[{"data":1,"prerenderedAt":8303},["ShallowReactive",2],{"navLinks":3,"sidebar_docs_navigation_\u002Fdocs\u002Fiam":64,"navigation":257,"navLinks_footer":837,"\u002Fdocs\u002Fiam\u002Fapi\u002Froutes_page":850,"\u002Fdocs\u002Fiam\u002Fapi\u002Froutes_surround":4939,"\u002Fdocs\u002Fiam\u002Fapi\u002Froutes":4941},{"id":4,"extension":5,"links":6,"meta":61,"stem":62,"__hash__":63},"navigationMenu\u002Fnavigation.json","json",[7,52,57],{"nested":8,"label":9,"icon":10,"to":11,"children":12},true,"Docs","i-lucide-book-open","\u002Fdocs\u002Fgetting-started",[13,19,26,32,39,45],{"label":14,"icon":15,"to":11,"description":16,"github":17,"badge":18},"Getting Started","i-lucide-rocket","An introduction to help you understand the core components.","https:\u002F\u002Fgithub.com\u002FSergo706\u002Fdocshub","Start Here",{"label":20,"icon":21,"to":22,"description":23,"github":24,"badge":25},"Auth H3 Client","i-lucide-key-round","\u002Fdocs\u002Fauth-h3client","Seamlessly enforce OAuth 2.0 authentication and session management integrated directly as the client of the IAM module.","https:\u002F\u002Fgithub.com\u002FSergo706\u002Fauth-h3client","Core",{"label":27,"icon":28,"to":29,"description":30,"github":31,"badge":25},"IAM","i-lucide-shield-check","\u002Fdocs\u002Fiam","Identity and Access Management featuring granular roles, permissions, and security policies.","https:\u002F\u002Fgithub.com\u002FSergo706\u002Fauth",{"label":33,"icon":34,"to":35,"description":36,"github":37,"badge":38},"Bot Detection","i-lucide-cpu","\u002Fdocs\u002Fbot-detection","Advanced behavioral analysis and request fingerprinting to stop malicious automated traffic.","https:\u002F\u002Fgithub.com\u002FSergo706\u002Fbot-detector","Security",{"label":40,"icon":41,"to":42,"description":43,"github":44,"badge":38},"Shield Base","i-lucide-database-zap","\u002Fdocs\u002Fshield-base","CLI and programmatic toolkit for compiling offline-ready IP intelligence databases from BGP, GeoIP, Tor, FireHOL, and other public threat feeds.","https:\u002F\u002Fgithub.com\u002FSergo706\u002Fshield-base-cli",{"label":46,"icon":47,"to":48,"description":49,"github":50,"badge":51},"Utils","i-lucide-wrench","\u002Fdocs\u002Futils","A standard library of highly optimized helpers for formatting, validation, and core logic.","https:\u002F\u002Fgithub.com\u002FSergo706\u002Futils","Library",{"nested":53,"label":54,"icon":55,"to":56},false,"Blog","i-lucide-pen-line","\u002Fblog",{"nested":53,"label":58,"icon":59,"to":60},"Website","lucide:app-window-mac","https:\u002F\u002Friavzon.com",{},"navigation","gkaQ0xRGxSLrLyM3kttLe0oBwkrR1EBjlepF8LSbwF8",[65],{"title":9,"path":66,"stem":67,"children":68,"page":53},"\u002Fdocs","docs",[69],{"title":27,"path":29,"stem":70,"children":71},"docs\u002Fiam\u002Findex",[72,73,76,216,219,236,240],{"title":27,"path":29,"stem":70},{"title":14,"path":74,"stem":75},"\u002Fdocs\u002Fiam\u002Fgetting-started","docs\u002Fiam\u002F00.getting-started",{"title":77,"path":78,"stem":79,"children":80},"Essentials","\u002Fdocs\u002Fiam\u002Fessentials","docs\u002Fiam\u002F01.essentials\u002Findex",[81,82,86,90,94,98,102,106,110,114,118,122,126,130,134,138,142,146,150,154,158,162,166],{"title":77,"path":78,"stem":79},{"title":83,"path":84,"stem":85},"Tokens","\u002Fdocs\u002Fiam\u002Fessentials\u002Ftokens","docs\u002Fiam\u002F01.essentials\u002F00.tokens",{"title":87,"path":88,"stem":89},"Access Tokens","\u002Fdocs\u002Fiam\u002Fessentials\u002Faccess-tokens","docs\u002Fiam\u002F01.essentials\u002F01.access-tokens",{"title":91,"path":92,"stem":93},"Refresh Tokens","\u002Fdocs\u002Fiam\u002Fessentials\u002Frefresh-tokens","docs\u002Fiam\u002F01.essentials\u002F02.refresh-tokens",{"title":95,"path":96,"stem":97},"Anomaly Detection","\u002Fdocs\u002Fiam\u002Fessentials\u002Fanomalies","docs\u002Fiam\u002F01.essentials\u002F03.anomalies",{"title":99,"path":100,"stem":101},"Signup","\u002Fdocs\u002Fiam\u002Fessentials\u002Fsignup","docs\u002Fiam\u002F01.essentials\u002F04.signup",{"title":103,"path":104,"stem":105},"Login","\u002Fdocs\u002Fiam\u002Fessentials\u002Flogin","docs\u002Fiam\u002F01.essentials\u002F05.login",{"title":107,"path":108,"stem":109},"Logout","\u002Fdocs\u002Fiam\u002Fessentials\u002Flogout","docs\u002Fiam\u002F01.essentials\u002F06.logout",{"title":111,"path":112,"stem":113},"OAuth","\u002Fdocs\u002Fiam\u002Fessentials\u002Foauth","docs\u002Fiam\u002F01.essentials\u002F07.oauth",{"title":115,"path":116,"stem":117},"Magic Links","\u002Fdocs\u002Fiam\u002Fessentials\u002Fmagic-links","docs\u002Fiam\u002F01.essentials\u002F08.magic-links",{"title":119,"path":120,"stem":121},"Emails","\u002Fdocs\u002Fiam\u002Fessentials\u002Femails","docs\u002Fiam\u002F01.essentials\u002F09.emails",{"title":123,"path":124,"stem":125},"MFA","\u002Fdocs\u002Fiam\u002Fessentials\u002Fmfa","docs\u002Fiam\u002F01.essentials\u002F10.mfa",{"title":127,"path":128,"stem":129},"Fingerprinting","\u002Fdocs\u002Fiam\u002Fessentials\u002Ffingerprinting","docs\u002Fiam\u002F01.essentials\u002F11.fingerprinting",{"title":131,"path":132,"stem":133},"Backend for Frontend","\u002Fdocs\u002Fiam\u002Fessentials\u002Fbff","docs\u002Fiam\u002F01.essentials\u002F12.bff",{"title":135,"path":136,"stem":137},"HMAC Authentication","\u002Fdocs\u002Fiam\u002Fessentials\u002Fhmac","docs\u002Fiam\u002F01.essentials\u002F13.hmac",{"title":139,"path":140,"stem":141},"XSS Protection","\u002Fdocs\u002Fiam\u002Fessentials\u002Fxss","docs\u002Fiam\u002F01.essentials\u002F14.xss",{"title":143,"path":144,"stem":145},"Logging","\u002Fdocs\u002Fiam\u002Fessentials\u002Flogging","docs\u002Fiam\u002F01.essentials\u002F15.logging",{"title":147,"path":148,"stem":149},"Rate Limiting","\u002Fdocs\u002Fiam\u002Fessentials\u002Frate-limiting","docs\u002Fiam\u002F01.essentials\u002F16.rate-limiting",{"title":151,"path":152,"stem":153},"Database","\u002Fdocs\u002Fiam\u002Fessentials\u002Fdatabase","docs\u002Fiam\u002F01.essentials\u002F17.database",{"title":155,"path":156,"stem":157},"Cookies","\u002Fdocs\u002Fiam\u002Fessentials\u002Fcookies","docs\u002Fiam\u002F01.essentials\u002F18.cookies",{"title":159,"path":160,"stem":161},"Service Startup","\u002Fdocs\u002Fiam\u002Fessentials\u002Fservice","docs\u002Fiam\u002F01.essentials\u002F19.service",{"title":163,"path":164,"stem":165},"Password Reset","\u002Fdocs\u002Fiam\u002Fessentials\u002Fpassword-reset","docs\u002Fiam\u002F01.essentials\u002F20.password-reset",{"title":167,"path":168,"stem":169,"children":170},"API Tokens","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi","docs\u002Fiam\u002F01.essentials\u002F21.api\u002Findex",[171,172,176,180,210,213],{"title":167,"path":168,"stem":169},{"title":173,"path":174,"stem":175},"Creating Tokens","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fcreation","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F00.creation",{"title":177,"path":178,"stem":179},"Verifying Tokens","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fverification","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F01.verification",{"title":181,"path":182,"stem":183,"children":184},"Manage Tokens","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F02.management\u002Findex",[185,186,190,194,198,202,206],{"title":181,"path":182,"stem":183},{"title":187,"path":188,"stem":189},"Privileges","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Fprivilege","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F02.management\u002F00.privilege",{"title":191,"path":192,"stem":193},"Revocation","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Frevocation","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F02.management\u002F01.revocation",{"title":195,"path":196,"stem":197},"Rotation","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Frotation","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F02.management\u002F02.rotation",{"title":199,"path":200,"stem":201},"IP