diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..0ea0e700 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,107 @@ +# Git and version control +.git +.gitignore + +# Node.js +node_modules +npm-debug.log* +yarn-debug.log* +yarn-error.log* + +# Environment and configuration +.env +.env.* +!.env.example + +# IDE and editor files +.vscode +.idea +*.swp +*.swo +*~ + +# OS generated files +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +ehthumbs.db +Thumbs.db + +# Logs +logs +*.log + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Coverage directory used by tools like istanbul +coverage + +# Build directories (we build inside Docker) +dist/ +build/ + +# Temporary files +tmp/ +temp/ + +# SSL certificates (generated at runtime) +ssl/ +*.crt +*.key +*.pem + +# Database files (use volumes) +*.sqlite +*.db + +# Docker files (avoid recursion) +Dockerfile* +docker-compose*.yml +.dockerignore + +# Documentation +README*.md +CONTRIBUTING.md +LICENSE +*.md + +# Repository images and assets (not needed in container) +repo-images/ + +# Testing +test/ +tests/ +*.test.js +*.spec.js + +# Uploads directory (use volumes) +uploads/ + +# Backup files +*.bak +*.backup +*.old + +# Cache directories +.cache/ +.npm/ +.yarn/ + +# TypeScript build info +*.tsbuildinfo + +# ESLint cache +.eslintcache + +# Prettier +.prettierignore +.prettierrc* + +# Local configuration +.claude/ \ No newline at end of file diff --git a/.env b/.env deleted file mode 100644 index 6f985423..00000000 --- a/.env +++ /dev/null @@ -1,2 +0,0 @@ -VERSION=1.6.0 -VITE_API_HOST=localhost \ No newline at end of file diff --git a/.gitignore b/.gitignore index 9066858c..a3188d42 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,5 @@ dist-ssr /db/ /release/ /.claude/ +/ssl/ +.env diff --git a/MIGRATION-TESTING.md b/MIGRATION-TESTING.md new file mode 100644 index 00000000..faebdf67 --- /dev/null +++ b/MIGRATION-TESTING.md @@ -0,0 +1,323 @@ +# Database Migration Testing Guide + +## Overview + +This document outlines the testing procedures for the automatic database migration system that migrates unencrypted SQLite databases to encrypted format during Docker deployment updates. + +## Migration System Features + +✅ **Automatic Detection**: Detects unencrypted databases on startup +✅ **Safe Backup**: Creates timestamped backups before migration +✅ **Integrity Verification**: Validates migration completeness +✅ **Non-destructive**: Original files are renamed, not deleted +✅ **Cleanup**: Removes old backup files (keeps latest 3) +✅ **Admin API**: Migration status and history endpoints +✅ **Detailed Logging**: Comprehensive migration logs + +## Test Scenarios + +### Scenario 1: Fresh Installation (No Migration Needed) +**Setup**: Clean Docker container with no existing database files +**Expected**: +- New encrypted database created +- No migration messages in logs +- Status API shows "Fresh installation detected" + +**Test Commands**: +```bash +# Clean start +docker run --rm termix:latest +# Check logs for "fresh installation" +# GET /database/migration/status should show needsMigration: false +``` + +### Scenario 2: Standard Migration (Unencrypted → Encrypted) +**Setup**: Existing unencrypted `db.sqlite` file with user data +**Expected**: +- Automatic migration on startup +- Backup file created (`.migration-backup-{timestamp}`) +- Original file renamed (`.migrated-{timestamp}`) +- Encrypted database created successfully +- All data preserved and accessible + +**Test Commands**: +```bash +# 1. Create test data in unencrypted format +docker run -v /host/data:/app/data termix:old-version +# Add some SSH hosts and credentials via UI + +# 2. Stop container and update to new version +docker stop container_id +docker run -v /host/data:/app/data termix:latest + +# 3. Check migration logs +docker logs container_id | grep -i migration + +# 4. Verify data integrity via API +curl -H "Authorization: Bearer $TOKEN" http://localhost:8081/database/migration/status +``` + +### Scenario 3: Already Encrypted (No Migration Needed) +**Setup**: Only encrypted database file exists +**Expected**: +- No migration performed +- Database loads normally +- Status API shows "Only encrypted database exists" + +**Test Commands**: +```bash +# Start with existing encrypted database +docker run -v /host/encrypted-data:/app/data termix:latest +# Verify no migration messages in logs +``` + +### Scenario 4: Both Files Exist (Safety Mode) +**Setup**: Both encrypted and unencrypted databases present +**Expected**: +- Migration skipped for safety +- Warning logged about manual intervention +- Both files preserved +- Uses encrypted database + +**Test Commands**: +```bash +# Manually create both files +touch /host/data/db.sqlite +touch /host/data/db.sqlite.encrypted +docker run -v /host/data:/app/data termix:latest +# Check for safety warning in logs +``` + +### Scenario 5: Migration Failure Recovery +**Setup**: Simulate migration failure (corrupted source file) +**Expected**: +- Migration fails safely +- Backup file preserved +- Original unencrypted file untouched +- Clear error message with recovery instructions + +**Test Commands**: +```bash +# Create corrupted database file +echo "corrupted" > /host/data/db.sqlite +docker run -v /host/data:/app/data termix:latest +# Verify error handling and backup preservation +``` + +### Scenario 6: Large Database Migration +**Setup**: Large unencrypted database (>100MB with many records) +**Expected**: +- Migration completes successfully +- Performance is acceptable (under 30 seconds) +- Memory usage stays reasonable +- All data integrity checks pass + +**Test Commands**: +```bash +# Create large dataset first +# Monitor migration duration and memory usage +docker stats container_id +``` + +## API Testing + +### Migration Status Endpoint +```bash +# Admin access required +curl -H "Authorization: Bearer $ADMIN_TOKEN" \ + http://localhost:8081/database/migration/status + +# Expected response: +{ + "migrationStatus": { + "needsMigration": false, + "hasUnencryptedDb": false, + "hasEncryptedDb": true, + "unencryptedDbSize": 0, + "reason": "Only encrypted database exists. No migration needed." + }, + "files": { + "unencryptedDbSize": 0, + "encryptedDbSize": 524288, + "backupFiles": 2, + "migratedFiles": 1 + }, + "recommendations": [ + "Database is properly encrypted", + "No action required" + ] +} +``` + +### Migration History Endpoint +```bash +curl -H "Authorization: Bearer $ADMIN_TOKEN" \ + http://localhost:8081/database/migration/history + +# Expected response: +{ + "files": [ + { + "name": "db.sqlite.migration-backup-2024-09-24T10-30-00-000Z", + "size": 262144, + "created": "2024-09-24T10:30:00.000Z", + "modified": "2024-09-24T10:30:00.000Z", + "type": "backup" + } + ], + "summary": { + "totalBackups": 1, + "totalMigrated": 1, + "oldestBackup": "2024-09-24T10:30:00.000Z", + "newestBackup": "2024-09-24T10:30:00.000Z" + } +} +``` + +## Log Analysis + +### Successful Migration Logs +Look for these log entries: +``` +[INFO] Migration status check completed - needsMigration: true +[INFO] Starting automatic database migration +[INFO] Creating migration backup +[SUCCESS] Migration backup created successfully +[INFO] Found tables to migrate - tableCount: 8 +[SUCCESS] Migration integrity verification completed +[INFO] Creating encrypted database file +[SUCCESS] Database migration completed successfully +``` + +### Migration Skipped (Safety) Logs +``` +[INFO] Migration status check completed - needsMigration: false +[INFO] Both encrypted and unencrypted databases exist. Skipping migration for safety +[WARN] Manual intervention may be required +``` + +### Migration Failure Logs +``` +[ERROR] Database migration failed +[ERROR] Backup available at: /app/data/db.sqlite.migration-backup-{timestamp} +[ERROR] Manual intervention required to recover data +``` + +## Manual Recovery Procedures + +### If Migration Fails: +1. **Locate backup file**: `db.sqlite.migration-backup-{timestamp}` +2. **Restore original**: `cp backup-file db.sqlite` +3. **Check logs**: Look for specific error details +4. **Fix issue**: Address the root cause (permissions, disk space, etc.) +5. **Retry**: Restart container to trigger migration again + +### If Both Databases Exist: +1. **Check dates**: Determine which file is newer +2. **Backup both**: Make copies before proceeding +3. **Remove older**: Delete the outdated database file +4. **Restart**: Container will detect single database + +### Emergency Data Recovery: +1. **Backup files are SQLite**: Can be opened with any SQLite client +2. **Manual export**: Use SQLite tools to export data +3. **Re-import**: Use Termix import functionality + +## Performance Expectations + +| Database Size | Expected Migration Time | Memory Usage | +|---------------|------------------------|--------------| +| < 10MB | < 5 seconds | < 50MB | +| 10-50MB | 5-15 seconds | < 100MB | +| 50-200MB | 15-45 seconds | < 200MB | +| 200MB+ | 45+ seconds | < 500MB | + +## Validation Checklist + +After migration, verify: +- [ ] All SSH hosts are accessible +- [ ] SSH credentials work correctly +- [ ] File manager recent/pinned items preserved +- [ ] User settings maintained +- [ ] OIDC configuration intact +- [ ] Admin users still have admin privileges +- [ ] Backup file exists and is valid SQLite +- [ ] Original file renamed (not deleted) +- [ ] Encrypted file is properly encrypted +- [ ] Migration APIs respond correctly + +## Monitoring Commands + +```bash +# Watch migration in real-time +docker logs -f container_id | grep -i migration + +# Check file sizes before/after +ls -la /host/data/db.sqlite* + +# Verify encrypted file +file /host/data/db.sqlite.encrypted + +# Monitor system resources during migration +docker stats container_id + +# Test database connectivity after migration +curl -H "Authorization: Bearer $TOKEN" \ + http://localhost:8081/hosts/list +``` + +## Common Issues & Solutions + +### Issue: "Permission denied" during backup creation +**Solution**: Check container file permissions and volume mounts + +### Issue: "Insufficient disk space" during migration +**Solution**: Free up space, migration requires 2x database size temporarily + +### Issue: "Database locked" error +**Solution**: Ensure no other processes are accessing the database file + +### Issue: Migration hangs indefinitely +**Solution**: Check for very large BLOB data, increase timeout or migrate manually + +### Issue: Encrypted file fails validation +**Solution**: Check DATABASE_KEY environment variable, ensure it's stable + +## Security Considerations + +- **Backup files contain unencrypted data**: Secure backup file access +- **Migration logs may contain sensitive info**: Review log retention policies +- **Temporary files during migration**: Ensure secure temp directory +- **Original files are preserved**: Plan for secure cleanup of old files +- **Admin API access**: Ensure proper authentication and authorization + +## Integration with CI/CD + +For automated testing in CI/CD pipelines: + +```bash +#!/bin/bash +# Migration integration test +set -e + +# Start with unencrypted test data +docker run -d --name test-migration \ + -v ./test-data:/app/data \ + termix:latest + +# Wait for startup +sleep 30 + +# Check migration status +RESPONSE=$(curl -s -H "Authorization: Bearer $TEST_TOKEN" \ + http://localhost:8081/database/migration/status) + +# Validate migration success +echo "$RESPONSE" | jq '.migrationStatus.needsMigration == false' + +# Cleanup +docker stop test-migration +docker rm test-migration +``` + +This comprehensive testing approach ensures the migration system handles all edge cases safely and provides administrators with full visibility into the migration process. \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 9a41d037..00000000 --- a/SECURITY.md +++ /dev/null @@ -1,267 +0,0 @@ -# Security Guide for Termix - -## Database Encryption - -Termix implements AES-256-GCM encryption for sensitive data stored in the database. This protects SSH credentials, passwords, and authentication tokens from unauthorized access. - -### Encrypted Fields - -The following database fields are automatically encrypted: - -**Users Table:** - -- `password_hash` - User password hashes -- `client_secret` - OIDC client secrets -- `totp_secret` - 2FA authentication seeds -- `totp_backup_codes` - 2FA backup codes - -**SSH Data Table:** - -- `password` - SSH connection passwords -- `key` - SSH private keys -- `keyPassword` - SSH private key passphrases - -**SSH Credentials Table:** - -- `password` - Stored SSH passwords -- `privateKey` - SSH private keys -- `keyPassword` - SSH private key passphrases - -### Configuration - -#### Required Environment Variables - -```bash -# Encryption master key (REQUIRED) -DB_ENCRYPTION_KEY=your-very-strong-encryption-key-32-chars-minimum -``` - -**⚠️ CRITICAL:** The encryption key must be: - -- At least 16 characters long (32+ recommended) -- Cryptographically random -- Unique per installation -- Safely backed up - -#### Optional Settings - -```bash -# Enable/disable encryption (default: true) -ENCRYPTION_ENABLED=true - -# Reject unencrypted data (default: false) -FORCE_ENCRYPTION=false - -# Auto-encrypt legacy data (default: true) -MIGRATE_ON_ACCESS=true -``` - -### Initial Setup - -#### 1. Generate Encryption Key - -```bash -# Generate a secure random key (Linux/macOS) -openssl rand -hex 32 - -# Or using Node.js -node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" -``` - -#### 2. Set Environment Variable - -```bash -# Add to your .env file -echo "DB_ENCRYPTION_KEY=$(openssl rand -hex 32)" >> .env -``` - -#### 3. Validate Configuration - -```bash -# Test encryption setup -npm run test:encryption -``` - -### Migration from Unencrypted Database - -If you have an existing Termix installation with unencrypted data: - -#### 1. Backup Your Database - -```bash -# Create backup before migration -cp ./db/data/db.sqlite ./db/data/db-backup-$(date +%Y%m%d-%H%M%S).sqlite -``` - -#### 2. Run Migration - -```bash -# Set encryption key -export DB_ENCRYPTION_KEY="your-secure-key-here" - -# Test migration (dry run) -npm run migrate:encryption -- --dry-run - -# Run actual migration -npm run migrate:encryption -``` - -#### 3. Verify Migration - -```bash -# Check encryption status -curl http://localhost:8081/encryption/status - -# Test application functionality -npm run test:encryption production -``` - -### Security Best Practices - -#### Key Management - -1. **Generate unique keys** for each installation -2. **Store keys securely** (use environment variables, not config files) -3. **Backup keys safely** (encrypted backups in secure locations) -4. **Rotate keys periodically** (implement key rotation schedule) - -#### Deployment Security - -```bash -# Production Docker example -docker run -d \ - -e DB_ENCRYPTION_KEY="$(cat /secure/location/encryption.key)" \ - -e ENCRYPTION_ENABLED=true \ - -e FORCE_ENCRYPTION=true \ - -v termix-data:/app/data \ - ghcr.io/lukegus/termix:latest -``` - -#### File System Protection - -```bash -# Secure database directory permissions -chmod 700 ./db/data/ -chmod 600 ./db/data/db.sqlite - -# Use encrypted storage if possible -# Consider full disk encryption for production -``` - -### Monitoring and Alerting - -#### Health Checks - -The encryption system provides health check endpoints: - -```bash -# Check encryption status -GET /encryption/status - -# Response format: -{ - "encryption": { - "enabled": true, - "configValid": true, - "forceEncryption": false, - "migrateOnAccess": true - }, - "migration": { - "isEncryptionEnabled": true, - "migrationCompleted": true, - "migrationDate": "2024-01-15T10:30:00Z" - } -} -``` - -#### Log Monitoring - -Monitor logs for encryption-related events: - -```bash -# Encryption initialization -"Database encryption initialized successfully" - -# Migration events -"Migration completed for table: users" - -# Security warnings -"DB_ENCRYPTION_KEY not set, using default (INSECURE)" -``` - -### Troubleshooting - -#### Common Issues - -**1. "Decryption failed" errors** - -- Verify `DB_ENCRYPTION_KEY` is correct -- Check if database was corrupted -- Restore from backup if necessary - -**2. Performance issues** - -- Encryption adds ~1ms per operation -- Consider disabling `MIGRATE_ON_ACCESS` after migration -- Monitor CPU usage during large migrations - -**3. Key rotation** - -```bash -# Generate new key -NEW_KEY=$(openssl rand -hex 32) - -# Update configuration -# Note: Requires re-encryption of all data -``` - -### Compliance Notes - -This encryption implementation helps meet requirements for: - -- **GDPR** - Personal data protection -- **SOC 2** - Data security controls -- **PCI DSS** - Sensitive data protection -- **HIPAA** - Healthcare data encryption (if applicable) - -### Security Limitations - -**What this protects against:** - -- Database file theft -- Disk access by unauthorized users -- Data breaches from file system access - -**What this does NOT protect against:** - -- Application-level vulnerabilities -- Memory dumps while application is running -- Attacks against the running application -- Social engineering attacks - -### Emergency Procedures - -#### Lost Encryption Key - -⚠️ **Data is unrecoverable without the encryption key** - -1. Check all backup locations -2. Restore from unencrypted backup if available -3. Contact system administrators - -#### Suspected Key Compromise - -1. **Immediately** generate new encryption key -2. Take application offline -3. Re-encrypt all sensitive data with new key -4. Investigate compromise source -5. Update security procedures - -### Support - -For security-related questions: - -- Open issue: [GitHub Issues](https://github.com/LukeGus/Termix/issues) -- Discord: [Termix Community](https://discord.gg/jVQGdvHDrf) - -**Do not share encryption keys or sensitive debugging information in public channels.** diff --git a/docker/.env.example b/docker/.env.example new file mode 100644 index 00000000..f354dc13 --- /dev/null +++ b/docker/.env.example @@ -0,0 +1,52 @@ +# Termix Docker Environment Configuration Example +# +# IMPORTANT: This file shows available environment variables. +# For most users, you DON'T need to create a .env file. +# Termix will auto-generate secure keys on first startup. +# +# Copy this file to .env ONLY if you need custom configuration: +# cp docker/.env.example docker/.env + +# ===== BASIC CONFIGURATION ===== +PORT=8080 +NODE_ENV=production + +# ===== SSL/HTTPS CONFIGURATION ===== +ENABLE_SSL=false +SSL_PORT=8443 +SSL_DOMAIN=localhost +SSL_CERT_PATH=/app/ssl/termix.crt +SSL_KEY_PATH=/app/ssl/termix.key + +# ===== SECURITY KEYS ===== +# WARNING: Only set these if you need specific keys for multi-instance deployment +# For single instance deployment, leave these EMPTY - Termix will auto-generate +# secure random keys and persist them in Docker volumes. +# +# If you DO set these, generate them with: openssl rand -hex 32 +JWT_SECRET= +DATABASE_KEY= +INTERNAL_AUTH_TOKEN= + +# ===== DATABASE CONFIGURATION ===== +DATABASE_ENCRYPTION=true + +# ===== CORS CONFIGURATION ===== +ALLOWED_ORIGINS=* + +# ===== DEPLOYMENT NOTES ===== +# +# Single Instance (Recommended): +# - Don't create .env file - let Termix auto-generate keys +# - Keys are automatically persisted in Docker volumes +# - Secure and maintenance-free +# +# Multi-Instance Cluster: +# - Set identical JWT_SECRET, DATABASE_KEY, INTERNAL_AUTH_TOKEN across all instances +# - Use shared storage for /app/data and /app/config volumes +# - Ensure all instances can access the same encryption keys +# +# Security Best Practices: +# - Never commit .env files to version control +# - Use Docker secrets in production environments +# - Regularly rotate keys (requires data migration) \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index 92d774a6..0d8419df 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -35,24 +35,11 @@ RUN npm rebuild better-sqlite3 --force RUN npm run build:backend -# Stage 4: Production dependencies +# Stage 4: Production dependencies with native modules FROM node:24-alpine AS production-deps WORKDIR /app -COPY package*.json ./ - -ENV npm_config_target_platform=linux -ENV npm_config_target_arch=x64 -ENV npm_config_target_libc=glibc - -RUN npm ci --only=production --ignore-scripts --force && \ - npm cache clean --force - -# Stage 5: Build native modules -FROM node:24-alpine AS native-builder -WORKDIR /app - -RUN apk add --no-cache python3 make g++ +RUN apk add --no-cache python3 make g++ COPY package*.json ./ @@ -60,10 +47,11 @@ ENV npm_config_target_platform=linux ENV npm_config_target_arch=x64 ENV npm_config_target_libc=glibc -# Install native modules and compile them properly -RUN npm ci --only=production --force && \ +# Install production dependencies and rebuild native modules in one stage +RUN npm ci --omit=dev --ignore-scripts --force && \ npm rebuild better-sqlite3 bcryptjs --force && \ - npm cache clean --force + npm cache clean --force && \ + rm -rf ~/.npm /tmp/* /var/cache/apk/* # Stage 6: Final image FROM node:24-alpine @@ -71,23 +59,26 @@ ENV DATA_DIR=/app/data \ PORT=8080 \ NODE_ENV=production -RUN apk add --no-cache nginx gettext su-exec && \ - mkdir -p /app/data && \ - chown -R node:node /app/data +RUN apk add --no-cache nginx gettext su-exec openssl && \ + mkdir -p /app/data /app/config /app/ssl && \ + chown -R node:node /app/data /app/config /app/ssl COPY docker/nginx.conf /etc/nginx/nginx.conf +COPY docker/nginx-https.conf /etc/nginx/nginx-https.conf COPY --from=frontend-builder /app/dist /usr/share/nginx/html COPY --from=frontend-builder /app/src/locales /usr/share/nginx/html/locales RUN chown -R nginx:nginx /usr/share/nginx/html WORKDIR /app -COPY --from=native-builder /app/node_modules /app/node_modules +COPY --from=production-deps /app/node_modules /app/node_modules COPY --from=backend-builder /app/dist/backend ./dist/backend COPY package.json ./ -COPY .env ./.env -RUN chown -R node:node /app +RUN chown -R node:node /app && \ + chmod 755 /app/config && \ + chmod 755 /app/ssl && \ + chmod 755 /app/data VOLUME ["/app/data"] diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 5e7ec7e9..179e0725 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,15 +1,67 @@ +# Termix Docker Compose Configuration +# +# QUICK START: Just run "docker-compose up -d" +# - Security keys are auto-generated on first startup +# - Keys are persisted in Docker volumes (survive container restarts) +# - No manual .env file needed for single-instance deployment +# +# See docker/.env.example for advanced configuration options + services: termix: - image: ghcr.io/lukegus/termix:latest + build: + context: .. + dockerfile: docker/Dockerfile container_name: termix restart: unless-stopped ports: - - "8080:8080" + # HTTP port (redirects to HTTPS if SSL enabled) + - "${PORT:-8080}:8080" + # HTTPS port (when SSL is enabled) + - "${SSL_PORT:-8443}:8443" volumes: - termix-data:/app/data + - termix-config:/app/config # Auto-generated .env keys are persisted here + # Optional: Mount custom SSL certificates + # - ./ssl:/app/ssl:ro environment: - PORT: "8080" + # Basic configuration + - PORT=${PORT:-8080} + - NODE_ENV=${NODE_ENV:-production} + + # SSL/TLS Configuration + - ENABLE_SSL=${ENABLE_SSL:-false} + - SSL_PORT=${SSL_PORT:-8443} + - SSL_DOMAIN=${SSL_DOMAIN:-localhost} + - SSL_CERT_PATH=${SSL_CERT_PATH:-/app/ssl/termix.crt} + - SSL_KEY_PATH=${SSL_KEY_PATH:-/app/ssl/termix.key} + + # Security keys (auto-generated if not provided) + # Leave empty to auto-generate secure random keys on first startup + # Set values only if you need specific keys for multi-instance deployment + - JWT_SECRET=${JWT_SECRET:-} + - DATABASE_KEY=${DATABASE_KEY:-} + - INTERNAL_AUTH_TOKEN=${INTERNAL_AUTH_TOKEN:-} + + # Database configuration + - DATABASE_ENCRYPTION=${DATABASE_ENCRYPTION:-true} + + # CORS configuration + - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-*} + + # Health check for both HTTP and HTTPS + healthcheck: + test: | + curl -f -k https://localhost:8443/health 2>/dev/null || + curl -f http://localhost:8080/health 2>/dev/null || + exit 1 + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s volumes: termix-data: driver: local + termix-config: + driver: local diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index a45affd0..cbd5fec0 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -2,9 +2,25 @@ set -e export PORT=${PORT:-8080} +export ENABLE_SSL=${ENABLE_SSL:-false} +export SSL_PORT=${SSL_PORT:-8443} +export SSL_CERT_PATH=${SSL_CERT_PATH:-/app/ssl/termix.crt} +export SSL_KEY_PATH=${SSL_KEY_PATH:-/app/ssl/termix.key} + echo "Configuring web UI to run on port: $PORT" -envsubst '${PORT}' < /etc/nginx/nginx.conf > /etc/nginx/nginx.conf.tmp +# Choose nginx configuration based on SSL setting +# Default: HTTP-only for easy setup +# Set ENABLE_SSL=true to use HTTPS with automatic redirect +if [ "$ENABLE_SSL" = "true" ]; then + echo "SSL enabled - using HTTPS configuration with redirect" + NGINX_CONF_SOURCE="/etc/nginx/nginx-https.conf" +else + echo "SSL disabled - using HTTP-only configuration (default)" + NGINX_CONF_SOURCE="/etc/nginx/nginx.conf" +fi + +envsubst '${PORT} ${SSL_PORT} ${SSL_CERT_PATH} ${SSL_KEY_PATH}' < $NGINX_CONF_SOURCE > /etc/nginx/nginx.conf.tmp mv /etc/nginx/nginx.conf.tmp /etc/nginx/nginx.conf mkdir -p /app/data diff --git a/docker/nginx-https.conf b/docker/nginx-https.conf new file mode 100644 index 00000000..8ae42ae3 --- /dev/null +++ b/docker/nginx-https.conf @@ -0,0 +1,211 @@ +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + keepalive_timeout 65; + + # SSL Configuration + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # HTTP Server - Redirect to HTTPS + server { + listen ${PORT}; + server_name localhost; + + # Redirect all HTTP traffic to HTTPS + return 301 https://$server_name:${SSL_PORT}$request_uri; + } + + # HTTPS Server + server { + listen ${SSL_PORT} ssl; + server_name localhost; + + # SSL Certificate paths + ssl_certificate ${SSL_CERT_PATH}; + ssl_certificate_key ${SSL_KEY_PATH}; + + # Security headers for HTTPS + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY always; + add_header X-Content-Type-Options nosniff always; + add_header X-XSS-Protection "1; mode=block" always; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + location ~ ^/users(/.*)?$ { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/version(/.*)?$ { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/releases(/.*)?$ { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/alerts(/.*)?$ { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/credentials(/.*)?$ { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/ { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # WebSocket proxy for authenticated terminal connections + location /ssh/websocket/ { + # Pass to WebSocket server with authentication support + proxy_pass http://127.0.0.1:8082/; + proxy_http_version 1.1; + + # WebSocket upgrade headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + # Pass client information for authentication logging + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Query parameters are passed by default with proxy_pass + + # WebSocket timeouts (longer for terminal sessions) + proxy_read_timeout 86400s; # 24 hours + proxy_send_timeout 86400s; # 24 hours + proxy_connect_timeout 10s; # Quick auth check + + # Disable buffering for real-time terminal + proxy_buffering off; + proxy_request_buffering off; + + # Handle connection errors gracefully + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + } + + location /ssh/tunnel/ { + proxy_pass http://127.0.0.1:8083; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/recent { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/pinned { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/shortcuts { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /ssh/file_manager/ssh/ { + proxy_pass http://127.0.0.1:8084; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /health { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/status(/.*)?$ { + proxy_pass http://127.0.0.1:8085; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ ^/metrics(/.*)?$ { + proxy_pass http://127.0.0.1:8085; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } +} \ No newline at end of file diff --git a/docker/nginx.conf b/docker/nginx.conf index 2a943a46..0b452d04 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -9,10 +9,23 @@ http { sendfile on; keepalive_timeout 65; + # SSL Configuration + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # HTTP Server - Redirect to HTTPS when SSL enabled server { listen ${PORT}; server_name localhost; + # Security headers + add_header X-Frame-Options DENY always; + add_header X-Content-Type-Options nosniff always; + add_header X-XSS-Protection "1; mode=block" always; + location / { root /usr/share/nginx/html; index index.html index.htm; @@ -72,25 +85,36 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } + # WebSocket proxy for authenticated terminal connections location /ssh/websocket/ { + # Pass to WebSocket server with authentication support proxy_pass http://127.0.0.1:8082/; proxy_http_version 1.1; + + # WebSocket upgrade headers proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; - proxy_read_timeout 300s; - proxy_send_timeout 300s; - proxy_connect_timeout 75s; - proxy_set_header Connection ""; - - proxy_buffering off; - proxy_request_buffering off; - + # Pass client information for authentication logging proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + + # Query parameters are passed by default with proxy_pass + + # WebSocket timeouts (longer for terminal sessions) + proxy_read_timeout 86400s; # 24 hours + proxy_send_timeout 86400s; # 24 hours + proxy_connect_timeout 10s; # Quick auth check + + # Disable buffering for real-time terminal + proxy_buffering off; + proxy_request_buffering off; + + # Handle connection errors gracefully + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; } location /ssh/tunnel/ { diff --git a/electron/preload.js b/electron/preload.js index f1354b0b..4c1087fc 100644 --- a/electron/preload.js +++ b/electron/preload.js @@ -23,21 +23,21 @@ contextBridge.exposeInMainWorld("electronAPI", { invoke: (channel, ...args) => ipcRenderer.invoke(channel, ...args), - // ================== 拖拽API ================== + // ================== Drag & Drop API ================== - // 创建临时文件用于拖拽 + // Create temporary file for dragging createTempFile: (fileData) => ipcRenderer.invoke("create-temp-file", fileData), - // 创建临时文件夹用于拖拽 + // Create temporary folder for dragging createTempFolder: (folderData) => ipcRenderer.invoke("create-temp-folder", folderData), - // 开始拖拽到桌面 + // Start dragging to desktop startDragToDesktop: (dragData) => ipcRenderer.invoke("start-drag-to-desktop", dragData), - // 清理临时文件 + // Cleanup temporary files cleanupTempFile: (tempId) => ipcRenderer.invoke("cleanup-temp-file", tempId), }); diff --git a/package-lock.json b/package-lock.json index 6c5a9cdb..f4b0933c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,6 +8,9 @@ "name": "termix", "version": "1.6.0", "dependencies": { + "@codemirror/autocomplete": "^6.18.7", + "@codemirror/comment": "^0.19.1", + "@codemirror/search": "^6.5.11", "@hookform/resolvers": "^5.1.1", "@monaco-editor/react": "^4.7.0", "@radix-ui/react-accordion": "^1.2.11", @@ -66,15 +69,23 @@ "nanoid": "^5.1.5", "next-themes": "^0.4.6", "node-fetch": "^3.3.2", + "pdfjs-dist": "^5.4.149", "qrcode": "^1.5.4", "react": "^19.1.0", "react-dom": "^19.1.0", + "react-h5-audio-player": "^3.10.1", "react-hook-form": "^7.60.0", "react-i18next": "^15.7.3", "react-icons": "^5.5.0", + "react-markdown": "^10.1.0", + "react-pdf": "^10.1.0", + "react-photo-view": "^1.2.7", + "react-player": "^3.3.3", "react-resizable-panels": "^3.0.3", "react-simple-keyboard": "^3.8.120", + "react-syntax-highlighter": "^15.6.6", "react-xtermjs": "^1.0.10", + "remark-gfm": "^4.0.1", "sonner": "^2.0.7", "speakeasy": "^2.0.0", "ssh2": "^1.16.0", @@ -98,6 +109,7 @@ "@vitejs/plugin-react-swc": "^3.10.2", "autoprefixer": "^10.4.21", "concurrently": "^9.2.1", + "cross-env": "^10.0.0", "electron": "^38.0.0", "electron-builder": "^26.0.12", "electron-icon-builder": "^2.0.1", @@ -148,6 +160,40 @@ "@lezer/common": "^1.1.0" } }, + "node_modules/@codemirror/comment": { + "version": "0.19.1", + "resolved": "https://registry.npmjs.org/@codemirror/comment/-/comment-0.19.1.tgz", + "integrity": "sha512-uGKteBuVWAC6fW+Yt8u27DOnXMT/xV4Ekk2Z5mRsiADCZDqYvryrJd6PLL5+8t64BVyocwQwNfz1UswYS2CtFQ==", + "deprecated": "As of 0.20.0, this package has been merged into @codemirror/commands", + "license": "MIT", + "dependencies": { + "@codemirror/state": "^0.19.9", + "@codemirror/text": "^0.19.0", + "@codemirror/view": "^0.19.0" + } + }, + "node_modules/@codemirror/comment/node_modules/@codemirror/state": { + "version": "0.19.9", + "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-0.19.9.tgz", + "integrity": "sha512-psOzDolKTZkx4CgUqhBQ8T8gBc0xN5z4gzed109aF6x7D7umpDRoimacI/O6d9UGuyl4eYuDCZmDFr2Rq7aGOw==", + "license": "MIT", + "dependencies": { + "@codemirror/text": "^0.19.0" + } + }, + "node_modules/@codemirror/comment/node_modules/@codemirror/view": { + "version": "0.19.48", + "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-0.19.48.tgz", + "integrity": "sha512-0eg7D2Nz4S8/caetCTz61rK0tkHI17V/d15Jy0kLOT8dTLGGNJUponDnW28h2B6bERmPlVHKh8MJIr5OCp1nGw==", + "license": "MIT", + "dependencies": { + "@codemirror/rangeset": "^0.19.5", + "@codemirror/state": "^0.19.3", + "@codemirror/text": "^0.19.0", + "style-mod": "^4.0.0", + "w3c-keyname": "^2.2.4" + } + }, "node_modules/@codemirror/lang-angular": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/@codemirror/lang-angular/-/lang-angular-0.1.4.tgz", @@ -476,6 +522,25 @@ "crelt": "^1.0.5" } }, + "node_modules/@codemirror/rangeset": { + "version": "0.19.9", + "resolved": "https://registry.npmjs.org/@codemirror/rangeset/-/rangeset-0.19.9.tgz", + "integrity": "sha512-V8YUuOvK+ew87Xem+71nKcqu1SXd5QROMRLMS/ljT5/3MCxtgrRie1Cvild0G/Z2f1fpWxzX78V0U4jjXBorBQ==", + "deprecated": "As of 0.20.0, this package has been merged into @codemirror/state", + "license": "MIT", + "dependencies": { + "@codemirror/state": "^0.19.0" + } + }, + "node_modules/@codemirror/rangeset/node_modules/@codemirror/state": { + "version": "0.19.9", + "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-0.19.9.tgz", + "integrity": "sha512-psOzDolKTZkx4CgUqhBQ8T8gBc0xN5z4gzed109aF6x7D7umpDRoimacI/O6d9UGuyl4eYuDCZmDFr2Rq7aGOw==", + "license": "MIT", + "dependencies": { + "@codemirror/text": "^0.19.0" + } + }, "node_modules/@codemirror/search": { "version": "6.5.11", "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.5.11.tgz", @@ -496,6 +561,13 @@ "@marijn/find-cluster-break": "^1.0.0" } }, + "node_modules/@codemirror/text": { + "version": "0.19.6", + "resolved": "https://registry.npmjs.org/@codemirror/text/-/text-0.19.6.tgz", + "integrity": "sha512-T9jnREMIygx+TPC1bOuepz18maGq/92q2a+n4qTqObKwvNMg+8cMTslb8yxeEDEq7S3kpgGWxgO1UWbQRij0dA==", + "deprecated": "As of 0.20.0, this package has been merged into @codemirror/state", + "license": "MIT" + }, "node_modules/@codemirror/theme-one-dark": { "version": "6.1.3", "resolved": "https://registry.npmjs.org/@codemirror/theme-one-dark/-/theme-one-dark-6.1.3.tgz", @@ -1254,71 +1326,12 @@ "node": ">= 10.0.0" } }, - "node_modules/@electron/windows-sign": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/@electron/windows-sign/-/windows-sign-1.2.2.tgz", - "integrity": "sha512-dfZeox66AvdPtb2lD8OsIIQh12Tp0GNCRUDfBHIKGpbmopZto2/A8nSpYYLoedPIHpqkeblZ/k8OV0Gy7PYuyQ==", + "node_modules/@epic-web/invariant": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@epic-web/invariant/-/invariant-1.0.0.tgz", + "integrity": "sha512-lrTPqgvfFQtR/eY/qkIzp98OGdNJu0m5ji3q/nJI8v3SXkRKEnWiOxMmbvcSoAIzv/cGiuvRy57k4suKQSAdwA==", "dev": true, - "license": "BSD-2-Clause", - "optional": true, - "peer": true, - "dependencies": { - "cross-dirname": "^0.1.0", - "debug": "^4.3.4", - "fs-extra": "^11.1.1", - "minimist": "^1.2.8", - "postject": "^1.0.0-alpha.6" - }, - "bin": { - "electron-windows-sign": "bin/electron-windows-sign.js" - }, - "engines": { - "node": ">=14.14" - } - }, - "node_modules/@electron/windows-sign/node_modules/fs-extra": { - "version": "11.3.1", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.1.tgz", - "integrity": "sha512-eXvGGwZ5CL17ZSwHWd3bbgk7UUpF6IFHtP57NYYakPvHOs8GDgDe5KJI36jIJzDkJ6eJjuzRA8eBQb6SkKue0g==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - }, - "engines": { - "node": ">=14.14" - } - }, - "node_modules/@electron/windows-sign/node_modules/jsonfile": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.0.tgz", - "integrity": "sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "universalify": "^2.0.0" - }, - "optionalDependencies": { - "graceful-fs": "^4.1.6" - } - }, - "node_modules/@electron/windows-sign/node_modules/universalify": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", - "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "engines": { - "node": ">= 10.0.0" - } + "license": "MIT" }, "node_modules/@esbuild/aix-ppc64": { "version": "0.25.9", @@ -2016,6 +2029,27 @@ "url": "https://github.com/sponsors/nzakas" } }, + "node_modules/@iconify/react": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/@iconify/react/-/react-5.2.1.tgz", + "integrity": "sha512-37GDR3fYDZmnmUn9RagyaX+zca24jfVOMY8E1IXTqJuE8pxNtN51KWPQe3VODOWvuUurq7q9uUu3CFrpqj5Iqg==", + "license": "MIT", + "dependencies": { + "@iconify/types": "^2.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/cyberalien" + }, + "peerDependencies": { + "react": ">=16" + } + }, + "node_modules/@iconify/types": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@iconify/types/-/types-2.0.0.tgz", + "integrity": "sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==", + "license": "MIT" + }, "node_modules/@isaacs/balanced-match": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz", @@ -2976,6 +3010,259 @@ "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, + "node_modules/@mux/mux-data-google-ima": { + "version": "0.2.8", + "resolved": "https://registry.npmjs.org/@mux/mux-data-google-ima/-/mux-data-google-ima-0.2.8.tgz", + "integrity": "sha512-0ZEkHdcZ6bS8QtcjFcoJeZxJTpX7qRIledf4q1trMWPznugvtajCjCM2kieK/pzkZj1JM6liDRFs1PJSfVUs2A==", + "license": "MIT", + "dependencies": { + "mux-embed": "5.9.0" + } + }, + "node_modules/@mux/mux-player": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/@mux/mux-player/-/mux-player-3.6.0.tgz", + "integrity": "sha512-yVWmTMJUoKNZZxsINFmz7ZUUR3GC+Qf7b6Qv2GTmUoYn14pO1aXywHLlMLDohstLIvdeOdh6F/WsD2/gDVSOmQ==", + "license": "MIT", + "dependencies": { + "@mux/mux-video": "0.27.0", + "@mux/playback-core": "0.31.0", + "media-chrome": "~4.13.1", + "player.style": "^0.2.0" + } + }, + "node_modules/@mux/mux-player-react": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/@mux/mux-player-react/-/mux-player-react-3.6.0.tgz", + "integrity": "sha512-bh2Z1fQqNkKCNUMS/3VU6jL2iY22155ZSIyizfz+bVX0EYHqdsS/iG95iDYLPlzA8WPyIh+J210tme68e1qP+w==", + "license": "MIT", + "dependencies": { + "@mux/mux-player": "3.6.0", + "@mux/playback-core": "0.31.0", + "prop-types": "^15.8.1" + }, + "peerDependencies": { + "@types/react": "^17.0.0 || ^17.0.0-0 || ^18 || ^18.0.0-0 || ^19 || ^19.0.0-0", + "react": "^17.0.2 || ^17.0.0-0 || ^18 || ^18.0.0-0 || ^19 || ^19.0.0-0", + "react-dom": "^17.0.2 || ^17.0.2-0 || ^18 || ^18.0.0-0 || ^19 || ^19.0.0-0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@mux/mux-video": { + "version": "0.27.0", + "resolved": "https://registry.npmjs.org/@mux/mux-video/-/mux-video-0.27.0.tgz", + "integrity": "sha512-Oi142YAcPKrmHTG+eaWHWaE7ucMHeJwx1FXABbLM2hMGj9MQ7kYjsD5J3meFlvuyz5UeVDsPLHeUJgeBXUZovg==", + "license": "MIT", + "dependencies": { + "@mux/mux-data-google-ima": "0.2.8", + "@mux/playback-core": "0.31.0", + "castable-video": "~1.1.10", + "custom-media-element": "~1.4.5", + "media-tracks": "~0.3.3" + } + }, + "node_modules/@mux/playback-core": { + "version": "0.31.0", + "resolved": "https://registry.npmjs.org/@mux/playback-core/-/playback-core-0.31.0.tgz", + "integrity": "sha512-VADcrtS4O6fQBH8qmgavS6h7v7amzy2oCguu1NnLaVZ3Z8WccNXcF0s7jPRoRDyXWGShgtVhypW2uXjLpkPxyw==", + "license": "MIT", + "dependencies": { + "hls.js": "~1.6.6", + "mux-embed": "^5.8.3" + } + }, + "node_modules/@napi-rs/canvas": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas/-/canvas-0.1.80.tgz", + "integrity": "sha512-DxuT1ClnIPts1kQx8FBmkk4BQDTfI5kIzywAaMjQSXfNnra5UFU9PwurXrl+Je3bJ6BGsp/zmshVVFbCmyI+ww==", + "license": "MIT", + "optional": true, + "workspaces": [ + "e2e/*" + ], + "engines": { + "node": ">= 10" + }, + "optionalDependencies": { + "@napi-rs/canvas-android-arm64": "0.1.80", + "@napi-rs/canvas-darwin-arm64": "0.1.80", + "@napi-rs/canvas-darwin-x64": "0.1.80", + "@napi-rs/canvas-linux-arm-gnueabihf": "0.1.80", + "@napi-rs/canvas-linux-arm64-gnu": "0.1.80", + "@napi-rs/canvas-linux-arm64-musl": "0.1.80", + "@napi-rs/canvas-linux-riscv64-gnu": "0.1.80", + "@napi-rs/canvas-linux-x64-gnu": "0.1.80", + "@napi-rs/canvas-linux-x64-musl": "0.1.80", + "@napi-rs/canvas-win32-x64-msvc": "0.1.80" + } + }, + "node_modules/@napi-rs/canvas-android-arm64": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-android-arm64/-/canvas-android-arm64-0.1.80.tgz", + "integrity": "sha512-sk7xhN/MoXeuExlggf91pNziBxLPVUqF2CAVnB57KLG/pz7+U5TKG8eXdc3pm0d7Od0WreB6ZKLj37sX9muGOQ==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-darwin-arm64": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-darwin-arm64/-/canvas-darwin-arm64-0.1.80.tgz", + "integrity": "sha512-O64APRTXRUiAz0P8gErkfEr3lipLJgM6pjATwavZ22ebhjYl/SUbpgM0xcWPQBNMP1n29afAC/Us5PX1vg+JNQ==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-darwin-x64": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-darwin-x64/-/canvas-darwin-x64-0.1.80.tgz", + "integrity": "sha512-FqqSU7qFce0Cp3pwnTjVkKjjOtxMqRe6lmINxpIZYaZNnVI0H5FtsaraZJ36SiTHNjZlUB69/HhxNDT1Aaa9vA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-linux-arm-gnueabihf": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-linux-arm-gnueabihf/-/canvas-linux-arm-gnueabihf-0.1.80.tgz", + "integrity": "sha512-eyWz0ddBDQc7/JbAtY4OtZ5SpK8tR4JsCYEZjCE3dI8pqoWUC8oMwYSBGCYfsx2w47cQgQCgMVRVTFiiO38hHQ==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-linux-arm64-gnu": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-linux-arm64-gnu/-/canvas-linux-arm64-gnu-0.1.80.tgz", + "integrity": "sha512-qwA63t8A86bnxhuA/GwOkK3jvb+XTQaTiVML0vAWoHyoZYTjNs7BzoOONDgTnNtr8/yHrq64XXzUoLqDzU+Uuw==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-linux-arm64-musl": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-linux-arm64-musl/-/canvas-linux-arm64-musl-0.1.80.tgz", + "integrity": "sha512-1XbCOz/ymhj24lFaIXtWnwv/6eFHXDrjP0jYkc6iHQ9q8oXKzUX1Lc6bu+wuGiLhGh2GS/2JlfORC5ZcXimRcg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-linux-riscv64-gnu": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-linux-riscv64-gnu/-/canvas-linux-riscv64-gnu-0.1.80.tgz", + "integrity": "sha512-XTzR125w5ZMs0lJcxRlS1K3P5RaZ9RmUsPtd1uGt+EfDyYMu4c6SEROYsxyatbbu/2+lPe7MPHOO/0a0x7L/gw==", + "cpu": [ + "riscv64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-linux-x64-gnu": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-linux-x64-gnu/-/canvas-linux-x64-gnu-0.1.80.tgz", + "integrity": "sha512-BeXAmhKg1kX3UCrJsYbdQd3hIMDH/K6HnP/pG2LuITaXhXBiNdh//TVVVVCBbJzVQaV5gK/4ZOCMrQW9mvuTqA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-linux-x64-musl": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-linux-x64-musl/-/canvas-linux-x64-musl-0.1.80.tgz", + "integrity": "sha512-x0XvZWdHbkgdgucJsRxprX/4o4sEed7qo9rCQA9ugiS9qE2QvP0RIiEugtZhfLH3cyI+jIRFJHV4Fuz+1BHHMg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@napi-rs/canvas-win32-x64-msvc": { + "version": "0.1.80", + "resolved": "https://registry.npmjs.org/@napi-rs/canvas-win32-x64-msvc/-/canvas-win32-x64-msvc-0.1.80.tgz", + "integrity": "sha512-Z8jPsM6df5V8B1HrCHB05+bDiCxjE9QA//3YrkKIdVDEwn5RKaqOxCJDRJkl48cJbylcrJbW4HxZbTte8juuPg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -4492,6 +4779,12 @@ "integrity": "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g==", "license": "MIT" }, + "node_modules/@svta/common-media-library": { + "version": "0.12.4", + "resolved": "https://registry.npmjs.org/@svta/common-media-library/-/common-media-library-0.12.4.tgz", + "integrity": "sha512-9EuOoaNmz7JrfGwjsrD9SxF9otU5TNMnbLu1yU4BeLK0W5cDxVXXR58Z89q9u2AnHjIctscjMTYdlqQ1gojTuw==", + "license": "Apache-2.0" + }, "node_modules/@swc/core": { "version": "1.13.5", "resolved": "https://registry.npmjs.org/@swc/core/-/core-1.13.5.tgz", @@ -5100,7 +5393,6 @@ "version": "4.1.12", "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==", - "dev": true, "license": "MIT", "dependencies": { "@types/ms": "*" @@ -5112,6 +5404,15 @@ "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", "license": "MIT" }, + "node_modules/@types/estree-jsx": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/@types/estree-jsx/-/estree-jsx-1.0.5.tgz", + "integrity": "sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg==", + "license": "MIT", + "dependencies": { + "@types/estree": "*" + } + }, "node_modules/@types/express": { "version": "5.0.3", "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.3.tgz", @@ -5145,6 +5446,15 @@ "@types/node": "*" } }, + "node_modules/@types/hast": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz", + "integrity": "sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "*" + } + }, "node_modules/@types/http-cache-semantics": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", @@ -5195,6 +5505,15 @@ "@types/node": "*" } }, + "node_modules/@types/mdast": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-4.0.4.tgz", + "integrity": "sha512-kGaNbPh1k7AFzgpud/gMdvIm5xuECykRR+JnWKQno9TAXVa6WIVCGTPvYGekIDL4uwCZQSYbUxNBSb1aUo79oA==", + "license": "MIT", + "dependencies": { + "@types/unist": "*" + } + }, "node_modules/@types/mime": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", @@ -5205,7 +5524,6 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz", "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==", - "dev": true, "license": "MIT" }, "node_modules/@types/multer": { @@ -5263,7 +5581,6 @@ "version": "19.1.12", "resolved": "https://registry.npmjs.org/@types/react/-/react-19.1.12.tgz", "integrity": "sha512-cMoR+FoAf/Jyq6+Df2/Z41jISvGZZ2eTlnsaJRptmZ76Caldwy1odD4xTr/gNV9VLj0AWgg/nmkevIyUfIIq5w==", - "devOptional": true, "license": "MIT", "dependencies": { "csstype": "^3.0.2" @@ -5353,6 +5670,12 @@ "license": "MIT", "peer": true }, + "node_modules/@types/unist": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", + "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", + "license": "MIT" + }, "node_modules/@types/verror": { "version": "1.10.11", "resolved": "https://registry.npmjs.org/@types/verror/-/verror-1.10.11.tgz", @@ -5746,6 +6069,22 @@ "react-dom": ">=17.0.0" } }, + "node_modules/@ungap/structured-clone": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.0.tgz", + "integrity": "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g==", + "license": "ISC" + }, + "node_modules/@vimeo/player": { + "version": "2.29.0", + "resolved": "https://registry.npmjs.org/@vimeo/player/-/player-2.29.0.tgz", + "integrity": "sha512-9JjvjeqUndb9otCCFd0/+2ESsLk7VkDE6sxOBy9iy2ukezuQbplVRi+g9g59yAurKofbmTi/KcKxBGO/22zWRw==", + "license": "MIT", + "dependencies": { + "native-promise-only": "0.8.1", + "weakmap-polyfill": "2.0.4" + } + }, "node_modules/@vitejs/plugin-react-swc": { "version": "3.11.0", "resolved": "https://registry.npmjs.org/@vitejs/plugin-react-swc/-/plugin-react-swc-3.11.0.tgz", @@ -6497,6 +6836,16 @@ "proxy-from-env": "^1.1.0" } }, + "node_modules/bail": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/bail/-/bail-2.0.2.tgz", + "integrity": "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", @@ -6530,6 +6879,45 @@ ], "license": "MIT" }, + "node_modules/bcp-47": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/bcp-47/-/bcp-47-2.1.0.tgz", + "integrity": "sha512-9IIS3UPrvIa1Ej+lVDdDwO7zLehjqsaByECw0bu2RRGP73jALm6FYbzI5gWbgHLvNdkvfXB5YrSbocZdOS0c0w==", + "license": "MIT", + "dependencies": { + "is-alphabetical": "^2.0.0", + "is-alphanumerical": "^2.0.0", + "is-decimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/bcp-47-match": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/bcp-47-match/-/bcp-47-match-2.0.3.tgz", + "integrity": "sha512-JtTezzbAibu8G0R9op9zb3vcWZd9JF6M0xOYGPn0fNCd7wOpRB1mU2mH9T8gaBGbAAyIIVgB2G7xG0GP98zMAQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/bcp-47-normalize": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/bcp-47-normalize/-/bcp-47-normalize-2.3.0.tgz", + "integrity": "sha512-8I/wfzqQvttUFz7HVJgIZ7+dj3vUaIyIxYXaTRP1YWoSDfzt6TUmxaKZeuXR62qBmYr+nvuWINFRl6pZ5DlN4Q==", + "license": "MIT", + "dependencies": { + "bcp-47": "^2.0.0", + "bcp-47-match": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/bcrypt-pbkdf": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz", @@ -7122,6 +7510,34 @@ "dev": true, "license": "Apache-2.0" }, + "node_modules/castable-video": { + "version": "1.1.10", + "resolved": "https://registry.npmjs.org/castable-video/-/castable-video-1.1.10.tgz", + "integrity": "sha512-/T1I0A4VG769wTEZ8gWuy1Crn9saAfRTd1UYTb8xbOPlN78+zOi/1nU2dD5koNkfE5VWvgabkIqrGKmyNXOjSQ==", + "license": "MIT", + "dependencies": { + "custom-media-element": "~1.4.5" + } + }, + "node_modules/ccount": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ccount/-/ccount-2.0.1.tgz", + "integrity": "sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/ce-la-react": { + "version": "0.3.1", + "resolved": "https://registry.npmjs.org/ce-la-react/-/ce-la-react-0.3.1.tgz", + "integrity": "sha512-g0YwpZDPIwTwFumGTzNHcgJA6VhFfFCJkSNdUdC04br2UfU+56JDrJrJva3FZ7MToB4NDHAFBiPE/PZdNl1mQA==", + "license": "BSD-3-Clause", + "peerDependencies": { + "react": ">=17.0.0" + } + }, "node_modules/centra": { "version": "2.7.0", "resolved": "https://registry.npmjs.org/centra/-/centra-2.7.0.tgz", @@ -7148,6 +7564,46 @@ "url": "https://github.com/chalk/chalk?sponsor=1" } }, + "node_modules/character-entities": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz", + "integrity": "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-entities-html4": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/character-entities-html4/-/character-entities-html4-2.1.0.tgz", + "integrity": "sha512-1v7fgQRj6hnSwFpq1Eu0ynr/CDEw0rXo2B61qXrLNdHZmPKgb7fqS1a2JwF0rISo9q77jDI8VMEHoApn8qDoZA==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-entities-legacy": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-3.0.0.tgz", + "integrity": "sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-reference-invalid": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-2.0.1.tgz", + "integrity": "sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/chownr": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz", @@ -7290,6 +7746,12 @@ "node": ">=4" } }, + "node_modules/cloudflare-video-element": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/cloudflare-video-element/-/cloudflare-video-element-1.3.4.tgz", + "integrity": "sha512-F9g+tXzGEXI6v6L48qXxr8vnR8+L6yy7IhpJxK++lpzuVekMHTixxH7/dzLuq6OacVGziU4RB5pzZYJ7/LYtJg==", + "license": "MIT" + }, "node_modules/clsx": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", @@ -7309,6 +7771,12 @@ "node": ">=0.10.0" } }, + "node_modules/codem-isoboxer": { + "version": "0.3.10", + "resolved": "https://registry.npmjs.org/codem-isoboxer/-/codem-isoboxer-0.3.10.tgz", + "integrity": "sha512-eNk3TRV+xQMJ1PEj0FQGY8KD4m0GPxT487XJ+Iftm7mVa9WpPFDMWqPt+46buiP5j5Wzqe5oMIhqBcAeKfygSA==", + "license": "MIT" + }, "node_modules/codemirror": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-6.0.2.tgz", @@ -7365,6 +7833,16 @@ "node": ">= 0.8" } }, + "node_modules/comma-separated-tokens": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-2.0.3.tgz", + "integrity": "sha512-Fu4hJdvzeylCfQPp9SGWidpzrMs7tTrlu6Vb8XGaRGck8QSNZJJp538Wrb60Lax4fPwR64ViY468OIUTbRlGZg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/commander": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", @@ -7684,14 +8162,23 @@ "integrity": "sha512-VQ2MBenTq1fWZUH9DJNGti7kKv6EeAuYr3cLwxUWhIu1baTaXh4Ib5W2CqHVqib4/MqbYGJqiL3Zb8GJZr3l4g==", "license": "MIT" }, - "node_modules/cross-dirname": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/cross-dirname/-/cross-dirname-0.1.0.tgz", - "integrity": "sha512-+R08/oI0nl3vfPcqftZRpytksBXDzOUveBq/NBVx0sUp1axwzPQrKinNx5yd5sxPu8j1wIy8AfnVQ+5eFdha6Q==", + "node_modules/cross-env": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/cross-env/-/cross-env-10.0.0.tgz", + "integrity": "sha512-aU8qlEK/nHYtVuN4p7UQgAwVljzMg8hB4YK5ThRqD2l/ziSnryncPNn7bMLt5cFYsKVKBh8HqLqyCoTupEUu7Q==", "dev": true, "license": "MIT", - "optional": true, - "peer": true + "dependencies": { + "@epic-web/invariant": "^1.0.0", + "cross-spawn": "^7.0.6" + }, + "bin": { + "cross-env": "dist/bin/cross-env.js", + "cross-env-shell": "dist/bin/cross-env-shell.js" + }, + "engines": { + "node": ">=20" + } }, "node_modules/cross-fetch": { "version": "4.0.0", @@ -7789,9 +8276,25 @@ "version": "3.1.3", "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz", "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==", - "devOptional": true, "license": "MIT" }, + "node_modules/custom-media-element": { + "version": "1.4.5", + "resolved": "https://registry.npmjs.org/custom-media-element/-/custom-media-element-1.4.5.tgz", + "integrity": "sha512-cjrsQufETwxjvwZbYbKBCJNvmQ2++G9AvT45zDi7NXL9k2PdVcs2h0jQz96J6G4TMKRCcEsoJ+QTgQD00Igtjw==", + "license": "MIT" + }, + "node_modules/dash-video-element": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/dash-video-element/-/dash-video-element-0.2.0.tgz", + "integrity": "sha512-dgmhBOte6JgvSvowvrh0Q/vhSrB52Q/AUl/KqminAUkPuUT3CCUNhto1X8ANigWkmNwhktFc/PCe0lF/4tBFwQ==", + "license": "MIT", + "dependencies": { + "custom-media-element": "^1.4.5", + "dashjs": "^5.0.3", + "media-tracks": "^0.3.3" + } + }, "node_modules/dashdash": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz", @@ -7805,6 +8308,24 @@ "node": ">=0.10" } }, + "node_modules/dashjs": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/dashjs/-/dashjs-5.0.3.tgz", + "integrity": "sha512-TXndNnCUjFjF2nYBxDVba+hWRpVkadkQ8flLp7kHkem+5+wZTfRShJCnVkPUosmjS0YPE9fVNLbYPJxHBeQZvA==", + "license": "BSD-3-Clause", + "dependencies": { + "@svta/common-media-library": "^0.12.4", + "bcp-47-match": "^2.0.3", + "bcp-47-normalize": "^2.3.0", + "codem-isoboxer": "0.3.10", + "fast-deep-equal": "3.1.3", + "html-entities": "^2.5.2", + "imsc": "^1.1.5", + "localforage": "^1.10.0", + "path-browserify": "^1.0.1", + "ua-parser-js": "^1.0.37" + } + }, "node_modules/data-uri-to-buffer": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", @@ -7840,6 +8361,19 @@ "node": ">=0.10.0" } }, + "node_modules/decode-named-character-reference": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.2.0.tgz", + "integrity": "sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q==", + "license": "MIT", + "dependencies": { + "character-entities": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/decompress-response": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", @@ -7973,6 +8507,15 @@ "node": ">= 0.8" } }, + "node_modules/dequal": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", + "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/detect-libc": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.4.tgz", @@ -7996,6 +8539,19 @@ "integrity": "sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==", "license": "MIT" }, + "node_modules/devlop": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz", + "integrity": "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==", + "license": "MIT", + "dependencies": { + "dequal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/diff": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", @@ -9224,6 +9780,16 @@ "node": ">=4.0" } }, + "node_modules/estree-util-is-identifier-name": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/estree-util-is-identifier-name/-/estree-util-is-identifier-name-3.0.0.tgz", + "integrity": "sha512-hFtqIDZTIUZ9BXLb8y4pYGyk6+wekIivNVTcmvk8NoOh+VeRn5y6cEHzbURrWbfp1fIqdVipilzj+lfaadNZmg==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, "node_modules/esutils": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", @@ -9340,7 +9906,6 @@ "version": "3.0.2", "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", - "dev": true, "license": "MIT" }, "node_modules/extract-zip": { @@ -9379,7 +9944,6 @@ "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", - "dev": true, "license": "MIT" }, "node_modules/fast-glob": { @@ -9436,6 +10000,19 @@ "reusify": "^1.0.4" } }, + "node_modules/fault": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/fault/-/fault-1.0.4.tgz", + "integrity": "sha512-CJ0HCB5tL5fYTEA7ToAq5+kTwd++Borf1/bifxd9iT70QcXr4MRrO3Llf8Ifs70q+SJcGHFtnIE/Nw6giCtECA==", + "license": "MIT", + "dependencies": { + "format": "^0.2.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/fd-slicer": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", @@ -9794,6 +10371,14 @@ "node": ">= 0.6" } }, + "node_modules/format": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/format/-/format-0.2.2.tgz", + "integrity": "sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww==", + "engines": { + "node": ">=0.4.x" + } + }, "node_modules/formdata-polyfill": { "version": "4.0.10", "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", @@ -10375,6 +10960,153 @@ "node": ">= 0.4" } }, + "node_modules/hast-util-parse-selector": { + "version": "2.2.5", + "resolved": "https://registry.npmjs.org/hast-util-parse-selector/-/hast-util-parse-selector-2.2.5.tgz", + "integrity": "sha512-7j6mrk/qqkSehsM92wQjdIgWM2/BW61u/53G6xmC8i1OmEdKLHbk419QKQUjz6LglWsfqoiHmyMRkP1BGjecNQ==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-jsx-runtime": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/hast-util-to-jsx-runtime/-/hast-util-to-jsx-runtime-2.3.6.tgz", + "integrity": "sha512-zl6s8LwNyo1P9uw+XJGvZtdFF1GdAkOg8ujOw+4Pyb76874fLps4ueHXDhXWdk6YHQ6OgUtinliG7RsYvCbbBg==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/unist": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "hast-util-whitespace": "^3.0.0", + "mdast-util-mdx-expression": "^2.0.0", + "mdast-util-mdx-jsx": "^3.0.0", + "mdast-util-mdxjs-esm": "^2.0.0", + "property-information": "^7.0.0", + "space-separated-tokens": "^2.0.0", + "style-to-js": "^1.0.0", + "unist-util-position": "^5.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-whitespace": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/hast-util-whitespace/-/hast-util-whitespace-3.0.0.tgz", + "integrity": "sha512-88JUN06ipLwsnv+dVn+OIYOvAuvBMy/Qoi6O7mQHxdPXpjy+Cd6xRkWwux7DKO+4sYILtLBRIKgsdpS2gQc7qw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hastscript": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/hastscript/-/hastscript-6.0.0.tgz", + "integrity": "sha512-nDM6bvd7lIqDUiYEiu5Sl/+6ReP0BMk/2f4U/Rooccxkj0P5nm+acM5PrGJ/t5I8qPGiqZSE6hVAwZEdZIvP4w==", + "license": "MIT", + "dependencies": { + "@types/hast": "^2.0.0", + "comma-separated-tokens": "^1.0.0", + "hast-util-parse-selector": "^2.0.0", + "property-information": "^5.0.0", + "space-separated-tokens": "^1.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hastscript/node_modules/@types/hast": { + "version": "2.3.10", + "resolved": "https://registry.npmjs.org/@types/hast/-/hast-2.3.10.tgz", + "integrity": "sha512-McWspRw8xx8J9HurkVBfYj0xKoE25tOFlHGdx4MJ5xORQrMGZNqJhVQWaIbm6Oyla5kYOXtDiopzKRJzEOkwJw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^2" + } + }, + "node_modules/hastscript/node_modules/@types/unist": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", + "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", + "license": "MIT" + }, + "node_modules/hastscript/node_modules/comma-separated-tokens": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-1.0.8.tgz", + "integrity": "sha512-GHuDRO12Sypu2cV70d1dkA2EUmXHgntrzbpvOB+Qy+49ypNfGgFQIC2fhhXbnyrJRynDCAARsT7Ou0M6hirpfw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/hastscript/node_modules/property-information": { + "version": "5.6.0", + "resolved": "https://registry.npmjs.org/property-information/-/property-information-5.6.0.tgz", + "integrity": "sha512-YUHSPk+A30YPv+0Qf8i9Mbfe/C0hdPXk1s1jPVToV8pk8BQtpw10ct89Eo7OWkutrwqvT0eicAxlOg3dOAu8JA==", + "license": "MIT", + "dependencies": { + "xtend": "^4.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/hastscript/node_modules/space-separated-tokens": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-1.1.5.tgz", + "integrity": "sha512-q/JSVd1Lptzhf5bkYm4ob4iWPjx0KiRe3sRFBNrVqbJkFaBm5vbbowy1mymoPNLRa52+oadOhJ+K49wsSeSjTA==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/highlight.js": { + "version": "10.7.3", + "resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-10.7.3.tgz", + "integrity": "sha512-tzcUFauisWKNHaRkN4Wjl/ZA07gENAjFl3J/c480dprkGTg5EQstgaNFqBfUqCq54kZRIEcreTsAgF/m2quD7A==", + "license": "BSD-3-Clause", + "engines": { + "node": "*" + } + }, + "node_modules/highlightjs-vue": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/highlightjs-vue/-/highlightjs-vue-1.0.0.tgz", + "integrity": "sha512-PDEfEF102G23vHmPhLyPboFCD+BkMGu+GuJe2d9/eH4FsCwvgBpnc9n0pGE+ffKdph38s6foEZiEjdgHdzp+IA==", + "license": "CC0-1.0" + }, + "node_modules/hls-video-element": { + "version": "1.5.8", + "resolved": "https://registry.npmjs.org/hls-video-element/-/hls-video-element-1.5.8.tgz", + "integrity": "sha512-DdeX5NzhM2Bj+ls5aaRrzSSnriK+r6lCrDa0YyfviNO4zb10JyAnJHZM214lXBWQghCm+fKmlWW1qpzdNoSAvQ==", + "license": "MIT", + "dependencies": { + "custom-media-element": "^1.4.5", + "hls.js": "^1.6.5", + "media-tracks": "^0.3.3" + } + }, + "node_modules/hls.js": { + "version": "1.6.13", + "resolved": "https://registry.npmjs.org/hls.js/-/hls.js-1.6.13.tgz", + "integrity": "sha512-hNEzjZNHf5bFrUNvdS4/1RjIanuJ6szpWNfTaX5I6WfGynWXGT7K/YQLYtemSvFExzeMdgdE4SsyVLJbd5PcZA==", + "license": "Apache-2.0" + }, "node_modules/hosted-git-info": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz", @@ -10388,6 +11120,22 @@ "node": ">=10" } }, + "node_modules/html-entities": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.6.0.tgz", + "integrity": "sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/mdevils" + }, + { + "type": "patreon", + "url": "https://patreon.com/mdevils" + } + ], + "license": "MIT" + }, "node_modules/html-parse-stringify": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/html-parse-stringify/-/html-parse-stringify-3.0.1.tgz", @@ -10397,6 +11145,16 @@ "void-elements": "3.1.0" } }, + "node_modules/html-url-attributes": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/html-url-attributes/-/html-url-attributes-3.0.1.tgz", + "integrity": "sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, "node_modules/http-cache-semantics": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz", @@ -10700,6 +11458,21 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/imsc": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/imsc/-/imsc-1.1.5.tgz", + "integrity": "sha512-V8je+CGkcvGhgl2C1GlhqFFiUOIEdwXbXLiu1Fcubvvbo+g9inauqT3l0pNYXGoLPBj3jxtZz9t+wCopMkwadQ==", + "license": "BSD-2-Clause", + "dependencies": { + "sax": "1.2.1" + } + }, + "node_modules/imsc/node_modules/sax": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "integrity": "sha512-8I2a3LovHTOpm7NV5yOyO8IHqgVsfK4+UuySrXU8YXkSRX7k6hCV9b3HrkKCr3nMpgj+0bmocaJJWpvp1oc7ZA==", + "license": "ISC" + }, "node_modules/imurmurhash": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", @@ -10751,6 +11524,12 @@ "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", "license": "ISC" }, + "node_modules/inline-style-parser": { + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.2.4.tgz", + "integrity": "sha512-0aO8FkhNZlj/ZIbNi7Lxxr12obT7cL1moPfE4tg1LkX7LlLfC6DeX4l2ZEud1ukP9jNQyNnfzQVqwbwmAATY4Q==", + "license": "MIT" + }, "node_modules/invert-kv": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/invert-kv/-/invert-kv-1.0.0.tgz", @@ -10780,6 +11559,30 @@ "node": ">= 0.10" } }, + "node_modules/is-alphabetical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz", + "integrity": "sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-alphanumerical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-2.0.1.tgz", + "integrity": "sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==", + "license": "MIT", + "dependencies": { + "is-alphabetical": "^2.0.0", + "is-decimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/is-arrayish": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", @@ -10816,6 +11619,16 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/is-decimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-2.0.1.tgz", + "integrity": "sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/is-docker": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", @@ -10871,6 +11684,16 @@ "node": ">=0.10.0" } }, + "node_modules/is-hexadecimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz", + "integrity": "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/is-interactive": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-1.0.0.tgz", @@ -10918,6 +11741,18 @@ "node": ">=8" } }, + "node_modules/is-plain-obj": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "integrity": "sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/is-promise": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", @@ -11100,6 +11935,12 @@ "integrity": "sha512-hNngCeKxIUQiEUN3GPJOkz4wF/YvdUdbNL9hsBcMQTkKzboD7T/q3OYOuuPZLUE6dBxSGpwhk5mwuDud7JVAow==", "license": "BSD-3-Clause" }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "license": "MIT" + }, "node_modules/js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", @@ -11691,6 +12532,24 @@ "node": ">=4" } }, + "node_modules/localforage": { + "version": "1.10.0", + "resolved": "https://registry.npmjs.org/localforage/-/localforage-1.10.0.tgz", + "integrity": "sha512-14/H1aX7hzBBmmh7sGPd+AOMkkIrHM3Z1PAyGgZigA1H1p5O5ANnMyWzvpAETtG68/dC4pC0ncy3+PPGzXZHPg==", + "license": "Apache-2.0", + "dependencies": { + "lie": "3.1.1" + } + }, + "node_modules/localforage/node_modules/lie": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/lie/-/lie-3.1.1.tgz", + "integrity": "sha512-RiNhHysUjhrDQntfYSfY4MU24coXXdEOgw9WGcKHNeEwffDYbF//u87M1EWaMGzuFoSbqW0C9C6lEEhDOAswfw==", + "license": "MIT", + "dependencies": { + "immediate": "~3.0.5" + } + }, "node_modules/locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", @@ -11788,6 +12647,28 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/longest-streak": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-3.1.0.tgz", + "integrity": "sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "license": "MIT", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, "node_modules/lowercase-keys": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", @@ -11798,6 +12679,20 @@ "node": ">=8" } }, + "node_modules/lowlight": { + "version": "1.20.0", + "resolved": "https://registry.npmjs.org/lowlight/-/lowlight-1.20.0.tgz", + "integrity": "sha512-8Ktj+prEb1RoCPkEOrPMYUN/nCggB7qAWe3a7OpMjWQkh3l2RD5wKRQ+o8Q8YuI9RG/xs95waaI/E6ym/7NsTw==", + "license": "MIT", + "dependencies": { + "fault": "^1.0.0", + "highlight.js": "~10.7.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -11836,6 +12731,15 @@ "@jridgewell/sourcemap-codec": "^1.5.5" } }, + "node_modules/make-cancellable-promise": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/make-cancellable-promise/-/make-cancellable-promise-2.0.0.tgz", + "integrity": "sha512-3SEQqTpV9oqVsIWqAcmDuaNeo7yBO3tqPtqGRcKkEo0lrzD3wqbKG9mkxO65KoOgXqj+zH2phJ2LiAsdzlogSw==", + "license": "MIT", + "funding": { + "url": "https://github.com/wojtekmaj/make-cancellable-promise?sponsor=1" + } + }, "node_modules/make-error": { "version": "1.3.6", "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", @@ -11843,6 +12747,15 @@ "dev": true, "license": "ISC" }, + "node_modules/make-event-props": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/make-event-props/-/make-event-props-2.0.0.tgz", + "integrity": "sha512-G/hncXrl4Qt7mauJEXSg3AcdYzmpkIITTNl5I+rH9sog5Yw0kK6vseJjCaPfOXqOqQuPUP89Rkhfz5kPS8ijtw==", + "license": "MIT", + "funding": { + "url": "https://github.com/wojtekmaj/make-event-props?sponsor=1" + } + }, "node_modules/make-fetch-happen": { "version": "10.2.1", "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-10.2.1.tgz", @@ -11953,6 +12866,16 @@ "dev": true, "license": "ISC" }, + "node_modules/markdown-table": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-3.0.4.tgz", + "integrity": "sha512-wiYz4+JrLyb/DqW2hkFJxP7Vd7JuTDm77fvbM8VfEQdmSMqcImWeeRbHwZjBjIFki/VaMK2BhFi7oUUZeM5bqw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/matcher": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/matcher/-/matcher-3.0.0.tgz", @@ -11976,6 +12899,303 @@ "node": ">= 0.4" } }, + "node_modules/mdast-util-find-and-replace": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/mdast-util-find-and-replace/-/mdast-util-find-and-replace-3.0.2.tgz", + "integrity": "sha512-Tmd1Vg/m3Xz43afeNxDIhWRtFZgM2VLyaf4vSTYwudTyeuTneoL3qtWMA5jeLyz/O1vDJmmV4QuScFCA2tBPwg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "escape-string-regexp": "^5.0.0", + "unist-util-is": "^6.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-find-and-replace/node_modules/escape-string-regexp": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz", + "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mdast-util-from-markdown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-2.0.2.tgz", + "integrity": "sha512-uZhTV/8NBuw0WHkPTrCqDOl0zVe1BIng5ZtHoDk49ME1qqcjYmmLmOf0gELgcRMxN4w2iuIeVso5/6QymSrgmA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "mdast-util-to-string": "^4.0.0", + "micromark": "^4.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-decode-string": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unist-util-stringify-position": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm/-/mdast-util-gfm-3.1.0.tgz", + "integrity": "sha512-0ulfdQOM3ysHhCJ1p06l0b0VKlhU0wuQs3thxZQagjcjPrlFRqY215uZGHHJan9GEAXd9MbfPjFJz+qMkVR6zQ==", + "license": "MIT", + "dependencies": { + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-gfm-autolink-literal": "^2.0.0", + "mdast-util-gfm-footnote": "^2.0.0", + "mdast-util-gfm-strikethrough": "^2.0.0", + "mdast-util-gfm-table": "^2.0.0", + "mdast-util-gfm-task-list-item": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-autolink-literal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-2.0.1.tgz", + "integrity": "sha512-5HVP2MKaP6L+G6YaxPNjuL0BPrq9orG3TsrZ9YXbA3vDw/ACI4MEsnoDpn6ZNm7GnZgtAcONJyPhOP8tNJQavQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "ccount": "^2.0.0", + "devlop": "^1.0.0", + "mdast-util-find-and-replace": "^3.0.0", + "micromark-util-character": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-footnote": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-2.1.0.tgz", + "integrity": "sha512-sqpDWlsHn7Ac9GNZQMeUzPQSMzR6Wv0WKRNvQRg0KqHh02fpTz69Qc1QSseNX29bhz1ROIyNyxExfawVKTm1GQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.1.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-strikethrough": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-2.0.0.tgz", + "integrity": "sha512-mKKb915TF+OC5ptj5bJ7WFRPdYtuHv0yTRxK2tJvi+BDqbkiG7h7u/9SI89nRAYcmap2xHQL9D+QG/6wSrTtXg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-table": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-table/-/mdast-util-gfm-table-2.0.0.tgz", + "integrity": "sha512-78UEvebzz/rJIxLvE7ZtDd/vIQ0RHv+3Mh5DR96p7cS7HsBhYIICDBCu8csTNWNO6tBWfqXPWekRuj2FNOGOZg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "markdown-table": "^3.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-task-list-item": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-2.0.0.tgz", + "integrity": "sha512-IrtvNvjxC1o06taBAVJznEnkiHxLFTzgonUdy8hzFVeDun0uTjxxrRGVaNFqkU1wJR3RBPEfsxmU6jDWPofrTQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx-expression": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-mdx-expression/-/mdast-util-mdx-expression-2.0.1.tgz", + "integrity": "sha512-J6f+9hUp+ldTZqKRSg7Vw5V6MqjATc+3E4gf3CFNcuZNWD8XdyI6zQ8GqH7f8169MM6P7hMBRDVGnn7oHB9kXQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx-jsx": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/mdast-util-mdx-jsx/-/mdast-util-mdx-jsx-3.2.0.tgz", + "integrity": "sha512-lj/z8v0r6ZtsN/cGNNtemmmfoLAFZnjMbNyLzBafjzikOM+glrjNHPlf6lQDOTccj9n5b0PPihEBbhneMyGs1Q==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "ccount": "^2.0.0", + "devlop": "^1.1.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "parse-entities": "^4.0.0", + "stringify-entities": "^4.0.0", + "unist-util-stringify-position": "^4.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdxjs-esm": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-mdxjs-esm/-/mdast-util-mdxjs-esm-2.0.1.tgz", + "integrity": "sha512-EcmOpxsZ96CvlP03NghtH1EsLtr0n9Tm4lPUJUBccV9RwUOneqSycg19n5HGzCf+10LozMRSObtVr3ee1WoHtg==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-phrasing": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-phrasing/-/mdast-util-phrasing-4.1.0.tgz", + "integrity": "sha512-TqICwyvJJpBwvGAMZjj4J2n0X8QWp21b9l0o7eXyVJ25YNWYbJDVIyD1bZXE6WtV6RmKJVYmQAKWa0zWOABz2w==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "unist-util-is": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-hast": { + "version": "13.2.0", + "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz", + "integrity": "sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "@ungap/structured-clone": "^1.0.0", + "devlop": "^1.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "trim-lines": "^3.0.0", + "unist-util-position": "^5.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-markdown": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/mdast-util-to-markdown/-/mdast-util-to-markdown-2.1.2.tgz", + "integrity": "sha512-xj68wMTvGXVOKonmog6LwyJKrYXZPvlwabaryTjLh9LuvovB/KAH+kvi8Gjj+7rJjsFi23nkUxRQv1KqSroMqA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "longest-streak": "^3.0.0", + "mdast-util-phrasing": "^4.0.0", + "mdast-util-to-string": "^4.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-decode-string": "^2.0.0", + "unist-util-visit": "^5.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-4.0.0.tgz", + "integrity": "sha512-0H44vDimn51F0YwvxSJSm0eCDOJTRlmN0R1yBh4HLj9wiV1Dn0QoXGbvFAWj2hSItVTlCmBF1hqKlIyUBVFLPg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/media-chrome": { + "version": "4.13.1", + "resolved": "https://registry.npmjs.org/media-chrome/-/media-chrome-4.13.1.tgz", + "integrity": "sha512-jPPwYrFkM4ky27/xNYEeyRPOBC7qvru4Oydy7vQHMHplXLQJmjtcauhlLPvG0O5kkYFEaOBXv5zGYes/UxOoVw==", + "license": "MIT", + "dependencies": { + "ce-la-react": "^0.3.0" + } + }, + "node_modules/media-tracks": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/media-tracks/-/media-tracks-0.3.3.tgz", + "integrity": "sha512-9P2FuUHnZZ3iji+2RQk7Zkh5AmZTnOG5fODACnjhCVveX1McY3jmCRHofIEI+yTBqplz7LXy48c7fQ3Uigp88w==", + "license": "MIT" + }, "node_modules/media-typer": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", @@ -11997,6 +13217,23 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/merge-refs": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-refs/-/merge-refs-2.0.0.tgz", + "integrity": "sha512-3+B21mYK2IqUWnd2EivABLT7ueDhb0b8/dGK8LoFQPrU61YITeCMn14F7y7qZafWNZhUEKb24cJdiT5Wxs3prg==", + "license": "MIT", + "funding": { + "url": "https://github.com/wojtekmaj/merge-refs?sponsor=1" + }, + "peerDependencies": { + "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, "node_modules/merge2": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", @@ -12007,6 +13244,569 @@ "node": ">= 8" } }, + "node_modules/micromark": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/micromark/-/micromark-4.0.2.tgz", + "integrity": "sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/debug": "^4.0.0", + "debug": "^4.0.0", + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.3.tgz", + "integrity": "sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-destination": "^2.0.0", + "micromark-factory-label": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-factory-title": "^2.0.0", + "micromark-factory-whitespace": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-html-tag-name": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm/-/micromark-extension-gfm-3.0.0.tgz", + "integrity": "sha512-vsKArQsicm7t0z2GugkCKtZehqUm31oeGBV/KVSorWSy8ZlNAv7ytjFhvaryUiCUJYqs+NoE6AFhpQvBTM6Q4w==", + "license": "MIT", + "dependencies": { + "micromark-extension-gfm-autolink-literal": "^2.0.0", + "micromark-extension-gfm-footnote": "^2.0.0", + "micromark-extension-gfm-strikethrough": "^2.0.0", + "micromark-extension-gfm-table": "^2.0.0", + "micromark-extension-gfm-tagfilter": "^2.0.0", + "micromark-extension-gfm-task-list-item": "^2.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.1.0.tgz", + "integrity": "sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==", + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-footnote": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.1.0.tgz", + "integrity": "sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-strikethrough": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-2.1.0.tgz", + "integrity": "sha512-ADVjpOOkjz1hhkZLlBiYA9cR2Anf8F4HqZUO6e5eDcPQd0Txw5fxLzzxnEkSkfnD0wziSGiv7sYhk/ktvbf1uw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-table": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.1.tgz", + "integrity": "sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-tagfilter": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-2.0.0.tgz", + "integrity": "sha512-xHlTOmuCSotIA8TW1mDIM6X2O1SiX5P9IuDtqGonFhEK0qgRI4yeC6vMxEV2dgyr2TiD+2PQ10o+cOhdVAcwfg==", + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-task-list-item": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-2.1.0.tgz", + "integrity": "sha512-qIBZhqxqI6fjLDYFTBIa4eivDMnP+OZqsNwmQ3xNLE4Cxwc+zfQEfbs6tzAo2Hjq+bh6q5F+Z8/cksrLFYWQQw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-factory-destination": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-2.0.1.tgz", + "integrity": "sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-label": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-2.0.1.tgz", + "integrity": "sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-2.0.1.tgz", + "integrity": "sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-2.0.1.tgz", + "integrity": "sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-chunked": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-2.0.1.tgz", + "integrity": "sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-classify-character": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-2.0.1.tgz", + "integrity": "sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-combine-extensions": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-2.0.1.tgz", + "integrity": "sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-chunked": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-numeric-character-reference": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-2.0.2.tgz", + "integrity": "sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-string": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-decode-string/-/micromark-util-decode-string-2.0.1.tgz", + "integrity": "sha512-nDV/77Fj6eH1ynwscYTOsbK7rR//Uj0bZXBwJZRfaLEJ1iGBR6kIfNmlNqaqJf649EP0F3NWNdeJi03elllNUQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "decode-named-character-reference": "^1.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-encode": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-2.0.1.tgz", + "integrity": "sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-html-tag-name": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-2.0.1.tgz", + "integrity": "sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-normalize-identifier": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-2.0.1.tgz", + "integrity": "sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-resolve-all": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-2.0.1.tgz", + "integrity": "sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-2.0.1.tgz", + "integrity": "sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-subtokenize": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-2.1.0.tgz", + "integrity": "sha512-XQLu552iSctvnEcgXw6+Sx75GflAPNED1qx7eBJ+wydBb2KCbRZe+NwvIEEMM83uml1+2WSXpBAcp9IUCgCYWA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-types": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.2.tgz", + "integrity": "sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, "node_modules/micromatch": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", @@ -12418,6 +14218,12 @@ "node": ">= 0.6" } }, + "node_modules/mux-embed": { + "version": "5.9.0", + "resolved": "https://registry.npmjs.org/mux-embed/-/mux-embed-5.9.0.tgz", + "integrity": "sha512-wmunL3uoPhma/tWy8PrDPZkvJpXvSFBwbD3KkC4PG8Ztjfb1X3hRJwGUAQyRz7z99b/ovLm2UTTitrkvStjH4w==", + "license": "MIT" + }, "node_modules/nan": { "version": "2.23.0", "resolved": "https://registry.npmjs.org/nan/-/nan-2.23.0.tgz", @@ -12449,6 +14255,12 @@ "integrity": "sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==", "license": "MIT" }, + "node_modules/native-promise-only": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/native-promise-only/-/native-promise-only-0.8.1.tgz", + "integrity": "sha512-zkVhZUA3y8mbz652WrL5x0fB0ehrBkulWT3TomAQ9iDtyXZvzKeEA6GPxAItBYeNYl5yngKRX612qHOhvMkDeg==", + "license": "MIT" + }, "node_modules/natural-compare": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", @@ -12901,6 +14713,31 @@ "xml2js": "^0.5.0" } }, + "node_modules/parse-entities": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-4.0.2.tgz", + "integrity": "sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^2.0.0", + "character-entities-legacy": "^3.0.0", + "character-reference-invalid": "^2.0.0", + "decode-named-character-reference": "^1.0.0", + "is-alphanumerical": "^2.0.0", + "is-decimal": "^2.0.0", + "is-hexadecimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/parse-entities/node_modules/@types/unist": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", + "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", + "license": "MIT" + }, "node_modules/parse-headers": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/parse-headers/-/parse-headers-2.0.6.tgz", @@ -12930,6 +14767,12 @@ "node": ">= 0.8" } }, + "node_modules/path-browserify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz", + "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==", + "license": "MIT" + }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", @@ -13013,6 +14856,18 @@ "node": ">=4" } }, + "node_modules/pdfjs-dist": { + "version": "5.4.149", + "resolved": "https://registry.npmjs.org/pdfjs-dist/-/pdfjs-dist-5.4.149.tgz", + "integrity": "sha512-Xe8/1FMJEQPUVSti25AlDpwpUm2QAVmNOpFP0SIahaPIOKBKICaefbzogLdwey3XGGoaP4Lb9wqiw2e9Jqp0LA==", + "license": "Apache-2.0", + "engines": { + "node": ">=20.16.0 || >=22.3.0" + }, + "optionalDependencies": { + "@napi-rs/canvas": "^0.1.77" + } + }, "node_modules/pe-library": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/pe-library/-/pe-library-0.4.1.tgz", @@ -13288,6 +15143,22 @@ "node": ">=4.0.0" } }, + "node_modules/player.style": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/player.style/-/player.style-0.2.0.tgz", + "integrity": "sha512-Ngoaz49TClptMr8HDA2IFmjT3Iq6R27QEUH/C+On33L59RSF3dCLefBYB1Au2RDZQJ6oVFpc1sXaPVpp7fEzzA==", + "license": "MIT", + "workspaces": [ + ".", + "site", + "examples/*", + "scripts/*", + "themes/*" + ], + "dependencies": { + "media-chrome": "~4.13.0" + } + }, "node_modules/plist": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/plist/-/plist-3.1.0.tgz", @@ -13372,36 +15243,6 @@ "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" } }, - "node_modules/postject": { - "version": "1.0.0-alpha.6", - "resolved": "https://registry.npmjs.org/postject/-/postject-1.0.0-alpha.6.tgz", - "integrity": "sha512-b9Eb8h2eVqNE8edvKdwqkrY6O7kAwmI8kcnBv1NScolYJbo59XUF0noFq+lxbC1yN20bmC0WBEbDC5H/7ASb0A==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "commander": "^9.4.0" - }, - "bin": { - "postject": "dist/cli.js" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/postject/node_modules/commander": { - "version": "9.5.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.5.0.tgz", - "integrity": "sha512-KRs7WVDKg86PWiuAqhDrAQnTXZKraVcCc6vFdL14qrZ/DcWwuRo7VoiYXalXO7S5GKpqYiVEwCbgFDfxNHKJBQ==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "engines": { - "node": "^12.20.0 || >=14" - } - }, "node_modules/prebuild-install": { "version": "7.1.3", "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.3.tgz", @@ -13454,6 +15295,15 @@ "url": "https://github.com/prettier/prettier?sponsor=1" } }, + "node_modules/prismjs": { + "version": "1.30.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.30.0.tgz", + "integrity": "sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/proc-log": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-2.0.1.tgz", @@ -13511,6 +15361,27 @@ "node": ">=10" } }, + "node_modules/prop-types": { + "version": "15.8.1", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", + "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.13.1" + } + }, + "node_modules/property-information": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/property-information/-/property-information-7.1.0.tgz", + "integrity": "sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/proxy-addr": { "version": "2.0.7", "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", @@ -13727,6 +15598,20 @@ "react": "^19.1.1" } }, + "node_modules/react-h5-audio-player": { + "version": "3.10.1", + "resolved": "https://registry.npmjs.org/react-h5-audio-player/-/react-h5-audio-player-3.10.1.tgz", + "integrity": "sha512-r6fSj9WXR6af1kxH5qQ/tawwDK4KrMfayiVCUettLYGX/KZ3BH8OGuaZP4O5KD0AxwsKAXtBv4kVQCWFzaIrUA==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.10.2", + "@iconify/react": "^5" + }, + "peerDependencies": { + "react": "^16.3.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", + "react-dom": "^16.3.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" + } + }, "node_modules/react-hook-form": { "version": "7.62.0", "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.62.0.tgz", @@ -13778,6 +15663,113 @@ "react": "*" } }, + "node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", + "license": "MIT" + }, + "node_modules/react-markdown": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/react-markdown/-/react-markdown-10.1.0.tgz", + "integrity": "sha512-qKxVopLT/TyA6BX3Ue5NwabOsAzm0Q7kAPwq6L+wWDwisYs7R8vZ0nRXqq6rkueboxpkjvLGU9fWifiX/ZZFxQ==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "hast-util-to-jsx-runtime": "^2.0.0", + "html-url-attributes": "^3.0.0", + "mdast-util-to-hast": "^13.0.0", + "remark-parse": "^11.0.0", + "remark-rehype": "^11.0.0", + "unified": "^11.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + }, + "peerDependencies": { + "@types/react": ">=18", + "react": ">=18" + } + }, + "node_modules/react-pdf": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/react-pdf/-/react-pdf-10.1.0.tgz", + "integrity": "sha512-iUI1YqWgwwZcsXjrehTp3Yi8nT/bvTaWULaRMMyJWvoqqSlopk4LQQ9GDqUnDtX3gzT2glrqrLbjIPl56a+Q3w==", + "license": "MIT", + "dependencies": { + "clsx": "^2.0.0", + "dequal": "^2.0.3", + "make-cancellable-promise": "^2.0.0", + "make-event-props": "^2.0.0", + "merge-refs": "^2.0.0", + "pdfjs-dist": "5.3.93", + "tiny-invariant": "^1.0.0", + "warning": "^4.0.0" + }, + "funding": { + "url": "https://github.com/wojtekmaj/react-pdf?sponsor=1" + }, + "peerDependencies": { + "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", + "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", + "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/react-pdf/node_modules/pdfjs-dist": { + "version": "5.3.93", + "resolved": "https://registry.npmjs.org/pdfjs-dist/-/pdfjs-dist-5.3.93.tgz", + "integrity": "sha512-w3fQKVL1oGn8FRyx5JUG5tnbblggDqyx2XzA5brsJ5hSuS+I0NdnJANhmeWKLjotdbPQucLBug5t0MeWr0AAdg==", + "license": "Apache-2.0", + "engines": { + "node": ">=20.16.0 || >=22.3.0" + }, + "optionalDependencies": { + "@napi-rs/canvas": "^0.1.71" + } + }, + "node_modules/react-photo-view": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/react-photo-view/-/react-photo-view-1.2.7.tgz", + "integrity": "sha512-MfOWVPxuibncRLaycZUNxqYU8D9IA+rbGDDaq6GM8RIoGJal592hEJoRAyRSI7ZxyyJNJTLMUWWL3UIXHJJOpw==", + "license": "Apache-2.0", + "peerDependencies": { + "react": ">=16.8.0", + "react-dom": ">=16.8.0" + } + }, + "node_modules/react-player": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/react-player/-/react-player-3.3.3.tgz", + "integrity": "sha512-6U2ziVohA3WLdKI/WEQ7v27CIive0TCNIro55lJZka06fjB2kC4lJqBrvddG0yBvTDcn1owiUf2hRNaIzHAjIg==", + "license": "MIT", + "dependencies": { + "@mux/mux-player-react": "^3.6.0", + "cloudflare-video-element": "^1.3.4", + "dash-video-element": "^0.2.0", + "hls-video-element": "^1.5.8", + "spotify-audio-element": "^1.0.3", + "tiktok-video-element": "^0.1.1", + "twitch-video-element": "^0.1.4", + "vimeo-video-element": "^1.5.5", + "wistia-video-element": "^1.3.4", + "youtube-video-element": "^1.6.2" + }, + "peerDependencies": { + "@types/react": "^17.0.0 || ^18 || ^19", + "react": "^17.0.2 || ^18 || ^19", + "react-dom": "^17.0.2 || ^18 || ^19" + } + }, "node_modules/react-remove-scroll": { "version": "2.7.1", "resolved": "https://registry.npmjs.org/react-remove-scroll/-/react-remove-scroll-2.7.1.tgz", @@ -13867,6 +15859,23 @@ } } }, + "node_modules/react-syntax-highlighter": { + "version": "15.6.6", + "resolved": "https://registry.npmjs.org/react-syntax-highlighter/-/react-syntax-highlighter-15.6.6.tgz", + "integrity": "sha512-DgXrc+AZF47+HvAPEmn7Ua/1p10jNoVZVI/LoPiYdtY+OM+/nG5yefLHKJwdKqY1adMuHFbeyBaG9j64ML7vTw==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.3.1", + "highlight.js": "^10.4.1", + "highlightjs-vue": "^1.0.0", + "lowlight": "^1.17.0", + "prismjs": "^1.30.0", + "refractor": "^3.6.0" + }, + "peerDependencies": { + "react": ">= 0.14.0" + } + }, "node_modules/react-xtermjs": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/react-xtermjs/-/react-xtermjs-1.0.10.tgz", @@ -14064,6 +16073,122 @@ "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, + "node_modules/refractor": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/refractor/-/refractor-3.6.0.tgz", + "integrity": "sha512-MY9W41IOWxxk31o+YvFCNyNzdkc9M20NoZK5vq6jkv4I/uh2zkWcfudj0Q1fovjUQJrNewS9NMzeTtqPf+n5EA==", + "license": "MIT", + "dependencies": { + "hastscript": "^6.0.0", + "parse-entities": "^2.0.0", + "prismjs": "~1.27.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/character-entities": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-1.2.4.tgz", + "integrity": "sha512-iBMyeEHxfVnIakwOuDXpVkc54HijNgCyQB2w0VfGQThle6NXn50zU6V/u+LDhxHcDUPojn6Kpga3PTAD8W1bQw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/character-entities-legacy": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-1.1.4.tgz", + "integrity": "sha512-3Xnr+7ZFS1uxeiUDvV02wQ+QDbc55o97tIV5zHScSPJpcLm/r0DFPcoY3tYRp+VZukxuMeKgXYmsXQHO05zQeA==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/character-reference-invalid": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-1.1.4.tgz", + "integrity": "sha512-mKKUkUbhPpQlCOfIuZkvSEgktjPFIsZKRRbC6KWVEMvlzblj3i3asQv5ODsrwt0N3pHAEvjP8KTQPHkp0+6jOg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/is-alphabetical": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-1.0.4.tgz", + "integrity": "sha512-DwzsA04LQ10FHTZuL0/grVDk4rFoVH1pjAToYwBrHSxcrBIGQuXrQMtD5U1b0U2XVgKZCTLLP8u2Qxqhy3l2Vg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/is-alphanumerical": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-1.0.4.tgz", + "integrity": "sha512-UzoZUr+XfVz3t3v4KyGEniVL9BDRoQtY7tOyrRybkVNjDFWyo1yhXNGrrBTQxp3ib9BLAWs7k2YKBQsFRkZG9A==", + "license": "MIT", + "dependencies": { + "is-alphabetical": "^1.0.0", + "is-decimal": "^1.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/is-decimal": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-1.0.4.tgz", + "integrity": "sha512-RGdriMmQQvZ2aqaQq3awNA6dCGtKpiDFcOzrTWrDAT2MiWrKQVPmxLGHl7Y2nNu6led0kEyoX0enY0qXYsv9zw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/is-hexadecimal": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-1.0.4.tgz", + "integrity": "sha512-gyPJuv83bHMpocVYoqof5VDiZveEoGoFL8m3BXNb2VW8Xs+rz9kqO8LOQ5DH6EsuvilT1ApazU0pyl+ytbPtlw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/parse-entities": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-2.0.0.tgz", + "integrity": "sha512-kkywGpCcRYhqQIchaWqZ875wzpS/bMKhz5HnN3p7wveJTkTtyAB/AlnS0f8DFSqYW1T82t6yEAkEcB+A1I3MbQ==", + "license": "MIT", + "dependencies": { + "character-entities": "^1.0.0", + "character-entities-legacy": "^1.0.0", + "character-reference-invalid": "^1.0.0", + "is-alphanumerical": "^1.0.0", + "is-decimal": "^1.0.0", + "is-hexadecimal": "^1.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/refractor/node_modules/prismjs": { + "version": "1.27.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.27.0.tgz", + "integrity": "sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/regenerator-runtime": { "version": "0.13.11", "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz", @@ -14071,6 +16196,72 @@ "dev": true, "license": "MIT" }, + "node_modules/remark-gfm": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/remark-gfm/-/remark-gfm-4.0.1.tgz", + "integrity": "sha512-1quofZ2RQ9EWdeN34S79+KExV1764+wCUGop5CPL1WGdD0ocPpu91lzPGbwWMECpEpd42kJGQwzRfyov9j4yNg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-gfm": "^3.0.0", + "micromark-extension-gfm": "^3.0.0", + "remark-parse": "^11.0.0", + "remark-stringify": "^11.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-parse": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-11.0.0.tgz", + "integrity": "sha512-FCxlKLNGknS5ba/1lmpYijMUzX2esxW5xQqjWxw2eHFfS2MSdaHVINFmhjo+qN1WhZhNimq0dZATN9pH0IDrpA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-from-markdown": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-rehype": { + "version": "11.1.2", + "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-11.1.2.tgz", + "integrity": "sha512-Dh7l57ianaEoIpzbp0PC9UKAdCSVklD8E5Rpw7ETfbTl3FqcOOgq5q2LVDhgGCkaBv7p24JXikPdvhhmHvKMsw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "mdast-util-to-hast": "^13.0.0", + "unified": "^11.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-stringify": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-11.0.0.tgz", + "integrity": "sha512-1OSmLd3awB/t8qdoEOMazZkNsfVTeY4fTsgzcQFdXNq8ToTN4ZGwrMnlda4K6smTFKD+GRV6O48i6Z4iKgPPpw==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-to-markdown": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, "node_modules/request": { "version": "2.88.2", "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz", @@ -14852,6 +17043,16 @@ "source-map": "^0.6.0" } }, + "node_modules/space-separated-tokens": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz", + "integrity": "sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/spdx-correct": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", @@ -14900,6 +17101,12 @@ "node": ">= 0.10.0" } }, + "node_modules/spotify-audio-element": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/spotify-audio-element/-/spotify-audio-element-1.0.3.tgz", + "integrity": "sha512-I1/qD8cg/UnTlCIMiKSdZUJTyYfYhaqFK7LIVElc48eOqUUbVCaw1bqL8I6mJzdMJTh3eoNyF/ewvB7NoS/g9A==", + "license": "MIT" + }, "node_modules/sprintf-js": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", @@ -14908,14 +17115,6 @@ "license": "BSD-3-Clause", "optional": true }, - "node_modules/sql.js": { - "version": "1.13.0", - "resolved": "https://registry.npmjs.org/sql.js/-/sql.js-1.13.0.tgz", - "integrity": "sha512-RJbVP1HRDlUUXahJ7VMTcu9Rm1Nzw+EBpoPr94vnbD4LwR715F3CcxE2G2k45PewcaZ57pjetYa+LoSJLAASgA==", - "license": "MIT", - "optional": true, - "peer": true - }, "node_modules/ssh2": { "version": "1.17.0", "resolved": "https://registry.npmjs.org/ssh2/-/ssh2-1.17.0.tgz", @@ -15064,6 +17263,20 @@ "node": ">=8" } }, + "node_modules/stringify-entities": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/stringify-entities/-/stringify-entities-4.0.4.tgz", + "integrity": "sha512-IwfBptatlO+QCJUo19AqvrPNqlVMpW9YEL2LIVY+Rpv2qsjCGxaDLNRgeGsQWJhfItebuJhsGSLjaBbNSQ+ieg==", + "license": "MIT", + "dependencies": { + "character-entities-html4": "^2.0.0", + "character-entities-legacy": "^3.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/strip-ansi": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", @@ -15160,6 +17373,24 @@ "integrity": "sha512-wnD1HyVqpJUI2+eKZ+eo1UwghftP6yuFheBqqe+bWCotBjC2K1YnteJILRMs3SM4V/0dLEW1SC27MWP5y+mwmw==", "license": "MIT" }, + "node_modules/style-to-js": { + "version": "1.1.17", + "resolved": "https://registry.npmjs.org/style-to-js/-/style-to-js-1.1.17.tgz", + "integrity": "sha512-xQcBGDxJb6jjFCTzvQtfiPn6YvvP2O8U1MDIPNfJQlWMYfktPy+iGsHE7cssjs7y84d9fQaK4UF3RIJaAHSoYA==", + "license": "MIT", + "dependencies": { + "style-to-object": "1.0.9" + } + }, + "node_modules/style-to-object": { + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-1.0.9.tgz", + "integrity": "sha512-G4qppLgKu/k6FwRpHiGiKPaPTFcG3g4wNVX/Qsfu+RqQM30E7Tyu/TEgxcL9PNLF5pdRLwQdE3YKKf+KF2Dzlw==", + "license": "MIT", + "dependencies": { + "inline-style-parser": "0.2.4" + } + }, "node_modules/sumchecker": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/sumchecker/-/sumchecker-3.0.1.tgz", @@ -15173,6 +17404,12 @@ "node": ">= 8.0" } }, + "node_modules/super-media-element": { + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/super-media-element/-/super-media-element-1.4.2.tgz", + "integrity": "sha512-9pP/CVNp4NF2MNlRzLwQkjiTgKKe9WYXrLh9+8QokWmMxz+zt2mf1utkWLco26IuA3AfVcTb//qtlTIjY3VHxA==", + "license": "MIT" + }, "node_modules/supports-color": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", @@ -15646,6 +17883,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/tiktok-video-element": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/tiktok-video-element/-/tiktok-video-element-0.1.1.tgz", + "integrity": "sha512-BaiVzvNz2UXDKTdSrXzrNf4q6Ecc+/utYUh7zdEu2jzYcJVDoqYbVfUl0bCfMoOeeAqg28vD/yN63Y3E9jOrlA==", + "license": "MIT" + }, "node_modules/timm": { "version": "1.7.1", "resolved": "https://registry.npmjs.org/timm/-/timm-1.7.1.tgz", @@ -15673,6 +17916,12 @@ "semver": "bin/semver" } }, + "node_modules/tiny-invariant": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz", + "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==", + "license": "MIT" + }, "node_modules/tinycolor2": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/tinycolor2/-/tinycolor2-1.6.0.tgz", @@ -15815,6 +18064,16 @@ "tree-kill": "cli.js" } }, + "node_modules/trim-lines": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/trim-lines/-/trim-lines-3.0.1.tgz", + "integrity": "sha512-kRj8B+YHZCc9kQYdWfJB2/oUl9rA99qbowYYBtr4ui4mZyAQ2JpvVBd/6U2YloATfqBhBTSMhTpgBHtU0Mf3Rg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/trim-repeated": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/trim-repeated/-/trim-repeated-1.0.0.tgz", @@ -15838,6 +18097,16 @@ "node": ">=0.8.0" } }, + "node_modules/trough": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/trough/-/trough-2.2.0.tgz", + "integrity": "sha512-tmMpK00BjZiUyVyvrBK7knerNgmgvcV/KLVyuma/SC+TQN167GrMRciANTz09+k3zW8L8t60jWO1GpfkZdjTaw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/truncate-utf8-bytes": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz", @@ -15939,6 +18208,12 @@ "integrity": "sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==", "license": "Unlicense" }, + "node_modules/twitch-video-element": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/twitch-video-element/-/twitch-video-element-0.1.4.tgz", + "integrity": "sha512-SDpZ4f7sZmwHF6XG5PF0KWuP18pH/kNG04MhTcpqJby7Lk/D3TS/lCYd+RSg0rIAAVi1LDgSIo1yJs9kmHlhgw==", + "license": "MIT" + }, "node_modules/type-check": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", @@ -16024,12 +18299,57 @@ "typescript": ">=4.8.4 <6.0.0" } }, + "node_modules/ua-parser-js": { + "version": "1.0.41", + "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-1.0.41.tgz", + "integrity": "sha512-LbBDqdIC5s8iROCUjMbW1f5dJQTEFB1+KO9ogbvlb3nm9n4YHa5p4KTvFPWvh2Hs8gZMBuiB1/8+pdfe/tDPug==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/ua-parser-js" + }, + { + "type": "paypal", + "url": "https://paypal.me/faisalman" + }, + { + "type": "github", + "url": "https://github.com/sponsors/faisalman" + } + ], + "license": "MIT", + "bin": { + "ua-parser-js": "script/cli.js" + }, + "engines": { + "node": "*" + } + }, "node_modules/undici-types": { "version": "7.10.0", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.10.0.tgz", "integrity": "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag==", "license": "MIT" }, + "node_modules/unified": { + "version": "11.0.5", + "resolved": "https://registry.npmjs.org/unified/-/unified-11.0.5.tgz", + "integrity": "sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "bail": "^2.0.0", + "devlop": "^1.0.0", + "extend": "^3.0.0", + "is-plain-obj": "^4.0.0", + "trough": "^2.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, "node_modules/unique-filename": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-2.0.1.tgz", @@ -16056,6 +18376,74 @@ "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, + "node_modules/unist-util-is": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-6.0.0.tgz", + "integrity": "sha512-2qCTHimwdxLfz+YzdGfkqNlH0tLi9xjTnHddPmJwtIG9MGsdbutfTc4P+haPD7l7Cjxf/WZj+we5qfVPvvxfYw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-position": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/unist-util-position/-/unist-util-position-5.0.0.tgz", + "integrity": "sha512-fucsC7HjXvkB5R3kTCO7kUjRdrS0BJt3M/FPxmHMBOm8JQi2BsHAHFsy27E0EolP8rp0NzXsJ+jNPyDWvOJZPA==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-stringify-position": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-4.0.0.tgz", + "integrity": "sha512-0ASV06AAoKCDkS2+xw5RXJywruurpbC4JZSm7nr7MOt1ojAzvyyaO+UxZf18j8FCF6kmzCZKcAgN/yu2gm2XgQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-5.0.0.tgz", + "integrity": "sha512-MR04uvD+07cwl/yhVuVWAtw+3GOR/knlL55Nd/wAdblk27GCVt3lqpTivy/tkJcZoNPzTwS1Y+KMojlLDhoTzg==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-is": "^6.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit-parents": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-6.0.1.tgz", + "integrity": "sha512-L/PqWzfTP9lzzEa6CKs0k2nARxTdZduw3zyh8d2NVBnsyvHjSX4TWse388YrrQKbvI8w20fGjGlhgT96WwKykw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-is": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, "node_modules/universalify": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", @@ -16253,6 +18641,43 @@ "node": ">=0.6.0" } }, + "node_modules/vfile": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/vfile/-/vfile-6.0.3.tgz", + "integrity": "sha512-KzIbH/9tXat2u30jf+smMwFCsno4wHVdNmzFyL+T/L3UGqqk6JKfVqOFOZEpZSHADH1k40ab6NUIXZq422ov3Q==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/vfile-message": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-4.0.3.tgz", + "integrity": "sha512-QTHzsGd1EhbZs4AsQ20JX1rC3cOlt/IWJruk893DfLRr57lcnOeMaWG4K0JrRta4mIJZKth2Au3mM3u03/JWKw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-stringify-position": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/vimeo-video-element": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/vimeo-video-element/-/vimeo-video-element-1.5.5.tgz", + "integrity": "sha512-9QVvKPPnubMNeNYHY5KZqAYerVMuVG+7PSK+6IrEUD7a/wnCGtzb8Sfxl9qNxDAL6Q8i+p+5SDoVKobCd866vw==", + "license": "MIT", + "dependencies": { + "@vimeo/player": "2.29.0" + } + }, "node_modules/vite": { "version": "7.1.5", "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.5.tgz", @@ -16391,6 +18816,15 @@ "node": ">=12.0.0" } }, + "node_modules/warning": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/warning/-/warning-4.0.3.tgz", + "integrity": "sha512-rpJyN222KWIvHJ/F53XSZv0Zl/accqHR8et1kpaMTD/fLCRxtV8iX8czMzY7sVZupTI3zcUTg8eycS2kNF9l6w==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.0.0" + } + }, "node_modules/wcwidth": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz", @@ -16401,6 +18835,15 @@ "defaults": "^1.0.3" } }, + "node_modules/weakmap-polyfill": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/weakmap-polyfill/-/weakmap-polyfill-2.0.4.tgz", + "integrity": "sha512-ZzxBf288iALJseijWelmECm/1x7ZwQn3sMYIkDr2VvZp7r6SEKuT8D0O9Wiq6L9Nl5mazrOMcmiZE/2NCenaxw==", + "license": "MIT", + "engines": { + "node": ">=8.10.0" + } + }, "node_modules/web-streams-polyfill": { "version": "3.3.3", "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz", @@ -16448,6 +18891,15 @@ "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==", "license": "ISC" }, + "node_modules/wistia-video-element": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/wistia-video-element/-/wistia-video-element-1.3.4.tgz", + "integrity": "sha512-2l22oaQe4jUfi3yvsh2m2oCEgvbqTzaSYx6aJnZAvV5hlMUJlyZheFUnaj0JU2wGlHdVGV7xNY+5KpKu+ruLYA==", + "license": "MIT", + "dependencies": { + "super-media-element": "~1.4.2" + } + }, "node_modules/word-wrap": { "version": "1.2.5", "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", @@ -16717,6 +19169,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/youtube-video-element": { + "version": "1.6.2", + "resolved": "https://registry.npmjs.org/youtube-video-element/-/youtube-video-element-1.6.2.tgz", + "integrity": "sha512-YHDIOAqgRpfl1Ois9HcB8UFtWOxK8KJrV5TXpImj4BKYP1rWT04f/fMM9tQ9SYZlBKukT7NR+9wcI3UpB5BMDQ==", + "license": "MIT" + }, "node_modules/zod": { "version": "4.1.5", "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.5.tgz", @@ -16725,6 +19183,16 @@ "funding": { "url": "https://github.com/sponsors/colinhacks" } + }, + "node_modules/zwitch": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz", + "integrity": "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } } } } diff --git a/package.json b/package.json index 37c38f52..3687d65f 100644 --- a/package.json +++ b/package.json @@ -9,9 +9,12 @@ "scripts": { "clean": "npx prettier . --write", "dev": "vite", + "dev:https": "cross-env VITE_HTTPS=true vite", "build": "vite build && tsc -p tsconfig.node.json", "build:backend": "tsc -p tsconfig.node.json", "dev:backend": "tsc -p tsconfig.node.json && node ./dist/backend/backend/starter.js", + "start": "npm run build:backend && node ./dist/backend/backend/starter.js", + "start:ssl": "npm run start", "lint": "eslint .", "preview": "vite preview", "electron": "electron .", @@ -23,6 +26,9 @@ "migrate:encryption": "tsc -p tsconfig.node.json && node ./dist/backend/backend/utils/encryption-migration.js" }, "dependencies": { + "@codemirror/autocomplete": "^6.18.7", + "@codemirror/comment": "^0.19.1", + "@codemirror/search": "^6.5.11", "@hookform/resolvers": "^5.1.1", "@monaco-editor/react": "^4.7.0", "@radix-ui/react-accordion": "^1.2.11", @@ -81,15 +87,23 @@ "nanoid": "^5.1.5", "next-themes": "^0.4.6", "node-fetch": "^3.3.2", + "pdfjs-dist": "^5.4.149", "qrcode": "^1.5.4", "react": "^19.1.0", "react-dom": "^19.1.0", + "react-h5-audio-player": "^3.10.1", "react-hook-form": "^7.60.0", "react-i18next": "^15.7.3", "react-icons": "^5.5.0", + "react-markdown": "^10.1.0", + "react-pdf": "^10.1.0", + "react-photo-view": "^1.2.7", + "react-player": "^3.3.3", "react-resizable-panels": "^3.0.3", "react-simple-keyboard": "^3.8.120", + "react-syntax-highlighter": "^15.6.6", "react-xtermjs": "^1.0.10", + "remark-gfm": "^4.0.1", "sonner": "^2.0.7", "speakeasy": "^2.0.0", "ssh2": "^1.16.0", @@ -113,6 +127,7 @@ "@vitejs/plugin-react-swc": "^3.10.2", "autoprefixer": "^10.4.21", "concurrently": "^9.2.1", + "cross-env": "^10.0.0", "electron": "^38.0.0", "electron-builder": "^26.0.12", "electron-icon-builder": "^2.0.1", diff --git a/public/pdf.worker.min.js b/public/pdf.worker.min.js new file mode 100644 index 00000000..a37494b0 --- /dev/null +++ b/public/pdf.worker.min.js @@ -0,0 +1,29 @@ +/** + * @licstart The following is the entire license notice for the + * JavaScript code in this page + * + * Copyright 2024 Mozilla Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * @licend The above is the entire license notice for the + * JavaScript code in this page + */ +/** + * pdfjsVersion = 5.3.93 + * pdfjsBuild = cbeef3233 + */ +const e=!("object"!=typeof process||process+""!="[object process]"||process.versions.nw||process.versions.electron&&process.type&&"browser"!==process.type),t=[.001,0,0,.001,0,0],a=1.35,r=.35,i=.25925925925925924,n=1,s=2,o=4,c=8,l=16,h=64,u=128,d=256,f="pdfjs_internal_editor_",g=3,p=9,m=13,b=15,y=101,w={PRINT:4,MODIFY_CONTENTS:8,COPY:16,MODIFY_ANNOTATIONS:32,FILL_INTERACTIVE_FORMS:256,COPY_FOR_ACCESSIBILITY:512,ASSEMBLE:1024,PRINT_HIGH_QUALITY:2048},x=0,S=4,k=1,C=2,v=3,F=1,T=2,O=3,M=4,D=5,R=6,N=7,E=8,L=9,j=10,_=11,U=12,X=13,q=14,H=15,W=16,z=17,$=20,G="Group",V="R",K=1,J=2,Y=4,Z=16,Q=32,ee=128,te=512,ae=1,re=2,ie=4096,ne=8192,se=32768,oe=65536,ce=131072,le=1048576,he=2097152,ue=8388608,de=16777216,fe=1,ge=2,pe=3,me=4,be=5,ye={E:"Mouse Enter",X:"Mouse Exit",D:"Mouse Down",U:"Mouse Up",Fo:"Focus",Bl:"Blur",PO:"PageOpen",PC:"PageClose",PV:"PageVisible",PI:"PageInvisible",K:"Keystroke",F:"Format",V:"Validate",C:"Calculate"},we={WC:"WillClose",WS:"WillSave",DS:"DidSave",WP:"WillPrint",DP:"DidPrint"},xe={O:"PageOpen",C:"PageClose"},Se=1,ke=5,Ae=1,Ce=2,ve=3,Fe=4,Ie=5,Te=6,Oe=7,Me=8,De=9,Be=10,Re=11,Ne=12,Ee=13,Pe=14,Le=15,je=16,_e=17,Ue=18,Xe=19,qe=20,He=21,We=22,ze=23,$e=24,Ge=25,Ve=26,Ke=27,Je=28,Ye=29,Ze=30,Qe=31,et=32,tt=33,at=34,rt=35,it=36,nt=37,st=38,ot=39,ct=40,lt=41,ht=42,ut=43,dt=44,ft=45,gt=46,pt=47,mt=48,bt=49,yt=50,wt=51,xt=52,St=53,kt=54,At=55,Ct=56,vt=57,Ft=58,It=59,Tt=60,Ot=61,Mt=62,Dt=63,Bt=64,Rt=65,Nt=66,Et=67,Pt=68,Lt=69,jt=70,_t=71,Ut=72,Xt=73,qt=74,Ht=75,Wt=76,zt=77,$t=80,Gt=81,Vt=83,Kt=84,Jt=85,Yt=86,Zt=87,Qt=88,ea=89,ta=90,aa=91,ra=92,ia=93,na=94,sa=0,oa=1,ca=2,la=3,ha=1,ua=2;let da=Se;function getVerbosityLevel(){return da}function info(e){da>=ke&&console.log(`Info: ${e}`)}function warn(e){da>=Se&&console.log(`Warning: ${e}`)}function unreachable(e){throw new Error(e)}function assert(e,t){e||unreachable(t)}function createValidAbsoluteUrl(e,t=null,a=null){if(!e)return null;if(a&&"string"==typeof e){if(a.addDefaultProtocol&&e.startsWith("www.")){const t=e.match(/\./g);t?.length>=2&&(e=`http://${e}`)}if(a.tryConvertEncoding)try{e=stringToUTF8String(e)}catch{}}const r=t?URL.parse(e,t):URL.parse(e);return function _isValidProtocol(e){switch(e?.protocol){case"http:":case"https:":case"ftp:":case"mailto:":case"tel:":return!0;default:return!1}}(r)?r:null}function shadow(e,t,a,r=!1){Object.defineProperty(e,t,{value:a,enumerable:!r,configurable:!0,writable:!1});return a}const fa=function BaseExceptionClosure(){function BaseException(e,t){this.message=e;this.name=t}BaseException.prototype=new Error;BaseException.constructor=BaseException;return BaseException}();class PasswordException extends fa{constructor(e,t){super(e,"PasswordException");this.code=t}}class UnknownErrorException extends fa{constructor(e,t){super(e,"UnknownErrorException");this.details=t}}class InvalidPDFException extends fa{constructor(e){super(e,"InvalidPDFException")}}class ResponseException extends fa{constructor(e,t,a){super(e,"ResponseException");this.status=t;this.missing=a}}class FormatError extends fa{constructor(e){super(e,"FormatError")}}class AbortException extends fa{constructor(e){super(e,"AbortException")}}function bytesToString(e){"object"==typeof e&&void 0!==e?.length||unreachable("Invalid argument for bytesToString");const t=e.length,a=8192;if(t>24&255,e>>16&255,e>>8&255,255&e)}function objectSize(e){return Object.keys(e).length}class FeatureTest{static get isLittleEndian(){return shadow(this,"isLittleEndian",function isLittleEndian(){const e=new Uint8Array(4);e[0]=1;return 1===new Uint32Array(e.buffer,0,1)[0]}())}static get isEvalSupported(){return shadow(this,"isEvalSupported",function isEvalSupported(){try{new Function("");return!0}catch{return!1}}())}static get isOffscreenCanvasSupported(){return shadow(this,"isOffscreenCanvasSupported","undefined"!=typeof OffscreenCanvas)}static get isImageDecoderSupported(){return shadow(this,"isImageDecoderSupported","undefined"!=typeof ImageDecoder)}static get platform(){const{platform:e,userAgent:t}=navigator;return shadow(this,"platform",{isAndroid:t.includes("Android"),isLinux:e.includes("Linux"),isMac:e.includes("Mac"),isWindows:e.includes("Win"),isFirefox:t.includes("Firefox")})}static get isCSSRoundSupported(){return shadow(this,"isCSSRoundSupported",globalThis.CSS?.supports?.("width: round(1.5px, 1px)"))}}const ga=Array.from(Array(256).keys(),(e=>e.toString(16).padStart(2,"0")));class Util{static makeHexColor(e,t,a){return`#${ga[e]}${ga[t]}${ga[a]}`}static scaleMinMax(e,t){let a;if(e[0]){if(e[0]<0){a=t[0];t[0]=t[2];t[2]=a}t[0]*=e[0];t[2]*=e[0];if(e[3]<0){a=t[1];t[1]=t[3];t[3]=a}t[1]*=e[3];t[3]*=e[3]}else{a=t[0];t[0]=t[1];t[1]=a;a=t[2];t[2]=t[3];t[3]=a;if(e[1]<0){a=t[1];t[1]=t[3];t[3]=a}t[1]*=e[1];t[3]*=e[1];if(e[2]<0){a=t[0];t[0]=t[2];t[2]=a}t[0]*=e[2];t[2]*=e[2]}t[0]+=e[4];t[1]+=e[5];t[2]+=e[4];t[3]+=e[5]}static transform(e,t){return[e[0]*t[0]+e[2]*t[1],e[1]*t[0]+e[3]*t[1],e[0]*t[2]+e[2]*t[3],e[1]*t[2]+e[3]*t[3],e[0]*t[4]+e[2]*t[5]+e[4],e[1]*t[4]+e[3]*t[5]+e[5]]}static applyTransform(e,t,a=0){const r=e[a],i=e[a+1];e[a]=r*t[0]+i*t[2]+t[4];e[a+1]=r*t[1]+i*t[3]+t[5]}static applyTransformToBezier(e,t,a=0){const r=t[0],i=t[1],n=t[2],s=t[3],o=t[4],c=t[5];for(let t=0;t<6;t+=2){const l=e[a+t],h=e[a+t+1];e[a+t]=l*r+h*n+o;e[a+t+1]=l*i+h*s+c}}static applyInverseTransform(e,t){const a=e[0],r=e[1],i=t[0]*t[3]-t[1]*t[2];e[0]=(a*t[3]-r*t[2]+t[2]*t[5]-t[4]*t[3])/i;e[1]=(-a*t[1]+r*t[0]+t[4]*t[1]-t[5]*t[0])/i}static axialAlignedBoundingBox(e,t,a){const r=t[0],i=t[1],n=t[2],s=t[3],o=t[4],c=t[5],l=e[0],h=e[1],u=e[2],d=e[3];let f=r*l+o,g=f,p=r*u+o,m=p,b=s*h+c,y=b,w=s*d+c,x=w;if(0!==i||0!==n){const e=i*l,t=i*u,a=n*h,r=n*d;f+=a;m+=a;p+=r;g+=r;b+=e;x+=e;w+=t;y+=t}a[0]=Math.min(a[0],f,p,g,m);a[1]=Math.min(a[1],b,w,y,x);a[2]=Math.max(a[2],f,p,g,m);a[3]=Math.max(a[3],b,w,y,x)}static inverseTransform(e){const t=e[0]*e[3]-e[1]*e[2];return[e[3]/t,-e[1]/t,-e[2]/t,e[0]/t,(e[2]*e[5]-e[4]*e[3])/t,(e[4]*e[1]-e[5]*e[0])/t]}static singularValueDecompose2dScale(e,t){const a=e[0],r=e[1],i=e[2],n=e[3],s=a**2+r**2,o=a*i+r*n,c=i**2+n**2,l=(s+c)/2,h=Math.sqrt(l**2-(s*c-o**2));t[0]=Math.sqrt(l+h||1);t[1]=Math.sqrt(l-h||1)}static normalizeRect(e){const t=e.slice(0);if(e[0]>e[2]){t[0]=e[2];t[2]=e[0]}if(e[1]>e[3]){t[1]=e[3];t[3]=e[1]}return t}static intersect(e,t){const a=Math.max(Math.min(e[0],e[2]),Math.min(t[0],t[2])),r=Math.min(Math.max(e[0],e[2]),Math.max(t[0],t[2]));if(a>r)return null;const i=Math.max(Math.min(e[1],e[3]),Math.min(t[1],t[3])),n=Math.min(Math.max(e[1],e[3]),Math.max(t[1],t[3]));return i>n?null:[a,i,r,n]}static pointBoundingBox(e,t,a){a[0]=Math.min(a[0],e);a[1]=Math.min(a[1],t);a[2]=Math.max(a[2],e);a[3]=Math.max(a[3],t)}static rectBoundingBox(e,t,a,r,i){i[0]=Math.min(i[0],e,a);i[1]=Math.min(i[1],t,r);i[2]=Math.max(i[2],e,a);i[3]=Math.max(i[3],t,r)}static#e(e,t,a,r,i,n,s,o,c,l){if(c<=0||c>=1)return;const h=1-c,u=c*c,d=u*c,f=h*(h*(h*e+3*c*t)+3*u*a)+d*r,g=h*(h*(h*i+3*c*n)+3*u*s)+d*o;l[0]=Math.min(l[0],f);l[1]=Math.min(l[1],g);l[2]=Math.max(l[2],f);l[3]=Math.max(l[3],g)}static#t(e,t,a,r,i,n,s,o,c,l,h,u){if(Math.abs(c)<1e-12){Math.abs(l)>=1e-12&&this.#e(e,t,a,r,i,n,s,o,-h/l,u);return}const d=l**2-4*h*c;if(d<0)return;const f=Math.sqrt(d),g=2*c;this.#e(e,t,a,r,i,n,s,o,(-l+f)/g,u);this.#e(e,t,a,r,i,n,s,o,(-l-f)/g,u)}static bezierBoundingBox(e,t,a,r,i,n,s,o,c){c[0]=Math.min(c[0],e,s);c[1]=Math.min(c[1],t,o);c[2]=Math.max(c[2],e,s);c[3]=Math.max(c[3],t,o);this.#t(e,a,i,s,t,r,n,o,3*(3*(a-i)-e+s),6*(e-2*a+i),3*(a-e),c);this.#t(e,a,i,s,t,r,n,o,3*(3*(r-n)-t+o),6*(t-2*r+n),3*(r-t),c)}}const pa=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,728,711,710,729,733,731,730,732,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8226,8224,8225,8230,8212,8211,402,8260,8249,8250,8722,8240,8222,8220,8221,8216,8217,8218,8482,64257,64258,321,338,352,376,381,305,322,339,353,382,0,8364];function stringToPDFString(e,t=!1){if(e[0]>="ï"){let a;if("þ"===e[0]&&"ÿ"===e[1]){a="utf-16be";e.length%2==1&&(e=e.slice(0,-1))}else if("ÿ"===e[0]&&"þ"===e[1]){a="utf-16le";e.length%2==1&&(e=e.slice(0,-1))}else"ï"===e[0]&&"»"===e[1]&&"¿"===e[2]&&(a="utf-8");if(a)try{const r=new TextDecoder(a,{fatal:!0}),i=stringToBytes(e),n=r.decode(i);return t||!n.includes("")?n:n.replaceAll(/\x1b[^\x1b]*(?:\x1b|$)/g,"")}catch(e){warn(`stringToPDFString: "${e}".`)}}const a=[];for(let r=0,i=e.length;rga[e])).join("")}"function"!=typeof Promise.try&&(Promise.try=function(e,...t){return new Promise((a=>{a(e(...t))}))});"function"!=typeof Math.sumPrecise&&(Math.sumPrecise=function(e){return e.reduce(((e,t)=>e+t),0)});const ya=Symbol("CIRCULAR_REF"),wa=Symbol("EOF");let xa=Object.create(null),Sa=Object.create(null),ka=Object.create(null);class Name{constructor(e){this.name=e}static get(e){return Sa[e]||=new Name(e)}}class Cmd{constructor(e){this.cmd=e}static get(e){return xa[e]||=new Cmd(e)}}const Aa=function nonSerializableClosure(){return Aa};class Dict{constructor(e=null){this._map=new Map;this.xref=e;this.objId=null;this.suppressEncryption=!1;this.__nonSerializable__=Aa}assignXref(e){this.xref=e}get size(){return this._map.size}get(e,t,a){let r=this._map.get(e);if(void 0===r&&void 0!==t){r=this._map.get(t);void 0===r&&void 0!==a&&(r=this._map.get(a))}return r instanceof Ref&&this.xref?this.xref.fetch(r,this.suppressEncryption):r}async getAsync(e,t,a){let r=this._map.get(e);if(void 0===r&&void 0!==t){r=this._map.get(t);void 0===r&&void 0!==a&&(r=this._map.get(a))}return r instanceof Ref&&this.xref?this.xref.fetchAsync(r,this.suppressEncryption):r}getArray(e,t,a){let r=this._map.get(e);if(void 0===r&&void 0!==t){r=this._map.get(t);void 0===r&&void 0!==a&&(r=this._map.get(a))}r instanceof Ref&&this.xref&&(r=this.xref.fetch(r,this.suppressEncryption));if(Array.isArray(r)){r=r.slice();for(let e=0,t=r.length;e{unreachable("Should not call `set` on the empty dictionary.")};return shadow(this,"empty",e)}static merge({xref:e,dictArray:t,mergeSubDicts:a=!1}){const r=new Dict(e),i=new Map;for(const e of t)if(e instanceof Dict)for(const[t,r]of e._map){let e=i.get(t);if(void 0===e){e=[];i.set(t,e)}else if(!(a&&r instanceof Dict))continue;e.push(r)}for(const[t,a]of i){if(1===a.length||!(a[0]instanceof Dict)){r._map.set(t,a[0]);continue}const i=new Dict(e);for(const e of a)for(const[t,a]of e._map)i._map.has(t)||i._map.set(t,a);i.size>0&&r._map.set(t,i)}i.clear();return r.size>0?r:Dict.empty}clone(){const e=new Dict(this.xref);for(const t of this.getKeys())e.set(t,this.getRaw(t));return e}delete(e){delete this._map[e]}}class Ref{constructor(e,t){this.num=e;this.gen=t}toString(){return 0===this.gen?`${this.num}R`:`${this.num}R${this.gen}`}static fromString(e){const t=ka[e];if(t)return t;const a=/^(\d+)R(\d*)$/.exec(e);return a&&"0"!==a[1]?ka[e]=new Ref(parseInt(a[1]),a[2]?parseInt(a[2]):0):null}static get(e,t){const a=0===t?`${e}R`:`${e}R${t}`;return ka[a]||=new Ref(e,t)}}class RefSet{constructor(e=null){this._set=new Set(e?._set)}has(e){return this._set.has(e.toString())}put(e){this._set.add(e.toString())}remove(e){this._set.delete(e.toString())}[Symbol.iterator](){return this._set.values()}clear(){this._set.clear()}}class RefSetCache{constructor(){this._map=new Map}get size(){return this._map.size}get(e){return this._map.get(e.toString())}has(e){return this._map.has(e.toString())}put(e,t){this._map.set(e.toString(),t)}putAlias(e,t){this._map.set(e.toString(),this.get(t))}[Symbol.iterator](){return this._map.values()}clear(){this._map.clear()}*values(){yield*this._map.values()}*items(){for(const[e,t]of this._map)yield[Ref.fromString(e),t]}}function isName(e,t){return e instanceof Name&&(void 0===t||e.name===t)}function isCmd(e,t){return e instanceof Cmd&&(void 0===t||e.cmd===t)}function isDict(e,t){return e instanceof Dict&&(void 0===t||isName(e.get("Type"),t))}function isRefsEqual(e,t){return e.num===t.num&&e.gen===t.gen}class BaseStream{get length(){unreachable("Abstract getter `length` accessed")}get isEmpty(){unreachable("Abstract getter `isEmpty` accessed")}get isDataLoaded(){return shadow(this,"isDataLoaded",!0)}getByte(){unreachable("Abstract method `getByte` called")}getBytes(e){unreachable("Abstract method `getBytes` called")}async getImageData(e,t){return this.getBytes(e,t)}async asyncGetBytes(){unreachable("Abstract method `asyncGetBytes` called")}get isAsync(){return!1}get isAsyncDecoder(){return!1}get canAsyncDecodeImageFromBuffer(){return!1}async getTransferableImage(){return null}peekByte(){const e=this.getByte();-1!==e&&this.pos--;return e}peekBytes(e){const t=this.getBytes(e);this.pos-=t.length;return t}getUint16(){const e=this.getByte(),t=this.getByte();return-1===e||-1===t?-1:(e<<8)+t}getInt32(){return(this.getByte()<<24)+(this.getByte()<<16)+(this.getByte()<<8)+this.getByte()}getByteRange(e,t){unreachable("Abstract method `getByteRange` called")}getString(e){return bytesToString(this.getBytes(e))}skip(e){this.pos+=e||1}reset(){unreachable("Abstract method `reset` called")}moveStart(){unreachable("Abstract method `moveStart` called")}makeSubStream(e,t,a=null){unreachable("Abstract method `makeSubStream` called")}getBaseStreams(){return null}}const Ca=/^[1-9]\.\d$/,va=2**31-1,Fa=[1,0,0,1,0,0],Ia=["ColorSpace","ExtGState","Font","Pattern","Properties","Shading","XObject"],Ta=["ExtGState","Font","Properties","XObject"];function getLookupTableFactory(e){let t;return function(){if(e){t=Object.create(null);e(t);e=null}return t}}class MissingDataException extends fa{constructor(e,t){super(`Missing data [${e}, ${t})`,"MissingDataException");this.begin=e;this.end=t}}class ParserEOFException extends fa{constructor(e){super(e,"ParserEOFException")}}class XRefEntryException extends fa{constructor(e){super(e,"XRefEntryException")}}class XRefParseException extends fa{constructor(e){super(e,"XRefParseException")}}function arrayBuffersToBytes(e){const t=e.length;if(0===t)return new Uint8Array(0);if(1===t)return new Uint8Array(e[0]);let a=0;for(let r=0;r0,"The number should be a positive integer.");const a="M".repeat(e/1e3|0)+Oa[e%1e3/100|0]+Oa[10+(e%100/10|0)]+Oa[20+e%10];return t?a.toLowerCase():a}function log2(e){return e>0?Math.ceil(Math.log2(e)):0}function readInt8(e,t){return e[t]<<24>>24}function readInt16(e,t){return(e[t]<<24|e[t+1]<<16)>>16}function readUint16(e,t){return e[t]<<8|e[t+1]}function readUint32(e,t){return(e[t]<<24|e[t+1]<<16|e[t+2]<<8|e[t+3])>>>0}function isWhiteSpace(e){return 32===e||9===e||13===e||10===e}function isNumberArray(e,t){return Array.isArray(e)?(null===t||e.length===t)&&e.every((e=>"number"==typeof e)):ArrayBuffer.isView(e)&&!(e instanceof BigInt64Array||e instanceof BigUint64Array)&&(null===t||e.length===t)}function lookupMatrix(e,t){return isNumberArray(e,6)?e:t}function lookupRect(e,t){return isNumberArray(e,4)?e:t}function lookupNormalRect(e,t){return isNumberArray(e,4)?Util.normalizeRect(e):t}function parseXFAPath(e){const t=/(.+)\[(\d+)\]$/;return e.split(".").map((e=>{const a=e.match(t);return a?{name:a[1],pos:parseInt(a[2],10)}:{name:e,pos:0}}))}function escapePDFName(e){const t=[];let a=0;for(let r=0,i=e.length;r126||35===i||40===i||41===i||60===i||62===i||91===i||93===i||123===i||125===i||47===i||37===i){a"\n"===e?"\\n":"\r"===e?"\\r":`\\${e}`))}function _collectJS(e,t,a,r){if(!e)return;let i=null;if(e instanceof Ref){if(r.has(e))return;i=e;r.put(i);e=t.fetch(e)}if(Array.isArray(e))for(const i of e)_collectJS(i,t,a,r);else if(e instanceof Dict){if(isName(e.get("S"),"JavaScript")){const t=e.get("JS");let r;t instanceof BaseStream?r=t.getString():"string"==typeof t&&(r=t);r&&=stringToPDFString(r,!0).replaceAll("\0","");r&&a.push(r)}_collectJS(e.getRaw("Next"),t,a,r)}i&&r.remove(i)}function collectActions(e,t,a){const r=Object.create(null),i=getInheritableProperty({dict:t,key:"AA",stopWhenFound:!1});if(i)for(let t=i.length-1;t>=0;t--){const n=i[t];if(n instanceof Dict)for(const t of n.getKeys()){const i=a[t];if(!i)continue;const s=[];_collectJS(n.getRaw(t),e,s,new RefSet);s.length>0&&(r[i]=s)}}if(t.has("A")){const a=[];_collectJS(t.get("A"),e,a,new RefSet);a.length>0&&(r.Action=a)}return objectSize(r)>0?r:null}const Ma={60:"<",62:">",38:"&",34:""",39:"'"};function*codePointIter(e){for(let t=0,a=e.length;t55295&&(a<57344||a>65533)&&t++;yield a}}function encodeToXmlString(e){const t=[];let a=0;for(let r=0,i=e.length;r55295&&(i<57344||i>65533)&&r++;a=r+1}}if(0===t.length)return e;a: ${e}.`);return!1}return!0}function validateCSSFont(e){const t=new Set(["100","200","300","400","500","600","700","800","900","1000","normal","bold","bolder","lighter"]),{fontFamily:a,fontWeight:r,italicAngle:i}=e;if(!validateFontName(a,!0))return!1;const n=r?r.toString():"";e.fontWeight=t.has(n)?n:"400";const s=parseFloat(i);e.italicAngle=isNaN(s)||s<-90||s>90?"14":i.toString();return!0}function recoverJsURL(e){const t=new RegExp("^\\s*("+["app.launchURL","window.open","xfa.host.gotoURL"].join("|").replaceAll(".","\\.")+")\\((?:'|\")([^'\"]*)(?:'|\")(?:,\\s*(\\w+)\\)|\\))","i").exec(e);return t?.[2]?{url:t[2],newWindow:"app.launchURL"===t[1]&&"true"===t[3]}:null}function numberToString(e){if(Number.isInteger(e))return e.toString();const t=Math.round(100*e);return t%100==0?(t/100).toString():t%10==0?e.toFixed(1):e.toFixed(2)}function getNewAnnotationsMap(e){if(!e)return null;const t=new Map;for(const[a,r]of e){if(!a.startsWith(f))continue;let e=t.get(r.pageIndex);if(!e){e=[];t.set(r.pageIndex,e)}e.push(r)}return t.size>0?t:null}function stringToAsciiOrUTF16BE(e){return function isAscii(e){return/^[\x00-\x7F]*$/.test(e)}(e)?e:stringToUTF16String(e,!0)}function stringToUTF16HexString(e){const t=[];for(let a=0,r=e.length;a>8&255],ga[255&r])}return t.join("")}function stringToUTF16String(e,t=!1){const a=[];t&&a.push("þÿ");for(let t=0,r=e.length;t>8&255),String.fromCharCode(255&r))}return a.join("")}function getRotationMatrix(e,t,a){switch(e){case 90:return[0,1,-1,0,t,0];case 180:return[-1,0,0,-1,t,a];case 270:return[0,-1,1,0,0,a];default:throw new Error("Invalid rotation")}}function getSizeInBytes(e){return Math.ceil(Math.ceil(Math.log2(1+e))/8)}class QCMS{static#a=null;static _memory=null;static _mustAddAlpha=!1;static _destBuffer=null;static _destOffset=0;static _destLength=0;static _cssColor="";static _makeHexColor=null;static get _memoryArray(){const e=this.#a;return e?.byteLength?e:this.#a=new Uint8Array(this._memory.buffer)}}let Da;const Ba="undefined"!=typeof TextDecoder?new TextDecoder("utf-8",{ignoreBOM:!0,fatal:!0}):{decode:()=>{throw Error("TextDecoder not available")}};"undefined"!=typeof TextDecoder&&Ba.decode();let Ra=null;function getUint8ArrayMemory0(){null!==Ra&&0!==Ra.byteLength||(Ra=new Uint8Array(Da.memory.buffer));return Ra}let Na=0;function passArray8ToWasm0(e,t){const a=t(1*e.length,1)>>>0;getUint8ArrayMemory0().set(e,a/1);Na=e.length;return a}const Ea=Object.freeze({RGB8:0,0:"RGB8",RGBA8:1,1:"RGBA8",BGRA8:2,2:"BGRA8",Gray8:3,3:"Gray8",GrayA8:4,4:"GrayA8",CMYK:5,5:"CMYK"}),Pa=Object.freeze({Perceptual:0,0:"Perceptual",RelativeColorimetric:1,1:"RelativeColorimetric",Saturation:2,2:"Saturation",AbsoluteColorimetric:3,3:"AbsoluteColorimetric"});function __wbg_get_imports(){const e={wbg:{}};e.wbg.__wbg_copyresult_b08ee7d273f295dd=function(e,t){!function copy_result(e,t){const{_mustAddAlpha:a,_destBuffer:r,_destOffset:i,_destLength:n,_memoryArray:s}=QCMS;if(t!==n)if(a)for(let a=e,n=e+t,o=i;a>>0,t>>>0)};e.wbg.__wbg_copyrgb_d60ce17bb05d9b67=function(e){!function copy_rgb(e){const{_destBuffer:t,_destOffset:a,_memoryArray:r}=QCMS;t[a]=r[e];t[a+1]=r[e+1];t[a+2]=r[e+2]}(e>>>0)};e.wbg.__wbg_makecssRGB_893bf0cd9fdb302d=function(e){!function make_cssRGB(e){const{_memoryArray:t}=QCMS;QCMS._cssColor=QCMS._makeHexColor(t[e],t[e+1],t[e+2])}(e>>>0)};e.wbg.__wbindgen_init_externref_table=function(){const e=Da.__wbindgen_export_0,t=e.grow(4);e.set(0,void 0);e.set(t+0,void 0);e.set(t+1,null);e.set(t+2,!0);e.set(t+3,!1)};e.wbg.__wbindgen_throw=function(e,t){throw new Error(function getStringFromWasm0(e,t){e>>>=0;return Ba.decode(getUint8ArrayMemory0().subarray(e,e+t))}(e,t))};return e}function __wbg_finalize_init(e,t){Da=e.exports;__wbg_init.__wbindgen_wasm_module=t;Ra=null;Da.__wbindgen_start();return Da}async function __wbg_init(e){if(void 0!==Da)return Da;void 0!==e&&(Object.getPrototypeOf(e)===Object.prototype?({module_or_path:e}=e):console.warn("using deprecated parameters for the initialization function; pass a single object instead"));const t=__wbg_get_imports();("string"==typeof e||"function"==typeof Request&&e instanceof Request||"function"==typeof URL&&e instanceof URL)&&(e=fetch(e));const{instance:a,module:r}=await async function __wbg_load(e,t){if("function"==typeof Response&&e instanceof Response){if("function"==typeof WebAssembly.instantiateStreaming)try{return await WebAssembly.instantiateStreaming(e,t)}catch(t){if("application/wasm"==e.headers.get("Content-Type"))throw t;console.warn("`WebAssembly.instantiateStreaming` failed because your server does not serve Wasm with `application/wasm` MIME type. Falling back to `WebAssembly.instantiate` which is slower. Original error:\n",t)}const a=await e.arrayBuffer();return await WebAssembly.instantiate(a,t)}{const a=await WebAssembly.instantiate(e,t);return a instanceof WebAssembly.Instance?{instance:a,module:e}:a}}(await e,t);return __wbg_finalize_init(a,r)}class ColorSpace{static#r=new Uint8ClampedArray(3);constructor(e,t){this.name=e;this.numComps=t}getRgb(e,t,a=new Uint8ClampedArray(3)){this.getRgbItem(e,t,a,0);return a}getRgbHex(e,t){const a=this.getRgb(e,t,ColorSpace.#r);return Util.makeHexColor(a[0],a[1],a[2])}getRgbItem(e,t,a,r){unreachable("Should not call ColorSpace.getRgbItem")}getRgbBuffer(e,t,a,r,i,n,s){unreachable("Should not call ColorSpace.getRgbBuffer")}getOutputLength(e,t){unreachable("Should not call ColorSpace.getOutputLength")}isPassthrough(e){return!1}isDefaultDecode(e,t){return ColorSpace.isDefaultDecode(e,this.numComps)}fillRgb(e,t,a,r,i,n,s,o,c){const l=t*a;let h=null;const u=1<u&&"DeviceGray"!==this.name&&"DeviceRGB"!==this.name){const t=s<=8?new Uint8Array(u):new Uint16Array(u);for(let e=0;e=.99554525?1:MathClamp(1.055*e**(1/2.4)-.055,0,1)}#b(e){return e<0?-this.#b(-e):e>8?((e+16)/116)**3:e*CalRGBCS.#d}#y(e,t,a){if(0===e[0]&&0===e[1]&&0===e[2]){a[0]=t[0];a[1]=t[1];a[2]=t[2];return}const r=this.#b(0),i=(1-r)/(1-this.#b(e[0])),n=1-i,s=(1-r)/(1-this.#b(e[1])),o=1-s,c=(1-r)/(1-this.#b(e[2])),l=1-c;a[0]=t[0]*i+n;a[1]=t[1]*s+o;a[2]=t[2]*c+l}#w(e,t,a){if(1===e[0]&&1===e[2]){a[0]=t[0];a[1]=t[1];a[2]=t[2];return}const r=a;this.#f(CalRGBCS.#n,t,r);const i=CalRGBCS.#l;this.#g(e,r,i);this.#f(CalRGBCS.#s,i,a)}#x(e,t,a){const r=a;this.#f(CalRGBCS.#n,t,r);const i=CalRGBCS.#l;this.#p(e,r,i);this.#f(CalRGBCS.#s,i,a)}#i(e,t,a,r,i){const n=MathClamp(e[t]*i,0,1),s=MathClamp(e[t+1]*i,0,1),o=MathClamp(e[t+2]*i,0,1),c=1===n?1:n**this.GR,l=1===s?1:s**this.GG,h=1===o?1:o**this.GB,u=this.MXA*c+this.MXB*l+this.MXC*h,d=this.MYA*c+this.MYB*l+this.MYC*h,f=this.MZA*c+this.MZB*l+this.MZC*h,g=CalRGBCS.#h;g[0]=u;g[1]=d;g[2]=f;const p=CalRGBCS.#u;this.#w(this.whitePoint,g,p);const m=CalRGBCS.#h;this.#y(this.blackPoint,p,m);const b=CalRGBCS.#u;this.#x(CalRGBCS.#c,m,b);const y=CalRGBCS.#h;this.#f(CalRGBCS.#o,b,y);a[r]=255*this.#m(y[0]);a[r+1]=255*this.#m(y[1]);a[r+2]=255*this.#m(y[2])}getRgbItem(e,t,a,r){this.#i(e,t,a,r,1)}getRgbBuffer(e,t,a,r,i,n,s){const o=1/((1<this.amax||this.bmin>this.bmax){info("Invalid Range, falling back to defaults");this.amin=-100;this.amax=100;this.bmin=-100;this.bmax=100}}#S(e){return e>=6/29?e**3:108/841*(e-4/29)}#k(e,t,a,r){return a+e*(r-a)/t}#i(e,t,a,r,i){let n=e[t],s=e[t+1],o=e[t+2];if(!1!==a){n=this.#k(n,a,0,100);s=this.#k(s,a,this.amin,this.amax);o=this.#k(o,a,this.bmin,this.bmax)}s>this.amax?s=this.amax:sthis.bmax?o=this.bmax:o{!function qcms_drop_transformer(e){Da.qcms_drop_transformer(e)}(e)}));constructor(e,t,a){if(!IccColorSpace.isUsable)throw new Error("No ICC color space support");super(t,a);let r;switch(a){case 1:r=Ea.Gray8;this.#C=(e,t,a)=>function qcms_convert_one(e,t,a){Da.qcms_convert_one(e,t,a)}(this.#A,255*e[t],a);break;case 3:r=Ea.RGB8;this.#C=(e,t,a)=>function qcms_convert_three(e,t,a,r,i){Da.qcms_convert_three(e,t,a,r,i)}(this.#A,255*e[t],255*e[t+1],255*e[t+2],a);break;case 4:r=Ea.CMYK;this.#C=(e,t,a)=>function qcms_convert_four(e,t,a,r,i,n){Da.qcms_convert_four(e,t,a,r,i,n)}(this.#A,255*e[t],255*e[t+1],255*e[t+2],255*e[t+3],a);break;default:throw new Error(`Unsupported number of components: ${a}`)}this.#A=function qcms_transformer_from_memory(e,t,a){const r=passArray8ToWasm0(e,Da.__wbindgen_malloc),i=Na;return Da.qcms_transformer_from_memory(r,i,t,a)>>>0}(e,r,Pa.Perceptual);if(!this.#A)throw new Error("Failed to create ICC color space");IccColorSpace.#I.register(this,this.#A)}getRgbHex(e,t){this.#C(e,t,!0);return QCMS._cssColor}getRgbItem(e,t,a,r){QCMS._destBuffer=a;QCMS._destOffset=r;QCMS._destLength=3;this.#C(e,t,!1);QCMS._destBuffer=null}getRgbBuffer(e,t,a,r,i,n,s){e=e.subarray(t,t+a*this.numComps);if(8!==n){const t=255/((1<=this.end?-1:this.bytes[this.pos++]}getBytes(e){const t=this.bytes,a=this.pos,r=this.end;if(!e)return t.subarray(a,r);let i=a+e;i>r&&(i=r);this.pos=i;return t.subarray(a,i)}getByteRange(e,t){e<0&&(e=0);t>this.end&&(t=this.end);return this.bytes.subarray(e,t)}reset(){this.pos=this.start}moveStart(){this.start=this.pos}makeSubStream(e,t,a=null){return new Stream(this.bytes.buffer,e,t,a)}}class StringStream extends Stream{constructor(e){super(stringToBytes(e))}}class NullStream extends Stream{constructor(){super(new Uint8Array(0))}}class ChunkedStream extends Stream{constructor(e,t,a){super(new Uint8Array(e),0,e,null);this.chunkSize=t;this._loadedChunks=new Set;this.numChunks=Math.ceil(e/t);this.manager=a;this.progressiveDataLength=0;this.lastSuccessfulEnsureByteChunk=-1}getMissingChunks(){const e=[];for(let t=0,a=this.numChunks;t=this.end?this.numChunks:Math.floor(t/this.chunkSize);for(let e=a;ethis.numChunks)&&t!==this.lastSuccessfulEnsureByteChunk){if(!this._loadedChunks.has(t))throw new MissingDataException(e,e+1);this.lastSuccessfulEnsureByteChunk=t}}ensureRange(e,t){if(e>=t)return;if(t<=this.progressiveDataLength)return;const a=Math.floor(e/this.chunkSize);if(a>this.numChunks)return;const r=Math.min(Math.floor((t-1)/this.chunkSize)+1,this.numChunks);for(let i=a;i=this.end)return-1;e>=this.progressiveDataLength&&this.ensureByte(e);return this.bytes[this.pos++]}getBytes(e){const t=this.bytes,a=this.pos,r=this.end;if(!e){r>this.progressiveDataLength&&this.ensureRange(a,r);return t.subarray(a,r)}let i=a+e;i>r&&(i=r);i>this.progressiveDataLength&&this.ensureRange(a,i);this.pos=i;return t.subarray(a,i)}getByteRange(e,t){e<0&&(e=0);t>this.end&&(t=this.end);t>this.progressiveDataLength&&this.ensureRange(e,t);return this.bytes.subarray(e,t)}makeSubStream(e,t,a=null){t?e+t>this.progressiveDataLength&&this.ensureRange(e,e+t):e>=this.progressiveDataLength&&this.ensureByte(e);function ChunkedStreamSubstream(){}ChunkedStreamSubstream.prototype=Object.create(this);ChunkedStreamSubstream.prototype.getMissingChunks=function(){const e=this.chunkSize,t=Math.floor(this.start/e),a=Math.floor((this.end-1)/e)+1,r=[];for(let e=t;e{const readChunk=({value:n,done:s})=>{try{if(s){const t=arrayBuffersToBytes(r);r=null;e(t);return}i+=n.byteLength;a.isStreamingSupported&&this.onProgress({loaded:i});r.push(n);a.read().then(readChunk,t)}catch(e){t(e)}};a.read().then(readChunk,t)})).then((t=>{this.aborted||this.onReceiveData({chunk:t,begin:e})}))}requestAllChunks(e=!1){if(!e){const e=this.stream.getMissingChunks();this._requestChunks(e)}return this._loadedStreamCapability.promise}_requestChunks(e){const t=this.currRequestId++,a=new Set;this._chunksNeededByRequest.set(t,a);for(const t of e)this.stream.hasChunk(t)||a.add(t);if(0===a.size)return Promise.resolve();const r=Promise.withResolvers();this._promisesByRequest.set(t,r);const i=[];for(const e of a){let a=this._requestsByChunk.get(e);if(!a){a=[];this._requestsByChunk.set(e,a);i.push(e)}a.push(t)}if(i.length>0){const e=this.groupChunks(i);for(const t of e){const e=t.beginChunk*this.chunkSize,a=Math.min(t.endChunk*this.chunkSize,this.length);this.sendRequest(e,a).catch(r.reject)}}return r.promise.catch((e=>{if(!this.aborted)throw e}))}getStream(){return this.stream}requestRange(e,t){t=Math.min(t,this.length);const a=this.getBeginChunk(e),r=this.getEndChunk(t),i=[];for(let e=a;ee-t));return this._requestChunks(t)}groupChunks(e){const t=[];let a=-1,r=-1;for(let i=0,n=e.length;i=0&&r+1!==n){t.push({beginChunk:a,endChunk:r+1});a=n}i+1===e.length&&t.push({beginChunk:a,endChunk:n+1});r=n}return t}onProgress(e){this.msgHandler.send("DocProgress",{loaded:this.stream.numChunksLoaded*this.chunkSize+e.loaded,total:this.length})}onReceiveData(e){const t=e.chunk,a=void 0===e.begin,r=a?this.progressiveDataLength:e.begin,i=r+t.byteLength,n=Math.floor(r/this.chunkSize),s=i0||o.push(a)}}}if(!this.disableAutoFetch&&0===this._requestsByChunk.size){let e;if(1===this.stream.numChunksLoaded){const t=this.stream.numChunks-1;this.stream.hasChunk(t)||(e=t)}else e=this.stream.nextEmptyChunk(s);Number.isInteger(e)&&this._requestChunks([e])}for(const e of o){const t=this._promisesByRequest.get(e);this._promisesByRequest.delete(e);t.resolve()}this.msgHandler.send("DocProgress",{loaded:this.stream.numChunksLoaded*this.chunkSize,total:this.length})}onError(e){this._loadedStreamCapability.reject(e)}getBeginChunk(e){return Math.floor(e/this.chunkSize)}getEndChunk(e){return Math.floor((e-1)/this.chunkSize)+1}abort(e){this.aborted=!0;this.pdfNetworkStream?.cancelAllRequests(e);for(const t of this._promisesByRequest.values())t.reject(e)}}function convertToRGBA(e){switch(e.kind){case k:return convertBlackAndWhiteToRGBA(e);case C:return function convertRGBToRGBA({src:e,srcPos:t=0,dest:a,destPos:r=0,width:i,height:n}){let s=0;const o=i*n*3,c=o>>2,l=new Uint32Array(e.buffer,t,c);if(FeatureTest.isLittleEndian){for(;s>>24|t<<8|4278190080;a[r+2]=t>>>16|i<<16|4278190080;a[r+3]=i>>>8|4278190080}for(let i=4*s,n=t+o;i>>8|255;a[r+2]=t<<16|i>>>16|255;a[r+3]=i<<8|255}for(let i=4*s,n=t+o;i>3,u=7&r,d=e.length;a=new Uint32Array(a.buffer);let f=0;for(let r=0;ra||t>a)return!0;const r=e*t;if(this._hasMaxArea)return r>this.MAX_AREA;if(r(this.MAX_AREA=this.#O**2)}static getReducePowerForJPX(e,t,a){const r=e*t,i=2**30/(4*a);if(!this.needsToBeResized(e,t))return r>i?Math.ceil(Math.log2(r/i)):0;const{MAX_DIM:n,MAX_AREA:s}=this,o=Math.max(e/n,t/n,Math.sqrt(r/Math.min(i,s)));return Math.ceil(Math.log2(o))}static get MAX_DIM(){return shadow(this,"MAX_DIM",this._guessMax(2048,65537,0,1))}static get MAX_AREA(){this._hasMaxArea=!0;return shadow(this,"MAX_AREA",this._guessMax(this.#O,this.MAX_DIM,128,0)**2)}static set MAX_AREA(e){if(e>=0){this._hasMaxArea=!0;shadow(this,"MAX_AREA",e)}}static setOptions({canvasMaxAreaInBytes:e=-1,isImageDecoderSupported:t=!1}){this._hasMaxArea||(this.MAX_AREA=e>>2);this.#M=t}static _areGoodDims(e,t){try{const a=new OffscreenCanvas(e,t),r=a.getContext("2d");r.fillRect(0,0,1,1);const i=r.getImageData(0,0,1,1).data[3];a.width=a.height=1;return 0!==i}catch{return!1}}static _guessMax(e,t,a,r){for(;e+a+1va){const e=this.#D();if(e)return e}const r=this._encodeBMP();let i,n;if(await ImageResizer.canUseImageDecoder){i=new ImageDecoder({data:r,type:"image/bmp",preferAnimation:!1,transfer:[r.buffer]});n=i.decode().catch((e=>{warn(`BMP image decoding failed: ${e}`);return createImageBitmap(new Blob([this._encodeBMP().buffer],{type:"image/bmp"}))})).finally((()=>{i.close()}))}else n=createImageBitmap(new Blob([r.buffer],{type:"image/bmp"}));const{MAX_AREA:s,MAX_DIM:o}=ImageResizer,c=Math.max(t/o,a/o,Math.sqrt(t*a/s)),l=Math.max(c,2),h=Math.round(10*(c+1.25))/10/l,u=Math.floor(Math.log2(h)),d=new Array(u+2).fill(2);d[0]=l;d.splice(-1,1,h/(1<>s,c=r>>s;let l,h=r;try{l=new Uint8Array(n)}catch{let e=Math.floor(Math.log2(n+1));for(;;)try{l=new Uint8Array(2**e-1);break}catch{e-=1}h=Math.floor((2**e-1)/(4*a));const t=a*h*4;t>s;e>3,s=a+3&-4;if(a!==s){const e=new Uint8Array(s*t);let r=0;for(let n=0,o=t*a;ni&&(r=i)}else{for(;!this.eof;)this.readBlock(t);r=this.bufferLength}this.pos=r;return this.buffer.subarray(a,r)}async getImageData(e,t){if(!this.canAsyncDecodeImageFromBuffer)return this.isAsyncDecoder?this.decodeImage(null,t):this.getBytes(e,t);const a=await this.stream.asyncGetBytes();return this.decodeImage(a,t)}reset(){this.pos=0}makeSubStream(e,t,a=null){if(void 0===t)for(;!this.eof;)this.readBlock();else{const a=e+t;for(;this.bufferLength<=a&&!this.eof;)this.readBlock()}return new Stream(this.buffer,e,t,a)}getBaseStreams(){return this.str?this.str.getBaseStreams():null}}class StreamsSequenceStream extends DecodeStream{constructor(e,t=null){e=e.filter((e=>e instanceof BaseStream));let a=0;for(const t of e)a+=t instanceof DecodeStream?t._rawMinBufferLength:t.length;super(a);this.streams=e;this._onError=t}readBlock(){const e=this.streams;if(0===e.length){this.eof=!0;return}const t=e.shift();let a;try{a=t.getBytes()}catch(e){if(this._onError){this._onError(e,t.dict?.objId);return}throw e}const r=this.bufferLength,i=r+a.length;this.ensureBuffer(i).set(a,r);this.bufferLength=i}getBaseStreams(){const e=[];for(const t of this.streams){const a=t.getBaseStreams();a&&e.push(...a)}return e.length>0?e:null}}class ColorSpaceUtils{static parse({cs:e,xref:t,resources:a=null,pdfFunctionFactory:r,globalColorSpaceCache:i,localColorSpaceCache:n,asyncIfNotCached:s=!1}){const o={xref:t,resources:a,pdfFunctionFactory:r,globalColorSpaceCache:i,localColorSpaceCache:n};let c,l,h;if(e instanceof Ref){l=e;const a=i.getByRef(l)||n.getByRef(l);if(a)return a;e=t.fetch(e)}if(e instanceof Name){c=e.name;const t=n.getByName(c);if(t)return t}try{h=this.#B(e,o)}catch(e){if(s&&!(e instanceof MissingDataException))return Promise.reject(e);throw e}if(c||l){n.set(c,l,h);l&&i.set(null,l,h)}return s?Promise.resolve(h):h}static#R(e,t){const{globalColorSpaceCache:a}=t;let r;if(e instanceof Ref){r=e;const t=a.getByRef(r);if(t)return t}const i=this.#B(e,t);r&&a.set(null,r,i);return i}static#B(e,t){const{xref:a,resources:r,pdfFunctionFactory:i,globalColorSpaceCache:n}=t;if((e=a.fetchIfRef(e))instanceof Name)switch(e.name){case"G":case"DeviceGray":return this.gray;case"RGB":case"DeviceRGB":return this.rgb;case"DeviceRGBA":return this.rgba;case"CMYK":case"DeviceCMYK":return this.cmyk;case"Pattern":return new PatternCS(null);default:if(r instanceof Dict){const a=r.get("ColorSpace");if(a instanceof Dict){const r=a.get(e.name);if(r){if(r instanceof Name)return this.#B(r,t);e=r;break}}}warn(`Unrecognized ColorSpace: ${e.name}`);return this.gray}if(Array.isArray(e)){const r=a.fetchIfRef(e[0]).name;let s,o,c,l,h,u;switch(r){case"G":case"DeviceGray":return this.gray;case"RGB":case"DeviceRGB":return this.rgb;case"CMYK":case"DeviceCMYK":return this.cmyk;case"CalGray":s=a.fetchIfRef(e[1]);l=s.getArray("WhitePoint");h=s.getArray("BlackPoint");u=s.get("Gamma");return new CalGrayCS(l,h,u);case"CalRGB":s=a.fetchIfRef(e[1]);l=s.getArray("WhitePoint");h=s.getArray("BlackPoint");u=s.getArray("Gamma");const d=s.getArray("Matrix");return new CalRGBCS(l,h,u,d);case"ICCBased":const f=e[1]instanceof Ref;if(f){const t=n.getByRef(e[1]);if(t)return t}const g=a.fetchIfRef(e[1]),p=g.dict;o=p.get("N");if(IccColorSpace.isUsable)try{const t=new IccColorSpace(g.getBytes(),"ICCBased",o);f&&n.set(null,e[1],t);return t}catch(t){if(t instanceof MissingDataException)throw t;warn(`ICCBased color space (${e[1]}): "${t}".`)}const m=p.getRaw("Alternate");if(m){const e=this.#R(m,t);if(e.numComps===o)return e;warn("ICCBased color space: Ignoring incorrect /Alternate entry.")}if(1===o)return this.gray;if(3===o)return this.rgb;if(4===o)return this.cmyk;break;case"Pattern":c=e[1]||null;c&&(c=this.#R(c,t));return new PatternCS(c);case"I":case"Indexed":c=this.#R(e[1],t);const b=MathClamp(a.fetchIfRef(e[2]),0,255),y=a.fetchIfRef(e[3]);return new IndexedCS(c,b,y);case"Separation":case"DeviceN":const w=a.fetchIfRef(e[1]);o=Array.isArray(w)?w.length:1;c=this.#R(e[2],t);const x=i.create(e[3]);return new AlternateCS(o,c,x);case"Lab":s=a.fetchIfRef(e[1]);l=s.getArray("WhitePoint");h=s.getArray("BlackPoint");const S=s.getArray("Range");return new LabCS(l,h,S);default:warn(`Unimplemented ColorSpace object: ${r}`);return this.gray}}warn(`Unrecognized ColorSpace object: ${e}`);return this.gray}static get gray(){return shadow(this,"gray",new DeviceGrayCS)}static get rgb(){return shadow(this,"rgb",new DeviceRgbCS)}static get rgba(){return shadow(this,"rgba",new DeviceRgbaCS)}static get cmyk(){if(CmykICCBasedCS.isUsable)try{return shadow(this,"cmyk",new CmykICCBasedCS)}catch{warn("CMYK fallback: DeviceCMYK")}return shadow(this,"cmyk",new DeviceCmykCS)}}class JpegError extends fa{constructor(e){super(e,"JpegError")}}class DNLMarkerError extends fa{constructor(e,t){super(e,"DNLMarkerError");this.scanLines=t}}class EOIMarkerError extends fa{constructor(e){super(e,"EOIMarkerError")}}const ja=new Uint8Array([0,1,8,16,9,2,3,10,17,24,32,25,18,11,4,5,12,19,26,33,40,48,41,34,27,20,13,6,7,14,21,28,35,42,49,56,57,50,43,36,29,22,15,23,30,37,44,51,58,59,52,45,38,31,39,46,53,60,61,54,47,55,62,63]),_a=4017,Ua=799,Xa=3406,qa=2276,Ha=1567,Wa=3784,za=5793,$a=2896;function buildHuffmanTable(e,t){let a,r,i=0,n=16;for(;n>0&&!e[n-1];)n--;const s=[{children:[],index:0}];let o,c=s[0];for(a=0;a0;)c=s.pop();c.index++;s.push(c);for(;s.length<=a;){s.push(o={children:[],index:0});c.children[c.index]=o.children;c=o}i++}if(a+10){g--;return f>>g&1}f=e[t++];if(255===f){const r=e[t++];if(r){if(220===r&&l){const r=readUint16(e,t+=2);t+=2;if(r>0&&r!==a.scanLines)throw new DNLMarkerError("Found DNL marker (0xFFDC) while parsing scan data",r)}else if(217===r){if(l){const e=y*(8===a.precision?8:0);if(e>0&&Math.round(a.scanLines/e)>=5)throw new DNLMarkerError("Found EOI marker (0xFFD9) while parsing scan data, possibly caused by incorrect `scanLines` parameter",e)}throw new EOIMarkerError("Found EOI marker (0xFFD9) while parsing scan data")}throw new JpegError(`unexpected marker ${(f<<8|r).toString(16)}`)}}g=7;return f>>>7}function decodeHuffman(e){let t=e;for(;;){t=t[readBit()];switch(typeof t){case"number":return t;case"object":continue}throw new JpegError("invalid huffman sequence")}}function receive(e){let t=0;for(;e>0;){t=t<<1|readBit();e--}return t}function receiveAndExtend(e){if(1===e)return 1===readBit()?1:-1;const t=receive(e);return t>=1<0){p--;return}let a=n;const r=s;for(;a<=r;){const r=decodeHuffman(e.huffmanTableAC),i=15&r,n=r>>4;if(0===i){if(n<15){p=receive(n)+(1<>4;if(0===i)if(l<15){p=receive(l)+(1<>4;if(0===r){if(n<15)break;i+=16;continue}i+=n;const s=ja[i];e.blockData[t+s]=receiveAndExtend(r);i++}};let T,O=0;const M=1===w?r[0].blocksPerLine*r[0].blocksPerColumn:h*a.mcusPerColumn;let D,R;for(;O<=M;){const a=i?Math.min(M-O,i):M;if(a>0){for(S=0;S0?"unexpected":"excessive"} MCU data, current marker is: ${T.invalid}`);t=T.offset}if(!(T.marker>=65488&&T.marker<=65495))break;t+=2}return t-d}function quantizeAndInverse(e,t,a){const r=e.quantizationTable,i=e.blockData;let n,s,o,c,l,h,u,d,f,g,p,m,b,y,w,x,S;if(!r)throw new JpegError("missing required Quantization Table.");for(let e=0;e<64;e+=8){f=i[t+e];g=i[t+e+1];p=i[t+e+2];m=i[t+e+3];b=i[t+e+4];y=i[t+e+5];w=i[t+e+6];x=i[t+e+7];f*=r[e];if(g|p|m|b|y|w|x){g*=r[e+1];p*=r[e+2];m*=r[e+3];b*=r[e+4];y*=r[e+5];w*=r[e+6];x*=r[e+7];n=za*f+128>>8;s=za*b+128>>8;o=p;c=w;l=$a*(g-x)+128>>8;d=$a*(g+x)+128>>8;h=m<<4;u=y<<4;n=n+s+1>>1;s=n-s;S=o*Wa+c*Ha+128>>8;o=o*Ha-c*Wa+128>>8;c=S;l=l+u+1>>1;u=l-u;d=d+h+1>>1;h=d-h;n=n+c+1>>1;c=n-c;s=s+o+1>>1;o=s-o;S=l*qa+d*Xa+2048>>12;l=l*Xa-d*qa+2048>>12;d=S;S=h*Ua+u*_a+2048>>12;h=h*_a-u*Ua+2048>>12;u=S;a[e]=n+d;a[e+7]=n-d;a[e+1]=s+u;a[e+6]=s-u;a[e+2]=o+h;a[e+5]=o-h;a[e+3]=c+l;a[e+4]=c-l}else{S=za*f+512>>10;a[e]=S;a[e+1]=S;a[e+2]=S;a[e+3]=S;a[e+4]=S;a[e+5]=S;a[e+6]=S;a[e+7]=S}}for(let e=0;e<8;++e){f=a[e];g=a[e+8];p=a[e+16];m=a[e+24];b=a[e+32];y=a[e+40];w=a[e+48];x=a[e+56];if(g|p|m|b|y|w|x){n=za*f+2048>>12;s=za*b+2048>>12;o=p;c=w;l=$a*(g-x)+2048>>12;d=$a*(g+x)+2048>>12;h=m;u=y;n=4112+(n+s+1>>1);s=n-s;S=o*Wa+c*Ha+2048>>12;o=o*Ha-c*Wa+2048>>12;c=S;l=l+u+1>>1;u=l-u;d=d+h+1>>1;h=d-h;n=n+c+1>>1;c=n-c;s=s+o+1>>1;o=s-o;S=l*qa+d*Xa+2048>>12;l=l*Xa-d*qa+2048>>12;d=S;S=h*Ua+u*_a+2048>>12;h=h*_a-u*Ua+2048>>12;u=S;f=n+d;x=n-d;g=s+u;w=s-u;p=o+h;y=o-h;m=c+l;b=c-l;f<16?f=0:f>=4080?f=255:f>>=4;g<16?g=0:g>=4080?g=255:g>>=4;p<16?p=0:p>=4080?p=255:p>>=4;m<16?m=0:m>=4080?m=255:m>>=4;b<16?b=0:b>=4080?b=255:b>>=4;y<16?y=0:y>=4080?y=255:y>>=4;w<16?w=0:w>=4080?w=255:w>>=4;x<16?x=0:x>=4080?x=255:x>>=4;i[t+e]=f;i[t+e+8]=g;i[t+e+16]=p;i[t+e+24]=m;i[t+e+32]=b;i[t+e+40]=y;i[t+e+48]=w;i[t+e+56]=x}else{S=za*f+8192>>14;S=S<-2040?0:S>=2024?255:S+2056>>4;i[t+e]=S;i[t+e+8]=S;i[t+e+16]=S;i[t+e+24]=S;i[t+e+32]=S;i[t+e+40]=S;i[t+e+48]=S;i[t+e+56]=S}}}function buildComponentData(e,t){const a=t.blocksPerLine,r=t.blocksPerColumn,i=new Int16Array(64);for(let e=0;e=r)return null;const n=readUint16(e,t);if(n>=65472&&n<=65534)return{invalid:null,marker:n,offset:t};let s=readUint16(e,i);for(;!(s>=65472&&s<=65534);){if(++i>=r)return null;s=readUint16(e,i)}return{invalid:n.toString(16),marker:s,offset:i}}function prepareComponents(e){const t=Math.ceil(e.samplesPerLine/8/e.maxH),a=Math.ceil(e.scanLines/8/e.maxV);for(const r of e.components){const i=Math.ceil(Math.ceil(e.samplesPerLine/8)*r.h/e.maxH),n=Math.ceil(Math.ceil(e.scanLines/8)*r.v/e.maxV),s=t*r.h,o=64*(a*r.v)*(s+1);r.blockData=new Int16Array(o);r.blocksPerLine=i;r.blocksPerColumn=n}e.mcusPerLine=t;e.mcusPerColumn=a}function readDataBlock(e,t){const a=readUint16(e,t);let r=(t+=2)+a-2;const i=findNextFileMarker(e,r,t);if(i?.invalid){warn("readDataBlock - incorrect length, current marker is: "+i.invalid);r=i.offset}const n=e.subarray(t,r);return{appData:n,oldOffset:t,newOffset:t+n.length}}function skipData(e,t){const a=readUint16(e,t),r=(t+=2)+a-2,i=findNextFileMarker(e,r,t);return i?.invalid?i.offset:r}class JpegImage{constructor({decodeTransform:e=null,colorTransform:t=-1}={}){this._decodeTransform=e;this._colorTransform=t}static canUseImageDecoder(e,t=-1){let a=null,r=0,i=null,n=readUint16(e,r);r+=2;if(65496!==n)throw new JpegError("SOI not found");n=readUint16(e,r);r+=2;e:for(;65497!==n;){switch(n){case 65505:const{appData:t,oldOffset:s,newOffset:o}=readDataBlock(e,r);r=o;if(69===t[0]&&120===t[1]&&105===t[2]&&102===t[3]&&0===t[4]&&0===t[5]){if(a)throw new JpegError("Duplicate EXIF-blocks found.");a={exifStart:s+6,exifEnd:o}}n=readUint16(e,r);r+=2;continue;case 65472:case 65473:case 65474:i=e[r+7];break e;case 65535:255!==e[r]&&r--}r=skipData(e,r);n=readUint16(e,r);r+=2}return 4===i||3===i&&0===t?null:a||{}}parse(e,{dnlScanLines:t=null}={}){let a,r,i=0,n=null,s=null,o=0;const c=[],l=[],h=[];let u=readUint16(e,i);i+=2;if(65496!==u)throw new JpegError("SOI not found");u=readUint16(e,i);i+=2;e:for(;65497!==u;){let d,f,g;switch(u){case 65504:case 65505:case 65506:case 65507:case 65508:case 65509:case 65510:case 65511:case 65512:case 65513:case 65514:case 65515:case 65516:case 65517:case 65518:case 65519:case 65534:const{appData:p,newOffset:m}=readDataBlock(e,i);i=m;65504===u&&74===p[0]&&70===p[1]&&73===p[2]&&70===p[3]&&0===p[4]&&(n={version:{major:p[5],minor:p[6]},densityUnits:p[7],xDensity:p[8]<<8|p[9],yDensity:p[10]<<8|p[11],thumbWidth:p[12],thumbHeight:p[13],thumbData:p.subarray(14,14+3*p[12]*p[13])});65518===u&&65===p[0]&&100===p[1]&&111===p[2]&&98===p[3]&&101===p[4]&&(s={version:p[5]<<8|p[6],flags0:p[7]<<8|p[8],flags1:p[9]<<8|p[10],transformCode:p[11]});break;case 65499:const b=readUint16(e,i);i+=2;const y=b+i-2;let w;for(;i>4){if(t>>4!=1)throw new JpegError("DQT - invalid table spec");for(f=0;f<64;f++){w=ja[f];a[w]=readUint16(e,i);i+=2}}else for(f=0;f<64;f++){w=ja[f];a[w]=e[i++]}c[15&t]=a}break;case 65472:case 65473:case 65474:if(a)throw new JpegError("Only single frame JPEGs supported");i+=2;a={};a.extended=65473===u;a.progressive=65474===u;a.precision=e[i++];const x=readUint16(e,i);i+=2;a.scanLines=t||x;a.samplesPerLine=readUint16(e,i);i+=2;a.components=[];a.componentIds={};const S=e[i++];let k=0,C=0;for(d=0;d>4,n=15&e[i+1];k>4?l:h)[15&t]=buildHuffmanTable(a,n)}break;case 65501:i+=2;r=readUint16(e,i);i+=2;break;case 65498:const F=1==++o&&!t;i+=2;const T=e[i++],O=[];for(d=0;d>4];n.huffmanTableAC=l[15&s];O.push(n)}const M=e[i++],D=e[i++],R=e[i++];try{i+=decodeScan(e,i,a,O,r,M,D,R>>4,15&R,F)}catch(t){if(t instanceof DNLMarkerError){warn(`${t.message} -- attempting to re-parse the JPEG image.`);return this.parse(e,{dnlScanLines:t.scanLines})}if(t instanceof EOIMarkerError){warn(`${t.message} -- ignoring the rest of the image data.`);break e}throw t}break;case 65500:i+=4;break;case 65535:255!==e[i]&&i--;break;default:const N=findNextFileMarker(e,i-2,i-3);if(N?.invalid){warn("JpegImage.parse - unexpected data, current marker is: "+N.invalid);i=N.offset;break}if(!N||i>=e.length-1){warn("JpegImage.parse - reached the end of the image data without finding an EOI marker (0xFFD9).");break e}throw new JpegError("JpegImage.parse - unknown marker: "+u.toString(16))}u=readUint16(e,i);i+=2}if(!a)throw new JpegError("JpegImage.parse - no frame data found.");this.width=a.samplesPerLine;this.height=a.scanLines;this.jfif=n;this.adobe=s;this.components=[];for(const e of a.components){const t=c[e.quantizationId];t&&(e.quantizationTable=t);this.components.push({index:e.index,output:buildComponentData(0,e),scaleX:e.h/a.maxH,scaleY:e.v/a.maxV,blocksPerLine:e.blocksPerLine,blocksPerColumn:e.blocksPerColumn})}this.numComponents=this.components.length}_getLinearizedBlockData(e,t,a=!1){const r=this.width/e,i=this.height/t;let n,s,o,c,l,h,u,d,f,g,p,m=0;const b=this.components.length,y=e*t*b,w=new Uint8ClampedArray(y),x=new Uint32Array(e),S=4294967288;let k;for(u=0;u>8)+C[f+1];return w}get _isColorConversionNeeded(){return this.adobe?!!this.adobe.transformCode:3===this.numComponents?0!==this._colorTransform&&(82!==this.components[0].index||71!==this.components[1].index||66!==this.components[2].index):1===this._colorTransform}_convertYccToRgb(e){let t,a,r;for(let i=0,n=e.length;i4)throw new JpegError("Unsupported color mode");const n=this._getLinearizedBlockData(e,t,i);if(1===this.numComponents&&(a||r)){const e=n.length*(a?4:3),t=new Uint8ClampedArray(e);let r=0;if(a)!function grayToRGBA(e,t){if(FeatureTest.isLittleEndian)for(let a=0,r=e.length;a0&&(e=e.subarray(t));break}return e}decodeImage(e){if(this.eof)return this.buffer;e=this.#N(e||this.bytes);const t=new JpegImage(this.jpegOptions);t.parse(e);const a=t.getData({width:this.drawWidth,height:this.drawHeight,forceRGBA:this.forceRGBA,forceRGB:this.forceRGB,isSourcePDF:!0});this.buffer=a;this.bufferLength=a.length;this.eof=!0;return this.buffer}get canAsyncDecodeImageFromBuffer(){return this.stream.isAsync}async getTransferableImage(){if(!await JpegStream.canUseImageDecoder)return null;const e=this.jpegOptions;if(e.decodeTransform)return null;let t;try{const a=this.canAsyncDecodeImageFromBuffer&&await this.stream.asyncGetBytes()||this.bytes;if(!a)return null;let r=this.#N(a);const i=JpegImage.canUseImageDecoder(r,e.colorTransform);if(!i)return null;if(i.exifStart){r=r.slice();r.fill(0,i.exifStart,i.exifEnd)}t=new ImageDecoder({data:r,type:"image/jpeg",preferAnimation:!1});return(await t.decode()).image}catch(e){warn(`getTransferableImage - failed: "${e}".`);return null}finally{t?.close()}}}var OpenJPEG=async function(e={}){var t,a,r=e,i=new Promise(((e,r)=>{t=e;a=r})),n="./this.program",quit_=(e,t)=>{throw t},s=import.meta.url;try{new URL(".",s).href}catch{}var o,c,l,h,u,d,f=console.log.bind(console),g=console.error.bind(console),p=!1;function updateMemoryViews(){var e=o.buffer;l=new Int8Array(e);new Int16Array(e);h=new Uint8Array(e);new Uint16Array(e);u=new Int32Array(e);d=new Uint32Array(e);new Float32Array(e);new Float64Array(e);new BigInt64Array(e);new BigUint64Array(e)}var m=0,b=null;class ExitStatus{name="ExitStatus";constructor(e){this.message=`Program terminated with exit(${e})`;this.status=e}}var callRuntimeCallbacks=e=>{for(;e.length>0;)e.shift()(r)},y=[],addOnPostRun=e=>y.push(e),w=[],addOnPreRun=e=>w.push(e),x=!0,S=0,k={},handleException=e=>{if(e instanceof ExitStatus||"unwind"==e)return c;quit_(0,e)},keepRuntimeAlive=()=>x||S>0,_proc_exit=e=>{c=e;if(!keepRuntimeAlive()){r.onExit?.(e);p=!0}quit_(0,new ExitStatus(e))},_exit=(e,t)=>{c=e;_proc_exit(e)},callUserCallback=e=>{if(!p)try{e();(()=>{if(!keepRuntimeAlive())try{_exit(c)}catch(e){handleException(e)}})()}catch(e){handleException(e)}},growMemory=e=>{var t=(e-o.buffer.byteLength+65535)/65536|0;try{o.grow(t);updateMemoryViews();return 1}catch(e){}},C={},getEnvStrings=()=>{if(!getEnvStrings.strings){var e={USER:"web_user",LOGNAME:"web_user",PATH:"/",PWD:"/",HOME:"/home/web_user",LANG:("object"==typeof navigator&&navigator.languages&&navigator.languages[0]||"C").replace("-","_")+".UTF-8",_:n||"./this.program"};for(var t in C)void 0===C[t]?delete e[t]:e[t]=C[t];var a=[];for(var t in e)a.push(`${t}=${e[t]}`);getEnvStrings.strings=a}return getEnvStrings.strings},lengthBytesUTF8=e=>{for(var t=0,a=0;a=55296&&r<=57343){t+=4;++a}else t+=3}return t},v=[null,[],[]],F="undefined"!=typeof TextDecoder?new TextDecoder:void 0,UTF8ArrayToString=(e,t=0,a=NaN)=>{for(var r=t+a,i=t;e[i]&&!(i>=r);)++i;if(i-t>16&&e.buffer&&F)return F.decode(e.subarray(t,i));for(var n="";t>10,56320|1023&l)}}else n+=String.fromCharCode((31&s)<<6|o)}else n+=String.fromCharCode(s)}return n},printChar=(e,t)=>{var a=v[e];if(0===t||10===t){(1===e?f:g)(UTF8ArrayToString(a));a.length=0}else a.push(t)},UTF8ToString=(e,t)=>e?UTF8ArrayToString(h,e,t):"";r.noExitRuntime&&(x=r.noExitRuntime);r.print&&(f=r.print);r.printErr&&(g=r.printErr);r.wasmBinary&&r.wasmBinary;r.arguments&&r.arguments;r.thisProgram&&(n=r.thisProgram);r.writeArrayToMemory=(e,t)=>{l.set(e,t)};var T={l:()=>function abort(e){r.onAbort?.(e);g(e="Aborted("+e+")");p=!0;e+=". Build with -sASSERTIONS for more info.";var t=new WebAssembly.RuntimeError(e);a(t);throw t}(""),k:()=>{x=!1;S=0},m:(e,t)=>{if(k[e]){clearTimeout(k[e].id);delete k[e]}if(!t)return 0;var a=setTimeout((()=>{delete k[e];callUserCallback((()=>M(e,performance.now())))}),t);k[e]={id:a,timeout_ms:t};return 0},g:function _copy_pixels_1(e,t){e>>=2;const a=r.imageData=new Uint8ClampedArray(t),i=u.subarray(e,e+t);a.set(i)},f:function _copy_pixels_3(e,t,a,i){e>>=2;t>>=2;a>>=2;const n=r.imageData=new Uint8ClampedArray(3*i),s=u.subarray(e,e+i),o=u.subarray(t,t+i),c=u.subarray(a,a+i);for(let e=0;e>=2;t>>=2;a>>=2;i>>=2;const s=r.imageData=new Uint8ClampedArray(4*n),o=u.subarray(e,e+n),c=u.subarray(t,t+n),l=u.subarray(a,a+n),h=u.subarray(i,i+n);for(let e=0;e{var t,a,r=h.length,i=2147483648;if((e>>>=0)>i)return!1;for(var n=1;n<=4;n*=2){var s=r*(1+.2/n);s=Math.min(s,e+100663296);var o=Math.min(i,(t=Math.max(e,s),a=65536,Math.ceil(t/a)*a));if(growMemory(o))return!0}return!1},p:(e,t)=>{var a=0,r=0;for(var i of getEnvStrings()){var n=t+a;d[e+r>>2]=n;a+=((e,t,a,r)=>{if(!(r>0))return 0;for(var i=a,n=a+r-1,s=0;s=55296&&o<=57343&&(o=65536+((1023&o)<<10)|1023&e.charCodeAt(++s));if(o<=127){if(a>=n)break;t[a++]=o}else if(o<=2047){if(a+1>=n)break;t[a++]=192|o>>6;t[a++]=128|63&o}else if(o<=65535){if(a+2>=n)break;t[a++]=224|o>>12;t[a++]=128|o>>6&63;t[a++]=128|63&o}else{if(a+3>=n)break;t[a++]=240|o>>18;t[a++]=128|o>>12&63;t[a++]=128|o>>6&63;t[a++]=128|63&o}}t[a]=0;return a-i})(i,h,n,1/0)+1;r+=4}return 0},q:(e,t)=>{var a=getEnvStrings();d[e>>2]=a.length;var r=0;for(var i of a)r+=lengthBytesUTF8(i)+1;d[t>>2]=r;return 0},b:e=>52,o:function _fd_seek(e,t,a,r){t=(i=t)<-9007199254740992||i>9007199254740992?NaN:Number(i);var i;return 70},c:(e,t,a,r)=>{for(var i=0,n=0;n>2],o=d[t+4>>2];t+=8;for(var c=0;c>2]=i;return 0},r:function _gray_to_rgba(e,t){e>>=2;const a=r.imageData=new Uint8ClampedArray(4*t),i=u.subarray(e,e+t);for(let e=0;e>=2;t>>=2;const i=r.imageData=new Uint8ClampedArray(4*a),n=u.subarray(e,e+a),s=u.subarray(t,t+a);for(let e=0;e>=2;t>>=2;a>>=2;const n=r.imageData=new Uint8ClampedArray(4*i),s=u.subarray(e,e+i),o=u.subarray(t,t+i),c=u.subarray(a,a+i);for(let e=0;e{r.instantiateWasm(e,((e,a)=>{t(receiveInstance(e))}))}))}(),M=(O.t,r._malloc=O.u,r._free=O.v,r._jp2_decode=O.w,O.x);!function preInit(){if(r.preInit){"function"==typeof r.preInit&&(r.preInit=[r.preInit]);for(;r.preInit.length>0;)r.preInit.shift()()}}();!function run(){if(m>0)b=run;else{!function preRun(){if(r.preRun){"function"==typeof r.preRun&&(r.preRun=[r.preRun]);for(;r.preRun.length;)addOnPreRun(r.preRun.shift())}callRuntimeCallbacks(w)}();if(m>0)b=run;else if(r.setStatus){r.setStatus("Running...");setTimeout((()=>{setTimeout((()=>r.setStatus("")),1);doRun()}),1)}else doRun()}function doRun(){r.calledRun=!0;if(!p){!function initRuntime(){O.t()}();t(r);r.onRuntimeInitialized?.();!function postRun(){if(r.postRun){"function"==typeof r.postRun&&(r.postRun=[r.postRun]);for(;r.postRun.length;)addOnPostRun(r.postRun.shift())}callRuntimeCallbacks(y)}()}}}();return i};const Ga=OpenJPEG;class JpxError extends fa{constructor(e){super(e,"JpxError")}}class JpxImage{static#E=null;static#P=null;static#L=null;static#v=!0;static#j=!0;static#F=null;static setOptions({handler:e,useWasm:t,useWorkerFetch:a,wasmUrl:r}){this.#v=t;this.#j=a;this.#F=r;a||(this.#P=e)}static async#_(e){const t=`${this.#F}openjpeg_nowasm_fallback.js`;let a=null;try{a=(await import( +/*webpackIgnore: true*/ +/*@vite-ignore*/ +t)).default()}catch(e){warn(`JpxImage#getJsModule: ${e}`)}e(a)}static async#U(e,t,a){const r="openjpeg.wasm";try{this.#E||(this.#j?this.#E=await fetchBinaryData(`${this.#F}${r}`):this.#E=await this.#P.sendWithPromise("FetchBinaryData",{type:"wasmFactory",filename:r}));return a((await WebAssembly.instantiate(this.#E,t)).instance)}catch(t){warn(`JpxImage#instantiateWasm: ${t}`);this.#_(e);return null}finally{this.#P=null}}static async decode(e,{numComponents:t=4,isIndexedColormap:a=!1,smaskInData:r=!1,reducePower:i=0}={}){if(!this.#L){const{promise:e,resolve:t}=Promise.withResolvers(),a=[e];this.#v?a.push(Ga({warn,instantiateWasm:this.#U.bind(this,t)})):this.#_(t);this.#L=Promise.race(a)}const n=await this.#L;if(!n)throw new JpxError("OpenJPEG failed to initialize");let s;try{const o=e.length;s=n._malloc(o);n.writeArrayToMemory(e,s);if(n._jp2_decode(s,o,t>0?t:0,!!a,!!r,i)){const{errorMessages:e}=n;if(e){delete n.errorMessages;throw new JpxError(e)}throw new JpxError("Unknown error")}const{imageData:c}=n;n.imageData=null;return c}finally{s&&n._free(s)}}static cleanup(){this.#L=null}static parseImageProperties(e){let t=e.getByte();for(;t>=0;){const a=t;t=e.getByte();if(65361===(a<<8|t)){e.skip(4);const t=e.getInt32()>>>0,a=e.getInt32()>>>0,r=e.getInt32()>>>0,i=e.getInt32()>>>0;e.skip(16);return{width:t-r,height:a-i,bitsPerComponent:8,componentsCount:e.getUint16()}}}throw new JpxError("No size marker found in JPX stream")}}function addState(e,t,a,r,i){let n=e;for(let e=0,a=t.length-1;e1e3){l=Math.max(l,d);f+=u+2;d=0;u=0}h.push({transform:t,x:d,y:f,w:a.width,h:a.height});d+=a.width+2;u=Math.max(u,a.height)}const g=Math.max(l,d)+1,p=f+u+1,m=new Uint8Array(g*p*4),b=g<<2;for(let e=0;e=0;){t[n-4]=t[n];t[n-3]=t[n+1];t[n-2]=t[n+2];t[n-1]=t[n+3];t[n+a]=t[n+a-4];t[n+a+1]=t[n+a-3];t[n+a+2]=t[n+a-2];t[n+a+3]=t[n+a-1];n-=b}}const y={width:g,height:p};if(e.isOffscreenCanvasSupported){const e=new OffscreenCanvas(g,p);e.getContext("2d").putImageData(new ImageData(new Uint8ClampedArray(m.buffer),g,p),0,0);y.bitmap=e.transferToImageBitmap();y.data=null}else{y.kind=v;y.data=m}a.splice(n,4*c,Zt);r.splice(n,4*c,[y,h]);return n+1}));addState(Va,[Be,Ne,Vt,Re],null,(function iterateImageMaskGroup(e,t){const a=e.fnArray,r=(t-(e.iCurr-3))%4;switch(r){case 0:return a[t]===Be;case 1:return a[t]===Ne;case 2:return a[t]===Vt;case 3:return a[t]===Re}throw new Error(`iterateImageMaskGroup - invalid pos: ${r}`)}),(function foundImageMaskGroup(e,t){const a=e.fnArray,r=e.argsArray,i=e.iCurr,n=i-3,s=i-2,o=i-1;let c=Math.floor((t-n)/4);if(c<10)return t-(t-n)%4;let l,h,u=!1;const d=r[o][0],f=r[s][0],g=r[s][1],p=r[s][2],m=r[s][3];if(g===p){u=!0;l=s+4;let e=o+4;for(let t=1;t=4&&a[n-4]===a[s]&&a[n-3]===a[o]&&a[n-2]===a[c]&&a[n-1]===a[l]&&r[n-4][0]===h&&r[n-4][1]===u){d++;f-=5}let g=f+4;for(let e=1;e{const t=e.argsArray,a=t[e.iCurr-1][0];if(a!==qe&&a!==He&&a!==$e&&a!==Ge&&a!==Ve&&a!==Ke)return!0;const r=t[e.iCurr-2];return 1===r[0]&&0===r[1]&&0===r[2]&&1===r[3]}),(()=>!1),((e,t)=>{const{fnArray:a,argsArray:r}=e,i=e.iCurr,n=i-3,s=i-2,o=r[i-1],c=r[s],[,[l],h]=o;if(h){Util.scaleMinMax(c,h);for(let e=0,t=l.length;e=a)break}r=(r||Va)[e[t]];if(r&&!Array.isArray(r)){n.iCurr=t;t++;if(!r.checkFn||(0,r.checkFn)(n)){i=r;r=null}else r=null}else t++}this.state=r;this.match=i;this.lastProcessed=t}flush(){for(;this.match;){const e=this.queue.fnArray.length;this.lastProcessed=(0,this.match.processFn)(this.context,e);this.match=null;this.state=null;this._optimize()}}reset(){this.state=null;this.match=null;this.lastProcessed=0}}class OperatorList{static CHUNK_SIZE=1e3;static CHUNK_SIZE_ABOUT=this.CHUNK_SIZE-5;static isOffscreenCanvasSupported=!1;constructor(e=0,t){this._streamSink=t;this.fnArray=[];this.argsArray=[];this.optimizer=!t||e&d?new NullOptimizer(this):new QueueOptimizer(this);this.dependencies=new Set;this._totalLength=0;this.weight=0;this._resolved=t?null:Promise.resolve()}static setOptions({isOffscreenCanvasSupported:e}){this.isOffscreenCanvasSupported=e}get length(){return this.argsArray.length}get ready(){return this._resolved||this._streamSink.ready}get totalLength(){return this._totalLength+this.length}addOp(e,t){this.optimizer.push(e,t);this.weight++;this._streamSink&&(this.weight>=OperatorList.CHUNK_SIZE||this.weight>=OperatorList.CHUNK_SIZE_ABOUT&&(e===Re||e===et))&&this.flush()}addImageOps(e,t,a,r=!1){if(r){this.addOp(Be);this.addOp(De,[[["SMask",!1]]])}void 0!==a&&this.addOp(jt,["OC",a]);this.addOp(e,t);void 0!==a&&this.addOp(_t,[]);r&&this.addOp(Re)}addDependency(e){if(!this.dependencies.has(e)){this.dependencies.add(e);this.addOp(Ae,[e])}}addDependencies(e){for(const t of e)this.addDependency(t)}addOpList(e){if(e instanceof OperatorList){for(const t of e.dependencies)this.dependencies.add(t);for(let t=0,a=e.length;t>>0}function hexToStr(e,t){return 1===t?String.fromCharCode(e[0],e[1]):3===t?String.fromCharCode(e[0],e[1],e[2],e[3]):String.fromCharCode(...e.subarray(0,t+1))}function addHex(e,t,a){let r=0;for(let i=a;i>=0;i--){r+=e[i]+t[i];e[i]=255&r;r>>=8}}function incHex(e,t){let a=1;for(let r=t;r>=0&&a>0;r--){a+=e[r];e[r]=255&a;a>>=8}}const Ka=16;class BinaryCMapStream{constructor(e){this.buffer=e;this.pos=0;this.end=e.length;this.tmpBuf=new Uint8Array(19)}readByte(){return this.pos>=this.end?-1:this.buffer[this.pos++]}readNumber(){let e,t=0;do{const a=this.readByte();if(a<0)throw new FormatError("unexpected EOF in bcmap");e=!(128&a);t=t<<7|127&a}while(!e);return t}readSigned(){const e=this.readNumber();return 1&e?~(e>>>1):e>>>1}readHex(e,t){e.set(this.buffer.subarray(this.pos,this.pos+t+1));this.pos+=t+1}readHexNumber(e,t){let a;const r=this.tmpBuf;let i=0;do{const e=this.readByte();if(e<0)throw new FormatError("unexpected EOF in bcmap");a=!(128&e);r[i++]=127&e}while(!a);let n=t,s=0,o=0;for(;n>=0;){for(;o<8&&r.length>0;){s|=r[--i]<>=8;o-=8}}readHexSigned(e,t){this.readHexNumber(e,t);const a=1&e[t]?255:0;let r=0;for(let i=0;i<=t;i++){r=(1&r)<<8|e[i];e[i]=r>>1^a}}readString(){const e=this.readNumber(),t=new Array(e);for(let a=0;a=0;){const e=d>>5;if(7===e){switch(31&d){case 0:r.readString();break;case 1:n=r.readString()}continue}const a=!!(16&d),i=15&d;if(i+1>Ka)throw new Error("BinaryCMapReader.process: Invalid dataSize.");const f=1,g=r.readNumber();switch(e){case 0:r.readHex(s,i);r.readHexNumber(o,i);addHex(o,s,i);t.addCodespaceRange(i+1,hexToInt(s,i),hexToInt(o,i));for(let e=1;e=0;--i){r[a+i]=255&s;s>>=8}}}}class AsciiHexStream extends DecodeStream{constructor(e,t){t&&(t*=.5);super(t);this.str=e;this.dict=e.dict;this.firstDigit=-1}readBlock(){const e=this.str.getBytes(8e3);if(!e.length){this.eof=!0;return}const t=e.length+1>>1,a=this.ensureBuffer(this.bufferLength+t);let r=this.bufferLength,i=this.firstDigit;for(const t of e){let e;if(t>=48&&t<=57)e=15&t;else{if(!