResolver} suitable for completion of a\n * multi-factor flow.\n *\n * @param auth - The {@link Auth} instance.\n * @param error - The {@link MultiFactorError} raised during a sign-in, or\n * reauthentication operation.\n *\n * @public\n */\nexport function getMultiFactorResolver(\n auth: Auth,\n error: MultiFactorError\n): MultiFactorResolver {\n const authModular = getModularInstance(auth);\n const errorInternal = error as MultiFactorErrorInternal;\n _assert(\n error.customData.operationType,\n authModular,\n AuthErrorCode.ARGUMENT_ERROR\n );\n _assert(\n errorInternal.customData._serverResponse?.mfaPendingCredential,\n authModular,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n return MultiFactorResolverImpl._fromError(authModular, errorInternal);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { SignInWithPhoneNumberRequest } from '../authentication/sms';\nimport { FinalizeMfaResponse } from '../authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\n\n/**\n * MFA Info as returned by the API.\n */\ninterface BaseMfaEnrollment {\n mfaEnrollmentId: string;\n enrolledAt: number;\n displayName?: string;\n}\n\n/**\n * An MFA provided by SMS verification.\n */\nexport interface PhoneMfaEnrollment extends BaseMfaEnrollment {\n phoneInfo: string;\n}\n\n/**\n * An MFA provided by TOTP (Time-based One Time Password).\n */\nexport interface TotpMfaEnrollment extends BaseMfaEnrollment {}\n\n/**\n * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.\n */\nexport type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;\n\nexport interface StartPhoneMfaEnrollmentRequest {\n idToken: string;\n phoneEnrollmentInfo: {\n phoneNumber: string;\n // reCAPTCHA v2 token\n recaptchaToken?: string;\n // reCAPTCHA Enterprise token\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n };\n tenantId?: string;\n}\n\nexport interface StartPhoneMfaEnrollmentResponse {\n phoneSessionInfo: {\n sessionInfo: string;\n };\n}\n\nexport function startEnrollPhoneMfa(\n auth: AuthInternal,\n request: StartPhoneMfaEnrollmentRequest\n): Promise<StartPhoneMfaEnrollmentResponse> {\n return _performApiRequest<\n StartPhoneMfaEnrollmentRequest,\n StartPhoneMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface FinalizePhoneMfaEnrollmentRequest {\n idToken: string;\n phoneVerificationInfo: SignInWithPhoneNumberRequest;\n displayName?: string | null;\n tenantId?: string;\n}\n\nexport interface FinalizePhoneMfaEnrollmentResponse\n extends FinalizeMfaResponse {}\n\nexport function finalizeEnrollPhoneMfa(\n auth: AuthInternal,\n request: FinalizePhoneMfaEnrollmentRequest\n): Promise<FinalizePhoneMfaEnrollmentResponse> {\n return _performApiRequest<\n FinalizePhoneMfaEnrollmentRequest,\n FinalizePhoneMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\nexport interface StartTotpMfaEnrollmentRequest {\n idToken: string;\n totpEnrollmentInfo: {};\n tenantId?: string;\n}\n\nexport interface StartTotpMfaEnrollmentResponse {\n totpSessionInfo: {\n sharedSecretKey: string;\n verificationCodeLength: number;\n hashingAlgorithm: string;\n periodSec: number;\n sessionInfo: string;\n finalizeEnrollmentTime: number;\n };\n}\n\nexport function startEnrollTotpMfa(\n auth: AuthInternal,\n request: StartTotpMfaEnrollmentRequest\n): Promise<StartTotpMfaEnrollmentResponse> {\n return _performApiRequest<\n StartTotpMfaEnrollmentRequest,\n StartTotpMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface TotpVerificationInfo {\n sessionInfo: string;\n verificationCode: string;\n}\nexport interface FinalizeTotpMfaEnrollmentRequest {\n idToken: string;\n totpVerificationInfo: TotpVerificationInfo;\n displayName?: string | null;\n tenantId?: string;\n}\n\nexport interface FinalizeTotpMfaEnrollmentResponse\n extends FinalizeMfaResponse {}\n\nexport function finalizeEnrollTotpMfa(\n auth: AuthInternal,\n request: FinalizeTotpMfaEnrollmentRequest\n): Promise<FinalizeTotpMfaEnrollmentResponse> {\n return _performApiRequest<\n FinalizeTotpMfaEnrollmentRequest,\n FinalizeTotpMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface WithdrawMfaRequest {\n idToken: string;\n mfaEnrollmentId: string;\n tenantId?: string;\n}\n\nexport interface WithdrawMfaResponse extends FinalizeMfaResponse {}\n\nexport function withdrawMfa(\n auth: AuthInternal,\n request: WithdrawMfaRequest\n): Promise<WithdrawMfaResponse> {\n return _performApiRequest<WithdrawMfaRequest, WithdrawMfaResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.WITHDRAW_MFA,\n _addTidIfNecessary(auth, request)\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n MultiFactorAssertion,\n MultiFactorInfo,\n MultiFactorSession,\n MultiFactorUser,\n User\n} from '../model/public_types';\n\nimport { withdrawMfa } from '../api/account_management/mfa';\nimport { _logoutIfInvalidated } from '../core/user/invalidation';\nimport { UserInternal } from '../model/user';\nimport { MultiFactorAssertionImpl } from './mfa_assertion';\nimport { MultiFactorInfoImpl } from './mfa_info';\nimport { MultiFactorSessionImpl } from './mfa_session';\nimport { getModularInstance } from '@firebase/util';\n\nexport class MultiFactorUserImpl implements MultiFactorUser {\n enrolledFactors: MultiFactorInfo[] = [];\n\n private constructor(readonly user: UserInternal) {\n user._onReload(userInfo => {\n if (userInfo.mfaInfo) {\n this.enrolledFactors = userInfo.mfaInfo.map(enrollment =>\n MultiFactorInfoImpl._fromServerResponse(user.auth, enrollment)\n );\n }\n });\n }\n\n static _fromUser(user: UserInternal): MultiFactorUserImpl {\n return new MultiFactorUserImpl(user);\n }\n\n async getSession(): Promise<MultiFactorSession> {\n return MultiFactorSessionImpl._fromIdtoken(\n await this.user.getIdToken(),\n this.user\n );\n }\n\n async enroll(\n assertionExtern: MultiFactorAssertion,\n displayName?: string | null\n ): Promise<void> {\n const assertion = assertionExtern as MultiFactorAssertionImpl;\n const session = (await this.getSession()) as MultiFactorSessionImpl;\n const finalizeMfaResponse = await _logoutIfInvalidated(\n this.user,\n assertion._process(this.user.auth, session, displayName)\n );\n // New tokens will be issued after enrollment of the new second factors.\n // They need to be updated on the user.\n await this.user._updateTokensIfNecessary(finalizeMfaResponse);\n // The user needs to be reloaded to get the new multi-factor information\n // from server. USER_RELOADED event will be triggered and `enrolledFactors`\n // will be updated.\n return this.user.reload();\n }\n\n async unenroll(infoOrUid: MultiFactorInfo | string): Promise<void> {\n const mfaEnrollmentId =\n typeof infoOrUid === 'string' ? infoOrUid : infoOrUid.uid;\n const idToken = await this.user.getIdToken();\n try {\n const idTokenResponse = await _logoutIfInvalidated(\n this.user,\n withdrawMfa(this.user.auth, {\n idToken,\n mfaEnrollmentId\n })\n );\n // Remove the second factor from the user's list.\n this.enrolledFactors = this.enrolledFactors.filter(\n ({ uid }) => uid !== mfaEnrollmentId\n );\n // Depending on whether the backend decided to revoke the user's session,\n // the tokenResponse may be empty. If the tokens were not updated (and they\n // are now invalid), reloading the user will discover this and invalidate\n // the user's state accordingly.\n await this.user._updateTokensIfNecessary(idTokenResponse);\n await this.user.reload();\n } catch (e) {\n throw e;\n }\n }\n}\n\nconst multiFactorUserCache = new WeakMap<User, MultiFactorUser>();\n\n/**\n * The {@link MultiFactorUser} corresponding to the user.\n *\n * @remarks\n * This is used to access all multi-factor properties and operations related to the user.\n *\n * @param user - The user.\n *\n * @public\n */\nexport function multiFactor(user: User): MultiFactorUser {\n const userModular = getModularInstance(user);\n if (!multiFactorUserCache.has(userModular)) {\n multiFactorUserCache.set(\n userModular,\n MultiFactorUserImpl._fromUser(userModular as UserInternal)\n );\n }\n return multiFactorUserCache.get(userModular)!;\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Persistence } from '../../model/public_types';\n\nexport const enum PersistenceType {\n SESSION = 'SESSION',\n LOCAL = 'LOCAL',\n NONE = 'NONE',\n COOKIE = 'COOKIE'\n}\n\nexport type PersistedBlob = Record<string, unknown>;\n\nexport interface Instantiator<T> {\n (blob: PersistedBlob): T;\n}\n\nexport type PersistenceValue = PersistedBlob | string;\n\nexport const STORAGE_AVAILABLE_KEY = '__sak';\n\nexport interface StorageEventListener {\n (value: PersistenceValue | null): void;\n}\n\nexport interface PersistenceInternal extends Persistence {\n type: PersistenceType;\n _isAvailable(): Promise<boolean>;\n _set(key: string, value: PersistenceValue): Promise<void>;\n _get<T extends PersistenceValue>(key: string): Promise<T | null>;\n _remove(key: string): Promise<void>;\n _addListener(key: string, listener: StorageEventListener): void;\n _removeListener(key: string, listener: StorageEventListener): void;\n // Should this persistence allow migration up the chosen hierarchy?\n _shouldAllowMigration?: boolean;\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n PersistenceValue,\n STORAGE_AVAILABLE_KEY,\n PersistenceType\n} from '../../core/persistence';\n\n// There are two different browser persistence types: local and session.\n// Both have the same implementation but use a different underlying storage\n// object.\n\nexport abstract class BrowserPersistenceClass {\n protected constructor(\n protected readonly storageRetriever: () => Storage,\n readonly type: PersistenceType\n ) {}\n\n _isAvailable(): Promise<boolean> {\n try {\n if (!this.storage) {\n return Promise.resolve(false);\n }\n this.storage.setItem(STORAGE_AVAILABLE_KEY, '1');\n this.storage.removeItem(STORAGE_AVAILABLE_KEY);\n return Promise.resolve(true);\n } catch {\n return Promise.resolve(false);\n }\n }\n\n _set(key: string, value: PersistenceValue): Promise<void> {\n this.storage.setItem(key, JSON.stringify(value));\n return Promise.resolve();\n }\n\n _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const json = this.storage.getItem(key);\n return Promise.resolve(json ? JSON.parse(json) : null);\n }\n\n _remove(key: string): Promise<void> {\n this.storage.removeItem(key);\n return Promise.resolve();\n }\n\n protected get storage(): Storage {\n return this.storageRetriever();\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport { _isMobileBrowser, _isIE10 } from '../../core/util/browser';\nimport {\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n PersistenceValue,\n StorageEventListener\n} from '../../core/persistence';\nimport { BrowserPersistenceClass } from './browser';\n\n// The polling period in case events are not supported\nexport const _POLLING_INTERVAL_MS = 1000;\n\n// The IE 10 localStorage cross tab synchronization delay in milliseconds\nconst IE10_LOCAL_STORAGE_SYNC_DELAY = 10;\n\nclass BrowserLocalPersistence\n extends BrowserPersistenceClass\n implements InternalPersistence\n{\n static type: 'LOCAL' = 'LOCAL';\n\n constructor() {\n super(() => window.localStorage, PersistenceType.LOCAL);\n }\n\n private readonly boundEventHandler = (\n event: StorageEvent,\n poll?: boolean\n ): void => this.onStorageEvent(event, poll);\n private readonly listeners: Record<string, Set<StorageEventListener>> = {};\n private readonly localCache: Record<string, string | null> = {};\n // setTimeout return value is platform specific\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private pollTimer: any | null = null;\n\n // Whether to use polling instead of depending on window events\n private readonly fallbackToPolling = _isMobileBrowser();\n readonly _shouldAllowMigration = true;\n\n private forAllChangedKeys(\n cb: (key: string, oldValue: string | null, newValue: string | null) => void\n ): void {\n // Check all keys with listeners on them.\n for (const key of Object.keys(this.listeners)) {\n // Get value from localStorage.\n const newValue = this.storage.getItem(key);\n const oldValue = this.localCache[key];\n // If local map value does not match, trigger listener with storage event.\n // Differentiate this simulated event from the real storage event.\n if (newValue !== oldValue) {\n cb(key, oldValue, newValue);\n }\n }\n }\n\n private onStorageEvent(event: StorageEvent, poll = false): void {\n // Key would be null in some situations, like when localStorage is cleared\n if (!event.key) {\n this.forAllChangedKeys(\n (key: string, _oldValue: string | null, newValue: string | null) => {\n this.notifyListeners(key, newValue);\n }\n );\n return;\n }\n\n const key = event.key;\n\n // Check the mechanism how this event was detected.\n // The first event will dictate the mechanism to be used.\n if (poll) {\n // Environment detects storage changes via polling.\n // Remove storage event listener to prevent possible event duplication.\n this.detachListener();\n } else {\n // Environment detects storage changes via storage event listener.\n // Remove polling listener to prevent possible event duplication.\n this.stopPolling();\n }\n\n const triggerListeners = (): void => {\n // Keep local map up to date in case storage event is triggered before\n // poll.\n const storedValue = this.storage.getItem(key);\n if (!poll && this.localCache[key] === storedValue) {\n // Real storage event which has already been detected, do nothing.\n // This seems to trigger in some IE browsers for some reason.\n return;\n }\n this.notifyListeners(key, storedValue);\n };\n\n const storedValue = this.storage.getItem(key);\n if (\n _isIE10() &&\n storedValue !== event.newValue &&\n event.newValue !== event.oldValue\n ) {\n // IE 10 has this weird bug where a storage event would trigger with the\n // correct key, oldValue and newValue but localStorage.getItem(key) does\n // not yield the updated value until a few milliseconds. This ensures\n // this recovers from that situation.\n setTimeout(triggerListeners, IE10_LOCAL_STORAGE_SYNC_DELAY);\n } else {\n triggerListeners();\n }\n }\n\n private notifyListeners(key: string, value: string | null): void {\n this.localCache[key] = value;\n const listeners = this.listeners[key];\n if (listeners) {\n for (const listener of Array.from(listeners)) {\n listener(value ? JSON.parse(value) : value);\n }\n }\n }\n\n private startPolling(): void {\n this.stopPolling();\n\n this.pollTimer = setInterval(() => {\n this.forAllChangedKeys(\n (key: string, oldValue: string | null, newValue: string | null) => {\n this.onStorageEvent(\n new StorageEvent('storage', {\n key,\n oldValue,\n newValue\n }),\n /* poll */ true\n );\n }\n );\n }, _POLLING_INTERVAL_MS);\n }\n\n private stopPolling(): void {\n if (this.pollTimer) {\n clearInterval(this.pollTimer);\n this.pollTimer = null;\n }\n }\n\n private attachListener(): void {\n window.addEventListener('storage', this.boundEventHandler);\n }\n\n private detachListener(): void {\n window.removeEventListener('storage', this.boundEventHandler);\n }\n\n _addListener(key: string, listener: StorageEventListener): void {\n if (Object.keys(this.listeners).length === 0) {\n // Whether browser can detect storage event when it had already been pushed to the background.\n // This may happen in some mobile browsers. A localStorage change in the foreground window\n // will not be detected in the background window via the storage event.\n // This was detected in iOS 7.x mobile browsers\n if (this.fallbackToPolling) {\n this.startPolling();\n } else {\n this.attachListener();\n }\n }\n if (!this.listeners[key]) {\n this.listeners[key] = new Set();\n // Populate the cache to avoid spuriously triggering on first poll.\n this.localCache[key] = this.storage.getItem(key);\n }\n this.listeners[key].add(listener);\n }\n\n _removeListener(key: string, listener: StorageEventListener): void {\n if (this.listeners[key]) {\n this.listeners[key].delete(listener);\n\n if (this.listeners[key].size === 0) {\n delete this.listeners[key];\n }\n }\n\n if (Object.keys(this.listeners).length === 0) {\n this.detachListener();\n this.stopPolling();\n }\n }\n\n // Update local cache on base operations:\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n await super._set(key, value);\n this.localCache[key] = JSON.stringify(value);\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const value = await super._get<T>(key);\n this.localCache[key] = JSON.stringify(value);\n return value;\n }\n\n async _remove(key: string): Promise<void> {\n await super._remove(key);\n delete this.localCache[key];\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`\n * for the underlying storage.\n *\n * @public\n */\nexport const browserLocalPersistence: Persistence = BrowserLocalPersistence;\n", "/**\n * @license\n * Copyright 2025 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\nimport type { CookieChangeEvent } from 'cookie-store';\n\nconst POLLING_INTERVAL_MS = 1_000;\n\nimport {\n PersistenceInternal,\n PersistenceType,\n PersistenceValue,\n StorageEventListener\n} from '../../core/persistence';\n\n// Pull a cookie value from document.cookie\nfunction getDocumentCookie(name: string): string | null {\n const escapedName = name.replace(/[\\\\^$.*+?()[\\]{}|]/g, '\\\\$&');\n const matcher = RegExp(`${escapedName}=([^;]+)`);\n return document.cookie.match(matcher)?.[1] ?? null;\n}\n\n// Produce a sanitized cookie name from the persistence key\nfunction getCookieName(key: string): string {\n // __HOST- doesn't work in localhost https://issues.chromium.org/issues/40196122 but it has\n // desirable security properties, so lets use a different cookie name while in dev-mode.\n // Already checked isSecureContext in _isAvailable, so if it's http we're hitting local.\n const isDevMode = window.location.protocol === 'http:';\n return `${isDevMode ? '__dev_' : '__HOST-'}FIREBASE_${key.split(':')[3]}`;\n}\n\nexport class CookiePersistence implements PersistenceInternal {\n static type: 'COOKIE' = 'COOKIE';\n readonly type = PersistenceType.COOKIE;\n listenerUnsubscribes: Map<StorageEventListener, () => void> = new Map();\n\n // used to get the URL to the backend to proxy to\n _getFinalTarget(originalUrl: string): URL | string {\n if (typeof window === undefined) {\n return originalUrl;\n }\n const url = new URL(`${window.location.origin}/__cookies__`);\n url.searchParams.set('finalTarget', originalUrl);\n return url;\n }\n\n // To be a usable persistence method in a chain browserCookiePersistence ensures that\n // prerequisites have been met, namely that we're in a secureContext, navigator and document are\n // available and cookies are enabled. Not all UAs support these method, so fallback accordingly.\n async _isAvailable(): Promise<boolean> {\n if (typeof isSecureContext === 'boolean' && !isSecureContext) {\n return false;\n }\n if (typeof navigator === 'undefined' || typeof document === 'undefined') {\n return false;\n }\n return navigator.cookieEnabled ?? true;\n }\n\n // Set should be a noop as we expect middleware to handle this\n async _set(_key: string, _value: PersistenceValue): Promise<void> {\n return;\n }\n\n // Attempt to get the cookie from cookieStore, fallback to document.cookie\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n if (!this._isAvailable()) {\n return null;\n }\n const name = getCookieName(key);\n if (window.cookieStore) {\n const cookie = await window.cookieStore.get(name);\n return cookie?.value as T;\n }\n return getDocumentCookie(name) as T;\n }\n\n // Log out by overriding the idToken with a sentinel value of \"\"\n async _remove(key: string): Promise<void> {\n if (!this._isAvailable()) {\n return;\n }\n // To make sure we don't hit signout over and over again, only do this operation if we need to\n // with the logout sentinel value of \"\" this can cause race conditions. Unnecessary set-cookie\n // headers will reduce CDN hit rates too.\n const existingValue = await this._get(key);\n if (!existingValue) {\n return;\n }\n const name = getCookieName(key);\n document.cookie = `${name}=;Max-Age=34560000;Partitioned;Secure;SameSite=Strict;Path=/;Priority=High`;\n await fetch(`/__cookies__`, { method: 'DELETE' }).catch(() => undefined);\n }\n\n // Listen for cookie changes, both cookieStore and fallback to polling document.cookie\n _addListener(key: string, listener: StorageEventListener): void {\n if (!this._isAvailable()) {\n return;\n }\n const name = getCookieName(key);\n if (window.cookieStore) {\n const cb = ((event: CookieChangeEvent): void => {\n const changedCookie = event.changed.find(\n change => change.name === name\n );\n if (changedCookie) {\n listener(changedCookie.value as PersistenceValue);\n }\n const deletedCookie = event.deleted.find(\n change => change.name === name\n );\n if (deletedCookie) {\n listener(null);\n }\n }) as EventListener;\n const unsubscribe = (): void =>\n window.cookieStore.removeEventListener('change', cb);\n this.listenerUnsubscribes.set(listener, unsubscribe);\n return window.cookieStore.addEventListener('change', cb as EventListener);\n }\n let lastValue = getDocumentCookie(name);\n const interval = setInterval(() => {\n const currentValue = getDocumentCookie(name);\n if (currentValue !== lastValue) {\n listener(currentValue as PersistenceValue | null);\n lastValue = currentValue;\n }\n }, POLLING_INTERVAL_MS);\n const unsubscribe = (): void => clearInterval(interval);\n this.listenerUnsubscribes.set(listener, unsubscribe);\n }\n\n _removeListener(_key: string, listener: StorageEventListener): void {\n const unsubscribe = this.listenerUnsubscribes.get(listener);\n if (!unsubscribe) {\n return;\n }\n unsubscribe();\n this.listenerUnsubscribes.delete(listener);\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type `COOKIE`, for use on the client side in\n * applications leveraging hybrid rendering and middleware.\n *\n * @remarks This persistence method requires companion middleware to function, such as that provided\n * by {@link https://firebaseopensource.com/projects/firebaseextended/reactfire/ | ReactFire} for\n * NextJS.\n * @beta\n */\nexport const browserCookiePersistence: Persistence = CookiePersistence;\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport {\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n StorageEventListener\n} from '../../core/persistence';\nimport { BrowserPersistenceClass } from './browser';\n\nclass BrowserSessionPersistence\n extends BrowserPersistenceClass\n implements InternalPersistence\n{\n static type: 'SESSION' = 'SESSION';\n\n constructor() {\n super(() => window.sessionStorage, PersistenceType.SESSION);\n }\n\n _addListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for session storage since it cannot be shared across windows\n return;\n }\n\n _removeListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for session storage since it cannot be shared across windows\n return;\n }\n}\n\n/**\n * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`\n * for the underlying storage.\n *\n * @public\n */\nexport const browserSessionPersistence: Persistence = BrowserSessionPersistence;\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/** TODO: remove this once tslib has a polyfill for Promise.allSettled */\ninterface PromiseFulfilledResult<T> {\n fulfilled: true;\n value: T;\n}\n\ninterface PromiseRejectedResult {\n fulfilled: false;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n reason: any;\n}\n\nexport type PromiseSettledResult<T> =\n | PromiseFulfilledResult<T>\n | PromiseRejectedResult;\n\n/**\n * Shim for Promise.allSettled, note the slightly different format of `fulfilled` vs `status`.\n *\n * @param promises - Array of promises to wait on.\n */\nexport function _allSettled<T>(\n promises: Array<Promise<T>>\n): Promise<Array<PromiseSettledResult<T>>> {\n return Promise.all(\n promises.map(async promise => {\n try {\n const value = await promise;\n return {\n fulfilled: true,\n value\n } as PromiseFulfilledResult<T>;\n } catch (reason) {\n return {\n fulfilled: false,\n reason\n } as PromiseRejectedResult;\n }\n })\n );\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ReceiverHandler,\n _EventType,\n _ReceiverResponse,\n SenderMessageEvent,\n _Status,\n _SenderRequest\n} from './index';\nimport { _allSettled } from './promise';\n\n/**\n * Interface class for receiving messages.\n *\n */\nexport class Receiver {\n private static readonly receivers: Receiver[] = [];\n private readonly boundEventHandler: EventListener;\n\n private readonly handlersMap: {\n // TypeScript doesn't have existential types :(\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n [eventType: string]: Set<ReceiverHandler<any, any>>;\n } = {};\n\n constructor(private readonly eventTarget: EventTarget) {\n this.boundEventHandler = this.handleEvent.bind(this);\n }\n\n /**\n * Obtain an instance of a Receiver for a given event target, if none exists it will be created.\n *\n * @param eventTarget - An event target (such as window or self) through which the underlying\n * messages will be received.\n */\n static _getInstance(eventTarget: EventTarget): Receiver {\n // The results are stored in an array since objects can't be keys for other\n // objects. In addition, setting a unique property on an event target as a\n // hash map key may not be allowed due to CORS restrictions.\n const existingInstance = this.receivers.find(receiver =>\n receiver.isListeningto(eventTarget)\n );\n if (existingInstance) {\n return existingInstance;\n }\n const newInstance = new Receiver(eventTarget);\n this.receivers.push(newInstance);\n return newInstance;\n }\n\n private isListeningto(eventTarget: EventTarget): boolean {\n return this.eventTarget === eventTarget;\n }\n\n /**\n * Fans out a MessageEvent to the appropriate listeners.\n *\n * @remarks\n * Sends an {@link Status.ACK} upon receipt and a {@link Status.DONE} once all handlers have\n * finished processing.\n *\n * @param event - The MessageEvent.\n *\n */\n private async handleEvent<\n T extends _ReceiverResponse,\n S extends _SenderRequest\n >(event: Event): Promise<void> {\n const messageEvent = event as MessageEvent<SenderMessageEvent<S>>;\n const { eventId, eventType, data } = messageEvent.data;\n\n const handlers: Set<ReceiverHandler<T, S>> | undefined =\n this.handlersMap[eventType];\n if (!handlers?.size) {\n return;\n }\n\n messageEvent.ports[0].postMessage({\n status: _Status.ACK,\n eventId,\n eventType\n });\n\n const promises = Array.from(handlers).map(async handler =>\n handler(messageEvent.origin, data)\n );\n const response = await _allSettled(promises);\n messageEvent.ports[0].postMessage({\n status: _Status.DONE,\n eventId,\n eventType,\n response\n });\n }\n\n /**\n * Subscribe an event handler for a particular event.\n *\n * @param eventType - Event name to subscribe to.\n * @param eventHandler - The event handler which should receive the events.\n *\n */\n _subscribe<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n eventHandler: ReceiverHandler<T, S>\n ): void {\n if (Object.keys(this.handlersMap).length === 0) {\n this.eventTarget.addEventListener('message', this.boundEventHandler);\n }\n\n if (!this.handlersMap[eventType]) {\n this.handlersMap[eventType] = new Set();\n }\n\n this.handlersMap[eventType].add(eventHandler);\n }\n\n /**\n * Unsubscribe an event handler from a particular event.\n *\n * @param eventType - Event name to unsubscribe from.\n * @param eventHandler - Optional event handler, if none provided, unsubscribe all handlers on this event.\n *\n */\n _unsubscribe<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n eventHandler?: ReceiverHandler<T, S>\n ): void {\n if (this.handlersMap[eventType] && eventHandler) {\n this.handlersMap[eventType].delete(eventHandler);\n }\n if (!eventHandler || this.handlersMap[eventType].size === 0) {\n delete this.handlersMap[eventType];\n }\n\n if (Object.keys(this.handlersMap).length === 0) {\n this.eventTarget.removeEventListener('message', this.boundEventHandler);\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function _generateEventId(prefix = '', digits = 10): string {\n let random = '';\n for (let i = 0; i < digits; i++) {\n random += Math.floor(Math.random() * 10);\n }\n return prefix + random;\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _generateEventId } from '../../core/util/event_id';\nimport {\n _SenderRequest,\n _EventType,\n ReceiverMessageEvent,\n _MessageError,\n SenderMessageEvent,\n _Status,\n _ReceiverMessageResponse,\n _ReceiverResponse,\n _TimeoutDuration\n} from './index';\n\ninterface MessageHandler {\n messageChannel: MessageChannel;\n onMessage: EventListenerOrEventListenerObject;\n}\n\n/**\n * Interface for sending messages and waiting for a completion response.\n *\n */\nexport class Sender {\n private readonly handlers = new Set<MessageHandler>();\n\n constructor(private readonly target: ServiceWorker) {}\n\n /**\n * Unsubscribe the handler and remove it from our tracking Set.\n *\n * @param handler - The handler to unsubscribe.\n */\n private removeMessageHandler(handler: MessageHandler): void {\n if (handler.messageChannel) {\n handler.messageChannel.port1.removeEventListener(\n 'message',\n handler.onMessage\n );\n handler.messageChannel.port1.close();\n }\n this.handlers.delete(handler);\n }\n\n /**\n * Send a message to the Receiver located at {@link target}.\n *\n * @remarks\n * We'll first wait a bit for an ACK , if we get one we will wait significantly longer until the\n * receiver has had a chance to fully process the event.\n *\n * @param eventType - Type of event to send.\n * @param data - The payload of the event.\n * @param timeout - Timeout for waiting on an ACK from the receiver.\n *\n * @returns An array of settled promises from all the handlers that were listening on the receiver.\n */\n async _send<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n data: S,\n timeout = _TimeoutDuration.ACK\n ): Promise<_ReceiverMessageResponse<T>> {\n const messageChannel =\n typeof MessageChannel !== 'undefined' ? new MessageChannel() : null;\n if (!messageChannel) {\n throw new Error(_MessageError.CONNECTION_UNAVAILABLE);\n }\n // Node timers and browser timers return fundamentally different types.\n // We don't actually care what the value is but TS won't accept unknown and\n // we can't cast properly in both environments.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n let completionTimer: any;\n let handler: MessageHandler;\n return new Promise<_ReceiverMessageResponse<T>>((resolve, reject) => {\n const eventId = _generateEventId('', 20);\n messageChannel.port1.start();\n const ackTimer = setTimeout(() => {\n reject(new Error(_MessageError.UNSUPPORTED_EVENT));\n }, timeout);\n handler = {\n messageChannel,\n onMessage(event: Event): void {\n const messageEvent = event as MessageEvent<ReceiverMessageEvent<T>>;\n if (messageEvent.data.eventId !== eventId) {\n return;\n }\n switch (messageEvent.data.status) {\n case _Status.ACK:\n // The receiver should ACK first.\n clearTimeout(ackTimer);\n completionTimer = setTimeout(() => {\n reject(new Error(_MessageError.TIMEOUT));\n }, _TimeoutDuration.COMPLETION);\n break;\n case _Status.DONE:\n // Once the receiver's handlers are finished we will get the results.\n clearTimeout(completionTimer);\n resolve(messageEvent.data.response);\n break;\n default:\n clearTimeout(ackTimer);\n clearTimeout(completionTimer);\n reject(new Error(_MessageError.INVALID_RESPONSE));\n break;\n }\n }\n };\n this.handlers.add(handler);\n messageChannel.port1.addEventListener('message', handler.onMessage);\n this.target.postMessage(\n {\n eventType,\n eventId,\n data\n } as SenderMessageEvent<S>,\n [messageChannel.port2]\n );\n }).finally(() => {\n if (handler) {\n this.removeMessageHandler(handler);\n }\n });\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Recaptcha, GreCAPTCHATopLevel } from './recaptcha/recaptcha';\n\n/**\n * A specialized window type that melds the normal window type plus the\n * various bits we need. The three different blocks that are &'d together\n * cant be defined in the same block together.\n */\nexport type AuthWindow = {\n // Standard window types\n [T in keyof Window]: Window[T];\n} & {\n // Any known / named properties we want to add\n grecaptcha?: Recaptcha | GreCAPTCHATopLevel;\n /* eslint-disable-next-line @typescript-eslint/no-explicit-any */\n ___jsl?: Record<string, any>;\n gapi?: typeof gapi;\n} & {\n // A final catch-all for callbacks (which will have random names) that\n // we will stick on the window.\n [callback: string]: (...args: unknown[]) => void;\n};\n\n/**\n * Lazy accessor for window, since the compat layer won't tree shake this out,\n * we need to make sure not to mess with window unless we have to\n */\nexport function _window(): AuthWindow {\n return window as unknown as AuthWindow;\n}\n\nexport function _setWindowLocation(url: string): void {\n _window().location.href = url;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _window } from '../auth_window';\n\nexport function _isWorker(): boolean {\n return (\n typeof _window()['WorkerGlobalScope'] !