Restriction","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Fip-updates","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F02.management\u002F03.ip-updates",{"title":203,"path":204,"stem":205},"Metadata","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Fmetadata","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F02.management\u002F04.metadata",{"title":207,"path":208,"stem":209},"Token Listing","\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Flist","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F02.management\u002F05.list",{"title":147,"path":211,"stem":212},"\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Frate-limiting","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F03.rate-limiting",{"title":38,"path":214,"stem":215},"\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fsecurity","docs\u002Fiam\u002F01.essentials\u002F21.api\u002F04.security",{"title":38,"path":217,"stem":218},"\u002Fdocs\u002Fiam\u002Fsecurity","docs\u002Fiam\u002F02.security",{"title":220,"path":221,"stem":222,"children":223,"page":53},"Guides","\u002Fdocs\u002Fiam\u002Fguides","docs\u002Fiam\u002F03.guides",[224,228,232],{"title":225,"path":226,"stem":227},"Deployment","\u002Fdocs\u002Fiam\u002Fguides\u002Fdeployment","docs\u002Fiam\u002F03.guides\u002Fdeployment",{"title":229,"path":230,"stem":231},"Operation Scripts","\u002Fdocs\u002Fiam\u002Fguides\u002Foperation-scripts","docs\u002Fiam\u002F03.guides\u002Foperation-scripts",{"title":233,"path":234,"stem":235},"Role-Based Access Control","\u002Fdocs\u002Fiam\u002Fguides\u002Frbac","docs\u002Fiam\u002F03.guides\u002Frbac",{"title":237,"path":238,"stem":239},"Configuration","\u002Fdocs\u002Fiam\u002Fconfiguration","docs\u002Fiam\u002F04.configuration",{"title":241,"path":242,"stem":243,"children":244,"page":53},"Api","\u002Fdocs\u002Fiam\u002Fapi","docs\u002Fiam\u002F05.API",[245,249,253],{"title":246,"path":247,"stem":248},"API Reference","\u002Fdocs\u002Fiam\u002Fapi\u002Fapi","docs\u002Fiam\u002F05.API\u002F00.api",{"title":250,"path":251,"stem":252},"Middleware Reference","\u002Fdocs\u002Fiam\u002Fapi\u002Fmiddlewares","docs\u002Fiam\u002F05.API\u002F02.middlewares",{"title":254,"path":255,"stem":256},"Routes Reference","\u002Fdocs\u002Fiam\u002Fapi\u002Froutes","docs\u002Fiam\u002F05.API\u002F03.routes",[258],{"title":9,"path":66,"stem":67,"children":259,"page":53},[260,398,516,521,577,644],{"title":20,"path":22,"stem":261,"children":262},"docs\u002Fauth-h3client\u002Findex",[263,264,273,307,331,353,356,376,379],{"title":20,"path":22,"stem":261},{"title":14,"path":265,"stem":266,"children":267},"\u002Fdocs\u002Fauth-h3client\u002Fgetting-started","docs\u002Fauth-h3client\u002F00.getting-started\u002Findex",[268,269],{"title":14,"path":265,"stem":266},{"title":270,"path":271,"stem":272},"Nuxt Module","\u002Fdocs\u002Fauth-h3client\u002Fgetting-started\u002Fnuxt","docs\u002Fauth-h3client\u002F00.getting-started\u002F00.nuxt",{"title":77,"path":274,"stem":275,"children":276},"\u002Fdocs\u002Fauth-h3client\u002Fessentials","docs\u002Fauth-h3client\u002F01.essentials\u002Findex",[277,278,282,286,290,294,298,301,304],{"title":77,"path":274,"stem":275},{"title":279,"path":280,"stem":281},"Session Management","\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Fsession","docs\u002Fauth-h3client\u002F01.essentials\u002F00.session",{"title":283,"path":284,"stem":285},"Route Protection","\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Froute-protection","docs\u002Fauth-h3client\u002F01.essentials\u002F01.route-protection",{"title":287,"path":288,"stem":289},"CSRF Protection","\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Fcsrf","docs\u002Fauth-h3client\u002F01.essentials\u002F02.csrf",{"title":291,"path":292,"stem":293},"Auth Flows","\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Fauth-flows","docs\u002Fauth-h3client\u002F01.essentials\u002F03.auth-flows",{"title":295,"path":296,"stem":297},"OAuth and OIDC","\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Foauth","docs\u002Fauth-h3client\u002F01.essentials\u002F04.oauth",{"title":33,"path":299,"stem":300},"\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Fbot-detection","docs\u002Fauth-h3client\u002F01.essentials\u002F05.bot-detection",{"title":155,"path":302,"stem":303},"\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Fcookies","docs\u002Fauth-h3client\u002F01.essentials\u002F06.cookies",{"title":143,"path":305,"stem":306},"\u002Fdocs\u002Fauth-h3client\u002Fessentials\u002Flogging","docs\u002Fauth-h3client\u002F01.essentials\u002F07.logging",{"title":123,"path":308,"stem":309,"children":310},"\u002Fdocs\u002Fauth-h3client\u002Fmfa","docs\u002Fauth-h3client\u002F02.mfa\u002Findex",[311,312,316,319,323,327],{"title":123,"path":308,"stem":309},{"title":313,"path":314,"stem":315},"Built-in MFA","\u002Fdocs\u002Fauth-h3client\u002Fmfa\u002Fbuilt-in-flow","docs\u002Fauth-h3client\u002F02.mfa\u002F01.built-in-flow",{"title":163,"path":317,"stem":318},"\u002Fdocs\u002Fauth-h3client\u002Fmfa\u002Fpassword-reset","docs\u002Fauth-h3client\u002F02.mfa\u002F02.password-reset",{"title":320,"path":321,"stem":322},"Email Change","\u002Fdocs\u002Fauth-h3client\u002Fmfa\u002Femail-change","docs\u002Fauth-h3client\u002F02.mfa\u002F03.email-change",{"title":324,"path":325,"stem":326},"Custom MFA Flow","\u002Fdocs\u002Fauth-h3client\u002Fmfa\u002Fcustom-flow","docs\u002Fauth-h3client\u002F02.mfa\u002F04.custom-flow",{"title":328,"path":329,"stem":330},"Client-Side MFA","\u002Fdocs\u002Fauth-h3client\u002Fmfa\u002Fclient-side","docs\u002Fauth-h3client\u002F02.mfa\u002F05.client-side",{"title":332,"path":333,"stem":334,"children":335},"Client-side","\u002Fdocs\u002Fauth-h3client\u002Fclient","docs\u002Fauth-h3client\u002F03.client\u002Findex",[336,337,341,345,349],{"title":332,"path":333,"stem":334},{"title":338,"path":339,"stem":340},"useAuthData","\u002Fdocs\u002Fauth-h3client\u002Fclient\u002Fuse-auth-data","docs\u002Fauth-h3client\u002F03.client\u002F00.use-auth-data",{"title":342,"path":343,"stem":344},"useMagicLink","\u002Fdocs\u002Fauth-h3client\u002Fclient\u002Fuse-magic-link","docs\u002Fauth-h3client\u002F03.client\u002F01.use-magic-link",{"title":346,"path":347,"stem":348},"executeRequest","\u002Fdocs\u002Fauth-h3client\u002Fclient\u002Fexecute-request","docs\u002Fauth-h3client\u002F03.client\u002F02.execute-request",{"title":350,"path":351,"stem":352},"getCsrfToken","\u002Fdocs\u002Fauth-h3client\u002Fclient\u002Fget-csrf-token","docs\u002Fauth-h3client\u002F03.client\u002F03.get-csrf-token",{"title":38,"path":354,"stem":355},"\u002Fdocs\u002Fauth-h3client\u002Fsecurity","docs\u002Fauth-h3client\u002F04.security",{"title":220,"path":357,"stem":358,"children":359,"page":53},"\u002Fdocs\u002Fauth-h3client\u002Fguides","docs\u002Fauth-h3client\u002F05.guides",[360,364,368,372],{"title":361,"path":362,"stem":363},"H3 and Nitro Setup","\u002Fdocs\u002Fauth-h3client\u002Fguides\u002Fh3-nitro","docs\u002Fauth-h3client\u002F05.guides\u002F00.h3-nitro",{"title":365,"path":366,"stem":367},"HMAC Inter-service Auth","\u002Fdocs\u002Fauth-h3client\u002Fguides\u002Fhmac","docs\u002Fauth-h3client\u002F05.guides\u002Fhmac",{"title":369,"path":370,"stem":371},"Image Upload","\u002Fdocs\u002Fauth-h3client\u002Fguides\u002Fimage-upload","docs\u002Fauth-h3client\u002F05.guides\u002Fimage-upload",{"title":373,"path":374,"stem":375},"mTLS