(t>=65&&t<=70||t>=97&&t<=102)){if(62===t){this.eof=!0;break}continue}e=9+(15&t)}if(i<0)i=e;else{a[r++]=i<<4|e;i=-1}}if(i>=0&&this.eof){a[r++]=i<<4;i=-1}this.firstDigit=i;this.bufferLength=r}}const Ja=-1,Ya=[[-1,-1],[-1,-1],[7,8],[7,7],[6,6],[6,6],[6,5],[6,5],[4,0],[4,0],[4,0],[4,0],[4,0],[4,0],[4,0],[4,0],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2]],Za=[[-1,-1],[12,-2],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[11,1792],[11,1792],[12,1984],[12,2048],[12,2112],[12,2176],[12,2240],[12,2304],[11,1856],[11,1856],[11,1920],[11,1920],[12,2368],[12,2432],[12,2496],[12,2560]],Qa=[[-1,-1],[-1,-1],[-1,-1],[-1,-1],[8,29],[8,29],[8,30],[8,30],[8,45],[8,45],[8,46],[8,46],[7,22],[7,22],[7,22],[7,22],[7,23],[7,23],[7,23],[7,23],[8,47],[8,47],[8,48],[8,48],[6,13],[6,13],[6,13],[6,13],[6,13],[6,13],[6,13],[6,13],[7,20],[7,20],[7,20],[7,20],[8,33],[8,33],[8,34],[8,34],[8,35],[8,35],[8,36],[8,36],[8,37],[8,37],[8,38],[8,38],[7,19],[7,19],[7,19],[7,19],[8,31],[8,31],[8,32],[8,32],[6,1],[6,1],[6,1],[6,1],[6,1],[6,1],[6,1],[6,1],[6,12],[6,12],[6,12],[6,12],[6,12],[6,12],[6,12],[6,12],[8,53],[8,53],[8,54],[8,54],[7,26],[7,26],[7,26],[7,26],[8,39],[8,39],[8,40],[8,40],[8,41],[8,41],[8,42],[8,42],[8,43],[8,43],[8,44],[8,44],[7,21],[7,21],[7,21],[7,21],[7,28],[7,28],[7,28],[7,28],[8,61],[8,61],[8,62],[8,62],[8,63],[8,63],[8,0],[8,0],[8,320],[8,320],[8,384],[8,384],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[7,27],[7,27],[7,27],[7,27],[8,59],[8,59],[8,60],[8,60],[9,1472],[9,1536],[9,1600],[9,1728],[7,18],[7,18],[7,18],[7,18],[7,24],[7,24],[7,24],[7,24],[8,49],[8,49],[8,50],[8,50],[8,51],[8,51],[8,52],[8,52],[7,25],[7,25],[7,25],[7,25],[8,55],[8,55],[8,56],[8,56],[8,57],[8,57],[8,58],[8,58],[6,192],[6,192],[6,192],[6,192],[6,192],[6,192],[6,192],[6,192],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[8,448],[8,448],[8,512],[8,512],[9,704],[9,768],[8,640],[8,640],[8,576],[8,576],[9,832],[9,896],[9,960],[9,1024],[9,1088],[9,1152],[9,1216],[9,1280],[9,1344],[9,1408],[7,256],[7,256],[7,256],[7,256],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[6,16],[6,16],[6,16],[6,16],[6,16],[6,16],[6,16],[6,16],[6,17],[6,17],[6,17],[6,17],[6,17],[6,17],[6,17],[6,17],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[6,14],[6,14],[6,14],[6,14],[6,14],[6,14],[6,14],[6,14],[6,15],[6,15],[6,15],[6,15],[6,15],[6,15],[6,15],[6,15],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7]],er=[[-1,-1],[-1,-1],[12,-2],[12,-2],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[11,1792],[11,1792],[11,1792],[11,1792],[12,1984],[12,1984],[12,2048],[12,2048],[12,2112],[12,2112],[12,2176],[12,2176],[12,2240],[12,2240],[12,2304],[12,2304],[11,1856],[11,1856],[11,1856],[11,1856],[11,1920],[11,1920],[11,1920],[11,1920],[12,2368],[12,2368],[12,2432],[12,2432],[12,2496],[12,2496],[12,2560],[12,2560],[10,18],[10,18],[10,18],[10,18],[10,18],[10,18],[10,18],[10,18],[12,52],[12,52],[13,640],[13,704],[13,768],[13,832],[12,55],[12,55],[12,56],[12,56],[13,1280],[13,1344],[13,1408],[13,1472],[12,59],[12,59],[12,60],[12,60],[13,1536],[13,1600],[11,24],[11,24],[11,24],[11,24],[11,25],[11,25],[11,25],[11,25],[13,1664],[13,1728],[12,320],[12,320],[12,384],[12,384],[12,448],[12,448],[13,512],[13,576],[12,53],[12,53],[12,54],[12,54],[13,896],[13,960],[13,1024],[13,1088],[13,1152],[13,1216],[10,64],[10,64],[10,64],[10,64],[10,64],[10,64],[10,64],[10,64]],tr=[[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[11,23],[11,23],[12,50],[12,51],[12,44],[12,45],[12,46],[12,47],[12,57],[12,58],[12,61],[12,256],[10,16],[10,16],[10,16],[10,16],[10,17],[10,17],[10,17],[10,17],[12,48],[12,49],[12,62],[12,63],[12,30],[12,31],[12,32],[12,33],[12,40],[12,41],[11,22],[11,22],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[9,15],[9,15],[9,15],[9,15],[9,15],[9,15],[9,15],[9,15],[12,128],[12,192],[12,26],[12,27],[12,28],[12,29],[11,19],[11,19],[11,20],[11,20],[12,34],[12,35],[12,36],[12,37],[12,38],[12,39],[11,21],[11,21],[12,42],[12,43],[10,0],[10,0],[10,0],[10,0],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12]],ar=[[-1,-1],[-1,-1],[-1,-1],[-1,-1],[6,9],[6,8],[5,7],[5,7],[4,6],[4,6],[4,6],[4,6],[4,5],[4,5],[4,5],[4,5],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2]];class CCITTFaxDecoder{constructor(e,t={}){if("function"!=typeof e?.next)throw new Error('CCITTFaxDecoder - invalid "source" parameter.');this.source=e;this.eof=!1;this.encoding=t.K||0;this.eoline=t.EndOfLine||!1;this.byteAlign=t.EncodedByteAlign||!1;this.columns=t.Columns||1728;this.rows=t.Rows||0;this.eoblock=t.EndOfBlock??!0;this.black=t.BlackIs1||!1;this.codingLine=new Uint32Array(this.columns+1);this.refLine=new Uint32Array(this.columns+2);this.codingLine[0]=this.columns;this.codingPos=0;this.row=0;this.nextLine2D=this.encoding<0;this.inputBits=0;this.inputBuf=0;this.outputBits=0;this.rowsDone=!1;let a;for(;0===(a=this._lookBits(12));)this._eatBits(1);1===a&&this._eatBits(12);if(this.encoding>0){this.nextLine2D=!this._lookBits(1);this._eatBits(1)}}readNextChar(){if(this.eof)return-1;const e=this.refLine,t=this.codingLine,a=this.columns;let r,i,n,s,o;if(0===this.outputBits){this.rowsDone&&(this.eof=!0);if(this.eof)return-1;this.err=!1;let n,o,c;if(this.nextLine2D){for(s=0;t[s]=64);do{o+=c=this._getWhiteCode()}while(c>=64)}else{do{n+=c=this._getWhiteCode()}while(c>=64);do{o+=c=this._getBlackCode()}while(c>=64)}this._addPixels(t[this.codingPos]+n,i);t[this.codingPos]0?--r:++r;for(;e[r]<=t[this.codingPos]&&e[r]0?--r:++r;for(;e[r]<=t[this.codingPos]&&e[r]0?--r:++r;for(;e[r]<=t[this.codingPos]&&e[r]=64);else do{n+=c=this._getWhiteCode()}while(c>=64);this._addPixels(t[this.codingPos]+n,i);i^=1}}let l=!1;this.byteAlign&&(this.inputBits&=-8);if(this.eoblock||this.row!==this.rows-1){n=this._lookBits(12);if(this.eoline)for(;n!==Ja&&1!==n;){this._eatBits(1);n=this._lookBits(12)}else for(;0===n;){this._eatBits(1);n=this._lookBits(12)}if(1===n){this._eatBits(12);l=!0}else n===Ja&&(this.eof=!0)}else this.rowsDone=!0;if(!this.eof&&this.encoding>0&&!this.rowsDone){this.nextLine2D=!this._lookBits(1);this._eatBits(1)}if(this.eoblock&&l&&this.byteAlign){n=this._lookBits(12);if(1===n){this._eatBits(12);if(this.encoding>0){this._lookBits(1);this._eatBits(1)}if(this.encoding>=0)for(s=0;s<4;++s){n=this._lookBits(12);1!==n&&info("bad rtc code: "+n);this._eatBits(12);if(this.encoding>0){this._lookBits(1);this._eatBits(1)}}this.eof=!0}}else if(this.err&&this.eoline){for(;;){n=this._lookBits(13);if(n===Ja){this.eof=!0;return-1}if(n>>1==1)break;this._eatBits(1)}this._eatBits(12);if(this.encoding>0){this._eatBits(1);this.nextLine2D=!(1&n)}}this.outputBits=t[0]>0?t[this.codingPos=0]:t[this.codingPos=1];this.row++}if(this.outputBits>=8){o=1&this.codingPos?0:255;this.outputBits-=8;if(0===this.outputBits&&t[this.codingPos]n){o<<=n;1&this.codingPos||(o|=255>>8-n);this.outputBits-=n;n=0}else{o<<=this.outputBits;1&this.codingPos||(o|=255>>8-this.outputBits);n-=this.outputBits;this.outputBits=0;if(t[this.codingPos]0){o<<=n;n=0}}}while(n)}this.black&&(o^=255);return o}_addPixels(e,t){const a=this.codingLine;let r=this.codingPos;if(e>a[r]){if(e>this.columns){info("row is wrong length");this.err=!0;e=this.columns}1&r^t&&++r;a[r]=e}this.codingPos=r}_addPixelsNeg(e,t){const a=this.codingLine;let r=this.codingPos;if(e>a[r]){if(e>this.columns){info("row is wrong length");this.err=!0;e=this.columns}1&r^t&&++r;a[r]=e}else if(e0&&e=i){const t=a[e-i];if(t[0]===r){this._eatBits(r);return[!0,t[1],!0]}}}return[!1,0,!1]}_getTwoDimCode(){let e,t=0;if(this.eoblock){t=this._lookBits(7);e=Ya[t];if(e?.[0]>0){this._eatBits(e[0]);return e[1]}}else{const e=this._findTableCode(1,7,Ya);if(e[0]&&e[2])return e[1]}info("Bad two dim code");return Ja}_getWhiteCode(){let e,t=0;if(this.eoblock){t=this._lookBits(12);if(t===Ja)return 1;e=t>>5?Qa[t>>3]:Za[t];if(e[0]>0){this._eatBits(e[0]);return e[1]}}else{let e=this._findTableCode(1,9,Qa);if(e[0])return e[1];e=this._findTableCode(11,12,Za);if(e[0])return e[1]}info("bad white code");this._eatBits(1);return 1}_getBlackCode(){let e,t;if(this.eoblock){e=this._lookBits(13);if(e===Ja)return 1;t=e>>7?!(e>>9)&&e>>7?tr[(e>>1)-64]:ar[e>>7]:er[e];if(t[0]>0){this._eatBits(t[0]);return t[1]}}else{let e=this._findTableCode(2,6,ar);if(e[0])return e[1];e=this._findTableCode(7,12,tr,64);if(e[0])return e[1];e=this._findTableCode(10,13,er);if(e[0])return e[1]}info("bad black code");this._eatBits(1);return 1}_lookBits(e){let t;for(;this.inputBits>16-e;this.inputBuf=this.inputBuf<<8|t;this.inputBits+=8}return this.inputBuf>>this.inputBits-e&65535>>16-e}_eatBits(e){(this.inputBits-=e)<0&&(this.inputBits=0)}}class CCITTFaxStream extends DecodeStream{constructor(e,t,a){super(t);this.str=e;this.dict=e.dict;a instanceof Dict||(a=Dict.empty);const r={next:()=>e.getByte()};this.ccittFaxDecoder=new CCITTFaxDecoder(r,{K:a.get("K"),EndOfLine:a.get("EndOfLine"),EncodedByteAlign:a.get("EncodedByteAlign"),Columns:a.get("Columns"),Rows:a.get("Rows"),EndOfBlock:a.get("EndOfBlock"),BlackIs1:a.get("BlackIs1")})}readBlock(){for(;!this.eof;){const e=this.ccittFaxDecoder.readNextChar();if(-1===e){this.eof=!0;return}this.ensureBuffer(this.bufferLength+1);this.buffer[this.bufferLength++]=e}}}const rr=new Int32Array([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),ir=new Int32Array([3,4,5,6,7,8,9,10,65547,65549,65551,65553,131091,131095,131099,131103,196643,196651,196659,196667,262211,262227,262243,262259,327811,327843,327875,327907,258,258,258]),nr=new Int32Array([1,2,3,4,65541,65543,131081,131085,196625,196633,262177,262193,327745,327777,393345,393409,459009,459137,524801,525057,590849,591361,657409,658433,724993,727041,794625,798721,868353,876545]),sr=[new Int32Array([459008,524368,524304,524568,459024,524400,524336,590016,459016,524384,524320,589984,524288,524416,524352,590048,459012,524376,524312,589968,459028,524408,524344,590032,459020,524392,524328,59e4,524296,524424,524360,590064,459010,524372,524308,524572,459026,524404,524340,590024,459018,524388,524324,589992,524292,524420,524356,590056,459014,524380,524316,589976,459030,524412,524348,590040,459022,524396,524332,590008,524300,524428,524364,590072,459009,524370,524306,524570,459025,524402,524338,590020,459017,524386,524322,589988,524290,524418,524354,590052,459013,524378,524314,589972,459029,524410,524346,590036,459021,524394,524330,590004,524298,524426,524362,590068,459011,524374,524310,524574,459027,524406,524342,590028,459019,524390,524326,589996,524294,524422,524358,590060,459015,524382,524318,589980,459031,524414,524350,590044,459023,524398,524334,590012,524302,524430,524366,590076,459008,524369,524305,524569,459024,524401,524337,590018,459016,524385,524321,589986,524289,524417,524353,590050,459012,524377,524313,589970,459028,524409,524345,590034,459020,524393,524329,590002,524297,524425,524361,590066,459010,524373,524309,524573,459026,524405,524341,590026,459018,524389,524325,589994,524293,524421,524357,590058,459014,524381,524317,589978,459030,524413,524349,590042,459022,524397,524333,590010,524301,524429,524365,590074,459009,524371,524307,524571,459025,524403,524339,590022,459017,524387,524323,589990,524291,524419,524355,590054,459013,524379,524315,589974,459029,524411,524347,590038,459021,524395,524331,590006,524299,524427,524363,590070,459011,524375,524311,524575,459027,524407,524343,590030,459019,524391,524327,589998,524295,524423,524359,590062,459015,524383,524319,589982,459031,524415,524351,590046,459023,524399,524335,590014,524303,524431,524367,590078,459008,524368,524304,524568,459024,524400,524336,590017,459016,524384,524320,589985,524288,524416,524352,590049,459012,524376,524312,589969,459028,524408,524344,590033,459020,524392,524328,590001,524296,524424,524360,590065,459010,524372,524308,524572,459026,524404,524340,590025,459018,524388,524324,589993,524292,524420,524356,590057,459014,524380,524316,589977,459030,524412,524348,590041,459022,524396,524332,590009,524300,524428,524364,590073,459009,524370,524306,524570,459025,524402,524338,590021,459017,524386,524322,589989,524290,524418,524354,590053,459013,524378,524314,589973,459029,524410,524346,590037,459021,524394,524330,590005,524298,524426,524362,590069,459011,524374,524310,524574,459027,524406,524342,590029,459019,524390,524326,589997,524294,524422,524358,590061,459015,524382,524318,589981,459031,524414,524350,590045,459023,524398,524334,590013,524302,524430,524366,590077,459008,524369,524305,524569,459024,524401,524337,590019,459016,524385,524321,589987,524289,524417,524353,590051,459012,524377,524313,589971,459028,524409,524345,590035,459020,524393,524329,590003,524297,524425,524361,590067,459010,524373,524309,524573,459026,524405,524341,590027,459018,524389,524325,589995,524293,524421,524357,590059,459014,524381,524317,589979,459030,524413,524349,590043,459022,524397,524333,590011,524301,524429,524365,590075,459009,524371,524307,524571,459025,524403,524339,590023,459017,524387,524323,589991,524291,524419,524355,590055,459013,524379,524315,589975,459029,524411,524347,590039,459021,524395,524331,590007,524299,524427,524363,590071,459011,524375,524311,524575,459027,524407,524343,590031,459019,524391,524327,589999,524295,524423,524359,590063,459015,524383,524319,589983,459031,524415,524351,590047,459023,524399,524335,590015,524303,524431,524367,590079]),9],or=[new Int32Array([327680,327696,327688,327704,327684,327700,327692,327708,327682,327698,327690,327706,327686,327702,327694,0,327681,327697,327689,327705,327685,327701,327693,327709,327683,327699,327691,327707,327687,327703,327695,0]),5];class FlateStream extends DecodeStream{constructor(e,t){super(t);this.str=e;this.dict=e.dict;const a=e.getByte(),r=e.getByte();if(-1===a||-1===r)throw new FormatError(`Invalid header in flate stream: ${a}, ${r}`);if(8!=(15&a))throw new FormatError(`Unknown compression method in flate stream: ${a}, ${r}`);if(((a<<8)+r)%31!=0)throw new FormatError(`Bad FCHECK in flate stream: ${a}, ${r}`);if(32&r)throw new FormatError(`FDICT bit set in flate stream: ${a}, ${r}`);this.codeSize=0;this.codeBuf=0}async getImageData(e,t){const a=await this.asyncGetBytes();return a?a.length<=e?a:a.subarray(0,e):this.getBytes(e)}async asyncGetBytes(){this.str.reset();const e=this.str.getBytes();try{const{readable:t,writable:a}=new DecompressionStream("deflate"),r=a.getWriter();await r.ready;r.write(e).then((async()=>{await r.ready;await r.close()})).catch((()=>{}));const i=[];let n=0;for await(const e of t){i.push(e);n+=e.byteLength}const s=new Uint8Array(n);let o=0;for(const e of i){s.set(e,o);o+=e.byteLength}return s}catch{this.str=new Stream(e,2,e.length,this.str.dict);this.reset();return null}}get isAsync(){return!0}getBits(e){const t=this.str;let a,r=this.codeSize,i=this.codeBuf;for(;r>e;this.codeSize=r-=e;return a}getCode(e){const t=this.str,a=e[0],r=e[1];let i,n=this.codeSize,s=this.codeBuf;for(;n>16,l=65535&o;if(c<1||n>c;this.codeSize=n-c;return l}generateHuffmanTable(e){const t=e.length;let a,r=0;for(a=0;ar&&(r=e[a]);const i=1<>=1}for(a=e;a>=1;if(0===t){let t;if(-1===(t=r.getByte())){this.#X("Bad block header in flate stream");return}let a=t;if(-1===(t=r.getByte())){this.#X("Bad block header in flate stream");return}a|=t<<8;if(-1===(t=r.getByte())){this.#X("Bad block header in flate stream");return}let i=t;if(-1===(t=r.getByte())){this.#X("Bad block header in flate stream");return}i|=t<<8;if(i!==(65535&~a)&&(0!==a||0!==i))throw new FormatError("Bad uncompressed block length in flate stream");this.codeBuf=0;this.codeSize=0;const n=this.bufferLength,s=n+a;e=this.ensureBuffer(s);this.bufferLength=s;if(0===a)-1===r.peekByte()&&(this.eof=!0);else{const t=r.getBytes(a);e.set(t,n);t.length0;)h[o++]=f}i=this.generateHuffmanTable(h.subarray(0,e));n=this.generateHuffmanTable(h.subarray(e,l))}}e=this.buffer;let s=e?e.length:0,o=this.bufferLength;for(;;){let t=this.getCode(i);if(t<256){if(o+1>=s){e=this.ensureBuffer(o+1);s=e.length}e[o++]=t;continue}if(256===t){this.bufferLength=o;return}t-=257;t=ir[t];let r=t>>16;r>0&&(r=this.getBits(r));a=(65535&t)+r;t=this.getCode(n);t=nr[t];r=t>>16;r>0&&(r=this.getBits(r));const c=(65535&t)+r;if(o+a>=s){e=this.ensureBuffer(o+a);s=e.length}for(let t=0;t>9&127;this.clow=this.clow<<7&65535;this.ct-=7;this.a=32768}byteIn(){const e=this.data;let t=this.bp;if(255===e[t])if(e[t+1]>143){this.clow+=65280;this.ct=8}else{t++;this.clow+=e[t]<<9;this.ct=7;this.bp=t}else{t++;this.clow+=t65535){this.chigh+=this.clow>>16;this.clow&=65535}}readBit(e,t){let a=e[t]>>1,r=1&e[t];const i=cr[a],n=i.qe;let s,o=this.a-n;if(this.chigh>15&1;this.clow=this.clow<<1&65535;this.ct--}while(!(32768&o));this.a=o;e[t]=a<<1|r;return s}}class Jbig2Error extends fa{constructor(e){super(e,"Jbig2Error")}}class ContextCache{getContexts(e){return e in this?this[e]:this[e]=new Int8Array(65536)}}class DecodingContext{constructor(e,t,a){this.data=e;this.start=t;this.end=a}get decoder(){return shadow(this,"decoder",new ArithmeticDecoder(this.data,this.start,this.end))}get contextCache(){return shadow(this,"contextCache",new ContextCache)}}function decodeInteger(e,t,a){const r=e.getContexts(t);let i=1;function readBits(e){let t=0;for(let n=0;n>>0}const n=readBits(1),s=readBits(1)?readBits(1)?readBits(1)?readBits(1)?readBits(1)?readBits(32)+4436:readBits(12)+340:readBits(8)+84:readBits(6)+20:readBits(4)+4:readBits(2);let o;0===n?o=s:s>0&&(o=-s);return o>=-2147483648&&o<=va?o:null}function decodeIAID(e,t,a){const r=e.getContexts("IAID");let i=1;for(let e=0;ee.y-t.y||e.x-t.x));const h=l.length,u=new Int8Array(h),d=new Int8Array(h),f=[];let g,p,m=0,b=0,y=0,w=0;for(p=0;p=v&&E=F){q=q<<1&m;for(p=0;p=0&&j=0){_=D[L][j];_&&(q|=_<=e?l<<=1:l=l<<1|S[o][c]}for(f=0;f=w||c<0||c>=y?l<<=1:l=l<<1|r[o][c]}const g=k.readBit(C,l);t[s]=g}}return S}function decodeTextRegion(e,t,a,r,i,n,s,o,c,l,h,u,d,f,g,p,m,b,y){if(e&&t)throw new Jbig2Error("refinement with Huffman is not supported");const w=[];let x,S;for(x=0;x1&&(i=e?y.readBits(b):decodeInteger(C,"IAIT",k));const n=s*v+i,F=e?f.symbolIDTable.decode(y):decodeIAID(C,k,c),T=t&&(e?y.readBit():decodeInteger(C,"IARI",k));let O=o[F],M=O[0].length,D=O.length;if(T){const e=decodeInteger(C,"IARDW",k),t=decodeInteger(C,"IARDH",k);M+=e;D+=t;O=decodeRefinement(M,D,g,O,(e>>1)+decodeInteger(C,"IARDX",k),(t>>1)+decodeInteger(C,"IARDY",k),!1,p,m)}let R=0;l?1&u?R=D-1:r+=D-1:u>1?r+=M-1:R=M-1;const N=n-(1&u?0:D-1),E=r-(2&u?M-1:0);let L,j,_;if(l)for(L=0;L>5&7;const c=[31&s];let l=t+6;if(7===s){o=536870911&readUint32(e,l-1);l+=3;let t=o+7>>3;c[0]=e[l++];for(;--t>0;)c.push(e[l++])}else if(5===s||6===s)throw new Jbig2Error("invalid referred-to flags");a.retainBits=c;let h=4;a.number<=256?h=1:a.number<=65536&&(h=2);const u=[];let d,f;for(d=0;d>>24&255;n[3]=t.height>>16&255;n[4]=t.height>>8&255;n[5]=255&t.height;for(d=l,f=e.length;d>2&3;e.huffmanDWSelector=t>>4&3;e.bitmapSizeSelector=t>>6&1;e.aggregationInstancesSelector=t>>7&1;e.bitmapCodingContextUsed=!!(256&t);e.bitmapCodingContextRetained=!!(512&t);e.template=t>>10&3;e.refinementTemplate=t>>12&1;l+=2;if(!e.huffman){c=0===e.template?4:1;s=[];for(o=0;o>2&3;h.stripSize=1<>4&3;h.transposed=!!(64&u);h.combinationOperator=u>>7&3;h.defaultPixelValue=u>>9&1;h.dsOffset=u<<17>>27;h.refinementTemplate=u>>15&1;if(h.huffman){const e=readUint16(r,l);l+=2;h.huffmanFS=3&e;h.huffmanDS=e>>2&3;h.huffmanDT=e>>4&3;h.huffmanRefinementDW=e>>6&3;h.huffmanRefinementDH=e>>8&3;h.huffmanRefinementDX=e>>10&3;h.huffmanRefinementDY=e>>12&3;h.huffmanRefinementSizeSelector=!!(16384&e)}if(h.refinement&&!h.refinementTemplate){s=[];for(o=0;o<2;o++){s.push({x:readInt8(r,l),y:readInt8(r,l+1)});l+=2}h.refinementAt=s}h.numberOfSymbolInstances=readUint32(r,l);l+=4;n=[h,a.referredTo,r,l,i];break;case 16:const d={},f=r[l++];d.mmr=!!(1&f);d.template=f>>1&3;d.patternWidth=r[l++];d.patternHeight=r[l++];d.maxPatternIndex=readUint32(r,l);l+=4;n=[d,a.number,r,l,i];break;case 22:case 23:const g={};g.info=readRegionSegmentInformation(r,l);l+=gr;const p=r[l++];g.mmr=!!(1&p);g.template=p>>1&3;g.enableSkip=!!(8&p);g.combinationOperator=p>>4&7;g.defaultPixelValue=p>>7&1;g.gridWidth=readUint32(r,l);l+=4;g.gridHeight=readUint32(r,l);l+=4;g.gridOffsetX=4294967295&readUint32(r,l);l+=4;g.gridOffsetY=4294967295&readUint32(r,l);l+=4;g.gridVectorX=readUint16(r,l);l+=2;g.gridVectorY=readUint16(r,l);l+=2;n=[g,a.referredTo,r,l,i];break;case 38:case 39:const m={};m.info=readRegionSegmentInformation(r,l);l+=gr;const b=r[l++];m.mmr=!!(1&b);m.template=b>>1&3;m.prediction=!!(8&b);if(!m.mmr){c=0===m.template?4:1;s=[];for(o=0;o>2&1;y.combinationOperator=w>>3&3;y.requiresBuffer=!!(32&w);y.combinationOperatorOverride=!!(64&w);n=[y];break;case 49:case 50:case 51:case 62:break;case 53:n=[a.number,r,l,i];break;default:throw new Jbig2Error(`segment type ${a.typeName}(${a.type}) is not implemented`)}const h="on"+a.typeName;h in t&&t[h].apply(t,n)}function processSegments(e,t){for(let a=0,r=e.length;a>3,a=new Uint8ClampedArray(t*e.height);e.defaultPixelValue&&a.fill(255);this.buffer=a}drawBitmap(e,t){const a=this.currentPageInfo,r=e.width,i=e.height,n=a.width+7>>3,s=a.combinationOperatorOverride?e.combinationOperator:a.combinationOperator,o=this.buffer,c=128>>(7&e.x);let l,h,u,d,f=e.y*n+(e.x>>3);switch(s){case 0:for(l=0;l>=1;if(!u){u=128;d++}}f+=n}break;case 2:for(l=0;l>=1;if(!u){u=128;d++}}f+=n}break;default:throw new Jbig2Error(`operator ${s} is not supported`)}}onImmediateGenericRegion(e,t,a,r){const i=e.info,n=new DecodingContext(t,a,r),s=decodeBitmap(e.mmr,i.width,i.height,e.template,e.prediction,null,e.at,n);this.drawBitmap(i,s)}onImmediateLosslessGenericRegion(){this.onImmediateGenericRegion(...arguments)}onSymbolDictionary(e,t,a,r,i,n){let s,o;if(e.huffman){s=function getSymbolDictionaryHuffmanTables(e,t,a){let r,i,n,s,o=0;switch(e.huffmanDHSelector){case 0:case 1:r=getStandardTable(e.huffmanDHSelector+4);break;case 3:r=getCustomHuffmanTable(o,t,a);o++;break;default:throw new Jbig2Error("invalid Huffman DH selector")}switch(e.huffmanDWSelector){case 0:case 1:i=getStandardTable(e.huffmanDWSelector+2);break;case 3:i=getCustomHuffmanTable(o,t,a);o++;break;default:throw new Jbig2Error("invalid Huffman DW selector")}if(e.bitmapSizeSelector){n=getCustomHuffmanTable(o,t,a);o++}else n=getStandardTable(1);s=e.aggregationInstancesSelector?getCustomHuffmanTable(o,t,a):getStandardTable(1);return{tableDeltaHeight:r,tableDeltaWidth:i,tableBitmapSize:n,tableAggregateInstances:s}}(e,a,this.customTables);o=new Reader(r,i,n)}let c=this.symbols;c||(this.symbols=c={});const l=[];for(const e of a){const t=c[e];t&&l.push(...t)}const h=new DecodingContext(r,i,n);c[t]=function decodeSymbolDictionary(e,t,a,r,i,n,s,o,c,l,h,u){if(e&&t)throw new Jbig2Error("symbol refinement with Huffman is not supported");const d=[];let f=0,g=log2(a.length+r);const p=h.decoder,m=h.contextCache;let b,y;if(e){b=getStandardTable(1);y=[];g=Math.max(g,1)}for(;d.length1)w=decodeTextRegion(e,t,r,f,0,i,1,a.concat(d),g,0,0,1,0,n,c,l,h,0,u);else{const e=decodeIAID(m,p,g),t=decodeInteger(m,"IARDX",p),i=decodeInteger(m,"IARDY",p);w=decodeRefinement(r,f,c,e=32){let a,r,s;switch(t){case 32:if(0===e)throw new Jbig2Error("no previous value in symbol ID table");r=i.readBits(2)+3;a=n[e-1].prefixLength;break;case 33:r=i.readBits(3)+3;a=0;break;case 34:r=i.readBits(7)+11;a=0;break;default:throw new Jbig2Error("invalid code length in symbol ID table")}for(s=0;s=0;m--){O=e?decodeMMRBitmap(T,c,l,!0):decodeBitmap(!1,c,l,a,!1,null,v,g);F[m]=O}for(M=0;M=0;b--){R^=F[b][M][D];N|=R<>8;j=u+M*d-D*f>>8;if(L>=0&&L+S<=r&&j>=0&&j+k<=i)for(m=0;m=i)){U=p[t];_=E[m];for(b=0;b=0&&e>1&7),c=1+(r>>4&7),l=[];let h,u,d=i;do{h=s.readBits(o);u=s.readBits(c);l.push(new HuffmanLine([d,h,u,0]));d+=1<>t&1;if(t<=0)this.children[a]=new HuffmanTreeNode(e);else{let r=this.children[a];r||(this.children[a]=r=new HuffmanTreeNode(null));r.buildTree(e,t-1)}}decodeNode(e){if(this.isLeaf){if(this.isOOB)return null;const t=e.readBits(this.rangeLength);return this.rangeLow+(this.isLowerRange?-t:t)}const t=this.children[e.readBit()];if(!t)throw new Jbig2Error("invalid Huffman data");return t.decodeNode(e)}}class HuffmanTable{constructor(e,t){t||this.assignPrefixCodes(e);this.rootNode=new HuffmanTreeNode(null);for(let t=0,a=e.length;t0&&this.rootNode.buildTree(a,a.prefixLength-1)}}decode(e){return this.rootNode.decodeNode(e)}assignPrefixCodes(e){const t=e.length;let a=0;for(let r=0;r=this.end)throw new Jbig2Error("end of data while reading bit");this.currentByte=this.data[this.position++];this.shift=7}const e=this.currentByte>>this.shift&1;this.shift--;return e}readBits(e){let t,a=0;for(t=e-1;t>=0;t--)a|=this.readBit()<=this.end?-1:this.data[this.position++]}}function getCustomHuffmanTable(e,t,a){let r=0;for(let i=0,n=t.length;i>a&1;a--}}if(r&&!o){const e=5;for(let t=0;t>>t&(1<0;if(e<256){d[0]=e;f=1}else{if(!(e>=258)){if(256===e){h=9;s=258;f=0;continue}this.eof=!0;delete this.lzwState;break}if(e=0;t--){d[t]=o[a];a=l[a]}}else d[f++]=d[0]}if(i){l[s]=u;c[s]=c[u]+1;o[s]=d[0];s++;h=s+n&s+n-1?h:0|Math.min(Math.log(s+n)/.6931471805599453+1,12)}u=e;g+=f;if(r15))throw new FormatError(`Unsupported predictor: ${r}`);this.readBlock=2===r?this.readBlockTiff:this.readBlockPng;this.str=e;this.dict=e.dict;const i=this.colors=a.get("Colors")||1,n=this.bits=a.get("BPC","BitsPerComponent")||8,s=this.columns=a.get("Columns")||1;this.pixBytes=i*n+7>>3;this.rowBytes=s*i*n+7>>3;return this}readBlockTiff(){const e=this.rowBytes,t=this.bufferLength,a=this.ensureBuffer(t+e),r=this.bits,i=this.colors,n=this.str.getBytes(e);this.eof=!n.length;if(this.eof)return;let s,o=0,c=0,l=0,h=0,u=t;if(1===r&&1===i)for(s=0;s>1;e^=e>>2;e^=e>>4;o=(1&e)<<7;a[u++]=e}else if(8===r){for(s=0;s>8&255;a[u++]=255&e}}else{const e=new Uint8Array(i+1),u=(1<>l-r)&u;l-=r;c=c<=8){a[f++]=c>>h-8&255;h-=8}}h>0&&(a[f++]=(c<<8-h)+(o&(1<<8-h)-1))}this.bufferLength+=e}readBlockPng(){const e=this.rowBytes,t=this.pixBytes,a=this.str.getByte(),r=this.str.getBytes(e);this.eof=!r.length;if(this.eof)return;const i=this.bufferLength,n=this.ensureBuffer(i+e);let s=n.subarray(i-e,i);0===s.length&&(s=new Uint8Array(e));let o,c,l,h=i;switch(a){case 0:for(o=0;o>1)+r[o];for(;o>1)+r[o]&255;h++}break;case 4:for(o=0;o0){const e=this.str.getBytes(r);t.set(e,a);a+=r}}else{r=257-r;t=this.ensureBuffer(a+r+1);t.fill(e[1],a,a+r);a+=r}this.bufferLength=a}}class Parser{constructor({lexer:e,xref:t,allowStreams:a=!1,recoveryMode:r=!1}){this.lexer=e;this.xref=t;this.allowStreams=a;this.recoveryMode=r;this.imageCache=Object.create(null);this._imageId=0;this.refill()}refill(){this.buf1=this.lexer.getObj();this.buf2=this.lexer.getObj()}shift(){if(this.buf2 instanceof Cmd&&"ID"===this.buf2.cmd){this.buf1=this.buf2;this.buf2=null}else{this.buf1=this.buf2;this.buf2=this.lexer.getObj()}}tryShift(){try{this.shift();return!0}catch(e){if(e instanceof MissingDataException)throw e;return!1}}getObj(e=null){const t=this.buf1;this.shift();if(t instanceof Cmd)switch(t.cmd){case"BI":return this.makeInlineImage(e);case"[":const a=[];for(;!isCmd(this.buf1,"]")&&this.buf1!==wa;)a.push(this.getObj(e));if(this.buf1===wa){if(this.recoveryMode)return a;throw new ParserEOFException("End of file inside array.")}this.shift();return a;case"<<":const r=new Dict(this.xref);for(;!isCmd(this.buf1,">>")&&this.buf1!==wa;){if(!(this.buf1 instanceof Name)){info("Malformed dictionary: key must be a name object");this.shift();continue}const t=this.buf1.name;this.shift();if(this.buf1===wa)break;r.set(t,this.getObj(e))}if(this.buf1===wa){if(this.recoveryMode)return r;throw new ParserEOFException("End of file inside dictionary.")}if(isCmd(this.buf2,"stream"))return this.allowStreams?this.makeStream(r,e):r;this.shift();return r;default:return t}if(Number.isInteger(t)){if(Number.isInteger(this.buf1)&&isCmd(this.buf2,"R")){const e=Ref.get(t,this.buf1);this.shift();this.shift();return e}return t}return"string"==typeof t&&e?e.decryptString(t):t}findDefaultInlineStreamEnd(e){const{knownCommands:t}=this.lexer,a=e.pos;let r,i,n=0;for(;-1!==(r=e.getByte());)if(0===n)n=69===r?1:0;else if(1===n)n=73===r?2:0;else if(32===r||10===r||13===r){i=e.pos;const a=e.peekBytes(15),s=a.length;if(0===s)break;for(let e=0;e127))){n=0;break}}if(2!==n)continue;if(!t){warn("findDefaultInlineStreamEnd - `lexer.knownCommands` is undefined.");continue}const o=new Lexer(new Stream(e.peekBytes(75)),t);o._hexStringWarn=()=>{};let c=0;for(;;){const e=o.getObj();if(e===wa){n=0;break}if(e instanceof Cmd){const a=t[e.cmd];if(!a){n=0;break}if(a.variableArgs?c<=a.numArgs:c===a.numArgs)break;c=0}else c++}if(2===n)break}else n=0;if(-1===r){warn("findDefaultInlineStreamEnd: Reached the end of the stream without finding a valid EI marker");if(i){warn('... trying to recover by using the last "EI" occurrence.');e.skip(-(e.pos-i))}}let s=4;e.skip(-s);r=e.peekByte();e.skip(s);isWhiteSpace(r)||s--;return e.pos-s-a}findDCTDecodeInlineStreamEnd(e){const t=e.pos;let a,r,i=!1;for(;-1!==(a=e.getByte());)if(255===a){switch(e.getByte()){case 0:break;case 255:e.skip(-1);break;case 217:i=!0;break;case 192:case 193:case 194:case 195:case 197:case 198:case 199:case 201:case 202:case 203:case 205:case 206:case 207:case 196:case 204:case 218:case 219:case 220:case 221:case 222:case 223:case 224:case 225:case 226:case 227:case 228:case 229:case 230:case 231:case 232:case 233:case 234:case 235:case 236:case 237:case 238:case 239:case 254:r=e.getUint16();r>2?e.skip(r-2):e.skip(-2)}if(i)break}const n=e.pos-t;if(-1===a){warn("Inline DCTDecode image stream: EOI marker not found, searching for /EI/ instead.");e.skip(-n);return this.findDefaultInlineStreamEnd(e)}this.inlineStreamSkipEI(e);return n}findASCII85DecodeInlineStreamEnd(e){const t=e.pos;let a;for(;-1!==(a=e.getByte());)if(126===a){const t=e.pos;a=e.peekByte();for(;isWhiteSpace(a);){e.skip();a=e.peekByte()}if(62===a){e.skip();break}if(e.pos>t){const t=e.peekBytes(2);if(69===t[0]&&73===t[1])break}}const r=e.pos-t;if(-1===a){warn("Inline ASCII85Decode image stream: EOD marker not found, searching for /EI/ instead.");e.skip(-r);return this.findDefaultInlineStreamEnd(e)}this.inlineStreamSkipEI(e);return r}findASCIIHexDecodeInlineStreamEnd(e){const t=e.pos;let a;for(;-1!==(a=e.getByte())&&62!==a;);const r=e.pos-t;if(-1===a){warn("Inline ASCIIHexDecode image stream: EOD marker not found, searching for /EI/ instead.");e.skip(-r);return this.findDefaultInlineStreamEnd(e)}this.inlineStreamSkipEI(e);return r}inlineStreamSkipEI(e){let t,a=0;for(;-1!==(t=e.getByte());)if(0===a)a=69===t?1:0;else if(1===a)a=73===t?2:0;else if(2===a)break}makeInlineImage(e){const t=this.lexer,a=t.stream,r=Object.create(null);let i;for(;!isCmd(this.buf1,"ID")&&this.buf1!==wa;){if(!(this.buf1 instanceof Name))throw new FormatError("Dictionary key must be a name object");const t=this.buf1.name;this.shift();if(this.buf1===wa)break;r[t]=this.getObj(e)}-1!==t.beginInlineImagePos&&(i=a.pos-t.beginInlineImagePos);const n=this.xref.fetchIfRef(r.F||r.Filter);let s;if(n instanceof Name)s=n.name;else if(Array.isArray(n)){const e=this.xref.fetchIfRef(n[0]);e instanceof Name&&(s=e.name)}const o=a.pos;let c,l;switch(s){case"DCT":case"DCTDecode":c=this.findDCTDecodeInlineStreamEnd(a);break;case"A85":case"ASCII85Decode":c=this.findASCII85DecodeInlineStreamEnd(a);break;case"AHx":case"ASCIIHexDecode":c=this.findASCIIHexDecodeInlineStreamEnd(a);break;default:c=this.findDefaultInlineStreamEnd(a)}if(c<1e3&&i>0){const e=a.pos;a.pos=t.beginInlineImagePos;l=function getInlineImageCacheKey(e){const t=[],a=e.length;let r=0;for(;r=r){let r=!1;for(const e of i){const t=e.length;let i=0;for(;i=n){r=!0;break}if(i>=t){if(isWhiteSpace(s[c+o+i])){info(`Found "${bytesToString([...a,...e])}" when searching for endstream command.`);r=!0}break}}if(r){t.pos+=c;return t.pos-e}}c++}t.pos+=o}return-1}makeStream(e,t){const a=this.lexer;let r=a.stream;a.skipToNextLine();const i=r.pos-1;let n=e.get("Length");if(!Number.isInteger(n)){info(`Bad length "${n&&n.toString()}" in stream.`);n=0}r.pos=i+n;a.nextChar();if(this.tryShift()&&isCmd(this.buf2,"endstream"))this.shift();else{n=this.#q(i);if(n<0)throw new FormatError("Missing endstream command.");a.nextChar();this.shift();this.shift()}this.shift();r=r.makeSubStream(i,n,e);t&&(r=t.createStream(r,n));r=this.filter(r,e,n);r.dict=e;return r}filter(e,t,a){let r=t.get("F","Filter"),i=t.get("DP","DecodeParms");if(r instanceof Name){Array.isArray(i)&&warn("/DecodeParms should not be an Array, when /Filter is a Name.");return this.makeFilter(e,r.name,a,i)}let n=a;if(Array.isArray(r)){const t=r,a=i;for(let s=0,o=t.length;s=48&&e<=57?15&e:e>=65&&e<=70||e>=97&&e<=102?9+(15&e):-1}class Lexer{constructor(e,t=null){this.stream=e;this.nextChar();this.strBuf=[];this.knownCommands=t;this._hexStringNumWarn=0;this.beginInlineImagePos=-1}nextChar(){return this.currentChar=this.stream.getByte()}peekChar(){return this.stream.peekByte()}getNumber(){let e=this.currentChar,t=!1,a=0,r=1;if(45===e){r=-1;e=this.nextChar();45===e&&(e=this.nextChar())}else 43===e&&(e=this.nextChar());if(10===e||13===e)do{e=this.nextChar()}while(10===e||13===e);if(46===e){a=10;e=this.nextChar()}if(e<48||e>57){const t=`Invalid number: ${String.fromCharCode(e)} (charCode ${e})`;if(isWhiteSpace(e)||40===e||60===e||-1===e){info(`Lexer.getNumber - "${t}".`);return 0}throw new FormatError(t)}let i=e-48,n=0,s=1;for(;(e=this.nextChar())>=0;)if(e>=48&&e<=57){const r=e-48;if(t)n=10*n+r;else{0!==a&&(a*=10);i=10*i+r}}else if(46===e){if(0!==a)break;a=1}else if(45===e)warn("Badly formatted number: minus sign in the middle");else{if(69!==e&&101!==e)break;e=this.peekChar();if(43===e||45===e){s=45===e?-1:1;this.nextChar()}else if(e<48||e>57)break;t=!0}0!==a&&(i/=a);t&&(i*=10**(s*n));return r*i}getString(){let e=1,t=!1;const a=this.strBuf;a.length=0;let r=this.nextChar();for(;;){let i=!1;switch(0|r){case-1:warn("Unterminated string");t=!0;break;case 40:++e;a.push("(");break;case 41:if(0==--e){this.nextChar();t=!0}else a.push(")");break;case 92:r=this.nextChar();switch(r){case-1:warn("Unterminated string");t=!0;break;case 110:a.push("\n");break;case 114:a.push("\r");break;case 116:a.push("\t");break;case 98:a.push("\b");break;case 102:a.push("\f");break;case 92:case 40:case 41:a.push(String.fromCharCode(r));break;case 48:case 49:case 50:case 51:case 52:case 53:case 54:case 55:let e=15&r;r=this.nextChar();i=!0;if(r>=48&&r<=55){e=(e<<3)+(15&r);r=this.nextChar();if(r>=48&&r<=55){i=!1;e=(e<<3)+(15&r)}}a.push(String.fromCharCode(e));break;case 13:10===this.peekChar()&&this.nextChar();break;case 10:break;default:a.push(String.fromCharCode(r))}break;default:a.push(String.fromCharCode(r))}if(t)break;i||(r=this.nextChar())}return a.join("")}getName(){let e,t;const a=this.strBuf;a.length=0;for(;(e=this.nextChar())>=0&&!mr[e];)if(35===e){e=this.nextChar();if(mr[e]){warn("Lexer_getName: NUMBER SIGN (#) should be followed by a hexadecimal number.");a.push("#");break}const r=toHexDigit(e);if(-1!==r){t=e;e=this.nextChar();const i=toHexDigit(e);if(-1===i){warn(`Lexer_getName: Illegal digit (${String.fromCharCode(e)}) in hexadecimal number.`);a.push("#",String.fromCharCode(t));if(mr[e])break;a.push(String.fromCharCode(e));continue}a.push(String.fromCharCode(r<<4|i))}else a.push("#",String.fromCharCode(e))}else a.push(String.fromCharCode(e));a.length>127&&warn(`Name token is longer than allowed by the spec: ${a.length}`);return Name.get(a.join(""))}_hexStringWarn(e){5!=this._hexStringNumWarn++?this._hexStringNumWarn>5||warn(`getHexString - ignoring invalid character: ${e}`):warn("getHexString - ignoring additional invalid characters.")}getHexString(){const e=this.strBuf;e.length=0;let t=this.currentChar,a=-1,r=-1;this._hexStringNumWarn=0;for(;;){if(t<0){warn("Unterminated hex string");break}if(62===t){this.nextChar();break}if(1!==mr[t]){r=toHexDigit(t);if(-1===r)this._hexStringWarn(t);else if(-1===a)a=r;else{e.push(String.fromCharCode(a<<4|r));a=-1}t=this.nextChar()}else t=this.nextChar()}-1!==a&&e.push(String.fromCharCode(a<<4));return e.join("")}getObj(){let e=!1,t=this.currentChar;for(;;){if(t<0)return wa;if(e)10!==t&&13!==t||(e=!1);else if(37===t)e=!0;else if(1!==mr[t])break;t=this.nextChar()}switch(0|t){case 48:case 49:case 50:case 51:case 52:case 53:case 54:case 55:case 56:case 57:case 43:case 45:case 46:return this.getNumber();case 40:return this.getString();case 47:return this.getName();case 91:this.nextChar();return Cmd.get("[");case 93:this.nextChar();return Cmd.get("]");case 60:t=this.nextChar();if(60===t){this.nextChar();return Cmd.get("<<")}return this.getHexString();case 62:t=this.nextChar();if(62===t){this.nextChar();return Cmd.get(">>")}return Cmd.get(">");case 123:this.nextChar();return Cmd.get("{");case 125:this.nextChar();return Cmd.get("}");case 41:this.nextChar();throw new FormatError(`Illegal character: ${t}`)}let a=String.fromCharCode(t);if(t<32||t>127){const e=this.peekChar();if(e>=32&&e<=127){this.nextChar();return Cmd.get(a)}}const r=this.knownCommands;let i=void 0!==r?.[a];for(;(t=this.nextChar())>=0&&!mr[t];){const e=a+String.fromCharCode(t);if(i&&void 0===r[e])break;if(128===a.length)throw new FormatError(`Command token too long: ${a.length}`);a=e;i=void 0!==r?.[a]}if("true"===a)return!0;if("false"===a)return!1;if("null"===a)return null;"BI"===a&&(this.beginInlineImagePos=this.stream.pos);return Cmd.get(a)}skipToNextLine(){let e=this.currentChar;for(;e>=0;){if(13===e){e=this.nextChar();10===e&&this.nextChar();break}if(10===e){this.nextChar();break}e=this.nextChar()}}}class Linearization{static create(e){function getInt(e,t,a=!1){const r=e.get(t);if(Number.isInteger(r)&&(a?r>=0:r>0))return r;throw new Error(`The "${t}" parameter in the linearization dictionary is invalid.`)}const t=new Parser({lexer:new Lexer(e),xref:null}),a=t.getObj(),r=t.getObj(),i=t.getObj(),n=t.getObj();let s,o;if(!(Number.isInteger(a)&&Number.isInteger(r)&&isCmd(i,"obj")&&n instanceof Dict&&"number"==typeof(s=n.get("Linearized"))&&s>0))return null;if((o=getInt(n,"L"))!==e.length)throw new Error('The "L" parameter in the linearization dictionary does not equal the stream length.');return{length:o,hints:function getHints(e){const t=e.get("H");let a;if(Array.isArray(t)&&(2===(a=t.length)||4===a)){for(let e=0;e0))throw new Error(`Hint (${e}) in the linearization dictionary is invalid.`)}return t}throw new Error("Hint array in the linearization dictionary is invalid.")}(n),objectNumberFirst:getInt(n,"O"),endFirst:getInt(n,"E"),numPages:getInt(n,"N"),mainXRefEntriesOffset:getInt(n,"T"),pageFirst:n.has("P")?getInt(n,"P",!0):0}}}const br=["Adobe-GB1-UCS2","Adobe-CNS1-UCS2","Adobe-Japan1-UCS2","Adobe-Korea1-UCS2","78-EUC-H","78-EUC-V","78-H","78-RKSJ-H","78-RKSJ-V","78-V","78ms-RKSJ-H","78ms-RKSJ-V","83pv-RKSJ-H","90ms-RKSJ-H","90ms-RKSJ-V","90msp-RKSJ-H","90msp-RKSJ-V","90pv-RKSJ-H","90pv-RKSJ-V","Add-H","Add-RKSJ-H","Add-RKSJ-V","Add-V","Adobe-CNS1-0","Adobe-CNS1-1","Adobe-CNS1-2","Adobe-CNS1-3","Adobe-CNS1-4","Adobe-CNS1-5","Adobe-CNS1-6","Adobe-GB1-0","Adobe-GB1-1","Adobe-GB1-2","Adobe-GB1-3","Adobe-GB1-4","Adobe-GB1-5","Adobe-Japan1-0","Adobe-Japan1-1","Adobe-Japan1-2","Adobe-Japan1-3","Adobe-Japan1-4","Adobe-Japan1-5","Adobe-Japan1-6","Adobe-Korea1-0","Adobe-Korea1-1","Adobe-Korea1-2","B5-H","B5-V","B5pc-H","B5pc-V","CNS-EUC-H","CNS-EUC-V","CNS1-H","CNS1-V","CNS2-H","CNS2-V","ETHK-B5-H","ETHK-B5-V","ETen-B5-H","ETen-B5-V","ETenms-B5-H","ETenms-B5-V","EUC-H","EUC-V","Ext-H","Ext-RKSJ-H","Ext-RKSJ-V","Ext-V","GB-EUC-H","GB-EUC-V","GB-H","GB-V","GBK-EUC-H","GBK-EUC-V","GBK2K-H","GBK2K-V","GBKp-EUC-H","GBKp-EUC-V","GBT-EUC-H","GBT-EUC-V","GBT-H","GBT-V","GBTpc-EUC-H","GBTpc-EUC-V","GBpc-EUC-H","GBpc-EUC-V","H","HKdla-B5-H","HKdla-B5-V","HKdlb-B5-H","HKdlb-B5-V","HKgccs-B5-H","HKgccs-B5-V","HKm314-B5-H","HKm314-B5-V","HKm471-B5-H","HKm471-B5-V","HKscs-B5-H","HKscs-B5-V","Hankaku","Hiragana","KSC-EUC-H","KSC-EUC-V","KSC-H","KSC-Johab-H","KSC-Johab-V","KSC-V","KSCms-UHC-H","KSCms-UHC-HW-H","KSCms-UHC-HW-V","KSCms-UHC-V","KSCpc-EUC-H","KSCpc-EUC-V","Katakana","NWP-H","NWP-V","RKSJ-H","RKSJ-V","Roman","UniCNS-UCS2-H","UniCNS-UCS2-V","UniCNS-UTF16-H","UniCNS-UTF16-V","UniCNS-UTF32-H","UniCNS-UTF32-V","UniCNS-UTF8-H","UniCNS-UTF8-V","UniGB-UCS2-H","UniGB-UCS2-V","UniGB-UTF16-H","UniGB-UTF16-V","UniGB-UTF32-H","UniGB-UTF32-V","UniGB-UTF8-H","UniGB-UTF8-V","UniJIS-UCS2-H","UniJIS-UCS2-HW-H","UniJIS-UCS2-HW-V","UniJIS-UCS2-V","UniJIS-UTF16-H","UniJIS-UTF16-V","UniJIS-UTF32-H","UniJIS-UTF32-V","UniJIS-UTF8-H","UniJIS-UTF8-V","UniJIS2004-UTF16-H","UniJIS2004-UTF16-V","UniJIS2004-UTF32-H","UniJIS2004-UTF32-V","UniJIS2004-UTF8-H","UniJIS2004-UTF8-V","UniJISPro-UCS2-HW-V","UniJISPro-UCS2-V","UniJISPro-UTF8-V","UniJISX0213-UTF32-H","UniJISX0213-UTF32-V","UniJISX02132004-UTF32-H","UniJISX02132004-UTF32-V","UniKS-UCS2-H","UniKS-UCS2-V","UniKS-UTF16-H","UniKS-UTF16-V","UniKS-UTF32-H","UniKS-UTF32-V","UniKS-UTF8-H","UniKS-UTF8-V","V","WP-Symbol"],yr=2**24-1;class CMap{constructor(e=!1){this.codespaceRanges=[[],[],[],[]];this.numCodespaceRanges=0;this._map=[];this.name="";this.vertical=!1;this.useCMap=null;this.builtInCMap=e}addCodespaceRange(e,t,a){this.codespaceRanges[e-1].push(t,a);this.numCodespaceRanges++}mapCidRange(e,t,a){if(t-e>yr)throw new Error("mapCidRange - ignoring data above MAX_MAP_RANGE.");for(;e<=t;)this._map[e++]=a++}mapBfRange(e,t,a){if(t-e>yr)throw new Error("mapBfRange - ignoring data above MAX_MAP_RANGE.");const r=a.length-1;for(;e<=t;){this._map[e++]=a;const t=a.charCodeAt(r)+1;t>255?a=a.substring(0,r-1)+String.fromCharCode(a.charCodeAt(r-1)+1)+"\0":a=a.substring(0,r)+String.fromCharCode(t)}}mapBfRangeToArray(e,t,a){if(t-e>yr)throw new Error("mapBfRangeToArray - ignoring data above MAX_MAP_RANGE.");const r=a.length;let i=0;for(;e<=t&&i>>0;const s=i[n];for(let e=0,t=s.length;e=t&&r<=i){a.charcode=r;a.length=n+1;return}}}a.charcode=0;a.length=1}getCharCodeLength(e){const t=this.codespaceRanges;for(let a=0,r=t.length;a=i&&e<=n)return a+1}}return 1}get length(){return this._map.length}get isIdentityCMap(){if("Identity-H"!==this.name&&"Identity-V"!==this.name)return!1;if(65536!==this._map.length)return!1;for(let e=0;e<65536;e++)if(this._map[e]!==e)return!1;return!0}}class IdentityCMap extends CMap{constructor(e,t){super();this.vertical=e;this.addCodespaceRange(t,0,65535)}mapCidRange(e,t,a){unreachable("should not call mapCidRange")}mapBfRange(e,t,a){unreachable("should not call mapBfRange")}mapBfRangeToArray(e,t,a){unreachable("should not call mapBfRangeToArray")}mapOne(e,t){unreachable("should not call mapCidOne")}lookup(e){return Number.isInteger(e)&&e<=65535?e:void 0}contains(e){return Number.isInteger(e)&&e<=65535}forEach(e){for(let t=0;t<=65535;t++)e(t,t)}charCodeOf(e){return Number.isInteger(e)&&e<=65535?e:-1}getMap(){const e=new Array(65536);for(let t=0;t<=65535;t++)e[t]=t;return e}get length(){return 65536}get isIdentityCMap(){unreachable("should not access .isIdentityCMap")}}function strToInt(e){let t=0;for(let a=0;a>>0}function expectString(e){if("string"!=typeof e)throw new FormatError("Malformed CMap: expected string.")}function expectInt(e){if(!Number.isInteger(e))throw new FormatError("Malformed CMap: expected int.")}function parseBfChar(e,t){for(;;){let a=t.getObj();if(a===wa)break;if(isCmd(a,"endbfchar"))return;expectString(a);const r=strToInt(a);a=t.getObj();expectString(a);const i=a;e.mapOne(r,i)}}function parseBfRange(e,t){for(;;){let a=t.getObj();if(a===wa)break;if(isCmd(a,"endbfrange"))return;expectString(a);const r=strToInt(a);a=t.getObj();expectString(a);const i=strToInt(a);a=t.getObj();if(Number.isInteger(a)||"string"==typeof a){const t=Number.isInteger(a)?String.fromCharCode(a):a;e.mapBfRange(r,i,t)}else{if(!isCmd(a,"["))break;{a=t.getObj();const n=[];for(;!isCmd(a,"]")&&a!==wa;){n.push(a);a=t.getObj()}e.mapBfRangeToArray(r,i,n)}}}throw new FormatError("Invalid bf range.")}function parseCidChar(e,t){for(;;){let a=t.getObj();if(a===wa)break;if(isCmd(a,"endcidchar"))return;expectString(a);const r=strToInt(a);a=t.getObj();expectInt(a);const i=a;e.mapOne(r,i)}}function parseCidRange(e,t){for(;;){let a=t.getObj();if(a===wa)break;if(isCmd(a,"endcidrange"))return;expectString(a);const r=strToInt(a);a=t.getObj();expectString(a);const i=strToInt(a);a=t.getObj();expectInt(a);const n=a;e.mapCidRange(r,i,n)}}function parseCodespaceRange(e,t){for(;;){let a=t.getObj();if(a===wa)break;if(isCmd(a,"endcodespacerange"))return;if("string"!=typeof a)break;const r=strToInt(a);a=t.getObj();if("string"!=typeof a)break;const i=strToInt(a);e.addCodespaceRange(a.length,r,i)}throw new FormatError("Invalid codespace range.")}function parseWMode(e,t){const a=t.getObj();Number.isInteger(a)&&(e.vertical=!!a)}function parseCMapName(e,t){const a=t.getObj();a instanceof Name&&(e.name=a.name)}async function parseCMap(e,t,a,r){let i,n;e:for(;;)try{const a=t.getObj();if(a===wa)break;if(a instanceof Name){"WMode"===a.name?parseWMode(e,t):"CMapName"===a.name&&parseCMapName(e,t);i=a}else if(a instanceof Cmd)switch(a.cmd){case"endcmap":break e;case"usecmap":i instanceof Name&&(n=i.name);break;case"begincodespacerange":parseCodespaceRange(e,t);break;case"beginbfchar":parseBfChar(e,t);break;case"begincidchar":parseCidChar(e,t);break;case"beginbfrange":parseBfRange(e,t);break;case"begincidrange":parseCidRange(e,t)}}catch(e){if(e instanceof MissingDataException)throw e;warn("Invalid cMap data: "+e);continue}!r&&n&&(r=n);return r?extendCMap(e,a,r):e}async function extendCMap(e,t,a){e.useCMap=await createBuiltInCMap(a,t);if(0===e.numCodespaceRanges){const t=e.useCMap.codespaceRanges;for(let a=0;aextendCMap(i,t,e)));const n=new Lexer(new Stream(a));return parseCMap(i,n,t,null)}class CMapFactory{static async create({encoding:e,fetchBuiltInCMap:t,useCMap:a}){if(e instanceof Name)return createBuiltInCMap(e.name,t);if(e instanceof BaseStream){const r=await parseCMap(new CMap,new Lexer(e),t,a);return r.isIdentityCMap?createBuiltInCMap(r.name,t):r}throw new Error("Encoding required.")}}const wr=["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","space","exclamsmall","Hungarumlautsmall","","dollaroldstyle","dollarsuperior","ampersandsmall","Acutesmall","parenleftsuperior","parenrightsuperior","twodotenleader","onedotenleader","comma","hyphen","period","fraction","zerooldstyle","oneoldstyle","twooldstyle","threeoldstyle","fouroldstyle","fiveoldstyle","sixoldstyle","sevenoldstyle","eightoldstyle","nineoldstyle","colon","semicolon","commasuperior","threequartersemdash","periodsuperior","questionsmall","","asuperior","bsuperior","centsuperior","dsuperior","esuperior","","","","isuperior","","","lsuperior","msuperior","nsuperior","osuperior","","","rsuperior","ssuperior","tsuperior","","ff","fi","fl","ffi","ffl","parenleftinferior","","parenrightinferior","Circumflexsmall","hyphensuperior","Gravesmall","Asmall","Bsmall","Csmall","Dsmall","Esmall","Fsmall","Gsmall","Hsmall","Ismall","Jsmall","Ksmall","Lsmall","Msmall","Nsmall","Osmall","Psmall","Qsmall","Rsmall","Ssmall","Tsmall","Usmall","Vsmall","Wsmall","Xsmall","Ysmall","Zsmall","colonmonetary","onefitted","rupiah","Tildesmall","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","exclamdownsmall","centoldstyle","Lslashsmall","","","Scaronsmall","Zcaronsmall","Dieresissmall","Brevesmall","Caronsmall","","Dotaccentsmall","","","Macronsmall","","","figuredash","hypheninferior","","","Ogoneksmall","Ringsmall","Cedillasmall","","","","onequarter","onehalf","threequarters","questiondownsmall","oneeighth","threeeighths","fiveeighths","seveneighths","onethird","twothirds","","","zerosuperior","onesuperior","twosuperior","threesuperior","foursuperior","fivesuperior","sixsuperior","sevensuperior","eightsuperior","ninesuperior","zeroinferior","oneinferior","twoinferior","threeinferior","fourinferior","fiveinferior","sixinferior","seveninferior","eightinferior","nineinferior","centinferior","dollarinferior","periodinferior","commainferior","Agravesmall","Aacutesmall","Acircumflexsmall","Atildesmall","Adieresissmall","Aringsmall","AEsmall","Ccedillasmall","Egravesmall","Eacutesmall","Ecircumflexsmall","Edieresissmall","Igravesmall","Iacutesmall","Icircumflexsmall","Idieresissmall","Ethsmall","Ntildesmall","Ogravesmall","Oacutesmall","Ocircumflexsmall","Otildesmall","Odieresissmall","OEsmall","Oslashsmall","Ugravesmall","Uacutesmall","Ucircumflexsmall","Udieresissmall","Yacutesmall","Thornsmall","Ydieresissmall"],xr=["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","space","exclamsmall","Hungarumlautsmall","centoldstyle","dollaroldstyle","dollarsuperior","ampersandsmall","Acutesmall","parenleftsuperior","parenrightsuperior","twodotenleader","onedotenleader","comma","hyphen","period","fraction","zerooldstyle","oneoldstyle","twooldstyle","threeoldstyle","fouroldstyle","fiveoldstyle","sixoldstyle","sevenoldstyle","eightoldstyle","nineoldstyle","colon","semicolon","","threequartersemdash","","questionsmall","","","","","Ethsmall","","","onequarter","onehalf","threequarters","oneeighth","threeeighths","fiveeighths","seveneighths","onethird","twothirds","","","","","","","ff","fi","fl","ffi","ffl","parenleftinferior","","parenrightinferior","Circumflexsmall","hypheninferior","Gravesmall","Asmall","Bsmall","Csmall","Dsmall","Esmall","Fsmall","Gsmall","Hsmall","Ismall","Jsmall","Ksmall","Lsmall","Msmall","Nsmall","Osmall","Psmall","Qsmall","Rsmall","Ssmall","Tsmall","Usmall","Vsmall","Wsmall","Xsmall","Ysmall","Zsmall","colonmonetary","onefitted","rupiah","Tildesmall","","","asuperior","centsuperior","","","","","Aacutesmall","Agravesmall","Acircumflexsmall","Adieresissmall","Atildesmall","Aringsmall","Ccedillasmall","Eacutesmall","Egravesmall","Ecircumflexsmall","Edieresissmall","Iacutesmall","Igravesmall","Icircumflexsmall","Idieresissmall","Ntildesmall","Oacutesmall","Ogravesmall","Ocircumflexsmall","Odieresissmall","Otildesmall","Uacutesmall","Ugravesmall","Ucircumflexsmall","Udieresissmall","","eightsuperior","fourinferior","threeinferior","sixinferior","eightinferior","seveninferior","Scaronsmall","","centinferior","twoinferior","","Dieresissmall","","Caronsmall","osuperior","fiveinferior","","commainferior","periodinferior","Yacutesmall","","dollarinferior","","","Thornsmall","","nineinferior","zeroinferior","Zcaronsmall","AEsmall","Oslashsmall","questiondownsmall","oneinferior","Lslashsmall","","","","","","","Cedillasmall","","","","","","OEsmall","figuredash","hyphensuperior","","","","","exclamdownsmall","","Ydieresissmall","","onesuperior","twosuperior","threesuperior","foursuperior","fivesuperior","sixsuperior","sevensuperior","ninesuperior","zerosuperior","","esuperior","rsuperior","tsuperior","","","isuperior","ssuperior","dsuperior","","","","","","lsuperior","Ogoneksmall","Brevesmall","Macronsmall","bsuperior","nsuperior","msuperior","commasuperior","periodsuperior","Dotaccentsmall","Ringsmall","","","",""],Sr=["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","space","exclam","quotedbl","numbersign","dollar","percent","ampersand","quotesingle","parenleft","parenright","asterisk","plus","comma","hyphen","period","slash","zero","one","two","three","four","five","six","seven","eight","nine","colon","semicolon","less","equal","greater","question","at","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","bracketleft","backslash","bracketright","asciicircum","underscore","grave","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","braceleft","bar","braceright","asciitilde","","Adieresis","Aring","Ccedilla","Eacute","Ntilde","Odieresis","Udieresis","aacute","agrave","acircumflex","adieresis","atilde","aring","ccedilla","eacute","egrave","ecircumflex","edieresis","iacute","igrave","icircumflex","idieresis","ntilde","oacute","ograve","ocircumflex","odieresis","otilde","uacute","ugrave","ucircumflex","udieresis","dagger","degree","cent","sterling","section","bullet","paragraph","germandbls","registered","copyright","trademark","acute","dieresis","notequal","AE","Oslash","infinity","plusminus","lessequal","greaterequal","yen","mu","partialdiff","summation","product","pi","integral","ordfeminine","ordmasculine","Omega","ae","oslash","questiondown","exclamdown","logicalnot","radical","florin","approxequal","Delta","guillemotleft","guillemotright","ellipsis","space","Agrave","Atilde","Otilde","OE","oe","endash","emdash","quotedblleft","quotedblright","quoteleft","quoteright","divide","lozenge","ydieresis","Ydieresis","fraction","currency","guilsinglleft","guilsinglright","fi","fl","daggerdbl","periodcentered","quotesinglbase","quotedblbase","perthousand","Acircumflex","Ecircumflex","Aacute","Edieresis","Egrave","Iacute","Icircumflex","Idieresis","Igrave","Oacute","Ocircumflex","apple","Ograve","Uacute","Ucircumflex","Ugrave","dotlessi","circumflex","tilde","macron","breve","dotaccent","ring","cedilla","hungarumlaut","ogonek","caron"],kr=["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","space","exclam","quotedbl","numbersign","dollar","percent","ampersand","quoteright","parenleft","parenright","asterisk","plus","comma","hyphen","period","slash","zero","one","two","three","four","five","six","seven","eight","nine","colon","semicolon","less","equal","greater","question","at","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","bracketleft","backslash","bracketright","asciicircum","underscore","quoteleft","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","braceleft","bar","braceright","asciitilde","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","exclamdown","cent","sterling","fraction","yen","florin","section","currency","quotesingle","quotedblleft","guillemotleft","guilsinglleft","guilsinglright","fi","fl","","endash","dagger","daggerdbl","periodcentered","","paragraph","bullet","quotesinglbase","quotedblbase","quotedblright","guillemotright","ellipsis","perthousand","","questiondown","","grave","acute","circumflex","tilde","macron","breve","dotaccent","dieresis","","ring","cedilla","","hungarumlaut","ogonek","caron","emdash","","","","","","","","","","","","","","","","","AE","","ordfeminine","","","","","Lslash","Oslash","OE","ordmasculine","","","","","","ae","","","","dotlessi","","","lslash","oslash","oe","germandbls","","","",""],Ar=["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","space","exclam","quotedbl","numbersign","dollar","percent","ampersand","quotesingle","parenleft","parenright","asterisk","plus","comma","hyphen","period","slash","zero","one","two","three","four","five","six","seven","eight","nine","colon","semicolon","less","equal","greater","question","at","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","bracketleft","backslash","bracketright","asciicircum","underscore","grave","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","braceleft","bar","braceright","asciitilde","bullet","Euro","bullet","quotesinglbase","florin","quotedblbase","ellipsis","dagger","daggerdbl","circumflex","perthousand","Scaron","guilsinglleft","OE","bullet","Zcaron","bullet","bullet","quoteleft","quoteright","quotedblleft","quotedblright","bullet","endash","emdash","tilde","trademark","scaron","guilsinglright","oe","bullet","zcaron","Ydieresis","space","exclamdown","cent","sterling","currency","yen","brokenbar","section","dieresis","copyright","ordfeminine","guillemotleft","logicalnot","hyphen","registered","macron","degree","plusminus","twosuperior","threesuperior","acute","mu","paragraph","periodcentered","cedilla","onesuperior","ordmasculine","guillemotright","onequarter","onehalf","threequarters","questiondown","Agrave","Aacute","Acircumflex","Atilde","Adieresis","Aring","AE","Ccedilla","Egrave","Eacute","Ecircumflex","Edieresis","Igrave","Iacute","Icircumflex","Idieresis","Eth","Ntilde","Ograve","Oacute","Ocircumflex","Otilde","Odieresis","multiply","Oslash","Ugrave","Uacute","Ucircumflex","Udieresis","Yacute","Thorn","germandbls","agrave","aacute","acircumflex","atilde","adieresis","aring","ae","ccedilla","egrave","eacute","ecircumflex","edieresis","igrave","iacute","icircumflex","idieresis","eth","ntilde","ograve","oacute","ocircumflex","otilde","odieresis","divide","oslash","ugrave","uacute","ucircumflex","udieresis","yacute","thorn","ydieresis"],Cr=["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","space","exclam","universal","numbersign","existential","percent","ampersand","suchthat","parenleft","parenright","asteriskmath","plus","comma","minus","period","slash","zero","one","two","three","four","five","six","seven","eight","nine","colon","semicolon","less","equal","greater","question","congruent","Alpha","Beta","Chi","Delta","Epsilon","Phi","Gamma","Eta","Iota","theta1","Kappa","Lambda","Mu","Nu","Omicron","Pi","Theta","Rho","Sigma","Tau","Upsilon","sigma1","Omega","Xi","Psi","Zeta","bracketleft","therefore","bracketright","perpendicular","underscore","radicalex","alpha","beta","chi","delta","epsilon","phi","gamma","eta","iota","phi1","kappa","lambda","mu","nu","omicron","pi","theta","rho","sigma","tau","upsilon","omega1","omega","xi","psi","zeta","braceleft","bar","braceright","similar","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","Euro","Upsilon1","minute","lessequal","fraction","infinity","florin","club","diamond","heart","spade","arrowboth","arrowleft","arrowup","arrowright","arrowdown","degree","plusminus","second","greaterequal","multiply","proportional","partialdiff","bullet","divide","notequal","equivalence","approxequal","ellipsis","arrowvertex","arrowhorizex","carriagereturn","aleph","Ifraktur","Rfraktur","weierstrass","circlemultiply","circleplus","emptyset","intersection","union","propersuperset","reflexsuperset","notsubset","propersubset","reflexsubset","element","notelement","angle","gradient","registerserif","copyrightserif","trademarkserif","product","radical","dotmath","logicalnot","logicaland","logicalor","arrowdblboth","arrowdblleft","arrowdblup","arrowdblright","arrowdbldown","lozenge","angleleft","registersans","copyrightsans","trademarksans","summation","parenlefttp","parenleftex","parenleftbt","bracketlefttp","bracketleftex","bracketleftbt","bracelefttp","braceleftmid","braceleftbt","braceex","","angleright","integral","integraltp","integralex","integralbt","parenrighttp","parenrightex","parenrightbt","bracketrighttp","bracketrightex","bracketrightbt","bracerighttp","bracerightmid","bracerightbt",""],vr=["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","space","a1","a2","a202","a3","a4","a5","a119","a118","a117","a11","a12","a13","a14","a15","a16","a105","a17","a18","a19","a20","a21","a22","a23","a24","a25","a26","a27","a28","a6","a7","a8","a9","a10","a29","a30","a31","a32","a33","a34","a35","a36","a37","a38","a39","a40","a41","a42","a43","a44","a45","a46","a47","a48","a49","a50","a51","a52","a53","a54","a55","a56","a57","a58","a59","a60","a61","a62","a63","a64","a65","a66","a67","a68","a69","a70","a71","a72","a73","a74","a203","a75","a204","a76","a77","a78","a79","a81","a82","a83","a84","a97","a98","a99","a100","","a89","a90","a93","a94","a91","a92","a205","a85","a206","a86","a87","a88","a95","a96","","","","","","","","","","","","","","","","","","","","a101","a102","a103","a104","a106","a107","a108","a112","a111","a110","a109","a120","a121","a122","a123","a124","a125","a126","a127","a128","a129","a130","a131","a132","a133","a134","a135","a136","a137","a138","a139","a140","a141","a142","a143","a144","a145","a146","a147","a148","a149","a150","a151","a152","a153","a154","a155","a156","a157","a158","a159","a160","a161","a163","a164","a196","a165","a192","a166","a167","a168","a169","a170","a171","a172","a173","a162","a174","a175","a176","a177","a178","a179","a193","a180","a199","a181","a200","a182","","a201","a183","a184","a197","a185","a194","a198","a186","a195","a187","a188","a189","a190","a191",""];function getEncoding(e){switch(e){case"WinAnsiEncoding":return Ar;case"StandardEncoding":return kr;case"MacRomanEncoding":return Sr;case"SymbolSetEncoding":return Cr;case"ZapfDingbatsEncoding":return vr;case"ExpertEncoding":return wr;case"MacExpertEncoding":return xr;default:return null}}const Fr=getLookupTableFactory((function(e){e.A=65;e.AE=198;e.AEacute=508;e.AEmacron=482;e.AEsmall=63462;e.Aacute=193;e.Aacutesmall=63457;e.Abreve=258;e.Abreveacute=7854;e.Abrevecyrillic=1232;e.Abrevedotbelow=7862;e.Abrevegrave=7856;e.Abrevehookabove=7858;e.Abrevetilde=7860;e.Acaron=461;e.Acircle=9398;e.Acircumflex=194;e.Acircumflexacute=7844;e.Acircumflexdotbelow=7852;e.Acircumflexgrave=7846;e.Acircumflexhookabove=7848;e.Acircumflexsmall=63458;e.Acircumflextilde=7850;e.Acute=63177;e.Acutesmall=63412;e.Acyrillic=1040;e.Adblgrave=512;e.Adieresis=196;e.Adieresiscyrillic=1234;e.Adieresismacron=478;e.Adieresissmall=63460;e.Adotbelow=7840;e.Adotmacron=480;e.Agrave=192;e.Agravesmall=63456;e.Ahookabove=7842;e.Aiecyrillic=1236;e.Ainvertedbreve=514;e.Alpha=913;e.Alphatonos=902;e.Amacron=256;e.Amonospace=65313;e.Aogonek=260;e.Aring=197;e.Aringacute=506;e.Aringbelow=7680;e.Aringsmall=63461;e.Asmall=63329;e.Atilde=195;e.Atildesmall=63459;e.Aybarmenian=1329;e.B=66;e.Bcircle=9399;e.Bdotaccent=7682;e.Bdotbelow=7684;e.Becyrillic=1041;e.Benarmenian=1330;e.Beta=914;e.Bhook=385;e.Blinebelow=7686;e.Bmonospace=65314;e.Brevesmall=63220;e.Bsmall=63330;e.Btopbar=386;e.C=67;e.Caarmenian=1342;e.Cacute=262;e.Caron=63178;e.Caronsmall=63221;e.Ccaron=268;e.Ccedilla=199;e.Ccedillaacute=7688;e.Ccedillasmall=63463;e.Ccircle=9400;e.Ccircumflex=264;e.Cdot=266;e.Cdotaccent=266;e.Cedillasmall=63416;e.Chaarmenian=1353;e.Cheabkhasiancyrillic=1212;e.Checyrillic=1063;e.Chedescenderabkhasiancyrillic=1214;e.Chedescendercyrillic=1206;e.Chedieresiscyrillic=1268;e.Cheharmenian=1347;e.Chekhakassiancyrillic=1227;e.Cheverticalstrokecyrillic=1208;e.Chi=935;e.Chook=391;e.Circumflexsmall=63222;e.Cmonospace=65315;e.Coarmenian=1361;e.Csmall=63331;e.D=68;e.DZ=497;e.DZcaron=452;e.Daarmenian=1332;e.Dafrican=393;e.Dcaron=270;e.Dcedilla=7696;e.Dcircle=9401;e.Dcircumflexbelow=7698;e.Dcroat=272;e.Ddotaccent=7690;e.Ddotbelow=7692;e.Decyrillic=1044;e.Deicoptic=1006;e.Delta=8710;e.Deltagreek=916;e.Dhook=394;e.Dieresis=63179;e.DieresisAcute=63180;e.DieresisGrave=63181;e.Dieresissmall=63400;e.Digammagreek=988;e.Djecyrillic=1026;e.Dlinebelow=7694;e.Dmonospace=65316;e.Dotaccentsmall=63223;e.Dslash=272;e.Dsmall=63332;e.Dtopbar=395;e.Dz=498;e.Dzcaron=453;e.Dzeabkhasiancyrillic=1248;e.Dzecyrillic=1029;e.Dzhecyrillic=1039;e.E=69;e.Eacute=201;e.Eacutesmall=63465;e.Ebreve=276;e.Ecaron=282;e.Ecedillabreve=7708;e.Echarmenian=1333;e.Ecircle=9402;e.Ecircumflex=202;e.Ecircumflexacute=7870;e.Ecircumflexbelow=7704;e.Ecircumflexdotbelow=7878;e.Ecircumflexgrave=7872;e.Ecircumflexhookabove=7874;e.Ecircumflexsmall=63466;e.Ecircumflextilde=7876;e.Ecyrillic=1028;e.Edblgrave=516;e.Edieresis=203;e.Edieresissmall=63467;e.Edot=278;e.Edotaccent=278;e.Edotbelow=7864;e.Efcyrillic=1060;e.Egrave=200;e.Egravesmall=63464;e.Eharmenian=1335;e.Ehookabove=7866;e.Eightroman=8551;e.Einvertedbreve=518;e.Eiotifiedcyrillic=1124;e.Elcyrillic=1051;e.Elevenroman=8554;e.Emacron=274;e.Emacronacute=7702;e.Emacrongrave=7700;e.Emcyrillic=1052;e.Emonospace=65317;e.Encyrillic=1053;e.Endescendercyrillic=1186;e.Eng=330;e.Enghecyrillic=1188;e.Enhookcyrillic=1223;e.Eogonek=280;e.Eopen=400;e.Epsilon=917;e.Epsilontonos=904;e.Ercyrillic=1056;e.Ereversed=398;e.Ereversedcyrillic=1069;e.Escyrillic=1057;e.Esdescendercyrillic=1194;e.Esh=425;e.Esmall=63333;e.Eta=919;e.Etarmenian=1336;e.Etatonos=905;e.Eth=208;e.Ethsmall=63472;e.Etilde=7868;e.Etildebelow=7706;e.Euro=8364;e.Ezh=439;e.Ezhcaron=494;e.Ezhreversed=440;e.F=70;e.Fcircle=9403;e.Fdotaccent=7710;e.Feharmenian=1366;e.Feicoptic=996;e.Fhook=401;e.Fitacyrillic=1138;e.Fiveroman=8548;e.Fmonospace=65318;e.Fourroman=8547;e.Fsmall=63334;e.G=71;e.GBsquare=13191;e.Gacute=500;e.Gamma=915;e.Gammaafrican=404;e.Gangiacoptic=1002;e.Gbreve=286;e.Gcaron=486;e.Gcedilla=290;e.Gcircle=9404;e.Gcircumflex=284;e.Gcommaaccent=290;e.Gdot=288;e.Gdotaccent=288;e.Gecyrillic=1043;e.Ghadarmenian=1346;e.Ghemiddlehookcyrillic=1172;e.Ghestrokecyrillic=1170;e.Gheupturncyrillic=1168;e.Ghook=403;e.Gimarmenian=1331;e.Gjecyrillic=1027;e.Gmacron=7712;e.Gmonospace=65319;e.Grave=63182;e.Gravesmall=63328;e.Gsmall=63335;e.Gsmallhook=667;e.Gstroke=484;e.H=72;e.H18533=9679;e.H18543=9642;e.H18551=9643;e.H22073=9633;e.HPsquare=13259;e.Haabkhasiancyrillic=1192;e.Hadescendercyrillic=1202;e.Hardsigncyrillic=1066;e.Hbar=294;e.Hbrevebelow=7722;e.Hcedilla=7720;e.Hcircle=9405;e.Hcircumflex=292;e.Hdieresis=7718;e.Hdotaccent=7714;e.Hdotbelow=7716;e.Hmonospace=65320;e.Hoarmenian=1344;e.Horicoptic=1e3;e.Hsmall=63336;e.Hungarumlaut=63183;e.Hungarumlautsmall=63224;e.Hzsquare=13200;e.I=73;e.IAcyrillic=1071;e.IJ=306;e.IUcyrillic=1070;e.Iacute=205;e.Iacutesmall=63469;e.Ibreve=300;e.Icaron=463;e.Icircle=9406;e.Icircumflex=206;e.Icircumflexsmall=63470;e.Icyrillic=1030;e.Idblgrave=520;e.Idieresis=207;e.Idieresisacute=7726;e.Idieresiscyrillic=1252;e.Idieresissmall=63471;e.Idot=304;e.Idotaccent=304;e.Idotbelow=7882;e.Iebrevecyrillic=1238;e.Iecyrillic=1045;e.Ifraktur=8465;e.Igrave=204;e.Igravesmall=63468;e.Ihookabove=7880;e.Iicyrillic=1048;e.Iinvertedbreve=522;e.Iishortcyrillic=1049;e.Imacron=298;e.Imacroncyrillic=1250;e.Imonospace=65321;e.Iniarmenian=1339;e.Iocyrillic=1025;e.Iogonek=302;e.Iota=921;e.Iotaafrican=406;e.Iotadieresis=938;e.Iotatonos=906;e.Ismall=63337;e.Istroke=407;e.Itilde=296;e.Itildebelow=7724;e.Izhitsacyrillic=1140;e.Izhitsadblgravecyrillic=1142;e.J=74;e.Jaarmenian=1345;e.Jcircle=9407;e.Jcircumflex=308;e.Jecyrillic=1032;e.Jheharmenian=1355;e.Jmonospace=65322;e.Jsmall=63338;e.K=75;e.KBsquare=13189;e.KKsquare=13261;e.Kabashkircyrillic=1184;e.Kacute=7728;e.Kacyrillic=1050;e.Kadescendercyrillic=1178;e.Kahookcyrillic=1219;e.Kappa=922;e.Kastrokecyrillic=1182;e.Kaverticalstrokecyrillic=1180;e.Kcaron=488;e.Kcedilla=310;e.Kcircle=9408;e.Kcommaaccent=310;e.Kdotbelow=7730;e.Keharmenian=1364;e.Kenarmenian=1343;e.Khacyrillic=1061;e.Kheicoptic=998;e.Khook=408;e.Kjecyrillic=1036;e.Klinebelow=7732;e.Kmonospace=65323;e.Koppacyrillic=1152;e.Koppagreek=990;e.Ksicyrillic=1134;e.Ksmall=63339;e.L=76;e.LJ=455;e.LL=63167;e.Lacute=313;e.Lambda=923;e.Lcaron=317;e.Lcedilla=315;e.Lcircle=9409;e.Lcircumflexbelow=7740;e.Lcommaaccent=315;e.Ldot=319;e.Ldotaccent=319;e.Ldotbelow=7734;e.Ldotbelowmacron=7736;e.Liwnarmenian=1340;e.Lj=456;e.Ljecyrillic=1033;e.Llinebelow=7738;e.Lmonospace=65324;e.Lslash=321;e.Lslashsmall=63225;e.Lsmall=63340;e.M=77;e.MBsquare=13190;e.Macron=63184;e.Macronsmall=63407;e.Macute=7742;e.Mcircle=9410;e.Mdotaccent=7744;e.Mdotbelow=7746;e.Menarmenian=1348;e.Mmonospace=65325;e.Msmall=63341;e.Mturned=412;e.Mu=924;e.N=78;e.NJ=458;e.Nacute=323;e.Ncaron=327;e.Ncedilla=325;e.Ncircle=9411;e.Ncircumflexbelow=7754;e.Ncommaaccent=325;e.Ndotaccent=7748;e.Ndotbelow=7750;e.Nhookleft=413;e.Nineroman=8552;e.Nj=459;e.Njecyrillic=1034;e.Nlinebelow=7752;e.Nmonospace=65326;e.Nowarmenian=1350;e.Nsmall=63342;e.Ntilde=209;e.Ntildesmall=63473;e.Nu=925;e.O=79;e.OE=338;e.OEsmall=63226;e.Oacute=211;e.Oacutesmall=63475;e.Obarredcyrillic=1256;e.Obarreddieresiscyrillic=1258;e.Obreve=334;e.Ocaron=465;e.Ocenteredtilde=415;e.Ocircle=9412;e.Ocircumflex=212;e.Ocircumflexacute=7888;e.Ocircumflexdotbelow=7896;e.Ocircumflexgrave=7890;e.Ocircumflexhookabove=7892;e.Ocircumflexsmall=63476;e.Ocircumflextilde=7894;e.Ocyrillic=1054;e.Odblacute=336;e.Odblgrave=524;e.Odieresis=214;e.Odieresiscyrillic=1254;e.Odieresissmall=63478;e.Odotbelow=7884;e.Ogoneksmall=63227;e.Ograve=210;e.Ogravesmall=63474;e.Oharmenian=1365;e.Ohm=8486;e.Ohookabove=7886;e.Ohorn=416;e.Ohornacute=7898;e.Ohorndotbelow=7906;e.Ohorngrave=7900;e.Ohornhookabove=7902;e.Ohorntilde=7904;e.Ohungarumlaut=336;e.Oi=418;e.Oinvertedbreve=526;e.Omacron=332;e.Omacronacute=7762;e.Omacrongrave=7760;e.Omega=8486;e.Omegacyrillic=1120;e.Omegagreek=937;e.Omegaroundcyrillic=1146;e.Omegatitlocyrillic=1148;e.Omegatonos=911;e.Omicron=927;e.Omicrontonos=908;e.Omonospace=65327;e.Oneroman=8544;e.Oogonek=490;e.Oogonekmacron=492;e.Oopen=390;e.Oslash=216;e.Oslashacute=510;e.Oslashsmall=63480;e.Osmall=63343;e.Ostrokeacute=510;e.Otcyrillic=1150;e.Otilde=213;e.Otildeacute=7756;e.Otildedieresis=7758;e.Otildesmall=63477;e.P=80;e.Pacute=7764;e.Pcircle=9413;e.Pdotaccent=7766;e.Pecyrillic=1055;e.Peharmenian=1354;e.Pemiddlehookcyrillic=1190;e.Phi=934;e.Phook=420;e.Pi=928;e.Piwrarmenian=1363;e.Pmonospace=65328;e.Psi=936;e.Psicyrillic=1136;e.Psmall=63344;e.Q=81;e.Qcircle=9414;e.Qmonospace=65329;e.Qsmall=63345;e.R=82;e.Raarmenian=1356;e.Racute=340;e.Rcaron=344;e.Rcedilla=342;e.Rcircle=9415;e.Rcommaaccent=342;e.Rdblgrave=528;e.Rdotaccent=7768;e.Rdotbelow=7770;e.Rdotbelowmacron=7772;e.Reharmenian=1360;e.Rfraktur=8476;e.Rho=929;e.Ringsmall=63228;e.Rinvertedbreve=530;e.Rlinebelow=7774;e.Rmonospace=65330;e.Rsmall=63346;e.Rsmallinverted=641;e.Rsmallinvertedsuperior=694;e.S=83;e.SF010000=9484;e.SF020000=9492;e.SF030000=9488;e.SF040000=9496;e.SF050000=9532;e.SF060000=9516;e.SF070000=9524;e.SF080000=9500;e.SF090000=9508;e.SF100000=9472;e.SF110000=9474;e.SF190000=9569;e.SF200000=9570;e.SF210000=9558;e.SF220000=9557;e.SF230000=9571;e.SF240000=9553;e.SF250000=9559;e.SF260000=9565;e.SF270000=9564;e.SF280000=9563;e.SF360000=9566;e.SF370000=9567;e.SF380000=9562;e.SF390000=9556;e.SF400000=9577;e.SF410000=9574;e.SF420000=9568;e.SF430000=9552;e.SF440000=9580;e.SF450000=9575;e.SF460000=9576;e.SF470000=9572;e.SF480000=9573;e.SF490000=9561;e.SF500000=9560;e.SF510000=9554;e.SF520000=9555;e.SF530000=9579;e.SF540000=9578;e.Sacute=346;e.Sacutedotaccent=7780;e.Sampigreek=992;e.Scaron=352;e.Scarondotaccent=7782;e.Scaronsmall=63229;e.Scedilla=350;e.Schwa=399;e.Schwacyrillic=1240;e.Schwadieresiscyrillic=1242;e.Scircle=9416;e.Scircumflex=348;e.Scommaaccent=536;e.Sdotaccent=7776;e.Sdotbelow=7778;e.Sdotbelowdotaccent=7784;e.Seharmenian=1357;e.Sevenroman=8550;e.Shaarmenian=1351;e.Shacyrillic=1064;e.Shchacyrillic=1065;e.Sheicoptic=994;e.Shhacyrillic=1210;e.Shimacoptic=1004;e.Sigma=931;e.Sixroman=8549;e.Smonospace=65331;e.Softsigncyrillic=1068;e.Ssmall=63347;e.Stigmagreek=986;e.T=84;e.Tau=932;e.Tbar=358;e.Tcaron=356;e.Tcedilla=354;e.Tcircle=9417;e.Tcircumflexbelow=7792;e.Tcommaaccent=354;e.Tdotaccent=7786;e.Tdotbelow=7788;e.Tecyrillic=1058;e.Tedescendercyrillic=1196;e.Tenroman=8553;e.Tetsecyrillic=1204;e.Theta=920;e.Thook=428;e.Thorn=222;e.Thornsmall=63486;e.Threeroman=8546;e.Tildesmall=63230;e.Tiwnarmenian=1359;e.Tlinebelow=7790;e.Tmonospace=65332;e.Toarmenian=1337;e.Tonefive=444;e.Tonesix=388;e.Tonetwo=423;e.Tretroflexhook=430;e.Tsecyrillic=1062;e.Tshecyrillic=1035;e.Tsmall=63348;e.Twelveroman=8555;e.Tworoman=8545;e.U=85;e.Uacute=218;e.Uacutesmall=63482;e.Ubreve=364;e.Ucaron=467;e.Ucircle=9418;e.Ucircumflex=219;e.Ucircumflexbelow=7798;e.Ucircumflexsmall=63483;e.Ucyrillic=1059;e.Udblacute=368;e.Udblgrave=532;e.Udieresis=220;e.Udieresisacute=471;e.Udieresisbelow=7794;e.Udieresiscaron=473;e.Udieresiscyrillic=1264;e.Udieresisgrave=475;e.Udieresismacron=469;e.Udieresissmall=63484;e.Udotbelow=7908;e.Ugrave=217;e.Ugravesmall=63481;e.Uhookabove=7910;e.Uhorn=431;e.Uhornacute=7912;e.Uhorndotbelow=7920;e.Uhorngrave=7914;e.Uhornhookabove=7916;e.Uhorntilde=7918;e.Uhungarumlaut=368;e.Uhungarumlautcyrillic=1266;e.Uinvertedbreve=534;e.Ukcyrillic=1144;e.Umacron=362;e.Umacroncyrillic=1262;e.Umacrondieresis=7802;e.Umonospace=65333;e.Uogonek=370;e.Upsilon=933;e.Upsilon1=978;e.Upsilonacutehooksymbolgreek=979;e.Upsilonafrican=433;e.Upsilondieresis=939;e.Upsilondieresishooksymbolgreek=980;e.Upsilonhooksymbol=978;e.Upsilontonos=910;e.Uring=366;e.Ushortcyrillic=1038;e.Usmall=63349;e.Ustraightcyrillic=1198;e.Ustraightstrokecyrillic=1200;e.Utilde=360;e.Utildeacute=7800;e.Utildebelow=7796;e.V=86;e.Vcircle=9419;e.Vdotbelow=7806;e.Vecyrillic=1042;e.Vewarmenian=1358;e.Vhook=434;e.Vmonospace=65334;e.Voarmenian=1352;e.Vsmall=63350;e.Vtilde=7804;e.W=87;e.Wacute=7810;e.Wcircle=9420;e.Wcircumflex=372;e.Wdieresis=7812;e.Wdotaccent=7814;e.Wdotbelow=7816;e.Wgrave=7808;e.Wmonospace=65335;e.Wsmall=63351;e.X=88;e.Xcircle=9421;e.Xdieresis=7820;e.Xdotaccent=7818;e.Xeharmenian=1341;e.Xi=926;e.Xmonospace=65336;e.Xsmall=63352;e.Y=89;e.Yacute=221;e.Yacutesmall=63485;e.Yatcyrillic=1122;e.Ycircle=9422;e.Ycircumflex=374;e.Ydieresis=376;e.Ydieresissmall=63487;e.Ydotaccent=7822;e.Ydotbelow=7924;e.Yericyrillic=1067;e.Yerudieresiscyrillic=1272;e.Ygrave=7922;e.Yhook=435;e.Yhookabove=7926;e.Yiarmenian=1349;e.Yicyrillic=1031;e.Yiwnarmenian=1362;e.Ymonospace=65337;e.Ysmall=63353;e.Ytilde=7928;e.Yusbigcyrillic=1130;e.Yusbigiotifiedcyrillic=1132;e.Yuslittlecyrillic=1126;e.Yuslittleiotifiedcyrillic=1128;e.Z=90;e.Zaarmenian=1334;e.Zacute=377;e.Zcaron=381;e.Zcaronsmall=63231;e.Zcircle=9423;e.Zcircumflex=7824;e.Zdot=379;e.Zdotaccent=379;e.Zdotbelow=7826;e.Zecyrillic=1047;e.Zedescendercyrillic=1176;e.Zedieresiscyrillic=1246;e.Zeta=918;e.Zhearmenian=1338;e.Zhebrevecyrillic=1217;e.Zhecyrillic=1046;e.Zhedescendercyrillic=1174;e.Zhedieresiscyrillic=1244;e.Zlinebelow=7828;e.Zmonospace=65338;e.Zsmall=63354;e.Zstroke=437;e.a=97;e.aabengali=2438;e.aacute=225;e.aadeva=2310;e.aagujarati=2694;e.aagurmukhi=2566;e.aamatragurmukhi=2622;e.aarusquare=13059;e.aavowelsignbengali=2494;e.aavowelsigndeva=2366;e.aavowelsigngujarati=2750;e.abbreviationmarkarmenian=1375;e.abbreviationsigndeva=2416;e.abengali=2437;e.abopomofo=12570;e.abreve=259;e.abreveacute=7855;e.abrevecyrillic=1233;e.abrevedotbelow=7863;e.abrevegrave=7857;e.abrevehookabove=7859;e.abrevetilde=7861;e.acaron=462;e.acircle=9424;e.acircumflex=226;e.acircumflexacute=7845;e.acircumflexdotbelow=7853;e.acircumflexgrave=7847;e.acircumflexhookabove=7849;e.acircumflextilde=7851;e.acute=180;e.acutebelowcmb=791;e.acutecmb=769;e.acutecomb=769;e.acutedeva=2388;e.acutelowmod=719;e.acutetonecmb=833;e.acyrillic=1072;e.adblgrave=513;e.addakgurmukhi=2673;e.adeva=2309;e.adieresis=228;e.adieresiscyrillic=1235;e.adieresismacron=479;e.adotbelow=7841;e.adotmacron=481;e.ae=230;e.aeacute=509;e.aekorean=12624;e.aemacron=483;e.afii00208=8213;e.afii08941=8356;e.afii10017=1040;e.afii10018=1041;e.afii10019=1042;e.afii10020=1043;e.afii10021=1044;e.afii10022=1045;e.afii10023=1025;e.afii10024=1046;e.afii10025=1047;e.afii10026=1048;e.afii10027=1049;e.afii10028=1050;e.afii10029=1051;e.afii10030=1052;e.afii10031=1053;e.afii10032=1054;e.afii10033=1055;e.afii10034=1056;e.afii10035=1057;e.afii10036=1058;e.afii10037=1059;e.afii10038=1060;e.afii10039=1061;e.afii10040=1062;e.afii10041=1063;e.afii10042=1064;e.afii10043=1065;e.afii10044=1066;e.afii10045=1067;e.afii10046=1068;e.afii10047=1069;e.afii10048=1070;e.afii10049=1071;e.afii10050=1168;e.afii10051=1026;e.afii10052=1027;e.afii10053=1028;e.afii10054=1029;e.afii10055=1030;e.afii10056=1031;e.afii10057=1032;e.afii10058=1033;e.afii10059=1034;e.afii10060=1035;e.afii10061=1036;e.afii10062=1038;e.afii10063=63172;e.afii10064=63173;e.afii10065=1072;e.afii10066=1073;e.afii10067=1074;e.afii10068=1075;e.afii10069=1076;e.afii10070=1077;e.afii10071=1105;e.afii10072=1078;e.afii10073=1079;e.afii10074=1080;e.afii10075=1081;e.afii10076=1082;e.afii10077=1083;e.afii10078=1084;e.afii10079=1085;e.afii10080=1086;e.afii10081=1087;e.afii10082=1088;e.afii10083=1089;e.afii10084=1090;e.afii10085=1091;e.afii10086=1092;e.afii10087=1093;e.afii10088=1094;e.afii10089=1095;e.afii10090=1096;e.afii10091=1097;e.afii10092=1098;e.afii10093=1099;e.afii10094=1100;e.afii10095=1101;e.afii10096=1102;e.afii10097=1103;e.afii10098=1169;e.afii10099=1106;e.afii10100=1107;e.afii10101=1108;e.afii10102=1109;e.afii10103=1110;e.afii10104=1111;e.afii10105=1112;e.afii10106=1113;e.afii10107=1114;e.afii10108=1115;e.afii10109=1116;e.afii10110=1118;e.afii10145=1039;e.afii10146=1122;e.afii10147=1138;e.afii10148=1140;e.afii10192=63174;e.afii10193=1119;e.afii10194=1123;e.afii10195=1139;e.afii10196=1141;e.afii10831=63175;e.afii10832=63176;e.afii10846=1241;e.afii299=8206;e.afii300=8207;e.afii301=8205;e.afii57381=1642;e.afii57388=1548;e.afii57392=1632;e.afii57393=1633;e.afii57394=1634;e.afii57395=1635;e.afii57396=1636;e.afii57397=1637;e.afii57398=1638;e.afii57399=1639;e.afii57400=1640;e.afii57401=1641;e.afii57403=1563;e.afii57407=1567;e.afii57409=1569;e.afii57410=1570;e.afii57411=1571;e.afii57412=1572;e.afii57413=1573;e.afii57414=1574;e.afii57415=1575;e.afii57416=1576;e.afii57417=1577;e.afii57418=1578;e.afii57419=1579;e.afii57420=1580;e.afii57421=1581;e.afii57422=1582;e.afii57423=1583;e.afii57424=1584;e.afii57425=1585;e.afii57426=1586;e.afii57427=1587;e.afii57428=1588;e.afii57429=1589;e.afii57430=1590;e.afii57431=1591;e.afii57432=1592;e.afii57433=1593;e.afii57434=1594;e.afii57440=1600;e.afii57441=1601;e.afii57442=1602;e.afii57443=1603;e.afii57444=1604;e.afii57445=1605;e.afii57446=1606;e.afii57448=1608;e.afii57449=1609;e.afii57450=1610;e.afii57451=1611;e.afii57452=1612;e.afii57453=1613;e.afii57454=1614;e.afii57455=1615;e.afii57456=1616;e.afii57457=1617;e.afii57458=1618;e.afii57470=1607;e.afii57505=1700;e.afii57506=1662;e.afii57507=1670;e.afii57508=1688;e.afii57509=1711;e.afii57511=1657;e.afii57512=1672;e.afii57513=1681;e.afii57514=1722;e.afii57519=1746;e.afii57534=1749;e.afii57636=8362;e.afii57645=1470;e.afii57658=1475;e.afii57664=1488;e.afii57665=1489;e.afii57666=1490;e.afii57667=1491;e.afii57668=1492;e.afii57669=1493;e.afii57670=1494;e.afii57671=1495;e.afii57672=1496;e.afii57673=1497;e.afii57674=1498;e.afii57675=1499;e.afii57676=1500;e.afii57677=1501;e.afii57678=1502;e.afii57679=1503;e.afii57680=1504;e.afii57681=1505;e.afii57682=1506;e.afii57683=1507;e.afii57684=1508;e.afii57685=1509;e.afii57686=1510;e.afii57687=1511;e.afii57688=1512;e.afii57689=1513;e.afii57690=1514;e.afii57694=64298;e.afii57695=64299;e.afii57700=64331;e.afii57705=64287;e.afii57716=1520;e.afii57717=1521;e.afii57718=1522;e.afii57723=64309;e.afii57793=1460;e.afii57794=1461;e.afii57795=1462;e.afii57796=1467;e.afii57797=1464;e.afii57798=1463;e.afii57799=1456;e.afii57800=1458;e.afii57801=1457;e.afii57802=1459;e.afii57803=1474;e.afii57804=1473;e.afii57806=1465;e.afii57807=1468;e.afii57839=1469;e.afii57841=1471;e.afii57842=1472;e.afii57929=700;e.afii61248=8453;e.afii61289=8467;e.afii61352=8470;e.afii61573=8236;e.afii61574=8237;e.afii61575=8238;e.afii61664=8204;e.afii63167=1645;e.afii64937=701;e.agrave=224;e.agujarati=2693;e.agurmukhi=2565;e.ahiragana=12354;e.ahookabove=7843;e.aibengali=2448;e.aibopomofo=12574;e.aideva=2320;e.aiecyrillic=1237;e.aigujarati=2704;e.aigurmukhi=2576;e.aimatragurmukhi=2632;e.ainarabic=1593;e.ainfinalarabic=65226;e.aininitialarabic=65227;e.ainmedialarabic=65228;e.ainvertedbreve=515;e.aivowelsignbengali=2504;e.aivowelsigndeva=2376;e.aivowelsigngujarati=2760;e.akatakana=12450;e.akatakanahalfwidth=65393;e.akorean=12623;e.alef=1488;e.alefarabic=1575;e.alefdageshhebrew=64304;e.aleffinalarabic=65166;e.alefhamzaabovearabic=1571;e.alefhamzaabovefinalarabic=65156;e.alefhamzabelowarabic=1573;e.alefhamzabelowfinalarabic=65160;e.alefhebrew=1488;e.aleflamedhebrew=64335;e.alefmaddaabovearabic=1570;e.alefmaddaabovefinalarabic=65154;e.alefmaksuraarabic=1609;e.alefmaksurafinalarabic=65264;e.alefmaksurainitialarabic=65267;e.alefmaksuramedialarabic=65268;e.alefpatahhebrew=64302;e.alefqamatshebrew=64303;e.aleph=8501;e.allequal=8780;e.alpha=945;e.alphatonos=940;e.amacron=257;e.amonospace=65345;e.ampersand=38;e.ampersandmonospace=65286;e.ampersandsmall=63270;e.amsquare=13250;e.anbopomofo=12578;e.angbopomofo=12580;e.angbracketleft=12296;e.angbracketright=12297;e.angkhankhuthai=3674;e.angle=8736;e.anglebracketleft=12296;e.anglebracketleftvertical=65087;e.anglebracketright=12297;e.anglebracketrightvertical=65088;e.angleleft=9001;e.angleright=9002;e.angstrom=8491;e.anoteleia=903;e.anudattadeva=2386;e.anusvarabengali=2434;e.anusvaradeva=2306;e.anusvaragujarati=2690;e.aogonek=261;e.apaatosquare=13056;e.aparen=9372;e.apostrophearmenian=1370;e.apostrophemod=700;e.apple=63743;e.approaches=8784;e.approxequal=8776;e.approxequalorimage=8786;e.approximatelyequal=8773;e.araeaekorean=12686;e.araeakorean=12685;e.arc=8978;e.arighthalfring=7834;e.aring=229;e.aringacute=507;e.aringbelow=7681;e.arrowboth=8596;e.arrowdashdown=8675;e.arrowdashleft=8672;e.arrowdashright=8674;e.arrowdashup=8673;e.arrowdblboth=8660;e.arrowdbldown=8659;e.arrowdblleft=8656;e.arrowdblright=8658;e.arrowdblup=8657;e.arrowdown=8595;e.arrowdownleft=8601;e.arrowdownright=8600;e.arrowdownwhite=8681;e.arrowheaddownmod=709;e.arrowheadleftmod=706;e.arrowheadrightmod=707;e.arrowheadupmod=708;e.arrowhorizex=63719;e.arrowleft=8592;e.arrowleftdbl=8656;e.arrowleftdblstroke=8653;e.arrowleftoverright=8646;e.arrowleftwhite=8678;e.arrowright=8594;e.arrowrightdblstroke=8655;e.arrowrightheavy=10142;e.arrowrightoverleft=8644;e.arrowrightwhite=8680;e.arrowtableft=8676;e.arrowtabright=8677;e.arrowup=8593;e.arrowupdn=8597;e.arrowupdnbse=8616;e.arrowupdownbase=8616;e.arrowupleft=8598;e.arrowupleftofdown=8645;e.arrowupright=8599;e.arrowupwhite=8679;e.arrowvertex=63718;e.asciicircum=94;e.asciicircummonospace=65342;e.asciitilde=126;e.asciitildemonospace=65374;e.ascript=593;e.ascriptturned=594;e.asmallhiragana=12353;e.asmallkatakana=12449;e.asmallkatakanahalfwidth=65383;e.asterisk=42;e.asteriskaltonearabic=1645;e.asteriskarabic=1645;e.asteriskmath=8727;e.asteriskmonospace=65290;e.asterisksmall=65121;e.asterism=8258;e.asuperior=63209;e.asymptoticallyequal=8771;e.at=64;e.atilde=227;e.atmonospace=65312;e.atsmall=65131;e.aturned=592;e.aubengali=2452;e.aubopomofo=12576;e.audeva=2324;e.augujarati=2708;e.augurmukhi=2580;e.aulengthmarkbengali=2519;e.aumatragurmukhi=2636;e.auvowelsignbengali=2508;e.auvowelsigndeva=2380;e.auvowelsigngujarati=2764;e.avagrahadeva=2365;e.aybarmenian=1377;e.ayin=1506;e.ayinaltonehebrew=64288;e.ayinhebrew=1506;e.b=98;e.babengali=2476;e.backslash=92;e.backslashmonospace=65340;e.badeva=2348;e.bagujarati=2732;e.bagurmukhi=2604;e.bahiragana=12400;e.bahtthai=3647;e.bakatakana=12496;e.bar=124;e.barmonospace=65372;e.bbopomofo=12549;e.bcircle=9425;e.bdotaccent=7683;e.bdotbelow=7685;e.beamedsixteenthnotes=9836;e.because=8757;e.becyrillic=1073;e.beharabic=1576;e.behfinalarabic=65168;e.behinitialarabic=65169;e.behiragana=12409;e.behmedialarabic=65170;e.behmeeminitialarabic=64671;e.behmeemisolatedarabic=64520;e.behnoonfinalarabic=64621;e.bekatakana=12505;e.benarmenian=1378;e.bet=1489;e.beta=946;e.betasymbolgreek=976;e.betdagesh=64305;e.betdageshhebrew=64305;e.bethebrew=1489;e.betrafehebrew=64332;e.bhabengali=2477;e.bhadeva=2349;e.bhagujarati=2733;e.bhagurmukhi=2605;e.bhook=595;e.bihiragana=12403;e.bikatakana=12499;e.bilabialclick=664;e.bindigurmukhi=2562;e.birusquare=13105;e.blackcircle=9679;e.blackdiamond=9670;e.blackdownpointingtriangle=9660;e.blackleftpointingpointer=9668;e.blackleftpointingtriangle=9664;e.blacklenticularbracketleft=12304;e.blacklenticularbracketleftvertical=65083;e.blacklenticularbracketright=12305;e.blacklenticularbracketrightvertical=65084;e.blacklowerlefttriangle=9699;e.blacklowerrighttriangle=9698;e.blackrectangle=9644;e.blackrightpointingpointer=9658;e.blackrightpointingtriangle=9654;e.blacksmallsquare=9642;e.blacksmilingface=9787;e.blacksquare=9632;e.blackstar=9733;e.blackupperlefttriangle=9700;e.blackupperrighttriangle=9701;e.blackuppointingsmalltriangle=9652;e.blackuppointingtriangle=9650;e.blank=9251;e.blinebelow=7687;e.block=9608;e.bmonospace=65346;e.bobaimaithai=3610;e.bohiragana=12412;e.bokatakana=12508;e.bparen=9373;e.bqsquare=13251;e.braceex=63732;e.braceleft=123;e.braceleftbt=63731;e.braceleftmid=63730;e.braceleftmonospace=65371;e.braceleftsmall=65115;e.bracelefttp=63729;e.braceleftvertical=65079;e.braceright=125;e.bracerightbt=63742;e.bracerightmid=63741;e.bracerightmonospace=65373;e.bracerightsmall=65116;e.bracerighttp=63740;e.bracerightvertical=65080;e.bracketleft=91;e.bracketleftbt=63728;e.bracketleftex=63727;e.bracketleftmonospace=65339;e.bracketlefttp=63726;e.bracketright=93;e.bracketrightbt=63739;e.bracketrightex=63738;e.bracketrightmonospace=65341;e.bracketrighttp=63737;e.breve=728;e.brevebelowcmb=814;e.brevecmb=774;e.breveinvertedbelowcmb=815;e.breveinvertedcmb=785;e.breveinverteddoublecmb=865;e.bridgebelowcmb=810;e.bridgeinvertedbelowcmb=826;e.brokenbar=166;e.bstroke=384;e.bsuperior=63210;e.btopbar=387;e.buhiragana=12406;e.bukatakana=12502;e.bullet=8226;e.bulletinverse=9688;e.bulletoperator=8729;e.bullseye=9678;e.c=99;e.caarmenian=1390;e.cabengali=2458;e.cacute=263;e.cadeva=2330;e.cagujarati=2714;e.cagurmukhi=2586;e.calsquare=13192;e.candrabindubengali=2433;e.candrabinducmb=784;e.candrabindudeva=2305;e.candrabindugujarati=2689;e.capslock=8682;e.careof=8453;e.caron=711;e.caronbelowcmb=812;e.caroncmb=780;e.carriagereturn=8629;e.cbopomofo=12568;e.ccaron=269;e.ccedilla=231;e.ccedillaacute=7689;e.ccircle=9426;e.ccircumflex=265;e.ccurl=597;e.cdot=267;e.cdotaccent=267;e.cdsquare=13253;e.cedilla=184;e.cedillacmb=807;e.cent=162;e.centigrade=8451;e.centinferior=63199;e.centmonospace=65504;e.centoldstyle=63394;e.centsuperior=63200;e.chaarmenian=1401;e.chabengali=2459;e.chadeva=2331;e.chagujarati=2715;e.chagurmukhi=2587;e.chbopomofo=12564;e.cheabkhasiancyrillic=1213;e.checkmark=10003;e.checyrillic=1095;e.chedescenderabkhasiancyrillic=1215;e.chedescendercyrillic=1207;e.chedieresiscyrillic=1269;e.cheharmenian=1395;e.chekhakassiancyrillic=1228;e.cheverticalstrokecyrillic=1209;e.chi=967;e.chieuchacirclekorean=12919;e.chieuchaparenkorean=12823;e.chieuchcirclekorean=12905;e.chieuchkorean=12618;e.chieuchparenkorean=12809;e.chochangthai=3594;e.chochanthai=3592;e.chochingthai=3593;e.chochoethai=3596;e.chook=392;e.cieucacirclekorean=12918;e.cieucaparenkorean=12822;e.cieuccirclekorean=12904;e.cieuckorean=12616;e.cieucparenkorean=12808;e.cieucuparenkorean=12828;e.circle=9675;e.circlecopyrt=169;e.circlemultiply=8855;e.circleot=8857;e.circleplus=8853;e.circlepostalmark=12342;e.circlewithlefthalfblack=9680;e.circlewithrighthalfblack=9681;e.circumflex=710;e.circumflexbelowcmb=813;e.circumflexcmb=770;e.clear=8999;e.clickalveolar=450;e.clickdental=448;e.clicklateral=449;e.clickretroflex=451;e.club=9827;e.clubsuitblack=9827;e.clubsuitwhite=9831;e.cmcubedsquare=13220;e.cmonospace=65347;e.cmsquaredsquare=13216;e.coarmenian=1409;e.colon=58;e.colonmonetary=8353;e.colonmonospace=65306;e.colonsign=8353;e.colonsmall=65109;e.colontriangularhalfmod=721;e.colontriangularmod=720;e.comma=44;e.commaabovecmb=787;e.commaaboverightcmb=789;e.commaaccent=63171;e.commaarabic=1548;e.commaarmenian=1373;e.commainferior=63201;e.commamonospace=65292;e.commareversedabovecmb=788;e.commareversedmod=701;e.commasmall=65104;e.commasuperior=63202;e.commaturnedabovecmb=786;e.commaturnedmod=699;e.compass=9788;e.congruent=8773;e.contourintegral=8750;e.control=8963;e.controlACK=6;e.controlBEL=7;e.controlBS=8;e.controlCAN=24;e.controlCR=13;e.controlDC1=17;e.controlDC2=18;e.controlDC3=19;e.controlDC4=20;e.controlDEL=127;e.controlDLE=16;e.controlEM=25;e.controlENQ=5;e.controlEOT=4;e.controlESC=27;e.controlETB=23;e.controlETX=3;e.controlFF=12;e.controlFS=28;e.controlGS=29;e.controlHT=9;e.controlLF=10;e.controlNAK=21;e.controlNULL=0;e.controlRS=30;e.controlSI=15;e.controlSO=14;e.controlSOT=2;e.controlSTX=1;e.controlSUB=26;e.controlSYN=22;e.controlUS=31;e.controlVT=11;e.copyright=169;e.copyrightsans=63721;e.copyrightserif=63193;e.cornerbracketleft=12300;e.cornerbracketlefthalfwidth=65378;e.cornerbracketleftvertical=65089;e.cornerbracketright=12301;e.cornerbracketrighthalfwidth=65379;e.cornerbracketrightvertical=65090;e.corporationsquare=13183;e.cosquare=13255;e.coverkgsquare=13254;e.cparen=9374;e.cruzeiro=8354;e.cstretched=663;e.curlyand=8911;e.curlyor=8910;e.currency=164;e.cyrBreve=63185;e.cyrFlex=63186;e.cyrbreve=63188;e.cyrflex=63189;e.d=100;e.daarmenian=1380;e.dabengali=2470;e.dadarabic=1590;e.dadeva=2342;e.dadfinalarabic=65214;e.dadinitialarabic=65215;e.dadmedialarabic=65216;e.dagesh=1468;e.dageshhebrew=1468;e.dagger=8224;e.daggerdbl=8225;e.dagujarati=2726;e.dagurmukhi=2598;e.dahiragana=12384;e.dakatakana=12480;e.dalarabic=1583;e.dalet=1491;e.daletdagesh=64307;e.daletdageshhebrew=64307;e.dalethebrew=1491;e.dalfinalarabic=65194;e.dammaarabic=1615;e.dammalowarabic=1615;e.dammatanaltonearabic=1612;e.dammatanarabic=1612;e.danda=2404;e.dargahebrew=1447;e.dargalefthebrew=1447;e.dasiapneumatacyrilliccmb=1157;e.dblGrave=63187;e.dblanglebracketleft=12298;e.dblanglebracketleftvertical=65085;e.dblanglebracketright=12299;e.dblanglebracketrightvertical=65086;e.dblarchinvertedbelowcmb=811;e.dblarrowleft=8660;e.dblarrowright=8658;e.dbldanda=2405;e.dblgrave=63190;e.dblgravecmb=783;e.dblintegral=8748;e.dbllowline=8215;e.dbllowlinecmb=819;e.dbloverlinecmb=831;e.dblprimemod=698;e.dblverticalbar=8214;e.dblverticallineabovecmb=782;e.dbopomofo=12553;e.dbsquare=13256;e.dcaron=271;e.dcedilla=7697;e.dcircle=9427;e.dcircumflexbelow=7699;e.dcroat=273;e.ddabengali=2465;e.ddadeva=2337;e.ddagujarati=2721;e.ddagurmukhi=2593;e.ddalarabic=1672;e.ddalfinalarabic=64393;e.dddhadeva=2396;e.ddhabengali=2466;e.ddhadeva=2338;e.ddhagujarati=2722;e.ddhagurmukhi=2594;e.ddotaccent=7691;e.ddotbelow=7693;e.decimalseparatorarabic=1643;e.decimalseparatorpersian=1643;e.decyrillic=1076;e.degree=176;e.dehihebrew=1453;e.dehiragana=12391;e.deicoptic=1007;e.dekatakana=12487;e.deleteleft=9003;e.deleteright=8998;e.delta=948;e.deltaturned=397;e.denominatorminusonenumeratorbengali=2552;e.dezh=676;e.dhabengali=2471;e.dhadeva=2343;e.dhagujarati=2727;e.dhagurmukhi=2599;e.dhook=599;e.dialytikatonos=901;e.dialytikatonoscmb=836;e.diamond=9830;e.diamondsuitwhite=9826;e.dieresis=168;e.dieresisacute=63191;e.dieresisbelowcmb=804;e.dieresiscmb=776;e.dieresisgrave=63192;e.dieresistonos=901;e.dihiragana=12386;e.dikatakana=12482;e.dittomark=12291;e.divide=247;e.divides=8739;e.divisionslash=8725;e.djecyrillic=1106;e.dkshade=9619;e.dlinebelow=7695;e.dlsquare=13207;e.dmacron=273;e.dmonospace=65348;e.dnblock=9604;e.dochadathai=3598;e.dodekthai=3604;e.dohiragana=12393;e.dokatakana=12489;e.dollar=36;e.dollarinferior=63203;e.dollarmonospace=65284;e.dollaroldstyle=63268;e.dollarsmall=65129;e.dollarsuperior=63204;e.dong=8363;e.dorusquare=13094;e.dotaccent=729;e.dotaccentcmb=775;e.dotbelowcmb=803;e.dotbelowcomb=803;e.dotkatakana=12539;e.dotlessi=305;e.dotlessj=63166;e.dotlessjstrokehook=644;e.dotmath=8901;e.dottedcircle=9676;e.doubleyodpatah=64287;e.doubleyodpatahhebrew=64287;e.downtackbelowcmb=798;e.downtackmod=725;e.dparen=9375;e.dsuperior=63211;e.dtail=598;e.dtopbar=396;e.duhiragana=12389;e.dukatakana=12485;e.dz=499;e.dzaltone=675;e.dzcaron=454;e.dzcurl=677;e.dzeabkhasiancyrillic=1249;e.dzecyrillic=1109;e.dzhecyrillic=1119;e.e=101;e.eacute=233;e.earth=9793;e.ebengali=2447;e.ebopomofo=12572;e.ebreve=277;e.ecandradeva=2317;e.ecandragujarati=2701;e.ecandravowelsigndeva=2373;e.ecandravowelsigngujarati=2757;e.ecaron=283;e.ecedillabreve=7709;e.echarmenian=1381;e.echyiwnarmenian=1415;e.ecircle=9428;e.ecircumflex=234;e.ecircumflexacute=7871;e.ecircumflexbelow=7705;e.ecircumflexdotbelow=7879;e.ecircumflexgrave=7873;e.ecircumflexhookabove=7875;e.ecircumflextilde=7877;e.ecyrillic=1108;e.edblgrave=517;e.edeva=2319;e.edieresis=235;e.edot=279;e.edotaccent=279;e.edotbelow=7865;e.eegurmukhi=2575;e.eematragurmukhi=2631;e.efcyrillic=1092;e.egrave=232;e.egujarati=2703;e.eharmenian=1383;e.ehbopomofo=12573;e.ehiragana=12360;e.ehookabove=7867;e.eibopomofo=12575;e.eight=56;e.eightarabic=1640;e.eightbengali=2542;e.eightcircle=9319;e.eightcircleinversesansserif=10129;e.eightdeva=2414;e.eighteencircle=9329;e.eighteenparen=9349;e.eighteenperiod=9369;e.eightgujarati=2798;e.eightgurmukhi=2670;e.eighthackarabic=1640;e.eighthangzhou=12328;e.eighthnotebeamed=9835;e.eightideographicparen=12839;e.eightinferior=8328;e.eightmonospace=65304;e.eightoldstyle=63288;e.eightparen=9339;e.eightperiod=9359;e.eightpersian=1784;e.eightroman=8567;e.eightsuperior=8312;e.eightthai=3672;e.einvertedbreve=519;e.eiotifiedcyrillic=1125;e.ekatakana=12456;e.ekatakanahalfwidth=65396;e.ekonkargurmukhi=2676;e.ekorean=12628;e.elcyrillic=1083;e.element=8712;e.elevencircle=9322;e.elevenparen=9342;e.elevenperiod=9362;e.elevenroman=8570;e.ellipsis=8230;e.ellipsisvertical=8942;e.emacron=275;e.emacronacute=7703;e.emacrongrave=7701;e.emcyrillic=1084;e.emdash=8212;e.emdashvertical=65073;e.emonospace=65349;e.emphasismarkarmenian=1371;e.emptyset=8709;e.enbopomofo=12579;e.encyrillic=1085;e.endash=8211;e.endashvertical=65074;e.endescendercyrillic=1187;e.eng=331;e.engbopomofo=12581;e.enghecyrillic=1189;e.enhookcyrillic=1224;e.enspace=8194;e.eogonek=281;e.eokorean=12627;e.eopen=603;e.eopenclosed=666;e.eopenreversed=604;e.eopenreversedclosed=606;e.eopenreversedhook=605;e.eparen=9376;e.epsilon=949;e.epsilontonos=941;e.equal=61;e.equalmonospace=65309;e.equalsmall=65126;e.equalsuperior=8316;e.equivalence=8801;e.erbopomofo=12582;e.ercyrillic=1088;e.ereversed=600;e.ereversedcyrillic=1101;e.escyrillic=1089;e.esdescendercyrillic=1195;e.esh=643;e.eshcurl=646;e.eshortdeva=2318;e.eshortvowelsigndeva=2374;e.eshreversedloop=426;e.eshsquatreversed=645;e.esmallhiragana=12359;e.esmallkatakana=12455;e.esmallkatakanahalfwidth=65386;e.estimated=8494;e.esuperior=63212;e.eta=951;e.etarmenian=1384;e.etatonos=942;e.eth=240;e.etilde=7869;e.etildebelow=7707;e.etnahtafoukhhebrew=1425;e.etnahtafoukhlefthebrew=1425;e.etnahtahebrew=1425;e.etnahtalefthebrew=1425;e.eturned=477;e.eukorean=12641;e.euro=8364;e.evowelsignbengali=2503;e.evowelsigndeva=2375;e.evowelsigngujarati=2759;e.exclam=33;e.exclamarmenian=1372;e.exclamdbl=8252;e.exclamdown=161;e.exclamdownsmall=63393;e.exclammonospace=65281;e.exclamsmall=63265;e.existential=8707;e.ezh=658;e.ezhcaron=495;e.ezhcurl=659;e.ezhreversed=441;e.ezhtail=442;e.f=102;e.fadeva=2398;e.fagurmukhi=2654;e.fahrenheit=8457;e.fathaarabic=1614;e.fathalowarabic=1614;e.fathatanarabic=1611;e.fbopomofo=12552;e.fcircle=9429;e.fdotaccent=7711;e.feharabic=1601;e.feharmenian=1414;e.fehfinalarabic=65234;e.fehinitialarabic=65235;e.fehmedialarabic=65236;e.feicoptic=997;e.female=9792;e.ff=64256;e.f_f=64256;e.ffi=64259;e.f_f_i=64259;e.ffl=64260;e.f_f_l=64260;e.fi=64257;e.f_i=64257;e.fifteencircle=9326;e.fifteenparen=9346;e.fifteenperiod=9366;e.figuredash=8210;e.filledbox=9632;e.filledrect=9644;e.finalkaf=1498;e.finalkafdagesh=64314;e.finalkafdageshhebrew=64314;e.finalkafhebrew=1498;e.finalmem=1501;e.finalmemhebrew=1501;e.finalnun=1503;e.finalnunhebrew=1503;e.finalpe=1507;e.finalpehebrew=1507;e.finaltsadi=1509;e.finaltsadihebrew=1509;e.firsttonechinese=713;e.fisheye=9673;e.fitacyrillic=1139;e.five=53;e.fivearabic=1637;e.fivebengali=2539;e.fivecircle=9316;e.fivecircleinversesansserif=10126;e.fivedeva=2411;e.fiveeighths=8541;e.fivegujarati=2795;e.fivegurmukhi=2667;e.fivehackarabic=1637;e.fivehangzhou=12325;e.fiveideographicparen=12836;e.fiveinferior=8325;e.fivemonospace=65301;e.fiveoldstyle=63285;e.fiveparen=9336;e.fiveperiod=9356;e.fivepersian=1781;e.fiveroman=8564;e.fivesuperior=8309;e.fivethai=3669;e.fl=64258;e.f_l=64258;e.florin=402;e.fmonospace=65350;e.fmsquare=13209;e.fofanthai=3615;e.fofathai=3613;e.fongmanthai=3663;e.forall=8704;e.four=52;e.fourarabic=1636;e.fourbengali=2538;e.fourcircle=9315;e.fourcircleinversesansserif=10125;e.fourdeva=2410;e.fourgujarati=2794;e.fourgurmukhi=2666;e.fourhackarabic=1636;e.fourhangzhou=12324;e.fourideographicparen=12835;e.fourinferior=8324;e.fourmonospace=65300;e.fournumeratorbengali=2551;e.fouroldstyle=63284;e.fourparen=9335;e.fourperiod=9355;e.fourpersian=1780;e.fourroman=8563;e.foursuperior=8308;e.fourteencircle=9325;e.fourteenparen=9345;e.fourteenperiod=9365;e.fourthai=3668;e.fourthtonechinese=715;e.fparen=9377;e.fraction=8260;e.franc=8355;e.g=103;e.gabengali=2455;e.gacute=501;e.gadeva=2327;e.gafarabic=1711;e.gaffinalarabic=64403;e.gafinitialarabic=64404;e.gafmedialarabic=64405;e.gagujarati=2711;e.gagurmukhi=2583;e.gahiragana=12364;e.gakatakana=12460;e.gamma=947;e.gammalatinsmall=611;e.gammasuperior=736;e.gangiacoptic=1003;e.gbopomofo=12557;e.gbreve=287;e.gcaron=487;e.gcedilla=291;e.gcircle=9430;e.gcircumflex=285;e.gcommaaccent=291;e.gdot=289;e.gdotaccent=289;e.gecyrillic=1075;e.gehiragana=12370;e.gekatakana=12466;e.geometricallyequal=8785;e.gereshaccenthebrew=1436;e.gereshhebrew=1523;e.gereshmuqdamhebrew=1437;e.germandbls=223;e.gershayimaccenthebrew=1438;e.gershayimhebrew=1524;e.getamark=12307;e.ghabengali=2456;e.ghadarmenian=1394;e.ghadeva=2328;e.ghagujarati=2712;e.ghagurmukhi=2584;e.ghainarabic=1594;e.ghainfinalarabic=65230;e.ghaininitialarabic=65231;e.ghainmedialarabic=65232;e.ghemiddlehookcyrillic=1173;e.ghestrokecyrillic=1171;e.gheupturncyrillic=1169;e.ghhadeva=2394;e.ghhagurmukhi=2650;e.ghook=608;e.ghzsquare=13203;e.gihiragana=12366;e.gikatakana=12462;e.gimarmenian=1379;e.gimel=1490;e.gimeldagesh=64306;e.gimeldageshhebrew=64306;e.gimelhebrew=1490;e.gjecyrillic=1107;e.glottalinvertedstroke=446;e.glottalstop=660;e.glottalstopinverted=662;e.glottalstopmod=704;e.glottalstopreversed=661;e.glottalstopreversedmod=705;e.glottalstopreversedsuperior=740;e.glottalstopstroke=673;e.glottalstopstrokereversed=674;e.gmacron=7713;e.gmonospace=65351;e.gohiragana=12372;e.gokatakana=12468;e.gparen=9378;e.gpasquare=13228;e.gradient=8711;e.grave=96;e.gravebelowcmb=790;e.gravecmb=768;e.gravecomb=768;e.gravedeva=2387;e.gravelowmod=718;e.gravemonospace=65344;e.gravetonecmb=832;e.greater=62;e.greaterequal=8805;e.greaterequalorless=8923;e.greatermonospace=65310;e.greaterorequivalent=8819;e.greaterorless=8823;e.greateroverequal=8807;e.greatersmall=65125;e.gscript=609;e.gstroke=485;e.guhiragana=12368;e.guillemotleft=171;e.guillemotright=187;e.guilsinglleft=8249;e.guilsinglright=8250;e.gukatakana=12464;e.guramusquare=13080;e.gysquare=13257;e.h=104;e.haabkhasiancyrillic=1193;e.haaltonearabic=1729;e.habengali=2489;e.hadescendercyrillic=1203;e.hadeva=2361;e.hagujarati=2745;e.hagurmukhi=2617;e.haharabic=1581;e.hahfinalarabic=65186;e.hahinitialarabic=65187;e.hahiragana=12399;e.hahmedialarabic=65188;e.haitusquare=13098;e.hakatakana=12495;e.hakatakanahalfwidth=65418;e.halantgurmukhi=2637;e.hamzaarabic=1569;e.hamzalowarabic=1569;e.hangulfiller=12644;e.hardsigncyrillic=1098;e.harpoonleftbarbup=8636;e.harpoonrightbarbup=8640;e.hasquare=13258;e.hatafpatah=1458;e.hatafpatah16=1458;e.hatafpatah23=1458;e.hatafpatah2f=1458;e.hatafpatahhebrew=1458;e.hatafpatahnarrowhebrew=1458;e.hatafpatahquarterhebrew=1458;e.hatafpatahwidehebrew=1458;e.hatafqamats=1459;e.hatafqamats1b=1459;e.hatafqamats28=1459;e.hatafqamats34=1459;e.hatafqamatshebrew=1459;e.hatafqamatsnarrowhebrew=1459;e.hatafqamatsquarterhebrew=1459;e.hatafqamatswidehebrew=1459;e.hatafsegol=1457;e.hatafsegol17=1457;e.hatafsegol24=1457;e.hatafsegol30=1457;e.hatafsegolhebrew=1457;e.hatafsegolnarrowhebrew=1457;e.hatafsegolquarterhebrew=1457;e.hatafsegolwidehebrew=1457;e.hbar=295;e.hbopomofo=12559;e.hbrevebelow=7723;e.hcedilla=7721;e.hcircle=9431;e.hcircumflex=293;e.hdieresis=7719;e.hdotaccent=7715;e.hdotbelow=7717;e.he=1492;e.heart=9829;e.heartsuitblack=9829;e.heartsuitwhite=9825;e.hedagesh=64308;e.hedageshhebrew=64308;e.hehaltonearabic=1729;e.heharabic=1607;e.hehebrew=1492;e.hehfinalaltonearabic=64423;e.hehfinalalttwoarabic=65258;e.hehfinalarabic=65258;e.hehhamzaabovefinalarabic=64421;e.hehhamzaaboveisolatedarabic=64420;e.hehinitialaltonearabic=64424;e.hehinitialarabic=65259;e.hehiragana=12408;e.hehmedialaltonearabic=64425;e.hehmedialarabic=65260;e.heiseierasquare=13179;e.hekatakana=12504;e.hekatakanahalfwidth=65421;e.hekutaarusquare=13110;e.henghook=615;e.herutusquare=13113;e.het=1495;e.hethebrew=1495;e.hhook=614;e.hhooksuperior=689;e.hieuhacirclekorean=12923;e.hieuhaparenkorean=12827;e.hieuhcirclekorean=12909;e.hieuhkorean=12622;e.hieuhparenkorean=12813;e.hihiragana=12402;e.hikatakana=12498;e.hikatakanahalfwidth=65419;e.hiriq=1460;e.hiriq14=1460;e.hiriq21=1460;e.hiriq2d=1460;e.hiriqhebrew=1460;e.hiriqnarrowhebrew=1460;e.hiriqquarterhebrew=1460;e.hiriqwidehebrew=1460;e.hlinebelow=7830;e.hmonospace=65352;e.hoarmenian=1392;e.hohipthai=3627;e.hohiragana=12411;e.hokatakana=12507;e.hokatakanahalfwidth=65422;e.holam=1465;e.holam19=1465;e.holam26=1465;e.holam32=1465;e.holamhebrew=1465;e.holamnarrowhebrew=1465;e.holamquarterhebrew=1465;e.holamwidehebrew=1465;e.honokhukthai=3630;e.hookabovecomb=777;e.hookcmb=777;e.hookpalatalizedbelowcmb=801;e.hookretroflexbelowcmb=802;e.hoonsquare=13122;e.horicoptic=1001;e.horizontalbar=8213;e.horncmb=795;e.hotsprings=9832;e.house=8962;e.hparen=9379;e.hsuperior=688;e.hturned=613;e.huhiragana=12405;e.huiitosquare=13107;e.hukatakana=12501;e.hukatakanahalfwidth=65420;e.hungarumlaut=733;e.hungarumlautcmb=779;e.hv=405;e.hyphen=45;e.hypheninferior=63205;e.hyphenmonospace=65293;e.hyphensmall=65123;e.hyphensuperior=63206;e.hyphentwo=8208;e.i=105;e.iacute=237;e.iacyrillic=1103;e.ibengali=2439;e.ibopomofo=12583;e.ibreve=301;e.icaron=464;e.icircle=9432;e.icircumflex=238;e.icyrillic=1110;e.idblgrave=521;e.ideographearthcircle=12943;e.ideographfirecircle=12939;e.ideographicallianceparen=12863;e.ideographiccallparen=12858;e.ideographiccentrecircle=12965;e.ideographicclose=12294;e.ideographiccomma=12289;e.ideographiccommaleft=65380;e.ideographiccongratulationparen=12855;e.ideographiccorrectcircle=12963;e.ideographicearthparen=12847;e.ideographicenterpriseparen=12861;e.ideographicexcellentcircle=12957;e.ideographicfestivalparen=12864;e.ideographicfinancialcircle=12950;e.ideographicfinancialparen=12854;e.ideographicfireparen=12843;e.ideographichaveparen=12850;e.ideographichighcircle=12964;e.ideographiciterationmark=12293;e.ideographiclaborcircle=12952;e.ideographiclaborparen=12856;e.ideographicleftcircle=12967;e.ideographiclowcircle=12966;e.ideographicmedicinecircle=12969;e.ideographicmetalparen=12846;e.ideographicmoonparen=12842;e.ideographicnameparen=12852;e.ideographicperiod=12290;e.ideographicprintcircle=12958;e.ideographicreachparen=12867;e.ideographicrepresentparen=12857;e.ideographicresourceparen=12862;e.ideographicrightcircle=12968;e.ideographicsecretcircle=12953;e.ideographicselfparen=12866;e.ideographicsocietyparen=12851;e.ideographicspace=12288;e.ideographicspecialparen=12853;e.ideographicstockparen=12849;e.ideographicstudyparen=12859;e.ideographicsunparen=12848;e.ideographicsuperviseparen=12860;e.ideographicwaterparen=12844;e.ideographicwoodparen=12845;e.ideographiczero=12295;e.ideographmetalcircle=12942;e.ideographmooncircle=12938;e.ideographnamecircle=12948;e.ideographsuncircle=12944;e.ideographwatercircle=12940;e.ideographwoodcircle=12941;e.ideva=2311;e.idieresis=239;e.idieresisacute=7727;e.idieresiscyrillic=1253;e.idotbelow=7883;e.iebrevecyrillic=1239;e.iecyrillic=1077;e.ieungacirclekorean=12917;e.ieungaparenkorean=12821;e.ieungcirclekorean=12903;e.ieungkorean=12615;e.ieungparenkorean=12807;e.igrave=236;e.igujarati=2695;e.igurmukhi=2567;e.ihiragana=12356;e.ihookabove=7881;e.iibengali=2440;e.iicyrillic=1080;e.iideva=2312;e.iigujarati=2696;e.iigurmukhi=2568;e.iimatragurmukhi=2624;e.iinvertedbreve=523;e.iishortcyrillic=1081;e.iivowelsignbengali=2496;e.iivowelsigndeva=2368;e.iivowelsigngujarati=2752;e.ij=307;e.ikatakana=12452;e.ikatakanahalfwidth=65394;e.ikorean=12643;e.ilde=732;e.iluyhebrew=1452;e.imacron=299;e.imacroncyrillic=1251;e.imageorapproximatelyequal=8787;e.imatragurmukhi=2623;e.imonospace=65353;e.increment=8710;e.infinity=8734;e.iniarmenian=1387;e.integral=8747;e.integralbottom=8993;e.integralbt=8993;e.integralex=63733;e.integraltop=8992;e.integraltp=8992;e.intersection=8745;e.intisquare=13061;e.invbullet=9688;e.invcircle=9689;e.invsmileface=9787;e.iocyrillic=1105;e.iogonek=303;e.iota=953;e.iotadieresis=970;e.iotadieresistonos=912;e.iotalatin=617;e.iotatonos=943;e.iparen=9380;e.irigurmukhi=2674;e.ismallhiragana=12355;e.ismallkatakana=12451;e.ismallkatakanahalfwidth=65384;e.issharbengali=2554;e.istroke=616;e.isuperior=63213;e.iterationhiragana=12445;e.iterationkatakana=12541;e.itilde=297;e.itildebelow=7725;e.iubopomofo=12585;e.iucyrillic=1102;e.ivowelsignbengali=2495;e.ivowelsigndeva=2367;e.ivowelsigngujarati=2751;e.izhitsacyrillic=1141;e.izhitsadblgravecyrillic=1143;e.j=106;e.jaarmenian=1393;e.jabengali=2460;e.jadeva=2332;e.jagujarati=2716;e.jagurmukhi=2588;e.jbopomofo=12560;e.jcaron=496;e.jcircle=9433;e.jcircumflex=309;e.jcrossedtail=669;e.jdotlessstroke=607;e.jecyrillic=1112;e.jeemarabic=1580;e.jeemfinalarabic=65182;e.jeeminitialarabic=65183;e.jeemmedialarabic=65184;e.jeharabic=1688;e.jehfinalarabic=64395;e.jhabengali=2461;e.jhadeva=2333;e.jhagujarati=2717;e.jhagurmukhi=2589;e.jheharmenian=1403;e.jis=12292;e.jmonospace=65354;e.jparen=9381;e.jsuperior=690;e.k=107;e.kabashkircyrillic=1185;e.kabengali=2453;e.kacute=7729;e.kacyrillic=1082;e.kadescendercyrillic=1179;e.kadeva=2325;e.kaf=1499;e.kafarabic=1603;e.kafdagesh=64315;e.kafdageshhebrew=64315;e.kaffinalarabic=65242;e.kafhebrew=1499;e.kafinitialarabic=65243;e.kafmedialarabic=65244;e.kafrafehebrew=64333;e.kagujarati=2709;e.kagurmukhi=2581;e.kahiragana=12363;e.kahookcyrillic=1220;e.kakatakana=12459;e.kakatakanahalfwidth=65398;e.kappa=954;e.kappasymbolgreek=1008;e.kapyeounmieumkorean=12657;e.kapyeounphieuphkorean=12676;e.kapyeounpieupkorean=12664;e.kapyeounssangpieupkorean=12665;e.karoriisquare=13069;e.kashidaautoarabic=1600;e.kashidaautonosidebearingarabic=1600;e.kasmallkatakana=12533;e.kasquare=13188;e.kasraarabic=1616;e.kasratanarabic=1613;e.kastrokecyrillic=1183;e.katahiraprolongmarkhalfwidth=65392;e.kaverticalstrokecyrillic=1181;e.kbopomofo=12558;e.kcalsquare=13193;e.kcaron=489;e.kcedilla=311;e.kcircle=9434;e.kcommaaccent=311;e.kdotbelow=7731;e.keharmenian=1412;e.kehiragana=12369;e.kekatakana=12465;e.kekatakanahalfwidth=65401;e.kenarmenian=1391;e.kesmallkatakana=12534;e.kgreenlandic=312;e.khabengali=2454;e.khacyrillic=1093;e.khadeva=2326;e.khagujarati=2710;e.khagurmukhi=2582;e.khaharabic=1582;e.khahfinalarabic=65190;e.khahinitialarabic=65191;e.khahmedialarabic=65192;e.kheicoptic=999;e.khhadeva=2393;e.khhagurmukhi=2649;e.khieukhacirclekorean=12920;e.khieukhaparenkorean=12824;e.khieukhcirclekorean=12906;e.khieukhkorean=12619;e.khieukhparenkorean=12810;e.khokhaithai=3586;e.khokhonthai=3589;e.khokhuatthai=3587;e.khokhwaithai=3588;e.khomutthai=3675;e.khook=409;e.khorakhangthai=3590;e.khzsquare=13201;e.kihiragana=12365;e.kikatakana=12461;e.kikatakanahalfwidth=65399;e.kiroguramusquare=13077;e.kiromeetorusquare=13078;e.kirosquare=13076;e.kiyeokacirclekorean=12910;e.kiyeokaparenkorean=12814;e.kiyeokcirclekorean=12896;e.kiyeokkorean=12593;e.kiyeokparenkorean=12800;e.kiyeoksioskorean=12595;e.kjecyrillic=1116;e.klinebelow=7733;e.klsquare=13208;e.kmcubedsquare=13222;e.kmonospace=65355;e.kmsquaredsquare=13218;e.kohiragana=12371;e.kohmsquare=13248;e.kokaithai=3585;e.kokatakana=12467;e.kokatakanahalfwidth=65402;e.kooposquare=13086;e.koppacyrillic=1153;e.koreanstandardsymbol=12927;e.koroniscmb=835;e.kparen=9382;e.kpasquare=13226;e.ksicyrillic=1135;e.ktsquare=13263;e.kturned=670;e.kuhiragana=12367;e.kukatakana=12463;e.kukatakanahalfwidth=65400;e.kvsquare=13240;e.kwsquare=13246;e.l=108;e.labengali=2482;e.lacute=314;e.ladeva=2354;e.lagujarati=2738;e.lagurmukhi=2610;e.lakkhangyaothai=3653;e.lamaleffinalarabic=65276;e.lamalefhamzaabovefinalarabic=65272;e.lamalefhamzaaboveisolatedarabic=65271;e.lamalefhamzabelowfinalarabic=65274;e.lamalefhamzabelowisolatedarabic=65273;e.lamalefisolatedarabic=65275;e.lamalefmaddaabovefinalarabic=65270;e.lamalefmaddaaboveisolatedarabic=65269;e.lamarabic=1604;e.lambda=955;e.lambdastroke=411;e.lamed=1500;e.lameddagesh=64316;e.lameddageshhebrew=64316;e.lamedhebrew=1500;e.lamfinalarabic=65246;e.lamhahinitialarabic=64714;e.laminitialarabic=65247;e.lamjeeminitialarabic=64713;e.lamkhahinitialarabic=64715;e.lamlamhehisolatedarabic=65010;e.lammedialarabic=65248;e.lammeemhahinitialarabic=64904;e.lammeeminitialarabic=64716;e.largecircle=9711;e.lbar=410;e.lbelt=620;e.lbopomofo=12556;e.lcaron=318;e.lcedilla=316;e.lcircle=9435;e.lcircumflexbelow=7741;e.lcommaaccent=316;e.ldot=320;e.ldotaccent=320;e.ldotbelow=7735;e.ldotbelowmacron=7737;e.leftangleabovecmb=794;e.lefttackbelowcmb=792;e.less=60;e.lessequal=8804;e.lessequalorgreater=8922;e.lessmonospace=65308;e.lessorequivalent=8818;e.lessorgreater=8822;e.lessoverequal=8806;e.lesssmall=65124;e.lezh=622;e.lfblock=9612;e.lhookretroflex=621;e.lira=8356;e.liwnarmenian=1388;e.lj=457;e.ljecyrillic=1113;e.ll=63168;e.lladeva=2355;e.llagujarati=2739;e.llinebelow=7739;e.llladeva=2356;e.llvocalicbengali=2529;e.llvocalicdeva=2401;e.llvocalicvowelsignbengali=2531;e.llvocalicvowelsigndeva=2403;e.lmiddletilde=619;e.lmonospace=65356;e.lmsquare=13264;e.lochulathai=3628;e.logicaland=8743;e.logicalnot=172;e.logicalnotreversed=8976;e.logicalor=8744;e.lolingthai=3621;e.longs=383;e.lowlinecenterline=65102;e.lowlinecmb=818;e.lowlinedashed=65101;e.lozenge=9674;e.lparen=9383;e.lslash=322;e.lsquare=8467;e.lsuperior=63214;e.ltshade=9617;e.luthai=3622;e.lvocalicbengali=2444;e.lvocalicdeva=2316;e.lvocalicvowelsignbengali=2530;e.lvocalicvowelsigndeva=2402;e.lxsquare=13267;e.m=109;e.mabengali=2478;e.macron=175;e.macronbelowcmb=817;e.macroncmb=772;e.macronlowmod=717;e.macronmonospace=65507;e.macute=7743;e.madeva=2350;e.magujarati=2734;e.magurmukhi=2606;e.mahapakhhebrew=1444;e.mahapakhlefthebrew=1444;e.mahiragana=12414;e.maichattawalowleftthai=63637;e.maichattawalowrightthai=63636;e.maichattawathai=3659;e.maichattawaupperleftthai=63635;e.maieklowleftthai=63628;e.maieklowrightthai=63627;e.maiekthai=3656;e.maiekupperleftthai=63626;e.maihanakatleftthai=63620;e.maihanakatthai=3633;e.maitaikhuleftthai=63625;e.maitaikhuthai=3655;e.maitholowleftthai=63631;e.maitholowrightthai=63630;e.maithothai=3657;e.maithoupperleftthai=63629;e.maitrilowleftthai=63634;e.maitrilowrightthai=63633;e.maitrithai=3658;e.maitriupperleftthai=63632;e.maiyamokthai=3654;e.makatakana=12510;e.makatakanahalfwidth=65423;e.male=9794;e.mansyonsquare=13127;e.maqafhebrew=1470;e.mars=9794;e.masoracirclehebrew=1455;e.masquare=13187;e.mbopomofo=12551;e.mbsquare=13268;e.mcircle=9436;e.mcubedsquare=13221;e.mdotaccent=7745;e.mdotbelow=7747;e.meemarabic=1605;e.meemfinalarabic=65250;e.meeminitialarabic=65251;e.meemmedialarabic=65252;e.meemmeeminitialarabic=64721;e.meemmeemisolatedarabic=64584;e.meetorusquare=13133;e.mehiragana=12417;e.meizierasquare=13182;e.mekatakana=12513;e.mekatakanahalfwidth=65426;e.mem=1502;e.memdagesh=64318;e.memdageshhebrew=64318;e.memhebrew=1502;e.menarmenian=1396;e.merkhahebrew=1445;e.merkhakefulahebrew=1446;e.merkhakefulalefthebrew=1446;e.merkhalefthebrew=1445;e.mhook=625;e.mhzsquare=13202;e.middledotkatakanahalfwidth=65381;e.middot=183;e.mieumacirclekorean=12914;e.mieumaparenkorean=12818;e.mieumcirclekorean=12900;e.mieumkorean=12609;e.mieumpansioskorean=12656;e.mieumparenkorean=12804;e.mieumpieupkorean=12654;e.mieumsioskorean=12655;e.mihiragana=12415;e.mikatakana=12511;e.mikatakanahalfwidth=65424;e.minus=8722;e.minusbelowcmb=800;e.minuscircle=8854;e.minusmod=727;e.minusplus=8723;e.minute=8242;e.miribaarusquare=13130;e.mirisquare=13129;e.mlonglegturned=624;e.mlsquare=13206;e.mmcubedsquare=13219;e.mmonospace=65357;e.mmsquaredsquare=13215;e.mohiragana=12418;e.mohmsquare=13249;e.mokatakana=12514;e.mokatakanahalfwidth=65427;e.molsquare=13270;e.momathai=3617;e.moverssquare=13223;e.moverssquaredsquare=13224;e.mparen=9384;e.mpasquare=13227;e.mssquare=13235;e.msuperior=63215;e.mturned=623;e.mu=181;e.mu1=181;e.muasquare=13186;e.muchgreater=8811;e.muchless=8810;e.mufsquare=13196;e.mugreek=956;e.mugsquare=13197;e.muhiragana=12416;e.mukatakana=12512;e.mukatakanahalfwidth=65425;e.mulsquare=13205;e.multiply=215;e.mumsquare=13211;e.munahhebrew=1443;e.munahlefthebrew=1443;e.musicalnote=9834;e.musicalnotedbl=9835;e.musicflatsign=9837;e.musicsharpsign=9839;e.mussquare=13234;e.muvsquare=13238;e.muwsquare=13244;e.mvmegasquare=13241;e.mvsquare=13239;e.mwmegasquare=13247;e.mwsquare=13245;e.n=110;e.nabengali=2472;e.nabla=8711;e.nacute=324;e.nadeva=2344;e.nagujarati=2728;e.nagurmukhi=2600;e.nahiragana=12394;e.nakatakana=12490;e.nakatakanahalfwidth=65413;e.napostrophe=329;e.nasquare=13185;e.nbopomofo=12555;e.nbspace=160;e.ncaron=328;e.ncedilla=326;e.ncircle=9437;e.ncircumflexbelow=7755;e.ncommaaccent=326;e.ndotaccent=7749;e.ndotbelow=7751;e.nehiragana=12397;e.nekatakana=12493;e.nekatakanahalfwidth=65416;e.newsheqelsign=8362;e.nfsquare=13195;e.ngabengali=2457;e.ngadeva=2329;e.ngagujarati=2713;e.ngagurmukhi=2585;e.ngonguthai=3591;e.nhiragana=12435;e.nhookleft=626;e.nhookretroflex=627;e.nieunacirclekorean=12911;e.nieunaparenkorean=12815;e.nieuncieuckorean=12597;e.nieuncirclekorean=12897;e.nieunhieuhkorean=12598;e.nieunkorean=12596;e.nieunpansioskorean=12648;e.nieunparenkorean=12801;e.nieunsioskorean=12647;e.nieuntikeutkorean=12646;e.nihiragana=12395;e.nikatakana=12491;e.nikatakanahalfwidth=65414;e.nikhahitleftthai=63641;e.nikhahitthai=3661;e.nine=57;e.ninearabic=1641;e.ninebengali=2543;e.ninecircle=9320;e.ninecircleinversesansserif=10130;e.ninedeva=2415;e.ninegujarati=2799;e.ninegurmukhi=2671;e.ninehackarabic=1641;e.ninehangzhou=12329;e.nineideographicparen=12840;e.nineinferior=8329;e.ninemonospace=65305;e.nineoldstyle=63289;e.nineparen=9340;e.nineperiod=9360;e.ninepersian=1785;e.nineroman=8568;e.ninesuperior=8313;e.nineteencircle=9330;e.nineteenparen=9350;e.nineteenperiod=9370;e.ninethai=3673;e.nj=460;e.njecyrillic=1114;e.nkatakana=12531;e.nkatakanahalfwidth=65437;e.nlegrightlong=414;e.nlinebelow=7753;e.nmonospace=65358;e.nmsquare=13210;e.nnabengali=2467;e.nnadeva=2339;e.nnagujarati=2723;e.nnagurmukhi=2595;e.nnnadeva=2345;e.nohiragana=12398;e.nokatakana=12494;e.nokatakanahalfwidth=65417;e.nonbreakingspace=160;e.nonenthai=3603;e.nonuthai=3609;e.noonarabic=1606;e.noonfinalarabic=65254;e.noonghunnaarabic=1722;e.noonghunnafinalarabic=64415;e.nooninitialarabic=65255;e.noonjeeminitialarabic=64722;e.noonjeemisolatedarabic=64587;e.noonmedialarabic=65256;e.noonmeeminitialarabic=64725;e.noonmeemisolatedarabic=64590;e.noonnoonfinalarabic=64653;e.notcontains=8716;e.notelement=8713;e.notelementof=8713;e.notequal=8800;e.notgreater=8815;e.notgreaternorequal=8817;e.notgreaternorless=8825;e.notidentical=8802;e.notless=8814;e.notlessnorequal=8816;e.notparallel=8742;e.notprecedes=8832;e.notsubset=8836;e.notsucceeds=8833;e.notsuperset=8837;e.nowarmenian=1398;e.nparen=9385;e.nssquare=13233;e.nsuperior=8319;e.ntilde=241;e.nu=957;e.nuhiragana=12396;e.nukatakana=12492;e.nukatakanahalfwidth=65415;e.nuktabengali=2492;e.nuktadeva=2364;e.nuktagujarati=2748;e.nuktagurmukhi=2620;e.numbersign=35;e.numbersignmonospace=65283;e.numbersignsmall=65119;e.numeralsigngreek=884;e.numeralsignlowergreek=885;e.numero=8470;e.nun=1504;e.nundagesh=64320;e.nundageshhebrew=64320;e.nunhebrew=1504;e.nvsquare=13237;e.nwsquare=13243;e.nyabengali=2462;e.nyadeva=2334;e.nyagujarati=2718;e.nyagurmukhi=2590;e.o=111;e.oacute=243;e.oangthai=3629;e.obarred=629;e.obarredcyrillic=1257;e.obarreddieresiscyrillic=1259;e.obengali=2451;e.obopomofo=12571;e.obreve=335;e.ocandradeva=2321;e.ocandragujarati=2705;e.ocandravowelsigndeva=2377;e.ocandravowelsigngujarati=2761;e.ocaron=466;e.ocircle=9438;e.ocircumflex=244;e.ocircumflexacute=7889;e.ocircumflexdotbelow=7897;e.ocircumflexgrave=7891;e.ocircumflexhookabove=7893;e.ocircumflextilde=7895;e.ocyrillic=1086;e.odblacute=337;e.odblgrave=525;e.odeva=2323;e.odieresis=246;e.odieresiscyrillic=1255;e.odotbelow=7885;e.oe=339;e.oekorean=12634;e.ogonek=731;e.ogonekcmb=808;e.ograve=242;e.ogujarati=2707;e.oharmenian=1413;e.ohiragana=12362;e.ohookabove=7887;e.ohorn=417;e.ohornacute=7899;e.ohorndotbelow=7907;e.ohorngrave=7901;e.ohornhookabove=7903;e.ohorntilde=7905;e.ohungarumlaut=337;e.oi=419;e.oinvertedbreve=527;e.okatakana=12458;e.okatakanahalfwidth=65397;e.okorean=12631;e.olehebrew=1451;e.omacron=333;e.omacronacute=7763;e.omacrongrave=7761;e.omdeva=2384;e.omega=969;e.omega1=982;e.omegacyrillic=1121;e.omegalatinclosed=631;e.omegaroundcyrillic=1147;e.omegatitlocyrillic=1149;e.omegatonos=974;e.omgujarati=2768;e.omicron=959;e.omicrontonos=972;e.omonospace=65359;e.one=49;e.onearabic=1633;e.onebengali=2535;e.onecircle=9312;e.onecircleinversesansserif=10122;e.onedeva=2407;e.onedotenleader=8228;e.oneeighth=8539;e.onefitted=63196;e.onegujarati=2791;e.onegurmukhi=2663;e.onehackarabic=1633;e.onehalf=189;e.onehangzhou=12321;e.oneideographicparen=12832;e.oneinferior=8321;e.onemonospace=65297;e.onenumeratorbengali=2548;e.oneoldstyle=63281;e.oneparen=9332;e.oneperiod=9352;e.onepersian=1777;e.onequarter=188;e.oneroman=8560;e.onesuperior=185;e.onethai=3665;e.onethird=8531;e.oogonek=491;e.oogonekmacron=493;e.oogurmukhi=2579;e.oomatragurmukhi=2635;e.oopen=596;e.oparen=9386;e.openbullet=9702;e.option=8997;e.ordfeminine=170;e.ordmasculine=186;e.orthogonal=8735;e.oshortdeva=2322;e.oshortvowelsigndeva=2378;e.oslash=248;e.oslashacute=511;e.osmallhiragana=12361;e.osmallkatakana=12457;e.osmallkatakanahalfwidth=65387;e.ostrokeacute=511;e.osuperior=63216;e.otcyrillic=1151;e.otilde=245;e.otildeacute=7757;e.otildedieresis=7759;e.oubopomofo=12577;e.overline=8254;e.overlinecenterline=65098;e.overlinecmb=773;e.overlinedashed=65097;e.overlinedblwavy=65100;e.overlinewavy=65099;e.overscore=175;e.ovowelsignbengali=2507;e.ovowelsigndeva=2379;e.ovowelsigngujarati=2763;e.p=112;e.paampssquare=13184;e.paasentosquare=13099;e.pabengali=2474;e.pacute=7765;e.padeva=2346;e.pagedown=8671;e.pageup=8670;e.pagujarati=2730;e.pagurmukhi=2602;e.pahiragana=12401;e.paiyannoithai=3631;e.pakatakana=12497;e.palatalizationcyrilliccmb=1156;e.palochkacyrillic=1216;e.pansioskorean=12671;e.paragraph=182;e.parallel=8741;e.parenleft=40;e.parenleftaltonearabic=64830;e.parenleftbt=63725;e.parenleftex=63724;e.parenleftinferior=8333;e.parenleftmonospace=65288;e.parenleftsmall=65113;e.parenleftsuperior=8317;e.parenlefttp=63723;e.parenleftvertical=65077;e.parenright=41;e.parenrightaltonearabic=64831;e.parenrightbt=63736;e.parenrightex=63735;e.parenrightinferior=8334;e.parenrightmonospace=65289;e.parenrightsmall=65114;e.parenrightsuperior=8318;e.parenrighttp=63734;e.parenrightvertical=65078;e.partialdiff=8706;e.paseqhebrew=1472;e.pashtahebrew=1433;e.pasquare=13225;e.patah=1463;e.patah11=1463;e.patah1d=1463;e.patah2a=1463;e.patahhebrew=1463;e.patahnarrowhebrew=1463;e.patahquarterhebrew=1463;e.patahwidehebrew=1463;e.pazerhebrew=1441;e.pbopomofo=12550;e.pcircle=9439;e.pdotaccent=7767;e.pe=1508;e.pecyrillic=1087;e.pedagesh=64324;e.pedageshhebrew=64324;e.peezisquare=13115;e.pefinaldageshhebrew=64323;e.peharabic=1662;e.peharmenian=1402;e.pehebrew=1508;e.pehfinalarabic=64343;e.pehinitialarabic=64344;e.pehiragana=12410;e.pehmedialarabic=64345;e.pekatakana=12506;e.pemiddlehookcyrillic=1191;e.perafehebrew=64334;e.percent=37;e.percentarabic=1642;e.percentmonospace=65285;e.percentsmall=65130;e.period=46;e.periodarmenian=1417;e.periodcentered=183;e.periodhalfwidth=65377;e.periodinferior=63207;e.periodmonospace=65294;e.periodsmall=65106;e.periodsuperior=63208;e.perispomenigreekcmb=834;e.perpendicular=8869;e.perthousand=8240;e.peseta=8359;e.pfsquare=13194;e.phabengali=2475;e.phadeva=2347;e.phagujarati=2731;e.phagurmukhi=2603;e.phi=966;e.phi1=981;e.phieuphacirclekorean=12922;e.phieuphaparenkorean=12826;e.phieuphcirclekorean=12908;e.phieuphkorean=12621;e.phieuphparenkorean=12812;e.philatin=632;e.phinthuthai=3642;e.phisymbolgreek=981;e.phook=421;e.phophanthai=3614;e.phophungthai=3612;e.phosamphaothai=3616;e.pi=960;e.pieupacirclekorean=12915;e.pieupaparenkorean=12819;e.pieupcieuckorean=12662;e.pieupcirclekorean=12901;e.pieupkiyeokkorean=12658;e.pieupkorean=12610;e.pieupparenkorean=12805;e.pieupsioskiyeokkorean=12660;e.pieupsioskorean=12612;e.pieupsiostikeutkorean=12661;e.pieupthieuthkorean=12663;e.pieuptikeutkorean=12659;e.pihiragana=12404;e.pikatakana=12500;e.pisymbolgreek=982;e.piwrarmenian=1411;e.planckover2pi=8463;e.planckover2pi1=8463;e.plus=43;e.plusbelowcmb=799;e.pluscircle=8853;e.plusminus=177;e.plusmod=726;e.plusmonospace=65291;e.plussmall=65122;e.plussuperior=8314;e.pmonospace=65360;e.pmsquare=13272;e.pohiragana=12413;e.pointingindexdownwhite=9759;e.pointingindexleftwhite=9756;e.pointingindexrightwhite=9758;e.pointingindexupwhite=9757;e.pokatakana=12509;e.poplathai=3611;e.postalmark=12306;e.postalmarkface=12320;e.pparen=9387;e.precedes=8826;e.prescription=8478;e.primemod=697;e.primereversed=8245;e.product=8719;e.projective=8965;e.prolongedkana=12540;e.propellor=8984;e.propersubset=8834;e.propersuperset=8835;e.proportion=8759;e.proportional=8733;e.psi=968;e.psicyrillic=1137;e.psilipneumatacyrilliccmb=1158;e.pssquare=13232;e.puhiragana=12407;e.pukatakana=12503;e.pvsquare=13236;e.pwsquare=13242;e.q=113;e.qadeva=2392;e.qadmahebrew=1448;e.qafarabic=1602;e.qaffinalarabic=65238;e.qafinitialarabic=65239;e.qafmedialarabic=65240;e.qamats=1464;e.qamats10=1464;e.qamats1a=1464;e.qamats1c=1464;e.qamats27=1464;e.qamats29=1464;e.qamats33=1464;e.qamatsde=1464;e.qamatshebrew=1464;e.qamatsnarrowhebrew=1464;e.qamatsqatanhebrew=1464;e.qamatsqatannarrowhebrew=1464;e.qamatsqatanquarterhebrew=1464;e.qamatsqatanwidehebrew=1464;e.qamatsquarterhebrew=1464;e.qamatswidehebrew=1464;e.qarneyparahebrew=1439;e.qbopomofo=12561;e.qcircle=9440;e.qhook=672;e.qmonospace=65361;e.qof=1511;e.qofdagesh=64327;e.qofdageshhebrew=64327;e.qofhebrew=1511;e.qparen=9388;e.quarternote=9833;e.qubuts=1467;e.qubuts18=1467;e.qubuts25=1467;e.qubuts31=1467;e.qubutshebrew=1467;e.qubutsnarrowhebrew=1467;e.qubutsquarterhebrew=1467;e.qubutswidehebrew=1467;e.question=63;e.questionarabic=1567;e.questionarmenian=1374;e.questiondown=191;e.questiondownsmall=63423;e.questiongreek=894;e.questionmonospace=65311;e.questionsmall=63295;e.quotedbl=34;e.quotedblbase=8222;e.quotedblleft=8220;e.quotedblmonospace=65282;e.quotedblprime=12318;e.quotedblprimereversed=12317;e.quotedblright=8221;e.quoteleft=8216;e.quoteleftreversed=8219;e.quotereversed=8219;e.quoteright=8217;e.quoterightn=329;e.quotesinglbase=8218;e.quotesingle=39;e.quotesinglemonospace=65287;e.r=114;e.raarmenian=1404;e.rabengali=2480;e.racute=341;e.radeva=2352;e.radical=8730;e.radicalex=63717;e.radoverssquare=13230;e.radoverssquaredsquare=13231;e.radsquare=13229;e.rafe=1471;e.rafehebrew=1471;e.ragujarati=2736;e.ragurmukhi=2608;e.rahiragana=12425;e.rakatakana=12521;e.rakatakanahalfwidth=65431;e.ralowerdiagonalbengali=2545;e.ramiddlediagonalbengali=2544;e.ramshorn=612;e.ratio=8758;e.rbopomofo=12566;e.rcaron=345;e.rcedilla=343;e.rcircle=9441;e.rcommaaccent=343;e.rdblgrave=529;e.rdotaccent=7769;e.rdotbelow=7771;e.rdotbelowmacron=7773;e.referencemark=8251;e.reflexsubset=8838;e.reflexsuperset=8839;e.registered=174;e.registersans=63720;e.registerserif=63194;e.reharabic=1585;e.reharmenian=1408;e.rehfinalarabic=65198;e.rehiragana=12428;e.rekatakana=12524;e.rekatakanahalfwidth=65434;e.resh=1512;e.reshdageshhebrew=64328;e.reshhebrew=1512;e.reversedtilde=8765;e.reviahebrew=1431;e.reviamugrashhebrew=1431;e.revlogicalnot=8976;e.rfishhook=638;e.rfishhookreversed=639;e.rhabengali=2525;e.rhadeva=2397;e.rho=961;e.rhook=637;e.rhookturned=635;e.rhookturnedsuperior=693;e.rhosymbolgreek=1009;e.rhotichookmod=734;e.rieulacirclekorean=12913;e.rieulaparenkorean=12817;e.rieulcirclekorean=12899;e.rieulhieuhkorean=12608;e.rieulkiyeokkorean=12602;e.rieulkiyeoksioskorean=12649;e.rieulkorean=12601;e.rieulmieumkorean=12603;e.rieulpansioskorean=12652;e.rieulparenkorean=12803;e.rieulphieuphkorean=12607;e.rieulpieupkorean=12604;e.rieulpieupsioskorean=12651;e.rieulsioskorean=12605;e.rieulthieuthkorean=12606;e.rieultikeutkorean=12650;e.rieulyeorinhieuhkorean=12653;e.rightangle=8735;e.righttackbelowcmb=793;e.righttriangle=8895;e.rihiragana=12426;e.rikatakana=12522;e.rikatakanahalfwidth=65432;e.ring=730;e.ringbelowcmb=805;e.ringcmb=778;e.ringhalfleft=703;e.ringhalfleftarmenian=1369;e.ringhalfleftbelowcmb=796;e.ringhalfleftcentered=723;e.ringhalfright=702;e.ringhalfrightbelowcmb=825;e.ringhalfrightcentered=722;e.rinvertedbreve=531;e.rittorusquare=13137;e.rlinebelow=7775;e.rlongleg=636;e.rlonglegturned=634;e.rmonospace=65362;e.rohiragana=12429;e.rokatakana=12525;e.rokatakanahalfwidth=65435;e.roruathai=3619;e.rparen=9389;e.rrabengali=2524;e.rradeva=2353;e.rragurmukhi=2652;e.rreharabic=1681;e.rrehfinalarabic=64397;e.rrvocalicbengali=2528;e.rrvocalicdeva=2400;e.rrvocalicgujarati=2784;e.rrvocalicvowelsignbengali=2500;e.rrvocalicvowelsigndeva=2372;e.rrvocalicvowelsigngujarati=2756;e.rsuperior=63217;e.rtblock=9616;e.rturned=633;e.rturnedsuperior=692;e.ruhiragana=12427;e.rukatakana=12523;e.rukatakanahalfwidth=65433;e.rupeemarkbengali=2546;e.rupeesignbengali=2547;e.rupiah=63197;e.ruthai=3620;e.rvocalicbengali=2443;e.rvocalicdeva=2315;e.rvocalicgujarati=2699;e.rvocalicvowelsignbengali=2499;e.rvocalicvowelsigndeva=2371;e.rvocalicvowelsigngujarati=2755;e.s=115;e.sabengali=2488;e.sacute=347;e.sacutedotaccent=7781;e.sadarabic=1589;e.sadeva=2360;e.sadfinalarabic=65210;e.sadinitialarabic=65211;e.sadmedialarabic=65212;e.sagujarati=2744;e.sagurmukhi=2616;e.sahiragana=12373;e.sakatakana=12469;e.sakatakanahalfwidth=65403;e.sallallahoualayhewasallamarabic=65018;e.samekh=1505;e.samekhdagesh=64321;e.samekhdageshhebrew=64321;e.samekhhebrew=1505;e.saraaathai=3634;e.saraaethai=3649;e.saraaimaimalaithai=3652;e.saraaimaimuanthai=3651;e.saraamthai=3635;e.saraathai=3632;e.saraethai=3648;e.saraiileftthai=63622;e.saraiithai=3637;e.saraileftthai=63621;e.saraithai=3636;e.saraothai=3650;e.saraueeleftthai=63624;e.saraueethai=3639;e.saraueleftthai=63623;e.sarauethai=3638;e.sarauthai=3640;e.sarauuthai=3641;e.sbopomofo=12569;e.scaron=353;e.scarondotaccent=7783;e.scedilla=351;e.schwa=601;e.schwacyrillic=1241;e.schwadieresiscyrillic=1243;e.schwahook=602;e.scircle=9442;e.scircumflex=349;e.scommaaccent=537;e.sdotaccent=7777;e.sdotbelow=7779;e.sdotbelowdotaccent=7785;e.seagullbelowcmb=828;e.second=8243;e.secondtonechinese=714;e.section=167;e.seenarabic=1587;e.seenfinalarabic=65202;e.seeninitialarabic=65203;e.seenmedialarabic=65204;e.segol=1462;e.segol13=1462;e.segol1f=1462;e.segol2c=1462;e.segolhebrew=1462;e.segolnarrowhebrew=1462;e.segolquarterhebrew=1462;e.segoltahebrew=1426;e.segolwidehebrew=1462;e.seharmenian=1405;e.sehiragana=12379;e.sekatakana=12475;e.sekatakanahalfwidth=65406;e.semicolon=59;e.semicolonarabic=1563;e.semicolonmonospace=65307;e.semicolonsmall=65108;e.semivoicedmarkkana=12444;e.semivoicedmarkkanahalfwidth=65439;e.sentisquare=13090;e.sentosquare=13091;e.seven=55;e.sevenarabic=1639;e.sevenbengali=2541;e.sevencircle=9318;e.sevencircleinversesansserif=10128;e.sevendeva=2413;e.seveneighths=8542;e.sevengujarati=2797;e.sevengurmukhi=2669;e.sevenhackarabic=1639;e.sevenhangzhou=12327;e.sevenideographicparen=12838;e.seveninferior=8327;e.sevenmonospace=65303;e.sevenoldstyle=63287;e.sevenparen=9338;e.sevenperiod=9358;e.sevenpersian=1783;e.sevenroman=8566;e.sevensuperior=8311;e.seventeencircle=9328;e.seventeenparen=9348;e.seventeenperiod=9368;e.seventhai=3671;e.sfthyphen=173;e.shaarmenian=1399;e.shabengali=2486;e.shacyrillic=1096;e.shaddaarabic=1617;e.shaddadammaarabic=64609;e.shaddadammatanarabic=64606;e.shaddafathaarabic=64608;e.shaddakasraarabic=64610;e.shaddakasratanarabic=64607;e.shade=9618;e.shadedark=9619;e.shadelight=9617;e.shademedium=9618;e.shadeva=2358;e.shagujarati=2742;e.shagurmukhi=2614;e.shalshelethebrew=1427;e.shbopomofo=12565;e.shchacyrillic=1097;e.sheenarabic=1588;e.sheenfinalarabic=65206;e.sheeninitialarabic=65207;e.sheenmedialarabic=65208;e.sheicoptic=995;e.sheqel=8362;e.sheqelhebrew=8362;e.sheva=1456;e.sheva115=1456;e.sheva15=1456;e.sheva22=1456;e.sheva2e=1456;e.shevahebrew=1456;e.shevanarrowhebrew=1456;e.shevaquarterhebrew=1456;e.shevawidehebrew=1456;e.shhacyrillic=1211;e.shimacoptic=1005;e.shin=1513;e.shindagesh=64329;e.shindageshhebrew=64329;e.shindageshshindot=64300;e.shindageshshindothebrew=64300;e.shindageshsindot=64301;e.shindageshsindothebrew=64301;e.shindothebrew=1473;e.shinhebrew=1513;e.shinshindot=64298;e.shinshindothebrew=64298;e.shinsindot=64299;e.shinsindothebrew=64299;e.shook=642;e.sigma=963;e.sigma1=962;e.sigmafinal=962;e.sigmalunatesymbolgreek=1010;e.sihiragana=12375;e.sikatakana=12471;e.sikatakanahalfwidth=65404;e.siluqhebrew=1469;e.siluqlefthebrew=1469;e.similar=8764;e.sindothebrew=1474;e.siosacirclekorean=12916;e.siosaparenkorean=12820;e.sioscieuckorean=12670;e.sioscirclekorean=12902;e.sioskiyeokkorean=12666;e.sioskorean=12613;e.siosnieunkorean=12667;e.siosparenkorean=12806;e.siospieupkorean=12669;e.siostikeutkorean=12668;e.six=54;e.sixarabic=1638;e.sixbengali=2540;e.sixcircle=9317;e.sixcircleinversesansserif=10127;e.sixdeva=2412;e.sixgujarati=2796;e.sixgurmukhi=2668;e.sixhackarabic=1638;e.sixhangzhou=12326;e.sixideographicparen=12837;e.sixinferior=8326;e.sixmonospace=65302;e.sixoldstyle=63286;e.sixparen=9337;e.sixperiod=9357;e.sixpersian=1782;e.sixroman=8565;e.sixsuperior=8310;e.sixteencircle=9327;e.sixteencurrencydenominatorbengali=2553;e.sixteenparen=9347;e.sixteenperiod=9367;e.sixthai=3670;e.slash=47;e.slashmonospace=65295;e.slong=383;e.slongdotaccent=7835;e.smileface=9786;e.smonospace=65363;e.sofpasuqhebrew=1475;e.softhyphen=173;e.softsigncyrillic=1100;e.sohiragana=12381;e.sokatakana=12477;e.sokatakanahalfwidth=65407;e.soliduslongoverlaycmb=824;e.solidusshortoverlaycmb=823;e.sorusithai=3625;e.sosalathai=3624;e.sosothai=3595;e.sosuathai=3626;e.space=32;e.spacehackarabic=32;e.spade=9824;e.spadesuitblack=9824;e.spadesuitwhite=9828;e.sparen=9390;e.squarebelowcmb=827;e.squarecc=13252;e.squarecm=13213;e.squarediagonalcrosshatchfill=9641;e.squarehorizontalfill=9636;e.squarekg=13199;e.squarekm=13214;e.squarekmcapital=13262;e.squareln=13265;e.squarelog=13266;e.squaremg=13198;e.squaremil=13269;e.squaremm=13212;e.squaremsquared=13217;e.squareorthogonalcrosshatchfill=9638;e.squareupperlefttolowerrightfill=9639;e.squareupperrighttolowerleftfill=9640;e.squareverticalfill=9637;e.squarewhitewithsmallblack=9635;e.srsquare=13275;e.ssabengali=2487;e.ssadeva=2359;e.ssagujarati=2743;e.ssangcieuckorean=12617;e.ssanghieuhkorean=12677;e.ssangieungkorean=12672;e.ssangkiyeokkorean=12594;e.ssangnieunkorean=12645;e.ssangpieupkorean=12611;e.ssangsioskorean=12614;e.ssangtikeutkorean=12600;e.ssuperior=63218;e.sterling=163;e.sterlingmonospace=65505;e.strokelongoverlaycmb=822;e.strokeshortoverlaycmb=821;e.subset=8834;e.subsetnotequal=8842;e.subsetorequal=8838;e.succeeds=8827;e.suchthat=8715;e.suhiragana=12377;e.sukatakana=12473;e.sukatakanahalfwidth=65405;e.sukunarabic=1618;e.summation=8721;e.sun=9788;e.superset=8835;e.supersetnotequal=8843;e.supersetorequal=8839;e.svsquare=13276;e.syouwaerasquare=13180;e.t=116;e.tabengali=2468;e.tackdown=8868;e.tackleft=8867;e.tadeva=2340;e.tagujarati=2724;e.tagurmukhi=2596;e.taharabic=1591;e.tahfinalarabic=65218;e.tahinitialarabic=65219;e.tahiragana=12383;e.tahmedialarabic=65220;e.taisyouerasquare=13181;e.takatakana=12479;e.takatakanahalfwidth=65408;e.tatweelarabic=1600;e.tau=964;e.tav=1514;e.tavdages=64330;e.tavdagesh=64330;e.tavdageshhebrew=64330;e.tavhebrew=1514;e.tbar=359;e.tbopomofo=12554;e.tcaron=357;e.tccurl=680;e.tcedilla=355;e.tcheharabic=1670;e.tchehfinalarabic=64379;e.tchehinitialarabic=64380;e.tchehmedialarabic=64381;e.tcircle=9443;e.tcircumflexbelow=7793;e.tcommaaccent=355;e.tdieresis=7831;e.tdotaccent=7787;e.tdotbelow=7789;e.tecyrillic=1090;e.tedescendercyrillic=1197;e.teharabic=1578;e.tehfinalarabic=65174;e.tehhahinitialarabic=64674;e.tehhahisolatedarabic=64524;e.tehinitialarabic=65175;e.tehiragana=12390;e.tehjeeminitialarabic=64673;e.tehjeemisolatedarabic=64523;e.tehmarbutaarabic=1577;e.tehmarbutafinalarabic=65172;e.tehmedialarabic=65176;e.tehmeeminitialarabic=64676;e.tehmeemisolatedarabic=64526;e.tehnoonfinalarabic=64627;e.tekatakana=12486;e.tekatakanahalfwidth=65411;e.telephone=8481;e.telephoneblack=9742;e.telishagedolahebrew=1440;e.telishaqetanahebrew=1449;e.tencircle=9321;e.tenideographicparen=12841;e.tenparen=9341;e.tenperiod=9361;e.tenroman=8569;e.tesh=679;e.tet=1496;e.tetdagesh=64312;e.tetdageshhebrew=64312;e.tethebrew=1496;e.tetsecyrillic=1205;e.tevirhebrew=1435;e.tevirlefthebrew=1435;e.thabengali=2469;e.thadeva=2341;e.thagujarati=2725;e.thagurmukhi=2597;e.thalarabic=1584;e.thalfinalarabic=65196;e.thanthakhatlowleftthai=63640;e.thanthakhatlowrightthai=63639;e.thanthakhatthai=3660;e.thanthakhatupperleftthai=63638;e.theharabic=1579;e.thehfinalarabic=65178;e.thehinitialarabic=65179;e.thehmedialarabic=65180;e.thereexists=8707;e.therefore=8756;e.theta=952;e.theta1=977;e.thetasymbolgreek=977;e.thieuthacirclekorean=12921;e.thieuthaparenkorean=12825;e.thieuthcirclekorean=12907;e.thieuthkorean=12620;e.thieuthparenkorean=12811;e.thirteencircle=9324;e.thirteenparen=9344;e.thirteenperiod=9364;e.thonangmonthothai=3601;e.thook=429;e.thophuthaothai=3602;e.thorn=254;e.thothahanthai=3607;e.thothanthai=3600;e.thothongthai=3608;e.thothungthai=3606;e.thousandcyrillic=1154;e.thousandsseparatorarabic=1644;e.thousandsseparatorpersian=1644;e.three=51;e.threearabic=1635;e.threebengali=2537;e.threecircle=9314;e.threecircleinversesansserif=10124;e.threedeva=2409;e.threeeighths=8540;e.threegujarati=2793;e.threegurmukhi=2665;e.threehackarabic=1635;e.threehangzhou=12323;e.threeideographicparen=12834;e.threeinferior=8323;e.threemonospace=65299;e.threenumeratorbengali=2550;e.threeoldstyle=63283;e.threeparen=9334;e.threeperiod=9354;e.threepersian=1779;e.threequarters=190;e.threequartersemdash=63198;e.threeroman=8562;e.threesuperior=179;e.threethai=3667;e.thzsquare=13204;e.tihiragana=12385;e.tikatakana=12481;e.tikatakanahalfwidth=65409;e.tikeutacirclekorean=12912;e.tikeutaparenkorean=12816;e.tikeutcirclekorean=12898;e.tikeutkorean=12599;e.tikeutparenkorean=12802;e.tilde=732;e.tildebelowcmb=816;e.tildecmb=771;e.tildecomb=771;e.tildedoublecmb=864;e.tildeoperator=8764;e.tildeoverlaycmb=820;e.tildeverticalcmb=830;e.timescircle=8855;e.tipehahebrew=1430;e.tipehalefthebrew=1430;e.tippigurmukhi=2672;e.titlocyrilliccmb=1155;e.tiwnarmenian=1407;e.tlinebelow=7791;e.tmonospace=65364;e.toarmenian=1385;e.tohiragana=12392;e.tokatakana=12488;e.tokatakanahalfwidth=65412;e.tonebarextrahighmod=741;e.tonebarextralowmod=745;e.tonebarhighmod=742;e.tonebarlowmod=744;e.tonebarmidmod=743;e.tonefive=445;e.tonesix=389;e.tonetwo=424;e.tonos=900;e.tonsquare=13095;e.topatakthai=3599;e.tortoiseshellbracketleft=12308;e.tortoiseshellbracketleftsmall=65117;e.tortoiseshellbracketleftvertical=65081;e.tortoiseshellbracketright=12309;e.tortoiseshellbracketrightsmall=65118;e.tortoiseshellbracketrightvertical=65082;e.totaothai=3605;e.tpalatalhook=427;e.tparen=9391;e.trademark=8482;e.trademarksans=63722;e.trademarkserif=63195;e.tretroflexhook=648;e.triagdn=9660;e.triaglf=9668;e.triagrt=9658;e.triagup=9650;e.ts=678;e.tsadi=1510;e.tsadidagesh=64326;e.tsadidageshhebrew=64326;e.tsadihebrew=1510;e.tsecyrillic=1094;e.tsere=1461;e.tsere12=1461;e.tsere1e=1461;e.tsere2b=1461;e.tserehebrew=1461;e.tserenarrowhebrew=1461;e.tserequarterhebrew=1461;e.tserewidehebrew=1461;e.tshecyrillic=1115;e.tsuperior=63219;e.ttabengali=2463;e.ttadeva=2335;e.ttagujarati=2719;e.ttagurmukhi=2591;e.tteharabic=1657;e.ttehfinalarabic=64359;e.ttehinitialarabic=64360;e.ttehmedialarabic=64361;e.tthabengali=2464;e.tthadeva=2336;e.tthagujarati=2720;e.tthagurmukhi=2592;e.tturned=647;e.tuhiragana=12388;e.tukatakana=12484;e.tukatakanahalfwidth=65410;e.tusmallhiragana=12387;e.tusmallkatakana=12483;e.tusmallkatakanahalfwidth=65391;e.twelvecircle=9323;e.twelveparen=9343;e.twelveperiod=9363;e.twelveroman=8571;e.twentycircle=9331;e.twentyhangzhou=21316;e.twentyparen=9351;e.twentyperiod=9371;e.two=50;e.twoarabic=1634;e.twobengali=2536;e.twocircle=9313;e.twocircleinversesansserif=10123;e.twodeva=2408;e.twodotenleader=8229;e.twodotleader=8229;e.twodotleadervertical=65072;e.twogujarati=2792;e.twogurmukhi=2664;e.twohackarabic=1634;e.twohangzhou=12322;e.twoideographicparen=12833;e.twoinferior=8322;e.twomonospace=65298;e.twonumeratorbengali=2549;e.twooldstyle=63282;e.twoparen=9333;e.twoperiod=9353;e.twopersian=1778;e.tworoman=8561;e.twostroke=443;e.twosuperior=178;e.twothai=3666;e.twothirds=8532;e.u=117;e.uacute=250;e.ubar=649;e.ubengali=2441;e.ubopomofo=12584;e.ubreve=365;e.ucaron=468;e.ucircle=9444;e.ucircumflex=251;e.ucircumflexbelow=7799;e.ucyrillic=1091;e.udattadeva=2385;e.udblacute=369;e.udblgrave=533;e.udeva=2313;e.udieresis=252;e.udieresisacute=472;e.udieresisbelow=7795;e.udieresiscaron=474;e.udieresiscyrillic=1265;e.udieresisgrave=476;e.udieresismacron=470;e.udotbelow=7909;e.ugrave=249;e.ugujarati=2697;e.ugurmukhi=2569;e.uhiragana=12358;e.uhookabove=7911;e.uhorn=432;e.uhornacute=7913;e.uhorndotbelow=7921;e.uhorngrave=7915;e.uhornhookabove=7917;e.uhorntilde=7919;e.uhungarumlaut=369;e.uhungarumlautcyrillic=1267;e.uinvertedbreve=535;e.ukatakana=12454;e.ukatakanahalfwidth=65395;e.ukcyrillic=1145;e.ukorean=12636;e.umacron=363;e.umacroncyrillic=1263;e.umacrondieresis=7803;e.umatragurmukhi=2625;e.umonospace=65365;e.underscore=95;e.underscoredbl=8215;e.underscoremonospace=65343;e.underscorevertical=65075;e.underscorewavy=65103;e.union=8746;e.universal=8704;e.uogonek=371;e.uparen=9392;e.upblock=9600;e.upperdothebrew=1476;e.upsilon=965;e.upsilondieresis=971;e.upsilondieresistonos=944;e.upsilonlatin=650;e.upsilontonos=973;e.uptackbelowcmb=797;e.uptackmod=724;e.uragurmukhi=2675;e.uring=367;e.ushortcyrillic=1118;e.usmallhiragana=12357;e.usmallkatakana=12453;e.usmallkatakanahalfwidth=65385;e.ustraightcyrillic=1199;e.ustraightstrokecyrillic=1201;e.utilde=361;e.utildeacute=7801;e.utildebelow=7797;e.uubengali=2442;e.uudeva=2314;e.uugujarati=2698;e.uugurmukhi=2570;e.uumatragurmukhi=2626;e.uuvowelsignbengali=2498;e.uuvowelsigndeva=2370;e.uuvowelsigngujarati=2754;e.uvowelsignbengali=2497;e.uvowelsigndeva=2369;e.uvowelsigngujarati=2753;e.v=118;e.vadeva=2357;e.vagujarati=2741;e.vagurmukhi=2613;e.vakatakana=12535;e.vav=1493;e.vavdagesh=64309;e.vavdagesh65=64309;e.vavdageshhebrew=64309;e.vavhebrew=1493;e.vavholam=64331;e.vavholamhebrew=64331;e.vavvavhebrew=1520;e.vavyodhebrew=1521;e.vcircle=9445;e.vdotbelow=7807;e.vecyrillic=1074;e.veharabic=1700;e.vehfinalarabic=64363;e.vehinitialarabic=64364;e.vehmedialarabic=64365;e.vekatakana=12537;e.venus=9792;e.verticalbar=124;e.verticallineabovecmb=781;e.verticallinebelowcmb=809;e.verticallinelowmod=716;e.verticallinemod=712;e.vewarmenian=1406;e.vhook=651;e.vikatakana=12536;e.viramabengali=2509;e.viramadeva=2381;e.viramagujarati=2765;e.visargabengali=2435;e.visargadeva=2307;e.visargagujarati=2691;e.vmonospace=65366;e.voarmenian=1400;e.voicediterationhiragana=12446;e.voicediterationkatakana=12542;e.voicedmarkkana=12443;e.voicedmarkkanahalfwidth=65438;e.vokatakana=12538;e.vparen=9393;e.vtilde=7805;e.vturned=652;e.vuhiragana=12436;e.vukatakana=12532;e.w=119;e.wacute=7811;e.waekorean=12633;e.wahiragana=12431;e.wakatakana=12527;e.wakatakanahalfwidth=65436;e.wakorean=12632;e.wasmallhiragana=12430;e.wasmallkatakana=12526;e.wattosquare=13143;e.wavedash=12316;e.wavyunderscorevertical=65076;e.wawarabic=1608;e.wawfinalarabic=65262;e.wawhamzaabovearabic=1572;e.wawhamzaabovefinalarabic=65158;e.wbsquare=13277;e.wcircle=9446;e.wcircumflex=373;e.wdieresis=7813;e.wdotaccent=7815;e.wdotbelow=7817;e.wehiragana=12433;e.weierstrass=8472;e.wekatakana=12529;e.wekorean=12638;e.weokorean=12637;e.wgrave=7809;e.whitebullet=9702;e.whitecircle=9675;e.whitecircleinverse=9689;e.whitecornerbracketleft=12302;e.whitecornerbracketleftvertical=65091;e.whitecornerbracketright=12303;e.whitecornerbracketrightvertical=65092;e.whitediamond=9671;e.whitediamondcontainingblacksmalldiamond=9672;e.whitedownpointingsmalltriangle=9663;e.whitedownpointingtriangle=9661;e.whiteleftpointingsmalltriangle=9667;e.whiteleftpointingtriangle=9665;e.whitelenticularbracketleft=12310;e.whitelenticularbracketright=12311;e.whiterightpointingsmalltriangle=9657;e.whiterightpointingtriangle=9655;e.whitesmallsquare=9643;e.whitesmilingface=9786;e.whitesquare=9633;e.whitestar=9734;e.whitetelephone=9743;e.whitetortoiseshellbracketleft=12312;e.whitetortoiseshellbracketright=12313;e.whiteuppointingsmalltriangle=9653;e.whiteuppointingtriangle=9651;e.wihiragana=12432;e.wikatakana=12528;e.wikorean=12639;e.wmonospace=65367;e.wohiragana=12434;e.wokatakana=12530;e.wokatakanahalfwidth=65382;e.won=8361;e.wonmonospace=65510;e.wowaenthai=3623;e.wparen=9394;e.wring=7832;e.wsuperior=695;e.wturned=653;e.wynn=447;e.x=120;e.xabovecmb=829;e.xbopomofo=12562;e.xcircle=9447;e.xdieresis=7821;e.xdotaccent=7819;e.xeharmenian=1389;e.xi=958;e.xmonospace=65368;e.xparen=9395;e.xsuperior=739;e.y=121;e.yaadosquare=13134;e.yabengali=2479;e.yacute=253;e.yadeva=2351;e.yaekorean=12626;e.yagujarati=2735;e.yagurmukhi=2607;e.yahiragana=12420;e.yakatakana=12516;e.yakatakanahalfwidth=65428;e.yakorean=12625;e.yamakkanthai=3662;e.yasmallhiragana=12419;e.yasmallkatakana=12515;e.yasmallkatakanahalfwidth=65388;e.yatcyrillic=1123;e.ycircle=9448;e.ycircumflex=375;e.ydieresis=255;e.ydotaccent=7823;e.ydotbelow=7925;e.yeharabic=1610;e.yehbarreearabic=1746;e.yehbarreefinalarabic=64431;e.yehfinalarabic=65266;e.yehhamzaabovearabic=1574;e.yehhamzaabovefinalarabic=65162;e.yehhamzaaboveinitialarabic=65163;e.yehhamzaabovemedialarabic=65164;e.yehinitialarabic=65267;e.yehmedialarabic=65268;e.yehmeeminitialarabic=64733;e.yehmeemisolatedarabic=64600;e.yehnoonfinalarabic=64660;e.yehthreedotsbelowarabic=1745;e.yekorean=12630;e.yen=165;e.yenmonospace=65509;e.yeokorean=12629;e.yeorinhieuhkorean=12678;e.yerahbenyomohebrew=1450;e.yerahbenyomolefthebrew=1450;e.yericyrillic=1099;e.yerudieresiscyrillic=1273;e.yesieungkorean=12673;e.yesieungpansioskorean=12675;e.yesieungsioskorean=12674;e.yetivhebrew=1434;e.ygrave=7923;e.yhook=436;e.yhookabove=7927;e.yiarmenian=1397;e.yicyrillic=1111;e.yikorean=12642;e.yinyang=9775;e.yiwnarmenian=1410;e.ymonospace=65369;e.yod=1497;e.yoddagesh=64313;e.yoddageshhebrew=64313;e.yodhebrew=1497;e.yodyodhebrew=1522;e.yodyodpatahhebrew=64287;e.yohiragana=12424;e.yoikorean=12681;e.yokatakana=12520;e.yokatakanahalfwidth=65430;e.yokorean=12635;e.yosmallhiragana=12423;e.yosmallkatakana=12519;e.yosmallkatakanahalfwidth=65390;e.yotgreek=1011;e.yoyaekorean=12680;e.yoyakorean=12679;e.yoyakthai=3618;e.yoyingthai=3597;e.yparen=9396;e.ypogegrammeni=890;e.ypogegrammenigreekcmb=837;e.yr=422;e.yring=7833;e.ysuperior=696;e.ytilde=7929;e.yturned=654;e.yuhiragana=12422;e.yuikorean=12684;e.yukatakana=12518;e.yukatakanahalfwidth=65429;e.yukorean=12640;e.yusbigcyrillic=1131;e.yusbigiotifiedcyrillic=1133;e.yuslittlecyrillic=1127;e.yuslittleiotifiedcyrillic=1129;e.yusmallhiragana=12421;e.yusmallkatakana=12517;e.yusmallkatakanahalfwidth=65389;e.yuyekorean=12683;e.yuyeokorean=12682;e.yyabengali=2527;e.yyadeva=2399;e.z=122;e.zaarmenian=1382;e.zacute=378;e.zadeva=2395;e.zagurmukhi=2651;e.zaharabic=1592;e.zahfinalarabic=65222;e.zahinitialarabic=65223;e.zahiragana=12374;e.zahmedialarabic=65224;e.zainarabic=1586;e.zainfinalarabic=65200;e.zakatakana=12470;e.zaqefgadolhebrew=1429;e.zaqefqatanhebrew=1428;e.zarqahebrew=1432;e.zayin=1494;e.zayindagesh=64310;e.zayindageshhebrew=64310;e.zayinhebrew=1494;e.zbopomofo=12567;e.zcaron=382;e.zcircle=9449;e.zcircumflex=7825;e.zcurl=657;e.zdot=380;e.zdotaccent=380;e.zdotbelow=7827;e.zecyrillic=1079;e.zedescendercyrillic=1177;e.zedieresiscyrillic=1247;e.zehiragana=12380;e.zekatakana=12476;e.zero=48;e.zeroarabic=1632;e.zerobengali=2534;e.zerodeva=2406;e.zerogujarati=2790;e.zerogurmukhi=2662;e.zerohackarabic=1632;e.zeroinferior=8320;e.zeromonospace=65296;e.zerooldstyle=63280;e.zeropersian=1776;e.zerosuperior=8304;e.zerothai=3664;e.zerowidthjoiner=65279;e.zerowidthnonjoiner=8204;e.zerowidthspace=8203;e.zeta=950;e.zhbopomofo=12563;e.zhearmenian=1386;e.zhebrevecyrillic=1218;e.zhecyrillic=1078;e.zhedescendercyrillic=1175;e.zhedieresiscyrillic=1245;e.zihiragana=12376;e.zikatakana=12472;e.zinorhebrew=1454;e.zlinebelow=7829;e.zmonospace=65370;e.zohiragana=12382;e.zokatakana=12478;e.zparen=9397;e.zretroflexhook=656;e.zstroke=438;e.zuhiragana=12378;e.zukatakana=12474;e[".notdef"]=0;e.angbracketleftbig=9001;e.angbracketleftBig=9001;e.angbracketleftbigg=9001;e.angbracketleftBigg=9001;e.angbracketrightBig=9002;e.angbracketrightbig=9002;e.angbracketrightBigg=9002;e.angbracketrightbigg=9002;e.arrowhookleft=8618;e.arrowhookright=8617;e.arrowlefttophalf=8636;e.arrowleftbothalf=8637;e.arrownortheast=8599;e.arrownorthwest=8598;e.arrowrighttophalf=8640;e.arrowrightbothalf=8641;e.arrowsoutheast=8600;e.arrowsouthwest=8601;e.backslashbig=8726;e.backslashBig=8726;e.backslashBigg=8726;e.backslashbigg=8726;e.bardbl=8214;e.bracehtipdownleft=65079;e.bracehtipdownright=65079;e.bracehtipupleft=65080;e.bracehtipupright=65080;e.braceleftBig=123;e.braceleftbig=123;e.braceleftbigg=123;e.braceleftBigg=123;e.bracerightBig=125;e.bracerightbig=125;e.bracerightbigg=125;e.bracerightBigg=125;e.bracketleftbig=91;e.bracketleftBig=91;e.bracketleftbigg=91;e.bracketleftBigg=91;e.bracketrightBig=93;e.bracketrightbig=93;e.bracketrightbigg=93;e.bracketrightBigg=93;e.ceilingleftbig=8968;e.ceilingleftBig=8968;e.ceilingleftBigg=8968;e.ceilingleftbigg=8968;e.ceilingrightbig=8969;e.ceilingrightBig=8969;e.ceilingrightbigg=8969;e.ceilingrightBigg=8969;e.circledotdisplay=8857;e.circledottext=8857;e.circlemultiplydisplay=8855;e.circlemultiplytext=8855;e.circleplusdisplay=8853;e.circleplustext=8853;e.contintegraldisplay=8750;e.contintegraltext=8750;e.coproductdisplay=8720;e.coproducttext=8720;e.floorleftBig=8970;e.floorleftbig=8970;e.floorleftbigg=8970;e.floorleftBigg=8970;e.floorrightbig=8971;e.floorrightBig=8971;e.floorrightBigg=8971;e.floorrightbigg=8971;e.hatwide=770;e.hatwider=770;e.hatwidest=770;e.intercal=7488;e.integraldisplay=8747;e.integraltext=8747;e.intersectiondisplay=8898;e.intersectiontext=8898;e.logicalanddisplay=8743;e.logicalandtext=8743;e.logicalordisplay=8744;e.logicalortext=8744;e.parenleftBig=40;e.parenleftbig=40;e.parenleftBigg=40;e.parenleftbigg=40;e.parenrightBig=41;e.parenrightbig=41;e.parenrightBigg=41;e.parenrightbigg=41;e.prime=8242;e.productdisplay=8719;e.producttext=8719;e.radicalbig=8730;e.radicalBig=8730;e.radicalBigg=8730;e.radicalbigg=8730;e.radicalbt=8730;e.radicaltp=8730;e.radicalvertex=8730;e.slashbig=47;e.slashBig=47;e.slashBigg=47;e.slashbigg=47;e.summationdisplay=8721;e.summationtext=8721;e.tildewide=732;e.tildewider=732;e.tildewidest=732;e.uniondisplay=8899;e.unionmultidisplay=8846;e.unionmultitext=8846;e.unionsqdisplay=8852;e.unionsqtext=8852;e.uniontext=8899;e.vextenddouble=8741;e.vextendsingle=8739})),Ir=getLookupTableFactory((function(e){e.space=32;e.a1=9985;e.a2=9986;e.a202=9987;e.a3=9988;e.a4=9742;e.a5=9990;e.a119=9991;e.a118=9992;e.a117=9993;e.a11=9755;e.a12=9758;e.a13=9996;e.a14=9997;e.a15=9998;e.a16=9999;e.a105=1e4;e.a17=10001;e.a18=10002;e.a19=10003;e.a20=10004;e.a21=10005;e.a22=10006;e.a23=10007;e.a24=10008;e.a25=10009;e.a26=10010;e.a27=10011;e.a28=10012;e.a6=10013;e.a7=10014;e.a8=10015;e.a9=10016;e.a10=10017;e.a29=10018;e.a30=10019;e.a31=10020;e.a32=10021;e.a33=10022;e.a34=10023;e.a35=9733;e.a36=10025;e.a37=10026;e.a38=10027;e.a39=10028;e.a40=10029;e.a41=10030;e.a42=10031;e.a43=10032;e.a44=10033;e.a45=10034;e.a46=10035;e.a47=10036;e.a48=10037;e.a49=10038;e.a50=10039;e.a51=10040;e.a52=10041;e.a53=10042;e.a54=10043;e.a55=10044;e.a56=10045;e.a57=10046;e.a58=10047;e.a59=10048;e.a60=10049;e.a61=10050;e.a62=10051;e.a63=10052;e.a64=10053;e.a65=10054;e.a66=10055;e.a67=10056;e.a68=10057;e.a69=10058;e.a70=10059;e.a71=9679;e.a72=10061;e.a73=9632;e.a74=10063;e.a203=10064;e.a75=10065;e.a204=10066;e.a76=9650;e.a77=9660;e.a78=9670;e.a79=10070;e.a81=9687;e.a82=10072;e.a83=10073;e.a84=10074;e.a97=10075;e.a98=10076;e.a99=10077;e.a100=10078;e.a101=10081;e.a102=10082;e.a103=10083;e.a104=10084;e.a106=10085;e.a107=10086;e.a108=10087;e.a112=9827;e.a111=9830;e.a110=9829;e.a109=9824;e.a120=9312;e.a121=9313;e.a122=9314;e.a123=9315;e.a124=9316;e.a125=9317;e.a126=9318;e.a127=9319;e.a128=9320;e.a129=9321;e.a130=10102;e.a131=10103;e.a132=10104;e.a133=10105;e.a134=10106;e.a135=10107;e.a136=10108;e.a137=10109;e.a138=10110;e.a139=10111;e.a140=10112;e.a141=10113;e.a142=10114;e.a143=10115;e.a144=10116;e.a145=10117;e.a146=10118;e.a147=10119;e.a148=10120;e.a149=10121;e.a150=10122;e.a151=10123;e.a152=10124;e.a153=10125;e.a154=10126;e.a155=10127;e.a156=10128;e.a157=10129;e.a158=10130;e.a159=10131;e.a160=10132;e.a161=8594;e.a163=8596;e.a164=8597;e.a196=10136;e.a165=10137;e.a192=10138;e.a166=10139;e.a167=10140;e.a168=10141;e.a169=10142;e.a170=10143;e.a171=10144;e.a172=10145;e.a173=10146;e.a162=10147;e.a174=10148;e.a175=10149;e.a176=10150;e.a177=10151;e.a178=10152;e.a179=10153;e.a193=10154;e.a180=10155;e.a199=10156;e.a181=10157;e.a200=10158;e.a182=10159;e.a201=10161;e.a183=10162;e.a184=10163;e.a197=10164;e.a185=10165;e.a194=10166;e.a198=10167;e.a186=10168;e.a195=10169;e.a187=10170;e.a188=10171;e.a189=10172;e.a190=10173;e.a191=10174;e.a89=10088;e.a90=10089;e.a93=10090;e.a94=10091;e.a91=10092;e.a92=10093;e.a205=10094;e.a85=10095;e.a206=10096;e.a86=10097;e.a87=10098;e.a88=10099;e.a95=10100;e.a96=10101;e[".notdef"]=0})),Tr=getLookupTableFactory((function(e){e[63721]=169;e[63193]=169;e[63720]=174;e[63194]=174;e[63722]=8482;e[63195]=8482;e[63729]=9127;e[63730]=9128;e[63731]=9129;e[63740]=9131;e[63741]=9132;e[63742]=9133;e[63726]=9121;e[63727]=9122;e[63728]=9123;e[63737]=9124;e[63738]=9125;e[63739]=9126;e[63723]=9115;e[63724]=9116;e[63725]=9117;e[63734]=9118;e[63735]=9119;e[63736]=9120}));function getUnicodeForGlyph(e,t){let a=t[e];if(void 0!==a)return a;if(!e)return-1;if("u"===e[0]){const t=e.length;let r;if(7===t&&"n"===e[1]&&"i"===e[2])r=e.substring(3);else{if(!(t>=5&&t<=7))return-1;r=e.substring(1)}if(r===r.toUpperCase()){a=parseInt(r,16);if(a>=0)return a}}return-1}const Or=[[0,127],[128,255],[256,383],[384,591],[592,687,7424,7551,7552,7615],[688,767,42752,42783],[768,879,7616,7679],[880,1023],[11392,11519],[1024,1279,1280,1327,11744,11775,42560,42655],[1328,1423],[1424,1535],[42240,42559],[1536,1791,1872,1919],[1984,2047],[2304,2431],[2432,2559],[2560,2687],[2688,2815],[2816,2943],[2944,3071],[3072,3199],[3200,3327],[3328,3455],[3584,3711],[3712,3839],[4256,4351,11520,11567],[6912,7039],[4352,4607],[7680,7935,11360,11391,42784,43007],[7936,8191],[8192,8303,11776,11903],[8304,8351],[8352,8399],[8400,8447],[8448,8527],[8528,8591],[8592,8703,10224,10239,10496,10623,11008,11263],[8704,8959,10752,11007,10176,10223,10624,10751],[8960,9215],[9216,9279],[9280,9311],[9312,9471],[9472,9599],[9600,9631],[9632,9727],[9728,9983],[9984,10175],[12288,12351],[12352,12447],[12448,12543,12784,12799],[12544,12591,12704,12735],[12592,12687],[43072,43135],[12800,13055],[13056,13311],[44032,55215],[55296,57343],[67840,67871],[19968,40959,11904,12031,12032,12255,12272,12287,13312,19903,131072,173791,12688,12703],[57344,63743],[12736,12783,63744,64255,194560,195103],[64256,64335],[64336,65023],[65056,65071],[65040,65055],[65104,65135],[65136,65279],[65280,65519],[65520,65535],[3840,4095],[1792,1871],[1920,1983],[3456,3583],[4096,4255],[4608,4991,4992,5023,11648,11743],[5024,5119],[5120,5759],[5760,5791],[5792,5887],[6016,6143],[6144,6319],[10240,10495],[40960,42127],[5888,5919,5920,5951,5952,5983,5984,6015],[66304,66351],[66352,66383],[66560,66639],[118784,119039,119040,119295,119296,119375],[119808,120831],[1044480,1048573],[65024,65039,917760,917999],[917504,917631],[6400,6479],[6480,6527],[6528,6623],[6656,6687],[11264,11359],[11568,11647],[19904,19967],[43008,43055],[65536,65663,65664,65791,65792,65855],[65856,65935],[66432,66463],[66464,66527],[66640,66687],[66688,66735],[67584,67647],[68096,68191],[119552,119647],[73728,74751,74752,74879],[119648,119679],[7040,7103],[7168,7247],[7248,7295],[43136,43231],[43264,43311],[43312,43359],[43520,43615],[65936,65999],[66e3,66047],[66208,66271,66176,66207,67872,67903],[127024,127135,126976,127023]];function getUnicodeRangeFor(e,t=-1){if(-1!==t){const a=Or[t];for(let r=0,i=a.length;r=a[r]&&e<=a[r+1])return t}for(let t=0,a=Or.length;t=a[r]&&e<=a[r+1])return t}return-1}const Mr=new RegExp("^(\\s)|(\\p{Mn})|(\\p{Cf})$","u"),Dr=new Map;const Rr=!0,Nr=1,Er=2,Pr=4,Lr=32,jr=[".notdef",".null","nonmarkingreturn","space","exclam","quotedbl","numbersign","dollar","percent","ampersand","quotesingle","parenleft","parenright","asterisk","plus","comma","hyphen","period","slash","zero","one","two","three","four","five","six","seven","eight","nine","colon","semicolon","less","equal","greater","question","at","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","bracketleft","backslash","bracketright","asciicircum","underscore","grave","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","braceleft","bar","braceright","asciitilde","Adieresis","Aring","Ccedilla","Eacute","Ntilde","Odieresis","Udieresis","aacute","agrave","acircumflex","adieresis","atilde","aring","ccedilla","eacute","egrave","ecircumflex","edieresis","iacute","igrave","icircumflex","idieresis","ntilde","oacute","ograve","ocircumflex","odieresis","otilde","uacute","ugrave","ucircumflex","udieresis","dagger","degree","cent","sterling","section","bullet","paragraph","germandbls","registered","copyright","trademark","acute","dieresis","notequal","AE","Oslash","infinity","plusminus","lessequal","greaterequal","yen","mu","partialdiff","summation","product","pi","integral","ordfeminine","ordmasculine","Omega","ae","oslash","questiondown","exclamdown","logicalnot","radical","florin","approxequal","Delta","guillemotleft","guillemotright","ellipsis","nonbreakingspace","Agrave","Atilde","Otilde","OE","oe","endash","emdash","quotedblleft","quotedblright","quoteleft","quoteright","divide","lozenge","ydieresis","Ydieresis","fraction","currency","guilsinglleft","guilsinglright","fi","fl","daggerdbl","periodcentered","quotesinglbase","quotedblbase","perthousand","Acircumflex","Ecircumflex","Aacute","Edieresis","Egrave","Iacute","Icircumflex","Idieresis","Igrave","Oacute","Ocircumflex","apple","Ograve","Uacute","Ucircumflex","Ugrave","dotlessi","circumflex","tilde","macron","breve","dotaccent","ring","cedilla","hungarumlaut","ogonek","caron","Lslash","lslash","Scaron","scaron","Zcaron","zcaron","brokenbar","Eth","eth","Yacute","yacute","Thorn","thorn","minus","multiply","onesuperior","twosuperior","threesuperior","onehalf","onequarter","threequarters","franc","Gbreve","gbreve","Idotaccent","Scedilla","scedilla","Cacute","cacute","Ccaron","ccaron","dcroat"];function recoverGlyphName(e,t){if(void 0!==t[e])return e;const a=getUnicodeForGlyph(e,t);if(-1!==a)for(const e in t)if(t[e]===a)return e;info("Unable to recover a standard glyph name for: "+e);return e}function type1FontGlyphMapping(e,t,a){const r=Object.create(null);let i,n,s;const o=!!(e.flags&Pr);if(e.isInternalFont){s=t;for(n=0;n=0?i:0}}else if(e.baseEncodingName){s=getEncoding(e.baseEncodingName);for(n=0;n=0?i:0}}else if(o)for(n in t)r[n]=t[n];else{s=kr;for(n=0;n=0?i:0}}const c=e.differences;let l;if(c)for(n in c){const e=c[n];i=a.indexOf(e);if(-1===i){l||(l=Fr());const t=recoverGlyphName(e,l);t!==e&&(i=a.indexOf(t))}r[n]=i>=0?i:0}return r}function normalizeFontName(e){return e.replaceAll(/[,_]/g,"-").replaceAll(/\s/g,"")}const _r=getLookupTableFactory((e=>{e[8211]=65074;e[8212]=65073;e[8229]=65072;e[8230]=65049;e[12289]=65041;e[12290]=65042;e[12296]=65087;e[12297]=65088;e[12298]=65085;e[12299]=65086;e[12300]=65089;e[12301]=65090;e[12302]=65091;e[12303]=65092;e[12304]=65083;e[12305]=65084;e[12308]=65081;e[12309]=65082;e[12310]=65047;e[12311]=65048;e[65103]=65076;e[65281]=65045;e[65288]=65077;e[65289]=65078;e[65292]=65040;e[65306]=65043;e[65307]=65044;e[65311]=65046;e[65339]=65095;e[65341]=65096;e[65343]=65075;e[65371]=65079;e[65373]=65080}));const Ur=[".notdef","space","exclam","quotedbl","numbersign","dollar","percent","ampersand","quoteright","parenleft","parenright","asterisk","plus","comma","hyphen","period","slash","zero","one","two","three","four","five","six","seven","eight","nine","colon","semicolon","less","equal","greater","question","at","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","bracketleft","backslash","bracketright","asciicircum","underscore","quoteleft","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","braceleft","bar","braceright","asciitilde","exclamdown","cent","sterling","fraction","yen","florin","section","currency","quotesingle","quotedblleft","guillemotleft","guilsinglleft","guilsinglright","fi","fl","endash","dagger","daggerdbl","periodcentered","paragraph","bullet","quotesinglbase","quotedblbase","quotedblright","guillemotright","ellipsis","perthousand","questiondown","grave","acute","circumflex","tilde","macron","breve","dotaccent","dieresis","ring","cedilla","hungarumlaut","ogonek","caron","emdash","AE","ordfeminine","Lslash","Oslash","OE","ordmasculine","ae","dotlessi","lslash","oslash","oe","germandbls","onesuperior","logicalnot","mu","trademark","Eth","onehalf","plusminus","Thorn","onequarter","divide","brokenbar","degree","thorn","threequarters","twosuperior","registered","minus","eth","multiply","threesuperior","copyright","Aacute","Acircumflex","Adieresis","Agrave","Aring","Atilde","Ccedilla","Eacute","Ecircumflex","Edieresis","Egrave","Iacute","Icircumflex","Idieresis","Igrave","Ntilde","Oacute","Ocircumflex","Odieresis","Ograve","Otilde","Scaron","Uacute","Ucircumflex","Udieresis","Ugrave","Yacute","Ydieresis","Zcaron","aacute","acircumflex","adieresis","agrave","aring","atilde","ccedilla","eacute","ecircumflex","edieresis","egrave","iacute","icircumflex","idieresis","igrave","ntilde","oacute","ocircumflex","odieresis","ograve","otilde","scaron","uacute","ucircumflex","udieresis","ugrave","yacute","ydieresis","zcaron"],Xr=[".notdef","space","exclamsmall","Hungarumlautsmall","dollaroldstyle","dollarsuperior","ampersandsmall","Acutesmall","parenleftsuperior","parenrightsuperior","twodotenleader","onedotenleader","comma","hyphen","period","fraction","zerooldstyle","oneoldstyle","twooldstyle","threeoldstyle","fouroldstyle","fiveoldstyle","sixoldstyle","sevenoldstyle","eightoldstyle","nineoldstyle","colon","semicolon","commasuperior","threequartersemdash","periodsuperior","questionsmall","asuperior","bsuperior","centsuperior","dsuperior","esuperior","isuperior","lsuperior","msuperior","nsuperior","osuperior","rsuperior","ssuperior","tsuperior","ff","fi","fl","ffi","ffl","parenleftinferior","parenrightinferior","Circumflexsmall","hyphensuperior","Gravesmall","Asmall","Bsmall","Csmall","Dsmall","Esmall","Fsmall","Gsmall","Hsmall","Ismall","Jsmall","Ksmall","Lsmall","Msmall","Nsmall","Osmall","Psmall","Qsmall","Rsmall","Ssmall","Tsmall","Usmall","Vsmall","Wsmall","Xsmall","Ysmall","Zsmall","colonmonetary","onefitted","rupiah","Tildesmall","exclamdownsmall","centoldstyle","Lslashsmall","Scaronsmall","Zcaronsmall","Dieresissmall","Brevesmall","Caronsmall","Dotaccentsmall","Macronsmall","figuredash","hypheninferior","Ogoneksmall","Ringsmall","Cedillasmall","onequarter","onehalf","threequarters","questiondownsmall","oneeighth","threeeighths","fiveeighths","seveneighths","onethird","twothirds","zerosuperior","onesuperior","twosuperior","threesuperior","foursuperior","fivesuperior","sixsuperior","sevensuperior","eightsuperior","ninesuperior","zeroinferior","oneinferior","twoinferior","threeinferior","fourinferior","fiveinferior","sixinferior","seveninferior","eightinferior","nineinferior","centinferior","dollarinferior","periodinferior","commainferior","Agravesmall","Aacutesmall","Acircumflexsmall","Atildesmall","Adieresissmall","Aringsmall","AEsmall","Ccedillasmall","Egravesmall","Eacutesmall","Ecircumflexsmall","Edieresissmall","Igravesmall","Iacutesmall","Icircumflexsmall","Idieresissmall","Ethsmall","Ntildesmall","Ogravesmall","Oacutesmall","Ocircumflexsmall","Otildesmall","Odieresissmall","OEsmall","Oslashsmall","Ugravesmall","Uacutesmall","Ucircumflexsmall","Udieresissmall","Yacutesmall","Thornsmall","Ydieresissmall"],qr=[".notdef","space","dollaroldstyle","dollarsuperior","parenleftsuperior","parenrightsuperior","twodotenleader","onedotenleader","comma","hyphen","period","fraction","zerooldstyle","oneoldstyle","twooldstyle","threeoldstyle","fouroldstyle","fiveoldstyle","sixoldstyle","sevenoldstyle","eightoldstyle","nineoldstyle","colon","semicolon","commasuperior","threequartersemdash","periodsuperior","asuperior","bsuperior","centsuperior","dsuperior","esuperior","isuperior","lsuperior","msuperior","nsuperior","osuperior","rsuperior","ssuperior","tsuperior","ff","fi","fl","ffi","ffl","parenleftinferior","parenrightinferior","hyphensuperior","colonmonetary","onefitted","rupiah","centoldstyle","figuredash","hypheninferior","onequarter","onehalf","threequarters","oneeighth","threeeighths","fiveeighths","seveneighths","onethird","twothirds","zerosuperior","onesuperior","twosuperior","threesuperior","foursuperior","fivesuperior","sixsuperior","sevensuperior","eightsuperior","ninesuperior","zeroinferior","oneinferior","twoinferior","threeinferior","fourinferior","fiveinferior","sixinferior","seveninferior","eightinferior","nineinferior","centinferior","dollarinferior","periodinferior","commainferior"],Hr=[".notdef","space","exclam","quotedbl","numbersign","dollar","percent","ampersand","quoteright","parenleft","parenright","asterisk","plus","comma","hyphen","period","slash","zero","one","two","three","four","five","six","seven","eight","nine","colon","semicolon","less","equal","greater","question","at","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","bracketleft","backslash","bracketright","asciicircum","underscore","quoteleft","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","braceleft","bar","braceright","asciitilde","exclamdown","cent","sterling","fraction","yen","florin","section","currency","quotesingle","quotedblleft","guillemotleft","guilsinglleft","guilsinglright","fi","fl","endash","dagger","daggerdbl","periodcentered","paragraph","bullet","quotesinglbase","quotedblbase","quotedblright","guillemotright","ellipsis","perthousand","questiondown","grave","acute","circumflex","tilde","macron","breve","dotaccent","dieresis","ring","cedilla","hungarumlaut","ogonek","caron","emdash","AE","ordfeminine","Lslash","Oslash","OE","ordmasculine","ae","dotlessi","lslash","oslash","oe","germandbls","onesuperior","logicalnot","mu","trademark","Eth","onehalf","plusminus","Thorn","onequarter","divide","brokenbar","degree","thorn","threequarters","twosuperior","registered","minus","eth","multiply","threesuperior","copyright","Aacute","Acircumflex","Adieresis","Agrave","Aring","Atilde","Ccedilla","Eacute","Ecircumflex","Edieresis","Egrave","Iacute","Icircumflex","Idieresis","Igrave","Ntilde","Oacute","Ocircumflex","Odieresis","Ograve","Otilde","Scaron","Uacute","Ucircumflex","Udieresis","Ugrave","Yacute","Ydieresis","Zcaron","aacute","acircumflex","adieresis","agrave","aring","atilde","ccedilla","eacute","ecircumflex","edieresis","egrave","iacute","icircumflex","idieresis","igrave","ntilde","oacute","ocircumflex","odieresis","ograve","otilde","scaron","uacute","ucircumflex","udieresis","ugrave","yacute","ydieresis","zcaron","exclamsmall","Hungarumlautsmall","dollaroldstyle","dollarsuperior","ampersandsmall","Acutesmall","parenleftsuperior","parenrightsuperior","twodotenleader","onedotenleader","zerooldstyle","oneoldstyle","twooldstyle","threeoldstyle","fouroldstyle","fiveoldstyle","sixoldstyle","sevenoldstyle","eightoldstyle","nineoldstyle","commasuperior","threequartersemdash","periodsuperior","questionsmall","asuperior","bsuperior","centsuperior","dsuperior","esuperior","isuperior","lsuperior","msuperior","nsuperior","osuperior","rsuperior","ssuperior","tsuperior","ff","ffi","ffl","parenleftinferior","parenrightinferior","Circumflexsmall","hyphensuperior","Gravesmall","Asmall","Bsmall","Csmall","Dsmall","Esmall","Fsmall","Gsmall","Hsmall","Ismall","Jsmall","Ksmall","Lsmall","Msmall","Nsmall","Osmall","Psmall","Qsmall","Rsmall","Ssmall","Tsmall","Usmall","Vsmall","Wsmall","Xsmall","Ysmall","Zsmall","colonmonetary","onefitted","rupiah","Tildesmall","exclamdownsmall","centoldstyle","Lslashsmall","Scaronsmall","Zcaronsmall","Dieresissmall","Brevesmall","Caronsmall","Dotaccentsmall","Macronsmall","figuredash","hypheninferior","Ogoneksmall","Ringsmall","Cedillasmall","questiondownsmall","oneeighth","threeeighths","fiveeighths","seveneighths","onethird","twothirds","zerosuperior","foursuperior","fivesuperior","sixsuperior","sevensuperior","eightsuperior","ninesuperior","zeroinferior","oneinferior","twoinferior","threeinferior","fourinferior","fiveinferior","sixinferior","seveninferior","eightinferior","nineinferior","centinferior","dollarinferior","periodinferior","commainferior","Agravesmall","Aacutesmall","Acircumflexsmall","Atildesmall","Adieresissmall","Aringsmall","AEsmall","Ccedillasmall","Egravesmall","Eacutesmall","Ecircumflexsmall","Edieresissmall","Igravesmall","Iacutesmall","Icircumflexsmall","Idieresissmall","Ethsmall","Ntildesmall","Ogravesmall","Oacutesmall","Ocircumflexsmall","Otildesmall","Odieresissmall","OEsmall","Oslashsmall","Ugravesmall","Uacutesmall","Ucircumflexsmall","Udieresissmall","Yacutesmall","Thornsmall","Ydieresissmall","001.000","001.001","001.002","001.003","Black","Bold","Book","Light","Medium","Regular","Roman","Semibold"],Wr=391,zr=[null,{id:"hstem",min:2,stackClearing:!0,stem:!0},null,{id:"vstem",min:2,stackClearing:!0,stem:!0},{id:"vmoveto",min:1,stackClearing:!0},{id:"rlineto",min:2,resetStack:!0},{id:"hlineto",min:1,resetStack:!0},{id:"vlineto",min:1,resetStack:!0},{id:"rrcurveto",min:6,resetStack:!0},null,{id:"callsubr",min:1,undefStack:!0},{id:"return",min:0,undefStack:!0},null,null,{id:"endchar",min:0,stackClearing:!0},null,null,null,{id:"hstemhm",min:2,stackClearing:!0,stem:!0},{id:"hintmask",min:0,stackClearing:!0},{id:"cntrmask",min:0,stackClearing:!0},{id:"rmoveto",min:2,stackClearing:!0},{id:"hmoveto",min:1,stackClearing:!0},{id:"vstemhm",min:2,stackClearing:!0,stem:!0},{id:"rcurveline",min:8,resetStack:!0},{id:"rlinecurve",min:8,resetStack:!0},{id:"vvcurveto",min:4,resetStack:!0},{id:"hhcurveto",min:4,resetStack:!0},null,{id:"callgsubr",min:1,undefStack:!0},{id:"vhcurveto",min:4,resetStack:!0},{id:"hvcurveto",min:4,resetStack:!0}],$r=[null,null,null,{id:"and",min:2,stackDelta:-1},{id:"or",min:2,stackDelta:-1},{id:"not",min:1,stackDelta:0},null,null,null,{id:"abs",min:1,stackDelta:0},{id:"add",min:2,stackDelta:-1,stackFn(e,t){e[t-2]=e[t-2]+e[t-1]}},{id:"sub",min:2,stackDelta:-1,stackFn(e,t){e[t-2]=e[t-2]-e[t-1]}},{id:"div",min:2,stackDelta:-1,stackFn(e,t){e[t-2]=e[t-2]/e[t-1]}},null,{id:"neg",min:1,stackDelta:0,stackFn(e,t){e[t-1]=-e[t-1]}},{id:"eq",min:2,stackDelta:-1},null,null,{id:"drop",min:1,stackDelta:-1},null,{id:"put",min:2,stackDelta:-2},{id:"get",min:1,stackDelta:0},{id:"ifelse",min:4,stackDelta:-3},{id:"random",min:0,stackDelta:1},{id:"mul",min:2,stackDelta:-1,stackFn(e,t){e[t-2]=e[t-2]*e[t-1]}},null,{id:"sqrt",min:1,stackDelta:0},{id:"dup",min:1,stackDelta:1},{id:"exch",min:2,stackDelta:0},{id:"index",min:2,stackDelta:0},{id:"roll",min:3,stackDelta:-2},null,null,null,{id:"hflex",min:7,resetStack:!0},{id:"flex",min:13,resetStack:!0},{id:"hflex1",min:9,resetStack:!0},{id:"flex1",min:11,resetStack:!0}];class CFFParser{constructor(e,t,a){this.bytes=e.getBytes();this.properties=t;this.seacAnalysisEnabled=!!a}parse(){const e=this.properties,t=new CFF;this.cff=t;const a=this.parseHeader(),r=this.parseIndex(a.endPos),i=this.parseIndex(r.endPos),n=this.parseIndex(i.endPos),s=this.parseIndex(n.endPos),o=this.parseDict(i.obj.get(0)),c=this.createDict(CFFTopDict,o,t.strings);t.header=a.obj;t.names=this.parseNameIndex(r.obj);t.strings=this.parseStringIndex(n.obj);t.topDict=c;t.globalSubrIndex=s.obj;this.parsePrivateDict(t.topDict);t.isCIDFont=c.hasName("ROS");const l=c.getByName("CharStrings"),h=this.parseIndex(l).obj,u=c.getByName("FontMatrix");u&&(e.fontMatrix=u);const d=c.getByName("FontBBox");if(d){e.ascent=Math.max(d[3],d[1]);e.descent=Math.min(d[1],d[3]);e.ascentScaled=!0}let f,g;if(t.isCIDFont){const e=this.parseIndex(c.getByName("FDArray")).obj;for(let a=0,r=e.count;a=t)throw new FormatError("Invalid CFF header");if(0!==a){info("cff data is shifted");e=e.subarray(a);this.bytes=e}const r=e[0],i=e[1],n=e[2],s=e[3];return{obj:new CFFHeader(r,i,n,s),endPos:n}}parseDict(e){let t=0;function parseOperand(){let a=e[t++];if(30===a)return function parseFloatOperand(){let a="";const r=15,i=["0","1","2","3","4","5","6","7","8","9",".","E","E-",null,"-"],n=e.length;for(;t>4,o=15&n;if(s===r)break;a+=i[s];if(o===r)break;a+=i[o]}return parseFloat(a)}();if(28===a){a=readInt16(e,t);t+=2;return a}if(29===a){a=e[t++];a=a<<8|e[t++];a=a<<8|e[t++];a=a<<8|e[t++];return a}if(a>=32&&a<=246)return a-139;if(a>=247&&a<=250)return 256*(a-247)+e[t++]+108;if(a>=251&&a<=254)return-256*(a-251)-e[t++]-108;warn('CFFParser_parseDict: "'+a+'" is a reserved command.');return NaN}let a=[];const r=[];t=0;const i=e.length;for(;t10)return!1;let i=e.stackSize;const n=e.stack;let s=t.length;for(let o=0;o=4){i-=4;if(this.seacAnalysisEnabled){e.seac=n.slice(i,i+4);return!1}}l=zr[c]}else if(c>=32&&c<=246){n[i]=c-139;i++}else if(c>=247&&c<=254){n[i]=c<251?(c-247<<8)+t[o]+108:-(c-251<<8)-t[o]-108;o++;i++}else if(255===c){n[i]=(t[o]<<24|t[o+1]<<16|t[o+2]<<8|t[o+3])/65536;o+=4;i++}else if(19===c||20===c){e.hints+=i>>1;if(0===e.hints){t.copyWithin(o-1,o,-1);o-=1;s-=1;continue}o+=e.hints+7>>3;i%=2;l=zr[c]}else{if(10===c||29===c){const t=10===c?a:r;if(!t){l=zr[c];warn("Missing subrsIndex for "+l.id);return!1}let s=32768;t.count<1240?s=107:t.count<33900&&(s=1131);const o=n[--i]+s;if(o<0||o>=t.count||isNaN(o)){l=zr[c];warn("Out of bounds subrIndex for "+l.id);return!1}e.stackSize=i;e.callDepth++;if(!this.parseCharString(e,t.get(o),a,r))return!1;e.callDepth--;i=e.stackSize;continue}if(11===c){e.stackSize=i;return!0}if(0===c&&o===t.length){t[o-1]=14;l=zr[14]}else{if(9===c){t.copyWithin(o-1,o,-1);o-=1;s-=1;continue}l=zr[c]}}if(l){if(l.stem){e.hints+=i>>1;if(3===c||23===c)e.hasVStems=!0;else if(e.hasVStems&&(1===c||18===c)){warn("CFF stem hints are in wrong order");t[o-1]=1===c?3:23}}if("min"in l&&!e.undefStack&&i=2&&l.stem?i%=2:i>1&&warn("Found too many parameters for stack-clearing command");i>0&&(e.width=n[i-1])}if("stackDelta"in l){"stackFn"in l&&l.stackFn(n,i);i+=l.stackDelta}else if(l.stackClearing)i=0;else if(l.resetStack){i=0;e.undefStack=!1}else if(l.undefStack){i=0;e.undefStack=!0;e.firstStackClearing=!1}}}s=i.length){warn("Invalid fd index for glyph index.");u=!1}if(u){f=i[e].privateDict;d=f.subrsIndex}}else t&&(d=t);u&&(u=this.parseCharString(h,c,d,a));if(null!==h.width){const e=f.getByName("nominalWidthX");o[l]=e+h.width}else{const e=f.getByName("defaultWidthX");o[l]=e}null!==h.seac&&(s[l]=h.seac);u||e.set(l,new Uint8Array([14]))}return{charStrings:e,seacs:s,widths:o}}emptyPrivateDictionary(e){const t=this.createDict(CFFPrivateDict,[],e.strings);e.setByKey(18,[0,0]);e.privateDict=t}parsePrivateDict(e){if(!e.hasName("Private")){this.emptyPrivateDictionary(e);return}const t=e.getByName("Private");if(!Array.isArray(t)||2!