1 line
735 KiB
Plaintext
1 line
735 KiB
Plaintext
{"version":3,"file":"firebase-auth.js","sources":["../util/src/crypt.ts","../util/src/defaults.ts","../util/src/global.ts","../util/src/environment.ts","../util/src/errors.ts","../util/src/obj.ts","../util/src/query.ts","../util/src/subscribe.ts","../util/src/compat.ts","../logger/src/logger.ts","../../node_modules/tslib/tslib.es6.js","../component/src/component.ts","../auth/src/model/enum_maps.ts","../auth/src/core/errors.ts","../auth/src/core/util/log.ts","../auth/src/core/util/assert.ts","../auth/src/core/util/location.ts","../auth/src/core/util/navigator.ts","../auth/src/core/util/delay.ts","../auth/src/core/util/emulator.ts","../auth/src/core/util/fetch_provider.ts","../auth/src/api/errors.ts","../auth/src/api/index.ts","../auth/src/platform_browser/recaptcha/recaptcha.ts","../auth/src/api/authentication/recaptcha.ts","../auth/src/core/util/time.ts","../auth/src/core/user/id_token_result.ts","../auth/src/core/user/invalidation.ts","../auth/src/core/user/proactive_refresh.ts","../auth/src/core/user/user_metadata.ts","../auth/src/core/user/reload.ts","../auth/src/api/account_management/account.ts","../auth/src/core/user/token_manager.ts","../auth/src/api/authentication/token.ts","../auth/src/core/user/user_impl.ts","../auth/src/core/util/instantiator.ts","../auth/src/core/persistence/in_memory.ts","../auth/src/core/persistence/persistence_user_manager.ts","../auth/src/core/util/browser.ts","../auth/src/core/util/version.ts","../auth/src/core/auth/middleware.ts","../auth/src/core/auth/password_policy_impl.ts","../auth/src/core/auth/auth_impl.ts","../auth/src/api/password_policy/get_password_policy.ts","../auth/src/platform_browser/load_js.ts","../auth/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.ts","../auth/src/core/auth/initialize.ts","../auth/src/core/auth/emulator.ts","../auth/src/core/credentials/auth_credential.ts","../auth/src/api/account_management/email_and_password.ts","../auth/src/api/authentication/email_and_password.ts","../auth/src/core/credentials/email.ts","../auth/src/api/authentication/email_link.ts","../auth/src/api/authentication/idp.ts","../auth/src/core/credentials/oauth.ts","../auth/src/api/authentication/sms.ts","../auth/src/core/credentials/phone.ts","../auth/src/core/action_code_url.ts","../auth/src/core/providers/email.ts","../auth/src/core/providers/federated.ts","../auth/src/core/providers/oauth.ts","../auth/src/core/providers/facebook.ts","../auth/src/core/providers/google.ts","../auth/src/core/providers/github.ts","../auth/src/core/credentials/saml.ts","../auth/src/core/providers/saml.ts","../auth/src/core/providers/twitter.ts","../auth/src/api/authentication/sign_up.ts","../auth/src/core/user/user_credential_impl.ts","../auth/src/core/strategies/anonymous.ts","../auth/src/mfa/mfa_error.ts","../auth/src/core/util/providers.ts","../auth/src/core/user/link_unlink.ts","../auth/src/core/user/reauthenticate.ts","../auth/src/core/strategies/credential.ts","../auth/src/core/strategies/custom_token.ts","../auth/src/api/authentication/custom_token.ts","../auth/src/mfa/mfa_info.ts","../auth/src/core/strategies/action_code_settings.ts","../auth/src/core/strategies/email_and_password.ts","../auth/src/core/strategies/email_link.ts","../auth/src/core/strategies/email.ts","../auth/src/api/authentication/create_auth_uri.ts","../auth/src/core/user/account_info.ts","../auth/src/api/account_management/profile.ts","../auth/src/core/user/additional_user_info.ts","../auth/src/core/index.ts","../auth/src/mfa/mfa_session.ts","../auth/src/mfa/mfa_resolver.ts","../auth/src/mfa/mfa_user.ts","../auth/src/api/account_management/mfa.ts","../auth/src/platform_browser/persistence/browser.ts","../auth/src/core/persistence/index.ts","../auth/src/platform_browser/persistence/local_storage.ts","../auth/src/platform_browser/persistence/session_storage.ts","../auth/src/platform_browser/messagechannel/receiver.ts","../auth/src/platform_browser/messagechannel/promise.ts","../auth/src/core/util/event_id.ts","../auth/src/platform_browser/messagechannel/sender.ts","../auth/src/platform_browser/auth_window.ts","../auth/src/platform_browser/util/worker.ts","../auth/src/platform_browser/persistence/indexed_db.ts","../auth/src/platform_browser/recaptcha/recaptcha_mock.ts","../auth/src/platform_browser/recaptcha/recaptcha_loader.ts","../auth/src/platform_browser/recaptcha/recaptcha_verifier.ts","../auth/src/platform_browser/strategies/phone.ts","../auth/src/api/authentication/mfa.ts","../auth/src/platform_browser/providers/phone.ts","../auth/src/core/util/resolver.ts","../auth/src/core/strategies/idp.ts","../auth/src/core/strategies/abstract_popup_redirect_operation.ts","../auth/src/platform_browser/strategies/popup.ts","../auth/src/core/strategies/redirect.ts","../auth/src/platform_browser/strategies/redirect.ts","../auth/src/core/auth/auth_event_manager.ts","../auth/src/core/util/validate_origin.ts","../auth/src/api/project_config/get_project_config.ts","../auth/src/platform_browser/iframe/gapi.ts","../auth/src/platform_browser/iframe/iframe.ts","../auth/src/platform_browser/util/popup.ts","../auth/src/core/util/handler.ts","../auth/src/platform_browser/popup_redirect.ts","../auth/src/mfa/mfa_assertion.ts","../auth/src/platform_browser/mfa/assertions/phone.ts","../auth/src/mfa/assertions/totp.ts","../auth/src/core/auth/firebase_internal.ts","../auth/src/platform_browser/index.ts","../auth/src/core/auth/register.ts"],"sourcesContent":["/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nconst stringToByteArray = function (str: string): number[] {\n // TODO(user): Use native implementations if/when available\n const out: number[] = [];\n let p = 0;\n for (let i = 0; i < str.length; i++) {\n let c = str.charCodeAt(i);\n if (c < 128) {\n out[p++] = c;\n } else if (c < 2048) {\n out[p++] = (c >> 6) | 192;\n out[p++] = (c & 63) | 128;\n } else if (\n (c & 0xfc00) === 0xd800 &&\n i + 1 < str.length &&\n (str.charCodeAt(i + 1) & 0xfc00) === 0xdc00\n ) {\n // Surrogate Pair\n c = 0x10000 + ((c & 0x03ff) << 10) + (str.charCodeAt(++i) & 0x03ff);\n out[p++] = (c >> 18) | 240;\n out[p++] = ((c >> 12) & 63) | 128;\n out[p++] = ((c >> 6) & 63) | 128;\n out[p++] = (c & 63) | 128;\n } else {\n out[p++] = (c >> 12) | 224;\n out[p++] = ((c >> 6) & 63) | 128;\n out[p++] = (c & 63) | 128;\n }\n }\n return out;\n};\n\n/**\n * Turns an array of numbers into the string given by the concatenation of the\n * characters to which the numbers correspond.\n * @param bytes Array of numbers representing characters.\n * @return Stringification of the array.\n */\nconst byteArrayToString = function (bytes: number[]): string {\n // TODO(user): Use native implementations if/when available\n const out: string[] = [];\n let pos = 0,\n c = 0;\n while (pos < bytes.length) {\n const c1 = bytes[pos++];\n if (c1 < 128) {\n out[c++] = String.fromCharCode(c1);\n } else if (c1 > 191 && c1 < 224) {\n const c2 = bytes[pos++];\n out[c++] = String.fromCharCode(((c1 & 31) << 6) | (c2 & 63));\n } else if (c1 > 239 && c1 < 365) {\n // Surrogate Pair\n const c2 = bytes[pos++];\n const c3 = bytes[pos++];\n const c4 = bytes[pos++];\n const u =\n (((c1 & 7) << 18) | ((c2 & 63) << 12) | ((c3 & 63) << 6) | (c4 & 63)) -\n 0x10000;\n out[c++] = String.fromCharCode(0xd800 + (u >> 10));\n out[c++] = String.fromCharCode(0xdc00 + (u & 1023));\n } else {\n const c2 = bytes[pos++];\n const c3 = bytes[pos++];\n out[c++] = String.fromCharCode(\n ((c1 & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63)\n );\n }\n }\n return out.join('');\n};\n\ninterface Base64 {\n byteToCharMap_: { [key: number]: string } | null;\n charToByteMap_: { [key: string]: number } | null;\n byteToCharMapWebSafe_: { [key: number]: string } | null;\n charToByteMapWebSafe_: { [key: string]: number } | null;\n ENCODED_VALS_BASE: string;\n readonly ENCODED_VALS: string;\n readonly ENCODED_VALS_WEBSAFE: string;\n HAS_NATIVE_SUPPORT: boolean;\n encodeByteArray(input: number[] | Uint8Array, webSafe?: boolean): string;\n encodeString(input: string, webSafe?: boolean): string;\n decodeString(input: string, webSafe: boolean): string;\n decodeStringToByteArray(input: string, webSafe: boolean): number[];\n init_(): void;\n}\n\n// We define it as an object literal instead of a class because a class compiled down to es5 can't\n// be treeshaked. https://github.com/rollup/rollup/issues/1691\n// Static lookup maps, lazily populated by init_()\nexport const base64: Base64 = {\n /**\n * Maps bytes to characters.\n */\n byteToCharMap_: null,\n\n /**\n * Maps characters to bytes.\n */\n charToByteMap_: null,\n\n /**\n * Maps bytes to websafe characters.\n * @private\n */\n byteToCharMapWebSafe_: null,\n\n /**\n * Maps websafe characters to bytes.\n * @private\n */\n charToByteMapWebSafe_: null,\n\n /**\n * Our default alphabet, shared between\n * ENCODED_VALS and ENCODED_VALS_WEBSAFE\n */\n ENCODED_VALS_BASE:\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' + '0123456789',\n\n /**\n * Our default alphabet. Value 64 (=) is special; it means \"nothing.\"\n */\n get ENCODED_VALS() {\n return this.ENCODED_VALS_BASE + '+/=';\n },\n\n /**\n * Our websafe alphabet.\n */\n get ENCODED_VALS_WEBSAFE() {\n return this.ENCODED_VALS_BASE + '-_.';\n },\n\n /**\n * Whether this browser supports the atob and btoa functions. This extension\n * started at Mozilla but is now implemented by many browsers. We use the\n * ASSUME_* variables to avoid pulling in the full useragent detection library\n * but still allowing the standard per-browser compilations.\n *\n */\n HAS_NATIVE_SUPPORT: typeof atob === 'function',\n\n /**\n * Base64-encode an array of bytes.\n *\n * @param input An array of bytes (numbers with\n * value in [0, 255]) to encode.\n * @param webSafe Boolean indicating we should use the\n * alternative alphabet.\n * @return The base64 encoded string.\n */\n encodeByteArray(input: number[] | Uint8Array, webSafe?: boolean): string {\n if (!Array.isArray(input)) {\n throw Error('encodeByteArray takes an array as a parameter');\n }\n\n this.init_();\n\n const byteToCharMap = webSafe\n ? this.byteToCharMapWebSafe_!\n : this.byteToCharMap_!;\n\n const output = [];\n\n for (let i = 0; i < input.length; i += 3) {\n const byte1 = input[i];\n const haveByte2 = i + 1 < input.length;\n const byte2 = haveByte2 ? input[i + 1] : 0;\n const haveByte3 = i + 2 < input.length;\n const byte3 = haveByte3 ? input[i + 2] : 0;\n\n const outByte1 = byte1 >> 2;\n const outByte2 = ((byte1 & 0x03) << 4) | (byte2 >> 4);\n let outByte3 = ((byte2 & 0x0f) << 2) | (byte3 >> 6);\n let outByte4 = byte3 & 0x3f;\n\n if (!haveByte3) {\n outByte4 = 64;\n\n if (!haveByte2) {\n outByte3 = 64;\n }\n }\n\n output.push(\n byteToCharMap[outByte1],\n byteToCharMap[outByte2],\n byteToCharMap[outByte3],\n byteToCharMap[outByte4]\n );\n }\n\n return output.join('');\n },\n\n /**\n * Base64-encode a string.\n *\n * @param input A string to encode.\n * @param webSafe If true, we should use the\n * alternative alphabet.\n * @return The base64 encoded string.\n */\n encodeString(input: string, webSafe?: boolean): string {\n // Shortcut for Mozilla browsers that implement\n // a native base64 encoder in the form of \"btoa/atob\"\n if (this.HAS_NATIVE_SUPPORT && !webSafe) {\n return btoa(input);\n }\n return this.encodeByteArray(stringToByteArray(input), webSafe);\n },\n\n /**\n * Base64-decode a string.\n *\n * @param input to decode.\n * @param webSafe True if we should use the\n * alternative alphabet.\n * @return string representing the decoded value.\n */\n decodeString(input: string, webSafe: boolean): string {\n // Shortcut for Mozilla browsers that implement\n // a native base64 encoder in the form of \"btoa/atob\"\n if (this.HAS_NATIVE_SUPPORT && !webSafe) {\n return atob(input);\n }\n return byteArrayToString(this.decodeStringToByteArray(input, webSafe));\n },\n\n /**\n * Base64-decode a string.\n *\n * In base-64 decoding, groups of four characters are converted into three\n * bytes. If the encoder did not apply padding, the input length may not\n * be a multiple of 4.\n *\n * In this case, the last group will have fewer than 4 characters, and\n * padding will be inferred. If the group has one or two characters, it decodes\n * to one byte. If the group has three characters, it decodes to two bytes.\n *\n * @param input Input to decode.\n * @param webSafe True if we should use the web-safe alphabet.\n * @return bytes representing the decoded value.\n */\n decodeStringToByteArray(input: string, webSafe: boolean): number[] {\n this.init_();\n\n const charToByteMap = webSafe\n ? this.charToByteMapWebSafe_!\n : this.charToByteMap_!;\n\n const output: number[] = [];\n\n for (let i = 0; i < input.length; ) {\n const byte1 = charToByteMap[input.charAt(i++)];\n\n const haveByte2 = i < input.length;\n const byte2 = haveByte2 ? charToByteMap[input.charAt(i)] : 0;\n ++i;\n\n const haveByte3 = i < input.length;\n const byte3 = haveByte3 ? charToByteMap[input.charAt(i)] : 64;\n ++i;\n\n const haveByte4 = i < input.length;\n const byte4 = haveByte4 ? charToByteMap[input.charAt(i)] : 64;\n ++i;\n\n if (byte1 == null || byte2 == null || byte3 == null || byte4 == null) {\n throw new DecodeBase64StringError();\n }\n\n const outByte1 = (byte1 << 2) | (byte2 >> 4);\n output.push(outByte1);\n\n if (byte3 !== 64) {\n const outByte2 = ((byte2 << 4) & 0xf0) | (byte3 >> 2);\n output.push(outByte2);\n\n if (byte4 !== 64) {\n const outByte3 = ((byte3 << 6) & 0xc0) | byte4;\n output.push(outByte3);\n }\n }\n }\n\n return output;\n },\n\n /**\n * Lazy static initialization function. Called before\n * accessing any of the static map variables.\n * @private\n */\n init_() {\n if (!this.byteToCharMap_) {\n this.byteToCharMap_ = {};\n this.charToByteMap_ = {};\n this.byteToCharMapWebSafe_ = {};\n this.charToByteMapWebSafe_ = {};\n\n // We want quick mappings back and forth, so we precompute two maps.\n for (let i = 0; i < this.ENCODED_VALS.length; i++) {\n this.byteToCharMap_[i] = this.ENCODED_VALS.charAt(i);\n this.charToByteMap_[this.byteToCharMap_[i]] = i;\n this.byteToCharMapWebSafe_[i] = this.ENCODED_VALS_WEBSAFE.charAt(i);\n this.charToByteMapWebSafe_[this.byteToCharMapWebSafe_[i]] = i;\n\n // Be forgiving when decoding and correctly decode both encodings.\n if (i >= this.ENCODED_VALS_BASE.length) {\n this.charToByteMap_[this.ENCODED_VALS_WEBSAFE.charAt(i)] = i;\n this.charToByteMapWebSafe_[this.ENCODED_VALS.charAt(i)] = i;\n }\n }\n }\n }\n};\n\n/**\n * An error encountered while decoding base64 string.\n */\nexport class DecodeBase64StringError extends Error {\n readonly name = 'DecodeBase64StringError';\n}\n\n/**\n * URL-safe base64 encoding\n */\nexport const base64Encode = function (str: string): string {\n const utf8Bytes = stringToByteArray(str);\n return base64.encodeByteArray(utf8Bytes, true);\n};\n\n/**\n * URL-safe base64 encoding (without \".\" padding in the end).\n * e.g. Used in JSON Web Token (JWT) parts.\n */\nexport const base64urlEncodeWithoutPadding = function (str: string): string {\n // Use base64url encoding and remove padding in the end (dot characters).\n return base64Encode(str).replace(/\\./g, '');\n};\n\n/**\n * URL-safe base64 decoding\n *\n * NOTE: DO NOT use the global atob() function - it does NOT support the\n * base64Url variant encoding.\n *\n * @param str To be decoded\n * @return Decoded result, if possible\n */\nexport const base64Decode = function (str: string): string | null {\n try {\n return base64.decodeString(str, true);\n } catch (e) {\n console.error('base64Decode failed: ', e);\n }\n return null;\n};\n","/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { base64Decode } from './crypt';\nimport { getGlobal } from './global';\n\n/**\n * Keys for experimental properties on the `FirebaseDefaults` object.\n * @public\n */\nexport type ExperimentalKey = 'authTokenSyncURL' | 'authIdTokenMaxAge';\n\n/**\n * An object that can be injected into the environment as __FIREBASE_DEFAULTS__,\n * either as a property of globalThis, a shell environment variable, or a\n * cookie.\n *\n * This object can be used to automatically configure and initialize\n * a Firebase app as well as any emulators.\n *\n * @public\n */\nexport interface FirebaseDefaults {\n config?: Record<string, string>;\n emulatorHosts?: Record<string, string>;\n _authTokenSyncURL?: string;\n _authIdTokenMaxAge?: number;\n /**\n * Override Firebase's runtime environment detection and\n * force the SDK to act as if it were in the specified environment.\n */\n forceEnvironment?: 'browser' | 'node';\n [key: string]: unknown;\n}\n\ndeclare global {\n // Need `var` for this to work.\n // eslint-disable-next-line no-var\n var __FIREBASE_DEFAULTS__: FirebaseDefaults | undefined;\n}\n\nconst getDefaultsFromGlobal = (): FirebaseDefaults | undefined =>\n getGlobal().__FIREBASE_DEFAULTS__;\n\n/**\n * Attempt to read defaults from a JSON string provided to\n * process(.)env(.)__FIREBASE_DEFAULTS__ or a JSON file whose path is in\n * process(.)env(.)__FIREBASE_DEFAULTS_PATH__\n * The dots are in parens because certain compilers (Vite?) cannot\n * handle seeing that variable in comments.\n * See https://github.com/firebase/firebase-js-sdk/issues/6838\n */\nconst getDefaultsFromEnvVariable = (): FirebaseDefaults | undefined => {\n if (typeof process === 'undefined' || typeof process.env === 'undefined') {\n return;\n }\n const defaultsJsonString = process.env.__FIREBASE_DEFAULTS__;\n if (defaultsJsonString) {\n return JSON.parse(defaultsJsonString);\n }\n};\n\nconst getDefaultsFromCookie = (): FirebaseDefaults | undefined => {\n if (typeof document === 'undefined') {\n return;\n }\n let match;\n try {\n match = document.cookie.match(/__FIREBASE_DEFAULTS__=([^;]+)/);\n } catch (e) {\n // Some environments such as Angular Universal SSR have a\n // `document` object but error on accessing `document.cookie`.\n return;\n }\n const decoded = match && base64Decode(match[1]);\n return decoded && JSON.parse(decoded);\n};\n\n/**\n * Get the __FIREBASE_DEFAULTS__ object. It checks in order:\n * (1) if such an object exists as a property of `globalThis`\n * (2) if such an object was provided on a shell environment variable\n * (3) if such an object exists in a cookie\n * @public\n */\nexport const getDefaults = (): FirebaseDefaults | undefined => {\n try {\n return (\n getDefaultsFromGlobal() ||\n getDefaultsFromEnvVariable() ||\n getDefaultsFromCookie()\n );\n } catch (e) {\n /**\n * Catch-all for being unable to get __FIREBASE_DEFAULTS__ due\n * to any environment case we have not accounted for. Log to\n * info instead of swallowing so we can find these unknown cases\n * and add paths for them if needed.\n */\n console.info(`Unable to get __FIREBASE_DEFAULTS__ due to: ${e}`);\n return;\n }\n};\n\n/**\n * Returns emulator host stored in the __FIREBASE_DEFAULTS__ object\n * for the given product.\n * @returns a URL host formatted like `127.0.0.1:9999` or `[::1]:4000` if available\n * @public\n */\nexport const getDefaultEmulatorHost = (\n productName: string\n): string | undefined => getDefaults()?.emulatorHosts?.[productName];\n\n/**\n * Returns emulator hostname and port stored in the __FIREBASE_DEFAULTS__ object\n * for the given product.\n * @returns a pair of hostname and port like `[\"::1\", 4000]` if available\n * @public\n */\nexport const getDefaultEmulatorHostnameAndPort = (\n productName: string\n): [hostname: string, port: number] | undefined => {\n const host = getDefaultEmulatorHost(productName);\n if (!host) {\n return undefined;\n }\n const separatorIndex = host.lastIndexOf(':'); // Finding the last since IPv6 addr also has colons.\n if (separatorIndex <= 0 || separatorIndex + 1 === host.length) {\n throw new Error(`Invalid host ${host} with no separate hostname and port!`);\n }\n // eslint-disable-next-line no-restricted-globals\n const port = parseInt(host.substring(separatorIndex + 1), 10);\n if (host[0] === '[') {\n // Bracket-quoted `[ipv6addr]:port` => return \"ipv6addr\" (without brackets).\n return [host.substring(1, separatorIndex - 1), port];\n } else {\n return [host.substring(0, separatorIndex), port];\n }\n};\n\n/**\n * Returns Firebase app config stored in the __FIREBASE_DEFAULTS__ object.\n * @public\n */\nexport const getDefaultAppConfig = (): Record<string, string> | undefined =>\n getDefaults()?.config;\n\n/**\n * Returns an experimental setting on the __FIREBASE_DEFAULTS__ object (properties\n * prefixed by \"_\")\n * @public\n */\nexport const getExperimentalSetting = <T extends ExperimentalKey>(\n name: T\n): FirebaseDefaults[`_${T}`] =>\n getDefaults()?.[`_${name}`] as FirebaseDefaults[`_${T}`];\n","/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Polyfill for `globalThis` object.\n * @returns the `globalThis` object for the given environment.\n * @public\n */\nexport function getGlobal(): typeof globalThis {\n if (typeof self !== 'undefined') {\n return self;\n }\n if (typeof window !== 'undefined') {\n return window;\n }\n if (typeof global !== 'undefined') {\n return global;\n }\n throw new Error('Unable to locate global object.');\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CONSTANTS } from './constants';\nimport { getDefaults } from './defaults';\n\n/**\n * Returns navigator.userAgent string or '' if it's not defined.\n * @return user agent string\n */\nexport function getUA(): string {\n if (\n typeof navigator !== 'undefined' &&\n typeof navigator['userAgent'] === 'string'\n ) {\n return navigator['userAgent'];\n } else {\n return '';\n }\n}\n\n/**\n * Detect Cordova / PhoneGap / Ionic frameworks on a mobile device.\n *\n * Deliberately does not rely on checking `file://` URLs (as this fails PhoneGap\n * in the Ripple emulator) nor Cordova `onDeviceReady`, which would normally\n * wait for a callback.\n */\nexport function isMobileCordova(): boolean {\n return (\n typeof window !== 'undefined' &&\n // @ts-ignore Setting up an broadly applicable index signature for Window\n // just to deal with this case would probably be a bad idea.\n !!(window['cordova'] || window['phonegap'] || window['PhoneGap']) &&\n /ios|iphone|ipod|ipad|android|blackberry|iemobile/i.test(getUA())\n );\n}\n\n/**\n * Detect Node.js.\n *\n * @return true if Node.js environment is detected or specified.\n */\n// Node detection logic from: https://github.com/iliakan/detect-node/\nexport function isNode(): boolean {\n const forceEnvironment = getDefaults()?.forceEnvironment;\n if (forceEnvironment === 'node') {\n return true;\n } else if (forceEnvironment === 'browser') {\n return false;\n }\n\n try {\n return (\n Object.prototype.toString.call(global.process) === '[object process]'\n );\n } catch (e) {\n return false;\n }\n}\n\n/**\n * Detect Browser Environment\n */\nexport function isBrowser(): boolean {\n return typeof self === 'object' && self.self === self;\n}\n\n/**\n * Detect browser extensions (Chrome and Firefox at least).\n */\ninterface BrowserRuntime {\n id?: unknown;\n}\ndeclare const chrome: { runtime?: BrowserRuntime };\ndeclare const browser: { runtime?: BrowserRuntime };\nexport function isBrowserExtension(): boolean {\n const runtime =\n typeof chrome === 'object'\n ? chrome.runtime\n : typeof browser === 'object'\n ? browser.runtime\n : undefined;\n return typeof runtime === 'object' && runtime.id !== undefined;\n}\n\n/**\n * Detect React Native.\n *\n * @return true if ReactNative environment is detected.\n */\nexport function isReactNative(): boolean {\n return (\n typeof navigator === 'object' && navigator['product'] === 'ReactNative'\n );\n}\n\n/** Detects Electron apps. */\nexport function isElectron(): boolean {\n return getUA().indexOf('Electron/') >= 0;\n}\n\n/** Detects Internet Explorer. */\nexport function isIE(): boolean {\n const ua = getUA();\n return ua.indexOf('MSIE ') >= 0 || ua.indexOf('Trident/') >= 0;\n}\n\n/** Detects Universal Windows Platform apps. */\nexport function isUWP(): boolean {\n return getUA().indexOf('MSAppHost/') >= 0;\n}\n\n/**\n * Detect whether the current SDK build is the Node version.\n *\n * @return true if it's the Node SDK build.\n */\nexport function isNodeSdk(): boolean {\n return CONSTANTS.NODE_CLIENT === true || CONSTANTS.NODE_ADMIN === true;\n}\n\n/** Returns true if we are running in Safari. */\nexport function isSafari(): boolean {\n return (\n !isNode() &&\n !!navigator.userAgent &&\n navigator.userAgent.includes('Safari') &&\n !navigator.userAgent.includes('Chrome')\n );\n}\n\n/**\n * This method checks if indexedDB is supported by current browser/service worker context\n * @return true if indexedDB is supported by current browser/service worker context\n */\nexport function isIndexedDBAvailable(): boolean {\n try {\n return typeof indexedDB === 'object';\n } catch (e) {\n return false;\n }\n}\n\n/**\n * This method validates browser/sw context for indexedDB by opening a dummy indexedDB database and reject\n * if errors occur during the database open operation.\n *\n * @throws exception if current browser/sw context can't run idb.open (ex: Safari iframe, Firefox\n * private browsing)\n */\nexport function validateIndexedDBOpenable(): Promise<boolean> {\n return new Promise((resolve, reject) => {\n try {\n let preExist: boolean = true;\n const DB_CHECK_NAME =\n 'validate-browser-context-for-indexeddb-analytics-module';\n const request = self.indexedDB.open(DB_CHECK_NAME);\n request.onsuccess = () => {\n request.result.close();\n // delete database only when it doesn't pre-exist\n if (!preExist) {\n self.indexedDB.deleteDatabase(DB_CHECK_NAME);\n }\n resolve(true);\n };\n request.onupgradeneeded = () => {\n preExist = false;\n };\n\n request.onerror = () => {\n reject(request.error?.message || '');\n };\n } catch (error) {\n reject(error);\n }\n });\n}\n\n/**\n *\n * This method checks whether cookie is enabled within current browser\n * @return true if cookie is enabled within current browser\n */\nexport function areCookiesEnabled(): boolean {\n if (typeof navigator === 'undefined' || !navigator.cookieEnabled) {\n return false;\n }\n return true;\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n/**\n * @fileoverview Standardized Firebase Error.\n *\n * Usage:\n *\n * // Typescript string literals for type-safe codes\n * type Err =\n * 'unknown' |\n * 'object-not-found'\n * ;\n *\n * // Closure enum for type-safe error codes\n * // at-enum {string}\n * var Err = {\n * UNKNOWN: 'unknown',\n * OBJECT_NOT_FOUND: 'object-not-found',\n * }\n *\n * let errors: Map<Err, string> = {\n * 'generic-error': \"Unknown error\",\n * 'file-not-found': \"Could not find file: {$file}\",\n * };\n *\n * // Type-safe function - must pass a valid error code as param.\n * let error = new ErrorFactory<Err>('service', 'Service', errors);\n *\n * ...\n * throw error.create(Err.GENERIC);\n * ...\n * throw error.create(Err.FILE_NOT_FOUND, {'file': fileName});\n * ...\n * // Service: Could not file file: foo.txt (service/file-not-found).\n *\n * catch (e) {\n * assert(e.message === \"Could not find file: foo.txt.\");\n * if ((e as FirebaseError)?.code === 'service/file-not-found') {\n * console.log(\"Could not read file: \" + e['file']);\n * }\n * }\n */\n\nexport type ErrorMap<ErrorCode extends string> = {\n readonly [K in ErrorCode]: string;\n};\n\nconst ERROR_NAME = 'FirebaseError';\n\nexport interface StringLike {\n toString(): string;\n}\n\nexport interface ErrorData {\n [key: string]: unknown;\n}\n\n// Based on code from:\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error#Custom_Error_Types\nexport class FirebaseError extends Error {\n /** The custom name for all FirebaseErrors. */\n readonly name: string = ERROR_NAME;\n\n constructor(\n /** The error code for this error. */\n readonly code: string,\n message: string,\n /** Custom data for this error. */\n public customData?: Record<string, unknown>\n ) {\n super(message);\n\n // Fix For ES5\n // https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, FirebaseError.prototype);\n\n // Maintains proper stack trace for where our error was thrown.\n // Only available on V8.\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, ErrorFactory.prototype.create);\n }\n }\n}\n\nexport class ErrorFactory<\n ErrorCode extends string,\n ErrorParams extends { readonly [K in ErrorCode]?: ErrorData } = {}\n> {\n constructor(\n private readonly service: string,\n private readonly serviceName: string,\n private readonly errors: ErrorMap<ErrorCode>\n ) {}\n\n create<K extends ErrorCode>(\n code: K,\n ...data: K extends keyof ErrorParams ? [ErrorParams[K]] : []\n ): FirebaseError {\n const customData = (data[0] as ErrorData) || {};\n const fullCode = `${this.service}/${code}`;\n const template = this.errors[code];\n\n const message = template ? replaceTemplate(template, customData) : 'Error';\n // Service Name: Error message (service/code).\n const fullMessage = `${this.serviceName}: ${message} (${fullCode}).`;\n\n const error = new FirebaseError(fullCode, fullMessage, customData);\n\n return error;\n }\n}\n\nfunction replaceTemplate(template: string, data: ErrorData): string {\n return template.replace(PATTERN, (_, key) => {\n const value = data[key];\n return value != null ? String(value) : `<${key}?>`;\n });\n}\n\nconst PATTERN = /\\{\\$([^}]+)}/g;\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function contains<T extends object>(obj: T, key: string): boolean {\n return Object.prototype.hasOwnProperty.call(obj, key);\n}\n\nexport function safeGet<T extends object, K extends keyof T>(\n obj: T,\n key: K\n): T[K] | undefined {\n if (Object.prototype.hasOwnProperty.call(obj, key)) {\n return obj[key];\n } else {\n return undefined;\n }\n}\n\nexport function isEmpty(obj: object): obj is {} {\n for (const key in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, key)) {\n return false;\n }\n }\n return true;\n}\n\nexport function map<K extends string, V, U>(\n obj: { [key in K]: V },\n fn: (value: V, key: K, obj: { [key in K]: V }) => U,\n contextObj?: unknown\n): { [key in K]: U } {\n const res: Partial<{ [key in K]: U }> = {};\n for (const key in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, key)) {\n res[key] = fn.call(contextObj, obj[key], key, obj);\n }\n }\n return res as { [key in K]: U };\n}\n\n/**\n * Deep equal two objects. Support Arrays and Objects.\n */\nexport function deepEqual(a: object, b: object): boolean {\n if (a === b) {\n return true;\n }\n\n const aKeys = Object.keys(a);\n const bKeys = Object.keys(b);\n for (const k of aKeys) {\n if (!bKeys.includes(k)) {\n return false;\n }\n\n const aProp = (a as Record<string, unknown>)[k];\n const bProp = (b as Record<string, unknown>)[k];\n if (isObject(aProp) && isObject(bProp)) {\n if (!deepEqual(aProp, bProp)) {\n return false;\n }\n } else if (aProp !== bProp) {\n return false;\n }\n }\n\n for (const k of bKeys) {\n if (!aKeys.includes(k)) {\n return false;\n }\n }\n return true;\n}\n\nfunction isObject(thing: unknown): thing is object {\n return thing !== null && typeof thing === 'object';\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Returns a querystring-formatted string (e.g. &arg=val&arg2=val2) from a\n * params object (e.g. {arg: 'val', arg2: 'val2'})\n * Note: You must prepend it with ? when adding it to a URL.\n */\nexport function querystring(querystringParams: {\n [key: string]: string | number;\n}): string {\n const params = [];\n for (const [key, value] of Object.entries(querystringParams)) {\n if (Array.isArray(value)) {\n value.forEach(arrayVal => {\n params.push(\n encodeURIComponent(key) + '=' + encodeURIComponent(arrayVal)\n );\n });\n } else {\n params.push(encodeURIComponent(key) + '=' + encodeURIComponent(value));\n }\n }\n return params.length ? '&' + params.join('&') : '';\n}\n\n/**\n * Decodes a querystring (e.g. ?arg=val&arg2=val2) into a params object\n * (e.g. {arg: 'val', arg2: 'val2'})\n */\nexport function querystringDecode(querystring: string): Record<string, string> {\n const obj: Record<string, string> = {};\n const tokens = querystring.replace(/^\\?/, '').split('&');\n\n tokens.forEach(token => {\n if (token) {\n const [key, value] = token.split('=');\n obj[decodeURIComponent(key)] = decodeURIComponent(value);\n }\n });\n return obj;\n}\n\n/**\n * Extract the query string part of a URL, including the leading question mark (if present).\n */\nexport function extractQuerystring(url: string): string {\n const queryStart = url.indexOf('?');\n if (!queryStart) {\n return '';\n }\n const fragmentStart = url.indexOf('#', queryStart);\n return url.substring(\n queryStart,\n fragmentStart > 0 ? fragmentStart : undefined\n );\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nexport type NextFn<T> = (value: T) => void;\nexport type ErrorFn = (error: Error) => void;\nexport type CompleteFn = () => void;\n\nexport interface Observer<T> {\n // Called once for each value in a stream of values.\n next: NextFn<T>;\n\n // A stream terminates by a single call to EITHER error() or complete().\n error: ErrorFn;\n\n // No events will be sent to next() once complete() is called.\n complete: CompleteFn;\n}\n\nexport type PartialObserver<T> = Partial<Observer<T>>;\n\n// TODO: Support also Unsubscribe.unsubscribe?\nexport type Unsubscribe = () => void;\n\n/**\n * The Subscribe interface has two forms - passing the inline function\n * callbacks, or a object interface with callback properties.\n */\nexport interface Subscribe<T> {\n (next?: NextFn<T>, error?: ErrorFn, complete?: CompleteFn): Unsubscribe;\n (observer: PartialObserver<T>): Unsubscribe;\n}\n\nexport interface Observable<T> {\n // Subscribe method\n subscribe: Subscribe<T>;\n}\n\nexport type Executor<T> = (observer: Observer<T>) => void;\n\n/**\n * Helper to make a Subscribe function (just like Promise helps make a\n * Thenable).\n *\n * @param executor Function which can make calls to a single Observer\n * as a proxy.\n * @param onNoObservers Callback when count of Observers goes to zero.\n */\nexport function createSubscribe<T>(\n executor: Executor<T>,\n onNoObservers?: Executor<T>\n): Subscribe<T> {\n const proxy = new ObserverProxy<T>(executor, onNoObservers);\n return proxy.subscribe.bind(proxy);\n}\n\n/**\n * Implement fan-out for any number of Observers attached via a subscribe\n * function.\n */\nclass ObserverProxy<T> implements Observer<T> {\n private observers: Array<Observer<T>> | undefined = [];\n private unsubscribes: Unsubscribe[] = [];\n private onNoObservers: Executor<T> | undefined;\n private observerCount = 0;\n // Micro-task scheduling by calling task.then().\n private task = Promise.resolve();\n private finalized = false;\n private finalError?: Error;\n\n /**\n * @param executor Function which can make calls to a single Observer\n * as a proxy.\n * @param onNoObservers Callback when count of Observers goes to zero.\n */\n constructor(executor: Executor<T>, onNoObservers?: Executor<T>) {\n this.onNoObservers = onNoObservers;\n // Call the executor asynchronously so subscribers that are called\n // synchronously after the creation of the subscribe function\n // can still receive the very first value generated in the executor.\n this.task\n .then(() => {\n executor(this);\n })\n .catch(e => {\n this.error(e);\n });\n }\n\n next(value: T): void {\n this.forEachObserver((observer: Observer<T>) => {\n observer.next(value);\n });\n }\n\n error(error: Error): void {\n this.forEachObserver((observer: Observer<T>) => {\n observer.error(error);\n });\n this.close(error);\n }\n\n complete(): void {\n this.forEachObserver((observer: Observer<T>) => {\n observer.complete();\n });\n this.close();\n }\n\n /**\n * Subscribe function that can be used to add an Observer to the fan-out list.\n *\n * - We require that no event is sent to a subscriber sychronously to their\n * call to subscribe().\n */\n subscribe(\n nextOrObserver?: NextFn<T> | PartialObserver<T>,\n error?: ErrorFn,\n complete?: CompleteFn\n ): Unsubscribe {\n let observer: Observer<T>;\n\n if (\n nextOrObserver === undefined &&\n error === undefined &&\n complete === undefined\n ) {\n throw new Error('Missing Observer.');\n }\n\n // Assemble an Observer object when passed as callback functions.\n if (\n implementsAnyMethods(nextOrObserver as { [key: string]: unknown }, [\n 'next',\n 'error',\n 'complete'\n ])\n ) {\n observer = nextOrObserver as Observer<T>;\n } else {\n observer = {\n next: nextOrObserver as NextFn<T>,\n error,\n complete\n } as Observer<T>;\n }\n\n if (observer.next === undefined) {\n observer.next = noop as NextFn<T>;\n }\n if (observer.error === undefined) {\n observer.error = noop as ErrorFn;\n }\n if (observer.complete === undefined) {\n observer.complete = noop as CompleteFn;\n }\n\n const unsub = this.unsubscribeOne.bind(this, this.observers!.length);\n\n // Attempt to subscribe to a terminated Observable - we\n // just respond to the Observer with the final error or complete\n // event.\n if (this.finalized) {\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n this.task.then(() => {\n try {\n if (this.finalError) {\n observer.error(this.finalError);\n } else {\n observer.complete();\n }\n } catch (e) {\n // nothing\n }\n return;\n });\n }\n\n this.observers!.push(observer as Observer<T>);\n\n return unsub;\n }\n\n // Unsubscribe is synchronous - we guarantee that no events are sent to\n // any unsubscribed Observer.\n private unsubscribeOne(i: number): void {\n if (this.observers === undefined || this.observers[i] === undefined) {\n return;\n }\n\n delete this.observers[i];\n\n this.observerCount -= 1;\n if (this.observerCount === 0 && this.onNoObservers !== undefined) {\n this.onNoObservers(this);\n }\n }\n\n private forEachObserver(fn: (observer: Observer<T>) => void): void {\n if (this.finalized) {\n // Already closed by previous event....just eat the additional values.\n return;\n }\n\n // Since sendOne calls asynchronously - there is no chance that\n // this.observers will become undefined.\n for (let i = 0; i < this.observers!.length; i++) {\n this.sendOne(i, fn);\n }\n }\n\n // Call the Observer via one of it's callback function. We are careful to\n // confirm that the observe has not been unsubscribed since this asynchronous\n // function had been queued.\n private sendOne(i: number, fn: (observer: Observer<T>) => void): void {\n // Execute the callback asynchronously\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n this.task.then(() => {\n if (this.observers !== undefined && this.observers[i] !== undefined) {\n try {\n fn(this.observers[i]);\n } catch (e) {\n // Ignore exceptions raised in Observers or missing methods of an\n // Observer.\n // Log error to console. b/31404806\n if (typeof console !== 'undefined' && console.error) {\n console.error(e);\n }\n }\n }\n });\n }\n\n private close(err?: Error): void {\n if (this.finalized) {\n return;\n }\n this.finalized = true;\n if (err !== undefined) {\n this.finalError = err;\n }\n // Proxy is no longer needed - garbage collect references\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n this.task.then(() => {\n this.observers = undefined;\n this.onNoObservers = undefined;\n });\n }\n}\n\n/** Turn synchronous function into one called asynchronously. */\n// eslint-disable-next-line @typescript-eslint/ban-types\nexport function async(fn: Function, onError?: ErrorFn): Function {\n return (...args: unknown[]) => {\n Promise.resolve(true)\n .then(() => {\n fn(...args);\n })\n .catch((error: Error) => {\n if (onError) {\n onError(error);\n }\n });\n };\n}\n\n/**\n * Return true if the object passed in implements any of the named methods.\n */\nfunction implementsAnyMethods(\n obj: { [key: string]: unknown },\n methods: string[]\n): boolean {\n if (typeof obj !== 'object' || obj === null) {\n return false;\n }\n\n for (const method of methods) {\n if (method in obj && typeof obj[method] === 'function') {\n return true;\n }\n }\n\n return false;\n}\n\nfunction noop(): void {\n // do nothing\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport interface Compat<T> {\n _delegate: T;\n}\n\nexport function getModularInstance<ExpService>(\n service: Compat<ExpService> | ExpService\n): ExpService {\n if (service && (service as Compat<ExpService>)._delegate) {\n return (service as Compat<ExpService>)._delegate;\n } else {\n return service as ExpService;\n }\n}\n","/**\n * @license\n * Copyright 2017 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport type LogLevelString =\n | 'debug'\n | 'verbose'\n | 'info'\n | 'warn'\n | 'error'\n | 'silent';\n\nexport interface LogOptions {\n level: LogLevelString;\n}\n\nexport type LogCallback = (callbackParams: LogCallbackParams) => void;\n\nexport interface LogCallbackParams {\n level: LogLevelString;\n message: string;\n args: unknown[];\n type: string;\n}\n\n/**\n * A container for all of the Logger instances\n */\nexport const instances: Logger[] = [];\n\n/**\n * The JS SDK supports 5 log levels and also allows a user the ability to\n * silence the logs altogether.\n *\n * The order is a follows:\n * DEBUG < VERBOSE < INFO < WARN < ERROR\n *\n * All of the log types above the current log level will be captured (i.e. if\n * you set the log level to `INFO`, errors will still be logged, but `DEBUG` and\n * `VERBOSE` logs will not)\n */\nexport enum LogLevel {\n DEBUG,\n VERBOSE,\n INFO,\n WARN,\n ERROR,\n SILENT\n}\n\nconst levelStringToEnum: { [key in LogLevelString]: LogLevel } = {\n 'debug': LogLevel.DEBUG,\n 'verbose': LogLevel.VERBOSE,\n 'info': LogLevel.INFO,\n 'warn': LogLevel.WARN,\n 'error': LogLevel.ERROR,\n 'silent': LogLevel.SILENT\n};\n\n/**\n * The default log level\n */\nconst defaultLogLevel: LogLevel = LogLevel.INFO;\n\n/**\n * We allow users the ability to pass their own log handler. We will pass the\n * type of log, the current log level, and any other arguments passed (i.e. the\n * messages that the user wants to log) to this function.\n */\nexport type LogHandler = (\n loggerInstance: Logger,\n logType: LogLevel,\n ...args: unknown[]\n) => void;\n\n/**\n * By default, `console.debug` is not displayed in the developer console (in\n * chrome). To avoid forcing users to have to opt-in to these logs twice\n * (i.e. once for firebase, and once in the console), we are sending `DEBUG`\n * logs to the `console.log` function.\n */\nconst ConsoleMethod = {\n [LogLevel.DEBUG]: 'log',\n [LogLevel.VERBOSE]: 'log',\n [LogLevel.INFO]: 'info',\n [LogLevel.WARN]: 'warn',\n [LogLevel.ERROR]: 'error'\n};\n\n/**\n * The default log handler will forward DEBUG, VERBOSE, INFO, WARN, and ERROR\n * messages on to their corresponding console counterparts (if the log method\n * is supported by the current log level)\n */\nconst defaultLogHandler: LogHandler = (instance, logType, ...args): void => {\n if (logType < instance.logLevel) {\n return;\n }\n const now = new Date().toISOString();\n const method = ConsoleMethod[logType as keyof typeof ConsoleMethod];\n if (method) {\n console[method as 'log' | 'info' | 'warn' | 'error'](\n `[${now}] ${instance.name}:`,\n ...args\n );\n } else {\n throw new Error(\n `Attempted to log a message with an invalid logType (value: ${logType})`\n );\n }\n};\n\nexport class Logger {\n /**\n * Gives you an instance of a Logger to capture messages according to\n * Firebase's logging scheme.\n *\n * @param name The name that the logs will be associated with\n */\n constructor(public name: string) {\n /**\n * Capture the current instance for later use\n */\n instances.push(this);\n }\n\n /**\n * The log level of the given Logger instance.\n */\n private _logLevel = defaultLogLevel;\n\n get logLevel(): LogLevel {\n return this._logLevel;\n }\n\n set logLevel(val: LogLevel) {\n if (!(val in LogLevel)) {\n throw new TypeError(`Invalid value \"${val}\" assigned to \\`logLevel\\``);\n }\n this._logLevel = val;\n }\n\n // Workaround for setter/getter having to be the same type.\n setLogLevel(val: LogLevel | LogLevelString): void {\n this._logLevel = typeof val === 'string' ? levelStringToEnum[val] : val;\n }\n\n /**\n * The main (internal) log handler for the Logger instance.\n * Can be set to a new function in internal package code but not by user.\n */\n private _logHandler: LogHandler = defaultLogHandler;\n get logHandler(): LogHandler {\n return this._logHandler;\n }\n set logHandler(val: LogHandler) {\n if (typeof val !== 'function') {\n throw new TypeError('Value assigned to `logHandler` must be a function');\n }\n this._logHandler = val;\n }\n\n /**\n * The optional, additional, user-defined log handler for the Logger instance.\n */\n private _userLogHandler: LogHandler | null = null;\n get userLogHandler(): LogHandler | null {\n return this._userLogHandler;\n }\n set userLogHandler(val: LogHandler | null) {\n this._userLogHandler = val;\n }\n\n /**\n * The functions below are all based on the `console` interface\n */\n\n debug(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.DEBUG, ...args);\n this._logHandler(this, LogLevel.DEBUG, ...args);\n }\n log(...args: unknown[]): void {\n this._userLogHandler &&\n this._userLogHandler(this, LogLevel.VERBOSE, ...args);\n this._logHandler(this, LogLevel.VERBOSE, ...args);\n }\n info(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.INFO, ...args);\n this._logHandler(this, LogLevel.INFO, ...args);\n }\n warn(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.WARN, ...args);\n this._logHandler(this, LogLevel.WARN, ...args);\n }\n error(...args: unknown[]): void {\n this._userLogHandler && this._userLogHandler(this, LogLevel.ERROR, ...args);\n this._logHandler(this, LogLevel.ERROR, ...args);\n }\n}\n\nexport function setLogLevel(level: LogLevelString | LogLevel): void {\n instances.forEach(inst => {\n inst.setLogLevel(level);\n });\n}\n\nexport function setUserLogHandler(\n logCallback: LogCallback | null,\n options?: LogOptions\n): void {\n for (const instance of instances) {\n let customLogLevel: LogLevel | null = null;\n if (options && options.level) {\n customLogLevel = levelStringToEnum[options.level];\n }\n if (logCallback === null) {\n instance.userLogHandler = null;\n } else {\n instance.userLogHandler = (\n instance: Logger,\n level: LogLevel,\n ...args: unknown[]\n ) => {\n const message = args\n .map(arg => {\n if (arg == null) {\n return null;\n } else if (typeof arg === 'string') {\n return arg;\n } else if (typeof arg === 'number' || typeof arg === 'boolean') {\n return arg.toString();\n } else if (arg instanceof Error) {\n return arg.message;\n } else {\n try {\n return JSON.stringify(arg);\n } catch (ignored) {\n return null;\n }\n }\n })\n .filter(arg => arg)\n .join(' ');\n if (level >= (customLogLevel ?? instance.logLevel)) {\n logCallback({\n level: LogLevel[level].toLowerCase() as LogLevelString,\n message,\n args,\n type: instance.name\n });\n }\n };\n }\n }\n}\n","/*! *****************************************************************************\r\nCopyright (c) Microsoft Corporation.\r\n\r\nPermission to use, copy, modify, and/or distribute this software for any\r\npurpose with or without fee is hereby granted.\r\n\r\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\r\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\r\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\r\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\r\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\r\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\r\nPERFORMANCE OF THIS SOFTWARE.\r\n***************************************************************************** */\r\n/* global Reflect, Promise */\r\n\r\nvar extendStatics = function(d, b) {\r\n extendStatics = Object.setPrototypeOf ||\r\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\r\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\r\n return extendStatics(d, b);\r\n};\r\n\r\nexport function __extends(d, b) {\r\n if (typeof b !== \"function\" && b !== null)\r\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\r\n extendStatics(d, b);\r\n function __() { this.constructor = d; }\r\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\r\n}\r\n\r\nexport var __assign = function() {\r\n __assign = Object.assign || function __assign(t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];\r\n }\r\n return t;\r\n }\r\n return __assign.apply(this, arguments);\r\n}\r\n\r\nexport function __rest(s, e) {\r\n var t = {};\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)\r\n t[p] = s[p];\r\n if (s != null && typeof Object.getOwnPropertySymbols === \"function\")\r\n for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {\r\n if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))\r\n t[p[i]] = s[p[i]];\r\n }\r\n return t;\r\n}\r\n\r\nexport function __decorate(decorators, target, key, desc) {\r\n var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;\r\n if (typeof Reflect === \"object\" && typeof Reflect.decorate === \"function\") r = Reflect.decorate(decorators, target, key, desc);\r\n else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;\r\n return c > 3 && r && Object.defineProperty(target, key, r), r;\r\n}\r\n\r\nexport function __param(paramIndex, decorator) {\r\n return function (target, key) { decorator(target, key, paramIndex); }\r\n}\r\n\r\nexport function __metadata(metadataKey, metadataValue) {\r\n if (typeof Reflect === \"object\" && typeof Reflect.metadata === \"function\") return Reflect.metadata(metadataKey, metadataValue);\r\n}\r\n\r\nexport function __awaiter(thisArg, _arguments, P, generator) {\r\n function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\r\n return new (P || (P = Promise))(function (resolve, reject) {\r\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\r\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\r\n function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\r\n step((generator = generator.apply(thisArg, _arguments || [])).next());\r\n });\r\n}\r\n\r\nexport function __generator(thisArg, body) {\r\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\r\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\r\n function verb(n) { return function (v) { return step([n, v]); }; }\r\n function step(op) {\r\n if (f) throw new TypeError(\"Generator is already executing.\");\r\n while (_) try {\r\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\r\n if (y = 0, t) op = [op[0] & 2, t.value];\r\n switch (op[0]) {\r\n case 0: case 1: t = op; break;\r\n case 4: _.label++; return { value: op[1], done: false };\r\n case 5: _.label++; y = op[1]; op = [0]; continue;\r\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\r\n default:\r\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\r\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\r\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\r\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\r\n if (t[2]) _.ops.pop();\r\n _.trys.pop(); continue;\r\n }\r\n op = body.call(thisArg, _);\r\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\r\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\r\n }\r\n}\r\n\r\nexport var __createBinding = Object.create ? (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\r\n}) : (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n o[k2] = m[k];\r\n});\r\n\r\nexport function __exportStar(m, o) {\r\n for (var p in m) if (p !== \"default\" && !Object.prototype.hasOwnProperty.call(o, p)) __createBinding(o, m, p);\r\n}\r\n\r\nexport function __values(o) {\r\n var s = typeof Symbol === \"function\" && Symbol.iterator, m = s && o[s], i = 0;\r\n if (m) return m.call(o);\r\n if (o && typeof o.length === \"number\") return {\r\n next: function () {\r\n if (o && i >= o.length) o = void 0;\r\n return { value: o && o[i++], done: !o };\r\n }\r\n };\r\n throw new TypeError(s ? \"Object is not iterable.\" : \"Symbol.iterator is not defined.\");\r\n}\r\n\r\nexport function __read(o, n) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator];\r\n if (!m) return o;\r\n var i = m.call(o), r, ar = [], e;\r\n try {\r\n while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);\r\n }\r\n catch (error) { e = { error: error }; }\r\n finally {\r\n try {\r\n if (r && !r.done && (m = i[\"return\"])) m.call(i);\r\n }\r\n finally { if (e) throw e.error; }\r\n }\r\n return ar;\r\n}\r\n\r\n/** @deprecated */\r\nexport function __spread() {\r\n for (var ar = [], i = 0; i < arguments.length; i++)\r\n ar = ar.concat(__read(arguments[i]));\r\n return ar;\r\n}\r\n\r\n/** @deprecated */\r\nexport function __spreadArrays() {\r\n for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length;\r\n for (var r = Array(s), k = 0, i = 0; i < il; i++)\r\n for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)\r\n r[k] = a[j];\r\n return r;\r\n}\r\n\r\nexport function __spreadArray(to, from, pack) {\r\n if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {\r\n if (ar || !(i in from)) {\r\n if (!ar) ar = Array.prototype.slice.call(from, 0, i);\r\n ar[i] = from[i];\r\n }\r\n }\r\n return to.concat(ar || Array.prototype.slice.call(from));\r\n}\r\n\r\nexport function __await(v) {\r\n return this instanceof __await ? (this.v = v, this) : new __await(v);\r\n}\r\n\r\nexport function __asyncGenerator(thisArg, _arguments, generator) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var g = generator.apply(thisArg, _arguments || []), i, q = [];\r\n return i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i;\r\n function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }\r\n function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }\r\n function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }\r\n function fulfill(value) { resume(\"next\", value); }\r\n function reject(value) { resume(\"throw\", value); }\r\n function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }\r\n}\r\n\r\nexport function __asyncDelegator(o) {\r\n var i, p;\r\n return i = {}, verb(\"next\"), verb(\"throw\", function (e) { throw e; }), verb(\"return\"), i[Symbol.iterator] = function () { return this; }, i;\r\n function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === \"return\" } : f ? f(v) : v; } : f; }\r\n}\r\n\r\nexport function __asyncValues(o) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var m = o[Symbol.asyncIterator], i;\r\n return m ? m.call(o) : (o = typeof __values === \"function\" ? __values(o) : o[Symbol.iterator](), i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i);\r\n function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }\r\n function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }\r\n}\r\n\r\nexport function __makeTemplateObject(cooked, raw) {\r\n if (Object.defineProperty) { Object.defineProperty(cooked, \"raw\", { value: raw }); } else { cooked.raw = raw; }\r\n return cooked;\r\n};\r\n\r\nvar __setModuleDefault = Object.create ? (function(o, v) {\r\n Object.defineProperty(o, \"default\", { enumerable: true, value: v });\r\n}) : function(o, v) {\r\n o[\"default\"] = v;\r\n};\r\n\r\nexport function __importStar(mod) {\r\n if (mod && mod.__esModule) return mod;\r\n var result = {};\r\n if (mod != null) for (var k in mod) if (k !== \"default\" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\r\n __setModuleDefault(result, mod);\r\n return result;\r\n}\r\n\r\nexport function __importDefault(mod) {\r\n return (mod && mod.__esModule) ? mod : { default: mod };\r\n}\r\n\r\nexport function __classPrivateFieldGet(receiver, state, kind, f) {\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a getter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot read private member from an object whose class did not declare it\");\r\n return kind === \"m\" ? f : kind === \"a\" ? f.call(receiver) : f ? f.value : state.get(receiver);\r\n}\r\n\r\nexport function __classPrivateFieldSet(receiver, state, value, kind, f) {\r\n if (kind === \"m\") throw new TypeError(\"Private method is not writable\");\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a setter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot write private member to an object whose class did not declare it\");\r\n return (kind === \"a\" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;\r\n}\r\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n InstantiationMode,\n InstanceFactory,\n ComponentType,\n Dictionary,\n Name,\n onInstanceCreatedCallback\n} from './types';\n\n/**\n * Component for service name T, e.g. `auth`, `auth-internal`\n */\nexport class Component<T extends Name = Name> {\n multipleInstances = false;\n /**\n * Properties to be added to the service namespace\n */\n serviceProps: Dictionary = {};\n\n instantiationMode = InstantiationMode.LAZY;\n\n onInstanceCreated: onInstanceCreatedCallback<T> | null = null;\n\n /**\n *\n * @param name The public service name, e.g. app, auth, firestore, database\n * @param instanceFactory Service factory responsible for creating the public interface\n * @param type whether the service provided by the component is public or private\n */\n constructor(\n readonly name: T,\n readonly instanceFactory: InstanceFactory<T>,\n readonly type: ComponentType\n ) {}\n\n setInstantiationMode(mode: InstantiationMode): this {\n this.instantiationMode = mode;\n return this;\n }\n\n setMultipleInstances(multipleInstances: boolean): this {\n this.multipleInstances = multipleInstances;\n return this;\n }\n\n setServiceProps(props: Dictionary): this {\n this.serviceProps = props;\n return this;\n }\n\n setInstanceCreatedCallback(callback: onInstanceCreatedCallback<T>): this {\n this.onInstanceCreated = callback;\n return this;\n }\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * An enum of factors that may be used for multifactor authentication.\n *\n * @public\n */\nexport const FactorId = {\n /** Phone as second factor */\n PHONE: 'phone',\n TOTP: 'totp'\n} as const;\n\n/**\n * Enumeration of supported providers.\n *\n * @public\n */\nexport const ProviderId = {\n /** Facebook provider ID */\n FACEBOOK: 'facebook.com',\n /** GitHub provider ID */\n GITHUB: 'github.com',\n /** Google provider ID */\n GOOGLE: 'google.com',\n /** Password provider */\n PASSWORD: 'password',\n /** Phone provider */\n PHONE: 'phone',\n /** Twitter provider ID */\n TWITTER: 'twitter.com'\n} as const;\n\n/**\n * Enumeration of supported sign-in methods.\n *\n * @public\n */\nexport const SignInMethod = {\n /** Email link sign in method */\n EMAIL_LINK: 'emailLink',\n /** Email/password sign in method */\n EMAIL_PASSWORD: 'password',\n /** Facebook sign in method */\n FACEBOOK: 'facebook.com',\n /** GitHub sign in method */\n GITHUB: 'github.com',\n /** Google sign in method */\n GOOGLE: 'google.com',\n /** Phone sign in method */\n PHONE: 'phone',\n /** Twitter sign in method */\n TWITTER: 'twitter.com'\n} as const;\n\n/**\n * Enumeration of supported operation types.\n *\n * @public\n */\nexport const OperationType = {\n /** Operation involving linking an additional provider to an already signed-in user. */\n LINK: 'link',\n /** Operation involving using a provider to reauthenticate an already signed-in user. */\n REAUTHENTICATE: 'reauthenticate',\n /** Operation involving signing in a user. */\n SIGN_IN: 'signIn'\n} as const;\n\n/**\n * An enumeration of the possible email action types.\n *\n * @public\n */\nexport const ActionCodeOperation = {\n /** The email link sign-in action. */\n EMAIL_SIGNIN: 'EMAIL_SIGNIN',\n /** The password reset action. */\n PASSWORD_RESET: 'PASSWORD_RESET',\n /** The email revocation action. */\n RECOVER_EMAIL: 'RECOVER_EMAIL',\n /** The revert second factor addition email action. */\n REVERT_SECOND_FACTOR_ADDITION: 'REVERT_SECOND_FACTOR_ADDITION',\n /** The revert second factor addition email action. */\n VERIFY_AND_CHANGE_EMAIL: 'VERIFY_AND_CHANGE_EMAIL',\n /** The email verification action. */\n VERIFY_EMAIL: 'VERIFY_EMAIL'\n} as const;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorMap, User } from '../model/public_types';\nimport { ErrorFactory, ErrorMap } from '@firebase/util';\n\nimport { IdTokenMfaResponse } from '../api/authentication/mfa';\nimport { AppName } from '../model/auth';\nimport { AuthCredential } from './credentials';\n\n/**\n * Enumeration of Firebase Auth error codes.\n *\n * @internal\n */\nexport const enum AuthErrorCode {\n ADMIN_ONLY_OPERATION = 'admin-restricted-operation',\n ARGUMENT_ERROR = 'argument-error',\n APP_NOT_AUTHORIZED = 'app-not-authorized',\n APP_NOT_INSTALLED = 'app-not-installed',\n CAPTCHA_CHECK_FAILED = 'captcha-check-failed',\n CODE_EXPIRED = 'code-expired',\n CORDOVA_NOT_READY = 'cordova-not-ready',\n CORS_UNSUPPORTED = 'cors-unsupported',\n CREDENTIAL_ALREADY_IN_USE = 'credential-already-in-use',\n CREDENTIAL_MISMATCH = 'custom-token-mismatch',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN = 'requires-recent-login',\n DEPENDENT_SDK_INIT_BEFORE_AUTH = 'dependent-sdk-initialized-before-auth',\n DYNAMIC_LINK_NOT_ACTIVATED = 'dynamic-link-not-activated',\n EMAIL_CHANGE_NEEDS_VERIFICATION = 'email-change-needs-verification',\n EMAIL_EXISTS = 'email-already-in-use',\n EMULATOR_CONFIG_FAILED = 'emulator-config-failed',\n EXPIRED_OOB_CODE = 'expired-action-code',\n EXPIRED_POPUP_REQUEST = 'cancelled-popup-request',\n INTERNAL_ERROR = 'internal-error',\n INVALID_API_KEY = 'invalid-api-key',\n INVALID_APP_CREDENTIAL = 'invalid-app-credential',\n INVALID_APP_ID = 'invalid-app-id',\n INVALID_AUTH = 'invalid-user-token',\n INVALID_AUTH_EVENT = 'invalid-auth-event',\n INVALID_CERT_HASH = 'invalid-cert-hash',\n INVALID_CODE = 'invalid-verification-code',\n INVALID_CONTINUE_URI = 'invalid-continue-uri',\n INVALID_CORDOVA_CONFIGURATION = 'invalid-cordova-configuration',\n INVALID_CUSTOM_TOKEN = 'invalid-custom-token',\n INVALID_DYNAMIC_LINK_DOMAIN = 'invalid-dynamic-link-domain',\n INVALID_EMAIL = 'invalid-email',\n INVALID_EMULATOR_SCHEME = 'invalid-emulator-scheme',\n INVALID_CREDENTIAL = 'invalid-credential',\n INVALID_MESSAGE_PAYLOAD = 'invalid-message-payload',\n INVALID_MFA_SESSION = 'invalid-multi-factor-session',\n INVALID_OAUTH_CLIENT_ID = 'invalid-oauth-client-id',\n INVALID_OAUTH_PROVIDER = 'invalid-oauth-provider',\n INVALID_OOB_CODE = 'invalid-action-code',\n INVALID_ORIGIN = 'unauthorized-domain',\n INVALID_PASSWORD = 'wrong-password',\n INVALID_PERSISTENCE = 'invalid-persistence-type',\n INVALID_PHONE_NUMBER = 'invalid-phone-number',\n INVALID_PROVIDER_ID = 'invalid-provider-id',\n INVALID_RECIPIENT_EMAIL = 'invalid-recipient-email',\n INVALID_SENDER = 'invalid-sender',\n INVALID_SESSION_INFO = 'invalid-verification-id',\n INVALID_TENANT_ID = 'invalid-tenant-id',\n LOGIN_BLOCKED = 'login-blocked',\n MFA_INFO_NOT_FOUND = 'multi-factor-info-not-found',\n MFA_REQUIRED = 'multi-factor-auth-required',\n MISSING_ANDROID_PACKAGE_NAME = 'missing-android-pkg-name',\n MISSING_APP_CREDENTIAL = 'missing-app-credential',\n MISSING_AUTH_DOMAIN = 'auth-domain-config-required',\n MISSING_CODE = 'missing-verification-code',\n MISSING_CONTINUE_URI = 'missing-continue-uri',\n MISSING_IFRAME_START = 'missing-iframe-start',\n MISSING_IOS_BUNDLE_ID = 'missing-ios-bundle-id',\n MISSING_OR_INVALID_NONCE = 'missing-or-invalid-nonce',\n MISSING_MFA_INFO = 'missing-multi-factor-info',\n MISSING_MFA_SESSION = 'missing-multi-factor-session',\n MISSING_PHONE_NUMBER = 'missing-phone-number',\n MISSING_PASSWORD = 'missing-password',\n MISSING_SESSION_INFO = 'missing-verification-id',\n MODULE_DESTROYED = 'app-deleted',\n NEED_CONFIRMATION = 'account-exists-with-different-credential',\n NETWORK_REQUEST_FAILED = 'network-request-failed',\n NULL_USER = 'null-user',\n NO_AUTH_EVENT = 'no-auth-event',\n NO_SUCH_PROVIDER = 'no-such-provider',\n OPERATION_NOT_ALLOWED = 'operation-not-allowed',\n OPERATION_NOT_SUPPORTED = 'operation-not-supported-in-this-environment',\n POPUP_BLOCKED = 'popup-blocked',\n POPUP_CLOSED_BY_USER = 'popup-closed-by-user',\n PROVIDER_ALREADY_LINKED = 'provider-already-linked',\n QUOTA_EXCEEDED = 'quota-exceeded',\n REDIRECT_CANCELLED_BY_USER = 'redirect-cancelled-by-user',\n REDIRECT_OPERATION_PENDING = 'redirect-operation-pending',\n REJECTED_CREDENTIAL = 'rejected-credential',\n SECOND_FACTOR_ALREADY_ENROLLED = 'second-factor-already-in-use',\n SECOND_FACTOR_LIMIT_EXCEEDED = 'maximum-second-factor-count-exceeded',\n TENANT_ID_MISMATCH = 'tenant-id-mismatch',\n TIMEOUT = 'timeout',\n TOKEN_EXPIRED = 'user-token-expired',\n TOO_MANY_ATTEMPTS_TRY_LATER = 'too-many-requests',\n UNAUTHORIZED_DOMAIN = 'unauthorized-continue-uri',\n UNSUPPORTED_FIRST_FACTOR = 'unsupported-first-factor',\n UNSUPPORTED_PERSISTENCE = 'unsupported-persistence-type',\n UNSUPPORTED_TENANT_OPERATION = 'unsupported-tenant-operation',\n UNVERIFIED_EMAIL = 'unverified-email',\n USER_CANCELLED = 'user-cancelled',\n USER_DELETED = 'user-not-found',\n USER_DISABLED = 'user-disabled',\n USER_MISMATCH = 'user-mismatch',\n USER_SIGNED_OUT = 'user-signed-out',\n WEAK_PASSWORD = 'weak-password',\n WEB_STORAGE_UNSUPPORTED = 'web-storage-unsupported',\n ALREADY_INITIALIZED = 'already-initialized',\n RECAPTCHA_NOT_ENABLED = 'recaptcha-not-enabled',\n MISSING_RECAPTCHA_TOKEN = 'missing-recaptcha-token',\n INVALID_RECAPTCHA_TOKEN = 'invalid-recaptcha-token',\n INVALID_RECAPTCHA_ACTION = 'invalid-recaptcha-action',\n MISSING_CLIENT_TYPE = 'missing-client-type',\n MISSING_RECAPTCHA_VERSION = 'missing-recaptcha-version',\n INVALID_RECAPTCHA_VERSION = 'invalid-recaptcha-version',\n INVALID_REQ_TYPE = 'invalid-req-type',\n UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION = 'unsupported-password-policy-schema-version',\n PASSWORD_DOES_NOT_MEET_REQUIREMENTS = 'password-does-not-meet-requirements'\n}\n\nfunction _debugErrorMap(): ErrorMap<AuthErrorCode> {\n return {\n [AuthErrorCode.ADMIN_ONLY_OPERATION]:\n 'This operation is restricted to administrators only.',\n [AuthErrorCode.ARGUMENT_ERROR]: '',\n [AuthErrorCode.APP_NOT_AUTHORIZED]:\n \"This app, identified by the domain where it's hosted, is not \" +\n 'authorized to use Firebase Authentication with the provided API key. ' +\n 'Review your key configuration in the Google API console.',\n [AuthErrorCode.APP_NOT_INSTALLED]:\n 'The requested mobile application corresponding to the identifier (' +\n 'Android package name or iOS bundle ID) provided is not installed on ' +\n 'this device.',\n [AuthErrorCode.CAPTCHA_CHECK_FAILED]:\n 'The reCAPTCHA response token provided is either invalid, expired, ' +\n 'already used or the domain associated with it does not match the list ' +\n 'of whitelisted domains.',\n [AuthErrorCode.CODE_EXPIRED]:\n 'The SMS code has expired. Please re-send the verification code to try ' +\n 'again.',\n [AuthErrorCode.CORDOVA_NOT_READY]: 'Cordova framework is not ready.',\n [AuthErrorCode.CORS_UNSUPPORTED]: 'This browser is not supported.',\n [AuthErrorCode.CREDENTIAL_ALREADY_IN_USE]:\n 'This credential is already associated with a different user account.',\n [AuthErrorCode.CREDENTIAL_MISMATCH]:\n 'The custom token corresponds to a different audience.',\n [AuthErrorCode.CREDENTIAL_TOO_OLD_LOGIN_AGAIN]:\n 'This operation is sensitive and requires recent authentication. Log in ' +\n 'again before retrying this request.',\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]:\n 'Another Firebase SDK was initialized and is trying to use Auth before Auth is ' +\n 'initialized. Please be sure to call `initializeAuth` or `getAuth` before ' +\n 'starting any other Firebase SDK.',\n [AuthErrorCode.DYNAMIC_LINK_NOT_ACTIVATED]:\n 'Please activate Dynamic Links in the Firebase Console and agree to the terms and ' +\n 'conditions.',\n [AuthErrorCode.EMAIL_CHANGE_NEEDS_VERIFICATION]:\n 'Multi-factor users must always have a verified email.',\n [AuthErrorCode.EMAIL_EXISTS]:\n 'The email address is already in use by another account.',\n [AuthErrorCode.EMULATOR_CONFIG_FAILED]:\n 'Auth instance has already been used to make a network call. Auth can ' +\n 'no longer be configured to use the emulator. Try calling ' +\n '\"connectAuthEmulator()\" sooner.',\n [AuthErrorCode.EXPIRED_OOB_CODE]: 'The action code has expired.',\n [AuthErrorCode.EXPIRED_POPUP_REQUEST]:\n 'This operation has been cancelled due to another conflicting popup being opened.',\n [AuthErrorCode.INTERNAL_ERROR]: 'An internal AuthError has occurred.',\n [AuthErrorCode.INVALID_APP_CREDENTIAL]:\n 'The phone verification request contains an invalid application verifier.' +\n ' The reCAPTCHA token response is either invalid or expired.',\n [AuthErrorCode.INVALID_APP_ID]:\n 'The mobile app identifier is not registed for the current project.',\n [AuthErrorCode.INVALID_AUTH]:\n \"This user's credential isn't valid for this project. This can happen \" +\n \"if the user's token has been tampered with, or if the user isn't for \" +\n 'the project associated with this API key.',\n [AuthErrorCode.INVALID_AUTH_EVENT]: 'An internal AuthError has occurred.',\n [AuthErrorCode.INVALID_CODE]:\n 'The SMS verification code used to create the phone auth credential is ' +\n 'invalid. Please resend the verification code sms and be sure to use the ' +\n 'verification code provided by the user.',\n [AuthErrorCode.INVALID_CONTINUE_URI]:\n 'The continue URL provided in the request is invalid.',\n [AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]:\n 'The following Cordova plugins must be installed to enable OAuth sign-in: ' +\n 'cordova-plugin-buildinfo, cordova-universal-links-plugin, ' +\n 'cordova-plugin-browsertab, cordova-plugin-inappbrowser and ' +\n 'cordova-plugin-customurlscheme.',\n [AuthErrorCode.INVALID_CUSTOM_TOKEN]:\n 'The custom token format is incorrect. Please check the documentation.',\n [AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN]:\n 'The provided dynamic link domain is not configured or authorized for the current project.',\n [AuthErrorCode.INVALID_EMAIL]: 'The email address is badly formatted.',\n [AuthErrorCode.INVALID_EMULATOR_SCHEME]:\n 'Emulator URL must start with a valid scheme (http:// or https://).',\n [AuthErrorCode.INVALID_API_KEY]:\n 'Your API key is invalid, please check you have copied it correctly.',\n [AuthErrorCode.INVALID_CERT_HASH]:\n 'The SHA-1 certificate hash provided is invalid.',\n [AuthErrorCode.INVALID_CREDENTIAL]:\n 'The supplied auth credential is incorrect, malformed or has expired.',\n [AuthErrorCode.INVALID_MESSAGE_PAYLOAD]:\n 'The email template corresponding to this action contains invalid characters in its message. ' +\n 'Please fix by going to the Auth email templates section in the Firebase Console.',\n [AuthErrorCode.INVALID_MFA_SESSION]:\n 'The request does not contain a valid proof of first factor successful sign-in.',\n [AuthErrorCode.INVALID_OAUTH_PROVIDER]:\n 'EmailAuthProvider is not supported for this operation. This operation ' +\n 'only supports OAuth providers.',\n [AuthErrorCode.INVALID_OAUTH_CLIENT_ID]:\n 'The OAuth client ID provided is either invalid or does not match the ' +\n 'specified API key.',\n [AuthErrorCode.INVALID_ORIGIN]:\n 'This domain is not authorized for OAuth operations for your Firebase ' +\n 'project. Edit the list of authorized domains from the Firebase console.',\n [AuthErrorCode.INVALID_OOB_CODE]:\n 'The action code is invalid. This can happen if the code is malformed, ' +\n 'expired, or has already been used.',\n [AuthErrorCode.INVALID_PASSWORD]:\n 'The password is invalid or the user does not have a password.',\n [AuthErrorCode.INVALID_PERSISTENCE]:\n 'The specified persistence type is invalid. It can only be local, session or none.',\n [AuthErrorCode.INVALID_PHONE_NUMBER]:\n 'The format of the phone number provided is incorrect. Please enter the ' +\n 'phone number in a format that can be parsed into E.164 format. E.164 ' +\n 'phone numbers are written in the format [+][country code][subscriber ' +\n 'number including area code].',\n [AuthErrorCode.INVALID_PROVIDER_ID]:\n 'The specified provider ID is invalid.',\n [AuthErrorCode.INVALID_RECIPIENT_EMAIL]:\n 'The email corresponding to this action failed to send as the provided ' +\n 'recipient email address is invalid.',\n [AuthErrorCode.INVALID_SENDER]:\n 'The email template corresponding to this action contains an invalid sender email or name. ' +\n 'Please fix by going to the Auth email templates section in the Firebase Console.',\n [AuthErrorCode.INVALID_SESSION_INFO]:\n 'The verification ID used to create the phone auth credential is invalid.',\n [AuthErrorCode.INVALID_TENANT_ID]:\n \"The Auth instance's tenant ID is invalid.\",\n [AuthErrorCode.LOGIN_BLOCKED]:\n 'Login blocked by user-provided method: {$originalMessage}',\n [AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME]:\n 'An Android Package Name must be provided if the Android App is required to be installed.',\n [AuthErrorCode.MISSING_AUTH_DOMAIN]:\n 'Be sure to include authDomain when calling firebase.initializeApp(), ' +\n 'by following the instructions in the Firebase console.',\n [AuthErrorCode.MISSING_APP_CREDENTIAL]:\n 'The phone verification request is missing an application verifier ' +\n 'assertion. A reCAPTCHA response token needs to be provided.',\n [AuthErrorCode.MISSING_CODE]:\n 'The phone auth credential was created with an empty SMS verification code.',\n [AuthErrorCode.MISSING_CONTINUE_URI]:\n 'A continue URL must be provided in the request.',\n [AuthErrorCode.MISSING_IFRAME_START]: 'An internal AuthError has occurred.',\n [AuthErrorCode.MISSING_IOS_BUNDLE_ID]:\n 'An iOS Bundle ID must be provided if an App Store ID is provided.',\n [AuthErrorCode.MISSING_OR_INVALID_NONCE]:\n 'The request does not contain a valid nonce. This can occur if the ' +\n 'SHA-256 hash of the provided raw nonce does not match the hashed nonce ' +\n 'in the ID token payload.',\n [AuthErrorCode.MISSING_PASSWORD]: 'A non-empty password must be provided',\n [AuthErrorCode.MISSING_MFA_INFO]:\n 'No second factor identifier is provided.',\n [AuthErrorCode.MISSING_MFA_SESSION]:\n 'The request is missing proof of first factor successful sign-in.',\n [AuthErrorCode.MISSING_PHONE_NUMBER]:\n 'To send verification codes, provide a phone number for the recipient.',\n [AuthErrorCode.MISSING_SESSION_INFO]:\n 'The phone auth credential was created with an empty verification ID.',\n [AuthErrorCode.MODULE_DESTROYED]:\n 'This instance of FirebaseApp has been deleted.',\n [AuthErrorCode.MFA_INFO_NOT_FOUND]:\n 'The user does not have a second factor matching the identifier provided.',\n [AuthErrorCode.MFA_REQUIRED]:\n 'Proof of ownership of a second factor is required to complete sign-in.',\n [AuthErrorCode.NEED_CONFIRMATION]:\n 'An account already exists with the same email address but different ' +\n 'sign-in credentials. Sign in using a provider associated with this ' +\n 'email address.',\n [AuthErrorCode.NETWORK_REQUEST_FAILED]:\n 'A network AuthError (such as timeout, interrupted connection or unreachable host) has occurred.',\n [AuthErrorCode.NO_AUTH_EVENT]: 'An internal AuthError has occurred.',\n [AuthErrorCode.NO_SUCH_PROVIDER]:\n 'User was not linked to an account with the given provider.',\n [AuthErrorCode.NULL_USER]:\n 'A null user object was provided as the argument for an operation which ' +\n 'requires a non-null user object.',\n [AuthErrorCode.OPERATION_NOT_ALLOWED]:\n 'The given sign-in provider is disabled for this Firebase project. ' +\n 'Enable it in the Firebase console, under the sign-in method tab of the ' +\n 'Auth section.',\n [AuthErrorCode.OPERATION_NOT_SUPPORTED]:\n 'This operation is not supported in the environment this application is ' +\n 'running on. \"location.protocol\" must be http, https or chrome-extension' +\n ' and web storage must be enabled.',\n [AuthErrorCode.POPUP_BLOCKED]:\n 'Unable to establish a connection with the popup. It may have been blocked by the browser.',\n [AuthErrorCode.POPUP_CLOSED_BY_USER]:\n 'The popup has been closed by the user before finalizing the operation.',\n [AuthErrorCode.PROVIDER_ALREADY_LINKED]:\n 'User can only be linked to one identity for the given provider.',\n [AuthErrorCode.QUOTA_EXCEEDED]:\n \"The project's quota for this operation has been exceeded.\",\n [AuthErrorCode.REDIRECT_CANCELLED_BY_USER]:\n 'The redirect operation has been cancelled by the user before finalizing.',\n [AuthErrorCode.REDIRECT_OPERATION_PENDING]:\n 'A redirect sign-in operation is already pending.',\n [AuthErrorCode.REJECTED_CREDENTIAL]:\n 'The request contains malformed or mismatching credentials.',\n [AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED]:\n 'The second factor is already enrolled on this account.',\n [AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED]:\n 'The maximum allowed number of second factors on a user has been exceeded.',\n [AuthErrorCode.TENANT_ID_MISMATCH]:\n \"The provided tenant ID does not match the Auth instance's tenant ID\",\n [AuthErrorCode.TIMEOUT]: 'The operation has timed out.',\n [AuthErrorCode.TOKEN_EXPIRED]:\n \"The user's credential is no longer valid. The user must sign in again.