== 'undefined' &&\n typeof _window()['importScripts'] === 'function'\n );\n}\n\nexport async function _getActiveServiceWorker(): Promise<ServiceWorker | null> {\n if (!navigator?.serviceWorker) {\n return null;\n }\n try {\n const registration = await navigator.serviceWorker.ready;\n return registration.active;\n } catch {\n return null;\n }\n}\n\nexport function _getServiceWorkerController(): ServiceWorker | null {\n return navigator?.serviceWorker?.controller || null;\n}\n\nexport function _getWorkerGlobalScope(): ServiceWorker | null {\n return _isWorker() ? (self as unknown as ServiceWorker) : null;\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\nimport {\n PersistedBlob,\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n PersistenceValue,\n StorageEventListener,\n STORAGE_AVAILABLE_KEY\n} from '../../core/persistence/';\nimport {\n _EventType,\n _PingResponse,\n KeyChangedResponse,\n KeyChangedRequest,\n PingRequest,\n _TimeoutDuration\n} from '../messagechannel/index';\nimport { Receiver } from '../messagechannel/receiver';\nimport { Sender } from '../messagechannel/sender';\nimport {\n _isWorker,\n _getActiveServiceWorker,\n _getServiceWorkerController,\n _getWorkerGlobalScope\n} from '../util/worker';\n\nexport const DB_NAME = 'firebaseLocalStorageDb';\nconst DB_VERSION = 1;\nconst DB_OBJECTSTORE_NAME = 'firebaseLocalStorage';\nconst DB_DATA_KEYPATH = 'fbase_key';\n\ninterface DBObject {\n [DB_DATA_KEYPATH]: string;\n value: PersistedBlob;\n}\n\n/**\n * Promise wrapper for IDBRequest\n *\n * Unfortunately we can't cleanly extend Promise<T> since promises are not callable in ES6\n *\n */\nclass DBPromise<T> {\n constructor(private readonly request: IDBRequest) {}\n\n toPromise(): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n this.request.addEventListener('success', () => {\n resolve(this.request.result);\n });\n this.request.addEventListener('error', () => {\n reject(this.request.error);\n });\n });\n }\n}\n\nfunction getObjectStore(db: IDBDatabase, isReadWrite: boolean): IDBObjectStore {\n return db\n .transaction([DB_OBJECTSTORE_NAME], isReadWrite ? 'readwrite' : 'readonly')\n .objectStore(DB_OBJECTSTORE_NAME);\n}\n\nexport async function _clearDatabase(db: IDBDatabase): Promise<void> {\n const objectStore = getObjectStore(db, true);\n return new DBPromise<void>(objectStore.clear()).toPromise();\n}\n\nexport function _deleteDatabase(): Promise<void> {\n const request = indexedDB.deleteDatabase(DB_NAME);\n return new DBPromise<void>(request).toPromise();\n}\n\nexport function _openDatabase(): Promise<IDBDatabase> {\n const request = indexedDB.open(DB_NAME, DB_VERSION);\n return new Promise((resolve, reject) => {\n request.addEventListener('error', () => {\n reject(request.error);\n });\n\n request.addEventListener('upgradeneeded', () => {\n const db = request.result;\n\n try {\n db.createObjectStore(DB_OBJECTSTORE_NAME, { keyPath: DB_DATA_KEYPATH });\n } catch (e) {\n reject(e);\n }\n });\n\n request.addEventListener('success', async () => {\n const db: IDBDatabase = request.result;\n // Strange bug that occurs in Firefox when multiple tabs are opened at the\n // same time. The only way to recover seems to be deleting the database\n // and re-initializing it.\n // https://github.com/firebase/firebase-js-sdk/issues/634\n\n if (!db.objectStoreNames.contains(DB_OBJECTSTORE_NAME)) {\n // Need to close the database or else you get a `blocked` event\n db.close();\n await _deleteDatabase();\n resolve(await _openDatabase());\n } else {\n resolve(db);\n }\n });\n });\n}\n\nexport async function _putObject(\n db: IDBDatabase,\n key: string,\n value: PersistenceValue | string\n): Promise<void> {\n const request = getObjectStore(db, true).put({\n [DB_DATA_KEYPATH]: key,\n value\n });\n return new DBPromise<void>(request).toPromise();\n}\n\nasync function getObject(\n db: IDBDatabase,\n key: string\n): Promise<PersistedBlob | null> {\n const request = getObjectStore(db, false).get(key);\n const data = await new DBPromise<DBObject | undefined>(request).toPromise();\n return data === undefined ? null : data.value;\n}\n\nexport function _deleteObject(db: IDBDatabase, key: string): Promise<void> {\n const request = getObjectStore(db, true).delete(key);\n return new DBPromise<void>(request).toPromise();\n}\n\nexport const _POLLING_INTERVAL_MS = 800;\nexport const _TRANSACTION_RETRY_COUNT = 3;\n\nclass IndexedDBLocalPersistence implements InternalPersistence {\n static type: 'LOCAL' = 'LOCAL';\n\n type = PersistenceType.LOCAL;\n db?: IDBDatabase;\n readonly _shouldAllowMigration = true;\n\n private readonly listeners: Record<string, Set<StorageEventListener>> = {};\n private readonly localCache: Record<string, PersistenceValue | null> = {};\n // setTimeout return value is platform specific\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private pollTimer: any | null = null;\n private pendingWrites = 0;\n\n private receiver: Receiver | null = null;\n private sender: Sender | null = null;\n private serviceWorkerReceiverAvailable = false;\n private activeServiceWorker: ServiceWorker | null = null;\n // Visible for testing only\n readonly _workerInitializationPromise: Promise<void>;\n\n constructor() {\n // Fire & forget the service worker registration as it may never resolve\n this._workerInitializationPromise =\n this.initializeServiceWorkerMessaging().then(\n () => {},\n () => {}\n );\n }\n\n async _openDb(): Promise<IDBDatabase> {\n if (this.db) {\n return this.db;\n }\n this.db = await _openDatabase();\n return this.db;\n }\n\n async _withRetries<T>(op: (db: IDBDatabase) => Promise<T>): Promise<T> {\n let numAttempts = 0;\n\n while (true) {\n try {\n const db = await this._openDb();\n return await op(db);\n } catch (e) {\n if (numAttempts++ > _TRANSACTION_RETRY_COUNT) {\n throw e;\n }\n if (this.db) {\n this.db.close();\n this.db = undefined;\n }\n // TODO: consider adding exponential backoff\n }\n }\n }\n\n /**\n * IndexedDB events do not propagate from the main window to the worker context. We rely on a\n * postMessage interface to send these events to the worker ourselves.\n */\n private async initializeServiceWorkerMessaging(): Promise<void> {\n return _isWorker() ? this.initializeReceiver() : this.initializeSender();\n }\n\n /**\n * As the worker we should listen to events from the main window.\n */\n private async initializeReceiver(): Promise<void> {\n this.receiver = Receiver._getInstance(_getWorkerGlobalScope()!);\n // Refresh from persistence if we receive a KeyChanged message.\n this.receiver._subscribe(\n _EventType.KEY_CHANGED,\n async (_origin: string, data: KeyChangedRequest) => {\n const keys = await this._poll();\n return {\n keyProcessed: keys.includes(data.key)\n };\n }\n );\n // Let the sender know that we are listening so they give us more timeout.\n this.receiver._subscribe(\n _EventType.PING,\n async (_origin: string, _data: PingRequest) => {\n return [_EventType.KEY_CHANGED];\n }\n );\n }\n\n /**\n * As the main window, we should let the worker know when keys change (set and remove).\n *\n * @remarks\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorkerContainer/ready | ServiceWorkerContainer.ready}\n * may not resolve.\n */\n private async initializeSender(): Promise<void> {\n // Check to see if there's an active service worker.\n this.activeServiceWorker = await _getActiveServiceWorker();\n if (!this.activeServiceWorker) {\n return;\n }\n this.sender = new Sender(this.activeServiceWorker);\n // Ping the service worker to check what events they can handle.\n const results = await this.sender._send<_PingResponse, PingRequest>(\n _EventType.PING,\n {},\n _TimeoutDuration.LONG_ACK\n );\n if (!results) {\n return;\n }\n if (\n results[0]?.fulfilled &&\n results[0]?.value.includes(_EventType.KEY_CHANGED)\n ) {\n this.serviceWorkerReceiverAvailable = true;\n }\n }\n\n /**\n * Let the worker know about a changed key, the exact key doesn't technically matter since the\n * worker will just trigger a full sync anyway.\n *\n * @remarks\n * For now, we only support one service worker per page.\n *\n * @param key - Storage key which changed.\n */\n private async notifyServiceWorker(key: string): Promise<void> {\n if (\n !this.sender ||\n !this.activeServiceWorker ||\n _getServiceWorkerController() !== this.activeServiceWorker\n ) {\n return;\n }\n try {\n await this.sender._send<KeyChangedResponse, KeyChangedRequest>(\n _EventType.KEY_CHANGED,\n { key },\n // Use long timeout if receiver has previously responded to a ping from us.\n this.serviceWorkerReceiverAvailable\n ? _TimeoutDuration.LONG_ACK\n : _TimeoutDuration.ACK\n );\n } catch {\n // This is a best effort approach. Ignore errors.\n }\n }\n\n async _isAvailable(): Promise<boolean> {\n try {\n if (!indexedDB) {\n return false;\n }\n const db = await _openDatabase();\n await _putObject(db, STORAGE_AVAILABLE_KEY, '1');\n await _deleteObject(db, STORAGE_AVAILABLE_KEY);\n return true;\n } catch {}\n return false;\n }\n\n private async _withPendingWrite(write: () => Promise<void>): Promise<void> {\n this.pendingWrites++;\n try {\n await write();\n } finally {\n this.pendingWrites--;\n }\n }\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n return this._withPendingWrite(async () => {\n await this._withRetries((db: IDBDatabase) => _putObject(db, key, value));\n this.localCache[key] = value;\n return this.notifyServiceWorker(key);\n });\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const obj = (await this._withRetries((db: IDBDatabase) =>\n getObject(db, key)\n )) as T;\n this.localCache[key] = obj;\n return obj;\n }\n\n async _remove(key: string): Promise<void> {\n return this._withPendingWrite(async () => {\n await this._withRetries((db: IDBDatabase) => _deleteObject(db, key));\n delete this.localCache[key];\n return this.notifyServiceWorker(key);\n });\n }\n\n private async _poll(): Promise<string[]> {\n // TODO: check if we need to fallback if getAll is not supported\n const result = await this._withRetries((db: IDBDatabase) => {\n const getAllRequest = getObjectStore(db, false).getAll();\n return new DBPromise<DBObject[] | null>(getAllRequest).toPromise();\n });\n\n if (!result) {\n return [];\n }\n\n // If we have pending writes in progress abort, we'll get picked up on the next poll\n if (this.pendingWrites !== 0) {\n return [];\n }\n\n const keys = [];\n const keysInResult = new Set();\n if (result.length !== 0) {\n for (const { fbase_key: key, value } of result) {\n keysInResult.add(key);\n if (JSON.stringify(this.localCache[key]) !== JSON.stringify(value)) {\n this.notifyListeners(key, value as PersistenceValue);\n keys.push(key);\n }\n }\n }\n\n for (const localKey of Object.keys(this.localCache)) {\n if (this.localCache[localKey] && !keysInResult.has(localKey)) {\n // Deleted\n this.notifyListeners(localKey, null);\n keys.push(localKey);\n }\n }\n return keys;\n }\n\n private notifyListeners(\n key: string,\n newValue: PersistenceValue | null\n ): void {\n this.localCache[key] = newValue;\n const listeners = this.listeners[key];\n if (listeners) {\n for (const listener of Array.from(listeners)) {\n listener(newValue);\n }\n }\n }\n\n private startPolling(): void {\n this.stopPolling();\n\n this.pollTimer = setInterval(\n async () => this._poll(),\n _POLLING_INTERVAL_MS\n );\n }\n\n private stopPolling(): void {\n if (this.pollTimer) {\n clearInterval(this.pollTimer);\n this.pollTimer = null;\n }\n }\n\n _addListener(key: string, listener: StorageEventListener): void {\n if (Object.keys(this.listeners).length === 0) {\n this.startPolling();\n }\n if (!this.listeners[key]) {\n this.listeners[key] = new Set();\n // Populate the cache to avoid spuriously triggering on first poll.\n void this._get(key); // This can happen in the background async and we can return immediately.\n }\n this.listeners[key].add(listener);\n }\n\n _removeListener(key: string, listener: StorageEventListener): void {\n if (this.listeners[key]) {\n this.listeners[key].delete(listener);\n\n if (this.listeners[key].size === 0) {\n delete this.listeners[key];\n }\n }\n\n if (Object.keys(this.listeners).length === 0) {\n this.stopPolling();\n }\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`\n * for the underlying storage.\n *\n * @public\n */\nexport const indexedDBLocalPersistence: Persistence = IndexedDBLocalPersistence;\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performApiRequest,\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { MfaEnrollment } from '../account_management/mfa';\nimport { SignInWithIdpResponse } from './idp';\nimport {\n SignInWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n} from './sms';\n\nexport interface FinalizeMfaResponse {\n idToken: string;\n refreshToken: string;\n}\n\n/**\n * @internal\n */\nexport interface IdTokenMfaResponse extends IdTokenResponse {\n mfaPendingCredential?: string;\n mfaInfo?: MfaEnrollment[];\n}\n\nexport interface StartPhoneMfaSignInRequest {\n mfaPendingCredential: string;\n mfaEnrollmentId: string;\n phoneSignInInfo: {\n // reCAPTCHA v2 token\n recaptchaToken?: string;\n // reCAPTCHA Enterprise token\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n };\n tenantId?: string;\n}\n\nexport interface StartPhoneMfaSignInResponse {\n phoneResponseInfo: {\n sessionInfo: string;\n };\n}\n\nexport function startSignInPhoneMfa(\n auth: Auth,\n request: StartPhoneMfaSignInRequest\n): Promise<StartPhoneMfaSignInResponse> {\n return _performApiRequest<\n StartPhoneMfaSignInRequest,\n StartPhoneMfaSignInResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_SIGN_IN,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface FinalizePhoneMfaSignInRequest {\n mfaPendingCredential: string;\n phoneVerificationInfo: SignInWithPhoneNumberRequest;\n tenantId?: string;\n}\n\n// TOTP MFA Sign in only has a finalize phase. Phone MFA has a start phase to initiate sending an\n// SMS and a finalize phase to complete sign in. With TOTP, the user already has the OTP in the\n// TOTP/Authenticator app.\nexport interface FinalizeTotpMfaSignInRequest {\n mfaPendingCredential: string;\n totpVerificationInfo: { verificationCode: string };\n tenantId?: string;\n mfaEnrollmentId: string;\n}\n\nexport interface FinalizePhoneMfaSignInResponse extends FinalizeMfaResponse {}\n\nexport interface FinalizeTotpMfaSignInResponse extends FinalizeMfaResponse {}\n\nexport function finalizeSignInPhoneMfa(\n auth: Auth,\n request: FinalizePhoneMfaSignInRequest\n): Promise<FinalizePhoneMfaSignInResponse> {\n return _performApiRequest<\n FinalizePhoneMfaSignInRequest,\n FinalizePhoneMfaSignInResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_SIGN_IN,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport function finalizeSignInTotpMfa(\n auth: Auth,\n request: FinalizeTotpMfaSignInRequest\n): Promise<FinalizeTotpMfaSignInResponse> {\n return _performApiRequest<\n FinalizeTotpMfaSignInRequest,\n FinalizeTotpMfaSignInResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_SIGN_IN,\n _addTidIfNecessary(auth, request)\n );\n}\n\n/**\n * @internal\n */\nexport type PhoneOrOauthTokenResponse =\n | SignInWithPhoneNumberResponse\n | SignInWithIdpResponse\n | IdTokenResponse;\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { querystring } from '@firebase/util';\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert, _createError } from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport * as jsHelpers from '../load_js';\nimport { Recaptcha, isV2 } from './recaptcha';\nimport { MockReCaptcha } from './recaptcha_mock';\n\n// ReCaptcha will load using the same callback, so the callback function needs\n// to be kept around\nexport const _JSLOAD_CALLBACK = jsHelpers._generateCallbackName('rcb');\nconst NETWORK_TIMEOUT_DELAY = new Delay(30000, 60000);\n\n/**\n * We need to mark this interface as internal explicitly to exclude it in the public typings, because\n * it references AuthInternal which has a circular dependency with UserInternal.\n *\n * @internal\n */\nexport interface ReCaptchaLoader {\n load(auth: AuthInternal, hl?: string): Promise<Recaptcha>;\n clearedOneInstance(): void;\n}\n\n/**\n * Loader for the GReCaptcha library. There should only ever be one of this.\n */\nexport class ReCaptchaLoaderImpl implements ReCaptchaLoader {\n private hostLanguage = '';\n private counter = 0;\n /**\n * Check for `render()` method. `window.grecaptcha` will exist if the Enterprise\n * version of the ReCAPTCHA script was loaded by someone else (e.g. App Check) but\n * `window.grecaptcha.render()` will not. Another load will add it.\n */\n private readonly librarySeparatelyLoaded = !!_window().grecaptcha?.render;\n\n load(auth: AuthInternal, hl = ''): Promise<Recaptcha> {\n _assert(isHostLanguageValid(hl), auth, AuthErrorCode.ARGUMENT_ERROR);\n\n if (this.shouldResolveImmediately(hl) && isV2(_window().grecaptcha)) {\n return Promise.resolve(_window().grecaptcha! as Recaptcha);\n }\n return new Promise<Recaptcha>((resolve, reject) => {\n const networkTimeout = _window().setTimeout(() => {\n reject(_createError(auth, AuthErrorCode.NETWORK_REQUEST_FAILED));\n }, NETWORK_TIMEOUT_DELAY.get());\n\n _window()[_JSLOAD_CALLBACK] = () => {\n _window().clearTimeout(networkTimeout);\n delete _window()[_JSLOAD_CALLBACK];\n\n const recaptcha = _window().grecaptcha as Recaptcha;\n\n if (!recaptcha || !isV2(recaptcha)) {\n reject(_createError(auth, AuthErrorCode.INTERNAL_ERROR));\n return;\n }\n\n // Wrap the recaptcha render function so that we know if the developer has\n // called it separately\n const render = recaptcha.render;\n recaptcha.render = (container, params) => {\n const widgetId = render(container, params);\n this.counter++;\n return widgetId;\n };\n\n this.hostLanguage = hl;\n resolve(recaptcha);\n };\n\n const url = `${jsHelpers._recaptchaV2ScriptUrl()}?${querystring({\n onload: _JSLOAD_CALLBACK,\n render: 'explicit',\n hl\n })}`;\n\n jsHelpers._loadJS(url).catch(() => {\n clearTimeout(networkTimeout);\n reject(_createError(auth, AuthErrorCode.INTERNAL_ERROR));\n });\n });\n }\n\n clearedOneInstance(): void {\n this.counter--;\n }\n\n private shouldResolveImmediately(hl: string): boolean {\n // We can resolve immediately if:\n // • grecaptcha is already defined AND (\n // 1. the requested language codes are the same OR\n // 2. there exists already a ReCaptcha on the page\n // 3. the library was already loaded by the app\n // In cases (2) and (3), we _can't_ reload as it would break the recaptchas\n // that are already in the page\n return (\n !!_window().grecaptcha?.render &&\n (hl === this.hostLanguage ||\n this.counter > 0 ||\n this.librarySeparatelyLoaded)\n );\n }\n}\n\nfunction isHostLanguageValid(hl: string): boolean {\n return hl.length <= 6 && /^\\s*[a-zA-Z0-9\\-]*\\s*$/.test(hl);\n}\n\nexport class MockReCaptchaLoaderImpl implements ReCaptchaLoader {\n async load(auth: AuthInternal): Promise<Recaptcha> {\n return new MockReCaptcha(auth);\n }\n\n clearedOneInstance(): void {}\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, RecaptchaParameters } from '../../model/public_types';\nimport { getRecaptchaParams } from '../../api/authentication/recaptcha';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\nimport { _isHttpOrHttps } from '../../core/util/location';\nimport { ApplicationVerifierInternal } from '../../model/application_verifier';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport { _isWorker } from '../util/worker';\nimport { Recaptcha } from './recaptcha';\nimport {\n MockReCaptchaLoaderImpl,\n ReCaptchaLoader,\n ReCaptchaLoaderImpl\n} from './recaptcha_loader';\n\nexport const RECAPTCHA_VERIFIER_TYPE = 'recaptcha';\n\nconst DEFAULT_PARAMS: RecaptchaParameters = {\n theme: 'light',\n type: 'image'\n};\n\ntype TokenCallback = (token: string) => void;\n\n/**\n * An {@link https://www.google.com/recaptcha/ | reCAPTCHA}-based application verifier.\n *\n * @remarks\n * `RecaptchaVerifier` does not work in a Node.js environment.\n *\n * @public\n */\nexport class RecaptchaVerifier implements ApplicationVerifierInternal {\n /**\n * The application verifier type.\n *\n * @remarks\n * For a reCAPTCHA verifier, this is 'recaptcha'.\n */\n readonly type = RECAPTCHA_VERIFIER_TYPE;\n private destroyed = false;\n private widgetId: number | null = null;\n private readonly container: HTMLElement;\n private readonly isInvisible: boolean;\n private readonly tokenChangeListeners = new Set<TokenCallback>();\n private renderPromise: Promise<number> | null = null;\n private readonly auth: AuthInternal;\n\n /** @internal */\n readonly _recaptchaLoader: ReCaptchaLoader;\n private recaptcha: Recaptcha | null = null;\n\n /**\n * @param authExtern - The corresponding Firebase {@link Auth} instance.\n *\n * @param containerOrId - The reCAPTCHA container parameter.\n *\n * @remarks\n * This has different meaning depending on whether the reCAPTCHA is hidden or visible. For a\n * visible reCAPTCHA the container must be empty. If a string is used, it has to correspond to\n * an element ID. The corresponding element must also must be in the DOM at the time of\n * initialization.\n *\n * @param parameters - The optional reCAPTCHA parameters.\n *\n * @remarks\n * Check the reCAPTCHA docs for a comprehensive list. All parameters are accepted except for\n * the sitekey. Firebase Auth backend provisions a reCAPTCHA for each project and will\n * configure this upon rendering. For an invisible reCAPTCHA, a size key must have the value\n * 'invisible'.\n */\n constructor(\n authExtern: Auth,\n containerOrId: HTMLElement | string,\n private readonly parameters: RecaptchaParameters = {\n ...DEFAULT_PARAMS\n }\n ) {\n this.auth = _castAuth(authExtern);\n this.isInvisible = this.parameters.size === 'invisible';\n _assert(\n typeof document !== 'undefined',\n this.auth,\n AuthErrorCode.OPERATION_NOT_SUPPORTED\n );\n const container =\n typeof containerOrId === 'string'\n ? document.getElementById(containerOrId)\n : containerOrId;\n _assert(container, this.auth, AuthErrorCode.ARGUMENT_ERROR);\n\n this.container = container;\n this.parameters.callback = this.makeTokenCallback(this.parameters.callback);\n\n this._recaptchaLoader = this.auth.settings.appVerificationDisabledForTesting\n ? new MockReCaptchaLoaderImpl()\n : new ReCaptchaLoaderImpl();\n\n this.validateStartingState();\n // TODO: Figure out if sdk version is needed\n }\n\n /**\n * Waits for the user to solve the reCAPTCHA and resolves with the reCAPTCHA token.\n *\n * @returns A Promise for the reCAPTCHA token.\n */\n async verify(): Promise<string> {\n this.assertNotDestroyed();\n const id = await this.render();\n const recaptcha = this.getAssertedRecaptcha();\n\n const response = recaptcha.getResponse(id);\n if (response) {\n return response;\n }\n\n return new Promise<string>(resolve => {\n const tokenChange = (token: string): void => {\n if (!token) {\n return; // Ignore token expirations.\n }\n this.tokenChangeListeners.delete(tokenChange);\n resolve(token);\n };\n\n this.tokenChangeListeners.add(tokenChange);\n if (this.isInvisible) {\n recaptcha.execute(id);\n }\n });\n }\n\n /**\n * Renders the reCAPTCHA widget on the page.\n *\n * @returns A Promise that resolves with the reCAPTCHA widget ID.\n */\n render(): Promise<number> {\n try {\n this.assertNotDestroyed();\n } catch (e) {\n // This method returns a promise. Since it's not async (we want to return the\n // _same_ promise if rendering is still occurring), the API surface should\n // reject with the error rather than just throw\n return Promise.reject(e);\n }\n\n if (this.renderPromise) {\n return this.renderPromise;\n }\n\n this.renderPromise = this.makeRenderPromise().catch(e => {\n this.renderPromise = null;\n throw e;\n });\n\n return this.renderPromise;\n }\n\n /** @internal */\n _reset(): void {\n this.assertNotDestroyed();\n if (this.widgetId !== null) {\n this.getAssertedRecaptcha().reset(this.widgetId);\n }\n }\n\n /**\n * Clears the reCAPTCHA widget from the page and destroys the instance.\n */\n clear(): void {\n this.assertNotDestroyed();\n this.destroyed = true;\n this._recaptchaLoader.clearedOneInstance();\n if (!this.isInvisible) {\n this.container.childNodes.forEach(node => {\n this.container.removeChild(node);\n });\n }\n }\n\n private validateStartingState(): void {\n _assert(!this.parameters.sitekey, this.auth, AuthErrorCode.ARGUMENT_ERROR);\n _assert(\n this.isInvisible || !this.container.hasChildNodes(),\n this.auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n _assert(\n typeof document !== 'undefined',\n this.auth,\n AuthErrorCode.OPERATION_NOT_SUPPORTED\n );\n }\n\n private makeTokenCallback(\n existing: TokenCallback | string | undefined\n ): TokenCallback {\n return token => {\n this.tokenChangeListeners.forEach(listener => listener(token));\n if (typeof existing === 'function') {\n existing(token);\n } else if (typeof existing === 'string') {\n const globalFunc = _window()[existing];\n if (typeof globalFunc === 'function') {\n globalFunc(token);\n }\n }\n };\n }\n\n private assertNotDestroyed(): void {\n _assert(!this.destroyed, this.auth, AuthErrorCode.INTERNAL_ERROR);\n }\n\n private async makeRenderPromise(): Promise<number> {\n await this.init();\n if (!this.widgetId) {\n let container = this.container;\n if (!this.isInvisible) {\n const guaranteedEmpty = document.createElement('div');\n container.appendChild(guaranteedEmpty);\n container = guaranteedEmpty;\n }\n\n this.widgetId = this.getAssertedRecaptcha().render(\n container,\n this.parameters\n );\n }\n\n return this.widgetId;\n }\n\n private async init(): Promise<void> {\n _assert(\n _isHttpOrHttps() && !_isWorker(),\n this.auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n\n await domReady();\n this.recaptcha = await this._recaptchaLoader.load(\n this.auth,\n this.auth.languageCode || undefined\n );\n\n const siteKey = await getRecaptchaParams(this.auth);\n _assert(siteKey, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.parameters.sitekey = siteKey;\n }\n\n private getAssertedRecaptcha(): Recaptcha {\n _assert(this.recaptcha, this.auth, AuthErrorCode.INTERNAL_ERROR);\n return this.recaptcha;\n }\n}\n\nfunction domReady(): Promise<void> {\n let resolver: (() => void) | null = null;\n return new Promise<void>(resolve => {\n if (document.readyState === 'complete') {\n resolve();\n return;\n }\n\n // Document not ready, wait for load before resolving.\n // Save resolver, so we can remove listener in case it was externally\n // cancelled.\n resolver = () => resolve();\n window.addEventListener('load', resolver);\n }).catch(e => {\n if (resolver) {\n window.removeEventListener('load', resolver);\n }\n\n throw e;\n });\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ApplicationVerifier,\n Auth,\n ConfirmationResult,\n PhoneInfoOptions,\n User,\n UserCredential\n} from '../../model/public_types';\n\nimport {\n startEnrollPhoneMfa,\n StartPhoneMfaEnrollmentRequest,\n StartPhoneMfaEnrollmentResponse\n} from '../../api/account_management/mfa';\nimport {\n startSignInPhoneMfa,\n StartPhoneMfaSignInRequest,\n StartPhoneMfaSignInResponse\n} from '../../api/authentication/mfa';\nimport {\n sendPhoneVerificationCode,\n SendPhoneVerificationCodeRequest,\n SendPhoneVerificationCodeResponse\n} from '../../api/authentication/sms';\nimport {\n RecaptchaActionName,\n RecaptchaClientType,\n RecaptchaAuthProvider\n} from '../../api';\nimport { ApplicationVerifierInternal } from '../../model/application_verifier';\nimport { PhoneAuthCredential } from '../../core/credentials/phone';\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assertLinkedStatus, _link } from '../../core/user/link_unlink';\nimport {\n _assert,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../../core/util/assert';\nimport { AuthInternal } from '../../model/auth';\nimport {\n linkWithCredential,\n reauthenticateWithCredential,\n signInWithCredential\n} from '../../core/strategies/credential';\nimport {\n MultiFactorSessionImpl,\n MultiFactorSessionType\n} from '../../mfa/mfa_session';\nimport { UserInternal } from '../../model/user';\nimport { RECAPTCHA_VERIFIER_TYPE } from '../recaptcha/recaptcha_verifier';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { ProviderId } from '../../model/enums';\nimport {\n FAKE_TOKEN,\n handleRecaptchaFlow,\n _initializeRecaptchaConfig\n} from '../recaptcha/recaptcha_enterprise_verifier';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\ninterface OnConfirmationCallback {\n (credential: PhoneAuthCredential): Promise<UserCredential>;\n}\n\nclass ConfirmationResultImpl implements ConfirmationResult {\n constructor(\n readonly verificationId: string,\n private readonly onConfirmation: OnConfirmationCallback\n ) {}\n\n confirm(verificationCode: string): Promise<UserCredential> {\n const authCredential = PhoneAuthCredential._fromVerification(\n this.verificationId,\n verificationCode\n );\n return this.onConfirmation(authCredential);\n }\n}\n\n/**\n * Asynchronously signs in using a phone number.\n *\n * @remarks\n * This method sends a code via SMS to the given\n * phone number, and returns a {@link ConfirmationResult}. After the user\n * provides the code sent to their phone, call {@link ConfirmationResult.confirm}\n * with the code to sign the user in.\n *\n * For abuse prevention, this method requires a {@link ApplicationVerifier}.\n * This SDK includes an implementation based on reCAPTCHA v2, {@link RecaptchaVerifier}.\n * This function can work on other platforms that do not support the\n * {@link RecaptchaVerifier} (like React Native), but you need to use a\n * third-party {@link ApplicationVerifier} implementation.\n *\n * If you've enabled project-level reCAPTCHA Enterprise bot protection in\n * Enforce mode, you can omit the {@link ApplicationVerifier}.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // 'recaptcha-container' is the ID of an element in the DOM.\n * const applicationVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container');\n * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);\n * // Obtain a verificationCode from the user.\n * const credential = await confirmationResult.confirm(verificationCode);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).\n * @param appVerifier - The {@link ApplicationVerifier}.\n *\n * @public\n */\nexport async function signInWithPhoneNumber(\n auth: Auth,\n phoneNumber: string,\n appVerifier?: ApplicationVerifier\n): Promise<ConfirmationResult> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n const verificationId = await _verifyPhoneNumber(\n authInternal,\n phoneNumber,\n getModularInstance(appVerifier as ApplicationVerifierInternal)\n );\n return new ConfirmationResultImpl(verificationId, cred =>\n signInWithCredential(authInternal, cred)\n );\n}\n\n/**\n * Links the user account with the given phone number.\n *\n * @remarks\n * This method does not work in a Node.js environment.\n *\n * @param user - The user.\n * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).\n * @param appVerifier - The {@link ApplicationVerifier}.\n *\n * @public\n */\nexport async function linkWithPhoneNumber(\n user: User,\n phoneNumber: string,\n appVerifier?: ApplicationVerifier\n): Promise<ConfirmationResult> {\n const userInternal = getModularInstance(user) as UserInternal;\n await _assertLinkedStatus(false, userInternal, ProviderId.PHONE);\n const verificationId = await _verifyPhoneNumber(\n userInternal.auth,\n phoneNumber,\n getModularInstance(appVerifier as ApplicationVerifierInternal)\n );\n return new ConfirmationResultImpl(verificationId, cred =>\n linkWithCredential(userInternal, cred)\n );\n}\n\n/**\n * Re-authenticates a user using a fresh phone credential.\n *\n * @remarks\n * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.\n *\n * This method does not work in a Node.js environment or on any {@link User} signed in by\n * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @param user - The user.\n * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).\n * @param appVerifier - The {@link ApplicationVerifier}.\n *\n * @public\n */\nexport async function reauthenticateWithPhoneNumber(\n user: User,\n phoneNumber: string,\n appVerifier?: ApplicationVerifier\n): Promise<ConfirmationResult> {\n const userInternal = getModularInstance(user) as UserInternal;\n if (_isFirebaseServerApp(userInternal.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(userInternal.auth)\n );\n }\n const verificationId = await _verifyPhoneNumber(\n userInternal.auth,\n phoneNumber,\n getModularInstance(appVerifier as ApplicationVerifierInternal)\n );\n return new ConfirmationResultImpl(verificationId, cred =>\n reauthenticateWithCredential(userInternal, cred)\n );\n}\n\ntype PhoneApiCaller<TRequest, TResponse> = (\n auth: AuthInternal,\n request: TRequest\n) => Promise<TResponse>;\n\n/**\n * Returns a verification ID to be used in conjunction with the SMS code that is sent.\n *\n */\nexport async function _verifyPhoneNumber(\n auth: AuthInternal,\n options: PhoneInfoOptions | string,\n verifier?: ApplicationVerifierInternal\n): Promise<string> {\n if (!auth._getRecaptchaConfig()) {\n try {\n await _initializeRecaptchaConfig(auth);\n } catch (error) {\n // If an error occurs while fetching the config, there is no way to know the enablement state\n // of Phone provider, so we proceed with recaptcha V2 verification.\n // The error is likely \"recaptchaKey undefined\", as reCAPTCHA Enterprise is not\n // enabled for any provider.\n console.log(\n 'Failed to initialize reCAPTCHA Enterprise config. Triggering the reCAPTCHA v2 verification.'\n );\n }\n }\n\n try {\n let phoneInfoOptions: PhoneInfoOptions;\n\n if (typeof options === 'string') {\n phoneInfoOptions = {\n phoneNumber: options\n };\n } else {\n phoneInfoOptions = options;\n }\n\n if ('session' in phoneInfoOptions) {\n const session = phoneInfoOptions.session as MultiFactorSessionImpl;\n\n if ('phoneNumber' in phoneInfoOptions) {\n _assert(\n session.type === MultiFactorSessionType.ENROLL,\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n\n const startPhoneMfaEnrollmentRequest: StartPhoneMfaEnrollmentRequest = {\n idToken: session.credential,\n phoneEnrollmentInfo: {\n phoneNumber: phoneInfoOptions.phoneNumber,\n clientType: RecaptchaClientType.WEB\n }\n };\n\n const startEnrollPhoneMfaActionCallback: PhoneApiCaller<\n StartPhoneMfaEnrollmentRequest,\n StartPhoneMfaEnrollmentResponse\n > = async (\n authInstance: AuthInternal,\n request: StartPhoneMfaEnrollmentRequest\n ) => {\n // If reCAPTCHA Enterprise token is FAKE_TOKEN, fetch reCAPTCHA v2 token and inject into request.