==t.length){e.removeByName("Private");return}const a=t[0],r=t[1];if(0===a||r>=this.bytes.length){this.emptyPrivateDictionary(e);return}const i=r+a,n=this.bytes.subarray(r,i),s=this.parseDict(n),o=this.createDict(CFFPrivateDict,s,e.strings);e.privateDict=o;0===o.getByName("ExpansionFactor")&&o.setByName("ExpansionFactor",.06);if(!o.getByName("Subrs"))return;const c=o.getByName("Subrs"),l=r+c;if(0===c||l>=this.bytes.length){this.emptyPrivateDictionary(e);return}const h=this.parseIndex(l);o.subrsIndex=h.obj}parseCharsets(e,t,a,r){if(0===e)return new CFFCharset(!0,Kr.ISO_ADOBE,Ur);if(1===e)return new CFFCharset(!0,Kr.EXPERT,Xr);if(2===e)return new CFFCharset(!0,Kr.EXPERT_SUBSET,qr);const i=this.bytes,n=e,s=i[e++],o=[r?0:".notdef"];let c,l,h;t-=1;switch(s){case 0:for(h=0;h=65535){warn("Not enough space in charstrings to duplicate first glyph.");return}const e=this.charStrings.get(0);this.charStrings.add(e);this.isCIDFont&&this.fdSelect.fdSelect.push(this.fdSelect.fdSelect[0])}hasGlyphId(e){if(e<0||e>=this.charStrings.count)return!1;return this.charStrings.get(e).length>0}}class CFFHeader{constructor(e,t,a,r){this.major=e;this.minor=t;this.hdrSize=a;this.offSize=r}}class CFFStrings{constructor(){this.strings=[]}get(e){return e>=0&&e<=390?Hr[e]:e-Wr<=this.strings.length?this.strings[e-Wr]:Hr[0]}getSID(e){let t=Hr.indexOf(e);if(-1!==t)return t;t=this.strings.indexOf(e);return-1!==t?t+Wr:-1}add(e){this.strings.push(e)}get count(){return this.strings.length}}class CFFIndex{constructor(){this.objects=[];this.length=0}add(e){this.length+=e.length;this.objects.push(e)}set(e,t){this.length+=t.length-this.objects[e].length;this.objects[e]=t}get(e){return this.objects[e]}get count(){return this.objects.length}}class CFFDict{constructor(e,t){this.keyToNameMap=e.keyToNameMap;this.nameToKeyMap=e.nameToKeyMap;this.defaults=e.defaults;this.types=e.types;this.opcodes=e.opcodes;this.order=e.order;this.strings=t;this.values=Object.create(null)}setByKey(e,t){if(!(e in this.keyToNameMap))return!1;if(0===t.length)return!0;for(const a of t)if(isNaN(a)){warn(`Invalid CFFDict value: "${t}" for key "${e}".`);return!0}const a=this.types[e];"num"!==a&&"sid"!==a&&"offset"!==a||(t=t[0]);this.values[e]=t;return!0}setByName(e,t){if(!(e in this.nameToKeyMap))throw new FormatError(`Invalid dictionary name "${e}"`);this.values[this.nameToKeyMap[e]]=t}hasName(e){return this.nameToKeyMap[e]in this.values}getByName(e){if(!(e in this.nameToKeyMap))throw new FormatError(`Invalid dictionary name ${e}"`);const t=this.nameToKeyMap[e];return t in this.values?this.values[t]:this.defaults[t]}removeByName(e){delete this.values[this.nameToKeyMap[e]]}static createTables(e){const t={keyToNameMap:{},nameToKeyMap:{},defaults:{},types:{},opcodes:{},order:[]};for(const a of e){const e=Array.isArray(a[0])?(a[0][0]<<8)+a[0][1]:a[0];t.keyToNameMap[e]=a[1];t.nameToKeyMap[a[1]]=e;t.types[e]=a[2];t.defaults[e]=a[3];t.opcodes[e]=Array.isArray(a[0])?a[0]:[a[0]];t.order.push(e)}return t}}const Gr=[[[12,30],"ROS",["sid","sid","num"],null],[[12,20],"SyntheticBase","num",null],[0,"version","sid",null],[1,"Notice","sid",null],[[12,0],"Copyright","sid",null],[2,"FullName","sid",null],[3,"FamilyName","sid",null],[4,"Weight","sid",null],[[12,1],"isFixedPitch","num",0],[[12,2],"ItalicAngle","num",0],[[12,3],"UnderlinePosition","num",-100],[[12,4],"UnderlineThickness","num",50],[[12,5],"PaintType","num",0],[[12,6],"CharstringType","num",2],[[12,7],"FontMatrix",["num","num","num","num","num","num"],[.001,0,0,.001,0,0]],[13,"UniqueID","num",null],[5,"FontBBox",["num","num","num","num"],[0,0,0,0]],[[12,8],"StrokeWidth","num",0],[14,"XUID","array",null],[15,"charset","offset",0],[16,"Encoding","offset",0],[17,"CharStrings","offset",0],[18,"Private",["offset","offset"],null],[[12,21],"PostScript","sid",null],[[12,22],"BaseFontName","sid",null],[[12,23],"BaseFontBlend","delta",null],[[12,31],"CIDFontVersion","num",0],[[12,32],"CIDFontRevision","num",0],[[12,33],"CIDFontType","num",0],[[12,34],"CIDCount","num",8720],[[12,35],"UIDBase","num",null],[[12,37],"FDSelect","offset",null],[[12,36],"FDArray","offset",null],[[12,38],"FontName","sid",null]];class CFFTopDict extends CFFDict{static get tables(){return shadow(this,"tables",this.createTables(Gr))}constructor(e){super(CFFTopDict.tables,e);this.privateDict=null}}const Vr=[[6,"BlueValues","delta",null],[7,"OtherBlues","delta",null],[8,"FamilyBlues","delta",null],[9,"FamilyOtherBlues","delta",null],[[12,9],"BlueScale","num",.039625],[[12,10],"BlueShift","num",7],[[12,11],"BlueFuzz","num",1],[10,"StdHW","num",null],[11,"StdVW","num",null],[[12,12],"StemSnapH","delta",null],[[12,13],"StemSnapV","delta",null],[[12,14],"ForceBold","num",0],[[12,17],"LanguageGroup","num",0],[[12,18],"ExpansionFactor","num",.06],[[12,19],"initialRandomSeed","num",0],[20,"defaultWidthX","num",0],[21,"nominalWidthX","num",0],[19,"Subrs","offset",null]];class CFFPrivateDict extends CFFDict{static get tables(){return shadow(this,"tables",this.createTables(Vr))}constructor(e){super(CFFPrivateDict.tables,e);this.subrsIndex=null}}const Kr={ISO_ADOBE:0,EXPERT:1,EXPERT_SUBSET:2};class CFFCharset{constructor(e,t,a,r){this.predefined=e;this.format=t;this.charset=a;this.raw=r}}class CFFEncoding{constructor(e,t,a,r){this.predefined=e;this.format=t;this.encoding=a;this.raw=r}}class CFFFDSelect{constructor(e,t){this.format=e;this.fdSelect=t}getFDIndex(e){return e<0||e>=this.fdSelect.length?-1:this.fdSelect[e]}}class CFFOffsetTracker{constructor(){this.offsets=Object.create(null)}isTracking(e){return e in this.offsets}track(e,t){if(e in this.offsets)throw new FormatError(`Already tracking location of ${e}`);this.offsets[e]=t}offset(e){for(const t in this.offsets)this.offsets[t]+=e}setEntryLocation(e,t,a){if(!(e in this.offsets))throw new FormatError(`Not tracking location of ${e}`);const r=a.data,i=this.offsets[e];for(let e=0,a=t.length;e>24&255;r[s]=l>>16&255;r[o]=l>>8&255;r[c]=255&l}}}class CFFCompiler{constructor(e){this.cff=e}compile(){const e=this.cff,t={data:[],length:0,add(e){try{this.data.push(...e)}catch{this.data=this.data.concat(e)}this.length=this.data.length}},a=this.compileHeader(e.header);t.add(a);const r=this.compileNameIndex(e.names);t.add(r);if(e.isCIDFont&&e.topDict.hasName("FontMatrix")){const t=e.topDict.getByName("FontMatrix");e.topDict.removeByName("FontMatrix");for(const a of e.fdArray){let e=t.slice(0);a.hasName("FontMatrix")&&(e=Util.transform(e,a.getByName("FontMatrix")));a.setByName("FontMatrix",e)}}const i=e.topDict.getByName("XUID");i?.length>16&&e.topDict.removeByName("XUID");e.topDict.setByName("charset",0);let n=this.compileTopDicts([e.topDict],t.length,e.isCIDFont);t.add(n.output);const s=n.trackers[0],o=this.compileStringIndex(e.strings.strings);t.add(o);const c=this.compileIndex(e.globalSubrIndex);t.add(c);if(e.encoding&&e.topDict.hasName("Encoding"))if(e.encoding.predefined)s.setEntryLocation("Encoding",[e.encoding.format],t);else{const a=this.compileEncoding(e.encoding);s.setEntryLocation("Encoding",[t.length],t);t.add(a)}const l=this.compileCharset(e.charset,e.charStrings.count,e.strings,e.isCIDFont);s.setEntryLocation("charset",[t.length],t);t.add(l);const h=this.compileCharStrings(e.charStrings);s.setEntryLocation("CharStrings",[t.length],t);t.add(h);if(e.isCIDFont){s.setEntryLocation("FDSelect",[t.length],t);const a=this.compileFDSelect(e.fdSelect);t.add(a);n=this.compileTopDicts(e.fdArray,t.length,!0);s.setEntryLocation("FDArray",[t.length],t);t.add(n.output);const r=n.trackers;this.compilePrivateDicts(e.fdArray,r,t)}this.compilePrivateDicts([e.topDict],[s],t);t.add([0]);return t.data}encodeNumber(e){return Number.isInteger(e)?this.encodeInteger(e):this.encodeFloat(e)}static get EncodeFloatRegExp(){return shadow(this,"EncodeFloatRegExp",/\.(\d*?)(?:9{5,20}|0{5,20})\d{0,2}(?:e(.+)|$)/)}encodeFloat(e){let t=e.toString();const a=CFFCompiler.EncodeFloatRegExp.exec(t);if(a){const r=parseFloat("1e"+((a[2]?+a[2]:0)+a[1].length));t=(Math.round(e*r)/r).toString()}let r,i,n="";for(r=0,i=t.length;r=-107&&e<=107?[e+139]:e>=108&&e<=1131?[247+((e-=108)>>8),255&e]:e>=-1131&&e<=-108?[251+((e=-e-108)>>8),255&e]:e>=-32768&&e<=32767?[28,e>>8&255,255&e]:[29,e>>24&255,e>>16&255,e>>8&255,255&e];return t}compileHeader(e){return[e.major,e.minor,4,e.offSize]}compileNameIndex(e){const t=new CFFIndex;for(const a of e){const e=Math.min(a.length,127);let r=new Array(e);for(let t=0;t"~"||"["===e||"]"===e||"("===e||")"===e||"{"===e||"}"===e||"<"===e||">"===e||"/"===e||"%"===e)&&(e="_");r[t]=e}r=r.join("");""===r&&(r="Bad_Font_Name");t.add(stringToBytes(r))}return this.compileIndex(t)}compileTopDicts(e,t,a){const r=[];let i=new CFFIndex;for(const n of e){if(a){n.removeByName("CIDFontVersion");n.removeByName("CIDFontRevision");n.removeByName("CIDFontType");n.removeByName("CIDCount");n.removeByName("UIDBase")}const e=new CFFOffsetTracker,s=this.compileDict(n,e);r.push(e);i.add(s);e.offset(t)}i=this.compileIndex(i,r);return{trackers:r,output:i}}compilePrivateDicts(e,t,a){for(let r=0,i=e.length;r>8&255,255&e])}else{i=new Uint8Array(1+2*n);i[0]=0;let t=0;const r=e.charset.length;let s=!1;for(let n=1;n>8&255;i[n+1]=255&o}}return this.compileTypedArray(i)}compileEncoding(e){return this.compileTypedArray(e.raw)}compileFDSelect(e){const t=e.format;let a,r;switch(t){case 0:a=new Uint8Array(1+e.fdSelect.length);a[0]=t;for(r=0;r>8&255,255&i,n];for(r=1;r>8&255,255&r,t);n=t}}const o=(s.length-3)/3;s[1]=o>>8&255;s[2]=255&o;s.push(r>>8&255,255&r);a=new Uint8Array(s)}return this.compileTypedArray(a)}compileTypedArray(e){return Array.from(e)}compileIndex(e,t=[]){const a=e.objects,r=a.length;if(0===r)return[0,0];const i=[r>>8&255,255&r];let n,s,o=1;for(n=0;n>8&255,255&c):3===s?i.push(c>>16&255,c>>8&255,255&c):i.push(c>>>24&255,c>>16&255,c>>8&255,255&c);a[n]&&(c+=a[n].length)}for(n=0;n=this.firstChar&&e<=this.lastChar?e:-1}amend(e){unreachable("Should not call amend()")}}class CFFFont{constructor(e,t){this.properties=t;const a=new CFFParser(e,t,Rr);this.cff=a.parse();this.cff.duplicateFirstGlyph();const r=new CFFCompiler(this.cff);this.seacs=this.cff.seacs;try{this.data=r.compile()}catch{warn("Failed to compile font "+t.loadedName);this.data=e}this._createBuiltInEncoding()}get numGlyphs(){return this.cff.charStrings.count}getCharset(){return this.cff.charset.charset}getGlyphMapping(){const e=this.cff,t=this.properties,{cidToGidMap:a,cMap:r}=t,i=e.charset.charset;let n,s;if(t.composite){let t,o;if(a?.length>0){t=Object.create(null);for(let e=0,r=a.length;e=0){const r=a[t];r&&(i[e]=r)}}i.length>0&&(this.properties.builtInEncoding=i)}}function getFloat214(e,t){return readInt16(e,t)/16384}function getSubroutineBias(e){const t=e.length;let a=32768;t<1240?a=107:t<33900&&(a=1131);return a}function parseCmap(e,t,a){const r=1===readUint16(e,t+2)?readUint32(e,t+8):readUint32(e,t+16),i=readUint16(e,t+r);let n,s,o;if(4===i){readUint16(e,t+r+2);const a=readUint16(e,t+r+6)>>1;s=t+r+14;n=[];for(o=0;o>1;a0;)h.push({flags:n})}for(a=0;a>1;y=!0;break;case 4:s+=i.pop();moveTo(n,s);y=!0;break;case 5:for(;i.length>0;){n+=i.shift();s+=i.shift();lineTo(n,s)}break;case 6:for(;i.length>0;){n+=i.shift();lineTo(n,s);if(0===i.length)break;s+=i.shift();lineTo(n,s)}break;case 7:for(;i.length>0;){s+=i.shift();lineTo(n,s);if(0===i.length)break;n+=i.shift();lineTo(n,s)}break;case 8:for(;i.length>0;){l=n+i.shift();u=s+i.shift();h=l+i.shift();d=u+i.shift();n=h+i.shift();s=d+i.shift();bezierCurveTo(l,u,h,d,n,s)}break;case 10:m=i.pop();b=null;if(a.isCFFCIDFont){const e=a.fdSelect.getFDIndex(r);if(e>=0&&eMath.abs(s-t)?n+=i.shift():s+=i.shift();bezierCurveTo(l,u,h,d,n,s);break;default:throw new FormatError(`unknown operator: 12 ${w}`)}break;case 14:if(i.length>=4){const e=i.pop(),r=i.pop();s=i.pop();n=i.pop();t.save();t.translate(n,s);let o=lookupCmap(a.cmap,String.fromCharCode(a.glyphNameMap[kr[e]]));compileCharString(a.glyphs[o.glyphId],t,a,o.glyphId);t.restore();o=lookupCmap(a.cmap,String.fromCharCode(a.glyphNameMap[kr[r]]));compileCharString(a.glyphs[o.glyphId],t,a,o.glyphId)}return;case 19:case 20:o+=i.length>>1;c+=o+7>>3;y=!0;break;case 21:s+=i.pop();n+=i.pop();moveTo(n,s);y=!0;break;case 22:n+=i.pop();moveTo(n,s);y=!0;break;case 24:for(;i.length>2;){l=n+i.shift();u=s+i.shift();h=l+i.shift();d=u+i.shift();n=h+i.shift();s=d+i.shift();bezierCurveTo(l,u,h,d,n,s)}n+=i.shift();s+=i.shift();lineTo(n,s);break;case 25:for(;i.length>6;){n+=i.shift();s+=i.shift();lineTo(n,s)}l=n+i.shift();u=s+i.shift();h=l+i.shift();d=u+i.shift();n=h+i.shift();s=d+i.shift();bezierCurveTo(l,u,h,d,n,s);break;case 26:i.length%2&&(n+=i.shift());for(;i.length>0;){l=n;u=s+i.shift();h=l+i.shift();d=u+i.shift();n=h;s=d+i.shift();bezierCurveTo(l,u,h,d,n,s)}break;case 27:i.length%2&&(s+=i.shift());for(;i.length>0;){l=n+i.shift();u=s;h=l+i.shift();d=u+i.shift();n=h+i.shift();s=d;bezierCurveTo(l,u,h,d,n,s)}break;case 28:i.push(readInt16(e,c));c+=2;break;case 29:m=i.pop()+a.gsubrsBias;b=a.gsubrs[m];b&&parse(b);break;case 30:for(;i.length>0;){l=n;u=s+i.shift();h=l+i.shift();d=u+i.shift();n=h+i.shift();s=d+(1===i.length?i.shift():0);bezierCurveTo(l,u,h,d,n,s);if(0===i.length)break;l=n+i.shift();u=s;h=l+i.shift();d=u+i.shift();s=d+i.shift();n=h+(1===i.length?i.shift():0);bezierCurveTo(l,u,h,d,n,s)}break;case 31:for(;i.length>0;){l=n+i.shift();u=s;h=l+i.shift();d=u+i.shift();s=d+i.shift();n=h+(1===i.length?i.shift():0);bezierCurveTo(l,u,h,d,n,s);if(0===i.length)break;l=n;u=s+i.shift();h=l+i.shift();d=u+i.shift();n=h+i.shift();s=d+(1===i.length?i.shift():0);bezierCurveTo(l,u,h,d,n,s)}break;default:if(w<32)throw new FormatError(`unknown operator: ${w}`);if(w<247)i.push(w-139);else if(w<251)i.push(256*(w-247)+e[c++]+108);else if(w<255)i.push(256*-(w-251)-e[c++]-108);else{i.push((e[c]<<24|e[c+1]<<16|e[c+2]<<8|e[c+3])/65536);c+=4}}y&&(i.length=0)}}(e)}class Commands{cmds=[];transformStack=[];currentTransform=[1,0,0,1,0,0];add(e,t){if(t){const{currentTransform:a}=this;for(let e=0,r=t.length;e=0&&e2*readUint16(e,t)}const n=[];let s=i(t,0);for(let a=r;ae.getSize()+3&-4)))}write(){const e=this.getSize(),t=new DataView(new ArrayBuffer(e)),a=e>131070,r=a?4:2,i=new DataView(new ArrayBuffer((this.glyphs.length+1)*r));a?i.setUint32(0,0):i.setUint16(0,0);let n=0,s=0;for(const e of this.glyphs){n+=e.write(n,t);n=n+3&-4;s+=r;a?i.setUint32(s,n):i.setUint16(s,n>>1)}return{isLocationLong:a,loca:new Uint8Array(i.buffer),glyf:new Uint8Array(t.buffer)}}scale(e){for(let t=0,a=this.glyphs.length;te.getSize())));return this.header.getSize()+e}write(e,t){if(!this.header)return 0;const a=e;e+=this.header.write(e,t);if(this.simple)e+=this.simple.write(e,t);else for(const a of this.composites)e+=a.write(e,t);return e-a}scale(e){if(!this.header)return;const t=(this.header.xMin+this.header.xMax)/2;this.header.scale(t,e);if(this.simple)this.simple.scale(t,e);else for(const a of this.composites)a.scale(t,e)}}class GlyphHeader{constructor({numberOfContours:e,xMin:t,yMin:a,xMax:r,yMax:i}){this.numberOfContours=e;this.xMin=t;this.yMin=a;this.xMax=r;this.yMax=i}static parse(e,t){return[10,new GlyphHeader({numberOfContours:t.getInt16(e),xMin:t.getInt16(e+2),yMin:t.getInt16(e+4),xMax:t.getInt16(e+6),yMax:t.getInt16(e+8)})]}getSize(){return 10}write(e,t){t.setInt16(e,this.numberOfContours);t.setInt16(e+2,this.xMin);t.setInt16(e+4,this.yMin);t.setInt16(e+6,this.xMax);t.setInt16(e+8,this.yMax);return 10}scale(e,t){this.xMin=Math.round(e+(this.xMin-e)*t);this.xMax=Math.round(e+(this.xMax-e)*t)}}class Contour{constructor({flags:e,xCoordinates:t,yCoordinates:a}){this.xCoordinates=t;this.yCoordinates=a;this.flags=e}}class SimpleGlyph{constructor({contours:e,instructions:t}){this.contours=e;this.instructions=t}static parse(e,t,a){const r=[];for(let i=0;i255?e+=2:o>0&&(e+=1);t=n;o=Math.abs(s-a);o>255?e+=2:o>0&&(e+=1);a=s}}return e}write(e,t){const a=e,r=[],i=[],n=[];let s=0,o=0;for(const a of this.contours){for(let e=0,t=a.xCoordinates.length;e=0?18:2;r.push(e)}else r.push(l)}s=c;const h=a.yCoordinates[e];l=h-o;if(0===l){t|=32;i.push(0)}else{const e=Math.abs(l);if(e<=255){t|=l>=0?36:4;i.push(e)}else i.push(l)}o=h;n.push(t)}t.setUint16(e,r.length-1);e+=2}t.setUint16(e,this.instructions.length);e+=2;if(this.instructions.length){new Uint8Array(t.buffer,0,t.buffer.byteLength).set(this.instructions,e);e+=this.instructions.length}for(const a of n)t.setUint8(e++,a);for(let a=0,i=r.length;a=-128&&this.argument1<=127&&this.argument2>=-128&&this.argument2<=127||(e+=2):this.argument1>=0&&this.argument1<=255&&this.argument2>=0&&this.argument2<=255||(e+=2);return e}write(e,t){const a=e;2&this.flags?this.argument1>=-128&&this.argument1<=127&&this.argument2>=-128&&this.argument2<=127||(this.flags|=1):this.argument1>=0&&this.argument1<=255&&this.argument2>=0&&this.argument2<=255||(this.flags|=1);t.setUint16(e,this.flags);t.setUint16(e+2,this.glyphIndex);e+=4;if(1&this.flags){if(2&this.flags){t.setInt16(e,this.argument1);t.setInt16(e+2,this.argument2)}else{t.setUint16(e,this.argument1);t.setUint16(e+2,this.argument2)}e+=4}else{t.setUint8(e,this.argument1);t.setUint8(e+1,this.argument2);e+=2}if(256&this.flags){t.setUint16(e,this.instructions.length);e+=2;if(this.instructions.length){new Uint8Array(t.buffer,0,t.buffer.byteLength).set(this.instructions,e);e+=this.instructions.length}}return e-a}scale(e,t){}}function writeInt16(e,t,a){e[t]=a>>8&255;e[t+1]=255&a}function writeInt32(e,t,a){e[t]=a>>24&255;e[t+1]=a>>16&255;e[t+2]=a>>8&255;e[t+3]=255&a}function writeData(e,t,a){if(a instanceof Uint8Array)e.set(a,t);else if("string"==typeof a)for(let r=0,i=a.length;ra;){a<<=1;r++}const i=a*t;return{range:i,entry:r,rangeShift:t*e-i}}toArray(){let e=this.sfnt;const t=this.tables,a=Object.keys(t);a.sort();const r=a.length;let i,n,s,o,c,l=12+16*r;const h=[l];for(i=0;i>>0;h.push(l)}const u=new Uint8Array(l);for(i=0;i>>0}writeInt32(u,l+4,e);writeInt32(u,l+8,h[i]);writeInt32(u,l+12,t[c].length);l+=16}return u}addTable(e,t){if(e in this.tables)throw new Error("Table "+e+" already exists");this.tables[e]=t}}const si=[4],oi=[5],ci=[6],li=[7],hi=[8],ui=[12,35],di=[14],fi=[21],gi=[22],pi=[30],mi=[31];class Type1CharString{constructor(){this.width=0;this.lsb=0;this.flexing=!1;this.output=[];this.stack=[]}convert(e,t,a){const r=e.length;let i,n,s,o=!1;for(let c=0;cr)return!0;const i=r-e;for(let e=i;e>8&255,255&t);else{t=65536*t|0;this.output.push(255,t>>24&255,t>>16&255,t>>8&255,255&t)}}this.output.push(...t);a?this.stack.splice(i,e):this.stack.length=0;return!1}}function isHexDigit(e){return e>=48&&e<=57||e>=65&&e<=70||e>=97&&e<=102}function decrypt(e,t,a){if(a>=e.length)return new Uint8Array(0);let r,i,n=0|t;for(r=0;r>8;n=52845*(t+n)+22719&65535}return o}function isSpecial(e){return 47===e||91===e||93===e||123===e||125===e||40===e||41===e}class Type1Parser{constructor(e,t,a){if(t){const t=e.getBytes(),a=!((isHexDigit(t[0])||isWhiteSpace(t[0]))&&isHexDigit(t[1])&&isHexDigit(t[2])&&isHexDigit(t[3])&&isHexDigit(t[4])&&isHexDigit(t[5])&&isHexDigit(t[6])&&isHexDigit(t[7]));e=new Stream(a?decrypt(t,55665,4):function decryptAscii(e,t,a){let r=0|t;const i=e.length,n=new Uint8Array(i>>>1);let s,o;for(s=0,o=0;s>8;r=52845*(e+r)+22719&65535}}return n.slice(a,o)}(t,55665,4))}this.seacAnalysisEnabled=!!a;this.stream=e;this.nextChar()}readNumberArray(){this.getToken();const e=[];for(;;){const t=this.getToken();if(null===t||"]"===t||"}"===t)break;e.push(parseFloat(t||0))}return e}readNumber(){const e=this.getToken();return parseFloat(e||0)}readInt(){const e=this.getToken();return 0|parseInt(e||0,10)}readBoolean(){return"true"===this.getToken()?1:0}nextChar(){return this.currentChar=this.stream.getByte()}prevChar(){this.stream.skip(-2);return this.currentChar=this.stream.getByte()}getToken(){let e=!1,t=this.currentChar;for(;;){if(-1===t)return null;if(e)10!==t&&13!==t||(e=!1);else if(37===t)e=!0;else if(!isWhiteSpace(t))break;t=this.nextChar()}if(isSpecial(t)){this.nextChar();return String.fromCharCode(t)}let a="";do{a+=String.fromCharCode(t);t=this.nextChar()}while(t>=0&&!isWhiteSpace(t)&&!isSpecial(t));return a}readCharStrings(e,t){return-1===t?e:decrypt(e,4330,t)}extractFontProgram(e){const t=this.stream,a=[],r=[],i=Object.create(null);i.lenIV=4;const n={subrs:[],charstrings:[],properties:{privateData:i}};let s,o,c,l;for(;null!==(s=this.getToken());)if("/"===s){s=this.getToken();switch(s){case"CharStrings":this.getToken();this.getToken();this.getToken();this.getToken();for(;;){s=this.getToken();if(null===s||"end"===s)break;if("/"!==s)continue;const e=this.getToken();o=this.readInt();this.getToken();c=o>0?t.getBytes(o):new Uint8Array(0);l=n.properties.privateData.lenIV;const a=this.readCharStrings(c,l);this.nextChar();s=this.getToken();"noaccess"===s?this.getToken():"/"===s&&this.prevChar();r.push({glyph:e,encoded:a})}break;case"Subrs":this.readInt();this.getToken();for(;"dup"===this.getToken();){const e=this.readInt();o=this.readInt();this.getToken();c=o>0?t.getBytes(o):new Uint8Array(0);l=n.properties.privateData.lenIV;const r=this.readCharStrings(c,l);this.nextChar();s=this.getToken();"noaccess"===s&&this.getToken();a[e]=r}break;case"BlueValues":case"OtherBlues":case"FamilyBlues":case"FamilyOtherBlues":const e=this.readNumberArray();e.length>0&&e.length,0;break;case"StemSnapH":case"StemSnapV":n.properties.privateData[s]=this.readNumberArray();break;case"StdHW":case"StdVW":n.properties.privateData[s]=this.readNumberArray()[0];break;case"BlueShift":case"lenIV":case"BlueFuzz":case"BlueScale":case"LanguageGroup":n.properties.privateData[s]=this.readNumber();break;case"ExpansionFactor":n.properties.privateData[s]=this.readNumber()||.06;break;case"ForceBold":n.properties.privateData[s]=this.readBoolean()}}for(const{encoded:t,glyph:i}of r){const r=new Type1CharString,s=r.convert(t,a,this.seacAnalysisEnabled);let o=r.output;s&&(o=[14]);const c={glyphName:i,charstring:o,width:r.width,lsb:r.lsb,seac:r.seac};".notdef"===i?n.charstrings.unshift(c):n.charstrings.push(c);if(e.builtInEncoding){const t=e.builtInEncoding.indexOf(i);t>-1&&void 0===e.widths[t]&&t>=e.firstChar&&t<=e.lastChar&&(e.widths[t]=r.width)}}return n}extractFontHeader(e){let t;for(;null!==(t=this.getToken());)if("/"===t){t=this.getToken();switch(t){case"FontMatrix":const a=this.readNumberArray();e.fontMatrix=a;break;case"Encoding":const r=this.getToken();let i;if(/^\d+$/.test(r)){i=[];const e=0|parseInt(r,10);this.getToken();for(let a=0;a=i){s+=a;for(;s=0&&(r[e]=i)}}return type1FontGlyphMapping(e,r,a)}hasGlyphId(e){if(e<0||e>=this.numGlyphs)return!1;if(0===e)return!0;return this.charstrings[e-1].charstring.length>0}getSeacs(e){const t=[];for(let a=0,r=e.length;a0;e--)t[e]-=t[e-1];f.setByName(e,t)}n.topDict.privateDict=f;const p=new CFFIndex;for(h=0,u=r.length;h0&&e.toUnicode.amend(t)}class fonts_Glyph{constructor(e,t,a,r,i,n,s,o,c){this.originalCharCode=e;this.fontChar=t;this.unicode=a;this.accent=r;this.width=i;this.vmetric=n;this.operatorListId=s;this.isSpace=o;this.isInFont=c}get category(){return shadow(this,"category",function getCharUnicodeCategory(e){const t=Dr.get(e);if(t)return t;const a=e.match(Mr),r={isWhitespace:!!a?.[1],isZeroWidthDiacritic:!!a?.[2],isInvisibleFormatMark:!!a?.[3]};Dr.set(e,r);return r}(this.unicode),!0)}}function int16(e,t){return(e<<8)+t}function writeSignedInt16(e,t,a){e[t+1]=a;e[t]=a>>>8}function signedInt16(e,t){const a=(e<<8)+t;return 32768&a?a-65536:a}function string16(e){return String.fromCharCode(e>>8&255,255&e)}function safeString16(e){e>32767?e=32767:e<-32768&&(e=-32768);return String.fromCharCode(e>>8&255,255&e)}function isTrueTypeCollectionFile(e){return"ttcf"===bytesToString(e.peekBytes(4))}function getFontFileType(e,{type:t,subtype:a,composite:r}){let i,n;if(function isTrueTypeFile(e){const t=e.peekBytes(4);return 65536===readUint32(t,0)||"true"===bytesToString(t)}(e)||isTrueTypeCollectionFile(e))i=r?"CIDFontType2":"TrueType";else if(function isOpenTypeFile(e){return"OTTO"===bytesToString(e.peekBytes(4))}(e))i=r?"CIDFontType2":"OpenType";else if(function isType1File(e){const t=e.peekBytes(2);return 37===t[0]&&33===t[1]||128===t[0]&&1===t[1]}(e))i=r?"CIDFontType0":"MMType1"===t?"MMType1":"Type1";else if(function isCFFFile(e){const t=e.peekBytes(4);return t[0]>=1&&t[3]>=1&&t[3]<=4}(e))if(r){i="CIDFontType0";n="CIDFontType0C"}else{i="MMType1"===t?"MMType1":"Type1";n="Type1C"}else{warn("getFontFileType: Unable to detect correct font file Type/Subtype.");i=t;n=a}return[i,n]}function applyStandardFontGlyphMap(e,t){for(const a in t)e[+a]=t[a]}function buildToFontChar(e,t,a){const r=[];let i;for(let a=0,n=e.length;ah){c++;if(c>=bi.length){warn("Ran out of space in font private use area.");break}l=bi[c][0];h=bi[c][1]}const p=l++;0===g&&(g=a);let m=r.get(f);if("string"==typeof m)if(1===m.length)m=m.codePointAt(0);else{if(!u){u=new Map;for(let e=64256;e<=64335;e++){const t=String.fromCharCode(e).normalize("NFKD");t.length>1&&u.set(t,e)}}m=u.get(m)||m.codePointAt(0)}if(m&&!(d=m,bi[0][0]<=d&&d<=bi[0][1]||bi[1][0]<=d&&d<=bi[1][1])&&!o.has(g)){n.set(m,g);o.add(g)}i[p]=g;s[f]=p}var d;return{toFontChar:s,charCodeToGlyphId:i,toUnicodeExtraMap:n,nextAvailableFontCharCode:l}}function createCmapTable(e,t,a){const r=function getRanges(e,t,a){const r=[];for(const t in e)e[t]>=a||r.push({fontCharCode:0|t,glyphId:e[t]});if(t)for(const[e,i]of t)i>=a||r.push({fontCharCode:e,glyphId:i});0===r.length&&r.push({fontCharCode:0,glyphId:0});r.sort(((e,t)=>e.fontCharCode-t.fontCharCode));const i=[],n=r.length;for(let e=0;e65535?2:1;let n,s,o,c,l="\0\0"+string16(i)+"\0\0"+string32(4+8*i);for(n=r.length-1;n>=0&&!(r[n][0]<=65535);--n);const h=n+1;r[n][0]<65535&&65535===r[n][1]&&(r[n][1]=65534);const u=r[n][1]<65535?1:0,d=h+u,f=OpenTypeFileBuilder.getSearchParams(d,2);let g,p,m,b,y="",w="",x="",S="",k="",C=0;for(n=0,s=h;n0){w+="ÿÿ";y+="ÿÿ";x+="\0";S+="\0\0"}const v="\0\0"+string16(2*d)+string16(f.range)+string16(f.entry)+string16(f.rangeShift)+w+"\0\0"+y+x+S+k;let F="",T="";if(i>1){l+="\0\0\n"+string32(4+8*i+4+v.length);F="";for(n=0,s=r.length;ne||!o)&&(o=e);c 123 are reserved for internal usage");s|=1<65535&&(c=65535)}else{o=0;c=255}const h=e.bbox||[0,0,0,0],u=a.unitsPerEm||(e.fontMatrix?1/Math.max(...e.fontMatrix.slice(0,4).map(Math.abs)):1e3),d=e.ascentScaled?1:u/yi,f=a.ascent||Math.round(d*(e.ascent||h[3]));let g=a.descent||Math.round(d*(e.descent||h[1]));g>0&&e.descent>0&&h[1]<0&&(g=-g);const p=a.yMax||f,m=-a.yMin||-g;return"\0$ô\0\0\0Š»\0\0\0ŒŠ»\0\0ß\x001\0\0\0\0"+String.fromCharCode(e.fixedPitch?9:0)+"\0\0\0\0\0\0"+string32(r)+string32(i)+string32(n)+string32(s)+"*21*"+string16(e.italicAngle?1:0)+string16(o||e.firstChar)+string16(c||e.lastChar)+string16(f)+string16(g)+"\0d"+string16(p)+string16(m)+"\0\0\0\0\0\0\0\0"+string16(e.xHeight)+string16(e.capHeight)+string16(0)+string16(o||e.firstChar)+"\0"}function createPostTable(e){return"\0\0\0"+string32(Math.floor(65536*e.italicAngle))+"\0\0\0\0"+string32(e.fixedPitch?1:0)+"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}function createPostscriptName(e){return e.replaceAll(/[^\x21-\x7E]|[[\](){}<>/%]/g,"").slice(0,63)}function createNameTable(e,t){t||(t=[[],[]]);const a=[t[0][0]||"Original licence",t[0][1]||e,t[0][2]||"Unknown",t[0][3]||"uniqueID",t[0][4]||e,t[0][5]||"Version 0.11",t[0][6]||createPostscriptName(e),t[0][7]||"Unknown",t[0][8]||"Unknown",t[0][9]||"Unknown"],r=[];let i,n,s,o,c;for(i=0,n=a.length;i0;if((s||o)&&"CIDFontType2"===a&&this.cidEncoding.startsWith("Identity-")){const a=e.cidToGidMap,r=[];applyStandardFontGlyphMap(r,ti());/Arial-?Black/i.test(t)?applyStandardFontGlyphMap(r,ai()):/Calibri/i.test(t)&&applyStandardFontGlyphMap(r,ri());if(a){for(const e in r){const t=r[e];void 0!==a[t]&&(r[+e]=a[t])}a.length!==this.toUnicode.length&&e.hasIncludedToUnicodeMap&&this.toUnicode instanceof IdentityToUnicodeMap&&this.toUnicode.forEach((function(e,t){const i=r[e];void 0===a[i]&&(r[+e]=t)}))}this.toUnicode instanceof IdentityToUnicodeMap||this.toUnicode.forEach((function(e,t){r[+e]=t}));this.toFontChar=r;this.toUnicode=new ToUnicodeMap(r)}else if(/Symbol/i.test(r))this.toFontChar=buildToFontChar(Cr,Fr(),this.differences);else if(/Dingbats/i.test(r))this.toFontChar=buildToFontChar(vr,Ir(),this.differences);else if(s||o){const e=buildToFontChar(this.defaultEncoding,Fr(),this.differences);"CIDFontType2"!==a||this.cidEncoding.startsWith("Identity-")||this.toUnicode instanceof IdentityToUnicodeMap||this.toUnicode.forEach((function(t,a){e[+t]=a}));this.toFontChar=e}else{const e=Fr(),a=[];this.toUnicode.forEach(((t,r)=>{if(!this.composite){const a=getUnicodeForGlyph(this.differences[t]||this.defaultEncoding[t],e);-1!==a&&(r=a)}a[+t]=r}));this.composite&&this.toUnicode instanceof IdentityToUnicodeMap&&/Tahoma|Verdana/i.test(t)&&applyStandardFontGlyphMap(a,ti());this.toFontChar=a}amendFallbackToUnicode(e);this.loadedName=r.split("-",1)[0]}checkAndRepair(e,t,a){const r=["OS/2","cmap","head","hhea","hmtx","maxp","name","post","loca","glyf","fpgm","prep","cvt ","CFF "];function readTables(e,t){const a=Object.create(null);a["OS/2"]=null;a.cmap=null;a.head=null;a.hhea=null;a.hmtx=null;a.maxp=null;a.name=null;a.post=null;for(let i=0;i>>0,r=e.getInt32()>>>0,i=e.getInt32()>>>0,n=e.pos;e.pos=e.start||0;e.skip(r);const s=e.getBytes(i);e.pos=n;if("head"===t){s[8]=s[9]=s[10]=s[11]=0;s[17]|=32}return{tag:t,checksum:a,length:i,offset:r,data:s}}function readOpenTypeHeader(e){return{version:e.getString(4),numTables:e.getUint16(),searchRange:e.getUint16(),entrySelector:e.getUint16(),rangeShift:e.getUint16()}}function sanitizeGlyph(e,t,a,r,i,n){const s={length:0,sizeOfInstructions:0};if(t<0||t>=e.length||a>e.length||a-t<=12)return s;const o=e.subarray(t,a),c=signedInt16(o[2],o[3]),l=signedInt16(o[4],o[5]),h=signedInt16(o[6],o[7]),u=signedInt16(o[8],o[9]);if(c>h){writeSignedInt16(o,2,h);writeSignedInt16(o,6,c)}if(l>u){writeSignedInt16(o,4,u);writeSignedInt16(o,8,l)}const d=signedInt16(o[0],o[1]);if(d<0){if(d<-1)return s;r.set(o,i);s.length=o.length;return s}let f,g=10,p=0;for(f=0;fo.length)return s;if(!n&&b>0){r.set(o.subarray(0,m),i);r.set([0,0],i+m);r.set(o.subarray(y,x),i+m+2);x-=b;o.length-x>3&&(x=x+3&-4);s.length=x;return s}if(o.length-x>3){x=x+3&-4;r.set(o.subarray(0,x),i);s.length=x;return s}r.set(o,i);s.length=o.length;return s}function readNameTable(e){const a=(t.start||0)+e.offset;t.pos=a;const r=[[],[]],i=[],n=e.length,s=a+n;if(0!==t.getUint16()||n<6)return[r,i];const o=t.getUint16(),c=t.getUint16();let l,h;for(l=0;ls)continue;t.pos=n;const o=e.name;if(e.encoding){let a="";for(let r=0,i=e.length;r0&&(l+=e-1)}}else{if(m||y){warn("TT: nested FDEFs not allowed");p=!0}m=!0;u=l;s=d.pop();t.functionsDefined[s]={data:c,i:l}}else if(!m&&!y){s=d.at(-1);if(isNaN(s))info("TT: CALL empty stack (or invalid entry).");else{t.functionsUsed[s]=!0;if(s in t.functionsStackDeltas){const e=d.length+t.functionsStackDeltas[s];if(e<0){warn("TT: CALL invalid functions stack delta.");t.hintsValid=!1;return}d.length=e}else if(s in t.functionsDefined&&!g.includes(s)){f.push({data:c,i:l,stackTop:d.length-1});g.push(s);o=t.functionsDefined[s];if(!o){warn("TT: CALL non-existent function");t.hintsValid=!1;return}c=o.data;l=o.i}}}if(!m&&!y){let t=0;e<=142?t=i[e]:e>=192&&e<=223?t=-1:e>=224&&(t=-2);if(e>=113&&e<=117){r=d.pop();isNaN(r)||(t=2*-r)}for(;t<0&&d.length>0;){d.pop();t++}for(;t>0;){d.push(NaN);t--}}}t.tooComplexToFollowFunctions=p;const w=[c];l>c.length&&w.push(new Uint8Array(l-c.length));if(u>h){warn("TT: complementing a missing function tail");w.push(new Uint8Array([34,45]))}!function foldTTTable(e,t){if(t.length>1){let a,r,i=0;for(a=0,r=t.length;a>>0,n=[];for(let t=0;t>>0);const s={ttcTag:t,majorVersion:a,minorVersion:r,numFonts:i,offsetTable:n};switch(a){case 1:return s;case 2:s.dsigTag=e.getInt32()>>>0;s.dsigLength=e.getInt32()>>>0;s.dsigOffset=e.getInt32()>>>0;return s}throw new FormatError(`Invalid TrueType Collection majorVersion: ${a}.`)}(e),i=t.split("+");let n;for(let s=0;s0||!(a.cMap instanceof IdentityCMap));if("OTTO"===n.version&&!t||!s.head||!s.hhea||!s.maxp||!s.post){c=new Stream(s["CFF "].data);o=new CFFFont(c,a);return this.convert(e,o,a)}delete s.glyf;delete s.loca;delete s.fpgm;delete s.prep;delete s["cvt "];this.isOpenType=!0}if(!s.maxp)throw new FormatError('Required "maxp" table is not found');t.pos=(t.start||0)+s.maxp.offset;let h=t.getInt32();const u=t.getUint16();if(65536!==h&&20480!==h){if(6===s.maxp.length)h=20480;else{if(!(s.maxp.length>=32))throw new FormatError('"maxp" table has a wrong version number');h=65536}!function writeUint32(e,t,a){e[t+3]=255&a;e[t+2]=a>>>8;e[t+1]=a>>>16;e[t]=a>>>24}(s.maxp.data,0,h)}if(a.scaleFactors?.length===u&&l){const{scaleFactors:e}=a,t=int16(s.head.data[50],s.head.data[51]),r=new GlyfTable({glyfTable:s.glyf.data,isGlyphLocationsLong:t,locaTable:s.loca.data,numGlyphs:u});r.scale(e);const{glyf:i,loca:n,isLocationLong:o}=r.write();s.glyf.data=i;s.loca.data=n;if(o!==!!t){s.head.data[50]=0;s.head.data[51]=o?1:0}const c=s.hmtx.data;for(let t=0;t>8&255;c[a+1]=255&r;writeSignedInt16(c,a+2,Math.round(e[t]*signedInt16(c[a+2],c[a+3])))}}let d=u+1,f=!0;if(d>65535){f=!1;d=u;warn("Not enough space in glyfs to duplicate first glyph.")}let g=0,p=0;if(h>=65536&&s.maxp.length>=32){t.pos+=8;if(t.getUint16()>2){s.maxp.data[14]=0;s.maxp.data[15]=2}t.pos+=4;g=t.getUint16();t.pos+=4;p=t.getUint16()}s.maxp.data[4]=d>>8;s.maxp.data[5]=255&d;const m=function sanitizeTTPrograms(e,t,a,r){const i={functionsDefined:[],functionsUsed:[],functionsStackDeltas:[],tooComplexToFollowFunctions:!1,hintsValid:!0};e&&sanitizeTTProgram(e,i);t&&sanitizeTTProgram(t,i);e&&function checkInvalidFunctions(e,t){if(!e.tooComplexToFollowFunctions)if(e.functionsDefined.length>t){warn("TT: more functions defined than expected");e.hintsValid=!1}else for(let a=0,r=e.functionsUsed.length;at){warn("TT: invalid function id: "+a);e.hintsValid=!1;return}if(e.functionsUsed[a]&&!e.functionsDefined[a]){warn("TT: undefined function: "+a);e.hintsValid=!1;return}}}(i,r);if(a&&1&a.length){const e=new Uint8Array(a.length+1);e.set(a.data);a.data=e}return i.hintsValid}(s.fpgm,s.prep,s["cvt "],g);if(!m){delete s.fpgm;delete s.prep;delete s["cvt "]}!function sanitizeMetrics(e,t,a,r,i,n){if(!t){a&&(a.data=null);return}e.pos=(e.start||0)+t.offset;e.pos+=4;e.pos+=2;e.pos+=2;e.pos+=2;e.pos+=2;e.pos+=2;e.pos+=2;e.pos+=2;e.pos+=2;e.pos+=2;const s=e.getUint16();e.pos+=8;e.pos+=2;let o=e.getUint16();if(0!==s){if(!(2&int16(r.data[44],r.data[45]))){t.data[22]=0;t.data[23]=0}}if(o>i){info(`The numOfMetrics (${o}) should not be greater than the numGlyphs (${i}).`);o=i;t.data[34]=(65280&o)>>8;t.data[35]=255&o}const c=i-o-(a.length-4*o>>1);if(c>0){const e=new Uint8Array(a.length+2*c);e.set(a.data);if(n){e[a.length]=a.data[2];e[a.length+1]=a.data[3]}a.data=e}}(t,s.hhea,s.hmtx,s.head,d,f);if(!s.head)throw new FormatError('Required "head" table is not found');!function sanitizeHead(e,t,a){const r=e.data,i=function int32(e,t,a,r){return(e<<24)+(t<<16)+(a<<8)+r}(r[0],r[1],r[2],r[3]);if(i>>16!=1){info("Attempting to fix invalid version in head table: "+i);r[0]=0;r[1]=1;r[2]=0;r[3]=0}const n=int16(r[50],r[51]);if(n<0||n>1){info("Attempting to fix invalid indexToLocFormat in head table: "+n);const e=t+1;if(a===e<<1){r[50]=0;r[51]=0}else{if(a!==e<<2)throw new FormatError("Could not fix indexToLocFormat: "+n);r[50]=0;r[51]=1}}}(s.head,u,l?s.loca.length:0);let b=Object.create(null);if(l){const e=int16(s.head.data[50],s.head.data[51]),t=function sanitizeGlyphLocations(e,t,a,r,i,n,s){let o,c,l;if(r){o=4;c=function fontItemDecodeLong(e,t){return e[t]<<24|e[t+1]<<16|e[t+2]<<8|e[t+3]};l=function fontItemEncodeLong(e,t,a){e[t]=a>>>24&255;e[t+1]=a>>16&255;e[t+2]=a>>8&255;e[t+3]=255&a}}else{o=2;c=function fontItemDecode(e,t){return e[t]<<9|e[t+1]<<1};l=function fontItemEncode(e,t,a){e[t]=a>>9&255;e[t+1]=a>>1&255}}const h=n?a+1:a,u=o*(1+h),d=new Uint8Array(u);d.set(e.data.subarray(0,u));e.data=d;const f=t.data,g=f.length,p=new Uint8Array(g);let m,b;const y=[];for(m=0,b=0;mg&&(e=g);y.push({index:m,offset:e,endOffset:0})}y.sort(((e,t)=>e.offset-t.offset));for(m=0;me.index-t.index));for(m=0;ms&&(s=e.sizeOfInstructions);S+=t;l(d,b,S)}if(0===S){const e=new Uint8Array([0,1,0,0,0,0,0,0,0,0,0,0,0,0,49,0]);for(m=0,b=o;ma+S)t.data=p.subarray(0,a+S);else{t.data=new Uint8Array(a+S);t.data.set(p.subarray(0,S))}t.data.set(p.subarray(0,a),S);l(e.data,d.length-o,S+a)}else t.data=p.subarray(0,S);return{missingGlyphs:x,maxSizeOfInstructions:s}}(s.loca,s.glyf,u,e,m,f,p);b=t.missingGlyphs;if(h>=65536&&s.maxp.length>=32){s.maxp.data[26]=t.maxSizeOfInstructions>>8;s.maxp.data[27]=255&t.maxSizeOfInstructions}}if(!s.hhea)throw new FormatError('Required "hhea" table is not found');if(0===s.hhea.data[10]&&0===s.hhea.data[11]){s.hhea.data[10]=255;s.hhea.data[11]=255}const y={unitsPerEm:int16(s.head.data[18],s.head.data[19]),yMax:signedInt16(s.head.data[42],s.head.data[43]),yMin:signedInt16(s.head.data[38],s.head.data[39]),ascent:signedInt16(s.hhea.data[4],s.hhea.data[5]),descent:signedInt16(s.hhea.data[6],s.hhea.data[7]),lineGap:signedInt16(s.hhea.data[8],s.hhea.data[9])};this.ascent=y.ascent/y.unitsPerEm;this.descent=y.descent/y.unitsPerEm;this.lineGap=y.lineGap/y.unitsPerEm;if(this.cssFontInfo?.lineHeight){this.lineHeight=this.cssFontInfo.metrics.lineHeight;this.lineGap=this.cssFontInfo.metrics.lineGap}else this.lineHeight=this.ascent-this.descent+this.lineGap;s.post&&function readPostScriptTable(e,a,r){const i=(t.start||0)+e.offset;t.pos=i;const n=i+e.length,s=t.getInt32();t.skip(28);let o,c,l=!0;switch(s){case 65536:o=jr;break;case 131072:const e=t.getUint16();if(e!==r){l=!1;break}const i=[];for(c=0;c=32768){l=!1;break}i.push(e)}if(!l)break;const h=[],u=[];for(;t.pos65535)throw new FormatError("Max size of CID is 65,535");let i=-1;t?i=r:void 0!==e[r]&&(i=e[r]);i>=0&&i>>0;let h=!1;if(o?.platformId!==i||o?.encodingId!==n){if(0!==i||0!==n&&1!==n&&3!==n)if(1===i&&0===n)h=!0;else if(3!==i||1!==n||!r&&o){if(a&&3===i&&0===n){h=!0;let a=!0;if(e>3;e.push(r);a=Math.max(r,a)}const r=[];for(let e=0;e<=a;e++)r.push({firstCode:t.getUint16(),entryCount:t.getUint16(),idDelta:signedInt16(t.getByte(),t.getByte()),idRangePos:t.pos+t.getUint16()});for(let a=0;a<256;a++)if(0===e[a]){t.pos=r[0].idRangePos+2*a;f=t.getUint16();u.push({charCode:a,glyphId:f})}else{const i=r[e[a]];for(d=0;d>1;t.skip(6);const a=[];let r;for(r=0;r>1)-(e-r);i.offsetIndex=s;o=Math.max(o,s+i.end-i.start+1)}else i.offsetIndex=-1}const c=[];for(d=0;d>>0;for(d=0;d>>0,a=t.getInt32()>>>0;let r=t.getInt32()>>>0;for(let t=e;t<=a;t++)u.push({charCode:t,glyphId:r++})}}}u.sort(((e,t)=>e.charCode-t.charCode));const g=[],p=new Set;for(const e of u){const{charCode:t}=e;if(!p.has(t)){p.add(t);g.push(e)}}return{platformId:o.platformId,encodingId:o.encodingId,mappings:g,hasShortCmap:h}}(s.cmap,t,this.isSymbolicFont,a.hasEncoding),r=e.platformId,i=e.encodingId,n=e.mappings;let o=[],c=!1;!a.hasEncoding||"MacRomanEncoding"!==a.baseEncodingName&&"WinAnsiEncoding"!==a.baseEncodingName||(o=getEncoding(a.baseEncodingName));if(a.hasEncoding&&!this.isSymbolicFont&&(3===r&&1===i||1===r&&0===i)){const e=Fr();for(let t=0;t<256;t++){let s;s=void 0!==this.differences[t]?this.differences[t]:o.length&&""!==o[t]?o[t]:kr[t];if(!s)continue;const c=recoverGlyphName(s,e);let l;3===r&&1===i?l=e[c]:1===r&&0===i&&(l=Sr.indexOf(c));if(void 0===l){if(!a.glyphNames&&a.hasIncludedToUnicodeMap&&!(this.toUnicode instanceof IdentityToUnicodeMap)){const e=this.toUnicode.get(t);e&&(l=e.codePointAt(0))}if(void 0===l)continue}for(const e of n)if(e.charCode===l){w[t]=e.glyphId;break}}}else if(0===r){for(const e of n)w[e.charCode]=e.glyphId;c=!0}else if(3===r&&0===i)for(const e of n){let t=e.charCode;t>=61440&&t<=61695&&(t&=255);w[t]=e.glyphId}else for(const e of n)w[e.charCode]=e.glyphId;if(a.glyphNames&&(o.length||this.differences.length))for(let e=0;e<256;++e){if(!c&&void 0!==w[e])continue;const t=this.differences[e]||o[e];if(!t)continue;const r=a.glyphNames.indexOf(t);r>0&&hasGlyph(r)&&(w[e]=r)}}0===w.length&&(w[0]=0);let x=d-1;f||(x=0);if(!a.cssFontInfo){const e=adjustMapping(w,hasGlyph,x,this.toUnicode);this.toFontChar=e.toFontChar;s.cmap={tag:"cmap",data:createCmapTable(e.charCodeToGlyphId,e.toUnicodeExtraMap,d)};s["OS/2"]&&function validateOS2Table(e,t){t.pos=(t.start||0)+e.offset;const a=t.getUint16();t.skip(60);const r=t.getUint16();if(a<4&&768&r)return!1;if(t.getUint16()>t.getUint16())return!1;t.skip(6);if(0===t.getUint16())return!1;e.data[8]=e.data[9]=0;return!0}(s["OS/2"],t)||(s["OS/2"]={tag:"OS/2",data:createOS2Table(a,e.charCodeToGlyphId,y)})}if(!l)try{c=new Stream(s["CFF "].data);o=new CFFParser(c,a,Rr).parse();o.duplicateFirstGlyph();const e=new CFFCompiler(o);s["CFF "].data=e.compile()}catch{warn("Failed to compile font "+a.loadedName)}if(s.name){const[t,r]=readNameTable(s.name);s.name.data=createNameTable(e,t);this.psName=t[0][6]||null;a.composite||function adjustTrueTypeToUnicode(e,t,a){if(e.isInternalFont)return;if(e.hasIncludedToUnicodeMap)return;if(e.hasEncoding)return;if(e.toUnicode instanceof IdentityToUnicodeMap)return;if(!t)return;if(0===a.length)return;if(e.defaultEncoding===Ar)return;for(const e of a)if(!isWinNameRecord(e))return;const r=Ar,i=[],n=Fr();for(const e in r){const t=r[e];if(""===t)continue;const a=n[t];void 0!==a&&(i[e]=String.fromCharCode(a))}i.length>0&&e.toUnicode.amend(i)}(a,this.isSymbolicFont,r)}else s.name={tag:"name",data:createNameTable(this.name)};const S=new OpenTypeFileBuilder(n.version);for(const e in s)S.addTable(e,s[e].data);return S.toArray()}convert(e,a,r){r.fixedPitch=!1;r.builtInEncoding&&function adjustType1ToUnicode(e,t){if(e.isInternalFont)return;if(e.hasIncludedToUnicodeMap)return;if(t===e.defaultEncoding)return;if(e.toUnicode instanceof IdentityToUnicodeMap)return;const a=[],r=Fr();for(const i in t){if(e.hasEncoding&&(e.baseEncodingName||void 0!==e.differences[i]))continue;const n=getUnicodeForGlyph(t[i],r);-1!==n&&(a[i]=String.fromCharCode(n))}a.length>0&&e.toUnicode.amend(a)}(r,r.builtInEncoding);let i=1;a instanceof CFFFont&&(i=a.numGlyphs-1);const n=a.getGlyphMapping(r);let s=null,o=n,c=null;if(!r.cssFontInfo){s=adjustMapping(n,a.hasGlyphId.bind(a),i,this.toUnicode);this.toFontChar=s.toFontChar;o=s.charCodeToGlyphId;c=s.toUnicodeExtraMap}const l=a.numGlyphs;function getCharCodes(e,t){let a=null;for(const r in e)t===e[r]&&(a||=[]).push(0|r);return a}function createCharCode(e,t){for(const a in e)if(t===e[a])return 0|a;s.charCodeToGlyphId[s.nextAvailableFontCharCode]=t;return s.nextAvailableFontCharCode++}const h=a.seacs;if(s&&h?.length){const e=r.fontMatrix||t,i=a.getCharset(),o=Object.create(null);for(let t in h){t|=0;const a=h[t],r=kr[a[2]],c=kr[a[3]],l=i.indexOf(r),u=i.indexOf(c);if(l<0||u<0)continue;const d={x:a[0]*e[0]+a[1]*e[2]+e[4],y:a[0]*e[1]+a[1]*e[3]+e[5]},f=getCharCodes(n,t);if(f)for(const e of f){const t=s.charCodeToGlyphId,a=createCharCode(t,l),r=createCharCode(t,u);o[e]={baseFontCharCode:a,accentFontCharCode:r,accentOffset:d}}}r.seacMap=o}const u=r.fontMatrix?1/Math.max(...r.fontMatrix.slice(0,4).map(Math.abs)):1e3,d=new OpenTypeFileBuilder("OTTO");d.addTable("CFF ",a.data);d.addTable("OS/2",createOS2Table(r,o));d.addTable("cmap",createCmapTable(o,c,l));d.addTable("head","\0\0\0\0\0\0\0\0\0\0_<õ\0\0"+safeString16(u)+"\0\0\0\0ž\v~'\0\0\0\0ž\v~'\0\0"+safeString16(r.descent)+"ÿ"+safeString16(r.ascent)+string16(r.italicAngle?2:0)+"\0\0\0\0\0\0\0");d.addTable("hhea","\0\0\0"+safeString16(r.ascent)+safeString16(r.descent)+"\0\0ÿÿ\0\0\0\0\0\0"+safeString16(r.capHeight)+safeString16(Math.tan(r.italicAngle)*r.xHeight)+"\0\0\0\0\0\0\0\0\0\0\0\0"+string16(l));d.addTable("hmtx",function fontFieldsHmtx(){const e=a.charstrings,t=a.cff?a.cff.widths:null;let r="\0\0\0\0";for(let a=1,i=l;a=65520&&e<=65535?0:e>=62976&&e<=63743?Tr()[e]||e:173===e?45:e}(a)}this.isType3Font&&(i=a);let h=null;if(this.seacMap?.[e]){l=!0;const t=this.seacMap[e];a=t.baseFontCharCode;h={fontChar:String.fromCodePoint(t.accentFontCharCode),offset:t.accentOffset}}let u="";"number"==typeof a&&(a<=1114111?u=String.fromCodePoint(a):warn(`charToGlyph - invalid fontCharCode: ${a}`));if(this.missingFile&&this.vertical&&1===u.length){const e=_r()[u.charCodeAt(0)];e&&(u=c=String.fromCharCode(e))}n=new fonts_Glyph(e,u,c,h,r,o,i,t,l);return this._glyphCache[e]=n}charsToGlyphs(e){let t=this._charsCache[e];if(t)return t;t=[];if(this.cMap){const a=Object.create(null),r=e.length;let i=0;for(;it.length%2==1,r=this.toUnicode instanceof IdentityToUnicodeMap?e=>this.toUnicode.charCodeOf(e):e=>this.toUnicode.charCodeOf(String.fromCodePoint(e));for(let i=0,n=e.length;i55295&&(n<57344||n>65533)&&i++;if(this.toUnicode){const e=r(n);if(-1!==e){if(hasCurrentBufErrors()){t.push(a.join(""));a.length=0}for(let t=(this.cMap?this.cMap.getCharCodeLength(e):1)-1;t>=0;t--)a.push(String.fromCharCode(e>>8*t&255));continue}}if(!hasCurrentBufErrors()){t.push(a.join(""));a.length=0}a.push(String.fromCodePoint(n))}t.push(a.join(""));return t}}class ErrorFont{constructor(e){this.error=e;this.loadedName="g_font_error";this.missingFile=!0}charsToGlyphs(){return[]}encodeString(e){return[e]}exportData(){return{error:this.error}}}const Si=2,ki=3,Ai=4,Ci=5,vi=6,Fi=7;class Pattern{constructor(){unreachable("Cannot initialize Pattern.")}static parseShading(e,t,a,r,i,n){const s=e instanceof BaseStream?e.dict:e,o=s.get("ShadingType");try{switch(o){case Si:case ki:return new RadialAxialShading(s,t,a,r,i,n);case Ai:case Ci:case vi:case Fi:return new MeshShading(e,t,a,r,i,n);default:throw new FormatError("Unsupported ShadingType: "+o)}}catch(e){if(e instanceof MissingDataException)throw e;warn(e);return new DummyShading}}}class BaseShading{static SMALL_NUMBER=1e-6;getIR(){unreachable("Abstract method `getIR` called.")}}class RadialAxialShading extends BaseShading{constructor(e,t,a,r,i,n){super();this.shadingType=e.get("ShadingType");let s=0;this.shadingType===Si?s=4:this.shadingType===ki&&(s=6);this.coordsArr=e.getArray("Coords");if(!isNumberArray(this.coordsArr,s))throw new FormatError("RadialAxialShading: Invalid /Coords array.");const o=ColorSpaceUtils.parse({cs:e.getRaw("CS")||e.getRaw("ColorSpace"),xref:t,resources:a,pdfFunctionFactory:r,globalColorSpaceCache:i,localColorSpaceCache:n});this.bbox=lookupNormalRect(e.getArray("BBox"),null);let c=0,l=1;const h=e.getArray("Domain");isNumberArray(h,2)&&([c,l]=h);let u=!1,d=!1;const f=e.getArray("Extend");(function isBooleanArray(e,t){return Array.isArray(e)&&(null===t||e.length===t)&&e.every((e=>"boolean"==typeof e))})(f,2)&&([u,d]=f);if(!(this.shadingType!==ki||u&&d)){const[e,t,a,r,i,n]=this.coordsArr,s=Math.hypot(e-r,t-i);a<=n+s&&n<=a+s&&warn("Unsupported radial gradient.")}this.extendStart=u;this.extendEnd=d;const g=e.getRaw("Function"),p=r.create(g,!0),m=(l-c)/840,b=this.colorStops=[];if(c>=l||m<=0){info("Bad shading domain.");return}const y=new Float32Array(o.numComps),w=new Float32Array(1);let x=0;w[0]=c;p(w,0,y,0);const S=new Uint8ClampedArray(3);o.getRgb(y,0,S);let[k,C,v]=S;b.push([0,Util.makeHexColor(k,C,v)]);let F=1;w[0]=c+m;p(w,0,y,0);o.getRgb(y,0,S);let[T,O,M]=S,D=T-k+1,R=O-C+1,N=M-v+1,E=T-k-1,L=O-C-1,j=M-v-1;for(let e=2;e<840;e++){w[0]=c+e*m;p(w,0,y,0);o.getRgb(y,0,S);const[t,a,r]=S,i=e-x;D=Math.min(D,(t-k+1)/i);R=Math.min(R,(a-C+1)/i);N=Math.min(N,(r-v+1)/i);E=Math.max(E,(t-k-1)/i);L=Math.max(L,(a-C-1)/i);j=Math.max(j,(r-v-1)/i);if(!(E<=D&&L<=R&&j<=N)){const e=Util.makeHexColor(T,O,M);b.push([F/840,e]);D=t-T+1;R=a-O+1;N=r-M+1;E=t-T-1;L=a-O-1;j=r-M-1;x=F;k=T;C=O;v=M}F=e;T=t;O=a;M=r}b.push([1,Util.makeHexColor(T,O,M)]);let _="transparent";e.has("Background")&&(_=o.getRgbHex(e.get("Background"),0));if(!u){b.unshift([0,_]);b[1][0]+=BaseShading.SMALL_NUMBER}if(!d){b.at(-1)[0]-=BaseShading.SMALL_NUMBER;b.push([1,_])}this.colorStops=b}getIR(){const{coordsArr:e,shadingType:t}=this;let a,r,i,n,s;if(t===Si){r=[e[0],e[1]];i=[e[2],e[3]];n=null;s=null;a="axial"}else if(t===ki){r=[e[0],e[1]];i=[e[3],e[4]];n=e[2];s=e[5];a="radial"}else unreachable(`getPattern type unknown: ${t}`);return["RadialAxial",a,this.bbox,this.colorStops,r,i,n,s]}}class MeshStreamReader{constructor(e,t){this.stream=e;this.context=t;this.buffer=0;this.bufferLength=0;const a=t.numComps;this.tmpCompsBuf=new Float32Array(a);const r=t.colorSpace.numComps;this.tmpCsCompsBuf=t.colorFn?new Float32Array(r):this.tmpCompsBuf}get hasData(){if(this.stream.end)return this.stream.pos0)return!0;const e=this.stream.getByte();if(e<0)return!1;this.buffer=e;this.bufferLength=8;return!0}readBits(e){const{stream:t}=this;let{buffer:a,bufferLength:r}=this;if(32===e){if(0===r)return t.getInt32()>>>0;a=a<<24|t.getByte()<<16|t.getByte()<<8|t.getByte();const e=t.getByte();this.buffer=e&(1<>r)>>>0}if(8===e&&0===r)return t.getByte();for(;r>r}align(){this.buffer=0;this.bufferLength=0}readFlag(){return this.readBits(this.context.bitsPerFlag)}readCoordinate(){const{bitsPerCoordinate:e,decode:t}=this.context,a=this.readBits(e),r=this.readBits(e),i=e<32?1/((1<n?n:e;t=t>s?s:t;a=ae*i[t])):a;let s,o=-2;const c=[];for(const[e,t]of r.map(((e,t)=>[e,t])).sort((([e],[t])=>e-t)))if(-1!==e)if(e===o+1){s.push(n[t]);o+=1}else{o=e;s=[n[t]];c.push(e,s)}return c}(e),a=new Dict(null);a.set("BaseFont",Name.get(e));a.set("Type",Name.get("Font"));a.set("Subtype",Name.get("CIDFontType2"));a.set("Encoding",Name.get("Identity-H"));a.set("CIDToGIDMap",Name.get("Identity"));a.set("W",t);a.set("FirstChar",t[0]);a.set("LastChar",t.at(-2)+t.at(-1).length-1);const r=new Dict(null);a.set("FontDescriptor",r);const i=new Dict(null);i.set("Ordering","Identity");i.set("Registry","Adobe");i.set("Supplement",0);a.set("CIDSystemInfo",i);return a}class PostScriptParser{constructor(e){this.lexer=e;this.operators=[];this.token=null;this.prev=null}nextToken(){this.prev=this.token;this.token=this.lexer.getToken()}accept(e){if(this.token.type===e){this.nextToken();return!0}return!1}expect(e){if(this.accept(e))return!0;throw new FormatError(`Unexpected symbol: found ${this.token.type} expected ${e}.`)}parse(){this.nextToken();this.expect(yn.LBRACE);this.parseBlock();this.expect(yn.RBRACE);return this.operators}parseBlock(){for(;;)if(this.accept(yn.NUMBER))this.operators.push(this.prev.value);else if(this.accept(yn.OPERATOR))this.operators.push(this.prev.value);else{if(!this.accept(yn.LBRACE))return;this.parseCondition()}}parseCondition(){const e=this.operators.length;this.operators.push(null,null);this.parseBlock();this.expect(yn.RBRACE);if(this.accept(yn.IF)){this.operators[e]=this.operators.length;this.operators[e+1]="jz"}else{if(!this.accept(yn.LBRACE))throw new FormatError("PS Function: error parsing conditional.");{const t=this.operators.length;this.operators.push(null,null);const a=this.operators.length;this.parseBlock();this.expect(yn.RBRACE);this.expect(yn.IFELSE);this.operators[t]=this.operators.length;this.operators[t+1]="j";this.operators[e]=a;this.operators[e+1]="jz"}}}}const yn={LBRACE:0,RBRACE:1,NUMBER:2,OPERATOR:3,IF:4,IFELSE:5};class PostScriptToken{static get opCache(){return shadow(this,"opCache",Object.create(null))}constructor(e,t){this.type=e;this.value=t}static getOperator(e){return PostScriptToken.opCache[e]||=new PostScriptToken(yn.OPERATOR,e)}static get LBRACE(){return shadow(this,"LBRACE",new PostScriptToken(yn.LBRACE,"{"))}static get RBRACE(){return shadow(this,"RBRACE",new PostScriptToken(yn.RBRACE,"}"))}static get IF(){return shadow(this,"IF",new PostScriptToken(yn.IF,"IF"))}static get IFELSE(){return shadow(this,"IFELSE",new PostScriptToken(yn.IFELSE,"IFELSE"))}}class PostScriptLexer{constructor(e){this.stream=e;this.nextChar();this.strBuf=[]}nextChar(){return this.currentChar=this.stream.getByte()}getToken(){let e=!1,t=this.currentChar;for(;;){if(t<0)return wa;if(e)10!==t&&13!==t||(e=!1);else if(37===t)e=!0;else if(!isWhiteSpace(t))break;t=this.nextChar()}switch(0|t){case 48:case 49:case 50:case 51:case 52:case 53:case 54:case 55:case 56:case 57:case 43:case 45:case 46:return new PostScriptToken(yn.NUMBER,this.getNumber());case 123:this.nextChar();return PostScriptToken.LBRACE;case 125:this.nextChar();return PostScriptToken.RBRACE}const a=this.strBuf;a.length=0;a[0]=String.fromCharCode(t);for(;(t=this.nextChar())>=0&&(t>=65&&t<=90||t>=97&&t<=122);)a.push(String.fromCharCode(t));const r=a.join("");switch(r.toLowerCase()){case"if":return PostScriptToken.IF;case"ifelse":return PostScriptToken.IFELSE;default:return PostScriptToken.getOperator(r)}}getNumber(){let e=this.currentChar;const t=this.strBuf;t.length=0;t[0]=String.fromCharCode(e);for(;(e=this.nextChar())>=0&&(e>=48&&e<=57||45===e||46===e);)t.push(String.fromCharCode(e));const a=parseFloat(t.join(""));if(isNaN(a))throw new FormatError(`Invalid floating point number: ${a}`);return a}}class BaseLocalCache{constructor(e){this._onlyRefs=!0===e?.onlyRefs;if(!this._onlyRefs){this._nameRefMap=new Map;this._imageMap=new Map}this._imageCache=new RefSetCache}getByName(e){this._onlyRefs&&unreachable("Should not call `getByName` method.");const t=this._nameRefMap.get(e);return t?this.getByRef(t):this._imageMap.get(e)||null}getByRef(e){return this._imageCache.get(e)||null}set(e,t,a){unreachable("Abstract method `set` called.")}}class LocalImageCache extends BaseLocalCache{set(e,t=null,a){if("string"!=typeof e)throw new Error('LocalImageCache.set - expected "name" argument.');if(t){if(this._imageCache.has(t))return;this._nameRefMap.set(e,t);this._imageCache.put(t,a)}else this._imageMap.has(e)||this._imageMap.set(e,a)}}class LocalColorSpaceCache extends BaseLocalCache{set(e=null,t=null,a){if("string"!=typeof e&&!t)throw new Error('LocalColorSpaceCache.set - expected "name" and/or "ref" argument.');if(t){if(this._imageCache.has(t))return;null!==e&&this._nameRefMap.set(e,t);this._imageCache.put(t,a)}else this._imageMap.has(e)||this._imageMap.set(e,a)}}class LocalFunctionCache extends BaseLocalCache{constructor(e){super({onlyRefs:!0})}set(e=null,t,a){if(!t)throw new Error('LocalFunctionCache.set - expected "ref" argument.');this._imageCache.has(t)||this._imageCache.put(t,a)}}class LocalGStateCache extends BaseLocalCache{set(e,t=null,a){if("string"!=typeof e)throw new Error('LocalGStateCache.set - expected "name" argument.');if(t){if(this._imageCache.has(t))return;this._nameRefMap.set(e,t);this._imageCache.put(t,a)}else this._imageMap.has(e)||this._imageMap.set(e,a)}}class LocalTilingPatternCache extends BaseLocalCache{constructor(e){super({onlyRefs:!0})}set(e=null,t,a){if(!t)throw new Error('LocalTilingPatternCache.set - expected "ref" argument.');this._imageCache.has(t)||this._imageCache.put(t,a)}}class RegionalImageCache extends BaseLocalCache{constructor(e){super({onlyRefs:!0})}set(e=null,t,a){if(!t)throw new Error('RegionalImageCache.set - expected "ref" argument.');this._imageCache.has(t)||this._imageCache.put(t,a)}}class GlobalColorSpaceCache extends BaseLocalCache{constructor(e){super({onlyRefs:!0})}set(e=null,t,a){if(!t)throw new Error('GlobalColorSpaceCache.set - expected "ref" argument.');this._imageCache.has(t)||this._imageCache.put(t,a)}clear(){this._imageCache.clear()}}class GlobalImageCache{static NUM_PAGES_THRESHOLD=2;static MIN_IMAGES_TO_CACHE=10;static MAX_BYTE_SIZE=5e7;#H=new RefSet;constructor(){this._refCache=new RefSetCache;this._imageCache=new RefSetCache}get#W(){let e=0;for(const t of this._imageCache)e+=t.byteSize;return e}get#z(){return!(this._imageCache.size+e)):null}class PDFFunction{static getSampleArray(e,t,a,r){let i,n,s=1;for(i=0,n=e.length;i>c)*h;l&=(1<0&&(d=n[u-1]);let f=a[1];u>1,c=r.length>>1,l=new PostScriptEvaluator(s),h=Object.create(null);let u=8192;const d=new Float32Array(c);return function constructPostScriptFn(e,t,a,r){let n,s,f="";const g=d;for(n=0;ne&&(s=e)}m[n]=s}if(u>0){u--;h[f]=m}a.set(m,r)}}}function isPDFFunction(e){let t;if(e instanceof Dict)t=e;else{if(!(e instanceof BaseStream))return!1;t=e.dict}return t.has("FunctionType")}class PostScriptStack{static MAX_STACK_SIZE=100;constructor(e){this.stack=e?Array.from(e):[]}push(e){if(this.stack.length>=PostScriptStack.MAX_STACK_SIZE)throw new Error("PostScript function stack overflow.");this.stack.push(e)}pop(){if(this.stack.length<=0)throw new Error("PostScript function stack underflow.");return this.stack.pop()}copy(e){if(this.stack.length+e>=PostScriptStack.MAX_STACK_SIZE)throw new Error("PostScript function stack overflow.");const t=this.stack;for(let a=t.length-e,r=e-1;r>=0;r--,a++)t.push(t[a])}index(e){this.push(this.stack[this.stack.length-e-1])}roll(e,t){const a=this.stack,r=a.length-e,i=a.length-1,n=r+(t-Math.floor(t/e)*e);for(let e=r,t=i;e0?t.push(s<>o);break;case"ceiling":s=t.pop();t.push(Math.ceil(s));break;case"copy":s=t.pop();t.copy(s);break;case"cos":s=t.pop();t.push(Math.cos(s%360/180*Math.PI));break;case"cvi":s=0|t.pop();t.push(s);break;case"cvr":break;case"div":o=t.pop();s=t.pop();t.push(s/o);break;case"dup":t.copy(1);break;case"eq":o=t.pop();s=t.pop();t.push(s===o);break;case"exch":t.roll(2,1);break;case"exp":o=t.pop();s=t.pop();t.push(s**o);break;case"false":t.push(!1);break;case"floor":s=t.pop();t.push(Math.floor(s));break;case"ge":o=t.pop();s=t.pop();t.push(s>=o);break;case"gt":o=t.pop();s=t.pop();t.push(s>o);break;case"idiv":o=t.pop();s=t.pop();t.push(s/o|0);break;case"index":s=t.pop();t.index(s);break;case"le":o=t.pop();s=t.pop();t.push(s<=o);break;case"ln":s=t.pop();t.push(Math.log(s));break;case"log":s=t.pop();t.push(Math.log10(s));break;case"lt":o=t.pop();s=t.pop();t.push(s=t?new AstLiteral(t):e.max<=t?e:new AstMin(e,t)}class PostScriptCompiler{compile(e,t,a){const r=[],i=[],n=t.length>>1,s=a.length>>1;let o,c,l,h,u,d,f,g,p=0;for(let e=0;et.min){o.unshift("Math.max(",n,", ");o.push(")")}if(s4){r=!0;t=0}else{r=!1;t=1}const c=[];for(n=0;n=0&&"ET"===kn[e];--e)kn[e]="EN";for(let e=n+1;e0&&(t=kn[n-1]);let a=u;e+1g&&isOdd(g)&&(m=g)}for(g=p;g>=m;--g){let e=-1;for(n=0,s=c.length;n=0){reverseValues(Sn,e,n);e=-1}}else e<0&&(e=n);e>=0&&reverseValues(Sn,e,c.length)}for(n=0,s=Sn.length;n"!==e||(Sn[n]="")}return createBidiText(Sn.join(""),r)}const An={style:"normal",weight:"normal"},Cn={style:"normal",weight:"bold"},vn={style:"italic",weight:"normal"},Fn={style:"italic",weight:"bold"},In=new Map([["Times-Roman",{local:["Times New Roman","Times-Roman","Times","Liberation Serif","Nimbus Roman","Nimbus Roman L","Tinos","Thorndale","TeX Gyre Termes","FreeSerif","Linux Libertine O","Libertinus Serif","DejaVu Serif","Bitstream Vera Serif","Ubuntu"],style:An,ultimate:"serif"}],["Times-Bold",{alias:"Times-Roman",style:Cn,ultimate:"serif"}],["Times-Italic",{alias:"Times-Roman",style:vn,ultimate:"serif"}],["Times-BoldItalic",{alias:"Times-Roman",style:Fn,ultimate:"serif"}],["Helvetica",{local:["Helvetica","Helvetica Neue","Arial","Arial Nova","Liberation Sans","Arimo","Nimbus Sans","Nimbus Sans L","A030","TeX Gyre Heros","FreeSans","DejaVu Sans","Albany","Bitstream Vera Sans","Arial Unicode MS","Microsoft Sans Serif","Apple Symbols","Cantarell"],path:"LiberationSans-Regular.ttf",style:An,ultimate:"sans-serif"}],["Helvetica-Bold",{alias:"Helvetica",path:"LiberationSans-Bold.ttf",style:Cn,ultimate:"sans-serif"}],["Helvetica-Oblique",{alias:"Helvetica",path:"LiberationSans-Italic.ttf",style:vn,ultimate:"sans-serif"}],["Helvetica-BoldOblique",{alias:"Helvetica",path:"LiberationSans-BoldItalic.ttf",style:Fn,ultimate:"sans-serif"}],["Courier",{local:["Courier","Courier New","Liberation Mono","Nimbus Mono","Nimbus Mono L","Cousine","Cumberland","TeX Gyre Cursor","FreeMono","Linux Libertine Mono O","Libertinus Mono"],style:An,ultimate:"monospace"}],["Courier-Bold",{alias:"Courier",style:Cn,ultimate:"monospace"}],["Courier-Oblique",{alias:"Courier",style:vn,ultimate:"monospace"}],["Courier-BoldOblique",{alias:"Courier",style:Fn,ultimate:"monospace"}],["ArialBlack",{local:["Arial Black"],style:{style:"normal",weight:"900"},fallback:"Helvetica-Bold"}],["ArialBlack-Bold",{alias:"ArialBlack"}],["ArialBlack-Italic",{alias:"ArialBlack",style:{style:"italic",weight:"900"},fallback:"Helvetica-BoldOblique"}],["ArialBlack-BoldItalic",{alias:"ArialBlack-Italic"}],["ArialNarrow",{local:["Arial Narrow","Liberation Sans Narrow","Helvetica Condensed","Nimbus Sans Narrow","TeX Gyre Heros Cn"],style:An,fallback:"Helvetica"}],["ArialNarrow-Bold",{alias:"ArialNarrow",style:Cn,fallback:"Helvetica-Bold"}],["ArialNarrow-Italic",{alias:"ArialNarrow",style:vn,fallback:"Helvetica-Oblique"}],["ArialNarrow-BoldItalic",{alias:"ArialNarrow",style:Fn,fallback:"Helvetica-BoldOblique"}],["Calibri",{local:["Calibri","Carlito"],style:An,fallback:"Helvetica"}],["Calibri-Bold",{alias:"Calibri",style:Cn,fallback:"Helvetica-Bold"}],["Calibri-Italic",{alias:"Calibri",style:vn,fallback:"Helvetica-Oblique"}],["Calibri-BoldItalic",{alias:"Calibri",style:Fn,fallback:"Helvetica-BoldOblique"}],["Wingdings",{local:["Wingdings","URW Dingbats"],style:An}],["Wingdings-Regular",{alias:"Wingdings"}],["Wingdings-Bold",{alias:"Wingdings"}]]),Tn=new Map([["Arial-Black","ArialBlack"]]);function getFamilyName(e){const t=new Set(["thin","extralight","ultralight","demilight","semilight","light","book","regular","normal","medium","demibold","semibold","bold","extrabold","ultrabold","black","heavy","extrablack","ultrablack","roman","italic","oblique","ultracondensed","extracondensed","condensed","semicondensed","normal","semiexpanded","expanded","extraexpanded","ultraexpanded","bolditalic"]);return e.split(/[- ,+]+/g).filter((e=>!t.has(e.toLowerCase()))).join(" ")}function generateFont({alias:e,local:t,path:a,fallback:r,style:i,ultimate:n},s,o,c=!0,l=!0,h=""){const u={style:null,ultimate:null};if(t){const e=h?` ${h}`:"";for(const a of t)s.push(`local(${a}${e})`)}if(e){const t=In.get(e),n=h||function getStyleToAppend(e){switch(e){case Cn:return"Bold";case vn:return"Italic";case Fn:return"Bold Italic";default:if("bold"===e?.weight)return"Bold";if("italic"===e?.style)return"Italic"}return""}(i);Object.assign(u,generateFont(t,s,o,c&&!r,l&&!a,n))}i&&(u.style=i);n&&(u.ultimate=n);if(c&&r){const e=In.get(r),{ultimate:t}=generateFont(e,s,o,c,l&&!a,h);u.ultimate||=t}l&&a&&o&&s.push(`url(${o}${a})`);return u}function getFontSubstitution(e,t,a,r,i,n){if(r.startsWith("InvalidPDFjsFont_"))return null;"TrueType"!==n&&"Type1"!==n||!/^[A-Z]{6}\+/.test(r)||(r=r.slice(7));const s=r=normalizeFontName(r);let o=e.get(s);if(o)return o;let c=In.get(r);if(!c)for(const[e,t]of Tn)if(r.startsWith(e)){r=`${t}${r.substring(e.length)}`;c=In.get(r);break}let l=!1;if(!c){c=In.get(i);l=!0}const h=`${t.getDocId()}_s${t.createFontId()}`;if(!c){if(!validateFontName(r)){warn(`Cannot substitute the font because of its name: ${r}`);e.set(s,null);return null}const t=/bold/gi.test(r),a=/oblique|italic/gi.test(r),i=t&&a&&Fn||t&&Cn||a&&vn||An;o={css:`"${getFamilyName(r)}",${h}`,guessFallback:!0,loadedName:h,baseFontName:r,src:`local(${r})`,style:i};e.set(s,o);return o}const u=[];l&&validateFontName(r)&&u.push(`local(${r})`);const{style:d,ultimate:f}=generateFont(c,u,a),g=null===f,p=g?"":`,${f}`;o={css:`"${getFamilyName(r)}",${h}${p}`,guessFallback:g,loadedName:h,baseFontName:r,src:u.join(","),style:d};e.set(s,o);return o}const On=3285377520,Mn=4294901760,Dn=65535;class MurmurHash3_64{constructor(e){this.h1=e?4294967295&e:On;this.h2=e?4294967295&e:On}update(e){let t,a;if("string"==typeof e){t=new Uint8Array(2*e.length);a=0;for(let r=0,i=e.length;r>>8;t[a++]=255&i}}}else{if(!ArrayBuffer.isView(e))throw new Error("Invalid data format, must be a string or TypedArray.");t=e.slice();a=t.byteLength}const r=a>>2,i=a-4*r,n=new Uint32Array(t.buffer,0,r);let s=0,o=0,c=this.h1,l=this.h2;const h=3432918353,u=461845907,d=11601,f=13715;for(let e=0;e>>17;s=s*u&Mn|s*f&Dn;c^=s;c=c<<13|c>>>19;c=5*c+3864292196}else{o=n[e];o=o*h&Mn|o*d&Dn;o=o<<15|o>>>17;o=o*u&Mn|o*f&Dn;l^=o;l=l<<13|l>>>19;l=5*l+3864292196}s=0;switch(i){case 3:s^=t[4*r+2]<<16;case 2:s^=t[4*r+1]<<8;case 1:s^=t[4*r];s=s*h&Mn|s*d&Dn;s=s<<15|s>>>17;s=s*u&Mn|s*f&Dn;1&r?c^=s:l^=s}this.h1=c;this.h2=l}hexdigest(){let e=this.h1,t=this.h2;e^=t>>>1;e=3981806797*e&Mn|36045*e&Dn;t=4283543511*t&Mn|(2950163797*(t<<16|e>>>16)&Mn)>>>16;e^=t>>>1;e=444984403*e&Mn|60499*e&Dn;t=3301882366*t&Mn|(3120437893*(t<<16|e>>>16)&Mn)>>>16;e^=t>>>1;return(e>>>0).toString(16).padStart(8,"0")+(t>>>0).toString(16).padStart(8,"0")}}function resizeImageMask(e,t,a,r,i,n){const s=i*n;let o;o=t<=8?new Uint8Array(s):t<=16?new Uint16Array(s):new Uint32Array(s);const c=a/i,l=r/n;let h,u,d,f,g=0;const p=new Uint16Array(i),m=a;for(h=0;h0&&Number.isInteger(a.height)&&a.height>0&&(a.width!==f||a.height!==g)){warn("PDFImage - using the Width/Height of the image data, rather than the image dictionary.");f=a.width;g=a.height}else{const e="number"==typeof f&&f>0,t="number"==typeof g&&g>0;if(!e||!t){if(!a.fallbackDims)throw new FormatError(`Invalid image width: ${f} or height: ${g}`);warn("PDFImage - using the Width/Height of the parent image, for SMask/Mask data.");e||(f=a.fallbackDims.width);t||(g=a.fallbackDims.height)}}this.width=f;this.height=g;this.interpolate=h.get("I","Interpolate");this.imageMask=h.get("IM","ImageMask")||!1;this.matte=h.get("Matte")||!1;let p=a.bitsPerComponent;if(!p){p=h.get("BPC","BitsPerComponent");if(!p){if(!this.imageMask)throw new FormatError(`Bits per component missing in image: ${this.imageMask}`);p=1}}this.bpc=p;if(!this.imageMask){let i=h.getRaw("CS")||h.getRaw("ColorSpace");const n=!!i;if(n)this.jpxDecoderOptions?.smaskInData&&(i=Name.get("DeviceRGBA"));else if(this.jpxDecoderOptions)i=Name.get("DeviceRGBA");else switch(a.numComps){case 1:i=Name.get("DeviceGray");break;case 3:i=Name.get("DeviceRGB");break;case 4:i=Name.get("DeviceCMYK");break;default:throw new Error(`Images with ${a.numComps} color components not supported.`)}this.colorSpace=ColorSpaceUtils.parse({cs:i,xref:e,resources:r?t:null,pdfFunctionFactory:o,globalColorSpaceCache:c,localColorSpaceCache:l});this.numComps=this.colorSpace.numComps;if(this.jpxDecoderOptions){this.jpxDecoderOptions.numComponents=n?this.numComps:0;this.jpxDecoderOptions.isIndexedColormap="Indexed"===this.colorSpace.name}}this.decode=h.getArray("D","Decode");this.needsDecode=!1;if(this.decode&&(this.colorSpace&&!this.colorSpace.isDefaultDecode(this.decode,p)||s&&!ColorSpace.isDefaultDecode(this.decode,1))){this.needsDecode=!0;const e=(1<0,c=(r+7>>3)*i,l=e.getBytes(c),h=1===r&&1===i&&o===(0===l.length||!!(128&l[0]));if(h)return{isSingleOpaquePixel:h};if(t){if(ImageResizer.needsToBeResized(r,i)){const e=new Uint8ClampedArray(r*i*4);convertBlackAndWhiteToRGBA({src:l,dest:e,width:r,height:i,nonBlackColor:0,inverseDecode:o});return ImageResizer.createImage({kind:v,data:e,width:r,height:i,interpolate:n})}const e=new OffscreenCanvas(r,i),t=e.getContext("2d"),a=t.createImageData(r,i);convertBlackAndWhiteToRGBA({src:l,dest:a.data,width:r,height:i,nonBlackColor:0,inverseDecode:o});t.putImageData(a,0,0);return{data:null,width:r,height:i,interpolate:n,bitmap:e.transferToImageBitmap()}}const u=l.byteLength;let d;if(e instanceof DecodeStream&&(!o||c===u))d=l;else if(o){d=new Uint8Array(c);d.set(l);d.fill(255,u)}else d=new Uint8Array(l);if(o)for(let e=0;e>7&1;s[d+1]=u>>6&1;s[d+2]=u>>5&1;s[d+3]=u>>4&1;s[d+4]=u>>3&1;s[d+5]=u>>2&1;s[d+6]=u>>1&1;s[d+7]=1&u;d+=8}if(d>=1}}}}else{let a=0;u=0;for(d=0,h=n;d>r;i<0?i=0:i>l&&(i=l);s[d]=i;u&=(1<s[r+1]){t=255;break}}o[h]=t}}}if(o)for(h=0,d=3,u=t*r;h>3,h=t&&ImageResizer.needsToBeResized(a,r);if(!this.smask&&!this.mask&&"DeviceRGBA"===this.colorSpace.name){i.kind=v;const e=i.data=await this.getImageBytes(o*s*4,{});return t?h?ImageResizer.createImage(i,!1):this.createBitmap(v,a,r,e):i}if(!e){let e;"DeviceGray"===this.colorSpace.name&&1===c?e=k:"DeviceRGB"!==this.colorSpace.name||8!==c||this.needsDecode||(e=C);if(e&&!this.smask&&!this.mask&&a===s&&r===o){const n=await this.#$(s,o);if(n)return n;const c=await this.getImageBytes(o*l,{});if(t)return h?ImageResizer.createImage({data:c,kind:e,width:a,height:r,interpolate:this.interpolate},this.needsDecode):this.createBitmap(e,s,o,c);i.kind=e;i.data=c;if(this.needsDecode){assert(e===k,"PDFImage.createImageData: The image must be grayscale.");const t=i.data;for(let e=0,a=t.length;e>3,s=await this.getImageBytes(r*n,{internal:!0}),o=this.getComponents(s);let c,l;if(1===i){l=a*r;if(this.needsDecode)for(c=0;c0&&r[0].count++}class TimeSlotManager{static TIME_SLOT_DURATION_MS=20;static CHECK_TIME_EVERY=100;constructor(){this.reset()}check(){if(++this.checkedo){const e="Image exceeded maximum allowed size and was removed.";if(!c)throw new Error(e);warn(e);return}let g;h.has("OC")&&(g=await this.parseMarkedContentProps(h.get("OC"),e));let p,m,b;if(h.get("IM","ImageMask")||!1){p=await PDFImage.createMask({image:t,isOffscreenCanvasSupported:l&&!this.parsingType3Font});if(p.isSingleOpaquePixel){m=ta;b=[];r.addImageOps(m,b,g);if(i){const e={fn:m,args:b,optionalContent:g};n.set(i,u,e);u&&this._regionalImageCache.set(null,u,e)}return}if(this.parsingType3Font){b=function compileType3Glyph({data:e,width:t,height:a}){if(t>1e3||a>1e3)return null;const r=new Uint8Array([0,2,4,0,1,0,5,4,8,10,0,8,0,2,1,0]),i=t+1,n=new Uint8Array(i*(a+1));let s,o,c;const l=t+7&-8,h=new Uint8Array(l*a);let u=0;for(const t of e){let e=128;for(;e>0;){h[u++]=t&e?0:255;e>>=1}}let d=0;u=0;if(0!==h[u]){n[0]=1;++d}for(o=1;o>2)+(h[u+1]?4:0)+(h[u-l+1]?8:0);if(r[e]){n[c+o]=r[e];++d}u++}if(h[u-l]!==h[u]){n[c+o]=h[u]?2:4;++d}if(d>1e3)return null}u=l*(a-1);c=s*i;if(0!==h[u]){n[c]=8;++d}for(o=1;o1e3)return null;const f=new Int32Array([0,i,-1,0,-i,0,0,0,1]),g=[],{a:p,b:m,c:b,d:y,e:w,f:x}=(new DOMMatrix).scaleSelf(1/t,-1/a).translateSelf(0,-a);for(s=0;d&&s<=a;s++){let e=s*i;const a=e+t;for(;e>4;n[e]&=l>>2|l<<2}r=e%i;o=e/i|0;g.push(oa,p*r+b*o+w,m*r+y*o+x);n[e]||--d}while(c!==e);--s}return[na,[new Float32Array(g)],new Float32Array([0,0,t,a])]}(p);if(b){r.addImageOps(aa,b,g);return}warn("Cannot compile Type3 glyph.");r.addImageOps(Vt,[p],g);return}const e=`mask_${this.idFactory.createObjId()}`;r.addDependency(e);p.dataLen=p.bitmap?p.width*p.height*4:p.data.length;this._sendImgData(e,p);m=Vt;b=[{data:e,width:p.width,height:p.height,interpolate:p.interpolate,count:1}];r.addImageOps(m,b,g);if(i){const t={objId:e,fn:m,args:b,optionalContent:g};n.set(i,u,t);u&&this._regionalImageCache.set(null,u,t)}return}const y=h.has("SMask")||h.has("Mask");if(a&&d+f<200&&!y){try{const i=new PDFImage({xref:this.xref,res:e,image:t,isInline:a,pdfFunctionFactory:this._pdfFunctionFactory,globalColorSpaceCache:this.globalColorSpaceCache,localColorSpaceCache:s});p=await i.createImageData(!0,!1);r.addImageOps(Yt,[p],g)}catch(e){const t=`Unable to decode inline image: "${e}".`;if(!c)throw new Error(t);warn(t)}return}let w=`img_${this.idFactory.createObjId()}`,x=!1,S=null;if(this.parsingType3Font)w=`${this.idFactory.getDocId()}_type3_${w}`;else if(i&&u){x=this.globalImageCache.shouldCache(u,this.pageIndex);if(x){assert(!a,"Cannot cache an inline image globally.");w=`${this.idFactory.getDocId()}_${w}`}}r.addDependency(w);m=Jt;b=[w,d,f];r.addImageOps(m,b,g,y);if(x){S={objId:w,fn:m,args:b,optionalContent:g,hasMask:y,byteSize:0};if(this.globalImageCache.hasDecodeFailed(u)){this.globalImageCache.setData(u,S);this._sendImgData(w,null,x);return}if(d*f>25e4||y){const e=await this.handler.sendWithPromise("commonobj",[w,"CopyLocalImage",{imageRef:u}]);if(e){this.globalImageCache.setData(u,S);this.globalImageCache.addByteSize(u,e);return}}}PDFImage.buildImage({xref:this.xref,res:e,image:t,isInline:a,pdfFunctionFactory:this._pdfFunctionFactory,globalColorSpaceCache:this.globalColorSpaceCache,localColorSpaceCache:s}).then((async e=>{p=await e.createImageData(!1,l);p.dataLen=p.bitmap?p.width*p.height*4:p.data.length;p.ref=u;x&&this.globalImageCache.addByteSize(u,p.dataLen);return this._sendImgData(w,p,x)})).catch((e=>{warn(`Unable to decode image "${w}": "${e}".`);u&&this.globalImageCache.addDecodeFailed(u);return this._sendImgData(w,null,x)}));if(i){const e={objId:w,fn:m,args:b,optionalContent:g,hasMask:y};n.set(i,u,e);if(u){this._regionalImageCache.set(null,u,e);if(x){assert(S,"The global cache-data must be available.");this.globalImageCache.setData(u,S)}}}}handleSMask(e,t,a,r,i,n,s){const o=e.get("G"),c={subtype:e.get("S").name,backdrop:e.get("BC")},l=e.get("TR");if(isPDFFunction(l)){const e=this._pdfFunctionFactory.create(l),t=new Uint8Array(256),a=new Float32Array(1);for(let r=0;r<256;r++){a[0]=r/255;e(a,0,a,0);t[r]=255*a[0]|0}c.transferMap=t}return this.buildFormXObject(t,o,c,a,r,i.state.clone({newPath:!0}),n,s)}handleTransferFunction(e){let t;if(Array.isArray(e))t=e;else{if(!isPDFFunction(e))return null;t=[e]}const a=[];let r=0,i=0;for(const e of t){const t=this.xref.fetchIfRef(e);r++;if(isName(t,"Identity")){a.push(null);continue}if(!isPDFFunction(t))return null;const n=this._pdfFunctionFactory.create(t),s=new Uint8Array(256),o=new Float32Array(1);for(let e=0;e<256;e++){o[0]=e/255;n(o,0,o,0);s[e]=255*o[0]|0}a.push(s);i++}return 1!==r&&4!==r||0===i?null:a}handleTilingType(e,t,a,r,i,n,s,o){const c=new OperatorList,l=Dict.merge({xref:this.xref,dictArray:[i.get("Resources"),a]});return this.getOperatorList({stream:r,task:s,resources:l,operatorList:c}).then((function(){const a=c.getIR(),r=getTilingPatternIR(a,i,t);n.addDependencies(c.dependencies);n.addOp(e,r);i.objId&&o.set(null,i.objId,{operatorListIR:a,dict:i})})).catch((e=>{if(!(e instanceof AbortException)){if(!this.options.ignoreErrors)throw e;warn(`handleTilingType - ignoring pattern: "${e}".`)}}))}async handleSetFont(e,t,a,r,i,n,s=null,o=null){const c=t?.[0]instanceof Name?t[0].name:null,l=await this.loadFont(c,a,e,i,s,o);l.font.isType3Font&&r.addDependencies(l.type3Dependencies);n.font=l.font;l.send(this.handler);return l.loadedName}handleText(e,t){const a=t.font,r=a.charsToGlyphs(e);if(a.data){(!!(t.textRenderingMode&S)||"Pattern"===t.fillColorSpace.name||a.disableFontFace)&&PartialEvaluator.buildFontPaths(a,r,this.handler,this.options)}return r}ensureStateFont(e){if(e.font)return;const t=new FormatError("Missing setFont (Tf) operator before text rendering operator.");if(!this.options.ignoreErrors)throw t;warn(`ensureStateFont: "${t}".`)}async setGState({resources:e,gState:t,operatorList:a,cacheKey:r,task:i,stateManager:n,localGStateCache:s,localColorSpaceCache:o,seenRefs:c}){const l=t.objId;let h=!0;const u=[];let d=Promise.resolve();for(const[r,s]of t)switch(r){case"Type":break;case"LW":if("number"!=typeof s){warn(`Invalid LW (line width): ${s}`);break}u.push([r,Math.abs(s)]);break;case"LC":case"LJ":case"ML":case"D":case"RI":case"FL":case"CA":case"ca":u.push([r,s]);break;case"Font":h=!1;d=d.then((()=>this.handleSetFont(e,null,s[0],a,i,n.state).then((function(e){a.addDependency(e);u.push([r,[e,s[1]]])}))));break;case"BM":u.push([r,normalizeBlendMode(s)]);break;case"SMask":if(isName(s,"None")){u.push([r,!1]);break}if(s instanceof Dict){h=!1;d=d.then((()=>this.handleSMask(s,e,a,i,n,o,c)));u.push([r,!0])}else warn("Unsupported SMask type");break;case"TR":const t=this.handleTransferFunction(s);u.push([r,t]);break;case"OP":case"op":case"OPM":case"BG":case"BG2":case"UCR":case"UCR2":case"TR2":case"HT":case"SM":case"SA":case"AIS":case"TK":info("graphic state operator "+r);break;default:info("Unknown graphic state operator "+r)}await d;u.length>0&&a.addOp(De,[u]);h&&s.set(r,l,u)}loadFont(e,t,a,r,i=null,n=null){const errorFont=async()=>new TranslatedFont({loadedName:"g_font_error",font:new ErrorFont(`Font "${e}" is not available.`),dict:t});let s;if(t)t instanceof Ref&&(s=t);else{const t=a.get("Font");t&&(s=t.getRaw(e))}if(s){if(this.type3FontRefs?.has(s))return errorFont();if(this.fontCache.has(s))return this.fontCache.get(s);try{t=this.xref.fetchIfRef(s)}catch(e){warn(`loadFont - lookup failed: "${e}".`)}}if(!(t instanceof Dict)){if(!this.options.ignoreErrors&&!this.parsingType3Font){warn(`Font "${e}" is not available.`);return errorFont()}warn(`Font "${e}" is not available -- attempting to fallback to a default font.`);t=i||PartialEvaluator.fallbackFontDict}if(t.cacheKey&&this.fontCache.has(t.cacheKey))return this.fontCache.get(t.cacheKey);const{promise:o,resolve:c}=Promise.withResolvers();let l;try{l=this.preEvaluateFont(t);l.cssFontInfo=n}catch(e){warn(`loadFont - preEvaluateFont failed: "${e}".`);return errorFont()}const{descriptor:h,hash:u}=l,d=s instanceof Ref;let f;if(u&&h instanceof Dict){const e=h.fontAliases||=Object.create(null);if(e[u]){const t=e[u].aliasRef;if(d&&t&&this.fontCache.has(t)){this.fontCache.putAlias(s,t);return this.fontCache.get(s)}}else e[u]={fontID:this.idFactory.createFontId()};d&&(e[u].aliasRef=s);f=e[u].fontID}else f=this.idFactory.createFontId();assert(f?.startsWith("f"),'The "fontID" must be (correctly) defined.');if(d)this.fontCache.put(s,o);else{t.cacheKey=`cacheKey_${f}`;this.fontCache.put(t.cacheKey,o)}t.loadedName=`${this.idFactory.getDocId()}_${f}`;this.translateFont(l).then((async e=>{const i=new TranslatedFont({loadedName:t.loadedName,font:e,dict:t});if(e.isType3Font)try{await i.loadType3Data(this,a,r)}catch(e){throw new Error(`Type3 font load error: ${e}`)}c(i)})).catch((e=>{warn(`loadFont - translateFont failed: "${e}".`);c(new TranslatedFont({loadedName:t.loadedName,font:new ErrorFont(e?.message),dict:t}))}));return o}buildPath(e,t,a){const{pathMinMax:r,pathBuffer:i}=a;switch(0|e){case Xe:{const e=a.currentPointX=t[0],n=a.currentPointY=t[1],s=t[2],o=t[3],c=e+s,l=n+o;0===s||0===o?i.push(sa,e,n,oa,c,l,la):i.push(sa,e,n,oa,c,n,oa,c,l,oa,e,l,la);Util.rectBoundingBox(e,n,c,l,r);break}case Ee:{const e=a.currentPointX=t[0],n=a.currentPointY=t[1];i.push(sa,e,n);Util.pointBoundingBox(e,n,r);break}case Pe:{const e=a.currentPointX=t[0],n=a.currentPointY=t[1];i.push(oa,e,n);Util.pointBoundingBox(e,n,r);break}case Le:{const e=a.currentPointX,n=a.currentPointY,[s,o,c,l,h,u]=t;a.currentPointX=h;a.currentPointY=u;i.push(ca,s,o,c,l,h,u);Util.bezierBoundingBox(e,n,s,o,c,l,h,u,r);break}case je:{const e=a.currentPointX,n=a.currentPointY,[s,o,c,l]=t;a.currentPointX=c;a.currentPointY=l;i.push(ca,e,n,s,o,c,l);Util.bezierBoundingBox(e,n,e,n,s,o,c,l,r);break}case _e:{const e=a.currentPointX,n=a.currentPointY,[s,o,c,l]=t;a.currentPointX=c;a.currentPointY=l;i.push(ca,s,o,c,l,c,l);Util.bezierBoundingBox(e,n,s,o,c,l,c,l,r);break}case Ue:i.push(la)}}_getColorSpace(e,t,a){return ColorSpaceUtils.parse({cs:e,xref:this.xref,resources:t,pdfFunctionFactory:this._pdfFunctionFactory,globalColorSpaceCache:this.globalColorSpaceCache,localColorSpaceCache:a,asyncIfNotCached:!0})}async _handleColorSpace(e){try{return await e}catch(e){if(e instanceof AbortException)return null;if(this.options.ignoreErrors){warn(`_handleColorSpace - ignoring ColorSpace: "${e}".`);return null}throw e}}parseShading({shading:e,resources:t,localColorSpaceCache:a,localShadingPatternCache:r}){let i,n=r.get(e);if(n)return n;try{i=Pattern.parseShading(e,this.xref,t,this._pdfFunctionFactory,this.globalColorSpaceCache,a).getIR()}catch(t){if(t instanceof AbortException)return null;if(this.options.ignoreErrors){warn(`parseShading - ignoring shading: "${t}".`);r.set(e,null);return null}throw t}n=`pattern_${this.idFactory.createObjId()}`;this.parsingType3Font&&(n=`${this.idFactory.getDocId()}_type3_${n}`);r.set(e,n);this.parsingType3Font?this.handler.send("commonobj",[n,"Pattern",i]):this.handler.send("obj",[n,this.pageIndex,"Pattern",i]);return n}handleColorN(e,t,a,r,i,n,s,o,c,l){const h=a.pop();if(h instanceof Name){const u=i.getRaw(h.name),d=u instanceof Ref&&c.getByRef(u);if(d)try{const i=r.base?r.base.getRgbHex(a,0):null,n=getTilingPatternIR(d.operatorListIR,d.dict,i);e.addOp(t,n);return}catch{}const f=this.xref.fetchIfRef(u);if(f){const i=f instanceof BaseStream?f.dict:f,h=i.get("PatternType");if(h===Rn){const o=r.base?r.base.getRgbHex(a,0):null;return this.handleTilingType(t,o,n,f,i,e,s,c)}if(h===Nn){const a=i.get("Shading"),r=this.parseShading({shading:a,resources:n,localColorSpaceCache:o,localShadingPatternCache:l});if(r){const a=lookupMatrix(i.getArray("Matrix"),null);e.addOp(t,["Shading",r,a])}return}throw new FormatError(`Unknown PatternType: ${h}`)}}throw new FormatError(`Unknown PatternName: ${h}`)}_parseVisibilityExpression(e,t,a){if(++t>10){warn("Visibility expression is too deeply nested");return}const r=e.length,i=this.xref.fetchIfRef(e[0]);if(!(r<2)&&i instanceof Name){switch(i.name){case"And":case"Or":case"Not":a.push(i.name);break;default:warn(`Invalid operator ${i.name} in visibility expression`);return}for(let i=1;i0)return{type:"OCMD",expression:t}}const t=a.get("OCGs");if(Array.isArray(t)||t instanceof Dict){const e=[];if(Array.isArray(t))for(const a of t)e.push(a.toString());else e.push(t.objId);return{type:r,ids:e,policy:a.get("P")instanceof Name?a.get("P").name:null,expression:null}}if(t instanceof Ref)return{type:r,id:t.toString()}}return null}getOperatorList({stream:e,task:t,resources:a,operatorList:r,initialState:i=null,fallbackFontDict:n=null,prevRefs:s=null}){const o=e.dict?.objId,c=new RefSet(s);if(o){if(s?.has(o))throw new Error(`getOperatorList - ignoring circular reference: ${o}`);c.put(o)}a||=Dict.empty;i||=new EvalState;if(!r)throw new Error('getOperatorList: missing "operatorList" parameter');const l=this,h=this.xref,u=new LocalImageCache,d=new LocalColorSpaceCache,f=new LocalGStateCache,g=new LocalTilingPatternCache,p=new Map,m=a.get("XObject")||Dict.empty,b=a.get("Pattern")||Dict.empty,y=new StateManager(i),w=new EvaluatorPreprocessor(e,h,y),x=new TimeSlotManager;function closePendingRestoreOPS(e){for(let e=0,t=w.savedStatesDepth;e{y.state.fillColorSpace=e||ColorSpaceUtils.gray})));return}case yt:{const t=l._getColorSpace(e[0],a,d);if(t instanceof ColorSpace){y.state.strokeColorSpace=t;continue}next(l._handleColorSpace(t).then((e=>{y.state.strokeColorSpace=e||ColorSpaceUtils.gray})));return}case kt:C=y.state.fillColorSpace;e=[C.getRgbHex(e,0)];i=It;break;case xt:C=y.state.strokeColorSpace;e=[C.getRgbHex(e,0)];i=Ft;break;case vt:y.state.fillColorSpace=ColorSpaceUtils.gray;e=[ColorSpaceUtils.gray.getRgbHex(e,0)];i=It;break;case Ct:y.state.strokeColorSpace=ColorSpaceUtils.gray;e=[ColorSpaceUtils.gray.getRgbHex(e,0)];i=Ft;break;case Ot:y.state.fillColorSpace=ColorSpaceUtils.cmyk;e=[ColorSpaceUtils.cmyk.getRgbHex(e,0)];i=It;break;case Tt:y.state.strokeColorSpace=ColorSpaceUtils.cmyk;e=[ColorSpaceUtils.cmyk.getRgbHex(e,0)];i=Ft;break;case It:y.state.fillColorSpace=ColorSpaceUtils.rgb;e=[ColorSpaceUtils.rgb.getRgbHex(e,0)];break;case Ft:y.state.strokeColorSpace=ColorSpaceUtils.rgb;e=[ColorSpaceUtils.rgb.getRgbHex(e,0)];break;case At:C=y.state.patternFillColorSpace;if(!C){if(isNumberArray(e,null)){e=[ColorSpaceUtils.gray.getRgbHex(e,0)];i=It;break}e=[];i=ia;break}if("Pattern"===C.name){next(l.handleColorN(r,At,e,C,b,a,t,d,g,p));return}e=[C.getRgbHex(e,0)];i=It;break;case St:C=y.state.patternStrokeColorSpace;if(!C){if(isNumberArray(e,null)){e=[ColorSpaceUtils.gray.getRgbHex(e,0)];i=Ft;break}e=[];i=ra;break}if("Pattern"===C.name){next(l.handleColorN(r,St,e,C,b,a,t,d,g,p));return}e=[C.getRgbHex(e,0)];i=Ft;break;case Mt:let T;try{const t=a.get("Shading");if(!t)throw new FormatError("No shading resource found");T=t.get(e[0].name);if(!T)throw new FormatError("No shading object found")}catch(e){if(e instanceof AbortException)continue;if(l.options.ignoreErrors){warn(`getOperatorList - ignoring Shading: "${e}".`);continue}throw e}const O=l.parseShading({shading:T,resources:a,localColorSpaceCache:d,localShadingPatternCache:p});if(!O)continue;e=[O];i=Mt;break;case De:F=e[0]instanceof Name;v=e[0].name;if(F){const t=f.getByName(v);if(t){t.length>0&&r.addOp(De,[t]);e=null;continue}}next(new Promise((function(e,i){if(!F)throw new FormatError("GState must be referred to by name.");const n=a.get("ExtGState");if(!(n instanceof Dict))throw new FormatError("ExtGState should be a dictionary.");const s=n.get(v);if(!(s instanceof Dict))throw new FormatError("GState should be a dictionary.");l.setGState({resources:a,gState:s,operatorList:r,cacheKey:v,task:t,stateManager:y,localGStateCache:f,localColorSpaceCache:d,seenRefs:c}).then(e,i)})).catch((function(e){if(!(e instanceof AbortException)){if(!l.options.ignoreErrors)throw e;warn(`getOperatorList - ignoring ExtGState: "${e}".`)}})));return;case Ce:{const[t]=e;if("number"!=typeof t){warn(`Invalid setLineWidth: ${t}`);continue}e[0]=Math.abs(t);break}case Ee:case Pe:case Le:case je:case _e:case Ue:case Xe:l.buildPath(i,e,y.state);continue;case qe:case He:case We:case ze:case $e:case Ge:case Ve:case Ke:case Je:{const{state:{pathBuffer:e,pathMinMax:t}}=y;i!==He&&i!==Ve&&i!==Ke||e.push(la);if(0===e.length)r.addOp(aa,[i,[null],null]);else{r.addOp(aa,[i,[new Float32Array(e)],t.slice()]);e.length=0;t.set([1/0,1/0,-1/0,-1/0],0)}continue}case ht:r.addOp(i,[new Float32Array(e)]);continue;case Et:case Pt:case Ut:case Xt:continue;case jt:if(!(e[0]instanceof Name)){warn(`Expected name for beginMarkedContentProps arg0=${e[0]}`);r.addOp(jt,["OC",null]);continue}if("OC"===e[0].name){next(l.parseMarkedContentProps(e[1],a).then((e=>{r.addOp(jt,["OC",e])})).catch((e=>{if(!(e instanceof AbortException)){if(!l.options.ignoreErrors)throw e;warn(`getOperatorList - ignoring beginMarkedContentProps: "${e}".`);r.addOp(jt,["OC",null])}})));return}e=[e[0].name,e[1]instanceof Dict?e[1].get("MCID"):null];break;default:if(null!==e){for(S=0,k=e.length;S{if(!(e instanceof AbortException)){if(!this.options.ignoreErrors)throw e;warn(`getOperatorList - ignoring errors during "${t.name}" task: "${e}".`);closePendingRestoreOPS()}}))}getTextContent({stream:e,task:a,resources:r,stateManager:i=null,includeMarkedContent:n=!1,sink:s,seenStyles:o=new Set,viewBox:c,lang:l=null,markedContentData:h=null,disableNormalization:u=!1,keepWhiteSpace:d=!1,prevRefs:f=null,intersector:g=null}){const p=e.dict?.objId,m=new RefSet(f);if(p){if(f?.has(p))throw new Error(`getTextContent - ignoring circular reference: ${p}`);m.put(p)}r||=Dict.empty;i||=new StateManager(new TextState);n&&(h||={level:0});const b={items:[],styles:Object.create(null),lang:l},y={initialized:!1,str:[],totalWidth:0,totalHeight:0,width:0,height:0,vertical:!1,prevTransform:null,textAdvanceScale:0,spaceInFlowMin:0,spaceInFlowMax:0,trackingSpaceMin:1/0,negativeSpaceMax:-1/0,notASpace:-1/0,transform:null,fontName:null,hasEOL:!1},w=[" "," "];let x=0;function saveLastChar(e){const t=(x+1)%2,a=" "!==w[x]&&" "===w[t];w[x]=e;x=t;return!d&&a}function shouldAddWhitepsace(){return!d&&" "!==w[x]&&" "===w[(x+1)%2]}function resetLastChars(){w[0]=w[1]=" ";x=0}const S=this,k=this.xref,C=[];let v=null;const F=new LocalImageCache,T=new LocalGStateCache,O=new EvaluatorPreprocessor(e,k,i);let M;function pushWhitespace({width:e=0,height:t=0,transform:a=y.prevTransform,fontName:r=y.fontName}){g?.addExtraChar(" ");b.items.push({str:" ",dir:"ltr",width:e,height:t,transform:a,fontName:r,hasEOL:!1})}function getCurrentTextTransform(){const e=M.font,a=[M.fontSize*M.textHScale,0,0,M.fontSize,0,M.textRise];if(e.isType3Font&&(M.fontSize<=1||e.isCharBBox)&&!isArrayEqual(M.fontMatrix,t)){const t=e.bbox[3]-e.bbox[1];t>0&&(a[3]*=t*M.fontMatrix[3])}return Util.transform(M.ctm,Util.transform(M.textMatrix,a))}function ensureTextContentItem(){if(y.initialized)return y;const{font:e,loadedName:t}=M;if(!o.has(t)){o.add(t);b.styles[t]={fontFamily:e.fallbackName,ascent:e.ascent,descent:e.descent,vertical:e.vertical};if(S.options.fontExtraProperties&&e.systemFontInfo){const a=b.styles[t];a.fontSubstitution=e.systemFontInfo.css;a.fontSubstitutionLoadedName=e.systemFontInfo.loadedName}}y.fontName=t;const a=y.transform=getCurrentTextTransform();if(e.vertical){y.width=y.totalWidth=Math.hypot(a[0],a[1]);y.height=y.totalHeight=0;y.vertical=!0}else{y.width=y.totalWidth=0;y.height=y.totalHeight=Math.hypot(a[2],a[3]);y.vertical=!1}const r=Math.hypot(M.textLineMatrix[0],M.textLineMatrix[1]),i=Math.hypot(M.ctm[0],M.ctm[1]);y.textAdvanceScale=i*r;const{fontSize:n}=M;y.trackingSpaceMin=.102*n;y.notASpace=.03*n;y.negativeSpaceMax=-.2*n;y.spaceInFlowMin=.102*n;y.spaceInFlowMax=.6*n;y.hasEOL=!1;y.initialized=!0;return y}function updateAdvanceScale(){if(!y.initialized)return;const e=Math.hypot(M.textLineMatrix[0],M.textLineMatrix[1]),t=Math.hypot(M.ctm[0],M.ctm[1])*e;if(t!==y.textAdvanceScale){if(y.vertical){y.totalHeight+=y.height*y.textAdvanceScale;y.height=0}else{y.totalWidth+=y.width*y.textAdvanceScale;y.width=0}y.textAdvanceScale=t}}function runBidiTransform(e){let t=e.str.join("");u||(t=function normalizeUnicode(e){if(!ma){ma=/([\u00a0\u00b5\u037e\u0eb3\u2000-\u200a\u202f\u2126\ufb00-\ufb04\ufb06\ufb20-\ufb36\ufb38-\ufb3c\ufb3e\ufb40-\ufb41\ufb43-\ufb44\ufb46-\ufba1\ufba4-\ufba9\ufbae-\ufbb1\ufbd3-\ufbdc\ufbde-\ufbe7\ufbea-\ufbf8\ufbfc-\ufbfd\ufc00-\ufc5d\ufc64-\ufcf1\ufcf5-\ufd3d\ufd88\ufdf4\ufdfa-\ufdfb\ufe71\ufe77\ufe79\ufe7b\ufe7d]+)|(\ufb05+)/gu;ba=new Map([["ſt","ſt"]])}return e.replaceAll(ma,((e,t,a)=>t?t.normalize("NFKC"):ba.get(a)))}(t));const a=bidi(t,-1,e.vertical);return{str:a.str,dir:a.dir,width:Math.abs(e.totalWidth),height:Math.abs(e.totalHeight),transform:e.transform,fontName:e.fontName,hasEOL:e.hasEOL}}async function handleSetFont(e,i){const n=await S.loadFont(e,i,r,a);M.loadedName=n.loadedName;M.font=n.font;M.fontMatrix=n.font.fontMatrix||t}function applyInverseRotation(e,t,a){const r=Math.hypot(a[0],a[1]);return[(a[0]*e+a[1]*t)/r,(a[2]*e+a[3]*t)/r]}function compareWithLastPosition(e){const t=getCurrentTextTransform();let a=t[4],r=t[5];if(M.font?.vertical){if(ac[2]||r+ec[3])return!1}else if(a+ec[2]||rc[3])return!1;if(!M.font||!y.prevTransform)return!0;let i=y.prevTransform[4],n=y.prevTransform[5];if(i===a&&n===r)return!0;let s=-1;t[0]&&0===t[1]&&0===t[2]?s=t[0]>0?0:180:t[1]&&0===t[0]&&0===t[3]&&(s=t[1]>0?90:270);switch(s){case 0:break;case 90:[a,r]=[r,a];[i,n]=[n,i];break;case 180:[a,r,i,n]=[-a,-r,-i,-n];break;case 270:[a,r]=[-r,-a];[i,n]=[-n,-i];break;default:[a,r]=applyInverseRotation(a,r,t);[i,n]=applyInverseRotation(i,n,y.prevTransform)}if(M.font.vertical){const e=(n-r)/y.textAdvanceScale,t=a-i,s=Math.sign(y.height);if(e.5*y.width){appendEOL();return!0}resetLastChars();flushTextContentItem();return!0}if(Math.abs(t)>y.width){appendEOL();return!0}e<=s*y.notASpace&&resetLastChars();if(e<=s*y.trackingSpaceMin)if(shouldAddWhitepsace()){resetLastChars();flushTextContentItem();pushWhitespace({height:Math.abs(e)})}else y.height+=e;else if(!addFakeSpaces(e,y.prevTransform,s))if(0===y.str.length){resetLastChars();pushWhitespace({height:Math.abs(e)})}else y.height+=e;Math.abs(t)>.25*y.width&&flushTextContentItem();return!0}const o=(a-i)/y.textAdvanceScale,l=r-n,h=Math.sign(y.width);if(o.5*y.height){appendEOL();return!0}resetLastChars();flushTextContentItem();return!0}if(Math.abs(l)>y.height){appendEOL();return!0}o<=h*y.notASpace&&resetLastChars();if(o<=h*y.trackingSpaceMin)if(shouldAddWhitepsace()){resetLastChars();flushTextContentItem();pushWhitespace({width:Math.abs(o)})}else y.width+=o;else if(!addFakeSpaces(o,y.prevTransform,h))if(0===y.str.length){resetLastChars();pushWhitespace({width:Math.abs(o)})}else y.width+=o;Math.abs(l)>.25*y.height&&flushTextContentItem();return!0}function buildTextContentItem({chars:e,extraSpacing:t}){const a=M.font;if(!e){const e=M.charSpacing+t;e&&(a.vertical?M.translateTextMatrix(0,-e):M.translateTextMatrix(e*M.textHScale,0));d&&compareWithLastPosition(0);return}const r=a.charsToGlyphs(e),i=M.fontMatrix[0]*M.fontSize;for(let e=0,n=r.length;e0){const e=C.join("");C.length=0;buildTextContentItem({chars:e,extraSpacing:0})}break;case dt:if(!i.state.font){S.ensureStateFont(i.state);continue}buildTextContentItem({chars:w[0],extraSpacing:0});break;case gt:if(!i.state.font){S.ensureStateFont(i.state);continue}M.carriageReturn();buildTextContentItem({chars:w[0],extraSpacing:0});break;case pt:if(!i.state.font){S.ensureStateFont(i.state);continue}M.wordSpacing=w[0];M.charSpacing=w[1];M.carriageReturn();buildTextContentItem({chars:w[2],extraSpacing:0});break;case Nt:flushTextContentItem();v??=r.get("XObject")||Dict.empty;y=w[0]instanceof Name;p=w[0].name;if(y&&F.getByName(p))break;next(new Promise((function(e,t){if(!y)throw new FormatError("XObject must be referred to by name.");let f=v.getRaw(p);if(f instanceof Ref){if(F.getByRef(f)){e();return}if(S.globalImageCache.getData(f,S.pageIndex)){e();return}f=k.fetch(f)}if(!(f instanceof BaseStream))throw new FormatError("XObject should be a stream");const{dict:g}=f,b=g.get("Subtype");if(!(b instanceof Name))throw new FormatError("XObject should have a Name subtype");if("Form"!==b.name){F.set(p,g.objId,!0);e();return}const w=i.state.clone(),x=new StateManager(w),C=lookupMatrix(g.getArray("Matrix"),null);C&&x.transform(C);const T=g.get("Resources");enqueueChunk();const O={enqueueInvoked:!1,enqueue(e,t){this.enqueueInvoked=!0;s.enqueue(e,t)},get desiredSize(){return s.desiredSize??0},get ready(){return s.ready}};S.getTextContent({stream:f,task:a,resources:T instanceof Dict?T:r,stateManager:x,includeMarkedContent:n,sink:s&&O,seenStyles:o,viewBox:c,lang:l,markedContentData:h,disableNormalization:u,keepWhiteSpace:d,prevRefs:m}).then((function(){O.enqueueInvoked||F.set(p,g.objId,!0);e()}),t)})).catch((function(e){if(!(e instanceof AbortException)){if(!S.options.ignoreErrors)throw e;warn(`getTextContent - ignoring XObject: "${e}".`)}})));return;case De:y=w[0]instanceof Name;p=w[0].name;if(y&&T.getByName(p))break;next(new Promise((function(e,t){if(!y)throw new FormatError("GState must be referred to by name.");const a=r.get("ExtGState");if(!(a instanceof Dict))throw new FormatError("ExtGState should be a dictionary.");const i=a.get(p);if(!(i instanceof Dict))throw new FormatError("GState should be a dictionary.");const n=i.get("Font");if(n){flushTextContentItem();M.fontName=null;M.fontSize=n[1];handleSetFont(null,n[0]).then(e,t)}else{T.set(p,i.objId,!0);e()}})).catch((function(e){if(!(e instanceof AbortException)){if(!S.options.ignoreErrors)throw e;warn(`getTextContent - ignoring ExtGState: "${e}".`)}})));return;case Lt:flushTextContentItem();if(n){h.level++;b.items.push({type:"beginMarkedContent",tag:w[0]instanceof Name?w[0].name:null})}break;case jt:flushTextContentItem();if(n){h.level++;let e=null;w[1]instanceof Dict&&(e=w[1].get("MCID"));b.items.push({type:"beginMarkedContentProps",id:Number.isInteger(e)?`${S.idFactory.getPageObjId()}_mc${e}`:null,tag:w[0]instanceof Name?w[0].name:null})}break;case _t:flushTextContentItem();if(n){if(0===h.level)break;h.level--;b.items.push({type:"endMarkedContent"})}break;case Re:!e||e.font===M.font&&e.fontSize===M.fontSize&&e.fontName===M.fontName||flushTextContentItem()}if(b.items.length>=(s?.desiredSize??1)){g=!0;break}}if(g)next(En);else{flushTextContentItem();enqueueChunk();e()}})).catch((e=>{if(!(e instanceof AbortException)){if(!this.options.ignoreErrors)throw e;warn(`getTextContent - ignoring errors during "${a.name}" task: "${e}".`);flushTextContentItem();enqueueChunk()}}))}async extractDataStructures(e,t){const a=this.xref;let r;const i=this.readToUnicode(t.toUnicode);if(t.composite){const a=e.get("CIDSystemInfo");a instanceof Dict&&(t.cidSystemInfo={registry:stringToPDFString(a.get("Registry")),ordering:stringToPDFString(a.get("Ordering")),supplement:a.get("Supplement")});try{const t=e.get("CIDToGIDMap");t instanceof BaseStream&&(r=t.getBytes())}catch(e){if(!this.options.ignoreErrors)throw e;warn(`extractDataStructures - ignoring CIDToGIDMap data: "${e}".`)}}const n=[];let s,o=null;if(e.has("Encoding")){s=e.get("Encoding");if(s instanceof Dict){o=s.get("BaseEncoding");o=o instanceof Name?o.name:null;if(s.has("Differences")){const e=s.get("Differences");let t=0;for(const r of e){const e=a.fetchIfRef(r);if("number"==typeof e)t=e;else{if(!(e instanceof Name))throw new FormatError(`Invalid entry in 'Differences' array: ${e}`);n[t++]=e.name}}}}else if(s instanceof Name)o=s.name;else{const e="Encoding is not a Name nor a Dict";if(!this.options.ignoreErrors)throw new FormatError(e);warn(e)}"MacRomanEncoding"!==o&&"MacExpertEncoding"!==o&&"WinAnsiEncoding"!==o&&(o=null)}const c=!t.file||t.isInternalFont,l=ei()[t.name];o&&c&&l&&(o=null);if(o)t.defaultEncoding=getEncoding(o);else{const e=!!(t.flags&Pr),a=!!(t.flags&Lr);s=kr;"TrueType"!==t.type||a||(s=Ar);if(e||l){s=Sr;c&&(/Symbol/i.test(t.name)?s=Cr:/Dingbats/i.test(t.name)?s=vr:/Wingdings/i.test(t.name)&&(s=Ar))}t.defaultEncoding=s}t.differences=n;t.baseEncodingName=o;t.hasEncoding=!!o||n.length>0;t.dict=e;t.toUnicode=await i;const h=await this.buildToUnicode(t);t.toUnicode=h;r&&(t.cidToGidMap=this.readCidToGidMap(r,h));return t}_simpleFontToUnicode(e,t=!1){assert(!e.composite,"Must be a simple font.");const a=[],r=e.defaultEncoding.slice(),i=e.baseEncodingName,n=e.differences;for(const e in n){const t=n[e];".notdef"!==t&&(r[e]=t)}const s=Fr();for(const n in r){let o=r[n];if(""===o)continue;let c=s[o];if(void 0!==c){a[n]=String.fromCharCode(c);continue}let l=0;switch(o[0]){case"G":3===o.length&&(l=parseInt(o.substring(1),16));break;case"g":5===o.length&&(l=parseInt(o.substring(1),16));break;case"C":case"c":if(o.length>=3&&o.length<=4){const a=o.substring(1);if(t){l=parseInt(a,16);break}l=+a;if(Number.isNaN(l)&&Number.isInteger(parseInt(a,16)))return this._simpleFontToUnicode(e,!0)}break;case"u":c=getUnicodeForGlyph(o,s);-1!==c&&(l=c);break;default:switch(o){case"f_h":case"f_t":case"T_h":a[n]=o.replaceAll("_","");continue}}if(l>0&&l<=1114111&&Number.isInteger(l)){if(i&&l===+n){const e=getEncoding(i);if(e&&(o=e[n])){a[n]=String.fromCharCode(s[o]);continue}}a[n]=String.fromCodePoint(l)}}return a}async buildToUnicode(e){e.hasIncludedToUnicodeMap=e.toUnicode?.length>0;if(e.hasIncludedToUnicodeMap){!e.composite&&e.hasEncoding&&(e.fallbackToUnicode=this._simpleFontToUnicode(e));return e.toUnicode}if(!e.composite)return new ToUnicodeMap(this._simpleFontToUnicode(e));if(e.composite&&(e.cMap.builtInCMap&&!(e.cMap instanceof IdentityCMap)||"Adobe"===e.cidSystemInfo?.registry&&("GB1"===e.cidSystemInfo.ordering||"CNS1"===e.cidSystemInfo.ordering||"Japan1"===e.cidSystemInfo.ordering||"Korea1"===e.cidSystemInfo.ordering))){const{registry:t,ordering:a}=e.cidSystemInfo,r=Name.get(`${t}-${a}-UCS2`),i=await CMapFactory.create({encoding:r,fetchBuiltInCMap:this._fetchBuiltInCMapBound,useCMap:null}),n=[],s=[];e.cMap.forEach((function(e,t){if(t>65535)throw new FormatError("Max size of CID is 65,535");const a=i.lookup(t);if(a){s.length=0;for(let e=0,t=a.length;e>1;(0!==i||t.has(n))&&(a[n]=i)}return a}extractWidths(e,t,a){const r=this.xref;let i=[],n=0;const s=[];let o;if(a.composite){const t=e.get("DW");n="number"==typeof t?Math.ceil(t):1e3;const c=e.get("W");if(Array.isArray(c))for(let e=0,t=c.length;e{const t=c.get(e),r=new OperatorList;return n.getOperatorList({stream:t,task:a,resources:l,operatorList:r}).then((()=>{switch(r.fnArray[0]){case bt:this.#K(r,b);break;case mt:b||this.#J(r)}h[e]=r.getIR();for(const e of r.dependencies)i.add(e)})).catch((function(t){warn(`Type3 font resource "${e}" is not available.`);const a=new OperatorList;h[e]=a.getIR()}))}));this.#V=o.then((()=>{r.charProcOperatorList=h;if(this._bbox){r.isCharBBox=!0;r.bbox=this._bbox}}));return this.#V}#K(e,t=NaN){const a=Util.normalizeRect(e.argsArray[0].slice(2)),r=a[2]-a[0],i=a[3]-a[1],n=Math.hypot(r,i);if(0===r||0===i){e.fnArray.splice(0,1);e.argsArray.splice(0,1)}else if(0===t||Math.round(n/t)>=10){this._bbox??=[1/0,1/0,-1/0,-1/0];Util.rectBoundingBox(...a,this._bbox)}let s=0,o=e.length;for(;s=Ee&&n<=Je;if(i.variableArgs)o>s&&info(`Command ${r}: expected [0, ${s}] args, but received ${o} args.`);else{if(o!==s){const e=this.nonProcessedArgs;for(;o>s;){e.push(t.shift());o--}for(;oEvaluatorPreprocessor.MAX_INVALID_PATH_OPS)throw new FormatError(`Invalid ${e}`);warn(`Skipping ${e}`);null!==t&&(t.length=0);continue}}this.preprocessCommand(n,t);e.fn=n;e.args=t;return!0}if(a===wa)return!1;if(null!==a){null===t&&(t=[]);t.push(a);if(t.length>33)throw new FormatError("Too many arguments")}}}preprocessCommand(e,t){switch(0|e){case Be:this.stateManager.save();break;case Re:this.stateManager.restore();break;case Ne:this.stateManager.transform(t)}}}class DefaultAppearanceEvaluator extends EvaluatorPreprocessor{constructor(e){super(new StringStream(e))}parse(){const e={fn:0,args:[]},t={fontSize:0,fontName:"",fontColor:new Uint8ClampedArray(3)};try{for(;;){e.args.length=0;if(!this.read(e))break;if(0!==this.savedStatesDepth)continue;const{fn:a,args:r}=e;switch(0|a){case nt:const[e,a]=r;e instanceof Name&&(t.fontName=e.name);"number"==typeof a&&a>0&&(t.fontSize=a);break;case It:ColorSpaceUtils.rgb.getRgbItem(r,0,t.fontColor,0);break;case vt:ColorSpaceUtils.gray.getRgbItem(r,0,t.fontColor,0);break;case Ot:ColorSpaceUtils.cmyk.getRgbItem(r,0,t.fontColor,0)}}}catch(e){warn(`parseDefaultAppearance - ignoring errors: "${e}".`)}return t}}function parseDefaultAppearance(e){return new DefaultAppearanceEvaluator(e).parse()}class AppearanceStreamEvaluator extends EvaluatorPreprocessor{constructor(e,t,a,r){super(e);this.stream=e;this.evaluatorOptions=t;this.xref=a;this.globalColorSpaceCache=r;this.resources=e.dict?.get("Resources")}parse(){const e={fn:0,args:[]};let t={scaleFactor:1,fontSize:0,fontName:"",fontColor:new Uint8ClampedArray(3),fillColorSpace:ColorSpaceUtils.gray},a=!1;const r=[];try{for(;;){e.args.length=0;if(a||!this.read(e))break;const{fn:i,args:n}=e;switch(0|i){case Be:r.push({scaleFactor:t.scaleFactor,fontSize:t.fontSize,fontName:t.fontName,fontColor:t.fontColor.slice(),fillColorSpace:t.fillColorSpace});break;case Re:t=r.pop()||t;break;case ht:t.scaleFactor*=Math.hypot(n[0],n[1]);break;case nt:const[e,i]=n;e instanceof Name&&(t.fontName=e.name);"number"==typeof i&&i>0&&(t.fontSize=i*t.scaleFactor);break;case wt:t.fillColorSpace=ColorSpaceUtils.parse({cs:n[0],xref:this.xref,resources:this.resources,pdfFunctionFactory:this._pdfFunctionFactory,globalColorSpaceCache:this.globalColorSpaceCache,localColorSpaceCache:this._localColorSpaceCache});break;case kt:t.fillColorSpace.getRgbItem(n,0,t.fontColor,0);break;case It:ColorSpaceUtils.rgb.getRgbItem(n,0,t.fontColor,0);break;case vt:ColorSpaceUtils.gray.getRgbItem(n,0,t.fontColor,0);break;case Ot:ColorSpaceUtils.cmyk.getRgbItem(n,0,t.fontColor,0);break;case dt:case ft:case gt:case pt:a=!0}}}catch(e){warn(`parseAppearanceStream - ignoring errors: "${e}".`)}this.stream.reset();delete t.scaleFactor;delete t.fillColorSpace;return t}get _localColorSpaceCache(){return shadow(this,"_localColorSpaceCache",new LocalColorSpaceCache)}get _pdfFunctionFactory(){return shadow(this,"_pdfFunctionFactory",new PDFFunctionFactory({xref:this.xref,isEvalSupported:this.evaluatorOptions.isEvalSupported}))}}function getPdfColor(e,t){if(e[0]===e[1]&&e[1]===e[2]){return`${numberToString(e[0]/255)} ${t?"g":"G"}`}return Array.from(e,(e=>numberToString(e/255))).join(" ")+" "+(t?"rg":"RG")}class FakeUnicodeFont{constructor(e,t){this.xref=e;this.widths=null;this.firstChar=1/0;this.lastChar=-1/0;this.fontFamily=t;const a=new OffscreenCanvas(1,1);this.ctxMeasure=a.getContext("2d",{willReadFrequently:!0});FakeUnicodeFont._fontNameId||(FakeUnicodeFont._fontNameId=1);this.fontName=Name.get(`InvalidPDFjsFont_${t}_${FakeUnicodeFont._fontNameId++}`)}get fontDescriptorRef(){if(!FakeUnicodeFont._fontDescriptorRef){const e=new Dict(this.xref);e.set("Type",Name.get("FontDescriptor"));e.set("FontName",this.fontName);e.set("FontFamily","MyriadPro Regular");e.set("FontBBox",[0,0,0,0]);e.set("FontStretch",Name.get("Normal"));e.set("FontWeight",400);e.set("ItalicAngle",0);FakeUnicodeFont._fontDescriptorRef=this.xref.getNewPersistentRef(e)}return FakeUnicodeFont._fontDescriptorRef}get descendantFontRef(){const e=new Dict(this.xref);e.set("BaseFont",this.fontName);e.set("Type",Name.get("Font"));e.set("Subtype",Name.get("CIDFontType0"));e.set("CIDToGIDMap",Name.get("Identity"));e.set("FirstChar",this.firstChar);e.set("LastChar",this.lastChar);e.set("FontDescriptor",this.fontDescriptorRef);e.set("DW",1e3);const t=[],a=[...this.widths.entries()].sort();let r=null,i=null;for(const[e,n]of a)if(r)if(e===r+i.length)i.push(n);else{t.push(r,i);r=e;i=[n]}else{r=e;i=[n]}r&&t.push(r,i);e.set("W",t);const n=new Dict(this.xref);n.set("Ordering","Identity");n.set("Registry","Adobe");n.set("Supplement",0);e.set("CIDSystemInfo",n);return this.xref.getNewPersistentRef(e)}get baseFontRef(){const e=new Dict(this.xref);e.set("BaseFont",this.fontName);e.set("Type",Name.get("Font"));e.set("Subtype",Name.get("Type0"));e.set("Encoding",Name.get("Identity-H"));e.set("DescendantFonts",[this.descendantFontRef]);e.set("ToUnicode",Name.get("Identity-H"));return this.xref.getNewPersistentRef(e)}get resources(){const e=new Dict(this.xref),t=new Dict(this.xref);t.set(this.fontName.name,this.baseFontRef);e.set("Font",t);return e}_createContext(){this.widths=new Map;this.ctxMeasure.font=`1000px ${this.fontFamily}`;return this.ctxMeasure}createFontResources(e){const t=this._createContext();for(const a of e.split(/\r\n?|\n/))for(const e of a.split("")){const a=e.charCodeAt(0);if(this.widths.has(a))continue;const r=t.measureText(e),i=Math.ceil(r.width);this.widths.set(a,i);this.firstChar=Math.min(a,this.firstChar);this.lastChar=Math.max(a,this.lastChar)}return this.resources}static getFirstPositionInfo(e,t,i){const[n,s,o,c]=e;let l=o-n,h=c-s;t%180!=0&&([l,h]=[h,l]);const u=a*i;return{coords:[0,h+r*i-u],bbox:[0,0,l,h],matrix:0!==t?getRotationMatrix(t,h,u):void 0}}createAppearance(e,t,i,n,s,o){const c=this._createContext(),l=[];let h=-1/0;for(const t of e.split(/\r\n?|\n/)){l.push(t);const e=c.measureText(t).width;h=Math.max(h,e);for(const e of codePointIter(t)){const t=String.fromCodePoint(e);let a=this.widths.get(e);if(void 0===a){const r=c.measureText(t);a=Math.ceil(r.width);this.widths.set(e,a);this.firstChar=Math.min(e,this.firstChar);this.lastChar=Math.max(e,this.lastChar)}}}h*=n/1e3;const[u,d,f,g]=t;let p=f-u,m=g-d;i%180!=0&&([p,m]=[m,p]);let b=1;h>p&&(b=p/h);let y=1;const w=a*n,x=r*n,S=w*l.length;S>m&&(y=m/S);const k=n*Math.min(b,y),C=["q",`0 0 ${numberToString(p)} ${numberToString(m)} re W n`,"BT",`1 0 0 1 0 ${numberToString(m+x)} Tm 0 Tc ${getPdfColor(s,!0)}`,`/${this.fontName.name} ${numberToString(k)} Tf`],{resources:v}=this;if(1!==(o="number"==typeof o&&o>=0&&o<=1?o:1)){C.push("/R0 gs");const e=new Dict(this.xref),t=new Dict(this.xref);t.set("ca",o);t.set("CA",o);t.set("Type",Name.get("ExtGState"));e.set("R0",t);v.set("ExtGState",e)}const F=numberToString(w);for(const e of l)C.push(`0 -${F} Td <${stringToUTF16HexString(e)}> Tj`);C.push("ET","Q");const T=C.join("\n"),O=new Dict(this.xref);O.set("Subtype",Name.get("Form"));O.set("Type",Name.get("XObject"));O.set("BBox",[0,0,p,m]);O.set("Length",T.length);O.set("Resources",v);if(i){const e=getRotationMatrix(i,p,m);O.set("Matrix",e)}const M=new StringStream(T);M.dict=O;return M}}const Pn=["m/d","m/d/yy","mm/dd/yy","mm/yy","d-mmm","d-mmm-yy","dd-mmm-yy","yy-mm-dd","mmm-yy","mmmm-yy","mmm d, yyyy","mmmm d, yyyy","m/d/yy h:MM tt","m/d/yy HH:MM"],Ln=["HH:MM","h:MM tt","HH:MM:ss","h:MM:ss tt"];class NameOrNumberTree{constructor(e,t,a){this.root=e;this.xref=t;this._type=a}getAll(){const e=new Map;if(!this.root)return e;const t=this.xref,a=new RefSet;a.put(this.root);const r=[this.root];for(;r.length>0;){const i=t.fetchIfRef(r.shift());if(!(i instanceof Dict))continue;if(i.has("Kids")){const e=i.get("Kids");if(!Array.isArray(e))continue;for(const t of e){if(a.has(t))throw new FormatError(`Duplicate entry in "${this._type}" tree.`);r.push(t);a.put(t)}continue}const n=i.get(this._type);if(Array.isArray(n))for(let a=0,r=n.length;a10){warn(`Search depth limit reached for "${this._type}" tree.`);return null}const i=a.get("Kids");if(!Array.isArray(i))return null;let n=0,s=i.length-1;for(;n<=s;){const r=n+s>>1,o=t.fetchIfRef(i[r]),c=o.get("Limits");if(et.fetchIfRef(c[1]))){a=o;break}n=r+1}}if(n>s)return null}const i=a.get(this._type);if(Array.isArray(i)){let a=0,r=i.length-2;for(;a<=r;){const n=a+r>>1,s=n+(1&n),o=t.fetchIfRef(i[s]);if(eo))return i[s+1];a=s+2}}}return null}get(e){return this.xref.fetchIfRef(this.getRaw(e))}}class NameTree extends NameOrNumberTree{constructor(e,t){super(e,t,"Names")}}class NumberTree extends NameOrNumberTree{constructor(e,t){super(e,t,"Nums")}}function clearGlobalCaches(){!function clearPatternCaches(){Ii=Object.create(null)}();!function clearPrimitiveCaches(){xa=Object.create(null);Sa=Object.create(null);ka=Object.create(null)}();!function clearUnicodeCaches(){Dr.clear()}();JpxImage.cleanup()}function pickPlatformItem(e){return e instanceof Dict?e.has("UF")?e.get("UF"):e.has("F")?e.get("F"):e.has("Unix")?e.get("Unix"):e.has("Mac")?e.get("Mac"):e.has("DOS")?e.get("DOS"):null:null}class FileSpec{#Y=!1;constructor(e,t,a=!1){if(e instanceof Dict){this.xref=t;this.root=e;e.has("FS")&&(this.fs=e.get("FS"));e.has("RF")&&warn("Related file specifications are not supported");a||(e.has("EF")?this.#Y=!0:warn("Non-embedded file specifications are not supported"))}}get filename(){let e="";const t=pickPlatformItem(this.root);t&&"string"==typeof t&&(e=stringToPDFString(t,!0).replaceAll("\\\\","\\").replaceAll("\\/","/").replaceAll("\\","/"));return shadow(this,"filename",e||"unnamed")}get content(){if(!this.#Y)return null;this._contentRef||=pickPlatformItem(this.root?.get("EF"));let e=null;if(this._contentRef){const t=this.xref.fetchIfRef(this._contentRef);t instanceof BaseStream?e=t.getBytes():warn("Embedded file specification points to non-existing/invalid content")}else warn("Embedded file specification does not have any content");return e}get description(){let e="";const t=this.root?.get("Desc");t&&"string"==typeof t&&(e=stringToPDFString(t));return shadow(this,"description",e)}get serializable(){return{rawFilename:this.filename,filename:(e=this.filename,e.substring(e.lastIndexOf("/")+1)),content:this.content,description:this.description};var e}}const jn=0,_n=-2,Un=-3,Xn=-4,qn=-5,Hn=-6,Wn=-9;function isWhitespace(e,t){const a=e[t];return" "===a||"\n"===a||"\r"===a||"\t"===a}class XMLParserBase{_resolveEntities(e){return e.replaceAll(/&([^;]+);/g,((e,t)=>{if("#x"===t.substring(0,2))return String.fromCodePoint(parseInt(t.substring(2),16));if("#"===t.substring(0,1))return String.fromCodePoint(parseInt(t.substring(1),10));switch(t){case"lt":return"<";case"gt":return">";case"amp":return"&";case"quot":return'"';case"apos":return"'"}return this.onResolveEntity(t)}))}_parseContent(e,t){const a=[];let r=t;function skipWs(){for(;r"!==e[r]&&"/"!==e[r];)++r;const i=e.substring(t,r);skipWs();for(;r"!==e[r]&&"/"!==e[r]&&"?"!==e[r];){skipWs();let t="",i="";for(;r"!==e[a]&&"?"!==e[a]&&"/"!==e[a];)++a;const r=e.substring(t,a);!function skipWs(){for(;a"!==e[a+1]);)++a;return{name:r,value:e.substring(i,a),parsed:a-t}}parseXml(e){let t=0;for(;t",a);if(t<0){this.onError(Wn);return}this.onEndElement(e.substring(a,t));a=t+1;break;case"?":++a;const r=this._parseProcessingInstruction(e,a);if("?>"!==e.substring(a+r.parsed,a+r.parsed+2)){this.onError(Un);return}this.onPi(r.name,r.value);a+=r.parsed+2;break;case"!":if("--"===e.substring(a+1,a+3)){t=e.indexOf("--\x3e",a+3);if(t<0){this.onError(qn);return}this.onComment(e.substring(a+3,t));a=t+3}else if("[CDATA["===e.substring(a+1,a+8)){t=e.indexOf("]]>",a+8);if(t<0){this.onError(_n);return}this.onCdata(e.substring(a+8,t));a=t+3}else{if("DOCTYPE"!==e.substring(a+1,a+8)){this.onError(Hn);return}{const r=e.indexOf("[",a+8);let i=!1;t=e.indexOf(">",a+8);if(t<0){this.onError(Xn);return}if(r>0&&t>r){t=e.indexOf("]>",a+8);if(t<0){this.onError(Xn);return}i=!0}const n=e.substring(a+8,t+(i?1:0));this.onDoctype(n);a=t+(i?2:1)}}break;default:const i=this._parseContent(e,a);if(null===i){this.onError(Hn);return}let n=!1;if("/>"===e.substring(a+i.parsed,a+i.parsed+2))n=!0;else if(">"!==e.substring(a+i.parsed,a+i.parsed+1)){this.onError(Wn);return}this.onBeginElement(i.name,i.attributes,n);a+=i.parsed+(n?2:1)}}else{for(;ae.textContent)).join(""):this.nodeValue||""}get children(){return this.childNodes||[]}hasChildNodes(){return this.childNodes?.length>0}searchNode(e,t){if(t>=e.length)return this;const a=e[t];if(a.name.startsWith("#")&&t0){r.push([i,0]);i=i.childNodes[0]}else{if(0===r.length)return null;for(;0!==r.length;){const[e,t]=r.pop(),a=t+1;if(a");for(const t of this.childNodes)t.dump(e);e.push(``)}else this.nodeValue?e.push(`>${encodeToXmlString(this.nodeValue)}`):e.push("/>")}else e.push(encodeToXmlString(this.nodeValue))}}class SimpleXMLParser extends XMLParserBase{constructor({hasAttributes:e=!1,lowerCaseName:t=!1}){super();this._currentFragment=null;this._stack=null;this._errorCode=jn;this._hasAttributes=e;this._lowerCaseName=t}parseFromString(e){this._currentFragment=[];this._stack=[];this._errorCode=jn;this.parseXml(e);if(this._errorCode!==jn)return;const[t]=this._currentFragment;return t?{documentElement:t}:void 0}onText(e){if(function isWhitespaceString(e){for(let t=0,a=e.length;t\\376\\377([^<]+)/g,(function(e,t){const a=t.replaceAll(/\\([0-3])([0-7])([0-7])/g,(function(e,t,a,r){return String.fromCharCode(64*t+8*a+1*r)})).replaceAll(/&(amp|apos|gt|lt|quot);/g,(function(e,t){switch(t){case"amp":return"&";case"apos":return"'";case"gt":return">";case"lt":return"<";case"quot":return'"'}throw new Error(`_repair: ${t} isn't defined.`)})),r=[">"];for(let e=0,t=a.length;e=32&&t<127&&60!==t&&62!==t&&38!==t?r.push(String.fromCharCode(t)):r.push("&#x"+(65536+t).toString(16).substring(1)+";")}return r.join("")}))}_getSequence(e){const t=e.nodeName;return"rdf:bag"!==t&&"rdf:seq"!==t&&"rdf:alt"!==t?null:e.childNodes.filter((e=>"rdf:li"===e.nodeName))}_parseArray(e){if(!e.hasChildNodes())return;const[t]=e.childNodes,a=this._getSequence(t)||[];this._metadataMap.set(e.nodeName,a.map((e=>e.textContent.trim())))}_parse(e){let t=e.documentElement;if("rdf:rdf"!==t.nodeName){t=t.firstChild;for(;t&&"rdf:rdf"!==t.nodeName;)t=t.nextSibling}if(t&&"rdf:rdf"===t.nodeName&&t.hasChildNodes())for(const e of t.childNodes)if("rdf:description"===e.nodeName)for(const t of e.childNodes){const e=t.nodeName;switch(e){case"#text":continue;case"dc:creator":case"dc:subject":this._parseArray(t);continue}this._metadataMap.set(e,t.textContent.trim())}}get serializable(){return{parsedData:this._metadataMap,rawData:this._data}}}const zn=1,$n=2,Gn=3,Vn=4,Kn=5;class StructTreeRoot{constructor(e,t,a){this.xref=e;this.dict=t;this.ref=a instanceof Ref?a:null;this.roleMap=new Map;this.structParentIds=null}init(){this.readRoleMap()}#Z(e,t,a){if(!(e instanceof Ref)||t<0)return;this.structParentIds||=new RefSetCache;let r=this.structParentIds.get(e);if(!r){r=[];this.structParentIds.put(e,r)}r.push([t,a])}addAnnotationIdToPage(e,t){this.#Z(e,t,Vn)}readRoleMap(){const e=this.dict.get("RoleMap");if(e instanceof Dict)for(const[t,a]of e)a instanceof Name&&this.roleMap.set(t,a.name)}static async canCreateStructureTree({catalogRef:e,pdfManager:t,newAnnotationsByPage:a}){if(!(e instanceof Ref)){warn("Cannot save the struct tree: no catalog reference.");return!1}let r=0,i=!0;for(const[e,n]of a){const{ref:a}=await t.getPage(e);if(!(a instanceof Ref)){warn(`Cannot save the struct tree: page ${e} has no ref.`);i=!0;break}for(const e of n)if(e.accessibilityData?.type){e.parentTreeId=r++;i=!1}}if(i){for(const e of a.values())for(const t of e)delete t.parentTreeId;return!1}return!0}static async createStructureTree({newAnnotationsByPage:e,xref:t,catalogRef:a,pdfManager:r,changes:i}){const n=await r.ensureCatalog("cloneDict"),s=new RefSetCache;s.put(a,n);const o=t.getNewTemporaryRef();n.set("StructTreeRoot",o);const c=new Dict(t);c.set("Type",Name.get("StructTreeRoot"));const l=t.getNewTemporaryRef();c.set("ParentTree",l);const h=[];c.set("K",h);s.put(o,c);const u=new Dict(t),d=[];u.set("Nums",d);const f=await this.#Q({newAnnotationsByPage:e,structTreeRootRef:o,structTreeRoot:null,kids:h,nums:d,xref:t,pdfManager:r,changes:i,cache:s});c.set("ParentTreeNextKey",f);s.put(l,u);for(const[e,t]of s.items())i.put(e,{data:t})}async canUpdateStructTree({pdfManager:e,newAnnotationsByPage:t}){if(!this.ref){warn("Cannot update the struct tree: no root reference.");return!1}let a=this.dict.get("ParentTreeNextKey");if(!Number.isInteger(a)||a<0){warn("Cannot update the struct tree: invalid next key.");return!1}const r=this.dict.get("ParentTree");if(!(r instanceof Dict)){warn("Cannot update the struct tree: ParentTree isn't a dict.");return!1}const i=r.get("Nums");if(!Array.isArray(i)){warn("Cannot update the struct tree: nums isn't an array.");return!1}const n=new NumberTree(r,this.xref);for(const a of t.keys()){const{pageDict:t}=await e.getPage(a);if(!t.has("StructParents"))continue;const r=t.get("StructParents");if(!Number.isInteger(r)||!Array.isArray(n.get(r))){warn(`Cannot save the struct tree: page ${a} has a wrong id.`);return!1}}let s=!0;for(const[r,i]of t){const{pageDict:t}=await e.getPage(r);StructTreeRoot.#ee({elements:i,xref:this.xref,pageDict:t,numberTree:n});for(const e of i)if(e.accessibilityData?.type){e.accessibilityData.structParent>=0||(e.parentTreeId=a++);s=!1}}if(s){for(const e of t.values())for(const t of e){delete t.parentTreeId;delete t.structTreeParent}return!1}return!0}async updateStructureTree({newAnnotationsByPage:e,pdfManager:t,changes:a}){const{ref:r,xref:i}=this,n=this.dict.clone(),s=new RefSetCache;s.put(r,n);let o,c=n.getRaw("ParentTree");if(c instanceof Ref)o=i.fetch(c);else{o=c;c=i.getNewTemporaryRef();n.set("ParentTree",c)}o=o.clone();s.put(c,o);let l=o.getRaw("Nums"),h=null;if(l instanceof Ref){h=l;l=i.fetch(h)}l=l.slice();h||o.set("Nums",l);const u=await StructTreeRoot.#Q({newAnnotationsByPage:e,structTreeRootRef:r,structTreeRoot:this,kids:null,nums:l,xref:i,pdfManager:t,changes:a,cache:s});if(-1!==u){n.set("ParentTreeNextKey",u);h&&s.put(h,l);for(const[e,t]of s.items())a.put(e,{data:t})}}static async#Q({newAnnotationsByPage:e,structTreeRootRef:t,structTreeRoot:a,kids:r,nums:i,xref:n,pdfManager:s,changes:o,cache:c}){const l=Name.get("OBJR");let h,u=-1;for(const[d,f]of e){const e=await s.getPage(d),{ref:g}=e,p=g instanceof Ref;for(const{accessibilityData:s,ref:m,parentTreeId:b,structTreeParent:y}of f){if(!s?.type)continue;const{structParent:f}=s;if(a&&Number.isInteger(f)&&f>=0){let t=(h||=new Map).get(d);if(void 0===t){t=new StructTreePage(a,e.pageDict).collectObjects(g);h.set(d,t)}const r=t?.get(f);if(r){const e=n.fetch(r).clone();StructTreeRoot.#te(e,s);o.put(r,{data:e});continue}}u=Math.max(u,b);const w=n.getNewTemporaryRef(),x=new Dict(n);StructTreeRoot.#te(x,s);await this.#ae({structTreeParent:y,tagDict:x,newTagRef:w,structTreeRootRef:t,fallbackKids:r,xref:n,cache:c});const S=new Dict(n);x.set("K",S);S.set("Type",l);p&&S.set("Pg",g);S.set("Obj",m);c.put(w,x);i.push(b,w)}}return u+1}static#te(e,{type:t,title:a,lang:r,alt:i,expanded:n,actualText:s}){e.set("S",Name.get(t));a&&e.set("T",stringToAsciiOrUTF16BE(a));r&&e.set("Lang",stringToAsciiOrUTF16BE(r));i&&e.set("Alt",stringToAsciiOrUTF16BE(i));n&&e.set("E",stringToAsciiOrUTF16BE(n));s&&e.set("ActualText",stringToAsciiOrUTF16BE(s))}static#ee({elements:e,xref:t,pageDict:a,numberTree:r}){const i=new Map;for(const t of e)if(t.structTreeParentId){const e=parseInt(t.structTreeParentId.split("_mc")[1],10);let a=i.get(e);if(!a){a=[];i.set(e,a)}a.push(t)}const n=a.get("StructParents");if(!Number.isInteger(n))return;const s=r.get(n),updateElement=(e,a,r)=>{const n=i.get(e);if(n){const e=a.getRaw("P"),i=t.fetchIfRef(e);if(e instanceof Ref&&i instanceof Dict){const e={ref:r,dict:a};for(const t of n)t.structTreeParent=e}return!0}return!1};for(const e of s){if(!(e instanceof Ref))continue;const a=t.fetch(e),r=a.get("K");if(Number.isInteger(r))updateElement(r,a,e);else if(Array.isArray(r))for(let i of r){i=t.fetchIfRef(i);if(Number.isInteger(i)&&updateElement(i,a,e))break;if(!(i instanceof Dict))continue;if(!isName(i.get("Type"),"MCR"))break;const r=i.get("MCID");if(Number.isInteger(r)&&updateElement(r,a,e))break}}}static async#ae({structTreeParent:e,tagDict:t,newTagRef:a,structTreeRootRef:r,fallbackKids:i,xref:n,cache:s}){let o,c=null;if(e){({ref:c}=e);o=e.dict.getRaw("P")||r}else o=r;t.set("P",o);const l=n.fetchIfRef(o);if(!l){i.push(a);return}let h=s.get(o);if(!h){h=l.clone();s.put(o,h)}const u=h.getRaw("K");let d=u instanceof Ref?s.get(u):null;if(!d){d=n.fetchIfRef(u);d=Array.isArray(d)?d.slice():[u];const e=n.getNewTemporaryRef();h.set("K",e);s.put(e,d)}const f=d.indexOf(c);d.splice(f>=0?f+1:d.length,0,a)}}class StructElementNode{constructor(e,t){this.tree=e;this.xref=e.xref;this.dict=t;this.kids=[];this.parseKids()}get role(){const e=this.dict.get("S"),t=e instanceof Name?e.name:"",{root:a}=this.tree;return a.roleMap.get(t)??t}parseKids(){let e=null;const t=this.dict.getRaw("Pg");t instanceof Ref&&(e=t.toString());const a=this.dict.get("K");if(Array.isArray(a))for(const t of a){const a=this.parseKid(e,this.xref.fetchIfRef(t));a&&this.kids.push(a)}else{const t=this.parseKid(e,a);t&&this.kids.push(t)}}parseKid(e,t){if(Number.isInteger(t))return this.tree.pageDict.objId!==e?null:new StructElement({type:zn,mcid:t,pageObjId:e});if(!(t instanceof Dict))return null;const a=t.getRaw("Pg");a instanceof Ref&&(e=a.toString());const r=t.get("Type")instanceof Name?t.get("Type").name:null;if("MCR"===r){if(this.tree.pageDict.objId!==e)return null;const a=t.getRaw("Stm");return new StructElement({type:$n,refObjId:a instanceof Ref?a.toString():null,pageObjId:e,mcid:t.get("MCID")})}if("OBJR"===r){if(this.tree.pageDict.objId!==e)return null;const a=t.getRaw("Obj");return new StructElement({type:Gn,refObjId:a instanceof Ref?a.toString():null,pageObjId:e})}return new StructElement({type:Kn,dict:t})}}class StructElement{constructor({type:e,dict:t=null,mcid:a=null,pageObjId:r=null,refObjId:i=null}){this.type=e;this.dict=t;this.mcid=a;this.pageObjId=r;this.refObjId=i;this.parentNode=null}}class StructTreePage{constructor(e,t){this.root=e;this.xref=e?.xref??null;this.rootDict=e?.dict??null;this.pageDict=t;this.nodes=[]}collectObjects(e){if(!(this.root&&this.rootDict&&e instanceof Ref))return null;const t=this.rootDict.get("ParentTree");if(!t)return null;const a=this.root.structParentIds?.get(e);if(!a)return null;const r=new Map,i=new NumberTree(t,this.xref);for(const[e]of a){const t=i.getRaw(e);t instanceof Ref&&r.set(e,t)}return r}parse(e){if(!(this.root&&this.rootDict&&e instanceof Ref))return;const t=this.rootDict.get("ParentTree");if(!t)return;const a=this.pageDict.get("StructParents"),r=this.root.structParentIds?.get(e);if(!Number.isInteger(a)&&!r)return;const i=new Map,n=new NumberTree(t,this.xref);if(Number.isInteger(a)){const e=n.get(a);if(Array.isArray(e))for(const t of e)t instanceof Ref&&this.addNode(this.xref.fetch(t),i)}if(r)for(const[e,t]of r){const a=n.get(e);if(a){const e=this.addNode(this.xref.fetchIfRef(a),i);1===e?.kids?.length&&e.kids[0].type===Gn&&(e.kids[0].type=t)}}}addNode(e,t,a=0){if(a>40){warn("StructTree MAX_DEPTH reached.");return null}if(!(e instanceof Dict))return null;if(t.has(e))return t.get(e);const r=new StructElementNode(this,e);t.set(e,r);const i=e.get("P");if(!(i instanceof Dict)||isName(i.get("Type"),"StructTreeRoot")){this.addTopLevelNode(e,r)||t.delete(e);return r}const n=this.addNode(i,t,a+1);if(!n)return r;let s=!1;for(const t of n.kids)if(t.type===Kn&&t.dict===e){t.parentNode=r;s=!0}s||t.delete(e);return r}addTopLevelNode(e,t){const a=this.rootDict.get("K");if(!a)return!1;if(a instanceof Dict){if(a.objId!==e.objId)return!1;this.nodes[0]=t;return!0}if(!Array.isArray(a))return!0;let r=!1;for(let i=0;i40){warn("StructTree too deep to be fully serialized.");return}const r=Object.create(null);r.role=e.role;r.children=[];t.children.push(r);let i=e.dict.get("Alt");"string"!=typeof i&&(i=e.dict.get("ActualText"));"string"==typeof i&&(r.alt=stringToPDFString(i));const n=e.dict.get("A");if(n instanceof Dict){const e=lookupNormalRect(n.getArray("BBox"),null);if(e)r.bbox=e;else{const e=n.get("Width"),t=n.get("Height");"number"==typeof e&&e>0&&"number"==typeof t&&t>0&&(r.bbox=[0,0,e,t])}}const s=e.dict.get("Lang");"string"==typeof s&&(r.lang=stringToPDFString(s));for(const t of e.kids){const e=t.type===Kn?t.parentNode:null;e?nodeToSerializable(e,r,a+1):t.type===zn||t.type===$n?r.children.push({type:"content",id:`p${t.pageObjId}_mc${t.mcid}`}):t.type===Gn?r.children.push({type:"object",id:t.refObjId}):t.type===Vn&&r.children.push({type:"annotation",id:`pdfjs_internal_id_${t.refObjId}`})}}const e=Object.create(null);e.children=[];e.role="Root";for(const t of this.nodes)t&&nodeToSerializable(t,e);return e}}const Jn=function _isValidExplicitDest(e,t,a){if(!Array.isArray(a)||a.length<2)return!1;const[r,i,...n]=a;if(!e(r)&&!Number.isInteger(r))return!1;if(!t(i))return!1;const s=n.length;let o=!0;switch(i.name){case"XYZ":if(s<2||s>3)return!1;break;case"Fit":case"FitB":return 0===s;case"FitH":case"FitBH":case"FitV":case"FitBV":if(s>1)return!1;break;case"FitR":if(4!==s)return!1;o=!1;break;default:return!1}for(const e of n)if(!("number"==typeof e||o&&null===e))return!1;return!0}.bind(null,(e=>e instanceof Ref),isName);function fetchDest(e){e instanceof Dict&&(e=e.get("D"));return Jn(e)?e:null}function fetchRemoteDest(e){let t=e.get("D");if(t){t instanceof Name&&(t=t.name);if("string"==typeof t)return stringToPDFString(t,!0);if(Jn(t))return JSON.stringify(t)}return null}class Catalog{#re=null;#ie=null;builtInCMapCache=new Map;fontCache=new RefSetCache;globalColorSpaceCache=new GlobalColorSpaceCache;globalImageCache=new GlobalImageCache;nonBlendModesSet=new RefSet;pageDictCache=new RefSetCache;pageIndexCache=new RefSetCache;pageKidsCountCache=new RefSetCache;standardFontDataCache=new Map;systemFontCache=new Map;constructor(e,t){this.pdfManager=e;this.xref=t;this.#ie=t.getCatalogObj();if(!(this.#ie instanceof Dict))throw new FormatError("Catalog object is not a dictionary.");this.toplevelPagesDict}cloneDict(){return this.#ie.clone()}get version(){const e=this.#ie.get("Version");if(e instanceof Name){if(Ca.test(e.name))return shadow(this,"version",e.name);warn(`Invalid PDF catalog version: ${e.name}`)}return shadow(this,"version",null)}get lang(){const e=this.#ie.get("Lang");return shadow(this,"lang",e&&"string"==typeof e?stringToPDFString(e):null)}get needsRendering(){const e=this.#ie.get("NeedsRendering");return shadow(this,"needsRendering","boolean"==typeof e&&e)}get collection(){let e=null;try{const t=this.#ie.get("Collection");t instanceof Dict&&t.size>0&&(e=t)}catch(e){if(e instanceof MissingDataException)throw e;info("Cannot fetch Collection entry; assuming no collection is present.")}return shadow(this,"collection",e)}get acroForm(){let e=null;try{const t=this.#ie.get("AcroForm");t instanceof Dict&&t.size>0&&(e=t)}catch(e){if(e instanceof MissingDataException)throw e;info("Cannot fetch AcroForm entry; assuming no forms are present.")}return shadow(this,"acroForm",e)}get acroFormRef(){const e=this.#ie.getRaw("AcroForm");return shadow(this,"acroFormRef",e instanceof Ref?e:null)}get metadata(){const e=this.#ie.getRaw("Metadata");if(!(e instanceof Ref))return shadow(this,"metadata",null);let t=null;try{const a=this.xref.fetch(e,!this.xref.encrypt?.encryptMetadata);if(a instanceof BaseStream&&a.dict instanceof Dict){const e=a.dict.get("Type"),r=a.dict.get("Subtype");if(isName(e,"Metadata")&&isName(r,"XML")){const e=stringToUTF8String(a.getString());e&&(t=new MetadataParser(e).serializable)}}}catch(e){if(e instanceof MissingDataException)throw e;info(`Skipping invalid Metadata: "${e}".`)}return shadow(this,"metadata",t)}get markInfo(){let e=null;try{e=this.#ne()}catch(e){if(e instanceof MissingDataException)throw e;warn("Unable to read mark info.")}return shadow(this,"markInfo",e)}#ne(){const e=this.#ie.get("MarkInfo");if(!(e instanceof Dict))return null;const t={Marked:!1,UserProperties:!1,Suspects:!1};for(const a in t){const r=e.get(a);"boolean"==typeof r&&(t[a]=r)}return t}get structTreeRoot(){let e=null;try{e=this.#se()}catch(e){if(e instanceof MissingDataException)throw e;warn("Unable read to structTreeRoot info.")}return shadow(this,"structTreeRoot",e)}#se(){const e=this.#ie.getRaw("StructTreeRoot"),t=this.xref.fetchIfRef(e);if(!(t instanceof Dict))return null;const a=new StructTreeRoot(this.xref,t,e);a.init();return a}get toplevelPagesDict(){const e=this.#ie.get("Pages");if(!(e instanceof Dict))throw new FormatError("Invalid top-level pages dictionary.");return shadow(this,"toplevelPagesDict",e)}get documentOutline(){let e=null;try{e=this.#oe()}catch(e){if(e instanceof MissingDataException)throw e;warn("Unable to read document outline.")}return shadow(this,"documentOutline",e)}#oe(){let e=this.#ie.get("Outlines");if(!(e instanceof Dict))return null;e=e.getRaw("First");if(!(e instanceof Ref))return null;const t={items:[]},a=[{obj:e,parent:t}],r=new RefSet;r.put(e);const i=this.xref,n=new Uint8ClampedArray(3);for(;a.length>0;){const t=a.shift(),s=i.fetchIfRef(t.obj);if(null===s)continue;s.has("Title")||warn("Invalid outline item encountered.");const o={url:null,dest:null,action:null};Catalog.parseDestDictionary({destDict:s,resultObj:o,docBaseUrl:this.baseUrl,docAttachments:this.attachments});const c=s.get("Title"),l=s.get("F")||0,h=s.getArray("C"),u=s.get("Count");let d=n;!isNumberArray(h,3)||0===h[0]&&0===h[1]&&0===h[2]||(d=ColorSpaceUtils.rgb.getRgb(h,0));const f={action:o.action,attachment:o.attachment,dest:o.dest,url:o.url,unsafeUrl:o.unsafeUrl,newWindow:o.newWindow,setOCGState:o.setOCGState,title:"string"==typeof c?stringToPDFString(c):"",color:d,count:Number.isInteger(u)?u:void 0,bold:!!(2&l),italic:!!(1&l),items:[]};t.parent.items.push(f);e=s.getRaw("First");if(e instanceof Ref&&!r.has(e)){a.push({obj:e,parent:f});r.put(e)}e=s.getRaw("Next");if(e instanceof Ref&&!r.has(e)){a.push({obj:e,parent:t.parent});r.put(e)}}return t.items.length>0?t.items:null}get permissions(){let e=null;try{e=this.#ce()}catch(e){if(e instanceof MissingDataException)throw e;warn("Unable to read permissions.")}return shadow(this,"permissions",e)}#ce(){const e=this.xref.trailer.get("Encrypt");if(!(e instanceof Dict))return null;let t=e.get("P");if("number"!=typeof t)return null;t+=2**32;const a=[];for(const e in w){const r=w[e];t&r&&a.push(r)}return a}get optionalContentConfig(){let e=null;try{const t=this.#ie.get("OCProperties");if(!t)return shadow(this,"optionalContentConfig",null);const a=t.get("D");if(!a)return shadow(this,"optionalContentConfig",null);const r=t.get("OCGs");if(!Array.isArray(r))return shadow(this,"optionalContentConfig",null);const i=new RefSetCache;for(const e of r)e instanceof Ref&&!i.has(e)&&i.put(e,this.#le(e));e=this.#he(a,i)}catch(e){if(e instanceof MissingDataException)throw e;warn(`Unable to read optional content config: ${e}`)}return shadow(this,"optionalContentConfig",e)}#le(e){const t=this.xref.fetch(e),a={id:e.toString(),name:null,intent:null,usage:{print:null,view:null},rbGroups:[]},r=t.get("Name");"string"==typeof r&&(a.name=stringToPDFString(r));let i=t.getArray("Intent");Array.isArray(i)||(i=[i]);i.every((e=>e instanceof Name))&&(a.intent=i.map((e=>e.name)));const n=t.get("Usage");if(!(n instanceof Dict))return a;const s=a.usage,o=n.get("Print");if(o instanceof Dict){const e=o.get("PrintState");if(e instanceof Name)switch(e.name){case"ON":case"OFF":s.print={printState:e.name}}}const c=n.get("View");if(c instanceof Dict){const e=c.get("ViewState");if(e instanceof Name)switch(e.name){case"ON":case"OFF":s.view={viewState:e.name}}}return a}#he(e,t){function parseOnOff(e){const a=[];if(Array.isArray(e))for(const r of e)r instanceof Ref&&t.has(r)&&a.push(r.toString());return a}function parseOrder(e,a=0){if(!Array.isArray(e))return null;const i=[];for(const n of e){if(n instanceof Ref&&t.has(n)){r.put(n);i.push(n.toString());continue}const e=parseNestedOrder(n,a);e&&i.push(e)}if(a>0)return i;const n=[];for(const[e]of t.items())r.has(e)||n.push(e.toString());n.length&&i.push({name:null,order:n});return i}function parseNestedOrder(e,t){if(++t>i){warn("parseNestedOrder - reached MAX_NESTED_LEVELS.");return null}const r=a.fetchIfRef(e);if(!Array.isArray(r))return null;const n=a.fetchIfRef(r[0]);if("string"!=typeof n)return null;const s=parseOrder(r.slice(1),t);return s?.length?{name:stringToPDFString(n),order:s}:null}const a=this.xref,r=new RefSet,i=10;!function parseRBGroups(e){if(Array.isArray(e))for(const r of e){const e=a.fetchIfRef(r);if(!Array.isArray(e)||!e.length)continue;const i=new Set;for(const a of e)if(a instanceof Ref&&t.has(a)&&!i.has(a.toString())){i.add(a.toString());t.get(a).rbGroups.push(i)}}}(e.get("RBGroups"));return{name:"string"==typeof e.get("Name")?stringToPDFString(e.get("Name")):null,creator:"string"==typeof e.get("Creator")?stringToPDFString(e.get("Creator")):null,baseState:e.get("BaseState")instanceof Name?e.get("BaseState").name:null,on:parseOnOff(e.get("ON")),off:parseOnOff(e.get("OFF")),order:parseOrder(e.get("Order")),groups:[...t]}}setActualNumPages(e=null){this.#re=e}get hasActualNumPages(){return null!==this.#re}get _pagesCount(){const e=this.toplevelPagesDict.get("Count");if(!Number.isInteger(e))throw new FormatError("Page count in top-level pages dictionary is not an integer.");return shadow(this,"_pagesCount",e)}get numPages(){return this.#re??this._pagesCount}get destinations(){const e=this.#ue(),t=Object.create(null);for(const a of e)if(a instanceof NameTree)for(const[e,r]of a.getAll()){const a=fetchDest(r);a&&(t[stringToPDFString(e,!0)]=a)}else if(a instanceof Dict)for(const[e,r]of a){const a=fetchDest(r);a&&(t[stringToPDFString(e,!0)]||=a)}return shadow(this,"destinations",t)}getDestination(e){if(this.hasOwnProperty("destinations"))return this.destinations[e]??null;const t=this.#ue();for(const a of t)if(a instanceof NameTree||a instanceof Dict){const t=fetchDest(a.get(e));if(t)return t}if(t.length){const t=this.destinations[e];if(t)return t}return null}#ue(){const e=this.#ie.get("Names"),t=[];e?.has("Dests")&&t.push(new NameTree(e.getRaw("Dests"),this.xref));this.#ie.has("Dests")&&t.push(this.#ie.get("Dests"));return t}get pageLabels(){let e=null;try{e=this.#de()}catch(e){if(e instanceof MissingDataException)throw e;warn("Unable to read page labels.")}return shadow(this,"pageLabels",e)}#de(){const e=this.#ie.getRaw("PageLabels");if(!e)return null;const t=new Array(this.numPages);let a=null,r="";const i=new NumberTree(e,this.xref).getAll();let n="",s=1;for(let e=0,o=this.numPages;e=1))throw new FormatError("Invalid start in PageLabel dictionary.");s=e}else s=1}switch(a){case"D":n=s;break;case"R":case"r":n=toRomanNumerals(s,"r"===a);break;case"A":case"a":const e=26,t="a"===a?97:65,r=s-1;n=String.fromCharCode(t+r%e).repeat(Math.floor(r/e)+1);break;default:if(a)throw new FormatError(`Invalid style "${a}" in PageLabel dictionary.`);n=""}t[e]=r+n;s++}return t}get pageLayout(){const e=this.#ie.get("PageLayout");let t="";if(e instanceof Name)switch(e.name){case"SinglePage":case"OneColumn":case"TwoColumnLeft":case"TwoColumnRight":case"TwoPageLeft":case"TwoPageRight":t=e.name}return shadow(this,"pageLayout",t)}get pageMode(){const e=this.#ie.get("PageMode");let t="UseNone";if(e instanceof Name)switch(e.name){case"UseNone":case"UseOutlines":case"UseThumbs":case"FullScreen":case"UseOC":case"UseAttachments":t=e.name}return shadow(this,"pageMode",t)}get viewerPreferences(){const e=this.#ie.get("ViewerPreferences");if(!(e instanceof Dict))return shadow(this,"viewerPreferences",null);let t=null;for(const[a,r]of e){let e;switch(a){case"HideToolbar":case"HideMenubar":case"HideWindowUI":case"FitWindow":case"CenterWindow":case"DisplayDocTitle":case"PickTrayByPDFSize":"boolean"==typeof r&&(e=r);break;case"NonFullScreenPageMode":if(r instanceof Name)switch(r.name){case"UseNone":case"UseOutlines":case"UseThumbs":case"UseOC":e=r.name;break;default:e="UseNone"}break;case"Direction":if(r instanceof Name)switch(r.name){case"L2R":case"R2L":e=r.name;break;default:e="L2R"}break;case"ViewArea":case"ViewClip":case"PrintArea":case"PrintClip":if(r instanceof Name)switch(r.name){case"MediaBox":case"CropBox":case"BleedBox":case"TrimBox":case"ArtBox":e=r.name;break;default:e="CropBox"}break;case"PrintScaling":if(r instanceof Name)switch(r.name){case"None":case"AppDefault":e=r.name;break;default:e="AppDefault"}break;case"Duplex":if(r instanceof Name)switch(r.name){case"Simplex":case"DuplexFlipShortEdge":case"DuplexFlipLongEdge":e=r.name;break;default:e="None"}break;case"PrintPageRange":if(Array.isArray(r)&&r.length%2==0){r.every(((e,t,a)=>Number.isInteger(e)&&e>0&&(0===t||e>=a[t-1])&&e<=this.numPages))&&(e=r)}break;case"NumCopies":Number.isInteger(r)&&r>0&&(e=r);break;default:warn(`Ignoring non-standard key in ViewerPreferences: ${a}.`);continue}if(void 0!==e){t??=Object.create(null);t[a]=e}else warn(`Bad value, for key "${a}", in ViewerPreferences: ${r}.`)}return shadow(this,"viewerPreferences",t)}get openAction(){const e=this.#ie.get("OpenAction"),t=Object.create(null);if(e instanceof Dict){const a=new Dict(this.xref);a.set("A",e);const r={url:null,dest:null,action:null};Catalog.parseDestDictionary({destDict:a,resultObj:r});Array.isArray(r.dest)?t.dest=r.dest:r.action&&(t.action=r.action)}else Jn(e)&&(t.dest=e);return shadow(this,"openAction",objectSize(t)>0?t:null)}get attachments(){const e=this.#ie.get("Names");let t=null;if(e instanceof Dict&&e.has("EmbeddedFiles")){const a=new NameTree(e.getRaw("EmbeddedFiles"),this.xref);for(const[e,r]of a.getAll()){const a=new FileSpec(r,this.xref);t??=Object.create(null);t[stringToPDFString(e,!0)]=a.serializable}}return shadow(this,"attachments",t)}get xfaImages(){const e=this.#ie.get("Names");let t=null;if(e instanceof Dict&&e.has("XFAImages")){const a=new NameTree(e.getRaw("XFAImages"),this.xref);for(const[e,r]of a.getAll())if(r instanceof BaseStream){t??=new Map;t.set(stringToPDFString(e,!0),r.getBytes())}}return shadow(this,"xfaImages",t)}#fe(){const e=this.#ie.get("Names");let t=null;function appendIfJavaScriptDict(e,a){if(!(a instanceof Dict))return;if(!isName(a.get("S"),"JavaScript"))return;let r=a.get("JS");if(r instanceof BaseStream)r=r.getString();else if("string"!=typeof r)return;r=stringToPDFString(r,!0).replaceAll("\0","");r&&(t||=new Map).set(e,r)}if(e instanceof Dict&&e.has("JavaScript")){const t=new NameTree(e.getRaw("JavaScript"),this.xref);for(const[e,a]of t.getAll())appendIfJavaScriptDict(stringToPDFString(e,!0),a)}const a=this.#ie.get("OpenAction");a&&appendIfJavaScriptDict("OpenAction",a);return t}get jsActions(){const e=this.#fe();let t=collectActions(this.xref,this.#ie,we);if(e){t||=Object.create(null);for(const[a,r]of e)a in t?t[a].push(r):t[a]=[r]}return shadow(this,"jsActions",t)}async cleanup(e=!1){clearGlobalCaches();this.globalColorSpaceCache.clear();this.globalImageCache.clear(e);this.pageKidsCountCache.clear();this.pageIndexCache.clear();this.pageDictCache.clear();this.nonBlendModesSet.clear();for(const{dict:e}of await Promise.all(this.fontCache))delete e.cacheKey;this.fontCache.clear();this.builtInCMapCache.clear();this.standardFontDataCache.clear();this.systemFontCache.clear()}async getPageDict(e){const t=[this.toplevelPagesDict],a=new RefSet,r=this.#ie.getRaw("Pages");r instanceof Ref&&a.put(r);const i=this.xref,n=this.pageKidsCountCache,s=this.pageIndexCache,o=this.pageDictCache;let c=0;for(;t.length;){const r=t.pop();if(r instanceof Ref){const l=n.get(r);if(l>=0&&c+l<=e){c+=l;continue}if(a.has(r))throw new FormatError("Pages tree contains circular reference.");a.put(r);const h=await(o.get(r)||i.fetchAsync(r));if(h instanceof Dict){let t=h.getRaw("Type");t instanceof Ref&&(t=await i.fetchAsync(t));if(isName(t,"Page")||!h.has("Kids")){n.has(r)||n.put(r,1);s.has(r)||s.put(r,c);if(c===e)return[h,r];c++;continue}}t.push(h);continue}if(!(r instanceof Dict))throw new FormatError("Page dictionary kid reference points to wrong type of object.");const{objId:l}=r;let h=r.getRaw("Count");h instanceof Ref&&(h=await i.fetchAsync(h));if(Number.isInteger(h)&&h>=0){l&&!n.has(l)&&n.put(l,h);if(c+h<=e){c+=h;continue}}let u=r.getRaw("Kids");u instanceof Ref&&(u=await i.fetchAsync(u));if(!Array.isArray(u)){let t=r.getRaw("Type");t instanceof Ref&&(t=await i.fetchAsync(t));if(isName(t,"Page")||!r.has("Kids")){if(c===e)return[r,null];c++;continue}throw new FormatError("Page dictionary kids object is not an array.")}for(let e=u.length-1;e>=0;e--){const a=u[e];t.push(a);r===this.toplevelPagesDict&&a instanceof Ref&&!o.has(a)&&o.put(a,i.fetchAsync(a))}}throw new Error(`Page index ${e} not found.`)}async getAllPageDicts(e=!1){const{ignoreErrors:t}=this.pdfManager.evaluatorOptions,a=[{currentNode:this.toplevelPagesDict,posInKids:0}],r=new RefSet,i=this.#ie.getRaw("Pages");i instanceof Ref&&r.put(i);const n=new Map,s=this.xref,o=this.pageIndexCache;let c=0;function addPageDict(e,t){t&&!o.has(t)&&o.put(t,c);n.set(c++,[e,t])}function addPageError(a){if(a instanceof XRefEntryException&&!e)throw a;if(e&&t&&0===c){warn(`getAllPageDicts - Skipping invalid first page: "${a}".`);a=Dict.empty}n.set(c++,[a,null])}for(;a.length>0;){const e=a.at(-1),{currentNode:t,posInKids:i}=e;let n=t.getRaw("Kids");if(n instanceof Ref)try{n=await s.fetchAsync(n)}catch(e){addPageError(e);break}if(!Array.isArray(n)){addPageError(new FormatError("Page dictionary kids object is not an array."));break}if(i>=n.length){a.pop();continue}const o=n[i];let c;if(o instanceof Ref){if(r.has(o)){addPageError(new FormatError("Pages tree contains circular reference."));break}r.put(o);try{c=await s.fetchAsync(o)}catch(e){addPageError(e);break}}else c=o;if(!(c instanceof Dict)){addPageError(new FormatError("Page dictionary kid reference points to wrong type of object."));break}let l=c.getRaw("Type");if(l instanceof Ref)try{l=await s.fetchAsync(l)}catch(e){addPageError(e);break}isName(l,"Page")||!c.has("Kids")?addPageDict(c,o instanceof Ref?o:null):a.push({currentNode:c,posInKids:0});e.posInKids++}return n}getPageIndex(e){const t=this.pageIndexCache.get(e);if(void 0!==t)return Promise.resolve(t);const a=this.xref;let r=0;const next=t=>function pagesBeforeRef(t){let r,i=0;return a.fetchAsync(t).then((function(a){if(isRefsEqual(t,e)&&!isDict(a,"Page")&&!(a instanceof Dict&&!a.has("Type")&&a.has("Contents")))throw new FormatError("The reference does not point to a /Page dictionary.");if(!a)return null;if(!(a instanceof Dict))throw new FormatError("Node must be a dictionary.");r=a.getRaw("Parent");return a.getAsync("Parent")})).then((function(e){if(!e)return null;if(!(e instanceof Dict))throw new FormatError("Parent must be a dictionary.");return e.getAsync("Kids")})).then((function(e){if(!e)return null;const n=[];let s=!1;for(const r of e){if(!(r instanceof Ref))throw new FormatError("Kid must be a reference.");if(isRefsEqual(r,t)){s=!0;break}n.push(a.fetchAsync(r).then((function(e){if(!(e instanceof Dict))throw new FormatError("Kid node must be a dictionary.");e.has("Count")?i+=e.get("Count"):i++})))}if(!s)throw new FormatError("Kid reference not found in parent's kids.");return Promise.all(n).then((()=>[i,r]))}))}(t).then((t=>{if(!t){this.pageIndexCache.put(e,r);return r}const[a,i]=t;r+=a;return next(i)}));return next(e)}get baseUrl(){const e=this.#ie.get("URI");if(e instanceof Dict){const t=e.get("Base");if("string"==typeof t){const e=createValidAbsoluteUrl(t,null,{tryConvertEncoding:!0});if(e)return shadow(this,"baseUrl",e.href)}}return shadow(this,"baseUrl",this.pdfManager.docBaseUrl)}static parseDestDictionary({destDict:e,resultObj:t,docBaseUrl:a=null,docAttachments:r=null}){if(!(e instanceof Dict)){warn("parseDestDictionary: `destDict` must be a dictionary.");return}let i,n,s=e.get("A");if(!(s instanceof Dict))if(e.has("Dest"))s=e.get("Dest");else{s=e.get("AA");s instanceof Dict&&(s.has("D")?s=s.get("D"):s.has("U")&&(s=s.get("U")))}if(s instanceof Dict){const e=s.get("S");if(!(e instanceof Name)){warn("parseDestDictionary: Invalid type in Action dictionary.");return}const a=e.name;switch(a){case"ResetForm":const e=s.get("Flags"),o=!(1&("number"==typeof e?e:0)),c=[],l=[];for(const e of s.get("Fields")||[])e instanceof Ref?l.push(e.toString()):"string"==typeof e&&c.push(stringToPDFString(e));t.resetForm={fields:c,refs:l,include:o};break;case"URI":i=s.get("URI");i instanceof Name&&(i="/"+i.name);break;case"GoTo":n=s.get("D");break;case"Launch":case"GoToR":const h=s.get("F");if(h instanceof Dict){const e=new FileSpec(h,null,!0),{rawFilename:t}=e.serializable;i=t}else"string"==typeof h&&(i=h);const u=fetchRemoteDest(s);u&&"string"==typeof i&&(i=i.split("#",1)[0]+"#"+u);const d=s.get("NewWindow");"boolean"==typeof d&&(t.newWindow=d);break;case"GoToE":const f=s.get("T");let g;if(r&&f instanceof Dict){const e=f.get("R"),t=f.get("N");isName(e,"C")&&"string"==typeof t&&(g=r[stringToPDFString(t,!0)])}if(g){t.attachment=g;const e=fetchRemoteDest(s);e&&(t.attachmentDest=e)}else warn('parseDestDictionary - unimplemented "GoToE" action.');break;case"Named":const p=s.get("N");p instanceof Name&&(t.action=p.name);break;case"SetOCGState":const m=s.get("State"),b=s.get("PreserveRB");if(!Array.isArray(m)||0===m.length)break;const y=[];for(const e of m)if(e instanceof Name)switch(e.name){case"ON":case"OFF":case"Toggle":y.push(e.name)}else e instanceof Ref&&y.push(e.toString());if(y.length!==m.length)break;t.setOCGState={state:y,preserveRB:"boolean"!=typeof b||b};break;case"JavaScript":const w=s.get("JS");let x;w instanceof BaseStream?x=w.getString():"string"==typeof w&&(x=w);const S=x&&recoverJsURL(stringToPDFString(x,!0));if(S){i=S.url;t.newWindow=S.newWindow;break}default:if("JavaScript"===a||"SubmitForm"===a)break;warn(`parseDestDictionary - unsupported action: "${a}".`)}}else e.has("Dest")&&(n=e.get("Dest"));if("string"==typeof i){const e=createValidAbsoluteUrl(i,a,{addDefaultProtocol:!0,tryConvertEncoding:!0});e&&(t.url=e.href);t.unsafeUrl=i}if(n){n instanceof Name&&(n=n.name);"string"==typeof n?t.dest=stringToPDFString(n,!0):Jn(n)&&(t.dest=n)}}}function addChildren(e,t){if(e instanceof Dict)e=e.getRawValues();else if(e instanceof BaseStream)e=e.dict.getRawValues();else if(!Array.isArray(e))return;for(const r of e)((a=r)instanceof Ref||a instanceof Dict||a instanceof BaseStream||Array.isArray(a))&&t.push(r);var a}class ObjectLoader{refSet=new RefSet;constructor(e,t,a){this.dict=e;this.keys=t;this.xref=a}async load(){const{keys:e,dict:t}=this,a=[];for(const r of e){const e=t.getRaw(r);void 0!==e&&a.push(e)}await this.#ge(a);this.refSet=null}async#ge(e){const t=[],a=[];for(;e.length;){let r=e.pop();if(r instanceof Ref){if(this.refSet.has(r))continue;try{this.refSet.put(r);r=this.xref.fetch(r)}catch(e){if(!(e instanceof MissingDataException)){warn(`ObjectLoader.#walk - requesting all data: "${e}".`);await this.xref.stream.manager.requestAllChunks();return}t.push(r);a.push({begin:e.begin,end:e.end})}}if(r instanceof BaseStream){const e=r.getBaseStreams();if(e){let i=!1;for(const t of e)if(!t.isDataLoaded){i=!0;a.push({begin:t.start,end:t.end})}i&&t.push(r)}}addChildren(r,e)}if(a.length){await this.xref.stream.manager.requestRanges(a);for(const e of t)e instanceof Ref&&this.refSet.remove(e);await this.#ge(t)}}static async load(e,t,a){if(a.stream.isDataLoaded)return;const r=new ObjectLoader(e,t,a);await r.load()}}const Yn=Symbol(),Zn=Symbol(),Qn=Symbol(),es=Symbol(),ts=Symbol(),as=Symbol(),rs=Symbol(),is=Symbol(),ns=Symbol(),ss=Symbol("content"),os=Symbol("data"),cs=Symbol(),ls=Symbol("extra"),hs=Symbol(),us=Symbol(),ds=Symbol(),fs=Symbol(),gs=Symbol(),ps=Symbol(),ms=Symbol(),bs=Symbol(),ys=Symbol(),ws=Symbol(),xs=Symbol(),Ss=Symbol(),ks=Symbol(),As=Symbol(),Cs=Symbol(),vs=Symbol(),Fs=Symbol(),Is=Symbol(),Ts=Symbol(),Os=Symbol(),Ms=Symbol(),Ds=Symbol(),Bs=Symbol(),Rs=Symbol(),Ns=Symbol(),Es=Symbol(),Ls=Symbol(),js=Symbol(),_s=Symbol(),Us=Symbol(),Xs=Symbol(),qs=Symbol(),Hs=Symbol("namespaceId"),Ws=Symbol("nodeName"),zs=Symbol(),$s=Symbol(),Gs=Symbol(),Vs=Symbol(),Ks=Symbol(),Js=Symbol(),Ys=Symbol(),Zs=Symbol(),Qs=Symbol("root"),eo=Symbol(),to=Symbol(),ao=Symbol(),ro=Symbol(),io=Symbol(),no=Symbol(),so=Symbol(),oo=Symbol(),co=Symbol(),lo=Symbol(),ho=Symbol(),uo=Symbol("uid"),fo=Symbol(),go={config:{id:0,check:e=>e.startsWith("http://www.xfa.org/schema/xci/")},connectionSet:{id:1,check:e=>e.startsWith("http://www.xfa.org/schema/xfa-connection-set/")},datasets:{id:2,check:e=>e.startsWith("http://www.xfa.org/schema/xfa-data/")},form:{id:3,check:e=>e.startsWith("http://www.xfa.org/schema/xfa-form/")},localeSet:{id:4,check:e=>e.startsWith("http://www.xfa.org/schema/xfa-locale-set/")},pdf:{id:5,check:e=>"http://ns.adobe.com/xdp/pdf/"===e},signature:{id:6,check:e=>"http://www.w3.org/2000/09/xmldsig#"===e},sourceSet:{id:7,check:e=>e.startsWith("http://www.xfa.org/schema/xfa-source-set/")},stylesheet:{id:8,check:e=>"http://www.w3.org/1999/XSL/Transform"===e},template:{id:9,check:e=>e.startsWith("http://www.xfa.org/schema/xfa-template/")},xdc:{id:10,check:e=>e.startsWith("http://www.xfa.org/schema/xdc/")},xdp:{id:11,check:e=>"http://ns.adobe.com/xdp/"===e},xfdf:{id:12,check:e=>"http://ns.adobe.com/xfdf/"===e},xhtml:{id:13,check:e=>"http://www.w3.org/1999/xhtml"===e},xmpmeta:{id:14,check:e=>"http://ns.adobe.com/xmpmeta/"===e}},po={pt:e=>e,cm:e=>e/2.54*72,mm:e=>e/25.4*72,in:e=>72*e,px:e=>e},mo=/([+-]?\d+\.?\d*)(.*)/;function stripQuotes(e){return e.startsWith("'")||e.startsWith('"')?e.slice(1,-1):e}function getInteger({data:e,defaultValue:t,validate:a}){if(!e)return t;e=e.trim();const r=parseInt(e,10);return!isNaN(r)&&a(r)?r:t}function getFloat({data:e,defaultValue:t,validate:a}){if(!e)return t;e=e.trim();const r=parseFloat(e);return!isNaN(r)&&a(r)?r:t}function getKeyword({data:e,defaultValue:t,validate:a}){return e&&a(e=e.trim())?e:t}function getStringOption(e,t){return getKeyword({data:e,defaultValue:t[0],validate:e=>t.includes(e)})}function getMeasurement(e,t="0"){t||="0";if(!e)return getMeasurement(t);const a=e.trim().match(mo);if(!a)return getMeasurement(t);const[,r,i]=a,n=parseFloat(r);if(isNaN(n))return getMeasurement(t);if(0===n)return 0;const s=po[i];return s?s(n):n}function getRatio(e){if(!e)return{num:1,den:1};const t=e.split(":",2).map((e=>parseFloat(e.trim()))).filter((e=>!isNaN(e)));1===t.length&&t.push(1);if(0===t.length)return{num:1,den:1};const[a,r]=t;return{num:a,den:r}}function getRelevant(e){return e?e.trim().split(/\s+/).map((e=>({excluded:"-"===e[0],viewname:e.substring(1)}))):[]}class HTMLResult{static get FAILURE(){return shadow(this,"FAILURE",new HTMLResult(!1,null,null,null))}static get EMPTY(){return shadow(this,"EMPTY",new HTMLResult(!0,null,null,null))}constructor(e,t,a,r){this.success=e;this.html=t;this.bbox=a;this.breakNode=r}isBreak(){return!!this.breakNode}static breakNode(e){return new HTMLResult(!1,null,null,e)}static success(e,t=null){return new HTMLResult(!0,e,t,null)}}class FontFinder{constructor(e){this.fonts=new Map;this.cache=new Map;this.warned=new Set;this.defaultFont=null;this.add(e)}add(e,t=null){for(const t of e)this.addPdfFont(t);for(const e of this.fonts.values())e.regular||(e.regular=e.italic||e.bold||e.bolditalic);if(!t||0===t.size)return;const a=this.fonts.get("PdfJS-Fallback-PdfJS-XFA");for(const e of t)this.fonts.set(e,a)}addPdfFont(e){const t=e.cssFontInfo,a=t.fontFamily;let r=this.fonts.get(a);if(!r){r=Object.create(null);this.fonts.set(a,r);this.defaultFont||(this.defaultFont=r)}let i="";const n=parseFloat(t.fontWeight);0!==parseFloat(t.italicAngle)?i=n>=700?"bolditalic":"italic":n>=700&&(i="bold");if(!i){(e.name.includes("Bold")||e.psName?.includes("Bold"))&&(i="bold");(e.name.includes("Italic")||e.name.endsWith("It")||e.psName?.includes("Italic")||e.psName?.endsWith("It"))&&(i+="italic")}i||(i="regular");r[i]=e}getDefault(){return this.defaultFont}find(e,t=!0){let a=this.fonts.get(e)||this.cache.get(e);if(a)return a;const r=/,|-|_| |bolditalic|bold|italic|regular|it/gi;let i=e.replaceAll(r,"");a=this.fonts.get(i);if(a){this.cache.set(e,a);return a}i=i.toLowerCase();const n=[];for(const[e,t]of this.fonts.entries())e.replaceAll(r,"").toLowerCase().startsWith(i)&&n.push(t);if(0===n.length)for(const[,e]of this.fonts.entries())e.regular.name?.replaceAll(r,"").toLowerCase().startsWith(i)&&n.push(e);if(0===n.length){i=i.replaceAll(/psmt|mt/gi,"");for(const[e,t]of this.fonts.entries())e.replaceAll(r,"").toLowerCase().startsWith(i)&&n.push(t)}if(0===n.length)for(const e of this.fonts.values())e.regular.name?.replaceAll(r,"").toLowerCase().startsWith(i)&&n.push(e);if(n.length>=1){1!==n.length&&t&&warn(`XFA - Too many choices to guess the correct font: ${e}`);this.cache.set(e,n[0]);return n[0]}if(t&&!this.warned.has(e)){this.warned.add(e);warn(`XFA - Cannot find the font: ${e}`)}return null}}function selectFont(e,t){return"italic"===e.posture?"bold"===e.weight?t.bolditalic:t.italic:"bold"===e.weight?t.bold:t.regular}class FontInfo{constructor(e,t,a,r){this.lineHeight=a;this.paraMargin=t||{top:0,bottom:0,left:0,right:0};if(!e){[this.pdfFont,this.xfaFont]=this.defaultFont(r);return}this.xfaFont={typeface:e.typeface,posture:e.posture,weight:e.weight,size:e.size,letterSpacing:e.letterSpacing};const i=r.find(e.typeface);if(i){this.pdfFont=selectFont(e,i);this.pdfFont||([this.pdfFont,this.xfaFont]=this.defaultFont(r))}else[this.pdfFont,this.xfaFont]=this.defaultFont(r)}defaultFont(e){const t=e.find("Helvetica",!1)||e.find("Myriad Pro",!1)||e.find("Arial",!1)||e.getDefault();if(t?.regular){const e=t.regular;return[e,{typeface:e.cssFontInfo.fontFamily,posture:"normal",weight:"normal",size:10,letterSpacing:0}]}return[null,{typeface:"Courier",posture:"normal",weight:"normal",size:10,letterSpacing:0}]}}class FontSelector{constructor(e,t,a,r){this.fontFinder=r;this.stack=[new FontInfo(e,t,a,r)]}pushData(e,t,a){const r=this.stack.at(-1);for(const t of["typeface","posture","weight","size","letterSpacing"])e[t]||(e[t]=r.xfaFont[t]);for(const e of["top","bottom","left","right"])isNaN(t[e])&&(t[e]=r.paraMargin[e]);const i=new FontInfo(e,t,a||r.lineHeight,this.fontFinder);i.pdfFont||(i.pdfFont=r.pdfFont);this.stack.push(i)}popFont(){this.stack.pop()}topFont(){return this.stack.at(-1)}}class TextMeasure{constructor(e,t,a,r){this.glyphs=[];this.fontSelector=new FontSelector(e,t,a,r);this.extraHeight=0}pushData(e,t,a){this.fontSelector.pushData(e,t,a)}popFont(e){return this.fontSelector.popFont()}addPara(){const e=this.fontSelector.topFont();this.extraHeight+=e.paraMargin.top+e.paraMargin.bottom}addString(e){if(!e)return;const t=this.fontSelector.topFont(),a=t.xfaFont.size;if(t.pdfFont){const r=t.xfaFont.letterSpacing,i=t.pdfFont,n=i.lineHeight||1.2,s=t.lineHeight||Math.max(1.2,n)*a,o=n-(void 0===i.lineGap?.2:i.lineGap),c=Math.max(1,o)*a,l=a/1e3,h=i.defaultWidth||i.charsToGlyphs(" ")[0].width;for(const t of e.split(/[\u2029\n]/)){const e=i.encodeString(t).join(""),a=i.charsToGlyphs(e);for(const e of a){const t=e.width||h;this.glyphs.push([t*l+r,s,c,e.unicode,!1])}this.glyphs.push([0,0,0,"\n",!0])}this.glyphs.pop()}else{for(const t of e.split(/[\u2029\n]/)){for(const e of t.split(""))this.glyphs.push([a,1.2*a,a,e,!1]);this.glyphs.push([0,0,0,"\n",!0])}this.glyphs.pop()}}compute(e){let t=-1,a=0,r=0,i=0,n=0,s=0,o=!1,c=!0;for(let l=0,h=this.glyphs.length;le){r=Math.max(r,n);n=0;i+=s;s=m;t=-1;a=0;o=!0;c=!1}else{s=Math.max(m,s);a=n;n+=h;t=l}else if(n+h>e){i+=s;s=m;if(-1!==t){l=t;r=Math.max(r,a);n=0;t=-1;a=0}else{r=Math.max(r,n);n=h}o=!0;c=!1}else{n+=h;s=Math.max(m,s)}}r=Math.max(r,n);i+=s+this.extraHeight;return{width:1.02*r,height:i,isBroken:o}}}const bo=/^[^.[]+/,yo=/^[^\]]+/,wo=0,xo=1,So=2,ko=3,Ao=4,Co=new Map([["$data",(e,t)=>e.datasets?e.datasets.data:e],["$record",(e,t)=>(e.datasets?e.datasets.data:e)[Ss]()[0]],["$template",(e,t)=>e.template],["$connectionSet",(e,t)=>e.connectionSet],["$form",(e,t)=>e.form],["$layout",(e,t)=>e.layout],["$host",(e,t)=>e.host],["$dataWindow",(e,t)=>e.dataWindow],["$event",(e,t)=>e.event],["!",(e,t)=>e.datasets],["$xfa",(e,t)=>e],["xfa",(e,t)=>e],["$",(e,t)=>t]]),vo=new WeakMap;function parseExpression(e,t,a=!0){let r=e.match(bo);if(!r)return null;let[i]=r;const n=[{name:i,cacheName:"."+i,index:0,js:null,formCalc:null,operator:wo}];let s=i.length;for(;s0&&h.push(e)}if(0!==h.length||o||0!==c)e=isFinite(l)?h.filter((e=>le[l])):h.flat();else{const a=t[vs]();if(!(t=a))return null;c=-1;e=[t]}}return 0===e.length?null:e}function createDataNode(e,t,a){const r=parseExpression(a);if(!r)return null;if(r.some((e=>e.operator===xo)))return null;const i=Co.get(r[0].name);let n=0;if(i){e=i(e,t);n=1}else e=t||e;for(let t=r.length;ne[so]())).join("")}get[Oo](){const e=Object.getPrototypeOf(this);if(!e._attributes){const t=e._attributes=new Set;for(const e of Object.getOwnPropertyNames(this)){if(null===this[e]||this[e]instanceof XFAObject||this[e]instanceof XFAObjectArray)break;t.add(e)}}return shadow(this,Oo,e._attributes)}[Es](e){let t=this;for(;t;){if(t===e)return!0;t=t[vs]()}return!1}[vs](){return this[Uo]}[Cs](){return this[vs]()}[Ss](e=null){return e?this[e]:this[Mo]}[cs](){const e=Object.create(null);this[ss]&&(e.$content=this[ss]);for(const t of Object.getOwnPropertyNames(this)){const a=this[t];null!==a&&(a instanceof XFAObject?e[t]=a[cs]():a instanceof XFAObjectArray?a.isEmpty()||(e[t]=a.dump()):e[t]=a)}return e}[ho](){return null}[co](){return HTMLResult.EMPTY}*[ks](){for(const e of this[Ss]())yield e}*[No](e,t){for(const a of this[ks]())if(!e||t===e.has(a[Ws])){const e=this[gs](),t=a[co](e);t.success||(this[ls].failingNode=a);yield t}}[us](){return null}[Zn](e,t){this[ls].children.push(e)}[gs](){}[es]({filter:e=null,include:t=!0}){if(this[ls].generator){const e=this[gs](),t=this[ls].failingNode[co](e);if(!t.success)return t;t.html&&this[Zn](t.html,t.bbox);delete this[ls].failingNode}else this[ls].generator=this[No](e,t);for(;;){const e=this[ls].generator.next();if(e.done)break;const t=e.value;if(!t.success)return t;t.html&&this[Zn](t.html,t.bbox)}this[ls].generator=null;return HTMLResult.EMPTY}[ro](e){this[qo]=new Set(Object.keys(e))}[Po](e){const t=this[Oo],a=this[qo];return[...e].filter((e=>t.has(e)&&!a.has(e)))}[eo](e,t=new Set){for(const a of this[Mo])a[Xo](e,t)}[Xo](e,t){const a=this[Eo](e,t);a?this[Fo](a,e,t):this[eo](e,t)}[Eo](e,t){const{use:a,usehref:r}=this;if(!a&&!r)return null;let i=null,n=null,s=null,o=a;if(r){o=r;r.startsWith("#som(")&&r.endsWith(")")?n=r.slice(5,-1):r.startsWith(".#som(")&&r.endsWith(")")?n=r.slice(6,-1):r.startsWith("#")?s=r.slice(1):r.startsWith(".#")&&(s=r.slice(2))}else a.startsWith("#")?s=a.slice(1):n=a;this.use=this.usehref="";if(s)i=e.get(s);else{i=searchNode(e.get(Qs),this,n,!0,!1);i&&(i=i[0])}if(!i){warn(`XFA - Invalid prototype reference: ${o}.`);return null}if(i[Ws]!==this[Ws]){warn(`XFA - Incompatible prototype: ${i[Ws]} !== ${this[Ws]}.`);return null}if(t.has(i)){warn("XFA - Cycle detected in prototypes use.");return null}t.add(i);const c=i[Eo](e,t);c&&i[Fo](c,e,t);i[eo](e,t);t.delete(i);return i}[Fo](e,t,a){if(a.has(e)){warn("XFA - Cycle detected in prototypes use.");return}!this[ss]&&e[ss]&&(this[ss]=e[ss]);new Set(a).add(e);for(const t of this[Po](e[qo])){this[t]=e[t];this[qo]&&this[qo].add(t)}for(const r of Object.getOwnPropertyNames(this)){if(this[Oo].has(r))continue;const i=this[r],n=e[r];if(i instanceof XFAObjectArray){for(const e of i[Mo])e[Xo](t,a);for(let r=i[Mo].length,s=n[Mo].length;rXFAObject[Do](e))):"object"==typeof e&&null!==e?Object.assign({},e):e}[is](){const e=Object.create(Object.getPrototypeOf(this));for(const t of Object.getOwnPropertySymbols(this))try{e[t]=this[t]}catch{shadow(e,t,this[t])}e[uo]=`${e[Ws]}${Wo++}`;e[Mo]=[];for(const t of Object.getOwnPropertyNames(this)){if(this[Oo].has(t)){e[t]=XFAObject[Do](this[t]);continue}const a=this[t];e[t]=a instanceof XFAObjectArray?new XFAObjectArray(a[jo]):null}for(const t of this[Mo]){const a=t[Ws],r=t[is]();e[Mo].push(r);r[Uo]=e;null===e[a]?e[a]=r:e[a][Mo].push(r)}return e}[Ss](e=null){return e?this[Mo].filter((t=>t[Ws]===e)):this[Mo]}[ps](e){return this[e]}[ms](e,t,a=!0){return Array.from(this[bs](e,t,a))}*[bs](e,t,a=!0){if("parent"!==e){for(const a of this[Mo]){a[Ws]===e&&(yield a);a.name===e&&(yield a);(t||a[Us]())&&(yield*a[bs](e,t,!1))}a&&this[Oo].has(e)&&(yield new XFAAttribute(this,e,this[e]))}else yield this[Uo]}}class XFAObjectArray{constructor(e=1/0){this[jo]=e;this[Mo]=[]}get isXFAObject(){return!1}get isXFAObjectArray(){return!0}push(e){if(this[Mo].length<=this[jo]){this[Mo].push(e);return!0}warn(`XFA - node "${e[Ws]}" accepts no more than ${this[jo]} children`);return!1}isEmpty(){return 0===this[Mo].length}dump(){return 1===this[Mo].length?this[Mo][0][cs]():this[Mo].map((e=>e[cs]()))}[is](){const e=new XFAObjectArray(this[jo]);e[Mo]=this[Mo].map((e=>e[is]()));return e}get children(){return this[Mo]}clear(){this[Mo].length=0}}class XFAAttribute{constructor(e,t,a){this[Uo]=e;this[Ws]=t;this[ss]=a;this[ns]=!1;this[uo]="attribute"+Wo++}[vs](){return this[Uo]}[Ns](){return!0}[ys](){return this[ss].trim()}[io](e){e=e.value||"";this[ss]=e.toString()}[so](){return this[ss]}[Es](e){return this[Uo]===e||this[Uo][Es](e)}}class XmlObject extends XFAObject{constructor(e,t,a={}){super(e,t);this[ss]="";this[Bo]=null;if("#text"!==t){const e=new Map;this[Io]=e;for(const[t,r]of Object.entries(a))e.set(t,new XFAAttribute(this,t,r));if(a.hasOwnProperty(zs)){const e=a[zs].xfa.dataNode;void 0!==e&&("dataGroup"===e?this[Bo]=!1:"dataValue"===e&&(this[Bo]=!0))}}this[ns]=!1}[lo](e){const t=this[Ws];if("#text"===t){e.push(encodeToXmlString(this[ss]));return}const a=utf8StringToString(t),r=this[Hs]===zo?"xfa:":"";e.push(`<${r}${a}`);for(const[t,a]of this[Io].entries()){const r=utf8StringToString(t);e.push(` ${r}="${encodeToXmlString(a[ss])}"`)}null!==this[Bo]&&(this[Bo]?e.push(' xfa:dataNode="dataValue"'):e.push(' xfa:dataNode="dataGroup"'));if(this[ss]||0!==this[Mo].length){e.push(">");if(this[ss])"string"==typeof this[ss]?e.push(encodeToXmlString(this[ss])):this[ss][lo](e);else for(const t of this[Mo])t[lo](e);e.push(``)}else e.push("/>")}[$s](e){if(this[ss]){const e=new XmlObject(this[Hs],"#text");this[Qn](e);e[ss]=this[ss];this[ss]=""}this[Qn](e);return!0}[Vs](e){this[ss]+=e}[hs](){if(this[ss]&&this[Mo].length>0){const e=new XmlObject(this[Hs],"#text");this[Qn](e);e[ss]=this[ss];delete this[ss]}}[co](){return"#text"===this[Ws]?HTMLResult.success({name:"#text",value:this[ss]}):HTMLResult.EMPTY}[Ss](e=null){return e?this[Mo].filter((t=>t[Ws]===e)):this[Mo]}[fs](){return this[Io]}[ps](e){const t=this[Io].get(e);return void 0!==t?t:this[Ss](e)}*[bs](e,t){const a=this[Io].get(e);a&&(yield a);for(const a of this[Mo]){a[Ws]===e&&(yield a);t&&(yield*a[bs](e,t))}}*[ds](e,t){const a=this[Io].get(e);!a||t&&a[ns]||(yield a);for(const a of this[Mo])yield*a[ds](e,t)}*[xs](e,t,a){for(const r of this[Mo]){r[Ws]!==e||a&&r[ns]||(yield r);t&&(yield*r[xs](e,t,a))}}[Ns](){return null===this[Bo]?0===this[Mo].length||this[Mo][0][Hs]===go.xhtml.id:this[Bo]}[ys](){return null===this[Bo]?0===this[Mo].length?this[ss].trim():this[Mo][0][Hs]===go.xhtml.id?this[Mo][0][so]().trim():null:this[ss].trim()}[io](e){e=e.value||"";this[ss]=e.toString()}[cs](e=!1){const t=Object.create(null);e&&(t.$ns=this[Hs]);this[ss]&&(t.$content=this[ss]);t.$name=this[Ws];t.children=[];for(const a of this[Mo])t.children.push(a[cs](e));t.attributes=Object.create(null);for(const[e,a]of this[Io])t.attributes[e]=a[ss];return t}}class ContentObject extends XFAObject{constructor(e,t){super(e,t);this[ss]=""}[Vs](e){this[ss]+=e}[hs](){}}class OptionObject extends ContentObject{constructor(e,t,a){super(e,t);this[_o]=a}[hs](){this[ss]=getKeyword({data:this[ss],defaultValue:this[_o][0],validate:e=>this[_o].includes(e)})}[ts](e){super[ts](e);delete this[_o]}}class StringObject extends ContentObject{[hs](){this[ss]=this[ss].trim()}}class IntegerObject extends ContentObject{constructor(e,t,a,r){super(e,t);this[Ro]=a;this[Ho]=r}[hs](){this[ss]=getInteger({data:this[ss],defaultValue:this[Ro],validate:this[Ho]})}[ts](e){super[ts](e);delete this[Ro];delete this[Ho]}}class Option01 extends IntegerObject{constructor(e,t){super(e,t,0,(e=>1===e))}}class Option10 extends IntegerObject{constructor(e,t){super(e,t,1,(e=>0===e))}}function measureToString(e){return"string"==typeof e?"0px":Number.isInteger(e)?`${e}px`:`${e.toFixed(2)}px`}const $o={anchorType(e,t){const a=e[Cs]();if(a&&(!a.layout||"position"===a.layout)){"transform"in t||(t.transform="");switch(e.anchorType){case"bottomCenter":t.transform+="translate(-50%, -100%)";break;case"bottomLeft":t.transform+="translate(0,-100%)";break;case"bottomRight":t.transform+="translate(-100%,-100%)";break;case"middleCenter":t.transform+="translate(-50%,-50%)";break;case"middleLeft":t.transform+="translate(0,-50%)";break;case"middleRight":t.transform+="translate(-100%,-50%)";break;case"topCenter":t.transform+="translate(-50%,0)";break;case"topRight":t.transform+="translate(-100%,0)"}}},dimensions(e,t){const a=e[Cs]();let r=e.w;const i=e.h;if(a.layout?.includes("row")){const t=a[ls],i=e.colSpan;let n;if(-1===i){n=Math.sumPrecise(t.columnWidths.slice(t.currentColumn));t.currentColumn=0}else{n=Math.sumPrecise(t.columnWidths.slice(t.currentColumn,t.currentColumn+i));t.currentColumn=(t.currentColumn+e.colSpan)%t.columnWidths.length}isNaN(n)||(r=e.w=n)}t.width=""!==r?measureToString(r):"auto";t.height=""!==i?measureToString(i):"auto"},position(e,t){const a=e[Cs]();if(!a?.layout||"position"===a.layout){t.position="absolute";t.left=measureToString(e.x);t.top=measureToString(e.y)}},rotate(e,t){if(e.rotate){"transform"in t||(t.transform="");t.transform+=`rotate(-${e.rotate}deg)`;t.transformOrigin="top left"}},presence(e,t){switch(e.presence){case"invisible":t.visibility="hidden";break;case"hidden":case"inactive":t.display="none"}},hAlign(e,t){if("para"===e[Ws])switch(e.hAlign){case"justifyAll":t.textAlign="justify-all";break;case"radix":t.textAlign="left";break;default:t.textAlign=e.hAlign}else switch(e.hAlign){case"left":t.alignSelf="start";break;case"center":t.alignSelf="center";break;case"right":t.alignSelf="end"}},margin(e,t){e.margin&&(t.margin=e.margin[ho]().margin)}};function setMinMaxDimensions(e,t){if("position"===e[Cs]().layout){e.minW>0&&(t.minWidth=measureToString(e.minW));e.maxW>0&&(t.maxWidth=measureToString(e.maxW));e.minH>0&&(t.minHeight=measureToString(e.minH));e.maxH>0&&(t.maxHeight=measureToString(e.maxH))}}function layoutText(e,t,a,r,i,n){const s=new TextMeasure(t,a,r,i);"string"==typeof e?s.addString(e):e[Ks](s);return s.compute(n)}function layoutNode(e,t){let a=null,r=null,i=!1;if((!e.w||!e.h)&&e.value){let n=0,s=0;if(e.margin){n=e.margin.leftInset+e.margin.rightInset;s=e.margin.topInset+e.margin.bottomInset}let o=null,c=null;if(e.para){c=Object.create(null);o=""===e.para.lineHeight?null:e.para.lineHeight;c.top=""===e.para.spaceAbove?0:e.para.spaceAbove;c.bottom=""===e.para.spaceBelow?0:e.para.spaceBelow;c.left=""===e.para.marginLeft?0:e.para.marginLeft;c.right=""===e.para.marginRight?0:e.para.marginRight}let l=e.font;if(!l){const t=e[Fs]();let a=e[vs]();for(;a&&a!==t;){if(a.font){l=a.font;break}a=a[vs]()}}const h=(e.w||t.width)-n,u=e[Is].fontFinder;if(e.value.exData&&e.value.exData[ss]&&"text/html"===e.value.exData.contentType){const t=layoutText(e.value.exData[ss],l,c,o,u,h);r=t.width;a=t.height;i=t.isBroken}else{const t=e.value[so]();if(t){const e=layoutText(t,l,c,o,u,h);r=e.width;a=e.height;i=e.isBroken}}null===r||e.w||(r+=n);null===a||e.h||(a+=s)}return{w:r,h:a,isBroken:i}}function computeBbox(e,t,a){let r;if(""!==e.w&&""!==e.h)r=[e.x,e.y,e.w,e.h];else{if(!a)return null;let i=e.w;if(""===i){if(0===e.maxW){const t=e[Cs]();i="position"===t.layout&&""!==t.w?0:e.minW}else i=Math.min(e.maxW,a.width);t.attributes.style.width=measureToString(i)}let n=e.h;if(""===n){if(0===e.maxH){const t=e[Cs]();n="position"===t.layout&&""!==t.h?0:e.minH}else n=Math.min(e.maxH,a.height);t.attributes.style.height=measureToString(n)}r=[e.x,e.y,i,n]}return r}function fixDimensions(e){const t=e[Cs]();if(t.layout?.includes("row")){const a=t[ls],r=e.colSpan;let i;i=-1===r?Math.sumPrecise(a.columnWidths.slice(a.currentColumn)):Math.sumPrecise(a.columnWidths.slice(a.currentColumn,a.currentColumn+r));isNaN(i)||(e.w=i)}t.layout&&"position"!==t.layout&&(e.x=e.y=0);"table"===e.layout&&""===e.w&&Array.isArray(e.columnWidths)&&(e.w=Math.sumPrecise(e.columnWidths))}function layoutClass(e){switch(e.layout){case"position":default:return"xfaPosition";case"lr-tb":return"xfaLrTb";case"rl-row":return"xfaRlRow";case"rl-tb":return"xfaRlTb";case"row":return"xfaRow";case"table":return"xfaTable";case"tb":return"xfaTb"}}function toStyle(e,...t){const a=Object.create(null);for(const r of t){const t=e[r];if(null!==t)if($o.hasOwnProperty(r))$o[r](e,a);else if(t instanceof XFAObject){const e=t[ho]();e?Object.assign(a,e):warn(`(DEBUG) - XFA - style for ${r} not implemented yet`)}}return a}function createWrapper(e,t){const{attributes:a}=t,{style:r}=a,i={name:"div",attributes:{class:["xfaWrapper"],style:Object.create(null)},children:[]};a.class.push("xfaWrapped");if(e.border){const{widths:a,insets:n}=e.border[ls];let s,o,c=n[0],l=n[3];const h=n[0]+n[2],u=n[1]+n[3];switch(e.border.hand){case"even":c-=a[0]/2;l-=a[3]/2;s=`calc(100% + ${(a[1]+a[3])/2-u}px)`;o=`calc(100% + ${(a[0]+a[2])/2-h}px)`;break;case"left":c-=a[0];l-=a[3];s=`calc(100% + ${a[1]+a[3]-u}px)`;o=`calc(100% + ${a[0]+a[2]-h}px)`;break;case"right":s=u?`calc(100% - ${u}px)`:"100%";o=h?`calc(100% - ${h}px)`:"100%"}const d=["xfaBorder"];isPrintOnly(e.border)&&d.push("xfaPrintOnly");const f={name:"div",attributes:{class:d,style:{top:`${c}px`,left:`${l}px`,width:s,height:o}},children:[]};for(const e of["border","borderWidth","borderColor","borderRadius","borderStyle"])if(void 0!==r[e]){f.attributes.style[e]=r[e];delete r[e]}i.children.push(f,t)}else i.children.push(t);for(const e of["background","backgroundClip","top","left","width","height","minWidth","minHeight","maxWidth","maxHeight","transform","transformOrigin","visibility"])if(void 0!==r[e]){i.attributes.style[e]=r[e];delete r[e]}i.attributes.style.position="absolute"===r.position?"absolute":"relative";delete r.position;if(r.alignSelf){i.attributes.style.alignSelf=r.alignSelf;delete r.alignSelf}return i}function fixTextIndent(e){const t=getMeasurement(e.textIndent,"0px");if(t>=0)return;const a="padding"+("left"===("right"===e.textAlign?"right":"left")?"Left":"Right"),r=getMeasurement(e[a],"0px");e[a]=r-t+"px"}function setAccess(e,t){switch(e.access){case"nonInteractive":t.push("xfaNonInteractive");break;case"readOnly":t.push("xfaReadOnly");break;case"protected":t.push("xfaDisabled")}}function isPrintOnly(e){return e.relevant.length>0&&!e.relevant[0].excluded&&"print"===e.relevant[0].viewname}function getCurrentPara(e){const t=e[Fs]()[ls].paraStack;return t.length?t.at(-1):null}function setPara(e,t,a){if(a.attributes.class?.includes("xfaRich")){if(t){""===e.h&&(t.height="auto");""===e.w&&(t.width="auto")}const r=getCurrentPara(e);if(r){const e=a.attributes.style;e.display="flex";e.flexDirection="column";switch(r.vAlign){case"top":e.justifyContent="start";break;case"bottom":e.justifyContent="end";break;case"middle":e.justifyContent="center"}const t=r[ho]();for(const[a,r]of Object.entries(t))a in e||(e[a]=r)}}}function setFontFamily(e,t,a,r){if(!a){delete r.fontFamily;return}const i=stripQuotes(e.typeface);r.fontFamily=`"${i}"`;const n=a.find(i);if(n){const{fontFamily:a}=n.regular.cssFontInfo;a!