File: /home/dnlightw-124/dn.lightweb.kr/node_modules/firebase/firebase-auth-cordova.js.map
{"version":3,"file":"firebase-auth-cordova.js","sources":["../util/src/crypt.ts","../util/src/environment.ts","../util/src/errors.ts","../util/src/obj.ts","../util/src/query.ts","../util/src/subscribe.ts","../util/src/compat.ts","../component/src/component.ts","../logger/src/logger.ts","../auth/src/core/persistence/index.ts","../auth/src/platform_browser/messagechannel/receiver.ts","../auth/src/platform_browser/messagechannel/promise.ts","../auth/src/core/util/event_id.ts","../auth/src/platform_browser/messagechannel/sender.ts","../auth/src/platform_browser/auth_window.ts","../auth/src/platform_browser/util/worker.ts","../auth/src/platform_browser/persistence/indexed_db.ts","../auth/src/core/errors.ts","../auth/src/core/util/log.ts","../auth/src/core/util/assert.ts","../auth/src/core/util/location.ts","../auth/src/core/util/navigator.ts","../auth/src/core/util/emulator.ts","../auth/src/core/util/fetch_provider.ts","../auth/src/api/errors.ts","../auth/src/api/index.ts","../auth/src/core/util/delay.ts","../auth/src/platform_browser/recaptcha/recaptcha.ts","../auth/src/api/authentication/recaptcha.ts","../auth/src/api/account_management/account.ts","../auth/src/core/util/time.ts","../auth/src/core/user/id_token_result.ts","../auth/src/core/user/invalidation.ts","../auth/src/core/user/proactive_refresh.ts","../auth/src/core/user/user_metadata.ts","../auth/src/core/user/reload.ts","../auth/src/core/user/token_manager.ts","../auth/src/api/authentication/token.ts","../auth/src/core/user/user_impl.ts","../auth/src/core/util/instantiator.ts","../auth/src/core/persistence/in_memory.ts","../auth/src/core/persistence/persistence_user_manager.ts","../auth/src/core/util/browser.ts","../auth/src/core/util/version.ts","../auth/src/core/auth/middleware.ts","../auth/src/core/auth/password_policy_impl.ts","../auth/src/core/auth/auth_impl.ts","../auth/src/api/password_policy/get_password_policy.ts","../auth/src/platform_browser/load_js.ts","../auth/src/platform_browser/recaptcha/recaptcha_mock.ts","../auth/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.ts","../auth/src/core/auth/initialize.ts","../auth/src/core/auth/emulator.ts","../auth/src/core/credentials/auth_credential.ts","../auth/src/api/account_management/email_and_password.ts","../auth/src/api/authentication/email_and_password.ts","../auth/src/core/credentials/email.ts","../auth/src/api/authentication/email_link.ts","../auth/src/api/authentication/idp.ts","../auth/src/core/credentials/oauth.ts","../auth/src/api/authentication/sms.ts","../auth/src/core/credentials/phone.ts","../auth/src/core/action_code_url.ts","../auth/src/core/providers/email.ts","../auth/src/core/providers/federated.ts","../auth/src/core/providers/oauth.ts","../auth/src/core/providers/facebook.ts","../auth/src/core/providers/google.ts","../auth/src/core/providers/github.ts","../auth/src/core/credentials/saml.ts","../auth/src/core/providers/saml.ts","../auth/src/core/providers/twitter.ts","../auth/src/api/authentication/sign_up.ts","../auth/src/core/user/user_credential_impl.ts","../auth/src/core/strategies/anonymous.ts","../auth/src/mfa/mfa_error.ts","../auth/src/core/util/providers.ts","../auth/src/core/user/link_unlink.ts","../auth/src/core/user/reauthenticate.ts","../auth/src/core/strategies/credential.ts","../auth/src/core/strategies/custom_token.ts","../auth/src/api/authentication/custom_token.ts","../auth/src/mfa/mfa_info.ts","../auth/src/core/strategies/action_code_settings.ts","../auth/src/core/strategies/email_and_password.ts","../auth/src/core/strategies/email_link.ts","../auth/src/core/strategies/email.ts","../auth/src/api/authentication/create_auth_uri.ts","../auth/src/core/user/account_info.ts","../auth/src/api/account_management/profile.ts","../auth/src/core/user/additional_user_info.ts","../auth/src/core/index.ts","../auth/src/mfa/mfa_session.ts","../auth/src/mfa/mfa_resolver.ts","../auth/src/mfa/mfa_user.ts","../auth/src/api/account_management/mfa.ts","../auth/src/core/auth/firebase_internal.ts","../auth/src/model/enum_maps.ts","../auth/src/platform_browser/persistence/browser.ts","../auth/src/platform_browser/persistence/local_storage.ts","../auth/src/platform_browser/persistence/session_storage.ts","../auth/src/core/util/resolver.ts","../auth/src/core/strategies/idp.ts","../auth/src/core/strategies/abstract_popup_redirect_operation.ts","../auth/src/core/strategies/redirect.ts","../auth/src/platform_browser/strategies/redirect.ts","../auth/src/core/util/handler.ts","../auth/src/platform_cordova/plugins.ts","../auth/src/platform_cordova/popup_redirect/utils.ts","../auth/src/api/project_config/get_project_config.ts","../auth/src/core/auth/auth_event_manager.ts","../auth/src/platform_cordova/popup_redirect/events.ts","../auth/src/platform_cordova/popup_redirect/popup_redirect.ts","../auth/src/platform_cordova/strategies/redirect.ts","../auth/index.cordova.ts","../auth/src/core/auth/register.ts"],"sourcesContent":["/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nconst stringToByteArray = function (str: string): number[] {\n // TODO(user): Use native implementations if/when available\n const out: number[] = [];\n let p = 0;\n for (let i = 0; i < str.length; i++) {\n let c = str.charCodeAt(i);\n if (c < 128) {\n out[p++] = c;\n } else if (c < 2048) {\n out[p++] = (c >> 6) | 192;\n out[p++] = (c & 63) | 128;\n } else if (\n (c & 0xfc00) === 0xd800 &&\n i + 1 < str.length &&\n (str.charCodeAt(i + 1) & 0xfc00) === 0xdc00\n ) {\n // Surrogate Pair\n c = 0x10000 + ((c & 0x03ff) << 10) + (str.charCodeAt(++i) & 0x03ff);\n out[p++] = (c >> 18) | 240;\n out[p++] = ((c >> 12) & 63) | 128;\n out[p++] = ((c >> 6) & 63) | 128;\n out[p++] = (c & 63) | 128;\n } else {\n out[p++] = (c >> 12) | 224;\n out[p++] = ((c >> 6) & 63) | 128;\n out[p++] = (c & 63) | 128;\n }\n }\n return out;\n};\n\n/**\n * Turns an array of numbers into the string given by the concatenation of the\n * characters to which the numbers correspond.\n * @param bytes Array of numbers representing characters.\n * @return Stringification of the array.\n */\nconst byteArrayToString = function (bytes: number[]): string {\n // TODO(user): Use native implementations if/when available\n const out: string[] = [];\n let pos = 0,\n c = 0;\n while (pos < bytes.length) {\n const c1 = bytes[pos++];\n if (c1 < 128) {\n out[c++] = String.fromCharCode(c1);\n } else if (c1 > 191 && c1 < 224) {\n const c2 = bytes[pos++];\n out[c++] = String.fromCharCode(((c1 & 31) << 6) | (c2 & 63));\n } else if (c1 > 239 && c1 < 365) {\n // Surrogate Pair\n const c2 = bytes[pos++];\n const c3 = bytes[pos++];\n const c4 = bytes[pos++];\n const u =\n (((c1 & 7) << 18) | ((c2 & 63) << 12) | ((c3 & 63) << 6) | (c4 & 63)) -\n 0x10000;\n out[c++] = String.fromCharCode(0xd800 + (u >> 10));\n out[c++] = String.fromCharCode(0xdc00 + (u & 1023));\n } else {\n const c2 = bytes[pos++];\n const c3 = bytes[pos++];\n out[c++] = String.fromCharCode(\n ((c1 & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63)\n );\n }\n }\n return out.join('');\n};\n\ninterface Base64 {\n byteToCharMap_: { [key: number]: string } | null;\n charToByteMap_: { [key: string]: number } | null;\n byteToCharMapWebSafe_: { [key: number]: string } | null;\n charToByteMapWebSafe_: { [key: string]: number } | null;\n ENCODED_VALS_BASE: string;\n readonly ENCODED_VALS: string;\n readonly ENCODED_VALS_WEBSAFE: string;\n HAS_NATIVE_SUPPORT: boolean;\n encodeByteArray(input: number[] | Uint8Array, webSafe?: boolean): string;\n encodeString(input: string, webSafe?: boolean): string;\n decodeString(input: string, webSafe: boolean): string;\n decodeStringToByteArray(input: string, webSafe: boolean): number[];\n init_(): void;\n}\n\n// We define it as an object literal instead of a class because a class compiled down to es5 can't\n// be treeshaked. https://github.com/rollup/rollup/issues/1691\n// Static lookup maps, lazily populated by init_()\n// TODO(dlarocque): Define this as a class, since we no longer target ES5.\nexport const base64: Base64 = {\n /**\n * Maps bytes to characters.\n */\n byteToCharMap_: null,\n\n /**\n * Maps characters to bytes.\n */\n charToByteMap_: null,\n\n /**\n * Maps bytes to websafe characters.\n * @private\n */\n byteToCharMapWebSafe_: null,\n\n /**\n * Maps websafe characters to bytes.\n * @private\n */\n charToByteMapWebSafe_: null,\n\n /**\n * Our default alphabet, shared between\n * ENCODED_VALS and ENCODED_VALS_WEBSAFE\n */\n ENCODED_VALS_BASE:\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' + '0123456789',\n\n /**\n * Our default alphabet. Value 64 (=) is special; it means \"nothing.\"\n */\n get ENCODED_VALS() {\n return this.ENCODED_VALS_BASE + '+/=';\n },\n\n /**\n * Our websafe alphabet.\n */\n get ENCODED_VALS_WEBSAFE() {\n return this.ENCODED_VALS_BASE + '-_.';\n },\n\n /**\n * Whether this browser supports the atob and btoa functions. This extension\n * started at Mozilla but is now implemented by many browsers. We use the\n * ASSUME_* variables to avoid pulling in the full useragent detection library\n * but still allowing the standard per-browser compilations.\n *\n */\n HAS_NATIVE_SUPPORT: typeof atob === 'function',\n\n /**\n * Base64-encode an array of bytes.\n *\n * @param input An array of bytes (numbers with\n * value in [0, 255]) to encode.\n * @param webSafe Boolean indicating we should use the\n * alternative alphabet.\n * @return The base64 encoded string.\n */\n encodeByteArray(input: number[] | Uint8Array, webSafe?: boolean): string {\n if (!Array.isArray(input)) {\n throw Error('encodeByteArray takes an array as a parameter');\n }\n\n this.init_();\n\n const byteToCharMap = webSafe\n ? this.byteToCharMapWebSafe_!\n : this.byteToCharMap_!;\n\n const output = [];\n\n for (let i = 0; i < input.length; i += 3) {\n const byte1 = input[i];\n const haveByte2 = i + 1 < input.length;\n const byte2 = haveByte2 ? input[i + 1] : 0;\n const haveByte3 = i + 2 < input.length;\n const byte3 = haveByte3 ? input[i + 2] : 0;\n\n const outByte1 = byte1 >> 2;\n const outByte2 = ((byte1 & 0x03) << 4) | (byte2 >> 4);\n let outByte3 = ((byte2 & 0x0f) << 2) | (byte3 >> 6);\n let outByte4 = byte3 & 0x3f;\n\n if (!haveByte3) {\n outByte4 = 64;\n\n if (!haveByte2) {\n outByte3 = 64;\n }\n }\n\n output.push(\n byteToCharMap[outByte1],\n byteToCharMap[outByte2],\n byteToCharMap[outByte3],\n byteToCharMap[outByte4]\n );\n }\n\n return output.join('');\n },\n\n /**\n * Base64-encode a string.\n *\n * @param input A string to encode.\n * @param webSafe If true, we should use the\n * alternative alphabet.\n * @return The base64 encoded string.\n */\n encodeString(input: string, webSafe?: boolean): string {\n // Shortcut for Mozilla browsers that implement\n // a native base64 encoder in the form of \"btoa/atob\"\n if (this.HAS_NATIVE_SUPPORT && !webSafe) {\n return btoa(input);\n }\n return this.encodeByteArray(stringToByteArray(input), webSafe);\n },\n\n /**\n * Base64-decode a string.\n *\n * @param input to decode.\n * @param webSafe True if we should use the\n * alternative alphabet.\n * @return string representing the decoded value.\n */\n decodeString(input: string, webSafe: boolean): string {\n // Shortcut for Mozilla browsers that implement\n // a native base64 encoder in the form of \"btoa/atob\"\n if (this.HAS_NATIVE_SUPPORT && !webSafe) {\n return atob(input);\n }\n return byteArrayToString(this.decodeStringToByteArray(input, webSafe));\n },\n\n /**\n * Base64-decode a string.\n *\n * In base-64 decoding, groups of four characters are converted into three\n * bytes. If the encoder did not apply padding, the input length may not\n * be a multiple of 4.\n *\n * In this case, the last group will have fewer than 4 characters, and\n * padding will be inferred. If the group has one or two characters, it decodes\n * to one byte. If the group has three characters, it decodes to two bytes.\n *\n * @param input Input to decode.\n * @param webSafe True if we should use the web-safe alphabet.\n * @return bytes representing the decoded value.\n */\n decodeStringToByteArray(input: string, webSafe: boolean): number[] {\n this.init_();\n\n const charToByteMap = webSafe\n ? this.charToByteMapWebSafe_!\n : this.charToByteMap_!;\n\n const output: number[] = [];\n\n for (let i = 0; i < input.length; ) {\n const byte1 = charToByteMap[input.charAt(i++)];\n\n const haveByte2 = i < input.length;\n const byte2 = haveByte2 ? charToByteMap[input.charAt(i)] : 0;\n ++i;\n\n const haveByte3 = i < input.length;\n const byte3 = haveByte3 ? charToByteMap[input.charAt(i)] : 64;\n ++i;\n\n const haveByte4 = i < input.length;\n const byte4 = haveByte4 ? charToByteMap[input.charAt(i)] : 64;\n ++i;\n\n if (byte1 == null || byte2 == null || byte3 == null || byte4 == null) {\n throw new DecodeBase64StringError();\n }\n\n const outByte1 = (byte1 << 2) | (byte2 >> 4);\n output.push(outByte1);\n\n if (byte3 !== 64) {\n const outByte2 = ((byte2 << 4) & 0xf0) | (byte3 >> 2);\n output.push(outByte2);\n\n if (byte4 !== 64) {\n const outByte3 = ((byte3 << 6) & 0xc0) | byte4;\n output.push(outByte3);\n }\n }\n }\n\n return output;\n },\n\n /**\n * Lazy static initialization function. Called before\n * accessing any of the static map variables.\n * @private\n */\n init_() {\n if (!this.byteToCharMap_) {\n this.byteToCharMap_ = {};\n this.charToByteMap_ = {};\n this.byteToCharMapWebSafe_ = {};\n this.charToByteMapWebSafe_ = {};\n\n // We want quick mappings back and forth, so we precompute two maps.\n for (let i = 0; i < this.ENCODED_VALS.length; i++) {\n this.byteToCharMap_[i] = this.ENCODED_VALS.charAt(i);\n this.charToByteMap_[this.byteToCharMap_[i]] = i;\n this.byteToCharMapWebSafe_[i] = this.ENCODED_VALS_WEBSAFE.charAt(i);\n this.charToByteMapWebSafe_[this.byteToCharMapWebSafe_[i]] = i;\n\n // Be forgiving when decoding and correctly decode both encodings.\n if (i >= this.ENCODED_VALS_BASE.length) {\n this.charToByteMap_[this.ENCODED_VALS_WEBSAFE.charAt(i)] = i;\n this.charToByteMapWebSafe_[this.ENCODED_VALS.charAt(i)] = i;\n }\n }\n }\n }\n};\n\n/**\n * An error encountered while decoding base64 string.\n */\nexport class DecodeBase64StringError extends Error {\n readonly name = 'DecodeBase64StringError';\n}\n\n/**\n * URL-safe base64 encoding\n */\nexport const base64Encode = function (str: string): string {\n const utf8Bytes = stringToByteArray(str);\n return base64.encodeByteArray(utf8Bytes, true);\n};\n\n/**\n * URL-safe base64 encoding (without \".\" padding in the end).\n * e.g. Used in JSON Web Token (JWT) parts.\n */\nexport const base64urlEncodeWithoutPadding = function (str: string): string {\n // Use base64url encoding and remove padding in the end (dot characters).\n return base64Encode(str).replace(/\\./g, '');\n};\n\n/**\n * URL-safe base64 decoding\n *\n * NOTE: DO NOT use the global atob() function - it does NOT support the\n * base64Url variant encoding.\n *\n * @param str To be decoded\n * @return Decoded result, if possible\n */\nexport const base64Decode = function (str: string): string | null {\n try {\n return base64.decodeString(str, true);\n } catch (e) {\n console.error('base64Decode failed: ', e);\n }\n return null;\n};\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CONSTANTS } from './constants';\nimport { getDefaults } from './defaults';\n\n/**\n * Type placeholder for `WorkerGlobalScope` from `webworker`\n */\ndeclare class WorkerGlobalScope {}\n\n/**\n * Returns navigator.userAgent string or '' if it's not defined.\n * @return user agent string\n */\nexport function getUA(): string {\n if (\n typeof navigator !== 'undefined' &&\n typeof navigator['userAgent'] === 'string'\n ) {\n return navigator['userAgent'];\n } else {\n return '';\n }\n}\n\n/**\n * Detect Cordova / PhoneGap / Ionic frameworks on a mobile device.\n *\n * Deliberately does not rely on checking `file://` URLs (as this fails PhoneGap\n * in the Ripple emulator) nor Cordova `onDeviceReady`, which would normally\n * wait for a callback.\n */\nexport function isMobileCordova(): boolean {\n return (\n typeof window !== 'undefined' &&\n // @ts-ignore Setting up an broadly applicable index signature for Window\n // just to deal with this case would probably be a bad idea.\n !!(window['cordova'] || window['phonegap'] || window['PhoneGap']) &&\n /ios|iphone|ipod|ipad|android|blackberry|iemobile/i.test(getUA())\n );\n}\n\n/**\n * Detect Node.js.\n *\n * @return true if Node.js environment is detected or specified.\n */\n// Node detection logic from: https://github.com/iliakan/detect-node/\nexport function isNode(): boolean {\n const forceEnvironment = getDefaults()?.forceEnvironment;\n if (forceEnvironment === 'node') {\n return true;\n } else if (forceEnvironment === 'browser') {\n return false;\n }\n\n try {\n return (\n Object.prototype.toString.call(global.process) === '[object process]'\n );\n } catch (e) {\n return false;\n }\n}\n\n/**\n * Detect Browser Environment.\n * Note: This will return true for certain test frameworks that are incompletely\n * mimicking a browser, and should not lead to assuming all browser APIs are\n * available.\n */\nexport function isBrowser(): boolean {\n return typeof window !== 'undefined' || isWebWorker();\n}\n\n/**\n * Detect Web Worker context.\n */\nexport function isWebWorker(): boolean {\n return (\n typeof WorkerGlobalScope !== 'undefined' &&\n typeof self !== 'undefined' &&\n self instanceof WorkerGlobalScope\n );\n}\n\n/**\n * Detect Cloudflare Worker context.\n */\nexport function isCloudflareWorker(): boolean {\n return (\n typeof navigator !== 'undefined' &&\n navigator.userAgent === 'Cloudflare-Workers'\n );\n}\n\n/**\n * Detect browser extensions (Chrome and Firefox at least).\n */\ninterface BrowserRuntime {\n id?: unknown;\n}\ndeclare const chrome: { runtime?: BrowserRuntime };\ndeclare const browser: { runtime?: BrowserRuntime };\nexport function isBrowserExtension(): boolean {\n const runtime =\n typeof chrome === 'object'\n ? chrome.runtime\n : typeof browser === 'object'\n ? browser.runtime\n : undefined;\n return typeof runtime === 'object' && runtime.id !== undefined;\n}\n\n/**\n * Detect React Native.\n *\n * @return true if ReactNative environment is detected.\n */\nexport function isReactNative(): boolean {\n return (\n typeof navigator === 'object' && navigator['product'] === 'ReactNative'\n );\n}\n\n/** Detects Electron apps. */\nexport function isElectron(): boolean {\n return getUA().indexOf('Electron/') >= 0;\n}\n\n/** Detects Internet Explorer. */\nexport function isIE(): boolean {\n const ua = getUA();\n return ua.indexOf('MSIE ') >= 0 || ua.indexOf('Trident/') >= 0;\n}\n\n/** Detects Universal Windows Platform apps. */\nexport function isUWP(): boolean {\n return getUA().indexOf('MSAppHost/') >= 0;\n}\n\n/**\n * Detect whether the current SDK build is the Node version.\n *\n * @return true if it's the Node SDK build.\n */\nexport function isNodeSdk(): boolean {\n return CONSTANTS.NODE_CLIENT === true || CONSTANTS.NODE_ADMIN === true;\n}\n\n/** Returns true if we are running in Safari. */\nexport function isSafari(): boolean {\n return (\n !isNode() &&\n !!navigator.userAgent &&\n navigator.userAgent.includes('Safari') &&\n !navigator.userAgent.includes('Chrome')\n );\n}\n\n/**\n * This method checks if indexedDB is supported by current browser/service worker context\n * @return true if indexedDB is supported by current browser/service worker context\n */\nexport function isIndexedDBAvailable(): boolean {\n try {\n return typeof indexedDB === 'object';\n } catch (e) {\n return false;\n }\n}\n\n/**\n * This method validates browser/sw context for indexedDB by opening a dummy indexedDB database and reject\n * if errors occur during the database open operation.\n *\n * @throws exception if current browser/sw context can't run idb.open (ex: Safari iframe, Firefox\n * private browsing)\n */\nexport function validateIndexedDBOpenable(): Promise<boolean> {\n return new Promise((resolve, reject) => {\n try {\n let preExist: boolean = true;\n const DB_CHECK_NAME =\n 'validate-browser-context-for-indexeddb-analytics-module';\n const request = self.indexedDB.open(DB_CHECK_NAME);\n request.onsuccess = () => {\n request.result.close();\n // delete database only when it doesn't pre-exist\n if (!preExist) {\n self.indexedDB.deleteDatabase(DB_CHECK_NAME);\n }\n resolve(true);\n };\n request.onupgradeneeded = () => {\n preExist = false;\n };\n\n request.onerror = () => {\n reject(request.error?.message || '');\n };\n } catch (error) {\n reject(error);\n }\n });\n}\n\n/**\n *\n * This method checks whether cookie is enabled within current browser\n * @return true if cookie is enabled within current browser\n */\nexport function areCookiesEnabled(): boolean {\n if (typeof navigator === 'undefined' || !navigator.cookieEnabled) {\n return false;\n }\n return true;\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n/**\n * @fileoverview Standardized Firebase Error.\n *\n * Usage:\n *\n * // TypeScript string literals for type-safe codes\n * type Err =\n * 'unknown' |\n * 'object-not-found'\n * ;\n *\n * // Closure enum for type-safe error codes\n * // at-enum {string}\n * var Err = {\n * UNKNOWN: 'unknown',\n * OBJECT_NOT_FOUND: 'object-not-found',\n * }\n *\n * let errors: Map<Err, string> = {\n * 'generic-error': \"Unknown error\",\n * 'file-not-found': \"Could not find file: {$file}\",\n * };\n *\n * // Type-safe function - must pass a valid error code as param.\n * let error = new ErrorFactory<Err>('service', 'Service', errors);\n *\n * ...\n * throw error.create(Err.GENERIC);\n * ...\n * throw error.create(Err.FILE_NOT_FOUND, {'file': fileName});\n * ...\n * // Service: Could not file file: foo.txt (service/file-not-found).\n *\n * catch (e) {\n * assert(e.message === \"Could not find file: foo.txt.\");\n * if ((e as FirebaseError)?.code === 'service/file-not-found') {\n * console.log(\"Could not read file: \" + e['file']);\n * }\n * }\n */\n\nexport type ErrorMap<ErrorCode extends string> = {\n readonly [K in ErrorCode]: string;\n};\n\nconst ERROR_NAME = 'FirebaseError';\n\nexport interface StringLike {\n toString(): string;\n}\n\nexport interface ErrorData {\n [key: string]: unknown;\n}\n\n// Based on code from:\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error#Custom_Error_Types\nexport class FirebaseError extends Error {\n /** The custom name for all FirebaseErrors. */\n readonly name: string = ERROR_NAME;\n\n constructor(\n /** The error code for this error. */\n readonly code: string,\n message: string,\n /** Custom data for this error. */\n public customData?: Record<string, unknown>\n ) {\n super(message);\n\n // Fix For ES5\n // https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n // TODO(dlarocque): Replace this with `new.target`: https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-2.html#support-for-newtarget\n // which we can now use since we no longer target ES5.\n Object.setPrototypeOf(this, FirebaseError.prototype);\n\n // Maintains proper stack trace for where our error was thrown.\n // Only available on V8.\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, ErrorFactory.prototype.create);\n }\n }\n}\n\nexport class ErrorFactory<\n ErrorCode extends string,\n ErrorParams extends { readonly [K in ErrorCode]?: ErrorData } = {}\n> {\n constructor(\n private readonly service: string,\n private readonly serviceName: string,\n private readonly errors: ErrorMap<ErrorCode>\n ) {}\n\n create<K extends ErrorCode>(\n code: K,\n ...data: K extends keyof ErrorParams ? [ErrorParams[K]] : []\n ): FirebaseError {\n const customData = (data[0] as ErrorData) || {};\n const fullCode = `${this.service}/${code}`;\n const template = this.errors[code];\n\n const message = template ? replaceTemplate(template, customData) : 'Error';\n // Service Name: Error message (service/code).\n const fullMessage = `${this.serviceName}: ${message} (${fullCode}).`;\n\n const error = new FirebaseError(fullCode, fullMessage, customData);\n\n return error;\n }\n}\n\nfunction replaceTemplate(template: string, data: ErrorData): string {\n return template.replace(PATTERN, (_, key) => {\n const value = data[key];\n return value != null ? String(value) : `<${key}?>`;\n });\n}\n\nconst PATTERN = /\\{\\$([^}]+)}/g;\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function contains<T extends object>(obj: T, key: string): boolean {\n return Object.prototype.hasOwnProperty.call(obj, key);\n}\n\nexport function safeGet<T extends object, K extends keyof T>(\n obj: T,\n key: K\n): T[K] | undefined {\n if (Object.prototype.hasOwnProperty.call(obj, key)) {\n return obj[key];\n } else {\n return undefined;\n }\n}\n\nexport function isEmpty(obj: object): obj is {} {\n for (const key in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, key)) {\n return false;\n }\n }\n return true;\n}\n\nexport function map<K extends string, V, U>(\n obj: { [key in K]: V },\n fn: (value: V, key: K, obj: { [key in K]: V }) => U,\n contextObj?: unknown\n): { [key in K]: U } {\n const res: Partial<{ [key in K]: U }> = {};\n for (const key in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, key)) {\n res[key] = fn.call(contextObj, obj[key], key, obj);\n }\n }\n return res as { [key in K]: U };\n}\n\n/**\n * Deep equal two objects. Support Arrays and Objects.\n */\nexport function deepEqual(a: object, b: object): boolean {\n if (a === b) {\n return true;\n }\n\n const aKeys = Object.keys(a);\n const bKeys = Object.keys(b);\n for (const k of aKeys) {\n if (!bKeys.includes(k)) {\n return false;\n }\n\n const aProp = (a as Record<string, unknown>)[k];\n const bProp = (b as Record<string, unknown>)[k];\n if (isObject(aProp) && isObject(bProp)) {\n if (!deepEqual(aProp, bProp)) {\n return false;\n }\n } else if (aProp !== bProp) {\n return false;\n }\n }\n\n for (const k of bKeys) {\n if (!aKeys.includes(k)) {\n return false;\n }\n }\n return true;\n}\n\nfunction isObject(thing: unknown): thing is object {\n return thing !== null && typeof thing === 'object';\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Returns a querystring-formatted string (e.g. &arg=val&arg2=val2) from a\n * params object (e.g. {arg: 'val', arg2: 'val2'})\n * Note: You must prepend it with ? when adding it to a URL.\n */\nexport function querystring(querystringParams: {\n [key: string]: string | number;\n}): string {\n const params = [];\n for (const [key, value] of Object.entries(querystringParams)) {\n if (Array.isArray(value)) {\n value.forEach(arrayVal => {\n params.push(\n encodeURIComponent(key) + '=' + encodeURIComponent(arrayVal)\n );\n });\n } else {\n params.push(encodeURIComponent(key) + '=' + encodeURIComponent(value));\n }\n }\n return params.length ? '&' + params.join('&') : '';\n}\n\n/**\n * Decodes a querystring (e.g. ?arg=val&arg2=val2) into a params object\n * (e.g. {arg: 'val', arg2: 'val2'})\n */\nexport function querystringDecode(querystring: string): Record<string, string> {\n const obj: Record<string, string> = {};\n const tokens = querystring.replace(/^\\?/, '').split('&');\n\n tokens.forEach(token => {\n if (token) {\n const [key, value] = token.split('=');\n obj[decodeURIComponent(key)] = decodeURIComponent(value);\n }\n });\n return obj;\n}\n\n/**\n * Extract the query string part of a URL, including the leading question mark (if present).\n */\nexport function extractQuerystring(url: string): string {\n const queryStart = url.indexOf('?');\n if (!queryStart) {\n return '';\n }\n const fragmentStart = url.indexOf('#', queryStart);\n return url.substring(\n queryStart,\n fragmentStart > 0 ? fragmentStart : undefined\n );\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nexport type NextFn<T> = (value: T) => void;\nexport type ErrorFn = (error: Error) => void;\nexport type CompleteFn = () => void;\n\nexport interface Observer<T> {\n // Called once for each value in a stream of values.\n next: NextFn<T>;\n\n // A stream terminates by a single call to EITHER error() or complete().\n error: ErrorFn;\n\n // No events will be sent to next() once complete() is called.\n complete: CompleteFn;\n}\n\nexport type PartialObserver<T> = Partial<Observer<T>>;\n\n// TODO: Support also Unsubscribe.unsubscribe?\nexport type Unsubscribe = () => void;\n\n/**\n * The Subscribe interface has two forms - passing the inline function\n * callbacks, or a object interface with callback properties.\n */\nexport interface Subscribe<T> {\n (next?: NextFn<T>, error?: ErrorFn, complete?: CompleteFn): Unsubscribe;\n (observer: PartialObserver<T>): Unsubscribe;\n}\n\nexport interface Observable<T> {\n // Subscribe method\n subscribe: Subscribe<T>;\n}\n\nexport type Executor<T> = (observer: Observer<T>) => void;\n\n/**\n * Helper to make a Subscribe function (just like Promise helps make a\n * Thenable).\n *\n * @param executor Function which can make calls to a single Observer\n * as a proxy.\n * @param onNoObservers Callback when count of Observers goes to zero.\n */\nexport function createSubscribe<T>(\n executor: Executor<T>,\n onNoObservers?: Executor<T>\n): Subscribe<T> {\n const proxy = new ObserverProxy<T>(executor, onNoObservers);\n return proxy.subscribe.bind(proxy);\n}\n\n/**\n * Implement fan-out for any number of Observers attached via a subscribe\n * function.\n */\nclass ObserverProxy<T> implements Observer<T> {\n private observers: Array<Observer<T>> | undefined = [];\n private unsubscribes: Unsubscribe[] = [];\n private onNoObservers: Executor<T> | undefined;\n private observerCount = 0;\n // Micro-task scheduling by calling task.then().\n private task = Promise.resolve();\n private finalized = false;\n private finalError?: Error;\n\n /**\n * @param executor Function which can make calls to a single Observer\n * as a proxy.\n * @param onNoObservers Callback when count of Observers goes to zero.\n */\n constructor(executor: Executor<T>, onNoObservers?: Executor<T>) {\n this.onNoObservers = onNoObservers;\n // Call the executor asynchronously so subscribers that are called\n // synchronously after the creation of the subscribe function\n // can still receive the very first value generated in the executor.\n this.task\n .then(() => {\n executor(this);\n })\n .catch(e => {\n this.error(e);\n });\n }\n\n next(value: T): void {\n this.forEachObserver((observer: Observer<T>) => {\n observer.next(value);\n });\n }\n\n error(error: Error): void {\n this.forEachObserver((observer: Observer<T>) => {\n observer.error(error);\n });\n this.close(error);\n }\n\n complete(): void {\n this.forEachObserver((observer: Observer<T>) => {\n observer.complete();\n });\n this.close();\n }\n\n /**\n * Subscribe function that can be used to add an Observer to the fan-out list.\n *\n * - We require that no event is sent to a subscriber synchronously to their\n * call to subscribe().\n */\n subscribe(\n nextOrObserver?: NextFn<T> | PartialObserver<T>,\n error?: ErrorFn,\n complete?: CompleteFn\n ): Unsubscribe {\n let observer: Observer<T>;\n\n if (\n nextOrObserver === undefined &&\n error === undefined &&\n complete === undefined\n ) {\n throw new Error('Missing Observer.');\n }\n\n // Assemble an Observer object when passed as callback functions.\n if (\n implementsAnyMethods(nextOrObserver as { [key: string]: unknown }, [\n 'next',\n 'error',\n 'complete'\n ])\n ) {\n observer = nextOrObserver as Observer<T>;\n } else {\n observer = {\n next: nextOrObserver as NextFn<T>,\n error,\n complete\n } as Observer<T>;\n }\n\n if (observer.next === undefined) {\n observer.next = noop as NextFn<T>;\n }\n if (observer.error === undefined) {\n observer.error = noop as ErrorFn;\n }\n if (observer.complete === undefined) {\n observer.complete = noop as CompleteFn;\n }\n\n const unsub = this.unsubscribeOne.bind(this, this.observers!.length);\n\n // Attempt to subscribe to a terminated Observable - we\n // just respond to the Observer with the final error or complete\n // event.\n if (this.finalized) {\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n this.task.then(() => {\n try {\n if (this.finalError) {\n observer.error(this.finalError);\n } else {\n observer.complete();\n }\n } catch (e) {\n // nothing\n }\n return;\n });\n }\n\n this.observers!.push(observer as Observer<T>);\n\n return unsub;\n }\n\n // Unsubscribe is synchronous - we guarantee that no events are sent to\n // any unsubscribed Observer.\n private unsubscribeOne(i: number): void {\n if (this.observers === undefined || this.observers[i] === undefined) {\n return;\n }\n\n delete this.observers[i];\n\n this.observerCount -= 1;\n if (this.observerCount === 0 && this.onNoObservers !== undefined) {\n this.onNoObservers(this);\n }\n }\n\n private forEachObserver(fn: (observer: Observer<T>) => void): void {\n if (this.finalized) {\n // Already closed by previous event....just eat the additional values.\n return;\n }\n\n // Since sendOne calls asynchronously - there is no chance that\n // this.observers will become undefined.\n for (let i = 0; i < this.observers!.length; i++) {\n this.sendOne(i, fn);\n }\n }\n\n // Call the Observer via one of it's callback function. We are careful to\n // confirm that the observe has not been unsubscribed since this asynchronous\n // function had been queued.\n private sendOne(i: number, fn: (observer: Observer<T>) => void): void {\n // Execute the callback asynchronously\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n this.task.then(() => {\n if (this.observers !== undefined && this.observers[i] !== undefined) {\n try {\n fn(this.observers[i]);\n } catch (e) {\n // Ignore exceptions raised in Observers or missing methods of an\n // Observer.\n // Log error to console. b/31404806\n if (typeof console !== 'undefined' && console.error) {\n console.error(e);\n }\n }\n }\n });\n }\n\n private close(err?: Error): void {\n if (this.finalized) {\n return;\n }\n this.finalized = true;\n if (err !== undefined) {\n this.finalError = err;\n }\n // Proxy is no longer needed - garbage collect references\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n this.task.then(() => {\n this.observers = undefined;\n this.onNoObservers = undefined;\n });\n }\n}\n\n/** Turn synchronous function into one called asynchronously. */\n// eslint-disable-next-line @typescript-eslint/ban-types\nexport function async(fn: Function, onError?: ErrorFn): Function {\n return (...args: unknown[]) => {\n Promise.resolve(true)\n .then(() => {\n fn(...args);\n })\n .catch((error: Error) => {\n if (onError) {\n onError(error);\n }\n });\n };\n}\n\n/**\n * Return true if the object passed in implements any of the named methods.\n */\nfunction implementsAnyMethods(\n obj: { [key: string]: unknown },\n methods: string[]\n): boolean {\n if (typeof obj !== 'object' || obj === null) {\n return false;\n }\n\n for (const method of methods) {\n if (method in obj && typeof obj[method] === 'function') {\n return true;\n }\n }\n\n return false;\n}\n\nfunction noop(): void {\n // do nothing\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport interface Compat<T> {\n _delegate: T;\n}\n\nexport function getModularInstance<ExpService>(\n service: Compat<ExpService> | ExpService\n): ExpService {\n if (service && (service as Compat<ExpService>)._delegate) {\n return (service as Compat<ExpService>)._delegate;\n } else {\n return service as ExpService;\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n InstantiationMode,\n InstanceFactory,\n ComponentType,\n Dictionary,\n Name,\n onInstanceCreatedCallback\n} from './types';\n\n/**\n * Component for service name T, e.g. `auth`, `auth-internal`\n */\nexport class Component<T extends Name = Name> {\n multipleInstances = false;\n /**\n * Properties to be added to the service namespace\n */\n serviceProps: Dictionary = {};\n\n instantiationMode = InstantiationMode.LAZY;\n\n onInstanceCreated: onInstanceCreatedCallback<T> | null = null;\n\n /**\n *\n * @param name The public service name, e.g. app, auth, firestore, database\n * @param instanceFactory Service factory responsible for creating the public interface\n * @param type whether the service provided by the component is public or private\n */\n constructor(\n readonly name: T,\n readonly instanceFactory: InstanceFactory<T>,\n readonly type: ComponentType\n ) {}\n\n setInstantiationMode(mode: InstantiationMode): this {\n this.instantiationMode = mode;\n return this;\n }\n\n setMultipleInstances(multipleInstances: boolean): this {\n this.multipleInstances = multipleInstances;\n return this;\n }\n\n setServiceProps(props: Dictionary): this {\n this.serviceProps = props;\n return this;\n }\n\n setInstanceCreatedCallback(callback: onInstanceCreatedCallback<T>): this {\n this.onInstanceCreated = callback;\n return this;\n }\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport type LogLevelString =\n | 'debug'\n | 'verbose'\n | 'info'\n | 'warn'\n | 'error'\n | 'silent';\n\nexport interface LogOptions {\n level: LogLevelString;\n}\n\nexport type LogCallback = (callbackParams: LogCallbackParams) => void;\n\nexport interface LogCallbackParams {\n level: LogLevelString;\n message: string;\n args: unknown[];\n type: string;\n}\n\n/**\n * A container for all of the Logger instances\n */\nexport const instances: Logger[] = [];\n\n/**\n * The JS SDK supports 5 log levels and also allows a user the ability to\n * silence the logs altogether.\n *\n * The order is a follows:\n * DEBUG < VERBOSE < INFO < WARN < ERROR\n *\n * All of the log types above the current log level will be captured (i.e. if\n * you set the log level to `INFO`, errors will still be logged, but `DEBUG` and\n * `VERBOSE` logs will not)\n */\nexport enum LogLevel {\n DEBUG,\n VERBOSE,\n INFO,\n WARN,\n ERROR,\n SILENT\n}\n\nconst levelStringToEnum: { [key in LogLevelString]: LogLevel } = {\n 'debug': LogLevel.DEBUG,\n 'verbose': LogLevel.VERBOSE,\n 'info': LogLevel.INFO,\n 'warn': LogLevel.WARN,\n 'error': LogLevel.ERROR,\n 'silent': LogLevel.SILENT\n};\n\n/**\n * The default log level\n */\nconst defaultLogLevel: LogLevel = LogLevel.INFO;\n\n/**\n * We allow users the ability to pass their own log handler. We will pass the\n * type of log, the current log level, and any other arguments passed (i.e. the\n * messages that the user wants to log) to this function.\n */\nexport type LogHandler = (\n loggerInstance: Logger,\n logType: LogLevel,\n ...args: unknown[]\n) => void;\n\n/**\n * By default, `console.debug` is not displayed in the developer console (in\n * chrome). To avoid forcing users to have to opt-in to these logs twice\n * (i.e. once for firebase, and once in the console), we are sending `DEBUG`\n * logs to the `console.log` function.\n */\nconst ConsoleMethod = {\n [LogLevel.DEBUG]: 'log',\n [LogLevel.VERBOSE]: 'log',\n [LogLevel.INFO]: 'info',\n [LogLevel.WARN]: 'warn',\n [LogLevel.ERROR]: 'error'\n};\n\n/**\n * The default log handler will forward DEBUG, VERBOSE, INFO, WARN, and ERROR\n * messages on to their corresponding console counterparts (if the log method\n * is supported by the current log level)\n */\nconst defaultLogHandler: LogHandler = (instance, logType, ...args): void => {\n if (logType < instance.logLevel) {\n return;\n }\n const now = new Date().toISOString();\n const method = ConsoleMethod[logType as keyof typeof ConsoleMethod];\n if (method) {\n console[method as 'log' | 'info' | 'warn' | 'error'](\n `[${now}] ${instance.name}:`,\n ...args\n );\n } else {\n throw new Error(\n `Attempted to log a message with an invalid logType (value: ${logType})`\n );\n }\n};\n\nexport class Logger {\n /**\n * Gives you an instance of a Logger to capture messages according to\n * Firebase's logging scheme.\n *\n * @param name The name that the logs will be associated with\n */\n constructor(public name: string) {\n /**\n * Capture the current instance for later use\n */\n instances.push(this);\n }\n\n /**\n * The log level of the given Logger instance.\n */\n private _logLevel = defaultLogLevel;\n\n get logLevel(): LogLevel {\n return this._logLevel;\n }\n\n set logLevel(val: LogLevel) {\n if (!(val in LogLevel)) {\n throw new TypeError(`Invalid value \"${val}\" assigned to \\`logLevel\\``);\n }\n this._logLevel = val;\n }\n\n // Workaround for setter/getter having to be the same type.\n setLogLevel(val: LogLevel | LogLevelString): void {\n this._logLevel = typeof val === 'string' ? levelStringToEnum[val] : val;\n }\n\n /**\n * The main (internal) log handler for the Logger instance.\n * Can be set to a new function in internal package code but not by user.\n */\n private _logHandler: LogHandler = defaultLogHandler;\n get logHandler(): LogHandler {\n return this._logHandler;\n }\n set logHandler(val: LogHandler) {\n if (typeof val !== 'function') {\n throw new TypeError('Value assigned to `logHandler` must be a function');\n }\n this._logHandler = val;\n }\n\n /**\n * The optional, additional, user-defined log handler for the Logger instance.\n */\n private _userLogHandler: LogHandler | null = null;\n get userLogHandler(): LogHandler | null {\n return this._userLogHandler;\n }\n set userLogHandler(val: LogHandler | null) {\n this._userLogHandler = val;\n }\n\n /**\n * The functions below are all based on the `console` interface\n */\n\n debug(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.DEBUG, ...args);\n this._logHandler(this, LogLevel.DEBUG, ...args);\n }\n log(...args: unknown[]): void {\n this._userLogHandler &&\n this._userLogHandler(this, LogLevel.VERBOSE, ...args);\n this._logHandler(this, LogLevel.VERBOSE, ...args);\n }\n info(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.INFO, ...args);\n this._logHandler(this, LogLevel.INFO, ...args);\n }\n warn(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.WARN, ...args);\n this._logHandler(this, LogLevel.WARN, ...args);\n }\n error(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.ERROR, ...args);\n this._logHandler(this, LogLevel.ERROR, ...args);\n }\n}\n\nexport function setLogLevel(level: LogLevelString | LogLevel): void {\n instances.forEach(inst => {\n inst.setLogLevel(level);\n });\n}\n\nexport function setUserLogHandler(\n logCallback: LogCallback | null,\n options?: LogOptions\n): void {\n for (const instance of instances) {\n let customLogLevel: LogLevel | null = null;\n if (options && options.level) {\n customLogLevel = levelStringToEnum[options.level];\n }\n if (logCallback === null) {\n instance.userLogHandler = null;\n } else {\n instance.userLogHandler = (\n instance: Logger,\n level: LogLevel,\n ...args: unknown[]\n ) => {\n const message = args\n .map(arg => {\n if (arg == null) {\n return null;\n } else if (typeof arg === 'string') {\n return arg;\n } else if (typeof arg === 'number' || typeof arg === 'boolean') {\n return arg.toString();\n } else if (arg instanceof Error) {\n return arg.message;\n } else {\n try {\n return JSON.stringify(arg);\n } catch (ignored) {\n return null;\n }\n }\n })\n .filter(arg => arg)\n .join(' ');\n if (level >= (customLogLevel ?? instance.logLevel)) {\n logCallback({\n level: LogLevel[level].toLowerCase() as LogLevelString,\n message,\n args,\n type: instance.name\n });\n }\n };\n }\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Persistence } from '../../model/public_types';\n\nexport const enum PersistenceType {\n SESSION = 'SESSION',\n LOCAL = 'LOCAL',\n NONE = 'NONE'\n}\n\nexport type PersistedBlob = Record<string, unknown>;\n\nexport interface Instantiator<T> {\n (blob: PersistedBlob): T;\n}\n\nexport type PersistenceValue = PersistedBlob | string;\n\nexport const STORAGE_AVAILABLE_KEY = '__sak';\n\nexport interface StorageEventListener {\n (value: PersistenceValue | null): void;\n}\n\nexport interface PersistenceInternal extends Persistence {\n type: PersistenceType;\n _isAvailable(): Promise<boolean>;\n _set(key: string, value: PersistenceValue): Promise<void>;\n _get<T extends PersistenceValue>(key: string): Promise<T | null>;\n _remove(key: string): Promise<void>;\n _addListener(key: string, listener: StorageEventListener): void;\n _removeListener(key: string, listener: StorageEventListener): void;\n // Should this persistence allow migration up the chosen hierarchy?\n _shouldAllowMigration?: boolean;\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ReceiverHandler,\n _EventType,\n _ReceiverResponse,\n SenderMessageEvent,\n _Status,\n _SenderRequest\n} from './index';\nimport { _allSettled } from './promise';\n\n/**\n * Interface class for receiving messages.\n *\n */\nexport class Receiver {\n private static readonly receivers: Receiver[] = [];\n private readonly boundEventHandler: EventListener;\n\n private readonly handlersMap: {\n // TypeScript doesn't have existential types :(\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n [eventType: string]: Set<ReceiverHandler<any, any>>;\n } = {};\n\n constructor(private readonly eventTarget: EventTarget) {\n this.boundEventHandler = this.handleEvent.bind(this);\n }\n\n /**\n * Obtain an instance of a Receiver for a given event target, if none exists it will be created.\n *\n * @param eventTarget - An event target (such as window or self) through which the underlying\n * messages will be received.\n */\n static _getInstance(eventTarget: EventTarget): Receiver {\n // The results are stored in an array since objects can't be keys for other\n // objects. In addition, setting a unique property on an event target as a\n // hash map key may not be allowed due to CORS restrictions.\n const existingInstance = this.receivers.find(receiver =>\n receiver.isListeningto(eventTarget)\n );\n if (existingInstance) {\n return existingInstance;\n }\n const newInstance = new Receiver(eventTarget);\n this.receivers.push(newInstance);\n return newInstance;\n }\n\n private isListeningto(eventTarget: EventTarget): boolean {\n return this.eventTarget === eventTarget;\n }\n\n /**\n * Fans out a MessageEvent to the appropriate listeners.\n *\n * @remarks\n * Sends an {@link Status.ACK} upon receipt and a {@link Status.DONE} once all handlers have\n * finished processing.\n *\n * @param event - The MessageEvent.\n *\n */\n private async handleEvent<\n T extends _ReceiverResponse,\n S extends _SenderRequest\n >(event: Event): Promise<void> {\n const messageEvent = event as MessageEvent<SenderMessageEvent<S>>;\n const { eventId, eventType, data } = messageEvent.data;\n\n const handlers: Set<ReceiverHandler<T, S>> | undefined =\n this.handlersMap[eventType];\n if (!handlers?.size) {\n return;\n }\n\n messageEvent.ports[0].postMessage({\n status: _Status.ACK,\n eventId,\n eventType\n });\n\n const promises = Array.from(handlers).map(async handler =>\n handler(messageEvent.origin, data)\n );\n const response = await _allSettled(promises);\n messageEvent.ports[0].postMessage({\n status: _Status.DONE,\n eventId,\n eventType,\n response\n });\n }\n\n /**\n * Subscribe an event handler for a particular event.\n *\n * @param eventType - Event name to subscribe to.\n * @param eventHandler - The event handler which should receive the events.\n *\n */\n _subscribe<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n eventHandler: ReceiverHandler<T, S>\n ): void {\n if (Object.keys(this.handlersMap).length === 0) {\n this.eventTarget.addEventListener('message', this.boundEventHandler);\n }\n\n if (!this.handlersMap[eventType]) {\n this.handlersMap[eventType] = new Set();\n }\n\n this.handlersMap[eventType].add(eventHandler);\n }\n\n /**\n * Unsubscribe an event handler from a particular event.\n *\n * @param eventType - Event name to unsubscribe from.\n * @param eventHandler - Optional event handler, if none provided, unsubscribe all handlers on this event.\n *\n */\n _unsubscribe<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n eventHandler?: ReceiverHandler<T, S>\n ): void {\n if (this.handlersMap[eventType] && eventHandler) {\n this.handlersMap[eventType].delete(eventHandler);\n }\n if (!eventHandler || this.handlersMap[eventType].size === 0) {\n delete this.handlersMap[eventType];\n }\n\n if (Object.keys(this.handlersMap).length === 0) {\n this.eventTarget.removeEventListener('message', this.boundEventHandler);\n }\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/** TODO: remove this once tslib has a polyfill for Promise.allSettled */\ninterface PromiseFulfilledResult<T> {\n fulfilled: true;\n value: T;\n}\n\ninterface PromiseRejectedResult {\n fulfilled: false;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n reason: any;\n}\n\nexport type PromiseSettledResult<T> =\n | PromiseFulfilledResult<T>\n | PromiseRejectedResult;\n\n/**\n * Shim for Promise.allSettled, note the slightly different format of `fulfilled` vs `status`.\n *\n * @param promises - Array of promises to wait on.\n */\nexport function _allSettled<T>(\n promises: Array<Promise<T>>\n): Promise<Array<PromiseSettledResult<T>>> {\n return Promise.all(\n promises.map(async promise => {\n try {\n const value = await promise;\n return {\n fulfilled: true,\n value\n } as PromiseFulfilledResult<T>;\n } catch (reason) {\n return {\n fulfilled: false,\n reason\n } as PromiseRejectedResult;\n }\n })\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function _generateEventId(prefix = '', digits = 10): string {\n let random = '';\n for (let i = 0; i < digits; i++) {\n random += Math.floor(Math.random() * 10);\n }\n return prefix + random;\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _generateEventId } from '../../core/util/event_id';\nimport {\n _SenderRequest,\n _EventType,\n ReceiverMessageEvent,\n _MessageError,\n SenderMessageEvent,\n _Status,\n _ReceiverMessageResponse,\n _ReceiverResponse,\n _TimeoutDuration\n} from './index';\n\ninterface MessageHandler {\n messageChannel: MessageChannel;\n onMessage: EventListenerOrEventListenerObject;\n}\n\n/**\n * Interface for sending messages and waiting for a completion response.\n *\n */\nexport class Sender {\n private readonly handlers = new Set<MessageHandler>();\n\n constructor(private readonly target: ServiceWorker) {}\n\n /**\n * Unsubscribe the handler and remove it from our tracking Set.\n *\n * @param handler - The handler to unsubscribe.\n */\n private removeMessageHandler(handler: MessageHandler): void {\n if (handler.messageChannel) {\n handler.messageChannel.port1.removeEventListener(\n 'message',\n handler.onMessage\n );\n handler.messageChannel.port1.close();\n }\n this.handlers.delete(handler);\n }\n\n /**\n * Send a message to the Receiver located at {@link target}.\n *\n * @remarks\n * We'll first wait a bit for an ACK , if we get one we will wait significantly longer until the\n * receiver has had a chance to fully process the event.\n *\n * @param eventType - Type of event to send.\n * @param data - The payload of the event.\n * @param timeout - Timeout for waiting on an ACK from the receiver.\n *\n * @returns An array of settled promises from all the handlers that were listening on the receiver.\n */\n async _send<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n data: S,\n timeout = _TimeoutDuration.ACK\n ): Promise<_ReceiverMessageResponse<T>> {\n const messageChannel =\n typeof MessageChannel !== 'undefined' ? new MessageChannel() : null;\n if (!messageChannel) {\n throw new Error(_MessageError.CONNECTION_UNAVAILABLE);\n }\n // Node timers and browser timers return fundamentally different types.\n // We don't actually care what the value is but TS won't accept unknown and\n // we can't cast properly in both environments.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n let completionTimer: any;\n let handler: MessageHandler;\n return new Promise<_ReceiverMessageResponse<T>>((resolve, reject) => {\n const eventId = _generateEventId('', 20);\n messageChannel.port1.start();\n const ackTimer = setTimeout(() => {\n reject(new Error(_MessageError.UNSUPPORTED_EVENT));\n }, timeout);\n handler = {\n messageChannel,\n onMessage(event: Event): void {\n const messageEvent = event as MessageEvent<ReceiverMessageEvent<T>>;\n if (messageEvent.data.eventId !== eventId) {\n return;\n }\n switch (messageEvent.data.status) {\n case _Status.ACK:\n // The receiver should ACK first.\n clearTimeout(ackTimer);\n completionTimer = setTimeout(() => {\n reject(new Error(_MessageError.TIMEOUT));\n }, _TimeoutDuration.COMPLETION);\n break;\n case _Status.DONE:\n // Once the receiver's handlers are finished we will get the results.\n clearTimeout(completionTimer);\n resolve(messageEvent.data.response);\n break;\n default:\n clearTimeout(ackTimer);\n clearTimeout(completionTimer);\n reject(new Error(_MessageError.INVALID_RESPONSE));\n break;\n }\n }\n };\n this.handlers.add(handler);\n messageChannel.port1.addEventListener('message', handler.onMessage);\n this.target.postMessage(\n {\n eventType,\n eventId,\n data\n } as SenderMessageEvent<S>,\n [messageChannel.port2]\n );\n }).finally(() => {\n if (handler) {\n this.removeMessageHandler(handler);\n }\n });\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Recaptcha, GreCAPTCHATopLevel } from './recaptcha/recaptcha';\n\n/**\n * A specialized window type that melds the normal window type plus the\n * various bits we need. The three different blocks that are &'d together\n * cant be defined in the same block together.\n */\nexport type AuthWindow = {\n // Standard window types\n [T in keyof Window]: Window[T];\n} & {\n // Any known / named properties we want to add\n grecaptcha?: Recaptcha | GreCAPTCHATopLevel;\n /* eslint-disable-next-line @typescript-eslint/no-explicit-any */\n ___jsl?: Record<string, any>;\n gapi?: typeof gapi;\n} & {\n // A final catch-all for callbacks (which will have random names) that\n // we will stick on the window.\n [callback: string]: (...args: unknown[]) => void;\n};\n\n/**\n * Lazy accessor for window, since the compat layer won't tree shake this out,\n * we need to make sure not to mess with window unless we have to\n */\nexport function _window(): AuthWindow {\n return window as unknown as AuthWindow;\n}\n\nexport function _setWindowLocation(url: string): void {\n _window().location.href = url;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _window } from '../auth_window';\n\nexport function _isWorker(): boolean {\n return (\n typeof _window()['WorkerGlobalScope'] !== 'undefined' &&\n typeof _window()['importScripts'] === 'function'\n );\n}\n\nexport async function _getActiveServiceWorker(): Promise<ServiceWorker | null> {\n if (!navigator?.serviceWorker) {\n return null;\n }\n try {\n const registration = await navigator.serviceWorker.ready;\n return registration.active;\n } catch {\n return null;\n }\n}\n\nexport function _getServiceWorkerController(): ServiceWorker | null {\n return navigator?.serviceWorker?.controller || null;\n}\n\nexport function _getWorkerGlobalScope(): ServiceWorker | null {\n return _isWorker() ? (self as unknown as ServiceWorker) : null;\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\nimport {\n PersistedBlob,\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n PersistenceValue,\n StorageEventListener,\n STORAGE_AVAILABLE_KEY\n} from '../../core/persistence/';\nimport {\n _EventType,\n _PingResponse,\n KeyChangedResponse,\n KeyChangedRequest,\n PingRequest,\n _TimeoutDuration\n} from '../messagechannel/index';\nimport { Receiver } from '../messagechannel/receiver';\nimport { Sender } from '../messagechannel/sender';\nimport {\n _isWorker,\n _getActiveServiceWorker,\n _getServiceWorkerController,\n _getWorkerGlobalScope\n} from '../util/worker';\n\nexport const DB_NAME = 'firebaseLocalStorageDb';\nconst DB_VERSION = 1;\nconst DB_OBJECTSTORE_NAME = 'firebaseLocalStorage';\nconst DB_DATA_KEYPATH = 'fbase_key';\n\ninterface DBObject {\n [DB_DATA_KEYPATH]: string;\n value: PersistedBlob;\n}\n\n/**\n * Promise wrapper for IDBRequest\n *\n * Unfortunately we can't cleanly extend Promise<T> since promises are not callable in ES6\n *\n */\nclass DBPromise<T> {\n constructor(private readonly request: IDBRequest) {}\n\n toPromise(): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n this.request.addEventListener('success', () => {\n resolve(this.request.result);\n });\n this.request.addEventListener('error', () => {\n reject(this.request.error);\n });\n });\n }\n}\n\nfunction getObjectStore(db: IDBDatabase, isReadWrite: boolean): IDBObjectStore {\n return db\n .transaction([DB_OBJECTSTORE_NAME], isReadWrite ? 'readwrite' : 'readonly')\n .objectStore(DB_OBJECTSTORE_NAME);\n}\n\nexport async function _clearDatabase(db: IDBDatabase): Promise<void> {\n const objectStore = getObjectStore(db, true);\n return new DBPromise<void>(objectStore.clear()).toPromise();\n}\n\nexport function _deleteDatabase(): Promise<void> {\n const request = indexedDB.deleteDatabase(DB_NAME);\n return new DBPromise<void>(request).toPromise();\n}\n\nexport function _openDatabase(): Promise<IDBDatabase> {\n const request = indexedDB.open(DB_NAME, DB_VERSION);\n return new Promise((resolve, reject) => {\n request.addEventListener('error', () => {\n reject(request.error);\n });\n\n request.addEventListener('upgradeneeded', () => {\n const db = request.result;\n\n try {\n db.createObjectStore(DB_OBJECTSTORE_NAME, { keyPath: DB_DATA_KEYPATH });\n } catch (e) {\n reject(e);\n }\n });\n\n request.addEventListener('success', async () => {\n const db: IDBDatabase = request.result;\n // Strange bug that occurs in Firefox when multiple tabs are opened at the\n // same time. The only way to recover seems to be deleting the database\n // and re-initializing it.\n // https://github.com/firebase/firebase-js-sdk/issues/634\n\n if (!db.objectStoreNames.contains(DB_OBJECTSTORE_NAME)) {\n // Need to close the database or else you get a `blocked` event\n db.close();\n await _deleteDatabase();\n resolve(await _openDatabase());\n } else {\n resolve(db);\n }\n });\n });\n}\n\nexport async function _putObject(\n db: IDBDatabase,\n key: string,\n value: PersistenceValue | string\n): Promise<void> {\n const request = getObjectStore(db, true).put({\n [DB_DATA_KEYPATH]: key,\n value\n });\n return new DBPromise<void>(request).toPromise();\n}\n\nasync function getObject(\n db: IDBDatabase,\n key: string\n): Promise<PersistedBlob | null> {\n const request = getObjectStore(db, false).get(key);\n const data = await new DBPromise<DBObject | undefined>(request).toPromise();\n return data === undefined ? null : data.value;\n}\n\nexport function _deleteObject(db: IDBDatabase, key: string): Promise<void> {\n const request = getObjectStore(db, true).delete(key);\n return new DBPromise<void>(request).toPromise();\n}\n\nexport const _POLLING_INTERVAL_MS = 800;\nexport const _TRANSACTION_RETRY_COUNT = 3;\n\nclass IndexedDBLocalPersistence implements InternalPersistence {\n static type: 'LOCAL' = 'LOCAL';\n\n type = PersistenceType.LOCAL;\n db?: IDBDatabase;\n readonly _shouldAllowMigration = true;\n\n private readonly listeners: Record<string, Set<StorageEventListener>> = {};\n private readonly localCache: Record<string, PersistenceValue | null> = {};\n // setTimeout return value is platform specific\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private pollTimer: any | null = null;\n private pendingWrites = 0;\n\n private receiver: Receiver | null = null;\n private sender: Sender | null = null;\n private serviceWorkerReceiverAvailable = false;\n private activeServiceWorker: ServiceWorker | null = null;\n // Visible for testing only\n readonly _workerInitializationPromise: Promise<void>;\n\n constructor() {\n // Fire & forget the service worker registration as it may never resolve\n this._workerInitializationPromise =\n this.initializeServiceWorkerMessaging().then(\n () => {},\n () => {}\n );\n }\n\n async _openDb(): Promise<IDBDatabase> {\n if (this.db) {\n return this.db;\n }\n this.db = await _openDatabase();\n return this.db;\n }\n\n async _withRetries<T>(op: (db: IDBDatabase) => Promise<T>): Promise<T> {\n let numAttempts = 0;\n\n while (true) {\n try {\n const db = await this._openDb();\n return await op(db);\n } catch (e) {\n if (numAttempts++ > _TRANSACTION_RETRY_COUNT) {\n throw e;\n }\n if (this.db) {\n this.db.close();\n this.db = undefined;\n }\n // TODO: consider adding exponential backoff\n }\n }\n }\n\n /**\n * IndexedDB events do not propagate from the main window to the worker context. We rely on a\n * postMessage interface to send these events to the worker ourselves.\n */\n private async initializeServiceWorkerMessaging(): Promise<void> {\n return _isWorker() ? this.initializeReceiver() : this.initializeSender();\n }\n\n /**\n * As the worker we should listen to events from the main window.\n */\n private async initializeReceiver(): Promise<void> {\n this.receiver = Receiver._getInstance(_getWorkerGlobalScope()!);\n // Refresh from persistence if we receive a KeyChanged message.\n this.receiver._subscribe(\n _EventType.KEY_CHANGED,\n async (_origin: string, data: KeyChangedRequest) => {\n const keys = await this._poll();\n return {\n keyProcessed: keys.includes(data.key)\n };\n }\n );\n // Let the sender know that we are listening so they give us more timeout.\n this.receiver._subscribe(\n _EventType.PING,\n async (_origin: string, _data: PingRequest) => {\n return [_EventType.KEY_CHANGED];\n }\n );\n }\n\n /**\n * As the main window, we should let the worker know when keys change (set and remove).\n *\n * @remarks\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorkerContainer/ready | ServiceWorkerContainer.ready}\n * may not resolve.\n */\n private async initializeSender(): Promise<void> {\n // Check to see if there's an active service worker.\n this.activeServiceWorker = await _getActiveServiceWorker();\n if (!this.activeServiceWorker) {\n return;\n }\n this.sender = new Sender(this.activeServiceWorker);\n // Ping the service worker to check what events they can handle.\n const results = await this.sender._send<_PingResponse, PingRequest>(\n _EventType.PING,\n {},\n _TimeoutDuration.LONG_ACK\n );\n if (!results) {\n return;\n }\n if (\n results[0]?.fulfilled &&\n results[0]?.value.includes(_EventType.KEY_CHANGED)\n ) {\n this.serviceWorkerReceiverAvailable = true;\n }\n }\n\n /**\n * Let the worker know about a changed key, the exact key doesn't technically matter since the\n * worker will just trigger a full sync anyway.\n *\n * @remarks\n * For now, we only support one service worker per page.\n *\n * @param key - Storage key which changed.\n */\n private async notifyServiceWorker(key: string): Promise<void> {\n if (\n !this.sender ||\n !this.activeServiceWorker ||\n _getServiceWorkerController() !== this.activeServiceWorker\n ) {\n return;\n }\n try {\n await this.sender._send<KeyChangedResponse, KeyChangedRequest>(\n _EventType.KEY_CHANGED,\n { key },\n // Use long timeout if receiver has previously responded to a ping from us.\n this.serviceWorkerReceiverAvailable\n ? _TimeoutDuration.LONG_ACK\n : _TimeoutDuration.ACK\n );\n } catch {\n // This is a best effort approach. Ignore errors.\n }\n }\n\n async _isAvailable(): Promise<boolean> {\n try {\n if (!indexedDB) {\n return false;\n }\n const db = await _openDatabase();\n await _putObject(db, STORAGE_AVAILABLE_KEY, '1');\n await _deleteObject(db, STORAGE_AVAILABLE_KEY);\n return true;\n } catch {}\n return false;\n }\n\n private async _withPendingWrite(write: () => Promise<void>): Promise<void> {\n this.pendingWrites++;\n try {\n await write();\n } finally {\n this.pendingWrites--;\n }\n }\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n return this._withPendingWrite(async () => {\n await this._withRetries((db: IDBDatabase) => _putObject(db, key, value));\n this.localCache[key] = value;\n return this.notifyServiceWorker(key);\n });\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const obj = (await this._withRetries((db: IDBDatabase) =>\n getObject(db, key)\n )) as T;\n this.localCache[key] = obj;\n return obj;\n }\n\n async _remove(key: string): Promise<void> {\n return this._withPendingWrite(async () => {\n await this._withRetries((db: IDBDatabase) => _deleteObject(db, key));\n delete this.localCache[key];\n return this.notifyServiceWorker(key);\n });\n }\n\n private async _poll(): Promise<string[]> {\n // TODO: check if we need to fallback if getAll is not supported\n const result = await this._withRetries((db: IDBDatabase) => {\n const getAllRequest = getObjectStore(db, false).getAll();\n return new DBPromise<DBObject[] | null>(getAllRequest).toPromise();\n });\n\n if (!result) {\n return [];\n }\n\n // If we have pending writes in progress abort, we'll get picked up on the next poll\n if (this.pendingWrites !== 0) {\n return [];\n }\n\n const keys = [];\n const keysInResult = new Set();\n if (result.length !== 0) {\n for (const { fbase_key: key, value } of result) {\n keysInResult.add(key);\n if (JSON.stringify(this.localCache[key]) !== JSON.stringify(value)) {\n this.notifyListeners(key, value as PersistenceValue);\n keys.push(key);\n }\n }\n }\n\n for (const localKey of Object.keys(this.localCache)) {\n if (this.localCache[localKey] && !keysInResult.has(localKey)) {\n // Deleted\n this.notifyListeners(localKey, null);\n keys.push(localKey);\n }\n }\n return keys;\n }\n\n private notifyListeners(\n key: string,\n newValue: PersistenceValue | null\n ): void {\n this.localCache[key] = newValue;\n const listeners = this.listeners[key];\n if (listeners) {\n for (const listener of Array.from(listeners)) {\n listener(newValue);\n }\n }\n }\n\n private startPolling(): void {\n this.stopPolling();\n\n this.pollTimer = setInterval(\n async () => this._poll(),\n _POLLING_INTERVAL_MS\n );\n }\n\n private stopPolling(): void {\n if (this.pollTimer) {\n clearInterval(this.pollTimer);\n this.pollTimer = null;\n }\n }\n\n _addListener(key: string, listener: StorageEventListener): void {\n if (Object.keys(this.listeners).length === 0) {\n this.startPolling();\n }\n if (!this.listeners[key]) {\n this.listeners[key] = new Set();\n // Populate the cache to avoid spuriously triggering on first poll.\n void this._get(key); // This can happen in the background async and we can return immediately.\n }\n this.listeners[key].add(listener);\n }\n\n _removeListener(key: string, listener: StorageEventListener): void {\n if (this.listeners[key]) {\n this.listeners[key].delete(listener);\n\n if (this.listeners[key].size === 0) {\n delete this.listeners[key];\n }\n }\n\n if (Object.keys(this.listeners).length === 0) {\n this.stopPolling();\n }\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`\n * for the underlying storage.\n *\n * @public\n */\nexport const indexedDBLocalPersistence: Persistence = IndexedDBLocalPersistence;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorMap, User } from '../model/public_types';\nimport { ErrorFactory, ErrorMap } from '@firebase/util';\n\nimport { IdTokenMfaResponse } from '../api/authentication/mfa';\nimport { AppName } from '../model/auth';\nimport { AuthCredential } from './credentials';\n\n/**\n * Enumeration of Firebase Auth error codes.