\",\n [AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER]:\n 'We have blocked all requests from this device due to unusual activity. ' +\n 'Try again later.',\n [AuthErrorCode.UNAUTHORIZED_DOMAIN]:\n 'The domain of the continue URL is not whitelisted. Please whitelist ' +\n 'the domain in the Firebase console.',\n [AuthErrorCode.UNSUPPORTED_FIRST_FACTOR]:\n 'Enrolling a second factor or signing in with a multi-factor account requires sign-in with a supported first factor.',\n [AuthErrorCode.UNSUPPORTED_PERSISTENCE]:\n 'The current environment does not support the specified persistence type.',\n [AuthErrorCode.UNSUPPORTED_TENANT_OPERATION]:\n 'This operation is not supported in a multi-tenant context.',\n [AuthErrorCode.UNVERIFIED_EMAIL]:\n 'The operation requires a verified email.',\n [AuthErrorCode.USER_CANCELLED]:\n 'The user did not grant your application the permissions it requested.',\n [AuthErrorCode.USER_DELETED]:\n 'There is no user record corresponding to this identifier. The user may ' +\n 'have been deleted.',\n [AuthErrorCode.USER_DISABLED]:\n 'The user account has been disabled by an administrator.',\n [AuthErrorCode.USER_MISMATCH]:\n 'The supplied credentials do not correspond to the previously signed in user.',\n [AuthErrorCode.USER_SIGNED_OUT]: '',\n [AuthErrorCode.WEAK_PASSWORD]:\n 'The password must be 6 characters long or more.',\n [AuthErrorCode.WEB_STORAGE_UNSUPPORTED]:\n 'This browser is not supported or 3rd party cookies and data may be disabled.',\n [AuthErrorCode.ALREADY_INITIALIZED]:\n 'initializeAuth() has already been called with ' +\n 'different options. To avoid this error, call initializeAuth() with the ' +\n 'same options as when it was originally called, or call getAuth() to return the' +\n ' already initialized instance.',\n [AuthErrorCode.MISSING_RECAPTCHA_TOKEN]:\n 'The reCAPTCHA token is missing when sending request to the backend.',\n [AuthErrorCode.INVALID_RECAPTCHA_TOKEN]:\n 'The reCAPTCHA token is invalid when sending request to the backend.',\n [AuthErrorCode.INVALID_RECAPTCHA_ACTION]:\n 'The reCAPTCHA action is invalid when sending request to the backend.',\n [AuthErrorCode.RECAPTCHA_NOT_ENABLED]:\n 'reCAPTCHA Enterprise integration is not enabled for this project.',\n [AuthErrorCode.MISSING_CLIENT_TYPE]:\n 'The reCAPTCHA client type is missing when sending request to the backend.',\n [AuthErrorCode.MISSING_RECAPTCHA_VERSION]:\n 'The reCAPTCHA version is missing when sending request to the backend.',\n [AuthErrorCode.INVALID_REQ_TYPE]: 'Invalid request parameters.',\n [AuthErrorCode.INVALID_RECAPTCHA_VERSION]:\n 'The reCAPTCHA version is invalid when sending request to the backend.',\n [AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION]:\n 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',\n [AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS]:\n 'The password does not meet the requirements.'\n };\n}\n\nexport interface ErrorMapRetriever extends AuthErrorMap {\n (): ErrorMap<AuthErrorCode>;\n}\n\nfunction _prodErrorMap(): ErrorMap<AuthErrorCode> {\n // We will include this one message in the prod error map since by the very\n // nature of this error, developers will never be able to see the message\n // using the debugErrorMap (which is installed during auth initialization).\n return {\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]:\n 'Another Firebase SDK was initialized and is trying to use Auth before Auth is ' +\n 'initialized. Please be sure to call `initializeAuth` or `getAuth` before ' +\n 'starting any other Firebase SDK.'\n } as ErrorMap<AuthErrorCode>;\n}\n\n/**\n * A verbose error map with detailed descriptions for most error codes.\n *\n * See discussion at {@link AuthErrorMap}\n *\n * @public\n */\nexport const debugErrorMap: AuthErrorMap = _debugErrorMap;\n\n/**\n * A minimal error map with all verbose error messages stripped.\n *\n * See discussion at {@link AuthErrorMap}\n *\n * @public\n */\nexport const prodErrorMap: AuthErrorMap = _prodErrorMap;\n\nexport interface NamedErrorParams {\n appName: AppName;\n credential?: AuthCredential;\n email?: string;\n phoneNumber?: string;\n tenantId?: string;\n user?: User;\n _serverResponse?: object;\n}\n\n/**\n * @internal\n */\ntype GenericAuthErrorParams = {\n [key in Exclude<\n AuthErrorCode,\n | AuthErrorCode.ARGUMENT_ERROR\n | AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH\n | AuthErrorCode.INTERNAL_ERROR\n | AuthErrorCode.MFA_REQUIRED\n | AuthErrorCode.NO_AUTH_EVENT\n | AuthErrorCode.OPERATION_NOT_SUPPORTED\n >]: {\n appName?: AppName;\n email?: string;\n phoneNumber?: string;\n message?: string;\n };\n};\n\n/**\n * @internal\n */\nexport interface AuthErrorParams extends GenericAuthErrorParams {\n [AuthErrorCode.ARGUMENT_ERROR]: { appName?: AppName };\n [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]: { appName?: AppName };\n [AuthErrorCode.INTERNAL_ERROR]: { appName?: AppName };\n [AuthErrorCode.LOGIN_BLOCKED]: {\n appName?: AppName;\n originalMessage?: string;\n };\n [AuthErrorCode.OPERATION_NOT_SUPPORTED]: { appName?: AppName };\n [AuthErrorCode.NO_AUTH_EVENT]: { appName?: AppName };\n [AuthErrorCode.MFA_REQUIRED]: {\n appName: AppName;\n _serverResponse: IdTokenMfaResponse;\n };\n [AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]: {\n appName: AppName;\n missingPlugin?: string;\n };\n}\n\nexport const _DEFAULT_AUTH_ERROR_FACTORY = new ErrorFactory<\n AuthErrorCode,\n AuthErrorParams\n>('auth', 'Firebase', _prodErrorMap());\n\n/**\n * A map of potential `Auth` error codes, for easier comparison with errors\n * thrown by the SDK.\n *\n * @remarks\n * Note that you can't tree-shake individual keys\n * in the map, so by using the map you might substantially increase your\n * bundle size.\n *\n * @public\n */\nexport const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {\n ADMIN_ONLY_OPERATION: 'auth/admin-restricted-operation',\n ARGUMENT_ERROR: 'auth/argument-error',\n APP_NOT_AUTHORIZED: 'auth/app-not-authorized',\n APP_NOT_INSTALLED: 'auth/app-not-installed',\n CAPTCHA_CHECK_FAILED: 'auth/captcha-check-failed',\n CODE_EXPIRED: 'auth/code-expired',\n CORDOVA_NOT_READY: 'auth/cordova-not-ready',\n CORS_UNSUPPORTED: 'auth/cors-unsupported',\n CREDENTIAL_ALREADY_IN_USE: 'auth/credential-already-in-use',\n CREDENTIAL_MISMATCH: 'auth/custom-token-mismatch',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN: 'auth/requires-recent-login',\n DEPENDENT_SDK_INIT_BEFORE_AUTH: 'auth/dependent-sdk-initialized-before-auth',\n DYNAMIC_LINK_NOT_ACTIVATED: 'auth/dynamic-link-not-activated',\n EMAIL_CHANGE_NEEDS_VERIFICATION: 'auth/email-change-needs-verification',\n EMAIL_EXISTS: 'auth/email-already-in-use',\n EMULATOR_CONFIG_FAILED: 'auth/emulator-config-failed',\n EXPIRED_OOB_CODE: 'auth/expired-action-code',\n EXPIRED_POPUP_REQUEST: 'auth/cancelled-popup-request',\n INTERNAL_ERROR: 'auth/internal-error',\n INVALID_API_KEY: 'auth/invalid-api-key',\n INVALID_APP_CREDENTIAL: 'auth/invalid-app-credential',\n INVALID_APP_ID: 'auth/invalid-app-id',\n INVALID_AUTH: 'auth/invalid-user-token',\n INVALID_AUTH_EVENT: 'auth/invalid-auth-event',\n INVALID_CERT_HASH: 'auth/invalid-cert-hash',\n INVALID_CODE: 'auth/invalid-verification-code',\n INVALID_CONTINUE_URI: 'auth/invalid-continue-uri',\n INVALID_CORDOVA_CONFIGURATION: 'auth/invalid-cordova-configuration',\n INVALID_CUSTOM_TOKEN: 'auth/invalid-custom-token',\n INVALID_DYNAMIC_LINK_DOMAIN: 'auth/invalid-dynamic-link-domain',\n INVALID_EMAIL: 'auth/invalid-email',\n INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',\n INVALID_IDP_RESPONSE: 'auth/invalid-credential',\n INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',\n INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',\n INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',\n INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',\n INVALID_OAUTH_PROVIDER: 'auth/invalid-oauth-provider',\n INVALID_OOB_CODE: 'auth/invalid-action-code',\n INVALID_ORIGIN: 'auth/unauthorized-domain',\n INVALID_PASSWORD: 'auth/wrong-password',\n INVALID_PERSISTENCE: 'auth/invalid-persistence-type',\n INVALID_PHONE_NUMBER: 'auth/invalid-phone-number',\n INVALID_PROVIDER_ID: 'auth/invalid-provider-id',\n INVALID_RECIPIENT_EMAIL: 'auth/invalid-recipient-email',\n INVALID_SENDER: 'auth/invalid-sender',\n INVALID_SESSION_INFO: 'auth/invalid-verification-id',\n INVALID_TENANT_ID: 'auth/invalid-tenant-id',\n MFA_INFO_NOT_FOUND: 'auth/multi-factor-info-not-found',\n MFA_REQUIRED: 'auth/multi-factor-auth-required',\n MISSING_ANDROID_PACKAGE_NAME: 'auth/missing-android-pkg-name',\n MISSING_APP_CREDENTIAL: 'auth/missing-app-credential',\n MISSING_AUTH_DOMAIN: 'auth/auth-domain-config-required',\n MISSING_CODE: 'auth/missing-verification-code',\n MISSING_CONTINUE_URI: 'auth/missing-continue-uri',\n MISSING_IFRAME_START: 'auth/missing-iframe-start',\n MISSING_IOS_BUNDLE_ID: 'auth/missing-ios-bundle-id',\n MISSING_OR_INVALID_NONCE: 'auth/missing-or-invalid-nonce',\n MISSING_MFA_INFO: 'auth/missing-multi-factor-info',\n MISSING_MFA_SESSION: 'auth/missing-multi-factor-session',\n MISSING_PHONE_NUMBER: 'auth/missing-phone-number',\n MISSING_SESSION_INFO: 'auth/missing-verification-id',\n MODULE_DESTROYED: 'auth/app-deleted',\n NEED_CONFIRMATION: 'auth/account-exists-with-different-credential',\n NETWORK_REQUEST_FAILED: 'auth/network-request-failed',\n NULL_USER: 'auth/null-user',\n NO_AUTH_EVENT: 'auth/no-auth-event',\n NO_SUCH_PROVIDER: 'auth/no-such-provider',\n OPERATION_NOT_ALLOWED: 'auth/operation-not-allowed',\n OPERATION_NOT_SUPPORTED: 'auth/operation-not-supported-in-this-environment',\n POPUP_BLOCKED: 'auth/popup-blocked',\n POPUP_CLOSED_BY_USER: 'auth/popup-closed-by-user',\n PROVIDER_ALREADY_LINKED: 'auth/provider-already-linked',\n QUOTA_EXCEEDED: 'auth/quota-exceeded',\n REDIRECT_CANCELLED_BY_USER: 'auth/redirect-cancelled-by-user',\n REDIRECT_OPERATION_PENDING: 'auth/redirect-operation-pending',\n REJECTED_CREDENTIAL: 'auth/rejected-credential',\n SECOND_FACTOR_ALREADY_ENROLLED: 'auth/second-factor-already-in-use',\n SECOND_FACTOR_LIMIT_EXCEEDED: 'auth/maximum-second-factor-count-exceeded',\n TENANT_ID_MISMATCH: 'auth/tenant-id-mismatch',\n TIMEOUT: 'auth/timeout',\n TOKEN_EXPIRED: 'auth/user-token-expired',\n TOO_MANY_ATTEMPTS_TRY_LATER: 'auth/too-many-requests',\n UNAUTHORIZED_DOMAIN: 'auth/unauthorized-continue-uri',\n UNSUPPORTED_FIRST_FACTOR: 'auth/unsupported-first-factor',\n UNSUPPORTED_PERSISTENCE: 'auth/unsupported-persistence-type',\n UNSUPPORTED_TENANT_OPERATION: 'auth/unsupported-tenant-operation',\n UNVERIFIED_EMAIL: 'auth/unverified-email',\n USER_CANCELLED: 'auth/user-cancelled',\n USER_DELETED: 'auth/user-not-found',\n USER_DISABLED: 'auth/user-disabled',\n USER_MISMATCH: 'auth/user-mismatch',\n USER_SIGNED_OUT: 'auth/user-signed-out',\n WEAK_PASSWORD: 'auth/weak-password',\n WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',\n ALREADY_INITIALIZED: 'auth/already-initialized',\n RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',\n MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',\n INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',\n INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',\n MISSING_CLIENT_TYPE: 'auth/missing-client-type',\n MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',\n INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',\n INVALID_REQ_TYPE: 'auth/invalid-req-type'\n} as const;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Logger, LogLevel } from '@firebase/logger';\nimport { SDK_VERSION } from '@firebase/app';\n\nexport { LogLevel };\n\nconst logClient = new Logger('@firebase/auth');\n\n// Helper methods are needed because variables can't be exported as read/write\nexport function _getLogLevel(): LogLevel {\n return logClient.logLevel;\n}\n\nexport function _setLogLevel(newLevel: LogLevel): void {\n logClient.logLevel = newLevel;\n}\n\nexport function _logDebug(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.DEBUG) {\n logClient.debug(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n\nexport function _logWarn(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.WARN) {\n logClient.warn(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n\nexport function _logError(msg: string, ...args: string[]): void {\n if (logClient.logLevel <= LogLevel.ERROR) {\n logClient.error(`Auth (${SDK_VERSION}): ${msg}`, ...args);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth } from '../../model/public_types';\nimport { ErrorFactory, FirebaseError } from '@firebase/util';\nimport { AuthInternal } from '../../model/auth';\nimport {\n _DEFAULT_AUTH_ERROR_FACTORY,\n AuthErrorCode,\n AuthErrorParams,\n prodErrorMap,\n ErrorMapRetriever\n} from '../errors';\nimport { _logError } from './log';\n\ntype AuthErrorListParams<K> = K extends keyof AuthErrorParams\n ? [AuthErrorParams[K]]\n : [];\ntype LessAppName<K extends AuthErrorCode> = Omit<AuthErrorParams[K], 'appName'>;\n\n/**\n * Unconditionally fails, throwing a developer facing INTERNAL_ERROR\n *\n * @example\n * ```javascript\n * fail(auth, AuthErrorCode.MFA_REQUIRED); // Error: the MFA_REQUIRED error needs more params than appName\n * fail(auth, AuthErrorCode.MFA_REQUIRED, {serverResponse}); // Compiles\n * fail(AuthErrorCode.INTERNAL_ERROR); // Compiles; internal error does not need appName\n * fail(AuthErrorCode.USER_DELETED); // Error: USER_DELETED requires app name\n * fail(auth, AuthErrorCode.USER_DELETED); // Compiles; USER_DELETED _only_ needs app name\n * ```\n *\n * @param appName App name for tagging the error\n * @throws FirebaseError\n */\nexport function _fail<K extends AuthErrorCode>(\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): never;\nexport function _fail<K extends AuthErrorCode>(\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): never;\nexport function _fail<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): never {\n throw createErrorInternal(authOrCode, ...rest);\n}\n\nexport function _createError<K extends AuthErrorCode>(\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): FirebaseError;\nexport function _createError<K extends AuthErrorCode>(\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): FirebaseError;\nexport function _createError<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): FirebaseError {\n return createErrorInternal(authOrCode, ...rest);\n}\n\nexport function _errorWithCustomMessage(\n auth: Auth,\n code: AuthErrorCode,\n message: string\n): FirebaseError {\n const errorMap = {\n ...(prodErrorMap as ErrorMapRetriever)(),\n [code]: message\n };\n const factory = new ErrorFactory<AuthErrorCode, AuthErrorParams>(\n 'auth',\n 'Firebase',\n errorMap\n );\n return factory.create(code, {\n appName: auth.name\n });\n}\n\nexport function _assertInstanceOf(\n auth: Auth,\n object: object,\n instance: unknown\n): void {\n const constructorInstance = instance as { new (...args: unknown[]): unknown };\n if (!(object instanceof constructorInstance)) {\n if (constructorInstance.name !== object.constructor.name) {\n _fail(auth, AuthErrorCode.ARGUMENT_ERROR);\n }\n\n throw _errorWithCustomMessage(\n auth,\n AuthErrorCode.ARGUMENT_ERROR,\n `Type of ${object.constructor.name} does not match expected instance.` +\n `Did you pass a reference from a different Auth SDK?`\n );\n }\n}\n\nfunction createErrorInternal<K extends AuthErrorCode>(\n authOrCode: Auth | K,\n ...rest: unknown[]\n): FirebaseError {\n if (typeof authOrCode !== 'string') {\n const code = rest[0] as K;\n const fullParams = [...rest.slice(1)] as AuthErrorListParams<K>;\n if (fullParams[0]) {\n fullParams[0].appName = authOrCode.name;\n }\n\n return (authOrCode as AuthInternal)._errorFactory.create(\n code,\n ...fullParams\n );\n }\n\n return _DEFAULT_AUTH_ERROR_FACTORY.create(\n authOrCode,\n ...(rest as AuthErrorListParams<K>)\n );\n}\n\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n code: K,\n ...data: {} extends AuthErrorParams[K]\n ? [AuthErrorParams[K]?]\n : [AuthErrorParams[K]]\n): asserts assertion;\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n auth: Auth,\n code: K,\n ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]\n): asserts assertion;\nexport function _assert<K extends AuthErrorCode>(\n assertion: unknown,\n authOrCode: Auth | K,\n ...rest: unknown[]\n): asserts assertion {\n if (!assertion) {\n throw createErrorInternal(authOrCode, ...rest);\n }\n}\n\n// We really do want to accept literally any function type here\n// eslint-disable-next-line @typescript-eslint/ban-types\ntype TypeExpectation = Function | string | MapType;\n\ninterface MapType extends Record<string, TypeExpectation | Optional> {}\n\nclass Optional {\n constructor(readonly type: TypeExpectation) {}\n}\n\nexport function opt(type: TypeExpectation): Optional {\n return new Optional(type);\n}\n\n/**\n * Asserts the runtime types of arguments. The 'expected' field can be one of\n * a class, a string (representing a \"typeof\" call), or a record map of name\n * to type. Furthermore, the opt() function can be used to mark a field as\n * optional. For example:\n *\n * function foo(auth: Auth, profile: {displayName?: string}, update = false) {\n * assertTypes(arguments, [AuthImpl, {displayName: opt('string')}, opt('boolean')]);\n * }\n *\n * opt() can be used for any type:\n * function foo(auth?: Auth) {\n * assertTypes(arguments, [opt(AuthImpl)]);\n * }\n *\n * The string types can be or'd together, and you can use \"null\" as well (note\n * that typeof null === 'object'; this is an edge case). For example:\n *\n * function foo(profile: {displayName?: string | null}) {\n * assertTypes(arguments, [{displayName: opt('string|null')}]);\n * }\n *\n * @param args\n * @param expected\n */\nexport function assertTypes(\n args: Omit<IArguments, 'callee'>,\n ...expected: Array<TypeExpectation | Optional>\n): void {\n if (args.length > expected.length) {\n _fail(AuthErrorCode.ARGUMENT_ERROR, {});\n }\n\n for (let i = 0; i < expected.length; i++) {\n let expect = expected[i];\n const arg = args[i];\n\n if (expect instanceof Optional) {\n // If the arg is undefined, then it matches \"optional\" and we can move to\n // the next arg\n if (typeof arg === 'undefined') {\n continue;\n }\n expect = expect.type;\n }\n\n if (typeof expect === 'string') {\n // Handle the edge case for null because typeof null === 'object'\n if (expect.includes('null') && arg === null) {\n continue;\n }\n\n const required = expect.split('|');\n _assert(required.includes(typeof arg), AuthErrorCode.ARGUMENT_ERROR, {});\n } else if (typeof expect === 'object') {\n // Recursively check record arguments\n const record = arg as Record<string, unknown>;\n const map = expect as MapType;\n const keys = Object.keys(expect);\n\n assertTypes(\n keys.map(k => record[k]),\n ...keys.map(k => map[k])\n );\n } else {\n _assert(arg instanceof expect, AuthErrorCode.ARGUMENT_ERROR, {});\n }\n }\n}\n\n/**\n * Unconditionally fails, throwing an internal error with the given message.\n *\n * @param failure type of failure encountered\n * @throws Error\n */\nexport function debugFail(failure: string): never {\n // Log the failure in addition to throw an exception, just in case the\n // exception is swallowed.\n const message = `INTERNAL ASSERTION FAILED: ` + failure;\n _logError(message);\n\n // NOTE: We don't use FirebaseError here because these are internal failures\n // that cannot be handled by the user. (Also it would create a circular\n // dependency between the error and assert modules which doesn't work.)\n throw new Error(message);\n}\n\n/**\n * Fails if the given assertion condition is false, throwing an Error with the\n * given message if it did.\n *\n * @param assertion\n * @param message\n */\nexport function debugAssert(\n assertion: unknown,\n message: string\n): asserts assertion {\n if (!assertion) {\n debugFail(message);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function _getCurrentUrl(): string {\n return (typeof self !== 'undefined' && self.location?.href) || '';\n}\n\nexport function _isHttpOrHttps(): boolean {\n return _getCurrentScheme() === 'http:' || _getCurrentScheme() === 'https:';\n}\n\nexport function _getCurrentScheme(): string | null {\n return (typeof self !== 'undefined' && self.location?.protocol) || null;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isBrowserExtension } from '@firebase/util';\nimport { _isHttpOrHttps } from './location';\n\n/**\n * Determine whether the browser is working online\n */\nexport function _isOnline(): boolean {\n if (\n typeof navigator !== 'undefined' &&\n navigator &&\n 'onLine' in navigator &&\n typeof navigator.onLine === 'boolean' &&\n // Apply only for traditional web apps and Chrome extensions.\n // This is especially true for Cordova apps which have unreliable\n // navigator.onLine behavior unless cordova-plugin-network-information is\n // installed which overwrites the native navigator.onLine value and\n // defines navigator.connection.\n (_isHttpOrHttps() || isBrowserExtension() || 'connection' in navigator)\n ) {\n return navigator.onLine;\n }\n // If we can't determine the state, assume it is online.\n return true;\n}\n\nexport function _getUserLanguage(): string | null {\n if (typeof navigator === 'undefined') {\n return null;\n }\n const navigatorLanguage: NavigatorLanguage = navigator;\n return (\n // Most reliable, but only supported in Chrome/Firefox.\n (navigatorLanguage.languages && navigatorLanguage.languages[0]) ||\n // Supported in most browsers, but returns the language of the browser\n // UI, not the language set in browser settings.\n navigatorLanguage.language ||\n // Couldn't determine language.\n null\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isMobileCordova, isReactNative } from '@firebase/util';\nimport { _isOnline } from './navigator';\nimport { debugAssert } from './assert';\n\nexport const enum DelayMin {\n OFFLINE = 5000\n}\n\n/**\n * A structure to help pick between a range of long and short delay durations\n * depending on the current environment. In general, the long delay is used for\n * mobile environments whereas short delays are used for desktop environments.\n */\nexport class Delay {\n // The default value for the offline delay timeout in ms.\n\n private readonly isMobile: boolean;\n constructor(\n private readonly shortDelay: number,\n private readonly longDelay: number\n ) {\n // Internal error when improperly initialized.\n debugAssert(\n longDelay > shortDelay,\n 'Short delay should be less than long delay!'\n );\n this.isMobile = isMobileCordova() || isReactNative();\n }\n\n get(): number {\n if (!_isOnline()) {\n // Pick the shorter timeout.\n return Math.min(DelayMin.OFFLINE, this.shortDelay);\n }\n // If running in a mobile environment, return the long delay, otherwise\n // return the short delay.\n // This could be improved in the future to dynamically change based on other\n // variables instead of just reading the current environment.\n return this.isMobile ? this.longDelay : this.shortDelay;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ConfigInternal } from '../../model/auth';\nimport { debugAssert } from './assert';\n\nexport function _emulatorUrl(config: ConfigInternal, path?: string): string {\n debugAssert(config.emulator, 'Emulator should always be set here');\n const { url } = config.emulator;\n\n if (!path) {\n return url;\n }\n\n return `${url}${path.startsWith('/') ? path.slice(1) : path}`;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { debugFail } from './assert';\n\nexport class FetchProvider {\n private static fetchImpl: typeof fetch | null;\n private static headersImpl: typeof Headers | null;\n private static responseImpl: typeof Response | null;\n\n static initialize(\n fetchImpl: typeof fetch,\n headersImpl?: typeof Headers,\n responseImpl?: typeof Response\n ): void {\n this.fetchImpl = fetchImpl;\n if (headersImpl) {\n this.headersImpl = headersImpl;\n }\n if (responseImpl) {\n this.responseImpl = responseImpl;\n }\n }\n\n static fetch(): typeof fetch {\n if (this.fetchImpl) {\n return this.fetchImpl;\n }\n if (typeof self !== 'undefined' && 'fetch' in self) {\n return self.fetch;\n }\n if (typeof globalThis !== 'undefined' && globalThis.fetch) {\n return globalThis.fetch;\n }\n if (typeof fetch !== 'undefined') {\n return fetch;\n }\n debugFail(\n 'Could not find fetch implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n\n static headers(): typeof Headers {\n if (this.headersImpl) {\n return this.headersImpl;\n }\n if (typeof self !== 'undefined' && 'Headers' in self) {\n return self.Headers;\n }\n if (typeof globalThis !== 'undefined' && globalThis.Headers) {\n return globalThis.Headers;\n }\n if (typeof Headers !== 'undefined') {\n return Headers;\n }\n debugFail(\n 'Could not find Headers implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n\n static response(): typeof Response {\n if (this.responseImpl) {\n return this.responseImpl;\n }\n if (typeof self !== 'undefined' && 'Response' in self) {\n return self.Response;\n }\n if (typeof globalThis !== 'undefined' && globalThis.Response) {\n return globalThis.Response;\n }\n if (typeof Response !== 'undefined') {\n return Response;\n }\n debugFail(\n 'Could not find Response implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill'\n );\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../core/errors';\n\n/**\n * Errors that can be returned by the backend\n */\nexport const enum ServerError {\n ADMIN_ONLY_OPERATION = 'ADMIN_ONLY_OPERATION',\n BLOCKING_FUNCTION_ERROR_RESPONSE = 'BLOCKING_FUNCTION_ERROR_RESPONSE',\n CAPTCHA_CHECK_FAILED = 'CAPTCHA_CHECK_FAILED',\n CORS_UNSUPPORTED = 'CORS_UNSUPPORTED',\n CREDENTIAL_MISMATCH = 'CREDENTIAL_MISMATCH',\n CREDENTIAL_TOO_OLD_LOGIN_AGAIN = 'CREDENTIAL_TOO_OLD_LOGIN_AGAIN',\n DYNAMIC_LINK_NOT_ACTIVATED = 'DYNAMIC_LINK_NOT_ACTIVATED',\n EMAIL_CHANGE_NEEDS_VERIFICATION = 'EMAIL_CHANGE_NEEDS_VERIFICATION',\n EMAIL_EXISTS = 'EMAIL_EXISTS',\n EMAIL_NOT_FOUND = 'EMAIL_NOT_FOUND',\n EXPIRED_OOB_CODE = 'EXPIRED_OOB_CODE',\n FEDERATED_USER_ID_ALREADY_LINKED = 'FEDERATED_USER_ID_ALREADY_LINKED',\n INVALID_APP_CREDENTIAL = 'INVALID_APP_CREDENTIAL',\n INVALID_APP_ID = 'INVALID_APP_ID',\n INVALID_CERT_HASH = 'INVALID_CERT_HASH',\n INVALID_CODE = 'INVALID_CODE',\n INVALID_CONTINUE_URI = 'INVALID_CONTINUE_URI',\n INVALID_CUSTOM_TOKEN = 'INVALID_CUSTOM_TOKEN',\n INVALID_DYNAMIC_LINK_DOMAIN = 'INVALID_DYNAMIC_LINK_DOMAIN',\n INVALID_EMAIL = 'INVALID_EMAIL',\n INVALID_ID_TOKEN = 'INVALID_ID_TOKEN',\n INVALID_IDP_RESPONSE = 'INVALID_IDP_RESPONSE',\n INVALID_IDENTIFIER = 'INVALID_IDENTIFIER',\n INVALID_LOGIN_CREDENTIALS = 'INVALID_LOGIN_CREDENTIALS',\n INVALID_MESSAGE_PAYLOAD = 'INVALID_MESSAGE_PAYLOAD',\n INVALID_MFA_PENDING_CREDENTIAL = 'INVALID_MFA_PENDING_CREDENTIAL',\n INVALID_OAUTH_CLIENT_ID = 'INVALID_OAUTH_CLIENT_ID',\n INVALID_OOB_CODE = 'INVALID_OOB_CODE',\n INVALID_PASSWORD = 'INVALID_PASSWORD',\n INVALID_PENDING_TOKEN = 'INVALID_PENDING_TOKEN',\n INVALID_PHONE_NUMBER = 'INVALID_PHONE_NUMBER',\n INVALID_PROVIDER_ID = 'INVALID_PROVIDER_ID',\n INVALID_RECIPIENT_EMAIL = 'INVALID_RECIPIENT_EMAIL',\n INVALID_SENDER = 'INVALID_SENDER',\n INVALID_SESSION_INFO = 'INVALID_SESSION_INFO',\n INVALID_TEMPORARY_PROOF = 'INVALID_TEMPORARY_PROOF',\n INVALID_TENANT_ID = 'INVALID_TENANT_ID',\n MFA_ENROLLMENT_NOT_FOUND = 'MFA_ENROLLMENT_NOT_FOUND',\n MISSING_ANDROID_PACKAGE_NAME = 'MISSING_ANDROID_PACKAGE_NAME',\n MISSING_APP_CREDENTIAL = 'MISSING_APP_CREDENTIAL',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_CONTINUE_URI = 'MISSING_CONTINUE_URI',\n MISSING_CUSTOM_TOKEN = 'MISSING_CUSTOM_TOKEN',\n MISSING_IOS_BUNDLE_ID = 'MISSING_IOS_BUNDLE_ID',\n MISSING_MFA_ENROLLMENT_ID = 'MISSING_MFA_ENROLLMENT_ID',\n MISSING_MFA_PENDING_CREDENTIAL = 'MISSING_MFA_PENDING_CREDENTIAL',\n MISSING_OOB_CODE = 'MISSING_OOB_CODE',\n MISSING_OR_INVALID_NONCE = 'MISSING_OR_INVALID_NONCE',\n MISSING_PASSWORD = 'MISSING_PASSWORD',\n MISSING_REQ_TYPE = 'MISSING_REQ_TYPE',\n MISSING_PHONE_NUMBER = 'MISSING_PHONE_NUMBER',\n MISSING_SESSION_INFO = 'MISSING_SESSION_INFO',\n OPERATION_NOT_ALLOWED = 'OPERATION_NOT_ALLOWED',\n PASSWORD_LOGIN_DISABLED = 'PASSWORD_LOGIN_DISABLED',\n QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n RESET_PASSWORD_EXCEED_LIMIT = 'RESET_PASSWORD_EXCEED_LIMIT',\n REJECTED_CREDENTIAL = 'REJECTED_CREDENTIAL',\n SECOND_FACTOR_EXISTS = 'SECOND_FACTOR_EXISTS',\n SECOND_FACTOR_LIMIT_EXCEEDED = 'SECOND_FACTOR_LIMIT_EXCEEDED',\n SESSION_EXPIRED = 'SESSION_EXPIRED',\n TENANT_ID_MISMATCH = 'TENANT_ID_MISMATCH',\n TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n TOO_MANY_ATTEMPTS_TRY_LATER = 'TOO_MANY_ATTEMPTS_TRY_LATER',\n UNSUPPORTED_FIRST_FACTOR = 'UNSUPPORTED_FIRST_FACTOR',\n UNSUPPORTED_TENANT_OPERATION = 'UNSUPPORTED_TENANT_OPERATION',\n UNAUTHORIZED_DOMAIN = 'UNAUTHORIZED_DOMAIN',\n UNVERIFIED_EMAIL = 'UNVERIFIED_EMAIL',\n USER_CANCELLED = 'USER_CANCELLED',\n USER_DISABLED = 'USER_DISABLED',\n USER_NOT_FOUND = 'USER_NOT_FOUND',\n WEAK_PASSWORD = 'WEAK_PASSWORD',\n RECAPTCHA_NOT_ENABLED = 'RECAPTCHA_NOT_ENABLED',\n MISSING_RECAPTCHA_TOKEN = 'MISSING_RECAPTCHA_TOKEN',\n INVALID_RECAPTCHA_TOKEN = 'INVALID_RECAPTCHA_TOKEN',\n INVALID_RECAPTCHA_ACTION = 'INVALID_RECAPTCHA_ACTION',\n MISSING_CLIENT_TYPE = 'MISSING_CLIENT_TYPE',\n MISSING_RECAPTCHA_VERSION = 'MISSING_RECAPTCHA_VERSION',\n INVALID_RECAPTCHA_VERSION = 'INVALID_RECAPTCHA_VERSION',\n INVALID_REQ_TYPE = 'INVALID_REQ_TYPE',\n PASSWORD_DOES_NOT_MEET_REQUIREMENTS = 'PASSWORD_DOES_NOT_MEET_REQUIREMENTS'\n}\n\n/**\n * API Response in the event of an error\n */\nexport interface JsonError {\n error: {\n code: number;\n message: string;\n errors?: [\n {\n message: ServerError;\n domain: string;\n reason: string;\n }\n ];\n };\n}\n\n/**\n * Type definition for a map from server errors to developer visible errors\n */\nexport declare type ServerErrorMap<ApiError extends string> = {\n readonly [K in ApiError]: AuthErrorCode;\n};\n\n/**\n * Map from errors returned by the server to errors to developer visible errors\n */\nexport const SERVER_ERROR_MAP: Partial<ServerErrorMap<ServerError>> = {\n // Custom token errors.\n [ServerError.CREDENTIAL_MISMATCH]: AuthErrorCode.CREDENTIAL_MISMATCH,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_CUSTOM_TOKEN]: AuthErrorCode.INTERNAL_ERROR,\n\n // Create Auth URI errors.\n [ServerError.INVALID_IDENTIFIER]: AuthErrorCode.INVALID_EMAIL,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_CONTINUE_URI]: AuthErrorCode.INTERNAL_ERROR,\n\n // Sign in with email and password errors (some apply to sign up too).\n [ServerError.INVALID_PASSWORD]: AuthErrorCode.INVALID_PASSWORD,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_PASSWORD]: AuthErrorCode.MISSING_PASSWORD,\n // Thrown if Email Enumeration Protection is enabled in the project and the email or password is\n // invalid.\n [ServerError.INVALID_LOGIN_CREDENTIALS]: AuthErrorCode.INVALID_CREDENTIAL,\n\n // Sign up with email and password errors.\n [ServerError.EMAIL_EXISTS]: AuthErrorCode.EMAIL_EXISTS,\n [ServerError.PASSWORD_LOGIN_DISABLED]: AuthErrorCode.OPERATION_NOT_ALLOWED,\n\n // Verify assertion for sign in with credential errors:\n [ServerError.INVALID_IDP_RESPONSE]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.INVALID_PENDING_TOKEN]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.FEDERATED_USER_ID_ALREADY_LINKED]:\n AuthErrorCode.CREDENTIAL_ALREADY_IN_USE,\n\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_REQ_TYPE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Send Password reset email errors:\n [ServerError.EMAIL_NOT_FOUND]: AuthErrorCode.USER_DELETED,\n [ServerError.RESET_PASSWORD_EXCEED_LIMIT]:\n AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER,\n\n [ServerError.EXPIRED_OOB_CODE]: AuthErrorCode.EXPIRED_OOB_CODE,\n [ServerError.INVALID_OOB_CODE]: AuthErrorCode.INVALID_OOB_CODE,\n // This can only happen if the SDK sends a bad request.\n [ServerError.MISSING_OOB_CODE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Operations that require ID token in request:\n [ServerError.CREDENTIAL_TOO_OLD_LOGIN_AGAIN]:\n AuthErrorCode.CREDENTIAL_TOO_OLD_LOGIN_AGAIN,\n [ServerError.INVALID_ID_TOKEN]: AuthErrorCode.INVALID_AUTH,\n [ServerError.TOKEN_EXPIRED]: AuthErrorCode.TOKEN_EXPIRED,\n [ServerError.USER_NOT_FOUND]: AuthErrorCode.TOKEN_EXPIRED,\n\n // Other errors.\n [ServerError.TOO_MANY_ATTEMPTS_TRY_LATER]:\n AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER,\n [ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS]:\n AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS,\n\n // Phone Auth related errors.\n [ServerError.INVALID_CODE]: AuthErrorCode.INVALID_CODE,\n [ServerError.INVALID_SESSION_INFO]: AuthErrorCode.INVALID_SESSION_INFO,\n [ServerError.INVALID_TEMPORARY_PROOF]: AuthErrorCode.INVALID_CREDENTIAL,\n [ServerError.MISSING_SESSION_INFO]: AuthErrorCode.MISSING_SESSION_INFO,\n [ServerError.SESSION_EXPIRED]: AuthErrorCode.CODE_EXPIRED,\n\n // Other action code errors when additional settings passed.\n // MISSING_CONTINUE_URI is getting mapped to INTERNAL_ERROR above.\n // This is OK as this error will be caught by client side validation.\n [ServerError.MISSING_ANDROID_PACKAGE_NAME]:\n AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME,\n [ServerError.UNAUTHORIZED_DOMAIN]: AuthErrorCode.UNAUTHORIZED_DOMAIN,\n\n // getProjectConfig errors when clientId is passed.\n [ServerError.INVALID_OAUTH_CLIENT_ID]: AuthErrorCode.INVALID_OAUTH_CLIENT_ID,\n\n // User actions (sign-up or deletion) disabled errors.\n [ServerError.ADMIN_ONLY_OPERATION]: AuthErrorCode.ADMIN_ONLY_OPERATION,\n\n // Multi factor related errors.\n [ServerError.INVALID_MFA_PENDING_CREDENTIAL]:\n AuthErrorCode.INVALID_MFA_SESSION,\n [ServerError.MFA_ENROLLMENT_NOT_FOUND]: AuthErrorCode.MFA_INFO_NOT_FOUND,\n [ServerError.MISSING_MFA_ENROLLMENT_ID]: AuthErrorCode.MISSING_MFA_INFO,\n [ServerError.MISSING_MFA_PENDING_CREDENTIAL]:\n AuthErrorCode.MISSING_MFA_SESSION,\n [ServerError.SECOND_FACTOR_EXISTS]:\n AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED,\n [ServerError.SECOND_FACTOR_LIMIT_EXCEEDED]:\n AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED,\n\n // Blocking functions related errors.\n [ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE]: AuthErrorCode.INTERNAL_ERROR,\n\n // Recaptcha related errors.\n [ServerError.RECAPTCHA_NOT_ENABLED]: AuthErrorCode.RECAPTCHA_NOT_ENABLED,\n [ServerError.MISSING_RECAPTCHA_TOKEN]: AuthErrorCode.MISSING_RECAPTCHA_TOKEN,\n [ServerError.INVALID_RECAPTCHA_TOKEN]: AuthErrorCode.INVALID_RECAPTCHA_TOKEN,\n [ServerError.INVALID_RECAPTCHA_ACTION]:\n AuthErrorCode.INVALID_RECAPTCHA_ACTION,\n [ServerError.MISSING_CLIENT_TYPE]: AuthErrorCode.MISSING_CLIENT_TYPE,\n [ServerError.MISSING_RECAPTCHA_VERSION]:\n AuthErrorCode.MISSING_RECAPTCHA_VERSION,\n [ServerError.INVALID_RECAPTCHA_VERSION]:\n AuthErrorCode.INVALID_RECAPTCHA_VERSION,\n [ServerError.INVALID_REQ_TYPE]: AuthErrorCode.INVALID_REQ_TYPE\n};\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError, querystring } from '@firebase/util';\n\nimport { AuthErrorCode, NamedErrorParams } from '../core/errors';\nimport {\n _createError,\n _errorWithCustomMessage,\n _fail\n} from '../core/util/assert';\nimport { Delay } from '../core/util/delay';\nimport { _emulatorUrl } from '../core/util/emulator';\nimport { FetchProvider } from '../core/util/fetch_provider';\nimport { Auth } from '../model/public_types';\nimport { AuthInternal, ConfigInternal } from '../model/auth';\nimport { IdTokenResponse, TaggedWithTokenResponse } from '../model/id_token';\nimport { IdTokenMfaResponse } from './authentication/mfa';\nimport { SERVER_ERROR_MAP, ServerError, ServerErrorMap } from './errors';\n\nexport const enum HttpMethod {\n POST = 'POST',\n GET = 'GET'\n}\n\nexport const enum HttpHeader {\n CONTENT_TYPE = 'Content-Type',\n X_FIREBASE_LOCALE = 'X-Firebase-Locale',\n X_CLIENT_VERSION = 'X-Client-Version',\n X_FIREBASE_GMPID = 'X-Firebase-gmpid',\n X_FIREBASE_CLIENT = 'X-Firebase-Client',\n X_FIREBASE_APP_CHECK = 'X-Firebase-AppCheck'\n}\n\nexport const enum Endpoint {\n CREATE_AUTH_URI = '/v1/accounts:createAuthUri',\n DELETE_ACCOUNT = '/v1/accounts:delete',\n RESET_PASSWORD = '/v1/accounts:resetPassword',\n SIGN_UP = '/v1/accounts:signUp',\n SIGN_IN_WITH_CUSTOM_TOKEN = '/v1/accounts:signInWithCustomToken',\n SIGN_IN_WITH_EMAIL_LINK = '/v1/accounts:signInWithEmailLink',\n SIGN_IN_WITH_IDP = '/v1/accounts:signInWithIdp',\n SIGN_IN_WITH_PASSWORD = '/v1/accounts:signInWithPassword',\n SIGN_IN_WITH_PHONE_NUMBER = '/v1/accounts:signInWithPhoneNumber',\n SEND_VERIFICATION_CODE = '/v1/accounts:sendVerificationCode',\n SEND_OOB_CODE = '/v1/accounts:sendOobCode',\n SET_ACCOUNT_INFO = '/v1/accounts:update',\n GET_ACCOUNT_INFO = '/v1/accounts:lookup',\n GET_RECAPTCHA_PARAM = '/v1/recaptchaParams',\n START_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:start',\n FINALIZE_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:finalize',\n START_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:start',\n FINALIZE_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:finalize',\n WITHDRAW_MFA = '/v2/accounts/mfaEnrollment:withdraw',\n GET_PROJECT_CONFIG = '/v1/projects',\n GET_RECAPTCHA_CONFIG = '/v2/recaptchaConfig',\n GET_PASSWORD_POLICY = '/v2/passwordPolicy',\n TOKEN = '/v1/token',\n REVOKE_TOKEN = '/v2/accounts:revokeToken'\n}\n\nexport const enum RecaptchaClientType {\n WEB = 'CLIENT_TYPE_WEB',\n ANDROID = 'CLIENT_TYPE_ANDROID',\n IOS = 'CLIENT_TYPE_IOS'\n}\n\nexport const enum RecaptchaVersion {\n ENTERPRISE = 'RECAPTCHA_ENTERPRISE'\n}\n\nexport const enum RecaptchaActionName {\n SIGN_IN_WITH_PASSWORD = 'signInWithPassword',\n GET_OOB_CODE = 'getOobCode',\n SIGN_UP_PASSWORD = 'signUpPassword'\n}\n\nexport const enum EnforcementState {\n ENFORCE = 'ENFORCE',\n AUDIT = 'AUDIT',\n OFF = 'OFF',\n ENFORCEMENT_STATE_UNSPECIFIED = 'ENFORCEMENT_STATE_UNSPECIFIED'\n}\n\n// Providers that have reCAPTCHA Enterprise support.\nexport const enum RecaptchaProvider {\n EMAIL_PASSWORD_PROVIDER = 'EMAIL_PASSWORD_PROVIDER'\n}\n\nexport const DEFAULT_API_TIMEOUT_MS = new Delay(30_000, 60_000);\n\nexport function _addTidIfNecessary<T extends { tenantId?: string }>(\n auth: Auth,\n request: T\n): T {\n if (auth.tenantId && !request.tenantId) {\n return {\n ...request,\n tenantId: auth.tenantId\n };\n }\n return request;\n}\n\nexport async function _performApiRequest<T, V>(\n auth: Auth,\n method: HttpMethod,\n path: Endpoint,\n request?: T,\n customErrorMap: Partial<ServerErrorMap<ServerError>> = {}\n): Promise<V> {\n return _performFetchWithErrorHandling(auth, customErrorMap, async () => {\n let body = {};\n let params = {};\n if (request) {\n if (method === HttpMethod.GET) {\n params = request;\n } else {\n body = {\n body: JSON.stringify(request)\n };\n }\n }\n\n const query = querystring({\n key: auth.config.apiKey,\n ...params\n }).slice(1);\n\n const headers = await (auth as AuthInternal)._getAdditionalHeaders();\n headers[HttpHeader.CONTENT_TYPE] = 'application/json';\n\n if (auth.languageCode) {\n headers[HttpHeader.X_FIREBASE_LOCALE] = auth.languageCode;\n }\n\n return FetchProvider.fetch()(\n _getFinalTarget(auth, auth.config.apiHost, path, query),\n {\n method,\n headers,\n referrerPolicy: 'no-referrer',\n ...body\n }\n );\n });\n}\n\nexport async function _performFetchWithErrorHandling<V>(\n auth: Auth,\n customErrorMap: Partial<ServerErrorMap<ServerError>>,\n fetchFn: () => Promise<Response>\n): Promise<V> {\n (auth as AuthInternal)._canInitEmulator = false;\n const errorMap = { ...SERVER_ERROR_MAP, ...customErrorMap };\n try {\n const networkTimeout = new NetworkTimeout<Response>(auth);\n const response: Response = await Promise.race<Promise<Response>>([\n fetchFn(),\n networkTimeout.promise\n ]);\n\n // If we've reached this point, the fetch succeeded and the networkTimeout\n // didn't throw; clear the network timeout delay so that Node won't hang\n networkTimeout.clearNetworkTimeout();\n\n const json = await response.json();\n if ('needConfirmation' in json) {\n throw _makeTaggedError(auth, AuthErrorCode.NEED_CONFIRMATION, json);\n }\n\n if (response.ok && !('errorMessage' in json)) {\n return json;\n } else {\n const errorMessage = response.ok ? json.errorMessage : json.error.message;\n const [serverErrorCode, serverErrorMessage] = errorMessage.split(' : ');\n if (serverErrorCode === ServerError.FEDERATED_USER_ID_ALREADY_LINKED) {\n throw _makeTaggedError(\n auth,\n AuthErrorCode.CREDENTIAL_ALREADY_IN_USE,\n json\n );\n } else if (serverErrorCode === ServerError.EMAIL_EXISTS) {\n throw _makeTaggedError(auth, AuthErrorCode.EMAIL_EXISTS, json);\n } else if (serverErrorCode === ServerError.USER_DISABLED) {\n throw _makeTaggedError(auth, AuthErrorCode.USER_DISABLED, json);\n }\n const authError =\n errorMap[serverErrorCode as ServerError] ||\n (serverErrorCode\n .toLowerCase()\n .replace(/[_\\s]+/g, '-') as unknown as AuthErrorCode);\n if (serverErrorMessage) {\n throw _errorWithCustomMessage(auth, authError, serverErrorMessage);\n } else {\n _fail(auth, authError);\n }\n }\n } catch (e) {\n if (e instanceof FirebaseError) {\n throw e;\n }\n // Changing this to a different error code will log user out when there is a network error\n // because we treat any error other than NETWORK_REQUEST_FAILED as token is invalid.\n // https://github.com/firebase/firebase-js-sdk/blob/4fbc73610d70be4e0852e7de63a39cb7897e8546/packages/auth/src/core/auth/auth_impl.ts#L309-L316\n _fail(auth, AuthErrorCode.NETWORK_REQUEST_FAILED, { 'message': String(e) });\n }\n}\n\nexport async function _performSignInRequest<T, V extends IdTokenResponse>(\n auth: Auth,\n method: HttpMethod,\n path: Endpoint,\n request?: T,\n customErrorMap: Partial<ServerErrorMap<ServerError>> = {}\n): Promise<V> {\n const serverResponse = (await _performApiRequest<T, V | IdTokenMfaResponse>(\n auth,\n method,\n path,\n request,\n customErrorMap\n )) as V;\n if ('mfaPendingCredential' in serverResponse) {\n _fail(auth, AuthErrorCode.MFA_REQUIRED, {\n _serverResponse: serverResponse\n });\n }\n\n return serverResponse;\n}\n\nexport function _getFinalTarget(\n auth: Auth,\n host: string,\n path: string,\n query: string\n): string {\n const base = `${host}${path}?${query}`;\n\n if (!(auth as AuthInternal).config.emulator) {\n return `${auth.config.apiScheme}://${base}`;\n }\n\n return _emulatorUrl(auth.config as ConfigInternal, base);\n}\n\nexport function _parseEnforcementState(\n enforcementStateStr: string\n): EnforcementState {\n switch (enforcementStateStr) {\n case 'ENFORCE':\n return EnforcementState.ENFORCE;\n case 'AUDIT':\n return EnforcementState.AUDIT;\n case 'OFF':\n return EnforcementState.OFF;\n default:\n return EnforcementState.ENFORCEMENT_STATE_UNSPECIFIED;\n }\n}\n\nclass NetworkTimeout<T> {\n // Node timers and browser timers are fundamentally incompatible, but we\n // don't care about the value here\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private timer: any | null = null;\n readonly promise = new Promise<T>((_, reject) => {\n this.timer = setTimeout(() => {\n return reject(\n _createError(this.auth, AuthErrorCode.NETWORK_REQUEST_FAILED)\n );\n }, DEFAULT_API_TIMEOUT_MS.get());\n });\n\n clearNetworkTimeout(): void {\n clearTimeout(this.timer);\n }\n\n constructor(private readonly auth: Auth) {}\n}\n\ninterface PotentialResponse extends IdTokenResponse {\n email?: string;\n phoneNumber?: string;\n}\n\nexport function _makeTaggedError(\n auth: Auth,\n code: AuthErrorCode,\n response: PotentialResponse\n): FirebaseError {\n const errorParams: NamedErrorParams = {\n appName: auth.name\n };\n\n if (response.email) {\n errorParams.email = response.email;\n }\n if (response.phoneNumber) {\n errorParams.phoneNumber = response.phoneNumber;\n }\n\n const error = _createError(auth, code, errorParams);\n\n // We know customData is defined on error because errorParams is defined\n (error.customData! as TaggedWithTokenResponse)._tokenResponse = response;\n return error;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { RecaptchaParameters } from '../../model/public_types';\nimport {\n GetRecaptchaConfigResponse,\n RecaptchaEnforcementProviderState\n} from '../../api/authentication/recaptcha';\nimport { EnforcementState, _parseEnforcementState } from '../../api/index';\n\n// reCAPTCHA v2 interface\nexport interface Recaptcha {\n render: (container: HTMLElement, parameters: RecaptchaParameters) => number;\n getResponse: (id: number) => string;\n execute: (id: number) => unknown;\n reset: (id: number) => unknown;\n}\n\nexport function isV2(\n grecaptcha: Recaptcha | GreCAPTCHA | undefined\n): grecaptcha is Recaptcha {\n return (\n grecaptcha !== undefined &&\n (grecaptcha as Recaptcha).getResponse !== undefined\n );\n}\n\n// reCAPTCHA Enterprise & v3 shared interface\nexport interface GreCAPTCHATopLevel extends GreCAPTCHA {\n enterprise: GreCAPTCHA;\n}\n\n// reCAPTCHA Enterprise interface\nexport interface GreCAPTCHA {\n ready: (callback: () => void) => void;\n execute: (siteKey: string, options: { action: string }) => Promise<string>;\n render: (\n container: string | HTMLElement,\n parameters: GreCAPTCHARenderOption\n ) => string;\n}\n\nexport interface GreCAPTCHARenderOption {\n sitekey: string;\n size: 'invisible';\n}\n\nexport function isEnterprise(\n grecaptcha: Recaptcha | GreCAPTCHA | undefined\n): grecaptcha is GreCAPTCHATopLevel {\n return (\n grecaptcha !== undefined &&\n (grecaptcha as GreCAPTCHATopLevel).enterprise !== undefined\n );\n}\n\n// TODO(chuanr): Replace this with the AuthWindow after resolving the dependency issue in Node.js env.\ndeclare global {\n interface Window {\n grecaptcha?: Recaptcha | GreCAPTCHATopLevel;\n }\n}\n\nexport class RecaptchaConfig {\n /**\n * The reCAPTCHA site key.\n */\n siteKey: string = '';\n\n /**\n * The list of providers and their enablement status for reCAPTCHA Enterprise.\n */\n recaptchaEnforcementState: RecaptchaEnforcementProviderState[] = [];\n\n constructor(response: GetRecaptchaConfigResponse) {\n if (response.recaptchaKey === undefined) {\n throw new Error('recaptchaKey undefined');\n }\n // Example response.recaptchaKey: \"projects/proj123/keys/sitekey123\"\n this.siteKey = response.recaptchaKey.split('/')[3];\n this.recaptchaEnforcementState = response.recaptchaEnforcementState;\n }\n\n /**\n * Returns the reCAPTCHA Enterprise enforcement state for the given provider.\n *\n * @param providerStr - The provider whose enforcement state is to be returned.\n * @returns The reCAPTCHA Enterprise enforcement state for the given provider.\n */\n getProviderEnforcementState(providerStr: string): EnforcementState | null {\n if (\n !this.recaptchaEnforcementState ||\n this.recaptchaEnforcementState.length === 0\n ) {\n return null;\n }\n\n for (const recaptchaEnforcementState of this.recaptchaEnforcementState) {\n if (\n recaptchaEnforcementState.provider &&\n recaptchaEnforcementState.provider === providerStr\n ) {\n return _parseEnforcementState(\n recaptchaEnforcementState.enforcementState\n );\n }\n }\n return null;\n }\n\n /**\n * Returns true if the reCAPTCHA Enterprise enforcement state for the provider is set to ENFORCE or AUDIT.\n *\n * @param providerStr - The provider whose enablement state is to be returned.\n * @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider.\n */\n isProviderEnabled(providerStr: string): boolean {\n return (\n this.getProviderEnforcementState(providerStr) ===\n EnforcementState.ENFORCE ||\n this.getProviderEnforcementState(providerStr) === EnforcementState.AUDIT\n );\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _performApiRequest,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\ninterface GetRecaptchaParamResponse {\n recaptchaSiteKey?: string;\n}\n\nexport async function getRecaptchaParams(auth: Auth): Promise<string> {\n return (\n (\n await _performApiRequest<void, GetRecaptchaParamResponse>(\n auth,\n HttpMethod.GET,\n Endpoint.GET_RECAPTCHA_PARAM\n )\n ).recaptchaSiteKey || ''\n );\n}\n\n// The following functions are for reCAPTCHA enterprise integration.\ninterface GetRecaptchaConfigRequest {\n tenantId?: string;\n clientType?: RecaptchaClientType;\n version?: RecaptchaVersion;\n}\n\nexport interface RecaptchaEnforcementProviderState {\n provider: string;\n enforcementState: string;\n}\n\nexport interface GetRecaptchaConfigResponse {\n recaptchaKey: string;\n recaptchaEnforcementState: RecaptchaEnforcementProviderState[];\n}\n\nexport async function getRecaptchaConfig(\n auth: Auth,\n request: GetRecaptchaConfigRequest\n): Promise<GetRecaptchaConfigResponse> {\n return _performApiRequest<\n GetRecaptchaConfigRequest,\n GetRecaptchaConfigResponse\n >(\n auth,\n HttpMethod.GET,\n Endpoint.GET_RECAPTCHA_CONFIG,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function utcTimestampToDateString(\n utcTimestamp?: string | number\n): string | undefined {\n if (!utcTimestamp) {\n return undefined;\n }\n try {\n // Convert to date object.\n const date = new Date(Number(utcTimestamp));\n // Test date is valid.\n if (!isNaN(date.getTime())) {\n // Convert to UTC date string.\n return date.toUTCString();\n }\n } catch (e) {\n // Do nothing. undefined will be returned.\n }\n return undefined;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { IdTokenResult, ParsedToken, User } from '../../model/public_types';\nimport { base64Decode, getModularInstance } from '@firebase/util';\n\nimport { UserInternal } from '../../model/user';\nimport { _assert } from '../util/assert';\nimport { _logError } from '../util/log';\nimport { utcTimestampToDateString } from '../util/time';\nimport { AuthErrorCode } from '../errors';\n\n/**\n * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.\n *\n * @remarks\n * Returns the current token if it has not expired or if it will not expire in the next five\n * minutes. Otherwise, this will refresh the token and return a new one.\n *\n * @param user - The user.\n * @param forceRefresh - Force refresh regardless of token expiration.\n *\n * @public\n */\nexport function getIdToken(user: User, forceRefresh = false): Promise<string> {\n return getModularInstance(user).getIdToken(forceRefresh);\n}\n\n/**\n * Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.\n *\n * @remarks\n * Returns the current token if it has not expired or if it will not expire in the next five\n * minutes. Otherwise, this will refresh the token and return a new one.\n *\n * @param user - The user.\n * @param forceRefresh - Force refresh regardless of token expiration.\n *\n * @public\n */\nexport async function getIdTokenResult(\n user: User,\n forceRefresh = false\n): Promise<IdTokenResult> {\n const userInternal = getModularInstance(user) as UserInternal;\n const token = await userInternal.getIdToken(forceRefresh);\n const claims = _parseToken(token);\n\n _assert(\n claims && claims.exp && claims.auth_time && claims.iat,\n userInternal.auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const firebase =\n typeof claims.firebase === 'object' ? claims.firebase : undefined;\n\n const signInProvider: string | undefined = firebase?.['sign_in_provider'];\n\n return {\n claims,\n token,\n authTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.auth_time)\n )!,\n issuedAtTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.iat)\n )!,\n expirationTime: utcTimestampToDateString(\n secondsStringToMilliseconds(claims.exp)\n )!,\n signInProvider: signInProvider || null,\n signInSecondFactor: firebase?.['sign_in_second_factor'] || null\n };\n}\n\nfunction secondsStringToMilliseconds(seconds: string): number {\n return Number(seconds) * 1000;\n}\n\nexport function _parseToken(token: string): ParsedToken | null {\n const [algorithm, payload, signature] = token.split('.');\n if (\n algorithm === undefined ||\n payload === undefined ||\n signature === undefined\n ) {\n _logError('JWT malformed, contained fewer than 3 sections');\n return null;\n }\n\n try {\n const decoded = base64Decode(payload);\n if (!decoded) {\n _logError('Failed to decode base64 JWT payload');\n return null;\n }\n return JSON.parse(decoded);\n } catch (e) {\n _logError(\n 'Caught error parsing JWT payload as JSON',\n (e as Error)?.toString()\n );\n return null;\n }\n}\n\n/**\n * Extract expiresIn TTL from a token by subtracting the expiration from the issuance.\n */\nexport function _tokenExpiresIn(token: string): number {\n const parsedToken = _parseToken(token);\n _assert(parsedToken, AuthErrorCode.INTERNAL_ERROR);\n _assert(typeof parsedToken.exp !== 'undefined', AuthErrorCode.INTERNAL_ERROR);\n _assert(typeof parsedToken.iat !== 'undefined', AuthErrorCode.INTERNAL_ERROR);\n return Number(parsedToken.exp) - Number(parsedToken.iat);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\n\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\n\nexport async function _logoutIfInvalidated<T>(\n user: UserInternal,\n promise: Promise<T>,\n bypassAuthState = false\n): Promise<T> {\n if (bypassAuthState) {\n return promise;\n }\n try {\n return await promise;\n } catch (e) {\n if (e instanceof FirebaseError && isUserInvalidated(e)) {\n if (user.auth.currentUser === user) {\n await user.auth.signOut();\n }\n }\n\n throw e;\n }\n}\n\nfunction isUserInvalidated({ code }: FirebaseError): boolean {\n return (\n code === `auth/${AuthErrorCode.USER_DISABLED}` ||\n code === `auth/${AuthErrorCode.TOKEN_EXPIRED}`\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\n\n// Refresh the token five minutes before expiration\nexport const enum Duration {\n OFFSET = 5 * 1000 * 60,\n RETRY_BACKOFF_MIN = 30 * 1000,\n RETRY_BACKOFF_MAX = 16 * 60 * 1000\n}\n\nexport class ProactiveRefresh {\n private isRunning = false;\n\n // Node timers and browser timers return fundamentally different types.\n // We don't actually care what the value is but TS won't accept unknown and\n // we can't cast properly in both environments.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private timerId: any | null = null;\n private errorBackoff = Duration.RETRY_BACKOFF_MIN;\n\n constructor(private readonly user: UserInternal) {}\n\n _start(): void {\n if (this.isRunning) {\n return;\n }\n\n this.isRunning = true;\n this.schedule();\n }\n\n _stop(): void {\n if (!this.isRunning) {\n return;\n }\n\n this.isRunning = false;\n if (this.timerId !== null) {\n clearTimeout(this.timerId);\n }\n }\n\n private getInterval(wasError: boolean): number {\n if (wasError) {\n const interval = this.errorBackoff;\n this.errorBackoff = Math.min(\n this.errorBackoff * 2,\n Duration.RETRY_BACKOFF_MAX\n );\n return interval;\n } else {\n // Reset the error backoff\n this.errorBackoff = Duration.RETRY_BACKOFF_MIN;\n const expTime = this.user.stsTokenManager.expirationTime ?? 0;\n const interval = expTime - Date.now() - Duration.OFFSET;\n\n return Math.max(0, interval);\n }\n }\n\n private schedule(wasError = false): void {\n if (!this.isRunning) {\n // Just in case...\n return;\n }\n\n const interval = this.getInterval(wasError);\n this.timerId = setTimeout(async () => {\n await this.iteration();\n }, interval);\n }\n\n private async iteration(): Promise<void> {\n try {\n await this.user.getIdToken(true);\n } catch (e) {\n // Only retry on network errors\n if (\n (e as FirebaseError)?.code ===\n `auth/${AuthErrorCode.NETWORK_REQUEST_FAILED}`\n ) {\n this.schedule(/* wasError */ true);\n }\n\n return;\n }\n this.schedule();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserMetadata as UserMetadataType } from '../../model/public_types';\n\nimport { utcTimestampToDateString } from '../util/time';\n\nexport class UserMetadata implements UserMetadataType {\n creationTime?: string;\n lastSignInTime?: string;\n\n constructor(\n private createdAt?: string | number,\n private lastLoginAt?: string | number\n ) {\n this._initializeTime();\n }\n\n private _initializeTime(): void {\n this.lastSignInTime = utcTimestampToDateString(this.lastLoginAt);\n this.creationTime = utcTimestampToDateString(this.createdAt);\n }\n\n _copy(metadata: UserMetadata): void {\n this.createdAt = metadata.createdAt;\n this.lastLoginAt = metadata.lastLoginAt;\n this._initializeTime();\n }\n\n toJSON(): object {\n return {\n createdAt: this.createdAt,\n lastLoginAt: this.lastLoginAt\n };\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User, UserInfo } from '../../model/public_types';\n\nimport {\n getAccountInfo,\n ProviderUserInfo\n} from '../../api/account_management/account';\nimport { UserInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { UserMetadata } from './user_metadata';\nimport { getModularInstance } from '@firebase/util';\n\nexport async function _reloadWithoutSaving(user: UserInternal): Promise<void> {\n const auth = user.auth;\n const idToken = await user.getIdToken();\n const response = await _logoutIfInvalidated(\n user,\n getAccountInfo(auth, { idToken })\n );\n\n _assert(response?.users.length, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const coreAccount = response.users[0];\n\n user._notifyReloadListener(coreAccount);\n\n const newProviderData = coreAccount.providerUserInfo?.length\n ? extractProviderData(coreAccount.providerUserInfo)\n : [];\n\n const providerData = mergeProviderData(user.providerData, newProviderData);\n\n // Preserves the non-nonymous status of the stored user, even if no more\n // credentials (federated or email/password) are linked to the user. If\n // the user was previously anonymous, then use provider data to update.\n // On the other hand, if it was not anonymous before, it should never be\n // considered anonymous now.\n const oldIsAnonymous = user.isAnonymous;\n const newIsAnonymous =\n !(user.email && coreAccount.passwordHash) && !providerData?.length;\n const isAnonymous = !oldIsAnonymous ? false : newIsAnonymous;\n\n const updates: Partial<UserInternal> = {\n uid: coreAccount.localId,\n displayName: coreAccount.displayName || null,\n photoURL: coreAccount.photoUrl || null,\n email: coreAccount.email || null,\n emailVerified: coreAccount.emailVerified || false,\n phoneNumber: coreAccount.phoneNumber || null,\n tenantId: coreAccount.tenantId || null,\n providerData,\n metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),\n isAnonymous\n };\n\n Object.assign(user, updates);\n}\n\n/**\n * Reloads user account data, if signed in.\n *\n * @param user - The user.\n *\n * @public\n */\nexport async function reload(user: User): Promise<void> {\n const userInternal: UserInternal = getModularInstance(user) as UserInternal;\n await _reloadWithoutSaving(userInternal);\n\n // Even though the current user hasn't changed, update\n // current user will trigger a persistence update w/ the\n // new info.\n await userInternal.auth._persistUserIfCurrent(userInternal);\n userInternal.auth._notifyListenersIfCurrent(userInternal);\n}\n\nfunction mergeProviderData(\n original: UserInfo[],\n newData: UserInfo[]\n): UserInfo[] {\n const deduped = original.filter(\n o => !newData.some(n => n.providerId === o.providerId)\n );\n return [...deduped, ...newData];\n}\n\nfunction extractProviderData(providers: ProviderUserInfo[]): UserInfo[] {\n return providers.map(({ providerId, ...provider }) => {\n return {\n providerId,\n uid: provider.rawId || '',\n displayName: provider.displayName || null,\n email: provider.email || null,\n phoneNumber: provider.phoneNumber || null,\n photoURL: provider.photoUrl || null\n };\n });\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Endpoint, HttpMethod, _performApiRequest } from '../index';\nimport { MfaEnrollment } from './mfa';\nimport { Auth } from '../../model/public_types';\n\nexport interface DeleteAccountRequest {\n idToken: string;\n}\n\nexport async function deleteAccount(\n auth: Auth,\n request: DeleteAccountRequest\n): Promise<void> {\n return _performApiRequest<DeleteAccountRequest, void>(\n auth,\n HttpMethod.POST,\n Endpoint.DELETE_ACCOUNT,\n request\n );\n}\n\nexport interface ProviderUserInfo {\n providerId: string;\n rawId?: string;\n email?: string;\n displayName?: string;\n photoUrl?: string;\n phoneNumber?: string;\n}\n\nexport interface DeleteLinkedAccountsRequest {\n idToken: string;\n deleteProvider: string[];\n}\n\nexport interface DeleteLinkedAccountsResponse {\n providerUserInfo: ProviderUserInfo[];\n}\n\nexport async function deleteLinkedAccounts(\n auth: Auth,\n request: DeleteLinkedAccountsRequest\n): Promise<DeleteLinkedAccountsResponse> {\n return _performApiRequest<\n DeleteLinkedAccountsRequest,\n DeleteLinkedAccountsResponse\n >(auth, HttpMethod.POST, Endpoint.SET_ACCOUNT_INFO, request);\n}\n\nexport interface APIUserInfo {\n localId?: string;\n displayName?: string;\n photoUrl?: string;\n email?: string;\n emailVerified?: boolean;\n phoneNumber?: string;\n lastLoginAt?: number;\n createdAt?: number;\n tenantId?: string;\n passwordHash?: string;\n providerUserInfo?: ProviderUserInfo[];\n mfaInfo?: MfaEnrollment[];\n}\n\nexport interface GetAccountInfoRequest {\n idToken: string;\n}\n\nexport interface GetAccountInfoResponse {\n users: APIUserInfo[];\n}\n\nexport async function getAccountInfo(\n auth: Auth,\n request: GetAccountInfoRequest\n): Promise<GetAccountInfoResponse> {\n return _performApiRequest<GetAccountInfoRequest, GetAccountInfoResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.GET_ACCOUNT_INFO,\n request\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FinalizeMfaResponse } from '../../api/authentication/mfa';\nimport { requestStsToken } from '../../api/authentication/token';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { PersistedBlob } from '../persistence';\nimport { _assert, debugFail } from '../util/assert';\nimport { _tokenExpiresIn } from './id_token_result';\n\n/**\n * The number of milliseconds before the official expiration time of a token\n * to refresh that token, to provide a buffer for RPCs to complete.\n */\nexport const enum Buffer {\n TOKEN_REFRESH = 30_000\n}\n\n/**\n * We need to mark this class as internal explicitly to exclude it in the public typings, because\n * it references AuthInternal which has a circular dependency with UserInternal.\n *\n * @internal\n */\nexport class StsTokenManager {\n refreshToken: string | null = null;\n accessToken: string | null = null;\n expirationTime: number | null = null;\n\n get isExpired(): boolean {\n return (\n !this.expirationTime ||\n Date.now() > this.expirationTime - Buffer.TOKEN_REFRESH\n );\n }\n\n updateFromServerResponse(\n response: IdTokenResponse | FinalizeMfaResponse\n ): void {\n _assert(response.idToken, AuthErrorCode.INTERNAL_ERROR);\n _assert(\n typeof response.idToken !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n _assert(\n typeof response.refreshToken !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n const expiresIn =\n 'expiresIn' in response && typeof response.expiresIn !== 'undefined'\n ? Number(response.expiresIn)\n : _tokenExpiresIn(response.idToken);\n this.updateTokensAndExpiration(\n response.idToken,\n response.refreshToken,\n expiresIn\n );\n }\n\n async getToken(\n auth: AuthInternal,\n forceRefresh = false\n ): Promise<string | null> {\n _assert(\n !this.accessToken || this.refreshToken,\n auth,\n AuthErrorCode.TOKEN_EXPIRED\n );\n\n if (!forceRefresh && this.accessToken && !this.isExpired) {\n return this.accessToken;\n }\n\n if (this.refreshToken) {\n await this.refresh(auth, this.refreshToken!);\n return this.accessToken;\n }\n\n return null;\n }\n\n clearRefreshToken(): void {\n this.refreshToken = null;\n }\n\n private async refresh(auth: AuthInternal, oldToken: string): Promise<void> {\n const { accessToken, refreshToken, expiresIn } = await requestStsToken(\n auth,\n oldToken\n );\n this.updateTokensAndExpiration(\n accessToken,\n refreshToken,\n Number(expiresIn)\n );\n }\n\n private updateTokensAndExpiration(\n accessToken: string,\n refreshToken: string,\n expiresInSec: number\n ): void {\n this.refreshToken = refreshToken || null;\n this.accessToken = accessToken || null;\n this.expirationTime = Date.now() + expiresInSec * 1000;\n }\n\n static fromJSON(appName: string, object: PersistedBlob): StsTokenManager {\n const { refreshToken, accessToken, expirationTime } = object;\n\n const manager = new StsTokenManager();\n if (refreshToken) {\n _assert(typeof refreshToken === 'string', AuthErrorCode.INTERNAL_ERROR, {\n appName\n });\n manager.refreshToken = refreshToken;\n }\n if (accessToken) {\n _assert(typeof accessToken === 'string', AuthErrorCode.INTERNAL_ERROR, {\n appName\n });\n manager.accessToken = accessToken;\n }\n if (expirationTime) {\n _assert(\n typeof expirationTime === 'number',\n AuthErrorCode.INTERNAL_ERROR,\n {\n appName\n }\n );\n manager.expirationTime = expirationTime;\n }\n return manager;\n }\n\n toJSON(): object {\n return {\n refreshToken: this.refreshToken,\n accessToken: this.accessToken,\n expirationTime: this.expirationTime\n };\n }\n\n _assign(stsTokenManager: StsTokenManager): void {\n this.accessToken = stsTokenManager.accessToken;\n this.refreshToken = stsTokenManager.refreshToken;\n this.expirationTime = stsTokenManager.expirationTime;\n }\n\n _clone(): StsTokenManager {\n return Object.assign(new StsTokenManager(), this.toJSON());\n }\n\n _performRefresh(): never {\n return debugFail('not implemented');\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/* eslint-disable camelcase */\n\nimport { querystring } from '@firebase/util';\n\nimport {\n _getFinalTarget,\n _performFetchWithErrorHandling,\n _performApiRequest,\n _addTidIfNecessary,\n HttpMethod,\n HttpHeader,\n Endpoint\n} from '../index';\nimport { FetchProvider } from '../../core/util/fetch_provider';\nimport { Auth } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\n\nexport const enum TokenType {\n REFRESH_TOKEN = 'REFRESH_TOKEN',\n ACCESS_TOKEN = 'ACCESS_TOKEN'\n}\n\n/** The server responses with snake_case; we convert to camelCase */\ninterface RequestStsTokenServerResponse {\n access_token: string;\n expires_in: string;\n refresh_token: string;\n}\n\nexport interface RequestStsTokenResponse {\n accessToken: string;\n expiresIn: string;\n refreshToken: string;\n}\n\nexport interface RevokeTokenRequest {\n providerId: string;\n tokenType: TokenType;\n token: string;\n idToken: string;\n tenantId?: string;\n}\n\nexport interface RevokeTokenResponse {}\n\nexport async function requestStsToken(\n auth: Auth,\n refreshToken: string\n): Promise<RequestStsTokenResponse> {\n const response =\n await _performFetchWithErrorHandling<RequestStsTokenServerResponse>(\n auth,\n {},\n async () => {\n const body = querystring({\n 'grant_type': 'refresh_token',\n 'refresh_token': refreshToken\n }).slice(1);\n const { tokenApiHost, apiKey } = auth.config;\n const url = _getFinalTarget(\n auth,\n tokenApiHost,\n Endpoint.TOKEN,\n `key=${apiKey}`\n );\n\n const headers = await (auth as AuthInternal)._getAdditionalHeaders();\n headers[HttpHeader.CONTENT_TYPE] = 'application/x-www-form-urlencoded';\n\n return FetchProvider.fetch()(url, {\n method: HttpMethod.POST,\n headers,\n body\n });\n }\n );\n\n // The response comes back in snake_case. Convert to camel:\n return {\n accessToken: response.access_token,\n expiresIn: response.expires_in,\n refreshToken: response.refresh_token\n };\n}\n\nexport async function revokeToken(\n auth: Auth,\n request: RevokeTokenRequest\n): Promise<RevokeTokenResponse> {\n return _performApiRequest<RevokeTokenRequest, RevokeTokenResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.REVOKE_TOKEN,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { IdTokenResult } from '../../model/public_types';\nimport { NextFn } from '@firebase/util';\n\nimport {\n APIUserInfo,\n deleteAccount\n} from '../../api/account_management/account';\nimport { FinalizeMfaResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport {\n MutableUserInfo,\n UserInternal,\n UserParameters\n} from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { PersistedBlob } from '../persistence';\nimport { _assert } from '../util/assert';\nimport { getIdTokenResult } from './id_token_result';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { ProactiveRefresh } from './proactive_refresh';\nimport { _reloadWithoutSaving, reload } from './reload';\nimport { StsTokenManager } from './token_manager';\nimport { UserMetadata } from './user_metadata';\nimport { ProviderId } from '../../model/enums';\n\nfunction assertStringOrUndefined(\n assertion: unknown,\n appName: string\n): asserts assertion is string | undefined {\n _assert(\n typeof assertion === 'string' || typeof assertion === 'undefined',\n AuthErrorCode.INTERNAL_ERROR,\n { appName }\n );\n}\n\nexport class UserImpl implements UserInternal {\n // For the user object, provider is always Firebase.\n readonly providerId = ProviderId.FIREBASE;\n stsTokenManager: StsTokenManager;\n // Last known accessToken so we know when it changes\n private accessToken: string | null;\n\n uid: string;\n auth: AuthInternal;\n emailVerified: boolean;\n isAnonymous: boolean;\n tenantId: string | null;\n readonly metadata: UserMetadata;\n providerData: MutableUserInfo[];\n\n // Optional fields from UserInfo\n displayName: string | null;\n email: string | null;\n phoneNumber: string | null;\n photoURL: string | null;\n\n _redirectEventId?: string;\n private readonly proactiveRefresh = new ProactiveRefresh(this);\n\n constructor({ uid, auth, stsTokenManager, ...opt }: UserParameters) {\n this.uid = uid;\n this.auth = auth;\n this.stsTokenManager = stsTokenManager;\n this.accessToken = stsTokenManager.accessToken;\n this.displayName = opt.displayName || null;\n this.email = opt.email || null;\n this.emailVerified = opt.emailVerified || false;\n this.phoneNumber = opt.phoneNumber || null;\n this.photoURL = opt.photoURL || null;\n this.isAnonymous = opt.isAnonymous || false;\n this.tenantId = opt.tenantId || null;\n this.providerData = opt.providerData ? [...opt.providerData] : [];\n this.metadata = new UserMetadata(\n opt.createdAt || undefined,\n opt.lastLoginAt || undefined\n );\n }\n\n async getIdToken(forceRefresh?: boolean): Promise<string> {\n const accessToken = await _logoutIfInvalidated(\n this,\n this.stsTokenManager.getToken(this.auth, forceRefresh)\n );\n _assert(accessToken, this.auth, AuthErrorCode.INTERNAL_ERROR);\n\n if (this.accessToken !== accessToken) {\n this.accessToken = accessToken;\n await this.auth._persistUserIfCurrent(this);\n this.auth._notifyListenersIfCurrent(this);\n }\n\n return accessToken;\n }\n\n getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult> {\n return getIdTokenResult(this, forceRefresh);\n }\n\n reload(): Promise<void> {\n return reload(this);\n }\n\n private reloadUserInfo: APIUserInfo | null = null;\n private reloadListener: NextFn<APIUserInfo> | null = null;\n\n _assign(user: UserInternal): void {\n if (this === user) {\n return;\n }\n _assert(this.uid === user.uid, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.displayName = user.displayName;\n this.photoURL = user.photoURL;\n this.email = user.email;\n this.emailVerified = user.emailVerified;\n this.phoneNumber = user.phoneNumber;\n this.isAnonymous = user.isAnonymous;\n this.tenantId = user.tenantId;\n this.providerData = user.providerData.map(userInfo => ({ ...userInfo }));\n this.metadata._copy(user.metadata);\n this.stsTokenManager._assign(user.stsTokenManager);\n }\n\n _clone(auth: AuthInternal): UserInternal {\n const newUser = new UserImpl({\n ...this,\n auth,\n stsTokenManager: this.stsTokenManager._clone()\n });\n newUser.metadata._copy(this.metadata);\n return newUser;\n }\n\n _onReload(callback: NextFn<APIUserInfo>): void {\n // There should only ever be one listener, and that is a single instance of MultiFactorUser\n _assert(!this.reloadListener, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.reloadListener = callback;\n if (this.reloadUserInfo) {\n this._notifyReloadListener(this.reloadUserInfo);\n this.reloadUserInfo = null;\n }\n }\n\n _notifyReloadListener(userInfo: APIUserInfo): void {\n if (this.reloadListener) {\n this.reloadListener(userInfo);\n } else {\n // If no listener is subscribed yet, save the result so it's available when they do subscribe\n this.reloadUserInfo = userInfo;\n }\n }\n\n _startProactiveRefresh(): void {\n this.proactiveRefresh._start();\n }\n\n _stopProactiveRefresh(): void {\n this.proactiveRefresh._stop();\n }\n\n async _updateTokensIfNecessary(\n response: IdTokenResponse | FinalizeMfaResponse,\n reload = false\n ): Promise<void> {\n let tokensRefreshed = false;\n if (\n response.idToken &&\n response.idToken !== this.stsTokenManager.accessToken\n ) {\n this.stsTokenManager.updateFromServerResponse(response);\n tokensRefreshed = true;\n }\n\n if (reload) {\n await _reloadWithoutSaving(this);\n }\n\n await this.auth._persistUserIfCurrent(this);\n if (tokensRefreshed) {\n this.auth._notifyListenersIfCurrent(this);\n }\n }\n\n async delete(): Promise<void> {\n const idToken = await this.getIdToken();\n await _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken }));\n this.stsTokenManager.clearRefreshToken();\n\n // TODO: Determine if cancellable-promises are necessary to use in this class so that delete()\n // cancels pending actions...\n\n return this.auth.signOut();\n }\n\n toJSON(): PersistedBlob {\n return {\n uid: this.uid,\n email: this.email || undefined,\n emailVerified: this.emailVerified,\n displayName: this.displayName || undefined,\n isAnonymous: this.isAnonymous,\n photoURL: this.photoURL || undefined,\n phoneNumber: this.phoneNumber || undefined,\n tenantId: this.tenantId || undefined,\n providerData: this.providerData.map(userInfo => ({ ...userInfo })),\n stsTokenManager: this.stsTokenManager.toJSON(),\n // Redirect event ID must be maintained in case there is a pending\n // redirect event.\n _redirectEventId: this._redirectEventId,\n ...this.metadata.toJSON(),\n\n // Required for compatibility with the legacy SDK (go/firebase-auth-sdk-persistence-parsing):\n apiKey: this.auth.config.apiKey,\n appName: this.auth.name\n // Missing authDomain will be tolerated by the legacy SDK.\n // stsTokenManager.apiKey isn't actually required (despite the legacy SDK persisting it).\n };\n }\n\n get refreshToken(): string {\n return this.stsTokenManager.refreshToken || '';\n }\n\n static _fromJSON(auth: AuthInternal, object: PersistedBlob): UserInternal {\n const displayName = object.displayName ?? undefined;\n const email = object.email ?? undefined;\n const phoneNumber = object.phoneNumber ?? undefined;\n const photoURL = object.photoURL ?? undefined;\n const tenantId = object.tenantId ?? undefined;\n const _redirectEventId = object._redirectEventId ?? undefined;\n const createdAt = object.createdAt ?? undefined;\n const lastLoginAt = object.lastLoginAt ?? undefined;\n const {\n uid,\n emailVerified,\n isAnonymous,\n providerData,\n stsTokenManager: plainObjectTokenManager\n } = object;\n\n _assert(uid && plainObjectTokenManager, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const stsTokenManager = StsTokenManager.fromJSON(\n this.name,\n plainObjectTokenManager as PersistedBlob\n );\n\n _assert(typeof uid === 'string', auth, AuthErrorCode.INTERNAL_ERROR);\n assertStringOrUndefined(displayName, auth.name);\n assertStringOrUndefined(email, auth.name);\n _assert(\n typeof emailVerified === 'boolean',\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n _assert(\n typeof isAnonymous === 'boolean',\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n assertStringOrUndefined(phoneNumber, auth.name);\n assertStringOrUndefined(photoURL, auth.name);\n assertStringOrUndefined(tenantId, auth.name);\n assertStringOrUndefined(_redirectEventId, auth.name);\n assertStringOrUndefined(createdAt, auth.name);\n assertStringOrUndefined(lastLoginAt, auth.name);\n const user = new UserImpl({\n uid,\n auth,\n email,\n emailVerified,\n displayName,\n isAnonymous,\n photoURL,\n phoneNumber,\n tenantId,\n stsTokenManager,\n createdAt,\n lastLoginAt\n });\n\n if (providerData && Array.isArray(providerData)) {\n user.providerData = providerData.map(userInfo => ({ ...userInfo }));\n }\n\n if (_redirectEventId) {\n user._redirectEventId = _redirectEventId;\n }\n\n return user;\n }\n\n /**\n * Initialize a User from an idToken server response\n * @param auth\n * @param idTokenResponse\n */\n static async _fromIdTokenResponse(\n auth: AuthInternal,\n idTokenResponse: IdTokenResponse,\n isAnonymous: boolean = false\n ): Promise<UserInternal> {\n const stsTokenManager = new StsTokenManager();\n stsTokenManager.updateFromServerResponse(idTokenResponse);\n\n // Initialize the Firebase Auth user.