==i&&(r.fontFamily=`"${a}"`);const s=getCurrentPara(t);if(s&&""!==s.lineHeight)return;if(r.lineHeight)return;const o=selectFont(e,n);o&&(r.lineHeight=Math.max(1.2,o.lineHeight))}}function fixURL(e){const t=createValidAbsoluteUrl(e,null,{addDefaultProtocol:!0,tryConvertEncoding:!0});return t?t.href:null}function createLine(e,t){return{name:"div",attributes:{class:["lr-tb"===e.layout?"xfaLr":"xfaRl"]},children:t}}function flushHTML(e){if(!e[ls])return null;const t={name:"div",attributes:e[ls].attributes,children:e[ls].children};if(e[ls].failingNode){const a=e[ls].failingNode[us]();a&&(e.layout.endsWith("-tb")?t.children.push(createLine(e,[a])):t.children.push(a))}return 0===t.children.length?null:t}function addHTML(e,t,a){const r=e[ls],i=r.availableSpace,[n,s,o,c]=a;switch(e.layout){case"position":r.width=Math.max(r.width,n+o);r.height=Math.max(r.height,s+c);r.children.push(t);break;case"lr-tb":case"rl-tb":if(!r.line||1===r.attempt){r.line=createLine(e,[]);r.children.push(r.line);r.numberInLine=0}r.numberInLine+=1;r.line.children.push(t);if(0===r.attempt){r.currentWidth+=o;r.height=Math.max(r.height,r.prevHeight+c)}else{r.currentWidth=o;r.prevHeight=r.height;r.height+=c;r.attempt=0}r.width=Math.max(r.width,r.currentWidth);break;case"rl-row":case"row":{r.children.push(t);r.width+=o;r.height=Math.max(r.height,c);const e=measureToString(r.height);for(const t of r.children)t.attributes.style.height=e;break}case"table":case"tb":r.width=MathClamp(o,r.width,i.width);r.height+=c;r.children.push(t)}}function getAvailableSpace(e){const t=e[ls].availableSpace,a=e.margin?e.margin.topInset+e.margin.bottomInset:0,r=e.margin?e.margin.leftInset+e.margin.rightInset:0;switch(e.layout){case"lr-tb":case"rl-tb":return 0===e[ls].attempt?{width:t.width-r-e[ls].currentWidth,height:t.height-a-e[ls].prevHeight}:{width:t.width-r,height:t.height-a-e[ls].height};case"rl-row":case"row":return{width:Math.sumPrecise(e[ls].columnWidths.slice(e[ls].currentColumn)),height:t.height-r};case"table":case"tb":return{width:t.width-r,height:t.height-a-e[ls].height};default:return t}}function checkDimensions(e,t){if(null===e[Fs]()[ls].firstUnsplittable)return!0;if(0===e.w||0===e.h)return!0;const a=e[Cs](),r=a[ls]?.attempt||0,[,i,n,s]=function getTransformedBBox(e){let t,a,r=""===e.w?NaN:e.w,i=""===e.h?NaN:e.h,[n,s]=[0,0];switch(e.anchorType||""){case"bottomCenter":[n,s]=[r/2,i];break;case"bottomLeft":[n,s]=[0,i];break;case"bottomRight":[n,s]=[r,i];break;case"middleCenter":[n,s]=[r/2,i/2];break;case"middleLeft":[n,s]=[0,i/2];break;case"middleRight":[n,s]=[r,i/2];break;case"topCenter":[n,s]=[r/2,0];break;case"topRight":[n,s]=[r,0]}switch(e.rotate||0){case 0:[t,a]=[-n,-s];break;case 90:[t,a]=[-s,n];[r,i]=[i,-r];break;case 180:[t,a]=[n,s];[r,i]=[-r,-i];break;case 270:[t,a]=[s,-n];[r,i]=[-i,r]}return[e.x+t+Math.min(0,r),e.y+a+Math.min(0,i),Math.abs(r),Math.abs(i)]}(e);switch(a.layout){case"lr-tb":case"rl-tb":return 0===r?e[Fs]()[ls].noLayoutFailure?""!==e.w?Math.round(n-t.width)<=2:t.width>2:!(""!==e.h&&Math.round(s-t.height)>2)&&(""!==e.w?Math.round(n-t.width)<=2||0===a[ls].numberInLine&&t.height>2:t.width>2):!!e[Fs]()[ls].noLayoutFailure||!(""!==e.h&&Math.round(s-t.height)>2)&&((""===e.w||Math.round(n-t.width)<=2||!a[_s]())&&t.height>2);case"table":case"tb":return!!e[Fs]()[ls].noLayoutFailure||(""===e.h||e[js]()?(""===e.w||Math.round(n-t.width)<=2||!a[_s]())&&t.height>2:Math.round(s-t.height)<=2);case"position":if(e[Fs]()[ls].noLayoutFailure)return!0;if(""===e.h||Math.round(s+i-t.height)<=2)return!0;return s+i>e[Fs]()[ls].currentContentArea.h;case"rl-row":case"row":return!!e[Fs]()[ls].noLayoutFailure||(""===e.h||Math.round(s-t.height)<=2);default:return!0}}const Go=go.template.id,Vo="http://www.w3.org/2000/svg",Ko=/^H(\d+)$/,Jo=new Set(["image/gif","image/jpeg","image/jpg","image/pjpeg","image/png","image/apng","image/x-png","image/bmp","image/x-ms-bmp","image/tiff","image/tif","application/octet-stream"]),Yo=[[[66,77],"image/bmp"],[[255,216,255],"image/jpeg"],[[73,73,42,0],"image/tiff"],[[77,77,0,42],"image/tiff"],[[71,73,70,56,57,97],"image/gif"],[[137,80,78,71,13,10,26,10],"image/png"]];function getBorderDims(e){if(!e||!e.border)return{w:0,h:0};const t=e.border[ws]();return t?{w:t.widths[0]+t.widths[2]+t.insets[0]+t.insets[2],h:t.widths[1]+t.widths[3]+t.insets[1]+t.insets[3]}:{w:0,h:0}}function hasMargin(e){return e.margin&&(e.margin.topInset||e.margin.rightInset||e.margin.bottomInset||e.margin.leftInset)}function _setValue(e,t){if(!e.value){const t=new Value({});e[Qn](t);e.value=t}e.value[io](t)}function*getContainedChildren(e){for(const t of e[Ss]())t instanceof SubformSet?yield*t[ks]():yield t}function isRequired(e){return"error"===e.validate?.nullTest}function setTabIndex(e){for(;e;){if(!e.traversal){e[no]=e[vs]()[no];return}if(e[no])return;let t=null;for(const a of e.traversal[Ss]())if("next"===a.operation){t=a;break}if(!t||!t.ref){e[no]=e[vs]()[no];return}const a=e[Fs]();e[no]=++a[no];const r=a[to](t.ref,e);if(!r)return;e=r[0]}}function applyAssist(e,t){const a=e.assist;if(a){const e=a[co]();e&&(t.title=e);const r=a.role.match(Ko);if(r){const e="heading",a=r[1];t.role=e;t["aria-level"]=a}}if("table"===e.layout)t.role="table";else if("row"===e.layout)t.role="row";else{const a=e[vs]();"row"===a.layout&&(t.role="TH"===a.assist?.role?"columnheader":"cell")}}function ariaLabel(e){if(!e.assist)return null;const t=e.assist;return t.speak&&""!==t.speak[ss]?t.speak[ss]:t.toolTip?t.toolTip[ss]:null}function valueToHtml(e){return HTMLResult.success({name:"div",attributes:{class:["xfaRich"],style:Object.create(null)},children:[{name:"span",attributes:{style:Object.create(null)},value:e}]})}function setFirstUnsplittable(e){const t=e[Fs]();if(null===t[ls].firstUnsplittable){t[ls].firstUnsplittable=e;t[ls].noLayoutFailure=!0}}function unsetFirstUnsplittable(e){const t=e[Fs]();t[ls].firstUnsplittable===e&&(t[ls].noLayoutFailure=!1)}function handleBreak(e){if(e[ls])return!1;e[ls]=Object.create(null);if("auto"===e.targetType)return!1;const t=e[Fs]();let a=null;if(e.target){a=t[to](e.target,e[vs]());if(!a)return!1;a=a[0]}const{currentPageArea:r,currentContentArea:i}=t[ls];if("pageArea"===e.targetType){a instanceof PageArea||(a=null);if(e.startNew){e[ls].target=a||r;return!0}if(a&&a!==r){e[ls].target=a;return!0}return!1}a instanceof ContentArea||(a=null);const n=a&&a[vs]();let s,o=n;if(e.startNew)if(a){const e=n.contentArea.children,t=e.indexOf(i),r=e.indexOf(a);-1!==t&&te;r[ls].noLayoutFailure=!0;const s=t[co](a);e[Zn](s.html,s.bbox);r[ls].noLayoutFailure=i;t[Cs]=n}class AppearanceFilter extends StringObject{constructor(e){super(Go,"appearanceFilter");this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||""}}class Arc extends XFAObject{constructor(e){super(Go,"arc",!0);this.circular=getInteger({data:e.circular,defaultValue:0,validate:e=>1===e});this.hand=getStringOption(e.hand,["even","left","right"]);this.id=e.id||"";this.startAngle=getFloat({data:e.startAngle,defaultValue:0,validate:e=>!0});this.sweepAngle=getFloat({data:e.sweepAngle,defaultValue:360,validate:e=>!0});this.use=e.use||"";this.usehref=e.usehref||"";this.edge=null;this.fill=null}[co](){const e=this.edge||new Edge({}),t=e[ho](),a=Object.create(null);"visible"===this.fill?.presence?Object.assign(a,this.fill[ho]()):a.fill="transparent";a.strokeWidth=measureToString("visible"===e.presence?e.thickness:0);a.stroke=t.color;let r;const i={xmlns:Vo,style:{width:"100%",height:"100%",overflow:"visible"}};if(360===this.sweepAngle)r={name:"ellipse",attributes:{xmlns:Vo,cx:"50%",cy:"50%",rx:"50%",ry:"50%",style:a}};else{const e=this.startAngle*Math.PI/180,t=this.sweepAngle*Math.PI/180,n=this.sweepAngle>180?1:0,[s,o,c,l]=[50*(1+Math.cos(e)),50*(1-Math.sin(e)),50*(1+Math.cos(e+t)),50*(1-Math.sin(e+t))];r={name:"path",attributes:{xmlns:Vo,d:`M ${s} ${o} A 50 50 0 ${n} 0 ${c} ${l}`,vectorEffect:"non-scaling-stroke",style:a}};Object.assign(i,{viewBox:"0 0 100 100",preserveAspectRatio:"none"})}const n={name:"svg",children:[r],attributes:i};if(hasMargin(this[vs]()[vs]()))return HTMLResult.success({name:"div",attributes:{style:{display:"inline",width:"100%",height:"100%"}},children:[n]});n.attributes.style.position="absolute";return HTMLResult.success(n)}}class Area extends XFAObject{constructor(e){super(Go,"area",!0);this.colSpan=getInteger({data:e.colSpan,defaultValue:1,validate:e=>e>=1||-1===e});this.id=e.id||"";this.name=e.name||"";this.relevant=getRelevant(e.relevant);this.use=e.use||"";this.usehref=e.usehref||"";this.x=getMeasurement(e.x,"0pt");this.y=getMeasurement(e.y,"0pt");this.desc=null;this.extras=null;this.area=new XFAObjectArray;this.draw=new XFAObjectArray;this.exObject=new XFAObjectArray;this.exclGroup=new XFAObjectArray;this.field=new XFAObjectArray;this.subform=new XFAObjectArray;this.subformSet=new XFAObjectArray}*[ks](){yield*getContainedChildren(this)}[Us](){return!0}[Rs](){return!0}[Zn](e,t){const[a,r,i,n]=t;this[ls].width=Math.max(this[ls].width,a+i);this[ls].height=Math.max(this[ls].height,r+n);this[ls].children.push(e)}[gs](){return this[ls].availableSpace}[co](e){const t=toStyle(this,"position"),a={style:t,id:this[uo],class:["xfaArea"]};isPrintOnly(this)&&a.class.push("xfaPrintOnly");this.name&&(a.xfaName=this.name);const r=[];this[ls]={children:r,width:0,height:0,availableSpace:e};const i=this[es]({filter:new Set(["area","draw","field","exclGroup","subform","subformSet"]),include:!0});if(!i.success){if(i.isBreak())return i;delete this[ls];return HTMLResult.FAILURE}t.width=measureToString(this[ls].width);t.height=measureToString(this[ls].height);const n={name:"div",attributes:a,children:r},s=[this.x,this.y,this[ls].width,this[ls].height];delete this[ls];return HTMLResult.success(n,s)}}class Assist extends XFAObject{constructor(e){super(Go,"assist",!0);this.id=e.id||"";this.role=e.role||"";this.use=e.use||"";this.usehref=e.usehref||"";this.speak=null;this.toolTip=null}[co](){return this.toolTip?.[ss]||null}}class Barcode extends XFAObject{constructor(e){super(Go,"barcode",!0);this.charEncoding=getKeyword({data:e.charEncoding?e.charEncoding.toLowerCase():"",defaultValue:"",validate:e=>["utf-8","big-five","fontspecific","gbk","gb-18030","gb-2312","ksc-5601","none","shift-jis","ucs-2","utf-16"].includes(e)||e.match(/iso-8859-\d{2}/)});this.checksum=getStringOption(e.checksum,["none","1mod10","1mod10_1mod11","2mod10","auto"]);this.dataColumnCount=getInteger({data:e.dataColumnCount,defaultValue:-1,validate:e=>e>=0});this.dataLength=getInteger({data:e.dataLength,defaultValue:-1,validate:e=>e>=0});this.dataPrep=getStringOption(e.dataPrep,["none","flateCompress"]);this.dataRowCount=getInteger({data:e.dataRowCount,defaultValue:-1,validate:e=>e>=0});this.endChar=e.endChar||"";this.errorCorrectionLevel=getInteger({data:e.errorCorrectionLevel,defaultValue:-1,validate:e=>e>=0&&e<=8});this.id=e.id||"";this.moduleHeight=getMeasurement(e.moduleHeight,"5mm");this.moduleWidth=getMeasurement(e.moduleWidth,"0.25mm");this.printCheckDigit=getInteger({data:e.printCheckDigit,defaultValue:0,validate:e=>1===e});this.rowColumnRatio=getRatio(e.rowColumnRatio);this.startChar=e.startChar||"";this.textLocation=getStringOption(e.textLocation,["below","above","aboveEmbedded","belowEmbedded","none"]);this.truncate=getInteger({data:e.truncate,defaultValue:0,validate:e=>1===e});this.type=getStringOption(e.type?e.type.toLowerCase():"",["aztec","codabar","code2of5industrial","code2of5interleaved","code2of5matrix","code2of5standard","code3of9","code3of9extended","code11","code49","code93","code128","code128a","code128b","code128c","code128sscc","datamatrix","ean8","ean8add2","ean8add5","ean13","ean13add2","ean13add5","ean13pwcd","fim","logmars","maxicode","msi","pdf417","pdf417macro","plessey","postauscust2","postauscust3","postausreplypaid","postausstandard","postukrm4scc","postusdpbc","postusimb","postusstandard","postus5zip","qrcode","rfid","rss14","rss14expanded","rss14limited","rss14stacked","rss14stackedomni","rss14truncated","telepen","ucc128","ucc128random","ucc128sscc","upca","upcaadd2","upcaadd5","upcapwcd","upce","upceadd2","upceadd5","upcean2","upcean5","upsmaxicode"]);this.upsMode=getStringOption(e.upsMode,["usCarrier","internationalCarrier","secureSymbol","standardSymbol"]);this.use=e.use||"";this.usehref=e.usehref||"";this.wideNarrowRatio=getRatio(e.wideNarrowRatio);this.encrypt=null;this.extras=null}}class Bind extends XFAObject{constructor(e){super(Go,"bind",!0);this.match=getStringOption(e.match,["once","dataRef","global","none"]);this.ref=e.ref||"";this.picture=null}}class BindItems extends XFAObject{constructor(e){super(Go,"bindItems");this.connection=e.connection||"";this.labelRef=e.labelRef||"";this.ref=e.ref||"";this.valueRef=e.valueRef||""}}class Bookend extends XFAObject{constructor(e){super(Go,"bookend");this.id=e.id||"";this.leader=e.leader||"";this.trailer=e.trailer||"";this.use=e.use||"";this.usehref=e.usehref||""}}class BooleanElement extends Option01{constructor(e){super(Go,"boolean");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[co](e){return valueToHtml(1===this[ss]?"1":"0")}}class Border extends XFAObject{constructor(e){super(Go,"border",!0);this.break=getStringOption(e.break,["close","open"]);this.hand=getStringOption(e.hand,["even","left","right"]);this.id=e.id||"";this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.relevant=getRelevant(e.relevant);this.use=e.use||"";this.usehref=e.usehref||"";this.corner=new XFAObjectArray(4);this.edge=new XFAObjectArray(4);this.extras=null;this.fill=null;this.margin=null}[ws](){if(!this[ls]){const e=this.edge.children.slice();if(e.length<4){const t=e.at(-1)||new Edge({});for(let a=e.length;a<4;a++)e.push(t)}const t=e.map((e=>e.thickness)),a=[0,0,0,0];if(this.margin){a[0]=this.margin.topInset;a[1]=this.margin.rightInset;a[2]=this.margin.bottomInset;a[3]=this.margin.leftInset}this[ls]={widths:t,insets:a,edges:e}}return this[ls]}[ho](){const{edges:e}=this[ws](),t=e.map((e=>{const t=e[ho]();t.color||="#000000";return t})),a=Object.create(null);this.margin&&Object.assign(a,this.margin[ho]());"visible"===this.fill?.presence&&Object.assign(a,this.fill[ho]());if(this.corner.children.some((e=>0!==e.radius))){const e=this.corner.children.map((e=>e[ho]()));if(2===e.length||3===e.length){const t=e.at(-1);for(let a=e.length;a<4;a++)e.push(t)}a.borderRadius=e.map((e=>e.radius)).join(" ")}switch(this.presence){case"invisible":case"hidden":a.borderStyle="";break;case"inactive":a.borderStyle="none";break;default:a.borderStyle=t.map((e=>e.style)).join(" ")}a.borderWidth=t.map((e=>e.width)).join(" ");a.borderColor=t.map((e=>e.color)).join(" ");return a}}class Break extends XFAObject{constructor(e){super(Go,"break",!0);this.after=getStringOption(e.after,["auto","contentArea","pageArea","pageEven","pageOdd"]);this.afterTarget=e.afterTarget||"";this.before=getStringOption(e.before,["auto","contentArea","pageArea","pageEven","pageOdd"]);this.beforeTarget=e.beforeTarget||"";this.bookendLeader=e.bookendLeader||"";this.bookendTrailer=e.bookendTrailer||"";this.id=e.id||"";this.overflowLeader=e.overflowLeader||"";this.overflowTarget=e.overflowTarget||"";this.overflowTrailer=e.overflowTrailer||"";this.startNew=getInteger({data:e.startNew,defaultValue:0,validate:e=>1===e});this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null}}class BreakAfter extends XFAObject{constructor(e){super(Go,"breakAfter",!0);this.id=e.id||"";this.leader=e.leader||"";this.startNew=getInteger({data:e.startNew,defaultValue:0,validate:e=>1===e});this.target=e.target||"";this.targetType=getStringOption(e.targetType,["auto","contentArea","pageArea"]);this.trailer=e.trailer||"";this.use=e.use||"";this.usehref=e.usehref||"";this.script=null}}class BreakBefore extends XFAObject{constructor(e){super(Go,"breakBefore",!0);this.id=e.id||"";this.leader=e.leader||"";this.startNew=getInteger({data:e.startNew,defaultValue:0,validate:e=>1===e});this.target=e.target||"";this.targetType=getStringOption(e.targetType,["auto","contentArea","pageArea"]);this.trailer=e.trailer||"";this.use=e.use||"";this.usehref=e.usehref||"";this.script=null}[co](e){this[ls]={};return HTMLResult.FAILURE}}class Button extends XFAObject{constructor(e){super(Go,"button",!0);this.highlight=getStringOption(e.highlight,["inverted","none","outline","push"]);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null}[co](e){const t=this[vs]()[vs](),a={name:"button",attributes:{id:this[uo],class:["xfaButton"],style:{}},children:[]};for(const e of t.event.children){if("click"!==e.activity||!e.script)continue;const t=recoverJsURL(e.script[ss]);if(!t)continue;const r=fixURL(t.url);r&&a.children.push({name:"a",attributes:{id:"link"+this[uo],href:r,newWindow:t.newWindow,class:["xfaLink"],style:{}},children:[]})}return HTMLResult.success(a)}}class Calculate extends XFAObject{constructor(e){super(Go,"calculate",!0);this.id=e.id||"";this.override=getStringOption(e.override,["disabled","error","ignore","warning"]);this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.message=null;this.script=null}}class Caption extends XFAObject{constructor(e){super(Go,"caption",!0);this.id=e.id||"";this.placement=getStringOption(e.placement,["left","bottom","inline","right","top"]);this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.reserve=Math.ceil(getMeasurement(e.reserve));this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.font=null;this.margin=null;this.para=null;this.value=null}[io](e){_setValue(this,e)}[ws](e){if(!this[ls]){let{width:t,height:a}=e;switch(this.placement){case"left":case"right":case"inline":t=this.reserve<=0?t:this.reserve;break;case"top":case"bottom":a=this.reserve<=0?a:this.reserve}this[ls]=layoutNode(this,{width:t,height:a})}return this[ls]}[co](e){if(!this.value)return HTMLResult.EMPTY;this[Ys]();const t=this.value[co](e).html;if(!t){this[Js]();return HTMLResult.EMPTY}const a=this.reserve;if(this.reserve<=0){const{w:t,h:a}=this[ws](e);switch(this.placement){case"left":case"right":case"inline":this.reserve=t;break;case"top":case"bottom":this.reserve=a}}const r=[];"string"==typeof t?r.push({name:"#text",value:t}):r.push(t);const i=toStyle(this,"font","margin","visibility");switch(this.placement){case"left":case"right":this.reserve>0&&(i.width=measureToString(this.reserve));break;case"top":case"bottom":this.reserve>0&&(i.height=measureToString(this.reserve))}setPara(this,null,t);this[Js]();this.reserve=a;return HTMLResult.success({name:"div",attributes:{style:i,class:["xfaCaption"]},children:r})}}class Certificate extends StringObject{constructor(e){super(Go,"certificate");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Certificates extends XFAObject{constructor(e){super(Go,"certificates",!0);this.credentialServerPolicy=getStringOption(e.credentialServerPolicy,["optional","required"]);this.id=e.id||"";this.url=e.url||"";this.urlPolicy=e.urlPolicy||"";this.use=e.use||"";this.usehref=e.usehref||"";this.encryption=null;this.issuers=null;this.keyUsage=null;this.oids=null;this.signing=null;this.subjectDNs=null}}class CheckButton extends XFAObject{constructor(e){super(Go,"checkButton",!0);this.id=e.id||"";this.mark=getStringOption(e.mark,["default","check","circle","cross","diamond","square","star"]);this.shape=getStringOption(e.shape,["square","round"]);this.size=getMeasurement(e.size,"10pt");this.use=e.use||"";this.usehref=e.usehref||"";this.border=null;this.extras=null;this.margin=null}[co](e){const t=toStyle(this,"margin"),a=measureToString(this.size);t.width=t.height=a;let r,i,n;const s=this[vs]()[vs](),o=s.items.children.length&&s.items.children[0][co]().html||[],c={on:(void 0!==o[0]?o[0]:"on").toString(),off:(void 0!==o[1]?o[1]:"off").toString()},l=(s.value?.[so]()||"off")===c.on||void 0,h=s[Cs](),u=s[uo];let d;if(h instanceof ExclGroup){n=h[uo];r="radio";i="xfaRadio";d=h[os]?.[uo]||h[uo]}else{r="checkbox";i="xfaCheckbox";d=s[os]?.[uo]||s[uo]}const f={name:"input",attributes:{class:[i],style:t,fieldId:u,dataId:d,type:r,checked:l,xfaOn:c.on,xfaOff:c.off,"aria-label":ariaLabel(s),"aria-required":!1}};n&&(f.attributes.name=n);if(isRequired(s)){f.attributes["aria-required"]=!0;f.attributes.required=!0}return HTMLResult.success({name:"label",attributes:{class:["xfaLabel"]},children:[f]})}}class ChoiceList extends XFAObject{constructor(e){super(Go,"choiceList",!0);this.commitOn=getStringOption(e.commitOn,["select","exit"]);this.id=e.id||"";this.open=getStringOption(e.open,["userControl","always","multiSelect","onEntry"]);this.textEntry=getInteger({data:e.textEntry,defaultValue:0,validate:e=>1===e});this.use=e.use||"";this.usehref=e.usehref||"";this.border=null;this.extras=null;this.margin=null}[co](e){const t=toStyle(this,"border","margin"),a=this[vs]()[vs](),r={fontSize:`calc(${a.font?.size||10}px * var(--total-scale-factor))`},i=[];if(a.items.children.length>0){const e=a.items;let t=0,n=0;if(2===e.children.length){t=e.children[0].save;n=1-t}const s=e.children[t][co]().html,o=e.children[n][co]().html;let c=!1;const l=a.value?.[so]()||"";for(let e=0,t=s.length;eMathClamp(parseInt(e.trim(),10),0,255))).map((e=>isNaN(e)?0:e));if(n.length<3)return{r:a,g:r,b:i};[a,r,i]=n;return{r:a,g:r,b:i}}(e.value):"";this.extras=null}[Ts](){return!1}[ho](){return this.value?Util.makeHexColor(this.value.r,this.value.g,this.value.b):null}}class Comb extends XFAObject{constructor(e){super(Go,"comb");this.id=e.id||"";this.numberOfCells=getInteger({data:e.numberOfCells,defaultValue:0,validate:e=>e>=0});this.use=e.use||"";this.usehref=e.usehref||""}}class Connect extends XFAObject{constructor(e){super(Go,"connect",!0);this.connection=e.connection||"";this.id=e.id||"";this.ref=e.ref||"";this.usage=getStringOption(e.usage,["exportAndImport","exportOnly","importOnly"]);this.use=e.use||"";this.usehref=e.usehref||"";this.picture=null}}class ContentArea extends XFAObject{constructor(e){super(Go,"contentArea",!0);this.h=getMeasurement(e.h);this.id=e.id||"";this.name=e.name||"";this.relevant=getRelevant(e.relevant);this.use=e.use||"";this.usehref=e.usehref||"";this.w=getMeasurement(e.w);this.x=getMeasurement(e.x,"0pt");this.y=getMeasurement(e.y,"0pt");this.desc=null;this.extras=null}[co](e){const t={left:measureToString(this.x),top:measureToString(this.y),width:measureToString(this.w),height:measureToString(this.h)},a=["xfaContentarea"];isPrintOnly(this)&&a.push("xfaPrintOnly");return HTMLResult.success({name:"div",children:[],attributes:{style:t,class:a,id:this[uo]}})}}class Corner extends XFAObject{constructor(e){super(Go,"corner",!0);this.id=e.id||"";this.inverted=getInteger({data:e.inverted,defaultValue:0,validate:e=>1===e});this.join=getStringOption(e.join,["square","round"]);this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.radius=getMeasurement(e.radius);this.stroke=getStringOption(e.stroke,["solid","dashDot","dashDotDot","dashed","dotted","embossed","etched","lowered","raised"]);this.thickness=getMeasurement(e.thickness,"0.5pt");this.use=e.use||"";this.usehref=e.usehref||"";this.color=null;this.extras=null}[ho](){const e=toStyle(this,"visibility");e.radius=measureToString("square"===this.join?0:this.radius);return e}}class DateElement extends ContentObject{constructor(e){super(Go,"date");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[hs](){const e=this[ss].trim();this[ss]=e?new Date(e):null}[co](e){return valueToHtml(this[ss]?this[ss].toString():"")}}class DateTime extends ContentObject{constructor(e){super(Go,"dateTime");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[hs](){const e=this[ss].trim();this[ss]=e?new Date(e):null}[co](e){return valueToHtml(this[ss]?this[ss].toString():"")}}class DateTimeEdit extends XFAObject{constructor(e){super(Go,"dateTimeEdit",!0);this.hScrollPolicy=getStringOption(e.hScrollPolicy,["auto","off","on"]);this.id=e.id||"";this.picker=getStringOption(e.picker,["host","none"]);this.use=e.use||"";this.usehref=e.usehref||"";this.border=null;this.comb=null;this.extras=null;this.margin=null}[co](e){const t=toStyle(this,"border","font","margin"),a=this[vs]()[vs](),r={name:"input",attributes:{type:"text",fieldId:a[uo],dataId:a[os]?.[uo]||a[uo],class:["xfaTextfield"],style:t,"aria-label":ariaLabel(a),"aria-required":!1}};if(isRequired(a)){r.attributes["aria-required"]=!0;r.attributes.required=!0}return HTMLResult.success({name:"label",attributes:{class:["xfaLabel"]},children:[r]})}}class Decimal extends ContentObject{constructor(e){super(Go,"decimal");this.fracDigits=getInteger({data:e.fracDigits,defaultValue:2,validate:e=>!0});this.id=e.id||"";this.leadDigits=getInteger({data:e.leadDigits,defaultValue:-1,validate:e=>!0});this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[hs](){const e=parseFloat(this[ss].trim());this[ss]=isNaN(e)?null:e}[co](e){return valueToHtml(null!==this[ss]?this[ss].toString():"")}}class DefaultUi extends XFAObject{constructor(e){super(Go,"defaultUi",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null}}class Desc extends XFAObject{constructor(e){super(Go,"desc",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.boolean=new XFAObjectArray;this.date=new XFAObjectArray;this.dateTime=new XFAObjectArray;this.decimal=new XFAObjectArray;this.exData=new XFAObjectArray;this.float=new XFAObjectArray;this.image=new XFAObjectArray;this.integer=new XFAObjectArray;this.text=new XFAObjectArray;this.time=new XFAObjectArray}}class DigestMethod extends OptionObject{constructor(e){super(Go,"digestMethod",["","SHA1","SHA256","SHA512","RIPEMD160"]);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||""}}class DigestMethods extends XFAObject{constructor(e){super(Go,"digestMethods",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.digestMethod=new XFAObjectArray}}class Draw extends XFAObject{constructor(e){super(Go,"draw",!0);this.anchorType=getStringOption(e.anchorType,["topLeft","bottomCenter","bottomLeft","bottomRight","middleCenter","middleLeft","middleRight","topCenter","topRight"]);this.colSpan=getInteger({data:e.colSpan,defaultValue:1,validate:e=>e>=1||-1===e});this.h=e.h?getMeasurement(e.h):"";this.hAlign=getStringOption(e.hAlign,["left","center","justify","justifyAll","radix","right"]);this.id=e.id||"";this.locale=e.locale||"";this.maxH=getMeasurement(e.maxH,"0pt");this.maxW=getMeasurement(e.maxW,"0pt");this.minH=getMeasurement(e.minH,"0pt");this.minW=getMeasurement(e.minW,"0pt");this.name=e.name||"";this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.relevant=getRelevant(e.relevant);this.rotate=getInteger({data:e.rotate,defaultValue:0,validate:e=>e%90==0});this.use=e.use||"";this.usehref=e.usehref||"";this.w=e.w?getMeasurement(e.w):"";this.x=getMeasurement(e.x,"0pt");this.y=getMeasurement(e.y,"0pt");this.assist=null;this.border=null;this.caption=null;this.desc=null;this.extras=null;this.font=null;this.keep=null;this.margin=null;this.para=null;this.traversal=null;this.ui=null;this.value=null;this.setProperty=new XFAObjectArray}[io](e){_setValue(this,e)}[co](e){setTabIndex(this);if("hidden"===this.presence||"inactive"===this.presence)return HTMLResult.EMPTY;fixDimensions(this);this[Ys]();const t=this.w,a=this.h,{w:r,h:i,isBroken:n}=layoutNode(this,e);if(r&&""===this.w){if(n&&this[Cs]()[_s]()){this[Js]();return HTMLResult.FAILURE}this.w=r}i&&""===this.h&&(this.h=i);setFirstUnsplittable(this);if(!checkDimensions(this,e)){this.w=t;this.h=a;this[Js]();return HTMLResult.FAILURE}unsetFirstUnsplittable(this);const s=toStyle(this,"font","hAlign","dimensions","position","presence","rotate","anchorType","border","margin");setMinMaxDimensions(this,s);if(s.margin){s.padding=s.margin;delete s.margin}const o=["xfaDraw"];this.font&&o.push("xfaFont");isPrintOnly(this)&&o.push("xfaPrintOnly");const c={style:s,id:this[uo],class:o};this.name&&(c.xfaName=this.name);const l={name:"div",attributes:c,children:[]};applyAssist(this,c);const h=computeBbox(this,l,e),u=this.value?this.value[co](e).html:null;if(null===u){this.w=t;this.h=a;this[Js]();return HTMLResult.success(createWrapper(this,l),h)}l.children.push(u);setPara(this,s,u);this.w=t;this.h=a;this[Js]();return HTMLResult.success(createWrapper(this,l),h)}}class Edge extends XFAObject{constructor(e){super(Go,"edge",!0);this.cap=getStringOption(e.cap,["square","butt","round"]);this.id=e.id||"";this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.stroke=getStringOption(e.stroke,["solid","dashDot","dashDotDot","dashed","dotted","embossed","etched","lowered","raised"]);this.thickness=getMeasurement(e.thickness,"0.5pt");this.use=e.use||"";this.usehref=e.usehref||"";this.color=null;this.extras=null}[ho](){const e=toStyle(this,"visibility");Object.assign(e,{linecap:this.cap,width:measureToString(this.thickness),color:this.color?this.color[ho]():"#000000",style:""});if("visible"!==this.presence)e.style="none";else switch(this.stroke){case"solid":e.style="solid";break;case"dashDot":case"dashDotDot":case"dashed":e.style="dashed";break;case"dotted":e.style="dotted";break;case"embossed":e.style="ridge";break;case"etched":e.style="groove";break;case"lowered":e.style="inset";break;case"raised":e.style="outset"}return e}}class Encoding extends OptionObject{constructor(e){super(Go,"encoding",["adbe.x509.rsa_sha1","adbe.pkcs7.detached","adbe.pkcs7.sha1"]);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Encodings extends XFAObject{constructor(e){super(Go,"encodings",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.encoding=new XFAObjectArray}}class Encrypt extends XFAObject{constructor(e){super(Go,"encrypt",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.certificate=null}}class EncryptData extends XFAObject{constructor(e){super(Go,"encryptData",!0);this.id=e.id||"";this.operation=getStringOption(e.operation,["encrypt","decrypt"]);this.target=e.target||"";this.use=e.use||"";this.usehref=e.usehref||"";this.filter=null;this.manifest=null}}class Encryption extends XFAObject{constructor(e){super(Go,"encryption",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.certificate=new XFAObjectArray}}class EncryptionMethod extends OptionObject{constructor(e){super(Go,"encryptionMethod",["","AES256-CBC","TRIPLEDES-CBC","AES128-CBC","AES192-CBC"]);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||""}}class EncryptionMethods extends XFAObject{constructor(e){super(Go,"encryptionMethods",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.encryptionMethod=new XFAObjectArray}}class Event extends XFAObject{constructor(e){super(Go,"event",!0);this.activity=getStringOption(e.activity,["click","change","docClose","docReady","enter","exit","full","indexChange","initialize","mouseDown","mouseEnter","mouseExit","mouseUp","postExecute","postOpen","postPrint","postSave","postSign","postSubmit","preExecute","preOpen","prePrint","preSave","preSign","preSubmit","ready","validationState"]);this.id=e.id||"";this.listen=getStringOption(e.listen,["refOnly","refAndDescendents"]);this.name=e.name||"";this.ref=e.ref||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.encryptData=null;this.execute=null;this.script=null;this.signData=null;this.submit=null}}class ExData extends ContentObject{constructor(e){super(Go,"exData");this.contentType=e.contentType||"";this.href=e.href||"";this.id=e.id||"";this.maxLength=getInteger({data:e.maxLength,defaultValue:-1,validate:e=>e>=-1});this.name=e.name||"";this.rid=e.rid||"";this.transferEncoding=getStringOption(e.transferEncoding,["none","base64","package"]);this.use=e.use||"";this.usehref=e.usehref||""}[Bs](){return"text/html"===this.contentType}[$s](e){if("text/html"===this.contentType&&e[Hs]===go.xhtml.id){this[ss]=e;return!0}if("text/xml"===this.contentType){this[ss]=e;return!0}return!1}[co](e){return"text/html"===this.contentType&&this[ss]?this[ss][co](e):HTMLResult.EMPTY}}class ExObject extends XFAObject{constructor(e){super(Go,"exObject",!0);this.archive=e.archive||"";this.classId=e.classId||"";this.codeBase=e.codeBase||"";this.codeType=e.codeType||"";this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.boolean=new XFAObjectArray;this.date=new XFAObjectArray;this.dateTime=new XFAObjectArray;this.decimal=new XFAObjectArray;this.exData=new XFAObjectArray;this.exObject=new XFAObjectArray;this.float=new XFAObjectArray;this.image=new XFAObjectArray;this.integer=new XFAObjectArray;this.text=new XFAObjectArray;this.time=new XFAObjectArray}}class ExclGroup extends XFAObject{constructor(e){super(Go,"exclGroup",!0);this.access=getStringOption(e.access,["open","nonInteractive","protected","readOnly"]);this.accessKey=e.accessKey||"";this.anchorType=getStringOption(e.anchorType,["topLeft","bottomCenter","bottomLeft","bottomRight","middleCenter","middleLeft","middleRight","topCenter","topRight"]);this.colSpan=getInteger({data:e.colSpan,defaultValue:1,validate:e=>e>=1||-1===e});this.h=e.h?getMeasurement(e.h):"";this.hAlign=getStringOption(e.hAlign,["left","center","justify","justifyAll","radix","right"]);this.id=e.id||"";this.layout=getStringOption(e.layout,["position","lr-tb","rl-row","rl-tb","row","table","tb"]);this.maxH=getMeasurement(e.maxH,"0pt");this.maxW=getMeasurement(e.maxW,"0pt");this.minH=getMeasurement(e.minH,"0pt");this.minW=getMeasurement(e.minW,"0pt");this.name=e.name||"";this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.relevant=getRelevant(e.relevant);this.use=e.use||"";this.usehref=e.usehref||"";this.w=e.w?getMeasurement(e.w):"";this.x=getMeasurement(e.x,"0pt");this.y=getMeasurement(e.y,"0pt");this.assist=null;this.bind=null;this.border=null;this.calculate=null;this.caption=null;this.desc=null;this.extras=null;this.margin=null;this.para=null;this.traversal=null;this.validate=null;this.connect=new XFAObjectArray;this.event=new XFAObjectArray;this.field=new XFAObjectArray;this.setProperty=new XFAObjectArray}[Rs](){return!0}[Ts](){return!0}[io](e){for(const t of this.field.children){if(!t.value){const e=new Value({});t[Qn](e);t.value=e}t.value[io](e)}}[_s](){return this.layout.endsWith("-tb")&&0===this[ls].attempt&&this[ls].numberInLine>0||this[vs]()[_s]()}[js](){const e=this[Cs]();if(!e[js]())return!1;if(void 0!==this[ls]._isSplittable)return this[ls]._isSplittable;if("position"===this.layout||this.layout.includes("row")){this[ls]._isSplittable=!1;return!1}if(e.layout?.endsWith("-tb")&&0!==e[ls].numberInLine)return!1;this[ls]._isSplittable=!0;return!0}[us](){return flushHTML(this)}[Zn](e,t){addHTML(this,e,t)}[gs](){return getAvailableSpace(this)}[co](e){setTabIndex(this);if("hidden"===this.presence||"inactive"===this.presence||0===this.h||0===this.w)return HTMLResult.EMPTY;fixDimensions(this);const t=[],a={id:this[uo],class:[]};setAccess(this,a.class);this[ls]||=Object.create(null);Object.assign(this[ls],{children:t,attributes:a,attempt:0,line:null,numberInLine:0,availableSpace:{width:Math.min(this.w||1/0,e.width),height:Math.min(this.h||1/0,e.height)},width:0,height:0,prevHeight:0,currentWidth:0});const r=this[js]();r||setFirstUnsplittable(this);if(!checkDimensions(this,e))return HTMLResult.FAILURE;const i=new Set(["field"]);if(this.layout.includes("row")){const e=this[Cs]().columnWidths;if(Array.isArray(e)&&e.length>0){this[ls].columnWidths=e;this[ls].currentColumn=0}}const n=toStyle(this,"anchorType","dimensions","position","presence","border","margin","hAlign"),s=["xfaExclgroup"],o=layoutClass(this);o&&s.push(o);isPrintOnly(this)&&s.push("xfaPrintOnly");a.style=n;a.class=s;this.name&&(a.xfaName=this.name);this[Ys]();const c="lr-tb"===this.layout||"rl-tb"===this.layout,l=c?2:1;for(;this[ls].attempte>=1||-1===e});this.h=e.h?getMeasurement(e.h):"";this.hAlign=getStringOption(e.hAlign,["left","center","justify","justifyAll","radix","right"]);this.id=e.id||"";this.locale=e.locale||"";this.maxH=getMeasurement(e.maxH,"0pt");this.maxW=getMeasurement(e.maxW,"0pt");this.minH=getMeasurement(e.minH,"0pt");this.minW=getMeasurement(e.minW,"0pt");this.name=e.name||"";this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.relevant=getRelevant(e.relevant);this.rotate=getInteger({data:e.rotate,defaultValue:0,validate:e=>e%90==0});this.use=e.use||"";this.usehref=e.usehref||"";this.w=e.w?getMeasurement(e.w):"";this.x=getMeasurement(e.x,"0pt");this.y=getMeasurement(e.y,"0pt");this.assist=null;this.bind=null;this.border=null;this.calculate=null;this.caption=null;this.desc=null;this.extras=null;this.font=null;this.format=null;this.items=new XFAObjectArray(2);this.keep=null;this.margin=null;this.para=null;this.traversal=null;this.ui=null;this.validate=null;this.value=null;this.bindItems=new XFAObjectArray;this.connect=new XFAObjectArray;this.event=new XFAObjectArray;this.setProperty=new XFAObjectArray}[Rs](){return!0}[io](e){_setValue(this,e)}[co](e){setTabIndex(this);if(!this.ui){this.ui=new Ui({});this.ui[Is]=this[Is];this[Qn](this.ui);let e;switch(this.items.children.length){case 0:e=new TextEdit({});this.ui.textEdit=e;break;case 1:e=new CheckButton({});this.ui.checkButton=e;break;case 2:e=new ChoiceList({});this.ui.choiceList=e}this.ui[Qn](e)}if(!this.ui||"hidden"===this.presence||"inactive"===this.presence||0===this.h||0===this.w)return HTMLResult.EMPTY;this.caption&&delete this.caption[ls];this[Ys]();const t=this.caption?this.caption[co](e).html:null,a=this.w,r=this.h;let i=0,n=0;if(this.margin){i=this.margin.leftInset+this.margin.rightInset;n=this.margin.topInset+this.margin.bottomInset}let s=null;if(""===this.w||""===this.h){let t=null,a=null,r=0,o=0;if(this.ui.checkButton)r=o=this.ui.checkButton.size;else{const{w:t,h:a}=layoutNode(this,e);if(null!==t){r=t;o=a}else o=function fonts_getMetrics(e,t=!1){let a=null;if(e){const t=stripQuotes(e.typeface),r=e[Is].fontFinder.find(t);a=selectFont(e,r)}if(!a)return{lineHeight:12,lineGap:2,lineNoGap:10};const r=e.size||10,i=a.lineHeight?Math.max(t?0:1.2,a.lineHeight):1.2,n=void 0===a.lineGap?.2:a.lineGap;return{lineHeight:i*r,lineGap:n*r,lineNoGap:Math.max(1,i-n)*r}}(this.font,!0).lineNoGap}s=getBorderDims(this.ui[ws]());r+=s.w;o+=s.h;if(this.caption){const{w:i,h:n,isBroken:s}=this.caption[ws](e);if(s&&this[Cs]()[_s]()){this[Js]();return HTMLResult.FAILURE}t=i;a=n;switch(this.caption.placement){case"left":case"right":case"inline":t+=r;break;case"top":case"bottom":a+=o}}else{t=r;a=o}if(t&&""===this.w){t+=i;this.w=Math.min(this.maxW<=0?1/0:this.maxW,this.minW+1e>=1&&e<=5});this.appearanceFilter=null;this.certificates=null;this.digestMethods=null;this.encodings=null;this.encryptionMethods=null;this.handler=null;this.lockDocument=null;this.mdp=null;this.reasons=null;this.timeStamp=null}}class Float extends ContentObject{constructor(e){super(Go,"float");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[hs](){const e=parseFloat(this[ss].trim());this[ss]=isNaN(e)?null:e}[co](e){return valueToHtml(null!==this[ss]?this[ss].toString():"")}}class template_Font extends XFAObject{constructor(e){super(Go,"font",!0);this.baselineShift=getMeasurement(e.baselineShift);this.fontHorizontalScale=getFloat({data:e.fontHorizontalScale,defaultValue:100,validate:e=>e>=0});this.fontVerticalScale=getFloat({data:e.fontVerticalScale,defaultValue:100,validate:e=>e>=0});this.id=e.id||"";this.kerningMode=getStringOption(e.kerningMode,["none","pair"]);this.letterSpacing=getMeasurement(e.letterSpacing,"0");this.lineThrough=getInteger({data:e.lineThrough,defaultValue:0,validate:e=>1===e||2===e});this.lineThroughPeriod=getStringOption(e.lineThroughPeriod,["all","word"]);this.overline=getInteger({data:e.overline,defaultValue:0,validate:e=>1===e||2===e});this.overlinePeriod=getStringOption(e.overlinePeriod,["all","word"]);this.posture=getStringOption(e.posture,["normal","italic"]);this.size=getMeasurement(e.size,"10pt");this.typeface=e.typeface||"Courier";this.underline=getInteger({data:e.underline,defaultValue:0,validate:e=>1===e||2===e});this.underlinePeriod=getStringOption(e.underlinePeriod,["all","word"]);this.use=e.use||"";this.usehref=e.usehref||"";this.weight=getStringOption(e.weight,["normal","bold"]);this.extras=null;this.fill=null}[ts](e){super[ts](e);this[Is].usedTypefaces.add(this.typeface)}[ho](){const e=toStyle(this,"fill"),t=e.color;if(t)if("#000000"===t)delete e.color;else if(!t.startsWith("#")){e.background=t;e.backgroundClip="text";e.color="transparent"}this.baselineShift&&(e.verticalAlign=measureToString(this.baselineShift));e.fontKerning="none"===this.kerningMode?"none":"normal";e.letterSpacing=measureToString(this.letterSpacing);if(0!==this.lineThrough){e.textDecoration="line-through";2===this.lineThrough&&(e.textDecorationStyle="double")}if(0!==this.overline){e.textDecoration="overline";2===this.overline&&(e.textDecorationStyle="double")}e.fontStyle=this.posture;e.fontSize=measureToString(.99*this.size);setFontFamily(this,this,this[Is].fontFinder,e);if(0!==this.underline){e.textDecoration="underline";2===this.underline&&(e.textDecorationStyle="double")}e.fontWeight=this.weight;return e}}class Format extends XFAObject{constructor(e){super(Go,"format",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.picture=null}}class Handler extends StringObject{constructor(e){super(Go,"handler");this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||""}}class Hyphenation extends XFAObject{constructor(e){super(Go,"hyphenation");this.excludeAllCaps=getInteger({data:e.excludeAllCaps,defaultValue:0,validate:e=>1===e});this.excludeInitialCap=getInteger({data:e.excludeInitialCap,defaultValue:0,validate:e=>1===e});this.hyphenate=getInteger({data:e.hyphenate,defaultValue:0,validate:e=>1===e});this.id=e.id||"";this.pushCharacterCount=getInteger({data:e.pushCharacterCount,defaultValue:3,validate:e=>e>=0});this.remainCharacterCount=getInteger({data:e.remainCharacterCount,defaultValue:3,validate:e=>e>=0});this.use=e.use||"";this.usehref=e.usehref||"";this.wordCharacterCount=getInteger({data:e.wordCharacterCount,defaultValue:7,validate:e=>e>=0})}}class Image extends StringObject{constructor(e){super(Go,"image");this.aspect=getStringOption(e.aspect,["fit","actual","height","none","width"]);this.contentType=e.contentType||"";this.href=e.href||"";this.id=e.id||"";this.name=e.name||"";this.transferEncoding=getStringOption(e.transferEncoding,["base64","none","package"]);this.use=e.use||"";this.usehref=e.usehref||""}[co](){if(this.contentType&&!Jo.has(this.contentType.toLowerCase()))return HTMLResult.EMPTY;let e=this[Is].images?.get(this.href);if(!e&&(this.href||!this[ss]))return HTMLResult.EMPTY;e||"base64"!==this.transferEncoding||(e=function fromBase64Util(e){return Uint8Array.fromBase64?Uint8Array.fromBase64(e):stringToBytes(atob(e))}(this[ss]));if(!e)return HTMLResult.EMPTY;if(!this.contentType){for(const[t,a]of Yo)if(e.length>t.length&&t.every(((t,a)=>t===e[a]))){this.contentType=a;break}if(!this.contentType)return HTMLResult.EMPTY}const t=new Blob([e],{type:this.contentType});let a;switch(this.aspect){case"fit":case"actual":break;case"height":a={height:"100%",objectFit:"fill"};break;case"none":a={width:"100%",height:"100%",objectFit:"fill"};break;case"width":a={width:"100%",objectFit:"fill"}}const r=this[vs]();return HTMLResult.success({name:"img",attributes:{class:["xfaImage"],style:a,src:URL.createObjectURL(t),alt:r?ariaLabel(r[vs]()):null}})}}class ImageEdit extends XFAObject{constructor(e){super(Go,"imageEdit",!0);this.data=getStringOption(e.data,["link","embed"]);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.border=null;this.extras=null;this.margin=null}[co](e){return"embed"===this.data?HTMLResult.success({name:"div",children:[],attributes:{}}):HTMLResult.EMPTY}}class Integer extends ContentObject{constructor(e){super(Go,"integer");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[hs](){const e=parseInt(this[ss].trim(),10);this[ss]=isNaN(e)?null:e}[co](e){return valueToHtml(null!==this[ss]?this[ss].toString():"")}}class Issuers extends XFAObject{constructor(e){super(Go,"issuers",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.certificate=new XFAObjectArray}}class Items extends XFAObject{constructor(e){super(Go,"items",!0);this.id=e.id||"";this.name=e.name||"";this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.ref=e.ref||"";this.save=getInteger({data:e.save,defaultValue:0,validate:e=>1===e});this.use=e.use||"";this.usehref=e.usehref||"";this.boolean=new XFAObjectArray;this.date=new XFAObjectArray;this.dateTime=new XFAObjectArray;this.decimal=new XFAObjectArray;this.exData=new XFAObjectArray;this.float=new XFAObjectArray;this.image=new XFAObjectArray;this.integer=new XFAObjectArray;this.text=new XFAObjectArray;this.time=new XFAObjectArray}[co](){const e=[];for(const t of this[Ss]())e.push(t[so]());return HTMLResult.success(e)}}class Keep extends XFAObject{constructor(e){super(Go,"keep",!0);this.id=e.id||"";const t=["none","contentArea","pageArea"];this.intact=getStringOption(e.intact,t);this.next=getStringOption(e.next,t);this.previous=getStringOption(e.previous,t);this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null}}class KeyUsage extends XFAObject{constructor(e){super(Go,"keyUsage");const t=["","yes","no"];this.crlSign=getStringOption(e.crlSign,t);this.dataEncipherment=getStringOption(e.dataEncipherment,t);this.decipherOnly=getStringOption(e.decipherOnly,t);this.digitalSignature=getStringOption(e.digitalSignature,t);this.encipherOnly=getStringOption(e.encipherOnly,t);this.id=e.id||"";this.keyAgreement=getStringOption(e.keyAgreement,t);this.keyCertSign=getStringOption(e.keyCertSign,t);this.keyEncipherment=getStringOption(e.keyEncipherment,t);this.nonRepudiation=getStringOption(e.nonRepudiation,t);this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||""}}class Line extends XFAObject{constructor(e){super(Go,"line",!0);this.hand=getStringOption(e.hand,["even","left","right"]);this.id=e.id||"";this.slope=getStringOption(e.slope,["\\","/"]);this.use=e.use||"";this.usehref=e.usehref||"";this.edge=null}[co](){const e=this[vs]()[vs](),t=this.edge||new Edge({}),a=t[ho](),r=Object.create(null),i="visible"===t.presence?t.thickness:0;r.strokeWidth=measureToString(i);r.stroke=a.color;let n,s,o,c,l="100%",h="100%";if(e.w<=i){[n,s,o,c]=["50%",0,"50%","100%"];l=r.strokeWidth}else if(e.h<=i){[n,s,o,c]=[0,"50%","100%","50%"];h=r.strokeWidth}else"\\"===this.slope?[n,s,o,c]=[0,0,"100%","100%"]:[n,s,o,c]=[0,"100%","100%",0];const u={name:"svg",children:[{name:"line",attributes:{xmlns:Vo,x1:n,y1:s,x2:o,y2:c,style:r}}],attributes:{xmlns:Vo,width:l,height:h,style:{overflow:"visible"}}};if(hasMargin(e))return HTMLResult.success({name:"div",attributes:{style:{display:"inline",width:"100%",height:"100%"}},children:[u]});u.attributes.style.position="absolute";return HTMLResult.success(u)}}class Linear extends XFAObject{constructor(e){super(Go,"linear",!0);this.id=e.id||"";this.type=getStringOption(e.type,["toRight","toBottom","toLeft","toTop"]);this.use=e.use||"";this.usehref=e.usehref||"";this.color=null;this.extras=null}[ho](e){e=e?e[ho]():"#FFFFFF";return`linear-gradient(${this.type.replace(/([RBLT])/," $1").toLowerCase()}, ${e}, ${this.color?this.color[ho]():"#000000"})`}}class LockDocument extends ContentObject{constructor(e){super(Go,"lockDocument");this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||""}[hs](){this[ss]=getStringOption(this[ss],["auto","0","1"])}}class Manifest extends XFAObject{constructor(e){super(Go,"manifest",!0);this.action=getStringOption(e.action,["include","all","exclude"]);this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.ref=new XFAObjectArray}}class Margin extends XFAObject{constructor(e){super(Go,"margin",!0);this.bottomInset=getMeasurement(e.bottomInset,"0");this.id=e.id||"";this.leftInset=getMeasurement(e.leftInset,"0");this.rightInset=getMeasurement(e.rightInset,"0");this.topInset=getMeasurement(e.topInset,"0");this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null}[ho](){return{margin:measureToString(this.topInset)+" "+measureToString(this.rightInset)+" "+measureToString(this.bottomInset)+" "+measureToString(this.leftInset)}}}class Mdp extends XFAObject{constructor(e){super(Go,"mdp");this.id=e.id||"";this.permissions=getInteger({data:e.permissions,defaultValue:2,validate:e=>1===e||3===e});this.signatureType=getStringOption(e.signatureType,["filler","author"]);this.use=e.use||"";this.usehref=e.usehref||""}}class Medium extends XFAObject{constructor(e){super(Go,"medium");this.id=e.id||"";this.imagingBBox=function getBBox(e){const t=-1;if(!e)return{x:t,y:t,width:t,height:t};const a=e.split(",",4).map((e=>getMeasurement(e.trim(),"-1")));if(a.length<4||a[2]<0||a[3]<0)return{x:t,y:t,width:t,height:t};const[r,i,n,s]=a;return{x:r,y:i,width:n,height:s}}(e.imagingBBox);this.long=getMeasurement(e.long);this.orientation=getStringOption(e.orientation,["portrait","landscape"]);this.short=getMeasurement(e.short);this.stock=e.stock||"";this.trayIn=getStringOption(e.trayIn,["auto","delegate","pageFront"]);this.trayOut=getStringOption(e.trayOut,["auto","delegate"]);this.use=e.use||"";this.usehref=e.usehref||""}}class Message extends XFAObject{constructor(e){super(Go,"message",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.text=new XFAObjectArray}}class NumericEdit extends XFAObject{constructor(e){super(Go,"numericEdit",!0);this.hScrollPolicy=getStringOption(e.hScrollPolicy,["auto","off","on"]);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.border=null;this.comb=null;this.extras=null;this.margin=null}[co](e){const t=toStyle(this,"border","font","margin"),a=this[vs]()[vs](),r={name:"input",attributes:{type:"text",fieldId:a[uo],dataId:a[os]?.[uo]||a[uo],class:["xfaTextfield"],style:t,"aria-label":ariaLabel(a),"aria-required":!1}};if(isRequired(a)){r.attributes["aria-required"]=!0;r.attributes.required=!0}return HTMLResult.success({name:"label",attributes:{class:["xfaLabel"]},children:[r]})}}class Occur extends XFAObject{constructor(e){super(Go,"occur",!0);this.id=e.id||"";this.initial=""!==e.initial?getInteger({data:e.initial,defaultValue:"",validate:e=>!0}):"";this.max=""!==e.max?getInteger({data:e.max,defaultValue:1,validate:e=>!0}):"";this.min=""!==e.min?getInteger({data:e.min,defaultValue:1,validate:e=>!0}):"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null}[ts](){const e=this[vs](),t=this.min;""===this.min&&(this.min=e instanceof PageArea||e instanceof PageSet?0:1);""===this.max&&(this.max=""===t?e instanceof PageArea||e instanceof PageSet?-1:1:this.min);-1!==this.max&&this.max!0});this.name=e.name||"";this.numbered=getInteger({data:e.numbered,defaultValue:1,validate:e=>!0});this.oddOrEven=getStringOption(e.oddOrEven,["any","even","odd"]);this.pagePosition=getStringOption(e.pagePosition,["any","first","last","only","rest"]);this.relevant=getRelevant(e.relevant);this.use=e.use||"";this.usehref=e.usehref||"";this.desc=null;this.extras=null;this.medium=null;this.occur=null;this.area=new XFAObjectArray;this.contentArea=new XFAObjectArray;this.draw=new XFAObjectArray;this.exclGroup=new XFAObjectArray;this.field=new XFAObjectArray;this.subform=new XFAObjectArray}[Xs](){if(!this[ls]){this[ls]={numberOfUse:0};return!0}return!this.occur||-1===this.occur.max||this[ls].numberOfUsee.oddOrEven===t&&e.pagePosition===a));if(r)return r;r=this.pageArea.children.find((e=>"any"===e.oddOrEven&&e.pagePosition===a));if(r)return r;r=this.pageArea.children.find((e=>"any"===e.oddOrEven&&"any"===e.pagePosition));return r||this.pageArea.children[0]}}class Para extends XFAObject{constructor(e){super(Go,"para",!0);this.hAlign=getStringOption(e.hAlign,["left","center","justify","justifyAll","radix","right"]);this.id=e.id||"";this.lineHeight=e.lineHeight?getMeasurement(e.lineHeight,"0pt"):"";this.marginLeft=e.marginLeft?getMeasurement(e.marginLeft,"0pt"):"";this.marginRight=e.marginRight?getMeasurement(e.marginRight,"0pt"):"";this.orphans=getInteger({data:e.orphans,defaultValue:0,validate:e=>e>=0});this.preserve=e.preserve||"";this.radixOffset=e.radixOffset?getMeasurement(e.radixOffset,"0pt"):"";this.spaceAbove=e.spaceAbove?getMeasurement(e.spaceAbove,"0pt"):"";this.spaceBelow=e.spaceBelow?getMeasurement(e.spaceBelow,"0pt"):"";this.tabDefault=e.tabDefault?getMeasurement(this.tabDefault):"";this.tabStops=(e.tabStops||"").trim().split(/\s+/).map(((e,t)=>t%2==1?getMeasurement(e):e));this.textIndent=e.textIndent?getMeasurement(e.textIndent,"0pt"):"";this.use=e.use||"";this.usehref=e.usehref||"";this.vAlign=getStringOption(e.vAlign,["top","bottom","middle"]);this.widows=getInteger({data:e.widows,defaultValue:0,validate:e=>e>=0});this.hyphenation=null}[ho](){const e=toStyle(this,"hAlign");""!==this.marginLeft&&(e.paddingLeft=measureToString(this.marginLeft));""!==this.marginRight&&(e.paddingRight=measureToString(this.marginRight));""!==this.spaceAbove&&(e.paddingTop=measureToString(this.spaceAbove));""!==this.spaceBelow&&(e.paddingBottom=measureToString(this.spaceBelow));if(""!==this.textIndent){e.textIndent=measureToString(this.textIndent);fixTextIndent(e)}this.lineHeight>0&&(e.lineHeight=measureToString(this.lineHeight));""!==this.tabDefault&&(e.tabSize=measureToString(this.tabDefault));this.tabStops.length;this.hyphenatation&&Object.assign(e,this.hyphenatation[ho]());return e}}class PasswordEdit extends XFAObject{constructor(e){super(Go,"passwordEdit",!0);this.hScrollPolicy=getStringOption(e.hScrollPolicy,["auto","off","on"]);this.id=e.id||"";this.passwordChar=e.passwordChar||"*";this.use=e.use||"";this.usehref=e.usehref||"";this.border=null;this.extras=null;this.margin=null}}class template_Pattern extends XFAObject{constructor(e){super(Go,"pattern",!0);this.id=e.id||"";this.type=getStringOption(e.type,["crossHatch","crossDiagonal","diagonalLeft","diagonalRight","horizontal","vertical"]);this.use=e.use||"";this.usehref=e.usehref||"";this.color=null;this.extras=null}[ho](e){e=e?e[ho]():"#FFFFFF";const t=this.color?this.color[ho]():"#000000",a="repeating-linear-gradient",r=`${e},${e} 5px,${t} 5px,${t} 10px`;switch(this.type){case"crossHatch":return`${a}(to top,${r}) ${a}(to right,${r})`;case"crossDiagonal":return`${a}(45deg,${r}) ${a}(-45deg,${r})`;case"diagonalLeft":return`${a}(45deg,${r})`;case"diagonalRight":return`${a}(-45deg,${r})`;case"horizontal":return`${a}(to top,${r})`;case"vertical":return`${a}(to right,${r})`}return""}}class Picture extends StringObject{constructor(e){super(Go,"picture");this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Proto extends XFAObject{constructor(e){super(Go,"proto",!0);this.appearanceFilter=new XFAObjectArray;this.arc=new XFAObjectArray;this.area=new XFAObjectArray;this.assist=new XFAObjectArray;this.barcode=new XFAObjectArray;this.bindItems=new XFAObjectArray;this.bookend=new XFAObjectArray;this.boolean=new XFAObjectArray;this.border=new XFAObjectArray;this.break=new XFAObjectArray;this.breakAfter=new XFAObjectArray;this.breakBefore=new XFAObjectArray;this.button=new XFAObjectArray;this.calculate=new XFAObjectArray;this.caption=new XFAObjectArray;this.certificate=new XFAObjectArray;this.certificates=new XFAObjectArray;this.checkButton=new XFAObjectArray;this.choiceList=new XFAObjectArray;this.color=new XFAObjectArray;this.comb=new XFAObjectArray;this.connect=new XFAObjectArray;this.contentArea=new XFAObjectArray;this.corner=new XFAObjectArray;this.date=new XFAObjectArray;this.dateTime=new XFAObjectArray;this.dateTimeEdit=new XFAObjectArray;this.decimal=new XFAObjectArray;this.defaultUi=new XFAObjectArray;this.desc=new XFAObjectArray;this.digestMethod=new XFAObjectArray;this.digestMethods=new XFAObjectArray;this.draw=new XFAObjectArray;this.edge=new XFAObjectArray;this.encoding=new XFAObjectArray;this.encodings=new XFAObjectArray;this.encrypt=new XFAObjectArray;this.encryptData=new XFAObjectArray;this.encryption=new XFAObjectArray;this.encryptionMethod=new XFAObjectArray;this.encryptionMethods=new XFAObjectArray;this.event=new XFAObjectArray;this.exData=new XFAObjectArray;this.exObject=new XFAObjectArray;this.exclGroup=new XFAObjectArray;this.execute=new XFAObjectArray;this.extras=new XFAObjectArray;this.field=new XFAObjectArray;this.fill=new XFAObjectArray;this.filter=new XFAObjectArray;this.float=new XFAObjectArray;this.font=new XFAObjectArray;this.format=new XFAObjectArray;this.handler=new XFAObjectArray;this.hyphenation=new XFAObjectArray;this.image=new XFAObjectArray;this.imageEdit=new XFAObjectArray;this.integer=new XFAObjectArray;this.issuers=new XFAObjectArray;this.items=new XFAObjectArray;this.keep=new XFAObjectArray;this.keyUsage=new XFAObjectArray;this.line=new XFAObjectArray;this.linear=new XFAObjectArray;this.lockDocument=new XFAObjectArray;this.manifest=new XFAObjectArray;this.margin=new XFAObjectArray;this.mdp=new XFAObjectArray;this.medium=new XFAObjectArray;this.message=new XFAObjectArray;this.numericEdit=new XFAObjectArray;this.occur=new XFAObjectArray;this.oid=new XFAObjectArray;this.oids=new XFAObjectArray;this.overflow=new XFAObjectArray;this.pageArea=new XFAObjectArray;this.pageSet=new XFAObjectArray;this.para=new XFAObjectArray;this.passwordEdit=new XFAObjectArray;this.pattern=new XFAObjectArray;this.picture=new XFAObjectArray;this.radial=new XFAObjectArray;this.reason=new XFAObjectArray;this.reasons=new XFAObjectArray;this.rectangle=new XFAObjectArray;this.ref=new XFAObjectArray;this.script=new XFAObjectArray;this.setProperty=new XFAObjectArray;this.signData=new XFAObjectArray;this.signature=new XFAObjectArray;this.signing=new XFAObjectArray;this.solid=new XFAObjectArray;this.speak=new XFAObjectArray;this.stipple=new XFAObjectArray;this.subform=new XFAObjectArray;this.subformSet=new XFAObjectArray;this.subjectDN=new XFAObjectArray;this.subjectDNs=new XFAObjectArray;this.submit=new XFAObjectArray;this.text=new XFAObjectArray;this.textEdit=new XFAObjectArray;this.time=new XFAObjectArray;this.timeStamp=new XFAObjectArray;this.toolTip=new XFAObjectArray;this.traversal=new XFAObjectArray;this.traverse=new XFAObjectArray;this.ui=new XFAObjectArray;this.validate=new XFAObjectArray;this.value=new XFAObjectArray;this.variables=new XFAObjectArray}}class Radial extends XFAObject{constructor(e){super(Go,"radial",!0);this.id=e.id||"";this.type=getStringOption(e.type,["toEdge","toCenter"]);this.use=e.use||"";this.usehref=e.usehref||"";this.color=null;this.extras=null}[ho](e){e=e?e[ho]():"#FFFFFF";const t=this.color?this.color[ho]():"#000000";return`radial-gradient(circle at center, ${"toEdge"===this.type?`${e},${t}`:`${t},${e}`})`}}class Reason extends StringObject{constructor(e){super(Go,"reason");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Reasons extends XFAObject{constructor(e){super(Go,"reasons",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.reason=new XFAObjectArray}}class Rectangle extends XFAObject{constructor(e){super(Go,"rectangle",!0);this.hand=getStringOption(e.hand,["even","left","right"]);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.corner=new XFAObjectArray(4);this.edge=new XFAObjectArray(4);this.fill=null}[co](){const e=this.edge.children.length?this.edge.children[0]:new Edge({}),t=e[ho](),a=Object.create(null);"visible"===this.fill?.presence?Object.assign(a,this.fill[ho]()):a.fill="transparent";a.strokeWidth=measureToString("visible"===e.presence?e.thickness:0);a.stroke=t.color;const r=(this.corner.children.length?this.corner.children[0]:new Corner({}))[ho](),i={name:"svg",children:[{name:"rect",attributes:{xmlns:Vo,width:"100%",height:"100%",x:0,y:0,rx:r.radius,ry:r.radius,style:a}}],attributes:{xmlns:Vo,style:{overflow:"visible"},width:"100%",height:"100%"}};if(hasMargin(this[vs]()[vs]()))return HTMLResult.success({name:"div",attributes:{style:{display:"inline",width:"100%",height:"100%"}},children:[i]});i.attributes.style.position="absolute";return HTMLResult.success(i)}}class RefElement extends StringObject{constructor(e){super(Go,"ref");this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Script extends StringObject{constructor(e){super(Go,"script");this.binding=e.binding||"";this.contentType=e.contentType||"";this.id=e.id||"";this.name=e.name||"";this.runAt=getStringOption(e.runAt,["client","both","server"]);this.use=e.use||"";this.usehref=e.usehref||""}}class SetProperty extends XFAObject{constructor(e){super(Go,"setProperty");this.connection=e.connection||"";this.ref=e.ref||"";this.target=e.target||""}}class SignData extends XFAObject{constructor(e){super(Go,"signData",!0);this.id=e.id||"";this.operation=getStringOption(e.operation,["sign","clear","verify"]);this.ref=e.ref||"";this.target=e.target||"";this.use=e.use||"";this.usehref=e.usehref||"";this.filter=null;this.manifest=null}}class Signature extends XFAObject{constructor(e){super(Go,"signature",!0);this.id=e.id||"";this.type=getStringOption(e.type,["PDF1.3","PDF1.6"]);this.use=e.use||"";this.usehref=e.usehref||"";this.border=null;this.extras=null;this.filter=null;this.manifest=null;this.margin=null}}class Signing extends XFAObject{constructor(e){super(Go,"signing",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.certificate=new XFAObjectArray}}class Solid extends XFAObject{constructor(e){super(Go,"solid",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null}[ho](e){return e?e[ho]():"#FFFFFF"}}class Speak extends StringObject{constructor(e){super(Go,"speak");this.disable=getInteger({data:e.disable,defaultValue:0,validate:e=>1===e});this.id=e.id||"";this.priority=getStringOption(e.priority,["custom","caption","name","toolTip"]);this.rid=e.rid||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Stipple extends XFAObject{constructor(e){super(Go,"stipple",!0);this.id=e.id||"";this.rate=getInteger({data:e.rate,defaultValue:50,validate:e=>e>=0&&e<=100});this.use=e.use||"";this.usehref=e.usehref||"";this.color=null;this.extras=null}[ho](e){const t=this.rate/100;return Util.makeHexColor(Math.round(e.value.r*(1-t)+this.value.r*t),Math.round(e.value.g*(1-t)+this.value.g*t),Math.round(e.value.b*(1-t)+this.value.b*t))}}class Subform extends XFAObject{constructor(e){super(Go,"subform",!0);this.access=getStringOption(e.access,["open","nonInteractive","protected","readOnly"]);this.allowMacro=getInteger({data:e.allowMacro,defaultValue:0,validate:e=>1===e});this.anchorType=getStringOption(e.anchorType,["topLeft","bottomCenter","bottomLeft","bottomRight","middleCenter","middleLeft","middleRight","topCenter","topRight"]);this.colSpan=getInteger({data:e.colSpan,defaultValue:1,validate:e=>e>=1||-1===e});this.columnWidths=(e.columnWidths||"").trim().split(/\s+/).map((e=>"-1"===e?-1:getMeasurement(e)));this.h=e.h?getMeasurement(e.h):"";this.hAlign=getStringOption(e.hAlign,["left","center","justify","justifyAll","radix","right"]);this.id=e.id||"";this.layout=getStringOption(e.layout,["position","lr-tb","rl-row","rl-tb","row","table","tb"]);this.locale=e.locale||"";this.maxH=getMeasurement(e.maxH,"0pt");this.maxW=getMeasurement(e.maxW,"0pt");this.mergeMode=getStringOption(e.mergeMode,["consumeData","matchTemplate"]);this.minH=getMeasurement(e.minH,"0pt");this.minW=getMeasurement(e.minW,"0pt");this.name=e.name||"";this.presence=getStringOption(e.presence,["visible","hidden","inactive","invisible"]);this.relevant=getRelevant(e.relevant);this.restoreState=getStringOption(e.restoreState,["manual","auto"]);this.scope=getStringOption(e.scope,["name","none"]);this.use=e.use||"";this.usehref=e.usehref||"";this.w=e.w?getMeasurement(e.w):"";this.x=getMeasurement(e.x,"0pt");this.y=getMeasurement(e.y,"0pt");this.assist=null;this.bind=null;this.bookend=null;this.border=null;this.break=null;this.calculate=null;this.desc=null;this.extras=null;this.keep=null;this.margin=null;this.occur=null;this.overflow=null;this.pageSet=null;this.para=null;this.traversal=null;this.validate=null;this.variables=null;this.area=new XFAObjectArray;this.breakAfter=new XFAObjectArray;this.breakBefore=new XFAObjectArray;this.connect=new XFAObjectArray;this.draw=new XFAObjectArray;this.event=new XFAObjectArray;this.exObject=new XFAObjectArray;this.exclGroup=new XFAObjectArray;this.field=new XFAObjectArray;this.proto=new XFAObjectArray;this.setProperty=new XFAObjectArray;this.subform=new XFAObjectArray;this.subformSet=new XFAObjectArray}[Cs](){const e=this[vs]();return e instanceof SubformSet?e[Cs]():e}[Rs](){return!0}[_s](){return this.layout.endsWith("-tb")&&0===this[ls].attempt&&this[ls].numberInLine>0||this[vs]()[_s]()}*[ks](){yield*getContainedChildren(this)}[us](){return flushHTML(this)}[Zn](e,t){addHTML(this,e,t)}[gs](){return getAvailableSpace(this)}[js](){const e=this[Cs]();if(!e[js]())return!1;if(void 0!==this[ls]._isSplittable)return this[ls]._isSplittable;if("position"===this.layout||this.layout.includes("row")){this[ls]._isSplittable=!1;return!1}if(this.keep&&"none"!==this.keep.intact){this[ls]._isSplittable=!1;return!1}if(e.layout?.endsWith("-tb")&&0!==e[ls].numberInLine)return!1;this[ls]._isSplittable=!0;return!0}[co](e){setTabIndex(this);if(this.break){if("auto"!==this.break.after||""!==this.break.afterTarget){const e=new BreakAfter({targetType:this.break.after,target:this.break.afterTarget,startNew:this.break.startNew.toString()});e[Is]=this[Is];this[Qn](e);this.breakAfter.push(e)}if("auto"!==this.break.before||""!==this.break.beforeTarget){const e=new BreakBefore({targetType:this.break.before,target:this.break.beforeTarget,startNew:this.break.startNew.toString()});e[Is]=this[Is];this[Qn](e);this.breakBefore.push(e)}if(""!==this.break.overflowTarget){const e=new Overflow({target:this.break.overflowTarget,leader:this.break.overflowLeader,trailer:this.break.overflowTrailer});e[Is]=this[Is];this[Qn](e);this.overflow.push(e)}this[Zs](this.break);this.break=null}if("hidden"===this.presence||"inactive"===this.presence)return HTMLResult.EMPTY;(this.breakBefore.children.length>1||this.breakAfter.children.length>1)&&warn("XFA - Several breakBefore or breakAfter in subforms: please file a bug.");if(this.breakBefore.children.length>=1){const e=this.breakBefore.children[0];if(handleBreak(e))return HTMLResult.breakNode(e)}if(this[ls]?.afterBreakAfter)return HTMLResult.EMPTY;fixDimensions(this);const t=[],a={id:this[uo],class:[]};setAccess(this,a.class);this[ls]||=Object.create(null);Object.assign(this[ls],{children:t,line:null,attributes:a,attempt:0,numberInLine:0,availableSpace:{width:Math.min(this.w||1/0,e.width),height:Math.min(this.h||1/0,e.height)},width:0,height:0,prevHeight:0,currentWidth:0});const r=this[Fs](),i=r[ls].noLayoutFailure,n=this[js]();n||setFirstUnsplittable(this);if(!checkDimensions(this,e))return HTMLResult.FAILURE;const s=new Set(["area","draw","exclGroup","field","subform","subformSet"]);if(this.layout.includes("row")){const e=this[Cs]().columnWidths;if(Array.isArray(e)&&e.length>0){this[ls].columnWidths=e;this[ls].currentColumn=0}}const o=toStyle(this,"anchorType","dimensions","position","presence","border","margin","hAlign"),c=["xfaSubform"],l=layoutClass(this);l&&c.push(l);a.style=o;a.class=c;this.name&&(a.xfaName=this.name);if(this.overflow){const t=this.overflow[ws]();if(t.addLeader){t.addLeader=!1;handleOverflow(this,t.leader,e)}}this[Ys]();const h="lr-tb"===this.layout||"rl-tb"===this.layout,u=h?2:1;for(;this[ls].attempt=1){const e=this.breakAfter.children[0];if(handleBreak(e)){this[ls].afterBreakAfter=y;return HTMLResult.breakNode(e)}}delete this[ls];return y}}class SubformSet extends XFAObject{constructor(e){super(Go,"subformSet",!0);this.id=e.id||"";this.name=e.name||"";this.relation=getStringOption(e.relation,["ordered","choice","unordered"]);this.relevant=getRelevant(e.relevant);this.use=e.use||"";this.usehref=e.usehref||"";this.bookend=null;this.break=null;this.desc=null;this.extras=null;this.occur=null;this.overflow=null;this.breakAfter=new XFAObjectArray;this.breakBefore=new XFAObjectArray;this.subform=new XFAObjectArray;this.subformSet=new XFAObjectArray}*[ks](){yield*getContainedChildren(this)}[Cs](){let e=this[vs]();for(;!(e instanceof Subform);)e=e[vs]();return e}[Rs](){return!0}}class SubjectDN extends ContentObject{constructor(e){super(Go,"subjectDN");this.delimiter=e.delimiter||",";this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[hs](){this[ss]=new Map(this[ss].split(this.delimiter).map((e=>{(e=e.split("=",2))[0]=e[0].trim();return e})))}}class SubjectDNs extends XFAObject{constructor(e){super(Go,"subjectDNs",!0);this.id=e.id||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||"";this.subjectDN=new XFAObjectArray}}class Submit extends XFAObject{constructor(e){super(Go,"submit",!0);this.embedPDF=getInteger({data:e.embedPDF,defaultValue:0,validate:e=>1===e});this.format=getStringOption(e.format,["xdp","formdata","pdf","urlencoded","xfd","xml"]);this.id=e.id||"";this.target=e.target||"";this.textEncoding=getKeyword({data:e.textEncoding?e.textEncoding.toLowerCase():"",defaultValue:"",validate:e=>["utf-8","big-five","fontspecific","gbk","gb-18030","gb-2312","ksc-5601","none","shift-jis","ucs-2","utf-16"].includes(e)||e.match(/iso-8859-\d{2}/)});this.use=e.use||"";this.usehref=e.usehref||"";this.xdpContent=e.xdpContent||"";this.encrypt=null;this.encryptData=new XFAObjectArray;this.signData=new XFAObjectArray}}class Template extends XFAObject{constructor(e){super(Go,"template",!0);this.baseProfile=getStringOption(e.baseProfile,["full","interactiveForms"]);this.extras=null;this.subform=new XFAObjectArray}[hs](){0===this.subform.children.length&&warn("XFA - No subforms in template node.");this.subform.children.length>=2&&warn("XFA - Several subforms in template node: please file a bug.");this[no]=5e3}[js](){return!0}[to](e,t){return e.startsWith("#")?[this[Os].get(e.slice(1))]:searchNode(this,t,e,!0,!0)}*[oo](){if(!this.subform.children.length)return HTMLResult.success({name:"div",children:[]});this[ls]={overflowNode:null,firstUnsplittable:null,currentContentArea:null,currentPageArea:null,noLayoutFailure:!1,pageNumber:1,pagePosition:"first",oddOrEven:"odd",blankOrNotBlank:"nonBlank",paraStack:[]};const e=this.subform.children[0];e.pageSet[as]();const t=e.pageSet.pageArea.children,a={name:"div",children:[]};let r=null,i=null,n=null;if(e.breakBefore.children.length>=1){i=e.breakBefore.children[0];n=i.target}else if(e.subform.children.length>=1&&e.subform.children[0].breakBefore.children.length>=1){i=e.subform.children[0].breakBefore.children[0];n=i.target}else if(e.break?.beforeTarget){i=e.break;n=i.beforeTarget}else if(e.subform.children.length>=1&&e.subform.children[0].break?.beforeTarget){i=e.subform.children[0].break;n=i.beforeTarget}if(i){const e=this[to](n,i[vs]());if(e instanceof PageArea){r=e;i[ls]={}}}r||=t[0];r[ls]={numberOfUse:1};const s=r[vs]();s[ls]={numberOfUse:1,pageIndex:s.pageArea.children.indexOf(r),pageSetIndex:0};let o,c=null,l=null,h=!0,u=0,d=0;for(;;){if(h)u=0;else{a.children.pop();if(3==++u){warn("XFA - Something goes wrong: please file a bug.");return a}}o=null;this[ls].currentPageArea=r;const t=r[co]().html;a.children.push(t);if(c){this[ls].noLayoutFailure=!0;t.children.push(c[co](r[ls].space).html);c=null}if(l){this[ls].noLayoutFailure=!0;t.children.push(l[co](r[ls].space).html);l=null}const i=r.contentArea.children,n=t.children.filter((e=>e.attributes.class.includes("xfaContentarea")));h=!1;this[ls].firstUnsplittable=null;this[ls].noLayoutFailure=!1;const flush=t=>{const a=e[us]();if(a){h||=a.children?.length>0;n[t].children.push(a)}};for(let t=d,r=i.length;t0;n[t].children.push(u.html)}else!h&&a.children.length>1&&a.children.pop();return a}if(u.isBreak()){const e=u.breakNode;flush(t);if("auto"===e.targetType)continue;if(e.leader){c=this[to](e.leader,e[vs]());c=c?c[0]:null}if(e.trailer){l=this[to](e.trailer,e[vs]());l=l?l[0]:null}if("pageArea"===e.targetType){o=e[ls].target;t=1/0}else if(e[ls].target){o=e[ls].target;d=e[ls].index+1;t=1/0}else t=e[ls].index}else if(this[ls].overflowNode){const e=this[ls].overflowNode;this[ls].overflowNode=null;const a=e[ws](),r=a.target;a.addLeader=null!==a.leader;a.addTrailer=null!==a.trailer;flush(t);const n=t;t=1/0;if(r instanceof PageArea)o=r;else if(r instanceof ContentArea){const e=i.indexOf(r);if(-1!==e)e>n?t=e-1:d=e;else{o=r[vs]();d=o.contentArea.children.indexOf(r)}}}else flush(t)}this[ls].pageNumber+=1;o&&(o[Xs]()?o[ls].numberOfUse+=1:o=null);r=o||r[As]();yield null}}}class Text extends ContentObject{constructor(e){super(Go,"text");this.id=e.id||"";this.maxChars=getInteger({data:e.maxChars,defaultValue:0,validate:e=>e>=0});this.name=e.name||"";this.rid=e.rid||"";this.use=e.use||"";this.usehref=e.usehref||""}[Yn](){return!0}[$s](e){if(e[Hs]===go.xhtml.id){this[ss]=e;return!0}warn(`XFA - Invalid content in Text: ${e[Ws]}.`);return!1}[Vs](e){this[ss]instanceof XFAObject||super[Vs](e)}[hs](){"string"==typeof this[ss]&&(this[ss]=this[ss].replaceAll("\r\n","\n"))}[ws](){return"string"==typeof this[ss]?this[ss].split(/[\u2029\u2028\n]/).filter((e=>!!e)).join("\n"):this[ss][so]()}[co](e){if("string"==typeof this[ss]){const e=valueToHtml(this[ss]).html;if(this[ss].includes("\u2029")){e.name="div";e.children=[];this[ss].split("\u2029").map((e=>e.split(/[\u2028\n]/).flatMap((e=>[{name:"span",value:e},{name:"br"}])))).forEach((t=>{e.children.push({name:"p",children:t})}))}else if(/[\u2028\n]/.test(this[ss])){e.name="div";e.children=[];this[ss].split(/[\u2028\n]/).forEach((t=>{e.children.push({name:"span",value:t},{name:"br"})}))}return HTMLResult.success(e)}return this[ss][co](e)}}class TextEdit extends XFAObject{constructor(e){super(Go,"textEdit",!0);this.allowRichText=getInteger({data:e.allowRichText,defaultValue:0,validate:e=>1===e});this.hScrollPolicy=getStringOption(e.hScrollPolicy,["auto","off","on"]);this.id=e.id||"";this.multiLine=getInteger({data:e.multiLine,defaultValue:"",validate:e=>0===e||1===e});this.use=e.use||"";this.usehref=e.usehref||"";this.vScrollPolicy=getStringOption(e.vScrollPolicy,["auto","off","on"]);this.border=null;this.comb=null;this.extras=null;this.margin=null}[co](e){const t=toStyle(this,"border","font","margin");let a;const r=this[vs]()[vs]();""===this.multiLine&&(this.multiLine=r instanceof Draw?1:0);a=1===this.multiLine?{name:"textarea",attributes:{dataId:r[os]?.[uo]||r[uo],fieldId:r[uo],class:["xfaTextfield"],style:t,"aria-label":ariaLabel(r),"aria-required":!1}}:{name:"input",attributes:{type:"text",dataId:r[os]?.[uo]||r[uo],fieldId:r[uo],class:["xfaTextfield"],style:t,"aria-label":ariaLabel(r),"aria-required":!1}};if(isRequired(r)){a.attributes["aria-required"]=!0;a.attributes.required=!0}return HTMLResult.success({name:"label",attributes:{class:["xfaLabel"]},children:[a]})}}class Time extends StringObject{constructor(e){super(Go,"time");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}[hs](){const e=this[ss].trim();this[ss]=e?new Date(e):null}[co](e){return valueToHtml(this[ss]?this[ss].toString():"")}}class TimeStamp extends XFAObject{constructor(e){super(Go,"timeStamp");this.id=e.id||"";this.server=e.server||"";this.type=getStringOption(e.type,["optional","required"]);this.use=e.use||"";this.usehref=e.usehref||""}}class ToolTip extends StringObject{constructor(e){super(Go,"toolTip");this.id=e.id||"";this.rid=e.rid||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Traversal extends XFAObject{constructor(e){super(Go,"traversal",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.traverse=new XFAObjectArray}}class Traverse extends XFAObject{constructor(e){super(Go,"traverse",!0);this.id=e.id||"";this.operation=getStringOption(e.operation,["next","back","down","first","left","right","up"]);this.ref=e.ref||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.script=null}get name(){return this.operation}[Us](){return!1}}class Ui extends XFAObject{constructor(e){super(Go,"ui",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.picture=null;this.barcode=null;this.button=null;this.checkButton=null;this.choiceList=null;this.dateTimeEdit=null;this.defaultUi=null;this.imageEdit=null;this.numericEdit=null;this.passwordEdit=null;this.signature=null;this.textEdit=null}[ws](){if(void 0===this[ls]){for(const e of Object.getOwnPropertyNames(this)){if("extras"===e||"picture"===e)continue;const t=this[e];if(t instanceof XFAObject){this[ls]=t;return t}}this[ls]=null}return this[ls]}[co](e){const t=this[ws]();return t?t[co](e):HTMLResult.EMPTY}}class Validate extends XFAObject{constructor(e){super(Go,"validate",!0);this.formatTest=getStringOption(e.formatTest,["warning","disabled","error"]);this.id=e.id||"";this.nullTest=getStringOption(e.nullTest,["disabled","error","warning"]);this.scriptTest=getStringOption(e.scriptTest,["error","disabled","warning"]);this.use=e.use||"";this.usehref=e.usehref||"";this.extras=null;this.message=null;this.picture=null;this.script=null}}class Value extends XFAObject{constructor(e){super(Go,"value",!0);this.id=e.id||"";this.override=getInteger({data:e.override,defaultValue:0,validate:e=>1===e});this.relevant=getRelevant(e.relevant);this.use=e.use||"";this.usehref=e.usehref||"";this.arc=null;this.boolean=null;this.date=null;this.dateTime=null;this.decimal=null;this.exData=null;this.float=null;this.image=null;this.integer=null;this.line=null;this.rectangle=null;this.text=null;this.time=null}[io](e){const t=this[vs]();if(t instanceof Field&&t.ui?.imageEdit){if(!this.image){this.image=new Image({});this[Qn](this.image)}this.image[ss]=e[ss];return}const a=e[Ws];if(null===this[a]){for(const e of Object.getOwnPropertyNames(this)){const t=this[e];if(t instanceof XFAObject){this[e]=null;this[Zs](t)}}this[e[Ws]]=e;this[Qn](e)}else this[a][ss]=e[ss]}[so](){if(this.exData)return"string"==typeof this.exData[ss]?this.exData[ss].trim():this.exData[ss][so]().trim();for(const e of Object.getOwnPropertyNames(this)){if("image"===e)continue;const t=this[e];if(t instanceof XFAObject)return(t[ss]||"").toString().trim()}return null}[co](e){for(const t of Object.getOwnPropertyNames(this)){const a=this[t];if(a instanceof XFAObject)return a[co](e)}return HTMLResult.EMPTY}}class Variables extends XFAObject{constructor(e){super(Go,"variables",!0);this.id=e.id||"";this.use=e.use||"";this.usehref=e.usehref||"";this.boolean=new XFAObjectArray;this.date=new XFAObjectArray;this.dateTime=new XFAObjectArray;this.decimal=new XFAObjectArray;this.exData=new XFAObjectArray;this.float=new XFAObjectArray;this.image=new XFAObjectArray;this.integer=new XFAObjectArray;this.manifest=new XFAObjectArray;this.script=new XFAObjectArray;this.text=new XFAObjectArray;this.time=new XFAObjectArray}[Us](){return!0}}class TemplateNamespace{static[fo](e,t){if(TemplateNamespace.hasOwnProperty(e)){const a=TemplateNamespace[e](t);a[ro](t);return a}}static appearanceFilter(e){return new AppearanceFilter(e)}static arc(e){return new Arc(e)}static area(e){return new Area(e)}static assist(e){return new Assist(e)}static barcode(e){return new Barcode(e)}static bind(e){return new Bind(e)}static bindItems(e){return new BindItems(e)}static bookend(e){return new Bookend(e)}static boolean(e){return new BooleanElement(e)}static border(e){return new Border(e)}static break(e){return new Break(e)}static breakAfter(e){return new BreakAfter(e)}static breakBefore(e){return new BreakBefore(e)}static button(e){return new Button(e)}static calculate(e){return new Calculate(e)}static caption(e){return new Caption(e)}static certificate(e){return new Certificate(e)}static certificates(e){return new Certificates(e)}static checkButton(e){return new CheckButton(e)}static choiceList(e){return new ChoiceList(e)}static color(e){return new Color(e)}static comb(e){return new Comb(e)}static connect(e){return new Connect(e)}static contentArea(e){return new ContentArea(e)}static corner(e){return new Corner(e)}static date(e){return new DateElement(e)}static dateTime(e){return new DateTime(e)}static dateTimeEdit(e){return new DateTimeEdit(e)}static decimal(e){return new Decimal(e)}static defaultUi(e){return new DefaultUi(e)}static desc(e){return new Desc(e)}static digestMethod(e){return new DigestMethod(e)}static digestMethods(e){return new DigestMethods(e)}static draw(e){return new Draw(e)}static edge(e){return new Edge(e)}static encoding(e){return new Encoding(e)}static encodings(e){return new Encodings(e)}static encrypt(e){return new Encrypt(e)}static encryptData(e){return new EncryptData(e)}static encryption(e){return new Encryption(e)}static encryptionMethod(e){return new EncryptionMethod(e)}static encryptionMethods(e){return new EncryptionMethods(e)}static event(e){return new Event(e)}static exData(e){return new ExData(e)}static exObject(e){return new ExObject(e)}static exclGroup(e){return new ExclGroup(e)}static execute(e){return new Execute(e)}static extras(e){return new Extras(e)}static field(e){return new Field(e)}static fill(e){return new Fill(e)}static filter(e){return new Filter(e)}static float(e){return new Float(e)}static font(e){return new template_Font(e)}static format(e){return new Format(e)}static handler(e){return new Handler(e)}static hyphenation(e){return new Hyphenation(e)}static image(e){return new Image(e)}static imageEdit(e){return new ImageEdit(e)}static integer(e){return new Integer(e)}static issuers(e){return new Issuers(e)}static items(e){return new Items(e)}static keep(e){return new Keep(e)}static keyUsage(e){return new KeyUsage(e)}static line(e){return new Line(e)}static linear(e){return new Linear(e)}static lockDocument(e){return new LockDocument(e)}static manifest(e){return new Manifest(e)}static margin(e){return new Margin(e)}static mdp(e){return new Mdp(e)}static medium(e){return new Medium(e)}static message(e){return new Message(e)}static numericEdit(e){return new NumericEdit(e)}static occur(e){return new Occur(e)}static oid(e){return new Oid(e)}static oids(e){return new Oids(e)}static overflow(e){return new Overflow(e)}static pageArea(e){return new PageArea(e)}static pageSet(e){return new PageSet(e)}static para(e){return new Para(e)}static passwordEdit(e){return new PasswordEdit(e)}static pattern(e){return new template_Pattern(e)}static picture(e){return new Picture(e)}static proto(e){return new Proto(e)}static radial(e){return new Radial(e)}static reason(e){return new Reason(e)}static reasons(e){return new Reasons(e)}static rectangle(e){return new Rectangle(e)}static ref(e){return new RefElement(e)}static script(e){return new Script(e)}static setProperty(e){return new SetProperty(e)}static signData(e){return new SignData(e)}static signature(e){return new Signature(e)}static signing(e){return new Signing(e)}static solid(e){return new Solid(e)}static speak(e){return new Speak(e)}static stipple(e){return new Stipple(e)}static subform(e){return new Subform(e)}static subformSet(e){return new SubformSet(e)}static subjectDN(e){return new SubjectDN(e)}static subjectDNs(e){return new SubjectDNs(e)}static submit(e){return new Submit(e)}static template(e){return new Template(e)}static text(e){return new Text(e)}static textEdit(e){return new TextEdit(e)}static time(e){return new Time(e)}static timeStamp(e){return new TimeStamp(e)}static toolTip(e){return new ToolTip(e)}static traversal(e){return new Traversal(e)}static traverse(e){return new Traverse(e)}static ui(e){return new Ui(e)}static validate(e){return new Validate(e)}static value(e){return new Value(e)}static variables(e){return new Variables(e)}}const Zo=go.datasets.id;function createText(e){const t=new Text({});t[ss]=e;return t}class Binder{constructor(e){this.root=e;this.datasets=e.datasets;this.data=e.datasets?.data||new XmlObject(go.datasets.id,"data");this.emptyMerge=0===this.data[Ss]().length;this.root.form=this.form=e.template[is]()}_isConsumeData(){return!this.emptyMerge&&this._mergeMode}_isMatchTemplate(){return!this._isConsumeData()}bind(){this._bindElement(this.form,this.data);return this.form}getData(){return this.data}_bindValue(e,t,a){e[os]=t;if(e[Ts]())if(t[Ns]()){const a=t[ys]();e[io](createText(a))}else if(e instanceof Field&&"multiSelect"===e.ui?.choiceList?.open){const a=t[Ss]().map((e=>e[ss].trim())).join("\n");e[io](createText(a))}else this._isConsumeData()&&warn("XFA - Nodes haven't the same type.");else!t[Ns]()||this._isMatchTemplate()?this._bindElement(e,t):warn("XFA - Nodes haven't the same type.")}_findDataByNameToConsume(e,t,a,r){if(!e)return null;let i,n;for(let r=0;r<3;r++){i=a[xs](e,!1,!0);for(;;){n=i.next().value;if(!n)break;if(t===n[Ns]())return n}if(a[Hs]===go.datasets.id&&"data"===a[Ws])break;a=a[vs]()}if(!r)return null;i=this.data[xs](e,!0,!1);n=i.next().value;if(n)return n;i=this.data[ds](e,!0);n=i.next().value;return n?.[Ns]()?n:null}_setProperties(e,t){if(e.hasOwnProperty("setProperty"))for(const{ref:a,target:r,connection:i}of e.setProperty.children){if(i)continue;if(!a)continue;const n=searchNode(this.root,t,a,!1,!1);if(!n){warn(`XFA - Invalid reference: ${a}.`);continue}const[s]=n;if(!s[Es](this.data)){warn("XFA - Invalid node: must be a data node.");continue}const o=searchNode(this.root,e,r,!1,!1);if(!o){warn(`XFA - Invalid target: ${r}.`);continue}const[c]=o;if(!c[Es](e)){warn("XFA - Invalid target: must be a property or subproperty.");continue}const l=c[vs]();if(c instanceof SetProperty||l instanceof SetProperty){warn("XFA - Invalid target: cannot be a setProperty or one of its properties.");continue}if(c instanceof BindItems||l instanceof BindItems){warn("XFA - Invalid target: cannot be a bindItems or one of its properties.");continue}const h=s[so](),u=c[Ws];if(c instanceof XFAAttribute){const e=Object.create(null);e[u]=h;const t=Reflect.construct(Object.getPrototypeOf(l).constructor,[e]);l[u]=t[u]}else if(c.hasOwnProperty(ss)){c[os]=s;c[ss]=h;c[hs]()}else warn("XFA - Invalid node to use in setProperty")}}_bindItems(e,t){if(!e.hasOwnProperty("items")||!e.hasOwnProperty("bindItems")||e.bindItems.isEmpty())return;for(const t of e.items.children)e[Zs](t);e.items.clear();const a=new Items({}),r=new Items({});e[Qn](a);e.items.push(a);e[Qn](r);e.items.push(r);for(const{ref:i,labelRef:n,valueRef:s,connection:o}of e.bindItems.children){if(o)continue;if(!i)continue;const e=searchNode(this.root,t,i,!1,!1);if(e)for(const t of e){if(!t[Es](this.datasets)){warn(`XFA - Invalid ref (${i}): must be a datasets child.`);continue}const e=searchNode(this.root,t,n,!0,!1);if(!e){warn(`XFA - Invalid label: ${n}.`);continue}const[o]=e;if(!o[Es](this.datasets)){warn("XFA - Invalid label: must be a datasets child.");continue}const c=searchNode(this.root,t,s,!0,!1);if(!c){warn(`XFA - Invalid value: ${s}.`);continue}const[l]=c;if(!l[Es](this.datasets)){warn("XFA - Invalid value: must be a datasets child.");continue}const h=createText(o[so]()),u=createText(l[so]());a[Qn](h);a.text.push(h);r[Qn](u);r.text.push(u)}else warn(`XFA - Invalid reference: ${i}.`)}}_bindOccurrences(e,t,a){let r;if(t.length>1){r=e[is]();r[Zs](r.occur);r.occur=null}this._bindValue(e,t[0],a);this._setProperties(e,t[0]);this._bindItems(e,t[0]);if(1===t.length)return;const i=e[vs](),n=e[Ws],s=i[Ms](e);for(let e=1,o=t.length;et.name===e.name)).length:a[r].children.length;const n=a[Ms](e)+1,s=t.initial-i;if(s){const t=e[is]();t[Zs](t.occur);t.occur=null;a[r].push(t);a[Ds](n,t);for(let e=1;e0)this._bindOccurrences(r,[e[0]],null);else if(this.emptyMerge){const e=t[Hs]===Zo?-1:t[Hs],a=r[os]=new XmlObject(e,r.name||"root");t[Qn](a);this._bindElement(r,a)}continue}if(!r[Rs]())continue;let e=!1,i=null,n=null,s=null;if(r.bind){switch(r.bind.match){case"none":this._setAndBind(r,t);continue;case"global":e=!0;break;case"dataRef":if(!r.bind.ref){warn(`XFA - ref is empty in node ${r[Ws]}.`);this._setAndBind(r,t);continue}n=r.bind.ref}r.bind.picture&&(i=r.bind.picture[ss])}const[o,c]=this._getOccurInfo(r);if(n){s=searchNode(this.root,t,n,!0,!1);if(null===s){s=createDataNode(this.data,t,n);if(!s)continue;this._isConsumeData()&&(s[ns]=!0);this._setAndBind(r,s);continue}this._isConsumeData()&&(s=s.filter((e=>!e[ns])));s.length>c?s=s.slice(0,c):0===s.length&&(s=null);s&&this._isConsumeData()&&s.forEach((e=>{e[ns]=!0}))}else{if(!r.name){this._setAndBind(r,t);continue}if(this._isConsumeData()){const a=[];for(;a.length0?a:null}else{s=t[xs](r.name,!1,this.emptyMerge).next().value;if(!s){if(0===o){a.push(r);continue}const e=t[Hs]===Zo?-1:t[Hs];s=r[os]=new XmlObject(e,r.name);this.emptyMerge&&(s[ns]=!0);t[Qn](s);this._setAndBind(r,s);continue}this.emptyMerge&&(s[ns]=!0);s=[s]}}s?this._bindOccurrences(r,s,i):o>0?this._setAndBind(r,t):a.push(r)}a.forEach((e=>e[vs]()[Zs](e)))}}class DataHandler{constructor(e,t){this.data=t;this.dataset=e.datasets||null}serialize(e){const t=[[-1,this.data[Ss]()]];for(;t.length>0;){const a=t.at(-1),[r,i]=a;if(r+1===i.length){t.pop();continue}const n=i[++a[0]],s=e.get(n[uo]);if(s)n[io](s);else{const t=n[fs]();for(const a of t.values()){const t=e.get(a[uo]);if(t){a[io](t);break}}}const o=n[Ss]();o.length>0&&t.push([-1,o])}const a=[''];if(this.dataset)for(const e of this.dataset[Ss]())"data"!==e[Ws]&&e[lo](a);this.data[lo](a);a.push("");return a.join("")}}const Qo=go.config.id;class Acrobat extends XFAObject{constructor(e){super(Qo,"acrobat",!0);this.acrobat7=null;this.autoSave=null;this.common=null;this.validate=null;this.validateApprovalSignatures=null;this.submitUrl=new XFAObjectArray}}class Acrobat7 extends XFAObject{constructor(e){super(Qo,"acrobat7",!0);this.dynamicRender=null}}class ADBE_JSConsole extends OptionObject{constructor(e){super(Qo,"ADBE_JSConsole",["delegate","Enable","Disable"])}}class ADBE_JSDebugger extends OptionObject{constructor(e){super(Qo,"ADBE_JSDebugger",["delegate","Enable","Disable"])}}class AddSilentPrint extends Option01{constructor(e){super(Qo,"addSilentPrint")}}class AddViewerPreferences extends Option01{constructor(e){super(Qo,"addViewerPreferences")}}class AdjustData extends Option10{constructor(e){super(Qo,"adjustData")}}class AdobeExtensionLevel extends IntegerObject{constructor(e){super(Qo,"adobeExtensionLevel",0,(e=>e>=1&&e<=8))}}class Agent extends XFAObject{constructor(e){super(Qo,"agent",!0);this.name=e.name?e.name.trim():"";this.common=new XFAObjectArray}}class AlwaysEmbed extends ContentObject{constructor(e){super(Qo,"alwaysEmbed")}}class Amd extends StringObject{constructor(e){super(Qo,"amd")}}class config_Area extends XFAObject{constructor(e){super(Qo,"area");this.level=getInteger({data:e.level,defaultValue:0,validate:e=>e>=1&&e<=3});this.name=getStringOption(e.name,["","barcode","coreinit","deviceDriver","font","general","layout","merge","script","signature","sourceSet","templateCache"])}}class Attributes extends OptionObject{constructor(e){super(Qo,"attributes",["preserve","delegate","ignore"])}}class AutoSave extends OptionObject{constructor(e){super(Qo,"autoSave",["disabled","enabled"])}}class Base extends StringObject{constructor(e){super(Qo,"base")}}class BatchOutput extends XFAObject{constructor(e){super(Qo,"batchOutput");this.format=getStringOption(e.format,["none","concat","zip","zipCompress"])}}class BehaviorOverride extends ContentObject{constructor(e){super(Qo,"behaviorOverride")}[hs](){this[ss]=new Map(this[ss].trim().split(/\s+/).filter((e=>e.includes(":"))).map((e=>e.split(":",2))))}}class Cache extends XFAObject{constructor(e){super(Qo,"cache",!0);this.templateCache=null}}class Change extends Option01{constructor(e){super(Qo,"change")}}class Common extends XFAObject{constructor(e){super(Qo,"common",!0);this.data=null;this.locale=null;this.localeSet=null;this.messaging=null;this.suppressBanner=null;this.template=null;this.validationMessaging=null;this.versionControl=null;this.log=new XFAObjectArray}}class Compress extends XFAObject{constructor(e){super(Qo,"compress");this.scope=getStringOption(e.scope,["imageOnly","document"])}}class CompressLogicalStructure extends Option01{constructor(e){super(Qo,"compressLogicalStructure")}}class CompressObjectStream extends Option10{constructor(e){super(Qo,"compressObjectStream")}}class Compression extends XFAObject{constructor(e){super(Qo,"compression",!0);this.compressLogicalStructure=null;this.compressObjectStream=null;this.level=null;this.type=null}}class Config extends XFAObject{constructor(e){super(Qo,"config",!0);this.acrobat=null;this.present=null;this.trace=null;this.agent=new XFAObjectArray}}class Conformance extends OptionObject{constructor(e){super(Qo,"conformance",["A","B"])}}class ContentCopy extends Option01{constructor(e){super(Qo,"contentCopy")}}class Copies extends IntegerObject{constructor(e){super(Qo,"copies",1,(e=>e>=1))}}class Creator extends StringObject{constructor(e){super(Qo,"creator")}}class CurrentPage extends IntegerObject{constructor(e){super(Qo,"currentPage",0,(e=>e>=0))}}class Data extends XFAObject{constructor(e){super(Qo,"data",!0);this.adjustData=null;this.attributes=null;this.incrementalLoad=null;this.outputXSL=null;this.range=null;this.record=null;this.startNode=null;this.uri=null;this.window=null;this.xsl=null;this.excludeNS=new XFAObjectArray;this.transform=new XFAObjectArray}}class Debug extends XFAObject{constructor(e){super(Qo,"debug",!0);this.uri=null}}class DefaultTypeface extends ContentObject{constructor(e){super(Qo,"defaultTypeface");this.writingScript=getStringOption(e.writingScript,["*","Arabic","Cyrillic","EastEuropeanRoman","Greek","Hebrew","Japanese","Korean","Roman","SimplifiedChinese","Thai","TraditionalChinese","Vietnamese"])}}class Destination extends OptionObject{constructor(e){super(Qo,"destination",["pdf","pcl","ps","webClient","zpl"])}}class DocumentAssembly extends Option01{constructor(e){super(Qo,"documentAssembly")}}class Driver extends XFAObject{constructor(e){super(Qo,"driver",!0);this.name=e.name?e.name.trim():"";this.fontInfo=null;this.xdc=null}}class DuplexOption extends OptionObject{constructor(e){super(Qo,"duplexOption",["simplex","duplexFlipLongEdge","duplexFlipShortEdge"])}}class DynamicRender extends OptionObject{constructor(e){super(Qo,"dynamicRender",["forbidden","required"])}}class Embed extends Option01{constructor(e){super(Qo,"embed")}}class config_Encrypt extends Option01{constructor(e){super(Qo,"encrypt")}}class config_Encryption extends XFAObject{constructor(e){super(Qo,"encryption",!0);this.encrypt=null;this.encryptionLevel=null;this.permissions=null}}class EncryptionLevel extends OptionObject{constructor(e){super(Qo,"encryptionLevel",["40bit","128bit"])}}class Enforce extends StringObject{constructor(e){super(Qo,"enforce")}}class Equate extends XFAObject{constructor(e){super(Qo,"equate");this.force=getInteger({data:e.force,defaultValue:1,validate:e=>0===e});this.from=e.from||"";this.to=e.to||""}}class EquateRange extends XFAObject{constructor(e){super(Qo,"equateRange");this.from=e.from||"";this.to=e.to||"";this._unicodeRange=e.unicodeRange||""}get unicodeRange(){const e=[],t=/U\+([0-9a-fA-F]+)/,a=this._unicodeRange;for(let r of a.split(",").map((e=>e.trim())).filter((e=>!!e))){r=r.split("-",2).map((e=>{const a=e.match(t);return a?parseInt(a[1],16):0}));1===r.length&&r.push(r[0]);e.push(r)}return shadow(this,"unicodeRange",e)}}class Exclude extends ContentObject{constructor(e){super(Qo,"exclude")}[hs](){this[ss]=this[ss].trim().split(/\s+/).filter((e=>e&&["calculate","close","enter","exit","initialize","ready","validate"].includes(e)))}}class ExcludeNS extends StringObject{constructor(e){super(Qo,"excludeNS")}}class FlipLabel extends OptionObject{constructor(e){super(Qo,"flipLabel",["usePrinterSetting","on","off"])}}class config_FontInfo extends XFAObject{constructor(e){super(Qo,"fontInfo",!0);this.embed=null;this.map=null;this.subsetBelow=null;this.alwaysEmbed=new XFAObjectArray;this.defaultTypeface=new XFAObjectArray;this.neverEmbed=new XFAObjectArray}}class FormFieldFilling extends Option01{constructor(e){super(Qo,"formFieldFilling")}}class GroupParent extends StringObject{constructor(e){super(Qo,"groupParent")}}class IfEmpty extends OptionObject{constructor(e){super(Qo,"ifEmpty",["dataValue","dataGroup","ignore","remove"])}}class IncludeXDPContent extends StringObject{constructor(e){super(Qo,"includeXDPContent")}}class IncrementalLoad extends OptionObject{constructor(e){super(Qo,"incrementalLoad",["none","forwardOnly"])}}class IncrementalMerge extends Option01{constructor(e){super(Qo,"incrementalMerge")}}class Interactive extends Option01{constructor(e){super(Qo,"interactive")}}class Jog extends OptionObject{constructor(e){super(Qo,"jog",["usePrinterSetting","none","pageSet"])}}class LabelPrinter extends XFAObject{constructor(e){super(Qo,"labelPrinter",!0);this.name=getStringOption(e.name,["zpl","dpl","ipl","tcpl"]);this.batchOutput=null;this.flipLabel=null;this.fontInfo=null;this.xdc=null}}class Layout extends OptionObject{constructor(e){super(Qo,"layout",["paginate","panel"])}}class Level extends IntegerObject{constructor(e){super(Qo,"level",0,(e=>e>0))}}class Linearized extends Option01{constructor(e){super(Qo,"linearized")}}class Locale extends StringObject{constructor(e){super(Qo,"locale")}}class LocaleSet extends StringObject{constructor(e){super(Qo,"localeSet")}}class Log extends XFAObject{constructor(e){super(Qo,"log",!0);this.mode=null;this.threshold=null;this.to=null;this.uri=null}}class MapElement extends XFAObject{constructor(e){super(Qo,"map",!0);this.equate=new XFAObjectArray;this.equateRange=new XFAObjectArray}}class MediumInfo extends XFAObject{constructor(e){super(Qo,"mediumInfo",!0);this.map=null}}class config_Message extends XFAObject{constructor(e){super(Qo,"message",!0);this.msgId=null;this.severity=null}}class Messaging extends XFAObject{constructor(e){super(Qo,"messaging",!0);this.message=new XFAObjectArray}}class Mode extends OptionObject{constructor(e){super(Qo,"mode",["append","overwrite"])}}class ModifyAnnots extends Option01{constructor(e){super(Qo,"modifyAnnots")}}class MsgId extends IntegerObject{constructor(e){super(Qo,"msgId",1,(e=>e>=1))}}class NameAttr extends StringObject{constructor(e){super(Qo,"nameAttr")}}class NeverEmbed extends ContentObject{constructor(e){super(Qo,"neverEmbed")}}class NumberOfCopies extends IntegerObject{constructor(e){super(Qo,"numberOfCopies",null,(e=>e>=2&&e<=5))}}class OpenAction extends XFAObject{constructor(e){super(Qo,"openAction",!0);this.destination=null}}class Output extends XFAObject{constructor(e){super(Qo,"output",!0);this.to=null;this.type=null;this.uri=null}}class OutputBin extends StringObject{constructor(e){super(Qo,"outputBin")}}class OutputXSL extends XFAObject{constructor(e){super(Qo,"outputXSL",!0);this.uri=null}}class Overprint extends OptionObject{constructor(e){super(Qo,"overprint",["none","both","draw","field"])}}class Packets extends StringObject{constructor(e){super(Qo,"packets")}[hs](){"*"!==this[ss]&&(this[ss]=this[ss].trim().split(/\s+/).filter((e=>["config","datasets","template","xfdf","xslt"].includes(e))))}}class PageOffset extends XFAObject{constructor(e){super(Qo,"pageOffset");this.x=getInteger({data:e.x,defaultValue:"useXDCSetting",validate:e=>!0});this.y=getInteger({data:e.y,defaultValue:"useXDCSetting",validate:e=>!0})}}class PageRange extends StringObject{constructor(e){super(Qo,"pageRange")}[hs](){const e=this[ss].trim().split(/\s+/).map((e=>parseInt(e,10))),t=[];for(let a=0,r=e.length;a!1))}}class Pcl extends XFAObject{constructor(e){super(Qo,"pcl",!0);this.name=e.name||"";this.batchOutput=null;this.fontInfo=null;this.jog=null;this.mediumInfo=null;this.outputBin=null;this.pageOffset=null;this.staple=null;this.xdc=null}}class Pdf extends XFAObject{constructor(e){super(Qo,"pdf",!0);this.name=e.name||"";this.adobeExtensionLevel=null;this.batchOutput=null;this.compression=null;this.creator=null;this.encryption=null;this.fontInfo=null;this.interactive=null;this.linearized=null;this.openAction=null;this.pdfa=null;this.producer=null;this.renderPolicy=null;this.scriptModel=null;this.silentPrint=null;this.submitFormat=null;this.tagged=null;this.version=null;this.viewerPreferences=null;this.xdc=null}}class Pdfa extends XFAObject{constructor(e){super(Qo,"pdfa",!0);this.amd=null;this.conformance=null;this.includeXDPContent=null;this.part=null}}class Permissions extends XFAObject{constructor(e){super(Qo,"permissions",!0);this.accessibleContent=null;this.change=null;this.contentCopy=null;this.documentAssembly=null;this.formFieldFilling=null;this.modifyAnnots=null;this.plaintextMetadata=null;this.print=null;this.printHighQuality=null}}class PickTrayByPDFSize extends Option01{constructor(e){super(Qo,"pickTrayByPDFSize")}}class config_Picture extends StringObject{constructor(e){super(Qo,"picture")}}class PlaintextMetadata extends Option01{constructor(e){super(Qo,"plaintextMetadata")}}class Presence extends OptionObject{constructor(e){super(Qo,"presence",["preserve","dissolve","dissolveStructure","ignore","remove"])}}class Present extends XFAObject{constructor(e){super(Qo,"present",!0);this.behaviorOverride=null;this.cache=null;this.common=null;this.copies=null;this.destination=null;this.incrementalMerge=null;this.layout=null;this.output=null;this.overprint=null;this.pagination=null;this.paginationOverride=null;this.script=null;this.validate=null;this.xdp=null;this.driver=new XFAObjectArray;this.labelPrinter=new XFAObjectArray;this.pcl=new XFAObjectArray;this.pdf=new XFAObjectArray;this.ps=new XFAObjectArray;this.submitUrl=new XFAObjectArray;this.webClient=new XFAObjectArray;this.zpl=new XFAObjectArray}}class Print extends Option01{constructor(e){super(Qo,"print")}}class PrintHighQuality extends Option01{constructor(e){super(Qo,"printHighQuality")}}class PrintScaling extends OptionObject{constructor(e){super(Qo,"printScaling",["appdefault","noScaling"])}}class PrinterName extends StringObject{constructor(e){super(Qo,"printerName")}}class Producer extends StringObject{constructor(e){super(Qo,"producer")}}class Ps extends XFAObject{constructor(e){super(Qo,"ps",!0);this.name=e.name||"";this.batchOutput=null;this.fontInfo=null;this.jog=null;this.mediumInfo=null;this.outputBin=null;this.staple=null;this.xdc=null}}class Range extends ContentObject{constructor(e){super(Qo,"range")}[hs](){this[ss]=this[ss].split(",",2).map((e=>e.split("-").map((e=>parseInt(e.trim(),10))))).filter((e=>e.every((e=>!isNaN(e))))).map((e=>{1===e.length&&e.push(e[0]);return e}))}}class Record extends ContentObject{constructor(e){super(Qo,"record")}[hs](){this[ss]=this[ss].trim();const e=parseInt(this[ss],10);!isNaN(e)&&e>=0&&(this[ss]=e)}}class Relevant extends ContentObject{constructor(e){super(Qo,"relevant")}[hs](){this[ss]=this[ss].trim().split(/\s+/)}}class Rename extends ContentObject{constructor(e){super(Qo,"rename")}[hs](){this[ss]=this[ss].trim();(this[ss].toLowerCase().startsWith("xml")||new RegExp("[\\p{L}_][\\p{L}\\d._\\p{M}-]*","u").test(this[ss]))&&warn("XFA - Rename: invalid XFA name")}}class RenderPolicy extends OptionObject{constructor(e){super(Qo,"renderPolicy",["server","client"])}}class RunScripts extends OptionObject{constructor(e){super(Qo,"runScripts",["both","client","none","server"])}}class config_Script extends XFAObject{constructor(e){super(Qo,"script",!0);this.currentPage=null;this.exclude=null;this.runScripts=null}}class ScriptModel extends OptionObject{constructor(e){super(Qo,"scriptModel",["XFA","none"])}}class Severity extends OptionObject{constructor(e){super(Qo,"severity",["ignore","error","information","trace","warning"])}}class SilentPrint extends XFAObject{constructor(e){super(Qo,"silentPrint",!0);this.addSilentPrint=null;this.printerName=null}}class Staple extends XFAObject{constructor(e){super(Qo,"staple");this.mode=getStringOption(e.mode,["usePrinterSetting","on","off"])}}class StartNode extends StringObject{constructor(e){super(Qo,"startNode")}}class StartPage extends IntegerObject{constructor(e){super(Qo,"startPage",0,(e=>!0))}}class SubmitFormat extends OptionObject{constructor(e){super(Qo,"submitFormat",["html","delegate","fdf","xml","pdf"])}}class SubmitUrl extends StringObject{constructor(e){super(Qo,"submitUrl")}}class SubsetBelow extends IntegerObject{constructor(e){super(Qo,"subsetBelow",100,(e=>e>=0&&e<=100))}}class SuppressBanner extends Option01{constructor(e){super(Qo,"suppressBanner")}}class Tagged extends Option01{constructor(e){super(Qo,"tagged")}}class config_Template extends XFAObject{constructor(e){super(Qo,"template",!0);this.base=null;this.relevant=null;this.startPage=null;this.uri=null;this.xsl=null}}class Threshold extends OptionObject{constructor(e){super(Qo,"threshold",["trace","error","information","warning"])}}class To extends OptionObject{constructor(e){super(Qo,"to",["null","memory","stderr","stdout","system","uri"])}}class TemplateCache extends XFAObject{constructor(e){super(Qo,"templateCache");this.maxEntries=getInteger({data:e.maxEntries,defaultValue:5,validate:e=>e>=0})}}class Trace extends XFAObject{constructor(e){super(Qo,"trace",!0);this.area=new XFAObjectArray}}class Transform extends XFAObject{constructor(e){super(Qo,"transform",!0);this.groupParent=null;this.ifEmpty=null;this.nameAttr=null;this.picture=null;this.presence=null;this.rename=null;this.whitespace=null}}class Type extends OptionObject{constructor(e){super(Qo,"type",["none","ascii85","asciiHex","ccittfax","flate","lzw","runLength","native","xdp","mergedXDP"])}}class Uri extends StringObject{constructor(e){super(Qo,"uri")}}class config_Validate extends OptionObject{constructor(e){super(Qo,"validate",["preSubmit","prePrint","preExecute","preSave"])}}class ValidateApprovalSignatures extends ContentObject{constructor(e){super(Qo,"validateApprovalSignatures")}[hs](){this[ss]=this[ss].trim().split(/\s+/).filter((e=>["docReady","postSign"].includes(e)))}}class ValidationMessaging extends OptionObject{constructor(e){super(Qo,"validationMessaging",["allMessagesIndividually","allMessagesTogether","firstMessageOnly","noMessages"])}}class Version extends OptionObject{constructor(e){super(Qo,"version",["1.7","1.6","1.5","1.4","1.3","1.2"])}}class VersionControl extends XFAObject{constructor(e){super(Qo,"VersionControl");this.outputBelow=getStringOption(e.outputBelow,["warn","error","update"]);this.sourceAbove=getStringOption(e.sourceAbove,["warn","error"]);this.sourceBelow=getStringOption(e.sourceBelow,["update","maintain"])}}class ViewerPreferences extends XFAObject{constructor(e){super(Qo,"viewerPreferences",!0);this.ADBE_JSConsole=null;this.ADBE_JSDebugger=null;this.addViewerPreferences=null;this.duplexOption=null;this.enforce=null;this.numberOfCopies=null;this.pageRange=null;this.pickTrayByPDFSize=null;this.printScaling=null}}class WebClient extends XFAObject{constructor(e){super(Qo,"webClient",!0);this.name=e.name?e.name.trim():"";this.fontInfo=null;this.xdc=null}}class Whitespace extends OptionObject{constructor(e){super(Qo,"whitespace",["preserve","ltrim","normalize","rtrim","trim"])}}class Window extends ContentObject{constructor(e){super(Qo,"window")}[hs](){const e=this[ss].split(",",2).map((e=>parseInt(e.trim(),10)));if(e.some((e=>isNaN(e))))this[ss]=[0,0];else{1===e.length&&e.push(e[0]);this[ss]=e}}}class Xdc extends XFAObject{constructor(e){super(Qo,"xdc",!0);this.uri=new XFAObjectArray;this.xsl=new XFAObjectArray}}class Xdp extends XFAObject{constructor(e){super(Qo,"xdp",!0);this.packets=null}}class Xsl extends XFAObject{constructor(e){super(Qo,"xsl",!0);this.debug=null;this.uri=null}}class Zpl extends XFAObject{constructor(e){super(Qo,"zpl",!0);this.name=e.name?e.name.trim():"";this.batchOutput=null;this.flipLabel=null;this.fontInfo=null;this.xdc=null}}class ConfigNamespace{static[fo](e,t){if(ConfigNamespace.hasOwnProperty(e))return ConfigNamespace[e](t)}static acrobat(e){return new Acrobat(e)}static acrobat7(e){return new Acrobat7(e)}static ADBE_JSConsole(e){return new ADBE_JSConsole(e)}static ADBE_JSDebugger(e){return new ADBE_JSDebugger(e)}static addSilentPrint(e){return new AddSilentPrint(e)}static addViewerPreferences(e){return new AddViewerPreferences(e)}static adjustData(e){return new AdjustData(e)}static adobeExtensionLevel(e){return new AdobeExtensionLevel(e)}static agent(e){return new Agent(e)}static alwaysEmbed(e){return new AlwaysEmbed(e)}static amd(e){return new Amd(e)}static area(e){return new config_Area(e)}static attributes(e){return new Attributes(e)}static autoSave(e){return new AutoSave(e)}static base(e){return new Base(e)}static batchOutput(e){return new BatchOutput(e)}static behaviorOverride(e){return new BehaviorOverride(e)}static cache(e){return new Cache(e)}static change(e){return new Change(e)}static common(e){return new Common(e)}static compress(e){return new Compress(e)}static compressLogicalStructure(e){return new CompressLogicalStructure(e)}static compressObjectStream(e){return new CompressObjectStream(e)}static compression(e){return new Compression(e)}static config(e){return new Config(e)}static conformance(e){return new Conformance(e)}static contentCopy(e){return new ContentCopy(e)}static copies(e){return new Copies(e)}static creator(e){return new Creator(e)}static currentPage(e){return new CurrentPage(e)}static data(e){return new Data(e)}static debug(e){return new Debug(e)}static defaultTypeface(e){return new DefaultTypeface(e)}static destination(e){return new Destination(e)}static documentAssembly(e){return new DocumentAssembly(e)}static driver(e){return new Driver(e)}static duplexOption(e){return new DuplexOption(e)}static dynamicRender(e){return new DynamicRender(e)}static embed(e){return new Embed(e)}static encrypt(e){return new config_Encrypt(e)}static encryption(e){return new config_Encryption(e)}static encryptionLevel(e){return new EncryptionLevel(e)}static enforce(e){return new Enforce(e)}static equate(e){return new Equate(e)}static equateRange(e){return new EquateRange(e)}static exclude(e){return new Exclude(e)}static excludeNS(e){return new ExcludeNS(e)}static flipLabel(e){return new FlipLabel(e)}static fontInfo(e){return new config_FontInfo(e)}static formFieldFilling(e){return new FormFieldFilling(e)}static groupParent(e){return new GroupParent(e)}static ifEmpty(e){return new IfEmpty(e)}static includeXDPContent(e){return new IncludeXDPContent(e)}static incrementalLoad(e){return new IncrementalLoad(e)}static incrementalMerge(e){return new IncrementalMerge(e)}static interactive(e){return new Interactive(e)}static jog(e){return new Jog(e)}static labelPrinter(e){return new LabelPrinter(e)}static layout(e){return new Layout(e)}static level(e){return new Level(e)}static linearized(e){return new Linearized(e)}static locale(e){return new Locale(e)}static localeSet(e){return new LocaleSet(e)}static log(e){return new Log(e)}static map(e){return new MapElement(e)}static mediumInfo(e){return new MediumInfo(e)}static message(e){return new config_Message(e)}static messaging(e){return new Messaging(e)}static mode(e){return new Mode(e)}static modifyAnnots(e){return new ModifyAnnots(e)}static msgId(e){return new MsgId(e)}static nameAttr(e){return new NameAttr(e)}static neverEmbed(e){return new NeverEmbed(e)}static numberOfCopies(e){return new NumberOfCopies(e)}static openAction(e){return new OpenAction(e)}static output(e){return new Output(e)}static outputBin(e){return new OutputBin(e)}static outputXSL(e){return new OutputXSL(e)}static overprint(e){return new Overprint(e)}static packets(e){return new Packets(e)}static pageOffset(e){return new PageOffset(e)}static pageRange(e){return new PageRange(e)}static pagination(e){return new Pagination(e)}static paginationOverride(e){return new PaginationOverride(e)}static part(e){return new Part(e)}static pcl(e){return new Pcl(e)}static pdf(e){return new Pdf(e)}static pdfa(e){return new Pdfa(e)}static permissions(e){return new Permissions(e)}static pickTrayByPDFSize(e){return new PickTrayByPDFSize(e)}static picture(e){return new config_Picture(e)}static plaintextMetadata(e){return new PlaintextMetadata(e)}static presence(e){return new Presence(e)}static present(e){return new Present(e)}static print(e){return new Print(e)}static printHighQuality(e){return new PrintHighQuality(e)}static printScaling(e){return new PrintScaling(e)}static printerName(e){return new PrinterName(e)}static producer(e){return new Producer(e)}static ps(e){return new Ps(e)}static range(e){return new Range(e)}static record(e){return new Record(e)}static relevant(e){return new Relevant(e)}static rename(e){return new Rename(e)}static renderPolicy(e){return new RenderPolicy(e)}static runScripts(e){return new RunScripts(e)}static script(e){return new config_Script(e)}static scriptModel(e){return new ScriptModel(e)}static severity(e){return new Severity(e)}static silentPrint(e){return new SilentPrint(e)}static staple(e){return new Staple(e)}static startNode(e){return new StartNode(e)}static startPage(e){return new StartPage(e)}static submitFormat(e){return new SubmitFormat(e)}static submitUrl(e){return new SubmitUrl(e)}static subsetBelow(e){return new SubsetBelow(e)}static suppressBanner(e){return new SuppressBanner(e)}static tagged(e){return new Tagged(e)}static template(e){return new config_Template(e)}static templateCache(e){return new TemplateCache(e)}static threshold(e){return new Threshold(e)}static to(e){return new To(e)}static trace(e){return new Trace(e)}static transform(e){return new Transform(e)}static type(e){return new Type(e)}static uri(e){return new Uri(e)}static validate(e){return new config_Validate(e)}static validateApprovalSignatures(e){return new ValidateApprovalSignatures(e)}static validationMessaging(e){return new ValidationMessaging(e)}static version(e){return new Version(e)}static versionControl(e){return new VersionControl(e)}static viewerPreferences(e){return new ViewerPreferences(e)}static webClient(e){return new WebClient(e)}static whitespace(e){return new Whitespace(e)}static window(e){return new Window(e)}static xdc(e){return new Xdc(e)}static xdp(e){return new Xdp(e)}static xsl(e){return new Xsl(e)}static zpl(e){return new Zpl(e)}}const ec=go.connectionSet.id;class ConnectionSet extends XFAObject{constructor(e){super(ec,"connectionSet",!0);this.wsdlConnection=new XFAObjectArray;this.xmlConnection=new XFAObjectArray;this.xsdConnection=new XFAObjectArray}}class EffectiveInputPolicy extends XFAObject{constructor(e){super(ec,"effectiveInputPolicy");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class EffectiveOutputPolicy extends XFAObject{constructor(e){super(ec,"effectiveOutputPolicy");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class Operation extends StringObject{constructor(e){super(ec,"operation");this.id=e.id||"";this.input=e.input||"";this.name=e.name||"";this.output=e.output||"";this.use=e.use||"";this.usehref=e.usehref||""}}class RootElement extends StringObject{constructor(e){super(ec,"rootElement");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class SoapAction extends StringObject{constructor(e){super(ec,"soapAction");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class SoapAddress extends StringObject{constructor(e){super(ec,"soapAddress");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class connection_set_Uri extends StringObject{constructor(e){super(ec,"uri");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class WsdlAddress extends StringObject{constructor(e){super(ec,"wsdlAddress");this.id=e.id||"";this.name=e.name||"";this.use=e.use||"";this.usehref=e.usehref||""}}class WsdlConnection extends XFAObject{constructor(e){super(ec,"wsdlConnection",!0);this.dataDescription=e.dataDescription||"";this.name=e.name||"";this.effectiveInputPolicy=null;this.effectiveOutputPolicy=null;this.operation=null;this.soapAction=null;this.soapAddress=null;this.wsdlAddress=null}}class XmlConnection extends XFAObject{constructor(e){super(ec,"xmlConnection",!0);this.dataDescription=e.dataDescription||"";this.name=e.name||"";this.uri=null}}class XsdConnection extends XFAObject{constructor(e){super(ec,"xsdConnection",!0);this.dataDescription=e.dataDescription||"";this.name=e.name||"";this.rootElement=null;this.uri=null}}class ConnectionSetNamespace{static[fo](e,t){if(ConnectionSetNamespace.hasOwnProperty(e))return ConnectionSetNamespace[e](t)}static connectionSet(e){return new ConnectionSet(e)}static effectiveInputPolicy(e){return new EffectiveInputPolicy(e)}static effectiveOutputPolicy(e){return new EffectiveOutputPolicy(e)}static operation(e){return new Operation(e)}static rootElement(e){return new RootElement(e)}static soapAction(e){return new SoapAction(e)}static soapAddress(e){return new SoapAddress(e)}static uri(e){return new connection_set_Uri(e)}static wsdlAddress(e){return new WsdlAddress(e)}static wsdlConnection(e){return new WsdlConnection(e)}static xmlConnection(e){return new XmlConnection(e)}static xsdConnection(e){return new XsdConnection(e)}}const tc=go.datasets.id;class datasets_Data extends XmlObject{constructor(e){super(tc,"data",e)}[Ls](){return!0}}class Datasets extends XFAObject{constructor(e){super(tc,"datasets",!0);this.data=null;this.Signature=null}[$s](e){const t=e[Ws];("data"===t&&e[Hs]===tc||"Signature"===t&&e[Hs]===go.signature.id)&&(this[t]=e);this[Qn](e)}}class DatasetsNamespace{static[fo](e,t){if(DatasetsNamespace.hasOwnProperty(e))return DatasetsNamespace[e](t)}static datasets(e){return new Datasets(e)}static data(e){return new datasets_Data(e)}}const ac=go.localeSet.id;class CalendarSymbols extends XFAObject{constructor(e){super(ac,"calendarSymbols",!0);this.name="gregorian";this.dayNames=new XFAObjectArray(2);this.eraNames=null;this.meridiemNames=null;this.monthNames=new XFAObjectArray(2)}}class CurrencySymbol extends StringObject{constructor(e){super(ac,"currencySymbol");this.name=getStringOption(e.name,["symbol","isoname","decimal"])}}class CurrencySymbols extends XFAObject{constructor(e){super(ac,"currencySymbols",!0);this.currencySymbol=new XFAObjectArray(3)}}class DatePattern extends StringObject{constructor(e){super(ac,"datePattern");this.name=getStringOption(e.name,["full","long","med","short"])}}class DatePatterns extends XFAObject{constructor(e){super(ac,"datePatterns",!0);this.datePattern=new XFAObjectArray(4)}}class DateTimeSymbols extends ContentObject{constructor(e){super(ac,"dateTimeSymbols")}}class Day extends StringObject{constructor(e){super(ac,"day")}}class DayNames extends XFAObject{constructor(e){super(ac,"dayNames",!0);this.abbr=getInteger({data:e.abbr,defaultValue:0,validate:e=>1===e});this.day=new XFAObjectArray(7)}}class Era extends StringObject{constructor(e){super(ac,"era")}}class EraNames extends XFAObject{constructor(e){super(ac,"eraNames",!0);this.era=new XFAObjectArray(2)}}class locale_set_Locale extends XFAObject{constructor(e){super(ac,"locale",!0);this.desc=e.desc||"";this.name="isoname";this.calendarSymbols=null;this.currencySymbols=null;this.datePatterns=null;this.dateTimeSymbols=null;this.numberPatterns=null;this.numberSymbols=null;this.timePatterns=null;this.typeFaces=null}}class locale_set_LocaleSet extends XFAObject{constructor(e){super(ac,"localeSet",!0);this.locale=new XFAObjectArray}}class Meridiem extends StringObject{constructor(e){super(ac,"meridiem")}}class MeridiemNames extends XFAObject{constructor(e){super(ac,"meridiemNames",!0);this.meridiem=new XFAObjectArray(2)}}class Month extends StringObject{constructor(e){super(ac,"month")}}class MonthNames extends XFAObject{constructor(e){super(ac,"monthNames",!0);this.abbr=getInteger({data:e.abbr,defaultValue:0,validate:e=>1===e});this.month=new XFAObjectArray(12)}}class NumberPattern extends StringObject{constructor(e){super(ac,"numberPattern");this.name=getStringOption(e.name,["full","long","med","short"])}}class NumberPatterns extends XFAObject{constructor(e){super(ac,"numberPatterns",!0);this.numberPattern=new XFAObjectArray(4)}}class NumberSymbol extends StringObject{constructor(e){super(ac,"numberSymbol");this.name=getStringOption(e.name,["decimal","grouping","percent","minus","zero"])}}class NumberSymbols extends XFAObject{constructor(e){super(ac,"numberSymbols",!0);this.numberSymbol=new XFAObjectArray(5)}}class TimePattern extends StringObject{constructor(e){super(ac,"timePattern");this.name=getStringOption(e.name,["full","long","med","short"])}}class TimePatterns extends XFAObject{constructor(e){super(ac,"timePatterns",!0);this.timePattern=new XFAObjectArray(4)}}class TypeFace extends XFAObject{constructor(e){super(ac,"typeFace",!0);this.name=""|e.name}}class TypeFaces extends XFAObject{constructor(e){super(ac,"typeFaces",!0);this.typeFace=new XFAObjectArray}}class LocaleSetNamespace{static[fo](e,t){if(LocaleSetNamespace.hasOwnProperty(e))return LocaleSetNamespace[e](t)}static calendarSymbols(e){return new CalendarSymbols(e)}static currencySymbol(e){return new CurrencySymbol(e)}static currencySymbols(e){return new CurrencySymbols(e)}static datePattern(e){return new DatePattern(e)}static datePatterns(e){return new DatePatterns(e)}static dateTimeSymbols(e){return new DateTimeSymbols(e)}static day(e){return new Day(e)}static dayNames(e){return new DayNames(e)}static era(e){return new Era(e)}static eraNames(e){return new EraNames(e)}static locale(e){return new locale_set_Locale(e)}static localeSet(e){return new locale_set_LocaleSet(e)}static meridiem(e){return new Meridiem(e)}static meridiemNames(e){return new MeridiemNames(e)}static month(e){return new Month(e)}static monthNames(e){return new MonthNames(e)}static numberPattern(e){return new NumberPattern(e)}static numberPatterns(e){return new NumberPatterns(e)}static numberSymbol(e){return new NumberSymbol(e)}static numberSymbols(e){return new NumberSymbols(e)}static timePattern(e){return new TimePattern(e)}static timePatterns(e){return new TimePatterns(e)}static typeFace(e){return new TypeFace(e)}static typeFaces(e){return new TypeFaces(e)}}const rc=go.signature.id;class signature_Signature extends XFAObject{constructor(e){super(rc,"signature",!0)}}class SignatureNamespace{static[fo](e,t){if(SignatureNamespace.hasOwnProperty(e))return SignatureNamespace[e](t)}static signature(e){return new signature_Signature(e)}}const ic=go.stylesheet.id;class Stylesheet extends XFAObject{constructor(e){super(ic,"stylesheet",!0)}}class StylesheetNamespace{static[fo](e,t){if(StylesheetNamespace.hasOwnProperty(e))return StylesheetNamespace[e](t)}static stylesheet(e){return new Stylesheet(e)}}const nc=go.xdp.id;class xdp_Xdp extends XFAObject{constructor(e){super(nc,"xdp",!0);this.uuid=e.uuid||"";this.timeStamp=e.timeStamp||"";this.config=null;this.connectionSet=null;this.datasets=null;this.localeSet=null;this.stylesheet=new XFAObjectArray;this.template=null}[Gs](e){const t=go[e[Ws]];return t&&e[Hs]===t.id}}class XdpNamespace{static[fo](e,t){if(XdpNamespace.hasOwnProperty(e))return XdpNamespace[e](t)}static xdp(e){return new xdp_Xdp(e)}}const sc=go.xhtml.id,oc=Symbol(),cc=new Set(["color","font","font-family","font-size","font-stretch","font-style","font-weight","margin","margin-bottom","margin-left","margin-right","margin-top","letter-spacing","line-height","orphans","page-break-after","page-break-before","page-break-inside","tab-interval","tab-stop","text-align","text-decoration","text-indent","vertical-align","widows","kerning-mode","xfa-font-horizontal-scale","xfa-font-vertical-scale","xfa-spacerun","xfa-tab-stops"]),lc=new Map([["page-break-after","breakAfter"],["page-break-before","breakBefore"],["page-break-inside","breakInside"],["kerning-mode",e=>"none"===e?"none":"normal"],["xfa-font-horizontal-scale",e=>`scaleX(${Math.max(0,parseInt(e)/100).toFixed(2)})`],["xfa-font-vertical-scale",e=>`scaleY(${Math.max(0,parseInt(e)/100).toFixed(2)})`],["xfa-spacerun",""],["xfa-tab-stops",""],["font-size",(e,t)=>measureToString(.99*(e=t.fontSize=Math.abs(getMeasurement(e))))],["letter-spacing",e=>measureToString(getMeasurement(e))],["line-height",e=>measureToString(getMeasurement(e))],["margin",e=>measureToString(getMeasurement(e))],["margin-bottom",e=>measureToString(getMeasurement(e))],["margin-left",e=>measureToString(getMeasurement(e))],["margin-right",e=>measureToString(getMeasurement(e))],["margin-top",e=>measureToString(getMeasurement(e))],["text-indent",e=>measureToString(getMeasurement(e))],["font-family",e=>e],["vertical-align",e=>measureToString(getMeasurement(e))]]),hc=/\s+/g,uc=/[\r\n]+/g,dc=/\r\n?/g;function mapStyle(e,t,a){const r=Object.create(null);if(!e)return r;const i=Object.create(null);for(const[t,a]of e.split(";").map((e=>e.split(":",2)))){const e=lc.get(t);if(""===e)continue;let n=a;e&&(n="string"==typeof e?e:e(a,i));t.endsWith("scale")?r.transform=r.transform?`${r[t]} ${n}`:n:r[t.replaceAll(/-([a-zA-Z])/g,((e,t)=>t.toUpperCase()))]=n}r.fontFamily&&setFontFamily({typeface:r.fontFamily,weight:r.fontWeight||"normal",posture:r.fontStyle||"normal",size:i.fontSize||0},t,t[Is].fontFinder,r);if(a&&r.verticalAlign&&"0px"!==r.verticalAlign&&r.fontSize){const e=.583,t=.333,a=getMeasurement(r.fontSize);r.fontSize=measureToString(a*e);r.verticalAlign=measureToString(Math.sign(getMeasurement(r.verticalAlign))*a*t)}a&&r.fontSize&&(r.fontSize=`calc(${r.fontSize} * var(--total-scale-factor))`);fixTextIndent(r);return r}const fc=new Set(["body","html"]);class XhtmlObject extends XmlObject{constructor(e,t){super(sc,t);this[oc]=!1;this.style=e.style||""}[ts](e){super[ts](e);this.style=function checkStyle(e){return e.style?e.style.split(";").filter((e=>!!e.trim())).map((e=>e.split(":",2).map((e=>e.trim())))).filter((([t,a])=>{"font-family"===t&&e[Is].usedTypefaces.add(a);return cc.has(t)})).map((e=>e.join(":"))).join(";"):""}(this)}[Yn](){return!fc.has(this[Ws])}[Vs](e,t=!1){if(t)this[oc]=!0;else{e=e.replaceAll(uc,"");this.style.includes("xfa-spacerun:yes")||(e=e.replaceAll(hc," "))}e&&(this[ss]+=e)}[Ks](e,t=!0){const a=Object.create(null),r={top:NaN,bottom:NaN,left:NaN,right:NaN};let i=null;for(const[e,t]of this.style.split(";").map((e=>e.split(":",2))))switch(e){case"font-family":a.typeface=stripQuotes(t);break;case"font-size":a.size=getMeasurement(t);break;case"font-weight":a.weight=t;break;case"font-style":a.posture=t;break;case"letter-spacing":a.letterSpacing=getMeasurement(t);break;case"margin":const e=t.split(/ \t/).map((e=>getMeasurement(e)));switch(e.length){case 1:r.top=r.bottom=r.left=r.right=e[0];break;case 2:r.top=r.bottom=e[0];r.left=r.right=e[1];break;case 3:r.top=e[0];r.bottom=e[2];r.left=r.right=e[1];break;case 4:r.top=e[0];r.left=e[1];r.bottom=e[2];r.right=e[3]}break;case"margin-top":r.top=getMeasurement(t);break;case"margin-bottom":r.bottom=getMeasurement(t);break;case"margin-left":r.left=getMeasurement(t);break;case"margin-right":r.right=getMeasurement(t);break;case"line-height":i=getMeasurement(t)}e.pushData(a,r,i);if(this[ss])e.addString(this[ss]);else for(const t of this[Ss]())"#text"!==t[Ws]?t[Ks](e):e.addString(t[ss]);t&&e.popFont()}[co](e){const t=[];this[ls]={children:t};this[es]({});if(0===t.length&&!this[ss])return HTMLResult.EMPTY;let a;a=this[oc]?this[ss]?this[ss].replaceAll(dc,"\n"):void 0:this[ss]||void 0;return HTMLResult.success({name:this[Ws],attributes:{href:this.href,style:mapStyle(this.style,this,this[oc])},children:t,value:a})}}class A extends XhtmlObject{constructor(e){super(e,"a");this.href=fixURL(e.href)||""}}class B extends XhtmlObject{constructor(e){super(e,"b")}[Ks](e){e.pushFont({weight:"bold"});super[Ks](e);e.popFont()}}class Body extends XhtmlObject{constructor(e){super(e,"body")}[co](e){const t=super[co](e),{html:a}=t;if(!a)return HTMLResult.EMPTY;a.name="div";a.attributes.class=["xfaRich"];return t}}class Br extends XhtmlObject{constructor(e){super(e,"br")}[so](){return"\n"}[Ks](e){e.addString("\n")}[co](e){return HTMLResult.success({name:"br"})}}class Html extends XhtmlObject{constructor(e){super(e,"html")}[co](e){const t=[];this[ls]={children:t};this[es]({});if(0===t.length)return HTMLResult.success({name:"div",attributes:{class:["xfaRich"],style:{}},value:this[ss]||""});if(1===t.length){const e=t[0];if(e.attributes?.class.includes("xfaRich"))return HTMLResult.success(e)}return HTMLResult.success({name:"div",attributes:{class:["xfaRich"],style:{}},children:t})}}class I extends XhtmlObject{constructor(e){super(e,"i")}[Ks](e){e.pushFont({posture:"italic"});super[Ks](e);e.popFont()}}class Li extends XhtmlObject{constructor(e){super(e,"li")}}class Ol extends XhtmlObject{constructor(e){super(e,"ol")}}class P extends XhtmlObject{constructor(e){super(e,"p")}[Ks](e){super[Ks](e,!1);e.addString("\n");e.addPara();e.popFont()}[so](){return this[vs]()[Ss]().at(-1)===this?super[so]():super[so]()+"\n"}}class Span extends XhtmlObject{constructor(e){super(e,"span")}}class Sub extends XhtmlObject{constructor(e){super(e,"sub")}}class Sup extends XhtmlObject{constructor(e){super(e,"sup")}}class Ul extends XhtmlObject{constructor(e){super(e,"ul")}}class XhtmlNamespace{static[fo](e,t){if(XhtmlNamespace.hasOwnProperty(e))return XhtmlNamespace[e](t)}static a(e){return new A(e)}static b(e){return new B(e)}static body(e){return new Body(e)}static br(e){return new Br(e)}static html(e){return new Html(e)}static i(e){return new I(e)}static li(e){return new Li(e)}static ol(e){return new Ol(e)}static p(e){return new P(e)}static span(e){return new Span(e)}static sub(e){return new Sub(e)}static sup(e){return new Sup(e)}static ul(e){return new Ul(e)}}const gc={config:ConfigNamespace,connection:ConnectionSetNamespace,datasets:DatasetsNamespace,localeSet:LocaleSetNamespace,signature:SignatureNamespace,stylesheet:StylesheetNamespace,template:TemplateNamespace,xdp:XdpNamespace,xhtml:XhtmlNamespace};class UnknownNamespace{constructor(e){this.namespaceId=e}[fo](e,t){return new XmlObject(this.namespaceId,e,t)}}class Root extends XFAObject{constructor(e){super(-1,"root",Object.create(null));this.element=null;this[Os]=e}[$s](e){this.element=e;return!0}[hs](){super[hs]();if(this.element.template instanceof Template){this[Os].set(Qs,this.element);this.element.template[eo](this[Os]);this.element.template[Os]=this[Os]}}}class Empty extends XFAObject{constructor(){super(-1,"",Object.create(null))}[$s](e){return!1}}class Builder{constructor(e=null){this._namespaceStack=[];this._nsAgnosticLevel=0;this._namespacePrefixes=new Map;this._namespaces=new Map;this._nextNsId=Math.max(...Object.values(go).map((({id:e})=>e)));this._currentNamespace=e||new UnknownNamespace(++this._nextNsId)}buildRoot(e){return new Root(e)}build({nsPrefix:e,name:t,attributes:a,namespace:r,prefixes:i}){const n=null!==r;if(n){this._namespaceStack.push(this._currentNamespace);this._currentNamespace=this._searchNamespace(r)}i&&this._addNamespacePrefix(i);if(a.hasOwnProperty(zs)){const e=gc.datasets,t=a[zs];let r=null;for(const[a,i]of Object.entries(t)){if(this._getNamespaceToUse(a)===e){r={xfa:i};break}}r?a[zs]=r:delete a[zs]}const s=this._getNamespaceToUse(e),o=s?.[fo](t,a)||new Empty;o[Ls]()&&this._nsAgnosticLevel++;(n||i||o[Ls]())&&(o[rs]={hasNamespace:n,prefixes:i,nsAgnostic:o[Ls]()});return o}isNsAgnostic(){return this._nsAgnosticLevel>0}_searchNamespace(e){let t=this._namespaces.get(e);if(t)return t;for(const[a,{check:r}]of Object.entries(go))if(r(e)){t=gc[a];if(t){this._namespaces.set(e,t);return t}break}t=new UnknownNamespace(++this._nextNsId);this._namespaces.set(e,t);return t}_addNamespacePrefix(e){for(const{prefix:t,value:a}of e){const e=this._searchNamespace(a);let r=this._namespacePrefixes.get(t);if(!r){r=[];this._namespacePrefixes.set(t,r)}r.push(e)}}_getNamespaceToUse(e){if(!e)return this._currentNamespace;const t=this._namespacePrefixes.get(e);if(t?.length>0)return t.at(-1);warn(`Unknown namespace prefix: ${e}.`);return null}clean(e){const{hasNamespace:t,prefixes:a,nsAgnostic:r}=e;t&&(this._currentNamespace=this._namespaceStack.pop());a&&a.forEach((({prefix:e})=>{this._namespacePrefixes.get(e).pop()}));r&&this._nsAgnosticLevel--}}class XFAParser extends XMLParserBase{constructor(e=null,t=!1){super();this._builder=new Builder(e);this._stack=[];this._globalData={usedTypefaces:new Set};this._ids=new Map;this._current=this._builder.buildRoot(this._ids);this._errorCode=jn;this._whiteRegex=/^\s+$/;this._nbsps=/\xa0+/g;this._richText=t}parse(e){this.parseXml(e);if(this._errorCode===jn){this._current[hs]();return this._current.element}}onText(e){e=e.replace(this._nbsps,(e=>e.slice(1)+" "));this._richText||this._current[Yn]()?this._current[Vs](e,this._richText):this._whiteRegex.test(e)||this._current[Vs](e.trim())}onCdata(e){this._current[Vs](e)}_mkAttributes(e,t){let a=null,r=null;const i=Object.create({});for(const{name:n,value:s}of e)if("xmlns"===n)a?warn(`XFA - multiple namespace definition in <${t}>`):a=s;else if(n.startsWith("xmlns:")){const e=n.substring(6);r??=[];r.push({prefix:e,value:s})}else{const e=n.indexOf(":");if(-1===e)i[n]=s;else{const t=i[zs]??=Object.create(null),[a,r]=[n.slice(0,e),n.slice(e+1)];(t[a]||=Object.create(null))[r]=s}}return[a,r,i]}_getNameAndPrefix(e,t){const a=e.indexOf(":");return-1===a?[e,null]:[e.substring(a+1),t?"":e.substring(0,a)]}onBeginElement(e,t,a){const[r,i,n]=this._mkAttributes(t,e),[s,o]=this._getNameAndPrefix(e,this._builder.isNsAgnostic()),c=this._builder.build({nsPrefix:o,name:s,attributes:n,namespace:r,prefixes:i});c[Is]=this._globalData;if(a){c[hs]();this._current[$s](c)&&c[ao](this._ids);c[ts](this._builder)}else{this._stack.push(this._current);this._current=c}}onEndElement(e){const t=this._current;if(t[Bs]()&&"string"==typeof t[ss]){const e=new XFAParser;e._globalData=this._globalData;const a=e.parse(t[ss]);t[ss]=null;t[$s](a)}t[hs]();this._current=this._stack.pop();this._current[$s](t)&&t[ao](this._ids);t[ts](this._builder)}onError(e){this._errorCode=e}}class XFAFactory{constructor(e){try{this.root=(new XFAParser).parse(XFAFactory._createDocument(e));const t=new Binder(this.root);this.form=t.bind();this.dataHandler=new DataHandler(this.root,t.getData());this.form[Is].template=this.form}catch(e){warn(`XFA - an error occurred during parsing and binding: ${e}`)}}isValid(){return!(!this.root||!this.form)}_createPagesHelper(){const e=this.form[oo]();return new Promise(((t,a)=>{const nextIteration=()=>{try{const a=e.next();a.done?t(a.value):setTimeout(nextIteration,0)}catch(e){a(e)}};setTimeout(nextIteration,0)}))}async _createPages(){try{this.pages=await this._createPagesHelper();this.dims=this.pages.children.map((e=>{const{width:t,height:a}=e.attributes.style;return[0,0,parseInt(t),parseInt(a)]}))}catch(e){warn(`XFA - an error occurred during layout: ${e}`)}}getBoundingBox(e){return this.dims[e]}async getNumPages(){this.pages||await this._createPages();return this.dims.length}setImages(e){this.form[Is].images=e}setFonts(e){this.form[Is].fontFinder=new FontFinder(e);const t=[];for(let e of this.form[Is].usedTypefaces){e=stripQuotes(e);this.form[Is].fontFinder.find(e)||t.push(e)}return t.length>0?t:null}appendFonts(e,t){this.form[Is].fontFinder.add(e,t)}async getPages(){this.pages||await this._createPages();const e=this.pages;this.pages=null;return e}serializeData(e){return this.dataHandler.serialize(e)}static _createDocument(e){return e["/xdp:xdp"]?Object.values(e).join(""):e["xdp:xdp"]}static getRichTextAsHtml(e){if(!e||"string"!=typeof e)return null;try{let t=new XFAParser(XhtmlNamespace,!0).parse(e);if(!["body","xhtml"].includes(t[Ws])){const e=XhtmlNamespace.body({});e[Qn](t);t=e}const a=t[co]();if(!a.success)return null;const{html:r}=a,{attributes:i}=r;if(i){i.class&&(i.class=i.class.filter((e=>!e.startsWith("xfa"))));i.dir="auto"}return{html:r,str:t[so]()}}catch(e){warn(`XFA - an error occurred during parsing of rich text: ${e}`)}return null}}class AnnotationFactory{static createGlobals(e){return Promise.all([e.ensureCatalog("acroForm"),e.ensureDoc("xfaDatasets"),e.ensureCatalog("structTreeRoot"),e.ensureCatalog("baseUrl"),e.ensureCatalog("attachments"),e.ensureCatalog("globalColorSpaceCache")]).then((([t,a,r,i,n,s])=>({pdfManager:e,acroForm:t instanceof Dict?t:Dict.empty,xfaDatasets:a,structTreeRoot:r,baseUrl:i,attachments:n,globalColorSpaceCache:s})),(e=>{warn(`createGlobals: "${e}".`);return null}))}static async create(e,t,a,r,i,n,s){const o=i?await this._getPageIndex(e,t,a.pdfManager):null;return a.pdfManager.ensure(this,"_create",[e,t,a,r,i,n,o,s])}static _create(e,t,a,r,i=!1,n=null,s=null,o=null){const c=e.fetchIfRef(t);if(!(c instanceof Dict))return;const{acroForm:l,pdfManager:h}=a,u=t instanceof Ref?t.toString():`annot_${r.createObjId()}`;let d=c.get("Subtype");d=d instanceof Name?d.name:null;const f={xref:e,ref:t,dict:c,subtype:d,id:u,annotationGlobals:a,collectFields:i,orphanFields:n,needAppearances:!i&&!0===l.get("NeedAppearances"),pageIndex:s,evaluatorOptions:h.evaluatorOptions,pageRef:o};switch(d){case"Link":return new LinkAnnotation(f);case"Text":return new TextAnnotation(f);case"Widget":let e=getInheritableProperty({dict:c,key:"FT"});e=e instanceof Name?e.name:null;switch(e){case"Tx":return new TextWidgetAnnotation(f);case"Btn":return new ButtonWidgetAnnotation(f);case"Ch":return new ChoiceWidgetAnnotation(f);case"Sig":return new SignatureWidgetAnnotation(f)}warn(`Unimplemented widget field type "${e}", falling back to base field type.`);return new WidgetAnnotation(f);case"Popup":return new PopupAnnotation(f);case"FreeText":return new FreeTextAnnotation(f);case"Line":return new LineAnnotation(f);case"Square":return new SquareAnnotation(f);case"Circle":return new CircleAnnotation(f);case"PolyLine":return new PolylineAnnotation(f);case"Polygon":return new PolygonAnnotation(f);case"Caret":return new CaretAnnotation(f);case"Ink":return new InkAnnotation(f);case"Highlight":return new HighlightAnnotation(f);case"Underline":return new UnderlineAnnotation(f);case"Squiggly":return new SquigglyAnnotation(f);case"StrikeOut":return new StrikeOutAnnotation(f);case"Stamp":return new StampAnnotation(f);case"FileAttachment":return new FileAttachmentAnnotation(f);default:i||warn(d?`Unimplemented annotation type "${d}", falling back to base annotation.`:"Annotation is missing the required /Subtype.");return new Annotation(f)}}static async _getPageIndex(e,t,a){try{const r=await e.fetchIfRefAsync(t);if(!(r instanceof Dict))return-1;const i=r.getRaw("P");if(i instanceof Ref)try{return await a.ensureCatalog("getPageIndex",[i])}catch(e){info(`_getPageIndex -- not a valid page reference: "${e}".`)}if(r.has("Kids"))return-1;const n=await a.ensureDoc("numPages");for(let e=0;ee/255))}function getQuadPoints(e,t){const a=e.getArray("QuadPoints");if(!isNumberArray(a,null)||0===a.length||a.length%8>0)return null;const r=new Float32Array(a.length);for(let e=0,i=a.length;et[2]||gt[3]))return null;r.set([d,p,f,p,d,g,f,g],e)}return r}function getTransformMatrix(e,t,a){const r=new Float32Array([1/0,1/0,-1/0,-1/0]);Util.axialAlignedBoundingBox(t,a,r);const[i,n,s,o]=r;if(i===s||n===o)return[1,0,0,1,e[0],e[1]];const c=(e[2]-e[0])/(s-i),l=(e[3]-e[1])/(o-n);return[c,0,0,l,e[0]-i*c,e[1]-n*l]}class Annotation{constructor(e){const{dict:t,xref:a,annotationGlobals:r,ref:i,orphanFields:n}=e,s=n?.get(i);s&&t.set("Parent",s);this.setTitle(t.get("T"));this.setContents(t.get("Contents"));this.setModificationDate(t.get("M"));this.setFlags(t.get("F"));this.setRectangle(t.getArray("Rect"));this.setColor(t.getArray("C"));this.setBorderStyle(t);this.setAppearance(t);this.setOptionalContent(t);const o=t.get("MK");this.setBorderAndBackgroundColors(o);this.setRotation(o,t);this.ref=e.ref instanceof Ref?e.ref:null;this._streams=[];this.appearance&&this._streams.push(this.appearance);const c=!!(this.flags&ee),l=!!(this.flags&te);this.data={annotationFlags:this.flags,borderStyle:this.borderStyle,color:this.color,backgroundColor:this.backgroundColor,borderColor:this.borderColor,rotation:this.rotation,contentsObj:this._contents,hasAppearance:!!this.appearance,id:e.id,modificationDate:this.modificationDate,rect:this.rectangle,subtype:e.subtype,hasOwnCanvas:!1,noRotate:!!(this.flags&Z),noHTML:c&&l,isEditable:!1,structParent:-1};if(r.structTreeRoot){let a=t.get("StructParent");this.data.structParent=a=Number.isInteger(a)&&a>=0?a:-1;r.structTreeRoot.addAnnotationIdToPage(e.pageRef,a)}if(e.collectFields){const r=t.get("Kids");if(Array.isArray(r)){const e=[];for(const t of r)t instanceof Ref&&e.push(t.toString());0!==e.length&&(this.data.kidIds=e)}this.data.actions=collectActions(a,t,ye);this.data.fieldName=this._constructFieldName(t);this.data.pageIndex=e.pageIndex}const h=t.get("IT");h instanceof Name&&(this.data.it=h.name);this._isOffscreenCanvasSupported=e.evaluatorOptions.isOffscreenCanvasSupported;this._fallbackFontDict=null;this._needAppearances=!1}_hasFlag(e,t){return!!(e&t)}_buildFlags(e,t){let{flags:a}=this;if(void 0===e){if(void 0===t)return;return t?a&~Y:a&~J|Y}if(e){a|=Y;return t?a&~Q|J:a&~J|Q}a&=~(J|Q);return t?a&~Y:a|Y}_isViewable(e){return!this._hasFlag(e,K)&&!this._hasFlag(e,Q)}_isPrintable(e){return this._hasFlag(e,Y)&&!this._hasFlag(e,J)&&!this._hasFlag(e,K)}mustBeViewed(e,t){const a=e?.get(this.data.id)?.noView;return void 0!==a?!a:this.viewable&&!this._hasFlag(this.flags,J)}mustBePrinted(e){const t=e?.get(this.data.id)?.noPrint;return void 0!==t?!t:this.printable}mustBeViewedWhenEditing(e,t=null){return e?!this.data.isEditable:!t?.has(this.data.id)}get viewable(){return null!==this.data.quadPoints&&(0===this.flags||this._isViewable(this.flags))}get printable(){return null!==this.data.quadPoints&&(0!==this.flags&&this._isPrintable(this.flags))}_parseStringHelper(e){const t="string"==typeof e?stringToPDFString(e):"";return{str:t,dir:t&&"rtl"===bidi(t).dir?"rtl":"ltr"}}setDefaultAppearance(e){const{dict:t,annotationGlobals:a}=e,r=getInheritableProperty({dict:t,key:"DA"})||a.acroForm.get("DA");this._defaultAppearance="string"==typeof r?r:"";this.data.defaultAppearanceData=parseDefaultAppearance(this._defaultAppearance)}setTitle(e){this._title=this._parseStringHelper(e)}setContents(e){this._contents=this._parseStringHelper(e)}setModificationDate(e){this.modificationDate="string"==typeof e?e:null}setFlags(e){this.flags=Number.isInteger(e)&&e>0?e:0;this.flags&K&&"Annotation"!==this.constructor.name&&(this.flags^=K)}hasFlag(e){return this._hasFlag(this.flags,e)}setRectangle(e){this.rectangle=lookupNormalRect(e,[0,0,0,0])}setColor(e){this.color=getRgbColor(e)}setLineEndings(e){this.lineEndings=["None","None"];if(Array.isArray(e)&&2===e.length)for(let t=0;t<2;t++){const a=e[t];if(a instanceof Name)switch(a.name){case"None":continue;case"Square":case"Circle":case"Diamond":case"OpenArrow":case"ClosedArrow":case"Butt":case"ROpenArrow":case"RClosedArrow":case"Slash":this.lineEndings[t]=a.name;continue}warn(`Ignoring invalid lineEnding: ${a}`)}}setRotation(e,t){this.rotation=0;let a=e instanceof Dict?e.get("R")||0:t.get("Rotate")||0;if(Number.isInteger(a)&&0!==a){a%=360;a<0&&(a+=360);a%90==0&&(this.rotation=a)}}setBorderAndBackgroundColors(e){if(e instanceof Dict){this.borderColor=getRgbColor(e.getArray("BC"),null);this.backgroundColor=getRgbColor(e.getArray("BG"),null)}else this.borderColor=this.backgroundColor=null}setBorderStyle(e){this.borderStyle=new AnnotationBorderStyle;if(e instanceof Dict)if(e.has("BS")){const t=e.get("BS");if(t instanceof Dict){const e=t.get("Type");if(!e||isName(e,"Border")){this.borderStyle.setWidth(t.get("W"),this.rectangle);this.borderStyle.setStyle(t.get("S"));this.borderStyle.setDashArray(t.getArray("D"))}}}else if(e.has("Border")){const t=e.getArray("Border");if(Array.isArray(t)&&t.length>=3){this.borderStyle.setHorizontalCornerRadius(t[0]);this.borderStyle.setVerticalCornerRadius(t[1]);this.borderStyle.setWidth(t[2],this.rectangle);4===t.length&&this.borderStyle.setDashArray(t[3],!0)}}else this.borderStyle.setWidth(0)}setAppearance(e){this.appearance=null;const t=e.get("AP");if(!(t instanceof Dict))return;const a=t.get("N");if(a instanceof BaseStream){this.appearance=a;return}if(!(a instanceof Dict))return;const r=e.get("AS");if(!(r instanceof Name&&a.has(r.name)))return;const i=a.get(r.name);i instanceof BaseStream&&(this.appearance=i)}setOptionalContent(e){this.oc=null;const t=e.get("OC");t instanceof Name?warn("setOptionalContent: Support for /Name-entry is not implemented."):t instanceof Dict&&(this.oc=t)}async loadResources(e,t){const a=await t.dict.getAsync("Resources");a&&await ObjectLoader.load(a,e,a.xref);return a}async getOperatorList(e,t,a,r){const{hasOwnCanvas:i,id:n,rect:o}=this.data;let c=this.appearance;const l=!!(i&&a&s);if(l&&(0===this.width||0===this.height)){this.data.hasOwnCanvas=!1;return{opList:new OperatorList,separateForm:!1,separateCanvas:!1}}if(!c){if(!l)return{opList:new OperatorList,separateForm:!1,separateCanvas:!1};c=new StringStream("");c.dict=new Dict}const h=c.dict,u=await this.loadResources(Ia,c),d=lookupRect(h.getArray("BBox"),[0,0,1,1]),f=lookupMatrix(h.getArray("Matrix"),Fa),g=getTransformMatrix(o,d,f),p=new OperatorList;let m;this.oc&&(m=await e.parseMarkedContentProps(this.oc,null));void 0!==m&&p.addOp(jt,["OC",m]);p.addOp($t,[n,o,g,f,l]);await e.getOperatorList({stream:c,task:t,resources:u,operatorList:p,fallbackFontDict:this._fallbackFontDict});p.addOp(Gt,[]);void 0!==m&&p.addOp(_t,[]);this.reset();return{opList:p,separateForm:!1,separateCanvas:l}}async save(e,t,a,r){return null}get overlaysTextContent(){return!1}get hasTextContent(){return!1}async extractTextContent(e,t,a){if(!this.appearance)return;const r=await this.loadResources(Ta,this.appearance),i=[],n=[];let s=null;const o={desiredSize:Math.Infinity,ready:!0,enqueue(e,t){for(const t of e.items)if(void 0!==t.str){s||=t.transform.slice(-2);n.push(t.str);if(t.hasEOL){i.push(n.join("").trimEnd());n.length=0}}}};await e.getTextContent({stream:this.appearance,task:t,resources:r,includeMarkedContent:!0,keepWhiteSpace:!0,sink:o,viewBox:a});this.reset();n.length&&i.push(n.join("").trimEnd());if(i.length>1||i[0]){const e=this.appearance.dict,t=lookupRect(e.getArray("BBox"),null),a=lookupMatrix(e.getArray("Matrix"),null);this.data.textPosition=this._transformPoint(s,t,a);this.data.textContent=i}}_transformPoint(e,t,a){const{rect:r}=this.data;t||=[0,0,1,1];a||=[1,0,0,1,0,0];const i=getTransformMatrix(r,t,a);i[4]-=r[0];i[5]-=r[1];const n=e.slice();Util.applyTransform(n,i);Util.applyTransform(n,a);return n}getFieldObject(){return this.data.kidIds?{id:this.data.id,actions:this.data.actions,name:this.data.fieldName,strokeColor:this.data.borderColor,fillColor:this.data.backgroundColor,type:"",kidIds:this.data.kidIds,page:this.data.pageIndex,rotation:this.rotation}:null}reset(){for(const e of this._streams)e.reset()}_constructFieldName(e){if(!e.has("T")&&!e.has("Parent")){warn("Unknown field name, falling back to empty field name.");return""}if(!e.has("Parent"))return stringToPDFString(e.get("T"));const t=[];e.has("T")&&t.unshift(stringToPDFString(e.get("T")));let a=e;const r=new RefSet;e.objId&&r.put(e.objId);for(;a.has("Parent");){a=a.get("Parent");if(!(a instanceof Dict)||a.objId&&r.has(a.objId))break;a.objId&&r.put(a.objId);a.has("T")&&t.unshift(stringToPDFString(a.get("T")))}return t.join(".")}get width(){return this.data.rect[2]-this.data.rect[0]}get height(){return this.data.rect[3]-this.data.rect[1]}}class AnnotationBorderStyle{constructor(){this.width=1;this.rawWidth=1;this.style=fe;this.dashArray=[3];this.horizontalCornerRadius=0;this.verticalCornerRadius=0}setWidth(e,t=[0,0,0,0]){if(e instanceof Name)this.width=0;else if("number"==typeof e){if(e>0){this.rawWidth=e;const a=(t[2]-t[0])/2,r=(t[3]-t[1])/2;if(a>0&&r>0&&(e>a||e>r)){warn(`AnnotationBorderStyle.setWidth - ignoring width: ${e}`);e=1}}this.width=e}}setStyle(e){if(e instanceof Name)switch(e.name){case"S":this.style=fe;break;case"D":this.style=ge;break;case"B":this.style=pe;break;case"I":this.style=me;break;case"U":this.style=be}}setDashArray(e,t=!1){if(Array.isArray(e)){let a=!0,r=!0;for(const t of e){if(!(+t>=0)){a=!1;break}t>0&&(r=!1)}if(0===e.length||a&&!r){this.dashArray=e;t&&this.setStyle(Name.get("D"))}else this.width=0}else e&&(this.width=0)}setHorizontalCornerRadius(e){Number.isInteger(e)&&(this.horizontalCornerRadius=e)}setVerticalCornerRadius(e){Number.isInteger(e)&&(this.verticalCornerRadius=e)}}class MarkupAnnotation extends Annotation{constructor(e){super(e);const{dict:t}=e;if(t.has("IRT")){const e=t.getRaw("IRT");this.data.inReplyTo=e instanceof Ref?e.toString():null;const a=t.get("RT");this.data.replyType=a instanceof Name?a.name:V}let a=null;if(this.data.replyType===G){const e=t.get("IRT");this.setTitle(e.get("T"));this.data.titleObj=this._title;this.setContents(e.get("Contents"));this.data.contentsObj=this._contents;if(e.has("CreationDate")){this.setCreationDate(e.get("CreationDate"));this.data.creationDate=this.creationDate}else this.data.creationDate=null;if(e.has("M")){this.setModificationDate(e.get("M"));this.data.modificationDate=this.modificationDate}else this.data.modificationDate=null;a=e.getRaw("Popup");if(e.has("C")){this.setColor(e.getArray("C"));this.data.color=this.color}else this.data.color=null}else{this.data.titleObj=this._title;this.setCreationDate(t.get("CreationDate"));this.data.creationDate=this.creationDate;a=t.getRaw("Popup");t.has("C")||(this.data.color=null)}this.data.popupRef=a instanceof Ref?a.toString():null;t.has("RC")&&(this.data.richText=XFAFactory.getRichTextAsHtml(t.get("RC")))}setCreationDate(e){this.creationDate="string"==typeof e?e:null}_setDefaultAppearance({xref:e,extra:t,strokeColor:a,fillColor:r,blendMode:i,strokeAlpha:n,fillAlpha:s,pointsCallback:o}){const c=this.data.rect=[1/0,1/0,-1/0,-1/0],l=["q"];t&&l.push(t);a&&l.push(`${a[0]} ${a[1]} ${a[2]} RG`);r&&l.push(`${r[0]} ${r[1]} ${r[2]} rg`);const h=this.data.quadPoints||Float32Array.from([this.rectangle[0],this.rectangle[3],this.rectangle[2],this.rectangle[3],this.rectangle[0],this.rectangle[1],this.rectangle[2],this.rectangle[1]]);for(let e=0,t=h.length;e"string"==typeof e)).map((e=>stringToPDFString(e))):e instanceof Name?stringToPDFString(e.name):"string"==typeof e?stringToPDFString(e):null}hasFieldFlag(e){return!!(this.data.fieldFlags&e)}_isViewable(e){return!0}mustBeViewed(e,t){return t?this.viewable:super.mustBeViewed(e,t)&&!this._hasFlag(this.flags,Q)}getRotationMatrix(e){let t=e?.get(this.data.id)?.rotation;void 0===t&&(t=this.rotation);return 0===t?Fa:getRotationMatrix(t,this.width,this.height)}getBorderAndBackgroundAppearances(e){let t=e?.get(this.data.id)?.rotation;void 0===t&&(t=this.rotation);if(!this.backgroundColor&&!this.borderColor)return"";const a=0===t||180===t?`0 0 ${this.width} ${this.height} re`:`0 0 ${this.height} ${this.width} re`;let r="";this.backgroundColor&&(r=`${getPdfColor(this.backgroundColor,!0)} ${a} f `);if(this.borderColor){r+=`${this.borderStyle.width||1} w ${getPdfColor(this.borderColor,!1)} ${a} S `}return r}async getOperatorList(e,t,a,r){if(a&l&&!(this instanceof SignatureWidgetAnnotation)&&!this.data.noHTML&&!this.data.hasOwnCanvas)return{opList:new OperatorList,separateForm:!0,separateCanvas:!1};if(!this._hasText)return super.getOperatorList(e,t,a,r);const i=await this._getAppearance(e,t,a,r);if(this.appearance&&null===i)return super.getOperatorList(e,t,a,r);const n=new OperatorList;if(!this._defaultAppearance||null===i)return{opList:n,separateForm:!1,separateCanvas:!1};const o=!!(this.data.hasOwnCanvas&&a&s),c=[0,0,this.width,this.height],h=getTransformMatrix(this.data.rect,c,[1,0,0,1,0,0]);let u;this.oc&&(u=await e.parseMarkedContentProps(this.oc,null));void 0!==u&&n.addOp(jt,["OC",u]);n.addOp($t,[this.data.id,this.data.rect,h,this.getRotationMatrix(r),o]);const d=new StringStream(i);await e.getOperatorList({stream:d,task:t,resources:this._fieldResources.mergedResources,operatorList:n});n.addOp(Gt,[]);void 0!==u&&n.addOp(_t,[]);return{opList:n,separateForm:!1,separateCanvas:o}}_getMKDict(e){const t=new Dict(null);e&&t.set("R",e);this.borderColor&&t.set("BC",getPdfColorArray(this.borderColor));this.backgroundColor&&t.set("BG",getPdfColorArray(this.backgroundColor));return t.size>0?t:null}amendSavedDict(e,t){}setValue(e,t,a,r){const{dict:i,ref:n}=function getParentToUpdate(e,t,a){const r=new RefSet,i=e,n={dict:null,ref:null};for(;e instanceof Dict&&!r.has(t);){r.put(t);if(e.has("T"))break;if(!((t=e.getRaw("Parent"))instanceof Ref))return n;e=a.fetch(t)}if(e instanceof Dict&&e!==i){n.dict=e;n.ref=t}return n}(e,this.ref,a);if(i){if(!r.has(n)){const e=i.clone();e.set("V",t);r.put(n,{data:e});return e}}else e.set("V",t);return null}async save(e,t,a,r){const i=a?.get(this.data.id),n=this._buildFlags(i?.noView,i?.noPrint);let s=i?.value,o=i?.rotation;if(s===this.data.fieldValue||void 0===s){if(!this._hasValueFromXFA&&void 0===o&&void 0===n)return;s||=this.data.fieldValue}if(void 0===o&&!this._hasValueFromXFA&&Array.isArray(s)&&Array.isArray(this.data.fieldValue)&&isArrayEqual(s,this.data.fieldValue)&&void 0===n)return;void 0===o&&(o=this.rotation);let l=null;if(!this._needAppearances){l=await this._getAppearance(e,t,c,a);if(null===l&&void 0===n)return}let h=!1;if(l?.needAppearances){h=!0;l=null}const{xref:u}=e,d=u.fetchIfRef(this.ref);if(!(d instanceof Dict))return;const f=new Dict(u);for(const e of d.getKeys())"AP"!==e&&f.set(e,d.getRaw(e));if(void 0!==n){f.set("F",n);if(null===l&&!h){const e=d.getRaw("AP");e&&f.set("AP",e)}}const g={path:this.data.fieldName,value:s},p=this.setValue(f,Array.isArray(s)?s.map(stringToAsciiOrUTF16BE):stringToAsciiOrUTF16BE(s),u,r);this.amendSavedDict(a,p||f);const m=this._getMKDict(o);m&&f.set("MK",m);r.put(this.ref,{data:f,xfa:g,needAppearances:h});if(null!==l){const e=u.getNewTemporaryRef(),t=new Dict(u);f.set("AP",t);t.set("N",e);const i=this._getSaveFieldResources(u),n=new StringStream(l),s=n.dict=new Dict(u);s.set("Subtype",Name.get("Form"));s.set("Resources",i);const c=o%180==0?[0,0,this.width,this.height]:[0,0,this.height,this.width];s.set("BBox",c);const h=this.getRotationMatrix(a);h!==Fa&&s.set("Matrix",h);r.put(e,{data:n,xfa:null,needAppearances:!1})}f.set("M",`D:${getModificationDate()}`)}async _getAppearance(e,t,a,r){if(this.data.password)return null;const n=r?.get(this.data.id);let s,o;if(n){s=n.formattedValue||n.value;o=n.rotation}if(void 0===o&&void 0===s&&!this._needAppearances&&(!this._hasValueFromXFA||this.appearance))return null;const l=this.getBorderAndBackgroundAppearances(r);if(void 0===s){s=this.data.fieldValue;if(!s)return`/Tx BMC q ${l}Q EMC`}Array.isArray(s)&&1===s.length&&(s=s[0]);assert("string"==typeof s,"Expected `value` to be a string.");s=s.trimEnd();if(this.data.combo){const e=this.data.options.find((({exportValue:e})=>s===e));s=e?.displayValue||s}if(""===s)return`/Tx BMC q ${l}Q EMC`;void 0===o&&(o=this.rotation);let h,u=-1;if(this.data.multiLine){h=s.split(/\r\n?|\n/).map((e=>e.normalize("NFC")));u=h.length}else h=[s.replace(/\r\n?|\n/,"").normalize("NFC")];let{width:d,height:f}=this;90!==o&&270!==o||([d,f]=[f,d]);this._defaultAppearance||(this.data.defaultAppearanceData=parseDefaultAppearance(this._defaultAppearance="/Helvetica 0 Tf 0 g"));let g,p,m,b=await WidgetAnnotation._getFontData(e,t,this.data.defaultAppearanceData,this._fieldResources.mergedResources);const y=[];let w=!1;for(const e of h){const t=b.encodeString(e);t.length>1&&(w=!0);y.push(t.join(""))}if(w&&a&c)return{needAppearances:!0};if(w&&this._isOffscreenCanvasSupported){const a=this.data.comb?"monospace":"sans-serif",r=new FakeUnicodeFont(e.xref,a),i=r.createFontResources(h.join("")),n=i.getRaw("Font");if(this._fieldResources.mergedResources.has("Font")){const e=this._fieldResources.mergedResources.get("Font");for(const t of n.getKeys())e.set(t,n.getRaw(t))}else this._fieldResources.mergedResources.set("Font",n);const o=r.fontName.name;b=await WidgetAnnotation._getFontData(e,t,{fontName:o,fontSize:0},i);for(let e=0,t=y.length;e2)return`/Tx BMC q ${l}BT `+g+` 1 0 0 1 ${numberToString(2)} ${numberToString(C)} Tm (${escapeString(y[0])}) Tj ET Q EMC`;return`/Tx BMC q ${l}BT `+g+` 1 0 0 1 0 0 Tm ${this._renderText(y[0],b,p,d,k,{shift:0},2,C)} ET Q EMC`}static async _getFontData(e,t,a,r){const i=new OperatorList,n={font:null,clone(){return this}},{fontName:s,fontSize:o}=a;await e.handleSetFont(r,[s&&Name.get(s),o],null,i,t,n,null);return n.font}_getTextWidth(e,t){return Math.sumPrecise(t.charsToGlyphs(e).map((e=>e.width)))/1e3}_computeFontSize(e,t,r,i,n){let{fontSize:s}=this.data.defaultAppearanceData,o=(s||12)*a,c=Math.round(e/o);if(!s){const roundWithTwoDigits=e=>Math.floor(100*e)/100;if(-1===n){const n=this._getTextWidth(r,i);s=roundWithTwoDigits(Math.min(e/a,t/n));c=1}else{const l=r.split(/\r\n?|\n/),h=[];for(const e of l){const t=i.encodeString(e).join(""),a=i.charsToGlyphs(t),r=i.getCharPositions(t);h.push({line:t,glyphs:a,positions:r})}const isTooBig=a=>{let r=0;for(const n of h){r+=this._splitLine(null,i,a,t,n).length*a;if(r>e)return!0}return!1};c=Math.max(c,n);for(;;){o=e/c;s=roundWithTwoDigits(o/a);if(!isTooBig(s))break;c++}}const{fontName:l,fontColor:h}=this.data.defaultAppearanceData;this._defaultAppearance=function createDefaultAppearance({fontSize:e,fontName:t,fontColor:a}){return`/${escapePDFName(t)} ${e} Tf ${getPdfColor(a,!0)}`}({fontSize:s,fontName:l,fontColor:h})}return[this._defaultAppearance,s,e/c]}_renderText(e,t,a,r,i,n,s,o){let c;if(1===i){c=(r-this._getTextWidth(e,t)*a)/2}else if(2===i){c=r-this._getTextWidth(e,t)*a-s}else c=s;const l=numberToString(c-n.shift);n.shift=c;return`${l} ${o=numberToString(o)} Td (${escapeString(e)}) Tj`}_getSaveFieldResources(e){const{localResources:t,appearanceResources:a,acroFormResources:r}=this._fieldResources,i=this.data.defaultAppearanceData?.fontName;if(!i)return t||Dict.empty;for(const e of[t,a])if(e instanceof Dict){const t=e.get("Font");if(t instanceof Dict&&t.has(i))return e}if(r instanceof Dict){const a=r.get("Font");if(a instanceof Dict&&a.has(i)){const r=new Dict(e);r.set(i,a.getRaw(i));const n=new Dict(e);n.set("Font",r);return Dict.merge({xref:e,dictArray:[n,t],mergeSubDicts:!0})}}return t||Dict.empty}getFieldObject(){return null}}class TextWidgetAnnotation extends WidgetAnnotation{constructor(e){super(e);const{dict:t}=e;if(t.has("PMD")){this.flags|=J;this.data.hidden=!0;warn("Barcodes are not supported")}this.data.hasOwnCanvas=this.data.readOnly&&!this.data.noHTML;this._hasText=!0;"string"!=typeof this.data.fieldValue&&(this.data.fieldValue="");let a=getInheritableProperty({dict:t,key:"Q"});(!Number.isInteger(a)||a<0||a>2)&&(a=null);this.data.textAlignment=a;let r=getInheritableProperty({dict:t,key:"MaxLen"});(!Number.isInteger(r)||r<0)&&(r=0);this.data.maxLen=r;this.data.multiLine=this.hasFieldFlag(ie);this.data.comb=this.hasFieldFlag(de)&&!this.data.multiLine&&!this.data.password&&!this.hasFieldFlag(le)&&0!==this.data.maxLen;this.data.doNotScroll=this.hasFieldFlag(ue);const{data:{actions:i}}=this;for(const e of i?.Keystroke||[]){const t=e.trim().match(/^AF(Date|Time)_Keystroke(?:Ex)?\(['"]?([^'"]+)['"]?\);$/);if(t){let e=t[2];const a=parseInt(e,10);isNaN(a)||Math.floor(Math.log10(a))+1!==t[2].length||(e=("Date"===t[1]?Pn:Ln)[a]??e);this.data["Date"===t[1]?"dateFormat":"timeFormat"]=e;break}}}get hasTextContent(){return!!this.appearance&&!this._needAppearances}_getCombAppearance(e,t,a,r,i,n,s,o,c,l,h){const u=i/this.data.maxLen,d=this.getBorderAndBackgroundAppearances(h),f=[],g=t.getCharPositions(a);for(const[e,t]of g)f.push(`(${escapeString(a.substring(e,t))}) Tj`);const p=f.join(` ${numberToString(u)} 0 Td `);return`/Tx BMC q ${d}BT `+e+` 1 0 0 1 ${numberToString(s)} ${numberToString(o+c)} Tm ${p} ET Q EMC`}_getMultilineAppearance(e,t,a,r,i,n,s,o,c,l,h,u){const d=[],f=i-2*o,g={shift:0};for(let e=0,n=t.length;er){c.push(e.substring(d,a));d=a;f=p;l=-1;u=-1}else{f+=p;l=a;h=i;u=t}else if(f+p>r)if(-1!==l){c.push(e.substring(d,h));d=h;t=u+1;l=-1;f=0}else{c.push(e.substring(d,a));d=a;f=p}else f+=p}dt?`\\${t}`:"\\s+"));new RegExp(`^\\s*${n}\\s*$`).test(this.data.fieldValue)&&(this.data.textContent=this.data.fieldValue.split("\n"))}getFieldObject(){return{id:this.data.id,value:this.data.fieldValue,defaultValue:this.data.defaultFieldValue||"",multiline:this.data.multiLine,password:this.data.password,charLimit:this.data.maxLen,comb:this.data.comb,editable:!this.data.readOnly,hidden:this.data.hidden,name:this.data.fieldName,rect:this.data.rect,actions:this.data.actions,page:this.data.pageIndex,strokeColor:this.data.borderColor,fillColor:this.data.backgroundColor,rotation:this.rotation,type:"text"}}}class ButtonWidgetAnnotation extends WidgetAnnotation{constructor(e){super(e);this.checkedAppearance=null;this.uncheckedAppearance=null;const t=this.hasFieldFlag(se),a=this.hasFieldFlag(oe);this.data.checkBox=!t&&!a;this.data.radioButton=t&&!a;this.data.pushButton=a;this.data.isTooltipOnly=!1;if(this.data.checkBox)this._processCheckBox(e);else if(this.data.radioButton)this._processRadioButton(e);else if(this.data.pushButton){this.data.hasOwnCanvas=!0;this.data.noHTML=!1;this._processPushButton(e)}else warn("Invalid field flags for button widget annotation")}async getOperatorList(e,t,a,r){if(this.data.pushButton)return super.getOperatorList(e,t,a,!1,r);let i=null,n=null;if(r){const e=r.get(this.data.id);i=e?e.value:null;n=e?e.rotation:null}if(null===i&&this.appearance)return super.getOperatorList(e,t,a,r);null==i&&(i=this.data.checkBox?this.data.fieldValue===this.data.exportValue:this.data.fieldValue===this.data.buttonValue);const s=i?this.checkedAppearance:this.uncheckedAppearance;if(s){const i=this.appearance,o=lookupMatrix(s.dict.getArray("Matrix"),Fa);n&&s.dict.set("Matrix",this.getRotationMatrix(r));this.appearance=s;const c=super.getOperatorList(e,t,a,r);this.appearance=i;s.dict.set("Matrix",o);return c}return{opList:new OperatorList,separateForm:!1,separateCanvas:!1}}async save(e,t,a,r){this.data.checkBox?this._saveCheckbox(e,t,a,r):this.data.radioButton&&this._saveRadioButton(e,t,a,r)}async _saveCheckbox(e,t,a,r){if(!a)return;const i=a.get(this.data.id),n=this._buildFlags(i?.noView,i?.noPrint);let s=i?.rotation,o=i?.value;if(void 0===s&&void 0===n){if(void 0===o)return;if(this.data.fieldValue===this.data.exportValue===o)return}let c=e.xref.fetchIfRef(this.ref);if(!(c instanceof Dict))return;c=c.clone();void 0===s&&(s=this.rotation);void 0===o&&(o=this.data.fieldValue===this.data.exportValue);const l={path:this.data.fieldName,value:o?this.data.exportValue:""},h=Name.get(o?this.data.exportValue:"Off");this.setValue(c,h,e.xref,r);c.set("AS",h);c.set("M",`D:${getModificationDate()}`);void 0!==n&&c.set("F",n);const u=this._getMKDict(s);u&&c.set("MK",u);r.put(this.ref,{data:c,xfa:l,needAppearances:!1})}async _saveRadioButton(e,t,a,r){if(!a)return;const i=a.get(this.data.id),n=this._buildFlags(i?.noView,i?.noPrint);let s=i?.rotation,o=i?.value;if(void 0===s&&void 0===n){if(void 0===o)return;if(this.data.fieldValue===this.data.buttonValue===o)return}let c=e.xref.fetchIfRef(this.ref);if(!(c instanceof Dict))return;c=c.clone();void 0===o&&(o=this.data.fieldValue===this.data.buttonValue);void 0===s&&(s=this.rotation);const l={path:this.data.fieldName,value:o?this.data.buttonValue:""},h=Name.get(o?this.data.buttonValue:"Off");o&&this.setValue(c,h,e.xref,r);c.set("AS",h);c.set("M",`D:${getModificationDate()}`);void 0!==n&&c.set("F",n);const u=this._getMKDict(s);u&&c.set("MK",u);r.put(this.ref,{data:c,xfa:l,needAppearances:!1})}_getDefaultCheckedAppearance(e,t){const{width:a,height:r}=this,i=[0,0,a,r],n=.8*Math.min(a,r);let s,o;if("check"===t){s={width:.755*n,height:.705*n};o="3"}else if("disc"===t){s={width:.791*n,height:.705*n};o="l"}else unreachable(`_getDefaultCheckedAppearance - unsupported type: ${t}`);const c=`q BT /PdfJsZaDb ${n} Tf 0 g ${numberToString((a-s.width)/2)} ${numberToString((r-s.height)/2)} Td (${o}) Tj ET Q`,l=new Dict(e.xref);l.set("FormType",1);l.set("Subtype",Name.get("Form"));l.set("Type",Name.get("XObject"));l.set("BBox",i);l.set("Matrix",[1,0,0,1,0,0]);l.set("Length",c.length);const h=new Dict(e.xref),u=new Dict(e.xref);u.set("PdfJsZaDb",this.fallbackFontDict);h.set("Font",u);l.set("Resources",h);this.checkedAppearance=new StringStream(c);this.checkedAppearance.dict=l;this._streams.push(this.checkedAppearance)}_processCheckBox(e){const t=e.dict.get("AP");if(!(t instanceof Dict))return;const a=t.get("N");if(!(a instanceof Dict))return;const r=this._decodeFormValue(e.dict.get("AS"));"string"==typeof r&&(this.data.fieldValue=r);const i=null!==this.data.fieldValue&&"Off"!==this.data.fieldValue?this.data.fieldValue:"Yes",n=this._decodeFormValue(a.getKeys());if(0===n.length)n.push("Off",i);else if(1===n.length)"Off"===n[0]?n.push(i):n.unshift("Off");else if(n.includes(i)){n.length=0;n.push("Off",i)}else{const e=n.find((e=>"Off"!==e));n.length=0;n.push("Off",e)}n.includes(this.data.fieldValue)||(this.data.fieldValue="Off");this.data.exportValue=n[1];const s=a.get(this.data.exportValue);this.checkedAppearance=s instanceof BaseStream?s:null;const o=a.get("Off");this.uncheckedAppearance=o instanceof BaseStream?o:null;this.checkedAppearance?this._streams.push(this.checkedAppearance):this._getDefaultCheckedAppearance(e,"check");this.uncheckedAppearance&&this._streams.push(this.uncheckedAppearance);this._fallbackFontDict=this.fallbackFontDict;null===this.data.defaultFieldValue&&(this.data.defaultFieldValue="Off")}_processRadioButton(e){this.data.buttonValue=null;const t=e.dict.get("Parent");if(t instanceof Dict){this.parent=e.dict.getRaw("Parent");const a=t.get("V");a instanceof Name&&(this.data.fieldValue=this._decodeFormValue(a))}const a=e.dict.get("AP");if(!(a instanceof Dict))return;const r=a.get("N");if(!(r instanceof Dict))return;for(const e of r.getKeys())if("Off"!==e){this.data.buttonValue=this._decodeFormValue(e);break}const i=r.get(this.data.buttonValue);this.checkedAppearance=i instanceof BaseStream?i:null;const n=r.get("Off");this.uncheckedAppearance=n instanceof BaseStream?n:null;this.checkedAppearance?this._streams.push(this.checkedAppearance):this._getDefaultCheckedAppearance(e,"disc");this.uncheckedAppearance&&this._streams.push(this.uncheckedAppearance);this._fallbackFontDict=this.fallbackFontDict;null===this.data.defaultFieldValue&&(this.data.defaultFieldValue="Off")}_processPushButton(e){const{dict:t,annotationGlobals:a}=e;if(t.has("A")||t.has("AA")||this.data.alternativeText){this.data.isTooltipOnly=!t.has("A")&&!t.has("AA");Catalog.parseDestDictionary({destDict:t,resultObj:this.data,docBaseUrl:a.baseUrl,docAttachments:a.attachments})}else warn("Push buttons without action dictionaries are not supported")}getFieldObject(){let e,t="button";if(this.data.checkBox){t="checkbox";e=this.data.exportValue}else if(this.data.radioButton){t="radiobutton";e=this.data.buttonValue}return{id:this.data.id,value:this.data.fieldValue||"Off",defaultValue:this.data.defaultFieldValue,exportValues:e,editable:!this.data.readOnly,name:this.data.fieldName,rect:this.data.rect,hidden:this.data.hidden,actions:this.data.actions,page:this.data.pageIndex,strokeColor:this.data.borderColor,fillColor:this.data.backgroundColor,rotation:this.rotation,type:t}}get fallbackFontDict(){const e=new Dict;e.set("BaseFont",Name.get("ZapfDingbats"));e.set("Type",Name.get("FallbackType"));e.set("Subtype",Name.get("FallbackType"));e.set("Encoding",Name.get("ZapfDingbatsEncoding"));return shadow(this,"fallbackFontDict",e)}}class ChoiceWidgetAnnotation extends WidgetAnnotation{constructor(e){super(e);const{dict:t,xref:a}=e;this.indices=t.getArray("I");this.hasIndices=Array.isArray(this.indices)&&this.indices.length>0;this.data.options=[];const r=getInheritableProperty({dict:t,key:"Opt"});if(Array.isArray(r))for(let e=0,t=r.length;e=0&&t0&&(this.data.options=this.data.fieldValue.map((e=>({exportValue:e,displayValue:e}))));this.data.combo=this.hasFieldFlag(ce);this.data.multiSelect=this.hasFieldFlag(he);this._hasText=!0}getFieldObject(){const e=this.data.combo?"combobox":"listbox",t=this.data.fieldValue.length>0?this.data.fieldValue[0]:null;return{id:this.data.id,value:t,defaultValue:this.data.defaultFieldValue,editable:!this.data.readOnly,name:this.data.fieldName,rect:this.data.rect,numItems:this.data.fieldValue.length,multipleSelection:this.data.multiSelect,hidden:this.data.hidden,actions:this.data.actions,items:this.data.options,page:this.data.pageIndex,strokeColor:this.data.borderColor,fillColor:this.data.backgroundColor,rotation:this.rotation,type:e}}amendSavedDict(e,t){if(!this.hasIndices)return;let a=e?.get(this.data.id)?.value;Array.isArray(a)||(a=[a]);const r=[],{options:i}=this.data;for(let e=0,t=0,n=i.length;ea){a=r;t=e}}[f,g]=this._computeFontSize(e,c-4,t,d,-1)}const p=g*a,m=(p-g)/2,b=Math.floor(l/p);let y=0;if(u.length>0){const e=Math.min(...u),t=Math.max(...u);y=Math.max(0,t-b+1);y>e&&(y=e)}const w=Math.min(y+b+1,h),x=["/Tx BMC q",`1 1 ${c} ${l} re W n`];if(u.length){x.push("0.600006 0.756866 0.854904 rg");for(const e of u)y<=e&&ee.trimEnd()));const{coords:e,bbox:t,matrix:r}=FakeUnicodeFont.getFirstPositionInfo(this.rectangle,this.rotation,a);this.data.textPosition=this._transformPoint(e,t,r)}if(this._isOffscreenCanvasSupported){const i=e.dict.get("CA"),n=new FakeUnicodeFont(r,"sans-serif");this.appearance=n.createAppearance(this._contents.str,this.rectangle,this.rotation,a,t,i);this._streams.push(this.appearance)}else warn("FreeTextAnnotation: OffscreenCanvas is not supported, annotation may not render correctly.")}}get hasTextContent(){return this._hasAppearance}static createNewDict(e,t,{apRef:a,ap:r}){const{color:i,fontSize:n,oldAnnotation:s,rect:o,rotation:c,user:l,value:h}=e,u=s||new Dict(t);u.set("Type",Name.get("Annot"));u.set("Subtype",Name.get("FreeText"));if(s){u.set("M",`D:${getModificationDate()}`);u.delete("RC")}else u.set("CreationDate",`D:${getModificationDate()}`);u.set("Rect",o);const d=`/Helv ${n} Tf ${getPdfColor(i,!0)}`;u.set("DA",d);u.set("Contents",stringToAsciiOrUTF16BE(h));u.set("F",4);u.set("Border",[0,0,0]);u.set("Rotate",c);l&&u.set("T",stringToAsciiOrUTF16BE(l));if(a||r){const e=new Dict(t);u.set("AP",e);a?e.set("N",a):e.set("N",r)}return u}static async createNewAppearanceStream(e,t,r){const{baseFontRef:i,evaluator:n,task:s}=r,{color:o,fontSize:c,rect:l,rotation:h,value:u}=e,d=new Dict(t),f=new Dict(t);if(i)f.set("Helv",i);else{const e=new Dict(t);e.set("BaseFont",Name.get("Helvetica"));e.set("Type",Name.get("Font"));e.set("Subtype",Name.get("Type1"));e.set("Encoding",Name.get("WinAnsiEncoding"));f.set("Helv",e)}d.set("Font",f);const g=await WidgetAnnotation._getFontData(n,s,{fontName:"Helv",fontSize:c},d),[p,m,b,y]=l;let w=b-p,x=y-m;h%180!