\n *\n * @internal\n */\nexport const enum AuthErrorCode {\n ADMIN_ONLY_OPERATION = 'admin-restricted-operation',\n ARGUMENT_ERROR = 'argument-error',\n APP_NOT_AUTHORIZED = 'app-not-authorized',\n APP_NOT_INSTALLED = 'app-not-installed',\n CAPTCHA_CHECK_FAILED = 'captcha-check-failed',\n CODE_EXPIRED = 'code-expired',\n CORDOVA_NOT_READY = 'cordova-not-ready',\n CORS_UNSUPPORTED = 'cors-unsupported',\n CREDENTIAL_ALREADY_IN_USE = 'credential-already-in-use',\n CREDENTIAL_MISMATCH = 'custom-token-mismatch',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN = 'requires-recent-login',\n DEPENDENT_SDK_INIT_BEFORE_AUTH = 'dependent-sdk-initialized-before-auth',\n DYNAMIC_LINK_NOT_ACTIVATED = 'dynamic-link-not-activated',\n EMAIL_CHANGE_NEEDS_VERIFICATION = 'email-change-needs-verification',\n EMAIL_EXISTS = 'email-already-in-use',\n EMULATOR_CONFIG_FAILED = 'emulator-config-failed',\n EXPIRED_OOB_CODE = 'expired-action-code',\n EXPIRED_POPUP_REQUEST = 'cancelled-popup-request',\n INTERNAL_ERROR = 'internal-error',\n INVALID_API_KEY = 'invalid-api-key',\n INVALID_APP_CREDENTIAL = 'invalid-app-credential',\n INVALID_APP_ID = 'invalid-app-id',\n INVALID_AUTH = 'invalid-user-token',\n INVALID_AUTH_EVENT = 'invalid-auth-event',\n INVALID_CERT_HASH = 'invalid-cert-hash',\n INVALID_CODE = 'invalid-verification-code',\n INVALID_CONTINUE_URI = 'invalid-continue-uri',\n INVALID_CORDOVA_CONFIGURATION = 'invalid-cordova-configuration',\n INVALID_CUSTOM_TOKEN = 'invalid-custom-token',\n INVALID_DYNAMIC_LINK_DOMAIN = 'invalid-dynamic-link-domain',\n INVALID_EMAIL = 'invalid-email',\n INVALID_EMULATOR_SCHEME = 'invalid-emulator-scheme',\n INVALID_CREDENTIAL = 'invalid-credential',\n INVALID_MESSAGE_PAYLOAD = 'invalid-message-payload',\n INVALID_MFA_SESSION = 'invalid-multi-factor-session',\n INVALID_OAUTH_CLIENT_ID = 'invalid-oauth-client-id',\n INVALID_OAUTH_PROVIDER = 'invalid-oauth-provider',\n INVALID_OOB_CODE = 'invalid-action-code',\n INVALID_ORIGIN = 'unauthorized-domain',\n INVALID_PASSWORD = 'wrong-password',\n INVALID_PERSISTENCE = 'invalid-persistence-type',\n INVALID_PHONE_NUMBER = 'invalid-phone-number',\n INVALID_PROVIDER_ID = 'invalid-provider-id',\n INVALID_RECIPIENT_EMAIL = 'invalid-recipient-email',\n INVALID_SENDER = 'invalid-sender',\n INVALID_SESSION_INFO = 'invalid-verification-id',\n INVALID_TENANT_ID = 'invalid-tenant-id',\n LOGIN_BLOCKED = 'login-blocked',\n MFA_INFO_NOT_FOUND = 'multi-factor-info-not-found',\n MFA_REQUIRED = 'multi-factor-auth-required',\n MISSING_ANDROID_PACKAGE_NAME = 'missing-android-pkg-name',\n MISSING_APP_CREDENTIAL = 'missing-app-credential',\n MISSING_AUTH_DOMAIN = 'auth-domain-config-required',\n MISSING_CODE = 'missing-verification-code',\n MISSING_CONTINUE_URI = 'missing-continue-uri',\n MISSING_IFRAME_START = 'missing-iframe-start',\n MISSING_IOS_BUNDLE_ID = 'missing-ios-bundle-id',\n MISSING_OR_INVALID_NONCE = 'missing-or-invalid-nonce',\n MISSING_MFA_INFO = 'missing-multi-factor-info',\n MISSING_MFA_SESSION = 'missing-multi-factor-session',\n MISSING_PHONE_NUMBER = 'missing-phone-number',\n MISSING_PASSWORD = 'missing-password',\n MISSING_SESSION_INFO = 'missing-verification-id',\n MODULE_DESTROYED = 'app-deleted',\n NEED_CONFIRMATION = 'account-exists-with-different-credential',\n NETWORK_REQUEST_FAILED = 'network-request-failed',\n NULL_USER = 'null-user',\n NO_AUTH_EVENT = 'no-auth-event',\n NO_SUCH_PROVIDER = 'no-such-provider',\n OPERATION_NOT_ALLOWED = 'operation-not-allowed',\n OPERATION_NOT_SUPPORTED = 'operation-not-supported-in-this-environment',\n POPUP_BLOCKED = 'popup-blocked',\n POPUP_CLOSED_BY_USER = 'popup-closed-by-user',\n PROVIDER_ALREADY_LINKED = 'provider-already-linked',\n QUOTA_EXCEEDED = 'quota-exceeded',\n REDIRECT_CANCELLED_BY_USER = 'redirect-cancelled-by-user',\n REDIRECT_OPERATION_PENDING = 'redirect-operation-pending',\n REJECTED_CREDENTIAL = 'rejected-credential',\n SECOND_FACTOR_ALREADY_ENROLLED = 'second-factor-already-in-use',\n SECOND_FACTOR_LIMIT_EXCEEDED = 'maximum-second-factor-count-exceeded',\n TENANT_ID_MISMATCH = 'tenant-id-mismatch',\n TIMEOUT = 'timeout',\n TOKEN_EXPIRED = 'user-token-expired',\n TOO_MANY_ATTEMPTS_TRY_LATER = 'too-many-requests',\n UNAUTHORIZED_DOMAIN = 'unauthorized-continue-uri',\n UNSUPPORTED_FIRST_FACTOR = 'unsupported-first-factor',\n UNSUPPORTED_PERSISTENCE = 'unsupported-persistence-type',\n UNSUPPORTED_TENANT_OPERATION = 'unsupported-tenant-operation',\n UNVERIFIED_EMAIL = 'unverified-email',\n USER_CANCELLED = 'user-cancelled',\n USER_DELETED = 'user-not-found',\n USER_DISABLED = 'user-disabled',\n USER_MISMATCH = 'user-mismatch',\n USER_SIGNED_OUT = 'user-signed-out',\n WEAK_PASSWORD = 'weak-password',\n WEB_STORAGE_UNSUPPORTED = 'web-storage-unsupported',\n ALREADY_INITIALIZED = 'already-initialized',\n RECAPTCHA_NOT_ENABLED = 'recaptcha-not-enabled',\n MISSING_RECAPTCHA_TOKEN = 'missing-recaptcha-token',\n INVALID_RECAPTCHA_TOKEN = 'invalid-recaptcha-token',\n INVALID_RECAPTCHA_ACTION = 'invalid-recaptcha-action',\n MISSING_CLIENT_TYPE = 'missing-client-type',\n MISSING_RECAPTCHA_VERSION = 'missing-recaptcha-version',\n INVALID_RECAPTCHA_VERSION = 'invalid-recaptcha-version',\n INVALID_REQ_TYPE = 'invalid-req-type',\n UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION = 'unsupported-password-policy-schema-version',\n PASSWORD_DOES_NOT_MEET_REQUIREMENTS = 'password-does-not-meet-requirements',\n INVALID_HOSTING_LINK_DOMAIN = 'invalid-hosting-link-domain'\n}\n\nfunction _debugErrorMap(): ErrorMap<AuthErrorCode> {\n return {\n [AuthErrorCode.ADMIN_ONLY_OPERATION]:\n 'This operation is restricted to administrators only.',\n [AuthErrorCode.ARGUMENT_ERROR]: '',\n [AuthErrorCode.APP_NOT_AUTHORIZED]:\n \"This app, identified by the domain where it's hosted, is not \" +\n 'authorized to use Firebase Authentication with the provided API key. ' +\n 'Review your key configuration in the Google API console.',\n [AuthErrorCode.APP_NOT_INSTALLED]:\n 'The requested mobile application corresponding to the identifier (' +\n 'Android package name or iOS bundle ID) provided is not installed on ' +\n 'this device.',\n [AuthErrorCode.CAPTCHA_CHECK_FAILED]:\n 'The reCAPTCHA response token provided is either invalid, expired, ' +\n 'already used or the domain associated with it does not match the list ' +\n 'of whitelisted domains.',\n [AuthErrorCode.CODE_EXPIRED]:\n 'The SMS code has expired. Please re-send the verification code to try ' +\n 'again.',\n [AuthErrorCode.CORDOVA_NOT_READY]: 'Cordova framework is not ready.',\n [AuthErrorCode.CORS_UNSUPPORTED]: 'This browser is not supported.',\n [AuthErrorCode.CREDENTIAL_ALREADY_IN_USE]:\n 'This credential is already associated with a different user account.',\n [AuthErrorCode.CREDENTIAL_MISMATCH]:\n 'The custom token corresponds to a different audience.',\n [AuthErrorCode.CREDENTIAL_TOO_OLD_LOGIN_AGAIN]:\n 'This operation is sensitive and requires recent authentication. Log in ' +\n 'again before retrying this request.',\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]:\n 'Another Firebase SDK was initialized and is trying to use Auth before Auth is ' +\n 'initialized. Please be sure to call `initializeAuth` or `getAuth` before ' +\n 'starting any other Firebase SDK.',\n [AuthErrorCode.DYNAMIC_LINK_NOT_ACTIVATED]:\n 'Please activate Dynamic Links in the Firebase Console and agree to the terms and ' +\n 'conditions.',\n [AuthErrorCode.EMAIL_CHANGE_NEEDS_VERIFICATION]:\n 'Multi-factor users must always have a verified email.',\n [AuthErrorCode.EMAIL_EXISTS]:\n 'The email address is already in use by another account.',\n [AuthErrorCode.EMULATOR_CONFIG_FAILED]:\n 'Auth instance has already been used to make a network call. Auth can ' +\n 'no longer be configured to use the emulator. Try calling ' +\n '\"connectAuthEmulator()\" sooner.',\n [AuthErrorCode.EXPIRED_OOB_CODE]: 'The action code has expired.',\n [AuthErrorCode.EXPIRED_POPUP_REQUEST]:\n 'This operation has been cancelled due to another conflicting popup being opened.',\n [AuthErrorCode.INTERNAL_ERROR]: 'An internal AuthError has occurred.',\n [AuthErrorCode.INVALID_APP_CREDENTIAL]:\n 'The phone verification request contains an invalid application verifier.' +\n ' The reCAPTCHA token response is either invalid or expired.',\n [AuthErrorCode.INVALID_APP_ID]:\n 'The mobile app identifier is not registered for the current project.',\n [AuthErrorCode.INVALID_AUTH]:\n \"This user's credential isn't valid for this project. This can happen \" +\n \"if the user's token has been tampered with, or if the user isn't for \" +\n 'the project associated with this API key.',\n [AuthErrorCode.INVALID_AUTH_EVENT]: 'An internal AuthError has occurred.',\n [AuthErrorCode.INVALID_CODE]:\n 'The SMS verification code used to create the phone auth credential is ' +\n 'invalid. Please resend the verification code sms and be sure to use the ' +\n 'verification code provided by the user.',\n [AuthErrorCode.INVALID_CONTINUE_URI]:\n 'The continue URL provided in the request is invalid.',\n [AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]:\n 'The following Cordova plugins must be installed to enable OAuth sign-in: ' +\n 'cordova-plugin-buildinfo, cordova-universal-links-plugin, ' +\n 'cordova-plugin-browsertab, cordova-plugin-inappbrowser and ' +\n 'cordova-plugin-customurlscheme.',\n [AuthErrorCode.INVALID_CUSTOM_TOKEN]:\n 'The custom token format is incorrect. Please check the documentation.',\n [AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN]:\n 'The provided dynamic link domain is not configured or authorized for the current project.',\n [AuthErrorCode.INVALID_EMAIL]: 'The email address is badly formatted.',\n [AuthErrorCode.INVALID_EMULATOR_SCHEME]:\n 'Emulator URL must start with a valid scheme (http:// or https://).',\n [AuthErrorCode.INVALID_API_KEY]:\n 'Your API key is invalid, please check you have copied it correctly.',\n [AuthErrorCode.INVALID_CERT_HASH]:\n 'The SHA-1 certificate hash provided is invalid.',\n [AuthErrorCode.INVALID_CREDENTIAL]:\n 'The supplied auth credential is incorrect, malformed or has expired.',\n [AuthErrorCode.INVALID_MESSAGE_PAYLOAD]:\n 'The email template corresponding to this action contains invalid characters in its message. ' +\n 'Please fix by going to the Auth email templates section in the Firebase Console.',\n [AuthErrorCode.INVALID_MFA_SESSION]:\n 'The request does not contain a valid proof of first factor successful sign-in.',\n [AuthErrorCode.INVALID_OAUTH_PROVIDER]:\n 'EmailAuthProvider is not supported for this operation. This operation ' +\n 'only supports OAuth providers.',\n [AuthErrorCode.INVALID_OAUTH_CLIENT_ID]:\n 'The OAuth client ID provided is either invalid or does not match the ' +\n 'specified API key.',\n [AuthErrorCode.INVALID_ORIGIN]:\n 'This domain is not authorized for OAuth operations for your Firebase ' +\n 'project. Edit the list of authorized domains from the Firebase console.',\n [AuthErrorCode.INVALID_OOB_CODE]:\n 'The action code is invalid. This can happen if the code is malformed, ' +\n 'expired, or has already been used.',\n [AuthErrorCode.INVALID_PASSWORD]:\n 'The password is invalid or the user does not have a password.',\n [AuthErrorCode.INVALID_PERSISTENCE]:\n 'The specified persistence type is invalid. It can only be local, session or none.',\n [AuthErrorCode.INVALID_PHONE_NUMBER]:\n 'The format of the phone number provided is incorrect. Please enter the ' +\n 'phone number in a format that can be parsed into E.164 format. E.164 ' +\n 'phone numbers are written in the format [+][country code][subscriber ' +\n 'number including area code].',\n [AuthErrorCode.INVALID_PROVIDER_ID]:\n 'The specified provider ID is invalid.',\n [AuthErrorCode.INVALID_RECIPIENT_EMAIL]:\n 'The email corresponding to this action failed to send as the provided ' +\n 'recipient email address is invalid.',\n [AuthErrorCode.INVALID_SENDER]:\n 'The email template corresponding to this action contains an invalid sender email or name. ' +\n 'Please fix by going to the Auth email templates section in the Firebase Console.',\n [AuthErrorCode.INVALID_SESSION_INFO]:\n 'The verification ID used to create the phone auth credential is invalid.',\n [AuthErrorCode.INVALID_TENANT_ID]:\n \"The Auth instance's tenant ID is invalid.\",\n [AuthErrorCode.LOGIN_BLOCKED]:\n 'Login blocked by user-provided method: {$originalMessage}',\n [AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME]:\n 'An Android Package Name must be provided if the Android App is required to be installed.',\n [AuthErrorCode.MISSING_AUTH_DOMAIN]:\n 'Be sure to include authDomain when calling firebase.initializeApp(), ' +\n 'by following the instructions in the Firebase console.',\n [AuthErrorCode.MISSING_APP_CREDENTIAL]:\n 'The phone verification request is missing an application verifier ' +\n 'assertion. A reCAPTCHA response token needs to be provided.',\n [AuthErrorCode.MISSING_CODE]:\n 'The phone auth credential was created with an empty SMS verification code.',\n [AuthErrorCode.MISSING_CONTINUE_URI]:\n 'A continue URL must be provided in the request.',\n [AuthErrorCode.MISSING_IFRAME_START]: 'An internal AuthError has occurred.',\n [AuthErrorCode.MISSING_IOS_BUNDLE_ID]:\n 'An iOS Bundle ID must be provided if an App Store ID is provided.',\n [AuthErrorCode.MISSING_OR_INVALID_NONCE]:\n 'The request does not contain a valid nonce. This can occur if the ' +\n 'SHA-256 hash of the provided raw nonce does not match the hashed nonce ' +\n 'in the ID token payload.',\n [AuthErrorCode.MISSING_PASSWORD]: 'A non-empty password must be provided',\n [AuthErrorCode.MISSING_MFA_INFO]:\n 'No second factor identifier is provided.',\n [AuthErrorCode.MISSING_MFA_SESSION]:\n 'The request is missing proof of first factor successful sign-in.',\n [AuthErrorCode.MISSING_PHONE_NUMBER]:\n 'To send verification codes, provide a phone number for the recipient.',\n [AuthErrorCode.MISSING_SESSION_INFO]:\n 'The phone auth credential was created with an empty verification ID.',\n [AuthErrorCode.MODULE_DESTROYED]:\n 'This instance of FirebaseApp has been deleted.',\n [AuthErrorCode.MFA_INFO_NOT_FOUND]:\n 'The user does not have a second factor matching the identifier provided.',\n [AuthErrorCode.MFA_REQUIRED]:\n 'Proof of ownership of a second factor is required to complete sign-in.',\n [AuthErrorCode.NEED_CONFIRMATION]:\n 'An account already exists with the same email address but different ' +\n 'sign-in credentials. Sign in using a provider associated with this ' +\n 'email address.',\n [AuthErrorCode.NETWORK_REQUEST_FAILED]:\n 'A network AuthError (such as timeout, interrupted connection or unreachable host) has occurred.',\n [AuthErrorCode.NO_AUTH_EVENT]: 'An internal AuthError has occurred.',\n [AuthErrorCode.NO_SUCH_PROVIDER]:\n 'User was not linked to an account with the given provider.',\n [AuthErrorCode.NULL_USER]:\n 'A null user object was provided as the argument for an operation which ' +\n 'requires a non-null user object.',\n [AuthErrorCode.OPERATION_NOT_ALLOWED]:\n 'The given sign-in provider is disabled for this Firebase project. ' +\n 'Enable it in the Firebase console, under the sign-in method tab of the ' +\n 'Auth section.',\n [AuthErrorCode.OPERATION_NOT_SUPPORTED]:\n 'This operation is not supported in the environment this application is ' +\n 'running on. \"location.protocol\" must be http, https or chrome-extension' +\n ' and web storage must be enabled.',\n [AuthErrorCode.POPUP_BLOCKED]:\n 'Unable to establish a connection with the popup. It may have been blocked by the browser.',\n [AuthErrorCode.POPUP_CLOSED_BY_USER]:\n 'The popup has been closed by the user before finalizing the operation.',\n [AuthErrorCode.PROVIDER_ALREADY_LINKED]:\n 'User can only be linked to one identity for the given provider.',\n [AuthErrorCode.QUOTA_EXCEEDED]:\n \"The project's quota for this operation has been exceeded.\",\n [AuthErrorCode.REDIRECT_CANCELLED_BY_USER]:\n 'The redirect operation has been cancelled by the user before finalizing.',\n [AuthErrorCode.REDIRECT_OPERATION_PENDING]:\n 'A redirect sign-in operation is already pending.',\n [AuthErrorCode.REJECTED_CREDENTIAL]:\n 'The request contains malformed or mismatching credentials.',\n [AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED]:\n 'The second factor is already enrolled on this account.',\n [AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED]:\n 'The maximum allowed number of second factors on a user has been exceeded.',\n [AuthErrorCode.TENANT_ID_MISMATCH]:\n \"The provided tenant ID does not match the Auth instance's tenant ID\",\n [AuthErrorCode.TIMEOUT]: 'The operation has timed out.',\n [AuthErrorCode.TOKEN_EXPIRED]:\n \"The user's credential is no longer valid. The user must sign in again.\",\n [AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER]:\n 'We have blocked all requests from this device due to unusual activity. ' +\n 'Try again later.',\n [AuthErrorCode.UNAUTHORIZED_DOMAIN]:\n 'The domain of the continue URL is not whitelisted. Please whitelist ' +\n 'the domain in the Firebase console.',\n [AuthErrorCode.UNSUPPORTED_FIRST_FACTOR]:\n 'Enrolling a second factor or signing in with a multi-factor account requires sign-in with a supported first factor.',\n [AuthErrorCode.UNSUPPORTED_PERSISTENCE]:\n 'The current environment does not support the specified persistence type.',\n [AuthErrorCode.UNSUPPORTED_TENANT_OPERATION]:\n 'This operation is not supported in a multi-tenant context.',\n [AuthErrorCode.UNVERIFIED_EMAIL]:\n 'The operation requires a verified email.',\n [AuthErrorCode.USER_CANCELLED]:\n 'The user did not grant your application the permissions it requested.',\n [AuthErrorCode.USER_DELETED]:\n 'There is no user record corresponding to this identifier. The user may ' +\n 'have been deleted.',\n [AuthErrorCode.USER_DISABLED]:\n 'The user account has been disabled by an administrator.',\n [AuthErrorCode.USER_MISMATCH]:\n 'The supplied credentials do not correspond to the previously signed in user.',\n [AuthErrorCode.USER_SIGNED_OUT]: '',\n [AuthErrorCode.WEAK_PASSWORD]:\n 'The password must be 6 characters long or more.',\n [AuthErrorCode.WEB_STORAGE_UNSUPPORTED]:\n 'This browser is not supported or 3rd party cookies and data may be disabled.',\n [AuthErrorCode.ALREADY_INITIALIZED]:\n 'initializeAuth() has already been called with ' +\n 'different options. To avoid this error, call initializeAuth() with the ' +\n 'same options as when it was originally called, or call getAuth() to return the' +\n ' already initialized instance.',\n [AuthErrorCode.MISSING_RECAPTCHA_TOKEN]:\n 'The reCAPTCHA token is missing when sending request to the backend.',\n [AuthErrorCode.INVALID_RECAPTCHA_TOKEN]:\n 'The reCAPTCHA token is invalid when sending request to the backend.',\n [AuthErrorCode.INVALID_RECAPTCHA_ACTION]:\n 'The reCAPTCHA action is invalid when sending request to the backend.',\n [AuthErrorCode.RECAPTCHA_NOT_ENABLED]:\n 'reCAPTCHA Enterprise integration is not enabled for this project.',\n [AuthErrorCode.MISSING_CLIENT_TYPE]:\n 'The reCAPTCHA client type is missing when sending request to the backend.',\n [AuthErrorCode.MISSING_RECAPTCHA_VERSION]:\n 'The reCAPTCHA version is missing when sending request to the backend.',\n [AuthErrorCode.INVALID_REQ_TYPE]: 'Invalid request parameters.',\n [AuthErrorCode.INVALID_RECAPTCHA_VERSION]:\n 'The reCAPTCHA version is invalid when sending request to the backend.',\n [AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION]:\n 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',\n [AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS]:\n 'The password does not meet the requirements.',\n [AuthErrorCode.INVALID_HOSTING_LINK_DOMAIN]:\n 'The provided Hosting link domain is not configured in Firebase Hosting or is not owned by ' +\n 'the current project. This cannot be a default Hosting domain (`web.app` or `firebaseapp.com`).'\n };\n}\n\nexport interface ErrorMapRetriever extends AuthErrorMap {\n (): ErrorMap<AuthErrorCode>;\n}\n\nfunction _prodErrorMap(): ErrorMap<AuthErrorCode> {\n // We will include this one message in the prod error map since by the very\n // nature of this error, developers will never be able to see the message\n // using the debugErrorMap (which is installed during auth initialization).\n return {\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]:\n 'Another Firebase SDK was initialized and is trying to use Auth before Auth is ' +\n 'initialized. Please be sure to call `initializeAuth` or `getAuth` before ' +\n 'starting any other Firebase SDK.'\n } as ErrorMap<AuthErrorCode>;\n}\n\n/**\n * A verbose error map with detailed descriptions for most error codes.\n *\n * See discussion at {@link AuthErrorMap}\n *\n * @public\n */\nexport const debugErrorMap: AuthErrorMap = _debugErrorMap;\n\n/**\n * A minimal error map with all verbose error messages stripped.\n *\n * See discussion at {@link AuthErrorMap}\n *\n * @public\n */\nexport const prodErrorMap: AuthErrorMap = _prodErrorMap;\n\nexport interface NamedErrorParams {\n appName: AppName;\n credential?: AuthCredential;\n email?: string;\n phoneNumber?: string;\n tenantId?: string;\n user?: User;\n _serverResponse?: object;\n}\n\n/**\n * @internal\n */\ntype GenericAuthErrorParams = {\n [key in Exclude<\n AuthErrorCode,\n | AuthErrorCode.ARGUMENT_ERROR\n | AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH\n | AuthErrorCode.INTERNAL_ERROR\n | AuthErrorCode.MFA_REQUIRED\n | AuthErrorCode.NO_AUTH_EVENT\n | AuthErrorCode.OPERATION_NOT_SUPPORTED\n >]: {\n appName?: AppName;\n email?: string;\n phoneNumber?: string;\n message?: string;\n };\n};\n\n/**\n * @internal\n */\nexport interface AuthErrorParams extends GenericAuthErrorParams {\n [AuthErrorCode.ARGUMENT_ERROR]: { appName?: AppName };\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]: { appName?: AppName };\n [AuthErrorCode.INTERNAL_ERROR]: { appName?: AppName };\n [AuthErrorCode.LOGIN_BLOCKED]: {\n appName?: AppName;\n originalMessage?: string;\n };\n [AuthErrorCode.OPERATION_NOT_SUPPORTED]: { appName?: AppName };\n [AuthErrorCode.NO_AUTH_EVENT]: { appName?: AppName };\n [AuthErrorCode.MFA_REQUIRED]: {\n appName: AppName;\n _serverResponse: IdTokenMfaResponse;\n };\n [AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]: {\n appName: AppName;\n missingPlugin?: string;\n };\n}\n\nexport const _DEFAULT_AUTH_ERROR_FACTORY = new ErrorFactory<\n AuthErrorCode,\n AuthErrorParams\n>('auth', 'Firebase', _prodErrorMap());\n\n/**\n * A map of potential `Auth` error codes, for easier comparison with errors\n * thrown by the SDK.\n *\n * @remarks\n * Note that you can't tree-shake individual keys\n * in the map, so by using the map you might substantially increase your\n * bundle size.\n *\n * @public\n */\nexport const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {\n ADMIN_ONLY_OPERATION: 'auth/admin-restricted-operation',\n ARGUMENT_ERROR: 'auth/argument-error',\n APP_NOT_AUTHORIZED: 'auth/app-not-authorized',\n APP_NOT_INSTALLED: 'auth/app-not-installed',\n CAPTCHA_CHECK_FAILED: 'auth/captcha-check-failed',\n CODE_EXPIRED: 'auth/code-expired',\n CORDOVA_NOT_READY: 'auth/cordova-not-ready',\n CORS_UNSUPPORTED: 'auth/cors-unsupported',\n CREDENTIAL_ALREADY_IN_USE: 'auth/credential-already-in-use',\n CREDENTIAL_MISMATCH: 'auth/custom-token-mismatch',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN: 'auth/requires-recent-login',\n DEPENDENT_SDK_INIT_BEFORE_AUTH: 'auth/dependent-sdk-initialized-before-auth',\n DYNAMIC_LINK_NOT_ACTIVATED: 'auth/dynamic-link-not-activated',\n EMAIL_CHANGE_NEEDS_VERIFICATION: 'auth/email-change-needs-verification',\n EMAIL_EXISTS: 'auth/email-already-in-use',\n EMULATOR_CONFIG_FAILED: 'auth/emulator-config-failed',\n EXPIRED_OOB_CODE: 'auth/expired-action-code',\n EXPIRED_POPUP_REQUEST: 'auth/cancelled-popup-request',\n INTERNAL_ERROR: 'auth/internal-error',\n INVALID_API_KEY: 'auth/invalid-api-key',\n INVALID_APP_CREDENTIAL: 'auth/invalid-app-credential',\n INVALID_APP_ID: 'auth/invalid-app-id',\n INVALID_AUTH: 'auth/invalid-user-token',\n INVALID_AUTH_EVENT: 'auth/invalid-auth-event',\n INVALID_CERT_HASH: 'auth/invalid-cert-hash',\n INVALID_CODE: 'auth/invalid-verification-code',\n INVALID_CONTINUE_URI: 'auth/invalid-continue-uri',\n INVALID_CORDOVA_CONFIGURATION: 'auth/invalid-cordova-configuration',\n INVALID_CUSTOM_TOKEN: 'auth/invalid-custom-token',\n INVALID_DYNAMIC_LINK_DOMAIN: 'auth/invalid-dynamic-link-domain',\n INVALID_EMAIL: 'auth/invalid-email',\n INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',\n INVALID_IDP_RESPONSE: 'auth/invalid-credential',\n INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',\n INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',\n INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',\n INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',\n INVALID_OAUTH_PROVIDER: 'auth/invalid-oauth-provider',\n INVALID_OOB_CODE: 'auth/invalid-action-code',\n INVALID_ORIGIN: 'auth/unauthorized-domain',\n INVALID_PASSWORD: 'auth/wrong-password',\n INVALID_PERSISTENCE: 'auth/invalid-persistence-type',\n INVALID_PHONE_NUMBER: 'auth/invalid-phone-number',\n INVALID_PROVIDER_ID: 'auth/invalid-provider-id',\n INVALID_RECIPIENT_EMAIL: 'auth/invalid-recipient-email',\n INVALID_SENDER: 'auth/invalid-sender',\n INVALID_SESSION_INFO: 'auth/invalid-verification-id',\n INVALID_TENANT_ID: 'auth/invalid-tenant-id',\n MFA_INFO_NOT_FOUND: 'auth/multi-factor-info-not-found',\n MFA_REQUIRED: 'auth/multi-factor-auth-required',\n MISSING_ANDROID_PACKAGE_NAME: 'auth/missing-android-pkg-name',\n MISSING_APP_CREDENTIAL: 'auth/missing-app-credential',\n MISSING_AUTH_DOMAIN: 'auth/auth-domain-config-required',\n MISSING_CODE: 'auth/missing-verification-code',\n MISSING_CONTINUE_URI: 'auth/missing-continue-uri',\n MISSING_IFRAME_START: 'auth/missing-iframe-start',\n MISSING_IOS_BUNDLE_ID: 'auth/missing-ios-bundle-id',\n MISSING_OR_INVALID_NONCE: 'auth/missing-or-invalid-nonce',\n MISSING_MFA_INFO: 'auth/missing-multi-factor-info',\n MISSING_MFA_SESSION: 'auth/missing-multi-factor-session',\n MISSING_PHONE_NUMBER: 'auth/missing-phone-number',\n MISSING_SESSION_INFO: 'auth/missing-verification-id',\n MODULE_DESTROYED: 'auth/app-deleted',\n NEED_CONFIRMATION: 'auth/account-exists-with-different-credential',\n NETWORK_REQUEST_FAILED: 'auth/network-request-failed',\n NULL_USER: 'auth/null-user',\n NO_AUTH_EVENT: 'auth/no-auth-event',\n NO_SUCH_PROVIDER: 'auth/no-such-provider',\n OPERATION_NOT_ALLOWED: 'auth/operation-not-allowed',\n OPERATION_NOT_SUPPORTED: 'auth/operation-not-supported-in-this-environment',\n POPUP_BLOCKED: 'auth/popup-blocked',\n POPUP_CLOSED_BY_USER: 'auth/popup-closed-by-user',\n PROVIDER_ALREADY_LINKED: 'auth/provider-already-linked',\n QUOTA_EXCEEDED: 'auth/quota-exceeded',\n REDIRECT_CANCELLED_BY_USER: 'auth/redirect-cancelled-by-user',\n REDIRECT_OPERATION_PENDING: 'auth/redirect-operation-pending',\n REJECTED_CREDENTIAL: 'auth/rejected-credential',\n SECOND_FACTOR_ALREADY_ENROLLED: 'auth/second-factor-already-in-use',\n SECOND_FACTOR_LIMIT_EXCEEDED: 'auth/maximum-second-factor-count-exceeded',\n TENANT_ID_MISMATCH: 'auth/tenant-id-mismatch',\n TIMEOUT: 'auth/timeout',\n TOKEN_EXPIRED: 'auth/user-token-expired',\n TOO_MANY_ATTEMPTS_TRY_LATER: 'auth/too-many-requests',\n UNAUTHORIZED_DOMAIN: 'auth/unauthorized-continue-uri',\n UNSUPPORTED_FIRST_FACTOR: 'auth/unsupported-first-factor',\n UNSUPPORTED_PERSISTENCE: 'auth/unsupported-persistence-type',\n UNSUPPORTED_TENANT_OPERATION: 'auth/unsupported-tenant-operation',\n UNVERIFIED_EMAIL: 'auth/unverified-email',\n USER_CANCELLED: 'auth/user-cancelled',\n USER_DELETED: 'auth/user-not-found',\n USER_DISABLED: 'auth/user-disabled',\n USER_MISMATCH: 'auth/user-mismatch',\n USER_SIGNED_OUT: 'auth/user-signed-out',\n WEAK_PASSWORD: 'auth/weak-password',\n WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',\n ALREADY_INITIALIZED: 'auth/already-initialized',\n RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',\n MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',\n INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',\n INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',\n MISSING_CLIENT_TYPE: 'auth/missing-client-type',\n MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',\n INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',\n INVALID_REQ_TYPE: 'auth/invalid-req-type',\n INVALID_HOSTING_LINK_DOMAIN: 'auth/invalid-hosting-link-domain'\n} as const;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Logger, LogLevel } from '@firebase/logger';\nimport { SDK_VERSION } from '@firebase/app';\n\nexport { LogLevel };\n\nconst logClient = new Logger('@firebase/auth');\n\n// Helper methods are needed because variables can't be exported as read/write\nexport function _getLogLevel(): LogLevel {\n return logClient.logLevel;\n}\n\nexport function _setLogLevel(newLevel: LogLevel): void {\n logClient.logLevel = newLevel;\n}\n\nexport function _logDebug(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.DEBUG) {\n logClient.debug(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n\nexport function _logWarn(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.WARN) {\n logClient.warn(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n\nexport function _logError(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.ERROR) {\n logClient.error(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth } from '../../model/public_types';\nimport { ErrorFactory, FirebaseError } from '@firebase/util';\nimport { AuthInternal } from '../../model/auth';\nimport {\n _DEFAULT_AUTH_ERROR_FACTORY,\n AuthErrorCode,\n AuthErrorParams,\n prodErrorMap,\n ErrorMapRetriever\n} from '../errors';\nimport { _logError } from './log';\n\ntype AuthErrorListParams<K> = K extends keyof AuthErrorParams\n ? [AuthErrorParams[K]]\n : [];\ntype LessAppName<K extends AuthErrorCode> = Omit<AuthErrorParams[K], 'appName'>;\n\n/**\n * Unconditionally fails, throwing a developer facing INTERNAL_ERROR\n *\n * @example\n * ```javascript\n * fail(auth, AuthErrorCode.MFA_REQUIRED); // Error: the MFA_REQUIRED error needs more params than appName\n * fail(auth, AuthErrorCode.MFA_REQUIRED, {serverResponse}); // Compiles\n * fail(AuthErrorCode.INTERNAL_ERROR); // Compiles; internal error does not need appName\n * fail(AuthErrorCode.USER_DELETED); // Error: USER_DELETED requires app name\n * fail(auth, AuthErrorCode.USER_DELETED); // Compiles; USER_DELETED _only_ needs app name\n * ```\n *\n * @param appName App name for tagging the error\n * @throws FirebaseError\n */\nexport function _fail<K extends AuthErrorCode>(\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): never;\nexport function _fail<K extends AuthErrorCode>(\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): never;\nexport function _fail<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): never {\n throw createErrorInternal(authOrCode, ...rest);\n}\n\nexport function _createError<K extends AuthErrorCode>(\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): FirebaseError;\nexport function _createError<K extends AuthErrorCode>(\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): FirebaseError;\nexport function _createError<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): FirebaseError {\n return createErrorInternal(authOrCode, ...rest);\n}\n\nexport function _errorWithCustomMessage(\n auth: Auth,\n code: AuthErrorCode,\n message: string\n): FirebaseError {\n const errorMap = {\n ...(prodErrorMap as ErrorMapRetriever)(),\n [code]: message\n };\n const factory = new ErrorFactory<AuthErrorCode, AuthErrorParams>(\n 'auth',\n 'Firebase',\n errorMap\n );\n return factory.create(code, {\n appName: auth.name\n });\n}\n\nexport function _serverAppCurrentUserOperationNotSupportedError(\n auth: Auth\n): FirebaseError {\n return _errorWithCustomMessage(\n auth,\n AuthErrorCode.OPERATION_NOT_SUPPORTED,\n 'Operations that alter the current user are not supported in conjunction with FirebaseServerApp'\n );\n}\n\nexport function _assertInstanceOf(\n auth: Auth,\n object: object,\n instance: unknown\n): void {\n const constructorInstance = instance as { new (...args: unknown[]): unknown };\n if (!(object instanceof constructorInstance)) {\n if (constructorInstance.name !== object.constructor.name) {\n _fail(auth, AuthErrorCode.ARGUMENT_ERROR);\n }\n\n throw _errorWithCustomMessage(\n auth,\n AuthErrorCode.ARGUMENT_ERROR,\n `Type of ${object.constructor.name} does not match expected instance.` +\n `Did you pass a reference from a different Auth SDK?`\n );\n }\n}\n\nfunction createErrorInternal<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): FirebaseError {\n if (typeof authOrCode !== 'string') {\n const code = rest[0] as K;\n const fullParams = [...rest.slice(1)] as AuthErrorListParams<K>;\n if (fullParams[0]) {\n fullParams[0].appName = authOrCode.name;\n }\n\n return (authOrCode as AuthInternal)._errorFactory.create(\n code,\n ...fullParams\n );\n }\n\n return _DEFAULT_AUTH_ERROR_FACTORY.create(\n authOrCode,\n ...(rest as AuthErrorListParams<K>)\n );\n}\n\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): asserts assertion;\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): asserts assertion;\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n authOrCode: Auth | K,\n ...rest: unknown[]\n): asserts assertion {\n if (!assertion) {\n throw createErrorInternal(authOrCode, ...rest);\n }\n}\n\n// We really do want to accept literally any function type here\n// eslint-disable-next-line @typescript-eslint/ban-types\ntype TypeExpectation = Function | string | MapType;\n\ninterface MapType extends Record<string, TypeExpectation | Optional> {}\n\nclass Optional {\n constructor(readonly type: TypeExpectation) {}\n}\n\nexport function opt(type: TypeExpectation): Optional {\n return new Optional(type);\n}\n\n/**\n * Asserts the runtime types of arguments. The 'expected' field can be one of\n * a class, a string (representing a \"typeof\" call), or a record map of name\n * to type. Furthermore, the opt() function can be used to mark a field as\n * optional. For example:\n *\n * function foo(auth: Auth, profile: {displayName?: string}, update = false) {\n * assertTypes(arguments, [AuthImpl, {displayName: opt('string')}, opt('boolean')]);\n * }\n *\n * opt() can be used for any type:\n * function foo(auth?: Auth) {\n * assertTypes(arguments, [opt(AuthImpl)]);\n * }\n *\n * The string types can be or'd together, and you can use \"null\" as well (note\n * that typeof null === 'object'; this is an edge case). For example:\n *\n * function foo(profile: {displayName?: string | null}) {\n * assertTypes(arguments, [{displayName: opt('string|null')}]);\n * }\n *\n * @param args\n * @param expected\n */\nexport function assertTypes(\n args: Omit<IArguments, 'callee'>,\n ...expected: Array<TypeExpectation | Optional>\n): void {\n if (args.length > expected.length) {\n _fail(AuthErrorCode.ARGUMENT_ERROR, {});\n }\n\n for (let i = 0; i < expected.length; i++) {\n let expect = expected[i];\n const arg = args[i];\n\n if (expect instanceof Optional) {\n // If the arg is undefined, then it matches \"optional\" and we can move to\n // the next arg\n if (typeof arg === 'undefined') {\n continue;\n }\n expect = expect.type;\n }\n\n if (typeof expect === 'string') {\n // Handle the edge case for null because typeof null === 'object'\n if (expect.includes('null') && arg === null) {\n continue;\n }\n\n const required = expect.split('|');\n _assert(required.includes(typeof arg), AuthErrorCode.ARGUMENT_ERROR, {});\n } else if (typeof expect === 'object') {\n // Recursively check record arguments\n const record = arg as Record<string, unknown>;\n const map = expect as MapType;\n const keys = Object.keys(expect);\n\n assertTypes(\n keys.map(k => record[k]),\n ...keys.map(k => map[k])\n );\n } else {\n _assert(arg instanceof expect, AuthErrorCode.ARGUMENT_ERROR, {});\n }\n }\n}\n\n/**\n * Unconditionally fails, throwing an internal error with the given message.\n *\n * @param failure type of failure encountered\n * @throws Error\n */\nexport function debugFail(failure: string): never {\n // Log the failure in addition to throw an exception, just in case the\n // exception is swallowed.\n const message = `INTERNAL ASSERTION FAILED: ` + failure;\n _logError(message);\n\n // NOTE: We don't use FirebaseError here because these are internal failures\n // that cannot be handled by the user. (Also it would create a circular\n // dependency between the error and assert modules which doesn't work.)\n throw new Error(message);\n}\n\n/**\n * Fails if the given assertion condition is false, throwing an Error with the\n * given message if it did.\n *\n * @param assertion\n * @param message\n */\nexport function debugAssert(\n assertion: unknown,\n message: string\n): asserts assertion {\n if (!assertion) {\n debugFail(message);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function _getCurrentUrl(): string {\n return (typeof self !== 'undefined' && self.location?.href) || '';\n}\n\nexport function _isHttpOrHttps(): boolean {\n return _getCurrentScheme() === 'http:' || _getCurrentScheme() === 'https:';\n}\n\nexport function _getCurrentScheme(): string | null {\n return (typeof self !== 'undefined' && self.location?.protocol) || null;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isBrowserExtension } from '@firebase/util';\nimport { _isHttpOrHttps } from './location';\n\n/**\n * Determine whether the browser is working online\n */\nexport function _isOnline(): boolean {\n if (\n typeof navigator !== 'undefined' &&\n navigator &&\n 'onLine' in navigator &&\n typeof navigator.onLine === 'boolean' &&\n // Apply only for traditional web apps and Chrome extensions.\n // This is especially true for Cordova apps which have unreliable\n // navigator.onLine behavior unless cordova-plugin-network-information is\n // installed which overwrites the native navigator.onLine value and\n // defines navigator.connection.\n (_isHttpOrHttps() || isBrowserExtension() || 'connection' in navigator)\n ) {\n return navigator.onLine;\n }\n // If we can't determine the state, assume it is online.\n return true;\n}\n\nexport function _getUserLanguage(): string | null {\n if (typeof navigator === 'undefined') {\n return null;\n }\n const navigatorLanguage: NavigatorLanguage = navigator;\n return (\n // Most reliable, but only supported in Chrome/Firefox.\n (navigatorLanguage.languages && navigatorLanguage.languages[0]) ||\n // Supported in most browsers, but returns the language of the browser\n // UI, not the language set in browser settings.\n navigatorLanguage.language ||\n // Couldn't determine language.\n null\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ConfigInternal } from '../../model/auth';\nimport { debugAssert } from './assert';\n\nexport function _emulatorUrl(config: ConfigInternal, path?: string): string {\n debugAssert(config.emulator, 'Emulator should always be set here');\n const { url } = config.emulator;\n\n if (!path) {\n return url;\n }\n\n return `${url}${path.startsWith('/') ? path.slice(1) : path}`;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { debugFail } from './assert';\n\nexport class FetchProvider {\n private static fetchImpl: typeof fetch | null;\n private static headersImpl: typeof Headers | null;\n private static responseImpl: typeof Response | null;\n\n static initialize(\n fetchImpl: typeof fetch,\n headersImpl?: typeof Headers,\n responseImpl?: typeof Response\n ): void {\n this.fetchImpl = fetchImpl;\n if (headersImpl) {\n this.headersImpl = headersImpl;\n }\n if (responseImpl) {\n this.responseImpl = responseImpl;\n }\n }\n\n static fetch(): typeof fetch {\n if (this.fetchImpl) {\n return this.fetchImpl;\n }\n if (typeof self !== 'undefined' && 'fetch' in self) {\n return self.fetch;\n }\n if (typeof globalThis !== 'undefined' && globalThis.fetch) {\n return globalThis.fetch;\n }\n if (typeof fetch !== 'undefined') {\n return fetch;\n }\n debugFail(\n 'Could not find fetch implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n\n static headers(): typeof Headers {\n if (this.headersImpl) {\n return this.headersImpl;\n }\n if (typeof self !== 'undefined' && 'Headers' in self) {\n return self.Headers;\n }\n if (typeof globalThis !== 'undefined' && globalThis.Headers) {\n return globalThis.Headers;\n }\n if (typeof Headers !== 'undefined') {\n return Headers;\n }\n debugFail(\n 'Could not find Headers implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n\n static response(): typeof Response {\n if (this.responseImpl) {\n return this.responseImpl;\n }\n if (typeof self !== 'undefined' && 'Response' in self) {\n return self.Response;\n }\n if (typeof globalThis !== 'undefined' && globalThis.Response) {\n return globalThis.Response;\n }\n if (typeof Response !== 'undefined') {\n return Response;\n }\n debugFail(\n 'Could not find Response implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../core/errors';\n\n/**\n * Errors that can be returned by the backend\n */\nexport const enum ServerError {\n ADMIN_ONLY_OPERATION = 'ADMIN_ONLY_OPERATION',\n BLOCKING_FUNCTION_ERROR_RESPONSE = 'BLOCKING_FUNCTION_ERROR_RESPONSE',\n CAPTCHA_CHECK_FAILED = 'CAPTCHA_CHECK_FAILED',\n CORS_UNSUPPORTED = 'CORS_UNSUPPORTED',\n CREDENTIAL_MISMATCH = 'CREDENTIAL_MISMATCH',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN = 'CREDENTIAL_TOO_OLD_LOGIN_AGAIN',\n DYNAMIC_LINK_NOT_ACTIVATED = 'DYNAMIC_LINK_NOT_ACTIVATED',\n EMAIL_CHANGE_NEEDS_VERIFICATION = 'EMAIL_CHANGE_NEEDS_VERIFICATION',\n EMAIL_EXISTS = 'EMAIL_EXISTS',\n EMAIL_NOT_FOUND = 'EMAIL_NOT_FOUND',\n EXPIRED_OOB_CODE = 'EXPIRED_OOB_CODE',\n FEDERATED_USER_ID_ALREADY_LINKED = 'FEDERATED_USER_ID_ALREADY_LINKED',\n INVALID_APP_CREDENTIAL = 'INVALID_APP_CREDENTIAL',\n INVALID_APP_ID = 'INVALID_APP_ID',\n INVALID_CERT_HASH = 'INVALID_CERT_HASH',\n INVALID_CODE = 'INVALID_CODE',\n INVALID_CONTINUE_URI = 'INVALID_CONTINUE_URI',\n INVALID_CUSTOM_TOKEN = 'INVALID_CUSTOM_TOKEN',\n INVALID_DYNAMIC_LINK_DOMAIN = 'INVALID_DYNAMIC_LINK_DOMAIN',\n INVALID_EMAIL = 'INVALID_EMAIL',\n INVALID_ID_TOKEN = 'INVALID_ID_TOKEN',\n INVALID_IDP_RESPONSE = 'INVALID_IDP_RESPONSE',\n INVALID_IDENTIFIER = 'INVALID_IDENTIFIER',\n INVALID_LOGIN_CREDENTIALS = 'INVALID_LOGIN_CREDENTIALS',\n INVALID_MESSAGE_PAYLOAD = 'INVALID_MESSAGE_PAYLOAD',\n INVALID_MFA_PENDING_CREDENTIAL = 'INVALID_MFA_PENDING_CREDENTIAL',\n INVALID_OAUTH_CLIENT_ID = 'INVALID_OAUTH_CLIENT_ID',\n INVALID_OOB_CODE = 'INVALID_OOB_CODE',\n INVALID_PASSWORD = 'INVALID_PASSWORD',\n INVALID_PENDING_TOKEN = 'INVALID_PENDING_TOKEN',\n INVALID_PHONE_NUMBER = 'INVALID_PHONE_NUMBER',\n INVALID_PROVIDER_ID = 'INVALID_PROVIDER_ID',\n INVALID_RECIPIENT_EMAIL = 'INVALID_RECIPIENT_EMAIL',\n INVALID_SENDER = 'INVALID_SENDER',\n INVALID_SESSION_INFO = 'INVALID_SESSION_INFO',\n INVALID_TEMPORARY_PROOF = 'INVALID_TEMPORARY_PROOF',\n INVALID_TENANT_ID = 'INVALID_TENANT_ID',\n MFA_ENROLLMENT_NOT_FOUND = 'MFA_ENROLLMENT_NOT_FOUND',\n MISSING_ANDROID_PACKAGE_NAME = 'MISSING_ANDROID_PACKAGE_NAME',\n MISSING_APP_CREDENTIAL = 'MISSING_APP_CREDENTIAL',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_CONTINUE_URI = 'MISSING_CONTINUE_URI',\n MISSING_CUSTOM_TOKEN = 'MISSING_CUSTOM_TOKEN',\n MISSING_IOS_BUNDLE_ID = 'MISSING_IOS_BUNDLE_ID',\n MISSING_MFA_ENROLLMENT_ID = 'MISSING_MFA_ENROLLMENT_ID',\n MISSING_MFA_PENDING_CREDENTIAL = 'MISSING_MFA_PENDING_CREDENTIAL',\n MISSING_OOB_CODE = 'MISSING_OOB_CODE',\n MISSING_OR_INVALID_NONCE = 'MISSING_OR_INVALID_NONCE',\n MISSING_PASSWORD = 'MISSING_PASSWORD',\n MISSING_REQ_TYPE = 'MISSING_REQ_TYPE',\n MISSING_PHONE_NUMBER = 'MISSING_PHONE_NUMBER',\n MISSING_SESSION_INFO = 'MISSING_SESSION_INFO',\n OPERATION_NOT_ALLOWED = 'OPERATION_NOT_ALLOWED',\n PASSWORD_LOGIN_DISABLED = 'PASSWORD_LOGIN_DISABLED',\n QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n RESET_PASSWORD_EXCEED_LIMIT = 'RESET_PASSWORD_EXCEED_LIMIT',\n REJECTED_CREDENTIAL = 'REJECTED_CREDENTIAL',\n SECOND_FACTOR_EXISTS = 'SECOND_FACTOR_EXISTS',\n SECOND_FACTOR_LIMIT_EXCEEDED = 'SECOND_FACTOR_LIMIT_EXCEEDED',\n SESSION_EXPIRED = 'SESSION_EXPIRED',\n TENANT_ID_MISMATCH = 'TENANT_ID_MISMATCH',\n TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n TOO_MANY_ATTEMPTS_TRY_LATER = 'TOO_MANY_ATTEMPTS_TRY_LATER',\n UNSUPPORTED_FIRST_FACTOR = 'UNSUPPORTED_FIRST_FACTOR',\n UNSUPPORTED_TENANT_OPERATION = 'UNSUPPORTED_TENANT_OPERATION',\n UNAUTHORIZED_DOMAIN = 'UNAUTHORIZED_DOMAIN',\n UNVERIFIED_EMAIL = 'UNVERIFIED_EMAIL',\n USER_CANCELLED = 'USER_CANCELLED',\n USER_DISABLED = 'USER_DISABLED',\n USER_NOT_FOUND = 'USER_NOT_FOUND',\n WEAK_PASSWORD = 'WEAK_PASSWORD',\n RECAPTCHA_NOT_ENABLED = 'RECAPTCHA_NOT_ENABLED',\n MISSING_RECAPTCHA_TOKEN = 'MISSING_RECAPTCHA_TOKEN',\n INVALID_RECAPTCHA_TOKEN = 'INVALID_RECAPTCHA_TOKEN',\n INVALID_RECAPTCHA_ACTION = 'INVALID_RECAPTCHA_ACTION',\n MISSING_CLIENT_TYPE = 'MISSING_CLIENT_TYPE',\n MISSING_RECAPTCHA_VERSION = 'MISSING_RECAPTCHA_VERSION',\n INVALID_RECAPTCHA_VERSION = 'INVALID_RECAPTCHA_VERSION',\n INVALID_REQ_TYPE = 'INVALID_REQ_TYPE',\n PASSWORD_DOES_NOT_MEET_REQUIREMENTS = 'PASSWORD_DOES_NOT_MEET_REQUIREMENTS',\n INVALID_HOSTING_LINK_DOMAIN = 'INVALID_HOSTING_LINK_DOMAIN'\n}\n\n/**\n * API Response in the event of an error\n */\nexport interface JsonError {\n error: {\n code: number;\n message: string;\n errors?: [\n {\n message: ServerError;\n domain: string;\n reason: string;\n }\n ];\n };\n}\n\n/**\n * Type definition for a map from server errors to developer visible errors\n */\nexport declare type ServerErrorMap<ApiError extends string> = {\n readonly [K in ApiError]: AuthErrorCode;\n};\n\n/**\n * Map from errors returned by the server to errors to developer visible errors\n */\nexport const SERVER_ERROR_MAP: Partial<ServerErrorMap<ServerError>> = {\n // Custom token errors.\n [ServerError.CREDENTIAL_MISMATCH]: AuthErrorCode.CREDENTIAL_MISMATCH,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_CUSTOM_TOKEN]: AuthErrorCode.INTERNAL_ERROR,\n\n // Create Auth URI errors.\n [ServerError.INVALID_IDENTIFIER]: AuthErrorCode.INVALID_EMAIL,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_CONTINUE_URI]: AuthErrorCode.INTERNAL_ERROR,\n\n // Sign in with email and password errors (some apply to sign up too).\n [ServerError.INVALID_PASSWORD]: AuthErrorCode.INVALID_PASSWORD,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_PASSWORD]: AuthErrorCode.MISSING_PASSWORD,\n // Thrown if Email Enumeration Protection is enabled in the project and the email or password is\n // invalid.\n [ServerError.INVALID_LOGIN_CREDENTIALS]: AuthErrorCode.INVALID_CREDENTIAL,\n\n // Sign up with email and password errors.\n [ServerError.EMAIL_EXISTS]: AuthErrorCode.EMAIL_EXISTS,\n [ServerError.PASSWORD_LOGIN_DISABLED]: AuthErrorCode.OPERATION_NOT_ALLOWED,\n\n // Verify assertion for sign in with credential errors:\n [ServerError.INVALID_IDP_RESPONSE]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.INVALID_PENDING_TOKEN]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.FEDERATED_USER_ID_ALREADY_LINKED]:\n AuthErrorCode.CREDENTIAL_ALREADY_IN_USE,\n\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_REQ_TYPE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Send Password reset email errors:\n [ServerError.EMAIL_NOT_FOUND]: AuthErrorCode.USER_DELETED,\n [ServerError.RESET_PASSWORD_EXCEED_LIMIT]:\n AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER,\n\n [ServerError.EXPIRED_OOB_CODE]: AuthErrorCode.EXPIRED_OOB_CODE,\n [ServerError.INVALID_OOB_CODE]: AuthErrorCode.INVALID_OOB_CODE,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_OOB_CODE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Operations that require ID token in request:\n [ServerError.CREDENTIAL_TOO_OLD_LOGIN_AGAIN]:\n AuthErrorCode.CREDENTIAL_TOO_OLD_LOGIN_AGAIN,\n [ServerError.INVALID_ID_TOKEN]: AuthErrorCode.INVALID_AUTH,\n [ServerError.TOKEN_EXPIRED]: AuthErrorCode.TOKEN_EXPIRED,\n [ServerError.USER_NOT_FOUND]: AuthErrorCode.TOKEN_EXPIRED,\n\n // Other errors.\n [ServerError.TOO_MANY_ATTEMPTS_TRY_LATER]:\n AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER,\n [ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS]:\n AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS,\n\n // Phone Auth related errors.\n [ServerError.INVALID_CODE]: AuthErrorCode.INVALID_CODE,\n [ServerError.INVALID_SESSION_INFO]: AuthErrorCode.INVALID_SESSION_INFO,\n [ServerError.INVALID_TEMPORARY_PROOF]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.MISSING_SESSION_INFO]: AuthErrorCode.MISSING_SESSION_INFO,\n [ServerError.SESSION_EXPIRED]: AuthErrorCode.CODE_EXPIRED,\n\n // Other action code errors when additional settings passed.\n // MISSING_CONTINUE_URI is getting mapped to INTERNAL_ERROR above.\n // This is OK as this error will be caught by client side validation.\n [ServerError.MISSING_ANDROID_PACKAGE_NAME]:\n AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME,\n [ServerError.UNAUTHORIZED_DOMAIN]: AuthErrorCode.UNAUTHORIZED_DOMAIN,\n\n // getProjectConfig errors when clientId is passed.\n [ServerError.INVALID_OAUTH_CLIENT_ID]: AuthErrorCode.INVALID_OAUTH_CLIENT_ID,\n\n // User actions (sign-up or deletion) disabled errors.\n [ServerError.ADMIN_ONLY_OPERATION]: AuthErrorCode.ADMIN_ONLY_OPERATION,\n\n // Multi factor related errors.\n [ServerError.INVALID_MFA_PENDING_CREDENTIAL]:\n AuthErrorCode.INVALID_MFA_SESSION,\n [ServerError.MFA_ENROLLMENT_NOT_FOUND]: AuthErrorCode.MFA_INFO_NOT_FOUND,\n [ServerError.MISSING_MFA_ENROLLMENT_ID]: AuthErrorCode.MISSING_MFA_INFO,\n [ServerError.MISSING_MFA_PENDING_CREDENTIAL]:\n AuthErrorCode.MISSING_MFA_SESSION,\n [ServerError.SECOND_FACTOR_EXISTS]:\n AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED,\n [ServerError.SECOND_FACTOR_LIMIT_EXCEEDED]:\n AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED,\n\n // Blocking functions related errors.\n [ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Recaptcha related errors.\n [ServerError.RECAPTCHA_NOT_ENABLED]: AuthErrorCode.RECAPTCHA_NOT_ENABLED,\n [ServerError.MISSING_RECAPTCHA_TOKEN]: AuthErrorCode.MISSING_RECAPTCHA_TOKEN,\n [ServerError.INVALID_RECAPTCHA_TOKEN]: AuthErrorCode.INVALID_RECAPTCHA_TOKEN,\n [ServerError.INVALID_RECAPTCHA_ACTION]:\n AuthErrorCode.INVALID_RECAPTCHA_ACTION,\n [ServerError.MISSING_CLIENT_TYPE]: AuthErrorCode.MISSING_CLIENT_TYPE,\n [ServerError.MISSING_RECAPTCHA_VERSION]:\n AuthErrorCode.MISSING_RECAPTCHA_VERSION,\n [ServerError.INVALID_RECAPTCHA_VERSION]:\n AuthErrorCode.INVALID_RECAPTCHA_VERSION,\n [ServerError.INVALID_REQ_TYPE]: AuthErrorCode.INVALID_REQ_TYPE\n};\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError, isCloudflareWorker, querystring } from '@firebase/util';\n\nimport { AuthErrorCode, NamedErrorParams } from '../core/errors';\nimport {\n _createError,\n _errorWithCustomMessage,\n _fail\n} from '../core/util/assert';\nimport { Delay } from '../core/util/delay';\nimport { _emulatorUrl } from '../core/util/emulator';\nimport { FetchProvider } from '../core/util/fetch_provider';\nimport { Auth } from '../model/public_types';\nimport { AuthInternal, ConfigInternal } from '../model/auth';\nimport { IdTokenResponse, TaggedWithTokenResponse } from '../model/id_token';\nimport { IdTokenMfaResponse } from './authentication/mfa';\nimport { SERVER_ERROR_MAP, ServerError, ServerErrorMap } from './errors';\n\nexport const enum HttpMethod {\n POST = 'POST',\n GET = 'GET'\n}\n\nexport const enum HttpHeader {\n CONTENT_TYPE = 'Content-Type',\n X_FIREBASE_LOCALE = 'X-Firebase-Locale',\n X_CLIENT_VERSION = 'X-Client-Version',\n X_FIREBASE_GMPID = 'X-Firebase-gmpid',\n X_FIREBASE_CLIENT = 'X-Firebase-Client',\n X_FIREBASE_APP_CHECK = 'X-Firebase-AppCheck'\n}\n\nexport const enum Endpoint {\n CREATE_AUTH_URI = '/v1/accounts:createAuthUri',\n DELETE_ACCOUNT = '/v1/accounts:delete',\n RESET_PASSWORD = '/v1/accounts:resetPassword',\n SIGN_UP = '/v1/accounts:signUp',\n SIGN_IN_WITH_CUSTOM_TOKEN = '/v1/accounts:signInWithCustomToken',\n SIGN_IN_WITH_EMAIL_LINK = '/v1/accounts:signInWithEmailLink',\n SIGN_IN_WITH_IDP = '/v1/accounts:signInWithIdp',\n SIGN_IN_WITH_PASSWORD = '/v1/accounts:signInWithPassword',\n SIGN_IN_WITH_PHONE_NUMBER = '/v1/accounts:signInWithPhoneNumber',\n SEND_VERIFICATION_CODE = '/v1/accounts:sendVerificationCode',\n SEND_OOB_CODE = '/v1/accounts:sendOobCode',\n SET_ACCOUNT_INFO = '/v1/accounts:update',\n GET_ACCOUNT_INFO = '/v1/accounts:lookup',\n GET_RECAPTCHA_PARAM = '/v1/recaptchaParams',\n START_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:start',\n FINALIZE_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:finalize',\n START_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:start',\n FINALIZE_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:finalize',\n WITHDRAW_MFA = '/v2/accounts/mfaEnrollment:withdraw',\n GET_PROJECT_CONFIG = '/v1/projects',\n GET_RECAPTCHA_CONFIG = '/v2/recaptchaConfig',\n GET_PASSWORD_POLICY = '/v2/passwordPolicy',\n TOKEN = '/v1/token',\n REVOKE_TOKEN = '/v2/accounts:revokeToken'\n}\n\nexport const enum RecaptchaClientType {\n WEB = 'CLIENT_TYPE_WEB',\n ANDROID = 'CLIENT_TYPE_ANDROID',\n IOS = 'CLIENT_TYPE_IOS'\n}\n\nexport const enum RecaptchaVersion {\n ENTERPRISE = 'RECAPTCHA_ENTERPRISE'\n}\n\nexport const enum RecaptchaActionName {\n SIGN_IN_WITH_PASSWORD = 'signInWithPassword',\n GET_OOB_CODE = 'getOobCode',\n SIGN_UP_PASSWORD = 'signUpPassword',\n SEND_VERIFICATION_CODE = 'sendVerificationCode',\n MFA_SMS_ENROLLMENT = 'mfaSmsEnrollment',\n MFA_SMS_SIGNIN = 'mfaSmsSignIn'\n}\n\nexport const enum EnforcementState {\n ENFORCE = 'ENFORCE',\n AUDIT = 'AUDIT',\n OFF = 'OFF',\n ENFORCEMENT_STATE_UNSPECIFIED = 'ENFORCEMENT_STATE_UNSPECIFIED'\n}\n\n// Providers that have reCAPTCHA Enterprise support.\nexport const enum RecaptchaAuthProvider {\n EMAIL_PASSWORD_PROVIDER = 'EMAIL_PASSWORD_PROVIDER',\n PHONE_PROVIDER = 'PHONE_PROVIDER'\n}\n\nexport const DEFAULT_API_TIMEOUT_MS = new Delay(30_000, 60_000);\n\nexport function _addTidIfNecessary<T extends { tenantId?: string }>(\n auth: Auth,\n request: T\n): T {\n if (auth.tenantId && !request.tenantId) {\n return {\n ...request,\n tenantId: auth.tenantId\n };\n }\n return request;\n}\n\nexport async function _performApiRequest<T, V>(\n auth: Auth,\n method: HttpMethod,\n path: Endpoint,\n request?: T,\n customErrorMap: Partial<ServerErrorMap<ServerError>> = {}\n): Promise<V> {\n return _performFetchWithErrorHandling(auth, customErrorMap, async () => {\n let body = {};\n let params = {};\n if (request) {\n if (method === HttpMethod.GET) {\n params = request;\n } else {\n body = {\n body: JSON.stringify(request)\n };\n }\n }\n\n const query = querystring({\n key: auth.config.apiKey,\n ...params\n }).slice(1);\n\n const headers = await (auth as AuthInternal)._getAdditionalHeaders();\n headers[HttpHeader.CONTENT_TYPE] = 'application/json';\n\n if (auth.languageCode) {\n headers[HttpHeader.X_FIREBASE_LOCALE] = auth.languageCode;\n }\n\n const fetchArgs: RequestInit = {\n method,\n headers,\n ...body\n };\n\n /* Security-conscious server-side frameworks tend to have built in mitigations for referrer\n problems\". See the Cloudflare GitHub issue #487: Error: The 'referrerPolicy' field on\n 'RequestInitializerDict' is not implemented.\"\n https://github.com/cloudflare/next-on-pages/issues/487 */\n if (!isCloudflareWorker()) {\n fetchArgs.referrerPolicy = 'no-referrer';\n }\n\n return FetchProvider.fetch()(\n _getFinalTarget(auth, auth.config.apiHost, path, query),\n fetchArgs\n );\n });\n}\n\nexport async function _performFetchWithErrorHandling<V>(\n auth: Auth,\n customErrorMap: Partial<ServerErrorMap<ServerError>>,\n fetchFn: () => Promise<Response>\n): Promise<V> {\n (auth as AuthInternal)._canInitEmulator = false;\n const errorMap = { ...SERVER_ERROR_MAP, ...customErrorMap };\n try {\n const networkTimeout = new NetworkTimeout<Response>(auth);\n const response: Response = await Promise.race<Promise<Response>>([\n fetchFn(),\n networkTimeout.promise\n ]);\n\n // If we've reached this point, the fetch succeeded and the networkTimeout\n // didn't throw; clear the network timeout delay so that Node won't hang\n networkTimeout.clearNetworkTimeout();\n\n const json = await response.json();\n if ('needConfirmation' in json) {\n throw _makeTaggedError(auth, AuthErrorCode.NEED_CONFIRMATION, json);\n }\n\n if (response.ok && !('errorMessage' in json)) {\n return json;\n } else {\n const errorMessage = response.ok ? json.errorMessage : json.error.message;\n const [serverErrorCode, serverErrorMessage] = errorMessage.split(' : ');\n if (serverErrorCode === ServerError.FEDERATED_USER_ID_ALREADY_LINKED) {\n throw _makeTaggedError(\n auth,\n AuthErrorCode.CREDENTIAL_ALREADY_IN_USE,\n json\n );\n } else if (serverErrorCode === ServerError.EMAIL_EXISTS) {\n throw _makeTaggedError(auth, AuthErrorCode.EMAIL_EXISTS, json);\n } else if (serverErrorCode === ServerError.USER_DISABLED) {\n throw _makeTaggedError(auth, AuthErrorCode.USER_DISABLED, json);\n }\n const authError =\n errorMap[serverErrorCode as ServerError] ||\n (serverErrorCode\n .toLowerCase()\n .replace(/[_\\s]+/g, '-') as unknown as AuthErrorCode);\n if (serverErrorMessage) {\n throw _errorWithCustomMessage(auth, authError, serverErrorMessage);\n } else {\n _fail(auth, authError);\n }\n }\n } catch (e) {\n if (e instanceof FirebaseError) {\n throw e;\n }\n // Changing this to a different error code will log user out when there is a network error\n // because we treat any error other than NETWORK_REQUEST_FAILED as token is invalid.\n // https://github.com/firebase/firebase-js-sdk/blob/4fbc73610d70be4e0852e7de63a39cb7897e8546/packages/auth/src/core/auth/auth_impl.ts#L309-L316\n _fail(auth, AuthErrorCode.NETWORK_REQUEST_FAILED, { 'message': String(e) });\n }\n}\n\nexport async function _performSignInRequest<T, V extends IdTokenResponse>(\n auth: Auth,\n method: HttpMethod,\n path: Endpoint,\n request?: T,\n customErrorMap: Partial<ServerErrorMap<ServerError>> = {}\n): Promise<V> {\n const serverResponse = await _performApiRequest<T, V | IdTokenMfaResponse>(\n auth,\n method,\n path,\n request,\n customErrorMap\n );\n if ('mfaPendingCredential' in serverResponse) {\n _fail(auth, AuthErrorCode.MFA_REQUIRED, {\n _serverResponse: serverResponse\n });\n }\n\n return serverResponse as V;\n}\n\nexport function _getFinalTarget(\n auth: Auth,\n host: string,\n path: string,\n query: string\n): string {\n const base = `${host}${path}?${query}`;\n\n if (!(auth as AuthInternal).config.emulator) {\n return `${auth.config.apiScheme}://${base}`;\n }\n\n return _emulatorUrl(auth.config as ConfigInternal, base);\n}\n\nexport function _parseEnforcementState(\n enforcementStateStr: string\n): EnforcementState {\n switch (enforcementStateStr) {\n case 'ENFORCE':\n return EnforcementState.ENFORCE;\n case 'AUDIT':\n return EnforcementState.AUDIT;\n case 'OFF':\n return EnforcementState.OFF;\n default:\n return EnforcementState.ENFORCEMENT_STATE_UNSPECIFIED;\n }\n}\n\nclass NetworkTimeout<T> {\n // Node timers and browser timers are fundamentally incompatible, but we\n // don't care about the value here\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private timer: any | null = null;\n readonly promise = new Promise<T>((_, reject) => {\n this.timer = setTimeout(() => {\n return reject(\n _createError(this.auth, AuthErrorCode.NETWORK_REQUEST_FAILED)\n );\n }, DEFAULT_API_TIMEOUT_MS.get());\n });\n\n clearNetworkTimeout(): void {\n clearTimeout(this.timer);\n }\n\n constructor(private readonly auth: Auth) {}\n}\n\ninterface PotentialResponse extends IdTokenResponse {\n email?: string;\n phoneNumber?: string;\n}\n\nexport function _makeTaggedError(\n auth: Auth,\n code: AuthErrorCode,\n response: PotentialResponse\n): FirebaseError {\n const errorParams: NamedErrorParams = {\n appName: auth.name\n };\n\n if (response.email) {\n errorParams.email = response.email;\n }\n if (response.phoneNumber) {\n errorParams.phoneNumber = response.phoneNumber;\n }\n\n const error = _createError(auth, code, errorParams);\n\n // We know customData is defined on error because errorParams is defined\n (error.customData! as TaggedWithTokenResponse)._tokenResponse = response;\n return error;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isMobileCordova, isReactNative } from '@firebase/util';\nimport { _isOnline } from './navigator';\nimport { debugAssert } from './assert';\n\nexport const enum DelayMin {\n OFFLINE = 5000\n}\n\n/**\n * A structure to help pick between a range of long and short delay durations\n * depending on the current environment. In general, the long delay is used for\n * mobile environments whereas short delays are used for desktop environments.\n */\nexport class Delay {\n // The default value for the offline delay timeout in ms.\n\n private readonly isMobile: boolean;\n constructor(\n private readonly shortDelay: number,\n private readonly longDelay: number\n ) {\n // Internal error when improperly initialized.\n debugAssert(\n longDelay > shortDelay,\n 'Short delay should be less than long delay!'\n );\n this.isMobile = isMobileCordova() || isReactNative();\n }\n\n get(): number {\n if (!_isOnline()) {\n // Pick the shorter timeout.\n return Math.min(DelayMin.OFFLINE, this.shortDelay);\n }\n // If running in a mobile environment, return the long delay, otherwise\n // return the short delay.\n // This could be improved in the future to dynamically change based on other\n // variables instead of just reading the current environment.\n return this.isMobile ? this.longDelay : this.shortDelay;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { RecaptchaParameters } from '../../model/public_types';\nimport {\n GetRecaptchaConfigResponse,\n RecaptchaEnforcementProviderState\n} from '../../api/authentication/recaptcha';\nimport {\n EnforcementState,\n RecaptchaAuthProvider,\n _parseEnforcementState\n} from '../../api/index';\n\n// reCAPTCHA v2 interface\nexport interface Recaptcha {\n render: (container: HTMLElement, parameters: RecaptchaParameters) => number;\n getResponse: (id: number) => string;\n execute: (id: number) => unknown;\n reset: (id: number) => unknown;\n}\n\nexport function isV2(\n grecaptcha: Recaptcha | GreCAPTCHA | undefined\n): grecaptcha is Recaptcha {\n return (\n grecaptcha !== undefined &&\n (grecaptcha as Recaptcha).getResponse !== undefined\n );\n}\n\n// reCAPTCHA Enterprise & v3 shared interface\nexport interface GreCAPTCHATopLevel extends GreCAPTCHA {\n enterprise: GreCAPTCHA;\n}\n\n// reCAPTCHA Enterprise interface\nexport interface GreCAPTCHA {\n ready: (callback: () => void) => void;\n execute: (siteKey: string, options: { action: string }) => Promise<string>;\n render: (\n container: string | HTMLElement,\n parameters: GreCAPTCHARenderOption\n ) => string;\n}\n\nexport interface GreCAPTCHARenderOption {\n sitekey: string;\n size: 'invisible';\n}\n\nexport function isEnterprise(\n grecaptcha: Recaptcha | GreCAPTCHA | undefined\n): grecaptcha is GreCAPTCHATopLevel {\n return (\n grecaptcha !== undefined &&\n (grecaptcha as GreCAPTCHATopLevel).enterprise !== undefined\n );\n}\n\n// TODO(chuanr): Replace this with the AuthWindow after resolving the dependency issue in Node.js env.\ndeclare global {\n interface Window {\n grecaptcha?: Recaptcha | GreCAPTCHATopLevel;\n }\n}\n\nexport class RecaptchaConfig {\n /**\n * The reCAPTCHA site key.\n */\n siteKey: string = '';\n\n /**\n * The list of providers and their enablement status for reCAPTCHA Enterprise.\n */\n recaptchaEnforcementState: RecaptchaEnforcementProviderState[] = [];\n\n constructor(response: GetRecaptchaConfigResponse) {\n if (response.recaptchaKey === undefined) {\n throw new Error('recaptchaKey undefined');\n }\n // Example response.recaptchaKey: \"projects/proj123/keys/sitekey123\"\n this.siteKey = response.recaptchaKey.split('/')[3];\n this.recaptchaEnforcementState = response.recaptchaEnforcementState;\n }\n\n /**\n * Returns the reCAPTCHA Enterprise enforcement state for the given provider.\n *\n * @param providerStr - The provider whose enforcement state is to be returned.\n * @returns The reCAPTCHA Enterprise enforcement state for the given provider.\n */\n getProviderEnforcementState(providerStr: string): EnforcementState | null {\n if (\n !this.recaptchaEnforcementState ||\n this.recaptchaEnforcementState.length === 0\n ) {\n return null;\n }\n\n for (const recaptchaEnforcementState of this.recaptchaEnforcementState) {\n if (\n recaptchaEnforcementState.provider &&\n recaptchaEnforcementState.provider === providerStr\n ) {\n return _parseEnforcementState(\n recaptchaEnforcementState.enforcementState\n );\n }\n }\n return null;\n }\n\n /**\n * Returns true if the reCAPTCHA Enterprise enforcement state for the provider is set to ENFORCE or AUDIT.\n *\n * @param providerStr - The provider whose enablement state is to be returned.\n * @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider.\n */\n isProviderEnabled(providerStr: string): boolean {\n return (\n this.getProviderEnforcementState(providerStr) ===\n EnforcementState.ENFORCE ||\n this.getProviderEnforcementState(providerStr) === EnforcementState.AUDIT\n );\n }\n\n /**\n * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise\n * returns false.\n *\n * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider.\n */\n isAnyProviderEnabled(): boolean {\n return (\n this.isProviderEnabled(RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER) ||\n this.isProviderEnabled(RecaptchaAuthProvider.PHONE_PROVIDER)\n );\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _performApiRequest,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\ninterface GetRecaptchaParamResponse {\n recaptchaSiteKey?: string;\n}\n\nexport async function getRecaptchaParams(auth: Auth): Promise<string> {\n return (\n (\n await _performApiRequest<void, GetRecaptchaParamResponse>(\n auth,\n HttpMethod.GET,\n Endpoint.GET_RECAPTCHA_PARAM\n )\n ).recaptchaSiteKey || ''\n );\n}\n\n// The following functions are for reCAPTCHA enterprise integration.\ninterface GetRecaptchaConfigRequest {\n tenantId?: string;\n clientType?: RecaptchaClientType;\n version?: RecaptchaVersion;\n}\n\nexport interface RecaptchaEnforcementProviderState {\n provider: string;\n enforcementState: string;\n}\n\nexport interface GetRecaptchaConfigResponse {\n recaptchaKey: string;\n recaptchaEnforcementState: RecaptchaEnforcementProviderState[];\n}\n\nexport async function getRecaptchaConfig(\n auth: Auth,\n request: GetRecaptchaConfigRequest\n): Promise<GetRecaptchaConfigResponse> {\n return _performApiRequest<\n GetRecaptchaConfigRequest,\n GetRecaptchaConfigResponse\n >(\n auth,\n HttpMethod.GET,\n Endpoint.GET_RECAPTCHA_CONFIG,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Endpoint, HttpMethod, _performApiRequest } from '../index';\nimport { MfaEnrollment } from './mfa';\nimport { Auth } from '../../model/public_types';\n\nexport interface DeleteAccountRequest {\n idToken: string;\n}\n\nexport async function deleteAccount(\n auth: Auth,\n request: DeleteAccountRequest\n): Promise<void> {\n return _performApiRequest<DeleteAccountRequest, void>(\n auth,\n HttpMethod.POST,\n Endpoint.DELETE_ACCOUNT,\n request\n );\n}\n\nexport interface ProviderUserInfo {\n providerId: string;\n rawId?: string;\n email?: string;\n displayName?: string;\n photoUrl?: string;\n phoneNumber?: string;\n}\n\nexport interface DeleteLinkedAccountsRequest {\n idToken: string;\n deleteProvider: string[];\n}\n\nexport interface DeleteLinkedAccountsResponse {\n providerUserInfo: ProviderUserInfo[];\n}\n\nexport async function deleteLinkedAccounts(\n auth: Auth,\n request: DeleteLinkedAccountsRequest\n): Promise<DeleteLinkedAccountsResponse> {\n return _performApiRequest<\n DeleteLinkedAccountsRequest,\n DeleteLinkedAccountsResponse\n >(auth, HttpMethod.POST, Endpoint.SET_ACCOUNT_INFO, request);\n}\n\nexport interface APIUserInfo {\n localId?: string;\n displayName?: string;\n photoUrl?: string;\n email?: string;\n emailVerified?: boolean;\n phoneNumber?: string;\n lastLoginAt?: number;\n createdAt?: number;\n tenantId?: string;\n passwordHash?: string;\n providerUserInfo?: ProviderUserInfo[];\n mfaInfo?: MfaEnrollment[];\n}\n\nexport interface GetAccountInfoRequest {\n idToken: string;\n}\n\nexport interface GetAccountInfoResponse {\n users: APIUserInfo[];\n}\n\nexport async function getAccountInfo(\n auth: Auth,\n request: GetAccountInfoRequest\n): Promise<GetAccountInfoResponse> {\n return _performApiRequest<GetAccountInfoRequest, GetAccountInfoResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.GET_ACCOUNT_INFO,\n request\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function utcTimestampToDateString(\n utcTimestamp?: string | number\n): string | undefined {\n if (!utcTimestamp) {\n return undefined;\n }\n try {\n // Convert to date object.\n const date = new Date(Number(utcTimestamp));\n // Test date is valid.\n if (!isNaN(date.getTime())) {\n // Convert to UTC date string.\n return date.toUTCString();\n }\n } catch (e) {\n // Do nothing. undefined will be returned.\n }\n return undefined;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { IdTokenResult, ParsedToken, User } from '../../model/public_types';\nimport { base64Decode, getModularInstance } from '@firebase/util';\n\nimport { UserInternal } from '../../model/user';\nimport { _assert } from '../util/assert';\nimport { _logError } from '../util/log';\nimport { utcTimestampToDateString } from '../util/time';\nimport { AuthErrorCode } from '../errors';\n\n/**\n * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.\n *\n * @remarks\n * Returns the current token if it has not expired or if it will not expire in the next five\n * minutes. Otherwise, this will refresh the token and return a new one.\n *\n * @param user - The user.\n * @param forceRefresh - Force refresh regardless of token expiration.\n *\n * @public\n */\nexport function getIdToken(user: User, forceRefresh = false): Promise<string> {\n return getModularInstance(user).getIdToken(forceRefresh);\n}\n\n/**\n * Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.\n *\n * @remarks\n * Returns the current token if it has not expired or if it will not expire in the next five\n * minutes. Otherwise, this will refresh the token and return a new one.