\n if (request.phoneEnrollmentInfo.captchaResponse === FAKE_TOKEN) {\n _assert(\n verifier?.type === RECAPTCHA_VERIFIER_TYPE,\n authInstance,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n const requestWithRecaptchaV2 = await injectRecaptchaV2Token(\n authInstance,\n request,\n verifier\n );\n return startEnrollPhoneMfa(authInstance, requestWithRecaptchaV2);\n }\n return startEnrollPhoneMfa(authInstance, request);\n };\n\n const startPhoneMfaEnrollmentResponse: Promise<StartPhoneMfaEnrollmentResponse> =\n handleRecaptchaFlow(\n auth,\n startPhoneMfaEnrollmentRequest,\n RecaptchaActionName.MFA_SMS_ENROLLMENT,\n startEnrollPhoneMfaActionCallback,\n RecaptchaAuthProvider.PHONE_PROVIDER\n );\n\n const response = await startPhoneMfaEnrollmentResponse.catch(error => {\n return Promise.reject(error);\n });\n\n return response.phoneSessionInfo.sessionInfo;\n } else {\n _assert(\n session.type === MultiFactorSessionType.SIGN_IN,\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const mfaEnrollmentId =\n phoneInfoOptions.multiFactorHint?.uid ||\n phoneInfoOptions.multiFactorUid;\n _assert(mfaEnrollmentId, auth, AuthErrorCode.MISSING_MFA_INFO);\n\n const startPhoneMfaSignInRequest: StartPhoneMfaSignInRequest = {\n mfaPendingCredential: session.credential,\n mfaEnrollmentId,\n phoneSignInInfo: {\n clientType: RecaptchaClientType.WEB\n }\n };\n\n const startSignInPhoneMfaActionCallback: PhoneApiCaller<\n StartPhoneMfaSignInRequest,\n StartPhoneMfaSignInResponse\n > = async (\n authInstance: AuthInternal,\n request: StartPhoneMfaSignInRequest\n ) => {\n // If reCAPTCHA Enterprise token is FAKE_TOKEN, fetch reCAPTCHA v2 token and inject into request.\n if (request.phoneSignInInfo.captchaResponse === FAKE_TOKEN) {\n _assert(\n verifier?.type === RECAPTCHA_VERIFIER_TYPE,\n authInstance,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n const requestWithRecaptchaV2 = await injectRecaptchaV2Token(\n authInstance,\n request,\n verifier\n );\n return startSignInPhoneMfa(authInstance, requestWithRecaptchaV2);\n }\n return startSignInPhoneMfa(authInstance, request);\n };\n\n const startPhoneMfaSignInResponse: Promise<StartPhoneMfaSignInResponse> =\n handleRecaptchaFlow(\n auth,\n startPhoneMfaSignInRequest,\n RecaptchaActionName.MFA_SMS_SIGNIN,\n startSignInPhoneMfaActionCallback,\n RecaptchaAuthProvider.PHONE_PROVIDER\n );\n\n const response = await startPhoneMfaSignInResponse.catch(error => {\n return Promise.reject(error);\n });\n\n return response.phoneResponseInfo.sessionInfo;\n }\n } else {\n const sendPhoneVerificationCodeRequest: SendPhoneVerificationCodeRequest =\n {\n phoneNumber: phoneInfoOptions.phoneNumber,\n clientType: RecaptchaClientType.WEB\n };\n\n const sendPhoneVerificationCodeActionCallback: PhoneApiCaller<\n SendPhoneVerificationCodeRequest,\n SendPhoneVerificationCodeResponse\n > = async (\n authInstance: AuthInternal,\n request: SendPhoneVerificationCodeRequest\n ) => {\n // If reCAPTCHA Enterprise token is FAKE_TOKEN, fetch reCAPTCHA v2 token and inject into request.\n if (request.captchaResponse === FAKE_TOKEN) {\n _assert(\n verifier?.type === RECAPTCHA_VERIFIER_TYPE,\n authInstance,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n const requestWithRecaptchaV2 = await injectRecaptchaV2Token(\n authInstance,\n request,\n verifier\n );\n return sendPhoneVerificationCode(\n authInstance,\n requestWithRecaptchaV2\n );\n }\n return sendPhoneVerificationCode(authInstance, request);\n };\n\n const sendPhoneVerificationCodeResponse: Promise<SendPhoneVerificationCodeResponse> =\n handleRecaptchaFlow(\n auth,\n sendPhoneVerificationCodeRequest,\n RecaptchaActionName.SEND_VERIFICATION_CODE,\n sendPhoneVerificationCodeActionCallback,\n RecaptchaAuthProvider.PHONE_PROVIDER\n );\n\n const response = await sendPhoneVerificationCodeResponse.catch(error => {\n return Promise.reject(error);\n });\n\n return response.sessionInfo;\n }\n } finally {\n verifier?._reset();\n }\n}\n\n/**\n * Updates the user's phone number.\n *\n * @remarks\n * This method does not work in a Node.js environment or on any {@link User} signed in by\n * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```\n * // 'recaptcha-container' is the ID of an element in the DOM.\n * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);\n * // Obtain the verificationCode from the user.\n * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * await updatePhoneNumber(user, phoneCredential);\n * ```\n *\n * @param user - The user.\n * @param credential - A credential authenticating the new phone number.\n *\n * @public\n */\nexport async function updatePhoneNumber(\n user: User,\n credential: PhoneAuthCredential\n): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n if (_isFirebaseServerApp(userInternal.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(userInternal.auth)\n );\n }\n await _link(userInternal, credential);\n}\n\n// Helper function that fetches and injects a reCAPTCHA v2 token into the request.\nexport async function injectRecaptchaV2Token<T extends object>(\n auth: AuthInternal,\n request: T,\n recaptchaV2Verifier: ApplicationVerifierInternal\n): Promise<T> {\n _assert(\n recaptchaV2Verifier.type === RECAPTCHA_VERIFIER_TYPE,\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n const recaptchaV2Token = await recaptchaV2Verifier.verify();\n\n _assert(\n typeof recaptchaV2Token === 'string',\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n const newRequest = { ...request };\n\n if ('phoneEnrollmentInfo' in newRequest) {\n const phoneNumber = (\n newRequest as unknown as StartPhoneMfaEnrollmentRequest\n ).phoneEnrollmentInfo.phoneNumber;\n const captchaResponse = (\n newRequest as unknown as StartPhoneMfaEnrollmentRequest\n ).phoneEnrollmentInfo.captchaResponse;\n const clientType = (newRequest as unknown as StartPhoneMfaEnrollmentRequest)\n .phoneEnrollmentInfo.clientType;\n const recaptchaVersion = (\n newRequest as unknown as StartPhoneMfaEnrollmentRequest\n ).phoneEnrollmentInfo.recaptchaVersion;\n\n Object.assign(newRequest, {\n 'phoneEnrollmentInfo': {\n phoneNumber,\n recaptchaToken: recaptchaV2Token,\n captchaResponse,\n clientType,\n recaptchaVersion\n }\n });\n\n return newRequest;\n } else if ('phoneSignInInfo' in newRequest) {\n const captchaResponse = (\n newRequest as unknown as StartPhoneMfaSignInRequest\n ).phoneSignInInfo.captchaResponse;\n const clientType = (newRequest as unknown as StartPhoneMfaSignInRequest)\n .phoneSignInInfo.clientType;\n const recaptchaVersion = (\n newRequest as unknown as StartPhoneMfaSignInRequest\n ).phoneSignInInfo.recaptchaVersion;\n\n Object.assign(newRequest, {\n 'phoneSignInInfo': {\n recaptchaToken: recaptchaV2Token,\n captchaResponse,\n clientType,\n recaptchaVersion\n }\n });\n\n return newRequest;\n } else {\n Object.assign(newRequest, { 'recaptchaToken': recaptchaV2Token });\n return newRequest;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n PhoneInfoOptions,\n ApplicationVerifier,\n UserCredential\n} from '../../model/public_types';\n\nimport { SignInWithPhoneNumberResponse } from '../../api/authentication/sms';\nimport { ApplicationVerifierInternal as ApplicationVerifierInternal } from '../../model/application_verifier';\nimport { AuthInternal as AuthInternal } from '../../model/auth';\nimport { UserCredentialInternal as UserCredentialInternal } from '../../model/user';\nimport { PhoneAuthCredential } from '../../core/credentials/phone';\nimport { _verifyPhoneNumber } from '../strategies/phone';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { AuthCredential } from '../../core';\nimport { FirebaseError, getModularInstance } from '@firebase/util';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link PhoneAuthCredential}.\n *\n * @remarks\n * `PhoneAuthProvider` does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // 'recaptcha-container' is the ID of an element in the DOM.\n * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);\n * // Obtain the verificationCode from the user.\n * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * const userCredential = await signInWithCredential(auth, phoneCredential);\n * ```\n *\n * @public\n */\nexport class PhoneAuthProvider {\n /** Always set to {@link ProviderId}.PHONE. */\n static readonly PROVIDER_ID: 'phone' = ProviderId.PHONE;\n /** Always set to {@link SignInMethod}.PHONE. */\n static readonly PHONE_SIGN_IN_METHOD: 'phone' = SignInMethod.PHONE;\n\n /** Always set to {@link ProviderId}.PHONE. */\n readonly providerId = PhoneAuthProvider.PROVIDER_ID;\n private readonly auth: AuthInternal;\n\n /**\n * @param auth - The Firebase {@link Auth} instance in which sign-ins should occur.\n *\n */\n constructor(auth: Auth) {\n this.auth = _castAuth(auth);\n }\n\n /**\n *\n * Starts a phone number authentication flow by sending a verification code to the given phone\n * number.\n *\n * @example\n * ```javascript\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber(phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * An alternative flow is provided using the `signInWithPhoneNumber` method.\n * ```javascript\n * const confirmationResult = signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const userCredential = confirmationResult.confirm(verificationCode);\n * ```\n *\n * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in\n * E.164 format (e.g. +16505550101).\n * @param applicationVerifier - An {@link ApplicationVerifier}, which prevents\n * requests from unauthorized clients. This SDK includes an implementation\n * based on reCAPTCHA v2, {@link RecaptchaVerifier}. If you've enabled\n * reCAPTCHA Enterprise bot protection in Enforce mode, this parameter is\n * optional; in all other configurations, the parameter is required.\n *\n * @returns A Promise for a verification ID that can be passed to\n * {@link PhoneAuthProvider.credential} to identify this flow.\n */\n verifyPhoneNumber(\n phoneOptions: PhoneInfoOptions | string,\n applicationVerifier?: ApplicationVerifier\n ): Promise<string> {\n return _verifyPhoneNumber(\n this.auth,\n phoneOptions,\n getModularInstance(applicationVerifier as ApplicationVerifierInternal)\n );\n }\n\n /**\n * Creates a phone auth credential, given the verification ID from\n * {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's\n * mobile device.\n *\n * @example\n * ```javascript\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = provider.verifyPhoneNumber(phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * const userCredential = signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * An alternative flow is provided using the `signInWithPhoneNumber` method.\n * ```javascript\n * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const userCredential = await confirmationResult.confirm(verificationCode);\n * ```\n *\n * @param verificationId - The verification ID returned from {@link PhoneAuthProvider.verifyPhoneNumber}.\n * @param verificationCode - The verification code sent to the user's mobile device.\n *\n * @returns The auth provider credential.\n */\n static credential(\n verificationId: string,\n verificationCode: string\n ): PhoneAuthCredential {\n return PhoneAuthCredential._fromVerification(\n verificationId,\n verificationCode\n );\n }\n\n /**\n * Generates an {@link AuthCredential} from a {@link UserCredential}.\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): AuthCredential | null {\n const credential = userCredential as UserCredentialInternal;\n return PhoneAuthProvider.credentialFromTaggedObject(credential);\n }\n\n /**\n * Returns an {@link AuthCredential} when passed an error.\n *\n * @remarks\n *\n * This method works for errors like\n * `auth/account-exists-with-different-credentials`. This is useful for\n * recovering when attempting to set a user's phone number but the number\n * in question is already tied to another account. For example, the following\n * code tries to update the current user's phone number, and if that\n * fails, links the user with the account associated with that number:\n *\n * ```js\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber(number, verifier);\n * try {\n * const code = ''; // Prompt the user for the verification code\n * await updatePhoneNumber(\n * auth.currentUser,\n * PhoneAuthProvider.credential(verificationId, code));\n * } catch (e) {\n * if ((e as FirebaseError)?.code === 'auth/account-exists-with-different-credential') {\n * const cred = PhoneAuthProvider.credentialFromError(e);\n * await linkWithCredential(auth.currentUser, cred);\n * }\n * }\n *\n * // At this point, auth.currentUser.phoneNumber === number.\n * ```\n *\n * @param error - The error to generate a credential from.\n */\n static credentialFromError(error: FirebaseError): AuthCredential | null {\n return PhoneAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): AuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n const { phoneNumber, temporaryProof } =\n tokenResponse as SignInWithPhoneNumberResponse;\n if (phoneNumber && temporaryProof) {\n return PhoneAuthCredential._fromTokenResponse(\n phoneNumber,\n temporaryProof\n );\n }\n return null;\n }\n}\n", "/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PopupRedirectResolver } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport { PopupRedirectResolverInternal } from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from './assert';\nimport { _getInstance } from './instantiator';\n\n/**\n * Chooses a popup/redirect resolver to use. This prefers the override (which\n * is directly passed in), and falls back to the property set on the auth\n * object. If neither are available, this function errors w/ an argument error.\n */\nexport function _withDefaultResolver(\n auth: AuthInternal,\n resolverOverride: PopupRedirectResolver | undefined\n): PopupRedirectResolverInternal {\n if (resolverOverride) {\n return _getInstance(resolverOverride);\n }\n\n _assert(auth._popupRedirectResolver, auth, AuthErrorCode.ARGUMENT_ERROR);\n\n return auth._popupRedirectResolver;\n}\n", "/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { _link as _linkUser } from '../user/link_unlink';\nimport { _reauthenticate } from '../user/reauthenticate';\nimport { _assert } from '../util/assert';\nimport { _signInWithCredential } from './credential';\nimport { AuthErrorCode } from '../errors';\nimport { ProviderId } from '../../model/enums';\n\nexport interface IdpTaskParams {\n auth: AuthInternal;\n requestUri: string;\n sessionId?: string;\n tenantId?: string;\n postBody?: string;\n pendingToken?: string;\n user?: UserInternal;\n bypassAuthState?: boolean;\n}\n\nexport type IdpTask = (\n params: IdpTaskParams\n) => Promise<UserCredentialInternal>;\n\nclass IdpCredential extends AuthCredential {\n constructor(readonly params: IdpTaskParams) {\n super(ProviderId.CUSTOM, ProviderId.CUSTOM);\n }\n\n _getIdTokenResponse(auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest());\n }\n\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest(idToken));\n }\n\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest());\n }\n\n private _buildIdpRequest(idToken?: string): SignInWithIdpRequest {\n const request: SignInWithIdpRequest = {\n requestUri: this.params.requestUri,\n sessionId: this.params.sessionId,\n postBody: this.params.postBody,\n tenantId: this.params.tenantId,\n pendingToken: this.params.pendingToken,\n returnSecureToken: true,\n returnIdpCredential: true\n };\n\n if (idToken) {\n request.idToken = idToken;\n }\n\n return request;\n }\n}\n\nexport function _signIn(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n return _signInWithCredential(\n params.auth,\n new IdpCredential(params),\n params.bypassAuthState\n ) as Promise<UserCredentialInternal>;\n}\n\nexport function _reauth(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n const { auth, user } = params;\n _assert(user, auth, AuthErrorCode.INTERNAL_ERROR);\n return _reauthenticate(\n user,\n new IdpCredential(params),\n params.bypassAuthState\n );\n}\n\nexport async function _link(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n const { auth, user } = params;\n _assert(user, auth, AuthErrorCode.INTERNAL_ERROR);\n return _linkUser(user, new IdpCredential(params), params.bypassAuthState);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\n\nimport {\n AuthEvent,\n AuthEventConsumer,\n AuthEventType,\n EventManager,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { debugAssert, _fail } from '../util/assert';\nimport {\n _link,\n _reauth,\n _signIn,\n IdpTask,\n IdpTaskParams\n} from '../strategies/idp';\nimport { AuthInternal } from '../../model/auth';\n\ninterface PendingPromise {\n resolve: (cred: UserCredentialInternal | null) => void;\n reject: (error: Error) => void;\n}\n\n/**\n * Popup event manager. Handles the popup's entire lifecycle; listens to auth\n * events\n */\nexport abstract class AbstractPopupRedirectOperation\n implements AuthEventConsumer\n{\n private pendingPromise: PendingPromise | null = null;\n private eventManager: EventManager | null = null;\n readonly filter: AuthEventType[];\n\n abstract eventId: string | null;\n\n constructor(\n protected readonly auth: AuthInternal,\n filter: AuthEventType | AuthEventType[],\n protected readonly resolver: PopupRedirectResolverInternal,\n protected user?: UserInternal,\n protected readonly bypassAuthState = false\n ) {\n this.filter = Array.isArray(filter) ? filter : [filter];\n }\n\n abstract onExecution(): Promise<void>;\n\n execute(): Promise<UserCredentialInternal | null> {\n return new Promise<UserCredentialInternal | null>(\n async (resolve, reject) => {\n this.pendingPromise = { resolve, reject };\n\n try {\n this.eventManager = await this.resolver._initialize(this.auth);\n await this.onExecution();\n this.eventManager.registerConsumer(this);\n } catch (e) {\n this.reject(e as Error);\n }\n }\n );\n }\n\n async onAuthEvent(event: AuthEvent): Promise<void> {\n const { urlResponse, sessionId, postBody, tenantId, error, type } = event;\n if (error) {\n this.reject(error);\n return;\n }\n\n const params: IdpTaskParams = {\n auth: this.auth,\n requestUri: urlResponse!,\n sessionId: sessionId!,\n tenantId: tenantId || undefined,\n postBody: postBody || undefined,\n user: this.user,\n bypassAuthState: this.bypassAuthState\n };\n\n try {\n this.resolve(await this.getIdpTask(type)(params));\n } catch (e) {\n this.reject(e as Error);\n }\n }\n\n onError(error: FirebaseError): void {\n this.reject(error);\n }\n\n private getIdpTask(type: AuthEventType): IdpTask {\n switch (type) {\n case AuthEventType.SIGN_IN_VIA_POPUP:\n case AuthEventType.SIGN_IN_VIA_REDIRECT:\n return _signIn;\n case AuthEventType.LINK_VIA_POPUP:\n case AuthEventType.LINK_VIA_REDIRECT:\n return _link;\n case AuthEventType.REAUTH_VIA_POPUP:\n case AuthEventType.REAUTH_VIA_REDIRECT:\n return _reauth;\n default:\n _fail(this.auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n protected resolve(cred: UserCredentialInternal | null): void {\n debugAssert(this.pendingPromise, 'Pending promise was never set');\n this.pendingPromise.resolve(cred);\n this.unregisterAndCleanUp();\n }\n\n protected reject(error: Error): void {\n debugAssert(this.pendingPromise, 'Pending promise was never set');\n this.pendingPromise.reject(error);\n this.unregisterAndCleanUp();\n }\n\n private unregisterAndCleanUp(): void {\n if (this.eventManager) {\n this.eventManager.unregisterConsumer(this);\n }\n\n this.pendingPromise = null;\n this.cleanUp();\n }\n\n abstract cleanUp(): void;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n AuthProvider,\n PopupRedirectResolver,\n User,\n UserCredential\n} from '../../model/public_types';\n\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { AuthErrorCode } from '../../core/errors';\nimport {\n _assert,\n debugAssert,\n _createError,\n _assertInstanceOf\n} from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { _generateEventId } from '../../core/util/event_id';\nimport { AuthInternal } from '../../model/auth';\nimport {\n AuthEventType,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport { _withDefaultResolver } from '../../core/util/resolver';\nimport { AuthPopup } from '../util/popup';\nimport { AbstractPopupRedirectOperation } from '../../core/strategies/abstract_popup_redirect_operation';\nimport { FederatedAuthProvider } from '../../core/providers/federated';\nimport { getModularInstance } from '@firebase/util';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\n/*\n * The event timeout is the same on mobile and desktop, no need for Delay. Set this to 8s since\n * blocking functions can take upto 7s to complete sign in, as documented in:\n * https://cloud.google.com/identity-platform/docs/blocking-functions#understanding_blocking_functions\n * https://firebase.google.com/docs/auth/extend-with-blocking-functions#understanding_blocking_functions\n */\nexport const enum _Timeout {\n AUTH_EVENT = 8000\n}\nexport const _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);\n\n/**\n * Authenticates a Firebase client using a popup-based OAuth authentication flow.\n *\n * @remarks\n * If succeeds, returns the signed in user along with the provider's credential. If sign in was\n * unsuccessful, returns an error object containing additional information about the error.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new FacebookAuthProvider();\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function signInWithPopup(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _createError(auth, AuthErrorCode.OPERATION_NOT_SUPPORTED)\n );\n }\n const authInternal = _castAuth(auth);\n _assertInstanceOf(auth, provider, FederatedAuthProvider);\n const resolverInternal = _withDefaultResolver(authInternal, resolver);\n const action = new PopupOperation(\n authInternal,\n AuthEventType.SIGN_IN_VIA_POPUP,\n provider,\n resolverInternal\n );\n return action.executeNotNull();\n}\n\n/**\n * Reauthenticates the current user with the specified {@link OAuthProvider} using a pop-up based\n * OAuth flow.\n *\n * @remarks\n * If the reauthentication is successful, the returned result will contain the user and the\n * provider's credential.\n *\n * This method does not work in a Node.js environment or on any {@link User} signed in by\n * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new FacebookAuthProvider();\n * const result = await signInWithPopup(auth, provider);\n * // Reauthenticate using a popup.\n * await reauthenticateWithPopup(result.user, provider);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function reauthenticateWithPopup(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential> {\n const userInternal = getModularInstance(user) as UserInternal;\n if (_isFirebaseServerApp(userInternal.auth.app)) {\n return Promise.reject(\n _createError(userInternal.auth, AuthErrorCode.OPERATION_NOT_SUPPORTED)\n );\n }\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n const action = new PopupOperation(\n userInternal.auth,\n AuthEventType.REAUTH_VIA_POPUP,\n provider,\n resolverInternal,\n userInternal\n );\n return action.executeNotNull();\n}\n\n/**\n * Links the authenticated provider to the user account using a pop-up based OAuth flow.\n *\n * @remarks\n * If the linking is successful, the returned result will contain the user and the provider's credential.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using some other provider.\n * const result = await signInWithEmailAndPassword(auth, email, password);\n * // Link using a popup.\n * const provider = new FacebookAuthProvider();\n * await linkWithPopup(result.user, provider);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function linkWithPopup(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n\n const action = new PopupOperation(\n userInternal.auth,\n AuthEventType.LINK_VIA_POPUP,\n provider,\n resolverInternal,\n userInternal\n );\n return action.executeNotNull();\n}\n\n/**\n * Popup event manager. Handles the popup's entire lifecycle; listens to auth\n * events\n *\n */\nclass PopupOperation extends AbstractPopupRedirectOperation {\n // Only one popup is ever shown at once. The lifecycle of the current popup\n // can be managed / cancelled by the constructor.\n private static currentPopupAction: PopupOperation | null = null;\n private authWindow: AuthPopup | null = null;\n private pollId: number | null = null;\n\n constructor(\n auth: AuthInternal,\n filter: AuthEventType,\n private readonly provider: AuthProvider,\n resolver: PopupRedirectResolverInternal,\n user?: UserInternal\n ) {\n super(auth, filter, resolver, user);\n if (PopupOperation.currentPopupAction) {\n PopupOperation.currentPopupAction.cancel();\n }\n\n PopupOperation.currentPopupAction = this;\n }\n\n async executeNotNull(): Promise<UserCredential> {\n const result = await this.execute();\n _assert(result, this.auth, AuthErrorCode.INTERNAL_ERROR);\n return result;\n }\n\n async onExecution(): Promise<void> {\n debugAssert(\n this.filter.length === 1,\n 'Popup operations only handle one event'\n );\n const eventId = _generateEventId();\n this.authWindow = await this.resolver._openPopup(\n this.auth,\n this.provider,\n this.filter[0], // There's always one, see constructor\n eventId\n );\n this.authWindow.associatedEvent = eventId;\n\n // Check for web storage support and origin validation _after_ the popup is\n // loaded. These operations are slow (~1 second or so) Rather than\n // waiting on them before opening the window, optimistically open the popup\n // and check for storage support at the same time. If storage support is\n // not available, this will cause the whole thing to reject properly. It\n // will also close the popup, but since the promise has already rejected,\n // the popup closed by user poll will reject into the void.\n this.resolver._originValidation(this.auth).catch(e => {\n this.reject(e);\n });\n\n this.resolver._isIframeWebStorageSupported(this.auth, isSupported => {\n if (!isSupported) {\n this.reject(\n _createError(this.auth, AuthErrorCode.WEB_STORAGE_UNSUPPORTED)\n );\n }\n });\n\n // Handle user closure. Notice this does *not* use await\n this.pollUserCancellation();\n }\n\n get eventId(): string | null {\n return this.authWindow?.associatedEvent || null;\n }\n\n cancel(): void {\n this.reject(_createError(this.auth, AuthErrorCode.EXPIRED_POPUP_REQUEST));\n }\n\n cleanUp(): void {\n if (this.authWindow) {\n this.authWindow.close();\n }\n\n if (this.pollId) {\n window.clearTimeout(this.pollId);\n }\n\n this.authWindow = null;\n this.pollId = null;\n PopupOperation.currentPopupAction = null;\n }\n\n private pollUserCancellation(): void {\n const poll = (): void => {\n if (this.authWindow?.window?.closed) {\n // Make sure that there is sufficient time for whatever action to\n // complete. The window could have closed but the sign in network\n // call could still be in flight. This is specifically true for\n // Firefox or if the opener is in an iframe, in which case the oauth\n // helper closes the popup.\n this.pollId = window.setTimeout(() => {\n this.pollId = null;\n this.reject(\n _createError(this.auth, AuthErrorCode.POPUP_CLOSED_BY_USER)\n );\n }, _Timeout.AUTH_EVENT);\n return;\n }\n\n this.pollId = window.setTimeout(poll, _POLL_WINDOW_CLOSE_TIMEOUT.get());\n };\n\n poll();\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthInternal } from '../../model/auth';\nimport {\n AuthEvent,\n AuthEventType,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserCredentialInternal } from '../../model/user';\nimport { PersistenceInternal } from '../persistence';\nimport { _persistenceKeyName } from '../persistence/persistence_user_manager';\nimport { _getInstance } from '../util/instantiator';\nimport { AbstractPopupRedirectOperation } from './abstract_popup_redirect_operation';\n\nconst PENDING_REDIRECT_KEY = 'pendingRedirect';\n\n// We only get one redirect outcome for any one auth, so just store it\n// in here.\nconst redirectOutcomeMap: Map<\n string,\n () => Promise<UserCredentialInternal | null>\n> = new Map();\n\nexport class RedirectAction extends AbstractPopupRedirectOperation {\n eventId = null;\n\n constructor(\n auth: AuthInternal,\n resolver: PopupRedirectResolverInternal,\n bypassAuthState = false\n ) {\n super(\n auth,\n [\n AuthEventType.SIGN_IN_VIA_REDIRECT,\n AuthEventType.LINK_VIA_REDIRECT,\n AuthEventType.REAUTH_VIA_REDIRECT,\n AuthEventType.UNKNOWN\n ],\n resolver,\n undefined,\n bypassAuthState\n );\n }\n\n /**\n * Override the execute function; if we already have a redirect result, then\n * just return it.\n */\n async execute(): Promise<UserCredentialInternal | null> {\n let readyOutcome = redirectOutcomeMap.get(this.auth._key());\n if (!readyOutcome) {\n try {\n const hasPendingRedirect = await _getAndClearPendingRedirectStatus(\n this.resolver,\n this.auth\n );\n const result = hasPendingRedirect ? await super.execute() : null;\n readyOutcome = () => Promise.resolve(result);\n } catch (e) {\n readyOutcome = () => Promise.reject(e);\n }\n\n redirectOutcomeMap.set(this.auth._key(), readyOutcome);\n }\n\n // If we're not bypassing auth state, the ready outcome should be set to\n // null.\n if (!this.bypassAuthState) {\n redirectOutcomeMap.set(this.auth._key(), () => Promise.resolve(null));\n }\n\n return readyOutcome();\n }\n\n async onAuthEvent(event: AuthEvent): Promise<void> {\n if (event.type === AuthEventType.SIGN_IN_VIA_REDIRECT) {\n return super.onAuthEvent(event);\n } else if (event.type === AuthEventType.UNKNOWN) {\n // This is a sentinel value indicating there's no pending redirect\n this.resolve(null);\n return;\n }\n\n if (event.eventId) {\n const user = await this.auth._redirectUserForId(event.eventId);\n if (user) {\n this.user = user;\n return super.onAuthEvent(event);\n } else {\n this.resolve(null);\n }\n }\n }\n\n async onExecution(): Promise<void> {}\n\n cleanUp(): void {}\n}\n\nexport async function _getAndClearPendingRedirectStatus(\n resolver: PopupRedirectResolverInternal,\n auth: AuthInternal\n): Promise<boolean> {\n const key = pendingRedirectKey(auth);\n const persistence = resolverPersistence(resolver);\n if (!(await persistence._isAvailable())) {\n return false;\n }\n const hasPendingRedirect = (await persistence._get(key)) === 'true';\n await persistence._remove(key);\n return hasPendingRedirect;\n}\n\nexport async function _setPendingRedirectStatus(\n resolver: PopupRedirectResolverInternal,\n auth: AuthInternal\n): Promise<void> {\n return resolverPersistence(resolver)._set(pendingRedirectKey(auth), 'true');\n}\n\nexport function _clearRedirectOutcomes(): void {\n redirectOutcomeMap.clear();\n}\n\nexport function _overrideRedirectResult(\n auth: AuthInternal,\n result: () => Promise<UserCredentialInternal | null>\n): void {\n redirectOutcomeMap.set(auth._key(), result);\n}\n\nfunction resolverPersistence(\n resolver: PopupRedirectResolverInternal\n): PersistenceInternal {\n return _getInstance(resolver._redirectPersistence);\n}\n\nfunction pendingRedirectKey(auth: AuthInternal): string {\n return _persistenceKeyName(\n PENDING_REDIRECT_KEY,\n auth.config.apiKey,\n auth.name\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n AuthProvider,\n PopupRedirectResolver,\n User,\n UserCredential\n} from '../../model/public_types';\n\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { _assertLinkedStatus } from '../../core/user/link_unlink';\nimport {\n _assertInstanceOf,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../../core/util/assert';\nimport { _generateEventId } from '../../core/util/event_id';\nimport { AuthEventType } from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport { _withDefaultResolver } from '../../core/util/resolver';\nimport {\n RedirectAction,\n _setPendingRedirectStatus\n} from '../../core/strategies/redirect';\nimport { FederatedAuthProvider } from '../../core/providers/federated';\nimport { getModularInstance } from '@firebase/util';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\n/**\n * Authenticates a Firebase client using a full-page redirect flow.\n *\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link signInWithRedirect}.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // You can add additional scopes to the provider:\n * provider.addScope('user_birthday');\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * // As this API can be used for sign-in, linking and reauthentication,\n * // check the operationType to determine what triggered this redirect\n * // operation.\n * const operationType = result.operationType;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function signInWithRedirect(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _signInWithRedirect(auth, provider, resolver) as Promise<never>;\n}\n\nexport async function _signInWithRedirect(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n _assertInstanceOf(auth, provider, FederatedAuthProvider);\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await authInternal._initializationPromise;\n const resolverInternal = _withDefaultResolver(authInternal, resolver);\n await _setPendingRedirectStatus(resolverInternal, authInternal);\n\n return resolverInternal._openRedirect(\n authInternal,\n provider,\n AuthEventType.SIGN_IN_VIA_REDIRECT\n );\n}\n\n/**\n * Reauthenticates the current user with the specified {@link OAuthProvider} using a full-page redirect flow.\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link reauthenticateWithRedirect}.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * const result = await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * // Reauthenticate using a redirect.