=0&&([w,x]=[x,w]);const S=u.split("\n"),k=c/1e3;let C=-1/0;const v=[];for(let e of S){const t=g.encodeString(e);if(t.length>1)return null;e=t.join("");v.push(e);let a=0;const r=g.charsToGlyphs(e);for(const e of r)a+=e.width*k;C=Math.max(C,a)}let F=1;C>w&&(F=w/C);let T=1;const O=a*c,M=1*c,D=O*S.length;D>x&&(T=x/D);const R=c*Math.min(F,T);let N,E,L;switch(h){case 0:L=[1,0,0,1];E=[l[0],l[1],w,x];N=[l[0],l[3]-M];break;case 90:L=[0,1,-1,0];E=[l[1],-l[2],w,x];N=[l[1],-l[0]-M];break;case 180:L=[-1,0,0,-1];E=[-l[2],-l[3],w,x];N=[-l[2],-l[1]-M];break;case 270:L=[0,-1,1,0];E=[-l[3],l[0],w,x];N=[-l[3],l[2]-M]}const j=["q",`${L.join(" ")} 0 0 cm`,`${E.join(" ")} re W n`,"BT",`${getPdfColor(o,!0)}`,`0 Tc /Helv ${numberToString(R)} Tf`];j.push(`${N.join(" ")} Td (${escapeString(v[0])}) Tj`);const _=numberToString(O);for(let e=1,t=v.length;e{e.push(`${r[0]} ${r[1]} m`,`${r[2]} ${r[3]} l`,"S");return[t[0]-c,t[7]-c,t[2]+c,t[3]+c]}})}}}class SquareAnnotation extends MarkupAnnotation{constructor(e){super(e);const{dict:t,xref:a}=e;this.data.annotationType=D;this.data.hasOwnCanvas=this.data.noRotate;this.data.noHTML=!1;if(!this.appearance){const e=this.color?getPdfColorArray(this.color):[0,0,0],r=t.get("CA"),i=getRgbColor(t.getArray("IC"),null),n=i?getPdfColorArray(i):null,s=n?r:null;if(0===this.borderStyle.width&&!n)return;this._setDefaultAppearance({xref:a,extra:`${this.borderStyle.width} w`,strokeColor:e,fillColor:n,strokeAlpha:r,fillAlpha:s,pointsCallback:(e,t)=>{const a=t[4]+this.borderStyle.width/2,r=t[5]+this.borderStyle.width/2,i=t[6]-t[4]-this.borderStyle.width,s=t[3]-t[7]-this.borderStyle.width;e.push(`${a} ${r} ${i} ${s} re`);n?e.push("B"):e.push("S");return[t[0],t[7],t[2],t[3]]}})}}}class CircleAnnotation extends MarkupAnnotation{constructor(e){super(e);const{dict:t,xref:a}=e;this.data.annotationType=R;if(!this.appearance){const e=this.color?getPdfColorArray(this.color):[0,0,0],r=t.get("CA"),i=getRgbColor(t.getArray("IC"),null),n=i?getPdfColorArray(i):null,s=n?r:null;if(0===this.borderStyle.width&&!n)return;const o=4/3*Math.tan(Math.PI/8);this._setDefaultAppearance({xref:a,extra:`${this.borderStyle.width} w`,strokeColor:e,fillColor:n,strokeAlpha:r,fillAlpha:s,pointsCallback:(e,t)=>{const a=t[0]+this.borderStyle.width/2,r=t[1]-this.borderStyle.width/2,i=t[6]-this.borderStyle.width/2,s=t[7]+this.borderStyle.width/2,c=a+(i-a)/2,l=r+(s-r)/2,h=(i-a)/2*o,u=(s-r)/2*o;e.push(`${c} ${s} m`,`${c+h} ${s} ${i} ${l+u} ${i} ${l} c`,`${i} ${l-u} ${c+h} ${r} ${c} ${r} c`,`${c-h} ${r} ${a} ${l-u} ${a} ${l} c`,`${a} ${l+u} ${c-h} ${s} ${c} ${s} c`,"h");n?e.push("B"):e.push("S");return[t[0],t[7],t[2],t[3]]}})}}}class PolylineAnnotation extends MarkupAnnotation{constructor(e){super(e);const{dict:t,xref:a}=e;this.data.annotationType=E;this.data.hasOwnCanvas=this.data.noRotate;this.data.noHTML=!1;this.data.vertices=null;if(!(this instanceof PolygonAnnotation)){this.setLineEndings(t.getArray("LE"));this.data.lineEndings=this.lineEndings}const r=t.getArray("Vertices");if(!isNumberArray(r,null))return;const i=this.data.vertices=Float32Array.from(r);if(!this.appearance){const e=this.color?getPdfColorArray(this.color):[0,0,0],r=t.get("CA"),n=this.borderStyle.width||1,s=2*n,o=[1/0,1/0,-1/0,-1/0];for(let e=0,t=i.length;e{for(let t=0,a=i.length;t{for(const t of this.data.inkLists){for(let a=0,r=t.length;a{e.push(`${t[0]} ${t[1]} m`,`${t[2]} ${t[3]} l`,`${t[6]} ${t[7]} l`,`${t[4]} ${t[5]} l`,"f");return[t[0],t[7],t[2],t[3]]}})}}else this.data.popupRef=null}get overlaysTextContent(){return!0}static createNewDict(e,t,{apRef:a,ap:r}){const{color:i,oldAnnotation:n,opacity:s,rect:o,rotation:c,user:l,quadPoints:h}=e,u=n||new Dict(t);u.set("Type",Name.get("Annot"));u.set("Subtype",Name.get("Highlight"));u.set(n?"M":"CreationDate",`D:${getModificationDate()}`);u.set("CreationDate",`D:${getModificationDate()}`);u.set("Rect",o);u.set("F",4);u.set("Border",[0,0,0]);u.set("Rotate",c);u.set("QuadPoints",h);u.set("C",getPdfColorArray(i));u.set("CA",s);l&&u.set("T",stringToAsciiOrUTF16BE(l));if(a||r){const e=new Dict(t);u.set("AP",e);e.set("N",a||r)}return u}static async createNewAppearanceStream(e,t,a){const{color:r,rect:i,outlines:n,opacity:s}=e,o=[`${getPdfColor(r,!0)}`,"/R0 gs"],c=[];for(const e of n){c.length=0;c.push(`${numberToString(e[0])} ${numberToString(e[1])} m`);for(let t=2,a=e.length;t{e.push(`${t[4]} ${t[5]+1.3} m`,`${t[6]} ${t[7]+1.3} l`,"S");return[t[0],t[7],t[2],t[3]]}})}}else this.data.popupRef=null}get overlaysTextContent(){return!0}}class SquigglyAnnotation extends MarkupAnnotation{constructor(e){super(e);const{dict:t,xref:a}=e;this.data.annotationType=_;if(this.data.quadPoints=getQuadPoints(t,null)){if(!this.appearance){const e=this.color?getPdfColorArray(this.color):[0,0,0],r=t.get("CA");this._setDefaultAppearance({xref:a,extra:"[] 0 d 1 w",strokeColor:e,strokeAlpha:r,pointsCallback:(e,t)=>{const a=(t[1]-t[5])/6;let r=a,i=t[4];const n=t[5],s=t[6];e.push(`${i} ${n+r} m`);do{i+=2;r=0===r?a:0;e.push(`${i} ${n+r} l`)}while(i{e.push((t[0]+t[4])/2+" "+(t[1]+t[5])/2+" m",(t[2]+t[6])/2+" "+(t[3]+t[7])/2+" l","S");return[t[0],t[7],t[2],t[3]]}})}}else this.data.popupRef=null}get overlaysTextContent(){return!0}}class StampAnnotation extends MarkupAnnotation{#pe=null;constructor(e){super(e);this.data.annotationType=X;this.data.hasOwnCanvas=this.data.noRotate;this.data.isEditable=!this.data.noHTML;this.data.noHTML=!1}mustBeViewedWhenEditing(e,t=null){if(e){if(!this.data.isEditable)return!0;this.#pe??=this.data.hasOwnCanvas;this.data.hasOwnCanvas=!0;return!0}if(null!==this.#pe){this.data.hasOwnCanvas=this.#pe;this.#pe=null}return!t?.has(this.data.id)}static async createImage(e,t){const{width:a,height:r}=e,i=new OffscreenCanvas(a,r),n=i.getContext("2d",{alpha:!0});n.drawImage(e,0,0);const s=n.getImageData(0,0,a,r).data,o=new Uint32Array(s.buffer),c=o.some(FeatureTest.isLittleEndian?e=>e>>>24!=255:e=>!!(255&~e));if(c){n.fillStyle="white";n.fillRect(0,0,a,r);n.drawImage(e,0,0)}const l=i.convertToBlob({type:"image/jpeg",quality:1}).then((e=>e.arrayBuffer())),h=Name.get("XObject"),u=Name.get("Image"),d=new Dict(t);d.set("Type",h);d.set("Subtype",u);d.set("BitsPerComponent",8);d.set("ColorSpace",Name.get("DeviceRGB"));d.set("Filter",Name.get("DCTDecode"));d.set("BBox",[0,0,a,r]);d.set("Width",a);d.set("Height",r);let f=null;if(c){const e=new Uint8Array(o.length);if(FeatureTest.isLittleEndian)for(let t=0,a=o.length;t>>24;else for(let t=0,a=o.length;t=0&&n<=1?n:null}}const pc={get r(){return shadow(this,"r",new Uint8Array([7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22,5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20,4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23,6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21]))},get k(){return shadow(this,"k",new Int32Array([-680876936,-389564586,606105819,-1044525330,-176418897,1200080426,-1473231341,-45705983,1770035416,-1958414417,-42063,-1990404162,1804603682,-40341101,-1502002290,1236535329,-165796510,-1069501632,643717713,-373897302,-701558691,38016083,-660478335,-405537848,568446438,-1019803690,-187363961,1163531501,-1444681467,-51403784,1735328473,-1926607734,-378558,-2022574463,1839030562,-35309556,-1530992060,1272893353,-155497632,-1094730640,681279174,-358537222,-722521979,76029189,-640364487,-421815835,530742520,-995338651,-198630844,1126891415,-1416354905,-57434055,1700485571,-1894986606,-1051523,-2054922799,1873313359,-30611744,-1560198380,1309151649,-145523070,-1120210379,718787259,-343485551]))}};function calculateMD5(e,t,a){let r=1732584193,i=-271733879,n=-1732584194,s=271733878;const o=a+72&-64,c=new Uint8Array(o);let l,h;for(l=0;l>5&255;c[l++]=a>>13&255;c[l++]=a>>21&255;c[l++]=a>>>29&255;l+=3;const d=new Int32Array(16),{k:f,r:g}=pc;for(l=0;l>>32-n)|0;a=r}r=r+a|0;i=i+o|0;n=n+u|0;s=s+p|0}return new Uint8Array([255&r,r>>8&255,r>>16&255,r>>>24&255,255&i,i>>8&255,i>>16&255,i>>>24&255,255&n,n>>8&255,n>>16&255,n>>>24&255,255&s,s>>8&255,s>>16&255,s>>>24&255])}function decodeString(e){try{return stringToUTF8String(e)}catch(t){warn(`UTF-8 decoding failed: "${t}".`);return e}}class DatasetXMLParser extends SimpleXMLParser{constructor(e){super(e);this.node=null}onEndElement(e){const t=super.onEndElement(e);if(t&&"xfa:datasets"===e){this.node=t;throw new Error("Aborting DatasetXMLParser.")}}}class DatasetReader{constructor(e){if(e.datasets)this.node=new SimpleXMLParser({hasAttributes:!0}).parseFromString(e.datasets).documentElement;else{const t=new DatasetXMLParser({hasAttributes:!0});try{t.parseFromString(e["xdp:xdp"])}catch{}this.node=t.node}}getValue(e){if(!this.node||!e)return"";const t=this.node.searchNode(parseXFAPath(e),0);if(!t)return"";const a=t.firstChild;return"value"===a?.nodeName?t.children.map((e=>decodeString(e.textContent))):decodeString(t.textContent)}}class SingleIntersector{#be;#ye=1/0;#we=1/0;#xe=-1/0;#Se=-1/0;#ke;#Ae=[];#Ce=[];#ve=-1;#Fe=!1;constructor(e){this.#be=e;const t=this.#ke=e.data.quadPoints;for(let e=0,a=t.length;e=e.#xe||this.#xe<=e.#ye||this.#we>=e.#Se||this.#Se<=e.#we)}#Ie(e,t){if(this.#ye>=e||this.#xe<=e||this.#we>=t||this.#Se<=t)return!1;const a=this.#ke;if(8===a.length)return!0;if(this.#ve>=0){const r=this.#ve;if(!(a[r]>=e||a[r+2]<=e||a[r+5]>=t||a[r+1]<=t))return!0;this.#ve=-1}for(let r=0,i=a.length;r=e||a[r+2]<=e||a[r+5]>=t||a[r+1]<=t)){this.#ve=r;return!0}return!1}addGlyph(e,t,a){if(!this.#Ie(e,t)){this.disableExtraChars();return!1}if(this.#Ce.length>0){this.#Ae.push(this.#Ce.join(""));this.#Ce.length=0}this.#Ae.push(a);this.#Fe=!0;return!0}addExtraChar(e){this.#Fe&&this.#Ce.push(e)}disableExtraChars(){if(this.#Fe){this.#Fe=!1;this.#Ce.length=0}}setText(){this.#be.data.overlaidText=this.#Ae.join("")}}class Intersector{#Te=new Map;constructor(e){for(const t of e){if(!t.data.quadPoints)continue;const e=new SingleIntersector(t);for(const[t,a]of this.#Te)t.overlaps(e)&&(a?a.add(e):this.#Te.set(t,new Set([e])));this.#Te.set(e,null)}}addGlyph(e,t,a,r){const i=e[4]+t/2,n=e[5]+a/2;let s;for(const[e,t]of this.#Te)s?s.has(e)?e.addGlyph(i,n,r):e.disableExtraChars():e.addGlyph(i,n,r)&&(s=t)}addExtraChar(e){for(const t of this.#Te.keys())t.addExtraChar(e)}setText(){for(const e of this.#Te.keys())e.setText()}}class Word64{constructor(e,t){this.high=0|e;this.low=0|t}and(e){this.high&=e.high;this.low&=e.low}xor(e){this.high^=e.high;this.low^=e.low}shiftRight(e){if(e>=32){this.low=this.high>>>e-32|0;this.high=0}else{this.low=this.low>>>e|this.high<<32-e;this.high=this.high>>>e|0}}rotateRight(e){let t,a;if(32&e){a=this.low;t=this.high}else{t=this.low;a=this.high}e&=31;this.low=t>>>e|a<<32-e;this.high=a>>>e|t<<32-e}not(){this.high=~this.high;this.low=~this.low}add(e){const t=(this.low>>>0)+(e.low>>>0);let a=(this.high>>>0)+(e.high>>>0);t>4294967295&&(a+=1);this.low=0|t;this.high=0|a}copyTo(e,t){e[t]=this.high>>>24&255;e[t+1]=this.high>>16&255;e[t+2]=this.high>>8&255;e[t+3]=255&this.high;e[t+4]=this.low>>>24&255;e[t+5]=this.low>>16&255;e[t+6]=this.low>>8&255;e[t+7]=255&this.low}assign(e){this.high=e.high;this.low=e.low}}const mc={get k(){return shadow(this,"k",[new Word64(1116352408,3609767458),new Word64(1899447441,602891725),new Word64(3049323471,3964484399),new Word64(3921009573,2173295548),new Word64(961987163,4081628472),new Word64(1508970993,3053834265),new Word64(2453635748,2937671579),new Word64(2870763221,3664609560),new Word64(3624381080,2734883394),new Word64(310598401,1164996542),new Word64(607225278,1323610764),new Word64(1426881987,3590304994),new Word64(1925078388,4068182383),new Word64(2162078206,991336113),new Word64(2614888103,633803317),new Word64(3248222580,3479774868),new Word64(3835390401,2666613458),new Word64(4022224774,944711139),new Word64(264347078,2341262773),new Word64(604807628,2007800933),new Word64(770255983,1495990901),new Word64(1249150122,1856431235),new Word64(1555081692,3175218132),new Word64(1996064986,2198950837),new Word64(2554220882,3999719339),new Word64(2821834349,766784016),new Word64(2952996808,2566594879),new Word64(3210313671,3203337956),new Word64(3336571891,1034457026),new Word64(3584528711,2466948901),new Word64(113926993,3758326383),new Word64(338241895,168717936),new Word64(666307205,1188179964),new Word64(773529912,1546045734),new Word64(1294757372,1522805485),new Word64(1396182291,2643833823),new Word64(1695183700,2343527390),new Word64(1986661051,1014477480),new Word64(2177026350,1206759142),new Word64(2456956037,344077627),new Word64(2730485921,1290863460),new Word64(2820302411,3158454273),new Word64(3259730800,3505952657),new Word64(3345764771,106217008),new Word64(3516065817,3606008344),new Word64(3600352804,1432725776),new Word64(4094571909,1467031594),new Word64(275423344,851169720),new Word64(430227734,3100823752),new Word64(506948616,1363258195),new Word64(659060556,3750685593),new Word64(883997877,3785050280),new Word64(958139571,3318307427),new Word64(1322822218,3812723403),new Word64(1537002063,2003034995),new Word64(1747873779,3602036899),new Word64(1955562222,1575990012),new Word64(2024104815,1125592928),new Word64(2227730452,2716904306),new Word64(2361852424,442776044),new Word64(2428436474,593698344),new Word64(2756734187,3733110249),new Word64(3204031479,2999351573),new Word64(3329325298,3815920427),new Word64(3391569614,3928383900),new Word64(3515267271,566280711),new Word64(3940187606,3454069534),new Word64(4118630271,4000239992),new Word64(116418474,1914138554),new Word64(174292421,2731055270),new Word64(289380356,3203993006),new Word64(460393269,320620315),new Word64(685471733,587496836),new Word64(852142971,1086792851),new Word64(1017036298,365543100),new Word64(1126000580,2618297676),new Word64(1288033470,3409855158),new Word64(1501505948,4234509866),new Word64(1607167915,987167468),new Word64(1816402316,1246189591)])}};function ch(e,t,a,r,i){e.assign(t);e.and(a);i.assign(t);i.not();i.and(r);e.xor(i)}function maj(e,t,a,r,i){e.assign(t);e.and(a);i.assign(t);i.and(r);e.xor(i);i.assign(a);i.and(r);e.xor(i)}function sigma(e,t,a){e.assign(t);e.rotateRight(28);a.assign(t);a.rotateRight(34);e.xor(a);a.assign(t);a.rotateRight(39);e.xor(a)}function sigmaPrime(e,t,a){e.assign(t);e.rotateRight(14);a.assign(t);a.rotateRight(18);e.xor(a);a.assign(t);a.rotateRight(41);e.xor(a)}function littleSigma(e,t,a){e.assign(t);e.rotateRight(1);a.assign(t);a.rotateRight(8);e.xor(a);a.assign(t);a.shiftRight(7);e.xor(a)}function littleSigmaPrime(e,t,a){e.assign(t);e.rotateRight(19);a.assign(t);a.rotateRight(61);e.xor(a);a.assign(t);a.shiftRight(6);e.xor(a)}function calculateSHA512(e,t,a,r=!1){let i,n,s,o,c,l,h,u;if(r){i=new Word64(3418070365,3238371032);n=new Word64(1654270250,914150663);s=new Word64(2438529370,812702999);o=new Word64(355462360,4144912697);c=new Word64(1731405415,4290775857);l=new Word64(2394180231,1750603025);h=new Word64(3675008525,1694076839);u=new Word64(1203062813,3204075428)}else{i=new Word64(1779033703,4089235720);n=new Word64(3144134277,2227873595);s=new Word64(1013904242,4271175723);o=new Word64(2773480762,1595750129);c=new Word64(1359893119,2917565137);l=new Word64(2600822924,725511199);h=new Word64(528734635,4215389547);u=new Word64(1541459225,327033209)}const d=128*Math.ceil((a+17)/128),f=new Uint8Array(d);let g,p;for(g=0;g>>29&255;f[g++]=a>>21&255;f[g++]=a>>13&255;f[g++]=a>>5&255;f[g++]=a<<3&255;const b=new Array(80);for(g=0;g<80;g++)b[g]=new Word64(0,0);const{k:y}=mc;let w=new Word64(0,0),x=new Word64(0,0),S=new Word64(0,0),k=new Word64(0,0),C=new Word64(0,0),v=new Word64(0,0),F=new Word64(0,0),T=new Word64(0,0);const O=new Word64(0,0),M=new Word64(0,0),D=new Word64(0,0),R=new Word64(0,0);let N,E;for(g=0;g>>t|e<<32-t}function calculate_sha256_ch(e,t,a){return e&t^~e&a}function calculate_sha256_maj(e,t,a){return e&t^e&a^t&a}function calculate_sha256_sigma(e){return rotr(e,2)^rotr(e,13)^rotr(e,22)}function calculate_sha256_sigmaPrime(e){return rotr(e,6)^rotr(e,11)^rotr(e,25)}function calculate_sha256_littleSigma(e){return rotr(e,7)^rotr(e,18)^e>>>3}function calculateSHA256(e,t,a){let r=1779033703,i=3144134277,n=1013904242,s=2773480762,o=1359893119,c=2600822924,l=528734635,h=1541459225;const u=64*Math.ceil((a+9)/64),d=new Uint8Array(u);let f,g;for(f=0;f>>29&255;d[f++]=a>>21&255;d[f++]=a>>13&255;d[f++]=a>>5&255;d[f++]=a<<3&255;const m=new Uint32Array(64),{k:b}=bc;for(f=0;f>>10)+m[g-7]+calculate_sha256_littleSigma(m[g-15])+m[g-16]|0;let e,t,a=r,u=i,p=n,w=s,x=o,S=c,k=l,C=h;for(g=0;g<64;++g){e=C+calculate_sha256_sigmaPrime(x)+calculate_sha256_ch(x,S,k)+b[g]+m[g];t=calculate_sha256_sigma(a)+calculate_sha256_maj(a,u,p);C=k;k=S;S=x;x=w+e|0;w=p;p=u;u=a;a=e+t|0}r=r+a|0;i=i+u|0;n=n+p|0;s=s+w|0;o=o+x|0;c=c+S|0;l=l+k|0;h=h+C|0}var y;return new Uint8Array([r>>24&255,r>>16&255,r>>8&255,255&r,i>>24&255,i>>16&255,i>>8&255,255&i,n>>24&255,n>>16&255,n>>8&255,255&n,s>>24&255,s>>16&255,s>>8&255,255&s,o>>24&255,o>>16&255,o>>8&255,255&o,c>>24&255,c>>16&255,c>>8&255,255&c,l>>24&255,l>>16&255,l>>8&255,255&l,h>>24&255,h>>16&255,h>>8&255,255&h])}class DecryptStream extends DecodeStream{constructor(e,t,a){super(t);this.str=e;this.dict=e.dict;this.decrypt=a;this.nextChunk=null;this.initialized=!1}readBlock(){let e;if(this.initialized)e=this.nextChunk;else{e=this.str.getBytes(512);this.initialized=!0}if(!e?.length){this.eof=!0;return}this.nextChunk=this.str.getBytes(512);const t=this.nextChunk?.length>0;e=(0,this.decrypt)(e,!t);const a=this.bufferLength,r=a+e.length;this.ensureBuffer(r).set(e,a);this.bufferLength=r}}class ARCFourCipher{constructor(e){this.a=0;this.b=0;const t=new Uint8Array(256),a=e.length;for(let e=0;e<256;++e)t[e]=e;for(let r=0,i=0;r<256;++r){const n=t[r];i=i+n+e[r%a]&255;t[r]=t[i];t[i]=n}this.s=t}encryptBlock(e){let t=this.a,a=this.b;const r=this.s,i=e.length,n=new Uint8Array(i);for(let s=0;st<128?t<<1:t<<1^27));constructor(){this.buffer=new Uint8Array(16);this.bufferPosition=0}_expandKey(e){unreachable("Cannot call `_expandKey` on the base class")}_decrypt(e,t){let a,r,i;const n=new Uint8Array(16);n.set(e);for(let e=0,a=this._keySize;e<16;++e,++a)n[e]^=t[a];for(let e=this._cyclesOfRepetition-1;e>=1;--e){a=n[13];n[13]=n[9];n[9]=n[5];n[5]=n[1];n[1]=a;a=n[14];r=n[10];n[14]=n[6];n[10]=n[2];n[6]=a;n[2]=r;a=n[15];r=n[11];i=n[7];n[15]=n[3];n[11]=a;n[7]=r;n[3]=i;for(let e=0;e<16;++e)n[e]=this._inv_s[n[e]];for(let a=0,r=16*e;a<16;++a,++r)n[a]^=t[r];for(let e=0;e<16;e+=4){const t=this._mix[n[e]],r=this._mix[n[e+1]],i=this._mix[n[e+2]],s=this._mix[n[e+3]];a=t^r>>>8^r<<24^i>>>16^i<<16^s>>>24^s<<8;n[e]=a>>>24&255;n[e+1]=a>>16&255;n[e+2]=a>>8&255;n[e+3]=255&a}}a=n[13];n[13]=n[9];n[9]=n[5];n[5]=n[1];n[1]=a;a=n[14];r=n[10];n[14]=n[6];n[10]=n[2];n[6]=a;n[2]=r;a=n[15];r=n[11];i=n[7];n[15]=n[3];n[11]=a;n[7]=r;n[3]=i;for(let e=0;e<16;++e){n[e]=this._inv_s[n[e]];n[e]^=t[e]}return n}_encrypt(e,t){const a=this._s;let r,i,n;const s=new Uint8Array(16);s.set(e);for(let e=0;e<16;++e)s[e]^=t[e];for(let e=1;e=r;--a)if(e[a]!==t){t=0;break}o-=t;n[n.length-1]=e.subarray(0,16-t)}}const c=new Uint8Array(o);for(let e=0,t=0,a=n.length;e=256&&(o=255&(27^o))}for(let t=0;t<4;++t){a[e]=r^=a[e-32];e++;a[e]=i^=a[e-32];e++;a[e]=n^=a[e-32];e++;a[e]=s^=a[e-32];e++}}return a}}class PDFBase{_hash(e,t,a){unreachable("Abstract method `_hash` called")}checkOwnerPassword(e,t,a,r){const i=new Uint8Array(e.length+56);i.set(e,0);i.set(t,e.length);i.set(a,e.length+t.length);return isArrayEqual(this._hash(e,i,a),r)}checkUserPassword(e,t,a){const r=new Uint8Array(e.length+8);r.set(e,0);r.set(t,e.length);return isArrayEqual(this._hash(e,r,[]),a)}getOwnerKey(e,t,a,r){const i=new Uint8Array(e.length+56);i.set(e,0);i.set(t,e.length);i.set(a,e.length+t.length);const n=this._hash(e,i,a);return new AES256Cipher(n).decryptBlock(r,!1,new Uint8Array(16))}getUserKey(e,t,a){const r=new Uint8Array(e.length+8);r.set(e,0);r.set(t,e.length);const i=this._hash(e,r,[]);return new AES256Cipher(i).decryptBlock(a,!1,new Uint8Array(16))}}class PDF17 extends PDFBase{_hash(e,t,a){return calculateSHA256(t,0,t.length)}}class PDF20 extends PDFBase{_hash(e,t,a){let r=calculateSHA256(t,0,t.length).subarray(0,32),i=[0],n=0;for(;n<64||i.at(-1)>n-32;){const t=e.length+r.length+a.length,l=new Uint8Array(t);let h=0;l.set(e,h);h+=e.length;l.set(r,h);h+=r.length;l.set(a,h);const u=new Uint8Array(64*t);for(let e=0,a=0;e<64;e++,a+=t)u.set(l,a);i=new AES128Cipher(r.subarray(0,16)).encrypt(u,r.subarray(16,32));const d=Math.sumPrecise(i.slice(0,16))%3;0===d?r=calculateSHA256(i,0,i.length):1===d?r=(s=i,o=0,c=i.length,calculateSHA512(s,o,c,!0)):2===d&&(r=calculateSHA512(i,0,i.length));n++}var s,o,c;return r.subarray(0,32)}}class CipherTransform{constructor(e,t){this.StringCipherConstructor=e;this.StreamCipherConstructor=t}createStream(e,t){const a=new this.StreamCipherConstructor;return new DecryptStream(e,t,(function cipherTransformDecryptStream(e,t){return a.decryptBlock(e,t)}))}decryptString(e){const t=new this.StringCipherConstructor;let a=stringToBytes(e);a=t.decryptBlock(a,!0);return bytesToString(a)}encryptString(e){const t=new this.StringCipherConstructor;if(t instanceof AESBaseCipher){const a=16-e.length%16;e+=String.fromCharCode(a).repeat(a);const r=new Uint8Array(16);crypto.getRandomValues(r);let i=stringToBytes(e);i=t.encrypt(i,r);const n=new Uint8Array(16+i.length);n.set(r);n.set(i,16);return bytesToString(n)}let a=stringToBytes(e);a=t.encrypt(a);return bytesToString(a)}}class CipherTransformFactory{static get _defaultPasswordBytes(){return shadow(this,"_defaultPasswordBytes",new Uint8Array([40,191,78,94,78,117,138,65,100,0,78,86,255,250,1,8,46,46,0,182,208,104,62,128,47,12,169,254,100,83,105,122]))}#Oe(e,t,a,r,i,n,s,o,c,l,h,u){if(t){const e=Math.min(127,t.length);t=t.subarray(0,e)}else t=[];const d=6===e?new PDF20:new PDF17;return d.checkUserPassword(t,o,s)?d.getUserKey(t,c,h):t.length&&d.checkOwnerPassword(t,r,n,a)?d.getOwnerKey(t,i,n,l):null}#Me(e,t,a,r,i,n,s,o){const c=40+a.length+e.length,l=new Uint8Array(c);let h,u,d=0;if(t){u=Math.min(32,t.length);for(;d>8&255;l[d++]=i>>16&255;l[d++]=i>>>24&255;l.set(e,d);d+=e.length;if(n>=4&&!o){l.fill(255,d,d+4);d+=4}let f=calculateMD5(l,0,d);const g=s>>3;if(n>=3)for(h=0;h<50;++h)f=calculateMD5(f,0,g);const p=f.subarray(0,g);let m,b;if(n>=3){d=0;l.set(CipherTransformFactory._defaultPasswordBytes,d);d+=32;l.set(e,d);d+=e.length;m=new ARCFourCipher(p);b=m.encryptBlock(calculateMD5(l,0,d));u=p.length;const t=new Uint8Array(u);for(h=1;h<=19;++h){for(let e=0;er[t]===e))?p:null}#De(e,t,a,r){const i=new Uint8Array(32);let n=0;const s=Math.min(32,e.length);for(;n>3;if(a>=3)for(o=0;o<50;++o)c=calculateMD5(c,0,c.length);let h,u;if(a>=3){u=t;const e=new Uint8Array(l);for(o=19;o>=0;o--){for(let t=0;t>8&255;n[s++]=e>>16&255;n[s++]=255&t;n[s++]=t>>8&255;if(r){n[s++]=115;n[s++]=65;n[s++]=108;n[s++]=84}return calculateMD5(n,0,s).subarray(0,Math.min(i+5,16))}#Re(e,t,a,r,i){if(!(t instanceof Name))throw new FormatError("Invalid crypt filter name.");const n=this,s=e.get(t.name),o=s?.get("CFM");if(!o||"None"===o.name)return function(){return new NullCipher};if("V2"===o.name)return function(){return new ARCFourCipher(n.#Be(a,r,i,!1))};if("AESV2"===o.name)return function(){return new AES128Cipher(n.#Be(a,r,i,!0))};if("AESV3"===o.name)return function(){return new AES256Cipher(i)};throw new FormatError("Unknown crypto method")}constructor(e,t,a){const r=e.get("Filter");if(!isName(r,"Standard"))throw new FormatError("unknown encryption method");this.filterName=r.name;this.dict=e;const i=e.get("V");if(!Number.isInteger(i)||1!==i&&2!==i&&4!==i&&5!==i)throw new FormatError("unsupported encryption algorithm");this.algorithm=i;let n=e.get("Length");if(!n)if(i<=3)n=40;else{const t=e.get("CF"),a=e.get("StmF");if(t instanceof Dict&&a instanceof Name){t.suppressEncryption=!0;const e=t.get(a.name);n=e?.get("Length")||128;n<40&&(n<<=3)}}if(!Number.isInteger(n)||n<40||n%8!=0)throw new FormatError("invalid key length");const s=stringToBytes(e.get("O")),o=stringToBytes(e.get("U")),c=s.subarray(0,32),l=o.subarray(0,32),h=e.get("P"),u=e.get("R"),d=(4===i||5===i)&&!1!==e.get("EncryptMetadata");this.encryptMetadata=d;const f=stringToBytes(t);let g,p;if(a){if(6===u)try{a=utf8StringToString(a)}catch{warn("CipherTransformFactory: Unable to convert UTF8 encoded password.")}g=stringToBytes(a)}if(5!==i)p=this.#Me(f,g,c,l,h,u,n,d);else{const t=s.subarray(32,40),a=s.subarray(40,48),r=o.subarray(0,48),i=o.subarray(32,40),n=o.subarray(40,48),h=stringToBytes(e.get("OE")),d=stringToBytes(e.get("UE")),f=stringToBytes(e.get("Perms"));p=this.#Oe(u,g,c,t,a,r,l,i,n,h,d,f)}if(!p){if(!a)throw new PasswordException("No password given",ha);const e=this.#De(g,c,u,n);p=this.#Me(f,e,c,l,h,u,n,d)}if(!p)throw new PasswordException("Incorrect Password",ua);if(4===i&&p.length<16){this.encryptionKey=new Uint8Array(16);this.encryptionKey.set(p)}else this.encryptionKey=p;if(i>=4){const t=e.get("CF");t instanceof Dict&&(t.suppressEncryption=!0);this.cf=t;this.stmf=e.get("StmF")||Name.get("Identity");this.strf=e.get("StrF")||Name.get("Identity");this.eff=e.get("EFF")||this.stmf}}createCipherTransform(e,t){if(4===this.algorithm||5===this.algorithm)return new CipherTransform(this.#Re(this.cf,this.strf,e,t,this.encryptionKey),this.#Re(this.cf,this.stmf,e,t,this.encryptionKey));const a=this.#Be(e,t,this.encryptionKey,!1),cipherConstructor=function(){return new ARCFourCipher(a)};return new CipherTransform(cipherConstructor,cipherConstructor)}}class XRef{#Ne=null;constructor(e,t){this.stream=e;this.pdfManager=t;this.entries=[];this._xrefStms=new Set;this._cacheMap=new Map;this._pendingRefs=new RefSet;this._newPersistentRefNum=null;this._newTemporaryRefNum=null;this._persistentRefsCache=null}getNewPersistentRef(e){null===this._newPersistentRefNum&&(this._newPersistentRefNum=this.entries.length||1);const t=this._newPersistentRefNum++;this._cacheMap.set(t,e);return Ref.get(t,0)}getNewTemporaryRef(){if(null===this._newTemporaryRefNum){this._newTemporaryRefNum=this.entries.length||1;if(this._newPersistentRefNum){this._persistentRefsCache=new Map;for(let e=this._newTemporaryRefNum;e0;){const[s,o]=n;if(!Number.isInteger(s)||!Number.isInteger(o))throw new FormatError(`Invalid XRef range fields: ${s}, ${o}`);if(!Number.isInteger(a)||!Number.isInteger(r)||!Number.isInteger(i))throw new FormatError(`Invalid XRef entry fields length: ${s}, ${o}`);for(let n=t.entryNum;n=e.length);){a+=String.fromCharCode(r);r=e[t]}return a}function skipUntil(e,t,a){const r=a.length,i=e.length;let n=0;for(;t=r)break;t++;n++}return n}const e=/\b(endobj|\d+\s+\d+\s+obj|xref|trailer\s*<<)\b/g,t=/\b(startxref|\d+\s+\d+\s+obj)\b/g,a=/^(\d+)\s+(\d+)\s+obj\b/,r=new Uint8Array([116,114,97,105,108,101,114]),i=new Uint8Array([115,116,97,114,116,120,114,101,102]),n=new Uint8Array([47,88,82,101,102]);this.entries.length=0;this._cacheMap.clear();const s=this.stream;s.pos=0;const o=s.getBytes(),c=bytesToString(o),l=o.length;let h=s.start;const u=[],d=[];for(;h=l)break;f=o[h]}while(10!==f&&13!==f);continue}const g=readToken(o,h);let p;if(g.startsWith("xref")&&(4===g.length||/\s/.test(g[4]))){h+=skipUntil(o,h,r);u.push(h);h+=skipUntil(o,h,i)}else if(p=a.exec(g)){const t=0|p[1],a=0|p[2],r=h+g.length;let i,u=!1;if(this.entries[t]){if(this.entries[t].gen===a)try{new Parser({lexer:new Lexer(s.makeSubStream(r))}).getObj();u=!0}catch(e){e instanceof ParserEOFException?warn(`indexObjects -- checking object (${g}): "${e}".`):u=!0}}else u=!0;u&&(this.entries[t]={offset:h-s.start,gen:a,uncompressed:!0});e.lastIndex=r;const f=e.exec(c);if(f){i=e.lastIndex+1-h;if("endobj"!==f[1]){warn(`indexObjects: Found "${f[1]}" inside of another "obj", caused by missing "endobj" -- trying to recover.`);i-=f[1].length+1}}else i=l-h;const m=o.subarray(h,h+i),b=skipUntil(m,0,n);if(b0?Math.max(...this._xrefStms):null)}getEntry(e){const t=this.entries[e];return t&&!t.free&&t.offset?t:null}fetchIfRef(e,t=!1){return e instanceof Ref?this.fetch(e,t):e}fetch(e,t=!1){if(!(e instanceof Ref))throw new Error("ref object is not a reference");const a=e.num,r=this._cacheMap.get(a);if(void 0!==r){r instanceof Dict&&!r.objId&&(r.objId=e.toString());return r}let i=this.getEntry(a);if(null===i)return i;if(this._pendingRefs.has(e)){this._pendingRefs.remove(e);warn(`Ignoring circular reference: ${e}.`);return ya}this._pendingRefs.put(e);try{i=i.uncompressed?this.fetchUncompressed(e,i,t):this.fetchCompressed(e,i,t);this._pendingRefs.remove(e)}catch(t){this._pendingRefs.remove(e);throw t}i instanceof Dict?i.objId=e.toString():i instanceof BaseStream&&(i.dict.objId=e.toString());return i}fetchUncompressed(e,t,a=!1){const r=e.gen;let i=e.num;if(t.gen!==r){const n=`Inconsistent generation in XRef: ${e}`;if(this._generationFallback&&t.gen0&&t[3]-t[1]>0)return t;warn(`Empty, or invalid, /${e} entry.`)}return null}get mediaBox(){return shadow(this,"mediaBox",this.#je("MediaBox")||yc)}get cropBox(){return shadow(this,"cropBox",this.#je("CropBox")||this.mediaBox)}get userUnit(){const e=this.pageDict.get("UserUnit");return shadow(this,"userUnit","number"==typeof e&&e>0?e:1)}get view(){const{cropBox:e,mediaBox:t}=this;if(e!==t&&!isArrayEqual(e,t)){const a=Util.intersect(e,t);if(a&&a[2]-a[0]>0&&a[3]-a[1]>0)return shadow(this,"view",a);warn("Empty /CropBox and /MediaBox intersection.")}return shadow(this,"view",t)}get rotate(){let e=this.#Le("Rotate")||0;e%90!=0?e=0:e>=360?e%=360:e<0&&(e=(e%360+360)%360);return shadow(this,"rotate",e)}#_e(e,t){if(!this.evaluatorOptions.ignoreErrors)throw e;warn(`getContentStream - ignoring sub-stream (${t}): "${e}".`)}async getContentStream(){const e=await this.pdfManager.ensure(this,"content");return e instanceof BaseStream?e:Array.isArray(e)?new StreamsSequenceStream(e,this.#_e.bind(this)):new NullStream}get xfaData(){return shadow(this,"xfaData",this.xfaFactory?{bbox:this.xfaFactory.getBoundingBox(this.pageIndex)}:null)}async#Ue(e,t,a){const r=[];for(const i of e)if(i.id){const e=Ref.fromString(i.id);if(!e){warn(`A non-linked annotation cannot be modified: ${i.id}`);continue}if(i.deleted){t.put(e,e);if(i.popupRef){const e=Ref.fromString(i.popupRef);e&&t.put(e,e)}continue}a?.put(e);i.ref=e;r.push(this.xref.fetchAsync(e).then((e=>{e instanceof Dict&&(i.oldAnnotation=e.clone())}),(()=>{warn(`Cannot fetch \`oldAnnotation\` for: ${e}.`)})));delete i.id}await Promise.all(r)}async saveNewAnnotations(e,t,a,r,i){if(this.xfaFactory)throw new Error("XFA: Cannot save new annotations.");const n=this.#Pe(e),s=new RefSetCache,o=new RefSet;await this.#Ue(a,s,o);const c=this.pageDict,l=this.annotations.filter((e=>!(e instanceof Ref&&s.has(e)))),h=await AnnotationFactory.saveNewAnnotations(n,t,a,r,i);for(const{ref:e}of h.annotations)e instanceof Ref&&!o.has(e)&&l.push(e);const u=c.clone();u.set("Annots",l);i.put(this.ref,{data:u});for(const e of s)i.put(e,{data:null})}async save(e,t,a,r){const i=this.#Pe(e),n=await this._parsedAnnotations,s=[];for(const e of n)s.push(e.save(i,t,a,r).catch((function(e){warn(`save - ignoring annotation data during "${t.name}" task: "${e}".`);return null})));return Promise.all(s)}async loadResources(e){await(this.#Ee??=this.pdfManager.ensure(this,"resources"));await ObjectLoader.load(this.resources,e,this.xref)}async#Xe(e,t){const a=e?.get("Resources");if(!(a instanceof Dict&&a.size))return this.resources;await ObjectLoader.load(a,t,this.xref);return Dict.merge({xref:this.xref,dictArray:[a,this.resources],mergeSubDicts:!0})}async getOperatorList({handler:e,sink:t,task:a,intent:r,cacheKey:i,annotationStorage:c=null,modifiedIds:d=null}){const g=this.getContentStream(),p=this.loadResources(Ia),m=this.#Pe(e),b=this.xfaFactory?null:getNewAnnotationsMap(c),y=b?.get(this.pageIndex);let w=Promise.resolve(null),x=null;if(y){const e=this.pdfManager.ensureDoc("annotationGlobals");let t;const r=new Set;for(const{bitmapId:e,bitmap:t}of y)!e||t||r.has(e)||r.add(e);const{isOffscreenCanvasSupported:i}=this.evaluatorOptions;if(r.size>0){const e=y.slice();for(const[t,a]of c)t.startsWith(f)&&a.bitmap&&r.has(a.bitmapId)&&e.push(a);t=AnnotationFactory.generateImages(e,this.xref,i)}else t=AnnotationFactory.generateImages(y,this.xref,i);x=new RefSet;w=Promise.all([e,this.#Ue(y,x,null)]).then((([e])=>e?AnnotationFactory.printNewAnnotations(e,m,a,y,t):null))}const S=Promise.all([g,p]).then((async([n])=>{const s=await this.#Xe(n.dict,Ia),o=new OperatorList(r,t);e.send("StartRenderPage",{transparency:m.hasBlendModes(s,this.nonBlendModesSet),pageIndex:this.pageIndex,cacheKey:i});await m.getOperatorList({stream:n,task:a,resources:s,operatorList:o});return o}));let[k,C,v]=await Promise.all([S,this._parsedAnnotations,w]);if(v){C=C.filter((e=>!(e.ref&&x.has(e.ref))));for(let e=0,t=v.length;ee.ref&&isRefsEqual(e.ref,a.refToReplace)));if(r>=0){C.splice(r,1,a);v.splice(e--,1);t--}}}C=C.concat(v)}if(0===C.length||r&h){k.flush(!0);return{length:k.totalLength}}const F=!!(r&l),T=!!(r&u),O=!!(r&n),M=!!(r&s),D=!!(r&o),R=[];for(const e of C)(O||M&&e.mustBeViewed(c,F)&&e.mustBeViewedWhenEditing(T,d)||D&&e.mustBePrinted(c))&&R.push(e.getOperatorList(m,a,r,c).catch((function(e){warn(`getOperatorList - ignoring annotation data during "${a.name}" task: "${e}".`);return{opList:null,separateForm:!1,separateCanvas:!1}})));const N=await Promise.all(R);let E=!1,L=!1;for(const{opList:e,separateForm:t,separateCanvas:a}of N){k.addOpList(e);E||=t;L||=a}k.flush(!0,{form:E,canvas:L});return{length:k.totalLength}}async extractTextContent({handler:e,task:t,includeMarkedContent:a,disableNormalization:r,sink:i,intersector:n=null}){const s=this.getContentStream(),o=this.loadResources(Ta),c=this.pdfManager.ensureCatalog("lang"),[l,,h]=await Promise.all([s,o,c]),u=await this.#Xe(l.dict,Ta);return this.#Pe(e).getTextContent({stream:l,task:t,resources:u,includeMarkedContent:a,disableNormalization:r,sink:i,viewBox:this.view,lang:h,intersector:n})}async getStructTree(){const e=await this.pdfManager.ensureCatalog("structTreeRoot");if(!e)return null;await this._parsedAnnotations;try{const t=await this.pdfManager.ensure(this,"_parseStructTree",[e]);return await this.pdfManager.ensure(t,"serializable")}catch(e){warn(`getStructTree: "${e}".`);return null}}_parseStructTree(e){const t=new StructTreePage(e,this.pageDict);t.parse(this.ref);return t}async getAnnotationsData(e,t,a){const r=await this._parsedAnnotations;if(0===r.length)return r;const i=[],c=[];let l;const h=!!(a&n),u=!!(a&s),d=!!(a&o),f=[];for(const a of r){const r=h||u&&a.viewable;(r||d&&a.printable)&&i.push(a.data);if(a.hasTextContent&&r){l??=this.#Pe(e);c.push(a.extractTextContent(l,t,[-1/0,-1/0,1/0,1/0]).catch((function(e){warn(`getAnnotationsData - ignoring textContent during "${t.name}" task: "${e}".`)})))}else a.overlaysTextContent&&r&&f.push(a)}if(f.length>0){const a=new Intersector(f);c.push(this.extractTextContent({handler:e,task:t,includeMarkedContent:!1,disableNormalization:!1,sink:null,viewBox:this.view,lang:null,intersector:a}).then((()=>{a.setText()})))}await Promise.all(c);return i}get annotations(){const e=this.#Le("Annots");return shadow(this,"annotations",Array.isArray(e)?e:[])}get _parsedAnnotations(){return shadow(this,"_parsedAnnotations",this.pdfManager.ensure(this,"annotations").then((async e=>{if(0===e.length)return e;const[t,a]=await Promise.all([this.pdfManager.ensureDoc("annotationGlobals"),this.pdfManager.ensureDoc("fieldObjects")]);if(!t)return[];const r=a?.orphanFields,i=[];for(const a of e)i.push(AnnotationFactory.create(this.xref,a,t,this._localIdFactory,!1,r,this.ref).catch((function(e){warn(`_parsedAnnotations: "${e}".`);return null})));const n=[];let s,o;for(const e of await Promise.all(i))e&&(e instanceof WidgetAnnotation?(o||=[]).push(e):e instanceof PopupAnnotation?(s||=[]).push(e):n.push(e));o&&n.push(...o);s&&n.push(...s);return n})))}get jsActions(){return shadow(this,"jsActions",collectActions(this.xref,this.pageDict,xe))}}const wc=new Uint8Array([37,80,68,70,45]),xc=new Uint8Array([115,116,97,114,116,120,114,101,102]),Sc=new Uint8Array([101,110,100,111,98,106]);function find(e,t,a=1024,r=!1){const i=t.length,n=e.peekBytes(a),s=n.length-i;if(s<=0)return!1;if(r){const a=i-1;let r=n.length-1;for(;r>=a;){let s=0;for(;s=i){e.pos+=r-a;return!0}r--}}else{let a=0;for(;a<=s;){let r=0;for(;r=i){e.pos+=a;return!0}a++}}return!1}class PDFDocument{#qe=new Map;#He=null;constructor(e,t){if(t.length<=0)throw new InvalidPDFException("The PDF file is empty, i.e. its size is zero bytes.");this.pdfManager=e;this.stream=t;this.xref=new XRef(t,e);const a={font:0};this._globalIdFactory=class{static getDocId(){return`g_${e.docId}`}static createFontId(){return"f"+ ++a.font}static createObjId(){unreachable("Abstract method `createObjId` called.")}static getPageObjId(){unreachable("Abstract method `getPageObjId` called.")}}}parse(e){this.xref.parse(e);this.catalog=new Catalog(this.pdfManager,this.xref)}get linearization(){let e=null;try{e=Linearization.create(this.stream)}catch(e){if(e instanceof MissingDataException)throw e;info(e)}return shadow(this,"linearization",e)}get startXRef(){const e=this.stream;let t=0;if(this.linearization){e.reset();if(find(e,Sc)){e.skip(6);let a=e.peekByte();for(;isWhiteSpace(a);){e.pos++;a=e.peekByte()}t=e.pos-e.start}}else{const a=1024,r=xc.length;let i=!1,n=e.end;for(;!i&&n>0;){n-=a-r;n<0&&(n=0);e.pos=n;i=find(e,xc,a,!0)}if(i){e.skip(9);let a;do{a=e.getByte()}while(isWhiteSpace(a));let r="";for(;a>=32&&a<=57;){r+=String.fromCharCode(a);a=e.getByte()}t=parseInt(r,10);isNaN(t)&&(t=0)}}return shadow(this,"startXRef",t)}checkHeader(){const e=this.stream;e.reset();if(!find(e,wc))return;e.moveStart();e.skip(wc.length);let t,a="";for(;(t=e.getByte())>32&&a.length<7;)a+=String.fromCharCode(t);Ca.test(a)?this.#He=a:warn(`Invalid PDF header version: ${a}`)}parseStartXRef(){this.xref.setStartXRef(this.startXRef)}get numPages(){let e=0;e=this.catalog.hasActualNumPages?this.catalog.numPages:this.xfaFactory?this.xfaFactory.getNumPages():this.linearization?this.linearization.numPages:this.catalog.numPages;return shadow(this,"numPages",e)}#We(e,t=0){return!!Array.isArray(e)&&e.every((e=>{if(!((e=this.xref.fetchIfRef(e))instanceof Dict))return!1;if(e.has("Kids")){if(++t>10){warn("#hasOnlyDocumentSignatures: maximum recursion depth reached");return!1}return this.#We(e.get("Kids"),t)}const a=isName(e.get("FT"),"Sig"),r=e.get("Rect"),i=Array.isArray(r)&&r.every((e=>0===e));return a&&i}))}#ze(e,t,a=new RefSet){if(Array.isArray(e))for(let r of e){if(r instanceof Ref){if(a.has(r))continue;a.put(r)}r=this.xref.fetchIfRef(r);if(!(r instanceof Dict))continue;if(r.has("Kids")){this.#ze(r.get("Kids"),t,a);continue}if(!isName(r.get("FT"),"Sig"))continue;const e=r.get("V");if(!(e instanceof Dict))continue;const i=e.get("SubFilter");i instanceof Name&&t.add(i.name)}}get _xfaStreams(){const{acroForm:e}=this.catalog;if(!e)return null;const t=e.get("XFA"),a=new Map(["xdp:xdp","template","datasets","config","connectionSet","localeSet","stylesheet","/xdp:xdp"].map((e=>[e,null])));if(t instanceof BaseStream&&!t.isEmpty){a.set("xdp:xdp",t);return a}if(!Array.isArray(t)||0===t.length)return null;for(let e=0,r=t.length;el.handleSetFont(r,[Name.get(e),1],null,h,t,d,a,i).catch((e=>{warn(`loadXfaFonts: "${e}".`);return null})),f=[];for(const[e,t]of i){const a=t.get("FontDescriptor");if(!(a instanceof Dict))continue;let r=a.get("FontFamily");r=r.replaceAll(/[ ]+(\d)/g,"$1");const i={fontFamily:r,fontWeight:a.get("FontWeight"),italicAngle:-a.get("ItalicAngle")};validateCSSFont(i)&&f.push(parseFont(e,null,i))}await Promise.all(f);const g=this.xfaFactory.setFonts(u);if(!g)return;n.ignoreErrors=!0;f.length=0;u.length=0;const p=new Set;for(const e of g)getXfaFontName(`${e}-Regular`)||p.add(e);p.size&&g.push("PdfJS-Fallback");for(const e of g)if(!p.has(e))for(const t of[{name:"Regular",fontWeight:400,italicAngle:0},{name:"Bold",fontWeight:700,italicAngle:0},{name:"Italic",fontWeight:400,italicAngle:12},{name:"BoldItalic",fontWeight:700,italicAngle:12}]){const a=`${e}-${t.name}`;f.push(parseFont(a,getXfaFontDict(a),{fontFamily:e,fontWeight:t.fontWeight,italicAngle:t.italicAngle}))}await Promise.all(f);this.xfaFactory.appendFonts(u,p)}loadXfaResources(e,t){return Promise.all([this.#Ge(e,t).catch((()=>{})),this.#$e()])}serializeXfaData(e){return this.xfaFactory?this.xfaFactory.serializeData(e):null}get version(){return this.catalog.version||this.#He}get formInfo(){const e={hasFields:!1,hasAcroForm:!1,hasXfa:!1,hasSignatures:!1},{acroForm:t}=this.catalog;if(!t)return shadow(this,"formInfo",e);try{const a=t.get("Fields"),r=Array.isArray(a)&&a.length>0;e.hasFields=r;const i=t.get("XFA");e.hasXfa=Array.isArray(i)&&i.length>0||i instanceof BaseStream&&!i.isEmpty;const n=!!(1&t.get("SigFlags")),s=n&&this.#We(a);e.hasAcroForm=r&&!s;e.hasSignatures=n}catch(e){if(e instanceof MissingDataException)throw e;warn(`Cannot fetch form information: "${e}".`)}return shadow(this,"formInfo",e)}get documentInfo(){const{catalog:e,formInfo:t,xref:a}=this,r={PDFFormatVersion:this.version,Language:e.lang,EncryptFilterName:a.encrypt?.filterName??null,IsLinearized:!!this.linearization,IsAcroFormPresent:t.hasAcroForm,IsXFAPresent:t.hasXfa,IsCollectionPresent:!!e.collection,IsSignaturesPresent:t.hasSignatures};let i;try{i=a.trailer.get("Info")}catch(e){if(e instanceof MissingDataException)throw e;info("The document information dictionary is invalid.")}if(!(i instanceof Dict))return shadow(this,"documentInfo",r);for(const[e,t]of i){switch(e){case"Title":case"Author":case"Subject":case"Keywords":case"Creator":case"Producer":case"CreationDate":case"ModDate":if("string"==typeof t){r[e]=stringToPDFString(t);continue}break;case"Trapped":if(t instanceof Name){r[e]=t;continue}break;default:let a;switch(typeof t){case"string":a=stringToPDFString(t);break;case"number":case"boolean":a=t;break;default:t instanceof Name&&(a=t)}if(void 0===a){warn(`Bad value, for custom key "${e}", in Info: ${t}.`);continue}r.Custom??=Object.create(null);r.Custom[e]=a;continue}warn(`Bad value, for key "${e}", in Info: ${t}.`)}return shadow(this,"documentInfo",r)}get fingerprints(){const e="\0".repeat(16);function validate(t){return"string"==typeof t&&16===t.length&&t!==e}const t=this.xref.trailer.get("ID");let a,r;if(Array.isArray(t)&&validate(t[0])){a=stringToBytes(t[0]);t[1]!==t[0]&&validate(t[1])&&(r=stringToBytes(t[1]))}else a=calculateMD5(this.stream.getByteRange(0,1024),0,1024);return shadow(this,"fingerprints",[toHexUtil(a),r?toHexUtil(r):null])}async#Ve(e){const{catalog:t,linearization:a,xref:r}=this,i=Ref.get(a.objectNumberFirst,0);try{const e=await r.fetchAsync(i);if(e instanceof Dict){let a=e.getRaw("Type");a instanceof Ref&&(a=await r.fetchAsync(a));if(isName(a,"Page")||!e.has("Type")&&!e.has("Kids")&&e.has("Contents")){t.pageKidsCountCache.has(i)||t.pageKidsCountCache.put(i,1);t.pageIndexCache.has(i)||t.pageIndexCache.put(i,0);return[e,i]}}throw new FormatError("The Linearization dictionary doesn't point to a valid Page dictionary.")}catch(a){warn(`_getLinearizationPage: "${a.message}".`);return t.getPageDict(e)}}getPage(e){const t=this.#qe.get(e);if(t)return t;const{catalog:a,linearization:r,xfaFactory:i}=this;let n;n=i?Promise.resolve([Dict.empty,null]):r?.pageFirst===e?this.#Ve(e):a.getPageDict(e);n=n.then((([t,r])=>new Page({pdfManager:this.pdfManager,xref:this.xref,pageIndex:e,pageDict:t,ref:r,globalIdFactory:this._globalIdFactory,fontCache:a.fontCache,builtInCMapCache:a.builtInCMapCache,standardFontDataCache:a.standardFontDataCache,globalColorSpaceCache:a.globalColorSpaceCache,globalImageCache:a.globalImageCache,systemFontCache:a.systemFontCache,nonBlendModesSet:a.nonBlendModesSet,xfaFactory:i})));this.#qe.set(e,n);return n}async checkFirstPage(e=!1){if(!e)try{await this.getPage(0)}catch(e){if(e instanceof XRefEntryException){this.#qe.delete(0);await this.cleanup();throw new XRefParseException}}}async checkLastPage(e=!1){const{catalog:t,pdfManager:a}=this;t.setActualNumPages();let r;try{await Promise.all([a.ensureDoc("xfaFactory"),a.ensureDoc("linearization"),a.ensureCatalog("numPages")]);if(this.xfaFactory)return;r=this.linearization?this.linearization.numPages:t.numPages;if(!Number.isInteger(r))throw new FormatError("Page count is not an integer.");if(r<=1)return;await this.getPage(r-1)}catch(i){this.#qe.delete(r-1);await this.cleanup();if(i instanceof XRefEntryException&&!e)throw new XRefParseException;warn(`checkLastPage - invalid /Pages tree /Count: ${r}.`);let n;try{n=await t.getAllPageDicts(e)}catch(a){if(a instanceof XRefEntryException&&!e)throw new XRefParseException;t.setActualNumPages(1);return}for(const[e,[r,i]]of n){let n;if(r instanceof Error){n=Promise.reject(r);n.catch((()=>{}))}else n=Promise.resolve(new Page({pdfManager:a,xref:this.xref,pageIndex:e,pageDict:r,ref:i,globalIdFactory:this._globalIdFactory,fontCache:t.fontCache,builtInCMapCache:t.builtInCMapCache,standardFontDataCache:t.standardFontDataCache,globalColorSpaceCache:this.globalColorSpaceCache,globalImageCache:t.globalImageCache,systemFontCache:t.systemFontCache,nonBlendModesSet:t.nonBlendModesSet,xfaFactory:null}));this.#qe.set(e,n)}t.setActualNumPages(n.size)}}async fontFallback(e,t){const{catalog:a,pdfManager:r}=this;for(const i of await Promise.all(a.fontCache))if(i.loadedName===e){i.fallback(t,r.evaluatorOptions);return}}async cleanup(e=!1){return this.catalog?this.catalog.cleanup(e):clearGlobalCaches()}async#Ke(e,t,a,r,i,n,s){const{xref:o}=this;if(!(a instanceof Ref)||n.has(a))return;n.put(a);const c=await o.fetchAsync(a);if(!(c instanceof Dict))return;let l=await c.getAsync("Subtype");l=l instanceof Name?l.name:null;if("Link"===l)return;if(c.has("T")){const t=stringToPDFString(await c.getAsync("T"));e=""===e?t:`${e}.${t}`}else{let a=c;for(;;){a=a.getRaw("Parent")||t;if(a instanceof Ref){if(n.has(a))break;a=await o.fetchAsync(a)}if(!(a instanceof Dict))break;if(a.has("T")){const t=stringToPDFString(await a.getAsync("T"));e=""===e?t:`${e}.${t}`;break}}}t&&!c.has("Parent")&&isName(c.get("Subtype"),"Widget")&&s.put(a,t);r.has(e)||r.set(e,[]);r.get(e).push(AnnotationFactory.create(o,a,i,null,!0,s,null).then((e=>e?.getFieldObject())).catch((function(e){warn(`#collectFieldObjects: "${e}".`);return null})));if(!c.has("Kids"))return;const h=await c.getAsync("Kids");if(Array.isArray(h))for(const t of h)await this.#Ke(e,a,t,r,i,n,s)}get fieldObjects(){return shadow(this,"fieldObjects",this.pdfManager.ensureDoc("formInfo").then((async e=>{if(!e.hasFields)return null;const t=await this.annotationGlobals;if(!t)return null;const{acroForm:a}=t,r=new RefSet,i=Object.create(null),n=new Map,s=new RefSetCache;for(const e of a.get("Fields"))await this.#Ke("",null,e,n,t,r,s);const o=[];for(const[e,t]of n)o.push(Promise.all(t).then((t=>{(t=t.filter((e=>!!e))).length>0&&(i[e]=t)})));await Promise.all(o);return{allFields:objectSize(i)>0?i:null,orphanFields:s}})))}get hasJSActions(){return shadow(this,"hasJSActions",this.pdfManager.ensureDoc("_parseHasJSActions"))}async _parseHasJSActions(){const[e,t]=await Promise.all([this.pdfManager.ensureCatalog("jsActions"),this.pdfManager.ensureDoc("fieldObjects")]);return!!e||!!t?.allFields&&Object.values(t.allFields).some((e=>e.some((e=>null!==e.actions))))}get calculationOrderIds(){const e=this.catalog.acroForm?.get("CO");if(!Array.isArray(e)||0===e.length)return shadow(this,"calculationOrderIds",null);const t=[];for(const a of e)a instanceof Ref&&t.push(a.toString());return shadow(this,"calculationOrderIds",t.length?t:null)}get annotationGlobals(){return shadow(this,"annotationGlobals",AnnotationFactory.createGlobals(this.pdfManager))}}class BasePdfManager{constructor({docBaseUrl:e,docId:t,enableXfa:a,evaluatorOptions:r,handler:i,password:n}){this._docBaseUrl=function parseDocBaseUrl(e){if(e){const t=createValidAbsoluteUrl(e);if(t)return t.href;warn(`Invalid absolute docBaseUrl: "${e}".`)}return null}(e);this._docId=t;this._password=n;this.enableXfa=a;r.isOffscreenCanvasSupported&&=FeatureTest.isOffscreenCanvasSupported;r.isImageDecoderSupported&&=FeatureTest.isImageDecoderSupported;this.evaluatorOptions=Object.freeze(r);ImageResizer.setOptions(r);JpegStream.setOptions(r);OperatorList.setOptions(r);const s={...r,handler:i};JpxImage.setOptions(s);IccColorSpace.setOptions(s);CmykICCBasedCS.setOptions(s)}get docId(){return this._docId}get password(){return this._password}get docBaseUrl(){return this._docBaseUrl}ensureDoc(e,t){return this.ensure(this.pdfDocument,e,t)}ensureXRef(e,t){return this.ensure(this.pdfDocument.xref,e,t)}ensureCatalog(e,t){return this.ensure(this.pdfDocument.catalog,e,t)}getPage(e){return this.pdfDocument.getPage(e)}fontFallback(e,t){return this.pdfDocument.fontFallback(e,t)}cleanup(e=!1){return this.pdfDocument.cleanup(e)}async ensure(e,t,a){unreachable("Abstract method `ensure` called")}requestRange(e,t){unreachable("Abstract method `requestRange` called")}requestLoadedStream(e=!1){unreachable("Abstract method `requestLoadedStream` called")}sendProgressiveData(e){unreachable("Abstract method `sendProgressiveData` called")}updatePassword(e){this._password=e}terminate(e){unreachable("Abstract method `terminate` called")}}class LocalPdfManager extends BasePdfManager{constructor(e){super(e);const t=new Stream(e.source);this.pdfDocument=new PDFDocument(this,t);this._loadedStreamPromise=Promise.resolve(t)}async ensure(e,t,a){const r=e[t];return"function"==typeof r?r.apply(e,a):r}requestRange(e,t){return Promise.resolve()}requestLoadedStream(e=!1){return this._loadedStreamPromise}terminate(e){}}class NetworkPdfManager extends BasePdfManager{constructor(e){super(e);this.streamManager=new ChunkedStreamManager(e.source,{msgHandler:e.handler,length:e.length,disableAutoFetch:e.disableAutoFetch,rangeChunkSize:e.rangeChunkSize});this.pdfDocument=new PDFDocument(this,this.streamManager.getStream())}async ensure(e,t,a){try{const r=e[t];return"function"==typeof r?r.apply(e,a):r}catch(r){if(!(r instanceof MissingDataException))throw r;await this.requestRange(r.begin,r.end);return this.ensure(e,t,a)}}requestRange(e,t){return this.streamManager.requestRange(e,t)}requestLoadedStream(e=!1){return this.streamManager.requestAllChunks(e)}sendProgressiveData(e){this.streamManager.onReceiveData({chunk:e})}terminate(e){this.streamManager.abort(e)}}const kc=1,Ac=2,Cc=1,vc=2,Fc=3,Ic=4,Tc=5,Oc=6,Mc=7,Dc=8;function onFn(){}function wrapReason(e){if(e instanceof AbortException||e instanceof InvalidPDFException||e instanceof PasswordException||e instanceof ResponseException||e instanceof UnknownErrorException)return e;e instanceof Error||"object"==typeof e&&null!==e||unreachable('wrapReason: Expected "reason" to be a (possibly cloned) Error.');switch(e.name){case"AbortException":return new AbortException(e.message);case"InvalidPDFException":return new InvalidPDFException(e.message);case"PasswordException":return new PasswordException(e.message,e.code);case"ResponseException":return new ResponseException(e.message,e.status,e.missing);case"UnknownErrorException":return new UnknownErrorException(e.message,e.details)}return new UnknownErrorException(e.message,e.toString())}class MessageHandler{#Je=new AbortController;constructor(e,t,a){this.sourceName=e;this.targetName=t;this.comObj=a;this.callbackId=1;this.streamId=1;this.streamSinks=Object.create(null);this.streamControllers=Object.create(null);this.callbackCapabilities=Object.create(null);this.actionHandler=Object.create(null);a.addEventListener("message",this.#Ye.bind(this),{signal:this.#Je.signal})}#Ye({data:e}){if(e.targetName!==this.sourceName)return;if(e.stream){this.#Ze(e);return}if(e.callback){const t=e.callbackId,a=this.callbackCapabilities[t];if(!a)throw new Error(`Cannot resolve callback ${t}`);delete this.callbackCapabilities[t];if(e.callback===kc)a.resolve(e.data);else{if(e.callback!==Ac)throw new Error("Unexpected callback case");a.reject(wrapReason(e.reason))}return}const t=this.actionHandler[e.action];if(!t)throw new Error(`Unknown action from worker: ${e.action}`);if(e.callbackId){const a=this.sourceName,r=e.sourceName,i=this.comObj;Promise.try(t,e.data).then((function(t){i.postMessage({sourceName:a,targetName:r,callback:kc,callbackId:e.callbackId,data:t})}),(function(t){i.postMessage({sourceName:a,targetName:r,callback:Ac,callbackId:e.callbackId,reason:wrapReason(t)})}))}else e.streamId?this.#Qe(e):t(e.data)}on(e,t){const a=this.actionHandler;if(a[e])throw new Error(`There is already an actionName called "${e}"`);a[e]=t}send(e,t,a){this.comObj.postMessage({sourceName:this.sourceName,targetName:this.targetName,action:e,data:t},a)}sendWithPromise(e,t,a){const r=this.callbackId++,i=Promise.withResolvers();this.callbackCapabilities[r]=i;try{this.comObj.postMessage({sourceName:this.sourceName,targetName:this.targetName,action:e,callbackId:r,data:t},a)}catch(e){i.reject(e)}return i.promise}sendWithStream(e,t,a,r){const i=this.streamId++,n=this.sourceName,s=this.targetName,o=this.comObj;return new ReadableStream({start:a=>{const c=Promise.withResolvers();this.streamControllers[i]={controller:a,startCall:c,pullCall:null,cancelCall:null,isClosed:!1};o.postMessage({sourceName:n,targetName:s,action:e,streamId:i,data:t,desiredSize:a.desiredSize},r);return c.promise},pull:e=>{const t=Promise.withResolvers();this.streamControllers[i].pullCall=t;o.postMessage({sourceName:n,targetName:s,stream:Oc,streamId:i,desiredSize:e.desiredSize});return t.promise},cancel:e=>{assert(e instanceof Error,"cancel must have a valid reason");const t=Promise.withResolvers();this.streamControllers[i].cancelCall=t;this.streamControllers[i].isClosed=!0;o.postMessage({sourceName:n,targetName:s,stream:Cc,streamId:i,reason:wrapReason(e)});return t.promise}},a)}#Qe(e){const t=e.streamId,a=this.sourceName,r=e.sourceName,i=this.comObj,n=this,s=this.actionHandler[e.action],o={enqueue(e,n=1,s){if(this.isCancelled)return;const o=this.desiredSize;this.desiredSize-=n;if(o>0&&this.desiredSize<=0){this.sinkCapability=Promise.withResolvers();this.ready=this.sinkCapability.promise}i.postMessage({sourceName:a,targetName:r,stream:Ic,streamId:t,chunk:e},s)},close(){if(!this.isCancelled){this.isCancelled=!0;i.postMessage({sourceName:a,targetName:r,stream:Fc,streamId:t});delete n.streamSinks[t]}},error(e){assert(e instanceof Error,"error must have a valid reason");if(!this.isCancelled){this.isCancelled=!0;i.postMessage({sourceName:a,targetName:r,stream:Tc,streamId:t,reason:wrapReason(e)})}},sinkCapability:Promise.withResolvers(),onPull:null,onCancel:null,isCancelled:!1,desiredSize:e.desiredSize,ready:null};o.sinkCapability.resolve();o.ready=o.sinkCapability.promise;this.streamSinks[t]=o;Promise.try(s,e.data,o).then((function(){i.postMessage({sourceName:a,targetName:r,stream:Dc,streamId:t,success:!0})}),(function(e){i.postMessage({sourceName:a,targetName:r,stream:Dc,streamId:t,reason:wrapReason(e)})}))}#Ze(e){const t=e.streamId,a=this.sourceName,r=e.sourceName,i=this.comObj,n=this.streamControllers[t],s=this.streamSinks[t];switch(e.stream){case Dc:e.success?n.startCall.resolve():n.startCall.reject(wrapReason(e.reason));break;case Mc:e.success?n.pullCall.resolve():n.pullCall.reject(wrapReason(e.reason));break;case Oc:if(!s){i.postMessage({sourceName:a,targetName:r,stream:Mc,streamId:t,success:!0});break}s.desiredSize<=0&&e.desiredSize>0&&s.sinkCapability.resolve();s.desiredSize=e.desiredSize;Promise.try(s.onPull||onFn).then((function(){i.postMessage({sourceName:a,targetName:r,stream:Mc,streamId:t,success:!0})}),(function(e){i.postMessage({sourceName:a,targetName:r,stream:Mc,streamId:t,reason:wrapReason(e)})}));break;case Ic:assert(n,"enqueue should have stream controller");if(n.isClosed)break;n.controller.enqueue(e.chunk);break;case Fc:assert(n,"close should have stream controller");if(n.isClosed)break;n.isClosed=!0;n.controller.close();this.#et(n,t);break;case Tc:assert(n,"error should have stream controller");n.controller.error(wrapReason(e.reason));this.#et(n,t);break;case vc:e.success?n.cancelCall.resolve():n.cancelCall.reject(wrapReason(e.reason));this.#et(n,t);break;case Cc:if(!s)break;const o=wrapReason(e.reason);Promise.try(s.onCancel||onFn,o).then((function(){i.postMessage({sourceName:a,targetName:r,stream:vc,streamId:t,success:!0})}),(function(e){i.postMessage({sourceName:a,targetName:r,stream:vc,streamId:t,reason:wrapReason(e)})}));s.sinkCapability.reject(o);s.isCancelled=!0;delete this.streamSinks[t];break;default:throw new Error("Unexpected stream case")}}async#et(e,t){await Promise.allSettled([e.startCall?.promise,e.pullCall?.promise,e.cancelCall?.promise]);delete this.streamControllers[t]}destroy(){this.#Je?.abort();this.#Je=null}}async function writeObject(e,t,a,{encrypt:r=null}){const i=r?.createCipherTransform(e.num,e.gen);a.push(`${e.num} ${e.gen} obj\n`);t instanceof Dict?await writeDict(t,a,i):t instanceof BaseStream?await writeStream(t,a,i):(Array.isArray(t)||ArrayBuffer.isView(t))&&await writeArray(t,a,i);a.push("\nendobj\n")}async function writeDict(e,t,a){t.push("<<");for(const r of e.getKeys()){t.push(` /${escapePDFName(r)} `);await writeValue(e.getRaw(r),t,a)}t.push(">>")}async function writeStream(e,t,a){let r=e.getBytes();const{dict:i}=e,[n,s]=await Promise.all([i.getAsync("Filter"),i.getAsync("DecodeParms")]),o=isName(Array.isArray(n)?await i.xref.fetchIfRefAsync(n[0]):n,"FlateDecode");if(r.length>=256||o)try{const e=new CompressionStream("deflate"),t=e.writable.getWriter();await t.ready;t.write(r).then((async()=>{await t.ready;await t.close()})).catch((()=>{}));const a=await new Response(e.readable).arrayBuffer();r=new Uint8Array(a);let c,l;if(n){if(!o){c=Array.isArray(n)?[Name.get("FlateDecode"),...n]:[Name.get("FlateDecode"),n];s&&(l=Array.isArray(s)?[null,...s]:[null,s])}}else c=Name.get("FlateDecode");c&&i.set("Filter",c);l&&i.set("DecodeParms",l)}catch(e){info(`writeStream - cannot compress data: "${e}".`)}let c=bytesToString(r);a&&(c=a.encryptString(c));i.set("Length",c.length);await writeDict(i,t,a);t.push(" stream\n",c,"\nendstream")}async function writeArray(e,t,a){t.push("[");let r=!0;for(const i of e){r?r=!1:t.push(" ");await writeValue(i,t,a)}t.push("]")}async function writeValue(e,t,a){if(e instanceof Name)t.push(`/${escapePDFName(e.name)}`);else if(e instanceof Ref)t.push(`${e.num} ${e.gen} R`);else if(Array.isArray(e)||ArrayBuffer.isView(e))await writeArray(e,t,a);else if("string"==typeof e){a&&(e=a.encryptString(e));t.push(`(${escapeString(e)})`)}else"number"==typeof e?t.push(numberToString(e)):"boolean"==typeof e?t.push(e.toString()):e instanceof Dict?await writeDict(e,t,a):e instanceof BaseStream?await writeStream(e,t,a):null===e?t.push("null"):warn(`Unhandled value in writer: ${typeof e}, please file a bug.`)}function writeInt(e,t,a,r){for(let i=t+a-1;i>a-1;i--){r[i]=255&e;e>>=8}return a+t}function writeString(e,t,a){const r=e.length;for(let i=0;i1&&(n=a.documentElement.searchNode([i.at(-1)],0));n?n.childNodes=Array.isArray(r)?r.map((e=>new SimpleDOMNode("value",e))):[new SimpleDOMNode("#text",r)]:warn(`Node not found for path: ${t}`)}const r=[];a.documentElement.dump(r);return r.join("")}(r.fetchIfRef(t).getString(),a)}const i=new StringStream(e);i.dict=new Dict(r);i.dict.set("Type",Name.get("EmbeddedFile"));a.put(t,{data:i})}function getIndexes(e){const t=[];for(const{ref:a}of e)a.num===t.at(-2)+t.at(-1)?t[t.length-1]+=1:t.push(a.num,1);return t}function computeIDs(e,t,a){if(Array.isArray(t.fileIds)&&t.fileIds.length>0){const r=function computeMD5(e,t){const a=Math.floor(Date.now()/1e3),r=t.filename||"",i=[a.toString(),r,e.toString(),...t.infoMap.values()],n=Math.sumPrecise(i.map((e=>e.length))),s=new Uint8Array(n);let o=0;for(const e of i)o=writeString(e,o,s);return bytesToString(calculateMD5(s,0,s.length))}(e,t);a.set("ID",[t.fileIds[0],r])}}async function incrementalUpdate({originalData:e,xrefInfo:t,changes:a,xref:r=null,hasXfa:i=!1,xfaDatasetsRef:n=null,hasXfaDatasetsEntry:s=!1,needAppearances:o,acroFormRef:c=null,acroForm:l=null,xfaData:h=null,useXrefStream:u=!1}){await async function updateAcroform({xref:e,acroForm:t,acroFormRef:a,hasXfa:r,hasXfaDatasetsEntry:i,xfaDatasetsRef:n,needAppearances:s,changes:o}){!r||i||n||warn("XFA - Cannot save it");if(!s&&(!r||!n||i))return;const c=t.clone();if(r&&!i){const e=t.get("XFA").slice();e.splice(2,0,"datasets");e.splice(3,0,n);c.set("XFA",e)}s&&c.set("NeedAppearances",!0);o.put(a,{data:c})}({xref:r,acroForm:l,acroFormRef:c,hasXfa:i,hasXfaDatasetsEntry:s,xfaDatasetsRef:n,needAppearances:o,changes:a});i&&updateXFA({xfaData:h,xfaDatasetsRef:n,changes:a,xref:r});const d=function getTrailerDict(e,t,a){const r=new Dict(null);r.set("Prev",e.startXRef);const i=e.newRef;if(a){t.put(i,{data:""});r.set("Size",i.num+1);r.set("Type",Name.get("XRef"))}else r.set("Size",i.num);null!==e.rootRef&&r.set("Root",e.rootRef);null!==e.infoRef&&r.set("Info",e.infoRef);null!==e.encryptRef&&r.set("Encrypt",e.encryptRef);return r}(t,a,u),f=[],g=await async function writeChanges(e,t,a=[]){const r=[];for(const[i,{data:n}]of e.items())if(null!==n&&"string"!=typeof n){await writeObject(i,n,a,t);r.push({ref:i,data:a.join("")});a.length=0}else r.push({ref:i,data:n});return r.sort(((e,t)=>e.ref.num-t.ref.num))}(a,r,f);let p=e.length;const m=e.at(-1);if(10!==m&&13!==m){f.push("\n");p+=1}for(const{data:e}of g)null!==e&&f.push(e);await(u?async function getXRefStreamTable(e,t,a,r,i){const n=[];let s=0,o=0;for(const{ref:e,data:r}of a){let a;s=Math.max(s,t);if(null!==r){a=Math.min(e.gen,65535);n.push([1,t,a]);t+=r.length}else{a=Math.min(e.gen+1,65535);n.push([0,0,a])}o=Math.max(o,a)}r.set("Index",getIndexes(a));const c=[1,getSizeInBytes(s),getSizeInBytes(o)];r.set("W",c);computeIDs(t,e,r);const l=Math.sumPrecise(c),h=new Uint8Array(l*n.length),u=new Stream(h);u.dict=r;let d=0;for(const[e,t,a]of n){d=writeInt(e,c[0],d,h);d=writeInt(t,c[1],d,h);d=writeInt(a,c[2],d,h)}await writeObject(e.newRef,u,i,{});i.push("startxref\n",t.toString(),"\n%%EOF\n")}(t,p,g,d,f):async function getXRefTable(e,t,a,r,i){i.push("xref\n");const n=getIndexes(a);let s=0;for(const{ref:e,data:r}of a){if(e.num===n[s]){i.push(`${n[s]} ${n[s+1]}\n`);s+=2}if(null!==r){i.push(`${t.toString().padStart(10,"0")} ${Math.min(e.gen,65535).toString().padStart(5,"0")} n\r\n`);t+=r.length}else i.push(`0000000000 ${Math.min(e.gen+1,65535).toString().padStart(5,"0")} f\r\n`)}computeIDs(t,e,r);i.push("trailer\n");await writeDict(r,i);i.push("\nstartxref\n",t.toString(),"\n%%EOF\n")}(t,p,g,d,f));const b=e.length+Math.sumPrecise(f.map((e=>e.length))),y=new Uint8Array(b);y.set(e);let w=e.length;for(const e of f)w=writeString(e,w,y);return y}class PDFWorkerStream{constructor(e){this._msgHandler=e;this._contentLength=null;this._fullRequestReader=null;this._rangeRequestReaders=[]}getFullReader(){assert(!this._fullRequestReader,"PDFWorkerStream.getFullReader can only be called once.");this._fullRequestReader=new PDFWorkerStreamReader(this._msgHandler);return this._fullRequestReader}getRangeReader(e,t){const a=new PDFWorkerStreamRangeReader(e,t,this._msgHandler);this._rangeRequestReaders.push(a);return a}cancelAllRequests(e){this._fullRequestReader?.cancel(e);for(const t of this._rangeRequestReaders.slice(0))t.cancel(e)}}class PDFWorkerStreamReader{constructor(e){this._msgHandler=e;this.onProgress=null;this._contentLength=null;this._isRangeSupported=!1;this._isStreamingSupported=!1;const t=this._msgHandler.sendWithStream("GetReader");this._reader=t.getReader();this._headersReady=this._msgHandler.sendWithPromise("ReaderHeadersReady").then((e=>{this._isStreamingSupported=e.isStreamingSupported;this._isRangeSupported=e.isRangeSupported;this._contentLength=e.contentLength}))}get headersReady(){return this._headersReady}get contentLength(){return this._contentLength}get isStreamingSupported(){return this._isStreamingSupported}get isRangeSupported(){return this._isRangeSupported}async read(){const{value:e,done:t}=await this._reader.read();return t?{value:void 0,done:!0}:{value:e.buffer,done:!1}}cancel(e){this._reader.cancel(e)}}class PDFWorkerStreamRangeReader{constructor(e,t,a){this._msgHandler=a;this.onProgress=null;const r=this._msgHandler.sendWithStream("GetRangeReader",{begin:e,end:t});this._reader=r.getReader()}get isStreamingSupported(){return!1}async read(){const{value:e,done:t}=await this._reader.read();return t?{value:void 0,done:!0}:{value:e.buffer,done:!1}}cancel(e){this._reader.cancel(e)}}class WorkerTask{constructor(e){this.name=e;this.terminated=!1;this._capability=Promise.withResolvers()}get finished(){return this._capability.promise}finish(){this._capability.resolve()}terminate(){this.terminated=!0}ensureNotTerminated(){if(this.terminated)throw new Error("Worker task was terminated")}}class WorkerMessageHandler{static{"undefined"==typeof window&&!e&&"undefined"!=typeof self&&"function"==typeof self.postMessage&&"onmessage"in self&&this.initializeFromPort(self)}static setup(e,t){let a=!1;e.on("test",(t=>{if(!a){a=!0;e.send("test",t instanceof Uint8Array)}}));e.on("configure",(e=>{!function setVerbosityLevel(e){Number.isInteger(e)&&(da=e)}(e.verbosity)}));e.on("GetDocRequest",(e=>this.createDocumentHandler(e,t)))}static createDocumentHandler(e,t){let a,r=!1,i=null;const n=new Set,s=getVerbosityLevel(),{docId:o,apiVersion:c}=e,l="5.3.93";if(c!==l)throw new Error(`The API version "${c}" does not match the Worker version "${l}".`);const buildMsg=(e,t)=>`The \`${e}.prototype\` contains unexpected enumerable property "${t}", thus breaking e.g. \`for...in\` iteration of ${e}s.`;for(const e in{})throw new Error(buildMsg("Object",e));for(const e in[])throw new Error(buildMsg("Array",e));const h=o+"_worker";let u=new MessageHandler(h,o,t);function ensureNotTerminated(){if(r)throw new Error("Worker was terminated")}function startWorkerTask(e){n.add(e)}function finishWorkerTask(e){e.finish();n.delete(e)}async function loadDocument(e){await a.ensureDoc("checkHeader");await a.ensureDoc("parseStartXRef");await a.ensureDoc("parse",[e]);await a.ensureDoc("checkFirstPage",[e]);await a.ensureDoc("checkLastPage",[e]);const t=await a.ensureDoc("isPureXfa");if(t){const e=new WorkerTask("loadXfaResources");startWorkerTask(e);await a.ensureDoc("loadXfaResources",[u,e]);finishWorkerTask(e)}const[r,i]=await Promise.all([a.ensureDoc("numPages"),a.ensureDoc("fingerprints")]);return{numPages:r,fingerprints:i,htmlForXfa:t?await a.ensureDoc("htmlForXfa"):null}}function setupDoc(e){function onSuccess(e){ensureNotTerminated();u.send("GetDoc",{pdfInfo:e})}function onFailure(e){ensureNotTerminated();if(e instanceof PasswordException){const t=new WorkerTask(`PasswordException: response ${e.code}`);startWorkerTask(t);u.sendWithPromise("PasswordRequest",e).then((function({password:e}){finishWorkerTask(t);a.updatePassword(e);pdfManagerReady()})).catch((function(){finishWorkerTask(t);u.send("DocException",e)}))}else u.send("DocException",wrapReason(e))}function pdfManagerReady(){ensureNotTerminated();loadDocument(!1).then(onSuccess,(function(e){ensureNotTerminated();e instanceof XRefParseException?a.requestLoadedStream().then((function(){ensureNotTerminated();loadDocument(!0).then(onSuccess,onFailure)})):onFailure(e)}))}ensureNotTerminated();(async function getPdfManager({data:e,password:t,disableAutoFetch:a,rangeChunkSize:r,length:n,docBaseUrl:s,enableXfa:c,evaluatorOptions:l}){const h={source:null,disableAutoFetch:a,docBaseUrl:s,docId:o,enableXfa:c,evaluatorOptions:l,handler:u,length:n,password:t,rangeChunkSize:r};if(e){h.source=e;return new LocalPdfManager(h)}const d=new PDFWorkerStream(u),f=d.getFullReader(),g=Promise.withResolvers();let p,m=[],b=0;f.headersReady.then((function(){if(f.isRangeSupported){h.source=d;h.length=f.contentLength;h.disableAutoFetch||=f.isStreamingSupported;p=new NetworkPdfManager(h);for(const e of m)p.sendProgressiveData(e);m=[];g.resolve(p);i=null}})).catch((function(e){g.reject(e);i=null}));new Promise((function(e,t){const readChunk=function({value:e,done:a}){try{ensureNotTerminated();if(a){if(!p){const e=arrayBuffersToBytes(m);m=[];n&&e.length!==n&&warn("reported HTTP length is different from actual");h.source=e;p=new LocalPdfManager(h);g.resolve(p)}i=null;return}b+=e.byteLength;f.isStreamingSupported||u.send("DocProgress",{loaded:b,total:Math.max(b,f.contentLength||0)});p?p.sendProgressiveData(e):m.push(e);f.read().then(readChunk,t)}catch(e){t(e)}};f.read().then(readChunk,t)})).catch((function(e){g.reject(e);i=null}));i=e=>{d.cancelAllRequests(e)};return g.promise})(e).then((function(e){if(r){e.terminate(new AbortException("Worker was terminated."));throw new Error("Worker was terminated")}a=e;a.requestLoadedStream(!0).then((e=>{u.send("DataLoaded",{length:e.bytes.byteLength})}))})).then(pdfManagerReady,onFailure)}u.on("GetPage",(function(e){return a.getPage(e.pageIndex).then((function(e){return Promise.all([a.ensure(e,"rotate"),a.ensure(e,"ref"),a.ensure(e,"userUnit"),a.ensure(e,"view")]).then((function([e,t,a,r]){return{rotate:e,ref:t,refStr:t?.toString()??null,userUnit:a,view:r}}))}))}));u.on("GetPageIndex",(function(e){const t=Ref.get(e.num,e.gen);return a.ensureCatalog("getPageIndex",[t])}));u.on("GetDestinations",(function(e){return a.ensureCatalog("destinations")}));u.on("GetDestination",(function(e){return a.ensureCatalog("getDestination",[e.id])}));u.on("GetPageLabels",(function(e){return a.ensureCatalog("pageLabels")}));u.on("GetPageLayout",(function(e){return a.ensureCatalog("pageLayout")}));u.on("GetPageMode",(function(e){return a.ensureCatalog("pageMode")}));u.on("GetViewerPreferences",(function(e){return a.ensureCatalog("viewerPreferences")}));u.on("GetOpenAction",(function(e){return a.ensureCatalog("openAction")}));u.on("GetAttachments",(function(e){return a.ensureCatalog("attachments")}));u.on("GetDocJSActions",(function(e){return a.ensureCatalog("jsActions")}));u.on("GetPageJSActions",(function({pageIndex:e}){return a.getPage(e).then((e=>a.ensure(e,"jsActions")))}));u.on("GetOutline",(function(e){return a.ensureCatalog("documentOutline")}));u.on("GetOptionalContentConfig",(function(e){return a.ensureCatalog("optionalContentConfig")}));u.on("GetPermissions",(function(e){return a.ensureCatalog("permissions")}));u.on("GetMetadata",(function(e){return Promise.all([a.ensureDoc("documentInfo"),a.ensureCatalog("metadata")])}));u.on("GetMarkInfo",(function(e){return a.ensureCatalog("markInfo")}));u.on("GetData",(function(e){return a.requestLoadedStream().then((e=>e.bytes))}));u.on("GetAnnotations",(function({pageIndex:e,intent:t}){return a.getPage(e).then((function(a){const r=new WorkerTask(`GetAnnotations: page ${e}`);startWorkerTask(r);return a.getAnnotationsData(u,r,t).then((e=>{finishWorkerTask(r);return e}),(e=>{finishWorkerTask(r);throw e}))}))}));u.on("GetFieldObjects",(function(e){return a.ensureDoc("fieldObjects").then((e=>e?.allFields||null))}));u.on("HasJSActions",(function(e){return a.ensureDoc("hasJSActions")}));u.on("GetCalculationOrderIds",(function(e){return a.ensureDoc("calculationOrderIds")}));u.on("SaveDocument",(async function({isPureXfa:e,numPages:t,annotationStorage:r,filename:i}){const n=[a.requestLoadedStream(),a.ensureCatalog("acroForm"),a.ensureCatalog("acroFormRef"),a.ensureDoc("startXRef"),a.ensureDoc("xref"),a.ensureDoc("linearization"),a.ensureCatalog("structTreeRoot")],s=new RefSetCache,o=[],c=e?null:getNewAnnotationsMap(r),[l,h,d,f,g,p,m]=await Promise.all(n),b=g.trailer.getRaw("Root")||null;let y;if(c){m?await m.canUpdateStructTree({pdfManager:a,newAnnotationsByPage:c})&&(y=m):await StructTreeRoot.canCreateStructureTree({catalogRef:b,pdfManager:a,newAnnotationsByPage:c})&&(y=null);const e=AnnotationFactory.generateImages(r.values(),g,a.evaluatorOptions.isOffscreenCanvasSupported),t=void 0===y?o:[];for(const[r,i]of c)t.push(a.getPage(r).then((t=>{const a=new WorkerTask(`Save (editor): page ${r}`);startWorkerTask(a);return t.saveNewAnnotations(u,a,i,e,s).finally((function(){finishWorkerTask(a)}))})));null===y?o.push(Promise.all(t).then((async()=>{await StructTreeRoot.createStructureTree({newAnnotationsByPage:c,xref:g,catalogRef:b,pdfManager:a,changes:s})}))):y&&o.push(Promise.all(t).then((async()=>{await y.updateStructureTree({newAnnotationsByPage:c,pdfManager:a,changes:s})})))}if(e)o.push(a.ensureDoc("serializeXfaData",[r]));else for(let e=0;ee.needAppearances)),k=h instanceof Dict&&h.get("XFA")||null;let C=null,v=!1;if(Array.isArray(k)){for(let e=0,t=k.length;e{g.resetNewTemporaryRef()}))}));u.on("GetOperatorList",(function(e,t){const r=e.pageIndex;a.getPage(r).then((function(a){const i=new WorkerTask(`GetOperatorList: page ${r}`);startWorkerTask(i);const n=s>=ke?Date.now():0;a.getOperatorList({handler:u,sink:t,task:i,intent:e.intent,cacheKey:e.cacheKey,annotationStorage:e.annotationStorage,modifiedIds:e.modifiedIds}).then((function(e){finishWorkerTask(i);n&&info(`page=${r+1} - getOperatorList: time=${Date.now()-n}ms, len=${e.length}`);t.close()}),(function(e){finishWorkerTask(i);i.terminated||t.error(e)}))}))}));u.on("GetTextContent",(function(e,t){const{pageIndex:r,includeMarkedContent:i,disableNormalization:n}=e;a.getPage(r).then((function(e){const a=new WorkerTask("GetTextContent: page "+r);startWorkerTask(a);const o=s>=ke?Date.now():0;e.extractTextContent({handler:u,task:a,sink:t,includeMarkedContent:i,disableNormalization:n}).then((function(){finishWorkerTask(a);o&&info(`page=${r+1} - getTextContent: time=`+(Date.now()-o)+"ms");t.close()}),(function(e){finishWorkerTask(a);a.terminated||t.error(e)}))}))}));u.on("GetStructTree",(function(e){return a.getPage(e.pageIndex).then((e=>a.ensure(e,"getStructTree")))}));u.on("FontFallback",(function(e){return a.fontFallback(e.id,u)}));u.on("Cleanup",(function(e){return a.cleanup(!0)}));u.on("Terminate",(function(e){r=!0;const t=[];if(a){a.terminate(new AbortException("Worker was terminated."));const e=a.cleanup();t.push(e);a=null}else clearGlobalCaches();i?.(new AbortException("Worker was terminated."));for(const e of n){t.push(e.finished);e.terminate()}return Promise.all(t).then((function(){u.destroy();u=null}))}));u.on("Ready",(function(t){setupDoc(e);e=null}));return h}static initializeFromPort(e){const t=new MessageHandler("worker","main",e);this.setup(t,e);t.send("ready",null)}}globalThis.pdfjsWorker={WorkerMessageHandler};export{WorkerMessageHandler}; \ No newline at end of file diff --git a/scripts/enable-ssl.sh b/scripts/enable-ssl.sh new file mode 100644 index 00000000..9f2f7e5d --- /dev/null +++ b/scripts/enable-ssl.sh @@ -0,0 +1,176 @@ +#!/bin/bash + +# Termix SSL Quick Setup Script +# Enables HTTPS/WSS with one command + +set -e + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +CYAN='\033[0;36m' +NC='\033[0m' # No Color + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" +ENV_FILE="$PROJECT_ROOT/.env" + +log_info() { + echo -e "${BLUE}[SSL Setup]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SSL Setup]${NC} $1" +} + +log_warn() { + echo -e "${YELLOW}[SSL Setup]${NC} $1" +} + +log_error() { + echo -e "${RED}[SSL Setup]${NC} $1" +} + +log_header() { + echo -e "${CYAN}$1${NC}" +} + +print_banner() { + echo "" + echo "==============================================" + log_header "🔒 Termix SSL Quick Setup" + echo "==============================================" + echo "" + log_info "This script will:" + echo " ✅ Generate SSL certificates automatically" + echo " ✅ Create/update .env configuration" + echo " ✅ Enable HTTPS/WSS support" + echo " ✅ Generate security keys" + echo "" +} + +generate_keys() { + log_info "🔑 Generating security keys..." + + # Generate JWT secret + JWT_SECRET=$(openssl rand -hex 32) + log_success "Generated JWT secret" + + # Generate database key + DATABASE_KEY=$(openssl rand -hex 32) + log_success "Generated database encryption key" + + echo "JWT_SECRET=$JWT_SECRET" >> "$ENV_FILE" + echo "DATABASE_KEY=$DATABASE_KEY" >> "$ENV_FILE" + + log_success "Security keys added to .env file" +} + +setup_env_file() { + log_info "📝 Setting up environment configuration..." + + if [[ -f "$ENV_FILE" ]]; then + log_warn "⚠️ .env file already exists, creating backup..." + cp "$ENV_FILE" "$ENV_FILE.backup.$(date +%s)" + fi + + # Create or update .env file + cat > "$ENV_FILE" << EOF +# Termix SSL Configuration - Auto-generated $(date) + +# SSL/TLS Configuration +ENABLE_SSL=true +SSL_PORT=8443 +SSL_DOMAIN=localhost +PORT=8080 + +# Node environment +NODE_ENV=production + +# CORS configuration +ALLOWED_ORIGINS=* + +# Database encryption +DATABASE_ENCRYPTION=true + +EOF + + # Add security keys + generate_keys + + log_success "Environment configuration created at $ENV_FILE" +} + +setup_ssl_certificates() { + log_info "🔐 Setting up SSL certificates..." + + # Run SSL setup script + if [[ -f "$SCRIPT_DIR/setup-ssl.sh" ]]; then + bash "$SCRIPT_DIR/setup-ssl.sh" + else + log_error "❌ SSL setup script not found at $SCRIPT_DIR/setup-ssl.sh" + exit 1 + fi +} + +show_next_steps() { + echo "" + log_header "🚀 SSL Setup Complete!" + echo "" + log_success "Your Termix instance is now configured for HTTPS/WSS!" + echo "" + echo "Next steps:" + echo "" + echo "1. 🐳 Using Docker:" + echo " docker-compose -f docker-compose.ssl.yml up" + echo "" + echo "2. 📦 Using npm:" + echo " npm start" + echo "" + echo "3. 🌐 Access your application:" + echo " • HTTPS: https://localhost:8443" + echo " • HTTP: http://localhost:8080 (redirects to HTTPS)" + echo "" + echo "4. 📱 WebSocket connections will automatically use WSS" + echo "" + log_warn "⚠️ Browser Warning: Self-signed certificates will show security warnings" + echo "" + echo "For production deployment:" + echo "• Replace self-signed certificates with CA-signed certificates" + echo "• Update SSL_DOMAIN in .env to your actual domain" + echo "• Set proper ALLOWED_ORIGINS for CORS" + echo "" + + # Show generated keys + if [[ -f "$ENV_FILE" ]]; then + echo "Generated security keys (keep these secure!):" + echo "• JWT_SECRET: $(grep JWT_SECRET "$ENV_FILE" | cut -d= -f2)" + echo "• DATABASE_KEY: $(grep DATABASE_KEY "$ENV_FILE" | cut -d= -f2)" + echo "" + fi +} + +# Main execution +main() { + print_banner + + # Check prerequisites + if ! command -v openssl &> /dev/null; then + log_error "❌ OpenSSL is not installed. Please install OpenSSL first." + exit 1 + fi + + # Setup environment + setup_env_file + + # Setup SSL certificates + setup_ssl_certificates + + # Show completion message + show_next_steps +} + +# Run main function +main "$@" \ No newline at end of file diff --git a/scripts/setup-ssl.sh b/scripts/setup-ssl.sh new file mode 100644 index 00000000..87bbd155 --- /dev/null +++ b/scripts/setup-ssl.sh @@ -0,0 +1,195 @@ +#!/bin/bash + +# Termix SSL Certificate Auto-Setup Script +# Linus principle: Simple, automatic, works everywhere + +set -e + +# Configuration +SSL_DIR="$(dirname "$0")/../ssl" +CERT_FILE="$SSL_DIR/termix.crt" +KEY_FILE="$SSL_DIR/termix.key" +DAYS_VALID=365 + +# Default domain - can be overridden by environment variable +DOMAIN=${SSL_DOMAIN:-"localhost"} +ALT_NAMES=${SSL_ALT_NAMES:-"DNS:localhost,DNS:127.0.0.1,DNS:*.localhost,IP:127.0.0.1"} + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +log_info() { + echo -e "${BLUE}[SSL Setup]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SSL Setup]${NC} $1" +} + +log_warn() { + echo -e "${YELLOW}[SSL Setup]${NC} $1" +} + +log_error() { + echo -e "${RED}[SSL Setup]${NC} $1" +} + +# Check if certificate exists and is still valid +check_existing_cert() { + if [[ -f "$CERT_FILE" && -f "$KEY_FILE" ]]; then + # Check if certificate is still valid for at least 30 days + if openssl x509 -in "$CERT_FILE" -checkend 2592000 -noout 2>/dev/null; then + log_success "✅ Valid SSL certificate already exists" + log_info "Certificate: $CERT_FILE" + log_info "Private Key: $KEY_FILE" + + # Show certificate info + local expiry=$(openssl x509 -in "$CERT_FILE" -noout -enddate 2>/dev/null | cut -d= -f2) + log_info "Expires: $expiry" + return 0 + else + log_warn "⚠️ Existing certificate is expired or expiring soon" + fi + fi + return 1 +} + +# Generate self-signed certificate +generate_certificate() { + log_info "🔐 Generating new SSL certificate for domain: $DOMAIN" + + # Create SSL directory if it doesn't exist + mkdir -p "$SSL_DIR" + + # Create OpenSSL config for SAN (Subject Alternative Names) + local config_file="$SSL_DIR/openssl.conf" + cat > "$config_file" << EOF +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn +req_extensions = v3_req + +[dn] +C=US +ST=State +L=City +O=Termix +OU=IT Department +CN=$DOMAIN + +[v3_req] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +DNS.2 = 127.0.0.1 +DNS.3 = *.localhost +IP.1 = 127.0.0.1 +EOF + + # Add custom alt names if provided + if [[ -n "$SSL_ALT_NAMES" ]]; then + local counter=2 + IFS=',' read -ra NAMES <<< "$SSL_ALT_NAMES" + for name in "${NAMES[@]}"; do + name=$(echo "$name" | xargs) # trim whitespace + if [[ "$name" == DNS:* ]]; then + echo "DNS.$((counter++)) = ${name#DNS:}" >> "$config_file" + elif [[ "$name" == IP:* ]]; then + echo "IP.$((counter++)) = ${name#IP:}" >> "$config_file" + fi + done + fi + + # Generate private key + log_info "📝 Generating private key..." + openssl genrsa -out "$KEY_FILE" 2048 + + # Generate certificate + log_info "📄 Generating certificate..." + openssl req -new -x509 -key "$KEY_FILE" -out "$CERT_FILE" -days $DAYS_VALID -config "$config_file" -extensions v3_req + + # Set proper permissions + chmod 600 "$KEY_FILE" + chmod 644 "$CERT_FILE" + + # Clean up temp config + rm -f "$config_file" + + log_success "✅ SSL certificate generated successfully" + log_info "Certificate: $CERT_FILE" + log_info "Private Key: $KEY_FILE" + log_info "Valid for: $DAYS_VALID days" +} + +# Show certificate information +show_certificate_info() { + if [[ -f "$CERT_FILE" ]]; then + echo "" + log_info "📋 Certificate Information:" + openssl x509 -in "$CERT_FILE" -noout -subject -issuer -dates + + echo "" + log_info "🌐 Subject Alternative Names:" + openssl x509 -in "$CERT_FILE" -noout -text | grep -A1 "Subject Alternative Name" | tail -1 | sed 's/^[[:space:]]*//' + fi +} + +# Main execution +main() { + echo "" + echo "==============================================" + echo "🔒 Termix SSL Certificate Auto-Setup" + echo "==============================================" + echo "" + + log_info "Target domain: $DOMAIN" + log_info "SSL directory: $SSL_DIR" + + # Check if OpenSSL is available + if ! command -v openssl &> /dev/null; then + log_error "❌ OpenSSL is not installed. Please install OpenSSL first." + exit 1 + fi + + # Check existing certificate + if check_existing_cert; then + show_certificate_info + echo "" + log_info "🚀 SSL setup complete - ready for HTTPS/WSS!" + echo "" + echo "To use the certificate:" + echo " - Nginx SSL cert: $CERT_FILE" + echo " - Nginx SSL key: $KEY_FILE" + echo "" + return 0 + fi + + # Generate new certificate + generate_certificate + show_certificate_info + + echo "" + log_success "🚀 SSL setup complete - ready for HTTPS/WSS!" + echo "" + echo "Next steps:" + echo " 1. Update your Nginx configuration to use these certificates" + echo " 2. Restart Nginx to enable HTTPS/WSS" + echo " 3. Access your application via https://localhost" + echo "" + + # Security note for self-signed certificates + log_warn "⚠️ Note: Self-signed certificates will show browser warnings" + log_info "💡 For production, consider using Let's Encrypt or a commercial CA" +} + +# Run main function +main "$@" \ No newline at end of file diff --git a/src/backend/database/database.ts b/src/backend/database/database.ts index b877de0f..edc7564f 100644 --- a/src/backend/database/database.ts +++ b/src/backend/database/database.ts @@ -9,18 +9,35 @@ import cors from "cors"; import fetch from "node-fetch"; import fs from "fs"; import path from "path"; +import os from "os"; import "dotenv/config"; import { databaseLogger, apiLogger } from "../utils/logger.js"; -import { DatabaseEncryption } from "../utils/database-encryption.js"; -import { EncryptionMigration } from "../utils/encryption-migration.js"; -import { DatabaseMigration } from "../utils/database-migration.js"; -import { DatabaseSQLiteExport } from "../utils/database-sqlite-export.js"; +import { AuthManager } from "../utils/auth-manager.js"; +import { DataCrypto } from "../utils/data-crypto.js"; import { DatabaseFileEncryption } from "../utils/database-file-encryption.js"; +import { DatabaseMigration } from "../utils/database-migration.js"; +import { UserDataExport } from "../utils/user-data-export.js"; +import { UserDataImport } from "../utils/user-data-import.js"; +import https from "https"; +import { AutoSSLSetup } from "../utils/auto-ssl-setup.js"; +import { eq, and } from "drizzle-orm"; +import { users, sshData, sshCredentials, fileManagerRecent, fileManagerPinned, fileManagerShortcuts, dismissedAlerts, sshCredentialUsage, settings } from "./db/schema.js"; +import { getDb } from "./db/index.js"; +import Database from "better-sqlite3"; const app = express(); + +// Configure trust proxy to properly detect real client IP behind reverse proxy (nginx) +app.set('trust proxy', true); + +// Initialize auth middleware +const authManager = AuthManager.getInstance(); +const authenticateJWT = authManager.createAuthMiddleware(); +const requireAdmin = authManager.createAdminMiddleware(); app.use( cors({ origin: "*", + credentials: true, methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], allowedHeaders: [ "Content-Type", @@ -46,7 +63,7 @@ const storage = multer.diskStorage({ const upload = multer({ storage: storage, limits: { - fileSize: 100 * 1024 * 1024, // 100MB limit + fileSize: 1024 * 1024 * 1024, // 1GB limit for database operations }, fileFilter: (req, file, cb) => { // Allow SQLite files @@ -169,7 +186,7 @@ app.get("/health", (req, res) => { res.json({ status: "ok" }); }); -app.get("/version", async (req, res) => { +app.get("/version", authenticateJWT, async (req, res) => { let localVersion = process.env.VERSION; if (!localVersion) { @@ -235,7 +252,7 @@ app.get("/version", async (req, res) => { } }); -app.get("/releases/rss", async (req, res) => { +app.get("/releases/rss", authenticateJWT, async (req, res) => { try { const page = parseInt(req.query.page as string) || 1; const per_page = Math.min( @@ -291,303 +308,899 @@ app.get("/releases/rss", async (req, res) => { } }); -app.get("/encryption/status", async (req, res) => { +app.get("/encryption/status", requireAdmin, async (req, res) => { try { - const detailedStatus = await DatabaseEncryption.getDetailedStatus(); - const migrationStatus = await EncryptionMigration.checkMigrationStatus(); + const authManager = AuthManager.getInstance(); + // Simplified status for new architecture + const securityStatus = { + initialized: true, + system: { hasSecret: true, isValid: true }, + activeSessions: {}, + activeSessionCount: 0 + }; res.json({ - encryption: detailedStatus, - migration: migrationStatus, + security: securityStatus, + version: "v2-kek-dek", }); } catch (error) { - apiLogger.error("Failed to get encryption status", error, { - operation: "encryption_status", + apiLogger.error("Failed to get security status", error, { + operation: "security_status", }); - res.status(500).json({ error: "Failed to get encryption status" }); + res.status(500).json({ error: "Failed to get security status" }); } }); -app.post("/encryption/initialize", async (req, res) => { +app.post("/encryption/initialize", requireAdmin, async (req, res) => { try { - const { EncryptionKeyManager } = await import( - "../utils/encryption-key-manager.js" - ); - const keyManager = EncryptionKeyManager.getInstance(); + const authManager = AuthManager.getInstance(); - const newKey = await keyManager.generateNewKey(); - await DatabaseEncryption.initialize({ masterPassword: newKey }); + // New system auto-initializes, no manual initialization needed + const isValid = true; // Simplified validation for new architecture + if (!isValid) { + await authManager.initialize(); + } - apiLogger.info("Encryption initialized via API", { - operation: "encryption_init_api", + apiLogger.info("Security system initialized via API", { + operation: "security_init_api", }); res.json({ success: true, - message: "Encryption initialized successfully", - keyPreview: newKey.substring(0, 8) + "...", + message: "Security system initialized successfully", + version: "v2-kek-dek", + note: "User data encryption will be set up when users log in", }); } catch (error) { - apiLogger.error("Failed to initialize encryption", error, { - operation: "encryption_init_api_failed", + apiLogger.error("Failed to initialize security system", error, { + operation: "security_init_api_failed", }); - res.status(500).json({ error: "Failed to initialize encryption" }); + res.status(500).json({ error: "Failed to initialize security system" }); } }); -app.post("/encryption/migrate", async (req, res) => { - try { - const { dryRun = false } = req.body; - const migration = new EncryptionMigration({ - dryRun, - backupEnabled: true, +app.post("/encryption/regenerate", requireAdmin, async (req, res) => { + try { + const authManager = AuthManager.getInstance(); + + // In new system, only JWT keys can be regenerated + // User data keys are protected by passwords and cannot be regenerated at will + // JWT regeneration will be implemented in SystemKeyManager + const newJWTSecret = "jwt-regeneration-placeholder"; + + apiLogger.warn("System JWT secret regenerated via API", { + operation: "jwt_regenerate_api", }); - if (dryRun) { - apiLogger.info("Starting encryption migration (dry run)", { - operation: "encryption_migrate_dry_run", - }); + res.json({ + success: true, + message: "System JWT secret regenerated", + warning: "All existing JWT tokens are now invalid - users must re-authenticate", + note: "User data encryption keys are protected by passwords and cannot be regenerated", + }); + } catch (error) { + apiLogger.error("Failed to regenerate JWT secret", error, { + operation: "jwt_regenerate_failed", + }); + res.status(500).json({ error: "Failed to regenerate JWT secret" }); + } +}); - res.json({ - success: true, - message: "Dry run mode - no changes made", - dryRun: true, - }); - } else { - apiLogger.info("Starting encryption migration", { - operation: "encryption_migrate", - }); +app.post("/encryption/regenerate-jwt", requireAdmin, async (req, res) => { + try { + const authManager = AuthManager.getInstance(); + // JWT regeneration moved to SystemKeyManager directly + // await authManager.regenerateJWTSecret(); - await migration.runMigration(); + apiLogger.warn("JWT secret regenerated via API", { + operation: "jwt_secret_regenerate_api", + }); - res.json({ - success: true, - message: "Migration completed successfully", + res.json({ + success: true, + message: "New JWT secret generated", + warning: "All existing JWT tokens are now invalid - users must re-authenticate", + }); + } catch (error) { + apiLogger.error("Failed to regenerate JWT secret", error, { + operation: "jwt_secret_regenerate_failed", + }); + res.status(500).json({ error: "Failed to regenerate JWT secret" }); + } +}); + +// User data export endpoint - SQLite file download +app.post("/database/export", authenticateJWT, async (req, res) => { + try { + const userId = (req as any).userId; + const { password } = req.body; + + // Always require password for plaintext export + if (!password) { + return res.status(400).json({ + error: "Password required for export", + code: "PASSWORD_REQUIRED" }); } + + const unlocked = await authManager.authenticateUser(userId, password); + if (!unlocked) { + return res.status(401).json({ error: "Invalid password" }); + } + + apiLogger.info("Exporting user data as SQLite", { + operation: "user_data_sqlite_export_api", + userId, + }); + + // Get user data for SQLite export + const userDataKey = DataCrypto.getUserDataKey(userId); + if (!userDataKey) { + throw new Error("User data not unlocked"); + } + + // Get user info + const user = await getDb().select().from(users).where(eq(users.id, userId)); + if (!user || user.length === 0) { + throw new Error(`User not found: ${userId}`); + } + + // Create temporary SQLite database + const tempDir = path.join(os.tmpdir(), 'termix-exports'); + if (!fs.existsSync(tempDir)) { + fs.mkdirSync(tempDir, { recursive: true }); + } + + const timestamp = new Date().toISOString().replace(/[:.]/g, "-"); + const filename = `termix-export-${user[0].username}-${timestamp}.sqlite`; + const tempPath = path.join(tempDir, filename); + + // Create new SQLite database with export data + const exportDb = new Database(tempPath); + + try { + // Create all tables with complete schema + exportDb.exec(` + CREATE TABLE users ( + id TEXT PRIMARY KEY, + username TEXT NOT NULL, + password_hash TEXT NOT NULL, + is_admin INTEGER NOT NULL DEFAULT 0, + is_oidc INTEGER NOT NULL DEFAULT 0, + oidc_identifier TEXT, + client_id TEXT, + client_secret TEXT, + issuer_url TEXT, + authorization_url TEXT, + token_url TEXT, + identifier_path TEXT, + name_path TEXT, + scopes TEXT DEFAULT 'openid email profile', + totp_secret TEXT, + totp_enabled INTEGER NOT NULL DEFAULT 0, + totp_backup_codes TEXT + ); + + CREATE TABLE settings ( + key TEXT PRIMARY KEY, + value TEXT NOT NULL + ); + + CREATE TABLE ssh_data ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + name TEXT, + ip TEXT NOT NULL, + port INTEGER NOT NULL, + username TEXT NOT NULL, + folder TEXT, + tags TEXT, + pin INTEGER NOT NULL DEFAULT 0, + auth_type TEXT NOT NULL, + password TEXT, + key TEXT, + key_password TEXT, + key_type TEXT, + autostart_password TEXT, + autostart_key TEXT, + autostart_key_password TEXT, + credential_id INTEGER, + enable_terminal INTEGER NOT NULL DEFAULT 1, + enable_tunnel INTEGER NOT NULL DEFAULT 1, + tunnel_connections TEXT, + enable_file_manager INTEGER NOT NULL DEFAULT 1, + default_path TEXT, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP + ); + + CREATE TABLE ssh_credentials ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + name TEXT NOT NULL, + description TEXT, + folder TEXT, + tags TEXT, + auth_type TEXT NOT NULL, + username TEXT NOT NULL, + password TEXT, + key TEXT, + private_key TEXT, + public_key TEXT, + key_password TEXT, + key_type TEXT, + detected_key_type TEXT, + usage_count INTEGER NOT NULL DEFAULT 0, + last_used TEXT, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP + ); + + CREATE TABLE file_manager_recent ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + host_id INTEGER NOT NULL, + name TEXT NOT NULL, + path TEXT NOT NULL, + last_opened TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP + ); + + CREATE TABLE file_manager_pinned ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + host_id INTEGER NOT NULL, + name TEXT NOT NULL, + path TEXT NOT NULL, + pinned_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP + ); + + CREATE TABLE file_manager_shortcuts ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + host_id INTEGER NOT NULL, + name TEXT NOT NULL, + path TEXT NOT NULL, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP + ); + + CREATE TABLE dismissed_alerts ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + alert_id TEXT NOT NULL, + dismissed_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP + ); + + CREATE TABLE ssh_credential_usage ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + credential_id INTEGER NOT NULL, + host_id INTEGER NOT NULL, + user_id TEXT NOT NULL, + used_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP + ); + `); + + // Export current user only (replace sensitive password_hash with placeholder) + const userRecord = user[0]; + const insertUser = exportDb.prepare(` + INSERT INTO users (id, username, password_hash, is_admin, is_oidc, oidc_identifier, client_id, client_secret, issuer_url, authorization_url, token_url, identifier_path, name_path, scopes, totp_secret, totp_enabled, totp_backup_codes) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + `); + insertUser.run( + userRecord.id, + userRecord.username, + "[EXPORTED_USER_NO_PASSWORD]", // Replace password hash with placeholder + userRecord.is_admin ? 1 : 0, + userRecord.is_oidc ? 1 : 0, + userRecord.oidc_identifier || null, + userRecord.client_id || null, + userRecord.client_secret || null, + userRecord.issuer_url || null, + userRecord.authorization_url || null, + userRecord.token_url || null, + userRecord.identifier_path || null, + userRecord.name_path || null, + userRecord.scopes || null, + userRecord.totp_secret || null, + userRecord.totp_enabled ? 1 : 0, + userRecord.totp_backup_codes || null + ); + + // Export SSH hosts (decrypted) + const sshHosts = await getDb().select().from(sshData).where(eq(sshData.userId, userId)); + const insertHost = exportDb.prepare(` + INSERT INTO ssh_data (id, user_id, name, ip, port, username, folder, tags, pin, auth_type, password, key, key_password, key_type, autostart_password, autostart_key, autostart_key_password, credential_id, enable_terminal, enable_tunnel, tunnel_connections, enable_file_manager, default_path, created_at, updated_at) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + `); + + for (const host of sshHosts) { + const decrypted = DataCrypto.decryptRecord("ssh_data", host, userId, userDataKey); + insertHost.run( + decrypted.id, + decrypted.userId, + decrypted.name || null, + decrypted.ip, + decrypted.port, + decrypted.username, + decrypted.folder || null, + decrypted.tags || null, + decrypted.pin ? 1 : 0, + decrypted.authType, + decrypted.password || null, + decrypted.key || null, + decrypted.keyPassword || null, + decrypted.keyType || null, + decrypted.autostartPassword || null, + decrypted.autostartKey || null, + decrypted.autostartKeyPassword || null, + decrypted.credentialId || null, + decrypted.enableTerminal ? 1 : 0, + decrypted.enableTunnel ? 1 : 0, + decrypted.tunnelConnections || null, + decrypted.enableFileManager ? 1 : 0, + decrypted.defaultPath || null, + decrypted.createdAt, + decrypted.updatedAt + ); + } + + // Export SSH credentials (decrypted) + const credentials = await getDb().select().from(sshCredentials).where(eq(sshCredentials.userId, userId)); + const insertCred = exportDb.prepare(` + INSERT INTO ssh_credentials (id, user_id, name, description, folder, tags, auth_type, username, password, key, private_key, public_key, key_password, key_type, detected_key_type, usage_count, last_used, created_at, updated_at) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + `); + + for (const cred of credentials) { + const decrypted = DataCrypto.decryptRecord("ssh_credentials", cred, userId, userDataKey); + insertCred.run( + decrypted.id, + decrypted.userId, + decrypted.name, + decrypted.description || null, + decrypted.folder || null, + decrypted.tags || null, + decrypted.authType, + decrypted.username, + decrypted.password || null, + decrypted.key || null, + decrypted.privateKey || null, + decrypted.publicKey || null, + decrypted.keyPassword || null, + decrypted.keyType || null, + decrypted.detectedKeyType || null, + decrypted.usageCount || 0, + decrypted.lastUsed || null, + decrypted.createdAt, + decrypted.updatedAt + ); + } + + // Export file manager data + const [recentFiles, pinnedFiles, shortcuts] = await Promise.all([ + getDb().select().from(fileManagerRecent).where(eq(fileManagerRecent.userId, userId)), + getDb().select().from(fileManagerPinned).where(eq(fileManagerPinned.userId, userId)), + getDb().select().from(fileManagerShortcuts).where(eq(fileManagerShortcuts.userId, userId)) + ]); + + // File manager recent + const insertRecent = exportDb.prepare(` + INSERT INTO file_manager_recent (id, user_id, host_id, name, path, last_opened) + VALUES (?, ?, ?, ?, ?, ?) + `); + for (const item of recentFiles) { + insertRecent.run(item.id, item.userId, item.hostId, item.name, item.path, item.lastOpened); + } + + // File manager pinned + const insertPinned = exportDb.prepare(` + INSERT INTO file_manager_pinned (id, user_id, host_id, name, path, pinned_at) + VALUES (?, ?, ?, ?, ?, ?) + `); + for (const item of pinnedFiles) { + insertPinned.run(item.id, item.userId, item.hostId, item.name, item.path, item.pinnedAt); + } + + // File manager shortcuts + const insertShortcut = exportDb.prepare(` + INSERT INTO file_manager_shortcuts (id, user_id, host_id, name, path, created_at) + VALUES (?, ?, ?, ?, ?, ?) + `); + for (const item of shortcuts) { + insertShortcut.run(item.id, item.userId, item.hostId, item.name, item.path, item.createdAt); + } + + // Export dismissed alerts + const alerts = await getDb().select().from(dismissedAlerts).where(eq(dismissedAlerts.userId, userId)); + const insertAlert = exportDb.prepare(` + INSERT INTO dismissed_alerts (id, user_id, alert_id, dismissed_at) + VALUES (?, ?, ?, ?) + `); + for (const alert of alerts) { + insertAlert.run(alert.id, alert.userId, alert.alertId, alert.dismissedAt); + } + + // Export credential usage + const usage = await getDb().select().from(sshCredentialUsage).where(eq(sshCredentialUsage.userId, userId)); + const insertUsage = exportDb.prepare(` + INSERT INTO ssh_credential_usage (id, credential_id, host_id, user_id, used_at) + VALUES (?, ?, ?, ?, ?) + `); + for (const item of usage) { + insertUsage.run(item.id, item.credentialId, item.hostId, item.userId, item.usedAt); + } + + // Export settings (including OIDC config) - only admin settings + const settingsData = await getDb().select().from(settings); + const insertSetting = exportDb.prepare(` + INSERT INTO settings (key, value) + VALUES (?, ?) + `); + for (const setting of settingsData) { + insertSetting.run(setting.key, setting.value); + } + + } finally { + exportDb.close(); + } + + // Send file as download + res.setHeader('Content-Type', 'application/x-sqlite3'); + res.setHeader('Content-Disposition', `attachment; filename="${filename}"`); + + const fileStream = fs.createReadStream(tempPath); + fileStream.pipe(res); + + fileStream.on('end', () => { + // Clean up temp file + fs.unlink(tempPath, (err) => { + if (err) { + apiLogger.warn("Failed to clean up export file", { path: tempPath }); + } + }); + }); + + apiLogger.success("User data exported as SQLite successfully", { + operation: "user_data_sqlite_export_success", + userId, + filename, + }); + } catch (error) { - apiLogger.error("Migration failed", error, { - operation: "encryption_migrate_failed", + apiLogger.error("User data SQLite export failed", error, { + operation: "user_data_sqlite_export_failed", }); res.status(500).json({ - error: "Migration failed", + error: "Failed to export user data", details: error instanceof Error ? error.message : "Unknown error", }); } }); -app.post("/encryption/regenerate", async (req, res) => { - try { - await DatabaseEncryption.reinitializeWithNewKey(); - - apiLogger.warn("Encryption key regenerated via API", { - operation: "encryption_regenerate_api", - }); - - res.json({ - success: true, - message: "New encryption key generated", - warning: "All encrypted data must be re-encrypted", - }); - } catch (error) { - apiLogger.error("Failed to regenerate encryption key", error, { - operation: "encryption_regenerate_failed", - }); - res.status(500).json({ error: "Failed to regenerate encryption key" }); - } -}); - -// Database migration and backup endpoints -app.post("/database/export", async (req, res) => { - try { - const { customPath } = req.body; - - apiLogger.info("Starting SQLite database export via API", { - operation: "database_sqlite_export_api", - customPath: !!customPath, - }); - - const exportPath = await DatabaseSQLiteExport.exportDatabase(customPath); - - res.json({ - success: true, - message: "Database exported successfully as SQLite", - exportPath, - size: fs.statSync(exportPath).size, - format: "sqlite", - }); - } catch (error) { - apiLogger.error("SQLite database export failed", error, { - operation: "database_sqlite_export_api_failed", - }); - res.status(500).json({ - error: "SQLite database export failed", - details: error instanceof Error ? error.message : "Unknown error", - }); - } -}); - -app.post("/database/import", upload.single("file"), async (req, res) => { +// User data import endpoint - SQLite incremental import +app.post("/database/import", authenticateJWT, upload.single("file"), async (req, res) => { try { if (!req.file) { return res.status(400).json({ error: "No file uploaded" }); } - const { backupCurrent = "true" } = req.body; - const backupCurrentBool = backupCurrent === "true"; - const importPath = req.file.path; + const userId = (req as any).userId; + const { password } = req.body; - apiLogger.info("Starting SQLite database import via API (additive mode)", { - operation: "database_sqlite_import_api", - importPath, - originalName: req.file.originalname, + // Always require password for import (to unlock user data for re-encryption) + if (!password) { + return res.status(400).json({ + error: "Password required for import", + code: "PASSWORD_REQUIRED" + }); + } + + const unlocked = await authManager.authenticateUser(userId, password); + if (!unlocked) { + return res.status(401).json({ error: "Invalid password" }); + } + + apiLogger.info("Importing SQLite data", { + operation: "sqlite_import_api", + userId, + filename: req.file.originalname, fileSize: req.file.size, - mode: "additive", - backupCurrent: backupCurrentBool, + mimetype: req.file.mimetype, }); - // Validate export file first - // Check file extension using original filename - if (!req.file.originalname.endsWith(".termix-export.sqlite")) { - // Clean up uploaded file - fs.unlinkSync(importPath); + // Get user data key for re-encryption + const userDataKey = DataCrypto.getUserDataKey(userId); + if (!userDataKey) { + throw new Error("User data not unlocked"); + } + + // Check if file exists and is readable + if (!fs.existsSync(req.file.path)) { return res.status(400).json({ - error: "Invalid SQLite export file", - details: ["File must have .termix-export.sqlite extension"], + error: "Uploaded file not found", + details: "File was not properly uploaded" }); } - const validation = DatabaseSQLiteExport.validateExportFile(importPath); - if (!validation.valid) { - // Clean up uploaded file - fs.unlinkSync(importPath); + // Read first few bytes to check if it's a SQLite file + const fileHeader = Buffer.alloc(16); + const fd = fs.openSync(req.file.path, 'r'); + fs.readSync(fd, fileHeader, 0, 16, 0); + fs.closeSync(fd); + + const sqliteHeader = "SQLite format 3"; + if (fileHeader.toString('utf8', 0, 15) !== sqliteHeader) { return res.status(400).json({ - error: "Invalid SQLite export file", - details: validation.errors, + error: "Invalid file format - not a SQLite database", + details: `Expected SQLite file, got file starting with: ${fileHeader.toString('utf8', 0, 15)}` }); } - const result = await DatabaseSQLiteExport.importDatabase(importPath, { - replaceExisting: false, // Always use additive mode - backupCurrent: backupCurrentBool, - }); + // Read SQLite file + let importDb; + try { + importDb = new Database(req.file.path, { readonly: true }); + + // Test if we can query the database + const tables = importDb.prepare("SELECT name FROM sqlite_master WHERE type='table'").all(); + apiLogger.info("SQLite file opened successfully", { + operation: "sqlite_file_validation", + tablesFound: tables.map(t => t.name) + }); + + } catch (sqliteError) { + return res.status(400).json({ + error: "Failed to open SQLite database", + details: sqliteError.message + }); + } + + const result = { + success: false, + summary: { + sshHostsImported: 0, + sshCredentialsImported: 0, + fileManagerItemsImported: 0, + dismissedAlertsImported: 0, + credentialUsageImported: 0, + settingsImported: 0, + skippedItems: 0, + errors: [], + }, + }; + + try { + const mainDb = getDb(); + + // Import SSH hosts (incremental - skip if exists) + try { + const importedHosts = importDb.prepare('SELECT * FROM ssh_data').all(); + for (const host of importedHosts) { + try { + // Check if host already exists (by ip, port, username combination) + const existing = await mainDb.select().from(sshData) + .where(and( + eq(sshData.userId, userId), + eq(sshData.ip, host.ip), + eq(sshData.port, host.port), + eq(sshData.username, host.username) + )); + + if (existing.length > 0) { + result.summary.skippedItems++; + continue; + } + + // Prepare data for encryption and insert + const hostData = { + userId: userId, // Always use current user + name: host.name, + ip: host.ip, + port: host.port, + username: host.username, + folder: host.folder, + tags: host.tags, + pin: Boolean(host.pin), + authType: host.auth_type, + password: host.password, + key: host.key, + keyPassword: host.key_password, + keyType: host.key_type, + autostartPassword: host.autostart_password, + autostartKey: host.autostart_key, + autostartKeyPassword: host.autostart_key_password, + credentialId: null, // Reset credential references during import - user can reassign + enableTerminal: Boolean(host.enable_terminal), + enableTunnel: Boolean(host.enable_tunnel), + tunnelConnections: host.tunnel_connections, + enableFileManager: Boolean(host.enable_file_manager), + defaultPath: host.default_path, + createdAt: host.created_at || new Date().toISOString(), + updatedAt: new Date().toISOString(), + }; + + // Encrypt and insert + const encrypted = DataCrypto.encryptRecord("ssh_data", hostData, userId, userDataKey); + await mainDb.insert(sshData).values(encrypted); + result.summary.sshHostsImported++; + } catch (hostError) { + result.summary.errors.push(`SSH host import error: ${hostError.message}`); + } + } + } catch (tableError) { + // Table doesn't exist in import file, skip + apiLogger.info("ssh_data table not found in import file, skipping"); + } + + // Import SSH credentials (incremental - skip if exists) + try { + const importedCreds = importDb.prepare('SELECT * FROM ssh_credentials').all(); + for (const cred of importedCreds) { + try { + // Check if credential already exists (by name and username combination) + const existing = await mainDb.select().from(sshCredentials) + .where(and( + eq(sshCredentials.userId, userId), + eq(sshCredentials.name, cred.name), + eq(sshCredentials.username, cred.username) + )); + + if (existing.length > 0) { + result.summary.skippedItems++; + continue; + } + + // Prepare data for encryption and insert + const credData = { + userId: userId, // Always use current user + name: cred.name, + description: cred.description, + folder: cred.folder, + tags: cred.tags, + authType: cred.auth_type, + username: cred.username, + password: cred.password, + key: cred.key, + privateKey: cred.private_key, + publicKey: cred.public_key, + keyPassword: cred.key_password, + keyType: cred.key_type, + detectedKeyType: cred.detected_key_type, + usageCount: cred.usage_count || 0, + lastUsed: cred.last_used, + createdAt: cred.created_at || new Date().toISOString(), + updatedAt: new Date().toISOString(), + }; + + // Encrypt and insert + const encrypted = DataCrypto.encryptRecord("ssh_credentials", credData, userId, userDataKey); + await mainDb.insert(sshCredentials).values(encrypted); + result.summary.sshCredentialsImported++; + } catch (credError) { + result.summary.errors.push(`SSH credential import error: ${credError.message}`); + } + } + } catch (tableError) { + apiLogger.info("ssh_credentials table not found in import file, skipping"); + } + + // Import file manager data (incremental) + const fileManagerTables = [ + { table: 'file_manager_recent', schema: fileManagerRecent, key: 'fileManagerItemsImported' }, + { table: 'file_manager_pinned', schema: fileManagerPinned, key: 'fileManagerItemsImported' }, + { table: 'file_manager_shortcuts', schema: fileManagerShortcuts, key: 'fileManagerItemsImported' } + ]; + + for (const { table, schema, key } of fileManagerTables) { + try { + const importedItems = importDb.prepare(`SELECT * FROM ${table}`).all(); + for (const item of importedItems) { + try { + // Check if item already exists (by path and name) + const existing = await mainDb.select().from(schema) + .where(and( + eq(schema.userId, userId), + eq(schema.path, item.path), + eq(schema.name, item.name) + )); + + if (existing.length > 0) { + result.summary.skippedItems++; + continue; + } + + // Insert without encryption (file manager data is not encrypted) + const itemData = { + userId: userId, + hostId: item.host_id, + name: item.name, + path: item.path, + ...(table === 'file_manager_recent' && { lastOpened: item.last_opened }), + ...(table === 'file_manager_pinned' && { pinnedAt: item.pinned_at }), + ...(table === 'file_manager_shortcuts' && { createdAt: item.created_at }), + }; + + await mainDb.insert(schema).values(itemData); + result.summary[key]++; + } catch (itemError) { + result.summary.errors.push(`${table} import error: ${itemError.message}`); + } + } + } catch (tableError) { + apiLogger.info(`${table} table not found in import file, skipping`); + } + } + + // Import dismissed alerts (incremental) + try { + const importedAlerts = importDb.prepare('SELECT * FROM dismissed_alerts').all(); + for (const alert of importedAlerts) { + try { + // Check if alert already dismissed + const existing = await mainDb.select().from(dismissedAlerts) + .where(and( + eq(dismissedAlerts.userId, userId), + eq(dismissedAlerts.alertId, alert.alert_id) + )); + + if (existing.length > 0) { + result.summary.skippedItems++; + continue; + } + + await mainDb.insert(dismissedAlerts).values({ + userId: userId, + alertId: alert.alert_id, + dismissedAt: alert.dismissed_at || new Date().toISOString(), + }); + result.summary.dismissedAlertsImported++; + } catch (alertError) { + result.summary.errors.push(`Dismissed alert import error: ${alertError.message}`); + } + } + } catch (tableError) { + apiLogger.info("dismissed_alerts table not found in import file, skipping"); + } + + // Import settings (including OIDC config) - only for admin users + const targetUser = await mainDb.select().from(users).where(eq(users.id, userId)); + if (targetUser.length > 0 && targetUser[0].is_admin) { + try { + const importedSettings = importDb.prepare('SELECT * FROM settings').all(); + for (const setting of importedSettings) { + try { + // Check if setting already exists + const existing = await mainDb.select().from(settings) + .where(eq(settings.key, setting.key)); + + if (existing.length > 0) { + // Update existing setting + await mainDb.update(settings) + .set({ value: setting.value }) + .where(eq(settings.key, setting.key)); + result.summary.settingsImported++; + } else { + // Insert new setting + await mainDb.insert(settings).values({ + key: setting.key, + value: setting.value + }); + result.summary.settingsImported++; + } + } catch (settingError) { + result.summary.errors.push(`Setting import error (${setting.key}): ${settingError.message}`); + } + } + } catch (tableError) { + apiLogger.info("settings table not found in import file, skipping"); + } + } else { + apiLogger.info("Settings import skipped - only admin users can import settings"); + } + + result.success = true; + + } finally { + if (importDb) { + importDb.close(); + } + } // Clean up uploaded file - fs.unlinkSync(importPath); + try { + fs.unlinkSync(req.file.path); + } catch (cleanupError) { + apiLogger.warn("Failed to clean up uploaded file", { + operation: "file_cleanup_warning", + filePath: req.file.path, + }); + } res.json({ success: result.success, - message: result.success - ? "SQLite database imported successfully" - : "SQLite database import completed with errors", - imported: result.imported, - errors: result.errors, - warnings: result.warnings, - format: "sqlite", + message: result.success ? "Incremental import completed successfully" : "Import failed", + summary: result.summary, }); + + if (result.success) { + apiLogger.success("SQLite data imported successfully", { + operation: "sqlite_import_api_success", + userId, + summary: result.summary, + }); + } + } catch (error) { // Clean up uploaded file if it exists - if (req.file?.path) { + if (req.file?.path && fs.existsSync(req.file.path)) { try { fs.unlinkSync(req.file.path); } catch (cleanupError) { - apiLogger.warn("Failed to clean up uploaded file", { - operation: "file_cleanup_failed", + apiLogger.warn("Failed to clean up uploaded file after error", { + operation: "file_cleanup_error", filePath: req.file.path, - error: - cleanupError instanceof Error - ? cleanupError.message - : "Unknown error", }); } } - apiLogger.error("SQLite database import failed", error, { - operation: "database_sqlite_import_api_failed", + apiLogger.error("SQLite import failed", error, { + operation: "sqlite_import_api_failed", + userId: (req as any).userId, }); res.status(500).json({ - error: "SQLite database import failed", + error: "Failed to import SQLite data", details: error instanceof Error ? error.message : "Unknown error", }); } }); -app.get("/database/export/:exportPath/info", async (req, res) => { +// Export preview endpoint - validate export data without downloading +app.post("/database/export/preview", authenticateJWT, async (req, res) => { try { - const { exportPath } = req.params; - const decodedPath = decodeURIComponent(exportPath); + const userId = (req as any).userId; + const { format = 'encrypted', scope = 'user_data', includeCredentials = true } = req.body; - const validation = DatabaseSQLiteExport.validateExportFile(decodedPath); - if (!validation.valid) { - return res.status(400).json({ - error: "Invalid SQLite export file", - details: validation.errors, - }); - } + apiLogger.info("Generating export preview", { + operation: "export_preview_api", + userId, + format, + scope, + includeCredentials, + }); + + // Generate export data but don't decrypt sensitive fields + const exportData = await UserDataExport.exportUserData(userId, { + format: 'encrypted', // Always encrypt preview + scope, + includeCredentials, + }); + + const stats = UserDataExport.getExportStats(exportData); res.json({ - valid: true, - metadata: validation.metadata, - format: "sqlite", + preview: true, + stats, + estimatedSize: JSON.stringify(exportData).length, + }); + + apiLogger.success("Export preview generated", { + operation: "export_preview_api_success", + userId, + totalRecords: stats.totalRecords, }); } catch (error) { - apiLogger.error("Failed to get SQLite export info", error, { - operation: "sqlite_export_info_failed", - }); - res.status(500).json({ error: "Failed to get SQLite export information" }); - } -}); - -app.post("/database/backup", async (req, res) => { - try { - const { customPath } = req.body; - - apiLogger.info("Creating encrypted database backup via API", { - operation: "database_backup_api", - }); - - // Import required modules - const { databasePaths, getMemoryDatabaseBuffer } = await import( - "./db/index.js" - ); - - // Get current in-memory database as buffer - const dbBuffer = getMemoryDatabaseBuffer(); - - // Create backup directory - const backupDir = - customPath || path.join(databasePaths.directory, "backups"); - if (!fs.existsSync(backupDir)) { - fs.mkdirSync(backupDir, { recursive: true }); - } - - // Generate backup filename with timestamp - const timestamp = new Date().toISOString().replace(/[:.]/g, "-"); - const backupFileName = `database-backup-${timestamp}.sqlite.encrypted`; - const backupPath = path.join(backupDir, backupFileName); - - // Create encrypted backup directly from memory buffer - DatabaseFileEncryption.encryptDatabaseFromBuffer(dbBuffer, backupPath); - - res.json({ - success: true, - message: "Encrypted backup created successfully", - backupPath, - size: fs.statSync(backupPath).size, - }); - } catch (error) { - apiLogger.error("Database backup failed", error, { - operation: "database_backup_api_failed", + apiLogger.error("Export preview failed", error, { + operation: "export_preview_api_failed", }); res.status(500).json({ - error: "Database backup failed", + error: "Failed to generate export preview", details: error instanceof Error ? error.message : "Unknown error", }); } }); -app.post("/database/restore", async (req, res) => { + +app.post("/database/restore", requireAdmin, async (req, res) => { try { const { backupPath, targetPath } = req.body; @@ -605,16 +1218,9 @@ app.post("/database/restore", async (req, res) => { return res.status(400).json({ error: "Invalid encrypted backup file" }); } - // Check hardware compatibility - if (!DatabaseFileEncryption.validateHardwareCompatibility(backupPath)) { - return res.status(400).json({ - error: "Hardware fingerprint mismatch", - message: - "This backup was created on different hardware and cannot be restored", - }); - } + // Hardware compatibility check removed - no longer required - const restoredPath = DatabaseFileEncryption.restoreFromEncryptedBackup( + const restoredPath = await DatabaseFileEncryption.restoreFromEncryptedBackup( backupPath, targetPath, ); @@ -657,57 +1263,220 @@ app.use( }, ); -const PORT = 8081; +const HTTP_PORT = 8081; +const HTTPS_PORT = process.env.SSL_PORT || 8443; -async function initializeEncryption() { +async function initializeSecurity() { try { - databaseLogger.info("Initializing database encryption...", { - operation: "encryption_init", + databaseLogger.info("Initializing security system (KEK-DEK architecture)...", { + operation: "security_init", }); - await DatabaseEncryption.initialize({ - encryptionEnabled: process.env.ENCRYPTION_ENABLED !== "false", - forceEncryption: process.env.FORCE_ENCRYPTION === "true", - migrateOnAccess: process.env.MIGRATE_ON_ACCESS !== "false", - }); + // Initialize simplified authentication system + const authManager = AuthManager.getInstance(); + await authManager.initialize(); - const status = await DatabaseEncryption.getDetailedStatus(); - if (status.configValid && status.key.keyValid) { - databaseLogger.success("Database encryption initialized successfully", { - operation: "encryption_init_complete", - enabled: status.enabled, - keyId: status.key.keyId, - hasStoredKey: status.key.hasKey, - }); - } else { - databaseLogger.error( - "Database encryption configuration invalid", - undefined, - { - operation: "encryption_init_failed", - status, - }, - ); + // Initialize simplified data encryption + DataCrypto.initialize(); + + // Validate security system + const isValid = true; // Simplified validation for new architecture + if (!isValid) { + throw new Error("Security system validation failed"); } - } catch (error) { - databaseLogger.error("Failed to initialize database encryption", error, { - operation: "encryption_init_error", + + const securityStatus = { + initialized: true, + system: { hasSecret: true, isValid: true }, + activeSessions: {}, + activeSessionCount: 0 + }; + databaseLogger.success("Security system initialized successfully", { + operation: "security_init_complete", + systemStatus: securityStatus.system, + initialized: securityStatus.initialized, }); + + databaseLogger.info("Security architecture: JWT (system) + KEK-DEK (users)", { + operation: "security_architecture_info", + features: [ + "System JWT keys for authentication", + "User password-derived KEK for data protection", + "Session-based data key management", + "Multi-user independent encryption" + ], + }); + + } catch (error) { + databaseLogger.error("Failed to initialize security system", error, { + operation: "security_init_error", + }); + throw error; // Security system is critical for API functionality } } -app.listen(PORT, async () => { +// Database migration status endpoint - for administrators to check migration status +app.get("/database/migration/status", authenticateJWT, requireAdmin, async (req, res) => { + try { + const dataDir = process.env.DATA_DIR || "./db/data"; + const migration = new DatabaseMigration(dataDir); + const status = migration.checkMigrationStatus(); + + apiLogger.info("Migration status requested", { + operation: "migration_status_api", + userId: (req as any).userId, + }); + + // Get migration-related files info + const dbPath = path.join(dataDir, "db.sqlite"); + const encryptedDbPath = `${dbPath}.encrypted`; + + const files = fs.readdirSync(dataDir); + const backupFiles = files.filter(f => f.includes('.migration-backup-')); + const migratedFiles = files.filter(f => f.includes('.migrated-')); + + // Get file sizes + let unencryptedSize = 0; + let encryptedSize = 0; + + if (status.hasUnencryptedDb) { + try { + unencryptedSize = fs.statSync(dbPath).size; + } catch (error) { + // File might be locked or deleted + } + } + + if (status.hasEncryptedDb) { + try { + encryptedSize = fs.statSync(encryptedDbPath).size; + } catch (error) { + // File might not exist + } + } + + res.json({ + migrationStatus: status, + files: { + unencryptedDbSize: unencryptedSize, + encryptedDbSize: encryptedSize, + backupFiles: backupFiles.length, + migratedFiles: migratedFiles.length, + }, + recommendations: getMigrationRecommendations(status), + }); + + } catch (error) { + apiLogger.error("Failed to get migration status", error, { + operation: "migration_status_api_failed", + }); + res.status(500).json({ + error: "Failed to get migration status", + details: error instanceof Error ? error.message : "Unknown error", + }); + } +}); + +// Database migration history endpoint - shows backup and migrated files +app.get("/database/migration/history", authenticateJWT, requireAdmin, async (req, res) => { + try { + const dataDir = process.env.DATA_DIR || "./db/data"; + + apiLogger.info("Migration history requested", { + operation: "migration_history_api", + userId: (req as any).userId, + }); + + const files = fs.readdirSync(dataDir); + + const backupFiles = files + .filter(f => f.includes('.migration-backup-')) + .map(f => { + const filePath = path.join(dataDir, f); + const stats = fs.statSync(filePath); + return { + name: f, + size: stats.size, + created: stats.birthtime, + modified: stats.mtime, + type: 'backup', + }; + }) + .sort((a, b) => b.modified.getTime() - a.modified.getTime()); + + const migratedFiles = files + .filter(f => f.includes('.migrated-')) + .map(f => { + const filePath = path.join(dataDir, f); + const stats = fs.statSync(filePath); + return { + name: f, + size: stats.size, + created: stats.birthtime, + modified: stats.mtime, + type: 'migrated', + }; + }) + .sort((a, b) => b.modified.getTime() - a.modified.getTime()); + + res.json({ + files: [...backupFiles, ...migratedFiles], + summary: { + totalBackups: backupFiles.length, + totalMigrated: migratedFiles.length, + oldestBackup: backupFiles.length > 0 ? backupFiles[backupFiles.length - 1].created : null, + newestBackup: backupFiles.length > 0 ? backupFiles[0].created : null, + }, + }); + + } catch (error) { + apiLogger.error("Failed to get migration history", error, { + operation: "migration_history_api_failed", + }); + res.status(500).json({ + error: "Failed to get migration history", + details: error instanceof Error ? error.message : "Unknown error", + }); + } +}); + +// Helper function to generate migration recommendations +function getMigrationRecommendations(status: any): string[] { + const recommendations: string[] = []; + + if (status.needsMigration) { + recommendations.push("Automatic migration will occur on next server restart"); + recommendations.push("Ensure DATABASE_KEY environment variable is properly set"); + recommendations.push("Consider manual backup before restart if desired"); + } else if (status.hasUnencryptedDb && status.hasEncryptedDb) { + recommendations.push("Both encrypted and unencrypted databases found"); + recommendations.push("This may indicate a previous migration was interrupted"); + recommendations.push("Manual intervention may be required"); + recommendations.push("Check logs for migration history"); + } else if (status.hasEncryptedDb && !status.hasUnencryptedDb) { + recommendations.push("Database is properly encrypted"); + recommendations.push("No action required"); + } else if (!status.hasEncryptedDb && !status.hasUnencryptedDb) { + recommendations.push("Fresh installation detected"); + recommendations.push("Database will be created encrypted on first use"); + } + + return recommendations; +} + +app.listen(HTTP_PORT, async () => { // Ensure uploads directory exists const uploadsDir = path.join(process.cwd(), "uploads"); if (!fs.existsSync(uploadsDir)) { fs.mkdirSync(uploadsDir, { recursive: true }); } - await initializeEncryption(); + await initializeSecurity(); - databaseLogger.success(`Database API server started on port ${PORT}`, { + databaseLogger.success(`Database API server started on HTTP port ${HTTP_PORT}`, { operation: "server_start", - port: PORT, + port: HTTP_PORT, + protocol: "HTTP", routes: [ "/users", "/ssh", @@ -718,13 +1487,43 @@ app.listen(PORT, async () => { "/releases/rss", "/encryption/status", "/encryption/initialize", - "/encryption/migrate", "/encryption/regenerate", "/database/export", "/database/import", "/database/export/:exportPath/info", - "/database/backup", "/database/restore", ], }); }); + +// Start HTTPS server if SSL is enabled +const sslConfig = AutoSSLSetup.getSSLConfig(); +if (sslConfig.enabled && fs.existsSync(sslConfig.certPath) && fs.existsSync(sslConfig.keyPath)) { + const httpsOptions = { + cert: fs.readFileSync(sslConfig.certPath), + key: fs.readFileSync(sslConfig.keyPath) + }; + + https.createServer(httpsOptions, app).listen(HTTPS_PORT, () => { + databaseLogger.success(`Database API server started on HTTPS port ${HTTPS_PORT}`, { + operation: "server_start", + port: HTTPS_PORT, + protocol: "HTTPS", + domain: sslConfig.domain, + routes: [ + "/users", + "/ssh", + "/alerts", + "/credentials", + "/health", + "/version", + "/releases/rss", + "/encryption/status", + "/database/export", + "/database/import", + "/database/export/:exportPath/info", + "/database/restore", + ], + }); + }); +} diff --git a/src/backend/database/db/index.ts b/src/backend/database/db/index.ts index de401ce4..91a82281 100644 --- a/src/backend/database/db/index.ts +++ b/src/backend/database/db/index.ts @@ -5,6 +5,9 @@ import fs from "fs"; import path from "path"; import { databaseLogger } from "../../utils/logger.js"; import { DatabaseFileEncryption } from "../../utils/database-file-encryption.js"; +import { SystemCrypto } from "../../utils/system-crypto.js"; +import { DatabaseMigration } from "../../utils/database-migration.js"; +import { DatabaseSaveTrigger } from "../../utils/database-save-trigger.js"; const dataDir = process.env.DATA_DIR || "./db/data"; const dbDir = path.resolve(dataDir); @@ -25,119 +28,198 @@ const encryptedDbPath = `${dbPath}.encrypted`; let actualDbPath = ":memory:"; // Always use memory database let memoryDatabase: Database.Database; let isNewDatabase = false; +let sqlite: Database.Database; // Module-level sqlite instance -if (enableFileEncryption) { - try { - // Check if encrypted database exists - if (DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath)) { - databaseLogger.info( - "Found encrypted database file, loading into memory...", - { - operation: "db_memory_load", - encryptedPath: encryptedDbPath, - }, - ); +// Async initialization function to handle SystemCrypto and DatabaseFileEncryption +async function initializeDatabaseAsync(): Promise { + // Initialize SystemCrypto database key first + databaseLogger.info("Initializing SystemCrypto database key...", { + operation: "db_init_systemcrypto", + envKeyAvailable: !!process.env.DATABASE_KEY, + envKeyLength: process.env.DATABASE_KEY?.length || 0, + }); - // Validate hardware compatibility - if ( - !DatabaseFileEncryption.validateHardwareCompatibility(encryptedDbPath) - ) { - databaseLogger.error( - "Hardware fingerprint mismatch for encrypted database", + const systemCrypto = SystemCrypto.getInstance(); + await systemCrypto.initializeDatabaseKey(); + + // Verify key is available after initialization + const dbKey = await systemCrypto.getDatabaseKey(); + databaseLogger.info("SystemCrypto database key initialized", { + operation: "db_init_systemcrypto_complete", + keyLength: dbKey.length, + keyAvailable: !!dbKey, + }); + + if (enableFileEncryption) { + try { + // Check if encrypted database exists + if (DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath)) { + databaseLogger.info( + "Found encrypted database file, loading into memory...", { - operation: "db_decrypt_failed", - reason: "hardware_mismatch", + operation: "db_memory_load", + encryptedPath: encryptedDbPath, + fileSize: fs.statSync(encryptedDbPath).size, }, ); - throw new Error( - "Cannot decrypt database: hardware fingerprint mismatch", - ); - } - // Decrypt database content to memory buffer - const decryptedBuffer = - DatabaseFileEncryption.decryptDatabaseToBuffer(encryptedDbPath); + // Decrypt database content to memory buffer (now async) + databaseLogger.info("Starting database decryption...", { + operation: "db_decrypt_start", + encryptedPath: encryptedDbPath, + }); - // Create in-memory database from decrypted buffer - memoryDatabase = new Database(decryptedBuffer); - } else { - memoryDatabase = new Database(":memory:"); - isNewDatabase = true; + const decryptedBuffer = + await DatabaseFileEncryption.decryptDatabaseToBuffer(encryptedDbPath); - // Check if there's an old unencrypted database to migrate - if (fs.existsSync(dbPath)) { - // Load old database and copy its content to memory database - const oldDb = new Database(dbPath, { readonly: true }); + databaseLogger.info("Database decryption successful", { + operation: "db_decrypt_success", + decryptedSize: decryptedBuffer.length, + isSqlite: decryptedBuffer.slice(0, 16).toString().startsWith('SQLite format 3'), + }); - // Get all table schemas and data from old database - const tables = oldDb - .prepare( - ` - SELECT name, sql FROM sqlite_master - WHERE type='table' AND name NOT LIKE 'sqlite_%' - `, - ) - .all() as { name: string; sql: string }[]; + // Create in-memory database from decrypted buffer + memoryDatabase = new Database(decryptedBuffer); - // Create tables in memory database - for (const table of tables) { - memoryDatabase.exec(table.sql); - } - - // Copy data for each table - for (const table of tables) { - const rows = oldDb.prepare(`SELECT * FROM ${table.name}`).all(); - if (rows.length > 0) { - const columns = Object.keys(rows[0]); - const placeholders = columns.map(() => "?").join(", "); - const insertStmt = memoryDatabase.prepare( - `INSERT INTO ${table.name} (${columns.join(", ")}) VALUES (${placeholders})`, - ); - - for (const row of rows) { - const values = columns.map((col) => (row as any)[col]); - insertStmt.run(values); - } - } - } - - oldDb.close(); - - isNewDatabase = false; + databaseLogger.info("In-memory database created from decrypted buffer", { + operation: "db_memory_create_success", + }); } else { + // No encrypted database exists - check if we need to migrate + const migration = new DatabaseMigration(dataDir); + const migrationStatus = migration.checkMigrationStatus(); + + databaseLogger.info("Migration status check completed", { + operation: "migration_status", + needsMigration: migrationStatus.needsMigration, + hasUnencryptedDb: migrationStatus.hasUnencryptedDb, + hasEncryptedDb: migrationStatus.hasEncryptedDb, + unencryptedDbSize: migrationStatus.unencryptedDbSize, + reason: migrationStatus.reason, + }); + + if (migrationStatus.needsMigration) { + // Perform automatic migration + databaseLogger.info("Starting automatic database migration", { + operation: "auto_migration_start", + unencryptedDbSize: migrationStatus.unencryptedDbSize, + }); + + const migrationResult = await migration.migrateDatabase(); + + if (migrationResult.success) { + databaseLogger.success("Automatic database migration completed successfully", { + operation: "auto_migration_success", + migratedTables: migrationResult.migratedTables, + migratedRows: migrationResult.migratedRows, + duration: migrationResult.duration, + backupPath: migrationResult.backupPath, + }); + + // Clean up old backup files + migration.cleanupOldBackups(); + + // Load the newly created encrypted database + if (DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath)) { + databaseLogger.info("Loading migrated encrypted database into memory", { + operation: "load_migrated_db", + encryptedPath: encryptedDbPath, + }); + + const decryptedBuffer = await DatabaseFileEncryption.decryptDatabaseToBuffer(encryptedDbPath); + memoryDatabase = new Database(decryptedBuffer); + isNewDatabase = false; // We have migrated data + + databaseLogger.success("Migrated encrypted database loaded successfully", { + operation: "load_migrated_db_success", + decryptedSize: decryptedBuffer.length, + }); + } else { + throw new Error("Migration completed but encrypted database file not found"); + } + } else { + // Migration failed - this is critical + databaseLogger.error("Automatic database migration failed", null, { + operation: "auto_migration_failed", + error: migrationResult.error, + migratedTables: migrationResult.migratedTables, + migratedRows: migrationResult.migratedRows, + duration: migrationResult.duration, + backupPath: migrationResult.backupPath, + }); + + // 🔥 CRITICAL: Migration failure with existing data + console.error("🚨 DATABASE MIGRATION FAILED - THIS IS CRITICAL!"); + console.error("Migration error:", migrationResult.error); + console.error("Backup available at:", migrationResult.backupPath); + console.error("Manual intervention required to recover data."); + + throw new Error(`Database migration failed: ${migrationResult.error}. Backup available at: ${migrationResult.backupPath}`); + } + } else { + // No migration needed - create fresh database + memoryDatabase = new Database(":memory:"); + isNewDatabase = true; + + databaseLogger.info("Creating fresh in-memory database", { + operation: "fresh_db_create", + reason: migrationStatus.reason, + }); + } } - } - } catch (error) { - databaseLogger.error("Failed to initialize memory database", error, { - operation: "db_memory_init_failed", - }); + } catch (error) { + databaseLogger.error("Failed to initialize memory database", error, { + operation: "db_memory_init_failed", + errorMessage: error instanceof Error ? error.message : "Unknown error", + errorStack: error instanceof Error ? error.stack : undefined, + encryptedDbExists: DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath), + databaseKeyAvailable: !!process.env.DATABASE_KEY, + databaseKeyLength: process.env.DATABASE_KEY?.length || 0, + }); - // If file encryption is critical, fail fast - if (process.env.DB_FILE_ENCRYPTION_REQUIRED === "true") { - throw error; - } + // 🔥 CRITICAL: Never silently ignore database decryption failures! + // This causes complete data loss for users + console.error("🚨 DATABASE DECRYPTION FAILED - THIS IS CRITICAL!"); + console.error("Error details:", error instanceof Error ? error.message : error); + console.error("Encrypted file exists:", DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath)); + console.error("DATABASE_KEY available:", !!process.env.DATABASE_KEY); + // Always fail fast on decryption errors - data integrity is critical + throw new Error(`Database decryption failed: ${error instanceof Error ? error.message : "Unknown error"}. This prevents data loss.`); + } + } else { memoryDatabase = new Database(":memory:"); isNewDatabase = true; } -} else { - memoryDatabase = new Database(":memory:"); - isNewDatabase = true; } -databaseLogger.info(`Initializing SQLite database`, { - operation: "db_init", - path: actualDbPath, - encrypted: - enableFileEncryption && - DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath), - inMemory: true, - isNewDatabase, -}); +// Main async initialization function that combines database setup with schema creation +async function initializeCompleteDatabase(): Promise { + // First initialize the database and SystemCrypto + await initializeDatabaseAsync(); -const sqlite = memoryDatabase; + databaseLogger.info(`Initializing SQLite database`, { + operation: "db_init", + path: actualDbPath, + encrypted: + enableFileEncryption && + DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath), + inMemory: true, + isNewDatabase, + }); -sqlite.exec(` + // Create module-level sqlite instance after database is initialized + sqlite = memoryDatabase; + + // Initialize drizzle ORM with the configured database + db = drizzle(sqlite, { schema }); + + databaseLogger.info("Database ORM initialized", { + operation: "drizzle_init", + tablesConfigured: Object.keys(schema).length + }); + + sqlite.exec(` CREATE TABLE IF NOT EXISTS users ( id TEXT PRIMARY KEY, username TEXT NOT NULL, @@ -256,8 +338,36 @@ sqlite.exec(` FOREIGN KEY (host_id) REFERENCES ssh_data (id), FOREIGN KEY (user_id) REFERENCES users (id) ); + `); + // Run schema migrations + migrateSchema(); + + // Initialize default settings + try { + const row = sqlite + .prepare("SELECT value FROM settings WHERE key = 'allow_registration'") + .get(); + if (!row) { + databaseLogger.info("Initializing default settings", { + operation: "db_init", + setting: "allow_registration", + }); + sqlite + .prepare( + "INSERT INTO settings (key, value) VALUES ('allow_registration', 'true')", + ) + .run(); + } + } catch (e) { + databaseLogger.warn("Could not initialize default settings", { + operation: "db_init", + error: e, + }); + } +} + const addColumnIfNotExists = ( table: string, column: string, @@ -365,11 +475,11 @@ const migrateSchema = () => { "INTEGER REFERENCES ssh_credentials(id)", ); - addColumnIfNotExists( - "ssh_data", - "require_password", - "INTEGER NOT NULL DEFAULT 1", - ); + // AutoStart plaintext columns + addColumnIfNotExists("ssh_data", "autostart_password", "TEXT"); + addColumnIfNotExists("ssh_data", "autostart_key", "TEXT"); + addColumnIfNotExists("ssh_data", "autostart_key_password", "TEXT"); + // SSH credentials table migrations for encryption support addColumnIfNotExists("ssh_credentials", "private_key", "TEXT"); @@ -385,115 +495,70 @@ const migrateSchema = () => { }); }; -const initializeDatabase = async (): Promise => { - migrateSchema(); - - try { - const row = sqlite - .prepare("SELECT value FROM settings WHERE key = 'allow_registration'") - .get(); - if (!row) { - databaseLogger.info("Initializing default settings", { - operation: "db_init", - setting: "allow_registration", - }); - sqlite - .prepare( - "INSERT INTO settings (key, value) VALUES ('allow_registration', 'true')", - ) - .run(); - } else { - } - } catch (e) { - databaseLogger.warn("Could not initialize default settings", { - operation: "db_init", - error: e, - }); - } -}; - -// Function to save in-memory database to encrypted file +// Function to save in-memory database to file (encrypted or unencrypted fallback) async function saveMemoryDatabaseToFile() { - if (!memoryDatabase || !enableFileEncryption) return; + if (!memoryDatabase) return; try { // Export in-memory database to buffer const buffer = memoryDatabase.serialize(); - // Encrypt and save to file - DatabaseFileEncryption.encryptDatabaseFromBuffer(buffer, encryptedDbPath); + // Ensure data directory exists + if (!fs.existsSync(dataDir)) { + fs.mkdirSync(dataDir, { recursive: true }); + databaseLogger.info("Created data directory", { + operation: "data_dir_create", + path: dataDir, + }); + } - databaseLogger.debug("In-memory database saved to encrypted file", { - operation: "memory_db_save", - bufferSize: buffer.length, - encryptedPath: encryptedDbPath, - }); + if (enableFileEncryption) { + // Save as encrypted file + await DatabaseFileEncryption.encryptDatabaseFromBuffer(buffer, encryptedDbPath); + + databaseLogger.debug("In-memory database saved to encrypted file", { + operation: "memory_db_save_encrypted", + bufferSize: buffer.length, + encryptedPath: encryptedDbPath, + }); + } else { + // Fallback: save as unencrypted SQLite file to prevent data loss + fs.writeFileSync(dbPath, buffer); + + databaseLogger.debug("In-memory database saved to unencrypted file", { + operation: "memory_db_save_unencrypted", + bufferSize: buffer.length, + unencryptedPath: dbPath, + warning: "File encryption disabled - data saved unencrypted", + }); + } } catch (error) { databaseLogger.error("Failed to save in-memory database", error, { operation: "memory_db_save_failed", + enableFileEncryption, }); } } -// Function to handle post-initialization file encryption and cleanup +// Function to handle post-initialization file encryption and periodic saves async function handlePostInitFileEncryption() { if (!enableFileEncryption) return; try { - // Clean up any existing unencrypted database files + // Check for any remaining unencrypted database files that may need attention if (fs.existsSync(dbPath)) { + // This could happen if migration was skipped or if there are multiple database files databaseLogger.warn( - "Found unencrypted database file, removing for security", + "Unencrypted database file still exists after initialization", { - operation: "db_security_cleanup_existing", - removingPath: dbPath, + operation: "db_security_check", + path: dbPath, + note: "This may be normal if migration was skipped for safety reasons", }, ); - try { - fs.unlinkSync(dbPath); - databaseLogger.success( - "Unencrypted database file removed for security", - { - operation: "db_security_cleanup_complete", - removedPath: dbPath, - }, - ); - } catch (error) { - databaseLogger.warn( - "Could not remove unencrypted database file (may be locked)", - { - operation: "db_security_cleanup_deferred", - path: dbPath, - error: error instanceof Error ? error.message : "Unknown error", - }, - ); - - // Try again after a short delay - setTimeout(() => { - try { - if (fs.existsSync(dbPath)) { - fs.unlinkSync(dbPath); - databaseLogger.success( - "Delayed cleanup: unencrypted database file removed", - { - operation: "db_security_cleanup_delayed_success", - removedPath: dbPath, - }, - ); - } - } catch (delayedError) { - databaseLogger.error( - "Failed to remove unencrypted database file even after delay", - delayedError, - { - operation: "db_security_cleanup_delayed_failed", - path: dbPath, - }, - ); - } - }, 2000); - } + // Don't automatically delete - let migration logic handle this + // This provides better safety and transparency } // Always save the in-memory database (whether new or existing) @@ -501,15 +566,35 @@ async function handlePostInitFileEncryption() { // Save immediately after initialization await saveMemoryDatabaseToFile(); - // Set up periodic saves every 5 minutes - setInterval(saveMemoryDatabaseToFile, 5 * 60 * 1000); + databaseLogger.info("Setting up periodic database saves", { + operation: "db_periodic_save_setup", + interval: "15 seconds", + }); + + // Set up periodic saves every 15 seconds for real-time persistence + setInterval(saveMemoryDatabaseToFile, 15 * 1000); + + // Initialize database save trigger for real-time saves + DatabaseSaveTrigger.initialize(saveMemoryDatabaseToFile); } + + // Perform migration cleanup on startup (remove old backup files) + try { + const migration = new DatabaseMigration(dataDir); + migration.cleanupOldBackups(); + } catch (cleanupError) { + databaseLogger.warn("Failed to cleanup old migration files", { + operation: "migration_cleanup_startup_failed", + error: cleanupError instanceof Error ? cleanupError.message : "Unknown error", + }); + } + } catch (error) { databaseLogger.error( - "Failed to handle database file encryption/cleanup", + "Failed to handle database file encryption setup", error, { - operation: "db_encrypt_cleanup_failed", + operation: "db_encrypt_setup_failed", }, ); @@ -517,8 +602,19 @@ async function handlePostInitFileEncryption() { } } -initializeDatabase() - .then(() => handlePostInitFileEncryption()) +// Export a promise that resolves when database is fully initialized +export const databaseReady = initializeCompleteDatabase() + .then(async () => { + await handlePostInitFileEncryption(); + + databaseLogger.success("Database connection established", { + operation: "db_init", + path: actualDbPath, + hasEncryptedBackup: + enableFileEncryption && + DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath), + }); + }) .catch((error) => { databaseLogger.error("Failed to initialize database", error, { operation: "db_init", @@ -526,14 +622,6 @@ initializeDatabase() process.exit(1); }); -databaseLogger.success("Database connection established", { - operation: "db_init", - path: actualDbPath, - hasEncryptedBackup: - enableFileEncryption && - DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath), -}); - // Cleanup function for database and temporary files async function cleanupDatabase() { // Save in-memory database before closing @@ -619,9 +707,27 @@ process.on("SIGTERM", async () => { process.exit(0); }); -// Export database connection and file encryption utilities -export const db = drizzle(sqlite, { schema }); -export const sqliteInstance = sqlite; // Export underlying SQLite instance for schema queries +// Database connection - will be initialized after database setup +let db: ReturnType>; + +// Export database connection getter function to avoid undefined access +export function getDb(): ReturnType> { + if (!db) { + throw new Error("Database not initialized. Ensure databaseReady promise is awaited before accessing db."); + } + return db; +} + +// Export raw SQLite instance for migrations +export function getSqlite(): Database.Database { + if (!sqlite) { + throw new Error("SQLite not initialized. Ensure databaseReady promise is awaited before accessing sqlite."); + } + return sqlite; +} + +// Legacy export for compatibility - will throw if accessed before initialization +export { db }; export { DatabaseFileEncryption }; export const databasePaths = { main: actualDbPath, @@ -660,3 +766,6 @@ function getMemoryDatabaseBuffer(): Buffer { // Export save function for manual saves and buffer access export { saveMemoryDatabaseToFile, getMemoryDatabaseBuffer }; + +// Export database save trigger for real-time saves +export { DatabaseSaveTrigger }; diff --git a/src/backend/database/db/old-index.ts.bak b/src/backend/database/db/old-index.ts.bak new file mode 100644 index 00000000..7098d0b4 --- /dev/null +++ b/src/backend/database/db/old-index.ts.bak @@ -0,0 +1,600 @@ +import { drizzle } from "drizzle-orm/better-sqlite3"; +import Database from "better-sqlite3"; +import * as schema from "./schema.js"; +import { databaseLogger } from "../../utils/logger.js"; +import { UserDatabaseManager } from "../../utils/user-database-manager.js"; + +// Global database manager instance +const databaseManager = UserDatabaseManager.getInstance(); + +/** + * Initialize database system - simplified for user-based architecture + */ +async function initializeDatabase(): Promise { + try { + databaseLogger.info("Initializing database system (user-based architecture)", { + operation: "db_init_v3", + }); + + // Initialize system database (unencrypted) + await databaseManager.initializeSystem(); + + databaseLogger.success("Database system initialized successfully", { + operation: "db_init_v3_success", + }); + + } catch (error) { + databaseLogger.error("Failed to initialize database system", error, { + operation: "db_init_v3_failed", + }); + throw error; + } +} + +// Export a promise that resolves when database is fully initialized +export const databaseReady = initializeDatabase() + .then(() => { + databaseLogger.success("Database system ready", { + operation: "db_ready", + architecture: "v3-user-based", + }); + }) + .catch((error) => { + databaseLogger.error("Failed to initialize database system", error, { + operation: "db_ready_failed", + }); + process.exit(1); + }); + + databaseLogger.info(`Initializing SQLite database`, { + operation: "db_init", + path: actualDbPath, + encrypted: + enableFileEncryption && + DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath), + inMemory: true, + isNewDatabase, + }); + + // Create module-level sqlite instance after database is initialized + sqlite = memoryDatabase; + + // Initialize drizzle ORM with the configured database + db = drizzle(sqlite, { schema }); + + databaseLogger.info("Database ORM initialized", { + operation: "drizzle_init", + tablesConfigured: Object.keys(schema).length + }); + + sqlite.exec(` + CREATE TABLE IF NOT EXISTS users ( + id TEXT PRIMARY KEY, + username TEXT NOT NULL, + password_hash TEXT NOT NULL, + is_admin INTEGER NOT NULL DEFAULT 0, + is_oidc INTEGER NOT NULL DEFAULT 0, + client_id TEXT NOT NULL, + client_secret TEXT NOT NULL, + issuer_url TEXT NOT NULL, + authorization_url TEXT NOT NULL, + token_url TEXT NOT NULL, + redirect_uri TEXT, + identifier_path TEXT NOT NULL, + name_path TEXT NOT NULL, + scopes TEXT NOT NULL + ); + + CREATE TABLE IF NOT EXISTS settings ( + key TEXT PRIMARY KEY, + value TEXT NOT NULL + ); + + CREATE TABLE IF NOT EXISTS ssh_data ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + name TEXT, + ip TEXT NOT NULL, + port INTEGER NOT NULL, + username TEXT NOT NULL, + folder TEXT, + tags TEXT, + pin INTEGER NOT NULL DEFAULT 0, + auth_type TEXT NOT NULL, + password TEXT, + key TEXT, + key_password TEXT, + key_type TEXT, + enable_terminal INTEGER NOT NULL DEFAULT 1, + enable_tunnel INTEGER NOT NULL DEFAULT 1, + tunnel_connections TEXT, + enable_file_manager INTEGER NOT NULL DEFAULT 1, + default_path TEXT, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users (id) + ); + + CREATE TABLE IF NOT EXISTS file_manager_recent ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + host_id INTEGER NOT NULL, + name TEXT NOT NULL, + path TEXT NOT NULL, + last_opened TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users (id), + FOREIGN KEY (host_id) REFERENCES ssh_data (id) + ); + + CREATE TABLE IF NOT EXISTS file_manager_pinned ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + host_id INTEGER NOT NULL, + name TEXT NOT NULL, + path TEXT NOT NULL, + pinned_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users (id), + FOREIGN KEY (host_id) REFERENCES ssh_data (id) + ); + + CREATE TABLE IF NOT EXISTS file_manager_shortcuts ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + host_id INTEGER NOT NULL, + name TEXT NOT NULL, + path TEXT NOT NULL, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users (id), + FOREIGN KEY (host_id) REFERENCES ssh_data (id) + ); + + CREATE TABLE IF NOT EXISTS dismissed_alerts ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + alert_id TEXT NOT NULL, + dismissed_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users (id) + ); + + CREATE TABLE IF NOT EXISTS ssh_credentials ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + user_id TEXT NOT NULL, + name TEXT NOT NULL, + description TEXT, + folder TEXT, + tags TEXT, + auth_type TEXT NOT NULL, + username TEXT NOT NULL, + password TEXT, + key TEXT, + key_password TEXT, + key_type TEXT, + usage_count INTEGER NOT NULL DEFAULT 0, + last_used TEXT, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users (id) + ); + + CREATE TABLE IF NOT EXISTS ssh_credential_usage ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + credential_id INTEGER NOT NULL, + host_id INTEGER NOT NULL, + user_id TEXT NOT NULL, + used_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (credential_id) REFERENCES ssh_credentials (id), + FOREIGN KEY (host_id) REFERENCES ssh_data (id), + FOREIGN KEY (user_id) REFERENCES users (id) + ); +`); + + // Run schema migrations + migrateSchema(); + + // Initialize default settings + try { + const row = sqlite + .prepare("SELECT value FROM settings WHERE key = 'allow_registration'") + .get(); + if (!row) { + databaseLogger.info("Initializing default settings", { + operation: "db_init", + setting: "allow_registration", + }); + sqlite + .prepare( + "INSERT INTO settings (key, value) VALUES ('allow_registration', 'true')", + ) + .run(); + } + } catch (e) { + databaseLogger.warn("Could not initialize default settings", { + operation: "db_init", + error: e, + }); + } +} + +const addColumnIfNotExists = ( + table: string, + column: string, + definition: string, +) => { + try { + sqlite + .prepare( + `SELECT ${column} + FROM ${table} LIMIT 1`, + ) + .get(); + } catch (e) { + try { + databaseLogger.debug(`Adding column ${column} to ${table}`, { + operation: "schema_migration", + table, + column, + }); + sqlite.exec(`ALTER TABLE ${table} + ADD COLUMN ${column} ${definition};`); + databaseLogger.success(`Column ${column} added to ${table}`, { + operation: "schema_migration", + table, + column, + }); + } catch (alterError) { + databaseLogger.warn(`Failed to add column ${column} to ${table}`, { + operation: "schema_migration", + table, + column, + error: alterError, + }); + } + } +}; + +const migrateSchema = () => { + databaseLogger.info("Checking for schema updates...", { + operation: "schema_migration", + }); + + addColumnIfNotExists("users", "is_admin", "INTEGER NOT NULL DEFAULT 0"); + + addColumnIfNotExists("users", "is_oidc", "INTEGER NOT NULL DEFAULT 0"); + addColumnIfNotExists("users", "oidc_identifier", "TEXT"); + addColumnIfNotExists("users", "client_id", "TEXT"); + addColumnIfNotExists("users", "client_secret", "TEXT"); + addColumnIfNotExists("users", "issuer_url", "TEXT"); + addColumnIfNotExists("users", "authorization_url", "TEXT"); + addColumnIfNotExists("users", "token_url", "TEXT"); + + addColumnIfNotExists("users", "identifier_path", "TEXT"); + addColumnIfNotExists("users", "name_path", "TEXT"); + addColumnIfNotExists("users", "scopes", "TEXT"); + + addColumnIfNotExists("users", "totp_secret", "TEXT"); + addColumnIfNotExists("users", "totp_enabled", "INTEGER NOT NULL DEFAULT 0"); + addColumnIfNotExists("users", "totp_backup_codes", "TEXT"); + + addColumnIfNotExists("ssh_data", "name", "TEXT"); + addColumnIfNotExists("ssh_data", "folder", "TEXT"); + addColumnIfNotExists("ssh_data", "tags", "TEXT"); + addColumnIfNotExists("ssh_data", "pin", "INTEGER NOT NULL DEFAULT 0"); + addColumnIfNotExists( + "ssh_data", + "auth_type", + 'TEXT NOT NULL DEFAULT "password"', + ); + addColumnIfNotExists("ssh_data", "password", "TEXT"); + addColumnIfNotExists("ssh_data", "key", "TEXT"); + addColumnIfNotExists("ssh_data", "key_password", "TEXT"); + addColumnIfNotExists("ssh_data", "key_type", "TEXT"); + addColumnIfNotExists( + "ssh_data", + "enable_terminal", + "INTEGER NOT NULL DEFAULT 1", + ); + addColumnIfNotExists( + "ssh_data", + "enable_tunnel", + "INTEGER NOT NULL DEFAULT 1", + ); + addColumnIfNotExists("ssh_data", "tunnel_connections", "TEXT"); + addColumnIfNotExists( + "ssh_data", + "enable_file_manager", + "INTEGER NOT NULL DEFAULT 1", + ); + addColumnIfNotExists("ssh_data", "default_path", "TEXT"); + addColumnIfNotExists( + "ssh_data", + "created_at", + "TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP", + ); + addColumnIfNotExists( + "ssh_data", + "updated_at", + "TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP", + ); + + addColumnIfNotExists( + "ssh_data", + "credential_id", + "INTEGER REFERENCES ssh_credentials(id)", + ); + + + // SSH credentials table migrations for encryption support + addColumnIfNotExists("ssh_credentials", "private_key", "TEXT"); + addColumnIfNotExists("ssh_credentials", "public_key", "TEXT"); + addColumnIfNotExists("ssh_credentials", "detected_key_type", "TEXT"); + + addColumnIfNotExists("file_manager_recent", "host_id", "INTEGER NOT NULL"); + addColumnIfNotExists("file_manager_pinned", "host_id", "INTEGER NOT NULL"); + addColumnIfNotExists("file_manager_shortcuts", "host_id", "INTEGER NOT NULL"); + + databaseLogger.success("Schema migration completed", { + operation: "schema_migration", + }); +}; + +// Function to save in-memory database to encrypted file +async function saveMemoryDatabaseToFile() { + if (!memoryDatabase || !enableFileEncryption) return; + + try { + // Export in-memory database to buffer + const buffer = memoryDatabase.serialize(); + + // Encrypt and save to file (now async) + await DatabaseFileEncryption.encryptDatabaseFromBuffer(buffer, encryptedDbPath); + + databaseLogger.debug("In-memory database saved to encrypted file", { + operation: "memory_db_save", + bufferSize: buffer.length, + encryptedPath: encryptedDbPath, + }); + } catch (error) { + databaseLogger.error("Failed to save in-memory database", error, { + operation: "memory_db_save_failed", + }); + } +} + +// Function to handle post-initialization file encryption and cleanup +async function handlePostInitFileEncryption() { + if (!enableFileEncryption) return; + + try { + // Clean up any existing unencrypted database files + if (fs.existsSync(dbPath)) { + databaseLogger.warn( + "Found unencrypted database file, removing for security", + { + operation: "db_security_cleanup_existing", + removingPath: dbPath, + }, + ); + + try { + fs.unlinkSync(dbPath); + databaseLogger.success( + "Unencrypted database file removed for security", + { + operation: "db_security_cleanup_complete", + removedPath: dbPath, + }, + ); + } catch (error) { + databaseLogger.warn( + "Could not remove unencrypted database file (may be locked)", + { + operation: "db_security_cleanup_deferred", + path: dbPath, + error: error instanceof Error ? error.message : "Unknown error", + }, + ); + + // Try again after a short delay + setTimeout(() => { + try { + if (fs.existsSync(dbPath)) { + fs.unlinkSync(dbPath); + databaseLogger.success( + "Delayed cleanup: unencrypted database file removed", + { + operation: "db_security_cleanup_delayed_success", + removedPath: dbPath, + }, + ); + } + } catch (delayedError) { + databaseLogger.error( + "Failed to remove unencrypted database file even after delay", + delayedError, + { + operation: "db_security_cleanup_delayed_failed", + path: dbPath, + }, + ); + } + }, 2000); + } + } + + // Always save the in-memory database (whether new or existing) + if (memoryDatabase) { + // Save immediately after initialization + await saveMemoryDatabaseToFile(); + + // Set up periodic saves every 5 minutes + setInterval(saveMemoryDatabaseToFile, 5 * 60 * 1000); + } + } catch (error) { + databaseLogger.error( + "Failed to handle database file encryption/cleanup", + error, + { + operation: "db_encrypt_cleanup_failed", + }, + ); + + // Don't fail the entire initialization for this + } +} + +// Export a promise that resolves when database is fully initialized +export const databaseReady = initializeCompleteDatabase() + .then(async () => { + await handlePostInitFileEncryption(); + + databaseLogger.success("Database connection established", { + operation: "db_init", + path: actualDbPath, + hasEncryptedBackup: + enableFileEncryption && + DatabaseFileEncryption.isEncryptedDatabaseFile(encryptedDbPath), + }); + }) + .catch((error) => { + databaseLogger.error("Failed to initialize database", error, { + operation: "db_init", + }); + process.exit(1); + }); + +// Cleanup function for database and temporary files +async function cleanupDatabase() { + // Save in-memory database before closing + if (memoryDatabase) { + try { + await saveMemoryDatabaseToFile(); + } catch (error) { + databaseLogger.error( + "Failed to save in-memory database before shutdown", + error, + { + operation: "shutdown_save_failed", + }, + ); + } + } + + // Close database connection + try { + if (sqlite) { + sqlite.close(); + databaseLogger.debug("Database connection closed", { + operation: "db_close", + }); + } + } catch (error) { + databaseLogger.warn("Error closing database connection", { + operation: "db_close_error", + error: error instanceof Error ? error.message : "Unknown error", + }); + } + + // Clean up temp directory + try { + const tempDir = path.join(dataDir, ".temp"); + if (fs.existsSync(tempDir)) { + const files = fs.readdirSync(tempDir); + for (const file of files) { + try { + fs.unlinkSync(path.join(tempDir, file)); + } catch { + // Ignore individual file cleanup errors + } + } + + try { + fs.rmdirSync(tempDir); + databaseLogger.debug("Temp directory cleaned up", { + operation: "temp_dir_cleanup", + }); + } catch { + // Ignore directory removal errors + } + } + } catch (error) { + // Ignore temp directory cleanup errors + } +} + +// Register cleanup handlers +process.on("exit", () => { + // Synchronous cleanup only for exit event + if (sqlite) { + try { + sqlite.close(); + } catch {} + } +}); + +process.on("SIGINT", async () => { + databaseLogger.info("Received SIGINT, cleaning up...", { + operation: "shutdown", + }); + await cleanupDatabase(); + process.exit(0); +}); + +process.on("SIGTERM", async () => { + databaseLogger.info("Received SIGTERM, cleaning up...", { + operation: "shutdown", + }); + await cleanupDatabase(); + process.exit(0); +}); + +// Database connection - will be initialized after database setup +let db: ReturnType>; + +// Export database connection getter function to avoid undefined access +export function getDb(): ReturnType> { + if (!db) { + throw new Error("Database not initialized. Ensure databaseReady promise is awaited before accessing db."); + } + return db; +} + +// Legacy export for compatibility - will throw if accessed before initialization +export { db }; +export { DatabaseFileEncryption }; +export const databasePaths = { + main: actualDbPath, + encrypted: encryptedDbPath, + directory: dbDir, + inMemory: true, +}; + +// Memory database buffer function +function getMemoryDatabaseBuffer(): Buffer { + if (!memoryDatabase) { + throw new Error("Memory database not initialized"); + } + + try { + // Export in-memory database to buffer + const buffer = memoryDatabase.serialize(); + + databaseLogger.debug("Memory database serialized to buffer", { + operation: "memory_db_serialize", + bufferSize: buffer.length, + }); + + return buffer; + } catch (error) { + databaseLogger.error( + "Failed to serialize memory database to buffer", + error, + { + operation: "memory_db_serialize_failed", + }, + ); + throw error; + } +} + +// Export save function for manual saves and buffer access +export { saveMemoryDatabaseToFile, getMemoryDatabaseBuffer }; diff --git a/src/backend/database/db/schema.ts b/src/backend/database/db/schema.ts index dd764c22..8e0f8e79 100644 --- a/src/backend/database/db/schema.ts +++ b/src/backend/database/db/schema.ts @@ -45,13 +45,15 @@ export const sshData = sqliteTable("ssh_data", { authType: text("auth_type").notNull(), password: text("password"), - requirePassword: integer("require_password", { mode: "boolean" }) - .notNull() - .default(true), key: text("key", { length: 8192 }), keyPassword: text("key_password"), keyType: text("key_type"), + // AutoStart plaintext fields (populated only when autoStart is enabled) + autostartPassword: text("autostart_password"), + autostartKey: text("autostart_key", { length: 8192 }), + autostartKeyPassword: text("autostart_key_password"), + credentialId: integer("credential_id").references(() => sshCredentials.id), enableTerminal: integer("enable_terminal", { mode: "boolean" }) .notNull() @@ -171,3 +173,4 @@ export const sshCredentialUsage = sqliteTable("ssh_credential_usage", { .notNull() .default(sql`CURRENT_TIMESTAMP`), }); + diff --git a/src/backend/database/routes/alerts.ts b/src/backend/database/routes/alerts.ts index ddfc44c5..be57fcfb 100644 --- a/src/backend/database/routes/alerts.ts +++ b/src/backend/database/routes/alerts.ts @@ -4,6 +4,7 @@ import { dismissedAlerts } from "../db/schema.js"; import { eq, and } from "drizzle-orm"; import fetch from "node-fetch"; import { authLogger } from "../../utils/logger.js"; +import { AuthManager } from "../../utils/auth-manager.js"; interface CacheEntry { data: any; @@ -107,31 +108,15 @@ async function fetchAlertsFromGitHub(): Promise { const router = express.Router(); -// Route: Get all active alerts +// Initialize auth middleware +const authManager = AuthManager.getInstance(); +const authenticateJWT = authManager.createAuthMiddleware(); + +// Route: Get alerts for the authenticated user (excluding dismissed ones) // GET /alerts -router.get("/", async (req, res) => { +router.get("/", authenticateJWT, async (req, res) => { try { - const alerts = await fetchAlertsFromGitHub(); - res.json({ - alerts, - cached: alertCache.get("termix_alerts") !== null, - total_count: alerts.length, - }); - } catch (error) { - authLogger.error("Failed to get alerts", error); - res.status(500).json({ error: "Failed to fetch alerts" }); - } -}); - -// Route: Get alerts for a specific user (excluding dismissed ones) -// GET /alerts/user/:userId -router.get("/user/:userId", async (req, res) => { - try { - const { userId } = req.params; - - if (!userId) { - return res.status(400).json({ error: "User ID is required" }); - } + const userId = (req as any).userId; const allAlerts = await fetchAlertsFromGitHub(); @@ -144,32 +129,33 @@ router.get("/user/:userId", async (req, res) => { dismissedAlertRecords.map((record) => record.alertId), ); - const userAlerts = allAlerts.filter( + const activeAlertsForUser = allAlerts.filter( (alert) => !dismissedAlertIds.has(alert.id), ); res.json({ - alerts: userAlerts, - total_count: userAlerts.length, - dismissed_count: dismissedAlertIds.size, + alerts: activeAlertsForUser, + cached: alertCache.get("termix_alerts") !