Configuration","\u002Fdocs\u002Fauth-h3client\u002Fguides\u002Fmtls","docs\u002Fauth-h3client\u002F05.guides\u002Fmtls",{"title":237,"path":377,"stem":378},"\u002Fdocs\u002Fauth-h3client\u002Fconfiguration","docs\u002Fauth-h3client\u002F06.configuration",{"title":246,"path":380,"stem":381,"children":382},"\u002Fdocs\u002Fauth-h3client\u002Fapi","docs\u002Fauth-h3client\u002F07.api\u002Findex",[383,384,387,390,394],{"title":246,"path":380,"stem":381},{"title":254,"path":385,"stem":386},"\u002Fdocs\u002Fauth-h3client\u002Fapi\u002Fcontrollers","docs\u002Fauth-h3client\u002F07.api\u002F00.controllers",{"title":250,"path":388,"stem":389},"\u002Fdocs\u002Fauth-h3client\u002Fapi\u002Fmiddleware","docs\u002Fauth-h3client\u002F07.api\u002F01.middleware",{"title":391,"path":392,"stem":393},"Client-side Reference","\u002Fdocs\u002Fauth-h3client\u002Fapi\u002Fcomposables","docs\u002Fauth-h3client\u002F07.api\u002F02.composables",{"title":395,"path":396,"stem":397},"Utilities","\u002Fdocs\u002Fauth-h3client\u002Fapi\u002Futilities","docs\u002Fauth-h3client\u002F07.api\u002F03.utilities",{"title":399,"path":35,"stem":400,"children":401},"Bot Detector","docs\u002Fbot-detection\u002Findex",[402,403,406,410,414,433,507,510,513],{"title":399,"path":35,"stem":400},{"title":14,"path":404,"stem":405},"\u002Fdocs\u002Fbot-detection\u002Fgetting-started","docs\u002Fbot-detection\u002F00.getting-started",{"title":407,"path":408,"stem":409},"CLI","\u002Fdocs\u002Fbot-detection\u002Fcli","docs\u002Fbot-detection\u002F01.cli",{"title":411,"path":412,"stem":413},"Data Sources","\u002Fdocs\u002Fbot-detection\u002Fdata-sources","docs\u002Fbot-detection\u002F02.data-sources",{"title":220,"path":415,"stem":416,"children":417,"page":53},"\u002Fdocs\u002Fbot-detection\u002Fguides","docs\u002Fbot-detection\u002F03.guides",[418,422,426,429],{"title":419,"path":420,"stem":421},"Custom Checkers","\u002Fdocs\u002Fbot-detection\u002Fguides\u002Fcustom","docs\u002Fbot-detection\u002F03.guides\u002FCUSTOM",{"title":423,"path":424,"stem":425},"Scheduling Database Generation","\u002Fdocs\u002Fbot-detection\u002Fguides\u002Fgenerate","docs\u002Fbot-detection\u002F03.guides\u002FGENERATE",{"title":143,"path":427,"stem":428},"\u002Fdocs\u002Fbot-detection\u002Fguides\u002Flogging","docs\u002Fbot-detection\u002F03.guides\u002FLOGGING",{"title":430,"path":431,"stem":432},"Score Modes and Reputation Healing","\u002Fdocs\u002Fbot-detection\u002Fguides\u002Fscore","docs\u002Fbot-detection\u002F03.guides\u002FSCORE",{"title":434,"path":435,"stem":436,"children":437},"Checkers","\u002Fdocs\u002Fbot-detection\u002Fcheckers","docs\u002Fbot-detection\u002F04.checkers\u002Findex",[438,439,443,447,451,455,459,463,467,471,475,479,483,487,491,495,499,503],{"title":434,"path":435,"stem":436},{"title":440,"path":441,"stem":442},"IP Validation","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fip-validation","docs\u002Fbot-detection\u002F04.checkers\u002F01.ip-validation",{"title":444,"path":445,"stem":446},"Good \u002F Bad Bot Verification","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fgood-bots","docs\u002Fbot-detection\u002F04.checkers\u002F02.good-bots",{"title":448,"path":449,"stem":450},"Browser & Device Fingerprint","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fbrowser-device","docs\u002Fbot-detection\u002F04.checkers\u002F03.browser-device",{"title":452,"path":453,"stem":454},"Locale Map","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Flocale-map","docs\u002Fbot-detection\u002F04.checkers\u002F04.locale-map",{"title":456,"path":457,"stem":458},"Known Threats","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fknown-threats","docs\u002Fbot-detection\u002F04.checkers\u002F05.known-threats",{"title":460,"path":461,"stem":462},"ASN Classification","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fasn-classification","docs\u002Fbot-detection\u002F04.checkers\u002F06.asn-classification",{"title":464,"path":465,"stem":466},"Tor Analysis","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Ftor-analysis","docs\u002Fbot-detection\u002F04.checkers\u002F07.tor-analysis",{"title":468,"path":469,"stem":470},"Timezone Consistency","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Ftimezone-consistency","docs\u002Fbot-detection\u002F04.checkers\u002F08.timezone-consistency",{"title":472,"path":473,"stem":474},"Honeypot","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fhoneypot","docs\u002Fbot-detection\u002F04.checkers\u002F09.honeypot",{"title":476,"path":477,"stem":478},"Known Bad IPs","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fknown-bad-ips","docs\u002Fbot-detection\u002F04.checkers\u002F10.known-bad-ips",{"title":480,"path":481,"stem":482},"Behavior Rate","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fbehavior-rate","docs\u002Fbot-detection\u002F04.checkers\u002F11.behavior-rate",{"title":484,"path":485,"stem":486},"Proxy \u002F ISP \u002F Cookie","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fproxy-isp-cookies","docs\u002Fbot-detection\u002F04.checkers\u002F12.proxy-isp-cookies",{"title":488,"path":489,"stem":490},"Session Coherence","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fsession-coherence","docs\u002Fbot-detection\u002F04.checkers\u002F13.session-coherence",{"title":492,"path":493,"stem":494},"Velocity Fingerprint","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fvelocity-fingerprint","docs\u002Fbot-detection\u002F04.checkers\u002F14.velocity-fingerprint",{"title":496,"path":497,"stem":498},"UA & Header Analysis","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fua-header","docs\u002Fbot-detection\u002F04.checkers\u002F15.ua-header",{"title":500,"path":501,"stem":502},"Geolocation","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fgeolocation","docs\u002Fbot-detection\u002F04.checkers\u002F16.geolocation",{"title":504,"path":505,"stem":506},"Known Bad User-Agents","\u002Fdocs\u002Fbot-detection\u002Fcheckers\u002Fknown-bad-ua","docs\u002Fbot-detection\u002F04.checkers\u002F17.known-bad-ua",{"title":38,"path":508,"stem":509},"\u002Fdocs\u002Fbot-detection\u002Fsecurity","docs\u002Fbot-detection\u002F04.security",{"title":246,"path":511,"stem":512},"\u002Fdocs\u002Fbot-detection\u002Fapi","docs\u002Fbot-detection\u002F05.api",{"title":237,"path":514,"stem":515},"\u002Fdocs\u002Fbot-detection\u002Fconfiguration","docs\u002Fbot-detection\u002F06.configuration",{"title":517,"path":11,"stem":518,"children":519},"Introduction","docs\u002Fgetting-started\u002Findex",[520],{"title":517,"path":11,"stem":518},{"title":27,"path":29,"stem":70,"children":522},[523,524,525,565,566,571,572],{"title":27,"path":29,"stem":70},{"title":14,"path":74,"stem":75},{"title":77,"path":78,"stem":79,"children":526},[527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549],{"title":77,"path":78,"stem":79},{"title":83,"path":84,"stem":85},{"title":87,"path":88,"stem":89},{"title":91,"path":92,"stem":93},{"title":95,"path":96,"stem":97},{"title":99,"path":100,"stem":101},{"title":103,"path":104,"stem":105},{"title":107,"path":108,"stem":109},{"title":111,"path":112,"stem":113},{"title":115,"path":116,"stem":117},{"title":119,"path":120,"stem":121},{"title":123,"path":124,"stem":125},{"title":127,"path":128,"stem":129},{"title":131,"path":132,"stem":133},{"title":135,"path":136,"stem":137},{"title":139,"path":140,"stem":141},{"title":143,"path":144,"stem":145},{"title":147,"path":148,"stem":149},{"title":151,"path":152,"stem":153},{"title":155,"path":156,"stem":157},{"title":159,"path":160,"stem":161},{"title":163,"path":164,"stem":165},{"title":167,"path":168,"stem":169,"children":550},[551,552,553,554,563,564],{"title":167,"path":168,"stem":169},{"title":173,"path":174,"stem":175},{"title":177,"path":178,"stem":179},{"title":181,"path":182,"stem":183,"children":555},[556,557,558,559,560,561,562],{"title":181,"path":182,"stem":183},{"title":187,"path":188,"stem":189},{"title":191,"path":192,"stem":193},{"title":195,"path":196,"stem":197},{"title":199,"path":200,"stem":201},{"title":203,"path":204,"stem":205},{"title":207,"path":208,"stem":209},{"title":147,"path":211,"stem":212},{"title":38,"path":214,"stem":215},{"title":38,"path":217,"stem":218},{"title":220,"path":221,"stem":222,"children":567,"page":53},[568,569,570],{"title":225,"path":226,"stem":227},{"title":229,"path":230,"stem":231},{"title":233,"path":234,"stem":235},{"title":237,"path":238,"stem":239},{"title":241,"path":242,"stem":243,"children":573,"page":53},[574,575,576],{"title":246,"path":247,"stem":248},{"title":250,"path":251,"stem":252},{"title":254,"path":255,"stem":256},{"title":40,"path":42,"stem":578,"children":579},"docs\u002Fshield-base\u002Findex",[580,581,584,588,629,633,637,641],{"title":40,"path":42,"stem":578},{"title":14,"path":582,"stem":583},"\u002Fdocs\u002Fshield-base\u002Fgetting-started","docs\u002Fshield-base\u002F00.getting-started",{"title":585,"path":586,"stem":587},"CLI