\n * await reauthenticateWithRedirect(result.user, provider);\n * // This will again trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function reauthenticateWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _reauthenticateWithRedirect(\n user,\n provider,\n resolver\n ) as Promise<never>;\n}\nexport async function _reauthenticateWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n if (_isFirebaseServerApp(userInternal.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(userInternal.auth)\n );\n }\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await userInternal.auth._initializationPromise;\n // Allow the resolver to error before persisting the redirect user\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n await _setPendingRedirectStatus(resolverInternal, userInternal.auth);\n\n const eventId = await prepareUserForRedirect(userInternal);\n return resolverInternal._openRedirect(\n userInternal.auth,\n provider,\n AuthEventType.REAUTH_VIA_REDIRECT,\n eventId\n );\n}\n\n/**\n * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link linkWithRedirect}.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using some other provider.\n * const result = await signInWithEmailAndPassword(auth, email, password);\n * // Link using a redirect.\n * const provider = new FacebookAuthProvider();\n * await linkWithRedirect(result.user, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function linkWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _linkWithRedirect(user, provider, resolver) as Promise<never>;\n}\nexport async function _linkWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await userInternal.auth._initializationPromise;\n // Allow the resolver to error before persisting the redirect user\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n await _assertLinkedStatus(false, userInternal, provider.providerId);\n await _setPendingRedirectStatus(resolverInternal, userInternal.auth);\n\n const eventId = await prepareUserForRedirect(userInternal);\n return resolverInternal._openRedirect(\n userInternal.auth,\n provider,\n AuthEventType.LINK_VIA_REDIRECT,\n eventId\n );\n}\n\n/**\n * Returns a {@link UserCredential} from the redirect-based sign-in flow.\n *\n * @remarks\n * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an\n * error. If no redirect operation was called, returns `null`.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // You can add additional scopes to the provider:\n * provider.addScope('user_birthday');\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * // As this API can be used for sign-in, linking and reauthentication,\n * // check the operationType to determine what triggered this redirect\n * // operation.\n * const operationType = result.operationType;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function getRedirectResult(\n auth: Auth,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential | null> {\n await _castAuth(auth)._initializationPromise;\n return _getRedirectResult(auth, resolver, false);\n}\n\nexport async function _getRedirectResult(\n auth: Auth,\n resolverExtern?: PopupRedirectResolver,\n bypassAuthState = false\n): Promise<UserCredential | null> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n const resolver = _withDefaultResolver(authInternal, resolverExtern);\n const action = new RedirectAction(authInternal, resolver, bypassAuthState);\n const result = await action.execute();\n\n if (result && !bypassAuthState) {\n delete result.user._redirectEventId;\n await authInternal._persistUserIfCurrent(result.user as UserInternal);\n await authInternal._setRedirectUser(null, resolverExtern);\n }\n\n return result;\n}\n\nasync function prepareUserForRedirect(user: UserInternal): Promise<string> {\n const eventId = _generateEventId(`${user.uid}:::`);\n user._redirectEventId = eventId;\n await user.auth._setRedirectUser(user);\n await user.auth._persistUserIfCurrent(user);\n return eventId;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthEvent,\n AuthEventConsumer,\n AuthEventType,\n EventManager\n} from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { AuthInternal } from '../../model/auth';\nimport { _createError } from '../util/assert';\n\n// The amount of time to store the UIDs of seen events; this is\n// set to 10 min by default\nconst EVENT_DUPLICATION_CACHE_DURATION_MS = 10 * 60 * 1000;\n\nexport class AuthEventManager implements EventManager {\n private readonly cachedEventUids: Set<string> = new Set();\n private readonly consumers: Set<AuthEventConsumer> = new Set();\n protected queuedRedirectEvent: AuthEvent | null = null;\n protected hasHandledPotentialRedirect = false;\n private lastProcessedEventTime = Date.now();\n\n constructor(private readonly auth: AuthInternal) {}\n\n registerConsumer(authEventConsumer: AuthEventConsumer): void {\n this.consumers.add(authEventConsumer);\n\n if (\n this.queuedRedirectEvent &&\n this.isEventForConsumer(this.queuedRedirectEvent, authEventConsumer)\n ) {\n this.sendToConsumer(this.queuedRedirectEvent, authEventConsumer);\n this.saveEventToCache(this.queuedRedirectEvent);\n this.queuedRedirectEvent = null;\n }\n }\n\n unregisterConsumer(authEventConsumer: AuthEventConsumer): void {\n this.consumers.delete(authEventConsumer);\n }\n\n onEvent(event: AuthEvent): boolean {\n // Check if the event has already been handled\n if (this.hasEventBeenHandled(event)) {\n return false;\n }\n\n let handled = false;\n this.consumers.forEach(consumer => {\n if (this.isEventForConsumer(event, consumer)) {\n handled = true;\n this.sendToConsumer(event, consumer);\n this.saveEventToCache(event);\n }\n });\n\n if (this.hasHandledPotentialRedirect || !isRedirectEvent(event)) {\n // If we've already seen a redirect before, or this is a popup event,\n // bail now\n return handled;\n }\n\n this.hasHandledPotentialRedirect = true;\n\n // If the redirect wasn't handled, hang on to it\n if (!handled) {\n this.queuedRedirectEvent = event;\n handled = true;\n }\n\n return handled;\n }\n\n private sendToConsumer(event: AuthEvent, consumer: AuthEventConsumer): void {\n if (event.error && !isNullRedirectEvent(event)) {\n const code =\n (event.error.code?.split('auth/')[1] as AuthErrorCode) ||\n AuthErrorCode.INTERNAL_ERROR;\n consumer.onError(_createError(this.auth, code));\n } else {\n consumer.onAuthEvent(event);\n }\n }\n\n private isEventForConsumer(\n event: AuthEvent,\n consumer: AuthEventConsumer\n ): boolean {\n const eventIdMatches =\n consumer.eventId === null ||\n (!!event.eventId && event.eventId === consumer.eventId);\n return consumer.filter.includes(event.type) && eventIdMatches;\n }\n\n private hasEventBeenHandled(event: AuthEvent): boolean {\n if (\n Date.now() - this.lastProcessedEventTime >=\n EVENT_DUPLICATION_CACHE_DURATION_MS\n ) {\n this.cachedEventUids.clear();\n }\n\n return this.cachedEventUids.has(eventUid(event));\n }\n\n private saveEventToCache(event: AuthEvent): void {\n this.cachedEventUids.add(eventUid(event));\n this.lastProcessedEventTime = Date.now();\n }\n}\n\nfunction eventUid(e: AuthEvent): string {\n return [e.type, e.eventId, e.sessionId, e.tenantId].filter(v => v).join('-');\n}\n\nfunction isNullRedirectEvent({ type, error }: AuthEvent): boolean {\n return (\n type === AuthEventType.UNKNOWN &&\n error?.code === `auth/${AuthErrorCode.NO_AUTH_EVENT}`\n );\n}\n\nfunction isRedirectEvent(event: AuthEvent): boolean {\n switch (event.type) {\n case AuthEventType.SIGN_IN_VIA_REDIRECT:\n case AuthEventType.LINK_VIA_REDIRECT:\n case AuthEventType.REAUTH_VIA_REDIRECT:\n return true;\n case AuthEventType.UNKNOWN:\n return isNullRedirectEvent(event);\n default:\n return false;\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _performApiRequest, Endpoint, HttpMethod } from '../index';\nimport { Auth } from '../../model/public_types';\n\nexport interface GetProjectConfigRequest {\n androidPackageName?: string;\n iosBundleId?: string;\n}\n\nexport interface GetProjectConfigResponse {\n authorizedDomains: string[];\n}\n\nexport async function _getProjectConfig(\n auth: Auth,\n request: GetProjectConfigRequest = {}\n): Promise<GetProjectConfigResponse> {\n return _performApiRequest<GetProjectConfigRequest, GetProjectConfigResponse>(\n auth,\n HttpMethod.GET,\n Endpoint.GET_PROJECT_CONFIG,\n request\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _getProjectConfig } from '../../api/project_config/get_project_config';\nimport { AuthInternal } from '../../model/auth';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from './assert';\nimport { _getCurrentUrl } from './location';\n\nconst IP_ADDRESS_REGEX = /^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/;\nconst HTTP_REGEX = /^https?/;\n\nexport async function _validateOrigin(auth: AuthInternal): Promise<void> {\n // Skip origin validation if we are in an emulated environment\n if (auth.config.emulator) {\n return;\n }\n\n const { authorizedDomains } = await _getProjectConfig(auth);\n\n for (const domain of authorizedDomains) {\n try {\n if (matchDomain(domain)) {\n return;\n }\n } catch {\n // Do nothing if there's a URL error; just continue searching\n }\n }\n\n // In the old SDK, this error also provides helpful messages.\n _fail(auth, AuthErrorCode.INVALID_ORIGIN);\n}\n\nfunction matchDomain(expected: string): boolean {\n const currentUrl = _getCurrentUrl();\n const { protocol, hostname } = new URL(currentUrl);\n if (expected.startsWith('chrome-extension://')) {\n const ceUrl = new URL(expected);\n\n if (ceUrl.hostname === '' && hostname === '') {\n // For some reason we're not parsing chrome URLs properly\n return (\n protocol === 'chrome-extension:' &&\n expected.replace('chrome-extension://', '') ===\n currentUrl.replace('chrome-extension://', '')\n );\n }\n\n return protocol === 'chrome-extension:' && ceUrl.hostname === hostname;\n }\n\n if (!HTTP_REGEX.test(protocol)) {\n return false;\n }\n\n if (IP_ADDRESS_REGEX.test(expected)) {\n // The domain has to be exactly equal to the pattern, as an IP domain will\n // only contain the IP, no extra character.\n return hostname === expected;\n }\n\n // Dots in pattern should be escaped.\n const escapedDomainPattern = expected.replace(/\\./g, '\\\\.');\n // Non ip address domains.\n // domain.com = *.domain.com OR domain.com\n const re = new RegExp(\n '^(.+\\\\.' + escapedDomainPattern + '|' + escapedDomainPattern + ')$',\n 'i'\n );\n return re.test(hostname);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _createError } from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport * as js from '../load_js';\n\nconst NETWORK_TIMEOUT = new Delay(30000, 60000);\n\n/**\n * Reset unloaded GApi modules. If gapi.load fails due to a network error,\n * it will stop working after a retrial. This is a hack to fix this issue.\n */\nfunction resetUnloadedGapiModules(): void {\n // Clear last failed gapi.load state to force next gapi.load to first\n // load the failed gapi.iframes module.\n // Get gapix.beacon context.\n const beacon = _window().___jsl;\n // Get current hint.\n if (beacon?.H) {\n // Get gapi hint.\n for (const hint of Object.keys(beacon.H)) {\n // Requested modules.\n beacon.H[hint].r = beacon.H[hint].r || [];\n // Loaded modules.\n beacon.H[hint].L = beacon.H[hint].L || [];\n // Set requested modules to a copy of the loaded modules.\n beacon.H[hint].r = [...beacon.H[hint].L];\n // Clear pending callbacks.\n if (beacon.CP) {\n for (let i = 0; i < beacon.CP.length; i++) {\n // Remove all failed pending callbacks.\n beacon.CP[i] = null;\n }\n }\n }\n }\n}\n\nfunction loadGapi(auth: AuthInternal): Promise<gapi.iframes.Context> {\n return new Promise<gapi.iframes.Context>((resolve, reject) => {\n // Function to run when gapi.load is ready.\n function loadGapiIframe(): void {\n // The developer may have tried to previously run gapi.load and failed.\n // Run this to fix that.\n resetUnloadedGapiModules();\n gapi.load('gapi.iframes', {\n callback: () => {\n resolve(gapi.iframes.getContext());\n },\n ontimeout: () => {\n // The above reset may be sufficient, but having this reset after\n // failure ensures that if the developer calls gapi.load after the\n // connection is re-established and before another attempt to embed\n // the iframe, it would work and would not be broken because of our\n // failed attempt.\n // Timeout when gapi.iframes.Iframe not loaded.\n resetUnloadedGapiModules();\n reject(_createError(auth, AuthErrorCode.NETWORK_REQUEST_FAILED));\n },\n timeout: NETWORK_TIMEOUT.get()\n });\n }\n\n if (_window().gapi?.iframes?.Iframe) {\n // If gapi.iframes.Iframe available, resolve.\n resolve(gapi.iframes.getContext());\n } else if (!!_window().gapi?.load) {\n // Gapi loader ready, load gapi.iframes.\n loadGapiIframe();\n } else {\n // Create a new iframe callback when this is called so as not to overwrite\n // any previous defined callback. This happens if this method is called\n // multiple times in parallel and could result in the later callback\n // overwriting the previous one. This would end up with a iframe\n // timeout.\n const cbName = js._generateCallbackName('iframefcb');\n // GApi loader not available, dynamically load platform.js.\n _window()[cbName] = () => {\n // GApi loader should be ready.\n if (!!gapi.load) {\n loadGapiIframe();\n } else {\n // Gapi loader failed, throw error.\n reject(_createError(auth, AuthErrorCode.NETWORK_REQUEST_FAILED));\n }\n };\n // Load GApi loader.\n return js\n ._loadJS(`${js._gapiScriptUrl()}?onload=${cbName}`)\n .catch(e => reject(e));\n }\n }).catch(error => {\n // Reset cached promise to allow for retrial.\n cachedGApiLoader = null;\n throw error;\n });\n}\n\nlet cachedGApiLoader: Promise<gapi.iframes.Context> | null = null;\nexport function _loadGapi(auth: AuthInternal): Promise<gapi.iframes.Context> {\n cachedGApiLoader = cachedGApiLoader || loadGapi(auth);\n return cachedGApiLoader;\n}\n\nexport function _resetLoader(): void {\n cachedGApiLoader = null;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { querystring } from '@firebase/util';\nimport { DefaultConfig } from '../../../internal';\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert, _createError } from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { _emulatorUrl } from '../../core/util/emulator';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport * as gapiLoader from './gapi';\n\nconst PING_TIMEOUT = new Delay(5000, 15000);\nconst IFRAME_PATH = '__/auth/iframe';\nconst EMULATED_IFRAME_PATH = 'emulator/auth/iframe';\n\nconst IFRAME_ATTRIBUTES = {\n style: {\n position: 'absolute',\n top: '-100px',\n width: '1px',\n height: '1px'\n },\n 'aria-hidden': 'true',\n tabindex: '-1'\n};\n\n// Map from apiHost to endpoint ID for passing into iframe. In current SDK, apiHost can be set to\n// anything (not from a list of endpoints with IDs as in legacy), so this is the closest we can get.\nconst EID_FROM_APIHOST = new Map([\n [DefaultConfig.API_HOST, 'p'], // production\n ['staging-identitytoolkit.sandbox.googleapis.com', 's'], // staging\n ['test-identitytoolkit.sandbox.googleapis.com', 't'] // test\n]);\n\nfunction getIframeUrl(auth: AuthInternal): string {\n const config = auth.config;\n _assert(config.authDomain, auth, AuthErrorCode.MISSING_AUTH_DOMAIN);\n const url = config.emulator\n ? _emulatorUrl(config, EMULATED_IFRAME_PATH)\n : `https://${auth.config.authDomain}/${IFRAME_PATH}`;\n\n const params: Record<string, string> = {\n apiKey: config.apiKey,\n appName: auth.name,\n v: SDK_VERSION\n };\n const eid = EID_FROM_APIHOST.get(auth.config.apiHost);\n if (eid) {\n params.eid = eid;\n }\n const frameworks = auth._getFrameworks();\n if (frameworks.length) {\n params.fw = frameworks.join(',');\n }\n return `${url}?${querystring(params).slice(1)}`;\n}\n\nexport async function _openIframe(\n auth: AuthInternal\n): Promise<gapi.iframes.Iframe> {\n const context = await gapiLoader._loadGapi(auth);\n const gapi = _window().gapi;\n _assert(gapi, auth, AuthErrorCode.INTERNAL_ERROR);\n return context.open(\n {\n where: document.body,\n url: getIframeUrl(auth),\n messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER,\n attributes: IFRAME_ATTRIBUTES,\n dontclear: true\n },\n (iframe: gapi.iframes.Iframe) =>\n new Promise(async (resolve, reject) => {\n await iframe.restyle({\n // Prevent iframe from closing on mouse out.\n setHideOnLeave: false\n });\n\n const networkError = _createError(\n auth,\n AuthErrorCode.NETWORK_REQUEST_FAILED\n );\n // Confirm iframe is correctly loaded.\n // To fallback on failure, set a timeout.\n const networkErrorTimer = _window().setTimeout(() => {\n reject(networkError);\n }, PING_TIMEOUT.get());\n // Clear timer and resolve pending iframe ready promise.\n function clearTimerAndResolve(): void {\n _window().clearTimeout(networkErrorTimer);\n resolve(iframe);\n }\n // This returns an IThenable. However the reject part does not call\n // when the iframe is not loaded.\n iframe.ping(clearTimerAndResolve).then(clearTimerAndResolve, () => {\n reject(networkError);\n });\n })\n );\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getUA } from '@firebase/util';\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\nimport {\n _isChromeIOS,\n _isFirefox,\n _isIOSStandalone\n} from '../../core/util/browser';\nimport { AuthInternal } from '../../model/auth';\n\nconst BASE_POPUP_OPTIONS = {\n location: 'yes',\n resizable: 'yes',\n statusbar: 'yes',\n toolbar: 'no'\n};\n\nconst DEFAULT_WIDTH = 500;\nconst DEFAULT_HEIGHT = 600;\nconst TARGET_BLANK = '_blank';\n\nconst FIREFOX_EMPTY_URL = 'http://localhost';\n\nexport class AuthPopup {\n associatedEvent: string | null = null;\n\n constructor(readonly window: Window | null) {}\n\n close(): void {\n if (this.window) {\n try {\n this.window.close();\n } catch (e) {}\n }\n }\n}\n\nexport function _open(\n auth: AuthInternal,\n url?: string,\n name?: string,\n width = DEFAULT_WIDTH,\n height = DEFAULT_HEIGHT\n): AuthPopup {\n const top = Math.max((window.screen.availHeight - height) / 2, 0).toString();\n const left = Math.max((window.screen.availWidth - width) / 2, 0).toString();\n let target = '';\n\n const options: { [key: string]: string } = {\n ...BASE_POPUP_OPTIONS,\n width: width.toString(),\n height: height.toString(),\n top,\n left\n };\n\n // Chrome iOS 7 and 8 is returning an undefined popup win when target is\n // specified, even though the popup is not necessarily blocked.\n const ua = getUA().toLowerCase();\n\n if (name) {\n target = _isChromeIOS(ua) ? TARGET_BLANK : name;\n }\n\n if (_isFirefox(ua)) {\n // Firefox complains when invalid URLs are popped out. Hacky way to bypass.\n url = url || FIREFOX_EMPTY_URL;\n // Firefox disables by default scrolling on popup windows, which can create\n // issues when the user has many Google accounts, for instance.\n options.scrollbars = 'yes';\n }\n\n const optionsString = Object.entries(options).reduce(\n (accum, [key, value]) => `${accum}${key}=${value},`,\n ''\n );\n\n if (_isIOSStandalone(ua) && target !== '_self') {\n openAsNewWindowIOS(url || '', target);\n return new AuthPopup(null);\n }\n\n // about:blank getting sanitized causing browsers like IE/Edge to display\n // brief error message before redirecting to handler.\n const newWin = window.open(url || '', target, optionsString);\n _assert(newWin, auth, AuthErrorCode.POPUP_BLOCKED);\n\n // Flaky on IE edge, encapsulate with a try and catch.\n try {\n newWin.focus();\n } catch (e) {}\n\n return new AuthPopup(newWin);\n}\n\nfunction openAsNewWindowIOS(url: string, target: string): void {\n const el = document.createElement('a');\n el.href = url;\n el.target = target;\n const click = document.createEvent('MouseEvent');\n click.initMouseEvent(\n 'click',\n true,\n true,\n window,\n 1,\n 0,\n 0,\n 0,\n 0,\n false,\n false,\n false,\n false,\n 1,\n null\n );\n el.dispatchEvent(click);\n}\n", "/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { AuthProvider } from '../../model/public_types';\nimport { ApiKey, AppName, AuthInternal } from '../../model/auth';\nimport { AuthEventType } from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from './assert';\nimport { isEmpty, querystring } from '@firebase/util';\nimport { _emulatorUrl } from './emulator';\nimport { FederatedAuthProvider } from '../providers/federated';\nimport { BaseOAuthProvider } from '../providers/oauth';\n\n/**\n * URL for Authentication widget which will initiate the OAuth handshake\n *\n * @internal\n */\nconst WIDGET_PATH = '__/auth/handler';\n\n/**\n * URL for emulated environment\n *\n * @internal\n */\nconst EMULATOR_WIDGET_PATH = 'emulator/auth/handler';\n\n/**\n * Fragment name for the App Check token that gets passed to the widget\n *\n * @internal\n */\nconst FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');\n\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\ntype WidgetParams = {\n apiKey: ApiKey;\n appName: AppName;\n authType: AuthEventType;\n redirectUrl?: string;\n v: string;\n providerId?: string;\n scopes?: string;\n customParameters?: string;\n eventId?: string;\n tid?: string;\n} & { [key: string]: string | undefined };\n\nexport async function _getRedirectUrl(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n redirectUrl?: string,\n eventId?: string,\n additionalParams?: Record<string, string>\n): Promise<string> {\n _assert(auth.config.authDomain, auth, AuthErrorCode.MISSING_AUTH_DOMAIN);\n _assert(auth.config.apiKey, auth, AuthErrorCode.INVALID_API_KEY);\n\n const params: WidgetParams = {\n apiKey: auth.config.apiKey,\n appName: auth.name,\n authType,\n redirectUrl,\n v: SDK_VERSION,\n eventId\n };\n\n if (provider instanceof FederatedAuthProvider) {\n provider.setDefaultLanguage(auth.languageCode);\n params.providerId = provider.providerId || '';\n if (!isEmpty(provider.getCustomParameters())) {\n params.customParameters = JSON.stringify(provider.getCustomParameters());\n }\n\n // TODO set additionalParams from the provider as well?\n for (const [key, value] of Object.entries(additionalParams || {})) {\n params[key] = value;\n }\n }\n\n if (provider instanceof BaseOAuthProvider) {\n const scopes = provider.getScopes().filter(scope => scope !== '');\n if (scopes.length > 0) {\n params.scopes = scopes.join(',');\n }\n }\n\n if (auth.tenantId) {\n params.tid = auth.tenantId;\n }\n\n // TODO: maybe set eid as endpointId\n // TODO: maybe set fw as Frameworks.join(\",\")\n\n const paramsDict = params as Record<string, string | number>;\n for (const key of Object.keys(paramsDict)) {\n if (paramsDict[key] === undefined) {\n delete paramsDict[key];\n }\n }\n\n // Sets the App Check token to pass to the widget\n const appCheckToken = await auth._getAppCheckToken();\n const appCheckTokenFragment = appCheckToken\n ? `#${FIREBASE_APP_CHECK_FRAGMENT_ID}=${encodeURIComponent(appCheckToken)}`\n : '';\n\n // Start at index 1 to skip the leading '&' in the query string\n return `${getHandlerBase(auth)}?${querystring(paramsDict).slice(\n 1\n )}${appCheckTokenFragment}`;\n}\n\nfunction getHandlerBase({ config }: AuthInternal): string {\n if (!config.emulator) {\n return `https://${config.authDomain}/${WIDGET_PATH}`;\n }\n\n return _emulatorUrl(config, EMULATOR_WIDGET_PATH);\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider, PopupRedirectResolver } from '../model/public_types';\n\nimport { AuthEventManager } from '../core/auth/auth_event_manager';\nimport { AuthErrorCode } from '../core/errors';\nimport { _assert, debugAssert, _fail } from '../core/util/assert';\nimport { _generateEventId } from '../core/util/event_id';\nimport { _getCurrentUrl } from '../core/util/location';\nimport { _validateOrigin } from '../core/util/validate_origin';\nimport { AuthInternal } from '../model/auth';\nimport {\n AuthEventType,\n EventManager,\n GapiAuthEvent,\n GapiOutcome,\n PopupRedirectResolverInternal\n} from '../model/popup_redirect';\nimport { _setWindowLocation } from './auth_window';\nimport { _openIframe } from './iframe/iframe';\nimport { browserSessionPersistence } from './persistence/session_storage';\nimport { _open, AuthPopup } from './util/popup';\nimport { _getRedirectResult } from './strategies/redirect';\nimport { _getRedirectUrl } from '../core/util/handler';\nimport { _isIOS, _isMobileBrowser, _isSafari } from '../core/util/browser';\nimport { _overrideRedirectResult } from '../core/strategies/redirect';\n\n/**\n * The special web storage event\n *\n */\nconst WEB_STORAGE_SUPPORT_KEY = 'webStorageSupport';\n\ninterface WebStorageSupportMessage extends gapi.iframes.Message {\n [index: number]: Record<string, boolean>;\n}\n\ninterface ManagerOrPromise {\n manager?: EventManager;\n promise?: Promise<EventManager>;\n}\n\nclass BrowserPopupRedirectResolver implements PopupRedirectResolverInternal {\n private readonly eventManagers: Record<string, ManagerOrPromise> = {};\n private readonly iframes: Record<string, gapi.iframes.Iframe> = {};\n private readonly originValidationPromises: Record<string, Promise<void>> = {};\n\n readonly _redirectPersistence = browserSessionPersistence;\n\n // Wrapping in async even though we don't await anywhere in order\n // to make sure errors are raised as promise rejections\n async _openPopup(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n eventId?: string\n ): Promise<AuthPopup> {\n debugAssert(\n this.eventManagers[auth._key()]?.manager,\n '_initialize() not called before _openPopup()'\n );\n\n const url = await _getRedirectUrl(\n auth,\n provider,\n authType,\n _getCurrentUrl(),\n eventId\n );\n return _open(auth, url, _generateEventId());\n }\n\n async _openRedirect(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n eventId?: string\n ): Promise<never> {\n await this._originValidation(auth);\n const url = await _getRedirectUrl(\n auth,\n provider,\n authType,\n _getCurrentUrl(),\n eventId\n );\n _setWindowLocation(url);\n return new Promise(() => {});\n }\n\n _initialize(auth: AuthInternal): Promise<EventManager> {\n const key = auth._key();\n if (this.eventManagers[key]) {\n const { manager, promise } = this.eventManagers[key];\n if (manager) {\n return Promise.resolve(manager);\n } else {\n debugAssert(promise, 'If manager is not set, promise should be');\n return promise;\n }\n }\n\n const promise = this.initAndGetManager(auth);\n this.eventManagers[key] = { promise };\n\n // If the promise is rejected, the key should be removed so that the\n // operation can be retried later.\n promise.catch(() => {\n delete this.eventManagers[key];\n });\n\n return promise;\n }\n\n private async initAndGetManager(auth: AuthInternal): Promise<EventManager> {\n const iframe = await _openIframe(auth);\n const manager = new AuthEventManager(auth);\n iframe.register<GapiAuthEvent>(\n 'authEvent',\n (iframeEvent: GapiAuthEvent | null) => {\n _assert(iframeEvent?.authEvent, auth, AuthErrorCode.INVALID_AUTH_EVENT);\n // TODO: Consider splitting redirect and popup events earlier on\n\n const handled = manager.onEvent(iframeEvent.authEvent);\n return { status: handled ? GapiOutcome.ACK : GapiOutcome.ERROR };\n },\n gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER\n );\n\n this.eventManagers[auth._key()] = { manager };\n this.iframes[auth._key()] = iframe;\n return manager;\n }\n\n _isIframeWebStorageSupported(\n auth: AuthInternal,\n cb: (supported: boolean) => unknown\n ): void {\n const iframe = this.iframes[auth._key()];\n iframe.send<gapi.iframes.Message, WebStorageSupportMessage>(\n WEB_STORAGE_SUPPORT_KEY,\n { type: WEB_STORAGE_SUPPORT_KEY },\n result => {\n const isSupported = result?.[0]?.[WEB_STORAGE_SUPPORT_KEY];\n if (isSupported !== undefined) {\n cb(!!isSupported);\n }\n\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n },\n gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER\n );\n }\n\n _originValidation(auth: AuthInternal): Promise<void> {\n const key = auth._key();\n if (!this.originValidationPromises[key]) {\n this.originValidationPromises[key] = _validateOrigin(auth);\n }\n\n return this.originValidationPromises[key];\n }\n\n get _shouldInitProactively(): boolean {\n // Mobile browsers and Safari need to optimistically initialize\n return _isMobileBrowser() || _isSafari() || _isIOS();\n }\n\n _completeRedirectFn = _getRedirectResult;\n\n _overrideRedirectResult = _overrideRedirectResult;\n}\n\n/**\n * An implementation of {@link PopupRedirectResolver} suitable for browser\n * based applications.\n *\n * @remarks\n * This method does not work in a Node.js environment.\n *\n * @public\n */\nexport const browserPopupRedirectResolver: PopupRedirectResolver =\n BrowserPopupRedirectResolver;\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { FactorId, MultiFactorAssertion } from '../model/public_types';\nimport { debugFail } from '../core/util/assert';\nimport { MultiFactorSessionImpl, MultiFactorSessionType } from './mfa_session';\nimport { FinalizeMfaResponse } from '../api/authentication/mfa';\nimport { AuthInternal } from '../model/auth';\n\nexport abstract class MultiFactorAssertionImpl implements MultiFactorAssertion {\n protected constructor(readonly factorId: FactorId) {}\n\n _process(\n auth: AuthInternal,\n session: MultiFactorSessionImpl,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse> {\n switch (session.type) {\n case MultiFactorSessionType.ENROLL:\n return this._finalizeEnroll(auth, session.credential, displayName);\n case MultiFactorSessionType.SIGN_IN:\n return this._finalizeSignIn(auth, session.credential);\n default:\n return debugFail('unexpected MultiFactorSessionType');\n }\n }\n\n abstract _finalizeEnroll(\n auth: AuthInternal,\n idToken: string,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse>;\n abstract _finalizeSignIn(\n auth: AuthInternal,\n mfaPendingCredential: string\n ): Promise<FinalizeMfaResponse>;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n FactorId,\n PhoneMultiFactorAssertion\n} from '../../../model/public_types';\n\nimport { MultiFactorAssertionImpl } from '../../../mfa/mfa_assertion';\nimport { AuthInternal } from '../../../model/auth';\nimport { finalizeEnrollPhoneMfa } from '../../../api/account_management/mfa';\nimport { PhoneAuthCredential } from '../../../core/credentials/phone';\nimport {\n finalizeSignInPhoneMfa,\n FinalizeMfaResponse\n} from '../../../api/authentication/mfa';\n\n/**\n * {@inheritdoc PhoneMultiFactorAssertion}\n *\n * @public\n */\nexport class PhoneMultiFactorAssertionImpl\n extends MultiFactorAssertionImpl\n implements PhoneMultiFactorAssertion\n{\n private constructor(private readonly credential: PhoneAuthCredential) {\n super(FactorId.PHONE);\n }\n\n /** @internal */\n static _fromCredential(\n credential: PhoneAuthCredential\n ): PhoneMultiFactorAssertionImpl {\n return new PhoneMultiFactorAssertionImpl(credential);\n }\n\n /** @internal */\n _finalizeEnroll(\n auth: AuthInternal,\n idToken: string,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse> {\n return finalizeEnrollPhoneMfa(auth, {\n idToken,\n displayName,\n phoneVerificationInfo: this.credential._makeVerificationRequest()\n });\n }\n\n /** @internal */\n _finalizeSignIn(\n auth: AuthInternal,\n mfaPendingCredential: string\n ): Promise<FinalizeMfaResponse> {\n return finalizeSignInPhoneMfa(auth, {\n mfaPendingCredential,\n phoneVerificationInfo: this.credential._makeVerificationRequest()\n });\n }\n}\n\n/**\n * Provider for generating a {@link PhoneMultiFactorAssertion}.\n *\n * @public\n */\nexport class PhoneMultiFactorGenerator {\n private constructor() {}\n\n /**\n * Provides a {@link PhoneMultiFactorAssertion} to confirm ownership of the phone second factor.\n *\n * @remarks\n * This method does not work in a Node.js environment.\n *\n * @param phoneAuthCredential - A credential provided by {@link PhoneAuthProvider.credential}.\n * @returns A {@link PhoneMultiFactorAssertion} which can be used with\n * {@link MultiFactorResolver.resolveSignIn}\n */\n static assertion(credential: PhoneAuthCredential): PhoneMultiFactorAssertion {\n return PhoneMultiFactorAssertionImpl._fromCredential(credential);\n }\n\n /**\n * The identifier of the phone second factor: `phone`.\n */\n static FACTOR_ID = 'phone';\n}\n", "/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n TotpMultiFactorAssertion,\n MultiFactorSession,\n FactorId\n} from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport {\n finalizeEnrollTotpMfa,\n startEnrollTotpMfa,\n StartTotpMfaEnrollmentResponse,\n TotpVerificationInfo\n} from '../../api/account_management/mfa';\nimport {\n FinalizeMfaResponse,\n finalizeSignInTotpMfa\n} from '../../api/authentication/mfa';\nimport { MultiFactorAssertionImpl } from '../../mfa/mfa_assertion';\nimport { MultiFactorSessionImpl } from '../mfa_session';\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\n\n/**\n * Provider for generating a {@link TotpMultiFactorAssertion}.\n *\n * @public\n */\nexport class TotpMultiFactorGenerator {\n /**\n * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of\n * the TOTP (time-based one-time password) second factor.\n * This assertion is used to complete enrollment in TOTP second factor.\n *\n * @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.\n * @param oneTimePassword One-time password from TOTP App.\n * @returns A {@link TotpMultiFactorAssertion} which can be used with\n * {@link MultiFactorUser.enroll}.\n */\n static assertionForEnrollment(\n secret: TotpSecret,\n oneTimePassword: string\n ): TotpMultiFactorAssertion {\n return TotpMultiFactorAssertionImpl._fromSecret(secret, oneTimePassword);\n }\n\n /**\n * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.\n * This assertion is used to complete signIn with TOTP as the second factor.\n *\n * @param enrollmentId identifies the enrolled TOTP second factor.