== null, + total_count: activeAlertsForUser.length, }); } catch (error) { authLogger.error("Failed to get user alerts", error); - res.status(500).json({ error: "Failed to fetch user alerts" }); + res.status(500).json({ error: "Failed to fetch alerts" }); } }); -// Route: Dismiss an alert for a user -// POST /alerts/dismiss -router.post("/dismiss", async (req, res) => { - try { - const { userId, alertId } = req.body; +// Deprecated endpoint - use GET /alerts instead - if (!userId || !alertId) { - authLogger.warn("Missing userId or alertId in dismiss request"); - return res - .status(400) - .json({ error: "User ID and Alert ID are required" }); +// Route: Dismiss an alert for the authenticated user +// POST /alerts/dismiss +router.post("/dismiss", authenticateJWT, async (req, res) => { + try { + const { alertId } = req.body; + const userId = (req as any).userId; + + if (!alertId) { + authLogger.warn("Missing alertId in dismiss request", { userId }); + return res.status(400).json({ error: "Alert ID is required" }); } const existingDismissal = await db @@ -201,13 +187,9 @@ router.post("/dismiss", async (req, res) => { // Route: Get dismissed alerts for a user // GET /alerts/dismissed/:userId -router.get("/dismissed/:userId", async (req, res) => { +router.get("/dismissed", authenticateJWT, async (req, res) => { try { - const { userId } = req.params; - - if (!userId) { - return res.status(400).json({ error: "User ID is required" }); - } + const userId = (req as any).userId; const dismissedAlertRecords = await db .select({ @@ -227,16 +209,15 @@ router.get("/dismissed/:userId", async (req, res) => { } }); -// Route: Undismiss an alert for a user (remove from dismissed list) +// Route: Undismiss an alert for the authenticated user (remove from dismissed list) // DELETE /alerts/dismiss -router.delete("/dismiss", async (req, res) => { +router.delete("/dismiss", authenticateJWT, async (req, res) => { try { - const { userId, alertId } = req.body; + const { alertId } = req.body; + const userId = (req as any).userId; - if (!userId || !alertId) { - return res - .status(400) - .json({ error: "User ID and Alert ID are required" }); + if (!alertId) { + return res.status(400).json({ error: "Alert ID is required" }); } const result = await db diff --git a/src/backend/database/routes/credentials.ts b/src/backend/database/routes/credentials.ts index a5cb14f4..7ea11077 100644 --- a/src/backend/database/routes/credentials.ts +++ b/src/backend/database/routes/credentials.ts @@ -5,7 +5,8 @@ import { eq, and, desc, sql } from "drizzle-orm"; import type { Request, Response, NextFunction } from "express"; import jwt from "jsonwebtoken"; import { authLogger } from "../../utils/logger.js"; -import { EncryptedDBOperations } from "../../utils/encrypted-db-operations.js"; +import { SimpleDBOps } from "../../utils/simple-db-ops.js"; +import { AuthManager } from "../../utils/auth-manager.js"; import { parseSSHKey, parsePublicKey, @@ -84,29 +85,14 @@ function isNonEmptyString(val: any): val is string { return typeof val === "string" && val.trim().length > 0; } -function authenticateJWT(req: Request, res: Response, next: NextFunction) { - const authHeader = req.headers["authorization"]; - if (!authHeader || !authHeader.startsWith("Bearer ")) { - authLogger.warn("Missing or invalid Authorization header"); - return res - .status(401) - .json({ error: "Missing or invalid Authorization header" }); - } - const token = authHeader.split(" ")[1]; - const jwtSecret = process.env.JWT_SECRET || "secret"; - try { - const payload = jwt.verify(token, jwtSecret) as JWTPayload; - (req as any).userId = payload.userId; - next(); - } catch (err) { - authLogger.warn("Invalid or expired token"); - return res.status(401).json({ error: "Invalid or expired token" }); - } -} +// Use AuthManager middleware for authentication +const authManager = AuthManager.getInstance(); +const authenticateJWT = authManager.createAuthMiddleware(); +const requireDataAccess = authManager.createDataAccessMiddleware(); // Create a new credential // POST /credentials -router.post("/", authenticateJWT, async (req: Request, res: Response) => { +router.post("/", authenticateJWT, requireDataAccess, async (req: Request, res: Response) => { const userId = (req as any).userId; const { name, @@ -210,10 +196,11 @@ router.post("/", authenticateJWT, async (req: Request, res: Response) => { lastUsed: null, }; - const created = (await EncryptedDBOperations.insert( + const created = (await SimpleDBOps.insert( sshCredentials, "ssh_credentials", credentialData, + userId, )) as typeof credentialData & { id: number }; authLogger.success( @@ -245,7 +232,7 @@ router.post("/", authenticateJWT, async (req: Request, res: Response) => { // Get all credentials for the authenticated user // GET /credentials -router.get("/", authenticateJWT, async (req: Request, res: Response) => { +router.get("/", authenticateJWT, requireDataAccess, async (req: Request, res: Response) => { const userId = (req as any).userId; if (!isNonEmptyString(userId)) { @@ -254,13 +241,14 @@ router.get("/", authenticateJWT, async (req: Request, res: Response) => { } try { - const credentials = await EncryptedDBOperations.select( + const credentials = await SimpleDBOps.select( db .select() .from(sshCredentials) .where(eq(sshCredentials.userId, userId)) .orderBy(desc(sshCredentials.updatedAt)), "ssh_credentials", + userId, ); res.json(credentials.map((cred) => formatCredentialOutput(cred))); @@ -272,7 +260,7 @@ router.get("/", authenticateJWT, async (req: Request, res: Response) => { // Get all unique credential folders for the authenticated user // GET /credentials/folders -router.get("/folders", authenticateJWT, async (req: Request, res: Response) => { +router.get("/folders", authenticateJWT, requireDataAccess, async (req: Request, res: Response) => { const userId = (req as any).userId; if (!isNonEmptyString(userId)) { @@ -305,7 +293,7 @@ router.get("/folders", authenticateJWT, async (req: Request, res: Response) => { // Get a specific credential by ID (with plain text secrets) // GET /credentials/:id -router.get("/:id", authenticateJWT, async (req: Request, res: Response) => { +router.get("/:id", authenticateJWT, requireDataAccess, async (req: Request, res: Response) => { const userId = (req as any).userId; const { id } = req.params; @@ -315,7 +303,7 @@ router.get("/:id", authenticateJWT, async (req: Request, res: Response) => { } try { - const credentials = await EncryptedDBOperations.select( + const credentials = await SimpleDBOps.select( db .select() .from(sshCredentials) @@ -326,6 +314,7 @@ router.get("/:id", authenticateJWT, async (req: Request, res: Response) => { ), ), "ssh_credentials", + userId, ); if (credentials.length === 0) { @@ -362,7 +351,7 @@ router.get("/:id", authenticateJWT, async (req: Request, res: Response) => { // Update a credential // PUT /credentials/:id -router.put("/:id", authenticateJWT, async (req: Request, res: Response) => { +router.put("/:id", authenticateJWT, requireDataAccess, async (req: Request, res: Response) => { const userId = (req as any).userId; const { id } = req.params; const updateData = req.body; @@ -437,18 +426,19 @@ router.put("/:id", authenticateJWT, async (req: Request, res: Response) => { } if (Object.keys(updateFields).length === 0) { - const existing = await EncryptedDBOperations.select( + const existing = await SimpleDBOps.select( db .select() .from(sshCredentials) .where(eq(sshCredentials.id, parseInt(id))), "ssh_credentials", + userId, ); return res.json(formatCredentialOutput(existing[0])); } - await EncryptedDBOperations.update( + await SimpleDBOps.update( sshCredentials, "ssh_credentials", and( @@ -456,14 +446,16 @@ router.put("/:id", authenticateJWT, async (req: Request, res: Response) => { eq(sshCredentials.userId, userId), ), updateFields, + userId, ); - const updated = await EncryptedDBOperations.select( + const updated = await SimpleDBOps.select( db .select() .from(sshCredentials) .where(eq(sshCredentials.id, parseInt(id))), "ssh_credentials", + userId, ); const credential = updated[0]; @@ -490,7 +482,7 @@ router.put("/:id", authenticateJWT, async (req: Request, res: Response) => { // Delete a credential // DELETE /credentials/:id -router.delete("/:id", authenticateJWT, async (req: Request, res: Response) => { +router.delete("/:id", authenticateJWT, requireDataAccess, async (req: Request, res: Response) => { const userId = (req as any).userId; const { id } = req.params; diff --git a/src/backend/database/routes/ssh.ts b/src/backend/database/routes/ssh.ts index 34bc9451..0bf474c4 100644 --- a/src/backend/database/routes/ssh.ts +++ b/src/backend/database/routes/ssh.ts @@ -8,12 +8,16 @@ import { fileManagerPinned, fileManagerShortcuts, } from "../db/schema.js"; -import { eq, and, desc } from "drizzle-orm"; +import { eq, and, desc, isNotNull, or } from "drizzle-orm"; import type { Request, Response, NextFunction } from "express"; import jwt from "jsonwebtoken"; import multer from "multer"; import { sshLogger } from "../../utils/logger.js"; -import { EncryptedDBOperations } from "../../utils/encrypted-db-operations.js"; +import { SimpleDBOps } from "../../utils/simple-db-ops.js"; +import { AuthManager } from "../../utils/auth-manager.js"; +import { DataCrypto } from "../../utils/data-crypto.js"; +import { SystemCrypto } from "../../utils/system-crypto.js"; +import { DatabaseSaveTrigger } from "../db/index.js"; const router = express.Router(); @@ -31,65 +35,198 @@ function isValidPort(port: any): port is number { return typeof port === "number" && port > 0 && port <= 65535; } -function authenticateJWT(req: Request, res: Response, next: NextFunction) { - const authHeader = req.headers.authorization; - if (!authHeader || !authHeader.startsWith("Bearer ")) { - sshLogger.warn("Missing or invalid Authorization header"); - return res - .status(401) - .json({ error: "Missing or invalid Authorization header" }); - } - const token = authHeader.split(" ")[1]; - const jwtSecret = process.env.JWT_SECRET || "secret"; - try { - const payload = jwt.verify(token, jwtSecret) as JWTPayload; - (req as any).userId = payload.userId; - next(); - } catch (err) { - sshLogger.warn("Invalid or expired token"); - return res.status(401).json({ error: "Invalid or expired token" }); - } -} +// Use AuthManager middleware for authentication +const authManager = AuthManager.getInstance(); +const authenticateJWT = authManager.createAuthMiddleware(); +const requireDataAccess = authManager.createDataAccessMiddleware(); -function isLocalhost(req: Request) { - const ip = req.ip || req.connection?.remoteAddress; - return ip === "127.0.0.1" || ip === "::1" || ip === "::ffff:127.0.0.1"; -} -// Internal-only endpoint for autostart (no JWT) +// Internal-only endpoint for autostart - requires internal auth token router.get("/db/host/internal", async (req: Request, res: Response) => { - if (!isLocalhost(req) && req.headers["x-internal-request"] !== "1") { - sshLogger.warn("Unauthorized attempt to access internal SSH host endpoint"); - return res.status(403).json({ error: "Forbidden" }); - } try { - const data = await EncryptedDBOperations.select( - db.select().from(sshData), - "ssh_data", - ); - const result = data.map((row: any) => { + // Check for internal authentication token using SystemCrypto + const internalToken = req.headers["x-internal-auth-token"]; + const systemCrypto = SystemCrypto.getInstance(); + const expectedToken = await systemCrypto.getInternalAuthToken(); + + if (internalToken !== expectedToken) { + sshLogger.warn("Unauthorized attempt to access internal SSH host endpoint", { + source: req.ip, + userAgent: req.headers["user-agent"], + providedToken: internalToken ? "present" : "missing" + }); + return res.status(403).json({ error: "Forbidden" }); + } + } catch (error) { + sshLogger.error("Failed to validate internal auth token", error); + return res.status(500).json({ error: "Internal server error" }); + } + + try { + // Query sshData directly for hosts that have autostart plaintext fields populated + const autostartHosts = await db.select() + .from(sshData) + .where( + // Check if any autostart fields are populated (meaning autostart is enabled) + or( + isNotNull(sshData.autostartPassword), + isNotNull(sshData.autostartKey) + ) + ); + + console.log("=== AUTOSTART QUERY DEBUG ==="); + console.log("Found autostart hosts count:", autostartHosts.length); + autostartHosts.forEach((host, index) => { + console.log(`Host ${index + 1}:`, { + id: host.id, + ip: host.ip, + username: host.username, + hasAutostartPassword: !!host.autostartPassword, + hasAutostartKey: !!host.autostartKey, + autostartPasswordLength: host.autostartPassword?.length || 0, + autostartKeyLength: host.autostartKey?.length || 0 + }); + }); + console.log("=== END AUTOSTART QUERY DEBUG ==="); + + sshLogger.info("Internal autostart endpoint accessed", { + operation: "autostart_internal_access", + configCount: autostartHosts.length, + source: req.ip, + userAgent: req.headers["user-agent"] + }); + + // Transform to expected format for tunnel service + const result = autostartHosts.map((host) => { + const tunnelConnections = host.tunnelConnections + ? JSON.parse(host.tunnelConnections) + : []; + + // Debug: Log what we're reading from database + sshLogger.info(`Autostart host from DB:`, { + hostId: host.id, + ip: host.ip, + username: host.username, + hasAutostartPassword: !!host.autostartPassword, + hasAutostartKey: !!host.autostartKey, + hasEncryptedPassword: !!host.password, + hasEncryptedKey: !!host.key, + authType: host.authType, + autostartPasswordLength: host.autostartPassword?.length || 0, + autostartKeyLength: host.autostartKey?.length || 0, + }); + return { - ...row, - tags: - typeof row.tags === "string" - ? row.tags - ? row.tags.split(",").filter(Boolean) - : [] - : [], - pin: !!row.pin, - requirePassword: !!row.requirePassword, - enableTerminal: !!row.enableTerminal, - enableTunnel: !!row.enableTunnel, - tunnelConnections: row.tunnelConnections - ? JSON.parse(row.tunnelConnections) - : [], - enableFileManager: !!row.enableFileManager, + id: host.id, + userId: host.userId, + name: host.name || `autostart-${host.id}`, + ip: host.ip, + port: host.port, + username: host.username, + password: host.autostartPassword, + key: host.autostartKey, + keyPassword: host.autostartKeyPassword, + // Include explicit autostart fields for tunnel service + autostartPassword: host.autostartPassword, + autostartKey: host.autostartKey, + autostartKeyPassword: host.autostartKeyPassword, + authType: host.authType, + enableTunnel: true, + tunnelConnections: tunnelConnections.filter((tunnel: any) => tunnel.autoStart), + pin: false, + enableTerminal: false, + enableFileManager: false, + tags: ["autostart"], }; }); + res.json(result); } catch (err) { - sshLogger.error("Failed to fetch SSH data (internal)", err); - res.status(500).json({ error: "Failed to fetch SSH data" }); + sshLogger.error("Failed to fetch autostart SSH data", err); + res.status(500).json({ error: "Failed to fetch autostart SSH data" }); + } +}); + +// Internal-only endpoint for all hosts - requires internal auth token (for tunnel endpointHost resolution) +router.get("/db/host/internal/all", async (req: Request, res: Response) => { + try { + // Check for internal authentication token using SystemCrypto + const internalToken = req.headers["x-internal-auth-token"]; + if (!internalToken) { + return res.status(401).json({ error: "Internal authentication token required" }); + } + + const systemCrypto = SystemCrypto.getInstance(); + const expectedToken = await systemCrypto.getInternalAuthToken(); + + if (internalToken !== expectedToken) { + return res.status(401).json({ error: "Invalid internal authentication token" }); + } + + // Query all hosts for endpointHost resolution + const allHosts = await db.select().from(sshData); + + sshLogger.info("Internal all hosts endpoint accessed", { + operation: "all_hosts_internal_access", + hostCount: allHosts.length, + source: req.ip, + userAgent: req.headers["user-agent"] + }); + + // Transform to expected format for tunnel service + const result = allHosts.map((host) => { + const tunnelConnections = host.tunnelConnections + ? JSON.parse(host.tunnelConnections) + : []; + + // Debug: Log what we're reading from database for all hosts + sshLogger.info(`All hosts endpoint - host from DB:`, { + hostId: host.id, + ip: host.ip, + username: host.username, + hasAutostartPassword: !!host.autostartPassword, + hasAutostartKey: !!host.autostartKey, + hasEncryptedPassword: !!host.password, + hasEncryptedKey: !!host.key, + authType: host.authType, + autostartPasswordLength: host.autostartPassword?.length || 0, + autostartKeyLength: host.autostartKey?.length || 0, + encryptedPasswordLength: host.password?.length || 0, + encryptedKeyLength: host.key?.length || 0, + }); + + return { + id: host.id, + userId: host.userId, + name: host.name || `${host.username}@${host.ip}`, + ip: host.ip, + port: host.port, + username: host.username, + password: host.autostartPassword || host.password, + key: host.autostartKey || host.key, + keyPassword: host.autostartKeyPassword || host.keyPassword, + // Include autostart fields for fallback + autostartPassword: host.autostartPassword, + autostartKey: host.autostartKey, + autostartKeyPassword: host.autostartKeyPassword, + authType: host.authType, + keyType: host.keyType, + credentialId: host.credentialId, + enableTunnel: !!host.enableTunnel, + tunnelConnections: tunnelConnections, + pin: !!host.pin, + enableTerminal: !!host.enableTerminal, + enableFileManager: !!host.enableFileManager, + defaultPath: host.defaultPath, + createdAt: host.createdAt, + updatedAt: host.updatedAt, + }; + }); + + res.json(result); + } catch (err) { + sshLogger.error("Failed to fetch all hosts for internal use", err); + res.status(500).json({ error: "Failed to fetch all hosts" }); } }); @@ -98,6 +235,7 @@ router.get("/db/host/internal", async (req: Request, res: Response) => { router.post( "/db/host", authenticateJWT, + requireDataAccess, upload.single("key"), async (req: Request, res: Response) => { const userId = (req as any).userId; @@ -138,7 +276,6 @@ router.post( port, username, password, - requirePassword, authMethod, authType, credentialId, @@ -190,7 +327,6 @@ router.post( if (effectiveAuthType === "password") { sshDataObj.password = password || null; - sshDataObj.requirePassword = requirePassword !== false ? 1 : 0; sshDataObj.key = null; sshDataObj.keyPassword = null; sshDataObj.keyType = null; @@ -199,21 +335,20 @@ router.post( sshDataObj.keyPassword = keyPassword || null; sshDataObj.keyType = keyType; sshDataObj.password = null; - sshDataObj.requirePassword = 1; // Default to true for non-password auth } else { // For credential auth sshDataObj.password = null; sshDataObj.key = null; sshDataObj.keyPassword = null; sshDataObj.keyType = null; - sshDataObj.requirePassword = 1; // Default to true for non-password auth } try { - const result = await EncryptedDBOperations.insert( + const result = await SimpleDBOps.insert( sshData, "ssh_data", sshDataObj, + userId, ); if (!result) { @@ -237,7 +372,6 @@ router.post( : [] : [], pin: !!createdHost.pin, - requirePassword: !!createdHost.requirePassword, enableTerminal: !!createdHost.enableTerminal, enableTunnel: !!createdHost.enableTunnel, tunnelConnections: createdHost.tunnelConnections @@ -324,7 +458,6 @@ router.put( port, username, password, - requirePassword, authMethod, authType, credentialId, @@ -379,7 +512,6 @@ router.put( if (password) { sshDataObj.password = password; } - sshDataObj.requirePassword = requirePassword !== false ? 1 : 0; sshDataObj.key = null; sshDataObj.keyPassword = null; sshDataObj.keyType = null; @@ -394,25 +526,24 @@ router.put( sshDataObj.keyType = keyType; } sshDataObj.password = null; - sshDataObj.requirePassword = 1; // Default to true for non-password auth } else { // For credential auth sshDataObj.password = null; sshDataObj.key = null; sshDataObj.keyPassword = null; sshDataObj.keyType = null; - sshDataObj.requirePassword = 1; // Default to true for non-password auth } try { - await EncryptedDBOperations.update( + await SimpleDBOps.update( sshData, "ssh_data", and(eq(sshData.id, Number(hostId)), eq(sshData.userId, userId)), sshDataObj, + userId, ); - const updatedHosts = await EncryptedDBOperations.select( + const updatedHosts = await SimpleDBOps.select( db .select() .from(sshData) @@ -420,6 +551,7 @@ router.put( and(eq(sshData.id, Number(hostId)), eq(sshData.userId, userId)), ), "ssh_data", + userId, ); if (updatedHosts.length === 0) { @@ -441,7 +573,6 @@ router.put( : [] : [], pin: !!updatedHost.pin, - requirePassword: !!updatedHost.requirePassword, enableTerminal: !!updatedHost.enableTerminal, enableTunnel: !!updatedHost.enableTunnel, tunnelConnections: updatedHost.tunnelConnections @@ -493,9 +624,10 @@ router.get("/db/host", authenticateJWT, async (req: Request, res: Response) => { return res.status(400).json({ error: "Invalid userId" }); } try { - const data = await EncryptedDBOperations.select( + const data = await SimpleDBOps.select( db.select().from(sshData).where(eq(sshData.userId, userId)), "ssh_data", + userId, ); const result = await Promise.all( @@ -509,7 +641,6 @@ router.get("/db/host", authenticateJWT, async (req: Request, res: Response) => { : [] : [], pin: !!row.pin, - requirePassword: !!row.requirePassword, enableTerminal: !!row.enableTerminal, enableTunnel: !!row.enableTunnel, tunnelConnections: row.tunnelConnections @@ -1113,7 +1244,7 @@ router.put( } try { - const updatedHosts = await EncryptedDBOperations.update( + const updatedHosts = await SimpleDBOps.update( sshData, "ssh_data", and(eq(sshData.userId, userId), eq(sshData.folder, oldName)), @@ -1121,6 +1252,7 @@ router.put( folder: newName, updatedAt: new Date().toISOString(), }, + userId, ); const updatedCredentials = await db @@ -1137,6 +1269,9 @@ router.put( ) .returning(); + // Trigger database save after folder rename + DatabaseSaveTrigger.triggerSave("folder_rename"); + res.json({ message: "Folder renamed successfully", updatedHosts: updatedHosts.length, @@ -1261,7 +1396,7 @@ router.post( updatedAt: new Date().toISOString(), }; - await EncryptedDBOperations.insert(sshData, "ssh_data", sshDataObj); + await SimpleDBOps.insert(sshData, "ssh_data", sshDataObj, userId); results.success++; } catch (error) { results.failed++; @@ -1280,4 +1415,295 @@ router.post( }, ); +// Route: Enable autostart for SSH configuration (requires JWT) +// POST /ssh/autostart/enable +router.post( + "/autostart/enable", + authenticateJWT, + requireDataAccess, + async (req: Request, res: Response) => { + const userId = (req as any).userId; + const { sshConfigId } = req.body; + + if (!sshConfigId || typeof sshConfigId !== "number") { + sshLogger.warn("Missing or invalid sshConfigId in autostart enable request", { + operation: "autostart_enable", + userId, + sshConfigId + }); + return res.status(400).json({ error: "Valid sshConfigId is required" }); + } + + try { + // Validate user has access to decrypt the data + const userDataKey = DataCrypto.getUserDataKey(userId); + if (!userDataKey) { + sshLogger.warn("User attempted to enable autostart without unlocked data", { + operation: "autostart_enable_failed", + userId, + sshConfigId, + reason: "data_locked" + }); + return res.status(400).json({ + error: "Failed to enable autostart. Ensure user data is unlocked." + }); + } + + // Get and decrypt SSH configuration + const sshConfig = await db.select() + .from(sshData) + .where(and( + eq(sshData.id, sshConfigId), + eq(sshData.userId, userId) + )); + + if (sshConfig.length === 0) { + sshLogger.warn("SSH config not found for autostart enable", { + operation: "autostart_enable_failed", + userId, + sshConfigId, + reason: "config_not_found" + }); + return res.status(404).json({ + error: "SSH configuration not found" + }); + } + + const config = sshConfig[0]; + + // Decrypt sensitive fields + const decryptedConfig = DataCrypto.decryptRecord("ssh_data", config, userId, userDataKey); + + // Debug: Log what we're about to save + console.log("=== AUTOSTART DEBUG: Decrypted credentials ==="); + console.log("sshConfigId:", sshConfigId); + console.log("authType:", config.authType); + console.log("hasPassword:", !!decryptedConfig.password); + console.log("hasKey:", !!decryptedConfig.key); + console.log("hasKeyPassword:", !!decryptedConfig.keyPassword); + console.log("passwordLength:", decryptedConfig.password?.length || 0); + console.log("keyLength:", decryptedConfig.key?.length || 0); + console.log("=== END AUTOSTART DEBUG ==="); + + // Also handle tunnel connections - populate endpoint credentials + let updatedTunnelConnections = config.tunnelConnections; + if (config.tunnelConnections) { + try { + const tunnelConnections = JSON.parse(config.tunnelConnections); + + // For each tunnel connection, try to resolve endpoint credentials + const resolvedConnections = await Promise.all( + tunnelConnections.map(async (tunnel: any) => { + if (tunnel.autoStart && tunnel.endpointHost && !tunnel.endpointPassword && !tunnel.endpointKey) { + console.log("=== RESOLVING ENDPOINT CREDENTIALS ==="); + console.log("endpointHost:", tunnel.endpointHost); + + // Find endpoint host by name or username@ip + const endpointHosts = await db.select() + .from(sshData) + .where(eq(sshData.userId, userId)); + + const endpointHost = endpointHosts.find(h => + h.name === tunnel.endpointHost || + `${h.username}@${h.ip}` === tunnel.endpointHost + ); + + if (endpointHost) { + console.log("Found endpoint host:", endpointHost.id, endpointHost.ip); + + // Decrypt endpoint host credentials + const decryptedEndpoint = DataCrypto.decryptRecord("ssh_data", endpointHost, userId, userDataKey); + + console.log("Endpoint credentials:", { + hasPassword: !!decryptedEndpoint.password, + hasKey: !!decryptedEndpoint.key, + passwordLength: decryptedEndpoint.password?.length || 0 + }); + + // Add endpoint credentials to tunnel connection + return { + ...tunnel, + endpointPassword: decryptedEndpoint.password || null, + endpointKey: decryptedEndpoint.key || null, + endpointKeyPassword: decryptedEndpoint.keyPassword || null, + endpointAuthType: endpointHost.authType + }; + } + } + return tunnel; + }) + ); + + updatedTunnelConnections = JSON.stringify(resolvedConnections); + console.log("=== UPDATED TUNNEL CONNECTIONS ==="); + } catch (error) { + console.log("=== TUNNEL CONNECTION UPDATE FAILED ===", error); + } + } + + // Update the SSH config with plaintext autostart fields and resolved tunnel connections + const updateResult = await db.update(sshData) + .set({ + autostartPassword: decryptedConfig.password || null, + autostartKey: decryptedConfig.key || null, + autostartKeyPassword: decryptedConfig.keyPassword || null, + tunnelConnections: updatedTunnelConnections, + }) + .where(eq(sshData.id, sshConfigId)); + + // Debug: Log update result + console.log("=== AUTOSTART DEBUG: Update result ==="); + console.log("updateResult:", updateResult); + console.log("update completed for sshConfigId:", sshConfigId); + console.log("=== END UPDATE DEBUG ==="); + + // Force database save after autostart update + try { + await DatabaseSaveTrigger.triggerSave(); + console.log("=== DATABASE SAVE TRIGGERED AFTER AUTOSTART ==="); + } catch (saveError) { + console.log("=== DATABASE SAVE FAILED ===", saveError); + } + + // Verify the data was actually saved + try { + const verifyQuery = await db.select() + .from(sshData) + .where(eq(sshData.id, sshConfigId)); + + if (verifyQuery.length > 0) { + const saved = verifyQuery[0]; + console.log("=== VERIFICATION: Data actually saved ==="); + console.log("autostartPassword exists:", !!saved.autostartPassword); + console.log("autostartKey exists:", !!saved.autostartKey); + console.log("autostartPassword length:", saved.autostartPassword?.length || 0); + console.log("=== END VERIFICATION ==="); + } + } catch (verifyError) { + console.log("=== VERIFICATION FAILED ===", verifyError); + } + + sshLogger.success("AutoStart enabled successfully", { + operation: "autostart_enabled", + userId, + sshConfigId, + host: config.ip + }); + + res.json({ + message: "AutoStart enabled successfully", + sshConfigId + }); + } catch (error) { + sshLogger.error("Error enabling autostart", error, { + operation: "autostart_enable_error", + userId, + sshConfigId + }); + res.status(500).json({ error: "Internal server error" }); + } + } +); + +// Route: Disable autostart for SSH configuration (requires JWT) +// DELETE /ssh/autostart/disable +router.delete( + "/autostart/disable", + authenticateJWT, + async (req: Request, res: Response) => { + const userId = (req as any).userId; + const { sshConfigId } = req.body; + + if (!sshConfigId || typeof sshConfigId !== "number") { + sshLogger.warn("Missing or invalid sshConfigId in autostart disable request", { + operation: "autostart_disable", + userId, + sshConfigId + }); + return res.status(400).json({ error: "Valid sshConfigId is required" }); + } + + try { + // Clear the autostart plaintext fields for this SSH config + const result = await db.update(sshData) + .set({ + autostartPassword: null, + autostartKey: null, + autostartKeyPassword: null, + }) + .where(and( + eq(sshData.id, sshConfigId), + eq(sshData.userId, userId) + )); + + sshLogger.info("AutoStart disabled successfully", { + operation: "autostart_disabled", + userId, + sshConfigId + }); + + res.json({ + message: "AutoStart disabled successfully", + sshConfigId + }); + } catch (error) { + sshLogger.error("Error disabling autostart", error, { + operation: "autostart_disable_error", + userId, + sshConfigId + }); + res.status(500).json({ error: "Internal server error" }); + } + } +); + +// Route: Get autostart status for user's SSH configurations (requires JWT) +// GET /ssh/autostart/status +router.get( + "/autostart/status", + authenticateJWT, + async (req: Request, res: Response) => { + const userId = (req as any).userId; + + try { + // Query user's SSH configs that have autostart enabled + const autostartConfigs = await db.select() + .from(sshData) + .where(and( + eq(sshData.userId, userId), + or( + isNotNull(sshData.autostartPassword), + isNotNull(sshData.autostartKey) + ) + )); + + // Map to just the basic info needed for status + const statusList = autostartConfigs.map(config => ({ + sshConfigId: config.id, + host: config.ip, + port: config.port, + username: config.username, + authType: config.authType + })); + + sshLogger.info("AutoStart status retrieved", { + operation: "autostart_status", + userId, + configCount: statusList.length + }); + + res.json({ + autostart_configs: statusList, + total_count: statusList.length + }); + } catch (error) { + sshLogger.error("Error getting autostart status", error, { + operation: "autostart_status_error", + userId + }); + res.status(500).json({ error: "Internal server error" }); + } + } +); + export default router; diff --git a/src/backend/database/routes/users.ts b/src/backend/database/routes/users.ts index fe4a7a10..742120db 100644 --- a/src/backend/database/routes/users.ts +++ b/src/backend/database/routes/users.ts @@ -7,6 +7,7 @@ import { fileManagerPinned, fileManagerShortcuts, dismissedAlerts, + settings, } from "../db/schema.js"; import { eq, and } from "drizzle-orm"; import bcrypt from "bcryptjs"; @@ -16,6 +17,12 @@ import speakeasy from "speakeasy"; import QRCode from "qrcode"; import type { Request, Response, NextFunction } from "express"; import { authLogger, apiLogger } from "../../utils/logger.js"; +import { AuthManager } from "../../utils/auth-manager.js"; +import { UserCrypto } from "../../utils/user-crypto.js"; +import { DataCrypto } from "../../utils/data-crypto.js"; + +// Get auth manager instance +const authManager = AuthManager.getInstance(); async function verifyOIDCToken( idToken: string, @@ -129,35 +136,12 @@ interface JWTPayload { exp?: number; } -// JWT authentication middleware -function authenticateJWT(req: Request, res: Response, next: NextFunction) { - const authHeader = req.headers["authorization"]; - if (!authHeader || !authHeader.startsWith("Bearer ")) { - authLogger.warn("Missing or invalid Authorization header", { - operation: "auth", - method: req.method, - url: req.url, - }); - return res - .status(401) - .json({ error: "Missing or invalid Authorization header" }); - } - const token = authHeader.split(" ")[1]; - const jwtSecret = process.env.JWT_SECRET || "secret"; - try { - const payload = jwt.verify(token, jwtSecret) as JWTPayload; - (req as any).userId = payload.userId; - next(); - } catch (err) { - authLogger.warn("Invalid or expired token", { - operation: "auth", - method: req.method, - url: req.url, - error: err, - }); - return res.status(401).json({ error: "Invalid or expired token" }); - } -} +// JWT authentication middleware - only verify JWT, no data unlock required +const authenticateJWT = authManager.createAuthMiddleware(); +const requireAdmin = authManager.createAdminMiddleware(); + +// Data access middleware - requires user to have unlocked data keys +const requireDataAccess = authManager.createDataAccessMiddleware(); // Route: Create traditional user (username/password) // POST /users/create @@ -208,19 +192,10 @@ router.post("/create", async (req, res) => { } let isFirstUser = false; - try { - const countResult = db.$client - .prepare("SELECT COUNT(*) as count FROM users") - .get(); - isFirstUser = ((countResult as any)?.count || 0) === 0; - } catch (e) { - isFirstUser = true; - authLogger.warn("Failed to check user count, assuming first user", { - operation: "user_create", - username, - error: e, - }); - } + const countResult = db.$client + .prepare("SELECT COUNT(*) as count FROM users") + .get(); + isFirstUser = ((countResult as any)?.count || 0) === 0; const saltRounds = parseInt(process.env.SALT || "10", 10); const password_hash = await bcrypt.hash(password, saltRounds); @@ -244,6 +219,25 @@ router.post("/create", async (req, res) => { totp_backup_codes: null, }); + // Set up user data encryption (KEK-DEK architecture) + try { + await authManager.registerUser(id, password); + authLogger.success("User encryption setup completed", { + operation: "user_encryption_setup", + userId: id, + }); + } catch (encryptionError) { + // If encryption setup fails, delete user record + await db.delete(users).where(eq(users.id, id)); + authLogger.error("Failed to setup user encryption, user creation rolled back", encryptionError, { + operation: "user_create_encryption_failed", + userId: id, + }); + return res.status(500).json({ + error: "Failed to setup user security - user creation cancelled" + }); + } + authLogger.success( `Traditional user created: ${username} (is_admin: ${isFirstUser})`, { @@ -343,11 +337,46 @@ router.post("/oidc-config", authenticateJWT, async (req, res) => { scopes: scopes || "openid email profile", }; + // Encrypt sensitive configuration for storage + let encryptedConfig; + try { + // Use admin's data key to encrypt OIDC configuration + const adminDataKey = DataCrypto.getUserDataKey(userId); + if (adminDataKey) { + // Provide stable recordId for settings objects + const configWithId = { ...config, id: `oidc-config-${userId}` }; + encryptedConfig = DataCrypto.encryptRecord("settings", configWithId, userId, adminDataKey); + authLogger.info("OIDC configuration encrypted with admin data key", { + operation: "oidc_config_encrypt", + userId, + }); + } else { + // If admin data not unlocked, only encrypt client_secret + encryptedConfig = { + ...config, + client_secret: `encrypted:${Buffer.from(client_secret).toString('base64')}`, // Simple base64 encoding + }; + authLogger.warn("OIDC configuration stored with basic encoding - admin should re-save with password", { + operation: "oidc_config_basic_encoding", + userId, + }); + } + } catch (encryptError) { + authLogger.error("Failed to encrypt OIDC configuration, storing with basic encoding", encryptError, { + operation: "oidc_config_encrypt_failed", + userId, + }); + encryptedConfig = { + ...config, + client_secret: `encoded:${Buffer.from(client_secret).toString('base64')}`, + }; + } + db.$client .prepare( "INSERT OR REPLACE INTO settings (key, value) VALUES ('oidc_config', ?)", ) - .run(JSON.stringify(config)); + .run(JSON.stringify(encryptedConfig)); authLogger.info("OIDC configuration updated", { operation: "oidc_update", userId, @@ -383,7 +412,7 @@ router.delete("/oidc-config", authenticateJWT, async (req, res) => { } }); -// Route: Get OIDC configuration +// Route: Get OIDC configuration (public - needed for login page) // GET /users/oidc-config router.get("/oidc-config", async (req, res) => { try { @@ -393,7 +422,62 @@ router.get("/oidc-config", async (req, res) => { if (!row) { return res.json(null); } - res.json(JSON.parse((row as any).value)); + + let config = JSON.parse((row as any).value); + + // Decrypt or decode client_secret for display + if (config.client_secret) { + if (config.client_secret.startsWith('encrypted:')) { + // Requires admin permission to decrypt + const authHeader = req.headers["authorization"]; + if (authHeader?.startsWith("Bearer ")) { + const token = authHeader.split(" ")[1]; + const authManager = AuthManager.getInstance(); + const payload = await authManager.verifyJWTToken(token); + + if (payload) { + const userId = payload.userId; + const user = await db.select().from(users).where(eq(users.id, userId)); + + if (user && user.length > 0 && user[0].is_admin) { + try { + const adminDataKey = DataCrypto.getUserDataKey(userId); + if (adminDataKey) { + // Use same stable recordId for decryption - note: FieldCrypto will use stored recordId + config = DataCrypto.decryptRecord("settings", config, userId, adminDataKey); + } else { + // Admin data not unlocked, hide client_secret + config.client_secret = "[ENCRYPTED - PASSWORD REQUIRED]"; + } + } catch (decryptError) { + authLogger.warn("Failed to decrypt OIDC config for admin", { + operation: "oidc_config_decrypt_failed", + userId, + }); + config.client_secret = "[ENCRYPTED - DECRYPTION FAILED]"; + } + } else { + config.client_secret = "[ENCRYPTED - ADMIN ONLY]"; + } + } else { + config.client_secret = "[ENCRYPTED - AUTH REQUIRED]"; + } + } else { + config.client_secret = "[ENCRYPTED - AUTH REQUIRED]"; + } + } else if (config.client_secret.startsWith('encoded:')) { + // base64 decode + try { + const decoded = Buffer.from(config.client_secret.substring(8), 'base64').toString('utf8'); + config.client_secret = decoded; + } catch { + config.client_secret = "[ENCODING ERROR]"; + } + } + // Otherwise plaintext, return directly + } + + res.json(config); } catch (err) { authLogger.error("Failed to get OIDC config", err); res.status(500).json({ error: "Failed to get OIDC config" }); @@ -654,14 +738,10 @@ router.get("/oidc/callback", async (req, res) => { let isFirstUser = false; if (!user || user.length === 0) { - try { - const countResult = db.$client - .prepare("SELECT COUNT(*) as count FROM users") - .get(); - isFirstUser = ((countResult as any)?.count || 0) === 0; - } catch (e) { - isFirstUser = true; - } + const countResult = db.$client + .prepare("SELECT COUNT(*) as count FROM users") + .get(); + isFirstUser = ((countResult as any)?.count || 0) === 0; const id = nanoid(); await db.insert(users).values({ @@ -693,8 +773,7 @@ router.get("/oidc/callback", async (req, res) => { const userRecord = user[0]; - const jwtSecret = process.env.JWT_SECRET || "secret"; - const token = jwt.sign({ userId: userRecord.id }, jwtSecret, { + const token = await authManager.generateJWTToken(userRecord.id, { expiresIn: "50d", }); @@ -775,22 +854,69 @@ router.post("/login", async (req, res) => { }); return res.status(401).json({ error: "Incorrect password" }); } - const jwtSecret = process.env.JWT_SECRET || "secret"; - const token = jwt.sign({ userId: userRecord.id }, jwtSecret, { - expiresIn: "50d", - }); + // Check if legacy user needs encryption setup + try { + const kekSalt = await db + .select() + .from(settings) + .where(eq(settings.key, `user_kek_salt_${userRecord.id}`)); + + if (kekSalt.length === 0) { + // Legacy user first login - set up new encryption + await authManager.registerUser(userRecord.id, password); + authLogger.success("Legacy user encryption initialized", { + operation: "legacy_user_setup", + username, + userId: userRecord.id, + }); + } + } catch (setupError) { + authLogger.error("Failed to initialize user encryption", setupError, { + operation: "user_encryption_setup_failed", + username, + userId: userRecord.id, + }); + // Encryption setup failure should not block login for existing users + } + + // Unlock user data keys + const dataUnlocked = await authManager.authenticateUser(userRecord.id, password); + if (!dataUnlocked) { + authLogger.error("Failed to unlock user data during login", undefined, { + operation: "user_login_data_unlock_failed", + username, + userId: userRecord.id, + }); + return res.status(500).json({ + error: "Failed to unlock user data - please contact administrator" + }); + } + + // TOTP handling if (userRecord.totp_enabled) { - const tempToken = jwt.sign( - { userId: userRecord.id, pending_totp: true }, - jwtSecret, - { expiresIn: "10m" }, - ); + const tempToken = await authManager.generateJWTToken(userRecord.id, { + pendingTOTP: true, + expiresIn: "10m", + }); return res.json({ requires_totp: true, temp_token: tempToken, }); } + + // Generate normal JWT token + const token = await authManager.generateJWTToken(userRecord.id, { + expiresIn: "24h", + }); + + authLogger.success(`User logged in successfully: ${username}`, { + operation: "user_login_success", + username, + userId: userRecord.id, + dataUnlocked: true, + }); + return res.json({ token, is_admin: !!userRecord.is_admin, @@ -829,10 +955,36 @@ router.get("/me", authenticateJWT, async (req: Request, res: Response) => { } }); -// Route: Count users -// GET /users/count -router.get("/count", async (req, res) => { +// Route: Check if system requires initial setup (public - for first-time setup detection) +// GET /users/setup-required +router.get("/setup-required", async (req, res) => { try { + const countResult = db.$client + .prepare("SELECT COUNT(*) as count FROM users") + .get(); + const count = (countResult as any)?.count || 0; + + res.json({ + setup_required: count === 0, + // 不暴露具体用户数量,只返回是否需要初始化 + }); + } catch (err) { + authLogger.error("Failed to check setup status", err); + res.status(500).json({ error: "Failed to check setup status" }); + } +}); + +// Route: Count users (admin only - for dashboard statistics) +// GET /users/count +router.get("/count", authenticateJWT, async (req, res) => { + const userId = (req as any).userId; + try { + // 只有管理员可以查看用户统计 + const user = await db.select().from(users).where(eq(users.id, userId)); + if (!user[0] || !user[0].is_admin) { + return res.status(403).json({ error: "Admin access required" }); + } + const countResult = db.$client .prepare("SELECT COUNT(*) as count FROM users") .get(); @@ -846,7 +998,7 @@ router.get("/count", async (req, res) => { // Route: DB health check (actually queries DB) // GET /users/db-health -router.get("/db-health", async (req, res) => { +router.get("/db-health", requireAdmin, async (req, res) => { try { db.$client.prepare("SELECT 1").get(); res.json({ status: "ok" }); @@ -856,7 +1008,7 @@ router.get("/db-health", async (req, res) => { } }); -// Route: Get registration allowed status +// Route: Get registration allowed status (public - needed for login page) // GET /users/registration-allowed router.get("/registration-allowed", async (req, res) => { try { @@ -1245,11 +1397,9 @@ router.post("/totp/verify-login", async (req, res) => { return res.status(400).json({ error: "Token and TOTP code are required" }); } - const jwtSecret = process.env.JWT_SECRET || "secret"; - try { - const decoded = jwt.verify(temp_token, jwtSecret) as any; - if (!decoded.pending_totp) { + const decoded = await authManager.verifyJWTToken(temp_token); + if (!decoded || !decoded.pendingTOTP) { return res.status(401).json({ error: "Invalid temporary token" }); } @@ -1291,7 +1441,7 @@ router.post("/totp/verify-login", async (req, res) => { .where(eq(users.id, userRecord.id)); } - const token = jwt.sign({ userId: userRecord.id }, jwtSecret, { + const token = await authManager.generateJWTToken(userRecord.id, { expiresIn: "50d", }); @@ -1606,4 +1756,175 @@ router.delete("/delete-user", authenticateJWT, async (req, res) => { } }); +// ===== New security API endpoints ===== + +// Route: User data unlock - used when session expires +// POST /users/unlock-data +router.post("/unlock-data", authenticateJWT, async (req, res) => { + const userId = (req as any).userId; + const { password } = req.body; + + if (!password) { + return res.status(400).json({ error: "Password is required" }); + } + + try { + const unlocked = await authManager.authenticateUser(userId, password); + if (unlocked) { + authLogger.success("User data unlocked", { + operation: "user_data_unlock", + userId, + }); + res.json({ + success: true, + message: "Data unlocked successfully" + }); + } else { + authLogger.warn("Failed to unlock user data - invalid password", { + operation: "user_data_unlock_failed", + userId, + }); + res.status(401).json({ error: "Invalid password" }); + } + } catch (err) { + authLogger.error("Data unlock failed", err, { + operation: "user_data_unlock_error", + userId, + }); + res.status(500).json({ error: "Failed to unlock data" }); + } +}); + +// Route: Check user data unlock status +// GET /users/data-status +router.get("/data-status", authenticateJWT, async (req, res) => { + const userId = (req as any).userId; + + try { + const isUnlocked = authManager.isUserUnlocked(userId); + const userCrypto = UserCrypto.getInstance(); + const sessionStatus = { unlocked: isUnlocked }; + + res.json({ + isUnlocked, + session: sessionStatus, + }); + } catch (err) { + authLogger.error("Failed to get data status", err, { + operation: "data_status_error", + userId, + }); + res.status(500).json({ error: "Failed to get data status" }); + } +}); + +// Route: User logout (clear data session) +// POST /users/logout +router.post("/logout", authenticateJWT, async (req, res) => { + const userId = (req as any).userId; + + try { + authManager.logoutUser(userId); + authLogger.info("User logged out", { + operation: "user_logout", + userId, + }); + res.json({ message: "Logged out successfully" }); + } catch (err) { + authLogger.error("Logout failed", err, { + operation: "logout_error", + userId, + }); + res.status(500).json({ error: "Logout failed" }); + } +}); + +// Route: Change user password (re-encrypt data keys) +// POST /users/change-password +router.post("/change-password", authenticateJWT, async (req, res) => { + const userId = (req as any).userId; + const { currentPassword, newPassword } = req.body; + + if (!currentPassword || !newPassword) { + return res.status(400).json({ + error: "Current password and new password are required" + }); + } + + if (newPassword.length < 8) { + return res.status(400).json({ + error: "New password must be at least 8 characters long" + }); + } + + try { + // Verify current password and change + const success = await authManager.changeUserPassword( + userId, + currentPassword, + newPassword + ); + + if (success) { + // Also update password hash in database + const saltRounds = parseInt(process.env.SALT || "10", 10); + const newPasswordHash = await bcrypt.hash(newPassword, saltRounds); + await db + .update(users) + .set({ password_hash: newPasswordHash }) + .where(eq(users.id, userId)); + + authLogger.success("User password changed successfully", { + operation: "password_change_success", + userId, + }); + + res.json({ + success: true, + message: "Password changed successfully" + }); + } else { + authLogger.warn("Password change failed - invalid current password", { + operation: "password_change_failed", + userId, + }); + res.status(401).json({ error: "Current password is incorrect" }); + } + } catch (err) { + authLogger.error("Password change failed", err, { + operation: "password_change_error", + userId, + }); + res.status(500).json({ error: "Failed to change password" }); + } +}); + +// Route: Get security status (admin) +// GET /users/security-status +router.get("/security-status", authenticateJWT, async (req, res) => { + const userId = (req as any).userId; + + try { + const user = await db.select().from(users).where(eq(users.id, userId)); + if (!user || user.length === 0 || !user[0].is_admin) { + return res.status(403).json({ error: "Not authorized" }); + } + + // Simplified security status for new architecture + const securityStatus = { + initialized: true, + system: { hasSecret: true, isValid: true }, + activeSessions: {}, + activeSessionCount: 0 + }; + res.json(securityStatus); + } catch (err) { + authLogger.error("Failed to get security status", err, { + operation: "security_status_error", + userId, + }); + res.status(500).json({ error: "Failed to get security status" }); + } +}); + export default router; diff --git a/src/backend/ssh/file-manager.ts b/src/backend/ssh/file-manager.ts index a17f76e8..7a3fb816 100644 --- a/src/backend/ssh/file-manager.ts +++ b/src/backend/ssh/file-manager.ts @@ -1,19 +1,20 @@ import express from "express"; import cors from "cors"; import { Client as SSHClient } from "ssh2"; -import { db } from "../database/db/index.js"; +import { getDb } from "../database/db/index.js"; import { sshCredentials } from "../database/db/schema.js"; import { eq, and } from "drizzle-orm"; import { fileLogger } from "../utils/logger.js"; -import { EncryptedDBOperations } from "../utils/encrypted-db-operations.js"; +import { SimpleDBOps } from "../utils/simple-db-ops.js"; +import { AuthManager } from "../utils/auth-manager.js"; -// 可执行文件检测工具函数 +// Executable file detection utility function function isExecutableFile(permissions: string, fileName: string): boolean { - // 检查执行权限位 (user, group, other) + // Check execute permission bits (user, group, other) const hasExecutePermission = permissions[3] === "x" || permissions[6] === "x" || permissions[9] === "x"; - // 常见的脚本文件扩展名 + // Common script file extensions const scriptExtensions = [ ".sh", ".py", @@ -29,13 +30,13 @@ function isExecutableFile(permissions: string, fileName: string): boolean { fileName.toLowerCase().endsWith(ext), ); - // 常见的编译可执行文件(无扩展名或特定扩展名) + // Common compiled executable files (no extension or specific extensions) const executableExtensions = [".bin", ".exe", ".out"]; const hasExecutableExtension = executableExtensions.some((ext) => fileName.toLowerCase().endsWith(ext), ); - // 无扩展名且有执行权限的文件通常是可执行文件 + // Files with no extension and execute permission are usually executable files const hasNoExtension = !fileName.includes(".") && hasExecutePermission; return ( @@ -58,9 +59,13 @@ app.use( ], }), ); -app.use(express.json({ limit: "100mb" })); -app.use(express.urlencoded({ limit: "100mb", extended: true })); -app.use(express.raw({ limit: "200mb", type: "application/octet-stream" })); +app.use(express.json({ limit: "1gb" })); +app.use(express.urlencoded({ limit: "1gb", extended: true })); +app.use(express.raw({ limit: "5gb", type: "application/octet-stream" })); + +// Initialize AuthManager and add authentication middleware +const authManager = AuthManager.getInstance(); +app.use(authManager.createAuthMiddleware()); interface SSHSession { client: SSHClient; @@ -85,7 +90,14 @@ function cleanupSession(sessionId: string) { function scheduleSessionCleanup(sessionId: string) { const session = sshSessions[sessionId]; if (session) { + // Clear existing timeout if (session.timeout) clearTimeout(session.timeout); + + // Increase timeout to 30 minutes of inactivity + session.timeout = setTimeout(() => { + fileLogger.info(`Cleaning up inactive SSH session: ${sessionId}`); + cleanupSession(sessionId); + }, 30 * 60 * 1000); // 30 minutes - increased from 10 minutes } } @@ -101,9 +113,19 @@ app.post("/ssh/file_manager/ssh/connect", async (req, res) => { keyPassword, authType, credentialId, - userId, } = req.body; + // Use authenticated user ID from middleware + const userId = (req as any).userId; + + if (!userId) { + fileLogger.error("SSH connection rejected: no authenticated user", { + operation: "file_connect_auth", + sessionId, + }); + return res.status(401).json({ error: "Authentication required" }); + } + if (!sessionId || !ip || !username || !port) { fileLogger.warn("Missing SSH connection parameters for file manager", { operation: "file_connect", @@ -123,8 +145,8 @@ app.post("/ssh/file_manager/ssh/connect", async (req, res) => { let resolvedCredentials = { password, sshKey, keyPassword, authType }; if (credentialId && hostId && userId) { try { - const credentials = await EncryptedDBOperations.select( - db + const credentials = await SimpleDBOps.select( + getDb() .select() .from(sshCredentials) .where( @@ -134,6 +156,7 @@ app.post("/ssh/file_manager/ssh/connect", async (req, res) => { ), ), "ssh_credentials", + userId, ); if (credentials.length > 0) { @@ -176,9 +199,9 @@ app.post("/ssh/file_manager/ssh/connect", async (req, res) => { host: ip, port: port || 22, username, - readyTimeout: 0, + readyTimeout: 60000, keepaliveInterval: 30000, - keepaliveCountMax: 0, + keepaliveCountMax: 3, algorithms: { kex: [ "diffie-hellman-group14-sha256", @@ -201,7 +224,7 @@ app.post("/ssh/file_manager/ssh/connect", async (req, res) => { "aes256-cbc", "3des-cbc", ], - hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], + hmac: ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], compress: ["none", "zlib@openssh.com", "zlib"], }, }; @@ -259,6 +282,7 @@ app.post("/ssh/file_manager/ssh/connect", async (req, res) => { isConnected: true, lastActive: Date.now(), }; + scheduleSessionCleanup(sessionId); res.json({ status: "success", message: "SSH connection established" }); }); @@ -297,6 +321,41 @@ app.get("/ssh/file_manager/ssh/status", (req, res) => { res.json({ status: "success", connected: isConnected }); }); +// SSH keepalive endpoint - extends session timeout and verifies connection +app.post("/ssh/file_manager/ssh/keepalive", (req, res) => { + const { sessionId } = req.body; + + if (!sessionId) { + return res.status(400).json({ error: "Session ID is required" }); + } + + const session = sshSessions[sessionId]; + + if (!session || !session.isConnected) { + return res.status(400).json({ + error: "SSH session not found or not connected", + connected: false + }); + } + + // Update last active time and reschedule cleanup + session.lastActive = Date.now(); + scheduleSessionCleanup(sessionId); + + fileLogger.debug(`SSH session keepalive: ${sessionId}`, { + operation: "ssh_keepalive", + sessionId, + lastActive: session.lastActive, + }); + + res.json({ + status: "success", + connected: true, + message: "Session keepalive successful", + lastActive: session.lastActive + }); +}); + app.get("/ssh/file_manager/ssh/listFiles", (req, res) => { const sessionId = req.query.sessionId as string; const sshConn = sshSessions[sessionId]; @@ -351,12 +410,12 @@ app.get("/ssh/file_manager/ssh/listFiles", (req, res) => { const group = parts[3]; const size = parseInt(parts[4], 10); - // 日期可能占夨3个部分(月 日 时间)或者是(月 日 年) + // Date may occupy 3 parts (month day time) or (month day year) let dateStr = ""; let nameStartIndex = 8; if (parts[5] && parts[6] && parts[7]) { - // 常规格式: 月 日 时间/年 + // Regular format: month day time/year dateStr = `${parts[5]} ${parts[6]} ${parts[7]}`; } @@ -366,7 +425,7 @@ app.get("/ssh/file_manager/ssh/listFiles", (req, res) => { if (name === "." || name === "..") continue; - // 解析符号链接目标 + // Parse symbolic link target let actualName = name; let linkTarget = undefined; if (isLink && name.includes(" -> ")) { @@ -378,17 +437,17 @@ app.get("/ssh/file_manager/ssh/listFiles", (req, res) => { files.push({ name: actualName, type: isDirectory ? "directory" : isLink ? "link" : "file", - size: isDirectory ? undefined : size, // 目录不显示大小 + size: isDirectory ? undefined : size, // Directories don't show size modified: dateStr, permissions, owner, group, - linkTarget, // 符号链接的目标 - path: `${sshPath.endsWith("/") ? sshPath : sshPath + "/"}${actualName}`, // 添加完整路径 + linkTarget, // Symbolic link target + path: `${sshPath.endsWith("/") ? sshPath : sshPath + "/"}${actualName}`, // Add full path executable: !isDirectory && !isLink ? isExecutableFile(permissions, actualName) - : false, // 检测可执行文件 + : false, // Detect executable files }); } } @@ -484,8 +543,8 @@ app.get("/ssh/file_manager/ssh/readFile", (req, res) => { sshConn.lastActive = Date.now(); - // First check file size to prevent loading huge files - const MAX_READ_SIZE = 10 * 1024 * 1024; // 10MB - same as frontend limit + // Support large file reading - increased limit for better compatibility + const MAX_READ_SIZE = 500 * 1024 * 1024; // 500MB - much more reasonable limit const escapedPath = filePath.replace(/'/g, "'\"'\"'"); // Get file size first @@ -510,10 +569,20 @@ app.get("/ssh/file_manager/ssh/readFile", (req, res) => { sizeStream.on("close", (sizeCode) => { if (sizeCode !== 0) { + // Check if it's a file not found error (case-insensitive) + const errorLower = sizeErrorData.toLowerCase(); + const isFileNotFound = errorLower.includes("no such file or directory") || + errorLower.includes("cannot access") || + errorLower.includes("not found") || + errorLower.includes("resource not found"); + fileLogger.error(`File size check failed: ${sizeErrorData}`); return res - .status(500) - .json({ error: `Cannot check file size: ${sizeErrorData}` }); + .status(isFileNotFound ? 404 : 500) + .json({ + error: `Cannot check file size: ${sizeErrorData}`, + fileNotFound: isFileNotFound + }); } const fileSize = parseInt(sizeData.trim(), 10); @@ -563,9 +632,19 @@ app.get("/ssh/file_manager/ssh/readFile", (req, res) => { fileLogger.error( `SSH readFile command failed with code ${code}: ${errorData.replace(/\n/g, " ").trim()}`, ); + + // Check if it's a "file not found" error + const isFileNotFound = + errorData.includes("No such file or directory") || + errorData.includes("cannot access") || + errorData.includes("not found"); + return res - .status(500) - .json({ error: `Command failed: ${errorData}` }); + .status(isFileNotFound ? 404 : 500) + .json({ + error: `Command failed: ${errorData}`, + fileNotFound: isFileNotFound + }); } res.json({ content: data, path: filePath }); @@ -1492,8 +1571,22 @@ app.put("/ssh/file_manager/ssh/moveItem", async (req, res) => { const moveCommand = `mv '${escapedOldPath}' '${escapedNewPath}' && echo "SUCCESS" && exit 0`; + // Add timeout for move operation + const commandTimeout = setTimeout(() => { + if (!res.headersSent) { + res.status(408).json({ + error: "Move operation timed out. SSH connection may be unstable.", + toast: { + type: "error", + message: "Move operation timed out. SSH connection may be unstable.", + }, + }); + } + }, 60000); // 60 second timeout for move operations + sshConn.client.exec(moveCommand, (err, stream) => { if (err) { + clearTimeout(commandTimeout); fileLogger.error("SSH moveItem error:", err); if (!res.headersSent) { return res.status(500).json({ error: err.message }); @@ -1527,6 +1620,7 @@ app.put("/ssh/file_manager/ssh/moveItem", async (req, res) => { }); stream.on("close", (code) => { + clearTimeout(commandTimeout); if (outputData.includes("SUCCESS")) { if (!res.headersSent) { res.json({ @@ -1569,6 +1663,7 @@ app.put("/ssh/file_manager/ssh/moveItem", async (req, res) => { }); stream.on("error", (streamErr) => { + clearTimeout(commandTimeout); fileLogger.error("SSH moveItem stream error:", streamErr); if (!res.headersSent) { res.status(500).json({ error: `Stream error: ${streamErr.message}` }); @@ -1633,8 +1728,8 @@ app.post("/ssh/file_manager/ssh/downloadFile", async (req, res) => { .json({ error: "Cannot download directories or special files" }); } - // Check file size (limit to 100MB for safety) - const MAX_FILE_SIZE = 100 * 1024 * 1024; // 100MB + // Support large file downloads - increased limit for better compatibility + const MAX_FILE_SIZE = 5 * 1024 * 1024 * 1024; // 5GB - reasonable for SSH file operations if (stats.size > MAX_FILE_SIZE) { fileLogger.warn("File too large for download", { operation: "file_download", @@ -1705,66 +1800,26 @@ app.post("/ssh/file_manager/ssh/copyItem", async (req, res) => { // Extract source name const sourceName = sourcePath.split("/").pop() || "copied_item"; - // First check if source file exists - const escapedSourceForCheck = sourcePath.replace(/'/g, "'\"'\"'"); - const checkExistsCommand = `test -e '${escapedSourceForCheck}'`; - const checkExists = await new Promise((resolve) => { - sshConn.client.exec(checkExistsCommand, (err, stream) => { - if (err) { - fileLogger.error("File existence check error:", err); - resolve(false); - return; - } - - stream.on("close", (code) => { - fileLogger.info("File existence check completed", { - sourcePath, - exists: code === 0, - }); - resolve(code === 0); - }); - - stream.on("error", () => resolve(false)); - }); - }); - - if (!checkExists) { - return res.status(404).json({ - error: `Source file not found: ${sourcePath}`, - toast: { - type: "error", - message: `Source file not found: ${sourceName}`, - }, - }); - } - - // Use timestamp for uniqueness + // Linus principle: simplify - generate unique name directly without complex checks const timestamp = Date.now().toString().slice(-8); - const nameWithoutExt = sourceName.includes(".") - ? sourceName.substring(0, sourceName.lastIndexOf(".")) - : sourceName; - const extension = sourceName.includes(".") - ? sourceName.substring(sourceName.lastIndexOf(".")) - : ""; + const uniqueName = `${sourceName}_copy_${timestamp}`; + const targetPath = `${targetDir}/${uniqueName}`; - // Always use timestamp suffix to ensure uniqueness without SSH calls - const uniqueName = `${nameWithoutExt}_copy_${timestamp}${extension}`; - - fileLogger.info("Using timestamp-based unique name", { + fileLogger.info("Starting copy operation", { originalName: sourceName, uniqueName, + sourcePath, + targetPath, + sessionId, }); - const targetPath = `${targetDir}/${uniqueName}`; // Escape paths for shell commands const escapedSource = sourcePath.replace(/'/g, "'\"'\"'"); const escapedTarget = targetPath.replace(/'/g, "'\"'\"'"); - // Use cp with explicit flags to avoid hanging on prompts - // -f: force overwrite without prompting - // -r: recursive for directories - // -p: preserve timestamps, permissions - const copyCommand = `cp -fpr '${escapedSource}' '${escapedTarget}' 2>&1`; + // Linus principle: simplify - use basic cp command for reliability + // Just copy the file without complex flags that might cause issues + const copyCommand = `cp '${escapedSource}' '${escapedTarget}' && echo "COPY_SUCCESS"`; fileLogger.info("Starting file copy operation", { operation: "file_copy_start", @@ -1777,7 +1832,7 @@ app.post("/ssh/file_manager/ssh/copyItem", async (req, res) => { // Add timeout to prevent hanging const commandTimeout = setTimeout(() => { - fileLogger.error("Copy command timed out after 20 seconds", { + fileLogger.error("Copy command timed out after 60 seconds", { sourcePath, targetPath, command: copyCommand, @@ -1792,7 +1847,7 @@ app.post("/ssh/file_manager/ssh/copyItem", async (req, res) => { }, }); } - }, 20000); // 20 second timeout for better responsiveness + }, 60000); // 60 second timeout for large files sshConn.client.exec(copyCommand, (err, stream) => { if (err) { @@ -1864,27 +1919,54 @@ app.post("/ssh/file_manager/ssh/copyItem", async (req, res) => { return; } - fileLogger.success("Item copied successfully", { - operation: "file_copy", - sessionId, - sourcePath, - targetPath, - uniqueName, - hostId, - userId, - }); + // Verify copy completion with COPY_SUCCESS marker or exit code 0 + const copySuccessful = stdoutData.includes("COPY_SUCCESS") || code === 0; - if (!res.headersSent) { - res.json({ - message: "Item copied successfully", + if (copySuccessful) { + fileLogger.success("Item copied successfully", { + operation: "file_copy", + sessionId, sourcePath, targetPath, uniqueName, - toast: { - type: "success", - message: `Successfully copied to: ${uniqueName}`, - }, + hostId, + userId, }); + + if (!res.headersSent) { + res.json({ + message: "Item copied successfully", + sourcePath, + targetPath, + uniqueName, + toast: { + type: "success", + message: `Successfully copied to: ${uniqueName}`, + }, + }); + } + } else { + fileLogger.warn("Copy completed but without success confirmation", { + operation: "file_copy_uncertain", + sessionId, + sourcePath, + targetPath, + code, + stdoutData: stdoutData.substring(0, 200), + }); + + if (!res.headersSent) { + res.json({ + message: "Copy may have completed", + sourcePath, + targetPath, + uniqueName, + toast: { + type: "warning", + message: `Copy completed but verification uncertain for: ${uniqueName}`, + }, + }); + } } }); @@ -1933,7 +2015,7 @@ process.on("SIGTERM", () => { process.exit(0); }); -// 执行可执行文件 +// Execute executable file app.post("/ssh/file_manager/ssh/executeFile", async (req, res) => { const { sessionId, filePath, hostId, userId } = req.body; const sshConn = sshSessions[sessionId]; @@ -1957,7 +2039,7 @@ app.post("/ssh/file_manager/ssh/executeFile", async (req, res) => { const escapedPath = filePath.replace(/'/g, "'\"'\"'"); - // 检查文件是否存在且可执行 + // Check if file exists and is executable const checkCommand = `test -x '${escapedPath}' && echo "EXECUTABLE" || echo "NOT_EXECUTABLE"`; sshConn.client.exec(checkCommand, (checkErr, checkStream) => { @@ -1978,7 +2060,7 @@ app.post("/ssh/file_manager/ssh/executeFile", async (req, res) => { return res.status(400).json({ error: "File is not executable" }); } - // 执行文件 + // Execute file const executeCommand = `cd "$(dirname '${escapedPath}')" && '${escapedPath}' 2>&1; echo "EXIT_CODE:$?"`; fileLogger.info("Executing file", { @@ -2006,7 +2088,7 @@ app.post("/ssh/file_manager/ssh/executeFile", async (req, res) => { }); stream.on("close", (code) => { - // 从输出中提取退出代码 + // Extract exit code from output const exitCodeMatch = output.match(/EXIT_CODE:(\d+)$/); const actualExitCode = exitCodeMatch ? parseInt(exitCodeMatch[1]) @@ -2043,9 +2125,21 @@ app.post("/ssh/file_manager/ssh/executeFile", async (req, res) => { }); const PORT = 8084; -app.listen(PORT, () => { +app.listen(PORT, async () => { fileLogger.success("File Manager API server started", { operation: "server_start", port: PORT, }); + + // Initialize AuthManager for JWT verification + try { + await authManager.initialize(); + fileLogger.info("AuthManager initialized for file manager", { + operation: "auth_init", + }); + } catch (err) { + fileLogger.error("Failed to initialize AuthManager", err, { + operation: "auth_init_error", + }); + } }); diff --git a/src/backend/ssh/server-stats.ts b/src/backend/ssh/server-stats.ts index be393451..4c7141b9 100644 --- a/src/backend/ssh/server-stats.ts +++ b/src/backend/ssh/server-stats.ts @@ -2,11 +2,12 @@ import express from "express"; import net from "net"; import cors from "cors"; import { Client, type ConnectConfig } from "ssh2"; -import { db } from "../database/db/index.js"; +import { getDb } from "../database/db/index.js"; import { sshData, sshCredentials } from "../database/db/schema.js"; import { eq, and } from "drizzle-orm"; import { statsLogger } from "../utils/logger.js"; -import { EncryptedDBOperations } from "../utils/encrypted-db-operations.js"; +import { SimpleDBOps } from "../utils/simple-db-ops.js"; +import { AuthManager } from "../utils/auth-manager.js"; interface PooledConnection { client: Client; @@ -228,6 +229,7 @@ class MetricsCache { const connectionPool = new SSHConnectionPool(); const requestQueue = new RequestQueue(); const metricsCache = new MetricsCache(); +const authManager = AuthManager.getInstance(); type HostStatus = "online" | "offline"; @@ -303,19 +305,23 @@ app.use((req, res, next) => { }); app.use(express.json({ limit: "1mb" })); +// Add authentication middleware - Linus principle: eliminate special cases +app.use(authManager.createAuthMiddleware()); + const hostStatuses: Map = new Map(); -async function fetchAllHosts(): Promise { +async function fetchAllHosts(userId: string): Promise { try { - const hosts = await EncryptedDBOperations.select( - db.select().from(sshData), + const hosts = await SimpleDBOps.select( + getDb().select().from(sshData).where(eq(sshData.userId, userId)), "ssh_data", + userId, ); const hostsWithCredentials: SSHHostWithCredentials[] = []; for (const host of hosts) { try { - const hostWithCreds = await resolveHostCredentials(host); + const hostWithCreds = await resolveHostCredentials(host, userId); if (hostWithCreds) { hostsWithCredentials.push(hostWithCreds); } @@ -335,11 +341,13 @@ async function fetchAllHosts(): Promise { async function fetchHostById( id: number, + userId: string, ): Promise { try { - const hosts = await EncryptedDBOperations.select( - db.select().from(sshData).where(eq(sshData.id, id)), + const hosts = await SimpleDBOps.select( + getDb().select().from(sshData).where(and(eq(sshData.id, id), eq(sshData.userId, userId))), "ssh_data", + userId, ); if (hosts.length === 0) { @@ -347,7 +355,7 @@ async function fetchHostById( } const host = hosts[0]; - return await resolveHostCredentials(host); + return await resolveHostCredentials(host, userId); } catch (err) { statsLogger.error(`Failed to fetch host ${id}`, err); return undefined; @@ -356,6 +364,7 @@ async function fetchHostById( async function resolveHostCredentials( host: any, + userId: string, ): Promise { try { const baseHost: any = { @@ -387,17 +396,18 @@ async function resolveHostCredentials( if (host.credentialId) { try { - const credentials = await EncryptedDBOperations.select( - db + const credentials = await SimpleDBOps.select( + getDb() .select() .from(sshCredentials) .where( and( eq(sshCredentials.id, host.credentialId), - eq(sshCredentials.userId, host.userId), + eq(sshCredentials.userId, userId), ), ), "ssh_credentials", + userId, ); if (credentials.length > 0) { @@ -480,7 +490,31 @@ function buildSshConfig(host: SSHHostWithCredentials): ConnectConfig { port: host.port || 22, username: host.username || "root", readyTimeout: 10_000, - algorithms: {}, + algorithms: { + kex: [ + "diffie-hellman-group14-sha256", + "diffie-hellman-group14-sha1", + "diffie-hellman-group1-sha1", + "diffie-hellman-group-exchange-sha256", + "diffie-hellman-group-exchange-sha1", + "ecdh-sha2-nistp256", + "ecdh-sha2-nistp384", + "ecdh-sha2-nistp521", + ], + cipher: [ + "aes128-ctr", + "aes192-ctr", + "aes256-ctr", + "aes128-gcm@openssh.com", + "aes256-gcm@openssh.com", + "aes128-cbc", + "aes192-cbc", + "aes256-cbc", + "3des-cbc", + ], + hmac: ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], + compress: ["none", "zlib@openssh.com", "zlib"], + }, } as ConnectConfig; if (host.authType === "password") { @@ -809,11 +843,19 @@ function tcpPing( }); } -async function pollStatusesOnce(): Promise { - const hosts = await fetchAllHosts(); +async function pollStatusesOnce(userId?: string): Promise { + if (!userId) { + statsLogger.warn("Skipping status poll - no authenticated user", { + operation: "status_poll", + }); + return; + } + + const hosts = await fetchAllHosts(userId); if (hosts.length === 0) { statsLogger.warn("No hosts retrieved for status polling", { operation: "status_poll", + userId, }); return; } @@ -845,8 +887,10 @@ async function pollStatusesOnce(): Promise { } app.get("/status", async (req, res) => { + const userId = (req as any).userId; + if (hostStatuses.size === 0) { - await pollStatusesOnce(); + await pollStatusesOnce(userId); } const result: Record = {}; for (const [id, entry] of hostStatuses.entries()) { @@ -857,9 +901,10 @@ app.get("/status", async (req, res) => { app.get("/status/:id", validateHostId, async (req, res) => { const id = Number(req.params.id); + const userId = (req as any).userId; try { - const host = await fetchHostById(id); + const host = await fetchHostById(id, userId); if (!host) { return res.status(404).json({ error: "Host not found" }); } @@ -880,15 +925,17 @@ app.get("/status/:id", validateHostId, async (req, res) => { }); app.post("/refresh", async (req, res) => { - await pollStatusesOnce(); + const userId = (req as any).userId; + await pollStatusesOnce(userId); res.json({ message: "Refreshed" }); }); app.get("/metrics/:id", validateHostId, async (req, res) => { const id = Number(req.params.id); + const userId = (req as any).userId; try { - const host = await fetchHostById(id); + const host = await fetchHostById(id, userId); if (!host) { return res.status(404).json({ error: "Host not found" }); } @@ -947,11 +994,21 @@ app.listen(PORT, async () => { operation: "server_start", port: PORT, }); + + // Initialize AuthManager for JWT verification try { - await pollStatusesOnce(); + await authManager.initialize(); + statsLogger.info("AuthManager initialized for metrics collection", { + operation: "auth_init", + }); } catch (err) { - statsLogger.error("Initial poll failed", err, { - operation: "initial_poll", + statsLogger.error("Failed to initialize AuthManager", err, { + operation: "auth_init_error", }); } + + // Skip initial poll - requires user authentication + statsLogger.info("Server ready - status polling will begin with first authenticated request", { + operation: "server_ready", + }); }); diff --git a/src/backend/ssh/terminal.ts b/src/backend/ssh/terminal.ts index c109dfba..b341ebc9 100644 --- a/src/backend/ssh/terminal.ts +++ b/src/backend/ssh/terminal.ts @@ -1,34 +1,220 @@ import { WebSocketServer, WebSocket, type RawData } from "ws"; import { Client, type ClientChannel, type PseudoTtyOptions } from "ssh2"; -import { db } from "../database/db/index.js"; +import { parse as parseUrl } from "url"; +import { getDb } from "../database/db/index.js"; import { sshCredentials } from "../database/db/schema.js"; import { eq, and } from "drizzle-orm"; import { sshLogger } from "../utils/logger.js"; -import { EncryptedDBOperations } from "../utils/encrypted-db-operations.js"; +import { SimpleDBOps } from "../utils/simple-db-ops.js"; +import { AuthManager } from "../utils/auth-manager.js"; +import { UserCrypto } from "../utils/user-crypto.js"; -const wss = new WebSocketServer({ port: 8082 }); +// Get auth instances +const authManager = AuthManager.getInstance(); +const userCrypto = UserCrypto.getInstance(); -sshLogger.success("SSH Terminal WebSocket server started", { - operation: "server_start", +// Track user connections for rate limiting +const userConnections = new Map>(); + +const wss = new WebSocketServer({ port: 8082, + // WebSocket authentication during handshake + verifyClient: async (info) => { + try { + const url = parseUrl(info.req.url!, true); + const token = url.query.token as string; + + if (!token) { + sshLogger.warn("WebSocket connection rejected: missing token", { + operation: "websocket_auth_reject", + reason: "missing_token", + ip: info.req.socket.remoteAddress + }); + return false; + } + + const payload = await authManager.verifyJWTToken(token); + + if (!payload) { + sshLogger.warn("WebSocket connection rejected: invalid token", { + operation: "websocket_auth_reject", + reason: "invalid_token", + ip: info.req.socket.remoteAddress + }); + return false; + } + + // Check for TOTP pending (should not allow terminal access during TOTP) + if (payload.pendingTOTP) { + sshLogger.warn("WebSocket connection rejected: TOTP verification pending", { + operation: "websocket_auth_reject", + reason: "totp_pending", + userId: payload.userId, + ip: info.req.socket.remoteAddress + }); + return false; + } + + // Check connection limits per user (max 3 concurrent connections) + const existingConnections = userConnections.get(payload.userId); + if (existingConnections && existingConnections.size >= 3) { + sshLogger.warn("WebSocket connection rejected: too many connections", { + operation: "websocket_auth_reject", + reason: "connection_limit", + userId: payload.userId, + currentConnections: existingConnections.size, + ip: info.req.socket.remoteAddress + }); + return false; + } + + // Note: We don't need to attach user info to request anymore + // Connection handler will re-verify JWT directly from URL + + sshLogger.info("WebSocket connection authenticated", { + operation: "websocket_auth_success", + userId: payload.userId, + ip: info.req.socket.remoteAddress + }); + + return true; + } catch (error) { + sshLogger.error("WebSocket authentication error", error, { + operation: "websocket_auth_error", + ip: info.req.socket.remoteAddress + }); + return false; + } + } }); -wss.on("connection", (ws: WebSocket) => { +sshLogger.success("SSH Terminal WebSocket server started with authentication", { + operation: "server_start", + port: 8082, + features: ["JWT_auth", "connection_limits", "data_access_control"] +}); + +wss.on("connection", async (ws: WebSocket, req) => { + // Linus principle: eliminate complexity - always parse JWT from URL directly + let userId: string | undefined; + let userPayload: any; + + try { + const url = parseUrl(req.url!, true); + const token = url.query.token as string; + + if (!token) { + sshLogger.warn("WebSocket connection rejected: missing token in connection", { + operation: "websocket_connection_reject", + reason: "missing_token", + ip: req.socket.remoteAddress + }); + ws.close(1008, "Authentication required"); + return; + } + + const payload = await authManager.verifyJWTToken(token); + if (!payload) { + sshLogger.warn("WebSocket connection rejected: invalid token in connection", { + operation: "websocket_connection_reject", + reason: "invalid_token", + ip: req.socket.remoteAddress + }); + ws.close(1008, "Authentication required"); + return; + } + + userId = payload.userId; + userPayload = payload; + + } catch (error) { + sshLogger.error("WebSocket JWT verification failed during connection", error, { + operation: "websocket_connection_auth_error", + ip: req.socket.remoteAddress + }); + ws.close(1008, "Authentication required"); + return; + } + + // Check data access permissions + const dataKey = userCrypto.getUserDataKey(userId); + if (!dataKey) { + sshLogger.warn("WebSocket connection rejected: data locked", { + operation: "websocket_data_locked", + userId, + ip: req.socket.remoteAddress + }); + ws.send(JSON.stringify({ + type: "error", + message: "Data locked - re-authenticate with password", + code: "DATA_LOCKED" + })); + ws.close(1008, "Data access required"); + return; + } + + // Track user connections for limits + if (!userConnections.has(userId)) { + userConnections.set(userId, new Set()); + } + const userWs = userConnections.get(userId)!; + userWs.add(ws); + + sshLogger.info("WebSocket connection established", { + operation: "websocket_connection_established", + userId, + userConnections: userWs.size, + ip: req.socket.remoteAddress + }); + let sshConn: Client | null = null; let sshStream: ClientChannel | null = null; let pingInterval: NodeJS.Timeout | null = null; ws.on("close", () => { + // Clean up user connection tracking + const userWs = userConnections.get(userId); + if (userWs) { + userWs.delete(ws); + if (userWs.size === 0) { + userConnections.delete(userId); + } + } + + sshLogger.info("WebSocket connection closed", { + operation: "websocket_connection_closed", + userId, + remainingConnections: userWs?.size || 0 + }); + cleanupSSH(); }); ws.on("message", (msg: RawData) => { + // Verify user still has data access before processing any messages + const currentDataKey = userCrypto.getUserDataKey(userId); + if (!currentDataKey) { + sshLogger.warn("WebSocket message rejected: data access expired", { + operation: "websocket_message_rejected", + userId, + reason: "data_access_expired" + }); + ws.send(JSON.stringify({ + type: "error", + message: "Data access expired - please re-authenticate", + code: "DATA_EXPIRED" + })); + ws.close(1008, "Data access expired"); + return; + } + let parsed: any; try { parsed = JSON.parse(msg.toString()); } catch (e) { sshLogger.error("Invalid JSON received", e, { - operation: "websocket_message", + operation: "websocket_message_invalid_json", + userId, messageLength: msg.toString().length, }); ws.send(JSON.stringify({ type: "error", message: "Invalid JSON" })); @@ -39,9 +225,14 @@ wss.on("connection", (ws: WebSocket) => { switch (type) { case "connectToHost": + // Ensure userId is attached to hostConfig for secure credential resolution + if (data.hostConfig) { + data.hostConfig.userId = userId; + } handleConnectToHost(data).catch((error) => { sshLogger.error("Failed to connect to host", error, { operation: "ssh_connect", + userId, hostId: data.hostConfig?.id, ip: data.hostConfig?.ip, }); @@ -82,7 +273,8 @@ wss.on("connection", (ws: WebSocket) => { default: sshLogger.warn("Unknown message type received", { - operation: "websocket_message", + operation: "websocket_message_unknown_type", + userId, messageType: type, }); } @@ -187,21 +379,21 @@ wss.on("connection", (ws: WebSocket) => { hasCredentialId: !!credentialId, }); - if (password) { - sshLogger.debug(`Password preview: "${password.substring(0, 15)}..."`, { - operation: "terminal_ssh_password", - }); - } else { - sshLogger.debug(`No password provided`, { - operation: "terminal_ssh_password", - }); - } + // SECURITY: Never log password information - removed password preview logging + sshLogger.debug(`SSH authentication setup`, { + operation: "terminal_ssh_auth_setup", + userId, + hostId: id, + authType, + hasPassword: !!password, + hasCredentialId: !!credentialId, + }); let resolvedCredentials = { password, key, keyPassword, keyType, authType }; if (credentialId && id && hostConfig.userId) { try { - const credentials = await EncryptedDBOperations.select( - db + const credentials = await SimpleDBOps.select( + getDb() .select() .from(sshCredentials) .where( @@ -211,6 +403,7 @@ wss.on("connection", (ws: WebSocket) => { ), ), "ssh_credentials", + hostConfig.userId, ); if (credentials.length > 0) { @@ -443,7 +636,7 @@ wss.on("connection", (ws: WebSocket) => { "aes256-cbc", "3des-cbc", ], - hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], + hmac: ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], compress: ["none", "zlib@openssh.com", "zlib"], }, }; diff --git a/src/backend/ssh/tunnel.ts b/src/backend/ssh/tunnel.ts index 78daa7e3..6c79b86b 100644 --- a/src/backend/ssh/tunnel.ts +++ b/src/backend/ssh/tunnel.ts @@ -3,7 +3,7 @@ import cors from "cors"; import { Client } from "ssh2"; import { ChildProcess } from "child_process"; import axios from "axios"; -import { db } from "../database/db/index.js"; +import { getDb } from "../database/db/index.js"; import { sshCredentials } from "../database/db/schema.js"; import { eq, and } from "drizzle-orm"; import type { @@ -15,6 +15,7 @@ import type { } from "../../types/index.js"; import { CONNECTION_STATES } from "../../types/index.js"; import { tunnelLogger } from "../utils/logger.js"; +import { SystemCrypto } from "../utils/system-crypto.js"; const app = express(); app.use( @@ -43,6 +44,8 @@ const verificationTimers = new Map(); const activeRetryTimers = new Map(); const countdownIntervals = new Map(); const retryExhaustedTunnels = new Set(); +const cleanupInProgress = new Set(); +const tunnelConnecting = new Set(); const tunnelConfigs = new Map(); const activeTunnelProcesses = new Map(); @@ -123,16 +126,37 @@ function getTunnelMarker(tunnelName: string) { return `TUNNEL_MARKER_${tunnelName.replace(/[^a-zA-Z0-9]/g, "_")}`; } -function cleanupTunnelResources(tunnelName: string): void { +function cleanupTunnelResources(tunnelName: string, forceCleanup = false): void { + tunnelLogger.info(`Cleaning up resources for tunnel '${tunnelName}' (force=${forceCleanup})`); + + // Prevent concurrent cleanup operations + if (cleanupInProgress.has(tunnelName)) { + tunnelLogger.info(`Cleanup already in progress for '${tunnelName}', skipping`); + return; + } + + // Protect connecting tunnels unless forced + if (!forceCleanup && tunnelConnecting.has(tunnelName)) { + tunnelLogger.info(`Tunnel '${tunnelName}' is connecting, skipping cleanup (use force=true to override)`); + return; + } + + cleanupInProgress.add(tunnelName); + const tunnelConfig = tunnelConfigs.get(tunnelName); if (tunnelConfig) { killRemoteTunnelByMarker(tunnelConfig, tunnelName, (err) => { + cleanupInProgress.delete(tunnelName); if (err) { tunnelLogger.error( `Failed to kill remote tunnel for '${tunnelName}': ${err.message}`, ); + } else { + tunnelLogger.info(`Successfully cleaned up remote tunnel processes for '${tunnelName}'`); } }); + } else { + cleanupInProgress.delete(tunnelName); } if (activeTunnelProcesses.has(tunnelName)) { @@ -154,6 +178,7 @@ function cleanupTunnelResources(tunnelName: string): void { try { const conn = activeTunnels.get(tunnelName); if (conn) { + tunnelLogger.info(`Closing SSH2 connection for tunnel '${tunnelName}'`); conn.end(); } } catch (e) { @@ -163,6 +188,7 @@ function cleanupTunnelResources(tunnelName: string): void { ); } activeTunnels.delete(tunnelName); + tunnelLogger.info(`Removed tunnel '${tunnelName}' from activeTunnels`); } if (tunnelVerifications.has(tunnelName)) { @@ -203,6 +229,8 @@ function cleanupTunnelResources(tunnelName: string): void { function resetRetryState(tunnelName: string): void { retryCounters.delete(tunnelName); retryExhaustedTunnels.delete(tunnelName); + cleanupInProgress.delete(tunnelName); + tunnelConnecting.delete(tunnelName); if (activeRetryTimers.has(tunnelName)) { clearTimeout(activeRetryTimers.get(tunnelName)!); @@ -394,7 +422,11 @@ async function connectSSHTunnel( return; } - cleanupTunnelResources(tunnelName); + // Mark tunnel as connecting to protect from cleanup + tunnelConnecting.add(tunnelName); + + // Force cleanup any existing resources before new connection + cleanupTunnelResources(tunnelName, true); if (retryAttempt === 0) { retryExhaustedTunnels.delete(tunnelName); @@ -441,7 +473,7 @@ async function connectSSHTunnel( if (tunnelConfig.sourceCredentialId && tunnelConfig.sourceUserId) { try { - const credentials = await db + const credentials = await getDb() .select() .from(sshCredentials) .where( @@ -485,9 +517,35 @@ async function connectSSHTunnel( authMethod: tunnelConfig.endpointAuthMethod, }; + tunnelLogger.info(`Source credentials for '${tunnelName}': authMethod=${resolvedSourceCredentials.authMethod}, hasPassword=${!!resolvedSourceCredentials.password}, hasSSHKey=${!!resolvedSourceCredentials.sshKey}`); + tunnelLogger.info(`Final endpoint credentials for '${tunnelName}': authMethod=${resolvedEndpointCredentials.authMethod}, hasPassword=${!!resolvedEndpointCredentials.password}, hasSSHKey=${!!resolvedEndpointCredentials.sshKey}, credentialId=${tunnelConfig.endpointCredentialId}`); + + // Validate that we have usable endpoint credentials + if (resolvedEndpointCredentials.authMethod === "password" && !resolvedEndpointCredentials.password) { + const errorMessage = `Cannot connect tunnel '${tunnelName}': endpoint host requires password authentication but no plaintext password available. Enable autostart for endpoint host or configure credentials in tunnel connection.`; + tunnelLogger.error(errorMessage); + broadcastTunnelStatus(tunnelName, { + connected: false, + status: CONNECTION_STATES.FAILED, + reason: errorMessage, + }); + return; + } + + if (resolvedEndpointCredentials.authMethod === "key" && !resolvedEndpointCredentials.sshKey) { + const errorMessage = `Cannot connect tunnel '${tunnelName}': endpoint host requires key authentication but no plaintext key available. Enable autostart for endpoint host or configure credentials in tunnel connection.`; + tunnelLogger.error(errorMessage); + broadcastTunnelStatus(tunnelName, { + connected: false, + status: CONNECTION_STATES.FAILED, + reason: errorMessage, + }); + return; + } + if (tunnelConfig.endpointCredentialId && tunnelConfig.endpointUserId) { try { - const credentials = await db + const credentials = await getDb() .select() .from(sshCredentials) .where( @@ -506,6 +564,7 @@ async function connectSSHTunnel( keyType: credential.keyType, authMethod: credential.authType, }; + tunnelLogger.info(`Resolved endpoint credentials from DB for '${tunnelName}': authMethod=${resolvedEndpointCredentials.authMethod}, hasPassword=${!!resolvedEndpointCredentials.password}, hasSSHKey=${!!resolvedEndpointCredentials.sshKey}`); } else { tunnelLogger.warn("No endpoint credentials found in database", { operation: "tunnel_connect", @@ -555,6 +614,9 @@ async function connectSSHTunnel( clearTimeout(connectionTimeout); tunnelLogger.error(`SSH error for '${tunnelName}': ${err.message}`); + // Clear connecting state on error + tunnelConnecting.delete(tunnelName); + if (activeRetryTimers.has(tunnelName)) { return; } @@ -583,6 +645,9 @@ async function connectSSHTunnel( conn.on("close", () => { clearTimeout(connectionTimeout); + // Clear connecting state on close + tunnelConnecting.delete(tunnelName); + if (activeRetryTimers.has(tunnelName)) { return; } @@ -620,11 +685,13 @@ async function connectSSHTunnel( resolvedEndpointCredentials.sshKey ) { const keyFilePath = `/tmp/tunnel_key_${tunnelName.replace(/[^a-zA-Z0-9]/g, "_")}`; - tunnelCmd = `echo '${resolvedEndpointCredentials.sshKey}' > ${keyFilePath} && chmod 600 ${keyFilePath} && ssh -i ${keyFilePath} -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker} && rm -f ${keyFilePath}`; + tunnelCmd = `echo '${resolvedEndpointCredentials.sshKey}' > ${keyFilePath} && chmod 600 ${keyFilePath} && exec -a "${tunnelMarker}" ssh -i ${keyFilePath} -v -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -o GatewayPorts=yes -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} && rm -f ${keyFilePath}`; } else { - tunnelCmd = `sshpass -p '${resolvedEndpointCredentials.password || ""}' ssh -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker}`; + tunnelCmd = `exec -a "${tunnelMarker}" sshpass -p '${resolvedEndpointCredentials.password || ""}' ssh -v -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -o GatewayPorts=yes -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP}`; } + tunnelLogger.info(`Executing tunnel command for '${tunnelName}': ${tunnelCmd.replace(/sshpass -p '[^']*'/g, 'sshpass -p [HIDDEN]').replace(/echo '[^']*'/g, 'echo [HIDDEN]')}`); + conn.exec(tunnelCmd, (err, stream) => { if (err) { tunnelLogger.error( @@ -651,6 +718,9 @@ async function connectSSHTunnel( !manualDisconnects.has(tunnelName) && activeTunnels.has(tunnelName) ) { + // Clear connecting state on successful connection + tunnelConnecting.delete(tunnelName); + broadcastTunnelStatus(tunnelName, { connected: true, status: CONNECTION_STATES.CONNECTED, @@ -722,12 +792,52 @@ async function connectSSHTunnel( } }); - stream.stdout?.on("data", (data: Buffer) => {}); + stream.stdout?.on("data", (data: Buffer) => { + const output = data.toString().trim(); + if (output) { + tunnelLogger.info(`SSH stdout for '${tunnelName}': ${output}`); + } + }); stream.on("error", (err: Error) => {}); stream.stderr.on("data", (data) => { const errorMsg = data.toString().trim(); + if (errorMsg) { + tunnelLogger.error(`SSH stderr for '${tunnelName}': ${errorMsg}`); + + // Check for specific SSH errors + if (errorMsg.includes("sshpass: command not found") || errorMsg.includes("sshpass not found")) { + broadcastTunnelStatus(tunnelName, { + connected: false, + status: CONNECTION_STATES.FAILED, + reason: "sshpass tool not found on source host. Please install sshpass or use SSH key authentication.", + }); + } + + // Check for port forwarding errors + if (errorMsg.includes("remote port forwarding failed") || errorMsg.includes("Error: remote port forwarding failed")) { + const portMatch = errorMsg.match(/listen port (\d+)/); + const port = portMatch ? portMatch[1] : tunnelConfig.endpointPort; + + tunnelLogger.error(`Port forwarding failed for tunnel '${tunnelName}' on port ${port}. This prevents tunnel establishment.`); + + // Close the connection immediately to prevent retries + if (activeTunnels.has(tunnelName)) { + const conn = activeTunnels.get(tunnelName); + if (conn) { + conn.end(); + } + activeTunnels.delete(tunnelName); + } + + broadcastTunnelStatus(tunnelName, { + connected: false, + status: CONNECTION_STATES.FAILED, + reason: `Remote port forwarding failed for port ${port}. Port may be in use, requires root privileges, or SSH server doesn't allow port forwarding. Try a different port.`, + }); + } + } }); }); }); @@ -763,7 +873,7 @@ async function connectSSHTunnel( "aes256-cbc", "3des-cbc", ], - hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], + hmac: ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], compress: ["none", "zlib@openssh.com", "zlib"], }, }; @@ -827,12 +937,54 @@ async function connectSSHTunnel( conn.connect(connOptions); } -function killRemoteTunnelByMarker( +async function killRemoteTunnelByMarker( tunnelConfig: TunnelConfig, tunnelName: string, callback: (err?: Error) => void, ) { const tunnelMarker = getTunnelMarker(tunnelName); + tunnelLogger.info(`Attempting to kill remote tunnel processes with marker '${tunnelMarker}' on source host ${tunnelConfig.sourceIP}`); + + // Resolve source credentials using same logic as main tunnel connection + let resolvedSourceCredentials = { + password: tunnelConfig.sourcePassword, + sshKey: tunnelConfig.sourceSSHKey, + keyPassword: tunnelConfig.sourceKeyPassword, + keyType: tunnelConfig.sourceKeyType, + authMethod: tunnelConfig.sourceAuthMethod, + }; + + if (tunnelConfig.sourceCredentialId && tunnelConfig.sourceUserId) { + try { + const credentials = await getDb() + .select() + .from(sshCredentials) + .where( + and( + eq(sshCredentials.id, tunnelConfig.sourceCredentialId), + eq(sshCredentials.userId, tunnelConfig.sourceUserId), + ), + ); + + if (credentials.length > 0) { + const credential = credentials[0]; + resolvedSourceCredentials = { + password: credential.password, + sshKey: credential.privateKey || credential.key, + keyPassword: credential.keyPassword, + keyType: credential.keyType, + authMethod: credential.authType, + }; + } + } catch (error) { + tunnelLogger.warn("Failed to resolve source credentials for cleanup", { + tunnelName, + credentialId: tunnelConfig.sourceCredentialId, + error: error instanceof Error ? error.message : "Unknown error", + }); + } + } + const conn = new Client(); const connOptions: any = { host: tunnelConfig.sourceIP, @@ -865,52 +1017,142 @@ function killRemoteTunnelByMarker( "aes256-cbc", "3des-cbc", ], - hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], + hmac: ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-md5"], compress: ["none", "zlib@openssh.com", "zlib"], }, }; - if (tunnelConfig.sourceAuthMethod === "key" && tunnelConfig.sourceSSHKey) { + + if ( + resolvedSourceCredentials.authMethod === "key" && + resolvedSourceCredentials.sshKey + ) { if ( - !tunnelConfig.sourceSSHKey.includes("-----BEGIN") || - !tunnelConfig.sourceSSHKey.includes("-----END") + !resolvedSourceCredentials.sshKey.includes("-----BEGIN") || + !resolvedSourceCredentials.sshKey.includes("-----END") ) { callback(new Error("Invalid SSH key format")); return; } - const cleanKey = tunnelConfig.sourceSSHKey + const cleanKey = resolvedSourceCredentials.sshKey .trim() .replace(/\r\n/g, "\n") .replace(/\r/g, "\n"); connOptions.privateKey = Buffer.from(cleanKey, "utf8"); - if (tunnelConfig.sourceKeyPassword) { - connOptions.passphrase = tunnelConfig.sourceKeyPassword; + if (resolvedSourceCredentials.keyPassword) { + connOptions.passphrase = resolvedSourceCredentials.keyPassword; } - if (tunnelConfig.sourceKeyType && tunnelConfig.sourceKeyType !== "auto") { - connOptions.privateKeyType = tunnelConfig.sourceKeyType; + if ( + resolvedSourceCredentials.keyType && + resolvedSourceCredentials.keyType !== "auto" + ) { + connOptions.privateKeyType = resolvedSourceCredentials.keyType; } } else { - connOptions.password = tunnelConfig.sourcePassword; + connOptions.password = resolvedSourceCredentials.password; } + conn.on("ready", () => { - const killCmd = `pkill -f '${tunnelMarker}'`; - conn.exec(killCmd, (err, stream) => { - if (err) { - conn.end(); - callback(err); - return; - } - stream.on("close", () => { - conn.end(); - callback(); + // First, check for existing processes and get their PIDs + const checkCmd = `ps aux | grep -E '(${tunnelMarker}|ssh.*-R.*${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort}.*${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP}|sshpass.*ssh.*-R.*${tunnelConfig.endpointPort})' | grep -v grep`; + + conn.exec(checkCmd, (err, stream) => { + let foundProcesses = false; + + stream.on("data", (data) => { + const output = data.toString().trim(); + if (output) { + foundProcesses = true; + tunnelLogger.info(`Found running tunnel processes for '${tunnelName}': ${output}`); + } + }); + + stream.on("close", () => { + if (!foundProcesses) { + tunnelLogger.info(`No running tunnel processes found for '${tunnelName}', cleanup not needed`); + conn.end(); + callback(); + return; + } + + // Execute kill commands sequentially for better control + const killCmds = [ + `pkill -TERM -f '${tunnelMarker}'`, + `sleep 1 && pkill -f 'ssh.*-R.*${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort}.*${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP}'`, + `sleep 1 && pkill -f 'sshpass.*ssh.*-R.*${tunnelConfig.endpointPort}'`, + `sleep 2 && pkill -9 -f '${tunnelMarker}'`, // Force kill after delay + ]; + + let commandIndex = 0; + + function executeNextKillCommand() { + if (commandIndex >= killCmds.length) { + // Final verification + conn.exec(checkCmd, (err, verifyStream) => { + let stillRunning = false; + + verifyStream.on("data", (data) => { + const output = data.toString().trim(); + if (output) { + stillRunning = true; + tunnelLogger.warn(`Processes still running after cleanup for '${tunnelName}': ${output}`); + } + }); + + verifyStream.on("close", () => { + if (!stillRunning) { + tunnelLogger.info(`All tunnel processes successfully terminated for '${tunnelName}'`); + } else { + tunnelLogger.warn(`Some tunnel processes may still be running for '${tunnelName}'`); + } + conn.end(); + callback(); + }); + }); + return; + } + + const killCmd = killCmds[commandIndex]; + + conn.exec(killCmd, (err, stream) => { + if (err) { + tunnelLogger.warn(`Kill command ${commandIndex + 1} failed for '${tunnelName}': ${err.message}`); + } else { + tunnelLogger.info(`Executed kill command ${commandIndex + 1} for '${tunnelName}': ${killCmd.replace(/sleep \d+ && /, '')}`); + } + + stream.on("close", (code) => { + tunnelLogger.info(`Kill command ${commandIndex + 1} completed with code ${code} for '${tunnelName}'`); + commandIndex++; + executeNextKillCommand(); + }); + + stream.on("data", (data) => { + const output = data.toString().trim(); + if (output) { + tunnelLogger.info(`Kill command ${commandIndex + 1} output for '${tunnelName}': ${output}`); + } + }); + + stream.stderr.on("data", (data) => { + const output = data.toString().trim(); + if (output && !output.includes("debug1")) { + tunnelLogger.warn(`Kill command ${commandIndex + 1} stderr for '${tunnelName}': ${output}`); + } + }); + }); + } + + executeNextKillCommand(); }); - stream.on("data", () => {}); - stream.stderr.on("data", () => {}); }); }); + conn.on("error", (err) => { + tunnelLogger.error(`Failed to connect to source host for killing tunnel '${tunnelName}': ${err.message}`); callback(err); }); + conn.connect(connOptions); } @@ -938,6 +1180,10 @@ app.post("/ssh/tunnel/connect", (req, res) => { const tunnelName = tunnelConfig.name; + // Clean up any existing resources before starting new connection + tunnelLogger.info(`Starting new connection for '${tunnelName}', cleaning up any existing resources`); + cleanupTunnelResources(tunnelName); + manualDisconnects.delete(tunnelName); retryCounters.delete(tunnelName); retryExhaustedTunnels.delete(tunnelName); @@ -969,6 +1215,10 @@ app.post("/ssh/tunnel/disconnect", (req, res) => { activeRetryTimers.delete(tunnelName); } + // Immediately clean up active connections (force cleanup) + tunnelLogger.info(`Manual disconnect requested for '${tunnelName}', cleaning up resources`); + cleanupTunnelResources(tunnelName, true); + broadcastTunnelStatus(tunnelName, { connected: false, status: CONNECTION_STATES.DISCONNECTED, @@ -1005,6 +1255,10 @@ app.post("/ssh/tunnel/cancel", (req, res) => { countdownIntervals.delete(tunnelName); } + // Immediately clean up active connections for cancel operation too (force cleanup) + tunnelLogger.info(`Cancel requested for '${tunnelName}', cleaning up resources`); + cleanupTunnelResources(tunnelName, true); + broadcastTunnelStatus(tunnelName, { connected: false, status: CONNECTION_STATES.DISCONNECTED, @@ -1023,49 +1277,95 @@ app.post("/ssh/tunnel/cancel", (req, res) => { async function initializeAutoStartTunnels(): Promise { try { - const response = await axios.get( + // Get internal auth token from SystemCrypto + const systemCrypto = SystemCrypto.getInstance(); + const internalAuthToken = await systemCrypto.getInternalAuthToken(); + + // Get autostart hosts for tunnel configs + const autostartResponse = await axios.get( "http://localhost:8081/ssh/db/host/internal", { headers: { "Content-Type": "application/json", - "X-Internal-Request": "1", + "X-Internal-Auth-Token": internalAuthToken, }, }, ); - const hosts: SSHHost[] = response.data || []; + // Get all hosts for endpointHost resolution + const allHostsResponse = await axios.get( + "http://localhost:8081/ssh/db/host/internal/all", + { + headers: { + "Content-Type": "application/json", + "X-Internal-Auth-Token": internalAuthToken, + }, + }, + ); + + const autostartHosts: SSHHost[] = autostartResponse.data || []; + const allHosts: SSHHost[] = allHostsResponse.data || []; const autoStartTunnels: TunnelConfig[] = []; - for (const host of hosts) { + tunnelLogger.info(`Found ${autostartHosts.length} autostart hosts and ${allHosts.length} total hosts for endpointHost resolution`); + + for (const host of autostartHosts) { if (host.enableTunnel && host.tunnelConnections) { for (const tunnelConnection of host.tunnelConnections) { if (tunnelConnection.autoStart) { - const endpointHost = hosts.find( + const endpointHost = allHosts.find( (h) => h.name === tunnelConnection.endpointHost || `${h.username}@${h.ip}` === tunnelConnection.endpointHost, ); if (endpointHost) { + tunnelLogger.info(`Setting up tunnel credentials for '${host.name || `${host.username}@${host.ip}`}' -> '${endpointHost.name || `${endpointHost.username}@${endpointHost.ip}`}': sourceAutostart=${!!host.autostartPassword}, endpointAutostart=${!!endpointHost.autostartPassword}, endpointEncrypted=${!!endpointHost.password}`); + + // Debug: Log actual credential availability + tunnelLogger.info(`Source host credentials debug:`, { + hostId: host.id, + hasAutostartPassword: !!host.autostartPassword, + hasAutostartKey: !!host.autostartKey, + hasEncryptedPassword: !!host.password, + hasEncryptedKey: !!host.key, + authType: host.authType + }); + + tunnelLogger.info(`Endpoint host credentials debug:`, { + hostId: endpointHost.id, + hasAutostartPassword: !!endpointHost.autostartPassword, + hasAutostartKey: !!endpointHost.autostartKey, + hasEncryptedPassword: !!endpointHost.password, + hasEncryptedKey: !!endpointHost.key, + authType: endpointHost.authType + }); + const tunnelConfig: TunnelConfig = { name: `${host.name || `${host.username}@${host.ip}`}_${tunnelConnection.sourcePort}_${tunnelConnection.endpointPort}`, hostName: host.name || `${host.username}@${host.ip}`, sourceIP: host.ip, sourceSSHPort: host.port, sourceUsername: host.username, - sourcePassword: host.password, + // Prefer autostart credentials for source host, fallback to encrypted credentials + sourcePassword: host.autostartPassword || host.password, sourceAuthMethod: host.authType, - sourceSSHKey: host.key, - sourceKeyPassword: host.keyPassword, + sourceSSHKey: host.autostartKey || host.key, + sourceKeyPassword: host.autostartKeyPassword || host.keyPassword, sourceKeyType: host.keyType, + sourceCredentialId: host.credentialId, + sourceUserId: host.userId, endpointIP: endpointHost.ip, endpointSSHPort: endpointHost.port, endpointUsername: endpointHost.username, - endpointPassword: endpointHost.password, - endpointAuthMethod: endpointHost.authType, - endpointSSHKey: endpointHost.key, - endpointKeyPassword: endpointHost.keyPassword, - endpointKeyType: endpointHost.keyType, + // Prefer TunnelConnection credentials, then autostart credentials, fallback to encrypted credentials + endpointPassword: tunnelConnection.endpointPassword || endpointHost.autostartPassword || endpointHost.password, + endpointAuthMethod: tunnelConnection.endpointAuthType || endpointHost.authType, + endpointSSHKey: tunnelConnection.endpointKey || endpointHost.autostartKey || endpointHost.key, + endpointKeyPassword: tunnelConnection.endpointKeyPassword || endpointHost.autostartKeyPassword || endpointHost.keyPassword, + endpointKeyType: tunnelConnection.endpointKeyType || endpointHost.keyType, + endpointCredentialId: endpointHost.credentialId, + endpointUserId: endpointHost.userId, sourcePort: tunnelConnection.sourcePort, endpointPort: tunnelConnection.endpointPort, maxRetries: tunnelConnection.maxRetries, @@ -1074,7 +1374,25 @@ async function initializeAutoStartTunnels(): Promise { isPinned: host.pin, }; + // Validate source and endpoint credentials availability + const hasSourcePassword = host.autostartPassword; + const hasSourceKey = host.autostartKey; + const hasEndpointPassword = tunnelConnection.endpointPassword || endpointHost.autostartPassword; + const hasEndpointKey = tunnelConnection.endpointKey || endpointHost.autostartKey; + + if (!hasSourcePassword && !hasSourceKey) { + tunnelLogger.warn(`Tunnel '${tunnelConfig.name}' may fail: source host '${host.name || `${host.username}@${host.ip}`}' has no plaintext credentials. Enable autostart for this host to use unattended tunneling.`); + } + + if (!hasEndpointPassword && !hasEndpointKey) { + tunnelLogger.warn(`Tunnel '${tunnelConfig.name}' may fail: endpoint host '${endpointHost.name || `${endpointHost.username}@${endpointHost.ip}`}' has no plaintext credentials. Consider enabling autostart for this host or configuring credentials in tunnel connection.`); + } + autoStartTunnels.push(tunnelConfig); + } else { + tunnelLogger.error( + `Failed to find endpointHost '${tunnelConnection.endpointHost}' for tunnel from ${host.name || `${host.username}@${host.ip}`}. Available hosts: ${allHosts.map(h => h.name || `${h.username}@${h.ip}`).join(', ')}`, + ); } } } diff --git a/src/backend/starter.ts b/src/backend/starter.ts index 7b7db47f..bdcd3002 100644 --- a/src/backend/starter.ts +++ b/src/backend/starter.ts @@ -1,30 +1,150 @@ // npx tsc -p tsconfig.node.json // node ./dist/backend/starter.js -import "./database/database.js"; -import { DatabaseEncryption } from "./utils/database-encryption.js"; -import { systemLogger, versionLogger } from "./utils/logger.js"; import "dotenv/config"; +import dotenv from "dotenv"; +import { promises as fs } from "fs"; +import path from "path"; +import { AutoSSLSetup } from "./utils/auto-ssl-setup.js"; +import { AuthManager } from "./utils/auth-manager.js"; +import { DataCrypto } from "./utils/data-crypto.js"; +import { SystemCrypto } from "./utils/system-crypto.js"; +import { systemLogger, versionLogger } from "./utils/logger.js"; (async () => { try { + // Load persistent .env file from config directory if available (Docker) + if (process.env.NODE_ENV === 'production') { + try { + await fs.access('/app/config/.env'); + dotenv.config({ path: '/app/config/.env' }); + systemLogger.info("Loaded persistent configuration from /app/config/.env", { + operation: "config_load" + }); + } catch { + // Config file doesn't exist yet, will be created on first run + systemLogger.info("No persistent config found, will create on first run", { + operation: "config_init" + }); + } + } + const version = process.env.VERSION || "unknown"; versionLogger.info(`Termix Backend starting - Version: ${version}`, { operation: "startup", version: version, }); + // Auto-initialize SSL/TLS configuration + await AutoSSLSetup.initialize(); + + // Initialize database first - required before other services + systemLogger.info("Initializing database...", { + operation: "database_init" + }); + const dbModule = await import("./database/db/index.js"); + await dbModule.databaseReady; + systemLogger.success("Database initialized successfully", { + operation: "database_init_complete" + }); + + // Production environment security checks + if (process.env.NODE_ENV === 'production') { + systemLogger.info("Running production environment security checks...", { + operation: "security_checks", + }); + + const securityIssues: string[] = []; + + // Check JWT and database keys (auto-generated if missing - warnings only) + if (!process.env.JWT_SECRET) { + systemLogger.warn("JWT_SECRET not set - using auto-generated keys (consider setting for production)", { + operation: "security_warning", + note: "Auto-generated keys are secure but not persistent across deployments" + }); + } else if (process.env.JWT_SECRET.length < 64) { + securityIssues.push("JWT_SECRET should be at least 64 characters in production"); + } + + if (!process.env.DATABASE_KEY) { + systemLogger.warn("DATABASE_KEY not set - using auto-generated keys (consider setting for production)", { + operation: "security_warning", + note: "Auto-generated keys are secure but not persistent across deployments" + }); + } else if (process.env.DATABASE_KEY.length < 64) { + securityIssues.push("DATABASE_KEY should be at least 64 characters in production"); + } + + if (!process.env.INTERNAL_AUTH_TOKEN) { + systemLogger.warn("INTERNAL_AUTH_TOKEN not set - using auto-generated token (consider setting for production)", { + operation: "security_warning", + note: "Auto-generated tokens are secure but not persistent across deployments" + }); + } else if (process.env.INTERNAL_AUTH_TOKEN.length < 32) { + securityIssues.push("INTERNAL_AUTH_TOKEN should be at least 32 characters in production"); + } + + // Check database file encryption + if (process.env.DB_FILE_ENCRYPTION === 'false') { + securityIssues.push("Database file encryption should be enabled in production"); + } + + + // Check CORS configuration warning + systemLogger.warn("Production deployment detected - ensure CORS is properly configured", { + operation: "security_checks", + warning: "Verify frontend domain whitelist" + }); + + if (securityIssues.length > 0) { + systemLogger.error("SECURITY ISSUES DETECTED IN PRODUCTION:", { + operation: "security_checks_failed", + issues: securityIssues, + }); + for (const issue of securityIssues) { + systemLogger.error(`- ${issue}`, { operation: "security_issue" }); + } + systemLogger.error("Fix these issues before running in production!", { + operation: "security_checks_failed", + }); + process.exit(1); + } + + systemLogger.success("Production security checks passed", { + operation: "security_checks_complete", + }); + } + systemLogger.info("Initializing backend services...", { operation: "startup", + environment: process.env.NODE_ENV || "development", }); - // Initialize database encryption before other services - await DatabaseEncryption.initialize(); - systemLogger.info("Database encryption initialized", { - operation: "encryption_init", + // Initialize simplified authentication system + const authManager = AuthManager.getInstance(); + await authManager.initialize(); + DataCrypto.initialize(); + + // Initialize system crypto keys (JWT, Database, Internal Auth) + const systemCrypto = SystemCrypto.getInstance(); + await systemCrypto.initializeJWTSecret(); + await systemCrypto.initializeDatabaseKey(); + await systemCrypto.initializeInternalAuthToken(); + + systemLogger.info("Security system initialized (KEK-DEK architecture + SystemCrypto)", { + operation: "security_init", }); - // Load modules that depend on encryption after initialization + // Load database-dependent modules after database initialization + systemLogger.info("Starting database API server...", { + operation: "api_server_init" + }); + await import("./database/database.js"); + + // Load modules that depend on database and encryption + systemLogger.info("Starting SSH services...", { + operation: "ssh_services_init" + }); await import("./ssh/terminal.js"); await import("./ssh/tunnel.js"); await import("./ssh/file-manager.js"); @@ -43,6 +163,9 @@ import "dotenv/config"; version: version, }); + // Display SSL configuration info + AutoSSLSetup.logSSLInfo(); + process.on("SIGINT", () => { systemLogger.info( "Received SIGINT signal, initiating graceful shutdown...", diff --git a/src/backend/utils/auth-manager.ts b/src/backend/utils/auth-manager.ts new file mode 100644 index 00000000..7efadecb --- /dev/null +++ b/src/backend/utils/auth-manager.ts @@ -0,0 +1,298 @@ +import jwt from "jsonwebtoken"; +import { UserCrypto } from "./user-crypto.js"; +import { SystemCrypto } from "./system-crypto.js"; +import { DataCrypto } from "./data-crypto.js"; +import { databaseLogger } from "./logger.js"; +import type { Request, Response, NextFunction } from "express"; + +interface AuthenticationResult { + success: boolean; + token?: string; + userId?: string; + isAdmin?: boolean; + username?: string; + requiresTOTP?: boolean; + tempToken?: string; + error?: string; +} + +interface JWTPayload { + userId: string; + pendingTOTP?: boolean; + iat?: number; + exp?: number; +} + +/** + * AuthManager - Simplified authentication manager + * + * Responsibilities: + * - JWT generation and validation + * - Authentication middleware + * - User login/logout + * + * No more two-layer sessions - use UserKeyManager directly + */ +class AuthManager { + private static instance: AuthManager; + private systemCrypto: SystemCrypto; + private userCrypto: UserCrypto; + + private constructor() { + this.systemCrypto = SystemCrypto.getInstance(); + this.userCrypto = UserCrypto.getInstance(); + } + + static getInstance(): AuthManager { + if (!this.instance) { + this.instance = new AuthManager(); + } + return this.instance; + } + + /** + * Initialize authentication system + */ + async initialize(): Promise { + await this.systemCrypto.initializeJWTSecret(); + databaseLogger.info("AuthManager initialized", { + operation: "auth_init" + }); + } + + /** + * User registration + */ + async registerUser(userId: string, password: string): Promise { + await this.userCrypto.setupUserEncryption(userId, password); + } + + /** + * User login with lazy encryption migration + */ + async authenticateUser(userId: string, password: string): Promise { + const authenticated = await this.userCrypto.authenticateUser(userId, password); + + if (authenticated) { + // Trigger lazy encryption migration for user's sensitive fields + await this.performLazyEncryptionMigration(userId); + } + + return authenticated; + } + + /** + * Perform lazy encryption migration for user's sensitive data + * This runs asynchronously after successful login + */ + private async performLazyEncryptionMigration(userId: string): Promise { + try { + const userDataKey = this.getUserDataKey(userId); + if (!userDataKey) { + databaseLogger.warn("Cannot perform lazy encryption migration - user data key not available", { + operation: "lazy_encryption_migration_no_key", + userId, + }); + return; + } + + // Import database connection - need to access raw SQLite for migration + const { getSqlite, saveMemoryDatabaseToFile, databaseReady } = await import("../database/db/index.js"); + + // Ensure database is fully initialized before accessing SQLite + await databaseReady; + const sqlite = getSqlite(); + + // Perform the migration + const migrationResult = await DataCrypto.migrateUserSensitiveFields( + userId, + userDataKey, + sqlite + ); + + if (migrationResult.migrated) { + // Save the in-memory database to disk to persist the migration + await saveMemoryDatabaseToFile(); + + databaseLogger.success("Lazy encryption migration completed for user", { + operation: "lazy_encryption_migration_success", + userId, + migratedTables: migrationResult.migratedTables, + migratedFieldsCount: migrationResult.migratedFieldsCount, + }); + } else { + databaseLogger.debug("No lazy encryption migration needed for user", { + operation: "lazy_encryption_migration_not_needed", + userId, + }); + } + + } catch (error) { + // Log error but don't fail the login process + databaseLogger.error("Lazy encryption migration failed", error, { + operation: "lazy_encryption_migration_error", + userId, + error: error instanceof Error ? error.message : "Unknown error", + }); + } + } + + /** + * Generate JWT Token + */ + async generateJWTToken( + userId: string, + options: { expiresIn?: string; pendingTOTP?: boolean } = {} + ): Promise { + const jwtSecret = await this.systemCrypto.getJWTSecret(); + + const payload: JWTPayload = { userId }; + if (options.pendingTOTP) { + payload.pendingTOTP = true; + } + + return jwt.sign(payload, jwtSecret, { + expiresIn: options.expiresIn || "24h" + } as jwt.SignOptions); + } + + /** + * Verify JWT Token + */ + async verifyJWTToken(token: string): Promise { + try { + const jwtSecret = await this.systemCrypto.getJWTSecret(); + const payload = jwt.verify(token, jwtSecret) as JWTPayload; + return payload; + } catch (error) { + databaseLogger.warn("JWT verification failed", { + operation: "jwt_verify_failed", + error: error instanceof Error ? error.message : 'Unknown error', + }); + return null; + } + } + + /** + * Authentication middleware + */ + createAuthMiddleware() { + return async (req: Request, res: Response, next: NextFunction) => { + const authHeader = req.headers["authorization"]; + if (!authHeader?.startsWith("Bearer ")) { + return res.status(401).json({ error: "Missing Authorization header" }); + } + + const token = authHeader.split(" ")[1]; + const payload = await this.verifyJWTToken(token); + + if (!payload) { + return res.status(401).json({ error: "Invalid token" }); + } + + (req as any).userId = payload.userId; + (req as any).pendingTOTP = payload.pendingTOTP; + next(); + }; + } + + /** + * Data access middleware - requires user to have unlocked data + */ + createDataAccessMiddleware() { + return async (req: Request, res: Response, next: NextFunction) => { + const userId = (req as any).userId; + if (!userId) { + return res.status(401).json({ error: "Authentication required" }); + } + + const dataKey = this.userCrypto.getUserDataKey(userId); + if (!dataKey) { + return res.status(423).json({ + error: "Data locked - re-authenticate with password", + code: "DATA_LOCKED" + }); + } + + (req as any).dataKey = dataKey; + next(); + }; + } + + /** + * Admin middleware - requires user to be authenticated and have admin privileges + */ + createAdminMiddleware() { + return async (req: Request, res: Response, next: NextFunction) => { + const authHeader = req.headers["authorization"]; + if (!authHeader?.startsWith("Bearer ")) { + return res.status(401).json({ error: "Missing Authorization header" }); + } + + const token = authHeader.split(" ")[1]; + const payload = await this.verifyJWTToken(token); + + if (!payload) { + return res.status(401).json({ error: "Invalid token" }); + } + + // Check if user is admin + try { + const { db } = await import("../database/db/index.js"); + const { users } = await import("../database/db/schema.js"); + const { eq } = await import("drizzle-orm"); + + const user = await db.select().from(users).where(eq(users.id, payload.userId)); + + if (!user || user.length === 0 || !user[0].is_admin) { + databaseLogger.warn("Non-admin user attempted to access admin endpoint", { + operation: "admin_access_denied", + userId: payload.userId, + endpoint: req.path, + }); + return res.status(403).json({ error: "Admin access required" }); + } + + (req as any).userId = payload.userId; + (req as any).pendingTOTP = payload.pendingTOTP; + next(); + } catch (error) { + databaseLogger.error("Failed to verify admin privileges", error, { + operation: "admin_check_failed", + userId: payload.userId, + }); + return res.status(500).json({ error: "Failed to verify admin privileges" }); + } + }; + } + + /** + * User logout + */ + logoutUser(userId: string): void { + this.userCrypto.logoutUser(userId); + } + + /** + * Get user data key + */ + getUserDataKey(userId: string): Buffer | null { + return this.userCrypto.getUserDataKey(userId); + } + + /** + * Check if user is unlocked + */ + isUserUnlocked(userId: string): boolean { + return this.userCrypto.isUserUnlocked(userId); + } + + /** + * Change user password + */ + async changeUserPassword(userId: string, oldPassword: string, newPassword: string): Promise { + return await this.userCrypto.changeUserPassword(userId, oldPassword, newPassword); + } +} + +export { AuthManager, type AuthenticationResult, type JWTPayload }; \ No newline at end of file diff --git a/src/backend/utils/auto-ssl-setup.ts b/src/backend/utils/auto-ssl-setup.ts new file mode 100644 index 00000000..786b7a5d --- /dev/null +++ b/src/backend/utils/auto-ssl-setup.ts @@ -0,0 +1,261 @@ +import { execSync } from "child_process"; +import { promises as fs } from "fs"; +import path from "path"; +import crypto from "crypto"; +import { systemLogger } from "./logger.js"; + +/** + * Auto SSL Setup - Optional SSL certificate generation for Termix + * + * Linus principle: Simple defaults, optional security features + * - SSL disabled by default to avoid setup complexity + * - Auto-generates SSL certificates when enabled + * - Uses container-appropriate paths + * - Users can enable SSL by setting ENABLE_SSL=true + */ +export class AutoSSLSetup { + private static readonly SSL_DIR = path.join(process.cwd(), "ssl"); + private static readonly CERT_FILE = path.join(AutoSSLSetup.SSL_DIR, "termix.crt"); + private static readonly KEY_FILE = path.join(AutoSSLSetup.SSL_DIR, "termix.key"); + private static readonly ENV_FILE = path.join(process.cwd(), ".env"); + + /** + * Initialize SSL setup automatically during system startup + */ + static async initialize(): Promise { + try { + systemLogger.info("🔐 Initializing SSL/TLS configuration...", { + operation: "ssl_auto_init" + }); + + // Check if SSL is already properly configured + if (await this.isSSLConfigured()) { + systemLogger.info("✅ SSL configuration already exists and is valid", { + operation: "ssl_already_configured" + }); + return; + } + + // Auto-generate SSL certificates + await this.generateSSLCertificates(); + + // Setup environment variables for SSL + await this.setupEnvironmentVariables(); + + systemLogger.success("🚀 SSL/TLS configuration completed successfully", { + operation: "ssl_auto_init_complete", + https_port: process.env.SSL_PORT || "8443", + note: "HTTPS/WSS is now enabled by default" + }); + + } catch (error) { + systemLogger.error("❌ Failed to initialize SSL configuration", error, { + operation: "ssl_auto_init_failed" + }); + + // Don't crash the application - fallback to HTTP + systemLogger.warn("⚠️ Falling back to HTTP-only mode", { + operation: "ssl_fallback_http" + }); + } + } + + /** + * Check if SSL is already properly configured + */ + private static async isSSLConfigured(): Promise { + try { + // Check if certificate files exist + await fs.access(this.CERT_FILE); + await fs.access(this.KEY_FILE); + + // Check if certificate is still valid (at least 30 days) + const result = execSync(`openssl x509 -in "${this.CERT_FILE}" -checkend 2592000 -noout`, { + stdio: 'pipe' + }); + + return true; + } catch { + return false; + } + } + + /** + * Generate SSL certificates automatically + */ + private static async generateSSLCertificates(): Promise { + systemLogger.info("🔑 Generating SSL certificates for local development...", { + operation: "ssl_cert_generation" + }); + + try { + // Create SSL directory + await fs.mkdir(this.SSL_DIR, { recursive: true }); + + // Create OpenSSL config for comprehensive certificate + const configFile = path.join(this.SSL_DIR, "openssl.conf"); + const opensslConfig = ` +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn +req_extensions = v3_req + +[dn] +C=US +ST=State +L=City +O=Termix +OU=IT Department +CN=localhost + +[v3_req] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +DNS.2 = 127.0.0.1 +DNS.3 = *.localhost +DNS.4 = termix.local +DNS.5 = *.termix.local +IP.1 = 127.0.0.1 +IP.2 = ::1 + `.trim(); + + await fs.writeFile(configFile, opensslConfig); + + // Generate private key + execSync(`openssl genrsa -out "${this.KEY_FILE}" 2048`, { stdio: 'pipe' }); + + // Generate certificate + execSync(`openssl req -new -x509 -key "${this.KEY_FILE}" -out "${this.CERT_FILE}" -days 365 -config "${configFile}" -extensions v3_req`, { + stdio: 'pipe' + }); + + // Set proper permissions + await fs.chmod(this.KEY_FILE, 0o600); + await fs.chmod(this.CERT_FILE, 0o644); + + // Clean up temp config + await fs.unlink(configFile); + + systemLogger.success("✅ SSL certificates generated successfully", { + operation: "ssl_cert_generated", + cert_path: this.CERT_FILE, + key_path: this.KEY_FILE, + valid_days: 365 + }); + + } catch (error) { + throw new Error(`SSL certificate generation failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + } + } + + /** + * Setup environment variables for SSL configuration + */ + private static async setupEnvironmentVariables(): Promise { + systemLogger.info("⚙️ Configuring SSL environment variables...", { + operation: "ssl_env_setup" + }); + + // Use container paths in production, local paths in development + const isProduction = process.env.NODE_ENV === "production"; + const certPath = isProduction ? "/app/ssl/termix.crt" : this.CERT_FILE; + const keyPath = isProduction ? "/app/ssl/termix.key" : this.KEY_FILE; + + const sslEnvVars = { + ENABLE_SSL: "false", // Disable SSL by default to avoid setup issues + SSL_PORT: process.env.SSL_PORT || "8443", + SSL_CERT_PATH: certPath, + SSL_KEY_PATH: keyPath, + SSL_DOMAIN: "localhost" + }; + + // Check if .env file exists + let envContent = ""; + try { + envContent = await fs.readFile(this.ENV_FILE, 'utf8'); + } catch { + // .env doesn't exist, will create new one + } + + // Update or add SSL variables + let updatedContent = envContent; + let hasChanges = false; + + for (const [key, value] of Object.entries(sslEnvVars)) { + const regex = new RegExp(`^${key}=.*$`, 'm'); + + if (regex.test(updatedContent)) { + // Update existing variable + updatedContent = updatedContent.replace(regex, `${key}=${value}`); + } else { + // Add new variable + if (!updatedContent.includes(`# SSL Configuration`)) { + updatedContent += `\n# SSL Configuration (Auto-generated)\n`; + } + updatedContent += `${key}=${value}\n`; + hasChanges = true; + } + } + + // Write updated .env file if there are changes + if (hasChanges || !envContent) { + await fs.writeFile(this.ENV_FILE, updatedContent.trim() + '\n'); + + systemLogger.info("✅ SSL environment variables configured", { + operation: "ssl_env_configured", + file: this.ENV_FILE, + variables: Object.keys(sslEnvVars) + }); + } + + // Update process.env for current session + for (const [key, value] of Object.entries(sslEnvVars)) { + process.env[key] = value; + } + } + + /** + * Get SSL configuration for nginx/server + */ + static getSSLConfig() { + return { + enabled: process.env.ENABLE_SSL === "true", + port: parseInt(process.env.SSL_PORT || "8443"), + certPath: process.env.SSL_CERT_PATH || this.CERT_FILE, + keyPath: process.env.SSL_KEY_PATH || this.KEY_FILE, + domain: process.env.SSL_DOMAIN || "localhost" + }; + } + + /** + * Display SSL setup information + */ + static logSSLInfo(): void { + const config = this.getSSLConfig(); + + if (config.enabled) { + console.log(` +╔══════════════════════════════════════════════════════════════╗ +║ 🔒 Termix SSL/TLS Enabled ║ +╠══════════════════════════════════════════════════════════════╣ +║ HTTPS Port: ${config.port.toString().padEnd(47)} ║ +║ HTTP Port: ${(process.env.PORT || "8080").padEnd(47)} ║ +║ Domain: ${config.domain.padEnd(47)} ║ +║ ║ +║ 🌐 Access URLs: ║ +║ • HTTPS: https://localhost:${config.port.toString().padEnd(31)} ║ +║ • HTTP: http://localhost:${(process.env.PORT || "8080").padEnd(32)} ║ +║ ║ +║ 🔐 WebSocket connections automatically use WSS over HTTPS ║ +║ ⚠️ Self-signed certificate will show browser warnings ║ +╚══════════════════════════════════════════════════════════════╝ + `); + } + } +} \ No newline at end of file diff --git a/src/backend/utils/data-crypto.ts b/src/backend/utils/data-crypto.ts new file mode 100644 index 00000000..512a68af --- /dev/null +++ b/src/backend/utils/data-crypto.ts @@ -0,0 +1,313 @@ +import { FieldCrypto } from "./field-crypto.js"; +import { LazyFieldEncryption } from "./lazy-field-encryption.js"; +import { UserCrypto } from "./user-crypto.js"; +import { databaseLogger } from "./logger.js"; + +/** + * DataCrypto - Simplified database encryption + * + * Linus principles: + * - Remove all "backward compatibility" garbage + * - Remove all special case handling + * - Data is either properly encrypted or operation fails + * - No legacy data concept + */ +class DataCrypto { + private static userCrypto: UserCrypto; + + static initialize() { + this.userCrypto = UserCrypto.getInstance(); + databaseLogger.info("DataCrypto initialized - no legacy compatibility", { + operation: "data_crypto_init", + }); + } + + /** + * Encrypt record - simple and direct + */ + static encryptRecord(tableName: string, record: any, userId: string, userDataKey: Buffer): any { + const encryptedRecord = { ...record }; + const recordId = record.id || 'temp-' + Date.now(); + + for (const [fieldName, value] of Object.entries(record)) { + if (FieldCrypto.shouldEncryptField(tableName, fieldName) && value) { + encryptedRecord[fieldName] = FieldCrypto.encryptField( + value as string, + userDataKey, + recordId, + fieldName + ); + } + } + + return encryptedRecord; + } + + /** + * Decrypt record with lazy encryption support + * Handles both encrypted and plaintext fields (from migration) + */ + static decryptRecord(tableName: string, record: any, userId: string, userDataKey: Buffer): any { + if (!record) return record; + + const decryptedRecord = { ...record }; + const recordId = record.id; + + for (const [fieldName, value] of Object.entries(record)) { + if (FieldCrypto.shouldEncryptField(tableName, fieldName) && value) { + // Use lazy encryption to handle both plaintext and encrypted data + decryptedRecord[fieldName] = LazyFieldEncryption.safeGetFieldValue( + value as string, + userDataKey, + recordId, + fieldName + ); + } + } + + return decryptedRecord; + } + + /** + * Batch decrypt + */ + static decryptRecords(tableName: string, records: any[], userId: string, userDataKey: Buffer): any[] { + if (!Array.isArray(records)) return records; + return records.map((record) => this.decryptRecord(tableName, record, userId, userDataKey)); + } + + /** + * Migrate user's plaintext sensitive fields to encrypted format + * Called during user login to gradually encrypt legacy data + */ + static async migrateUserSensitiveFields( + userId: string, + userDataKey: Buffer, + db: any + ): Promise<{ + migrated: boolean; + migratedTables: string[]; + migratedFieldsCount: number; + }> { + let migrated = false; + const migratedTables: string[] = []; + let migratedFieldsCount = 0; + + try { + databaseLogger.info("Starting user sensitive fields migration", { + operation: "user_sensitive_migration_start", + userId, + }); + + // Check if migration is needed + const { needsMigration, plaintextFields } = await LazyFieldEncryption.checkUserNeedsMigration( + userId, + userDataKey, + db + ); + + if (!needsMigration) { + databaseLogger.info("No migration needed for user", { + operation: "user_sensitive_migration_not_needed", + userId, + }); + return { migrated: false, migratedTables: [], migratedFieldsCount: 0 }; + } + + databaseLogger.info("User requires sensitive field migration", { + operation: "user_sensitive_migration_required", + userId, + plaintextFieldsCount: plaintextFields.length, + }); + + // Process ssh_data table + const sshDataRecords = db.prepare("SELECT * FROM ssh_data WHERE user_id = ?").all(userId); + for (const record of sshDataRecords) { + const sensitiveFields = LazyFieldEncryption.getSensitiveFieldsForTable('ssh_data'); + const { updatedRecord, migratedFields, needsUpdate } = LazyFieldEncryption.migrateRecordSensitiveFields( + record, + sensitiveFields, + userDataKey, + record.id.toString() + ); + + if (needsUpdate) { + // Update the record in database + const updateQuery = ` + UPDATE ssh_data + SET password = ?, key = ?, key_password = ?, updated_at = CURRENT_TIMESTAMP + WHERE id = ? + `; + db.prepare(updateQuery).run( + updatedRecord.password || null, + updatedRecord.key || null, + updatedRecord.key_password || null, + record.id + ); + + migratedFieldsCount += migratedFields.length; + if (!migratedTables.includes('ssh_data')) { + migratedTables.push('ssh_data'); + } + migrated = true; + } + } + + // Process ssh_credentials table + const sshCredentialsRecords = db.prepare("SELECT * FROM ssh_credentials WHERE user_id = ?").all(userId); + for (const record of sshCredentialsRecords) { + const sensitiveFields = LazyFieldEncryption.getSensitiveFieldsForTable('ssh_credentials'); + const { updatedRecord, migratedFields, needsUpdate } = LazyFieldEncryption.migrateRecordSensitiveFields( + record, + sensitiveFields, + userDataKey, + record.id.toString() + ); + + if (needsUpdate) { + // Update the record in database + const updateQuery = ` + UPDATE ssh_credentials + SET password = ?, key = ?, key_password = ?, private_key = ?, updated_at = CURRENT_TIMESTAMP + WHERE id = ? + `; + db.prepare(updateQuery).run( + updatedRecord.password || null, + updatedRecord.key || null, + updatedRecord.key_password || null, + updatedRecord.private_key || null, + record.id + ); + + migratedFieldsCount += migratedFields.length; + if (!migratedTables.includes('ssh_credentials')) { + migratedTables.push('ssh_credentials'); + } + migrated = true; + } + } + + // Process users table + const userRecord = db.prepare("SELECT * FROM users WHERE id = ?").get(userId); + if (userRecord) { + const sensitiveFields = LazyFieldEncryption.getSensitiveFieldsForTable('users'); + const { updatedRecord, migratedFields, needsUpdate } = LazyFieldEncryption.migrateRecordSensitiveFields( + userRecord, + sensitiveFields, + userDataKey, + userId + ); + + if (needsUpdate) { + // Update the record in database + const updateQuery = ` + UPDATE users + SET totp_secret = ?, totp_backup_codes = ? + WHERE id = ? + `; + db.prepare(updateQuery).run( + updatedRecord.totp_secret || null, + updatedRecord.totp_backup_codes || null, + userId + ); + + migratedFieldsCount += migratedFields.length; + if (!migratedTables.includes('users')) { + migratedTables.push('users'); + } + migrated = true; + } + } + + if (migrated) { + databaseLogger.success("User sensitive fields migration completed", { + operation: "user_sensitive_migration_success", + userId, + migratedTables, + migratedFieldsCount, + }); + } + + return { migrated, migratedTables, migratedFieldsCount }; + + } catch (error) { + databaseLogger.error("User sensitive fields migration failed", error, { + operation: "user_sensitive_migration_failed", + userId, + error: error instanceof Error ? error.message : "Unknown error", + }); + + // Don't throw error to avoid breaking user login + return { migrated: false, migratedTables: [], migratedFieldsCount: 0 }; + } + } + + /** + * Get user data key + */ + static getUserDataKey(userId: string): Buffer | null { + return this.userCrypto.getUserDataKey(userId); + } + + /** + * Verify user access permissions - simple and direct + */ + static validateUserAccess(userId: string): Buffer { + const userDataKey = this.getUserDataKey(userId); + if (!userDataKey) { + throw new Error(`User ${userId} data not unlocked`); + } + return userDataKey; + } + + /** + * Convenience method: automatically get user key and encrypt + */ + static encryptRecordForUser(tableName: string, record: any, userId: string): any { + const userDataKey = this.validateUserAccess(userId); + return this.encryptRecord(tableName, record, userId, userDataKey); + } + + /** + * Convenience method: automatically get user key and decrypt + */ + static decryptRecordForUser(tableName: string, record: any, userId: string): any { + const userDataKey = this.validateUserAccess(userId); + return this.decryptRecord(tableName, record, userId, userDataKey); + } + + /** + * Convenience method: batch decrypt + */ + static decryptRecordsForUser(tableName: string, records: any[], userId: string): any[] { + const userDataKey = this.validateUserAccess(userId); + return this.decryptRecords(tableName, records, userId, userDataKey); + } + + /** + * Check if user can access data + */ + static canUserAccessData(userId: string): boolean { + return this.userCrypto.isUserUnlocked(userId); + } + + /** + * Test encryption functionality + */ + static testUserEncryption(userId: string): boolean { + try { + const userDataKey = this.getUserDataKey(userId); + if (!userDataKey) return false; + + const testData = "test-" + Date.now(); + const encrypted = FieldCrypto.encryptField(testData, userDataKey, "test-record", "test-field"); + const decrypted = FieldCrypto.decryptField(encrypted, userDataKey, "test-record", "test-field"); + + return decrypted === testData; + } catch (error) { + return false; + } + } +} + +export { DataCrypto }; \ No newline at end of file diff --git a/src/backend/utils/database-encryption.ts b/src/backend/utils/database-encryption.ts deleted file mode 100644 index 6662ceaa..00000000 --- a/src/backend/utils/database-encryption.ts +++ /dev/null @@ -1,287 +0,0 @@ -import { FieldEncryption } from "./encryption.js"; -import { EncryptionKeyManager } from "./encryption-key-manager.js"; -import { databaseLogger } from "./logger.js"; - -interface EncryptionContext { - masterPassword: string; - encryptionEnabled: boolean; - forceEncryption: boolean; - migrateOnAccess: boolean; -} - -class DatabaseEncryption { - private static context: EncryptionContext | null = null; - - static async initialize(config: Partial = {}) { - const keyManager = EncryptionKeyManager.getInstance(); - const masterPassword = - config.masterPassword || (await keyManager.initializeKey()); - - this.context = { - masterPassword, - encryptionEnabled: config.encryptionEnabled ?? true, - forceEncryption: config.forceEncryption ?? false, - migrateOnAccess: config.migrateOnAccess ?? true, - }; - - databaseLogger.info("Database encryption initialized", { - operation: "encryption_init", - enabled: this.context.encryptionEnabled, - forceEncryption: this.context.forceEncryption, - dynamicKey: !config.masterPassword, - }); - } - - static getContext(): EncryptionContext { - if (!this.context) { - throw new Error( - "DatabaseEncryption not initialized. Call initialize() first.", - ); - } - return this.context; - } - - static encryptRecord(tableName: string, record: any): any { - const context = this.getContext(); - if (!context.encryptionEnabled) return record; - - const encryptedRecord = { ...record }; - let hasEncryption = false; - - for (const [fieldName, value] of Object.entries(record)) { - if (FieldEncryption.shouldEncryptField(tableName, fieldName) && value) { - try { - const fieldKey = FieldEncryption.getFieldKey( - context.masterPassword, - `${tableName}.${fieldName}`, - ); - encryptedRecord[fieldName] = FieldEncryption.encryptField( - value as string, - fieldKey, - ); - hasEncryption = true; - } catch (error) { - databaseLogger.error( - `Failed to encrypt field ${tableName}.${fieldName}`, - error, - { - operation: "field_encryption", - table: tableName, - field: fieldName, - }, - ); - throw error; - } - } - } - - if (hasEncryption) { - databaseLogger.debug(`Encrypted sensitive fields for ${tableName}`, { - operation: "record_encryption", - table: tableName, - }); - } - - return encryptedRecord; - } - - static decryptRecord(tableName: string, record: any): any { - const context = this.getContext(); - if (!record) return record; - - const decryptedRecord = { ...record }; - let hasDecryption = false; - let needsMigration = false; - - for (const [fieldName, value] of Object.entries(record)) { - if (FieldEncryption.shouldEncryptField(tableName, fieldName) && value) { - try { - const fieldKey = FieldEncryption.getFieldKey( - context.masterPassword, - `${tableName}.${fieldName}`, - ); - - if (FieldEncryption.isEncrypted(value as string)) { - decryptedRecord[fieldName] = FieldEncryption.decryptField( - value as string, - fieldKey, - ); - hasDecryption = true; - } else if (context.encryptionEnabled && !context.forceEncryption) { - decryptedRecord[fieldName] = value; - needsMigration = context.migrateOnAccess; - } else if (context.forceEncryption) { - databaseLogger.warn( - `Unencrypted field detected in force encryption mode`, - { - operation: "decryption_warning", - table: tableName, - field: fieldName, - }, - ); - decryptedRecord[fieldName] = value; - } - } catch (error) { - databaseLogger.error( - `Failed to decrypt field ${tableName}.${fieldName}`, - error, - { - operation: "field_decryption", - table: tableName, - field: fieldName, - }, - ); - - if (context.forceEncryption) { - throw error; - } else { - decryptedRecord[fieldName] = value; - } - } - } - } - - if (needsMigration) { - this.scheduleFieldMigration(tableName, record); - } - - return decryptedRecord; - } - - static decryptRecords(tableName: string, records: any[]): any[] { - if (!Array.isArray(records)) return records; - return records.map((record) => this.decryptRecord(tableName, record)); - } - - private static scheduleFieldMigration(tableName: string, record: any) { - setTimeout(async () => { - try { - await this.migrateRecord(tableName, record); - } catch (error) { - databaseLogger.error( - `Failed to migrate record ${tableName}:${record.id}`, - error, - { - operation: "migration_failed", - table: tableName, - recordId: record.id, - }, - ); - } - }, 1000); - } - - static async migrateRecord(tableName: string, record: any): Promise { - const context = this.getContext(); - if (!context.encryptionEnabled || !context.migrateOnAccess) return record; - - let needsUpdate = false; - const updatedRecord = { ...record }; - - for (const [fieldName, value] of Object.entries(record)) { - if ( - FieldEncryption.shouldEncryptField(tableName, fieldName) && - value && - !FieldEncryption.isEncrypted(value as string) - ) { - try { - const fieldKey = FieldEncryption.getFieldKey( - context.masterPassword, - `${tableName}.${fieldName}`, - ); - updatedRecord[fieldName] = FieldEncryption.encryptField( - value as string, - fieldKey, - ); - needsUpdate = true; - } catch (error) { - databaseLogger.error( - `Failed to migrate field ${tableName}.${fieldName}`, - error, - { - operation: "field_migration", - table: tableName, - field: fieldName, - recordId: record.id, - }, - ); - throw error; - } - } - } - - return updatedRecord; - } - - static validateConfiguration(): boolean { - try { - const context = this.getContext(); - const testData = "test-encryption-data"; - const testKey = FieldEncryption.getFieldKey( - context.masterPassword, - "test", - ); - - const encrypted = FieldEncryption.encryptField(testData, testKey); - const decrypted = FieldEncryption.decryptField(encrypted, testKey); - - return decrypted === testData; - } catch (error) { - databaseLogger.error( - "Encryption configuration validation failed", - error, - { - operation: "config_validation", - }, - ); - return false; - } - } - - static getEncryptionStatus() { - try { - const context = this.getContext(); - return { - enabled: context.encryptionEnabled, - forceEncryption: context.forceEncryption, - migrateOnAccess: context.migrateOnAccess, - configValid: this.validateConfiguration(), - }; - } catch { - return { - enabled: false, - forceEncryption: false, - migrateOnAccess: false, - configValid: false, - }; - } - } - - static async getDetailedStatus() { - const keyManager = EncryptionKeyManager.getInstance(); - const keyStatus = await keyManager.getEncryptionStatus(); - const encryptionStatus = this.getEncryptionStatus(); - - return { - ...encryptionStatus, - key: keyStatus, - initialized: this.context !== null, - }; - } - - static async reinitializeWithNewKey(): Promise { - const keyManager = EncryptionKeyManager.getInstance(); - const newKey = await keyManager.regenerateKey(); - - this.context = null; - await this.initialize({ masterPassword: newKey }); - - databaseLogger.warn("Database encryption reinitialized with new key", { - operation: "encryption_reinit", - requiresMigration: true, - }); - } -} - -export { DatabaseEncryption }; -export type { EncryptionContext }; diff --git a/src/backend/utils/database-file-encryption.ts b/src/backend/utils/database-file-encryption.ts index 1d2e81c3..d646df6e 100644 --- a/src/backend/utils/database-file-encryption.ts +++ b/src/backend/utils/database-file-encryption.ts @@ -1,55 +1,45 @@ import crypto from "crypto"; import fs from "fs"; import path from "path"; -import { HardwareFingerprint } from "./hardware-fingerprint.js"; import { databaseLogger } from "./logger.js"; +import { SystemCrypto } from "./system-crypto.js"; interface EncryptedFileMetadata { iv: string; tag: string; version: string; fingerprint: string; - salt: string; algorithm: string; + keySource?: string; // Track where the key comes from (SystemCrypto) - v2 only + salt?: string; // Legacy v1 format only } /** * Database file encryption - encrypts the entire SQLite database file at rest - * This provides an additional security layer on top of field-level encryption + * Uses SystemCrypto for key management - no more fixed seed garbage! + * + * Linus principles applied: + * - Remove hardcoded keys security disaster + * - Use SystemCrypto instance keys for proper per-instance security + * - Simple and direct, no complex key derivation */ class DatabaseFileEncryption { - private static readonly VERSION = "v1"; + private static readonly VERSION = "v2"; private static readonly ALGORITHM = "aes-256-gcm"; - private static readonly KEY_ITERATIONS = 100000; private static readonly ENCRYPTED_FILE_SUFFIX = ".encrypted"; private static readonly METADATA_FILE_SUFFIX = ".meta"; - - /** - * Generate file encryption key from hardware fingerprint - */ - private static generateFileEncryptionKey(salt: Buffer): Buffer { - const hardwareFingerprint = HardwareFingerprint.generate(); - - const key = crypto.pbkdf2Sync( - hardwareFingerprint, - salt, - this.KEY_ITERATIONS, - 32, // 256 bits for AES-256 - "sha256", - ); - - return key; - } + private static systemCrypto = SystemCrypto.getInstance(); /** * Encrypt database from buffer (for in-memory databases) */ - static encryptDatabaseFromBuffer(buffer: Buffer, targetPath: string): string { + static async encryptDatabaseFromBuffer(buffer: Buffer, targetPath: string): Promise { try { + // Get database key from SystemCrypto (no more fixed seed garbage!) + const key = await this.systemCrypto.getDatabaseKey(); + // Generate encryption components - const salt = crypto.randomBytes(32); const iv = crypto.randomBytes(16); - const key = this.generateFileEncryptionKey(salt); // Encrypt the buffer const cipher = crypto.createCipheriv(this.ALGORITHM, key, iv) as any; @@ -61,9 +51,9 @@ class DatabaseFileEncryption { iv: iv.toString("hex"), tag: tag.toString("hex"), version: this.VERSION, - fingerprint: HardwareFingerprint.generate().substring(0, 16), - salt: salt.toString("hex"), + fingerprint: "termix-v2-systemcrypto", // SystemCrypto managed key algorithm: this.ALGORITHM, + keySource: "SystemCrypto", }; // Write encrypted file and metadata @@ -86,7 +76,7 @@ class DatabaseFileEncryption { /** * Encrypt database file */ - static encryptDatabaseFile(sourcePath: string, targetPath?: string): string { + static async encryptDatabaseFile(sourcePath: string, targetPath?: string): Promise { if (!fs.existsSync(sourcePath)) { throw new Error(`Source database file does not exist: ${sourcePath}`); } @@ -99,10 +89,11 @@ class DatabaseFileEncryption { // Read source file const sourceData = fs.readFileSync(sourcePath); + // Get database key from SystemCrypto (no more fixed seed garbage!) + const key = await this.systemCrypto.getDatabaseKey(); + // Generate encryption components - const salt = crypto.randomBytes(32); const iv = crypto.randomBytes(16); - const key = this.generateFileEncryptionKey(salt); // Encrypt the file const cipher = crypto.createCipheriv(this.ALGORITHM, key, iv) as any; @@ -117,9 +108,9 @@ class DatabaseFileEncryption { iv: iv.toString("hex"), tag: tag.toString("hex"), version: this.VERSION, - fingerprint: HardwareFingerprint.generate().substring(0, 16), - salt: salt.toString("hex"), + fingerprint: "termix-v2-systemcrypto", // SystemCrypto managed key algorithm: this.ALGORITHM, + keySource: "SystemCrypto", }; // Write encrypted file and metadata @@ -151,7 +142,7 @@ class DatabaseFileEncryption { /** * Decrypt database file to buffer (for in-memory usage) */ - static decryptDatabaseToBuffer(encryptedPath: string): Buffer { + static async decryptDatabaseToBuffer(encryptedPath: string): Promise { if (!fs.existsSync(encryptedPath)) { throw new Error( `Encrypted database file does not exist: ${encryptedPath}`, @@ -168,28 +159,29 @@ class DatabaseFileEncryption { const metadataContent = fs.readFileSync(metadataPath, "utf8"); const metadata: EncryptedFileMetadata = JSON.parse(metadataContent); - // Validate metadata version - if (metadata.version !== this.VERSION) { - throw new Error(`Unsupported encryption version: ${metadata.version}`); - } - - // Validate hardware fingerprint - const currentFingerprint = HardwareFingerprint.generate().substring( - 0, - 16, - ); - if (metadata.fingerprint !== currentFingerprint) { - throw new Error( - "Hardware fingerprint mismatch - database was encrypted on different hardware", - ); - } - // Read encrypted data const encryptedData = fs.readFileSync(encryptedPath); - // Generate decryption key - const salt = Buffer.from(metadata.salt, "hex"); - const key = this.generateFileEncryptionKey(salt); + // Get decryption key based on version + let key: Buffer; + if (metadata.version === "v2") { + // New v2 format: use SystemCrypto key + key = await this.systemCrypto.getDatabaseKey(); + } else if (metadata.version === "v1") { + // Legacy v1 format: use deprecated salt-based key derivation + databaseLogger.warn("Decrypting legacy v1 encrypted database - consider upgrading", { + operation: "decrypt_legacy_v1", + path: encryptedPath + }); + if (!metadata.salt) { + throw new Error("v1 encrypted file missing required salt field"); + } + const salt = Buffer.from(metadata.salt, "hex"); + const fixedSeed = process.env.DB_FILE_KEY || "termix-database-file-encryption-seed-v1"; + key = crypto.pbkdf2Sync(fixedSeed, salt, 100000, 32, "sha256"); + } else { + throw new Error(`Unsupported encryption version: ${metadata.version}`); + } // Decrypt to buffer const decipher = crypto.createDecipheriv( @@ -219,10 +211,10 @@ class DatabaseFileEncryption { /** * Decrypt database file */ - static decryptDatabaseFile( + static async decryptDatabaseFile( encryptedPath: string, targetPath?: string, - ): string { + ): Promise { if (!fs.existsSync(encryptedPath)) { throw new Error( `Encrypted database file does not exist: ${encryptedPath}`, @@ -242,33 +234,29 @@ class DatabaseFileEncryption { const metadataContent = fs.readFileSync(metadataPath, "utf8"); const metadata: EncryptedFileMetadata = JSON.parse(metadataContent); - // Validate metadata version - if (metadata.version !== this.VERSION) { - throw new Error(`Unsupported encryption version: ${metadata.version}`); - } - - // Validate hardware fingerprint - const currentFingerprint = HardwareFingerprint.generate().substring( - 0, - 16, - ); - if (metadata.fingerprint !== currentFingerprint) { - databaseLogger.warn("Hardware fingerprint mismatch for database file", { - operation: "database_file_decryption", - expected: metadata.fingerprint, - current: currentFingerprint, - }); - throw new Error( - "Hardware fingerprint mismatch - database was encrypted on different hardware", - ); - } - // Read encrypted data const encryptedData = fs.readFileSync(encryptedPath); - // Generate decryption key - const salt = Buffer.from(metadata.salt, "hex"); - const key = this.generateFileEncryptionKey(salt); + // Get decryption key based on version + let key: Buffer; + if (metadata.version === "v2") { + // New v2 format: use SystemCrypto key + key = await this.systemCrypto.getDatabaseKey(); + } else if (metadata.version === "v1") { + // Legacy v1 format: use deprecated salt-based key derivation + databaseLogger.warn("Decrypting legacy v1 encrypted database - consider upgrading", { + operation: "decrypt_legacy_v1", + path: encryptedPath + }); + if (!metadata.salt) { + throw new Error("v1 encrypted file missing required salt field"); + } + const salt = Buffer.from(metadata.salt, "hex"); + const fixedSeed = process.env.DB_FILE_KEY || "termix-database-file-encryption-seed-v1"; + key = crypto.pbkdf2Sync(fixedSeed, salt, 100000, 32, "sha256"); + } else { + throw new Error(`Unsupported encryption version: ${metadata.version}`); + } // Decrypt the file const decipher = crypto.createDecipheriv( @@ -350,16 +338,13 @@ class DatabaseFileEncryption { const metadata: EncryptedFileMetadata = JSON.parse(metadataContent); const fileStats = fs.statSync(encryptedPath); - const currentFingerprint = HardwareFingerprint.generate().substring( - 0, - 16, - ); + const currentFingerprint = "termix-v1-file"; // Fixed identifier return { version: metadata.version, algorithm: metadata.algorithm, fingerprint: metadata.fingerprint, - isCurrentHardware: metadata.fingerprint === currentFingerprint, + isCurrentHardware: true, // Hardware validation removed fileSize: fileStats.size, }; } catch { @@ -370,10 +355,10 @@ class DatabaseFileEncryption { /** * Securely backup database by creating encrypted copy */ - static createEncryptedBackup( + static async createEncryptedBackup( databasePath: string, backupDir: string, - ): string { + ): Promise { if (!fs.existsSync(databasePath)) { throw new Error(`Database file does not exist: ${databasePath}`); } @@ -389,7 +374,7 @@ class DatabaseFileEncryption { const backupPath = path.join(backupDir, backupFileName); try { - const encryptedPath = this.encryptDatabaseFile(databasePath, backupPath); + const encryptedPath = await this.encryptDatabaseFile(databasePath, backupPath); databaseLogger.info("Encrypted database backup created", { operation: "database_backup", @@ -412,16 +397,16 @@ class DatabaseFileEncryption { /** * Restore database from encrypted backup */ - static restoreFromEncryptedBackup( + static async restoreFromEncryptedBackup( backupPath: string, targetPath: string, - ): string { + ): Promise { if (!this.isEncryptedDatabaseFile(backupPath)) { throw new Error("Invalid encrypted backup file"); } try { - const restoredPath = this.decryptDatabaseFile(backupPath, targetPath); + const restoredPath = await this.decryptDatabaseFile(backupPath, targetPath); databaseLogger.info("Database restored from encrypted backup", { operation: "database_restore", @@ -440,17 +425,6 @@ class DatabaseFileEncryption { } } - /** - * Validate hardware compatibility for encrypted file - */ - static validateHardwareCompatibility(encryptedPath: string): boolean { - try { - const info = this.getEncryptedFileInfo(encryptedPath); - return info?.isCurrentHardware ?? false; - } catch { - return false; - } - } /** * Clean up temporary files diff --git a/src/backend/utils/database-migration.ts b/src/backend/utils/database-migration.ts index 7a6c6b82..0cb772c9 100644 --- a/src/backend/utils/database-migration.ts +++ b/src/backend/utils/database-migration.ts @@ -1,504 +1,457 @@ +import Database from "better-sqlite3"; import fs from "fs"; import path from "path"; -import crypto from "crypto"; -import { DatabaseFileEncryption } from "./database-file-encryption.js"; -import { DatabaseEncryption } from "./database-encryption.js"; -import { FieldEncryption } from "./encryption.js"; -import { HardwareFingerprint } from "./hardware-fingerprint.js"; import { databaseLogger } from "./logger.js"; -import { db, databasePaths } from "../database/db/index.js"; -import { - users, - sshData, - sshCredentials, - settings, - fileManagerRecent, - fileManagerPinned, - fileManagerShortcuts, - dismissedAlerts, - sshCredentialUsage, -} from "../database/db/schema.js"; +import { DatabaseFileEncryption } from "./database-file-encryption.js"; -interface ExportMetadata { - version: string; - exportedAt: string; - exportId: string; - sourceHardwareFingerprint: string; - tableCount: number; - recordCount: number; - encryptedFields: string[]; -} - -interface MigrationExport { - metadata: ExportMetadata; - data: { - [tableName: string]: any[]; - }; -} - -interface ImportResult { +export interface MigrationResult { success: boolean; - imported: { - tables: number; - records: number; - }; - errors: string[]; - warnings: string[]; + error?: string; + migratedTables: number; + migratedRows: number; + backupPath?: string; + duration: number; } -/** - * Database migration utility for exporting/importing data between different hardware - * Handles both field-level and file-level encryption/decryption during migration - */ -class DatabaseMigration { - private static readonly VERSION = "v1"; - private static readonly EXPORT_FILE_EXTENSION = ".termix-export.json"; +export interface MigrationStatus { + needsMigration: boolean; + hasUnencryptedDb: boolean; + hasEncryptedDb: boolean; + unencryptedDbSize: number; + reason: string; +} + +export class DatabaseMigration { + private dataDir: string; + private unencryptedDbPath: string; + private encryptedDbPath: string; + + constructor(dataDir: string) { + this.dataDir = dataDir; + this.unencryptedDbPath = path.join(dataDir, "db.sqlite"); + this.encryptedDbPath = `${this.unencryptedDbPath}.encrypted`; + } /** - * Export database for migration - * Decrypts all encrypted fields for transport to new hardware + * 检查是否需要迁移以及迁移状态 */ - static async exportDatabase(exportPath?: string): Promise { - const exportId = crypto.randomUUID(); - const timestamp = new Date().toISOString(); - const defaultExportPath = path.join( - databasePaths.directory, - `termix-export-${timestamp.replace(/[:.]/g, "-")}${this.EXPORT_FILE_EXTENSION}`, - ); - const actualExportPath = exportPath || defaultExportPath; + checkMigrationStatus(): MigrationStatus { + const hasUnencryptedDb = fs.existsSync(this.unencryptedDbPath); + const hasEncryptedDb = DatabaseFileEncryption.isEncryptedDatabaseFile(this.encryptedDbPath); + + let unencryptedDbSize = 0; + if (hasUnencryptedDb) { + try { + unencryptedDbSize = fs.statSync(this.unencryptedDbPath).size; + } catch (error) { + databaseLogger.warn("Could not get unencrypted database file size", { + operation: "migration_status_check", + error: error instanceof Error ? error.message : "Unknown error", + }); + } + } + + // 确定迁移状态 + let needsMigration = false; + let reason = ""; + + if (hasEncryptedDb && hasUnencryptedDb) { + // 两个都存在:可能是之前迁移失败或中断 + needsMigration = false; + reason = "Both encrypted and unencrypted databases exist. Skipping migration for safety. Manual intervention may be required."; + } else if (hasEncryptedDb && !hasUnencryptedDb) { + // 只有加密数据库:无需迁移 + needsMigration = false; + reason = "Only encrypted database exists. No migration needed."; + } else if (!hasEncryptedDb && hasUnencryptedDb) { + // 只有未加密数据库:需要迁移 + needsMigration = true; + reason = "Unencrypted database found. Migration to encrypted format required."; + } else { + // 都不存在:全新安装 + needsMigration = false; + reason = "No existing database found. This is a fresh installation."; + } + + return { + needsMigration, + hasUnencryptedDb, + hasEncryptedDb, + unencryptedDbSize, + reason, + }; + } + + /** + * 创建未加密数据库的安全备份 + */ + private createBackup(): string { + const timestamp = new Date().toISOString().replace(/[:.]/g, '-'); + const backupPath = `${this.unencryptedDbPath}.migration-backup-${timestamp}`; try { - databaseLogger.info("Starting database export for migration", { - operation: "database_export", - exportId, - exportPath: actualExportPath, + databaseLogger.info("Creating migration backup", { + operation: "migration_backup_create", + source: this.unencryptedDbPath, + backup: backupPath, }); - // Define tables to export and their encryption status - const tablesToExport = [ - { name: "users", table: users, hasEncryption: true }, - { name: "ssh_data", table: sshData, hasEncryption: true }, - { name: "ssh_credentials", table: sshCredentials, hasEncryption: true }, - { name: "settings", table: settings, hasEncryption: false }, - { - name: "file_manager_recent", - table: fileManagerRecent, - hasEncryption: false, - }, - { - name: "file_manager_pinned", - table: fileManagerPinned, - hasEncryption: false, - }, - { - name: "file_manager_shortcuts", - table: fileManagerShortcuts, - hasEncryption: false, - }, - { - name: "dismissed_alerts", - table: dismissedAlerts, - hasEncryption: false, - }, - { - name: "ssh_credential_usage", - table: sshCredentialUsage, - hasEncryption: false, - }, - ]; + fs.copyFileSync(this.unencryptedDbPath, backupPath); - const exportData: MigrationExport = { - metadata: { - version: this.VERSION, - exportedAt: timestamp, - exportId, - sourceHardwareFingerprint: HardwareFingerprint.generate().substring( - 0, - 16, - ), - tableCount: 0, - recordCount: 0, - encryptedFields: [], - }, - data: {}, - }; + // 验证备份完整性 + const originalSize = fs.statSync(this.unencryptedDbPath).size; + const backupSize = fs.statSync(backupPath).size; - let totalRecords = 0; + if (originalSize !== backupSize) { + throw new Error(`Backup size mismatch: original=${originalSize}, backup=${backupSize}`); + } - // Export each table - for (const tableInfo of tablesToExport) { - try { - databaseLogger.debug(`Exporting table: ${tableInfo.name}`, { - operation: "table_export", - table: tableInfo.name, - hasEncryption: tableInfo.hasEncryption, + databaseLogger.success("Migration backup created successfully", { + operation: "migration_backup_created", + backupPath, + fileSize: backupSize, + }); + + return backupPath; + } catch (error) { + databaseLogger.error("Failed to create migration backup", error, { + operation: "migration_backup_failed", + source: this.unencryptedDbPath, + backup: backupPath, + }); + throw new Error(`Backup creation failed: ${error instanceof Error ? error.message : "Unknown error"}`); + } + } + + /** + * 验证数据库迁移的完整性 + */ + private async verifyMigration(originalDb: Database.Database, memoryDb: Database.Database): Promise { + try { + databaseLogger.info("Verifying migration integrity", { + operation: "migration_verify_start", + }); + + // 临时禁用外键约束以进行验证查询 + memoryDb.exec("PRAGMA foreign_keys = OFF"); + + // 获取原数据库的表列表 + const originalTables = originalDb + .prepare(` + SELECT name FROM sqlite_master + WHERE type='table' AND name NOT LIKE 'sqlite_%' + ORDER BY name + `) + .all() as { name: string }[]; + + // 获取内存数据库的表列表 + const memoryTables = memoryDb + .prepare(` + SELECT name FROM sqlite_master + WHERE type='table' AND name NOT LIKE 'sqlite_%' + ORDER BY name + `) + .all() as { name: string }[]; + + // 检查表数量是否一致 + if (originalTables.length !== memoryTables.length) { + databaseLogger.error("Table count mismatch during migration verification", null, { + operation: "migration_verify_failed", + originalCount: originalTables.length, + memoryCount: memoryTables.length, + }); + return false; + } + + let totalOriginalRows = 0; + let totalMemoryRows = 0; + + // 逐表验证行数 + for (const table of originalTables) { + const originalCount = originalDb.prepare(`SELECT COUNT(*) as count FROM ${table.name}`).get() as { count: number }; + const memoryCount = memoryDb.prepare(`SELECT COUNT(*) as count FROM ${table.name}`).get() as { count: number }; + + totalOriginalRows += originalCount.count; + totalMemoryRows += memoryCount.count; + + if (originalCount.count !== memoryCount.count) { + databaseLogger.error("Row count mismatch for table during migration verification", null, { + operation: "migration_verify_table_failed", + table: table.name, + originalRows: originalCount.count, + memoryRows: memoryCount.count, }); + return false; + } - // Query all records from the table - const records = await db.select().from(tableInfo.table); + databaseLogger.debug("Table verification passed", { + operation: "migration_verify_table_success", + table: table.name, + rows: originalCount.count, + }); + } - // Decrypt encrypted fields if necessary - let processedRecords = records; - if (tableInfo.hasEncryption && records.length > 0) { - processedRecords = records.map((record) => { - try { - return DatabaseEncryption.decryptRecord(tableInfo.name, record); - } catch (error) { - databaseLogger.warn( - `Failed to decrypt record in ${tableInfo.name}`, - { - operation: "export_decrypt_warning", - table: tableInfo.name, - recordId: (record as any).id, - error: - error instanceof Error ? error.message : "Unknown error", - }, - ); - // Return original record if decryption fails - return record; + databaseLogger.success("Migration integrity verification completed", { + operation: "migration_verify_success", + tables: originalTables.length, + totalRows: totalOriginalRows, + }); + + // 重新启用外键约束 + memoryDb.exec("PRAGMA foreign_keys = ON"); + + return true; + } catch (error) { + databaseLogger.error("Migration verification failed", error, { + operation: "migration_verify_error", + }); + return false; + } + } + + /** + * 执行数据库迁移 + */ + async migrateDatabase(): Promise { + const startTime = Date.now(); + let backupPath: string | undefined; + let migratedTables = 0; + let migratedRows = 0; + + try { + databaseLogger.info("Starting database migration from unencrypted to encrypted format", { + operation: "migration_start", + source: this.unencryptedDbPath, + target: this.encryptedDbPath, + }); + + // 1. 创建安全备份 + backupPath = this.createBackup(); + + // 2. 打开原数据库(只读) + const originalDb = new Database(this.unencryptedDbPath, { readonly: true }); + + // 3. 创建内存数据库 + const memoryDb = new Database(":memory:"); + + try { + // 4. 获取所有表结构 + const tables = originalDb + .prepare(` + SELECT name, sql FROM sqlite_master + WHERE type='table' AND name NOT LIKE 'sqlite_%' + `) + .all() as { name: string; sql: string }[]; + + databaseLogger.info("Found tables to migrate", { + operation: "migration_tables_found", + tableCount: tables.length, + tables: tables.map(t => t.name), + }); + + // 5. 在内存数据库中创建表结构 + for (const table of tables) { + memoryDb.exec(table.sql); + migratedTables++; + + databaseLogger.debug("Table structure created", { + operation: "migration_table_created", + table: table.name, + }); + } + + // 6. 禁用外键约束以避免插入顺序问题 + databaseLogger.info("Disabling foreign key constraints for migration", { + operation: "migration_disable_fk", + }); + memoryDb.exec("PRAGMA foreign_keys = OFF"); + + // 7. 复制每个表的数据 + for (const table of tables) { + const rows = originalDb.prepare(`SELECT * FROM ${table.name}`).all(); + + if (rows.length > 0) { + const columns = Object.keys(rows[0]); + const placeholders = columns.map(() => "?").join(", "); + const insertStmt = memoryDb.prepare( + `INSERT INTO ${table.name} (${columns.join(", ")}) VALUES (${placeholders})` + ); + + // 使用事务批量插入 + const insertTransaction = memoryDb.transaction((dataRows: any[]) => { + for (const row of dataRows) { + const values = columns.map((col) => row[col]); + insertStmt.run(values); } }); - // Track which fields were encrypted - if (records.length > 0) { - const sampleRecord = records[0]; - for (const fieldName of Object.keys(sampleRecord)) { - if ( - FieldEncryption.shouldEncryptField(tableInfo.name, fieldName) - ) { - const fieldKey = `${tableInfo.name}.${fieldName}`; - if (!exportData.metadata.encryptedFields.includes(fieldKey)) { - exportData.metadata.encryptedFields.push(fieldKey); - } - } - } - } + insertTransaction(rows); + migratedRows += rows.length; + + databaseLogger.debug("Table data migrated", { + operation: "migration_table_data", + table: table.name, + rows: rows.length, + }); } - - exportData.data[tableInfo.name] = processedRecords; - totalRecords += processedRecords.length; - - databaseLogger.debug(`Table ${tableInfo.name} exported`, { - operation: "table_export_complete", - table: tableInfo.name, - recordCount: processedRecords.length, - }); - } catch (error) { - databaseLogger.error( - `Failed to export table ${tableInfo.name}`, - error, - { - operation: "table_export_failed", - table: tableInfo.name, - }, - ); - throw error; } - } - // Update metadata - exportData.metadata.tableCount = tablesToExport.length; - exportData.metadata.recordCount = totalRecords; - - // Write export file - const exportContent = JSON.stringify(exportData, null, 2); - fs.writeFileSync(actualExportPath, exportContent, "utf8"); - - databaseLogger.success("Database export completed successfully", { - operation: "database_export_complete", - exportId, - exportPath: actualExportPath, - tableCount: exportData.metadata.tableCount, - recordCount: exportData.metadata.recordCount, - fileSize: exportContent.length, - }); - - return actualExportPath; - } catch (error) { - databaseLogger.error("Database export failed", error, { - operation: "database_export_failed", - exportId, - exportPath: actualExportPath, - }); - throw new Error( - `Database export failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - } - } - - /** - * Import database from migration export - * Re-encrypts fields for the current hardware - */ - static async importDatabase( - importPath: string, - options: { - replaceExisting?: boolean; - backupCurrent?: boolean; - } = {}, - ): Promise { - const { replaceExisting = false, backupCurrent = true } = options; - - if (!fs.existsSync(importPath)) { - throw new Error(`Import file does not exist: ${importPath}`); - } - - try { - databaseLogger.info("Starting database import from migration export", { - operation: "database_import", - importPath, - replaceExisting, - backupCurrent, - }); - - // Read and validate export file - const exportContent = fs.readFileSync(importPath, "utf8"); - const exportData: MigrationExport = JSON.parse(exportContent); - - // Validate export format - if (exportData.metadata.version !