\n *\n * @param user - The user.\n * @param forceRefresh - Force refresh regardless of token expiration.\n *\n * @public\n */\nexport async function getIdTokenResult(\n user: User,\n forceRefresh = false\n): Promise<IdTokenResult> {\n const userInternal = getModularInstance(user) as UserInternal;\n const token = await userInternal.getIdToken(forceRefresh);\n const claims = _parseToken(token);\n\n _assert(\n claims && claims.exp && claims.auth_time && claims.iat,\n userInternal.auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const firebase =\n typeof claims.firebase === 'object' ? claims.firebase : undefined;\n\n const signInProvider: string | undefined = firebase?.['sign_in_provider'];\n\n return {\n claims,\n token,\n authTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.auth_time)\n )!,\n issuedAtTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.iat)\n )!,\n expirationTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.exp)\n )!,\n signInProvider: signInProvider || null,\n signInSecondFactor: firebase?.['sign_in_second_factor'] || null\n };\n}\n\nfunction secondsStringToMilliseconds(seconds: string): number {\n return Number(seconds) * 1000;\n}\n\nexport function _parseToken(token: string): ParsedToken | null {\n const [algorithm, payload, signature] = token.split('.');\n if (\n algorithm === undefined ||\n payload === undefined ||\n signature === undefined\n ) {\n _logError('JWT malformed, contained fewer than 3 sections');\n return null;\n }\n\n try {\n const decoded = base64Decode(payload);\n if (!decoded) {\n _logError('Failed to decode base64 JWT payload');\n return null;\n }\n return JSON.parse(decoded);\n } catch (e) {\n _logError(\n 'Caught error parsing JWT payload as JSON',\n (e as Error)?.toString()\n );\n return null;\n }\n}\n\n/**\n * Extract expiresIn TTL from a token by subtracting the expiration from the issuance.\n */\nexport function _tokenExpiresIn(token: string): number {\n const parsedToken = _parseToken(token);\n _assert(parsedToken, AuthErrorCode.INTERNAL_ERROR);\n _assert(typeof parsedToken.exp !== 'undefined', AuthErrorCode.INTERNAL_ERROR);\n _assert(typeof parsedToken.iat !== 'undefined', AuthErrorCode.INTERNAL_ERROR);\n return Number(parsedToken.exp) - Number(parsedToken.iat);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\n\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\n\nexport async function _logoutIfInvalidated<T>(\n user: UserInternal,\n promise: Promise<T>,\n bypassAuthState = false\n): Promise<T> {\n if (bypassAuthState) {\n return promise;\n }\n try {\n return await promise;\n } catch (e) {\n if (e instanceof FirebaseError && isUserInvalidated(e)) {\n if (user.auth.currentUser === user) {\n await user.auth.signOut();\n }\n }\n\n throw e;\n }\n}\n\nfunction isUserInvalidated({ code }: FirebaseError): boolean {\n return (\n code === `auth/${AuthErrorCode.USER_DISABLED}` ||\n code === `auth/${AuthErrorCode.TOKEN_EXPIRED}`\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\n\n// Refresh the token five minutes before expiration\nexport const enum Duration {\n OFFSET = 5 * 1000 * 60,\n RETRY_BACKOFF_MIN = 30 * 1000,\n RETRY_BACKOFF_MAX = 16 * 60 * 1000\n}\n\nexport class ProactiveRefresh {\n private isRunning = false;\n\n // Node timers and browser timers return fundamentally different types.\n // We don't actually care what the value is but TS won't accept unknown and\n // we can't cast properly in both environments.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private timerId: any | null = null;\n private errorBackoff = Duration.RETRY_BACKOFF_MIN;\n\n constructor(private readonly user: UserInternal) {}\n\n _start(): void {\n if (this.isRunning) {\n return;\n }\n\n this.isRunning = true;\n this.schedule();\n }\n\n _stop(): void {\n if (!this.isRunning) {\n return;\n }\n\n this.isRunning = false;\n if (this.timerId !== null) {\n clearTimeout(this.timerId);\n }\n }\n\n private getInterval(wasError: boolean): number {\n if (wasError) {\n const interval = this.errorBackoff;\n this.errorBackoff = Math.min(\n this.errorBackoff * 2,\n Duration.RETRY_BACKOFF_MAX\n );\n return interval;\n } else {\n // Reset the error backoff\n this.errorBackoff = Duration.RETRY_BACKOFF_MIN;\n const expTime = this.user.stsTokenManager.expirationTime ?? 0;\n const interval = expTime - Date.now() - Duration.OFFSET;\n\n return Math.max(0, interval);\n }\n }\n\n private schedule(wasError = false): void {\n if (!this.isRunning) {\n // Just in case...\n return;\n }\n\n const interval = this.getInterval(wasError);\n this.timerId = setTimeout(async () => {\n await this.iteration();\n }, interval);\n }\n\n private async iteration(): Promise<void> {\n try {\n await this.user.getIdToken(true);\n } catch (e) {\n // Only retry on network errors\n if (\n (e as FirebaseError)?.code ===\n `auth/${AuthErrorCode.NETWORK_REQUEST_FAILED}`\n ) {\n this.schedule(/* wasError */ true);\n }\n\n return;\n }\n this.schedule();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserMetadata as UserMetadataType } from '../../model/public_types';\n\nimport { utcTimestampToDateString } from '../util/time';\n\nexport class UserMetadata implements UserMetadataType {\n creationTime?: string;\n lastSignInTime?: string;\n\n constructor(\n private createdAt?: string | number,\n private lastLoginAt?: string | number\n ) {\n this._initializeTime();\n }\n\n private _initializeTime(): void {\n this.lastSignInTime = utcTimestampToDateString(this.lastLoginAt);\n this.creationTime = utcTimestampToDateString(this.createdAt);\n }\n\n _copy(metadata: UserMetadata): void {\n this.createdAt = metadata.createdAt;\n this.lastLoginAt = metadata.lastLoginAt;\n this._initializeTime();\n }\n\n toJSON(): object {\n return {\n createdAt: this.createdAt,\n lastLoginAt: this.lastLoginAt\n };\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User, UserInfo } from '../../model/public_types';\n\nimport {\n getAccountInfo,\n ProviderUserInfo\n} from '../../api/account_management/account';\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { UserMetadata } from './user_metadata';\nimport { getModularInstance } from '@firebase/util';\n\nexport async function _reloadWithoutSaving(user: UserInternal): Promise<void> {\n const auth = user.auth;\n const idToken = await user.getIdToken();\n const response = await _logoutIfInvalidated(\n user,\n getAccountInfo(auth, { idToken })\n );\n\n _assert(response?.users.length, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const coreAccount = response.users[0];\n\n user._notifyReloadListener(coreAccount);\n\n const newProviderData = coreAccount.providerUserInfo?.length\n ? extractProviderData(coreAccount.providerUserInfo)\n : [];\n\n const providerData = mergeProviderData(user.providerData, newProviderData);\n\n // Preserves the non-nonymous status of the stored user, even if no more\n // credentials (federated or email/password) are linked to the user. If\n // the user was previously anonymous, then use provider data to update.\n // On the other hand, if it was not anonymous before, it should never be\n // considered anonymous now.\n const oldIsAnonymous = user.isAnonymous;\n const newIsAnonymous =\n !(user.email && coreAccount.passwordHash) && !providerData?.length;\n const isAnonymous = !oldIsAnonymous ? false : newIsAnonymous;\n\n const updates: Partial<UserInternal> = {\n uid: coreAccount.localId,\n displayName: coreAccount.displayName || null,\n photoURL: coreAccount.photoUrl || null,\n email: coreAccount.email || null,\n emailVerified: coreAccount.emailVerified || false,\n phoneNumber: coreAccount.phoneNumber || null,\n tenantId: coreAccount.tenantId || null,\n providerData,\n metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),\n isAnonymous\n };\n\n Object.assign(user, updates);\n}\n\n/**\n * Reloads user account data, if signed in.\n *\n * @param user - The user.\n *\n * @public\n */\nexport async function reload(user: User): Promise<void> {\n const userInternal: UserInternal = getModularInstance(user) as UserInternal;\n await _reloadWithoutSaving(userInternal);\n\n // Even though the current user hasn't changed, update\n // current user will trigger a persistence update w/ the\n // new info.\n await userInternal.auth._persistUserIfCurrent(userInternal);\n userInternal.auth._notifyListenersIfCurrent(userInternal);\n}\n\nfunction mergeProviderData(\n original: UserInfo[],\n newData: UserInfo[]\n): UserInfo[] {\n const deduped = original.filter(\n o => !newData.some(n => n.providerId === o.providerId)\n );\n return [...deduped, ...newData];\n}\n\nexport function extractProviderData(providers: ProviderUserInfo[]): UserInfo[] {\n return providers.map(({ providerId, ...provider }) => {\n return {\n providerId,\n uid: provider.rawId || '',\n displayName: provider.displayName || null,\n email: provider.email || null,\n phoneNumber: provider.phoneNumber || null,\n photoURL: provider.photoUrl || null\n };\n });\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FinalizeMfaResponse } from '../../api/authentication/mfa';\nimport { requestStsToken } from '../../api/authentication/token';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { PersistedBlob } from '../persistence';\nimport { _assert, debugFail } from '../util/assert';\nimport { _tokenExpiresIn } from './id_token_result';\n\n/**\n * The number of milliseconds before the official expiration time of a token\n * to refresh that token, to provide a buffer for RPCs to complete.\n */\nexport const enum Buffer {\n TOKEN_REFRESH = 30_000\n}\n\n/**\n * We need to mark this class as internal explicitly to exclude it in the public typings, because\n * it references AuthInternal which has a circular dependency with UserInternal.\n *\n * @internal\n */\nexport class StsTokenManager {\n refreshToken: string | null = null;\n accessToken: string | null = null;\n expirationTime: number | null = null;\n\n get isExpired(): boolean {\n return (\n !this.expirationTime ||\n Date.now() > this.expirationTime - Buffer.TOKEN_REFRESH\n );\n }\n\n updateFromServerResponse(\n response: IdTokenResponse | FinalizeMfaResponse\n ): void {\n _assert(response.idToken, AuthErrorCode.INTERNAL_ERROR);\n _assert(\n typeof response.idToken !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n _assert(\n typeof response.refreshToken !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n const expiresIn =\n 'expiresIn' in response && typeof response.expiresIn !== 'undefined'\n ? Number(response.expiresIn)\n : _tokenExpiresIn(response.idToken);\n this.updateTokensAndExpiration(\n response.idToken,\n response.refreshToken,\n expiresIn\n );\n }\n\n updateFromIdToken(idToken: string): void {\n _assert(idToken.length !== 0, AuthErrorCode.INTERNAL_ERROR);\n const expiresIn = _tokenExpiresIn(idToken);\n this.updateTokensAndExpiration(idToken, null, expiresIn);\n }\n\n async getToken(\n auth: AuthInternal,\n forceRefresh = false\n ): Promise<string | null> {\n if (!forceRefresh && this.accessToken && !this.isExpired) {\n return this.accessToken;\n }\n\n _assert(this.refreshToken, auth, AuthErrorCode.TOKEN_EXPIRED);\n\n if (this.refreshToken) {\n await this.refresh(auth, this.refreshToken!);\n return this.accessToken;\n }\n\n return null;\n }\n\n clearRefreshToken(): void {\n this.refreshToken = null;\n }\n\n private async refresh(auth: AuthInternal, oldToken: string): Promise<void> {\n const { accessToken, refreshToken, expiresIn } = await requestStsToken(\n auth,\n oldToken\n );\n this.updateTokensAndExpiration(\n accessToken,\n refreshToken,\n Number(expiresIn)\n );\n }\n\n private updateTokensAndExpiration(\n accessToken: string,\n refreshToken: string | null,\n expiresInSec: number\n ): void {\n this.refreshToken = refreshToken || null;\n this.accessToken = accessToken || null;\n this.expirationTime = Date.now() + expiresInSec * 1000;\n }\n\n static fromJSON(appName: string, object: PersistedBlob): StsTokenManager {\n const { refreshToken, accessToken, expirationTime } = object;\n\n const manager = new StsTokenManager();\n if (refreshToken) {\n _assert(typeof refreshToken === 'string', AuthErrorCode.INTERNAL_ERROR, {\n appName\n });\n manager.refreshToken = refreshToken;\n }\n if (accessToken) {\n _assert(typeof accessToken === 'string', AuthErrorCode.INTERNAL_ERROR, {\n appName\n });\n manager.accessToken = accessToken;\n }\n if (expirationTime) {\n _assert(\n typeof expirationTime === 'number',\n AuthErrorCode.INTERNAL_ERROR,\n {\n appName\n }\n );\n manager.expirationTime = expirationTime;\n }\n return manager;\n }\n\n toJSON(): object {\n return {\n refreshToken: this.refreshToken,\n accessToken: this.accessToken,\n expirationTime: this.expirationTime\n };\n }\n\n _assign(stsTokenManager: StsTokenManager): void {\n this.accessToken = stsTokenManager.accessToken;\n this.refreshToken = stsTokenManager.refreshToken;\n this.expirationTime = stsTokenManager.expirationTime;\n }\n\n _clone(): StsTokenManager {\n return Object.assign(new StsTokenManager(), this.toJSON());\n }\n\n _performRefresh(): never {\n return debugFail('not implemented');\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/* eslint-disable camelcase */\n\nimport { querystring } from '@firebase/util';\n\nimport {\n _getFinalTarget,\n _performFetchWithErrorHandling,\n _performApiRequest,\n _addTidIfNecessary,\n HttpMethod,\n HttpHeader,\n Endpoint\n} from '../index';\nimport { FetchProvider } from '../../core/util/fetch_provider';\nimport { Auth } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\n\nexport const enum TokenType {\n REFRESH_TOKEN = 'REFRESH_TOKEN',\n ACCESS_TOKEN = 'ACCESS_TOKEN'\n}\n\n/** The server responses with snake_case; we convert to camelCase */\ninterface RequestStsTokenServerResponse {\n access_token: string;\n expires_in: string;\n refresh_token: string;\n}\n\nexport interface RequestStsTokenResponse {\n accessToken: string;\n expiresIn: string;\n refreshToken: string;\n}\n\nexport interface RevokeTokenRequest {\n providerId: string;\n tokenType: TokenType;\n token: string;\n idToken: string;\n tenantId?: string;\n}\n\nexport interface RevokeTokenResponse {}\n\nexport async function requestStsToken(\n auth: Auth,\n refreshToken: string\n): Promise<RequestStsTokenResponse> {\n const response =\n await _performFetchWithErrorHandling<RequestStsTokenServerResponse>(\n auth,\n {},\n async () => {\n const body = querystring({\n 'grant_type': 'refresh_token',\n 'refresh_token': refreshToken\n }).slice(1);\n const { tokenApiHost, apiKey } = auth.config;\n const url = _getFinalTarget(\n auth,\n tokenApiHost,\n Endpoint.TOKEN,\n `key=${apiKey}`\n );\n\n const headers = await (auth as AuthInternal)._getAdditionalHeaders();\n headers[HttpHeader.CONTENT_TYPE] = 'application/x-www-form-urlencoded';\n\n return FetchProvider.fetch()(url, {\n method: HttpMethod.POST,\n headers,\n body\n });\n }\n );\n\n // The response comes back in snake_case. Convert to camel:\n return {\n accessToken: response.access_token,\n expiresIn: response.expires_in,\n refreshToken: response.refresh_token\n };\n}\n\nexport async function revokeToken(\n auth: Auth,\n request: RevokeTokenRequest\n): Promise<RevokeTokenResponse> {\n return _performApiRequest<RevokeTokenRequest, RevokeTokenResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.REVOKE_TOKEN,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { IdTokenResult, UserInfo } from '../../model/public_types';\nimport { NextFn } from '@firebase/util';\nimport {\n APIUserInfo,\n GetAccountInfoResponse,\n deleteAccount\n} from '../../api/account_management/account';\nimport { FinalizeMfaResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport {\n MutableUserInfo,\n UserInternal,\n UserParameters\n} from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { PersistedBlob } from '../persistence';\nimport {\n _assert,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../util/assert';\nimport { getIdTokenResult } from './id_token_result';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { ProactiveRefresh } from './proactive_refresh';\nimport { extractProviderData, _reloadWithoutSaving, reload } from './reload';\nimport { StsTokenManager } from './token_manager';\nimport { UserMetadata } from './user_metadata';\nimport { ProviderId } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\nfunction assertStringOrUndefined(\n assertion: unknown,\n appName: string\n): asserts assertion is string | undefined {\n _assert(\n typeof assertion === 'string' || typeof assertion === 'undefined',\n AuthErrorCode.INTERNAL_ERROR,\n { appName }\n );\n}\n\nexport class UserImpl implements UserInternal {\n // For the user object, provider is always Firebase.\n readonly providerId = ProviderId.FIREBASE;\n stsTokenManager: StsTokenManager;\n // Last known accessToken so we know when it changes\n private accessToken: string | null;\n\n uid: string;\n auth: AuthInternal;\n emailVerified: boolean;\n isAnonymous: boolean;\n tenantId: string | null;\n readonly metadata: UserMetadata;\n providerData: MutableUserInfo[];\n\n // Optional fields from UserInfo\n displayName: string | null;\n email: string | null;\n phoneNumber: string | null;\n photoURL: string | null;\n\n _redirectEventId?: string;\n private readonly proactiveRefresh = new ProactiveRefresh(this);\n\n constructor({ uid, auth, stsTokenManager, ...opt }: UserParameters) {\n this.uid = uid;\n this.auth = auth;\n this.stsTokenManager = stsTokenManager;\n this.accessToken = stsTokenManager.accessToken;\n this.displayName = opt.displayName || null;\n this.email = opt.email || null;\n this.emailVerified = opt.emailVerified || false;\n this.phoneNumber = opt.phoneNumber || null;\n this.photoURL = opt.photoURL || null;\n this.isAnonymous = opt.isAnonymous || false;\n this.tenantId = opt.tenantId || null;\n this.providerData = opt.providerData ? [...opt.providerData] : [];\n this.metadata = new UserMetadata(\n opt.createdAt || undefined,\n opt.lastLoginAt || undefined\n );\n }\n\n async getIdToken(forceRefresh?: boolean): Promise<string> {\n const accessToken = await _logoutIfInvalidated(\n this,\n this.stsTokenManager.getToken(this.auth, forceRefresh)\n );\n _assert(accessToken, this.auth, AuthErrorCode.INTERNAL_ERROR);\n\n if (this.accessToken !== accessToken) {\n this.accessToken = accessToken;\n await this.auth._persistUserIfCurrent(this);\n this.auth._notifyListenersIfCurrent(this);\n }\n\n return accessToken;\n }\n\n getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult> {\n return getIdTokenResult(this, forceRefresh);\n }\n\n reload(): Promise<void> {\n return reload(this);\n }\n\n private reloadUserInfo: APIUserInfo | null = null;\n private reloadListener: NextFn<APIUserInfo> | null = null;\n\n _assign(user: UserInternal): void {\n if (this === user) {\n return;\n }\n _assert(this.uid === user.uid, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.displayName = user.displayName;\n this.photoURL = user.photoURL;\n this.email = user.email;\n this.emailVerified = user.emailVerified;\n this.phoneNumber = user.phoneNumber;\n this.isAnonymous = user.isAnonymous;\n this.tenantId = user.tenantId;\n this.providerData = user.providerData.map(userInfo => ({ ...userInfo }));\n this.metadata._copy(user.metadata);\n this.stsTokenManager._assign(user.stsTokenManager);\n }\n\n _clone(auth: AuthInternal): UserInternal {\n const newUser = new UserImpl({\n ...this,\n auth,\n stsTokenManager: this.stsTokenManager._clone()\n });\n newUser.metadata._copy(this.metadata);\n return newUser;\n }\n\n _onReload(callback: NextFn<APIUserInfo>): void {\n // There should only ever be one listener, and that is a single instance of MultiFactorUser\n _assert(!this.reloadListener, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.reloadListener = callback;\n if (this.reloadUserInfo) {\n this._notifyReloadListener(this.reloadUserInfo);\n this.reloadUserInfo = null;\n }\n }\n\n _notifyReloadListener(userInfo: APIUserInfo): void {\n if (this.reloadListener) {\n this.reloadListener(userInfo);\n } else {\n // If no listener is subscribed yet, save the result so it's available when they do subscribe\n this.reloadUserInfo = userInfo;\n }\n }\n\n _startProactiveRefresh(): void {\n this.proactiveRefresh._start();\n }\n\n _stopProactiveRefresh(): void {\n this.proactiveRefresh._stop();\n }\n\n async _updateTokensIfNecessary(\n response: IdTokenResponse | FinalizeMfaResponse,\n reload = false\n ): Promise<void> {\n let tokensRefreshed = false;\n if (\n response.idToken &&\n response.idToken !== this.stsTokenManager.accessToken\n ) {\n this.stsTokenManager.updateFromServerResponse(response);\n tokensRefreshed = true;\n }\n\n if (reload) {\n await _reloadWithoutSaving(this);\n }\n\n await this.auth._persistUserIfCurrent(this);\n if (tokensRefreshed) {\n this.auth._notifyListenersIfCurrent(this);\n }\n }\n\n async delete(): Promise<void> {\n if (_isFirebaseServerApp(this.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this.auth)\n );\n }\n const idToken = await this.getIdToken();\n await _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken }));\n this.stsTokenManager.clearRefreshToken();\n\n // TODO: Determine if cancellable-promises are necessary to use in this class so that delete()\n // cancels pending actions...\n\n return this.auth.signOut();\n }\n\n toJSON(): PersistedBlob {\n return {\n uid: this.uid,\n email: this.email || undefined,\n emailVerified: this.emailVerified,\n displayName: this.displayName || undefined,\n isAnonymous: this.isAnonymous,\n photoURL: this.photoURL || undefined,\n phoneNumber: this.phoneNumber || undefined,\n tenantId: this.tenantId || undefined,\n providerData: this.providerData.map(userInfo => ({ ...userInfo })),\n stsTokenManager: this.stsTokenManager.toJSON(),\n // Redirect event ID must be maintained in case there is a pending\n // redirect event.\n _redirectEventId: this._redirectEventId,\n ...this.metadata.toJSON(),\n\n // Required for compatibility with the legacy SDK (go/firebase-auth-sdk-persistence-parsing):\n apiKey: this.auth.config.apiKey,\n appName: this.auth.name\n // Missing authDomain will be tolerated by the legacy SDK.\n // stsTokenManager.apiKey isn't actually required (despite the legacy SDK persisting it).\n };\n }\n\n get refreshToken(): string {\n return this.stsTokenManager.refreshToken || '';\n }\n\n static _fromJSON(auth: AuthInternal, object: PersistedBlob): UserInternal {\n const displayName = object.displayName ?? undefined;\n const email = object.email ?? undefined;\n const phoneNumber = object.phoneNumber ?? undefined;\n const photoURL = object.photoURL ?? undefined;\n const tenantId = object.tenantId ?? undefined;\n const _redirectEventId = object._redirectEventId ?? undefined;\n const createdAt = object.createdAt ?? undefined;\n const lastLoginAt = object.lastLoginAt ?? undefined;\n const {\n uid,\n emailVerified,\n isAnonymous,\n providerData,\n stsTokenManager: plainObjectTokenManager\n } = object;\n\n _assert(uid && plainObjectTokenManager, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const stsTokenManager = StsTokenManager.fromJSON(\n this.name,\n plainObjectTokenManager as PersistedBlob\n );\n\n _assert(typeof uid === 'string', auth, AuthErrorCode.INTERNAL_ERROR);\n assertStringOrUndefined(displayName, auth.name);\n assertStringOrUndefined(email, auth.name);\n _assert(\n typeof emailVerified === 'boolean',\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n _assert(\n typeof isAnonymous === 'boolean',\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n assertStringOrUndefined(phoneNumber, auth.name);\n assertStringOrUndefined(photoURL, auth.name);\n assertStringOrUndefined(tenantId, auth.name);\n assertStringOrUndefined(_redirectEventId, auth.name);\n assertStringOrUndefined(createdAt, auth.name);\n assertStringOrUndefined(lastLoginAt, auth.name);\n const user = new UserImpl({\n uid,\n auth,\n email,\n emailVerified,\n displayName,\n isAnonymous,\n photoURL,\n phoneNumber,\n tenantId,\n stsTokenManager,\n createdAt,\n lastLoginAt\n });\n\n if (providerData && Array.isArray(providerData)) {\n user.providerData = providerData.map(userInfo => ({ ...userInfo }));\n }\n\n if (_redirectEventId) {\n user._redirectEventId = _redirectEventId;\n }\n\n return user;\n }\n\n /**\n * Initialize a User from an idToken server response\n * @param auth\n * @param idTokenResponse\n */\n static async _fromIdTokenResponse(\n auth: AuthInternal,\n idTokenResponse: IdTokenResponse,\n isAnonymous: boolean = false\n ): Promise<UserInternal> {\n const stsTokenManager = new StsTokenManager();\n stsTokenManager.updateFromServerResponse(idTokenResponse);\n\n // Initialize the Firebase Auth user.\n const user = new UserImpl({\n uid: idTokenResponse.localId,\n auth,\n stsTokenManager,\n isAnonymous\n });\n\n // Updates the user info and data and resolves with a user instance.\n await _reloadWithoutSaving(user);\n return user;\n }\n\n /**\n * Initialize a User from an idToken server response\n * @param auth\n * @param idTokenResponse\n */\n static async _fromGetAccountInfoResponse(\n auth: AuthInternal,\n response: GetAccountInfoResponse,\n idToken: string\n ): Promise<UserInternal> {\n const coreAccount = response.users[0];\n _assert(coreAccount.localId !== undefined, AuthErrorCode.INTERNAL_ERROR);\n\n const providerData: UserInfo[] =\n coreAccount.providerUserInfo !== undefined\n ? extractProviderData(coreAccount.providerUserInfo)\n : [];\n\n const isAnonymous =\n !(coreAccount.email && coreAccount.passwordHash) && !providerData?.length;\n\n const stsTokenManager = new StsTokenManager();\n stsTokenManager.updateFromIdToken(idToken);\n\n // Initialize the Firebase Auth user.\n const user = new UserImpl({\n uid: coreAccount.localId,\n auth,\n stsTokenManager,\n isAnonymous\n });\n\n // update the user with data from the GetAccountInfo response.\n const updates: Partial<UserInternal> = {\n uid: coreAccount.localId,\n displayName: coreAccount.displayName || null,\n photoURL: coreAccount.photoUrl || null,\n email: coreAccount.email || null,\n emailVerified: coreAccount.emailVerified || false,\n phoneNumber: coreAccount.phoneNumber || null,\n tenantId: coreAccount.tenantId || null,\n providerData,\n metadata: new UserMetadata(\n coreAccount.createdAt,\n coreAccount.lastLoginAt\n ),\n isAnonymous:\n !(coreAccount.email && coreAccount.passwordHash) &&\n !providerData?.length\n };\n\n Object.assign(user, updates);\n return user;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { debugAssert } from './assert';\n\n/**\n * Our API has a lot of one-off constants that are used to do things.\n * Unfortunately we can't export these as classes instantiated directly since\n * the constructor may side effect and therefore can't be proven to be safely\n * culled. Instead, we export these classes themselves as a lowerCamelCase\n * constant, and instantiate them under the hood.\n */\nexport interface SingletonInstantiator<T> {\n new (): T;\n}\n\nconst instanceCache: Map<unknown, unknown> = new Map();\n\nexport function _getInstance<T>(cls: unknown): T {\n debugAssert(cls instanceof Function, 'Expected a class definition');\n let instance = instanceCache.get(cls) as T | undefined;\n\n if (instance) {\n debugAssert(\n instance instanceof cls,\n 'Instance stored in cache mismatched with class'\n );\n return instance;\n }\n\n instance = new (cls as SingletonInstantiator<T>)();\n instanceCache.set(cls, instance);\n return instance;\n}\n\nexport function _clearInstanceMap(): void {\n instanceCache.clear();\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport {\n PersistenceInternal,\n PersistenceType,\n PersistenceValue,\n StorageEventListener\n} from '../persistence';\n\nexport class InMemoryPersistence implements PersistenceInternal {\n static type: 'NONE' = 'NONE';\n readonly type = PersistenceType.NONE;\n storage: Record<string, PersistenceValue> = {};\n\n async _isAvailable(): Promise<boolean> {\n return true;\n }\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n this.storage[key] = value;\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const value = this.storage[key];\n return value === undefined ? null : (value as T);\n }\n\n async _remove(key: string): Promise<void> {\n delete this.storage[key];\n }\n\n _addListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for in-memory storage since it cannot be shared across windows/workers\n return;\n }\n\n _removeListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for in-memory storage since it cannot be shared across windows/workers\n return;\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type 'NONE'.\n *\n * @public\n */\nexport const inMemoryPersistence: Persistence = InMemoryPersistence;\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ApiKey, AppName, AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { PersistedBlob, PersistenceInternal } from '../persistence';\nimport { UserImpl } from '../user/user_impl';\nimport { _getInstance } from '../util/instantiator';\nimport { inMemoryPersistence } from './in_memory';\n\nexport const enum KeyName {\n AUTH_USER = 'authUser',\n AUTH_EVENT = 'authEvent',\n REDIRECT_USER = 'redirectUser',\n PERSISTENCE_USER = 'persistence'\n}\nexport const enum Namespace {\n PERSISTENCE = 'firebase'\n}\n\nexport function _persistenceKeyName(\n key: string,\n apiKey: ApiKey,\n appName: AppName\n): string {\n return `${Namespace.PERSISTENCE}:${key}:${apiKey}:${appName}`;\n}\n\nexport class PersistenceUserManager {\n private readonly fullUserKey: string;\n private readonly fullPersistenceKey: string;\n private readonly boundEventHandler: () => void;\n\n private constructor(\n public persistence: PersistenceInternal,\n private readonly auth: AuthInternal,\n private readonly userKey: string\n ) {\n const { config, name } = this.auth;\n this.fullUserKey = _persistenceKeyName(this.userKey, config.apiKey, name);\n this.fullPersistenceKey = _persistenceKeyName(\n KeyName.PERSISTENCE_USER,\n config.apiKey,\n name\n );\n this.boundEventHandler = auth._onStorageEvent.bind(auth);\n this.persistence._addListener(this.fullUserKey, this.boundEventHandler);\n }\n\n setCurrentUser(user: UserInternal): Promise<void> {\n return this.persistence._set(this.fullUserKey, user.toJSON());\n }\n\n async getCurrentUser(): Promise<UserInternal | null> {\n const blob = await this.persistence._get<PersistedBlob>(this.fullUserKey);\n return blob ? UserImpl._fromJSON(this.auth, blob) : null;\n }\n\n removeCurrentUser(): Promise<void> {\n return this.persistence._remove(this.fullUserKey);\n }\n\n savePersistenceForRedirect(): Promise<void> {\n return this.persistence._set(\n this.fullPersistenceKey,\n this.persistence.type\n );\n }\n\n async setPersistence(newPersistence: PersistenceInternal): Promise<void> {\n if (this.persistence === newPersistence) {\n return;\n }\n\n const currentUser = await this.getCurrentUser();\n await this.removeCurrentUser();\n\n this.persistence = newPersistence;\n\n if (currentUser) {\n return this.setCurrentUser(currentUser);\n }\n }\n\n delete(): void {\n this.persistence._removeListener(this.fullUserKey, this.boundEventHandler);\n }\n\n static async create(\n auth: AuthInternal,\n persistenceHierarchy: PersistenceInternal[],\n userKey = KeyName.AUTH_USER\n ): Promise<PersistenceUserManager> {\n if (!persistenceHierarchy.length) {\n return new PersistenceUserManager(\n _getInstance(inMemoryPersistence),\n auth,\n userKey\n );\n }\n\n // Eliminate any persistences that are not available\n const availablePersistences = (\n await Promise.all(\n persistenceHierarchy.map(async persistence => {\n if (await persistence._isAvailable()) {\n return persistence;\n }\n return undefined;\n })\n )\n ).filter(persistence => persistence) as PersistenceInternal[];\n\n // Fall back to the first persistence listed, or in memory if none available\n let selectedPersistence =\n availablePersistences[0] ||\n _getInstance<PersistenceInternal>(inMemoryPersistence);\n\n const key = _persistenceKeyName(userKey, auth.config.apiKey, auth.name);\n\n // Pull out the existing user, setting the chosen persistence to that\n // persistence if the user exists.\n let userToMigrate: UserInternal | null = null;\n // Note, here we check for a user in _all_ persistences, not just the\n // ones deemed available. If we can migrate a user out of a broken\n // persistence, we will (but only if that persistence supports migration).\n for (const persistence of persistenceHierarchy) {\n try {\n const blob = await persistence._get<PersistedBlob>(key);\n if (blob) {\n const user = UserImpl._fromJSON(auth, blob); // throws for unparsable blob (wrong format)\n if (persistence !== selectedPersistence) {\n userToMigrate = user;\n }\n selectedPersistence = persistence;\n break;\n }\n } catch {}\n }\n\n // If we find the user in a persistence that does support migration, use\n // that migration path (of only persistences that support migration)\n const migrationHierarchy = availablePersistences.filter(\n p => p._shouldAllowMigration\n );\n\n // If the persistence does _not_ allow migration, just finish off here\n if (\n !selectedPersistence._shouldAllowMigration ||\n !migrationHierarchy.length\n ) {\n return new PersistenceUserManager(selectedPersistence, auth, userKey);\n }\n\n selectedPersistence = migrationHierarchy[0];\n if (userToMigrate) {\n // This normally shouldn't throw since chosenPersistence.isAvailable() is true, but if it does\n // we'll just let it bubble to surface the error.\n await selectedPersistence._set(key, userToMigrate.toJSON());\n }\n\n // Attempt to clear the key in other persistences but ignore errors. This helps prevent issues\n // such as users getting stuck with a previous account after signing out and refreshing the tab.\n await Promise.all(\n persistenceHierarchy.map(async persistence => {\n if (persistence !== selectedPersistence) {\n try {\n await persistence._remove(key);\n } catch {}\n }\n })\n );\n return new PersistenceUserManager(selectedPersistence, auth, userKey);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isIE, getUA } from '@firebase/util';\n\ninterface NavigatorStandalone extends Navigator {\n standalone?: unknown;\n}\n\ninterface Document {\n documentMode?: number;\n}\n\n/**\n * Enums for Browser name.\n */\nexport const enum BrowserName {\n ANDROID = 'Android',\n BLACKBERRY = 'Blackberry',\n EDGE = 'Edge',\n FIREFOX = 'Firefox',\n IE = 'IE',\n IEMOBILE = 'IEMobile',\n OPERA = 'Opera',\n OTHER = 'Other',\n CHROME = 'Chrome',\n SAFARI = 'Safari',\n SILK = 'Silk',\n WEBOS = 'Webos'\n}\n\n/**\n * Determine the browser for the purposes of reporting usage to the API\n */\nexport function _getBrowserName(userAgent: string): BrowserName | string {\n const ua = userAgent.toLowerCase();\n if (ua.includes('opera/') || ua.includes('opr/') || ua.includes('opios/')) {\n return BrowserName.OPERA;\n } else if (_isIEMobile(ua)) {\n // Windows phone IEMobile browser.\n return BrowserName.IEMOBILE;\n } else if (ua.includes('msie') || ua.includes('trident/')) {\n return BrowserName.IE;\n } else if (ua.includes('edge/')) {\n return BrowserName.EDGE;\n } else if (_isFirefox(ua)) {\n return BrowserName.FIREFOX;\n } else if (ua.includes('silk/')) {\n return BrowserName.SILK;\n } else if (_isBlackBerry(ua)) {\n // Blackberry browser.\n return BrowserName.BLACKBERRY;\n } else if (_isWebOS(ua)) {\n // WebOS default browser.\n return BrowserName.WEBOS;\n } else if (_isSafari(ua)) {\n return BrowserName.SAFARI;\n } else if (\n (ua.includes('chrome/') || _isChromeIOS(ua)) &&\n !ua.includes('edge/')\n ) {\n return BrowserName.CHROME;\n } else if (_isAndroid(ua)) {\n // Android stock browser.\n return BrowserName.ANDROID;\n } else {\n // Most modern browsers have name/version at end of user agent string.\n const re = /([a-zA-Z\\d\\.]+)\\/[a-zA-Z\\d\\.]*$/;\n const matches = userAgent.match(re);\n if (matches?.length === 2) {\n return matches[1];\n }\n }\n return BrowserName.OTHER;\n}\n\nexport function _isFirefox(ua = getUA()): boolean {\n return /firefox\\//i.test(ua);\n}\n\nexport function _isSafari(userAgent = getUA()): boolean {\n const ua = userAgent.toLowerCase();\n return (\n ua.includes('safari/') &&\n !ua.includes('chrome/') &&\n !ua.includes('crios/') &&\n !ua.includes('android')\n );\n}\n\nexport function _isChromeIOS(ua = getUA()): boolean {\n return /crios\\//i.test(ua);\n}\n\nexport function _isIEMobile(ua = getUA()): boolean {\n return /iemobile/i.test(ua);\n}\n\nexport function _isAndroid(ua = getUA()): boolean {\n return /android/i.test(ua);\n}\n\nexport function _isBlackBerry(ua = getUA()): boolean {\n return /blackberry/i.test(ua);\n}\n\nexport function _isWebOS(ua = getUA()): boolean {\n return /webos/i.test(ua);\n}\n\nexport function _isIOS(ua = getUA()): boolean {\n return (\n /iphone|ipad|ipod/i.test(ua) ||\n (/macintosh/i.test(ua) && /mobile/i.test(ua))\n );\n}\n\nexport function _isIOS7Or8(ua = getUA()): boolean {\n return (\n /(iPad|iPhone|iPod).*OS 7_\\d/i.test(ua) ||\n /(iPad|iPhone|iPod).*OS 8_\\d/i.test(ua)\n );\n}\n\nexport function _isIOSStandalone(ua = getUA()): boolean {\n return _isIOS(ua) && !!(window.navigator as NavigatorStandalone)?.standalone;\n}\n\nexport function _isIE10(): boolean {\n return isIE() && (document as Document).documentMode === 10;\n}\n\nexport function _isMobileBrowser(ua: string = getUA()): boolean {\n // TODO: implement getBrowserName equivalent for OS.\n return (\n _isIOS(ua) ||\n _isAndroid(ua) ||\n _isWebOS(ua) ||\n _isBlackBerry(ua) ||\n /windows phone/i.test(ua) ||\n _isIEMobile(ua)\n );\n}\n\nexport function _isIframe(): boolean {\n try {\n // Check that the current window is not the top window.\n // If so, return true.\n return !!(window && window !== window.top);\n } catch (e) {\n return false;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { _getBrowserName } from './browser';\nimport { getUA } from '@firebase/util';\n\nexport const enum ClientImplementation {\n CORE = 'JsCore'\n}\n\n/**\n * @internal\n */\nexport const enum ClientPlatform {\n BROWSER = 'Browser',\n NODE = 'Node',\n REACT_NATIVE = 'ReactNative',\n CORDOVA = 'Cordova',\n WORKER = 'Worker',\n WEB_EXTENSION = 'WebExtension'\n}\n\n/*\n * Determine the SDK version string\n */\nexport function _getClientVersion(\n clientPlatform: ClientPlatform,\n frameworks: readonly string[] = []\n): string {\n let reportedPlatform: string;\n switch (clientPlatform) {\n case ClientPlatform.BROWSER:\n // In a browser environment, report the browser name.\n reportedPlatform = _getBrowserName(getUA());\n break;\n case ClientPlatform.WORKER:\n // Technically a worker runs from a browser but we need to differentiate a\n // worker from a browser.\n // For example: Chrome-Worker/JsCore/4.9.1/FirebaseCore-web.\n reportedPlatform = `${_getBrowserName(getUA())}-${clientPlatform}`;\n break;\n default:\n reportedPlatform = clientPlatform;\n }\n const reportedFrameworks = frameworks.length\n ? frameworks.join(',')\n : 'FirebaseCore-web'; /* default value if no other framework is used */\n return `${reportedPlatform}/${ClientImplementation.CORE}/${SDK_VERSION}/${reportedFrameworks}`;\n}\n","/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthInternal } from '../../model/auth';\nimport { Unsubscribe, User } from '../../model/public_types';\nimport { AuthErrorCode } from '../errors';\n\ninterface MiddlewareEntry {\n (user: User | null): Promise<void>;\n onAbort?: () => void;\n}\n\nexport class AuthMiddlewareQueue {\n private readonly queue: MiddlewareEntry[] = [];\n\n constructor(private readonly auth: AuthInternal) {}\n\n pushCallback(\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n ): Unsubscribe {\n // The callback could be sync or async. Wrap it into a\n // function that is always async.\n const wrappedCallback: MiddlewareEntry = (\n user: User | null\n ): Promise<void> =>\n new Promise((resolve, reject) => {\n try {\n const result = callback(user);\n // Either resolve with existing promise or wrap a non-promise\n // return value into a promise.\n resolve(result);\n } catch (e) {\n // Sync callback throws.\n reject(e);\n }\n });\n // Attach the onAbort if present\n wrappedCallback.onAbort = onAbort;\n this.queue.push(wrappedCallback);\n\n const index = this.queue.length - 1;\n return () => {\n // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb\n // indexing of other elements.\n this.queue[index] = () => Promise.resolve();\n };\n }\n\n async runMiddleware(nextUser: User | null): Promise<void> {\n if (this.auth.currentUser === nextUser) {\n return;\n }\n\n // While running the middleware, build a temporary stack of onAbort\n // callbacks to call if one middleware callback rejects.\n\n const onAbortStack: Array<() => void> = [];\n try {\n for (const beforeStateCallback of this.queue) {\n await beforeStateCallback(nextUser);\n\n // Only push the onAbort if the callback succeeds\n if (beforeStateCallback.onAbort) {\n onAbortStack.push(beforeStateCallback.onAbort);\n }\n }\n } catch (e) {\n // Run all onAbort, with separate try/catch to ignore any errors and\n // continue\n onAbortStack.reverse();\n for (const onAbort of onAbortStack) {\n try {\n onAbort();\n } catch (_) {\n /* swallow error */\n }\n }\n\n throw this.auth._errorFactory.create(AuthErrorCode.LOGIN_BLOCKED, {\n originalMessage: (e as Error)?.message\n });\n }\n }\n}\n","/**\n * @license\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { GetPasswordPolicyResponse } from '../../api/password_policy/get_password_policy';\nimport {\n PasswordPolicyCustomStrengthOptions,\n PasswordPolicyInternal,\n PasswordValidationStatusInternal\n} from '../../model/password_policy';\nimport { PasswordValidationStatus } from '../../model/public_types';\n\n// Minimum min password length enforced by the backend, even if no minimum length is set.\nconst MINIMUM_MIN_PASSWORD_LENGTH = 6;\n\n/**\n * Stores password policy requirements and provides password validation against the policy.\n *\n * @internal\n */\nexport class PasswordPolicyImpl implements PasswordPolicyInternal {\n readonly customStrengthOptions: PasswordPolicyCustomStrengthOptions;\n readonly allowedNonAlphanumericCharacters: string;\n readonly enforcementState: string;\n readonly forceUpgradeOnSignin: boolean;\n readonly schemaVersion: number;\n\n constructor(response: GetPasswordPolicyResponse) {\n // Only include custom strength options defined in the response.\n const responseOptions = response.customStrengthOptions;\n this.customStrengthOptions = {};\n // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.\n this.customStrengthOptions.minPasswordLength =\n responseOptions.minPasswordLength ?? MINIMUM_MIN_PASSWORD_LENGTH;\n if (responseOptions.maxPasswordLength) {\n this.customStrengthOptions.maxPasswordLength =\n responseOptions.maxPasswordLength;\n }\n if (responseOptions.containsLowercaseCharacter !== undefined) {\n this.customStrengthOptions.containsLowercaseLetter =\n responseOptions.containsLowercaseCharacter;\n }\n if (responseOptions.containsUppercaseCharacter !== undefined) {\n this.customStrengthOptions.containsUppercaseLetter =\n responseOptions.containsUppercaseCharacter;\n }\n if (responseOptions.containsNumericCharacter !== undefined) {\n this.customStrengthOptions.containsNumericCharacter =\n responseOptions.containsNumericCharacter;\n }\n if (responseOptions.containsNonAlphanumericCharacter !== undefined) {\n this.customStrengthOptions.containsNonAlphanumericCharacter =\n responseOptions.containsNonAlphanumericCharacter;\n }\n\n this.enforcementState = response.enforcementState;\n if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {\n this.enforcementState = 'OFF';\n }\n\n // Use an empty string if no non-alphanumeric characters are specified in the response.\n this.allowedNonAlphanumericCharacters =\n response.allowedNonAlphanumericCharacters?.join('') ?? '';\n\n this.forceUpgradeOnSignin = response.forceUpgradeOnSignin ?? false;\n this.schemaVersion = response.schemaVersion;\n }\n\n validatePassword(password: string): PasswordValidationStatus {\n const status: PasswordValidationStatusInternal = {\n isValid: true,\n passwordPolicy: this\n };\n\n // Check the password length and character options.\n this.validatePasswordLengthOptions(password, status);\n this.validatePasswordCharacterOptions(password, status);\n\n // Combine the status into single isValid property.\n status.isValid &&= status.meetsMinPasswordLength ?? true;\n status.isValid &&= status.meetsMaxPasswordLength ?? true;\n status.isValid &&= status.containsLowercaseLetter ?? true;\n status.isValid &&= status.containsUppercaseLetter ?? true;\n status.isValid &&= status.containsNumericCharacter ?? true;\n status.isValid &&= status.containsNonAlphanumericCharacter ?? true;\n\n return status;\n }\n\n /**\n * Validates that the password meets the length options for the policy.\n *\n * @param password Password to validate.\n * @param status Validation status.\n */\n private validatePasswordLengthOptions(\n password: string,\n status: PasswordValidationStatusInternal\n ): void {\n const minPasswordLength = this.customStrengthOptions.minPasswordLength;\n const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;\n if (minPasswordLength) {\n status.meetsMinPasswordLength = password.length >= minPasswordLength;\n }\n if (maxPasswordLength) {\n status.meetsMaxPasswordLength = password.length <= maxPasswordLength;\n }\n }\n\n /**\n * Validates that the password meets the character options for the policy.\n *\n * @param password Password to validate.\n * @param status Validation status.\n */\n private validatePasswordCharacterOptions(\n password: string,\n status: PasswordValidationStatusInternal\n ): void {\n // Assign statuses for requirements even if the password is an empty string.\n this.updatePasswordCharacterOptionsStatuses(\n status,\n /* containsLowercaseCharacter= */ false,\n /* containsUppercaseCharacter= */ false,\n /* containsNumericCharacter= */ false,\n /* containsNonAlphanumericCharacter= */ false\n );\n\n let passwordChar;\n for (let i = 0; i < password.length; i++) {\n passwordChar = password.charAt(i);\n this.updatePasswordCharacterOptionsStatuses(\n status,\n /* containsLowercaseCharacter= */ passwordChar >= 'a' &&\n passwordChar <= 'z',\n /* containsUppercaseCharacter= */ passwordChar >= 'A' &&\n passwordChar <= 'Z',\n /* containsNumericCharacter= */ passwordChar >= '0' &&\n passwordChar <= '9',\n /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(\n passwordChar\n )\n );\n }\n }\n\n /**\n * Updates the running validation status with the statuses for the character options.\n * Expected to be called each time a character is processed to update each option status\n * based on the current character.\n *\n * @param status Validation status.\n * @param containsLowercaseCharacter Whether the character is a lowercase letter.\n * @param containsUppercaseCharacter Whether the character is an uppercase letter.\n * @param containsNumericCharacter Whether the character is a numeric character.\n * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.\n */\n private updatePasswordCharacterOptionsStatuses(\n status: PasswordValidationStatusInternal,\n containsLowercaseCharacter: boolean,\n containsUppercaseCharacter: boolean,\n containsNumericCharacter: boolean,\n containsNonAlphanumericCharacter: boolean\n ): void {\n if (this.customStrengthOptions.containsLowercaseLetter) {\n status.containsLowercaseLetter ||= containsLowercaseCharacter;\n }\n if (this.customStrengthOptions.containsUppercaseLetter) {\n status.containsUppercaseLetter ||= containsUppercaseCharacter;\n }\n if (this.customStrengthOptions.containsNumericCharacter) {\n status.containsNumericCharacter ||= containsNumericCharacter;\n }\n if (this.customStrengthOptions.containsNonAlphanumericCharacter) {\n status.containsNonAlphanumericCharacter ||=\n containsNonAlphanumericCharacter;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _isFirebaseServerApp,\n _FirebaseService,\n FirebaseApp\n} from '@firebase/app';\nimport { Provider } from '@firebase/component';\nimport { AppCheckInternalComponentName } from '@firebase/app-check-interop-types';\nimport {\n Auth,\n AuthErrorMap,\n AuthSettings,\n EmulatorConfig,\n NextOrObserver,\n Persistence,\n PopupRedirectResolver,\n User,\n UserCredential,\n CompleteFn,\n ErrorFn,\n NextFn,\n Unsubscribe,\n PasswordValidationStatus\n} from '../../model/public_types';\nimport {\n createSubscribe,\n ErrorFactory,\n FirebaseError,\n getModularInstance,\n Observer,\n Subscribe\n} from '@firebase/util';\n\nimport { AuthInternal, ConfigInternal } from '../../model/auth';\nimport { PopupRedirectResolverInternal } from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport {\n AuthErrorCode,\n AuthErrorParams,\n ErrorMapRetriever,\n _DEFAULT_AUTH_ERROR_FACTORY\n} from '../errors';\nimport { PersistenceInternal } from '../persistence';\nimport {\n KeyName,\n PersistenceUserManager\n} from '../persistence/persistence_user_manager';\nimport { _reloadWithoutSaving } from '../user/reload';\nimport {\n _assert,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../util/assert';\nimport { _getInstance } from '../util/instantiator';\nimport { _getUserLanguage } from '../util/navigator';\nimport { _getClientVersion } from '../util/version';\nimport { HttpHeader } from '../../api';\nimport {\n RevokeTokenRequest,\n TokenType,\n revokeToken\n} from '../../api/authentication/token';\nimport { AuthMiddlewareQueue } from './middleware';\nimport { RecaptchaConfig } from '../../platform_browser/recaptcha/recaptcha';\nimport { _logWarn } from '../util/log';\nimport { _getPasswordPolicy } from '../../api/password_policy/get_password_policy';\nimport { PasswordPolicyInternal } from '../../model/password_policy';\nimport { PasswordPolicyImpl } from './password_policy_impl';\nimport { getAccountInfo } from '../../api/account_management/account';\nimport { UserImpl } from '../user/user_impl';\n\ninterface AsyncAction {\n (): Promise<void>;\n}\n\nexport const enum DefaultConfig {\n TOKEN_API_HOST = 'securetoken.googleapis.com',\n API_HOST = 'identitytoolkit.googleapis.com',\n API_SCHEME = 'https'\n}\n\nexport class AuthImpl implements AuthInternal, _FirebaseService {\n currentUser: User | null = null;\n emulatorConfig: EmulatorConfig | null = null;\n private operations = Promise.resolve();\n private persistenceManager?: PersistenceUserManager;\n private redirectPersistenceManager?: PersistenceUserManager;\n private authStateSubscription = new Subscription<User>(this);\n private idTokenSubscription = new Subscription<User>(this);\n private readonly beforeStateQueue = new AuthMiddlewareQueue(this);\n private redirectUser: UserInternal | null = null;\n private isProactiveRefreshEnabled = false;\n private readonly EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION: number = 1;\n\n // Any network calls will set this to true and prevent subsequent emulator\n // initialization\n _canInitEmulator = true;\n _isInitialized = false;\n _deleted = false;\n _initializationPromise: Promise<void> | null = null;\n _popupRedirectResolver: PopupRedirectResolverInternal | null = null;\n _errorFactory: ErrorFactory<AuthErrorCode, AuthErrorParams> =\n _DEFAULT_AUTH_ERROR_FACTORY;\n _agentRecaptchaConfig: RecaptchaConfig | null = null;\n _tenantRecaptchaConfigs: Record<string, RecaptchaConfig> = {};\n _projectPasswordPolicy: PasswordPolicyInternal | null = null;\n _tenantPasswordPolicies: Record<string, PasswordPolicyInternal> = {};\n readonly name: string;\n\n // Tracks the last notified UID for state change listeners to prevent\n // repeated calls to the callbacks. Undefined means it's never been\n // called, whereas null means it's been called with a signed out user\n private lastNotifiedUid: string | null | undefined = undefined;\n\n languageCode: string | null = null;\n tenantId: string | null = null;\n settings: AuthSettings = { appVerificationDisabledForTesting: false };\n\n constructor(\n public readonly app: FirebaseApp,\n private readonly heartbeatServiceProvider: Provider<'heartbeat'>,\n private readonly appCheckServiceProvider: Provider<AppCheckInternalComponentName>,\n public readonly config: ConfigInternal\n ) {\n this.name = app.name;\n this.clientVersion = config.sdkClientVersion;\n }\n\n _initializeWithPersistence(\n persistenceHierarchy: PersistenceInternal[],\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n if (popupRedirectResolver) {\n this._popupRedirectResolver = _getInstance(popupRedirectResolver);\n }\n\n // Have to check for app deletion throughout initialization (after each\n // promise resolution)\n this._initializationPromise = this.queue(async () => {\n if (this._deleted) {\n return;\n }\n\n this.persistenceManager = await PersistenceUserManager.create(\n this,\n persistenceHierarchy\n );\n\n if (this._deleted) {\n return;\n }\n\n // Initialize the resolver early if necessary (only applicable to web:\n // this will cause the iframe to load immediately in certain cases)\n if (this._popupRedirectResolver?._shouldInitProactively) {\n // If this fails, don't halt auth loading\n try {\n await this._popupRedirectResolver._initialize(this);\n } catch (e) {\n /* Ignore the error */\n }\n }\n\n await this.initializeCurrentUser(popupRedirectResolver);\n\n this.lastNotifiedUid = this.currentUser?.uid || null;\n\n if (this._deleted) {\n return;\n }\n\n this._isInitialized = true;\n });\n\n return this._initializationPromise;\n }\n\n /**\n * If the persistence is changed in another window, the user manager will let us know\n */\n async _onStorageEvent(): Promise<void> {\n if (this._deleted) {\n return;\n }\n\n const user = await this.assertedPersistence.getCurrentUser();\n\n if (!this.currentUser && !user) {\n // No change, do nothing (was signed out and remained signed out).\n return;\n }\n\n // If the same user is to be synchronized.\n if (this.currentUser && user && this.currentUser.uid === user.uid) {\n // Data update, simply copy data changes.\n this._currentUser._assign(user);\n // If tokens changed from previous user tokens, this will trigger\n // notifyAuthListeners_.\n await this.currentUser.getIdToken();\n return;\n }\n\n // Update current Auth state. Either a new login or logout.\n // Skip blocking callbacks, they should not apply to a change in another tab.\n await this._updateCurrentUser(user, /* skipBeforeStateCallbacks */ true);\n }\n\n private async initializeCurrentUserFromIdToken(\n idToken: string\n ): Promise<void> {\n try {\n const response = await getAccountInfo(this, { idToken });\n const user = await UserImpl._fromGetAccountInfoResponse(\n this,\n response,\n idToken\n );\n await this.directlySetCurrentUser(user);\n } catch (err) {\n console.warn(\n 'FirebaseServerApp could not login user with provided authIdToken: ',\n err\n );\n await this.directlySetCurrentUser(null);\n }\n }\n\n private async initializeCurrentUser(\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n const idToken = this.app.settings.authIdToken;\n if (idToken) {\n // Start the auth operation in the next tick to allow a moment for the customer's app to\n // attach an emulator, if desired.\n return new Promise<void>(resolve => {\n setTimeout(() =>\n this.initializeCurrentUserFromIdToken(idToken).then(\n resolve,\n resolve\n )\n );\n });\n } else {\n return this.directlySetCurrentUser(null);\n }\n }\n\n // First check to see if we have a pending redirect event.\n const previouslyStoredUser =\n (await this.assertedPersistence.getCurrentUser()) as UserInternal | null;\n let futureCurrentUser = previouslyStoredUser;\n let needsTocheckMiddleware = false;\n if (popupRedirectResolver && this.config.authDomain) {\n await this.getOrInitRedirectPersistenceManager();\n const redirectUserEventId = this.redirectUser?._redirectEventId;\n const storedUserEventId = futureCurrentUser?._redirectEventId;\n const result = await this.tryRedirectSignIn(popupRedirectResolver);\n\n // If the stored user (i.e. the old \"currentUser\") has a redirectId that\n // matches the redirect user, then we want to initially sign in with the\n // new user object from result.\n // TODO(samgho): More thoroughly test all of this\n if (\n (!redirectUserEventId || redirectUserEventId === storedUserEventId) &&\n result?.user\n ) {\n futureCurrentUser = result.user as UserInternal;\n needsTocheckMiddleware = true;\n }\n }\n\n // If no user in persistence, there is no current user. Set to null.\n if (!futureCurrentUser) {\n return this.directlySetCurrentUser(null);\n }\n\n if (!futureCurrentUser._redirectEventId) {\n // This isn't a redirect link operation, we can reload and bail.\n // First though, ensure that we check the middleware is happy.\n if (needsTocheckMiddleware) {\n try {\n await this.beforeStateQueue.runMiddleware(futureCurrentUser);\n } catch (e) {\n futureCurrentUser = previouslyStoredUser;\n // We know this is available since the bit is only set when the\n // resolver is available\n this._popupRedirectResolver!._overrideRedirectResult(this, () =>\n Promise.reject(e)\n );\n }\n }\n\n if (futureCurrentUser) {\n return this.reloadAndSetCurrentUserOrClear(futureCurrentUser);\n } else {\n return this.directlySetCurrentUser(null);\n }\n }\n\n _assert(this._popupRedirectResolver, this, AuthErrorCode.ARGUMENT_ERROR);\n await this.getOrInitRedirectPersistenceManager();\n\n // If the redirect user's event ID matches the current user's event ID,\n // DO NOT reload the current user, otherwise they'll be cleared from storage.\n // This is important for the reauthenticateWithRedirect() flow.\n if (\n this.redirectUser &&\n this.redirectUser._redirectEventId === futureCurrentUser._redirectEventId\n ) {\n return this.directlySetCurrentUser(futureCurrentUser);\n }\n\n return this.reloadAndSetCurrentUserOrClear(futureCurrentUser);\n }\n\n private async tryRedirectSignIn(\n redirectResolver: PopupRedirectResolver\n ): Promise<UserCredential | null> {\n // The redirect user needs to be checked (and signed in if available)\n // during auth initialization. All of the normal sign in and link/reauth\n // flows call back into auth and push things onto the promise queue. We\n // need to await the result of the redirect sign in *inside the promise\n // queue*. This presents a problem: we run into deadlock. See:\n // ┌> [Initialization] ─────┐\n // ┌> [<other queue tasks>] │\n // └─ [getRedirectResult] <─┘\n // where [] are tasks on the queue and arrows denote awaits\n // Initialization will never complete because it's waiting on something\n // that's waiting for initialization to complete!\n //\n // Instead, this method calls getRedirectResult() (stored in\n // _completeRedirectFn) with an optional parameter that instructs all of\n // the underlying auth operations to skip anything that mutates auth state.\n\n let result: UserCredential | null = null;\n try {\n // We know this._popupRedirectResolver is set since redirectResolver\n // is passed in. The _completeRedirectFn expects the unwrapped extern.\n result = await this._popupRedirectResolver!._completeRedirectFn(\n this,\n redirectResolver,\n true\n );\n } catch (e) {\n // Swallow any errors here; the code can retrieve them in\n // getRedirectResult().\n await this._setRedirectUser(null);\n }\n\n return result;\n }\n\n private async reloadAndSetCurrentUserOrClear(\n user: UserInternal\n ): Promise<void> {\n try {\n await _reloadWithoutSaving(user);\n } catch (e) {\n if (\n (e as FirebaseError)?.code !==\n `auth/${AuthErrorCode.NETWORK_REQUEST_FAILED}`\n ) {\n // Something's wrong with the user's token. Log them out and remove\n // them from storage\n return this.directlySetCurrentUser(null);\n }\n }\n\n return this.directlySetCurrentUser(user);\n }\n\n useDeviceLanguage(): void {\n this.languageCode = _getUserLanguage();\n }\n\n async _delete(): Promise<void> {\n this._deleted = true;\n }\n\n async updateCurrentUser(userExtern: User | null): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this)\n );\n }\n // The public updateCurrentUser method needs to make a copy of the user,\n // and also check that the project matches\n const user = userExtern\n ? (getModularInstance(userExtern) as UserInternal)\n : null;\n if (user) {\n _assert(\n user.auth.config.apiKey === this.config.apiKey,\n this,\n AuthErrorCode.INVALID_AUTH\n );\n }\n return this._updateCurrentUser(user && user._clone(this));\n }\n\n async _updateCurrentUser(\n user: User | null,\n skipBeforeStateCallbacks: boolean = false\n ): Promise<void> {\n if (this._deleted) {\n return;\n }\n if (user) {\n _assert(\n this.tenantId === user.tenantId,\n this,\n AuthErrorCode.TENANT_ID_MISMATCH\n );\n }\n\n if (!skipBeforeStateCallbacks) {\n await this.beforeStateQueue.runMiddleware(user);\n }\n\n return this.queue(async () => {\n await this.directlySetCurrentUser(user as UserInternal | null);\n this.notifyAuthListeners();\n });\n }\n\n async signOut(): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this)\n );\n }\n // Run first, to block _setRedirectUser() if any callbacks fail.\n await this.beforeStateQueue.runMiddleware(null);\n // Clear the redirect user when signOut is called\n if (this.redirectPersistenceManager || this._popupRedirectResolver) {\n await this._setRedirectUser(null);\n }\n\n // Prevent callbacks from being called again in _updateCurrentUser, as\n // they were already called in the first line.\n return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);\n }\n\n setPersistence(persistence: Persistence): Promise<void> {\n if (_isFirebaseServerApp(this.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(this)\n );\n }\n return this.queue(async () => {\n await this.assertedPersistence.setPersistence(_getInstance(persistence));\n });\n }\n\n _getRecaptchaConfig(): RecaptchaConfig | null {\n if (this.tenantId == null) {\n return this._agentRecaptchaConfig;\n } else {\n return this._tenantRecaptchaConfigs[this.tenantId];\n }\n }\n\n async validatePassword(password: string): Promise<PasswordValidationStatus> {\n if (!this._getPasswordPolicyInternal()) {\n await this._updatePasswordPolicy();\n }\n\n // Password policy will be defined after fetching.\n const passwordPolicy: PasswordPolicyInternal =\n this._getPasswordPolicyInternal()!;\n\n // Check that the policy schema version is supported by the SDK.\n // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.\n if (\n passwordPolicy.schemaVersion !==\n this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION\n ) {\n return Promise.reject(\n this._errorFactory.create(\n AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION,\n {}\n )\n );\n }\n\n return passwordPolicy.validatePassword(password);\n }\n\n _getPasswordPolicyInternal(): PasswordPolicyInternal | null {\n if (this.tenantId === null) {\n return this._projectPasswordPolicy;\n } else {\n return this._tenantPasswordPolicies[this.tenantId];\n }\n }\n\n async _updatePasswordPolicy(): Promise<void> {\n const response = await _getPasswordPolicy(this);\n\n const passwordPolicy: PasswordPolicyInternal = new PasswordPolicyImpl(\n response\n );\n\n if (this.tenantId === null) {\n this._projectPasswordPolicy = passwordPolicy;\n } else {\n this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;\n }\n }\n\n _getPersistence(): string {\n return this.assertedPersistence.persistence.type;\n }\n\n _updateErrorMap(errorMap: AuthErrorMap): void {\n this._errorFactory = new ErrorFactory<AuthErrorCode, AuthErrorParams>(\n 'auth',\n 'Firebase',\n (errorMap as ErrorMapRetriever)()\n );\n }\n\n onAuthStateChanged(\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n return this.registerStateListener(\n this.authStateSubscription,\n nextOrObserver,\n error,\n completed\n );\n }\n\n beforeAuthStateChanged(\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n ): Unsubscribe {\n return this.beforeStateQueue.pushCallback(callback, onAbort);\n }\n\n onIdTokenChanged(\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n return this.registerStateListener(\n this.idTokenSubscription,\n nextOrObserver,\n error,\n completed\n );\n }\n\n authStateReady(): Promise<void> {\n return new Promise((resolve, reject) => {\n if (this.currentUser) {\n resolve();\n } else {\n const unsubscribe = this.onAuthStateChanged(() => {\n unsubscribe();\n resolve();\n }, reject);\n }\n });\n }\n\n /**\n * Revokes the given access token. Currently only supports Apple OAuth access tokens.\n */\n async revokeAccessToken(token: string): Promise<void> {\n if (this.currentUser) {\n const idToken = await this.currentUser.getIdToken();\n // Generalize this to accept other providers once supported.\n const request: RevokeTokenRequest = {\n providerId: 'apple.com',\n tokenType: TokenType.ACCESS_TOKEN,\n token,\n idToken\n };\n if (this.tenantId != null) {\n request.tenantId = this.tenantId;\n }\n await revokeToken(this, request);\n }\n }\n\n toJSON(): object {\n return {\n apiKey: this.config.apiKey,\n authDomain: this.config.authDomain,\n appName: this.name,\n currentUser: this._currentUser?.toJSON()\n };\n }\n\n async _setRedirectUser(\n user: UserInternal | null,\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n const redirectManager = await this.getOrInitRedirectPersistenceManager(\n popupRedirectResolver\n );\n return user === null\n ? redirectManager.removeCurrentUser()\n : redirectManager.setCurrentUser(user);\n }\n\n private async getOrInitRedirectPersistenceManager(\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<PersistenceUserManager> {\n if (!this.redirectPersistenceManager) {\n const resolver: PopupRedirectResolverInternal | null =\n (popupRedirectResolver && _getInstance(popupRedirectResolver)) ||\n this._popupRedirectResolver;\n _assert(resolver, this, AuthErrorCode.ARGUMENT_ERROR);\n this.redirectPersistenceManager = await PersistenceUserManager.create(\n this,\n [_getInstance(resolver._redirectPersistence)],\n KeyName.REDIRECT_USER\n );\n this.redirectUser =\n await this.redirectPersistenceManager.getCurrentUser();\n }\n\n return this.redirectPersistenceManager;\n }\n\n async _redirectUserForId(id: string): Promise<UserInternal | null> {\n // Make sure we've cleared any pending persistence actions if we're not in\n // the initializer\n if (this._isInitialized) {\n await this.queue(async () => {});\n }\n\n if (this._currentUser?._redirectEventId === id) {\n return this._currentUser;\n }\n\n if (this.redirectUser?._redirectEventId === id) {\n return this.redirectUser;\n }\n\n return null;\n }\n\n async _persistUserIfCurrent(user: UserInternal): Promise<void> {\n if (user === this.currentUser) {\n return this.queue(async () => this.directlySetCurrentUser(user));\n }\n }\n\n /** Notifies listeners only if the user is current */\n _notifyListenersIfCurrent(user: UserInternal): void {\n if (user === this.currentUser) {\n this.notifyAuthListeners();\n }\n }\n\n _key(): string {\n return `${this.config.authDomain}:${this.config.apiKey}:${this.name}`;\n }\n\n _startProactiveRefresh(): void {\n this.isProactiveRefreshEnabled = true;\n if (this.currentUser) {\n this._currentUser._startProactiveRefresh();\n }\n }\n\n _stopProactiveRefresh(): void {\n this.isProactiveRefreshEnabled = false;\n if (this.currentUser) {\n this._currentUser._stopProactiveRefresh();\n }\n }\n\n /** Returns the current user cast as the internal type */\n get _currentUser(): UserInternal {\n return this.currentUser as UserInternal;\n }\n\n private notifyAuthListeners(): void {\n if (!this._isInitialized) {\n return;\n }\n\n this.idTokenSubscription.next(this.currentUser);\n\n const currentUid = this.currentUser?.uid ?? null;\n if (this.lastNotifiedUid !== currentUid) {\n this.lastNotifiedUid = currentUid;\n this.authStateSubscription.next(this.currentUser);\n }\n }\n\n private registerStateListener(\n subscription: Subscription<User>,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n if (this._deleted) {\n return () => {};\n }\n\n const cb =\n typeof nextOrObserver === 'function'\n ? nextOrObserver\n : nextOrObserver.next.bind(nextOrObserver);\n\n let isUnsubscribed = false;\n\n const promise = this._isInitialized\n ? Promise.resolve()\n : this._initializationPromise;\n _assert(promise, this, AuthErrorCode.INTERNAL_ERROR);\n // The callback needs to be called asynchronously per the spec.\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n promise.then(() => {\n if (isUnsubscribed) {\n return;\n }\n cb(this.currentUser);\n });\n\n if (typeof nextOrObserver === 'function') {\n const unsubscribe = subscription.addObserver(\n nextOrObserver,\n error,\n completed\n );\n return () => {\n isUnsubscribed = true;\n unsubscribe();\n };\n } else {\n const unsubscribe = subscription.addObserver(nextOrObserver);\n return () => {\n isUnsubscribed = true;\n unsubscribe();\n };\n }\n }\n\n /**\n * Unprotected (from race conditions) method to set the current user. This\n * should only be called from within a queued callback. This is necessary\n * because the queue shouldn't rely on another queued callback.