Reference","\u002Fdocs\u002Fshield-base\u002Fcli","docs\u002Fshield-base\u002F01.cli",{"title":411,"path":589,"stem":590,"children":591},"\u002Fdocs\u002Fshield-base\u002Fdata-sources","docs\u002Fshield-base\u002F02.data-sources\u002Findex",[592,593,597,601,605,609,613,617,621,625],{"title":411,"path":589,"stem":590},{"title":594,"path":595,"stem":596},"BGP \u002F ASN","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Fbgp","docs\u002Fshield-base\u002F02.data-sources\u002Fbgp",{"title":598,"path":599,"stem":600},"City Geolocation","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Fcity","docs\u002Fshield-base\u002F02.data-sources\u002Fcity",{"title":602,"path":603,"stem":604},"Country Geolocation","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Fcountry","docs\u002Fshield-base\u002F02.data-sources\u002Fcountry",{"title":606,"path":607,"stem":608},"Verified Crawlers","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Fcrawlers","docs\u002Fshield-base\u002F02.data-sources\u002Fcrawlers",{"title":610,"path":611,"stem":612},"Disposable Emails","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Femail","docs\u002Fshield-base\u002F02.data-sources\u002Femail",{"title":614,"path":615,"stem":616},"FireHOL Threat Intelligence","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Ffirehol","docs\u002Fshield-base\u002F02.data-sources\u002Ffirehol",{"title":618,"path":619,"stem":620},"Proxy Detection","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Fproxy","docs\u002Fshield-base\u002F02.data-sources\u002Fproxy",{"title":622,"path":623,"stem":624},"Tor Nodes","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Ftor","docs\u002Fshield-base\u002F02.data-sources\u002Ftor",{"title":626,"path":627,"stem":628},"Suspicious User-Agents","\u002Fdocs\u002Fshield-base\u002Fdata-sources\u002Fuseragent","docs\u002Fshield-base\u002F02.data-sources\u002Fuseragent",{"title":630,"path":631,"stem":632},"Programmatic Usage","\u002Fdocs\u002Fshield-base\u002Fusage","docs\u002Fshield-base\u002F03.usage",{"title":634,"path":635,"stem":636},"Custom Data Sources","\u002Fdocs\u002Fshield-base\u002Fcustom-data-sources","docs\u002Fshield-base\u002F04.custom-data-sources",{"title":638,"path":639,"stem":640},"TypeScript Types","\u002Fdocs\u002Fshield-base\u002Ftypes","docs\u002Fshield-base\u002F05.types",{"title":246,"path":642,"stem":643},"\u002Fdocs\u002Fshield-base\u002Fapi","docs\u002Fshield-base\u002F06.api",{"title":395,"path":48,"stem":645,"children":646},"docs\u002Futils\u002Findex",[647,648,665,698,795],{"title":395,"path":48,"stem":645},{"title":649,"path":650,"stem":651,"children":652,"page":53},"Eslint","\u002Fdocs\u002Futils\u002Feslint","docs\u002Futils\u002Feslint",[653,657,661],{"title":654,"path":655,"stem":656},"React Config","\u002Fdocs\u002Futils\u002Feslint\u002Freact","docs\u002Futils\u002Feslint\u002Freact",{"title":658,"path":659,"stem":660},"TypeScript Config","\u002Fdocs\u002Futils\u002Feslint\u002Ftypescript","docs\u002Futils\u002Feslint\u002Ftypescript",{"title":662,"path":663,"stem":664},"Vue Config","\u002Fdocs\u002Futils\u002Feslint\u002Fvue","docs\u002Futils\u002Feslint\u002Fvue",{"title":666,"path":667,"stem":668,"children":669,"page":53},"Server","\u002Fdocs\u002Futils\u002Fserver","docs\u002Futils\u002Fserver",[670,674,678,682,686,690,694],{"title":671,"path":672,"stem":673},"Encryption","\u002Fdocs\u002Futils\u002Fserver\u002Fencryption","docs\u002Futils\u002Fserver\u002Fencryption",{"title":675,"path":676,"stem":677},"Path Resolver","\u002Fdocs\u002Futils\u002Fserver\u002Fpathresolver","docs\u002Futils\u002Fserver\u002FpathResolver",{"title":679,"path":680,"stem":681},"File Replacements","\u002Fdocs\u002Futils\u002Fserver\u002Freplace","docs\u002Futils\u002Fserver\u002Freplace",{"title":683,"path":684,"stem":685},"run","\u002Fdocs\u002Futils\u002Fserver\u002Frun","docs\u002Futils\u002Fserver\u002Frun",{"title":687,"path":688,"stem":689},"scheduleTask","\u002Fdocs\u002Futils\u002Fserver\u002Fscheduletask","docs\u002Futils\u002Fserver\u002FscheduleTask",{"title":691,"path":692,"stem":693},"spawnRun","\u002Fdocs\u002Futils\u002Fserver\u002Fspawnrun","docs\u002Futils\u002Fserver\u002FspawnRun",{"title":695,"path":696,"stem":697},"uploadCsv","\u002Fdocs\u002Futils\u002Fserver\u002Fuploadcsv","docs\u002Futils\u002Fserver\u002FuploadCsv",{"title":699,"path":700,"stem":701,"children":702,"page":53},"Shared","\u002Fdocs\u002Futils\u002Fshared","docs\u002Futils\u002Fshared",[703,707,711,715,719,723,727,731,735,739,743,747,751,755,759,763,767,771,775,779,783,787,791],{"title":704,"path":705,"stem":706},"BatchQueue","\u002Fdocs\u002Futils\u002Fshared\u002Fbatchqueue","docs\u002Futils\u002Fshared\u002FbatchQueue",{"title":708,"path":709,"stem":710},"capitalize","\u002Fdocs\u002Futils\u002Fshared\u002Fcapitalize","docs\u002Futils\u002Fshared\u002Fcapitalize",{"title":712,"path":713,"stem":714},"chunkProcess","\u002Fdocs\u002Futils\u002Fshared\u002Fchunkprocess","docs\u002Futils\u002Fshared\u002FchunkProcess",{"title":716,"path":717,"stem":718},"cleanObject","\u002Fdocs\u002Futils\u002Fshared\u002Fcleanobject","docs\u002Futils\u002Fshared\u002FcleanObject",{"title":720,"path":721,"stem":722},"createConfigManager","\u002Fdocs\u002Futils\u002Fshared\u002Fconfigurationdefiner","docs\u002Futils\u002Fshared\u002FconfigurationDefiner",{"title":724,"path":725,"stem":726},"debounce","\u002Fdocs\u002Futils\u002Fshared\u002Fdebounce","docs\u002Futils\u002Fshared\u002Fdebounce",{"title":728,"path":729,"stem":730},"ensureArray","\u002Fdocs\u002Futils\u002Fshared\u002Fensurearray","docs\u002Futils\u002Fshared\u002FensureArray",{"title":732,"path":733,"stem":734},"fetchWithRetry","\u002Fdocs\u002Futils\u002Fshared\u002Ffetchwithretry","docs\u002Futils\u002Fshared\u002FfetchWithRetry",{"title":736,"path":737,"stem":738},"filterEmptyValues","\u002Fdocs\u002Futils\u002Fshared\u002Ffilteremptyvalues","docs\u002Futils\u002Fshared\u002FfilterEmptyValues",{"title":740,"path":741,"stem":742},"findStringsInObject","\u002Fdocs\u002Futils\u002Fshared\u002Ffindobjectvalues","docs\u002Futils\u002Fshared\u002FfindObjectValues",{"title":744,"path":745,"stem":746},"fisherYatesShuffle","\u002Fdocs\u002Futils\u002Fshared\u002Ffisheryatesshuffle","docs\u002Futils\u002Fshared\u002FfisherYatesShuffle",{"title":748,"path":749,"stem":750},"getRandomImage","\u002Fdocs\u002Futils\u002Fshared\u002Fgetrandomimage","docs\u002Futils\u002Fshared\u002FgetRandomImage",{"title":752,"path":753,"stem":754},"isObjectHasValues","\u002Fdocs\u002Futils\u002Fshared\u002Fisobjecthasvalues","docs\u002Futils\u002Fshared\u002FisObjectHasValues",{"title":756,"path":757,"stem":758},"isAsyncOrPromise","\u002Fdocs\u002Futils\u002Fshared\u002Fispromise","docs\u002Futils\u002Fshared\u002FisPromise",{"title":760,"path":761,"stem":762},"MiniCache","\u002Fdocs\u002Futils\u002Fshared\u002Fminicache","docs\u002Futils\u002Fshared\u002FminiCache",{"title":764,"path":765,"stem":766},"parseCookies","\u002Fdocs\u002Futils\u002Fshared\u002Fparserawcookies","docs\u002Futils\u002Fshared\u002FparseRawCookies",{"title":768,"path":769,"stem":770},"safeAction","\u002Fdocs\u002Futils\u002Fshared\u002Fpromiselocker","docs\u002Futils\u002Fshared\u002FpromiseLocker",{"title":772,"path":773,"stem":774},"Random","\u002Fdocs\u002Futils\u002Fshared\u002Frandom","docs\u002Futils\u002Fshared\u002Frandom",{"title":776,"path":777,"stem":778},"range","\u002Fdocs\u002Futils\u002Fshared\u002Frange","docs\u002Futils\u002Fshared\u002Frange",{"title":780,"path":781,"stem":782},"rateLimiters","\u002Fdocs\u002Futils\u002Fshared\u002Fratelimiters","docs\u002Futils\u002Fshared\u002FrateLimiters",{"title":784,"path":785,"stem":786},"safeObjectMerge","\u002Fdocs\u002Futils\u002Fshared\u002Fsafemerge","docs\u002Futils\u002Fshared\u002FsafeMerge",{"title":788,"path":789,"stem":790},"textTruncation","\u002Fdocs\u002Futils\u002Fshared\u002Ftexttruncation","docs\u002Futils\u002Fshared\u002FtextTruncation",{"title":792,"path":793,"stem":794},"validateZodSchema","\u002Fdocs\u002Futils\u002Fshared\u002Fvalidatezodschema","docs\u002Futils\u002Fshared\u002FvalidateZodSchema",{"title":796,"path":797,"stem":798,"children":799},"Utility