\n const user = new UserImpl({\n uid: idTokenResponse.localId,\n auth,\n stsTokenManager,\n isAnonymous\n });\n\n // Updates the user info and data and resolves with a user instance.\n await _reloadWithoutSaving(user);\n return user;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { debugAssert } from './assert';\n\n/**\n * Our API has a lot of one-off constants that are used to do things.\n * Unfortunately we can't export these as classes instantiated directly since\n * the constructor may side effect and therefore can't be proven to be safely\n * culled. Instead, we export these classes themselves as a lowerCamelCase\n * constant, and instantiate them under the hood.\n */\nexport interface SingletonInstantiator<T> {\n new (): T;\n}\n\nconst instanceCache: Map<unknown, unknown> = new Map();\n\nexport function _getInstance<T>(cls: unknown): T {\n debugAssert(cls instanceof Function, 'Expected a class definition');\n let instance = instanceCache.get(cls) as T | undefined;\n\n if (instance) {\n debugAssert(\n instance instanceof cls,\n 'Instance stored in cache mismatched with class'\n );\n return instance;\n }\n\n instance = new (cls as SingletonInstantiator<T>)();\n instanceCache.set(cls, instance);\n return instance;\n}\n\nexport function _clearInstanceMap(): void {\n instanceCache.clear();\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport {\n PersistenceInternal,\n PersistenceType,\n PersistenceValue,\n StorageEventListener\n} from '../persistence';\n\nexport class InMemoryPersistence implements PersistenceInternal {\n static type: 'NONE' = 'NONE';\n readonly type = PersistenceType.NONE;\n storage: Record<string, PersistenceValue> = {};\n\n async _isAvailable(): Promise<boolean> {\n return true;\n }\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n this.storage[key] = value;\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const value = this.storage[key];\n return value === undefined ? null : (value as T);\n }\n\n async _remove(key: string): Promise<void> {\n delete this.storage[key];\n }\n\n _addListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for in-memory storage since it cannot be shared across windows/workers\n return;\n }\n\n _removeListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for in-memory storage since it cannot be shared across windows/workers\n return;\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type 'NONE'.\n *\n * @public\n */\nexport const inMemoryPersistence: Persistence = InMemoryPersistence;\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ApiKey, AppName, AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { PersistedBlob, PersistenceInternal } from '../persistence';\nimport { UserImpl } from '../user/user_impl';\nimport { _getInstance } from '../util/instantiator';\nimport { inMemoryPersistence } from './in_memory';\n\nexport const enum KeyName {\n AUTH_USER = 'authUser',\n AUTH_EVENT = 'authEvent',\n REDIRECT_USER = 'redirectUser',\n PERSISTENCE_USER = 'persistence'\n}\nexport const enum Namespace {\n PERSISTENCE = 'firebase'\n}\n\nexport function _persistenceKeyName(\n key: string,\n apiKey: ApiKey,\n appName: AppName\n): string {\n return `${Namespace.PERSISTENCE}:${key}:${apiKey}:${appName}`;\n}\n\nexport class PersistenceUserManager {\n private readonly fullUserKey: string;\n private readonly fullPersistenceKey: string;\n private readonly boundEventHandler: () => void;\n\n private constructor(\n public persistence: PersistenceInternal,\n private readonly auth: AuthInternal,\n private readonly userKey: string\n ) {\n const { config, name } = this.auth;\n this.fullUserKey = _persistenceKeyName(this.userKey, config.apiKey, name);\n this.fullPersistenceKey = _persistenceKeyName(\n KeyName.PERSISTENCE_USER,\n config.apiKey,\n name\n );\n this.boundEventHandler = auth._onStorageEvent.bind(auth);\n this.persistence._addListener(this.fullUserKey, this.boundEventHandler);\n }\n\n setCurrentUser(user: UserInternal): Promise<void> {\n return this.persistence._set(this.fullUserKey, user.toJSON());\n }\n\n async getCurrentUser(): Promise<UserInternal | null> {\n const blob = await this.persistence._get<PersistedBlob>(this.fullUserKey);\n return blob ? UserImpl._fromJSON(this.auth, blob) : null;\n }\n\n removeCurrentUser(): Promise<void> {\n return this.persistence._remove(this.fullUserKey);\n }\n\n savePersistenceForRedirect(): Promise<void> {\n return this.persistence._set(\n this.fullPersistenceKey,\n this.persistence.type\n );\n }\n\n async setPersistence(newPersistence: PersistenceInternal): Promise<void> {\n if (this.persistence === newPersistence) {\n return;\n }\n\n const currentUser = await this.getCurrentUser();\n await this.removeCurrentUser();\n\n this.persistence = newPersistence;\n\n if (currentUser) {\n return this.setCurrentUser(currentUser);\n }\n }\n\n delete(): void {\n this.persistence._removeListener(this.fullUserKey, this.boundEventHandler);\n }\n\n static async create(\n auth: AuthInternal,\n persistenceHierarchy: PersistenceInternal[],\n userKey = KeyName.AUTH_USER\n ): Promise<PersistenceUserManager> {\n if (!persistenceHierarchy.length) {\n return new PersistenceUserManager(\n _getInstance(inMemoryPersistence),\n auth,\n userKey\n );\n }\n\n // Eliminate any persistences that are not available\n const availablePersistences = (\n await Promise.all(\n persistenceHierarchy.map(async persistence => {\n if (await persistence._isAvailable()) {\n return persistence;\n }\n return undefined;\n })\n )\n ).filter(persistence => persistence) as PersistenceInternal[];\n\n // Fall back to the first persistence listed, or in memory if none available\n let selectedPersistence =\n availablePersistences[0] ||\n _getInstance<PersistenceInternal>(inMemoryPersistence);\n\n const key = _persistenceKeyName(userKey, auth.config.apiKey, auth.name);\n\n // Pull out the existing user, setting the chosen persistence to that\n // persistence if the user exists.\n let userToMigrate: UserInternal | null = null;\n // Note, here we check for a user in _all_ persistences, not just the\n // ones deemed available. If we can migrate a user out of a broken\n // persistence, we will (but only if that persistence supports migration).\n for (const persistence of persistenceHierarchy) {\n try {\n const blob = await persistence._get<PersistedBlob>(key);\n if (blob) {\n const user = UserImpl._fromJSON(auth, blob); // throws for unparsable blob (wrong format)\n if (persistence !== selectedPersistence) {\n userToMigrate = user;\n }\n selectedPersistence = persistence;\n break;\n }\n } catch {}\n }\n\n // If we find the user in a persistence that does support migration, use\n // that migration path (of only persistences that support migration)\n const migrationHierarchy = availablePersistences.filter(\n p => p._shouldAllowMigration\n );\n\n // If the persistence does _not_ allow migration, just finish off here\n if (\n !selectedPersistence._shouldAllowMigration ||\n !migrationHierarchy.length\n ) {\n return new PersistenceUserManager(selectedPersistence, auth, userKey);\n }\n\n selectedPersistence = migrationHierarchy[0];\n if (userToMigrate) {\n // This normally shouldn't throw since chosenPersistence.isAvailable() is true, but if it does\n // we'll just let it bubble to surface the error.\n await selectedPersistence._set(key, userToMigrate.toJSON());\n }\n\n // Attempt to clear the key in other persistences but ignore errors. This helps prevent issues\n // such as users getting stuck with a previous account after signing out and refreshing the tab.\n await Promise.all(\n persistenceHierarchy.map(async persistence => {\n if (persistence !== selectedPersistence) {\n try {\n await persistence._remove(key);\n } catch {}\n }\n })\n );\n return new PersistenceUserManager(selectedPersistence, auth, userKey);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isIE, getUA } from '@firebase/util';\n\ninterface NavigatorStandalone extends Navigator {\n standalone?: unknown;\n}\n\ninterface Document {\n documentMode?: number;\n}\n\n/**\n * Enums for Browser name.\n */\nexport const enum BrowserName {\n ANDROID = 'Android',\n BLACKBERRY = 'Blackberry',\n EDGE = 'Edge',\n FIREFOX = 'Firefox',\n IE = 'IE',\n IEMOBILE = 'IEMobile',\n OPERA = 'Opera',\n OTHER = 'Other',\n CHROME = 'Chrome',\n SAFARI = 'Safari',\n SILK = 'Silk',\n WEBOS = 'Webos'\n}\n\n/**\n * Determine the browser for the purposes of reporting usage to the API\n */\nexport function _getBrowserName(userAgent: string): BrowserName | string {\n const ua = userAgent.toLowerCase();\n if (ua.includes('opera/') || ua.includes('opr/') || ua.includes('opios/')) {\n return BrowserName.OPERA;\n } else if (_isIEMobile(ua)) {\n // Windows phone IEMobile browser.\n return BrowserName.IEMOBILE;\n } else if (ua.includes('msie') || ua.includes('trident/')) {\n return BrowserName.IE;\n } else if (ua.includes('edge/')) {\n return BrowserName.EDGE;\n } else if (_isFirefox(ua)) {\n return BrowserName.FIREFOX;\n } else if (ua.includes('silk/')) {\n return BrowserName.SILK;\n } else if (_isBlackBerry(ua)) {\n // Blackberry browser.\n return BrowserName.BLACKBERRY;\n } else if (_isWebOS(ua)) {\n // WebOS default browser.\n return BrowserName.WEBOS;\n } else if (_isSafari(ua)) {\n return BrowserName.SAFARI;\n } else if (\n (ua.includes('chrome/') || _isChromeIOS(ua)) &&\n !ua.includes('edge/')\n ) {\n return BrowserName.CHROME;\n } else if (_isAndroid(ua)) {\n // Android stock browser.\n return BrowserName.ANDROID;\n } else {\n // Most modern browsers have name/version at end of user agent string.\n const re = /([a-zA-Z\\d\\.]+)\\/[a-zA-Z\\d\\.]*$/;\n const matches = userAgent.match(re);\n if (matches?.length === 2) {\n return matches[1];\n }\n }\n return BrowserName.OTHER;\n}\n\nexport function _isFirefox(ua = getUA()): boolean {\n return /firefox\\//i.test(ua);\n}\n\nexport function _isSafari(userAgent = getUA()): boolean {\n const ua = userAgent.toLowerCase();\n return (\n ua.includes('safari/') &&\n !ua.includes('chrome/') &&\n !ua.includes('crios/') &&\n !ua.includes('android')\n );\n}\n\nexport function _isChromeIOS(ua = getUA()): boolean {\n return /crios\\//i.test(ua);\n}\n\nexport function _isIEMobile(ua = getUA()): boolean {\n return /iemobile/i.test(ua);\n}\n\nexport function _isAndroid(ua = getUA()): boolean {\n return /android/i.test(ua);\n}\n\nexport function _isBlackBerry(ua = getUA()): boolean {\n return /blackberry/i.test(ua);\n}\n\nexport function _isWebOS(ua = getUA()): boolean {\n return /webos/i.test(ua);\n}\n\nexport function _isIOS(ua = getUA()): boolean {\n return (\n /iphone|ipad|ipod/i.test(ua) ||\n (/macintosh/i.test(ua) && /mobile/i.test(ua))\n );\n}\n\nexport function _isIOS7Or8(ua = getUA()): boolean {\n return (\n /(iPad|iPhone|iPod).*OS 7_\\d/i.test(ua) ||\n /(iPad|iPhone|iPod).*OS 8_\\d/i.test(ua)\n );\n}\n\nexport function _isIOSStandalone(ua = getUA()): boolean {\n return _isIOS(ua) && !!(window.navigator as NavigatorStandalone)?.standalone;\n}\n\nexport function _isIE10(): boolean {\n return isIE() && (document as Document).documentMode === 10;\n}\n\nexport function _isMobileBrowser(ua: string = getUA()): boolean {\n // TODO: implement getBrowserName equivalent for OS.\n return (\n _isIOS(ua) ||\n _isAndroid(ua) ||\n _isWebOS(ua) ||\n _isBlackBerry(ua) ||\n /windows phone/i.test(ua) ||\n _isIEMobile(ua)\n );\n}\n\nexport function _isIframe(): boolean {\n try {\n // Check that the current window is not the top window.\n // If so, return true.\n return !!(window && window !== window.top);\n } catch (e) {\n return false;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { _getBrowserName } from './browser';\nimport { getUA } from '@firebase/util';\n\nexport const enum ClientImplementation {\n CORE = 'JsCore'\n}\n\n/**\n * @internal\n */\nexport const enum ClientPlatform {\n BROWSER = 'Browser',\n NODE = 'Node',\n REACT_NATIVE = 'ReactNative',\n CORDOVA = 'Cordova',\n WORKER = 'Worker',\n WEB_EXTENSION = 'WebExtension'\n}\n\n/*\n * Determine the SDK version string\n */\nexport function _getClientVersion(\n clientPlatform: ClientPlatform,\n frameworks: readonly string[] = []\n): string {\n let reportedPlatform: string;\n switch (clientPlatform) {\n case ClientPlatform.BROWSER:\n // In a browser environment, report the browser name.\n reportedPlatform = _getBrowserName(getUA());\n break;\n case ClientPlatform.WORKER:\n // Technically a worker runs from a browser but we need to differentiate a\n // worker from a browser.\n // For example: Chrome-Worker/JsCore/4.9.1/FirebaseCore-web.\n reportedPlatform = `${_getBrowserName(getUA())}-${clientPlatform}`;\n break;\n default:\n reportedPlatform = clientPlatform;\n }\n const reportedFrameworks = frameworks.length\n ? frameworks.join(',')\n : 'FirebaseCore-web'; /* default value if no other framework is used */\n return `${reportedPlatform}/${ClientImplementation.CORE}/${SDK_VERSION}/${reportedFrameworks}`;\n}\n","/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthInternal } from '../../model/auth';\nimport { Unsubscribe, User } from '../../model/public_types';\nimport { AuthErrorCode } from '../errors';\n\ninterface MiddlewareEntry {\n (user: User | null): Promise<void>;\n onAbort?: () => void;\n}\n\nexport class AuthMiddlewareQueue {\n private readonly queue: MiddlewareEntry[] = [];\n\n constructor(private readonly auth: AuthInternal) {}\n\n pushCallback(\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n ): Unsubscribe {\n // The callback could be sync or async. Wrap it into a\n // function that is always async.\n const wrappedCallback: MiddlewareEntry = (\n user: User | null\n ): Promise<void> =>\n new Promise((resolve, reject) => {\n try {\n const result = callback(user);\n // Either resolve with existing promise or wrap a non-promise\n // return value into a promise.\n resolve(result);\n } catch (e) {\n // Sync callback throws.\n reject(e);\n }\n });\n // Attach the onAbort if present\n wrappedCallback.onAbort = onAbort;\n this.queue.push(wrappedCallback);\n\n const index = this.queue.length - 1;\n return () => {\n // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb\n // indexing of other elements.\n this.queue[index] = () => Promise.resolve();\n };\n }\n\n async runMiddleware(nextUser: User | null): Promise<void> {\n if (this.auth.currentUser === nextUser) {\n return;\n }\n\n // While running the middleware, build a temporary stack of onAbort\n // callbacks to call if one middleware callback rejects.\n\n const onAbortStack: Array<() => void> = [];\n try {\n for (const beforeStateCallback of this.queue) {\n await beforeStateCallback(nextUser);\n\n // Only push the onAbort if the callback succeeds\n if (beforeStateCallback.onAbort) {\n onAbortStack.push(beforeStateCallback.onAbort);\n }\n }\n } catch (e) {\n // Run all onAbort, with separate try/catch to ignore any errors and\n // continue\n onAbortStack.reverse();\n for (const onAbort of onAbortStack) {\n try {\n onAbort();\n } catch (_) {\n /* swallow error */\n }\n }\n\n throw this.auth._errorFactory.create(AuthErrorCode.LOGIN_BLOCKED, {\n originalMessage: (e as Error)?.message\n });\n }\n }\n}\n","/**\n * @license\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { GetPasswordPolicyResponse } from '../../api/password_policy/get_password_policy';\nimport {\n PasswordPolicyCustomStrengthOptions,\n PasswordPolicyInternal,\n PasswordValidationStatusInternal\n} from '../../model/password_policy';\nimport { PasswordValidationStatus } from '../../model/public_types';\n\n// Minimum min password length enforced by the backend, even if no minimum length is set.\nconst MINIMUM_MIN_PASSWORD_LENGTH = 6;\n\n/**\n * Stores password policy requirements and provides password validation against the policy.\n *\n * @internal\n */\nexport class PasswordPolicyImpl implements PasswordPolicyInternal {\n readonly customStrengthOptions: PasswordPolicyCustomStrengthOptions;\n readonly allowedNonAlphanumericCharacters: string;\n readonly enforcementState: string;\n readonly forceUpgradeOnSignin: boolean;\n readonly schemaVersion: number;\n\n constructor(response: GetPasswordPolicyResponse) {\n // Only include custom strength options defined in the response.\n const responseOptions = response.customStrengthOptions;\n this.customStrengthOptions = {};\n // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.\n this.customStrengthOptions.minPasswordLength =\n responseOptions.minPasswordLength ?? MINIMUM_MIN_PASSWORD_LENGTH;\n if (responseOptions.maxPasswordLength) {\n this.customStrengthOptions.maxPasswordLength =\n responseOptions.maxPasswordLength;\n }\n if (responseOptions.containsLowercaseCharacter !== undefined) {\n this.customStrengthOptions.containsLowercaseLetter =\n responseOptions.containsLowercaseCharacter;\n }\n if (responseOptions.containsUppercaseCharacter !== undefined) {\n this.customStrengthOptions.containsUppercaseLetter =\n responseOptions.containsUppercaseCharacter;\n }\n if (responseOptions.containsNumericCharacter !== undefined) {\n this.customStrengthOptions.containsNumericCharacter =\n responseOptions.containsNumericCharacter;\n }\n if (responseOptions.containsNonAlphanumericCharacter !== undefined) {\n this.customStrengthOptions.containsNonAlphanumericCharacter =\n responseOptions.containsNonAlphanumericCharacter;\n }\n\n this.enforcementState = response.enforcementState;\n if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {\n this.enforcementState = 'OFF';\n }\n\n // Use an empty string if no non-alphanumeric characters are specified in the response.\n this.allowedNonAlphanumericCharacters =\n response.allowedNonAlphanumericCharacters?.join('') ?? '';\n\n this.forceUpgradeOnSignin = response.forceUpgradeOnSignin ?? false;\n this.schemaVersion = response.schemaVersion;\n }\n\n validatePassword(password: string): PasswordValidationStatus {\n const status: PasswordValidationStatusInternal = {\n isValid: true,\n passwordPolicy: this\n };\n\n // Check the password length and character options.\n this.validatePasswordLengthOptions(password, status);\n this.validatePasswordCharacterOptions(password, status);\n\n // Combine the status into single isValid property.\n status.isValid &&= status.meetsMinPasswordLength ?? true;\n status.isValid &&= status.meetsMaxPasswordLength ?? true;\n status.isValid &&= status.containsLowercaseLetter ?? true;\n status.isValid &&= status.containsUppercaseLetter ?? true;\n status.isValid &&= status.containsNumericCharacter ?? true;\n status.isValid &&= status.containsNonAlphanumericCharacter ?? true;\n\n return status;\n }\n\n /**\n * Validates that the password meets the length options for the policy.\n *\n * @param password Password to validate.\n * @param status Validation status.\n */\n private validatePasswordLengthOptions(\n password: string,\n status: PasswordValidationStatusInternal\n ): void {\n const minPasswordLength = this.customStrengthOptions.minPasswordLength;\n const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;\n if (minPasswordLength) {\n status.meetsMinPasswordLength = password.length >= minPasswordLength;\n }\n if (maxPasswordLength) {\n status.meetsMaxPasswordLength = password.length <= maxPasswordLength;\n }\n }\n\n /**\n * Validates that the password meets the character options for the policy.\n *\n * @param password Password to validate.\n * @param status Validation status.\n */\n private validatePasswordCharacterOptions(\n password: string,\n status: PasswordValidationStatusInternal\n ): void {\n // Assign statuses for requirements even if the password is an empty string.\n this.updatePasswordCharacterOptionsStatuses(\n status,\n /* containsLowercaseCharacter= */ false,\n /* containsUppercaseCharacter= */ false,\n /* containsNumericCharacter= */ false,\n /* containsNonAlphanumericCharacter= */ false\n );\n\n let passwordChar;\n for (let i = 0; i < password.length; i++) {\n passwordChar = password.charAt(i);\n this.updatePasswordCharacterOptionsStatuses(\n status,\n /* containsLowercaseCharacter= */ passwordChar >= 'a' &&\n passwordChar <= 'z',\n /* containsUppercaseCharacter= */ passwordChar >= 'A' &&\n passwordChar <= 'Z',\n /* containsNumericCharacter= */ passwordChar >= '0' &&\n passwordChar <= '9',\n /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(\n passwordChar\n )\n );\n }\n }\n\n /**\n * Updates the running validation status with the statuses for the character options.\n * Expected to be called each time a character is processed to update each option status\n * based on the current character.\n *\n * @param status Validation status.\n * @param containsLowercaseCharacter Whether the character is a lowercase letter.\n * @param containsUppercaseCharacter Whether the character is an uppercase letter.\n * @param containsNumericCharacter Whether the character is a numeric character.\n * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.\n */\n private updatePasswordCharacterOptionsStatuses(\n status: PasswordValidationStatusInternal,\n containsLowercaseCharacter: boolean,\n containsUppercaseCharacter: boolean,\n containsNumericCharacter: boolean,\n containsNonAlphanumericCharacter: boolean\n ): void {\n if (this.customStrengthOptions.containsLowercaseLetter) {\n status.containsLowercaseLetter ||= containsLowercaseCharacter;\n }\n if (this.customStrengthOptions.containsUppercaseLetter) {\n status.containsUppercaseLetter ||= containsUppercaseCharacter;\n }\n if (this.customStrengthOptions.containsNumericCharacter) {\n status.containsNumericCharacter ||= containsNumericCharacter;\n }\n if (this.customStrengthOptions.containsNonAlphanumericCharacter) {\n status.containsNonAlphanumericCharacter ||=\n containsNonAlphanumericCharacter;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _FirebaseService, FirebaseApp } from '@firebase/app';\nimport { Provider } from '@firebase/component';\nimport { AppCheckInternalComponentName } from '@firebase/app-check-interop-types';\nimport {\n Auth,\n AuthErrorMap,\n AuthSettings,\n EmulatorConfig,\n NextOrObserver,\n Persistence,\n PopupRedirectResolver,\n User,\n UserCredential,\n CompleteFn,\n ErrorFn,\n NextFn,\n Unsubscribe,\n PasswordValidationStatus\n} from '../../model/public_types';\nimport {\n createSubscribe,\n ErrorFactory,\n FirebaseError,\n getModularInstance,\n Observer,\n Subscribe\n} from '@firebase/util';\n\nimport { AuthInternal, ConfigInternal } from '../../model/auth';\nimport { PopupRedirectResolverInternal } from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport {\n AuthErrorCode,\n AuthErrorParams,\n ErrorMapRetriever,\n _DEFAULT_AUTH_ERROR_FACTORY\n} from '../errors';\nimport { PersistenceInternal } from '../persistence';\nimport {\n KeyName,\n PersistenceUserManager\n} from '../persistence/persistence_user_manager';\nimport { _reloadWithoutSaving } from '../user/reload';\nimport { _assert } from '../util/assert';\nimport { _getInstance } from '../util/instantiator';\nimport { _getUserLanguage } from '../util/navigator';\nimport { _getClientVersion } from '../util/version';\nimport { HttpHeader } from '../../api';\nimport {\n RevokeTokenRequest,\n TokenType,\n revokeToken\n} from '../../api/authentication/token';\nimport { AuthMiddlewareQueue } from './middleware';\nimport { RecaptchaConfig } from '../../platform_browser/recaptcha/recaptcha';\nimport { _logWarn } from '../util/log';\nimport { _getPasswordPolicy } from '../../api/password_policy/get_password_policy';\nimport { PasswordPolicyInternal } from '../../model/password_policy';\nimport { PasswordPolicyImpl } from './password_policy_impl';\n\ninterface AsyncAction {\n (): Promise<void>;\n}\n\nexport const enum DefaultConfig {\n TOKEN_API_HOST = 'securetoken.googleapis.com',\n API_HOST = 'identitytoolkit.googleapis.com',\n API_SCHEME = 'https'\n}\n\nexport class AuthImpl implements AuthInternal, _FirebaseService {\n currentUser: User | null = null;\n emulatorConfig: EmulatorConfig | null = null;\n private operations = Promise.resolve();\n private persistenceManager?: PersistenceUserManager;\n private redirectPersistenceManager?: PersistenceUserManager;\n private authStateSubscription = new Subscription<User>(this);\n private idTokenSubscription = new Subscription<User>(this);\n private readonly beforeStateQueue = new AuthMiddlewareQueue(this);\n private redirectUser: UserInternal | null = null;\n private isProactiveRefreshEnabled = false;\n private readonly EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION: number = 1;\n\n // Any network calls will set this to true and prevent subsequent emulator\n // initialization\n _canInitEmulator = true;\n _isInitialized = false;\n _deleted = false;\n _initializationPromise: Promise<void> | null = null;\n _popupRedirectResolver: PopupRedirectResolverInternal | null = null;\n _errorFactory: ErrorFactory<AuthErrorCode, AuthErrorParams> =\n _DEFAULT_AUTH_ERROR_FACTORY;\n _agentRecaptchaConfig: RecaptchaConfig | null = null;\n _tenantRecaptchaConfigs: Record<string, RecaptchaConfig> = {};\n _projectPasswordPolicy: PasswordPolicyInternal | null = null;\n _tenantPasswordPolicies: Record<string, PasswordPolicyInternal> = {};\n readonly name: string;\n\n // Tracks the last notified UID for state change listeners to prevent\n // repeated calls to the callbacks. Undefined means it's never been\n // called, whereas null means it's been called with a signed out user\n private lastNotifiedUid: string | null | undefined = undefined;\n\n languageCode: string | null = null;\n tenantId: string | null = null;\n settings: AuthSettings = { appVerificationDisabledForTesting: false };\n\n constructor(\n public readonly app: FirebaseApp,\n private readonly heartbeatServiceProvider: Provider<'heartbeat'>,\n private readonly appCheckServiceProvider: Provider<AppCheckInternalComponentName>,\n public readonly config: ConfigInternal\n ) {\n this.name = app.name;\n this.clientVersion = config.sdkClientVersion;\n }\n\n _initializeWithPersistence(\n persistenceHierarchy: PersistenceInternal[],\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n if (popupRedirectResolver) {\n this._popupRedirectResolver = _getInstance(popupRedirectResolver);\n }\n\n // Have to check for app deletion throughout initialization (after each\n // promise resolution)\n this._initializationPromise = this.queue(async () => {\n if (this._deleted) {\n return;\n }\n\n this.persistenceManager = await PersistenceUserManager.create(\n this,\n persistenceHierarchy\n );\n\n if (this._deleted) {\n return;\n }\n\n // Initialize the resolver early if necessary (only applicable to web:\n // this will cause the iframe to load immediately in certain cases)\n if (this._popupRedirectResolver?._shouldInitProactively) {\n // If this fails, don't halt auth loading\n try {\n await this._popupRedirectResolver._initialize(this);\n } catch (e) {\n /* Ignore the error */\n }\n }\n\n await this.initializeCurrentUser(popupRedirectResolver);\n this.lastNotifiedUid = this.currentUser?.uid || null;\n\n if (this._deleted) {\n return;\n }\n\n this._isInitialized = true;\n });\n\n return this._initializationPromise;\n }\n\n /**\n * If the persistence is changed in another window, the user manager will let us know\n */\n async _onStorageEvent(): Promise<void> {\n if (this._deleted) {\n return;\n }\n\n const user = await this.assertedPersistence.getCurrentUser();\n\n if (!this.currentUser && !user) {\n // No change, do nothing (was signed out and remained signed out).\n return;\n }\n\n // If the same user is to be synchronized.\n if (this.currentUser && user && this.currentUser.uid === user.uid) {\n // Data update, simply copy data changes.\n this._currentUser._assign(user);\n // If tokens changed from previous user tokens, this will trigger\n // notifyAuthListeners_.\n await this.currentUser.getIdToken();\n return;\n }\n\n // Update current Auth state. Either a new login or logout.\n // Skip blocking callbacks, they should not apply to a change in another tab.\n await this._updateCurrentUser(user, /* skipBeforeStateCallbacks */ true);\n }\n\n private async initializeCurrentUser(\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n // First check to see if we have a pending redirect event.\n const previouslyStoredUser =\n (await this.assertedPersistence.getCurrentUser()) as UserInternal | null;\n let futureCurrentUser = previouslyStoredUser;\n let needsTocheckMiddleware = false;\n if (popupRedirectResolver && this.config.authDomain) {\n await this.getOrInitRedirectPersistenceManager();\n const redirectUserEventId = this.redirectUser?._redirectEventId;\n const storedUserEventId = futureCurrentUser?._redirectEventId;\n const result = await this.tryRedirectSignIn(popupRedirectResolver);\n\n // If the stored user (i.e. the old \"currentUser\") has a redirectId that\n // matches the redirect user, then we want to initially sign in with the\n // new user object from result.\n // TODO(samgho): More thoroughly test all of this\n if (\n (!redirectUserEventId || redirectUserEventId === storedUserEventId) &&\n result?.user\n ) {\n futureCurrentUser = result.user as UserInternal;\n needsTocheckMiddleware = true;\n }\n }\n\n // If no user in persistence, there is no current user. Set to null.\n if (!futureCurrentUser) {\n return this.directlySetCurrentUser(null);\n }\n\n if (!futureCurrentUser._redirectEventId) {\n // This isn't a redirect link operation, we can reload and bail.\n // First though, ensure that we check the middleware is happy.\n if (needsTocheckMiddleware) {\n try {\n await this.beforeStateQueue.runMiddleware(futureCurrentUser);\n } catch (e) {\n futureCurrentUser = previouslyStoredUser;\n // We know this is available since the bit is only set when the\n // resolver is available\n this._popupRedirectResolver!._overrideRedirectResult(this, () =>\n Promise.reject(e)\n );\n }\n }\n\n if (futureCurrentUser) {\n return this.reloadAndSetCurrentUserOrClear(futureCurrentUser);\n } else {\n return this.directlySetCurrentUser(null);\n }\n }\n\n _assert(this._popupRedirectResolver, this, AuthErrorCode.ARGUMENT_ERROR);\n await this.getOrInitRedirectPersistenceManager();\n\n // If the redirect user's event ID matches the current user's event ID,\n // DO NOT reload the current user, otherwise they'll be cleared from storage.\n // This is important for the reauthenticateWithRedirect() flow.\n if (\n this.redirectUser &&\n this.redirectUser._redirectEventId === futureCurrentUser._redirectEventId\n ) {\n return this.directlySetCurrentUser(futureCurrentUser);\n }\n\n return this.reloadAndSetCurrentUserOrClear(futureCurrentUser);\n }\n\n private async tryRedirectSignIn(\n redirectResolver: PopupRedirectResolver\n ): Promise<UserCredential | null> {\n // The redirect user needs to be checked (and signed in if available)\n // during auth initialization. All of the normal sign in and link/reauth\n // flows call back into auth and push things onto the promise queue. We\n // need to await the result of the redirect sign in *inside the promise\n // queue*. This presents a problem: we run into deadlock. See:\n // ┌> [Initialization] ─────┐\n // ┌> [<other queue tasks>] │\n // └─ [getRedirectResult] <─┘\n // where [] are tasks on the queue and arrows denote awaits\n // Initialization will never complete because it's waiting on something\n // that's waiting for initialization to complete!\n //\n // Instead, this method calls getRedirectResult() (stored in\n // _completeRedirectFn) with an optional parameter that instructs all of\n // the underlying auth operations to skip anything that mutates auth state.\n\n let result: UserCredential | null = null;\n try {\n // We know this._popupRedirectResolver is set since redirectResolver\n // is passed in. The _completeRedirectFn expects the unwrapped extern.\n result = await this._popupRedirectResolver!._completeRedirectFn(\n this,\n redirectResolver,\n true\n );\n } catch (e) {\n // Swallow any errors here; the code can retrieve them in\n // getRedirectResult().\n await this._setRedirectUser(null);\n }\n\n return result;\n }\n\n private async reloadAndSetCurrentUserOrClear(\n user: UserInternal\n ): Promise<void> {\n try {\n await _reloadWithoutSaving(user);\n } catch (e) {\n if (\n (e as FirebaseError)?.code !==\n `auth/${AuthErrorCode.NETWORK_REQUEST_FAILED}`\n ) {\n // Something's wrong with the user's token. Log them out and remove\n // them from storage\n return this.directlySetCurrentUser(null);\n }\n }\n\n return this.directlySetCurrentUser(user);\n }\n\n useDeviceLanguage(): void {\n this.languageCode = _getUserLanguage();\n }\n\n async _delete(): Promise<void> {\n this._deleted = true;\n }\n\n async updateCurrentUser(userExtern: User | null): Promise<void> {\n // The public updateCurrentUser method needs to make a copy of the user,\n // and also check that the project matches\n const user = userExtern\n ? (getModularInstance(userExtern) as UserInternal)\n : null;\n if (user) {\n _assert(\n user.auth.config.apiKey === this.config.apiKey,\n this,\n AuthErrorCode.INVALID_AUTH\n );\n }\n return this._updateCurrentUser(user && user._clone(this));\n }\n\n async _updateCurrentUser(\n user: User | null,\n skipBeforeStateCallbacks: boolean = false\n ): Promise<void> {\n if (this._deleted) {\n return;\n }\n if (user) {\n _assert(\n this.tenantId === user.tenantId,\n this,\n AuthErrorCode.TENANT_ID_MISMATCH\n );\n }\n\n if (!skipBeforeStateCallbacks) {\n await this.beforeStateQueue.runMiddleware(user);\n }\n\n return this.queue(async () => {\n await this.directlySetCurrentUser(user as UserInternal | null);\n this.notifyAuthListeners();\n });\n }\n\n async signOut(): Promise<void> {\n // Run first, to block _setRedirectUser() if any callbacks fail.\n await this.beforeStateQueue.runMiddleware(null);\n // Clear the redirect user when signOut is called\n if (this.redirectPersistenceManager || this._popupRedirectResolver) {\n await this._setRedirectUser(null);\n }\n\n // Prevent callbacks from being called again in _updateCurrentUser, as\n // they were already called in the first line.\n return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);\n }\n\n setPersistence(persistence: Persistence): Promise<void> {\n return this.queue(async () => {\n await this.assertedPersistence.setPersistence(_getInstance(persistence));\n });\n }\n\n _getRecaptchaConfig(): RecaptchaConfig | null {\n if (this.tenantId == null) {\n return this._agentRecaptchaConfig;\n } else {\n return this._tenantRecaptchaConfigs[this.tenantId];\n }\n }\n\n async validatePassword(password: string): Promise<PasswordValidationStatus> {\n if (!this._getPasswordPolicyInternal()) {\n await this._updatePasswordPolicy();\n }\n\n // Password policy will be defined after fetching.\n const passwordPolicy: PasswordPolicyInternal =\n this._getPasswordPolicyInternal()!;\n\n // Check that the policy schema version is supported by the SDK.\n // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.\n if (\n passwordPolicy.schemaVersion !==\n this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION\n ) {\n return Promise.reject(\n this._errorFactory.create(\n AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION,\n {}\n )\n );\n }\n\n return passwordPolicy.validatePassword(password);\n }\n\n _getPasswordPolicyInternal(): PasswordPolicyInternal | null {\n if (this.tenantId === null) {\n return this._projectPasswordPolicy;\n } else {\n return this._tenantPasswordPolicies[this.tenantId];\n }\n }\n\n async _updatePasswordPolicy(): Promise<void> {\n const response = await _getPasswordPolicy(this);\n\n const passwordPolicy: PasswordPolicyInternal = new PasswordPolicyImpl(\n response\n );\n\n if (this.tenantId === null) {\n this._projectPasswordPolicy = passwordPolicy;\n } else {\n this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;\n }\n }\n\n _getPersistence(): string {\n return this.assertedPersistence.persistence.type;\n }\n\n _updateErrorMap(errorMap: AuthErrorMap): void {\n this._errorFactory = new ErrorFactory<AuthErrorCode, AuthErrorParams>(\n 'auth',\n 'Firebase',\n (errorMap as ErrorMapRetriever)()\n );\n }\n\n onAuthStateChanged(\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n return this.registerStateListener(\n this.authStateSubscription,\n nextOrObserver,\n error,\n completed\n );\n }\n\n beforeAuthStateChanged(\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n ): Unsubscribe {\n return this.beforeStateQueue.pushCallback(callback, onAbort);\n }\n\n onIdTokenChanged(\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n return this.registerStateListener(\n this.idTokenSubscription,\n nextOrObserver,\n error,\n completed\n );\n }\n\n authStateReady(): Promise<void> {\n return new Promise((resolve, reject) => {\n if (this.currentUser) {\n resolve();\n } else {\n const unsubscribe = this.onAuthStateChanged(() => {\n unsubscribe();\n resolve();\n }, reject);\n }\n });\n }\n\n /**\n * Revokes the given access token. Currently only supports Apple OAuth access tokens.\n */\n async revokeAccessToken(token: string): Promise<void> {\n if (this.currentUser) {\n const idToken = await this.currentUser.getIdToken();\n // Generalize this to accept other providers once supported.\n const request: RevokeTokenRequest = {\n providerId: 'apple.com',\n tokenType: TokenType.ACCESS_TOKEN,\n token,\n idToken\n };\n if (this.tenantId != null) {\n request.tenantId = this.tenantId;\n }\n await revokeToken(this, request);\n }\n }\n\n toJSON(): object {\n return {\n apiKey: this.config.apiKey,\n authDomain: this.config.authDomain,\n appName: this.name,\n currentUser: this._currentUser?.toJSON()\n };\n }\n\n async _setRedirectUser(\n user: UserInternal | null,\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<void> {\n const redirectManager = await this.getOrInitRedirectPersistenceManager(\n popupRedirectResolver\n );\n return user === null\n ? redirectManager.removeCurrentUser()\n : redirectManager.setCurrentUser(user);\n }\n\n private async getOrInitRedirectPersistenceManager(\n popupRedirectResolver?: PopupRedirectResolver\n ): Promise<PersistenceUserManager> {\n if (!this.redirectPersistenceManager) {\n const resolver: PopupRedirectResolverInternal | null =\n (popupRedirectResolver && _getInstance(popupRedirectResolver)) ||\n this._popupRedirectResolver;\n _assert(resolver, this, AuthErrorCode.ARGUMENT_ERROR);\n this.redirectPersistenceManager = await PersistenceUserManager.create(\n this,\n [_getInstance(resolver._redirectPersistence)],\n KeyName.REDIRECT_USER\n );\n this.redirectUser =\n await this.redirectPersistenceManager.getCurrentUser();\n }\n\n return this.redirectPersistenceManager;\n }\n\n async _redirectUserForId(id: string): Promise<UserInternal | null> {\n // Make sure we've cleared any pending persistence actions if we're not in\n // the initializer\n if (this._isInitialized) {\n await this.queue(async () => {});\n }\n\n if (this._currentUser?._redirectEventId === id) {\n return this._currentUser;\n }\n\n if (this.redirectUser?._redirectEventId === id) {\n return this.redirectUser;\n }\n\n return null;\n }\n\n async _persistUserIfCurrent(user: UserInternal): Promise<void> {\n if (user === this.currentUser) {\n return this.queue(async () => this.directlySetCurrentUser(user));\n }\n }\n\n /** Notifies listeners only if the user is current */\n _notifyListenersIfCurrent(user: UserInternal): void {\n if (user === this.currentUser) {\n this.notifyAuthListeners();\n }\n }\n\n _key(): string {\n return `${this.config.authDomain}:${this.config.apiKey}:${this.name}`;\n }\n\n _startProactiveRefresh(): void {\n this.isProactiveRefreshEnabled = true;\n if (this.currentUser) {\n this._currentUser._startProactiveRefresh();\n }\n }\n\n _stopProactiveRefresh(): void {\n this.isProactiveRefreshEnabled = false;\n if (this.currentUser) {\n this._currentUser._stopProactiveRefresh();\n }\n }\n\n /** Returns the current user cast as the internal type */\n get _currentUser(): UserInternal {\n return this.currentUser as UserInternal;\n }\n\n private notifyAuthListeners(): void {\n if (!this._isInitialized) {\n return;\n }\n\n this.idTokenSubscription.next(this.currentUser);\n\n const currentUid = this.currentUser?.uid ?? null;\n if (this.lastNotifiedUid !== currentUid) {\n this.lastNotifiedUid = currentUid;\n this.authStateSubscription.next(this.currentUser);\n }\n }\n\n private registerStateListener(\n subscription: Subscription<User>,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n ): Unsubscribe {\n if (this._deleted) {\n return () => {};\n }\n\n const cb =\n typeof nextOrObserver === 'function'\n ? nextOrObserver\n : nextOrObserver.next.bind(nextOrObserver);\n\n let isUnsubscribed = false;\n\n const promise = this._isInitialized\n ? Promise.resolve()\n : this._initializationPromise;\n _assert(promise, this, AuthErrorCode.INTERNAL_ERROR);\n // The callback needs to be called asynchronously per the spec.\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n promise.then(() => {\n if (isUnsubscribed) {\n return;\n }\n cb(this.currentUser);\n });\n\n if (typeof nextOrObserver === 'function') {\n const unsubscribe = subscription.addObserver(\n nextOrObserver,\n error,\n completed\n );\n return () => {\n isUnsubscribed = true;\n unsubscribe();\n };\n } else {\n const unsubscribe = subscription.addObserver(nextOrObserver);\n return () => {\n isUnsubscribed = true;\n unsubscribe();\n };\n }\n }\n\n /**\n * Unprotected (from race conditions) method to set the current user. This\n * should only be called from within a queued callback. This is necessary\n * because the queue shouldn't rely on another queued callback.\n */\n private async directlySetCurrentUser(\n user: UserInternal | null\n ): Promise<void> {\n if (this.currentUser && this.currentUser !== user) {\n this._currentUser._stopProactiveRefresh();\n }\n if (user && this.isProactiveRefreshEnabled) {\n user._startProactiveRefresh();\n }\n\n this.currentUser = user;\n\n if (user) {\n await this.assertedPersistence.setCurrentUser(user);\n } else {\n await this.assertedPersistence.removeCurrentUser();\n }\n }\n\n private queue(action: AsyncAction): Promise<void> {\n // In case something errors, the callback still should be called in order\n // to keep the promise chain alive\n this.operations = this.operations.then(action, action);\n return this.operations;\n }\n\n private get assertedPersistence(): PersistenceUserManager {\n _assert(this.persistenceManager, this, AuthErrorCode.INTERNAL_ERROR);\n return this.persistenceManager;\n }\n\n private frameworks: string[] = [];\n private clientVersion: string;\n _logFramework(framework: string): void {\n if (!framework || this.frameworks.includes(framework)) {\n return;\n }\n this.frameworks.push(framework);\n\n // Sort alphabetically so that \"FirebaseCore-web,FirebaseUI-web\" and\n // \"FirebaseUI-web,FirebaseCore-web\" aren't viewed as different.\n this.frameworks.sort();\n this.clientVersion = _getClientVersion(\n this.config.clientPlatform,\n this._getFrameworks()\n );\n }\n _getFrameworks(): readonly string[] {\n return this.frameworks;\n }\n async _getAdditionalHeaders(): Promise<Record<string, string>> {\n // Additional headers on every request\n const headers: Record<string, string> = {\n [HttpHeader.X_CLIENT_VERSION]: this.clientVersion\n };\n\n if (this.app.options.appId) {\n headers[HttpHeader.X_FIREBASE_GMPID] = this.app.options.appId;\n }\n\n // If the heartbeat service exists, add the heartbeat string\n const heartbeatsHeader = await this.heartbeatServiceProvider\n .getImmediate({\n optional: true\n })\n ?.getHeartbeatsHeader();\n if (heartbeatsHeader) {\n headers[HttpHeader.X_FIREBASE_CLIENT] = heartbeatsHeader;\n }\n\n // If the App Check service exists, add the App Check token in the headers\n const appCheckToken = await this._getAppCheckToken();\n if (appCheckToken) {\n headers[HttpHeader.X_FIREBASE_APP_CHECK] = appCheckToken;\n }\n\n return headers;\n }\n\n async _getAppCheckToken(): Promise<string | undefined> {\n const appCheckTokenResult = await this.appCheckServiceProvider\n .getImmediate({ optional: true })\n ?.getToken();\n if (appCheckTokenResult?.error) {\n // Context: appCheck.getToken() will never throw even if an error happened.\n // In the error case, a dummy token will be returned along with an error field describing\n // the error. In general, we shouldn't care about the error condition and just use\n // the token (actual or dummy) to send requests.\n _logWarn(\n `Error while retrieving App Check token: ${appCheckTokenResult.error}`\n );\n }\n return appCheckTokenResult?.token;\n }\n}\n\n/**\n * Method to be used to cast down to our private implmentation of Auth.\n * It will also handle unwrapping from the compat type if necessary\n *\n * @param auth Auth object passed in from developer\n */\nexport function _castAuth(auth: Auth): AuthInternal {\n return getModularInstance(auth) as AuthInternal;\n}\n\n/** Helper class to wrap subscriber logic */\nclass Subscription<T> {\n private observer: Observer<T | null> | null = null;\n readonly addObserver: Subscribe<T | null> = createSubscribe(\n observer => (this.observer = observer)\n );\n\n constructor(readonly auth: AuthInternal) {}\n\n get next(): NextFn<T | null> {\n _assert(this.observer, this.auth, AuthErrorCode.INTERNAL_ERROR);\n return this.observer.next.bind(this.observer);\n }\n}\n","/**\n * @license\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performApiRequest,\n Endpoint,\n HttpMethod,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\n/**\n * Request object for fetching the password policy.\n */\nexport interface GetPasswordPolicyRequest {\n tenantId?: string;\n}\n\n/**\n * Response object for fetching the password policy.\n */\nexport interface GetPasswordPolicyResponse {\n customStrengthOptions: {\n minPasswordLength?: number;\n maxPasswordLength?: number;\n containsLowercaseCharacter?: boolean;\n containsUppercaseCharacter?: boolean;\n containsNumericCharacter?: boolean;\n containsNonAlphanumericCharacter?: boolean;\n };\n allowedNonAlphanumericCharacters?: string[];\n enforcementState: string;\n forceUpgradeOnSignin?: boolean;\n schemaVersion: number;\n}\n\n/**\n * Fetches the password policy for the currently set tenant or the project if no tenant is set.\n *\n * @param auth Auth object.\n * @param request Password policy request.\n * @returns Password policy response.\n */\nexport async function _getPasswordPolicy(\n auth: Auth,\n request: GetPasswordPolicyRequest = {}\n): Promise<GetPasswordPolicyResponse> {\n return _performApiRequest<\n GetPasswordPolicyRequest,\n GetPasswordPolicyResponse\n >(\n auth,\n HttpMethod.GET,\n Endpoint.GET_PASSWORD_POLICY,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\ninterface ExternalJSProvider {\n loadJS(url: string): Promise<Event>;\n recaptchaV2Script: string;\n recaptchaEnterpriseScript: string;\n gapiScript: string;\n}\n\nlet externalJSProvider: ExternalJSProvider = {\n async loadJS() {\n throw new Error('Unable to load external scripts');\n },\n\n recaptchaV2Script: '',\n recaptchaEnterpriseScript: '',\n gapiScript: ''\n};\n\nexport function _setExternalJSProvider(p: ExternalJSProvider): void {\n externalJSProvider = p;\n}\n\nexport function _loadJS(url: string): Promise<Event> {\n return externalJSProvider.loadJS(url);\n}\n\nexport function _recaptchaV2ScriptUrl(): string {\n return externalJSProvider.recaptchaV2Script;\n}\n\nexport function _recaptchaEnterpriseScriptUrl(): string {\n return externalJSProvider.recaptchaEnterpriseScript;\n}\n\nexport function _gapiScriptUrl(): string {\n return externalJSProvider.gapiScript;\n}\n\nexport function _generateCallbackName(prefix: string): string {\n return `__${prefix}${Math.floor(Math.random() * 1000000)}`;\n}\n","/* eslint-disable @typescript-eslint/no-require-imports */\n/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { isEnterprise, RecaptchaConfig } from './recaptcha';\nimport { getRecaptchaConfig } from '../../api/authentication/recaptcha';\nimport {\n RecaptchaClientType,\n RecaptchaVersion,\n RecaptchaActionName,\n RecaptchaProvider\n} from '../../api';\n\nimport { Auth } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport * as jsHelpers from '../load_js';\nimport { AuthErrorCode } from '../../core/errors';\n\nexport const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';\nexport const FAKE_TOKEN = 'NO_RECAPTCHA';\n\nexport class RecaptchaEnterpriseVerifier {\n /**\n * Identifies the type of application verifier (e.g. \"recaptcha-enterprise\").\n */\n readonly type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;\n\n private readonly auth: AuthInternal;\n\n /**\n *\n * @param authExtern - The corresponding Firebase {@link Auth} instance.\n *\n */\n constructor(authExtern: Auth) {\n this.auth = _castAuth(authExtern);\n }\n\n /**\n * Executes the verification process.\n *\n * @returns A Promise for a token that can be used to assert the validity of a request.\n */\n async verify(\n action: string = 'verify',\n forceRefresh = false\n ): Promise<string> {\n async function retrieveSiteKey(auth: AuthInternal): Promise<string> {\n if (!forceRefresh) {\n if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {\n return auth._agentRecaptchaConfig.siteKey;\n }\n if (\n auth.tenantId != null &&\n auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined\n ) {\n return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;\n }\n }\n\n return new Promise<string>(async (resolve, reject) => {\n getRecaptchaConfig(auth, {\n clientType: RecaptchaClientType.WEB,\n version: RecaptchaVersion.ENTERPRISE\n })\n .then(response => {\n if (response.recaptchaKey === undefined) {\n reject(new Error('recaptcha Enterprise site key undefined'));\n } else {\n const config = new RecaptchaConfig(response);\n if (auth.tenantId == null) {\n auth._agentRecaptchaConfig = config;\n } else {\n auth._tenantRecaptchaConfigs[auth.tenantId] = config;\n }\n return resolve(config.siteKey);\n }\n })\n .catch(error => {\n reject(error);\n });\n });\n }\n\n function retrieveRecaptchaToken(\n siteKey: string,\n resolve: (value: string | PromiseLike<string>) => void,\n reject: (reason?: unknown) => void\n ): void {\n const grecaptcha = window.grecaptcha;\n if (isEnterprise(grecaptcha)) {\n grecaptcha.enterprise.ready(() => {\n grecaptcha.enterprise\n .execute(siteKey, { action })\n .then(token => {\n resolve(token);\n })\n .catch(() => {\n resolve(FAKE_TOKEN);\n });\n });\n } else {\n reject(Error('No reCAPTCHA enterprise script loaded.'));\n }\n }\n\n return new Promise<string>((resolve, reject) => {\n retrieveSiteKey(this.auth)\n .then(siteKey => {\n if (!forceRefresh && isEnterprise(window.grecaptcha)) {\n retrieveRecaptchaToken(siteKey, resolve, reject);\n } else {\n if (typeof window === 'undefined') {\n reject(\n new Error('RecaptchaVerifier is only supported in browser')\n );\n return;\n }\n let url = jsHelpers._recaptchaEnterpriseScriptUrl();\n if (url.length !== 0) {\n url += siteKey;\n }\n jsHelpers\n ._loadJS(url)\n .then(() => {\n retrieveRecaptchaToken(siteKey, resolve, reject);\n })\n .catch(error => {\n reject(error);\n });\n }\n })\n .catch(error => {\n reject(error);\n });\n });\n }\n}\n\nexport async function injectRecaptchaFields<T>(\n auth: AuthInternal,\n request: T,\n action: RecaptchaActionName,\n captchaResp = false\n): Promise<T> {\n const verifier = new RecaptchaEnterpriseVerifier(auth);\n let captchaResponse;\n try {\n captchaResponse = await verifier.verify(action);\n } catch (error) {\n captchaResponse = await verifier.verify(action, true);\n }\n const newRequest = { ...request };\n if (!captchaResp) {\n Object.assign(newRequest, { captchaResponse });\n } else {\n Object.assign(newRequest, { 'captchaResp': captchaResponse });\n }\n Object.assign(newRequest, { 'clientType': RecaptchaClientType.WEB });\n Object.assign(newRequest, {\n 'recaptchaVersion': RecaptchaVersion.ENTERPRISE\n });\n return newRequest;\n}\n\ntype ActionMethod<TRequest, TResponse> = (\n auth: Auth,\n request: TRequest\n) => Promise<TResponse>;\n\nexport async function handleRecaptchaFlow<TRequest, TResponse>(\n authInstance: AuthInternal,\n request: TRequest,\n actionName: RecaptchaActionName,\n actionMethod: ActionMethod<TRequest, TResponse>\n): Promise<TResponse> {\n if (\n authInstance\n ._getRecaptchaConfig()\n ?.isProviderEnabled(RecaptchaProvider.EMAIL_PASSWORD_PROVIDER)\n ) {\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n actionName === RecaptchaActionName.GET_OOB_CODE\n );\n return actionMethod(authInstance, requestWithRecaptcha);\n } else {\n return actionMethod(authInstance, request).catch(async error => {\n if (error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}`) {\n console.log(\n `${actionName} is protected by reCAPTCHA Enterprise for this project. Automatically triggering the reCAPTCHA flow and restarting the flow.`\n );\n const requestWithRecaptcha = await injectRecaptchaFields(\n authInstance,\n request,\n actionName,\n actionName === RecaptchaActionName.GET_OOB_CODE\n );\n return actionMethod(authInstance, requestWithRecaptcha);\n } else {\n return Promise.reject(error);\n }\n });\n }\n}\n\nexport async function _initializeRecaptchaConfig(auth: Auth): Promise<void> {\n const authInternal = _castAuth(auth);\n\n const response = await getRecaptchaConfig(authInternal, {\n clientType: RecaptchaClientType.WEB,\n version: RecaptchaVersion.ENTERPRISE\n });\n\n const config = new RecaptchaConfig(response);\n if (authInternal.tenantId == null) {\n authInternal._agentRecaptchaConfig = config;\n } else {\n authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;\n }\n\n if (config.isProviderEnabled(RecaptchaProvider.EMAIL_PASSWORD_PROVIDER)) {\n const verifier = new RecaptchaEnterpriseVerifier(authInternal);\n void verifier.verify();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _getProvider, FirebaseApp } from '@firebase/app';\nimport { deepEqual } from '@firebase/util';\nimport { Auth, Dependencies } from '../../model/public_types';\n\nimport { AuthErrorCode } from '../errors';\nimport { PersistenceInternal } from '../persistence';\nimport { _fail } from '../util/assert';\nimport { _getInstance } from '../util/instantiator';\nimport { AuthImpl } from './auth_impl';\n\n/**\n * Initializes an {@link Auth} instance with fine-grained control over\n * {@link Dependencies}.\n *\n * @remarks\n *\n * This function allows more control over the {@link Auth} instance than\n * {@link getAuth}. `getAuth` uses platform-specific defaults to supply\n * the {@link Dependencies}. In general, `getAuth` is the easiest way to\n * initialize Auth and works for most use cases. Use `initializeAuth` if you\n * need control over which persistence layer is used, or to minimize bundle\n * size if you're not using either `signInWithPopup` or `signInWithRedirect`.\n *\n * For example, if your app only uses anonymous accounts and you only want\n * accounts saved for the current session, initialize `Auth` with:\n *\n * ```js\n * const auth = initializeAuth(app, {\n * persistence: browserSessionPersistence,\n * popupRedirectResolver: undefined,\n * });\n * ```\n *\n * @public\n */\nexport function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth {\n const provider = _getProvider(app, 'auth');\n\n if (provider.isInitialized()) {\n const auth = provider.getImmediate() as AuthImpl;\n const initialOptions = provider.getOptions() as Dependencies;\n if (deepEqual(initialOptions, deps ?? {})) {\n return auth;\n } else {\n _fail(auth, AuthErrorCode.ALREADY_INITIALIZED);\n }\n }\n\n const auth = provider.initialize({ options: deps }) as AuthImpl;\n\n return auth;\n}\n\nexport function _initializeAuthInstance(\n auth: AuthImpl,\n deps?: Dependencies\n): void {\n const persistence = deps?.persistence || [];\n const hierarchy = (\n Array.isArray(persistence) ? persistence : [persistence]\n ).map<PersistenceInternal>(_getInstance);\n if (deps?.errorMap) {\n auth._updateErrorMap(deps.errorMap);\n }\n\n // This promise is intended to float; auth initialization happens in the\n // background, meanwhile the auth object may be used by the app.\n // eslint-disable-next-line @typescript-eslint/no-floating-promises\n auth._initializeWithPersistence(hierarchy, deps?.popupRedirectResolver);\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Auth } from '../../model/public_types';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _castAuth } from './auth_impl';\n\n/**\n * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production\n * Firebase Auth services.\n *\n * @remarks\n * This must be called synchronously immediately following the first call to\n * {@link initializeAuth}. Do not use with production credentials as emulator\n * traffic is not encrypted.\n *\n *\n * @example\n * ```javascript\n * connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').\n * @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to\n * `true` to disable the warning banner attached to the DOM.\n *\n * @public\n */\nexport function connectAuthEmulator(\n auth: Auth,\n url: string,\n options?: { disableWarnings: boolean }\n): void {\n const authInternal = _castAuth(auth);\n _assert(\n authInternal._canInitEmulator,\n authInternal,\n AuthErrorCode.EMULATOR_CONFIG_FAILED\n );\n\n _assert(\n /^https?:\\/\\//.test(url),\n authInternal,\n AuthErrorCode.INVALID_EMULATOR_SCHEME\n );\n\n const disableWarnings = !!options?.disableWarnings;\n\n const protocol = extractProtocol(url);\n const { host, port } = extractHostAndPort(url);\n const portStr = port === null ? '' : `:${port}`;\n\n // Always replace path with \"/\" (even if input url had no path at all, or had a different one).\n authInternal.config.emulator = { url: `${protocol}//${host}${portStr}/` };\n authInternal.settings.appVerificationDisabledForTesting = true;\n authInternal.emulatorConfig = Object.freeze({\n host,\n port,\n protocol: protocol.replace(':', ''),\n options: Object.freeze({ disableWarnings })\n });\n\n if (!disableWarnings) {\n emitEmulatorWarning();\n }\n}\n\nfunction extractProtocol(url: string): string {\n const protocolEnd = url.indexOf(':');\n return protocolEnd < 0 ? '' : url.substr(0, protocolEnd + 1);\n}\n\nfunction extractHostAndPort(url: string): {\n host: string;\n port: number | null;\n} {\n const protocol = extractProtocol(url);\n const authority = /(\\/\\/)?([^?#/]+)/.exec(url.substr(protocol.length)); // Between // and /, ? or #.\n if (!authority) {\n return { host: '', port: null };\n }\n const hostAndPort = authority[2].split('@').pop() || ''; // Strip out \"username:password@\".\n const bracketedIPv6 = /^(\\[[^\\]]+\\])(:|$)/.exec(hostAndPort);\n if (bracketedIPv6) {\n const host = bracketedIPv6[1];\n return { host, port: parsePort(hostAndPort.substr(host.length + 1)) };\n } else {\n const [host, port] = hostAndPort.split(':');\n return { host, port: parsePort(port) };\n }\n}\n\nfunction parsePort(portStr: string): number | null {\n if (!portStr) {\n return null;\n }\n const port = Number(portStr);\n if (isNaN(port)) {\n return null;\n }\n return port;\n}\n\nfunction emitEmulatorWarning(): void {\n function attachBanner(): void {\n const el = document.createElement('p');\n const sty = el.style;\n el.innerText =\n 'Running in emulator mode. Do not use with production credentials.';\n sty.position = 'fixed';\n sty.width = '100%';\n sty.backgroundColor = '#ffffff';\n sty.border = '.1em solid #000000';\n sty.color = '#b50000';\n sty.bottom = '0px';\n sty.left = '0px';\n sty.margin = '0px';\n sty.zIndex = '10000';\n sty.textAlign = 'center';\n el.classList.add('firebase-emulator-warning');\n document.body.appendChild(el);\n }\n\n if (typeof console !== 'undefined' && typeof console.info === 'function') {\n console.info(\n 'WARNING: You are using the Auth Emulator,' +\n ' which is intended for local testing only. Do not use with' +\n ' production credentials.'\n );\n }\n if (typeof window !== 'undefined' && typeof document !== 'undefined') {\n if (document.readyState === 'loading') {\n window.addEventListener('DOMContentLoaded', attachBanner);\n } else {\n attachBanner();\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { debugFail } from '../util/assert';\n\n/**\n * Interface that represents the credentials returned by an {@link AuthProvider}.\n *\n * @remarks\n * Implementations specify the details about each auth provider's credential requirements.\n *\n * @public\n */\nexport class AuthCredential {\n /** @internal */\n protected constructor(\n /**\n * The authentication provider ID for the credential.\n *\n * @remarks\n * For example, 'facebook.com', or 'google.com'.\n */\n readonly providerId: string,\n /**\n * The authentication sign in method for the credential.\n *\n * @remarks\n * For example, {@link SignInMethod}.EMAIL_PASSWORD, or\n * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method\n * identifier as returned in {@link fetchSignInMethodsForEmail}.\n */\n readonly signInMethod: string\n ) {}\n\n /**\n * Returns a JSON-serializable representation of this object.\n *\n * @returns a JSON-serializable representation of this object.\n */\n toJSON(): object {\n return debugFail('not implemented');\n }\n\n /** @internal */\n _getIdTokenResponse(_auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return debugFail('not implemented');\n }\n /** @internal */\n _linkToIdToken(\n _auth: AuthInternal,\n _idToken: string\n ): Promise<IdTokenResponse> {\n return debugFail('not implemented');\n }\n /** @internal */\n _getReauthenticationResolver(_auth: AuthInternal): Promise<IdTokenResponse> {\n return debugFail('not implemented');\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeOperation, Auth } from '../../model/public_types';\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { MfaEnrollment } from './mfa';\nimport { SignUpRequest, SignUpResponse } from '../authentication/sign_up';\n\nexport interface ResetPasswordRequest {\n oobCode: string;\n newPassword?: string;\n tenantId?: string;\n}\n\nexport interface ResetPasswordResponse {\n email: string;\n newEmail?: string;\n requestType?: ActionCodeOperation;\n mfaInfo?: MfaEnrollment;\n}\n\nexport async function resetPassword(\n auth: Auth,\n request: ResetPasswordRequest\n): Promise<ResetPasswordResponse> {\n return _performApiRequest<ResetPasswordRequest, ResetPasswordResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.RESET_PASSWORD,\n _addTidIfNecessary(auth, request)\n );\n}\nexport interface UpdateEmailPasswordRequest {\n idToken: string;\n returnSecureToken?: boolean;\n email?: string;\n password?: string;\n}\n\nexport interface UpdateEmailPasswordResponse extends IdTokenResponse {}\n\nexport async function updateEmailPassword(\n auth: Auth,\n request: UpdateEmailPasswordRequest\n): Promise<UpdateEmailPasswordResponse> {\n return _performApiRequest<\n UpdateEmailPasswordRequest,\n UpdateEmailPasswordResponse\n >(auth, HttpMethod.POST, Endpoint.SET_ACCOUNT_INFO, request);\n}\n\n// Used for linking an email/password account to an existing idToken. Uses the same request/response\n// format as updateEmailPassword.\nexport async function linkEmailPassword(\n auth: Auth,\n request: SignUpRequest\n): Promise<SignUpResponse> {\n return _performApiRequest<SignUpRequest, SignUpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_UP,\n request\n );\n}\n\nexport interface ApplyActionCodeRequest {\n oobCode: string;\n tenantId?: string;\n}\n\nexport interface ApplyActionCodeResponse {}\n\nexport async function applyActionCode(\n auth: Auth,\n request: ApplyActionCodeRequest\n): Promise<ApplyActionCodeResponse> {\n return _performApiRequest<ApplyActionCodeRequest, ApplyActionCodeResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SET_ACCOUNT_INFO,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeOperation, Auth } from '../../model/public_types';\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performApiRequest,\n _performSignInRequest\n} from '../index';\nimport { IdToken, IdTokenResponse } from '../../model/id_token';\n\nexport interface SignInWithPasswordRequest {\n returnSecureToken?: boolean;\n email: string;\n password: string;\n tenantId?: string;\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SignInWithPasswordResponse extends IdTokenResponse {\n email: string;\n displayName: string;\n}\n\nexport async function signInWithPassword(\n auth: Auth,\n request: SignInWithPasswordRequest\n): Promise<SignInWithPasswordResponse> {\n return _performSignInRequest<\n SignInWithPasswordRequest,\n SignInWithPasswordResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PASSWORD,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface GetOobCodeRequest {\n email?: string; // Everything except VERIFY_AND_CHANGE_EMAIL\n continueUrl?: string;\n iOSBundleId?: string;\n iosAppStoreId?: string;\n androidPackageName?: string;\n androidInstallApp?: boolean;\n androidMinimumVersionCode?: string;\n canHandleCodeInApp?: boolean;\n dynamicLinkDomain?: string;\n tenantId?: string;\n targetProjectid?: string;\n}\n\nexport interface VerifyEmailRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.VERIFY_EMAIL;\n idToken: IdToken;\n}\n\nexport interface PasswordResetRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.PASSWORD_RESET;\n email: string;\n captchaResp?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface EmailSignInRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.EMAIL_SIGNIN;\n email: string;\n captchaResp?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface VerifyAndChangeEmailRequest extends GetOobCodeRequest {\n requestType: ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL;\n idToken: IdToken;\n newEmail: string;\n}\n\ninterface GetOobCodeResponse {\n email: string;\n}\n\nexport interface VerifyEmailResponse extends GetOobCodeResponse {}\nexport interface PasswordResetResponse extends GetOobCodeResponse {}\nexport interface EmailSignInResponse extends GetOobCodeResponse {}\nexport interface VerifyAndChangeEmailResponse extends GetOobCodeRequest {}\n\nasync function sendOobCode(\n auth: Auth,\n request: GetOobCodeRequest\n): Promise<GetOobCodeResponse> {\n return _performApiRequest<GetOobCodeRequest, GetOobCodeResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SEND_OOB_CODE,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport async function sendEmailVerification(\n auth: Auth,\n request: VerifyEmailRequest\n): Promise<VerifyEmailResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function sendPasswordResetEmail(\n auth: Auth,\n request: PasswordResetRequest\n): Promise<PasswordResetResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function sendSignInLinkToEmail(\n auth: Auth,\n request: EmailSignInRequest\n): Promise<EmailSignInResponse> {\n return sendOobCode(auth, request);\n}\n\nexport async function verifyAndChangeEmail(\n auth: Auth,\n request: VerifyAndChangeEmailRequest\n): Promise<VerifyAndChangeEmailResponse> {\n return sendOobCode(auth, request);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\nimport { linkEmailPassword } from '../../api/account_management/email_and_password';\nimport {\n signInWithPassword,\n SignInWithPasswordRequest\n} from '../../api/authentication/email_and_password';\nimport {\n signInWithEmailLink,\n signInWithEmailLinkForLinking\n} from '../../api/authentication/email_link';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from '../util/assert';\nimport { AuthCredential } from './auth_credential';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { RecaptchaActionName, RecaptchaClientType } from '../../api';\nimport { SignUpRequest } from '../../api/authentication/sign_up';\n/**\n * Interface that represents the credentials returned by {@link EmailAuthProvider} for\n * {@link ProviderId}.PASSWORD\n *\n * @remarks\n * Covers both {@link SignInMethod}.EMAIL_PASSWORD and\n * {@link SignInMethod}.EMAIL_LINK.\n *\n * @public\n */\nexport class EmailAuthCredential extends AuthCredential {\n /** @internal */\n private constructor(\n /** @internal */\n readonly _email: string,\n /** @internal */\n readonly _password: string,\n signInMethod: SignInMethod,\n /** @internal */\n readonly _tenantId: string | null = null\n ) {\n super(ProviderId.PASSWORD, signInMethod);\n }\n\n /** @internal */\n static _fromEmailAndPassword(\n email: string,\n password: string\n ): EmailAuthCredential {\n return new EmailAuthCredential(\n email,\n password,\n SignInMethod.EMAIL_PASSWORD\n );\n }\n\n /** @internal */\n static _fromEmailAndCode(\n email: string,\n oobCode: string,\n tenantId: string | null = null\n ): EmailAuthCredential {\n return new EmailAuthCredential(\n email,\n oobCode,\n SignInMethod.EMAIL_LINK,\n tenantId\n );\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n email: this._email,\n password: this._password,\n signInMethod: this.signInMethod,\n tenantId: this._tenantId\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.\n *\n * @param json - Either `object` or the stringified representation of the object. When string is\n * provided, `JSON.parse` would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: object | string): EmailAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n if (obj?.email && obj?.password) {\n if (obj.signInMethod === SignInMethod.EMAIL_PASSWORD) {\n return this._fromEmailAndPassword(obj.email, obj.password);\n } else if (obj.signInMethod === SignInMethod.EMAIL_LINK) {\n return this._fromEmailAndCode(obj.email, obj.password, obj.tenantId);\n }\n }\n return null;\n }\n\n /** @internal */\n async _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n switch (this.signInMethod) {\n case SignInMethod.EMAIL_PASSWORD:\n const request: SignInWithPasswordRequest = {\n returnSecureToken: true,\n email: this._email,\n password: this._password,\n clientType: RecaptchaClientType.WEB\n };\n return handleRecaptchaFlow(\n auth,\n request,\n RecaptchaActionName.SIGN_IN_WITH_PASSWORD,\n signInWithPassword\n );\n case SignInMethod.EMAIL_LINK:\n return signInWithEmailLink(auth, {\n email: this._email,\n oobCode: this._password\n });\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n /** @internal */\n async _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n switch (this.signInMethod) {\n case SignInMethod.EMAIL_PASSWORD:\n const request: SignUpRequest = {\n idToken,\n returnSecureToken: true,\n email: this._email,\n password: this._password,\n clientType: RecaptchaClientType.WEB\n };\n return handleRecaptchaFlow(\n auth,\n request,\n RecaptchaActionName.SIGN_UP_PASSWORD,\n linkEmailPassword\n );\n case SignInMethod.EMAIL_LINK:\n return signInWithEmailLinkForLinking(auth, {\n idToken,\n email: this._email,\n oobCode: this._password\n });\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return this._getIdTokenResponse(auth);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performSignInRequest,\n Endpoint,\n HttpMethod,\n _addTidIfNecessary\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithEmailLinkRequest {\n email: string;\n oobCode: string;\n tenantId?: string;\n}\n\nexport interface SignInWithEmailLinkResponse extends IdTokenResponse {\n email: string;\n isNewUser: boolean;\n}\n\nexport async function signInWithEmailLink(\n auth: Auth,\n request: SignInWithEmailLinkRequest\n): Promise<SignInWithEmailLinkResponse> {\n return _performSignInRequest<\n SignInWithEmailLinkRequest,\n SignInWithEmailLinkResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_EMAIL_LINK,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface SignInWithEmailLinkForLinkingRequest\n extends SignInWithEmailLinkRequest {\n idToken: string;\n}\n\nexport async function signInWithEmailLinkForLinking(\n auth: Auth,\n request: SignInWithEmailLinkForLinkingRequest\n): Promise<SignInWithEmailLinkResponse> {\n return _performSignInRequest<\n SignInWithEmailLinkForLinkingRequest,\n SignInWithEmailLinkResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_EMAIL_LINK,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdToken, IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithIdpRequest {\n requestUri: string;\n postBody?: string;\n sessionId?: string;\n tenantId?: string;\n returnSecureToken: boolean;\n returnIdpCredential?: boolean;\n idToken?: IdToken;\n autoCreate?: boolean;\n pendingToken?: string;\n}\n\n/**\n * @internal\n */\nexport interface SignInWithIdpResponse extends IdTokenResponse {\n oauthAccessToken?: string;\n oauthTokenSecret?: string;\n nonce?: string;\n oauthIdToken?: string;\n pendingToken?: string;\n}\n\nexport async function signInWithIdp(\n auth: Auth,\n request: SignInWithIdpRequest\n): Promise<SignInWithIdpResponse> {\n return _performSignInRequest<SignInWithIdpRequest, SignInWithIdpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_IDP,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { querystring } from '@firebase/util';\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from '../util/assert';\nimport { AuthCredential } from './auth_credential';\n\nconst IDP_REQUEST_URI = 'http://localhost';\n\nexport interface OAuthCredentialParams {\n // OAuth 2 uses either id token or access token\n idToken?: string | null;\n accessToken?: string | null;\n\n // These fields are used with OAuth 1\n oauthToken?: string;\n secret?: string;\n oauthTokenSecret?: string;\n\n // Nonce is only set if pendingToken is not present\n nonce?: string;\n pendingToken?: string;\n\n // Utilities\n providerId: string;\n signInMethod: string;\n}\n\n/**\n * Represents the OAuth credentials returned by an {@link OAuthProvider}.\n *\n * @remarks\n * Implementations specify the details about each auth provider's credential requirements.\n *\n * @public\n */\nexport class OAuthCredential extends AuthCredential {\n /**\n * The OAuth ID token associated with the credential if it belongs to an OIDC provider,\n * such as `google.com`.\n * @readonly\n */\n idToken?: string;\n /**\n * The OAuth access token associated with the credential if it belongs to an\n * {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.\n * @readonly\n */\n accessToken?: string;\n /**\n * The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0\n * provider, such as `twitter.com`.\n * @readonly\n */\n secret?: string;\n\n private nonce?: string;\n private pendingToken: string | null = null;\n\n /** @internal */\n static _fromParams(params: OAuthCredentialParams): OAuthCredential {\n const cred = new OAuthCredential(params.providerId, params.signInMethod);\n\n if (params.idToken || params.accessToken) {\n // OAuth 2 and either ID token or access token.\n if (params.idToken) {\n cred.idToken = params.idToken;\n }\n\n if (params.accessToken) {\n cred.accessToken = params.accessToken;\n }\n\n // Add nonce if available and no pendingToken is present.\n if (params.nonce && !params.pendingToken) {\n cred.nonce = params.nonce;\n }\n\n if (params.pendingToken) {\n cred.pendingToken = params.pendingToken;\n }\n } else if (params.oauthToken && params.oauthTokenSecret) {\n // OAuth 1 and OAuth token with token secret\n cred.accessToken = params.oauthToken;\n cred.secret = params.oauthTokenSecret;\n } else {\n _fail(AuthErrorCode.ARGUMENT_ERROR);\n }\n\n return cred;\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n idToken: this.idToken,\n accessToken: this.accessToken,\n secret: this.secret,\n nonce: this.nonce,\n pendingToken: this.pendingToken,\n providerId: this.providerId,\n signInMethod: this.signInMethod\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an\n * {@link AuthCredential}.\n *\n * @param json - Input can be either Object or the stringified representation of the object.