\n */\n private async directlySetCurrentUser(\n user: UserInternal | null\n ): Promise<void> {\n if (this.currentUser && this.currentUser !== user) {\n this._currentUser._stopProactiveRefresh();\n }\n if (user && this.isProactiveRefreshEnabled) {\n user._startProactiveRefresh();\n }\n\n this.currentUser = user;\n\n if (user) {\n await this.assertedPersistence.setCurrentUser(user);\n } else {\n await this.assertedPersistence.removeCurrentUser();\n }\n }\n\n private queue(action: AsyncAction): Promise<void> {\n // In case something errors, the callback still should be called in order\n // to keep the promise chain alive\n this.operations = this.operations.then(action, action);\n return this.operations;\n }\n\n private get assertedPersistence(): PersistenceUserManager {\n _assert(this.persistenceManager, this, AuthErrorCode.INTERNAL_ERROR);\n return this.persistenceManager;\n }\n\n private frameworks: string[] = [];\n private clientVersion: string;\n _logFramework(framework: string): void {\n if (!framework || this.frameworks.includes(framework)) {\n return;\n }\n this.frameworks.push(framework);\n\n // Sort alphabetically so that \"FirebaseCore-web,FirebaseUI-web\" and\n // \"FirebaseUI-web,FirebaseCore-web\" aren't viewed as different.\n this.frameworks.sort();\n this.clientVersion = _getClientVersion(\n this.config.clientPlatform,\n this._getFrameworks()\n );\n }\n _getFrameworks(): readonly string[] {\n return this.frameworks;\n }\n async _getAdditionalHeaders(): Promise<Record<string, string>> {\n // Additional headers on every request\n const headers: Record<string, string> = {\n [HttpHeader.X_CLIENT_VERSION]: this.clientVersion\n };\n\n if (this.app.options.appId) {\n headers[HttpHeader.X_FIREBASE_GMPID] = this.app.options.appId;\n }\n\n // If the heartbeat service exists, add the heartbeat string\n const heartbeatsHeader = await this.heartbeatServiceProvider\n .getImmediate({\n optional: true\n })\n ?.getHeartbeatsHeader();\n if (heartbeatsHeader) {\n headers[HttpHeader.X_FIREBASE_CLIENT] = heartbeatsHeader;\n }\n\n // If the App Check service exists, add the App Check token in the headers\n const appCheckToken = await this._getAppCheckToken();\n if (appCheckToken) {\n headers[HttpHeader.X_FIREBASE_APP_CHECK] = appCheckToken;\n }\n\n return headers;\n }\n\n async _getAppCheckToken(): Promise<string | undefined> {\n if (_isFirebaseServerApp(this.app) && this.app.settings.appCheckToken) {\n return this.app.settings.appCheckToken;\n }\n const appCheckTokenResult = await this.appCheckServiceProvider\n .getImmediate({ optional: true })\n ?.getToken();\n if (appCheckTokenResult?.error) {\n // Context: appCheck.getToken() will never throw even if an error happened.\n // In the error case, a dummy token will be returned along with an error field describing\n // the error. In general, we shouldn't care about the error condition and just use\n // the token (actual or dummy) to send requests.\n _logWarn(\n `Error while retrieving App Check token: ${appCheckTokenResult.error}`\n );\n }\n return appCheckTokenResult?.token;\n }\n}\n\n/**\n * Method to be used to cast down to our private implementation of Auth.\n * It will also handle unwrapping from the compat type if necessary\n *\n * @param auth Auth object passed in from developer\n */\nexport function _castAuth(auth: Auth): AuthInternal {\n return getModularInstance(auth) as AuthInternal;\n}\n\n/** Helper class to wrap subscriber logic */\nclass Subscription<T> {\n private observer: Observer<T | null> | null = null;\n readonly addObserver: Subscribe<T | null> = createSubscribe(\n observer => (this.observer = observer)\n );\n\n constructor(readonly auth: AuthInternal) {}\n\n get next(): NextFn<T | null> {\n _assert(this.observer, this.auth, AuthErrorCode.INTERNAL_ERROR);\n return this.observer.next.bind(this.observer);\n }\n}\n","/**\n * @license\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performApiRequest,\n Endpoint,\n HttpMethod,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\n/**\n * Request object for fetching the password policy.\n */\nexport interface GetPasswordPolicyRequest {\n tenantId?: string;\n}\n\n/**\n * Response object for fetching the password policy.\n */\nexport interface GetPasswordPolicyResponse {\n customStrengthOptions: {\n minPasswordLength?: number;\n maxPasswordLength?: number;\n containsLowercaseCharacter?: boolean;\n containsUppercaseCharacter?: boolean;\n containsNumericCharacter?: boolean;\n containsNonAlphanumericCharacter?: boolean;\n };\n allowedNonAlphanumericCharacters?: string[];\n enforcementState: string;\n forceUpgradeOnSignin?: boolean;\n schemaVersion: number;\n}\n\n/**\n * Fetches the password policy for the currently set tenant or the project if no tenant is set.\n *\n * @param auth Auth object.\n * @param request Password policy request.\n * @returns Password policy response.\n */\nexport async function _getPasswordPolicy(\n auth: Auth,\n request: GetPasswordPolicyRequest = {}\n): Promise<GetPasswordPolicyResponse> {\n return _performApiRequest<\n GetPasswordPolicyRequest,\n GetPasswordPolicyResponse\n >(\n auth,\n HttpMethod.GET,\n Endpoint.GET_PASSWORD_POLICY,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\ninterface ExternalJSProvider {\n loadJS(url: string): Promise<Event>;\n recaptchaV2Script: string;\n recaptchaEnterpriseScript: string;\n gapiScript: string;\n}\n\nlet externalJSProvider: ExternalJSProvider = {\n async loadJS() {\n throw new Error('Unable to load external scripts');\n },\n\n recaptchaV2Script: '',\n recaptchaEnterpriseScript: '',\n gapiScript: ''\n};\n\nexport function _setExternalJSProvider(p: ExternalJSProvider): void {\n externalJSProvider = p;\n}\n\nexport function _loadJS(url: string): Promise<Event> {\n return externalJSProvider.loadJS(url);\n}\n\nexport function _recaptchaV2ScriptUrl(): string {\n return externalJSProvider.recaptchaV2Script;\n}\n\nexport function _recaptchaEnterpriseScriptUrl(): string {\n return externalJSProvider.recaptchaEnterpriseScript;\n}\n\nexport function _gapiScriptUrl(): string {\n return externalJSProvider.gapiScript;\n}\n\nexport function _generateCallbackName(prefix: string): string {\n return `__${prefix}${Math.floor(Math.random() * 1000000)}`;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\nimport { AuthInternal } from '../../model/auth';\nimport { RecaptchaParameters } from '../../model/public_types';\nimport {\n Recaptcha,\n GreCAPTCHATopLevel,\n GreCAPTCHARenderOption,\n GreCAPTCHA\n} from './recaptcha';\n\nexport const _SOLVE_TIME_MS = 500;\nexport const _EXPIRATION_TIME_MS = 60_000;\nexport const _WIDGET_ID_START = 1_000_000_000_000;\n\nexport interface Widget {\n getResponse: () => string | null;\n delete: () => void;\n execute: () => void;\n}\n\nexport class MockReCaptcha implements Recaptcha {\n private counter = _WIDGET_ID_START;\n _widgets = new Map<number, Widget>();\n\n constructor(private readonly auth: AuthInternal) {}\n\n render(\n container: string | HTMLElement,\n parameters?: RecaptchaParameters\n ): number {\n const id = this.counter;\n this._widgets.set(\n id,\n new MockWidget(container, this.auth.name, parameters || {})\n );\n this.counter++;\n return id;\n }\n\n reset(optWidgetId?: number): void {\n const id = optWidgetId || _WIDGET_ID_START;\n void this._widgets.get(id)?.delete();\n this._widgets.delete(id);\n }\n\n getResponse(optWidgetId?: number): string {\n const id = optWidgetId || _WIDGET_ID_START;\n return this._widgets.get(id)?.getResponse() || '';\n }\n\n async execute(optWidgetId?: number | string): Promise<string> {\n const id: number = (optWidgetId as number) || _WIDGET_ID_START;\n void this._widgets.get(id)?.execute();\n return '';\n }\n}\n\nexport class MockGreCAPTCHATopLevel implements GreCAPTCHATopLevel {\n enterprise: GreCAPTCHA = new MockGreCAPTCHA();\n ready(callback: () => void): void {\n callback();\n }\n\n execute(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _siteKey: string,\n _options: { action: string }\n ): Promise<string> {\n return Promise.resolve('token');\n }\n render(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _container: string | HTMLElement,\n _parameters: GreCAPTCHARenderOption\n ): string {\n return '';\n }\n}\n\nexport class MockGreCAPTCHA implements GreCAPTCHA {\n ready(callback: () => void): void {\n callback();\n }\n\n execute(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _siteKey: string,\n _options: { action: string }\n ): Promise<string> {\n return Promise.resolve('token');\n }\n render(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _container: string | HTMLElement,\n _parameters: GreCAPTCHARenderOption\n ): string {\n return '';\n }\n}\n\nexport class MockWidget {\n private readonly container: HTMLElement;\n private readonly isVisible: boolean;\n private timerId: number | null = null;\n private deleted = false;\n private responseToken: string | null = null;\n private readonly clickHandler = (): void => {\n this.execute();\n };\n\n constructor(\n containerOrId: string | HTMLElement,\n appName: string,\n private readonly params: RecaptchaParameters\n ) {\n const container =\n typeof containerOrId === 'string'\n ? document.getElementById(containerOrId)\n : containerOrId;\n _assert(container, AuthErrorCode.ARGUMENT_ERROR, { appName });\n\n this.container = container;\n this.isVisible = this.params.size !== 'invisible';\n if (this.isVisible) {\n this.execute();\n } else {\n this.container.addEventListener('click', this.clickHandler);\n }\n }\n\n getResponse(): string | null {\n this.checkIfDeleted();\n return this.responseToken;\n }\n\n delete(): void {\n this.checkIfDeleted();\n this.deleted = true;\n if (this.timerId) {\n clearTimeout(this.timerId);\n this.timerId = null;\n }\n this.container.removeEventListener('click', this.clickHandler);\n }\n\n execute(): void {\n this.checkIfDeleted();\n if (this.timerId) {\n return;\n }\n\n this.timerId = window.setTimeout(() => {\n this.responseToken = generateRandomAlphaNumericString(50);\n const { callback, 'expired-callback': expiredCallback } = this.params;\n if (callback) {\n try {\n callback(this.responseToken);\n } catch (e) {}\n }\n\n this.timerId = window.setTimeout(() => {\n this.timerId = null;\n this.responseToken = null;\n if (expiredCallback) {\n try {\n expiredCallback();\n } catch (e) {}\n }\n\n if (this.isVisible) {\n this.execute();\n }\n }, _EXPIRATION_TIME_MS);\n }, _SOLVE_TIME_MS);\n }\n\n private checkIfDeleted(): void {\n if (this.deleted) {\n throw new Error('reCAPTCHA mock was already deleted!');\n }\n }\n}\n\nfunction generateRandomAlphaNumericString(len: number): string {\n const chars = [];\n const allowedChars =\n '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';\n for (let i = 0; i < len; i++) {\n chars.push(\n allowedChars.charAt(Math.floor(Math.random() * allowedChars.length))\n );\n }\n return chars.join('');\n}\n","/* eslint-disable @typescript-eslint/no-require-imports */\n/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isEnterprise, RecaptchaConfig } from './recaptcha';\nimport { getRecaptchaConfig } from '../../api/authentication/recaptcha';\nimport {\n RecaptchaClientType,\n RecaptchaVersion,\n RecaptchaActionName,\n RecaptchaAuthProvider,\n EnforcementState\n} from '../../api';\n\nimport { Auth } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport * as jsHelpers from '../load_js';\nimport { AuthErrorCode } from '../../core/errors';\nimport { StartPhoneMfaEnrollmentRequest } from '../../api/account_management/mfa';\nimport { StartPhoneMfaSignInRequest } from '../../api/authentication/mfa';\nimport { MockGreCAPTCHATopLevel } from './recaptcha_mock';\n\nexport const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';\nexport const FAKE_TOKEN = 'NO_RECAPTCHA';\n\nexport class RecaptchaEnterpriseVerifier {\n /**\n * Identifies the type of application verifier (e.g. \"recaptcha-enterprise\").\n */\n readonly type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;\n\n private readonly auth: AuthInternal;\n\n /**\n *\n * @param authExtern - The corresponding Firebase {@link Auth} instance.\n *\n */\n constructor(authExtern: Auth) {\n this.auth = _castAuth(authExtern);\n }\n\n /**\n * Executes the verification process.\n *\n * @returns A Promise for a token that can be used to assert the validity of a request.\n */\n async verify(\n action: string = 'verify',\n forceRefresh = false\n ): Promise<string> {\n async function retrieveSiteKey(auth: AuthInternal): Promise<string> {\n if (!forceRefresh) {\n if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {\n return auth._agentRecaptchaConfig.siteKey;\n }\n if (\n auth.tenantId != null &&\n auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined\n ) {\n return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;\n }\n }\n\n return new Promise<string>(async (resolve, reject) => {\n getRecaptchaConfig(auth, {\n clientType: RecaptchaClientType.WEB,\n version: RecaptchaVersion.ENTERPRISE\n })\n .then(response => {\n if (response.recaptchaKey === undefined) {\n reject(new Error('recaptcha Enterprise site key undefined'));\n } else {\n const config = new RecaptchaConfig(response);\n if (auth.tenantId == null) {\n auth._agentRecaptchaConfig = config;\n } else {\n auth._tenantRecaptchaConfigs[auth.tenantId] = config;\n }\n return resolve(config.siteKey);\n }\n })\n .catch(error => {\n reject(error);\n });\n });\n }\n\n function retrieveRecaptchaToken(\n siteKey: string,\n resolve: (value: string | PromiseLike<string>) => void,\n reject: (reason?: unknown) => void\n ): void {\n const grecaptcha = window.grecaptcha;\n if (isEnterprise(grecaptcha)) {\n grecaptcha.enterprise.ready(() => {\n grecaptcha.enterprise\n .execute(siteKey, { action })\n .then(token => {\n resolve(token);\n })\n .catch(() => {\n resolve(FAKE_TOKEN);\n });\n });\n } else {\n reject(Error('No reCAPTCHA enterprise script loaded.'));\n }\n }\n\n // Returns Promise for a mock token when appVerificationDisabledForTesting is true.\n if (this.auth.settings.appVerificationDisabledForTesting) {\n const mockRecaptcha = new MockGreCAPTCHATopLevel();\n return mockRecaptcha.execute('siteKey', { action: 'verify' });\n }\n\n return new Promise<string>((resolve, reject) => {\n retrieveSiteKey(this.auth)\n .then(siteKey => {\n if (!forceRefresh && isEnterprise(window.grecaptcha)) {\n retrieveRecaptchaToken(siteKey, resolve, reject);\n } else {\n if (typeof window === 'undefined') {\n reject(\n new Error('RecaptchaVerifier is only supported in browser')\n );\n return;\n }\n let url = jsHelpers._recaptchaEnterpriseScriptUrl();\n if (url.length !== 0) {\n url += siteKey;\n }\n jsHelpers\n ._loadJS(url)\n .then(() => {\n retrieveRecaptchaToken(siteKey, resolve, reject);\n })\n .catch(error => {\n reject(error);\n });\n }\n })\n .catch(error => {\n reject(error);\n });\n });\n }\n}\n\nexport async function injectRecaptchaFields<T extends object>(\n auth: AuthInternal,\n request: T,\n action: RecaptchaActionName,\n isCaptchaResp = false,\n isFakeToken = false\n): Promise<T> {\n const verifier = new RecaptchaEnterpriseVerifier(auth);\n let captchaResponse;\n\n if (isFakeToken) {\n captchaResponse = FAKE_TOKEN;\n } else {\n try {\n captchaResponse = await verifier.verify(action);\n } catch (error) {\n captchaResponse = await verifier.verify(action, true);\n }\n }\n\n const newRequest = { ...request };\n if (\n action === RecaptchaActionName.MFA_SMS_ENROLLMENT ||\n action === RecaptchaActionName.MFA_SMS_SIGNIN\n ) {\n if ('phoneEnrollmentInfo' in newRequest) {\n const phoneNumber = (\n newRequest as unknown as StartPhoneMfaEnrollmentRequest\n ).phoneEnrollmentInfo.phoneNumber;\n const recaptchaToken = (\n newRequest as unknown as StartPhoneMfaEnrollmentRequest\n ).phoneEnrollmentInfo.recaptchaToken;\n\n Object.assign(newRequest, {\n 'phoneEnrollmentInfo': {\n phoneNumber,\n recaptchaToken,\n captchaResponse,\n 'clientType': RecaptchaClientType.WEB,\n 'recaptchaVersion': RecaptchaVersion.ENTERPRISE\n }\n });\n } else if ('phoneSignInInfo' in newRequest) {\n const recaptchaToken = (\n newRequest as unknown as StartPhoneMfaSignInRequest\n ).phoneSignInInfo.recaptchaToken;\n\n Object.assign(newRequest, {\n 'phoneSignInInfo': {\n recaptchaToken,\n captchaResponse,\n 'clientType': RecaptchaClientType.WEB,\n 'recaptchaVersion': RecaptchaVersion.ENTERPRISE\n }\n });\n }\n return newRequest;\n }\n\n if (!isCaptchaResp) {\n Object.assign(newRequest, { captchaResponse });\n } else {\n Object.assign(newRequest, { 'captchaResp': captchaResponse });\n }\n Object.assign(newRequest, { 'clientType': RecaptchaClientType.WEB });\n Object.assign(newRequest, {\n 'recaptchaVersion': RecaptchaVersion.ENTERPRISE\n });\n return newRequest;\n}\n\ntype ActionMethod<TRequest, TResponse> = (\n auth: AuthInternal,\n request: TRequest\n) => Promise<TResponse>;\n\nexport async function handleRecaptchaFlow<TRequest extends object, TResponse>(\n authInstance: AuthInternal,\n request: TRequest,\n actionName: RecaptchaActionName,\n actionMethod: ActionMethod<TRequest, TResponse>,\n recaptchaAuthProvider: RecaptchaAuthProvider\n): Promise<TResponse> {\n if (recaptchaAuthProvider === RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER) {\n if (\n authInstance\n ._getRecaptchaConfig()\n ?.isProviderEnabled(RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER)\n ) {\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n actionName === RecaptchaActionName.GET_OOB_CODE\n );\n return actionMethod(authInstance, requestWithRecaptcha);\n } else {\n return actionMethod(authInstance, request).catch(async error => {\n if (error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}`) {\n console.log(\n `${actionName} is protected by reCAPTCHA Enterprise for this project. Automatically triggering the reCAPTCHA flow and restarting the flow.`\n );\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n actionName === RecaptchaActionName.GET_OOB_CODE\n );\n return actionMethod(authInstance, requestWithRecaptcha);\n } else {\n return Promise.reject(error);\n }\n });\n }\n } else if (recaptchaAuthProvider === RecaptchaAuthProvider.PHONE_PROVIDER) {\n if (\n authInstance\n ._getRecaptchaConfig()\n ?.isProviderEnabled(RecaptchaAuthProvider.PHONE_PROVIDER)\n ) {\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName\n );\n\n return actionMethod(authInstance, requestWithRecaptcha).catch(\n async error => {\n if (\n authInstance\n ._getRecaptchaConfig()\n ?.getProviderEnforcementState(\n RecaptchaAuthProvider.PHONE_PROVIDER\n ) === EnforcementState.AUDIT\n ) {\n // AUDIT mode\n if (\n error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}` ||\n error.code === `auth/${AuthErrorCode.INVALID_APP_CREDENTIAL}`\n ) {\n console.log(\n `Failed to verify with reCAPTCHA Enterprise. Automatically triggering the reCAPTCHA v2 flow to complete the ${actionName} flow.`\n );\n // reCAPTCHA Enterprise token is missing or reCAPTCHA Enterprise token\n // check fails.\n // Fallback to reCAPTCHA v2 flow.\n const requestWithRecaptchaFields = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n false, // isCaptchaResp\n true // isFakeToken\n );\n // This will call the PhoneApiCaller to fetch and inject reCAPTCHA v2 token.\n return actionMethod(authInstance, requestWithRecaptchaFields);\n }\n }\n // ENFORCE mode or AUDIT mode with any other error.\n return Promise.reject(error);\n }\n );\n } else {\n // Do reCAPTCHA v2 flow.\n const requestWithRecaptchaFields = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n false, // isCaptchaResp\n true // isFakeToken\n );\n\n // This will call the PhoneApiCaller to fetch and inject v2 token.\n return actionMethod(authInstance, requestWithRecaptchaFields);\n }\n } else {\n return Promise.reject(\n recaptchaAuthProvider + ' provider is not supported.'\n );\n }\n}\n\nexport async function _initializeRecaptchaConfig(auth: Auth): Promise<void> {\n const authInternal = _castAuth(auth);\n\n const response = await getRecaptchaConfig(authInternal, {\n clientType: RecaptchaClientType.WEB,\n version: RecaptchaVersion.ENTERPRISE\n });\n\n const config = new RecaptchaConfig(response);\n if (authInternal.tenantId == null) {\n authInternal._agentRecaptchaConfig = config;\n } else {\n authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;\n }\n\n if (config.isAnyProviderEnabled()) {\n const verifier = new RecaptchaEnterpriseVerifier(authInternal);\n void verifier.verify();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _getProvider, FirebaseApp } from '@firebase/app';\nimport { deepEqual } from '@firebase/util';\nimport { Auth, Dependencies } from '../../model/public_types';\n\nimport { AuthErrorCode } from '../errors';\nimport { PersistenceInternal } from '../persistence';\nimport { _fail } from '../util/assert';\nimport { _getInstance } from '../util/instantiator';\nimport { AuthImpl } from './auth_impl';\n\n/**\n * Initializes an {@link Auth} instance with fine-grained control over\n * {@link Dependencies}.\n *\n * @remarks\n *\n * This function allows more control over the {@link Auth} instance than\n * {@link getAuth}. `getAuth` uses platform-specific defaults to supply\n * the {@link Dependencies}. In general, `getAuth` is the easiest way to\n * initialize Auth and works for most use cases. Use `initializeAuth` if you\n * need control over which persistence layer is used, or to minimize bundle\n * size if you're not using either `signInWithPopup` or `signInWithRedirect`.\n *\n * For example, if your app only uses anonymous accounts and you only want\n * accounts saved for the current session, initialize `Auth` with:\n *\n * ```js\n * const auth = initializeAuth(app, {\n * persistence: browserSessionPersistence,\n * popupRedirectResolver: undefined,\n * });\n * ```\n *\n * @public\n */\nexport function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth {\n const provider = _getProvider(app, 'auth');\n\n if (provider.isInitialized()) {\n const auth = provider.getImmediate() as AuthImpl;\n const initialOptions = provider.getOptions() as Dependencies;\n if (deepEqual(initialOptions, deps ?? {})) {\n return auth;\n } else {\n _fail(auth, AuthErrorCode.ALREADY_INITIALIZED);\n }\n }\n\n const auth = provider.initialize({ options: deps }) as AuthImpl;\n\n return auth;\n}\n\nexport function _initializeAuthInstance(\n auth: AuthImpl,\n deps?: Dependencies\n): void {\n const persistence = deps?.persistence || [];\n const hierarchy = (\n Array.isArray(persistence) ? persistence : [persistence]\n ).map<PersistenceInternal>(_getInstance);\n if (deps?.errorMap) {\n auth._updateErrorMap(deps.errorMap);\n }\n\n // This promise is intended to float; auth initialization happens in the\n // background, meanwhile the auth object may be used by the app.\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n auth._initializeWithPersistence(hierarchy, deps?.popupRedirectResolver);\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Auth } from '../../model/public_types';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _castAuth } from './auth_impl';\nimport { deepEqual } from '@firebase/util';\n\n/**\n * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production\n * Firebase Auth services.\n *\n * @remarks\n * This must be called synchronously immediately following the first call to\n * {@link initializeAuth}. Do not use with production credentials as emulator\n * traffic is not encrypted.\n *\n *\n * @example\n * ```javascript\n * connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').\n * @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to\n * `true` to disable the warning banner attached to the DOM.\n *\n * @public\n */\nexport function connectAuthEmulator(\n auth: Auth,\n url: string,\n options?: { disableWarnings: boolean }\n): void {\n const authInternal = _castAuth(auth);\n _assert(\n /^https?:\\/\\//.test(url),\n authInternal,\n AuthErrorCode.INVALID_EMULATOR_SCHEME\n );\n\n const disableWarnings = !!options?.disableWarnings;\n\n const protocol = extractProtocol(url);\n const { host, port } = extractHostAndPort(url);\n const portStr = port === null ? '' : `:${port}`;\n\n // Always replace path with \"/\" (even if input url had no path at all, or had a different one).\n const emulator = { url: `${protocol}//${host}${portStr}/` };\n const emulatorConfig = Object.freeze({\n host,\n port,\n protocol: protocol.replace(':', ''),\n options: Object.freeze({ disableWarnings })\n });\n\n // There are a few scenarios to guard against if the Auth instance has already started:\n if (!authInternal._canInitEmulator) {\n // Applications may not initialize the emulator for the first time if Auth has already started\n // to make network requests.\n _assert(\n authInternal.config.emulator && authInternal.emulatorConfig,\n authInternal,\n AuthErrorCode.EMULATOR_CONFIG_FAILED\n );\n\n // Applications may not alter the configuration of the emulator (aka pass a different config)\n // once Auth has started to make network requests.\n _assert(\n deepEqual(emulator, authInternal.config.emulator) &&\n deepEqual(emulatorConfig, authInternal.emulatorConfig),\n authInternal,\n AuthErrorCode.EMULATOR_CONFIG_FAILED\n );\n\n // It's valid, however, to invoke connectAuthEmulator() after Auth has started making\n // connections, so long as the config matches the existing config. This results in a no-op.\n return;\n }\n\n authInternal.config.emulator = emulator;\n authInternal.emulatorConfig = emulatorConfig;\n authInternal.settings.appVerificationDisabledForTesting = true;\n\n if (!disableWarnings) {\n emitEmulatorWarning();\n }\n}\n\nfunction extractProtocol(url: string): string {\n const protocolEnd = url.indexOf(':');\n return protocolEnd < 0 ? '' : url.substr(0, protocolEnd + 1);\n}\n\nfunction extractHostAndPort(url: string): {\n host: string;\n port: number | null;\n} {\n const protocol = extractProtocol(url);\n const authority = /(\\/\\/)?([^?#/]+)/.exec(url.substr(protocol.length)); // Between // and /, ? or #.\n if (!authority) {\n return { host: '', port: null };\n }\n const hostAndPort = authority[2].split('@').pop() || ''; // Strip out \"username:password@\".\n const bracketedIPv6 = /^(\\[[^\\]]+\\])(:|$)/.exec(hostAndPort);\n if (bracketedIPv6) {\n const host = bracketedIPv6[1];\n return { host, port: parsePort(hostAndPort.substr(host.length + 1)) };\n } else {\n const [host, port] = hostAndPort.split(':');\n return { host, port: parsePort(port) };\n }\n}\n\nfunction parsePort(portStr: string): number | null {\n if (!portStr) {\n return null;\n }\n const port = Number(portStr);\n if (isNaN(port)) {\n return null;\n }\n return port;\n}\n\nfunction emitEmulatorWarning(): void {\n function attachBanner(): void {\n const el = document.createElement('p');\n const sty = el.style;\n el.innerText =\n 'Running in emulator mode. Do not use with production credentials.';\n sty.position = 'fixed';\n sty.width = '100%';\n sty.backgroundColor = '#ffffff';\n sty.border = '.1em solid #000000';\n sty.color = '#b50000';\n sty.bottom = '0px';\n sty.left = '0px';\n sty.margin = '0px';\n sty.zIndex = '10000';\n sty.textAlign = 'center';\n el.classList.add('firebase-emulator-warning');\n document.body.appendChild(el);\n }\n\n if (typeof console !== 'undefined' && typeof console.info === 'function') {\n console.info(\n 'WARNING: You are using the Auth Emulator,' +\n ' which is intended for local testing only. Do not use with' +\n ' production credentials.'\n );\n }\n if (typeof window !== 'undefined' && typeof document !== 'undefined') {\n if (document.readyState === 'loading') {\n window.addEventListener('DOMContentLoaded', attachBanner);\n } else {\n attachBanner();\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { debugFail } from '../util/assert';\n\n/**\n * Interface that represents the credentials returned by an {@link AuthProvider}.\n *\n * @remarks\n * Implementations specify the details about each auth provider's credential requirements.\n *\n * @public\n */\nexport class AuthCredential {\n /** @internal */\n protected constructor(\n /**\n * The authentication provider ID for the credential.\n *\n * @remarks\n * For example, 'facebook.com', or 'google.com'.\n */\n readonly providerId: string,\n /**\n * The authentication sign in method for the credential.\n *\n * @remarks\n * For example, {@link SignInMethod}.EMAIL_PASSWORD, or\n * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method\n * identifier as returned in {@link fetchSignInMethodsForEmail}.\n */\n readonly signInMethod: string\n ) {}\n\n /**\n * Returns a JSON-serializable representation of this object.\n *\n * @returns a JSON-serializable representation of this object.\n */\n toJSON(): object {\n return debugFail('not implemented');\n }\n\n /** @internal */\n _getIdTokenResponse(_auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return debugFail('not implemented');\n }\n /** @internal */\n _linkToIdToken(\n _auth: AuthInternal,\n _idToken: string\n ): Promise<IdTokenResponse> {\n return debugFail('not implemented');\n }\n /** @internal */\n _getReauthenticationResolver(_auth: AuthInternal): Promise<IdTokenResponse> {\n return debugFail('not implemented');\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeOperation, Auth } from '../../model/public_types';\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { MfaEnrollment } from './mfa';\nimport { SignUpRequest, SignUpResponse } from '../authentication/sign_up';\n\nexport interface ResetPasswordRequest {\n oobCode: string;\n newPassword?: string;\n tenantId?: string;\n}\n\nexport interface ResetPasswordResponse {\n email: string;\n newEmail?: string;\n requestType?: ActionCodeOperation;\n mfaInfo?: MfaEnrollment;\n}\n\nexport async function resetPassword(\n auth: Auth,\n request: ResetPasswordRequest\n): Promise<ResetPasswordResponse> {\n return _performApiRequest<ResetPasswordRequest, ResetPasswordResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.RESET_PASSWORD,\n _addTidIfNecessary(auth, request)\n );\n}\nexport interface UpdateEmailPasswordRequest {\n idToken: string;\n returnSecureToken?: boolean;\n email?: string;\n password?: string;\n}\n\nexport interface UpdateEmailPasswordResponse extends IdTokenResponse {}\n\nexport async function updateEmailPassword(\n auth: Auth,\n request: UpdateEmailPasswordRequest\n): Promise<UpdateEmailPasswordResponse> {\n return _performApiRequest<\n UpdateEmailPasswordRequest,\n UpdateEmailPasswordResponse\n >(auth, HttpMethod.POST, Endpoint.SET_ACCOUNT_INFO, request);\n}\n\n// Used for linking an email/password account to an existing idToken. Uses the same request/response\n// format as updateEmailPassword.\nexport async function linkEmailPassword(\n auth: Auth,\n request: SignUpRequest\n): Promise<SignUpResponse> {\n return _performApiRequest<SignUpRequest, SignUpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_UP,\n request\n );\n}\n\nexport interface ApplyActionCodeRequest {\n oobCode: string;\n tenantId?: string;\n}\n\nexport interface ApplyActionCodeResponse {}\n\nexport async function applyActionCode(\n auth: Auth,\n request: ApplyActionCodeRequest\n): Promise<ApplyActionCodeResponse> {\n return _performApiRequest<ApplyActionCodeRequest, ApplyActionCodeResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SET_ACCOUNT_INFO,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeOperation, Auth } from '../../model/public_types';\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performApiRequest,\n _performSignInRequest\n} from '../index';\nimport { IdToken, IdTokenResponse } from '../../model/id_token';\n\nexport interface SignInWithPasswordRequest {\n returnSecureToken?: boolean;\n email: string;\n password: string;\n tenantId?: string;\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SignInWithPasswordResponse extends IdTokenResponse {\n email: string;\n displayName: string;\n}\n\nexport async function signInWithPassword(\n auth: Auth,\n request: SignInWithPasswordRequest\n): Promise<SignInWithPasswordResponse> {\n return _performSignInRequest<\n SignInWithPasswordRequest,\n SignInWithPasswordResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PASSWORD,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface GetOobCodeRequest {\n email?: string; // Everything except VERIFY_AND_CHANGE_EMAIL\n continueUrl?: string;\n iOSBundleId?: string;\n iosAppStoreId?: string;\n androidPackageName?: string;\n androidInstallApp?: boolean;\n androidMinimumVersionCode?: string;\n canHandleCodeInApp?: boolean;\n dynamicLinkDomain?: string;\n tenantId?: string;\n targetProjectid?: string;\n linkDomain?: string;\n}\n\nexport interface VerifyEmailRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.VERIFY_EMAIL;\n idToken: IdToken;\n}\n\nexport interface PasswordResetRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.PASSWORD_RESET;\n email: string;\n captchaResp?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface EmailSignInRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.EMAIL_SIGNIN;\n email: string;\n captchaResp?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface VerifyAndChangeEmailRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL;\n idToken: IdToken;\n newEmail: string;\n}\n\ninterface GetOobCodeResponse {\n email: string;\n}\n\nexport interface VerifyEmailResponse extends GetOobCodeResponse {}\nexport interface PasswordResetResponse extends GetOobCodeResponse {}\nexport interface EmailSignInResponse extends GetOobCodeResponse {}\nexport interface VerifyAndChangeEmailResponse extends GetOobCodeRequest {}\n\nasync function sendOobCode(\n auth: Auth,\n request: GetOobCodeRequest\n): Promise<GetOobCodeResponse> {\n return _performApiRequest<GetOobCodeRequest, GetOobCodeResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SEND_OOB_CODE,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport async function sendEmailVerification(\n auth: Auth,\n request: VerifyEmailRequest\n): Promise<VerifyEmailResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function sendPasswordResetEmail(\n auth: Auth,\n request: PasswordResetRequest\n): Promise<PasswordResetResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function sendSignInLinkToEmail(\n auth: Auth,\n request: EmailSignInRequest\n): Promise<EmailSignInResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function verifyAndChangeEmail(\n auth: Auth,\n request: VerifyAndChangeEmailRequest\n): Promise<VerifyAndChangeEmailResponse> {\n return sendOobCode(auth, request);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\nimport { linkEmailPassword } from '../../api/account_management/email_and_password';\nimport {\n signInWithPassword,\n SignInWithPasswordRequest\n} from '../../api/authentication/email_and_password';\nimport {\n signInWithEmailLink,\n signInWithEmailLinkForLinking\n} from '../../api/authentication/email_link';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from '../util/assert';\nimport { AuthCredential } from './auth_credential';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport {\n RecaptchaActionName,\n RecaptchaClientType,\n RecaptchaAuthProvider\n} from '../../api';\nimport { SignUpRequest } from '../../api/authentication/sign_up';\n/**\n * Interface that represents the credentials returned by {@link EmailAuthProvider} for\n * {@link ProviderId}.PASSWORD\n *\n * @remarks\n * Covers both {@link SignInMethod}.EMAIL_PASSWORD and\n * {@link SignInMethod}.EMAIL_LINK.\n *\n * @public\n */\nexport class EmailAuthCredential extends AuthCredential {\n /** @internal */\n private constructor(\n /** @internal */\n readonly _email: string,\n /** @internal */\n readonly _password: string,\n signInMethod: SignInMethod,\n /** @internal */\n readonly _tenantId: string | null = null\n ) {\n super(ProviderId.PASSWORD, signInMethod);\n }\n\n /** @internal */\n static _fromEmailAndPassword(\n email: string,\n password: string\n ): EmailAuthCredential {\n return new EmailAuthCredential(\n email,\n password,\n SignInMethod.EMAIL_PASSWORD\n );\n }\n\n /** @internal */\n static _fromEmailAndCode(\n email: string,\n oobCode: string,\n tenantId: string | null = null\n ): EmailAuthCredential {\n return new EmailAuthCredential(\n email,\n oobCode,\n SignInMethod.EMAIL_LINK,\n tenantId\n );\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n email: this._email,\n password: this._password,\n signInMethod: this.signInMethod,\n tenantId: this._tenantId\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.\n *\n * @param json - Either `object` or the stringified representation of the object. When string is\n * provided, `JSON.parse` would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: object | string): EmailAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n if (obj?.email && obj?.password) {\n if (obj.signInMethod === SignInMethod.EMAIL_PASSWORD) {\n return this._fromEmailAndPassword(obj.email, obj.password);\n } else if (obj.signInMethod === SignInMethod.EMAIL_LINK) {\n return this._fromEmailAndCode(obj.email, obj.password, obj.tenantId);\n }\n }\n return null;\n }\n\n /** @internal */\n async _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n switch (this.signInMethod) {\n case SignInMethod.EMAIL_PASSWORD:\n const request: SignInWithPasswordRequest = {\n returnSecureToken: true,\n email: this._email,\n password: this._password,\n clientType: RecaptchaClientType.WEB\n };\n return handleRecaptchaFlow(\n auth,\n request,\n RecaptchaActionName.SIGN_IN_WITH_PASSWORD,\n signInWithPassword,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n case SignInMethod.EMAIL_LINK:\n return signInWithEmailLink(auth, {\n email: this._email,\n oobCode: this._password\n });\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n /** @internal */\n async _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n switch (this.signInMethod) {\n case SignInMethod.EMAIL_PASSWORD:\n const request: SignUpRequest = {\n idToken,\n returnSecureToken: true,\n email: this._email,\n password: this._password,\n clientType: RecaptchaClientType.WEB\n };\n return handleRecaptchaFlow(\n auth,\n request,\n RecaptchaActionName.SIGN_UP_PASSWORD,\n linkEmailPassword,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n case SignInMethod.EMAIL_LINK:\n return signInWithEmailLinkForLinking(auth, {\n idToken,\n email: this._email,\n oobCode: this._password\n });\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return this._getIdTokenResponse(auth);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performSignInRequest,\n Endpoint,\n HttpMethod,\n _addTidIfNecessary\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithEmailLinkRequest {\n email: string;\n oobCode: string;\n tenantId?: string;\n}\n\nexport interface SignInWithEmailLinkResponse extends IdTokenResponse {\n email: string;\n isNewUser: boolean;\n}\n\nexport async function signInWithEmailLink(\n auth: Auth,\n request: SignInWithEmailLinkRequest\n): Promise<SignInWithEmailLinkResponse> {\n return _performSignInRequest<\n SignInWithEmailLinkRequest,\n SignInWithEmailLinkResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_EMAIL_LINK,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface SignInWithEmailLinkForLinkingRequest\n extends SignInWithEmailLinkRequest {\n idToken: string;\n}\n\nexport async function signInWithEmailLinkForLinking(\n auth: Auth,\n request: SignInWithEmailLinkForLinkingRequest\n): Promise<SignInWithEmailLinkResponse> {\n return _performSignInRequest<\n SignInWithEmailLinkForLinkingRequest,\n SignInWithEmailLinkResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_EMAIL_LINK,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdToken, IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithIdpRequest {\n requestUri: string;\n postBody?: string;\n sessionId?: string;\n tenantId?: string;\n returnSecureToken: boolean;\n returnIdpCredential?: boolean;\n idToken?: IdToken;\n autoCreate?: boolean;\n pendingToken?: string;\n}\n\n/**\n * @internal\n */\nexport interface SignInWithIdpResponse extends IdTokenResponse {\n oauthAccessToken?: string;\n oauthTokenSecret?: string;\n nonce?: string;\n oauthIdToken?: string;\n pendingToken?: string;\n}\n\nexport async function signInWithIdp(\n auth: Auth,\n request: SignInWithIdpRequest\n): Promise<SignInWithIdpResponse> {\n return _performSignInRequest<SignInWithIdpRequest, SignInWithIdpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_IDP,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { querystring } from '@firebase/util';\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from '../util/assert';\nimport { AuthCredential } from './auth_credential';\n\nconst IDP_REQUEST_URI = 'http://localhost';\n\nexport interface OAuthCredentialParams {\n // OAuth 2 uses either id token or access token\n idToken?: string | null;\n accessToken?: string | null;\n\n // These fields are used with OAuth 1\n oauthToken?: string;\n secret?: string;\n oauthTokenSecret?: string;\n\n // Nonce is only set if pendingToken is not present\n nonce?: string;\n pendingToken?: string;\n\n // Utilities\n providerId: string;\n signInMethod: string;\n}\n\n/**\n * Represents the OAuth credentials returned by an {@link OAuthProvider}.\n *\n * @remarks\n * Implementations specify the details about each auth provider's credential requirements.\n *\n * @public\n */\nexport class OAuthCredential extends AuthCredential {\n /**\n * The OAuth ID token associated with the credential if it belongs to an OIDC provider,\n * such as `google.com`.\n * @readonly\n */\n idToken?: string;\n /**\n * The OAuth access token associated with the credential if it belongs to an\n * {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.\n * @readonly\n */\n accessToken?: string;\n /**\n * The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0\n * provider, such as `twitter.com`.\n * @readonly\n */\n secret?: string;\n\n private nonce?: string;\n private pendingToken: string | null = null;\n\n /** @internal */\n static _fromParams(params: OAuthCredentialParams): OAuthCredential {\n const cred = new OAuthCredential(params.providerId, params.signInMethod);\n\n if (params.idToken || params.accessToken) {\n // OAuth 2 and either ID token or access token.\n if (params.idToken) {\n cred.idToken = params.idToken;\n }\n\n if (params.accessToken) {\n cred.accessToken = params.accessToken;\n }\n\n // Add nonce if available and no pendingToken is present.\n if (params.nonce && !params.pendingToken) {\n cred.nonce = params.nonce;\n }\n\n if (params.pendingToken) {\n cred.pendingToken = params.pendingToken;\n }\n } else if (params.oauthToken && params.oauthTokenSecret) {\n // OAuth 1 and OAuth token with token secret\n cred.accessToken = params.oauthToken;\n cred.secret = params.oauthTokenSecret;\n } else {\n _fail(AuthErrorCode.ARGUMENT_ERROR);\n }\n\n return cred;\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n idToken: this.idToken,\n accessToken: this.accessToken,\n secret: this.secret,\n nonce: this.nonce,\n pendingToken: this.pendingToken,\n providerId: this.providerId,\n signInMethod: this.signInMethod\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an\n * {@link AuthCredential}.\n *\n * @param json - Input can be either Object or the stringified representation of the object.\n * When string is provided, JSON.parse would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: string | object): OAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n const { providerId, signInMethod, ...rest }: OAuthCredentialParams = obj;\n if (!providerId || !signInMethod) {\n return null;\n }\n\n const cred = new OAuthCredential(providerId, signInMethod);\n cred.idToken = rest.idToken || undefined;\n cred.accessToken = rest.accessToken || undefined;\n cred.secret = rest.secret;\n cred.nonce = rest.nonce;\n cred.pendingToken = rest.pendingToken || null;\n return cred;\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.idToken = idToken;\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.autoCreate = false;\n return signInWithIdp(auth, request);\n }\n\n private buildRequest(): SignInWithIdpRequest {\n const request: SignInWithIdpRequest = {\n requestUri: IDP_REQUEST_URI,\n returnSecureToken: true\n };\n\n if (this.pendingToken) {\n request.pendingToken = this.pendingToken;\n } else {\n const postBody: Record<string, string> = {};\n if (this.idToken) {\n postBody['id_token'] = this.idToken;\n }\n if (this.accessToken) {\n postBody['access_token'] = this.accessToken;\n }\n if (this.secret) {\n postBody['oauth_token_secret'] = this.secret;\n }\n\n postBody['providerId'] = this.providerId;\n if (this.nonce && !this.pendingToken) {\n postBody['nonce'] = this.nonce;\n }\n\n request.postBody = querystring(postBody);\n }\n\n return request;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _makeTaggedError,\n _performApiRequest,\n _performSignInRequest\n} from '../index';\nimport { AuthErrorCode } from '../../core/errors';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { ServerError, ServerErrorMap } from '../errors';\nimport { Auth } from '../../model/public_types';\n\nexport interface SendPhoneVerificationCodeRequest {\n phoneNumber: string;\n // reCAPTCHA v2 token\n recaptchaToken?: string;\n tenantId?: string;\n // reCAPTCHA Enterprise token\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SendPhoneVerificationCodeResponse {\n sessionInfo: string;\n}\n\nexport async function sendPhoneVerificationCode(\n auth: Auth,\n request: SendPhoneVerificationCodeRequest\n): Promise<SendPhoneVerificationCodeResponse> {\n return _performApiRequest<\n SendPhoneVerificationCodeRequest,\n SendPhoneVerificationCodeResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SEND_VERIFICATION_CODE,\n _addTidIfNecessary(auth, request)\n );\n}\n\n/**\n * @internal\n */\nexport interface SignInWithPhoneNumberRequest {\n temporaryProof?: string;\n phoneNumber?: string;\n sessionInfo?: string;\n code?: string;\n tenantId?: string;\n}\n\nexport interface LinkWithPhoneNumberRequest\n extends SignInWithPhoneNumberRequest {\n idToken: string;\n}\n\n/**\n * @internal\n */\nexport interface SignInWithPhoneNumberResponse extends IdTokenResponse {\n temporaryProof?: string;\n phoneNumber?: string;\n}\n\nexport async function signInWithPhoneNumber(\n auth: Auth,\n request: SignInWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n return _performSignInRequest<\n SignInWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport async function linkWithPhoneNumber(\n auth: Auth,\n request: LinkWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n const response = await _performSignInRequest<\n LinkWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, request)\n );\n if (response.temporaryProof) {\n throw _makeTaggedError(auth, AuthErrorCode.NEED_CONFIRMATION, response);\n }\n return response;\n}\n\ninterface VerifyPhoneNumberForExistingRequest\n extends SignInWithPhoneNumberRequest {\n operation: 'REAUTH';\n}\n\nconst VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_: Partial<\n ServerErrorMap<ServerError>\n> = {\n [ServerError.USER_NOT_FOUND]: AuthErrorCode.USER_DELETED\n};\n\nexport async function verifyPhoneNumberForExisting(\n auth: Auth,\n request: SignInWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n const apiRequest: VerifyPhoneNumberForExistingRequest = {\n ...request,\n operation: 'REAUTH'\n };\n return _performSignInRequest<\n VerifyPhoneNumberForExistingRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, apiRequest),\n VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport {\n linkWithPhoneNumber,\n signInWithPhoneNumber,\n SignInWithPhoneNumberRequest,\n verifyPhoneNumberForExisting\n} from '../../api/authentication/sms';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthCredential } from './auth_credential';\n\nexport interface PhoneAuthCredentialParameters {\n verificationId?: string;\n verificationCode?: string;\n phoneNumber?: string;\n temporaryProof?: string;\n}\n\n/**\n * Represents the credentials returned by {@link PhoneAuthProvider}.\n *\n * @public\n */\nexport class PhoneAuthCredential extends AuthCredential {\n private constructor(private readonly params: PhoneAuthCredentialParameters) {\n super(ProviderId.PHONE, SignInMethod.PHONE);\n }\n\n /** @internal */\n static _fromVerification(\n verificationId: string,\n verificationCode: string\n ): PhoneAuthCredential {\n return new PhoneAuthCredential({ verificationId, verificationCode });\n }\n\n /** @internal */\n static _fromTokenResponse(\n phoneNumber: string,\n temporaryProof: string\n ): PhoneAuthCredential {\n return new PhoneAuthCredential({ phoneNumber, temporaryProof });\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return signInWithPhoneNumber(auth, this._makeVerificationRequest());\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n return linkWithPhoneNumber(auth, {\n idToken,\n ...this._makeVerificationRequest()\n });\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return verifyPhoneNumberForExisting(auth, this._makeVerificationRequest());\n }\n\n /** @internal */\n _makeVerificationRequest(): SignInWithPhoneNumberRequest {\n const { temporaryProof, phoneNumber, verificationId, verificationCode } =\n this.params;\n if (temporaryProof && phoneNumber) {\n return { temporaryProof, phoneNumber };\n }\n\n return {\n sessionInfo: verificationId,\n code: verificationCode\n };\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n const obj: Record<string, string> = {\n providerId: this.providerId\n };\n if (this.params.phoneNumber) {\n obj.phoneNumber = this.params.phoneNumber;\n }\n if (this.params.temporaryProof) {\n obj.temporaryProof = this.params.temporaryProof;\n }\n if (this.params.verificationCode) {\n obj.verificationCode = this.params.verificationCode;\n }\n if (this.params.verificationId) {\n obj.verificationId = this.params.verificationId;\n }\n\n return obj;\n }\n\n /** Generates a phone credential based on a plain object or a JSON string. */\n static fromJSON(json: object | string): PhoneAuthCredential | null {\n if (typeof json === 'string') {\n json = JSON.parse(json);\n }\n\n const { verificationId, verificationCode, phoneNumber, temporaryProof } =\n json as { [key: string]: string };\n if (\n !verificationCode &&\n !verificationId &&\n !phoneNumber &&\n !temporaryProof\n ) {\n return null;\n }\n\n return new PhoneAuthCredential({\n verificationId,\n verificationCode,\n phoneNumber,\n temporaryProof\n });\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { extractQuerystring, querystringDecode } from '@firebase/util';\nimport { ActionCodeOperation } from '../model/public_types';\nimport { AuthErrorCode } from './errors';\nimport { _assert } from './util/assert';\n\n/**\n * Enums for fields in URL query string.\n *\n * @enum {string}\n */\nconst enum QueryField {\n API_KEY = 'apiKey',\n CODE = 'oobCode',\n CONTINUE_URL = 'continueUrl',\n LANGUAGE_CODE = 'languageCode',\n MODE = 'mode',\n TENANT_ID = 'tenantId'\n}\n\n/**\n * Maps the mode string in action code URL to Action Code Info operation.\n *\n * @param mode\n */\nfunction parseMode(mode: string | null): ActionCodeOperation | null {\n switch (mode) {\n case 'recoverEmail':\n return ActionCodeOperation.RECOVER_EMAIL;\n case 'resetPassword':\n return ActionCodeOperation.PASSWORD_RESET;\n case 'signIn':\n return ActionCodeOperation.EMAIL_SIGNIN;\n case 'verifyEmail':\n return ActionCodeOperation.VERIFY_EMAIL;\n case 'verifyAndChangeEmail':\n return ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL;\n case 'revertSecondFactorAddition':\n return ActionCodeOperation.REVERT_SECOND_FACTOR_ADDITION;\n default:\n return null;\n }\n}\n\n/**\n * Helper to parse FDL links\n *\n * @param url\n */\nfunction parseDeepLink(url: string): string {\n const link = querystringDecode(extractQuerystring(url))['link'];\n\n // Double link case (automatic redirect).\n const doubleDeepLink = link\n ? querystringDecode(extractQuerystring(link))['deep_link_id']\n : null;\n // iOS custom scheme links.\n const iOSDeepLink = querystringDecode(extractQuerystring(url))[\n 'deep_link_id'\n ];\n const iOSDoubleDeepLink = iOSDeepLink\n ? querystringDecode(extractQuerystring(iOSDeepLink))['link']\n : null;\n return iOSDoubleDeepLink || iOSDeepLink || doubleDeepLink || link || url;\n}\n\n/**\n * A utility class to parse email action URLs such as password reset, email verification,\n * email link sign in, etc.\n *\n * @public\n */\nexport class ActionCodeURL {\n /**\n * The API key of the email action link.\n */\n readonly apiKey: string;\n /**\n * The action code of the email action link.\n */\n readonly code: string;\n /**\n * The continue URL of the email action link. Null if not provided.\n */\n readonly continueUrl: string | null;\n /**\n * The language code of the email action link. Null if not provided.\n */\n readonly languageCode: string | null;\n /**\n * The action performed by the email action link. It returns from one of the types from\n * {@link ActionCodeInfo}\n */\n readonly operation: string;\n /**\n * The tenant ID of the email action link. Null if the email action is from the parent project.\n */\n readonly tenantId: string | null;\n\n /**\n * @param actionLink - The link from which to extract the URL.\n * @returns The {@link ActionCodeURL} object, or null if the link is invalid.\n *\n * @internal\n */\n constructor(actionLink: string) {\n const searchParams = querystringDecode(extractQuerystring(actionLink));\n const apiKey = searchParams[QueryField.API_KEY] ?? null;\n const code = searchParams[QueryField.CODE] ?? null;\n const operation = parseMode(searchParams[QueryField.MODE] ?? null);\n // Validate API key, code and mode.\n _assert(apiKey && code && operation, AuthErrorCode.ARGUMENT_ERROR);\n this.apiKey = apiKey;\n this.operation = operation;\n this.code = code;\n this.continueUrl = searchParams[QueryField.CONTINUE_URL] ?? null;\n this.languageCode = searchParams[QueryField.LANGUAGE_CODE] ?? null;\n this.tenantId = searchParams[QueryField.TENANT_ID] ?? null;\n }\n\n /**\n * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,\n * otherwise returns null.\n *\n * @param link - The email action link string.\n * @returns The {@link ActionCodeURL} object, or null if the link is invalid.\n *\n * @public\n */\n static parseLink(link: string): ActionCodeURL | null {\n const actionLink = parseDeepLink(link);\n try {\n return new ActionCodeURL(actionLink);\n } catch {\n return null;\n }\n }\n}\n\n/**\n * Parses the email action link string and returns an {@link ActionCodeURL} if\n * the link is valid, otherwise returns null.\n *\n * @public\n */\nexport function parseActionCodeURL(link: string): ActionCodeURL | null {\n return ActionCodeURL.parseLink(link);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\nimport { AuthProvider } from '../../model/public_types';\n\nimport { ActionCodeURL } from '../action_code_url';\nimport { EmailAuthCredential } from '../credentials/email';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\n\n/**\n * Provider for generating {@link EmailAuthCredential}.\n *\n * @public\n */\nexport class EmailAuthProvider implements AuthProvider {\n /**\n * Always set to {@link ProviderId}.PASSWORD, even for email link.\n */\n static readonly PROVIDER_ID: 'password' = ProviderId.PASSWORD;\n /**\n * Always set to {@link SignInMethod}.EMAIL_PASSWORD.\n */\n static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password' =\n SignInMethod.EMAIL_PASSWORD;\n /**\n * Always set to {@link SignInMethod}.EMAIL_LINK.\n */\n static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink' =\n SignInMethod.EMAIL_LINK;\n /**\n * Always set to {@link ProviderId}.PASSWORD, even for email link.\n */\n readonly providerId = EmailAuthProvider.PROVIDER_ID;\n\n /**\n * Initialize an {@link AuthCredential} using an email and password.\n *\n * @example\n * ```javascript\n * const authCredential = EmailAuthProvider.credential(email, password);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * ```javascript\n * const userCredential = await signInWithEmailAndPassword(auth, email, password);\n * ```\n *\n * @param email - Email address.\n * @param password - User account password.\n * @returns The auth provider credential.\n */\n static credential(email: string, password: string): EmailAuthCredential {\n return EmailAuthCredential._fromEmailAndPassword(email, password);\n }\n\n /**\n * Initialize an {@link AuthCredential} using an email and an email link after a sign in with\n * email link operation.\n *\n * @example\n * ```javascript\n * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * ```javascript\n * await sendSignInLinkToEmail(auth, email);\n * // Obtain emailLink from user.\n * const userCredential = await signInWithEmailLink(auth, email, emailLink);\n * ```\n *\n * @param auth - The {@link Auth} instance used to verify the link.\n * @param email - Email address.\n * @param emailLink - Sign-in email link.\n * @returns - The auth provider credential.\n */\n static credentialWithLink(\n email: string,\n emailLink: string\n ): EmailAuthCredential {\n const actionCodeUrl = ActionCodeURL.parseLink(emailLink);\n _assert(actionCodeUrl, AuthErrorCode.ARGUMENT_ERROR);\n\n return EmailAuthCredential._fromEmailAndCode(\n email,\n actionCodeUrl.code,\n actionCodeUrl.tenantId\n );\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider } from '../../model/public_types';\n\n/**\n * Map of OAuth Custom Parameters.\n *\n * @public\n */\nexport type CustomParameters = Record<string, string>;\n\n/**\n * The base class for all Federated providers (OAuth (including OIDC), SAML).\n *\n * This class is not meant to be instantiated directly.\n *\n * @public\n */\nexport abstract class FederatedAuthProvider implements AuthProvider {\n /** @internal */\n defaultLanguageCode: string | null = null;\n /** @internal */\n private customParameters: CustomParameters = {};\n\n /**\n * Constructor for generic OAuth providers.\n *\n * @param providerId - Provider for which credentials should be generated.\n */\n constructor(readonly providerId: string) {}\n\n /**\n * Set the language gode.\n *\n * @param languageCode - language code\n */\n setDefaultLanguage(languageCode: string | null): void {\n this.defaultLanguageCode = languageCode;\n }\n\n /**\n * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in\n * operations.\n *\n * @remarks\n * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,\n * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.\n *\n * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.\n */\n setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider {\n this.customParameters = customOAuthParameters;\n return this;\n }\n\n /**\n * Retrieve the current list of {@link CustomParameters}.\n */\n getCustomParameters(): CustomParameters {\n return this.customParameters;\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider, UserCredential } from '../../model/public_types';\n\nimport { _assert } from '../util/assert';\nimport { AuthErrorCode } from '../errors';\n\nimport { OAuthCredential, OAuthCredentialParams } from '../credentials/oauth';\nimport { UserCredentialInternal } from '../../model/user';\nimport { FirebaseError } from '@firebase/util';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { SignInWithIdpResponse } from '../../../internal';\nimport { FederatedAuthProvider } from './federated';\n\n/**\n * Defines the options for initializing an {@link OAuthCredential}.\n *\n * @remarks\n * For ID tokens with nonce claim, the raw nonce has to also be provided.\n *\n * @public\n */\nexport interface OAuthCredentialOptions {\n /**\n * The OAuth ID token used to initialize the {@link OAuthCredential}.\n */\n idToken?: string;\n /**\n * The OAuth access token used to initialize the {@link OAuthCredential}.\n */\n accessToken?: string;\n /**\n * The raw nonce associated with the ID token.\n *\n * @remarks\n * It is required when an ID token with a nonce field is provided. The SHA-256 hash of the\n * raw nonce must match the nonce field in the ID token.\n */\n rawNonce?: string;\n}\n\n/**\n * Common code to all OAuth providers. This is separate from the\n * {@link OAuthProvider} so that child providers (like\n * {@link GoogleAuthProvider}) don't inherit the `credential` instance method.\n * Instead, they rely on a static `credential` method.\n */\nexport abstract class BaseOAuthProvider\n extends FederatedAuthProvider\n implements AuthProvider\n{\n /** @internal */\n private scopes: string[] = [];\n\n /**\n * Add an OAuth scope to the credential.\n *\n * @param scope - Provider OAuth scope to add.\n */\n addScope(scope: string): AuthProvider {\n // If not already added, add scope to list.\n if (!this.scopes.includes(scope)) {\n this.scopes.push(scope);\n }\n return this;\n }\n\n /**\n * Retrieve the current list of OAuth scopes.\n */\n getScopes(): string[] {\n return [...this.scopes];\n }\n}\n\n/**\n * Provider for generating generic {@link OAuthCredential}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new OAuthProvider('google.com');\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('profile');\n * provider.addScope('email');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a OAuth Access Token for the provider.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new OAuthProvider('google.com');\n * provider.addScope('profile');\n * provider.addScope('email');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a OAuth Access Token for the provider.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * ```\n * @public\n */\nexport class OAuthProvider extends BaseOAuthProvider {\n /**\n * Creates an {@link OAuthCredential} from a JSON string or a plain object.\n * @param json - A plain object or a JSON string\n */\n static credentialFromJSON(json: object | string): OAuthCredential {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n _assert(\n 'providerId' in obj && 'signInMethod' in obj,\n AuthErrorCode.ARGUMENT_ERROR\n );\n return OAuthCredential._fromParams(obj);\n }\n\n /**\n * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.\n *\n * @remarks\n * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of\n * the raw nonce must match the nonce field in the ID token.\n *\n * @example\n * ```javascript\n * // `googleUser` from the onsuccess Google Sign In callback.\n * // Initialize a generate OAuth provider with a `google.com` providerId.\n * const provider = new OAuthProvider('google.com');\n * const credential = provider.credential({\n * idToken: googleUser.getAuthResponse().id_token,\n * });\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param params - Either the options object containing the ID token, access token and raw nonce\n * or the ID token string.\n */\n credential(params: OAuthCredentialOptions): OAuthCredential {\n return this._credential({ ...params, nonce: params.rawNonce });\n }\n\n /** An internal credential method that accepts more permissive options */\n private _credential(\n params: Omit<OAuthCredentialParams, 'signInMethod' | 'providerId'>\n ): OAuthCredential {\n _assert(params.idToken || params.accessToken, AuthErrorCode.ARGUMENT_ERROR);\n // For OAuthCredential, sign in method is same as providerId.\n return OAuthCredential._fromParams({\n ...params,\n providerId: this.providerId,\n signInMethod: this.providerId\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return OAuthProvider.oauthCredentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return OAuthProvider.oauthCredentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static oauthCredentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const {\n oauthIdToken,\n oauthAccessToken,\n oauthTokenSecret,\n pendingToken,\n nonce,\n providerId\n } = tokenResponse as SignInWithIdpResponse;\n if (\n !oauthAccessToken &&\n !oauthTokenSecret &&\n !oauthIdToken &&\n !pendingToken\n ) {\n return null;\n }\n\n if (!providerId) {\n return null;\n }\n\n try {\n return new OAuthProvider(providerId)._credential({\n idToken: oauthIdToken,\n accessToken: oauthAccessToken,\n nonce,\n pendingToken\n });\n } catch (e) {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('user_birthday');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = FacebookAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new FacebookAuthProvider();\n * provider.addScope('user_birthday');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = FacebookAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n *\n * @public\n */\nexport class FacebookAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.FACEBOOK. */\n static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com' =\n SignInMethod.FACEBOOK;\n /** Always set to {@link ProviderId}.FACEBOOK. */\n static readonly PROVIDER_ID: 'facebook.com' = ProviderId.FACEBOOK;\n\n constructor() {\n super(ProviderId.FACEBOOK);\n }\n\n /**\n * Creates a credential for Facebook.\n *\n * @example\n * ```javascript\n * // `event` from the Facebook auth.authResponseChange callback.\n * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param accessToken - Facebook access token.\n */\n static credential(accessToken: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: FacebookAuthProvider.PROVIDER_ID,\n signInMethod: FacebookAuthProvider.FACEBOOK_SIGN_IN_METHOD,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return FacebookAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return FacebookAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse || !('oauthAccessToken' in tokenResponse)) {\n return null;\n }\n\n if (!tokenResponse.oauthAccessToken) {\n return null;\n }\n\n try {\n return FacebookAuthProvider.credential(tokenResponse.oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new GoogleAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('profile');\n * provider.addScope('email');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Google Access Token.\n * const credential = GoogleAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new GoogleAuthProvider();\n * provider.addScope('profile');\n * provider.addScope('email');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Google Access Token.\n * const credential = GoogleAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n *\n * @public\n */\nexport class GoogleAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.GOOGLE. */\n static readonly GOOGLE_SIGN_IN_METHOD: 'google.com' = SignInMethod.GOOGLE;\n /** Always set to {@link ProviderId}.GOOGLE. */\n static readonly PROVIDER_ID: 'google.com' = ProviderId.GOOGLE;\n\n constructor() {\n super(ProviderId.GOOGLE);\n this.addScope('profile');\n }\n\n /**\n * Creates a credential for Google. At least one of ID token and access token is required.\n *\n * @example\n * ```javascript\n * // \\`googleUser\\` from the onsuccess Google Sign In callback.\n * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param idToken - Google ID token.\n * @param accessToken - Google access token.\n */\n static credential(\n idToken?: string | null,\n accessToken?: string | null\n ): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: GoogleAuthProvider.PROVIDER_ID,\n signInMethod: GoogleAuthProvider.GOOGLE_SIGN_IN_METHOD,\n idToken,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return GoogleAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return GoogleAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const { oauthIdToken, oauthAccessToken } =\n tokenResponse as SignInWithIdpResponse;\n if (!oauthIdToken && !oauthAccessToken) {\n // This could be an oauth 1 credential or a phone credential\n return null;\n }\n\n try {\n return GoogleAuthProvider.credential(oauthIdToken, oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.\n *\n * @remarks\n * GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use\n * the {@link signInWithPopup} handler:\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new GithubAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('repo');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a GitHub Access Token.\n * const credential = GithubAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new GithubAuthProvider();\n * provider.addScope('repo');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a GitHub Access Token.\n * const credential = GithubAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n * @public\n */\nexport class GithubAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.GITHUB. */\n static readonly GITHUB_SIGN_IN_METHOD: 'github.com' = SignInMethod.GITHUB;\n /** Always set to {@link ProviderId}.GITHUB. */\n static readonly PROVIDER_ID: 'github.com' = ProviderId.GITHUB;\n\n constructor() {\n super(ProviderId.GITHUB);\n }\n\n /**\n * Creates a credential for GitHub.