Types","\u002Fdocs\u002Futils\u002Ftypes","docs\u002Futils\u002Ftypes\u002Findex",[800,801,805,809,813,817,821,825,829,833],{"title":796,"path":797,"stem":798},{"title":802,"path":803,"stem":804},"Brand","\u002Fdocs\u002Futils\u002Ftypes\u002Fbrand","docs\u002Futils\u002Ftypes\u002FBrand",{"title":806,"path":807,"stem":808},"DeepPartial","\u002Fdocs\u002Futils\u002Ftypes\u002Fdeeppartial","docs\u002Futils\u002Ftypes\u002FDeepPartial",{"title":810,"path":811,"stem":812},"Merge","\u002Fdocs\u002Futils\u002Ftypes\u002Fmerge","docs\u002Futils\u002Ftypes\u002FMerge",{"title":814,"path":815,"stem":816},"NonNullable","\u002Fdocs\u002Futils\u002Ftypes\u002Fnonnullable","docs\u002Futils\u002Ftypes\u002FNonNullable",{"title":818,"path":819,"stem":820},"Prettify","\u002Fdocs\u002Futils\u002Ftypes\u002Fprettify","docs\u002Futils\u002Ftypes\u002FPrettify",{"title":822,"path":823,"stem":824},"PromiseType","\u002Fdocs\u002Futils\u002Ftypes\u002Fpromisetype","docs\u002Futils\u002Ftypes\u002FPromiseType",{"title":826,"path":827,"stem":828},"RequireKeys","\u002Fdocs\u002Futils\u002Ftypes\u002Frequirekeys","docs\u002Futils\u002Ftypes\u002FRequireKeys",{"title":830,"path":831,"stem":832},"StandardResponse","\u002Fdocs\u002Futils\u002Ftypes\u002Fstandardresponse","docs\u002Futils\u002Ftypes\u002FStandardResponse",{"title":834,"path":835,"stem":836},"ValueOf","\u002Fdocs\u002Futils\u002Ftypes\u002Fvalueof","docs\u002Futils\u002Ftypes\u002FValueOf",{"id":4,"extension":5,"links":838,"meta":849,"stem":62,"__hash__":63},[839,847,848],{"nested":8,"label":9,"icon":10,"to":11,"children":840},[841,842,843,844,845,846],{"label":14,"icon":15,"to":11,"description":16,"github":17,"badge":18},{"label":20,"icon":21,"to":22,"description":23,"github":24,"badge":25},{"label":27,"icon":28,"to":29,"description":30,"github":31,"badge":25},{"label":33,"icon":34,"to":35,"description":36,"github":37,"badge":38},{"label":40,"icon":41,"to":42,"description":43,"github":44,"badge":38},{"label":46,"icon":47,"to":48,"description":49,"github":50,"badge":51},{"nested":53,"label":54,"icon":55,"to":56},{"nested":53,"label":58,"icon":59,"to":60},{},{"id":851,"title":254,"body":852,"description":4931,"extension":4932,"icon":4933,"meta":4934,"module":4935,"navigation":8,"path":255,"rawbody":4936,"seo":4937,"stem":256,"__hash__":4938},"docs\u002Fdocs\u002Fiam\u002F05.API\u002F03.routes.md",{"type":853,"value":854,"toc":4892},"minimark",[855,872,1184,1196,1206,1212,1223,1230,1233,1239,1285,1290,1357,1362,1431,1437,1440,1446,1449,1453,1487,1491,1503,1507,1565,1570,1572,1578,1589,1593,1629,1634,1652,1656,1730,1735,1737,1742,1749,1755,1769,1773,1824,1829,1861,1865,1924,1929,1931,1937,1947,1951,1990,1994,2023,2028,2053,2057,2095,2100,2102,2107,2113,2119,2122,2126,2137,2142,2171,2175,2218,2220,2226,2229,2233,2285,2289,2296,2300,2357,2362,2364,2370,2383,2387,2451,2455,2462,2466,2488,2492,2520,2524,2562,2568,2570,2576,2579,2583,2629,2633,2652,2654,2660,2663,2667,2742,2746,2753,2757,2811,2813,2819,2822,2826,2900,2904,2916,2920,2975,2977,2983,2986,2990,3015,3019,3026,3030,3059,3064,3066,3072,3075,3079,3090,3094,3105,3109,3148,3150,3156,3163,3167,3214,3218,3231,3235,3282,3284,3289,3295,3301,3304,3308,3354,3358,3417,3419,3425,3428,3432,3486,3490,3542,3560,3562,3568,3581,3587,3598,3603,3613,3617,3638,3642,3665,3669,3731,3736,3738,3744,3755,3760,3786,3790,3858,3863,4036,4038,4043,4050,4054,4101,4106,4140,4142,4146,4152,4158,4163,4174,4179,4236,4271,4276,4299,4301,4307,4314,4316,4320,4323,4373,4381,4400,4402,4406,4888],[856,857,858,859,863,864,867,868,871],"p",{},"The IAM service registers 26 HTTP endpoints across six ",[860,861,862],"code",{},"express.Router","\ninstances plus two standalone endpoints. When using ",[860,865,866],{},"bootstrapApp()",", all\nroutes are mounted automatically in the correct order. When building a custom\nExpress app, mount each router with ",[860,869,870],{},"app.use()",".",[873,874,880],"pre",{"className":875,"code":876,"filename":877,"language":878,"meta":879,"style":879},"language-ts shiki shiki-themes light-plus light-plus dracula","import express from 'express'\nimport cookieParser from 'cookie-parser'\nimport {\n  authenticationRoutes,\n  tokenRotationRoutes,\n  magicLinks,\n  bffAccessRoute,\n  apiVerificationRoute,\n  apiProtectedRoutes,\n  sendOperationalConfig,\n} from '@riavzon\u002Fauth'\n\nconst app = express()\n\napp.use(apiVerificationRoute())\napp.use(cookieParser())\napp.use(authenticationRoutes)\napp.use(tokenRotationRoutes)\napp.use(magicLinks)\napp.use(bffAccessRoute)\napp.use(apiProtectedRoutes())\napp.use('\u002Foperational\u002Fconfig', sendOperationalConfig)\n","server\u002Fapp.ts","ts","",[860,881,882,909,926,935,944,952,960,968,976,984,992,1008,1014,1035,1040,1060,1076,1093,1109,1125,1141,1157],{"__ignoreMap":879},[883,884,887,891,895,898,902,906],"span",{"class":885,"line":886},"line",1,[883,888,890],{"class":889},"sZ328","import",[883,892,894],{"class":893},"sjsA6"," express",[883,896,897],{"class":889}," from",[883,899,901],{"class":900},"sFkSl"," '",[883,903,905],{"class":904},"sFB1V","express",[883,907,908],{"class":900},"'\n",[883,910,912,914,917,919,921,924],{"class":885,"line":911},2,[883,913,890],{"class":889},[883,915,916],{"class":893}," cookieParser",[883,918,897],{"class":889},[883,920,901],{"class":900},[883,922,923],{"class":904},"cookie-parser",[883,925,908],{"class":900},[883,927,929,931],{"class":885,"line":928},3,[883,930,890],{"class":889},[883,932,934],{"class":933},"sDd4n"," {\n",[883,936,938,941],{"class":885,"line":937},4,[883,939,940],{"class":893},"  authenticationRoutes",[883,942,943],{"class":933},",\n",[883,945,947,950],{"class":885,"line":946},5,[883,948,949],{"class":893},"  tokenRotationRoutes",[883,951,943],{"class":933},[883,953,955,958],{"class":885,"line":954},6,[883,956,957],{"class":893},"  magicLinks",[883,959,943],{"class":933},[883,961,963,966],{"class":885,"line":962},7,[883,964,965],{"class":893},"  bffAccessRoute",[883,967,943],{"class":933},[883,969,971,974],{"class":885,"line":970},8,[883,972,973],{"class":893},"  apiVerificationRoute",[883,975,943],{"class":933},[883,977,979,982],{"class":885,"line":978},9,[883,980,981],{"class":893},"  apiProtectedRoutes",[883,983,943],{"class":933},[883,985,987,990],{"class":885,"line":986},10,[883,988,989],{"class":893},"  