\n * When string is provided, JSON.parse would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: string | object): OAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n const { providerId, signInMethod, ...rest }: OAuthCredentialParams = obj;\n if (!providerId || !signInMethod) {\n return null;\n }\n\n const cred = new OAuthCredential(providerId, signInMethod);\n cred.idToken = rest.idToken || undefined;\n cred.accessToken = rest.accessToken || undefined;\n cred.secret = rest.secret;\n cred.nonce = rest.nonce;\n cred.pendingToken = rest.pendingToken || null;\n return cred;\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.idToken = idToken;\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.autoCreate = false;\n return signInWithIdp(auth, request);\n }\n\n private buildRequest(): SignInWithIdpRequest {\n const request: SignInWithIdpRequest = {\n requestUri: IDP_REQUEST_URI,\n returnSecureToken: true\n };\n\n if (this.pendingToken) {\n request.pendingToken = this.pendingToken;\n } else {\n const postBody: Record<string, string> = {};\n if (this.idToken) {\n postBody['id_token'] = this.idToken;\n }\n if (this.accessToken) {\n postBody['access_token'] = this.accessToken;\n }\n if (this.secret) {\n postBody['oauth_token_secret'] = this.secret;\n }\n\n postBody['providerId'] = this.providerId;\n if (this.nonce && !this.pendingToken) {\n postBody['nonce'] = this.nonce;\n }\n\n request.postBody = querystring(postBody);\n }\n\n return request;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _makeTaggedError,\n _performApiRequest,\n _performSignInRequest\n} from '../index';\nimport { AuthErrorCode } from '../../core/errors';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { ServerError, ServerErrorMap } from '../errors';\nimport { Auth } from '../../model/public_types';\n\nexport interface SendPhoneVerificationCodeRequest {\n phoneNumber: string;\n recaptchaToken: string;\n tenantId?: string;\n}\n\nexport interface SendPhoneVerificationCodeResponse {\n sessionInfo: string;\n}\n\nexport async function sendPhoneVerificationCode(\n auth: Auth,\n request: SendPhoneVerificationCodeRequest\n): Promise<SendPhoneVerificationCodeResponse> {\n return _performApiRequest<\n SendPhoneVerificationCodeRequest,\n SendPhoneVerificationCodeResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SEND_VERIFICATION_CODE,\n _addTidIfNecessary(auth, request)\n );\n}\n\n/**\n * @internal\n */\nexport interface SignInWithPhoneNumberRequest {\n temporaryProof?: string;\n phoneNumber?: string;\n sessionInfo?: string;\n code?: string;\n tenantId?: string;\n}\n\nexport interface LinkWithPhoneNumberRequest\n extends SignInWithPhoneNumberRequest {\n idToken: string;\n}\n\n/**\n * @internal\n */\nexport interface SignInWithPhoneNumberResponse extends IdTokenResponse {\n temporaryProof?: string;\n phoneNumber?: string;\n}\n\nexport async function signInWithPhoneNumber(\n auth: Auth,\n request: SignInWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n return _performSignInRequest<\n SignInWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport async function linkWithPhoneNumber(\n auth: Auth,\n request: LinkWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n const response = await _performSignInRequest<\n LinkWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, request)\n );\n if (response.temporaryProof) {\n throw _makeTaggedError(auth, AuthErrorCode.NEED_CONFIRMATION, response);\n }\n return response;\n}\n\ninterface VerifyPhoneNumberForExistingRequest\n extends SignInWithPhoneNumberRequest {\n operation: 'REAUTH';\n}\n\nconst VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_: Partial<\n ServerErrorMap<ServerError>\n> = {\n [ServerError.USER_NOT_FOUND]: AuthErrorCode.USER_DELETED\n};\n\nexport async function verifyPhoneNumberForExisting(\n auth: Auth,\n request: SignInWithPhoneNumberRequest\n): Promise<SignInWithPhoneNumberResponse> {\n const apiRequest: VerifyPhoneNumberForExistingRequest = {\n ...request,\n operation: 'REAUTH'\n };\n return _performSignInRequest<\n VerifyPhoneNumberForExistingRequest,\n SignInWithPhoneNumberResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_PHONE_NUMBER,\n _addTidIfNecessary(auth, apiRequest),\n VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport {\n linkWithPhoneNumber,\n signInWithPhoneNumber,\n SignInWithPhoneNumberRequest,\n verifyPhoneNumberForExisting\n} from '../../api/authentication/sms';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthCredential } from './auth_credential';\n\nexport interface PhoneAuthCredentialParameters {\n verificationId?: string;\n verificationCode?: string;\n phoneNumber?: string;\n temporaryProof?: string;\n}\n\n/**\n * Represents the credentials returned by {@link PhoneAuthProvider}.\n *\n * @public\n */\nexport class PhoneAuthCredential extends AuthCredential {\n private constructor(private readonly params: PhoneAuthCredentialParameters) {\n super(ProviderId.PHONE, SignInMethod.PHONE);\n }\n\n /** @internal */\n static _fromVerification(\n verificationId: string,\n verificationCode: string\n ): PhoneAuthCredential {\n return new PhoneAuthCredential({ verificationId, verificationCode });\n }\n\n /** @internal */\n static _fromTokenResponse(\n phoneNumber: string,\n temporaryProof: string\n ): PhoneAuthCredential {\n return new PhoneAuthCredential({ phoneNumber, temporaryProof });\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return signInWithPhoneNumber(auth, this._makeVerificationRequest());\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n return linkWithPhoneNumber(auth, {\n idToken,\n ...this._makeVerificationRequest()\n });\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return verifyPhoneNumberForExisting(auth, this._makeVerificationRequest());\n }\n\n /** @internal */\n _makeVerificationRequest(): SignInWithPhoneNumberRequest {\n const { temporaryProof, phoneNumber, verificationId, verificationCode } =\n this.params;\n if (temporaryProof && phoneNumber) {\n return { temporaryProof, phoneNumber };\n }\n\n return {\n sessionInfo: verificationId,\n code: verificationCode\n };\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n const obj: Record<string, string> = {\n providerId: this.providerId\n };\n if (this.params.phoneNumber) {\n obj.phoneNumber = this.params.phoneNumber;\n }\n if (this.params.temporaryProof) {\n obj.temporaryProof = this.params.temporaryProof;\n }\n if (this.params.verificationCode) {\n obj.verificationCode = this.params.verificationCode;\n }\n if (this.params.verificationId) {\n obj.verificationId = this.params.verificationId;\n }\n\n return obj;\n }\n\n /** Generates a phone credential based on a plain object or a JSON string. */\n static fromJSON(json: object | string): PhoneAuthCredential | null {\n if (typeof json === 'string') {\n json = JSON.parse(json);\n }\n\n const { verificationId, verificationCode, phoneNumber, temporaryProof } =\n json as { [key: string]: string };\n if (\n !verificationCode &&\n !verificationId &&\n !phoneNumber &&\n !temporaryProof\n ) {\n return null;\n }\n\n return new PhoneAuthCredential({\n verificationId,\n verificationCode,\n phoneNumber,\n temporaryProof\n });\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { extractQuerystring, querystringDecode } from '@firebase/util';\nimport { ActionCodeOperation } from '../model/public_types';\nimport { AuthErrorCode } from './errors';\nimport { _assert } from './util/assert';\n\n/**\n * Enums for fields in URL query string.\n *\n * @enum {string}\n */\nconst enum QueryField {\n API_KEY = 'apiKey',\n CODE = 'oobCode',\n CONTINUE_URL = 'continueUrl',\n LANGUAGE_CODE = 'languageCode',\n MODE = 'mode',\n TENANT_ID = 'tenantId'\n}\n\n/**\n * Maps the mode string in action code URL to Action Code Info operation.\n *\n * @param mode\n */\nfunction parseMode(mode: string | null): ActionCodeOperation | null {\n switch (mode) {\n case 'recoverEmail':\n return ActionCodeOperation.RECOVER_EMAIL;\n case 'resetPassword':\n return ActionCodeOperation.PASSWORD_RESET;\n case 'signIn':\n return ActionCodeOperation.EMAIL_SIGNIN;\n case 'verifyEmail':\n return ActionCodeOperation.VERIFY_EMAIL;\n case 'verifyAndChangeEmail':\n return ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL;\n case 'revertSecondFactorAddition':\n return ActionCodeOperation.REVERT_SECOND_FACTOR_ADDITION;\n default:\n return null;\n }\n}\n\n/**\n * Helper to parse FDL links\n *\n * @param url\n */\nfunction parseDeepLink(url: string): string {\n const link = querystringDecode(extractQuerystring(url))['link'];\n\n // Double link case (automatic redirect).\n const doubleDeepLink = link\n ? querystringDecode(extractQuerystring(link))['deep_link_id']\n : null;\n // iOS custom scheme links.\n const iOSDeepLink = querystringDecode(extractQuerystring(url))[\n 'deep_link_id'\n ];\n const iOSDoubleDeepLink = iOSDeepLink\n ? querystringDecode(extractQuerystring(iOSDeepLink))['link']\n : null;\n return iOSDoubleDeepLink || iOSDeepLink || doubleDeepLink || link || url;\n}\n\n/**\n * A utility class to parse email action URLs such as password reset, email verification,\n * email link sign in, etc.\n *\n * @public\n */\nexport class ActionCodeURL {\n /**\n * The API key of the email action link.\n */\n readonly apiKey: string;\n /**\n * The action code of the email action link.\n */\n readonly code: string;\n /**\n * The continue URL of the email action link. Null if not provided.\n */\n readonly continueUrl: string | null;\n /**\n * The language code of the email action link. Null if not provided.\n */\n readonly languageCode: string | null;\n /**\n * The action performed by the email action link. It returns from one of the types from\n * {@link ActionCodeInfo}\n */\n readonly operation: string;\n /**\n * The tenant ID of the email action link. Null if the email action is from the parent project.\n */\n readonly tenantId: string | null;\n\n /**\n * @param actionLink - The link from which to extract the URL.\n * @returns The {@link ActionCodeURL} object, or null if the link is invalid.\n *\n * @internal\n */\n constructor(actionLink: string) {\n const searchParams = querystringDecode(extractQuerystring(actionLink));\n const apiKey = searchParams[QueryField.API_KEY] ?? null;\n const code = searchParams[QueryField.CODE] ?? null;\n const operation = parseMode(searchParams[QueryField.MODE] ?? null);\n // Validate API key, code and mode.\n _assert(apiKey && code && operation, AuthErrorCode.ARGUMENT_ERROR);\n this.apiKey = apiKey;\n this.operation = operation;\n this.code = code;\n this.continueUrl = searchParams[QueryField.CONTINUE_URL] ?? null;\n this.languageCode = searchParams[QueryField.LANGUAGE_CODE] ?? null;\n this.tenantId = searchParams[QueryField.TENANT_ID] ?? null;\n }\n\n /**\n * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,\n * otherwise returns null.\n *\n * @param link - The email action link string.\n * @returns The {@link ActionCodeURL} object, or null if the link is invalid.\n *\n * @public\n */\n static parseLink(link: string): ActionCodeURL | null {\n const actionLink = parseDeepLink(link);\n try {\n return new ActionCodeURL(actionLink);\n } catch {\n return null;\n }\n }\n}\n\n/**\n * Parses the email action link string and returns an {@link ActionCodeURL} if\n * the link is valid, otherwise returns null.\n *\n * @public\n */\nexport function parseActionCodeURL(link: string): ActionCodeURL | null {\n return ActionCodeURL.parseLink(link);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ProviderId, SignInMethod } from '../../model/enums';\nimport { AuthProvider } from '../../model/public_types';\n\nimport { ActionCodeURL } from '../action_code_url';\nimport { EmailAuthCredential } from '../credentials/email';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\n\n/**\n * Provider for generating {@link EmailAuthCredential}.\n *\n * @public\n */\nexport class EmailAuthProvider implements AuthProvider {\n /**\n * Always set to {@link ProviderId}.PASSWORD, even for email link.\n */\n static readonly PROVIDER_ID: 'password' = ProviderId.PASSWORD;\n /**\n * Always set to {@link SignInMethod}.EMAIL_PASSWORD.\n */\n static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password' =\n SignInMethod.EMAIL_PASSWORD;\n /**\n * Always set to {@link SignInMethod}.EMAIL_LINK.\n */\n static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink' =\n SignInMethod.EMAIL_LINK;\n /**\n * Always set to {@link ProviderId}.PASSWORD, even for email link.\n */\n readonly providerId = EmailAuthProvider.PROVIDER_ID;\n\n /**\n * Initialize an {@link AuthCredential} using an email and password.\n *\n * @example\n * ```javascript\n * const authCredential = EmailAuthProvider.credential(email, password);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * ```javascript\n * const userCredential = await signInWithEmailAndPassword(auth, email, password);\n * ```\n *\n * @param email - Email address.\n * @param password - User account password.\n * @returns The auth provider credential.\n */\n static credential(email: string, password: string): EmailAuthCredential {\n return EmailAuthCredential._fromEmailAndPassword(email, password);\n }\n\n /**\n * Initialize an {@link AuthCredential} using an email and an email link after a sign in with\n * email link operation.\n *\n * @example\n * ```javascript\n * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * ```javascript\n * await sendSignInLinkToEmail(auth, email);\n * // Obtain emailLink from user.\n * const userCredential = await signInWithEmailLink(auth, email, emailLink);\n * ```\n *\n * @param auth - The {@link Auth} instance used to verify the link.\n * @param email - Email address.\n * @param emailLink - Sign-in email link.\n * @returns - The auth provider credential.\n */\n static credentialWithLink(\n email: string,\n emailLink: string\n ): EmailAuthCredential {\n const actionCodeUrl = ActionCodeURL.parseLink(emailLink);\n _assert(actionCodeUrl, AuthErrorCode.ARGUMENT_ERROR);\n\n return EmailAuthCredential._fromEmailAndCode(\n email,\n actionCodeUrl.code,\n actionCodeUrl.tenantId\n );\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider } from '../../model/public_types';\n\n/**\n * Map of OAuth Custom Parameters.\n *\n * @public\n */\nexport type CustomParameters = Record<string, string>;\n\n/**\n * The base class for all Federated providers (OAuth (including OIDC), SAML).\n *\n * This class is not meant to be instantiated directly.\n *\n * @public\n */\nexport abstract class FederatedAuthProvider implements AuthProvider {\n /** @internal */\n defaultLanguageCode: string | null = null;\n /** @internal */\n private customParameters: CustomParameters = {};\n\n /**\n * Constructor for generic OAuth providers.\n *\n * @param providerId - Provider for which credentials should be generated.\n */\n constructor(readonly providerId: string) {}\n\n /**\n * Set the language gode.\n *\n * @param languageCode - language code\n */\n setDefaultLanguage(languageCode: string | null): void {\n this.defaultLanguageCode = languageCode;\n }\n\n /**\n * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in\n * operations.\n *\n * @remarks\n * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,\n * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.\n *\n * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.\n */\n setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider {\n this.customParameters = customOAuthParameters;\n return this;\n }\n\n /**\n * Retrieve the current list of {@link CustomParameters}.\n */\n getCustomParameters(): CustomParameters {\n return this.customParameters;\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider, UserCredential } from '../../model/public_types';\n\nimport { _assert } from '../util/assert';\nimport { AuthErrorCode } from '../errors';\n\nimport { OAuthCredential, OAuthCredentialParams } from '../credentials/oauth';\nimport { UserCredentialInternal } from '../../model/user';\nimport { FirebaseError } from '@firebase/util';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { SignInWithIdpResponse } from '../../../internal';\nimport { FederatedAuthProvider } from './federated';\n\n/**\n * Defines the options for initializing an {@link OAuthCredential}.\n *\n * @remarks\n * For ID tokens with nonce claim, the raw nonce has to also be provided.\n *\n * @public\n */\nexport interface OAuthCredentialOptions {\n /**\n * The OAuth ID token used to initialize the {@link OAuthCredential}.\n */\n idToken?: string;\n /**\n * The OAuth access token used to initialize the {@link OAuthCredential}.\n */\n accessToken?: string;\n /**\n * The raw nonce associated with the ID token.\n *\n * @remarks\n * It is required when an ID token with a nonce field is provided. The SHA-256 hash of the\n * raw nonce must match the nonce field in the ID token.\n */\n rawNonce?: string;\n}\n\n/**\n * Common code to all OAuth providers. This is separate from the\n * {@link OAuthProvider} so that child providers (like\n * {@link GoogleAuthProvider}) don't inherit the `credential` instance method.\n * Instead, they rely on a static `credential` method.\n */\nexport abstract class BaseOAuthProvider\n extends FederatedAuthProvider\n implements AuthProvider\n{\n /** @internal */\n private scopes: string[] = [];\n\n /**\n * Add an OAuth scope to the credential.\n *\n * @param scope - Provider OAuth scope to add.\n */\n addScope(scope: string): AuthProvider {\n // If not already added, add scope to list.\n if (!this.scopes.includes(scope)) {\n this.scopes.push(scope);\n }\n return this;\n }\n\n /**\n * Retrieve the current list of OAuth scopes.\n */\n getScopes(): string[] {\n return [...this.scopes];\n }\n}\n\n/**\n * Provider for generating generic {@link OAuthCredential}.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new OAuthProvider('google.com');\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('profile');\n * provider.addScope('email');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a OAuth Access Token for the provider.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new OAuthProvider('google.com');\n * provider.addScope('profile');\n * provider.addScope('email');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a OAuth Access Token for the provider.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * ```\n * @public\n */\nexport class OAuthProvider extends BaseOAuthProvider {\n /**\n * Creates an {@link OAuthCredential} from a JSON string or a plain object.\n * @param json - A plain object or a JSON string\n */\n static credentialFromJSON(json: object | string): OAuthCredential {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n _assert(\n 'providerId' in obj && 'signInMethod' in obj,\n AuthErrorCode.ARGUMENT_ERROR\n );\n return OAuthCredential._fromParams(obj);\n }\n\n /**\n * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.\n *\n * @remarks\n * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of\n * the raw nonce must match the nonce field in the ID token.\n *\n * @example\n * ```javascript\n * // `googleUser` from the onsuccess Google Sign In callback.\n * // Initialize a generate OAuth provider with a `google.com` providerId.\n * const provider = new OAuthProvider('google.com');\n * const credential = provider.credential({\n * idToken: googleUser.getAuthResponse().id_token,\n * });\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param params - Either the options object containing the ID token, access token and raw nonce\n * or the ID token string.\n */\n credential(params: OAuthCredentialOptions): OAuthCredential {\n return this._credential({ ...params, nonce: params.rawNonce });\n }\n\n /** An internal credential method that accepts more permissive options */\n private _credential(\n params: Omit<OAuthCredentialParams, 'signInMethod' | 'providerId'>\n ): OAuthCredential {\n _assert(params.idToken || params.accessToken, AuthErrorCode.ARGUMENT_ERROR);\n // For OAuthCredential, sign in method is same as providerId.\n return OAuthCredential._fromParams({\n ...params,\n providerId: this.providerId,\n signInMethod: this.providerId\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return OAuthProvider.oauthCredentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return OAuthProvider.oauthCredentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static oauthCredentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const {\n oauthIdToken,\n oauthAccessToken,\n oauthTokenSecret,\n pendingToken,\n nonce,\n providerId\n } = tokenResponse as SignInWithIdpResponse;\n if (\n !oauthAccessToken &&\n !oauthTokenSecret &&\n !oauthIdToken &&\n !pendingToken\n ) {\n return null;\n }\n\n if (!providerId) {\n return null;\n }\n\n try {\n return new OAuthProvider(providerId)._credential({\n idToken: oauthIdToken,\n accessToken: oauthAccessToken,\n nonce,\n pendingToken\n });\n } catch (e) {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('user_birthday');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = FacebookAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new FacebookAuthProvider();\n * provider.addScope('user_birthday');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = FacebookAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n *\n * @public\n */\nexport class FacebookAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.FACEBOOK. */\n static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com' =\n SignInMethod.FACEBOOK;\n /** Always set to {@link ProviderId}.FACEBOOK. */\n static readonly PROVIDER_ID: 'facebook.com' = ProviderId.FACEBOOK;\n\n constructor() {\n super(ProviderId.FACEBOOK);\n }\n\n /**\n * Creates a credential for Facebook.\n *\n * @example\n * ```javascript\n * // `event` from the Facebook auth.authResponseChange callback.\n * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param accessToken - Facebook access token.\n */\n static credential(accessToken: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: FacebookAuthProvider.PROVIDER_ID,\n signInMethod: FacebookAuthProvider.FACEBOOK_SIGN_IN_METHOD,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return FacebookAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return FacebookAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse || !('oauthAccessToken' in tokenResponse)) {\n return null;\n }\n\n if (!tokenResponse.oauthAccessToken) {\n return null;\n }\n\n try {\n return FacebookAuthProvider.credential(tokenResponse.oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new GoogleAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('profile');\n * provider.addScope('email');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Google Access Token.\n * const credential = GoogleAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new GoogleAuthProvider();\n * provider.addScope('profile');\n * provider.addScope('email');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Google Access Token.\n * const credential = GoogleAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n *\n * @public\n */\nexport class GoogleAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.GOOGLE. */\n static readonly GOOGLE_SIGN_IN_METHOD: 'google.com' = SignInMethod.GOOGLE;\n /** Always set to {@link ProviderId}.GOOGLE. */\n static readonly PROVIDER_ID: 'google.com' = ProviderId.GOOGLE;\n\n constructor() {\n super(ProviderId.GOOGLE);\n this.addScope('profile');\n }\n\n /**\n * Creates a credential for Google. At least one of ID token and access token is required.\n *\n * @example\n * ```javascript\n * // \\`googleUser\\` from the onsuccess Google Sign In callback.\n * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);\n * const result = await signInWithCredential(credential);\n * ```\n *\n * @param idToken - Google ID token.\n * @param accessToken - Google access token.\n */\n static credential(\n idToken?: string | null,\n accessToken?: string | null\n ): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: GoogleAuthProvider.PROVIDER_ID,\n signInMethod: GoogleAuthProvider.GOOGLE_SIGN_IN_METHOD,\n idToken,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return GoogleAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return GoogleAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const { oauthIdToken, oauthAccessToken } =\n tokenResponse as SignInWithIdpResponse;\n if (!oauthIdToken && !oauthAccessToken) {\n // This could be an oauth 1 credential or a phone credential\n return null;\n }\n\n try {\n return GoogleAuthProvider.credential(oauthIdToken, oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.\n *\n * @remarks\n * GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use\n * the {@link signInWithPopup} handler:\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new GithubAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * provider.addScope('repo');\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Github Access Token.\n * const credential = GithubAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new GithubAuthProvider();\n * provider.addScope('repo');\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Github Access Token.\n * const credential = GithubAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * ```\n * @public\n */\nexport class GithubAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.GITHUB. */\n static readonly GITHUB_SIGN_IN_METHOD: 'github.com' = SignInMethod.GITHUB;\n /** Always set to {@link ProviderId}.GITHUB. */\n static readonly PROVIDER_ID: 'github.com' = ProviderId.GITHUB;\n\n constructor() {\n super(ProviderId.GITHUB);\n }\n\n /**\n * Creates a credential for Github.\n *\n * @param accessToken - Github access token.\n */\n static credential(accessToken: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: GithubAuthProvider.PROVIDER_ID,\n signInMethod: GithubAuthProvider.GITHUB_SIGN_IN_METHOD,\n accessToken\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return GithubAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return GithubAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse || !('oauthAccessToken' in tokenResponse)) {\n return null;\n }\n\n if (!tokenResponse.oauthAccessToken) {\n return null;\n }\n\n try {\n return GithubAuthProvider.credential(tokenResponse.oauthAccessToken);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Represents the SAML credentials returned by an {@link SAMLAuthProvider}.\n *\n * @public\n */\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { AuthCredential } from './auth_credential';\n\nconst IDP_REQUEST_URI = 'http://localhost';\n\n/**\n * @public\n */\nexport class SAMLAuthCredential extends AuthCredential {\n /** @internal */\n private constructor(\n providerId: string,\n private readonly pendingToken: string\n ) {\n super(providerId, providerId);\n }\n\n /** @internal */\n _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.idToken = idToken;\n return signInWithIdp(auth, request);\n }\n\n /** @internal */\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n const request = this.buildRequest();\n request.autoCreate = false;\n return signInWithIdp(auth, request);\n }\n\n /** {@inheritdoc AuthCredential.toJSON} */\n toJSON(): object {\n return {\n signInMethod: this.signInMethod,\n providerId: this.providerId,\n pendingToken: this.pendingToken\n };\n }\n\n /**\n * Static method to deserialize a JSON representation of an object into an\n * {@link AuthCredential}.\n *\n * @param json - Input can be either Object or the stringified representation of the object.\n * When string is provided, JSON.parse would be called first.\n *\n * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.\n */\n static fromJSON(json: string | object): SAMLAuthCredential | null {\n const obj = typeof json === 'string' ? JSON.parse(json) : json;\n const { providerId, signInMethod, pendingToken }: Record<string, string> =\n obj;\n if (\n !providerId ||\n !signInMethod ||\n !pendingToken ||\n providerId !== signInMethod\n ) {\n return null;\n }\n\n return new SAMLAuthCredential(providerId, pendingToken);\n }\n\n /**\n * Helper static method to avoid exposing the constructor to end users.\n *\n * @internal\n */\n static _create(providerId: string, pendingToken: string): SAMLAuthCredential {\n return new SAMLAuthCredential(providerId, pendingToken);\n }\n\n private buildRequest(): SignInWithIdpRequest {\n return {\n requestUri: IDP_REQUEST_URI,\n returnSecureToken: true,\n pendingToken: this.pendingToken\n };\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredential } from '../../model/public_types';\nimport { UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { SAMLAuthCredential } from '../credentials/saml';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { FederatedAuthProvider } from './federated';\n\nconst SAML_PROVIDER_PREFIX = 'saml.';\n\n/**\n * An {@link AuthProvider} for SAML.\n *\n * @public\n */\nexport class SAMLAuthProvider extends FederatedAuthProvider {\n /**\n * Constructor. The providerId must start with \"saml.\"\n * @param providerId - SAML provider ID.\n */\n constructor(providerId: string) {\n _assert(\n providerId.startsWith(SAML_PROVIDER_PREFIX),\n AuthErrorCode.ARGUMENT_ERROR\n );\n super(providerId);\n }\n\n /**\n * Generates an {@link AuthCredential} from a {@link UserCredential} after a\n * successful SAML flow completes.\n *\n * @remarks\n *\n * For example, to get an {@link AuthCredential}, you could write the\n * following code:\n *\n * ```js\n * const userCredential = await signInWithPopup(auth, samlProvider);\n * const credential = SAMLAuthProvider.credentialFromResult(userCredential);\n * ```\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): AuthCredential | null {\n return SAMLAuthProvider.samlCredentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): AuthCredential | null {\n return SAMLAuthProvider.samlCredentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n /**\n * Creates an {@link AuthCredential} from a JSON string or a plain object.\n * @param json - A plain object or a JSON string\n */\n static credentialFromJSON(json: string | object): AuthCredential {\n const credential = SAMLAuthCredential.fromJSON(json);\n _assert(credential, AuthErrorCode.ARGUMENT_ERROR);\n return credential;\n }\n\n private static samlCredentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): SAMLAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n\n const { pendingToken, providerId } = tokenResponse as SignInWithIdpResponse;\n\n if (!pendingToken || !providerId) {\n return null;\n }\n\n try {\n return SAMLAuthCredential._create(providerId, pendingToken);\n } catch (e) {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @license\n * Copyright 2020 Twitter LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential } from '../../model/public_types';\nimport { FirebaseError } from '@firebase/util';\n\nimport { SignInWithIdpResponse } from '../../api/authentication/idp';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { UserCredentialInternal } from '../../model/user';\nimport { OAuthCredential } from '../credentials/oauth';\nimport { BaseOAuthProvider } from './oauth';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new TwitterAuthProvider();\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Twitter Access Token and Secret.\n * const credential = TwitterAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * const secret = credential.secret;\n * }\n * ```\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new TwitterAuthProvider();\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Twitter Access Token and Secret.\n * const credential = TwitterAuthProvider.credentialFromResult(result);\n * const token = credential.accessToken;\n * const secret = credential.secret;\n * ```\n *\n * @public\n */\nexport class TwitterAuthProvider extends BaseOAuthProvider {\n /** Always set to {@link SignInMethod}.TWITTER. */\n static readonly TWITTER_SIGN_IN_METHOD: 'twitter.com' = SignInMethod.TWITTER;\n /** Always set to {@link ProviderId}.TWITTER. */\n static readonly PROVIDER_ID: 'twitter.com' = ProviderId.TWITTER;\n\n constructor() {\n super(ProviderId.TWITTER);\n }\n\n /**\n * Creates a credential for Twitter.\n *\n * @param token - Twitter access token.\n * @param secret - Twitter secret.\n */\n static credential(token: string, secret: string): OAuthCredential {\n return OAuthCredential._fromParams({\n providerId: TwitterAuthProvider.PROVIDER_ID,\n signInMethod: TwitterAuthProvider.TWITTER_SIGN_IN_METHOD,\n oauthToken: token,\n oauthTokenSecret: secret\n });\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): OAuthCredential | null {\n return TwitterAuthProvider.credentialFromTaggedObject(\n userCredential as UserCredentialInternal\n );\n }\n\n /**\n * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was\n * thrown during a sign-in, link, or reauthenticate operation.\n *\n * @param userCredential - The user credential.\n */\n static credentialFromError(error: FirebaseError): OAuthCredential | null {\n return TwitterAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): OAuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n const { oauthAccessToken, oauthTokenSecret } =\n tokenResponse as SignInWithIdpResponse;\n if (!oauthAccessToken || !oauthTokenSecret) {\n return null;\n }\n\n try {\n return TwitterAuthProvider.credential(oauthAccessToken, oauthTokenSecret);\n } catch {\n return null;\n }\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n RecaptchaClientType,\n RecaptchaVersion,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignUpRequest {\n idToken?: string;\n returnSecureToken?: boolean;\n email?: string;\n password?: string;\n tenantId?: string;\n captchaResponse?: string;\n clientType?: RecaptchaClientType;\n recaptchaVersion?: RecaptchaVersion;\n}\n\nexport interface SignUpResponse extends IdTokenResponse {\n displayName?: string;\n email?: string;\n}\n\nexport async function signUp(\n auth: Auth,\n request: SignUpRequest\n): Promise<SignUpResponse> {\n return _performSignInRequest<SignUpRequest, SignUpResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_UP,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { UserImpl } from './user_impl';\nimport { AuthInternal } from '../../model/auth';\nimport { OperationType, ProviderId } from '../../model/enums';\n\ninterface UserCredentialParams {\n readonly user: UserInternal;\n readonly providerId: ProviderId | string | null;\n readonly _tokenResponse?: PhoneOrOauthTokenResponse;\n readonly operationType: OperationType;\n}\n\nexport class UserCredentialImpl\n implements UserCredentialInternal, UserCredentialParams\n{\n readonly user: UserInternal;\n readonly providerId: ProviderId | string | null;\n readonly _tokenResponse: PhoneOrOauthTokenResponse | undefined;\n readonly operationType: OperationType;\n\n constructor(params: UserCredentialParams) {\n this.user = params.user;\n this.providerId = params.providerId;\n this._tokenResponse = params._tokenResponse;\n this.operationType = params.operationType;\n }\n\n static async _fromIdTokenResponse(\n auth: AuthInternal,\n operationType: OperationType,\n idTokenResponse: IdTokenResponse,\n isAnonymous: boolean = false\n ): Promise<UserCredentialInternal> {\n const user = await UserImpl._fromIdTokenResponse(\n auth,\n idTokenResponse,\n isAnonymous\n );\n const providerId = providerIdForResponse(idTokenResponse);\n const userCred = new UserCredentialImpl({\n user,\n providerId,\n _tokenResponse: idTokenResponse,\n operationType\n });\n return userCred;\n }\n\n static async _forOperation(\n user: UserInternal,\n operationType: OperationType,\n response: PhoneOrOauthTokenResponse\n ): Promise<UserCredentialImpl> {\n await user._updateTokensIfNecessary(response, /* reload */ true);\n const providerId = providerIdForResponse(response);\n return new UserCredentialImpl({\n user,\n providerId,\n _tokenResponse: response,\n operationType\n });\n }\n}\n\nfunction providerIdForResponse(\n response: IdTokenResponse\n): ProviderId | string | null {\n if (response.providerId) {\n return response.providerId;\n }\n\n if ('phoneNumber' in response) {\n return ProviderId.PHONE;\n }\n\n return null;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, UserCredential } from '../../model/public_types';\nimport { signUp } from '../../api/authentication/sign_up';\nimport { UserInternal } from '../../model/user';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { OperationType } from '../../model/enums';\n\n/**\n * Asynchronously signs in as an anonymous user.\n *\n * @remarks\n * If there is already an anonymous user signed in, that user will be returned; otherwise, a\n * new anonymous user identity will be created and returned.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport async function signInAnonymously(auth: Auth): Promise<UserCredential> {\n const authInternal = _castAuth(auth);\n await authInternal._initializationPromise;\n if (authInternal.currentUser?.isAnonymous) {\n // If an anonymous user is already signed in, no need to sign them in again.\n return new UserCredentialImpl({\n user: authInternal.currentUser as UserInternal,\n providerId: null,\n operationType: OperationType.SIGN_IN\n });\n }\n const response = await signUp(authInternal, {\n returnSecureToken: true\n });\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response,\n true\n );\n await authInternal._updateCurrentUser(userCredential.user);\n return userCredential;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { MultiFactorError as MultiFactorErrorPublic } from '../model/public_types';\nimport { FirebaseError } from '@firebase/util';\nimport { AuthInternal } from '../model/auth';\nimport { IdTokenResponse } from '../model/id_token';\nimport { AuthErrorCode } from '../core/errors';\nimport { UserInternal } from '../model/user';\nimport { AuthCredential } from '../core/credentials';\nimport { IdTokenMfaResponse } from '../api/authentication/mfa';\nimport { OperationType } from '../model/enums';\n\nexport type MultiFactorErrorData = MultiFactorErrorPublic['customData'] & {\n _serverResponse: IdTokenMfaResponse;\n};\n\nexport class MultiFactorError\n extends FirebaseError\n implements MultiFactorErrorPublic\n{\n readonly customData: MultiFactorErrorData;\n\n private constructor(\n auth: AuthInternal,\n error: FirebaseError,\n readonly operationType: OperationType,\n readonly user?: UserInternal\n ) {\n super(error.code, error.message);\n // https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MultiFactorError.prototype);\n this.customData = {\n appName: auth.name,\n tenantId: auth.tenantId ?? undefined,\n _serverResponse: error.customData!._serverResponse as IdTokenMfaResponse,\n operationType\n };\n }\n\n static _fromErrorAndOperation(\n auth: AuthInternal,\n error: FirebaseError,\n operationType: OperationType,\n user?: UserInternal\n ): MultiFactorError {\n return new MultiFactorError(auth, error, operationType, user);\n }\n}\n\nexport function _processCredentialSavingMfaContextIfNecessary(\n auth: AuthInternal,\n operationType: OperationType,\n credential: AuthCredential,\n user?: UserInternal\n): Promise<IdTokenResponse> {\n const idTokenProvider =\n operationType === OperationType.REAUTHENTICATE\n ? credential._getReauthenticationResolver(auth)\n : credential._getIdTokenResponse(auth);\n\n return idTokenProvider.catch(error => {\n if (error.code === `auth/${AuthErrorCode.MFA_REQUIRED}`) {\n throw MultiFactorError._fromErrorAndOperation(\n auth,\n error,\n operationType,\n user\n );\n }\n\n throw error;\n });\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport interface ProviderAssociatedObject {\n providerId?: string;\n}\n\n/**\n * Takes a set of UserInfo provider data and converts it to a set of names\n */\nexport function providerDataAsNames<T extends ProviderAssociatedObject>(\n providerData: T[]\n): Set<string> {\n return new Set(\n providerData\n .map(({ providerId }) => providerId)\n .filter(pid => !!pid) as string[]\n );\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User } from '../../model/public_types';\n\nimport { deleteLinkedAccounts } from '../../api/account_management/account';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { providerDataAsNames } from '../util/providers';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { _reloadWithoutSaving } from './reload';\nimport { UserCredentialImpl } from './user_credential_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType, ProviderId } from '../../model/enums';\n\n/**\n * Unlinks a provider from a user account.\n *\n * @param user - The user.\n * @param providerId - The provider to unlink.\n *\n * @public\n */\nexport async function unlink(user: User, providerId: string): Promise<User> {\n const userInternal = getModularInstance(user) as UserInternal;\n await _assertLinkedStatus(true, userInternal, providerId);\n const { providerUserInfo } = await deleteLinkedAccounts(userInternal.auth, {\n idToken: await userInternal.getIdToken(),\n deleteProvider: [providerId]\n });\n\n const providersLeft = providerDataAsNames(providerUserInfo || []);\n\n userInternal.providerData = userInternal.providerData.filter(pd =>\n providersLeft.has(pd.providerId)\n );\n if (!providersLeft.has(ProviderId.PHONE)) {\n userInternal.phoneNumber = null;\n }\n\n await userInternal.auth._persistUserIfCurrent(userInternal);\n return userInternal;\n}\n\nexport async function _link(\n user: UserInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredentialInternal> {\n const response = await _logoutIfInvalidated(\n user,\n credential._linkToIdToken(user.auth, await user.getIdToken()),\n bypassAuthState\n );\n return UserCredentialImpl._forOperation(user, OperationType.LINK, response);\n}\n\nexport async function _assertLinkedStatus(\n expected: boolean,\n user: UserInternal,\n provider: string\n): Promise<void> {\n await _reloadWithoutSaving(user);\n const providerIds = providerDataAsNames(user.providerData);\n\n const code =\n expected === false\n ? AuthErrorCode.PROVIDER_ALREADY_LINKED\n : AuthErrorCode.NO_SUCH_PROVIDER;\n _assert(providerIds.has(provider) === expected, user.auth, code);\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\nimport { _processCredentialSavingMfaContextIfNecessary } from '../../mfa/mfa_error';\nimport { OperationType } from '../../model/enums';\nimport { UserInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { AuthErrorCode } from '../errors';\nimport { _assert, _fail } from '../util/assert';\nimport { _parseToken } from './id_token_result';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { UserCredentialImpl } from './user_credential_impl';\n\nexport async function _reauthenticate(\n user: UserInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredentialImpl> {\n const { auth } = user;\n const operationType = OperationType.REAUTHENTICATE;\n\n try {\n const response = await _logoutIfInvalidated(\n user,\n _processCredentialSavingMfaContextIfNecessary(\n auth,\n operationType,\n credential,\n user\n ),\n bypassAuthState\n );\n _assert(response.idToken, auth, AuthErrorCode.INTERNAL_ERROR);\n const parsed = _parseToken(response.idToken);\n _assert(parsed, auth, AuthErrorCode.INTERNAL_ERROR);\n\n const { sub: localId } = parsed;\n _assert(user.uid === localId, auth, AuthErrorCode.USER_MISMATCH);\n\n return UserCredentialImpl._forOperation(user, operationType, response);\n } catch (e) {\n // Convert user deleted error into user mismatch\n if ((e as FirebaseError)?.code === `auth/${AuthErrorCode.USER_DELETED}`) {\n _fail(auth, AuthErrorCode.USER_MISMATCH);\n }\n throw e;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserCredential, Auth, User } from '../../model/public_types';\n\nimport { _processCredentialSavingMfaContextIfNecessary } from '../../mfa/mfa_error';\nimport { AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { _assertLinkedStatus, _link } from '../user/link_unlink';\nimport { _reauthenticate } from '../user/reauthenticate';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../../model/enums';\n\nexport async function _signInWithCredential(\n auth: AuthInternal,\n credential: AuthCredential,\n bypassAuthState = false\n): Promise<UserCredential> {\n const operationType = OperationType.SIGN_IN;\n const response = await _processCredentialSavingMfaContextIfNecessary(\n auth,\n operationType,\n credential\n );\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n auth,\n operationType,\n response\n );\n\n if (!bypassAuthState) {\n await auth._updateCurrentUser(userCredential.user);\n }\n return userCredential;\n}\n\n/**\n * Asynchronously signs in with the given credentials.\n *\n * @remarks\n * An {@link AuthProvider} can be used to generate the credential.\n *\n * @param auth - The {@link Auth} instance.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function signInWithCredential(\n auth: Auth,\n credential: AuthCredential\n): Promise<UserCredential> {\n return _signInWithCredential(_castAuth(auth), credential);\n}\n\n/**\n * Links the user account with the given credentials.\n *\n * @remarks\n * An {@link AuthProvider} can be used to generate the credential.\n *\n * @param user - The user.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function linkWithCredential(\n user: User,\n credential: AuthCredential\n): Promise<UserCredential> {\n const userInternal = getModularInstance(user) as UserInternal;\n\n await _assertLinkedStatus(false, userInternal, credential.providerId);\n\n return _link(userInternal, credential);\n}\n\n/**\n * Re-authenticates a user using a fresh credential.\n *\n * @remarks\n * Use before operations such as {@link updatePassword} that require tokens from recent sign-in\n * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error\n * or a `TOKEN_EXPIRED` error.\n *\n * @param user - The user.\n * @param credential - The auth credential.\n *\n * @public\n */\nexport async function reauthenticateWithCredential(\n user: User,\n credential: AuthCredential\n): Promise<UserCredential> {\n return _reauthenticate(getModularInstance(user) as UserInternal, credential);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, UserCredential } from '../../model/public_types';\n\nimport { signInWithCustomToken as getIdTokenResponse } from '../../api/authentication/custom_token';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _castAuth } from '../auth/auth_impl';\nimport { OperationType } from '../../model/enums';\n\n/**\n * Asynchronously signs in using a custom token.\n *\n * @remarks\n * Custom tokens are used to integrate Firebase Auth with existing auth systems, and must\n * be generated by an auth backend using the\n * {@link https://firebase.google.com/docs/reference/admin/node/admin.auth.Auth#createcustomtoken | createCustomToken}\n * method in the {@link https://firebase.google.com/docs/auth/admin | Admin SDK} .\n *\n * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.\n *\n * @param auth - The {@link Auth} instance.\n * @param customToken - The custom token to sign in with.\n *\n * @public\n */\nexport async function signInWithCustomToken(\n auth: Auth,\n customToken: string\n): Promise<UserCredential> {\n const authInternal = _castAuth(auth);\n const response: IdTokenResponse = await getIdTokenResponse(authInternal, {\n token: customToken,\n returnSecureToken: true\n });\n const cred = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response\n );\n await authInternal._updateCurrentUser(cred.user);\n return cred;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performSignInRequest\n} from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface SignInWithCustomTokenRequest {\n token: string;\n returnSecureToken: boolean;\n tenantId?: string;\n}\n\nexport interface SignInWithCustomTokenResponse extends IdTokenResponse {}\n\nexport async function signInWithCustomToken(\n auth: Auth,\n request: SignInWithCustomTokenRequest\n): Promise<SignInWithCustomTokenResponse> {\n return _performSignInRequest<\n SignInWithCustomTokenRequest,\n SignInWithCustomTokenResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.SIGN_IN_WITH_CUSTOM_TOKEN,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n FactorId,\n MultiFactorInfo,\n PhoneMultiFactorInfo,\n TotpMultiFactorInfo\n} from '../model/public_types';\nimport {\n PhoneMfaEnrollment,\n MfaEnrollment,\n TotpMfaEnrollment\n} from '../api/account_management/mfa';\nimport { AuthErrorCode } from '../core/errors';\nimport { _fail } from '../core/util/assert';\nimport { AuthInternal } from '../model/auth';\n\nexport abstract class MultiFactorInfoImpl implements MultiFactorInfo {\n readonly uid: string;\n readonly displayName?: string | null;\n readonly enrollmentTime: string;\n\n protected constructor(readonly factorId: FactorId, response: MfaEnrollment) {\n this.uid = response.mfaEnrollmentId;\n this.enrollmentTime = new Date(response.enrolledAt).toUTCString();\n this.displayName = response.displayName;\n }\n\n static _fromServerResponse(\n auth: AuthInternal,\n enrollment: MfaEnrollment\n ): MultiFactorInfoImpl {\n if ('phoneInfo' in enrollment) {\n return PhoneMultiFactorInfoImpl._fromServerResponse(auth, enrollment);\n } else if ('totpInfo' in enrollment) {\n return TotpMultiFactorInfoImpl._fromServerResponse(auth, enrollment);\n }\n return _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n}\n\nexport class PhoneMultiFactorInfoImpl\n extends MultiFactorInfoImpl\n implements PhoneMultiFactorInfo\n{\n readonly phoneNumber: string;\n\n private constructor(response: PhoneMfaEnrollment) {\n super(FactorId.PHONE, response);\n this.phoneNumber = response.phoneInfo;\n }\n\n static _fromServerResponse(\n _auth: AuthInternal,\n enrollment: MfaEnrollment\n ): PhoneMultiFactorInfoImpl {\n return new PhoneMultiFactorInfoImpl(enrollment as PhoneMfaEnrollment);\n }\n}\nexport class TotpMultiFactorInfoImpl\n extends MultiFactorInfoImpl\n implements TotpMultiFactorInfo\n{\n private constructor(response: TotpMfaEnrollment) {\n super(FactorId.TOTP, response);\n }\n\n static _fromServerResponse(\n _auth: AuthInternal,\n enrollment: MfaEnrollment\n ): TotpMultiFactorInfoImpl {\n return new TotpMultiFactorInfoImpl(enrollment as TotpMfaEnrollment);\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ActionCodeSettings, Auth } from '../../model/public_types';\n\nimport { GetOobCodeRequest } from '../../api/authentication/email_and_password';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\n\nexport function _setActionCodeSettingsOnRequest(\n auth: Auth,\n request: GetOobCodeRequest,\n actionCodeSettings: ActionCodeSettings\n): void {\n _assert(\n actionCodeSettings.url?.length > 0,\n auth,\n AuthErrorCode.INVALID_CONTINUE_URI\n );\n _assert(\n typeof actionCodeSettings.dynamicLinkDomain === 'undefined' ||\n actionCodeSettings.dynamicLinkDomain.length > 0,\n auth,\n AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN\n );\n\n request.continueUrl = actionCodeSettings.url;\n request.dynamicLinkDomain = actionCodeSettings.dynamicLinkDomain;\n request.canHandleCodeInApp = actionCodeSettings.handleCodeInApp;\n\n if (actionCodeSettings.iOS) {\n _assert(\n actionCodeSettings.iOS.bundleId.length > 0,\n auth,\n AuthErrorCode.MISSING_IOS_BUNDLE_ID\n );\n request.iOSBundleId = actionCodeSettings.iOS.bundleId;\n }\n\n if (actionCodeSettings.android) {\n _assert(\n actionCodeSettings.android.packageName.length > 0,\n auth,\n AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME\n );\n request.androidInstallApp = actionCodeSettings.android.installApp;\n request.androidMinimumVersionCode =\n actionCodeSettings.android.minimumVersion;\n request.androidPackageName = actionCodeSettings.android.packageName;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeInfo,\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n UserCredential\n} from '../../model/public_types';\n\nimport * as account from '../../api/account_management/email_and_password';\nimport * as authentication from '../../api/authentication/email_and_password';\nimport { signUp, SignUpRequest } from '../../api/authentication/sign_up';\nimport { MultiFactorInfoImpl } from '../../mfa/mfa_info';\nimport { EmailAuthProvider } from '../providers/email';\nimport { UserCredentialImpl } from '../user/user_credential_impl';\nimport { _assert } from '../util/assert';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { signInWithCredential } from './credential';\nimport { _castAuth } from '../auth/auth_impl';\nimport { AuthErrorCode } from '../errors';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../../model/enums';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { RecaptchaActionName, RecaptchaClientType } from '../../api';\n\n/**\n * Updates the password policy cached in the {@link Auth} instance if a policy is already\n * cached for the project or tenant.\n *\n * @remarks\n * We only fetch the password policy if the password did not meet policy requirements and\n * there is an existing policy cached. A developer must call validatePassword at least\n * once for the cache to be automatically updated.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @private\n */\nasync function recachePasswordPolicy(auth: Auth): Promise<void> {\n const authInternal = _castAuth(auth);\n if (authInternal._getPasswordPolicyInternal()) {\n await authInternal._updatePasswordPolicy();\n }\n}\n\n/**\n * Sends a password reset email to the given email address. This method does not throw an error when\n * there's no user account with the given email address and\n * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.\n *\n * @remarks\n * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in\n * the email sent to the user, along with the new password specified by the user.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendPasswordResetEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain code from user.\n * await confirmPasswordReset('user@example.com', code);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendPasswordResetEmail(\n auth: Auth,\n email: string,\n actionCodeSettings?: ActionCodeSettings\n): Promise<void> {\n const authInternal = _castAuth(auth);\n const request: authentication.PasswordResetRequest = {\n requestType: ActionCodeOperation.PASSWORD_RESET,\n email,\n clientType: RecaptchaClientType.WEB\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);\n }\n await handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.GET_OOB_CODE,\n authentication.sendPasswordResetEmail\n );\n}\n\n/**\n * Completes the password reset process, given a confirmation code and new password.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A confirmation code sent to the user.\n * @param newPassword - The new password.\n *\n * @public\n */\nexport async function confirmPasswordReset(\n auth: Auth,\n oobCode: string,\n newPassword: string\n): Promise<void> {\n await account\n .resetPassword(getModularInstance(auth), {\n oobCode,\n newPassword\n })\n .catch(async error => {\n if (\n error.code ===\n `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n // Do not return the email.\n}\n\n/**\n * Applies a verification code sent to the user by email or other out-of-band mechanism.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A verification code sent to the user.\n *\n * @public\n */\nexport async function applyActionCode(\n auth: Auth,\n oobCode: string\n): Promise<void> {\n await account.applyActionCode(getModularInstance(auth), { oobCode });\n}\n\n/**\n * Checks a verification code sent to the user by email or other out-of-band mechanism.\n *\n * @returns metadata about the code.\n *\n * @param auth - The {@link Auth} instance.\n * @param oobCode - A verification code sent to the user.\n *\n * @public\n */\nexport async function checkActionCode(\n auth: Auth,\n oobCode: string\n): Promise<ActionCodeInfo> {\n const authModular = getModularInstance(auth);\n const response = await account.resetPassword(authModular, { oobCode });\n\n // Email could be empty only if the request type is EMAIL_SIGNIN or\n // VERIFY_AND_CHANGE_EMAIL.\n // New email should not be empty if the request type is\n // VERIFY_AND_CHANGE_EMAIL.\n // Multi-factor info could not be empty if the request type is\n // REVERT_SECOND_FACTOR_ADDITION.\n const operation = response.requestType;\n _assert(operation, authModular, AuthErrorCode.INTERNAL_ERROR);\n switch (operation) {\n case ActionCodeOperation.EMAIL_SIGNIN:\n break;\n case ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL:\n _assert(response.newEmail, authModular, AuthErrorCode.INTERNAL_ERROR);\n break;\n case ActionCodeOperation.REVERT_SECOND_FACTOR_ADDITION:\n _assert(response.mfaInfo, authModular, AuthErrorCode.INTERNAL_ERROR);\n // fall through\n default:\n _assert(response.email, authModular, AuthErrorCode.INTERNAL_ERROR);\n }\n\n // The multi-factor info for revert second factor addition\n let multiFactorInfo: MultiFactorInfoImpl | null = null;\n if (response.mfaInfo) {\n multiFactorInfo = MultiFactorInfoImpl._fromServerResponse(\n _castAuth(authModular),\n response.mfaInfo\n );\n }\n\n return {\n data: {\n email:\n (response.requestType === ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL\n ? response.newEmail\n : response.email) || null,\n previousEmail:\n (response.requestType === ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL\n ? response.email\n : response.newEmail) || null,\n multiFactorInfo\n },\n operation\n };\n}\n\n/**\n * Checks a password reset code sent to the user by email or other out-of-band mechanism.\n *\n * @returns the user's email address if valid.\n *\n * @param auth - The {@link Auth} instance.\n * @param code - A verification code sent to the user.\n *\n * @public\n */\nexport async function verifyPasswordResetCode(\n auth: Auth,\n code: string\n): Promise<string> {\n const { data } = await checkActionCode(getModularInstance(auth), code);\n // Email should always be present since a code was sent to it\n return data.email!;\n}\n\n/**\n * Creates a new user account associated with the specified email address and password.\n *\n * @remarks\n * On successful creation of the user account, this user will also be signed in to your application.\n *\n * User account creation can fail if the account already exists or the password is invalid.\n *\n * Note: The email address acts as a unique identifier for the user and enables an email-based\n * password reset. This function will create a new user account and set the initial user password.\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param password - The user's chosen password.\n *\n * @public\n */\nexport async function createUserWithEmailAndPassword(\n auth: Auth,\n email: string,\n password: string\n): Promise<UserCredential> {\n const authInternal = _castAuth(auth);\n const request: SignUpRequest = {\n returnSecureToken: true,\n email,\n password,\n clientType: RecaptchaClientType.WEB\n };\n const signUpResponse: Promise<IdTokenResponse> = handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.SIGN_UP_PASSWORD,\n signUp\n );\n const response = await signUpResponse.catch(error => {\n if (\n error.code === `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n\n const userCredential = await UserCredentialImpl._fromIdTokenResponse(\n authInternal,\n OperationType.SIGN_IN,\n response\n );\n await authInternal._updateCurrentUser(userCredential.user);\n\n return userCredential;\n}\n\n/**\n * Asynchronously signs in using an email and password.\n *\n * @remarks\n * Fails with an error if the email address and password do not match.\n * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,\n * this method fails with \"auth/invalid-credential\" in case of an invalid email/password.\n *\n * Note: The user's password is NOT the password used to access the user's email account. The\n * email address serves as a unique identifier for the user, and the password is used to access\n * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The users email address.\n * @param password - The users password.\n *\n * @public\n */\nexport function signInWithEmailAndPassword(\n auth: Auth,\n email: string,\n password: string\n): Promise<UserCredential> {\n return signInWithCredential(\n getModularInstance(auth),\n EmailAuthProvider.credential(email, password)\n ).catch(async error => {\n if (\n error.code === `auth/${AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS}`\n ) {\n void recachePasswordPolicy(auth);\n }\n\n throw error;\n });\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n UserCredential\n} from '../../model/public_types';\n\nimport * as api from '../../api/authentication/email_and_password';\nimport { ActionCodeURL } from '../action_code_url';\nimport { EmailAuthProvider } from '../providers/email';\nimport { _getCurrentUrl } from '../util/location';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { signInWithCredential } from './credential';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { getModularInstance } from '@firebase/util';\nimport { _castAuth } from '../auth/auth_impl';\nimport { handleRecaptchaFlow } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { RecaptchaActionName, RecaptchaClientType } from '../../api';\n\n/**\n * Sends a sign-in email link to the user with the specified email.\n *\n * @remarks\n * The sign-in operation has to always be completed in the app unlike other out of band email\n * actions (password reset and email verifications). This is because, at the end of the flow,\n * the user is expected to be signed in and their Auth state persisted within the app.\n *\n * To complete sign in with the email link, call {@link signInWithEmailLink} with the email\n * address and the email link supplied in the email sent to the user.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain emailLink from the user.\n * if(isSignInWithEmailLink(auth, emailLink)) {\n * await signInWithEmailLink(auth, 'user@example.com', emailLink);\n * }\n * ```\n *\n * @param authInternal - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendSignInLinkToEmail(\n auth: Auth,\n email: string,\n actionCodeSettings: ActionCodeSettings\n): Promise<void> {\n const authInternal = _castAuth(auth);\n const request: api.EmailSignInRequest = {\n requestType: ActionCodeOperation.EMAIL_SIGNIN,\n email,\n clientType: RecaptchaClientType.WEB\n };\n function setActionCodeSettings(\n request: api.EmailSignInRequest,\n actionCodeSettings: ActionCodeSettings\n ): void {\n _assert(\n actionCodeSettings.handleCodeInApp,\n authInternal,\n AuthErrorCode.ARGUMENT_ERROR\n );\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n authInternal,\n request,\n actionCodeSettings\n );\n }\n }\n setActionCodeSettings(request, actionCodeSettings);\n await handleRecaptchaFlow(\n authInternal,\n request,\n RecaptchaActionName.GET_OOB_CODE,\n api.sendSignInLinkToEmail\n );\n}\n\n/**\n * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.\n *\n * @param auth - The {@link Auth} instance.\n * @param emailLink - The link sent to the user's email address.\n *\n * @public\n */\nexport function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean {\n const actionCodeUrl = ActionCodeURL.parseLink(emailLink);\n return actionCodeUrl?.operation === ActionCodeOperation.EMAIL_SIGNIN;\n}\n\n/**\n * Asynchronously signs in using an email and sign-in email link.\n *\n * @remarks\n * If no link is passed, the link is inferred from the current URL.\n *\n * Fails with an error if the email address is invalid or OTP in email link expires.\n *\n * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);\n * // Obtain emailLink from the user.\n * if(isSignInWithEmailLink(auth, emailLink)) {\n * await signInWithEmailLink(auth, 'user@example.com', emailLink);\n * }\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n * @param emailLink - The link sent to the user's email address.\n *\n * @public\n */\nexport async function signInWithEmailLink(\n auth: Auth,\n email: string,\n emailLink?: string\n): Promise<UserCredential> {\n const authModular = getModularInstance(auth);\n const credential = EmailAuthProvider.credentialWithLink(\n email,\n emailLink || _getCurrentUrl()\n );\n // Check if the tenant ID in the email link matches the tenant ID on Auth\n // instance.\n _assert(\n credential._tenantId === (authModular.tenantId || null),\n authModular,\n AuthErrorCode.TENANT_ID_MISMATCH\n );\n return signInWithCredential(authModular, credential);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ActionCodeOperation,\n ActionCodeSettings,\n Auth,\n User\n} from '../../model/public_types';\n\nimport {\n createAuthUri,\n CreateAuthUriRequest\n} from '../../api/authentication/create_auth_uri';\nimport * as api from '../../api/authentication/email_and_password';\nimport { UserInternal } from '../../model/user';\nimport { _getCurrentUrl, _isHttpOrHttps } from '../util/location';\nimport { _setActionCodeSettingsOnRequest } from './action_code_settings';\nimport { getModularInstance } from '@firebase/util';\n\n/**\n * Gets the list of possible sign in methods for the given email address. This method returns an\n * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of\n * authentication methods available for the given email.\n *\n * @remarks\n * This is useful to differentiate methods of sign-in for the same provider, eg.\n * {@link EmailAuthProvider} which has 2 methods of sign-in,\n * {@link SignInMethod}.EMAIL_PASSWORD and\n * {@link SignInMethod}.EMAIL_LINK.\n *\n * @param auth - The {@link Auth} instance.\n * @param email - The user's email address.\n *\n * Deprecated. Migrating off of this method is recommended as a security best-practice.\n * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).\n * @public\n */\nexport async function fetchSignInMethodsForEmail(\n auth: Auth,\n email: string\n): Promise<string[]> {\n // createAuthUri returns an error if continue URI is not http or https.\n // For environments like Cordova, Chrome extensions, native frameworks, file\n // systems, etc, use http://localhost as continue URL.\n const continueUri = _isHttpOrHttps() ? _getCurrentUrl() : 'http://localhost';\n const request: CreateAuthUriRequest = {\n identifier: email,\n continueUri\n };\n\n const { signinMethods } = await createAuthUri(\n getModularInstance(auth),\n request\n );\n\n return signinMethods || [];\n}\n\n/**\n * Sends a verification email to a user.\n *\n * @remarks\n * The verification process is completed by calling {@link applyActionCode}.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await sendEmailVerification(user, actionCodeSettings);\n * // Obtain code from the user.\n * await applyActionCode(auth, code);\n * ```\n *\n * @param user - The user.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function sendEmailVerification(\n user: User,\n actionCodeSettings?: ActionCodeSettings | null\n): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await user.getIdToken();\n const request: api.VerifyEmailRequest = {\n requestType: ActionCodeOperation.VERIFY_EMAIL,\n idToken\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n userInternal.auth,\n request,\n actionCodeSettings\n );\n }\n\n const { email } = await api.sendEmailVerification(userInternal.auth, request);\n\n if (email !== user.email) {\n await user.reload();\n }\n}\n\n/**\n * Sends a verification email to a new email address.\n *\n * @remarks\n * The user's email will be updated to the new one after being verified.\n *\n * If you have a custom email action handler, you can complete the verification process by calling\n * {@link applyActionCode}.\n *\n * @example\n * ```javascript\n * const actionCodeSettings = {\n * url: 'https://www.example.com/?email=user@example.com',\n * iOS: {\n * bundleId: 'com.example.ios'\n * },\n * android: {\n * packageName: 'com.example.android',\n * installApp: true,\n * minimumVersion: '12'\n * },\n * handleCodeInApp: true\n * };\n * await verifyBeforeUpdateEmail(user, 'newemail@example.com', actionCodeSettings);\n * // Obtain code from the user.\n * await applyActionCode(auth, code);\n * ```\n *\n * @param user - The user.\n * @param newEmail - The new email address to be verified before update.\n * @param actionCodeSettings - The {@link ActionCodeSettings}.\n *\n * @public\n */\nexport async function verifyBeforeUpdateEmail(\n user: User,\n newEmail: string,\n actionCodeSettings?: ActionCodeSettings | null\n): Promise<void> {\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await user.getIdToken();\n const request: api.VerifyAndChangeEmailRequest = {\n requestType: ActionCodeOperation.VERIFY_AND_CHANGE_EMAIL,\n idToken,\n newEmail\n };\n if (actionCodeSettings) {\n _setActionCodeSettingsOnRequest(\n userInternal.auth,\n request,\n actionCodeSettings\n );\n }\n\n const { email } = await api.verifyAndChangeEmail(userInternal.auth, request);\n\n if (email !== user.email) {\n // If the local copy of the email on user is outdated, reload the\n // user.\n await user.reload();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { Auth } from '../../model/public_types';\n\nexport interface CreateAuthUriRequest {\n identifier: string;\n continueUri: string;\n tenantId?: string;\n}\n\nexport interface CreateAuthUriResponse {\n signinMethods: string[];\n}\n\nexport async function createAuthUri(\n auth: Auth,\n request: CreateAuthUriRequest\n): Promise<CreateAuthUriResponse> {\n return _performApiRequest<CreateAuthUriRequest, CreateAuthUriResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.CREATE_AUTH_URI,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { User } from '../../model/public_types';\n\nimport {\n updateEmailPassword as apiUpdateEmailPassword,\n UpdateEmailPasswordRequest\n} from '../../api/account_management/email_and_password';\nimport { updateProfile as apiUpdateProfile } from '../../api/account_management/profile';\nimport { UserInternal } from '../../model/user';\nimport { _logoutIfInvalidated } from './invalidation';\nimport { getModularInstance } from '@firebase/util';\nimport { ProviderId } from '../../model/enums';\n\n/**\n * Updates a user's profile data.\n *\n * @param user - The user.\n * @param profile - The profile's `displayName` and `photoURL` to update.\n *\n * @public\n */\nexport async function updateProfile(\n user: User,\n {\n displayName,\n photoURL: photoUrl\n }: { displayName?: string | null; photoURL?: string | null }\n): Promise<void> {\n if (displayName === undefined && photoUrl === undefined) {\n return;\n }\n\n const userInternal = getModularInstance(user) as UserInternal;\n const idToken = await userInternal.getIdToken();\n const profileRequest = {\n idToken,\n displayName,\n photoUrl,\n returnSecureToken: true\n };\n const response = await _logoutIfInvalidated(\n userInternal,\n apiUpdateProfile(userInternal.auth, profileRequest)\n );\n\n userInternal.displayName = response.displayName || null;\n userInternal.photoURL = response.photoUrl || null;\n\n // Update the password provider as well\n const passwordProvider = userInternal.providerData.find(\n ({ providerId }) => providerId === ProviderId.PASSWORD\n );\n if (passwordProvider) {\n passwordProvider.displayName = userInternal.displayName;\n passwordProvider.photoURL = userInternal.photoURL;\n }\n\n await userInternal._updateTokensIfNecessary(response);\n}\n\n/**\n * Updates the user's email address.\n *\n * @remarks\n * An email will be sent to the original email address (if it was set) that allows to revoke the\n * email address change, in order to protect them from account hijacking.\n *\n * Important: this is a security sensitive operation that requires the user to have recently signed\n * in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n * @param newEmail - The new email address.\n *\n * Throws \"auth/operation-not-allowed\" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.\n * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.\n *\n * @public\n */\nexport function updateEmail(user: User, newEmail: string): Promise<void> {\n return updateEmailOrPassword(\n getModularInstance(user) as UserInternal,\n newEmail,\n null\n );\n}\n\n/**\n * Updates the user's password.\n *\n * @remarks\n * Important: this is a security sensitive operation that requires the user to have recently signed\n * in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n * @param newPassword - The new password.\n *\n * @public\n */\nexport function updatePassword(user: User, newPassword: string): Promise<void> {\n return updateEmailOrPassword(\n getModularInstance(user) as UserInternal,\n null,\n newPassword\n );\n}\n\nasync function updateEmailOrPassword(\n user: UserInternal,\n email: string | null,\n password: string | null\n): Promise<void> {\n const { auth } = user;\n const idToken = await user.getIdToken();\n const request: UpdateEmailPasswordRequest = {\n idToken,\n returnSecureToken: true\n };\n\n if (email) {\n request.email = email;\n }\n\n if (password) {\n request.password = password;\n }\n\n const response = await _logoutIfInvalidated(\n user,\n apiUpdateEmailPassword(auth, request)\n );\n await user._updateTokensIfNecessary(response, /* reload */ true);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Endpoint, HttpMethod, _performApiRequest } from '../index';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { Auth } from '../../model/public_types';\n\nexport interface UpdateProfileRequest {\n idToken: string;\n displayName?: string | null;\n photoUrl?: string | null;\n returnSecureToken: boolean;\n}\n\nexport interface UpdateProfileResponse extends IdTokenResponse {\n displayName?: string | null;\n photoUrl?: string | null;\n}\n\nexport async function updateProfile(\n auth: Auth,\n request: UpdateProfileRequest\n): Promise<UpdateProfileResponse> {\n return _performApiRequest<UpdateProfileRequest, UpdateProfileResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.SET_ACCOUNT_INFO,\n request\n );\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AdditionalUserInfo, UserCredential } from '../../model/public_types';\nimport { IdTokenResponse, IdTokenResponseKind } from '../../model/id_token';\nimport { _parseToken } from './id_token_result';\nimport { UserCredentialInternal } from '../../model/user';\nimport { ProviderId } from '../../model/enums';\n\n/**\n * Parse the `AdditionalUserInfo` from the ID token response.\n *\n */\nexport function _fromIdTokenResponse(\n idTokenResponse?: IdTokenResponse\n): AdditionalUserInfo | null {\n if (!idTokenResponse) {\n return null;\n }\n const { providerId } = idTokenResponse;\n const profile = idTokenResponse.rawUserInfo\n ? JSON.parse(idTokenResponse.rawUserInfo)\n : {};\n const isNewUser =\n idTokenResponse.isNewUser ||\n idTokenResponse.kind === IdTokenResponseKind.SignupNewUser;\n if (!providerId && idTokenResponse?.idToken) {\n const signInProvider = _parseToken(idTokenResponse.idToken)?.firebase?.[\n 'sign_in_provider'\n ];\n if (signInProvider) {\n const filteredProviderId =\n signInProvider !== ProviderId.ANONYMOUS &&\n signInProvider !== ProviderId.CUSTOM\n ? (signInProvider as ProviderId)\n : null;\n // Uses generic class in accordance with the legacy SDK.\n return new GenericAdditionalUserInfo(isNewUser, filteredProviderId);\n }\n }\n if (!providerId) {\n return null;\n }\n switch (providerId) {\n case ProviderId.FACEBOOK:\n return new FacebookAdditionalUserInfo(isNewUser, profile);\n case ProviderId.GITHUB:\n return new GithubAdditionalUserInfo(isNewUser, profile);\n case ProviderId.GOOGLE:\n return new GoogleAdditionalUserInfo(isNewUser, profile);\n case ProviderId.TWITTER:\n return new TwitterAdditionalUserInfo(\n isNewUser,\n profile,\n idTokenResponse.screenName || null\n );\n case ProviderId.CUSTOM:\n case ProviderId.ANONYMOUS:\n return new GenericAdditionalUserInfo(isNewUser, null);\n default:\n return new GenericAdditionalUserInfo(isNewUser, providerId, profile);\n }\n}\n\nclass GenericAdditionalUserInfo implements AdditionalUserInfo {\n constructor(\n readonly isNewUser: boolean,\n readonly providerId: ProviderId | string | null,\n readonly profile: Record<string, unknown> = {}\n ) {}\n}\n\nclass FederatedAdditionalUserInfoWithUsername extends GenericAdditionalUserInfo {\n constructor(\n isNewUser: boolean,\n providerId: ProviderId,\n profile: Record<string, unknown>,\n readonly username: string | null\n ) {\n super(isNewUser, providerId, profile);\n }\n}\n\nclass FacebookAdditionalUserInfo extends GenericAdditionalUserInfo {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(isNewUser, ProviderId.FACEBOOK, profile);\n }\n}\n\nclass GithubAdditionalUserInfo extends FederatedAdditionalUserInfoWithUsername {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(\n isNewUser,\n ProviderId.GITHUB,\n profile,\n typeof profile?.login === 'string' ? profile?.login : null\n );\n }\n}\n\nclass GoogleAdditionalUserInfo extends GenericAdditionalUserInfo {\n constructor(isNewUser: boolean, profile: Record<string, unknown>) {\n super(isNewUser, ProviderId.GOOGLE, profile);\n }\n}\n\nclass TwitterAdditionalUserInfo extends FederatedAdditionalUserInfoWithUsername {\n constructor(\n isNewUser: boolean,\n profile: Record<string, unknown>,\n screenName: string | null\n ) {\n super(isNewUser, ProviderId.TWITTER, profile, screenName);\n }\n}\n\n/**\n * Extracts provider specific {@link AdditionalUserInfo} for the given credential.\n *\n * @param userCredential - The user credential.\n *\n * @public\n */\nexport function getAdditionalUserInfo(\n userCredential: UserCredential\n): AdditionalUserInfo | null {\n const { user, _tokenResponse } = userCredential as UserCredentialInternal;\n if (user.isAnonymous && !