\n *\n * @param accessToken - GitHub access token.\n */\n static credential(accessToken: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: GithubAuthProvider.PROVIDER_ID,\n signInMethod: GithubAuthProvider.GITHUB_SIGN_IN_METHOD,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return GithubAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return GithubAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse || !('oauthAccessToken' in tokenResponse)) {\n return null;\n }\n\n if (!tokenResponse.oauthAccessToken) {\n return null;\n }\n\n try {\n return GithubAuthProvider.credential(tokenResponse.oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Represents the SAML credentials returned by an {@link SAMLAuthProvider}.\n *\n * @public\n */\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthCredential } from './auth_credential';\n\nconst IDP_REQUEST_URI = 'http://localhost';\n\n/**\n * @public\n */\nexport class SAMLAuthCredential extends AuthCredential {\n /** @internal */\n private constructor(\n providerId: string,\n private readonly pendingToken: string\n ) {\n super(providerId, providerId);\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.idToken = idToken;\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.autoCreate = false;\n return signInWithIdp(auth, request);\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n signInMethod: this.signInMethod,\n providerId: this.providerId,\n pendingToken: this.pendingToken\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an\n * {@link AuthCredential}.\n *\n * @param json - Input can be either Object or the stringified representation of the object.\n * When string is provided, JSON.parse would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: string | object): SAMLAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n const { providerId, signInMethod, pendingToken }: Record<string, string> =\n obj;\n if (\n !providerId ||\n !signInMethod ||\n !pendingToken ||\n providerId !== signInMethod\n ) {\n return null;\n }\n\n return new SAMLAuthCredential(providerId, pendingToken);\n }\n\n /**\n * Helper static method to avoid exposing the constructor to end users.\n *\n * @internal\n */\n static _create(providerId: string, pendingToken: string): SAMLAuthCredential {\n return new SAMLAuthCredential(providerId, pendingToken);\n }\n\n private buildRequest(): SignInWithIdpRequest {\n return {\n requestUri: IDP_REQUEST_URI,\n returnSecureToken: true,\n pendingToken: this.pendingToken\n };\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredential } from '../../model/public_types';\nimport { UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { SAMLAuthCredential } from '../credentials/saml';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { FederatedAuthProvider } from './federated';\n\nconst SAML_PROVIDER_PREFIX = 'saml.';\n\n/**\n * An {@link AuthProvider} for SAML.\n *\n * @public\n */\nexport class SAMLAuthProvider extends FederatedAuthProvider {\n /**\n * Constructor. The providerId must start with \"saml.\"\n * @param providerId - SAML provider ID.\n */\n constructor(providerId: string) {\n _assert(\n providerId.startsWith(SAML_PROVIDER_PREFIX),\n AuthErrorCode.ARGUMENT_ERROR\n );\n super(providerId);\n }\n\n /**\n * Generates an {@link AuthCredential} from a {@link UserCredential} after a\n * successful SAML flow completes.\n *\n * @remarks\n *\n * For example, to get an {@link AuthCredential}, you could write the\n * following code:\n *\n * ```js\n * const userCredential = await signInWithPopup(auth, samlProvider);\n * const credential = SAMLAuthProvider.credentialFromResult(userCredential);\n * ```\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): AuthCredential | null {\n return SAMLAuthProvider.samlCredentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): AuthCredential | null {\n return SAMLAuthProvider.samlCredentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n /**\n * Creates an {@link AuthCredential} from a JSON string or a plain object.\n * @param json - A plain object or a JSON string\n */\n static credentialFromJSON(json: string | object): AuthCredential {\n const credential = SAMLAuthCredential.fromJSON(json);\n _assert(credential, AuthErrorCode.ARGUMENT_ERROR);\n return credential;\n }\n\n private static samlCredentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): SAMLAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const { pendingToken, providerId } = tokenResponse as SignInWithIdpResponse;\n\n if (!pendingToken || !providerId) {\n return null;\n }\n\n try {\n return SAMLAuthCredential._create(providerId, pendingToken);\n } catch (e) {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @license\n * Copyright 2020 Twitter LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new TwitterAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Twitter Access Token and Secret.\n * const credential = TwitterAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * const secret = credential.secret;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new TwitterAuthProvider();\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Twitter Access Token and Secret.\n * const credential = TwitterAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * const secret = credential.secret;\n * ```\n *\n * @public\n */\nexport class TwitterAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.TWITTER. */\n static readonly TWITTER_SIGN_IN_METHOD: 'twitter.com' = SignInMethod.TWITTER;\n /** Always set to {@link ProviderId}.TWITTER. */\n static readonly PROVIDER_ID: 'twitter.com' = ProviderId.TWITTER;\n\n constructor() {\n super(ProviderId.TWITTER);\n }\n\n /**\n * Creates a credential for Twitter.\n *\n * @param token - Twitter access token.\n * @param secret - Twitter secret.\n */\n static credential(token: string, secret: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: TwitterAuthProvider.PROVIDER_ID,\n signInMethod: TwitterAuthProvider.TWITTER_SIGN_IN_METHOD,\n oauthToken: token,\n oauthTokenSecret: secret\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return TwitterAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return TwitterAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n const { oauthAccessToken, oauthTokenSecret } =\n tokenResponse as SignInWithIdpResponse;\n if (!oauthAccessToken || !oauthTokenSecret) {\n return null;\n }\n\n try {\n return TwitterAuthProvider.credential(oauthAccessToken, oauthTokenSecret);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignUpRequest {\n idToken?: string;\n returnSecureToken?: boolean;\n email?: string;\n password?: string;\n tenantId?: string;\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SignUpResponse extends IdTokenResponse {\n displayName?: string;\n email?: string;\n}\n\nexport async function signUp(\n auth: Auth,\n request: SignUpRequest\n): Promise<SignUpResponse> {\n return _performSignInRequest<SignUpRequest, SignUpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_UP,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { UserImpl } from './user_impl';\nimport { AuthInternal } from '../../model/auth';\nimport { OperationType, ProviderId } from '../../model/enums';\n\ninterface UserCredentialParams {\n readonly user: UserInternal;\n readonly providerId: ProviderId | string | null;\n readonly _tokenResponse?: PhoneOrOauthTokenResponse;\n readonly operationType: OperationType;\n}\n\nexport class UserCredentialImpl\n implements UserCredentialInternal, UserCredentialParams\n{\n readonly user: UserInternal;\n readonly providerId: ProviderId | string | null;\n readonly _tokenResponse: PhoneOrOauthTokenResponse | undefined;\n readonly operationType: OperationType;\n\n constructor(params: UserCredentialParams) {\n this.user = params.user;\n this.providerId = params.providerId;\n this._tokenResponse = params._tokenResponse;\n this.operationType = params.operationType;\n }\n\n static async _fromIdTokenResponse(\n auth: AuthInternal,\n operationType: OperationType,\n idTokenResponse: IdTokenResponse,\n isAnonymous: boolean = false\n ): Promise<UserCredentialInternal> {\n const user = await UserImpl._fromIdTokenResponse(\n auth,\n idTokenResponse,\n isAnonymous\n );\n const providerId = providerIdForResponse(idTokenResponse);\n const userCred = new UserCredentialImpl({\n user,\n providerId,\n _tokenResponse: idTokenResponse,\n operationType\n });\n return userCred;\n }\n\n static async _forOperation(\n user: UserInternal,\n operationType: OperationType,\n response: PhoneOrOauthTokenResponse\n ): Promise<UserCredentialImpl> {\n await user._updateTokensIfNecessary(response, /* reload */ true);\n const providerId = providerIdForResponse(response);\n return new UserCredentialImpl({\n user,\n providerId,\n _tokenResponse: response,\n operationType\n });\n }\n}\n\nfunction providerIdForResponse(\n response: IdTokenResponse\n): ProviderId | string | null {\n if (response.providerId) {\n return response.providerId;\n }\n\n if ('phoneNumber' in response) {\n return ProviderId.PHONE;\n }\n\n return null;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, UserCredential } from '../../model/public_types';\nimport { signUp } from '../../api/authentication/sign_up';\nimport { UserInternal } from '../../model/user';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { OperationType } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\n/**\n * Asynchronously signs in as an anonymous user.\n *\n * @remarks\n * If there is already an anonymous user signed in, that user will be returned; otherwise, a\n * new anonymous user identity will be created and returned.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport async function signInAnonymously(auth: Auth): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n await authInternal._initializationPromise;\n if (authInternal.currentUser?.isAnonymous) {\n // If an anonymous user is already signed in, no need to sign them in again.\n return new UserCredentialImpl({\n user: authInternal.currentUser as UserInternal,\n providerId: null,\n operationType: OperationType.SIGN_IN\n });\n }\n const response = await signUp(authInternal, {\n returnSecureToken: true\n });\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response,\n true\n );\n await authInternal._updateCurrentUser(userCredential.user);\n return userCredential;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { MultiFactorError as MultiFactorErrorPublic } from '../model/public_types';\nimport { FirebaseError } from '@firebase/util';\nimport { AuthInternal } from '../model/auth';\nimport { IdTokenResponse } from '../model/id_token';\nimport { AuthErrorCode } from '../core/errors';\nimport { UserInternal } from '../model/user';\nimport { AuthCredential } from '../core/credentials';\nimport { IdTokenMfaResponse } from '../api/authentication/mfa';\nimport { OperationType } from '../model/enums';\n\nexport type MultiFactorErrorData = MultiFactorErrorPublic['customData'] & {\n _serverResponse: IdTokenMfaResponse;\n};\n\nexport class MultiFactorError\n extends FirebaseError\n implements MultiFactorErrorPublic\n{\n readonly customData: MultiFactorErrorData;\n\n private constructor(\n auth: AuthInternal,\n error: FirebaseError,\n readonly operationType: OperationType,\n readonly user?: UserInternal\n ) {\n super(error.code, error.message);\n // https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MultiFactorError.prototype);\n this.customData = {\n appName: auth.name,\n tenantId: auth.tenantId ?? undefined,\n _serverResponse: error.customData!._serverResponse as IdTokenMfaResponse,\n operationType\n };\n }\n\n static _fromErrorAndOperation(\n auth: AuthInternal,\n error: FirebaseError,\n operationType: OperationType,\n user?: UserInternal\n ): MultiFactorError {\n return new MultiFactorError(auth, error, operationType, user);\n }\n}\n\nexport function _processCredentialSavingMfaContextIfNecessary(\n auth: AuthInternal,\n operationType: OperationType,\n credential: AuthCredential,\n user?: UserInternal\n): Promise<IdTokenResponse> {\n const idTokenProvider =\n operationType === OperationType.REAUTHENTICATE\n ? credential._getReauthenticationResolver(auth)\n : credential._getIdTokenResponse(auth);\n\n return idTokenProvider.catch(error => {\n if (error.code === `auth/${AuthErrorCode.MFA_REQUIRED}`) {\n throw MultiFactorError._fromErrorAndOperation(\n auth,\n error,\n operationType,\n user\n );\n }\n\n throw error;\n });\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport interface ProviderAssociatedObject {\n providerId?: string;\n}\n\n/**\n * Takes a set of UserInfo provider data and converts it to a set of names\n */\nexport function providerDataAsNames<T extends ProviderAssociatedObject>(\n providerData: T[]\n): Set<string> {\n return new Set(\n providerData\n .map(({ providerId }) => providerId)\n .filter(pid => !!pid) as string[]\n );\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User } from '../../model/public_types';\n\nimport { deleteLinkedAccounts } from '../../api/account_management/account';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { providerDataAsNames } from '../util/providers';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { _reloadWithoutSaving } from './reload';\nimport { UserCredentialImpl } from './user_credential_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType, ProviderId } from '../../model/enums';\n\n/**\n * Unlinks a provider from a user account.\n *\n * @param user - The user.\n * @param providerId - The provider to unlink.\n *\n * @public\n */\nexport async function unlink(user: User, providerId: string): Promise<User> {\n const userInternal = getModularInstance(user) as UserInternal;\n await _assertLinkedStatus(true, userInternal, providerId);\n const { providerUserInfo } = await deleteLinkedAccounts(userInternal.auth, {\n idToken: await userInternal.getIdToken(),\n deleteProvider: [providerId]\n });\n\n const providersLeft = providerDataAsNames(providerUserInfo || []);\n\n userInternal.providerData = userInternal.providerData.filter(pd =>\n providersLeft.has(pd.providerId)\n );\n if (!providersLeft.has(ProviderId.PHONE)) {\n userInternal.phoneNumber = null;\n }\n\n await userInternal.auth._persistUserIfCurrent(userInternal);\n return userInternal;\n}\n\nexport async function _link(\n user: UserInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredentialInternal> {\n const response = await _logoutIfInvalidated(\n user,\n credential._linkToIdToken(user.auth, await user.getIdToken()),\n bypassAuthState\n );\n return UserCredentialImpl._forOperation(user, OperationType.LINK, response);\n}\n\nexport async function _assertLinkedStatus(\n expected: boolean,\n user: UserInternal,\n provider: string\n): Promise<void> {\n await _reloadWithoutSaving(user);\n const providerIds = providerDataAsNames(user.providerData);\n\n const code =\n expected === false\n ? AuthErrorCode.PROVIDER_ALREADY_LINKED\n : AuthErrorCode.NO_SUCH_PROVIDER;\n _assert(providerIds.has(provider) === expected, user.auth, code);\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { _processCredentialSavingMfaContextIfNecessary } from '../../mfa/mfa_error';\nimport { OperationType } from '../../model/enums';\nimport { UserInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { AuthErrorCode } from '../errors';\nimport { _assert, _fail } from '../util/assert';\nimport { _parseToken } from './id_token_result';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { UserCredentialImpl } from './user_credential_impl';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\nexport async function _reauthenticate(\n user: UserInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredentialImpl> {\n const { auth } = user;\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const operationType = OperationType.REAUTHENTICATE;\n\n try {\n const response = await _logoutIfInvalidated(\n user,\n _processCredentialSavingMfaContextIfNecessary(\n auth,\n operationType,\n credential,\n user\n ),\n bypassAuthState\n );\n _assert(response.idToken, auth, AuthErrorCode.INTERNAL_ERROR);\n const parsed = _parseToken(response.idToken);\n _assert(parsed, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const { sub: localId } = parsed;\n _assert(user.uid === localId, auth, AuthErrorCode.USER_MISMATCH);\n\n return UserCredentialImpl._forOperation(user, operationType, response);\n } catch (e) {\n // Convert user deleted error into user mismatch\n if ((e as FirebaseError)?.code === `auth/${AuthErrorCode.USER_DELETED}`) {\n _fail(auth, AuthErrorCode.USER_MISMATCH);\n }\n throw e;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential, Auth, User } from '../../model/public_types';\n\nimport { _processCredentialSavingMfaContextIfNecessary } from '../../mfa/mfa_error';\nimport { AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { _assertLinkedStatus, _link } from '../user/link_unlink';\nimport { _reauthenticate } from '../user/reauthenticate';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\nexport async function _signInWithCredential(\n auth: AuthInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const operationType = OperationType.SIGN_IN;\n const response = await _processCredentialSavingMfaContextIfNecessary(\n auth,\n operationType,\n credential\n );\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n auth,\n operationType,\n response\n );\n\n if (!bypassAuthState) {\n await auth._updateCurrentUser(userCredential.user);\n }\n return userCredential;\n}\n\n/**\n * Asynchronously signs in with the given credentials.\n *\n * @remarks\n * An {@link AuthProvider} can be used to generate the credential.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function signInWithCredential(\n auth: Auth,\n credential: AuthCredential\n): Promise<UserCredential> {\n return _signInWithCredential(_castAuth(auth), credential);\n}\n\n/**\n * Links the user account with the given credentials.\n *\n * @remarks\n * An {@link AuthProvider} can be used to generate the credential.\n *\n * @param user - The user.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function linkWithCredential(\n user: User,\n credential: AuthCredential\n): Promise<UserCredential> {\n const userInternal = getModularInstance(user) as UserInternal;\n\n await _assertLinkedStatus(false, userInternal, credential.providerId);\n\n return _link(userInternal, credential);\n}\n\n/**\n * Re-authenticates a user using a fresh credential.\n *\n * @remarks\n * Use before operations such as {@link updatePassword} that require tokens from recent sign-in\n * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error\n * or a `TOKEN_EXPIRED` error.\n *\n * This method is not supported on any {@link User} signed in by {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @param user - The user.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function reauthenticateWithCredential(\n user: User,\n credential: AuthCredential\n): Promise<UserCredential> {\n return _reauthenticate(getModularInstance(user) as UserInternal, credential);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, UserCredential } from '../../model/public_types';\n\nimport { signInWithCustomToken as getIdTokenResponse } from '../../api/authentication/custom_token';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { OperationType } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n/**\n * Asynchronously signs in using a custom token.\n *\n * @remarks\n * Custom tokens are used to integrate Firebase Auth with existing auth systems, and must\n * be generated by an auth backend using the\n * {@link https://firebase.google.com/docs/reference/admin/node/admin.auth.Auth#createcustomtoken | createCustomToken}\n * method in the {@link https://firebase.google.com/docs/auth/admin | Admin SDK} .\n *\n * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n * @param customToken - The custom token to sign in with.\n *\n * @public\n */\nexport async function signInWithCustomToken(\n auth: Auth,\n customToken: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n const response: IdTokenResponse = await getIdTokenResponse(authInternal, {\n token: customToken,\n returnSecureToken: true\n });\n const cred = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response\n );\n await authInternal._updateCurrentUser(cred.user);\n return cred;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithCustomTokenRequest {\n token: string;\n returnSecureToken: boolean;\n tenantId?: string;\n}\n\nexport interface SignInWithCustomTokenResponse extends IdTokenResponse {}\n\nexport async function signInWithCustomToken(\n auth: Auth,\n request: SignInWithCustomTokenRequest\n): Promise<SignInWithCustomTokenResponse> {\n return _performSignInRequest<\n SignInWithCustomTokenRequest,\n SignInWithCustomTokenResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_CUSTOM_TOKEN,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n FactorId,\n MultiFactorInfo,\n PhoneMultiFactorInfo,\n TotpMultiFactorInfo\n} from '../model/public_types';\nimport {\n PhoneMfaEnrollment,\n MfaEnrollment,\n TotpMfaEnrollment\n} from '../api/account_management/mfa';\nimport { AuthErrorCode } from '../core/errors';\nimport { _fail } from '../core/util/assert';\nimport { AuthInternal } from '../model/auth';\n\nexport abstract class MultiFactorInfoImpl implements MultiFactorInfo {\n readonly uid: string;\n readonly displayName?: string | null;\n readonly enrollmentTime: string;\n\n protected constructor(readonly factorId: FactorId, response: MfaEnrollment) {\n this.uid = response.mfaEnrollmentId;\n this.enrollmentTime = new Date(response.enrolledAt).toUTCString();\n this.displayName = response.displayName;\n }\n\n static _fromServerResponse(\n auth: AuthInternal,\n enrollment: MfaEnrollment\n ): MultiFactorInfoImpl {\n if ('phoneInfo' in enrollment) {\n return PhoneMultiFactorInfoImpl._fromServerResponse(auth, enrollment);\n } else if ('totpInfo' in enrollment) {\n return TotpMultiFactorInfoImpl._fromServerResponse(auth, enrollment);\n }\n return _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n}\n\nexport class PhoneMultiFactorInfoImpl\n extends MultiFactorInfoImpl\n implements PhoneMultiFactorInfo\n{\n readonly phoneNumber: string;\n\n private constructor(response: PhoneMfaEnrollment) {\n super(FactorId.PHONE, response);\n this.phoneNumber = response.phoneInfo;\n }\n\n static _fromServerResponse(\n _auth: AuthInternal,\n enrollment: MfaEnrollment\n ): PhoneMultiFactorInfoImpl {\n return new PhoneMultiFactorInfoImpl(enrollment as PhoneMfaEnrollment);\n }\n}\nexport class TotpMultiFactorInfoImpl\n extends MultiFactorInfoImpl\n implements TotpMultiFactorInfo\n{\n private constructor(response: TotpMfaEnrollment) {\n super(FactorId.TOTP, response);\n }\n\n static _fromServerResponse(\n _auth: AuthInternal,\n enrollment: MfaEnrollment\n ): TotpMultiFactorInfoImpl {\n return new TotpMultiFactorInfoImpl(enrollment as TotpMfaEnrollment);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeSettings, Auth } from '../../model/public_types';\n\nimport { GetOobCodeRequest } from '../../api/authentication/email_and_password';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\n\nexport function _setActionCodeSettingsOnRequest(\n auth: Auth,\n request: GetOobCodeRequest,\n actionCodeSettings: ActionCodeSettings\n): void {\n _assert(\n actionCodeSettings.url?.length > 0,\n auth,\n AuthErrorCode.INVALID_CONTINUE_URI\n );\n _assert(\n typeof actionCodeSettings.dynamicLinkDomain === 'undefined' ||\n actionCodeSettings.dynamicLinkDomain.length > 0,\n auth,\n AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN\n );\n _assert(\n typeof actionCodeSettings.linkDomain === 'undefined' ||\n actionCodeSettings.linkDomain.length > 0,\n auth,\n AuthErrorCode.INVALID_HOSTING_LINK_DOMAIN\n );\n\n request.continueUrl = actionCodeSettings.url;\n request.dynamicLinkDomain = actionCodeSettings.dynamicLinkDomain;\n request.linkDomain = actionCodeSettings.linkDomain;\n request.canHandleCodeInApp = actionCodeSettings.handleCodeInApp;\n\n if (actionCodeSettings.iOS) {\n _assert(\n actionCodeSettings.iOS.bundleId.length > 0,\n auth,\n AuthErrorCode.MISSING_IOS_BUNDLE_ID\n );\n request.iOSBundleId = actionCodeSettings.iOS.bundleId;\n }\n\n if (actionCodeSettings.android) {\n _assert(\n actionCodeSettings.android.packageName.length > 0,\n auth,\n AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME\n );\n request.androidInstallApp = actionCodeSettings.android.installApp;\n request.androidMinimumVersionCode =\n actionCodeSettings.android.minimumVersion;\n request.androidPackageName = actionCodeSettings.android.packageName;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeInfo,\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n UserCredential\n} from '../../model/public_types';\n\nimport * as account from '../../api/account_management/email_and_password';\nimport * as authentication from '../../api/authentication/email_and_password';\nimport { signUp, SignUpRequest } from '../../api/authentication/sign_up';\nimport { MultiFactorInfoImpl } from '../../mfa/mfa_info';\nimport { EmailAuthProvider } from '../providers/email';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport {\n _assert,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../util/assert';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { signInWithCredential } from './credential';\nimport { _castAuth } from '../auth/auth_impl';\nimport { AuthErrorCode } from '../errors';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../../model/enums';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { IdTokenResponse } from '../../model/id_token';\nimport {\n RecaptchaActionName,\n RecaptchaClientType,\n RecaptchaAuthProvider\n} from '../../api';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\n/**\n * Updates the password policy cached in the {@link Auth} instance if a policy is already\n * cached for the project or tenant.\n *\n * @remarks\n * We only fetch the password policy if the password did not meet policy requirements and\n * there is an existing policy cached. A developer must call validatePassword at least\n * once for the cache to be automatically updated.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @private\n */\nasync function recachePasswordPolicy(auth: Auth): Promise<void> {\n const authInternal = _castAuth(auth);\n if (authInternal._getPasswordPolicyInternal()) {\n await authInternal._updatePasswordPolicy();\n }\n}\n\n/**\n * Sends a password reset email to the given email address. This method does not throw an error when\n * there's no user account with the given email address and\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled.\n *\n * @remarks\n * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in\n * the email sent to the user, along with the new password specified by the user.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendPasswordResetEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain code from user.\n * await confirmPasswordReset('user@example.com', code);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendPasswordResetEmail(\n auth: Auth,\n email: string,\n actionCodeSettings?: ActionCodeSettings\n): Promise<void> {\n const authInternal = _castAuth(auth);\n const request: authentication.PasswordResetRequest = {\n requestType: ActionCodeOperation.PASSWORD_RESET,\n email,\n clientType: RecaptchaClientType.WEB\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);\n }\n await handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.GET_OOB_CODE,\n authentication.sendPasswordResetEmail,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n}\n\n/**\n * Completes the password reset process, given a confirmation code and new password.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A confirmation code sent to the user.\n * @param newPassword - The new password.\n *\n * @public\n */\nexport async function confirmPasswordReset(\n auth: Auth,\n oobCode: string,\n newPassword: string\n): Promise<void> {\n await account\n .resetPassword(getModularInstance(auth), {\n oobCode,\n newPassword\n })\n .catch(async error => {\n if (\n error.code ===\n `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n // Do not return the email.\n}\n\n/**\n * Applies a verification code sent to the user by email or other out-of-band mechanism.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A verification code sent to the user.\n *\n * @public\n */\nexport async function applyActionCode(\n auth: Auth,\n oobCode: string\n): Promise<void> {\n await account.applyActionCode(getModularInstance(auth), { oobCode });\n}\n\n/**\n * Checks a verification code sent to the user by email or other out-of-band mechanism.\n *\n * @returns metadata about the code.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A verification code sent to the user.\n *\n * @public\n */\nexport async function checkActionCode(\n auth: Auth,\n oobCode: string\n): Promise<ActionCodeInfo> {\n const authModular = getModularInstance(auth);\n const response = await account.resetPassword(authModular, { oobCode });\n\n // Email could be empty only if the request type is EMAIL_SIGNIN or\n // VERIFY_AND_CHANGE_EMAIL.\n // New email should not be empty if the request type is\n // VERIFY_AND_CHANGE_EMAIL.\n // Multi-factor info could not be empty if the request type is\n // REVERT_SECOND_FACTOR_ADDITION.\n const operation = response.requestType;\n _assert(operation, authModular, AuthErrorCode.INTERNAL_ERROR);\n switch (operation) {\n case ActionCodeOperation.EMAIL_SIGNIN:\n break;\n case ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL:\n _assert(response.newEmail, authModular, AuthErrorCode.INTERNAL_ERROR);\n break;\n case ActionCodeOperation.REVERT_SECOND_FACTOR_ADDITION:\n _assert(response.mfaInfo, authModular, AuthErrorCode.INTERNAL_ERROR);\n // fall through\n default:\n _assert(response.email, authModular, AuthErrorCode.INTERNAL_ERROR);\n }\n\n // The multi-factor info for revert second factor addition\n let multiFactorInfo: MultiFactorInfoImpl | null = null;\n if (response.mfaInfo) {\n multiFactorInfo = MultiFactorInfoImpl._fromServerResponse(\n _castAuth(authModular),\n response.mfaInfo\n );\n }\n\n return {\n data: {\n email:\n (response.requestType === ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL\n ? response.newEmail\n : response.email) || null,\n previousEmail:\n (response.requestType === ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL\n ? response.email\n : response.newEmail) || null,\n multiFactorInfo\n },\n operation\n };\n}\n\n/**\n * Checks a password reset code sent to the user by email or other out-of-band mechanism.\n *\n * @returns the user's email address if valid.\n *\n * @param auth - The {@link Auth} instance.\n * @param code - A verification code sent to the user.\n *\n * @public\n */\nexport async function verifyPasswordResetCode(\n auth: Auth,\n code: string\n): Promise<string> {\n const { data } = await checkActionCode(getModularInstance(auth), code);\n // Email should always be present since a code was sent to it\n return data.email!;\n}\n\n/**\n * Creates a new user account associated with the specified email address and password.\n *\n * @remarks\n * On successful creation of the user account, this user will also be signed in to your application.\n *\n * User account creation can fail if the account already exists or the password is invalid.\n *\n * This method is not supported on {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * Note: The email address acts as a unique identifier for the user and enables an email-based\n * password reset. This function will create a new user account and set the initial user password.\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param password - The user's chosen password.\n *\n * @public\n */\nexport async function createUserWithEmailAndPassword(\n auth: Auth,\n email: string,\n password: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n const request: SignUpRequest = {\n returnSecureToken: true,\n email,\n password,\n clientType: RecaptchaClientType.WEB\n };\n const signUpResponse: Promise<IdTokenResponse> = handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.SIGN_UP_PASSWORD,\n signUp,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n const response = await signUpResponse.catch(error => {\n if (\n error.code === `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response\n );\n await authInternal._updateCurrentUser(userCredential.user);\n\n return userCredential;\n}\n\n/**\n * Asynchronously signs in using an email and password.\n *\n * @remarks\n * Fails with an error if the email address and password do not match. When\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled, this method fails with \"auth/invalid-credential\" in case of an invalid\n * email/password.\n *\n * This method is not supported on {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * Note: The user's password is NOT the password used to access the user's email account. The\n * email address serves as a unique identifier for the user, and the password is used to access\n * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.\n *\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The users email address.\n * @param password - The users password.\n *\n * @public\n */\nexport function signInWithEmailAndPassword(\n auth: Auth,\n email: string,\n password: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n return signInWithCredential(\n getModularInstance(auth),\n EmailAuthProvider.credential(email, password)\n ).catch(async error => {\n if (\n error.code === `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n UserCredential\n} from '../../model/public_types';\n\nimport * as api from '../../api/authentication/email_and_password';\nimport { ActionCodeURL } from '../action_code_url';\nimport { EmailAuthProvider } from '../providers/email';\nimport { _getCurrentUrl } from '../util/location';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { signInWithCredential } from './credential';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { getModularInstance } from '@firebase/util';\nimport { _castAuth } from '../auth/auth_impl';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport {\n RecaptchaActionName,\n RecaptchaClientType,\n RecaptchaAuthProvider\n} from '../../api';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\n/**\n * Sends a sign-in email link to the user with the specified email.\n *\n * @remarks\n * The sign-in operation has to always be completed in the app unlike other out of band email\n * actions (password reset and email verifications). This is because, at the end of the flow,\n * the user is expected to be signed in and their Auth state persisted within the app.\n *\n * To complete sign in with the email link, call {@link signInWithEmailLink} with the email\n * address and the email link supplied in the email sent to the user.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain emailLink from the user.\n * if(isSignInWithEmailLink(auth, emailLink)) {\n * await signInWithEmailLink(auth, 'user@example.com', emailLink);\n * }\n * ```\n *\n * @param authInternal - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendSignInLinkToEmail(\n auth: Auth,\n email: string,\n actionCodeSettings: ActionCodeSettings\n): Promise<void> {\n const authInternal = _castAuth(auth);\n const request: api.EmailSignInRequest = {\n requestType: ActionCodeOperation.EMAIL_SIGNIN,\n email,\n clientType: RecaptchaClientType.WEB\n };\n function setActionCodeSettings(\n request: api.EmailSignInRequest,\n actionCodeSettings: ActionCodeSettings\n ): void {\n _assert(\n actionCodeSettings.handleCodeInApp,\n authInternal,\n AuthErrorCode.ARGUMENT_ERROR\n );\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n authInternal,\n request,\n actionCodeSettings\n );\n }\n }\n setActionCodeSettings(request, actionCodeSettings);\n await handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.GET_OOB_CODE,\n api.sendSignInLinkToEmail,\n RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER\n );\n}\n\n/**\n * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.\n *\n * @param auth - The {@link Auth} instance.\n * @param emailLink - The link sent to the user's email address.\n *\n * @public\n */\nexport function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean {\n const actionCodeUrl = ActionCodeURL.parseLink(emailLink);\n return actionCodeUrl?.operation === ActionCodeOperation.EMAIL_SIGNIN;\n}\n\n/**\n * Asynchronously signs in using an email and sign-in email link.\n *\n * @remarks\n * If no link is passed, the link is inferred from the current URL.\n *\n * Fails with an error if the email address is invalid or OTP in email link expires.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain emailLink from the user.\n * if(isSignInWithEmailLink(auth, emailLink)) {\n * await signInWithEmailLink(auth, 'user@example.com', emailLink);\n * }\n * ```\n *\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param emailLink - The link sent to the user's email address.\n *\n * @public\n */\nexport async function signInWithEmailLink(\n auth: Auth,\n email: string,\n emailLink?: string\n): Promise<UserCredential> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authModular = getModularInstance(auth);\n const credential = EmailAuthProvider.credentialWithLink(\n email,\n emailLink || _getCurrentUrl()\n );\n // Check if the tenant ID in the email link matches the tenant ID on Auth\n // instance.\n _assert(\n credential._tenantId === (authModular.tenantId || null),\n authModular,\n AuthErrorCode.TENANT_ID_MISMATCH\n );\n return signInWithCredential(authModular, credential);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n User\n} from '../../model/public_types';\n\nimport {\n createAuthUri,\n CreateAuthUriRequest\n} from '../../api/authentication/create_auth_uri';\nimport * as api from '../../api/authentication/email_and_password';\nimport { UserInternal } from '../../model/user';\nimport { _getCurrentUrl, _isHttpOrHttps } from '../util/location';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { getModularInstance } from '@firebase/util';\n\n/**\n * Gets the list of possible sign in methods for the given email address. This method returns an\n * empty list when\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled, irrespective of the number of authentication methods available for the given email.\n *\n * @remarks\n * This is useful to differentiate methods of sign-in for the same provider, eg.\n * {@link EmailAuthProvider} which has 2 methods of sign-in,\n * {@link SignInMethod}.EMAIL_PASSWORD and\n * {@link SignInMethod}.EMAIL_LINK.\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n *\n * Deprecated. Migrating off of this method is recommended as a security best-practice.\n * Learn more in the Identity Platform documentation for\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}.\n * @public\n */\nexport async function fetchSignInMethodsForEmail(\n auth: Auth,\n email: string\n): Promise<string[]> {\n // createAuthUri returns an error if continue URI is not http or https.\n // For environments like Cordova, Chrome extensions, native frameworks, file\n // systems, etc, use http://localhost as continue URL.\n const continueUri = _isHttpOrHttps() ? _getCurrentUrl() : 'http://localhost';\n const request: CreateAuthUriRequest = {\n identifier: email,\n continueUri\n };\n\n const { signinMethods } = await createAuthUri(\n getModularInstance(auth),\n request\n );\n\n return signinMethods || [];\n}\n\n/**\n * Sends a verification email to a user.\n *\n * @remarks\n * The verification process is completed by calling {@link applyActionCode}.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendEmailVerification(user, actionCodeSettings);\n * // Obtain code from the user.\n * await applyActionCode(auth, code);\n * ```\n *\n * @param user - The user.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendEmailVerification(\n user: User,\n actionCodeSettings?: ActionCodeSettings | null\n): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await user.getIdToken();\n const request: api.VerifyEmailRequest = {\n requestType: ActionCodeOperation.VERIFY_EMAIL,\n idToken\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n userInternal.auth,\n request,\n actionCodeSettings\n );\n }\n\n const { email } = await api.sendEmailVerification(userInternal.auth, request);\n\n if (email !== user.email) {\n await user.reload();\n }\n}\n\n/**\n * Sends a verification email to a new email address.\n *\n * @remarks\n * The user's email will be updated to the new one after being verified.\n *\n * If you have a custom email action handler, you can complete the verification process by calling\n * {@link applyActionCode}.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await verifyBeforeUpdateEmail(user, 'newemail@example.com', actionCodeSettings);\n * // Obtain code from the user.\n * await applyActionCode(auth, code);\n * ```\n *\n * @param user - The user.\n * @param newEmail - The new email address to be verified before update.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function verifyBeforeUpdateEmail(\n user: User,\n newEmail: string,\n actionCodeSettings?: ActionCodeSettings | null\n): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await user.getIdToken();\n const request: api.VerifyAndChangeEmailRequest = {\n requestType: ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL,\n idToken,\n newEmail\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n userInternal.auth,\n request,\n actionCodeSettings\n );\n }\n\n const { email } = await api.verifyAndChangeEmail(userInternal.auth, request);\n\n if (email !== user.email) {\n // If the local copy of the email on user is outdated, reload the\n // user.\n await user.reload();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\nexport interface CreateAuthUriRequest {\n identifier: string;\n continueUri: string;\n tenantId?: string;\n}\n\nexport interface CreateAuthUriResponse {\n signinMethods: string[];\n}\n\nexport async function createAuthUri(\n auth: Auth,\n request: CreateAuthUriRequest\n): Promise<CreateAuthUriResponse> {\n return _performApiRequest<CreateAuthUriRequest, CreateAuthUriResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.CREATE_AUTH_URI,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User } from '../../model/public_types';\n\nimport {\n updateEmailPassword as apiUpdateEmailPassword,\n UpdateEmailPasswordRequest\n} from '../../api/account_management/email_and_password';\nimport { updateProfile as apiUpdateProfile } from '../../api/account_management/profile';\nimport { UserInternal } from '../../model/user';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { getModularInstance } from '@firebase/util';\nimport { ProviderId } from '../../model/enums';\nimport { _isFirebaseServerApp } from '@firebase/app';\nimport { _serverAppCurrentUserOperationNotSupportedError } from '../../core/util/assert';\n\n/**\n * Updates a user's profile data.\n *\n * @param user - The user.\n * @param profile - The profile's `displayName` and `photoURL` to update.\n *\n * @public\n */\nexport async function updateProfile(\n user: User,\n {\n displayName,\n photoURL: photoUrl\n }: { displayName?: string | null; photoURL?: string | null }\n): Promise<void> {\n if (displayName === undefined && photoUrl === undefined) {\n return;\n }\n\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await userInternal.getIdToken();\n const profileRequest = {\n idToken,\n displayName,\n photoUrl,\n returnSecureToken: true\n };\n const response = await _logoutIfInvalidated(\n userInternal,\n apiUpdateProfile(userInternal.auth, profileRequest)\n );\n\n userInternal.displayName = response.displayName || null;\n userInternal.photoURL = response.photoUrl || null;\n\n // Update the password provider as well\n const passwordProvider = userInternal.providerData.find(\n ({ providerId }) => providerId === ProviderId.PASSWORD\n );\n if (passwordProvider) {\n passwordProvider.displayName = userInternal.displayName;\n passwordProvider.photoURL = userInternal.photoURL;\n }\n\n await userInternal._updateTokensIfNecessary(response);\n}\n\n/**\n * Updates the user's email address.\n *\n * @remarks\n * An email will be sent to the original email address (if it was set) that allows to revoke the\n * email address change, in order to protect them from account hijacking.\n *\n * This method is not supported on any {@link User} signed in by {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * Important: this is a security sensitive operation that requires the user to have recently signed\n * in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n * @param newEmail - The new email address.\n *\n * Throws \"auth/operation-not-allowed\" error when\n * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}\n * is enabled.\n * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.\n *\n * @public\n */\nexport function updateEmail(user: User, newEmail: string): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n if (_isFirebaseServerApp(userInternal.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(userInternal.auth)\n );\n }\n return updateEmailOrPassword(userInternal, newEmail, null);\n}\n\n/**\n * Updates the user's password.\n *\n * @remarks\n * Important: this is a security sensitive operation that requires the user to have recently signed\n * in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n * @param newPassword - The new password.\n *\n * @public\n */\nexport function updatePassword(user: User, newPassword: string): Promise<void> {\n return updateEmailOrPassword(\n getModularInstance(user) as UserInternal,\n null,\n newPassword\n );\n}\n\nasync function updateEmailOrPassword(\n user: UserInternal,\n email: string | null,\n password: string | null\n): Promise<void> {\n const { auth } = user;\n const idToken = await user.getIdToken();\n const request: UpdateEmailPasswordRequest = {\n idToken,\n returnSecureToken: true\n };\n\n if (email) {\n request.email = email;\n }\n\n if (password) {\n request.password = password;\n }\n\n const response = await _logoutIfInvalidated(\n user,\n apiUpdateEmailPassword(auth, request)\n );\n await user._updateTokensIfNecessary(response, /* reload */ true);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Endpoint, HttpMethod, _performApiRequest } from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface UpdateProfileRequest {\n idToken: string;\n displayName?: string | null;\n photoUrl?: string | null;\n returnSecureToken: boolean;\n}\n\nexport interface UpdateProfileResponse extends IdTokenResponse {\n displayName?: string | null;\n photoUrl?: string | null;\n}\n\nexport async function updateProfile(\n auth: Auth,\n request: UpdateProfileRequest\n): Promise<UpdateProfileResponse> {\n return _performApiRequest<UpdateProfileRequest, UpdateProfileResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SET_ACCOUNT_INFO,\n request\n );\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AdditionalUserInfo, UserCredential } from '../../model/public_types';\nimport { IdTokenResponse, IdTokenResponseKind } from '../../model/id_token';\nimport { _parseToken } from './id_token_result';\nimport { UserCredentialInternal } from '../../model/user';\nimport { ProviderId } from '../../model/enums';\n\n/**\n * Parse the `AdditionalUserInfo` from the ID token response.\n *\n */\nexport function _fromIdTokenResponse(\n idTokenResponse?: IdTokenResponse\n): AdditionalUserInfo | null {\n if (!idTokenResponse) {\n return null;\n }\n const { providerId } = idTokenResponse;\n const profile = idTokenResponse.rawUserInfo\n ? JSON.parse(idTokenResponse.rawUserInfo)\n : {};\n const isNewUser =\n idTokenResponse.isNewUser ||\n idTokenResponse.kind === IdTokenResponseKind.SignupNewUser;\n if (!providerId && idTokenResponse?.idToken) {\n const signInProvider = _parseToken(idTokenResponse.idToken)?.firebase?.[\n 'sign_in_provider'\n ];\n if (signInProvider) {\n const filteredProviderId =\n signInProvider !== ProviderId.ANONYMOUS &&\n signInProvider !== ProviderId.CUSTOM\n ? (signInProvider as ProviderId)\n : null;\n // Uses generic class in accordance with the legacy SDK.\n return new GenericAdditionalUserInfo(isNewUser, filteredProviderId);\n }\n }\n if (!providerId) {\n return null;\n }\n switch (providerId) {\n case ProviderId.FACEBOOK:\n return new FacebookAdditionalUserInfo(isNewUser, profile);\n case ProviderId.GITHUB:\n return new GithubAdditionalUserInfo(isNewUser, profile);\n case ProviderId.GOOGLE:\n return new GoogleAdditionalUserInfo(isNewUser, profile);\n case ProviderId.TWITTER:\n return new TwitterAdditionalUserInfo(\n isNewUser,\n profile,\n idTokenResponse.screenName || null\n );\n case ProviderId.CUSTOM:\n case ProviderId.ANONYMOUS:\n return new GenericAdditionalUserInfo(isNewUser, null);\n default:\n return new GenericAdditionalUserInfo(isNewUser, providerId, profile);\n }\n}\n\nclass GenericAdditionalUserInfo implements AdditionalUserInfo {\n constructor(\n readonly isNewUser: boolean,\n readonly providerId: ProviderId | string | null,\n readonly profile: Record<string, unknown> = {}\n ) {}\n}\n\nclass FederatedAdditionalUserInfoWithUsername extends GenericAdditionalUserInfo {\n constructor(\n isNewUser: boolean,\n providerId: ProviderId,\n profile: Record<string, unknown>,\n readonly username: string | null\n ) {\n super(isNewUser, providerId, profile);\n }\n}\n\nclass FacebookAdditionalUserInfo extends GenericAdditionalUserInfo {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(isNewUser, ProviderId.FACEBOOK, profile);\n }\n}\n\nclass GithubAdditionalUserInfo extends FederatedAdditionalUserInfoWithUsername {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(\n isNewUser,\n ProviderId.GITHUB,\n profile,\n typeof profile?.login === 'string' ? profile?.login : null\n );\n }\n}\n\nclass GoogleAdditionalUserInfo extends GenericAdditionalUserInfo {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(isNewUser, ProviderId.GOOGLE, profile);\n }\n}\n\nclass TwitterAdditionalUserInfo extends FederatedAdditionalUserInfoWithUsername {\n constructor(\n isNewUser: boolean,\n profile: Record<string, unknown>,\n screenName: string | null\n ) {\n super(isNewUser, ProviderId.TWITTER, profile, screenName);\n }\n}\n\n/**\n * Extracts provider specific {@link AdditionalUserInfo} for the given credential.\n *\n * @param userCredential - The user credential.\n *\n * @public\n */\nexport function getAdditionalUserInfo(\n userCredential: UserCredential\n): AdditionalUserInfo | null {\n const { user, _tokenResponse } = userCredential as UserCredentialInternal;\n if (user.isAnonymous && !_tokenResponse) {\n // Handle the special case where signInAnonymously() gets called twice.\n // No network call is made so there's nothing to actually fill this in\n return {\n providerId: null,\n isNewUser: false,\n profile: null\n };\n }\n\n return _fromIdTokenResponse(_tokenResponse);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getModularInstance } from '@firebase/util';\nimport {\n Auth,\n NextOrObserver,\n Persistence,\n User,\n CompleteFn,\n ErrorFn,\n Unsubscribe,\n PasswordValidationStatus\n} from '../model/public_types';\nimport { _initializeRecaptchaConfig } from '../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { _castAuth } from '../core/auth/auth_impl';\n\nexport {\n debugErrorMap,\n prodErrorMap,\n AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as AuthErrorCodes\n} from './errors';\n\n// Non-optional auth methods.\n/**\n * Changes the type of persistence on the {@link Auth} instance for the currently saved\n * `Auth` session and applies this type of persistence for future sign-in requests, including\n * sign-in with redirect requests.\n *\n * @remarks\n * This makes it easy for a user signing in to specify whether their session should be\n * remembered or not. It also makes it easier to never persist the `Auth` state for applications\n * that are shared by other users or have sensitive data.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * setPersistence(auth, browserSessionPersistence);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param persistence - The {@link Persistence} to use.\n * @returns A `Promise` that resolves once the persistence change has completed\n *\n * @public\n */\nexport function setPersistence(\n auth: Auth,\n persistence: Persistence\n): Promise<void> {\n return getModularInstance(auth).setPersistence(persistence);\n}\n\n/**\n * Loads the reCAPTCHA configuration into the `Auth` instance.\n *\n * @remarks\n * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA\n * verification flow should be triggered for each auth provider, into the\n * current Auth session.\n *\n * If initializeRecaptchaConfig() is not invoked, the auth flow will always start\n * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA\n * verification, the SDK will transparently load the reCAPTCHA config and restart the\n * auth flows.\n *\n * Thus, by calling this optional method, you will reduce the latency of future auth flows.\n * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * initializeRecaptchaConfig(auth);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function initializeRecaptchaConfig(auth: Auth): Promise<void> {\n return _initializeRecaptchaConfig(auth);\n}\n\n/**\n * Validates the password against the password policy configured for the project or tenant.\n *\n * @remarks\n * If no tenant ID is set on the `Auth` instance, then this method will use the password\n * policy configured for the project. Otherwise, this method will use the policy configured\n * for the tenant. If a password policy has not been configured, then the default policy\n * configured for all projects will be used.\n *\n * If an auth flow fails because a submitted password does not meet the password policy\n * requirements and this method has previously been called, then this method will use the\n * most recent policy available when called again.\n *\n * @example\n * ```javascript\n * validatePassword(auth, 'some-password');\n * ```\n *\n * @param auth The {@link Auth} instance.\n * @param password The password to validate.\n *\n * @public\n */\nexport async function validatePassword(\n auth: Auth,\n password: string\n): Promise<PasswordValidationStatus> {\n const authInternal = _castAuth(auth);\n return authInternal.validatePassword(password);\n}\n\n/**\n * Adds an observer for changes to the signed-in user's ID token.\n *\n * @remarks\n * This includes sign-in, sign-out, and token refresh events.\n * This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.\n *\n * @param auth - The {@link Auth} instance.\n * @param nextOrObserver - callback triggered on change.\n * @param error - Deprecated. This callback is never triggered. Errors\n * on signing in/out can be caught in promises returned from\n * sign-in/sign-out functions.\n * @param completed - Deprecated. This callback is never triggered.\n *\n * @public\n */\nexport function onIdTokenChanged(\n auth: Auth,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n): Unsubscribe {\n return getModularInstance(auth).onIdTokenChanged(\n nextOrObserver,\n error,\n completed\n );\n}\n/**\n * Adds a blocking callback that runs before an auth state change\n * sets a new user.\n *\n * @param auth - The {@link Auth} instance.\n * @param callback - callback triggered before new user value is set.\n * If this throws, it blocks the user from being set.\n * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`\n * callback throws, allowing you to undo any side effects.\n */\nexport function beforeAuthStateChanged(\n auth: Auth,\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n): Unsubscribe {\n return getModularInstance(auth).beforeAuthStateChanged(callback, onAbort);\n}\n/**\n * Adds an observer for changes to the user's sign-in state.\n *\n * @remarks\n * To keep the old behavior, see {@link onIdTokenChanged}.\n *\n * @param auth - The {@link Auth} instance.\n * @param nextOrObserver - callback triggered on change.\n * @param error - Deprecated. This callback is never triggered. Errors\n * on signing in/out can be caught in promises returned from\n * sign-in/sign-out functions.\n * @param completed - Deprecated. This callback is never triggered.\n *\n * @public\n */\nexport function onAuthStateChanged(\n auth: Auth,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n): Unsubscribe {\n return getModularInstance(auth).onAuthStateChanged(\n nextOrObserver,\n error,\n completed\n );\n}\n/**\n * Sets the current language to the default device/browser preference.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function useDeviceLanguage(auth: Auth): void {\n getModularInstance(auth).useDeviceLanguage();\n}\n/**\n * Asynchronously sets the provided user as {@link Auth.currentUser} on the\n * {@link Auth} instance.\n *\n * @remarks\n * A new instance copy of the user provided will be made and set as currentUser.\n *\n * This will trigger {@link onAuthStateChanged} and {@link onIdTokenChanged} listeners\n * like other sign in methods.\n *\n * The operation fails with an error if the user to be updated belongs to a different Firebase\n * project.\n *\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n * @param user - The new {@link User}.\n *\n * @public\n */\nexport function updateCurrentUser(\n auth: Auth,\n user: User | null\n): Promise<void> {\n return getModularInstance(auth).updateCurrentUser(user);\n}\n/**\n * Signs out the current user.\n *\n * @remarks\n * This method is not supported by {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function signOut(auth: Auth): Promise<void> {\n return getModularInstance(auth).signOut();\n}\n\n/**\n * Revokes the given access token. Currently only supports Apple OAuth access tokens.\n *\n * @param auth - The {@link Auth} instance.\n * @param token - The Apple OAuth access token.\n *\n * @public\n */\nexport function revokeAccessToken(auth: Auth, token: string): Promise<void> {\n const authInternal = _castAuth(auth);\n return authInternal.revokeAccessToken(token);\n}\n\nexport { initializeAuth } from './auth/initialize';\nexport { connectAuthEmulator } from './auth/emulator';\n\n// credentials\nexport { AuthCredential } from './credentials';\nexport { EmailAuthCredential } from './credentials/email';\nexport { OAuthCredential } from './credentials/oauth';\nexport { PhoneAuthCredential } from './credentials/phone';\n\n// persistence\nexport { inMemoryPersistence } from './persistence/in_memory';\n\n// providers\nexport { EmailAuthProvider } from './providers/email';\nexport { FacebookAuthProvider } from './providers/facebook';\nexport { CustomParameters } from './providers/federated';\nexport { GoogleAuthProvider } from './providers/google';\nexport { GithubAuthProvider } from './providers/github';\nexport { OAuthProvider, OAuthCredentialOptions } from './providers/oauth';\nexport { SAMLAuthProvider } from './providers/saml';\nexport { TwitterAuthProvider } from './providers/twitter';\n\n// strategies\nexport { signInAnonymously } from './strategies/anonymous';\nexport {\n signInWithCredential,\n linkWithCredential,\n reauthenticateWithCredential\n} from './strategies/credential';\nexport { signInWithCustomToken } from './strategies/custom_token';\nexport {\n sendPasswordResetEmail,\n confirmPasswordReset,\n applyActionCode,\n checkActionCode,\n verifyPasswordResetCode,\n createUserWithEmailAndPassword,\n signInWithEmailAndPassword\n} from './strategies/email_and_password';\nexport {\n sendSignInLinkToEmail,\n isSignInWithEmailLink,\n signInWithEmailLink\n} from './strategies/email_link';\nexport {\n fetchSignInMethodsForEmail,\n sendEmailVerification,\n verifyBeforeUpdateEmail\n} from './strategies/email';\n\n// core\nexport { ActionCodeURL, parseActionCodeURL } from './action_code_url';\n\n// user\nexport {\n updateProfile,\n updateEmail,\n updatePassword\n} from './user/account_info';\nexport { getIdToken, getIdTokenResult } from './user/id_token_result';\nexport { unlink } from './user/link_unlink';\nexport { getAdditionalUserInfo } from './user/additional_user_info';\n\n// Non-optional user methods.\nexport { reload } from './user/reload';\n/**\n * Deletes and signs out the user.\n *\n * @remarks\n * Important: this is a security-sensitive operation that requires the user to have recently\n * signed in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n *\n * @public\n */\nexport async function deleteUser(user: User): Promise<void> {\n return getModularInstance(user).delete();\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserInternal } from '../model/user';\nimport { MultiFactorSession } from '../model/public_types';\n\nexport const enum MultiFactorSessionType {\n ENROLL = 'enroll',\n SIGN_IN = 'signin'\n}\n\ninterface SerializedMultiFactorSession {\n multiFactorSession: {\n idToken?: string;\n pendingCredential?: string;\n };\n}\n\nexport class MultiFactorSessionImpl implements MultiFactorSession {\n private constructor(\n readonly type: MultiFactorSessionType,\n readonly credential: string,\n readonly user?: UserInternal\n ) {}\n\n static _fromIdtoken(\n idToken: string,\n user?: UserInternal\n ): MultiFactorSessionImpl {\n return new MultiFactorSessionImpl(\n MultiFactorSessionType.ENROLL,\n idToken,\n user\n );\n }\n\n static _fromMfaPendingCredential(\n mfaPendingCredential: string\n ): MultiFactorSessionImpl {\n return new MultiFactorSessionImpl(\n MultiFactorSessionType.SIGN_IN,\n mfaPendingCredential\n );\n }\n\n toJSON(): SerializedMultiFactorSession {\n const key =\n this.type === MultiFactorSessionType.ENROLL\n ? 'idToken'\n : 'pendingCredential';\n return {\n multiFactorSession: {\n [key]: this.credential\n }\n };\n }\n\n static fromJSON(\n obj: Partial<SerializedMultiFactorSession>\n ): MultiFactorSessionImpl | null {\n if (obj?.multiFactorSession) {\n if (obj.multiFactorSession?.pendingCredential) {\n return MultiFactorSessionImpl._fromMfaPendingCredential(\n obj.multiFactorSession.pendingCredential\n );\n } else if (obj.multiFactorSession?.idToken) {\n return MultiFactorSessionImpl._fromIdtoken(\n obj.multiFactorSession.idToken\n );\n }\n }\n return null;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n MultiFactorResolver,\n UserCredential,\n MultiFactorError\n} from '../model/public_types';\n\nimport { _castAuth } from '../core/auth/auth_impl';\nimport { AuthErrorCode } from '../core/errors';\nimport { UserCredentialImpl } from '../core/user/user_credential_impl';\nimport { _assert, _fail } from '../core/util/assert';\nimport { UserCredentialInternal } from '../model/user';\nimport { MultiFactorAssertionImpl } from './mfa_assertion';\nimport { MultiFactorError as MultiFactorErrorInternal } from './mfa_error';\nimport { MultiFactorInfoImpl } from './mfa_info';\nimport { MultiFactorSessionImpl } from './mfa_session';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../model/enums';\n\nexport class MultiFactorResolverImpl implements MultiFactorResolver {\n private constructor(\n readonly session: MultiFactorSessionImpl,\n readonly hints: MultiFactorInfoImpl[],\n private readonly signInResolver: (\n assertion: MultiFactorAssertionImpl\n ) => Promise<UserCredentialInternal>\n ) {}\n\n /** @internal */\n static _fromError(\n authExtern: Auth,\n error: MultiFactorErrorInternal\n ): MultiFactorResolverImpl {\n const auth = _castAuth(authExtern);\n const serverResponse = error.customData._serverResponse;\n const hints = (serverResponse.mfaInfo || []).map(enrollment =>\n MultiFactorInfoImpl._fromServerResponse(auth, enrollment)\n );\n\n _assert(\n serverResponse.mfaPendingCredential,\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const session = MultiFactorSessionImpl._fromMfaPendingCredential(\n serverResponse.mfaPendingCredential\n );\n\n return new MultiFactorResolverImpl(\n session,\n hints,\n async (\n assertion: MultiFactorAssertionImpl\n ): Promise<UserCredentialInternal> => {\n const mfaResponse = await assertion._process(auth, session);\n // Clear out the unneeded fields from the old login response\n delete serverResponse.mfaInfo;\n delete serverResponse.mfaPendingCredential;\n\n // Use in the new token & refresh token in the old response\n const idTokenResponse = {\n ...serverResponse,\n idToken: mfaResponse.idToken,\n refreshToken: mfaResponse.refreshToken\n };\n\n // TODO: we should collapse this switch statement into UserCredentialImpl._forOperation and have it support the SIGN_IN case\n switch (error.operationType) {\n case OperationType.SIGN_IN:\n const userCredential =\n await UserCredentialImpl._fromIdTokenResponse(\n auth,\n error.operationType,\n idTokenResponse\n );\n await auth._updateCurrentUser(userCredential.user);\n return userCredential;\n case OperationType.REAUTHENTICATE:\n _assert(error.user, auth, AuthErrorCode.INTERNAL_ERROR);\n return UserCredentialImpl._forOperation(\n error.user,\n error.operationType,\n idTokenResponse\n );\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n );\n }\n\n async resolveSignIn(\n assertionExtern: MultiFactorAssertionImpl\n ): Promise<UserCredential> {\n const assertion = assertionExtern as MultiFactorAssertionImpl;\n return this.signInResolver(assertion);\n }\n}\n\n/**\n * Provides a {@link MultiFactorResolver} suitable for completion of a\n * multi-factor flow.\n *\n * @param auth - The {@link Auth} instance.\n * @param error - The {@link MultiFactorError} raised during a sign-in, or\n * reauthentication operation.\n *\n * @public\n */\nexport function getMultiFactorResolver(\n auth: Auth,\n error: MultiFactorError\n): MultiFactorResolver {\n const authModular = getModularInstance(auth);\n const errorInternal = error as MultiFactorErrorInternal;\n _assert(\n error.customData.operationType,\n authModular,\n AuthErrorCode.ARGUMENT_ERROR\n );\n _assert(\n errorInternal.customData._serverResponse?.mfaPendingCredential,\n authModular,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n return MultiFactorResolverImpl._fromError(authModular, errorInternal);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n MultiFactorAssertion,\n MultiFactorInfo,\n MultiFactorSession,\n MultiFactorUser,\n User\n} from '../model/public_types';\n\nimport { withdrawMfa } from '../api/account_management/mfa';\nimport { _logoutIfInvalidated } from '../core/user/invalidation';\nimport { UserInternal } from '../model/user';\nimport { MultiFactorAssertionImpl } from './mfa_assertion';\nimport { MultiFactorInfoImpl } from './mfa_info';\nimport { MultiFactorSessionImpl } from './mfa_session';\nimport { getModularInstance } from '@firebase/util';\n\nexport class MultiFactorUserImpl implements MultiFactorUser {\n enrolledFactors: MultiFactorInfo[] = [];\n\n private constructor(readonly user: UserInternal) {\n user._onReload(userInfo => {\n if (userInfo.mfaInfo) {\n this.enrolledFactors = userInfo.mfaInfo.map(enrollment =>\n MultiFactorInfoImpl._fromServerResponse(user.auth, enrollment)\n );\n }\n });\n }\n\n static _fromUser(user: UserInternal): MultiFactorUserImpl {\n return new MultiFactorUserImpl(user);\n }\n\n async getSession(): Promise<MultiFactorSession> {\n return MultiFactorSessionImpl._fromIdtoken(\n await this.user.getIdToken(),\n this.user\n );\n }\n\n async enroll(\n assertionExtern: MultiFactorAssertion,\n displayName?: string | null\n ): Promise<void> {\n const assertion = assertionExtern as MultiFactorAssertionImpl;\n const session = (await this.getSession()) as MultiFactorSessionImpl;\n const finalizeMfaResponse = await _logoutIfInvalidated(\n this.user,\n assertion._process(this.user.auth, session, displayName)\n );\n // New tokens will be issued after enrollment of the new second factors.\n // They need to be updated on the user.\n await this.user._updateTokensIfNecessary(finalizeMfaResponse);\n // The user needs to be reloaded to get the new multi-factor information\n // from server. USER_RELOADED event will be triggered and `enrolledFactors`\n // will be updated.\n return this.user.reload();\n }\n\n async unenroll(infoOrUid: MultiFactorInfo | string): Promise<void> {\n const mfaEnrollmentId =\n typeof infoOrUid === 'string' ? infoOrUid : infoOrUid.uid;\n const idToken = await this.user.getIdToken();\n try {\n const idTokenResponse = await _logoutIfInvalidated(\n this.user,\n withdrawMfa(this.user.auth, {\n idToken,\n mfaEnrollmentId\n })\n );\n // Remove the second factor from the user's list.