sendOperationalConfig",[883,991,943],{"class":933},[883,993,995,998,1001,1003,1006],{"class":885,"line":994},11,[883,996,997],{"class":933},"} ",[883,999,1000],{"class":889},"from",[883,1002,901],{"class":900},[883,1004,1005],{"class":904},"@riavzon\u002Fauth",[883,1007,908],{"class":900},[883,1009,1011],{"class":885,"line":1010},12,[883,1012,1013],{"emptyLinePlaceholder":8},"\n",[883,1015,1017,1021,1025,1029,1032],{"class":885,"line":1016},13,[883,1018,1020],{"class":1019},"sl46w","const",[883,1022,1024],{"class":1023},"s3JHE"," app",[883,1026,1028],{"class":1027},"saOXh"," =",[883,1030,894],{"class":1031},"sHOzp",[883,1033,1034],{"class":933},"()\n",[883,1036,1038],{"class":885,"line":1037},14,[883,1039,1013],{"emptyLinePlaceholder":8},[883,1041,1043,1046,1048,1051,1054,1057],{"class":885,"line":1042},15,[883,1044,1045],{"class":893},"app",[883,1047,871],{"class":933},[883,1049,1050],{"class":1031},"use",[883,1052,1053],{"class":933},"(",[883,1055,1056],{"class":1031},"apiVerificationRoute",[883,1058,1059],{"class":933},"())\n",[883,1061,1063,1065,1067,1069,1071,1074],{"class":885,"line":1062},16,[883,1064,1045],{"class":893},[883,1066,871],{"class":933},[883,1068,1050],{"class":1031},[883,1070,1053],{"class":933},[883,1072,1073],{"class":1031},"cookieParser",[883,1075,1059],{"class":933},[883,1077,1079,1081,1083,1085,1087,1090],{"class":885,"line":1078},17,[883,1080,1045],{"class":893},[883,1082,871],{"class":933},[883,1084,1050],{"class":1031},[883,1086,1053],{"class":933},[883,1088,1089],{"class":893},"authenticationRoutes",[883,1091,1092],{"class":933},")\n",[883,1094,1096,1098,1100,1102,1104,1107],{"class":885,"line":1095},18,[883,1097,1045],{"class":893},[883,1099,871],{"class":933},[883,1101,1050],{"class":1031},[883,1103,1053],{"class":933},[883,1105,1106],{"class":893},"tokenRotationRoutes",[883,1108,1092],{"class":933},[883,1110,1112,1114,1116,1118,1120,1123],{"class":885,"line":1111},19,[883,1113,1045],{"class":893},[883,1115,871],{"class":933},[883,1117,1050],{"class":1031},[883,1119,1053],{"class":933},[883,1121,1122],{"class":893},"magicLinks",[883,1124,1092],{"class":933},[883,1126,1128,1130,1132,1134,1136,1139],{"class":885,"line":1127},20,[883,1129,1045],{"class":893},[883,1131,871],{"class":933},[883,1133,1050],{"class":1031},[883,1135,1053],{"class":933},[883,1137,1138],{"class":893},"bffAccessRoute",[883,1140,1092],{"class":933},[883,1142,1144,1146,1148,1150,1152,1155],{"class":885,"line":1143},21,[883,1145,1045],{"class":893},[883,1147,871],{"class":933},[883,1149,1050],{"class":1031},[883,1151,1053],{"class":933},[883,1153,1154],{"class":1031},"apiProtectedRoutes",[883,1156,1059],{"class":933},[883,1158,1160,1162,1164,1166,1168,1171,1174,1176,1179,1182],{"class":885,"line":1159},22,[883,1161,1045],{"class":893},[883,1163,871],{"class":933},[883,1165,1050],{"class":1031},[883,1167,1053],{"class":933},[883,1169,1170],{"class":900},"'",[883,1172,1173],{"class":904},"\u002Foperational\u002Fconfig",[883,1175,1170],{"class":900},[883,1177,1178],{"class":933},", ",[883,1180,1181],{"class":893},"sendOperationalConfig",[883,1183,1092],{"class":933},[1185,1186,1187],"warning",{},[856,1188,1189,1191,1192,1195],{},[860,1190,923],{}," must be registered before any router that reads ",[860,1193,1194],{},"req.cookies",".\nThe public API verification route does not use cookies, but the\nauthentication, token rotation, magic link, BFF, and API management routers do.",[856,1197,1198,1199,1201,1202,871],{},"For the full middleware stack applied by ",[860,1200,866],{},", see the ",[1203,1204,250],"a",{"href":1205},"\u002Fdocs\u002Fiam\u002Fapi\u002Fmiddlewares#middleware-stack-order",[1207,1208,1210],"h2",{"id":1209},"authenticationroutes",[860,1211,1089],{},[856,1213,1214,1215,1218,1219,1222],{},"Core signup, login, and OAuth entry points. Every route in this router enforces ",[860,1216,1217],{},"Content-Type: application\u002Fjson",", rejects empty request bodies, and requires the ",[860,1220,1221],{},"canary_id"," cookie.",[1224,1225,1227],"h3",{"id":1226},"post-signup",[860,1228,1229],{},"POST \u002Fsignup",[856,1231,1232],{},"Registers a new user account with email and password. Validates the request body against the signup Zod schema, checks for disposable email providers, verifies the domain's MX record, hashes the password with Argon2id, and creates the user record. On success, issues an access token and a refresh token.",[856,1234,1235],{},[1236,1237,1238],"strong",{},"Middleware chain",[1240,1241,1243,1250,1253,1259,1262,1266,1276,1282],"steps",{"level":1242},"4",[1244,1245,1247],"h4",{"id":1246},"validatecontenttypeapplicationjson",[860,1248,1249],{},"validateContentType('application\u002Fjson')",[856,1251,1252],{},"Rejects requests without a JSON content type.",[1244,1254,1256],{"id":1255},"expressjson-limit-1kb",[860,1257,1258],{},"express.json({ limit: '1kb' })",[856,1260,1261],{},"Parses the JSON body. Rejects empty bodies with HTTP 403.",[1244,1263,1265],{"id":1264},"canary-cookie-check","Canary cookie check",[856,1267,1268,1269,1272,1273,1275],{},"Returns ",[860,1270,1271],{},"400"," if the ",[860,1274,1221],{}," cookie is absent.",[1244,1277,1279],{"id":1278},"handlesignup",[860,1280,1281],{},"handleSignUp",[856,1283,1284],{},"The signup controller.",[856,1286,1287],{},[1236,1288,1289],{},"Request body",[1291,1292,1293,1302,1315,1324,1330,1340],"field-group",{},[1294,1295,1299],"field",{"name":1296,"type":1297,":required":1298},"email","string","true",[856,1300,1301],{},"The user's email address. Validated for format, disposable provider check, and MX record lookup.",[1294,1303,1305],{"name":1304,"type":1297,":required":1298},"password",[856,1306,1307,1308,1314],{},"The password. Validated against the configured password policy (minimum length, complexity). Checked against the ",[1203,1309,1313],{"href":1310,"rel":1311},"https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002Fv3#PwnedPasswords",[1312],"nofollow","Have I Been Pwned"," breach database.",[1294,1316,1318],{"name":1317,"type":1297,":required":1298},"confirmedPassword",[856,1319,1320,1321,1323],{},"Must match ",[860,1322,1304],{}," exactly.",[1294,1325,1327],{"name":1326,"type":1297,":required":1298},"name",[856,1328,1329],{},"The user's display name.",[1294,1331,1333],{"name":1332,"type":1297,":required":1298},"termsConsent",[856,1334,1335,1336,1339],{},"Must be the literal string ",[860,1337,1338],{},"\"on\""," to indicate acceptance of terms and privacy policy. Transformed to a boolean internally.",[1294,1341,1343],{"name":1342,"type":1297},"rememberUser",[856,1344,1345,1346,1348,1349,1352,1353,1356],{},"When set to ",[860,1347,1338],{},", issues a longer-lived refresh token using the configured ",[860,1350,1351],{},"rememberMe"," TTL. Transformed to a boolean internally. Defaults to ",[860,1354,1355],{},"false"," when omitted.",[856,1358,1359],{},[1236,1360,1361],{},"Responses",[1363,1364,1365,1378],"table",{},[1366,1367,1368],"thead",{},[1369,1370,1371,1375],"tr",{},[1372,1373,1374],"th",{},"Status",[1372,1376,1377],{},"Meaning",[1379,1380,1381,1392,1401,1411,1421],"tbody",{},[1369,1382,1383,1389],{},[1384,1385,1386],"td",{},[860,1387,1388],{},"201",[1384,1390,1391],{},"User created, access and refresh tokens issued",[1369,1393,1394,1398],{},[1384,1395,1396],{},[860,1397,1271],{},[1384,1399,1400],{},"Validation error, password mismatch, or passwords found in data breaches",[1369,1402,1403,1408],{},[1384,1404,1405],{},[860,1406,1407],{},"403",[1384,1409,1410],{},"XSS attempt detected or empty body",[1369,1412,1413,1418],{},[1384,1414,1415],{},[860,1416,1417],{},"409",[1384,1419,1420],{},"Email already registered",[1369,1422,1423,1428],{},[1384,1424,1425],{},[860,1426,1427],{},"429",[1384,1429,1430],{},"Rate limit exceeded",[856,1432,1433,1434,1436],{},"See ",[1203,1435,99],{"href":100}," for the full signup flow documentation.",[1438,1439],"hr",{},[1224,1441,1443],{"id":1442},"post-login",[860,1444,1445],{},"POST \u002Flogin",[856,1447,1448],{},"Authenticates a user with email and password. Verifies the password against the stored Argon2id hash, runs rate limiting with consecutive failure tracking, and issues tokens on