_tokenResponse) {\n // Handle the special case where signInAnonymously() gets called twice.\n // No network call is made so there's nothing to actually fill this in\n return {\n providerId: null,\n isNewUser: false,\n profile: null\n };\n }\n\n return _fromIdTokenResponse(_tokenResponse);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getModularInstance } from '@firebase/util';\nimport {\n Auth,\n NextOrObserver,\n Persistence,\n User,\n CompleteFn,\n ErrorFn,\n Unsubscribe,\n PasswordValidationStatus\n} from '../model/public_types';\nimport { _initializeRecaptchaConfig } from '../platform_browser/recaptcha/recaptcha_enterprise_verifier';\nimport { _castAuth } from '../core/auth/auth_impl';\n\nexport {\n debugErrorMap,\n prodErrorMap,\n AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as AuthErrorCodes\n} from './errors';\n\n// Non-optional auth methods.\n/**\n * Changes the type of persistence on the {@link Auth} instance for the currently saved\n * `Auth` session and applies this type of persistence for future sign-in requests, including\n * sign-in with redirect requests.\n *\n * @remarks\n * This makes it easy for a user signing in to specify whether their session should be\n * remembered or not. It also makes it easier to never persist the `Auth` state for applications\n * that are shared by other users or have sensitive data.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * setPersistence(auth, browserSessionPersistence);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param persistence - The {@link Persistence} to use.\n * @returns A `Promise` that resolves once the persistence change has completed\n *\n * @public\n */\nexport function setPersistence(\n auth: Auth,\n persistence: Persistence\n): Promise<void> {\n return getModularInstance(auth).setPersistence(persistence);\n}\n\n/**\n * Loads the reCAPTCHA configuration into the `Auth` instance.\n *\n * @remarks\n * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA\n * verification flow should be triggered for each auth provider, into the\n * current Auth session.\n *\n * If initializeRecaptchaConfig() is not invoked, the auth flow will always start\n * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA\n * verification, the SDK will transparently load the reCAPTCHA config and restart the\n * auth flows.\n *\n * Thus, by calling this optional method, you will reduce the latency of future auth flows.\n * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * initializeRecaptchaConfig(auth);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function initializeRecaptchaConfig(auth: Auth): Promise<void> {\n return _initializeRecaptchaConfig(auth);\n}\n\n/**\n * Validates the password against the password policy configured for the project or tenant.\n *\n * @remarks\n * If no tenant ID is set on the `Auth` instance, then this method will use the password\n * policy configured for the project. Otherwise, this method will use the policy configured\n * for the tenant. If a password policy has not been configured, then the default policy\n * configured for all projects will be used.\n *\n * If an auth flow fails because a submitted password does not meet the password policy\n * requirements and this method has previously been called, then this method will use the\n * most recent policy available when called again.\n *\n * @example\n * ```javascript\n * validatePassword(auth, 'some-password');\n * ```\n *\n * @param auth The {@link Auth} instance.\n * @param password The password to validate.\n *\n * @public\n */\nexport async function validatePassword(\n auth: Auth,\n password: string\n): Promise<PasswordValidationStatus> {\n const authInternal = _castAuth(auth);\n return authInternal.validatePassword(password);\n}\n\n/**\n * Adds an observer for changes to the signed-in user's ID token.\n *\n * @remarks\n * This includes sign-in, sign-out, and token refresh events.\n * This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.\n *\n * @param auth - The {@link Auth} instance.\n * @param nextOrObserver - callback triggered on change.\n * @param error - Deprecated. This callback is never triggered. Errors\n * on signing in/out can be caught in promises returned from\n * sign-in/sign-out functions.\n * @param completed - Deprecated. This callback is never triggered.\n *\n * @public\n */\nexport function onIdTokenChanged(\n auth: Auth,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n): Unsubscribe {\n return getModularInstance(auth).onIdTokenChanged(\n nextOrObserver,\n error,\n completed\n );\n}\n/**\n * Adds a blocking callback that runs before an auth state change\n * sets a new user.\n *\n * @param auth - The {@link Auth} instance.\n * @param callback - callback triggered before new user value is set.\n * If this throws, it blocks the user from being set.\n * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`\n * callback throws, allowing you to undo any side effects.\n */\nexport function beforeAuthStateChanged(\n auth: Auth,\n callback: (user: User | null) => void | Promise<void>,\n onAbort?: () => void\n): Unsubscribe {\n return getModularInstance(auth).beforeAuthStateChanged(callback, onAbort);\n}\n/**\n * Adds an observer for changes to the user's sign-in state.\n *\n * @remarks\n * To keep the old behavior, see {@link onIdTokenChanged}.\n *\n * @param auth - The {@link Auth} instance.\n * @param nextOrObserver - callback triggered on change.\n * @param error - Deprecated. This callback is never triggered. Errors\n * on signing in/out can be caught in promises returned from\n * sign-in/sign-out functions.\n * @param completed - Deprecated. This callback is never triggered.\n *\n * @public\n */\nexport function onAuthStateChanged(\n auth: Auth,\n nextOrObserver: NextOrObserver<User>,\n error?: ErrorFn,\n completed?: CompleteFn\n): Unsubscribe {\n return getModularInstance(auth).onAuthStateChanged(\n nextOrObserver,\n error,\n completed\n );\n}\n/**\n * Sets the current language to the default device/browser preference.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function useDeviceLanguage(auth: Auth): void {\n getModularInstance(auth).useDeviceLanguage();\n}\n/**\n * Asynchronously sets the provided user as {@link Auth.currentUser} on the\n * {@link Auth} instance.\n *\n * @remarks\n * A new instance copy of the user provided will be made and set as currentUser.\n *\n * This will trigger {@link onAuthStateChanged} and {@link onIdTokenChanged} listeners\n * like other sign in methods.\n *\n * The operation fails with an error if the user to be updated belongs to a different Firebase\n * project.\n *\n * @param auth - The {@link Auth} instance.\n * @param user - The new {@link User}.\n *\n * @public\n */\nexport function updateCurrentUser(\n auth: Auth,\n user: User | null\n): Promise<void> {\n return getModularInstance(auth).updateCurrentUser(user);\n}\n/**\n * Signs out the current user.\n *\n * @param auth - The {@link Auth} instance.\n *\n * @public\n */\nexport function signOut(auth: Auth): Promise<void> {\n return getModularInstance(auth).signOut();\n}\n\n/**\n * Revokes the given access token. Currently only supports Apple OAuth access tokens.\n *\n * @param auth - The {@link Auth} instance.\n * @param token - The Apple OAuth access token.\n *\n * @public\n */\nexport function revokeAccessToken(auth: Auth, token: string): Promise<void> {\n const authInternal = _castAuth(auth);\n return authInternal.revokeAccessToken(token);\n}\n\nexport { initializeAuth } from './auth/initialize';\nexport { connectAuthEmulator } from './auth/emulator';\n\n// credentials\nexport { AuthCredential } from './credentials';\nexport { EmailAuthCredential } from './credentials/email';\nexport { OAuthCredential } from './credentials/oauth';\nexport { PhoneAuthCredential } from './credentials/phone';\n\n// persistence\nexport { inMemoryPersistence } from './persistence/in_memory';\n\n// providers\nexport { EmailAuthProvider } from './providers/email';\nexport { FacebookAuthProvider } from './providers/facebook';\nexport { CustomParameters } from './providers/federated';\nexport { GoogleAuthProvider } from './providers/google';\nexport { GithubAuthProvider } from './providers/github';\nexport { OAuthProvider, OAuthCredentialOptions } from './providers/oauth';\nexport { SAMLAuthProvider } from './providers/saml';\nexport { TwitterAuthProvider } from './providers/twitter';\n\n// strategies\nexport { signInAnonymously } from './strategies/anonymous';\nexport {\n signInWithCredential,\n linkWithCredential,\n reauthenticateWithCredential\n} from './strategies/credential';\nexport { signInWithCustomToken } from './strategies/custom_token';\nexport {\n sendPasswordResetEmail,\n confirmPasswordReset,\n applyActionCode,\n checkActionCode,\n verifyPasswordResetCode,\n createUserWithEmailAndPassword,\n signInWithEmailAndPassword\n} from './strategies/email_and_password';\nexport {\n sendSignInLinkToEmail,\n isSignInWithEmailLink,\n signInWithEmailLink\n} from './strategies/email_link';\nexport {\n fetchSignInMethodsForEmail,\n sendEmailVerification,\n verifyBeforeUpdateEmail\n} from './strategies/email';\n\n// core\nexport { ActionCodeURL, parseActionCodeURL } from './action_code_url';\n\n// user\nexport {\n updateProfile,\n updateEmail,\n updatePassword\n} from './user/account_info';\nexport { getIdToken, getIdTokenResult } from './user/id_token_result';\nexport { unlink } from './user/link_unlink';\nexport { getAdditionalUserInfo } from './user/additional_user_info';\n\n// Non-optional user methods.\nexport { reload } from './user/reload';\n/**\n * Deletes and signs out the user.\n *\n * @remarks\n * Important: this is a security-sensitive operation that requires the user to have recently\n * signed in. If this requirement isn't met, ask the user to authenticate again and then call\n * {@link reauthenticateWithCredential}.\n *\n * @param user - The user.\n *\n * @public\n */\nexport async function deleteUser(user: User): Promise<void> {\n return getModularInstance(user).delete();\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { UserInternal } from '../model/user';\nimport { MultiFactorSession } from '../model/public_types';\n\nexport const enum MultiFactorSessionType {\n ENROLL = 'enroll',\n SIGN_IN = 'signin'\n}\n\ninterface SerializedMultiFactorSession {\n multiFactorSession: {\n idToken?: string;\n pendingCredential?: string;\n };\n}\n\nexport class MultiFactorSessionImpl implements MultiFactorSession {\n private constructor(\n readonly type: MultiFactorSessionType,\n readonly credential: string,\n readonly user?: UserInternal\n ) {}\n\n static _fromIdtoken(\n idToken: string,\n user?: UserInternal\n ): MultiFactorSessionImpl {\n return new MultiFactorSessionImpl(\n MultiFactorSessionType.ENROLL,\n idToken,\n user\n );\n }\n\n static _fromMfaPendingCredential(\n mfaPendingCredential: string\n ): MultiFactorSessionImpl {\n return new MultiFactorSessionImpl(\n MultiFactorSessionType.SIGN_IN,\n mfaPendingCredential\n );\n }\n\n toJSON(): SerializedMultiFactorSession {\n const key =\n this.type === MultiFactorSessionType.ENROLL\n ? 'idToken'\n : 'pendingCredential';\n return {\n multiFactorSession: {\n [key]: this.credential\n }\n };\n }\n\n static fromJSON(\n obj: Partial<SerializedMultiFactorSession>\n ): MultiFactorSessionImpl | null {\n if (obj?.multiFactorSession) {\n if (obj.multiFactorSession?.pendingCredential) {\n return MultiFactorSessionImpl._fromMfaPendingCredential(\n obj.multiFactorSession.pendingCredential\n );\n } else if (obj.multiFactorSession?.idToken) {\n return MultiFactorSessionImpl._fromIdtoken(\n obj.multiFactorSession.idToken\n );\n }\n }\n return null;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n MultiFactorResolver,\n UserCredential,\n MultiFactorError\n} from '../model/public_types';\n\nimport { _castAuth } from '../core/auth/auth_impl';\nimport { AuthErrorCode } from '../core/errors';\nimport { UserCredentialImpl } from '../core/user/user_credential_impl';\nimport { _assert, _fail } from '../core/util/assert';\nimport { UserCredentialInternal } from '../model/user';\nimport { MultiFactorAssertionImpl } from './mfa_assertion';\nimport { MultiFactorError as MultiFactorErrorInternal } from './mfa_error';\nimport { MultiFactorInfoImpl } from './mfa_info';\nimport { MultiFactorSessionImpl } from './mfa_session';\nimport { getModularInstance } from '@firebase/util';\nimport { OperationType } from '../model/enums';\n\nexport class MultiFactorResolverImpl implements MultiFactorResolver {\n private constructor(\n readonly session: MultiFactorSessionImpl,\n readonly hints: MultiFactorInfoImpl[],\n private readonly signInResolver: (\n assertion: MultiFactorAssertionImpl\n ) => Promise<UserCredentialInternal>\n ) {}\n\n /** @internal */\n static _fromError(\n authExtern: Auth,\n error: MultiFactorErrorInternal\n ): MultiFactorResolverImpl {\n const auth = _castAuth(authExtern);\n const serverResponse = error.customData._serverResponse;\n const hints = (serverResponse.mfaInfo || []).map(enrollment =>\n MultiFactorInfoImpl._fromServerResponse(auth, enrollment)\n );\n\n _assert(\n serverResponse.mfaPendingCredential,\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const session = MultiFactorSessionImpl._fromMfaPendingCredential(\n serverResponse.mfaPendingCredential\n );\n\n return new MultiFactorResolverImpl(\n session,\n hints,\n async (\n assertion: MultiFactorAssertionImpl\n ): Promise<UserCredentialInternal> => {\n const mfaResponse = await assertion._process(auth, session);\n // Clear out the unneeded fields from the old login response\n delete serverResponse.mfaInfo;\n delete serverResponse.mfaPendingCredential;\n\n // Use in the new token & refresh token in the old response\n const idTokenResponse = {\n ...serverResponse,\n idToken: mfaResponse.idToken,\n refreshToken: mfaResponse.refreshToken\n };\n\n // TODO: we should collapse this switch statement into UserCredentialImpl._forOperation and have it support the SIGN_IN case\n switch (error.operationType) {\n case OperationType.SIGN_IN:\n const userCredential =\n await UserCredentialImpl._fromIdTokenResponse(\n auth,\n error.operationType,\n idTokenResponse\n );\n await auth._updateCurrentUser(userCredential.user);\n return userCredential;\n case OperationType.REAUTHENTICATE:\n _assert(error.user, auth, AuthErrorCode.INTERNAL_ERROR);\n return UserCredentialImpl._forOperation(\n error.user,\n error.operationType,\n idTokenResponse\n );\n default:\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n );\n }\n\n async resolveSignIn(\n assertionExtern: MultiFactorAssertionImpl\n ): Promise<UserCredential> {\n const assertion = assertionExtern as MultiFactorAssertionImpl;\n return this.signInResolver(assertion);\n }\n}\n\n/**\n * Provides a {@link MultiFactorResolver} suitable for completion of a\n * multi-factor flow.\n *\n * @param auth - The {@link Auth} instance.\n * @param error - The {@link MultiFactorError} raised during a sign-in, or\n * reauthentication operation.\n *\n * @public\n */\nexport function getMultiFactorResolver(\n auth: Auth,\n error: MultiFactorError\n): MultiFactorResolver {\n const authModular = getModularInstance(auth);\n const errorInternal = error as MultiFactorErrorInternal;\n _assert(\n error.customData.operationType,\n authModular,\n AuthErrorCode.ARGUMENT_ERROR\n );\n _assert(\n errorInternal.customData._serverResponse?.mfaPendingCredential,\n authModular,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n return MultiFactorResolverImpl._fromError(authModular, errorInternal);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n MultiFactorAssertion,\n MultiFactorInfo,\n MultiFactorSession,\n MultiFactorUser,\n User\n} from '../model/public_types';\n\nimport { withdrawMfa } from '../api/account_management/mfa';\nimport { _logoutIfInvalidated } from '../core/user/invalidation';\nimport { UserInternal } from '../model/user';\nimport { MultiFactorAssertionImpl } from './mfa_assertion';\nimport { MultiFactorInfoImpl } from './mfa_info';\nimport { MultiFactorSessionImpl } from './mfa_session';\nimport { getModularInstance } from '@firebase/util';\n\nexport class MultiFactorUserImpl implements MultiFactorUser {\n enrolledFactors: MultiFactorInfo[] = [];\n\n private constructor(readonly user: UserInternal) {\n user._onReload(userInfo => {\n if (userInfo.mfaInfo) {\n this.enrolledFactors = userInfo.mfaInfo.map(enrollment =>\n MultiFactorInfoImpl._fromServerResponse(user.auth, enrollment)\n );\n }\n });\n }\n\n static _fromUser(user: UserInternal): MultiFactorUserImpl {\n return new MultiFactorUserImpl(user);\n }\n\n async getSession(): Promise<MultiFactorSession> {\n return MultiFactorSessionImpl._fromIdtoken(\n await this.user.getIdToken(),\n this.user\n );\n }\n\n async enroll(\n assertionExtern: MultiFactorAssertion,\n displayName?: string | null\n ): Promise<void> {\n const assertion = assertionExtern as MultiFactorAssertionImpl;\n const session = (await this.getSession()) as MultiFactorSessionImpl;\n const finalizeMfaResponse = await _logoutIfInvalidated(\n this.user,\n assertion._process(this.user.auth, session, displayName)\n );\n // New tokens will be issued after enrollment of the new second factors.\n // They need to be updated on the user.\n await this.user._updateTokensIfNecessary(finalizeMfaResponse);\n // The user needs to be reloaded to get the new multi-factor information\n // from server. USER_RELOADED event will be triggered and `enrolledFactors`\n // will be updated.\n return this.user.reload();\n }\n\n async unenroll(infoOrUid: MultiFactorInfo | string): Promise<void> {\n const mfaEnrollmentId =\n typeof infoOrUid === 'string' ? infoOrUid : infoOrUid.uid;\n const idToken = await this.user.getIdToken();\n try {\n const idTokenResponse = await _logoutIfInvalidated(\n this.user,\n withdrawMfa(this.user.auth, {\n idToken,\n mfaEnrollmentId\n })\n );\n // Remove the second factor from the user's list.\n this.enrolledFactors = this.enrolledFactors.filter(\n ({ uid }) => uid !== mfaEnrollmentId\n );\n // Depending on whether the backend decided to revoke the user's session,\n // the tokenResponse may be empty. If the tokens were not updated (and they\n // are now invalid), reloading the user will discover this and invalidate\n // the user's state accordingly.\n await this.user._updateTokensIfNecessary(idTokenResponse);\n await this.user.reload();\n } catch (e) {\n throw e;\n }\n }\n}\n\nconst multiFactorUserCache = new WeakMap<User, MultiFactorUser>();\n\n/**\n * The {@link MultiFactorUser} corresponding to the user.\n *\n * @remarks\n * This is used to access all multi-factor properties and operations related to the user.\n *\n * @param user - The user.\n *\n * @public\n */\nexport function multiFactor(user: User): MultiFactorUser {\n const userModular = getModularInstance(user);\n if (!multiFactorUserCache.has(userModular)) {\n multiFactorUserCache.set(\n userModular,\n MultiFactorUserImpl._fromUser(userModular as UserInternal)\n );\n }\n return multiFactorUserCache.get(userModular)!;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Endpoint,\n HttpMethod,\n _addTidIfNecessary,\n _performApiRequest\n} from '../index';\nimport { SignInWithPhoneNumberRequest } from '../authentication/sms';\nimport { FinalizeMfaResponse } from '../authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\n\n/**\n * MFA Info as returned by the API.\n */\ninterface BaseMfaEnrollment {\n mfaEnrollmentId: string;\n enrolledAt: number;\n displayName?: string;\n}\n\n/**\n * An MFA provided by SMS verification.\n */\nexport interface PhoneMfaEnrollment extends BaseMfaEnrollment {\n phoneInfo: string;\n}\n\n/**\n * An MFA provided by TOTP (Time-based One Time Password).\n */\nexport interface TotpMfaEnrollment extends BaseMfaEnrollment {}\n\n/**\n * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.\n */\nexport type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;\n\nexport interface StartPhoneMfaEnrollmentRequest {\n idToken: string;\n phoneEnrollmentInfo: {\n phoneNumber: string;\n recaptchaToken: string;\n };\n tenantId?: string;\n}\n\nexport interface StartPhoneMfaEnrollmentResponse {\n phoneSessionInfo: {\n sessionInfo: string;\n };\n}\n\nexport function startEnrollPhoneMfa(\n auth: AuthInternal,\n request: StartPhoneMfaEnrollmentRequest\n): Promise<StartPhoneMfaEnrollmentResponse> {\n return _performApiRequest<\n StartPhoneMfaEnrollmentRequest,\n StartPhoneMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface FinalizePhoneMfaEnrollmentRequest {\n idToken: string;\n phoneVerificationInfo: SignInWithPhoneNumberRequest;\n displayName?: string | null;\n tenantId?: string;\n}\n\nexport interface FinalizePhoneMfaEnrollmentResponse\n extends FinalizeMfaResponse {}\n\nexport function finalizeEnrollPhoneMfa(\n auth: AuthInternal,\n request: FinalizePhoneMfaEnrollmentRequest\n): Promise<FinalizePhoneMfaEnrollmentResponse> {\n return _performApiRequest<\n FinalizePhoneMfaEnrollmentRequest,\n FinalizePhoneMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\nexport interface StartTotpMfaEnrollmentRequest {\n idToken: string;\n totpEnrollmentInfo: {};\n tenantId?: string;\n}\n\nexport interface StartTotpMfaEnrollmentResponse {\n totpSessionInfo: {\n sharedSecretKey: string;\n verificationCodeLength: number;\n hashingAlgorithm: string;\n periodSec: number;\n sessionInfo: string;\n finalizeEnrollmentTime: number;\n };\n}\n\nexport function startEnrollTotpMfa(\n auth: AuthInternal,\n request: StartTotpMfaEnrollmentRequest\n): Promise<StartTotpMfaEnrollmentResponse> {\n return _performApiRequest<\n StartTotpMfaEnrollmentRequest,\n StartTotpMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface TotpVerificationInfo {\n sessionInfo: string;\n verificationCode: string;\n}\nexport interface FinalizeTotpMfaEnrollmentRequest {\n idToken: string;\n totpVerificationInfo: TotpVerificationInfo;\n displayName?: string | null;\n tenantId?: string;\n}\n\nexport interface FinalizeTotpMfaEnrollmentResponse\n extends FinalizeMfaResponse {}\n\nexport function finalizeEnrollTotpMfa(\n auth: AuthInternal,\n request: FinalizeTotpMfaEnrollmentRequest\n): Promise<FinalizeTotpMfaEnrollmentResponse> {\n return _performApiRequest<\n FinalizeTotpMfaEnrollmentRequest,\n FinalizeTotpMfaEnrollmentResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_ENROLLMENT,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface WithdrawMfaRequest {\n idToken: string;\n mfaEnrollmentId: string;\n tenantId?: string;\n}\n\nexport interface WithdrawMfaResponse extends FinalizeMfaResponse {}\n\nexport function withdrawMfa(\n auth: AuthInternal,\n request: WithdrawMfaRequest\n): Promise<WithdrawMfaResponse> {\n return _performApiRequest<WithdrawMfaRequest, WithdrawMfaResponse>(\n auth,\n HttpMethod.POST,\n Endpoint.WITHDRAW_MFA,\n _addTidIfNecessary(auth, request)\n );\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n PersistenceValue,\n STORAGE_AVAILABLE_KEY,\n PersistenceType\n} from '../../core/persistence';\n\n// There are two different browser persistence types: local and session.\n// Both have the same implementation but use a different underlying storage\n// object.\n\nexport abstract class BrowserPersistenceClass {\n protected constructor(\n protected readonly storageRetriever: () => Storage,\n readonly type: PersistenceType\n ) {}\n\n _isAvailable(): Promise<boolean> {\n try {\n if (!this.storage) {\n return Promise.resolve(false);\n }\n this.storage.setItem(STORAGE_AVAILABLE_KEY, '1');\n this.storage.removeItem(STORAGE_AVAILABLE_KEY);\n return Promise.resolve(true);\n } catch {\n return Promise.resolve(false);\n }\n }\n\n _set(key: string, value: PersistenceValue): Promise<void> {\n this.storage.setItem(key, JSON.stringify(value));\n return Promise.resolve();\n }\n\n _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const json = this.storage.getItem(key);\n return Promise.resolve(json ? JSON.parse(json) : null);\n }\n\n _remove(key: string): Promise<void> {\n this.storage.removeItem(key);\n return Promise.resolve();\n }\n\n protected get storage(): Storage {\n return this.storageRetriever();\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Persistence } from '../../model/public_types';\n\nexport const enum PersistenceType {\n SESSION = 'SESSION',\n LOCAL = 'LOCAL',\n NONE = 'NONE'\n}\n\nexport type PersistedBlob = Record<string, unknown>;\n\nexport interface Instantiator<T> {\n (blob: PersistedBlob): T;\n}\n\nexport type PersistenceValue = PersistedBlob | string;\n\nexport const STORAGE_AVAILABLE_KEY = '__sak';\n\nexport interface StorageEventListener {\n (value: PersistenceValue | null): void;\n}\n\nexport interface PersistenceInternal extends Persistence {\n type: PersistenceType;\n _isAvailable(): Promise<boolean>;\n _set(key: string, value: PersistenceValue): Promise<void>;\n _get<T extends PersistenceValue>(key: string): Promise<T | null>;\n _remove(key: string): Promise<void>;\n _addListener(key: string, listener: StorageEventListener): void;\n _removeListener(key: string, listener: StorageEventListener): void;\n // Should this persistence allow migration up the chosen hierarchy?\n _shouldAllowMigration?: boolean;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport { getUA } from '@firebase/util';\nimport {\n _isSafari,\n _isIOS,\n _isIframe,\n _isMobileBrowser,\n _isIE10\n} from '../../core/util/browser';\nimport {\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n PersistenceValue,\n StorageEventListener\n} from '../../core/persistence';\nimport { BrowserPersistenceClass } from './browser';\n\nfunction _iframeCannotSyncWebStorage(): boolean {\n const ua = getUA();\n return _isSafari(ua) || _isIOS(ua);\n}\n\n// The polling period in case events are not supported\nexport const _POLLING_INTERVAL_MS = 1000;\n\n// The IE 10 localStorage cross tab synchronization delay in milliseconds\nconst IE10_LOCAL_STORAGE_SYNC_DELAY = 10;\n\nclass BrowserLocalPersistence\n extends BrowserPersistenceClass\n implements InternalPersistence\n{\n static type: 'LOCAL' = 'LOCAL';\n\n constructor() {\n super(() => window.localStorage, PersistenceType.LOCAL);\n }\n\n private readonly boundEventHandler = (\n event: StorageEvent,\n poll?: boolean\n ): void => this.onStorageEvent(event, poll);\n private readonly listeners: Record<string, Set<StorageEventListener>> = {};\n private readonly localCache: Record<string, string | null> = {};\n // setTimeout return value is platform specific\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private pollTimer: any | null = null;\n\n // Safari or iOS browser and embedded in an iframe.\n private readonly safariLocalStorageNotSynced =\n _iframeCannotSyncWebStorage() && _isIframe();\n // Whether to use polling instead of depending on window events\n private readonly fallbackToPolling = _isMobileBrowser();\n readonly _shouldAllowMigration = true;\n\n private forAllChangedKeys(\n cb: (key: string, oldValue: string | null, newValue: string | null) => void\n ): void {\n // Check all keys with listeners on them.\n for (const key of Object.keys(this.listeners)) {\n // Get value from localStorage.\n const newValue = this.storage.getItem(key);\n const oldValue = this.localCache[key];\n // If local map value does not match, trigger listener with storage event.\n // Differentiate this simulated event from the real storage event.\n if (newValue !== oldValue) {\n cb(key, oldValue, newValue);\n }\n }\n }\n\n private onStorageEvent(event: StorageEvent, poll = false): void {\n // Key would be null in some situations, like when localStorage is cleared\n if (!event.key) {\n this.forAllChangedKeys(\n (key: string, _oldValue: string | null, newValue: string | null) => {\n this.notifyListeners(key, newValue);\n }\n );\n return;\n }\n\n const key = event.key;\n\n // Check the mechanism how this event was detected.\n // The first event will dictate the mechanism to be used.\n if (poll) {\n // Environment detects storage changes via polling.\n // Remove storage event listener to prevent possible event duplication.\n this.detachListener();\n } else {\n // Environment detects storage changes via storage event listener.\n // Remove polling listener to prevent possible event duplication.\n this.stopPolling();\n }\n\n // Safari embedded iframe. Storage event will trigger with the delta\n // changes but no changes will be applied to the iframe localStorage.\n if (this.safariLocalStorageNotSynced) {\n // Get current iframe page value.\n const storedValue = this.storage.getItem(key);\n // Value not synchronized, synchronize manually.\n if (event.newValue !== storedValue) {\n if (event.newValue !== null) {\n // Value changed from current value.\n this.storage.setItem(key, event.newValue);\n } else {\n // Current value deleted.\n this.storage.removeItem(key);\n }\n } else if (this.localCache[key] === event.newValue && !poll) {\n // Already detected and processed, do not trigger listeners again.\n return;\n }\n }\n\n const triggerListeners = (): void => {\n // Keep local map up to date in case storage event is triggered before\n // poll.\n const storedValue = this.storage.getItem(key);\n if (!poll && this.localCache[key] === storedValue) {\n // Real storage event which has already been detected, do nothing.\n // This seems to trigger in some IE browsers for some reason.\n return;\n }\n this.notifyListeners(key, storedValue);\n };\n\n const storedValue = this.storage.getItem(key);\n if (\n _isIE10() &&\n storedValue !== event.newValue &&\n event.newValue !== event.oldValue\n ) {\n // IE 10 has this weird bug where a storage event would trigger with the\n // correct key, oldValue and newValue but localStorage.getItem(key) does\n // not yield the updated value until a few milliseconds. This ensures\n // this recovers from that situation.\n setTimeout(triggerListeners, IE10_LOCAL_STORAGE_SYNC_DELAY);\n } else {\n triggerListeners();\n }\n }\n\n private notifyListeners(key: string, value: string | null): void {\n this.localCache[key] = value;\n const listeners = this.listeners[key];\n if (listeners) {\n for (const listener of Array.from(listeners)) {\n listener(value ? JSON.parse(value) : value);\n }\n }\n }\n\n private startPolling(): void {\n this.stopPolling();\n\n this.pollTimer = setInterval(() => {\n this.forAllChangedKeys(\n (key: string, oldValue: string | null, newValue: string | null) => {\n this.onStorageEvent(\n new StorageEvent('storage', {\n key,\n oldValue,\n newValue\n }),\n /* poll */ true\n );\n }\n );\n }, _POLLING_INTERVAL_MS);\n }\n\n private stopPolling(): void {\n if (this.pollTimer) {\n clearInterval(this.pollTimer);\n this.pollTimer = null;\n }\n }\n\n private attachListener(): void {\n window.addEventListener('storage', this.boundEventHandler);\n }\n\n private detachListener(): void {\n window.removeEventListener('storage', this.boundEventHandler);\n }\n\n _addListener(key: string, listener: StorageEventListener): void {\n if (Object.keys(this.listeners).length === 0) {\n // Whether browser can detect storage event when it had already been pushed to the background.\n // This may happen in some mobile browsers. A localStorage change in the foreground window\n // will not be detected in the background window via the storage event.\n // This was detected in iOS 7.x mobile browsers\n if (this.fallbackToPolling) {\n this.startPolling();\n } else {\n this.attachListener();\n }\n }\n if (!this.listeners[key]) {\n this.listeners[key] = new Set();\n // Populate the cache to avoid spuriously triggering on first poll.\n this.localCache[key] = this.storage.getItem(key);\n }\n this.listeners[key].add(listener);\n }\n\n _removeListener(key: string, listener: StorageEventListener): void {\n if (this.listeners[key]) {\n this.listeners[key].delete(listener);\n\n if (this.listeners[key].size === 0) {\n delete this.listeners[key];\n }\n }\n\n if (Object.keys(this.listeners).length === 0) {\n this.detachListener();\n this.stopPolling();\n }\n }\n\n // Update local cache on base operations:\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n await super._set(key, value);\n this.localCache[key] = JSON.stringify(value);\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const value = await super._get<T>(key);\n this.localCache[key] = JSON.stringify(value);\n return value;\n }\n\n async _remove(key: string): Promise<void> {\n await super._remove(key);\n delete this.localCache[key];\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`\n * for the underlying storage.\n *\n * @public\n */\nexport const browserLocalPersistence: Persistence = BrowserLocalPersistence;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\n\nimport {\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n StorageEventListener\n} from '../../core/persistence';\nimport { BrowserPersistenceClass } from './browser';\n\nclass BrowserSessionPersistence\n extends BrowserPersistenceClass\n implements InternalPersistence\n{\n static type: 'SESSION' = 'SESSION';\n\n constructor() {\n super(() => window.sessionStorage, PersistenceType.SESSION);\n }\n\n _addListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for session storage since it cannot be shared across windows\n return;\n }\n\n _removeListener(_key: string, _listener: StorageEventListener): void {\n // Listeners are not supported for session storage since it cannot be shared across windows\n return;\n }\n}\n\n/**\n * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`\n * for the underlying storage.\n *\n * @public\n */\nexport const browserSessionPersistence: Persistence = BrowserSessionPersistence;\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ReceiverHandler,\n _EventType,\n _ReceiverResponse,\n SenderMessageEvent,\n _Status,\n _SenderRequest\n} from './index';\nimport { _allSettled } from './promise';\n\n/**\n * Interface class for receiving messages.\n *\n */\nexport class Receiver {\n private static readonly receivers: Receiver[] = [];\n private readonly boundEventHandler: EventListener;\n\n private readonly handlersMap: {\n // Typescript doesn't have existential types :(\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n [eventType: string]: Set<ReceiverHandler<any, any>>;\n } = {};\n\n constructor(private readonly eventTarget: EventTarget) {\n this.boundEventHandler = this.handleEvent.bind(this);\n }\n\n /**\n * Obtain an instance of a Receiver for a given event target, if none exists it will be created.\n *\n * @param eventTarget - An event target (such as window or self) through which the underlying\n * messages will be received.\n */\n static _getInstance(eventTarget: EventTarget): Receiver {\n // The results are stored in an array since objects can't be keys for other\n // objects. In addition, setting a unique property on an event target as a\n // hash map key may not be allowed due to CORS restrictions.\n const existingInstance = this.receivers.find(receiver =>\n receiver.isListeningto(eventTarget)\n );\n if (existingInstance) {\n return existingInstance;\n }\n const newInstance = new Receiver(eventTarget);\n this.receivers.push(newInstance);\n return newInstance;\n }\n\n private isListeningto(eventTarget: EventTarget): boolean {\n return this.eventTarget === eventTarget;\n }\n\n /**\n * Fans out a MessageEvent to the appropriate listeners.\n *\n * @remarks\n * Sends an {@link Status.ACK} upon receipt and a {@link Status.DONE} once all handlers have\n * finished processing.\n *\n * @param event - The MessageEvent.\n *\n */\n private async handleEvent<\n T extends _ReceiverResponse,\n S extends _SenderRequest\n >(event: Event): Promise<void> {\n const messageEvent = event as MessageEvent<SenderMessageEvent<S>>;\n const { eventId, eventType, data } = messageEvent.data;\n\n const handlers: Set<ReceiverHandler<T, S>> | undefined =\n this.handlersMap[eventType];\n if (!handlers?.size) {\n return;\n }\n\n messageEvent.ports[0].postMessage({\n status: _Status.ACK,\n eventId,\n eventType\n });\n\n const promises = Array.from(handlers).map(async handler =>\n handler(messageEvent.origin, data)\n );\n const response = await _allSettled(promises);\n messageEvent.ports[0].postMessage({\n status: _Status.DONE,\n eventId,\n eventType,\n response\n });\n }\n\n /**\n * Subscribe an event handler for a particular event.\n *\n * @param eventType - Event name to subscribe to.\n * @param eventHandler - The event handler which should receive the events.\n *\n */\n _subscribe<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n eventHandler: ReceiverHandler<T, S>\n ): void {\n if (Object.keys(this.handlersMap).length === 0) {\n this.eventTarget.addEventListener('message', this.boundEventHandler);\n }\n\n if (!this.handlersMap[eventType]) {\n this.handlersMap[eventType] = new Set();\n }\n\n this.handlersMap[eventType].add(eventHandler);\n }\n\n /**\n * Unsubscribe an event handler from a particular event.\n *\n * @param eventType - Event name to unsubscribe from.\n * @param eventHandler - Optinoal event handler, if none provided, unsubscribe all handlers on this event.\n *\n */\n _unsubscribe<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n eventHandler?: ReceiverHandler<T, S>\n ): void {\n if (this.handlersMap[eventType] && eventHandler) {\n this.handlersMap[eventType].delete(eventHandler);\n }\n if (!eventHandler || this.handlersMap[eventType].size === 0) {\n delete this.handlersMap[eventType];\n }\n\n if (Object.keys(this.handlersMap).length === 0) {\n this.eventTarget.removeEventListener('message', this.boundEventHandler);\n }\n }\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/** TODO: remove this once tslib has a polyfill for Promise.allSettled */\ninterface PromiseFulfilledResult<T> {\n fulfilled: true;\n value: T;\n}\n\ninterface PromiseRejectedResult {\n fulfilled: false;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n reason: any;\n}\n\nexport type PromiseSettledResult<T> =\n | PromiseFulfilledResult<T>\n | PromiseRejectedResult;\n\n/**\n * Shim for Promise.allSettled, note the slightly different format of `fulfilled` vs `status`.\n *\n * @param promises - Array of promises to wait on.\n */\nexport function _allSettled<T>(\n promises: Array<Promise<T>>\n): Promise<Array<PromiseSettledResult<T>>> {\n return Promise.all(\n promises.map(async promise => {\n try {\n const value = await promise;\n return {\n fulfilled: true,\n value\n } as PromiseFulfilledResult<T>;\n } catch (reason) {\n return {\n fulfilled: false,\n reason\n } as PromiseRejectedResult;\n }\n })\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function _generateEventId(prefix = '', digits = 10): string {\n let random = '';\n for (let i = 0; i < digits; i++) {\n random += Math.floor(Math.random() * 10);\n }\n return prefix + random;\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _generateEventId } from '../../core/util/event_id';\nimport {\n _SenderRequest,\n _EventType,\n ReceiverMessageEvent,\n _MessageError,\n SenderMessageEvent,\n _Status,\n _ReceiverMessageResponse,\n _ReceiverResponse,\n _TimeoutDuration\n} from './index';\n\ninterface MessageHandler {\n messageChannel: MessageChannel;\n onMessage: EventListenerOrEventListenerObject;\n}\n\n/**\n * Interface for sending messages and waiting for a completion response.\n *\n */\nexport class Sender {\n private readonly handlers = new Set<MessageHandler>();\n\n constructor(private readonly target: ServiceWorker) {}\n\n /**\n * Unsubscribe the handler and remove it from our tracking Set.\n *\n * @param handler - The handler to unsubscribe.\n */\n private removeMessageHandler(handler: MessageHandler): void {\n if (handler.messageChannel) {\n handler.messageChannel.port1.removeEventListener(\n 'message',\n handler.onMessage\n );\n handler.messageChannel.port1.close();\n }\n this.handlers.delete(handler);\n }\n\n /**\n * Send a message to the Receiver located at {@link target}.\n *\n * @remarks\n * We'll first wait a bit for an ACK , if we get one we will wait significantly longer until the\n * receiver has had a chance to fully process the event.\n *\n * @param eventType - Type of event to send.\n * @param data - The payload of the event.\n * @param timeout - Timeout for waiting on an ACK from the receiver.\n *\n * @returns An array of settled promises from all the handlers that were listening on the receiver.\n */\n async _send<T extends _ReceiverResponse, S extends _SenderRequest>(\n eventType: _EventType,\n data: S,\n timeout = _TimeoutDuration.ACK\n ): Promise<_ReceiverMessageResponse<T>> {\n const messageChannel =\n typeof MessageChannel !== 'undefined' ? new MessageChannel() : null;\n if (!messageChannel) {\n throw new Error(_MessageError.CONNECTION_UNAVAILABLE);\n }\n // Node timers and browser timers return fundamentally different types.\n // We don't actually care what the value is but TS won't accept unknown and\n // we can't cast properly in both environments.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n let completionTimer: any;\n let handler: MessageHandler;\n return new Promise<_ReceiverMessageResponse<T>>((resolve, reject) => {\n const eventId = _generateEventId('', 20);\n messageChannel.port1.start();\n const ackTimer = setTimeout(() => {\n reject(new Error(_MessageError.UNSUPPORTED_EVENT));\n }, timeout);\n handler = {\n messageChannel,\n onMessage(event: Event): void {\n const messageEvent = event as MessageEvent<ReceiverMessageEvent<T>>;\n if (messageEvent.data.eventId !== eventId) {\n return;\n }\n switch (messageEvent.data.status) {\n case _Status.ACK:\n // The receiver should ACK first.\n clearTimeout(ackTimer);\n completionTimer = setTimeout(() => {\n reject(new Error(_MessageError.TIMEOUT));\n }, _TimeoutDuration.COMPLETION);\n break;\n case _Status.DONE:\n // Once the receiver's handlers are finished we will get the results.\n clearTimeout(completionTimer);\n resolve(messageEvent.data.response);\n break;\n default:\n clearTimeout(ackTimer);\n clearTimeout(completionTimer);\n reject(new Error(_MessageError.INVALID_RESPONSE));\n break;\n }\n }\n };\n this.handlers.add(handler);\n messageChannel.port1.addEventListener('message', handler.onMessage);\n this.target.postMessage(\n {\n eventType,\n eventId,\n data\n } as SenderMessageEvent<S>,\n [messageChannel.port2]\n );\n }).finally(() => {\n if (handler) {\n this.removeMessageHandler(handler);\n }\n });\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Recaptcha, GreCAPTCHATopLevel } from './recaptcha/recaptcha';\n\n/**\n * A specialized window type that melds the normal window type plus the\n * various bits we need. The three different blocks that are &'d together\n * cant be defined in the same block together.\n */\nexport type AuthWindow = {\n // Standard window types\n [T in keyof Window]: Window[T];\n} & {\n // Any known / named properties we want to add\n grecaptcha?: Recaptcha | GreCAPTCHATopLevel;\n /* eslint-disable-next-line @typescript-eslint/no-explicit-any */\n ___jsl?: Record<string, any>;\n gapi?: typeof gapi;\n} & {\n // A final catch-all for callbacks (which will have random names) that\n // we will stick on the window.\n [callback: string]: (...args: unknown[]) => void;\n};\n\n/**\n * Lazy accessor for window, since the compat layer won't tree shake this out,\n * we need to make sure not to mess with window unless we have to\n */\nexport function _window(): AuthWindow {\n return window as unknown as AuthWindow;\n}\n\nexport function _setWindowLocation(url: string): void {\n _window().location.href = url;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _window } from '../auth_window';\n\nexport function _isWorker(): boolean {\n return (\n typeof _window()['WorkerGlobalScope'] !== 'undefined' &&\n typeof _window()['importScripts'] === 'function'\n );\n}\n\nexport async function _getActiveServiceWorker(): Promise<ServiceWorker | null> {\n if (!navigator?.serviceWorker) {\n return null;\n }\n try {\n const registration = await navigator.serviceWorker.ready;\n return registration.active;\n } catch {\n return null;\n }\n}\n\nexport function _getServiceWorkerController(): ServiceWorker | null {\n return navigator?.serviceWorker?.controller || null;\n}\n\nexport function _getWorkerGlobalScope(): ServiceWorker | null {\n return _isWorker() ? (self as unknown as ServiceWorker) : null;\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Persistence } from '../../model/public_types';\nimport {\n PersistedBlob,\n PersistenceInternal as InternalPersistence,\n PersistenceType,\n PersistenceValue,\n StorageEventListener,\n STORAGE_AVAILABLE_KEY\n} from '../../core/persistence/';\nimport {\n _EventType,\n _PingResponse,\n KeyChangedResponse,\n KeyChangedRequest,\n PingRequest,\n _TimeoutDuration\n} from '../messagechannel/index';\nimport { Receiver } from '../messagechannel/receiver';\nimport { Sender } from '../messagechannel/sender';\nimport {\n _isWorker,\n _getActiveServiceWorker,\n _getServiceWorkerController,\n _getWorkerGlobalScope\n} from '../util/worker';\n\nexport const DB_NAME = 'firebaseLocalStorageDb';\nconst DB_VERSION = 1;\nconst DB_OBJECTSTORE_NAME = 'firebaseLocalStorage';\nconst DB_DATA_KEYPATH = 'fbase_key';\n\ninterface DBObject {\n [DB_DATA_KEYPATH]: string;\n value: PersistedBlob;\n}\n\n/**\n * Promise wrapper for IDBRequest\n *\n * Unfortunately we can't cleanly extend Promise<T> since promises are not callable in ES6\n *\n */\nclass DBPromise<T> {\n constructor(private readonly request: IDBRequest) {}\n\n toPromise(): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n this.request.addEventListener('success', () => {\n resolve(this.request.result);\n });\n this.request.addEventListener('error', () => {\n reject(this.request.error);\n });\n });\n }\n}\n\nfunction getObjectStore(db: IDBDatabase, isReadWrite: boolean): IDBObjectStore {\n return db\n .transaction([DB_OBJECTSTORE_NAME], isReadWrite ? 'readwrite' : 'readonly')\n .objectStore(DB_OBJECTSTORE_NAME);\n}\n\nexport async function _clearDatabase(db: IDBDatabase): Promise<void> {\n const objectStore = getObjectStore(db, true);\n return new DBPromise<void>(objectStore.clear()).toPromise();\n}\n\nexport function _deleteDatabase(): Promise<void> {\n const request = indexedDB.deleteDatabase(DB_NAME);\n return new DBPromise<void>(request).toPromise();\n}\n\nexport function _openDatabase(): Promise<IDBDatabase> {\n const request = indexedDB.open(DB_NAME, DB_VERSION);\n return new Promise((resolve, reject) => {\n request.addEventListener('error', () => {\n reject(request.error);\n });\n\n request.addEventListener('upgradeneeded', () => {\n const db = request.result;\n\n try {\n db.createObjectStore(DB_OBJECTSTORE_NAME, { keyPath: DB_DATA_KEYPATH });\n } catch (e) {\n reject(e);\n }\n });\n\n request.addEventListener('success', async () => {\n const db: IDBDatabase = request.result;\n // Strange bug that occurs in Firefox when multiple tabs are opened at the\n // same time. The only way to recover seems to be deleting the database\n // and re-initializing it.\n // https://github.com/firebase/firebase-js-sdk/issues/634\n\n if (!db.objectStoreNames.contains(DB_OBJECTSTORE_NAME)) {\n // Need to close the database or else you get a `blocked` event\n db.close();\n await _deleteDatabase();\n resolve(await _openDatabase());\n } else {\n resolve(db);\n }\n });\n });\n}\n\nexport async function _putObject(\n db: IDBDatabase,\n key: string,\n value: PersistenceValue | string\n): Promise<void> {\n const request = getObjectStore(db, true).put({\n [DB_DATA_KEYPATH]: key,\n value\n });\n return new DBPromise<void>(request).toPromise();\n}\n\nasync function getObject(\n db: IDBDatabase,\n key: string\n): Promise<PersistedBlob | null> {\n const request = getObjectStore(db, false).get(key);\n const data = await new DBPromise<DBObject | undefined>(request).toPromise();\n return data === undefined ? null : data.value;\n}\n\nexport function _deleteObject(db: IDBDatabase, key: string): Promise<void> {\n const request = getObjectStore(db, true).delete(key);\n return new DBPromise<void>(request).toPromise();\n}\n\nexport const _POLLING_INTERVAL_MS = 800;\nexport const _TRANSACTION_RETRY_COUNT = 3;\n\nclass IndexedDBLocalPersistence implements InternalPersistence {\n static type: 'LOCAL' = 'LOCAL';\n\n type = PersistenceType.LOCAL;\n db?: IDBDatabase;\n readonly _shouldAllowMigration = true;\n\n private readonly listeners: Record<string, Set<StorageEventListener>> = {};\n private readonly localCache: Record<string, PersistenceValue | null> = {};\n // setTimeout return value is platform specific\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n private pollTimer: any | null = null;\n private pendingWrites = 0;\n\n private receiver: Receiver | null = null;\n private sender: Sender | null = null;\n private serviceWorkerReceiverAvailable = false;\n private activeServiceWorker: ServiceWorker | null = null;\n // Visible for testing only\n readonly _workerInitializationPromise: Promise<void>;\n\n constructor() {\n // Fire & forget the service worker registration as it may never resolve\n this._workerInitializationPromise =\n this.initializeServiceWorkerMessaging().then(\n () => {},\n () => {}\n );\n }\n\n async _openDb(): Promise<IDBDatabase> {\n if (this.db) {\n return this.db;\n }\n this.db = await _openDatabase();\n return this.db;\n }\n\n async _withRetries<T>(op: (db: IDBDatabase) => Promise<T>): Promise<T> {\n let numAttempts = 0;\n\n while (true) {\n try {\n const db = await this._openDb();\n return await op(db);\n } catch (e) {\n if (numAttempts++ > _TRANSACTION_RETRY_COUNT) {\n throw e;\n }\n if (this.db) {\n this.db.close();\n this.db = undefined;\n }\n // TODO: consider adding exponential backoff\n }\n }\n }\n\n /**\n * IndexedDB events do not propagate from the main window to the worker context. We rely on a\n * postMessage interface to send these events to the worker ourselves.\n */\n private async initializeServiceWorkerMessaging(): Promise<void> {\n return _isWorker() ? this.initializeReceiver() : this.initializeSender();\n }\n\n /**\n * As the worker we should listen to events from the main window.\n */\n private async initializeReceiver(): Promise<void> {\n this.receiver = Receiver._getInstance(_getWorkerGlobalScope()!);\n // Refresh from persistence if we receive a KeyChanged message.\n this.receiver._subscribe(\n _EventType.KEY_CHANGED,\n async (_origin: string, data: KeyChangedRequest) => {\n const keys = await this._poll();\n return {\n keyProcessed: keys.includes(data.key)\n };\n }\n );\n // Let the sender know that we are listening so they give us more timeout.\n this.receiver._subscribe(\n _EventType.PING,\n async (_origin: string, _data: PingRequest) => {\n return [_EventType.KEY_CHANGED];\n }\n );\n }\n\n /**\n * As the main window, we should let the worker know when keys change (set and remove).\n *\n * @remarks\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorkerContainer/ready | ServiceWorkerContainer.ready}\n * may not resolve.\n */\n private async initializeSender(): Promise<void> {\n // Check to see if there's an active service worker.\n this.activeServiceWorker = await _getActiveServiceWorker();\n if (!this.activeServiceWorker) {\n return;\n }\n this.sender = new Sender(this.activeServiceWorker);\n // Ping the service worker to check what events they can handle.\n const results = await this.sender._send<_PingResponse, PingRequest>(\n _EventType.PING,\n {},\n _TimeoutDuration.LONG_ACK\n );\n if (!results) {\n return;\n }\n if (\n results[0]?.fulfilled &&\n results[0]?.value.includes(_EventType.KEY_CHANGED)\n ) {\n this.serviceWorkerReceiverAvailable = true;\n }\n }\n\n /**\n * Let the worker know about a changed key, the exact key doesn't technically matter since the\n * worker will just trigger a full sync anyway.\n *\n * @remarks\n * For now, we only support one service worker per page.\n *\n * @param key - Storage key which changed.\n */\n private async notifyServiceWorker(key: string): Promise<void> {\n if (\n !this.sender ||\n !this.activeServiceWorker ||\n _getServiceWorkerController() !== this.activeServiceWorker\n ) {\n return;\n }\n try {\n await this.sender._send<KeyChangedResponse, KeyChangedRequest>(\n _EventType.KEY_CHANGED,\n { key },\n // Use long timeout if receiver has previously responded to a ping from us.\n this.serviceWorkerReceiverAvailable\n ? _TimeoutDuration.LONG_ACK\n : _TimeoutDuration.ACK\n );\n } catch {\n // This is a best effort approach. Ignore errors.\n }\n }\n\n async _isAvailable(): Promise<boolean> {\n try {\n if (!indexedDB) {\n return false;\n }\n const db = await _openDatabase();\n await _putObject(db, STORAGE_AVAILABLE_KEY, '1');\n await _deleteObject(db, STORAGE_AVAILABLE_KEY);\n return true;\n } catch {}\n return false;\n }\n\n private async _withPendingWrite(write: () => Promise<void>): Promise<void> {\n this.pendingWrites++;\n try {\n await write();\n } finally {\n this.pendingWrites--;\n }\n }\n\n async _set(key: string, value: PersistenceValue): Promise<void> {\n return this._withPendingWrite(async () => {\n await this._withRetries((db: IDBDatabase) => _putObject(db, key, value));\n this.localCache[key] = value;\n return this.notifyServiceWorker(key);\n });\n }\n\n async _get<T extends PersistenceValue>(key: string): Promise<T | null> {\n const obj = (await this._withRetries((db: IDBDatabase) =>\n getObject(db, key)\n )) as T;\n this.localCache[key] = obj;\n return obj;\n }\n\n async _remove(key: string): Promise<void> {\n return this._withPendingWrite(async () => {\n await this._withRetries((db: IDBDatabase) => _deleteObject(db, key));\n delete this.localCache[key];\n return this.notifyServiceWorker(key);\n });\n }\n\n private async _poll(): Promise<string[]> {\n // TODO: check if we need to fallback if getAll is not supported\n const result = await this._withRetries((db: IDBDatabase) => {\n const getAllRequest = getObjectStore(db, false).getAll();\n return new DBPromise<DBObject[] | null>(getAllRequest).toPromise();\n });\n\n if (!result) {\n return [];\n }\n\n // If we have pending writes in progress abort, we'll get picked up on the next poll\n if (this.pendingWrites !== 0) {\n return [];\n }\n\n const keys = [];\n const keysInResult = new Set();\n if (result.length !== 0) {\n for (const { fbase_key: key, value } of result) {\n keysInResult.add(key);\n if (JSON.stringify(this.localCache[key]) !== JSON.stringify(value)) {\n this.notifyListeners(key, value as PersistenceValue);\n keys.push(key);\n }\n }\n }\n\n for (const localKey of Object.keys(this.localCache)) {\n if (this.localCache[localKey] && !keysInResult.has(localKey)) {\n // Deleted\n this.notifyListeners(localKey, null);\n keys.push(localKey);\n }\n }\n return keys;\n }\n\n private notifyListeners(\n key: string,\n newValue: PersistenceValue | null\n ): void {\n this.localCache[key] = newValue;\n const listeners = this.listeners[key];\n if (listeners) {\n for (const listener of Array.from(listeners)) {\n listener(newValue);\n }\n }\n }\n\n private startPolling(): void {\n this.stopPolling();\n\n this.pollTimer = setInterval(\n async () => this._poll(),\n _POLLING_INTERVAL_MS\n );\n }\n\n private stopPolling(): void {\n if (this.pollTimer) {\n clearInterval(this.pollTimer);\n this.pollTimer = null;\n }\n }\n\n _addListener(key: string, listener: StorageEventListener): void {\n if (Object.keys(this.listeners).length === 0) {\n this.startPolling();\n }\n if (!this.listeners[key]) {\n this.listeners[key] = new Set();\n // Populate the cache to avoid spuriously triggering on first poll.\n void this._get(key); // This can happen in the background async and we can return immediately.\n }\n this.listeners[key].add(listener);\n }\n\n _removeListener(key: string, listener: StorageEventListener): void {\n if (this.listeners[key]) {\n this.listeners[key].delete(listener);\n\n if (this.listeners[key].size === 0) {\n delete this.listeners[key];\n }\n }\n\n if (Object.keys(this.listeners).length === 0) {\n this.stopPolling();\n }\n }\n}\n\n/**\n * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`\n * for the underlying storage.\n *\n * @public\n */\nexport const indexedDBLocalPersistence: Persistence = IndexedDBLocalPersistence;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\nimport { AuthInternal } from '../../model/auth';\nimport { RecaptchaParameters } from '../../model/public_types';\nimport {\n Recaptcha,\n GreCAPTCHATopLevel,\n GreCAPTCHARenderOption,\n GreCAPTCHA\n} from './recaptcha';\n\nexport const _SOLVE_TIME_MS = 500;\nexport const _EXPIRATION_TIME_MS = 60_000;\nexport const _WIDGET_ID_START = 1_000_000_000_000;\n\nexport interface Widget {\n getResponse: () => string | null;\n delete: () => void;\n execute: () => void;\n}\n\nexport class MockReCaptcha implements Recaptcha {\n private counter = _WIDGET_ID_START;\n _widgets = new Map<number, Widget>();\n\n constructor(private readonly auth: AuthInternal) {}\n\n render(\n container: string | HTMLElement,\n parameters?: RecaptchaParameters\n ): number {\n const id = this.counter;\n this._widgets.set(\n id,\n new MockWidget(container, this.auth.name, parameters || {})\n );\n this.counter++;\n return id;\n }\n\n reset(optWidgetId?: number): void {\n const id = optWidgetId || _WIDGET_ID_START;\n void this._widgets.get(id)?.delete();\n this._widgets.delete(id);\n }\n\n getResponse(optWidgetId?: number): string {\n const id = optWidgetId || _WIDGET_ID_START;\n return this._widgets.get(id)?.getResponse() || '';\n }\n\n async execute(optWidgetId?: number | string): Promise<string> {\n const id: number = (optWidgetId as number) || _WIDGET_ID_START;\n void this._widgets.get(id)?.execute();\n return '';\n }\n}\n\nexport class MockGreCAPTCHATopLevel implements GreCAPTCHATopLevel {\n enterprise: GreCAPTCHA = new MockGreCAPTCHA();\n ready(callback: () => void): void {\n callback();\n }\n\n execute(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _siteKey: string,\n _options: { action: string }\n ): Promise<string> {\n return Promise.resolve('token');\n }\n render(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _container: string | HTMLElement,\n _parameters: GreCAPTCHARenderOption\n ): string {\n return '';\n }\n}\n\nexport class MockGreCAPTCHA implements GreCAPTCHA {\n ready(callback: () => void): void {\n callback();\n }\n\n execute(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _siteKey: string,\n _options: { action: string }\n ): Promise<string> {\n return Promise.resolve('token');\n }\n render(\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n _container: string | HTMLElement,\n _parameters: GreCAPTCHARenderOption\n ): string {\n return '';\n }\n}\n\nexport class MockWidget {\n private readonly container: HTMLElement;\n private readonly isVisible: boolean;\n private timerId: number | null = null;\n private deleted = false;\n private responseToken: string | null = null;\n private readonly clickHandler = (): void => {\n this.execute();\n };\n\n constructor(\n containerOrId: string | HTMLElement,\n appName: string,\n private readonly params: RecaptchaParameters\n ) {\n const container =\n typeof containerOrId === 'string'\n ? document.getElementById(containerOrId)\n : containerOrId;\n _assert(container, AuthErrorCode.ARGUMENT_ERROR, { appName });\n\n this.container = container;\n this.isVisible = this.params.size !== 'invisible';\n if (this.isVisible) {\n this.execute();\n } else {\n this.container.addEventListener('click', this.clickHandler);\n }\n }\n\n getResponse(): string | null {\n this.checkIfDeleted();\n return this.responseToken;\n }\n\n delete(): void {\n this.checkIfDeleted();\n this.deleted = true;\n if (this.timerId) {\n clearTimeout(this.timerId);\n this.timerId = null;\n }\n this.container.removeEventListener('click', this.clickHandler);\n }\n\n execute(): void {\n this.checkIfDeleted();\n if (this.timerId) {\n return;\n }\n\n this.timerId = window.setTimeout(() => {\n this.responseToken = generateRandomAlphaNumericString(50);\n const { callback, 'expired-callback': expiredCallback } = this.params;\n if (callback) {\n try {\n callback(this.responseToken);\n } catch (e) {}\n }\n\n this.timerId = window.setTimeout(() => {\n this.timerId = null;\n this.responseToken = null;\n if (expiredCallback) {\n try {\n expiredCallback();\n } catch (e) {}\n }\n\n if (this.isVisible) {\n this.execute();\n }\n }, _EXPIRATION_TIME_MS);\n }, _SOLVE_TIME_MS);\n }\n\n private checkIfDeleted(): void {\n if (this.deleted) {\n throw new Error('reCAPTCHA mock was already deleted!');\n }\n }\n}\n\nfunction generateRandomAlphaNumericString(len: number): string {\n const chars = [];\n const allowedChars =\n '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';\n for (let i = 0; i < len; i++) {\n chars.push(\n allowedChars.charAt(Math.floor(Math.random() * allowedChars.length))\n );\n }\n return chars.join('');\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { querystring } from '@firebase/util';\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert, _createError } from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport * as jsHelpers from '../load_js';\nimport { Recaptcha, isV2 } from './recaptcha';\nimport { MockReCaptcha } from './recaptcha_mock';\n\n// ReCaptcha will load using the same callback, so the callback function needs\n// to be kept around\nexport const _JSLOAD_CALLBACK = jsHelpers._generateCallbackName('rcb');\nconst NETWORK_TIMEOUT_DELAY = new Delay(30000, 60000);\n\n/**\n * We need to mark this interface as internal explicitly to exclude it in the public typings, because\n * it references AuthInternal which has a circular dependency with UserInternal.\n *\n * @internal\n */\nexport interface ReCaptchaLoader {\n load(auth: AuthInternal, hl?: string): Promise<Recaptcha>;\n clearedOneInstance(): void;\n}\n\n/**\n * Loader for the GReCaptcha library. There should only ever be one of this.\n */\nexport class ReCaptchaLoaderImpl implements ReCaptchaLoader {\n private hostLanguage = '';\n private counter = 0;\n /**\n * Check for `render()` method. `window.grecaptcha` will exist if the Enterprise\n * version of the ReCAPTCHA script was loaded by someone else (e.g. App Check) but\n * `window.grecaptcha.render()` will not. Another load will add it.\n */\n private readonly librarySeparatelyLoaded = !!_window().grecaptcha?.render;\n\n load(auth: AuthInternal, hl = ''): Promise<Recaptcha> {\n _assert(isHostLanguageValid(hl), auth, AuthErrorCode.ARGUMENT_ERROR);\n\n if (this.shouldResolveImmediately(hl) && isV2(_window().grecaptcha)) {\n return Promise.resolve(_window().grecaptcha! as Recaptcha);\n }\n return new Promise<Recaptcha>((resolve, reject) => {\n const networkTimeout = _window().setTimeout(() => {\n reject(_createError(auth, AuthErrorCode.NETWORK_REQUEST_FAILED));\n }, NETWORK_TIMEOUT_DELAY.get());\n\n _window()[_JSLOAD_CALLBACK] = () => {\n _window().clearTimeout(networkTimeout);\n delete _window()[_JSLOAD_CALLBACK];\n\n const recaptcha = _window().grecaptcha as Recaptcha;\n\n if (!recaptcha || !isV2(recaptcha)) {\n reject(_createError(auth, AuthErrorCode.INTERNAL_ERROR));\n return;\n }\n\n // Wrap the greptcha render function so that we know if the developer has\n // called it separately\n const render = recaptcha.render;\n recaptcha.render = (container, params) => {\n const widgetId = render(container, params);\n this.counter++;\n return widgetId;\n };\n\n this.hostLanguage = hl;\n resolve(recaptcha);\n };\n\n const url = `${jsHelpers._recaptchaV2ScriptUrl()}?${querystring({\n onload: _JSLOAD_CALLBACK,\n render: 'explicit',\n hl\n })}`;\n\n jsHelpers._loadJS(url).catch(() => {\n clearTimeout(networkTimeout);\n reject(_createError(auth, AuthErrorCode.INTERNAL_ERROR));\n });\n });\n }\n\n clearedOneInstance(): void {\n this.counter--;\n }\n\n private shouldResolveImmediately(hl: string): boolean {\n // We can resolve immediately if:\n // • grecaptcha is already defined AND (\n // 1. the requested language codes are the same OR\n // 2. there exists already a ReCaptcha on the page\n // 3. the library was already loaded by the app\n // In cases (2) and (3), we _can't_ reload as it would break the recaptchas\n // that are already in the page\n return (\n !!_window().grecaptcha?.render &&\n (hl === this.hostLanguage ||\n this.counter > 0 ||\n this.librarySeparatelyLoaded)\n );\n }\n}\n\nfunction isHostLanguageValid(hl: string): boolean {\n return hl.length <= 6 && /^\\s*[a-zA-Z0-9\\-]*\\s*$/.test(hl);\n}\n\nexport class MockReCaptchaLoaderImpl implements ReCaptchaLoader {\n async load(auth: AuthInternal): Promise<Recaptcha> {\n return new MockReCaptcha(auth);\n }\n\n clearedOneInstance(): void {}\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Auth, RecaptchaParameters } from '../../model/public_types';\nimport { getRecaptchaParams } from '../../api/authentication/recaptcha';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\nimport { _isHttpOrHttps } from '../../core/util/location';\nimport { ApplicationVerifierInternal } from '../../model/application_verifier';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport { _isWorker } from '../util/worker';\nimport { Recaptcha } from './recaptcha';\nimport {\n MockReCaptchaLoaderImpl,\n ReCaptchaLoader,\n ReCaptchaLoaderImpl\n} from './recaptcha_loader';\n\nexport const RECAPTCHA_VERIFIER_TYPE = 'recaptcha';\n\nconst DEFAULT_PARAMS: RecaptchaParameters = {\n theme: 'light',\n type: 'image'\n};\n\ntype TokenCallback = (token: string) => void;\n\n/**\n * An {@link https://www.google.com/recaptcha/ | reCAPTCHA}-based application verifier.\n *\n * @remarks\n * `RecaptchaVerifier` does not work in a Node.js environment.\n *\n * @public\n */\nexport class RecaptchaVerifier implements ApplicationVerifierInternal {\n /**\n * The application verifier type.\n *\n * @remarks\n * For a reCAPTCHA verifier, this is 'recaptcha'.\n */\n readonly type = RECAPTCHA_VERIFIER_TYPE;\n private destroyed = false;\n private widgetId: number | null = null;\n private readonly container: HTMLElement;\n private readonly isInvisible: boolean;\n private readonly tokenChangeListeners = new Set<TokenCallback>();\n private renderPromise: Promise<number> | null = null;\n private readonly auth: AuthInternal;\n\n /** @internal */\n readonly _recaptchaLoader: ReCaptchaLoader;\n private recaptcha: Recaptcha | null = null;\n\n /**\n * @param authExtern - The corresponding Firebase {@link Auth} instance.\n *\n * @param containerOrId - The reCAPTCHA container parameter.\n *\n * @remarks\n * This has different meaning depending on whether the reCAPTCHA is hidden or visible. For a\n * visible reCAPTCHA the container must be empty. If a string is used, it has to correspond to\n * an element ID. The corresponding element must also must be in the DOM at the time of\n * initialization.\n *\n * @param parameters - The optional reCAPTCHA parameters.\n *\n * @remarks\n * Check the reCAPTCHA docs for a comprehensive list. All parameters are accepted except for\n * the sitekey. Firebase Auth backend provisions a reCAPTCHA for each project and will\n * configure this upon rendering. For an invisible reCAPTCHA, a size key must have the value\n * 'invisible'.\n */\n constructor(\n authExtern: Auth,\n containerOrId: HTMLElement | string,\n private readonly parameters: RecaptchaParameters = {\n ...DEFAULT_PARAMS\n }\n ) {\n this.auth = _castAuth(authExtern);\n this.isInvisible = this.parameters.size === 'invisible';\n _assert(\n typeof document !== 'undefined',\n this.auth,\n AuthErrorCode.OPERATION_NOT_SUPPORTED\n );\n const container =\n typeof containerOrId === 'string'\n ? document.getElementById(containerOrId)\n : containerOrId;\n _assert(container, this.auth, AuthErrorCode.ARGUMENT_ERROR);\n\n this.container = container;\n this.parameters.callback = this.makeTokenCallback(this.parameters.callback);\n\n this._recaptchaLoader = this.auth.settings.appVerificationDisabledForTesting\n ? new MockReCaptchaLoaderImpl()\n : new ReCaptchaLoaderImpl();\n\n this.validateStartingState();\n // TODO: Figure out if sdk version is needed\n }\n\n /**\n * Waits for the user to solve the reCAPTCHA and resolves with the reCAPTCHA token.\n *\n * @returns A Promise for the reCAPTCHA token.\n */\n async verify(): Promise<string> {\n this.assertNotDestroyed();\n const id = await this.render();\n const recaptcha = this.getAssertedRecaptcha();\n\n const response = recaptcha.getResponse(id);\n if (response) {\n return response;\n }\n\n return new Promise<string>(resolve => {\n const tokenChange = (token: string): void => {\n if (!token) {\n return; // Ignore token expirations.\n }\n this.tokenChangeListeners.delete(tokenChange);\n resolve(token);\n };\n\n this.tokenChangeListeners.add(tokenChange);\n if (this.isInvisible) {\n recaptcha.execute(id);\n }\n });\n }\n\n /**\n * Renders the reCAPTCHA widget on the page.\n *\n * @returns A Promise that resolves with the reCAPTCHA widget ID.\n */\n render(): Promise<number> {\n try {\n this.assertNotDestroyed();\n } catch (e) {\n // This method returns a promise. Since it's not async (we want to return the\n // _same_ promise if rendering is still occurring), the API surface should\n // reject with the error rather than just throw\n return Promise.reject(e);\n }\n\n if (this.renderPromise) {\n return this.renderPromise;\n }\n\n this.renderPromise = this.makeRenderPromise().catch(e => {\n this.renderPromise = null;\n throw e;\n });\n\n return this.renderPromise;\n }\n\n /** @internal */\n _reset(): void {\n this.assertNotDestroyed();\n if (this.widgetId !== null) {\n this.getAssertedRecaptcha().reset(this.widgetId);\n }\n }\n\n /**\n * Clears the reCAPTCHA widget from the page and destroys the instance.\n */\n clear(): void {\n this.assertNotDestroyed();\n this.destroyed = true;\n this._recaptchaLoader.clearedOneInstance();\n if (!this.isInvisible) {\n this.container.childNodes.forEach(node => {\n this.container.removeChild(node);\n });\n }\n }\n\n private validateStartingState(): void {\n _assert(!this.parameters.sitekey, this.auth, AuthErrorCode.ARGUMENT_ERROR);\n _assert(\n this.isInvisible || !this.container.hasChildNodes(),\n this.auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n _assert(\n typeof document !== 'undefined',\n this.auth,\n AuthErrorCode.OPERATION_NOT_SUPPORTED\n );\n }\n\n private makeTokenCallback(\n existing: TokenCallback | string | undefined\n ): TokenCallback {\n return token => {\n this.tokenChangeListeners.forEach(listener => listener(token));\n if (typeof existing === 'function') {\n existing(token);\n } else if (typeof existing === 'string') {\n const globalFunc = _window()[existing];\n if (typeof globalFunc === 'function') {\n globalFunc(token);\n }\n }\n };\n }\n\n private assertNotDestroyed(): void {\n _assert(!this.destroyed, this.auth, AuthErrorCode.INTERNAL_ERROR);\n }\n\n private async makeRenderPromise(): Promise<number> {\n await this.init();\n if (!this.widgetId) {\n let container = this.container;\n if (!this.isInvisible) {\n const guaranteedEmpty = document.createElement('div');\n container.appendChild(guaranteedEmpty);\n container = guaranteedEmpty;\n }\n\n this.widgetId = this.getAssertedRecaptcha().render(\n container,\n this.parameters\n );\n }\n\n return this.widgetId;\n }\n\n private async init(): Promise<void> {\n _assert(\n _isHttpOrHttps() && !_isWorker(),\n this.auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n\n await domReady();\n this.recaptcha = await this._recaptchaLoader.load(\n this.auth,\n this.auth.languageCode || undefined\n );\n\n const siteKey = await getRecaptchaParams(this.auth);\n _assert(siteKey, this.auth, AuthErrorCode.INTERNAL_ERROR);\n this.parameters.sitekey = siteKey;\n }\n\n private getAssertedRecaptcha(): Recaptcha {\n _assert(this.recaptcha, this.auth, AuthErrorCode.INTERNAL_ERROR);\n return this.recaptcha;\n }\n}\n\nfunction domReady(): Promise<void> {\n let resolver: (() => void) | null = null;\n return new Promise<void>(resolve => {\n if (document.readyState === 'complete') {\n resolve();\n return;\n }\n\n // Document not ready, wait for load before resolving.\n // Save resolver, so we can remove listener in case it was externally\n // cancelled.\n resolver = () => resolve();\n window.addEventListener('load', resolver);\n }).catch(e => {\n if (resolver) {\n window.removeEventListener('load', resolver);\n }\n\n throw e;\n });\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ApplicationVerifier,\n Auth,\n ConfirmationResult,\n PhoneInfoOptions,\n User,\n UserCredential\n} from '../../model/public_types';\n\nimport { startEnrollPhoneMfa } from '../../api/account_management/mfa';\nimport { startSignInPhoneMfa } from '../../api/authentication/mfa';\nimport { sendPhoneVerificationCode } from '../../api/authentication/sms';\nimport { ApplicationVerifierInternal } from '../../model/application_verifier';\nimport { PhoneAuthCredential } from '../../core/credentials/phone';\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assertLinkedStatus, _link } from '../../core/user/link_unlink';\nimport { _assert } from '../../core/util/assert';\nimport { AuthInternal } from '../../model/auth';\nimport {\n linkWithCredential,\n reauthenticateWithCredential,\n signInWithCredential\n} from '../../core/strategies/credential';\nimport {\n MultiFactorSessionImpl,\n MultiFactorSessionType\n} from '../../mfa/mfa_session';\nimport { UserInternal } from '../../model/user';\nimport { RECAPTCHA_VERIFIER_TYPE } from '../recaptcha/recaptcha_verifier';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { getModularInstance } from '@firebase/util';\nimport { ProviderId } from '../../model/enums';\n\ninterface OnConfirmationCallback {\n (credential: PhoneAuthCredential): Promise<UserCredential>;\n}\n\nclass ConfirmationResultImpl implements ConfirmationResult {\n constructor(\n readonly verificationId: string,\n private readonly onConfirmation: OnConfirmationCallback\n ) {}\n\n confirm(verificationCode: string): Promise<UserCredential> {\n const authCredential = PhoneAuthCredential._fromVerification(\n this.verificationId,\n verificationCode\n );\n return this.onConfirmation(authCredential);\n }\n}\n\n/**\n * Asynchronously signs in using a phone number.\n *\n * @remarks\n * This method sends a code via SMS to the given\n * phone number, and returns a {@link ConfirmationResult}. After the user\n * provides the code sent to their phone, call {@link ConfirmationResult.confirm}\n * with the code to sign the user in.\n *\n * For abuse prevention, this method also requires a {@link ApplicationVerifier}.\n * This SDK includes a reCAPTCHA-based implementation, {@link RecaptchaVerifier}.\n * This function can work on other platforms that do not support the\n * {@link RecaptchaVerifier} (like React Native), but you need to use a\n * third-party {@link ApplicationVerifier} implementation.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // 'recaptcha-container' is the ID of an element in the DOM.\n * const applicationVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container');\n * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);\n * // Obtain a verificationCode from the user.\n * const credential = await confirmationResult.confirm(verificationCode);\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).\n * @param appVerifier - The {@link ApplicationVerifier}.\n *\n * @public\n */\nexport async function signInWithPhoneNumber(\n auth: Auth,\n phoneNumber: string,\n appVerifier: ApplicationVerifier\n): Promise<ConfirmationResult> {\n const authInternal = _castAuth(auth);\n const verificationId = await _verifyPhoneNumber(\n authInternal,\n phoneNumber,\n getModularInstance(appVerifier as ApplicationVerifierInternal)\n );\n return new ConfirmationResultImpl(verificationId, cred =>\n signInWithCredential(authInternal, cred)\n );\n}\n\n/**\n * Links the user account with the given phone number.\n *\n * @remarks\n * This method does not work in a Node.js environment.\n *\n * @param user - The user.\n * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).\n * @param appVerifier - The {@link ApplicationVerifier}.\n *\n * @public\n */\nexport async function linkWithPhoneNumber(\n user: User,\n phoneNumber: string,\n appVerifier: ApplicationVerifier\n): Promise<ConfirmationResult> {\n const userInternal = getModularInstance(user) as UserInternal;\n await _assertLinkedStatus(false, userInternal, ProviderId.PHONE);\n const verificationId = await _verifyPhoneNumber(\n userInternal.auth,\n phoneNumber,\n getModularInstance(appVerifier as ApplicationVerifierInternal)\n );\n return new ConfirmationResultImpl(verificationId, cred =>\n linkWithCredential(userInternal, cred)\n );\n}\n\n/**\n * Re-authenticates a user using a fresh phone credential.