== this.VERSION) { - throw new Error( - `Unsupported export version: ${exportData.metadata.version}`, - ); - } - - const result: ImportResult = { - success: false, - imported: { tables: 0, records: 0 }, - errors: [], - warnings: [], - }; - - // Create backup if requested - if (backupCurrent) { - try { - const backupPath = await this.createCurrentDatabaseBackup(); - databaseLogger.info("Current database backed up before import", { - operation: "import_backup", - backupPath, - }); - } catch (error) { - const warningMsg = `Failed to create backup: ${error instanceof Error ? error.message : "Unknown error"}`; - result.warnings.push(warningMsg); - databaseLogger.warn("Failed to create pre-import backup", { - operation: "import_backup_failed", - error: warningMsg, - }); - } - } - - // Import data table by table - for (const [tableName, tableData] of Object.entries(exportData.data)) { - try { - databaseLogger.debug(`Importing table: ${tableName}`, { - operation: "table_import", - table: tableName, - recordCount: tableData.length, - }); - - if (replaceExisting) { - // Clear existing data - const tableSchema = this.getTableSchema(tableName); - if (tableSchema) { - await db.delete(tableSchema); - databaseLogger.debug(`Cleared existing data from ${tableName}`, { - operation: "table_clear", - table: tableName, - }); - } - } - - // Process and encrypt records - for (const record of tableData) { - try { - // Re-encrypt sensitive fields for current hardware - const processedRecord = DatabaseEncryption.encryptRecord( - tableName, - record, - ); - - // Insert record - const tableSchema = this.getTableSchema(tableName); - if (tableSchema) { - await db.insert(tableSchema).values(processedRecord); - } - } catch (error) { - const errorMsg = `Failed to import record in ${tableName}: ${error instanceof Error ? error.message : "Unknown error"}`; - result.errors.push(errorMsg); - databaseLogger.error("Failed to import record", error, { - operation: "record_import_failed", - table: tableName, - recordId: record.id, - }); - } - } - - result.imported.tables++; - result.imported.records += tableData.length; - - databaseLogger.debug(`Table ${tableName} imported`, { - operation: "table_import_complete", - table: tableName, - recordCount: tableData.length, - }); - } catch (error) { - const errorMsg = `Failed to import table ${tableName}: ${error instanceof Error ? error.message : "Unknown error"}`; - result.errors.push(errorMsg); - databaseLogger.error("Failed to import table", error, { - operation: "table_import_failed", - table: tableName, - }); - } - } - - // Check if import was successful - result.success = result.errors.length === 0; - - if (result.success) { - databaseLogger.success("Database import completed successfully", { - operation: "database_import_complete", - importPath, - tablesImported: result.imported.tables, - recordsImported: result.imported.records, - warnings: result.warnings.length, + // 8. 重新启用外键约束 + databaseLogger.info("Re-enabling foreign key constraints after migration", { + operation: "migration_enable_fk", }); - } else { - databaseLogger.error( - "Database import completed with errors", - undefined, - { - operation: "database_import_partial", - importPath, - tablesImported: result.imported.tables, - recordsImported: result.imported.records, - errorCount: result.errors.length, - warningCount: result.warnings.length, - }, - ); + memoryDb.exec("PRAGMA foreign_keys = ON"); + + // 验证外键约束现在是否正常 + const fkCheckResult = memoryDb.prepare("PRAGMA foreign_key_check").all(); + if (fkCheckResult.length > 0) { + databaseLogger.error("Foreign key constraints violations detected after migration", null, { + operation: "migration_fk_check_failed", + violations: fkCheckResult, + }); + throw new Error(`Foreign key violations detected: ${JSON.stringify(fkCheckResult)}`); + } + + databaseLogger.success("Foreign key constraints verification passed", { + operation: "migration_fk_check_success", + }); + + // 9. 验证迁移完整性 + const verificationPassed = await this.verifyMigration(originalDb, memoryDb); + if (!verificationPassed) { + throw new Error("Migration integrity verification failed"); + } + + // 10. 导出内存数据库到缓冲区 + const buffer = memoryDb.serialize(); + + // 11. 创建加密数据库文件 + databaseLogger.info("Creating encrypted database file", { + operation: "migration_encrypt_start", + bufferSize: buffer.length, + }); + + await DatabaseFileEncryption.encryptDatabaseFromBuffer(buffer, this.encryptedDbPath); + + // 12. 验证加密文件 + if (!DatabaseFileEncryption.isEncryptedDatabaseFile(this.encryptedDbPath)) { + throw new Error("Encrypted database file verification failed"); + } + + // 13. 清理:重命名原文件而不是删除 + const timestamp = new Date().toISOString().replace(/[:.]/g, '-'); + const migratedPath = `${this.unencryptedDbPath}.migrated-${timestamp}`; + + fs.renameSync(this.unencryptedDbPath, migratedPath); + + databaseLogger.success("Database migration completed successfully", { + operation: "migration_complete", + migratedTables, + migratedRows, + duration: Date.now() - startTime, + backupPath, + migratedPath, + encryptedDbPath: this.encryptedDbPath, + }); + + return { + success: true, + migratedTables, + migratedRows, + backupPath, + duration: Date.now() - startTime, + }; + + } finally { + // 确保数据库连接关闭 + originalDb.close(); + memoryDb.close(); } - return result; } catch (error) { - databaseLogger.error("Database import failed", error, { - operation: "database_import_failed", - importPath, + const errorMessage = error instanceof Error ? error.message : "Unknown error"; + + databaseLogger.error("Database migration failed", error, { + operation: "migration_failed", + migratedTables, + migratedRows, + duration: Date.now() - startTime, + backupPath, }); - throw new Error( - `Database import failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); + + return { + success: false, + error: errorMessage, + migratedTables, + migratedRows, + backupPath, + duration: Date.now() - startTime, + }; } } /** - * Validate export file format and compatibility + * 清理旧的备份文件(保留最近3个) */ - static validateExportFile(exportPath: string): { - valid: boolean; - metadata?: ExportMetadata; - errors: string[]; - } { - const result = { - valid: false, - metadata: undefined as ExportMetadata | undefined, - errors: [] as string[], - }; - + cleanupOldBackups(): void { try { - if (!fs.existsSync(exportPath)) { - result.errors.push("Export file does not exist"); - return result; - } + const backupPattern = /\.migration-backup-\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-\d{3}Z$/; + const migratedPattern = /\.migrated-\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-\d{3}Z$/; - const exportContent = fs.readFileSync(exportPath, "utf8"); - const exportData: MigrationExport = JSON.parse(exportContent); + const files = fs.readdirSync(this.dataDir); - // Validate structure - if (!exportData.metadata || !exportData.data) { - result.errors.push("Invalid export file structure"); - return result; - } + // 查找备份文件和已迁移文件 + const backupFiles = files.filter(f => backupPattern.test(f)) + .map(f => ({ + name: f, + path: path.join(this.dataDir, f), + mtime: fs.statSync(path.join(this.dataDir, f)).mtime, + })) + .sort((a, b) => b.mtime.getTime() - a.mtime.getTime()); - // Validate version - if (exportData.metadata.version !== this.VERSION) { - result.errors.push( - `Unsupported export version: ${exportData.metadata.version}`, - ); - return result; - } + const migratedFiles = files.filter(f => migratedPattern.test(f)) + .map(f => ({ + name: f, + path: path.join(this.dataDir, f), + mtime: fs.statSync(path.join(this.dataDir, f)).mtime, + })) + .sort((a, b) => b.mtime.getTime() - a.mtime.getTime()); - // Validate required metadata fields - const requiredFields = [ - "exportedAt", - "exportId", - "sourceHardwareFingerprint", - ]; - for (const field of requiredFields) { - if (!exportData.metadata[field as keyof ExportMetadata]) { - result.errors.push(`Missing required metadata field: ${field}`); + // 保留最近3个备份文件 + const backupsToDelete = backupFiles.slice(3); + const migratedToDelete = migratedFiles.slice(3); + + for (const file of [...backupsToDelete, ...migratedToDelete]) { + try { + fs.unlinkSync(file.path); + databaseLogger.debug("Cleaned up old migration file", { + operation: "migration_cleanup", + file: file.name, + }); + } catch (error) { + databaseLogger.warn("Failed to cleanup old migration file", { + operation: "migration_cleanup_failed", + file: file.name, + error: error instanceof Error ? error.message : "Unknown error", + }); } } - if (result.errors.length === 0) { - result.valid = true; - result.metadata = exportData.metadata; + if (backupsToDelete.length > 0 || migratedToDelete.length > 0) { + databaseLogger.info("Migration cleanup completed", { + operation: "migration_cleanup_complete", + deletedBackups: backupsToDelete.length, + deletedMigrated: migratedToDelete.length, + remainingBackups: Math.min(backupFiles.length, 3), + remainingMigrated: Math.min(migratedFiles.length, 3), + }); } - return result; } catch (error) { - result.errors.push( - `Failed to parse export file: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - return result; + databaseLogger.warn("Migration cleanup failed", { + operation: "migration_cleanup_error", + error: error instanceof Error ? error.message : "Unknown error", + }); } } - - /** - * Create backup of current database - */ - private static async createCurrentDatabaseBackup(): Promise { - const timestamp = new Date().toISOString().replace(/[:.]/g, "-"); - const backupDir = path.join(databasePaths.directory, "backups"); - - if (!fs.existsSync(backupDir)) { - fs.mkdirSync(backupDir, { recursive: true }); - } - - // Create encrypted backup - const backupPath = DatabaseFileEncryption.createEncryptedBackup( - databasePaths.main, - backupDir, - ); - - return backupPath; - } - - /** - * Get table schema for database operations - */ - private static getTableSchema(tableName: string) { - const tableMap: { [key: string]: any } = { - users: users, - ssh_data: sshData, - ssh_credentials: sshCredentials, - settings: settings, - file_manager_recent: fileManagerRecent, - file_manager_pinned: fileManagerPinned, - file_manager_shortcuts: fileManagerShortcuts, - dismissed_alerts: dismissedAlerts, - ssh_credential_usage: sshCredentialUsage, - }; - - return tableMap[tableName]; - } - - /** - * Get export file info without importing - */ - static getExportInfo(exportPath: string): ExportMetadata | null { - const validation = this.validateExportFile(exportPath); - return validation.valid ? validation.metadata! : null; - } -} - -export { DatabaseMigration }; -export type { ExportMetadata, MigrationExport, ImportResult }; +} \ No newline at end of file diff --git a/src/backend/utils/database-save-trigger.ts b/src/backend/utils/database-save-trigger.ts new file mode 100644 index 00000000..8a729860 --- /dev/null +++ b/src/backend/utils/database-save-trigger.ts @@ -0,0 +1,162 @@ +import { databaseLogger } from "./logger.js"; + +/** + * Database Save Trigger - 自动触发内存数据库保存到磁盘 + * 确保数据修改后能持久化保存 + */ +export class DatabaseSaveTrigger { + private static saveFunction: (() => Promise) | null = null; + private static isInitialized = false; + private static pendingSave = false; + private static saveTimeout: NodeJS.Timeout | null = null; + + /** + * 初始化保存触发器 + */ + static initialize(saveFunction: () => Promise): void { + this.saveFunction = saveFunction; + this.isInitialized = true; + + databaseLogger.info("Database save trigger initialized", { + operation: "db_save_trigger_init", + }); + } + + /** + * 触发数据库保存 - 防抖处理,避免频繁保存 + */ + static async triggerSave(reason: string = "data_modification"): Promise { + if (!this.isInitialized || !this.saveFunction) { + databaseLogger.warn("Database save trigger not initialized", { + operation: "db_save_trigger_not_init", + reason, + }); + return; + } + + // 清除之前的定时器 + if (this.saveTimeout) { + clearTimeout(this.saveTimeout); + } + + // 防抖:延迟2秒执行,如果2秒内有新的保存请求,则重新计时 + this.saveTimeout = setTimeout(async () => { + if (this.pendingSave) { + databaseLogger.debug("Database save already in progress, skipping", { + operation: "db_save_trigger_skip", + reason, + }); + return; + } + + this.pendingSave = true; + + try { + databaseLogger.debug("Triggering database save", { + operation: "db_save_trigger_start", + reason, + }); + + await this.saveFunction!(); + + databaseLogger.debug("Database save completed", { + operation: "db_save_trigger_success", + reason, + }); + } catch (error) { + databaseLogger.error("Database save failed", error, { + operation: "db_save_trigger_failed", + reason, + error: error instanceof Error ? error.message : "Unknown error", + }); + } finally { + this.pendingSave = false; + } + }, 2000); // 2秒防抖 + } + + /** + * 立即保存 - 用于关键操作 + */ + static async forceSave(reason: string = "critical_operation"): Promise { + if (!this.isInitialized || !this.saveFunction) { + databaseLogger.warn("Database save trigger not initialized for force save", { + operation: "db_save_trigger_force_not_init", + reason, + }); + return; + } + + // 清除防抖定时器 + if (this.saveTimeout) { + clearTimeout(this.saveTimeout); + this.saveTimeout = null; + } + + if (this.pendingSave) { + databaseLogger.debug("Database save already in progress, waiting", { + operation: "db_save_trigger_force_wait", + reason, + }); + return; + } + + this.pendingSave = true; + + try { + databaseLogger.info("Force saving database", { + operation: "db_save_trigger_force_start", + reason, + }); + + await this.saveFunction(); + + databaseLogger.success("Database force save completed", { + operation: "db_save_trigger_force_success", + reason, + }); + } catch (error) { + databaseLogger.error("Database force save failed", error, { + operation: "db_save_trigger_force_failed", + reason, + error: error instanceof Error ? error.message : "Unknown error", + }); + throw error; // 重新抛出错误,因为这是强制保存 + } finally { + this.pendingSave = false; + } + } + + /** + * 获取保存状态 + */ + static getStatus(): { + initialized: boolean; + pendingSave: boolean; + hasPendingTimeout: boolean; + } { + return { + initialized: this.isInitialized, + pendingSave: this.pendingSave, + hasPendingTimeout: this.saveTimeout !== null, + }; + } + + /** + * 清理资源 + */ + static cleanup(): void { + if (this.saveTimeout) { + clearTimeout(this.saveTimeout); + this.saveTimeout = null; + } + + this.pendingSave = false; + this.isInitialized = false; + this.saveFunction = null; + + databaseLogger.info("Database save trigger cleaned up", { + operation: "db_save_trigger_cleanup", + }); + } +} \ No newline at end of file diff --git a/src/backend/utils/database-sqlite-export.ts b/src/backend/utils/database-sqlite-export.ts deleted file mode 100644 index d586ce31..00000000 --- a/src/backend/utils/database-sqlite-export.ts +++ /dev/null @@ -1,728 +0,0 @@ -import fs from "fs"; -import path from "path"; -import crypto from "crypto"; -import Database from "better-sqlite3"; -import { sql, eq } from "drizzle-orm"; -import { drizzle } from "drizzle-orm/better-sqlite3"; -import { DatabaseEncryption } from "./database-encryption.js"; -import { FieldEncryption } from "./encryption.js"; -import { HardwareFingerprint } from "./hardware-fingerprint.js"; -import { databaseLogger } from "./logger.js"; -import { databasePaths, db, sqliteInstance } from "../database/db/index.js"; -import { sshData, sshCredentials, users } from "../database/db/schema.js"; - -interface ExportMetadata { - version: string; - exportedAt: string; - exportId: string; - sourceHardwareFingerprint: string; - tableCount: number; - recordCount: number; - encryptedFields: string[]; -} - -interface ImportResult { - success: boolean; - imported: { - tables: number; - records: number; - }; - errors: string[]; - warnings: string[]; -} - -/** - * SQLite database export/import utility for hardware migration - * Exports decrypted data to a new SQLite database file for hardware transfer - */ -class DatabaseSQLiteExport { - private static readonly VERSION = "v1"; - private static readonly EXPORT_FILE_EXTENSION = ".termix-export.sqlite"; - private static readonly METADATA_TABLE = "_termix_export_metadata"; - - /** - * Export database as SQLite file for migration - * Creates a new SQLite database with decrypted data - */ - static async exportDatabase(exportPath?: string): Promise { - const exportId = crypto.randomUUID(); - const timestamp = new Date().toISOString(); - const defaultExportPath = path.join( - databasePaths.directory, - `termix-export-${timestamp.replace(/[:.]/g, "-")}${this.EXPORT_FILE_EXTENSION}`, - ); - const actualExportPath = exportPath || defaultExportPath; - - try { - databaseLogger.info("Starting SQLite database export for migration", { - operation: "database_sqlite_export", - exportId, - exportPath: actualExportPath, - }); - - // Create new SQLite database for export - const exportDb = new Database(actualExportPath); - - // Define tables to export - only SSH-related data - const tablesToExport = [ - { name: "ssh_data", hasEncryption: true }, - { name: "ssh_credentials", hasEncryption: true }, - ]; - - const exportMetadata: ExportMetadata = { - version: this.VERSION, - exportedAt: timestamp, - exportId, - sourceHardwareFingerprint: HardwareFingerprint.generate().substring( - 0, - 16, - ), - tableCount: 0, - recordCount: 0, - encryptedFields: [], - }; - - let totalRecords = 0; - - // Check total records in SSH tables for debugging - const totalSshData = await db.select().from(sshData); - const totalSshCredentials = await db.select().from(sshCredentials); - - databaseLogger.info(`Export preparation: found SSH data`, { - operation: "export_data_check", - totalSshData: totalSshData.length, - totalSshCredentials: totalSshCredentials.length, - }); - - // Create metadata table - exportDb.exec(` - CREATE TABLE ${this.METADATA_TABLE} ( - key TEXT PRIMARY KEY, - value TEXT NOT NULL - ) - `); - - // Copy schema and data for each table - for (const tableInfo of tablesToExport) { - try { - databaseLogger.debug(`Exporting SQLite table: ${tableInfo.name}`, { - operation: "table_sqlite_export", - table: tableInfo.name, - hasEncryption: tableInfo.hasEncryption, - }); - - // Create table in export database using consistent schema - if (tableInfo.name === "ssh_data") { - // Create ssh_data table using exact schema matching Drizzle definition - const createTableSql = `CREATE TABLE ssh_data ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - user_id TEXT NOT NULL, - name TEXT, - ip TEXT NOT NULL, - port INTEGER NOT NULL, - username TEXT NOT NULL, - folder TEXT, - tags TEXT, - pin INTEGER NOT NULL DEFAULT 0, - auth_type TEXT NOT NULL, - password TEXT, - require_password INTEGER NOT NULL DEFAULT 1, - key TEXT, - key_password TEXT, - key_type TEXT, - credential_id INTEGER, - enable_terminal INTEGER NOT NULL DEFAULT 1, - enable_tunnel INTEGER NOT NULL DEFAULT 1, - tunnel_connections TEXT, - enable_file_manager INTEGER NOT NULL DEFAULT 1, - default_path TEXT, - created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP - )`; - exportDb.exec(createTableSql); - } else if (tableInfo.name === "ssh_credentials") { - // Create ssh_credentials table using exact schema matching Drizzle definition - const createTableSql = `CREATE TABLE ssh_credentials ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - name TEXT NOT NULL, - username TEXT, - password TEXT, - key_content TEXT, - key_password TEXT, - key_type TEXT, - created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP - )`; - exportDb.exec(createTableSql); - } else { - databaseLogger.warn(`Unknown table ${tableInfo.name}, skipping`, { - operation: "table_sqlite_export_skip", - table: tableInfo.name, - }); - continue; - } - - // Query all records from tables using Drizzle - let records: any[]; - if (tableInfo.name === "ssh_data") { - records = await db.select().from(sshData); - } else if (tableInfo.name === "ssh_credentials") { - records = await db.select().from(sshCredentials); - } else { - records = []; - } - - databaseLogger.info( - `Found ${records.length} records in ${tableInfo.name} for export`, - { - operation: "table_record_count", - table: tableInfo.name, - recordCount: records.length, - }, - ); - - // Decrypt encrypted fields if necessary - let processedRecords = records; - if (tableInfo.hasEncryption && records.length > 0) { - processedRecords = records.map((record) => { - try { - return DatabaseEncryption.decryptRecord(tableInfo.name, record); - } catch (error) { - databaseLogger.warn( - `Failed to decrypt record in ${tableInfo.name}`, - { - operation: "export_decrypt_warning", - table: tableInfo.name, - recordId: (record as any).id, - error: - error instanceof Error ? error.message : "Unknown error", - }, - ); - return record; - } - }); - - // Track encrypted fields - const sampleRecord = records[0]; - for (const fieldName of Object.keys(sampleRecord)) { - if (this.shouldTrackEncryptedField(tableInfo.name, fieldName)) { - const fieldKey = `${tableInfo.name}.${fieldName}`; - if (!exportMetadata.encryptedFields.includes(fieldKey)) { - exportMetadata.encryptedFields.push(fieldKey); - } - } - } - } - - // Insert records into export database - if (processedRecords.length > 0) { - const sampleRecord = processedRecords[0]; - const tsFieldNames = Object.keys(sampleRecord); - - // Map TypeScript field names to database column names - const dbColumnNames = tsFieldNames.map((fieldName) => { - // Map TypeScript field names to database column names - const fieldMappings: Record = { - userId: "user_id", - authType: "auth_type", - requirePassword: "require_password", - keyPassword: "key_password", - keyType: "key_type", - credentialId: "credential_id", - enableTerminal: "enable_terminal", - enableTunnel: "enable_tunnel", - tunnelConnections: "tunnel_connections", - enableFileManager: "enable_file_manager", - defaultPath: "default_path", - createdAt: "created_at", - updatedAt: "updated_at", - keyContent: "key_content", - }; - return fieldMappings[fieldName] || fieldName; - }); - - const placeholders = dbColumnNames.map(() => "?").join(", "); - const insertSql = `INSERT INTO ${tableInfo.name} (${dbColumnNames.join(", ")}) VALUES (${placeholders})`; - - const insertStmt = exportDb.prepare(insertSql); - - for (const record of processedRecords) { - const values = tsFieldNames.map((fieldName) => { - const value: any = record[fieldName as keyof typeof record]; - // Convert values to SQLite-compatible types - if (value === null || value === undefined) { - return null; - } - if ( - typeof value === "string" || - typeof value === "number" || - typeof value === "bigint" - ) { - return value; - } - if (Buffer.isBuffer(value)) { - return value; - } - if (value instanceof Date) { - return value.toISOString(); - } - if (typeof value === "boolean") { - return value ? 1 : 0; - } - // Convert objects and arrays to JSON strings - if (typeof value === "object") { - return JSON.stringify(value); - } - // Fallback: convert to string - return String(value); - }); - insertStmt.run(values); - } - } - - totalRecords += processedRecords.length; - - databaseLogger.debug(`SQLite table ${tableInfo.name} exported`, { - operation: "table_sqlite_export_complete", - table: tableInfo.name, - recordCount: processedRecords.length, - }); - } catch (error) { - databaseLogger.error( - `Failed to export SQLite table ${tableInfo.name}`, - error, - { - operation: "table_sqlite_export_failed", - table: tableInfo.name, - }, - ); - throw error; - } - } - - // Update and store metadata - exportMetadata.tableCount = tablesToExport.length; - exportMetadata.recordCount = totalRecords; - - const insertMetadata = exportDb.prepare( - `INSERT INTO ${this.METADATA_TABLE} (key, value) VALUES (?, ?)`, - ); - insertMetadata.run("metadata", JSON.stringify(exportMetadata)); - - // Close export database - exportDb.close(); - - databaseLogger.success("SQLite database export completed successfully", { - operation: "database_sqlite_export_complete", - exportId, - exportPath: actualExportPath, - tableCount: exportMetadata.tableCount, - recordCount: exportMetadata.recordCount, - fileSize: fs.statSync(actualExportPath).size, - }); - - return actualExportPath; - } catch (error) { - databaseLogger.error("SQLite database export failed", error, { - operation: "database_sqlite_export_failed", - exportId, - exportPath: actualExportPath, - }); - throw new Error( - `SQLite database export failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - } - } - - /** - * Import database from SQLite export - * Re-encrypts fields for the current hardware - */ - static async importDatabase( - importPath: string, - options: { - replaceExisting?: boolean; - backupCurrent?: boolean; - } = {}, - ): Promise { - const { replaceExisting = false, backupCurrent = true } = options; - - if (!fs.existsSync(importPath)) { - throw new Error(`Import file does not exist: ${importPath}`); - } - - try { - databaseLogger.info("Starting SQLite database import from export", { - operation: "database_sqlite_import", - importPath, - replaceExisting, - backupCurrent, - }); - - // Open import database - const importDb = new Database(importPath, { readonly: true }); - - // Validate export format - const metadataResult = importDb - .prepare( - ` - SELECT value FROM ${this.METADATA_TABLE} WHERE key = 'metadata' - `, - ) - .get() as { value: string } | undefined; - - if (!metadataResult) { - throw new Error("Invalid export file: missing metadata"); - } - - const metadata: ExportMetadata = JSON.parse(metadataResult.value); - if (metadata.version !== this.VERSION) { - throw new Error(`Unsupported export version: ${metadata.version}`); - } - - const result: ImportResult = { - success: false, - imported: { tables: 0, records: 0 }, - errors: [], - warnings: [], - }; - - // Get current admin user to assign imported SSH records - const adminUser = await db - .select() - .from(users) - .where(eq(users.is_admin, true)) - .limit(1); - if (adminUser.length === 0) { - throw new Error("No admin user found in current database"); - } - const currentAdminUserId = adminUser[0].id; - - databaseLogger.debug( - `Starting SSH data import - assigning to admin user ${currentAdminUserId}`, - { - operation: "ssh_data_import_start", - adminUserId: currentAdminUserId, - }, - ); - - // Create backup if requested - if (backupCurrent) { - try { - const backupPath = await this.createCurrentDatabaseBackup(); - databaseLogger.info("Current database backed up before import", { - operation: "import_backup", - backupPath, - }); - } catch (error) { - const warningMsg = `Failed to create backup: ${error instanceof Error ? error.message : "Unknown error"}`; - result.warnings.push(warningMsg); - databaseLogger.warn("Failed to create pre-import backup", { - operation: "import_backup_failed", - error: warningMsg, - }); - } - } - - // Get list of tables to import (excluding metadata table) - const tables = importDb - .prepare( - ` - SELECT name FROM sqlite_master - WHERE type='table' AND name != '${this.METADATA_TABLE}' - `, - ) - .all() as { name: string }[]; - - // Import data table by table - for (const tableRow of tables) { - const tableName = tableRow.name; - - try { - databaseLogger.debug(`Importing SQLite table: ${tableName}`, { - operation: "table_sqlite_import", - table: tableName, - }); - - // Use additive import - don't clear existing data - // This preserves all current data including admin SSH connections - databaseLogger.debug(`Using additive import for ${tableName}`, { - operation: "table_additive_import", - table: tableName, - }); - - // Get all records from import table - const records = importDb.prepare(`SELECT * FROM ${tableName}`).all(); - - // Process and encrypt records - for (const record of records) { - try { - // Import all SSH data without user filtering - - // Map database column names to TypeScript field names - const mappedRecord: any = {}; - const columnToFieldMappings: Record = { - user_id: "userId", - auth_type: "authType", - require_password: "requirePassword", - key_password: "keyPassword", - key_type: "keyType", - credential_id: "credentialId", - enable_terminal: "enableTerminal", - enable_tunnel: "enableTunnel", - tunnel_connections: "tunnelConnections", - enable_file_manager: "enableFileManager", - default_path: "defaultPath", - created_at: "createdAt", - updated_at: "updatedAt", - key_content: "keyContent", - }; - - // Convert database column names to TypeScript field names - for (const [dbColumn, value] of Object.entries(record)) { - const tsField = columnToFieldMappings[dbColumn] || dbColumn; - mappedRecord[tsField] = value; - } - - // Assign imported SSH records to current admin user to avoid foreign key constraint - if (tableName === "ssh_data" && mappedRecord.userId) { - const originalUserId = mappedRecord.userId; - mappedRecord.userId = currentAdminUserId; - databaseLogger.debug( - `Reassigned SSH record from user ${originalUserId} to admin ${currentAdminUserId}`, - { - operation: "user_reassignment", - originalUserId, - newUserId: currentAdminUserId, - }, - ); - } - - // Re-encrypt sensitive fields for current hardware - const processedRecord = DatabaseEncryption.encryptRecord( - tableName, - mappedRecord, - ); - - // Insert record using Drizzle - try { - if (tableName === "ssh_data") { - await db - .insert(sshData) - .values(processedRecord) - .onConflictDoNothing(); - } else if (tableName === "ssh_credentials") { - await db - .insert(sshCredentials) - .values(processedRecord) - .onConflictDoNothing(); - } - } catch (error) { - // Handle any SQL errors gracefully - if ( - error instanceof Error && - error.message.includes("UNIQUE constraint failed") - ) { - databaseLogger.debug( - `Skipping duplicate record in ${tableName}`, - { - operation: "duplicate_record_skip", - table: tableName, - }, - ); - continue; - } - throw error; - } - } catch (error) { - const errorMsg = `Failed to import record in ${tableName}: ${error instanceof Error ? error.message : "Unknown error"}`; - result.errors.push(errorMsg); - databaseLogger.error("Failed to import record", error, { - operation: "record_sqlite_import_failed", - table: tableName, - recordId: (record as any).id, - }); - } - } - - result.imported.tables++; - result.imported.records += records.length; - - databaseLogger.debug(`SQLite table ${tableName} imported`, { - operation: "table_sqlite_import_complete", - table: tableName, - recordCount: records.length, - }); - } catch (error) { - const errorMsg = `Failed to import table ${tableName}: ${error instanceof Error ? error.message : "Unknown error"}`; - result.errors.push(errorMsg); - databaseLogger.error("Failed to import SQLite table", error, { - operation: "table_sqlite_import_failed", - table: tableName, - }); - } - } - - // Close import database - importDb.close(); - - // Check if import was successful - result.success = result.errors.length === 0; - - if (result.success) { - databaseLogger.success( - "SQLite database import completed successfully", - { - operation: "database_sqlite_import_complete", - importPath, - tablesImported: result.imported.tables, - recordsImported: result.imported.records, - warnings: result.warnings.length, - }, - ); - } else { - databaseLogger.error( - "SQLite database import completed with errors", - undefined, - { - operation: "database_sqlite_import_partial", - importPath, - tablesImported: result.imported.tables, - recordsImported: result.imported.records, - errorCount: result.errors.length, - warningCount: result.warnings.length, - }, - ); - } - - return result; - } catch (error) { - databaseLogger.error("SQLite database import failed", error, { - operation: "database_sqlite_import_failed", - importPath, - }); - throw new Error( - `SQLite database import failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - } - } - - /** - * Validate SQLite export file - */ - static validateExportFile(exportPath: string): { - valid: boolean; - metadata?: ExportMetadata; - errors: string[]; - } { - const result = { - valid: false, - metadata: undefined as ExportMetadata | undefined, - errors: [] as string[], - }; - - try { - if (!fs.existsSync(exportPath)) { - result.errors.push("Export file does not exist"); - return result; - } - - if (!exportPath.endsWith(this.EXPORT_FILE_EXTENSION)) { - result.errors.push("Invalid export file extension"); - return result; - } - - const exportDb = new Database(exportPath, { readonly: true }); - - try { - const metadataResult = exportDb - .prepare( - ` - SELECT value FROM ${this.METADATA_TABLE} WHERE key = 'metadata' - `, - ) - .get() as { value: string } | undefined; - - if (!metadataResult) { - result.errors.push("Missing export metadata"); - return result; - } - - const metadata: ExportMetadata = JSON.parse(metadataResult.value); - - if (metadata.version !== this.VERSION) { - result.errors.push(`Unsupported export version: ${metadata.version}`); - return result; - } - - result.valid = true; - result.metadata = metadata; - } finally { - exportDb.close(); - } - - return result; - } catch (error) { - result.errors.push( - `Failed to validate export file: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - return result; - } - } - - /** - * Get export file info without importing - */ - static getExportInfo(exportPath: string): ExportMetadata | null { - const validation = this.validateExportFile(exportPath); - return validation.valid ? validation.metadata! : null; - } - - /** - * Create backup of current database - */ - private static async createCurrentDatabaseBackup(): Promise { - const timestamp = new Date().toISOString().replace(/[:.]/g, "-"); - const backupDir = path.join(databasePaths.directory, "backups"); - - if (!fs.existsSync(backupDir)) { - fs.mkdirSync(backupDir, { recursive: true }); - } - - // Create SQLite backup - const backupPath = path.join( - backupDir, - `database-backup-${timestamp}.sqlite`, - ); - - // Copy current database file - fs.copyFileSync(databasePaths.main, backupPath); - - return backupPath; - } - - /** - * Get table schema for database operations - * NOTE: This method is deprecated - we now use raw SQL to avoid FK issues - */ - private static getTableSchema(tableName: string) { - return null; // No longer used - } - - /** - * Check if a field should be tracked as encrypted - */ - private static shouldTrackEncryptedField( - tableName: string, - fieldName: string, - ): boolean { - try { - return FieldEncryption.shouldEncryptField(tableName, fieldName); - } catch { - return false; - } - } -} - -export { DatabaseSQLiteExport }; -export type { ExportMetadata, ImportResult }; diff --git a/src/backend/utils/encrypted-db-operations.ts b/src/backend/utils/encrypted-db-operations.ts deleted file mode 100644 index 5a8e36e9..00000000 --- a/src/backend/utils/encrypted-db-operations.ts +++ /dev/null @@ -1,242 +0,0 @@ -import { db } from "../database/db/index.js"; -import { DatabaseEncryption } from "./database-encryption.js"; -import { databaseLogger } from "./logger.js"; -import type { SQLiteTable } from "drizzle-orm/sqlite-core"; - -type TableName = "users" | "ssh_data" | "ssh_credentials"; - -class EncryptedDBOperations { - static async insert>( - table: SQLiteTable, - tableName: TableName, - data: T, - ): Promise { - try { - const encryptedData = DatabaseEncryption.encryptRecord(tableName, data); - const result = await db.insert(table).values(encryptedData).returning(); - - // Decrypt the returned data to ensure consistency - const decryptedResult = DatabaseEncryption.decryptRecord( - tableName, - result[0], - ); - - databaseLogger.debug(`Inserted encrypted record into ${tableName}`, { - operation: "encrypted_insert", - table: tableName, - }); - - return decryptedResult as T; - } catch (error) { - databaseLogger.error( - `Failed to insert encrypted record into ${tableName}`, - error, - { - operation: "encrypted_insert_failed", - table: tableName, - }, - ); - throw error; - } - } - - static async select>( - query: any, - tableName: TableName, - ): Promise { - try { - const results = await query; - const decryptedResults = DatabaseEncryption.decryptRecords( - tableName, - results, - ); - - return decryptedResults; - } catch (error) { - databaseLogger.error( - `Failed to select/decrypt records from ${tableName}`, - error, - { - operation: "encrypted_select_failed", - table: tableName, - }, - ); - throw error; - } - } - - static async selectOne>( - query: any, - tableName: TableName, - ): Promise { - try { - const result = await query; - if (!result) return undefined; - - const decryptedResult = DatabaseEncryption.decryptRecord( - tableName, - result, - ); - - return decryptedResult; - } catch (error) { - databaseLogger.error( - `Failed to select/decrypt single record from ${tableName}`, - error, - { - operation: "encrypted_select_one_failed", - table: tableName, - }, - ); - throw error; - } - } - - static async update>( - table: SQLiteTable, - tableName: TableName, - where: any, - data: Partial, - ): Promise { - try { - const encryptedData = DatabaseEncryption.encryptRecord(tableName, data); - const result = await db - .update(table) - .set(encryptedData) - .where(where) - .returning(); - - databaseLogger.debug(`Updated encrypted record in ${tableName}`, { - operation: "encrypted_update", - table: tableName, - }); - - return result as T[]; - } catch (error) { - databaseLogger.error( - `Failed to update encrypted record in ${tableName}`, - error, - { - operation: "encrypted_update_failed", - table: tableName, - }, - ); - throw error; - } - } - - static async delete( - table: SQLiteTable, - tableName: TableName, - where: any, - ): Promise { - try { - const result = await db.delete(table).where(where).returning(); - - databaseLogger.debug(`Deleted record from ${tableName}`, { - operation: "encrypted_delete", - table: tableName, - }); - - return result; - } catch (error) { - databaseLogger.error(`Failed to delete record from ${tableName}`, error, { - operation: "encrypted_delete_failed", - table: tableName, - }); - throw error; - } - } - - static async migrateExistingRecords(tableName: TableName): Promise { - let migratedCount = 0; - - try { - databaseLogger.info(`Starting encryption migration for ${tableName}`, { - operation: "migration_start", - table: tableName, - }); - - let table: SQLiteTable; - let records: any[]; - - switch (tableName) { - case "users": - const { users } = await import("../database/db/schema.js"); - table = users; - records = await db.select().from(users); - break; - case "ssh_data": - const { sshData } = await import("../database/db/schema.js"); - table = sshData; - records = await db.select().from(sshData); - break; - case "ssh_credentials": - const { sshCredentials } = await import("../database/db/schema.js"); - table = sshCredentials; - records = await db.select().from(sshCredentials); - break; - default: - throw new Error(`Unknown table: ${tableName}`); - } - - for (const record of records) { - try { - const migratedRecord = await DatabaseEncryption.migrateRecord( - tableName, - record, - ); - - if (JSON.stringify(migratedRecord) !== JSON.stringify(record)) { - const { eq } = await import("drizzle-orm"); - await db - .update(table) - .set(migratedRecord) - .where(eq((table as any).id, record.id)); - migratedCount++; - } - } catch (error) { - databaseLogger.error( - `Failed to migrate record ${record.id} in ${tableName}`, - error, - { - operation: "migration_record_failed", - table: tableName, - recordId: record.id, - }, - ); - } - } - - databaseLogger.success(`Migration completed for ${tableName}`, { - operation: "migration_complete", - table: tableName, - migratedCount, - totalRecords: records.length, - }); - - return migratedCount; - } catch (error) { - databaseLogger.error(`Migration failed for ${tableName}`, error, { - operation: "migration_failed", - table: tableName, - }); - throw error; - } - } - - static async healthCheck(): Promise { - try { - const status = DatabaseEncryption.getEncryptionStatus(); - return status.configValid && status.enabled; - } catch (error) { - databaseLogger.error("Encryption health check failed", error, { - operation: "health_check_failed", - }); - return false; - } - } -} - -export { EncryptedDBOperations }; -export type { TableName }; diff --git a/src/backend/utils/encryption-key-manager.ts b/src/backend/utils/encryption-key-manager.ts deleted file mode 100644 index be678af5..00000000 --- a/src/backend/utils/encryption-key-manager.ts +++ /dev/null @@ -1,353 +0,0 @@ -import crypto from "crypto"; -import { db } from "../database/db/index.js"; -import { settings } from "../database/db/schema.js"; -import { eq } from "drizzle-orm"; -import { databaseLogger } from "./logger.js"; -import { MasterKeyProtection } from "./master-key-protection.js"; - -interface EncryptionKeyInfo { - hasKey: boolean; - keyId?: string; - createdAt?: string; - algorithm: string; -} - -class EncryptionKeyManager { - private static instance: EncryptionKeyManager; - private currentKey: string | null = null; - private keyInfo: EncryptionKeyInfo | null = null; - - private constructor() {} - - static getInstance(): EncryptionKeyManager { - if (!this.instance) { - this.instance = new EncryptionKeyManager(); - } - return this.instance; - } - - private encodeKey(key: string): string { - return MasterKeyProtection.encryptMasterKey(key); - } - - private decodeKey(encodedKey: string): string { - if (MasterKeyProtection.isProtectedKey(encodedKey)) { - return MasterKeyProtection.decryptMasterKey(encodedKey); - } - - databaseLogger.warn( - "Found legacy base64-encoded key, migrating to KEK protection", - { - operation: "key_migration_legacy", - }, - ); - const buffer = Buffer.from(encodedKey, "base64"); - return buffer.toString("hex"); - } - - async initializeKey(): Promise { - try { - let existingKey = await this.getStoredKey(); - - if (existingKey) { - databaseLogger.success("Found existing encryption key", { - operation: "key_init", - hasKey: true, - }); - this.currentKey = existingKey; - return existingKey; - } - - const environmentKey = process.env.DB_ENCRYPTION_KEY; - if (environmentKey && environmentKey !== "default-key-change-me") { - if (!this.validateKeyStrength(environmentKey)) { - databaseLogger.error( - "Environment encryption key is too weak", - undefined, - { - operation: "key_init", - source: "environment", - keyLength: environmentKey.length, - }, - ); - throw new Error( - "DB_ENCRYPTION_KEY is too weak. Must be at least 32 characters with good entropy.", - ); - } - - databaseLogger.info("Using encryption key from environment variable", { - operation: "key_init", - source: "environment", - }); - - await this.storeKey(environmentKey); - this.currentKey = environmentKey; - return environmentKey; - } - - const newKey = await this.generateNewKey(); - databaseLogger.warn( - "Generated new encryption key - PLEASE BACKUP THIS KEY", - { - operation: "key_init", - generated: true, - keyPreview: newKey.substring(0, 8) + "...", - }, - ); - - return newKey; - } catch (error) { - databaseLogger.error("Failed to initialize encryption key", error, { - operation: "key_init_failed", - }); - throw error; - } - } - - async generateNewKey(): Promise { - const newKey = crypto.randomBytes(32).toString("hex"); - const keyId = crypto.randomBytes(8).toString("hex"); - - await this.storeKey(newKey, keyId); - this.currentKey = newKey; - - databaseLogger.success("Generated new encryption key", { - operation: "key_generated", - keyId, - keyLength: newKey.length, - }); - - return newKey; - } - - private async storeKey(key: string, keyId?: string): Promise { - const now = new Date().toISOString(); - const id = keyId || crypto.randomBytes(8).toString("hex"); - - const keyData = { - key: this.encodeKey(key), - keyId: id, - createdAt: now, - algorithm: "aes-256-gcm", - }; - - const encodedData = JSON.stringify(keyData); - - try { - const existing = await db - .select() - .from(settings) - .where(eq(settings.key, "db_encryption_key")); - - if (existing.length > 0) { - await db - .update(settings) - .set({ value: encodedData }) - .where(eq(settings.key, "db_encryption_key")); - } else { - await db.insert(settings).values({ - key: "db_encryption_key", - value: encodedData, - }); - } - - const existingCreated = await db - .select() - .from(settings) - .where(eq(settings.key, "encryption_key_created")); - - if (existingCreated.length > 0) { - await db - .update(settings) - .set({ value: now }) - .where(eq(settings.key, "encryption_key_created")); - } else { - await db.insert(settings).values({ - key: "encryption_key_created", - value: now, - }); - } - - this.keyInfo = { - hasKey: true, - keyId: id, - createdAt: now, - algorithm: "aes-256-gcm", - }; - } catch (error) { - databaseLogger.error("Failed to store encryption key", error, { - operation: "key_store_failed", - }); - throw error; - } - } - - private async getStoredKey(): Promise { - try { - const result = await db - .select() - .from(settings) - .where(eq(settings.key, "db_encryption_key")); - - if (result.length === 0) { - return null; - } - - const encodedData = result[0].value; - let keyData; - - try { - keyData = JSON.parse(encodedData); - } catch { - databaseLogger.warn("Found legacy base64-encoded key data, migrating", { - operation: "key_data_migration_legacy", - }); - keyData = JSON.parse(Buffer.from(encodedData, "base64").toString()); - } - - this.keyInfo = { - hasKey: true, - keyId: keyData.keyId, - createdAt: keyData.createdAt, - algorithm: keyData.algorithm, - }; - - const decodedKey = this.decodeKey(keyData.key); - - if (!MasterKeyProtection.isProtectedKey(keyData.key)) { - databaseLogger.info("Auto-migrating legacy key to KEK protection", { - operation: "key_auto_migration", - keyId: keyData.keyId, - }); - await this.storeKey(decodedKey, keyData.keyId); - } - - return decodedKey; - } catch (error) { - databaseLogger.error("Failed to retrieve stored encryption key", error, { - operation: "key_retrieve_failed", - }); - return null; - } - } - - getCurrentKey(): string | null { - return this.currentKey; - } - - async getKeyInfo(): Promise { - if (!this.keyInfo) { - const hasKey = (await this.getStoredKey()) !== null; - return { - hasKey, - algorithm: "aes-256-gcm", - }; - } - return this.keyInfo; - } - - async regenerateKey(): Promise { - databaseLogger.info("Regenerating encryption key", { - operation: "key_regenerate", - }); - - const oldKeyInfo = await this.getKeyInfo(); - const newKey = await this.generateNewKey(); - - databaseLogger.warn( - "Encryption key regenerated - ALL DATA MUST BE RE-ENCRYPTED", - { - operation: "key_regenerated", - oldKeyId: oldKeyInfo.keyId, - newKeyId: this.keyInfo?.keyId, - }, - ); - - return newKey; - } - - private validateKeyStrength(key: string): boolean { - if (key.length < 32) return false; - - const hasLower = /[a-z]/.test(key); - const hasUpper = /[A-Z]/.test(key); - const hasDigit = /\d/.test(key); - const hasSpecial = /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(key); - - const entropyTest = new Set(key).size / key.length; - - const complexity = - Number(hasLower) + - Number(hasUpper) + - Number(hasDigit) + - Number(hasSpecial); - return complexity >= 3 && entropyTest > 0.4; - } - - async validateKey(key?: string): Promise { - const testKey = key || this.currentKey; - if (!testKey) return false; - - try { - const testData = "validation-test-" + Date.now(); - const testBuffer = Buffer.from(testKey, "hex"); - - if (testBuffer.length !== 32) { - return false; - } - - const iv = crypto.randomBytes(16); - const cipher = crypto.createCipheriv( - "aes-256-gcm", - testBuffer, - iv, - ) as any; - cipher.update(testData, "utf8"); - cipher.final(); - cipher.getAuthTag(); - - return true; - } catch { - return false; - } - } - - isInitialized(): boolean { - return this.currentKey !== null; - } - - async getEncryptionStatus() { - const keyInfo = await this.getKeyInfo(); - const isValid = await this.validateKey(); - const kekProtected = await this.isKEKProtected(); - - return { - hasKey: keyInfo.hasKey, - keyValid: isValid, - keyId: keyInfo.keyId, - createdAt: keyInfo.createdAt, - algorithm: keyInfo.algorithm, - initialized: this.isInitialized(), - kekProtected, - kekValid: kekProtected ? MasterKeyProtection.validateProtection() : false, - }; - } - - private async isKEKProtected(): Promise { - try { - const result = await db - .select() - .from(settings) - .where(eq(settings.key, "db_encryption_key")); - if (result.length === 0) return false; - - const keyData = JSON.parse(result[0].value); - return MasterKeyProtection.isProtectedKey(keyData.key); - } catch { - return false; - } - } -} - -export { EncryptionKeyManager }; -export type { EncryptionKeyInfo }; diff --git a/src/backend/utils/encryption-migration.ts b/src/backend/utils/encryption-migration.ts deleted file mode 100644 index 8559fc06..00000000 --- a/src/backend/utils/encryption-migration.ts +++ /dev/null @@ -1,435 +0,0 @@ -#!/usr/bin/env node -import { DatabaseEncryption } from "./database-encryption.js"; -import { EncryptedDBOperations } from "./encrypted-db-operations.js"; -import { EncryptionKeyManager } from "./encryption-key-manager.js"; -import { databaseLogger } from "./logger.js"; -import { db } from "../database/db/index.js"; -import { settings } from "../database/db/schema.js"; -import { eq, sql } from "drizzle-orm"; - -interface MigrationConfig { - masterPassword?: string; - forceEncryption?: boolean; - backupEnabled?: boolean; - dryRun?: boolean; -} - -class EncryptionMigration { - private config: MigrationConfig; - - constructor(config: MigrationConfig = {}) { - this.config = { - masterPassword: config.masterPassword, - forceEncryption: config.forceEncryption ?? false, - backupEnabled: config.backupEnabled ?? true, - dryRun: config.dryRun ?? false, - }; - } - - async runMigration(): Promise { - databaseLogger.info("Starting database encryption migration", { - operation: "migration_start", - dryRun: this.config.dryRun, - forceEncryption: this.config.forceEncryption, - }); - - try { - await this.validatePrerequisites(); - - if (this.config.backupEnabled && !this.config.dryRun) { - await this.createBackup(); - } - - await this.initializeEncryption(); - await this.migrateTables(); - await this.updateSettings(); - await this.verifyMigration(); - - databaseLogger.success( - "Database encryption migration completed successfully", - { - operation: "migration_complete", - }, - ); - } catch (error) { - databaseLogger.error("Migration failed", error, { - operation: "migration_failed", - }); - throw error; - } - } - - private async validatePrerequisites(): Promise { - databaseLogger.info("Validating migration prerequisites", { - operation: "validation", - }); - - // Check if KEK-managed encryption key exists - const keyManager = EncryptionKeyManager.getInstance(); - - if (!this.config.masterPassword) { - // Try to get current key from KEK manager - try { - const currentKey = keyManager.getCurrentKey(); - if (!currentKey) { - // Initialize key if not available - const initializedKey = await keyManager.initializeKey(); - this.config.masterPassword = initializedKey; - } else { - this.config.masterPassword = currentKey; - } - } catch (error) { - throw new Error( - "Failed to retrieve encryption key from KEK manager. Please ensure encryption is properly initialized.", - ); - } - } - - // Validate key strength - if (this.config.masterPassword.length < 16) { - throw new Error("Master password must be at least 16 characters long"); - } - - // Test database connection - try { - await db.select().from(settings).limit(1); - } catch (error) { - throw new Error("Database connection failed"); - } - - databaseLogger.success("Prerequisites validation passed", { - operation: "validation_complete", - keySource: "kek_manager", - }); - } - - private async createBackup(): Promise { - databaseLogger.info("Creating database backup before migration", { - operation: "backup_start", - }); - - try { - const fs = await import("fs"); - const path = await import("path"); - const dataDir = process.env.DATA_DIR || "./db/data"; - const dbPath = path.join(dataDir, "db.sqlite"); - const backupPath = path.join(dataDir, `db-backup-${Date.now()}.sqlite`); - - if (fs.existsSync(dbPath)) { - fs.copyFileSync(dbPath, backupPath); - databaseLogger.success(`Database backup created: ${backupPath}`, { - operation: "backup_complete", - backupPath, - }); - } - } catch (error) { - databaseLogger.error("Failed to create backup", error, { - operation: "backup_failed", - }); - throw error; - } - } - - private async initializeEncryption(): Promise { - databaseLogger.info("Initializing encryption system", { - operation: "encryption_init", - }); - - DatabaseEncryption.initialize({ - masterPassword: this.config.masterPassword!, - encryptionEnabled: true, - forceEncryption: this.config.forceEncryption, - migrateOnAccess: true, - }); - - const isHealthy = await EncryptedDBOperations.healthCheck(); - if (!isHealthy) { - throw new Error("Encryption system health check failed"); - } - - databaseLogger.success("Encryption system initialized successfully", { - operation: "encryption_init_complete", - }); - } - - private async migrateTables(): Promise { - const tables: Array<"users" | "ssh_data" | "ssh_credentials"> = [ - "users", - "ssh_data", - "ssh_credentials", - ]; - - let totalMigrated = 0; - - for (const tableName of tables) { - databaseLogger.info(`Starting migration for table: ${tableName}`, { - operation: "table_migration_start", - table: tableName, - }); - - try { - if (this.config.dryRun) { - databaseLogger.info(`[DRY RUN] Would migrate table: ${tableName}`, { - operation: "dry_run_table", - table: tableName, - }); - continue; - } - - const migratedCount = - await EncryptedDBOperations.migrateExistingRecords(tableName); - totalMigrated += migratedCount; - - databaseLogger.success(`Migration completed for table: ${tableName}`, { - operation: "table_migration_complete", - table: tableName, - migratedCount, - }); - } catch (error) { - databaseLogger.error( - `Migration failed for table: ${tableName}`, - error, - { - operation: "table_migration_failed", - table: tableName, - }, - ); - throw error; - } - } - - databaseLogger.success(`All tables migrated successfully`, { - operation: "all_tables_migrated", - totalMigrated, - }); - } - - private async updateSettings(): Promise { - if (this.config.dryRun) { - databaseLogger.info("[DRY RUN] Would update encryption settings", { - operation: "dry_run_settings", - }); - return; - } - - try { - const encryptionSettings = [ - { key: "encryption_enabled", value: "true" }, - { - key: "encryption_migration_completed", - value: new Date().toISOString(), - }, - { key: "encryption_version", value: "1.0" }, - ]; - - for (const setting of encryptionSettings) { - const existing = await db - .select() - .from(settings) - .where(eq(settings.key, setting.key)); - - if (existing.length > 0) { - await db - .update(settings) - .set({ value: setting.value }) - .where(eq(settings.key, setting.key)); - } else { - await db.insert(settings).values(setting); - } - } - - databaseLogger.success("Encryption settings updated", { - operation: "settings_updated", - }); - } catch (error) { - databaseLogger.error("Failed to update settings", error, { - operation: "settings_update_failed", - }); - throw error; - } - } - - private async verifyMigration(): Promise { - databaseLogger.info("Verifying migration integrity", { - operation: "verification_start", - }); - - try { - const status = DatabaseEncryption.getEncryptionStatus(); - - if (!status.enabled || !status.configValid) { - throw new Error("Encryption system verification failed"); - } - - const testResult = await this.performTestEncryption(); - if (!testResult) { - throw new Error("Test encryption/decryption failed"); - } - - databaseLogger.success("Migration verification completed successfully", { - operation: "verification_complete", - status, - }); - } catch (error) { - databaseLogger.error("Migration verification failed", error, { - operation: "verification_failed", - }); - throw error; - } - } - - private async performTestEncryption(): Promise { - try { - const { FieldEncryption } = await import("./encryption.js"); - const testData = `test-data-${Date.now()}`; - const testKey = FieldEncryption.getFieldKey( - this.config.masterPassword!, - "test", - ); - - const encrypted = FieldEncryption.encryptField(testData, testKey); - const decrypted = FieldEncryption.decryptField(encrypted, testKey); - - return decrypted === testData; - } catch { - return false; - } - } - - static async checkMigrationStatus(): Promise<{ - isEncryptionEnabled: boolean; - migrationCompleted: boolean; - migrationRequired: boolean; - migrationDate?: string; - }> { - try { - const encryptionEnabled = await db - .select() - .from(settings) - .where(eq(settings.key, "encryption_enabled")); - const migrationCompleted = await db - .select() - .from(settings) - .where(eq(settings.key, "encryption_migration_completed")); - - const isEncryptionEnabled = - encryptionEnabled.length > 0 && encryptionEnabled[0].value === "true"; - const isMigrationCompleted = migrationCompleted.length > 0; - - // Check if migration is actually required by looking for unencrypted sensitive data - const migrationRequired = await this.checkIfMigrationRequired(); - - return { - isEncryptionEnabled, - migrationCompleted: isMigrationCompleted, - migrationRequired, - migrationDate: isMigrationCompleted - ? migrationCompleted[0].value - : undefined, - }; - } catch (error) { - databaseLogger.error("Failed to check migration status", error, { - operation: "status_check_failed", - }); - throw error; - } - } - - static async checkIfMigrationRequired(): Promise { - try { - // Import table schemas - const { sshData, sshCredentials } = await import( - "../database/db/schema.js" - ); - - // Check if there's any unencrypted sensitive data in ssh_data - const sshDataCount = await db - .select({ count: sql`count(*)` }) - .from(sshData); - if (sshDataCount[0].count > 0) { - // Sample a few records to check if they contain unencrypted data - const sampleData = await db.select().from(sshData).limit(5); - for (const record of sampleData) { - if (record.password && !this.looksEncrypted(record.password)) { - return true; // Found unencrypted password - } - if (record.key && !this.looksEncrypted(record.key)) { - return true; // Found unencrypted key - } - } - } - - // Check if there's any unencrypted sensitive data in ssh_credentials - const credentialsCount = await db - .select({ count: sql`count(*)` }) - .from(sshCredentials); - if (credentialsCount[0].count > 0) { - const sampleCredentials = await db - .select() - .from(sshCredentials) - .limit(5); - for (const record of sampleCredentials) { - if (record.password && !this.looksEncrypted(record.password)) { - return true; // Found unencrypted password - } - if (record.privateKey && !this.looksEncrypted(record.privateKey)) { - return true; // Found unencrypted private key - } - if (record.keyPassword && !this.looksEncrypted(record.keyPassword)) { - return true; // Found unencrypted key password - } - } - } - - return false; // No unencrypted sensitive data found - } catch (error) { - databaseLogger.warn( - "Failed to check if migration required, assuming required", - { - operation: "migration_check_failed", - error: error instanceof Error ? error.message : "Unknown error", - }, - ); - return true; // If we can't check, assume migration is required for safety - } - } - - private static looksEncrypted(data: string): boolean { - if (!data) return true; // Empty data doesn't need encryption - - try { - // Check if it looks like our encrypted format: {"data":"...","iv":"...","tag":"..."} - const parsed = JSON.parse(data); - return !!(parsed.data && parsed.iv && parsed.tag); - } catch { - // If it's not JSON, check if it's a reasonable length for encrypted data - // Encrypted data is typically much longer than plaintext - return data.length > 100 && data.includes("="); // Base64-like characteristics - } - } -} - -if (import.meta.url === `file://${process.argv[1]}`) { - const config: MigrationConfig = { - masterPassword: process.env.DB_ENCRYPTION_KEY, - forceEncryption: process.env.FORCE_ENCRYPTION === "true", - backupEnabled: process.env.BACKUP_ENABLED !== "false", - dryRun: process.env.DRY_RUN === "true", - }; - - const migration = new EncryptionMigration(config); - - migration - .runMigration() - .then(() => { - console.log("Migration completed successfully"); - process.exit(0); - }) - .catch((error) => { - console.error("Migration failed:", error.message); - process.exit(1); - }); -} - -export { EncryptionMigration }; -export type { MigrationConfig }; diff --git a/src/backend/utils/encryption-test.ts b/src/backend/utils/encryption-test.ts deleted file mode 100644 index e4368b0e..00000000 --- a/src/backend/utils/encryption-test.ts +++ /dev/null @@ -1,341 +0,0 @@ -#!/usr/bin/env node -import { FieldEncryption } from "./encryption.js"; -import { DatabaseEncryption } from "./database-encryption.js"; -import { EncryptedDBOperations } from "./encrypted-db-operations.js"; -import { databaseLogger } from "./logger.js"; - -class EncryptionTest { - private testPassword = "test-master-password-for-validation"; - - async runAllTests(): Promise { - console.log("🔐 Starting Termix Database Encryption Tests...\n"); - - const tests = [ - { - name: "Basic Encryption/Decryption", - test: () => this.testBasicEncryption(), - }, - { - name: "Field Encryption Detection", - test: () => this.testFieldDetection(), - }, - { name: "Key Derivation", test: () => this.testKeyDerivation() }, - { - name: "Database Encryption Context", - test: () => this.testDatabaseContext(), - }, - { - name: "Record Encryption/Decryption", - test: () => this.testRecordOperations(), - }, - { - name: "Backward Compatibility", - test: () => this.testBackwardCompatibility(), - }, - { name: "Error Handling", test: () => this.testErrorHandling() }, - { name: "Performance Test", test: () => this.testPerformance() }, - ]; - - let passedTests = 0; - let totalTests = tests.length; - - for (const test of tests) { - try { - console.log(`⏳ Running: ${test.name}...`); - await test.test(); - console.log(`✅ PASSED: ${test.name}\n`); - passedTests++; - } catch (error) { - console.log(`❌ FAILED: ${test.name}`); - console.log( - ` Error: ${error instanceof Error ? error.message : "Unknown error"}\n`, - ); - } - } - - const success = passedTests === totalTests; - console.log(`\n🎯 Test Results: ${passedTests}/${totalTests} tests passed`); - - if (success) { - console.log( - "🎉 All encryption tests PASSED! System is ready for production.", - ); - } else { - console.log("⚠️ Some tests FAILED! Please review the implementation."); - } - - return success; - } - - private async testBasicEncryption(): Promise { - const testData = "Hello, World! This is sensitive data."; - const key = FieldEncryption.getFieldKey(this.testPassword, "test-field"); - - const encrypted = FieldEncryption.encryptField(testData, key); - const decrypted = FieldEncryption.decryptField(encrypted, key); - - if (decrypted !== testData) { - throw new Error( - `Decryption mismatch: expected "${testData}", got "${decrypted}"`, - ); - } - - if (!FieldEncryption.isEncrypted(encrypted)) { - throw new Error("Encrypted data not detected as encrypted"); - } - - if (FieldEncryption.isEncrypted(testData)) { - throw new Error("Plain text incorrectly detected as encrypted"); - } - } - - private async testFieldDetection(): Promise { - const testCases = [ - { table: "users", field: "password_hash", shouldEncrypt: true }, - { table: "users", field: "username", shouldEncrypt: false }, - { table: "ssh_data", field: "password", shouldEncrypt: true }, - { table: "ssh_data", field: "ip", shouldEncrypt: false }, - { table: "ssh_credentials", field: "privateKey", shouldEncrypt: true }, - { table: "unknown_table", field: "any_field", shouldEncrypt: false }, - ]; - - for (const testCase of testCases) { - const result = FieldEncryption.shouldEncryptField( - testCase.table, - testCase.field, - ); - if (result !== testCase.shouldEncrypt) { - throw new Error( - `Field detection failed for ${testCase.table}.${testCase.field}: ` + - `expected ${testCase.shouldEncrypt}, got ${result}`, - ); - } - } - } - - private async testKeyDerivation(): Promise { - const password = "test-password"; - const fieldType1 = "users.password_hash"; - const fieldType2 = "ssh_data.password"; - - const key1a = FieldEncryption.getFieldKey(password, fieldType1); - const key1b = FieldEncryption.getFieldKey(password, fieldType1); - const key2 = FieldEncryption.getFieldKey(password, fieldType2); - - if (!key1a.equals(key1b)) { - throw new Error("Same field type should produce identical keys"); - } - - if (key1a.equals(key2)) { - throw new Error("Different field types should produce different keys"); - } - - const differentPasswordKey = FieldEncryption.getFieldKey( - "different-password", - fieldType1, - ); - if (key1a.equals(differentPasswordKey)) { - throw new Error("Different passwords should produce different keys"); - } - } - - private async testDatabaseContext(): Promise { - DatabaseEncryption.initialize({ - masterPassword: this.testPassword, - encryptionEnabled: true, - forceEncryption: false, - migrateOnAccess: true, - }); - - const status = DatabaseEncryption.getEncryptionStatus(); - if (!status.enabled) { - throw new Error("Encryption should be enabled"); - } - - if (!status.configValid) { - throw new Error("Configuration should be valid"); - } - } - - private async testRecordOperations(): Promise { - const testRecord = { - id: "test-id-123", - username: "testuser", - password_hash: "sensitive-password-hash", - is_admin: false, - }; - - const encrypted = DatabaseEncryption.encryptRecord("users", testRecord); - const decrypted = DatabaseEncryption.decryptRecord("users", encrypted); - - if (decrypted.username !== testRecord.username) { - throw new Error("Non-sensitive field should remain unchanged"); - } - - if (decrypted.password_hash !== testRecord.password_hash) { - throw new Error("Sensitive field should be properly decrypted"); - } - - if (!FieldEncryption.isEncrypted(encrypted.password_hash)) { - throw new Error("Sensitive field should be encrypted in stored record"); - } - } - - private async testBackwardCompatibility(): Promise { - const plaintextRecord = { - id: "legacy-id-456", - username: "legacyuser", - password_hash: "plain-text-password-hash", - is_admin: false, - }; - - const decrypted = DatabaseEncryption.decryptRecord( - "users", - plaintextRecord, - ); - - if (decrypted.password_hash !== plaintextRecord.password_hash) { - throw new Error( - "Plain text fields should be returned as-is for backward compatibility", - ); - } - - if (decrypted.username !== plaintextRecord.username) { - throw new Error("Non-sensitive fields should be unchanged"); - } - } - - private async testErrorHandling(): Promise { - const key = FieldEncryption.getFieldKey(this.testPassword, "test"); - - try { - FieldEncryption.decryptField("invalid-json-data", key); - throw new Error("Should have thrown error for invalid JSON"); - } catch (error) { - if (!error || !(error as Error).message.includes("decryption failed")) { - throw new Error("Should throw appropriate decryption error"); - } - } - - try { - const fakeEncrypted = JSON.stringify({ - data: "fake", - iv: "fake", - tag: "fake", - }); - FieldEncryption.decryptField(fakeEncrypted, key); - throw new Error("Should have thrown error for invalid encrypted data"); - } catch (error) { - if (!error || !(error as Error).message.includes("Decryption failed")) { - throw new Error("Should throw appropriate error for corrupted data"); - } - } - } - - private async testPerformance(): Promise { - const testData = - "Performance test data that is reasonably long to simulate real SSH keys and passwords."; - const key = FieldEncryption.getFieldKey( - this.testPassword, - "performance-test", - ); - - const iterations = 100; - const startTime = Date.now(); - - for (let i = 0; i < iterations; i++) { - const encrypted = FieldEncryption.encryptField(testData, key); - const decrypted = FieldEncryption.decryptField(encrypted, key); - - if (decrypted !== testData) { - throw new Error(`Performance test failed at iteration ${i}`); - } - } - - const endTime = Date.now(); - const totalTime = endTime - startTime; - const avgTime = totalTime / iterations; - - console.log( - ` ⚡ Performance: ${iterations} encrypt/decrypt cycles in ${totalTime}ms (${avgTime.toFixed(2)}ms avg)`, - ); - - if (avgTime > 50) { - console.log( - " ⚠️ Warning: Encryption operations are slower than expected", - ); - } - } - - static async validateProduction(): Promise { - console.log("🔒 Validating production encryption setup...\n"); - - try { - const encryptionKey = process.env.DB_ENCRYPTION_KEY; - - if (!encryptionKey) { - console.log("❌ DB_ENCRYPTION_KEY environment variable not set"); - return false; - } - - if (encryptionKey === "default-key-change-me") { - console.log("❌ DB_ENCRYPTION_KEY is using default value (INSECURE)"); - return false; - } - - if (encryptionKey.length < 16) { - console.log( - "❌ DB_ENCRYPTION_KEY is too short (minimum 16 characters)", - ); - return false; - } - - DatabaseEncryption.initialize({ - masterPassword: encryptionKey, - encryptionEnabled: true, - }); - - const status = DatabaseEncryption.getEncryptionStatus(); - if (!status.configValid) { - console.log("❌ Encryption configuration validation failed"); - return false; - } - - console.log("✅ Production encryption setup is valid"); - return true; - } catch (error) { - console.log( - `❌ Production validation failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - return false; - } - } -} - -if (import.meta.url === `file://${process.argv[1]}`) { - const testMode = process.argv[2]; - - if (testMode === "production") { - EncryptionTest.validateProduction() - .then((success) => { - process.exit(success ? 0 : 1); - }) - .catch((error) => { - console.error("Test execution failed:", error); - process.exit(1); - }); - } else { - const test = new EncryptionTest(); - test - .runAllTests() - .then((success) => { - process.exit(success ? 0 : 1); - }) - .catch((error) => { - console.error("Test execution failed:", error); - process.exit(1); - }); - } -} - -export { EncryptionTest }; diff --git a/src/backend/utils/encryption.ts b/src/backend/utils/encryption.ts deleted file mode 100644 index 18e32704..00000000 --- a/src/backend/utils/encryption.ts +++ /dev/null @@ -1,172 +0,0 @@ -import crypto from "crypto"; - -interface EncryptedData { - data: string; - iv: string; - tag: string; - salt?: string; -} - -interface EncryptionConfig { - algorithm: string; - keyLength: number; - ivLength: number; - saltLength: number; - iterations: number; -} - -class FieldEncryption { - private static readonly CONFIG: EncryptionConfig = { - algorithm: "aes-256-gcm", - keyLength: 32, - ivLength: 16, - saltLength: 32, - iterations: 100000, - }; - - private static readonly ENCRYPTED_FIELDS = { - users: [ - "password_hash", - "client_secret", - "totp_secret", - "totp_backup_codes", - "oidc_identifier", - ], - ssh_data: ["password", "key", "keyPassword"], - ssh_credentials: [ - "password", - "privateKey", - "keyPassword", - "key", - "publicKey", - ], - }; - - static isEncrypted(value: string | null): boolean { - if (!value) return false; - try { - const parsed = JSON.parse(value); - return !!(parsed.data && parsed.iv && parsed.tag); - } catch { - return false; - } - } - - static deriveKey(password: string, salt: Buffer, keyType: string): Buffer { - const masterKey = crypto.pbkdf2Sync( - password, - salt, - this.CONFIG.iterations, - this.CONFIG.keyLength, - "sha256", - ); - - return Buffer.from( - crypto.hkdfSync( - "sha256", - masterKey, - salt, - keyType, - this.CONFIG.keyLength, - ), - ); - } - - static encrypt(plaintext: string, key: Buffer): EncryptedData { - if (!plaintext) return { data: "", iv: "", tag: "" }; - - const iv = crypto.randomBytes(this.CONFIG.ivLength); - const cipher = crypto.createCipheriv(this.CONFIG.algorithm, key, iv) as any; - cipher.setAAD(Buffer.from("termix-field-encryption")); - - let encrypted = cipher.update(plaintext, "utf8", "hex"); - encrypted += cipher.final("hex"); - - const tag = cipher.getAuthTag(); - - return { - data: encrypted, - iv: iv.toString("hex"), - tag: tag.toString("hex"), - }; - } - - static decrypt(encryptedData: EncryptedData, key: Buffer): string { - if (!encryptedData.data) return ""; - - try { - const decipher = crypto.createDecipheriv( - this.CONFIG.algorithm, - key, - Buffer.from(encryptedData.iv, "hex"), - ) as any; - decipher.setAAD(Buffer.from("termix-field-encryption")); - decipher.setAuthTag(Buffer.from(encryptedData.tag, "hex")); - - let decrypted = decipher.update(encryptedData.data, "hex", "utf8"); - decrypted += decipher.final("utf8"); - - return decrypted; - } catch (error) { - throw new Error( - `Decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - } - } - - static encryptField(value: string, fieldKey: Buffer): string { - if (!value) return ""; - if (this.isEncrypted(value)) return value; - - const encrypted = this.encrypt(value, fieldKey); - return JSON.stringify(encrypted); - } - - static decryptField(value: string, fieldKey: Buffer): string { - if (!value) return ""; - if (!this.isEncrypted(value)) return value; - - try { - const encrypted: EncryptedData = JSON.parse(value); - return this.decrypt(encrypted, fieldKey); - } catch (error) { - throw new Error( - `Field decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - } - } - - static getFieldKey(masterPassword: string, fieldType: string): Buffer { - const salt = crypto - .createHash("sha256") - .update(`termix-${fieldType}`) - .digest(); - return this.deriveKey(masterPassword, salt, fieldType); - } - - static shouldEncryptField(tableName: string, fieldName: string): boolean { - const tableFields = - this.ENCRYPTED_FIELDS[tableName as keyof typeof this.ENCRYPTED_FIELDS]; - return tableFields ? tableFields.includes(fieldName) : false; - } - - static generateSalt(): string { - return crypto.randomBytes(this.CONFIG.saltLength).toString("hex"); - } - - static validateEncryptionHealth( - encryptedValue: string, - key: Buffer, - ): boolean { - try { - if (!this.isEncrypted(encryptedValue)) return false; - const decrypted = this.decryptField(encryptedValue, key); - return decrypted !== ""; - } catch { - return false; - } - } -} - -export { FieldEncryption }; -export type { EncryptedData, EncryptionConfig }; diff --git a/src/backend/utils/field-crypto.ts b/src/backend/utils/field-crypto.ts new file mode 100644 index 00000000..06052246 --- /dev/null +++ b/src/backend/utils/field-crypto.ts @@ -0,0 +1,95 @@ +import crypto from "crypto"; + +interface EncryptedData { + data: string; + iv: string; + tag: string; + salt: string; + recordId: string; // Store the recordId used for encryption context +} + +/** + * FieldCrypto - Simple direct field encryption + * + * Linus principles: + * - No special cases + * - No compatibility checks + * - Data is either encrypted or fails + * - No "legacy data" concept + */ +class FieldCrypto { + private static readonly ALGORITHM = "aes-256-gcm"; + private static readonly KEY_LENGTH = 32; + private static readonly IV_LENGTH = 16; + private static readonly SALT_LENGTH = 32; + + // Fields requiring encryption - simple mapping, no complex logic + private static readonly ENCRYPTED_FIELDS = { + users: new Set(["password_hash", "client_secret", "totp_secret", "totp_backup_codes", "oidc_identifier"]), + ssh_data: new Set(["password", "key", "keyPassword"]), + ssh_credentials: new Set(["password", "privateKey", "keyPassword", "key", "publicKey"]), + }; + + /** + * Encrypt field - no special cases + */ + static encryptField(plaintext: string, masterKey: Buffer, recordId: string, fieldName: string): string { + if (!plaintext) return ""; + + const salt = crypto.randomBytes(this.SALT_LENGTH); + const context = `${recordId}:${fieldName}`; + const fieldKey = Buffer.from(crypto.hkdfSync('sha256', masterKey, salt, context, this.KEY_LENGTH)); + + const iv = crypto.randomBytes(this.IV_LENGTH); + const cipher = crypto.createCipheriv(this.ALGORITHM, fieldKey, iv) as any; + + let encrypted = cipher.update(plaintext, "utf8", "hex"); + encrypted += cipher.final("hex"); + const tag = cipher.getAuthTag(); + + const encryptedData: EncryptedData = { + data: encrypted, + iv: iv.toString("hex"), + tag: tag.toString("hex"), + salt: salt.toString("hex"), + recordId: recordId, // Store recordId for consistent decryption context + }; + + return JSON.stringify(encryptedData); + } + + /** + * Decrypt field - either succeeds or fails, no third option + */ + static decryptField(encryptedValue: string, masterKey: Buffer, recordId: string, fieldName: string): string { + if (!encryptedValue) return ""; + + const encrypted: EncryptedData = JSON.parse(encryptedValue); + const salt = Buffer.from(encrypted.salt, "hex"); + + // Use ONLY the recordId that was stored during encryption + if (!encrypted.recordId) { + throw new Error(`Encrypted field missing recordId context - data corruption or legacy format not supported`); + } + const context = `${encrypted.recordId}:${fieldName}`; + const fieldKey = Buffer.from(crypto.hkdfSync('sha256', masterKey, salt, context, this.KEY_LENGTH)); + + const decipher = crypto.createDecipheriv(this.ALGORITHM, fieldKey, Buffer.from(encrypted.iv, "hex")) as any; + decipher.setAuthTag(Buffer.from(encrypted.tag, "hex")); + + let decrypted = decipher.update(encrypted.data, "hex", "utf8"); + decrypted += decipher.final("utf8"); + + return decrypted; + } + + /** + * Check if field needs encryption - simple table lookup, no complex logic + */ + static shouldEncryptField(tableName: string, fieldName: string): boolean { + const fields = this.ENCRYPTED_FIELDS[tableName as keyof typeof this.ENCRYPTED_FIELDS]; + return fields ? fields.has(fieldName) : false; + } +} + +export { FieldCrypto, type EncryptedData }; \ No newline at end of file diff --git a/src/backend/utils/hardware-fingerprint.ts b/src/backend/utils/hardware-fingerprint.ts deleted file mode 100644 index b68201d7..00000000 --- a/src/backend/utils/hardware-fingerprint.ts +++ /dev/null @@ -1,436 +0,0 @@ -import crypto from "crypto"; -import os from "os"; -import { execSync } from "child_process"; -import fs from "fs"; -import { databaseLogger } from "./logger.js"; - -interface HardwareInfo { - cpuId?: string; - motherboardUuid?: string; - diskSerial?: string; - biosSerial?: string; - tpmInfo?: string; - macAddresses?: string[]; -} - -/** - * 硬件指纹生成器 - 使用真实硬件特征生成稳定的设备指纹 - * 相比软件环境指纹,硬件指纹在虚拟化和容器环境中更加稳定 - */ -class HardwareFingerprint { - private static readonly CACHE_KEY = "cached_hardware_fingerprint"; - private static cachedFingerprint: string | null = null; - - /** - * 生成硬件指纹 - * 优先级:缓存 > 环境变量 > 硬件检测 - */ - static generate(): string { - try { - if (this.cachedFingerprint) { - return this.cachedFingerprint; - } - - const envFingerprint = process.env.TERMIX_HARDWARE_SEED; - if (envFingerprint && envFingerprint.length >= 32) { - databaseLogger.info("Using hardware seed from environment variable", { - operation: "hardware_fingerprint_env", - }); - this.cachedFingerprint = this.hashFingerprint(envFingerprint); - return this.cachedFingerprint; - } - - const hwInfo = this.detectHardwareInfo(); - const fingerprint = this.generateFromHardware(hwInfo); - - this.cachedFingerprint = fingerprint; - - return fingerprint; - } catch (error) { - databaseLogger.error("Hardware fingerprint generation failed", error, { - operation: "hardware_fingerprint_failed", - }); - - return this.generateFallbackFingerprint(); - } - } - - /** - * 检测硬件信息 - */ - private static detectHardwareInfo(): HardwareInfo { - const platform = os.platform(); - const hwInfo: HardwareInfo = {}; - - try { - switch (platform) { - case "linux": - hwInfo.cpuId = this.getLinuxCpuId(); - hwInfo.motherboardUuid = this.getLinuxMotherboardUuid(); - hwInfo.diskSerial = this.getLinuxDiskSerial(); - hwInfo.biosSerial = this.getLinuxBiosSerial(); - break; - - case "win32": - hwInfo.cpuId = this.getWindowsCpuId(); - hwInfo.motherboardUuid = this.getWindowsMotherboardUuid(); - hwInfo.diskSerial = this.getWindowsDiskSerial(); - hwInfo.biosSerial = this.getWindowsBiosSerial(); - break; - - case "darwin": - hwInfo.cpuId = this.getMacOSCpuId(); - hwInfo.motherboardUuid = this.getMacOSMotherboardUuid(); - hwInfo.diskSerial = this.getMacOSDiskSerial(); - hwInfo.biosSerial = this.getMacOSBiosSerial(); - break; - } - - // 所有平台都尝试获取MAC地址 - hwInfo.macAddresses = this.getStableMacAddresses(); - } catch (error) { - databaseLogger.error("Some hardware detection failed", error, { - operation: "hardware_detection_partial_failure", - platform, - }); - } - - return hwInfo; - } - - /** - * Linux平台硬件信息获取 - */ - private static getLinuxCpuId(): string | undefined { - try { - // 尝试多种方法获取CPU信息 - const methods = [ - () => - fs - .readFileSync("/proc/cpuinfo", "utf8") - .match(/processor\s*:\s*(\d+)/)?.[1], - () => - execSync('dmidecode -t processor | grep "ID:" | head -1', { - encoding: "utf8", - }).trim(), - () => - execSync( - 'cat /proc/cpuinfo | grep "cpu family\\|model\\|stepping" | md5sum', - { encoding: "utf8" }, - ).split(" ")[0], - ]; - - for (const method of methods) { - try { - const result = method(); - if (result && result.length > 0) return result; - } catch { - /* 继续尝试下一种方法 */ - } - } - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getLinuxMotherboardUuid(): string | undefined { - try { - // 尝试多种方法获取主板UUID - const methods = [ - () => fs.readFileSync("/sys/class/dmi/id/product_uuid", "utf8").trim(), - () => fs.readFileSync("/proc/sys/kernel/random/boot_id", "utf8").trim(), - () => execSync("dmidecode -s system-uuid", { encoding: "utf8" }).trim(), - ]; - - for (const method of methods) { - try { - const result = method(); - if (result && result.length > 0 && result !== "Not Settable") - return result; - } catch { - /* 继续尝试下一种方法 */ - } - } - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getLinuxDiskSerial(): string | undefined { - try { - // 获取根分区所在磁盘的序列号 - const rootDisk = execSync( - "df / | tail -1 | awk '{print $1}' | sed 's/[0-9]*$//'", - { encoding: "utf8" }, - ).trim(); - if (rootDisk) { - const serial = execSync( - `udevadm info --name=${rootDisk} | grep ID_SERIAL= | cut -d= -f2`, - { encoding: "utf8" }, - ).trim(); - if (serial && serial.length > 0) return serial; - } - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getLinuxBiosSerial(): string | undefined { - try { - const methods = [ - () => fs.readFileSync("/sys/class/dmi/id/board_serial", "utf8").trim(), - () => - execSync("dmidecode -s baseboard-serial-number", { - encoding: "utf8", - }).trim(), - ]; - - for (const method of methods) { - try { - const result = method(); - if (result && result.length > 0 && result !== "Not Specified") - return result; - } catch { - /* 继续尝试下一种方法 */ - } - } - } catch { - /* 忽略错误 */ - } - return undefined; - } - - /** - * Windows平台硬件信息获取 - */ - private static getWindowsCpuId(): string | undefined { - try { - const result = execSync("wmic cpu get ProcessorId /value", { - encoding: "utf8", - }); - const match = result.match(/ProcessorId=(.+)/); - return match?.[1]?.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getWindowsMotherboardUuid(): string | undefined { - try { - const result = execSync("wmic csproduct get UUID /value", { - encoding: "utf8", - }); - const match = result.match(/UUID=(.+)/); - return match?.[1]?.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getWindowsDiskSerial(): string | undefined { - try { - const result = execSync("wmic diskdrive get SerialNumber /value", { - encoding: "utf8", - }); - const match = result.match(/SerialNumber=(.+)/); - return match?.[1]?.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getWindowsBiosSerial(): string | undefined { - try { - const result = execSync("wmic baseboard get SerialNumber /value", { - encoding: "utf8", - }); - const match = result.match(/SerialNumber=(.+)/); - return match?.[1]?.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - /** - * macOS平台硬件信息获取 - */ - private static getMacOSCpuId(): string | undefined { - try { - const result = execSync("sysctl -n machdep.cpu.brand_string", { - encoding: "utf8", - }); - return result.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getMacOSMotherboardUuid(): string | undefined { - try { - const result = execSync( - 'system_profiler SPHardwareDataType | grep "Hardware UUID"', - { encoding: "utf8" }, - ); - const match = result.match(/Hardware UUID:\s*(.+)/); - return match?.[1]?.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getMacOSDiskSerial(): string | undefined { - try { - const result = execSync( - 'system_profiler SPStorageDataType | grep "Serial Number"', - { encoding: "utf8" }, - ); - const match = result.match(/Serial Number:\s*(.+)/); - return match?.[1]?.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - private static getMacOSBiosSerial(): string | undefined { - try { - const result = execSync( - 'system_profiler SPHardwareDataType | grep "Serial Number"', - { encoding: "utf8" }, - ); - const match = result.match(/Serial Number \(system\):\s*(.+)/); - return match?.[1]?.trim(); - } catch { - /* 忽略错误 */ - } - return undefined; - } - - /** - * 获取稳定的MAC地址 - * 排除虚拟接口和临时接口 - */ - private static getStableMacAddresses(): string[] { - try { - const networkInterfaces = os.networkInterfaces(); - const macAddresses: string[] = []; - - for (const [interfaceName, interfaces] of Object.entries( - networkInterfaces, - )) { - if (!interfaces) continue; - - // 排除虚拟接口和Docker接口 - if (interfaceName.match(/^(lo|docker|veth|br-|virbr)/)) continue; - - for (const iface of interfaces) { - if ( - !iface.internal && - iface.mac && - iface.mac !== "00:00:00:00:00:00" && - !iface.mac.startsWith("02:42:") - ) { - // Docker接口特征 - macAddresses.push(iface.mac); - } - } - } - - return macAddresses.sort(); // 排序确保一致性 - } catch { - return []; - } - } - - /** - * 从硬件信息生成指纹 - */ - private static generateFromHardware(hwInfo: HardwareInfo): string { - const components = [ - hwInfo.motherboardUuid, // 最稳定的标识符 - hwInfo.cpuId, - hwInfo.biosSerial, - hwInfo.diskSerial, - hwInfo.macAddresses?.join(","), - os.platform(), // 操作系统平台 - os.arch(), // CPU架构 - ].filter(Boolean); // 过滤空值 - - if (components.length === 0) { - throw new Error("No hardware identifiers found"); - } - - return this.hashFingerprint(components.join("|")); - } - - /** - * 生成回退指纹(当硬件检测失败时) - */ - private static generateFallbackFingerprint(): string { - const fallbackComponents = [ - os.hostname(), - os.platform(), - os.arch(), - process.cwd(), - "fallback-mode", - ]; - - databaseLogger.warn( - "Using fallback fingerprint due to hardware detection failure", - { - operation: "hardware_fingerprint_fallback", - }, - ); - - return this.hashFingerprint(fallbackComponents.join("|")); - } - - /** - * 标准化指纹哈希 - */ - private static hashFingerprint(data: string): string { - return crypto.createHash("sha256").update(data).digest("hex"); - } - - /** - * 获取硬件指纹信息(用于调试和显示) - */ - static getHardwareInfo(): HardwareInfo & { fingerprint: string } { - const hwInfo = this.detectHardwareInfo(); - return { - ...hwInfo, - fingerprint: this.generate().substring(0, 16), - }; - } - - /** - * 验证当前硬件指纹 - */ - static validateFingerprint(expectedFingerprint: string): boolean { - try { - const currentFingerprint = this.generate(); - return currentFingerprint === expectedFingerprint; - } catch { - return false; - } - } - - /** - * 清除缓存(用于测试) - */ - static clearCache(): void { - this.cachedFingerprint = null; - } -} - -export { HardwareFingerprint }; -export type { HardwareInfo }; diff --git a/src/backend/utils/lazy-field-encryption.ts b/src/backend/utils/lazy-field-encryption.ts new file mode 100644 index 00000000..c46637ab --- /dev/null +++ b/src/backend/utils/lazy-field-encryption.ts @@ -0,0 +1,295 @@ +import { FieldCrypto } from "./field-crypto.js"; +import { databaseLogger } from "./logger.js"; + +/** + * 延迟字段加密 - 处理从明文到加密的平滑迁移 + * 用于在用户登录时将明文敏感数据逐步加密 + */ +export class LazyFieldEncryption { + /** + * 检测字段是否为明文(未加密) + */ + static isPlaintextField(value: string): boolean { + if (!value) return false; + + try { + const parsed = JSON.parse(value); + // 如果能解析为JSON且包含加密数据结构,则认为已加密 + if (parsed && typeof parsed === 'object' && + parsed.data && parsed.iv && parsed.tag && parsed.salt && parsed.recordId) { + return false; // 已加密 + } + // JSON格式但不是加密结构,视为明文 + return true; + } catch (jsonError) { + // 无法解析为JSON,视为明文 + return true; + } + } + + /** + * 安全获取字段值 - 自动处理明文和加密数据 + * 如果是明文,直接返回;如果已加密,则解密 + */ + static safeGetFieldValue( + fieldValue: string, + userKEK: Buffer, + recordId: string, + fieldName: string + ): string { + if (!fieldValue) return ""; + + if (this.isPlaintextField(fieldValue)) { + // 明文数据,直接返回 + databaseLogger.debug("Field detected as plaintext, returning as-is", { + operation: "lazy_encryption_plaintext_detected", + recordId, + fieldName, + valuePreview: fieldValue.substring(0, 10) + "...", + }); + return fieldValue; + } else { + // 加密数据,需要解密 + try { + const decrypted = FieldCrypto.decryptField(fieldValue, userKEK, recordId, fieldName); + databaseLogger.debug("Field decrypted successfully", { + operation: "lazy_encryption_decrypt_success", + recordId, + fieldName, + }); + return decrypted; + } catch (error) { + databaseLogger.error("Failed to decrypt field", error, { + operation: "lazy_encryption_decrypt_failed", + recordId, + fieldName, + error: error instanceof Error ? error.message : "Unknown error", + }); + throw error; + } + } + } + + /** + * 迁移明文字段到加密状态 + * 返回加密后的值,如果已经加密则返回原值 + */ + static migrateFieldToEncrypted( + fieldValue: string, + userKEK: Buffer, + recordId: string, + fieldName: string + ): { encrypted: string; wasPlaintext: boolean } { + if (!fieldValue) { + return { encrypted: "", wasPlaintext: false }; + } + + if (this.isPlaintextField(fieldValue)) { + // 明文数据,需要加密 + try { + const encrypted = FieldCrypto.encryptField(fieldValue, userKEK, recordId, fieldName); + + databaseLogger.info("Field migrated from plaintext to encrypted", { + operation: "lazy_encryption_migrate_success", + recordId, + fieldName, + plaintextLength: fieldValue.length, + }); + + return { encrypted, wasPlaintext: true }; + } catch (error) { + databaseLogger.error("Failed to encrypt plaintext field", error, { + operation: "lazy_encryption_migrate_failed", + recordId, + fieldName, + error: error instanceof Error ? error.message : "Unknown error", + }); + throw error; + } + } else { + // 已经加密,无需处理 + databaseLogger.debug("Field already encrypted, no migration needed", { + operation: "lazy_encryption_already_encrypted", + recordId, + fieldName, + }); + return { encrypted: fieldValue, wasPlaintext: false }; + } + } + + /** + * 批量迁移记录中的敏感字段 + */ + static migrateRecordSensitiveFields( + record: any, + sensitiveFields: string[], + userKEK: Buffer, + recordId: string + ): { + updatedRecord: any; + migratedFields: string[]; + needsUpdate: boolean + } { + const updatedRecord = { ...record }; + const migratedFields: string[] = []; + let needsUpdate = false; + + for (const fieldName of sensitiveFields) { + const fieldValue = record[fieldName]; + + if (fieldValue && this.isPlaintextField(fieldValue)) { + try { + const { encrypted } = this.migrateFieldToEncrypted( + fieldValue, + userKEK, + recordId, + fieldName + ); + + updatedRecord[fieldName] = encrypted; + migratedFields.push(fieldName); + needsUpdate = true; + + databaseLogger.debug("Record field migrated to encrypted", { + operation: "lazy_encryption_record_field_migrated", + recordId, + fieldName, + }); + } catch (error) { + databaseLogger.error("Failed to migrate record field", error, { + operation: "lazy_encryption_record_field_failed", + recordId, + fieldName, + }); + // 不抛出错误,继续处理其他字段 + } + } + } + + if (needsUpdate) { + databaseLogger.info("Record requires sensitive field migration", { + operation: "lazy_encryption_record_migration_needed", + recordId, + migratedFields, + totalMigratedFields: migratedFields.length, + }); + } + + return { updatedRecord, migratedFields, needsUpdate }; + } + + /** + * 获取敏感字段列表 - 定义哪些字段需要延迟加密 + */ + static getSensitiveFieldsForTable(tableName: string): string[] { + const sensitiveFieldsMap: Record = { + 'ssh_data': ['password', 'key', 'key_password'], + 'ssh_credentials': ['password', 'key', 'key_password', 'private_key'], + 'users': ['totp_secret', 'totp_backup_codes'], + }; + + return sensitiveFieldsMap[tableName] || []; + } + + /** + * 检查用户是否有需要迁移的明文数据 + */ + static async checkUserNeedsMigration( + userId: string, + userKEK: Buffer, + db: any + ): Promise<{ + needsMigration: boolean; + plaintextFields: Array<{ table: string; recordId: string; fields: string[] }>; + }> { + const plaintextFields: Array<{ table: string; recordId: string; fields: string[] }> = []; + let needsMigration = false; + + try { + // 检查 ssh_data 表 + const sshHosts = db.prepare("SELECT * FROM ssh_data WHERE user_id = ?").all(userId); + for (const host of sshHosts) { + const sensitiveFields = this.getSensitiveFieldsForTable('ssh_data'); + const hostPlaintextFields: string[] = []; + + for (const field of sensitiveFields) { + if (host[field] && this.isPlaintextField(host[field])) { + hostPlaintextFields.push(field); + needsMigration = true; + } + } + + if (hostPlaintextFields.length > 0) { + plaintextFields.push({ + table: 'ssh_data', + recordId: host.id.toString(), + fields: hostPlaintextFields, + }); + } + } + + // 检查 ssh_credentials 表 + const sshCredentials = db.prepare("SELECT * FROM ssh_credentials WHERE user_id = ?").all(userId); + for (const credential of sshCredentials) { + const sensitiveFields = this.getSensitiveFieldsForTable('ssh_credentials'); + const credentialPlaintextFields: string[] = []; + + for (const field of sensitiveFields) { + if (credential[field] && this.isPlaintextField(credential[field])) { + credentialPlaintextFields.push(field); + needsMigration = true; + } + } + + if (credentialPlaintextFields.length > 0) { + plaintextFields.push({ + table: 'ssh_credentials', + recordId: credential.id.toString(), + fields: credentialPlaintextFields, + }); + } + } + + // 检查 users 表中的敏感字段 + const user = db.prepare("SELECT * FROM users WHERE id = ?").get(userId); + if (user) { + const sensitiveFields = this.getSensitiveFieldsForTable('users'); + const userPlaintextFields: string[] = []; + + for (const field of sensitiveFields) { + if (user[field] && this.isPlaintextField(user[field])) { + userPlaintextFields.push(field); + needsMigration = true; + } + } + + if (userPlaintextFields.length > 0) { + plaintextFields.push({ + table: 'users', + recordId: userId, + fields: userPlaintextFields, + }); + } + } + + databaseLogger.info("User migration check completed", { + operation: "lazy_encryption_user_check", + userId, + needsMigration, + plaintextFieldsCount: plaintextFields.length, + totalPlaintextFields: plaintextFields.reduce((sum, item) => sum + item.fields.length, 0), + }); + + return { needsMigration, plaintextFields }; + + } catch (error) { + databaseLogger.error("Failed to check user migration needs", error, { + operation: "lazy_encryption_user_check_failed", + userId, + error: error instanceof Error ? error.message : "Unknown error", + }); + + return { needsMigration: false, plaintextFields: [] }; + } + } +} \ No newline at end of file diff --git a/src/backend/utils/master-key-protection.ts b/src/backend/utils/master-key-protection.ts deleted file mode 100644 index 216c9a1e..00000000 --- a/src/backend/utils/master-key-protection.ts +++ /dev/null @@ -1,201 +0,0 @@ -import crypto from "crypto"; -import { databaseLogger } from "./logger.js"; -import { HardwareFingerprint } from "./hardware-fingerprint.js"; - -interface ProtectedKeyData { - data: string; - iv: string; - tag: string; - version: string; - fingerprint: string; -} - -class MasterKeyProtection { - private static readonly VERSION = "v1"; - private static readonly KEK_SALT = "termix-kek-salt-v1"; - private static readonly KEK_ITERATIONS = 50000; - - private static generateDeviceFingerprint(): string { - try { - const fingerprint = HardwareFingerprint.generate(); - - return fingerprint; - } catch (error) { - databaseLogger.error("Failed to generate hardware fingerprint", error, { - operation: "hardware_fingerprint_generation_failed", - }); - throw new Error("Hardware fingerprint generation failed"); - } - } - - private static deriveKEK(): Buffer { - const fingerprint = this.generateDeviceFingerprint(); - const salt = Buffer.from(this.KEK_SALT); - - const kek = crypto.pbkdf2Sync( - fingerprint, - salt, - this.KEK_ITERATIONS, - 32, - "sha256", - ); - - return kek; - } - - static encryptMasterKey(masterKey: string): string { - if (!masterKey) { - throw new Error("Master key cannot be empty"); - } - - try { - const kek = this.deriveKEK(); - const iv = crypto.randomBytes(16); - const cipher = crypto.createCipheriv("aes-256-gcm", kek, iv) as any; - - let encrypted = cipher.update(masterKey, "hex", "hex"); - encrypted += cipher.final("hex"); - const tag = cipher.getAuthTag(); - - const protectedData: ProtectedKeyData = { - data: encrypted, - iv: iv.toString("hex"), - tag: tag.toString("hex"), - version: this.VERSION, - fingerprint: this.generateDeviceFingerprint().substring(0, 16), - }; - - const result = JSON.stringify(protectedData); - - databaseLogger.info("Master key encrypted with hardware KEK", { - operation: "master_key_encryption", - version: this.VERSION, - fingerprintPrefix: protectedData.fingerprint, - }); - - return result; - } catch (error) { - databaseLogger.error("Failed to encrypt master key", error, { - operation: "master_key_encryption_failed", - }); - throw new Error("Master key encryption failed"); - } - } - - static decryptMasterKey(encryptedKey: string): string { - if (!encryptedKey) { - throw new Error("Encrypted key cannot be empty"); - } - - try { - const protectedData: ProtectedKeyData = JSON.parse(encryptedKey); - - if (protectedData.version !== this.VERSION) { - throw new Error( - `Unsupported protection version: ${protectedData.version}`, - ); - } - - const currentFingerprint = this.generateDeviceFingerprint().substring( - 0, - 16, - ); - if (protectedData.fingerprint !== currentFingerprint) { - databaseLogger.warn("Hardware fingerprint mismatch detected", { - operation: "master_key_decryption", - expected: protectedData.fingerprint, - current: currentFingerprint, - }); - throw new Error( - "Hardware fingerprint mismatch - key was encrypted on different hardware", - ); - } - - const kek = this.deriveKEK(); - const decipher = crypto.createDecipheriv( - "aes-256-gcm", - kek, - Buffer.from(protectedData.iv, "hex"), - ) as any; - decipher.setAuthTag(Buffer.from(protectedData.tag, "hex")); - - let decrypted = decipher.update(protectedData.data, "hex", "hex"); - decrypted += decipher.final("hex"); - - return decrypted; - } catch (error) { - databaseLogger.error("Failed to decrypt master key", error, { - operation: "master_key_decryption_failed", - }); - throw new Error( - `Master key decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`, - ); - } - } - - static isProtectedKey(data: string): boolean { - try { - const parsed = JSON.parse(data); - return !!( - parsed.data && - parsed.iv && - parsed.tag && - parsed.version && - parsed.fingerprint - ); - } catch { - return false; - } - } - - static validateProtection(): boolean { - try { - const testKey = crypto.randomBytes(32).toString("hex"); - const encrypted = this.encryptMasterKey(testKey); - const decrypted = this.decryptMasterKey(encrypted); - - const isValid = decrypted === testKey; - - databaseLogger.info("Master key protection validation completed", { - operation: "protection_validation", - result: isValid ? "passed" : "failed", - }); - - return isValid; - } catch (error) { - databaseLogger.error("Master key protection validation failed", error, { - operation: "protection_validation_failed", - }); - return false; - } - } - - static getProtectionInfo(encryptedKey: string): { - version: string; - fingerprint: string; - isCurrentDevice: boolean; - } | null { - try { - if (!this.isProtectedKey(encryptedKey)) { - return null; - } - - const protectedData: ProtectedKeyData = JSON.parse(encryptedKey); - const currentFingerprint = this.generateDeviceFingerprint().substring( - 0, - 16, - ); - - return { - version: protectedData.version, - fingerprint: protectedData.fingerprint, - isCurrentDevice: protectedData.fingerprint === currentFingerprint, - }; - } catch { - return null; - } - } -} - -export { MasterKeyProtection }; -export type { ProtectedKeyData }; diff --git a/src/backend/utils/simple-db-ops.ts b/src/backend/utils/simple-db-ops.ts new file mode 100644 index 00000000..24fd6f82 --- /dev/null +++ b/src/backend/utils/simple-db-ops.ts @@ -0,0 +1,204 @@ +import { getDb, DatabaseSaveTrigger } from "../database/db/index.js"; +import { DataCrypto } from "./data-crypto.js"; +import { databaseLogger } from "./logger.js"; +import type { SQLiteTable } from "drizzle-orm/sqlite-core"; + +type TableName = "users" | "ssh_data" | "ssh_credentials"; + +/** + * SimpleDBOps - Simplified encrypted database operations + * + * Linus-style simplification: + * - Remove all complex abstraction layers + * - Direct CRUD operations + * - Automatic encryption/decryption + * - No special case handling + */ +class SimpleDBOps { + /** + * Insert encrypted record + */ + static async insert>( + table: SQLiteTable, + tableName: TableName, + data: T, + userId: string, + ): Promise { + // Get user data key once and reuse throughout operation + const userDataKey = DataCrypto.validateUserAccess(userId); + + // Generate consistent temporary ID for encryption context if record has no ID + const tempId = data.id || `temp-${userId}-${Date.now()}`; + const dataWithTempId = { ...data, id: tempId }; + + // Encrypt data using the locked key - recordId will be stored in encrypted fields + const encryptedData = DataCrypto.encryptRecord(tableName, dataWithTempId, userId, userDataKey); + + // Remove temp ID if it was generated, let database assign real ID + if (!data.id) { + delete encryptedData.id; + } + + // Insert into database + const result = await getDb().insert(table).values(encryptedData).returning(); + + // Trigger database save after insert + DatabaseSaveTrigger.triggerSave(`insert_${tableName}`); + + // Decrypt return result using the same key - FieldCrypto will use stored recordId + const decryptedResult = DataCrypto.decryptRecord( + tableName, + result[0], + userId, + userDataKey + ); + + databaseLogger.debug(`Inserted encrypted record into ${tableName}`, { + operation: "simple_insert", + table: tableName, + userId, + recordId: result[0].id, + }); + + return decryptedResult as T; + } + + /** + * Query multiple records + */ + static async select>( + query: any, + tableName: TableName, + userId: string, + ): Promise { + // Get user data key once and reuse throughout operation + const userDataKey = DataCrypto.validateUserAccess(userId); + + // Execute query + const results = await query; + + // Decrypt results using locked key + const decryptedResults = DataCrypto.decryptRecords( + tableName, + results, + userId, + userDataKey + ); + + return decryptedResults; + } + + /** + * Query single record + */ + static async selectOne>( + query: any, + tableName: TableName, + userId: string, + ): Promise { + // Get user data key once and reuse throughout operation + const userDataKey = DataCrypto.validateUserAccess(userId); + + // Execute query + const result = await query; + if (!result) return undefined; + + // Decrypt results using locked key + const decryptedResult = DataCrypto.decryptRecord( + tableName, + result, + userId, + userDataKey + ); + + databaseLogger.debug(`Selected single record from ${tableName}`, { + operation: "simple_select_one", + table: tableName, + userId, + recordId: result.id, + }); + + return decryptedResult; + } + + /** + * Update record + */ + static async update>( + table: SQLiteTable, + tableName: TableName, + where: any, + data: Partial, + userId: string, + ): Promise { + // Get user data key once and reuse throughout operation + const userDataKey = DataCrypto.validateUserAccess(userId); + + // Encrypt update data using the locked key + const encryptedData = DataCrypto.encryptRecord(tableName, data, userId, userDataKey); + + // Execute update + const result = await getDb() + .update(table) + .set(encryptedData) + .where(where) + .returning(); + + // Trigger database save after update + DatabaseSaveTrigger.triggerSave(`update_${tableName}`); + + // Decrypt return data using the same key + const decryptedResults = DataCrypto.decryptRecords( + tableName, + result, + userId, + userDataKey + ); + + databaseLogger.debug(`Updated records in ${tableName}`, { + operation: "simple_update", + table: tableName, + userId, + updatedCount: result.length, + }); + + return decryptedResults as T[]; + } + + /** + * Delete record + */ + static async delete( + table: SQLiteTable, + tableName: TableName, + where: any, + userId: string, + ): Promise { + const result = await getDb().delete(table).where(where).returning(); + + // Trigger database save after delete + DatabaseSaveTrigger.triggerSave(`delete_${tableName}`); + + return result; + } + + /** + * Health check + */ + static async healthCheck(userId: string): Promise { + return DataCrypto.canUserAccessData(userId); + } + + /** + * Special method: return encrypted data (for auto-start scenarios) + * No decryption, return data in encrypted state directly + */ + static async selectEncrypted(query: any, tableName: TableName): Promise { + // Execute query directly, no decryption + const results = await query; + + return results; + } +} + +export { SimpleDBOps, type TableName }; \ No newline at end of file diff --git a/src/backend/utils/system-crypto.ts b/src/backend/utils/system-crypto.ts new file mode 100644 index 00000000..2135d003 --- /dev/null +++ b/src/backend/utils/system-crypto.ts @@ -0,0 +1,329 @@ +import crypto from "crypto"; +import { promises as fs } from "fs"; +import path from "path"; +import { databaseLogger } from "./logger.js"; + +/** + * SystemCrypto - Open source friendly system key management + * + * Linus principles: + * - Remove complex "system master key" layer - doesn't solve real threats + * - Remove hardcoded default keys - security disaster for open source software + * - Auto-generate on first startup - each instance independently secure + * - Simple and direct, focus on real security boundaries + */ +class SystemCrypto { + private static instance: SystemCrypto; + private jwtSecret: string | null = null; + private databaseKey: Buffer | null = null; + private internalAuthToken: string | null = null; + + + private constructor() {} + + static getInstance(): SystemCrypto { + if (!this.instance) { + this.instance = new SystemCrypto(); + } + return this.instance; + } + + /** + * Initialize JWT secret - environment variable only + */ + async initializeJWTSecret(): Promise { + try { + databaseLogger.info("Initializing JWT secret", { + operation: "jwt_init", + }); + + // Check environment variable + const envSecret = process.env.JWT_SECRET; + if (envSecret && envSecret.length >= 64) { + this.jwtSecret = envSecret; + databaseLogger.info("✅ Using JWT secret from environment variable", { + operation: "jwt_env_loaded", + source: "environment" + }); + return; + } + + // No environment variable - generate and guide user + await this.generateAndGuideUser(); + + } catch (error) { + databaseLogger.error("Failed to initialize JWT secret", error, { + operation: "jwt_init_failed", + }); + throw new Error("JWT secret initialization failed"); + } + } + + /** + * Get JWT secret + */ + async getJWTSecret(): Promise { + if (!this.jwtSecret) { + await this.initializeJWTSecret(); + } + return this.jwtSecret!; + } + + /** + * Initialize database encryption key - environment variable only + */ + async initializeDatabaseKey(): Promise { + try { + databaseLogger.info("Initializing database encryption key", { + operation: "db_key_init", + }); + + // Check environment variable + const envKey = process.env.DATABASE_KEY; + if (envKey && envKey.length >= 64) { + this.databaseKey = Buffer.from(envKey, 'hex'); + databaseLogger.info("✅ Using database key from environment variable", { + operation: "db_key_env_loaded", + source: "environment" + }); + return; + } + + // No environment variable - generate and guide user + await this.generateAndGuideDatabaseKey(); + + } catch (error) { + databaseLogger.error("Failed to initialize database key", error, { + operation: "db_key_init_failed", + }); + throw new Error("Database key initialization failed"); + } + } + + /** + * Get database encryption key + */ + async getDatabaseKey(): Promise { + if (!this.databaseKey) { + await this.initializeDatabaseKey(); + } + return this.databaseKey!; + } + + /** + * Initialize internal auth token - environment variable only + */ + async initializeInternalAuthToken(): Promise { + try { + databaseLogger.info("Initializing internal auth token", { + operation: "internal_auth_init", + }); + + // Check environment variable + const envToken = process.env.INTERNAL_AUTH_TOKEN; + if (envToken && envToken.length >= 32) { + this.internalAuthToken = envToken; + databaseLogger.info("✅ Using internal auth token from environment variable", { + operation: "internal_auth_env_loaded", + source: "environment" + }); + return; + } + + // No environment variable - generate and guide user + await this.generateAndGuideInternalAuthToken(); + + } catch (error) { + databaseLogger.error("Failed to initialize internal auth token", error, { + operation: "internal_auth_init_failed", + }); + throw new Error("Internal auth token initialization failed"); + } + } + + /** + * Get internal auth token + */ + async getInternalAuthToken(): Promise { + if (!this.internalAuthToken) { + await this.initializeInternalAuthToken(); + } + return this.internalAuthToken!; + } + + /** + * Generate and auto-save to .env file + */ + private async generateAndGuideUser(): Promise { + const newSecret = crypto.randomBytes(32).toString('hex'); + const instanceId = crypto.randomBytes(8).toString('hex'); + + // Set in memory for current session + this.jwtSecret = newSecret; + + // Auto-save to .env file + await this.updateEnvFile("JWT_SECRET", newSecret); + + databaseLogger.success("🔐 JWT secret auto-generated and saved to .env", { + operation: "jwt_auto_generated", + instanceId, + envVarName: "JWT_SECRET", + note: "Ready for use - no restart required" + }); + } + + + // ===== Database key generation and storage methods ===== + + /** + * Generate and auto-save database key to .env file + */ + private async generateAndGuideDatabaseKey(): Promise { + const newKey = crypto.randomBytes(32); // 256-bit key for AES-256 + const newKeyHex = newKey.toString('hex'); + const instanceId = crypto.randomBytes(8).toString('hex'); + + // Set in memory for current session + this.databaseKey = newKey; + + // Auto-save to .env file + await this.updateEnvFile("DATABASE_KEY", newKeyHex); + + databaseLogger.success("🔒 Database key auto-generated and saved to .env", { + operation: "db_key_auto_generated", + instanceId, + envVarName: "DATABASE_KEY", + note: "Ready for use - no restart required" + }); + } + + /** + * Generate and auto-save internal auth token to .env file + */ + private async generateAndGuideInternalAuthToken(): Promise { + const newToken = crypto.randomBytes(32).toString('hex'); // 256-bit token for security + const instanceId = crypto.randomBytes(8).toString('hex'); + + // Set in memory for current session + this.internalAuthToken = newToken; + + // Auto-save to .env file + await this.updateEnvFile("INTERNAL_AUTH_TOKEN", newToken); + + databaseLogger.success("🔑 Internal auth token auto-generated and saved to .env", { + operation: "internal_auth_auto_generated", + instanceId, + envVarName: "INTERNAL_AUTH_TOKEN", + note: "Ready for use - no restart required" + }); + } + + + + + /** + * Validate JWT secret system + */ + async validateJWTSecret(): Promise { + try { + const secret = await this.getJWTSecret(); + if (!secret || secret.length < 32) { + return false; + } + + // Test JWT operations + const jwt = await import("jsonwebtoken"); + const testPayload = { test: true, timestamp: Date.now() }; + const token = jwt.default.sign(testPayload, secret, { expiresIn: "1s" }); + const decoded = jwt.default.verify(token, secret); + + return !!decoded; + } catch (error) { + databaseLogger.error("JWT secret validation failed", error, { + operation: "jwt_validation_failed", + }); + return false; + } + } + + /** + * Get JWT key status (simplified version) + */ + async getSystemKeyStatus() { + const isValid = await this.validateJWTSecret(); + const hasSecret = this.jwtSecret !== null; + + + // Check environment variable + const hasEnvVar = !!(process.env.JWT_SECRET && process.env.JWT_SECRET.length >= 64); + + return { + hasSecret, + isValid, + storage: { + environment: hasEnvVar + }, + algorithm: "HS256", + note: "Using simplified key management without encryption layers" + }; + } + + /** + * Update .env file with new environment variable + */ + private async updateEnvFile(key: string, value: string): Promise { + // Use persistent config directory if available (Docker), otherwise use current directory + const configDir = process.env.NODE_ENV === 'production' && + await fs.access('/app/config').then(() => true).catch(() => false) + ? '/app/config' + : process.cwd(); + const envPath = path.join(configDir, ".env"); + + try { + let envContent = ""; + + // Read existing .env file if it exists + try { + envContent = await fs.readFile(envPath, "utf8"); + } catch { + // File doesn't exist, will create new one + envContent = "# Termix Auto-generated Configuration\n\n"; + } + + // Check if key already exists + const keyRegex = new RegExp(`^${key}=.*$`, "m"); + + if (keyRegex.test(envContent)) { + // Update existing key + envContent = envContent.replace(keyRegex, `${key}=${value}`); + } else { + // Add new key + if (!envContent.includes("# Security Keys")) { + envContent += "\n# Security Keys (Auto-generated)\n"; + } + envContent += `${key}=${value}\n`; + } + + // Write updated content + await fs.writeFile(envPath, envContent); + + // Update process.env for current session + process.env[key] = value; + + databaseLogger.info(`Environment variable ${key} updated in .env file`, { + operation: "env_file_update", + key, + path: envPath + }); + + } catch (error) { + databaseLogger.error(`Failed to update .env file with ${key}`, error, { + operation: "env_file_update_failed", + key + }); + throw error; + } + } +} + +export { SystemCrypto }; \ No newline at end of file diff --git a/src/backend/utils/user-crypto.ts b/src/backend/utils/user-crypto.ts new file mode 100644 index 00000000..c0d181c7 --- /dev/null +++ b/src/backend/utils/user-crypto.ts @@ -0,0 +1,408 @@ +import crypto from "crypto"; +import { getDb } from "../database/db/index.js"; +import { settings } from "../database/db/schema.js"; +import { eq } from "drizzle-orm"; +import { databaseLogger } from "./logger.js"; + +interface KEKSalt { + salt: string; + iterations: number; + algorithm: string; + createdAt: string; +} + +interface EncryptedDEK { + data: string; + iv: string; + tag: string; + algorithm: string; + createdAt: string; +} + +interface UserSession { + dataKey: Buffer; // Store DEK directly, delete just-in-time fantasy + lastActivity: number; + expiresAt: number; +} + +/** + * UserCrypto - Simple direct user encryption + * + * Linus principles: + * - Delete just-in-time fantasy, cache DEK directly + * - Reasonable 2-hour timeout, not 5-minute user experience disaster + * - Simple working implementation, not theoretically perfect garbage + * - Server restart invalidates sessions (this is reasonable) + */ +class UserCrypto { + private static instance: UserCrypto; + private userSessions: Map = new Map(); + + // Configuration constants - reasonable timeout settings + private static readonly PBKDF2_ITERATIONS = 100000; + private static readonly KEK_LENGTH = 32; + private static readonly DEK_LENGTH = 32; + private static readonly SESSION_DURATION = 2 * 60 * 60 * 1000; // 2 hours, reasonable user experience + private static readonly MAX_INACTIVITY = 30 * 60 * 1000; // 30 minutes, not 1-minute disaster + + private constructor() { + // Reasonable cleanup interval + setInterval(() => { + this.cleanupExpiredSessions(); + }, 5 * 60 * 1000); // Clean every 5 minutes, not 30 seconds + } + + static getInstance(): UserCrypto { + if (!this.instance) { + this.instance = new UserCrypto(); + } + return this.instance; + } + + /** + * User registration: generate KEK salt and DEK + */ + async setupUserEncryption(userId: string, password: string): Promise { + const kekSalt = await this.generateKEKSalt(); + await this.storeKEKSalt(userId, kekSalt); + + const KEK = this.deriveKEK(password, kekSalt); + const DEK = crypto.randomBytes(UserCrypto.DEK_LENGTH); + const encryptedDEK = this.encryptDEK(DEK, KEK); + await this.storeEncryptedDEK(userId, encryptedDEK); + + // Immediately clean temporary keys + KEK.fill(0); + DEK.fill(0); + + databaseLogger.success("User encryption setup completed", { + operation: "user_crypto_setup", + userId, + }); + } + + /** + * User authentication: validate password and cache DEK + * Deleted just-in-time fantasy, works directly + */ + async authenticateUser(userId: string, password: string): Promise { + try { + // Validate password and decrypt DEK + const kekSalt = await this.getKEKSalt(userId); + if (!kekSalt) return false; + + const KEK = this.deriveKEK(password, kekSalt); + const encryptedDEK = await this.getEncryptedDEK(userId); + if (!encryptedDEK) { + KEK.fill(0); + return false; + } + + const DEK = this.decryptDEK(encryptedDEK, KEK); + KEK.fill(0); // Immediately clean KEK + + // Debug: Check DEK validity + if (!DEK || DEK.length === 0) { + databaseLogger.error("DEK is empty or invalid after decryption", { + operation: "user_crypto_auth_debug", + userId, + dekLength: DEK ? DEK.length : 0 + }); + return false; + } + + // Create user session, cache DEK directly + const now = Date.now(); + + // Clean old session + const oldSession = this.userSessions.get(userId); + if (oldSession) { + oldSession.dataKey.fill(0); + } + + this.userSessions.set(userId, { + dataKey: Buffer.from(DEK), // Create proper Buffer copy + lastActivity: now, + expiresAt: now + UserCrypto.SESSION_DURATION, + }); + + DEK.fill(0); // Clean temporary DEK + + databaseLogger.success("User authenticated and DEK cached", { + operation: "user_crypto_auth", + userId, + duration: UserCrypto.SESSION_DURATION, + }); + + return true; + } catch (error) { + databaseLogger.warn("User authentication failed", { + operation: "user_crypto_auth_failed", + userId, + error: error instanceof Error ? error.message : "Unknown", + }); + return false; + } + } + + /** + * Get user data key - simple direct return from cache + * Deleted just-in-time derivation garbage + */ + getUserDataKey(userId: string): Buffer | null { + const session = this.userSessions.get(userId); + if (!session) { + return null; + } + + const now = Date.now(); + + // Check if session has expired + if (now > session.expiresAt) { + this.userSessions.delete(userId); + session.dataKey.fill(0); + databaseLogger.info("User session expired", { + operation: "user_session_expired", + userId, + }); + return null; + } + + // Check if max inactivity time exceeded + if (now - session.lastActivity > UserCrypto.MAX_INACTIVITY) { + this.userSessions.delete(userId); + session.dataKey.fill(0); + databaseLogger.info("User session inactive timeout", { + operation: "user_session_inactive", + userId, + }); + return null; + } + + // Update last activity time + session.lastActivity = now; + return session.dataKey; + } + + + /** + * User logout: clear session + */ + logoutUser(userId: string): void { + const session = this.userSessions.get(userId); + if (session) { + session.dataKey.fill(0); // Securely clear key + this.userSessions.delete(userId); + } + databaseLogger.info("User logged out", { + operation: "user_crypto_logout", + userId, + }); + } + + /** + * Check if user is unlocked + */ + isUserUnlocked(userId: string): boolean { + return this.getUserDataKey(userId) !== null; + } + + /** + * Change user password + */ + async changeUserPassword(userId: string, oldPassword: string, newPassword: string): Promise { + try { + // Validate old password + const isValid = await this.validatePassword(userId, oldPassword); + if (!isValid) return false; + + // Get current DEK + const kekSalt = await this.getKEKSalt(userId); + if (!kekSalt) return false; + + const oldKEK = this.deriveKEK(oldPassword, kekSalt); + const encryptedDEK = await this.getEncryptedDEK(userId); + if (!encryptedDEK) return false; + + const DEK = this.decryptDEK(encryptedDEK, oldKEK); + + // Generate new KEK salt and encrypt DEK + const newKekSalt = await this.generateKEKSalt(); + const newKEK = this.deriveKEK(newPassword, newKekSalt); + const newEncryptedDEK = this.encryptDEK(DEK, newKEK); + + // Store new salt and encrypted DEK + await this.storeKEKSalt(userId, newKekSalt); + await this.storeEncryptedDEK(userId, newEncryptedDEK); + + // Clean all temporary keys + oldKEK.fill(0); + newKEK.fill(0); + DEK.fill(0); + + // Clean user session, require re-login + this.logoutUser(userId); + + return true; + } catch (error) { + return false; + } + } + + // ===== Private methods ===== + + private async validatePassword(userId: string, password: string): Promise { + try { + const kekSalt = await this.getKEKSalt(userId); + if (!kekSalt) return false; + + const KEK = this.deriveKEK(password, kekSalt); + const encryptedDEK = await this.getEncryptedDEK(userId); + if (!encryptedDEK) return false; + + const DEK = this.decryptDEK(encryptedDEK, KEK); + + // Clean temporary keys + KEK.fill(0); + DEK.fill(0); + + return true; + } catch (error) { + return false; + } + } + + private cleanupExpiredSessions(): void { + const now = Date.now(); + const expiredUsers: string[] = []; + + for (const [userId, session] of this.userSessions.entries()) { + if (now > session.expiresAt || now - session.lastActivity > UserCrypto.MAX_INACTIVITY) { + session.dataKey.fill(0); // Securely clear key + expiredUsers.push(userId); + } + } + + expiredUsers.forEach(userId => { + this.userSessions.delete(userId); + }); + + if (expiredUsers.length > 0) { + databaseLogger.info(`Cleaned up ${expiredUsers.length} expired sessions`, { + operation: "session_cleanup", + count: expiredUsers.length, + }); + } + } + + // ===== Database operations and encryption methods (simplified version) ===== + + private async generateKEKSalt(): Promise { + return { + salt: crypto.randomBytes(32).toString("hex"), + iterations: UserCrypto.PBKDF2_ITERATIONS, + algorithm: "pbkdf2-sha256", + createdAt: new Date().toISOString(), + }; + } + + private deriveKEK(password: string, kekSalt: KEKSalt): Buffer { + return crypto.pbkdf2Sync( + password, + Buffer.from(kekSalt.salt, "hex"), + kekSalt.iterations, + UserCrypto.KEK_LENGTH, + "sha256" + ); + } + + private encryptDEK(dek: Buffer, kek: Buffer): EncryptedDEK { + const iv = crypto.randomBytes(16); + const cipher = crypto.createCipheriv("aes-256-gcm", kek, iv); + + let encrypted = cipher.update(dek); + encrypted = Buffer.concat([encrypted, cipher.final()]); + const tag = cipher.getAuthTag(); + + return { + data: encrypted.toString("hex"), + iv: iv.toString("hex"), + tag: tag.toString("hex"), + algorithm: "aes-256-gcm", + createdAt: new Date().toISOString(), + }; + } + + private decryptDEK(encryptedDEK: EncryptedDEK, kek: Buffer): Buffer { + const decipher = crypto.createDecipheriv( + "aes-256-gcm", + kek, + Buffer.from(encryptedDEK.iv, "hex") + ); + + decipher.setAuthTag(Buffer.from(encryptedDEK.tag, "hex")); + let decrypted = decipher.update(Buffer.from(encryptedDEK.data, "hex")); + decrypted = Buffer.concat([decrypted, decipher.final()]); + + return decrypted; + } + + // Database operation methods + private async storeKEKSalt(userId: string, kekSalt: KEKSalt): Promise { + const key = `user_kek_salt_${userId}`; + const value = JSON.stringify(kekSalt); + + const existing = await getDb().select().from(settings).where(eq(settings.key, key)); + + if (existing.length > 0) { + await getDb().update(settings).set({ value }).where(eq(settings.key, key)); + } else { + await getDb().insert(settings).values({ key, value }); + } + } + + private async getKEKSalt(userId: string): Promise { + try { + const key = `user_kek_salt_${userId}`; + const result = await getDb().select().from(settings).where(eq(settings.key, key)); + + if (result.length === 0) { + return null; + } + + return JSON.parse(result[0].value); + } catch (error) { + return null; + } + } + + private async storeEncryptedDEK(userId: string, encryptedDEK: EncryptedDEK): Promise { + const key = `user_encrypted_dek_${userId}`; + const value = JSON.stringify(encryptedDEK); + + const existing = await getDb().select().from(settings).where(eq(settings.key, key)); + + if (existing.length > 0) { + await getDb().update(settings).set({ value }).where(eq(settings.key, key)); + } else { + await getDb().insert(settings).values({ key, value }); + } + } + + private async getEncryptedDEK(userId: string): Promise { + try { + const key = `user_encrypted_dek_${userId}`; + const result = await getDb().select().from(settings).where(eq(settings.key, key)); + + if (result.length === 0) { + return null; + } + + return JSON.parse(result[0].value); + } catch (error) { + return null; + } + } +} + +export { UserCrypto, type KEKSalt, type EncryptedDEK }; \ No newline at end of file diff --git a/src/backend/utils/user-data-export.ts b/src/backend/utils/user-data-export.ts new file mode 100644 index 00000000..3be451c3 --- /dev/null +++ b/src/backend/utils/user-data-export.ts @@ -0,0 +1,250 @@ +import { getDb } from "../database/db/index.js"; +import { users, sshData, sshCredentials, fileManagerRecent, fileManagerPinned, fileManagerShortcuts, dismissedAlerts } from "../database/db/schema.js"; +import { eq } from "drizzle-orm"; +import { DataCrypto } from "./data-crypto.js"; +import { databaseLogger } from "./logger.js"; +import crypto from "crypto"; + +interface UserExportData { + version: string; + exportedAt: string; + userId: string; + username: string; + userData: { + sshHosts: any[]; + sshCredentials: any[]; + fileManagerData: { + recent: any[]; + pinned: any[]; + shortcuts: any[]; + }; + dismissedAlerts: any[]; + }; + metadata: { + totalRecords: number; + encrypted: boolean; + exportType: 'user_data' | 'system_config' | 'all'; + }; +} + +/** + * UserDataExport - User-level data import/export + * + * Linus principles: + * - Users own their data and should be able to export freely + * - Simple and direct, no complex permission checks + * - Support both encrypted and plaintext formats + * - Don't break existing system architecture + */ +class UserDataExport { + private static readonly EXPORT_VERSION = "v2.0"; + + /** + * Export user data + */ + static async exportUserData( + userId: string, + options: { + format?: 'encrypted' | 'plaintext'; + scope?: 'user_data' | 'all'; + includeCredentials?: boolean; + } = {} + ): Promise { + const { format = 'encrypted', scope = 'user_data', includeCredentials = true } = options; + + try { + databaseLogger.info("Starting user data export", { + operation: "user_data_export", + userId, + format, + scope, + includeCredentials, + }); + + // Verify user exists + const user = await getDb().select().from(users).where(eq(users.id, userId)); + if (!user || user.length === 0) { + throw new Error(`User not found: ${userId}`); + } + + const userRecord = user[0]; + + // Get user data key (if decryption needed) + let userDataKey: Buffer | null = null; + if (format === 'plaintext') { + userDataKey = DataCrypto.getUserDataKey(userId); + if (!userDataKey) { + throw new Error("User data not unlocked - password required for plaintext export"); + } + } + + // Export SSH host configurations + const sshHosts = await getDb().select().from(sshData).where(eq(sshData.userId, userId)); + const processedSshHosts = format === 'plaintext' && userDataKey + ? sshHosts.map(host => DataCrypto.decryptRecord("ssh_data", host, userId, userDataKey!)) + : sshHosts; + + // Export SSH credentials (if included) + let sshCredentialsData: any[] = []; + if (includeCredentials) { + const credentials = await getDb().select().from(sshCredentials).where(eq(sshCredentials.userId, userId)); + sshCredentialsData = format === 'plaintext' && userDataKey + ? credentials.map(cred => DataCrypto.decryptRecord("ssh_credentials", cred, userId, userDataKey!)) + : credentials; + } + + // Export file manager data + const [recentFiles, pinnedFiles, shortcuts] = await Promise.all([ + getDb().select().from(fileManagerRecent).where(eq(fileManagerRecent.userId, userId)), + getDb().select().from(fileManagerPinned).where(eq(fileManagerPinned.userId, userId)), + getDb().select().from(fileManagerShortcuts).where(eq(fileManagerShortcuts.userId, userId)), + ]); + + // Export dismissed alerts + const alerts = await getDb().select().from(dismissedAlerts).where(eq(dismissedAlerts.userId, userId)); + + // Build export data + const exportData: UserExportData = { + version: this.EXPORT_VERSION, + exportedAt: new Date().toISOString(), + userId: userRecord.id, + username: userRecord.username, + userData: { + sshHosts: processedSshHosts, + sshCredentials: sshCredentialsData, + fileManagerData: { + recent: recentFiles, + pinned: pinnedFiles, + shortcuts: shortcuts, + }, + dismissedAlerts: alerts, + }, + metadata: { + totalRecords: processedSshHosts.length + sshCredentialsData.length + recentFiles.length + pinnedFiles.length + shortcuts.length + alerts.length, + encrypted: format === 'encrypted', + exportType: scope, + }, + }; + + databaseLogger.success("User data export completed", { + operation: "user_data_export_complete", + userId, + totalRecords: exportData.metadata.totalRecords, + format, + sshHosts: processedSshHosts.length, + sshCredentials: sshCredentialsData.length, + }); + + return exportData; + } catch (error) { + databaseLogger.error("User data export failed", error, { + operation: "user_data_export_failed", + userId, + format, + scope, + }); + throw error; + } + } + + /** + * Export as JSON string + */ + static async exportUserDataToJSON( + userId: string, + options: { + format?: 'encrypted' | 'plaintext'; + scope?: 'user_data' | 'all'; + includeCredentials?: boolean; + pretty?: boolean; + } = {} + ): Promise { + const { pretty = true } = options; + const exportData = await this.exportUserData(userId, options); + return JSON.stringify(exportData, null, pretty ? 2 : 0); + } + + /** + * Validate export data format + */ + static validateExportData(data: any): { valid: boolean; errors: string[] } { + const errors: string[] = []; + + if (!data || typeof data !== 'object') { + errors.push("Export data must be an object"); + return { valid: false, errors }; + } + + if (!data.version) { + errors.push("Missing version field"); + } + + if (!data.userId) { + errors.push("Missing userId field"); + } + + if (!data.userData || typeof data.userData !== 'object') { + errors.push("Missing or invalid userData field"); + } + + if (!data.metadata || typeof data.metadata !== 'object') { + errors.push("Missing or invalid metadata field"); + } + + // Check required data fields + if (data.userData) { + const requiredFields = ['sshHosts', 'sshCredentials', 'fileManagerData', 'dismissedAlerts']; + for (const field of requiredFields) { + if (!Array.isArray(data.userData[field]) && !(field === 'fileManagerData' && typeof data.userData[field] === 'object')) { + errors.push(`Missing or invalid userData.${field} field`); + } + } + + if (data.userData.fileManagerData && typeof data.userData.fileManagerData === 'object') { + const fmFields = ['recent', 'pinned', 'shortcuts']; + for (const field of fmFields) { + if (!Array.isArray(data.userData.fileManagerData[field])) { + errors.push(`Missing or invalid userData.fileManagerData.${field} field`); + } + } + } + } + + return { valid: errors.length === 0, errors }; + } + + /** + * Get export data statistics + */ + static getExportStats(data: UserExportData): { + version: string; + exportedAt: string; + username: string; + totalRecords: number; + breakdown: { + sshHosts: number; + sshCredentials: number; + fileManagerItems: number; + dismissedAlerts: number; + }; + encrypted: boolean; + } { + return { + version: data.version, + exportedAt: data.exportedAt, + username: data.username, + totalRecords: data.metadata.totalRecords, + breakdown: { + sshHosts: data.userData.sshHosts.length, + sshCredentials: data.userData.sshCredentials.length, + fileManagerItems: data.userData.fileManagerData.recent.length + + data.userData.fileManagerData.pinned.length + + data.userData.fileManagerData.shortcuts.length, + dismissedAlerts: data.userData.dismissedAlerts.length, + }, + encrypted: data.metadata.encrypted, + }; + } +} + +export { UserDataExport, type UserExportData }; \ No newline at end of file diff --git a/src/backend/utils/user-data-import.ts b/src/backend/utils/user-data-import.ts new file mode 100644 index 00000000..e49dc254 --- /dev/null +++ b/src/backend/utils/user-data-import.ts @@ -0,0 +1,432 @@ +import { getDb } from "../database/db/index.js"; +import { users, sshData, sshCredentials, fileManagerRecent, fileManagerPinned, fileManagerShortcuts, dismissedAlerts } from "../database/db/schema.js"; +import { eq, and } from "drizzle-orm"; +import { DataCrypto } from "./data-crypto.js"; +import { UserDataExport, type UserExportData } from "./user-data-export.js"; +import { databaseLogger } from "./logger.js"; +import { nanoid } from "nanoid"; + +interface ImportOptions { + replaceExisting?: boolean; + skipCredentials?: boolean; + skipFileManagerData?: boolean; + dryRun?: boolean; +} + +interface ImportResult { + success: boolean; + summary: { + sshHostsImported: number; + sshCredentialsImported: number; + fileManagerItemsImported: number; + dismissedAlertsImported: number; + skippedItems: number; + errors: string[]; + }; + dryRun: boolean; +} + +/** + * UserDataImport - User data import + * + * Linus principles: + * - Import should not break existing data (unless explicitly requested) + * - Support dry-run mode for validation + * - Simple strategy for ID conflicts: regenerate + * - Error handling must be explicit, no silent failures + */ +class UserDataImport { + + /** + * Import user data + */ + static async importUserData( + targetUserId: string, + exportData: UserExportData, + options: ImportOptions = {} + ): Promise { + const { + replaceExisting = false, + skipCredentials = false, + skipFileManagerData = false, + dryRun = false + } = options; + + try { + databaseLogger.info("Starting user data import", { + operation: "user_data_import", + targetUserId, + sourceUserId: exportData.userId, + sourceUsername: exportData.username, + dryRun, + replaceExisting, + skipCredentials, + skipFileManagerData, + }); + + // Verify target user exists + const targetUser = await getDb().select().from(users).where(eq(users.id, targetUserId)); + if (!targetUser || targetUser.length === 0) { + throw new Error(`Target user not found: ${targetUserId}`); + } + + // Validate export data format + const validation = UserDataExport.validateExportData(exportData); + if (!validation.valid) { + throw new Error(`Invalid export data: ${validation.errors.join(', ')}`); + } + + // Verify user data is unlocked (if data is encrypted) + let userDataKey: Buffer | null = null; + if (exportData.metadata.encrypted) { + userDataKey = DataCrypto.getUserDataKey(targetUserId); + if (!userDataKey) { + throw new Error("Target user data not unlocked - password required for encrypted import"); + } + } + + const result: ImportResult = { + success: false, + summary: { + sshHostsImported: 0, + sshCredentialsImported: 0, + fileManagerItemsImported: 0, + dismissedAlertsImported: 0, + skippedItems: 0, + errors: [], + }, + dryRun, + }; + + // Import SSH host configurations + if (exportData.userData.sshHosts && exportData.userData.sshHosts.length > 0) { + const importStats = await this.importSshHosts( + targetUserId, + exportData.userData.sshHosts, + { replaceExisting, dryRun, userDataKey } + ); + result.summary.sshHostsImported = importStats.imported; + result.summary.skippedItems += importStats.skipped; + result.summary.errors.push(...importStats.errors); + } + + // Import SSH credentials + if (!skipCredentials && exportData.userData.sshCredentials && exportData.userData.sshCredentials.length > 0) { + const importStats = await this.importSshCredentials( + targetUserId, + exportData.userData.sshCredentials, + { replaceExisting, dryRun, userDataKey } + ); + result.summary.sshCredentialsImported = importStats.imported; + result.summary.skippedItems += importStats.skipped; + result.summary.errors.push(...importStats.errors); + } + + // Import file manager data + if (!skipFileManagerData && exportData.userData.fileManagerData) { + const importStats = await this.importFileManagerData( + targetUserId, + exportData.userData.fileManagerData, + { replaceExisting, dryRun } + ); + result.summary.fileManagerItemsImported = importStats.imported; + result.summary.skippedItems += importStats.skipped; + result.summary.errors.push(...importStats.errors); + } + + // Import dismissed alerts + if (exportData.userData.dismissedAlerts && exportData.userData.dismissedAlerts.length > 0) { + const importStats = await this.importDismissedAlerts( + targetUserId, + exportData.userData.dismissedAlerts, + { replaceExisting, dryRun } + ); + result.summary.dismissedAlertsImported = importStats.imported; + result.summary.skippedItems += importStats.skipped; + result.summary.errors.push(...importStats.errors); + } + + result.success = result.summary.errors.length === 0; + + databaseLogger.success("User data import completed", { + operation: "user_data_import_complete", + targetUserId, + dryRun, + ...result.summary, + }); + + return result; + } catch (error) { + databaseLogger.error("User data import failed", error, { + operation: "user_data_import_failed", + targetUserId, + dryRun, + }); + throw error; + } + } + + /** + * Import SSH host configurations + */ + private static async importSshHosts( + targetUserId: string, + sshHosts: any[], + options: { replaceExisting: boolean; dryRun: boolean; userDataKey: Buffer | null } + ) { + let imported = 0; + let skipped = 0; + const errors: string[] = []; + + for (const host of sshHosts) { + try { + if (options.dryRun) { + imported++; + continue; + } + + // Generate temporary ID for encryption context, then remove for database insert + const tempId = `import-ssh-${targetUserId}-${Date.now()}-${imported}`; + const newHostData = { + ...host, + id: tempId, // Temporary ID for encryption context + userId: targetUserId, + createdAt: new Date().toISOString(), + updatedAt: new Date().toISOString(), + }; + + // If data needs re-encryption + let processedHostData = newHostData; + if (options.userDataKey) { + processedHostData = DataCrypto.encryptRecord("ssh_data", newHostData, targetUserId, options.userDataKey); + } + + // Remove temp ID to let database auto-generate real ID + delete processedHostData.id; + + await getDb().insert(sshData).values(processedHostData); + imported++; + } catch (error) { + errors.push(`SSH host import failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + skipped++; + } + } + + return { imported, skipped, errors }; + } + + /** + * Import SSH credentials + */ + private static async importSshCredentials( + targetUserId: string, + credentials: any[], + options: { replaceExisting: boolean; dryRun: boolean; userDataKey: Buffer | null } + ) { + let imported = 0; + let skipped = 0; + const errors: string[] = []; + + for (const credential of credentials) { + try { + if (options.dryRun) { + imported++; + continue; + } + + // Generate temporary ID for encryption context, then remove for database insert + const tempCredId = `import-cred-${targetUserId}-${Date.now()}-${imported}`; + const newCredentialData = { + ...credential, + id: tempCredId, // Temporary ID for encryption context + userId: targetUserId, + usageCount: 0, // Reset usage count + lastUsed: null, + createdAt: new Date().toISOString(), + updatedAt: new Date().toISOString(), + }; + + // If data needs re-encryption + let processedCredentialData = newCredentialData; + if (options.userDataKey) { + processedCredentialData = DataCrypto.encryptRecord("ssh_credentials", newCredentialData, targetUserId, options.userDataKey); + } + + // Remove temp ID to let database auto-generate real ID + delete processedCredentialData.id; + + await getDb().insert(sshCredentials).values(processedCredentialData); + imported++; + } catch (error) { + errors.push(`SSH credential import failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + skipped++; + } + } + + return { imported, skipped, errors }; + } + + /** + * Import file manager data + */ + private static async importFileManagerData( + targetUserId: string, + fileManagerData: any, + options: { replaceExisting: boolean; dryRun: boolean } + ) { + let imported = 0; + let skipped = 0; + const errors: string[] = []; + + try { + // Import recent files + if (fileManagerData.recent && Array.isArray(fileManagerData.recent)) { + for (const item of fileManagerData.recent) { + try { + if (!options.dryRun) { + const newItem = { + ...item, + id: undefined, + userId: targetUserId, + lastOpened: new Date().toISOString(), + }; + await getDb().insert(fileManagerRecent).values(newItem); + } + imported++; + } catch (error) { + errors.push(`Recent file import failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + skipped++; + } + } + } + + // Import pinned files + if (fileManagerData.pinned && Array.isArray(fileManagerData.pinned)) { + for (const item of fileManagerData.pinned) { + try { + if (!options.dryRun) { + const newItem = { + ...item, + id: undefined, + userId: targetUserId, + pinnedAt: new Date().toISOString(), + }; + await getDb().insert(fileManagerPinned).values(newItem); + } + imported++; + } catch (error) { + errors.push(`Pinned file import failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + skipped++; + } + } + } + + // Import shortcuts + if (fileManagerData.shortcuts && Array.isArray(fileManagerData.shortcuts)) { + for (const item of fileManagerData.shortcuts) { + try { + if (!options.dryRun) { + const newItem = { + ...item, + id: undefined, + userId: targetUserId, + createdAt: new Date().toISOString(), + }; + await getDb().insert(fileManagerShortcuts).values(newItem); + } + imported++; + } catch (error) { + errors.push(`Shortcut import failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + skipped++; + } + } + } + } catch (error) { + errors.push(`File manager data import failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + } + + return { imported, skipped, errors }; + } + + /** + * Import dismissed alerts + */ + private static async importDismissedAlerts( + targetUserId: string, + alerts: any[], + options: { replaceExisting: boolean; dryRun: boolean } + ) { + let imported = 0; + let skipped = 0; + const errors: string[] = []; + + for (const alert of alerts) { + try { + if (options.dryRun) { + imported++; + continue; + } + + // Check if alert already exists + const existing = await getDb() + .select() + .from(dismissedAlerts) + .where( + and( + eq(dismissedAlerts.userId, targetUserId), + eq(dismissedAlerts.alertId, alert.alertId) + ) + ); + + if (existing.length > 0 && !options.replaceExisting) { + skipped++; + continue; + } + + const newAlert = { + ...alert, + id: undefined, + userId: targetUserId, + dismissedAt: new Date().toISOString(), + }; + + if (existing.length > 0 && options.replaceExisting) { + await getDb() + .update(dismissedAlerts) + .set(newAlert) + .where(eq(dismissedAlerts.id, existing[0].id)); + } else { + await getDb().insert(dismissedAlerts).values(newAlert); + } + + imported++; + } catch (error) { + errors.push(`Dismissed alert import failed: ${error instanceof Error ? error.message : 'Unknown error'}`); + skipped++; + } + } + + return { imported, skipped, errors }; + } + + /** + * Import from JSON string + */ + static async importUserDataFromJSON( + targetUserId: string, + jsonData: string, + options: ImportOptions = {} + ): Promise { + try { + const exportData: UserExportData = JSON.parse(jsonData); + return await this.importUserData(targetUserId, exportData, options); + } catch (error) { + if (error instanceof SyntaxError) { + throw new Error("Invalid JSON format in import data"); + } + throw error; + } + } +} + +export { UserDataImport, type ImportOptions, type ImportResult }; \ No newline at end of file diff --git a/src/locales/en/translation.json b/src/locales/en/translation.json index 5f74a015..fa404b7e 100644 --- a/src/locales/en/translation.json +++ b/src/locales/en/translation.json @@ -150,7 +150,10 @@ "generateRSA": "Generate RSA", "keyPairGeneratedSuccessfully": "{{keyType}} key pair generated successfully", "failedToGenerateKeyPair": "Failed to generate key pair", - "generateKeyPairNote": "Generate a new SSH key pair directly. This will replace any existing keys in the form." + "generateKeyPairNote": "Generate a new SSH key pair directly. This will replace any existing keys in the form.", + "invalidKey": "Invalid Key", + "detectionError": "Detection Error", + "unknown": "Unknown" }, "sshTools": { "title": "SSH Tools", @@ -191,6 +194,7 @@ }, "common": { "close": "Close", + "minimize": "Minimize", "online": "Online", "offline": "Offline", "maintenance": "Maintenance", @@ -376,6 +380,7 @@ "overrideUserInfoUrl": "Override User Info URL (not required)", "databaseSecurity": "Database Security", "encryptionStatus": "Encryption Status", + "encryptionEnabled": "Encryption Enabled", "enabled": "Enabled", "disabled": "Disabled", "keyId": "Key ID", @@ -487,7 +492,11 @@ "createBackup": "Create Backup", "exportImport": "Export/Import", "export": "Export", - "import": "Import" + "import": "Import", + "passwordRequired": "Password required", + "confirmExport": "Confirm Export", + "exportDescription": "Export SSH hosts and credentials as SQLite file", + "importDescription": "Import SQLite file with incremental merge (skips duplicates)" }, "hosts": { "title": "Host Manager", @@ -564,6 +573,8 @@ "sshpassRequired": "Sshpass Required For Password Authentication", "sshpassRequiredDesc": "For password authentication in tunnels, sshpass must be installed on the system.", "otherInstallMethods": "Other installation methods:", + "debianUbuntuEquivalent": "(Debian/Ubuntu) or the equivalent for your OS.", + "or": "or", "centosRhelFedora": "CentOS/RHEL/Fedora", "macos": "macOS", "windows": "Windows", @@ -576,8 +587,6 @@ "upload": "Upload", "authentication": "Authentication", "password": "Password", - "requirePassword": "Require Password", - "requirePasswordDescription": "When disabled, sessions can be saved without entering a password", "key": "Key", "credential": "Credential", "selectCredential": "Select Credential", @@ -647,7 +656,10 @@ "reconnecting": "Reconnecting... ({{attempt}}/{{max}})", "reconnected": "Reconnected successfully", "maxReconnectAttemptsReached": "Maximum reconnection attempts reached", - "connectionTimeout": "Connection timeout" + "connectionTimeout": "Connection timeout", + "terminalTitle": "Terminal - {{host}}", + "terminalWithPath": "Terminal - {{host}}:{{path}}", + "runTitle": "Running {{command}} - {{host}}" }, "fileManager": { "title": "File Manager", @@ -655,7 +667,14 @@ "folder": "Folder", "connectToSsh": "Connect to SSH to use file operations", "uploadFile": "Upload File", - "downloadFile": "Download File", + "downloadFile": "Download", + "edit": "Edit", + "preview": "Preview", + "previous": "Previous", + "next": "Next", + "pageXOfY": "Page {{current}} of {{total}}", + "zoomOut": "Zoom Out", + "zoomIn": "Zoom In", "newFile": "New File", "newFolder": "New Folder", "rename": "Rename", @@ -663,7 +682,7 @@ "deleteItem": "Delete Item", "currentPath": "Current Path", "uploadFileTitle": "Upload File", - "maxFileSize": "Max: 100MB (JSON) / 200MB (Binary)", + "maxFileSize": "Max: 1GB (JSON) / 5GB (Binary) - Large files supported", "removeFile": "Remove File", "clickToSelectFile": "Click to select a file", "chooseFile": "Choose File", @@ -722,12 +741,13 @@ "properties": "Properties", "preview": "Preview", "refresh": "Refresh", - "downloadFiles": "Download {{count}} files", + "downloadFiles": "Download {{count}} files to Browser", "copyFiles": "Copy {{count}} items", "cutFiles": "Cut {{count}} items", "deleteFiles": "Delete {{count}} items", "filesCopiedToClipboard": "{{count}} items copied to clipboard", "filesCutToClipboard": "{{count}} items cut to clipboard", + "movedItems": "Moved {{count}} items", "failedToDeleteItem": "Failed to delete item", "itemRenamedSuccessfully": "{{type}} renamed successfully", "failedToRenameItem": "Failed to rename item", @@ -793,7 +813,7 @@ "dragFilesToWindowToDownload": "Drag files outside window to download", "openTerminalHere": "Open Terminal Here", "run": "Run", - "saveToSystem": "Save to System", + "saveToSystem": "Save as...", "selectLocationToSave": "Select Location to Save", "openTerminalInFolder": "Open Terminal in This Folder", "openTerminalInFileLocation": "Open Terminal at File Location", @@ -816,12 +836,86 @@ "clearAllRecentFiles": "Clear all recent files", "unpinFile": "Unpin file", "removeShortcut": "Remove shortcut", - "saveFilesToSystem": "Save {{count}} files to system", - "saveToSystem": "Save to system", + "saveFilesToSystem": "Save {{count}} files as...", + "saveToSystem": "Save as...", "pinFile": "Pin file", "addToShortcuts": "Add to shortcuts", "selectLocationToSave": "Select location to save", - "downloadToDefaultLocation": "Download to default location" + "downloadToDefaultLocation": "Download to default location", + "pasteFailed": "Paste failed", + "noUndoableActions": "No undoable actions", + "undoCopySuccess": "Undid copy operation: Deleted {{count}} copied files", + "undoCopyFailedDelete": "Undo failed: Could not delete any copied files", + "undoCopyFailedNoInfo": "Undo failed: Could not find copied file information", + "undoMoveSuccess": "Undid move operation: Moved {{count}} files back to original location", + "undoMoveFailedMove": "Undo failed: Could not move any files back", + "undoMoveFailedNoInfo": "Undo failed: Could not find moved file information", + "undoDeleteNotSupported": "Delete operation cannot be undone: Files have been permanently deleted from server", + "undoTypeNotSupported": "Unsupported undo operation type", + "undoOperationFailed": "Undo operation failed", + "unknownError": "Unknown error", + "enterPath": "Enter path...", + "editPath": "Edit path", + "confirm": "Confirm", + "cancel": "Cancel", + "folderName": "Folder name", + "find": "Find...", + "replaceWith": "Replace with...", + "replace": "Replace", + "replaceAll": "Replace All", + "downloadInstead": "Download Instead", + "keyboardShortcuts": "Keyboard Shortcuts", + "searchAndReplace": "Search & Replace", + "editing": "Editing", + "navigation": "Navigation", + "code": "Code", + "search": "Search", + "findNext": "Find Next", + "findPrevious": "Find Previous", + "save": "Save", + "selectAll": "Select All", + "undo": "Undo", + "redo": "Redo", + "goToLine": "Go to Line", + "moveLineUp": "Move Line Up", + "moveLineDown": "Move Line Down", + "toggleComment": "Toggle Comment", + "indent": "Indent", + "outdent": "Outdent", + "autoComplete": "Auto Complete", + "imageLoadError": "Failed to load image", + "zoomIn": "Zoom In", + "zoomOut": "Zoom Out", + "rotate": "Rotate", + "originalSize": "Original Size", + "startTyping": "Start typing...", + "unknownSize": "Unknown size", + "fileIsEmpty": "File is empty", + "modified": "Modified", + "largeFileWarning": "Large File Warning", + "largeFileWarningDesc": "This file is {{size}} in size, which may cause performance issues when opened as text.", + "fileNotFoundAndRemoved": "File \"{{name}}\" not found and has been removed from recent/pinned files", + "failedToLoadFile": "Failed to load file: {{error}}", + "serverErrorOccurred": "Server error occurred. Please try again later.", + "fileSavedSuccessfully": "File saved successfully", + "autoSaveFailed": "Auto-save failed", + "fileAutoSaved": "File auto-saved", + "fileDownloadedSuccessfully": "File downloaded successfully", + "moveFileFailed": "Failed to move {{name}}", + "moveOperationFailed": "Move operation failed", + "canOnlyCompareFiles": "Can only compare two files", + "comparingFiles": "Comparing files: {{file1}} and {{file2}}", + "dragFailed": "Drag operation failed", + "filePinnedSuccessfully": "File \"{{name}}\" pinned successfully", + "pinFileFailed": "Failed to pin file", + "fileUnpinnedSuccessfully": "File \"{{name}}\" unpinned successfully", + "unpinFileFailed": "Failed to unpin file", + "shortcutAddedSuccessfully": "Folder shortcut \"{{name}}\" added successfully", + "addShortcutFailed": "Failed to add shortcut", + "operationCompletedSuccessfully": "{{operation}} {{count}} items successfully", + "operationCompleted": "{{operation}} {{count}} items", + "downloadFileSuccess": "File {{name}} downloaded successfully", + "downloadFileFailed": "Download failed" }, "tunnels": { "title": "SSH Tunnels", diff --git a/src/locales/zh/translation.json b/src/locales/zh/translation.json index e902cdae..fc26cf38 100644 --- a/src/locales/zh/translation.json +++ b/src/locales/zh/translation.json @@ -149,7 +149,10 @@ "generateRSA": "生成 RSA", "keyPairGeneratedSuccessfully": "{{keyType}} 密钥对生成成功", "failedToGenerateKeyPair": "生成密钥对失败", - "generateKeyPairNote": "直接生成新的SSH密钥对。这将替换表单中的现有密钥。" + "generateKeyPairNote": "直接生成新的SSH密钥对。这将替换表单中的现有密钥。", + "invalidKey": "无效密钥", + "detectionError": "检测错误", + "unknown": "未知" }, "sshTools": { "title": "SSH 工具", @@ -190,6 +193,7 @@ }, "common": { "close": "关闭", + "minimize": "最小化", "online": "在线", "offline": "离线", "maintenance": "维护中", @@ -362,6 +366,7 @@ "overrideUserInfoUrl": "覆盖用户信息 URL(非必填)", "databaseSecurity": "数据库安全", "encryptionStatus": "加密状态", + "encryptionEnabled": "加密已启用", "enabled": "已启用", "disabled": "已禁用", "keyId": "密钥 ID", @@ -473,7 +478,11 @@ "createBackup": "创建备份", "exportImport": "导出/导入", "export": "导出", - "import": "导入" + "import": "导入", + "passwordRequired": "密码为必填项", + "confirmExport": "确认导出", + "exportDescription": "将SSH主机和凭据导出为SQLite文件", + "importDescription": "导入SQLite文件并进行增量合并(跳过重复项)" }, "hosts": { "title": "主机管理", @@ -576,8 +585,6 @@ "upload": "上传", "authentication": "认证方式", "password": "密码", - "requirePassword": "要求密码", - "requirePasswordDescription": "禁用时,可以在不输入密码的情况下保存会话", "key": "密钥", "credential": "凭证", "selectCredential": "选择凭证", @@ -588,11 +595,21 @@ "maxRetriesDescription": "隧道连接的最大重试次数。", "retryIntervalDescription": "重试尝试之间的等待时间。", "otherInstallMethods": "其他安装方法:", + "debianUbuntuEquivalent": "(Debian/Ubuntu) 或您的操作系统的等效命令。", + "or": "或", + "centosRhelFedora": "CentOS/RHEL/Fedora", + "macos": "macOS", + "windows": "Windows", "sshpassOSInstructions": { "centos": "CentOS/RHEL/Fedora: sudo yum install sshpass 或 sudo dnf install sshpass", "macos": "macOS: brew install hudochenkov/sshpass/sshpass", "windows": "Windows: 使用 WSL 或考虑使用 SSH 密钥认证" }, + "sshServerConfigRequired": "SSH 服务器配置要求", + "sshServerConfigDesc": "对于隧道连接,SSH 服务器必须配置允许端口转发:", + "gatewayPortsYes": "绑定远程端口到所有接口", + "allowTcpForwardingYes": "启用端口转发", + "permitRootLoginYes": "如果使用 root 用户进行隧道连接", "sshServerConfigReverse": "对于反向 SSH 隧道,端点 SSH 服务器必须允许:", "gatewayPorts": "GatewayPorts yes(绑定远程端口)", "allowTcpForwarding": "AllowTcpForwarding yes(端口转发)", @@ -635,6 +652,9 @@ }, "terminal": { "title": "终端", + "terminalTitle": "终端 - {{host}}", + "terminalWithPath": "终端 - {{host}}:{{path}}", + "runTitle": "运行 {{command}} - {{host}}", "connect": "连接主机", "disconnect": "断开连接", "clear": "清屏", @@ -670,7 +690,14 @@ "folder": "文件夹", "connectToSsh": "连接 SSH 以使用文件操作", "uploadFile": "上传文件", - "downloadFile": "下载文件", + "downloadFile": "下载", + "edit": "编辑", + "preview": "预览", + "previous": "上一页", + "next": "下一页", + "pageXOfY": "第 {{current}} 页,共 {{total}} 页", + "zoomOut": "缩小", + "zoomIn": "放大", "newFile": "新建文件", "newFolder": "新建文件夹", "rename": "重命名", @@ -678,7 +705,7 @@ "deleteItem": "删除项目", "currentPath": "当前路径", "uploadFileTitle": "上传文件", - "maxFileSize": "最大:100MB(JSON)/ 200MB(二进制)", + "maxFileSize": "最大:1GB(JSON)/ 5GB(二进制)- 支持大文件", "removeFile": "移除文件", "clickToSelectFile": "点击选择文件", "chooseFile": "选择文件", @@ -743,6 +770,15 @@ "deleteFiles": "删除 {{count}} 个项目", "filesCopiedToClipboard": "{{count}} 个项目已复制到剪贴板", "filesCutToClipboard": "{{count}} 个项目已剪切到剪贴板", + "movedItems": "已移动 {{count}} 个项目", + "unknownSize": "未知大小", + "fileIsEmpty": "文件为空", + "modified": "修改时间", + "largeFileWarning": "大文件警告", + "largeFileWarningDesc": "此文件大小为 {{size}},以文本形式打开可能会导致性能问题。", + "fileNotFoundAndRemoved": "文件 \"{{name}}\" 未找到,已从最近访问/固定文件中移除", + "failedToLoadFile": "加载文件失败:{{error}}", + "serverErrorOccurred": "服务器错误,请稍后重试。", "failedToDeleteItem": "删除项目失败", "itemRenamedSuccessfully": "{{type}}重命名成功", "failedToRenameItem": "重命名项目失败", @@ -783,7 +819,7 @@ "dragFilesToWindowToDownload": "拖拽文件到窗口外下载", "openTerminalHere": "在此处打开终端", "run": "运行", - "saveToSystem": "保存到系统", + "saveToSystem": "另存为...", "selectLocationToSave": "选择位置保存", "openTerminalInFolder": "在此文件夹打开终端", "openTerminalInFileLocation": "在文件位置打开终端", @@ -823,12 +859,78 @@ "clearAllRecentFiles": "清除所有最近访问", "unpinFile": "取消固定", "removeShortcut": "移除快捷方式", - "saveFilesToSystem": "保存 {{count}} 个文件到系统", - "saveToSystem": "保存到系统", + "saveFilesToSystem": "另存 {{count}} 个文件为...", + "saveToSystem": "另存为...", "pinFile": "固定文件", "addToShortcuts": "添加到快捷方式", "selectLocationToSave": "选择位置保存", - "downloadToDefaultLocation": "下载到默认位置" + "downloadToDefaultLocation": "下载到默认位置", + "pasteFailed": "粘贴失败", + "noUndoableActions": "没有可撤销的操作", + "undoCopySuccess": "已撤销复制操作:删除了 {{count}} 个复制的文件", + "undoCopyFailedDelete": "撤销失败:无法删除任何复制的文件", + "undoCopyFailedNoInfo": "撤销失败:找不到复制的文件信息", + "undoMoveSuccess": "已撤销移动操作:移回了 {{count}} 个文件到原位置", + "undoMoveFailedMove": "撤销失败:无法移回任何文件", + "undoMoveFailedNoInfo": "撤销失败:找不到移动的文件信息", + "undoDeleteNotSupported": "删除操作无法撤销:文件已从服务器永久删除", + "undoTypeNotSupported": "不支持撤销此类操作", + "undoOperationFailed": "撤销操作失败", + "unknownError": "未知错误", + "enterPath": "输入路径...", + "editPath": "编辑路径", + "confirm": "确认", + "cancel": "取消", + "folderName": "文件夹名", + "find": "查找...", + "replaceWith": "替换为...", + "replace": "替换", + "replaceAll": "全部替换", + "downloadInstead": "下载文件", + "keyboardShortcuts": "键盘快捷键", + "searchAndReplace": "搜索和替换", + "editing": "编辑", + "navigation": "导航", + "code": "代码", + "search": "搜索", + "findNext": "查找下一个", + "findPrevious": "查找上一个", + "save": "保存", + "selectAll": "全选", + "undo": "撤销", + "redo": "重做", + "goToLine": "跳转到行", + "moveLineUp": "向上移动行", + "moveLineDown": "向下移动行", + "toggleComment": "切换注释", + "indent": "增加缩进", + "outdent": "减少缩进", + "autoComplete": "自动补全", + "imageLoadError": "图片加载失败", + "zoomIn": "放大", + "zoomOut": "缩小", + "rotate": "旋转", + "originalSize": "原始大小", + "startTyping": "开始输入...", + "fileSavedSuccessfully": "文件保存成功", + "autoSaveFailed": "自动保存失败", + "fileAutoSaved": "文件已自动保存", + "fileDownloadedSuccessfully": "文件下载成功", + "moveFileFailed": "移动 {{name}} 失败", + "moveOperationFailed": "移动操作失败", + "canOnlyCompareFiles": "只能对比两个文件", + "comparingFiles": "正在对比文件:{{file1}} 与 {{file2}}", + "dragFailed": "拖拽失败", + "filePinnedSuccessfully": "文件\"{{name}}\"已固定", + "pinFileFailed": "固定文件失败", + "fileUnpinnedSuccessfully": "文件\"{{name}}\"已取消固定", + "unpinFileFailed": "取消固定失败", + "shortcutAddedSuccessfully": "文件夹快捷方式\"{{name}}\"已添加", + "addShortcutFailed": "添加快捷方式失败", + "operationCompletedSuccessfully": "已{{operation}} {{count}} 个项目", + "operationCompleted": "已{{operation}} {{count}} 个项目", + "downloadFileSuccess": "文件 {{name}} 下载成功", + "downloadFileFailed": "下载失败" }, "tunnels": { "title": "SSH 隧道", diff --git a/src/types/electron.d.ts b/src/types/electron.d.ts index 1466a25b..28aff987 100644 --- a/src/types/electron.d.ts +++ b/src/types/electron.d.ts @@ -18,7 +18,7 @@ export interface ElectronAPI { invoke: (channel: string, ...args: any[]) => Promise; - // 拖拽API + // Drag and drop API createTempFile: (fileData: { fileName: string; content: string; diff --git a/src/types/index.ts b/src/types/index.ts index b0ea7d37..132be3dd 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -24,6 +24,12 @@ export interface SSHHost { key?: string; keyPassword?: string; keyType?: string; + + // Autostart plaintext credentials + autostartPassword?: string; + autostartKey?: string; + autostartKeyPassword?: string; + credentialId?: number; userId?: string; enableTerminal: boolean; @@ -101,6 +107,14 @@ export interface TunnelConnection { sourcePort: number; endpointPort: number; endpointHost: string; + + // Endpoint host credentials for tunnel authentication + endpointPassword?: string; + endpointKey?: string; + endpointKeyPassword?: string; + endpointAuthType?: string; + endpointKeyType?: string; + maxRetries: number; retryInterval: number; autoStart: boolean; diff --git a/src/ui/Desktop/Admin/AdminSettings.tsx b/src/ui/Desktop/Admin/AdminSettings.tsx index 8d18bec2..7978d459 100644 --- a/src/ui/Desktop/Admin/AdminSettings.tsx +++ b/src/ui/Desktop/Admin/AdminSettings.tsx @@ -30,8 +30,6 @@ import { Lock, Download, Upload, - HardDrive, - FileArchive, } from "lucide-react"; import { toast } from "sonner"; import { useTranslation } from "react-i18next"; @@ -93,19 +91,16 @@ export function AdminSettings({ null, ); - // Database encryption state - const [encryptionStatus, setEncryptionStatus] = React.useState(null); - const [encryptionLoading, setEncryptionLoading] = React.useState(false); - const [migrationLoading, setMigrationLoading] = React.useState(false); - const [migrationProgress, setMigrationProgress] = React.useState(""); + // Simplified security state + const [securityInitialized, setSecurityInitialized] = React.useState(true); // Database migration state const [exportLoading, setExportLoading] = React.useState(false); const [importLoading, setImportLoading] = React.useState(false); - const [backupLoading, setBackupLoading] = React.useState(false); const [importFile, setImportFile] = React.useState(null); - const [exportPath, setExportPath] = React.useState(""); - const [backupPath, setBackupPath] = React.useState(""); + const [exportPassword, setExportPassword] = React.useState(""); + const [showPasswordInput, setShowPasswordInput] = React.useState(false); + const [importPassword, setImportPassword] = React.useState(""); React.useEffect(() => { const jwt = getCookie("jwt"); @@ -128,7 +123,6 @@ export function AdminSettings({ } }); fetchUsers(); - fetchEncryptionStatus(); }, []); React.useEffect(() => { @@ -277,111 +271,25 @@ export function AdminSettings({ ); }; - const fetchEncryptionStatus = async () => { - if (isElectron()) { - const serverUrl = (window as any).configuredServerUrl; - if (!serverUrl) return; - } - - try { - const jwt = getCookie("jwt"); - const apiUrl = isElectron() - ? `${(window as any).configuredServerUrl}/encryption/status` - : "http://localhost:8081/encryption/status"; - - const response = await fetch(apiUrl, { - headers: { - Authorization: `Bearer ${jwt}`, - "Content-Type": "application/json", - }, - }); - - if (response.ok) { - const data = await response.json(); - setEncryptionStatus(data); - } - } catch (err) { - console.error("Failed to fetch encryption status:", err); - } + const checkSecurityStatus = async () => { + // New v2-kek-dek system is always initialized + setSecurityInitialized(true); }; - const handleInitializeEncryption = async () => { - setEncryptionLoading(true); - try { - const jwt = getCookie("jwt"); - const apiUrl = isElectron() - ? `${(window as any).configuredServerUrl}/encryption/initialize` - : "http://localhost:8081/encryption/initialize"; - const response = await fetch(apiUrl, { - method: "POST", - headers: { - Authorization: `Bearer ${jwt}`, - "Content-Type": "application/json", - }, - }); - - if (response.ok) { - const result = await response.json(); - toast.success("Database encryption initialized successfully!"); - await fetchEncryptionStatus(); - } else { - throw new Error("Failed to initialize encryption"); - } - } catch (err) { - toast.error("Failed to initialize encryption"); - } finally { - setEncryptionLoading(false); - } - }; - - const handleMigrateData = async (dryRun: boolean = false) => { - setMigrationLoading(true); - setMigrationProgress( - dryRun ? t("admin.runningVerification") : t("admin.startingMigration"), - ); - - try { - const jwt = getCookie("jwt"); - const apiUrl = isElectron() - ? `${(window as any).configuredServerUrl}/encryption/migrate` - : "http://localhost:8081/encryption/migrate"; - - const response = await fetch(apiUrl, { - method: "POST", - headers: { - Authorization: `Bearer ${jwt}`, - "Content-Type": "application/json", - }, - body: JSON.stringify({ dryRun }), - }); - - if (response.ok) { - const result = await response.json(); - if (dryRun) { - toast.success(t("admin.verificationCompleted")); - setMigrationProgress(t("admin.verificationInProgress")); - } else { - toast.success(t("admin.dataMigrationCompleted")); - setMigrationProgress(t("admin.migrationCompleted")); - await fetchEncryptionStatus(); - } - } else { - throw new Error("Migration failed"); - } - } catch (err) { - toast.error( - dryRun ? t("admin.verificationFailed") : t("admin.migrationFailed"), - ); - setMigrationProgress("Failed"); - } finally { - setMigrationLoading(false); - setTimeout(() => setMigrationProgress(""), 3000); - } - }; // Database export/import handlers const handleExportDatabase = async () => { + if (!showPasswordInput) { + setShowPasswordInput(true); + return; + } + + if (!exportPassword.trim()) { + toast.error(t("admin.passwordRequired")); + return; + } + setExportLoading(true); try { const jwt = getCookie("jwt"); @@ -395,15 +303,34 @@ export function AdminSettings({ Authorization: `Bearer ${jwt}`, "Content-Type": "application/json", }, - body: JSON.stringify({}), + body: JSON.stringify({ password: exportPassword }), }); if (response.ok) { - const result = await response.json(); - setExportPath(result.exportPath); + // Handle file download + const blob = await response.blob(); + const contentDisposition = response.headers.get('content-disposition'); + const filename = contentDisposition?.match(/filename="([^"]+)"/)?.[1] || 'termix-export.sqlite'; + + const url = window.URL.createObjectURL(blob); + const a = document.createElement('a'); + a.href = url; + a.download = filename; + document.body.appendChild(a); + a.click(); + window.URL.revokeObjectURL(url); + document.body.removeChild(a); + toast.success(t("admin.databaseExportedSuccessfully")); + setExportPassword(""); + setShowPasswordInput(false); } else { - throw new Error("Export failed"); + const error = await response.json(); + if (error.code === "PASSWORD_REQUIRED") { + toast.error(t("admin.passwordRequired")); + } else { + toast.error(error.error || t("admin.databaseExportFailed")); + } } } catch (err) { toast.error(t("admin.databaseExportFailed")); @@ -418,6 +345,11 @@ export function AdminSettings({ return; } + if (!importPassword.trim()) { + toast.error(t("admin.passwordRequired")); + return; + } + setImportLoading(true); try { const jwt = getCookie("jwt"); @@ -428,7 +360,7 @@ export function AdminSettings({ // Create FormData for file upload const formData = new FormData(); formData.append("file", importFile); - formData.append("backupCurrent", "true"); + formData.append("password", importPassword); const response = await fetch(apiUrl, { method: "POST", @@ -441,16 +373,34 @@ export function AdminSettings({ if (response.ok) { const result = await response.json(); if (result.success) { - toast.success(t("admin.databaseImportedSuccessfully")); + const summary = result.summary; + const imported = summary.sshHostsImported + summary.sshCredentialsImported + summary.fileManagerItemsImported + summary.dismissedAlertsImported + (summary.settingsImported || 0); + const skipped = summary.skippedItems; + + const details = []; + if (summary.sshHostsImported > 0) details.push(`${summary.sshHostsImported} SSH hosts`); + if (summary.sshCredentialsImported > 0) details.push(`${summary.sshCredentialsImported} credentials`); + if (summary.fileManagerItemsImported > 0) details.push(`${summary.fileManagerItemsImported} file manager items`); + if (summary.dismissedAlertsImported > 0) details.push(`${summary.dismissedAlertsImported} alerts`); + if (summary.settingsImported > 0) details.push(`${summary.settingsImported} settings`); + + toast.success( + `Import completed: ${imported} items imported${details.length > 0 ? ` (${details.join(', ')})` : ''}, ${skipped} items skipped` + ); setImportFile(null); - await fetchEncryptionStatus(); // Refresh status + setImportPassword(""); } else { toast.error( - `${t("admin.databaseImportFailed")}: ${result.errors?.join(", ") || "Unknown error"}`, + `${t("admin.databaseImportFailed")}: ${result.summary?.errors?.join(", ") || "Unknown error"}`, ); } } else { - throw new Error("Import failed"); + const error = await response.json(); + if (error.code === "PASSWORD_REQUIRED") { + toast.error(t("admin.passwordRequired")); + } else { + toast.error(error.error || t("admin.databaseImportFailed")); + } } } catch (err) { toast.error(t("admin.databaseImportFailed")); @@ -459,36 +409,6 @@ export function AdminSettings({ } }; - const handleCreateBackup = async () => { - setBackupLoading(true); - try { - const jwt = getCookie("jwt"); - const apiUrl = isElectron() - ? `${(window as any).configuredServerUrl}/database/backup` - : "http://localhost:8081/database/backup"; - - const response = await fetch(apiUrl, { - method: "POST", - headers: { - Authorization: `Bearer ${jwt}`, - "Content-Type": "application/json", - }, - body: JSON.stringify({}), - }); - - if (response.ok) { - const result = await response.json(); - setBackupPath(result.backupPath); - toast.success(t("admin.encryptedBackupCreatedSuccessfully")); - } else { - throw new Error("Backup failed"); - } - } catch (err) { - toast.error(t("admin.backupCreationFailed")); - } finally { - setBackupLoading(false); - } - }; const topMarginPx = isTopbarOpen ? 74 : 26; const leftMarginPx = sidebarState === "collapsed" ? 26 : 8; @@ -925,7 +845,7 @@ export function AdminSettings({ -
+