\n this.enrolledFactors = this.enrolledFactors.filter(\n ({ uid }) => uid !== mfaEnrollmentId\n );\n // Depending on whether the backend decided to revoke the user's session,\n // the tokenResponse may be empty. If the tokens were not updated (and they\n // are now invalid), reloading the user will discover this and invalidate\n // the user's state accordingly.\n await this.user._updateTokensIfNecessary(idTokenResponse);\n await this.user.reload();\n } catch (e) {\n throw e;\n }\n }\n}\n\nconst multiFactorUserCache = new WeakMap<User, MultiFactorUser>();\n\n/**\n * The {@link MultiFactorUser} corresponding to the user.\n *\n * @remarks\n * This is used to access all multi-factor properties and operations related to the user.\n *\n * @param user - The user.\n *\n * @public\n */\nexport function multiFactor(user: User): MultiFactorUser {\n const userModular = getModularInstance(user);\n if (!multiFactorUserCache.has(userModular)) {\n multiFactorUserCache.set(\n userModular,\n MultiFactorUserImpl._fromUser(userModular as UserInternal)\n );\n }\n return multiFactorUserCache.get(userModular)!;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { SignInWithPhoneNumberRequest } from '../authentication/sms';\nimport { FinalizeMfaResponse } from '../authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\n\n/**\n * MFA Info as returned by the API.\n */\ninterface BaseMfaEnrollment {\n mfaEnrollmentId: string;\n enrolledAt: number;\n displayName?: string;\n}\n\n/**\n * An MFA provided by SMS verification.\n */\nexport interface PhoneMfaEnrollment extends BaseMfaEnrollment {\n phoneInfo: string;\n}\n\n/**\n * An MFA provided by TOTP (Time-based One Time Password).\n */\nexport interface TotpMfaEnrollment extends BaseMfaEnrollment {}\n\n/**\n * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.\n */\nexport type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;\n\nexport interface StartPhoneMfaEnrollmentRequest {\n idToken: string;\n phoneEnrollmentInfo: {\n phoneNumber: string;\n // reCAPTCHA v2 token\n recaptchaToken?: string;\n // reCAPTCHA Enterprise token\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n };\n tenantId?: string;\n}\n\nexport interface StartPhoneMfaEnrollmentResponse {\n phoneSessionInfo: {\n sessionInfo: string;\n };\n}\n\nexport function startEnrollPhoneMfa(\n auth: AuthInternal,\n request: StartPhoneMfaEnrollmentRequest\n): Promise<StartPhoneMfaEnrollmentResponse> {\n return _performApiRequest<\n StartPhoneMfaEnrollmentRequest,\n StartPhoneMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface FinalizePhoneMfaEnrollmentRequest {\n idToken: string;\n phoneVerificationInfo: SignInWithPhoneNumberRequest;\n displayName?: string | null;\n tenantId?: string;\n}\n\nexport interface FinalizePhoneMfaEnrollmentResponse\n extends FinalizeMfaResponse {}\n\nexport function finalizeEnrollPhoneMfa(\n auth: AuthInternal,\n request: FinalizePhoneMfaEnrollmentRequest\n): Promise<FinalizePhoneMfaEnrollmentResponse> {\n return _performApiRequest<\n FinalizePhoneMfaEnrollmentRequest,\n FinalizePhoneMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\nexport interface StartTotpMfaEnrollmentRequest {\n idToken: string;\n totpEnrollmentInfo: {};\n tenantId?: string;\n}\n\nexport interface StartTotpMfaEnrollmentResponse {\n totpSessionInfo: {\n sharedSecretKey: string;\n verificationCodeLength: number;\n hashingAlgorithm: string;\n periodSec: number;\n sessionInfo: string;\n finalizeEnrollmentTime: number;\n };\n}\n\nexport function startEnrollTotpMfa(\n auth: AuthInternal,\n request: StartTotpMfaEnrollmentRequest\n): Promise<StartTotpMfaEnrollmentResponse> {\n return _performApiRequest<\n StartTotpMfaEnrollmentRequest,\n StartTotpMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface TotpVerificationInfo {\n sessionInfo: string;\n verificationCode: string;\n}\nexport interface FinalizeTotpMfaEnrollmentRequest {\n idToken: string;\n totpVerificationInfo: TotpVerificationInfo;\n displayName?: string | null;\n tenantId?: string;\n}\n\nexport interface FinalizeTotpMfaEnrollmentResponse\n extends FinalizeMfaResponse {}\n\nexport function finalizeEnrollTotpMfa(\n auth: AuthInternal,\n request: FinalizeTotpMfaEnrollmentRequest\n): Promise<FinalizeTotpMfaEnrollmentResponse> {\n return _performApiRequest<\n FinalizeTotpMfaEnrollmentRequest,\n FinalizeTotpMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface WithdrawMfaRequest {\n idToken: string;\n mfaEnrollmentId: string;\n tenantId?: string;\n}\n\nexport interface WithdrawMfaResponse extends FinalizeMfaResponse {}\n\nexport function withdrawMfa(\n auth: AuthInternal,\n request: WithdrawMfaRequest\n): Promise<WithdrawMfaResponse> {\n return _performApiRequest<WithdrawMfaRequest, WithdrawMfaResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.WITHDRAW_MFA,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Unsubscribe } from '@firebase/util';\nimport { FirebaseAuthInternal } from '@firebase/auth-interop-types';\n\nimport { AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { _assert } from '../util/assert';\nimport { AuthErrorCode } from '../errors';\n\ninterface TokenListener {\n (tok: string | null): unknown;\n}\n\nexport class AuthInterop implements FirebaseAuthInternal {\n private readonly internalListeners: Map<TokenListener, Unsubscribe> =\n new Map();\n\n constructor(private readonly auth: AuthInternal) {}\n\n getUid(): string | null {\n this.assertAuthConfigured();\n return this.auth.currentUser?.uid || null;\n }\n\n async getToken(\n forceRefresh?: boolean\n ): Promise<{ accessToken: string } | null> {\n this.assertAuthConfigured();\n await this.auth._initializationPromise;\n if (!this.auth.currentUser) {\n return null;\n }\n\n const accessToken = await this.auth.currentUser.getIdToken(forceRefresh);\n return { accessToken };\n }\n\n addAuthTokenListener(listener: TokenListener): void {\n this.assertAuthConfigured();\n if (this.internalListeners.has(listener)) {\n return;\n }\n\n const unsubscribe = this.auth.onIdTokenChanged(user => {\n listener(\n (user as UserInternal | null)?.stsTokenManager.accessToken || null\n );\n });\n this.internalListeners.set(listener, unsubscribe);\n this.updateProactiveRefresh();\n }\n\n removeAuthTokenListener(listener: TokenListener): void {\n this.assertAuthConfigured();\n const unsubscribe = this.internalListeners.get(listener);\n if (!unsubscribe) {\n return;\n }\n\n this.internalListeners.delete(listener);\n unsubscribe();\n this.updateProactiveRefresh();\n }\n\n private assertAuthConfigured(): void {\n _assert(\n this.auth._initializationPromise,\n AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH\n );\n }\n\n private updateProactiveRefresh(): void {\n if (this.internalListeners.size > 0) {\n this.auth._startProactiveRefresh();\n } else {\n this.auth._stopProactiveRefresh();\n }\n }\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * An enum of factors that may be used for multifactor authentication.\n *\n * @public\n */\nexport const FactorId = {\n /** Phone as second factor */\n PHONE: 'phone',\n TOTP: 'totp'\n} as const;\n\n/**\n * Enumeration of supported providers.\n *\n * @public\n */\nexport const ProviderId = {\n /** Facebook provider ID */\n FACEBOOK: 'facebook.com',\n /** GitHub provider ID */\n GITHUB: 'github.com',\n /** Google provider ID */\n GOOGLE: 'google.com',\n /** Password provider */\n PASSWORD: 'password',\n /** Phone provider */\n PHONE: 'phone',\n /** Twitter provider ID */\n TWITTER: 'twitter.com'\n} as const;\n\n/**\n * Enumeration of supported sign-in methods.\n *\n * @public\n */\nexport const SignInMethod = {\n /** Email link sign in method */\n EMAIL_LINK: 'emailLink',\n /** Email/password sign in method */\n EMAIL_PASSWORD: 'password',\n /** Facebook sign in method */\n FACEBOOK: 'facebook.com',\n /** GitHub sign in method */\n GITHUB: 'github.com',\n /** Google sign in method */\n GOOGLE: 'google.com',\n /** Phone sign in method */\n PHONE: 'phone',\n /** Twitter sign in method */\n TWITTER: 'twitter.com'\n} as const;\n\n/**\n * Enumeration of supported operation types.\n *\n * @public\n */\nexport const OperationType = {\n /** Operation involving linking an additional provider to an already signed-in user. */\n LINK: 'link',\n /** Operation involving using a provider to reauthenticate an already signed-in user. */\n REAUTHENTICATE: 'reauthenticate',\n /** Operation involving signing in a user. */\n SIGN_IN: 'signIn'\n} as const;\n\n/**\n * An enumeration of the possible email action types.\n *\n * @public\n */\nexport const ActionCodeOperation = {\n /** The email link sign-in action. */\n EMAIL_SIGNIN: 'EMAIL_SIGNIN',\n /** The password reset action. */\n PASSWORD_RESET: 'PASSWORD_RESET',\n /** The email revocation action. */\n RECOVER_EMAIL: 'RECOVER_EMAIL',\n /** The revert second factor addition email action. */\n REVERT_SECOND_FACTOR_ADDITION: 'REVERT_SECOND_FACTOR_ADDITION',\n /** The revert second factor addition email action. */\n VERIFY_AND_CHANGE_EMAIL: 'VERIFY_AND_CHANGE_EMAIL',\n /** The email verification action. */\n VERIFY_EMAIL: 'VERIFY_EMAIL'\n} as const;\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n PersistenceValue,\n STORAGE_AVAILABLE_KEY,\n PersistenceType\n} from '../../core/persistence';\n\n// There are two different browser persistence types: local and session.\n// Both have the same implementation but use a different underlying storage\n// object.\n\nexport abstract class BrowserPersistenceClass {\n protected constructor(\n protected readonly storageRetriever: () => Storage,\n readonly type: PersistenceType\n ) {}\n\n _isAvailable(): Promise<boolean> {\n try {\n if (!this.storage) {\n return Promise.resolve(false);\n }\n this.storage.setItem(STORAGE_AVAILABLE_KEY, '1');\n this.storage.removeItem(STORAGE_AVAILABLE_KEY);\n return Promise.resolve(true);\n } catch {\n return Promise.resolve(false);\n }\n }\n\n _set(key: string, value: PersistenceValue): Promise<void> {\n this.storage.setItem(key, JSON.stringify(value));\n return Promise.resolve();\n }\n\n _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const json = this.storage.getItem(key);\n return Promise.resolve(json ? JSON.parse(json) : null);\n }\n\n _remove(key: string): Promise<void> {\n this.storage.removeItem(key);\n return Promise.resolve();\n }\n\n protected get storage(): Storage {\n return this.storageRetriever();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport { _isMobileBrowser, _isIE10 } from '../../core/util/browser';\nimport {\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n PersistenceValue,\n StorageEventListener\n} from '../../core/persistence';\nimport { BrowserPersistenceClass } from './browser';\n\n// The polling period in case events are not supported\nexport const _POLLING_INTERVAL_MS = 1000;\n\n// The IE 10 localStorage cross tab synchronization delay in milliseconds\nconst IE10_LOCAL_STORAGE_SYNC_DELAY = 10;\n\nclass BrowserLocalPersistence\n extends BrowserPersistenceClass\n implements InternalPersistence\n{\n static type: 'LOCAL' = 'LOCAL';\n\n constructor() {\n super(() => window.localStorage, PersistenceType.LOCAL);\n }\n\n private readonly boundEventHandler = (\n event: StorageEvent,\n poll?: boolean\n ): void => this.onStorageEvent(event, poll);\n private readonly listeners: Record<string, Set<StorageEventListener>> = {};\n private readonly localCache: Record<string, string | null> = {};\n // setTimeout return value is platform specific\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private pollTimer: any | null = null;\n\n // Whether to use polling instead of depending on window events\n private readonly fallbackToPolling = _isMobileBrowser();\n readonly _shouldAllowMigration = true;\n\n private forAllChangedKeys(\n cb: (key: string, oldValue: string | null, newValue: string | null) => void\n ): void {\n // Check all keys with listeners on them.\n for (const key of Object.keys(this.listeners)) {\n // Get value from localStorage.\n const newValue = this.storage.getItem(key);\n const oldValue = this.localCache[key];\n // If local map value does not match, trigger listener with storage event.\n // Differentiate this simulated event from the real storage event.\n if (newValue !== oldValue) {\n cb(key, oldValue, newValue);\n }\n }\n }\n\n private onStorageEvent(event: StorageEvent, poll = false): void {\n // Key would be null in some situations, like when localStorage is cleared\n if (!event.key) {\n this.forAllChangedKeys(\n (key: string, _oldValue: string | null, newValue: string | null) => {\n this.notifyListeners(key, newValue);\n }\n );\n return;\n }\n\n const key = event.key;\n\n // Check the mechanism how this event was detected.\n // The first event will dictate the mechanism to be used.\n if (poll) {\n // Environment detects storage changes via polling.\n // Remove storage event listener to prevent possible event duplication.\n this.detachListener();\n } else {\n // Environment detects storage changes via storage event listener.\n // Remove polling listener to prevent possible event duplication.\n this.stopPolling();\n }\n\n const triggerListeners = (): void => {\n // Keep local map up to date in case storage event is triggered before\n // poll.\n const storedValue = this.storage.getItem(key);\n if (!poll && this.localCache[key] === storedValue) {\n // Real storage event which has already been detected, do nothing.\n // This seems to trigger in some IE browsers for some reason.\n return;\n }\n this.notifyListeners(key, storedValue);\n };\n\n const storedValue = this.storage.getItem(key);\n if (\n _isIE10() &&\n storedValue !== event.newValue &&\n event.newValue !== event.oldValue\n ) {\n // IE 10 has this weird bug where a storage event would trigger with the\n // correct key, oldValue and newValue but localStorage.getItem(key) does\n // not yield the updated value until a few milliseconds. This ensures\n // this recovers from that situation.\n setTimeout(triggerListeners, IE10_LOCAL_STORAGE_SYNC_DELAY);\n } else {\n triggerListeners();\n }\n }\n\n private notifyListeners(key: string, value: string | null): void {\n this.localCache[key] = value;\n const listeners = this.listeners[key];\n if (listeners) {\n for (const listener of Array.from(listeners)) {\n listener(value ? JSON.parse(value) : value);\n }\n }\n }\n\n private startPolling(): void {\n this.stopPolling();\n\n this.pollTimer = setInterval(() => {\n this.forAllChangedKeys(\n (key: string, oldValue: string | null, newValue: string | null) => {\n this.onStorageEvent(\n new StorageEvent('storage', {\n key,\n oldValue,\n newValue\n }),\n /* poll */ true\n );\n }\n );\n }, _POLLING_INTERVAL_MS);\n }\n\n private stopPolling(): void {\n if (this.pollTimer) {\n clearInterval(this.pollTimer);\n this.pollTimer = null;\n }\n }\n\n private attachListener(): void {\n window.addEventListener('storage', this.boundEventHandler);\n }\n\n private detachListener(): void {\n window.removeEventListener('storage', this.boundEventHandler);\n }\n\n _addListener(key: string, listener: StorageEventListener): void {\n if (Object.keys(this.listeners).length === 0) {\n // Whether browser can detect storage event when it had already been pushed to the background.\n // This may happen in some mobile browsers. A localStorage change in the foreground window\n // will not be detected in the background window via the storage event.\n // This was detected in iOS 7.x mobile browsers\n if (this.fallbackToPolling) {\n this.startPolling();\n } else {\n this.attachListener();\n }\n }\n if (!this.listeners[key]) {\n this.listeners[key] = new Set();\n // Populate the cache to avoid spuriously triggering on first poll.\n this.localCache[key] = this.storage.getItem(key);\n }\n this.listeners[key].add(listener);\n }\n\n _removeListener(key: string, listener: StorageEventListener): void {\n if (this.listeners[key]) {\n this.listeners[key].delete(listener);\n\n if (this.listeners[key].size === 0) {\n delete this.listeners[key];\n }\n }\n\n if (Object.keys(this.listeners).length === 0) {\n this.detachListener();\n this.stopPolling();\n }\n }\n\n // Update local cache on base operations:\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n await super._set(key, value);\n this.localCache[key] = JSON.stringify(value);\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const value = await super._get<T>(key);\n this.localCache[key] = JSON.stringify(value);\n return value;\n }\n\n async _remove(key: string): Promise<void> {\n await super._remove(key);\n delete this.localCache[key];\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`\n * for the underlying storage.\n *\n * @public\n */\nexport const browserLocalPersistence: Persistence = BrowserLocalPersistence;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport {\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n StorageEventListener\n} from '../../core/persistence';\nimport { BrowserPersistenceClass } from './browser';\n\nclass BrowserSessionPersistence\n extends BrowserPersistenceClass\n implements InternalPersistence\n{\n static type: 'SESSION' = 'SESSION';\n\n constructor() {\n super(() => window.sessionStorage, PersistenceType.SESSION);\n }\n\n _addListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for session storage since it cannot be shared across windows\n return;\n }\n\n _removeListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for session storage since it cannot be shared across windows\n return;\n }\n}\n\n/**\n * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`\n * for the underlying storage.\n *\n * @public\n */\nexport const browserSessionPersistence: Persistence = BrowserSessionPersistence;\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PopupRedirectResolver } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport { PopupRedirectResolverInternal } from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from './assert';\nimport { _getInstance } from './instantiator';\n\n/**\n * Chooses a popup/redirect resolver to use. This prefers the override (which\n * is directly passed in), and falls back to the property set on the auth\n * object. If neither are available, this function errors w/ an argument error.\n */\nexport function _withDefaultResolver(\n auth: AuthInternal,\n resolverOverride: PopupRedirectResolver | undefined\n): PopupRedirectResolverInternal {\n if (resolverOverride) {\n return _getInstance(resolverOverride);\n }\n\n _assert(auth._popupRedirectResolver, auth, AuthErrorCode.ARGUMENT_ERROR);\n\n return auth._popupRedirectResolver;\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { _link as _linkUser } from '../user/link_unlink';\nimport { _reauthenticate } from '../user/reauthenticate';\nimport { _assert } from '../util/assert';\nimport { _signInWithCredential } from './credential';\nimport { AuthErrorCode } from '../errors';\nimport { ProviderId } from '../../model/enums';\n\nexport interface IdpTaskParams {\n auth: AuthInternal;\n requestUri: string;\n sessionId?: string;\n tenantId?: string;\n postBody?: string;\n pendingToken?: string;\n user?: UserInternal;\n bypassAuthState?: boolean;\n}\n\nexport type IdpTask = (\n params: IdpTaskParams\n) => Promise<UserCredentialInternal>;\n\nclass IdpCredential extends AuthCredential {\n constructor(readonly params: IdpTaskParams) {\n super(ProviderId.CUSTOM, ProviderId.CUSTOM);\n }\n\n _getIdTokenResponse(auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest());\n }\n\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest(idToken));\n }\n\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest());\n }\n\n private _buildIdpRequest(idToken?: string): SignInWithIdpRequest {\n const request: SignInWithIdpRequest = {\n requestUri: this.params.requestUri,\n sessionId: this.params.sessionId,\n postBody: this.params.postBody,\n tenantId: this.params.tenantId,\n pendingToken: this.params.pendingToken,\n returnSecureToken: true,\n returnIdpCredential: true\n };\n\n if (idToken) {\n request.idToken = idToken;\n }\n\n return request;\n }\n}\n\nexport function _signIn(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n return _signInWithCredential(\n params.auth,\n new IdpCredential(params),\n params.bypassAuthState\n ) as Promise<UserCredentialInternal>;\n}\n\nexport function _reauth(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n const { auth, user } = params;\n _assert(user, auth, AuthErrorCode.INTERNAL_ERROR);\n return _reauthenticate(\n user,\n new IdpCredential(params),\n params.bypassAuthState\n );\n}\n\nexport async function _link(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n const { auth, user } = params;\n _assert(user, auth, AuthErrorCode.INTERNAL_ERROR);\n return _linkUser(user, new IdpCredential(params), params.bypassAuthState);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\n\nimport {\n AuthEvent,\n AuthEventConsumer,\n AuthEventType,\n EventManager,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { debugAssert, _fail } from '../util/assert';\nimport {\n _link,\n _reauth,\n _signIn,\n IdpTask,\n IdpTaskParams\n} from '../strategies/idp';\nimport { AuthInternal } from '../../model/auth';\n\ninterface PendingPromise {\n resolve: (cred: UserCredentialInternal | null) => void;\n reject: (error: Error) => void;\n}\n\n/**\n * Popup event manager. Handles the popup's entire lifecycle; listens to auth\n * events\n */\nexport abstract class AbstractPopupRedirectOperation\n implements AuthEventConsumer\n{\n private pendingPromise: PendingPromise | null = null;\n private eventManager: EventManager | null = null;\n readonly filter: AuthEventType[];\n\n abstract eventId: string | null;\n\n constructor(\n protected readonly auth: AuthInternal,\n filter: AuthEventType | AuthEventType[],\n protected readonly resolver: PopupRedirectResolverInternal,\n protected user?: UserInternal,\n protected readonly bypassAuthState = false\n ) {\n this.filter = Array.isArray(filter) ? filter : [filter];\n }\n\n abstract onExecution(): Promise<void>;\n\n execute(): Promise<UserCredentialInternal | null> {\n return new Promise<UserCredentialInternal | null>(\n async (resolve, reject) => {\n this.pendingPromise = { resolve, reject };\n\n try {\n this.eventManager = await this.resolver._initialize(this.auth);\n await this.onExecution();\n this.eventManager.registerConsumer(this);\n } catch (e) {\n this.reject(e as Error);\n }\n }\n );\n }\n\n async onAuthEvent(event: AuthEvent): Promise<void> {\n const { urlResponse, sessionId, postBody, tenantId, error, type } = event;\n if (error) {\n this.reject(error);\n return;\n }\n\n const params: IdpTaskParams = {\n auth: this.auth,\n requestUri: urlResponse!,\n sessionId: sessionId!,\n tenantId: tenantId || undefined,\n postBody: postBody || undefined,\n user: this.user,\n bypassAuthState: this.bypassAuthState\n };\n\n try {\n this.resolve(await this.getIdpTask(type)(params));\n } catch (e) {\n this.reject(e as Error);\n }\n }\n\n onError(error: FirebaseError): void {\n this.reject(error);\n }\n\n private getIdpTask(type: AuthEventType): IdpTask {\n switch (type) {\n case AuthEventType.SIGN_IN_VIA_POPUP:\n case AuthEventType.SIGN_IN_VIA_REDIRECT:\n return _signIn;\n case AuthEventType.LINK_VIA_POPUP:\n case AuthEventType.LINK_VIA_REDIRECT:\n return _link;\n case AuthEventType.REAUTH_VIA_POPUP:\n case AuthEventType.REAUTH_VIA_REDIRECT:\n return _reauth;\n default:\n _fail(this.auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n protected resolve(cred: UserCredentialInternal | null): void {\n debugAssert(this.pendingPromise, 'Pending promise was never set');\n this.pendingPromise.resolve(cred);\n this.unregisterAndCleanUp();\n }\n\n protected reject(error: Error): void {\n debugAssert(this.pendingPromise, 'Pending promise was never set');\n this.pendingPromise.reject(error);\n this.unregisterAndCleanUp();\n }\n\n private unregisterAndCleanUp(): void {\n if (this.eventManager) {\n this.eventManager.unregisterConsumer(this);\n }\n\n this.pendingPromise = null;\n this.cleanUp();\n }\n\n abstract cleanUp(): void;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthInternal } from '../../model/auth';\nimport {\n AuthEvent,\n AuthEventType,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserCredentialInternal } from '../../model/user';\nimport { PersistenceInternal } from '../persistence';\nimport { _persistenceKeyName } from '../persistence/persistence_user_manager';\nimport { _getInstance } from '../util/instantiator';\nimport { AbstractPopupRedirectOperation } from './abstract_popup_redirect_operation';\n\nconst PENDING_REDIRECT_KEY = 'pendingRedirect';\n\n// We only get one redirect outcome for any one auth, so just store it\n// in here.\nconst redirectOutcomeMap: Map<\n string,\n () => Promise<UserCredentialInternal | null>\n> = new Map();\n\nexport class RedirectAction extends AbstractPopupRedirectOperation {\n eventId = null;\n\n constructor(\n auth: AuthInternal,\n resolver: PopupRedirectResolverInternal,\n bypassAuthState = false\n ) {\n super(\n auth,\n [\n AuthEventType.SIGN_IN_VIA_REDIRECT,\n AuthEventType.LINK_VIA_REDIRECT,\n AuthEventType.REAUTH_VIA_REDIRECT,\n AuthEventType.UNKNOWN\n ],\n resolver,\n undefined,\n bypassAuthState\n );\n }\n\n /**\n * Override the execute function; if we already have a redirect result, then\n * just return it.\n */\n async execute(): Promise<UserCredentialInternal | null> {\n let readyOutcome = redirectOutcomeMap.get(this.auth._key());\n if (!readyOutcome) {\n try {\n const hasPendingRedirect = await _getAndClearPendingRedirectStatus(\n this.resolver,\n this.auth\n );\n const result = hasPendingRedirect ? await super.execute() : null;\n readyOutcome = () => Promise.resolve(result);\n } catch (e) {\n readyOutcome = () => Promise.reject(e);\n }\n\n redirectOutcomeMap.set(this.auth._key(), readyOutcome);\n }\n\n // If we're not bypassing auth state, the ready outcome should be set to\n // null.\n if (!this.bypassAuthState) {\n redirectOutcomeMap.set(this.auth._key(), () => Promise.resolve(null));\n }\n\n return readyOutcome();\n }\n\n async onAuthEvent(event: AuthEvent): Promise<void> {\n if (event.type === AuthEventType.SIGN_IN_VIA_REDIRECT) {\n return super.onAuthEvent(event);\n } else if (event.type === AuthEventType.UNKNOWN) {\n // This is a sentinel value indicating there's no pending redirect\n this.resolve(null);\n return;\n }\n\n if (event.eventId) {\n const user = await this.auth._redirectUserForId(event.eventId);\n if (user) {\n this.user = user;\n return super.onAuthEvent(event);\n } else {\n this.resolve(null);\n }\n }\n }\n\n async onExecution(): Promise<void> {}\n\n cleanUp(): void {}\n}\n\nexport async function _getAndClearPendingRedirectStatus(\n resolver: PopupRedirectResolverInternal,\n auth: AuthInternal\n): Promise<boolean> {\n const key = pendingRedirectKey(auth);\n const persistence = resolverPersistence(resolver);\n if (!(await persistence._isAvailable())) {\n return false;\n }\n const hasPendingRedirect = (await persistence._get(key)) === 'true';\n await persistence._remove(key);\n return hasPendingRedirect;\n}\n\nexport async function _setPendingRedirectStatus(\n resolver: PopupRedirectResolverInternal,\n auth: AuthInternal\n): Promise<void> {\n return resolverPersistence(resolver)._set(pendingRedirectKey(auth), 'true');\n}\n\nexport function _clearRedirectOutcomes(): void {\n redirectOutcomeMap.clear();\n}\n\nexport function _overrideRedirectResult(\n auth: AuthInternal,\n result: () => Promise<UserCredentialInternal | null>\n): void {\n redirectOutcomeMap.set(auth._key(), result);\n}\n\nfunction resolverPersistence(\n resolver: PopupRedirectResolverInternal\n): PersistenceInternal {\n return _getInstance(resolver._redirectPersistence);\n}\n\nfunction pendingRedirectKey(auth: AuthInternal): string {\n return _persistenceKeyName(\n PENDING_REDIRECT_KEY,\n auth.config.apiKey,\n auth.name\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n AuthProvider,\n PopupRedirectResolver,\n User,\n UserCredential\n} from '../../model/public_types';\n\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { _assertLinkedStatus } from '../../core/user/link_unlink';\nimport {\n _assertInstanceOf,\n _serverAppCurrentUserOperationNotSupportedError\n} from '../../core/util/assert';\nimport { _generateEventId } from '../../core/util/event_id';\nimport { AuthEventType } from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport { _withDefaultResolver } from '../../core/util/resolver';\nimport {\n RedirectAction,\n _setPendingRedirectStatus\n} from '../../core/strategies/redirect';\nimport { FederatedAuthProvider } from '../../core/providers/federated';\nimport { getModularInstance } from '@firebase/util';\nimport { _isFirebaseServerApp } from '@firebase/app';\n\n/**\n * Authenticates a Firebase client using a full-page redirect flow.\n *\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link signInWithRedirect}.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // You can add additional scopes to the provider:\n * provider.addScope('user_birthday');\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * // As this API can be used for sign-in, linking and reauthentication,\n * // check the operationType to determine what triggered this redirect\n * // operation.\n * const operationType = result.operationType;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function signInWithRedirect(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _signInWithRedirect(auth, provider, resolver) as Promise<never>;\n}\n\nexport async function _signInWithRedirect(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n _assertInstanceOf(auth, provider, FederatedAuthProvider);\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await authInternal._initializationPromise;\n const resolverInternal = _withDefaultResolver(authInternal, resolver);\n await _setPendingRedirectStatus(resolverInternal, authInternal);\n\n return resolverInternal._openRedirect(\n authInternal,\n provider,\n AuthEventType.SIGN_IN_VIA_REDIRECT\n );\n}\n\n/**\n * Reauthenticates the current user with the specified {@link OAuthProvider} using a full-page redirect flow.\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link reauthenticateWithRedirect}.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * const result = await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * // Reauthenticate using a redirect.\n * await reauthenticateWithRedirect(result.user, provider);\n * // This will again trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function reauthenticateWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _reauthenticateWithRedirect(\n user,\n provider,\n resolver\n ) as Promise<never>;\n}\nexport async function _reauthenticateWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n if (_isFirebaseServerApp(userInternal.auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(userInternal.auth)\n );\n }\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await userInternal.auth._initializationPromise;\n // Allow the resolver to error before persisting the redirect user\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n await _setPendingRedirectStatus(resolverInternal, userInternal.auth);\n\n const eventId = await prepareUserForRedirect(userInternal);\n return resolverInternal._openRedirect(\n userInternal.auth,\n provider,\n AuthEventType.REAUTH_VIA_REDIRECT,\n eventId\n );\n}\n\n/**\n * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link linkWithRedirect}.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances\n * created with a {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using some other provider.\n * const result = await signInWithEmailAndPassword(auth, email, password);\n * // Link using a redirect.\n * const provider = new FacebookAuthProvider();\n * await linkWithRedirect(result.user, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function linkWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _linkWithRedirect(user, provider, resolver) as Promise<never>;\n}\nexport async function _linkWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await userInternal.auth._initializationPromise;\n // Allow the resolver to error before persisting the redirect user\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n await _assertLinkedStatus(false, userInternal, provider.providerId);\n await _setPendingRedirectStatus(resolverInternal, userInternal.auth);\n\n const eventId = await prepareUserForRedirect(userInternal);\n return resolverInternal._openRedirect(\n userInternal.auth,\n provider,\n AuthEventType.LINK_VIA_REDIRECT,\n eventId\n );\n}\n\n/**\n * Returns a {@link UserCredential} from the redirect-based sign-in flow.\n *\n * @remarks\n * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an\n * error. If no redirect operation was called, returns `null`.\n *\n * This method does not work in a Node.js environment or with {@link Auth} instances created with a\n * {@link @firebase/app#FirebaseServerApp}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // You can add additional scopes to the provider:\n * provider.addScope('user_birthday');\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * // As this API can be used for sign-in, linking and reauthentication,\n * // check the operationType to determine what triggered this redirect\n * // operation.\n * const operationType = result.operationType;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function getRedirectResult(\n auth: Auth,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential | null> {\n await _castAuth(auth)._initializationPromise;\n return _getRedirectResult(auth, resolver, false);\n}\n\nexport async function _getRedirectResult(\n auth: Auth,\n resolverExtern?: PopupRedirectResolver,\n bypassAuthState = false\n): Promise<UserCredential | null> {\n if (_isFirebaseServerApp(auth.app)) {\n return Promise.reject(\n _serverAppCurrentUserOperationNotSupportedError(auth)\n );\n }\n const authInternal = _castAuth(auth);\n const resolver = _withDefaultResolver(authInternal, resolverExtern);\n const action = new RedirectAction(authInternal, resolver, bypassAuthState);\n const result = await action.execute();\n\n if (result && !bypassAuthState) {\n delete result.user._redirectEventId;\n await authInternal._persistUserIfCurrent(result.user as UserInternal);\n await authInternal._setRedirectUser(null, resolverExtern);\n }\n\n return result;\n}\n\nasync function prepareUserForRedirect(user: UserInternal): Promise<string> {\n const eventId = _generateEventId(`${user.uid}:::`);\n user._redirectEventId = eventId;\n await user.auth._setRedirectUser(user);\n await user.auth._persistUserIfCurrent(user);\n return eventId;\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { AuthProvider } from '../../model/public_types';\nimport { ApiKey, AppName, AuthInternal } from '../../model/auth';\nimport { AuthEventType } from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from './assert';\nimport { isEmpty, querystring } from '@firebase/util';\nimport { _emulatorUrl } from './emulator';\nimport { FederatedAuthProvider } from '../providers/federated';\nimport { BaseOAuthProvider } from '../providers/oauth';\n\n/**\n * URL for Authentication widget which will initiate the OAuth handshake\n *\n * @internal\n */\nconst WIDGET_PATH = '__/auth/handler';\n\n/**\n * URL for emulated environment\n *\n * @internal\n */\nconst EMULATOR_WIDGET_PATH = 'emulator/auth/handler';\n\n/**\n * Fragment name for the App Check token that gets passed to the widget\n *\n * @internal\n */\nconst FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');\n\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\ntype WidgetParams = {\n apiKey: ApiKey;\n appName: AppName;\n authType: AuthEventType;\n redirectUrl?: string;\n v: string;\n providerId?: string;\n scopes?: string;\n customParameters?: string;\n eventId?: string;\n tid?: string;\n} & { [key: string]: string | undefined };\n\nexport async function _getRedirectUrl(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n redirectUrl?: string,\n eventId?: string,\n additionalParams?: Record<string, string>\n): Promise<string> {\n _assert(auth.config.authDomain, auth, AuthErrorCode.MISSING_AUTH_DOMAIN);\n _assert(auth.config.apiKey, auth, AuthErrorCode.INVALID_API_KEY);\n\n const params: WidgetParams = {\n apiKey: auth.config.apiKey,\n appName: auth.name,\n authType,\n redirectUrl,\n v: SDK_VERSION,\n eventId\n };\n\n if (provider instanceof FederatedAuthProvider) {\n provider.setDefaultLanguage(auth.languageCode);\n params.providerId = provider.providerId || '';\n if (!isEmpty(provider.getCustomParameters())) {\n params.customParameters = JSON.stringify(provider.getCustomParameters());\n }\n\n // TODO set additionalParams from the provider as well?\n for (const [key, value] of Object.entries(additionalParams || {})) {\n params[key] = value;\n }\n }\n\n if (provider instanceof BaseOAuthProvider) {\n const scopes = provider.getScopes().filter(scope => scope !== '');\n if (scopes.length > 0) {\n params.scopes = scopes.join(',');\n }\n }\n\n if (auth.tenantId) {\n params.tid = auth.tenantId;\n }\n\n // TODO: maybe set eid as endpointId\n // TODO: maybe set fw as Frameworks.join(\",\")\n\n const paramsDict = params as Record<string, string | number>;\n for (const key of Object.keys(paramsDict)) {\n if (paramsDict[key] === undefined) {\n delete paramsDict[key];\n }\n }\n\n // Sets the App Check token to pass to the widget\n const appCheckToken = await auth._getAppCheckToken();\n const appCheckTokenFragment = appCheckToken\n ? `#${FIREBASE_APP_CHECK_FRAGMENT_ID}=${encodeURIComponent(appCheckToken)}`\n : '';\n\n // Start at index 1 to skip the leading '&' in the query string\n return `${getHandlerBase(auth)}?${querystring(paramsDict).slice(\n 1\n )}${appCheckTokenFragment}`;\n}\n\nfunction getHandlerBase({ config }: AuthInternal): string {\n if (!config.emulator) {\n return `https://${config.authDomain}/${WIDGET_PATH}`;\n }\n\n return _emulatorUrl(config, EMULATOR_WIDGET_PATH);\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport interface CordovaWindow extends Window {\n cordova: {\n plugins: {\n browsertab: {\n isAvailable(cb: (available: boolean) => void): void;\n openUrl(url: string): void;\n close(): void;\n };\n };\n\n InAppBrowser: {\n open(url: string, target: string, options: string): InAppBrowserRef;\n };\n };\n\n universalLinks: {\n subscribe(\n n: null,\n cb: (event: Record<string, string> | null) => void\n ): void;\n };\n\n BuildInfo: {\n readonly packageName: string;\n readonly displayName: string;\n };\n\n handleOpenURL(url: string): void;\n}\n\nexport interface InAppBrowserRef {\n close?: () => void;\n}\n\nexport function _cordovaWindow(): CordovaWindow {\n return window as unknown as CordovaWindow;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider } from '../../model/public_types';\nimport { AuthErrorCode } from '../../core/errors';\nimport {\n debugAssert,\n _assert,\n _createError,\n _fail\n} from '../../core/util/assert';\nimport { _isAndroid, _isIOS, _isIOS7Or8 } from '../../core/util/browser';\nimport { _getRedirectUrl } from '../../core/util/handler';\nimport { AuthInternal } from '../../model/auth';\nimport { AuthEvent } from '../../model/popup_redirect';\nimport { InAppBrowserRef, _cordovaWindow } from '../plugins';\nimport {\n GetProjectConfigRequest,\n _getProjectConfig\n} from '../../api/project_config/get_project_config';\n\n/**\n * How long to wait after the app comes back into focus before concluding that\n * the user closed the sign in tab.\n */\nconst REDIRECT_TIMEOUT_MS = 2000;\n\n/**\n * Generates the URL for the OAuth handler.\n */\nexport async function _generateHandlerUrl(\n auth: AuthInternal,\n event: AuthEvent,\n provider: AuthProvider\n): Promise<string> {\n // Get the cordova plugins\n const { BuildInfo } = _cordovaWindow();\n debugAssert(event.sessionId, 'AuthEvent did not contain a session ID');\n const sessionDigest = await computeSha256(event.sessionId);\n\n const additionalParams: Record<string, string> = {};\n if (_isIOS()) {\n // iOS app identifier\n additionalParams['ibi'] = BuildInfo.packageName;\n } else if (_isAndroid()) {\n // Android app identifier\n additionalParams['apn'] = BuildInfo.packageName;\n } else {\n _fail(auth, AuthErrorCode.OPERATION_NOT_SUPPORTED);\n }\n\n // Add the display name if available\n if (BuildInfo.displayName) {\n additionalParams['appDisplayName'] = BuildInfo.displayName;\n }\n\n // Attached the hashed session ID\n additionalParams['sessionId'] = sessionDigest;\n return _getRedirectUrl(\n auth,\n provider,\n event.type,\n undefined,\n event.eventId ?? undefined,\n additionalParams\n );\n}\n\n/**\n * Validates that this app is valid for this project configuration\n */\nexport async function _validateOrigin(auth: AuthInternal): Promise<void> {\n const { BuildInfo } = _cordovaWindow();\n const request: GetProjectConfigRequest = {};\n if (_isIOS()) {\n request.iosBundleId = BuildInfo.packageName;\n } else if (_isAndroid()) {\n request.androidPackageName = BuildInfo.packageName;\n } else {\n _fail(auth, AuthErrorCode.OPERATION_NOT_SUPPORTED);\n }\n\n // Will fail automatically if package name is not authorized\n await _getProjectConfig(auth, request);\n}\n\nexport function _performRedirect(\n handlerUrl: string\n): Promise<InAppBrowserRef | null> {\n // Get the cordova plugins\n const { cordova } = _cordovaWindow();\n\n return new Promise(resolve => {\n cordova.plugins.browsertab.isAvailable(browserTabIsAvailable => {\n let iabRef: InAppBrowserRef | null = null;\n if (browserTabIsAvailable) {\n cordova.plugins.browsertab.openUrl(handlerUrl);\n } else {\n // TODO: Return the inappbrowser ref that's returned from the open call\n iabRef = cordova.InAppBrowser.open(\n handlerUrl,\n _isIOS7Or8() ? '_blank' : '_system',\n 'location=yes'\n );\n }\n resolve(iabRef);\n });\n });\n}\n\n// Thin interface wrapper to avoid circular dependency with ./events module\ninterface PassiveAuthEventListener {\n addPassiveListener(cb: () => void): void;\n removePassiveListener(cb: () => void): void;\n}\n\n/**\n * This function waits for app activity to be seen before resolving. It does\n * this by attaching listeners to various dom events. Once the app is determined\n * to be visible, this promise resolves. AFTER that resolution, the listeners\n * are detached and any browser tabs left open will be closed.\n */\nexport async function _waitForAppResume(\n auth: AuthInternal,\n eventListener: PassiveAuthEventListener,\n iabRef: InAppBrowserRef | null\n): Promise<void> {\n // Get the cordova plugins\n const { cordova } = _cordovaWindow();\n\n let cleanup = (): void => {};\n try {\n await new Promise<void>((resolve, reject) => {\n let onCloseTimer: number | null = null;\n\n // DEFINE ALL THE CALLBACKS =====\n function authEventSeen(): void {\n // Auth event was detected. Resolve this promise and close the extra\n // window if it's still open.\n resolve();\n const closeBrowserTab = cordova.plugins.browsertab?.close;\n if (typeof closeBrowserTab === 'function') {\n closeBrowserTab();\n }\n // Close inappbrowser embedded webview in iOS7 and 8 case if still\n // open.\n if (typeof iabRef?.close === 'function') {\n iabRef.close();\n }\n }\n\n function resumed(): void {\n if (onCloseTimer) {\n // This code already ran; do not rerun.\n return;\n }\n\n onCloseTimer = window.setTimeout(() => {\n // Wait two seconds after resume then reject.\n reject(_createError(auth, AuthErrorCode.REDIRECT_CANCELLED_BY_USER));\n }, REDIRECT_TIMEOUT_MS);\n }\n\n function visibilityChanged(): void {\n if (document?.visibilityState === 'visible') {\n resumed();\n }\n }\n\n // ATTACH ALL THE LISTENERS =====\n // Listen for the auth event\n eventListener.addPassiveListener(authEventSeen);\n\n // Listen for resume and visibility events\n document.addEventListener('resume', resumed, false);\n if (_isAndroid()) {\n document.addEventListener('visibilitychange', visibilityChanged, false);\n }\n\n // SETUP THE CLEANUP FUNCTION =====\n cleanup = () => {\n eventListener.removePassiveListener(authEventSeen);\n document.removeEventListener('resume', resumed, false);\n document.removeEventListener(\n 'visibilitychange',\n visibilityChanged,\n false\n );\n if (onCloseTimer) {\n window.clearTimeout(onCloseTimer);\n }\n };\n });\n } finally {\n cleanup();\n }\n}\n\n/**\n * Checks the configuration of the Cordova environment. This has no side effect\n * if the configuration is correct; otherwise it throws an error with the\n * missing plugin.\n */\nexport function _checkCordovaConfiguration(auth: AuthInternal): void {\n const win = _cordovaWindow();\n // Check all dependencies installed.\n // https://github.com/nordnet/cordova-universal-links-plugin\n // Note that cordova-universal-links-plugin has been abandoned.\n // A fork with latest fixes is available at:\n // https://www.npmjs.com/package/cordova-universal-links-plugin-fix\n _assert(\n typeof win?.universalLinks?.subscribe === 'function',\n auth,\n AuthErrorCode.INVALID_CORDOVA_CONFIGURATION,\n {\n missingPlugin: 'cordova-universal-links-plugin-fix'\n }\n );\n\n // https://www.npmjs.com/package/cordova-plugin-buildinfo\n _assert(\n typeof win?.BuildInfo?.packageName !== 'undefined',\n auth,\n AuthErrorCode.INVALID_CORDOVA_CONFIGURATION,\n {\n missingPlugin: 'cordova-plugin-buildInfo'\n }\n );\n\n // https://github.com/google/cordova-plugin-browsertab\n _assert(\n typeof win?.cordova?.plugins?.browsertab?.openUrl === 'function',\n auth,\n AuthErrorCode.INVALID_CORDOVA_CONFIGURATION,\n {\n missingPlugin: 'cordova-plugin-browsertab'\n }\n );\n _assert(\n typeof win?.cordova?.plugins?.browsertab?.isAvailable === 'function',\n auth,\n AuthErrorCode.INVALID_CORDOVA_CONFIGURATION,\n {\n missingPlugin: 'cordova-plugin-browsertab'\n }\n );\n\n // https://cordova.apache.org/docs/en/latest/reference/cordova-plugin-inappbrowser/\n _assert(\n typeof win?.cordova?.InAppBrowser?.open === 'function',\n auth,\n AuthErrorCode.INVALID_CORDOVA_CONFIGURATION,\n {\n missingPlugin: 'cordova-plugin-inappbrowser'\n }\n );\n}\n\n/**\n * Computes the SHA-256 of a session ID. The SubtleCrypto interface is only\n * available in \"secure\" contexts, which covers Cordova (which is served on a file\n * protocol).\n */\nasync function computeSha256(sessionId: string): Promise<string> {\n const bytes = stringToArrayBuffer(sessionId);\n\n // TODO: For IE11 crypto has a different name and this operation comes back\n // as an object, not a promise. This is the old proposed standard that\n // is used by IE11:\n // https://www.w3.org/TR/2013/WD-WebCryptoAPI-20130108/#cryptooperation-interface\n const buf = await crypto.subtle.digest('SHA-256', bytes);\n const arr = Array.from(new Uint8Array(buf));\n return arr.map(num => num.toString(16).padStart(2, '0')).join('');\n}\n\nfunction stringToArrayBuffer(str: string): Uint8Array {\n // This function is only meant to deal with an ASCII charset and makes\n // certain simplifying assumptions.\n debugAssert(\n /[0-9a-zA-Z]+/.test(str),\n 'Can only convert alpha-numeric strings'\n );\n if (typeof TextEncoder !== 'undefined') {\n return new TextEncoder().encode(str);\n }\n\n const buff = new ArrayBuffer(str.length);\n const view = new Uint8Array(buff);\n for (let i = 0; i < str.length; i++) {\n view[i] = str.charCodeAt(i);\n }\n return view;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _performApiRequest, Endpoint, HttpMethod } from '../index';\nimport { Auth } from '../../model/public_types';\n\nexport interface GetProjectConfigRequest {\n androidPackageName?: string;\n iosBundleId?: string;\n}\n\nexport interface GetProjectConfigResponse {\n authorizedDomains: string[];\n}\n\nexport async function _getProjectConfig(\n auth: Auth,\n request: GetProjectConfigRequest = {}\n): Promise<GetProjectConfigResponse> {\n return _performApiRequest<GetProjectConfigRequest, GetProjectConfigResponse>(\n auth,\n HttpMethod.GET,\n Endpoint.GET_PROJECT_CONFIG,\n request\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthEvent,\n AuthEventConsumer,\n AuthEventType,\n EventManager\n} from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { AuthInternal } from '../../model/auth';\nimport { _createError } from '../util/assert';\n\n// The amount of time to store the UIDs of seen events; this is\n// set to 10 min by default\nconst EVENT_DUPLICATION_CACHE_DURATION_MS = 10 * 60 * 1000;\n\nexport class AuthEventManager implements EventManager {\n private readonly cachedEventUids: Set<string> = new Set();\n private readonly consumers: Set<AuthEventConsumer> = new Set();\n protected queuedRedirectEvent: AuthEvent | null = null;\n protected hasHandledPotentialRedirect = false;\n private lastProcessedEventTime = Date.now();\n\n constructor(private readonly auth: AuthInternal) {}\n\n registerConsumer(authEventConsumer: AuthEventConsumer): void {\n this.consumers.add(authEventConsumer);\n\n if (\n this.queuedRedirectEvent &&\n this.isEventForConsumer(this.queuedRedirectEvent, authEventConsumer)\n ) {\n this.sendToConsumer(this.queuedRedirectEvent, authEventConsumer);\n this.saveEventToCache(this.queuedRedirectEvent);\n this.queuedRedirectEvent = null;\n }\n }\n\n unregisterConsumer(authEventConsumer: AuthEventConsumer): void {\n this.consumers.delete(authEventConsumer);\n }\n\n onEvent(event: AuthEvent): boolean {\n // Check if the event has already been handled\n if (this.hasEventBeenHandled(event)) {\n return false;\n }\n\n let handled = false;\n this.consumers.forEach(consumer => {\n if (this.isEventForConsumer(event, consumer)) {\n handled = true;\n this.sendToConsumer(event, consumer);\n this.saveEventToCache(event);\n }\n });\n\n if (this.hasHandledPotentialRedirect || !isRedirectEvent(event)) {\n // If we've already seen a redirect before, or this is a popup event,\n // bail now\n return handled;\n }\n\n this.hasHandledPotentialRedirect = true;\n\n // If the redirect wasn't handled, hang on to it\n if (!handled) {\n this.queuedRedirectEvent = event;\n handled = true;\n }\n\n return handled;\n }\n\n private sendToConsumer(event: AuthEvent, consumer: AuthEventConsumer): void {\n if (event.error && !isNullRedirectEvent(event)) {\n const code =\n (event.error.code?.split('auth/')[1] as AuthErrorCode) ||\n AuthErrorCode.INTERNAL_ERROR;\n consumer.onError(_createError(this.auth, code));\n } else {\n consumer.onAuthEvent(event);\n }\n }\n\n private isEventForConsumer(\n event: AuthEvent,\n consumer: AuthEventConsumer\n ): boolean {\n const eventIdMatches =\n consumer.eventId === null ||\n (!!event.eventId && event.eventId === consumer.eventId);\n return consumer.filter.includes(event.type) && eventIdMatches;\n }\n\n private hasEventBeenHandled(event: AuthEvent): boolean {\n if (\n Date.now() - this.lastProcessedEventTime >=\n EVENT_DUPLICATION_CACHE_DURATION_MS\n ) {\n this.cachedEventUids.clear();\n }\n\n return this.cachedEventUids.has(eventUid(event));\n }\n\n private saveEventToCache(event: AuthEvent): void {\n this.cachedEventUids.add(eventUid(event));\n this.lastProcessedEventTime = Date.now();\n }\n}\n\nfunction eventUid(e: AuthEvent): string {\n return [e.type, e.eventId, e.sessionId, e.tenantId].filter(v => v).join('-');\n}\n\nfunction isNullRedirectEvent({ type, error }: AuthEvent): boolean {\n return (\n type === AuthEventType.UNKNOWN &&\n error?.code === `auth/${AuthErrorCode.NO_AUTH_EVENT}`\n );\n}\n\nfunction isRedirectEvent(event: AuthEvent): boolean {\n switch (event.type) {\n case AuthEventType.SIGN_IN_VIA_REDIRECT:\n case AuthEventType.LINK_VIA_REDIRECT:\n case AuthEventType.REAUTH_VIA_REDIRECT:\n return true;\n case AuthEventType.UNKNOWN:\n return isNullRedirectEvent(event);\n default:\n return false;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { querystringDecode } from '@firebase/util';\nimport { AuthEventManager } from '../../core/auth/auth_event_manager';\nimport { AuthErrorCode } from '../../core/errors';\nimport { PersistedBlob, PersistenceInternal } from '../../core/persistence';\nimport {\n KeyName,\n _persistenceKeyName\n} from '../../core/persistence/persistence_user_manager';\nimport { _createError } from '../../core/util/assert';\nimport { _getInstance } from '../../core/util/instantiator';\nimport { AuthInternal } from '../../model/auth';\nimport { AuthEvent, AuthEventType } from '../../model/popup_redirect';\nimport { browserLocalPersistence } from '../../platform_browser/persistence/local_storage';\n\nconst SESSION_ID_LENGTH = 20;\n\n/** Custom AuthEventManager that adds passive listeners to events */\nexport class CordovaAuthEventManager extends AuthEventManager {\n private readonly passiveListeners = new Set<(e: AuthEvent) => void>();\n private resolveInitialized!: () => void;\n private initPromise = new Promise<void>(resolve => {\n this.resolveInitialized = resolve;\n });\n\n addPassiveListener(cb: (e: AuthEvent) => void): void {\n this.passiveListeners.add(cb);\n }\n\n removePassiveListener(cb: (e: AuthEvent) => void): void {\n this.passiveListeners.delete(cb);\n }\n\n // In a Cordova environment, this manager can live through multiple redirect\n // operations\n resetRedirect(): void {\n this.queuedRedirectEvent = null;\n this.hasHandledPotentialRedirect = false;\n }\n\n /** Override the onEvent method */\n onEvent(event: AuthEvent): boolean {\n this.resolveInitialized();\n this.passiveListeners.forEach(cb => cb(event));\n return super.onEvent(event);\n }\n\n async initialized(): Promise<void> {\n await this.initPromise;\n }\n}\n\n/**\n * Generates a (partial) {@link AuthEvent}.\n */\nexport function _generateNewEvent(\n auth: AuthInternal,\n type: AuthEventType,\n eventId: string | null = null\n): AuthEvent {\n return {\n type,\n eventId,\n urlResponse: null,\n sessionId: generateSessionId(),\n postBody: null,\n tenantId: auth.tenantId,\n error: _createError(auth, AuthErrorCode.NO_AUTH_EVENT)\n };\n}\n\nexport function _savePartialEvent(\n auth: AuthInternal,\n event: AuthEvent\n): Promise<void> {\n return storage()._set(persistenceKey(auth), event as object as PersistedBlob);\n}\n\nexport async function _getAndRemoveEvent(\n auth: AuthInternal\n): Promise<AuthEvent | null> {\n const event = (await storage()._get(\n persistenceKey(auth)\n )) as AuthEvent | null;\n if (event) {\n await storage()._remove(persistenceKey(auth));\n }\n return event;\n}\n\nexport function _eventFromPartialAndUrl(\n partialEvent: AuthEvent,\n url: string\n): AuthEvent | null {\n // Parse the deep link within the dynamic link URL.\n const callbackUrl = _getDeepLinkFromCallback(url);\n // Confirm it is actually a callback URL.\n // Currently the universal link will be of this format:\n // https://<AUTH_DOMAIN>/__/auth/callback<OAUTH_RESPONSE>\n // This is a fake URL but is not intended to take the user anywhere\n // and just redirect to the app.\n if (callbackUrl.includes('/__/auth/callback')) {\n // Check if there is an error in the URL.\n // This mechanism is also used to pass errors back to the app:\n // https://<AUTH_DOMAIN>/__/auth/callback?firebaseError=<STRINGIFIED_ERROR>\n const params = searchParamsOrEmpty(callbackUrl);\n // Get the error object corresponding to the stringified error if found.\n const errorObject = params['firebaseError']\n ? parseJsonOrNull(decodeURIComponent(params['firebaseError']))\n : null;\n const code = errorObject?.['code']?.split('auth/')?.[1];\n const error = code ? _createError(code) : null;\n if (error) {\n return {\n type: partialEvent.type,\n eventId: partialEvent.eventId,\n tenantId: partialEvent.tenantId,\n error,\n urlResponse: null,\n sessionId: null,\n postBody: null\n };\n } else {\n return {\n type: partialEvent.type,\n eventId: partialEvent.eventId,\n tenantId: partialEvent.tenantId,\n sessionId: partialEvent.sessionId,\n urlResponse: callbackUrl,\n postBody: null\n };\n }\n }\n\n return null;\n}\n\nfunction generateSessionId(): string {\n const chars = [];\n const allowedChars =\n '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';\n for (let i = 0; i < SESSION_ID_LENGTH; i++) {\n const idx = Math.floor(Math.random() * allowedChars.length);\n chars.push(allowedChars.charAt(idx));\n }\n return chars.join('');\n}\n\nfunction storage(): PersistenceInternal {\n return _getInstance(browserLocalPersistence);\n}\n\nfunction persistenceKey(auth: AuthInternal): string {\n return _persistenceKeyName(KeyName.AUTH_EVENT, auth.config.apiKey, auth.name);\n}\n\nfunction parseJsonOrNull(json: string): ReturnType<typeof JSON.parse> | null {\n try {\n return JSON.parse(json);\n } catch (e) {\n return null;\n }\n}\n\n// Exported for testing\nexport function _getDeepLinkFromCallback(url: string): string {\n const params = searchParamsOrEmpty(url);\n const link = params['link'] ? decodeURIComponent(params['link']) : undefined;\n // Double link case (automatic redirect)\n const doubleDeepLink = searchParamsOrEmpty(link)['link'];\n // iOS custom scheme links.\n const iOSDeepLink = params['deep_link_id']\n ? decodeURIComponent(params['deep_link_id'])\n : undefined;\n const iOSDoubleDeepLink = searchParamsOrEmpty(iOSDeepLink)['link'];\n return iOSDoubleDeepLink || iOSDeepLink || doubleDeepLink || link || url;\n}\n\n/**\n * Optimistically tries to get search params from a string, or else returns an\n * empty search params object.\n */\nfunction searchParamsOrEmpty(url: string | undefined): Record<string, string> {\n if (!url?.includes('?')) {\n return {};\n }\n\n const [_, ...rest] = url.split('?');\n return querystringDecode(rest.join('?')) as Record<string, string>;\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider, PopupRedirectResolver } from '../../model/public_types';\nimport { browserSessionPersistence } from '../../platform_browser/persistence/session_storage';\nimport { AuthInternal } from '../../model/auth';\nimport {\n AuthEvent,\n AuthEventType,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { AuthPopup } from '../../platform_browser/util/popup';\nimport { _createError, _fail } from '../../core/util/assert';\nimport { AuthErrorCode } from '../../core/errors';\nimport {\n _checkCordovaConfiguration,\n _generateHandlerUrl,\n _performRedirect,\n _validateOrigin,\n _waitForAppResume\n} from './utils';\nimport {\n CordovaAuthEventManager,\n _eventFromPartialAndUrl,\n _generateNewEvent,\n _getAndRemoveEvent,\n _savePartialEvent\n} from './events';\nimport { AuthEventManager } from '../../core/auth/auth_event_manager';\nimport { _getRedirectResult } from '../../platform_browser/strategies/redirect';\nimport {\n _clearRedirectOutcomes,\n _overrideRedirectResult\n} from '../../core/strategies/redirect';\nimport { _cordovaWindow } from '../plugins';\n\n/**\n * How long to wait for the initial auth event before concluding no\n * redirect pending\n */\nconst INITIAL_EVENT_TIMEOUT_MS = 500;\n\nclass CordovaPopupRedirectResolver implements PopupRedirectResolverInternal {\n readonly _redirectPersistence = browserSessionPersistence;\n readonly _shouldInitProactively = true; // This is lightweight for Cordova\n private readonly eventManagers = new Map<string, CordovaAuthEventManager>();\n private readonly originValidationPromises: Record<string, Promise<void>> = {};\n\n _completeRedirectFn = _getRedirectResult;\n _overrideRedirectResult = _overrideRedirectResult;\n\n async _initialize(auth: AuthInternal): Promise<CordovaAuthEventManager> {\n const key = auth._key();\n let manager = this.eventManagers.get(key);\n if (!manager) {\n manager = new CordovaAuthEventManager(auth);\n this.eventManagers.set(key, manager);\n this.attachCallbackListeners(auth, manager);\n }\n return manager;\n }\n\n _openPopup(auth: AuthInternal): Promise<AuthPopup> {\n _fail(auth, AuthErrorCode.OPERATION_NOT_SUPPORTED);\n }\n\n async _openRedirect(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n eventId?: string\n ): Promise<void> {\n _checkCordovaConfiguration(auth);\n const manager = await this._initialize(auth);\n await manager.initialized();\n\n // Reset the persisted redirect states. This does not matter on Web where\n // the redirect always blows away application state entirely. On Cordova,\n // the app maintains control flow through the redirect.\n manager.resetRedirect();\n _clearRedirectOutcomes();\n\n await this._originValidation(auth);\n\n const event = _generateNewEvent(auth, authType, eventId);\n await _savePartialEvent(auth, event);\n const url = await _generateHandlerUrl(auth, event, provider);\n const iabRef = await _performRedirect(url);\n return _waitForAppResume(auth, manager, iabRef);\n }\n\n _isIframeWebStorageSupported(\n _auth: AuthInternal,\n _cb: (support: boolean) => unknown\n ): void {\n throw new Error('Method not implemented.');\n }\n\n _originValidation(auth: AuthInternal): Promise<void> {\n const key = auth._key();\n if (!this.originValidationPromises[key]) {\n this.originValidationPromises[key] = _validateOrigin(auth);\n }\n\n return this.originValidationPromises[key];\n }\n\n private attachCallbackListeners(\n auth: AuthInternal,\n manager: AuthEventManager\n ): void {\n // Get the global plugins\n const { universalLinks, handleOpenURL, BuildInfo } = _cordovaWindow();\n\n const noEventTimeout = setTimeout(async () => {\n // We didn't see that initial event. Clear any pending object and\n // dispatch no event\n await _getAndRemoveEvent(auth);\n manager.onEvent(generateNoEvent());\n }, INITIAL_EVENT_TIMEOUT_MS);\n\n const universalLinksCb = async (\n eventData: Record<string, string> | null\n ): Promise<void> => {\n // We have an event so we can clear the no event timeout\n clearTimeout(noEventTimeout);\n\n const partialEvent = await _getAndRemoveEvent(auth);\n let finalEvent: AuthEvent | null = null;\n if (partialEvent && eventData?.['url']) {\n finalEvent = _eventFromPartialAndUrl(partialEvent, eventData['url']);\n }\n\n // If finalEvent is never filled, trigger with no event\n manager.onEvent(finalEvent || generateNoEvent());\n };\n\n // Universal links subscriber doesn't exist for iOS, so we need to check\n if (\n typeof universalLinks !== 'undefined' &&\n typeof universalLinks.subscribe === 'function'\n ) {\n universalLinks.subscribe(null, universalLinksCb);\n }\n\n // iOS 7 or 8 custom URL schemes.\n // This is also the current default behavior for iOS 9+.\n // For this to work, cordova-plugin-customurlscheme needs to be installed.\n // https://github.com/EddyVerbruggen/Custom-URL-scheme\n // Do not overwrite the existing developer's URL handler.\n const existingHandleOpenURL = handleOpenURL;\n const packagePrefix = `${BuildInfo.packageName.toLowerCase()}://`;\n _cordovaWindow().handleOpenURL = async url => {\n if (url.toLowerCase().startsWith(packagePrefix)) {\n // We want this intentionally to float\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n universalLinksCb({ url });\n }\n // Call the developer's handler if it is present.\n if (typeof existingHandleOpenURL === 'function') {\n try {\n existingHandleOpenURL(url);\n } catch (e) {\n // This is a developer error. Don't stop the flow of the SDK.\n console.error(e);\n }\n }\n };\n }\n}\n\n/**\n * An implementation of {@link PopupRedirectResolver} suitable for Cordova\n * based applications.\n *\n * @public\n */\nexport const cordovaPopupRedirectResolver: PopupRedirectResolver =\n CordovaPopupRedirectResolver;\n\nfunction generateNoEvent(): AuthEvent {\n return {\n type: AuthEventType.UNKNOWN,\n eventId: null,\n sessionId: null,\n urlResponse: null,\n postBody: null,\n tenantId: null,\n error: _createError(AuthErrorCode.NO_AUTH_EVENT)\n };\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n AuthProvider,\n PopupRedirectResolver,\n User\n} from '../../model/public_types';\nimport {\n _linkWithRedirect,\n _reauthenticateWithRedirect,\n _signInWithRedirect\n} from '../../platform_browser/strategies/redirect';\n\nexport function signInWithRedirect(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void> {\n return _signInWithRedirect(auth, provider, resolver) as Promise<void>;\n}\n\nexport function reauthenticateWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void> {\n return _reauthenticateWithRedirect(user, provider, resolver) as Promise<void>;\n}\n\nexport function linkWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void> {\n return _linkWithRedirect(user, provider, resolver) as Promise<void>;\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * This is the file that people using Cordova will actually import. You\n * should only include this file if you have something specific about your\n * implementation that mandates having a separate entrypoint. Otherwise you can\n * just use index.ts\n */\n\nimport { FirebaseApp, getApp, _getProvider } from '@firebase/app';\nimport { Auth } from './src/model/public_types';\nimport { indexedDBLocalPersistence } from './src/platform_browser/persistence/indexed_db';\n\nimport { initializeAuth } from './src';\nimport { registerAuth } from './src/core/auth/register';\nimport { ClientPlatform } from './src/core/util/version';\n\nexport * from './index.shared';\n\n// Cordova also supports indexedDB / browserSession / browserLocal\nexport { indexedDBLocalPersistence } from './src/platform_browser/persistence/indexed_db';\nexport { browserLocalPersistence } from './src/platform_browser/persistence/local_storage';\nexport { browserSessionPersistence } from './src/platform_browser/persistence/session_storage';\nexport { getRedirectResult } from './src/platform_browser/strategies/redirect';\n\nexport { cordovaPopupRedirectResolver } from './src/platform_cordova/popup_redirect/popup_redirect';\nexport {\n signInWithRedirect,\n reauthenticateWithRedirect,\n linkWithRedirect\n} from './src/platform_cordova/strategies/redirect';\n\nimport { cordovaPopupRedirectResolver } from './src/platform_cordova/popup_redirect/popup_redirect';\n\nexport function getAuth(app: FirebaseApp = getApp()): Auth {\n const provider = _getProvider(app, 'auth');\n\n if (provider.isInitialized()) {\n return provider.getImmediate();\n }\n\n return initializeAuth(app, {\n persistence: indexedDBLocalPersistence,\n popupRedirectResolver: cordovaPopupRedirectResolver\n });\n}\n\nregisterAuth(ClientPlatform.CORDOVA);\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _registerComponent, registerVersion } from '@firebase/app';\nimport {\n Component,\n ComponentType,\n InstantiationMode\n} from '@firebase/component';\n\nimport { name, version } from '../../../package.json';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _getClientVersion, ClientPlatform } from '../util/version';\nimport { _castAuth, AuthImpl, DefaultConfig } from './auth_impl';\nimport { AuthInterop } from './firebase_internal';\nimport { ConfigInternal } from '../../model/auth';\nimport { Dependencies } from '../../model/public_types';\nimport { _initializeAuthInstance } from './initialize';\n\nexport const enum _ComponentName {\n AUTH = 'auth',\n AUTH_INTERNAL = 'auth-internal'\n}\n\nfunction getVersionForPlatform(\n clientPlatform: ClientPlatform\n): string | undefined {\n switch (clientPlatform) {\n case ClientPlatform.NODE:\n return 'node';\n case ClientPlatform.REACT_NATIVE:\n return 'rn';\n case ClientPlatform.WORKER:\n return 'webworker';\n case ClientPlatform.CORDOVA:\n return 'cordova';\n case ClientPlatform.WEB_EXTENSION:\n return 'web-extension';\n default:\n return undefined;\n }\n}\n\n/** @internal */\nexport function registerAuth(clientPlatform: ClientPlatform): void {\n _registerComponent(\n new Component(\n _ComponentName.AUTH,\n (container, { options: deps }: { options?: Dependencies }) => {\n const app = container.getProvider('app').getImmediate()!;\n const heartbeatServiceProvider =\n container.getProvider<'heartbeat'>('heartbeat');\n const appCheckServiceProvider =\n container.getProvider<'app-check-internal'>('app-check-internal');\n const { apiKey, authDomain } = app.options;\n\n _assert(\n apiKey && !apiKey.includes(':'),\n AuthErrorCode.INVALID_API_KEY,\n { appName: app.name }\n );\n\n const config: ConfigInternal = {\n apiKey,\n authDomain,\n clientPlatform,\n apiHost: DefaultConfig.API_HOST,\n tokenApiHost: DefaultConfig.TOKEN_API_HOST,\n apiScheme: DefaultConfig.API_SCHEME,\n sdkClientVersion: _getClientVersion(clientPlatform)\n };\n\n const authInstance = new AuthImpl(\n app,\n heartbeatServiceProvider,\n appCheckServiceProvider,\n config\n );\n _initializeAuthInstance(authInstance, deps);\n\n return authInstance;\n },\n ComponentType.PUBLIC\n )\n /**\n * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()\n * For why we do this, See go/firebase-next-auth-init\n */\n .setInstantiationMode(InstantiationMode.EXPLICIT)\n /**\n * Because all firebase products that depend on auth depend on auth-internal directly,\n * we need to initialize auth-internal after auth is initialized to make it available to other firebase products.