\n *\n * @remarks\n * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.\n *\n * This method does not work in a Node.js environment.\n *\n * @param user - The user.\n * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).\n * @param appVerifier - The {@link ApplicationVerifier}.\n *\n * @public\n */\nexport async function reauthenticateWithPhoneNumber(\n user: User,\n phoneNumber: string,\n appVerifier: ApplicationVerifier\n): Promise<ConfirmationResult> {\n const userInternal = getModularInstance(user) as UserInternal;\n const verificationId = await _verifyPhoneNumber(\n userInternal.auth,\n phoneNumber,\n getModularInstance(appVerifier as ApplicationVerifierInternal)\n );\n return new ConfirmationResultImpl(verificationId, cred =>\n reauthenticateWithCredential(userInternal, cred)\n );\n}\n\n/**\n * Returns a verification ID to be used in conjunction with the SMS code that is sent.\n *\n */\nexport async function _verifyPhoneNumber(\n auth: AuthInternal,\n options: PhoneInfoOptions | string,\n verifier: ApplicationVerifierInternal\n): Promise<string> {\n const recaptchaToken = await verifier.verify();\n\n try {\n _assert(\n typeof recaptchaToken === 'string',\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n _assert(\n verifier.type === RECAPTCHA_VERIFIER_TYPE,\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n\n let phoneInfoOptions: PhoneInfoOptions;\n\n if (typeof options === 'string') {\n phoneInfoOptions = {\n phoneNumber: options\n };\n } else {\n phoneInfoOptions = options;\n }\n\n if ('session' in phoneInfoOptions) {\n const session = phoneInfoOptions.session as MultiFactorSessionImpl;\n\n if ('phoneNumber' in phoneInfoOptions) {\n _assert(\n session.type === MultiFactorSessionType.ENROLL,\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const response = await startEnrollPhoneMfa(auth, {\n idToken: session.credential,\n phoneEnrollmentInfo: {\n phoneNumber: phoneInfoOptions.phoneNumber,\n recaptchaToken\n }\n });\n return response.phoneSessionInfo.sessionInfo;\n } else {\n _assert(\n session.type === MultiFactorSessionType.SIGN_IN,\n auth,\n AuthErrorCode.INTERNAL_ERROR\n );\n const mfaEnrollmentId =\n phoneInfoOptions.multiFactorHint?.uid ||\n phoneInfoOptions.multiFactorUid;\n _assert(mfaEnrollmentId, auth, AuthErrorCode.MISSING_MFA_INFO);\n const response = await startSignInPhoneMfa(auth, {\n mfaPendingCredential: session.credential,\n mfaEnrollmentId,\n phoneSignInInfo: {\n recaptchaToken\n }\n });\n return response.phoneResponseInfo.sessionInfo;\n }\n } else {\n const { sessionInfo } = await sendPhoneVerificationCode(auth, {\n phoneNumber: phoneInfoOptions.phoneNumber,\n recaptchaToken\n });\n return sessionInfo;\n }\n } finally {\n verifier._reset();\n }\n}\n\n/**\n * Updates the user's phone number.\n *\n * @remarks\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```\n * // 'recaptcha-container' is the ID of an element in the DOM.\n * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);\n * // Obtain the verificationCode from the user.\n * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * await updatePhoneNumber(user, phoneCredential);\n * ```\n *\n * @param user - The user.\n * @param credential - A credential authenticating the new phone number.\n *\n * @public\n */\nexport async function updatePhoneNumber(\n user: User,\n credential: PhoneAuthCredential\n): Promise<void> {\n await _link(getModularInstance(user) as UserInternal, credential);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n _performApiRequest,\n Endpoint,\n HttpMethod,\n _addTidIfNecessary\n} from '../index';\nimport { Auth } from '../../model/public_types';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { MfaEnrollment } from '../account_management/mfa';\nimport { SignInWithIdpResponse } from './idp';\nimport {\n SignInWithPhoneNumberRequest,\n SignInWithPhoneNumberResponse\n} from './sms';\n\nexport interface FinalizeMfaResponse {\n idToken: string;\n refreshToken: string;\n}\n\n/**\n * @internal\n */\nexport interface IdTokenMfaResponse extends IdTokenResponse {\n mfaPendingCredential?: string;\n mfaInfo?: MfaEnrollment[];\n}\n\nexport interface StartPhoneMfaSignInRequest {\n mfaPendingCredential: string;\n mfaEnrollmentId: string;\n phoneSignInInfo: {\n recaptchaToken: string;\n };\n tenantId?: string;\n}\n\nexport interface StartPhoneMfaSignInResponse {\n phoneResponseInfo: {\n sessionInfo: string;\n };\n}\n\nexport function startSignInPhoneMfa(\n auth: Auth,\n request: StartPhoneMfaSignInRequest\n): Promise<StartPhoneMfaSignInResponse> {\n return _performApiRequest<\n StartPhoneMfaSignInRequest,\n StartPhoneMfaSignInResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.START_MFA_SIGN_IN,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport interface FinalizePhoneMfaSignInRequest {\n mfaPendingCredential: string;\n phoneVerificationInfo: SignInWithPhoneNumberRequest;\n tenantId?: string;\n}\n\n// TOTP MFA Sign in only has a finalize phase. Phone MFA has a start phase to initiate sending an\n// SMS and a finalize phase to complete sign in. With TOTP, the user already has the OTP in the\n// TOTP/Authenticator app.\nexport interface FinalizeTotpMfaSignInRequest {\n mfaPendingCredential: string;\n totpVerificationInfo: { verificationCode: string };\n tenantId?: string;\n mfaEnrollmentId: string;\n}\n\nexport interface FinalizePhoneMfaSignInResponse extends FinalizeMfaResponse {}\n\nexport interface FinalizeTotpMfaSignInResponse extends FinalizeMfaResponse {}\n\nexport function finalizeSignInPhoneMfa(\n auth: Auth,\n request: FinalizePhoneMfaSignInRequest\n): Promise<FinalizePhoneMfaSignInResponse> {\n return _performApiRequest<\n FinalizePhoneMfaSignInRequest,\n FinalizePhoneMfaSignInResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_SIGN_IN,\n _addTidIfNecessary(auth, request)\n );\n}\n\nexport function finalizeSignInTotpMfa(\n auth: Auth,\n request: FinalizeTotpMfaSignInRequest\n): Promise<FinalizeTotpMfaSignInResponse> {\n return _performApiRequest<\n FinalizeTotpMfaSignInRequest,\n FinalizeTotpMfaSignInResponse\n >(\n auth,\n HttpMethod.POST,\n Endpoint.FINALIZE_MFA_SIGN_IN,\n _addTidIfNecessary(auth, request)\n );\n}\n\n/**\n * @internal\n */\nexport type PhoneOrOauthTokenResponse =\n | SignInWithPhoneNumberResponse\n | SignInWithIdpResponse\n | IdTokenResponse;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n PhoneInfoOptions,\n ApplicationVerifier,\n UserCredential\n} from '../../model/public_types';\n\nimport { SignInWithPhoneNumberResponse } from '../../api/authentication/sms';\nimport { ApplicationVerifierInternal as ApplicationVerifierInternal } from '../../model/application_verifier';\nimport { AuthInternal as AuthInternal } from '../../model/auth';\nimport { UserCredentialInternal as UserCredentialInternal } from '../../model/user';\nimport { PhoneAuthCredential } from '../../core/credentials/phone';\nimport { _verifyPhoneNumber } from '../strategies/phone';\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { AuthCredential } from '../../core';\nimport { FirebaseError, getModularInstance } from '@firebase/util';\nimport { TaggedWithTokenResponse } from '../../model/id_token';\nimport { ProviderId, SignInMethod } from '../../model/enums';\n\n/**\n * Provider for generating an {@link PhoneAuthCredential}.\n *\n * @remarks\n * `PhoneAuthProvider` does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // 'recaptcha-container' is the ID of an element in the DOM.\n * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);\n * // Obtain the verificationCode from the user.\n * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * const userCredential = await signInWithCredential(auth, phoneCredential);\n * ```\n *\n * @public\n */\nexport class PhoneAuthProvider {\n /** Always set to {@link ProviderId}.PHONE. */\n static readonly PROVIDER_ID: 'phone' = ProviderId.PHONE;\n /** Always set to {@link SignInMethod}.PHONE. */\n static readonly PHONE_SIGN_IN_METHOD: 'phone' = SignInMethod.PHONE;\n\n /** Always set to {@link ProviderId}.PHONE. */\n readonly providerId = PhoneAuthProvider.PROVIDER_ID;\n private readonly auth: AuthInternal;\n\n /**\n * @param auth - The Firebase {@link Auth} instance in which sign-ins should occur.\n *\n */\n constructor(auth: Auth) {\n this.auth = _castAuth(auth);\n }\n\n /**\n *\n * Starts a phone number authentication flow by sending a verification code to the given phone\n * number.\n *\n * @example\n * ```javascript\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber(phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * const userCredential = await signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * An alternative flow is provided using the `signInWithPhoneNumber` method.\n * ```javascript\n * const confirmationResult = signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const userCredential = confirmationResult.confirm(verificationCode);\n * ```\n *\n * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in\n * E.164 format (e.g. +16505550101).\n * @param applicationVerifier - For abuse prevention, this method also requires a\n * {@link ApplicationVerifier}. This SDK includes a reCAPTCHA-based implementation,\n * {@link RecaptchaVerifier}.\n *\n * @returns A Promise for a verification ID that can be passed to\n * {@link PhoneAuthProvider.credential} to identify this flow..\n */\n verifyPhoneNumber(\n phoneOptions: PhoneInfoOptions | string,\n applicationVerifier: ApplicationVerifier\n ): Promise<string> {\n return _verifyPhoneNumber(\n this.auth,\n phoneOptions,\n getModularInstance(applicationVerifier as ApplicationVerifierInternal)\n );\n }\n\n /**\n * Creates a phone auth credential, given the verification ID from\n * {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's\n * mobile device.\n *\n * @example\n * ```javascript\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = provider.verifyPhoneNumber(phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);\n * const userCredential = signInWithCredential(auth, authCredential);\n * ```\n *\n * @example\n * An alternative flow is provided using the `signInWithPhoneNumber` method.\n * ```javascript\n * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);\n * // Obtain verificationCode from the user.\n * const userCredential = await confirmationResult.confirm(verificationCode);\n * ```\n *\n * @param verificationId - The verification ID returned from {@link PhoneAuthProvider.verifyPhoneNumber}.\n * @param verificationCode - The verification code sent to the user's mobile device.\n *\n * @returns The auth provider credential.\n */\n static credential(\n verificationId: string,\n verificationCode: string\n ): PhoneAuthCredential {\n return PhoneAuthCredential._fromVerification(\n verificationId,\n verificationCode\n );\n }\n\n /**\n * Generates an {@link AuthCredential} from a {@link UserCredential}.\n * @param userCredential - The user credential.\n */\n static credentialFromResult(\n userCredential: UserCredential\n ): AuthCredential | null {\n const credential = userCredential as UserCredentialInternal;\n return PhoneAuthProvider.credentialFromTaggedObject(credential);\n }\n\n /**\n * Returns an {@link AuthCredential} when passed an error.\n *\n * @remarks\n *\n * This method works for errors like\n * `auth/account-exists-with-different-credentials`. This is useful for\n * recovering when attempting to set a user's phone number but the number\n * in question is already tied to another account. For example, the following\n * code tries to update the current user's phone number, and if that\n * fails, links the user with the account associated with that number:\n *\n * ```js\n * const provider = new PhoneAuthProvider(auth);\n * const verificationId = await provider.verifyPhoneNumber(number, verifier);\n * try {\n * const code = ''; // Prompt the user for the verification code\n * await updatePhoneNumber(\n * auth.currentUser,\n * PhoneAuthProvider.credential(verificationId, code));\n * } catch (e) {\n * if ((e as FirebaseError)?.code === 'auth/account-exists-with-different-credential') {\n * const cred = PhoneAuthProvider.credentialFromError(e);\n * await linkWithCredential(auth.currentUser, cred);\n * }\n * }\n *\n * // At this point, auth.currentUser.phoneNumber === number.\n * ```\n *\n * @param error - The error to generate a credential from.\n */\n static credentialFromError(error: FirebaseError): AuthCredential | null {\n return PhoneAuthProvider.credentialFromTaggedObject(\n (error.customData || {}) as TaggedWithTokenResponse\n );\n }\n\n private static credentialFromTaggedObject({\n _tokenResponse: tokenResponse\n }: TaggedWithTokenResponse): AuthCredential | null {\n if (!tokenResponse) {\n return null;\n }\n const { phoneNumber, temporaryProof } =\n tokenResponse as SignInWithPhoneNumberResponse;\n if (phoneNumber && temporaryProof) {\n return PhoneAuthCredential._fromTokenResponse(\n phoneNumber,\n temporaryProof\n );\n }\n return null;\n }\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { PopupRedirectResolver } from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport { PopupRedirectResolverInternal } from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from './assert';\nimport { _getInstance } from './instantiator';\n\n/**\n * Chooses a popup/redirect resolver to use. This prefers the override (which\n * is directly passed in), and falls back to the property set on the auth\n * object. If neither are available, this function errors w/ an argument error.\n */\nexport function _withDefaultResolver(\n auth: AuthInternal,\n resolverOverride: PopupRedirectResolver | undefined\n): PopupRedirectResolverInternal {\n if (resolverOverride) {\n return _getInstance(resolverOverride);\n }\n\n _assert(auth._popupRedirectResolver, auth, AuthErrorCode.ARGUMENT_ERROR);\n\n return auth._popupRedirectResolver;\n}\n","/**\n * @license\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n signInWithIdp,\n SignInWithIdpRequest\n} from '../../api/authentication/idp';\nimport { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';\nimport { AuthInternal } from '../../model/auth';\nimport { IdTokenResponse } from '../../model/id_token';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthCredential } from '../credentials';\nimport { _link as _linkUser } from '../user/link_unlink';\nimport { _reauthenticate } from '../user/reauthenticate';\nimport { _assert } from '../util/assert';\nimport { _signInWithCredential } from './credential';\nimport { AuthErrorCode } from '../errors';\nimport { ProviderId } from '../../model/enums';\n\nexport interface IdpTaskParams {\n auth: AuthInternal;\n requestUri: string;\n sessionId?: string;\n tenantId?: string;\n postBody?: string;\n pendingToken?: string;\n user?: UserInternal;\n bypassAuthState?: boolean;\n}\n\nexport type IdpTask = (\n params: IdpTaskParams\n) => Promise<UserCredentialInternal>;\n\nclass IdpCredential extends AuthCredential {\n constructor(readonly params: IdpTaskParams) {\n super(ProviderId.CUSTOM, ProviderId.CUSTOM);\n }\n\n _getIdTokenResponse(auth: AuthInternal): Promise<PhoneOrOauthTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest());\n }\n\n _linkToIdToken(\n auth: AuthInternal,\n idToken: string\n ): Promise<IdTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest(idToken));\n }\n\n _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse> {\n return signInWithIdp(auth, this._buildIdpRequest());\n }\n\n private _buildIdpRequest(idToken?: string): SignInWithIdpRequest {\n const request: SignInWithIdpRequest = {\n requestUri: this.params.requestUri,\n sessionId: this.params.sessionId,\n postBody: this.params.postBody,\n tenantId: this.params.tenantId,\n pendingToken: this.params.pendingToken,\n returnSecureToken: true,\n returnIdpCredential: true\n };\n\n if (idToken) {\n request.idToken = idToken;\n }\n\n return request;\n }\n}\n\nexport function _signIn(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n return _signInWithCredential(\n params.auth,\n new IdpCredential(params),\n params.bypassAuthState\n ) as Promise<UserCredentialInternal>;\n}\n\nexport function _reauth(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n const { auth, user } = params;\n _assert(user, auth, AuthErrorCode.INTERNAL_ERROR);\n return _reauthenticate(\n user,\n new IdpCredential(params),\n params.bypassAuthState\n );\n}\n\nexport async function _link(\n params: IdpTaskParams\n): Promise<UserCredentialInternal> {\n const { auth, user } = params;\n _assert(user, auth, AuthErrorCode.INTERNAL_ERROR);\n return _linkUser(user, new IdpCredential(params), params.bypassAuthState);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseError } from '@firebase/util';\n\nimport {\n AuthEvent,\n AuthEventConsumer,\n AuthEventType,\n EventManager,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserInternal, UserCredentialInternal } from '../../model/user';\nimport { AuthErrorCode } from '../errors';\nimport { debugAssert, _fail } from '../util/assert';\nimport {\n _link,\n _reauth,\n _signIn,\n IdpTask,\n IdpTaskParams\n} from '../strategies/idp';\nimport { AuthInternal } from '../../model/auth';\n\ninterface PendingPromise {\n resolve: (cred: UserCredentialInternal | null) => void;\n reject: (error: Error) => void;\n}\n\n/**\n * Popup event manager. Handles the popup's entire lifecycle; listens to auth\n * events\n */\nexport abstract class AbstractPopupRedirectOperation\n implements AuthEventConsumer\n{\n private pendingPromise: PendingPromise | null = null;\n private eventManager: EventManager | null = null;\n readonly filter: AuthEventType[];\n\n abstract eventId: string | null;\n\n constructor(\n protected readonly auth: AuthInternal,\n filter: AuthEventType | AuthEventType[],\n protected readonly resolver: PopupRedirectResolverInternal,\n protected user?: UserInternal,\n protected readonly bypassAuthState = false\n ) {\n this.filter = Array.isArray(filter) ? filter : [filter];\n }\n\n abstract onExecution(): Promise<void>;\n\n execute(): Promise<UserCredentialInternal | null> {\n return new Promise<UserCredentialInternal | null>(\n async (resolve, reject) => {\n this.pendingPromise = { resolve, reject };\n\n try {\n this.eventManager = await this.resolver._initialize(this.auth);\n await this.onExecution();\n this.eventManager.registerConsumer(this);\n } catch (e) {\n this.reject(e as Error);\n }\n }\n );\n }\n\n async onAuthEvent(event: AuthEvent): Promise<void> {\n const { urlResponse, sessionId, postBody, tenantId, error, type } = event;\n if (error) {\n this.reject(error);\n return;\n }\n\n const params: IdpTaskParams = {\n auth: this.auth,\n requestUri: urlResponse!,\n sessionId: sessionId!,\n tenantId: tenantId || undefined,\n postBody: postBody || undefined,\n user: this.user,\n bypassAuthState: this.bypassAuthState\n };\n\n try {\n this.resolve(await this.getIdpTask(type)(params));\n } catch (e) {\n this.reject(e as Error);\n }\n }\n\n onError(error: FirebaseError): void {\n this.reject(error);\n }\n\n private getIdpTask(type: AuthEventType): IdpTask {\n switch (type) {\n case AuthEventType.SIGN_IN_VIA_POPUP:\n case AuthEventType.SIGN_IN_VIA_REDIRECT:\n return _signIn;\n case AuthEventType.LINK_VIA_POPUP:\n case AuthEventType.LINK_VIA_REDIRECT:\n return _link;\n case AuthEventType.REAUTH_VIA_POPUP:\n case AuthEventType.REAUTH_VIA_REDIRECT:\n return _reauth;\n default:\n _fail(this.auth, AuthErrorCode.INTERNAL_ERROR);\n }\n }\n\n protected resolve(cred: UserCredentialInternal | null): void {\n debugAssert(this.pendingPromise, 'Pending promise was never set');\n this.pendingPromise.resolve(cred);\n this.unregisterAndCleanUp();\n }\n\n protected reject(error: Error): void {\n debugAssert(this.pendingPromise, 'Pending promise was never set');\n this.pendingPromise.reject(error);\n this.unregisterAndCleanUp();\n }\n\n private unregisterAndCleanUp(): void {\n if (this.eventManager) {\n this.eventManager.unregisterConsumer(this);\n }\n\n this.pendingPromise = null;\n this.cleanUp();\n }\n\n abstract cleanUp(): void;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n AuthProvider,\n PopupRedirectResolver,\n User,\n UserCredential\n} from '../../model/public_types';\n\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { AuthErrorCode } from '../../core/errors';\nimport {\n _assert,\n debugAssert,\n _createError,\n _assertInstanceOf\n} from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { _generateEventId } from '../../core/util/event_id';\nimport { AuthInternal } from '../../model/auth';\nimport {\n AuthEventType,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport { _withDefaultResolver } from '../../core/util/resolver';\nimport { AuthPopup } from '../util/popup';\nimport { AbstractPopupRedirectOperation } from '../../core/strategies/abstract_popup_redirect_operation';\nimport { FederatedAuthProvider } from '../../core/providers/federated';\nimport { getModularInstance } from '@firebase/util';\n\n/*\n * The event timeout is the same on mobile and desktop, no need for Delay. Set this to 8s since\n * blocking functions can take upto 7s to complete sign in, as documented in:\n * https://cloud.google.com/identity-platform/docs/blocking-functions#understanding_blocking_functions\n * https://firebase.google.com/docs/auth/extend-with-blocking-functions#understanding_blocking_functions\n */\nexport const enum _Timeout {\n AUTH_EVENT = 8000\n}\nexport const _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);\n\n/**\n * Authenticates a Firebase client using a popup-based OAuth authentication flow.\n *\n * @remarks\n * If succeeds, returns the signed in user along with the provider's credential. If sign in was\n * unsuccessful, returns an error object containing additional information about the error.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new FacebookAuthProvider();\n * const result = await signInWithPopup(auth, provider);\n *\n * // The signed-in user info.\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function signInWithPopup(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential> {\n const authInternal = _castAuth(auth);\n _assertInstanceOf(auth, provider, FederatedAuthProvider);\n const resolverInternal = _withDefaultResolver(authInternal, resolver);\n const action = new PopupOperation(\n authInternal,\n AuthEventType.SIGN_IN_VIA_POPUP,\n provider,\n resolverInternal\n );\n return action.executeNotNull();\n}\n\n/**\n * Reauthenticates the current user with the specified {@link OAuthProvider} using a pop-up based\n * OAuth flow.\n *\n * @remarks\n * If the reauthentication is successful, the returned result will contain the user and the\n * provider's credential.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using a popup.\n * const provider = new FacebookAuthProvider();\n * const result = await signInWithPopup(auth, provider);\n * // Reauthenticate using a popup.\n * await reauthenticateWithPopup(result.user, provider);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function reauthenticateWithPopup(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n const action = new PopupOperation(\n userInternal.auth,\n AuthEventType.REAUTH_VIA_POPUP,\n provider,\n resolverInternal,\n userInternal\n );\n return action.executeNotNull();\n}\n\n/**\n * Links the authenticated provider to the user account using a pop-up based OAuth flow.\n *\n * @remarks\n * If the linking is successful, the returned result will contain the user and the provider's credential.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using some other provider.\n * const result = await signInWithEmailAndPassword(auth, email, password);\n * // Link using a popup.\n * const provider = new FacebookAuthProvider();\n * await linkWithPopup(result.user, provider);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function linkWithPopup(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n\n const action = new PopupOperation(\n userInternal.auth,\n AuthEventType.LINK_VIA_POPUP,\n provider,\n resolverInternal,\n userInternal\n );\n return action.executeNotNull();\n}\n\n/**\n * Popup event manager. Handles the popup's entire lifecycle; listens to auth\n * events\n *\n */\nclass PopupOperation extends AbstractPopupRedirectOperation {\n // Only one popup is ever shown at once. The lifecycle of the current popup\n // can be managed / cancelled by the constructor.\n private static currentPopupAction: PopupOperation | null = null;\n private authWindow: AuthPopup | null = null;\n private pollId: number | null = null;\n\n constructor(\n auth: AuthInternal,\n filter: AuthEventType,\n private readonly provider: AuthProvider,\n resolver: PopupRedirectResolverInternal,\n user?: UserInternal\n ) {\n super(auth, filter, resolver, user);\n if (PopupOperation.currentPopupAction) {\n PopupOperation.currentPopupAction.cancel();\n }\n\n PopupOperation.currentPopupAction = this;\n }\n\n async executeNotNull(): Promise<UserCredential> {\n const result = await this.execute();\n _assert(result, this.auth, AuthErrorCode.INTERNAL_ERROR);\n return result;\n }\n\n async onExecution(): Promise<void> {\n debugAssert(\n this.filter.length === 1,\n 'Popup operations only handle one event'\n );\n const eventId = _generateEventId();\n this.authWindow = await this.resolver._openPopup(\n this.auth,\n this.provider,\n this.filter[0], // There's always one, see constructor\n eventId\n );\n this.authWindow.associatedEvent = eventId;\n\n // Check for web storage support and origin validation _after_ the popup is\n // loaded. These operations are slow (~1 second or so) Rather than\n // waiting on them before opening the window, optimistically open the popup\n // and check for storage support at the same time. If storage support is\n // not available, this will cause the whole thing to reject properly. It\n // will also close the popup, but since the promise has already rejected,\n // the popup closed by user poll will reject into the void.\n this.resolver._originValidation(this.auth).catch(e => {\n this.reject(e);\n });\n\n this.resolver._isIframeWebStorageSupported(this.auth, isSupported => {\n if (!isSupported) {\n this.reject(\n _createError(this.auth, AuthErrorCode.WEB_STORAGE_UNSUPPORTED)\n );\n }\n });\n\n // Handle user closure. Notice this does *not* use await\n this.pollUserCancellation();\n }\n\n get eventId(): string | null {\n return this.authWindow?.associatedEvent || null;\n }\n\n cancel(): void {\n this.reject(_createError(this.auth, AuthErrorCode.EXPIRED_POPUP_REQUEST));\n }\n\n cleanUp(): void {\n if (this.authWindow) {\n this.authWindow.close();\n }\n\n if (this.pollId) {\n window.clearTimeout(this.pollId);\n }\n\n this.authWindow = null;\n this.pollId = null;\n PopupOperation.currentPopupAction = null;\n }\n\n private pollUserCancellation(): void {\n const poll = (): void => {\n if (this.authWindow?.window?.closed) {\n // Make sure that there is sufficient time for whatever action to\n // complete. The window could have closed but the sign in network\n // call could still be in flight. This is specifically true for\n // Firefox or if the opener is in an iframe, in which case the oauth\n // helper closes the popup.\n this.pollId = window.setTimeout(() => {\n this.pollId = null;\n this.reject(\n _createError(this.auth, AuthErrorCode.POPUP_CLOSED_BY_USER)\n );\n }, _Timeout.AUTH_EVENT);\n return;\n }\n\n this.pollId = window.setTimeout(poll, _POLL_WINDOW_CLOSE_TIMEOUT.get());\n };\n\n poll();\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthInternal } from '../../model/auth';\nimport {\n AuthEvent,\n AuthEventType,\n PopupRedirectResolverInternal\n} from '../../model/popup_redirect';\nimport { UserCredentialInternal } from '../../model/user';\nimport { PersistenceInternal } from '../persistence';\nimport { _persistenceKeyName } from '../persistence/persistence_user_manager';\nimport { _getInstance } from '../util/instantiator';\nimport { AbstractPopupRedirectOperation } from './abstract_popup_redirect_operation';\n\nconst PENDING_REDIRECT_KEY = 'pendingRedirect';\n\n// We only get one redirect outcome for any one auth, so just store it\n// in here.\nconst redirectOutcomeMap: Map<\n string,\n () => Promise<UserCredentialInternal | null>\n> = new Map();\n\nexport class RedirectAction extends AbstractPopupRedirectOperation {\n eventId = null;\n\n constructor(\n auth: AuthInternal,\n resolver: PopupRedirectResolverInternal,\n bypassAuthState = false\n ) {\n super(\n auth,\n [\n AuthEventType.SIGN_IN_VIA_REDIRECT,\n AuthEventType.LINK_VIA_REDIRECT,\n AuthEventType.REAUTH_VIA_REDIRECT,\n AuthEventType.UNKNOWN\n ],\n resolver,\n undefined,\n bypassAuthState\n );\n }\n\n /**\n * Override the execute function; if we already have a redirect result, then\n * just return it.\n */\n async execute(): Promise<UserCredentialInternal | null> {\n let readyOutcome = redirectOutcomeMap.get(this.auth._key());\n if (!readyOutcome) {\n try {\n const hasPendingRedirect = await _getAndClearPendingRedirectStatus(\n this.resolver,\n this.auth\n );\n const result = hasPendingRedirect ? await super.execute() : null;\n readyOutcome = () => Promise.resolve(result);\n } catch (e) {\n readyOutcome = () => Promise.reject(e);\n }\n\n redirectOutcomeMap.set(this.auth._key(), readyOutcome);\n }\n\n // If we're not bypassing auth state, the ready outcome should be set to\n // null.\n if (!this.bypassAuthState) {\n redirectOutcomeMap.set(this.auth._key(), () => Promise.resolve(null));\n }\n\n return readyOutcome();\n }\n\n async onAuthEvent(event: AuthEvent): Promise<void> {\n if (event.type === AuthEventType.SIGN_IN_VIA_REDIRECT) {\n return super.onAuthEvent(event);\n } else if (event.type === AuthEventType.UNKNOWN) {\n // This is a sentinel value indicating there's no pending redirect\n this.resolve(null);\n return;\n }\n\n if (event.eventId) {\n const user = await this.auth._redirectUserForId(event.eventId);\n if (user) {\n this.user = user;\n return super.onAuthEvent(event);\n } else {\n this.resolve(null);\n }\n }\n }\n\n async onExecution(): Promise<void> {}\n\n cleanUp(): void {}\n}\n\nexport async function _getAndClearPendingRedirectStatus(\n resolver: PopupRedirectResolverInternal,\n auth: AuthInternal\n): Promise<boolean> {\n const key = pendingRedirectKey(auth);\n const persistence = resolverPersistence(resolver);\n if (!(await persistence._isAvailable())) {\n return false;\n }\n const hasPendingRedirect = (await persistence._get(key)) === 'true';\n await persistence._remove(key);\n return hasPendingRedirect;\n}\n\nexport async function _setPendingRedirectStatus(\n resolver: PopupRedirectResolverInternal,\n auth: AuthInternal\n): Promise<void> {\n return resolverPersistence(resolver)._set(pendingRedirectKey(auth), 'true');\n}\n\nexport function _clearRedirectOutcomes(): void {\n redirectOutcomeMap.clear();\n}\n\nexport function _overrideRedirectResult(\n auth: AuthInternal,\n result: () => Promise<UserCredentialInternal | null>\n): void {\n redirectOutcomeMap.set(auth._key(), result);\n}\n\nfunction resolverPersistence(\n resolver: PopupRedirectResolverInternal\n): PersistenceInternal {\n return _getInstance(resolver._redirectPersistence);\n}\n\nfunction pendingRedirectKey(auth: AuthInternal): string {\n return _persistenceKeyName(\n PENDING_REDIRECT_KEY,\n auth.config.apiKey,\n auth.name\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n Auth,\n AuthProvider,\n PopupRedirectResolver,\n User,\n UserCredential\n} from '../../model/public_types';\n\nimport { _castAuth } from '../../core/auth/auth_impl';\nimport { _assertLinkedStatus } from '../../core/user/link_unlink';\nimport { _assertInstanceOf } from '../../core/util/assert';\nimport { _generateEventId } from '../../core/util/event_id';\nimport { AuthEventType } from '../../model/popup_redirect';\nimport { UserInternal } from '../../model/user';\nimport { _withDefaultResolver } from '../../core/util/resolver';\nimport {\n RedirectAction,\n _setPendingRedirectStatus\n} from '../../core/strategies/redirect';\nimport { FederatedAuthProvider } from '../../core/providers/federated';\nimport { getModularInstance } from '@firebase/util';\n\n/**\n * Authenticates a Firebase client using a full-page redirect flow.\n *\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link signInWithRedirect}.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // You can add additional scopes to the provider:\n * provider.addScope('user_birthday');\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * // As this API can be used for sign-in, linking and reauthentication,\n * // check the operationType to determine what triggered this redirect\n * // operation.\n * const operationType = result.operationType;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function signInWithRedirect(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _signInWithRedirect(auth, provider, resolver) as Promise<never>;\n}\n\nexport async function _signInWithRedirect(\n auth: Auth,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n const authInternal = _castAuth(auth);\n _assertInstanceOf(auth, provider, FederatedAuthProvider);\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await authInternal._initializationPromise;\n const resolverInternal = _withDefaultResolver(authInternal, resolver);\n await _setPendingRedirectStatus(resolverInternal, authInternal);\n\n return resolverInternal._openRedirect(\n authInternal,\n provider,\n AuthEventType.SIGN_IN_VIA_REDIRECT\n );\n}\n\n/**\n * Reauthenticates the current user with the specified {@link OAuthProvider} using a full-page redirect flow.\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link reauthenticateWithRedirect}.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * const result = await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * // Reauthenticate using a redirect.\n * await reauthenticateWithRedirect(result.user, provider);\n * // This will again trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function reauthenticateWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _reauthenticateWithRedirect(\n user,\n provider,\n resolver\n ) as Promise<never>;\n}\nexport async function _reauthenticateWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await userInternal.auth._initializationPromise;\n // Allow the resolver to error before persisting the redirect user\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n await _setPendingRedirectStatus(resolverInternal, userInternal.auth);\n\n const eventId = await prepareUserForRedirect(userInternal);\n return resolverInternal._openRedirect(\n userInternal.auth,\n provider,\n AuthEventType.REAUTH_VIA_REDIRECT,\n eventId\n );\n}\n\n/**\n * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.\n * @remarks\n * To handle the results and errors for this operation, refer to {@link getRedirectResult}.\n * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices\n * | best practices} when using {@link linkWithRedirect}.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using some other provider.\n * const result = await signInWithEmailAndPassword(auth, email, password);\n * // Link using a redirect.\n * const provider = new FacebookAuthProvider();\n * await linkWithRedirect(result.user, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * ```\n *\n * @param user - The user.\n * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.\n * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport function linkWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<never> {\n return _linkWithRedirect(user, provider, resolver) as Promise<never>;\n}\nexport async function _linkWithRedirect(\n user: User,\n provider: AuthProvider,\n resolver?: PopupRedirectResolver\n): Promise<void | never> {\n const userInternal = getModularInstance(user) as UserInternal;\n _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);\n // Wait for auth initialization to complete, this will process pending redirects and clear the\n // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new\n // redirect and creating a PENDING_REDIRECT_KEY entry.\n await userInternal.auth._initializationPromise;\n // Allow the resolver to error before persisting the redirect user\n const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);\n await _assertLinkedStatus(false, userInternal, provider.providerId);\n await _setPendingRedirectStatus(resolverInternal, userInternal.auth);\n\n const eventId = await prepareUserForRedirect(userInternal);\n return resolverInternal._openRedirect(\n userInternal.auth,\n provider,\n AuthEventType.LINK_VIA_REDIRECT,\n eventId\n );\n}\n\n/**\n * Returns a {@link UserCredential} from the redirect-based sign-in flow.\n *\n * @remarks\n * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an\n * error. If no redirect operation was called, returns `null`.\n *\n * This method does not work in a Node.js environment.\n *\n * @example\n * ```javascript\n * // Sign in using a redirect.\n * const provider = new FacebookAuthProvider();\n * // You can add additional scopes to the provider:\n * provider.addScope('user_birthday');\n * // Start a sign in process for an unauthenticated user.\n * await signInWithRedirect(auth, provider);\n * // This will trigger a full page redirect away from your app\n *\n * // After returning from the redirect when your app initializes you can obtain the result\n * const result = await getRedirectResult(auth);\n * if (result) {\n * // This is the signed-in user\n * const user = result.user;\n * // This gives you a Facebook Access Token.\n * const credential = provider.credentialFromResult(auth, result);\n * const token = credential.accessToken;\n * }\n * // As this API can be used for sign-in, linking and reauthentication,\n * // check the operationType to determine what triggered this redirect\n * // operation.\n * const operationType = result.operationType;\n * ```\n *\n * @param auth - The {@link Auth} instance.\n * @param resolver - An instance of {@link PopupRedirectResolver}, optional\n * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.\n *\n * @public\n */\nexport async function getRedirectResult(\n auth: Auth,\n resolver?: PopupRedirectResolver\n): Promise<UserCredential | null> {\n await _castAuth(auth)._initializationPromise;\n return _getRedirectResult(auth, resolver, false);\n}\n\nexport async function _getRedirectResult(\n auth: Auth,\n resolverExtern?: PopupRedirectResolver,\n bypassAuthState = false\n): Promise<UserCredential | null> {\n const authInternal = _castAuth(auth);\n const resolver = _withDefaultResolver(authInternal, resolverExtern);\n const action = new RedirectAction(authInternal, resolver, bypassAuthState);\n const result = await action.execute();\n\n if (result && !bypassAuthState) {\n delete result.user._redirectEventId;\n await authInternal._persistUserIfCurrent(result.user as UserInternal);\n await authInternal._setRedirectUser(null, resolverExtern);\n }\n\n return result;\n}\n\nasync function prepareUserForRedirect(user: UserInternal): Promise<string> {\n const eventId = _generateEventId(`${user.uid}:::`);\n user._redirectEventId = eventId;\n await user.auth._setRedirectUser(user);\n await user.auth._persistUserIfCurrent(user);\n return eventId;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthEvent,\n AuthEventConsumer,\n AuthEventType,\n EventManager\n} from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { AuthInternal } from '../../model/auth';\nimport { _createError } from '../util/assert';\n\n// The amount of time to store the UIDs of seen events; this is\n// set to 10 min by default\nconst EVENT_DUPLICATION_CACHE_DURATION_MS = 10 * 60 * 1000;\n\nexport class AuthEventManager implements EventManager {\n private readonly cachedEventUids: Set<string> = new Set();\n private readonly consumers: Set<AuthEventConsumer> = new Set();\n protected queuedRedirectEvent: AuthEvent | null = null;\n protected hasHandledPotentialRedirect = false;\n private lastProcessedEventTime = Date.now();\n\n constructor(private readonly auth: AuthInternal) {}\n\n registerConsumer(authEventConsumer: AuthEventConsumer): void {\n this.consumers.add(authEventConsumer);\n\n if (\n this.queuedRedirectEvent &&\n this.isEventForConsumer(this.queuedRedirectEvent, authEventConsumer)\n ) {\n this.sendToConsumer(this.queuedRedirectEvent, authEventConsumer);\n this.saveEventToCache(this.queuedRedirectEvent);\n this.queuedRedirectEvent = null;\n }\n }\n\n unregisterConsumer(authEventConsumer: AuthEventConsumer): void {\n this.consumers.delete(authEventConsumer);\n }\n\n onEvent(event: AuthEvent): boolean {\n // Check if the event has already been handled\n if (this.hasEventBeenHandled(event)) {\n return false;\n }\n\n let handled = false;\n this.consumers.forEach(consumer => {\n if (this.isEventForConsumer(event, consumer)) {\n handled = true;\n this.sendToConsumer(event, consumer);\n this.saveEventToCache(event);\n }\n });\n\n if (this.hasHandledPotentialRedirect || !isRedirectEvent(event)) {\n // If we've already seen a redirect before, or this is a popup event,\n // bail now\n return handled;\n }\n\n this.hasHandledPotentialRedirect = true;\n\n // If the redirect wasn't handled, hang on to it\n if (!handled) {\n this.queuedRedirectEvent = event;\n handled = true;\n }\n\n return handled;\n }\n\n private sendToConsumer(event: AuthEvent, consumer: AuthEventConsumer): void {\n if (event.error && !isNullRedirectEvent(event)) {\n const code =\n (event.error.code?.split('auth/')[1] as AuthErrorCode) ||\n AuthErrorCode.INTERNAL_ERROR;\n consumer.onError(_createError(this.auth, code));\n } else {\n consumer.onAuthEvent(event);\n }\n }\n\n private isEventForConsumer(\n event: AuthEvent,\n consumer: AuthEventConsumer\n ): boolean {\n const eventIdMatches =\n consumer.eventId === null ||\n (!!event.eventId && event.eventId === consumer.eventId);\n return consumer.filter.includes(event.type) && eventIdMatches;\n }\n\n private hasEventBeenHandled(event: AuthEvent): boolean {\n if (\n Date.now() - this.lastProcessedEventTime >=\n EVENT_DUPLICATION_CACHE_DURATION_MS\n ) {\n this.cachedEventUids.clear();\n }\n\n return this.cachedEventUids.has(eventUid(event));\n }\n\n private saveEventToCache(event: AuthEvent): void {\n this.cachedEventUids.add(eventUid(event));\n this.lastProcessedEventTime = Date.now();\n }\n}\n\nfunction eventUid(e: AuthEvent): string {\n return [e.type, e.eventId, e.sessionId, e.tenantId].filter(v => v).join('-');\n}\n\nfunction isNullRedirectEvent({ type, error }: AuthEvent): boolean {\n return (\n type === AuthEventType.UNKNOWN &&\n error?.code === `auth/${AuthErrorCode.NO_AUTH_EVENT}`\n );\n}\n\nfunction isRedirectEvent(event: AuthEvent): boolean {\n switch (event.type) {\n case AuthEventType.SIGN_IN_VIA_REDIRECT:\n case AuthEventType.LINK_VIA_REDIRECT:\n case AuthEventType.REAUTH_VIA_REDIRECT:\n return true;\n case AuthEventType.UNKNOWN:\n return isNullRedirectEvent(event);\n default:\n return false;\n }\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _getProjectConfig } from '../../api/project_config/get_project_config';\nimport { AuthInternal } from '../../model/auth';\nimport { AuthErrorCode } from '../errors';\nimport { _fail } from './assert';\nimport { _getCurrentUrl } from './location';\n\nconst IP_ADDRESS_REGEX = /^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/;\nconst HTTP_REGEX = /^https?/;\n\nexport async function _validateOrigin(auth: AuthInternal): Promise<void> {\n // Skip origin validation if we are in an emulated environment\n if (auth.config.emulator) {\n return;\n }\n\n const { authorizedDomains } = await _getProjectConfig(auth);\n\n for (const domain of authorizedDomains) {\n try {\n if (matchDomain(domain)) {\n return;\n }\n } catch {\n // Do nothing if there's a URL error; just continue searching\n }\n }\n\n // In the old SDK, this error also provides helpful messages.\n _fail(auth, AuthErrorCode.INVALID_ORIGIN);\n}\n\nfunction matchDomain(expected: string): boolean {\n const currentUrl = _getCurrentUrl();\n const { protocol, hostname } = new URL(currentUrl);\n if (expected.startsWith('chrome-extension://')) {\n const ceUrl = new URL(expected);\n\n if (ceUrl.hostname === '' && hostname === '') {\n // For some reason we're not parsing chrome URLs properly\n return (\n protocol === 'chrome-extension:' &&\n expected.replace('chrome-extension://', '') ===\n currentUrl.replace('chrome-extension://', '')\n );\n }\n\n return protocol === 'chrome-extension:' && ceUrl.hostname === hostname;\n }\n\n if (!HTTP_REGEX.test(protocol)) {\n return false;\n }\n\n if (IP_ADDRESS_REGEX.test(expected)) {\n // The domain has to be exactly equal to the pattern, as an IP domain will\n // only contain the IP, no extra character.\n return hostname === expected;\n }\n\n // Dots in pattern should be escaped.\n const escapedDomainPattern = expected.replace(/\\./g, '\\\\.');\n // Non ip address domains.\n // domain.com = *.domain.com OR domain.com\n const re = new RegExp(\n '^(.+\\\\.' + escapedDomainPattern + '|' + escapedDomainPattern + ')$',\n 'i'\n );\n return re.test(hostname);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _performApiRequest, Endpoint, HttpMethod } from '../index';\nimport { Auth } from '../../model/public_types';\n\nexport interface GetProjectConfigRequest {\n androidPackageName?: string;\n iosBundleId?: string;\n}\n\nexport interface GetProjectConfigResponse {\n authorizedDomains: string[];\n}\n\nexport async function _getProjectConfig(\n auth: Auth,\n request: GetProjectConfigRequest = {}\n): Promise<GetProjectConfigResponse> {\n return _performApiRequest<GetProjectConfigRequest, GetProjectConfigResponse>(\n auth,\n HttpMethod.GET,\n Endpoint.GET_PROJECT_CONFIG,\n request\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _createError } from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport * as js from '../load_js';\n\nconst NETWORK_TIMEOUT = new Delay(30000, 60000);\n\n/**\n * Reset unlaoded GApi modules. If gapi.load fails due to a network error,\n * it will stop working after a retrial. This is a hack to fix this issue.\n */\nfunction resetUnloadedGapiModules(): void {\n // Clear last failed gapi.load state to force next gapi.load to first\n // load the failed gapi.iframes module.\n // Get gapix.beacon context.\n const beacon = _window().___jsl;\n // Get current hint.\n if (beacon?.H) {\n // Get gapi hint.\n for (const hint of Object.keys(beacon.H)) {\n // Requested modules.\n beacon.H[hint].r = beacon.H[hint].r || [];\n // Loaded modules.\n beacon.H[hint].L = beacon.H[hint].L || [];\n // Set requested modules to a copy of the loaded modules.\n beacon.H[hint].r = [...beacon.H[hint].L];\n // Clear pending callbacks.\n if (beacon.CP) {\n for (let i = 0; i < beacon.CP.length; i++) {\n // Remove all failed pending callbacks.\n beacon.CP[i] = null;\n }\n }\n }\n }\n}\n\nfunction loadGapi(auth: AuthInternal): Promise<gapi.iframes.Context> {\n return new Promise<gapi.iframes.Context>((resolve, reject) => {\n // Function to run when gapi.load is ready.\n function loadGapiIframe(): void {\n // The developer may have tried to previously run gapi.load and failed.\n // Run this to fix that.\n resetUnloadedGapiModules();\n gapi.load('gapi.iframes', {\n callback: () => {\n resolve(gapi.iframes.getContext());\n },\n ontimeout: () => {\n // The above reset may be sufficient, but having this reset after\n // failure ensures that if the developer calls gapi.load after the\n // connection is re-established and before another attempt to embed\n // the iframe, it would work and would not be broken because of our\n // failed attempt.\n // Timeout when gapi.iframes.Iframe not loaded.\n resetUnloadedGapiModules();\n reject(_createError(auth, AuthErrorCode.NETWORK_REQUEST_FAILED));\n },\n timeout: NETWORK_TIMEOUT.get()\n });\n }\n\n if (_window().gapi?.iframes?.Iframe) {\n // If gapi.iframes.Iframe available, resolve.\n resolve(gapi.iframes.getContext());\n } else if (!!_window().gapi?.load) {\n // Gapi loader ready, load gapi.iframes.\n loadGapiIframe();\n } else {\n // Create a new iframe callback when this is called so as not to overwrite\n // any previous defined callback. This happens if this method is called\n // multiple times in parallel and could result in the later callback\n // overwriting the previous one. This would end up with a iframe\n // timeout.\n const cbName = js._generateCallbackName('iframefcb');\n // GApi loader not available, dynamically load platform.js.\n _window()[cbName] = () => {\n // GApi loader should be ready.\n if (!!gapi.load) {\n loadGapiIframe();\n } else {\n // Gapi loader failed, throw error.\n reject(_createError(auth, AuthErrorCode.NETWORK_REQUEST_FAILED));\n }\n };\n // Load GApi loader.\n return js\n ._loadJS(`${js._gapiScriptUrl()}?onload=${cbName}`)\n .catch(e => reject(e));\n }\n }).catch(error => {\n // Reset cached promise to allow for retrial.\n cachedGApiLoader = null;\n throw error;\n });\n}\n\nlet cachedGApiLoader: Promise<gapi.iframes.Context> | null = null;\nexport function _loadGapi(auth: AuthInternal): Promise<gapi.iframes.Context> {\n cachedGApiLoader = cachedGApiLoader || loadGapi(auth);\n return cachedGApiLoader;\n}\n\nexport function _resetLoader(): void {\n cachedGApiLoader = null;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { querystring } from '@firebase/util';\nimport { DefaultConfig } from '../../../internal';\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert, _createError } from '../../core/util/assert';\nimport { Delay } from '../../core/util/delay';\nimport { _emulatorUrl } from '../../core/util/emulator';\nimport { AuthInternal } from '../../model/auth';\nimport { _window } from '../auth_window';\nimport * as gapiLoader from './gapi';\n\nconst PING_TIMEOUT = new Delay(5000, 15000);\nconst IFRAME_PATH = '__/auth/iframe';\nconst EMULATED_IFRAME_PATH = 'emulator/auth/iframe';\n\nconst IFRAME_ATTRIBUTES = {\n style: {\n position: 'absolute',\n top: '-100px',\n width: '1px',\n height: '1px'\n },\n 'aria-hidden': 'true',\n tabindex: '-1'\n};\n\n// Map from apiHost to endpoint ID for passing into iframe. In current SDK, apiHost can be set to\n// anything (not from a list of endpoints with IDs as in legacy), so this is the closest we can get.\nconst EID_FROM_APIHOST = new Map([\n [DefaultConfig.API_HOST, 'p'], // production\n ['staging-identitytoolkit.sandbox.googleapis.com', 's'], // staging\n ['test-identitytoolkit.sandbox.googleapis.com', 't'] // test\n]);\n\nfunction getIframeUrl(auth: AuthInternal): string {\n const config = auth.config;\n _assert(config.authDomain, auth, AuthErrorCode.MISSING_AUTH_DOMAIN);\n const url = config.emulator\n ? _emulatorUrl(config, EMULATED_IFRAME_PATH)\n : `https://${auth.config.authDomain}/${IFRAME_PATH}`;\n\n const params: Record<string, string> = {\n apiKey: config.apiKey,\n appName: auth.name,\n v: SDK_VERSION\n };\n const eid = EID_FROM_APIHOST.get(auth.config.apiHost);\n if (eid) {\n params.eid = eid;\n }\n const frameworks = auth._getFrameworks();\n if (frameworks.length) {\n params.fw = frameworks.join(',');\n }\n return `${url}?${querystring(params).slice(1)}`;\n}\n\nexport async function _openIframe(\n auth: AuthInternal\n): Promise<gapi.iframes.Iframe> {\n const context = await gapiLoader._loadGapi(auth);\n const gapi = _window().gapi;\n _assert(gapi, auth, AuthErrorCode.INTERNAL_ERROR);\n return context.open(\n {\n where: document.body,\n url: getIframeUrl(auth),\n messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER,\n attributes: IFRAME_ATTRIBUTES,\n dontclear: true\n },\n (iframe: gapi.iframes.Iframe) =>\n new Promise(async (resolve, reject) => {\n await iframe.restyle({\n // Prevent iframe from closing on mouse out.\n setHideOnLeave: false\n });\n\n const networkError = _createError(\n auth,\n AuthErrorCode.NETWORK_REQUEST_FAILED\n );\n // Confirm iframe is correctly loaded.\n // To fallback on failure, set a timeout.\n const networkErrorTimer = _window().setTimeout(() => {\n reject(networkError);\n }, PING_TIMEOUT.get());\n // Clear timer and resolve pending iframe ready promise.\n function clearTimerAndResolve(): void {\n _window().clearTimeout(networkErrorTimer);\n resolve(iframe);\n }\n // This returns an IThenable. However the reject part does not call\n // when the iframe is not loaded.\n iframe.ping(clearTimerAndResolve).then(clearTimerAndResolve, () => {\n reject(networkError);\n });\n })\n );\n}\n","/**\n * @license\n * Copyright 2020 Google LLC.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getUA } from '@firebase/util';\n\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\nimport {\n _isChromeIOS,\n _isFirefox,\n _isIOSStandalone\n} from '../../core/util/browser';\nimport { AuthInternal } from '../../model/auth';\n\nconst BASE_POPUP_OPTIONS = {\n location: 'yes',\n resizable: 'yes',\n statusbar: 'yes',\n toolbar: 'no'\n};\n\nconst DEFAULT_WIDTH = 500;\nconst DEFAULT_HEIGHT = 600;\nconst TARGET_BLANK = '_blank';\n\nconst FIREFOX_EMPTY_URL = 'http://localhost';\n\nexport class AuthPopup {\n associatedEvent: string | null = null;\n\n constructor(readonly window: Window | null) {}\n\n close(): void {\n if (this.window) {\n try {\n this.window.close();\n } catch (e) {}\n }\n }\n}\n\nexport function _open(\n auth: AuthInternal,\n url?: string,\n name?: string,\n width = DEFAULT_WIDTH,\n height = DEFAULT_HEIGHT\n): AuthPopup {\n const top = Math.max((window.screen.availHeight - height) / 2, 0).toString();\n const left = Math.max((window.screen.availWidth - width) / 2, 0).toString();\n let target = '';\n\n const options: { [key: string]: string } = {\n ...BASE_POPUP_OPTIONS,\n width: width.toString(),\n height: height.toString(),\n top,\n left\n };\n\n // Chrome iOS 7 and 8 is returning an undefined popup win when target is\n // specified, even though the popup is not necessarily blocked.\n const ua = getUA().toLowerCase();\n\n if (name) {\n target = _isChromeIOS(ua) ? TARGET_BLANK : name;\n }\n\n if (_isFirefox(ua)) {\n // Firefox complains when invalid URLs are popped out. Hacky way to bypass.\n url = url || FIREFOX_EMPTY_URL;\n // Firefox disables by default scrolling on popup windows, which can create\n // issues when the user has many Google accounts, for instance.\n options.scrollbars = 'yes';\n }\n\n const optionsString = Object.entries(options).reduce(\n (accum, [key, value]) => `${accum}${key}=${value},`,\n ''\n );\n\n if (_isIOSStandalone(ua) && target !== '_self') {\n openAsNewWindowIOS(url || '', target);\n return new AuthPopup(null);\n }\n\n // about:blank getting sanitized causing browsers like IE/Edge to display\n // brief error message before redirecting to handler.\n const newWin = window.open(url || '', target, optionsString);\n _assert(newWin, auth, AuthErrorCode.POPUP_BLOCKED);\n\n // Flaky on IE edge, encapsulate with a try and catch.\n try {\n newWin.focus();\n } catch (e) {}\n\n return new AuthPopup(newWin);\n}\n\nfunction openAsNewWindowIOS(url: string, target: string): void {\n const el = document.createElement('a');\n el.href = url;\n el.target = target;\n const click = document.createEvent('MouseEvent');\n click.initMouseEvent(\n 'click',\n true,\n true,\n window,\n 1,\n 0,\n 0,\n 0,\n 0,\n false,\n false,\n false,\n false,\n 1,\n null\n );\n el.dispatchEvent(click);\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { SDK_VERSION } from '@firebase/app';\nimport { AuthProvider } from '../../model/public_types';\nimport { ApiKey, AppName, AuthInternal } from '../../model/auth';\nimport { AuthEventType } from '../../model/popup_redirect';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from './assert';\nimport { isEmpty, querystring } from '@firebase/util';\nimport { _emulatorUrl } from './emulator';\nimport { FederatedAuthProvider } from '../providers/federated';\nimport { BaseOAuthProvider } from '../providers/oauth';\n\n/**\n * URL for Authentication widget which will initiate the OAuth handshake\n *\n * @internal\n */\nconst WIDGET_PATH = '__/auth/handler';\n\n/**\n * URL for emulated environment\n *\n * @internal\n */\nconst EMULATOR_WIDGET_PATH = 'emulator/auth/handler';\n\n/**\n * Fragment name for the App Check token that gets passed to the widget\n *\n * @internal\n */\nconst FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');\n\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\ntype WidgetParams = {\n apiKey: ApiKey;\n appName: AppName;\n authType: AuthEventType;\n redirectUrl?: string;\n v: string;\n providerId?: string;\n scopes?: string;\n customParameters?: string;\n eventId?: string;\n tid?: string;\n} & { [key: string]: string | undefined };\n\nexport async function _getRedirectUrl(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n redirectUrl?: string,\n eventId?: string,\n additionalParams?: Record<string, string>\n): Promise<string> {\n _assert(auth.config.authDomain, auth, AuthErrorCode.MISSING_AUTH_DOMAIN);\n _assert(auth.config.apiKey, auth, AuthErrorCode.INVALID_API_KEY);\n\n const params: WidgetParams = {\n apiKey: auth.config.apiKey,\n appName: auth.name,\n authType,\n redirectUrl,\n v: SDK_VERSION,\n eventId\n };\n\n if (provider instanceof FederatedAuthProvider) {\n provider.setDefaultLanguage(auth.languageCode);\n params.providerId = provider.providerId || '';\n if (!isEmpty(provider.getCustomParameters())) {\n params.customParameters = JSON.stringify(provider.getCustomParameters());\n }\n\n // TODO set additionalParams from the provider as well?\n for (const [key, value] of Object.entries(additionalParams || {})) {\n params[key] = value;\n }\n }\n\n if (provider instanceof BaseOAuthProvider) {\n const scopes = provider.getScopes().filter(scope => scope !== '');\n if (scopes.length > 0) {\n params.scopes = scopes.join(',');\n }\n }\n\n if (auth.tenantId) {\n params.tid = auth.tenantId;\n }\n\n // TODO: maybe set eid as endipointId\n // TODO: maybe set fw as Frameworks.join(\",\")\n\n const paramsDict = params as Record<string, string | number>;\n for (const key of Object.keys(paramsDict)) {\n if (paramsDict[key] === undefined) {\n delete paramsDict[key];\n }\n }\n\n // Sets the App Check token to pass to the widget\n const appCheckToken = await auth._getAppCheckToken();\n const appCheckTokenFragment = appCheckToken\n ? `#${FIREBASE_APP_CHECK_FRAGMENT_ID}=${encodeURIComponent(appCheckToken)}`\n : '';\n\n // Start at index 1 to skip the leading '&' in the query string\n return `${getHandlerBase(auth)}?${querystring(paramsDict).slice(\n 1\n )}${appCheckTokenFragment}`;\n}\n\nfunction getHandlerBase({ config }: AuthInternal): string {\n if (!config.emulator) {\n return `https://${config.authDomain}/${WIDGET_PATH}`;\n }\n\n return _emulatorUrl(config, EMULATOR_WIDGET_PATH);\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthProvider, PopupRedirectResolver } from '../model/public_types';\n\nimport { AuthEventManager } from '../core/auth/auth_event_manager';\nimport { AuthErrorCode } from '../core/errors';\nimport { _assert, debugAssert, _fail } from '../core/util/assert';\nimport { _generateEventId } from '../core/util/event_id';\nimport { _getCurrentUrl } from '../core/util/location';\nimport { _validateOrigin } from '../core/util/validate_origin';\nimport { AuthInternal } from '../model/auth';\nimport {\n AuthEventType,\n EventManager,\n GapiAuthEvent,\n GapiOutcome,\n PopupRedirectResolverInternal\n} from '../model/popup_redirect';\nimport { _setWindowLocation } from './auth_window';\nimport { _openIframe } from './iframe/iframe';\nimport { browserSessionPersistence } from './persistence/session_storage';\nimport { _open, AuthPopup } from './util/popup';\nimport { _getRedirectResult } from './strategies/redirect';\nimport { _getRedirectUrl } from '../core/util/handler';\nimport { _isIOS, _isMobileBrowser, _isSafari } from '../core/util/browser';\nimport { _overrideRedirectResult } from '../core/strategies/redirect';\n\n/**\n * The special web storage event\n *\n */\nconst WEB_STORAGE_SUPPORT_KEY = 'webStorageSupport';\n\ninterface WebStorageSupportMessage extends gapi.iframes.Message {\n [index: number]: Record<string, boolean>;\n}\n\ninterface ManagerOrPromise {\n manager?: EventManager;\n promise?: Promise<EventManager>;\n}\n\nclass BrowserPopupRedirectResolver implements PopupRedirectResolverInternal {\n private readonly eventManagers: Record<string, ManagerOrPromise> = {};\n private readonly iframes: Record<string, gapi.iframes.Iframe> = {};\n private readonly originValidationPromises: Record<string, Promise<void>> = {};\n\n readonly _redirectPersistence = browserSessionPersistence;\n\n // Wrapping in async even though we don't await anywhere in order\n // to make sure errors are raised as promise rejections\n async _openPopup(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n eventId?: string\n ): Promise<AuthPopup> {\n debugAssert(\n this.eventManagers[auth._key()]?.manager,\n '_initialize() not called before _openPopup()'\n );\n\n const url = await _getRedirectUrl(\n auth,\n provider,\n authType,\n _getCurrentUrl(),\n eventId\n );\n return _open(auth, url, _generateEventId());\n }\n\n async _openRedirect(\n auth: AuthInternal,\n provider: AuthProvider,\n authType: AuthEventType,\n eventId?: string\n ): Promise<never> {\n await this._originValidation(auth);\n const url = await _getRedirectUrl(\n auth,\n provider,\n authType,\n _getCurrentUrl(),\n eventId\n );\n _setWindowLocation(url);\n return new Promise(() => {});\n }\n\n _initialize(auth: AuthInternal): Promise<EventManager> {\n const key = auth._key();\n if (this.eventManagers[key]) {\n const { manager, promise } = this.eventManagers[key];\n if (manager) {\n return Promise.resolve(manager);\n } else {\n debugAssert(promise, 'If manager is not set, promise should be');\n return promise;\n }\n }\n\n const promise = this.initAndGetManager(auth);\n this.eventManagers[key] = { promise };\n\n // If the promise is rejected, the key should be removed so that the\n // operation can be retried later.\n promise.catch(() => {\n delete this.eventManagers[key];\n });\n\n return promise;\n }\n\n private async initAndGetManager(auth: AuthInternal): Promise<EventManager> {\n const iframe = await _openIframe(auth);\n const manager = new AuthEventManager(auth);\n iframe.register<GapiAuthEvent>(\n 'authEvent',\n (iframeEvent: GapiAuthEvent | null) => {\n _assert(iframeEvent?.authEvent, auth, AuthErrorCode.INVALID_AUTH_EVENT);\n // TODO: Consider splitting redirect and popup events earlier on\n\n const handled = manager.onEvent(iframeEvent.authEvent);\n return { status: handled ? GapiOutcome.ACK : GapiOutcome.ERROR };\n },\n gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER\n );\n\n this.eventManagers[auth._key()] = { manager };\n this.iframes[auth._key()] = iframe;\n return manager;\n }\n\n _isIframeWebStorageSupported(\n auth: AuthInternal,\n cb: (supported: boolean) => unknown\n ): void {\n const iframe = this.iframes[auth._key()];\n iframe.send<gapi.iframes.Message, WebStorageSupportMessage>(\n WEB_STORAGE_SUPPORT_KEY,\n { type: WEB_STORAGE_SUPPORT_KEY },\n result => {\n const isSupported = result?.[0]?.[WEB_STORAGE_SUPPORT_KEY];\n if (isSupported !== undefined) {\n cb(!!isSupported);\n }\n\n _fail(auth, AuthErrorCode.INTERNAL_ERROR);\n },\n gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER\n );\n }\n\n _originValidation(auth: AuthInternal): Promise<void> {\n const key = auth._key();\n if (!this.originValidationPromises[key]) {\n this.originValidationPromises[key] = _validateOrigin(auth);\n }\n\n return this.originValidationPromises[key];\n }\n\n get _shouldInitProactively(): boolean {\n // Mobile browsers and Safari need to optimistically initialize\n return _isMobileBrowser() || _isSafari() || _isIOS();\n }\n\n _completeRedirectFn = _getRedirectResult;\n\n _overrideRedirectResult = _overrideRedirectResult;\n}\n\n/**\n * An implementation of {@link PopupRedirectResolver} suitable for browser\n * based applications.\n *\n * @remarks\n * This method does not work in a Node.js environment.\n *\n * @public\n */\nexport const browserPopupRedirectResolver: PopupRedirectResolver =\n BrowserPopupRedirectResolver;\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { FactorId, MultiFactorAssertion } from '../model/public_types';\nimport { debugFail } from '../core/util/assert';\nimport { MultiFactorSessionImpl, MultiFactorSessionType } from './mfa_session';\nimport { FinalizeMfaResponse } from '../api/authentication/mfa';\nimport { AuthInternal } from '../model/auth';\n\nexport abstract class MultiFactorAssertionImpl implements MultiFactorAssertion {\n protected constructor(readonly factorId: FactorId) {}\n\n _process(\n auth: AuthInternal,\n session: MultiFactorSessionImpl,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse> {\n switch (session.type) {\n case MultiFactorSessionType.ENROLL:\n return this._finalizeEnroll(auth, session.credential, displayName);\n case MultiFactorSessionType.SIGN_IN:\n return this._finalizeSignIn(auth, session.credential);\n default:\n return debugFail('unexpected MultiFactorSessionType');\n }\n }\n\n abstract _finalizeEnroll(\n auth: AuthInternal,\n idToken: string,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse>;\n abstract _finalizeSignIn(\n auth: AuthInternal,\n mfaPendingCredential: string\n ): Promise<FinalizeMfaResponse>;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n FactorId,\n PhoneMultiFactorAssertion\n} from '../../../model/public_types';\n\nimport { MultiFactorAssertionImpl } from '../../../mfa/mfa_assertion';\nimport { AuthInternal } from '../../../model/auth';\nimport { finalizeEnrollPhoneMfa } from '../../../api/account_management/mfa';\nimport { PhoneAuthCredential } from '../../../core/credentials/phone';\nimport {\n finalizeSignInPhoneMfa,\n FinalizeMfaResponse\n} from '../../../api/authentication/mfa';\n\n/**\n * {@inheritdoc PhoneMultiFactorAssertion}\n *\n * @public\n */\nexport class PhoneMultiFactorAssertionImpl\n extends MultiFactorAssertionImpl\n implements PhoneMultiFactorAssertion\n{\n private constructor(private readonly credential: PhoneAuthCredential) {\n super(FactorId.PHONE);\n }\n\n /** @internal */\n static _fromCredential(\n credential: PhoneAuthCredential\n ): PhoneMultiFactorAssertionImpl {\n return new PhoneMultiFactorAssertionImpl(credential);\n }\n\n /** @internal */\n _finalizeEnroll(\n auth: AuthInternal,\n idToken: string,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse> {\n return finalizeEnrollPhoneMfa(auth, {\n idToken,\n displayName,\n phoneVerificationInfo: this.credential._makeVerificationRequest()\n });\n }\n\n /** @internal */\n _finalizeSignIn(\n auth: AuthInternal,\n mfaPendingCredential: string\n ): Promise<FinalizeMfaResponse> {\n return finalizeSignInPhoneMfa(auth, {\n mfaPendingCredential,\n phoneVerificationInfo: this.credential._makeVerificationRequest()\n });\n }\n}\n\n/**\n * Provider for generating a {@link PhoneMultiFactorAssertion}.\n *\n * @public\n */\nexport class PhoneMultiFactorGenerator {\n private constructor() {}\n\n /**\n * Provides a {@link PhoneMultiFactorAssertion} to confirm ownership of the phone second factor.\n *\n * @remarks\n * This method does not work in a Node.js environment.\n *\n * @param phoneAuthCredential - A credential provided by {@link PhoneAuthProvider.credential}.\n * @returns A {@link PhoneMultiFactorAssertion} which can be used with\n * {@link MultiFactorResolver.resolveSignIn}\n */\n static assertion(credential: PhoneAuthCredential): PhoneMultiFactorAssertion {\n return PhoneMultiFactorAssertionImpl._fromCredential(credential);\n }\n\n /**\n * The identifier of the phone second factor: `phone`.\n */\n static FACTOR_ID = 'phone';\n}\n","/**\n * @license\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n TotpMultiFactorAssertion,\n MultiFactorSession,\n FactorId\n} from '../../model/public_types';\nimport { AuthInternal } from '../../model/auth';\nimport {\n finalizeEnrollTotpMfa,\n startEnrollTotpMfa,\n StartTotpMfaEnrollmentResponse,\n TotpVerificationInfo\n} from '../../api/account_management/mfa';\nimport {\n FinalizeMfaResponse,\n finalizeSignInTotpMfa\n} from '../../api/authentication/mfa';\nimport { MultiFactorAssertionImpl } from '../../mfa/mfa_assertion';\nimport { MultiFactorSessionImpl } from '../mfa_session';\nimport { AuthErrorCode } from '../../core/errors';\nimport { _assert } from '../../core/util/assert';\n\n/**\n * Provider for generating a {@link TotpMultiFactorAssertion}.\n *\n * @public\n */\nexport class TotpMultiFactorGenerator {\n /**\n * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of\n * the TOTP (time-based one-time password) second factor.\n * This assertion is used to complete enrollment in TOTP second factor.\n *\n * @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.\n * @param oneTimePassword One-time password from TOTP App.\n * @returns A {@link TotpMultiFactorAssertion} which can be used with\n * {@link MultiFactorUser.enroll}.\n */\n static assertionForEnrollment(\n secret: TotpSecret,\n oneTimePassword: string\n ): TotpMultiFactorAssertion {\n return TotpMultiFactorAssertionImpl._fromSecret(secret, oneTimePassword);\n }\n\n /**\n * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.\n * This assertion is used to complete signIn with TOTP as the second factor.\n *\n * @param enrollmentId identifies the enrolled TOTP second factor.\n * @param oneTimePassword One-time password from TOTP App.\n * @returns A {@link TotpMultiFactorAssertion} which can be used with\n * {@link MultiFactorResolver.resolveSignIn}.\n */\n static assertionForSignIn(\n enrollmentId: string,\n oneTimePassword: string\n ): TotpMultiFactorAssertion {\n return TotpMultiFactorAssertionImpl._fromEnrollmentId(\n enrollmentId,\n oneTimePassword\n );\n }\n\n /**\n * Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.\n * Creates a TOTP secret as part of enrolling a TOTP second factor.\n * Used for generating a QR code URL or inputting into a TOTP app.\n * This method uses the auth instance corresponding to the user in the multiFactorSession.\n *\n * @param session The {@link MultiFactorSession} that the user is part of.\n * @returns A promise to {@link TotpSecret}.\n */\n static async generateSecret(\n session: MultiFactorSession\n ): Promise<TotpSecret> {\n const mfaSession = session as MultiFactorSessionImpl;\n _assert(\n typeof mfaSession.user?.auth !== 'undefined',\n AuthErrorCode.INTERNAL_ERROR\n );\n const response = await startEnrollTotpMfa(mfaSession.user.auth, {\n idToken: mfaSession.credential,\n totpEnrollmentInfo: {}\n });\n return TotpSecret._fromStartTotpMfaEnrollmentResponse(\n response,\n mfaSession.user.auth\n );\n }\n\n /**\n * The identifier of the TOTP second factor: `totp`.\n */\n static FACTOR_ID: 'totp' = FactorId.TOTP;\n}\n\nexport class TotpMultiFactorAssertionImpl\n extends MultiFactorAssertionImpl\n implements TotpMultiFactorAssertion\n{\n constructor(\n readonly otp: string,\n readonly enrollmentId?: string,\n readonly secret?: TotpSecret\n ) {\n super(FactorId.TOTP);\n }\n\n /** @internal */\n static _fromSecret(\n secret: TotpSecret,\n otp: string\n ): TotpMultiFactorAssertionImpl {\n return new TotpMultiFactorAssertionImpl(otp, undefined, secret);\n }\n\n /** @internal */\n static _fromEnrollmentId(\n enrollmentId: string,\n otp: string\n ): TotpMultiFactorAssertionImpl {\n return new TotpMultiFactorAssertionImpl(otp, enrollmentId);\n }\n\n /** @internal */\n async _finalizeEnroll(\n auth: AuthInternal,\n idToken: string,\n displayName?: string | null\n ): Promise<FinalizeMfaResponse> {\n _assert(\n typeof this.secret !== 'undefined',\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n return finalizeEnrollTotpMfa(auth, {\n idToken,\n displayName,\n totpVerificationInfo: this.secret._makeTotpVerificationInfo(this.otp)\n });\n }\n\n /** @internal */\n async _finalizeSignIn(\n auth: AuthInternal,\n mfaPendingCredential: string\n ): Promise<FinalizeMfaResponse> {\n _assert(\n this.enrollmentId !== undefined && this.otp !== undefined,\n auth,\n AuthErrorCode.ARGUMENT_ERROR\n );\n const totpVerificationInfo = { verificationCode: this.otp };\n return finalizeSignInTotpMfa(auth, {\n mfaPendingCredential,\n mfaEnrollmentId: this.enrollmentId,\n totpVerificationInfo\n });\n }\n}\n\n/**\n * Provider for generating a {@link TotpMultiFactorAssertion}.\n *\n * Stores the shared secret key and other parameters to generate time-based OTPs.\n * Implements methods to retrieve the shared secret key and generate a QR code URL.\n * @public\n */\nexport class TotpSecret {\n /**\n * Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.\n */\n readonly secretKey: string;\n /**\n * Hashing algorithm used.\n */\n readonly hashingAlgorithm: string;\n /**\n * Length of the one-time passwords to be generated.\n */\n readonly codeLength: number;\n /**\n * The interval (in seconds) when the OTP codes should change.\n */\n readonly codeIntervalSeconds: number;\n /**\n * The timestamp (UTC string) by which TOTP enrollment should be completed.\n */\n // This can be used by callers to show a countdown of when to enter OTP code by.\n readonly enrollmentCompletionDeadline: string;\n\n // The public members are declared outside the constructor so the docs can be generated.\n private constructor(\n secretKey: string,\n hashingAlgorithm: string,\n codeLength: number,\n codeIntervalSeconds: number,\n enrollmentCompletionDeadline: string,\n private readonly sessionInfo: string,\n private readonly auth: AuthInternal\n ) {\n this.secretKey = secretKey;\n this.hashingAlgorithm = hashingAlgorithm;\n this.codeLength = codeLength;\n this.codeIntervalSeconds = codeIntervalSeconds;\n this.enrollmentCompletionDeadline = enrollmentCompletionDeadline;\n }\n\n /** @internal */\n static _fromStartTotpMfaEnrollmentResponse(\n response: StartTotpMfaEnrollmentResponse,\n auth: AuthInternal\n ): TotpSecret {\n return new TotpSecret(\n response.totpSessionInfo.sharedSecretKey,\n response.totpSessionInfo.hashingAlgorithm,\n response.totpSessionInfo.verificationCodeLength,\n response.totpSessionInfo.periodSec,\n new Date(response.totpSessionInfo.finalizeEnrollmentTime).toUTCString(),\n response.totpSessionInfo.sessionInfo,\n auth\n );\n }\n\n /** @internal */\n _makeTotpVerificationInfo(otp: string): TotpVerificationInfo {\n return { sessionInfo: this.sessionInfo, verificationCode: otp };\n }\n\n /**\n * Returns a QR code URL as described in\n * https://github.com/google/google-authenticator/wiki/Key-Uri-Format\n * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.\n * If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.\n *\n * @param accountName the name of the account/app along with a user identifier.\n * @param issuer issuer of the TOTP (likely the app name).\n * @returns A QR code URL string.