@@ -933,241 +853,112 @@ export function AdminSettings({

- {encryptionStatus && ( -
- {/* Status Overview */} -
-
-
- {encryptionStatus.encryption?.enabled ? ( - - ) : ( - - )} -
-
- {t("admin.encryptionStatus")} -
-
- {encryptionStatus.encryption?.enabled - ? t("admin.enabled") - : t("admin.disabled")} -
-
-
-
- -
-
- -
-
- {t("admin.keyProtection")} -
-
- {encryptionStatus.encryption?.key?.kekProtected - ? t("admin.active") - : t("admin.legacy")} -
-
-
-
- -
-
- -
-
- {t("admin.dataStatus")} -
-
- {encryptionStatus.migration?.migrationCompleted - ? t("admin.encrypted") - : encryptionStatus.migration?.migrationRequired - ? t("admin.needsMigration") - : t("admin.ready")} -
-
-
-
+ {/* Simple status display - read only */} +
+
+ +
+
{t("admin.encryptionStatus")}
+
{t("admin.encryptionEnabled")}
+
+
- {/* Actions */} -
- {!encryptionStatus.encryption?.key?.hasKey ? ( -
-
-
- -

- {t("admin.initializeEncryption")} -

-
- -
-
- ) : ( - <> - {encryptionStatus.migration?.migrationRequired && ( -
-
-
- -

- {t("admin.migrateData")} -

-
- {migrationProgress && ( -
- {migrationProgress} -
- )} -
- - -
-
-
- )} - -
-
-
- -

- {t("admin.backup")} -

-
- - {backupPath && ( -
-
- {backupPath} -
-
- )} -
-
- - )} - -
-
-
- -

- {t("admin.exportImport")} -

-
-
- - {exportPath && ( -
-
- {exportPath} -
-
- )} -
-
- - setImportFile(e.target.files?.[0] || null) + {/* Data management functions - export/import */} +
+
+
+
+ +

{t("admin.export")}

+
+

+ {t("admin.exportDescription")} +

+ {showPasswordInput && ( +
+ + setExportPassword(e.target.value)} + placeholder="Enter your password" + onKeyDown={(e) => { + if (e.key === 'Enter') { + handleExportDatabase(); } - className="block w-full text-xs file:mr-2 file:py-1 file:px-2 file:rounded file:border-0 file:text-xs file:bg-muted file:text-foreground" - /> - -
+ }} + />
-
+ )} + + {showPasswordInput && ( + + )}
- )} - {!encryptionStatus && ( -
-
- {t("admin.loadingEncryptionStatus")} +
+
+
+ +

{t("admin.import")}

+
+

+ {t("admin.importDescription")} +

+ setImportFile(e.target.files?.[0] || null)} + className="block w-full text-xs file:mr-2 file:py-1 file:px-2 file:rounded file:border-0 file:text-xs file:bg-muted file:text-foreground mb-2" + /> + {importFile && ( +
+ + setImportPassword(e.target.value)} + placeholder="Enter your password" + onKeyDown={(e) => { + if (e.key === 'Enter') { + handleImportDatabase(); + } + }} + /> +
+ )} +
- )} +
diff --git a/src/ui/Desktop/Apps/Credentials/CredentialEditor.tsx b/src/ui/Desktop/Apps/Credentials/CredentialEditor.tsx index fbd8c404..03933b4b 100644 --- a/src/ui/Desktop/Apps/Credentials/CredentialEditor.tsx +++ b/src/ui/Desktop/Apps/Credentials/CredentialEditor.tsx @@ -28,6 +28,9 @@ import { generateKeyPair, } from "@/ui/main-axios"; import { useTranslation } from "react-i18next"; +import CodeMirror from "@uiw/react-codemirror"; +import { oneDark } from "@codemirror/theme-one-dark"; +import { EditorView } from "@codemirror/view"; import type { Credential, CredentialEditorProps, @@ -312,9 +315,9 @@ export function CredentialEditor({ "ssh-dss": "DSA (SSH)", "rsa-sha2-256": "RSA-SHA2-256", "rsa-sha2-512": "RSA-SHA2-512", - invalid: "Invalid Key", - error: "Detection Error", - unknown: "Unknown", + invalid: t("credentials.invalidKey"), + error: t("credentials.detectionError"), + unknown: t("credentials.unknown"), }; return keyTypeMap[keyType] || keyType; }; @@ -908,23 +911,39 @@ export function CredentialEditor({
-