\n */\n .setInstanceCreatedCallback(\n (container, _instanceIdentifier, _instance) => {\n const authInternalProvider = container.getProvider(\n _ComponentName.AUTH_INTERNAL\n );\n authInternalProvider.initialize();\n }\n )\n );\n\n _registerComponent(\n new Component(\n _ComponentName.AUTH_INTERNAL,\n container => {\n const auth = _castAuth(\n container.getProvider(_ComponentName.AUTH).getImmediate()!\n );\n return (auth => new AuthInterop(auth))(auth);\n },\n ComponentType.PRIVATE\n ).setInstantiationMode(InstantiationMode.EXPLICIT)\n );\n\n registerVersion(name, version, getVersionForPlatform(clientPlatform));\n // BUILD_TARGET will be replaced by values like esm2017, cjs2017, etc during the compilation\n registerVersion(name, version, '__BUILD_TARGET__');\n}\n"],"names":["base64","byteToCharMap_","charToByteMap_","byteToCharMapWebSafe_","charToByteMapWebSafe_","ENCODED_VALS_BASE","ENCODED_VALS","this","ENCODED_VALS_WEBSAFE","HAS_NATIVE_SUPPORT","atob","encodeByteArray","input","webSafe","Array","isArray","Error","init_","byteToCharMap","output","i","length","byte1","haveByte2","byte2","haveByte3","byte3","outByte1","outByte2","outByte3","outByte4","push","join","encodeString","btoa","str","out","p","c","charCodeAt","stringToByteArray","decodeString","bytes","pos","c1","String","fromCharCode","c2","u","c3","byteArrayToString","decodeStringToByteArray","charToByteMap","charAt","byte4","DecodeBase64StringError","constructor","name","getUA","navigator","FirebaseError","code","message","customData","super","Object","setPrototypeOf","prototype","captureStackTrace","ErrorFactory","create","service","serviceName","errors","data","fullCode","template","replaceTemplate","replace","PATTERN","_","key","value","fullMessage","deepEqual","a","b","aKeys","keys","bKeys","k","includes","aProp","bProp","isObject","thing","querystring","querystringParams","params","entries","forEach","arrayVal","encodeURIComponent","querystringDecode","obj","split","token","decodeURIComponent","extractQuerystring","url","queryStart","indexOf","fragmentStart","substring","undefined","ObserverProxy","executor","onNoObservers","observers","unsubscribes","observerCount","task","Promise","resolve","finalized","then","catch","e","error","next","forEachObserver","observer","close","complete","subscribe","nextOrObserver","implementsAnyMethods","methods","method","noop","unsub","unsubscribeOne","bind","finalError","fn","sendOne","console","err","getModularInstance","_delegate","Component","instanceFactory","type","multipleInstances","serviceProps","instantiationMode","onInstanceCreated","setInstantiationMode","mode","setMultipleInstances","setServiceProps","props","setInstanceCreatedCallback","callback","LogLevel","levelStringToEnum","debug","DEBUG","verbose","VERBOSE","info","INFO","warn","WARN","ERROR","silent","SILENT","defaultLogLevel","ConsoleMethod","defaultLogHandler","instance","logType","args","logLevel","now","Date","toISOString","STORAGE_AVAILABLE_KEY","Receiver","eventTarget","handlersMap","boundEventHandler","handleEvent","_getInstance","existingInstance","receivers","find","receiver","isListeningto","newInstance","event","messageEvent","eventId","eventType","handlers","size","ports","postMessage","status","promises","from","map","async","handler","origin","response","_allSettled","all","promise","fulfilled","reason","_subscribe","eventHandler","addEventListener","Set","add","_unsubscribe","delete","removeEventListener","_generateEventId","prefix","digits","random","Math","floor","Sender","target","removeMessageHandler","messageChannel","port1","onMessage","_send","timeout","MessageChannel","completionTimer","reject","start","ackTimer","setTimeout","clearTimeout","port2","finally","_window","window","_isWorker","DB_NAME","DB_OBJECTSTORE_NAME","DB_DATA_KEYPATH","DBPromise","request","toPromise","result","getObjectStore","db","isReadWrite","transaction","objectStore","_openDatabase","indexedDB","open","createObjectStore","keyPath","objectStoreNames","contains","_deleteDatabase","deleteDatabase","_putObject","put","_deleteObject","IndexedDBLocalPersistence","_shouldAllowMigration","listeners","localCache","pollTimer","pendingWrites","sender","serviceWorkerReceiverAvailable","activeServiceWorker","_workerInitializationPromise","initializeServiceWorkerMessaging","_openDb","_withRetries","op","numAttempts","initializeReceiver","initializeSender","_getWorkerGlobalScope","self","_origin","keyProcessed","_poll","_data","_getActiveServiceWorker","serviceWorker","ready","active","_a","results","_b","notifyServiceWorker","_getServiceWorkerController","controller","_isAvailable","_withPendingWrite","write","_set","_get","getObject","get","_remove","getAllRequest","getAll","keysInResult","fbase_key","JSON","stringify","notifyListeners","localKey","has","newValue","listener","startPolling","stopPolling","setInterval","clearInterval","_addListener","_removeListener","indexedDBLocalPersistence","_prodErrorMap","debugErrorMap","_debugErrorMap","prodErrorMap","_DEFAULT_AUTH_ERROR_FACTORY","AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY","ADMIN_ONLY_OPERATION","ARGUMENT_ERROR","APP_NOT_AUTHORIZED","APP_NOT_INSTALLED","CAPTCHA_CHECK_FAILED","CODE_EXPIRED","CORDOVA_NOT_READY","CORS_UNSUPPORTED","CREDENTIAL_ALREADY_IN_USE","CREDENTIAL_MISMATCH","CREDENTIAL_TOO_OLD_LOGIN_AGAIN","DEPENDENT_SDK_INIT_BEFORE_AUTH","DYNAMIC_LINK_NOT_ACTIVATED","EMAIL_CHANGE_NEEDS_VERIFICATION","EMAIL_EXISTS","EMULATOR_CONFIG_FAILED","EXPIRED_OOB_CODE","EXPIRED_POPUP_REQUEST","INTERNAL_ERROR","INVALID_API_KEY","INVALID_APP_CREDENTIAL","INVALID_APP_ID","INVALID_AUTH","INVALID_AUTH_EVENT","INVALID_CERT_HASH","INVALID_CODE","INVALID_CONTINUE_URI","INVALID_CORDOVA_CONFIGURATION","INVALID_CUSTOM_TOKEN","INVALID_DYNAMIC_LINK_DOMAIN","INVALID_EMAIL","INVALID_EMULATOR_SCHEME","INVALID_IDP_RESPONSE","INVALID_LOGIN_CREDENTIALS","INVALID_MESSAGE_PAYLOAD","INVALID_MFA_SESSION","INVALID_OAUTH_CLIENT_ID","INVALID_OAUTH_PROVIDER","INVALID_OOB_CODE","INVALID_ORIGIN","INVALID_PASSWORD","INVALID_PERSISTENCE","INVALID_PHONE_NUMBER","INVALID_PROVIDER_ID","INVALID_RECIPIENT_EMAIL","INVALID_SENDER","INVALID_SESSION_INFO","INVALID_TENANT_ID","MFA_INFO_NOT_FOUND","MFA_REQUIRED","MISSING_ANDROID_PACKAGE_NAME","MISSING_APP_CREDENTIAL","MISSING_AUTH_DOMAIN","MISSING_CODE","MISSING_CONTINUE_URI","MISSING_IFRAME_START","MISSING_IOS_BUNDLE_ID","MISSING_OR_INVALID_NONCE","MISSING_MFA_INFO","MISSING_MFA_SESSION","MISSING_PHONE_NUMBER","MISSING_SESSION_INFO","MODULE_DESTROYED","NEED_CONFIRMATION","NETWORK_REQUEST_FAILED","NULL_USER","NO_AUTH_EVENT","NO_SUCH_PROVIDER","OPERATION_NOT_ALLOWED","OPERATION_NOT_SUPPORTED","POPUP_BLOCKED","POPUP_CLOSED_BY_USER","PROVIDER_ALREADY_LINKED","QUOTA_EXCEEDED","REDIRECT_CANCELLED_BY_USER","REDIRECT_OPERATION_PENDING","REJECTED_CREDENTIAL","SECOND_FACTOR_ALREADY_ENROLLED","SECOND_FACTOR_LIMIT_EXCEEDED","TENANT_ID_MISMATCH","TIMEOUT","TOKEN_EXPIRED","TOO_MANY_ATTEMPTS_TRY_LATER","UNAUTHORIZED_DOMAIN","UNSUPPORTED_FIRST_FACTOR","UNSUPPORTED_PERSISTENCE","UNSUPPORTED_TENANT_OPERATION","UNVERIFIED_EMAIL","USER_CANCELLED","USER_DELETED","USER_DISABLED","USER_MISMATCH","USER_SIGNED_OUT","WEAK_PASSWORD","WEB_STORAGE_UNSUPPORTED","ALREADY_INITIALIZED","RECAPTCHA_NOT_ENABLED","MISSING_RECAPTCHA_TOKEN","INVALID_RECAPTCHA_TOKEN","INVALID_RECAPTCHA_ACTION","MISSING_CLIENT_TYPE","MISSING_RECAPTCHA_VERSION","INVALID_RECAPTCHA_VERSION","INVALID_REQ_TYPE","INVALID_HOSTING_LINK_DOMAIN","logClient","Logger","_logLevel","_logHandler","_userLogHandler","val","TypeError","setLogLevel","logHandler","userLogHandler","log","_logError","msg","SDK_VERSION","_fail","authOrCode","rest","createErrorInternal","_createError","_errorWithCustomMessage","auth","errorMap","assign","appName","_serverAppCurrentUserOperationNotSupportedError","_assertInstanceOf","object","fullParams","slice","_errorFactory","_assert","assertion","debugFail","failure","debugAssert","_getCurrentUrl","location","href","_isHttpOrHttps","_getCurrentScheme","protocol","_isOnline","onLine","isBrowserExtension","runtime","chrome","browser","id","_emulatorUrl","config","path","emulator","startsWith","FetchProvider","initialize","fetchImpl","headersImpl","responseImpl","fetch","globalThis","headers","Headers","Response","SERVER_ERROR_MAP","MISSING_CUSTOM_TOKEN","INVALID_IDENTIFIER","MISSING_PASSWORD","PASSWORD_LOGIN_DISABLED","INVALID_PENDING_TOKEN","FEDERATED_USER_ID_ALREADY_LINKED","MISSING_REQ_TYPE","EMAIL_NOT_FOUND","RESET_PASSWORD_EXCEED_LIMIT","MISSING_OOB_CODE","INVALID_ID_TOKEN","USER_NOT_FOUND","PASSWORD_DOES_NOT_MEET_REQUIREMENTS","INVALID_TEMPORARY_PROOF","SESSION_EXPIRED","INVALID_MFA_PENDING_CREDENTIAL","MFA_ENROLLMENT_NOT_FOUND","MISSING_MFA_ENROLLMENT_ID","MISSING_MFA_PENDING_CREDENTIAL","SECOND_FACTOR_EXISTS","BLOCKING_FUNCTION_ERROR_RESPONSE","DEFAULT_API_TIMEOUT_MS","Delay","shortDelay","longDelay","isMobile","isMobileCordova","test","isReactNative","min","_addTidIfNecessary","tenantId","_performApiRequest","customErrorMap","_performFetchWithErrorHandling","body","query","apiKey","_getAdditionalHeaders","languageCode","fetchArgs","isCloudflareWorker","userAgent","referrerPolicy","_getFinalTarget","apiHost","fetchFn","_canInitEmulator","networkTimeout","NetworkTimeout","race","clearNetworkTimeout","json","_makeTaggedError","ok","errorMessage","serverErrorCode","serverErrorMessage","authError","toLowerCase","_performSignInRequest","serverResponse","_serverResponse","host","base","apiScheme","_parseEnforcementState","enforcementStateStr","timer","errorParams","email","phoneNumber","_tokenResponse","isEnterprise","grecaptcha","enterprise","RecaptchaConfig","siteKey","recaptchaEnforcementState","recaptchaKey","getProviderEnforcementState","providerStr","provider","enforcementState","isProviderEnabled","isAnyProviderEnabled","getRecaptchaConfig","getAccountInfo","utcTimestampToDateString","utcTimestamp","date","Number","isNaN","getTime","toUTCString","getIdToken","user","forceRefresh","getIdTokenResult","userInternal","claims","_parseToken","exp","auth_time","iat","firebase","signInProvider","authTime","secondsStringToMilliseconds","issuedAtTime","expirationTime","signInSecondFactor","seconds","algorithm","payload","signature","decoded","base64Decode","parse","toString","_tokenExpiresIn","parsedToken","_logoutIfInvalidated","bypassAuthState","isUserInvalidated","currentUser","signOut","ProactiveRefresh","isRunning","timerId","errorBackoff","_start","schedule","_stop","getInterval","wasError","interval","stsTokenManager","max","iteration","UserMetadata","createdAt","lastLoginAt","_initializeTime","lastSignInTime","creationTime","_copy","metadata","toJSON","_reloadWithoutSaving","idToken","users","coreAccount","_notifyReloadListener","newProviderData","providerUserInfo","extractProviderData","providerData","mergeProviderData","original","newData","filter","o","some","n","providerId","oldIsAnonymous","isAnonymous","newIsAnonymous","passwordHash","updates","uid","localId","displayName","photoURL","photoUrl","emailVerified","reload","_persistUserIfCurrent","_notifyListenersIfCurrent","providers","__rest","rawId","StsTokenManager","refreshToken","accessToken","isExpired","updateFromServerResponse","expiresIn","updateTokensAndExpiration","updateFromIdToken","getToken","refresh","clearRefreshToken","oldToken","requestStsToken","grant_type","refresh_token","tokenApiHost","access_token","expires_in","expiresInSec","fromJSON","manager","_assign","_clone","_performRefresh","assertStringOrUndefined","UserImpl","opt","proactiveRefresh","reloadUserInfo","reloadListener","userInfo","newUser","_onReload","_startProactiveRefresh","_stopProactiveRefresh","_updateTokensIfNecessary","tokensRefreshed","_isFirebaseServerApp","app","deleteAccount","_redirectEventId","_fromJSON","_c","_d","_e","_f","_g","_h","plainObjectTokenManager","_fromIdTokenResponse","idTokenResponse","_fromGetAccountInfoResponse","instanceCache","Map","cls","Function","set","InMemoryPersistence","storage","_key","_listener","inMemoryPersistence","_persistenceKeyName","PersistenceUserManager","persistence","userKey","fullUserKey","fullPersistenceKey","_onStorageEvent","setCurrentUser","getCurrentUser","blob","removeCurrentUser","savePersistenceForRedirect","setPersistence","newPersistence","persistenceHierarchy","availablePersistences","selectedPersistence","userToMigrate","migrationHierarchy","_getBrowserName","ua","_isIEMobile","_isFirefox","_isBlackBerry","_isWebOS","_isSafari","_isChromeIOS","_isAndroid","re","matches","match","_isIOS","_isIE10","isIE","document","documentMode","_getClientVersion","clientPlatform","frameworks","reportedPlatform","reportedFrameworks","AuthMiddlewareQueue","queue","pushCallback","onAbort","wrappedCallback","index","runMiddleware","nextUser","onAbortStack","beforeStateCallback","reverse","originalMessage","PasswordPolicyImpl","responseOptions","customStrengthOptions","minPasswordLength","maxPasswordLength","containsLowercaseCharacter","containsLowercaseLetter","containsUppercaseCharacter","containsUppercaseLetter","containsNumericCharacter","containsNonAlphanumericCharacter","allowedNonAlphanumericCharacters","forceUpgradeOnSignin","schemaVersion","validatePassword","password","isValid","passwordPolicy","validatePasswordLengthOptions","validatePasswordCharacterOptions","meetsMinPasswordLength","meetsMaxPasswordLength","passwordChar","updatePasswordCharacterOptionsStatuses","AuthImpl","heartbeatServiceProvider","appCheckServiceProvider","emulatorConfig","operations","authStateSubscription","Subscription","idTokenSubscription","beforeStateQueue","redirectUser","isProactiveRefreshEnabled","EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION","_isInitialized","_deleted","_initializationPromise","_popupRedirectResolver","_agentRecaptchaConfig","_tenantRecaptchaConfigs","_projectPasswordPolicy","_tenantPasswordPolicies","lastNotifiedUid","settings","appVerificationDisabledForTesting","clientVersion","sdkClientVersion","_initializeWithPersistence","popupRedirectResolver","persistenceManager","_shouldInitProactively","_initialize","initializeCurrentUser","assertedPersistence","_currentUser","_updateCurrentUser","initializeCurrentUserFromIdToken","directlySetCurrentUser","authIdToken","previouslyStoredUser","futureCurrentUser","needsTocheckMiddleware","authDomain","getOrInitRedirectPersistenceManager","redirectUserEventId","storedUserEventId","tryRedirectSignIn","_overrideRedirectResult","reloadAndSetCurrentUserOrClear","redirectResolver","_completeRedirectFn","_setRedirectUser","useDeviceLanguage","_getUserLanguage","navigatorLanguage","languages","language","_delete","updateCurrentUser","userExtern","skipBeforeStateCallbacks","notifyAuthListeners","redirectPersistenceManager","_getRecaptchaConfig","_getPasswordPolicyInternal","_updatePasswordPolicy","_getPasswordPolicy","_getPersistence","_updateErrorMap","onAuthStateChanged","completed","registerStateListener","beforeAuthStateChanged","onIdTokenChanged","authStateReady","unsubscribe","revokeAccessToken","tokenType","revokeToken","redirectManager","resolver","_redirectPersistence","_redirectUserForId","currentUid","subscription","cb","isUnsubscribed","addObserver","action","_logFramework","framework","sort","_getFrameworks","options","appId","heartbeatsHeader","getImmediate","optional","getHeartbeatsHeader","appCheckToken","_getAppCheckToken","appCheckTokenResult","_logWarn","_castAuth","createSubscribe","proxy","externalJSProvider","loadJS","recaptchaV2Script","recaptchaEnterpriseScript","gapiScript","MockGreCAPTCHATopLevel","MockGreCAPTCHA","execute","_siteKey","_options","render","_container","_parameters","FAKE_TOKEN","RecaptchaEnterpriseVerifier","authExtern","verify","retrieveRecaptchaToken","retrieveSiteKey","clientType","version","_recaptchaEnterpriseScriptUrl","jsHelpers._recaptchaEnterpriseScriptUrl","_loadJS","jsHelpers\n ._loadJS","injectRecaptchaFields","isCaptchaResp","isFakeToken","verifier","captchaResponse","newRequest","phoneEnrollmentInfo","recaptchaToken","recaptchaVersion","phoneSignInInfo","captchaResp","handleRecaptchaFlow","authInstance","actionName","actionMethod","recaptchaAuthProvider","requestWithRecaptcha","requestWithRecaptchaFields","initializeAuth","deps","_getProvider","isInitialized","getOptions","connectAuthEmulator","authInternal","disableWarnings","extractProtocol","port","extractHostAndPort","authority","exec","substr","hostAndPort","pop","bracketedIPv6","parsePort","freeze","emitEmulatorWarning","attachBanner","el","createElement","sty","style","innerText","position","width","backgroundColor","border","color","bottom","left","margin","zIndex","textAlign","classList","appendChild","readyState","protocolEnd","portStr","AuthCredential","signInMethod","_getIdTokenResponse","_auth","_linkToIdToken","_idToken","_getReauthenticationResolver","resetPassword","linkEmailPassword","signInWithPassword","sendOobCode","sendPasswordResetEmail","sendSignInLinkToEmail","EmailAuthCredential","_email","_password","_tenantId","_fromEmailAndPassword","_fromEmailAndCode","oobCode","returnSecureToken","signInWithEmailLink","signInWithEmailLinkForLinking","signInWithIdp","OAuthCredential","pendingToken","_fromParams","cred","nonce","oauthToken","oauthTokenSecret","secret","buildRequest","autoCreate","requestUri","postBody","VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_","PhoneAuthCredential","_fromVerification","verificationId","verificationCode","_fromTokenResponse","temporaryProof","signInWithPhoneNumber","_makeVerificationRequest","linkWithPhoneNumber","verifyPhoneNumberForExisting","operation","sessionInfo","ActionCodeURL","actionLink","searchParams","parseMode","continueUrl","parseLink","link","parseDeepLink","doubleDeepLink","iOSDeepLink","parseActionCodeURL","EmailAuthProvider","PROVIDER_ID","credential","credentialWithLink","emailLink","actionCodeUrl","EMAIL_PASSWORD_SIGN_IN_METHOD","EMAIL_LINK_SIGN_IN_METHOD","FederatedAuthProvider","defaultLanguageCode","customParameters","setDefaultLanguage","setCustomParameters","customOAuthParameters","getCustomParameters","BaseOAuthProvider","scopes","addScope","scope","getScopes","OAuthProvider","credentialFromJSON","_credential","rawNonce","credentialFromResult","userCredential","oauthCredentialFromTaggedObject","credentialFromError","tokenResponse","oauthIdToken","oauthAccessToken","FacebookAuthProvider","FACEBOOK_SIGN_IN_METHOD","credentialFromTaggedObject","GoogleAuthProvider","GOOGLE_SIGN_IN_METHOD","GithubAuthProvider","GITHUB_SIGN_IN_METHOD","SAMLAuthCredential","_create","SAMLAuthProvider","samlCredentialFromTaggedObject","TwitterAuthProvider","TWITTER_SIGN_IN_METHOD","signUp","UserCredentialImpl","operationType","providerIdForResponse","_forOperation","signInAnonymously","MultiFactorError","_fromErrorAndOperation","_processCredentialSavingMfaContextIfNecessary","providerDataAsNames","pid","unlink","_assertLinkedStatus","deleteLinkedAccounts","deleteProvider","providersLeft","pd","_link","expected","_reauthenticate","parsed","sub","_signInWithCredential","signInWithCredential","linkWithCredential","reauthenticateWithCredential","signInWithCustomToken","customToken","getIdTokenResponse","MultiFactorInfoImpl","factorId","mfaEnrollmentId","enrollmentTime","enrolledAt","_fromServerResponse","enrollment","PhoneMultiFactorInfoImpl","TotpMultiFactorInfoImpl","phoneInfo","_setActionCodeSettingsOnRequest","actionCodeSettings","dynamicLinkDomain","linkDomain","canHandleCodeInApp","handleCodeInApp","iOS","bundleId","iOSBundleId","android","packageName","androidInstallApp","installApp","androidMinimumVersionCode","minimumVersion","androidPackageName","recachePasswordPolicy","requestType","authentication.sendPasswordResetEmail","confirmPasswordReset","newPassword","account\n .resetPassword","applyActionCode","account.applyActionCode","checkActionCode","authModular","account.resetPassword","newEmail","mfaInfo","multiFactorInfo","previousEmail","verifyPasswordResetCode","createUserWithEmailAndPassword","signUpResponse","signInWithEmailAndPassword","setActionCodeSettings","api.sendSignInLinkToEmail","isSignInWithEmailLink","fetchSignInMethodsForEmail","identifier","continueUri","signinMethods","createAuthUri","sendEmailVerification","api.sendEmailVerification","verifyBeforeUpdateEmail","verifyAndChangeEmail","api.verifyAndChangeEmail","updateProfile","profileRequest","apiUpdateProfile","passwordProvider","updateEmail","updateEmailOrPassword","updatePassword","updateEmailPassword","apiUpdateEmailPassword","GenericAdditionalUserInfo","isNewUser","profile","FederatedAdditionalUserInfoWithUsername","username","FacebookAdditionalUserInfo","GithubAdditionalUserInfo","login","GoogleAdditionalUserInfo","TwitterAdditionalUserInfo","screenName","getAdditionalUserInfo","rawUserInfo","kind","initializeRecaptchaConfig","_initializeRecaptchaConfig","deleteUser","MultiFactorSessionImpl","_fromIdtoken","_fromMfaPendingCredential","mfaPendingCredential","multiFactorSession","pendingCredential","MultiFactorResolverImpl","session","hints","signInResolver","_fromError","mfaResponse","_process","resolveSignIn","assertionExtern","getMultiFactorResolver","errorInternal","MultiFactorUserImpl","enrolledFactors","_fromUser","getSession","enroll","finalizeMfaResponse","unenroll","infoOrUid","withdrawMfa","multiFactorUserCache","WeakMap","multiFactor","userModular","AuthInterop","internalListeners","getUid","assertAuthConfigured","addAuthTokenListener","updateProactiveRefresh","removeAuthTokenListener","FactorId","PHONE","TOTP","ProviderId","FACEBOOK","GITHUB","GOOGLE","PASSWORD","TWITTER","SignInMethod","EMAIL_LINK","EMAIL_PASSWORD","OperationType","LINK","REAUTHENTICATE","SIGN_IN","ActionCodeOperation","EMAIL_SIGNIN","PASSWORD_RESET","RECOVER_EMAIL","REVERT_SECOND_FACTOR_ADDITION","VERIFY_AND_CHANGE_EMAIL","VERIFY_EMAIL","BrowserPersistenceClass","storageRetriever","setItem","removeItem","getItem","BrowserLocalPersistence","localStorage","poll","onStorageEvent","fallbackToPolling","_isMobileBrowser","forAllChangedKeys","oldValue","_oldValue","detachListener","triggerListeners","storedValue","StorageEvent","attachListener","browserLocalPersistence","BrowserSessionPersistence","sessionStorage","browserSessionPersistence","_withDefaultResolver","resolverOverride","IdpCredential","_buildIdpRequest","sessionId","returnIdpCredential","_signIn","_reauth","_linkUser","AbstractPopupRedirectOperation","pendingPromise","eventManager","onExecution","registerConsumer","onAuthEvent","urlResponse","getIdpTask","onError","unregisterAndCleanUp","unregisterConsumer","cleanUp","redirectOutcomeMap","RedirectAction","readyOutcome","_getAndClearPendingRedirectStatus","pendingRedirectKey","resolverPersistence","hasPendingRedirect","_setPendingRedirectStatus","getRedirectResult","_getRedirectResult","resolverExtern","prepareUserForRedirect","WIDGET_PATH","EMULATOR_WIDGET_PATH","FIREBASE_APP_CHECK_FRAGMENT_ID","_getRedirectUrl","authType","redirectUrl","additionalParams","v","isEmpty","hasOwnProperty","call","tid","paramsDict","appCheckTokenFragment","getHandlerBase","_cordovaWindow","_generateHandlerUrl","BuildInfo","sessionDigest","computeSha256","stringToArrayBuffer","TextEncoder","encode","buff","ArrayBuffer","view","Uint8Array","buf","crypto","subtle","digest","num","padStart","_validateOrigin","iosBundleId","_getProjectConfig","_performRedirect","handlerUrl","cordova","plugins","browsertab","isAvailable","browserTabIsAvailable","iabRef","openUrl","InAppBrowser","_isIOS7Or8","AuthEventManager","cachedEventUids","consumers","queuedRedirectEvent","hasHandledPotentialRedirect","lastProcessedEventTime","authEventConsumer","isEventForConsumer","sendToConsumer","saveEventToCache","onEvent","hasEventBeenHandled","handled","consumer","isRedirectEvent","isNullRedirectEvent","eventIdMatches","clear","eventUid","CordovaAuthEventManager","passiveListeners","initPromise","resolveInitialized","addPassiveListener","removePassiveListener","resetRedirect","initialized","_getAndRemoveEvent","persistenceKey","_eventFromPartialAndUrl","partialEvent","callbackUrl","_getDeepLinkFromCallback","searchParamsOrEmpty","errorObject","parseJsonOrNull","generateSessionId","chars","allowedChars","idx","cordovaPopupRedirectResolver","CordovaPopupRedirectResolver","eventManagers","originValidationPromises","attachCallbackListeners","_openPopup","_openRedirect","_checkCordovaConfiguration","win","universalLinks","missingPlugin","_k","_j","_clearRedirectOutcomes","_originValidation","_generateNewEvent","_savePartialEvent","_waitForAppResume","eventListener","cleanup","onCloseTimer","authEventSeen","closeBrowserTab","resumed","visibilityChanged","visibilityState","_isIframeWebStorageSupported","_cb","handleOpenURL","noEventTimeout","generateNoEvent","universalLinksCb","eventData","finalEvent","existingHandleOpenURL","packagePrefix","signInWithRedirect","_signInWithRedirect","resolverInternal","reauthenticateWithRedirect","_reauthenticateWithRedirect","linkWithRedirect","_linkWithRedirect","getAuth","getApp","registerAuth","_registerComponent","container","getProvider","_initializeAuthInstance","hierarchy","_instanceIdentifier","_instance","registerVersion","getVersionForPlatform"],"mappings":"4IAiBA,MA0FaA,EAAiB,CAI5BC,eAAgB,KAKhBC,eAAgB,KAMhBC,sBAAuB,KAMvBC,sBAAuB,KAMvBC,kBACE,iEAKF,gBAAIC,GACF,OAAOC,KAAKF,kBAAoB,KACjC,EAKD,wBAAIG,GACF,OAAOD,KAAKF,kBAAoB,KACjC,EASDI,mBAAoC,mBAATC,KAW3B,eAAAC,CAAgBC,EAA8BC,GAC5C,IAAKC,MAAMC,QAAQH,GACjB,MAAMI,MAAM,iDAGdT,KAAKU,QAEL,MAAMC,EAAgBL,EAClBN,KAAKJ,sBACLI,KAAKN,eAEHkB,EAAS,GAEf,IAAK,IAAIC,EAAI,EAAGA,EAAIR,EAAMS,OAAQD,GAAK,EAAG,CACxC,MAAME,EAAQV,EAAMQ,GACdG,EAAYH,EAAI,EAAIR,EAAMS,OAC1BG,EAAQD,EAAYX,EAAMQ,EAAI,GAAK,EACnCK,EAAYL,EAAI,EAAIR,EAAMS,OAC1BK,EAAQD,EAAYb,EAAMQ,EAAI,GAAK,EAEnCO,EAAWL,GAAS,EACpBM,GAAqB,EAARN,IAAiB,EAAME,GAAS,EACnD,IAAIK,GAAqB,GAARL,IAAiB,EAAME,GAAS,EAC7CI,EAAmB,GAARJ,EAEVD,IACHK,EAAW,GAENP,IACHM,EAAW,KAIfV,EAAOY,KACLb,EAAcS,GACdT,EAAcU,GACdV,EAAcW,GACdX,EAAcY,GAEjB,CAED,OAAOX,EAAOa,KAAK,GACpB,EAUD,YAAAC,CAAarB,EAAeC,GAG1B,OAAIN,KAAKE,qBAAuBI,EACvBqB,KAAKtB,GAEPL,KAAKI,gBAlNU,SAAUwB,GAElC,MAAMC,EAAgB,GACtB,IAAIC,EAAI,EACR,IAAK,IAAIjB,EAAI,EAAGA,EAAIe,EAAId,OAAQD,IAAK,CACnC,IAAIkB,EAAIH,EAAII,WAAWnB,GACnBkB,EAAI,IACNF,EAAIC,KAAOC,EACFA,EAAI,MACbF,EAAIC,KAAQC,GAAK,EAAK,IACtBF,EAAIC,KAAY,GAAJC,EAAU,KAEL,QAAZ,MAAJA,IACDlB,EAAI,EAAIe,EAAId,QACyB,QAAZ,MAAxBc,EAAII,WAAWnB,EAAI,KAGpBkB,EAAI,QAAgB,KAAJA,IAAe,KAA6B,KAAtBH,EAAII,aAAanB,IACvDgB,EAAIC,KAAQC,GAAK,GAAM,IACvBF,EAAIC,KAASC,GAAK,GAAM,GAAM,IAC9BF,EAAIC,KAASC,GAAK,EAAK,GAAM,IAC7BF,EAAIC,KAAY,GAAJC,EAAU,MAEtBF,EAAIC,KAAQC,GAAK,GAAM,IACvBF,EAAIC,KAASC,GAAK,EAAK,GAAM,IAC7BF,EAAIC,KAAY,GAAJC,EAAU,IAEzB,CACD,OAAOF,CACT,CAqLgCI,CAAkB5B,GAAQC,EACvD,EAUD,YAAA4B,CAAa7B,EAAeC,GAG1B,OAAIN,KAAKE,qBAAuBI,EACvBH,KAAKE,GA5LQ,SAAU8B,GAElC,MAAMN,EAAgB,GACtB,IAAIO,EAAM,EACRL,EAAI,EACN,KAAOK,EAAMD,EAAMrB,QAAQ,CACzB,MAAMuB,EAAKF,EAAMC,KACjB,GAAIC,EAAK,IACPR,EAAIE,KAAOO,OAAOC,aAAaF,QAC1B,GAAIA,EAAK,KAAOA,EAAK,IAAK,CAC/B,MAAMG,EAAKL,EAAMC,KACjBP,EAAIE,KAAOO,OAAOC,cAAoB,GAALF,IAAY,EAAW,GAALG,EACpD,MAAM,GAAIH,EAAK,KAAOA,EAAK,IAAK,CAE/B,MAGMI,IACI,EAALJ,IAAW,IAAa,GAJlBF,EAAMC,OAImB,IAAa,GAHtCD,EAAMC,OAGuC,EAAW,GAFxDD,EAAMC,MAGf,MACFP,EAAIE,KAAOO,OAAOC,aAAa,OAAUE,GAAK,KAC9CZ,EAAIE,KAAOO,OAAOC,aAAa,OAAc,KAAJE,GAC1C,KAAM,CACL,MAAMD,EAAKL,EAAMC,KACXM,EAAKP,EAAMC,KACjBP,EAAIE,KAAOO,OAAOC,cACT,GAALF,IAAY,IAAa,GAALG,IAAY,EAAW,GAALE,EAE3C,CACF,CACD,OAAOb,EAAIJ,KAAK,GAClB,CA+JWkB,CAAkB3C,KAAK4C,wBAAwBvC,EAAOC,GAC9D,EAiBD,uBAAAsC,CAAwBvC,EAAeC,GACrCN,KAAKU,QAEL,MAAMmC,EAAgBvC,EAClBN,KAAKH,sBACLG,KAAKL,eAEHiB,EAAmB,GAEzB,IAAK,IAAIC,EAAI,EAAGA,EAAIR,EAAMS,QAAU,CAClC,MAAMC,EAAQ8B,EAAcxC,EAAMyC,OAAOjC,MAGnCI,EADYJ,EAAIR,EAAMS,OACF+B,EAAcxC,EAAMyC,OAAOjC,IAAM,IACzDA,EAEF,MACMM,EADYN,EAAIR,EAAMS,OACF+B,EAAcxC,EAAMyC,OAAOjC,IAAM,KACzDA,EAEF,MACMkC,EADYlC,EAAIR,EAAMS,OACF+B,EAAcxC,EAAMyC,OAAOjC,IAAM,GAG3D,KAFEA,EAEW,MAATE,GAA0B,MAATE,GAA0B,MAATE,GAA0B,MAAT4B,EACrD,MAAM,IAAIC,wBAGZ,MAAM5B,EAAYL,GAAS,EAAME,GAAS,EAG1C,GAFAL,EAAOY,KAAKJ,GAEE,KAAVD,EAAc,CAChB,MAAME,EAAaJ,GAAS,EAAK,IAASE,GAAS,EAGnD,GAFAP,EAAOY,KAAKH,GAEE,KAAV0B,EAAc,CAChB,MAAMzB,EAAaH,GAAS,EAAK,IAAQ4B,EACzCnC,EAAOY,KAAKF,EACb,CACF,CACF,CAED,OAAOV,CACR,EAOD,KAAAF,GACE,IAAKV,KAAKN,eAAgB,CACxBM,KAAKN,eAAiB,GACtBM,KAAKL,eAAiB,GACtBK,KAAKJ,sBAAwB,GAC7BI,KAAKH,sBAAwB,GAG7B,IAAK,IAAIgB,EAAI,EAAGA,EAAIb,KAAKD,aAAae,OAAQD,IAC5Cb,KAAKN,eAAemB,GAAKb,KAAKD,aAAa+C,OAAOjC,GAClDb,KAAKL,eAAeK,KAAKN,eAAemB,IAAMA,EAC9Cb,KAAKJ,sBAAsBiB,GAAKb,KAAKC,qBAAqB6C,OAAOjC,GACjEb,KAAKH,sBAAsBG,KAAKJ,sBAAsBiB,IAAMA,EAGxDA,GAAKb,KAAKF,kBAAkBgB,SAC9Bd,KAAKL,eAAeK,KAAKC,qBAAqB6C,OAAOjC,IAAMA,EAC3Db,KAAKH,sBAAsBG,KAAKD,aAAa+C,OAAOjC,IAAMA,EAG/D,CACF,GAMG,MAAOmC,gCAAgCvC,MAA7C,WAAAwC,uBACWjD,KAAIkD,KAAG,yBACjB,WCxTeC,QACd,MACuB,oBAAdC,WAC2B,iBAA3BA,UAAqB,UAErBA,UAAqB,UAErB,EAEX,CCmCM,MAAOC,sBAAsB5C,MAIjC,WAAAwC,CAEWK,EACTC,EAEOC,GAEPC,MAAMF,GALGvD,KAAIsD,KAAJA,EAGFtD,KAAUwD,WAAVA,EAPAxD,KAAIkD,KAdI,gBA6BfQ,OAAOC,eAAe3D,KAAMqD,cAAcO,WAItCnD,MAAMoD,mBACRpD,MAAMoD,kBAAkB7D,KAAM8D,aAAaF,UAAUG,OAExD,EAGU,MAAAD,aAIX,WAAAb,CACmBe,EACAC,EACAC,GAFAlE,KAAOgE,QAAPA,EACAhE,KAAWiE,YAAXA,EACAjE,KAAMkE,OAANA,CACf,CAEJ,MAAAH,CACET,KACGa,GAEH,MAAMX,EAAcW,EAAK,IAAoB,CAAA,EACvCC,EAAW,GAAGpE,KAAKgE,WAAWV,IAC9Be,EAAWrE,KAAKkE,OAAOZ,GAEvBC,EAAUc,EAUpB,SAASC,gBAAgBD,EAAkBF,GACzC,OAAOE,EAASE,QAAQC,GAAS,CAACC,EAAGC,KACnC,MAAMC,EAAQR,EAAKO,GACnB,OAAgB,MAATC,EAAgBrC,OAAOqC,GAAS,IAAID,KAAO,GAEtD,CAf+BJ,CAAgBD,EAAUb,GAAc,QAE7DoB,EAAc,GAAG5E,KAAKiE,gBAAgBV,MAAYa,MAIxD,OAFc,IAAIf,cAAce,EAAUQ,EAAapB,EAGxD,EAUH,MAAMgB,EAAU,gBC7EA,SAAAK,UAAUC,EAAWC,GACnC,GAAID,IAAMC,EACR,OAAO,EAGT,MAAMC,EAAQtB,OAAOuB,KAAKH,GACpBI,EAAQxB,OAAOuB,KAAKF,GAC1B,IAAK,MAAMI,KAAKH,EAAO,CACrB,IAAKE,EAAME,SAASD,GAClB,OAAO,EAGT,MAAME,EAASP,EAA8BK,GACvCG,EAASP,EAA8BI,GAC7C,GAAII,SAASF,IAAUE,SAASD,IAC9B,IAAKT,UAAUQ,EAAOC,GACpB,OAAO,OAEJ,GAAID,IAAUC,EACnB,OAAO,CAEV,CAED,IAAK,MAAMH,KAAKD,EACd,IAAKF,EAAMI,SAASD,GAClB,OAAO,EAGX,OAAO,CACT,CAEA,SAASI,SAASC,GAChB,OAAiB,OAAVA,GAAmC,iBAAVA,CAClC,CCrEM,SAAUC,YAAYC,GAG1B,MAAMC,EAAS,GACf,IAAK,MAAOjB,EAAKC,KAAUjB,OAAOkC,QAAQF,GACpCnF,MAAMC,QAAQmE,GAChBA,EAAMkB,SAAQC,IACZH,EAAOnE,KACLuE,mBAAmBrB,GAAO,IAAMqB,mBAAmBD,GACpD,IAGHH,EAAOnE,KAAKuE,mBAAmBrB,GAAO,IAAMqB,mBAAmBpB,IAGnE,OAAOgB,EAAO7E,OAAS,IAAM6E,EAAOlE,KAAK,KAAO,EAClD,CAMM,SAAUuE,kBAAkBP,GAChC,MAAMQ,EAA8B,CAAA,EASpC,OAReR,EAAYlB,QAAQ,MAAO,IAAI2B,MAAM,KAE7CL,SAAQM,IACb,GAAIA,EAAO,CACT,MAAOzB,EAAKC,GAASwB,EAAMD,MAAM,KACjCD,EAAIG,mBAAmB1B,IAAQ0B,mBAAmBzB,EACnD,KAEIsB,CACT,CAKM,SAAUI,mBAAmBC,GACjC,MAAMC,EAAaD,EAAIE,QAAQ,KAC/B,IAAKD,EACH,MAAO,GAET,MAAME,EAAgBH,EAAIE,QAAQ,IAAKD,GACvC,OAAOD,EAAII,UACTH,EACAE,EAAgB,EAAIA,OAAgBE,EAExC,CCEA,MAAMC,cAeJ,WAAA3D,CAAY4D,EAAuBC,GAd3B9G,KAAS+G,UAAmC,GAC5C/G,KAAYgH,aAAkB,GAE9BhH,KAAaiH,cAAG,EAEhBjH,KAAAkH,KAAOC,QAAQC,UACfpH,KAASqH,WAAG,EASlBrH,KAAK8G,cAAgBA,EAIrB9G,KAAKkH,KACFI,MAAK,KACJT,EAAS7G,KAAK,IAEfuH,OAAMC,IACLxH,KAAKyH,MAAMD,EAAE,GAElB,CAED,IAAAE,CAAK/C,GACH3E,KAAK2H,iBAAiBC,IACpBA,EAASF,KAAK/C,EAAM,GAEvB,CAED,KAAA8C,CAAMA,GACJzH,KAAK2H,iBAAiBC,IACpBA,EAASH,MAAMA,EAAM,IAEvBzH,KAAK6H,MAAMJ,EACZ,CAED,QAAAK,GACE9H,KAAK2H,iBAAiBC,IACpBA,EAASE,UAAU,IAErB9H,KAAK6H,OACN,CAQD,SAAAE,CACEC,EACAP,EACAK,GAEA,IAAIF,EAEJ,QACqBjB,IAAnBqB,QACUrB,IAAVc,QACad,IAAbmB,EAEA,MAAM,IAAIrH,MAAM,qBAahBmH,EAiIN,SAASK,qBACPhC,EACAiC,GAEA,GAAmB,iBAARjC,GAA4B,OAARA,EAC7B,OAAO,EAGT,IAAK,MAAMkC,KAAUD,EACnB,GAAIC,KAAUlC,GAA8B,mBAAhBA,EAAIkC,GAC9B,OAAO,EAIX,OAAO,CACT,CAxJMF,CAAqBD,EAA8C,CACjE,OACA,QACA,aAGSA,EAEA,CACTN,KAAMM,EACNP,QACAK,iBAIkBnB,IAAlBiB,EAASF,OACXE,EAASF,KAAOU,WAEKzB,IAAnBiB,EAASH,QACXG,EAASH,MAAQW,WAEOzB,IAAtBiB,EAASE,WACXF,EAASE,SAAWM,MAGtB,MAAMC,EAAQrI,KAAKsI,eAAeC,KAAKvI,KAAMA,KAAK+G,UAAWjG,QAuB7D,OAlBId,KAAKqH,WAEPrH,KAAKkH,KAAKI,MAAK,KACb,IACMtH,KAAKwI,WACPZ,EAASH,MAAMzH,KAAKwI,YAEpBZ,EAASE,UAEZ,CAAC,MAAON,GAER,CACM,IAIXxH,KAAK+G,UAAWvF,KAAKoG,GAEdS,CACR,CAIO,cAAAC,CAAezH,QACE8F,IAAnB3G,KAAK+G,gBAAiDJ,IAAtB3G,KAAK+G,UAAUlG,YAI5Cb,KAAK+G,UAAUlG,GAEtBb,KAAKiH,eAAiB,EACK,IAAvBjH,KAAKiH,oBAA8CN,IAAvB3G,KAAK8G,eACnC9G,KAAK8G,cAAc9G,MAEtB,CAEO,eAAA2H,CAAgBc,GACtB,IAAIzI,KAAKqH,UAOT,IAAK,IAAIxG,EAAI,EAAGA,EAAIb,KAAK+G,UAAWjG,OAAQD,IAC1Cb,KAAK0I,QAAQ7H,EAAG4H,EAEnB,CAKO,OAAAC,CAAQ7H,EAAW4H,GAGzBzI,KAAKkH,KAAKI,MAAK,KACb,QAAuBX,IAAnB3G,KAAK+G,gBAAiDJ,IAAtB3G,KAAK+G,UAAUlG,GACjD,IACE4H,EAAGzI,KAAK+G,UAAUlG,GACnB,CAAC,MAAO2G,GAIgB,oBAAZmB,SAA2BA,QAAQlB,OAC5CkB,QAAQlB,MAAMD,EAEjB,CACF,GAEJ,CAEO,KAAAK,CAAMe,GACR5I,KAAKqH,YAGTrH,KAAKqH,WAAY,OACLV,IAARiC,IACF5I,KAAKwI,WAAaI,GAIpB5I,KAAKkH,KAAKI,MAAK,KACbtH,KAAK+G,eAAYJ,EACjB3G,KAAK8G,mBAAgBH,CAAS,IAEjC,EAuCH,SAASyB,OAET,CCvRM,SAAUS,mBACd7E,GAEA,OAAIA,GAAYA,EAA+B8E,UACrC9E,EAA+B8E,UAEhC9E,CAEX,qYCDa,MAAA+E,UAiBX,WAAA9F,CACWC,EACA8F,EACAC,GAFAjJ,KAAIkD,KAAJA,EACAlD,KAAegJ,gBAAfA,EACAhJ,KAAIiJ,KAAJA,EAnBXjJ,KAAiBkJ,mBAAG,EAIpBlJ,KAAYmJ,aAAe,GAE3BnJ,KAAAoJ,kBAA2C,OAE3CpJ,KAAiBqJ,kBAAwC,IAYrD,CAEJ,oBAAAC,CAAqBC,GAEnB,OADAvJ,KAAKoJ,kBAAoBG,EAClBvJ,IACR,CAED,oBAAAwJ,CAAqBN,GAEnB,OADAlJ,KAAKkJ,kBAAoBA,EAClBlJ,IACR,CAED,eAAAyJ,CAAgBC,GAEd,OADA1J,KAAKmJ,aAAeO,EACb1J,IACR,CAED,0BAAA2J,CAA2BC,GAEzB,OADA5J,KAAKqJ,kBAAoBO,EAClB5J,IACR,MCfS6J,GAAZ,SAAYA,GACVA,EAAAA,EAAA,MAAA,GAAA,QACAA,EAAAA,EAAA,QAAA,GAAA,UACAA,EAAAA,EAAA,KAAA,GAAA,OACAA,EAAAA,EAAA,KAAA,GAAA,OACAA,EAAAA,EAAA,MAAA,GAAA,QACAA,EAAAA,EAAA,OAAA,GAAA,QACD,CAPD,CAAYA,IAAAA,EAOX,CAAA,IAED,MAAMC,EAA2D,CAC/DC,MAASF,EAASG,MAClBC,QAAWJ,EAASK,QACpBC,KAAQN,EAASO,KACjBC,KAAQR,EAASS,KACjB7C,MAASoC,EAASU,MAClBC,OAAUX,EAASY,QAMfC,EAA4Bb,EAASO,KAmBrCO,EAAgB,CACpB,CAACd,EAASG,OAAQ,MAClB,CAACH,EAASK,SAAU,MACpB,CAACL,EAASO,MAAO,OACjB,CAACP,EAASS,MAAO,OACjB,CAACT,EAASU,OAAQ,SAQdK,kBAAgC,CAACC,EAAUC,KAAYC,KAC3D,GAAID,EAAUD,EAASG,SACrB,OAEF,MAAMC,GAAM,IAAIC,MAAOC,cACjBhD,EAASwC,EAAcG,GAC7B,IAAI3C,EAMF,MAAM,IAAI1H,MACR,8DAA8DqK,MANhEnC,QAAQR,GACN,IAAI8C,OAASJ,EAAS3H,WACnB6H,EAMN,EC1FI,MAAMK,EAAwB,QCDxB,MAAAC,SAUX,WAAApI,CAA6BqI,GAAAtL,KAAWsL,YAAXA,EANZtL,KAAWuL,YAIxB,GAGFvL,KAAKwL,kBAAoBxL,KAAKyL,YAAYlD,KAAKvI,KAChD,CAQD,mBAAO0L,CAAaJ,GAIlB,MAAMK,EAAmB3L,KAAK4L,UAAUC,MAAKC,GAC3CA,EAASC,cAAcT,KAEzB,GAAIK,EACF,OAAOA,EAET,MAAMK,EAAc,IAAIX,SAASC,GAEjC,OADAtL,KAAK4L,UAAUpK,KAAKwK,GACbA,CACR,CAEO,aAAAD,CAAcT,GACpB,OAAOtL,KAAKsL,cAAgBA,CAC7B,CAYO,iBAAMG,CAGZQ,GACA,MAAMC,EAAeD,GACfE,QAAEA,EAAOC,UAAEA,EAASjI,KAAEA,GAAS+H,EAAa/H,KAE5CkI,EACJrM,KAAKuL,YAAYa,GACnB,KAAKC,aAAA,EAAAA,EAAUC,MACb,OAGFJ,EAAaK,MAAM,GAAGC,YAAY,CAChCC,OAAmB,MACnBN,UACAC,cAGF,MAAMM,EAAWnM,MAAMoM,KAAKN,GAAUO,KAAIC,MAAMC,GAC9CA,EAAQZ,EAAaa,OAAQ5I,KAEzB6I,QChEJ,SAAUC,YACdP,GAEA,OAAOvF,QAAQ+F,IACbR,EAASE,KAAIC,MAAMM,IACjB,IAEE,MAAO,CACLC,WAAW,EACXzI,YAHkBwI,EAKrB,CAAC,MAAOE,GACP,MAAO,CACLD,WAAW,EACXC,SAEH,KAGP,CD6C2BJ,CAAYP,GACnCR,EAAaK,MAAM,GAAGC,YAAY,CAChCC,OAAoB,OACpBN,UACAC,YACAY,YAEH,CASD,UAAAM,CACElB,EACAmB,GAE6C,IAAzC7J,OAAOuB,KAAKjF,KAAKuL,aAAazK,QAChCd,KAAKsL,YAAYkC,iBAAiB,UAAWxN,KAAKwL,mBAG/CxL,KAAKuL,YAAYa,KACpBpM,KAAKuL,YAAYa,GAAa,IAAIqB,KAGpCzN,KAAKuL,YAAYa,GAAWsB,IAAIH,EACjC,CASD,YAAAI,CACEvB,EACAmB,GAEIvN,KAAKuL,YAAYa,IAAcmB,GACjCvN,KAAKuL,YAAYa,GAAWwB,OAAOL,GAEhCA,GAAqD,IAArCvN,KAAKuL,YAAYa,GAAWE,aACxCtM,KAAKuL,YAAYa,GAGmB,IAAzC1I,OAAOuB,KAAKjF,KAAKuL,aAAazK,QAChCd,KAAKsL,YAAYuC,oBAAoB,UAAW7N,KAAKwL,kBAExD,EEzIG,SAAUsC,iBAAiBC,EAAS,GAAIC,EAAS,IACrD,IAAIC,EAAS,GACb,IAAK,IAAIpN,EAAI,EAAGA,EAAImN,EAAQnN,IAC1BoN,GAAUC,KAAKC,MAAsB,GAAhBD,KAAKD,UAE5B,OAAOF,EAASE,CAClB,CFS0B5C,SAASO,UAAe,GGOrC,MAAAwC,OAGX,WAAAnL,CAA6BoL,GAAArO,KAAMqO,OAANA,EAFZrO,KAAAqM,SAAW,IAAIoB,GAEsB,CAO9C,oBAAAa,CAAqBxB,GACvBA,EAAQyB,iBACVzB,EAAQyB,eAAeC,MAAMX,oBAC3B,UACAf,EAAQ2B,WAEV3B,EAAQyB,eAAeC,MAAM3G,SAE/B7H,KAAKqM,SAASuB,OAAOd,EACtB,CAeD,WAAM4B,CACJtC,EACAjI,EACAwK,EAA8B,IAE9B,MAAMJ,EACsB,oBAAnBK,eAAiC,IAAIA,eAAmB,KACjE,IAAKL,EACH,MAAM,IAAI9N,MAAK,0BAMjB,IAAIoO,EACA/B,EACJ,OAAO,IAAI3F,SAAqC,CAACC,EAAS0H,KACxD,MAAM3C,EAAU2B,iBAAiB,GAAI,IACrCS,EAAeC,MAAMO,QACrB,MAAMC,EAAWC,YAAW,KAC1BH,EAAO,IAAIrO,MAAK,qBAAkC,GACjDkO,GACH7B,EAAU,CACRyB,iBACA,SAAAE,CAAUxC,GACR,MAAMC,EAAeD,EACrB,GAAIC,EAAa/H,KAAKgI,UAAYA,EAGlC,OAAQD,EAAa/H,KAAKsI,QACxB,IAAA,MAEEyC,aAAaF,GACbH,EAAkBI,YAAW,KAC3BH,EAAO,IAAIrO,MAAK,WAAwB,QAE1C,MACF,IAAA,OAEEyO,aAAaL,GACbzH,EAAQ8E,EAAa/H,KAAK6I,UAC1B,MACF,QACEkC,aAAaF,GACbE,aAAaL,GACbC,EAAO,IAAIrO,MAAK,qBAGrB,GAEHT,KAAKqM,SAASqB,IAAIZ,GAClByB,EAAeC,MAAMhB,iBAAiB,UAAWV,EAAQ2B,WACzDzO,KAAKqO,OAAO7B,YACV,CACEJ,YACAD,UACAhI,QAEF,CAACoK,EAAeY,OACjB,IACAC,SAAQ,KACLtC,GACF9M,KAAKsO,qBAAqBxB,EAC3B,GAEJ,EC/Fa,SAAAuC,UACd,OAAOC,MACT,CC1BgB,SAAAC,YACd,YAC4C,IAAnCF,UAA6B,mBACE,mBAA/BA,UAAyB,aAEpC,CCmBO,MAAMG,EAAU,yBAEjBC,EAAsB,uBACtBC,EAAkB,YAaxB,MAAMC,UACJ,WAAA1M,CAA6B2M,GAAA5P,KAAO4P,QAAPA,CAAuB,CAEpD,SAAAC,GACE,OAAO,IAAI1I,SAAW,CAACC,EAAS0H,KAC9B9O,KAAK4P,QAAQpC,iBAAiB,WAAW,KACvCpG,EAAQpH,KAAK4P,QAAQE,OAAO,IAE9B9P,KAAK4P,QAAQpC,iBAAiB,SAAS,KACrCsB,EAAO9O,KAAK4P,QAAQnI,MAAM,GAC1B,GAEL,EAGH,SAASsI,eAAeC,EAAiBC,GACvC,OAAOD,EACJE,YAAY,CAACT,GAAsBQ,EAAc,YAAc,YAC/DE,YAAYV,EACjB,CAYgB,SAAAW,gBACd,MAAMR,EAAUS,UAAUC,KAAKd,EA/Cd,GAgDjB,OAAO,IAAIrI,SAAQ,CAACC,EAAS0H,KAC3Bc,EAAQpC,iBAAiB,SAAS,KAChCsB,EAAOc,EAAQnI,MAAM,IAGvBmI,EAAQpC,iBAAiB,iBAAiB,KACxC,MAAMwC,EAAKJ,EAAQE,OAEnB,IACEE,EAAGO,kBAAkBd,EAAqB,CAAEe,QAASd,GACtD,CAAC,MAAOlI,GACPsH,EAAOtH,EACR,KAGHoI,EAAQpC,iBAAiB,WAAWX,UAClC,MAAMmD,EAAkBJ,EAAQE,OAM3BE,EAAGS,iBAAiBC,SAASjB,GAMhCrI,EAAQ4I,IAJRA,EAAGnI,cA/BK,SAAA8I,kBACd,MAAMf,EAAUS,UAAUO,eAAepB,GACzC,OAAO,IAAIG,UAAgBC,GAASC,WACtC,CA6Bcc,GACNvJ,QAAcgJ,iBAGf,GACD,GAEN,CAEOvD,eAAegE,WACpBb,EACAtL,EACAC,GAEA,MAAMiL,EAAUG,eAAeC,GAAI,GAAMc,IAAI,CAC3CpB,CAACA,GAAkBhL,EACnBC,UAEF,OAAO,IAAIgL,UAAgBC,GAASC,WACtC,CAWgB,SAAAkB,cAAcf,EAAiBtL,GAC7C,MAAMkL,EAAUG,eAAeC,GAAI,GAAMpC,OAAOlJ,GAChD,OAAO,IAAIiL,UAAgBC,GAASC,WACtC,CAKA,MAAMmB,0BAqBJ,WAAA/N,GAlBAjD,KAAAiJ,KAA6B,QAEpBjJ,KAAqBiR,uBAAG,EAEhBjR,KAASkR,UAA8C,GACvDlR,KAAUmR,WAA4C,GAG/DnR,KAASoR,UAAe,KACxBpR,KAAaqR,cAAG,EAEhBrR,KAAQ8L,SAAoB,KAC5B9L,KAAMsR,OAAkB,KACxBtR,KAA8BuR,gCAAG,EACjCvR,KAAmBwR,oBAAyB,KAMlDxR,KAAKyR,6BACHzR,KAAK0R,mCAAmCpK,MACtC,SACA,QAEL,CAED,aAAMqK,GACJ,OAAI3R,KAAKgQ,KAGThQ,KAAKgQ,SAAWI,iBAFPpQ,KAAKgQ,EAIf,CAED,kBAAM4B,CAAgBC,GACpB,IAAIC,EAAc,EAElB,OACE,IACE,MAAM9B,QAAWhQ,KAAK2R,UACtB,aAAaE,EAAG7B,EACjB,CAAC,MAAOxI,GACP,GAAIsK,IAhD4B,EAiD9B,MAAMtK,EAEJxH,KAAKgQ,KACPhQ,KAAKgQ,GAAGnI,QACR7H,KAAKgQ,QAAKrJ,EAGb,CAEJ,CAMO,sCAAM+K,GACZ,OAAOnC,YAAcvP,KAAK+R,qBAAuB/R,KAAKgS,kBACvD,CAKO,wBAAMD,GACZ/R,KAAK8L,SAAWT,SAASK,aDvLb,SAAAuG,wBACd,OAAO1C,YAAe2C,KAAoC,IAC5D,CCqL0CD,IAEtCjS,KAAK8L,SAASwB,WAAU,cAEtBT,MAAOsF,EAAiBhO,KAEf,CACLiO,oBAFiBpS,KAAKqS,SAEHjN,SAASjB,EAAKO,SAKvC1E,KAAK8L,SAASwB,WAAU,QAEtBT,MAAOsF,EAAiBG,IACf,gBAGZ,CASO,sBAAMN,WAGZ,GADAhS,KAAKwR,0BDpOF3E,eAAe0F,0BACpB,KAAK,OAAAnP,gBAAA,IAAAA,eAAA,EAAAA,UAAWoP,eACd,OAAO,KAET,IAEE,aAD2BpP,UAAUoP,cAAcC,OAC/BC,MACrB,CAAC,MAAAC,GACA,OAAO,IACR,CACH,CC0NqCJ,IAC5BvS,KAAKwR,oBACR,OAEFxR,KAAKsR,OAAS,IAAIlD,OAAOpO,KAAKwR,qBAE9B,MAAMoB,QAAgB5S,KAAKsR,OAAO5C,MAAK,OAErC,CAAA,EAAE,KAGCkE,IAIO,QAAVD,EAAAC,EAAQ,UAAE,IAAAD,OAAA,EAAAA,EAAEvF,aACF,QAAVyF,EAAAD,EAAQ,UAAE,IAAAC,OAAA,EAAAA,EAAElO,MAAMS,SAAQ,iBAE1BpF,KAAKuR,gCAAiC,EAEzC,CAWO,yBAAMuB,CAAoBpO,GAChC,GACG1E,KAAKsR,QACLtR,KAAKwR,qBD1PI,SAAAuB,oCACd,OAA+B,QAAxBJ,EAAS,OAATvP,gBAAS,IAATA,eAAS,EAATA,UAAWoP,qBAAa,IAAAG,OAAA,EAAAA,EAAEK,aAAc,IACjD,CCyPMD,KAAkC/S,KAAKwR,oBAIzC,UACQxR,KAAKsR,OAAO5C,MAEhB,aAAA,CAAEhK,OAEF1E,KAAKuR,+BACF,IACA,GAEN,CAAC,MAAAoB,GAED,CACF,CAED,kBAAMM,GACJ,IACE,IAAK5C,UACH,OAAO,EAET,MAAML,QAAWI,gBAGjB,aAFMS,WAAWb,EAAI5E,EAAuB,WACtC2F,cAAcf,EAAI5E,IACjB,CACR,CAAC,MAAMuH,GAAE,CACV,OAAO,CACR,CAEO,uBAAMO,CAAkBC,GAC9BnT,KAAKqR,gBACL,UACQ8B,GACP,CAAS,QACRnT,KAAKqR,eACN,CACF,CAED,UAAM+B,CAAK1O,EAAaC,GACtB,OAAO3E,KAAKkT,mBAAkBrG,gBACtB7M,KAAK4R,cAAc5B,GAAoBa,WAAWb,EAAItL,EAAKC,KACjE3E,KAAKmR,WAAWzM,GAAOC,EAChB3E,KAAK8S,oBAAoBpO,KAEnC,CAED,UAAM2O,CAAiC3O,GACrC,MAAMuB,QAAajG,KAAK4R,cAAc5B,GAxM1CnD,eAAeyG,UACbtD,EACAtL,GAEA,MAAMkL,EAAUG,eAAeC,GAAI,GAAOuD,IAAI7O,GACxCP,QAAa,IAAIwL,UAAgCC,GAASC,YAChE,YAAgBlJ,IAATxC,EAAqB,KAAOA,EAAKQ,KAC1C,CAkMM2O,CAAUtD,EAAItL,KAGhB,OADA1E,KAAKmR,WAAWzM,GAAOuB,EAChBA,CACR,CAED,aAAMuN,CAAQ9O,GACZ,OAAO1E,KAAKkT,mBAAkBrG,gBACtB7M,KAAK4R,cAAc5B,GAAoBe,cAAcf,EAAItL,YACxD1E,KAAKmR,WAAWzM,GAChB1E,KAAK8S,oBAAoBpO,KAEnC,CAEO,WAAM2N,GAEZ,MAAMvC,QAAe9P,KAAK4R,cAAc5B,IACtC,MAAMyD,EAAgB1D,eAAeC,GAAI,GAAO0D,SAChD,OAAO,IAAI/D,UAA6B8D,GAAe5D,WAAW,IAGpE,IAAKC,EACH,MAAO,GAIT,GAA2B,IAAvB9P,KAAKqR,cACP,MAAO,GAGT,MAAMpM,EAAO,GACP0O,EAAe,IAAIlG,IACzB,GAAsB,IAAlBqC,EAAOhP,OACT,IAAK,MAAQ8S,UAAWlP,EAAGC,MAAEA,KAAWmL,EACtC6D,EAAajG,IAAIhJ,GACbmP,KAAKC,UAAU9T,KAAKmR,WAAWzM,MAAUmP,KAAKC,UAAUnP,KAC1D3E,KAAK+T,gBAAgBrP,EAAKC,GAC1BM,EAAKzD,KAAKkD,IAKhB,IAAK,MAAMsP,KAAYtQ,OAAOuB,KAAKjF,KAAKmR,YAClCnR,KAAKmR,WAAW6C,KAAcL,EAAaM,IAAID,KAEjDhU,KAAK+T,gBAAgBC,EAAU,MAC/B/O,EAAKzD,KAAKwS,IAGd,OAAO/O,CACR,CAEO,eAAA8O,CACNrP,EACAwP,GAEAlU,KAAKmR,WAAWzM,GAAOwP,EACvB,MAAMhD,EAAYlR,KAAKkR,UAAUxM,GACjC,GAAIwM,EACF,IAAK,MAAMiD,KAAY5T,MAAMoM,KAAKuE,GAChCiD,EAASD,EAGd,CAEO,YAAAE,GACNpU,KAAKqU,cAELrU,KAAKoR,UAAYkD,aACfzH,SAAY7M,KAAKqS,SAhQa,IAmQjC,CAEO,WAAAgC,GACFrU,KAAKoR,YACPmD,cAAcvU,KAAKoR,WACnBpR,KAAKoR,UAAY,KAEpB,CAED,YAAAoD,CAAa9P,EAAayP,GACmB,IAAvCzQ,OAAOuB,KAAKjF,KAAKkR,WAAWpQ,QAC9Bd,KAAKoU,eAEFpU,KAAKkR,UAAUxM,KAClB1E,KAAKkR,UAAUxM,GAAO,IAAI+I,IAErBzN,KAAKqT,KAAK3O,IAEjB1E,KAAKkR,UAAUxM,GAAKgJ,IAAIyG,EACzB,CAED,eAAAM,CAAgB/P,EAAayP,GACvBnU,KAAKkR,UAAUxM,KACjB1E,KAAKkR,UAAUxM,GAAKkJ,OAAOuG,GAEM,IAA7BnU,KAAKkR,UAAUxM,GAAK4H,aACftM,KAAKkR,UAAUxM,IAIiB,IAAvChB,OAAOuB,KAAKjF,KAAKkR,WAAWpQ,QAC9Bd,KAAKqU,aAER,EAhSMrD,0BAAI/H,KAAY,QAySZ,MAAAyL,EAAyC1D,0BCpDtD,SAAS2D,gBAIP,MAAO,CACL,wCACE,0LAIN,CASa,MAAAC,EAxRb,SAASC,iBACP,MAAO,CACL,6BACE,uDACF,iBAAgC,GAChC,qBACE,6LAGF,oBACE,qJAGF,uBACE,kKAGF,eACE,+EAEF,oBAAmC,kCACnC,mBAAkC,iCAClC,4BACE,uEACF,wBACE,wDACF,wBACE,6GAEF,wCACE,0LAGF,6BACE,+FAEF,kCACE,wDACF,uBACE,0DACF,yBACE,gKAGF,sBAAkC,+BAClC,0BACE,mFACF,iBAAgC,sCAChC,yBACE,sIAEF,iBACE,uEACF,qBACE,sLAGF,qBAAoC,sCACpC,4BACE,wLAGF,uBACE,uDACF,gCACE,gOAIF,uBACE,wEACF,8BACE,4FACF,gBAA+B,wCAC/B,0BACE,qEACF,kBACE,sEACF,oBACE,kDACF,qBACE,uEACF,0BACE,+KAEF,+BACE,iFACF,yBACE,uGAEF,0BACE,0FAEF,sBACE,+IAEF,sBACE,2GAEF,iBACE,gEACF,2BACE,oFACF,uBACE,gPAIF,sBACE,wCACF,0BACE,4GAEF,iBACE,6KAEF,0BACE,2EACF,oBACE,4CACF,gBACE,4DACF,2BACE,2FACF,8BACE,8HAEF,yBACE,gIAEF,4BACE,6EACF,uBACE,kDACF,uBAAsC,sCACtC,wBACE,oEACF,2BACE,oKAGF,mBAAkC,wCAClC,4BACE,2CACF,+BACE,mEACF,uBACE,wEACF,0BACE,uEACF,cACE,iDACF,8BACE,2EACF,6BACE,yEACF,2CACE,wJAGF,yBACE,kGACF,gBAA+B,sCAC/B,mBACE,6DACF,YACE,0GAEF,wBACE,yJAGF,8CACE,kLAGF,gBACE,4FACF,uBACE,yEACF,0BACE,kEACF,iBACE,4DACF,6BACE,2EACF,6BACE,mDACF,sBACE,6DACF,+BACE,yDACF,uCACE,4EACF,qBACE,sEACFlG,QAAyB,+BACzB,qBACE,yEACF,oBACE,0FAEF,4BACE,2GAEF,2BACE,sHACF,+BACE,2EACF,+BACE,6DACF,mBACE,2CACF,iBACE,wEACF,iBACE,4FAEF,gBACE,0DACF,gBACE,+EACF,kBAAiC,GACjC,gBACE,kDACF,0BACE,+EACF,sBACE,oOAIF,0BACE,sEACF,0BACE,sEACF,2BACE,uEACF,wBACE,oEACF,sBACE,4EACF,4BACE,wEACF,mBAAkC,8BAClC,4BACE,wEACF,6CACE,iIACF,sCACE,+CACF,8BACE,2LAGN,EAkCamG,EAA6BH,cAuD7BI,EAA8B,IAAIjR,aAG7C,OAAQ,WAlFD,CACL,wCACE,4LA6FOkR,EAA6C,CACxDC,qBAAsB,kCACtBC,eAAgB,sBAChBC,mBAAoB,0BACpBC,kBAAmB,yBACnBC,qBAAsB,4BACtBC,aAAc,oBACdC,kBAAmB,yBACnBC,iBAAkB,wBAClBC,0BAA2B,iCAC3BC,oBAAqB,6BACrBC,+BAAgC,6BAChCC,+BAAgC,6CAChCC,2BAA4B,kCAC5BC,gCAAiC,uCACjCC,aAAc,4BACdC,uBAAwB,8BACxBC,iBAAkB,2BAClBC,sBAAuB,+BACvBC,eAAgB,sBAChBC,gBAAiB,uBACjBC,uBAAwB,8BACxBC,eAAgB,sBAChBC,aAAc,0BACdC,mBAAoB,0BACpBC,kBAAmB,yBACnBC,aAAc,iCACdC,qBAAsB,4BACtBC,8BAA+B,qCAC/BC,qBAAsB,4BACtBC,4BAA6B,mCAC7BC,cAAe,qBACfC,wBAAyB,+BACzBC,qBAAsB,0BACtBC,0BAA2B,0BAC3BC,wBAAyB,+BACzBC,oBAAqB,oCACrBC,wBAAyB,+BACzBC,uBAAwB,8BACxBC,iBAAkB,2BAClBC,eAAgB,2BAChBC,iBAAkB,sBAClBC,oBAAqB,gCACrBC,qBAAsB,4BACtBC,oBAAqB,2BACrBC,wBAAyB,+BACzBC,eAAgB,sBAChBC,qBAAsB,+BACtBC,kBAAmB,yBACnBC,mBAAoB,mCACpBC,aAAc,kCACdC,6BAA8B,gCAC9BC,uBAAwB,8BACxBC,oBAAqB,mCACrBC,aAAc,iCACdC,qBAAsB,4BACtBC,qBAAsB,4BACtBC,sBAAuB,6BACvBC,yBAA0B,gCAC1BC,iBAAkB,iCAClBC,oBAAqB,oCACrBC,qBAAsB,4BACtBC,qBAAsB,+BACtBC,iBAAkB,mBAClBC,kBAAmB,gDACnBC,uBAAwB,8BACxBC,UAAW,iBACXC,cAAe,qBACfC,iBAAkB,wBAClBC,sBAAuB,6BACvBC,wBAAyB,mDACzBC,cAAe,qBACfC,qBAAsB,4BACtBC,wBAAyB,+BACzBC,eAAgB,sBAChBC,2BAA4B,kCAC5BC,2BAA4B,kCAC5BC,oBAAqB,2BACrBC,+BAAgC,oCAChCC,6BAA8B,4CAC9BC,mBAAoB,0BACpBC,QAAS,eACTC,cAAe,0BACfC,4BAA6B,yBAC7BC,oBAAqB,iCACrBC,yBAA0B,gCAC1BC,wBAAyB,oCACzBC,6BAA8B,oCAC9BC,iBAAkB,wBAClBC,eAAgB,sBAChBC,aAAc,sBACdC,cAAe,qBACfC,cAAe,qBACfC,gBAAiB,uBACjBC,cAAe,qBACfC,wBAAyB,+BACzBC,oBAAqB,2BACrBC,sBAAuB,6BACvBC,wBAAyB,+BACzBC,wBAAyB,+BACzBC,yBAA0B,gCAC1BC,oBAAqB,2BACrBC,0BAA2B,iCAC3BC,0BAA2B,iCAC3BC,iBAAkB,wBAClBC,4BAA6B,oCCvkBzBC,EAAY,IVuGL,MAAAC,OAOX,WAAA1Y,CAAmBC,GAAAlD,KAAIkD,KAAJA,EAUXlD,KAAS4b,UAAGlR,EAsBZ1K,KAAW6b,YAAejR,kBAc1B5K,KAAe8b,gBAAsB,IAzC5C,CAOD,YAAI9Q,GACF,OAAOhL,KAAK4b,SACb,CAED,YAAI5Q,CAAS+Q,GACX,KAAMA,KAAOlS,GACX,MAAM,IAAImS,UAAU,kBAAkBD,+BAExC/b,KAAK4b,UAAYG,CAClB,CAGD,WAAAE,CAAYF,GACV/b,KAAK4b,UAA2B,iBAARG,EAAmBjS,EAAkBiS,GAAOA,CACrE,CAOD,cAAIG,GACF,OAAOlc,KAAK6b,WACb,CACD,cAAIK,CAAWH,GACb,GAAmB,mBAARA,EACT,MAAM,IAAIC,UAAU,qDAEtBhc,KAAK6b,YAAcE,CACpB,CAMD,kBAAII,GACF,OAAOnc,KAAK8b,eACb,CACD,kBAAIK,CAAeJ,GACjB/b,KAAK8b,gBAAkBC,CACxB,CAMD,KAAAhS,IAASgB,GACP/K,KAAK8b,iBAAmB9b,KAAK8b,gBAAgB9b,KAAM6J,EAASG,SAAUe,GACtE/K,KAAK6b,YAAY7b,KAAM6J,EAASG,SAAUe,EAC3C,CACD,GAAAqR,IAAOrR,GACL/K,KAAK8b,iBACH9b,KAAK8b,gBAAgB9b,KAAM6J,EAASK,WAAYa,GAClD/K,KAAK6b,YAAY7b,KAAM6J,EAASK,WAAYa,EAC7C,CACD,IAAAZ,IAAQY,GACN/K,KAAK8b,iBAAmB9b,KAAK8b,gBAAgB9b,KAAM6J,EAASO,QAASW,GACrE/K,KAAK6b,YAAY7b,KAAM6J,EAASO,QAASW,EAC1C,CACD,IAAAV,IAAQU,GACN/K,KAAK8b,iBAAmB9b,KAAK8b,gBAAgB9b,KAAM6J,EAASS,QAASS,GACrE/K,KAAK6b,YAAY7b,KAAM6J,EAASS,QAASS,EAC1C,CACD,KAAAtD,IAASsD,GACP/K,KAAK8b,iBAAmB9b,KAAK8b,gBAAgB9b,KAAM6J,EAASU,SAAUQ,GACtE/K,KAAK6b,YAAY7b,KAAM6J,EAASU,SAAUQ,EAC3C,GU5L0B,kBAuBb,SAAAsR,UAAUC,KAAgBvR,GACpC2Q,EAAU1Q,UAAYnB,EAASU,OACjCmR,EAAUjU,MAAM,SAAS8U,OAAiBD,OAAUvR,EAExD,CCWgB,SAAAyR,MACdC,KACGC,GAEH,MAAMC,oBAAoBF,KAAeC,EAC3C,CAagB,SAAAE,aACdH,KACGC,GAEH,OAAOC,oBAAoBF,KAAeC,EAC5C,CAEgB,SAAAG,wBACdC,EACAxZ,EACAC,GAEA,MAAMwZ,EACArZ,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,CAAA,EAAAlI,KAAoC,CACxCxR,CAACA,GAAOC,IAOV,OALgB,IAAIO,aAClB,OACA,WACAiZ,GAEahZ,OAAOT,EAAM,CAC1B2Z,QAASH,EAAK5Z,MAElB,CAEM,SAAUga,gDACdJ,GAEA,OAAOD,wBACLC,EAEA,8CAAA,iGAEJ,CAEgB,SAAAK,kBACdL,EACAM,EACAvS,GAGA,KAAMuS,aADsBvS,GAM1B,MAN0BA,EAEF3H,OAASka,EAAOna,YAAYC,MAClDsZ,MAAMM,EAAI,kBAGND,wBACJC,EAEA,iBAAA,WAAWM,EAAOna,YAAYC,4FAIpC,CAEA,SAASyZ,oBACPF,KACGC,GAEH,GAA0B,iBAAfD,EAAyB,CAClC,MAAMnZ,EAAOoZ,EAAK,GACZW,EAAa,IAAIX,EAAKY,MAAM,IAKlC,OAJID,EAAW,KACbA,EAAW,GAAGJ,QAAUR,EAAWvZ,MAG7BuZ,EAA4Bc,cAAcxZ,OAChDT,KACG+Z,EAEN,CAED,OAAOtI,EAA4BhR,OACjC0Y,KACIC,EAER,CAeM,SAAUc,QACdC,EACAhB,KACGC,GAEH,IAAKe,EACH,MAAMd,oBAAoBF,KAAeC,EAE7C,CA4FM,SAAUgB,UAAUC,GAGxB,MAAMpa,EAAU,8BAAgCoa,EAMhD,MALAtB,UAAU9Y,GAKJ,IAAI9C,MAAM8C,EAClB,CASgB,SAAAqa,YACdH,EACAla,GAEKka,GACHC,UAAUna,EAEd,CCvRgB,SAAAsa,uBACd,MAAwB,oBAAT3L,OAAqC,QAAbS,EAAAT,KAAK4L,gBAAQ,IAAAnL,OAAA,EAAAA,EAAEoL,OAAS,EACjE,CAEgB,SAAAC,iBACd,MAA+B,UAAxBC,qBAA2D,WAAxBA,mBAC5C,CAEgB,SAAAA,0BACd,MAAwB,oBAAT/L,OAAqC,QAAbS,EAAAT,KAAK4L,gBAAQ,IAAAnL,OAAA,EAAAA,EAAEuL,WAAa,IACrE,CCJgB,SAAAC,YACd,QACuB,oBAAd/a,WACPA,WACA,WAAYA,WACgB,kBAArBA,UAAUgb,SAMhBJ,2BpBqFWK,qBACd,MAAMC,EACc,iBAAXC,OACHA,OAAOD,QACY,iBAAZE,QACPA,QAAQF,aACR3X,EACN,MAA0B,iBAAZ2X,QAAuC3X,IAAf2X,EAAQG,EAChD,CoB7FyBJ,IAAwB,eAAgBjb,aAEtDA,UAAUgb,MAIrB,CCpBgB,SAAAM,aAAaC,EAAwBC,GACnDhB,YAAYe,EAAOE,SAAU,sCAC7B,MAAMvY,IAAEA,GAAQqY,EAAOE,SAEvB,OAAKD,EAIE,GAAGtY,IAAMsY,EAAKE,WAAW,KAAOF,EAAKtB,MAAM,GAAKsB,IAH9CtY,CAIX,CCVa,MAAAyY,cAKX,iBAAOC,CACLC,EACAC,EACAC,GAEAnf,KAAKif,UAAYA,EACbC,IACFlf,KAAKkf,YAAcA,GAEjBC,IACFnf,KAAKmf,aAAeA,EAEvB,CAED,YAAOC,GACL,OAAIpf,KAAKif,UACAjf,KAAKif,UAEM,oBAAT/M,MAAwB,UAAWA,KACrCA,KAAKkN,MAEY,oBAAfC,YAA8BA,WAAWD,MAC3CC,WAAWD,MAEC,oBAAVA,MACFA,WAET1B,UACE,kHAEH,CAED,cAAO4B,GACL,OAAItf,KAAKkf,YACAlf,KAAKkf,YAEM,oBAAThN,MAAwB,YAAaA,KACvCA,KAAKqN,QAEY,oBAAfF,YAA8BA,WAAWE,QAC3CF,WAAWE,QAEG,oBAAZA,QACFA,aAET7B,UACE,oHAEH,CAED,eAAO1Q,GACL,OAAIhN,KAAKmf,aACAnf,KAAKmf,aAEM,oBAATjN,MAAwB,aAAcA,KACxCA,KAAKsN,SAEY,oBAAfH,YAA8BA,WAAWG,SAC3CH,WAAWG,SAEI,oBAAbA,SACFA,cAET9B,UACE,qHAEH,EC2CI,MAAM+B,EAAyD,CAEpE/J,oBAAoE,wBAEpEgK,qBAAgE,iBAGhEC,mBAA6D,gBAE7DpH,qBAAgE,iBAGhEd,iBAA8D,iBAE9DmI,iBAA8D,mBAG9D1I,0BAAyE,qBAGzEnB,aAAsD,uBACtD8J,wBAA0E,wBAG1E5I,qBAAoE,qBACpE6I,sBAAqE,qBACrEC,iCACyC,4BAGzCC,iBAA4D,iBAG5DC,gBAAyD,iBACzDC,4BAC2C,oBAE3CjK,iBAA8D,sBAC9DsB,iBAA8D,sBAE9D4I,iBAA4D,iBAG5DxK,+BAC8C,wBAC9CyK,iBAA0D,qBAC1DlG,cAAwD,qBACxDmG,eAAyD,qBAGzDlG,4BAC2C,oBAC3CmG,oCACmD,sCAGnD5J,aAAsD,4BACtDqB,qBAAsE,0BACtEwI,wBAAuE,qBACvEzH,qBAAsE,0BACtE0H,gBAAyD,eAKzDrI,6BAC4C,2BAC5CiC,oBAAoE,4BAGpE/C,wBAA4E,0BAG5EpC,qBAAsE,6BAGtEwL,+BACmC,+BACnCC,yBAAwE,8BACxEC,0BAAuE,4BACvEC,+BACmC,+BACnCC,qBAC8C,+BAC9C9G,6BAC4C,uCAG5C+G,iCAA4E,iBAG5E7F,sBAAwE,wBACxEC,wBAA4E,0BAC5EC,wBAA4E,0BAC5EC,yBACwC,2BACxCC,oBAAoE,sBACpEC,0BACyC,4BACzCC,0BACyC,4BACzCC,iBAA8D,oBC/HnDuF,EAAyB,IC7EzB,MAAAC,MAIX,WAAA/d,CACmBge,EACAC,GADAlhB,KAAUihB,WAAVA,EACAjhB,KAASkhB,UAATA,EAGjBtD,YACEsD,EAAYD,EACZ,+CAEFjhB,KAAKmhB,kBzBIOC,kBACd,MACoB,oBAAX9R,WAGJA,OAAgB,SAAKA,OAAiB,UAAKA,OAAiB,WAC/D,oDAAoD+R,KAAKle,QAE7D,CyBZoBie,azB2FJE,gBACd,MACuB,iBAAdle,WAAmD,gBAAzBA,UAAmB,OAExD,CyB/FyCke,EACtC,CAED,GAAA/N,GACE,OAAK4K,YAQEne,KAAKmhB,SAAWnhB,KAAKkhB,UAAYlhB,KAAKihB,WANpC/S,KAAKqT,IAAG,IAAmBvhB,KAAKihB,WAO1C,GDmD6C,IAAQ,KAExC,SAAAO,mBACd1E,EACAlN,GAEA,OAAIkN,EAAK2E,WAAa7R,EAAQ6R,SAC5B/d,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,CAAA,EACKpN,GACH,CAAA6R,SAAU3E,EAAK2E,WAGZ7R,CACT,CAEO/C,eAAe6U,mBACpB5E,EACA3U,EACAyW,EACAhP,EACA+R,EAAuD,IAEvD,OAAOC,+BAA+B9E,EAAM6E,GAAgB9U,UAC1D,IAAIgV,EAAO,CAAA,EACPlc,EAAS,CAAA,EACTiK,IAC2B,QAAzBzH,EACFxC,EAASiK,EAETiS,EAAO,CACLA,KAAMhO,KAAKC,UAAUlE,KAK3B,MAAMkS,EAAQrc,2BACZf,IAAKoY,EAAK6B,OAAOoD,QACdpc,IACF2X,MAAM,GAEHgC,QAAiBxC,EAAsBkF,wBAC7C1C,EAAO,gBAA4B,mBAE/BxC,EAAKmF,eACP3C,EAAqC,qBAAGxC,EAAKmF,cAG/C,MAAMC,iBACJ/Z,SACAmX,WACGuC,GAWL,gBxBhEYM,qBACd,MACuB,oBAAd/e,WACiB,uBAAxBA,UAAUgf,SAEd,CwBuDSD,KACHD,EAAUG,eAAiB,eAGtBtD,cAAcK,OAAdL,CACLuD,gBAAgBxF,EAAMA,EAAK6B,OAAO4D,QAAS3D,EAAMkD,GACjDI,EACD,GAEL,CAEOrV,eAAe+U,+BACpB9E,EACA6E,EACAa,GAEC1F,EAAsB2F,kBAAmB,EAC1C,MAAM1F,EAAgBrZ,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,GAAAyC,GAAqBkC,GAC3C,IACE,MAAMe,EAAiB,IAAIC,eAAyB7F,GAC9C9P,QAA2B7F,QAAQyb,KAAwB,CAC/DJ,IACAE,EAAevV,UAKjBuV,EAAeG,sBAEf,MAAMC,QAAa9V,EAAS8V,OAC5B,GAAI,qBAAsBA,EACxB,MAAMC,iBAAiBjG,EAAuC,2CAAAgG,GAGhE,GAAI9V,EAASgW,MAAQ,iBAAkBF,GACrC,OAAOA,EACF,CACL,MAAMG,EAAejW,EAASgW,GAAKF,EAAKG,aAAeH,EAAKrb,MAAMlE,SAC3D2f,EAAiBC,GAAsBF,EAAa/c,MAAM,OACjE,GAAoE,qCAAhEgd,EACF,MAAMH,iBACJjG,EAEA,4BAAAgG,GAEG,GAAgD,iBAA5CI,EACT,MAAMH,iBAAiBjG,EAAkC,uBAAAgG,GACpD,GAAiD,kBAA7CI,EACT,MAAMH,iBAAiBjG,EAAmC,gBAAAgG,GAE5D,MAAMM,EACJrG,EAASmG,IACRA,EACEG,cACA9e,QAAQ,UAAW,KACxB,GAAI4e,EACF,MAAMtG,wBAAwBC,EAAMsG,EAAWD,GAE/C3G,MAAMM,EAAMsG,EAEf,CACF,CAAC,MAAO5b,GACP,GAAIA,aAAanE,cACf,MAAMmE,EAKRgV,MAAMM,EAA4C,yBAAA,CAAEvZ,QAAWjB,OAAOkF,IACvE,CACH,CAEOqF,eAAeyW,sBACpBxG,EACA3U,EACAyW,EACAhP,EACA+R,EAAuD,IAEvD,MAAM4B,QAAuB7B,mBAC3B5E,EACA3U,EACAyW,EACAhP,EACA+R,GAQF,MANI,yBAA0B4B,GAC5B/G,MAAMM,EAAkC,6BAAA,CACtC0G,gBAAiBD,IAIdA,CACT,CAEM,SAAUjB,gBACdxF,EACA2G,EACA7E,EACAkD,GAEA,MAAM4B,EAAO,GAAGD,IAAO7E,KAAQkD,IAE/B,OAAMhF,EAAsB6B,OAAOE,SAI5BH,aAAa5B,EAAK6B,OAA0B+E,GAH1C,GAAG5G,EAAK6B,OAAOgF,eAAeD,GAIzC,CAEM,SAAUE,uBACdC,GAEA,OAAQA,GACN,IAAK,UACH,MAAgC,UAClC,IAAK,QACH,MAA8B,QAChC,IAAK,MACH,MAA4B,MAC9B,QACE,MAAsD,gCAE5D,CAEA,MAAMlB,eAaJ,mBAAAE,GACE3T,aAAalP,KAAK8jB,MACnB,CAED,WAAA7gB,CAA6B6Z,GAAA9c,KAAI8c,KAAJA,EAbrB9c,KAAK8jB,MAAe,KACnB9jB,KAAOmN,QAAG,IAAIhG,SAAW,CAAC1C,EAAGqK,KACpC9O,KAAK8jB,MAAQ7U,YAAW,IACfH,EACL8N,aAAa5c,KAAK8c,KAA2C,4BAE9DiE,EAAuBxN,MAAM,GAOS,EAQ7B,SAAAwP,iBACdjG,EACAxZ,EACA0J,GAEA,MAAM+W,EAAgC,CACpC9G,QAASH,EAAK5Z,MAGZ8J,EAASgX,QACXD,EAAYC,MAAQhX,EAASgX,OAE3BhX,EAASiX,cACXF,EAAYE,YAAcjX,EAASiX,aAGrC,MAAMxc,EAAQmV,aAAaE,EAAMxZ,EAAMygB,GAIvC,OADCtc,EAAMjE,WAAwC0gB,eAAiBlX,EACzDvF,CACT,CE9QM,SAAU0c,aACdC,GAEA,YACiBzd,IAAfyd,QACkDzd,IAAjDyd,EAAkCC,UAEvC,CASa,MAAAC,gBAWX,WAAArhB,CAAY+J,GACV,GARFhN,KAAOukB,QAAW,GAKlBvkB,KAAyBwkB,0BAAwC,QAGjC7d,IAA1BqG,EAASyX,aACX,MAAM,IAAIhkB,MAAM,0BAGlBT,KAAKukB,QAAUvX,EAASyX,aAAave,MAAM,KAAK,GAChDlG,KAAKwkB,0BAA4BxX,EAASwX,yBAC3C,CAQD,2BAAAE,CAA4BC,GAC1B,IACG3kB,KAAKwkB,2BACoC,IAA1CxkB,KAAKwkB,0BAA0B1jB,OAE/B,OAAO,KAGT,IAAK,MAAM0jB,KAA6BxkB,KAAKwkB,0BAC3C,GACEA,EAA0BI,UAC1BJ,EAA0BI,WAAaD,EAEvC,OAAOf,uBACLY,EAA0BK,kBAIhC,OAAO,IACR,CAQD,iBAAAC,CAAkBH,GAChB,MAE4B,YAD1B3kB,KAAK0kB,4BAA4BC,IAEY,UAA7C3kB,KAAK0kB,4BAA4BC,EAEpC,CAQD,oBAAAI,GACE,OACE/kB,KAAK8kB,kBAAgE,4BACrE9kB,KAAK8kB,kBAAuD,iBAE/D,EC7FIjY,eAAemY,mBACpBlI,EACAlN,GAEA,OAAO8R,mBAIL5E,EAGA,MAAA,sBAAA0E,mBAAmB1E,EAAMlN,GAE7B,CCeO/C,eAAeoY,eACpBnI,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,sBAAAlN,EAEJ,CCjFM,SAAUsV,yBACdC,GAEA,GAAKA,EAGL,IAEE,MAAMC,EAAO,IAAIla,KAAKma,OAAOF,IAE7B,IAAKG,MAAMF,EAAKG,WAEd,OAAOH,EAAKI,aAEf,CAAC,MAAOhe,GAER,CAEH,CCGgB,SAAAie,WAAWC,EAAYC,GAAe,GACpD,OAAO9c,mBAAmB6c,GAAMD,WAAWE,EAC7C,CAcO9Y,eAAe+Y,iBACpBF,EACAC,GAAe,GAEf,MAAME,EAAehd,mBAAmB6c,GAClCvf,QAAc0f,EAAaJ,WAAWE,GACtCG,EAASC,YAAY5f,GAE3BqX,QACEsI,GAAUA,EAAOE,KAAOF,EAAOG,WAAaH,EAAOI,IACnDL,EAAa/I,uBAGf,MAAMqJ,EACuB,iBAApBL,EAAOK,SAAwBL,EAAOK,cAAWxf,EAEpDyf,EAAqCD,aAAQ,EAARA,EAA6B,iBAExE,MAAO,CACLL,SACA3f,QACAkgB,SAAUnB,yBACRoB,4BAA4BR,EAAOG,YAErCM,aAAcrB,yBACZoB,4BAA4BR,EAAOI,MAErCM,eAAgBtB,yBACdoB,4BAA4BR,EAAOE,MAErCI,eAAgBA,GAAkB,KAClCK,oBAAoBN,aAAA,EAAAA,EAAkC,wBAAK,KAE/D,CAEA,SAASG,4BAA4BI,GACnC,OAAyB,IAAlBrB,OAAOqB,EAChB,CAEM,SAAUX,YAAY5f,GAC1B,MAAOwgB,EAAWC,EAASC,GAAa1gB,EAAMD,MAAM,KACpD,QACgBS,IAAdggB,QACYhgB,IAAZigB,QACcjgB,IAAdkgB,EAGA,OADAxK,UAAU,kDACH,KAGT,IACE,MAAMyK,E/BwQkB,SAAUllB,GACpC,IACE,OAAOnC,EAAOyC,aAAaN,GAAK,EACjC,CAAC,MAAO4F,GACPmB,QAAQlB,MAAM,wBAAyBD,EACxC,CACD,OAAO,IACT,C+B/QoBuf,CAAaH,GAC7B,OAAKE,EAIEjT,KAAKmT,MAAMF,IAHhBzK,UAAU,uCACH,KAGV,CAAC,MAAO7U,GAKP,OAJA6U,UACE,2CACC7U,aAAA,EAAAA,EAAayf,YAET,IACR,CACH,CAKM,SAAUC,gBAAgB/gB,GAC9B,MAAMghB,EAAcpB,YAAY5f,GAIhC,OAHAqX,QAAQ2J,EAAW,kBACnB3J,aAAmC,IAApB2J,EAAYnB,sBAC3BxI,aAAmC,IAApB2J,EAAYjB,sBACpBb,OAAO8B,EAAYnB,KAAOX,OAAO8B,EAAYjB,IACtD,CC3GOrZ,eAAeua,qBACpB1B,EACAvY,EACAka,GAAkB,GAElB,GAAIA,EACF,OAAOla,EAET,IACE,aAAaA,CACd,CAAC,MAAO3F,GAOP,MANIA,aAAanE,eAUrB,SAASikB,mBAAkBhkB,KAAEA,IAC3B,MACW,uBAATA,GACS,4BAATA,CAEJ,CAfsCgkB,CAAkB9f,IAC9Cke,EAAK5I,KAAKyK,cAAgB7B,SACtBA,EAAK5I,KAAK0K,UAIdhgB,CACP,CACH,CCba,MAAAigB,iBAUX,WAAAxkB,CAA6ByiB,GAAA1lB,KAAI0lB,KAAJA,EATrB1lB,KAAS0nB,WAAG,EAMZ1nB,KAAO2nB,QAAe,KACtB3nB,KAAA4nB,aAA0C,GAEC,CAEnD,MAAAC,GACM7nB,KAAK0nB,YAIT1nB,KAAK0nB,WAAY,EACjB1nB,KAAK8nB,WACN,CAED,KAAAC,GACO/nB,KAAK0nB,YAIV1nB,KAAK0nB,WAAY,EACI,OAAjB1nB,KAAK2nB,SACPzY,aAAalP,KAAK2nB,SAErB,CAEO,WAAAK,CAAYC,SAClB,GAAIA,EAAU,CACZ,MAAMC,EAAWloB,KAAK4nB,aAKtB,OAJA5nB,KAAK4nB,aAAe1Z,KAAKqT,IACH,EAApBvhB,KAAK4nB,mBAGAM,CACR,CAAM,CAELloB,KAAK4nB,aAAY,IACjB,MACMM,GADsD,QAA5CvV,EAAA3S,KAAK0lB,KAAKyC,gBAAgB3B,sBAAkB,IAAA7T,EAAAA,EAAA,GACjCzH,KAAKD,MAAK,IAErC,OAAOiD,KAAKka,IAAI,EAAGF,EACpB,CACF,CAEO,QAAAJ,CAASG,GAAW,GAC1B,IAAKjoB,KAAK0nB,UAER,OAGF,MAAMQ,EAAWloB,KAAKgoB,YAAYC,GAClCjoB,KAAK2nB,QAAU1Y,YAAWpC,gBAClB7M,KAAKqoB,WAAW,GACrBH,EACJ,CAEO,eAAMG,GACZ,UACQroB,KAAK0lB,KAAKD,YAAW,EAC5B,CAAC,MAAOje,GASP,YALE,iCADCA,aAAA,EAAAA,EAAqBlE,OAGtBtD,KAAK8nB,UAAwB,GAIhC,CACD9nB,KAAK8nB,UACN,ECpFU,MAAAQ,aAIX,WAAArlB,CACUslB,EACAC,GADAxoB,KAASuoB,UAATA,EACAvoB,KAAWwoB,YAAXA,EAERxoB,KAAKyoB,iBACN,CAEO,eAAAA,GACNzoB,KAAK0oB,eAAiBxD,yBAAyBllB,KAAKwoB,aACpDxoB,KAAK2oB,aAAezD,yBAAyBllB,KAAKuoB,UACnD,CAED,KAAAK,CAAMC,GACJ7oB,KAAKuoB,UAAYM,EAASN,UAC1BvoB,KAAKwoB,YAAcK,EAASL,YAC5BxoB,KAAKyoB,iBACN,CAED,MAAAK,GACE,MAAO,CACLP,UAAWvoB,KAAKuoB,UAChBC,YAAaxoB,KAAKwoB,YAErB,EClBI3b,eAAekc,qBAAqBrD,SACzC,MAAM5I,EAAO4I,EAAK5I,KACZkM,QAAgBtD,EAAKD,aACrBzY,QAAiBoa,qBACrB1B,EACAT,eAAenI,EAAM,CAAEkM,aAGzBxL,QAAQxQ,aAAA,EAAAA,EAAUic,MAAMnoB,OAAQgc,EAAI,kBAEpC,MAAMoM,EAAclc,EAASic,MAAM,GAEnCvD,EAAKyD,sBAAsBD,GAE3B,MAAME,GAA8C,QAA5BzW,EAAAuW,EAAYG,wBAAgB,IAAA1W,OAAA,EAAAA,EAAE7R,QAClDwoB,oBAAoBJ,EAAYG,kBAChC,GAEEE,EA8CR,SAASC,kBACPC,EACAC,GAKA,MAAO,IAHSD,EAASE,QACvBC,IAAMF,EAAQG,MAAKC,GAAKA,EAAEC,aAAeH,EAAEG,kBAEtBL,EACzB,CAtDuBF,CAAkB9D,EAAK6D,aAAcH,GAOpDY,EAAiBtE,EAAKuE,YACtBC,IACFxE,EAAK1B,OAASkF,EAAYiB,eAAkBZ,eAAAA,EAAczoB,SACxDmpB,IAAeD,GAAyBE,EAExCE,EAAiC,CACrCC,IAAKnB,EAAYoB,QACjBC,YAAarB,EAAYqB,aAAe,KACxCC,SAAUtB,EAAYuB,UAAY,KAClCzG,MAAOkF,EAAYlF,OAAS,KAC5B0G,cAAexB,EAAYwB,gBAAiB,EAC5CzG,YAAaiF,EAAYjF,aAAe,KACxCxC,SAAUyH,EAAYzH,UAAY,KAClC8H,eACAV,SAAU,IAAIP,aAAaY,EAAYX,UAAWW,EAAYV,aAC9DyB,eAGFvmB,OAAOsZ,OAAO0I,EAAM0E,EACtB,CASOvd,eAAe8d,OAAOjF,GAC3B,MAAMG,EAA6Bhd,mBAAmB6c,SAChDqD,qBAAqBlD,SAKrBA,EAAa/I,KAAK8N,sBAAsB/E,GAC9CA,EAAa/I,KAAK+N,0BAA0BhF,EAC9C,CAYM,SAAUyD,oBAAoBwB,GAClC,OAAOA,EAAUle,KAAK+F,IAAA,IAAAoX,WAAEA,GAAyBpX,EAAViS,EAAQmG,OAAApY,EAAzB,CAAA,eACpB,MAAO,CACLoX,aACAM,IAAKzF,EAASoG,OAAS,GACvBT,YAAa3F,EAAS2F,aAAe,KACrCvG,MAAOY,EAASZ,OAAS,KACzBC,YAAaW,EAASX,aAAe,KACrCuG,SAAU5F,EAAS6F,UAAY,KAChC,GAEL,CC3Ea,MAAAQ,gBAAb,WAAAhoB,GACEjD,KAAYkrB,aAAkB,KAC9BlrB,KAAWmrB,YAAkB,KAC7BnrB,KAAcwmB,eAAkB,IAoIjC,CAlIC,aAAI4E,GACF,OACGprB,KAAKwmB,gBACNtb,KAAKD,MAAQjL,KAAKwmB,eAAqC,GAE1D,CAED,wBAAA6E,CACEre,GAEAwQ,QAAQxQ,EAASgc,0BACjBxL,aAC8B,IAArBxQ,EAASgc,0BAGlBxL,aACmC,IAA1BxQ,EAASke,+BAGlB,MAAMI,EACJ,cAAete,QAA0C,IAAvBA,EAASse,UACvCjG,OAAOrY,EAASse,WAChBpE,gBAAgBla,EAASgc,SAC/BhpB,KAAKurB,0BACHve,EAASgc,QACThc,EAASke,aACTI,EAEH,CAED,iBAAAE,CAAkBxC,GAChBxL,QAA2B,IAAnBwL,EAAQloB,yBAChB,MAAMwqB,EAAYpE,gBAAgB8B,GAClChpB,KAAKurB,0BAA0BvC,EAAS,KAAMsC,EAC/C,CAED,cAAMG,CACJ3O,EACA6I,GAAe,GAEf,OAAKA,IAAgB3lB,KAAKmrB,aAAgBnrB,KAAKorB,WAI/C5N,QAAQxd,KAAKkrB,aAAcpO,wBAEvB9c,KAAKkrB,oBACDlrB,KAAK0rB,QAAQ5O,EAAM9c,KAAKkrB,cACvBlrB,KAAKmrB,aAGP,MAVEnrB,KAAKmrB,WAWf,CAED,iBAAAQ,GACE3rB,KAAKkrB,aAAe,IACrB,CAEO,aAAMQ,CAAQ5O,EAAoB8O,GACxC,MAAMT,YAAEA,EAAWD,aAAEA,EAAYI,UAAEA,SC1ChCze,eAAegf,gBACpB/O,EACAoO,GAEA,MAAMle,QACE4U,+BACJ9E,EACA,CAAE,GACFjQ,UACE,MAAMgV,EAAOpc,YAAY,CACvBqmB,WAAc,gBACdC,cAAiBb,IAChB5N,MAAM,IACH0O,aAAEA,EAAYjK,OAAEA,GAAWjF,EAAK6B,OAChCrY,EAAMgc,gBACVxF,EACAkP,EAAY,YAEZ,OAAOjK,KAGHzC,QAAiBxC,EAAsBkF,wBAG7C,OAFA1C,EAAO,gBAA4B,oCAE5BP,cAAcK,OAAdL,CAAsBzY,EAAK,CAChC6B,OAAuB,OACvBmX,UACAuC,QACA,IAKR,MAAO,CACLsJ,YAAane,EAASif,aACtBX,UAAWte,EAASkf,WACpBhB,aAAcle,EAAS+e,cAE3B,CDI2DF,CACrD/O,EACA8O,GAEF5rB,KAAKurB,0BACHJ,EACAD,EACA7F,OAAOiG,GAEV,CAEO,yBAAAC,CACNJ,EACAD,EACAiB,GAEAnsB,KAAKkrB,aAAeA,GAAgB,KACpClrB,KAAKmrB,YAAcA,GAAe,KAClCnrB,KAAKwmB,eAAiBtb,KAAKD,MAAuB,IAAfkhB,CACpC,CAED,eAAOC,CAASnP,EAAiBG,GAC/B,MAAM8N,aAAEA,EAAYC,YAAEA,EAAW3E,eAAEA,GAAmBpJ,EAEhDiP,EAAU,IAAIpB,gBAuBpB,OAtBIC,IACF1N,QAAgC,iBAAjB0N,EAAyD,iBAAA,CACtEjO,YAEFoP,EAAQnB,aAAeA,GAErBC,IACF3N,QAA+B,iBAAhB2N,EAAwD,iBAAA,CACrElO,YAEFoP,EAAQlB,YAAcA,GAEpB3E,IACFhJ,QAC4B,iBAAnBgJ,EAEP,iBAAA,CACEvJ,YAGJoP,EAAQ7F,eAAiBA,GAEpB6F,CACR,CAED,MAAAvD,GACE,MAAO,CACLoC,aAAclrB,KAAKkrB,aACnBC,YAAanrB,KAAKmrB,YAClB3E,eAAgBxmB,KAAKwmB,eAExB,CAED,OAAA8F,CAAQnE,GACNnoB,KAAKmrB,YAAchD,EAAgBgD,YACnCnrB,KAAKkrB,aAAe/C,EAAgB+C,aACpClrB,KAAKwmB,eAAiB2B,EAAgB3B,cACvC,CAED,MAAA+F,GACE,OAAO7oB,OAAOsZ,OAAO,IAAIiO,gBAAmBjrB,KAAK8oB,SAClD,CAED,eAAA0D,GACE,OAAO9O,UAAU,kBAClB,EE/HH,SAAS+O,wBACPhP,EACAR,GAEAO,QACuB,iBAAdC,QAA+C,IAAdA,EAExC,iBAAA,CAAER,WAEN,CAEa,MAAAyP,SAwBX,WAAAzpB,CAAY0P,OAAA0X,IAAEA,EAAGvN,KAAEA,EAAIqL,gBAAEA,GAAyCxV,EAArBga,EAAjC5B,OAAApY,EAAA,CAAA,MAAA,OAAA,oBAtBH3S,KAAA+pB,WAAiC,WAoBzB/pB,KAAA4sB,iBAAmB,IAAInF,iBAAiBznB,MA6CjDA,KAAc6sB,eAAuB,KACrC7sB,KAAc8sB,eAA+B,KA3CnD9sB,KAAKqqB,IAAMA,EACXrqB,KAAK8c,KAAOA,EACZ9c,KAAKmoB,gBAAkBA,EACvBnoB,KAAKmrB,YAAchD,EAAgBgD,YACnCnrB,KAAKuqB,YAAcoC,EAAIpC,aAAe,KACtCvqB,KAAKgkB,MAAQ2I,EAAI3I,OAAS,KAC1BhkB,KAAK0qB,cAAgBiC,EAAIjC,gBAAiB,EAC1C1qB,KAAKikB,YAAc0I,EAAI1I,aAAe,KACtCjkB,KAAKwqB,SAAWmC,EAAInC,UAAY,KAChCxqB,KAAKiqB,YAAc0C,EAAI1C,cAAe,EACtCjqB,KAAKyhB,SAAWkL,EAAIlL,UAAY,KAChCzhB,KAAKupB,aAAeoD,EAAIpD,aAAe,IAAIoD,EAAIpD,cAAgB,GAC/DvpB,KAAK6oB,SAAW,IAAIP,aAClBqE,EAAIpE,gBAAa5hB,EACjBgmB,EAAInE,kBAAe7hB,EAEtB,CAED,gBAAM8e,CAAWE,GACf,MAAMwF,QAAoB/D,qBACxBpnB,KACAA,KAAKmoB,gBAAgBsD,SAASzrB,KAAK8c,KAAM6I,IAU3C,OARAnI,QAAQ2N,EAAanrB,KAAK8c,uBAEtB9c,KAAKmrB,cAAgBA,IACvBnrB,KAAKmrB,YAAcA,QACbnrB,KAAK8c,KAAK8N,sBAAsB5qB,MACtCA,KAAK8c,KAAK+N,0BAA0B7qB,OAG/BmrB,CACR,CAED,gBAAAvF,CAAiBD,GACf,OAAOC,iBAAiB5lB,KAAM2lB,EAC/B,CAED,MAAAgF,GACE,OAAOA,OAAO3qB,KACf,CAKD,OAAAssB,CAAQ5G,GACF1lB,OAAS0lB,IAGblI,QAAQxd,KAAKqqB,MAAQ3E,EAAK2E,IAAKrqB,KAAK8c,uBACpC9c,KAAKuqB,YAAc7E,EAAK6E,YACxBvqB,KAAKwqB,SAAW9E,EAAK8E,SACrBxqB,KAAKgkB,MAAQ0B,EAAK1B,MAClBhkB,KAAK0qB,cAAgBhF,EAAKgF,cAC1B1qB,KAAKikB,YAAcyB,EAAKzB,YACxBjkB,KAAKiqB,YAAcvE,EAAKuE,YACxBjqB,KAAKyhB,SAAWiE,EAAKjE,SACrBzhB,KAAKupB,aAAe7D,EAAK6D,aAAa3c,KAAImgB,GAAkBrpB,OAAAsZ,OAAA,CAAA,EAAA+P,KAC5D/sB,KAAK6oB,SAASD,MAAMlD,EAAKmD,UACzB7oB,KAAKmoB,gBAAgBmE,QAAQ5G,EAAKyC,iBACnC,CAED,MAAAoE,CAAOzP,GACL,MAAMkQ,EAAU,IAAIN,SACfhpB,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,CAAA,EAAAhd,MAAI,CACP8c,OACAqL,gBAAiBnoB,KAAKmoB,gBAAgBoE,YAGxC,OADAS,EAAQnE,SAASD,MAAM5oB,KAAK6oB,UACrBmE,CACR,CAED,SAAAC,CAAUrjB,GAER4T,SAASxd,KAAK8sB,eAAgB9sB,KAAK8c,KAAI,kBACvC9c,KAAK8sB,eAAiBljB,EAClB5J,KAAK6sB,iBACP7sB,KAAKmpB,sBAAsBnpB,KAAK6sB,gBAChC7sB,KAAK6sB,eAAiB,KAEzB,CAED,qBAAA1D,CAAsB4D,GAChB/sB,KAAK8sB,eACP9sB,KAAK8sB,eAAeC,GAGpB/sB,KAAK6sB,eAAiBE,CAEzB,CAED,sBAAAG,GACEltB,KAAK4sB,iBAAiB/E,QACvB,CAED,qBAAAsF,GACEntB,KAAK4sB,iBAAiB7E,OACvB,CAED,8BAAMqF,CACJpgB,EACA2d,GAAS,GAET,IAAI0C,GAAkB,EAEpBrgB,EAASgc,SACThc,EAASgc,UAAYhpB,KAAKmoB,gBAAgBgD,cAE1CnrB,KAAKmoB,gBAAgBkD,yBAAyBre,GAC9CqgB,GAAkB,GAGhB1C,SACI5B,qBAAqB/oB,YAGvBA,KAAK8c,KAAK8N,sBAAsB5qB,MAClCqtB,GACFrtB,KAAK8c,KAAK+N,0BAA0B7qB,KAEvC,CAED,YAAM,GACJ,GAAIstB,EAAqBttB,KAAK8c,KAAKyQ,KACjC,OAAOpmB,QAAQ2H,OACboO,gDAAgDld,KAAK8c,OAGzD,MAAMkM,QAAgBhpB,KAAKylB,aAO3B,aANM2B,qBAAqBpnB,KT3LxB6M,eAAe2gB,cACpB1Q,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,sBAAAlN,EAEJ,CSiLqC4d,CAAcxtB,KAAK8c,KAAM,CAAEkM,aAC5DhpB,KAAKmoB,gBAAgBwD,oBAKd3rB,KAAK8c,KAAK0K,SAClB,CAED,MAAAsB,GACE,OAAAplB,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,CACEqN,IAAKrqB,KAAKqqB,IACVrG,MAAOhkB,KAAKgkB,YAASrd,EACrB+jB,cAAe1qB,KAAK0qB,cACpBH,YAAavqB,KAAKuqB,kBAAe5jB,EACjCsjB,YAAajqB,KAAKiqB,YAClBO,SAAUxqB,KAAKwqB,eAAY7jB,EAC3Bsd,YAAajkB,KAAKikB,kBAAetd,EACjC8a,SAAUzhB,KAAKyhB,eAAY9a,EAC3B4iB,aAAcvpB,KAAKupB,aAAa3c,KAAImgB,oBAAkBA,KACtD5E,gBAAiBnoB,KAAKmoB,gBAAgBW,SAGtC2E,iBAAkBztB,KAAKytB,kBACpBztB,KAAK6oB,SAASC,UAAQ,CAGzB/G,OAAQ/hB,KAAK8c,KAAK6B,OAAOoD,OACzB9E,QAASjd,KAAK8c,KAAK5Z,MAItB,CAED,gBAAIgoB,GACF,OAAOlrB,KAAKmoB,gBAAgB+C,cAAgB,EAC7C,CAED,gBAAOwC,CAAU5Q,EAAoBM,uBACnC,MAAMmN,EAAgC,QAAlB5X,EAAAyK,EAAOmN,mBAAW,IAAA5X,EAAAA,OAAIhM,EACpCqd,EAAoB,QAAZnR,EAAAuK,EAAO4G,aAAK,IAAAnR,EAAAA,OAAIlM,EACxBsd,EAAgC,QAAlB0J,EAAAvQ,EAAO6G,mBAAW,IAAA0J,EAAAA,OAAIhnB,EACpC6jB,EAA0B,QAAfoD,EAAAxQ,EAAOoN,gBAAQ,IAAAoD,EAAAA,OAAIjnB,EAC9B8a,EAA0B,QAAfoM,EAAAzQ,EAAOqE,gBAAQ,IAAAoM,EAAAA,OAAIlnB,EAC9B8mB,EAA0C,QAAvBK,EAAA1Q,EAAOqQ,wBAAgB,IAAAK,EAAAA,OAAInnB,EAC9C4hB,EAA4B,QAAhBwF,EAAA3Q,EAAOmL,iBAAS,IAAAwF,EAAAA,OAAIpnB,EAChC6hB,EAAgC,QAAlBwF,EAAA5Q,EAAOoL,mBAAW,IAAAwF,EAAAA,OAAIrnB,GACpC0jB,IACJA,EAAGK,cACHA,EAAaT,YACbA,EAAWV,aACXA,EACApB,gBAAiB8F,GACf7Q,EAEJI,QAAQ6M,GAAO4D,EAAyBnR,oBAExC,MAAMqL,EAAkB8C,gBAAgBmB,SACtCpsB,KAAKkD,KACL+qB,GAGFzQ,QAAuB,iBAAR6M,EAAkBvN,oBACjC2P,wBAAwBlC,EAAazN,EAAK5Z,MAC1CupB,wBAAwBzI,EAAOlH,EAAK5Z,MACpCsa,QAC2B,kBAAlBkN,EACP5N,oBAGFU,QACyB,kBAAhByM,EACPnN,oBAGF2P,wBAAwBxI,EAAanH,EAAK5Z,MAC1CupB,wBAAwBjC,EAAU1N,EAAK5Z,MACvCupB,wBAAwBhL,EAAU3E,EAAK5Z,MACvCupB,wBAAwBgB,EAAkB3Q,EAAK5Z,MAC/CupB,wBAAwBlE,EAAWzL,EAAK5Z,MACxCupB,wBAAwBjE,EAAa1L,EAAK5Z,MAC1C,MAAMwiB,EAAO,IAAIgH,SAAS,CACxBrC,MACAvN,OACAkH,QACA0G,gBACAH,cACAN,cACAO,WACAvG,cACAxC,WACA0G,kBACAI,YACAC,gBAWF,OARIe,GAAgBhpB,MAAMC,QAAQ+oB,KAChC7D,EAAK6D,aAAeA,EAAa3c,KAAImgB,GAAYrpB,OAAAsZ,OAAA,CAAA,EAAM+P,MAGrDU,IACF/H,EAAK+H,iBAAmBA,GAGnB/H,CACR,CAOD,iCAAawI,CACXpR,EACAqR,EACAlE,GAAuB,GAEvB,MAAM9B,EAAkB,IAAI8C,gBAC5B9C,EAAgBkD,yBAAyB8C,GAGzC,MAAMzI,EAAO,IAAIgH,SAAS,CACxBrC,IAAK8D,EAAgB7D,QACrBxN,OACAqL,kBACA8B,gBAKF,aADMlB,qBAAqBrD,GACpBA,CACR,CAOD,wCAAa0I,CACXtR,EACA9P,EACAgc,GAEA,MAAME,EAAclc,EAASic,MAAM,GACnCzL,aAAgC7W,IAAxBuiB,EAAYoB,0BAEpB,MAAMf,OAC6B5iB,IAAjCuiB,EAAYG,iBACRC,oBAAoBJ,EAAYG,kBAChC,GAEAY,IACFf,EAAYlF,OAASkF,EAAYiB,eAAkBZ,eAAAA,EAAczoB,SAE/DqnB,EAAkB,IAAI8C,gBAC5B9C,EAAgBqD,kBAAkBxC,GAGlC,MAAMtD,EAAO,IAAIgH,SAAS,CACxBrC,IAAKnB,EAAYoB,QACjBxN,OACAqL,kBACA8B,gBAIIG,EAAiC,CACrCC,IAAKnB,EAAYoB,QACjBC,YAAarB,EAAYqB,aAAe,KACxCC,SAAUtB,EAAYuB,UAAY,KAClCzG,MAAOkF,EAAYlF,OAAS,KAC5B0G,cAAexB,EAAYwB,gBAAiB,EAC5CzG,YAAaiF,EAAYjF,aAAe,KACxCxC,SAAUyH,EAAYzH,UAAY,KAClC8H,eACAV,SAAU,IAAIP,aACZY,EAAYX,UACZW,EAAYV,aAEdyB,cACIf,EAAYlF,OAASkF,EAAYiB,eAClCZ,aAAA,EAAAA,EAAczoB,UAInB,OADA4C,OAAOsZ,OAAO0I,EAAM0E,GACb1E,CACR,EChXH,MAAM2I,EAAuC,IAAIC,IAE3C,SAAU5iB,aAAgB6iB,GAC9B3Q,YAAY2Q,aAAeC,SAAU,+BACrC,IAAI3jB,EAAWwjB,EAAc9a,IAAIgb,GAEjC,OAAI1jB,GACF+S,YACE/S,aAAoB0jB,EACpB,kDAEK1jB,IAGTA,EAAW,IAAK0jB,EAChBF,EAAcI,IAAIF,EAAK1jB,GAChBA,EACT,CCrBa,MAAA6jB,oBAAb,WAAAzrB,GAEWjD,KAAAiJ,KAA4B,OACrCjJ,KAAO2uB,QAAqC,EA4B7C,CA1BC,kBAAM1b,GACJ,OAAO,CACR,CAED,UAAMG,CAAK1O,EAAaC,GACtB3E,KAAK2uB,QAAQjqB,GAAOC,CACrB,CAED,UAAM0O,CAAiC3O,GACrC,MAAMC,EAAQ3E,KAAK2uB,QAAQjqB,GAC3B,YAAiBiC,IAAVhC,EAAsB,KAAQA,CACtC,CAED,aAAM6O,CAAQ9O,UACL1E,KAAK2uB,QAAQjqB,EACrB,CAED,YAAA8P,CAAaoa,EAAcC,GAG1B,CAED,eAAApa,CAAgBma,EAAcC,GAG7B,EA7BMH,oBAAIzlB,KAAW,OAqCX,MAAA6lB,EAAmCJ,oBC9BhC,SAAAK,oBACdrqB,EACAqd,EACA9E,GAEA,MAAO,YAA4BvY,KAAOqd,KAAU9E,GACtD,CAEa,MAAA+R,uBAKX,WAAA/rB,CACSgsB,EACUnS,EACAoS,GAFVlvB,KAAWivB,YAAXA,EACUjvB,KAAI8c,KAAJA,EACA9c,KAAOkvB,QAAPA,EAEjB,MAAMvQ,OAAEA,EAAMzb,KAAEA,GAASlD,KAAK8c,KAC9B9c,KAAKmvB,YAAcJ,oBAAoB/uB,KAAKkvB,QAASvQ,EAAOoD,OAAQ7e,GACpElD,KAAKovB,mBAAqBL,oBAAmB,cAE3CpQ,EAAOoD,OACP7e,GAEFlD,KAAKwL,kBAAoBsR,EAAKuS,gBAAgB9mB,KAAKuU,GACnD9c,KAAKivB,YAAYza,aAAaxU,KAAKmvB,YAAanvB,KAAKwL,kBACtD,CAED,cAAA8jB,CAAe5J,GACb,OAAO1lB,KAAKivB,YAAY7b,KAAKpT,KAAKmvB,YAAazJ,EAAKoD,SACrD,CAED,oBAAMyG,GACJ,MAAMC,QAAaxvB,KAAKivB,YAAY5b,KAAoBrT,KAAKmvB,aAC7D,OAAOK,EAAO9C,SAASgB,UAAU1tB,KAAK8c,KAAM0S,GAAQ,IACrD,CAED,iBAAAC,GACE,OAAOzvB,KAAKivB,YAAYzb,QAAQxT,KAAKmvB,YACtC,CAED,0BAAAO,GACE,OAAO1vB,KAAKivB,YAAY7b,KACtBpT,KAAKovB,mBACLpvB,KAAKivB,YAAYhmB,KAEpB,CAED,oBAAM0mB,CAAeC,GACnB,GAAI5vB,KAAKivB,cAAgBW,EACvB,OAGF,MAAMrI,QAAoBvnB,KAAKuvB,iBAK/B,aAJMvvB,KAAKyvB,oBAEXzvB,KAAKivB,YAAcW,EAEfrI,EACKvnB,KAAKsvB,eAAe/H,QAD7B,CAGD,CAED,SACEvnB,KAAKivB,YAAYxa,gBAAgBzU,KAAKmvB,YAAanvB,KAAKwL,kBACzD,CAED,mBAAazH,CACX+Y,EACA+S,EACAX,EAA2B,YAE3B,IAAKW,EAAqB/uB,OACxB,OAAO,IAAIkuB,uBACTtjB,aAAaojB,GACbhS,EACAoS,GAKJ,MAAMY,SACE3oB,QAAQ+F,IACZ2iB,EAAqBjjB,KAAIC,MAAMoiB,IAC7B,SAAUA,EAAYhc,eACpB,OAAOgc,CAEO,MAGpBtF,QAAOsF,GAAeA,IAGxB,IAAIc,EACFD,EAAsB,IACtBpkB,aAAkCojB,GAEpC,MAAMpqB,EAAMqqB,oBAAoBG,EAASpS,EAAK6B,OAAOoD,OAAQjF,EAAK5Z,MAIlE,IAAI8sB,EAAqC,KAIzC,IAAK,MAAMf,KAAeY,EACxB,IACE,MAAML,QAAaP,EAAY5b,KAAoB3O,GACnD,GAAI8qB,EAAM,CACR,MAAM9J,EAAOgH,SAASgB,UAAU5Q,EAAM0S,GAClCP,IAAgBc,IAClBC,EAAgBtK,GAElBqK,EAAsBd,EACtB,KACD,CACF,CAAC,MAAMtc,GAAE,CAKZ,MAAMsd,EAAqBH,EAAsBnG,QAC/C7nB,GAAKA,EAAEmP,wBAIT,OACG8e,EAAoB9e,uBACpBgf,EAAmBnvB,QAKtBivB,EAAsBE,EAAmB,GACrCD,SAGID,EAAoB3c,KAAK1O,EAAKsrB,EAAclH,gBAK9C3hB,QAAQ+F,IACZ2iB,EAAqBjjB,KAAIC,MAAMoiB,IAC7B,GAAIA,IAAgBc,EAClB,UACQd,EAAYzb,QAAQ9O,EAC3B,CAAC,MAAMiO,GAAE,CACX,KAGE,IAAIqc,uBAAuBe,EAAqBjT,EAAMoS,IArBpD,IAAIF,uBAAuBe,EAAqBjT,EAAMoS,EAsBhE,EC3IG,SAAUgB,gBAAgB9N,GAC9B,MAAM+N,EAAK/N,EAAUiB,cACrB,GAAI8M,EAAG/qB,SAAS,WAAa+qB,EAAG/qB,SAAS,SAAW+qB,EAAG/qB,SAAS,UAC9D,MAAyB,QACpB,GAAIgrB,YAAYD,GAErB,MAA4B,WACvB,GAAIA,EAAG/qB,SAAS,SAAW+qB,EAAG/qB,SAAS,YAC5C,MAAsB,KACjB,GAAI+qB,EAAG/qB,SAAS,SACrB,MAAwB,OACnB,GA+BO,SAAAirB,WAAWF,EAAKhtB,SAC9B,MAAO,aAAake,KAAK8O,EAC3B,CAjCaE,CAAWF,GACpB,MAA2B,UACtB,GAAIA,EAAG/qB,SAAS,SACrB,MAAwB,OACnB,GAAIkrB,cAAcH,GAEvB,MAA8B,aACzB,GAAII,SAASJ,GAElB,MAAyB,QACpB,GAyBO,SAAAK,UAAUpO,EAAYjf,SACpC,MAAMgtB,EAAK/N,EAAUiB,cACrB,OACE8M,EAAG/qB,SAAS,aACX+qB,EAAG/qB,SAAS,aACZ+qB,EAAG/qB,SAAS,YACZ+qB,EAAG/qB,SAAS,UAEjB,CAjCaorB,CAAUL,GACnB,MAA0B,SACrB,IACJA,EAAG/qB,SAAS,YAgCD,SAAAqrB,aAAaN,EAAKhtB,SAChC,MAAO,WAAWke,KAAK8O,EACzB,CAlC+BM,CAAaN,MACvCA,EAAG/qB,SAAS,SAEb,MAA0B,SACrB,GAAIsrB,WAAWP,GAEpB,MAA2B,UACtB,CAEL,MAAMQ,EAAK,kCACLC,EAAUxO,EAAUyO,MAAMF,GAChC,GAAwB,KAApBC,aAAO,EAAPA,EAAS9vB,QACX,OAAO8vB,EAAQ,EAElB,CACD,MAAyB,OAC3B,CAoBgB,SAAAR,YAAYD,EAAKhtB,SAC/B,MAAO,YAAYke,KAAK8O,EAC1B,CAEgB,SAAAO,WAAWP,EAAKhtB,SAC9B,MAAO,WAAWke,KAAK8O,EACzB,CAEgB,SAAAG,cAAcH,EAAKhtB,SACjC,MAAO,cAAcke,KAAK8O,EAC5B,CAEgB,SAAAI,SAASJ,EAAKhtB,SAC5B,MAAO,SAASke,KAAK8O,EACvB,CAEgB,SAAAW,OAAOX,EAAKhtB,SAC1B,MACE,oBAAoBke,KAAK8O,IACxB,aAAa9O,KAAK8O,IAAO,UAAU9O,KAAK8O,EAE7C,CAagB,SAAAY,UACd,gBzCGcC,OACd,MAAMb,EAAKhtB,QACX,OAAOgtB,EAAG3pB,QAAQ,UAAY,GAAK2pB,EAAG3pB,QAAQ,aAAe,CAC/D,CyCNSwqB,IAAkD,KAAvCC,SAAsBC,YAC1C,CCxGgB,SAAAC,kBACdC,EACAC,EAAgC,IAEhC,IAAIC,EACJ,OAAQF,GACN,IAAA,UAEEE,EAAmBpB,gBAAgB/sB,SACnC,MACF,IAAA,SAIEmuB,EAAmB,GAAGpB,gBAAgB/sB,YAAYiuB,IAClD,MACF,QACEE,EAAmBF,EAEvB,MAAMG,EAAqBF,EAAWvwB,OAClCuwB,EAAW5vB,KAAK,KAChB,mBACJ,MAAO,GAAG6vB,YAAiD/U,KAAegV,GAC5E,CCrCa,MAAAC,oBAGX,WAAAvuB,CAA6B6Z,GAAA9c,KAAI8c,KAAJA,EAFZ9c,KAAKyxB,MAAsB,EAEO,CAEnD,YAAAC,CACE9nB,EACA+nB,GAIA,MAAMC,gBACJlM,GAEA,IAAIve,SAAQ,CAACC,EAAS0H,KACpB,IAIE1H,EAHewC,EAAS8b,GAIzB,CAAC,MAAOle,GAEPsH,EAAOtH,EACR,KAGLoqB,gBAAgBD,QAAUA,EAC1B3xB,KAAKyxB,MAAMjwB,KAAKowB,iBAEhB,MAAMC,EAAQ7xB,KAAKyxB,MAAM3