\n */\n generateQrCodeUrl(accountName?: string, issuer?: string): string {\n let useDefaults = false;\n if (_isEmptyString(accountName) || _isEmptyString(issuer)) {\n useDefaults = true;\n }\n if (useDefaults) {\n if (_isEmptyString(accountName)) {\n accountName = this.auth.currentUser?.email || 'unknownuser';\n }\n if (_isEmptyString(issuer)) {\n issuer = this.auth.name;\n }\n }\n return `otpauth://totp/${issuer}:${accountName}?secret=${this.secretKey}&issuer=${issuer}&algorithm=${this.hashingAlgorithm}&digits=${this.codeLength}`;\n }\n}\n\n/** @internal */\nfunction _isEmptyString(input?: string): boolean {\n return typeof input === 'undefined' || input?.length === 0;\n}\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Unsubscribe } from '@firebase/util';\nimport { FirebaseAuthInternal } from '@firebase/auth-interop-types';\n\nimport { AuthInternal } from '../../model/auth';\nimport { UserInternal } from '../../model/user';\nimport { _assert } from '../util/assert';\nimport { AuthErrorCode } from '../errors';\n\ninterface TokenListener {\n (tok: string | null): unknown;\n}\n\nexport class AuthInterop implements FirebaseAuthInternal {\n private readonly internalListeners: Map<TokenListener, Unsubscribe> =\n new Map();\n\n constructor(private readonly auth: AuthInternal) {}\n\n getUid(): string | null {\n this.assertAuthConfigured();\n return this.auth.currentUser?.uid || null;\n }\n\n async getToken(\n forceRefresh?: boolean\n ): Promise<{ accessToken: string } | null> {\n this.assertAuthConfigured();\n await this.auth._initializationPromise;\n if (!this.auth.currentUser) {\n return null;\n }\n\n const accessToken = await this.auth.currentUser.getIdToken(forceRefresh);\n return { accessToken };\n }\n\n addAuthTokenListener(listener: TokenListener): void {\n this.assertAuthConfigured();\n if (this.internalListeners.has(listener)) {\n return;\n }\n\n const unsubscribe = this.auth.onIdTokenChanged(user => {\n listener(\n (user as UserInternal | null)?.stsTokenManager.accessToken || null\n );\n });\n this.internalListeners.set(listener, unsubscribe);\n this.updateProactiveRefresh();\n }\n\n removeAuthTokenListener(listener: TokenListener): void {\n this.assertAuthConfigured();\n const unsubscribe = this.internalListeners.get(listener);\n if (!unsubscribe) {\n return;\n }\n\n this.internalListeners.delete(listener);\n unsubscribe();\n this.updateProactiveRefresh();\n }\n\n private assertAuthConfigured(): void {\n _assert(\n this.auth._initializationPromise,\n AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH\n );\n }\n\n private updateProactiveRefresh(): void {\n if (this.internalListeners.size > 0) {\n this.auth._startProactiveRefresh();\n } else {\n this.auth._stopProactiveRefresh();\n }\n }\n}\n","/**\n * @license\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { FirebaseApp, getApp, _getProvider } from '@firebase/app';\n\nimport {\n initializeAuth,\n beforeAuthStateChanged,\n onIdTokenChanged,\n connectAuthEmulator\n} from '..';\nimport { registerAuth } from '../core/auth/register';\nimport { ClientPlatform } from '../core/util/version';\nimport { browserLocalPersistence } from './persistence/local_storage';\nimport { browserSessionPersistence } from './persistence/session_storage';\nimport { indexedDBLocalPersistence } from './persistence/indexed_db';\nimport { browserPopupRedirectResolver } from './popup_redirect';\nimport { Auth, User } from '../model/public_types';\nimport { getDefaultEmulatorHost, getExperimentalSetting } from '@firebase/util';\nimport { _setExternalJSProvider } from './load_js';\nimport { _createError } from '../core/util/assert';\nimport { AuthErrorCode } from '../core/errors';\n\nconst DEFAULT_ID_TOKEN_MAX_AGE = 5 * 60;\nconst authIdTokenMaxAge =\n getExperimentalSetting('authIdTokenMaxAge') || DEFAULT_ID_TOKEN_MAX_AGE;\n\nlet lastPostedIdToken: string | undefined | null = null;\n\nconst mintCookieFactory = (url: string) => async (user: User | null) => {\n const idTokenResult = user && (await user.getIdTokenResult());\n const idTokenAge =\n idTokenResult &&\n (new Date().getTime() - Date.parse(idTokenResult.issuedAtTime)) / 1_000;\n if (idTokenAge && idTokenAge > authIdTokenMaxAge) {\n return;\n }\n // Specifically trip null => undefined when logged out, to delete any existing cookie\n const idToken = idTokenResult?.token;\n if (lastPostedIdToken === idToken) {\n return;\n }\n lastPostedIdToken = idToken;\n await fetch(url, {\n method: idToken ? 'POST' : 'DELETE',\n headers: idToken\n ? {\n 'Authorization': `Bearer ${idToken}`\n }\n : {}\n });\n};\n\n/**\n * Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.\n * If no instance exists, initializes an Auth instance with platform-specific default dependencies.\n *\n * @param app - The Firebase App.\n *\n * @public\n */\nexport function getAuth(app: FirebaseApp = getApp()): Auth {\n const provider = _getProvider(app, 'auth');\n\n if (provider.isInitialized()) {\n return provider.getImmediate();\n }\n\n const auth = initializeAuth(app, {\n popupRedirectResolver: browserPopupRedirectResolver,\n persistence: [\n indexedDBLocalPersistence,\n browserLocalPersistence,\n browserSessionPersistence\n ]\n });\n\n const authTokenSyncUrl = getExperimentalSetting('authTokenSyncURL');\n if (authTokenSyncUrl) {\n const mintCookie = mintCookieFactory(authTokenSyncUrl);\n beforeAuthStateChanged(auth, mintCookie, () =>\n mintCookie(auth.currentUser)\n );\n onIdTokenChanged(auth, user => mintCookie(user));\n }\n\n const authEmulatorHost = getDefaultEmulatorHost('auth');\n if (authEmulatorHost) {\n connectAuthEmulator(auth, `http://${authEmulatorHost}`);\n }\n\n return auth;\n}\n\nfunction getScriptParentElement(): HTMLDocument | HTMLHeadElement {\n return document.getElementsByTagName('head')?.[0] ?? document;\n}\n\n_setExternalJSProvider({\n loadJS(url: string): Promise<Event> {\n // TODO: consider adding timeout support & cancellation\n return new Promise((resolve, reject) => {\n const el = document.createElement('script');\n el.setAttribute('src', url);\n el.onload = resolve;\n el.onerror = e => {\n const error = _createError(AuthErrorCode.INTERNAL_ERROR);\n error.customData = e as unknown as Record<string, unknown>;\n reject(error);\n };\n el.type = 'text/javascript';\n el.charset = 'UTF-8';\n getScriptParentElement().appendChild(el);\n });\n },\n\n gapiScript: 'https://apis.google.com/js/api.js',\n recaptchaV2Script: 'https://www.google.com/recaptcha/api.js',\n recaptchaEnterpriseScript:\n 'https://www.google.com/recaptcha/enterprise.js?render='\n});\n\nregisterAuth(ClientPlatform.BROWSER);\n","/**\n * @license\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { _registerComponent, registerVersion } from '@firebase/app';\nimport {\n Component,\n ComponentType,\n InstantiationMode\n} from '@firebase/component';\n\nimport { name, version } from '../../../package.json';\nimport { AuthErrorCode } from '../errors';\nimport { _assert } from '../util/assert';\nimport { _getClientVersion, ClientPlatform } from '../util/version';\nimport { _castAuth, AuthImpl, DefaultConfig } from './auth_impl';\nimport { AuthInterop } from './firebase_internal';\nimport { ConfigInternal } from '../../model/auth';\nimport { Dependencies } from '../../model/public_types';\nimport { _initializeAuthInstance } from './initialize';\n\nexport const enum _ComponentName {\n AUTH = 'auth',\n AUTH_INTERNAL = 'auth-internal'\n}\n\nfunction getVersionForPlatform(\n clientPlatform: ClientPlatform\n): string | undefined {\n switch (clientPlatform) {\n case ClientPlatform.NODE:\n return 'node';\n case ClientPlatform.REACT_NATIVE:\n return 'rn';\n case ClientPlatform.WORKER:\n return 'webworker';\n case ClientPlatform.CORDOVA:\n return 'cordova';\n case ClientPlatform.WEB_EXTENSION:\n return 'web-extension';\n default:\n return undefined;\n }\n}\n\n/** @internal */\nexport function registerAuth(clientPlatform: ClientPlatform): void {\n _registerComponent(\n new Component(\n _ComponentName.AUTH,\n (container, { options: deps }: { options?: Dependencies }) => {\n const app = container.getProvider('app').getImmediate()!;\n const heartbeatServiceProvider =\n container.getProvider<'heartbeat'>('heartbeat');\n const appCheckServiceProvider =\n container.getProvider<'app-check-internal'>('app-check-internal');\n const { apiKey, authDomain } = app.options;\n\n _assert(\n apiKey && !apiKey.includes(':'),\n AuthErrorCode.INVALID_API_KEY,\n { appName: app.name }\n );\n\n const config: ConfigInternal = {\n apiKey,\n authDomain,\n clientPlatform,\n apiHost: DefaultConfig.API_HOST,\n tokenApiHost: DefaultConfig.TOKEN_API_HOST,\n apiScheme: DefaultConfig.API_SCHEME,\n sdkClientVersion: _getClientVersion(clientPlatform)\n };\n\n const authInstance = new AuthImpl(\n app,\n heartbeatServiceProvider,\n appCheckServiceProvider,\n config\n );\n _initializeAuthInstance(authInstance, deps);\n\n return authInstance;\n },\n ComponentType.PUBLIC\n )\n /**\n * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()\n * For why we do this, See go/firebase-next-auth-init\n */\n .setInstantiationMode(InstantiationMode.EXPLICIT)\n /**\n * Because all firebase products that depend on auth depend on auth-internal directly,\n * we need to initialize auth-internal after auth is initialized to make it available to other firebase products.\n */\n .setInstanceCreatedCallback(\n (container, _instanceIdentifier, _instance) => {\n const authInternalProvider = container.getProvider(\n _ComponentName.AUTH_INTERNAL\n );\n authInternalProvider.initialize();\n }\n )\n );\n\n _registerComponent(\n new Component(\n _ComponentName.AUTH_INTERNAL,\n container => {\n const auth = _castAuth(\n container.getProvider(_ComponentName.AUTH).getImmediate()!\n );\n return (auth => new AuthInterop(auth))(auth);\n },\n ComponentType.PRIVATE\n ).setInstantiationMode(InstantiationMode.EXPLICIT)\n );\n\n registerVersion(name, version, getVersionForPlatform(clientPlatform));\n // BUILD_TARGET will be replaced by values like esm5, esm2017, cjs5, etc during the compilation\n registerVersion(name, version, '__BUILD_TARGET__');\n}\n"],"names":["base64","byteToCharMap_","charToByteMap_","byteToCharMapWebSafe_","charToByteMapWebSafe_","ENCODED_VALS_BASE","ENCODED_VALS","this","ENCODED_VALS_WEBSAFE","HAS_NATIVE_SUPPORT","atob","encodeByteArray","input","webSafe","Array","isArray","Error","init_","byteToCharMap","output","i","length","byte1","haveByte2","byte2","haveByte3","byte3","outByte1","outByte2","outByte3","outByte4","push","join","encodeString","btoa","str","out","p","c","charCodeAt","stringToByteArray","decodeString","bytes","pos","c1","String","fromCharCode","c2","u","c3","byteArrayToString","decodeStringToByteArray","charToByteMap","charAt","byte4","DecodeBase64StringError","constructor","name","base64Decode","e","console","error","getDefaultsFromGlobal","getGlobal","self","window","global","__FIREBASE_DEFAULTS__","getDefaults","process","env","defaultsJsonString","JSON","parse","getDefaultsFromEnvVariable","document","match","cookie","decoded","getDefaultsFromCookie","info","getExperimentalSetting","_a","getUA","navigator","FirebaseError","code","message","customData","super","Object","setPrototypeOf","prototype","captureStackTrace","ErrorFactory","create","service","serviceName","errors","data","fullCode","template","replaceTemplate","replace","PATTERN","_","key","value","fullMessage","deepEqual","a","b","aKeys","keys","bKeys","k","includes","aProp","bProp","isObject","thing","querystring","querystringParams","params","entries","forEach","arrayVal","encodeURIComponent","querystringDecode","obj","split","token","decodeURIComponent","extractQuerystring","url","queryStart","indexOf","fragmentStart","substring","undefined","ObserverProxy","executor","onNoObservers","observers","unsubscribes","observerCount","task","Promise","resolve","finalized","then","catch","next","forEachObserver","observer","close","complete","subscribe","nextOrObserver","implementsAnyMethods","methods","method","noop","unsub","unsubscribeOne","bind","finalError","fn","sendOne","err","getModularInstance","_delegate","LogLevel","levelStringToEnum","debug","DEBUG","verbose","VERBOSE","INFO","warn","WARN","ERROR","silent","SILENT","defaultLogLevel","ConsoleMethod","defaultLogHandler","instance","logType","args","logLevel","now","Date","toISOString","__rest","s","t","hasOwnProperty","call","getOwnPropertySymbols","propertyIsEnumerable","Component","instanceFactory","type","multipleInstances","serviceProps","instantiationMode","onInstanceCreated","setInstantiationMode","mode","setMultipleInstances","setServiceProps","props","setInstanceCreatedCallback","callback","FactorId","PHONE","TOTP","ProviderId","FACEBOOK","GITHUB","GOOGLE","PASSWORD","TWITTER","SignInMethod","EMAIL_LINK","EMAIL_PASSWORD","OperationType","LINK","REAUTHENTICATE","SIGN_IN","ActionCodeOperation","EMAIL_SIGNIN","PASSWORD_RESET","RECOVER_EMAIL","REVERT_SECOND_FACTOR_ADDITION","VERIFY_AND_CHANGE_EMAIL","VERIFY_EMAIL","_prodErrorMap","debugErrorMap","_debugErrorMap","timeout","prodErrorMap","_DEFAULT_AUTH_ERROR_FACTORY","AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY","ADMIN_ONLY_OPERATION","ARGUMENT_ERROR","APP_NOT_AUTHORIZED","APP_NOT_INSTALLED","CAPTCHA_CHECK_FAILED","CODE_EXPIRED","CORDOVA_NOT_READY","CORS_UNSUPPORTED","CREDENTIAL_ALREADY_IN_USE","CREDENTIAL_MISMATCH","CREDENTIAL_TOO_OLD_LOGIN_AGAIN","DEPENDENT_SDK_INIT_BEFORE_AUTH","DYNAMIC_LINK_NOT_ACTIVATED","EMAIL_CHANGE_NEEDS_VERIFICATION","EMAIL_EXISTS","EMULATOR_CONFIG_FAILED","EXPIRED_OOB_CODE","EXPIRED_POPUP_REQUEST","INTERNAL_ERROR","INVALID_API_KEY","INVALID_APP_CREDENTIAL","INVALID_APP_ID","INVALID_AUTH","INVALID_AUTH_EVENT","INVALID_CERT_HASH","INVALID_CODE","INVALID_CONTINUE_URI","INVALID_CORDOVA_CONFIGURATION","INVALID_CUSTOM_TOKEN","INVALID_DYNAMIC_LINK_DOMAIN","INVALID_EMAIL","INVALID_EMULATOR_SCHEME","INVALID_IDP_RESPONSE","INVALID_LOGIN_CREDENTIALS","INVALID_MESSAGE_PAYLOAD","INVALID_MFA_SESSION","INVALID_OAUTH_CLIENT_ID","INVALID_OAUTH_PROVIDER","INVALID_OOB_CODE","INVALID_ORIGIN","INVALID_PASSWORD","INVALID_PERSISTENCE","INVALID_PHONE_NUMBER","INVALID_PROVIDER_ID","INVALID_RECIPIENT_EMAIL","INVALID_SENDER","INVALID_SESSION_INFO","INVALID_TENANT_ID","MFA_INFO_NOT_FOUND","MFA_REQUIRED","MISSING_ANDROID_PACKAGE_NAME","MISSING_APP_CREDENTIAL","MISSING_AUTH_DOMAIN","MISSING_CODE","MISSING_CONTINUE_URI","MISSING_IFRAME_START","MISSING_IOS_BUNDLE_ID","MISSING_OR_INVALID_NONCE","MISSING_MFA_INFO","MISSING_MFA_SESSION","MISSING_PHONE_NUMBER","MISSING_SESSION_INFO","MODULE_DESTROYED","NEED_CONFIRMATION","NETWORK_REQUEST_FAILED","NULL_USER","NO_AUTH_EVENT","NO_SUCH_PROVIDER","OPERATION_NOT_ALLOWED","OPERATION_NOT_SUPPORTED","POPUP_BLOCKED","POPUP_CLOSED_BY_USER","PROVIDER_ALREADY_LINKED","QUOTA_EXCEEDED","REDIRECT_CANCELLED_BY_USER","REDIRECT_OPERATION_PENDING","REJECTED_CREDENTIAL","SECOND_FACTOR_ALREADY_ENROLLED","SECOND_FACTOR_LIMIT_EXCEEDED","TENANT_ID_MISMATCH","TIMEOUT","TOKEN_EXPIRED","TOO_MANY_ATTEMPTS_TRY_LATER","UNAUTHORIZED_DOMAIN","UNSUPPORTED_FIRST_FACTOR","UNSUPPORTED_PERSISTENCE","UNSUPPORTED_TENANT_OPERATION","UNVERIFIED_EMAIL","USER_CANCELLED","USER_DELETED","USER_DISABLED","USER_MISMATCH","USER_SIGNED_OUT","WEAK_PASSWORD","WEB_STORAGE_UNSUPPORTED","ALREADY_INITIALIZED","RECAPTCHA_NOT_ENABLED","MISSING_RECAPTCHA_TOKEN","INVALID_RECAPTCHA_TOKEN","INVALID_RECAPTCHA_ACTION","MISSING_CLIENT_TYPE","MISSING_RECAPTCHA_VERSION","INVALID_RECAPTCHA_VERSION","INVALID_REQ_TYPE","logClient","Logger","_logLevel","_logHandler","_userLogHandler","val","TypeError","setLogLevel","logHandler","userLogHandler","log","_logError","msg","SDK_VERSION","_fail","authOrCode","rest","createErrorInternal","_createError","_errorWithCustomMessage","auth","errorMap","assign","appName","_assertInstanceOf","object","fullParams","slice","_errorFactory","_assert","assertion","debugFail","failure","debugAssert","_getCurrentUrl","location","href","_isHttpOrHttps","_getCurrentScheme","protocol","_isOnline","onLine","isBrowserExtension","runtime","chrome","browser","id","Delay","shortDelay","longDelay","isMobile","isMobileCordova","test","isReactNative","get","Math","min","_emulatorUrl","config","path","emulator","startsWith","FetchProvider","static","fetchImpl","headersImpl","responseImpl","fetch","globalThis","Headers","Response","SERVER_ERROR_MAP","MISSING_CUSTOM_TOKEN","INVALID_IDENTIFIER","MISSING_PASSWORD","PASSWORD_LOGIN_DISABLED","INVALID_PENDING_TOKEN","FEDERATED_USER_ID_ALREADY_LINKED","MISSING_REQ_TYPE","EMAIL_NOT_FOUND","RESET_PASSWORD_EXCEED_LIMIT","MISSING_OOB_CODE","INVALID_ID_TOKEN","USER_NOT_FOUND","PASSWORD_DOES_NOT_MEET_REQUIREMENTS","INVALID_TEMPORARY_PROOF","SESSION_EXPIRED","INVALID_MFA_PENDING_CREDENTIAL","MFA_ENROLLMENT_NOT_FOUND","MISSING_MFA_ENROLLMENT_ID","MISSING_MFA_PENDING_CREDENTIAL","SECOND_FACTOR_EXISTS","BLOCKING_FUNCTION_ERROR_RESPONSE","DEFAULT_API_TIMEOUT_MS","_addTidIfNecessary","request","tenantId","async","_performApiRequest","customErrorMap","_performFetchWithErrorHandling","body","stringify","query","apiKey","headers","_getAdditionalHeaders","languageCode","_getFinalTarget","apiHost","referrerPolicy","fetchFn","_canInitEmulator","networkTimeout","NetworkTimeout","response","race","promise","clearNetworkTimeout","json","_makeTaggedError","ok","errorMessage","serverErrorCode","serverErrorMessage","authError","toLowerCase","_performSignInRequest","serverResponse","_serverResponse","host","base","apiScheme","_parseEnforcementState","enforcementStateStr","timer","reject","setTimeout","clearTimeout","errorParams","email","phoneNumber","_tokenResponse","isV2","grecaptcha","getResponse","isEnterprise","enterprise","RecaptchaConfig","siteKey","recaptchaEnforcementState","recaptchaKey","getProviderEnforcementState","providerStr","provider","enforcementState","isProviderEnabled","getRecaptchaConfig","utcTimestampToDateString","utcTimestamp","date","Number","isNaN","getTime","toUTCString","getIdToken","user","forceRefresh","getIdTokenResult","userInternal","claims","_parseToken","exp","auth_time","iat","firebase","signInProvider","authTime","secondsStringToMilliseconds","issuedAtTime","expirationTime","signInSecondFactor","seconds","algorithm","payload","signature","toString","_logoutIfInvalidated","bypassAuthState","isUserInvalidated","currentUser","signOut","ProactiveRefresh","isRunning","timerId","errorBackoff","_start","schedule","_stop","getInterval","wasError","interval","stsTokenManager","max","iteration","UserMetadata","createdAt","lastLoginAt","_initializeTime","lastSignInTime","creationTime","_copy","metadata","toJSON","_reloadWithoutSaving","idToken","getAccountInfo","users","coreAccount","_notifyReloadListener","newProviderData","providerUserInfo","extractProviderData","providers","map","providerId","uid","rawId","displayName","photoURL","photoUrl","providerData","mergeProviderData","original","newData","filter","o","some","n","oldIsAnonymous","isAnonymous","newIsAnonymous","passwordHash","updates","localId","emailVerified","reload","_persistUserIfCurrent","_notifyListenersIfCurrent","StsTokenManager","refreshToken","accessToken","isExpired","updateFromServerResponse","expiresIn","_tokenExpiresIn","parsedToken","updateTokensAndExpiration","refresh","clearRefreshToken","oldToken","requestStsToken","grant_type","refresh_token","tokenApiHost","access_token","expires_in","expiresInSec","manager","_assign","_clone","_performRefresh","assertStringOrUndefined","UserImpl","opt","proactiveRefresh","reloadUserInfo","reloadListener","getToken","userInfo","newUser","_onReload","_startProactiveRefresh","_stopProactiveRefresh","tokensRefreshed","deleteAccount","_redirectEventId","_b","_c","_d","_e","_f","_g","_h","plainObjectTokenManager","fromJSON","idTokenResponse","instanceCache","Map","_getInstance","cls","Function","set","InMemoryPersistence","storage","_addListener","_key","_listener","_removeListener","inMemoryPersistence","_persistenceKeyName","PersistenceUserManager","persistence","userKey","fullUserKey","fullPersistenceKey","boundEventHandler","_onStorageEvent","setCurrentUser","_set","blob","_get","_fromJSON","removeCurrentUser","_remove","savePersistenceForRedirect","newPersistence","getCurrentUser","delete","persistenceHierarchy","availablePersistences","all","_isAvailable","selectedPersistence","userToMigrate","migrationHierarchy","_shouldAllowMigration","_getBrowserName","userAgent","ua","_isIEMobile","_isFirefox","_isBlackBerry","_isWebOS","_isSafari","_isChromeIOS","_isAndroid","re","matches","_isIOS","_isIE10","isIE","documentMode","_isMobileBrowser","_getClientVersion","clientPlatform","frameworks","reportedPlatform","reportedFrameworks","AuthMiddlewareQueue","queue","pushCallback","onAbort","wrappedCallback","index","nextUser","onAbortStack","beforeStateCallback","reverse","originalMessage","PasswordPolicyImpl","responseOptions","customStrengthOptions","minPasswordLength","maxPasswordLength","containsLowercaseCharacter","containsLowercaseLetter","containsUppercaseCharacter","containsUppercaseLetter","containsNumericCharacter","containsNonAlphanumericCharacter","allowedNonAlphanumericCharacters","forceUpgradeOnSignin","schemaVersion","validatePassword","password","status","isValid","passwordPolicy","validatePasswordLengthOptions","validatePasswordCharacterOptions","meetsMinPasswordLength","meetsMaxPasswordLength","passwordChar","updatePasswordCharacterOptionsStatuses","AuthImpl","app","heartbeatServiceProvider","appCheckServiceProvider","emulatorConfig","operations","authStateSubscription","Subscription","idTokenSubscription","beforeStateQueue","redirectUser","isProactiveRefreshEnabled","EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION","_isInitialized","_deleted","_initializationPromise","_popupRedirectResolver","_agentRecaptchaConfig","_tenantRecaptchaConfigs","_projectPasswordPolicy","_tenantPasswordPolicies","lastNotifiedUid","settings","appVerificationDisabledForTesting","clientVersion","sdkClientVersion","_initializeWithPersistence","popupRedirectResolver","persistenceManager","_shouldInitProactively","_initialize","initializeCurrentUser","assertedPersistence","_currentUser","_updateCurrentUser","previouslyStoredUser","futureCurrentUser","needsTocheckMiddleware","authDomain","getOrInitRedirectPersistenceManager","redirectUserEventId","storedUserEventId","result","tryRedirectSignIn","directlySetCurrentUser","runMiddleware","_overrideRedirectResult","reloadAndSetCurrentUserOrClear","redirectResolver","_completeRedirectFn","_setRedirectUser","useDeviceLanguage","_getUserLanguage","navigatorLanguage","languages","language","userExtern","skipBeforeStateCallbacks","notifyAuthListeners","redirectPersistenceManager","setPersistence","_getRecaptchaConfig","_getPasswordPolicyInternal","_updatePasswordPolicy","_getPasswordPolicy","_getPersistence","_updateErrorMap","onAuthStateChanged","completed","registerStateListener","beforeAuthStateChanged","onIdTokenChanged","authStateReady","unsubscribe","tokenType","revokeToken","redirectManager","resolver","_redirectPersistence","currentUid","subscription","cb","isUnsubscribed","addObserver","action","_logFramework","framework","sort","_getFrameworks","options","appId","heartbeatsHeader","getImmediate","optional","getHeartbeatsHeader","appCheckToken","_getAppCheckToken","appCheckTokenResult","_logWarn","_castAuth","createSubscribe","proxy","externalJSProvider","recaptchaV2Script","recaptchaEnterpriseScript","gapiScript","_loadJS","loadJS","_generateCallbackName","prefix","floor","random","RecaptchaEnterpriseVerifier","authExtern","retrieveRecaptchaToken","ready","execute","retrieveSiteKey","clientType","version","_recaptchaEnterpriseScriptUrl","jsHelpers._recaptchaEnterpriseScriptUrl","jsHelpers\r\n ._loadJS","injectRecaptchaFields","captchaResp","verifier","captchaResponse","verify","newRequest","recaptchaVersion","handleRecaptchaFlow","authInstance","actionName","actionMethod","requestWithRecaptcha","initializeAuth","deps","_getProvider","isInitialized","getOptions","initialize","connectAuthEmulator","authInternal","disableWarnings","extractProtocol","port","extractHostAndPort","authority","exec","substr","hostAndPort","pop","bracketedIPv6","parsePort","portStr","freeze","emitEmulatorWarning","attachBanner","el","createElement","sty","style","innerText","position","width","backgroundColor","border","color","bottom","left","margin","zIndex","textAlign","classList","add","appendChild","readyState","addEventListener","protocolEnd","AuthCredential","signInMethod","_getIdTokenResponse","_auth","_linkToIdToken","_idToken","_getReauthenticationResolver","resetPassword","linkEmailPassword","signInWithPassword","sendOobCode","sendPasswordResetEmail","sendSignInLinkToEmail","EmailAuthCredential","_email","_password","_tenantId","oobCode","_fromEmailAndPassword","_fromEmailAndCode","returnSecureToken","signInWithEmailLink","signInWithEmailLinkForLinking","signInWithIdp","OAuthCredential","pendingToken","cred","nonce","oauthToken","oauthTokenSecret","secret","buildRequest","autoCreate","requestUri","postBody","VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_","PhoneAuthCredential","verificationId","verificationCode","temporaryProof","signInWithPhoneNumber","_makeVerificationRequest","linkWithPhoneNumber","verifyPhoneNumberForExisting","operation","sessionInfo","ActionCodeURL","actionLink","searchParams","parseMode","continueUrl","link","parseDeepLink","doubleDeepLink","iOSDeepLink","parseActionCodeURL","parseLink","EmailAuthProvider","PROVIDER_ID","emailLink","actionCodeUrl","EMAIL_PASSWORD_SIGN_IN_METHOD","EMAIL_LINK_SIGN_IN_METHOD","FederatedAuthProvider","defaultLanguageCode","customParameters","setDefaultLanguage","setCustomParameters","customOAuthParameters","getCustomParameters","BaseOAuthProvider","scopes","addScope","scope","getScopes","OAuthProvider","_fromParams","credential","_credential","rawNonce","userCredential","oauthCredentialFromTaggedObject","tokenResponse","oauthIdToken","oauthAccessToken","FacebookAuthProvider","FACEBOOK_SIGN_IN_METHOD","credentialFromTaggedObject","GoogleAuthProvider","GOOGLE_SIGN_IN_METHOD","GithubAuthProvider","GITHUB_SIGN_IN_METHOD","SAMLAuthCredential","SAMLAuthProvider","samlCredentialFromTaggedObject","_create","TwitterAuthProvider","TWITTER_SIGN_IN_METHOD","signUp","UserCredentialImpl","operationType","_fromIdTokenResponse","providerIdForResponse","_updateTokensIfNecessary","signInAnonymously","MultiFactorError","_processCredentialSavingMfaContextIfNecessary","_fromErrorAndOperation","providerDataAsNames","Set","pid","unlink","_assertLinkedStatus","deleteLinkedAccounts","deleteProvider","providersLeft","pd","has","_link","_forOperation","expected","_reauthenticate","parsed","sub","_signInWithCredential","signInWithCredential","linkWithCredential","reauthenticateWithCredential","signInWithCustomToken","customToken","getIdTokenResponse","MultiFactorInfoImpl","factorId","mfaEnrollmentId","enrollmentTime","enrolledAt","enrollment","PhoneMultiFactorInfoImpl","_fromServerResponse","TotpMultiFactorInfoImpl","phoneInfo","_setActionCodeSettingsOnRequest","actionCodeSettings","dynamicLinkDomain","canHandleCodeInApp","handleCodeInApp","iOS","bundleId","iOSBundleId","android","packageName","androidInstallApp","installApp","androidMinimumVersionCode","minimumVersion","androidPackageName","recachePasswordPolicy","requestType","authentication.sendPasswordResetEmail","confirmPasswordReset","newPassword","account\r\n .resetPassword","applyActionCode","account.applyActionCode","checkActionCode","authModular","account.resetPassword","newEmail","mfaInfo","multiFactorInfo","previousEmail","verifyPasswordResetCode","createUserWithEmailAndPassword","signUpResponse","signInWithEmailAndPassword","setActionCodeSettings","api.sendSignInLinkToEmail","isSignInWithEmailLink","credentialWithLink","fetchSignInMethodsForEmail","identifier","continueUri","signinMethods","createAuthUri","sendEmailVerification","api.sendEmailVerification","verifyBeforeUpdateEmail","verifyAndChangeEmail","api.verifyAndChangeEmail","updateProfile","profileRequest","apiUpdateProfile","passwordProvider","find","updateEmail","updateEmailOrPassword","updatePassword","updateEmailPassword","apiUpdateEmailPassword","GenericAdditionalUserInfo","isNewUser","profile","FederatedAdditionalUserInfoWithUsername","username","FacebookAdditionalUserInfo","GithubAdditionalUserInfo","login","GoogleAdditionalUserInfo","TwitterAdditionalUserInfo","screenName","getAdditionalUserInfo","rawUserInfo","kind","initializeRecaptchaConfig","_initializeRecaptchaConfig","updateCurrentUser","revokeAccessToken","deleteUser","MultiFactorSessionImpl","mfaPendingCredential","multiFactorSession","pendingCredential","_fromMfaPendingCredential","_fromIdtoken","MultiFactorResolverImpl","session","hints","signInResolver","mfaResponse","_process","assertionExtern","getMultiFactorResolver","errorInternal","_fromError","MultiFactorUserImpl","enrolledFactors","getSession","finalizeMfaResponse","infoOrUid","withdrawMfa","multiFactorUserCache","WeakMap","multiFactor","userModular","_fromUser","BrowserPersistenceClass","storageRetriever","setItem","removeItem","getItem","BrowserLocalPersistence","localStorage","event","poll","onStorageEvent","listeners","localCache","pollTimer","safariLocalStorageNotSynced","_iframeCannotSyncWebStorage","_isIframe","top","fallbackToPolling","forAllChangedKeys","newValue","oldValue","_oldValue","notifyListeners","detachListener","stopPolling","storedValue","triggerListeners","listener","from","startPolling","setInterval","StorageEvent","clearInterval","attachListener","removeEventListener","size","browserLocalPersistence","BrowserSessionPersistence","sessionStorage","browserSessionPersistence","Receiver","eventTarget","handlersMap","handleEvent","existingInstance","receivers","receiver","isListeningto","newInstance","messageEvent","eventId","eventType","handlers","ports","postMessage","promises","handler","origin","_allSettled","fulfilled","reason","_subscribe","eventHandler","_unsubscribe","_generateEventId","digits","Sender","target","removeMessageHandler","messageChannel","port1","onMessage","MessageChannel","completionTimer","start","ackTimer","port2","finally","_window","_isWorker","DB_NAME","DBPromise","toPromise","getObjectStore","db","isReadWrite","transaction","objectStore","_openDatabase","indexedDB","open","createObjectStore","keyPath","objectStoreNames","contains","_deleteDatabase","deleteDatabase","_putObject","put","fbase_key","_deleteObject","IndexedDBLocalPersistence","pendingWrites","sender","serviceWorkerReceiverAvailable","activeServiceWorker","_workerInitializationPromise","initializeServiceWorkerMessaging","op","numAttempts","_openDb","initializeReceiver","initializeSender","_getWorkerGlobalScope","_origin","keyProcessed","_poll","_data","_getActiveServiceWorker","serviceWorker","active","results","_send","_getServiceWorkerController","controller","write","_withPendingWrite","_withRetries","notifyServiceWorker","getObject","getAllRequest","getAll","keysInResult","localKey","indexedDBLocalPersistence","MockReCaptcha","counter","_widgets","render","container","parameters","MockWidget","reset","optWidgetId","containerOrId","deleted","responseToken","clickHandler","getElementById","isVisible","checkIfDeleted","generateRandomAlphaNumericString","len","chars","allowedChars","expiredCallback","_JSLOAD_CALLBACK","jsHelpers._generateCallbackName","NETWORK_TIMEOUT_DELAY","ReCaptchaLoaderImpl","hostLanguage","librarySeparatelyLoaded","load","hl","isHostLanguageValid","shouldResolveImmediately","recaptcha","widgetId","jsHelpers._loadJS","_recaptchaV2ScriptUrl","jsHelpers._recaptchaV2ScriptUrl","onload","clearedOneInstance","MockReCaptchaLoaderImpl","DEFAULT_PARAMS","theme","RecaptchaVerifier","destroyed","tokenChangeListeners","renderPromise","isInvisible","makeTokenCallback","_recaptchaLoader","validateStartingState","assertNotDestroyed","getAssertedRecaptcha","tokenChange","makeRenderPromise","_reset","clear","childNodes","node","removeChild","sitekey","hasChildNodes","existing","globalFunc","init","guaranteedEmpty","domReady","getRecaptchaParams","recaptchaSiteKey","ConfirmationResultImpl","onConfirmation","confirm","authCredential","_fromVerification","appVerifier","_verifyPhoneNumber","reauthenticateWithPhoneNumber","recaptchaToken","phoneInfoOptions","startEnrollPhoneMfa","phoneEnrollmentInfo","phoneSessionInfo","multiFactorHint","multiFactorUid","startSignInPhoneMfa","phoneSignInInfo","phoneResponseInfo","sendPhoneVerificationCode","updatePhoneNumber","PhoneAuthProvider","verifyPhoneNumber","phoneOptions","applicationVerifier","_fromTokenResponse","_withDefaultResolver","resolverOverride","PHONE_SIGN_IN_METHOD","IdpCredential","_buildIdpRequest","sessionId","returnIdpCredential","_signIn","_reauth","_linkUser","AbstractPopupRedirectOperation","pendingPromise","eventManager","onExecution","registerConsumer","urlResponse","getIdpTask","onError","unregisterAndCleanUp","unregisterConsumer","cleanUp","_POLL_WINDOW_CLOSE_TIMEOUT","signInWithPopup","resolverInternal","PopupOperation","executeNotNull","reauthenticateWithPopup","linkWithPopup","authWindow","pollId","currentPopupAction","cancel","_openPopup","associatedEvent","_originValidation","_isIframeWebStorageSupported","isSupported","pollUserCancellation","closed","redirectOutcomeMap","RedirectAction","readyOutcome","_getAndClearPendingRedirectStatus","pendingRedirectKey","resolverPersistence","hasPendingRedirect","onAuthEvent","_redirectUserForId","_setPendingRedirectStatus","signInWithRedirect","_signInWithRedirect","_openRedirect","reauthenticateWithRedirect","_reauthenticateWithRedirect","prepareUserForRedirect","linkWithRedirect","_linkWithRedirect","getRedirectResult","_getRedirectResult","resolverExtern","AuthEventManager","cachedEventUids","consumers","queuedRedirectEvent","hasHandledPotentialRedirect","lastProcessedEventTime","authEventConsumer","isEventForConsumer","sendToConsumer","saveEventToCache","onEvent","hasEventBeenHandled","handled","consumer","isRedirectEvent","isNullRedirectEvent","eventIdMatches","eventUid","v","IP_ADDRESS_REGEX","HTTP_REGEX","_validateOrigin","authorizedDomains","_getProjectConfig","domain","matchDomain","currentUrl","hostname","URL","ceUrl","escapedDomainPattern","RegExp","NETWORK_TIMEOUT","resetUnloadedGapiModules","beacon","___jsl","H","hint","r","L","CP","loadGapi","loadGapiIframe","gapi","iframes","getContext","ontimeout","Iframe","cbName","js._generateCallbackName","js\r\n ._loadJS","_gapiScriptUrl","js._gapiScriptUrl","cachedGApiLoader","PING_TIMEOUT","IFRAME_ATTRIBUTES","height","tabindex","EID_FROM_APIHOST","getIframeUrl","eid","fw","_openIframe","context","_loadGapi","gapiLoader._loadGapi","where","messageHandlersFilter","CROSS_ORIGIN_IFRAMES_FILTER","attributes","dontclear","iframe","restyle","setHideOnLeave","networkError","networkErrorTimer","clearTimerAndResolve","ping","BASE_POPUP_OPTIONS","resizable","statusbar","toolbar","AuthPopup","_open","screen","availHeight","availWidth","scrollbars","optionsString","reduce","accum","_isIOSStandalone","standalone","openAsNewWindowIOS","click","createEvent","initMouseEvent","dispatchEvent","newWin","focus","FIREBASE_APP_CHECK_FRAGMENT_ID","_getRedirectUrl","authType","redirectUrl","additionalParams","isEmpty","tid","paramsDict","appCheckTokenFragment","getHandlerBase","browserPopupRedirectResolver","BrowserPopupRedirectResolver","eventManagers","originValidationPromises","_setWindowLocation","initAndGetManager","register","iframeEvent","authEvent","send","MultiFactorAssertionImpl","_finalizeEnroll","_finalizeSignIn","PhoneMultiFactorAssertionImpl","finalizeEnrollPhoneMfa","phoneVerificationInfo","finalizeSignInPhoneMfa","PhoneMultiFactorGenerator","_fromCredential","FACTOR_ID","TotpMultiFactorGenerator","oneTimePassword","TotpMultiFactorAssertionImpl","_fromSecret","enrollmentId","_fromEnrollmentId","mfaSession","startEnrollTotpMfa","totpEnrollmentInfo","TotpSecret","_fromStartTotpMfaEnrollmentResponse","otp","finalizeEnrollTotpMfa","totpVerificationInfo","_makeTotpVerificationInfo","finalizeSignInTotpMfa","secretKey","hashingAlgorithm","codeLength","codeIntervalSeconds","enrollmentCompletionDeadline","totpSessionInfo","sharedSecretKey","verificationCodeLength","periodSec","finalizeEnrollmentTime","generateQrCodeUrl","accountName","issuer","useDefaults","_isEmptyString","AuthInterop","internalListeners","getUid","assertAuthConfigured","addAuthTokenListener","updateProactiveRefresh","removeAuthTokenListener","authIdTokenMaxAge","lastPostedIdToken","getAuth","getApp","authTokenSyncUrl","mintCookie","idTokenResult","idTokenAge","Authorization","authEmulatorHost","productName","emulatorHosts","_setExternalJSProvider","setAttribute","onerror","charset","getScriptParentElement","getElementsByTagName","registerAuth","_registerComponent","getProvider","_initializeAuthInstance","hierarchy","_instanceIdentifier","_instance","registerVersion","getVersionForPlatform"],"mappings":"kHAiBA,MAyFaA,EAAiB,CAI5BC,eAAgB,KAKhBC,eAAgB,KAMhBC,sBAAuB,KAMvBC,sBAAuB,KAMvBC,kBACE,iEAKEC,mBACF,OAAOC,KAAKF,kBAAoB,OAM9BG,2BACF,OAAOD,KAAKF,kBAAoB,OAUlCI,mBAAoC,mBAATC,KAW3BC,gBAAgBC,EAA8BC,GAC5C,IAAKC,MAAMC,QAAQH,GACjB,MAAMI,MAAM,iDAGdT,KAAKU,QAEL,MAAMC,EAAgBL,EAClBN,KAAKJ,sBACLI,KAAKN,eAEHkB,EAAS,GAEf,IAAK,IAAIC,EAAI,EAAGA,EAAIR,EAAMS,OAAQD,GAAK,EAAG,CACxC,MAAME,EAAQV,EAAMQ,GACdG,EAAYH,EAAI,EAAIR,EAAMS,OAC1BG,EAAQD,EAAYX,EAAMQ,EAAI,GAAK,EACnCK,EAAYL,EAAI,EAAIR,EAAMS,OAC1BK,EAAQD,EAAYb,EAAMQ,EAAI,GAAK,EAEnCO,EAAWL,GAAS,EACpBM,GAAqB,EAARN,IAAiB,EAAME,GAAS,EACnD,IAAIK,GAAqB,GAARL,IAAiB,EAAME,GAAS,EAC7CI,EAAmB,GAARJ,EAEVD,IACHK,EAAW,GAENP,IACHM,EAAW,KAIfV,EAAOY,KACLb,EAAcS,GACdT,EAAcU,GACdV,EAAcW,GACdX,EAAcY,IAIlB,OAAOX,EAAOa,KAAK,KAWrBC,aAAarB,EAAeC,GAG1B,OAAIN,KAAKE,qBAAuBI,EACvBqB,KAAKtB,GAEPL,KAAKI,gBAjNU,SAAUwB,GAElC,MAAMC,EAAgB,GACtB,IAAIC,EAAI,EACR,IAAK,IAAIjB,EAAI,EAAGA,EAAIe,EAAId,OAAQD,IAAK,CACnC,IAAIkB,EAAIH,EAAII,WAAWnB,GACnBkB,EAAI,IACNF,EAAIC,KAAOC,EACFA,EAAI,MACbF,EAAIC,KAAQC,GAAK,EAAK,IACtBF,EAAIC,KAAY,GAAJC,EAAU,KAEL,QAAZ,MAAJA,IACDlB,EAAI,EAAIe,EAAId,QACyB,QAAZ,MAAxBc,EAAII,WAAWnB,EAAI,KAGpBkB,EAAI,QAAgB,KAAJA,IAAe,KAA6B,KAAtBH,EAAII,aAAanB,IACvDgB,EAAIC,KAAQC,GAAK,GAAM,IACvBF,EAAIC,KAASC,GAAK,GAAM,GAAM,IAC9BF,EAAIC,KAASC,GAAK,EAAK,GAAM,IAC7BF,EAAIC,KAAY,GAAJC,EAAU,MAEtBF,EAAIC,KAAQC,GAAK,GAAM,IACvBF,EAAIC,KAASC,GAAK,EAAK,GAAM,IAC7BF,EAAIC,KAAY,GAAJC,EAAU,KAG1B,OAAOF,EAqLuBI,CAAkB5B,GAAQC,IAWxD4B,aAAa7B,EAAeC,GAG1B,OAAIN,KAAKE,qBAAuBI,EACvBH,KAAKE,GA3LQ,SAAU8B,GAElC,MAAMN,EAAgB,GACtB,IAAIO,EAAM,EACRL,EAAI,EACN,KAAOK,EAAMD,EAAMrB,QAAQ,CACzB,MAAMuB,EAAKF,EAAMC,KACjB,GAAIC,EAAK,IACPR,EAAIE,KAAOO,OAAOC,aAAaF,QAC1B,GAAIA,EAAK,KAAOA,EAAK,IAAK,CAC/B,MAAMG,EAAKL,EAAMC,KACjBP,EAAIE,KAAOO,OAAOC,cAAoB,GAALF,IAAY,EAAW,GAALG,QAC9C,GAAIH,EAAK,KAAOA,EAAK,IAAK,CAE/B,MAGMI,IACI,EAALJ,IAAW,IAAa,GAJlBF,EAAMC,OAImB,IAAa,GAHtCD,EAAMC,OAGuC,EAAW,GAFxDD,EAAMC,MAGf,MACFP,EAAIE,KAAOO,OAAOC,aAAa,OAAUE,GAAK,KAC9CZ,EAAIE,KAAOO,OAAOC,aAAa,OAAc,KAAJE,QACpC,CACL,MAAMD,EAAKL,EAAMC,KACXM,EAAKP,EAAMC,KACjBP,EAAIE,KAAOO,OAAOC,cACT,GAALF,IAAY,IAAa,GAALG,IAAY,EAAW,GAALE,IAI9C,OAAOb,EAAIJ,KAAK,IA+JPkB,CAAkB3C,KAAK4C,wBAAwBvC,EAAOC,KAkB/DsC,wBAAwBvC,EAAeC,GACrCN,KAAKU,QAEL,MAAMmC,EAAgBvC,EAClBN,KAAKH,sBACLG,KAAKL,eAEHiB,EAAmB,GAEzB,IAAK,IAAIC,EAAI,EAAGA,EAAIR,EAAMS,QAAU,CAClC,MAAMC,EAAQ8B,EAAcxC,EAAMyC,OAAOjC,MAGnCI,EADYJ,EAAIR,EAAMS,OACF+B,EAAcxC,EAAMyC,OAAOjC,IAAM,IACzDA,EAEF,MACMM,EADYN,EAAIR,EAAMS,OACF+B,EAAcxC,EAAMyC,OAAOjC,IAAM,KACzDA,EAEF,MACMkC,EADYlC,EAAIR,EAAMS,OACF+B,EAAcxC,EAAMyC,OAAOjC,IAAM,GAG3D,KAFEA,EAEW,MAATE,GAA0B,MAATE,GAA0B,MAATE,GAA0B,MAAT4B,EACrD,MAAM,IAAIC,wBAGZ,MAAM5B,EAAYL,GAAS,EAAME,GAAS,EAG1C,GAFAL,EAAOY,KAAKJ,GAEE,KAAVD,EAAc,CAChB,MAAME,EAAaJ,GAAS,EAAK,IAASE,GAAS,EAGnD,GAFAP,EAAOY,KAAKH,GAEE,KAAV0B,EAAc,CAChB,MAAMzB,EAAaH,GAAS,EAAK,IAAQ4B,EACzCnC,EAAOY,KAAKF,KAKlB,OAAOV,GAQTF,QACE,IAAKV,KAAKN,eAAgB,CACxBM,KAAKN,eAAiB,GACtBM,KAAKL,eAAiB,GACtBK,KAAKJ,sBAAwB,GAC7BI,KAAKH,sBAAwB,GAG7B,IAAK,IAAIgB,EAAI,EAAGA,EAAIb,KAAKD,aAAae,OAAQD,IAC5Cb,KAAKN,eAAemB,GAAKb,KAAKD,aAAa+C,OAAOjC,GAClDb,KAAKL,eAAeK,KAAKN,eAAemB,IAAMA,EAC9Cb,KAAKJ,sBAAsBiB,GAAKb,KAAKC,qBAAqB6C,OAAOjC,GACjEb,KAAKH,sBAAsBG,KAAKJ,sBAAsBiB,IAAMA,EAGxDA,GAAKb,KAAKF,kBAAkBgB,SAC9Bd,KAAKL,eAAeK,KAAKC,qBAAqB6C,OAAOjC,IAAMA,EAC3Db,KAAKH,sBAAsBG,KAAKD,aAAa+C,OAAOjC,IAAMA,MAU9D,MAAOmC,gCAAgCvC,MAA7CwC,kCACWjD,KAAIkD,KAAG,2BA6BX,MAAMC,aAAe,SAAUvB,GACpC,IACE,OAAOnC,EAAOyC,aAAaN,GAAK,GAChC,MAAOwB,GACPC,QAAQC,MAAM,wBAAyBF,GAEzC,OAAO,MC/TT,MAAMG,sBAAwB,ICjCd,SAAAC,YACd,GAAoB,oBAATC,KACT,OAAOA,KAET,GAAsB,oBAAXC,OACT,OAAOA,OAET,GAAsB,oBAAXC,OACT,OAAOA,OAET,MAAM,IAAIlD,MAAM,mCDwBhB+C,GAAYI,sBA2CDC,YAAc,KACzB,IACE,OACEN,yBApC6B,MACjC,GAAuB,oBAAZO,cAAkD,IAAhBA,QAAQC,IACnD,OAEF,MAAMC,EAAqBF,QAAQC,IAAIH,sBACvC,OAAII,EACKC,KAAKC,MAAMF,QADpB,GAgCIG,IA3BwB,MAC5B,GAAwB,oBAAbC,SACT,OAEF,IAAIC,EACJ,IACEA,EAAQD,SAASE,OAAOD,MAAM,iCAC9B,MAAOjB,GAGP,OAEF,MAAMmB,EAAUF,GAASlB,aAAakB,EAAM,IAC5C,OAAOE,GAAWN,KAAKC,MAAMK,IAezBC,GAEF,MAAOpB,GAQP,YADAC,QAAQoB,KAAK,+CAA+CrB,OAsDnDsB,uBACXxB,IAEA,IAAAyB,EAAA,iBAAAd,oCAAgB,IAAIX,MElJN,SAAA0B,QACd,MACuB,oBAAdC,WAC2B,iBAA3BA,UAAqB,UAErBA,UAAqB,UAErB,GC0CL,MAAOC,sBAAsBrE,MAIjCwC,YAEW8B,EACTC,EAEOC,GAEPC,MAAMF,GALGhF,KAAI+E,KAAJA,EAGF/E,KAAUiF,WAAVA,EAPAjF,KAAIkD,KAdI,gBA2BfiC,OAAOC,eAAepF,KAAM8E,cAAcO,WAItC5E,MAAM6E,mBACR7E,MAAM6E,kBAAkBtF,KAAMuF,aAAaF,UAAUG,SAK9C,MAAAD,aAIXtC,YACmBwC,EACAC,EACAC,GAFA3F,KAAOyF,QAAPA,EACAzF,KAAW0F,YAAXA,EACA1F,KAAM2F,OAANA,EAGnBH,OACET,KACGa,GAEH,MAAMX,EAAcW,EAAK,IAAoB,GACvCC,EAAW,GAAG7F,KAAKyF,WAAWV,IAC9Be,EAAW9F,KAAK2F,OAAOZ,GAEvBC,EAAUc,EAUpB,SAASC,gBAAgBD,EAAkBF,GACzC,OAAOE,EAASE,QAAQC,GAAS,CAACC,EAAGC,KACnC,MAAMC,EAAQR,EAAKO,GACnB,OAAgB,MAATC,EAAgB9D,OAAO8D,GAAS,IAAID,SAbhBJ,CAAgBD,EAAUb,GAAc,QAE7DoB,EAAc,GAAGrG,KAAK0F,gBAAgBV,MAAYa,MAIxD,OAFc,IAAIf,cAAce,EAAUQ,EAAapB,IAa3D,MAAMgB,EAAU,gBC3EA,SAAAK,UAAUC,EAAWC,GACnC,GAAID,IAAMC,EACR,OAAO,EAGT,MAAMC,EAAQtB,OAAOuB,KAAKH,GACpBI,EAAQxB,OAAOuB,KAAKF,GAC1B,IAAK,MAAMI,KAAKH,EAAO,CACrB,IAAKE,EAAME,SAASD,GAClB,OAAO,EAGT,MAAME,EAASP,EAA8BK,GACvCG,EAASP,EAA8BI,GAC7C,GAAII,SAASF,IAAUE,SAASD,IAC9B,IAAKT,UAAUQ,EAAOC,GACpB,OAAO,OAEJ,GAAID,IAAUC,EACnB,OAAO,EAIX,IAAK,MAAMH,KAAKD,EACd,IAAKF,EAAMI,SAASD,GAClB,OAAO,EAGX,OAAO,EAGT,SAASI,SAASC,GAChB,OAAiB,OAAVA,GAAmC,iBAAVA,ECpE5B,SAAUC,YAAYC,GAG1B,MAAMC,EAAS,GACf,IAAK,MAAOjB,EAAKC,KAAUjB,OAAOkC,QAAQF,GACpC5G,MAAMC,QAAQ4F,GAChBA,EAAMkB,SAAQC,IACZH,EAAO5F,KACLgG,mBAAmBrB,GAAO,IAAMqB,mBAAmBD,OAIvDH,EAAO5F,KAAKgG,mBAAmBrB,GAAO,IAAMqB,mBAAmBpB,IAGnE,OAAOgB,EAAOtG,OAAS,IAAMsG,EAAO3F,KAAK,KAAO,GAO5C,SAAUgG,kBAAkBP,GAChC,MAAMQ,EAA8B,GASpC,OAReR,EAAYlB,QAAQ,MAAO,IAAI2B,MAAM,KAE7CL,SAAQM,IACb,GAAIA,EAAO,CACT,MAAOzB,EAAKC,GAASwB,EAAMD,MAAM,KACjCD,EAAIG,mBAAmB1B,IAAQ0B,mBAAmBzB,OAG/CsB,EAMH,SAAUI,mBAAmBC,GACjC,MAAMC,EAAaD,EAAIE,QAAQ,KAC/B,IAAKD,EACH,MAAO,GAET,MAAME,EAAgBH,EAAIE,QAAQ,IAAKD,GACvC,OAAOD,EAAII,UACTH,EACAE,EAAgB,EAAIA,OAAgBE,GCIxC,MAAMC,cAeJpF,YAAYqF,EAAuBC,GAd3BvI,KAASwI,UAAmC,GAC5CxI,KAAYyI,aAAkB,GAE9BzI,KAAa0I,cAAG,EAEhB1I,KAAA2I,KAAOC,QAAQC,UACf7I,KAAS8I,WAAG,EASlB9I,KAAKuI,cAAgBA,EAIrBvI,KAAK2I,KACFI,MAAK,KACJT,EAAStI,SAEVgJ,OAAM5F,IACLpD,KAAKsD,MAAMF,MAIjB6F,KAAK7C,GACHpG,KAAKkJ,iBAAiBC,IACpBA,EAASF,KAAK7C,MAIlB9C,MAAMA,GACJtD,KAAKkJ,iBAAiBC,IACpBA,EAAS7F,MAAMA,MAEjBtD,KAAKoJ,MAAM9F,GAGb+F,WACErJ,KAAKkJ,iBAAiBC,IACpBA,EAASE,cAEXrJ,KAAKoJ,QASPE,UACEC,EACAjG,EACA+F,GAEA,IAAIF,EAEJ,QACqBf,IAAnBmB,QACUnB,IAAV9E,QACa8E,IAAbiB,EAEA,MAAM,IAAI5I,MAAM,qBAahB0I,EAiIN,SAASK,qBACP9B,EACA+B,GAEA,GAAmB,iBAAR/B,GAA4B,OAARA,EAC7B,OAAO,EAGT,IAAK,MAAMgC,KAAUD,EACnB,GAAIC,KAAUhC,GAA8B,mBAAhBA,EAAIgC,GAC9B,OAAO,EAIX,OAAO,EAvJHF,CAAqBD,EAA8C,CACjE,OACA,QACA,aAGSA,EAEA,CACTN,KAAMM,EACNjG,MAAAA,EACA+F,SAAAA,QAIkBjB,IAAlBe,EAASF,OACXE,EAASF,KAAOU,WAEKvB,IAAnBe,EAAS7F,QACX6F,EAAS7F,MAAQqG,WAEOvB,IAAtBe,EAASE,WACXF,EAASE,SAAWM,MAGtB,MAAMC,EAAQ5J,KAAK6J,eAAeC,KAAK9J,KAAMA,KAAKwI,UAAW1H,QAuB7D,OAlBId,KAAK8I,WAEP9I,KAAK2I,KAAKI,MAAK,KACb,IACM/I,KAAK+J,WACPZ,EAAS7F,MAAMtD,KAAK+J,YAEpBZ,EAASE,WAEX,MAAOjG,QAObpD,KAAKwI,UAAWhH,KAAK2H,GAEdS,EAKDC,eAAehJ,QACEuH,IAAnBpI,KAAKwI,gBAAiDJ,IAAtBpI,KAAKwI,UAAU3H,YAI5Cb,KAAKwI,UAAU3H,GAEtBb,KAAK0I,eAAiB,EACK,IAAvB1I,KAAK0I,oBAA8CN,IAAvBpI,KAAKuI,eACnCvI,KAAKuI,cAAcvI,OAIfkJ,gBAAgBc,GACtB,IAAIhK,KAAK8I,UAOT,IAAK,IAAIjI,EAAI,EAAGA,EAAIb,KAAKwI,UAAW1H,OAAQD,IAC1Cb,KAAKiK,QAAQpJ,EAAGmJ,GAOZC,QAAQpJ,EAAWmJ,GAGzBhK,KAAK2I,KAAKI,MAAK,KACb,QAAuBX,IAAnBpI,KAAKwI,gBAAiDJ,IAAtBpI,KAAKwI,UAAU3H,GACjD,IACEmJ,EAAGhK,KAAKwI,UAAU3H,IAClB,MAAOuC,GAIgB,oBAAZC,SAA2BA,QAAQC,OAC5CD,QAAQC,MAAMF,OAOhBgG,MAAMc,GACRlK,KAAK8I,YAGT9I,KAAK8I,WAAY,OACLV,IAAR8B,IACFlK,KAAK+J,WAAaG,GAIpBlK,KAAK2I,KAAKI,MAAK,KACb/I,KAAKwI,eAAYJ,EACjBpI,KAAKuI,mBAAgBH,OAyC3B,SAASuB,QCrRH,SAAUQ,mBACd1E,GAEA,OAAIA,GAAYA,EAA+B2E,UACrC3E,EAA+B2E,UAEhC3E,MC2BC4E,GAAZ,SAAYA,GACVA,EAAAA,EAAA,MAAA,GAAA,QACAA,EAAAA,EAAA,QAAA,GAAA,UACAA,EAAAA,EAAA,KAAA,GAAA,OACAA,EAAAA,EAAA,KAAA,GAAA,OACAA,EAAAA,EAAA,MAAA,GAAA,QACAA,EAAAA,EAAA,OAAA,GAAA,SANF,CAAYA,IAAAA,EAOX,KAED,MAAMC,EAA2D,CAC/DC,MAASF,EAASG,MAClBC,QAAWJ,EAASK,QACpBjG,KAAQ4F,EAASM,KACjBC,KAAQP,EAASQ,KACjBvH,MAAS+G,EAASS,MAClBC,OAAUV,EAASW,QAMfC,EAA4BZ,EAASM,KAmBrCO,EAAgB,CACpB,CAACb,EAASG,OAAQ,MAClB,CAACH,EAASK,SAAU,MACpB,CAACL,EAASM,MAAO,OACjB,CAACN,EAASQ,MAAO,OACjB,CAACR,EAASS,OAAQ,SAQdK,kBAAgC,CAACC,EAAUC,KAAYC,KAC3D,GAAID,EAAUD,EAASG,SACrB,OAEF,MAAMC,GAAM,IAAIC,MAAOC,cACjBhC,EAASwB,EAAcG,GAC7B,IAAI3B,EAMF,MAAM,IAAIjJ,MACR,8DAA8D4K,MANhEhI,QAAQqG,GACN,IAAI8B,OAASJ,EAASlI,WACnBoI,IC1EF,SAASK,OAAOC,EAAGxI,GACtB,IAAIyI,EAAI,GACR,IAAK,IAAI/J,KAAK8J,EAAOzG,OAAOE,UAAUyG,eAAeC,KAAKH,EAAG9J,IAAMsB,EAAE6E,QAAQnG,GAAK,IAC9E+J,EAAE/J,GAAK8J,EAAE9J,IACb,GAAS,MAAL8J,GAAqD,mBAAjCzG,OAAO6G,sBACtB,CAAA,IAAInL,EAAI,EAAb,IAAgBiB,EAAIqD,OAAO6G,sBAAsBJ,GAAI/K,EAAIiB,EAAEhB,OAAQD,IAC3DuC,EAAE6E,QAAQnG,EAAEjB,IAAM,GAAKsE,OAAOE,UAAU4G,qBAAqBF,KAAKH,EAAG9J,EAAEjB,MACvEgL,EAAE/J,EAAEjB,IAAM+K,EAAE9J,EAAEjB,KAE1B,OAAOgL,ECvBE,MAAAK,UAiBXjJ,YACWC,EACAiJ,EACAC,GAFApM,KAAIkD,KAAJA,EACAlD,KAAemM,gBAAfA,EACAnM,KAAIoM,KAAJA,EAnBXpM,KAAiBqM,mBAAG,EAIpBrM,KAAYsM,aAAe,GAE3BtM,KAAAuM,kBAA2C,OAE3CvM,KAAiBwM,kBAAwC,KAczDC,qBAAqBC,GAEnB,OADA1M,KAAKuM,kBAAoBG,EAClB1M,KAGT2M,qBAAqBN,GAEnB,OADArM,KAAKqM,kBAAoBA,EAClBrM,KAGT4M,gBAAgBC,GAEd,OADA7M,KAAKsM,aAAeO,EACb7M,KAGT8M,2BAA2BC,GAEzB,OADA/M,KAAKwM,kBAAoBO,EAClB/M,MC9CE,MAAAgN,EAAW,CAEtBC,MAAO,QACPC,KAAM,QAQKC,EAAa,CAExBC,SAAU,eAEVC,OAAQ,aAERC,OAAQ,aAERC,SAAU,WAEVN,MAAO,QAEPO,QAAS,eAQEC,EAAe,CAE1BC,WAAY,YAEZC,eAAgB,WAEhBP,SAAU,eAEVC,OAAQ,aAERC,OAAQ,aAERL,MAAO,QAEPO,QAAS,eAQEI,EAAgB,CAE3BC,KAAM,OAENC,eAAgB,iBAEhBC,QAAS,UAQEC,EAAsB,CAEjCC,aAAc,eAEdC,eAAgB,iBAEhBC,cAAe,gBAEfC,8BAA+B,gCAE/BC,wBAAyB,0BAEzBC,aAAc,gBCwShB,SAASC,gBAIP,MAAO,CACL,wCACE,2LAaO,MAAAC,EArRb,SAASC,iBACP,MAAO,CACL,6BACE,uDACF,iBAAgC,GAChC,qBACE,6LAGF,oBACE,qJAGF,uBACE,kKAGF,eACE,+EAEF,oBAAmC,kCACnC,mBAAkC,iCAClC,4BACE,uEACF,wBACE,wDACF,wBACE,6GAEF,wCACE,0LAGF,6BACE,+FAEF,kCACE,wDACF,uBACE,0DACF,yBACE,gKAGF,sBAAkC,+BAClC,0BACE,mFACF,iBAAgC,sCAChC,yBACE,sIAEF,iBACE,qEACF,qBACE,sLAGF,qBAAoC,sCACpC,4BACE,wLAGF,uBACE,uDACF,gCACE,gOAIF,uBACE,wEACF,8BACE,4FACF,gBAA+B,wCAC/B,0BACE,qEACF,kBACE,sEACF,oBACE,kDACF,qBACE,uEACF,0BACE,+KAEF,+BACE,iFACF,yBACE,uGAEF,0BACE,0FAEF,sBACE,+IAEF,sBACE,2GAEF,iBACE,gEACF,2BACE,oFACF,uBACE,gPAIF,sBACE,wCACF,0BACE,4GAEF,iBACE,6KAEF,0BACE,2EACF,oBACE,4CACF,gBACE,4DACF,2BACE,2FACF,8BACE,8HAEF,yBACE,gIAEF,4BACE,6EACF,uBACE,kDACF,uBAAsC,sCACtC,wBACE,oEACF,2BACE,oKAGF,mBAAkC,wCAClC,4BACE,2CACF,+BACE,mEACF,uBACE,wEACF,0BACE,uEACF,cACE,iDACF,8BACE,2EACF,6BACE,yEACF,2CACE,wJAGF,yBACE,kGACF,gBAA+B,sCAC/B,mBACE,6DACF,YACE,0GAEF,wBACE,yJAGF,8CACE,kLAGF,gBACE,4FACF,uBACE,yEACF,0BACE,kEACF,iBACE,4DACF,6BACE,2EACF,6BACE,mDACF,sBACE,6DACF,+BACE,yDACF,uCACE,4EACF,qBACE,sEACFC,QAAyB,+BACzB,qBACE,yEACF,oBACE,0FAEF,4BACE,2GAEF,2BACE,sHACF,+BACE,2EACF,+BACE,6DACF,mBACE,2CACF,iBACE,wEACF,iBACE,4FAEF,gBACE,0DACF,gBACE,+EACF,kBAAiC,GACjC,gBACE,kDACF,0BACE,+EACF,sBACE,oOAIF,0BACE,sEACF,0BACE,sEACF,2BACE,uEACF,wBACE,oEACF,sBACE,4EACF,4BACE,wEACF,mBAAkC,8BAClC,4BACE,wEACF,6CACE,iIACF,sCACE,iDAoCOC,EAA6BJ,cAuD7BK,EAA8B,IAAIrJ,aAG7C,OAAQ,WAlFD,CACL,wCACE,4LA6FOsJ,EAA6C,CACxDC,qBAAsB,kCACtBC,eAAgB,sBAChBC,mBAAoB,0BACpBC,kBAAmB,yBACnBC,qBAAsB,4BACtBC,aAAc,oBACdC,kBAAmB,yBACnBC,iBAAkB,wBAClBC,0BAA2B,iCAC3BC,oBAAqB,6BACrBC,+BAAgC,6BAChCC,+BAAgC,6CAChCC,2BAA4B,kCAC5BC,gCAAiC,uCACjCC,aAAc,4BACdC,uBAAwB,8BACxBC,iBAAkB,2BAClBC,sBAAuB,+BACvBC,eAAgB,sBAChBC,gBAAiB,uBACjBC,uBAAwB,8BACxBC,eAAgB,sBAChBC,aAAc,0BACdC,mBAAoB,0BACpBC,kBAAmB,yBACnBC,aAAc,iCACdC,qBAAsB,4BACtBC,8BAA+B,qCAC/BC,qBAAsB,4BACtBC,4BAA6B,mCAC7BC,cAAe,qBACfC,wBAAyB,+BACzBC,qBAAsB,0BACtBC,0BAA2B,0BAC3BC,wBAAyB,+BACzBC,oBAAqB,oCACrBC,wBAAyB,+BACzBC,uBAAwB,8BACxBC,iBAAkB,2BAClBC,eAAgB,2BAChBC,iBAAkB,sBAClBC,oBAAqB,gCACrBC,qBAAsB,4BACtBC,oBAAqB,2BACrBC,wBAAyB,+BACzBC,eAAgB,sBAChBC,qBAAsB,+BACtBC,kBAAmB,yBACnBC,mBAAoB,mCACpBC,aAAc,kCACdC,6BAA8B,gCAC9BC,uBAAwB,8BACxBC,oBAAqB,mCACrBC,aAAc,iCACdC,qBAAsB,4BACtBC,qBAAsB,4BACtBC,sBAAuB,6BACvBC,yBAA0B,gCAC1BC,iBAAkB,iCAClBC,oBAAqB,oCACrBC,qBAAsB,4BACtBC,qBAAsB,+BACtBC,iBAAkB,mBAClBC,kBAAmB,gDACnBC,uBAAwB,8BACxBC,UAAW,iBACXC,cAAe,qBACfC,iBAAkB,wBAClBC,sBAAuB,6BACvBC,wBAAyB,mDACzBC,cAAe,qBACfC,qBAAsB,4BACtBC,wBAAyB,+BACzBC,eAAgB,sBAChBC,2BAA4B,kCAC5BC,2BAA4B,kCAC5BC,oBAAqB,2BACrBC,+BAAgC,oCAChCC,6BAA8B,4CAC9BC,mBAAoB,0BACpBC,QAAS,eACTC,cAAe,0BACfC,4BAA6B,yBAC7BC,oBAAqB,iCACrBC,yBAA0B,gCAC1BC,wBAAyB,oCACzBC,6BAA8B,oCAC9BC,iBAAkB,wBAClBC,eAAgB,sBAChBC,aAAc,sBACdC,cAAe,qBACfC,cAAe,qBACfC,gBAAiB,uBACjBC,cAAe,qBACfC,wBAAyB,+BACzBC,oBAAqB,2BACrBC,sBAAuB,6BACvBC,wBAAyB,+BACzBC,wBAAyB,+BACzBC,yBAA0B,gCAC1BC,oBAAqB,2BACrBC,0BAA2B,iCAC3BC,0BAA2B,iCAC3BC,iBAAkB,yBClkBdC,EAAY,ILuGL,MAAAC,OAOXtS,YAAmBC,GAAAlD,KAAIkD,KAAJA,EAUXlD,KAASwV,UAAGvK,EAsBZjL,KAAWyV,YAAetK,kBAc1BnL,KAAe0V,gBAAsB,KAlCzCnK,eACF,OAAOvL,KAAKwV,UAGVjK,aAASoK,GACX,KAAMA,KAAOtL,GACX,MAAM,IAAIuL,UAAU,kBAAkBD,+BAExC3V,KAAKwV,UAAYG,EAInBE,YAAYF,GACV3V,KAAKwV,UAA2B,iBAARG,EAAmBrL,EAAkBqL,GAAOA,EAQlEG,iBACF,OAAO9V,KAAKyV,YAEVK,eAAWH,GACb,GAAmB,mBAARA,EACT,MAAM,IAAIC,UAAU,qDAEtB5V,KAAKyV,YAAcE,EAOjBI,qBACF,OAAO/V,KAAK0V,gBAEVK,mBAAeJ,GACjB3V,KAAK0V,gBAAkBC,EAOzBpL,SAASe,GACPtL,KAAK0V,iBAAmB1V,KAAK0V,gBAAgB1V,KAAMqK,EAASG,SAAUc,GACtEtL,KAAKyV,YAAYzV,KAAMqK,EAASG,SAAUc,GAE5C0K,OAAO1K,GACLtL,KAAK0V,iBACH1V,KAAK0V,gBAAgB1V,KAAMqK,EAASK,WAAYY,GAClDtL,KAAKyV,YAAYzV,KAAMqK,EAASK,WAAYY,GAE9C7G,QAAQ6G,GACNtL,KAAK0V,iBAAmB1V,KAAK0V,gBAAgB1V,KAAMqK,EAASM,QAASW,GACrEtL,KAAKyV,YAAYzV,KAAMqK,EAASM,QAASW,GAE3CV,QAAQU,GACNtL,KAAK0V,iBAAmB1V,KAAK0V,gBAAgB1V,KAAMqK,EAASQ,QAASS,GACrEtL,KAAKyV,YAAYzV,KAAMqK,EAASQ,QAASS,GAE3ChI,SAASgI,GACPtL,KAAK0V,iBAAmB1V,KAAK0V,gBAAgB1V,KAAMqK,EAASS,SAAUQ,GACtEtL,KAAKyV,YAAYzV,KAAMqK,EAASS,SAAUQ,KK3LjB,kBAuBb,SAAA2K,UAAUC,KAAgB5K,GACpCgK,EAAU/J,UAAYlB,EAASS,OACjCwK,EAAUhS,MAAM,SAAS6S,OAAiBD,OAAU5K,GCaxC,SAAA8K,MACdC,KACGC,GAEH,MAAMC,oBAAoBF,KAAeC,GAc3B,SAAAE,aACdH,KACGC,GAEH,OAAOC,oBAAoBF,KAAeC,GAG5B,SAAAG,wBACdC,EACA3R,EACAC,GAEA,MAAM2R,EACAxR,OAAAyR,OAAAzR,OAAAyR,OAAA,GAAAjI,KAAoC,CACxC5J,CAACA,GAAOC,IAOV,OALgB,IAAIO,aAClB,OACA,WACAoR,GAEanR,OAAOT,EAAM,CAC1B8R,QAASH,EAAKxT,OAIF,SAAA4T,kBACdJ,EACAK,EACA3L,GAGA,KAAM2L,aADsB3L,GAM1B,MAN0BA,EAEFlI,OAAS6T,EAAO9T,YAAYC,MAClDkT,MAAMM,EAAI,kBAGND,wBACJC,EAEA,iBAAA,WAAWK,EAAO9T,YAAYC,6FAMpC,SAASqT,oBACPF,KACGC,GAEH,GAA0B,iBAAfD,EAAyB,CAClC,MAAMtR,EAAOuR,EAAK,GACZU,EAAa,IAAIV,EAAKW,MAAM,IAKlC,OAJID,EAAW,KACbA,EAAW,GAAGH,QAAUR,EAAWnT,MAG7BmT,EAA4Ba,cAAc1R,OAChDT,KACGiS,GAIP,OAAOpI,EAA4BpJ,OACjC6Q,KACIC,GAiBF,SAAUa,QACdC,EACAf,KACGC,GAEH,IAAKc,EACH,MAAMb,oBAAoBF,KAAeC,GA8FvC,SAAUe,UAAUC,GAGxB,MAAMtS,EAAU,8BAAgCsS,EAMhD,MALArB,UAAUjR,GAKJ,IAAIvE,MAAMuE,GAUF,SAAAuS,YACdH,EACApS,GAEKoS,GACHC,UAAUrS,GC3QE,SAAAwS,uBACd,MAAwB,oBAAT/T,OAAqC,QAAbkB,EAAAlB,KAAKgU,gBAAQ,IAAA9S,OAAA,EAAAA,EAAE+S,OAAS,GAGjD,SAAAC,iBACd,MAA+B,UAAxBC,qBAA2D,WAAxBA,oBAG5B,SAAAA,0BACd,MAAwB,oBAATnU,OAAqC,QAAbkB,EAAAlB,KAAKgU,gBAAQ,IAAA9S,OAAA,EAAAA,EAAEkT,WAAa,KCHrD,SAAAC,YACd,QACuB,oBAAdjT,WACPA,WACA,WAAYA,WACgB,kBAArBA,UAAUkT,SAMhBJ,kBdwDW,SAAAK,qBACd,MAAMC,EACc,iBAAXC,OACHA,OAAOD,QACY,iBAAZE,QACPA,QAAQF,aACR7P,EACN,MAA0B,iBAAZ6P,QAAuC7P,IAAf6P,EAAQG,Gc/DvBJ,IAAwB,eAAgBnT,aAEtDA,UAAUkT,OCNR,MAAAM,MAIXpV,YACmBqV,EACAC,GADAvY,KAAUsY,WAAVA,EACAtY,KAASuY,UAATA,EAGjBhB,YACEgB,EAAYD,EACZ,+CAEFtY,KAAKwY,SfDO,SAAAC,kBACd,MACoB,oBAAX/U,WAGJA,OAAgB,SAAKA,OAAiB,UAAKA,OAAiB,WAC/D,oDAAoDgV,KAAK9T,SeLzC6T,If8DJ,SAAAE,gBACd,MACuB,iBAAd9T,WAAmD,gBAAzBA,UAAmB,QehEf8T,GAGvCC,MACE,OAAKd,YAQE9X,KAAKwY,SAAWxY,KAAKuY,UAAYvY,KAAKsY,WANpCO,KAAKC,IAAG,IAAmB9Y,KAAKsY,aC7B7B,SAAAS,aAAaC,EAAwBC,GACnD1B,YAAYyB,EAAOE,SAAU,sCAC7B,MAAMnR,IAAEA,GAAQiR,EAAOE,SAEvB,OAAKD,EAIE,GAAGlR,IAAMkR,EAAKE,WAAW,KAAOF,EAAKhC,MAAM,GAAKgC,IAH9ClR,ECNE,MAAAqR,cAKXC,kBACEC,EACAC,EACAC,GAEAxZ,KAAKsZ,UAAYA,EACbC,IACFvZ,KAAKuZ,YAAcA,GAEjBC,IACFxZ,KAAKwZ,aAAeA,GAIxBH,eACE,OAAIrZ,KAAKsZ,UACAtZ,KAAKsZ,UAEM,oBAAT7V,MAAwB,UAAWA,KACrCA,KAAKgW,MAEY,oBAAfC,YAA8BA,WAAWD,MAC3CC,WAAWD,MAEC,oBAAVA,MACFA,WAETpC,UACE,mHAIJgC,iBACE,OAAIrZ,KAAKuZ,YACAvZ,KAAKuZ,YAEM,oBAAT9V,MAAwB,YAAaA,KACvCA,KAAKkW,QAEY,oBAAfD,YAA8BA,WAAWC,QAC3CD,WAAWC,QAEG,oBAAZA,QACFA,aAETtC,UACE,qHAIJgC,kBACE,OAAIrZ,KAAKwZ,aACAxZ,KAAKwZ,aAEM,oBAAT/V,MAAwB,aAAcA,KACxCA,KAAKmW,SAEY,oBAAfF,YAA8BA,WAAWE,SAC3CF,WAAWE,SAEI,oBAAbA,SACFA,cAETvC,UACE,uHC4CC,MAAMwC,EAAyD,CAEpEtK,oBAAoE,wBAEpEuK,qBAAgE,iBAGhEC,mBAA6D,gBAE7D3H,qBAAgE,iBAGhEd,iBAA8D,iBAE9D0I,iBAA8D,mBAG9DjJ,0BAAyE,qBAGzEnB,aAAsD,uBACtDqK,wBAA0E,wBAG1EnJ,qBAAoE,qBACpEoJ,sBAAqE,qBACrEC,iCACyC,4BAGzCC,iBAA4D,iBAG5DC,gBAAyD,iBACzDC,4BAC2C,oBAE3CxK,iBAA8D,sBAC9DsB,iBAA8D,sBAE9DmJ,iBAA4D,iBAG5D/K,+BAC8C,wBAC9CgL,iBAA0D,qBAC1DzG,cAAwD,qBACxD0G,eAAyD,qBAGzDzG,4BAC2C,oBAC3C0G,oCACmD,sCAGnDnK,aAAsD,4BACtDqB,qBAAsE,0BACtE+I,wBAAuE,qBACvEhI,qBAAsE,0BACtEiI,gBAAyD,eAKzD5I,6BAC4C,2BAC5CiC,oBAAoE,4BAGpE/C,wBAA4E,0BAG5EpC,qBAAsE,6BAGtE+L,+BACmC,+BACnCC,yBAAwE,8BACxEC,0BAAuE,4BACvEC,+BACmC,+BACnCC,qBAC8C,+BAC9CrH,6BAC4C,uCAG5CsH,iCAA4E,iBAG5EpG,sBAAwE,wBACxEC,wBAA4E,0BAC5EC,wBAA4E,0BAC5EC,yBACwC,2BACxCC,oBAAoE,sBACpEC,0BACyC,4BACzCC,0BACyC,4BACzCC,iBAA8D,oBClInD8F,EAAyB,IAAI9C,MAAM,IAAQ,KAExC,SAAA+C,mBACd1E,EACA2E,GAEA,OAAI3E,EAAK4E,WAAaD,EAAQC,SAC5BnW,OAAAyR,OAAAzR,OAAAyR,OAAA,GACKyE,GACH,CAAAC,SAAU5E,EAAK4E,WAGZD,EAGFE,eAAeC,mBACpB9E,EACAhN,EACAuP,EACAoC,EACAI,EAAuD,IAEvD,OAAOC,+BAA+BhF,EAAM+E,GAAgBF,UAC1D,IAAII,EAAO,GACPvU,EAAS,GACTiU,IAC6B,QAA3B3R,EACFtC,EAASiU,EAETM,EAAO,CACLA,KAAM1X,KAAK2X,UAAUP,KAK3B,MAAMQ,EAAQ3U,2BACZf,IAAKuQ,EAAKsC,OAAO8C,QACd1U,IACF6P,MAAM,GAEH8E,QAAiBrF,EAAsBsF,wBAO7C,OANAD,EAAO,gBAA4B,mBAE/BrF,EAAKuF,eACPF,EAAqC,qBAAGrF,EAAKuF,cAGxC7C,cAAcK,OAAdL,CACL8C,gBAAgBxF,EAAMA,EAAKsC,OAAOmD,QAASlD,EAAM4C,kBAE/CnS,OAAAA,EACAqS,QAAAA,EACAK,eAAgB,eACbT,OAMJJ,eAAeG,+BACpBhF,EACA+E,EACAY,GAEC3F,EAAsB4F,kBAAmB,EAC1C,MAAM3F,EAAgBxR,OAAAyR,OAAAzR,OAAAyR,OAAA,GAAAiD,GAAqB4B,GAC3C,IACE,MAAMc,EAAiB,IAAIC,eAAyB9F,GAC9C+F,QAA2B7T,QAAQ8T,KAAwB,CAC/DL,IACAE,EAAeI,UAKjBJ,EAAeK,sBAEf,MAAMC,QAAaJ,EAASI,OAC5B,GAAI,qBAAsBA,EACxB,MAAMC,iBAAiBpG,EAAuC,2CAAAmG,GAGhE,GAAIJ,EAASM,MAAQ,iBAAkBF,GACrC,OAAOA,EACF,CACL,MAAMG,EAAeP,EAASM,GAAKF,EAAKG,aAAeH,EAAKvZ,MAAM0B,SAC3DiY,EAAiBC,GAAsBF,EAAarV,MAAM,OACjE,GAAsE,qCAAlEsV,EACF,MAAMH,iBACJpG,EAEA,4BAAAmG,GAEG,GAAkD,iBAA9CI,EACT,MAAMH,iBAAiBpG,EAAkC,uBAAAmG,GACpD,GAAmD,kBAA/CI,EACT,MAAMH,iBAAiBpG,EAAmC,gBAAAmG,GAE5D,MAAMM,EACJxG,EAASsG,IACRA,EACEG,cACApX,QAAQ,UAAW,KACxB,GAAIkX,EACF,MAAMzG,wBAAwBC,EAAMyG,EAAWD,GAE/C9G,MAAMM,EAAMyG,IAGhB,MAAO/Z,GACP,GAAIA,aAAa0B,cACf,MAAM1B,EAKRgT,MAAMM,EAA4C,yBAAA,CAAE1R,QAAW1C,OAAOc,MAInEmY,eAAe8B,sBACpB3G,EACAhN,EACAuP,EACAoC,EACAI,EAAuD,IAEvD,MAAM6B,QAAwB9B,mBAC5B9E,EACAhN,EACAuP,EACAoC,EACAI,GAQF,MANI,yBAA0B6B,GAC5BlH,MAAMM,EAAkC,6BAAA,CACtC6G,gBAAiBD,IAIdA,EAGH,SAAUpB,gBACdxF,EACA8G,EACAvE,EACA4C,GAEA,MAAM4B,EAAO,GAAGD,IAAOvE,KAAQ4C,IAE/B,OAAMnF,EAAsBsC,OAAOE,SAI5BH,aAAarC,EAAKsC,OAA0ByE,GAH1C,GAAG/G,EAAKsC,OAAO0E,eAAeD,IAMnC,SAAUE,uBACdC,GAEA,OAAQA,GACN,IAAK,UACH,MAAgC,UAClC,IAAK,QACH,MAA8B,QAChC,IAAK,MACH,MAA4B,MAC9B,QACE,MAAsD,iCAI5D,MAAMpB,eAiBJvZ,YAA6ByT,GAAA1W,KAAI0W,KAAJA,EAbrB1W,KAAK6d,MAAe,KACnB7d,KAAO2c,QAAG,IAAI/T,SAAW,CAAC1C,EAAG4X,KACpC9d,KAAK6d,MAAQE,YAAW,IACfD,EACLtH,aAAaxW,KAAK0W,KAA2C,4BAE9DyE,EAAuBvC,UAG5BgE,sBACEoB,aAAahe,KAAK6d,QAWN,SAAAf,iBACdpG,EACA3R,EACA0X,GAEA,MAAMwB,EAAgC,CACpCpH,QAASH,EAAKxT,MAGZuZ,EAASyB,QACXD,EAAYC,MAAQzB,EAASyB,OAE3BzB,EAAS0B,cACXF,EAAYE,YAAc1B,EAAS0B,aAGrC,MAAM7a,EAAQkT,aAAaE,EAAM3R,EAAMkZ,GAIvC,OADC3a,EAAM2B,WAAwCmZ,eAAiB3B,EACzDnZ,ECjSH,SAAU+a,KACdC,GAEA,YACiBlW,IAAfkW,QAC0ClW,IAAzCkW,EAAyBC,YAwBxB,SAAUC,aACdF,GAEA,YACiBlW,IAAfkW,QACkDlW,IAAjDkW,EAAkCG,WAW1B,MAAAC,gBAWXzb,YAAYwZ,GACV,GARFzc,KAAO2e,QAAW,GAKlB3e,KAAyB4e,0BAAwC,QAGjCxW,IAA1BqU,EAASoC,aACX,MAAM,IAAIpe,MAAM,0BAGlBT,KAAK2e,QAAUlC,EAASoC,aAAalX,MAAM,KAAK,GAChD3H,KAAK4e,0BAA4BnC,EAASmC,0BAS5CE,4BAA4BC,GAC1B,IACG/e,KAAK4e,2BACoC,IAA1C5e,KAAK4e,0BAA0B9d,OAE/B,OAAO,KAGT,IAAK,MAAM8d,KAA6B5e,KAAK4e,0BAC3C,GACEA,EAA0BI,UAC1BJ,EAA0BI,WAAaD,EAEvC,OAAOpB,uBACLiB,EAA0BK,kBAIhC,OAAO,KASTC,kBAAkBH,GAChB,MAE4B,YAD1B/e,KAAK8e,4BAA4BC,IAEY,UAA7C/e,KAAK8e,4BAA4BC,IC1EhCxD,eAAe4D,mBACpBzI,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,MAAA,sBAAA0E,mBAAmB1E,EAAM2E,ICtDvB,SAAU+D,yBACdC,GAEA,GAAKA,EAGL,IAEE,MAAMC,EAAO,IAAI7T,KAAK8T,OAAOF,IAE7B,IAAKG,MAAMF,EAAKG,WAEd,OAAOH,EAAKI,cAEd,MAAOtc,KCOK,SAAAuc,WAAWC,EAAYC,GAAe,GACpD,OAAO1V,mBAAmByV,GAAMD,WAAWE,GAetCtE,eAAeuE,iBACpBF,EACAC,GAAe,GAEf,MAAME,EAAe5V,mBAAmByV,GAClChY,QAAcmY,EAAaJ,WAAWE,GACtCG,EAASC,YAAYrY,GAE3BuP,QACE6I,GAAUA,EAAOE,KAAOF,EAAOG,WAAaH,EAAOI,IACnDL,EAAarJ,uBAGf,MAAM2J,EACuB,iBAApBL,EAAOK,SAAwBL,EAAOK,cAAWjY,EAEpDkY,EAAqCD,MAAAA,OAAQ,EAARA,EAA6B,iBAExE,MAAO,CACLL,OAAAA,EACApY,MAAAA,EACA2Y,SAAUnB,yBACRoB,4BAA4BR,EAAOG,YAErCM,aAAcrB,yBACZoB,4BAA4BR,EAAOI,MAErCM,eAAgBtB,yBACdoB,4BAA4BR,EAAOE,MAErCI,eAAgBA,GAAkB,KAClCK,oBAAoBN,MAAAA,OAAA,EAAAA,EAAkC,wBAAK,MAI/D,SAASG,4BAA4BI,GACnC,OAAyB,IAAlBrB,OAAOqB,GAGV,SAAUX,YAAYrY,GAC1B,MAAOiZ,EAAWC,EAASC,GAAanZ,EAAMD,MAAM,KACpD,QACgBS,IAAdyY,QACYzY,IAAZ0Y,QACc1Y,IAAd2Y,EAGA,OADA9K,UAAU,kDACH,KAGT,IACE,MAAM1R,EAAUpB,aAAa2d,GAC7B,OAAKvc,EAIEN,KAAKC,MAAMK,IAHhB0R,UAAU,uCACH,MAGT,MAAO7S,GAKP,OAJA6S,UACE,2CACC7S,MAAAA,OAAA,EAAAA,EAAa4d,YAET,MC9FJzF,eAAe0F,qBACpBrB,EACAjD,EACAuE,GAAkB,GAElB,GAAIA,EACF,OAAOvE,EAET,IACE,aAAaA,EACb,MAAOvZ,GAOP,MANIA,aAAa0B,eAUrB,SAASqc,mBAAkBpc,KAAEA,IAC3B,MACW,uBAATA,GACS,4BAATA,EAbkCoc,CAAkB/d,IAC9Cwc,EAAKlJ,KAAK0K,cAAgBxB,SACtBA,EAAKlJ,KAAK2K,UAIdje,GCXG,MAAAke,iBAUXre,YAA6B2c,GAAA5f,KAAI4f,KAAJA,EATrB5f,KAASuhB,WAAG,EAMZvhB,KAAOwhB,QAAe,KACtBxhB,KAAAyhB,aAA0C,IAIlDC,SACM1hB,KAAKuhB,YAITvhB,KAAKuhB,WAAY,EACjBvhB,KAAK2hB,YAGPC,QACO5hB,KAAKuhB,YAIVvhB,KAAKuhB,WAAY,EACI,OAAjBvhB,KAAKwhB,SACPxD,aAAahe,KAAKwhB,UAIdK,YAAYC,SAClB,GAAIA,EAAU,CACZ,MAAMC,EAAW/hB,KAAKyhB,aAKtB,OAJAzhB,KAAKyhB,aAAe5I,KAAKC,IACH,EAApB9Y,KAAKyhB,mBAGAM,EACF,CAEL/hB,KAAKyhB,aAAY,IACjB,MACMM,GADsD,QAA5Cpd,EAAA3E,KAAK4f,KAAKoC,gBAAgBtB,sBAAkB,IAAA/b,EAAAA,EAAA,GACjC8G,KAAKD,MAAK,IAErC,OAAOqN,KAAKoJ,IAAI,EAAGF,IAIfJ,SAASG,GAAW,GAC1B,IAAK9hB,KAAKuhB,UAER,OAGF,MAAMQ,EAAW/hB,KAAK6hB,YAAYC,GAClC9hB,KAAKwhB,QAAUzD,YAAWxC,gBAClBvb,KAAKkiB,cACVH,GAGGxG,kBACN,UACQvb,KAAK4f,KAAKD,YAAW,GAC3B,MAAOvc,GASP,YALE,iCADCA,MAAAA,OAAA,EAAAA,EAAqB2B,OAGtB/E,KAAK2hB,UAAwB,IAKjC3hB,KAAK2hB,YCnFI,MAAAQ,aAIXlf,YACUmf,EACAC,GADAriB,KAASoiB,UAATA,EACApiB,KAAWqiB,YAAXA,EAERriB,KAAKsiB,kBAGCA,kBACNtiB,KAAKuiB,eAAiBnD,yBAAyBpf,KAAKqiB,aACpDriB,KAAKwiB,aAAepD,yBAAyBpf,KAAKoiB,WAGpDK,MAAMC,GACJ1iB,KAAKoiB,UAAYM,EAASN,UAC1BpiB,KAAKqiB,YAAcK,EAASL,YAC5BriB,KAAKsiB,kBAGPK,SACE,MAAO,CACLP,UAAWpiB,KAAKoiB,UAChBC,YAAariB,KAAKqiB,cChBjB9G,eAAeqH,qBAAqBhD,SACzC,MAAMlJ,EAAOkJ,EAAKlJ,KACZmM,QAAgBjD,EAAKD,aACrBlD,QAAiBwE,qBACrBrB,ECsDGrE,eAAeuH,eACpBpM,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,sBAAA2E,GD7DAyH,CAAepM,EAAM,CAAEmM,QAAAA,KAGzB1L,QAAQsF,MAAAA,OAAA,EAAAA,EAAUsG,MAAMjiB,OAAQ4V,EAAI,kBAEpC,MAAMsM,EAAcvG,EAASsG,MAAM,GAEnCnD,EAAKqD,sBAAsBD,GAE3B,MAAME,GAA8C,QAA5Bve,EAAAqe,EAAYG,wBAAgB,IAAAxe,OAAA,EAAAA,EAAE7D,QA4DxD,SAASsiB,oBAAoBC,GAC3B,OAAOA,EAAUC,KAAK3e,IAAA,IAAA4e,WAAEA,GAAyB5e,EAAVqa,EAAQrT,OAAAhH,EAAzB,CAAA,eACpB,MAAO,CACL4e,WAAAA,EACAC,IAAKxE,EAASyE,OAAS,GACvBC,YAAa1E,EAAS0E,aAAe,KACrCxF,MAAOc,EAASd,OAAS,KACzBC,YAAaa,EAASb,aAAe,KACrCwF,SAAU3E,EAAS4E,UAAY,SAnE/BR,CAAoBJ,EAAYG,kBAChC,GAEEU,EA8CR,SAASC,kBACPC,EACAC,GAKA,MAAO,IAHSD,EAASE,QACvBC,IAAMF,EAAQG,MAAKC,GAAKA,EAAEb,aAAeW,EAAEX,kBAEtBS,GArDFF,CAAkBlE,EAAKiE,aAAcX,GAOpDmB,EAAiBzE,EAAK0E,YACtBC,IACF3E,EAAK1B,OAAS8E,EAAYwB,eAAkBX,MAAAA,SAAAA,EAAc/iB,SACxDwjB,IAAeD,GAAyBE,EAExCE,EAAiC,CACrCjB,IAAKR,EAAY0B,QACjBhB,YAAaV,EAAYU,aAAe,KACxCC,SAAUX,EAAYY,UAAY,KAClC1F,MAAO8E,EAAY9E,OAAS,KAC5ByG,cAAe3B,EAAY2B,gBAAiB,EAC5CxG,YAAa6E,EAAY7E,aAAe,KACxC7C,SAAU0H,EAAY1H,UAAY,KAClCuI,aAAAA,EACAnB,SAAU,IAAIP,aAAaa,EAAYZ,UAAWY,EAAYX,aAC9DiC,YAAAA,GAGFnf,OAAOyR,OAAOgJ,EAAM6E,GAUflJ,eAAeqJ,OAAOhF,GAC3B,MAAMG,EAA6B5V,mBAAmByV,SAChDgD,qBAAqB7C,SAKrBA,EAAarJ,KAAKmO,sBAAsB9E,GAC9CA,EAAarJ,KAAKoO,0BAA0B/E,GEnDjC,MAAAgF,gBAAb9hB,cACEjD,KAAYglB,aAAkB,KAC9BhlB,KAAWilB,YAAkB,KAC7BjlB,KAAc0gB,eAAkB,KAE5BwE,gBACF,OACGllB,KAAK0gB,gBACNjV,KAAKD,MAAQxL,KAAK0gB,eAAqC,IAI3DyE,yBACE1I,GAEAtF,QAAQsF,EAASoG,0BACjB1L,aAC8B,IAArBsF,EAASoG,0BAGlB1L,aACmC,IAA1BsF,EAASuI,+BAGlB,MAAMI,EACJ,cAAe3I,QAA0C,IAAvBA,EAAS2I,UACvC7F,OAAO9C,EAAS2I,WNyDpB,SAAUC,gBAAgBzd,GAC9B,MAAM0d,EAAcrF,YAAYrY,GAIhC,OAHAuP,QAAQmO,EAAW,kBACnBnO,aAAmC,IAApBmO,EAAYpF,sBAC3B/I,aAAmC,IAApBmO,EAAYlF,sBACpBb,OAAO+F,EAAYpF,KAAOX,OAAO+F,EAAYlF,KM7D5CiF,CAAgB5I,EAASoG,SAC/B7iB,KAAKulB,0BACH9I,EAASoG,QACTpG,EAASuI,aACTI,GAIJ7J,eACE7E,EACAmJ,GAAe,GAQf,OANA1I,SACGnX,KAAKilB,aAAejlB,KAAKglB,aAC1BtO,EAAI,sBAIDmJ,IAAgB7f,KAAKilB,aAAgBjlB,KAAKklB,UAI3CllB,KAAKglB,oBACDhlB,KAAKwlB,QAAQ9O,EAAM1W,KAAKglB,cACvBhlB,KAAKilB,aAGP,KAREjlB,KAAKilB,YAWhBQ,oBACEzlB,KAAKglB,aAAe,KAGdzJ,cAAc7E,EAAoBgP,GACxC,MAAMT,YAAEA,EAAWD,aAAEA,EAAYI,UAAEA,SCxChC7J,eAAeoK,gBACpBjP,EACAsO,GAEA,MAAMvI,QACEf,+BACJhF,EACA,IACA6E,UACE,MAAMI,EAAOzU,YAAY,CACvB0e,WAAc,gBACdC,cAAiBb,IAChB/N,MAAM,IACH6O,aAAEA,EAAYhK,OAAEA,GAAWpF,EAAKsC,OAChCjR,EAAMmU,gBACVxF,EACAoP,EAAY,YAEZ,OAAOhK,KAGHC,QAAiBrF,EAAsBsF,wBAG7C,OAFAD,EAAO,gBAA4B,oCAE5B3C,cAAcK,OAAdL,CAAsBrR,EAAK,CAChC2B,OAAuB,OACvBqS,QAAAA,EACAJ,KAAAA,OAMR,MAAO,CACLsJ,YAAaxI,EAASsJ,aACtBX,UAAW3I,EAASuJ,WACpBhB,aAAcvI,EAASoJ,eDIgCF,CACrDjP,EACAgP,GAEF1lB,KAAKulB,0BACHN,EACAD,EACAzF,OAAO6F,IAIHG,0BACNN,EACAD,EACAiB,GAEAjmB,KAAKglB,aAAeA,GAAgB,KACpChlB,KAAKilB,YAAcA,GAAe,KAClCjlB,KAAK0gB,eAAiBjV,KAAKD,MAAuB,IAAfya,EAGrC5M,gBAAgBxC,EAAiBE,GAC/B,MAAMiO,aAAEA,EAAYC,YAAEA,EAAWvE,eAAEA,GAAmB3J,EAEhDmP,EAAU,IAAInB,gBAuBpB,OAtBIC,IACF7N,QAAgC,iBAAjB6N,EAAyD,iBAAA,CACtEnO,QAAAA,IAEFqP,EAAQlB,aAAeA,GAErBC,IACF9N,QAA+B,iBAAhB8N,EAAwD,iBAAA,CACrEpO,QAAAA,IAEFqP,EAAQjB,YAAcA,GAEpBvE,IACFvJ,QAC4B,iBAAnBuJ,EAEP,iBAAA,CACE7J,QAAAA,IAGJqP,EAAQxF,eAAiBA,GAEpBwF,EAGTvD,SACE,MAAO,CACLqC,aAAchlB,KAAKglB,aACnBC,YAAajlB,KAAKilB,YAClBvE,eAAgB1gB,KAAK0gB,gBAIzByF,QAAQnE,GACNhiB,KAAKilB,YAAcjD,EAAgBiD,YACnCjlB,KAAKglB,aAAehD,EAAgBgD,aACpChlB,KAAK0gB,eAAiBsB,EAAgBtB,eAGxC0F,SACE,OAAOjhB,OAAOyR,OAAO,IAAImO,gBAAmB/kB,KAAK2iB,UAGnD0D,kBACE,OAAOhP,UAAU,oBEhIrB,SAASiP,wBACPlP,EACAP,GAEAM,QACuB,iBAAdC,QAA+C,IAAdA,EAExC,iBAAA,CAAEP,QAAAA,IAIO,MAAA0P,SAwBXtjB,YAAY0B,OAAA6e,IAAEA,EAAG9M,KAAEA,EAAIsL,gBAAEA,GAAyCrd,EAArB6hB,EAAjC7a,OAAAhH,EAAA,CAAA,MAAA,OAAA,oBAtBH3E,KAAAujB,WAAiC,WAoBzBvjB,KAAAymB,iBAAmB,IAAInF,iBAAiBthB,MA6CjDA,KAAc0mB,eAAuB,KACrC1mB,KAAc2mB,eAA+B,KA3CnD3mB,KAAKwjB,IAAMA,EACXxjB,KAAK0W,KAAOA,EACZ1W,KAAKgiB,gBAAkBA,EACvBhiB,KAAKilB,YAAcjD,EAAgBiD,YACnCjlB,KAAK0jB,YAAc8C,EAAI9C,aAAe,KACtC1jB,KAAKke,MAAQsI,EAAItI,OAAS,KAC1Ble,KAAK2kB,cAAgB6B,EAAI7B,gBAAiB,EAC1C3kB,KAAKme,YAAcqI,EAAIrI,aAAe,KACtCne,KAAK2jB,SAAW6C,EAAI7C,UAAY,KAChC3jB,KAAKskB,YAAckC,EAAIlC,cAAe,EACtCtkB,KAAKsb,SAAWkL,EAAIlL,UAAY,KAChCtb,KAAK6jB,aAAe2C,EAAI3C,aAAe,IAAI2C,EAAI3C,cAAgB,GAC/D7jB,KAAK0iB,SAAW,IAAIP,aAClBqE,EAAIpE,gBAAaha,EACjBoe,EAAInE,kBAAeja,GAIvBmT,iBAAiBsE,GACf,MAAMoF,QAAoBhE,qBACxBjhB,KACAA,KAAKgiB,gBAAgB4E,SAAS5mB,KAAK0W,KAAMmJ,IAU3C,OARA1I,QAAQ8N,EAAajlB,KAAK0W,uBAEtB1W,KAAKilB,cAAgBA,IACvBjlB,KAAKilB,YAAcA,QACbjlB,KAAK0W,KAAKmO,sBAAsB7kB,MACtCA,KAAK0W,KAAKoO,0BAA0B9kB,OAG/BilB,EAGTnF,iBAAiBD,GACf,OAAOC,iBAAiB9f,KAAM6f,GAGhC+E,SACE,OAAOA,OAAO5kB,MAMhBmmB,QAAQvG,GACF5f,OAAS4f,IAGbzI,QAAQnX,KAAKwjB,MAAQ5D,EAAK4D,IAAKxjB,KAAK0W,uBACpC1W,KAAK0jB,YAAc9D,EAAK8D,YACxB1jB,KAAK2jB,SAAW/D,EAAK+D,SACrB3jB,KAAKke,MAAQ0B,EAAK1B,MAClBle,KAAK2kB,cAAgB/E,EAAK+E,cAC1B3kB,KAAKme,YAAcyB,EAAKzB,YACxBne,KAAKskB,YAAc1E,EAAK0E,YACxBtkB,KAAKsb,SAAWsE,EAAKtE,SACrBtb,KAAK6jB,aAAejE,EAAKiE,aAAaP,KAAIuD,GAAkB1hB,OAAAyR,OAAA,GAAAiQ,KAC5D7mB,KAAK0iB,SAASD,MAAM7C,EAAK8C,UACzB1iB,KAAKgiB,gBAAgBmE,QAAQvG,EAAKoC,kBAGpCoE,OAAO1P,GACL,MAAMoQ,EAAU,IAAIP,SACfphB,OAAAyR,OAAAzR,OAAAyR,OAAA,GAAA5W,MAAI,CACP0W,KAAAA,EACAsL,gBAAiBhiB,KAAKgiB,gBAAgBoE,YAGxC,OADAU,EAAQpE,SAASD,MAAMziB,KAAK0iB,UACrBoE,EAGTC,UAAUha,GAERoK,SAASnX,KAAK2mB,eAAgB3mB,KAAK0W,KAAI,kBACvC1W,KAAK2mB,eAAiB5Z,EAClB/M,KAAK0mB,iBACP1mB,KAAKijB,sBAAsBjjB,KAAK0mB,gBAChC1mB,KAAK0mB,eAAiB,MAI1BzD,sBAAsB4D,GAChB7mB,KAAK2mB,eACP3mB,KAAK2mB,eAAeE,GAGpB7mB,KAAK0mB,eAAiBG,EAI1BG,yBACEhnB,KAAKymB,iBAAiB/E,SAGxBuF,wBACEjnB,KAAKymB,iBAAiB7E,QAGxBrG,+BACEkB,EACAmI,GAAS,GAET,IAAIsC,GAAkB,EAEpBzK,EAASoG,SACTpG,EAASoG,UAAY7iB,KAAKgiB,gBAAgBiD,cAE1CjlB,KAAKgiB,gBAAgBmD,yBAAyB1I,GAC9CyK,GAAkB,GAGhBtC,SACIhC,qBAAqB5iB,YAGvBA,KAAK0W,KAAKmO,sBAAsB7kB,MAClCknB,GACFlnB,KAAK0W,KAAKoO,0BAA0B9kB,MAIxCub,eACE,MAAMsH,QAAgB7iB,KAAK2f,aAO3B,aANMsB,qBAAqBjhB,KHlLxBub,eAAe4L,cACpBzQ,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,sBAAA2E,GG0KiC8L,CAAcnnB,KAAK0W,KAAM,CAAEmM,QAAAA,KAC5D7iB,KAAKgiB,gBAAgByD,oBAKdzlB,KAAK0W,KAAK2K,UAGnBsB,SACE,OAAAxd,OAAAyR,OAAAzR,OAAAyR,OAAA,CACE4M,IAAKxjB,KAAKwjB,IACVtF,MAAOle,KAAKke,YAAS9V,EACrBuc,cAAe3kB,KAAK2kB,cACpBjB,YAAa1jB,KAAK0jB,kBAAetb,EACjCkc,YAAatkB,KAAKskB,YAClBX,SAAU3jB,KAAK2jB,eAAYvb,EAC3B+V,YAAane,KAAKme,kBAAe/V,EACjCkT,SAAUtb,KAAKsb,eAAYlT,EAC3Byb,aAAc7jB,KAAK6jB,aAAaP,KAAIuD,oBAAkBA,KACtD7E,gBAAiBhiB,KAAKgiB,gBAAgBW,SAGtCyE,iBAAkBpnB,KAAKonB,kBACpBpnB,KAAK0iB,SAASC,UAAQ,CAGzB7G,OAAQ9b,KAAK0W,KAAKsC,OAAO8C,OACzBjF,QAAS7W,KAAK0W,KAAKxT,OAMnB8hB,mBACF,OAAOhlB,KAAKgiB,gBAAgBgD,cAAgB,GAG9C3L,iBAAiB3C,EAAoBK,uBACnC,MAAM2M,EAAgC,QAAlB/e,EAAAoS,EAAO2M,mBAAW,IAAA/e,EAAAA,OAAIyD,EACpC8V,EAAoB,QAAZmJ,EAAAtQ,EAAOmH,aAAK,IAAAmJ,EAAAA,OAAIjf,EACxB+V,EAAgC,QAAlBmJ,EAAAvQ,EAAOoH,mBAAW,IAAAmJ,EAAAA,OAAIlf,EACpCub,EAA0B,QAAf4D,EAAAxQ,EAAO4M,gBAAQ,IAAA4D,EAAAA,OAAInf,EAC9BkT,EAA0B,QAAfkM,EAAAzQ,EAAOuE,gBAAQ,IAAAkM,EAAAA,OAAIpf,EAC9Bgf,EAA0C,QAAvBK,EAAA1Q,EAAOqQ,wBAAgB,IAAAK,EAAAA,OAAIrf,EAC9Cga,EAA4B,QAAhBsF,EAAA3Q,EAAOqL,iBAAS,IAAAsF,EAAAA,OAAItf,EAChCia,EAAgC,QAAlBsF,EAAA5Q,EAAOsL,mBAAW,IAAAsF,EAAAA,OAAIvf,GACpCob,IACJA,EAAGmB,cACHA,EAAaL,YACbA,EAAWT,aACXA,EACA7B,gBAAiB4F,GACf7Q,EAEJI,QAAQqM,GAAOoE,EAAyBlR,oBAExC,MAAMsL,EAAkB+C,gBAAgB8C,SACtC7nB,KAAKkD,KACL0kB,GAGFzQ,QAAuB,iBAARqM,EAAkB9M,oBACjC4P,wBAAwB5C,EAAahN,EAAKxT,MAC1CojB,wBAAwBpI,EAAOxH,EAAKxT,MACpCiU,QAC2B,kBAAlBwN,EACPjO,oBAGFS,QACyB,kBAAhBmN,EACP5N,oBAGF4P,wBAAwBnI,EAAazH,EAAKxT,MAC1CojB,wBAAwB3C,EAAUjN,EAAKxT,MACvCojB,wBAAwBhL,EAAU5E,EAAKxT,MACvCojB,wBAAwBc,EAAkB1Q,EAAKxT,MAC/CojB,wBAAwBlE,EAAW1L,EAAKxT,MACxCojB,wBAAwBjE,EAAa3L,EAAKxT,MAC1C,MAAM0c,EAAO,IAAI2G,SAAS,CACxB/C,IAAAA,EACA9M,KAAAA,EACAwH,MAAAA,EACAyG,cAAAA,EACAjB,YAAAA,EACAY,YAAAA,EACAX,SAAAA,EACAxF,YAAAA,EACA7C,SAAAA,EACA0G,gBAAAA,EACAI,UAAAA,EACAC,YAAAA,IAWF,OARIwB,GAAgBtjB,MAAMC,QAAQqjB,KAChCjE,EAAKiE,aAAeA,EAAaP,KAAIuD,GAAY1hB,OAAAyR,OAAA,GAAMiQ,MAGrDO,IACFxH,EAAKwH,iBAAmBA,GAGnBxH,EAQTvG,kCACE3C,EACAoR,EACAxD,GAAuB,GAEvB,MAAMtC,EAAkB,IAAI+C,gBAC5B/C,EAAgBmD,yBAAyB2C,GAGzC,MAAMlI,EAAO,IAAI2G,SAAS,CACxB/C,IAAKsE,EAAgBpD,QACrBhO,KAAAA,EACAsL,gBAAAA,EACAsC,YAAAA,IAKF,aADM1B,qBAAqBhD,GACpBA,GC/SX,MAAMmI,EAAuC,IAAIC,IAE3C,SAAUC,aAAgBC,GAC9B3Q,YAAY2Q,aAAeC,SAAU,+BACrC,IAAI/c,EAAW2c,EAAcnP,IAAIsP,GAEjC,OAAI9c,GACFmM,YACEnM,aAAoB8c,EACpB,kDAEK9c,IAGTA,EAAW,IAAK8c,EAChBH,EAAcK,IAAIF,EAAK9c,GAChBA,GCpBI,MAAAid,oBAAbplB,cAEWjD,KAAAoM,KAA4B,OACrCpM,KAAOsoB,QAAqC,GAE5C/M,qBACE,OAAO,EAGTA,WAAWpV,EAAaC,GACtBpG,KAAKsoB,QAAQniB,GAAOC,EAGtBmV,WAAuCpV,GACrC,MAAMC,EAAQpG,KAAKsoB,QAAQniB,GAC3B,YAAiBiC,IAAVhC,EAAsB,KAAQA,EAGvCmV,cAAcpV,UACLnG,KAAKsoB,QAAQniB,GAGtBoiB,aAAaC,EAAcC,IAK3BC,gBAAgBF,EAAcC,KA1BvBJ,oBAAIjc,KAAW,OAqCjB,MAAMuc,EAAmCN,oBC9BhC,SAAAO,oBACdziB,EACA2V,EACAjF,GAEA,MAAO,YAA4B1Q,KAAO2V,KAAUjF,IAGzC,MAAAgS,uBAKX5lB,YACS6lB,EACUpS,EACAqS,GAFV/oB,KAAW8oB,YAAXA,EACU9oB,KAAI0W,KAAJA,EACA1W,KAAO+oB,QAAPA,EAEjB,MAAM/P,OAAEA,EAAM9V,KAAEA,GAASlD,KAAK0W,KAC9B1W,KAAKgpB,YAAcJ,oBAAoB5oB,KAAK+oB,QAAS/P,EAAO8C,OAAQ5Y,GACpElD,KAAKipB,mBAAqBL,oBAAmB,cAE3C5P,EAAO8C,OACP5Y,GAEFlD,KAAKkpB,kBAAoBxS,EAAKyS,gBAAgBrf,KAAK4M,GACnD1W,KAAK8oB,YAAYP,aAAavoB,KAAKgpB,YAAahpB,KAAKkpB,mBAGvDE,eAAexJ,GACb,OAAO5f,KAAK8oB,YAAYO,KAAKrpB,KAAKgpB,YAAapJ,EAAK+C,UAGtDpH,uBACE,MAAM+N,QAAatpB,KAAK8oB,YAAYS,KAAoBvpB,KAAKgpB,aAC7D,OAAOM,EAAO/C,SAASiD,UAAUxpB,KAAK0W,KAAM4S,GAAQ,KAGtDG,oBACE,OAAOzpB,KAAK8oB,YAAYY,QAAQ1pB,KAAKgpB,aAGvCW,6BACE,OAAO3pB,KAAK8oB,YAAYO,KACtBrpB,KAAKipB,mBACLjpB,KAAK8oB,YAAY1c,MAIrBmP,qBAAqBqO,GACnB,GAAI5pB,KAAK8oB,cAAgBc,EACvB,OAGF,MAAMxI,QAAoBphB,KAAK6pB,iBAK/B,aAJM7pB,KAAKypB,oBAEXzpB,KAAK8oB,YAAcc,EAEfxI,EACKphB,KAAKopB,eAAehI,QAD7B,EAKF0I,SACE9pB,KAAK8oB,YAAYJ,gBAAgB1oB,KAAKgpB,YAAahpB,KAAKkpB,mBAG1D7P,oBACE3C,EACAqT,EACAhB,EAA2B,YAE3B,IAAKgB,EAAqBjpB,OACxB,OAAO,IAAI+nB,uBACTZ,aAAaU,GACbjS,EACAqS,GAKJ,MAAMiB,SACEphB,QAAQqhB,IACZF,EAAqBzG,KAAI/H,MAAMuN,IAC7B,SAAUA,EAAYoB,eACpB,OAAOpB,OAKb7E,QAAO6E,GAAeA,IAGxB,IAAIqB,EACFH,EAAsB,IACtB/B,aAAkCU,GAEpC,MAAMxiB,EAAMyiB,oBAAoBG,EAASrS,EAAKsC,OAAO8C,OAAQpF,EAAKxT,MAIlE,IAAIknB,EAAqC,KAIzC,IAAK,MAAMtB,KAAeiB,EACxB,IACE,MAAMT,QAAaR,EAAYS,KAAoBpjB,GACnD,GAAImjB,EAAM,CACR,MAAM1J,EAAO2G,SAASiD,UAAU9S,EAAM4S,GAClCR,IAAgBqB,IAClBC,EAAgBxK,GAElBuK,EAAsBrB,EACtB,OAEF,MAAAnkB,IAKJ,MAAM0lB,EAAqBL,EAAsB/F,QAC/CniB,GAAKA,EAAEwoB,wBAIT,OACGH,EAAoBG,uBACpBD,EAAmBvpB,QAKtBqpB,EAAsBE,EAAmB,GACrCD,SAGID,EAAoBd,KAAKljB,EAAKikB,EAAczH,gBAK9C/Z,QAAQqhB,IACZF,EAAqBzG,KAAI/H,MAAMuN,IAC7B,GAAIA,IAAgBqB,EAClB,UACQrB,EAAYY,QAAQvjB,GAC1B,MAAAxB,SAID,IAAIkkB,uBAAuBsB,EAAqBzT,EAAMqS,IArBpD,IAAIF,uBAAuBsB,EAAqBzT,EAAMqS,ICrH7D,SAAUwB,gBAAgBC,GAC9B,MAAMC,EAAKD,EAAUpN,cACrB,GAAIqN,EAAG5jB,SAAS,WAAa4jB,EAAG5jB,SAAS,SAAW4jB,EAAG5jB,SAAS,UAC9D,MAAyB,QACpB,GAAI6jB,YAAYD,GAErB,MAA4B,WACvB,GAAIA,EAAG5jB,SAAS,SAAW4jB,EAAG5jB,SAAS,YAC5C,MAAsB,KACjB,GAAI4jB,EAAG5jB,SAAS,SACrB,MAAwB,OACnB,GAAI8jB,WAAWF,GACpB,MAA2B,UACtB,GAAIA,EAAG5jB,SAAS,SACrB,MAAwB,OACnB,GAAI+jB,cAAcH,GAEvB,MAA8B,aACzB,GAAII,SAASJ,GAElB,MAAyB,QACpB,GAAIK,UAAUL,GACnB,MAA0B,SACrB,IACJA,EAAG5jB,SAAS,YAAckkB,aAAaN,MACvCA,EAAG5jB,SAAS,SAEb,MAA0B,SACrB,GAAImkB,WAAWP,GAEpB,MAA2B,UACtB,CAEL,MAAMQ,EAAK,kCACLC,EAAUV,EAAUnmB,MAAM4mB,GAChC,GAAwB,KAApBC,MAAAA,OAAO,EAAPA,EAASpqB,QACX,OAAOoqB,EAAQ,GAGnB,MAAyB,QAGX,SAAAP,WAAWF,EAAK7lB,SAC9B,MAAO,aAAa8T,KAAK+R,GAGX,SAAAK,UAAUN,EAAY5lB,SACpC,MAAM6lB,EAAKD,EAAUpN,cACrB,OACEqN,EAAG5jB,SAAS,aACX4jB,EAAG5jB,SAAS,aACZ4jB,EAAG5jB,SAAS,YACZ4jB,EAAG5jB,SAAS,WAID,SAAAkkB,aAAaN,EAAK7lB,SAChC,MAAO,WAAW8T,KAAK+R,GAGT,SAAAC,YAAYD,EAAK7lB,SAC/B,MAAO,YAAY8T,KAAK+R,GAGV,SAAAO,WAAWP,EAAK7lB,SAC9B,MAAO,WAAW8T,KAAK+R,GAGT,SAAAG,cAAcH,EAAK7lB,SACjC,MAAO,cAAc8T,KAAK+R,GAGZ,SAAAI,SAASJ,EAAK7lB,SAC5B,MAAO,SAAS8T,KAAK+R,GAGP,SAAAU,OAAOV,EAAK7lB,SAC1B,MACE,oBAAoB8T,KAAK+R,IACxB,aAAa/R,KAAK+R,IAAO,UAAU/R,KAAK+R,GAe7B,SAAAW,UACd,OnC1Bc,SAAAC,OACd,MAAMZ,EAAK7lB,QACX,OAAO6lB,EAAGxiB,QAAQ,UAAY,GAAKwiB,EAAGxiB,QAAQ,aAAe,EmCwBtDojB,IAAkD,KAAvCjnB,SAAsBknB,aAG1B,SAAAC,iBAAiBd,EAAa7lB,SAE5C,OACEumB,OAAOV,IACPO,WAAWP,IACXI,SAASJ,IACTG,cAAcH,IACd,iBAAiB/R,KAAK+R,IACtBC,YAAYD,GClHA,SAAAe,kBACdC,EACAC,EAAgC,IAEhC,IAAIC,EACJ,OAAQF,GACN,IAAA,UAEEE,EAAmBpB,gBAAgB3lB,SACnC,MACF,IAAA,SAIE+mB,EAAmB,GAAGpB,gBAAgB3lB,YAAY6mB,IAClD,MACF,QACEE,EAAmBF,EAEvB,MAAMG,EAAqBF,EAAW5qB,OAClC4qB,EAAWjqB,KAAK,KAChB,mBACJ,MAAO,GAAGkqB,YAAiDxV,KAAeyV,ICpC/D,MAAAC,oBAGX5oB,YAA6ByT,GAAA1W,KAAI0W,KAAJA,EAFZ1W,KAAK8rB,MAAsB,GAI5CC,aACEhf,EACAif,GAIA,MAAMC,gBACJrM,GAEA,IAAIhX,SAAQ,CAACC,EAASiV,KACpB,IAIEjV,EAHekE,EAAS6S,IAIxB,MAAOxc,GAEP0a,EAAO1a,OAIb6oB,gBAAgBD,QAAUA,EAC1BhsB,KAAK8rB,MAAMtqB,KAAKyqB,iBAEhB,MAAMC,EAAQlsB,KAAK8rB,MAAMhrB,OAAS,EAClC,MAAO,KAGLd,KAAK8rB,MAAMI,GAAS,IAAMtjB,QAAQC,WAItC0S,oBAAoB4Q,GAClB,GAAInsB,KAAK0W,KAAK0K,cAAgB+K,EAC5B,OAMF,MAAMC,EAAkC,GACxC,IACE,IAAK,MAAMC,KAAuBrsB,KAAK8rB,YAC/BO,EAAoBF,GAGtBE,EAAoBL,SACtBI,EAAa5qB,KAAK6qB,EAAoBL,SAG1C,MAAO5oB,GAGPgpB,EAAaE,UACb,IAAK,MAAMN,KAAWI,EACpB,IACEJ,IACA,MAAO9lB,IAKX,MAAMlG,KAAK0W,KAAKQ,cAAc1R,OAAoC,gBAAA,CAChE+mB,gBAAkBnpB,MAAAA,OAAA,EAAAA,EAAa4B,YC7D1B,MAAAwnB,mBAOXvpB,YAAYwZ,eAEV,MAAMgQ,EAAkBhQ,EAASiQ,sBACjC1sB,KAAK0sB,sBAAwB,GAE7B1sB,KAAK0sB,sBAAsBC,kBACQ,QAAjChoB,EAAA8nB,EAAgBE,yBAAiB,IAAAhoB,EAAAA,EApBH,EAqB5B8nB,EAAgBG,oBAClB5sB,KAAK0sB,sBAAsBE,kBACzBH,EAAgBG,wBAE+BxkB,IAA/CqkB,EAAgBI,6BAClB7sB,KAAK0sB,sBAAsBI,wBACzBL,EAAgBI,iCAE+BzkB,IAA/CqkB,EAAgBM,6BAClB/sB,KAAK0sB,sBAAsBM,wBACzBP,EAAgBM,iCAE6B3kB,IAA7CqkB,EAAgBQ,2BAClBjtB,KAAK0sB,sBAAsBO,yBACzBR,EAAgBQ,+BAEqC7kB,IAArDqkB,EAAgBS,mCAClBltB,KAAK0sB,sBAAsBQ,iCACzBT,EAAgBS,kCAGpBltB,KAAKif,iBAAmBxC,EAASwC,iBACH,kCAA1Bjf,KAAKif,mBACPjf,KAAKif,iBAAmB,OAI1Bjf,KAAKmtB,iCACoD,QAAvD7F,EAAyC,QAAzCD,EAAA5K,EAAS0Q,wCAAgC,IAAA9F,OAAA,EAAAA,EAAE5lB,KAAK,WAAO,IAAA6lB,EAAAA,EAAA,GAEzDtnB,KAAKotB,qBAAwD,QAAjC7F,EAAA9K,EAAS2Q,4BAAwB,IAAA7F,GAAAA,EAC7DvnB,KAAKqtB,cAAgB5Q,EAAS4Q,cAGhCC,iBAAiBC,mBACf,MAAMC,EAA2C,CAC/CC,SAAS,EACTC,eAAgB1tB,MAelB,OAXAA,KAAK2tB,8BAA8BJ,EAAUC,GAC7CxtB,KAAK4tB,iCAAiCL,EAAUC,GAGhDA,EAAOC,UAAPD,EAAOC,QAAyC,QAA7B9oB,EAAA6oB,EAAOK,8BAAsB,IAAAlpB,GAAAA,GAChD6oB,EAAOC,UAAPD,EAAOC,QAAyC,QAA7BpG,EAAAmG,EAAOM,8BAAsB,IAAAzG,GAAAA,GAChDmG,EAAOC,UAAPD,EAAOC,QAA0C,QAA9BnG,EAAAkG,EAAOV,+BAAuB,IAAAxF,GAAAA,GACjDkG,EAAOC,UAAPD,EAAOC,QAA0C,QAA9BlG,EAAAiG,EAAOR,+BAAuB,IAAAzF,GAAAA,GACjDiG,EAAOC,UAAPD,EAAOC,QAA2C,QAA/BjG,EAAAgG,EAAOP,gCAAwB,IAAAzF,GAAAA,GAClDgG,EAAOC,UAAPD,EAAOC,QAAmD,QAAvChG,EAAA+F,EAAON,wCAAgC,IAAAzF,GAAAA,GAEnD+F,EASDG,8BACNJ,EACAC,GAEA,MAAMb,EAAoB3sB,KAAK0sB,sBAAsBC,kBAC/CC,EAAoB5sB,KAAK0sB,sBAAsBE,kBACjDD,IACFa,EAAOK,uBAAyBN,EAASzsB,QAAU6rB,GAEjDC,IACFY,EAAOM,uBAAyBP,EAASzsB,QAAU8rB,GAU/CgB,iCACNL,EACAC,GAWA,IAAIO,EARJ/tB,KAAKguB,uCACHR,GACkC,GACA,GACF,GACQ,GAI1C,IAAK,IAAI3sB,EAAI,EAAGA,EAAI0sB,EAASzsB,OAAQD,IACnCktB,EAAeR,EAASzqB,OAAOjC,GAC/Bb,KAAKguB,uCACHR,EACkCO,GAAgB,KAChDA,GAAgB,IACgBA,GAAgB,KAChDA,GAAgB,IACcA,GAAgB,KAC9CA,GAAgB,IACsB/tB,KAAKmtB,iCAAiCtmB,SAC5EknB,IAiBAC,uCACNR,EACAX,EACAE,EACAE,EACAC,GAEIltB,KAAK0sB,sBAAsBI,0BAC7BU,EAAOV,0BAAPU,EAAOV,wBAA4BD,IAEjC7sB,KAAK0sB,sBAAsBM,0BAC7BQ,EAAOR,0BAAPQ,EAAOR,wBAA4BD,IAEjC/sB,KAAK0sB,sBAAsBO,2BAC7BO,EAAOP,2BAAPO,EAAOP,yBAA6BA,IAElCjtB,KAAK0sB,sBAAsBQ,mCAC7BM,EAAON,mCAAPM,EAAON,iCACLA,KCrGK,MAAAe,SAqCXhrB,YACkBirB,EACCC,EACAC,EACDpV,GAHAhZ,KAAGkuB,IAAHA,EACCluB,KAAwBmuB,yBAAxBA,EACAnuB,KAAuBouB,wBAAvBA,EACDpuB,KAAMgZ,OAANA,EAxClBhZ,KAAWohB,YAAgB,KAC3BphB,KAAcquB,eAA0B,KAChCruB,KAAAsuB,WAAa1lB,QAAQC,UAGrB7I,KAAAuuB,sBAAwB,IAAIC,aAAmBxuB,MAC/CA,KAAAyuB,oBAAsB,IAAID,aAAmBxuB,MACpCA,KAAA0uB,iBAAmB,IAAI7C,oBAAoB7rB,MACpDA,KAAY2uB,aAAwB,KACpC3uB,KAAyB4uB,2BAAG,EACnB5uB,KAAuC6uB,wCAAW,EAInE7uB,KAAgBsc,kBAAG,EACnBtc,KAAc8uB,gBAAG,EACjB9uB,KAAQ+uB,UAAG,EACX/uB,KAAsBgvB,uBAAyB,KAC/ChvB,KAAsBivB,uBAAyC,KAC/DjvB,KAAakX,cACXtI,EACF5O,KAAqBkvB,sBAA2B,KAChDlvB,KAAuBmvB,wBAAoC,GAC3DnvB,KAAsBovB,uBAAkC,KACxDpvB,KAAuBqvB,wBAA2C,GAM1DrvB,KAAesvB,qBAA8BlnB,EAErDpI,KAAYic,aAAkB,KAC9Bjc,KAAQsb,SAAkB,KAC1Btb,KAAAuvB,SAAyB,CAAEC,mCAAmC,GAqmBtDxvB,KAAU0rB,WAAa,GA7lB7B1rB,KAAKkD,KAAOgrB,EAAIhrB,KAChBlD,KAAKyvB,cAAgBzW,EAAO0W,iBAG9BC,2BACE5F,EACA6F,GA2CA,OAzCIA,IACF5vB,KAAKivB,uBAAyBhH,aAAa2H,IAK7C5vB,KAAKgvB,uBAAyBhvB,KAAK8rB,OAAMvQ,kBACvC,IAAIvb,KAAK+uB,WAIT/uB,KAAK6vB,yBAA2BhH,uBAAuBrjB,OACrDxF,KACA+pB,IAGE/pB,KAAK+uB,UAAT,CAMA,GAA+B,QAA3BpqB,EAAA3E,KAAKivB,8BAAsB,IAAAtqB,OAAA,EAAAA,EAAEmrB,uBAE/B,UACQ9vB,KAAKivB,uBAAuBc,YAAY/vB,MAC9C,MAAOoD,UAKLpD,KAAKgwB,sBAAsBJ,GACjC5vB,KAAKsvB,iBAAoC,QAAlBjI,EAAArnB,KAAKohB,mBAAa,IAAAiG,OAAA,EAAAA,EAAA7D,MAAO,KAE5CxjB,KAAK+uB,WAIT/uB,KAAK8uB,gBAAiB,OAGjB9uB,KAAKgvB,uBAMdzT,wBACE,GAAIvb,KAAK+uB,SACP,OAGF,MAAMnP,QAAa5f,KAAKiwB,oBAAoBpG,iBAE5C,OAAK7pB,KAAKohB,aAAgBxB,EAMtB5f,KAAKohB,aAAexB,GAAQ5f,KAAKohB,YAAYoC,MAAQ5D,EAAK4D,KAE5DxjB,KAAKkwB,aAAa/J,QAAQvG,cAGpB5f,KAAKohB,YAAYzB,yBAMnB3f,KAAKmwB,mBAAmBvQ,GAAqC,QAjBnE,EAoBMrE,4BACNqU,SAGA,MAAMQ,QACGpwB,KAAKiwB,oBAAoBpG,iBAClC,IAAIwG,EAAoBD,EACpBE,GAAyB,EAC7B,GAAIV,GAAyB5vB,KAAKgZ,OAAOuX,WAAY,OAC7CvwB,KAAKwwB,sCACX,MAAMC,EAAuC,QAAjB9rB,EAAA3E,KAAK2uB,oBAAY,IAAAhqB,OAAA,EAAAA,EAAEyiB,iBACzCsJ,EAAoBL,MAAAA,OAAA,EAAAA,EAAmBjJ,iBACvCuJ,QAAe3wB,KAAK4wB,kBAAkBhB,GAOxCa,GAAuBA,IAAwBC,KACjDC,MAAAA,OAAM,EAANA,EAAQ/Q,QAERyQ,EAAoBM,EAAO/Q,KAC3B0Q,GAAyB,GAK7B,IAAKD,EACH,OAAOrwB,KAAK6wB,uBAAuB,MAGrC,IAAKR,EAAkBjJ,iBAAkB,CAGvC,GAAIkJ,EACF,UACQtwB,KAAK0uB,iBAAiBoC,cAAcT,GAC1C,MAAOjtB,GACPitB,EAAoBD,EAGpBpwB,KAAKivB,uBAAwB8B,wBAAwB/wB,MAAM,IACzD4I,QAAQkV,OAAO1a,KAKrB,OAAIitB,EACKrwB,KAAKgxB,+BAA+BX,GAEpCrwB,KAAK6wB,uBAAuB,MAUvC,OANA1Z,QAAQnX,KAAKivB,uBAAwBjvB,6BAC/BA,KAAKwwB,sCAMTxwB,KAAK2uB,cACL3uB,KAAK2uB,aAAavH,mBAAqBiJ,EAAkBjJ,iBAElDpnB,KAAK6wB,uBAAuBR,GAG9BrwB,KAAKgxB,+BAA+BX,GAGrC9U,wBACN0V,GAkBA,IAAIN,EAAgC,KACpC,IAGEA,QAAe3wB,KAAKivB,uBAAwBiC,oBAC1ClxB,KACAixB,GACA,GAEF,MAAO7tB,SAGDpD,KAAKmxB,iBAAiB,MAG9B,OAAOR,EAGDpV,qCACNqE,GAEA,UACQgD,qBAAqBhD,GAC3B,MAAOxc,GACP,GAEE,iCADCA,MAAAA,OAAA,EAAAA,EAAqB2B,MAKtB,OAAO/E,KAAK6wB,uBAAuB,MAIvC,OAAO7wB,KAAK6wB,uBAAuBjR,GAGrCwR,oBACEpxB,KAAKic,azB1SO,SAAAoV,mBACd,GAAyB,oBAAdxsB,UACT,OAAO,KAET,MAAMysB,EAAuCzsB,UAC7C,OAEGysB,EAAkBC,WAAaD,EAAkBC,UAAU,IAG5DD,EAAkBE,UAElB,KyB8RoBH,GAGtB9V,gBACEvb,KAAK+uB,UAAW,EAGlBxT,wBAAwBkW,GAGtB,MAAM7R,EAAO6R,EACRtnB,mBAAmBsnB,GACpB,KAQJ,OAPI7R,GACFzI,QACEyI,EAAKlJ,KAAKsC,OAAO8C,SAAW9b,KAAKgZ,OAAO8C,OACxC9b,2BAIGA,KAAKmwB,mBAAmBvQ,GAAQA,EAAKwG,OAAOpmB,OAGrDub,yBACEqE,EACA8R,GAAoC,GAEpC,IAAI1xB,KAAK+uB,SAeT,OAZInP,GACFzI,QACEnX,KAAKsb,WAAasE,EAAKtE,SACvBtb,KAAI,sBAKH0xB,SACG1xB,KAAK0uB,iBAAiBoC,cAAclR,GAGrC5f,KAAK8rB,OAAMvQ,gBACVvb,KAAK6wB,uBAAuBjR,GAClC5f,KAAK2xB,yBAITpW,gBAUE,aARMvb,KAAK0uB,iBAAiBoC,cAAc,OAEtC9wB,KAAK4xB,4BAA8B5xB,KAAKivB,+BACpCjvB,KAAKmxB,iBAAiB,MAKvBnxB,KAAKmwB,mBAAmB,MAAqC,GAGtE0B,eAAe/I,GACb,OAAO9oB,KAAK8rB,OAAMvQ,gBACVvb,KAAKiwB,oBAAoB4B,eAAe5J,aAAaa,OAI/DgJ,sBACE,OAAqB,MAAjB9xB,KAAKsb,SACAtb,KAAKkvB,sBAELlvB,KAAKmvB,wBAAwBnvB,KAAKsb,UAI7CC,uBAAuBgS,GAChBvtB,KAAK+xB,oCACF/xB,KAAKgyB,wBAIb,MAAMtE,EACJ1tB,KAAK+xB,6BAIP,OACErE,EAAeL,gBACfrtB,KAAK6uB,wCAEEjmB,QAAQkV,OACb9d,KAAKkX,cAAc1R,OAAM,6CAEvB,KAKCkoB,EAAeJ,iBAAiBC,GAGzCwE,6BACE,OAAsB,OAAlB/xB,KAAKsb,SACAtb,KAAKovB,uBAELpvB,KAAKqvB,wBAAwBrvB,KAAKsb,UAI7CC,8BACE,MAAMkB,QCzYHlB,eAAe0W,mBACpBvb,EACA2E,EAAoC,IAEpC,OAAOG,mBAIL9E,EAGA,MAAA,qBAAA0E,mBAAmB1E,EAAM2E,ID8XF4W,CAAmBjyB,MAEpC0tB,EAAyC,IAAIlB,mBACjD/P,GAGoB,OAAlBzc,KAAKsb,SACPtb,KAAKovB,uBAAyB1B,EAE9B1tB,KAAKqvB,wBAAwBrvB,KAAKsb,UAAYoS,EAIlDwE,kBACE,OAAOlyB,KAAKiwB,oBAAoBnH,YAAY1c,KAG9C+lB,gBAAgBxb,GACd3W,KAAKkX,cAAgB,IAAI3R,aACvB,OACA,WACCoR,KAILyb,mBACE7oB,EACAjG,EACA+uB,GAEA,OAAOryB,KAAKsyB,sBACVtyB,KAAKuuB,sBACLhlB,EACAjG,EACA+uB,GAIJE,uBACExlB,EACAif,GAEA,OAAOhsB,KAAK0uB,iBAAiB3C,aAAahf,EAAUif,GAGtDwG,iBACEjpB,EACAjG,EACA+uB,GAEA,OAAOryB,KAAKsyB,sBACVtyB,KAAKyuB,oBACLllB,EACAjG,EACA+uB,GAIJI,iBACE,OAAO,IAAI7pB,SAAQ,CAACC,EAASiV,KAC3B,GAAI9d,KAAKohB,YACPvY,QACK,CACL,MAAM6pB,EAAc1yB,KAAKoyB,oBAAmB,KAC1CM,IACA7pB,MACCiV,OAQTvC,wBAAwB3T,GACtB,GAAI5H,KAAKohB,YAAa,CACpB,MAEM/F,EAA8B,CAClCkI,WAAY,YACZoP,UAAiC,eACjC/qB,MAAAA,EACAib,cANoB7iB,KAAKohB,YAAYzB,cAQlB,MAAjB3f,KAAKsb,WACPD,EAAQC,SAAWtb,KAAKsb,gBTjbzBC,eAAeqX,YACpBlc,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,2BAAA0E,mBAAmB1E,EAAM2E,IS2ajBuX,CAAY5yB,KAAMqb,IAI5BsH,eACE,MAAO,CACL7G,OAAQ9b,KAAKgZ,OAAO8C,OACpByU,WAAYvwB,KAAKgZ,OAAOuX,WACxB1Z,QAAS7W,KAAKkD,KACdke,YAA8B,QAAjBzc,EAAA3E,KAAKkwB,oBAAY,IAAAvrB,OAAA,EAAAA,EAAEge,UAIpCpH,uBACEqE,EACAgQ,GAEA,MAAMiD,QAAwB7yB,KAAKwwB,oCACjCZ,GAEF,OAAgB,OAAThQ,EACHiT,EAAgBpJ,oBAChBoJ,EAAgBzJ,eAAexJ,GAG7BrE,0CACNqU,GAEA,IAAK5vB,KAAK4xB,2BAA4B,CACpC,MAAMkB,EACHlD,GAAyB3H,aAAa2H,IACvC5vB,KAAKivB,uBACP9X,QAAQ2b,EAAU9yB,uBAClBA,KAAK4xB,iCAAmC/I,uBAAuBrjB,OAC7DxF,KACA,CAACioB,aAAa6K,EAASC,uCAGzB/yB,KAAK2uB,mBACG3uB,KAAK4xB,2BAA2B/H,iBAG1C,OAAO7pB,KAAK4xB,2BAGdrW,yBAAyBnD,WAOvB,OAJIpY,KAAK8uB,sBACD9uB,KAAK8rB,OAAMvQ,eAGI,UAAnBvb,KAAKkwB,oBAAc,IAAAvrB,OAAA,EAAAA,EAAAyiB,oBAAqBhP,EACnCpY,KAAKkwB,cAGS,UAAnBlwB,KAAK2uB,oBAAc,IAAAtH,OAAA,EAAAA,EAAAD,oBAAqBhP,EACnCpY,KAAK2uB,aAGP,KAGTpT,4BAA4BqE,GAC1B,GAAIA,IAAS5f,KAAKohB,YAChB,OAAOphB,KAAK8rB,OAAMvQ,SAAYvb,KAAK6wB,uBAAuBjR,KAK9DkF,0BAA0BlF,GACpBA,IAAS5f,KAAKohB,aAChBphB,KAAK2xB,sBAITnJ,OACE,MAAO,GAAGxoB,KAAKgZ,OAAOuX,cAAcvwB,KAAKgZ,OAAO8C,UAAU9b,KAAKkD,OAGjE8jB,yBACEhnB,KAAK4uB,2BAA4B,EAC7B5uB,KAAKohB,aACPphB,KAAKkwB,aAAalJ,yBAItBC,wBACEjnB,KAAK4uB,2BAA4B,EAC7B5uB,KAAKohB,aACPphB,KAAKkwB,aAAajJ,wBAKlBiJ,mBACF,OAAOlwB,KAAKohB,YAGNuQ,8BACN,IAAK3xB,KAAK8uB,eACR,OAGF9uB,KAAKyuB,oBAAoBxlB,KAAKjJ,KAAKohB,aAEnC,MAAM4R,EAAsC,QAAzB3L,EAAkB,QAAlB1iB,EAAA3E,KAAKohB,mBAAa,IAAAzc,OAAA,EAAAA,EAAA6e,WAAO,IAAA6D,EAAAA,EAAA,KACxCrnB,KAAKsvB,kBAAoB0D,IAC3BhzB,KAAKsvB,gBAAkB0D,EACvBhzB,KAAKuuB,sBAAsBtlB,KAAKjJ,KAAKohB,cAIjCkR,sBACNW,EACA1pB,EACAjG,EACA+uB,GAEA,GAAIryB,KAAK+uB,SACP,MAAO,OAGT,MAAMmE,EACsB,mBAAnB3pB,EACHA,EACAA,EAAeN,KAAKa,KAAKP,GAE/B,IAAI4pB,GAAiB,EAErB,MAAMxW,EAAU3c,KAAK8uB,eACjBlmB,QAAQC,UACR7I,KAAKgvB,uBAWT,GAVA7X,QAAQwF,EAAS3c,uBAGjB2c,EAAQ5T,MAAK,KACPoqB,GAGJD,EAAGlzB,KAAKohB,gBAGoB,mBAAnB7X,EAA+B,CACxC,MAAMmpB,EAAcO,EAAaG,YAC/B7pB,EACAjG,EACA+uB,GAEF,MAAO,KACLc,GAAiB,EACjBT,KAEG,CACL,MAAMA,EAAcO,EAAaG,YAAY7pB,GAC7C,MAAO,KACL4pB,GAAiB,EACjBT,MAUEnX,6BACNqE,GAEI5f,KAAKohB,aAAephB,KAAKohB,cAAgBxB,GAC3C5f,KAAKkwB,aAAajJ,wBAEhBrH,GAAQ5f,KAAK4uB,2BACfhP,EAAKoH,yBAGPhnB,KAAKohB,YAAcxB,EAEfA,QACI5f,KAAKiwB,oBAAoB7G,eAAexJ,SAExC5f,KAAKiwB,oBAAoBxG,oBAI3BqC,MAAMuH,GAIZ,OADArzB,KAAKsuB,WAAatuB,KAAKsuB,WAAWvlB,KAAKsqB,EAAQA,GACxCrzB,KAAKsuB,WAGF2B,0BAEV,OADA9Y,QAAQnX,KAAK6vB,mBAAoB7vB,uBAC1BA,KAAK6vB,mBAKdyD,cAAcC,GACPA,IAAavzB,KAAK0rB,WAAW7kB,SAAS0sB,KAG3CvzB,KAAK0rB,WAAWlqB,KAAK+xB,GAIrBvzB,KAAK0rB,WAAW8H,OAChBxzB,KAAKyvB,cAAgBjE,kBACnBxrB,KAAKgZ,OAAOyS,eACZzrB,KAAKyzB,mBAGTA,iBACE,OAAOzzB,KAAK0rB,WAEdnQ,oCAEE,MAAMQ,EAAkC,CACtC,mBAA+B/b,KAAKyvB,eAGlCzvB,KAAKkuB,IAAIwF,QAAQC,QACnB5X,EAAO,oBAAgC/b,KAAKkuB,IAAIwF,QAAQC,OAI1D,MAAMC,QAIF,QAJ2BjvB,EAAA3E,KAAKmuB,yBACjC0F,aAAa,CACZC,UAAU,WAEV,IAAAnvB,OAAA,EAAAA,EAAAovB,uBACAH,IACF7X,EAAO,qBAAiC6X,GAI1C,MAAMI,QAAsBh0B,KAAKi0B,oBAKjC,OAJID,IACFjY,EAAO,uBAAoCiY,GAGtCjY,EAGTR,gCACE,MAAM2Y,QAEF,QAF8BvvB,EAAA3E,KAAKouB,wBACpCyF,aAAa,CAAEC,UAAU,WACxB,IAAAnvB,OAAA,EAAAA,EAAAiiB,YAUJ,OATIsN,MAAAA,OAAA,EAAAA,EAAqB5wB,Q5B5uBb,SAAA6wB,SAASje,KAAgB5K,GACnCgK,EAAU/J,UAAYlB,EAASQ,MACjCyK,EAAU1K,KAAK,SAASuL,OAAiBD,OAAU5K,G4B+uBjD6oB,CACE,2CAA2CD,EAAoB5wB,SAG5D4wB,MAAAA,OAAA,EAAAA,EAAqBtsB,OAU1B,SAAUwsB,UAAU1d,GACxB,OAAOvM,mBAAmBuM,GAI5B,MAAM8X,aAMJvrB,YAAqByT,GAAA1W,KAAI0W,KAAJA,EALb1W,KAAQmJ,SAA8B,KACrCnJ,KAAAozB,YnCjvBK,SAAAiB,gBACd/rB,EACAC,GAEA,MAAM+rB,EAAQ,IAAIjsB,cAAiBC,EAAUC,GAC7C,OAAO+rB,EAAMhrB,UAAUQ,KAAKwqB,GmC4uBgBD,EAC1ClrB,GAAanJ,KAAKmJ,SAAWA,IAK3BF,WAEF,OADAkO,QAAQnX,KAAKmJ,SAAUnJ,KAAK0W,KAAI,kBACzB1W,KAAKmJ,SAASF,KAAKa,KAAK9J,KAAKmJ,WE7xBxC,IAAIorB,EAAyC,CAC3ChZ,eACE,MAAM,IAAI9a,MAAM,oCAGlB+zB,kBAAmB,GACnBC,0BAA2B,GAC3BC,WAAY,IAOR,SAAUC,QAAQ5sB,GACtB,OAAOwsB,EAAmBK,OAAO7sB,GAe7B,SAAU8sB,sBAAsBC,GACpC,MAAO,KAAKA,IAASjc,KAAKkc,MAAsB,IAAhBlc,KAAKmc,YCnB1B,MAAAC,4BAaXhyB,YAAYiyB,GATHl1B,KAAIoM,KAPmC,uBAiB9CpM,KAAK0W,KAAO0d,UAAUc,GAQxB3Z,aACE8X,EAAiB,SACjBxT,GAAe,GAuCf,SAASsV,uBACPxW,EACA9V,EACAiV,GAEA,MAAMQ,EAAa5a,OAAO4a,WACtBE,aAAaF,GACfA,EAAWG,WAAW2W,OAAM,KAC1B9W,EAAWG,WACR4W,QAAQ1W,EAAS,CAAE0U,OAAAA,IACnBtqB,MAAKnB,IACJiB,EAAQjB,MAEToB,OAAM,KACLH,EA/EY,sBAmFlBiV,EAAOrd,MAAM,2CAIjB,OAAO,IAAImI,SAAgB,CAACC,EAASiV,MA3DrCvC,eAAe+Z,gBAAgB5e,GAC7B,IAAKmJ,EAAc,CACjB,GAAqB,MAAjBnJ,EAAK4E,UAAkD,MAA9B5E,EAAKwY,sBAChC,OAAOxY,EAAKwY,sBAAsBvQ,QAEpC,GACmB,MAAjBjI,EAAK4E,eAC2ClT,IAAhDsO,EAAKyY,wBAAwBzY,EAAK4E,UAElC,OAAO5E,EAAKyY,wBAAwBzY,EAAK4E,UAAUqD,QAIvD,OAAO,IAAI/V,SAAgB2S,MAAO1S,EAASiV,KACzCqB,mBAAmBzI,EAAM,CACvB6e,WAAmC,kBACnCC,QAAoC,yBAEnCzsB,MAAK0T,IACJ,QAA8BrU,IAA1BqU,EAASoC,aAEN,CACL,MAAM7F,EAAS,IAAI0F,gBAAgBjC,GAMnC,OALqB,MAAjB/F,EAAK4E,SACP5E,EAAKwY,sBAAwBlW,EAE7BtC,EAAKyY,wBAAwBzY,EAAK4E,UAAYtC,EAEzCnQ,EAAQmQ,EAAO2F,SARtBb,EAAO,IAAIrd,MAAM,+CAWpBuI,OAAM1F,IACLwa,EAAOxa,UA4BbgyB,CAAgBt1B,KAAK0W,MAClB3N,MAAK4V,IACJ,IAAKkB,GAAgBrB,aAAa9a,OAAO4a,YACvC6W,uBAAuBxW,EAAS9V,EAASiV,OACpC,CACL,GAAsB,oBAAXpa,OAIT,YAHAoa,EACE,IAAIrd,MAAM,mDAId,IAAIsH,EDvFA,SAAA0tB,gCACd,OAAOlB,EAAmBE,0BCsFNiB,GACS,IAAf3tB,EAAIjH,SACNiH,GAAO4W,GAETgX,QACW5tB,GACRgB,MAAK,KACJosB,uBAAuBxW,EAAS9V,EAASiV,MAE1C9U,OAAM1F,IACLwa,EAAOxa,UAId0F,OAAM1F,IACLwa,EAAOxa,UAMViY,eAAeqa,sBACpBlf,EACA2E,EACAgY,EACAwC,GAAc,GAEd,MAAMC,EAAW,IAAIb,4BAA4Bve,GACjD,IAAIqf,EACJ,IACEA,QAAwBD,EAASE,OAAO3C,GACxC,MAAO/vB,GACPyyB,QAAwBD,EAASE,OAAO3C,GAAQ,GAElD,MAAM4C,EAAU9wB,OAAAyR,OAAA,GAAQyE,GAUxB,OATKwa,EAGH1wB,OAAOyR,OAAOqf,EAAY,CAAEJ,YAAeE,IAF3C5wB,OAAOyR,OAAOqf,EAAY,CAAEF,gBAAAA,IAI9B5wB,OAAOyR,OAAOqf,EAAY,CAAEV,WAAY,oBACxCpwB,OAAOyR,OAAOqf,EAAY,CACxBC,iBAA+C,yBAE1CD,EAQF1a,eAAe4a,oBACpBC,EACA/a,EACAgb,EACAC,SAEA,GAE0B,UADxBF,EACGtE,6BAAqB,IAAAntB,OAAA,EAAAA,EACpBua,kBAAiB,2BACrB,CACA,MAAMqX,QAA6BX,sBACjCQ,EACA/a,EACAgb,EACU,eAAVA,GAEF,OAAOC,EAAaF,EAAcG,GAElC,OAAOD,EAAaF,EAAc/a,GAASrS,OAAMuS,MAAMjY,IACrD,GAAmB,iCAAfA,EAAMyB,KAA0D,CAClE1B,QAAQ2S,IACN,GAAGqgB,iIAEL,MAAME,QAA6BX,sBACjCQ,EACA/a,EACAgb,EACU,eAAVA,GAEF,OAAOC,EAAaF,EAAcG,GAElC,OAAO3tB,QAAQkV,OAAOxa,MCrKd,SAAAkzB,eAAetI,EAAkBuI,GAC/C,MAAMzX,EAAW0X,aAAaxI,EAAK,QAEnC,GAAIlP,EAAS2X,gBAAiB,CAC5B,MAAMjgB,EAAOsI,EAAS6U,eAEtB,GAAIvtB,UADmB0Y,EAAS4X,aACFH,MAAAA,EAAAA,EAAQ,IACpC,OAAO/f,EAEPN,MAAMM,EAAI,uBAMd,OAFasI,EAAS6X,WAAW,CAAEnD,QAAS+C,ICtB9B,SAAAK,oBACdpgB,EACA3O,EACA2rB,GAEA,MAAMqD,EAAe3C,UAAU1d,GAC/BS,QACE4f,EAAaza,iBACbya,4BAIF5f,QACE,eAAeuB,KAAK3Q,GACpBgvB,EAAY,2BAId,MAAMC,KAAoBtD,MAAAA,OAAA,EAAAA,EAASsD,iBAE7Bnf,EAAWof,gBAAgBlvB,IAC3ByV,KAAEA,EAAI0Z,KAAEA,GAuBhB,SAASC,mBAAmBpvB,GAI1B,MAAM8P,EAAWof,gBAAgBlvB,GAC3BqvB,EAAY,mBAAmBC,KAAKtvB,EAAIuvB,OAAOzf,EAAS/W,SAC9D,IAAKs2B,EACH,MAAO,CAAE5Z,KAAM,GAAI0Z,KAAM,MAE3B,MAAMK,EAAcH,EAAU,GAAGzvB,MAAM,KAAK6vB,OAAS,GAC/CC,EAAgB,qBAAqBJ,KAAKE,GAChD,GAAIE,EAAe,CACjB,MAAMja,EAAOia,EAAc,GAC3B,MAAO,CAAEja,KAAAA,EAAM0Z,KAAMQ,UAAUH,EAAYD,OAAO9Z,EAAK1c,OAAS,KAC3D,CACL,MAAO0c,EAAM0Z,GAAQK,EAAY5vB,MAAM,KACvC,MAAO,CAAE6V,KAAAA,EAAM0Z,KAAMQ,UAAUR,KAvCVC,CAAmBpvB,GACpC4vB,EAAmB,OAATT,EAAgB,GAAK,IAAIA,IAGzCH,EAAa/d,OAAOE,SAAW,CAAEnR,IAAK,GAAG8P,MAAa2F,IAAOma,MAC7DZ,EAAaxH,SAASC,mCAAoC,EAC1DuH,EAAa1I,eAAiBlpB,OAAOyyB,OAAO,CAC1Cpa,KAAAA,EACA0Z,KAAAA,EACArf,SAAUA,EAAS7R,QAAQ,IAAK,IAChC0tB,QAASvuB,OAAOyyB,OAAO,CAAEZ,gBAAAA,MAGtBA,GAyCP,SAASa,sBACP,SAASC,eACP,MAAMC,EAAK3zB,SAAS4zB,cAAc,KAC5BC,EAAMF,EAAGG,MACfH,EAAGI,UACD,oEACFF,EAAIG,SAAW,QACfH,EAAII,MAAQ,OACZJ,EAAIK,gBAAkB,UACtBL,EAAIM,OAAS,qBACbN,EAAIO,MAAQ,UACZP,EAAIQ,OAAS,MACbR,EAAIS,KAAO,MACXT,EAAIU,OAAS,MACbV,EAAIW,OAAS,QACbX,EAAIY,UAAY,SAChBd,EAAGe,UAAUC,IAAI,6BACjB30B,SAASuX,KAAKqd,YAAYjB,GAGL,oBAAZ10B,SAAmD,mBAAjBA,QAAQoB,MACnDpB,QAAQoB,KACN,gIAKkB,oBAAXf,QAA8C,oBAAbU,WACd,YAAxBA,SAAS60B,WACXv1B,OAAOw1B,iBAAiB,mBAAoBpB,cAE5CA,gBAvEFD,GAIJ,SAASZ,gBAAgBlvB,GACvB,MAAMoxB,EAAcpxB,EAAIE,QAAQ,KAChC,OAAOkxB,EAAc,EAAI,GAAKpxB,EAAIuvB,OAAO,EAAG6B,EAAc,GAuB5D,SAASzB,UAAUC,GACjB,IAAKA,EACH,OAAO,KAET,MAAMT,EAAO3X,OAAOoY,GACpB,OAAInY,MAAM0X,GACD,KAEFA,ECrFI,MAAAkC,eAEXn2B,YAOWsgB,EASA8V,GATAr5B,KAAUujB,WAAVA,EASAvjB,KAAYq5B,aAAZA,EAQX1W,SACE,OAAOtL,UAAU,mBAInBiiB,oBAAoBC,GAClB,OAAOliB,UAAU,mBAGnBmiB,eACED,EACAE,GAEA,OAAOpiB,UAAU,mBAGnBqiB,6BAA6BH,GAC3B,OAAOliB,UAAU,oBC/BdkE,eAAeoe,cACpBjjB,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,6BAAA0E,mBAAmB1E,EAAM2E,IAwBtBE,eAAeqe,kBACpBljB,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,sBAAA2E,GCrCGE,eAAese,mBACpBnjB,EACA2E,GAEA,OAAOgC,sBAIL3G,EAGA,OAAA,kCAAA0E,mBAAmB1E,EAAM2E,IAsD7BE,eAAeue,YACbpjB,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,2BAAA0E,mBAAmB1E,EAAM2E,IAWtBE,eAAewe,yBACpBrjB,EACA2E,GAEA,OAAOye,YAAYpjB,EAAM2E,GAGpBE,eAAeye,wBACpBtjB,EACA2E,GAEA,OAAOye,YAAYpjB,EAAM2E,GC9FrB,MAAO4e,4BAA4Bb,eAEvCn2B,YAEWi3B,EAEAC,EACTd,EAESe,EAA2B,MAEpCl1B,MAAK,WAAsBm0B,GAPlBr5B,KAAMk6B,OAANA,EAEAl6B,KAASm6B,UAATA,EAGAn6B,KAASo6B,UAATA,EAMX/gB,6BACE6E,EACAqP,GAEA,OAAO,IAAI0M,oBACT/b,EACAqP,cAMJlU,yBACE6E,EACAmc,EACA/e,EAA0B,MAE1B,OAAO,IAAI2e,oBACT/b,EACAmc,EAAO,YAEP/e,GAKJqH,SACE,MAAO,CACLzE,MAAOle,KAAKk6B,OACZ3M,SAAUvtB,KAAKm6B,UACfd,aAAcr5B,KAAKq5B,aACnB/d,SAAUtb,KAAKo6B,WAYnB/gB,gBAAgBwD,GACd,MAAMnV,EAAsB,iBAATmV,EAAoB5Y,KAAKC,MAAM2Y,GAAQA,EAC1D,IAAInV,MAAAA,OAAG,EAAHA,EAAKwW,SAASxW,MAAAA,OAAG,EAAHA,EAAK6lB,UAAU,CAC/B,GAAoB,aAAhB7lB,EAAI2xB,aACN,OAAOr5B,KAAKs6B,sBAAsB5yB,EAAIwW,MAAOxW,EAAI6lB,UAC5C,GAAoB,cAAhB7lB,EAAI2xB,aACb,OAAOr5B,KAAKu6B,kBAAkB7yB,EAAIwW,MAAOxW,EAAI6lB,SAAU7lB,EAAI4T,UAG/D,OAAO,KAITC,0BAA0B7E,GACxB,OAAQ1W,KAAKq5B,cACX,IAAA,WAOE,OAAOlD,oBACLzf,EAPyC,CACzC8jB,mBAAmB,EACnBtc,MAAOle,KAAKk6B,OACZ3M,SAAUvtB,KAAKm6B,UACf5E,WAAmC,mBAMnC,qBAAAsE,oBAEJ,IAAA,YACE,OChGDte,eAAekf,sBACpB/jB,EACA2E,GAEA,OAAOgC,sBAIL3G,EAGA,OAAA,mCAAA0E,mBAAmB1E,EAAM2E,IDqFdof,CAAoB/jB,EAAM,CAC/BwH,MAAOle,KAAKk6B,OACZG,QAASr6B,KAAKm6B,YAElB,QACE/jB,MAAMM,EAAI,mBAKhB6E,qBACE7E,EACAmM,GAEA,OAAQ7iB,KAAKq5B,cACX,IAAA,WAQE,OAAOlD,oBACLzf,EAR6B,CAC7BmM,QAAAA,EACA2X,mBAAmB,EACnBtc,MAAOle,KAAKk6B,OACZ3M,SAAUvtB,KAAKm6B,UACf5E,WAAmC,mBAMnC,iBAAAqE,mBAEJ,IAAA,YACE,OC1GDre,eAAemf,8BACpBhkB,EACA2E,GAEA,OAAOgC,sBAIL3G,EAGA,OAAA,mCAAA0E,mBAAmB1E,EAAM2E,ID+Fdqf,CAA8BhkB,EAAM,CACzCmM,QAAAA,EACA3E,MAAOle,KAAKk6B,OACZG,QAASr6B,KAAKm6B,YAElB,QACE/jB,MAAMM,EAAI,mBAKhBgjB,6BAA6BhjB,GAC3B,OAAO1W,KAAKs5B,oBAAoB5iB,IE9H7B6E,eAAeof,cACpBjkB,EACA2E,GAEA,OAAOgC,sBACL3G,EAGA,OAAA,6BAAA0E,mBAAmB1E,EAAM2E,ICCvB,MAAOuf,wBAAwBxB,eAArCn2B,kCAqBUjD,KAAY66B,aAAkB,KAGtCxhB,mBAAmBjS,GACjB,MAAM0zB,EAAO,IAAIF,gBAAgBxzB,EAAOmc,WAAYnc,EAAOiyB,cA4B3D,OA1BIjyB,EAAOyb,SAAWzb,EAAO6d,aAEvB7d,EAAOyb,UACTiY,EAAKjY,QAAUzb,EAAOyb,SAGpBzb,EAAO6d,cACT6V,EAAK7V,YAAc7d,EAAO6d,aAIxB7d,EAAO2zB,QAAU3zB,EAAOyzB,eAC1BC,EAAKC,MAAQ3zB,EAAO2zB,OAGlB3zB,EAAOyzB,eACTC,EAAKD,aAAezzB,EAAOyzB,eAEpBzzB,EAAO4zB,YAAc5zB,EAAO6zB,kBAErCH,EAAK7V,YAAc7d,EAAO4zB,WAC1BF,EAAKI,OAAS9zB,EAAO6zB,kBAErB7kB,wBAGK0kB,EAITnY,SACE,MAAO,CACLE,QAAS7iB,KAAK6iB,QACdoC,YAAajlB,KAAKilB,YAClBiW,OAAQl7B,KAAKk7B,OACbH,MAAO/6B,KAAK+6B,MACZF,aAAc76B,KAAK66B,aACnBtX,WAAYvjB,KAAKujB,WACjB8V,aAAcr5B,KAAKq5B,cAavBhgB,gBAAgBwD,GACd,MAAMnV,EAAsB,iBAATmV,EAAoB5Y,KAAKC,MAAM2Y,GAAQA,GACpD0G,WAAEA,EAAU8V,aAAEA,GAAiD3xB,EAAhC4O,EAAgC3K,OAAAjE,EAA/D,CAAA,aAAA,iBACN,IAAK6b,IAAe8V,EAClB,OAAO,KAGT,MAAMyB,EAAO,IAAIF,gBAAgBrX,EAAY8V,GAM7C,OALAyB,EAAKjY,QAAUvM,EAAKuM,cAAWza,EAC/B0yB,EAAK7V,YAAc3O,EAAK2O,kBAAe7c,EACvC0yB,EAAKI,OAAS5kB,EAAK4kB,OACnBJ,EAAKC,MAAQzkB,EAAKykB,MAClBD,EAAKD,aAAevkB,EAAKukB,cAAgB,KAClCC,EAITxB,oBAAoB5iB,GAElB,OAAOikB,cAAcjkB,EADL1W,KAAKm7B,gBAKvB3B,eACE9iB,EACAmM,GAEA,MAAMxH,EAAUrb,KAAKm7B,eAErB,OADA9f,EAAQwH,QAAUA,EACX8X,cAAcjkB,EAAM2E,GAI7Bqe,6BAA6BhjB,GAC3B,MAAM2E,EAAUrb,KAAKm7B,eAErB,OADA9f,EAAQ+f,YAAa,EACdT,cAAcjkB,EAAM2E,GAGrB8f,eACN,MAAM9f,EAAgC,CACpCggB,WApJkB,mBAqJlBb,mBAAmB,GAGrB,GAAIx6B,KAAK66B,aACPxf,EAAQwf,aAAe76B,KAAK66B,iBACvB,CACL,MAAMS,EAAmC,GACrCt7B,KAAK6iB,UACPyY,EAAmB,SAAIt7B,KAAK6iB,SAE1B7iB,KAAKilB,cACPqW,EAAuB,aAAIt7B,KAAKilB,aAE9BjlB,KAAKk7B,SACPI,EAA6B,mBAAIt7B,KAAKk7B,QAGxCI,EAAqB,WAAIt7B,KAAKujB,WAC1BvjB,KAAK+6B,QAAU/6B,KAAK66B,eACtBS,EAAgB,MAAIt7B,KAAK+6B,OAG3B1f,EAAQigB,SAAWp0B,YAAYo0B,GAGjC,OAAOjgB,GCrFX,MAAMkgB,EAEF,CACF9gB,eAAwD,kBC/EpD,MAAO+gB,4BAA4BpC,eACvCn2B,YAAqCmE,GACnClC,uBADmClF,KAAMoH,OAANA,EAKrCiS,yBACEoiB,EACAC,GAEA,OAAO,IAAIF,oBAAoB,CAAEC,eAAAA,EAAgBC,iBAAAA,IAInDriB,0BACE8E,EACAwd,GAEA,OAAO,IAAIH,oBAAoB,CAAErd,YAAAA,EAAawd,eAAAA,IAIhDrC,oBAAoB5iB,GAClB,ODcG6E,eAAeqgB,wBACpBllB,EACA2E,GAEA,OAAOgC,sBAIL3G,EAGA,OAAA,qCAAA0E,mBAAmB1E,EAAM2E,ICzBlBugB,CAAsBllB,EAAM1W,KAAK67B,4BAI1CrC,eACE9iB,EACAmM,GAEA,ODqBGtH,eAAeugB,sBACpBplB,EACA2E,GAEA,MAAMoB,QAAiBY,sBAIrB3G,EAAI,OAAA,qCAGJ0E,mBAAmB1E,EAAM2E,IAE3B,GAAIoB,EAASkf,eACX,MAAM7e,iBAAiBpG,EAAuC,2CAAA+F,GAEhE,OAAOA,ECrCEqf,CAAoBplB,EACzBvR,OAAAyR,OAAA,CAAAiM,QAAAA,GACG7iB,KAAK67B,6BAKZnC,6BAA6BhjB,GAC3B,OD2CG6E,eAAewgB,6BACpBrlB,EACA2E,GAMA,OAAOgC,sBAIL3G,EAAI,OAAA,qCAGJ0E,mBAAmB1E,EAVhBvR,OAAAyR,OAAAzR,OAAAyR,OAAA,GAAAyE,GAAO,CACV2gB,UAAW,YAUXT,GC3DOQ,CAA6BrlB,EAAM1W,KAAK67B,4BAIjDA,2BACE,MAAMF,eAAEA,EAAcxd,YAAEA,EAAWsd,eAAEA,EAAcC,iBAAEA,GACnD17B,KAAKoH,OACP,OAAIu0B,GAAkBxd,EACb,CAAEwd,eAAAA,EAAgBxd,YAAAA,GAGpB,CACL8d,YAAaR,EACb12B,KAAM22B,GAKV/Y,SACE,MAAMjb,EAA8B,CAClC6b,WAAYvjB,KAAKujB,YAenB,OAbIvjB,KAAKoH,OAAO+W,cACdzW,EAAIyW,YAAcne,KAAKoH,OAAO+W,aAE5Bne,KAAKoH,OAAOu0B,iBACdj0B,EAAIi0B,eAAiB37B,KAAKoH,OAAOu0B,gBAE/B37B,KAAKoH,OAAOs0B,mBACdh0B,EAAIg0B,iBAAmB17B,KAAKoH,OAAOs0B,kBAEjC17B,KAAKoH,OAAOq0B,iBACd/zB,EAAI+zB,eAAiBz7B,KAAKoH,OAAOq0B,gBAG5B/zB,EAIT2R,gBAAgBwD,GACM,iBAATA,IACTA,EAAO5Y,KAAKC,MAAM2Y,IAGpB,MAAM4e,eAAEA,EAAcC,iBAAEA,EAAgBvd,YAAEA,EAAWwd,eAAEA,GACrD9e,EACF,OACG6e,GACAD,GACAtd,GACAwd,EAKI,IAAIH,oBAAoB,CAC7BC,eAAAA,EACAC,iBAAAA,EACAvd,YAAAA,EACAwd,eAAAA,IAPO,MC7CA,MAAAO,cAiCXj5B,YAAYk5B,mBACV,MAAMC,EAAe30B,kBAAkBK,mBAAmBq0B,IACpDrgB,EAAyC,QAAhCnX,EAAAy3B,EAAgC,cAAA,IAAAz3B,EAAAA,EAAI,KAC7CI,EAAoC,QAA7BsiB,EAAA+U,EAA6B,eAAA,IAAA/U,EAAAA,EAAI,KACxC2U,EApFV,SAASK,UAAU3vB,GACjB,OAAQA,GACN,IAAK,eACH,MAAyC,gBAC3C,IAAK,gBACH,MAA0C,iBAC5C,IAAK,SACH,MAAwC,eAC1C,IAAK,cACH,MAAwC,eAC1C,IAAK,uBACH,MAAmD,0BACrD,IAAK,6BACH,MAAyD,gCAC3D,QACE,OAAO,MAqES2vB,CAAuC,QAA7B/U,EAAA8U,EAA6B,YAAA,IAAA9U,EAAAA,EAAI,MAE7DnQ,QAAQ2E,GAAU/W,GAAQi3B,oBAC1Bh8B,KAAK8b,OAASA,EACd9b,KAAKg8B,UAAYA,EACjBh8B,KAAK+E,KAAOA,EACZ/E,KAAKs8B,YAAmD,QAArC/U,EAAA6U,EAAqC,mBAAA,IAAA7U,EAAAA,EAAI,KAC5DvnB,KAAKic,aAAqD,QAAtCuL,EAAA4U,EAAsC,oBAAA,IAAA5U,EAAAA,EAAI,KAC9DxnB,KAAKsb,SAA6C,QAAlCmM,EAAA2U,EAAkC,gBAAA,IAAA3U,EAAAA,EAAI,KAYxDpO,iBAAiBkjB,GACf,MAAMJ,EAjFV,SAASK,cAAcz0B,GACrB,MAAMw0B,EAAO90B,kBAAkBK,mBAAmBC,IAAY,KAGxD00B,EAAiBF,EACnB90B,kBAAkBK,mBAAmBy0B,IAAqB,aAC1D,KAEEG,EAAcj1B,kBAAkBK,mBAAmBC,IACzC,aAKhB,OAH0B20B,EACtBj1B,kBAAkBK,mBAAmB40B,IAAoB,KACzD,OACwBA,GAAeD,GAAkBF,GAAQx0B,EAmEhDy0B,CAAcD,GACjC,IACE,OAAO,IAAIL,cAAcC,GACzB,MAAMx3B,GACN,OAAO,OAWP,SAAUg4B,mBAAmBJ,GACjC,OAAOL,cAAcU,UAAUL,GCpIpB,MAAAM,kBAAb55B,cAkBWjD,KAAAujB,WAAasZ,kBAAkBC,YAoBxCzjB,kBAAkB6E,EAAeqP,GAC/B,OAAO0M,oBAAoBK,sBAAsBpc,EAAOqP,GAyB1DlU,0BACE6E,EACA6e,GAEA,MAAMC,EAAgBd,cAAcU,UAAUG,GAG9C,OAFA5lB,QAAQ6lB,EAAa,kBAEd/C,oBAAoBM,kBACzBrc,EACA8e,EAAcj4B,KACdi4B,EAAc1hB,WAtEFuhB,kBAAAC,YAA8C,WAI9CD,kBAAAI,8BACc,WAIdJ,kBAAAK,0BACU,YCXN,MAAAC,sBAWpBl6B,YAAqBsgB,GAAAvjB,KAAUujB,WAAVA,EATrBvjB,KAAmBo9B,oBAAkB,KAE7Bp9B,KAAgBq9B,iBAAqB,GAc7CC,mBAAmBrhB,GACjBjc,KAAKo9B,oBAAsBnhB,EAa7BshB,oBAAoBC,GAElB,OADAx9B,KAAKq9B,iBAAmBG,EACjBx9B,KAMTy9B,sBACE,OAAOz9B,KAAKq9B,kBCZV,MAAgBK,0BACZP,sBADVl6B,kCAKUjD,KAAM29B,OAAa,GAO3BC,SAASC,GAKP,OAHK79B,KAAK29B,OAAO92B,SAASg3B,IACxB79B,KAAK29B,OAAOn8B,KAAKq8B,GAEZ79B,KAMT89B,YACE,MAAO,IAAI99B,KAAK29B,SA4Cd,MAAOI,sBAAsBL,kBAKjCrkB,0BAA0BwD,GACxB,MAAMnV,EAAsB,iBAATmV,EAAoB5Y,KAAKC,MAAM2Y,GAAQA,EAK1D,OAJA1F,QACE,eAAgBzP,GAAO,iBAAkBA,EAAG,kBAGvCkzB,gBAAgBoD,YAAYt2B,GAwBrCu2B,WAAW72B,GACT,OAAOpH,KAAKk+B,YAAW/4B,OAAAyR,OAAAzR,OAAAyR,OAAA,GAAMxP,GAAM,CAAE2zB,MAAO3zB,EAAO+2B,YAI7CD,YACN92B,GAIA,OAFA+P,QAAQ/P,EAAOyb,SAAWzb,EAAO6d,YAAW,kBAErC2V,gBAAgBoD,2CAClB52B,GAAM,CACTmc,WAAYvjB,KAAKujB,WACjB8V,aAAcr5B,KAAKujB,cASvBlK,4BACE+kB,GAEA,OAAOL,cAAcM,gCACnBD,GASJ/kB,2BAA2B/V,GACzB,OAAOy6B,cAAcM,gCAClB/6B,EAAM2B,YAAc,IAIjBoU,wCACN+E,eAAgBkgB,IAEhB,IAAKA,EACH,OAAO,KAGT,MAAMC,aACJA,EAAYC,iBACZA,EAAgBvD,iBAChBA,EAAgBJ,aAChBA,EAAYE,MACZA,EAAKxX,WACLA,GACE+a,EACJ,KACGE,GACAvD,GACAsD,GACA1D,GAED,OAAO,KAGT,IAAKtX,EACH,OAAO,KAGT,IACE,OAAO,IAAIwa,cAAcxa,GAAY2a,YAAY,CAC/Crb,QAAS0b,EACTtZ,YAAauZ,EACbzD,MAAAA,EACAF,aAAAA,IAEF,MAAOz3B,GACP,OAAO,OCjLP,MAAOq7B,6BAA6Bf,kBAOxCz6B,cACEiC,sBAeFmU,kBAAkB4L,GAChB,OAAO2V,gBAAgBoD,YAAY,CACjCza,WAAYkb,qBAAqB3B,YACjCzD,aAAcoF,qBAAqBC,wBACnCzZ,YAAAA,IASJ5L,4BACE+kB,GAEA,OAAOK,qBAAqBE,2BAC1BP,GAUJ/kB,2BAA2B/V,GACzB,OAAOm7B,qBAAqBE,2BACzBr7B,EAAM2B,YAAc,IAIjBoU,mCACN+E,eAAgBkgB,IAEhB,IAAKA,KAAmB,qBAAsBA,GAC5C,OAAO,KAGT,IAAKA,EAAcE,iBACjB,OAAO,KAGT,IACE,OAAOC,qBAAqBR,WAAWK,EAAcE,kBACrD,MAAM75B,GACN,OAAO,OApEK85B,qBAAAC,wBACQ,eAERD,qBAAA3B,YAAkD,eCF9D,MAAO8B,2BAA2BlB,kBAMtCz6B,cACEiC,oBACAlF,KAAK49B,SAAS,WAgBhBvkB,kBACEwJ,EACAoC,GAEA,OAAO2V,gBAAgBoD,YAAY,CACjCza,WAAYqb,mBAAmB9B,YAC/BzD,aAAcuF,mBAAmBC,sBACjChc,QAAAA,EACAoC,YAAAA,IASJ5L,4BACE+kB,GAEA,OAAOQ,mBAAmBD,2BACxBP,GASJ/kB,2BAA2B/V,GACzB,OAAOs7B,mBAAmBD,2BACvBr7B,EAAM2B,YAAc,IAIjBoU,mCACN+E,eAAgBkgB,IAEhB,IAAKA,EACH,OAAO,KAGT,MAAMC,aAAEA,EAAYC,iBAAEA,GACpBF,EACF,IAAKC,IAAiBC,EAEpB,OAAO,KAGT,IACE,OAAOI,mBAAmBX,WAAWM,EAAcC,GACnD,MAAM75B,GACN,OAAO,OA3EKi6B,mBAAAC,sBAA0D,aAE1DD,mBAAA9B,YAA8C,aCJ1D,MAAOgC,2BAA2BpB,kBAMtCz6B,cACEiC,oBAQFmU,kBAAkB4L,GAChB,OAAO2V,gBAAgBoD,YAAY,CACjCza,WAAYub,mBAAmBhC,YAC/BzD,aAAcyF,mBAAmBC,sBACjC9Z,YAAAA,IASJ5L,4BACE+kB,GAEA,OAAOU,mBAAmBH,2BACxBP,GAUJ/kB,2BAA2B/V,GACzB,OAAOw7B,mBAAmBH,2BACvBr7B,EAAM2B,YAAc,IAIjBoU,mCACN+E,eAAgBkgB,IAEhB,IAAKA,KAAmB,qBAAsBA,GAC5C,OAAO,KAGT,IAAKA,EAAcE,iBACjB,OAAO,KAGT,IACE,OAAOM,mBAAmBb,WAAWK,EAAcE,kBACnD,MAAM75B,GACN,OAAO,OA5DKm6B,mBAAAC,sBAA0D,aAE1DD,mBAAAhC,YAA8C,aCpC1D,MAAOkC,2BAA2B5F,eAEtCn2B,YACEsgB,EACiBsX,GAEjB31B,MAAMqe,EAAYA,GAFDvjB,KAAY66B,aAAZA,EAMnBvB,oBAAoB5iB,GAElB,OAAOikB,cAAcjkB,EADL1W,KAAKm7B,gBAKvB3B,eACE9iB,EACAmM,GAEA,MAAMxH,EAAUrb,KAAKm7B,eAErB,OADA9f,EAAQwH,QAAUA,EACX8X,cAAcjkB,EAAM2E,GAI7Bqe,6BAA6BhjB,GAC3B,MAAM2E,EAAUrb,KAAKm7B,eAErB,OADA9f,EAAQ+f,YAAa,EACdT,cAAcjkB,EAAM2E,GAI7BsH,SACE,MAAO,CACL0W,aAAcr5B,KAAKq5B,aACnB9V,WAAYvjB,KAAKujB,WACjBsX,aAAc76B,KAAK66B,cAavBxhB,gBAAgBwD,GACd,MAAMnV,EAAsB,iBAATmV,EAAoB5Y,KAAKC,MAAM2Y,GAAQA,GACpD0G,WAAEA,EAAU8V,aAAEA,EAAYwB,aAAEA,GAChCnzB,EACF,OACG6b,GACA8V,GACAwB,GACDtX,IAAe8V,EAKV,IAAI2F,mBAAmBzb,EAAYsX,GAHjC,KAWXxhB,eAAekK,EAAoBsX,GACjC,OAAO,IAAImE,mBAAmBzb,EAAYsX,GAGpCM,eACN,MAAO,CACLE,WAlFkB,mBAmFlBb,mBAAmB,EACnBK,aAAc76B,KAAK66B,eChFnB,MAAOoE,yBAAyB9B,sBAKpCl6B,YAAYsgB,GACVpM,QACEoM,EAAWpK,WAdY,2BAiBzBjU,MAAMqe,GAmBRlK,4BACE+kB,GAEA,OAAOa,iBAAiBC,+BACtBd,GAUJ/kB,2BAA2B/V,GACzB,OAAO27B,iBAAiBC,+BACrB57B,EAAM2B,YAAc,IAQzBoU,0BAA0BwD,GACxB,MAAMohB,EAAae,mBAAmBnX,SAAShL,GAE/C,OADA1F,QAAQ8mB,EAAU,kBACXA,EAGD5kB,uCACN+E,eAAgBkgB,IAEhB,IAAKA,EACH,OAAO,KAGT,MAAMzD,aAAEA,EAAYtX,WAAEA,GAAe+a,EAErC,IAAKzD,IAAiBtX,EACpB,OAAO,KAGT,IACE,OAAOyb,mBAAmBG,QAAQ5b,EAAYsX,GAC9C,MAAOz3B,GACP,OAAO,OC3BP,MAAOg8B,4BAA4B1B,kBAMvCz6B,cACEiC,qBASFmU,kBAAkBzR,EAAeszB,GAC/B,OAAON,gBAAgBoD,YAAY,CACjCza,WAAY6b,oBAAoBtC,YAChCzD,aAAc+F,oBAAoBC,uBAClCrE,WAAYpzB,EACZqzB,iBAAkBC,IAStB7hB,4BACE+kB,GAEA,OAAOgB,oBAAoBT,2BACzBP,GAUJ/kB,2BAA2B/V,GACzB,OAAO87B,oBAAoBT,2BACxBr7B,EAAM2B,YAAc,IAIjBoU,mCACN+E,eAAgBkgB,IAEhB,IAAKA,EACH,OAAO,KAET,MAAME,iBAAEA,EAAgBvD,iBAAEA,GACxBqD,EACF,IAAKE,IAAqBvD,EACxB,OAAO,KAGT,IACE,OAAOmE,oBAAoBnB,WAAWO,EAAkBvD,GACxD,MAAMt2B,GACN,OAAO,OCxGN4W,eAAe+jB,OACpB5oB,EACA2E,GAEA,OAAOgC,sBACL3G,EAGA,OAAA,sBAAA0E,mBAAmB1E,EAAM2E,IDiCX+jB,oBAAAC,uBAA6D,cAE7DD,oBAAAtC,YAAgD,cExDrD,MAAAyC,mBAQXt8B,YAAYmE,GACVpH,KAAK4f,KAAOxY,EAAOwY,KACnB5f,KAAKujB,WAAanc,EAAOmc,WACzBvjB,KAAKoe,eAAiBhX,EAAOgX,eAC7Bpe,KAAKw/B,cAAgBp4B,EAAOo4B,cAG9BnmB,kCACE3C,EACA8oB,EACA1X,EACAxD,GAAuB,GAEvB,MAAM1E,QAAa2G,SAASkZ,qBAC1B/oB,EACAoR,EACAxD,GAEIf,EAAamc,sBAAsB5X,GAOzC,OANiB,IAAIyX,mBAAmB,CACtC3f,KAAAA,EACA2D,WAAAA,EACAnF,eAAgB0J,EAChB0X,cAAAA,IAKJnmB,2BACEuG,EACA4f,EACA/iB,SAEMmD,EAAK+f,yBAAyBljB,GAAuB,GAC3D,MAAM8G,EAAamc,sBAAsBjjB,GACzC,OAAO,IAAI8iB,mBAAmB,CAC5B3f,KAAAA,EACA2D,WAAAA,EACAnF,eAAgB3B,EAChB+iB,cAAAA,KAKN,SAASE,sBACPjjB,GAEA,OAAIA,EAAS8G,WACJ9G,EAAS8G,WAGd,gBAAiB9G,EACK,QAGnB,KC3DFlB,eAAeqkB,kBAAkBlpB,SACtC,MAAMqgB,EAAe3C,UAAU1d,GAE/B,SADMqgB,EAAa/H,uBACS,QAAxBrqB,EAAAoyB,EAAa3V,mBAAW,IAAAzc,OAAA,EAAAA,EAAE2f,YAE5B,OAAO,IAAIib,mBAAmB,CAC5B3f,KAAMmX,EAAa3V,YACnBmC,WAAY,KACZic,cAAoC,WAGxC,MAAM/iB,QAAiB6iB,OAAOvI,EAAc,CAC1CyD,mBAAmB,IAEf4D,QAAuBmB,mBAAmBE,qBAC9C1I,EAEA,SAAAta,GACA,GAGF,aADMsa,EAAa5G,mBAAmBiO,EAAexe,MAC9Cwe,ECzBH,MAAOyB,yBACH/6B,cAKR7B,YACEyT,EACApT,EACSk8B,EACA5f,SAET1a,MAAM5B,EAAMyB,KAAMzB,EAAM0B,SAHfhF,KAAaw/B,cAAbA,EACAx/B,KAAI4f,KAAJA,EAITza,OAAOC,eAAepF,KAAM6/B,iBAAiBx6B,WAC7CrF,KAAKiF,WAAa,CAChB4R,QAASH,EAAKxT,KACdoY,SAAuB,QAAb3W,EAAA+R,EAAK4E,gBAAQ,IAAA3W,EAAAA,OAAIyD,EAC3BmV,gBAAiBja,EAAM2B,WAAYsY,gBACnCiiB,cAAAA,GAIJnmB,8BACE3C,EACApT,EACAk8B,EACA5f,GAEA,OAAO,IAAIigB,iBAAiBnpB,EAAMpT,EAAOk8B,EAAe5f,IAItD,SAAUkgB,8CACdppB,EACA8oB,EACAvB,EACAre,GAOA,OAJgD,mBAA9C4f,EACIvB,EAAWvE,6BAA6BhjB,GACxCunB,EAAW3E,oBAAoB5iB,IAEd1N,OAAM1F,IAC3B,GAAmB,oCAAfA,EAAMyB,KACR,MAAM86B,iBAAiBE,uBACrBrpB,EACApT,EACAk8B,EACA5f,GAIJ,MAAMtc,KC7DJ,SAAU08B,oBACdnc,GAEA,OAAO,IAAIoc,IACTpc,EACGP,KAAI,EAAGC,WAAAA,KAAiBA,IACxBU,QAAOic,KAASA,KCShB3kB,eAAe4kB,OAAOvgB,EAAY2D,GACvC,MAAMxD,EAAe5V,mBAAmByV,SAClCwgB,qBAAoB,EAAMrgB,EAAcwD,GAC9C,MAAMJ,iBAAEA,SzCaH5H,eAAe8kB,qBACpB3pB,EACA2E,GAEA,OAAOG,mBAGL9E,EAAkD,OAAA,sBAAA2E,GyCpBjBglB,CAAqBtgB,EAAarJ,KAAM,CACzEmM,cAAe9C,EAAaJ,aAC5B2gB,eAAgB,CAAC/c,KAGbgd,EAAgBP,oBAAoB7c,GAAoB,IAU9D,OARApD,EAAa8D,aAAe9D,EAAa8D,aAAaI,QAAOuc,GAC3DD,EAAcE,IAAID,EAAGjd,cAElBgd,EAAcE,eACjB1gB,EAAa5B,YAAc,YAGvB4B,EAAarJ,KAAKmO,sBAAsB9E,GACvCA,EAGFxE,eAAemlB,QACpB9gB,EACAqe,EACA/c,GAAkB,GAElB,MAAMzE,QAAiBwE,qBACrBrB,EACAqe,EAAWzE,eAAe5Z,EAAKlJ,WAAYkJ,EAAKD,cAChDuB,GAEF,OAAOqe,mBAAmBoB,cAAc/gB,EAA0B,OAAAnD,GAG7DlB,eAAe6kB,oBACpBQ,EACAhhB,EACAZ,SAEM4D,qBAAqBhD,GAC3B,MAEM7a,GACS,IAAb67B,EACG,0BACgC,mBACrCzpB,QANoB6oB,oBAAoBpgB,EAAKiE,cAMzB4c,IAAIzhB,KAAc4hB,EAAUhhB,EAAKlJ,KAAM3R,GCzDtDwW,eAAeslB,gBACpBjhB,EACAqe,EACA/c,GAAkB,GAElB,MAAMxK,KAAEA,GAASkJ,EACX4f,EAA6C,iBAEnD,IACE,MAAM/iB,QAAiBwE,qBACrBrB,EACAkgB,8CACEppB,EACA8oB,EACAvB,EACAre,GAEFsB,GAEF/J,QAAQsF,EAASoG,QAASnM,oBAC1B,MAAMoqB,EAAS7gB,YAAYxD,EAASoG,SACpC1L,QAAQ2pB,EAAQpqB,oBAEhB,MAAQqqB,IAAKrc,GAAYoc,EAGzB,OAFA3pB,QAAQyI,EAAK4D,MAAQkB,EAAShO,EAAI,iBAE3B6oB,mBAAmBoB,cAAc/gB,EAAM4f,EAAe/iB,GAC7D,MAAOrZ,GAKP,KAHmC,yBAA9BA,MAAAA,OAAA,EAAAA,EAAqB2B,OACxBqR,MAAMM,EAAI,iBAENtT,GC9BHmY,eAAeylB,sBACpBtqB,EACAunB,EACA/c,GAAkB,GAElB,MAAMse,EAAsC,SACtC/iB,QAAiBqjB,8CACrBppB,EACA8oB,EACAvB,GAEIG,QAAuBmB,mBAAmBE,qBAC9C/oB,EACA8oB,EACA/iB,GAMF,OAHKyE,SACGxK,EAAKyZ,mBAAmBiO,EAAexe,MAExCwe,EAcF7iB,eAAe0lB,qBACpBvqB,EACAunB,GAEA,OAAO+C,sBAAsB5M,UAAU1d,GAAOunB,GAczC1iB,eAAe2lB,mBACpBthB,EACAqe,GAEA,MAAMle,EAAe5V,mBAAmByV,GAIxC,aAFMwgB,qBAAoB,EAAOrgB,EAAcke,EAAW1a,YAEnDmd,QAAM3gB,EAAcke,GAgBtB1iB,eAAe4lB,6BACpBvhB,EACAqe,GAEA,OAAO4C,gBAAgB12B,mBAAmByV,GAAuBqe,GCrE5D1iB,eAAe6lB,sBACpB1qB,EACA2qB,GAEA,MAAMtK,EAAe3C,UAAU1d,GACzB+F,QCZDlB,eAAe6lB,wBACpB1qB,EACA2E,GAEA,OAAOgC,sBAIL3G,EAGA,OAAA,qCAAA0E,mBAAmB1E,EAAM2E,IDCaimB,CAAmBvK,EAAc,CACvEnvB,MAAOy5B,EACP7G,mBAAmB,IAEfM,QAAayE,mBAAmBE,qBACpC1I,EAAY,SAEZta,GAGF,aADMsa,EAAa5G,mBAAmB2K,EAAKlb,MACpCkb,EExBa,MAAAyG,oBAKpBt+B,YAA+Bu+B,EAAoB/kB,GAApBzc,KAAQwhC,SAARA,EAC7BxhC,KAAKwjB,IAAM/G,EAASglB,gBACpBzhC,KAAK0hC,eAAiB,IAAIj2B,KAAKgR,EAASklB,YAAYjiB,cACpD1f,KAAK0jB,YAAcjH,EAASiH,YAG9BrK,2BACE3C,EACAkrB,GAEA,MAAI,cAAeA,EACVC,yBAAyBC,oBAAoBprB,EAAMkrB,GACjD,aAAcA,EAChBG,wBAAwBD,oBAAoBprB,EAAMkrB,GAEpDxrB,MAAMM,EAAI,mBAIf,MAAOmrB,iCACHN,oBAKRt+B,YAAoBwZ,GAClBvX,MAAK,QAAiBuX,GACtBzc,KAAKme,YAAc1B,EAASulB,UAG9B3oB,2BACEkgB,EACAqI,GAEA,OAAO,IAAIC,yBAAyBD,IAGlC,MAAOG,gCACHR,oBAGRt+B,YAAoBwZ,GAClBvX,MAAK,OAAgBuX,GAGvBpD,2BACEkgB,EACAqI,GAEA,OAAO,IAAIG,wBAAwBH,IC/DvB,SAAAK,gCACdvrB,EACA2E,EACA6mB,SAEA/qB,SAC0B,QAAxBxS,EAAAu9B,EAAmBn6B,WAAK,IAAApD,OAAA,EAAAA,EAAA7D,QAAS,EACjC4V,EAAI,wBAGNS,aACkD,IAAzC+qB,EAAmBC,mBACxBD,EAAmBC,kBAAkBrhC,OAAS,EAChD4V,EAAI,+BAIN2E,EAAQihB,YAAc4F,EAAmBn6B,IACzCsT,EAAQ8mB,kBAAoBD,EAAmBC,kBAC/C9mB,EAAQ+mB,mBAAqBF,EAAmBG,gBAE5CH,EAAmBI,MACrBnrB,QACE+qB,EAAmBI,IAAIC,SAASzhC,OAAS,EACzC4V,2BAGF2E,EAAQmnB,YAAcN,EAAmBI,IAAIC,UAG3CL,EAAmBO,UACrBtrB,QACE+qB,EAAmBO,QAAQC,YAAY5hC,OAAS,EAChD4V,8BAGF2E,EAAQsnB,kBAAoBT,EAAmBO,QAAQG,WACvDvnB,EAAQwnB,0BACNX,EAAmBO,QAAQK,eAC7BznB,EAAQ0nB,mBAAqBb,EAAmBO,QAAQC,aCP5DnnB,eAAeynB,sBAAsBtsB,GACnC,MAAMqgB,EAAe3C,UAAU1d,GAC3BqgB,EAAahF,oCACTgF,EAAa/E,wBAsChBzW,eAAewe,uBACpBrjB,EACAwH,EACAgkB,GAEA,MAAMnL,EAAe3C,UAAU1d,GACzB2E,EAA+C,CACnD4nB,YAA+C,iBAC/C/kB,MAAAA,EACAqX,WAAmC,mBAEjC2M,GACFD,gCAAgClL,EAAc1b,EAAS6mB,SAEnD/L,oBACJY,EACA1b,EAEA6nB,aAAAA,0BAaG3nB,eAAe4nB,qBACpBzsB,EACA2jB,EACA+I,SAEMC,cACWl5B,mBAAmBuM,GAAO,CACvC2jB,QAAAA,EACA+I,YAAAA,IAEDp6B,OAAMuS,MAAMjY,IAQX,KALE,6CADAA,EAAMyB,MAGDi+B,sBAAsBtsB,GAGvBpT,KAaLiY,eAAe+nB,gBACpB5sB,EACA2jB,S9BnEK9e,eAAe+nB,kBACpB5sB,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,sBAAA0E,mBAAmB1E,EAAM2E,I8B6DrBkoB,CAAwBp5B,mBAAmBuM,GAAO,CAAE2jB,QAAAA,IAarD9e,eAAeioB,gBACpB9sB,EACA2jB,GAEA,MAAMoJ,EAAct5B,mBAAmBuM,GACjC+F,QAAiBinB,cAAsBD,EAAa,CAAEpJ,QAAAA,IAQtD2B,EAAYvf,EAASwmB,YAE3B,OADA9rB,QAAQ6kB,EAAWyH,oBACXzH,GACN,IAAA,eACE,MACF,IAAA,0BACE7kB,QAAQsF,EAASknB,SAAUF,oBAC3B,MACF,IAAA,gCACEtsB,QAAQsF,EAASmnB,QAASH,oBAE5B,QACEtsB,QAAQsF,EAASyB,MAAOulB,oBAI5B,IAAII,EAA8C,KAQlD,OAPIpnB,EAASmnB,UACXC,EAAkBtC,oBAAoBO,oBACpC1N,UAAUqP,GACVhnB,EAASmnB,UAIN,CACLh+B,KAAM,CACJsY,OACuE,4BAApEzB,EAASwmB,YACNxmB,EAASknB,SACTlnB,EAASyB,QAAU,KACzB4lB,eACuE,4BAApErnB,EAASwmB,YACNxmB,EAASyB,MACTzB,EAASknB,WAAa,KAC5BE,gBAAAA,GAEF7H,UAAAA,GAcGzgB,eAAewoB,wBACpBrtB,EACA3R,GAEA,MAAMa,KAAEA,SAAe49B,gBAAgBr5B,mBAAmBuM,GAAO3R,GAEjE,OAAOa,EAAKsY,MAoBP3C,eAAeyoB,+BACpBttB,EACAwH,EACAqP,GAEA,MAAMwJ,EAAe3C,UAAU1d,GAOzButB,EAA2C9N,oBAC/CY,EAP6B,CAC7ByD,mBAAmB,EACnBtc,MAAAA,EACAqP,SAAAA,EACAgI,WAAmC,mBAI5B,iBAEP+J,QAEI7iB,QAAiBwnB,EAAej7B,OAAM1F,IAO1C,KALiB,6CAAfA,EAAMyB,MAEDi+B,sBAAsBtsB,GAGvBpT,KAGF86B,QAAuBmB,mBAAmBE,qBAC9C1I,EAAY,SAEZta,GAIF,aAFMsa,EAAa5G,mBAAmBiO,EAAexe,MAE9Cwe,EAqBO,SAAA8F,2BACdxtB,EACAwH,EACAqP,GAEA,OAAO0T,qBACL92B,mBAAmBuM,GACnBmmB,kBAAkBoB,WAAW/f,EAAOqP,IACpCvkB,OAAMuS,MAAMjY,IAOZ,KALiB,6CAAfA,EAAMyB,MAEDi+B,sBAAsBtsB,GAGvBpT,KCpQHiY,eAAeye,sBACpBtjB,EACAwH,EACAgkB,GAEA,MAAMnL,EAAe3C,UAAU1d,GACzB2E,EAAkC,CACtC4nB,YAA6C,eAC7C/kB,MAAAA,EACAqX,WAAmC,oBAErC,SAAS4O,sBACP9oB,EACA6mB,GAEA/qB,QACE+qB,EAAmBG,gBACnBtL,oBAGEmL,GACFD,gCACElL,EACA1b,EACA6mB,GAINiC,CAAsB9oB,EAAS6mB,SACzB/L,oBACJY,EACA1b,EAEA+oB,aAAAA,yBAYY,SAAAC,sBAAsB3tB,EAAYqmB,GAChD,MAAMC,EAAgBd,cAAcU,UAAUG,GAC9C,MAA+B,kBAAxBC,MAAAA,OAAA,EAAAA,EAAehB,WAwCjBzgB,eAAekf,oBACpB/jB,EACAwH,EACA6e,GAEA,MAAM0G,EAAct5B,mBAAmBuM,GACjCunB,EAAapB,kBAAkByH,mBACnCpmB,EACA6e,GAAavlB,kBASf,OALAL,QACE8mB,EAAW7D,aAAeqJ,EAAYnoB,UAAY,MAClDmoB,wBAGKxC,qBAAqBwC,EAAaxF,GC/HpC1iB,eAAegpB,2BACpB7tB,EACAwH,GAKA,MACM7C,EAAgC,CACpCmpB,WAAYtmB,EACZumB,YAHkB9sB,iBAAmBH,iBAAmB,qBAMpDktB,cAAEA,SC9BHnpB,eAAeopB,cACpBjuB,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,6BAAA0E,mBAAmB1E,EAAM2E,IDsBKspB,CAC9Bx6B,mBAAmBuM,GACnB2E,GAGF,OAAOqpB,GAAiB,GAiCnBnpB,eAAeqpB,sBACpBhlB,EACAsiB,GAEA,MAAMniB,EAAe5V,mBAAmByV,GAElCvE,EAAkC,CACtC4nB,YAA6C,eAC7CpgB,cAHoBjD,EAAKD,cAKvBuiB,GACFD,gCACEliB,EAAarJ,KACb2E,EACA6mB,GAIJ,MAAMhkB,MAAEA,S/BCH3C,eAAeqpB,wBACpBluB,EACA2E,GAEA,OAAOye,YAAYpjB,EAAM2E,G+BLDwpB,CAA0B9kB,EAAarJ,KAAM2E,GAEjE6C,IAAU0B,EAAK1B,aACX0B,EAAKgF,SAsCRrJ,eAAeupB,wBACpBllB,EACA+jB,EACAzB,GAEA,MAAMniB,EAAe5V,mBAAmByV,GAElCvE,EAA2C,CAC/C4nB,YAAwD,0BACxDpgB,cAHoBjD,EAAKD,aAIzBgkB,SAAAA,GAEEzB,GACFD,gCACEliB,EAAarJ,KACb2E,EACA6mB,GAIJ,MAAMhkB,MAAEA,S/BvCH3C,eAAewpB,qBACpBruB,EACA2E,GAEA,OAAOye,YAAYpjB,EAAM2E,G+BmCD2pB,CAAyBjlB,EAAarJ,KAAM2E,GAEhE6C,IAAU0B,EAAK1B,aAGX0B,EAAKgF,SEtJRrJ,eAAe0pB,cACpBrlB,GACA8D,YACEA,EACAC,SAAUC,IAGZ,QAAoBxb,IAAhBsb,QAA0Ctb,IAAbwb,EAC/B,OAGF,MAAM7D,EAAe5V,mBAAmByV,GAElCslB,EAAiB,CACrBriB,cAFoB9C,EAAaJ,aAGjC+D,YAAAA,EACAE,SAAAA,EACA4W,mBAAmB,GAEf/d,QAAiBwE,qBACrBlB,ECxBGxE,eAAe0pB,gBACpBvuB,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,sBAAA2E,GDiBA8pB,CAAiBplB,EAAarJ,KAAMwuB,IAGtCnlB,EAAa2D,YAAcjH,EAASiH,aAAe,KACnD3D,EAAa4D,SAAWlH,EAASmH,UAAY,KAG7C,MAAMwhB,EAAmBrlB,EAAa8D,aAAawhB,MACjD,EAAG9hB,WAAAA,KAA2B,aAAVA,IAElB6hB,IACFA,EAAiB1hB,YAAc3D,EAAa2D,YAC5C0hB,EAAiBzhB,SAAW5D,EAAa4D,gBAGrC5D,EAAa4f,yBAAyBljB,GAsB9B,SAAA6oB,YAAY1lB,EAAY+jB,GACtC,OAAO4B,sBACLp7B,mBAAmByV,GACnB+jB,EACA,MAiBY,SAAA6B,eAAe5lB,EAAYwjB,GACzC,OAAOmC,sBACLp7B,mBAAmByV,GACnB,KACAwjB,GAIJ7nB,eAAegqB,sBACb3lB,EACA1B,EACAqP,GAEA,MAAM7W,KAAEA,GAASkJ,EAEXvE,EAAsC,CAC1CwH,cAFoBjD,EAAKD,aAGzB6a,mBAAmB,GAGjBtc,IACF7C,EAAQ6C,MAAQA,GAGdqP,IACFlS,EAAQkS,SAAWA,GAGrB,MAAM9Q,QAAiBwE,qBACrBrB,ElCnFGrE,eAAekqB,oBACpB/uB,EACA2E,GAEA,OAAOG,mBAGL9E,EAAkD,OAAA,sBAAA2E,GkC6ElDqqB,CAAuBhvB,EAAM2E,UAEzBuE,EAAK+f,yBAAyBljB,GAAuB,GEtE7D,MAAMkpB,0BACJ1iC,YACW2iC,EACAriB,EACAsiB,EAAmC,IAFnC7lC,KAAS4lC,UAATA,EACA5lC,KAAUujB,WAAVA,EACAvjB,KAAO6lC,QAAPA,GAIb,MAAMC,gDAAgDH,0BACpD1iC,YACE2iC,EACAriB,EACAsiB,EACSE,GAET7gC,MAAM0gC,EAAWriB,EAAYsiB,GAFpB7lC,KAAQ+lC,SAARA,GAMb,MAAMC,mCAAmCL,0BACvC1iC,YAAY2iC,EAAoBC,GAC9B3gC,MAAM0gC,EAAgC,eAAAC,IAI1C,MAAMI,iCAAiCH,wCACrC7iC,YAAY2iC,EAAoBC,GAC9B3gC,MACE0gC,EAEA,aAAAC,EAC0B,iBAAnBA,MAAAA,OAAO,EAAPA,EAASK,OAAqBL,MAAAA,OAAA,EAAAA,EAASK,MAAQ,OAK5D,MAAMC,iCAAiCR,0BACrC1iC,YAAY2iC,EAAoBC,GAC9B3gC,MAAM0gC,EAA8B,aAAAC,IAIxC,MAAMO,kCAAkCN,wCACtC7iC,YACE2iC,EACAC,EACAQ,GAEAnhC,MAAM0gC,EAAS,cAAsBC,EAASQ,IAW5C,SAAUC,sBACdlI,GAEA,MAAMxe,KAAEA,EAAIxB,eAAEA,GAAmBggB,EACjC,OAAIxe,EAAK0E,cAAgBlG,EAGhB,CACLmF,WAAY,KACZqiB,WAAW,EACXC,QAAS,MAxHT,SAAUpG,qBACd3X,WAEA,IAAKA,EACH,OAAO,KAET,MAAMvE,WAAEA,GAAeuE,EACjB+d,EAAU/d,EAAgBye,YAC5BtiC,KAAKC,MAAM4jB,EAAgBye,aAC3B,GACEX,EACJ9d,EAAgB8d,WACI,0CAApB9d,EAAgB0e,KAClB,IAAKjjB,IAAcuE,MAAAA,OAAe,EAAfA,EAAiBjF,SAAS,CAC3C,MAAMvC,EACJ,QADqB+G,EAAsC,QAAtC1iB,EAAAsb,YAAY6H,EAAgBjF,gBAAU,IAAAle,OAAA,EAAAA,EAAA0b,gBAC3D,IAAAgH,OAAA,EAAAA,EAAkB,iBAEpB,GAAI/G,EAOF,OAAO,IAAIqlB,0BAA0BC,EALI,cAAvCtlB,GACoC,WAApCA,EACKA,EACD,MAKV,IAAKiD,EACH,OAAO,KAET,OAAQA,GACN,IAAA,eACE,OAAO,IAAIyiB,2BAA2BJ,EAAWC,GACnD,IAAA,aACE,OAAO,IAAII,yBAAyBL,EAAWC,GACjD,IAAA,aACE,OAAO,IAAIM,yBAAyBP,EAAWC,GACjD,IAAA,cACE,OAAO,IAAIO,0BACTR,EACAC,EACA/d,EAAgBue,YAAc,MAElC,IAAuB,SACvB,IAAA,YACE,OAAO,IAAIV,0BAA0BC,EAAW,MAClD,QACE,OAAO,IAAID,0BAA0BC,EAAWriB,EAAYsiB,IA6EzDpG,CAAqBrhB,GC1Fd,SAAAyT,eACdnb,EACAoS,GAEA,OAAO3e,mBAAmBuM,GAAMmb,eAAe/I,GA8B3C,SAAU2d,0BAA0B/vB,GACxC,OzC+HK6E,eAAemrB,2BAA2BhwB,GAC/C,MAAMqgB,EAAe3C,UAAU1d,GAEzB+F,QAAiB0C,mBAAmB4X,EAAc,CACtDxB,WAAmC,kBACnCC,QAAoC,yBAGhCxc,EAAS,IAAI0F,gBAAgBjC,GACN,MAAzBsa,EAAazb,SACfyb,EAAa7H,sBAAwBlW,EAErC+d,EAAa5H,wBAAwB4H,EAAazb,UAAYtC,EAG5DA,EAAOkG,kBAAiB,4BACT,IAAI+V,4BAA4B8B,GACnCf,SyChJT0Q,CAA2BhwB,GA0B7B6E,eAAe+R,iBACpB5W,EACA6W,GAGA,OADqB6G,UAAU1d,GACX4W,iBAAiBC,GAmBjC,SAAUiF,iBACd9b,EACAnN,EACAjG,EACA+uB,GAEA,OAAOloB,mBAAmBuM,GAAM8b,iBAC9BjpB,EACAjG,EACA+uB,GAaY,SAAAE,uBACd7b,EACA3J,EACAif,GAEA,OAAO7hB,mBAAmBuM,GAAM6b,uBAAuBxlB,EAAUif,GAiB7D,SAAUoG,mBACd1b,EACAnN,EACAjG,EACA+uB,GAEA,OAAOloB,mBAAmBuM,GAAM0b,mBAC9B7oB,EACAjG,EACA+uB,GAUE,SAAUjB,kBAAkB1a,GAChCvM,mBAAmBuM,GAAM0a,oBAoBX,SAAAuV,kBACdjwB,EACAkJ,GAEA,OAAOzV,mBAAmBuM,GAAMiwB,kBAAkB/mB,GAS9C,SAAUyB,QAAQ3K,GACtB,OAAOvM,mBAAmBuM,GAAM2K,UAWlB,SAAAulB,kBAAkBlwB,EAAY9O,GAE5C,OADqBwsB,UAAU1d,GACXkwB,kBAAkBh/B,GAgFjC2T,eAAesrB,WAAWjnB,GAC/B,OAAOzV,mBAAmByV,GAAMkK,SClTrB,MAAAgd,uBACX7jC,YACWmJ,EACA6xB,EACAre,GAFA5f,KAAIoM,KAAJA,EACApM,KAAUi+B,WAAVA,EACAj+B,KAAI4f,KAAJA,EAGXvG,oBACEwJ,EACAjD,GAEA,OAAO,IAAIknB,uBAAsB,SAE/BjkB,EACAjD,GAIJvG,iCACE0tB,GAEA,OAAO,IAAID,uBAET,SAAAC,GAIJpkB,SAKE,MAAO,CACLqkB,mBAAoB,CAClB,CALyC,WAA3ChnC,KAAKoM,KACD,UACA,qBAGKpM,KAAKi+B,aAKlB5kB,gBACE3R,WAEA,GAAIA,MAAAA,OAAA,EAAAA,EAAKs/B,mBAAoB,CAC3B,GAA0B,QAAtBriC,EAAA+C,EAAIs/B,0BAAkB,IAAAriC,OAAA,EAAAA,EAAEsiC,kBAC1B,OAAOH,uBAAuBI,0BAC5Bx/B,EAAIs/B,mBAAmBC,mBAEpB,GAA0B,QAAtB5f,EAAA3f,EAAIs/B,0BAAkB,IAAA3f,OAAA,EAAAA,EAAExE,QACjC,OAAOikB,uBAAuBK,aAC5Bz/B,EAAIs/B,mBAAmBnkB,SAI7B,OAAO,MCjDE,MAAAukB,wBACXnkC,YACWokC,EACAC,EACQC,GAFRvnC,KAAOqnC,QAAPA,EACArnC,KAAKsnC,MAALA,EACQtnC,KAAcunC,eAAdA,EAMnBluB,kBACE6b,EACA5xB,GAEA,MAAMoT,EAAO0d,UAAUc,GACjB5X,EAAiBha,EAAM2B,WAAWsY,gBAClC+pB,GAAShqB,EAAesmB,SAAW,IAAItgB,KAAIse,GAC/CL,oBAAoBO,oBAAoBprB,EAAMkrB,KAGhDzqB,QACEmG,EAAeypB,qBACfrwB,oBAGF,MAAM2wB,EAAUP,uBAAuBI,0BACrC5pB,EAAeypB,sBAGjB,OAAO,IAAIK,wBACTC,EACAC,GACA/rB,MACEnE,IAEA,MAAMowB,QAAoBpwB,EAAUqwB,SAAS/wB,EAAM2wB,UAE5C/pB,EAAesmB,eACftmB,EAAeypB,qBAGtB,MAAMjf,EACD3iB,OAAAyR,OAAAzR,OAAAyR,OAAA,GAAA0G,GACH,CAAAuF,QAAS2kB,EAAY3kB,QACrBmC,aAAcwiB,EAAYxiB,eAI5B,OAAQ1hB,EAAMk8B,eACZ,IAAA,SACE,MAAMpB,QACEmB,mBAAmBE,qBACvB/oB,EACApT,EAAMk8B,cACN1X,GAGJ,aADMpR,EAAKyZ,mBAAmBiO,EAAexe,MACtCwe,EACT,IAAA,iBAEE,OADAjnB,QAAQ7T,EAAMsc,KAAMlJ,oBACb6oB,mBAAmBoB,cACxBr9B,EAAMsc,KACNtc,EAAMk8B,cACN1X,GAEJ,QACE1R,MAAMM,EAAI,sBAMpB6E,oBACEmsB,GAEA,MAAMtwB,EAAYswB,EAClB,OAAO1nC,KAAKunC,eAAenwB,IAcf,SAAAuwB,uBACdjxB,EACApT,SAEA,MAAMmgC,EAAct5B,mBAAmBuM,GACjCkxB,EAAgBtkC,EAYtB,OAXA6T,QACE7T,EAAM2B,WAAWu6B,cACjBiE,EAAW,kBAGbtsB,QAC0C,QAAxCxS,EAAAijC,EAAc3iC,WAAWsY,uBAAe,IAAA5Y,OAAA,EAAAA,EAAEoiC,qBAC1CtD,EAAW,kBAIN2D,wBAAwBS,WAAWpE,EAAamE,GC/G5C,MAAAE,oBAGX7kC,YAA6B2c,GAAA5f,KAAI4f,KAAJA,EAF7B5f,KAAe+nC,gBAAsB,GAGnCnoB,EAAKmH,WAAUF,IACTA,EAAS+c,UACX5jC,KAAK+nC,gBAAkBlhB,EAAS+c,QAAQtgB,KAAIse,GAC1CL,oBAAoBO,oBAAoBliB,EAAKlJ,KAAMkrB,SAM3DvoB,iBAAiBuG,GACf,OAAO,IAAIkoB,oBAAoBloB,GAGjCrE,mBACE,OAAOurB,uBAAuBK,mBACtBnnC,KAAK4f,KAAKD,aAChB3f,KAAK4f,MAITrE,aACEmsB,EACAhkB,GAEA,MAAMtM,EAAYswB,EACZL,QAAiBrnC,KAAKgoC,aACtBC,QAA4BhnB,qBAChCjhB,KAAK4f,KACLxI,EAAUqwB,SAASznC,KAAK4f,KAAKlJ,KAAM2wB,EAAS3jB,IAQ9C,aAJM1jB,KAAK4f,KAAK+f,yBAAyBsI,GAIlCjoC,KAAK4f,KAAKgF,SAGnBrJ,eAAe2sB,GACb,MAAMzG,EACiB,iBAAdyG,EAAyBA,EAAYA,EAAU1kB,IAClDX,QAAgB7iB,KAAK4f,KAAKD,aAChC,IACE,MAAMmI,QAAwB7G,qBAC5BjhB,KAAK4f,KC+FG,SAAAuoB,YACdzxB,EACA2E,GAEA,OAAOG,mBACL9E,EAGA,OAAA,sCAAA0E,mBAAmB1E,EAAM2E,IDtGrB8sB,CAAYnoC,KAAK4f,KAAKlJ,KAAM,CAC1BmM,QAAAA,EACA4e,gBAAAA,KAIJzhC,KAAK+nC,gBAAkB/nC,KAAK+nC,gBAAgB9jB,QAC1C,EAAGT,IAAAA,KAAUA,IAAQie,UAMjBzhC,KAAK4f,KAAK+f,yBAAyB7X,SACnC9nB,KAAK4f,KAAKgF,SAChB,MAAOxhB,GACP,MAAMA,IAKZ,MAAMglC,EAAuB,IAAIC,QAY3B,SAAUC,YAAY1oB,GAC1B,MAAM2oB,EAAcp+B,mBAAmByV,GAOvC,OANKwoB,EAAqB3H,IAAI8H,IAC5BH,EAAqBhgB,IACnBmgB,EACAT,oBAAoBU,UAAUD,IAG3BH,EAAqBxvB,IAAI2vB,GEhGZ,MAAAE,wBACpBxlC,YACqBylC,EACVt8B,GADUpM,KAAgB0oC,iBAAhBA,EACV1oC,KAAIoM,KAAJA,EAGX8d,eACE,IACE,OAAKlqB,KAAKsoB,SAGVtoB,KAAKsoB,QAAQqgB,QCNkB,QDMa,KAC5C3oC,KAAKsoB,QAAQsgB,WCPkB,SDQxBhgC,QAAQC,SAAQ,IAJdD,QAAQC,SAAQ,GAKzB,MAAMlE,GACN,OAAOiE,QAAQC,SAAQ,IAI3BwgB,KAAKljB,EAAaC,GAEhB,OADApG,KAAKsoB,QAAQqgB,QAAQxiC,EAAKlC,KAAK2X,UAAUxV,IAClCwC,QAAQC,UAGjB0gB,KAAiCpjB,GAC/B,MAAM0W,EAAO7c,KAAKsoB,QAAQugB,QAAQ1iC,GAClC,OAAOyC,QAAQC,QAAQgU,EAAO5Y,KAAKC,MAAM2Y,GAAQ,MAGnD6M,QAAQvjB,GAEN,OADAnG,KAAKsoB,QAAQsgB,WAAWziC,GACjByC,QAAQC,UAGHyf,cACZ,OAAOtoB,KAAK0oC,oBEhBhB,MAAMI,gCACIL,wBAKRxlC,cACEiC,OAAM,IAAMxB,OAAOqlC,uBAGJ/oC,KAAAkpB,kBAAoB,CACnC8f,EACAC,IACSjpC,KAAKkpC,eAAeF,EAAOC,GACrBjpC,KAASmpC,UAA8C,GACvDnpC,KAAUopC,WAAkC,GAGrDppC,KAASqpC,UAAe,KAGfrpC,KAAAspC,4BAhCnB,SAASC,8BACP,MAAM9e,EAAK7lB,QACX,OAAOkmB,UAAUL,IAAOU,OAAOV,GA+B7B8e,IvD0FY,SAAAC,YACd,IAGE,SAAU9lC,QAAUA,SAAWA,OAAO+lC,KACtC,MAAOrmC,GACP,OAAO,GuDhG0BomC,GAElBxpC,KAAiB0pC,kBAAGne,mBAC5BvrB,KAAqBsqB,uBAAG,EAEzBqf,kBACNzW,GAGA,IAAK,MAAM/sB,KAAOhB,OAAOuB,KAAK1G,KAAKmpC,WAAY,CAE7C,MAAMS,EAAW5pC,KAAKsoB,QAAQugB,QAAQ1iC,GAChC0jC,EAAW7pC,KAAKopC,WAAWjjC,GAG7ByjC,IAAaC,GACf3W,EAAG/sB,EAAK0jC,EAAUD,IAKhBV,eAAeF,EAAqBC,GAAO,GAEjD,IAAKD,EAAM7iC,IAMT,YALAnG,KAAK2pC,mBACH,CAACxjC,EAAa2jC,EAA0BF,KACtC5pC,KAAK+pC,gBAAgB5jC,EAAKyjC,MAMhC,MAAMzjC,EAAM6iC,EAAM7iC,IAgBlB,GAZI8iC,EAGFjpC,KAAKgqC,iBAILhqC,KAAKiqC,cAKHjqC,KAAKspC,4BAA6B,CAEpC,MAAMY,EAAclqC,KAAKsoB,QAAQugB,QAAQ1iC,GAEzC,GAAI6iC,EAAMY,WAAaM,EACE,OAAnBlB,EAAMY,SAER5pC,KAAKsoB,QAAQqgB,QAAQxiC,EAAK6iC,EAAMY,UAGhC5pC,KAAKsoB,QAAQsgB,WAAWziC,QAErB,GAAInG,KAAKopC,WAAWjjC,KAAS6iC,EAAMY,WAAaX,EAErD,OAIJ,MAAMkB,iBAAmB,KAGvB,MAAMD,EAAclqC,KAAKsoB,QAAQugB,QAAQ1iC,IACpC8iC,GAAQjpC,KAAKopC,WAAWjjC,KAAS+jC,IAKtClqC,KAAK+pC,gBAAgB5jC,EAAK+jC,IAGtBA,EAAclqC,KAAKsoB,QAAQugB,QAAQ1iC,GAEvCilB,WACA8e,IAAgBlB,EAAMY,UACtBZ,EAAMY,WAAaZ,EAAMa,SAMzB9rB,WAAWosB,iBAhHqB,IAkHhCA,mBAIIJ,gBAAgB5jC,EAAaC,GACnCpG,KAAKopC,WAAWjjC,GAAOC,EACvB,MAAM+iC,EAAYnpC,KAAKmpC,UAAUhjC,GACjC,GAAIgjC,EACF,IAAK,MAAMiB,KAAY7pC,MAAM8pC,KAAKlB,GAChCiB,EAAShkC,EAAQnC,KAAKC,MAAMkC,GAASA,GAKnCkkC,eACNtqC,KAAKiqC,cAELjqC,KAAKqpC,UAAYkB,aAAY,KAC3BvqC,KAAK2pC,mBACH,CAACxjC,EAAa0jC,EAAyBD,KACrC5pC,KAAKkpC,eACH,IAAIsB,aAAa,UAAW,CAC1BrkC,IAAAA,EACA0jC,SAAAA,EACAD,SAAAA,KAES,QA/Ia,KAsJ1BK,cACFjqC,KAAKqpC,YACPoB,cAAczqC,KAAKqpC,WACnBrpC,KAAKqpC,UAAY,MAIbqB,iBACNhnC,OAAOw1B,iBAAiB,UAAWl5B,KAAKkpB,mBAGlC8gB,iBACNtmC,OAAOinC,oBAAoB,UAAW3qC,KAAKkpB,mBAG7CX,aAAapiB,EAAaikC,GACmB,IAAvCjlC,OAAOuB,KAAK1G,KAAKmpC,WAAWroC,SAK1Bd,KAAK0pC,kBACP1pC,KAAKsqC,eAELtqC,KAAK0qC,kBAGJ1qC,KAAKmpC,UAAUhjC,KAClBnG,KAAKmpC,UAAUhjC,GAAO,IAAI85B,IAE1BjgC,KAAKopC,WAAWjjC,GAAOnG,KAAKsoB,QAAQugB,QAAQ1iC,IAE9CnG,KAAKmpC,UAAUhjC,GAAK4yB,IAAIqR,GAG1B1hB,gBAAgBviB,EAAaikC,GACvBpqC,KAAKmpC,UAAUhjC,KACjBnG,KAAKmpC,UAAUhjC,GAAK2jB,OAAOsgB,GAEM,IAA7BpqC,KAAKmpC,UAAUhjC,GAAKykC,aACf5qC,KAAKmpC,UAAUhjC,IAIiB,IAAvChB,OAAOuB,KAAK1G,KAAKmpC,WAAWroC,SAC9Bd,KAAKgqC,iBACLhqC,KAAKiqC,eAMT1uB,WAAWpV,EAAaC,SAChBlB,MAAMmkB,KAAKljB,EAAKC,GACtBpG,KAAKopC,WAAWjjC,GAAOlC,KAAK2X,UAAUxV,GAGxCmV,WAAuCpV,GACrC,MAAMC,QAAclB,MAAMqkB,KAAQpjB,GAElC,OADAnG,KAAKopC,WAAWjjC,GAAOlC,KAAK2X,UAAUxV,GAC/BA,EAGTmV,cAAcpV,SACNjB,MAAMwkB,QAAQvjB,UACbnG,KAAKopC,WAAWjjC,IA9MlB2iC,wBAAI18B,KAAY,QAwNlB,MAAMy+B,EAAuC/B,wBChPpD,MAAMgC,kCACIrC,wBAKRxlC,cACEiC,OAAM,IAAMxB,OAAOqnC,2BAGrBxiB,aAAaC,EAAcC,IAK3BC,gBAAgBF,EAAcC,KAXvBqiB,0BAAI1+B,KAAc,UAuBpB,MAAM4+B,EAAyCF,0BCtBzC,MAAAG,SAUXhoC,YAA6BioC,GAAAlrC,KAAWkrC,YAAXA,EANZlrC,KAAWmrC,YAIxB,GAGFnrC,KAAKkpB,kBAAoBlpB,KAAKorC,YAAYthC,KAAK9J,MASjDqZ,oBAAoB6xB,GAIlB,MAAMG,EAAmBrrC,KAAKsrC,UAAUjG,MAAKkG,GAC3CA,EAASC,cAAcN,KAEzB,GAAIG,EACF,OAAOA,EAET,MAAMI,EAAc,IAAIR,SAASC,GAEjC,OADAlrC,KAAKsrC,UAAU9pC,KAAKiqC,GACbA,EAGDD,cAAcN,GACpB,OAAOlrC,KAAKkrC,cAAgBA,EAatB3vB,kBAGNytB,GACA,MAAM0C,EAAe1C,GACf2C,QAAEA,EAAOC,UAAEA,EAAShmC,KAAEA,GAAS8lC,EAAa9lC,KAE5CimC,EACJ7rC,KAAKmrC,YAAYS,GACnB,KAAKC,MAAAA,OAAQ,EAARA,EAAUjB,MACb,OAGFc,EAAaI,MAAM,GAAGC,YAAY,CAChCve,OAAmB,MACnBme,QAAAA,EACAC,UAAAA,IAGF,MAAMI,EAAWzrC,MAAM8pC,KAAKwB,GAAUvoB,KAAI/H,MAAM0wB,GAC9CA,EAAQP,EAAaQ,OAAQtmC,KAEzB6W,QChEJ,SAAU0vB,YACdH,GAEA,OAAOpjC,QAAQqhB,IACb+hB,EAAS1oB,KAAI/H,MAAMoB,IACjB,IAEE,MAAO,CACLyvB,WAAW,EACXhmC,YAHkBuW,GAKpB,MAAO0vB,GACP,MAAO,CACLD,WAAW,EACXC,OAAAA,QDkDiBF,CAAYH,GACnCN,EAAaI,MAAM,GAAGC,YAAY,CAChCve,OAAoB,OACpBme,QAAAA,EACAC,UAAAA,EACAnvB,SAAAA,IAWJ6vB,WACEV,EACAW,GAE6C,IAAzCpnC,OAAOuB,KAAK1G,KAAKmrC,aAAarqC,QAChCd,KAAKkrC,YAAYhS,iBAAiB,UAAWl5B,KAAKkpB,mBAG/ClpB,KAAKmrC,YAAYS,KACpB5rC,KAAKmrC,YAAYS,GAAa,IAAI3L,KAGpCjgC,KAAKmrC,YAAYS,GAAW7S,IAAIwT,GAUlCC,aACEZ,EACAW,GAEIvsC,KAAKmrC,YAAYS,IAAcW,GACjCvsC,KAAKmrC,YAAYS,GAAW9hB,OAAOyiB,GAEhCA,GAAqD,IAArCvsC,KAAKmrC,YAAYS,GAAWhB,aACxC5qC,KAAKmrC,YAAYS,GAGmB,IAAzCzmC,OAAOuB,KAAK1G,KAAKmrC,aAAarqC,QAChCd,KAAKkrC,YAAYP,oBAAoB,UAAW3qC,KAAKkpB,oBEvIrD,SAAUujB,iBAAiB3X,EAAS,GAAI4X,EAAS,IACrD,IAAI1X,EAAS,GACb,IAAK,IAAIn0B,EAAI,EAAGA,EAAI6rC,EAAQ7rC,IAC1Bm0B,GAAUnc,KAAKkc,MAAsB,GAAhBlc,KAAKmc,UAE5B,OAAOF,EAASE,EFUQiW,SAASK,UAAe,GGOrC,MAAAqB,OAGX1pC,YAA6B2pC,GAAA5sC,KAAM4sC,OAANA,EAFZ5sC,KAAA6rC,SAAW,IAAI5L,IASxB4M,qBAAqBZ,GACvBA,EAAQa,iBACVb,EAAQa,eAAeC,MAAMpC,oBAC3B,UACAsB,EAAQe,WAEVf,EAAQa,eAAeC,MAAM3jC,SAE/BpJ,KAAK6rC,SAAS/hB,OAAOmiB,GAgBvB1wB,YACEqwB,EACAhmC,EACA8I,EAA8B,IAE9B,MAAMo+B,EACsB,oBAAnBG,eAAiC,IAAIA,eAAmB,KACjE,IAAKH,EACH,MAAM,IAAIrsC,MAAK,0BAMjB,IAAIysC,EACAjB,EACJ,OAAO,IAAIrjC,SAAqC,CAACC,EAASiV,KACxD,MAAM6tB,EAAUc,iBAAiB,GAAI,IACrCK,EAAeC,MAAMI,QACrB,MAAMC,EAAWrvB,YAAW,KAC1BD,EAAO,IAAIrd,MAAK,wBACfiO,GACHu9B,EAAU,CACRa,eAAAA,EACAE,UAAUhE,GACR,MAAM0C,EAAe1C,EACrB,GAAI0C,EAAa9lC,KAAK+lC,UAAYA,EAGlC,OAAQD,EAAa9lC,KAAK4nB,QACxB,IAAA,MAEExP,aAAaovB,GACbF,EAAkBnvB,YAAW,KAC3BD,EAAO,IAAIrd,MAAK,mBAElB,MACF,IAAA,OAEEud,aAAakvB,GACbrkC,EAAQ6iC,EAAa9lC,KAAK6W,UAC1B,MACF,QACEuB,aAAaovB,GACbpvB,aAAakvB,GACbpvB,EAAO,IAAIrd,MAAK,wBAKxBT,KAAK6rC,SAAS9S,IAAIkT,GAClBa,EAAeC,MAAM7T,iBAAiB,UAAW+S,EAAQe,WACzDhtC,KAAK4sC,OAAOb,YACV,CACEH,UAAAA,EACAD,QAAAA,EACA/lC,KAAAA,GAEF,CAACknC,EAAeO,WAEjBC,SAAQ,KACLrB,GACFjsC,KAAK6sC,qBAAqBZ,OC5FlB,SAAAsB,UACd,OAAO7pC,OCzBO,SAAA8pC,YACd,YAC4C,IAAnCD,UAA6B,mBACE,mBAA/BA,UAAyB,cCqB7B,MAAME,EAAU,yBAgBvB,MAAMC,UACJzqC,YAA6BoY,GAAArb,KAAOqb,QAAPA,EAE7BsyB,YACE,OAAO,IAAI/kC,SAAW,CAACC,EAASiV,KAC9B9d,KAAKqb,QAAQ6d,iBAAiB,WAAW,KACvCrwB,EAAQ7I,KAAKqb,QAAQsV,WAEvB3wB,KAAKqb,QAAQ6d,iBAAiB,SAAS,KACrCpb,EAAO9d,KAAKqb,QAAQ/X,cAM5B,SAASsqC,eAAeC,EAAiBC,GACvC,OAAOD,EACJE,YAAY,CA/BW,wBA+BYD,EAAc,YAAc,YAC/DE,YAhCuB,wBA6CZ,SAAAC,gBACd,MAAM5yB,EAAU6yB,UAAUC,KAAKV,EA/Cd,GAgDjB,OAAO,IAAI7kC,SAAQ,CAACC,EAASiV,KAC3BzC,EAAQ6d,iBAAiB,SAAS,KAChCpb,EAAOzC,EAAQ/X,UAGjB+X,EAAQ6d,iBAAiB,iBAAiB,KACxC,MAAM2U,EAAKxyB,EAAQsV,OAEnB,IACEkd,EAAGO,kBAxDiB,uBAwDsB,CAAEC,QAvD5B,cAwDhB,MAAOjrC,GACP0a,EAAO1a,OAIXiY,EAAQ6d,iBAAiB,WAAW3d,UAClC,MAAMsyB,EAAkBxyB,EAAQsV,OAM3Bkd,EAAGS,iBAAiBC,SArEH,wBA2EpB1lC,EAAQglC,IAJRA,EAAGzkC,cA/BK,SAAAolC,kBACd,MAAMnzB,EAAU6yB,UAAUO,eAAehB,GACzC,OAAO,IAAIC,UAAgBryB,GAASsyB,YA8BxBa,GACN3lC,QAAcolC,wBAQf1yB,eAAemzB,WACpBb,EACA1nC,EACAC,GAEA,MAAMiV,EAAUuyB,eAAeC,GAAI,GAAMc,IAAI,CAC3CC,UAAmBzoC,EACnBC,MAAAA,IAEF,OAAO,IAAIsnC,UAAgBryB,GAASsyB,YAYtB,SAAAkB,cAAchB,EAAiB1nC,GAC7C,MAAMkV,EAAUuyB,eAAeC,GAAI,GAAM/jB,OAAO3jB,GAChD,OAAO,IAAIunC,UAAgBryB,GAASsyB,YAMtC,MAAMmB,0BAqBJ7rC,cAlBAjD,KAAAoM,KAA6B,QAEpBpM,KAAqBsqB,uBAAG,EAEhBtqB,KAASmpC,UAA8C,GACvDnpC,KAAUopC,WAA4C,GAG/DppC,KAASqpC,UAAe,KACxBrpC,KAAa+uC,cAAG,EAEhB/uC,KAAQurC,SAAoB,KAC5BvrC,KAAMgvC,OAAkB,KACxBhvC,KAA8BivC,gCAAG,EACjCjvC,KAAmBkvC,oBAAyB,KAMlDlvC,KAAKmvC,6BACHnvC,KAAKovC,mCAAmCrmC,MACtC,SACA,SAINwS,gBACE,OAAIvb,KAAK6tC,KAGT7tC,KAAK6tC,SAAWI,iBAFPjuC,KAAK6tC,GAMhBtyB,mBAAsB8zB,GACpB,IAAIC,EAAc,EAElB,OACE,IACE,MAAMzB,QAAW7tC,KAAKuvC,UACtB,aAAaF,EAAGxB,GAChB,MAAOzqC,GACP,GAAIksC,IAhD4B,EAiD9B,MAAMlsC,EAEJpD,KAAK6tC,KACP7tC,KAAK6tC,GAAGzkC,QACRpJ,KAAK6tC,QAAKzlC,IAWVmT,yCACN,OAAOiyB,YAAcxtC,KAAKwvC,qBAAuBxvC,KAAKyvC,mBAMhDl0B,2BACNvb,KAAKurC,SAAWN,SAAShjB,aDvLb,SAAAynB,wBACd,OAAOlC,YAAe/pC,KAAoC,KCsLlBisC,IAEtC1vC,KAAKurC,SAASe,WAAU,cAEtB/wB,MAAOo0B,EAAiB/pC,KAEf,CACLgqC,oBAFiB5vC,KAAK6vC,SAEHhpC,SAASjB,EAAKO,SAKvCnG,KAAKurC,SAASe,WAAU,QAEtB/wB,MAAOo0B,EAAiBG,IACf,iBAYLv0B,iCAGN,GADAvb,KAAKkvC,0BDpOF3zB,eAAew0B,0BACpB,KAAK,OAAAlrC,gBAAS,IAATA,eAAS,EAATA,UAAWmrC,eACd,OAAO,KAET,IAEE,aAD2BnrC,UAAUmrC,cAAc5a,OAC/B6a,OACpB,MAAMtrC,GACN,OAAO,MC4N0BorC,IAC5B/vC,KAAKkvC,oBACR,OAEFlvC,KAAKgvC,OAAS,IAAIrC,OAAO3sC,KAAKkvC,qBAE9B,MAAMgB,QAAgBlwC,KAAKgvC,OAAOmB,MAAK,OAErC,GAAE,KAGCD,IAIO,QAAVvrC,EAAAurC,EAAQ,UAAE,IAAAvrC,OAAA,EAAAA,EAAEynC,aACF,QAAV/kB,EAAA6oB,EAAQ,UAAE,IAAA7oB,OAAA,EAAAA,EAAEjhB,MAAMS,SAAgC,iBAElD7G,KAAKivC,gCAAiC,GAalC1zB,0BAA0BpV,GAChC,GACGnG,KAAKgvC,QACLhvC,KAAKkvC,qBD1PI,SAAAkB,oCACd,OAA+B,QAAxBzrC,EAAS,OAATE,gBAAS,IAATA,eAAS,EAATA,UAAWmrC,qBAAa,IAAArrC,OAAA,EAAAA,EAAE0rC,aAAc,KC0P3CD,KAAkCpwC,KAAKkvC,oBAIzC,UACQlvC,KAAKgvC,OAAOmB,MAEhB,aAAA,CAAEhqC,IAAAA,GAEFnG,KAAKivC,+BACF,IACA,IAEL,MAAMtqC,KAKV4W,qBACE,IACE,IAAK2yB,UACH,OAAO,EAET,MAAML,QAAWI,gBAGjB,aAFMS,WAAWb,ETzRc,QSyRa,WACtCgB,cAAchB,ET1RW,US2RxB,EACP,MAAAlpC,IACF,OAAO,EAGD4W,wBAAwB+0B,GAC9BtwC,KAAK+uC,gBACL,UACQuB,IACE,QACRtwC,KAAK+uC,iBAITxzB,WAAWpV,EAAaC,GACtB,OAAOpG,KAAKuwC,mBAAkBh1B,gBACtBvb,KAAKwwC,cAAc3C,GAAoBa,WAAWb,EAAI1nC,EAAKC,KACjEpG,KAAKopC,WAAWjjC,GAAOC,EAChBpG,KAAKywC,oBAAoBtqC,MAIpCoV,WAAuCpV,GACrC,MAAMuB,QAAa1H,KAAKwwC,cAAc3C,GAxM1CtyB,eAAem1B,UACb7C,EACA1nC,GAEA,MAAMkV,EAAUuyB,eAAeC,GAAI,GAAOj1B,IAAIzS,GACxCP,QAAa,IAAI8nC,UAAgCryB,GAASsyB,YAChE,YAAgBvlC,IAATxC,EAAqB,KAAOA,EAAKQ,MAmMpCsqC,CAAU7C,EAAI1nC,KAGhB,OADAnG,KAAKopC,WAAWjjC,GAAOuB,EAChBA,EAGT6T,cAAcpV,GACZ,OAAOnG,KAAKuwC,mBAAkBh1B,gBACtBvb,KAAKwwC,cAAc3C,GAAoBgB,cAAchB,EAAI1nC,YACxDnG,KAAKopC,WAAWjjC,GAChBnG,KAAKywC,oBAAoBtqC,MAI5BoV,cAEN,MAAMoV,QAAe3wB,KAAKwwC,cAAc3C,IACtC,MAAM8C,EAAgB/C,eAAeC,GAAI,GAAO+C,SAChD,OAAO,IAAIlD,UAA6BiD,GAAehD,eAGzD,IAAKhd,EACH,MAAO,GAIT,GAA2B,IAAvB3wB,KAAK+uC,cACP,MAAO,GAGT,MAAMroC,EAAO,GACPmqC,EAAe,IAAI5Q,IACzB,GAAsB,IAAlBtP,EAAO7vB,OACT,IAAK,MAAQ8tC,UAAWzoC,EAAGC,MAAEA,KAAWuqB,EACtCkgB,EAAa9X,IAAI5yB,GACblC,KAAK2X,UAAU5b,KAAKopC,WAAWjjC,MAAUlC,KAAK2X,UAAUxV,KAC1DpG,KAAK+pC,gBAAgB5jC,EAAKC,GAC1BM,EAAKlF,KAAK2E,IAKhB,IAAK,MAAM2qC,KAAY3rC,OAAOuB,KAAK1G,KAAKopC,YAClCppC,KAAKopC,WAAW0H,KAAcD,EAAapQ,IAAIqQ,KAEjD9wC,KAAK+pC,gBAAgB+G,EAAU,MAC/BpqC,EAAKlF,KAAKsvC,IAGd,OAAOpqC,EAGDqjC,gBACN5jC,EACAyjC,GAEA5pC,KAAKopC,WAAWjjC,GAAOyjC,EACvB,MAAMT,EAAYnpC,KAAKmpC,UAAUhjC,GACjC,GAAIgjC,EACF,IAAK,MAAMiB,KAAY7pC,MAAM8pC,KAAKlB,GAChCiB,EAASR,GAKPU,eACNtqC,KAAKiqC,cAELjqC,KAAKqpC,UAAYkB,aACfhvB,SAAYvb,KAAK6vC,SAhQa,KAqQ1B5F,cACFjqC,KAAKqpC,YACPoB,cAAczqC,KAAKqpC,WACnBrpC,KAAKqpC,UAAY,MAIrB9gB,aAAapiB,EAAaikC,GACmB,IAAvCjlC,OAAOuB,KAAK1G,KAAKmpC,WAAWroC,QAC9Bd,KAAKsqC,eAEFtqC,KAAKmpC,UAAUhjC,KAClBnG,KAAKmpC,UAAUhjC,GAAO,IAAI85B,IAErBjgC,KAAKupB,KAAKpjB,IAEjBnG,KAAKmpC,UAAUhjC,GAAK4yB,IAAIqR,GAG1B1hB,gBAAgBviB,EAAaikC,GACvBpqC,KAAKmpC,UAAUhjC,KACjBnG,KAAKmpC,UAAUhjC,GAAK2jB,OAAOsgB,GAEM,IAA7BpqC,KAAKmpC,UAAUhjC,GAAKykC,aACf5qC,KAAKmpC,UAAUhjC,IAIiB,IAAvChB,OAAOuB,KAAK1G,KAAKmpC,WAAWroC,QAC9Bd,KAAKiqC,eA9RF6E,0BAAI1iC,KAAY,QAySlB,MAAM2kC,EAAyCjC,0BC/ZzC,MAAAkC,cAIX/tC,YAA6ByT,GAAA1W,KAAI0W,KAAJA,EAHrB1W,KAAOixC,QATe,KAU9BjxC,KAAAkxC,SAAW,IAAIlpB,IAIfmpB,OACEC,EACAC,GAEA,MAAMj5B,EAAKpY,KAAKixC,QAMhB,OALAjxC,KAAKkxC,SAAS9oB,IACZhQ,EACA,IAAIk5B,WAAWF,EAAWpxC,KAAK0W,KAAKxT,KAAMmuC,GAAc,KAE1DrxC,KAAKixC,UACE74B,EAGTm5B,MAAMC,SACJ,MAAMp5B,EAAKo5B,GA5BiB,KA6BF,QAArB7sC,EAAA3E,KAAKkxC,SAASt4B,IAAIR,UAAG,IAAAzT,GAAAA,EAAEmlB,SAC5B9pB,KAAKkxC,SAASpnB,OAAO1R,GAGvBmG,YAAYizB,SACV,MAAMp5B,EAAKo5B,GAlCiB,KAmC5B,OAA8B,QAAvB7sC,EAAA3E,KAAKkxC,SAASt4B,IAAIR,UAAK,IAAAzT,OAAA,EAAAA,EAAA4Z,gBAAiB,GAGjDhD,cAAci2B,SACZ,MAAMp5B,EAAco5B,GAvCQ,KAyC5B,OAD0B,QAArB7sC,EAAA3E,KAAKkxC,SAASt4B,IAAIR,UAAG,IAAAzT,GAAAA,EAAE0wB,UACrB,IA+CE,MAAAic,WAUXruC,YACEwuC,EACA56B,EACiBzP,GAAApH,KAAMoH,OAANA,EAVXpH,KAAOwhB,QAAkB,KACzBxhB,KAAO0xC,SAAG,EACV1xC,KAAa2xC,cAAkB,KACtB3xC,KAAY4xC,aAAG,KAC9B5xC,KAAKq1B,WAQL,MAAM+b,EACqB,iBAAlBK,EACHrtC,SAASytC,eAAeJ,GACxBA,EACNt6B,QAAQi6B,EAAS,iBAAgC,CAAEv6B,QAAAA,IAEnD7W,KAAKoxC,UAAYA,EACjBpxC,KAAK8xC,UAAiC,cAArB9xC,KAAKoH,OAAOwjC,KACzB5qC,KAAK8xC,UACP9xC,KAAKq1B,UAELr1B,KAAKoxC,UAAUlY,iBAAiB,QAASl5B,KAAK4xC,cAIlDrzB,cAEE,OADAve,KAAK+xC,iBACE/xC,KAAK2xC,cAGd7nB,SACE9pB,KAAK+xC,iBACL/xC,KAAK0xC,SAAU,EACX1xC,KAAKwhB,UACPxD,aAAahe,KAAKwhB,SAClBxhB,KAAKwhB,QAAU,MAEjBxhB,KAAKoxC,UAAUzG,oBAAoB,QAAS3qC,KAAK4xC,cAGnDvc,UACEr1B,KAAK+xC,iBACD/xC,KAAKwhB,UAITxhB,KAAKwhB,QAAU9d,OAAOqa,YAAW,KAC/B/d,KAAK2xC,cA+BX,SAASK,iCAAiCC,GACxC,MAAMC,EAAQ,GACRC,EACJ,iEACF,IAAK,IAAItxC,EAAI,EAAGA,EAAIoxC,EAAKpxC,IACvBqxC,EAAM1wC,KACJ2wC,EAAarvC,OAAO+V,KAAKkc,MAAMlc,KAAKmc,SAAWmd,EAAarxC,UAGhE,OAAOoxC,EAAMzwC,KAAK,IAxCOuwC,CAAiC,IACtD,MAAMjlC,SAAEA,EAAU,mBAAoBqlC,GAAoBpyC,KAAKoH,OAC/D,GAAI2F,EACF,IACEA,EAAS/M,KAAK2xC,eACd,MAAOvuC,IAGXpD,KAAKwhB,QAAU9d,OAAOqa,YAAW,KAG/B,GAFA/d,KAAKwhB,QAAU,KACfxhB,KAAK2xC,cAAgB,KACjBS,EACF,IACEA,IACA,MAAOhvC,IAGPpD,KAAK8xC,WACP9xC,KAAKq1B,YA/JoB,OADL,MAsKpB0c,iBACN,GAAI/xC,KAAK0xC,QACP,MAAM,IAAIjxC,MAAM,wCCtKf,MAAM4xC,EAAmBC,sBAAgC,OAC1DC,EAAwB,IAAIl6B,MAAM,IAAO,KAgBlC,MAAAm6B,oBAAbvvC,oBACUjD,KAAYyyC,aAAG,GACfzyC,KAAOixC,QAAG,EAMDjxC,KAAA0yC,2BAAgD,QAApB/tC,EAAA4oC,UAAUjvB,kBAAU,IAAA3Z,OAAA,EAAAA,EAAEwsC,QAEnEwB,KAAKj8B,EAAoBk8B,EAAK,IAG5B,OAFAz7B,QAoEJ,SAAS07B,oBAAoBD,GAC3B,OAAOA,EAAG9xC,QAAU,GAAK,yBAAyB4X,KAAKk6B,GArE7CC,CAAoBD,GAAKl8B,oBAE7B1W,KAAK8yC,yBAAyBF,IAAOv0B,KAAKkvB,UAAUjvB,YAC/C1V,QAAQC,QAAQ0kC,UAAUjvB,YAE5B,IAAI1V,SAAmB,CAACC,EAASiV,KACtC,MAAMvB,EAAiBgxB,UAAUxvB,YAAW,KAC1CD,EAAOtH,aAAaE,EAAI,6BACvB67B,EAAsB35B,OAEzB20B,UAAU8E,GAAoB,KAC5B9E,UAAUvvB,aAAazB,UAChBgxB,UAAU8E,GAEjB,MAAMU,EAAYxF,UAAUjvB,WAE5B,IAAKy0B,IAAc10B,KAAK00B,GAEtB,YADAj1B,EAAOtH,aAAaE,EAAI,mBAM1B,MAAMy6B,EAAS4B,EAAU5B,OACzB4B,EAAU5B,OAAS,CAACC,EAAWhqC,KAC7B,MAAM4rC,EAAW7B,EAAOC,EAAWhqC,GAEnC,OADApH,KAAKixC,UACE+B,GAGThzC,KAAKyyC,aAAeG,EACpB/pC,EAAQkqC,IASVE,QANY,G3DlDF,SAAAC,wBACd,OAAO3e,EAAmBC,kB2DiDP2e,MAAqCjsC,YAAY,CAC9DksC,OAAQf,EACRlB,OAAQ,WACRyB,GAAAA,OAGqB5pC,OAAM,KAC3BgV,aAAazB,GACbuB,EAAOtH,aAAaE,EAAI,yBAK9B28B,qBACErzC,KAAKixC,UAGC6B,yBAAyBF,SAQ/B,SAC0B,QAAtBjuC,EAAA4oC,UAAUjvB,kBAAY,IAAA3Z,OAAA,EAAAA,EAAAwsC,UACvByB,IAAO5yC,KAAKyyC,cACXzyC,KAAKixC,QAAU,GACfjxC,KAAK0yC,0BASA,MAAAY,wBACX/3B,WAAW7E,GACT,OAAO,IAAIs6B,cAAct6B,GAG3B28B,uBCrGK,MAEDE,EAAsC,CAC1CC,MAAO,QACPpnC,KAAM,SAaK,MAAAqnC,kBAuCXxwC,YACEiyB,EACAuc,EACiBJ,EAAAlsC,OAAAyR,OAAA,GACZ28B,IADYvzC,KAAUqxC,WAAVA,EAnCVrxC,KAAIoM,KAxBwB,YAyB7BpM,KAAS0zC,WAAG,EACZ1zC,KAAQgzC,SAAkB,KAGjBhzC,KAAA2zC,qBAAuB,IAAI1T,IACpCjgC,KAAa4zC,cAA2B,KAKxC5zC,KAAS+yC,UAAqB,KA4BpC/yC,KAAK0W,KAAO0d,UAAUc,GACtBl1B,KAAK6zC,YAAuC,cAAzB7zC,KAAKqxC,WAAWzG,KACnCzzB,QACsB,oBAAb/S,SACPpE,KAAK0W,KAAI,+CAGX,MAAM06B,EACqB,iBAAlBK,EACHrtC,SAASytC,eAAeJ,GACxBA,EACNt6B,QAAQi6B,EAAWpxC,KAAK0W,uBAExB1W,KAAKoxC,UAAYA,EACjBpxC,KAAKqxC,WAAWtkC,SAAW/M,KAAK8zC,kBAAkB9zC,KAAKqxC,WAAWtkC,UAElE/M,KAAK+zC,iBAAmB/zC,KAAK0W,KAAK6Y,SAASC,kCACvC,IAAI8jB,wBACJ,IAAId,oBAERxyC,KAAKg0C,wBASPz4B,eACEvb,KAAKi0C,qBACL,MAAM77B,QAAWpY,KAAKmxC,SAChB4B,EAAY/yC,KAAKk0C,uBAEjBz3B,EAAWs2B,EAAUx0B,YAAYnG,GACvC,OAAIqE,GAIG,IAAI7T,SAAgBC,IACzB,MAAMsrC,YAAevsC,IACdA,IAGL5H,KAAK2zC,qBAAqB7pB,OAAOqqB,aACjCtrC,EAAQjB,KAGV5H,KAAK2zC,qBAAqB5a,IAAIob,aAC1Bn0C,KAAK6zC,aACPd,EAAU1d,QAAQjd,MAUxB+4B,SACE,IACEnxC,KAAKi0C,qBACL,MAAO7wC,GAIP,OAAOwF,QAAQkV,OAAO1a,GAGxB,OAAIpD,KAAK4zC,gBAIT5zC,KAAK4zC,cAAgB5zC,KAAKo0C,oBAAoBprC,OAAM5F,IAElD,MADApD,KAAK4zC,cAAgB,KACfxwC,MALCpD,KAAK4zC,cAYhBS,SACEr0C,KAAKi0C,qBACiB,OAAlBj0C,KAAKgzC,UACPhzC,KAAKk0C,uBAAuB3C,MAAMvxC,KAAKgzC,UAO3CsB,QACEt0C,KAAKi0C,qBACLj0C,KAAK0zC,WAAY,EACjB1zC,KAAK+zC,iBAAiBV,qBACjBrzC,KAAK6zC,aACR7zC,KAAKoxC,UAAUmD,WAAWjtC,SAAQktC,IAChCx0C,KAAKoxC,UAAUqD,YAAYD,MAKzBR,wBACN78B,SAASnX,KAAKqxC,WAAWqD,QAAS10C,KAAK0W,KAAI,kBAC3CS,QACEnX,KAAK6zC,cAAgB7zC,KAAKoxC,UAAUuD,gBACpC30C,KAAK0W,uBAGPS,QACsB,oBAAb/S,SACPpE,KAAK0W,KAAI,+CAKLo9B,kBACNc,GAEA,OAAOhtC,IAEL,GADA5H,KAAK2zC,qBAAqBrsC,SAAQ8iC,GAAYA,EAASxiC,KAC/B,mBAAbgtC,EACTA,EAAShtC,QACJ,GAAwB,iBAAbgtC,EAAuB,CACvC,MAAMC,EAAatH,UAAUqH,GACH,mBAAfC,GACTA,EAAWjtC,KAMXqsC,qBACN98B,SAASnX,KAAK0zC,UAAW1zC,KAAK0W,KAAI,kBAG5B6E,0BAEN,SADMvb,KAAK80C,QACN90C,KAAKgzC,SAAU,CAClB,IAAI5B,EAAYpxC,KAAKoxC,UACrB,IAAKpxC,KAAK6zC,YAAa,CACrB,MAAMkB,EAAkB3wC,SAAS4zB,cAAc,OAC/CoZ,EAAUpY,YAAY+b,GACtB3D,EAAY2D,EAGd/0C,KAAKgzC,SAAWhzC,KAAKk0C,uBAAuB/C,OAC1CC,EACApxC,KAAKqxC,YAIT,OAAOrxC,KAAKgzC,SAGNz3B,aACNpE,QACEQ,mBAAqB61B,YACrBxtC,KAAK0W,KAAI,wBAqBf,SAASs+B,WACP,IAAIliB,EAAgC,KACpC,OAAO,IAAIlqB,SAAcC,IACK,aAAxBzE,SAAS60B,YAQbnG,EAAW,IAAMjqB,IACjBnF,OAAOw1B,iBAAiB,OAAQpG,IAR9BjqB,OASDG,OAAM5F,IAKP,MAJI0vB,GACFpvB,OAAOinC,oBAAoB,OAAQ7X,GAG/B1vB,KAnCA4xC,GACNh1C,KAAK+yC,gBAAkB/yC,KAAK+zC,iBAAiBpB,KAC3C3yC,KAAK0W,KACL1W,KAAK0W,KAAKuF,mBAAgB7T,GAG5B,MAAMuW,QhF5OHpD,eAAe05B,mBAAmBv+B,GACvC,aAEU8E,mBACJ9E,EAGD,MAAA,wBACDw+B,kBAAoB,GgFoOAD,CAAmBj1C,KAAK0W,MAC9CS,QAAQwH,EAAS3e,KAAK0W,uBACtB1W,KAAKqxC,WAAWqD,QAAU/1B,EAGpBu1B,uBAEN,OADA/8B,QAAQnX,KAAK+yC,UAAW/yC,KAAK0W,KAAI,kBAC1B1W,KAAK+yC,WC5NhB,MAAMoC,uBACJlyC,YACWw4B,EACQ2Z,GADRp1C,KAAcy7B,eAAdA,EACQz7B,KAAco1C,eAAdA,EAGnBC,QAAQ3Z,GACN,MAAM4Z,EAAiB9Z,oBAAoB+Z,kBACzCv1C,KAAKy7B,eACLC,GAEF,OAAO17B,KAAKo1C,eAAeE,IAoCxB/5B,eAAeqgB,sBACpBllB,EACAyH,EACAq3B,GAEA,MAAMze,EAAe3C,UAAU1d,GACzB+kB,QAAuBga,mBAC3B1e,EACA5Y,EACAhU,mBAAmBqrC,IAErB,OAAO,IAAIL,uBAAuB1Z,GAAgBX,GAChDmG,qBAAqBlK,EAAc+D,KAgBhCvf,eAAeugB,oBACpBlc,EACAzB,EACAq3B,GAEA,MAAMz1B,EAAe5V,mBAAmByV,SAClCwgB,qBAAoB,EAAOrgB,WACjC,MAAM0b,QAAuBga,mBAC3B11B,EAAarJ,KACbyH,EACAhU,mBAAmBqrC,IAErB,OAAO,IAAIL,uBAAuB1Z,GAAgBX,GAChDoG,mBAAmBnhB,EAAc+a,KAkB9Bvf,eAAem6B,8BACpB91B,EACAzB,EACAq3B,GAEA,MAAMz1B,EAAe5V,mBAAmByV,GAClC6b,QAAuBga,mBAC3B11B,EAAarJ,KACbyH,EACAhU,mBAAmBqrC,IAErB,OAAO,IAAIL,uBAAuB1Z,GAAgBX,GAChDqG,6BAA6BphB,EAAc+a,KAQxCvf,eAAek6B,mBACpB/+B,EACAgd,EACAoC,SAEA,MAAM6f,QAAuB7f,EAASE,SAEtC,IAYE,IAAI4f,EAUJ,GArBAz+B,QAC4B,iBAAnBw+B,EACPj/B,oBAGFS,QD/JmC,cCgKjC2e,EAAS1pB,KACTsK,EAAI,kBAOJk/B,EADqB,iBAAZliB,EACU,CACjBvV,YAAauV,GAGIA,EAGjB,YAAakiB,EAAkB,CACjC,MAAMvO,EAAUuO,EAAiBvO,QAEjC,GAAI,gBAAiBuO,EAAkB,CACrCz+B,QAEE,WADAkwB,EAAQj7B,KACRsK,oBAGF,MAAM+F,QftJE,SAAAo5B,oBACdn/B,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,mCAAA0E,mBAAmB1E,EAAM2E,Ie2IEw6B,CAAoBn/B,EAAM,CAC/CmM,QAASwkB,EAAQpJ,WACjB6X,oBAAqB,CACnB33B,YAAay3B,EAAiBz3B,YAC9Bw3B,eAAAA,KAGJ,OAAOl5B,EAASs5B,iBAAiB9Z,YAC5B,CACL9kB,QAEE,WADAkwB,EAAQj7B,KACRsK,oBAGF,MAAM+qB,GAC4B,QAAhC98B,EAAAixC,EAAiBI,uBAAe,IAAArxC,OAAA,EAAAA,EAAE6e,MAClCoyB,EAAiBK,eACnB9+B,QAAQsqB,EAAiB/qB,+BACzB,MAAM+F,QChLE,SAAAy5B,oBACdx/B,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,+BAAA0E,mBAAmB1E,EAAM2E,IDqKE66B,CAAoBx/B,EAAM,CAC/CqwB,qBAAsBM,EAAQpJ,WAC9BwD,gBAAAA,EACA0U,gBAAiB,CACfR,eAAAA,KAGJ,OAAOl5B,EAAS25B,kBAAkBna,aAE/B,CACL,MAAMA,YAAEA,SlD9MP1gB,eAAe86B,0BACpB3/B,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,oCAAA0E,mBAAmB1E,EAAM2E,IkDmMOg7B,CAA0B3/B,EAAM,CAC5DyH,YAAay3B,EAAiBz3B,YAC9Bw3B,eAAAA,IAEF,OAAO1Z,GAED,QACRnG,EAASue,UA0BN94B,eAAe+6B,kBACpB12B,EACAqe,SAEMyC,QAAMv2B,mBAAmByV,GAAuBqe,GEpO3C,MAAAsY,kBAcXtzC,YAAYyT,GAPH1W,KAAAujB,WAAagzB,kBAAkBzZ,YAQtC98B,KAAK0W,KAAO0d,UAAU1d,GAkCxB8/B,kBACEC,EACAC,GAEA,OAAOjB,mBACLz1C,KAAK0W,KACL+/B,EACAtsC,mBAAmBusC,IA+BvBr9B,kBACEoiB,EACAC,GAEA,OAAOF,oBAAoB+Z,kBACzB9Z,EACAC,GAQJriB,4BACE+kB,GAEA,MAAMH,EAAaG,EACnB,OAAOmY,kBAAkB5X,2BAA2BV,GAmCtD5kB,2BAA2B/V,GACzB,OAAOizC,kBAAkB5X,2BACtBr7B,EAAM2B,YAAc,IAIjBoU,mCACN+E,eAAgBkgB,IAEhB,IAAKA,EACH,OAAO,KAET,MAAMngB,YAAEA,EAAWwd,eAAEA,GACnB2C,EACF,OAAIngB,GAAewd,EACVH,oBAAoBmb,mBACzBx4B,EACAwd,GAGG,MC1LK,SAAAib,qBACdlgC,EACAmgC,GAEA,OAAIA,EACK5uB,aAAa4uB,IAGtB1/B,QAAQT,EAAKuY,uBAAwBvY,oBAE9BA,EAAKuY,wBDkBIsnB,kBAAAzZ,YAAwC,QAExCyZ,kBAAAO,qBAAmD,QEXrE,MAAMC,sBAAsB3d,eAC1Bn2B,YAAqBmE,GACnBlC,yBADmBlF,KAAMoH,OAANA,EAIrBkyB,oBAAoB5iB,GAClB,OAAOikB,cAAcjkB,EAAM1W,KAAKg3C,oBAGlCxd,eACE9iB,EACAmM,GAEA,OAAO8X,cAAcjkB,EAAM1W,KAAKg3C,iBAAiBn0B,IAGnD6W,6BAA6BhjB,GAC3B,OAAOikB,cAAcjkB,EAAM1W,KAAKg3C,oBAG1BA,iBAAiBn0B,GACvB,MAAMxH,EAAgC,CACpCggB,WAAYr7B,KAAKoH,OAAOi0B,WACxB4b,UAAWj3C,KAAKoH,OAAO6vC,UACvB3b,SAAUt7B,KAAKoH,OAAOk0B,SACtBhgB,SAAUtb,KAAKoH,OAAOkU,SACtBuf,aAAc76B,KAAKoH,OAAOyzB,aAC1BL,mBAAmB,EACnB0c,qBAAqB,GAOvB,OAJIr0B,IACFxH,EAAQwH,QAAUA,GAGbxH,GAIL,SAAU87B,QACd/vC,GAEA,OAAO45B,sBACL55B,EAAOsP,KACP,IAAIqgC,cAAc3vC,GAClBA,EAAO8Z,iBAIL,SAAUk2B,QACdhwC,GAEA,MAAMsP,KAAEA,EAAIkJ,KAAEA,GAASxY,EAEvB,OADA+P,QAAQyI,EAAMlJ,oBACPmqB,gBACLjhB,EACA,IAAIm3B,cAAc3vC,GAClBA,EAAO8Z,iBAIJ3F,eAAemlB,MACpBt5B,GAEA,MAAMsP,KAAEA,EAAIkJ,KAAEA,GAASxY,EAEvB,OADA+P,QAAQyI,EAAMlJ,oBACP2gC,QAAUz3B,EAAM,IAAIm3B,cAAc3vC,GAASA,EAAO8Z,iBCnErC,MAAAo2B,+BASpBr0C,YACqByT,EACnBuN,EACmB6O,EACTlT,EACSsB,GAAkB,GAJlBlhB,KAAI0W,KAAJA,EAEA1W,KAAQ8yB,SAARA,EACT9yB,KAAI4f,KAAJA,EACS5f,KAAekhB,gBAAfA,EAXblhB,KAAcu3C,eAA0B,KACxCv3C,KAAYw3C,aAAwB,KAY1Cx3C,KAAKikB,OAAS1jB,MAAMC,QAAQyjB,GAAUA,EAAS,CAACA,GAKlDoR,UACE,OAAO,IAAIzsB,SACT2S,MAAO1S,EAASiV,KACd9d,KAAKu3C,eAAiB,CAAE1uC,QAAAA,EAASiV,OAAAA,GAEjC,IACE9d,KAAKw3C,mBAAqBx3C,KAAK8yB,SAAS/C,YAAY/vB,KAAK0W,YACnD1W,KAAKy3C,cACXz3C,KAAKw3C,aAAaE,iBAAiB13C,MACnC,MAAOoD,GACPpD,KAAK8d,OAAO1a,OAMpBmY,kBAAkBytB,GAChB,MAAM2O,YAAEA,EAAWV,UAAEA,EAAS3b,SAAEA,EAAQhgB,SAAEA,EAAQhY,MAAEA,EAAK8I,KAAEA,GAAS48B,EACpE,GAAI1lC,EAEF,YADAtD,KAAK8d,OAAOxa,GAId,MAAM8D,EAAwB,CAC5BsP,KAAM1W,KAAK0W,KACX2kB,WAAYsc,EACZV,UAAWA,EACX37B,SAAUA,QAAYlT,EACtBkzB,SAAUA,QAAYlzB,EACtBwX,KAAM5f,KAAK4f,KACXsB,gBAAiBlhB,KAAKkhB,iBAGxB,IACElhB,KAAK6I,cAAc7I,KAAK43C,WAAWxrC,EAAhBpM,CAAsBoH,IACzC,MAAOhE,GACPpD,KAAK8d,OAAO1a,IAIhBy0C,QAAQv0C,GACNtD,KAAK8d,OAAOxa,GAGNs0C,WAAWxrC,GACjB,OAAQA,GACN,IAAqC,iBACrC,IAAA,oBACE,OAAO+qC,QACT,IAAkC,eAClC,IAAA,kBACE,OAAOzW,MACT,IAAoC,iBACpC,IAAA,oBACE,OAAO0W,QACT,QACEhhC,MAAMpW,KAAK0W,wBAIP7N,QAAQiyB,GAChBvjB,YAAYvX,KAAKu3C,eAAgB,iCACjCv3C,KAAKu3C,eAAe1uC,QAAQiyB,GAC5B96B,KAAK83C,uBAGGh6B,OAAOxa,GACfiU,YAAYvX,KAAKu3C,eAAgB,iCACjCv3C,KAAKu3C,eAAez5B,OAAOxa,GAC3BtD,KAAK83C,uBAGCA,uBACF93C,KAAKw3C,cACPx3C,KAAKw3C,aAAaO,mBAAmB/3C,MAGvCA,KAAKu3C,eAAiB,KACtBv3C,KAAKg4C,WC1FF,MAAMC,EAA6B,IAAI5/B,MAAM,IAAM,KAgCnDkD,eAAe28B,gBACpBxhC,EACAsI,EACA8T,GAEA,MAAMiE,EAAe3C,UAAU1d,GAC/BI,kBAAkBJ,EAAMsI,EAAUme,uBAClC,MAAMgb,EAAmBvB,qBAAqB7f,EAAcjE,GAO5D,OANe,IAAIslB,eACjBrhB,EAAY,iBAEZ/X,EACAm5B,GAEYE,iBA8BT98B,eAAe+8B,wBACpB14B,EACAZ,EACA8T,GAEA,MAAM/S,EAAe5V,mBAAmByV,GACxC9I,kBAAkBiJ,EAAarJ,KAAMsI,EAAUme,uBAC/C,MAAMgb,EAAmBvB,qBAAqB72B,EAAarJ,KAAMoc,GAQjE,OAPe,IAAIslB,eACjBr4B,EAAarJ,KAAI,iBAEjBsI,EACAm5B,EACAp4B,GAEYs4B,iBA4BT98B,eAAeg9B,cACpB34B,EACAZ,EACA8T,GAEA,MAAM/S,EAAe5V,mBAAmByV,GACxC9I,kBAAkBiJ,EAAarJ,KAAMsI,EAAUme,uBAC/C,MAAMgb,EAAmBvB,qBAAqB72B,EAAarJ,KAAMoc,GASjE,OAPe,IAAIslB,eACjBr4B,EAAarJ,KAAI,eAEjBsI,EACAm5B,EACAp4B,GAEYs4B,iBAQhB,MAAMD,uBAAuBd,+BAO3Br0C,YACEyT,EACAuN,EACiBjF,EACjB8T,EACAlT,GAEA1a,MAAMwR,EAAMuN,EAAQ6O,EAAUlT,GAJb5f,KAAQgf,SAARA,EANXhf,KAAUw4C,WAAqB,KAC/Bx4C,KAAMy4C,OAAkB,KAU1BL,eAAeM,oBACjBN,eAAeM,mBAAmBC,SAGpCP,eAAeM,mBAAqB14C,KAGtCub,uBACE,MAAMoV,QAAe3wB,KAAKq1B,UAE1B,OADAle,QAAQwZ,EAAQ3wB,KAAK0W,uBACdia,EAGTpV,oBACEhE,YACyB,IAAvBvX,KAAKikB,OAAOnjB,OACZ,0CAEF,MAAM6qC,EAAUc,mBAChBzsC,KAAKw4C,iBAAmBx4C,KAAK8yB,SAAS8lB,WACpC54C,KAAK0W,KACL1W,KAAKgf,SACLhf,KAAKikB,OAAO,GACZ0nB,GAEF3rC,KAAKw4C,WAAWK,gBAAkBlN,EASlC3rC,KAAK8yB,SAASgmB,kBAAkB94C,KAAK0W,MAAM1N,OAAM5F,IAC/CpD,KAAK8d,OAAO1a,MAGdpD,KAAK8yB,SAASimB,6BAA6B/4C,KAAK0W,MAAMsiC,IAC/CA,GACHh5C,KAAK8d,OACHtH,aAAaxW,KAAK0W,KAA4C,+BAMpE1W,KAAKi5C,uBAGHtN,oBACF,OAAwB,UAAjB3rC,KAAKw4C,kBAAY,IAAA7zC,OAAA,EAAAA,EAAAk0C,kBAAmB,KAG7CF,SACE34C,KAAK8d,OAAOtH,aAAaxW,KAAK0W,KAA0C,4BAG1EshC,UACMh4C,KAAKw4C,YACPx4C,KAAKw4C,WAAWpvC,QAGdpJ,KAAKy4C,QACP/0C,OAAOsa,aAAahe,KAAKy4C,QAG3Bz4C,KAAKw4C,WAAa,KAClBx4C,KAAKy4C,OAAS,KACdL,eAAeM,mBAAqB,KAG9BO,uBACN,MAAMhQ,KAAO,cACkB,QAAzB5hB,EAAiB,QAAjB1iB,EAAA3E,KAAKw4C,kBAAY,IAAA7zC,OAAA,EAAAA,EAAAjB,cAAQ,IAAA2jB,OAAA,EAAAA,EAAA6xB,QAM3Bl5C,KAAKy4C,OAAS/0C,OAAOqa,YAAW,KAC9B/d,KAAKy4C,OAAS,KACdz4C,KAAK8d,OACHtH,aAAaxW,KAAK0W,KAAyC,gCAMjE1W,KAAKy4C,OAAS/0C,OAAOqa,WAAWkrB,KAAMgP,EAA2Br/B,QAGnEqwB,QAxGamP,eAAkBM,mBAA0B,KC7K7D,MAIMS,EAGF,IAAInxB,IAEF,MAAOoxB,uBAAuB9B,+BAGlCr0C,YACEyT,EACAoc,EACA5R,GAAkB,GAElBhc,MACEwR,EACA,sEAMAoc,OACA1qB,EACA8Y,GAjBJlhB,KAAO2rC,QAAG,KAyBVpwB,gBACE,IAAI89B,EAAeF,EAAmBvgC,IAAI5Y,KAAK0W,KAAK8R,QACpD,IAAK6wB,EAAc,CACjB,IACE,MAIM1oB,QA2CPpV,eAAe+9B,kCACpBxmB,EACApc,GAEA,MAAMvQ,EAAMozC,mBAAmB7iC,GACzBoS,EAAc0wB,oBAAoB1mB,GACxC,UAAYhK,EAAYoB,eACtB,OAAO,EAET,MAAMuvB,EAAuD,eAA3B3wB,EAAYS,KAAKpjB,GAEnD,aADM2iB,EAAYY,QAAQvjB,GACnBszC,EA1DgCH,CAC/Bt5C,KAAK8yB,SACL9yB,KAAK0W,YAEmCxR,MAAMmwB,UAAY,KAC5DgkB,EAAe,IAAMzwC,QAAQC,QAAQ8nB,GACrC,MAAOvtB,GACPi2C,EAAe,IAAMzwC,QAAQkV,OAAO1a,GAGtC+1C,EAAmB/wB,IAAIpoB,KAAK0W,KAAK8R,OAAQ6wB,GAS3C,OAJKr5C,KAAKkhB,iBACRi4B,EAAmB/wB,IAAIpoB,KAAK0W,KAAK8R,QAAQ,IAAM5f,QAAQC,QAAQ,QAG1DwwC,IAGT99B,kBAAkBytB,GAChB,GAAc,sBAAVA,EAAM58B,KACR,OAAOlH,MAAMw0C,YAAY1Q,GACpB,GAAc,YAAVA,EAAM58B,MAMjB,GAAI48B,EAAM2C,QAAS,CACjB,MAAM/rB,QAAa5f,KAAK0W,KAAKijC,mBAAmB3Q,EAAM2C,SACtD,GAAI/rB,EAEF,OADA5f,KAAK4f,KAAOA,EACL1a,MAAMw0C,YAAY1Q,GAEzBhpC,KAAK6I,QAAQ,YAVf7I,KAAK6I,QAAQ,MAejB0S,qBAEAy8B,YAiBKz8B,eAAeq+B,0BACpB9mB,EACApc,GAEA,OAAO8iC,oBAAoB1mB,GAAUzJ,KAAKkwB,mBAAmB7iC,GAAO,QAOtD,SAAAqa,wBACdra,EACAia,GAEAwoB,EAAmB/wB,IAAI1R,EAAK8R,OAAQmI,GAGtC,SAAS6oB,oBACP1mB,GAEA,OAAO7K,aAAa6K,EAASC,sBAG/B,SAASwmB,mBAAmB7iC,GAC1B,OAAOkS,oBA7HoB,kBA+HzBlS,EAAKsC,OAAO8C,OACZpF,EAAKxT,MC3EO,SAAA22C,mBACdnjC,EACAsI,EACA8T,GAEA,OAGKvX,eAAeu+B,oBACpBpjC,EACAsI,EACA8T,GAEA,MAAMiE,EAAe3C,UAAU1d,GAC/BI,kBAAkBJ,EAAMsI,EAAUme,6BAI5BpG,EAAa/H,uBACnB,MAAMmpB,EAAmBvB,qBAAqB7f,EAAcjE,GAG5D,aAFM8mB,0BAA0BzB,EAAkBphB,GAE3CohB,EAAiB4B,cACtBhjB,EACA/X,uBAnBK86B,CAAoBpjC,EAAMsI,EAAU8T,GA0D7B,SAAAknB,2BACdp6B,EACAZ,EACA8T,GAEA,OAMKvX,eAAe0+B,4BACpBr6B,EACAZ,EACA8T,GAEA,MAAM/S,EAAe5V,mBAAmByV,GACxC9I,kBAAkBiJ,EAAarJ,KAAMsI,EAAUme,6BAIzCpd,EAAarJ,KAAKsY,uBAExB,MAAMmpB,EAAmBvB,qBAAqB72B,EAAarJ,KAAMoc,SAC3D8mB,0BAA0BzB,EAAkBp4B,EAAarJ,MAE/D,MAAMi1B,QAAgBuO,uBAAuBn6B,GAC7C,OAAOo4B,EAAiB4B,cACtBh6B,EAAarJ,KACbsI,EAAQ,oBAER2sB,GA1BKsO,CACLr6B,EACAZ,EACA8T,GAyDY,SAAAqnB,iBACdv6B,EACAZ,EACA8T,GAEA,OAEKvX,eAAe6+B,kBACpBx6B,EACAZ,EACA8T,GAEA,MAAM/S,EAAe5V,mBAAmByV,GACxC9I,kBAAkBiJ,EAAarJ,KAAMsI,EAAUme,6BAIzCpd,EAAarJ,KAAKsY,uBAExB,MAAMmpB,EAAmBvB,qBAAqB72B,EAAarJ,KAAMoc,SAC3DsN,qBAAoB,EAAOrgB,EAAcf,EAASuE,kBAClDq2B,0BAA0BzB,EAAkBp4B,EAAarJ,MAE/D,MAAMi1B,QAAgBuO,uBAAuBn6B,GAC7C,OAAOo4B,EAAiB4B,cACtBh6B,EAAarJ,KACbsI,EAAQ,kBAER2sB,GAvBKyO,CAAkBx6B,EAAMZ,EAAU8T,GAmEpCvX,eAAe8+B,kBACpB3jC,EACAoc,GAGA,aADMsB,UAAU1d,GAAMsY,uBACfsrB,mBAAmB5jC,EAAMoc,GAAU,GAGrCvX,eAAe++B,mBACpB5jC,EACA6jC,EACAr5B,GAAkB,GAElB,MAAM6V,EAAe3C,UAAU1d,GACzBoc,EAAW8jB,qBAAqB7f,EAAcwjB,GAC9ClnB,EAAS,IAAI+lB,eAAeriB,EAAcjE,EAAU5R,GACpDyP,QAAe0C,EAAOgC,UAQ5B,OANI1E,IAAWzP,WACNyP,EAAO/Q,KAAKwH,uBACb2P,EAAalS,sBAAsB8L,EAAO/Q,YAC1CmX,EAAa5F,iBAAiB,KAAMopB,IAGrC5pB,EAGTpV,eAAe2+B,uBAAuBt6B,GACpC,MAAM+rB,EAAUc,iBAAiB,GAAG7sB,EAAK4D,UAIzC,OAHA5D,EAAKwH,iBAAmBukB,QAClB/rB,EAAKlJ,KAAKya,iBAAiBvR,SAC3BA,EAAKlJ,KAAKmO,sBAAsBjF,GAC/B+rB,EC3RI,MAAA6O,iBAOXv3C,YAA6ByT,GAAA1W,KAAI0W,KAAJA,EANZ1W,KAAAy6C,gBAA+B,IAAIxa,IACnCjgC,KAAA06C,UAAoC,IAAIza,IAC/CjgC,KAAmB26C,oBAAqB,KACxC36C,KAA2B46C,6BAAG,EAChC56C,KAAA66C,uBAAyBpvC,KAAKD,MAItCksC,iBAAiBoD,GACf96C,KAAK06C,UAAU3hB,IAAI+hB,GAGjB96C,KAAK26C,qBACL36C,KAAK+6C,mBAAmB/6C,KAAK26C,oBAAqBG,KAElD96C,KAAKg7C,eAAeh7C,KAAK26C,oBAAqBG,GAC9C96C,KAAKi7C,iBAAiBj7C,KAAK26C,qBAC3B36C,KAAK26C,oBAAsB,MAI/B5C,mBAAmB+C,GACjB96C,KAAK06C,UAAU5wB,OAAOgxB,GAGxBI,QAAQlS,GAEN,GAAIhpC,KAAKm7C,oBAAoBnS,GAC3B,OAAO,EAGT,IAAIoS,GAAU,EASd,OARAp7C,KAAK06C,UAAUpzC,SAAQ+zC,IACjBr7C,KAAK+6C,mBAAmB/R,EAAOqS,KACjCD,GAAU,EACVp7C,KAAKg7C,eAAehS,EAAOqS,GAC3Br7C,KAAKi7C,iBAAiBjS,OAItBhpC,KAAK46C,8BAkEb,SAASU,gBAAgBtS,GACvB,OAAQA,EAAM58B,MACZ,IAAwC,oBACxC,IAAqC,kBACrC,IAAA,oBACE,OAAO,EACT,IAAA,UACE,OAAOmvC,oBAAoBvS,GAC7B,QACE,OAAO,GA3EgCsS,CAAgBtS,KAMzDhpC,KAAK46C,6BAA8B,EAG9BQ,IACHp7C,KAAK26C,oBAAsB3R,EAC3BoS,GAAU,IARHA,EAcHJ,eAAehS,EAAkBqS,SACvC,GAAIrS,EAAM1lC,QAAUi4C,oBAAoBvS,GAAQ,CAC9C,MAAMjkC,WACHJ,EAAAqkC,EAAM1lC,MAAMyB,2BAAM4C,MAAM,SAAS,KACL,iBAC/B0zC,EAASxD,QAAQrhC,aAAaxW,KAAK0W,KAAM3R,SAEzCs2C,EAAS3B,YAAY1Q,GAIjB+R,mBACN/R,EACAqS,GAEA,MAAMG,EACiB,OAArBH,EAAS1P,WACN3C,EAAM2C,SAAW3C,EAAM2C,UAAY0P,EAAS1P,QACjD,OAAO0P,EAASp3B,OAAOpd,SAASmiC,EAAM58B,OAASovC,EAGzCL,oBAAoBnS,GAQ1B,OANEv9B,KAAKD,MAAQxL,KAAK66C,wBAnFoB,KAsFtC76C,KAAKy6C,gBAAgBnG,QAGhBt0C,KAAKy6C,gBAAgBha,IAAIgb,SAASzS,IAGnCiS,iBAAiBjS,GACvBhpC,KAAKy6C,gBAAgB1hB,IAAI0iB,SAASzS,IAClChpC,KAAK66C,uBAAyBpvC,KAAKD,OAIvC,SAASiwC,SAASr4C,GAChB,MAAO,CAACA,EAAEgJ,KAAMhJ,EAAEuoC,QAASvoC,EAAE6zC,UAAW7zC,EAAEkY,UAAU2I,QAAOy3B,GAAKA,IAAGj6C,KAAK,KAG1E,SAAS85C,qBAAoBnvC,KAAEA,EAAI9I,MAAEA,IACnC,MACgC,YAA9B8I,GACgB,wBAAhB9I,MAAAA,OAAK,EAALA,EAAOyB,MC/GX,MAAM42C,EAAmB,uCACnBC,EAAa,UAEZrgC,eAAesgC,gBAAgBnlC,GAEpC,GAAIA,EAAKsC,OAAOE,SACd,OAGF,MAAM4iC,kBAAEA,SCHHvgC,eAAewgC,kBACpBrlC,EACA2E,EAAmC,IAEnC,OAAOG,mBACL9E,EAGA,MAAA,eAAA2E,GDLkC0gC,CAAkBrlC,GAEtD,IAAK,MAAMslC,KAAUF,EACnB,IACE,GAAIG,YAAYD,GACd,OAEF,MAAMr3C,IAMVyR,MAAMM,EAAI,uBAGZ,SAASulC,YAAYrb,GACnB,MAAMsb,EAAa1kC,kBACbK,SAAEA,EAAQskC,SAAEA,GAAa,IAAIC,IAAIF,GACvC,GAAItb,EAASznB,WAAW,uBAAwB,CAC9C,MAAMkjC,EAAQ,IAAID,IAAIxb,GAEtB,MAAuB,KAAnByb,EAAMF,UAAgC,KAAbA,EAGZ,sBAAbtkC,GACA+oB,EAAS56B,QAAQ,sBAAuB,MACtCk2C,EAAWl2C,QAAQ,sBAAuB,IAI5B,sBAAb6R,GAAoCwkC,EAAMF,WAAaA,EAGhE,IAAKP,EAAWljC,KAAKb,GACnB,OAAO,EAGT,GAAI8jC,EAAiBjjC,KAAKkoB,GAGxB,OAAOub,IAAavb,EAItB,MAAM0b,EAAuB1b,EAAS56B,QAAQ,MAAO,OAOrD,OAJW,IAAIu2C,OACb,UAAYD,EAAuB,IAAMA,EAAuB,KAChE,KAEQ5jC,KAAKyjC,GE5DjB,MAAMK,EAAkB,IAAInkC,MAAM,IAAO,KAMzC,SAASokC,2BAIP,MAAMC,EAASnP,UAAUoP,OAEzB,GAAID,MAAAA,OAAA,EAAAA,EAAQE,EAEV,IAAK,MAAMC,KAAQ13C,OAAOuB,KAAKg2C,EAAOE,GAQpC,GANAF,EAAOE,EAAEC,GAAMC,EAAIJ,EAAOE,EAAEC,GAAMC,GAAK,GAEvCJ,EAAOE,EAAEC,GAAME,EAAIL,EAAOE,EAAEC,GAAME,GAAK,GAEvCL,EAAOE,EAAEC,GAAMC,EAAI,IAAIJ,EAAOE,EAAEC,GAAME,GAElCL,EAAOM,GACT,IAAK,IAAIn8C,EAAI,EAAGA,EAAI67C,EAAOM,GAAGl8C,OAAQD,IAEpC67C,EAAOM,GAAGn8C,GAAK,KAOzB,SAASo8C,SAASvmC,GAChB,OAAO,IAAI9N,SAA8B,CAACC,EAASiV,eAEjD,SAASo/B,iBAGPT,2BACAU,KAAKxK,KAAK,eAAgB,CACxB5lC,SAAU,KACRlE,EAAQs0C,KAAKC,QAAQC,eAEvBC,UAAW,KAOTb,2BACA3+B,EAAOtH,aAAaE,EAAI,4BAE1BhI,QAAS8tC,EAAgB5jC,QAI7B,GAA6B,QAAzByO,EAAgB,QAAhB1iB,EAAA4oC,UAAU4P,YAAM,IAAAx4C,OAAA,EAAAA,EAAAy4C,eAAS,IAAA/1B,OAAA,EAAAA,EAAAk2B,OAE3B10C,EAAQs0C,KAAKC,QAAQC,kBAChB,CAAA,KAAoB,QAAd/1B,EAAAimB,UAAU4P,YAAI,IAAA71B,OAAA,EAAAA,EAAEqrB,MAGtB,CAML,MAAM6K,EAASC,sBAAyB,aAYxC,OAVAlQ,UAAUiQ,GAAU,KAEZL,KAAKxK,KACTuK,iBAGAp/B,EAAOtH,aAAaE,EAAI,4BAIrBgnC,QACI,GzExDD,SAAAC,iBACd,OAAOppB,EAAmBG,WyEuDRkpB,aAA8BJ,KACzCx0C,OAAM5F,GAAK0a,EAAO1a,KArBrB85C,qBAuBDl0C,OAAM1F,IAGP,MADAu6C,EAAmB,KACbv6C,KAIV,IAAIu6C,EAAyD,KCvF7D,MAAMC,EAAe,IAAIzlC,MAAM,IAAM,MAI/B0lC,EAAoB,CACxB7lB,MAAO,CACLE,SAAU,WACVqR,IAAK,SACLpR,MAAO,MACP2lB,OAAQ,OAEV,cAAe,OACfC,SAAU,MAKNC,EAAmB,IAAIl2B,IAAI,CAC/B,CAAA,iCAAyB,KACzB,CAAC,iDAAkD,KACnD,CAAC,8CAA+C,OAGlD,SAASm2B,aAAaznC,GACpB,MAAMsC,EAAStC,EAAKsC,OACpB7B,QAAQ6B,EAAOuX,WAAY7Z,iCAC3B,MAAM3O,EAAMiR,EAAOE,SACfH,aAAaC,EAzBU,wBA0BvB,WAAWtC,EAAKsC,OAAOuX,4BAErBnpB,EAAiC,CACrC0U,OAAQ9C,EAAO8C,OACfjF,QAASH,EAAKxT,KACdw4C,EAAGvlC,GAECioC,EAAMF,EAAiBtlC,IAAIlC,EAAKsC,OAAOmD,SACzCiiC,IACFh3C,EAAOg3C,IAAMA,GAEf,MAAM1yB,EAAahV,EAAK+c,iBAIxB,OAHI/H,EAAW5qB,SACbsG,EAAOi3C,GAAK3yB,EAAWjqB,KAAK,MAEvB,GAAGsG,KAAOb,YAAYE,GAAQ6P,MAAM,KAGtCsE,eAAe+iC,YACpB5nC,GAEA,MAAM6nC,QDuCF,SAAUC,UAAU9nC,GAExB,OADAmnC,EAAmBA,GAAoBZ,SAASvmC,GACzCmnC,ECzCeY,CAAqB/nC,GACrCymC,EAAO5P,UAAU4P,KAEvB,OADAhmC,QAAQgmC,EAAMzmC,oBACP6nC,EAAQpQ,KACb,CACEuQ,MAAOt6C,SAASuX,KAChB5T,IAAKo2C,aAAaznC,GAClBioC,sBAAuBxB,EAAKC,QAAQwB,4BACpCC,WAAYd,EACZe,WAAW,IAEZC,GACC,IAAIn2C,SAAQ2S,MAAO1S,EAASiV,WACpBihC,EAAOC,QAAQ,CAEnBC,gBAAgB,IAGlB,MAAMC,EAAe1oC,aACnBE,4BAKIyoC,EAAoB5R,UAAUxvB,YAAW,KAC7CD,EAAOohC,KACNpB,EAAallC,OAEhB,SAASwmC,uBACP7R,UAAUvvB,aAAamhC,GACvBt2C,EAAQk2C,GAIVA,EAAOM,KAAKD,sBAAsBr2C,KAAKq2C,sBAAsB,KAC3DthC,EAAOohC,WCrFjB,MAAMI,EAAqB,CACzB7nC,SAAU,MACV8nC,UAAW,MACXC,UAAW,MACXC,QAAS,MASE,MAAAC,UAGXz8C,YAAqBS,GAAA1D,KAAM0D,OAANA,EAFrB1D,KAAe64C,gBAAkB,KAIjCzvC,QACE,GAAIpJ,KAAK0D,OACP,IACE1D,KAAK0D,OAAO0F,QACZ,MAAOhG,MAKC,SAAAu8C,MACdjpC,EACA3O,EACA7E,EACAm1B,EAxBoB,IAyBpB2lB,EAxBqB,KA0BrB,MAAMvU,EAAM5wB,KAAKoJ,KAAKve,OAAOk8C,OAAOC,YAAc7B,GAAU,EAAG,GAAGh9B,WAC5D0X,EAAO7f,KAAKoJ,KAAKve,OAAOk8C,OAAOE,WAAaznB,GAAS,EAAG,GAAGrX,WACjE,IAAI4rB,EAAS,GAEb,MAAMlZ,EACDvuB,OAAAyR,OAAAzR,OAAAyR,OAAA,GAAA0oC,GACH,CAAAjnB,MAAOA,EAAMrX,WACbg9B,OAAQA,EAAOh9B,WACfyoB,IAAAA,EACA/Q,KAAAA,IAKIjO,EAAK7lB,QAAQwY,cAEfla,IACF0pC,EAAS7hB,aAAaN,GA1CL,SA0C0BvnB,GAGzCynB,WAAWF,KAEb1iB,EAAMA,GA7CgB,mBAgDtB2rB,EAAQqsB,WAAa,OAGvB,MAAMC,EAAgB76C,OAAOkC,QAAQqsB,GAASusB,QAC5C,CAACC,GAAQ/5C,EAAKC,KAAW,GAAG85C,IAAQ/5C,KAAOC,MAC3C,IAGF,GjF2Cc,SAAA+5C,iBAAiB11B,EAAK7lB,eACpC,OAAOumB,OAAOV,OAAoD,QAA3C9lB,EAACjB,OAAOmB,iBAAmC,IAAAF,OAAA,EAAAA,EAAAy7C,YiF5C9DD,CAAiB11B,IAAkB,UAAXmiB,EAE1B,OAgBJ,SAASyT,mBAAmBt4C,EAAa6kC,GACvC,MAAM7U,EAAK3zB,SAAS4zB,cAAc,KAClCD,EAAGrgB,KAAO3P,EACVgwB,EAAG6U,OAASA,EACZ,MAAM0T,EAAQl8C,SAASm8C,YAAY,cACnCD,EAAME,eACJ,SACA,GACA,EACA98C,OACA,EACA,EACA,EACA,EACA,GACA,GACA,GACA,GACA,EACA,EACA,MAEFq0B,EAAG0oB,cAAcH,GAvCfD,CAAmBt4C,GAAO,GAAI6kC,GACvB,IAAI8S,UAAU,MAKvB,MAAMgB,EAASh9C,OAAOyqC,KAAKpmC,GAAO,GAAI6kC,EAAQoT,GAC9C7oC,QAAQupC,EAAQhqC,mBAGhB,IACEgqC,EAAOC,QACP,MAAOv9C,IAET,OAAO,IAAIs8C,UAAUgB,GC7EvB,MAcME,EAAiCp5C,mBAAmB,OAgBnD+T,eAAeslC,gBACpBnqC,EACAsI,EACA8hC,EACAC,EACApV,EACAqV,GAEA7pC,QAAQT,EAAKsC,OAAOuX,WAAY7Z,EAAI,+BACpCS,QAAQT,EAAKsC,OAAO8C,OAAQpF,EAAI,mBAEhC,MAAMtP,EAAuB,CAC3B0U,OAAQpF,EAAKsC,OAAO8C,OACpBjF,QAASH,EAAKxT,KACd49C,SAAAA,EACAC,YAAAA,EACArF,EAAGvlC,EACHw1B,QAAAA,GAGF,GAAI3sB,aAAoBme,sBAAuB,CAC7Cne,EAASse,mBAAmB5mB,EAAKuF,cACjC7U,EAAOmc,WAAavE,EAASuE,YAAc,GnHrDzC,SAAU09B,QAAQv5C,GACtB,IAAK,MAAMvB,KAAOuB,EAChB,GAAIvC,OAAOE,UAAUyG,eAAeC,KAAKrE,EAAKvB,GAC5C,OAAO,EAGX,OAAO,EmHgDA86C,CAAQjiC,EAASye,yBACpBr2B,EAAOi2B,iBAAmBp5B,KAAK2X,UAAUoD,EAASye,wBAIpD,IAAK,MAAOt3B,EAAKC,KAAUjB,OAAOkC,QAAQ25C,GAAoB,IAC5D55C,EAAOjB,GAAOC,EAIlB,GAAI4Y,aAAoB0e,kBAAmB,CACzC,MAAMC,EAAS3e,EAAS8e,YAAY7Z,QAAO4Z,GAAmB,KAAVA,IAChDF,EAAO78B,OAAS,IAClBsG,EAAOu2B,OAASA,EAAOl8B,KAAK,MAI5BiV,EAAK4E,WACPlU,EAAO85C,IAAMxqC,EAAK4E,UAMpB,MAAM6lC,EAAa/5C,EACnB,IAAK,MAAMjB,KAAOhB,OAAOuB,KAAKy6C,QACJ/4C,IAApB+4C,EAAWh7C,WACNg7C,EAAWh7C,GAKtB,MAAM6tB,QAAsBtd,EAAKud,oBAC3BmtB,EAAwBptB,EAC1B,IAAI4sB,KAAkCp5C,mBAAmBwsB,KACzD,GAGJ,MAAO,GAKT,SAASqtB,gBAAeroC,OAAEA,IACxB,IAAKA,EAAOE,SACV,MAAO,WAAWF,EAAOuX,6BAG3B,OAAOxX,aAAaC,EA9FO,yBAoFjBqoC,CAAe3qC,MAASxP,YAAYi6C,GAAYlqC,MACxD,KACEmqC,ICuEC,MAAME,EA5Ib,MAAMC,6BAANt+C,cACmBjD,KAAawhD,cAAqC,GAClDxhD,KAAOo9C,QAAwC,GAC/Cp9C,KAAwByhD,yBAAkC,GAElEzhD,KAAoB+yB,qBAAGiY,EAyHhChrC,KAAmBkxB,oBAAGopB,mBAEtBt6C,KAAuB+wB,wBAAGA,wBAvH1BxV,iBACE7E,EACAsI,EACA8hC,EACAnV,SAEAp0B,YACmC,QAAjC5S,EAAA3E,KAAKwhD,cAAc9qC,EAAK8R,eAAS,IAAA7jB,OAAA,EAAAA,EAAAuhB,QACjC,gDAUF,OAAOy5B,MAAMjpC,QAPKmqC,gBAChBnqC,EACAsI,EACA8hC,EACAtpC,iBACAm0B,GAEsBc,oBAG1BlxB,oBACE7E,EACAsI,EACA8hC,EACAnV,SAEM3rC,KAAK84C,kBAAkBpiC,GAS7B,OtBvDE,SAAUgrC,mBAAmB35C,GACjCwlC,UAAU91B,SAASC,KAAO3P,EsBqDxB25C,OAPkBb,gBAChBnqC,EACAsI,EACA8hC,EACAtpC,iBACAm0B,IAGK,IAAI/iC,SAAQ,SAGrBmnB,YAAYrZ,GACV,MAAMvQ,EAAMuQ,EAAK8R,OACjB,GAAIxoB,KAAKwhD,cAAcr7C,GAAM,CAC3B,MAAM+f,QAAEA,EAAOvJ,QAAEA,GAAY3c,KAAKwhD,cAAcr7C,GAChD,OAAI+f,EACKtd,QAAQC,QAAQqd,IAEvB3O,YAAYoF,EAAS,4CACdA,GAIX,MAAMA,EAAU3c,KAAK2hD,kBAAkBjrC,GASvC,OARA1W,KAAKwhD,cAAcr7C,GAAO,CAAEwW,QAAAA,GAI5BA,EAAQ3T,OAAM,YACLhJ,KAAKwhD,cAAcr7C,MAGrBwW,EAGDpB,wBAAwB7E,GAC9B,MAAMqoC,QAAeT,YAAY5nC,GAC3BwP,EAAU,IAAIs0B,iBAAiB9jC,GAerC,OAdAqoC,EAAO6C,SACL,aACCC,IACC1qC,QAAQ0qC,MAAAA,OAAW,EAAXA,EAAaC,UAAWprC,EAAI,sBAIpC,MAAO,CAAE8W,OADOtH,EAAQg1B,QAAQ2G,EAAYC,WACD,MAAmB,WAEhE3E,KAAKC,QAAQwB,6BAGf5+C,KAAKwhD,cAAc9qC,EAAK8R,QAAU,CAAEtC,QAAAA,GACpClmB,KAAKo9C,QAAQ1mC,EAAK8R,QAAUu2B,EACrB74B,EAGT6yB,6BACEriC,EACAwc,GAEelzB,KAAKo9C,QAAQ1mC,EAAK8R,QAC1Bu5B,KA5GqB,oBA8G1B,CAAE31C,KA9GwB,sBA+G1BukB,UACE,MAAMqoB,EAA4B,QAAdr0C,EAAAgsB,MAAAA,OAAM,EAANA,EAAS,UAAK,IAAAhsB,OAAA,EAAAA,EAAuB,uBACrCyD,IAAhB4wC,GACF9lB,IAAK8lB,GAGP5iC,MAAMM,EAAI,oBAEZymC,KAAKC,QAAQwB,6BAIjB9F,kBAAkBpiC,GAChB,MAAMvQ,EAAMuQ,EAAK8R,OAKjB,OAJKxoB,KAAKyhD,yBAAyBt7C,KACjCnG,KAAKyhD,yBAAyBt7C,GAAO01C,gBAAgBnlC,IAGhD1W,KAAKyhD,yBAAyBt7C,GAGnC2pB,6BAEF,OAAOvE,oBAAsBT,aAAeK,WC9J1B,MAAA62B,yBACpB/+C,YAA+Bu+B,GAAAxhC,KAAQwhC,SAARA,EAE/BiG,SACE/wB,EACA2wB,EACA3jB,GAEA,OAAQ2jB,EAAQj7B,MACd,IAAA,SACE,OAAOpM,KAAKiiD,gBAAgBvrC,EAAM2wB,EAAQpJ,WAAYva,GACxD,IAAA,SACE,OAAO1jB,KAAKkiD,gBAAgBxrC,EAAM2wB,EAAQpJ,YAC5C,QACE,OAAO5mB,UAAU,uCCDnB,MAAO8qC,sCACHH,yBAGR/+C,YAAqCg7B,GACnC/4B,eADmClF,KAAUi+B,WAAVA,EAKrC5kB,uBACE4kB,GAEA,OAAO,IAAIkkB,8BAA8BlkB,GAI3CgkB,gBACEvrC,EACAmM,EACAa,GAEA,OjCqCY,SAAA0+B,uBACd1rC,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,sCAAA0E,mBAAmB1E,EAAM2E,IiChDlB+mC,CAAuB1rC,EAAM,CAClCmM,QAAAA,EACAa,YAAAA,EACA2+B,sBAAuBriD,KAAKi+B,WAAWpC,6BAK3CqmB,gBACExrC,EACAqwB,GAEA,OjB2BY,SAAAub,uBACd5rC,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,kCAAA0E,mBAAmB1E,EAAM2E,IiBtClBinC,CAAuB5rC,EAAM,CAClCqwB,qBAAAA,EACAsb,sBAAuBriD,KAAKi+B,WAAWpC,8BAUhC,MAAA0mB,0BACXt/C,eAYAoW,iBAAiB4kB,GACf,OAAOkkB,8BAA8BK,gBAAgBvkB,IAMhDskB,0BAASE,UAAG,QC1DR,MAAAC,yBAWXrpC,8BACE6hB,EACAynB,GAEA,OAAOC,6BAA6BC,YAAY3nB,EAAQynB,GAY1DtpC,0BACEypC,EACAH,GAEA,OAAOC,6BAA6BG,kBAClCD,EACAH,GAaJtpC,4BACEguB,SAEA,MAAM2b,EAAa3b,EACnBlwB,aACmC,KAAX,QAAfxS,EAAAq+C,EAAWpjC,YAAI,IAAAjb,OAAA,EAAAA,EAAE+R,MAAoB,kBAG9C,MAAM+F,QlC4BM,SAAAwmC,mBACdvsC,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,mCAAA0E,mBAAmB1E,EAAM2E,IkCvCF4nC,CAAmBD,EAAWpjC,KAAKlJ,KAAM,CAC9DmM,QAASmgC,EAAW/kB,WACpBilB,mBAAoB,KAEtB,OAAOC,WAAWC,oCAChB3mC,EACAumC,EAAWpjC,KAAKlJ,OAObgsC,yBAAAD,UAAkC,OAGrC,MAAOG,qCACHZ,yBAGR/+C,YACWogD,EACAP,EACA5nB,GAETh2B,cAJSlF,KAAGqjD,IAAHA,EACArjD,KAAY8iD,aAAZA,EACA9iD,KAAMk7B,OAANA,EAMX7hB,mBACE6hB,EACAmoB,GAEA,OAAO,IAAIT,6BAA6BS,OAAKj7C,EAAW8yB,GAI1D7hB,yBACEypC,EACAO,GAEA,OAAO,IAAIT,6BAA6BS,EAAKP,GAI/CvnC,sBACE7E,EACAmM,EACAa,GAOA,OALAvM,aACyB,IAAhBnX,KAAKk7B,OACZxkB,EAAI,kBlCKM,SAAA4sC,sBACd5sC,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,sCAAA0E,mBAAmB1E,EAAM2E,IkCblBioC,CAAsB5sC,EAAM,CACjCmM,QAAAA,EACAa,YAAAA,EACA6/B,qBAAsBvjD,KAAKk7B,OAAOsoB,0BAA0BxjD,KAAKqjD,OAKrE9nC,sBACE7E,EACAqwB,GAEA5vB,aACwB/O,IAAtBpI,KAAK8iD,mBAA2C16C,IAAbpI,KAAKqjD,IACxC3sC,oBAGF,MAAM6sC,EAAuB,CAAE7nB,iBAAkB17B,KAAKqjD,KACtD,OlB3DY,SAAAI,sBACd/sC,EACA2E,GAEA,OAAOG,mBAIL9E,EAGA,OAAA,kCAAA0E,mBAAmB1E,EAAM2E,IkBgDlBooC,CAAsB/sC,EAAM,CACjCqwB,qBAAAA,EACAtF,gBAAiBzhC,KAAK8iD,aACtBS,qBAAAA,KAYO,MAAAJ,WAwBXlgD,YACEygD,EACAC,EACAC,EACAC,EACAC,EACiB7nB,EACAvlB,GADA1W,KAAWi8B,YAAXA,EACAj8B,KAAI0W,KAAJA,EAEjB1W,KAAK0jD,UAAYA,EACjB1jD,KAAK2jD,iBAAmBA,EACxB3jD,KAAK4jD,WAAaA,EAClB5jD,KAAK6jD,oBAAsBA,EAC3B7jD,KAAK8jD,6BAA+BA,EAItCzqC,2CACEoD,EACA/F,GAEA,OAAO,IAAIysC,WACT1mC,EAASsnC,gBAAgBC,gBACzBvnC,EAASsnC,gBAAgBJ,iBACzBlnC,EAASsnC,gBAAgBE,uBACzBxnC,EAASsnC,gBAAgBG,UACzB,IAAIz4C,KAAKgR,EAASsnC,gBAAgBI,wBAAwBzkC,cAC1DjD,EAASsnC,gBAAgB9nB,YACzBvlB,GAKJ8sC,0BAA0BH,GACxB,MAAO,CAAEpnB,YAAaj8B,KAAKi8B,YAAaP,iBAAkB2nB,GAa5De,kBAAkBC,EAAsBC,SACtC,IAAIC,GAAc,EAYlB,OAXIC,eAAeH,IAAgBG,eAAeF,MAChDC,GAAc,GAEZA,IACEC,eAAeH,KACjBA,GAAqC,QAAvB1/C,EAAA3E,KAAK0W,KAAK0K,mBAAa,IAAAzc,OAAA,EAAAA,EAAAuZ,QAAS,eAE5CsmC,eAAeF,KACjBA,EAAStkD,KAAK0W,KAAKxT,OAGhB,kBAAkBohD,KAAUD,YAAsBrkD,KAAK0jD,oBAAoBY,eAAoBtkD,KAAK2jD,2BAA2B3jD,KAAK4jD,cAK/I,SAASY,eAAenkD,GACtB,YAAwB,IAAVA,GAA2C,KAAlBA,MAAAA,OAAA,EAAAA,EAAOS,+BCrPnC,MAAA2jD,YAIXxhD,YAA6ByT,GAAA1W,KAAI0W,KAAJA,EAHZ1W,KAAA0kD,kBACf,IAAI18B,IAIN28B,eAEE,OADA3kD,KAAK4kD,wBACyB,QAAvBjgD,EAAA3E,KAAK0W,KAAK0K,mBAAa,IAAAzc,OAAA,EAAAA,EAAA6e,MAAO,KAGvCjI,eACEsE,GAIA,GAFA7f,KAAK4kD,6BACC5kD,KAAK0W,KAAKsY,wBACXhvB,KAAK0W,KAAK0K,YACb,OAAO,KAIT,MAAO,CAAE6D,kBADiBjlB,KAAK0W,KAAK0K,YAAYzB,WAAWE,IAI7DglC,qBAAqBza,GAEnB,GADApqC,KAAK4kD,uBACD5kD,KAAK0kD,kBAAkBjkB,IAAI2J,GAC7B,OAGF,MAAM1X,EAAc1yB,KAAK0W,KAAK8b,kBAAiB5S,IAC7CwqB,GACGxqB,MAAAA,OAAA,EAAAA,EAA8BoC,gBAAgBiD,cAAe,SAGlEjlB,KAAK0kD,kBAAkBt8B,IAAIgiB,EAAU1X,GACrC1yB,KAAK8kD,yBAGPC,wBAAwB3a,GACtBpqC,KAAK4kD,uBACL,MAAMlyB,EAAc1yB,KAAK0kD,kBAAkB9rC,IAAIwxB,GAC1C1X,IAIL1yB,KAAK0kD,kBAAkB56B,OAAOsgB,GAC9B1X,IACA1yB,KAAK8kD,0BAGCF,uBACNztC,QACEnX,KAAK0W,KAAKsY,gEAKN81B,yBACF9kD,KAAK0kD,kBAAkB9Z,KAAO,EAChC5qC,KAAK0W,KAAKsQ,yBAEVhnB,KAAK0W,KAAKuQ,yBCtDhB,MACM+9B,EACJtgD,uBAAuB,sBAFQ,IAIjC,IAAIugD,EAA+C,KAkCnC,SAAAC,QAAQh3B,EAAmBi3B,KACzC,MAAMnmC,EAAW0X,aAAaxI,EAAK,QAEnC,GAAIlP,EAAS2X,gBACX,OAAO3X,EAAS6U,eAGlB,MAAMnd,EAAO8f,eAAetI,EAAK,CAC/B0B,sBAAuB0xB,EACvBx4B,YAAa,CACXioB,EACAlG,EACAG,KAIEoa,EAAmB1gD,uBAAuB,oBAChD,GAAI0gD,EAAkB,CACpB,MAAMC,GAlDiBt9C,EAkDcq9C,EAlDE7pC,MAAOqE,IAChD,MAAM0lC,EAAgB1lC,SAAeA,EAAKE,mBACpCylC,EACJD,KACC,IAAI75C,MAAOgU,UAAYhU,KAAKvH,MAAMohD,EAAc7kC,eAAiB,IACpE,GAAI8kC,GAAcA,EAAaP,EAC7B,OAGF,MAAMniC,EAAUyiC,MAAAA,OAAA,EAAAA,EAAe19C,MAC3Bq9C,IAAsBpiC,IAG1BoiC,EAAoBpiC,QACdpJ,MAAM1R,EAAK,CACf2B,OAAQmZ,EAAU,OAAS,SAC3B9G,QAAS8G,EACL,CACE2iC,cAAiB,UAAU3iC,KAE7B,QA+BJ0P,uBAAuB7b,EAAM2uC,GAAY,IACvCA,EAAW3uC,EAAK0K,eAElBoR,iBAAiB9b,GAAMkJ,GAAQylC,EAAWzlC,KAtDpB,IAAC7X,EAyDzB,MAAM09C,G7HyBNC,E6HzBgD,O7H0BG,QAA5Br+B,EAAe,QAAf1iB,EAAAd,qBAAe,IAAAc,OAAA,EAAAA,EAAAghD,qBAAa,IAAAt+B,OAAA,EAAAA,EAAGq+B,IAFlB,IACpCA,EACuB/gD,EAAA0iB,E6HrBvB,OAJIo+B,GACF3uB,oBAAoBpgB,EAAM,UAAU+uC,KAG/B/uC,GlFvEH,SAAUkvC,uBAAuB9jD,GACrCyyB,EAAqBzyB,EkF6EvB8jD,CAAuB,CACrBhxB,OAAO7sB,GAEE,IAAIa,SAAQ,CAACC,EAASiV,KAC3B,MAAMia,EAAK3zB,SAAS4zB,cAAc,UAClCD,EAAG8tB,aAAa,MAAO99C,GACvBgwB,EAAGqb,OAASvqC,EACZkvB,EAAG+tB,QAAU1iD,IACX,MAAME,EAAQkT,aAAY,kBAC1BlT,EAAM2B,WAAa7B,EACnB0a,EAAOxa,IAETy0B,EAAG3rB,KAAO,kBACV2rB,EAAGguB,QAAU,QAjBnB,SAASC,iCACP,OAAiD,QAA1C3+B,EAAwC,QAAxC1iB,EAAAP,SAAS6hD,qBAAqB,eAAU,IAAAthD,OAAA,EAAAA,EAAA,UAAE,IAAA0iB,EAAAA,EAAIjjB,SAiBjD4hD,GAAyBhtB,YAAYjB,MAIzCrD,WAAY,oCACZF,kBAAmB,0CACnBC,0BACE,2DC1EE,SAAUyxB,aAAaz6B,GAC3B06B,EACE,IAAIj6C,UAAS,QAEX,CAACklC,GAAa1d,QAAS+C,MACrB,MAAMvI,EAAMkjB,EAAUgV,YAAY,OAAOvyB,eACnC1F,EACJijB,EAAUgV,YAAyB,aAC/Bh4B,EACJgjB,EAAUgV,YAAkC,uBACxCtqC,OAAEA,EAAMyU,WAAEA,GAAerC,EAAIwF,QAEnCvc,QACE2E,IAAWA,EAAOjV,SAAS,KAE3B,kBAAA,CAAEgQ,QAASqX,EAAIhrB,OAGjB,MAAM8V,EAAyB,CAC7B8C,OAAAA,EACAyU,WAAAA,EACA9E,eAAAA,EACAtP,QAA+B,iCAC/B2J,aAA0C,6BAC1CpI,UAAmC,QACnCgS,iBAAkBlE,kBAAkBC,IAGhC2K,EAAe,IAAInI,SACvBC,EACAC,EACAC,EACApV,GAIF,OjFzBQ,SAAAqtC,wBACd3vC,EACA+f,GAEA,MAAM3N,GAAc2N,MAAAA,OAAA,EAAAA,EAAM3N,cAAe,GACnCw9B,GACJ/lD,MAAMC,QAAQsoB,GAAeA,EAAc,CAACA,IAC5CxF,IAAyB2E,eACvBwO,MAAAA,OAAA,EAAAA,EAAM9f,WACRD,EAAKyb,gBAAgBsE,EAAK9f,UAM5BD,EAAKiZ,2BAA2B22B,EAAW7vB,MAAAA,OAAA,EAAAA,EAAM7G,uBiFQ3Cy2B,CAAwBjwB,EAAcK,GAE/BL,IAGV,UAKE3pB,qBAAgD,YAKhDK,4BACC,CAACskC,EAAWmV,EAAqBC,KACFpV,EAAUgV,6BAGlBvvB,iBAK7BsvB,EACE,IAAIj6C,UAEF,iBAAAklC,GAIS,CAAC16B,GAAQ,IAAI+tC,YAAY/tC,GAAzB,CAHM0d,UACXgd,EAAUgV,YAAW,QAAsBvyB,kBAKhD,WAACpnB,qBAAoB,aAGxBg6C,EAAgBvjD,UA5FlB,SAASwjD,sBACPj7B,GAEA,OAAQA,GACN,IAAA,OACE,MAAO,OACT,IAAA,cACE,MAAO,KACT,IAAA,SACE,MAAO,YACT,IAAA,UACE,MAAO,UACT,IAAA,eACE,MAAO,gBACT,QACE,QA6E2Bi7B,CAAsBj7B,IAErDg7B,EAAgBvjD,UAAe,WDGjCgjD,CAAoC","preExistingComment":"firebase-auth.js.map"} |