\n * @param oneTimePassword One-time password from TOTP App.\n * @returns A {@link TotpMultiFactorAssertion} which can be used with\n * {@link MultiFactorResolver.resolveSignIn}.\n */\n static assertionForSignIn(\n enrollmentId: string,\n oneTimePassword: string\n ): TotpMultiFactorAssertion {\n return TotpMultiFactorAssertionImpl._fromEnrollmentId(\n enrollmentId,\n oneTimePassword\n );\n }\n\n /**\n * Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.\n * Creates a TOTP secret as part of enrolling a TOTP second factor.\n * Used for generating a QR code URL or inputting into a TOTP app.\n * This method uses the auth instance corresponding to the user in the multiFactorSession.\n *\n * @param session The {@link MultiFactorSession} that the user is part of.\n * @returns A promise to {@link TotpSecret}.\n */\n static async generateSecret(\n session: MultiFactorSession\n ): Promise<TotpSecret> {\n const mfaSession = session as MultiFactorSessionImpl;\n _assert(\n typeof mfaSession.user?.auth !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n const response = await startEnrollTotpMfa(mfaSession.user.auth, {\n idToken: mfaSession.credential,\n totpEnrollmentInfo: {}\n });\n return TotpSecret._fromStartTotpMfaEnrollmentResponse(\n response,\n mfaSession.user.auth\n );\n }\n\n /**\n * The identifier of the TOTP second factor: `totp`.\n */\n static FACTOR_ID: 'totp' = FactorId.TOTP;\n}\n\nexport class TotpMultiFactorAssertionImpl\n extends MultiFactorAssertionImpl\n implements TotpMultiFactorAssertion\n{\n constructor(\n readonly otp: string,\n readonly enrollmentId?: string,\n readonly secret?: TotpSecret\n ) {\n super(FactorId.TOTP);\n }\n\n /** @internal */\n static _fromSecret(\n secret: TotpSecret,\n otp: string\n ): TotpMultiFactorAssertionImpl {\n return new TotpMultiFactorAssertionImpl(otp, undefined, secret);\n }\n\n /** @internal */\n static _fromEnrollmentId(\n enrollmentId: string,\n otp: string\n ): TotpMultiFactorAssertionImpl {\n return new TotpMultiFactorAssertionImpl(otp, enrollmentId);\n }\n\n /** @internal */\n async _finalizeEnroll(\n auth: AuthInternal,\n idToken: string,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse> {\n _assert(\n typeof this.secret !== 'undefined',\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n return finalizeEnrollTotpMfa(auth, {\n idToken,\n displayName,\n totpVerificationInfo: this.secret._makeTotpVerificationInfo(this.otp)\n });\n }\n\n /** @internal */\n async _finalizeSignIn(\n auth: AuthInternal,\n mfaPendingCredential: string\n ): Promise<FinalizeMfaResponse> {\n _assert(\n this.enrollmentId !== undefined && this.otp !== undefined,\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n const totpVerificationInfo = { verificationCode: this.otp };\n return finalizeSignInTotpMfa(auth, {\n mfaPendingCredential,\n mfaEnrollmentId: this.enrollmentId,\n totpVerificationInfo\n });\n }\n}\n\n/**\n * Provider for generating a {@link TotpMultiFactorAssertion}.\n *\n * Stores the shared secret key and other parameters to generate time-based OTPs.\n * Implements methods to retrieve the shared secret key and generate a QR code URL.\n * @public\n */\nexport class TotpSecret {\n /**\n * Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.\n */\n readonly secretKey: string;\n /**\n * Hashing algorithm used.\n */\n readonly hashingAlgorithm: string;\n /**\n * Length of the one-time passwords to be generated.\n */\n readonly codeLength: number;\n /**\n * The interval (in seconds) when the OTP codes should change.\n */\n readonly codeIntervalSeconds: number;\n /**\n * The timestamp (UTC string) by which TOTP enrollment should be completed.\n */\n // This can be used by callers to show a countdown of when to enter OTP code by.\n readonly enrollmentCompletionDeadline: string;\n\n // The public members are declared outside the constructor so the docs can be generated.\n private constructor(\n secretKey: string,\n hashingAlgorithm: string,\n codeLength: number,\n codeIntervalSeconds: number,\n enrollmentCompletionDeadline: string,\n private readonly sessionInfo: string,\n private readonly auth: AuthInternal\n ) {\n this.secretKey = secretKey;\n this.hashingAlgorithm = hashingAlgorithm;\n this.codeLength = codeLength;\n this.codeIntervalSeconds = codeIntervalSeconds;\n this.enrollmentCompletionDeadline = enrollmentCompletionDeadline;\n }\n\n /** @internal */\n static _fromStartTotpMfaEnrollmentResponse(\n response: StartTotpMfaEnrollmentResponse,\n auth: AuthInternal\n ): TotpSecret {\n return new TotpSecret(\n response.totpSessionInfo.sharedSecretKey,\n response.totpSessionInfo.hashingAlgorithm,\n response.totpSessionInfo.verificationCodeLength,\n response.totpSessionInfo.periodSec,\n new Date(response.totpSessionInfo.finalizeEnrollmentTime).toUTCString(),\n response.totpSessionInfo.sessionInfo,\n auth\n );\n }\n\n /** @internal */\n _makeTotpVerificationInfo(otp: string): TotpVerificationInfo {\n return { sessionInfo: this.sessionInfo, verificationCode: otp };\n }\n\n /**\n * Returns a QR code URL as described in\n * https://github.com/google/google-authenticator/wiki/Key-Uri-Format\n * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.\n * If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.\n *\n * @param accountName the name of the account/app along with a user identifier.\n * @param issuer issuer of the TOTP (likely the app name).\n * @returns A QR code URL string.\n */\n generateQrCodeUrl(accountName?: string, issuer?: string): string {\n let useDefaults = false;\n if (_isEmptyString(accountName) || _isEmptyString(issuer)) {\n useDefaults = true;\n }\n if (useDefaults) {\n if (_isEmptyString(accountName)) {\n accountName = this.auth.currentUser?.email || 'unknownuser';\n }\n if (_isEmptyString(issuer)) {\n issuer = this.auth.name;\n }\n }\n return `otpauth://totp/${issuer}:${accountName}?secret=${this.secretKey}&issuer=${issuer}&algorithm=${this.hashingAlgorithm}&digits=${this.codeLength}`;\n }\n}\n\n/** @internal */\nfunction _isEmptyString(input?: string): boolean {\n return typeof input === 'undefined' || input?.length === 0;\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Unsubscribe } from '@firebase/util';\nimport { FirebaseAuthInternal } from '@firebase/auth-interop-types';\n\nimport { AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { _assert } from '../util/assert';\nimport { AuthErrorCode } from '../errors';\n\ninterface TokenListener {\n (tok: string | null): unknown;\n}\n\nexport class AuthInterop implements FirebaseAuthInternal {\n private readonly internalListeners: Map<TokenListener, Unsubscribe> =\n new Map();\n\n constructor(private readonly auth: AuthInternal) {}\n\n getUid(): string | null {\n this.assertAuthConfigured();\n return this.auth.currentUser?.uid || null;\n }\n\n async getToken(\n forceRefresh?: boolean\n ): Promise<{ accessToken: string } | null> {\n this.assertAuthConfigured();\n await this.auth._initializationPromise;\n if (!this.auth.currentUser) {\n return null;\n }\n\n const accessToken = await this.auth.currentUser.getIdToken(forceRefresh);\n return { accessToken };\n }\n\n addAuthTokenListener(listener: TokenListener): void {\n this.assertAuthConfigured();\n if (this.internalListeners.has(listener)) {\n return;\n }\n\n const unsubscribe = this.auth.onIdTokenChanged(user => {\n listener(\n (user as UserInternal | null)?.stsTokenManager.accessToken || null\n );\n });\n this.internalListeners.set(listener, unsubscribe);\n this.updateProactiveRefresh();\n }\n\n removeAuthTokenListener(listener: TokenListener): void {\n this.assertAuthConfigured();\n const unsubscribe = this.internalListeners.get(listener);\n if (!unsubscribe) {\n return;\n }\n\n this.internalListeners.delete(listener);\n unsubscribe();\n this.updateProactiveRefresh();\n }\n\n private assertAuthConfigured(): void {\n _assert(\n this.auth._initializationPromise,\n AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH\n );\n }\n\n private updateProactiveRefresh(): void {\n if (this.internalListeners.size > 0) {\n this.auth._startProactiveRefresh();\n } else {\n this.auth._stopProactiveRefresh();\n }\n }\n}\n", "/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _registerComponent, registerVersion } from '@firebase/app';\nimport {\n Component,\n ComponentType,\n InstantiationMode\n} from '@firebase/component';\n\nimport { name, version } from '../../../package.json';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _getClientVersion, ClientPlatform } from '../util/version';\nimport { _castAuth, AuthImpl, DefaultConfig } from './auth_impl';\nimport { AuthInterop } from './firebase_internal';\nimport { ConfigInternal } from '../../model/auth';\nimport { Dependencies } from '../../model/public_types';\nimport { _initializeAuthInstance } from './initialize';\n\nexport const enum _ComponentName {\n AUTH = 'auth',\n AUTH_INTERNAL = 'auth-internal'\n}\n\nfunction getVersionForPlatform(\n clientPlatform: ClientPlatform\n): string | undefined {\n switch (clientPlatform) {\n case ClientPlatform.NODE:\n return 'node';\n case ClientPlatform.REACT_NATIVE:\n return 'rn';\n case ClientPlatform.WORKER:\n return 'webworker';\n case ClientPlatform.CORDOVA:\n return 'cordova';\n case ClientPlatform.WEB_EXTENSION:\n return 'web-extension';\n default:\n return undefined;\n }\n}\n\n/** @internal */\nexport function registerAuth(clientPlatform: ClientPlatform): void {\n _registerComponent(\n new Component(\n _ComponentName.AUTH,\n (container, { options: deps }: { options?: Dependencies }) => {\n const app = container.getProvider('app').getImmediate()!;\n const heartbeatServiceProvider =\n container.getProvider<'heartbeat'>('heartbeat');\n const appCheckServiceProvider =\n container.getProvider<'app-check-internal'>('app-check-internal');\n const { apiKey, authDomain } = app.options;\n\n _assert(\n apiKey && !apiKey.includes(':'),\n AuthErrorCode.INVALID_API_KEY,\n { appName: app.name }\n );\n\n const config: ConfigInternal = {\n apiKey,\n authDomain,\n clientPlatform,\n apiHost: DefaultConfig.API_HOST,\n tokenApiHost: DefaultConfig.TOKEN_API_HOST,\n apiScheme: DefaultConfig.API_SCHEME,\n sdkClientVersion: _getClientVersion(clientPlatform)\n };\n\n const authInstance = new AuthImpl(\n app,\n heartbeatServiceProvider,\n appCheckServiceProvider,\n config\n );\n _initializeAuthInstance(authInstance, deps);\n\n return authInstance;\n },\n ComponentType.PUBLIC\n )\n /**\n * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()\n * For why we do this, See go/firebase-next-auth-init\n */\n .setInstantiationMode(InstantiationMode.EXPLICIT)\n /**\n * Because all firebase products that depend on auth depend on auth-internal directly,\n * we need to initialize auth-internal after auth is initialized to make it available to other firebase products.\n */\n .setInstanceCreatedCallback(\n (container, _instanceIdentifier, _instance) => {\n const authInternalProvider = container.getProvider(\n _ComponentName.AUTH_INTERNAL\n );\n authInternalProvider.initialize();\n }\n )\n );\n\n _registerComponent(\n new Component(\n _ComponentName.AUTH_INTERNAL,\n container => {\n const auth = _castAuth(\n container.getProvider(_ComponentName.AUTH).getImmediate()!\n );\n return (auth => new AuthInterop(auth))(auth);\n },\n ComponentType.PRIVATE\n ).setInstantiationMode(InstantiationMode.EXPLICIT)\n );\n\n registerVersion(name, version, getVersionForPlatform(clientPlatform));\n // BUILD_TARGET will be replaced by values like esm, cjs, etc during the compilation\n registerVersion(name, version, '__BUILD_TARGET__');\n}\n", "/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseApp, getApp, _getProvider } from '@firebase/app';\n\nimport {\n initializeAuth,\n beforeAuthStateChanged,\n onIdTokenChanged,\n connectAuthEmulator\n} from '..';\nimport { registerAuth } from '../core/auth/register';\nimport { ClientPlatform } from '../core/util/version';\nimport { browserLocalPersistence } from './persistence/local_storage';\nimport { browserSessionPersistence } from './persistence/session_storage';\nimport { indexedDBLocalPersistence } from './persistence/indexed_db';\nimport { browserPopupRedirectResolver } from './popup_redirect';\nimport { Auth, User } from '../model/public_types';\nimport { getDefaultEmulatorHost, getExperimentalSetting } from '@firebase/util';\nimport { _setExternalJSProvider } from './load_js';\nimport { _createError } from '../core/util/assert';\nimport { AuthErrorCode } from '../core/errors';\n\nconst DEFAULT_ID_TOKEN_MAX_AGE = 5 * 60;\nconst authIdTokenMaxAge =\n getExperimentalSetting('authIdTokenMaxAge') || DEFAULT_ID_TOKEN_MAX_AGE;\n\nlet lastPostedIdToken: string | undefined | null = null;\n\nconst mintCookieFactory = (url: string) => async (user: User | null) => {\n const idTokenResult = user && (await user.getIdTokenResult());\n const idTokenAge =\n idTokenResult &&\n (new Date().getTime() - Date.parse(idTokenResult.issuedAtTime)) / 1_000;\n if (idTokenAge && idTokenAge > authIdTokenMaxAge) {\n return;\n }\n // Specifically trip null => undefined when logged out, to delete any existing cookie\n const idToken = idTokenResult?.token;\n if (lastPostedIdToken === idToken) {\n return;\n }\n lastPostedIdToken = idToken;\n await fetch(url, {\n method: idToken ? 'POST' : 'DELETE',\n headers: idToken\n ? {\n 'Authorization': `Bearer ${idToken}`\n }\n : {}\n });\n};\n\n/**\n * Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.\n * If no instance exists, initializes an Auth instance with platform-specific default dependencies.\n *\n * @param app - The Firebase App.\n *\n * @public\n */\nexport function getAuth(app: FirebaseApp = getApp()): Auth {\n const provider = _getProvider(app, 'auth');\n\n if (provider.isInitialized()) {\n return provider.getImmediate();\n }\n\n const auth = initializeAuth(app, {\n popupRedirectResolver: browserPopupRedirectResolver,\n persistence: [\n indexedDBLocalPersistence,\n browserLocalPersistence,\n browserSessionPersistence\n ]\n });\n\n const authTokenSyncPath = getExperimentalSetting('authTokenSyncURL');\n // Only do the Cookie exchange in a secure context\n if (\n authTokenSyncPath &&\n typeof isSecureContext === 'boolean' &&\n isSecureContext\n ) {\n // Don't allow urls (XSS possibility), only paths on the same domain\n const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);\n if (location.origin === authTokenSyncUrl.origin) {\n const mintCookie = mintCookieFactory(authTokenSyncUrl.toString());\n beforeAuthStateChanged(auth, mintCookie, () =>\n mintCookie(auth.currentUser)\n );\n onIdTokenChanged(auth, user => mintCookie(user));\n }\n }\n\n const authEmulatorHost = getDefaultEmulatorHost('auth');\n if (authEmulatorHost) {\n connectAuthEmulator(auth, `http://${authEmulatorHost}`);\n }\n\n return auth;\n}\n\nfunction getScriptParentElement(): HTMLDocument | HTMLHeadElement {\n return document.getElementsByTagName('head')?.[0] ?? document;\n}\n\n_setExternalJSProvider({\n loadJS(url: string): Promise<Event> {\n // TODO: consider adding timeout support & cancellation\n return new Promise((resolve, reject) => {\n const el = document.createElement('script');\n el.setAttribute('src', url);\n el.onload = resolve;\n el.onerror = e => {\n const error = _createError(AuthErrorCode.INTERNAL_ERROR);\n error.customData = e as unknown as Record<string, unknown>;\n reject(error);\n };\n el.type = 'text/javascript';\n el.charset = 'UTF-8';\n getScriptParentElement().appendChild(el);\n });\n },\n\n gapiScript: 'https://apis.google.com/js/api.js',\n recaptchaV2Script: 'https://www.google.com/recaptcha/api.js',\n recaptchaEnterpriseScript:\n 'https://www.google.com/recaptcha/enterprise.js?render='\n});\n\nregisterAuth(ClientPlatform.BROWSER);\n"], "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBa,IAAA,WAAW;;EAEtB,OAAO;EACP,MAAM;;AAQK,IAAA,aAAa;;EAExB,UAAU;;EAEV,QAAQ;;EAER,QAAQ;;EAER,UAAU;;EAEV,OAAO;;EAEP,SAAS;;AAQE,IAAA,eAAe;;EAE1B,YAAY;;EAEZ,gBAAgB;;EAEhB,UAAU;;EAEV,QAAQ;;EAER,QAAQ;;EAER,OAAO;;EAEP,SAAS;;AAQE,IAAA,gBAAgB;;EAE3B,MAAM;;EAEN,gBAAgB;;EAEhB,SAAS;;AAQE,IAAA,sBAAsB;;EAEjC,cAAc;;EAEd,gBAAgB;;EAEhB,eAAe;;EAEf,+BAA+B;;EAE/B,yBAAyB;;EAEzB,cAAc;;ACuChB,SAAS,iBAAc;AACrB,SAAO;IACL;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAAgC;IAChC;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GAAmC;IACnC;MAAA;;IAAA,GAAkC;IAClC;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GAAkC;IAClC;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAAgC;IAChC;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GAAoC;IACpC;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAIF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAA+B;IAC/B;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAIF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAAsC;IACtC;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GAAkC;IAClC;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAA+B;IAC/B;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IAGF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAAyB;IACzB;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAEF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAAiC;IACjC;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IAIF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GAAkC;IAClC;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;IACF;MAAA;;IAAA,GACE;;AAGN;AAMA,SAAS,gBAAa;AAIpB,SAAO;IACL;MAAA;;IAAA,GACE;;AAIN;AASO,IAAM,gBAA8B;AASpC,IAAM,eAA6B;AAuDnC,IAAM,8BAA8B,IAAI,aAG7C,QAAQ,YAAY,cAAa,CAAE;AAaxB,IAAA,6CAA6C;EACxD,sBAAsB;EACtB,gBAAgB;EAChB,oBAAoB;EACpB,mBAAmB;EACnB,sBAAsB;EACtB,cAAc;EACd,mBAAmB;EACnB,kBAAkB;EAClB,2BAA2B;EAC3B,qBAAqB;EACrB,gCAAgC;EAChC,gCAAgC;EAChC,4BAA4B;EAC5B,iCAAiC;EACjC,cAAc;EACd,wBAAwB;EACxB,kBAAkB;EAClB,uBAAuB;EACvB,gBAAgB;EAChB,iBAAiB;EACjB,wBAAwB;EACxB,gBAAgB;EAChB,cAAc;EACd,oBAAoB;EACpB,mBAAmB;EACnB,cAAc;EACd,sBAAsB;EACtB,+BAA+B;EAC/B,sBAAsB;EACtB,6BAA6B;EAC7B,eAAe;EACf,yBAAyB;EACzB,sBAAsB;EACtB,2BAA2B;EAC3B,yBAAyB;EACzB,qBAAqB;EACrB,yBAAyB;EACzB,wBAAwB;EACxB,kBAAkB;EAClB,gBAAgB;EAChB,kBAAkB;EAClB,qBAAqB;EACrB,sBAAsB;EACtB,qBAAqB;EACrB,yBAAyB;EACzB,gBAAgB;EAChB,sBAAsB;EACtB,mBAAmB;EACnB,oBAAoB;EACpB,cAAc;EACd,8BAA8B;EAC9B,wBAAwB;EACxB,qBAAqB;EACrB,cAAc;EACd,sBAAsB;EACtB,sBAAsB;EACtB,uBAAuB;EACvB,0BAA0B;EAC1B,kBAAkB;EAClB,qBAAqB;EACrB,sBAAsB;EACtB,kBAAkB;EAClB,sBAAsB;EACtB,kBAAkB;EAClB,mBAAmB;EACnB,wBAAwB;EACxB,WAAW;EACX,eAAe;EACf,kBAAkB;EAClB,uBAAuB;EACvB,yBAAyB;EACzB,eAAe;EACf,sBAAsB;EACtB,yBAAyB;EACzB,gBAAgB;EAChB,4BAA4B;EAC5B,4BAA4B;EAC5B,qBAAqB;EACrB,gCAAgC;EAChC,8BAA8B;EAC9B,oBAAoB;EACpB,SAAS;EACT,eAAe;EACf,6BAA6B;EAC7B,qBAAqB;EACrB,0BAA0B;EAC1B,yBAAyB;EACzB,8BAA8B;EAC9B,kBAAkB;EAClB,gBAAgB;EAChB,cAAc;EACd,eAAe;EACf,eAAe;EACf,iBAAiB;EACjB,eAAe;EACf,yBAAyB;EACzB,qBAAqB;EACrB,uBAAuB;EACvB,yBAAyB;EACzB,yBAAyB;EACzB,0BAA0B;EAC1B,qBAAqB;EACrB,2BAA2B;EAC3B,2BAA2B;EAC3B,kBAAkB;EAClB,6BAA6B;;ACxkB/B,IAAM,YAAY,IAAI,OAAO,gBAAgB;SAiB7B,SAAS,QAAgB,MAAc;AACrD,MAAI,UAAU,YAAY,SAAS,MAAM;AACvC,cAAU,KAAK,SAAS,WAAW,MAAM,GAAG,IAAI,GAAG,IAAI;;AAE3D;SAEgB,UAAU,QAAgB,MAAc;AACtD,MAAI,UAAU,YAAY,SAAS,OAAO;AACxC,cAAU,MAAM,SAAS,WAAW,MAAM,GAAG,IAAI,GAAG,IAAI;;AAE5D;SCWgB,MACd,eACG,MAAe;AAElB,QAAM,oBAAoB,YAAY,GAAG,IAAI;AAC/C;SAagB,aACd,eACG,MAAe;AAElB,SAAO,oBAAoB,YAAY,GAAG,IAAI;AAChD;SAEgB,wBACd,MACA,MACA,SAAe;AAEf,QAAM,WAAW;IACf,GAAI,aAAkC;IACtC,CAAC,IAAI,GAAG;;AAEV,QAAM,UAAU,IAAI,aAClB,QACA,YACA,QAAQ;AAEV,SAAO,QAAQ,OAAO,MAAM;IAC1B,SAAS,KAAK;EACf,CAAA;AACH;AAEM,SAAU,gDACd,MAAU;AAEV,SAAO,wBACL,MAEA,+CAAA,gGAAgG;AAEpG;SAEgB,kBACd,MACA,QACA,UAAiB;AAEjB,QAAM,sBAAsB;AAC5B,MAAI,EAAE,kBAAkB,sBAAsB;AAC5C,QAAI,oBAAoB,SAAS,OAAO,YAAY,MAAM;AACxD;QAAM;QAAI;;MAAA;;AAGZ,UAAM,wBACJ,MAEA,kBAAA,WAAW,OAAO,YAAY,IAAI,uFACqB;;AAG7D;AAEA,SAAS,oBACP,eACG,MAAe;AAElB,MAAI,OAAO,eAAe,UAAU;AAClC,UAAM,OAAO,KAAK,CAAC;AACnB,UAAM,aAAa,CAAC,GAAG,KAAK,MAAM,CAAC,CAAC;AACpC,QAAI,WAAW,CAAC,GAAG;AACjB,iBAAW,CAAC,EAAE,UAAU,WAAW;;AAGrC,WAAQ,WAA4B,cAAc,OAChD,MACA,GAAG,UAAU;;AAIjB,SAAO,4BAA4B,OACjC,YACA,GAAI,IAA+B;AAEvC;AAeM,SAAU,QACd,WACA,eACG,MAAe;AAElB,MAAI,CAAC,WAAW;AACd,UAAM,oBAAoB,YAAY,GAAG,IAAI;;AAEjD;AA4FM,SAAU,UAAU,SAAe;AAGvC,QAAM,UAAU,gCAAgC;AAChD,YAAU,OAAO;AAKjB,QAAM,IAAI,MAAM,OAAO;AACzB;AASgB,SAAA,YACd,WACA,SAAe;AAEf,MAAI,CAAC,WAAW;AACd,cAAU,OAAO;;AAErB;SCvRgB,iBAAc;AAC5B,SAAQ,OAAO,SAAS,eAAe,KAAK,UAAU,QAAS;AACjE;SAEgB,iBAAc;AAC5B,SAAO,kBAAiB,MAAO,WAAW,kBAAiB,MAAO;AACpE;SAEgB,oBAAiB;AAC/B,SAAQ,OAAO,SAAS,eAAe,KAAK,UAAU,YAAa;AACrE;SCJgB,YAAS;AACvB,MACE,OAAO,cAAc,eACrB,aACA,YAAY,aACZ,OAAO,UAAU,WAAW;;;;;GAM3B,eAAc,KAAM,mBAAkB,KAAM,gBAAgB,YAC7D;AACA,WAAO,UAAU;;AAGnB,SAAO;AACT;SAEgB,mBAAgB;AAC9B,MAAI,OAAO,cAAc,aAAa;AACpC,WAAO;;AAET,QAAM,oBAAuC;AAC7C;;IAEG,kBAAkB,aAAa,kBAAkB,UAAU,CAAC;;IAG7D,kBAAkB;IAElB;;AAEJ;IC1Ba,cAAK;EAIhB,YACmB,YACA,WAAiB;AADjB,SAAU,aAAV;AACA,SAAS,YAAT;AAGjB,gBACE,YAAY,YACZ,6CAA6C;AAE/C,SAAK,WAAW,gBAAe,KAAM,cAAa;;EAGpD,MAAG;AACD,QAAI,CAAC,UAAS,GAAI;AAEhB,aAAO,KAAK,IAAG,KAAmB,KAAK,UAAU;;AAMnD,WAAO,KAAK,WAAW,KAAK,YAAY,KAAK;;AAEhD;ACrCe,SAAA,aAAa,QAAwB,MAAa;AAChE,cAAY,OAAO,UAAU,oCAAoC;AACjE,QAAM,EAAE,IAAG,IAAK,OAAO;AAEvB,MAAI,CAAC,MAAM;AACT,WAAO;;AAGT,SAAO,GAAG,GAAG,GAAG,KAAK,WAAW,GAAG,IAAI,KAAK,MAAM,CAAC,IAAI,IAAI;AAC7D;ICVa,sBAAa;EAKxB,OAAO,WACL,WACA,aACA,cAA8B;AAE9B,SAAK,YAAY;AACjB,QAAI,aAAa;AACf,WAAK,cAAc;;AAErB,QAAI,cAAc;AAChB,WAAK,eAAe;;;EAIxB,OAAO,QAAK;AACV,QAAI,KAAK,WAAW;AAClB,aAAO,KAAK;;AAEd,QAAI,OAAO,SAAS,eAAe,WAAW,MAAM;AAClD,aAAO,KAAK;;AAEd,QAAI,OAAO,eAAe,eAAe,WAAW,OAAO;AACzD,aAAO,WAAW;;AAEpB,QAAI,OAAO,UAAU,aAAa;AAChC,aAAO;;AAET,cACE,iHAAiH;;EAIrH,OAAO,UAAO;AACZ,QAAI,KAAK,aAAa;AACpB,aAAO,KAAK;;AAEd,QAAI,OAAO,SAAS,eAAe,aAAa,MAAM;AACpD,aAAO,KAAK;;AAEd,QAAI,OAAO,eAAe,eAAe,WAAW,SAAS;AAC3D,aAAO,WAAW;;AAEpB,QAAI,OAAO,YAAY,aAAa;AAClC,aAAO;;AAET,cACE,mHAAmH;;EAIvH,OAAO,WAAQ;AACb,QAAI,KAAK,cAAc;AACrB,aAAO,KAAK;;AAEd,QAAI,OAAO,SAAS,eAAe,cAAc,MAAM;AACrD,aAAO,KAAK;;AAEd,QAAI,OAAO,eAAe,eAAe,WAAW,UAAU;AAC5D,aAAO,WAAW;;AAEpB,QAAI,OAAO,aAAa,aAAa;AACnC,aAAO;;AAET,cACE,oHAAoH;;AAGzH;AC0CM,IAAM,mBAAyD;;EAEpE;IAAA;;EAAA,GAAoE;;EAEpE;IAAA;;EAAA,GAAgE;;EAGhE;IAAA;;EAAA,GAA6D;;EAE7D;IAAA;;EAAA,GAAgE;;EAGhE;IAAA;;EAAA,GAA8D;;EAE9D;IAAA;;EAAA,GAA8D;;;EAG9D;IAAA;;EAAA,GAAyE;;EAGzE;IAAA;;EAAA,GAAsD;EACtD;IAAA;;EAAA,GAA0E;;EAG1E;IAAA;;EAAA,GAAoE;EACpE;IAAA;;EAAA,GAAqE;EACrE;IAAA;;EAAA,GACyC;;EAGzC;IAAA;;EAAA,GAA4D;;EAG5D;IAAA;;EAAA,GAAyD;EACzD;IAAA;;EAAA,GAC2C;EAE3C;IAAA;;EAAA,GAA8D;EAC9D;IAAA;;EAAA,GAA8D;;EAE9D;IAAA;;EAAA,GAA4D;;EAG5D;IAAA;;EAAA,GAC8C;EAC9C;IAAA;;EAAA,GAA0D;EAC1D;IAAA;;EAAA,GAAwD;EACxD;IAAA;;EAAA,GAAyD;;EAGzD;IAAA;;EAAA,GAC2C;EAC3C;IAAA;;EAAA,GACmD;;EAGnD;IAAA;;EAAA,GAAsD;EACtD;IAAA;;EAAA,GAAsE;EACtE;IAAA;;EAAA,GAAuE;EACvE;IAAA;;EAAA,GAAsE;EACtE;IAAA;;EAAA,GAAyD;;;;EAKzD;IAAA;;EAAA,GAC4C;EAC5C;IAAA;;EAAA,GAAoE;;EAGpE;IAAA;;EAAA,GAA4E;;EAG5E;IAAA;;EAAA,GAAsE;;EAGtE;IAAA;;EAAA,GACmC;EACnC;IAAA;;EAAA,GAAwE;EACxE;IAAA;;EAAA,GAAuE;EACvE;IAAA;;EAAA,GACmC;EACnC;IAAA;;EAAA,GAC8C;EAC9C;IAAA;;EAAA,GAC4C;;EAG5C;IAAA;;EAAA,GAA4E;;EAG5E;IAAA;;EAAA,GAAwE;EACxE;IAAA;;EAAA,GAA4E;EAC5E;IAAA;;EAAA,GAA4E;EAC5E;IAAA;;EAAA,GACwC;EACxC;IAAA;;EAAA,GAAoE;EACpE;IAAA;;EAAA,GACyC;EACzC;IAAA;;EAAA,GACyC;EACzC;IAAA;;EAAA,GAA8D;;;ACxJhE,IAAM,6BAAuC;;;;;;;;;AAyCtC,IAAM,yBAAyB,IAAI,MAAM,KAAQ,GAAM;AAE9C,SAAA,mBACd,MACA,SAAU;AAEV,MAAI,KAAK,YAAY,CAAC,QAAQ,UAAU;AACtC,WAAO;MACL,GAAG;MACH,UAAU,KAAK;;;AAGnB,SAAO;AACT;AAEO,eAAe,mBACpB,MACA,QACA,MACA,SACA,iBAAuD,CAAA,GAAE;AAEzD,SAAO,+BAA+B,MAAM,gBAAgB,YAAW;AACrE,QAAI,OAAO,CAAA;AACX,QAAI,SAAS,CAAA;AACb,QAAI,SAAS;AACX,UAAI,WAAyB,OAAE;AAC7B,iBAAS;aACJ;AACL,eAAO;UACL,MAAM,KAAK,UAAU,OAAO;;;;AAKlC,UAAM,QAAQ,YAAY;MACxB,KAAK,KAAK,OAAO;MACjB,GAAG;IACJ,CAAA,EAAE,MAAM,CAAC;AAEV,UAAM,UAAU,MAAO,KAAsB,sBAAqB;AAClE;MAAO;;IAAA,IAA4B;AAEnC,QAAI,KAAK,cAAc;AACrB;QAAqC;;MAAA,IAAG,KAAK;;AAG/C,UAAM,YAAyB;MAC7B;MACA;MACA,GAAG;;AAOL,QAAI,CAAC,mBAAkB,GAAI;AACzB,gBAAU,iBAAiB;;AAG7B,QAAI,KAAK,kBAAkB,mBAAmB,KAAK,eAAe,IAAI,GAAG;AACvE,gBAAU,cAAc;;AAG1B,WAAO,cAAc,MAAK,EACxB,MAAM,gBAAgB,MAAM,KAAK,OAAO,SAAS,MAAM,KAAK,GAC5D,SAAS;EAEb,CAAC;AACH;AAEO,eAAe,+BACpB,MACA,gBACA,SAAgC;AAE/B,OAAsB,mBAAmB;AAC1C,QAAM,WAAW,EAAE,GAAG,kBAAkB,GAAG,eAAc;AACzD,MAAI;AACF,UAAM,iBAAiB,IAAI,eAAyB,IAAI;AACxD,UAAM,WAAqB,MAAM,QAAQ,KAAwB;MAC/D,QAAO;MACP,eAAe;IAChB,CAAA;AAID,mBAAe,oBAAmB;AAElC,UAAM,OAAO,MAAM,SAAS,KAAI;AAChC,QAAI,sBAAsB,MAAM;AAC9B,YAAM,iBAAiB,MAAuC,4CAAA,IAAI;;AAGpE,QAAI,SAAS,MAAM,EAAE,kBAAkB,OAAO;AAC5C,aAAO;WACF;AACL,YAAM,eAAe,SAAS,KAAK,KAAK,eAAe,KAAK,MAAM;AAClE,YAAM,CAAC,iBAAiB,kBAAkB,IAAI,aAAa,MAAM,KAAK;AACtE,UAAI,oBAAgE,oCAAE;AACpE,cAAM,iBACJ,MAEA,6BAAA,IAAI;iBAEG,oBAA4C,gBAAE;AACvD,cAAM,iBAAiB,MAAkC,wBAAA,IAAI;iBACpD,oBAA6C,iBAAE;AACxD,cAAM,iBAAiB,MAAmC,iBAAA,IAAI;;AAEhE,YAAM,YACJ,SAAS,eAA8B,KACtC,gBACE,YAAW,EACX,QAAQ,WAAW,GAAG;AAC3B,UAAI,oBAAoB;AACtB,cAAM,wBAAwB,MAAM,WAAW,kBAAkB;aAC5D;AACL,cAAM,MAAM,SAAS;;;WAGlB,GAAG;AACV,QAAI,aAAa,eAAe;AAC9B,YAAM;;AAKR,UAAM,MAA4C,0BAAA,EAAE,WAAW,OAAO,CAAC,EAAC,CAAE;;AAE9E;AAEO,eAAe,sBACpB,MACA,QACA,MACA,SACA,iBAAuD,CAAA,GAAE;AAEzD,QAAM,iBAAiB,MAAM,mBAC3B,MACA,QACA,MACA,SACA,cAAc;AAEhB,MAAI,0BAA0B,gBAAgB;AAC5C,UAAM,MAAkC,8BAAA;MACtC,iBAAiB;IAClB,CAAA;;AAGH,SAAO;AACT;AAEO,eAAe,gBACpB,MACA,MACA,MACA,OAAa;AAEb,QAAM,OAAO,GAAG,IAAI,GAAG,IAAI,IAAI,KAAK;AAEpC,QAAM,eAAe;AACrB,QAAM,cAAc,aAAa,OAAO,WACpC,aAAa,KAAK,QAA0B,IAAI,IAChD,GAAG,KAAK,OAAO,SAAS,MAAM,IAAI;AAKtC,MAAI,2BAA2B,SAAS,IAAI,GAAG;AAG7C,UAAM,aAAa;AACnB,QAAI,aAAa,oBAAmB,MAAE,UAA6B;AACjE,YAAM,oBACJ,aAAa,gBAAe;AAC9B,aAAO,kBAAkB,gBAAgB,WAAW,EAAE,SAAQ;;;AAIlE,SAAO;AACT;AAEM,SAAU,uBACd,qBAA2B;AAE3B,UAAQ,qBAAmB;IACzB,KAAK;AACH,aAAgC;IAClC,KAAK;AACH,aAA8B;IAChC,KAAK;AACH,aAA4B;IAC9B;AACE,aAAsD;;AAE5D;AAEA,IAAM,iBAAN,MAAoB;EAalB,sBAAmB;AACjB,iBAAa,KAAK,KAAK;;EAGzB,YAA6B,MAAU;AAAV,SAAI,OAAJ;AAbrB,SAAK,QAAe;AACnB,SAAO,UAAG,IAAI,QAAW,CAAC,GAAG,WAAU;AAC9C,WAAK,QAAQ,WAAW,MAAK;AAC3B,eAAO,OACL;UAAa,KAAK;UAA2C;;QAAA,CAAA;MAEjE,GAAG,uBAAuB,IAAG,CAAE;IACjC,CAAC;;AAOF;SAOe,iBACd,MACA,MACA,UAA2B;AAE3B,QAAM,cAAgC;IACpC,SAAS,KAAK;;AAGhB,MAAI,SAAS,OAAO;AAClB,gBAAY,QAAQ,SAAS;;AAE/B,MAAI,SAAS,aAAa;AACxB,gBAAY,cAAc,SAAS;;AAGrC,QAAM,QAAQ,aAAa,MAAM,MAAM,WAAW;AAGjD,QAAM,WAAwC,iBAAiB;AAChE,SAAO;AACT;AC9UM,SAAU,KACd,YAA8C;AAE9C,SACE,eAAe,UACd,WAAyB,gBAAgB;AAE9C;AAsBM,SAAU,aACd,YAA8C;AAE9C,SACE,eAAe,UACd,WAAkC,eAAe;AAEtD;IASa,wBAAe;EAW1B,YAAY,UAAoC;AAPhD,SAAO,UAAW;AAKlB,SAAyB,4BAAwC,CAAA;AAG/D,QAAI,SAAS,iBAAiB,QAAW;AACvC,YAAM,IAAI,MAAM,wBAAwB;;AAG1C,SAAK,UAAU,SAAS,aAAa,MAAM,GAAG,EAAE,CAAC;AACjD,SAAK,4BAA4B,SAAS;;;;;;;;EAS5C,4BAA4B,aAAmB;AAC7C,QACE,CAAC,KAAK,6BACN,KAAK,0BAA0B,WAAW,GAC1C;AACA,aAAO;;AAGT,eAAW,6BAA6B,KAAK,2BAA2B;AACtE,UACE,0BAA0B,YAC1B,0BAA0B,aAAa,aACvC;AACA,eAAO,uBACL,0BAA0B,gBAAgB;;;AAIhD,WAAO;;;;;;;;EAST,kBAAkB,aAAmB;AACnC,WACE,KAAK,4BAA4B,WAAW,MAClB,aAC1B,KAAK,4BAA4B,WAAW,MAAC;;;;;;;;EAUjD,uBAAoB;AAClB,WACE,KAAK;MAAgE;;IAAA,KACrE,KAAK;MAAuD;;IAAA;;AAGjE;AC3HM,eAAe,mBAAmB,MAAU;AACjD,UAEI,MAAM;IACJ;IAGD;IAAA;;EAAA,GACD,oBAAoB;AAE1B;AAmBO,eAAe,mBACpB,MACA,SAAkC;AAElC,SAAO,mBAIL,MAGA,OAAA,uBAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AChDO,eAAe,cACpB,MACA,SAA6B;AAE7B,SAAO,mBACL,MAGA,QAAA,uBAAA,OAAO;AAEX;AAoBO,eAAe,qBACpB,MACA,SAAoC;AAEpC,SAAO,mBAGL,MAAkD,QAAA,uBAAA,OAAO;AAC7D;AAyBO,eAAe,eACpB,MACA,SAA8B;AAE9B,SAAO,mBACL,MAGA,QAAA,uBAAA,OAAO;AAEX;ACjFM,SAAU,yBACd,cAA8B;AAE9B,MAAI,CAAC,cAAc;AACjB,WAAO;;AAET,MAAI;AAEF,UAAM,OAAO,IAAI,KAAK,OAAO,YAAY,CAAC;AAE1C,QAAI,CAAC,MAAM,KAAK,QAAO,CAAE,GAAG;AAE1B,aAAO,KAAK,YAAW;;WAElB,GAAG;;AAGZ,SAAO;AACT;SCGgB,WAAW,MAAY,eAAe,OAAK;AACzD,SAAO,mBAAmB,IAAI,EAAE,WAAW,YAAY;AACzD;AAcO,eAAe,iBACpB,MACA,eAAe,OAAK;AAEpB,QAAM,eAAe,mBAAmB,IAAI;AAC5C,QAAM,QAAQ,MAAM,aAAa,WAAW,YAAY;AACxD,QAAM,SAAS,YAAY,KAAK;AAEhC;IACE,UAAU,OAAO,OAAO,OAAO,aAAa,OAAO;IACnD,aAAa;IAAI;;EAAA;AAGnB,QAAM,WACJ,OAAO,OAAO,aAAa,WAAW,OAAO,WAAW;AAE1D,QAAM,iBAAqC,WAAW,kBAAkB;AAExE,SAAO;IACL;IACA;IACA,UAAU,yBACR,4BAA4B,OAAO,SAAS,CAAC;IAE/C,cAAc,yBACZ,4BAA4B,OAAO,GAAG,CAAC;IAEzC,gBAAgB,yBACd,4BAA4B,OAAO,GAAG,CAAC;IAEzC,gBAAgB,kBAAkB;IAClC,oBAAoB,WAAW,uBAAuB,KAAK;;AAE/D;AAEA,SAAS,4BAA4B,SAAe;AAClD,SAAO,OAAO,OAAO,IAAI;AAC3B;AAEM,SAAU,YAAY,OAAa;AACvC,QAAM,CAAC,WAAW,SAAS,SAAS,IAAI,MAAM,MAAM,GAAG;AACvD,MACE,cAAc,UACd,YAAY,UACZ,cAAc,QACd;AACA,cAAU,gDAAgD;AAC1D,WAAO;;AAGT,MAAI;AACF,UAAM,UAAU,aAAa,OAAO;AACpC,QAAI,CAAC,SAAS;AACZ,gBAAU,qCAAqC;AAC/C,aAAO;;AAET,WAAO,KAAK,MAAM,OAAO;WAClB,GAAG;AACV,cACE,4CACC,GAAa,SAAQ,CAAE;AAE1B,WAAO;;AAEX;AAKM,SAAU,gBAAgB,OAAa;AAC3C,QAAM,cAAc,YAAY,KAAK;AACrC;IAAQ;IAAW;;EAAA;AACnB;IAAQ,OAAO,YAAY,QAAQ;IAAW;;EAAA;AAC9C;IAAQ,OAAO,YAAY,QAAQ;IAAW;;EAAA;AAC9C,SAAO,OAAO,YAAY,GAAG,IAAI,OAAO,YAAY,GAAG;AACzD;AC3GO,eAAe,qBACpB,MACA,SACA,kBAAkB,OAAK;AAEvB,MAAI,iBAAiB;AACnB,WAAO;;AAET,MAAI;AACF,WAAO,MAAM;WACN,GAAG;AACV,QAAI,aAAa,iBAAiB,kBAAkB,CAAC,GAAG;AACtD,UAAI,KAAK,KAAK,gBAAgB,MAAM;AAClC,cAAM,KAAK,KAAK,QAAO;;;AAI3B,UAAM;;AAEV;AAEA,SAAS,kBAAkB,EAAE,KAAI,GAAiB;AAChD,SACE,SAAS,QAAQ,eAAA,MACjB,SAAS,QAAQ,oBAA2B;AAEhD;ICpBa,yBAAgB;EAU3B,YAA6B,MAAkB;AAAlB,SAAI,OAAJ;AATrB,SAAS,YAAG;AAMZ,SAAO,UAAe;AACtB,SAAA,eAA0C;;EAIlD,SAAM;AACJ,QAAI,KAAK,WAAW;AAClB;;AAGF,SAAK,YAAY;AACjB,SAAK,SAAQ;;EAGf,QAAK;AACH,QAAI,CAAC,KAAK,WAAW;AACnB;;AAGF,SAAK,YAAY;AACjB,QAAI,KAAK,YAAY,MAAM;AACzB,mBAAa,KAAK,OAAO;;;EAIrB,YAAY,UAAiB;AACnC,QAAI,UAAU;AACZ,YAAM,WAAW,KAAK;AACtB,WAAK,eAAe,KAAK;QACvB,KAAK,eAAe;QAAC;;MAAA;AAGvB,aAAO;WACF;AAEL,WAAK,eAAY;AACjB,YAAM,UAAU,KAAK,KAAK,gBAAgB,kBAAkB;AAC5D,YAAM,WAAW,UAAU,KAAK,IAAG,IAAE;AAErC,aAAO,KAAK,IAAI,GAAG,QAAQ;;;EAIvB,SAAS,WAAW,OAAK;AAC/B,QAAI,CAAC,KAAK,WAAW;AAEnB;;AAGF,UAAM,WAAW,KAAK,YAAY,QAAQ;AAC1C,SAAK,UAAU,WAAW,YAAW;AACnC,YAAM,KAAK,UAAS;OACnB,QAAQ;;EAGL,MAAM,YAAS;AACrB,QAAI;AACF,YAAM,KAAK,KAAK,WAAW,IAAI;aACxB,GAAG;AAEV,UACG,GAAqB,SACtB,QAAQ,wBAAA,IACR;AACA,aAAK;;UAAwB;QAAI;;AAGnC;;AAEF,SAAK,SAAQ;;AAEhB;ICrFY,qBAAY;EAIvB,YACU,WACA,aAA6B;AAD7B,SAAS,YAAT;AACA,SAAW,cAAX;AAER,SAAK,gBAAe;;EAGd,kBAAe;AACrB,SAAK,iBAAiB,yBAAyB,KAAK,WAAW;AAC/D,SAAK,eAAe,yBAAyB,KAAK,SAAS;;EAG7D,MAAM,UAAsB;AAC1B,SAAK,YAAY,SAAS;AAC1B,SAAK,cAAc,SAAS;AAC5B,SAAK,gBAAe;;EAGtB,SAAM;AACJ,WAAO;MACL,WAAW,KAAK;MAChB,aAAa,KAAK;;;AAGvB;ACnBM,eAAe,qBAAqB,MAAkB;AAC3D,QAAM,OAAO,KAAK;AAClB,QAAM,UAAU,MAAM,KAAK,WAAU;AACrC,QAAM,WAAW,MAAM,qBACrB,MACA,eAAe,MAAM,EAAE,QAAO,CAAE,CAAC;AAGnC;IAAQ,UAAU,MAAM;IAAQ;IAAI;;EAAA;AAEpC,QAAM,cAAc,SAAS,MAAM,CAAC;AAEpC,OAAK,sBAAsB,WAAW;AAEtC,QAAM,kBAAkB,YAAY,kBAAkB,SAClD,oBAAoB,YAAY,gBAAgB,IAChD,CAAA;AAEJ,QAAM,eAAe,kBAAkB,KAAK,cAAc,eAAe;AAOzE,QAAM,iBAAiB,KAAK;AAC5B,QAAM,iBACJ,EAAE,KAAK,SAAS,YAAY,iBAAiB,CAAC,cAAc;AAC9D,QAAM,cAAc,CAAC,iBAAiB,QAAQ;AAE9C,QAAM,UAAiC;IACrC,KAAK,YAAY;IACjB,aAAa,YAAY,eAAe;IACxC,UAAU,YAAY,YAAY;IAClC,OAAO,YAAY,SAAS;IAC5B,eAAe,YAAY,iBAAiB;IAC5C,aAAa,YAAY,eAAe;IACxC,UAAU,YAAY,YAAY;IAClC;IACA,UAAU,IAAI,aAAa,YAAY,WAAW,YAAY,WAAW;IACzE;;AAGF,SAAO,OAAO,MAAM,OAAO;AAC7B;AASO,eAAe,OAAO,MAAU;AACrC,QAAM,eAA6B,mBAAmB,IAAI;AAC1D,QAAM,qBAAqB,YAAY;AAKvC,QAAM,aAAa,KAAK,sBAAsB,YAAY;AAC1D,eAAa,KAAK,0BAA0B,YAAY;AAC1D;AAEA,SAAS,kBACP,UACA,SAAmB;AAEnB,QAAM,UAAU,SAAS,OACvB,OAAK,CAAC,QAAQ,KAAK,OAAK,EAAE,eAAe,EAAE,UAAU,CAAC;AAExD,SAAO,CAAC,GAAG,SAAS,GAAG,OAAO;AAChC;AAEM,SAAU,oBAAoB,WAA6B;AAC/D,SAAO,UAAU,IAAI,CAAC,EAAE,YAAY,GAAG,SAAQ,MAAM;AACnD,WAAO;MACL;MACA,KAAK,SAAS,SAAS;MACvB,aAAa,SAAS,eAAe;MACrC,OAAO,SAAS,SAAS;MACzB,aAAa,SAAS,eAAe;MACrC,UAAU,SAAS,YAAY;;EAEnC,CAAC;AACH;ACrDO,eAAe,gBACpB,MACA,cAAoB;AAEpB,QAAM,WACJ,MAAM,+BACJ,MACA,CAAA,GACA,YAAW;AACT,UAAM,OAAO,YAAY;MACvB,cAAc;MACd,iBAAiB;IAClB,CAAA,EAAE,MAAM,CAAC;AACV,UAAM,EAAE,cAAc,OAAM,IAAK,KAAK;AACtC,UAAM,MAAM,MAAM,gBAChB,MACA,cAEA,aAAA,OAAO,MAAM,EAAE;AAGjB,UAAM,UAAU,MAAO,KAAsB,sBAAqB;AAClE;MAAO;;IAAA,IAA4B;AAEnC,UAAM,UAAuB;MAC3B,QAAuB;MACvB;MACA;;AAEF,QACE,KAAK,kBACL,mBAAmB,KAAK,eAAe,IAAI,GAC3C;AACA,cAAQ,cAAc;;AAExB,WAAO,cAAc,MAAK,EAAG,KAAK,OAAO;EAC3C,CAAC;AAIL,SAAO;IACL,aAAa,SAAS;IACtB,WAAW,SAAS;IACpB,cAAc,SAAS;;AAE3B;AAEO,eAAe,YACpB,MACA,SAA2B;AAE3B,SAAO,mBACL,MAGA,QAAA,4BAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;IC/Ea,wBAAA,iBAAe;EAA5B,cAAA;AACE,SAAY,eAAkB;AAC9B,SAAW,cAAkB;AAC7B,SAAc,iBAAkB;;EAEhC,IAAI,YAAS;AACX,WACE,CAAC,KAAK,kBACN,KAAK,IAAG,IAAK,KAAK,iBAAqC;;EAI3D,yBACE,UAA+C;AAE/C;MAAQ,SAAS;MAAO;;IAAA;AACxB;MACE,OAAO,SAAS,YAAY;MAAW;;IAAA;AAGzC;MACE,OAAO,SAAS,iBAAiB;MAAW;;IAAA;AAG9C,UAAM,YACJ,eAAe,YAAY,OAAO,SAAS,cAAc,cACrD,OAAO,SAAS,SAAS,IACzB,gBAAgB,SAAS,OAAO;AACtC,SAAK,0BACH,SAAS,SACT,SAAS,cACT,SAAS;;EAIb,kBAAkB,SAAe;AAC/B;MAAQ,QAAQ,WAAW;MAAC;;IAAA;AAC5B,UAAM,YAAY,gBAAgB,OAAO;AACzC,SAAK,0BAA0B,SAAS,MAAM,SAAS;;EAGzD,MAAM,SACJ,MACA,eAAe,OAAK;AAEpB,QAAI,CAAC,gBAAgB,KAAK,eAAe,CAAC,KAAK,WAAW;AACxD,aAAO,KAAK;;AAGd;MAAQ,KAAK;MAAc;MAAI;;IAAA;AAE/B,QAAI,KAAK,cAAc;AACrB,YAAM,KAAK,QAAQ,MAAM,KAAK,YAAa;AAC3C,aAAO,KAAK;;AAGd,WAAO;;EAGT,oBAAiB;AACf,SAAK,eAAe;;EAGd,MAAM,QAAQ,MAAoB,UAAgB;AACxD,UAAM,EAAE,aAAa,cAAc,UAAS,IAAK,MAAM,gBACrD,MACA,QAAQ;AAEV,SAAK,0BACH,aACA,cACA,OAAO,SAAS,CAAC;;EAIb,0BACN,aACA,cACA,cAAoB;AAEpB,SAAK,eAAe,gBAAgB;AACpC,SAAK,cAAc,eAAe;AAClC,SAAK,iBAAiB,KAAK,IAAG,IAAK,eAAe;;EAGpD,OAAO,SAAS,SAAiB,QAAqB;AACpD,UAAM,EAAE,cAAc,aAAa,eAAc,IAAK;AAEtD,UAAM,UAAU,IAAI,iBAAe;AACnC,QAAI,cAAc;AAChB,cAAQ,OAAO,iBAAiB,UAAwC,kBAAA;QACtE;MACD,CAAA;AACD,cAAQ,eAAe;;AAEzB,QAAI,aAAa;AACf,cAAQ,OAAO,gBAAgB,UAAwC,kBAAA;QACrE;MACD,CAAA;AACD,cAAQ,cAAc;;AAExB,QAAI,gBAAgB;AAClB,cACE,OAAO,mBAAmB,UAE1B,kBAAA;QACE;MACD,CAAA;AAEH,cAAQ,iBAAiB;;AAE3B,WAAO;;EAGT,SAAM;AACJ,WAAO;MACL,cAAc,KAAK;MACnB,aAAa,KAAK;MAClB,gBAAgB,KAAK;;;EAIzB,QAAQ,iBAAgC;AACtC,SAAK,cAAc,gBAAgB;AACnC,SAAK,eAAe,gBAAgB;AACpC,SAAK,iBAAiB,gBAAgB;;EAGxC,SAAM;AACJ,WAAO,OAAO,OAAO,IAAI,iBAAe,GAAI,KAAK,OAAM,CAAE;;EAG3D,kBAAe;AACb,WAAO,UAAU,iBAAiB;;AAErC;AChID,SAAS,wBACP,WACA,SAAe;AAEf,UACE,OAAO,cAAc,YAAY,OAAO,cAAc,aAEtD,kBAAA,EAAE,QAAO,CAAE;AAEf;IAEa,iBAAA,UAAQ;EAwBnB,YAAY,EAAE,KAAK,MAAM,iBAAiB,GAAG,IAAG,GAAkB;AAtBzD,SAAA,aAAiC;AAoBzB,SAAA,mBAAmB,IAAI,iBAAiB,IAAI;AA6CrD,SAAc,iBAAuB;AACrC,SAAc,iBAA+B;AA3CnD,SAAK,MAAM;AACX,SAAK,OAAO;AACZ,SAAK,kBAAkB;AACvB,SAAK,cAAc,gBAAgB;AACnC,SAAK,cAAc,IAAI,eAAe;AACtC,SAAK,QAAQ,IAAI,SAAS;AAC1B,SAAK,gBAAgB,IAAI,iBAAiB;AAC1C,SAAK,cAAc,IAAI,eAAe;AACtC,SAAK,WAAW,IAAI,YAAY;AAChC,SAAK,cAAc,IAAI,eAAe;AACtC,SAAK,WAAW,IAAI,YAAY;AAChC,SAAK,eAAe,IAAI,eAAe,CAAC,GAAG,IAAI,YAAY,IAAI,CAAA;AAC/D,SAAK,WAAW,IAAI,aAClB,IAAI,aAAa,QACjB,IAAI,eAAe,MAAS;;EAIhC,MAAM,WAAW,cAAsB;AACrC,UAAM,cAAc,MAAM,qBACxB,MACA,KAAK,gBAAgB,SAAS,KAAK,MAAM,YAAY,CAAC;AAExD;MAAQ;MAAa,KAAK;MAAI;;IAAA;AAE9B,QAAI,KAAK,gBAAgB,aAAa;AACpC,WAAK,cAAc;AACnB,YAAM,KAAK,KAAK,sBAAsB,IAAI;AAC1C,WAAK,KAAK,0BAA0B,IAAI;;AAG1C,WAAO;;EAGT,iBAAiB,cAAsB;AACrC,WAAO,iBAAiB,MAAM,YAAY;;EAG5C,SAAM;AACJ,WAAO,OAAO,IAAI;;EAMpB,QAAQ,MAAkB;AACxB,QAAI,SAAS,MAAM;AACjB;;AAEF;MAAQ,KAAK,QAAQ,KAAK;MAAK,KAAK;MAAI;;IAAA;AACxC,SAAK,cAAc,KAAK;AACxB,SAAK,WAAW,KAAK;AACrB,SAAK,QAAQ,KAAK;AAClB,SAAK,gBAAgB,KAAK;AAC1B,SAAK,cAAc,KAAK;AACxB,SAAK,cAAc,KAAK;AACxB,SAAK,WAAW,KAAK;AACrB,SAAK,eAAe,KAAK,aAAa,IAAI,eAAa,EAAE,GAAG,SAAQ,EAAG;AACvE,SAAK,SAAS,MAAM,KAAK,QAAQ;AACjC,SAAK,gBAAgB,QAAQ,KAAK,eAAe;;EAGnD,OAAO,MAAkB;AACvB,UAAM,UAAU,IAAI,UAAS;MAC3B,GAAG;MACH;MACA,iBAAiB,KAAK,gBAAgB,OAAM;IAC7C,CAAA;AACD,YAAQ,SAAS,MAAM,KAAK,QAAQ;AACpC,WAAO;;EAGT,UAAU,UAA6B;AAErC;MAAQ,CAAC,KAAK;MAAgB,KAAK;MAAI;;IAAA;AACvC,SAAK,iBAAiB;AACtB,QAAI,KAAK,gBAAgB;AACvB,WAAK,sBAAsB,KAAK,cAAc;AAC9C,WAAK,iBAAiB;;;EAI1B,sBAAsB,UAAqB;AACzC,QAAI,KAAK,gBAAgB;AACvB,WAAK,eAAe,QAAQ;WACvB;AAEL,WAAK,iBAAiB;;;EAI1B,yBAAsB;AACpB,SAAK,iBAAiB,OAAM;;EAG9B,wBAAqB;AACnB,SAAK,iBAAiB,MAAK;;EAG7B,MAAM,yBACJ,UACAA,UAAS,OAAK;AAEd,QAAI,kBAAkB;AACtB,QACE,SAAS,WACT,SAAS,YAAY,KAAK,gBAAgB,aAC1C;AACA,WAAK,gBAAgB,yBAAyB,QAAQ;AACtD,wBAAkB;;AAGpB,QAAIA,SAAQ;AACV,YAAM,qBAAqB,IAAI;;AAGjC,UAAM,KAAK,KAAK,sBAAsB,IAAI;AAC1C,QAAI,iBAAiB;AACnB,WAAK,KAAK,0BAA0B,IAAI;;;EAI5C,MAAM,SAAM;AACV,QAAI,qBAAqB,KAAK,KAAK,GAAG,GAAG;AACvC,aAAO,QAAQ,OACb,gDAAgD,KAAK,IAAI,CAAC;;AAG9D,UAAM,UAAU,MAAM,KAAK,WAAU;AACrC,UAAM,qBAAqB,MAAM,cAAc,KAAK,MAAM,EAAE,QAAO,CAAE,CAAC;AACtE,SAAK,gBAAgB,kBAAiB;AAKtC,WAAO,KAAK,KAAK,QAAO;;EAG1B,SAAM;AACJ,WAAO;MACL,KAAK,KAAK;MACV,OAAO,KAAK,SAAS;MACrB,eAAe,KAAK;MACpB,aAAa,KAAK,eAAe;MACjC,aAAa,KAAK;MAClB,UAAU,KAAK,YAAY;MAC3B,aAAa,KAAK,eAAe;MACjC,UAAU,KAAK,YAAY;MAC3B,cAAc,KAAK,aAAa,IAAI,eAAa,EAAE,GAAG,SAAQ,EAAG;MACjE,iBAAiB,KAAK,gBAAgB,OAAM;;;MAG5C,kBAAkB,KAAK;MACvB,GAAG,KAAK,SAAS,OAAM;;MAGvB,QAAQ,KAAK,KAAK,OAAO;MACzB,SAAS,KAAK,KAAK;;;;;EAMvB,IAAI,eAAY;AACd,WAAO,KAAK,gBAAgB,gBAAgB;;EAG9C,OAAO,UAAU,MAAoB,QAAqB;AACxD,UAAM,cAAc,OAAO,eAAe;AAC1C,UAAM,QAAQ,OAAO,SAAS;AAC9B,UAAM,cAAc,OAAO,eAAe;AAC1C,UAAM,WAAW,OAAO,YAAY;AACpC,UAAM,WAAW,OAAO,YAAY;AACpC,UAAM,mBAAmB,OAAO,oBAAoB;AACpD,UAAM,YAAY,OAAO,aAAa;AACtC,UAAM,cAAc,OAAO,eAAe;AAC1C,UAAM,EACJ,KACA,eACA,aACA,cACA,iBAAiB,wBAAuB,IACtC;AAEJ;MAAQ,OAAO;MAAyB;MAAI;;IAAA;AAE5C,UAAM,kBAAkB,gBAAgB,SACtC,KAAK,MACL,uBAAwC;AAG1C;MAAQ,OAAO,QAAQ;MAAU;MAAI;;IAAA;AACrC,4BAAwB,aAAa,KAAK,IAAI;AAC9C,4BAAwB,OAAO,KAAK,IAAI;AACxC;MACE,OAAO,kBAAkB;MACzB;MAAI;;IAAA;AAGN;MACE,OAAO,gBAAgB;MACvB;MAAI;;IAAA;AAGN,4BAAwB,aAAa,KAAK,IAAI;AAC9C,4BAAwB,UAAU,KAAK,IAAI;AAC3C,4BAAwB,UAAU,KAAK,IAAI;AAC3C,4BAAwB,kBAAkB,KAAK,IAAI;AACnD,4BAAwB,WAAW,KAAK,IAAI;AAC5C,4BAAwB,aAAa,KAAK,IAAI;AAC9C,UAAM,OAAO,IAAI,UAAS;MACxB;MACA;MACA;MACA;MACA;MACA;MACA;MACA;MACA;MACA;MACA;MACA;IACD,CAAA;AAED,QAAI,gBAAgB,MAAM,QAAQ,YAAY,GAAG;AAC/C,WAAK,eAAe,aAAa,IAAI,eAAa,EAAE,GAAG,SAAQ,EAAG;;AAGpE,QAAI,kBAAkB;AACpB,WAAK,mBAAmB;;AAG1B,WAAO;;;;;;;EAQT,aAAa,qBACX,MACA,iBACA,cAAuB,OAAK;AAE5B,UAAM,kBAAkB,IAAI,gBAAe;AAC3C,oBAAgB,yBAAyB,eAAe;AAGxD,UAAM,OAAO,IAAI,UAAS;MACxB,KAAK,gBAAgB;MACrB;MACA;MACA;IACD,CAAA;AAGD,UAAM,qBAAqB,IAAI;AAC/B,WAAO;;;;;;;EAQT,aAAa,4BACX,MACA,UACA,SAAe;AAEf,UAAM,cAAc,SAAS,MAAM,CAAC;AACpC;MAAQ,YAAY,YAAY;MAAS;;IAAA;AAEzC,UAAM,eACJ,YAAY,qBAAqB,SAC7B,oBAAoB,YAAY,gBAAgB,IAChD,CAAA;AAEN,UAAM,cACJ,EAAE,YAAY,SAAS,YAAY,iBAAiB,CAAC,cAAc;AAErE,UAAM,kBAAkB,IAAI,gBAAe;AAC3C,oBAAgB,kBAAkB,OAAO;AAGzC,UAAM,OAAO,IAAI,UAAS;MACxB,KAAK,YAAY;MACjB;MACA;MACA;IACD,CAAA;AAGD,UAAM,UAAiC;MACrC,KAAK,YAAY;MACjB,aAAa,YAAY,eAAe;MACxC,UAAU,YAAY,YAAY;MAClC,OAAO,YAAY,SAAS;MAC5B,eAAe,YAAY,iBAAiB;MAC5C,aAAa,YAAY,eAAe;MACxC,UAAU,YAAY,YAAY;MAClC;MACA,UAAU,IAAI,aACZ,YAAY,WACZ,YAAY,WAAW;MAEzB,aACE,EAAE,YAAY,SAAS,YAAY,iBACnC,CAAC,cAAc;;AAGnB,WAAO,OAAO,MAAM,OAAO;AAC3B,WAAO;;AAEV;ACjXD,IAAM,gBAAuC,oBAAI,IAAG;AAE9C,SAAU,aAAgB,KAAY;AAC1C,cAAY,eAAe,UAAU,6BAA6B;AAClE,MAAI,WAAW,cAAc,IAAI,GAAG;AAEpC,MAAI,UAAU;AACZ,gBACE,oBAAoB,KACpB,gDAAgD;AAElD,WAAO;;AAGT,aAAW,IAAK,IAAgC;AAChD,gBAAc,IAAI,KAAK,QAAQ;AAC/B,SAAO;AACT;ICrBa,4BAAmB;EAAhC,cAAA;AAEW,SAAA,OAA4B;AACrC,SAAO,UAAqC,CAAA;;EAE5C,MAAM,eAAY;AAChB,WAAO;;EAGT,MAAM,KAAK,KAAa,OAAuB;AAC7C,SAAK,QAAQ,GAAG,IAAI;;EAGtB,MAAM,KAAiC,KAAW;AAChD,UAAM,QAAQ,KAAK,QAAQ,GAAG;AAC9B,WAAO,UAAU,SAAY,OAAQ;;EAGvC,MAAM,QAAQ,KAAW;AACvB,WAAO,KAAK,QAAQ,GAAG;;EAGzB,aAAa,MAAc,WAA+B;AAExD;;EAGF,gBAAgB,MAAc,WAA+B;AAE3D;;;AA5BK,oBAAI,OAAW;AAqCjB,IAAM,sBAAmC;SC7BhC,oBACd,KACA,QACA,SAAgB;AAEhB,SAAO,GAAG,UAAA,IAAyB,GAAG,IAAI,MAAM,IAAI,OAAO;AAC7D;IAEa,+BAAA,wBAAsB;EAKjC,YACS,aACU,MACA,SAAe;AAFzB,SAAW,cAAX;AACU,SAAI,OAAJ;AACA,SAAO,UAAP;AAEjB,UAAM,EAAE,QAAQ,MAAAC,MAAI,IAAK,KAAK;AAC9B,SAAK,cAAc,oBAAoB,KAAK,SAAS,OAAO,QAAQA,KAAI;AACxE,SAAK,qBAAqB,oBAAmB,eAE3C,OAAO,QACPA,KAAI;AAEN,SAAK,oBAAoB,KAAK,gBAAgB,KAAK,IAAI;AACvD,SAAK,YAAY,aAAa,KAAK,aAAa,KAAK,iBAAiB;;EAGxE,eAAe,MAAkB;AAC/B,WAAO,KAAK,YAAY,KAAK,KAAK,aAAa,KAAK,OAAM,CAAE;;EAG9D,MAAM,iBAAc;AAClB,UAAM,OAAO,MAAM,KAAK,YAAY,KAClC,KAAK,WAAW;AAElB,QAAI,CAAC,MAAM;AACT,aAAO;;AAET,QAAI,OAAO,SAAS,UAAU;AAC5B,YAAM,WAAW,MAAM,eAAe,KAAK,MAAM,EAAE,SAAS,KAAI,CAAE,EAAE,MAClE,MAAM,MAAS;AAEjB,UAAI,CAAC,UAAU;AACb,eAAO;;AAET,aAAO,SAAS,4BAA4B,KAAK,MAAM,UAAU,IAAI;;AAEvE,WAAO,SAAS,UAAU,KAAK,MAAM,IAAI;;EAG3C,oBAAiB;AACf,WAAO,KAAK,YAAY,QAAQ,KAAK,WAAW;;EAGlD,6BAA0B;AACxB,WAAO,KAAK,YAAY,KACtB,KAAK,oBACL,KAAK,YAAY,IAAI;;EAIzB,MAAM,eAAe,gBAAmC;AACtD,QAAI,KAAK,gBAAgB,gBAAgB;AACvC;;AAGF,UAAM,cAAc,MAAM,KAAK,eAAc;AAC7C,UAAM,KAAK,kBAAiB;AAE5B,SAAK,cAAc;AAEnB,QAAI,aAAa;AACf,aAAO,KAAK,eAAe,WAAW;;;EAI1C,SAAM;AACJ,SAAK,YAAY,gBAAgB,KAAK,aAAa,KAAK,iBAAiB;;EAG3E,aAAa,OACX,MACA,sBACA,UAA2B,YAAA;AAE3B,QAAI,CAAC,qBAAqB,QAAQ;AAChC,aAAO,IAAI,wBACT,aAAa,mBAAmB,GAChC,MACA,OAAO;;AAKX,UAAM,yBACJ,MAAM,QAAQ,IACZ,qBAAqB,IAAI,OAAM,gBAAc;AAC3C,UAAI,MAAM,YAAY,aAAY,GAAI;AACpC,eAAO;;AAET,aAAO;IACT,CAAC,CAAC,GAEJ,OAAO,iBAAe,WAAW;AAGnC,QAAI,sBACF,sBAAsB,CAAC,KACvB,aAAkC,mBAAmB;AAEvD,UAAM,MAAM,oBAAoB,SAAS,KAAK,OAAO,QAAQ,KAAK,IAAI;AAItE,QAAI,gBAAqC;AAIzC,eAAW,eAAe,sBAAsB;AAC9C,UAAI;AACF,cAAM,OAAO,MAAM,YAAY,KAA6B,GAAG;AAC/D,YAAI,MAAM;AACR,cAAI;AACJ,cAAI,OAAO,SAAS,UAAU;AAC5B,kBAAM,WAAW,MAAM,eAAe,MAAM;cAC1C,SAAS;aACV,EAAE,MAAM,MAAM,MAAS;AACxB,gBAAI,CAAC,UAAU;AACb;;AAEF,mBAAO,MAAM,SAAS,4BACpB,MACA,UACA,IAAI;iBAED;AACL,mBAAO,SAAS,UAAU,MAAM,IAAI;;AAEtC,cAAI,gBAAgB,qBAAqB;AACvC,4BAAgB;;AAElB,gCAAsB;AACtB;;cAEI;MAAA;;AAKV,UAAM,qBAAqB,sBAAsB,OAC/C,OAAK,EAAE,qBAAqB;AAI9B,QACE,CAAC,oBAAoB,yBACrB,CAAC,mBAAmB,QACpB;AACA,aAAO,IAAI,wBAAuB,qBAAqB,MAAM,OAAO;;AAGtE,0BAAsB,mBAAmB,CAAC;AAC1C,QAAI,eAAe;AAGjB,YAAM,oBAAoB,KAAK,KAAK,cAAc,OAAM,CAAE;;AAK5D,UAAM,QAAQ,IACZ,qBAAqB,IAAI,OAAM,gBAAc;AAC3C,UAAI,gBAAgB,qBAAqB;AACvC,YAAI;AACF,gBAAM,YAAY,QAAQ,GAAG;gBACvB;QAAA;;KAEX,CAAC;AAEJ,WAAO,IAAI,wBAAuB,qBAAqB,MAAM,OAAO;;AAEvE;AC1KK,SAAU,gBAAgB,WAAiB;AAC/C,QAAM,KAAK,UAAU,YAAW;AAChC,MAAI,GAAG,SAAS,QAAQ,KAAK,GAAG,SAAS,MAAM,KAAK,GAAG,SAAS,QAAQ,GAAG;AACzE,WAAyB;aAChB,YAAY,EAAE,GAAG;AAE1B,WAA4B;aACnB,GAAG,SAAS,MAAM,KAAK,GAAG,SAAS,UAAU,GAAG;AACzD,WAAsB;aACb,GAAG,SAAS,OAAO,GAAG;AAC/B,WAAwB;aACf,WAAW,EAAE,GAAG;AACzB,WAA2B;aAClB,GAAG,SAAS,OAAO,GAAG;AAC/B,WAAwB;aACf,cAAc,EAAE,GAAG;AAE5B,WAA8B;aACrB,SAAS,EAAE,GAAG;AAEvB,WAAyB;aAChB,UAAU,EAAE,GAAG;AACxB,WAA0B;cAEzB,GAAG,SAAS,SAAS,KAAK,aAAa,EAAE,MAC1C,CAAC,GAAG,SAAS,OAAO,GACpB;AACA,WAA0B;aACjB,WAAW,EAAE,GAAG;AAEzB,WAA2B;SACtB;AAEL,UAAM,KAAK;AACX,UAAM,UAAU,UAAU,MAAM,EAAE;AAClC,QAAI,SAAS,WAAW,GAAG;AACzB,aAAO,QAAQ,CAAC;;;AAGpB,SAAyB;AAC3B;SAEgB,WAAW,KAAK,MAAK,GAAE;AACrC,SAAO,aAAa,KAAK,EAAE;AAC7B;SAEgB,UAAU,YAAY,MAAK,GAAE;AAC3C,QAAM,KAAK,UAAU,YAAW;AAChC,SACE,GAAG,SAAS,SAAS,KACrB,CAAC,GAAG,SAAS,SAAS,KACtB,CAAC,GAAG,SAAS,QAAQ,KACrB,CAAC,GAAG,SAAS,SAAS;AAE1B;SAEgB,aAAa,KAAK,MAAK,GAAE;AACvC,SAAO,WAAW,KAAK,EAAE;AAC3B;SAEgB,YAAY,KAAK,MAAK,GAAE;AACtC,SAAO,YAAY,KAAK,EAAE;AAC5B;SAEgB,WAAW,KAAK,MAAK,GAAE;AACrC,SAAO,WAAW,KAAK,EAAE;AAC3B;SAEgB,cAAc,KAAK,MAAK,GAAE;AACxC,SAAO,cAAc,KAAK,EAAE;AAC9B;SAEgB,SAAS,KAAK,MAAK,GAAE;AACnC,SAAO,SAAS,KAAK,EAAE;AACzB;SAEgB,OAAO,KAAK,MAAK,GAAE;AACjC,SACE,oBAAoB,KAAK,EAAE,KAC1B,aAAa,KAAK,EAAE,KAAK,UAAU,KAAK,EAAE;AAE/C;SASgB,iBAAiB,KAAK,MAAK,GAAE;AAC3C,SAAO,OAAO,EAAE,KAAK,CAAC,CAAE,OAAO,WAAmC;AACpE;SAEgB,UAAO;AACrB,SAAO,KAAI,KAAO,SAAsB,iBAAiB;AAC3D;AAEgB,SAAA,iBAAiB,KAAa,MAAK,GAAE;AAEnD,SACE,OAAO,EAAE,KACT,WAAW,EAAE,KACb,SAAS,EAAE,KACX,cAAc,EAAE,KAChB,iBAAiB,KAAK,EAAE,KACxB,YAAY,EAAE;AAElB;SCpHgB,kBACd,gBACA,aAAgC,CAAA,GAAE;AAElC,MAAI;AACJ,UAAQ,gBAAc;IACpB,KAAA;AAEE,yBAAmB,gBAAgB,MAAK,CAAE;AAC1C;IACF,KAAA;AAIE,yBAAmB,GAAG,gBAAgB,MAAK,CAAE,CAAC,IAAI,cAAc;AAChE;IACF;AACE,yBAAmB;;AAEvB,QAAM,qBAAqB,WAAW,SAClC,WAAW,KAAK,GAAG,IACnB;AACJ,SAAO,GAAG,gBAAgB,IAAI,QAAA,IAA6B,WAAW,IAAI,kBAAkB;AAC9F;ICrCa,4BAAmB;EAG9B,YAA6B,MAAkB;AAAlB,SAAI,OAAJ;AAFZ,SAAK,QAAsB,CAAA;;EAI5C,aACE,UACA,SAAoB;AAIpB,UAAM,kBAAmC,CACvC,SAEA,IAAI,QAAQ,CAAC,SAAS,WAAU;AAC9B,UAAI;AACF,cAAM,SAAS,SAAS,IAAI;AAG5B,gBAAQ,MAAM;eACP,GAAG;AAEV,eAAO,CAAC;;IAEZ,CAAC;AAEH,oBAAgB,UAAU;AAC1B,SAAK,MAAM,KAAK,eAAe;AAE/B,UAAM,QAAQ,KAAK,MAAM,SAAS;AAClC,WAAO,MAAK;AAGV,WAAK,MAAM,KAAK,IAAI,MAAM,QAAQ,QAAO;IAC3C;;EAGF,MAAM,cAAc,UAAqB;AACvC,QAAI,KAAK,KAAK,gBAAgB,UAAU;AACtC;;AAMF,UAAM,eAAkC,CAAA;AACxC,QAAI;AACF,iBAAW,uBAAuB,KAAK,OAAO;AAC5C,cAAM,oBAAoB,QAAQ;AAGlC,YAAI,oBAAoB,SAAS;AAC/B,uBAAa,KAAK,oBAAoB,OAAO;;;aAG1C,GAAG;AAGV,mBAAa,QAAO;AACpB,iBAAW,WAAW,cAAc;AAClC,YAAI;AACF,kBAAO;iBACA,GAAG;;;AAKd,YAAM,KAAK,KAAK,cAAc,OAAoC,iBAAA;QAChE,iBAAkB,GAAa;MAChC,CAAA;;;AAGN;ACzCM,eAAe,mBACpB,MACA,UAAoC,CAAA,GAAE;AAEtC,SAAO,mBAIL,MAGA,OAAA,sBAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AC5CA,IAAM,8BAA8B;IAOvB,2BAAkB;EAO7B,YAAY,UAAmC;AAE7C,UAAM,kBAAkB,SAAS;AACjC,SAAK,wBAAwB,CAAA;AAE7B,SAAK,sBAAsB,oBACzB,gBAAgB,qBAAqB;AACvC,QAAI,gBAAgB,mBAAmB;AACrC,WAAK,sBAAsB,oBACzB,gBAAgB;;AAEpB,QAAI,gBAAgB,+BAA+B,QAAW;AAC5D,WAAK,sBAAsB,0BACzB,gBAAgB;;AAEpB,QAAI,gBAAgB,+BAA+B,QAAW;AAC5D,WAAK,sBAAsB,0BACzB,gBAAgB;;AAEpB,QAAI,gBAAgB,6BAA6B,QAAW;AAC1D,WAAK,sBAAsB,2BACzB,gBAAgB;;AAEpB,QAAI,gBAAgB,qCAAqC,QAAW;AAClE,WAAK,sBAAsB,mCACzB,gBAAgB;;AAGpB,SAAK,mBAAmB,SAAS;AACjC,QAAI,KAAK,qBAAqB,iCAAiC;AAC7D,WAAK,mBAAmB;;AAI1B,SAAK,mCACH,SAAS,kCAAkC,KAAK,EAAE,KAAK;AAEzD,SAAK,uBAAuB,SAAS,wBAAwB;AAC7D,SAAK,gBAAgB,SAAS;;EAGhC,iBAAiB,UAAgB;AAC/B,UAAM,SAA2C;MAC/C,SAAS;MACT,gBAAgB;;AAIlB,SAAK,8BAA8B,UAAU,MAAM;AACnD,SAAK,iCAAiC,UAAU,MAAM;AAGtD,WAAO,YAAP,OAAO,UAAY,OAAO,0BAA0B;AACpD,WAAO,YAAP,OAAO,UAAY,OAAO,0BAA0B;AACpD,WAAO,YAAP,OAAO,UAAY,OAAO,2BAA2B;AACrD,WAAO,YAAP,OAAO,UAAY,OAAO,2BAA2B;AACrD,WAAO,YAAP,OAAO,UAAY,OAAO,4BAA4B;AACtD,WAAO,YAAP,OAAO,UAAY,OAAO,oCAAoC;AAE9D,WAAO;;;;;;;;EASD,8BACN,UACA,QAAwC;AAExC,UAAM,oBAAoB,KAAK,sBAAsB;AACrD,UAAM,oBAAoB,KAAK,sBAAsB;AACrD,QAAI,mBAAmB;AACrB,aAAO,yBAAyB,SAAS,UAAU;;AAErD,QAAI,mBAAmB;AACrB,aAAO,yBAAyB,SAAS,UAAU;;;;;;;;;EAU/C,iCACN,UACA,QAAwC;AAGxC,SAAK;MACH;;MACkC;;MACA;;MACF;;MACQ;IAAK;AAG/C,QAAI;AACJ,aAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,qBAAe,SAAS,OAAO,CAAC;AAChC,WAAK;QACH;;QACkC,gBAAgB,OAChD,gBAAgB;;QACgB,gBAAgB,OAChD,gBAAgB;;QACc,gBAAgB,OAC9C,gBAAgB;;QACsB,KAAK,iCAAiC,SAC5E,YAAY;MACb;;;;;;;;;;;;;;EAgBC,uCACN,QACA,4BACA,4BACA,0BACA,kCAAyC;AAEzC,QAAI,KAAK,sBAAsB,yBAAyB;AACtD,aAAO,4BAAP,OAAO,0BAA4B;;AAErC,QAAI,KAAK,sBAAsB,yBAAyB;AACtD,aAAO,4BAAP,OAAO,0BAA4B;;AAErC,QAAI,KAAK,sBAAsB,0BAA0B;AACvD,aAAO,6BAAP,OAAO,2BAA6B;;AAEtC,QAAI,KAAK,sBAAsB,kCAAkC;AAC/D,aAAO,qCAAP,OAAO,mCACL;;;AAGP;IC/FY,iBAAQ;EAyCnB,YACkB,KACC,0BACA,yBACD,QAAsB;AAHtB,SAAG,MAAH;AACC,SAAwB,2BAAxB;AACA,SAAuB,0BAAvB;AACD,SAAM,SAAN;AA5ClB,SAAW,cAAgB;AAC3B,SAAc,iBAA0B;AAChC,SAAA,aAAa,QAAQ,QAAO;AAG5B,SAAA,wBAAwB,IAAI,aAAmB,IAAI;AACnD,SAAA,sBAAsB,IAAI,aAAmB,IAAI;AACxC,SAAA,mBAAmB,IAAI,oBAAoB,IAAI;AACxD,SAAY,eAAwB;AACpC,SAAyB,4BAAG;AACnB,SAAuC,0CAAW;AAInE,SAAgB,mBAAG;AACnB,SAAc,iBAAG;AACjB,SAAQ,WAAG;AACX,SAAsB,yBAAyB;AAC/C,SAAsB,yBAAyC;AAC/D,SAAa,gBACX;AACF,SAAqB,wBAA2B;AAChD,SAAuB,0BAAoC,CAAA;AAC3D,SAAsB,yBAAkC;AACxD,SAAuB,0BAA2C,CAAA;AAClE,SAAmC,sCAEnB;AAOR,SAAe,kBAA8B;AAErD,SAAY,eAAkB;AAC9B,SAAQ,WAAkB;AAC1B,SAAA,WAAyB,EAAE,mCAAmC,MAAK;AAqqB3D,SAAU,aAAa,CAAA;AA7pB7B,SAAK,OAAO,IAAI;AAChB,SAAK,gBAAgB,OAAO;AAG5B,SAAK,+BAA+B,IAAI,QACtC,aAAY,KAAK,sCAAsC,OAAQ;;EAInE,2BACE,sBACA,uBAA6C;AAE7C,QAAI,uBAAuB;AACzB,WAAK,yBAAyB,aAAa,qBAAqB;;AAKlE,SAAK,yBAAyB,KAAK,MAAM,YAAW;AAClD,UAAI,KAAK,UAAU;AACjB;;AAGF,WAAK,qBAAqB,MAAM,uBAAuB,OACrD,MACA,oBAAoB;AAEtB,WAAK,sCAAmC;AAExC,UAAI,KAAK,UAAU;AACjB;;AAKF,UAAI,KAAK,wBAAwB,wBAAwB;AAEvD,YAAI;AACF,gBAAM,KAAK,uBAAuB,YAAY,IAAI;iBAC3C,GAAG;;;AAKd,YAAM,KAAK,sBAAsB,qBAAqB;AAEtD,WAAK,kBAAkB,KAAK,aAAa,OAAO;AAEhD,UAAI,KAAK,UAAU;AACjB;;AAGF,WAAK,iBAAiB;IACxB,CAAC;AAED,WAAO,KAAK;;;;;EAMd,MAAM,kBAAe;AACnB,QAAI,KAAK,UAAU;AACjB;;AAGF,UAAM,OAAO,MAAM,KAAK,oBAAoB,eAAc;AAE1D,QAAI,CAAC,KAAK,eAAe,CAAC,MAAM;AAE9B;;AAIF,QAAI,KAAK,eAAe,QAAQ,KAAK,YAAY,QAAQ,KAAK,KAAK;AAEjE,WAAK,aAAa,QAAQ,IAAI;AAG9B,YAAM,KAAK,YAAY,WAAU;AACjC;;AAKF,UAAM,KAAK;MAAmB;;MAAqC;IAAI;;EAGjE,MAAM,iCACZ,SAAe;AAEf,QAAI;AACF,YAAM,WAAW,MAAM,eAAe,MAAM,EAAE,QAAO,CAAE;AACvD,YAAM,OAAO,MAAM,SAAS,4BAC1B,MACA,UACA,OAAO;AAET,YAAM,KAAK,uBAAuB,IAAI;aAC/B,KAAK;AACZ,cAAQ,KACN,sEACA,GAAG;AAEL,YAAM,KAAK,uBAAuB,IAAI;;;EAIlC,MAAM,sBACZ,uBAA6C;AAE7C,QAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,YAAM,UAAU,KAAK,IAAI,SAAS;AAClC,UAAI,SAAS;AAGX,eAAO,IAAI,QAAc,aAAU;AACjC,qBAAW,MACT,KAAK,iCAAiC,OAAO,EAAE,KAC7C,SACA,OAAO,CACR;QAEL,CAAC;aACI;AACL,eAAO,KAAK,uBAAuB,IAAI;;;AAK3C,UAAM,uBACH,MAAM,KAAK,oBAAoB,eAAc;AAChD,QAAI,oBAAoB;AACxB,QAAI,yBAAyB;AAC7B,QAAI,yBAAyB,KAAK,OAAO,YAAY;AACnD,YAAM,KAAK,oCAAmC;AAC9C,YAAM,sBAAsB,KAAK,cAAc;AAC/C,YAAM,oBAAoB,mBAAmB;AAC7C,YAAM,SAAS,MAAM,KAAK,kBAAkB,qBAAqB;AAMjE,WACG,CAAC,uBAAuB,wBAAwB,sBACjD,QAAQ,MACR;AACA,4BAAoB,OAAO;AAC3B,iCAAyB;;;AAK7B,QAAI,CAAC,mBAAmB;AACtB,aAAO,KAAK,uBAAuB,IAAI;;AAGzC,QAAI,CAAC,kBAAkB,kBAAkB;AAGvC,UAAI,wBAAwB;AAC1B,YAAI;AACF,gBAAM,KAAK,iBAAiB,cAAc,iBAAiB;iBACpD,GAAG;AACV,8BAAoB;AAGpB,eAAK,uBAAwB,wBAAwB,MAAM,MACzD,QAAQ,OAAO,CAAC,CAAC;;;AAKvB,UAAI,mBAAmB;AACrB,eAAO,KAAK,+BAA+B,iBAAiB;aACvD;AACL,eAAO,KAAK,uBAAuB,IAAI;;;AAI3C;MAAQ,KAAK;MAAwB;MAAI;;IAAA;AACzC,UAAM,KAAK,oCAAmC;AAK9C,QACE,KAAK,gBACL,KAAK,aAAa,qBAAqB,kBAAkB,kBACzD;AACA,aAAO,KAAK,uBAAuB,iBAAiB;;AAGtD,WAAO,KAAK,+BAA+B,iBAAiB;;EAGtD,MAAM,kBACZ,kBAAuC;AAkBvC,QAAI,SAAgC;AACpC,QAAI;AAGF,eAAS,MAAM,KAAK,uBAAwB,oBAC1C,MACA,kBACA,IAAI;aAEC,GAAG;AAGV,YAAM,KAAK,iBAAiB,IAAI;;AAGlC,WAAO;;EAGD,MAAM,+BACZ,MAAkB;AAElB,QAAI;AACF,YAAM,qBAAqB,IAAI;aACxB,GAAG;AACV,UACG,GAAqB,SACtB,QAAQ,wBAAA,IACR;AAGA,eAAO,KAAK,uBAAuB,IAAI;;;AAI3C,WAAO,KAAK,uBAAuB,IAAI;;EAGzC,oBAAiB;AACf,SAAK,eAAe,iBAAgB;;EAGtC,MAAM,UAAO;AACX,SAAK,WAAW;;EAGlB,MAAM,kBAAkB,YAAuB;AAC7C,QAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,aAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAKzD,UAAM,OAAO,aACR,mBAAmB,UAAU,IAC9B;AACJ,QAAI,MAAM;AACR;QACE,KAAK,KAAK,OAAO,WAAW,KAAK,OAAO;QACxC;QAAI;;MAAA;;AAIR,WAAO,KAAK,mBAAmB,QAAQ,KAAK,OAAO,IAAI,CAAC;;EAG1D,MAAM,mBACJ,MACA,2BAAoC,OAAK;AAEzC,QAAI,KAAK,UAAU;AACjB;;AAEF,QAAI,MAAM;AACR;QACE,KAAK,aAAa,KAAK;QACvB;QAAI;;MAAA;;AAKR,QAAI,CAAC,0BAA0B;AAC7B,YAAM,KAAK,iBAAiB,cAAc,IAAI;;AAGhD,WAAO,KAAK,MAAM,YAAW;AAC3B,YAAM,KAAK,uBAAuB,IAA2B;AAC7D,WAAK,oBAAmB;IAC1B,CAAC;;EAGH,MAAM,UAAO;AACX,QAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,aAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAIzD,UAAM,KAAK,iBAAiB,cAAc,IAAI;AAE9C,QAAI,KAAK,8BAA8B,KAAK,wBAAwB;AAClE,YAAM,KAAK,iBAAiB,IAAI;;AAKlC,WAAO,KAAK;MAAmB;;MAAqC;IAAI;;EAG1E,eAAe,aAAwB;AACrC,QAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,aAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,WAAO,KAAK,MAAM,YAAW;AAC3B,YAAM,KAAK,oBAAoB,eAAe,aAAa,WAAW,CAAC;IACzE,CAAC;;EAGH,sBAAmB;AACjB,QAAI,KAAK,YAAY,MAAM;AACzB,aAAO,KAAK;WACP;AACL,aAAO,KAAK,wBAAwB,KAAK,QAAQ;;;EAIrD,MAAM,iBAAiB,UAAgB;AACrC,QAAI,CAAC,KAAK,2BAA0B,GAAI;AACtC,YAAM,KAAK,sBAAqB;;AAIlC,UAAM,iBACJ,KAAK,2BAA0B;AAIjC,QACE,eAAe,kBACf,KAAK,yCACL;AACA,aAAO,QAAQ,OACb,KAAK,cAAc,OAAM,8CAEvB,CAAA,CAAE,CACH;;AAIL,WAAO,eAAe,iBAAiB,QAAQ;;EAGjD,6BAA0B;AACxB,QAAI,KAAK,aAAa,MAAM;AAC1B,aAAO,KAAK;WACP;AACL,aAAO,KAAK,wBAAwB,KAAK,QAAQ;;;EAIrD,MAAM,wBAAqB;AACzB,UAAM,WAAW,MAAM,mBAAmB,IAAI;AAE9C,UAAM,iBAAyC,IAAI,mBACjD,QAAQ;AAGV,QAAI,KAAK,aAAa,MAAM;AAC1B,WAAK,yBAAyB;WACzB;AACL,WAAK,wBAAwB,KAAK,QAAQ,IAAI;;;EAIlD,sBAAmB;AACjB,WAAO,KAAK,oBAAoB,YAAY;;EAG9C,kBAAe;AACb,WAAO,KAAK,oBAAoB;;EAGlC,gBAAgB,UAAsB;AACpC,SAAK,gBAAgB,IAAI,aACvB,QACA,YACC,SAA8B,CAAE;;EAIrC,mBACE,gBACA,OACA,WAAsB;AAEtB,WAAO,KAAK,sBACV,KAAK,uBACL,gBACA,OACA,SAAS;;EAIb,uBACE,UACA,SAAoB;AAEpB,WAAO,KAAK,iBAAiB,aAAa,UAAU,OAAO;;EAG7D,iBACE,gBACA,OACA,WAAsB;AAEtB,WAAO,KAAK,sBACV,KAAK,qBACL,gBACA,OACA,SAAS;;EAIb,iBAAc;AACZ,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAU;AACrC,UAAI,KAAK,aAAa;AACpB,gBAAO;aACF;AACL,cAAM,cAAc,KAAK,mBAAmB,MAAK;AAC/C,sBAAW;AACX,kBAAO;WACN,MAAM;;IAEb,CAAC;;;;;EAMH,MAAM,kBAAkB,OAAa;AACnC,QAAI,KAAK,aAAa;AACpB,YAAM,UAAU,MAAM,KAAK,YAAY,WAAU;AAEjD,YAAM,UAA8B;QAClC,YAAY;QACZ,WAAiC;QACjC;QACA;;AAEF,UAAI,KAAK,YAAY,MAAM;AACzB,gBAAQ,WAAW,KAAK;;AAE1B,YAAM,YAAY,MAAM,OAAO;;;EAInC,SAAM;AACJ,WAAO;MACL,QAAQ,KAAK,OAAO;MACpB,YAAY,KAAK,OAAO;MACxB,SAAS,KAAK;MACd,aAAa,KAAK,cAAc,OAAM;;;EAI1C,MAAM,iBACJ,MACA,uBAA6C;AAE7C,UAAM,kBAAkB,MAAM,KAAK,oCACjC,qBAAqB;AAEvB,WAAO,SAAS,OACZ,gBAAgB,kBAAiB,IACjC,gBAAgB,eAAe,IAAI;;EAGjC,MAAM,oCACZ,uBAA6C;AAE7C,QAAI,CAAC,KAAK,4BAA4B;AACpC,YAAM,WACH,yBAAyB,aAAa,qBAAqB,KAC5D,KAAK;AACP;QAAQ;QAAU;QAAI;;MAAA;AACtB,WAAK,6BAA6B,MAAM,uBAAuB;QAC7D;QACA,CAAC,aAAa,SAAS,oBAAoB,CAAC;QAAC;;MAAA;AAG/C,WAAK,eACH,MAAM,KAAK,2BAA2B,eAAc;;AAGxD,WAAO,KAAK;;EAGd,MAAM,mBAAmB,IAAU;AAGjC,QAAI,KAAK,gBAAgB;AACvB,YAAM,KAAK,MAAM,YAAW;MAAA,CAAG;;AAGjC,QAAI,KAAK,cAAc,qBAAqB,IAAI;AAC9C,aAAO,KAAK;;AAGd,QAAI,KAAK,cAAc,qBAAqB,IAAI;AAC9C,aAAO,KAAK;;AAGd,WAAO;;EAGT,MAAM,sBAAsB,MAAkB;AAC5C,QAAI,SAAS,KAAK,aAAa;AAC7B,aAAO,KAAK,MAAM,YAAY,KAAK,uBAAuB,IAAI,CAAC;;;;EAKnE,0BAA0B,MAAkB;AAC1C,QAAI,SAAS,KAAK,aAAa;AAC7B,WAAK,oBAAmB;;;EAI5B,OAAI;AACF,WAAO,GAAG,KAAK,OAAO,UAAU,IAAI,KAAK,OAAO,MAAM,IAAI,KAAK,IAAI;;EAGrE,yBAAsB;AACpB,SAAK,4BAA4B;AACjC,QAAI,KAAK,aAAa;AACpB,WAAK,aAAa,uBAAsB;;;EAI5C,wBAAqB;AACnB,SAAK,4BAA4B;AACjC,QAAI,KAAK,aAAa;AACpB,WAAK,aAAa,sBAAqB;;;;EAK3C,IAAI,eAAY;AACd,WAAO,KAAK;;EAGN,sBAAmB;AACzB,QAAI,CAAC,KAAK,gBAAgB;AACxB;;AAGF,SAAK,oBAAoB,KAAK,KAAK,WAAW;AAE9C,UAAM,aAAa,KAAK,aAAa,OAAO;AAC5C,QAAI,KAAK,oBAAoB,YAAY;AACvC,WAAK,kBAAkB;AACvB,WAAK,sBAAsB,KAAK,KAAK,WAAW;;;EAI5C,sBACN,cACA,gBACA,OACA,WAAsB;AAEtB,QAAI,KAAK,UAAU;AACjB,aAAO,MAAO;MAAA;;AAGhB,UAAM,KACJ,OAAO,mBAAmB,aACtB,iBACA,eAAe,KAAK,KAAK,cAAc;AAE7C,QAAI,iBAAiB;AAErB,UAAM,UAAU,KAAK,iBACjB,QAAQ,QAAO,IACf,KAAK;AACT;MAAQ;MAAS;MAAI;;IAAA;AAGrB,YAAQ,KAAK,MAAK;AAChB,UAAI,gBAAgB;AAClB;;AAEF,SAAG,KAAK,WAAW;IACrB,CAAC;AAED,QAAI,OAAO,mBAAmB,YAAY;AACxC,YAAM,cAAc,aAAa,YAC/B,gBACA,OACA,SAAS;AAEX,aAAO,MAAK;AACV,yBAAiB;AACjB,oBAAW;MACb;WACK;AACL,YAAM,cAAc,aAAa,YAAY,cAAc;AAC3D,aAAO,MAAK;AACV,yBAAiB;AACjB,oBAAW;MACb;;;;;;;;EASI,MAAM,uBACZ,MAAyB;AAEzB,QAAI,KAAK,eAAe,KAAK,gBAAgB,MAAM;AACjD,WAAK,aAAa,sBAAqB;;AAEzC,QAAI,QAAQ,KAAK,2BAA2B;AAC1C,WAAK,uBAAsB;;AAG7B,SAAK,cAAc;AAEnB,QAAI,MAAM;AACR,YAAM,KAAK,oBAAoB,eAAe,IAAI;WAC7C;AACL,YAAM,KAAK,oBAAoB,kBAAiB;;;EAI5C,MAAM,QAAmB;AAG/B,SAAK,aAAa,KAAK,WAAW,KAAK,QAAQ,MAAM;AACrD,WAAO,KAAK;;EAGd,IAAY,sBAAmB;AAC7B;MAAQ,KAAK;MAAoB;MAAI;;IAAA;AACrC,WAAO,KAAK;;EAKd,cAAc,WAAiB;AAC7B,QAAI,CAAC,aAAa,KAAK,WAAW,SAAS,SAAS,GAAG;AACrD;;AAEF,SAAK,WAAW,KAAK,SAAS;AAI9B,SAAK,WAAW,KAAI;AACpB,SAAK,gBAAgB,kBACnB,KAAK,OAAO,gBACZ,KAAK,eAAc,CAAE;;EAGzB,iBAAc;AACZ,WAAO,KAAK;;EAEd,MAAM,wBAAqB;AAEzB,UAAM,UAAkC;MACtC;QAA6B;;MAAA,GAAE,KAAK;;AAGtC,QAAI,KAAK,IAAI,QAAQ,OAAO;AAC1B;QAAO;;MAAA,IAAgC,KAAK,IAAI,QAAQ;;AAI1D,UAAM,mBAAmB,MAAM,KAAK,yBACjC,aAAa;MACZ,UAAU;KACX,GACC,oBAAmB;AACvB,QAAI,kBAAkB;AACpB;QAAO;;MAAA,IAAiC;;AAI1C,UAAM,gBAAgB,MAAM,KAAK,kBAAiB;AAClD,QAAI,eAAe;AACjB;QAAO;;MAAA,IAAoC;;AAG7C,WAAO;;EAGT,MAAM,oBAAiB;AACrB,QAAI,qBAAqB,KAAK,GAAG,KAAK,KAAK,IAAI,SAAS,eAAe;AACrE,aAAO,KAAK,IAAI,SAAS;;AAE3B,UAAM,sBAAsB,MAAM,KAAK,wBACpC,aAAa,EAAE,UAAU,KAAI,CAAE,GAC9B,SAAQ;AACZ,QAAI,qBAAqB,OAAO;AAK9B,eACE,2CAA2C,oBAAoB,KAAK,EAAE;;AAG1E,WAAO,qBAAqB;;AAE/B;AAQK,SAAU,UAAU,MAAU;AAClC,SAAO,mBAAmB,IAAI;AAChC;AAGA,IAAM,eAAN,MAAkB;EAMhB,YAAqB,MAAkB;AAAlB,SAAI,OAAJ;AALb,SAAQ,WAA8B;AACrC,SAAA,cAAmC,gBAC1C,cAAa,KAAK,WAAW,QAAS;;EAKxC,IAAI,OAAI;AACN;MAAQ,KAAK;MAAU,KAAK;MAAI;;IAAA;AAChC,WAAO,KAAK,SAAS,KAAK,KAAK,KAAK,QAAQ;;AAE/C;AC/2BD,IAAI,qBAAyC;EAC3C,MAAM,SAAM;AACV,UAAM,IAAI,MAAM,iCAAiC;;EAGnD,mBAAmB;EACnB,2BAA2B;EAC3B,YAAY;;AAGR,SAAU,uBAAuB,GAAqB;AAC1D,uBAAqB;AACvB;AAEM,SAAU,QAAQ,KAAW;AACjC,SAAO,mBAAmB,OAAO,GAAG;AACtC;SAEgB,wBAAqB;AACnC,SAAO,mBAAmB;AAC5B;SAEgB,gCAA6B;AAC3C,SAAO,mBAAmB;AAC5B;SAEgB,iBAAc;AAC5B,SAAO,mBAAmB;AAC5B;AAEM,SAAU,sBAAsB,QAAc;AAClD,SAAO,KAAK,MAAM,GAAG,KAAK,MAAM,KAAK,OAAM,IAAK,GAAO,CAAC;AAC1D;AC5BO,IAAM,iBAAiB;AACvB,IAAM,sBAAsB;AAC5B,IAAM,mBAAmB;IAQnB,sBAAa;EAIxB,YAA6B,MAAkB;AAAlB,SAAI,OAAJ;AAHrB,SAAO,UAAG;AAClB,SAAA,WAAW,oBAAI,IAAG;;EAIlB,OACE,WACA,YAAgC;AAEhC,UAAM,KAAK,KAAK;AAChB,SAAK,SAAS,IACZ,IACA,IAAI,WAAW,WAAW,KAAK,KAAK,MAAM,cAAc,CAAA,CAAE,CAAC;AAE7D,SAAK;AACL,WAAO;;EAGT,MAAM,aAAoB;AACxB,UAAM,KAAK,eAAe;AAC1B,SAAK,KAAK,SAAS,IAAI,EAAE,GAAG,OAAM;AAClC,SAAK,SAAS,OAAO,EAAE;;EAGzB,YAAY,aAAoB;AAC9B,UAAM,KAAK,eAAe;AAC1B,WAAO,KAAK,SAAS,IAAI,EAAE,GAAG,YAAW,KAAM;;EAGjD,MAAM,QAAQ,aAA6B;AACzC,UAAM,KAAc,eAA0B;AAC9C,SAAK,KAAK,SAAS,IAAI,EAAE,GAAG,QAAO;AACnC,WAAO;;AAEV;IAEY,+BAAsB;EAAnC,cAAA;AACE,SAAA,aAAyB,IAAI,eAAc;;EAC3C,MAAM,UAAoB;AACxB,aAAQ;;EAGV,QAEE,UACA,UAA4B;AAE5B,WAAO,QAAQ,QAAQ,OAAO;;EAEhC,OAEE,YACA,aAAmC;AAEnC,WAAO;;AAEV;IAEY,uBAAc;EACzB,MAAM,UAAoB;AACxB,aAAQ;;EAGV,QAEE,UACA,UAA4B;AAE5B,WAAO,QAAQ,QAAQ,OAAO;;EAEhC,OAEE,YACA,aAAmC;AAEnC,WAAO;;AAEV;IAEY,mBAAU;EAUrB,YACE,eACA,SACiB,QAA2B;AAA3B,SAAM,SAAN;AAVX,SAAO,UAAkB;AACzB,SAAO,UAAG;AACV,SAAa,gBAAkB;AACtB,SAAY,eAAG,MAAW;AACzC,WAAK,QAAO;IACd;AAOE,UAAM,YACJ,OAAO,kBAAkB,WACrB,SAAS,eAAe,aAAa,IACrC;AACN,YAAQ,WAAS,kBAAgC,EAAE,QAAO,CAAE;AAE5D,SAAK,YAAY;AACjB,SAAK,YAAY,KAAK,OAAO,SAAS;AACtC,QAAI,KAAK,WAAW;AAClB,WAAK,QAAO;WACP;AACL,WAAK,UAAU,iBAAiB,SAAS,KAAK,YAAY;;;EAI9D,cAAW;AACT,SAAK,eAAc;AACnB,WAAO,KAAK;;EAGd,SAAM;AACJ,SAAK,eAAc;AACnB,SAAK,UAAU;AACf,QAAI,KAAK,SAAS;AAChB,mBAAa,KAAK,OAAO;AACzB,WAAK,UAAU;;AAEjB,SAAK,UAAU,oBAAoB,SAAS,KAAK,YAAY;;EAG/D,UAAO;AACL,SAAK,eAAc;AACnB,QAAI,KAAK,SAAS;AAChB;;AAGF,SAAK,UAAU,OAAO,WAAW,MAAK;AACpC,WAAK,gBAAgB,iCAAiC,EAAE;AACxD,YAAM,EAAE,UAAU,oBAAoB,gBAAe,IAAK,KAAK;AAC/D,UAAI,UAAU;AACZ,YAAI;AACF,mBAAS,KAAK,aAAa;iBACpB,GAAG;QAAA;;AAGd,WAAK,UAAU,OAAO,WAAW,MAAK;AACpC,aAAK,UAAU;AACf,aAAK,gBAAgB;AACrB,YAAI,iBAAiB;AACnB,cAAI;AACF,4BAAe;mBACR,GAAG;UAAA;;AAGd,YAAI,KAAK,WAAW;AAClB,eAAK,QAAO;;SAEb,mBAAmB;OACrB,cAAc;;EAGX,iBAAc;AACpB,QAAI,KAAK,SAAS;AAChB,YAAM,IAAI,MAAM,qCAAqC;;;AAG1D;AAED,SAAS,iCAAiC,KAAW;AACnD,QAAM,QAAQ,CAAA;AACd,QAAM,eACJ;AACF,WAAS,IAAI,GAAG,IAAI,KAAK,KAAK;AAC5B,UAAM,KACJ,aAAa,OAAO,KAAK,MAAM,KAAK,OAAM,IAAK,aAAa,MAAM,CAAC,CAAC;;AAGxE,SAAO,MAAM,KAAK,EAAE;AACtB;AC9KO,IAAM,qCAAqC;AAC3C,IAAM,aAAa;IAEb,oCAA2B;;;;;;EAatC,YAAY,YAAgB;AATnB,SAAI,OAAG;AAUd,SAAK,OAAO,UAAU,UAAU;;;;;;;EAQlC,MAAM,OACJ,SAAiB,UACjB,eAAe,OAAK;AAEpB,mBAAe,gBAAgB,MAAkB;AAC/C,UAAI,CAAC,cAAc;AACjB,YAAI,KAAK,YAAY,QAAQ,KAAK,yBAAyB,MAAM;AAC/D,iBAAO,KAAK,sBAAsB;;AAEpC,YACE,KAAK,YAAY,QACjB,KAAK,wBAAwB,KAAK,QAAQ,MAAM,QAChD;AACA,iBAAO,KAAK,wBAAwB,KAAK,QAAQ,EAAE;;;AAIvD,aAAO,IAAI,QAAgB,OAAO,SAAS,WAAU;AACnD,2BAAmB,MAAM;UACvB,YAAmC;UACnC,SAAoC;;SACrC,EACE,KAAK,cAAW;AACf,cAAI,SAAS,iBAAiB,QAAW;AACvC,mBAAO,IAAI,MAAM,yCAAyC,CAAC;iBACtD;AACL,kBAAM,SAAS,IAAI,gBAAgB,QAAQ;AAC3C,gBAAI,KAAK,YAAY,MAAM;AACzB,mBAAK,wBAAwB;mBACxB;AACL,mBAAK,wBAAwB,KAAK,QAAQ,IAAI;;AAEhD,mBAAO,QAAQ,OAAO,OAAO;;QAEjC,CAAC,EACA,MAAM,WAAQ;AACb,iBAAO,KAAK;QACd,CAAC;MACL,CAAC;;AAGH,aAAS,uBACP,SACA,SACA,QAAkC;AAElC,YAAM,aAAa,OAAO;AAC1B,UAAI,aAAa,UAAU,GAAG;AAC5B,mBAAW,WAAW,MAAM,MAAK;AAC/B,qBAAW,WACR,QAAQ,SAAS,EAAE,OAAM,CAAE,EAC3B,KAAK,WAAQ;AACZ,oBAAQ,KAAK;UACf,CAAC,EACA,MAAM,MAAK;AACV,oBAAQ,UAAU;UACpB,CAAC;QACL,CAAC;aACI;AACL,eAAO,MAAM,wCAAwC,CAAC;;;AAK1D,QAAI,KAAK,KAAK,SAAS,mCAAmC;AACxD,YAAM,gBAAgB,IAAI,uBAAsB;AAChD,aAAO,cAAc,QAAQ,WAAW,EAAE,QAAQ,SAAQ,CAAE;;AAG9D,WAAO,IAAI,QAAgB,CAAC,SAAS,WAAU;AAC7C,sBAAgB,KAAK,IAAI,EACtB,KAAK,aAAU;AACd,YAAI,CAAC,gBAAgB,aAAa,OAAO,UAAU,GAAG;AACpD,iCAAuB,SAAS,SAAS,MAAM;eAC1C;AACL,cAAI,OAAO,WAAW,aAAa;AACjC,mBACE,IAAI,MAAM,gDAAgD,CAAC;AAE7D;;AAEF,cAAI,MAAMC,8BAAuC;AACjD,cAAI,IAAI,WAAW,GAAG;AACpB,mBAAO;;AAETC,kBACW,GAAG,EACX,KAAK,MAAK;AACT,mCAAuB,SAAS,SAAS,MAAM;UACjD,CAAC,EACA,MAAM,WAAQ;AACb,mBAAO,KAAK;UACd,CAAC;;MAEP,CAAC,EACA,MAAM,WAAQ;AACb,eAAO,KAAK;MACd,CAAC;IACL,CAAC;;AAEJ;AAEM,eAAe,sBACpB,MACA,SACA,QACA,gBAAgB,OAChB,cAAc,OAAK;AAEnB,QAAM,WAAW,IAAI,4BAA4B,IAAI;AACrD,MAAI;AAEJ,MAAI,aAAa;AACf,sBAAkB;SACb;AACL,QAAI;AACF,wBAAkB,MAAM,SAAS,OAAO,MAAM;aACvC,OAAO;AACd,wBAAkB,MAAM,SAAS,OAAO,QAAQ,IAAI;;;AAIxD,QAAM,aAAa,EAAE,GAAG,QAAO;AAC/B,MACE,WAAiD,sBACjD,WAAM,gBACN;AACA,QAAI,yBAAyB,YAAY;AACvC,YAAM,cACJ,WACA,oBAAoB;AACtB,YAAM,iBACJ,WACA,oBAAoB;AAEtB,aAAO,OAAO,YAAY;QACxB,uBAAuB;UACrB;UACA;UACA;UACA,cAAqC;UACrC,oBAA+C;;QAChD;MACF,CAAA;eACQ,qBAAqB,YAAY;AAC1C,YAAM,iBACJ,WACA,gBAAgB;AAElB,aAAO,OAAO,YAAY;QACxB,mBAAmB;UACjB;UACA;UACA,cAAqC;UACrC,oBAA+C;;QAChD;MACF,CAAA;;AAEH,WAAO;;AAGT,MAAI,CAAC,eAAe;AAClB,WAAO,OAAO,YAAY,EAAE,gBAAe,CAAE;SACxC;AACL,WAAO,OAAO,YAAY,EAAE,eAAe,gBAAe,CAAE;;AAE9D,SAAO,OAAO,YAAY;IAAE,cAAY;;EAAA,CAA2B;AACnE,SAAO,OAAO,YAAY;IACxB,oBAA+C;;EAChD,CAAA;AACD,SAAO;AACT;AAOO,eAAe,oBACpB,cACA,SACA,YACA,cACA,uBAA4C;AAE5C,MAAI,0BAAuE,2BAAE;AAC3E,QACE,aACG,oBAAmB,GAClB;MAAgE;;IAAA,GACpE;AACA,YAAM,uBAAuB,MAAM;QACjC;QACA;QACA;QACA,eAAU;;MAAA;AAEZ,aAAO,aAAa,cAAc,oBAAoB;WACjD;AACL,aAAO,aAAa,cAAc,OAAO,EAAE,MAAM,OAAM,UAAQ;AAC7D,YAAI,MAAM,SAAS,QAAQ,yBAAqC,IAAI;AAClE,kBAAQ,IACN,GAAG,UAAU,8HAA8H;AAE7I,gBAAM,uBAAuB,MAAM;YACjC;YACA;YACA;YACA,eAAU;;UAAA;AAEZ,iBAAO,aAAa,cAAc,oBAAoB;eACjD;AACL,iBAAO,QAAQ,OAAO,KAAK;;MAE/B,CAAC;;aAEM,0BAA8D,kBAAE;AACzE,QACE,aACG,oBAAmB,GAClB;MAAuD;;IAAA,GAC3D;AACA,YAAM,uBAAuB,MAAM,sBACjC,cACA,SACA,UAAU;AAGZ,aAAO,aAAa,cAAc,oBAAoB,EAAE,MACtD,OAAM,UAAQ;AACZ,YACE,aACG,oBAAmB,GAClB;UAA2B;;QAAA,MAED,SAC9B;AAEA,cACE,MAAM,SAAS,QAAQ,yBAAA,MACvB,MAAM,SAAS,QAAQ,wBAAoC,IAC3D;AACA,oBAAQ,IACN,8GAA8G,UAAU,QAAQ;AAKlI,kBAAM,6BAA6B,MAAM;cACvC;cACA;cACA;cACA;;cACA;;;AAGF,mBAAO,aAAa,cAAc,0BAA0B;;;AAIhE,eAAO,QAAQ,OAAO,KAAK;MAC7B,CAAC;WAEE;AAEL,YAAM,6BAA6B,MAAM;QACvC;QACA;QACA;QACA;;QACA;;;AAIF,aAAO,aAAa,cAAc,0BAA0B;;SAEzD;AACL,WAAO,QAAQ,OACb,wBAAwB,6BAA6B;;AAG3D;AAEO,eAAe,2BAA2B,MAAU;AACzD,QAAM,eAAe,UAAU,IAAI;AAEnC,QAAM,WAAW,MAAM,mBAAmB,cAAc;IACtD,YAAmC;IACnC,SAAoC;;EACrC,CAAA;AAED,QAAM,SAAS,IAAI,gBAAgB,QAAQ;AAC3C,MAAI,aAAa,YAAY,MAAM;AACjC,iBAAa,wBAAwB;SAChC;AACL,iBAAa,wBAAwB,aAAa,QAAQ,IAAI;;AAGhE,MAAI,OAAO,qBAAoB,GAAI;AACjC,UAAM,WAAW,IAAI,4BAA4B,YAAY;AAC7D,SAAK,SAAS,OAAM;;AAExB;ACxTgB,SAAA,eAAe,KAAkB,MAAmB;AAClE,QAAM,WAAW,aAAa,KAAK,MAAM;AAEzC,MAAI,SAAS,cAAa,GAAI;AAC5B,UAAMC,QAAO,SAAS,aAAY;AAClC,UAAM,iBAAiB,SAAS,WAAU;AAC1C,QAAI,UAAU,gBAAgB,QAAQ,CAAA,CAAE,GAAG;AACzC,aAAOA;WACF;AACL;QAAMA;QAAI;;MAAA;;;AAId,QAAM,OAAO,SAAS,WAAW,EAAE,SAAS,KAAI,CAAE;AAElD,SAAO;AACT;AAEgB,SAAA,wBACd,MACA,MAAmB;AAEnB,QAAM,cAAc,MAAM,eAAe,CAAA;AACzC,QAAM,aACJ,MAAM,QAAQ,WAAW,IAAI,cAAc,CAAC,WAAW,GACvD,IAAyB,YAAY;AACvC,MAAI,MAAM,UAAU;AAClB,SAAK,gBAAgB,KAAK,QAAQ;;AAMpC,OAAK,2BAA2B,WAAW,MAAM,qBAAqB;AACxE;SCrCgB,oBACd,MACA,KACA,SAAsC;AAEtC,QAAM,eAAe,UAAU,IAAI;AACnC;IACE,eAAe,KAAK,GAAG;IACvB;IAAY;;EAAA;AAId,QAAM,kBAAkB,CAAC,CAAC,SAAS;AAEnC,QAAM,WAAW,gBAAgB,GAAG;AACpC,QAAM,EAAE,MAAM,KAAI,IAAK,mBAAmB,GAAG;AAC7C,QAAM,UAAU,SAAS,OAAO,KAAK,IAAI,IAAI;AAG7C,QAAM,WAAW,EAAE,KAAK,GAAG,QAAQ,KAAK,IAAI,GAAG,OAAO,IAAG;AACzD,QAAM,iBAAiB,OAAO,OAAO;IACnC;IACA;IACA,UAAU,SAAS,QAAQ,KAAK,EAAE;IAClC,SAAS,OAAO,OAAO,EAAE,gBAAe,CAAE;EAC3C,CAAA;AAGD,MAAI,CAAC,aAAa,kBAAkB;AAGlC;MACE,aAAa,OAAO,YAAY,aAAa;MAC7C;MAAY;;IAAA;AAMd;MACE,UAAU,UAAU,aAAa,OAAO,QAAQ,KAC9C,UAAU,gBAAgB,aAAa,cAAc;MACvD;MAAY;;IAAA;AAMd;;AAGF,eAAa,OAAO,WAAW;AAC/B,eAAa,iBAAiB;AAC9B,eAAa,SAAS,oCAAoC;AAG1D,MAAI,mBAAmB,IAAI,GAAG;AAC5B,SAAK,WAAW,GAAG,QAAQ,KAAK,IAAI,GAAG,OAAO,EAAE;AAChD,yBAAqB,QAAQ,IAAI;aACxB,CAAC,iBAAiB;AAC3B,wBAAmB;;AAEvB;AAEA,SAAS,gBAAgB,KAAW;AAClC,QAAM,cAAc,IAAI,QAAQ,GAAG;AACnC,SAAO,cAAc,IAAI,KAAK,IAAI,OAAO,GAAG,cAAc,CAAC;AAC7D;AAEA,SAAS,mBAAmB,KAAW;AAIrC,QAAM,WAAW,gBAAgB,GAAG;AACpC,QAAM,YAAY,mBAAmB,KAAK,IAAI,OAAO,SAAS,MAAM,CAAC;AACrE,MAAI,CAAC,WAAW;AACd,WAAO,EAAE,MAAM,IAAI,MAAM,KAAI;;AAE/B,QAAM,cAAc,UAAU,CAAC,EAAE,MAAM,GAAG,EAAE,IAAG,KAAM;AACrD,QAAM,gBAAgB,qBAAqB,KAAK,WAAW;AAC3D,MAAI,eAAe;AACjB,UAAM,OAAO,cAAc,CAAC;AAC5B,WAAO,EAAE,MAAM,MAAM,UAAU,YAAY,OAAO,KAAK,SAAS,CAAC,CAAC,EAAC;SAC9D;AACL,UAAM,CAAC,MAAM,IAAI,IAAI,YAAY,MAAM,GAAG;AAC1C,WAAO,EAAE,MAAM,MAAM,UAAU,IAAI,EAAC;;AAExC;AAEA,SAAS,UAAU,SAAe;AAChC,MAAI,CAAC,SAAS;AACZ,WAAO;;AAET,QAAM,OAAO,OAAO,OAAO;AAC3B,MAAI,MAAM,IAAI,GAAG;AACf,WAAO;;AAET,SAAO;AACT;AAEA,SAAS,sBAAmB;AAC1B,WAAS,eAAY;AACnB,UAAM,KAAK,SAAS,cAAc,GAAG;AACrC,UAAM,MAAM,GAAG;AACf,OAAG,YACD;AACF,QAAI,WAAW;AACf,QAAI,QAAQ;AACZ,QAAI,kBAAkB;AACtB,QAAI,SAAS;AACb,QAAI,QAAQ;AACZ,QAAI,SAAS;AACb,QAAI,OAAO;AACX,QAAI,SAAS;AACb,QAAI,SAAS;AACb,QAAI,YAAY;AAChB,OAAG,UAAU,IAAI,2BAA2B;AAC5C,aAAS,KAAK,YAAY,EAAE;;AAG9B,MAAI,OAAO,YAAY,eAAe,OAAO,QAAQ,SAAS,YAAY;AACxE,YAAQ,KACN,8HAE4B;;AAGhC,MAAI,OAAO,WAAW,eAAe,OAAO,aAAa,aAAa;AACpE,QAAI,SAAS,eAAe,WAAW;AACrC,aAAO,iBAAiB,oBAAoB,YAAY;WACnD;AACL,mBAAY;;;AAGlB;ICzJa,uBAAc;;EAEzB,YAOW,YASA,cAAoB;AATpB,SAAU,aAAV;AASA,SAAY,eAAZ;;;;;;;EAQX,SAAM;AACJ,WAAO,UAAU,iBAAiB;;;EAIpC,oBAAoB,OAAmB;AACrC,WAAO,UAAU,iBAAiB;;;EAGpC,eACE,OACA,UAAgB;AAEhB,WAAO,UAAU,iBAAiB;;;EAGpC,6BAA6B,OAAmB;AAC9C,WAAO,UAAU,iBAAiB;;AAErC;ACjCM,eAAe,cACpB,MACA,SAA6B;AAE7B,SAAO,mBACL,MAGA,QAAA,8BAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAUO,eAAe,oBACpB,MACA,SAAmC;AAEnC,SAAO,mBAGL,MAAkD,QAAA,uBAAA,OAAO;AAC7D;AAIO,eAAe,kBACpB,MACA,SAAsB;AAEtB,SAAO,mBACL,MAGA,QAAA,uBAAA,OAAO;AAEX;AASO,eAAeC,kBACpB,MACA,SAA+B;AAE/B,SAAO,mBACL,MAGA,QAAA,uBAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AC1DO,eAAe,mBACpB,MACA,SAAkC;AAElC,SAAO,sBAIL,MAGA,QAAA,mCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAqDA,eAAe,YACb,MACA,SAA0B;AAE1B,SAAO,mBACL,MAGA,QAAA,4BAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAEO,eAAeC,wBACpB,MACA,SAA2B;AAE3B,SAAO,YAAY,MAAM,OAAO;AAClC;AAEO,eAAeC,yBACpB,MACA,SAA6B;AAE7B,SAAO,YAAY,MAAM,OAAO;AAClC;AAEO,eAAeC,wBACpB,MACA,SAA2B;AAE3B,SAAO,YAAY,MAAM,OAAO;AAClC;AAEO,eAAe,qBACpB,MACA,SAAoC;AAEpC,SAAO,YAAY,MAAM,OAAO;AAClC;AChHO,eAAeC,sBACpB,MACA,SAAmC;AAEnC,SAAO,sBAIL,MAGA,QAAA,oCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAOO,eAAe,8BACpB,MACA,SAA6C;AAE7C,SAAO,sBAIL,MAGA,QAAA,oCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;ACpBM,IAAO,sBAAP,MAAO,6BAA4B,eAAc;;EAErD,YAEW,QAEA,WACT,cAES,YAA2B,MAAI;AAExC,UAAK,YAAsB,YAAY;AAP9B,SAAM,SAAN;AAEA,SAAS,YAAT;AAGA,SAAS,YAAT;;;EAMX,OAAO,sBACL,OACA,UAAgB;AAEhB,WAAO,IAAI;MACT;MACA;MAAQ;;IAAA;;;EAMZ,OAAO,kBACL,OACA,SACA,WAA0B,MAAI;AAE9B,WAAO,IAAI,qBACT,OACA,SAAO,aAEP,QAAQ;;;EAKZ,SAAM;AACJ,WAAO;MACL,OAAO,KAAK;MACZ,UAAU,KAAK;MACf,cAAc,KAAK;MACnB,UAAU,KAAK;;;;;;;;;;;EAYnB,OAAO,SAAS,MAAqB;AACnC,UAAM,MAAM,OAAO,SAAS,WAAW,KAAK,MAAM,IAAI,IAAI;AAC1D,QAAI,KAAK,SAAS,KAAK,UAAU;AAC/B,UAAI,IAAI,iBAAY,YAAkC;AACpD,eAAO,KAAK,sBAAsB,IAAI,OAAO,IAAI,QAAQ;iBAChD,IAAI,iBAAY,aAA8B;AACvD,eAAO,KAAK,kBAAkB,IAAI,OAAO,IAAI,UAAU,IAAI,QAAQ;;;AAGvE,WAAO;;;EAIT,MAAM,oBAAoB,MAAkB;AAC1C,YAAQ,KAAK,cAAY;MACvB,KAAA;AACE,cAAM,UAAqC;UACzC,mBAAmB;UACnB,OAAO,KAAK;UACZ,UAAU,KAAK;UACf,YAAmC;;;AAErC,eAAO;UACL;UACA;UAEA;UAAA;UAAkB;;QAAA;MAGtB,KAAA;AACE,eAAOA,sBAAoB,MAAM;UAC/B,OAAO,KAAK;UACZ,SAAS,KAAK;QACf,CAAA;MACH;AACE;UAAM;UAAI;;QAAA;;;;EAKhB,MAAM,eACJ,MACA,SAAe;AAEf,YAAQ,KAAK,cAAY;MACvB,KAAA;AACE,cAAM,UAAyB;UAC7B;UACA,mBAAmB;UACnB,OAAO,KAAK;UACZ,UAAU,KAAK;UACf,YAAmC;;;AAErC,eAAO;UACL;UACA;UAEA;UAAA;UAAiB;;QAAA;MAGrB,KAAA;AACE,eAAO,8BAA8B,MAAM;UACzC;UACA,OAAO,KAAK;UACZ,SAAS,KAAK;QACf,CAAA;MACH;AACE;UAAM;UAAI;;QAAA;;;;EAKhB,6BAA6B,MAAkB;AAC7C,WAAO,KAAK,oBAAoB,IAAI;;AAEvC;ACtIM,eAAe,cACpB,MACA,SAA6B;AAE7B,SAAO,sBACL,MAGA,QAAA,8BAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AC9BA,IAAMC,oBAAkB;AA6BlB,IAAO,kBAAP,MAAO,yBAAwB,eAAc;EAAnD,cAAA;;AAqBU,SAAY,eAAkB;;;EAGtC,OAAO,YAAY,QAA6B;AAC9C,UAAM,OAAO,IAAI,iBAAgB,OAAO,YAAY,OAAO,YAAY;AAEvE,QAAI,OAAO,WAAW,OAAO,aAAa;AAExC,UAAI,OAAO,SAAS;AAClB,aAAK,UAAU,OAAO;;AAGxB,UAAI,OAAO,aAAa;AACtB,aAAK,cAAc,OAAO;;AAI5B,UAAI,OAAO,SAAS,CAAC,OAAO,cAAc;AACxC,aAAK,QAAQ,OAAO;;AAGtB,UAAI,OAAO,cAAc;AACvB,aAAK,eAAe,OAAO;;eAEpB,OAAO,cAAc,OAAO,kBAAkB;AAEvD,WAAK,cAAc,OAAO;AAC1B,WAAK,SAAS,OAAO;WAChB;AACL;QAAK;;MAAA;;AAGP,WAAO;;;EAIT,SAAM;AACJ,WAAO;MACL,SAAS,KAAK;MACd,aAAa,KAAK;MAClB,QAAQ,KAAK;MACb,OAAO,KAAK;MACZ,cAAc,KAAK;MACnB,YAAY,KAAK;MACjB,cAAc,KAAK;;;;;;;;;;;;EAavB,OAAO,SAAS,MAAqB;AACnC,UAAM,MAAM,OAAO,SAAS,WAAW,KAAK,MAAM,IAAI,IAAI;AAC1D,UAAM,EAAE,YAAY,cAAc,GAAG,KAAI,IAA4B;AACrE,QAAI,CAAC,cAAc,CAAC,cAAc;AAChC,aAAO;;AAGT,UAAM,OAAO,IAAI,iBAAgB,YAAY,YAAY;AACzD,SAAK,UAAU,KAAK,WAAW;AAC/B,SAAK,cAAc,KAAK,eAAe;AACvC,SAAK,SAAS,KAAK;AACnB,SAAK,QAAQ,KAAK;AAClB,SAAK,eAAe,KAAK,gBAAgB;AACzC,WAAO;;;EAIT,oBAAoB,MAAkB;AACpC,UAAM,UAAU,KAAK,aAAY;AACjC,WAAO,cAAc,MAAM,OAAO;;;EAIpC,eACE,MACA,SAAe;AAEf,UAAM,UAAU,KAAK,aAAY;AACjC,YAAQ,UAAU;AAClB,WAAO,cAAc,MAAM,OAAO;;;EAIpC,6BAA6B,MAAkB;AAC7C,UAAM,UAAU,KAAK,aAAY;AACjC,YAAQ,aAAa;AACrB,WAAO,cAAc,MAAM,OAAO;;EAG5B,eAAY;AAClB,UAAM,UAAgC;MACpC,YAAYA;MACZ,mBAAmB;;AAGrB,QAAI,KAAK,cAAc;AACrB,cAAQ,eAAe,KAAK;WACvB;AACL,YAAM,WAAmC,CAAA;AACzC,UAAI,KAAK,SAAS;AAChB,iBAAS,UAAU,IAAI,KAAK;;AAE9B,UAAI,KAAK,aAAa;AACpB,iBAAS,cAAc,IAAI,KAAK;;AAElC,UAAI,KAAK,QAAQ;AACf,iBAAS,oBAAoB,IAAI,KAAK;;AAGxC,eAAS,YAAY,IAAI,KAAK;AAC9B,UAAI,KAAK,SAAS,CAAC,KAAK,cAAc;AACpC,iBAAS,OAAO,IAAI,KAAK;;AAG3B,cAAQ,WAAW,YAAY,QAAQ;;AAGzC,WAAO;;AAEV;AC9JM,eAAe,0BACpB,MACA,SAAyC;AAEzC,SAAO,mBAIL,MAGA,QAAA,qCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AA0BO,eAAeC,wBACpB,MACA,SAAqC;AAErC,SAAO,sBAIL,MAGA,QAAA,sCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAEO,eAAeC,sBACpB,MACA,SAAmC;AAEnC,QAAM,WAAW,MAAM,sBAIrB,MAAI,QAAA,sCAGJ,mBAAmB,MAAM,OAAO,CAAC;AAEnC,MAAI,SAAS,gBAAgB;AAC3B,UAAM,iBAAiB,MAAuC,4CAAA,QAAQ;;AAExE,SAAO;AACT;AAOA,IAAM,8CAEF;EACF;IAAA;;EAAA,GAAwD;;;AAGnD,eAAe,6BACpB,MACA,SAAqC;AAErC,QAAM,aAAkD;IACtD,GAAG;IACH,WAAW;;AAEb,SAAO,sBAIL,MAAI,QAAA,sCAGJ,mBAAmB,MAAM,UAAU,GACnC,2CAA2C;AAE/C;AC3GM,IAAO,sBAAP,MAAO,6BAA4B,eAAc;EACrD,YAAqC,QAAqC;AACxE;MAAK;MAAA;;IAAA;AAD8B,SAAM,SAAN;;;EAKrC,OAAO,kBACL,gBACA,kBAAwB;AAExB,WAAO,IAAI,qBAAoB,EAAE,gBAAgB,iBAAgB,CAAE;;;EAIrE,OAAO,mBACL,aACA,gBAAsB;AAEtB,WAAO,IAAI,qBAAoB,EAAE,aAAa,eAAc,CAAE;;;EAIhE,oBAAoB,MAAkB;AACpC,WAAOD,wBAAsB,MAAM,KAAK,yBAAwB,CAAE;;;EAIpE,eACE,MACA,SAAe;AAEf,WAAOC,sBAAoB,MAAM;MAC/B;MACA,GAAG,KAAK,yBAAwB;IACjC,CAAA;;;EAIH,6BAA6B,MAAkB;AAC7C,WAAO,6BAA6B,MAAM,KAAK,yBAAwB,CAAE;;;EAI3E,2BAAwB;AACtB,UAAM,EAAE,gBAAgB,aAAa,gBAAgB,iBAAgB,IACnE,KAAK;AACP,QAAI,kBAAkB,aAAa;AACjC,aAAO,EAAE,gBAAgB,YAAW;;AAGtC,WAAO;MACL,aAAa;MACb,MAAM;;;;EAKV,SAAM;AACJ,UAAM,MAA8B;MAClC,YAAY,KAAK;;AAEnB,QAAI,KAAK,OAAO,aAAa;AAC3B,UAAI,cAAc,KAAK,OAAO;;AAEhC,QAAI,KAAK,OAAO,gBAAgB;AAC9B,UAAI,iBAAiB,KAAK,OAAO;;AAEnC,QAAI,KAAK,OAAO,kBAAkB;AAChC,UAAI,mBAAmB,KAAK,OAAO;;AAErC,QAAI,KAAK,OAAO,gBAAgB;AAC9B,UAAI,iBAAiB,KAAK,OAAO;;AAGnC,WAAO;;;EAIT,OAAO,SAAS,MAAqB;AACnC,QAAI,OAAO,SAAS,UAAU;AAC5B,aAAO,KAAK,MAAM,IAAI;;AAGxB,UAAM,EAAE,gBAAgB,kBAAkB,aAAa,eAAc,IACnE;AACF,QACE,CAAC,oBACD,CAAC,kBACD,CAAC,eACD,CAAC,gBACD;AACA,aAAO;;AAGT,WAAO,IAAI,qBAAoB;MAC7B;MACA;MACA;MACA;IACD,CAAA;;AAEJ;ACtGD,SAAS,UAAU,MAAmB;AACpC,UAAQ,MAAI;IACV,KAAK;AACH,aAAyC;IAC3C,KAAK;AACH,aAA0C;IAC5C,KAAK;AACH,aAAwC;IAC1C,KAAK;AACH,aAAwC;IAC1C,KAAK;AACH,aAAmD;IACrD,KAAK;AACH,aAAyD;IAC3D;AACE,aAAO;;AAEb;AAOA,SAAS,cAAc,KAAW;AAChC,QAAM,OAAO,kBAAkB,mBAAmB,GAAG,CAAC,EAAE,MAAM;AAG9D,QAAM,iBAAiB,OACnB,kBAAkB,mBAAmB,IAAI,CAAC,EAAE,cAAc,IAC1D;AAEJ,QAAM,cAAc,kBAAkB,mBAAmB,GAAG,CAAC,EAC3D,cAAc;AAEhB,QAAM,oBAAoB,cACtB,kBAAkB,mBAAmB,WAAW,CAAC,EAAE,MAAM,IACzD;AACJ,SAAO,qBAAqB,eAAe,kBAAkB,QAAQ;AACvE;IAQa,sBAAA,eAAa;;;;;;;EAiCxB,YAAY,YAAkB;AAC5B,UAAM,eAAe,kBAAkB,mBAAmB,UAAU,CAAC;AACrE,UAAM,SAAS;MAAgC;;IAAA,KAAI;AACnD,UAAM,OAAO;MAA6B;;IAAA,KAAI;AAC9C,UAAM,YAAY,UAAU;MAA6B;;IAAA,KAAI,IAAI;AAEjE;MAAQ,UAAU,QAAQ;MAAS;;IAAA;AACnC,SAAK,SAAS;AACd,SAAK,YAAY;AACjB,SAAK,OAAO;AACZ,SAAK,cAAc;MAAqC;;IAAA,KAAI;AAC5D,SAAK,eAAe;MAAsC;;IAAA,KAAI;AAC9D,SAAK,WAAW;MAAkC;;IAAA,KAAI;;;;;;;;;;;EAYxD,OAAO,UAAU,MAAY;AAC3B,UAAM,aAAa,cAAc,IAAI;AACrC,QAAI;AACF,aAAO,IAAI,eAAc,UAAU;YAC7B;AACN,aAAO;;;AAGZ;AAQK,SAAU,mBAAmB,MAAY;AAC7C,SAAO,cAAc,UAAU,IAAI;AACrC;ICrIa,0BAAA,mBAAiB;EAA9B,cAAA;AAkBW,SAAA,aAAa,mBAAkB;;;;;;;;;;;;;;;;;;;;EAoBxC,OAAO,WAAW,OAAe,UAAgB;AAC/C,WAAO,oBAAoB,sBAAsB,OAAO,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;EAyBlE,OAAO,mBACL,OACA,WAAiB;AAEjB,UAAM,gBAAgB,cAAc,UAAU,SAAS;AACvD;MAAQ;MAAa;;IAAA;AAErB,WAAO,oBAAoB,kBACzB,OACA,cAAc,MACd,cAAc,QAAQ;;;AAtEV,kBAAA,cAAW;AAIX,kBAAA,gCAA6B;AAK7B,kBAAA,4BAAyB;ICVrB,8BAAqB;;;;;;EAWzC,YAAqB,YAAkB;AAAlB,SAAU,aAAV;AATrB,SAAmB,sBAAkB;AAE7B,SAAgB,mBAAqB,CAAA;;;;;;;EAc7C,mBAAmB,cAA2B;AAC5C,SAAK,sBAAsB;;;;;;;;;;;;EAa7B,oBAAoB,uBAAuC;AACzD,SAAK,mBAAmB;AACxB,WAAO;;;;;EAMT,sBAAmB;AACjB,WAAO,KAAK;;AAEf;ACdK,IAAgB,oBAAhB,cACI,sBAAqB;EAD/B,cAAA;;AAKU,SAAM,SAAa,CAAA;;;;;;;EAO3B,SAAS,OAAa;AAEpB,QAAI,CAAC,KAAK,OAAO,SAAS,KAAK,GAAG;AAChC,WAAK,OAAO,KAAK,KAAK;;AAExB,WAAO;;;;;EAMT,YAAS;AACP,WAAO,CAAC,GAAG,KAAK,MAAM;;AAEzB;AA0CK,IAAO,gBAAP,MAAO,uBAAsB,kBAAiB;;;;;EAKlD,OAAO,mBAAmB,MAAqB;AAC7C,UAAM,MAAM,OAAO,SAAS,WAAW,KAAK,MAAM,IAAI,IAAI;AAC1D;MACE,gBAAgB,OAAO,kBAAkB;MAAG;;IAAA;AAG9C,WAAO,gBAAgB,YAAY,GAAG;;;;;;;;;;;;;;;;;;;;;;;EAwBxC,WAAW,QAA8B;AACvC,WAAO,KAAK,YAAY,EAAE,GAAG,QAAQ,OAAO,OAAO,SAAQ,CAAE;;;EAIvD,YACN,QAAkE;AAElE;MAAQ,OAAO,WAAW,OAAO;MAAW;;IAAA;AAE5C,WAAO,gBAAgB,YAAY;MACjC,GAAG;MACH,YAAY,KAAK;MACjB,cAAc,KAAK;IACpB,CAAA;;;;;;;EAQH,OAAO,qBACL,gBAA8B;AAE9B,WAAO,eAAc,gCACnB,cAAwC;;;;;;;;EAS5C,OAAO,oBAAoB,OAAoB;AAC7C,WAAO,eAAc,gCAClB,MAAM,cAAc,CAAA,CAAE;;EAInB,OAAO,gCAAgC,EAC7C,gBAAgB,cAAa,GACL;AACxB,QAAI,CAAC,eAAe;AAClB,aAAO;;AAGT,UAAM,EACJ,cACA,kBACA,kBACA,cACA,OACA,WAAU,IACR;AACJ,QACE,CAAC,oBACD,CAAC,oBACD,CAAC,gBACD,CAAC,cACD;AACA,aAAO;;AAGT,QAAI,CAAC,YAAY;AACf,aAAO;;AAGT,QAAI;AACF,aAAO,IAAI,eAAc,UAAU,EAAE,YAAY;QAC/C,SAAS;QACT,aAAa;QACb;QACA;MACD,CAAA;aACM,GAAG;AACV,aAAO;;;AAGZ;ACpLK,IAAO,uBAAP,MAAO,8BAA6B,kBAAiB;EAOzD,cAAA;AACE;MAAK;;IAAA;;;;;;;;;;;;;;EAeP,OAAO,WAAW,aAAmB;AACnC,WAAO,gBAAgB,YAAY;MACjC,YAAY,sBAAqB;MACjC,cAAc,sBAAqB;MACnC;IACD,CAAA;;;;;;;EAQH,OAAO,qBACL,gBAA8B;AAE9B,WAAO,sBAAqB,2BAC1B,cAAwC;;;;;;;;EAU5C,OAAO,oBAAoB,OAAoB;AAC7C,WAAO,sBAAqB,2BACzB,MAAM,cAAc,CAAA,CAAE;;EAInB,OAAO,2BAA2B,EACxC,gBAAgB,cAAa,GACL;AACxB,QAAI,CAAC,iBAAiB,EAAE,sBAAsB,gBAAgB;AAC5D,aAAO;;AAGT,QAAI,CAAC,cAAc,kBAAkB;AACnC,aAAO;;AAGT,QAAI;AACF,aAAO,sBAAqB,WAAW,cAAc,gBAAgB;YAC/D;AACN,aAAO;;;;AApEK,qBAAA,0BACQ;AAER,qBAAA,cAAkD;ACF9D,IAAO,qBAAP,MAAO,4BAA2B,kBAAiB;EAMvD,cAAA;AACE;MAAK;;IAAA;AACL,SAAK,SAAS,SAAS;;;;;;;;;;;;;;;EAgBzB,OAAO,WACL,SACA,aAA2B;AAE3B,WAAO,gBAAgB,YAAY;MACjC,YAAY,oBAAmB;MAC/B,cAAc,oBAAmB;MACjC;MACA;IACD,CAAA;;;;;;;EAQH,OAAO,qBACL,gBAA8B;AAE9B,WAAO,oBAAmB,2BACxB,cAAwC;;;;;;;;EAS5C,OAAO,oBAAoB,OAAoB;AAC7C,WAAO,oBAAmB,2BACvB,MAAM,cAAc,CAAA,CAAE;;EAInB,OAAO,2BAA2B,EACxC,gBAAgB,cAAa,GACL;AACxB,QAAI,CAAC,eAAe;AAClB,aAAO;;AAGT,UAAM,EAAE,cAAc,iBAAgB,IACpC;AACF,QAAI,CAAC,gBAAgB,CAAC,kBAAkB;AAEtC,aAAO;;AAGT,QAAI;AACF,aAAO,oBAAmB,WAAW,cAAc,gBAAgB;YAC7D;AACN,aAAO;;;;AA3EK,mBAAA,wBAA0D;AAE1D,mBAAA,cAA8C;ACJ1D,IAAO,qBAAP,MAAO,4BAA2B,kBAAiB;EAMvD,cAAA;AACE;MAAK;;IAAA;;;;;;;EAQP,OAAO,WAAW,aAAmB;AACnC,WAAO,gBAAgB,YAAY;MACjC,YAAY,oBAAmB;MAC/B,cAAc,oBAAmB;MACjC;IACD,CAAA;;;;;;;EAQH,OAAO,qBACL,gBAA8B;AAE9B,WAAO,oBAAmB,2BACxB,cAAwC;;;;;;;;EAU5C,OAAO,oBAAoB,OAAoB;AAC7C,WAAO,oBAAmB,2BACvB,MAAM,cAAc,CAAA,CAAE;;EAInB,OAAO,2BAA2B,EACxC,gBAAgB,cAAa,GACL;AACxB,QAAI,CAAC,iBAAiB,EAAE,sBAAsB,gBAAgB;AAC5D,aAAO;;AAGT,QAAI,CAAC,cAAc,kBAAkB;AACnC,aAAO;;AAGT,QAAI;AACF,aAAO,oBAAmB,WAAW,cAAc,gBAAgB;YAC7D;AACN,aAAO;;;;AA5DK,mBAAA,wBAA0D;AAE1D,mBAAA,cAA8C;ACzChE,IAAM,kBAAkB;AAKlB,IAAO,qBAAP,MAAO,4BAA2B,eAAc;;EAEpD,YACE,YACiB,cAAoB;AAErC,UAAM,YAAY,UAAU;AAFX,SAAY,eAAZ;;;EAMnB,oBAAoB,MAAkB;AACpC,UAAM,UAAU,KAAK,aAAY;AACjC,WAAO,cAAc,MAAM,OAAO;;;EAIpC,eACE,MACA,SAAe;AAEf,UAAM,UAAU,KAAK,aAAY;AACjC,YAAQ,UAAU;AAClB,WAAO,cAAc,MAAM,OAAO;;;EAIpC,6BAA6B,MAAkB;AAC7C,UAAM,UAAU,KAAK,aAAY;AACjC,YAAQ,aAAa;AACrB,WAAO,cAAc,MAAM,OAAO;;;EAIpC,SAAM;AACJ,WAAO;MACL,cAAc,KAAK;MACnB,YAAY,KAAK;MACjB,cAAc,KAAK;;;;;;;;;;;;EAavB,OAAO,SAAS,MAAqB;AACnC,UAAM,MAAM,OAAO,SAAS,WAAW,KAAK,MAAM,IAAI,IAAI;AAC1D,UAAM,EAAE,YAAY,cAAc,aAAY,IAC5C;AACF,QACE,CAAC,cACD,CAAC,gBACD,CAAC,gBACD,eAAe,cACf;AACA,aAAO;;AAGT,WAAO,IAAI,oBAAmB,YAAY,YAAY;;;;;;;EAQxD,OAAO,QAAQ,YAAoB,cAAoB;AACrD,WAAO,IAAI,oBAAmB,YAAY,YAAY;;EAGhD,eAAY;AAClB,WAAO;MACL,YAAY;MACZ,mBAAmB;MACnB,cAAc,KAAK;;;AAGxB;AC1FD,IAAM,uBAAuB;AAOvB,IAAO,mBAAP,MAAO,0BAAyB,sBAAqB;;;;;EAKzD,YAAY,YAAkB;AAC5B;MACE,WAAW,WAAW,oBAAoB;MAAC;;IAAA;AAG7C,UAAM,UAAU;;;;;;;;;;;;;;;;;;EAmBlB,OAAO,qBACL,gBAA8B;AAE9B,WAAO,kBAAiB,+BACtB,cAAwC;;;;;;;;EAU5C,OAAO,oBAAoB,OAAoB;AAC7C,WAAO,kBAAiB,+BACrB,MAAM,cAAc,CAAA,CAAE;;;;;;EAQ3B,OAAO,mBAAmB,MAAqB;AAC7C,UAAM,aAAa,mBAAmB,SAAS,IAAI;AACnD;MAAQ;MAAU;;IAAA;AAClB,WAAO;;EAGD,OAAO,+BAA+B,EAC5C,gBAAgB,cAAa,GACL;AACxB,QAAI,CAAC,eAAe;AAClB,aAAO;;AAGT,UAAM,EAAE,cAAc,WAAU,IAAK;AAErC,QAAI,CAAC,gBAAgB,CAAC,YAAY;AAChC,aAAO;;AAGT,QAAI;AACF,aAAO,mBAAmB,QAAQ,YAAY,YAAY;aACnD,GAAG;AACV,aAAO;;;AAGZ;AC9BK,IAAO,sBAAP,MAAO,6BAA4B,kBAAiB;EAMxD,cAAA;AACE;MAAK;;IAAA;;;;;;;;EASP,OAAO,WAAW,OAAe,QAAc;AAC7C,WAAO,gBAAgB,YAAY;MACjC,YAAY,qBAAoB;MAChC,cAAc,qBAAoB;MAClC,YAAY;MACZ,kBAAkB;IACnB,CAAA;;;;;;;EAQH,OAAO,qBACL,gBAA8B;AAE9B,WAAO,qBAAoB,2BACzB,cAAwC;;;;;;;;EAU5C,OAAO,oBAAoB,OAAoB;AAC7C,WAAO,qBAAoB,2BACxB,MAAM,cAAc,CAAA,CAAE;;EAInB,OAAO,2BAA2B,EACxC,gBAAgB,cAAa,GACL;AACxB,QAAI,CAAC,eAAe;AAClB,aAAO;;AAET,UAAM,EAAE,kBAAkB,iBAAgB,IACxC;AACF,QAAI,CAAC,oBAAoB,CAAC,kBAAkB;AAC1C,aAAO;;AAGT,QAAI;AACF,aAAO,qBAAoB,WAAW,kBAAkB,gBAAgB;YAClE;AACN,aAAO;;;;AA/DK,oBAAA,yBAA6D;AAE7D,oBAAA,cAAgD;AC3C3D,eAAe,OACpB,MACA,SAAsB;AAEtB,SAAO,sBACL,MAGA,QAAA,uBAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;ICvBa,2BAAA,oBAAkB;EAQ7B,YAAY,QAA4B;AACtC,SAAK,OAAO,OAAO;AACnB,SAAK,aAAa,OAAO;AACzB,SAAK,iBAAiB,OAAO;AAC7B,SAAK,gBAAgB,OAAO;;EAG9B,aAAa,qBACX,MACA,eACA,iBACA,cAAuB,OAAK;AAE5B,UAAM,OAAO,MAAM,SAAS,qBAC1B,MACA,iBACA,WAAW;AAEb,UAAM,aAAa,sBAAsB,eAAe;AACxD,UAAM,WAAW,IAAI,oBAAmB;MACtC;MACA;MACA,gBAAgB;MAChB;IACD,CAAA;AACD,WAAO;;EAGT,aAAa,cACX,MACA,eACA,UAAmC;AAEnC,UAAM,KAAK;MAAyB;;MAAuB;IAAI;AAC/D,UAAM,aAAa,sBAAsB,QAAQ;AACjD,WAAO,IAAI,oBAAmB;MAC5B;MACA;MACA,gBAAgB;MAChB;IACD,CAAA;;AAEJ;AAED,SAAS,sBACP,UAAyB;AAEzB,MAAI,SAAS,YAAY;AACvB,WAAO,SAAS;;AAGlB,MAAI,iBAAiB,UAAU;AAC7B,WAAwB;;AAG1B,SAAO;AACT;ACvDO,eAAe,kBAAkB,MAAU;AAChD,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,eAAe,UAAU,IAAI;AACnC,QAAM,aAAa;AACnB,MAAI,aAAa,aAAa,aAAa;AAEzC,WAAO,IAAI,mBAAmB;MAC5B,MAAM,aAAa;MACnB,YAAY;MACZ,eAAoC;;IACrC,CAAA;;AAEH,QAAM,WAAW,MAAM,OAAO,cAAc;IAC1C,mBAAmB;EACpB,CAAA;AACD,QAAM,iBAAiB,MAAM,mBAAmB,qBAC9C,cAEA,UAAA,UACA,IAAI;AAEN,QAAM,aAAa,mBAAmB,eAAe,IAAI;AACzD,SAAO;AACT;ACpCM,IAAO,mBAAP,MAAO,0BACH,cAAa;EAKrB,YACE,MACA,OACS,eACA,MAAmB;AAE5B,UAAM,MAAM,MAAM,MAAM,OAAO;AAHtB,SAAa,gBAAb;AACA,SAAI,OAAJ;AAIT,WAAO,eAAe,MAAM,kBAAiB,SAAS;AACtD,SAAK,aAAa;MAChB,SAAS,KAAK;MACd,UAAU,KAAK,YAAY;MAC3B,iBAAiB,MAAM,WAAY;MACnC;;;EAIJ,OAAO,uBACL,MACA,OACA,eACA,MAAmB;AAEnB,WAAO,IAAI,kBAAiB,MAAM,OAAO,eAAe,IAAI;;AAE/D;AAEK,SAAU,8CACd,MACA,eACA,YACA,MAAmB;AAEnB,QAAM,kBACJ,kBAA8C,mBAC1C,WAAW,6BAA6B,IAAI,IAC5C,WAAW,oBAAoB,IAAI;AAEzC,SAAO,gBAAgB,MAAM,WAAQ;AACnC,QAAI,MAAM,SAAS,QAAQ,4BAA0B,IAAI;AACvD,YAAM,iBAAiB,uBACrB,MACA,OACA,eACA,IAAI;;AAIR,UAAM;EACR,CAAC;AACH;AC/DM,SAAU,oBACd,cAAiB;AAEjB,SAAO,IAAI,IACT,aACG,IAAI,CAAC,EAAE,WAAU,MAAO,UAAU,EAClC,OAAO,SAAO,CAAC,CAAC,GAAG,CAAa;AAEvC;ACOO,eAAe,OAAO,MAAY,YAAkB;AACzD,QAAM,eAAe,mBAAmB,IAAI;AAC5C,QAAM,oBAAoB,MAAM,cAAc,UAAU;AACxD,QAAM,EAAE,iBAAgB,IAAK,MAAM,qBAAqB,aAAa,MAAM;IACzE,SAAS,MAAM,aAAa,WAAU;IACtC,gBAAgB,CAAC,UAAU;EAC5B,CAAA;AAED,QAAM,gBAAgB,oBAAoB,oBAAoB,CAAA,CAAE;AAEhE,eAAa,eAAe,aAAa,aAAa,OAAO,QAC3D,cAAc,IAAI,GAAG,UAAU,CAAC;AAElC,MAAI,CAAC,cAAc;IAAG;;EAAA,GAAoB;AACxC,iBAAa,cAAc;;AAG7B,QAAM,aAAa,KAAK,sBAAsB,YAAY;AAC1D,SAAO;AACT;AAEO,eAAeC,QACpB,MACA,YACA,kBAAkB,OAAK;AAEvB,QAAM,WAAW,MAAM,qBACrB,MACA,WAAW,eAAe,KAAK,MAAM,MAAM,KAAK,WAAU,CAAE,GAC5D,eAAe;AAEjB,SAAO,mBAAmB,cAAc,MAA0B,QAAA,QAAQ;AAC5E;AAEO,eAAe,oBACpB,UACA,MACA,UAAgB;AAEhB,QAAM,qBAAqB,IAAI;AAC/B,QAAM,cAAc,oBAAoB,KAAK,YAAY;AAEzD,QAAM,OACJ,aAAa,QACV,4BACD;AACJ,UAAQ,YAAY,IAAI,QAAQ,MAAM,UAAU,KAAK,MAAM,IAAI;AACjE;ACxDO,eAAe,gBACpB,MACA,YACA,kBAAkB,OAAK;AAEvB,QAAM,EAAE,KAAI,IAAK;AACjB,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,gBAAa;AAEnB,MAAI;AACF,UAAM,WAAW,MAAM,qBACrB,MACA,8CACE,MACA,eACA,YACA,IAAI,GAEN,eAAe;AAEjB;MAAQ,SAAS;MAAS;MAAI;;IAAA;AAC9B,UAAM,SAAS,YAAY,SAAS,OAAO;AAC3C;MAAQ;MAAQ;MAAI;;IAAA;AAEpB,UAAM,EAAE,KAAK,QAAO,IAAK;AACzB;MAAQ,KAAK,QAAQ;MAAS;MAAI;;IAAA;AAElC,WAAO,mBAAmB,cAAc,MAAM,eAAe,QAAQ;WAC9D,GAAG;AAEV,QAAK,GAAqB,SAAS,QAAQ,gBAA0B,IAAI;AACvE;QAAM;QAAI;;MAAA;;AAEZ,UAAM;;AAEV;ACrCO,eAAe,sBACpB,MACA,YACA,kBAAkB,OAAK;AAEvB,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,gBAAa;AACnB,QAAM,WAAW,MAAM,8CACrB,MACA,eACA,UAAU;AAEZ,QAAM,iBAAiB,MAAM,mBAAmB,qBAC9C,MACA,eACA,QAAQ;AAGV,MAAI,CAAC,iBAAiB;AACpB,UAAM,KAAK,mBAAmB,eAAe,IAAI;;AAEnD,SAAO;AACT;AAgBO,eAAe,qBACpB,MACA,YAA0B;AAE1B,SAAO,sBAAsB,UAAU,IAAI,GAAG,UAAU;AAC1D;AAaO,eAAe,mBACpB,MACA,YAA0B;AAE1B,QAAM,eAAe,mBAAmB,IAAI;AAE5C,QAAM,oBAAoB,OAAO,cAAc,WAAW,UAAU;AAEpE,SAAOA,QAAM,cAAc,UAAU;AACvC;AAkBO,eAAe,6BACpB,MACA,YAA0B;AAE1B,SAAO,gBAAgB,mBAAmB,IAAI,GAAmB,UAAU;AAC7E;AC1FO,eAAeC,wBACpB,MACA,SAAqC;AAErC,SAAO,sBAIL,MAGA,QAAA,sCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;ACFO,eAAe,sBACpB,MACA,aAAmB;AAEnB,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,eAAe,UAAU,IAAI;AACnC,QAAM,WAA4B,MAAMC,wBAAmB,cAAc;IACvE,OAAO;IACP,mBAAmB;EACpB,CAAA;AACD,QAAM,OAAO,MAAM,mBAAmB,qBACpC,cAAY,UAEZ,QAAQ;AAEV,QAAM,aAAa,mBAAmB,KAAK,IAAI;AAC/C,SAAO;AACT;IClCsB,4BAAmB;EAKvC,YAA+B,UAAoB,UAAuB;AAA3C,SAAQ,WAAR;AAC7B,SAAK,MAAM,SAAS;AACpB,SAAK,iBAAiB,IAAI,KAAK,SAAS,UAAU,EAAE,YAAW;AAC/D,SAAK,cAAc,SAAS;;EAG9B,OAAO,oBACL,MACA,YAAyB;AAEzB,QAAI,eAAe,YAAY;AAC7B,aAAO,yBAAyB,oBAAoB,MAAM,UAAU;eAC3D,cAAc,YAAY;AACnC,aAAO,wBAAwB,oBAAoB,MAAM,UAAU;;AAErE,WAAO;MAAM;MAAI;;IAAA;;AAEpB;AAEK,IAAO,2BAAP,MAAO,kCACH,oBAAmB;EAK3B,YAAoB,UAA4B;AAC9C,UAAK,SAAiB,QAAQ;AAC9B,SAAK,cAAc,SAAS;;EAG9B,OAAO,oBACL,OACA,YAAyB;AAEzB,WAAO,IAAI,0BAAyB,UAAgC;;AAEvE;AACK,IAAO,0BAAP,MAAO,iCACH,oBAAmB;EAG3B,YAAoB,UAA2B;AAC7C,UAAK,QAAgB,QAAQ;;EAG/B,OAAO,oBACL,OACA,YAAyB;AAEzB,WAAO,IAAI,yBAAwB,UAA+B;;AAErE;SCjEe,gCACd,MACA,SACA,oBAAsC;AAEtC;IACE,mBAAmB,KAAK,SAAS;IACjC;IAAI;;EAAA;AAGN;IACE,OAAO,mBAAmB,sBAAsB,eAC9C,mBAAmB,kBAAkB,SAAS;IAChD;IAAI;;EAAA;AAGN;IACE,OAAO,mBAAmB,eAAe,eACvC,mBAAmB,WAAW,SAAS;IACzC;IAAI;;EAAA;AAIN,UAAQ,cAAc,mBAAmB;AACzC,UAAQ,oBAAoB,mBAAmB;AAC/C,UAAQ,aAAa,mBAAmB;AACxC,UAAQ,qBAAqB,mBAAmB;AAEhD,MAAI,mBAAmB,KAAK;AAC1B;MACE,mBAAmB,IAAI,SAAS,SAAS;MACzC;MAAI;;IAAA;AAGN,YAAQ,cAAc,mBAAmB,IAAI;;AAG/C,MAAI,mBAAmB,SAAS;AAC9B;MACE,mBAAmB,QAAQ,YAAY,SAAS;MAChD;MAAI;;IAAA;AAGN,YAAQ,oBAAoB,mBAAmB,QAAQ;AACvD,YAAQ,4BACN,mBAAmB,QAAQ;AAC7B,YAAQ,qBAAqB,mBAAmB,QAAQ;;AAE5D;ACRA,eAAe,sBAAsB,MAAU;AAC7C,QAAM,eAAe,UAAU,IAAI;AACnC,MAAI,aAAa,2BAA0B,GAAI;AAC7C,UAAM,aAAa,sBAAqB;;AAE5C;AAqCO,eAAe,uBACpB,MACA,OACA,oBAAuC;AAEvC,QAAM,eAAe,UAAU,IAAI;AACnC,QAAM,UAA+C;IACnD,aAA+C;IAC/C;IACA,YAAmC;;;AAErC,MAAI,oBAAoB;AACtB,oCAAgC,cAAc,SAAS,kBAAkB;;AAE3E,QAAM;IACJ;IACA;IAAO;IAEPC;IAAqC;;EAAA;AAGzC;AAWO,eAAe,qBACpB,MACA,SACA,aAAmB;AAEnB,QAAMC,cACW,mBAAmB,IAAI,GAAG;IACvC;IACA;GACD,EACA,MAAM,OAAM,UAAQ;AACnB,QACE,MAAM,SACN,QAAQ,qCAAA,IACR;AACA,WAAK,sBAAsB,IAAI;;AAGjC,UAAM;EACR,CAAC;AAEL;AAUO,eAAe,gBACpB,MACA,SAAe;AAEf,QAAMC,kBAAwB,mBAAmB,IAAI,GAAG,EAAE,QAAO,CAAE;AACrE;AAYO,eAAe,gBACpB,MACA,SAAe;AAEf,QAAM,cAAc,mBAAmB,IAAI;AAC3C,QAAM,WAAW,MAAMC,cAAsB,aAAa,EAAE,QAAO,CAAE;AAQrE,QAAM,YAAY,SAAS;AAC3B;IAAQ;IAAW;IAAW;;EAAA;AAC9B,UAAQ,WAAS;IACf,KAAA;AACE;IACF,KAAA;AACE;QAAQ,SAAS;QAAU;QAAW;;MAAA;AACtC;IACF,KAAA;AACE;QAAQ,SAAS;QAAS;QAAW;;MAAA;;IAEvC;AACE;QAAQ,SAAS;QAAO;QAAW;;MAAA;;AAIvC,MAAI,kBAA8C;AAClD,MAAI,SAAS,SAAS;AACpB,sBAAkB,oBAAoB,oBACpC,UAAU,WAAW,GACrB,SAAS,OAAO;;AAIpB,SAAO;IACL,MAAM;MACJ,QACG,SAAS,gBAA2D,4BACjE,SAAS,WACT,SAAS,UAAU;MACzB,gBACG,SAAS,gBAA2D,4BACjE,SAAS,QACT,SAAS,aAAa;MAC5B;IACD;IACD;;AAEJ;AAYO,eAAe,wBACpB,MACA,MAAY;AAEZ,QAAM,EAAE,KAAI,IAAK,MAAM,gBAAgB,mBAAmB,IAAI,GAAG,IAAI;AAErE,SAAO,KAAK;AACd;AAsBO,eAAe,+BACpB,MACA,OACA,UAAgB;AAEhB,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,eAAe,UAAU,IAAI;AACnC,QAAM,UAAyB;IAC7B,mBAAmB;IACnB;IACA;IACA,YAAmC;;;AAErC,QAAM,iBAA2C;IAC/C;IACA;IAAO;IAEP;IAAM;;EAAA;AAGR,QAAM,WAAW,MAAM,eAAe,MAAM,WAAQ;AAClD,QACE,MAAM,SAAS,QAAQ,qCAAiD,IACxE;AACA,WAAK,sBAAsB,IAAI;;AAGjC,UAAM;EACR,CAAC;AAED,QAAM,iBAAiB,MAAM,mBAAmB,qBAC9C,cAAY,UAEZ,QAAQ;AAEV,QAAM,aAAa,mBAAmB,eAAe,IAAI;AAEzD,SAAO;AACT;SAyBgB,2BACd,MACA,OACA,UAAgB;AAEhB,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,SAAO,qBACL,mBAAmB,IAAI,GACvB,kBAAkB,WAAW,OAAO,QAAQ,CAAC,EAC7C,MAAM,OAAM,UAAQ;AACpB,QACE,MAAM,SAAS,QAAQ,qCAAiD,IACxE;AACA,WAAK,sBAAsB,IAAI;;AAGjC,UAAM;EACR,CAAC;AACH;AC7RO,eAAe,sBACpB,MACA,OACA,oBAAsC;AAEtC,QAAM,eAAe,UAAU,IAAI;AACnC,QAAM,UAAkC;IACtC,aAA6C;IAC7C;IACA,YAAmC;;;AAErC,WAAS,sBACPC,UACAC,qBAAsC;AAEtC;MACEA,oBAAmB;MACnB;MAAY;;IAAA;AAGd,QAAIA,qBAAoB;AACtB,sCACE,cACAD,UACAC,mBAAkB;;;AAIxB,wBAAsB,SAAS,kBAAkB;AACjD,QAAM;IACJ;IACA;IAAO;IAEPC;IAAyB;;EAAA;AAG7B;AAUgB,SAAA,sBAAsB,MAAY,WAAiB;AACjE,QAAM,gBAAgB,cAAc,UAAU,SAAS;AACvD,SAAO,eAAe,cAAS;AACjC;AA2CO,eAAe,oBACpB,MACA,OACA,WAAkB;AAElB,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,cAAc,mBAAmB,IAAI;AAC3C,QAAM,aAAa,kBAAkB,mBACnC,OACA,aAAa,eAAc,CAAE;AAI/B;IACE,WAAW,eAAe,YAAY,YAAY;IAClD;IAAW;;EAAA;AAGb,SAAO,qBAAqB,aAAa,UAAU;AACrD;ACjKO,eAAe,cACpB,MACA,SAA6B;AAE7B,SAAO,mBACL,MAGA,QAAA,8BAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;ACSO,eAAe,2BACpB,MACA,OAAa;AAKb,QAAM,cAAc,eAAc,IAAK,eAAc,IAAK;AAC1D,QAAM,UAAgC;IACpC,YAAY;IACZ;;AAGF,QAAM,EAAE,cAAa,IAAK,MAAM,cAC9B,mBAAmB,IAAI,GACvB,OAAO;AAGT,SAAO,iBAAiB,CAAA;AAC1B;AAgCO,eAAe,sBACpB,MACA,oBAA8C;AAE9C,QAAM,eAAe,mBAAmB,IAAI;AAC5C,QAAM,UAAU,MAAM,KAAK,WAAU;AACrC,QAAM,UAAkC;IACtC,aAA6C;IAC7C;;AAEF,MAAI,oBAAoB;AACtB,oCACE,aAAa,MACb,SACA,kBAAkB;;AAItB,QAAM,EAAE,MAAK,IAAK,MAAMC,wBAA0B,aAAa,MAAM,OAAO;AAE5E,MAAI,UAAU,KAAK,OAAO;AACxB,UAAM,KAAK,OAAM;;AAErB;AAoCO,eAAe,wBACpB,MACA,UACA,oBAA8C;AAE9C,QAAM,eAAe,mBAAmB,IAAI;AAC5C,QAAM,UAAU,MAAM,KAAK,WAAU;AACrC,QAAM,UAA2C;IAC/C,aAAwD;IACxD;IACA;;AAEF,MAAI,oBAAoB;AACtB,oCACE,aAAa,MACb,SACA,kBAAkB;;AAItB,QAAM,EAAE,MAAK,IAAK,MAAMC,qBAAyB,aAAa,MAAM,OAAO;AAE3E,MAAI,UAAU,KAAK,OAAO;AAGxB,UAAM,KAAK,OAAM;;AAErB;AC9JO,eAAeC,gBACpB,MACA,SAA6B;AAE7B,SAAO,mBACL,MAGA,QAAA,uBAAA,OAAO;AAEX;ACJO,eAAe,cACpB,MACA,EACE,aACA,UAAU,SAAQ,GACwC;AAE5D,MAAI,gBAAgB,UAAa,aAAa,QAAW;AACvD;;AAGF,QAAM,eAAe,mBAAmB,IAAI;AAC5C,QAAM,UAAU,MAAM,aAAa,WAAU;AAC7C,QAAM,iBAAiB;IACrB;IACA;IACA;IACA,mBAAmB;;AAErB,QAAM,WAAW,MAAM,qBACrB,cACAC,gBAAiB,aAAa,MAAM,cAAc,CAAC;AAGrD,eAAa,cAAc,SAAS,eAAe;AACnD,eAAa,WAAW,SAAS,YAAY;AAG7C,QAAM,mBAAmB,aAAa,aAAa;IACjD,CAAC,EAAE,WAAU,MAAO,eAAU;;EAAA;AAEhC,MAAI,kBAAkB;AACpB,qBAAiB,cAAc,aAAa;AAC5C,qBAAiB,WAAW,aAAa;;AAG3C,QAAM,aAAa,yBAAyB,QAAQ;AACtD;AA0BgB,SAAA,YAAY,MAAY,UAAgB;AACtD,QAAM,eAAe,mBAAmB,IAAI;AAC5C,MAAI,qBAAqB,aAAa,KAAK,GAAG,GAAG;AAC/C,WAAO,QAAQ,OACb,gDAAgD,aAAa,IAAI,CAAC;;AAGtE,SAAO,sBAAsB,cAAc,UAAU,IAAI;AAC3D;AAegB,SAAA,eAAe,MAAY,aAAmB;AAC5D,SAAO,sBACL,mBAAmB,IAAI,GACvB,MACA,WAAW;AAEf;AAEA,eAAe,sBACb,MACA,OACA,UAAuB;AAEvB,QAAM,EAAE,KAAI,IAAK;AACjB,QAAM,UAAU,MAAM,KAAK,WAAU;AACrC,QAAM,UAAsC;IAC1C;IACA,mBAAmB;;AAGrB,MAAI,OAAO;AACT,YAAQ,QAAQ;;AAGlB,MAAI,UAAU;AACZ,YAAQ,WAAW;;AAGrB,QAAM,WAAW,MAAM,qBACrB,MACAC,oBAAuB,MAAM,OAAO,CAAC;AAEvC,QAAM,KAAK;IAAyB;;IAAuB;EAAI;AACjE;ACnIM,SAAU,qBACd,iBAAiC;AAEjC,MAAI,CAAC,iBAAiB;AACpB,WAAO;;AAET,QAAM,EAAE,WAAU,IAAK;AACvB,QAAM,UAAU,gBAAgB,cAC5B,KAAK,MAAM,gBAAgB,WAAW,IACtC,CAAA;AACJ,QAAM,YACJ,gBAAgB,aAChB,gBAAgB,SAAI;AACtB,MAAI,CAAC,cAAc,iBAAiB,SAAS;AAC3C,UAAM,iBAAiB,YAAY,gBAAgB,OAAO,GAAG,WAC3D,kBAAkB;AAEpB,QAAI,gBAAgB;AAClB,YAAM,qBACJ,mBAAuC,eACvC,mBAAoC,WAC/B,iBACD;AAEN,aAAO,IAAI,0BAA0B,WAAW,kBAAkB;;;AAGtE,MAAI,CAAC,YAAY;AACf,WAAO;;AAET,UAAQ,YAAU;IAChB,KAAA;AACE,aAAO,IAAI,2BAA2B,WAAW,OAAO;IAC1D,KAAA;AACE,aAAO,IAAI,yBAAyB,WAAW,OAAO;IACxD,KAAA;AACE,aAAO,IAAI,yBAAyB,WAAW,OAAO;IACxD,KAAA;AACE,aAAO,IAAI,0BACT,WACA,SACA,gBAAgB,cAAc,IAAI;IAEtC,KAAuB;IACvB,KAAA;AACE,aAAO,IAAI,0BAA0B,WAAW,IAAI;IACtD;AACE,aAAO,IAAI,0BAA0B,WAAW,YAAY,OAAO;;AAEzE;AAEA,IAAM,4BAAN,MAA+B;EAC7B,YACW,WACA,YACA,UAAmC,CAAA,GAAE;AAFrC,SAAS,YAAT;AACA,SAAU,aAAV;AACA,SAAO,UAAP;;AAEZ;AAED,IAAM,0CAAN,cAAsD,0BAAyB;EAC7E,YACE,WACA,YACA,SACS,UAAuB;AAEhC,UAAM,WAAW,YAAY,OAAO;AAF3B,SAAQ,WAAR;;AAIZ;AAED,IAAM,6BAAN,cAAyC,0BAAyB;EAChE,YAAY,WAAoB,SAAgC;AAC9D,UAAM,WAAgC,gBAAA,OAAO;;AAEhD;AAED,IAAM,2BAAN,cAAuC,wCAAuC;EAC5E,YAAY,WAAoB,SAAgC;AAC9D,UACE,WAEA,cAAA,SACA,OAAO,SAAS,UAAU,WAAW,SAAS,QAAQ,IAAI;;AAG/D;AAED,IAAM,2BAAN,cAAuC,0BAAyB;EAC9D,YAAY,WAAoB,SAAgC;AAC9D,UAAM,WAA8B,cAAA,OAAO;;AAE9C;AAED,IAAM,4BAAN,cAAwC,wCAAuC;EAC7E,YACE,WACA,SACA,YAAyB;AAEzB,UAAM,WAAS,eAAsB,SAAS,UAAU;;AAE3D;AASK,SAAU,sBACd,gBAA8B;AAE9B,QAAM,EAAE,MAAM,eAAc,IAAK;AACjC,MAAI,KAAK,eAAe,CAAC,gBAAgB;AAGvC,WAAO;MACL,YAAY;MACZ,WAAW;MACX,SAAS;;;AAIb,SAAO,qBAAqB,cAAc;AAC5C;AC1FgB,SAAA,eACd,MACA,aAAwB;AAExB,SAAO,mBAAmB,IAAI,EAAE,eAAe,WAAW;AAC5D;AA6BM,SAAU,0BAA0B,MAAU;AAClD,SAAO,2BAA2B,IAAI;AACxC;AAyBO,eAAe,iBACpB,MACA,UAAgB;AAEhB,QAAM,eAAe,UAAU,IAAI;AACnC,SAAO,aAAa,iBAAiB,QAAQ;AAC/C;AAkBM,SAAU,iBACd,MACA,gBACA,OACA,WAAsB;AAEtB,SAAO,mBAAmB,IAAI,EAAE,iBAC9B,gBACA,OACA,SAAS;AAEb;SAWgB,uBACd,MACA,UACA,SAAoB;AAEpB,SAAO,mBAAmB,IAAI,EAAE,uBAAuB,UAAU,OAAO;AAC1E;AAgBM,SAAU,mBACd,MACA,gBACA,OACA,WAAsB;AAEtB,SAAO,mBAAmB,IAAI,EAAE,mBAC9B,gBACA,OACA,SAAS;AAEb;AAQM,SAAU,kBAAkB,MAAU;AAC1C,qBAAmB,IAAI,EAAE,kBAAiB;AAC5C;AAsBgB,SAAA,kBACd,MACA,MAAiB;AAEjB,SAAO,mBAAmB,IAAI,EAAE,kBAAkB,IAAI;AACxD;AAYM,SAAU,QAAQ,MAAU;AAChC,SAAO,mBAAmB,IAAI,EAAE,QAAO;AACzC;AAUgB,SAAA,kBAAkB,MAAY,OAAa;AACzD,QAAM,eAAe,UAAU,IAAI;AACnC,SAAO,aAAa,kBAAkB,KAAK;AAC7C;AA+EO,eAAe,WAAW,MAAU;AACzC,SAAO,mBAAmB,IAAI,EAAE,OAAM;AACxC;IC3Ta,+BAAA,wBAAsB;EACjC,YACW,MACA,YACA,MAAmB;AAFnB,SAAI,OAAJ;AACA,SAAU,aAAV;AACA,SAAI,OAAJ;;EAGX,OAAO,aACL,SACA,MAAmB;AAEnB,WAAO,IAAI,wBAAsB,UAE/B,SACA,IAAI;;EAIR,OAAO,0BACL,sBAA4B;AAE5B,WAAO,IAAI,wBAET,UAAA,oBAAoB;;EAIxB,SAAM;AACJ,UAAM,MACJ,KAAK,SAAsC,WACvC,YACA;AACN,WAAO;MACL,oBAAoB;QAClB,CAAC,GAAG,GAAG,KAAK;MACb;;;EAIL,OAAO,SACL,KAA0C;AAE1C,QAAI,KAAK,oBAAoB;AAC3B,UAAI,IAAI,oBAAoB,mBAAmB;AAC7C,eAAO,wBAAuB,0BAC5B,IAAI,mBAAmB,iBAAiB;iBAEjC,IAAI,oBAAoB,SAAS;AAC1C,eAAO,wBAAuB,aAC5B,IAAI,mBAAmB,OAAO;;;AAIpC,WAAO;;AAEV;ICnDY,gCAAA,yBAAuB;EAClC,YACW,SACA,OACQ,gBAEmB;AAJ3B,SAAO,UAAP;AACA,SAAK,QAAL;AACQ,SAAc,iBAAd;;;EAMnB,OAAO,WACL,YACA,OAA+B;AAE/B,UAAM,OAAO,UAAU,UAAU;AACjC,UAAM,iBAAiB,MAAM,WAAW;AACxC,UAAM,SAAS,eAAe,WAAW,CAAA,GAAI,IAAI,gBAC/C,oBAAoB,oBAAoB,MAAM,UAAU,CAAC;AAG3D;MACE,eAAe;MACf;MAAI;;IAAA;AAGN,UAAM,UAAU,uBAAuB,0BACrC,eAAe,oBAAoB;AAGrC,WAAO,IAAI,yBACT,SACA,OACA,OACE,cACmC;AACnC,YAAM,cAAc,MAAM,UAAU,SAAS,MAAM,OAAO;AAE1D,aAAO,eAAe;AACtB,aAAO,eAAe;AAGtB,YAAM,kBAAkB;QACtB,GAAG;QACH,SAAS,YAAY;QACrB,cAAc,YAAY;;AAI5B,cAAQ,MAAM,eAAa;QACzB,KAAA;AACE,gBAAM,iBACJ,MAAM,mBAAmB,qBACvB,MACA,MAAM,eACN,eAAe;AAEnB,gBAAM,KAAK,mBAAmB,eAAe,IAAI;AACjD,iBAAO;QACT,KAAA;AACE;YAAQ,MAAM;YAAM;YAAI;;UAAA;AACxB,iBAAO,mBAAmB,cACxB,MAAM,MACN,MAAM,eACN,eAAe;QAEnB;AACE;YAAM;YAAI;;UAAA;;IAEhB,CAAC;;EAIL,MAAM,cACJ,iBAAyC;AAEzC,UAAM,YAAY;AAClB,WAAO,KAAK,eAAe,SAAS;;AAEvC;AAYe,SAAA,uBACd,MACA,OAAuB;AAEvB,QAAM,cAAc,mBAAmB,IAAI;AAC3C,QAAM,gBAAgB;AACtB;IACE,MAAM,WAAW;IACjB;IAAW;;EAAA;AAGb;IACE,cAAc,WAAW,iBAAiB;IAC1C;IAAW;;EAAA;AAIb,SAAO,wBAAwB,WAAW,aAAa,aAAa;AACtE;ACrEgB,SAAA,oBACd,MACA,SAAuC;AAEvC,SAAO,mBAIL,MAGA,QAAA,oCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAYgB,SAAA,uBACd,MACA,SAA0C;AAE1C,SAAO,mBAIL,MAGA,QAAA,uCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAkBgB,SAAA,mBACd,MACA,SAAsC;AAEtC,SAAO,mBAIL,MAGA,QAAA,oCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAgBgB,SAAA,sBACd,MACA,SAAyC;AAEzC,SAAO,mBAIL,MAGA,QAAA,uCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAUgB,SAAA,YACd,MACA,SAA2B;AAE3B,SAAO,mBACL,MAGA,QAAA,uCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;ICjKa,4BAAA,qBAAmB;EAG9B,YAA6B,MAAkB;AAAlB,SAAI,OAAJ;AAF7B,SAAe,kBAAsB,CAAA;AAGnC,SAAK,UAAU,cAAW;AACxB,UAAI,SAAS,SAAS;AACpB,aAAK,kBAAkB,SAAS,QAAQ,IAAI,gBAC1C,oBAAoB,oBAAoB,KAAK,MAAM,UAAU,CAAC;;IAGpE,CAAC;;EAGH,OAAO,UAAU,MAAkB;AACjC,WAAO,IAAI,qBAAoB,IAAI;;EAGrC,MAAM,aAAU;AACd,WAAO,uBAAuB,aAC5B,MAAM,KAAK,KAAK,WAAU,GAC1B,KAAK,IAAI;;EAIb,MAAM,OACJ,iBACA,aAA2B;AAE3B,UAAM,YAAY;AAClB,UAAM,UAAW,MAAM,KAAK,WAAU;AACtC,UAAM,sBAAsB,MAAM,qBAChC,KAAK,MACL,UAAU,SAAS,KAAK,KAAK,MAAM,SAAS,WAAW,CAAC;AAI1D,UAAM,KAAK,KAAK,yBAAyB,mBAAmB;AAI5D,WAAO,KAAK,KAAK,OAAM;;EAGzB,MAAM,SAAS,WAAmC;AAChD,UAAM,kBACJ,OAAO,cAAc,WAAW,YAAY,UAAU;AACxD,UAAM,UAAU,MAAM,KAAK,KAAK,WAAU;AAC1C,QAAI;AACF,YAAM,kBAAkB,MAAM,qBAC5B,KAAK,MACL,YAAY,KAAK,KAAK,MAAM;QAC1B;QACA;MACD,CAAA,CAAC;AAGJ,WAAK,kBAAkB,KAAK,gBAAgB,OAC1C,CAAC,EAAE,IAAG,MAAO,QAAQ,eAAe;AAMtC,YAAM,KAAK,KAAK,yBAAyB,eAAe;AACxD,YAAM,KAAK,KAAK,OAAM;aACf,GAAG;AACV,YAAM;;;AAGX;AAED,IAAM,uBAAuB,oBAAI,QAAO;AAYlC,SAAU,YAAY,MAAU;AACpC,QAAM,cAAc,mBAAmB,IAAI;AAC3C,MAAI,CAAC,qBAAqB,IAAI,WAAW,GAAG;AAC1C,yBAAqB,IACnB,aACA,oBAAoB,UAAU,WAA2B,CAAC;;AAG9D,SAAO,qBAAqB,IAAI,WAAW;AAC7C;AC3FO,IAAM,wBAAwB;ICNf,gCAAuB;EAC3C,YACqB,kBACV,MAAqB;AADX,SAAgB,mBAAhB;AACV,SAAI,OAAJ;;EAGX,eAAY;AACV,QAAI;AACF,UAAI,CAAC,KAAK,SAAS;AACjB,eAAO,QAAQ,QAAQ,KAAK;;AAE9B,WAAK,QAAQ,QAAQ,uBAAuB,GAAG;AAC/C,WAAK,QAAQ,WAAW,qBAAqB;AAC7C,aAAO,QAAQ,QAAQ,IAAI;YACrB;AACN,aAAO,QAAQ,QAAQ,KAAK;;;EAIhC,KAAK,KAAa,OAAuB;AACvC,SAAK,QAAQ,QAAQ,KAAK,KAAK,UAAU,KAAK,CAAC;AAC/C,WAAO,QAAQ,QAAO;;EAGxB,KAAiC,KAAW;AAC1C,UAAM,OAAO,KAAK,QAAQ,QAAQ,GAAG;AACrC,WAAO,QAAQ,QAAQ,OAAO,KAAK,MAAM,IAAI,IAAI,IAAI;;EAGvD,QAAQ,KAAW;AACjB,SAAK,QAAQ,WAAW,GAAG;AAC3B,WAAO,QAAQ,QAAO;;EAGxB,IAAc,UAAO;AACnB,WAAO,KAAK,iBAAgB;;AAE/B;ACnCM,IAAMC,yBAAuB;AAGpC,IAAM,gCAAgC;AAEtC,IAAM,0BAAN,cACU,wBAAuB;EAK/B,cAAA;AACE;MAAM,MAAM,OAAO;MAAY;;IAAA;AAGhB,SAAA,oBAAoB,CACnC,OACA,SACS,KAAK,eAAe,OAAO,IAAI;AACzB,SAAS,YAA8C,CAAA;AACvD,SAAU,aAAkC,CAAA;AAGrD,SAAS,YAAe;AAGf,SAAiB,oBAAG,iBAAgB;AAC5C,SAAqB,wBAAG;;EAEzB,kBACN,IAA2E;AAG3E,eAAW,OAAO,OAAO,KAAK,KAAK,SAAS,GAAG;AAE7C,YAAM,WAAW,KAAK,QAAQ,QAAQ,GAAG;AACzC,YAAM,WAAW,KAAK,WAAW,GAAG;AAGpC,UAAI,aAAa,UAAU;AACzB,WAAG,KAAK,UAAU,QAAQ;;;;EAKxB,eAAe,OAAqB,OAAO,OAAK;AAEtD,QAAI,CAAC,MAAM,KAAK;AACd,WAAK,kBACH,CAACC,MAAa,WAA0B,aAA2B;AACjE,aAAK,gBAAgBA,MAAK,QAAQ;MACpC,CAAC;AAEH;;AAGF,UAAM,MAAM,MAAM;AAIlB,QAAI,MAAM;AAGR,WAAK,eAAc;WACd;AAGL,WAAK,YAAW;;AAGlB,UAAM,mBAAmB,MAAW;AAGlC,YAAMC,eAAc,KAAK,QAAQ,QAAQ,GAAG;AAC5C,UAAI,CAAC,QAAQ,KAAK,WAAW,GAAG,MAAMA,cAAa;AAGjD;;AAEF,WAAK,gBAAgB,KAAKA,YAAW;IACvC;AAEA,UAAM,cAAc,KAAK,QAAQ,QAAQ,GAAG;AAC5C,QACE,QAAO,KACP,gBAAgB,MAAM,YACtB,MAAM,aAAa,MAAM,UACzB;AAKA,iBAAW,kBAAkB,6BAA6B;WACrD;AACL,uBAAgB;;;EAIZ,gBAAgB,KAAa,OAAoB;AACvD,SAAK,WAAW,GAAG,IAAI;AACvB,UAAM,YAAY,KAAK,UAAU,GAAG;AACpC,QAAI,WAAW;AACb,iBAAW,YAAY,MAAM,KAAK,SAAS,GAAG;AAC5C,iBAAS,QAAQ,KAAK,MAAM,KAAK,IAAI,KAAK;;;;EAKxC,eAAY;AAClB,SAAK,YAAW;AAEhB,SAAK,YAAY,YAAY,MAAK;AAChC,WAAK,kBACH,CAAC,KAAa,UAAyB,aAA2B;AAChE,aAAK;UACH,IAAI,aAAa,WAAW;YAC1B;YACA;YACA;WACD;;UACU;QAAI;MAEnB,CAAC;OAEFF,sBAAoB;;EAGjB,cAAW;AACjB,QAAI,KAAK,WAAW;AAClB,oBAAc,KAAK,SAAS;AAC5B,WAAK,YAAY;;;EAIb,iBAAc;AACpB,WAAO,iBAAiB,WAAW,KAAK,iBAAiB;;EAGnD,iBAAc;AACpB,WAAO,oBAAoB,WAAW,KAAK,iBAAiB;;EAG9D,aAAa,KAAa,UAA8B;AACtD,QAAI,OAAO,KAAK,KAAK,SAAS,EAAE,WAAW,GAAG;AAK5C,UAAI,KAAK,mBAAmB;AAC1B,aAAK,aAAY;aACZ;AACL,aAAK,eAAc;;;AAGvB,QAAI,CAAC,KAAK,UAAU,GAAG,GAAG;AACxB,WAAK,UAAU,GAAG,IAAI,oBAAI,IAAG;AAE7B,WAAK,WAAW,GAAG,IAAI,KAAK,QAAQ,QAAQ,GAAG;;AAEjD,SAAK,UAAU,GAAG,EAAE,IAAI,QAAQ;;EAGlC,gBAAgB,KAAa,UAA8B;AACzD,QAAI,KAAK,UAAU,GAAG,GAAG;AACvB,WAAK,UAAU,GAAG,EAAE,OAAO,QAAQ;AAEnC,UAAI,KAAK,UAAU,GAAG,EAAE,SAAS,GAAG;AAClC,eAAO,KAAK,UAAU,GAAG;;;AAI7B,QAAI,OAAO,KAAK,KAAK,SAAS,EAAE,WAAW,GAAG;AAC5C,WAAK,eAAc;AACnB,WAAK,YAAW;;;;EAMpB,MAAM,KAAK,KAAa,OAAuB;AAC7C,UAAM,MAAM,KAAK,KAAK,KAAK;AAC3B,SAAK,WAAW,GAAG,IAAI,KAAK,UAAU,KAAK;;EAG7C,MAAM,KAAiC,KAAW;AAChD,UAAM,QAAQ,MAAM,MAAM,KAAQ,GAAG;AACrC,SAAK,WAAW,GAAG,IAAI,KAAK,UAAU,KAAK;AAC3C,WAAO;;EAGT,MAAM,QAAQ,KAAW;AACvB,UAAM,MAAM,QAAQ,GAAG;AACvB,WAAO,KAAK,WAAW,GAAG;;;AAvLrB,wBAAI,OAAY;AAiMlB,IAAM,0BAAuC;ACnNpD,IAAM,sBAAsB;AAU5B,SAAS,kBAAkBG,OAAY;AACrC,QAAM,cAAcA,MAAK,QAAQ,uBAAuB,MAAM;AAC9D,QAAM,UAAU,OAAO,GAAG,WAAW,UAAU;AAC/C,SAAO,SAAS,OAAO,MAAM,OAAO,IAAI,CAAC,KAAK;AAChD;AAGA,SAAS,cAAc,KAAW;AAIhC,QAAM,YAAY,OAAO,SAAS,aAAa;AAC/C,SAAO,GAAG,YAAY,WAAW,SAAS,YAAY,IAAI,MAAM,GAAG,EAAE,CAAC,CAAC;AACzE;IAEa,0BAAiB;EAA9B,cAAA;AAEW,SAAA,OAA8B;AACvC,SAAA,uBAA8D,oBAAI,IAAG;;;EAGrE,gBAAgB,aAAmB;AACjC,QAAI,OAAO,WAAW,QAAW;AAC/B,aAAO;;AAET,UAAM,MAAM,IAAI,IAAI,GAAG,OAAO,SAAS,MAAM,cAAc;AAC3D,QAAI,aAAa,IAAI,eAAe,WAAW;AAC/C,WAAO;;;;;EAMT,MAAM,eAAY;AAChB,QAAI,OAAO,oBAAoB,aAAa,CAAC,iBAAiB;AAC5D,aAAO;;AAET,QAAI,OAAO,cAAc,eAAe,OAAO,aAAa,aAAa;AACvE,aAAO;;AAET,WAAO,UAAU,iBAAiB;;;EAIpC,MAAM,KAAK,MAAc,QAAwB;AAC/C;;;EAIF,MAAM,KAAiC,KAAW;AAChD,QAAI,CAAC,KAAK,aAAY,GAAI;AACxB,aAAO;;AAET,UAAMA,QAAO,cAAc,GAAG;AAC9B,QAAI,OAAO,aAAa;AACtB,YAAM,SAAS,MAAM,OAAO,YAAY,IAAIA,KAAI;AAChD,aAAO,QAAQ;;AAEjB,WAAO,kBAAkBA,KAAI;;;EAI/B,MAAM,QAAQ,KAAW;AACvB,QAAI,CAAC,KAAK,aAAY,GAAI;AACxB;;AAKF,UAAM,gBAAgB,MAAM,KAAK,KAAK,GAAG;AACzC,QAAI,CAAC,eAAe;AAClB;;AAEF,UAAMA,QAAO,cAAc,GAAG;AAC9B,aAAS,SAAS,GAAGA,KAAI;AACzB,UAAM,MAAM,gBAAgB,EAAE,QAAQ,SAAQ,CAAE,EAAE,MAAM,MAAM,MAAS;;;EAIzE,aAAa,KAAa,UAA8B;AACtD,QAAI,CAAC,KAAK,aAAY,GAAI;AACxB;;AAEF,UAAMA,QAAO,cAAc,GAAG;AAC9B,QAAI,OAAO,aAAa;AACtB,YAAM,MAAM,CAAC,UAAkC;AAC7C,cAAM,gBAAgB,MAAM,QAAQ,KAClC,YAAU,OAAO,SAASA,KAAI;AAEhC,YAAI,eAAe;AACjB,mBAAS,cAAc,KAAyB;;AAElD,cAAM,gBAAgB,MAAM,QAAQ,KAClC,YAAU,OAAO,SAASA,KAAI;AAEhC,YAAI,eAAe;AACjB,mBAAS,IAAI;;MAEjB;AACA,YAAMC,eAAc,MAClB,OAAO,YAAY,oBAAoB,UAAU,EAAE;AACrD,WAAK,qBAAqB,IAAI,UAAUA,YAAW;AACnD,aAAO,OAAO,YAAY,iBAAiB,UAAU,EAAmB;;AAE1E,QAAI,YAAY,kBAAkBD,KAAI;AACtC,UAAM,WAAW,YAAY,MAAK;AAChC,YAAM,eAAe,kBAAkBA,KAAI;AAC3C,UAAI,iBAAiB,WAAW;AAC9B,iBAAS,YAAuC;AAChD,oBAAY;;OAEb,mBAAmB;AACtB,UAAM,cAAc,MAAY,cAAc,QAAQ;AACtD,SAAK,qBAAqB,IAAI,UAAU,WAAW;;EAGrD,gBAAgB,MAAc,UAA8B;AAC1D,UAAM,cAAc,KAAK,qBAAqB,IAAI,QAAQ;AAC1D,QAAI,CAAC,aAAa;AAChB;;AAEF,gBAAW;AACX,SAAK,qBAAqB,OAAO,QAAQ;;;AA1GpC,kBAAI,OAAa;AAuHnB,IAAM,2BAAwC;AC3IrD,IAAM,4BAAN,cACU,wBAAuB;EAK/B,cAAA;AACE;MAAM,MAAM,OAAO;MAAc;;IAAA;;EAGnC,aAAa,MAAc,WAA+B;AAExD;;EAGF,gBAAgB,MAAc,WAA+B;AAE3D;;;AAbK,0BAAI,OAAc;AAuBpB,IAAM,4BAAyC;ACfhD,SAAU,YACd,UAA2B;AAE3B,SAAO,QAAQ,IACb,SAAS,IAAI,OAAM,YAAU;AAC3B,QAAI;AACF,YAAM,QAAQ,MAAM;AACpB,aAAO;QACL,WAAW;QACX;;aAEK,QAAQ;AACf,aAAO;QACL,WAAW;QACX;;;GAGL,CAAC;AAEN;IC1Ba,iBAAA,UAAQ;EAUnB,YAA6B,aAAwB;AAAxB,SAAW,cAAX;AANZ,SAAW,cAIxB,CAAA;AAGF,SAAK,oBAAoB,KAAK,YAAY,KAAK,IAAI;;;;;;;;EASrD,OAAO,aAAa,aAAwB;AAI1C,UAAM,mBAAmB,KAAK,UAAU,KAAK,cAC3C,SAAS,cAAc,WAAW,CAAC;AAErC,QAAI,kBAAkB;AACpB,aAAO;;AAET,UAAM,cAAc,IAAI,UAAS,WAAW;AAC5C,SAAK,UAAU,KAAK,WAAW;AAC/B,WAAO;;EAGD,cAAc,aAAwB;AAC5C,WAAO,KAAK,gBAAgB;;;;;;;;;;;;EAatB,MAAM,YAGZ,OAAY;AACZ,UAAM,eAAe;AACrB,UAAM,EAAE,SAAS,WAAW,KAAI,IAAK,aAAa;AAElD,UAAM,WACJ,KAAK,YAAY,SAAS;AAC5B,QAAI,CAAC,UAAU,MAAM;AACnB;;AAGF,iBAAa,MAAM,CAAC,EAAE,YAAY;MAChC,QAAmB;MACnB;MACA;IACD,CAAA;AAED,UAAM,WAAW,MAAM,KAAK,QAAQ,EAAE,IAAI,OAAM,YAC9C,QAAQ,aAAa,QAAQ,IAAI,CAAC;AAEpC,UAAM,WAAW,MAAM,YAAY,QAAQ;AAC3C,iBAAa,MAAM,CAAC,EAAE,YAAY;MAChC,QAAoB;MACpB;MACA;MACA;IACD,CAAA;;;;;;;;;EAUH,WACE,WACA,cAAmC;AAEnC,QAAI,OAAO,KAAK,KAAK,WAAW,EAAE,WAAW,GAAG;AAC9C,WAAK,YAAY,iBAAiB,WAAW,KAAK,iBAAiB;;AAGrE,QAAI,CAAC,KAAK,YAAY,SAAS,GAAG;AAChC,WAAK,YAAY,SAAS,IAAI,oBAAI,IAAG;;AAGvC,SAAK,YAAY,SAAS,EAAE,IAAI,YAAY;;;;;;;;;EAU9C,aACE,WACA,cAAoC;AAEpC,QAAI,KAAK,YAAY,SAAS,KAAK,cAAc;AAC/C,WAAK,YAAY,SAAS,EAAE,OAAO,YAAY;;AAEjD,QAAI,CAAC,gBAAgB,KAAK,YAAY,SAAS,EAAE,SAAS,GAAG;AAC3D,aAAO,KAAK,YAAY,SAAS;;AAGnC,QAAI,OAAO,KAAK,KAAK,WAAW,EAAE,WAAW,GAAG;AAC9C,WAAK,YAAY,oBAAoB,WAAW,KAAK,iBAAiB;;;;AAxHlD,SAAS,YAAe,CAAA;ACf5C,SAAU,iBAAiB,SAAS,IAAI,SAAS,IAAE;AACvD,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,QAAQ,KAAK;AAC/B,cAAU,KAAK,MAAM,KAAK,OAAM,IAAK,EAAE;;AAEzC,SAAO,SAAS;AAClB;ICgBa,eAAM;EAGjB,YAA6B,QAAqB;AAArB,SAAM,SAAN;AAFZ,SAAA,WAAW,oBAAI,IAAG;;;;;;;EAS3B,qBAAqB,SAAuB;AAClD,QAAI,QAAQ,gBAAgB;AAC1B,cAAQ,eAAe,MAAM,oBAC3B,WACA,QAAQ,SAAS;AAEnB,cAAQ,eAAe,MAAM,MAAK;;AAEpC,SAAK,SAAS,OAAO,OAAO;;;;;;;;;;;;;;;EAgB9B,MAAM,MACJ,WACA,MACA,UAA8B,IAAA;AAE9B,UAAM,iBACJ,OAAO,mBAAmB,cAAc,IAAI,eAAc,IAAK;AACjE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI;QAAK;;MAAA;;AAMjB,QAAI;AACJ,QAAI;AACJ,WAAO,IAAI,QAAqC,CAAC,SAAS,WAAU;AAClE,YAAM,UAAU,iBAAiB,IAAI,EAAE;AACvC,qBAAe,MAAM,MAAK;AAC1B,YAAM,WAAW,WAAW,MAAK;AAC/B,eAAO,IAAI;UAAK;;QAAA,CAAiC;SAChD,OAAO;AACV,gBAAU;QACR;QACA,UAAU,OAAY;AACpB,gBAAM,eAAe;AACrB,cAAI,aAAa,KAAK,YAAY,SAAS;AACzC;;AAEF,kBAAQ,aAAa,KAAK,QAAM;YAC9B,KAAA;AAEE,2BAAa,QAAQ;AACrB,gCAAkB;gBAAW,MAAK;AAChC,yBAAO,IAAI;oBAAK;;kBAAA,CAAuB;gBACzC;gBAAC;;cAAA;AACD;YACF,KAAA;AAEE,2BAAa,eAAe;AAC5B,sBAAQ,aAAa,KAAK,QAAQ;AAClC;YACF;AACE,2BAAa,QAAQ;AACrB,2BAAa,eAAe;AAC5B,qBAAO,IAAI;gBAAK;;cAAA,CAAgC;AAChD;;;;AAIR,WAAK,SAAS,IAAI,OAAO;AACzB,qBAAe,MAAM,iBAAiB,WAAW,QAAQ,SAAS;AAClE,WAAK,OAAO,YACV;QACE;QACA;QACA;MACwB,GAC1B,CAAC,eAAe,KAAK,CAAC;IAE1B,CAAC,EAAE,QAAQ,MAAK;AACd,UAAI,SAAS;AACX,aAAK,qBAAqB,OAAO;;IAErC,CAAC;;AAEJ;SChGe,UAAO;AACrB,SAAO;AACT;AAEM,SAAU,mBAAmB,KAAW;AAC5C,UAAO,EAAG,SAAS,OAAO;AAC5B;SC9BgB,YAAS;AACvB,SACE,OAAO,QAAO,EAAG,mBAAmB,MAAM,eAC1C,OAAO,QAAO,EAAG,eAAe,MAAM;AAE1C;AAEO,eAAe,0BAAuB;AAC3C,MAAI,CAAC,WAAW,eAAe;AAC7B,WAAO;;AAET,MAAI;AACF,UAAM,eAAe,MAAM,UAAU,cAAc;AACnD,WAAO,aAAa;UACd;AACN,WAAO;;AAEX;SAEgB,8BAA2B;AACzC,SAAO,WAAW,eAAe,cAAc;AACjD;SAEgB,wBAAqB;AACnC,SAAO,UAAS,IAAM,OAAoC;AAC5D;ACDO,IAAM,UAAU;AACvB,IAAM,aAAa;AACnB,IAAM,sBAAsB;AAC5B,IAAM,kBAAkB;AAaxB,IAAM,YAAN,MAAe;EACb,YAA6B,SAAmB;AAAnB,SAAO,UAAP;;EAE7B,YAAS;AACP,WAAO,IAAI,QAAW,CAAC,SAAS,WAAU;AACxC,WAAK,QAAQ,iBAAiB,WAAW,MAAK;AAC5C,gBAAQ,KAAK,QAAQ,MAAM;MAC7B,CAAC;AACD,WAAK,QAAQ,iBAAiB,SAAS,MAAK;AAC1C,eAAO,KAAK,QAAQ,KAAK;MAC3B,CAAC;IACH,CAAC;;AAEJ;AAED,SAAS,eAAe,IAAiB,aAAoB;AAC3D,SAAO,GACJ,YAAY,CAAC,mBAAmB,GAAG,cAAc,cAAc,UAAU,EACzE,YAAY,mBAAmB;AACpC;SAOgB,kBAAe;AAC7B,QAAM,UAAU,UAAU,eAAe,OAAO;AAChD,SAAO,IAAI,UAAgB,OAAO,EAAE,UAAS;AAC/C;SAEgB,gBAAa;AAC3B,QAAM,UAAU,UAAU,KAAK,SAAS,UAAU;AAClD,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAU;AACrC,YAAQ,iBAAiB,SAAS,MAAK;AACrC,aAAO,QAAQ,KAAK;IACtB,CAAC;AAED,YAAQ,iBAAiB,iBAAiB,MAAK;AAC7C,YAAM,KAAK,QAAQ;AAEnB,UAAI;AACF,WAAG,kBAAkB,qBAAqB,EAAE,SAAS,gBAAe,CAAE;eAC/D,GAAG;AACV,eAAO,CAAC;;IAEZ,CAAC;AAED,YAAQ,iBAAiB,WAAW,YAAW;AAC7C,YAAM,KAAkB,QAAQ;AAMhC,UAAI,CAAC,GAAG,iBAAiB,SAAS,mBAAmB,GAAG;AAEtD,WAAG,MAAK;AACR,cAAM,gBAAe;AACrB,gBAAQ,MAAM,cAAa,CAAE;aACxB;AACL,gBAAQ,EAAE;;IAEd,CAAC;EACH,CAAC;AACH;AAEO,eAAe,WACpB,IACA,KACA,OAAgC;AAEhC,QAAM,UAAU,eAAe,IAAI,IAAI,EAAE,IAAI;IAC3C,CAAC,eAAe,GAAG;IACnB;EACD,CAAA;AACD,SAAO,IAAI,UAAgB,OAAO,EAAE,UAAS;AAC/C;AAEA,eAAe,UACb,IACA,KAAW;AAEX,QAAM,UAAU,eAAe,IAAI,KAAK,EAAE,IAAI,GAAG;AACjD,QAAM,OAAO,MAAM,IAAI,UAAgC,OAAO,EAAE,UAAS;AACzE,SAAO,SAAS,SAAY,OAAO,KAAK;AAC1C;AAEgB,SAAA,cAAc,IAAiB,KAAW;AACxD,QAAM,UAAU,eAAe,IAAI,IAAI,EAAE,OAAO,GAAG;AACnD,SAAO,IAAI,UAAgB,OAAO,EAAE,UAAS;AAC/C;AAEO,IAAM,uBAAuB;AAC7B,IAAM,2BAA2B;AAExC,IAAM,4BAAN,MAA+B;EAqB7B,cAAA;AAlBA,SAAA,OAA6B;AAEpB,SAAqB,wBAAG;AAEhB,SAAS,YAA8C,CAAA;AACvD,SAAU,aAA4C,CAAA;AAG/D,SAAS,YAAe;AACxB,SAAa,gBAAG;AAEhB,SAAQ,WAAoB;AAC5B,SAAM,SAAkB;AACxB,SAA8B,iCAAG;AACjC,SAAmB,sBAAyB;AAMlD,SAAK,+BACH,KAAK,iCAAgC,EAAG,KACtC,MAAO;IAAA,GACP,MAAO;IAAA,CAAC;;EAId,MAAM,UAAO;AACX,QAAI,KAAK,IAAI;AACX,aAAO,KAAK;;AAEd,SAAK,KAAK,MAAM,cAAa;AAC7B,WAAO,KAAK;;EAGd,MAAM,aAAgB,IAAmC;AACvD,QAAI,cAAc;AAElB,WAAO,MAAM;AACX,UAAI;AACF,cAAM,KAAK,MAAM,KAAK,QAAO;AAC7B,eAAO,MAAM,GAAG,EAAE;eACX,GAAG;AACV,YAAI,gBAAgB,0BAA0B;AAC5C,gBAAM;;AAER,YAAI,KAAK,IAAI;AACX,eAAK,GAAG,MAAK;AACb,eAAK,KAAK;;;;;;;;;EAWV,MAAM,mCAAgC;AAC5C,WAAO,UAAS,IAAK,KAAK,mBAAkB,IAAK,KAAK,iBAAgB;;;;;EAMhE,MAAM,qBAAkB;AAC9B,SAAK,WAAW,SAAS,aAAa,sBAAqB,CAAG;AAE9D,SAAK,SAAS,WAAU,cAEtB,OAAO,SAAiB,SAA2B;AACjD,YAAM,OAAO,MAAM,KAAK,MAAK;AAC7B,aAAO;QACL,cAAc,KAAK,SAAS,KAAK,GAAG;;IAExC,CAAC;AAGH,SAAK,SAAS,WAAU,QAEtB,OAAO,SAAiB,UAAsB;AAC5C,aAAO;QAAA;;MAAA;IACT,CAAC;;;;;;;;;EAWG,MAAM,mBAAgB;AAE5B,SAAK,sBAAsB,MAAM,wBAAuB;AACxD,QAAI,CAAC,KAAK,qBAAqB;AAC7B;;AAEF,SAAK,SAAS,IAAI,OAAO,KAAK,mBAAmB;AAEjD,UAAM,UAAU,MAAM,KAAK,OAAO;MAAK;MAErC,CAAA;MAAE;;IAAA;AAGJ,QAAI,CAAC,SAAS;AACZ;;AAEF,QACE,QAAQ,CAAC,GAAG,aACZ,QAAQ,CAAC,GAAG,MAAM;MAAgC;;IAAA,GAClD;AACA,WAAK,iCAAiC;;;;;;;;;;;;EAalC,MAAM,oBAAoB,KAAW;AAC3C,QACE,CAAC,KAAK,UACN,CAAC,KAAK,uBACN,4BAA2B,MAAO,KAAK,qBACvC;AACA;;AAEF,QAAI;AACF,YAAM,KAAK,OAAO;QAEhB;QAAA,EAAE,IAAG;;QAEL,KAAK,iCACF,MACA;;MAAA;YAEC;;;EAKV,MAAM,eAAY;AAChB,QAAI;AACF,UAAI,CAAC,WAAW;AACd,eAAO;;AAET,YAAM,KAAK,MAAM,cAAa;AAC9B,YAAM,WAAW,IAAI,uBAAuB,GAAG;AAC/C,YAAM,cAAc,IAAI,qBAAqB;AAC7C,aAAO;YACD;IAAA;AACR,WAAO;;EAGD,MAAM,kBAAkB,OAA0B;AACxD,SAAK;AACL,QAAI;AACF,YAAM,MAAK;;AAEX,WAAK;;;EAIT,MAAM,KAAK,KAAa,OAAuB;AAC7C,WAAO,KAAK,kBAAkB,YAAW;AACvC,YAAM,KAAK,aAAa,CAAC,OAAoB,WAAW,IAAI,KAAK,KAAK,CAAC;AACvE,WAAK,WAAW,