wB,OAAS,EAClC,MAAO,KAGLd,KAAKyxB,MAAMI,GAAS,IAAM1qB,QAAQC,SAAS,CAE9C,CAED,mBAAM0qB,CAAcC,GAClB,GAAI/xB,KAAK8c,KAAKyK,cAAgBwK,EAC5B,OAMF,MAAMC,EAAkC,GACxC,IACE,IAAK,MAAMC,KAAuBjyB,KAAKyxB,YAC/BQ,EAAoBF,GAGtBE,EAAoBN,SACtBK,EAAaxwB,KAAKywB,EAAoBN,QAG3C,CAAC,MAAOnqB,GAGPwqB,EAAaE,UACb,IAAK,MAAMP,KAAWK,EACpB,IACEL,GACD,CAAC,MAAOltB,GAER,CAGH,MAAMzE,KAAK8c,KAAKS,cAAcxZ,OAAoC,gBAAA,CAChEouB,gBAAkB3qB,aAAA,EAAAA,EAAajE,SAElC,CACF,EChEU,MAAA6uB,mBAOX,WAAAnvB,CAAY+J,eAEV,MAAMqlB,EAAkBrlB,EAASslB,sBACjCtyB,KAAKsyB,sBAAwB,GAE7BtyB,KAAKsyB,sBAAsBC,kBACQ,QAAjC5f,EAAA0f,EAAgBE,yBAAiB,IAAA5f,EAAAA,EApBH,EAqB5B0f,EAAgBG,oBAClBxyB,KAAKsyB,sBAAsBE,kBACzBH,EAAgBG,wBAE+B7rB,IAA/C0rB,EAAgBI,6BAClBzyB,KAAKsyB,sBAAsBI,wBACzBL,EAAgBI,iCAE+B9rB,IAA/C0rB,EAAgBM,6BAClB3yB,KAAKsyB,sBAAsBM,wBACzBP,EAAgBM,iCAE6BhsB,IAA7C0rB,EAAgBQ,2BAClB7yB,KAAKsyB,sBAAsBO,yBACzBR,EAAgBQ,+BAEqClsB,IAArD0rB,EAAgBS,mCAClB9yB,KAAKsyB,sBAAsBQ,iCACzBT,EAAgBS,kCAGpB9yB,KAAK6kB,iBAAmB7X,EAAS6X,iBACH,kCAA1B7kB,KAAK6kB,mBACP7kB,KAAK6kB,iBAAmB,OAI1B7kB,KAAK+yB,iCACoD,QAAvDpF,EAAyC,QAAzC9a,EAAA7F,EAAS+lB,wCAAgC,IAAAlgB,OAAA,EAAAA,EAAEpR,KAAK,WAAO,IAAAksB,EAAAA,EAAA,GAEzD3tB,KAAKgzB,qBAAwD,QAAjCpF,EAAA5gB,EAASgmB,4BAAwB,IAAApF,GAAAA,EAC7D5tB,KAAKizB,cAAgBjmB,EAASimB,aAC/B,CAED,gBAAAC,CAAiBC,mBACf,MAAM1mB,EAA2C,CAC/C2mB,SAAS,EACTC,eAAgBrzB,MAelB,OAXAA,KAAKszB,8BAA8BH,EAAU1mB,GAC7CzM,KAAKuzB,iCAAiCJ,EAAU1mB,GAGhDA,EAAO2mB,UAAP3mB,EAAO2mB,QAAyC,QAA7BzgB,EAAAlG,EAAO+mB,8BAAsB,IAAA7gB,GAAAA,GAChDlG,EAAO2mB,UAAP3mB,EAAO2mB,QAAyC,QAA7BvgB,EAAApG,EAAOgnB,8BAAsB,IAAA5gB,GAAAA,GAChDpG,EAAO2mB,UAAP3mB,EAAO2mB,QAA0C,QAA9BzF,EAAAlhB,EAAOimB,+BAAuB,IAAA/E,GAAAA,GACjDlhB,EAAO2mB,UAAP3mB,EAAO2mB,QAA0C,QAA9BxF,EAAAnhB,EAAOmmB,+BAAuB,IAAAhF,GAAAA,GACjDnhB,EAAO2mB,UAAP3mB,EAAO2mB,QAA2C,QAA/BvF,EAAAphB,EAAOomB,gCAAwB,IAAAhF,GAAAA,GAClDphB,EAAO2mB,UAAP3mB,EAAO2mB,QAAmD,QAAvCtF,EAAArhB,EAAOqmB,wCAAgC,IAAAhF,GAAAA,GAEnDrhB,CACR,CAQO,6BAAA6mB,CACNH,EACA1mB,GAEA,MAAM8lB,EAAoBvyB,KAAKsyB,sBAAsBC,kBAC/CC,EAAoBxyB,KAAKsyB,sBAAsBE,kBACjDD,IACF9lB,EAAO+mB,uBAAyBL,EAASryB,QAAUyxB,GAEjDC,IACF/lB,EAAOgnB,uBAAyBN,EAASryB,QAAU0xB,EAEtD,CAQO,gCAAAe,CACNJ,EACA1mB,GAWA,IAAIinB,EARJ1zB,KAAK2zB,uCACHlnB,GACkC,GACA,GACF,GACQ,GAI1C,IAAK,IAAI5L,EAAI,EAAGA,EAAIsyB,EAASryB,OAAQD,IACnC6yB,EAAeP,EAASrwB,OAAOjC,GAC/Bb,KAAK2zB,uCACHlnB,EACkCinB,GAAgB,KAChDA,GAAgB,IACgBA,GAAgB,KAChDA,GAAgB,IACcA,GAAgB,KAC9CA,GAAgB,IACsB1zB,KAAK+yB,iCAAiC3tB,SAC5EsuB,GAIP,CAaO,sCAAAC,CACNlnB,EACAgmB,EACAE,EACAE,EACAC,GAEI9yB,KAAKsyB,sBAAsBI,0BAC7BjmB,EAAOimB,0BAAPjmB,EAAOimB,wBAA4BD,IAEjCzyB,KAAKsyB,sBAAsBM,0BAC7BnmB,EAAOmmB,0BAAPnmB,EAAOmmB,wBAA4BD,IAEjC3yB,KAAKsyB,sBAAsBO,2BAC7BpmB,EAAOomB,2BAAPpmB,EAAOomB,yBAA6BA,IAElC7yB,KAAKsyB,sBAAsBQ,mCAC7BrmB,EAAOqmB,mCAAPrmB,EAAOqmB,iCACLA,GAEL,EC9FU,MAAAc,SAqCX,WAAA3wB,CACkBsqB,EACCsG,EACAC,EACDnV,GAHA3e,KAAGutB,IAAHA,EACCvtB,KAAwB6zB,yBAAxBA,EACA7zB,KAAuB8zB,wBAAvBA,EACD9zB,KAAM2e,OAANA,EAxClB3e,KAAWunB,YAAgB,KAC3BvnB,KAAc+zB,eAA0B,KAChC/zB,KAAAg0B,WAAa7sB,QAAQC,UAGrBpH,KAAAi0B,sBAAwB,IAAIC,aAAmBl0B,MAC/CA,KAAAm0B,oBAAsB,IAAID,aAAmBl0B,MACpCA,KAAAo0B,iBAAmB,IAAI5C,oBAAoBxxB,MACpDA,KAAYq0B,aAAwB,KACpCr0B,KAAyBs0B,2BAAG,EACnBt0B,KAAuCu0B,wCAAW,EAInEv0B,KAAgByiB,kBAAG,EACnBziB,KAAcw0B,gBAAG,EACjBx0B,KAAQy0B,UAAG,EACXz0B,KAAsB00B,uBAAyB,KAC/C10B,KAAsB20B,uBAAyC,KAC/D30B,KAAaud,cACXxI,EACF/U,KAAqB40B,sBAA2B,KAChD50B,KAAuB60B,wBAAoC,GAC3D70B,KAAsB80B,uBAAkC,KACxD90B,KAAuB+0B,wBAA2C,GAM1D/0B,KAAeg1B,qBAA8BruB,EAErD3G,KAAYiiB,aAAkB,KAC9BjiB,KAAQyhB,SAAkB,KAC1BzhB,KAAAi1B,SAAyB,CAAEC,mCAAmC,GA2pBtDl1B,KAAUqxB,WAAa,GAnpB7BrxB,KAAKkD,KAAOqqB,EAAIrqB,KAChBlD,KAAKm1B,cAAgBxW,EAAOyW,gBAC7B,CAED,0BAAAC,CACExF,EACAyF,GA4CA,OA1CIA,IACFt1B,KAAK20B,uBAAyBjpB,aAAa4pB,IAK7Ct1B,KAAK00B,uBAAyB10B,KAAKyxB,OAAM5kB,kBACvC,IAAI7M,KAAKy0B,WAITz0B,KAAKu1B,yBAA2BvG,uBAAuBjrB,OACrD/D,KACA6vB,IAGE7vB,KAAKy0B,UAAT,CAMA,GAAiC,QAA7B9hB,EAAA3S,KAAK20B,8BAAwB,IAAAhiB,OAAA,EAAAA,EAAA6iB,uBAE/B,UACQx1B,KAAK20B,uBAAuBc,YAAYz1B,KAC/C,CAAC,MAAOwH,GAER,OAGGxH,KAAK01B,sBAAsBJ,GAEjCt1B,KAAKg1B,iBAAoC,QAAlBniB,EAAA7S,KAAKunB,mBAAa,IAAA1U,OAAA,EAAAA,EAAAwX,MAAO,KAE5CrqB,KAAKy0B,WAITz0B,KAAKw0B,gBAAiB,EArBrB,CAqByB,IAGrBx0B,KAAK00B,sBACb,CAKD,qBAAMrF,GACJ,GAAIrvB,KAAKy0B,SACP,OAGF,MAAM/O,QAAa1lB,KAAK21B,oBAAoBpG,iBAE5C,OAAKvvB,KAAKunB,aAAgB7B,EAMtB1lB,KAAKunB,aAAe7B,GAAQ1lB,KAAKunB,YAAY8C,MAAQ3E,EAAK2E,KAE5DrqB,KAAK41B,aAAatJ,QAAQ5G,cAGpB1lB,KAAKunB,YAAY9B,yBAMnBzlB,KAAK61B,mBAAmBnQ,GAAqC,QAjBnE,CAkBD,CAEO,sCAAMoQ,CACZ9M,GAEA,IACE,MAAMhc,QAAiBiY,eAAejlB,KAAM,CAAEgpB,YACxCtD,QAAagH,SAAS0B,4BAC1BpuB,KACAgN,EACAgc,SAEIhpB,KAAK+1B,uBAAuBrQ,EACnC,CAAC,MAAO9c,GACPD,QAAQ0B,KACN,qEACAzB,SAEI5I,KAAK+1B,uBAAuB,KACnC,CACF,CAEO,2BAAML,CACZJ,SAEA,GAAIhI,EAAqBttB,KAAKutB,KAAM,CAClC,MAAMvE,EAAUhpB,KAAKutB,IAAI0H,SAASe,YAClC,OAAIhN,EAGK,IAAI7hB,SAAcC,IACvB6H,YAAW,IACTjP,KAAK81B,iCAAiC9M,GAAS1hB,KAC7CF,EACAA,IAEH,IAGIpH,KAAK+1B,uBAAuB,KAEtC,CAGD,MAAME,QACGj2B,KAAK21B,oBAAoBpG,iBAClC,IAAI2G,EAAoBD,EACpBE,GAAyB,EAC7B,GAAIb,GAAyBt1B,KAAK2e,OAAOyX,WAAY,OAC7Cp2B,KAAKq2B,sCACX,MAAMC,EAAuC,QAAjB3jB,EAAA3S,KAAKq0B,oBAAY,IAAA1hB,OAAA,EAAAA,EAAE8a,iBACzC8I,EAAoBL,aAAA,EAAAA,EAAmBzI,iBACvC3d,QAAe9P,KAAKw2B,kBAAkBlB,GAOxCgB,GAAuBA,IAAwBC,KACjDzmB,aAAA,EAAAA,EAAQ4V,QAERwQ,EAAoBpmB,EAAO4V,KAC3ByQ,GAAyB,EAE5B,CAGD,IAAKD,EACH,OAAOl2B,KAAK+1B,uBAAuB,MAGrC,IAAKG,EAAkBzI,iBAAkB,CAGvC,GAAI0I,EACF,UACQn2B,KAAKo0B,iBAAiBtC,cAAcoE,EAC3C,CAAC,MAAO1uB,GACP0uB,EAAoBD,EAGpBj2B,KAAK20B,uBAAwB8B,wBAAwBz2B,MAAM,IACzDmH,QAAQ2H,OAAOtH,IAElB,CAGH,OAAI0uB,EACKl2B,KAAK02B,+BAA+BR,GAEpCl2B,KAAK+1B,uBAAuB,KAEtC,CAQD,OANAvY,QAAQxd,KAAK20B,uBAAwB30B,6BAC/BA,KAAKq2B,sCAMTr2B,KAAKq0B,cACLr0B,KAAKq0B,aAAa5G,mBAAqByI,EAAkBzI,iBAElDztB,KAAK+1B,uBAAuBG,GAG9Bl2B,KAAK02B,+BAA+BR,EAC5C,CAEO,uBAAMM,CACZG,GAkBA,IAAI7mB,EAAgC,KACpC,IAGEA,QAAe9P,KAAK20B,uBAAwBiC,oBAC1C52B,KACA22B,GACA,EAEH,CAAC,MAAOnvB,SAGDxH,KAAK62B,iBAAiB,KAC7B,CAED,OAAO/mB,CACR,CAEO,oCAAM4mB,CACZhR,GAEA,UACQqD,qBAAqBrD,EAC5B,CAAC,MAAOle,GACP,GAEE,iCADCA,aAAA,EAAAA,EAAqBlE,MAKtB,OAAOtD,KAAK+1B,uBAAuB,KAEtC,CAED,OAAO/1B,KAAK+1B,uBAAuBrQ,EACpC,CAED,iBAAAoR,GACE92B,KAAKiiB,azB1VO,SAAA8U,mBACd,GAAyB,oBAAd3zB,UACT,OAAO,KAET,MAAM4zB,EAAuC5zB,UAC7C,OAEG4zB,EAAkBC,WAAaD,EAAkBC,UAAU,IAG5DD,EAAkBE,UAElB,IAEJ,CyB4UwBH,EACrB,CAED,aAAMI,GACJn3B,KAAKy0B,UAAW,CACjB,CAED,uBAAM2C,CAAkBC,GACtB,GAAI/J,EAAqBttB,KAAKutB,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDld,OAKpD,MAAM0lB,EAAO2R,EACRxuB,mBAAmBwuB,GACpB,KAQJ,OAPI3R,GACFlI,QACEkI,EAAK5I,KAAK6B,OAAOoD,SAAW/hB,KAAK2e,OAAOoD,OACxC/hB,2BAIGA,KAAK61B,mBAAmBnQ,GAAQA,EAAK6G,OAAOvsB,MACpD,CAED,wBAAM61B,CACJnQ,EACA4R,GAAoC,GAEpC,IAAIt3B,KAAKy0B,SAeT,OAZI/O,GACFlI,QACExd,KAAKyhB,WAAaiE,EAAKjE,SACvBzhB,KAAI,sBAKHs3B,SACGt3B,KAAKo0B,iBAAiBtC,cAAcpM,GAGrC1lB,KAAKyxB,OAAM5kB,gBACV7M,KAAK+1B,uBAAuBrQ,GAClC1lB,KAAKu3B,qBAAqB,GAE7B,CAED,aAAM/P,GACJ,OAAI8F,EAAqBttB,KAAKutB,KACrBpmB,QAAQ2H,OACboO,gDAAgDld,cAI9CA,KAAKo0B,iBAAiBtC,cAAc,OAEtC9xB,KAAKw3B,4BAA8Bx3B,KAAK20B,+BACpC30B,KAAK62B,iBAAiB,MAKvB72B,KAAK61B,mBAAmB,MAAqC,GACrE,CAED,cAAAlG,CAAeV,GACb,OAAI3B,EAAqBttB,KAAKutB,KACrBpmB,QAAQ2H,OACboO,gDAAgDld,OAG7CA,KAAKyxB,OAAM5kB,gBACV7M,KAAK21B,oBAAoBhG,eAAejkB,aAAaujB,GAAa,GAE3E,CAED,mBAAAwI,GACE,OAAqB,MAAjBz3B,KAAKyhB,SACAzhB,KAAK40B,sBAEL50B,KAAK60B,wBAAwB70B,KAAKyhB,SAE5C,CAED,sBAAMyR,CAAiBC,GAChBnzB,KAAK03B,oCACF13B,KAAK23B,wBAIb,MAAMtE,EACJrzB,KAAK03B,6BAIP,OACErE,EAAeJ,gBACfjzB,KAAKu0B,wCAEEptB,QAAQ2H,OACb9O,KAAKud,cAAcxZ,OAAM,6CAEvB,CAAE,IAKDsvB,EAAeH,iBAAiBC,EACxC,CAED,0BAAAuE,GACE,OAAsB,OAAlB13B,KAAKyhB,SACAzhB,KAAK80B,uBAEL90B,KAAK+0B,wBAAwB/0B,KAAKyhB,SAE5C,CAED,2BAAMkW,GACJ,MAAM3qB,QCxcHH,eAAe+qB,mBACpB9a,EACAlN,EAAoC,IAEpC,OAAO8R,mBAIL5E,EAGA,MAAA,qBAAA0E,mBAAmB1E,EAAMlN,GAE7B,CD2b2BgoB,CAAmB53B,MAEpCqzB,EAAyC,IAAIjB,mBACjDplB,GAGoB,OAAlBhN,KAAKyhB,SACPzhB,KAAK80B,uBAAyBzB,EAE9BrzB,KAAK+0B,wBAAwB/0B,KAAKyhB,UAAY4R,CAEjD,CAED,eAAAwE,GACE,OAAO73B,KAAK21B,oBAAoB1G,YAAYhmB,IAC7C,CAED,eAAA6uB,CAAgB/a,GACd/c,KAAKud,cAAgB,IAAIzZ,aACvB,OACA,WACCiZ,IAEJ,CAED,kBAAAgb,CACE/vB,EACAP,EACAuwB,GAEA,OAAOh4B,KAAKi4B,sBACVj4B,KAAKi0B,sBACLjsB,EACAP,EACAuwB,EAEH,CAED,sBAAAE,CACEtuB,EACA+nB,GAEA,OAAO3xB,KAAKo0B,iBAAiB1C,aAAa9nB,EAAU+nB,EACrD,CAED,gBAAAwG,CACEnwB,EACAP,EACAuwB,GAEA,OAAOh4B,KAAKi4B,sBACVj4B,KAAKm0B,oBACLnsB,EACAP,EACAuwB,EAEH,CAED,cAAAI,GACE,OAAO,IAAIjxB,SAAQ,CAACC,EAAS0H,KAC3B,GAAI9O,KAAKunB,YACPngB,QACK,CACL,MAAMixB,EAAcr4B,KAAK+3B,oBAAmB,KAC1CM,IACAjxB,GAAS,GACR0H,EACJ,IAEJ,CAKD,uBAAMwpB,CAAkBnyB,GACtB,GAAInG,KAAKunB,YAAa,CACpB,MAEM3X,EAA8B,CAClCma,WAAY,YACZwO,UAAiC,eACjCpyB,QACA6iB,cANoBhpB,KAAKunB,YAAY9B,cAQlB,MAAjBzlB,KAAKyhB,WACP7R,EAAQ6R,SAAWzhB,KAAKyhB,gBThfzB5U,eAAe2rB,YACpB1b,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,2BAAA0E,mBAAmB1E,EAAMlN,GAE7B,CSweY4oB,CAAYx4B,KAAM4P,EACzB,CACF,CAED,MAAAkZ,SACE,MAAO,CACL/G,OAAQ/hB,KAAK2e,OAAOoD,OACpBqU,WAAYp2B,KAAK2e,OAAOyX,WACxBnZ,QAASjd,KAAKkD,KACdqkB,YAA8B,QAAjB5U,EAAA3S,KAAK41B,oBAAY,IAAAjjB,OAAA,EAAAA,EAAEmW,SAEnC,CAED,sBAAM+N,CACJnR,EACA4P,GAEA,MAAMmD,QAAwBz4B,KAAKq2B,oCACjCf,GAEF,OAAgB,OAAT5P,EACH+S,EAAgBhJ,oBAChBgJ,EAAgBnJ,eAAe5J,EACpC,CAEO,yCAAM2Q,CACZf,GAEA,IAAKt1B,KAAKw3B,2BAA4B,CACpC,MAAMkB,EACHpD,GAAyB5pB,aAAa4pB,IACvCt1B,KAAK20B,uBACPnX,QAAQkb,EAAU14B,uBAClBA,KAAKw3B,iCAAmCxI,uBAAuBjrB,OAC7D/D,KACA,CAAC0L,aAAagtB,EAASC,uCAGzB34B,KAAKq0B,mBACGr0B,KAAKw3B,2BAA2BjI,gBACzC,CAED,OAAOvvB,KAAKw3B,0BACb,CAED,wBAAMoB,CAAmBna,WAOvB,OAJIze,KAAKw0B,sBACDx0B,KAAKyxB,OAAM5kB,eAGI,QAAnB8F,EAAA3S,KAAK41B,oBAAc,IAAAjjB,OAAA,EAAAA,EAAA8a,oBAAqBhP,EACnCze,KAAK41B,cAGS,QAAnB/iB,EAAA7S,KAAKq0B,oBAAc,IAAAxhB,OAAA,EAAAA,EAAA4a,oBAAqBhP,EACnCze,KAAKq0B,aAGP,IACR,CAED,2BAAMzJ,CAAsBlF,GAC1B,GAAIA,IAAS1lB,KAAKunB,YAChB,OAAOvnB,KAAKyxB,OAAM5kB,SAAY7M,KAAK+1B,uBAAuBrQ,IAE7D,CAGD,yBAAAmF,CAA0BnF,GACpBA,IAAS1lB,KAAKunB,aAChBvnB,KAAKu3B,qBAER,CAED,IAAA3I,GACE,MAAO,GAAG5uB,KAAK2e,OAAOyX,cAAcp2B,KAAK2e,OAAOoD,UAAU/hB,KAAKkD,MAChE,CAED,sBAAAgqB,GACEltB,KAAKs0B,2BAA4B,EAC7Bt0B,KAAKunB,aACPvnB,KAAK41B,aAAa1I,wBAErB,CAED,qBAAAC,GACEntB,KAAKs0B,2BAA4B,EAC7Bt0B,KAAKunB,aACPvnB,KAAK41B,aAAazI,uBAErB,CAGD,gBAAIyI,GACF,OAAO51B,KAAKunB,WACb,CAEO,mBAAAgQ,WACN,IAAKv3B,KAAKw0B,eACR,OAGFx0B,KAAKm0B,oBAAoBzsB,KAAK1H,KAAKunB,aAEnC,MAAMsR,EAAsC,QAAzBhmB,EAAkB,QAAlBF,EAAA3S,KAAKunB,mBAAa,IAAA5U,OAAA,EAAAA,EAAA0X,WAAO,IAAAxX,EAAAA,EAAA,KACxC7S,KAAKg1B,kBAAoB6D,IAC3B74B,KAAKg1B,gBAAkB6D,EACvB74B,KAAKi0B,sBAAsBvsB,KAAK1H,KAAKunB,aAExC,CAEO,qBAAA0Q,CACNa,EACA9wB,EACAP,EACAuwB,GAEA,GAAIh4B,KAAKy0B,SACP,MAAO,OAGT,MAAMsE,EACsB,mBAAnB/wB,EACHA,EACAA,EAAeN,KAAKa,KAAKP,GAE/B,IAAIgxB,GAAiB,EAErB,MAAM7rB,EAAUnN,KAAKw0B,eACjBrtB,QAAQC,UACRpH,KAAK00B,uBAWT,GAVAlX,QAAQrQ,EAASnN,uBAGjBmN,EAAQ7F,MAAK,KACP0xB,GAGJD,EAAG/4B,KAAKunB,YAAY,IAGQ,mBAAnBvf,EAA+B,CACxC,MAAMqwB,EAAcS,EAAaG,YAC/BjxB,EACAP,EACAuwB,GAEF,MAAO,KACLgB,GAAiB,EACjBX,GAAa,CAEhB,CAAM,CACL,MAAMA,EAAcS,EAAaG,YAAYjxB,GAC7C,MAAO,KACLgxB,GAAiB,EACjBX,GAAa,CAEhB,CACF,CAOO,4BAAMtC,CACZrQ,GAEI1lB,KAAKunB,aAAevnB,KAAKunB,cAAgB7B,GAC3C1lB,KAAK41B,aAAazI,wBAEhBzH,GAAQ1lB,KAAKs0B,2BACf5O,EAAKwH,yBAGPltB,KAAKunB,YAAc7B,EAEfA,QACI1lB,KAAK21B,oBAAoBrG,eAAe5J,SAExC1lB,KAAK21B,oBAAoBlG,mBAElC,CAEO,KAAAgC,CAAMyH,GAIZ,OADAl5B,KAAKg0B,WAAah0B,KAAKg0B,WAAW1sB,KAAK4xB,EAAQA,GACxCl5B,KAAKg0B,UACb,CAED,uBAAY2B,GAEV,OADAnY,QAAQxd,KAAKu1B,mBAAoBv1B,uBAC1BA,KAAKu1B,kBACb,CAID,aAAA4D,CAAcC,GACPA,IAAap5B,KAAKqxB,WAAWjsB,SAASg0B,KAG3Cp5B,KAAKqxB,WAAW7vB,KAAK43B,GAIrBp5B,KAAKqxB,WAAWgI,OAChBr5B,KAAKm1B,cAAgBhE,kBACnBnxB,KAAK2e,OAAOyS,eACZpxB,KAAKs5B,kBAER,CACD,cAAAA,GACE,OAAOt5B,KAAKqxB,UACb,CACD,2BAAMrP,SAEJ,MAAM1C,EAAkC,CACtC,mBAA+Btf,KAAKm1B,eAGlCn1B,KAAKutB,IAAIgM,QAAQC,QACnBla,EAAO,oBAAgCtf,KAAKutB,IAAIgM,QAAQC,OAI1D,MAAMC,QAIF,QAJ2B9mB,EAAA3S,KAAK6zB,yBACjC6F,aAAa,CACZC,UAAU,WAEV,IAAAhnB,OAAA,EAAAA,EAAAinB,uBACAH,IACFna,EAAO,qBAAiCma,GAI1C,MAAMI,QAAsB75B,KAAK85B,oBAKjC,OAJID,IACFva,EAAO,uBAAoCua,GAGtCva,CACR,CAED,uBAAMwa,SACJ,GAAIxM,EAAqBttB,KAAKutB,MAAQvtB,KAAKutB,IAAI0H,SAAS4E,cACtD,OAAO75B,KAAKutB,IAAI0H,SAAS4E,cAE3B,MAAME,QAEF,QAF8BpnB,EAAA3S,KAAK8zB,wBACpC4F,aAAa,CAAEC,UAAU,WACxB,IAAAhnB,OAAA,EAAAA,EAAA8Y,YAUJ,OATIsO,aAAmB,EAAnBA,EAAqBtyB,Q5B9yBb,SAAAuyB,SAAS1d,KAAgBvR,GACnC2Q,EAAU1Q,UAAYnB,EAASS,MACjCoR,EAAUrR,KAAK,SAASkS,OAAiBD,OAAUvR,EAEvD,C4B+yBMivB,CACE,2CAA2CD,EAAoBtyB,SAG5DsyB,aAAA,EAAAA,EAAqB5zB,KAC7B,EASG,SAAU8zB,UAAUnd,GACxB,OAAOjU,mBAAmBiU,EAC5B,CAGA,MAAMoX,aAMJ,WAAAjxB,CAAqB6Z,GAAA9c,KAAI8c,KAAJA,EALb9c,KAAQ4H,SAA8B,KACrC5H,KAAAi5B,YzCnzBK,SAAAiB,gBACdrzB,EACAC,GAEA,MAAMqzB,EAAQ,IAAIvzB,cAAiBC,EAAUC,GAC7C,OAAOqzB,EAAMpyB,UAAUQ,KAAK4xB,EAC9B,CyC6yB8CD,EAC1CtyB,GAAa5H,KAAK4H,SAAWA,GAGY,CAE3C,QAAIF,GAEF,OADA8V,QAAQxd,KAAK4H,SAAU5H,KAAK8c,KAAI,kBACzB9c,KAAK4H,SAASF,KAAKa,KAAKvI,KAAK4H,SACrC,EEh2BH,IAAIwyB,EAAyC,CAC3C,YAAMC,GACJ,MAAM,IAAI55B,MAAM,kCACjB,EAED65B,kBAAmB,GACnBC,0BAA2B,GAC3BC,WAAY,IC4CD,MAAAC,uBAAb,WAAAx3B,GACEjD,KAAAqkB,WAAyB,IAAIqW,cAmB9B,CAlBC,KAAAjoB,CAAM7I,GACJA,GACD,CAED,OAAA+wB,CAEEC,EACAC,GAEA,OAAO1zB,QAAQC,QAAQ,QACxB,CACD,MAAA0zB,CAEEC,EACAC,GAEA,MAAO,EACR,EAGU,MAAAN,eACX,KAAAjoB,CAAM7I,GACJA,GACD,CAED,OAAA+wB,CAEEC,EACAC,GAEA,OAAO1zB,QAAQC,QAAQ,QACxB,CACD,MAAA0zB,CAEEC,EACAC,GAEA,MAAO,EACR,EC9EI,MACMC,EAAa,eAEb,MAAAC,4BAaX,WAAAj4B,CAAYk4B,GATHn7B,KAAIiJ,KAPmC,uBAiB9CjJ,KAAK8c,KAAOmd,UAAUkB,EACvB,CAOD,YAAMC,CACJlC,EAAiB,SACjBvT,GAAe,GAuCf,SAAS0V,uBACP9W,EACAnd,EACA0H,GAEA,MAAMsV,EAAa9U,OAAO8U,WACtBD,aAAaC,GACfA,EAAWC,WAAW5R,OAAM,KAC1B2R,EAAWC,WACRsW,QAAQpW,EAAS,CAAE2U,WACnB5xB,MAAKnB,IACJiB,EAAQjB,EAAM,IAEfoB,OAAM,KACLH,EAAQ6zB,EAAW,GACnB,IAGNnsB,EAAOrO,MAAM,0CAEhB,CAGD,GAAIT,KAAK8c,KAAKmY,SAASC,kCAAmC,CAExD,OADsB,IAAIuF,wBACLE,QAAQ,UAAW,CAAEzB,OAAQ,UACnD,CAED,OAAO,IAAI/xB,SAAgB,CAACC,EAAS0H,MAjErCjC,eAAeyuB,gBAAgBxe,GAC7B,IAAK6I,EAAc,CACjB,GAAqB,MAAjB7I,EAAK2E,UAAkD,MAA9B3E,EAAK8X,sBAChC,OAAO9X,EAAK8X,sBAAsBrQ,QAEpC,GACmB,MAAjBzH,EAAK2E,eAC2C9a,IAAhDmW,EAAK+X,wBAAwB/X,EAAK2E,UAElC,OAAO3E,EAAK+X,wBAAwB/X,EAAK2E,UAAU8C,OAEtD,CAED,OAAO,IAAIpd,SAAgB0F,MAAOzF,EAAS0H,KACzCkW,mBAAmBlI,EAAM,CACvBye,WAAmC,kBACnCC,QAAoC,yBAEnCl0B,MAAK0F,IACJ,QAA8BrG,IAA1BqG,EAASyX,aAEN,CACL,MAAM9F,EAAS,IAAI2F,gBAAgBtX,GAMnC,OALqB,MAAjB8P,EAAK2E,SACP3E,EAAK8X,sBAAwBjW,EAE7B7B,EAAK+X,wBAAwB/X,EAAK2E,UAAY9C,EAEzCvX,EAAQuX,EAAO4F,QACvB,CATCzV,EAAO,IAAIrO,MAAM,2CASlB,IAEF8G,OAAME,IACLqH,EAAOrH,EAAM,GACb,GAEP,EA+BC6zB,CAAgBt7B,KAAK8c,MAClBxV,MAAKid,IACJ,IAAKoB,GAAgBxB,aAAa7U,OAAO8U,YACvCiX,uBAAuB9W,EAASnd,EAAS0H,OACpC,CACL,GAAsB,oBAAXQ,OAIT,YAHAR,EACE,IAAIrO,MAAM,mDAId,IAAI6F,EFjGA,SAAAm1B,gCACd,OAAOrB,EAAmBG,yBAC5B,CE+FsBmB,GACS,IAAfp1B,EAAIxF,SACNwF,GAAOie,GF3Gf,SAAUoX,QAAQr1B,GACtB,OAAO8zB,EAAmBC,OAAO/zB,EACnC,CE2GYs1B,CACWt1B,GACRgB,MAAK,KACJ+zB,uBAAuB9W,EAASnd,EAAS0H,EAAO,IAEjDvH,OAAME,IACLqH,EAAOrH,EAAM,GAElB,KAEFF,OAAME,IACLqH,EAAOrH,EAAM,GACb,GAEP,EAGIoF,eAAegvB,sBACpB/e,EACAlN,EACAspB,EACA4C,GAAgB,EAChBC,GAAc,GAEd,MAAMC,EAAW,IAAId,4BAA4Bpe,GACjD,IAAImf,EAEJ,GAAIF,EACFE,EAAkBhB,OAElB,IACEgB,QAAwBD,EAASZ,OAAOlC,EACzC,CAAC,MAAOzxB,GACPw0B,QAAwBD,EAASZ,OAAOlC,GAAQ,EACjD,CAGH,MAAMgD,EAAUx4B,OAAAsZ,OAAA,CAAA,EAAQpN,GACxB,GACmD,qBAAjDspB,GACM,iBAANA,EACA,CACA,GAAI,wBAAyBgD,EAAY,CACvC,MAAMjY,EACJiY,EACAC,oBAAoBlY,YAChBmY,EACJF,EACAC,oBAAoBC,eAEtB14B,OAAOsZ,OAAOkf,EAAY,CACxBC,oBAAuB,CACrBlY,cACAmY,iBACAH,kBACAV,WAAqC,kBACrCc,iBAA+C,yBAGpD,MAAM,GAAI,oBAAqBH,EAAY,CAC1C,MAAME,EACJF,EACAI,gBAAgBF,eAElB14B,OAAOsZ,OAAOkf,EAAY,CACxBI,gBAAmB,CACjBF,iBACAH,kBACAV,WAAqC,kBACrCc,iBAA+C,yBAGpD,CACD,OAAOH,CACR,CAWD,OATKJ,EAGHp4B,OAAOsZ,OAAOkf,EAAY,CAAEK,YAAeN,IAF3Cv4B,OAAOsZ,OAAOkf,EAAY,CAAED,oBAI9Bv4B,OAAOsZ,OAAOkf,EAAY,CAAEX,WAAY,oBACxC73B,OAAOsZ,OAAOkf,EAAY,CACxBG,iBAA+C,yBAE1CH,CACT,CAOOrvB,eAAe2vB,oBACpBC,EACA7sB,EACA8sB,EACAC,EACAC,WAEA,GAA2E,4BAAvEA,EAAyE,CAC3E,GAE0B,UADxBH,EACGhF,6BAAqB,IAAA9kB,OAAA,EAAAA,EACpBmS,kBAAiB,2BACrB,CACA,MAAM+X,QAA6BhB,sBACjCY,EACA7sB,EACA8sB,EACU,eAAVA,GAEF,OAAOC,EAAaF,EAAcI,EACnC,CACC,OAAOF,EAAaF,EAAc7sB,GAASrI,OAAMsF,MAAMpF,IACrD,GAAmB,iCAAfA,EAAMnE,KAA0D,CAClEqF,QAAQyT,IACN,GAAGsgB,iIAEL,MAAMG,QAA6BhB,sBACjCY,EACA7sB,EACA8sB,EACU,eAAVA,GAEF,OAAOC,EAAaF,EAAcI,EACnC,CACC,OAAO11B,QAAQ2H,OAAOrH,EACvB,GAGN,CAAM,GAAkE,mBAA9Dm1B,EAAgE,CACzE,GAE0B,UADxBH,EACGhF,6BAAqB,IAAA5kB,OAAA,EAAAA,EACpBiS,kBAAiB,kBACrB,CACA,MAAM+X,QAA6BhB,sBACjCY,EACA7sB,EACA8sB,GAGF,OAAOC,EAAaF,EAAcI,GAAsBt1B,OACtDsF,MAAMpF,UACJ,GAKK,WAFC,UAFJg1B,EACGhF,6BACC,IAAA9kB,OAAA,EAAAA,EAAA+R,4BAED,qBAIc,iCAAfjd,EAAMnE,MACS,gCAAfmE,EAAMnE,MACN,CACAqF,QAAQyT,IACN,8GAA8GsgB,WAKhH,MAAMI,QAAmCjB,sBACvCY,EACA7sB,EACA8sB,GACA,GACA,GAGF,OAAOC,EAAaF,EAAcK,EACnC,CAGH,OAAO31B,QAAQ2H,OAAOrH,EAAM,GAGjC,CAAM,CAEL,MAAMq1B,QAAmCjB,sBACvCY,EACA7sB,EACA8sB,GACA,GACA,GAIF,OAAOC,EAAaF,EAAcK,EACnC,CACF,CACC,OAAO31B,QAAQ2H,OACb8tB,EAAwB,8BAG9B,CCnSgB,SAAAG,eAAexP,EAAkByP,GAC/C,MAAMpY,EAAWqY,aAAa1P,EAAK,QAEnC,GAAI3I,EAASsY,gBAAiB,CAC5B,MAAMpgB,EAAO8H,EAAS8U,eAEtB,GAAI70B,UADmB+f,EAASuY,aACFH,QAAAA,EAAQ,CAAA,GACpC,OAAOlgB,EAEPN,MAAMM,EAAI,sBAEb,CAID,OAFa8H,EAAS5F,WAAW,CAAEua,QAASyD,GAG9C,CCxBgB,SAAAI,oBACdtgB,EACAxW,EACAizB,GAEA,MAAM8D,EAAepD,UAAUnd,GAC/BU,QACE,eAAe6D,KAAK/a,GACpB+2B,EAAY,2BAId,MAAMC,KAAoB/D,aAAA,EAAAA,EAAS+D,iBAE7Bpf,EAAWqf,gBAAgBj3B,IAC3Bmd,KAAEA,EAAI+Z,KAAEA,GAkDhB,SAASC,mBAAmBn3B,GAI1B,MAAM4X,EAAWqf,gBAAgBj3B,GAC3Bo3B,EAAY,mBAAmBC,KAAKr3B,EAAIs3B,OAAO1f,EAASpd,SAC9D,IAAK48B,EACH,MAAO,CAAEja,KAAM,GAAI+Z,KAAM,MAE3B,MAAMK,EAAcH,EAAU,GAAGx3B,MAAM,KAAK43B,OAAS,GAC/CC,EAAgB,qBAAqBJ,KAAKE,GAChD,GAAIE,EAAe,CACjB,MAAMta,EAAOsa,EAAc,GAC3B,MAAO,CAAEta,OAAM+Z,KAAMQ,UAAUH,EAAYD,OAAOna,EAAK3iB,OAAS,IACjE,CAAM,CACL,MAAO2iB,EAAM+Z,GAAQK,EAAY33B,MAAM,KACvC,MAAO,CAAEud,OAAM+Z,KAAMQ,UAAUR,GAChC,CACH,CApEyBC,CAAmBn3B,GAIpCuY,EAAW,CAAEvY,IAAK,GAAG4X,MAAauF,IAHf,OAAT+Z,EAAgB,GAAK,IAAIA,QAInCzJ,EAAiBrwB,OAAOu6B,OAAO,CACnCxa,OACA+Z,OACAtf,SAAUA,EAAS3Z,QAAQ,IAAK,IAChCg1B,QAAS71B,OAAOu6B,OAAO,CAAEX,sBAI3B,IAAKD,EAAa5a,iBAoBhB,OAjBAjF,QACE6f,EAAa1e,OAAOE,UAAYwe,EAAatJ,eAC7CsJ,iCAMF7f,QACE3Y,UAAUga,EAAUwe,EAAa1e,OAAOE,WACtCha,UAAUkvB,EAAgBsJ,EAAatJ,gBACzCsJ,EAAY,0BAShBA,EAAa1e,OAAOE,SAAWA,EAC/Bwe,EAAatJ,eAAiBA,EAC9BsJ,EAAapI,SAASC,mCAAoC,EAErDoI,GAyCP,SAASY,sBACP,SAASC,eACP,MAAMC,EAAKnN,SAASoN,cAAc,KAC5BC,EAAMF,EAAGG,MACfH,EAAGI,UACD,oEACFF,EAAIG,SAAW,QACfH,EAAII,MAAQ,OACZJ,EAAIK,gBAAkB,UACtBL,EAAIM,OAAS,qBACbN,EAAIO,MAAQ,UACZP,EAAIQ,OAAS,MACbR,EAAIS,KAAO,MACXT,EAAIU,OAAS,MACbV,EAAIW,OAAS,QACbX,EAAIY,UAAY,SAChBd,EAAGe,UAAUzxB,IAAI,6BACjBujB,SAASpP,KAAKud,YAAYhB,EAC3B,CAEsB,oBAAZz1B,SAAmD,mBAAjBA,QAAQwB,MACnDxB,QAAQwB,KACN,gIAKkB,oBAAXmF,QAA8C,oBAAb2hB,WACd,YAAxBA,SAASoO,WACX/vB,OAAO9B,iBAAiB,mBAAoB2wB,cAE5CA,eAGN,CA1EID,EAEJ,CAEA,SAASX,gBAAgBj3B,GACvB,MAAMg5B,EAAch5B,EAAIE,QAAQ,KAChC,OAAO84B,EAAc,EAAI,GAAKh5B,EAAIs3B,OAAO,EAAG0B,EAAc,EAC5D,CAsBA,SAAStB,UAAUuB,GACjB,IAAKA,EACH,OAAO,KAET,MAAM/B,EAAOnY,OAAOka,GACpB,OAAIja,MAAMkY,GACD,KAEFA,CACT,CC5Ga,MAAAgC,eAEX,WAAAv8B,CAOW8mB,EASA0V,GATAz/B,KAAU+pB,WAAVA,EASA/pB,KAAYy/B,aAAZA,CACP,CAOJ,MAAA3W,GACE,OAAOpL,UAAU,kBAClB,CAGD,mBAAAgiB,CAAoBC,GAClB,OAAOjiB,UAAU,kBAClB,CAED,cAAAkiB,CACED,EACAE,GAEA,OAAOniB,UAAU,kBAClB,CAED,4BAAAoiB,CAA6BH,GAC3B,OAAOjiB,UAAU,kBAClB,EChCI7Q,eAAekzB,cACpBjjB,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,6BAAA0E,mBAAmB1E,EAAMlN,GAE7B,CAsBO/C,eAAemzB,kBACpBljB,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,sBAAAlN,EAEJ,CCvCO/C,eAAeozB,mBACpBnjB,EACAlN,GAEA,OAAO0T,sBAILxG,EAGA,OAAA,kCAAA0E,mBAAmB1E,EAAMlN,GAE7B,CAqDA/C,eAAeqzB,YACbpjB,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,2BAAA0E,mBAAmB1E,EAAMlN,GAE7B,CASO/C,eAAeszB,yBACpBrjB,EACAlN,GAEA,OAAOswB,YAAYpjB,EAAMlN,EAC3B,CAEO/C,eAAeuzB,wBACpBtjB,EACAlN,GAEA,OAAOswB,YAAYpjB,EAAMlN,EAC3B,CC5FM,MAAOywB,4BAA4Bb,eAEvC,WAAAv8B,CAEWq9B,EAEAC,EACTd,EAESe,EAA2B,MAEpC/8B,MAAK,WAAsBg8B,GAPlBz/B,KAAMsgC,OAANA,EAEAtgC,KAASugC,UAATA,EAGAvgC,KAASwgC,UAATA,CAGV,CAGD,4BAAOC,CACLzc,EACAmP,GAEA,OAAO,IAAIkN,oBACTrc,EACAmP,aAGH,CAGD,wBAAOuN,CACL1c,EACA2c,EACAlf,EAA0B,MAE1B,OAAO,IAAI4e,oBACTrc,EACA2c,EAAO,YAEPlf,EAEH,CAGD,MAAAqH,GACE,MAAO,CACL9E,MAAOhkB,KAAKsgC,OACZnN,SAAUnzB,KAAKugC,UACfd,aAAcz/B,KAAKy/B,aACnBhe,SAAUzhB,KAAKwgC,UAElB,CAUD,eAAOpU,CAAStJ,GACd,MAAM7c,EAAsB,iBAAT6c,EAAoBjP,KAAKmT,MAAMlE,GAAQA,EAC1D,IAAI7c,aAAA,EAAAA,EAAK+d,SAAS/d,aAAA,EAAAA,EAAKktB,UAAU,CAC/B,GAAoB,aAAhBltB,EAAIw5B,aACN,OAAOz/B,KAAKygC,sBAAsBx6B,EAAI+d,MAAO/d,EAAIktB,UAC5C,GAAoB,cAAhBltB,EAAIw5B,aACb,OAAOz/B,KAAK0gC,kBAAkBz6B,EAAI+d,MAAO/d,EAAIktB,SAAUltB,EAAIwb,SAE9D,CACD,OAAO,IACR,CAGD,yBAAMie,CAAoB5iB,GACxB,OAAQ9c,KAAKy/B,cACX,IAAA,WAOE,OAAOjD,oBACL1f,EAPyC,CACzC8jB,mBAAmB,EACnB5c,MAAOhkB,KAAKsgC,OACZnN,SAAUnzB,KAAKugC,UACfhF,WAAmC,mBAMnC,qBAAA0E,mBAAkB,2BAGtB,IAAA,YACE,OCrGDpzB,eAAeg0B,sBACpB/jB,EACAlN,GAEA,OAAO0T,sBAILxG,EAGA,OAAA,mCAAA0E,mBAAmB1E,EAAMlN,GAE7B,CDwFeixB,CAAoB/jB,EAAM,CAC/BkH,MAAOhkB,KAAKsgC,OACZK,QAAS3gC,KAAKugC,YAElB,QACE/jB,MAAMM,EAAI,kBAEf,CAGD,oBAAM8iB,CACJ9iB,EACAkM,GAEA,OAAQhpB,KAAKy/B,cACX,IAAA,WAQE,OAAOjD,oBACL1f,EAR6B,CAC7BkM,UACA4X,mBAAmB,EACnB5c,MAAOhkB,KAAKsgC,OACZnN,SAAUnzB,KAAKugC,UACfhF,WAAmC,mBAMnC,iBAAAyE,kBAAiB,2BAGrB,IAAA,YACE,OChHDnzB,eAAei0B,8BACpBhkB,EACAlN,GAEA,OAAO0T,sBAILxG,EAGA,OAAA,mCAAA0E,mBAAmB1E,EAAMlN,GAE7B,CDmGekxB,CAA8BhkB,EAAM,CACzCkM,UACAhF,MAAOhkB,KAAKsgC,OACZK,QAAS3gC,KAAKugC,YAElB,QACE/jB,MAAMM,EAAI,kBAEf,CAGD,4BAAAgjB,CAA6BhjB,GAC3B,OAAO9c,KAAK0/B,oBAAoB5iB,EACjC,EErIIjQ,eAAek0B,cACpBjkB,EACAlN,GAEA,OAAO0T,sBACLxG,EAGA,OAAA,6BAAA0E,mBAAmB1E,EAAMlN,GAE7B,CCDM,MAAOoxB,wBAAwBxB,eAArC,WAAAv8B,uBAqBUjD,KAAYihC,aAAkB,IA8HvC,CA3HC,kBAAOC,CAAYv7B,GACjB,MAAMw7B,EAAO,IAAIH,gBAAgBr7B,EAAOokB,WAAYpkB,EAAO85B,cA4B3D,OA1BI95B,EAAOqjB,SAAWrjB,EAAOwlB,aAEvBxlB,EAAOqjB,UACTmY,EAAKnY,QAAUrjB,EAAOqjB,SAGpBrjB,EAAOwlB,cACTgW,EAAKhW,YAAcxlB,EAAOwlB,aAIxBxlB,EAAOy7B,QAAUz7B,EAAOs7B,eAC1BE,EAAKC,MAAQz7B,EAAOy7B,OAGlBz7B,EAAOs7B,eACTE,EAAKF,aAAet7B,EAAOs7B,eAEpBt7B,EAAO07B,YAAc17B,EAAO27B,kBAErCH,EAAKhW,YAAcxlB,EAAO07B,WAC1BF,EAAKI,OAAS57B,EAAO27B,kBAErB9kB,wBAGK2kB,CACR,CAGD,MAAArY,GACE,MAAO,CACLE,QAAShpB,KAAKgpB,QACdmC,YAAanrB,KAAKmrB,YAClBoW,OAAQvhC,KAAKuhC,OACbH,MAAOphC,KAAKohC,MACZH,aAAcjhC,KAAKihC,aACnBlX,WAAY/pB,KAAK+pB,WACjB0V,aAAcz/B,KAAKy/B,aAEtB,CAWD,eAAOrT,CAAStJ,GACd,MAAM7c,EAAsB,iBAAT6c,EAAoBjP,KAAKmT,MAAMlE,GAAQA,GACpDiH,WAAEA,EAAU0V,aAAEA,GAAiDx5B,EAAhCyW,EAAgCqO,OAAA9kB,EAA/D,CAAA,aAAA,iBACN,IAAK8jB,IAAe0V,EAClB,OAAO,KAGT,MAAM0B,EAAO,IAAIH,gBAAgBjX,EAAY0V,GAM7C,OALA0B,EAAKnY,QAAUtM,EAAKsM,cAAWriB,EAC/Bw6B,EAAKhW,YAAczO,EAAKyO,kBAAexkB,EACvCw6B,EAAKI,OAAS7kB,EAAK6kB,OACnBJ,EAAKC,MAAQ1kB,EAAK0kB,MAClBD,EAAKF,aAAevkB,EAAKukB,cAAgB,KAClCE,CACR,CAGD,mBAAAzB,CAAoB5iB,GAElB,OAAOikB,cAAcjkB,EADL9c,KAAKwhC,eAEtB,CAGD,cAAA5B,CACE9iB,EACAkM,GAEA,MAAMpZ,EAAU5P,KAAKwhC,eAErB,OADA5xB,EAAQoZ,QAAUA,EACX+X,cAAcjkB,EAAMlN,EAC5B,CAGD,4BAAAkwB,CAA6BhjB,GAC3B,MAAMlN,EAAU5P,KAAKwhC,eAErB,OADA5xB,EAAQ6xB,YAAa,EACdV,cAAcjkB,EAAMlN,EAC5B,CAEO,YAAA4xB,GACN,MAAM5xB,EAAgC,CACpC8xB,WApJkB,mBAqJlBd,mBAAmB,GAGrB,GAAI5gC,KAAKihC,aACPrxB,EAAQqxB,aAAejhC,KAAKihC,iBACvB,CACL,MAAMU,EAAmC,CAAA,EACrC3hC,KAAKgpB,UACP2Y,EAAmB,SAAI3hC,KAAKgpB,SAE1BhpB,KAAKmrB,cACPwW,EAAuB,aAAI3hC,KAAKmrB,aAE9BnrB,KAAKuhC,SACPI,EAA6B,mBAAI3hC,KAAKuhC,QAGxCI,EAAqB,WAAI3hC,KAAK+pB,WAC1B/pB,KAAKohC,QAAUphC,KAAKihC,eACtBU,EAAgB,MAAI3hC,KAAKohC,OAG3BxxB,EAAQ+xB,SAAWl8B,YAAYk8B,EAChC,CAED,OAAO/xB,CACR,EC/EH,MAAMgyB,EAEF,CACFvhB,eAAwD,kBCtFpD,MAAOwhB,4BAA4BrC,eACvC,WAAAv8B,CAAqC0C,GACnClC,uBADmCzD,KAAM2F,OAANA,CAEpC,CAGD,wBAAOm8B,CACLC,EACAC,GAEA,OAAO,IAAIH,oBAAoB,CAAEE,iBAAgBC,oBAClD,CAGD,yBAAOC,CACLhe,EACAie,GAEA,OAAO,IAAIL,oBAAoB,CAAE5d,cAAaie,kBAC/C,CAGD,mBAAAxC,CAAoB5iB,GAClB,ODqBGjQ,eAAes1B,sBACpBrlB,EACAlN,GAEA,OAAO0T,sBAILxG,EAGA,OAAA,qCAAA0E,mBAAmB1E,EAAMlN,GAE7B,CClCWuyB,CAAsBrlB,EAAM9c,KAAKoiC,2BACzC,CAGD,cAAAxC,CACE9iB,EACAkM,GAEA,OD4BGnc,eAAew1B,oBACpBvlB,EACAlN,GAEA,MAAM5C,QAAiBsW,sBAIrBxG,EAAI,OAAA,qCAGJ0E,mBAAmB1E,EAAMlN,IAE3B,GAAI5C,EAASk1B,eACX,MAAMnf,iBAAiBjG,EAAuC,2CAAA9P,GAEhE,OAAOA,CACT,CC7CWq1B,CAAoBvlB,EACzBpZ,OAAAsZ,OAAA,CAAAgM,WACGhpB,KAAKoiC,4BAEX,CAGD,4BAAAtC,CAA6BhjB,GAC3B,ODkDGjQ,eAAey1B,6BACpBxlB,EACAlN,GAMA,OAAO0T,sBAILxG,EAAI,OAAA,qCAGJ0E,mBAAmB1E,EAVhBpZ,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,GAAApN,GAAO,CACV2yB,UAAW,YAUXX,EAEJ,CCpEWU,CAA6BxlB,EAAM9c,KAAKoiC,2BAChD,CAGD,wBAAAA,GACE,MAAMF,eAAEA,EAAcje,YAAEA,EAAW8d,eAAEA,EAAcC,iBAAEA,GACnDhiC,KAAK2F,OACP,OAAIu8B,GAAkBje,EACb,CAAEie,iBAAgBje,eAGpB,CACLue,YAAaT,EACbz+B,KAAM0+B,EAET,CAGD,MAAAlZ,GACE,MAAM7iB,EAA8B,CAClC8jB,WAAY/pB,KAAK+pB,YAenB,OAbI/pB,KAAK2F,OAAOse,cACdhe,EAAIge,YAAcjkB,KAAK2F,OAAOse,aAE5BjkB,KAAK2F,OAAOu8B,iBACdj8B,EAAIi8B,eAAiBliC,KAAK2F,OAAOu8B,gBAE/BliC,KAAK2F,OAAOq8B,mBACd/7B,EAAI+7B,iBAAmBhiC,KAAK2F,OAAOq8B,kBAEjChiC,KAAK2F,OAAOo8B,iBACd97B,EAAI87B,eAAiB/hC,KAAK2F,OAAOo8B,gBAG5B97B,CACR,CAGD,eAAOmmB,CAAStJ,GACM,iBAATA,IACTA,EAAOjP,KAAKmT,MAAMlE,IAGpB,MAAMif,eAAEA,EAAcC,iBAAEA,EAAgB/d,YAAEA,EAAWie,eAAEA,GACrDpf,EACF,OACGkf,GACAD,GACA9d,GACAie,EAKI,IAAIL,oBAAoB,CAC7BE,iBACAC,mBACA/d,cACAie,mBAPO,IASV,ECtDU,MAAAO,cAiCX,WAAAx/B,CAAYy/B,mBACV,MAAMC,EAAe38B,kBAAkBK,mBAAmBq8B,IACpD3gB,EAAyC,QAAhCpP,EAAAgwB,EAAgC,cAAA,IAAAhwB,EAAAA,EAAI,KAC7CrP,EAAoC,QAA7BuP,EAAA8vB,EAA6B,eAAA,IAAA9vB,EAAAA,EAAI,KACxC0vB,EApFV,SAASK,UAAUr5B,GACjB,OAAQA,GACN,IAAK,eACH,MAAyC,gBAC3C,IAAK,gBACH,MAA0C,iBAC5C,IAAK,SACH,MAAwC,eAC1C,IAAK,cACH,MAAwC,eAC1C,IAAK,uBACH,MAAmD,0BACrD,IAAK,6BACH,MAAyD,gCAC3D,QACE,OAAO,KAEb,CAmEsBq5B,CAAuC,QAA7BjV,EAAAgV,EAA6B,YAAA,IAAAhV,EAAAA,EAAI,MAE7DnQ,QAAQuE,GAAUze,GAAQi/B,oBAC1BviC,KAAK+hB,OAASA,EACd/hB,KAAKuiC,UAAYA,EACjBviC,KAAKsD,KAAOA,EACZtD,KAAK6iC,YAAmD,QAArCjV,EAAA+U,EAAqC,mBAAA,IAAA/U,EAAAA,EAAI,KAC5D5tB,KAAKiiB,aAAqD,QAAtC4L,EAAA8U,EAAsC,oBAAA,IAAA9U,EAAAA,EAAI,KAC9D7tB,KAAKyhB,SAA6C,QAAlCqM,EAAA6U,EAAkC,gBAAA,IAAA7U,EAAAA,EAAI,IACvD,CAWD,gBAAOgV,CAAUC,GACf,MAAML,EAjFV,SAASM,cAAc18B,GACrB,MAAMy8B,EAAO/8B,kBAAkBK,mBAAmBC,IAAY,KAGxD28B,EAAiBF,EACnB/8B,kBAAkBK,mBAAmB08B,IAAqB,aAC1D,KAEEG,EAAcl9B,kBAAkBK,mBAAmBC,IACzC,aAKhB,OAH0B48B,EACtBl9B,kBAAkBK,mBAAmB68B,IAAoB,KACzD,OACwBA,GAAeD,GAAkBF,GAAQz8B,CACvE,CAkEuB08B,CAAcD,GACjC,IACE,OAAO,IAAIN,cAAcC,EAC1B,CAAC,MAAA/vB,GACA,OAAO,IACR,CACF,EASG,SAAUwwB,mBAAmBJ,GACjC,OAAON,cAAcK,UAAUC,EACjC,CCrIa,MAAAK,kBAAb,WAAAngC,GAkBWjD,KAAA+pB,WAAaqZ,kBAAkBC,WA2DzC,CAvCC,iBAAOC,CAAWtf,EAAemP,GAC/B,OAAOkN,oBAAoBI,sBAAsBzc,EAAOmP,EACzD,CAwBD,yBAAOoQ,CACLvf,EACAwf,GAEA,MAAMC,EAAgBhB,cAAcK,UAAUU,GAG9C,OAFAhmB,QAAQimB,EAAa,kBAEdpD,oBAAoBK,kBACzB1c,EACAyf,EAAcngC,KACdmgC,EAAchiB,SAEjB,EAxEe2hB,kBAAAC,YAA8C,WAI9CD,kBAAAM,8BACc,WAIdN,kBAAAO,0BAAyB,YCVrB,MAAAC,sBAWpB,WAAA3gC,CAAqB8mB,GAAA/pB,KAAU+pB,WAAVA,EATrB/pB,KAAmB6jC,oBAAkB,KAE7B7jC,KAAgB8jC,iBAAqB,EAOF,CAO3C,kBAAAC,CAAmB9hB,GACjBjiB,KAAK6jC,oBAAsB5hB,CAC5B,CAYD,mBAAA+hB,CAAoBC,GAElB,OADAjkC,KAAK8jC,iBAAmBG,EACjBjkC,IACR,CAKD,mBAAAkkC,GACE,OAAOlkC,KAAK8jC,gBACb,ECbG,MAAgBK,0BACZP,sBADV,WAAA3gC,uBAKUjD,KAAMokC,OAAa,EAqB5B,CAdC,QAAAC,CAASC,GAKP,OAHKtkC,KAAKokC,OAAOh/B,SAASk/B,IACxBtkC,KAAKokC,OAAO5iC,KAAK8iC,GAEZtkC,IACR,CAKD,SAAAukC,GACE,MAAO,IAAIvkC,KAAKokC,OACjB,EA2CG,MAAOI,sBAAsBL,kBAKjC,yBAAOM,CAAmB3hB,GACxB,MAAM7c,EAAsB,iBAAT6c,EAAoBjP,KAAKmT,MAAMlE,GAAQA,EAK1D,OAJAtF,QACE,eAAgBvX,GAAO,iBAAkBA,EAAG,kBAGvC+6B,gBAAgBE,YAAYj7B,EACpC,CAuBD,UAAAq9B,CAAW39B,GACT,OAAO3F,KAAK0kC,YAAWhhC,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,CAAA,EAAMrX,GAAM,CAAEy7B,MAAOz7B,EAAOg/B,WACpD,CAGO,WAAAD,CACN/+B,GAIA,OAFA6X,QAAQ7X,EAAOqjB,SAAWrjB,EAAOwlB,YAAW,kBAErC6V,gBAAgBE,2CAClBv7B,GAAM,CACTokB,WAAY/pB,KAAK+pB,WACjB0V,aAAcz/B,KAAK+pB,aAEtB,CAOD,2BAAO6a,CACLC,GAEA,OAAOL,cAAcM,gCACnBD,EAEH,CAOD,0BAAOE,CAAoBt9B,GACzB,OAAO+8B,cAAcM,gCAClBr9B,EAAMjE,YAAc,CAAE,EAE1B,CAEO,sCAAOshC,EACb5gB,eAAgB8gB,IAEhB,IAAKA,EACH,OAAO,KAGT,MAAMC,aACJA,EAAYC,iBACZA,EAAgB5D,iBAChBA,EAAgBL,aAChBA,EAAYG,MACZA,EAAKrX,WACLA,GACEib,EACJ,KACGE,GACA5D,GACA2D,GACAhE,GAED,OAAO,KAGT,IAAKlX,EACH,OAAO,KAGT,IACE,OAAO,IAAIya,cAAcza,GAAY2a,YAAY,CAC/C1b,QAASic,EACT9Z,YAAa+Z,EACb9D,QACAH,gBAEH,CAAC,MAAOz5B,GACP,OAAO,IACR,CACF,ECnLG,MAAO29B,6BAA6BhB,kBAOxC,WAAAlhC,GACEQ,qBACD,CAcD,iBAAO6/B,CAAWnY,GAChB,OAAO6V,gBAAgBE,YAAY,CACjCnX,WAAYob,qBAAqB9B,YACjC5D,aAAc0F,qBAAqBC,wBACnCja,eAEH,CAOD,2BAAOyZ,CACLC,GAEA,OAAOM,qBAAqBE,2BAC1BR,EAEH,CAQD,0BAAOE,CAAoBt9B,GACzB,OAAO09B,qBAAqBE,2BACzB59B,EAAMjE,YAAc,CAAE,EAE1B,CAEO,iCAAO6hC,EACbnhB,eAAgB8gB,IAEhB,IAAKA,KAAmB,qBAAsBA,GAC5C,OAAO,KAGT,IAAKA,EAAcE,iBACjB,OAAO,KAGT,IACE,OAAOC,qBAAqB7B,WAAW0B,EAAcE,iBACtD,CAAC,MAAAvyB,GACA,OAAO,IACR,CACF,EAtEewyB,qBAAAC,wBACQ,eAERD,qBAAA9B,YAAkD,eCF9D,MAAOiC,2BAA2BnB,kBAMtC,WAAAlhC,GACEQ,oBACAzD,KAAKqkC,SAAS,UACf,CAeD,iBAAOf,CACLta,EACAmC,GAEA,OAAO6V,gBAAgBE,YAAY,CACjCnX,WAAYub,mBAAmBjC,YAC/B5D,aAAc6F,mBAAmBC,sBACjCvc,UACAmC,eAEH,CAOD,2BAAOyZ,CACLC,GAEA,OAAOS,mBAAmBD,2BACxBR,EAEH,CAOD,0BAAOE,CAAoBt9B,GACzB,OAAO69B,mBAAmBD,2BACvB59B,EAAMjE,YAAc,CAAE,EAE1B,CAEO,iCAAO6hC,EACbnhB,eAAgB8gB,IAEhB,IAAKA,EACH,OAAO,KAGT,MAAMC,aAAEA,EAAYC,iBAAEA,GACpBF,EACF,IAAKC,IAAiBC,EAEpB,OAAO,KAGT,IACE,OAAOI,mBAAmBhC,WAAW2B,EAAcC,EACpD,CAAC,MAAAvyB,GACA,OAAO,IACR,CACF,EA7Ee2yB,mBAAAC,sBAA0D,aAE1DD,mBAAAjC,YAA8C,aCJ1D,MAAOmC,2BAA2BrB,kBAMtC,WAAAlhC,GACEQ,mBACD,CAOD,iBAAO6/B,CAAWnY,GAChB,OAAO6V,gBAAgBE,YAAY,CACjCnX,WAAYyb,mBAAmBnC,YAC/B5D,aAAc+F,mBAAmBC,sBACjCta,eAEH,CAOD,2BAAOyZ,CACLC,GAEA,OAAOW,mBAAmBH,2BACxBR,EAEH,CAQD,0BAAOE,CAAoBt9B,GACzB,OAAO+9B,mBAAmBH,2BACvB59B,EAAMjE,YAAc,CAAE,EAE1B,CAEO,iCAAO6hC,EACbnhB,eAAgB8gB,IAEhB,IAAKA,KAAmB,qBAAsBA,GAC5C,OAAO,KAGT,IAAKA,EAAcE,iBACjB,OAAO,KAGT,IACE,OAAOM,mBAAmBlC,WAAW0B,EAAcE,iBACpD,CAAC,MAAAvyB,GACA,OAAO,IACR,CACF,EA9De6yB,mBAAAC,sBAA0D,aAE1DD,mBAAAnC,YAA8C,aCpC1D,MAAOqC,2BAA2BlG,eAEtC,WAAAv8B,CACE8mB,EACiBkX,GAEjBx9B,MAAMsmB,EAAYA,GAFD/pB,KAAYihC,aAAZA,CAGlB,CAGD,mBAAAvB,CAAoB5iB,GAElB,OAAOikB,cAAcjkB,EADL9c,KAAKwhC,eAEtB,CAGD,cAAA5B,CACE9iB,EACAkM,GAEA,MAAMpZ,EAAU5P,KAAKwhC,eAErB,OADA5xB,EAAQoZ,QAAUA,EACX+X,cAAcjkB,EAAMlN,EAC5B,CAGD,4BAAAkwB,CAA6BhjB,GAC3B,MAAMlN,EAAU5P,KAAKwhC,eAErB,OADA5xB,EAAQ6xB,YAAa,EACdV,cAAcjkB,EAAMlN,EAC5B,CAGD,MAAAkZ,GACE,MAAO,CACL2W,aAAcz/B,KAAKy/B,aACnB1V,WAAY/pB,KAAK+pB,WACjBkX,aAAcjhC,KAAKihC,aAEtB,CAWD,eAAO7U,CAAStJ,GACd,MAAM7c,EAAsB,iBAAT6c,EAAoBjP,KAAKmT,MAAMlE,GAAQA,GACpDiH,WAAEA,EAAU0V,aAAEA,EAAYwB,aAAEA,GAChCh7B,EACF,OACG8jB,GACA0V,GACAwB,GACDlX,IAAe0V,EAKV,IAAIiG,mBAAmB3b,EAAYkX,GAHjC,IAIV,CAOD,cAAO0E,CAAQ5b,EAAoBkX,GACjC,OAAO,IAAIyE,mBAAmB3b,EAAYkX,EAC3C,CAEO,YAAAO,GACN,MAAO,CACLE,WAlFkB,mBAmFlBd,mBAAmB,EACnBK,aAAcjhC,KAAKihC,aAEtB,EClFG,MAAO2E,yBAAyBhC,sBAKpC,WAAA3gC,CAAY8mB,GACVvM,QACEuM,EAAWjL,WAdY,2BAiBzBrb,MAAMsmB,EACP,CAkBD,2BAAO6a,CACLC,GAEA,OAAOe,iBAAiBC,+BACtBhB,EAEH,CAQD,0BAAOE,CAAoBt9B,GACzB,OAAOm+B,iBAAiBC,+BACrBp+B,EAAMjE,YAAc,CAAE,EAE1B,CAMD,yBAAOihC,CAAmB3hB,GACxB,MAAMwgB,EAAaoC,mBAAmBtZ,SAAStJ,GAE/C,OADAtF,QAAQ8lB,EAAU,kBACXA,CACR,CAEO,qCAAOuC,EACb3hB,eAAgB8gB,IAEhB,IAAKA,EACH,OAAO,KAGT,MAAM/D,aAAEA,EAAYlX,WAAEA,GAAeib,EAErC,IAAK/D,IAAiBlX,EACpB,OAAO,KAGT,IACE,OAAO2b,mBAAmBC,QAAQ5b,EAAYkX,EAC/C,CAAC,MAAOz5B,GACP,OAAO,IACR,CACF,EC7BG,MAAOs+B,4BAA4B3B,kBAMvC,WAAAlhC,GACEQ,oBACD,CAQD,iBAAO6/B,CAAWn9B,EAAeo7B,GAC/B,OAAOP,gBAAgBE,YAAY,CACjCnX,WAAY+b,oBAAoBzC,YAChC5D,aAAcqG,oBAAoBC,uBAClC1E,WAAYl7B,EACZm7B,iBAAkBC,GAErB,CAOD,2BAAOqD,CACLC,GAEA,OAAOiB,oBAAoBT,2BACzBR,EAEH,CAQD,0BAAOE,CAAoBt9B,GACzB,OAAOq+B,oBAAoBT,2BACxB59B,EAAMjE,YAAc,CAAE,EAE1B,CAEO,iCAAO6hC,EACbnhB,eAAgB8gB,IAEhB,IAAKA,EACH,OAAO,KAET,MAAME,iBAAEA,EAAgB5D,iBAAEA,GACxB0D,EACF,IAAKE,IAAqB5D,EACxB,OAAO,KAGT,IACE,OAAOwE,oBAAoBxC,WAAW4B,EAAkB5D,EACzD,CAAC,MAAA3uB,GACA,OAAO,IACR,CACF,EC1GI9F,eAAem5B,OACpBlpB,EACAlN,GAEA,OAAO0T,sBACLxG,EAGA,OAAA,sBAAA0E,mBAAmB1E,EAAMlN,GAE7B,CD+BkBk2B,oBAAAC,uBAA6D,cAE7DD,oBAAAzC,YAAgD,cExDrD,MAAA4C,mBAQX,WAAAhjC,CAAY0C,GACV3F,KAAK0lB,KAAO/f,EAAO+f,KACnB1lB,KAAK+pB,WAAapkB,EAAOokB,WACzB/pB,KAAKkkB,eAAiBve,EAAOue,eAC7BlkB,KAAKkmC,cAAgBvgC,EAAOugC,aAC7B,CAED,iCAAahY,CACXpR,EACAopB,EACA/X,EACAlE,GAAuB,GAEvB,MAAMvE,QAAagH,SAASwB,qBAC1BpR,EACAqR,EACAlE,GAEIF,EAAaoc,sBAAsBhY,GAOzC,OANiB,IAAI8X,mBAAmB,CACtCvgB,OACAqE,aACA7F,eAAgBiK,EAChB+X,iBAGH,CAED,0BAAaE,CACX1gB,EACAwgB,EACAl5B,SAEM0Y,EAAK0H,yBAAyBpgB,GAAuB,GAC3D,MAAM+c,EAAaoc,sBAAsBn5B,GACzC,OAAO,IAAIi5B,mBAAmB,CAC5BvgB,OACAqE,aACA7F,eAAgBlX,EAChBk5B,iBAEH,EAGH,SAASC,sBACPn5B,GAEA,OAAIA,EAAS+c,WACJ/c,EAAS+c,WAGd,gBAAiB/c,EACK,QAGnB,IACT,CCvDOH,eAAew5B,kBAAkBvpB,SACtC,GAAIwQ,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMugB,EAAepD,UAAUnd,GAE/B,SADMugB,EAAa3I,uBACW,QAA1B/hB,EAAA0qB,EAAa9V,mBAAa,IAAA5U,OAAA,EAAAA,EAAAsX,YAE5B,OAAO,IAAIgc,mBAAmB,CAC5BvgB,KAAM2X,EAAa9V,YACnBwC,WAAY,KACZmc,cAAoC,WAGxC,MAAMl5B,QAAiBg5B,OAAO3I,EAAc,CAC1CuD,mBAAmB,IAEfiE,QAAuBoB,mBAAmB/X,qBAC9CmP,EAEA,SAAArwB,GACA,GAGF,aADMqwB,EAAaxH,mBAAmBgP,EAAenf,MAC9Cmf,CACT,CCpCM,MAAOyB,yBACHjjC,cAKR,WAAAJ,CACE6Z,EACArV,EACSy+B,EACAxgB,SAETjiB,MAAMgE,EAAMnE,KAAMmE,EAAMlE,SAHfvD,KAAakmC,cAAbA,EACAlmC,KAAI0lB,KAAJA,EAIThiB,OAAOC,eAAe3D,KAAMsmC,iBAAiB1iC,WAC7C5D,KAAKwD,WAAa,CAChByZ,QAASH,EAAK5Z,KACdue,SAAuB,QAAb9O,EAAAmK,EAAK2E,gBAAQ,IAAA9O,EAAAA,OAAIhM,EAC3B6c,gBAAiB/b,EAAMjE,WAAYggB,gBACnC0iB,gBAEH,CAED,6BAAOK,CACLzpB,EACArV,EACAy+B,EACAxgB,GAEA,OAAO,IAAI4gB,iBAAiBxpB,EAAMrV,EAAOy+B,EAAexgB,EACzD,EAGG,SAAU8gB,8CACd1pB,EACAopB,EACA5C,EACA5d,GAOA,OAJgD,mBAA9CwgB,EACI5C,EAAWxD,6BAA6BhjB,GACxCwmB,EAAW5D,oBAAoB5iB,IAEdvV,OAAME,IAC3B,GAAmB,oCAAfA,EAAMnE,KACR,MAAMgjC,iBAAiBC,uBACrBzpB,EACArV,EACAy+B,EACAxgB,GAIJ,MAAMje,CAAK,GAEf,CC/DM,SAAUg/B,oBACdld,GAEA,OAAO,IAAI9b,IACT8b,EACG3c,KAAI,EAAGmd,gBAAiBA,IACxBJ,QAAO+c,KAASA,IAEvB,CCOO75B,eAAe85B,OAAOjhB,EAAYqE,GACvC,MAAMlE,EAAehd,mBAAmB6c,SAClCkhB,qBAAoB,EAAM/gB,EAAckE,GAC9C,MAAMV,iBAAEA,ShDaHxc,eAAeg6B,qBACpB/pB,EACAlN,GAEA,OAAO8R,mBAGL5E,EAAkD,OAAA,sBAAAlN,EACtD,CgDrBqCi3B,CAAqBhhB,EAAa/I,KAAM,CACzEkM,cAAenD,EAAaJ,aAC5BqhB,eAAgB,CAAC/c,KAGbgd,EAAgBN,oBAAoBpd,GAAoB,IAU9D,OARAxD,EAAa0D,aAAe1D,EAAa0D,aAAaI,QAAOqd,GAC3DD,EAAc9yB,IAAI+yB,EAAGjd,cAElBgd,EAAc9yB,IAAG,WACpB4R,EAAa5B,YAAc,YAGvB4B,EAAa/I,KAAK8N,sBAAsB/E,GACvCA,CACT,CAEOhZ,eAAeo6B,QACpBvhB,EACA4d,EACAjc,GAAkB,GAElB,MAAMra,QAAiBoa,qBACrB1B,EACA4d,EAAW1D,eAAela,EAAK5I,WAAY4I,EAAKD,cAChD4B,GAEF,OAAO4e,mBAAmBG,cAAc1gB,EAA0B,OAAA1Y,EACpE,CAEOH,eAAe+5B,oBACpBM,EACAxhB,EACAd,SAEMmE,qBAAqBrD,GAC3B,MAEMpiB,GACS,IAAb4jC,EACG,0BACgC,mBACrC1pB,QANoBipB,oBAAoB/gB,EAAK6D,cAMzBtV,IAAI2Q,KAAcsiB,EAAUxhB,EAAK5I,KAAMxZ,EAC7D,CCxDOuJ,eAAes6B,gBACpBzhB,EACA4d,EACAjc,GAAkB,GAElB,MAAMvK,KAAEA,GAAS4I,EACjB,GAAI4H,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMopB,EAA6C,iBAEnD,IACE,MAAMl5B,QAAiBoa,qBACrB1B,EACA8gB,8CACE1pB,EACAopB,EACA5C,EACA5d,GAEF2B,GAEF7J,QAAQxQ,EAASgc,QAASlM,oBAC1B,MAAMsqB,EAASrhB,YAAY/Y,EAASgc,SACpCxL,QAAQ4pB,EAAQtqB,oBAEhB,MAAQuqB,IAAK/c,GAAY8c,EAGzB,OAFA5pB,QAAQkI,EAAK2E,MAAQC,EAASxN,EAAI,iBAE3BmpB,mBAAmBG,cAAc1gB,EAAMwgB,EAAel5B,EAC9D,CAAC,MAAOxF,GAKP,KAHmC,yBAA9BA,aAAA,EAAAA,EAAqBlE,OACxBkZ,MAAMM,EAAI,iBAENtV,CACP,CACH,CCrCOqF,eAAey6B,sBACpBxqB,EACAwmB,EACAjc,GAAkB,GAElB,GAAIiG,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMopB,EAAsC,SACtCl5B,QAAiBw5B,8CACrB1pB,EACAopB,EACA5C,GAEIuB,QAAuBoB,mBAAmB/X,qBAC9CpR,EACAopB,EACAl5B,GAMF,OAHKqa,SACGvK,EAAK+Y,mBAAmBgP,EAAenf,MAExCmf,CACT,CAgBOh4B,eAAe06B,qBACpBzqB,EACAwmB,GAEA,OAAOgE,sBAAsBrN,UAAUnd,GAAOwmB,EAChD,CAaOz2B,eAAe26B,mBACpB9hB,EACA4d,GAEA,MAAMzd,EAAehd,mBAAmB6c,GAIxC,aAFMkhB,qBAAoB,EAAO/gB,EAAcyd,EAAWvZ,YAEnDkd,QAAMphB,EAAcyd,EAC7B,CAkBOz2B,eAAe46B,6BACpB/hB,EACA4d,GAEA,OAAO6D,gBAAgBt+B,mBAAmB6c,GAAuB4d,EACnE,CC/EOz2B,eAAe66B,sBACpB5qB,EACA6qB,GAEA,GAAIra,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMugB,EAAepD,UAAUnd,GACzB9P,QCrBDH,eAAe66B,wBACpB5qB,EACAlN,GAEA,OAAO0T,sBAILxG,EAGA,OAAA,qCAAA0E,mBAAmB1E,EAAMlN,GAE7B,CDQ0Cg4B,CAAmBvK,EAAc,CACvEl3B,MAAOwhC,EACP/G,mBAAmB,IAEfO,QAAa8E,mBAAmB/X,qBACpCmP,EAAY,SAEZrwB,GAGF,aADMqwB,EAAaxH,mBAAmBsL,EAAKzb,MACpCyb,CACT,CElCsB,MAAA0G,oBAKpB,WAAA5kC,CAA+B6kC,EAAoB96B,GAApBhN,KAAQ8nC,SAARA,EAC7B9nC,KAAKqqB,IAAMrd,EAAS+6B,gBACpB/nC,KAAKgoC,eAAiB,IAAI98B,KAAK8B,EAASi7B,YAAYziB,cACpDxlB,KAAKuqB,YAAcvd,EAASud,WAC7B,CAED,0BAAO2d,CACLprB,EACAqrB,GAEA,MAAI,cAAeA,EACVC,yBAAyBF,oBAAoBprB,EAAMqrB,GACjD,aAAcA,EAChBE,wBAAwBH,oBAAoBprB,EAAMqrB,GAEpD3rB,MAAMM,EAAI,iBAClB,EAGG,MAAOsrB,iCACHP,oBAKR,WAAA5kC,CAAoB+J,GAClBvJ,MAAK,QAAiBuJ,GACtBhN,KAAKikB,YAAcjX,EAASs7B,SAC7B,CAED,0BAAOJ,CACLvI,EACAwI,GAEA,OAAO,IAAIC,yBAAyBD,EACrC,EAEG,MAAOE,gCACHR,oBAGR,WAAA5kC,CAAoB+J,GAClBvJ,MAAK,OAAgBuJ,EACtB,CAED,0BAAOk7B,CACLvI,EACAwI,GAEA,OAAO,IAAIE,wBAAwBF,EACpC,EChEa,SAAAI,gCACdzrB,EACAlN,EACA44B,SAEAhrB,SAC0B,QAAxB7K,EAAA61B,EAAmBliC,WAAK,IAAAqM,OAAA,EAAAA,EAAA7R,QAAS,EACjCgc,EAAI,wBAGNU,aACkD,IAAzCgrB,EAAmBC,mBACxBD,EAAmBC,kBAAkB3nC,OAAS,EAChDgc,EAAI,+BAGNU,aAC2C,IAAlCgrB,EAAmBE,YACxBF,EAAmBE,WAAW5nC,OAAS,EACzCgc,EAAI,+BAINlN,EAAQizB,YAAc2F,EAAmBliC,IACzCsJ,EAAQ64B,kBAAoBD,EAAmBC,kBAC/C74B,EAAQ84B,WAAaF,EAAmBE,WACxC94B,EAAQ+4B,mBAAqBH,EAAmBI,gBAE5CJ,EAAmBK,MACrBrrB,QACEgrB,EAAmBK,IAAIC,SAAShoC,OAAS,EACzCgc,2BAGFlN,EAAQm5B,YAAcP,EAAmBK,IAAIC,UAG3CN,EAAmBQ,UACrBxrB,QACEgrB,EAAmBQ,QAAQC,YAAYnoC,OAAS,EAChDgc,8BAGFlN,EAAQs5B,kBAAoBV,EAAmBQ,QAAQG,WACvDv5B,EAAQw5B,0BACNZ,EAAmBQ,QAAQK,eAC7Bz5B,EAAQ05B,mBAAqBd,EAAmBQ,QAAQC,YAE5D,CCRAp8B,eAAe08B,sBAAsBzsB,GACnC,MAAMugB,EAAepD,UAAUnd,GAC3BugB,EAAa3F,oCACT2F,EAAa1F,uBAEvB,CAqCO9qB,eAAeszB,uBACpBrjB,EACAkH,EACAwkB,GAEA,MAAMnL,EAAepD,UAAUnd,GACzBlN,EAA+C,CACnD45B,YAA+C,iBAC/CxlB,QACAuX,WAAmC,mBAEjCiN,GACFD,gCAAgClL,EAAcztB,EAAS44B,SAEnDhM,oBACJa,EACAztB,eAEA65B,yBAAqC,0BAGzC,CAWO58B,eAAe68B,qBACpB5sB,EACA6jB,EACAgJ,SAEMC,cACW/gC,mBAAmBiU,GAAO,CACvC6jB,UACAgJ,gBAEDpiC,OAAMsF,MAAMpF,IAQX,KALE,6CADAA,EAAMnE,MAGDimC,sBAAsBzsB,GAGvBrV,CAAK,GAGjB,CAUOoF,eAAeg9B,gBACpB/sB,EACA6jB,S9B7EK9zB,eAAeg9B,kBACpB/sB,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,sBAAA0E,mBAAmB1E,EAAMlN,GAE7B,C8BqEQk6B,CAAwBjhC,mBAAmBiU,GAAO,CAAE6jB,WAC5D,CAYO9zB,eAAek9B,gBACpBjtB,EACA6jB,GAEA,MAAMqJ,EAAcnhC,mBAAmBiU,GACjC9P,QAAiBi9B,cAAsBD,EAAa,CAAErJ,YAQtD4B,EAAYv1B,EAASw8B,YAE3B,OADAhsB,QAAQ+kB,EAAWyH,oBACXzH,GACN,IAAA,eACE,MACF,IAAA,0BACE/kB,QAAQxQ,EAASk9B,SAAUF,oBAC3B,MACF,IAAA,gCACExsB,QAAQxQ,EAASm9B,QAASH,oBAE5B,QACExsB,QAAQxQ,EAASgX,MAAOgmB,oBAI5B,IAAII,EAA8C,KAQlD,OAPIp9B,EAASm9B,UACXC,EAAkBvC,oBAAoBK,oBACpCjO,UAAU+P,GACVh9B,EAASm9B,UAIN,CACLhmC,KAAM,CACJ6f,OACuE,4BAApEhX,EAASw8B,YACNx8B,EAASk9B,SACTl9B,EAASgX,QAAU,KACzBqmB,eACuE,4BAApEr9B,EAASw8B,YACNx8B,EAASgX,MACThX,EAASk9B,WAAa,KAC5BE,mBAEF7H,YAEJ,CAYO11B,eAAey9B,wBACpBxtB,EACAxZ,GAEA,MAAMa,KAAEA,SAAe4lC,gBAAgBlhC,mBAAmBiU,GAAOxZ,GAEjE,OAAOa,EAAK6f,KACd,CAsBOnX,eAAe09B,+BACpBztB,EACAkH,EACAmP,GAEA,GAAI7F,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMugB,EAAepD,UAAUnd,GAOzB0tB,EAA2ChO,oBAC/Ca,EAP6B,CAC7BuD,mBAAmB,EACnB5c,QACAmP,WACAoI,WAAmC,mBAI5B,iBAEPyK,OAAM,2BAGFh5B,QAAiBw9B,EAAejjC,OAAME,IAO1C,KALiB,6CAAfA,EAAMnE,MAEDimC,sBAAsBzsB,GAGvBrV,CAAK,IAGPo9B,QAAuBoB,mBAAmB/X,qBAC9CmP,EAAY,SAEZrwB,GAIF,aAFMqwB,EAAaxH,mBAAmBgP,EAAenf,MAE9Cmf,CACT,CAyBgB,SAAA4F,2BACd3tB,EACAkH,EACAmP,GAEA,OAAI7F,EAAqBxQ,EAAKyQ,KACrBpmB,QAAQ2H,OACboO,gDAAgDJ,IAG7CyqB,qBACL1+B,mBAAmBiU,GACnBsmB,kBAAkBE,WAAWtf,EAAOmP,IACpC5rB,OAAMsF,MAAMpF,IAOZ,KALiB,6CAAfA,EAAMnE,MAEDimC,sBAAsBzsB,GAGvBrV,CAAK,GAEf,CC7ROoF,eAAeuzB,sBACpBtjB,EACAkH,EACAwkB,GAEA,MAAMnL,EAAepD,UAAUnd,GACzBlN,EAAkC,CACtC45B,YAA6C,eAC7CxlB,QACAuX,WAAmC,oBAErC,SAASmP,sBACP96B,EACA44B,GAEAhrB,QACEgrB,EAAmBI,gBACnBvL,oBAGEmL,GACFD,gCACElL,EACAztB,EACA44B,EAGL,CACDkC,CAAsB96B,EAAS44B,SACzBhM,oBACJa,EACAztB,eAEA+6B,wBAAyB,0BAG7B,CAUgB,SAAAC,sBAAsB9tB,EAAY0mB,GAChD,MAAMC,EAAgBhB,cAAcK,UAAUU,GAC9C,MAA+B,kBAAxBC,aAAA,EAAAA,EAAelB,UACxB,CA2CO11B,eAAeg0B,oBACpB/jB,EACAkH,EACAwf,GAEA,GAAIlW,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMktB,EAAcnhC,mBAAmBiU,GACjCwmB,EAAaF,kBAAkBG,mBACnCvf,EACAwf,GAAa3lB,kBASf,OALAL,QACE8lB,EAAW9C,aAAewJ,EAAYvoB,UAAY,MAClDuoB,wBAGKzC,qBAAqByC,EAAa1G,EAC3C,CC9IOz2B,eAAeg+B,2BACpB/tB,EACAkH,GAKA,MACMpU,EAAgC,CACpCk7B,WAAY9mB,EACZ+mB,YAHkB/sB,iBAAmBH,iBAAmB,qBAMpDmtB,cAAEA,SChCHn+B,eAAeo+B,cACpBnuB,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,6BAAA0E,mBAAmB1E,EAAMlN,GAE7B,CDsBkCq7B,CAC9BpiC,mBAAmBiU,GACnBlN,GAGF,OAAOo7B,GAAiB,EAC1B,CAgCOn+B,eAAeq+B,sBACpBxlB,EACA8iB,GAEA,MAAM3iB,EAAehd,mBAAmB6c,GAElC9V,EAAkC,CACtC45B,YAA6C,eAC7CxgB,cAHoBtD,EAAKD,cAKvB+iB,GACFD,gCACE1iB,EAAa/I,KACblN,EACA44B,GAIJ,MAAMxkB,MAAEA,S/BAHnX,eAAeq+B,wBACpBpuB,EACAlN,GAEA,OAAOswB,YAAYpjB,EAAMlN,EAC3B,C+BL0Bu7B,CAA0BtlB,EAAa/I,KAAMlN,GAEjEoU,IAAU0B,EAAK1B,aACX0B,EAAKiF,QAEf,CAoCO9d,eAAeu+B,wBACpB1lB,EACAwkB,EACA1B,GAEA,MAAM3iB,EAAehd,mBAAmB6c,GAElC9V,EAA2C,CAC/C45B,YAAwD,0BACxDxgB,cAHoBtD,EAAKD,aAIzBykB,YAEE1B,GACFD,gCACE1iB,EAAa/I,KACblN,EACA44B,GAIJ,MAAMxkB,MAAEA,S/BxCHnX,eAAew+B,qBACpBvuB,EACAlN,GAEA,OAAOswB,YAAYpjB,EAAMlN,EAC3B,C+BmC0B07B,CAAyBzlB,EAAa/I,KAAMlN,GAEhEoU,IAAU0B,EAAK1B,aAGX0B,EAAKiF,QAEf,CExJO9d,eAAe0+B,cACpB7lB,GACA6E,YACEA,EACAC,SAAUC,IAGZ,QAAoB9jB,IAAhB4jB,QAA0C5jB,IAAb8jB,EAC/B,OAGF,MAAM5E,EAAehd,mBAAmB6c,GAElC8lB,EAAiB,CACrBxiB,cAFoBnD,EAAaJ,aAGjC8E,cACAE,WACAmW,mBAAmB,GAEf5zB,QAAiBoa,qBACrBvB,EC1BGhZ,eAAe0+B,gBACpBzuB,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,sBAAAlN,EAEJ,CDiBI67B,CAAiB5lB,EAAa/I,KAAM0uB,IAGtC3lB,EAAa0E,YAAcvd,EAASud,aAAe,KACnD1E,EAAa2E,SAAWxd,EAASyd,UAAY,KAG7C,MAAMihB,EAAmB7lB,EAAa0D,aAAa1d,MACjD,EAAGke,gBAA2B,aAAVA,IAElB2hB,IACFA,EAAiBnhB,YAAc1E,EAAa0E,YAC5CmhB,EAAiBlhB,SAAW3E,EAAa2E,gBAGrC3E,EAAauH,yBAAyBpgB,EAC9C,CA0BgB,SAAA2+B,YAAYjmB,EAAYwkB,GACtC,MAAMrkB,EAAehd,mBAAmB6c,GACxC,OAAI4H,EAAqBzH,EAAa/I,KAAKyQ,KAClCpmB,QAAQ2H,OACboO,gDAAgD2I,EAAa/I,OAG1D8uB,sBAAsB/lB,EAAcqkB,EAAU,KACvD,CAegB,SAAA2B,eAAenmB,EAAYikB,GACzC,OAAOiC,sBACL/iC,mBAAmB6c,GACnB,KACAikB,EAEJ,CAEA98B,eAAe++B,sBACblmB,EACA1B,EACAmP,GAEA,MAAMrW,KAAEA,GAAS4I,EAEX9V,EAAsC,CAC1CoZ,cAFoBtD,EAAKD,aAGzBmb,mBAAmB,GAGjB5c,IACFpU,EAAQoU,MAAQA,GAGdmP,IACFvjB,EAAQujB,SAAWA,GAGrB,MAAMnmB,QAAiBoa,qBACrB1B,ElC5FG7Y,eAAei/B,oBACpBhvB,EACAlN,GAEA,OAAO8R,mBAGL5E,EAAkD,OAAA,sBAAAlN,EACtD,CkCqFIm8B,CAAuBjvB,EAAMlN,UAEzB8V,EAAK0H,yBAAyBpgB,GAAuB,EAC7D,CEhFA,MAAMg/B,0BACJ,WAAA/oC,CACWgpC,EACAliB,EACAmiB,EAAmC,CAAA,GAFnClsC,KAASisC,UAATA,EACAjsC,KAAU+pB,WAAVA,EACA/pB,KAAOksC,QAAPA,CACP,EAGN,MAAMC,gDAAgDH,0BACpD,WAAA/oC,CACEgpC,EACAliB,EACAmiB,EACSE,GAET3oC,MAAMwoC,EAAWliB,EAAYmiB,GAFpBlsC,KAAQosC,SAARA,CAGV,EAGH,MAAMC,mCAAmCL,0BACvC,WAAA/oC,CAAYgpC,EAAoBC,GAC9BzoC,MAAMwoC,EAAgC,eAAAC,EACvC,EAGH,MAAMI,iCAAiCH,wCACrC,WAAAlpC,CAAYgpC,EAAoBC,GAC9BzoC,MACEwoC,EAEA,aAAAC,EAC0B,iBAAnBA,aAAO,EAAPA,EAASK,OAAqBL,aAAA,EAAAA,EAASK,MAAQ,KAEzD,EAGH,MAAMC,iCAAiCR,0BACrC,WAAA/oC,CAAYgpC,EAAoBC,GAC9BzoC,MAAMwoC,EAA8B,aAAAC,EACrC,EAGH,MAAMO,kCAAkCN,wCACtC,WAAAlpC,CACEgpC,EACAC,EACAQ,GAEAjpC,MAAMwoC,EAAS,cAAsBC,EAASQ,EAC/C,EAUG,SAAUC,sBACd9H,GAEA,MAAMnf,KAAEA,EAAIxB,eAAEA,GAAmB2gB,EACjC,OAAInf,EAAKuE,cAAgB/F,EAGhB,CACL6F,WAAY,KACZkiB,WAAW,EACXC,QAAS,MAxHT,SAAUhe,qBACdC,WAEA,IAAKA,EACH,OAAO,KAET,MAAMpE,WAAEA,GAAeoE,EACjB+d,EAAU/d,EAAgBye,YAC5B/4B,KAAKmT,MAAMmH,EAAgBye,aAC3B,GACEX,EACJ9d,EAAgB8d,WACI,0CAApB9d,EAAgB0e,KAClB,IAAK9iB,IAAcoE,aAAA,EAAAA,EAAiBnF,SAAS,CAC3C,MAAM5C,EACJ,QADqBvT,EAAsC,QAAtCF,EAAAoT,YAAYoI,EAAgBnF,gBAAU,IAAArW,OAAA,EAAAA,EAAAwT,gBAC3D,IAAAtT,OAAA,EAAAA,EAAkB,iBAEpB,GAAIuT,EAOF,OAAO,IAAI4lB,0BAA0BC,EALI,cAAvC7lB,GACoC,WAApCA,EACKA,EACD,KAIT,CACD,IAAK2D,EACH,OAAO,KAET,OAAQA,GACN,IAAA,eACE,OAAO,IAAIsiB,2BAA2BJ,EAAWC,GACnD,IAAA,aACE,OAAO,IAAII,yBAAyBL,EAAWC,GACjD,IAAA,aACE,OAAO,IAAIM,yBAAyBP,EAAWC,GACjD,IAAA,cACE,OAAO,IAAIO,0BACTR,EACAC,EACA/d,EAAgBue,YAAc,MAElC,IAAuB,SACvB,IAAA,YACE,OAAO,IAAIV,0BAA0BC,EAAW,MAClD,QACE,OAAO,IAAID,0BAA0BC,EAAWliB,EAAYmiB,GAElE,CA2EShe,CAAqBhK,EAC9B,CC1FgB,SAAAyL,eACd7S,EACAmS,GAEA,OAAOpmB,mBAAmBiU,GAAM6S,eAAeV,EACjD,CA6BM,SAAU6d,0BAA0BhwB,GACxC,OzCwPKjQ,eAAekgC,2BAA2BjwB,GAC/C,MAAMugB,EAAepD,UAAUnd,GAEzB9P,QAAiBgY,mBAAmBqY,EAAc,CACtD9B,WAAmC,kBACnCC,QAAoC,yBAGhC7c,EAAS,IAAI2F,gBAAgBtX,GACN,MAAzBqwB,EAAa5b,SACf4b,EAAazI,sBAAwBjW,EAErC0e,EAAaxI,wBAAwBwI,EAAa5b,UAAY9C,EAG5DA,EAAOoG,wBACQ,IAAImW,4BAA4BmC,GACnCjC,QAElB,CyC3QS2R,CAA2BjwB,EACpC,CAyBOjQ,eAAeqmB,iBACpBpW,EACAqW,GAGA,OADqB8G,UAAUnd,GACXoW,iBAAiBC,EACvC,CAkBM,SAAUgF,iBACdrb,EACA9U,EACAP,EACAuwB,GAEA,OAAOnvB,mBAAmBiU,GAAMqb,iBAC9BnwB,EACAP,EACAuwB,EAEJ,CAWgB,SAAAE,uBACdpb,EACAlT,EACA+nB,GAEA,OAAO9oB,mBAAmBiU,GAAMob,uBAAuBtuB,EAAU+nB,EACnE,CAgBM,SAAUoG,mBACdjb,EACA9U,EACAP,EACAuwB,GAEA,OAAOnvB,mBAAmBiU,GAAMib,mBAC9B/vB,EACAP,EACAuwB,EAEJ,CAQM,SAAUlB,kBAAkBha,GAChCjU,mBAAmBiU,GAAMga,mBAC3B,CAsBgB,SAAAM,kBACdta,EACA4I,GAEA,OAAO7c,mBAAmBiU,GAAMsa,kBAAkB1R,EACpD,CAYM,SAAU8B,QAAQ1K,GACtB,OAAOjU,mBAAmBiU,GAAM0K,SAClC,CAUgB,SAAA8Q,kBAAkBxb,EAAY3W,GAE5C,OADqB8zB,UAAUnd,GACXwb,kBAAkBnyB,EACxC,CA+EO0G,eAAemgC,WAAWtnB,GAC/B,OAAO7c,mBAAmB6c,GAAM9X,QAClC,CC3Ta,MAAAq/B,uBACX,WAAAhqC,CACWgG,EACAq6B,EACA5d,GAFA1lB,KAAIiJ,KAAJA,EACAjJ,KAAUsjC,WAAVA,EACAtjC,KAAI0lB,KAAJA,CACP,CAEJ,mBAAOwnB,CACLlkB,EACAtD,GAEA,OAAO,IAAIunB,uBAAsB,SAE/BjkB,EACAtD,EAEH,CAED,gCAAOynB,CACLC,GAEA,OAAO,IAAIH,uBAET,SAAAG,EAEH,CAED,MAAAtkB,GACE,MAAMpkB,EACuC,WAA3C1E,KAAKiJ,KACD,UACA,oBACN,MAAO,CACLokC,mBAAoB,CAClB3oC,CAACA,GAAM1E,KAAKsjC,YAGjB,CAED,eAAOlX,CACLnmB,WAEA,GAAIA,aAAG,EAAHA,EAAKonC,mBAAoB,CAC3B,GAA4B,QAAxB16B,EAAA1M,EAAIonC,0BAAoB,IAAA16B,OAAA,EAAAA,EAAA26B,kBAC1B,OAAOL,uBAAuBE,0BAC5BlnC,EAAIonC,mBAAmBC,mBAEpB,GAA4B,QAAxBz6B,EAAA5M,EAAIonC,0BAAoB,IAAAx6B,OAAA,EAAAA,EAAAmW,QACjC,OAAOikB,uBAAuBC,aAC5BjnC,EAAIonC,mBAAmBrkB,QAG5B,CACD,OAAO,IACR,EClDU,MAAAukB,wBACX,WAAAtqC,CACWuqC,EACAC,EACQC,GAFR1tC,KAAOwtC,QAAPA,EACAxtC,KAAKytC,MAALA,EACQztC,KAAc0tC,eAAdA,CAGf,CAGJ,iBAAOC,CACLxS,EACA1zB,GAEA,MAAMqV,EAAOmd,UAAUkB,GACjB5X,EAAiB9b,EAAMjE,WAAWggB,gBAClCiqB,GAASlqB,EAAe4mB,SAAW,IAAIv9B,KAAIu7B,GAC/CN,oBAAoBK,oBAAoBprB,EAAMqrB,KAGhD3qB,QACE+F,EAAe6pB,qBACftwB,oBAGF,MAAM0wB,EAAUP,uBAAuBE,0BACrC5pB,EAAe6pB,sBAGjB,OAAO,IAAIG,wBACTC,EACAC,GACA5gC,MACE4Q,IAEA,MAAMmwB,QAAoBnwB,EAAUowB,SAAS/wB,EAAM0wB,UAE5CjqB,EAAe4mB,eACf5mB,EAAe6pB,qBAGtB,MAAMjf,EACDzqB,OAAAsZ,OAAAtZ,OAAAsZ,OAAA,CAAA,EAAAuG,GACH,CAAAyF,QAAS4kB,EAAY5kB,QACrBkC,aAAc0iB,EAAY1iB,eAI5B,OAAQzjB,EAAMy+B,eACZ,IAAA,SACE,MAAMrB,QACEoB,mBAAmB/X,qBACvBpR,EACArV,EAAMy+B,cACN/X,GAGJ,aADMrR,EAAK+Y,mBAAmBgP,EAAenf,MACtCmf,EACT,IAAA,iBAEE,OADArnB,QAAQ/V,EAAMie,KAAM5I,oBACbmpB,mBAAmBG,cACxB3+B,EAAMie,KACNje,EAAMy+B,cACN/X,GAEJ,QACE3R,MAAMM,EAAI,kBACb,GAGN,CAED,mBAAMgxB,CACJC,GAEA,MAAMtwB,EAAYswB,EAClB,OAAO/tC,KAAK0tC,eAAejwB,EAC5B,EAaa,SAAAuwB,uBACdlxB,EACArV,SAEA,MAAMuiC,EAAcnhC,mBAAmBiU,GACjCmxB,EAAgBxmC,EAYtB,OAXA+V,QACE/V,EAAMjE,WAAW0iC,cACjB8D,EAAW,kBAGbxsB,QAC0C,QAAxC7K,EAAAs7B,EAAczqC,WAAWggB,uBAAe,IAAA7Q,OAAA,EAAAA,EAAEy6B,qBAC1CpD,EAAW,kBAINuD,wBAAwBI,WAAW3D,EAAaiE,EACzD,CChHa,MAAAC,oBAGX,WAAAjrC,CAA6ByiB,GAAA1lB,KAAI0lB,KAAJA,EAF7B1lB,KAAemuC,gBAAsB,GAGnCzoB,EAAKuH,WAAUF,IACTA,EAASod,UACXnqC,KAAKmuC,gBAAkBphB,EAASod,QAAQv9B,KAAIu7B,GAC1CN,oBAAoBK,oBAAoBxiB,EAAK5I,KAAMqrB,KAEtD,GAEJ,CAED,gBAAOiG,CAAU1oB,GACf,OAAO,IAAIwoB,oBAAoBxoB,EAChC,CAED,gBAAM2oB,GACJ,OAAOpB,uBAAuBC,mBACtBltC,KAAK0lB,KAAKD,aAChBzlB,KAAK0lB,KAER,CAED,YAAM4oB,CACJP,EACAxjB,GAEA,MAAM9M,EAAYswB,EACZP,QAAiBxtC,KAAKquC,aACtBE,QAA4BnnB,qBAChCpnB,KAAK0lB,KACLjI,EAAUowB,SAAS7tC,KAAK0lB,KAAK5I,KAAM0wB,EAASjjB,IAQ9C,aAJMvqB,KAAK0lB,KAAK0H,yBAAyBmhB,GAIlCvuC,KAAK0lB,KAAKiF,QAClB,CAED,cAAM6jB,CAASC,GACb,MAAM1G,EACiB,iBAAd0G,EAAyBA,EAAYA,EAAUpkB,IAClDrB,QAAgBhpB,KAAK0lB,KAAKD,aAChC,IACE,MAAM0I,QAAwB/G,qBAC5BpnB,KAAK0lB,KCsGG,SAAAgpB,YACd5xB,EACAlN,GAEA,OAAO8R,mBACL5E,EAGA,OAAA,sCAAA0E,mBAAmB1E,EAAMlN,GAE7B,CD/GQ8+B,CAAY1uC,KAAK0lB,KAAK5I,KAAM,CAC1BkM,UACA+e,qBAIJ/nC,KAAKmuC,gBAAkBnuC,KAAKmuC,gBAAgBxkB,QAC1C,EAAGU,SAAUA,IAAQ0d,UAMjB/nC,KAAK0lB,KAAK0H,yBAAyBe,SACnCnuB,KAAK0lB,KAAKiF,QACjB,CAAC,MAAOnjB,GACP,MAAMA,CACP,CACF,EAGH,MAAMmnC,EAAuB,IAAIC,QAY3B,SAAUC,YAAYnpB,GAC1B,MAAMopB,EAAcjmC,mBAAmB6c,GAOvC,OANKipB,EAAqB16B,IAAI66B,IAC5BH,EAAqBlgB,IACnBqgB,EACAZ,oBAAoBE,UAAUU,IAG3BH,EAAqBp7B,IAAIu7B,EAClC,kCE/Fa,MAAAC,YAIX,WAAA9rC,CAA6B6Z,GAAA9c,KAAI8c,KAAJA,EAHZ9c,KAAAgvC,kBACf,IAAI1gB,GAE6C,CAEnD,MAAA2gB,SAEE,OADAjvC,KAAKkvC,wBACyB,QAAvBv8B,EAAA3S,KAAK8c,KAAKyK,mBAAa,IAAA5U,OAAA,EAAAA,EAAA0X,MAAO,IACtC,CAED,cAAMoB,CACJ9F,GAIA,GAFA3lB,KAAKkvC,6BACClvC,KAAK8c,KAAK4X,wBACX10B,KAAK8c,KAAKyK,YACb,OAAO,KAIT,MAAO,CAAE4D,kBADiBnrB,KAAK8c,KAAKyK,YAAY9B,WAAWE,GAE5D,CAED,oBAAAwpB,CAAqBh7B,GAEnB,GADAnU,KAAKkvC,uBACDlvC,KAAKgvC,kBAAkB/6B,IAAIE,GAC7B,OAGF,MAAMkkB,EAAcr4B,KAAK8c,KAAKqb,kBAAiBzS,IAC7CvR,GACGuR,aAAA,EAAAA,EAA8ByC,gBAAgBgD,cAAe,KAC/D,IAEHnrB,KAAKgvC,kBAAkBvgB,IAAIta,EAAUkkB,GACrCr4B,KAAKovC,wBACN,CAED,uBAAAC,CAAwBl7B,GACtBnU,KAAKkvC,uBACL,MAAM7W,EAAcr4B,KAAKgvC,kBAAkBz7B,IAAIY,GAC1CkkB,IAILr4B,KAAKgvC,kBAAkBphC,OAAOuG,GAC9BkkB,IACAr4B,KAAKovC,yBACN,CAEO,oBAAAF,GACN1xB,QACExd,KAAK8c,KAAK4X,+DAGb,CAEO,sBAAA0a,GACFpvC,KAAKgvC,kBAAkB1iC,KAAO,EAChCtM,KAAK8c,KAAKoQ,yBAEVltB,KAAK8c,KAAKqQ,uBAEb,ECvEU,MAAAmiB,EAAW,CAEtBC,MAAO,QACPC,KAAM,QAQKC,EAAa,CAExBC,SAAU,eAEVC,OAAQ,aAERC,OAAQ,aAERC,SAAU,WAEVN,MAAO,QAEPO,QAAS,eAQEC,EAAe,CAE1BC,WAAY,YAEZC,eAAgB,WAEhBP,SAAU,eAEVC,OAAQ,aAERC,OAAQ,aAERL,MAAO,QAEPO,QAAS,eAQEI,EAAgB,CAE3BC,KAAM,OAENC,eAAgB,iBAEhBC,QAAS,UAQEC,EAAsB,CAEjCC,aAAc,eAEdC,eAAgB,iBAEhBC,cAAe,gBAEfC,8BAA+B,gCAE/BC,wBAAyB,0BAEzBC,aAAc,gBC1EM,MAAAC,wBACpB,WAAA5tC,CACqB6tC,EACV7nC,GADUjJ,KAAgB8wC,iBAAhBA,EACV9wC,KAAIiJ,KAAJA,CACP,CAEJ,YAAAgK,GACE,IACE,OAAKjT,KAAK2uB,SAGV3uB,KAAK2uB,QAAQoiB,QAAQ3lC,EAAuB,KAC5CpL,KAAK2uB,QAAQqiB,WAAW5lC,GACjBjE,QAAQC,SAAQ,IAJdD,QAAQC,SAAQ,EAK1B,CAAC,MAAAuL,GACA,OAAOxL,QAAQC,SAAQ,EACxB,CACF,CAED,IAAAgM,CAAK1O,EAAaC,GAEhB,OADA3E,KAAK2uB,QAAQoiB,QAAQrsC,EAAKmP,KAAKC,UAAUnP,IAClCwC,QAAQC,SAChB,CAED,IAAAiM,CAAiC3O,GAC/B,MAAMoe,EAAO9iB,KAAK2uB,QAAQsiB,QAAQvsC,GAClC,OAAOyC,QAAQC,QAAQ0b,EAAOjP,KAAKmT,MAAMlE,GAAQ,KAClD,CAED,OAAAtP,CAAQ9O,GAEN,OADA1E,KAAK2uB,QAAQqiB,WAAWtsC,GACjByC,QAAQC,SAChB,CAED,WAAcunB,GACZ,OAAO3uB,KAAK8wC,kBACb,EC7BH,MAAMI,gCACIL,wBAKR,WAAA5tC,GACEQ,OAAM,IAAM6L,OAAO6hC,uBAGJnxC,KAAAwL,kBAAoB,CACnCS,EACAmlC,IACSpxC,KAAKqxC,eAAeplC,EAAOmlC,GACrBpxC,KAASkR,UAA8C,GACvDlR,KAAUmR,WAAkC,GAGrDnR,KAASoR,UAAe,KAGfpR,KAAiBsxC,kBzD2FpB,SAAAC,iBAAiBphB,EAAahtB,SAE5C,OACE2tB,OAAOX,IACPO,WAAWP,IACXI,SAASJ,IACTG,cAAcH,IACd,iBAAiB9O,KAAK8O,IACtBC,YAAYD,EAEhB,CyDrGuCohB,GAC5BvxC,KAAqBiR,uBAAG,CAdhC,CAgBO,iBAAAugC,CACNzY,GAGA,IAAK,MAAMr0B,KAAOhB,OAAOuB,KAAKjF,KAAKkR,WAAY,CAE7C,MAAMgD,EAAWlU,KAAK2uB,QAAQsiB,QAAQvsC,GAChC+sC,EAAWzxC,KAAKmR,WAAWzM,GAG7BwP,IAAau9B,GACf1Y,EAAGr0B,EAAK+sC,EAAUv9B,EAErB,CACF,CAEO,cAAAm9B,CAAeplC,EAAqBmlC,GAAO,GAEjD,IAAKnlC,EAAMvH,IAMT,YALA1E,KAAKwxC,mBACH,CAAC9sC,EAAagtC,EAA0Bx9B,KACtClU,KAAK+T,gBAAgBrP,EAAKwP,EAAS,IAMzC,MAAMxP,EAAMuH,EAAMvH,IAId0sC,EAGFpxC,KAAK2xC,iBAIL3xC,KAAKqU,cAGP,MAAMu9B,iBAAmB,KAGvB,MAAMC,EAAc7xC,KAAK2uB,QAAQsiB,QAAQvsC,IACpC0sC,GAAQpxC,KAAKmR,WAAWzM,KAASmtC,IAKtC7xC,KAAK+T,gBAAgBrP,EAAKmtC,EAAY,EAGlCA,EAAc7xC,KAAK2uB,QAAQsiB,QAAQvsC,GAEvCqsB,WACA8gB,IAAgB5lC,EAAMiI,UACtBjI,EAAMiI,WAAajI,EAAMwlC,SAMzBxiC,WAAW2iC,iBAzFqB,IA2FhCA,kBAEH,CAEO,eAAA79B,CAAgBrP,EAAaC,GACnC3E,KAAKmR,WAAWzM,GAAOC,EACvB,MAAMuM,EAAYlR,KAAKkR,UAAUxM,GACjC,GAAIwM,EACF,IAAK,MAAMiD,KAAY5T,MAAMoM,KAAKuE,GAChCiD,EAASxP,EAAQkP,KAAKmT,MAAMriB,GAASA,EAG1C,CAEO,YAAAyP,GACNpU,KAAKqU,cAELrU,KAAKoR,UAAYkD,aAAY,KAC3BtU,KAAKwxC,mBACH,CAAC9sC,EAAa+sC,EAAyBv9B,KACrClU,KAAKqxC,eACH,IAAIS,aAAa,UAAW,CAC1BptC,MACA+sC,WACAv9B,cAES,EACZ,GAEJ,GA3H6B,IA6HjC,CAEO,WAAAG,GACFrU,KAAKoR,YACPmD,cAAcvU,KAAKoR,WACnBpR,KAAKoR,UAAY,KAEpB,CAEO,cAAA2gC,GACNziC,OAAO9B,iBAAiB,UAAWxN,KAAKwL,kBACzC,CAEO,cAAAmmC,GACNriC,OAAOzB,oBAAoB,UAAW7N,KAAKwL,kBAC5C,CAED,YAAAgJ,CAAa9P,EAAayP,GACmB,IAAvCzQ,OAAOuB,KAAKjF,KAAKkR,WAAWpQ,SAK1Bd,KAAKsxC,kBACPtxC,KAAKoU,eAELpU,KAAK+xC,kBAGJ/xC,KAAKkR,UAAUxM,KAClB1E,KAAKkR,UAAUxM,GAAO,IAAI+I,IAE1BzN,KAAKmR,WAAWzM,GAAO1E,KAAK2uB,QAAQsiB,QAAQvsC,IAE9C1E,KAAKkR,UAAUxM,GAAKgJ,IAAIyG,EACzB,CAED,eAAAM,CAAgB/P,EAAayP,GACvBnU,KAAKkR,UAAUxM,KACjB1E,KAAKkR,UAAUxM,GAAKkJ,OAAOuG,GAEM,IAA7BnU,KAAKkR,UAAUxM,GAAK4H,aACftM,KAAKkR,UAAUxM,IAIiB,IAAvChB,OAAOuB,KAAKjF,KAAKkR,WAAWpQ,SAC9Bd,KAAK2xC,iBACL3xC,KAAKqU,cAER,CAID,UAAMjB,CAAK1O,EAAaC,SAChBlB,MAAM2P,KAAK1O,EAAKC,GACtB3E,KAAKmR,WAAWzM,GAAOmP,KAAKC,UAAUnP,EACvC,CAED,UAAM0O,CAAiC3O,GACrC,MAAMC,QAAclB,MAAM4P,KAAQ3O,GAElC,OADA1E,KAAKmR,WAAWzM,GAAOmP,KAAKC,UAAUnP,GAC/BA,CACR,CAED,aAAM6O,CAAQ9O,SACNjB,MAAM+P,QAAQ9O,UACb1E,KAAKmR,WAAWzM,EACxB,EAxLMwsC,wBAAIjoC,KAAY,QAiMZ,MAAA+oC,EAAuCd,wBC7MpD,MAAMe,kCACIpB,wBAKR,WAAA5tC,GACEQ,OAAM,IAAM6L,OAAO4iC,0BACpB,CAED,YAAA19B,CAAaoa,EAAcC,GAG1B,CAED,eAAApa,CAAgBma,EAAcC,GAG7B,EAdMojB,0BAAIhpC,KAAc,UAuBd,MAAAkpC,EAAyCF,0BCxBtC,SAAAG,qBACdt1B,EACAu1B,GAEA,OAAIA,EACK3mC,aAAa2mC,IAGtB70B,QAAQV,EAAK6X,uBAAwB7X,oBAE9BA,EAAK6X,uBACd,CCQA,MAAM2d,sBAAsB9S,eAC1B,WAAAv8B,CAAqB0C,GACnBlC,yBADmBzD,KAAM2F,OAANA,CAEpB,CAED,mBAAA+5B,CAAoB5iB,GAClB,OAAOikB,cAAcjkB,EAAM9c,KAAKuyC,mBACjC,CAED,cAAA3S,CACE9iB,EACAkM,GAEA,OAAO+X,cAAcjkB,EAAM9c,KAAKuyC,iBAAiBvpB,GAClD,CAED,4BAAA8W,CAA6BhjB,GAC3B,OAAOikB,cAAcjkB,EAAM9c,KAAKuyC,mBACjC,CAEO,gBAAAA,CAAiBvpB,GACvB,MAAMpZ,EAAgC,CACpC8xB,WAAY1hC,KAAK2F,OAAO+7B,WACxB8Q,UAAWxyC,KAAK2F,OAAO6sC,UACvB7Q,SAAU3hC,KAAK2F,OAAOg8B,SACtBlgB,SAAUzhB,KAAK2F,OAAO8b,SACtBwf,aAAcjhC,KAAK2F,OAAOs7B,aAC1BL,mBAAmB,EACnB6R,qBAAqB,GAOvB,OAJIzpB,IACFpZ,EAAQoZ,QAAUA,GAGbpZ,CACR,EAGG,SAAU8iC,QACd/sC,GAEA,OAAO2hC,sBACL3hC,EAAOmX,KACP,IAAIw1B,cAAc3sC,GAClBA,EAAO0hB,gBAEX,CAEM,SAAUsrB,QACdhtC,GAEA,MAAMmX,KAAEA,EAAI4I,KAAEA,GAAS/f,EAEvB,OADA6X,QAAQkI,EAAM5I,oBACPqqB,gBACLzhB,EACA,IAAI4sB,cAAc3sC,GAClBA,EAAO0hB,gBAEX,CAEOxa,eAAeo6B,MACpBthC,GAEA,MAAMmX,KAAEA,EAAI4I,KAAEA,GAAS/f,EAEvB,OADA6X,QAAQkI,EAAM5I,oBACP81B,QAAUltB,EAAM,IAAI4sB,cAAc3sC,GAASA,EAAO0hB,gBAC3D,CCpEsB,MAAAwrB,+BASpB,WAAA5vC,CACqB6Z,EACnB6M,EACmB+O,EACThT,EACS2B,GAAkB,GAJlBrnB,KAAI8c,KAAJA,EAEA9c,KAAQ04B,SAARA,EACT14B,KAAI0lB,KAAJA,EACS1lB,KAAeqnB,gBAAfA,EAXbrnB,KAAc8yC,eAA0B,KACxC9yC,KAAY+yC,aAAwB,KAY1C/yC,KAAK2pB,OAASppB,MAAMC,QAAQmpB,GAAUA,EAAS,CAACA,EACjD,CAID,OAAAgR,GACE,OAAO,IAAIxzB,SACT0F,MAAOzF,EAAS0H,KACd9O,KAAK8yC,eAAiB,CAAE1rC,UAAS0H,UAEjC,IACE9O,KAAK+yC,mBAAqB/yC,KAAK04B,SAASjD,YAAYz1B,KAAK8c,YACnD9c,KAAKgzC,cACXhzC,KAAK+yC,aAAaE,iBAAiBjzC,KACpC,CAAC,MAAOwH,GACPxH,KAAK8O,OAAOtH,EACb,IAGN,CAED,iBAAM0rC,CAAYjnC,GAChB,MAAMknC,YAAEA,EAAWX,UAAEA,EAAS7Q,SAAEA,EAAQlgB,SAAEA,EAAQha,MAAEA,EAAKwB,KAAEA,GAASgD,EACpE,GAAIxE,EAEF,YADAzH,KAAK8O,OAAOrH,GAId,MAAM9B,EAAwB,CAC5BmX,KAAM9c,KAAK8c,KACX4kB,WAAYyR,EACZX,UAAWA,EACX/wB,SAAUA,QAAY9a,EACtBg7B,SAAUA,QAAYh7B,EACtB+e,KAAM1lB,KAAK0lB,KACX2B,gBAAiBrnB,KAAKqnB,iBAGxB,IACErnB,KAAKoH,cAAcpH,KAAKozC,WAAWnqC,EAAhBjJ,CAAsB2F,GAC1C,CAAC,MAAO6B,GACPxH,KAAK8O,OAAOtH,EACb,CACF,CAED,OAAA6rC,CAAQ5rC,GACNzH,KAAK8O,OAAOrH,EACb,CAEO,UAAA2rC,CAAWnqC,GACjB,OAAQA,GACN,IAAqC,iBACrC,IAAA,oBACE,OAAOypC,QACT,IAAkC,eAClC,IAAA,kBACE,OAAOzL,MACT,IAAoC,iBACpC,IAAA,oBACE,OAAO0L,QACT,QACEn2B,MAAMxc,KAAK8c,uBAEhB,CAES,OAAA1V,CAAQ+5B,GAChBvjB,YAAY5d,KAAK8yC,eAAgB,iCACjC9yC,KAAK8yC,eAAe1rC,QAAQ+5B,GAC5BnhC,KAAKszC,sBACN,CAES,MAAAxkC,CAAOrH,GACfmW,YAAY5d,KAAK8yC,eAAgB,iCACjC9yC,KAAK8yC,eAAehkC,OAAOrH,GAC3BzH,KAAKszC,sBACN,CAEO,oBAAAA,GACFtzC,KAAK+yC,cACP/yC,KAAK+yC,aAAaQ,mBAAmBvzC,MAGvCA,KAAK8yC,eAAiB,KACtB9yC,KAAKwzC,SACN,ECtHH,MAIMC,EAGF,IAAInlB,IAEF,MAAOolB,uBAAuBb,+BAGlC,WAAA5vC,CACE6Z,EACA4b,EACArR,GAAkB,GAElB5jB,MACEqZ,EACA,sEAMA4b,OACA/xB,EACA0gB,GAjBJrnB,KAAOmM,QAAG,IAmBT,CAMD,aAAMwuB,GACJ,IAAIgZ,EAAeF,EAAmBlgC,IAAIvT,KAAK8c,KAAK8R,QACpD,IAAK+kB,EAAc,CACjB,IACE,MAIM7jC,QA2CPjD,eAAe+mC,kCACpBlb,EACA5b,GAEA,MAAMpY,EAAMmvC,mBAAmB/2B,GACzBmS,EAAc6kB,oBAAoBpb,GACxC,UAAYzJ,EAAYhc,eACtB,OAAO,EAET,MAAM8gC,EAAuD,eAA3B9kB,EAAY5b,KAAK3O,GAEnD,aADMuqB,EAAYzb,QAAQ9O,GACnBqvC,CACT,CA3DyCH,CAC/B5zC,KAAK04B,SACL14B,KAAK8c,YAEmCrZ,MAAMk3B,UAAY,KAC5DgZ,EAAe,IAAMxsC,QAAQC,QAAQ0I,EACtC,CAAC,MAAOtI,GACPmsC,EAAe,IAAMxsC,QAAQ2H,OAAOtH,EACrC,CAEDisC,EAAmBhlB,IAAIzuB,KAAK8c,KAAK8R,OAAQ+kB,EAC1C,CAQD,OAJK3zC,KAAKqnB,iBACRosB,EAAmBhlB,IAAIzuB,KAAK8c,KAAK8R,QAAQ,IAAMznB,QAAQC,QAAQ,QAG1DusC,GACR,CAED,iBAAMT,CAAYjnC,GAChB,GAAc,sBAAVA,EAAMhD,KACR,OAAOxF,MAAMyvC,YAAYjnC,GACpB,GAAc,YAAVA,EAAMhD,MAMjB,GAAIgD,EAAME,QAAS,CACjB,MAAMuZ,QAAa1lB,KAAK8c,KAAK8b,mBAAmB3sB,EAAME,SACtD,GAAIuZ,EAEF,OADA1lB,KAAK0lB,KAAOA,EACLjiB,MAAMyvC,YAAYjnC,GAEzBjM,KAAKoH,QAAQ,KAEhB,OAZCpH,KAAKoH,QAAQ,KAahB,CAED,iBAAM4rC,GAA+B,CAErC,OAAAQ,GAAkB,EAiBb3mC,eAAemnC,0BACpBtb,EACA5b,GAEA,OAAOg3B,oBAAoBpb,GAAUtlB,KAAKygC,mBAAmB/2B,GAAO,OACtE,CAMgB,SAAA2Z,wBACd3Z,EACAhN,GAEA2jC,EAAmBhlB,IAAI3R,EAAK8R,OAAQ9e,EACtC,CAEA,SAASgkC,oBACPpb,GAEA,OAAOhtB,aAAagtB,EAASC,qBAC/B,CAEA,SAASkb,mBAAmB/2B,GAC1B,OAAOiS,oBA7HoB,kBA+HzBjS,EAAK6B,OAAOoD,OACZjF,EAAK5Z,KAET,CC6IO2J,eAAeonC,kBACpBn3B,EACA4b,GAGA,aADMuB,UAAUnd,GAAM4X,uBACfwf,mBAAmBp3B,EAAM4b,GAAU,EAC5C,CAEO7rB,eAAeqnC,mBACpBp3B,EACAq3B,EACA9sB,GAAkB,GAElB,GAAIiG,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMugB,EAAepD,UAAUnd,GACzB4b,EAAW0Z,qBAAqB/U,EAAc8W,GAC9Cjb,EAAS,IAAIwa,eAAerW,EAAc3E,EAAUrR,GACpDvX,QAAeopB,EAAOyB,UAQ5B,OANI7qB,IAAWuX,WACNvX,EAAO4V,KAAK+H,uBACb4P,EAAazS,sBAAsB9a,EAAO4V,YAC1C2X,EAAaxG,iBAAiB,KAAMsd,IAGrCrkC,CACT,CAEAjD,eAAeunC,uBAAuB1uB,GACpC,MAAMvZ,EAAU2B,iBAAiB,GAAG4X,EAAK2E,UAIzC,OAHA3E,EAAK+H,iBAAmBthB,QAClBuZ,EAAK5I,KAAK+Z,iBAAiBnR,SAC3BA,EAAK5I,KAAK8N,sBAAsBlF,GAC/BvZ,CACT,CCjTA,MAAMkoC,EAAc,kBAOdC,EAAuB,wBAOvBC,EAAiCxuC,mBAAmB,OAgBnD8G,eAAe2nC,gBACpB13B,EACA8H,EACA6vB,EACAC,EACAvoC,EACAwoC,GAEAn3B,QAAQV,EAAK6B,OAAOyX,WAAYtZ,EAAI,+BACpCU,QAAQV,EAAK6B,OAAOoD,OAAQjF,EAAI,mBAEhC,MAAMnX,EAAuB,CAC3Boc,OAAQjF,EAAK6B,OAAOoD,OACpB9E,QAASH,EAAK5Z,KACduxC,WACAC,cACAE,EAAGr4B,EACHpQ,WAGF,GAAIyY,aAAoBgf,sBAAuB,CAC7Chf,EAASmf,mBAAmBjnB,EAAKmF,cACjCtc,EAAOokB,WAAanF,EAASmF,YAAc,GvGrDzC,SAAU8qB,QAAQ5uC,GACtB,IAAK,MAAMvB,KAAOuB,EAChB,GAAIvC,OAAOE,UAAUkxC,eAAeC,KAAK9uC,EAAKvB,GAC5C,OAAO,EAGX,OAAO,CACT,CuG+CSmwC,CAAQjwB,EAASsf,yBACpBv+B,EAAOm+B,iBAAmBjwB,KAAKC,UAAU8Q,EAASsf,wBAIpD,IAAK,MAAOx/B,EAAKC,KAAUjB,OAAOkC,QAAQ+uC,GAAoB,CAAA,GAC5DhvC,EAAOjB,GAAOC,CAEjB,CAED,GAAIigB,aAAoBuf,kBAAmB,CACzC,MAAMC,EAASxf,EAAS2f,YAAY5a,QAAO2a,GAAmB,KAAVA,IAChDF,EAAOtjC,OAAS,IAClB6E,EAAOy+B,OAASA,EAAO3iC,KAAK,KAE/B,CAEGqb,EAAK2E,WACP9b,EAAOqvC,IAAMl4B,EAAK2E,UAMpB,MAAMwzB,EAAatvC,EACnB,IAAK,MAAMjB,KAAOhB,OAAOuB,KAAKgwC,QACJtuC,IAApBsuC,EAAWvwC,WACNuwC,EAAWvwC,GAKtB,MAAMm1B,QAAsB/c,EAAKgd,oBAC3Bob,EAAwBrb,EAC1B,IAAI0a,KAAkCxuC,mBAAmB8zB,KACzD,GAGJ,MAAO,GAKT,SAASsb,gBAAex2B,OAAEA,IACxB,IAAKA,EAAOE,SACV,MAAO,WAAWF,EAAOyX,cAAcie,IAGzC,OAAO31B,aAAaC,EAAQ21B,EAC9B,CAXYa,CAAer4B,MAASrX,YAAYwvC,GAAY33B,MACxD,KACE43B,GACN,CC5EgB,SAAAE,iBACd,OAAO9lC,MACT,CCTOzC,eAAewoC,oBACpBv4B,EACA7Q,EACA2Y,SAGA,MAAM0wB,UAAEA,GAAcF,iBACtBx3B,YAAY3R,EAAMumC,UAAW,0CAC7B,MAAM+C,QAiOR1oC,eAAe2oC,cAAchD,GAC3B,MAAMrwC,EAWR,SAASszC,oBAAoB7zC,GAO3B,GAJAgc,YACE,eAAeyD,KAAKzf,GACpB,0CAEyB,oBAAhB8zC,YACT,OAAO,IAAIA,aAAcC,OAAO/zC,GAGlC,MAAMg0C,EAAO,IAAIC,YAAYj0C,EAAId,QAC3Bg1C,EAAO,IAAIC,WAAWH,GAC5B,IAAK,IAAI/0C,EAAI,EAAGA,EAAIe,EAAId,OAAQD,IAC9Bi1C,EAAKj1C,GAAKe,EAAII,WAAWnB,GAE3B,OAAOi1C,CACT,CA5BgBL,CAAoBjD,GAM5BwD,QAAYC,OAAOC,OAAOC,OAAO,UAAWh0C,GAElD,OADY5B,MAAMoM,KAAK,IAAIopC,WAAWC,IAC3BppC,KAAIwpC,GAAOA,EAAInvB,SAAS,IAAIovB,SAAS,EAAG,OAAM50C,KAAK,GAChE,CA3O8B+zC,CAAcvpC,EAAMumC,WAE1CmC,EAA2C,CAAA,EAkBjD,OAjBI7jB,SAEF6jB,EAAsB,IAAIW,EAAUrM,YAC3BvY,aAETikB,EAAsB,IAAIW,EAAUrM,YAEpCzsB,MAAMM,EAAI,+CAIRw4B,EAAU/qB,cACZoqB,EAAiC,eAAIW,EAAU/qB,aAIjDoqB,EAA4B,UAAIY,EACzBf,gBACL13B,EACA8H,EACA3Y,EAAMhD,UACNtC,UACAgM,EAAA1G,EAAME,4BAAWxF,EACjBguC,EAEJ,CAKO9nC,eAAeypC,gBAAgBx5B,GACpC,MAAMw4B,UAAEA,GAAcF,iBAChBxlC,EAAmC,CAAA,EACrCkhB,SACFlhB,EAAQ2mC,YAAcjB,EAAUrM,YACvBvY,aACT9gB,EAAQ05B,mBAAqBgM,EAAUrM,YAEvCzsB,MAAMM,EAAI,qDChEPjQ,eAAe2pC,kBACpB15B,EACAlN,EAAmC,IAEnC,OAAO8R,mBACL5E,EAGA,MAAA,eAAAlN,EAEJ,CD0DQ4mC,CAAkB15B,EAAMlN,EAChC,CAEM,SAAU6mC,iBACdC,GAGA,MAAMC,QAAEA,GAAYvB,iBAEpB,OAAO,IAAIjuC,SAAQC,IACjBuvC,EAAQC,QAAQC,WAAWC,aAAYC,IACrC,IAAIC,EAAiC,KACjCD,EACFJ,EAAQC,QAAQC,WAAWI,QAAQP,GAGnCM,EAASL,EAAQO,aAAa5mC,KAC5BomC,ElEiBM,SAAAS,WAAWhnB,EAAKhtB,SAC9B,MACE,+BAA+Bke,KAAK8O,IACpC,+BAA+B9O,KAAK8O,EAExC,CkErBUgnB,GAAe,SAAW,UAC1B,gBAGJ/vC,EAAQ4vC,EAAO,GACf,GAEN,CE3Fa,MAAAI,iBAOX,WAAAn0C,CAA6B6Z,GAAA9c,KAAI8c,KAAJA,EANZ9c,KAAAq3C,gBAA+B,IAAI5pC,IACnCzN,KAAAs3C,UAAoC,IAAI7pC,IAC/CzN,KAAmBu3C,oBAAqB,KACxCv3C,KAA2Bw3C,6BAAG,EAChCx3C,KAAAy3C,uBAAyBvsC,KAAKD,KAEa,CAEnD,gBAAAgoC,CAAiByE,GACf13C,KAAKs3C,UAAU5pC,IAAIgqC,GAGjB13C,KAAKu3C,qBACLv3C,KAAK23C,mBAAmB33C,KAAKu3C,oBAAqBG,KAElD13C,KAAK43C,eAAe53C,KAAKu3C,oBAAqBG,GAC9C13C,KAAK63C,iBAAiB73C,KAAKu3C,qBAC3Bv3C,KAAKu3C,oBAAsB,KAE9B,CAED,kBAAAhE,CAAmBmE,GACjB13C,KAAKs3C,UAAU1pC,OAAO8pC,EACvB,CAED,OAAAI,CAAQ7rC,GAEN,GAAIjM,KAAK+3C,oBAAoB9rC,GAC3B,OAAO,EAGT,IAAI+rC,GAAU,EASd,OARAh4C,KAAKs3C,UAAUzxC,SAAQoyC,IACjBj4C,KAAK23C,mBAAmB1rC,EAAOgsC,KACjCD,GAAU,EACVh4C,KAAK43C,eAAe3rC,EAAOgsC,GAC3Bj4C,KAAK63C,iBAAiB5rC,GACvB,IAGCjM,KAAKw3C,8BAkEb,SAASU,gBAAgBjsC,GACvB,OAAQA,EAAMhD,MACZ,IAAwC,oBACxC,IAAqC,kBACrC,IAAA,oBACE,OAAO,EACT,IAAA,UACE,OAAOkvC,oBAAoBlsC,GAC7B,QACE,OAAO,EAEb,CA7E6CisC,CAAgBjsC,KAMzDjM,KAAKw3C,6BAA8B,EAG9BQ,IACHh4C,KAAKu3C,oBAAsBtrC,EAC3B+rC,GAAU,IARHA,CAYV,CAEO,cAAAJ,CAAe3rC,EAAkBgsC,SACvC,GAAIhsC,EAAMxE,QAAU0wC,oBAAoBlsC,GAAQ,CAC9C,MAAM3I,WACHqP,EAAA1G,EAAMxE,MAAMnE,2BAAM4C,MAAM,SAAS,KACL,iBAC/B+xC,EAAS5E,QAAQz2B,aAAa5c,KAAK8c,KAAMxZ,GAC1C,MACC20C,EAAS/E,YAAYjnC,EAExB,CAEO,kBAAA0rC,CACN1rC,EACAgsC,GAEA,MAAMG,EACiB,OAArBH,EAAS9rC,WACNF,EAAME,SAAWF,EAAME,UAAY8rC,EAAS9rC,QACjD,OAAO8rC,EAAStuB,OAAOvkB,SAAS6G,EAAMhD,OAASmvC,CAChD,CAEO,mBAAAL,CAAoB9rC,GAQ1B,OANEf,KAAKD,MAAQjL,KAAKy3C,wBAnFoB,KAsFtCz3C,KAAKq3C,gBAAgBgB,QAGhBr4C,KAAKq3C,gBAAgBpjC,IAAIqkC,SAASrsC,GAC1C,CAEO,gBAAA4rC,CAAiB5rC,GACvBjM,KAAKq3C,gBAAgB3pC,IAAI4qC,SAASrsC,IAClCjM,KAAKy3C,uBAAyBvsC,KAAKD,KACpC,EAGH,SAASqtC,SAAS9wC,GAChB,MAAO,CAACA,EAAEyB,KAAMzB,EAAE2E,QAAS3E,EAAEgrC,UAAWhrC,EAAEia,UAAUkI,QAAOirB,GAAKA,IAAGnzC,KAAK,IAC1E,CAEA,SAAS02C,qBAAoBlvC,KAAEA,EAAIxB,MAAEA,IACnC,MACgC,YAA9BwB,GACgB,wBAAhBxB,aAAK,EAALA,EAAOnE,KAEX,CCtGM,MAAOi1C,gCAAgCnB,iBAA7C,WAAAn0C,uBACmBjD,KAAAw4C,iBAAmB,IAAI/qC,IAEhCzN,KAAAy4C,YAAc,IAAItxC,SAAcC,IACtCpH,KAAK04C,mBAAqBtxC,CAAO,GA4BpC,CAzBC,kBAAAuxC,CAAmB5f,GACjB/4B,KAAKw4C,iBAAiB9qC,IAAIqrB,EAC3B,CAED,qBAAA6f,CAAsB7f,GACpB/4B,KAAKw4C,iBAAiB5qC,OAAOmrB,EAC9B,CAID,aAAA8f,GACE74C,KAAKu3C,oBAAsB,KAC3Bv3C,KAAKw3C,6BAA8B,CACpC,CAGD,OAAAM,CAAQ7rC,GAGN,OAFAjM,KAAK04C,qBACL14C,KAAKw4C,iBAAiB3yC,SAAQkzB,GAAMA,EAAG9sB,KAChCxI,MAAMq0C,QAAQ7rC,EACtB,CAED,iBAAM6sC,SACE94C,KAAKy4C,WACZ,EA6BI5rC,eAAeksC,mBACpBj8B,GAEA,MAAM7Q,QAAe0iB,UAAUtb,KAC7B2lC,eAAel8B,IAKjB,OAHI7Q,SACI0iB,UAAUnb,QAAQwlC,eAAel8B,IAElC7Q,CACT,CAEgB,SAAAgtC,wBACdC,EACA5yC,WAGA,MAAM6yC,EAsEF,SAAUC,yBAAyB9yC,GACvC,MAAMX,EAAS0zC,oBAAoB/yC,GAC7By8B,EAAOp9B,EAAa,KAAIS,mBAAmBT,EAAa,WAAKgB,EAE7Ds8B,EAAiBoW,oBAAoBtW,GAAY,KAEjDG,EAAcv9B,EAAqB,aACrCS,mBAAmBT,EAAqB,mBACxCgB,EAEJ,OAD0B0yC,oBAAoBnW,GAAmB,MACrCA,GAAeD,GAAkBF,GAAQz8B,CACvE,CAjFsB8yC,CAAyB9yC,GAM7C,GAAI6yC,EAAY/zC,SAAS,qBAAsB,CAI7C,MAAMO,EAAS0zC,oBAAoBF,GAE7BG,EAAc3zC,EAAsB,cAiD9C,SAAS4zC,gBAAgBz2B,GACvB,IACE,OAAOjP,KAAKmT,MAAMlE,EACnB,CAAC,MAAOtb,GACP,OAAO,IACR,CACH,CAtDQ+xC,CAAgBnzC,mBAAmBT,EAAsB,gBACzD,KACErC,EAA+C,QAAxCuP,EAAqB,QAArBF,EAAA2mC,aAAW,EAAXA,EAAoB,YAAC,IAAA3mC,OAAA,EAAAA,EAAEzM,MAAM,gBAAW,IAAA2M,OAAA,EAAAA,EAAA,GAC/CpL,EAAQnE,EAAOsZ,aAAatZ,GAAQ,KAC1C,OAAImE,EACK,CACLwB,KAAMiwC,EAAajwC,KACnBkD,QAAS+sC,EAAa/sC,QACtBsV,SAAUy3B,EAAaz3B,SACvBha,QACA0rC,YAAa,KACbX,UAAW,KACX7Q,SAAU,MAGL,CACL14B,KAAMiwC,EAAajwC,KACnBkD,QAAS+sC,EAAa/sC,QACtBsV,SAAUy3B,EAAaz3B,SACvB+wB,UAAW0G,EAAa1G,UACxBW,YAAagG,EACbxX,SAAU,KAGf,CAED,OAAO,IACT,CAEA,SAAS6X,oBACP,MAAMC,EAAQ,GACRC,EACJ,iEACF,IAAK,IAAI74C,EAAI,EAAGA,EA9HQ,GA8HeA,IAAK,CAC1C,MAAM84C,EAAMzrC,KAAKC,MAAsBurC,GAAhBxrC,KAAKD,UAC5BwrC,EAAMj4C,KAAKk4C,EAAa52C,OAAO62C,GAChC,CACD,OAAOF,EAAMh4C,KAAK,GACpB,CAEA,SAASktB,UACP,OAAOjjB,aAAasmC,EACtB,CAEA,SAASgH,eAAel8B,GACtB,OAAOiS,oBAAmB,YAAqBjS,EAAK6B,OAAOoD,OAAQjF,EAAK5Z,KAC1E,CA4BA,SAASm2C,oBAAoB/yC,GAC3B,KAAKA,aAAA,EAAAA,EAAKlB,SAAS,MACjB,MAAO,GAGT,MAAOX,KAAMiY,GAAQpW,EAAIJ,MAAM,KAC/B,OAAOF,kBAAkB0W,EAAKjb,KAAK,KACrC,CCda,MAAAm4C,EAvIb,MAAMC,6BAAN,WAAA52C,GACWjD,KAAoB24B,qBAAGwZ,EACvBnyC,KAAAw1B,wBAAyB,EACjBx1B,KAAA85C,cAAgB,IAAIxrB,IACpBtuB,KAAwB+5C,yBAAkC,GAE3E/5C,KAAmB42B,oBAAGsd,mBACtBl0C,KAAuBy2B,wBAAGA,uBAwH3B,CAtHC,iBAAMhB,CAAY3Y,GAChB,MAAMpY,EAAMoY,EAAK8R,OACjB,IAAIvC,EAAUrsB,KAAK85C,cAAcvmC,IAAI7O,GAMrC,OALK2nB,IACHA,EAAU,IAAIksB,wBAAwBz7B,GACtC9c,KAAK85C,cAAcrrB,IAAI/pB,EAAK2nB,GAC5BrsB,KAAKg6C,wBAAwBl9B,EAAMuP,IAE9BA,CACR,CAED,UAAA4tB,CAAWn9B,GACTN,MAAMM,EAAI,8CACX,CAED,mBAAMo9B,CACJp9B,EACA8H,EACA6vB,EACAtoC,IJqIE,SAAUguC,2BAA2Br9B,2BACzC,MAAMs9B,EAAMhF,iBAMZ53B,QAC4C,mBAAhB,QAAnB7K,EAAAynC,aAAA,EAAAA,EAAKC,sBAAc,IAAA1nC,OAAA,EAAAA,EAAE5K,WAC5B+U,EAEA,gCAAA,CACEw9B,cAAe,uCAKnB98B,aACyC,KAAlB,QAAd3K,EAAAunC,aAAA,EAAAA,EAAK9E,iBAAS,IAAAziC,OAAA,EAAAA,EAAEo2B,aACvBnsB,EAEA,gCAAA,CACEw9B,cAAe,6BAKnB98B,QACwD,mBAAZ,QAAnCqQ,EAAuB,QAAvBD,EAAc,QAAdD,EAAAysB,aAAG,EAAHA,EAAKzD,eAAS,IAAAhpB,OAAA,EAAAA,EAAAipB,eAAS,IAAAhpB,OAAA,EAAAA,EAAAipB,kBAAY,IAAAhpB,OAAA,EAAAA,EAAAopB,SAC1Cn6B,EAEA,gCAAA,CACEw9B,cAAe,8BAGnB98B,QAC4D,mBAAhB,QAAnCwQ,EAAuB,QAAvBD,EAAc,QAAdD,EAAAssB,aAAG,EAAHA,EAAKzD,eAAS,IAAA7oB,OAAA,EAAAA,EAAA8oB,eAAS,IAAA7oB,OAAA,EAAAA,EAAA8oB,kBAAY,IAAA7oB,OAAA,EAAAA,EAAA8oB,aAC1Ch6B,EAEA,gCAAA,CACEw9B,cAAe,8BAKnB98B,QAC8C,mBAAT,QAA5B+8B,EAAY,QAAZC,EAAAJ,aAAA,EAAAA,EAAKzD,eAAO,IAAA6D,OAAA,EAAAA,EAAEtD,oBAAc,IAAAqD,OAAA,EAAAA,EAAAjqC,MACnCwM,EAEA,gCAAA,CACEw9B,cAAe,+BAGrB,CIxLIH,CAA2Br9B,GAC3B,MAAMuP,QAAgBrsB,KAAKy1B,YAAY3Y,SACjCuP,EAAQysB,cAKdzsB,EAAQwsB,gBR2CI,SAAA4B,yBACdhH,EAAmB4E,OACrB,CQ5CIoC,SAEMz6C,KAAK06C,kBAAkB59B,GAE7B,MAAM7Q,ED3BJ,SAAU0uC,kBACd79B,EACA7T,EACAkD,EAAyB,MAEzB,MAAO,CACLlD,OACAkD,UACAgnC,YAAa,KACbX,UAAWgH,oBACX7X,SAAU,KACVlgB,SAAU3E,EAAK2E,SACfha,MAAOmV,aAAaE,EAAkC,iBAE1D,CCakB69B,CAAkB79B,EAAM23B,EAAUtoC,SDXpC,SAAAyuC,kBACd99B,EACA7Q,GAEA,OAAO0iB,UAAUvb,KAAK4lC,eAAel8B,GAAO7Q,EAC9C,CCOU2uC,CAAkB99B,EAAM7Q,GAC9B,MAAM3F,QAAY+uC,oBAAoBv4B,EAAM7Q,EAAO2Y,GAEnD,OJkCG/X,eAAeguC,kBACpB/9B,EACAg+B,EACA9D,GAGA,MAAML,QAAEA,GAAYvB,iBAEpB,IAAI2F,QAAU,OACd,UACQ,IAAI5zC,SAAc,CAACC,EAAS0H,KAChC,IAAIksC,EAA8B,KAGlC,SAASC,sBAGP7zC,IACA,MAAM8zC,EAA8C,QAA5BvoC,EAAAgkC,EAAQC,QAAQC,kBAAY,IAAAlkC,OAAA,EAAAA,EAAA9K,MACrB,mBAApBqzC,GACTA,IAI2B,mBAAlBlE,aAAM,EAANA,EAAQnvC,QACjBmvC,EAAOnvC,OAEV,CAED,SAASszC,UACHH,IAKJA,EAAe1rC,OAAOL,YAAW,KAE/BH,EAAO8N,aAAaE,EAAI,8BAA4C,GAtIlD,KAwIrB,CAED,SAASs+B,oBAC2B,aAAtB,OAARnqB,eAAQ,IAARA,cAAQ,EAARA,SAAUoqB,kBACZF,SAEH,CAIDL,EAAcnC,mBAAmBsC,eAGjChqB,SAASzjB,iBAAiB,SAAU2tC,SAAS,GACzCzqB,cACFO,SAASzjB,iBAAiB,mBAAoB4tC,mBAAmB,GAInEL,QAAU,KACRD,EAAclC,sBAAsBqC,eACpChqB,SAASpjB,oBAAoB,SAAUstC,SAAS,GAChDlqB,SAASpjB,oBACP,mBACAutC,mBACA,GAEEJ,GACF1rC,OAAOJ,aAAa8rC,EACrB,CACF,GAEJ,CAAS,QACRD,SACD,CACH,CI5GWF,CAAkB/9B,EAAMuP,QADVoqB,iBAAiBnwC,GAEvC,CAED,4BAAAg1C,CACE3b,EACA4b,GAEA,MAAM,IAAI96C,MAAM,0BACjB,CAED,iBAAAi6C,CAAkB59B,GAChB,MAAMpY,EAAMoY,EAAK8R,OAKjB,OAJK5uB,KAAK+5C,yBAAyBr1C,KACjC1E,KAAK+5C,yBAAyBr1C,GAAO4xC,gBAAgBx5B,IAGhD9c,KAAK+5C,yBAAyBr1C,EACtC,CAEO,uBAAAs1C,CACNl9B,EACAuP,GAGA,MAAMguB,eAAEA,EAAcmB,cAAEA,EAAalG,UAAEA,GAAcF,iBAE/CqG,EAAiBxsC,YAAWpC,gBAG1BksC,mBAAmBj8B,GACzBuP,EAAQyrB,QAAQ4D,kBAAkB,GA9EP,KAiFvBC,iBAAmB9uC,MACvB+uC,IAGA1sC,aAAausC,GAEb,MAAMvC,QAAqBH,mBAAmBj8B,GAC9C,IAAI++B,EAA+B,KAC/B3C,IAAgB0C,aAAS,EAATA,EAAiB,OACnCC,EAAa5C,wBAAwBC,EAAc0C,EAAe,MAIpEvvB,EAAQyrB,QAAQ+D,GAAcH,kBAAkB,OAKtB,IAAnBrB,GAC6B,mBAA7BA,EAAetyC,WAEtBsyC,EAAetyC,UAAU,KAAM4zC,kBAQjC,MAAMG,EAAwBN,EACxBO,EAAgB,GAAGzG,EAAUrM,YAAY5lB,mBAC/C+xB,iBAAiBoG,cAAgB3uC,MAAMvG,IAOrC,GANIA,EAAI+c,cAAcvE,WAAWi9B,IAG/BJ,iBAAiB,CAAEr1C,QAGgB,mBAA1Bw1C,EACT,IACEA,EAAsBx1C,EACvB,CAAC,MAAOkB,GAEPmB,QAAQlB,MAAMD,EACf,CACF,CAEJ,GAYH,SAASk0C,kBACP,MAAO,CACLzyC,KAA2B,UAC3BkD,QAAS,KACTqmC,UAAW,KACXW,YAAa,KACbxR,SAAU,KACVlgB,SAAU,KACVha,MAAOmV,aAAyC,iBAEpD,CC/KgB,SAAAo/B,mBACdl/B,EACA8H,EACA8T,GAEA,OR6DK7rB,eAAeovC,oBACpBn/B,EACA8H,EACA8T,GAEA,GAAIpL,EAAqBxQ,EAAKyQ,KAC5B,OAAOpmB,QAAQ2H,OACboO,gDAAgDJ,IAGpD,MAAMugB,EAAepD,UAAUnd,GAC/BK,kBAAkBL,EAAM8H,EAAUgf,6BAI5BvG,EAAa3I,uBACnB,MAAMwnB,EAAmB9J,qBAAqB/U,EAAc3E,GAG5D,aAFMsb,0BAA0BkI,EAAkB7e,GAE3C6e,EAAiBhC,cACtB7c,EACAzY,sBAGJ,CQrFSq3B,CAAoBn/B,EAAM8H,EAAU8T,EAC7C,CAEgB,SAAAyjB,2BACdz2B,EACAd,EACA8T,GAEA,OR6HK7rB,eAAeuvC,4BACpB12B,EACAd,EACA8T,GAEA,MAAM7S,EAAehd,mBAAmB6c,GAExC,GADAvI,kBAAkB0I,EAAa/I,KAAM8H,EAAUgf,uBAC3CtW,EAAqBzH,EAAa/I,KAAKyQ,KACzC,OAAOpmB,QAAQ2H,OACboO,gDAAgD2I,EAAa/I,aAM3D+I,EAAa/I,KAAK4X,uBAExB,MAAMwnB,EAAmB9J,qBAAqBvsB,EAAa/I,KAAM4b,SAC3Dsb,0BAA0BkI,EAAkBr2B,EAAa/I,MAE/D,MAAM3Q,QAAgBioC,uBAAuBvuB,GAC7C,OAAOq2B,EAAiBhC,cACtBr0B,EAAa/I,KACb8H,EAAQ,oBAERzY,EAEJ,CQxJSiwC,CAA4B12B,EAAMd,EAAU8T,EACrD,CAEgB,SAAA2jB,iBACd32B,EACAd,EACA8T,GAEA,ORwLK7rB,eAAeyvC,kBACpB52B,EACAd,EACA8T,GAEA,MAAM7S,EAAehd,mBAAmB6c,GACxCvI,kBAAkB0I,EAAa/I,KAAM8H,EAAUgf,6BAIzC/d,EAAa/I,KAAK4X,uBAExB,MAAMwnB,EAAmB9J,qBAAqBvsB,EAAa/I,KAAM4b,SAC3DkO,qBAAoB,EAAO/gB,EAAcjB,EAASmF,kBAClDiqB,0BAA0BkI,EAAkBr2B,EAAa/I,MAE/D,MAAM3Q,QAAgBioC,uBAAuBvuB,GAC7C,OAAOq2B,EAAiBhC,cACtBr0B,EAAa/I,KACb8H,EAAQ,kBAERzY,EAEJ,CQ/MSmwC,CAAkB52B,EAAMd,EAAU8T,EAC3C,CCFgB,SAAA6jB,QAAQhvB,EAAmBivB,KACzC,MAAM53B,EAAWqY,aAAa1P,EAAK,QAEnC,OAAI3I,EAASsY,gBACJtY,EAAS8U,eAGXqD,eAAexP,EAAK,CACzB0B,YAAava,EACb4gB,sBAAuBskB,GAE3B,ECDM,SAAU6C,aAAarrB,GAC3BsrB,EACE,IAAI3zC,UAAS,QAEX,CAAC4zC,GAAapjB,QAASyD,MACrB,MAAMzP,EAAMovB,EAAUC,YAAY,OAAOljB,eACnC7F,EACJ8oB,EAAUC,YAAyB,aAC/B9oB,EACJ6oB,EAAUC,YAAkC,uBACxC76B,OAAEA,EAAMqU,WAAEA,GAAe7I,EAAIgM,QAEnC/b,QACEuE,IAAWA,EAAO3c,SAAS,KAE3B,kBAAA,CAAE6X,QAASsQ,EAAIrqB,OAGjB,MAAMyb,EAAyB,CAC7BoD,SACAqU,aACAhF,iBACA7O,QAA+B,iCAC/ByJ,aAA0C,6BAC1CrI,UAAmC,QACnCyR,iBAAkBjE,kBAAkBC,IAGhCqL,EAAe,IAAI7I,SACvBrG,EACAsG,EACAC,EACAnV,GAIF,OhEzBQ,SAAAk+B,wBACd//B,EACAkgB,GAEA,MAAM/N,GAAc+N,aAAA,EAAAA,EAAM/N,cAAe,GACnC6tB,GACJv8C,MAAMC,QAAQyuB,GAAeA,EAAc,CAACA,IAC5CriB,IAAyBlB,eACvBsxB,aAAI,EAAJA,EAAMjgB,WACRD,EAAKgb,gBAAgBkF,EAAKjgB,UAM5BD,EAAKuY,2BAA2BynB,EAAW9f,aAAA,EAAAA,EAAM1H,sBACnD,CgEOQunB,CAAwBpgB,EAAcO,GAE/BP,CAAY,GAGtB,UAKEnzB,qBAAgD,YAKhDK,4BACC,CAACgzC,EAAWI,EAAqBC,KACFL,EAAUC,6BAGlB59B,YAAY,KAKzC09B,EACE,IAAI3zC,UAEF,iBAAA4zC,GAIS,CAAC7/B,GAAQ,IAAIiyB,YAAYjyB,GAAzB,CAHMmd,UACX0iB,EAAUC,YAAW,QAAsBljB,kBAKhD,WAACpwB,qBAAoB,aAGxB2zC,EAAgB/5C,EAAMs4B,EA5FxB,SAAS0hB,sBACP9rB,GAEA,OAAQA,GACN,IAAA,OACE,MAAO,OACT,IAAA,cACE,MAAO,KACT,IAAA,SACE,MAAO,YACT,IAAA,UACE,MAAO,UACT,IAAA,eACE,MAAO,gBACT,QACE,OAEN,CA2EiC8rB,CAAsB9rB,IAErD6rB,EAAgB/5C,EAAMs4B,EAAS,UACjC,CDxEAihB,CAAoC","preExistingComment":"firebase-auth-cordova.js.map"}