GAAG,IAAI;AACvB,aAAO,KAAK,oBAAoB,GAAG;IACrC,CAAC;;EAGH,MAAM,KAAiC,KAAW;AAChD,UAAM,MAAO,MAAM,KAAK,aAAa,CAAC,OACpC,UAAU,IAAI,GAAG,CAAC;AAEpB,SAAK,WAAW,GAAG,IAAI;AACvB,WAAO;;EAGT,MAAM,QAAQ,KAAW;AACvB,WAAO,KAAK,kBAAkB,YAAW;AACvC,YAAM,KAAK,aAAa,CAAC,OAAoB,cAAc,IAAI,GAAG,CAAC;AACnE,aAAO,KAAK,WAAW,GAAG;AAC1B,aAAO,KAAK,oBAAoB,GAAG;IACrC,CAAC;;EAGK,MAAM,QAAK;AAEjB,UAAM,SAAS,MAAM,KAAK,aAAa,CAAC,OAAmB;AACzD,YAAM,gBAAgB,eAAe,IAAI,KAAK,EAAE,OAAM;AACtD,aAAO,IAAI,UAA6B,aAAa,EAAE,UAAS;IAClE,CAAC;AAED,QAAI,CAAC,QAAQ;AACX,aAAO,CAAA;;AAIT,QAAI,KAAK,kBAAkB,GAAG;AAC5B,aAAO,CAAA;;AAGT,UAAM,OAAO,CAAA;AACb,UAAM,eAAe,oBAAI,IAAG;AAC5B,QAAI,OAAO,WAAW,GAAG;AACvB,iBAAW,EAAE,WAAW,KAAK,MAAK,KAAM,QAAQ;AAC9C,qBAAa,IAAI,GAAG;AACpB,YAAI,KAAK,UAAU,KAAK,WAAW,GAAG,CAAC,MAAM,KAAK,UAAU,KAAK,GAAG;AAClE,eAAK,gBAAgB,KAAK,KAAyB;AACnD,eAAK,KAAK,GAAG;;;;AAKnB,eAAW,YAAY,OAAO,KAAK,KAAK,UAAU,GAAG;AACnD,UAAI,KAAK,WAAW,QAAQ,KAAK,CAAC,aAAa,IAAI,QAAQ,GAAG;AAE5D,aAAK,gBAAgB,UAAU,IAAI;AACnC,aAAK,KAAK,QAAQ;;;AAGtB,WAAO;;EAGD,gBACN,KACA,UAAiC;AAEjC,SAAK,WAAW,GAAG,IAAI;AACvB,UAAM,YAAY,KAAK,UAAU,GAAG;AACpC,QAAI,WAAW;AACb,iBAAW,YAAY,MAAM,KAAK,SAAS,GAAG;AAC5C,iBAAS,QAAQ;;;;EAKf,eAAY;AAClB,SAAK,YAAW;AAEhB,SAAK,YAAY,YACf,YAAY,KAAK,MAAK,GACtB,oBAAoB;;EAIhB,cAAW;AACjB,QAAI,KAAK,WAAW;AAClB,oBAAc,KAAK,SAAS;AAC5B,WAAK,YAAY;;;EAIrB,aAAa,KAAa,UAA8B;AACtD,QAAI,OAAO,KAAK,KAAK,SAAS,EAAE,WAAW,GAAG;AAC5C,WAAK,aAAY;;AAEnB,QAAI,CAAC,KAAK,UAAU,GAAG,GAAG;AACxB,WAAK,UAAU,GAAG,IAAI,oBAAI,IAAG;AAE7B,WAAK,KAAK,KAAK,GAAG;;AAEpB,SAAK,UAAU,GAAG,EAAE,IAAI,QAAQ;;EAGlC,gBAAgB,KAAa,UAA8B;AACzD,QAAI,KAAK,UAAU,GAAG,GAAG;AACvB,WAAK,UAAU,GAAG,EAAE,OAAO,QAAQ;AAEnC,UAAI,KAAK,UAAU,GAAG,EAAE,SAAS,GAAG;AAClC,eAAO,KAAK,UAAU,GAAG;;;AAI7B,QAAI,OAAO,KAAK,KAAK,SAAS,EAAE,WAAW,GAAG;AAC5C,WAAK,YAAW;;;;AA9Rb,0BAAI,OAAY;AAySlB,IAAM,4BAAyC;AClYtC,SAAA,oBACd,MACA,SAAmC;AAEnC,SAAO,mBAIL,MAGA,QAAA,gCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAsBgB,SAAA,uBACd,MACA,SAAsC;AAEtC,SAAO,mBAIL,MAGA,QAAA,mCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;AAEgB,SAAA,sBACd,MACA,SAAqC;AAErC,SAAO,mBAIL,MAGA,QAAA,mCAAA,mBAAmB,MAAM,OAAO,CAAC;AAErC;ACpGO,IAAM,mBAAmBE,sBAAgC,KAAK;AACrE,IAAM,wBAAwB,IAAI,MAAM,KAAO,GAAK;IAgBvC,4BAAmB;EAAhC,cAAA;AACU,SAAY,eAAG;AACf,SAAO,UAAG;AAMD,SAAuB,0BAAG,CAAC,CAAC,QAAO,EAAG,YAAY;;EAEnE,KAAK,MAAoB,KAAK,IAAE;AAC9B;MAAQ,oBAAoB,EAAE;MAAG;MAAI;;IAAA;AAErC,QAAI,KAAK,yBAAyB,EAAE,KAAK,KAAK,QAAO,EAAG,UAAU,GAAG;AACnE,aAAO,QAAQ,QAAQ,QAAO,EAAG,UAAwB;;AAE3D,WAAO,IAAI,QAAmB,CAAC,SAAS,WAAU;AAChD,YAAM,iBAAiB,QAAO,EAAG,WAAW,MAAK;AAC/C,eAAO;UAAa;UAAI;;QAAA,CAAuC;MACjE,GAAG,sBAAsB,IAAG,CAAE;AAE9B,cAAO,EAAG,gBAAgB,IAAI,MAAK;AACjC,gBAAO,EAAG,aAAa,cAAc;AACrC,eAAO,QAAO,EAAG,gBAAgB;AAEjC,cAAM,YAAY,QAAO,EAAG;AAE5B,YAAI,CAAC,aAAa,CAAC,KAAK,SAAS,GAAG;AAClC,iBAAO;YAAa;YAAI;;UAAA,CAA+B;AACvD;;AAKF,cAAM,SAAS,UAAU;AACzB,kBAAU,SAAS,CAAC,WAAW,WAAU;AACvC,gBAAM,WAAW,OAAO,WAAW,MAAM;AACzC,eAAK;AACL,iBAAO;QACT;AAEA,aAAK,eAAe;AACpB,gBAAQ,SAAS;MACnB;AAEA,YAAM,MAAM,GAAGC,sBAA+B,CAAE,IAAI,YAAY;QAC9D,QAAQ;QACR,QAAQ;QACR;MACD,CAAA,CAAC;AAEFC,cAAkB,GAAG,EAAE,MAAM,MAAK;AAChC,qBAAa,cAAc;AAC3B,eAAO;UAAa;UAAI;;QAAA,CAA+B;MACzD,CAAC;IACH,CAAC;;EAGH,qBAAkB;AAChB,SAAK;;EAGC,yBAAyB,IAAU;AAQzC,WACE,CAAC,CAAC,QAAO,EAAG,YAAY,WACvB,OAAO,KAAK,gBACX,KAAK,UAAU,KACf,KAAK;;AAGZ;AAED,SAAS,oBAAoB,IAAU;AACrC,SAAO,GAAG,UAAU,KAAK,yBAAyB,KAAK,EAAE;AAC3D;IAEa,gCAAuB;EAClC,MAAM,KAAK,MAAkB;AAC3B,WAAO,IAAI,cAAc,IAAI;;EAG/B,qBAAkB;EAAA;AACnB;ACtGM,IAAM,0BAA0B;AAEvC,IAAM,iBAAsC;EAC1C,OAAO;EACP,MAAM;;IAaK,0BAAiB;;;;;;;;;;;;;;;;;;;;EAuC5B,YACE,YACA,eACiB,aAAkC;IACjD,GAAG;EACJ,GAAA;AAFgB,SAAU,aAAV;AAnCV,SAAI,OAAG;AACR,SAAS,YAAG;AACZ,SAAQ,WAAkB;AAGjB,SAAA,uBAAuB,oBAAI,IAAG;AACvC,SAAa,gBAA2B;AAKxC,SAAS,YAAqB;AA4BpC,SAAK,OAAO,UAAU,UAAU;AAChC,SAAK,cAAc,KAAK,WAAW,SAAS;AAC5C;MACE,OAAO,aAAa;MACpB,KAAK;MAAI;;IAAA;AAGX,UAAM,YACJ,OAAO,kBAAkB,WACrB,SAAS,eAAe,aAAa,IACrC;AACN;MAAQ;MAAW,KAAK;MAAI;;IAAA;AAE5B,SAAK,YAAY;AACjB,SAAK,WAAW,WAAW,KAAK,kBAAkB,KAAK,WAAW,QAAQ;AAE1E,SAAK,mBAAmB,KAAK,KAAK,SAAS,oCACvC,IAAI,wBAAuB,IAC3B,IAAI,oBAAmB;AAE3B,SAAK,sBAAqB;;;;;;;EAS5B,MAAM,SAAM;AACV,SAAK,mBAAkB;AACvB,UAAM,KAAK,MAAM,KAAK,OAAM;AAC5B,UAAM,YAAY,KAAK,qBAAoB;AAE3C,UAAM,WAAW,UAAU,YAAY,EAAE;AACzC,QAAI,UAAU;AACZ,aAAO;;AAGT,WAAO,IAAI,QAAgB,aAAU;AACnC,YAAM,cAAc,CAAC,UAAuB;AAC1C,YAAI,CAAC,OAAO;AACV;;AAEF,aAAK,qBAAqB,OAAO,WAAW;AAC5C,gBAAQ,KAAK;MACf;AAEA,WAAK,qBAAqB,IAAI,WAAW;AACzC,UAAI,KAAK,aAAa;AACpB,kBAAU,QAAQ,EAAE;;IAExB,CAAC;;;;;;;EAQH,SAAM;AACJ,QAAI;AACF,WAAK,mBAAkB;aAChB,GAAG;AAIV,aAAO,QAAQ,OAAO,CAAC;;AAGzB,QAAI,KAAK,eAAe;AACtB,aAAO,KAAK;;AAGd,SAAK,gBAAgB,KAAK,kBAAiB,EAAG,MAAM,OAAI;AACtD,WAAK,gBAAgB;AACrB,YAAM;IACR,CAAC;AAED,WAAO,KAAK;;;EAId,SAAM;AACJ,SAAK,mBAAkB;AACvB,QAAI,KAAK,aAAa,MAAM;AAC1B,WAAK,qBAAoB,EAAG,MAAM,KAAK,QAAQ;;;;;;EAOnD,QAAK;AACH,SAAK,mBAAkB;AACvB,SAAK,YAAY;AACjB,SAAK,iBAAiB,mBAAkB;AACxC,QAAI,CAAC,KAAK,aAAa;AACrB,WAAK,UAAU,WAAW,QAAQ,UAAO;AACvC,aAAK,UAAU,YAAY,IAAI;MACjC,CAAC;;;EAIG,wBAAqB;AAC3B;MAAQ,CAAC,KAAK,WAAW;MAAS,KAAK;MAAI;;IAAA;AAC3C;MACE,KAAK,eAAe,CAAC,KAAK,UAAU,cAAa;MACjD,KAAK;MAAI;;IAAA;AAGX;MACE,OAAO,aAAa;MACpB,KAAK;MAAI;;IAAA;;EAKL,kBACN,UAA4C;AAE5C,WAAO,WAAQ;AACb,WAAK,qBAAqB,QAAQ,cAAY,SAAS,KAAK,CAAC;AAC7D,UAAI,OAAO,aAAa,YAAY;AAClC,iBAAS,KAAK;iBACL,OAAO,aAAa,UAAU;AACvC,cAAM,aAAa,QAAO,EAAG,QAAQ;AACrC,YAAI,OAAO,eAAe,YAAY;AACpC,qBAAW,KAAK;;;IAGtB;;EAGM,qBAAkB;AACxB;MAAQ,CAAC,KAAK;MAAW,KAAK;MAAI;;IAAA;;EAG5B,MAAM,oBAAiB;AAC7B,UAAM,KAAK,KAAI;AACf,QAAI,CAAC,KAAK,UAAU;AAClB,UAAI,YAAY,KAAK;AACrB,UAAI,CAAC,KAAK,aAAa;AACrB,cAAM,kBAAkB,SAAS,cAAc,KAAK;AACpD,kBAAU,YAAY,eAAe;AACrC,oBAAY;;AAGd,WAAK,WAAW,KAAK,qBAAoB,EAAG,OAC1C,WACA,KAAK,UAAU;;AAInB,WAAO,KAAK;;EAGN,MAAM,OAAI;AAChB;MACE,eAAc,KAAM,CAAC,UAAS;MAC9B,KAAK;MAAI;;IAAA;AAIX,UAAM,SAAQ;AACd,SAAK,YAAY,MAAM,KAAK,iBAAiB,KAC3C,KAAK,MACL,KAAK,KAAK,gBAAgB,MAAS;AAGrC,UAAM,UAAU,MAAM,mBAAmB,KAAK,IAAI;AAClD;MAAQ;MAAS,KAAK;MAAI;;IAAA;AAC1B,SAAK,WAAW,UAAU;;EAGpB,uBAAoB;AAC1B;MAAQ,KAAK;MAAW,KAAK;MAAI;;IAAA;AACjC,WAAO,KAAK;;AAEf;AAED,SAAS,WAAQ;AACf,MAAI,WAAgC;AACpC,SAAO,IAAI,QAAc,aAAU;AACjC,QAAI,SAAS,eAAe,YAAY;AACtC,cAAO;AACP;;AAMF,eAAW,MAAM,QAAO;AACxB,WAAO,iBAAiB,QAAQ,QAAQ;EAC1C,CAAC,EAAE,MAAM,OAAI;AACX,QAAI,UAAU;AACZ,aAAO,oBAAoB,QAAQ,QAAQ;;AAG7C,UAAM;EACR,CAAC;AACH;AC1NA,IAAM,yBAAN,MAA4B;EAC1B,YACW,gBACQ,gBAAsC;AAD9C,SAAc,iBAAd;AACQ,SAAc,iBAAd;;EAGnB,QAAQ,kBAAwB;AAC9B,UAAM,iBAAiB,oBAAoB,kBACzC,KAAK,gBACL,gBAAgB;AAElB,WAAO,KAAK,eAAe,cAAc;;AAE5C;AAsCM,eAAe,sBACpB,MACA,aACA,aAAiC;AAEjC,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,eAAe,UAAU,IAAI;AACnC,QAAM,iBAAiB,MAAM,mBAC3B,cACA,aACA,mBAAmB,WAA0C,CAAC;AAEhE,SAAO,IAAI,uBAAuB,gBAAgB,UAChD,qBAAqB,cAAc,IAAI,CAAC;AAE5C;AAcO,eAAe,oBACpB,MACA,aACA,aAAiC;AAEjC,QAAM,eAAe,mBAAmB,IAAI;AAC5C,QAAM;IAAoB;IAAO;IAAY;;EAAA;AAC7C,QAAM,iBAAiB,MAAM,mBAC3B,aAAa,MACb,aACA,mBAAmB,WAA0C,CAAC;AAEhE,SAAO,IAAI,uBAAuB,gBAAgB,UAChD,mBAAmB,cAAc,IAAI,CAAC;AAE1C;AAiBO,eAAe,8BACpB,MACA,aACA,aAAiC;AAEjC,QAAM,eAAe,mBAAmB,IAAI;AAC5C,MAAI,qBAAqB,aAAa,KAAK,GAAG,GAAG;AAC/C,WAAO,QAAQ,OACb,gDAAgD,aAAa,IAAI,CAAC;;AAGtE,QAAM,iBAAiB,MAAM,mBAC3B,aAAa,MACb,aACA,mBAAmB,WAA0C,CAAC;AAEhE,SAAO,IAAI,uBAAuB,gBAAgB,UAChD,6BAA6B,cAAc,IAAI,CAAC;AAEpD;AAWO,eAAe,mBACpB,MACA,SACA,UAAsC;AAEtC,MAAI,CAAC,KAAK,oBAAmB,GAAI;AAC/B,QAAI;AACF,YAAM,2BAA2B,IAAI;aAC9B,OAAO;AAKd,cAAQ,IACN,6FAA6F;;;AAKnG,MAAI;AACF,QAAI;AAEJ,QAAI,OAAO,YAAY,UAAU;AAC/B,yBAAmB;QACjB,aAAa;;WAEV;AACL,yBAAmB;;AAGrB,QAAI,aAAa,kBAAkB;AACjC,YAAM,UAAU,iBAAiB;AAEjC,UAAI,iBAAiB,kBAAkB;AACrC;UACE,QAAQ,SAAI;UACZ;UAAI;;QAAA;AAIN,cAAM,iCAAiE;UACrE,SAAS,QAAQ;UACjB,qBAAqB;YACnB,aAAa,iBAAiB;YAC9B,YAAmC;;UACpC;;AAGH,cAAM,oCAGF,OACF,cACA,YACE;AAEF,cAAI,QAAQ,oBAAoB,oBAAoB,YAAY;AAC9D;cACE,UAAU,SAAS;cACnB;cAAY;;YAAA;AAId,kBAAM,yBAAyB,MAAM,uBACnC,cACA,SACA,QAAQ;AAEV,mBAAO,oBAAoB,cAAc,sBAAsB;;AAEjE,iBAAO,oBAAoB,cAAc,OAAO;QAClD;AAEA,cAAM,kCACJ;UACE;UACA;UAA8B;UAE9B;UAAiC;;QAAA;AAIrC,cAAM,WAAW,MAAM,gCAAgC,MAAM,WAAQ;AACnE,iBAAO,QAAQ,OAAO,KAAK;QAC7B,CAAC;AAED,eAAO,SAAS,iBAAiB;aAC5B;AACL;UACE,QAAQ,SAAI;UACZ;UAAI;;QAAA;AAGN,cAAM,kBACJ,iBAAiB,iBAAiB,OAClC,iBAAiB;AACnB;UAAQ;UAAiB;UAAI;;QAAA;AAE7B,cAAM,6BAAyD;UAC7D,sBAAsB,QAAQ;UAC9B;UACA,iBAAiB;YACf,YAAmC;;UACpC;;AAGH,cAAM,oCAGF,OACF,cACA,YACE;AAEF,cAAI,QAAQ,gBAAgB,oBAAoB,YAAY;AAC1D;cACE,UAAU,SAAS;cACnB;cAAY;;YAAA;AAId,kBAAM,yBAAyB,MAAM,uBACnC,cACA,SACA,QAAQ;AAEV,mBAAO,oBAAoB,cAAc,sBAAsB;;AAEjE,iBAAO,oBAAoB,cAAc,OAAO;QAClD;AAEA,cAAM,8BACJ;UACE;UACA;UAA0B;UAE1B;UAAiC;;QAAA;AAIrC,cAAM,WAAW,MAAM,4BAA4B,MAAM,WAAQ;AAC/D,iBAAO,QAAQ,OAAO,KAAK;QAC7B,CAAC;AAED,eAAO,SAAS,kBAAkB;;WAE/B;AACL,YAAM,mCACJ;QACE,aAAa,iBAAiB;QAC9B,YAAmC;;;AAGvC,YAAM,0CAGF,OACF,cACA,YACE;AAEF,YAAI,QAAQ,oBAAoB,YAAY;AAC1C;YACE,UAAU,SAAS;YACnB;YAAY;;UAAA;AAId,gBAAM,yBAAyB,MAAM,uBACnC,cACA,SACA,QAAQ;AAEV,iBAAO,0BACL,cACA,sBAAsB;;AAG1B,eAAO,0BAA0B,cAAc,OAAO;MACxD;AAEA,YAAM,oCACJ;QACE;QACA;QAAgC;QAEhC;QAAuC;;MAAA;AAI3C,YAAM,WAAW,MAAM,kCAAkC,MAAM,WAAQ;AACrE,eAAO,QAAQ,OAAO,KAAK;MAC7B,CAAC;AAED,aAAO,SAAS;;;AAGlB,cAAU,OAAM;;AAEpB;AAyBO,eAAe,kBACpB,MACA,YAA+B;AAE/B,QAAM,eAAe,mBAAmB,IAAI;AAC5C,MAAI,qBAAqB,aAAa,KAAK,GAAG,GAAG;AAC/C,WAAO,QAAQ,OACb,gDAAgD,aAAa,IAAI,CAAC;;AAGtE,QAAMtB,QAAM,cAAc,UAAU;AACtC;AAGO,eAAe,uBACpB,MACA,SACA,qBAAgD;AAEhD;IACE,oBAAoB,SAAS;IAC7B;IAAI;;EAAA;AAIN,QAAM,mBAAmB,MAAM,oBAAoB,OAAM;AAEzD;IACE,OAAO,qBAAqB;IAC5B;IAAI;;EAAA;AAIN,QAAM,aAAa,EAAE,GAAG,QAAO;AAE/B,MAAI,yBAAyB,YAAY;AACvC,UAAM,cACJ,WACA,oBAAoB;AACtB,UAAM,kBACJ,WACA,oBAAoB;AACtB,UAAM,aAAc,WACjB,oBAAoB;AACvB,UAAM,mBACJ,WACA,oBAAoB;AAEtB,WAAO,OAAO,YAAY;MACxB,uBAAuB;QACrB;QACA,gBAAgB;QAChB;QACA;QACA;MACD;IACF,CAAA;AAED,WAAO;aACE,qBAAqB,YAAY;AAC1C,UAAM,kBACJ,WACA,gBAAgB;AAClB,UAAM,aAAc,WACjB,gBAAgB;AACnB,UAAM,mBACJ,WACA,gBAAgB;AAElB,WAAO,OAAO,YAAY;MACxB,mBAAmB;QACjB,gBAAgB;QAChB;QACA;QACA;MACD;IACF,CAAA;AAED,WAAO;SACF;AACL,WAAO,OAAO,YAAY,EAAE,kBAAkB,iBAAgB,CAAE;AAChE,WAAO;;AAEX;IC9da,0BAAA,mBAAiB;;;;;EAc5B,YAAY,MAAU;AAPb,SAAA,aAAa,mBAAkB;AAQtC,SAAK,OAAO,UAAU,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoC5B,kBACE,cACA,qBAAyC;AAEzC,WAAO,mBACL,KAAK,MACL,cACA,mBAAmB,mBAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1E,OAAO,WACL,gBACA,kBAAwB;AAExB,WAAO,oBAAoB,kBACzB,gBACA,gBAAgB;;;;;;EAQpB,OAAO,qBACL,gBAA8B;AAE9B,UAAM,aAAa;AACnB,WAAO,mBAAkB,2BAA2B,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmChE,OAAO,oBAAoB,OAAoB;AAC7C,WAAO,mBAAkB,2BACtB,MAAM,cAAc,CAAA,CAAE;;EAInB,OAAO,2BAA2B,EACxC,gBAAgB,cAAa,GACL;AACxB,QAAI,CAAC,eAAe;AAClB,aAAO;;AAET,UAAM,EAAE,aAAa,eAAc,IACjC;AACF,QAAI,eAAe,gBAAgB;AACjC,aAAO,oBAAoB,mBACzB,aACA,cAAc;;AAGlB,WAAO;;;AAhKO,kBAAA,cAAW;AAEX,kBAAA,uBAAoB;AC9BtB,SAAA,qBACd,MACA,kBAAmD;AAEnD,MAAI,kBAAkB;AACpB,WAAO,aAAa,gBAAgB;;AAGtC;IAAQ,KAAK;IAAwB;IAAI;;EAAA;AAEzC,SAAO,KAAK;AACd;ACQA,IAAM,gBAAN,cAA4B,eAAc;EACxC,YAAqB,QAAqB;AACxC;MAAK;MAAA;;IAAA;AADc,SAAM,SAAN;;EAIrB,oBAAoB,MAAkB;AACpC,WAAO,cAAc,MAAM,KAAK,iBAAgB,CAAE;;EAGpD,eACE,MACA,SAAe;AAEf,WAAO,cAAc,MAAM,KAAK,iBAAiB,OAAO,CAAC;;EAG3D,6BAA6B,MAAkB;AAC7C,WAAO,cAAc,MAAM,KAAK,iBAAgB,CAAE;;EAG5C,iBAAiB,SAAgB;AACvC,UAAM,UAAgC;MACpC,YAAY,KAAK,OAAO;MACxB,WAAW,KAAK,OAAO;MACvB,UAAU,KAAK,OAAO;MACtB,UAAU,KAAK,OAAO;MACtB,cAAc,KAAK,OAAO;MAC1B,mBAAmB;MACnB,qBAAqB;;AAGvB,QAAI,SAAS;AACX,cAAQ,UAAU;;AAGpB,WAAO;;AAEV;AAEK,SAAU,QACd,QAAqB;AAErB,SAAO,sBACL,OAAO,MACP,IAAI,cAAc,MAAM,GACxB,OAAO,eAAe;AAE1B;AAEM,SAAU,QACd,QAAqB;AAErB,QAAM,EAAE,MAAM,KAAI,IAAK;AACvB;IAAQ;IAAM;IAAI;;EAAA;AAClB,SAAO,gBACL,MACA,IAAI,cAAc,MAAM,GACxB,OAAO,eAAe;AAE1B;AAEO,eAAe,MACpB,QAAqB;AAErB,QAAM,EAAE,MAAM,KAAI,IAAK;AACvB;IAAQ;IAAM;IAAI;;EAAA;AAClB,SAAOuB,QAAU,MAAM,IAAI,cAAc,MAAM,GAAG,OAAO,eAAe;AAC1E;ICpEsB,uCAA8B;EASlD,YACqB,MACnB,QACmB,UACT,MACS,kBAAkB,OAAK;AAJvB,SAAI,OAAJ;AAEA,SAAQ,WAAR;AACT,SAAI,OAAJ;AACS,SAAe,kBAAf;AAXb,SAAc,iBAA0B;AACxC,SAAY,eAAwB;AAY1C,SAAK,SAAS,MAAM,QAAQ,MAAM,IAAI,SAAS,CAAC,MAAM;;EAKxD,UAAO;AACL,WAAO,IAAI,QACT,OAAO,SAAS,WAAU;AACxB,WAAK,iBAAiB,EAAE,SAAS,OAAM;AAEvC,UAAI;AACF,aAAK,eAAe,MAAM,KAAK,SAAS,YAAY,KAAK,IAAI;AAC7D,cAAM,KAAK,YAAW;AACtB,aAAK,aAAa,iBAAiB,IAAI;eAChC,GAAG;AACV,aAAK,OAAO,CAAU;;IAE1B,CAAC;;EAIL,MAAM,YAAY,OAAgB;AAChC,UAAM,EAAE,aAAa,WAAW,UAAU,UAAU,OAAO,KAAI,IAAK;AACpE,QAAI,OAAO;AACT,WAAK,OAAO,KAAK;AACjB;;AAGF,UAAM,SAAwB;MAC5B,MAAM,KAAK;MACX,YAAY;MACZ;MACA,UAAU,YAAY;MACtB,UAAU,YAAY;MACtB,MAAM,KAAK;MACX,iBAAiB,KAAK;;AAGxB,QAAI;AACF,WAAK,QAAQ,MAAM,KAAK,WAAW,IAAI,EAAE,MAAM,CAAC;aACzC,GAAG;AACV,WAAK,OAAO,CAAU;;;EAI1B,QAAQ,OAAoB;AAC1B,SAAK,OAAO,KAAK;;EAGX,WAAW,MAAmB;AACpC,YAAQ,MAAI;MACV,KAAqC;MACrC,KAAA;AACE,eAAO;MACT,KAAkC;MAClC,KAAA;AACE,eAAO;MACT,KAAoC;MACpC,KAAA;AACE,eAAO;MACT;AACE;UAAM,KAAK;UAAI;;QAAA;;;EAIX,QAAQ,MAAmC;AACnD,gBAAY,KAAK,gBAAgB,+BAA+B;AAChE,SAAK,eAAe,QAAQ,IAAI;AAChC,SAAK,qBAAoB;;EAGjB,OAAO,OAAY;AAC3B,gBAAY,KAAK,gBAAgB,+BAA+B;AAChE,SAAK,eAAe,OAAO,KAAK;AAChC,SAAK,qBAAoB;;EAGnB,uBAAoB;AAC1B,QAAI,KAAK,cAAc;AACrB,WAAK,aAAa,mBAAmB,IAAI;;AAG3C,SAAK,iBAAiB;AACtB,SAAK,QAAO;;AAIf;AC7FM,IAAM,6BAA6B,IAAI,MAAM,KAAM,GAAK;AAiCxD,eAAe,gBACpB,MACA,UACA,UAAgC;AAEhC,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb;MAAa;MAA4C;;IAAA,CAAA;;AAG7D,QAAM,eAAe,UAAU,IAAI;AACnC,oBAAkB,MAAM,UAAU,qBAAqB;AACvD,QAAM,mBAAmB,qBAAqB,cAAc,QAAQ;AACpE,QAAM,SAAS,IAAI,eACjB,cAAY,kBAEZ,UACA,gBAAgB;AAElB,SAAO,OAAO,eAAc;AAC9B;AA8BO,eAAe,wBACpB,MACA,UACA,UAAgC;AAEhC,QAAM,eAAe,mBAAmB,IAAI;AAC5C,MAAI,qBAAqB,aAAa,KAAK,GAAG,GAAG;AAC/C,WAAO,QAAQ,OACb;MAAa,aAAa;MAA4C;;IAAA,CAAA;;AAG1E,oBAAkB,aAAa,MAAM,UAAU,qBAAqB;AACpE,QAAM,mBAAmB,qBAAqB,aAAa,MAAM,QAAQ;AACzE,QAAM,SAAS,IAAI,eACjB,aAAa,MAAI,kBAEjB,UACA,kBACA,YAAY;AAEd,SAAO,OAAO,eAAc;AAC9B;AA2BO,eAAe,cACpB,MACA,UACA,UAAgC;AAEhC,QAAM,eAAe,mBAAmB,IAAI;AAC5C,oBAAkB,aAAa,MAAM,UAAU,qBAAqB;AACpE,QAAM,mBAAmB,qBAAqB,aAAa,MAAM,QAAQ;AAEzE,QAAM,SAAS,IAAI,eACjB,aAAa,MAAI,gBAEjB,UACA,kBACA,YAAY;AAEd,SAAO,OAAO,eAAc;AAC9B;AAOA,IAAM,iBAAN,MAAM,wBAAuB,+BAA8B;EAOzD,YACE,MACA,QACiB,UACjB,UACA,MAAmB;AAEnB,UAAM,MAAM,QAAQ,UAAU,IAAI;AAJjB,SAAQ,WAAR;AANX,SAAU,aAAqB;AAC/B,SAAM,SAAkB;AAU9B,QAAI,gBAAe,oBAAoB;AACrC,sBAAe,mBAAmB,OAAM;;AAG1C,oBAAe,qBAAqB;;EAGtC,MAAM,iBAAc;AAClB,UAAM,SAAS,MAAM,KAAK,QAAO;AACjC;MAAQ;MAAQ,KAAK;MAAI;;IAAA;AACzB,WAAO;;EAGT,MAAM,cAAW;AACf,gBACE,KAAK,OAAO,WAAW,GACvB,wCAAwC;AAE1C,UAAM,UAAU,iBAAgB;AAChC,SAAK,aAAa,MAAM,KAAK,SAAS;MACpC,KAAK;MACL,KAAK;MACL,KAAK,OAAO,CAAC;;MACb;IAAO;AAET,SAAK,WAAW,kBAAkB;AASlC,SAAK,SAAS,kBAAkB,KAAK,IAAI,EAAE,MAAM,OAAI;AACnD,WAAK,OAAO,CAAC;IACf,CAAC;AAED,SAAK,SAAS,6BAA6B,KAAK,MAAM,iBAAc;AAClE,UAAI,CAAC,aAAa;AAChB,aAAK,OACH;UAAa,KAAK;UAA4C;;QAAA,CAAA;;IAGpE,CAAC;AAGD,SAAK,qBAAoB;;EAG3B,IAAI,UAAO;AACT,WAAO,KAAK,YAAY,mBAAmB;;EAG7C,SAAM;AACJ,SAAK,OAAO;MAAa,KAAK;MAA0C;;IAAA,CAAA;;EAG1E,UAAO;AACL,QAAI,KAAK,YAAY;AACnB,WAAK,WAAW,MAAK;;AAGvB,QAAI,KAAK,QAAQ;AACf,aAAO,aAAa,KAAK,MAAM;;AAGjC,SAAK,aAAa;AAClB,SAAK,SAAS;AACd,oBAAe,qBAAqB;;EAG9B,uBAAoB;AAC1B,UAAM,OAAO,MAAW;AACtB,UAAI,KAAK,YAAY,QAAQ,QAAQ;AAMnC,aAAK,SAAS,OAAO;UAAW,MAAK;AACnC,iBAAK,SAAS;AACd,iBAAK,OACH;cAAa,KAAK;cAAyC;;YAAA,CAAA;UAE/D;UAAC;;QAAA;AACD;;AAGF,WAAK,SAAS,OAAO,WAAW,MAAM,2BAA2B,IAAG,CAAE;IACxE;AAEA,SAAI;;;AAxGS,eAAkB,qBAA0B;AC1L7D,IAAM,uBAAuB;AAI7B,IAAM,qBAGF,oBAAI,IAAG;AAEL,IAAO,iBAAP,cAA8B,+BAA8B;EAGhE,YACE,MACA,UACA,kBAAkB,OAAK;AAEvB,UACE,MACA;;;;;;IAKC,GACD,UACA,QACA,eAAe;AAjBnB,SAAO,UAAG;;;;;;EAyBV,MAAM,UAAO;AACX,QAAI,eAAe,mBAAmB,IAAI,KAAK,KAAK,KAAI,CAAE;AAC1D,QAAI,CAAC,cAAc;AACjB,UAAI;AACF,cAAM,qBAAqB,MAAM,kCAC/B,KAAK,UACL,KAAK,IAAI;AAEX,cAAM,SAAS,qBAAqB,MAAM,MAAM,QAAO,IAAK;AAC5D,uBAAe,MAAM,QAAQ,QAAQ,MAAM;eACpC,GAAG;AACV,uBAAe,MAAM,QAAQ,OAAO,CAAC;;AAGvC,yBAAmB,IAAI,KAAK,KAAK,KAAI,GAAI,YAAY;;AAKvD,QAAI,CAAC,KAAK,iBAAiB;AACzB,yBAAmB,IAAI,KAAK,KAAK,KAAI,GAAI,MAAM,QAAQ,QAAQ,IAAI,CAAC;;AAGtE,WAAO,aAAY;;EAGrB,MAAM,YAAY,OAAgB;AAChC,QAAI,MAAM,SAAI,qBAAyC;AACrD,aAAO,MAAM,YAAY,KAAK;eACrB,MAAM,SAAI,WAA4B;AAE/C,WAAK,QAAQ,IAAI;AACjB;;AAGF,QAAI,MAAM,SAAS;AACjB,YAAM,OAAO,MAAM,KAAK,KAAK,mBAAmB,MAAM,OAAO;AAC7D,UAAI,MAAM;AACR,aAAK,OAAO;AACZ,eAAO,MAAM,YAAY,KAAK;aACzB;AACL,aAAK,QAAQ,IAAI;;;;EAKvB,MAAM,cAAW;EAAA;EAEjB,UAAO;EAAA;AACR;AAEM,eAAe,kCACpB,UACA,MAAkB;AAElB,QAAM,MAAM,mBAAmB,IAAI;AACnC,QAAM,cAAc,oBAAoB,QAAQ;AAChD,MAAI,CAAE,MAAM,YAAY,aAAY,GAAK;AACvC,WAAO;;AAET,QAAM,qBAAsB,MAAM,YAAY,KAAK,GAAG,MAAO;AAC7D,QAAM,YAAY,QAAQ,GAAG;AAC7B,SAAO;AACT;AAEO,eAAe,0BACpB,UACA,MAAkB;AAElB,SAAO,oBAAoB,QAAQ,EAAE,KAAK,mBAAmB,IAAI,GAAG,MAAM;AAC5E;AAMgB,SAAA,wBACd,MACA,QAAoD;AAEpD,qBAAmB,IAAI,KAAK,KAAI,GAAI,MAAM;AAC5C;AAEA,SAAS,oBACP,UAAuC;AAEvC,SAAO,aAAa,SAAS,oBAAoB;AACnD;AAEA,SAAS,mBAAmB,MAAkB;AAC5C,SAAO,oBACL,sBACA,KAAK,OAAO,QACZ,KAAK,IAAI;AAEb;SCxEgB,mBACd,MACA,UACA,UAAgC;AAEhC,SAAO,oBAAoB,MAAM,UAAU,QAAQ;AACrD;AAEO,eAAe,oBACpB,MACA,UACA,UAAgC;AAEhC,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,eAAe,UAAU,IAAI;AACnC,oBAAkB,MAAM,UAAU,qBAAqB;AAIvD,QAAM,aAAa;AACnB,QAAM,mBAAmB,qBAAqB,cAAc,QAAQ;AACpE,QAAM,0BAA0B,kBAAkB,YAAY;AAE9D,SAAO,iBAAiB;IACtB;IACA;IAAQ;;EAAA;AAGZ;SAqCgB,2BACd,MACA,UACA,UAAgC;AAEhC,SAAO,4BACL,MACA,UACA,QAAQ;AAEZ;AACO,eAAe,4BACpB,MACA,UACA,UAAgC;AAEhC,QAAM,eAAe,mBAAmB,IAAI;AAC5C,oBAAkB,aAAa,MAAM,UAAU,qBAAqB;AACpE,MAAI,qBAAqB,aAAa,KAAK,GAAG,GAAG;AAC/C,WAAO,QAAQ,OACb,gDAAgD,aAAa,IAAI,CAAC;;AAMtE,QAAM,aAAa,KAAK;AAExB,QAAM,mBAAmB,qBAAqB,aAAa,MAAM,QAAQ;AACzE,QAAM,0BAA0B,kBAAkB,aAAa,IAAI;AAEnE,QAAM,UAAU,MAAM,uBAAuB,YAAY;AACzD,SAAO,iBAAiB,cACtB,aAAa,MACb,UAAQ,qBAER,OAAO;AAEX;SAiCgB,iBACd,MACA,UACA,UAAgC;AAEhC,SAAO,kBAAkB,MAAM,UAAU,QAAQ;AACnD;AACO,eAAe,kBACpB,MACA,UACA,UAAgC;AAEhC,QAAM,eAAe,mBAAmB,IAAI;AAC5C,oBAAkB,aAAa,MAAM,UAAU,qBAAqB;AAIpE,QAAM,aAAa,KAAK;AAExB,QAAM,mBAAmB,qBAAqB,aAAa,MAAM,QAAQ;AACzE,QAAM,oBAAoB,OAAO,cAAc,SAAS,UAAU;AAClE,QAAM,0BAA0B,kBAAkB,aAAa,IAAI;AAEnE,QAAM,UAAU,MAAM,uBAAuB,YAAY;AACzD,SAAO,iBAAiB,cACtB,aAAa,MACb,UAAQ,mBAER,OAAO;AAEX;AA2CO,eAAe,kBACpB,MACA,UAAgC;AAEhC,QAAM,UAAU,IAAI,EAAE;AACtB,SAAO,mBAAmB,MAAM,UAAU,KAAK;AACjD;AAEO,eAAe,mBACpB,MACA,gBACA,kBAAkB,OAAK;AAEvB,MAAI,qBAAqB,KAAK,GAAG,GAAG;AAClC,WAAO,QAAQ,OACb,gDAAgD,IAAI,CAAC;;AAGzD,QAAM,eAAe,UAAU,IAAI;AACnC,QAAM,WAAW,qBAAqB,cAAc,cAAc;AAClE,QAAM,SAAS,IAAI,eAAe,cAAc,UAAU,eAAe;AACzE,QAAM,SAAS,MAAM,OAAO,QAAO;AAEnC,MAAI,UAAU,CAAC,iBAAiB;AAC9B,WAAO,OAAO,KAAK;AACnB,UAAM,aAAa,sBAAsB,OAAO,IAAoB;AACpE,UAAM,aAAa,iBAAiB,MAAM,cAAc;;AAG1D,SAAO;AACT;AAEA,eAAe,uBAAuB,MAAkB;AACtD,QAAM,UAAU,iBAAiB,GAAG,KAAK,GAAG,KAAK;AACjD,OAAK,mBAAmB;AACxB,QAAM,KAAK,KAAK,iBAAiB,IAAI;AACrC,QAAM,KAAK,KAAK,sBAAsB,IAAI;AAC1C,SAAO;AACT;ACrTA,IAAM,sCAAsC,KAAK,KAAK;IAEzC,yBAAgB;EAO3B,YAA6B,MAAkB;AAAlB,SAAI,OAAJ;AANZ,SAAA,kBAA+B,oBAAI,IAAG;AACtC,SAAA,YAAoC,oBAAI,IAAG;AAClD,SAAmB,sBAAqB;AACxC,SAA2B,8BAAG;AAChC,SAAA,yBAAyB,KAAK,IAAG;;EAIzC,iBAAiB,mBAAoC;AACnD,SAAK,UAAU,IAAI,iBAAiB;AAEpC,QACE,KAAK,uBACL,KAAK,mBAAmB,KAAK,qBAAqB,iBAAiB,GACnE;AACA,WAAK,eAAe,KAAK,qBAAqB,iBAAiB;AAC/D,WAAK,iBAAiB,KAAK,mBAAmB;AAC9C,WAAK,sBAAsB;;;EAI/B,mBAAmB,mBAAoC;AACrD,SAAK,UAAU,OAAO,iBAAiB;;EAGzC,QAAQ,OAAgB;AAEtB,QAAI,KAAK,oBAAoB,KAAK,GAAG;AACnC,aAAO;;AAGT,QAAI,UAAU;AACd,SAAK,UAAU,QAAQ,cAAW;AAChC,UAAI,KAAK,mBAAmB,OAAO,QAAQ,GAAG;AAC5C,kBAAU;AACV,aAAK,eAAe,OAAO,QAAQ;AACnC,aAAK,iBAAiB,KAAK;;IAE/B,CAAC;AAED,QAAI,KAAK,+BAA+B,CAAC,gBAAgB,KAAK,GAAG;AAG/D,aAAO;;AAGT,SAAK,8BAA8B;AAGnC,QAAI,CAAC,SAAS;AACZ,WAAK,sBAAsB;AAC3B,gBAAU;;AAGZ,WAAO;;EAGD,eAAe,OAAkB,UAA2B;AAClE,QAAI,MAAM,SAAS,CAAC,oBAAoB,KAAK,GAAG;AAC9C,YAAM,OACH,MAAM,MAAM,MAAM,MAAM,OAAO,EAAE,CAAC;AAErC,eAAS,QAAQ,aAAa,KAAK,MAAM,IAAI,CAAC;WACzC;AACL,eAAS,YAAY,KAAK;;;EAItB,mBACN,OACA,UAA2B;AAE3B,UAAM,iBACJ,SAAS,YAAY,QACpB,CAAC,CAAC,MAAM,WAAW,MAAM,YAAY,SAAS;AACjD,WAAO,SAAS,OAAO,SAAS,MAAM,IAAI,KAAK;;EAGzC,oBAAoB,OAAgB;AAC1C,QACE,KAAK,IAAG,IAAK,KAAK,0BAClB,qCACA;AACA,WAAK,gBAAgB,MAAK;;AAG5B,WAAO,KAAK,gBAAgB,IAAI,SAAS,KAAK,CAAC;;EAGzC,iBAAiB,OAAgB;AACvC,SAAK,gBAAgB,IAAI,SAAS,KAAK,CAAC;AACxC,SAAK,yBAAyB,KAAK,IAAG;;AAEzC;AAED,SAAS,SAAS,GAAY;AAC5B,SAAO,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,OAAK,CAAC,EAAE,KAAK,GAAG;AAC7E;AAEA,SAAS,oBAAoB,EAAE,MAAM,MAAK,GAAa;AACrD,SACE,SAA8B,aAC9B,OAAO,SAAS,QAAQ,eAA2B;AAEvD;AAEA,SAAS,gBAAgB,OAAgB;AACvC,UAAQ,MAAM,MAAI;IAChB,KAAwC;IACxC,KAAqC;IACrC,KAAA;AACE,aAAO;IACT,KAAA;AACE,aAAO,oBAAoB,KAAK;IAClC;AACE,aAAO;;AAEb;ACxHO,eAAe,kBACpB,MACA,UAAmC,CAAA,GAAE;AAErC,SAAO,mBACL,MAGA,OAAA,gBAAA,OAAO;AAEX;AChBA,IAAM,mBAAmB;AACzB,IAAM,aAAa;AAEZ,eAAe,gBAAgB,MAAkB;AAEtD,MAAI,KAAK,OAAO,UAAU;AACxB;;AAGF,QAAM,EAAE,kBAAiB,IAAK,MAAM,kBAAkB,IAAI;AAE1D,aAAW,UAAU,mBAAmB;AACtC,QAAI;AACF,UAAI,YAAY,MAAM,GAAG;AACvB;;YAEI;;;AAMV;IAAM;IAAI;;EAAA;AACZ;AAEA,SAAS,YAAY,UAAgB;AACnC,QAAM,aAAa,eAAc;AACjC,QAAM,EAAE,UAAU,SAAQ,IAAK,IAAI,IAAI,UAAU;AACjD,MAAI,SAAS,WAAW,qBAAqB,GAAG;AAC9C,UAAM,QAAQ,IAAI,IAAI,QAAQ;AAE9B,QAAI,MAAM,aAAa,MAAM,aAAa,IAAI;AAE5C,aACE,aAAa,uBACb,SAAS,QAAQ,uBAAuB,EAAE,MACxC,WAAW,QAAQ,uBAAuB,EAAE;;AAIlD,WAAO,aAAa,uBAAuB,MAAM,aAAa;;AAGhE,MAAI,CAAC,WAAW,KAAK,QAAQ,GAAG;AAC9B,WAAO;;AAGT,MAAI,iBAAiB,KAAK,QAAQ,GAAG;AAGnC,WAAO,aAAa;;AAItB,QAAM,uBAAuB,SAAS,QAAQ,OAAO,KAAK;AAG1D,QAAM,KAAK,IAAI,OACb,YAAY,uBAAuB,MAAM,uBAAuB,MAChE,GAAG;AAEL,SAAO,GAAG,KAAK,QAAQ;AACzB;AC7DA,IAAM,kBAAkB,IAAI,MAAM,KAAO,GAAK;AAM9C,SAAS,2BAAwB;AAI/B,QAAM,SAAS,QAAO,EAAG;AAEzB,MAAI,QAAQ,GAAG;AAEb,eAAW,QAAQ,OAAO,KAAK,OAAO,CAAC,GAAG;AAExC,aAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,IAAI,EAAE,KAAK,CAAA;AAEvC,aAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,IAAI,EAAE,KAAK,CAAA;AAEvC,aAAO,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,CAAC;AAEvC,UAAI,OAAO,IAAI;AACb,iBAAS,IAAI,GAAG,IAAI,OAAO,GAAG,QAAQ,KAAK;AAEzC,iBAAO,GAAG,CAAC,IAAI;;;;;AAKzB;AAEA,SAAS,SAAS,MAAkB;AAClC,SAAO,IAAI,QAA8B,CAAC,SAAS,WAAU;AAE3D,aAAS,iBAAc;AAGrB,+BAAwB;AACxB,WAAK,KAAK,gBAAgB;QACxB,UAAU,MAAK;AACb,kBAAQ,KAAK,QAAQ,WAAU,CAAE;;QAEnC,WAAW,MAAK;AAOd,mCAAwB;AACxB,iBAAO;YAAa;YAAI;;UAAA,CAAuC;;QAEjE,SAAS,gBAAgB,IAAG;MAC7B,CAAA;;AAGH,QAAI,QAAO,EAAG,MAAM,SAAS,QAAQ;AAEnC,cAAQ,KAAK,QAAQ,WAAU,CAAE;eACxB,CAAC,CAAC,QAAO,EAAG,MAAM,MAAM;AAEjC,qBAAc;WACT;AAML,YAAM,SAASC,sBAAyB,WAAW;AAEnD,cAAO,EAAG,MAAM,IAAI,MAAK;AAEvB,YAAI,CAAC,CAAC,KAAK,MAAM;AACf,yBAAc;eACT;AAEL,iBAAO;YAAa;YAAI;;UAAA,CAAuC;;MAEnE;AAEA,aAAOC,QACI,GAAGC,eAAiB,CAAE,WAAW,MAAM,EAAE,EACjD,MAAM,OAAK,OAAO,CAAC,CAAC;;EAE3B,CAAC,EAAE,MAAM,WAAQ;AAEf,uBAAmB;AACnB,UAAM;EACR,CAAC;AACH;AAEA,IAAI,mBAAyD;AACvD,SAAU,UAAU,MAAkB;AAC1C,qBAAmB,oBAAoB,SAAS,IAAI;AACpD,SAAO;AACT;AC3FA,IAAM,eAAe,IAAI,MAAM,KAAM,IAAK;AAC1C,IAAM,cAAc;AACpB,IAAM,uBAAuB;AAE7B,IAAM,oBAAoB;EACxB,OAAO;IACL,UAAU;IACV,KAAK;IACL,OAAO;IACP,QAAQ;EACT;EACD,eAAe;EACf,UAAU;;AAKZ,IAAM,mBAAmB,oBAAI,IAAI;EAC/B,CAAyB,kCAAA,GAAG;;EAC5B,CAAC,kDAAkD,GAAG;;EACtD,CAAC,+CAA+C,GAAG;;AACpD,CAAA;AAED,SAAS,aAAa,MAAkB;AACtC,QAAM,SAAS,KAAK;AACpB;IAAQ,OAAO;IAAY;IAAI;;EAAA;AAC/B,QAAM,MAAM,OAAO,WACf,aAAa,QAAQ,oBAAoB,IACzC,WAAW,KAAK,OAAO,UAAU,IAAI,WAAW;AAEpD,QAAM,SAAiC;IACrC,QAAQ,OAAO;IACf,SAAS,KAAK;IACd,GAAG;;AAEL,QAAM,MAAM,iBAAiB,IAAI,KAAK,OAAO,OAAO;AACpD,MAAI,KAAK;AACP,WAAO,MAAM;;AAEf,QAAM,aAAa,KAAK,eAAc;AACtC,MAAI,WAAW,QAAQ;AACrB,WAAO,KAAK,WAAW,KAAK,GAAG;;AAEjC,SAAO,GAAG,GAAG,IAAI,YAAY,MAAM,EAAE,MAAM,CAAC,CAAC;AAC/C;AAEO,eAAe,YACpB,MAAkB;AAElB,QAAM,UAAU,MAAMC,UAAqB,IAAI;AAC/C,QAAMC,QAAO,QAAO,EAAG;AACvB;IAAQA;IAAM;IAAI;;EAAA;AAClB,SAAO,QAAQ,KACb;IACE,OAAO,SAAS;IAChB,KAAK,aAAa,IAAI;IACtB,uBAAuBA,MAAK,QAAQ;IACpC,YAAY;IACZ,WAAW;EACZ,GACD,CAAC,WACC,IAAI,QAAQ,OAAO,SAAS,WAAU;AACpC,UAAM,OAAO,QAAQ;;MAEnB,gBAAgB;IACjB,CAAA;AAED,UAAM,eAAe;MACnB;MAAI;;IAAA;AAKN,UAAM,oBAAoB,QAAO,EAAG,WAAW,MAAK;AAClD,aAAO,YAAY;IACrB,GAAG,aAAa,IAAG,CAAE;AAErB,aAAS,uBAAoB;AAC3B,cAAO,EAAG,aAAa,iBAAiB;AACxC,cAAQ,MAAM;;AAIhB,WAAO,KAAK,oBAAoB,EAAE,KAAK,sBAAsB,MAAK;AAChE,aAAO,YAAY;IACrB,CAAC;GACF,CAAC;AAER;ACzFA,IAAM,qBAAqB;EACzB,UAAU;EACV,WAAW;EACX,WAAW;EACX,SAAS;;AAGX,IAAM,gBAAgB;AACtB,IAAM,iBAAiB;AACvB,IAAM,eAAe;AAErB,IAAM,oBAAoB;IAEb,kBAAS;EAGpB,YAAqBC,SAAqB;AAArB,SAAM,SAANA;AAFrB,SAAe,kBAAkB;;EAIjC,QAAK;AACH,QAAI,KAAK,QAAQ;AACf,UAAI;AACF,aAAK,OAAO,MAAK;eACV,GAAG;MAAA;;;AAGjB;AAEe,SAAA,MACd,MACA,KACAC,OACA,QAAQ,eACR,SAAS,gBAAc;AAEvB,QAAM,MAAM,KAAK,KAAK,OAAO,OAAO,cAAc,UAAU,GAAG,CAAC,EAAE,SAAQ;AAC1E,QAAM,OAAO,KAAK,KAAK,OAAO,OAAO,aAAa,SAAS,GAAG,CAAC,EAAE,SAAQ;AACzE,MAAI,SAAS;AAEb,QAAM,UAAqC;IACzC,GAAG;IACH,OAAO,MAAM,SAAQ;IACrB,QAAQ,OAAO,SAAQ;IACvB;IACA;;AAKF,QAAM,KAAK,MAAK,EAAG,YAAW;AAE9B,MAAIA,OAAM;AACR,aAAS,aAAa,EAAE,IAAI,eAAeA;;AAG7C,MAAI,WAAW,EAAE,GAAG;AAElB,UAAM,OAAO;AAGb,YAAQ,aAAa;;AAGvB,QAAM,gBAAgB,OAAO,QAAQ,OAAO,EAAE,OAC5C,CAAC,OAAO,CAAC,KAAK,KAAK,MAAM,GAAG,KAAK,GAAG,GAAG,IAAI,KAAK,KAChD,EAAE;AAGJ,MAAI,iBAAiB,EAAE,KAAK,WAAW,SAAS;AAC9C,uBAAmB,OAAO,IAAI,MAAM;AACpC,WAAO,IAAI,UAAU,IAAI;;AAK3B,QAAM,SAAS,OAAO,KAAK,OAAO,IAAI,QAAQ,aAAa;AAC3D;IAAQ;IAAQ;IAAI;;EAAA;AAGpB,MAAI;AACF,WAAO,MAAK;WACL,GAAG;EAAA;AAEZ,SAAO,IAAI,UAAU,MAAM;AAC7B;AAEA,SAAS,mBAAmB,KAAa,QAAc;AACrD,QAAM,KAAK,SAAS,cAAc,GAAG;AACrC,KAAG,OAAO;AACV,KAAG,SAAS;AACZ,QAAM,QAAQ,SAAS,YAAY,YAAY;AAC/C,QAAM,eACJ,SACA,MACA,MACA,QACA,GACA,GACA,GACA,GACA,GACA,OACA,OACA,OACA,OACA,GACA,IAAI;AAEN,KAAG,cAAc,KAAK;AACxB;ACvGA,IAAM,cAAc;AAOpB,IAAM,uBAAuB;AAO7B,IAAM,iCAAiC,mBAAmB,KAAK;AAgBxD,eAAe,gBACpB,MACA,UACA,UACA,aACA,SACA,kBAAyC;AAEzC;IAAQ,KAAK,OAAO;IAAY;IAAI;;EAAA;AACpC;IAAQ,KAAK,OAAO;IAAQ;IAAI;;EAAA;AAEhC,QAAM,SAAuB;IAC3B,QAAQ,KAAK,OAAO;IACpB,SAAS,KAAK;IACd;IACA;IACA,GAAG;IACH;;AAGF,MAAI,oBAAoB,uBAAuB;AAC7C,aAAS,mBAAmB,KAAK,YAAY;AAC7C,WAAO,aAAa,SAAS,cAAc;AAC3C,QAAI,CAAC,QAAQ,SAAS,oBAAmB,CAAE,GAAG;AAC5C,aAAO,mBAAmB,KAAK,UAAU,SAAS,oBAAmB,CAAE;;AAIzE,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,oBAAoB,CAAA,CAAE,GAAG;AACjE,aAAO,GAAG,IAAI;;;AAIlB,MAAI,oBAAoB,mBAAmB;AACzC,UAAM,SAAS,SAAS,UAAS,EAAG,OAAO,WAAS,UAAU,EAAE;AAChE,QAAI,OAAO,SAAS,GAAG;AACrB,aAAO,SAAS,OAAO,KAAK,GAAG;;;AAInC,MAAI,KAAK,UAAU;AACjB,WAAO,MAAM,KAAK;;AAMpB,QAAM,aAAa;AACnB,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACzC,QAAI,WAAW,GAAG,MAAM,QAAW;AACjC,aAAO,WAAW,GAAG;;;AAKzB,QAAM,gBAAgB,MAAM,KAAK,kBAAiB;AAClD,QAAM,wBAAwB,gBAC1B,IAAI,8BAA8B,IAAI,mBAAmB,aAAa,CAAC,KACvE;AAGJ,SAAO,GAAG,eAAe,IAAI,CAAC,IAAI,YAAY,UAAU,EAAE,MACxD,CAAC,CACF,GAAG,qBAAqB;AAC3B;AAEA,SAAS,eAAe,EAAE,OAAM,GAAgB;AAC9C,MAAI,CAAC,OAAO,UAAU;AACpB,WAAO,WAAW,OAAO,UAAU,IAAI,WAAW;;AAGpD,SAAO,aAAa,QAAQ,oBAAoB;AAClD;ACzFA,IAAM,0BAA0B;AAWhC,IAAM,+BAAN,MAAkC;EAAlC,cAAA;AACmB,SAAa,gBAAqC,CAAA;AAClD,SAAO,UAAwC,CAAA;AAC/C,SAAwB,2BAAkC,CAAA;AAElE,SAAoB,uBAAG;AAyHhC,SAAmB,sBAAG;AAEtB,SAAuB,0BAAG;;;;EAvH1B,MAAM,WACJ,MACA,UACA,UACA,SAAgB;AAEhB,gBACE,KAAK,cAAc,KAAK,KAAI,CAAE,GAAG,SACjC,8CAA8C;AAGhD,UAAM,MAAM,MAAM,gBAChB,MACA,UACA,UACA,eAAc,GACd,OAAO;AAET,WAAO,MAAM,MAAM,KAAK,iBAAgB,CAAE;;EAG5C,MAAM,cACJ,MACA,UACA,UACA,SAAgB;AAEhB,UAAM,KAAK,kBAAkB,IAAI;AACjC,UAAM,MAAM,MAAM,gBAChB,MACA,UACA,UACA,eAAc,GACd,OAAO;AAET,uBAAmB,GAAG;AACtB,WAAO,IAAI,QAAQ,MAAO;IAAA,CAAC;;EAG7B,YAAY,MAAkB;AAC5B,UAAM,MAAM,KAAK,KAAI;AACrB,QAAI,KAAK,cAAc,GAAG,GAAG;AAC3B,YAAM,EAAE,SAAS,SAAAC,SAAO,IAAK,KAAK,cAAc,GAAG;AACnD,UAAI,SAAS;AACX,eAAO,QAAQ,QAAQ,OAAO;aACzB;AACL,oBAAYA,UAAS,0CAA0C;AAC/D,eAAOA;;;AAIX,UAAM,UAAU,KAAK,kBAAkB,IAAI;AAC3C,SAAK,cAAc,GAAG,IAAI,EAAE,QAAO;AAInC,YAAQ,MAAM,MAAK;AACjB,aAAO,KAAK,cAAc,GAAG;IAC/B,CAAC;AAED,WAAO;;EAGD,MAAM,kBAAkB,MAAkB;AAChD,UAAM,SAAS,MAAM,YAAY,IAAI;AACrC,UAAM,UAAU,IAAI,iBAAiB,IAAI;AACzC,WAAO,SACL,aACA,CAAC,gBAAqC;AACpC;QAAQ,aAAa;QAAW;QAAI;;MAAA;AAGpC,YAAM,UAAU,QAAQ,QAAQ,YAAY,SAAS;AACrD,aAAO;QAAE,QAAQ,UAA0B,QAAmB;;MAAA;IAChE,GACA,KAAK,QAAQ,2BAA2B;AAG1C,SAAK,cAAc,KAAK,KAAI,CAAE,IAAI,EAAE,QAAO;AAC3C,SAAK,QAAQ,KAAK,KAAI,CAAE,IAAI;AAC5B,WAAO;;EAGT,6BACE,MACA,IAAmC;AAEnC,UAAM,SAAS,KAAK,QAAQ,KAAK,KAAI,CAAE;AACvC,WAAO,KACL,yBACA,EAAE,MAAM,wBAAuB,GAC/B,YAAS;AACP,YAAM,cAAc,SAAS,CAAC,IAAI,uBAAuB;AACzD,UAAI,gBAAgB,QAAW;AAC7B,WAAG,CAAC,CAAC,WAAW;;AAGlB;QAAM;QAAI;;MAAA;IACZ,GACA,KAAK,QAAQ,2BAA2B;;EAI5C,kBAAkB,MAAkB;AAClC,UAAM,MAAM,KAAK,KAAI;AACrB,QAAI,CAAC,KAAK,yBAAyB,GAAG,GAAG;AACvC,WAAK,yBAAyB,GAAG,IAAI,gBAAgB,IAAI;;AAG3D,WAAO,KAAK,yBAAyB,GAAG;;EAG1C,IAAI,yBAAsB;AAExB,WAAO,iBAAgB,KAAM,UAAS,KAAM,OAAM;;AAMrD;AAWM,IAAM,+BACX;IChLoB,iCAAwB;EAC5C,YAA+B,UAAkB;AAAlB,SAAQ,WAAR;;EAE/B,SACE,MACA,SACA,aAA2B;AAE3B,YAAQ,QAAQ,MAAI;MAClB,KAAA;AACE,eAAO,KAAK,gBAAgB,MAAM,QAAQ,YAAY,WAAW;MACnE,KAAA;AACE,eAAO,KAAK,gBAAgB,MAAM,QAAQ,UAAU;MACtD;AACE,eAAO,UAAU,mCAAmC;;;AAa3D;ACdK,IAAO,gCAAP,MAAO,uCACH,yBAAwB;EAGhC,YAAqC,YAA+B;AAClE;MAAK;;IAAA;AAD8B,SAAU,aAAV;;;EAKrC,OAAO,gBACL,YAA+B;AAE/B,WAAO,IAAI,+BAA8B,UAAU;;;EAIrD,gBACE,MACA,SACA,aAA2B;AAE3B,WAAO,uBAAuB,MAAM;MAClC;MACA;MACA,uBAAuB,KAAK,WAAW,yBAAwB;IAChE,CAAA;;;EAIH,gBACE,MACA,sBAA4B;AAE5B,WAAO,uBAAuB,MAAM;MAClC;MACA,uBAAuB,KAAK,WAAW,yBAAwB;IAChE,CAAA;;AAEJ;IAOY,kCAAyB;EACpC,cAAA;EAAA;;;;;;;;;;;EAYA,OAAO,UAAU,YAA+B;AAC9C,WAAO,8BAA8B,gBAAgB,UAAU;;;AAM1D,0BAAS,YAAG;IC1DR,iCAAwB;;;;;;;;;;;EAWnC,OAAO,uBACL,QACA,iBAAuB;AAEvB,WAAO,6BAA6B,YAAY,QAAQ,eAAe;;;;;;;;;;;EAYzE,OAAO,mBACL,cACA,iBAAuB;AAEvB,WAAO,6BAA6B,kBAClC,cACA,eAAe;;;;;;;;;;;EAanB,aAAa,eACX,SAA2B;AAE3B,UAAM,aAAa;AACnB;MACE,OAAO,WAAW,MAAM,SAAS;MAAW;;IAAA;AAG9C,UAAM,WAAW,MAAM,mBAAmB,WAAW,KAAK,MAAM;MAC9D,SAAS,WAAW;MACpB,oBAAoB,CAAA;IACrB,CAAA;AACD,WAAO,WAAW,oCAChB,UACA,WAAW,KAAK,IAAI;;;AAOjB,yBAAA,YAAkC;AAGrC,IAAO,+BAAP,MAAO,sCACH,yBAAwB;EAGhC,YACW,KACA,cACA,QAAmB;AAE5B;MAAK;;IAAA;AAJI,SAAG,MAAH;AACA,SAAY,eAAZ;AACA,SAAM,SAAN;;;EAMX,OAAO,YACL,QACA,KAAW;AAEX,WAAO,IAAI,8BAA6B,KAAK,QAAW,MAAM;;;EAIhE,OAAO,kBACL,cACA,KAAW;AAEX,WAAO,IAAI,8BAA6B,KAAK,YAAY;;;EAI3D,MAAM,gBACJ,MACA,SACA,aAA2B;AAE3B;MACE,OAAO,KAAK,WAAW;MACvB;MAAI;;IAAA;AAGN,WAAO,sBAAsB,MAAM;MACjC;MACA;MACA,sBAAsB,KAAK,OAAO,0BAA0B,KAAK,GAAG;IACrE,CAAA;;;EAIH,MAAM,gBACJ,MACA,sBAA4B;AAE5B;MACE,KAAK,iBAAiB,UAAa,KAAK,QAAQ;MAChD;MAAI;;IAAA;AAGN,UAAM,uBAAuB,EAAE,kBAAkB,KAAK,IAAG;AACzD,WAAO,sBAAsB,MAAM;MACjC;MACA,iBAAiB,KAAK;MACtB;IACD,CAAA;;AAEJ;IASY,mBAAA,YAAU;;EAwBrB,YACE,WACA,kBACA,YACA,qBACA,8BACiB,aACA,MAAkB;AADlB,SAAW,cAAX;AACA,SAAI,OAAJ;AAEjB,SAAK,YAAY;AACjB,SAAK,mBAAmB;AACxB,SAAK,aAAa;AAClB,SAAK,sBAAsB;AAC3B,SAAK,+BAA+B;;;EAItC,OAAO,oCACL,UACA,MAAkB;AAElB,WAAO,IAAI,YACT,SAAS,gBAAgB,iBACzB,SAAS,gBAAgB,kBACzB,SAAS,gBAAgB,wBACzB,SAAS,gBAAgB,WACzB,IAAI,KAAK,SAAS,gBAAgB,sBAAsB,EAAE,YAAW,GACrE,SAAS,gBAAgB,aACzB,IAAI;;;EAKR,0BAA0B,KAAW;AACnC,WAAO,EAAE,aAAa,KAAK,aAAa,kBAAkB,IAAG;;;;;;;;;;;;EAa/D,kBAAkB,aAAsB,QAAe;AACrD,QAAI,cAAc;AAClB,QAAI,eAAe,WAAW,KAAK,eAAe,MAAM,GAAG;AACzD,oBAAc;;AAEhB,QAAI,aAAa;AACf,UAAI,eAAe,WAAW,GAAG;AAC/B,sBAAc,KAAK,KAAK,aAAa,SAAS;;AAEhD,UAAI,eAAe,MAAM,GAAG;AAC1B,iBAAS,KAAK,KAAK;;;AAGvB,WAAO,kBAAkB,MAAM,IAAI,WAAW,WAAW,KAAK,SAAS,WAAW,MAAM,cAAc,KAAK,gBAAgB,WAAW,KAAK,UAAU;;AAExJ;AAGD,SAAS,eAAe,OAAc;AACpC,SAAO,OAAO,UAAU,eAAe,OAAO,WAAW;AAC3D;;;ICtPa,oBAAW;EAItB,YAA6B,MAAkB;AAAlB,SAAI,OAAJ;AAHZ,SAAA,oBACf,oBAAI,IAAG;;EAIT,SAAM;AACJ,SAAK,qBAAoB;AACzB,WAAO,KAAK,KAAK,aAAa,OAAO;;EAGvC,MAAM,SACJ,cAAsB;AAEtB,SAAK,qBAAoB;AACzB,UAAM,KAAK,KAAK;AAChB,QAAI,CAAC,KAAK,KAAK,aAAa;AAC1B,aAAO;;AAGT,UAAM,cAAc,MAAM,KAAK,KAAK,YAAY,WAAW,YAAY;AACvE,WAAO,EAAE,YAAW;;EAGtB,qBAAqB,UAAuB;AAC1C,SAAK,qBAAoB;AACzB,QAAI,KAAK,kBAAkB,IAAI,QAAQ,GAAG;AACxC;;AAGF,UAAM,cAAc,KAAK,KAAK,iBAAiB,UAAO;AACpD,eACG,MAA8B,gBAAgB,eAAe,IAAI;IAEtE,CAAC;AACD,SAAK,kBAAkB,IAAI,UAAU,WAAW;AAChD,SAAK,uBAAsB;;EAG7B,wBAAwB,UAAuB;AAC7C,SAAK,qBAAoB;AACzB,UAAM,cAAc,KAAK,kBAAkB,IAAI,QAAQ;AACvD,QAAI,CAAC,aAAa;AAChB;;AAGF,SAAK,kBAAkB,OAAO,QAAQ;AACtC,gBAAW;AACX,SAAK,uBAAsB;;EAGrB,uBAAoB;AAC1B;MACE,KAAK,KAAK;MAAsB;;IAAA;;EAK5B,yBAAsB;AAC5B,QAAI,KAAK,kBAAkB,OAAO,GAAG;AACnC,WAAK,KAAK,uBAAsB;WAC3B;AACL,WAAK,KAAK,sBAAqB;;;AAGpC;ACvDD,SAAS,sBACP,gBAA8B;AAE9B,UAAQ,gBAAc;IACpB,KAAA;AACE,aAAO;IACT,KAAA;AACE,aAAO;IACT,KAAA;AACE,aAAO;IACT,KAAA;AACE,aAAO;IACT,KAAA;AACE,aAAO;IACT;AACE,aAAO;;AAEb;AAGM,SAAU,aAAa,gBAA8B;AACzD,qBACE,IAAI;IAAS;IAEX,CAAC,WAAW,EAAE,SAAS,KAAI,MAAkC;AAC3D,YAAM,MAAM,UAAU,YAAY,KAAK,EAAE,aAAY;AACrD,YAAM,2BACJ,UAAU,YAAyB,WAAW;AAChD,YAAM,0BACJ,UAAU,YAAkC,oBAAoB;AAClE,YAAM,EAAE,QAAQ,WAAU,IAAK,IAAI;AAEnC,cACE,UAAU,CAAC,OAAO,SAAS,GAAG,GAE9B,mBAAA,EAAE,SAAS,IAAI,KAAI,CAAE;AAGvB,YAAM,SAAyB;QAC7B;QACA;QACA;QACA,SAA+B;QAC/B,cAA0C;QAC1C,WAAmC;QACnC,kBAAkB,kBAAkB,cAAc;;AAGpD,YAAM,eAAe,IAAI,SACvB,KACA,0BACA,yBACA,MAAM;AAER,8BAAwB,cAAc,IAAI;AAE1C,aAAO;IACT;IAED;;EAAA,EAKE;IAAgD;;EAAA,EAKhD,2BACC,CAAC,WAAW,qBAAqB,cAAa;AAC5C,UAAM,uBAAuB,UAAU;MAAW;;IAAA;AAGlD,yBAAqB,WAAU;GAChC,CACF;AAGL,qBACE,IAAI;IAEF;IAAA,eAAY;AACV,YAAM,OAAO,UACX,UAAU;QAAW;;MAAA,EAAsB,aAAY,CAAG;AAE5D,cAAQ,CAAAC,UAAQ,IAAI,YAAYA,KAAI,GAAG,IAAI;IAC7C;IAED;;EAAA,EAAC;IAAoB;;EAAA,CAA4B;AAGpD,kBAAgB,MAAM,SAAS,sBAAsB,cAAc,CAAC;AAEpE,kBAAgB,MAAM,SAAS,SAAkB;AACnD;ACjGA,IAAM,2BAA2B,IAAI;AACrC,IAAM,oBACJ,uBAAuB,mBAAmB,KAAK;AAEjD,IAAI,oBAA+C;AAEnD,IAAM,oBAAoB,CAAC,QAAgB,OAAO,SAAqB;AACrE,QAAM,gBAAgB,QAAS,MAAM,KAAK,iBAAgB;AAC1D,QAAM,aACJ,mBACC,oBAAI,KAAI,GAAG,QAAO,IAAK,KAAK,MAAM,cAAc,YAAY,KAAK;AACpE,MAAI,cAAc,aAAa,mBAAmB;AAChD;;AAGF,QAAM,UAAU,eAAe;AAC/B,MAAI,sBAAsB,SAAS;AACjC;;AAEF,sBAAoB;AACpB,QAAM,MAAM,KAAK;IACf,QAAQ,UAAU,SAAS;IAC3B,SAAS,UACL;MACE,iBAAiB,UAAU,OAAO;IACnC,IACD,CAAA;EACL,CAAA;AACH;AAUgB,SAAA,QAAQ,MAAmB,OAAM,GAAE;AACjD,QAAM,WAAW,aAAa,KAAK,MAAM;AAEzC,MAAI,SAAS,cAAa,GAAI;AAC5B,WAAO,SAAS,aAAY;;AAG9B,QAAM,OAAO,eAAe,KAAK;IAC/B,uBAAuB;IACvB,aAAa;MACX;MACA;MACA;IACD;EACF,CAAA;AAED,QAAM,oBAAoB,uBAAuB,kBAAkB;AAEnE,MACE,qBACA,OAAO,oBAAoB,aAC3B,iBACA;AAEA,UAAM,mBAAmB,IAAI,IAAI,mBAAmB,SAAS,MAAM;AACnE,QAAI,SAAS,WAAW,iBAAiB,QAAQ;AAC/C,YAAM,aAAa,kBAAkB,iBAAiB,SAAQ,CAAE;AAChE,6BAAuB,MAAM,YAAY,MACvC,WAAW,KAAK,WAAW,CAAC;AAE9B,uBAAiB,MAAM,UAAQ,WAAW,IAAI,CAAC;;;AAInD,QAAM,mBAAmB,uBAAuB,MAAM;AACtD,MAAI,kBAAkB;AACpB,wBAAoB,MAAM,UAAU,gBAAgB,EAAE;;AAGxD,SAAO;AACT;AAEA,SAAS,yBAAsB;AAC7B,SAAO,SAAS,qBAAqB,MAAM,IAAI,CAAC,KAAK;AACvD;AAEA,uBAAuB;EACrB,OAAO,KAAW;AAEhB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAU;AACrC,YAAM,KAAK,SAAS,cAAc,QAAQ;AAC1C,SAAG,aAAa,OAAO,GAAG;AAC1B,SAAG,SAAS;AACZ,SAAG,UAAU,OAAI;AACf,cAAM,QAAQ;UAAY;;QAAA;AAC1B,cAAM,aAAa;AACnB,eAAO,KAAK;MACd;AACA,SAAG,OAAO;AACV,SAAG,UAAU;AACb,6BAAsB,EAAG,YAAY,EAAE;IACzC,CAAC;;EAGH,YAAY;EACZ,mBAAmB;EACnB,2BACE;AACH,CAAA;AAED;EAAY;;AAAA;", "names": ["reload", "name", "jsHelpers._recaptchaEnterpriseScriptUrl", "jsHelpers\n ._loadJS", "auth", "applyActionCode", "sendEmailVerification", "sendPasswordResetEmail", "sendSignInLinkToEmail", "signInWithEmailLink", "IDP_REQUEST_URI", "signInWithPhoneNumber", "linkWithPhoneNumber", "_link", "signInWithCustomToken", "getIdTokenResponse", "authentication.sendPasswordResetEmail", "account\n .resetPassword", "account.applyActionCode", "account.resetPassword", "request", "actionCodeSettings", "api.sendSignInLinkToEmail", "api.sendEmailVerification", "api.verifyAndChangeEmail", "updateProfile", "apiUpdateProfile", "apiUpdateEmailPassword", "_POLLING_INTERVAL_MS", "key", "storedValue", "name", "unsubscribe", "jsHelpers._generateCallbackName", "jsHelpers._recaptchaV2ScriptUrl", "jsHelpers._loadJS", "_linkUser", "js._generateCallbackName", "js\n ._loadJS", "js._gapiScriptUrl", "gapiLoader._loadGapi", "gapi", "window", "name", "promise", "auth"] }
geri dön