success.",[856,1450,1451],{},[1236,1452,1238],{},[1240,1454,1455,1460,1462,1467,1469,1472,1478,1484],{"level":1242},[1244,1456,1458],{"id":1457},"validatecontenttypeapplicationjson-1",[860,1459,1249],{},[856,1461,1252],{},[1244,1463,1465],{"id":1464},"expressjson-limit-1kb-1",[860,1466,1258],{},[856,1468,1261],{},[1244,1470,1265],{"id":1471},"canary-cookie-check-1",[856,1473,1268,1474,1272,1476,1275],{},[860,1475,1271],{},[860,1477,1221],{},[1244,1479,1481],{"id":1480},"handlelogin",[860,1482,1483],{},"handleLogin",[856,1485,1486],{},"The login controller.",[856,1488,1489],{},[1236,1490,1289],{},[1291,1492,1493,1498],{},[1294,1494,1495],{"name":1296,"type":1297,":required":1298},[856,1496,1497],{},"The user's email address.",[1294,1499,1500],{"name":1304,"type":1297,":required":1298},[856,1501,1502],{},"The user's password.",[856,1504,1505],{},[1236,1506,1361],{},[1363,1508,1509,1517],{},[1366,1510,1511],{},[1369,1512,1513,1515],{},[1372,1514,1374],{},[1372,1516,1377],{},[1379,1518,1519,1529,1538,1548,1557],{},[1369,1520,1521,1526],{},[1384,1522,1523],{},[860,1524,1525],{},"200",[1384,1527,1528],{},"Authentication successful, access and refresh tokens issued",[1369,1530,1531,1535],{},[1384,1532,1533],{},[860,1534,1271],{},[1384,1536,1537],{},"Validation error",[1369,1539,1540,1545],{},[1384,1541,1542],{},[860,1543,1544],{},"401",[1384,1546,1547],{},"Invalid credentials",[1369,1549,1550,1554],{},[1384,1551,1552],{},[860,1553,1407],{},[1384,1555,1556],{},"XSS attempt detected, user banned, or empty body",[1369,1558,1559,1563],{},[1384,1560,1561],{},[860,1562,1427],{},[1384,1564,1430],{},[856,1566,1433,1567,1569],{},[1203,1568,103],{"href":104}," for the full login flow documentation.",[1438,1571],{},[1224,1573,1575],{"id":1574},"post-authoauthprovidername",[860,1576,1577],{},"POST \u002Fauth\u002FOAuth\u002F:providerName",[856,1579,1580,1581,1584,1585,1588],{},"Authenticates a user via a configured OAuth provider. The ",[860,1582,1583],{},":providerName"," parameter must match a provider registered with ",[860,1586,1587],{},"configureOauthProviders()",". Validates the provider profile against the provider's Zod schema.",[856,1590,1591],{},[1236,1592,1238],{},[1240,1594,1595,1600,1602,1608,1611,1614,1620,1626],{"level":1242},[1244,1596,1598],{"id":1597},"validatecontenttypeapplicationjson-2",[860,1599,1249],{},[856,1601,1252],{},[1244,1603,1605],{"id":1604},"expressjson-limit-4kb",[860,1606,1607],{},"express.json({ limit: '4kb' })",[856,1609,1610],{},"Larger body limit to accommodate OAuth profile data. Rejects empty bodies with HTTP 403.",[1244,1612,1265],{"id":1613},"canary-cookie-check-2",[856,1615,1268,1616,1272,1618,1275],{},[860,1617,1271],{},[860,1619,1221],{},[1244,1621,1623],{"id":1622},"oauthhandler",[860,1624,1625],{},"OAuthHandler",[856,1627,1628],{},"The OAuth controller.",[856,1630,1631],{},[1236,1632,1633],{},"URL parameters",[1291,1635,1636],{},[1294,1637,1639],{"name":1638,"type":1297,":required":1298},"providerName",[856,1640,1641,1642,1644,1645,1178,1648,1651],{},"The OAuth provider name. Must match a provider configured with ",[860,1643,1587],{}," (for example, ",[860,1646,1647],{},"google",[860,1649,1650],{},"github",").",[856,1653,1654],{},[1236,1655,1361],{},[1363,1657,1658,1666],{},[1366,1659,1660],{},[1369,1661,1662,1664],{},[1372,1663,1374],{},[1372,1665,1377],{},[1379,1667,1668,1676,1685,1695,1703,1712,1720],{},[1369,1669,1670,1674],{},[1384,1671,1672],{},[860,1673,1388],{},[1384,1675,1528],{},[1369,1677,1678,1682],{},[1384,1679,1680],{},[860,1681,1271],{},[1384,1683,1684],{},"Bad request or schema validation errors",[1369,1686,1687,1692],{},[1384,1688,1689],{},[860,1690,1691],{},"404",[1384,1693,1694],{},"Unknown provider",[1369,1696,1697,1701],{},[1384,1698,1699],{},[860,1700,1407],{},[1384,1702,1410],{},[1369,1704,1705,1709],{},[1384,1706,1707],{},[860,1708,1417],{},[1384,1710,1711],{},"E-mail already registered",[1369,1713,1714,1718],{},[1384,1715,1716],{},[860,1717,1427],{},[1384,1719,1430],{},[1369,1721,1722,1727],{},[1384,1723,1724],{},[860,1725,1726],{},"500",[1384,1728,1729],{},"Server error during user creation or token issuance.",[856,1731,1433,1732,1734],{},[1203,1733,111],{"href":112}," for the full OAuth flow documentation.",[1438,1736],{},[1207,1738,1740],{"id":1739},"tokenrotationroutes",[860,1741,1106],{},[856,1743,1744,1745,1748],{},"Manages the access token and refresh token lifecycle after initial authentication. Both routes in this router operate exclusively through cookies. They do not accept request bodies, query strings, or ",[860,1746,1747],{},"Content-Type"," headers.",[1224,1750,1752],{"id":1751},"post-authuserrefresh-session",[860,1753,1754],{},"POST \u002Fauth\u002Fuser\u002Frefresh-session",[856,1756,1757,1758,1760,1761,1764,1765,1768],{},"Consumes the current refresh token and issues a new access token and refresh token pair. Validates the session against the ",[860,1759,1221],{}," cookie, runs the ",[1203,1762,1763],{"href":96},"anomaly detection"," pipeline, checks the session lifetime against ",[860,1766,1767],{},"MAX_SESSION_LIFE",", and revokes the old refresh token before issuing fresh credentials.",[856,1770,1771],{},[1236,1772,1238],{},[1240,1774,1775,1781,1788,1794,1797,1803,1806,1812,1815,1821],{"level":1242},[1244,1776,1778],{"id":1777},"requirerefreshtoken",[860,1779,1780],{},"requireRefreshToken",[856,1782,1783,1784,1787],{},"Validates that the ",[860,1785,1786],{},"session"," cookie is present.",[1244,1789,1791],{"id":1790},"acceptcookieonly",[860,1792,1793],{},"acceptCookieOnly",[856,1795,1796],{},"Rejects any request body, query string, or Content-Type header.",[1244,1798,1800],{"id":1799},"getfingerprint",[860,1801,1802],{},"getFingerPrint",[856,1804,1805],{},"Collects device, browser, and geo fingerprint data.",[1244,1807,1809],{"id":1808},"checkforactivemfa",[860,1810,1811],{},"checkForActiveMfa",[856,1813,1814],{},"Checks if the session have an active anomaly associated with it",[1244,1816,1818],{"id":1817},"rotatecredentials",[860,1819,1820],{},"rotateCredentials",[856,1822,1823],{},"The token rotation controller.",[856,1825,1826],{},[1236,1827,1828],{},"Cookies required",[1363,1830,1831,1841],{},[1366,1832,1833],{},[1369,1834,1835,1838],{},[1372,1836,1837],{},"Cookie",[1372,1839,1840],{},"Purpose",[1379,1842,1843,1852],{},[1369,1844,1845,1849],{},[1384,1846,1847],{},[860,1848,1786],{},[1384,1850,1851],{},"The current refresh token",[1369,1853,1854,1858],{},[1384,1855,1856],{},[860,1857,1221],{},[1384,1859,1860],{},"The canary cookie for anomaly detection",[856,1862,1863],{},[1236,1864,1361],{},[1363,1866,1867,1875],{},[1366,1868,1869],{},[1369,1870,1871,1873],{},[1372,1872,1374],{},[1372,1874,1377],{},[1379,1876,1877,1886,1896,1905,1916],{},[1369,1878,1879,1883],{},[1384,1880,1881],{},[860,1882,1388],{},[1384,1884,1885],{},"Tokens rotated, new access and refresh tokens issued",[1369,1887,1888,1893],{},[1384,1889,1890],{},[860,1891,1892],{},"202",[1384,1894,1895],{},"Anomaly detected, MFA challenge email sent (no rotation performed)",[1369,1897,1898,1902],{},[1384,1899,1900],{},[860,1901,1271],{},[1384,1903,1904],{},"Body, query string, or Content-Type present",[1369,1906,1907,1911],{},[1384,1908,1909],{},[860,1910,1544],{},[1384,1912,1913,1914],{},"Refresh token missing, invalid, expired, or session exceeded ",[860,1915,1767],{},[1369,1917,1918,1922],{},[1384,1919,1920],{},[860,1921,1427],{},[1384,1923,1430],{},[856,1925,1433,1926,1928],{},[1203,1927,91],{"href":92}," for the full rotation flow documentation.",[1438,1930],{},[1224,1932,1934],{"id":1933},"post-authlogout",[860,1935,1936],{},"POST \u002Fauth\u002Flogout",[856,1938,1939,1940,1943,1944,1946],{},"Revokes the current refresh token and clears the session cookies. Requires both the access token (in the ",[860,1941,1942],{},"Authorization"," header) and the refresh token (in the ",[860,1945,1786],{}," cookie).",[856,1948,1949],{},[1236,1950,1238],{},[1240,1952,1953,1958,1962,1968,1974,1979,1981,1987],{"level":1242},[1244,1954,1956],{"id":1955},"requirerefreshtoken-1",[860,1957,1780],{},[856,1959,1783,1960,1787],{},[860,1961,1786],{},[1244,1963,1965],{"id":1964},"requireaccesstoken",[860,1966,1967],{},"requireAccessToken",[856,1969,1970,1971,1973],{},"Extracts the Bearer token from the ",[860,1972,1942],{}," header.",[1244,1975,1977],{"id":1976},"acceptcookieonly-1",[860,1978,1793],{},[856,1980,1796],{},[1244,1982,1984],{"id":1983},"handlelogout",[860,1985,1986],{},"handleLogout",[856,1988,1989],{},"The logout controller.",[856,1991,1992],{},[1236,1993,1828],{},[1363,1995,1996,2004],{},[1366,1997,1998],{},[1369,1999,2000,2002],{},[1372,2001,1837],{},[1372,2003,1840],{},[1379,2005,2006,2014],{},[1369,2007,2008,2012],{},[1384,2009,2010],{},[860,2011,1786],{},[1384,2013,1851],{},[1369,2015,2016,2020],{},[1384,2017,2018],{},[860,2019,1221],{},[1384,2021,2022],{},"The canary cookie",[856,2024,2025],{},[1236,2026,2027],{},"Headers required",[1363,2029,2030,2040],{},[1366,2031,2032],{},[1369,2033,2034,2037],{},[1372,2035,2036],{},"Header",[1372,2038,2039],{},"Value",[1379,2041,2042],{},[1369,2043,2044,2048],{},[1384,2045,2046],{},[860,2047,1942],{},[1384,2049,2050],{},[860,2051,2052],{},"Bearer \u003Caccess_token>",[856,2054,2055],{},[1236,2056,1361],{},[1363,2058,2059,2067],{},[1366,2060,2061],{},[1369,2062,2063,2065],{},[1372,2064,1374],{},[1372,2066,1377],{},[1379,2068,2069,2078,2086],{},[1369,2070,2071,2075],{},[1384,2072,2073],{},[860,2074,1525],{},[1384,2076,2077],{},"Logout successful, refresh token revoked, cookies cleared",[1369,2079,2080,2084],{},[1384,2081,2082],{},[860,2083,1271],{},[1384,2085,1904],{},[1369,2087,2088,2092],{},[1384,2089,2090],{},[860,2091,1544],{},[1384,2093,2094],{},"Access token or refresh token missing",[856,2096,1433,2097,2099],{},[1203,2098,107],{"href":108}," for the full logout flow.",[1438,2101],{},[1207,2103,2105],{"id":2104},"magiclinks",[860,2106,1122],{},[856,2108,2109,2110,2112],{},"Handles MFA verification, custom MFA flows, email update, and password reset. Every POST route enforces ",[860,2111,1217],{}," and rejects empty bodies. GET routes read the magic link token from query parameters.",[1224,2114,2116],{"id":2115},"get-authverify-mfa",[860,2117,2118],{},"GET \u002Fauth\u002Fverify-mfa",[856,2120,2121],{},"Previews an MFA magic link. Validates the signed token from the query parameters and returns the link metadata. Limited to a configurable number of GET previews before the link expires.",[856,2123,2124],{},[1236,2125,1238],{},[1240,2127,2128,2134],{"level":1242},[1244,2129,2131],{"id":2130},"linkmfaverification",[860,2132,2133],{},"linkMfaVerification",[856,2135,2136],{},"Validates the magic link token, random hash, visitor identity, and enforces single-use semantics.",[856,2138,2139],{},[1236,2140,2141],{},"Query parameters",[1291,2143,2144,2150,2156,2165],{},[1294,2145,2147],{"name":2146,"type":1297,":required":1298},"token",[856,2148,2149],{},"The temporary JWT token from the magic link URL.",[1294,2151,2153],{"name":2152,"type":1297,":required":1298},"random",[856,2154,2155],{},"The random hash for cryptographic verification.",[1294,2157,2159],{"name":2158,"type":1297,":required":1298},"reason",[856,2160,2161,2162,1651],{},"The link purpose (for example, ",[860,2163,2164],{},"MAGIC_LINK_MFA_CHECKS",[1294,2166,2168],{"name":2167,"type":1297,":required":1298},"visitor",[856,2169,2170],{},"The visitor identifier.",[856,2172,2173],{},[1236,2174,1361],{},[1363,2176,2177,2188],{},[1366,2178,2179],{},[1369,2180,2181,2183,2186],{},[1372,2182,1374],{},[1372,2184,2185],{},"Body",[1372,2187,1377],{},[1379,2189,2190,2204],{},[1369,2191,2192,2196,2201],{},[1384,2193,2194],{},[860,2195,1525],{},[1384,2197,2198],{},[860,2199,2200],{},"{ ok: true, date: string, data: { link: 'MFA Code', reason: string } }",[1384,2202,2203],{},"Link is valid",[1369,2205,2206,2210,2215],{},[1384,2207,2208],{},[860,2209,1271],{},[1384,2211,2212],{},[860,2213,2214],{},"{ error: string }",[1384,2216,2217],{},"Invalid, expired, or already-used link",[1438,2219],{},[1224,2221,2223],{"id":2222},"post-authverify-mfa",[860,2224,2225],{},"POST \u002Fauth\u002Fverify-mfa",[856,2227,2228],{},"Submits the MFA code to complete authentication. Consumes the magic link (single-use) and verifies the OTP code. On success, issues new access and refresh tokens.",[856,2230,2231],{},[1236,2232,1238],{},[1240,2234,2235,2240,2243,2248,2251,2256,2259,2265,2268,2273,2276,2282],{"level":1242},[1244,2236,2238],{"id":2237},"linkmfaverification-1",[860,2239,2133],{},[856,2241,2242],{},"Validates and consumes the magic link token.",[1244,2244,2246],{"id":2245},"validatecontenttypeapplicationjson-3",[860,2247,1249],{},[856,2249,2250],{},"Enforces JSON content type.",[1244,2252,2254],{"id":2253},"expressjson-limit-1kb-2",[860,2255,1258],{},[856,2257,2258],{},"Parses the JSON body.",[1244,2260,2262],{"id":2261},"detectbots",[860,2263,2264],{},"detectBots",[856,2266,2267],{},"Runs bot detection on the request.",[1244,2269,2271],{"id":2270},"getfingerprint-1",[860,2272,1802],{},[856,2274,2275],{},"Collects device fingerprint data.",[1244,2277,2279],{"id":2278},"verifymfa",[860,2280,2281],{},"verifyMFA",[856,2283,2284],{},"Verifies the MFA code and issues tokens.",[856,2286,2287],{},[1236,2288,1289],{},[1291,2290,2291],{},[1294,2292,2293],{"name":860,"type":1297,":required":1298},[856,2294,2295],{},"The 7-digit OTP code from the MFA email.",[856,2297,2298],{},[1236,2299,1361],{},[1363,2301,2302,2310],{},[1366,2303,2304],{},[1369,2305,2306,2308],{},[1372,2307,1374],{},[1372,2309,1377],{},[1379,2311,2312,2321,2330,2339,2348],{},[1369,2313,2314,2318],{},[1384,2315,2316],{},[860,2317,1525],{},[1384,2319,2320],{},"MFA verified, new access and refresh tokens issued",[1369,2322,2323,2327],{},[1384,2324,2325],{},[860,2326,1271],{},[1384,2328,2329],{},"Malformed input or purpose\u002Fsubject mismatch",[1369,2331,2332,2336],{},[1384,2333,2334],{},[860,2335,1544],{},[1384,2337,2338],{},"Invalid or expired code",[1369,2340,2341,2345],{},[1384,2342,2343],{},[860,2344,1407],{},[1384,2346,2347],{},"User banned or XSS detected",[1369,2349,2350,2354],{},[1384,2351,2352],{},[860,2353,1726],{},[1384,2355,2356],{},"Internal error",[856,2358,1433,2359,2361],{},[1203,2360,123],{"href":124}," for the full adaptive MFA flow.",[1438,2363],{},[1224,2365,2367],{"id":2366},"post-custommfareason",[860,2368,2369],{},"POST \u002Fcustom\u002Fmfa\u002F:reason",[856,2371,2372,2373,2376,2377,1178,2380,1651],{},"Initiates a custom MFA flow for a sensitive action. Generates a temporary magic link and OTP code, sends the email to the authenticated user, and returns flow metadata. The ",[860,2374,2375],{},":reason"," parameter identifies the action being protected (for example, ",[860,2378,2379],{},"PAYMENT_CONFIRM",[860,2381,2382],{},"ACCOUNT_DELETE",[856,2384,2385],{},[1236,2386,1238],{},[1240,2388,2389,2394,2396,2401,2404,2409,2412,2417,2419,2424,2426,2432,2435,2440,2442,2448],{"level":1242},[1244,2390,2392],{"id":2391},"validatecontenttypeapplicationjson-4",[860,2393,1249],{},[856,2395,2250],{},[1244,2397,2399],{"id":2398},"requireaccesstoken-1",[860,2400,1967],{},[856,2402,2403],{},"Extracts the Bearer token.",[1244,2405,2407],{"id":2406},"requirerefreshtoken-2",[860,2408,1780],{},[856,2410,2411],{},"Validates the refresh token cookie.",[1244,2413,2415],{"id":2414},"getfingerprint-2",[860,2416,1802],{},[856,2418,2275],{},[1244,2420,2422],{"id":2421},"checkforactivemfa-1",[860,2423,1811],{},[856,2425,1814],{},[1244,2427,2429],{"id":2428},"protectroute",[860,2430,2431],{},"protectRoute",[856,2433,2434],{},"Full JWT verification and anomaly detection.",[1244,2436,2438],{"id":2437},"expressjson-limit-1kb-3",[860,2439,1258],{},[856,2441,2258],{},[1244,2443,2445],{"id":2444},"initcustommfaflow",[860,2446,2447],{},"initCustomMfaFlow",[856,2449,2450],{},"The custom MFA initiation controller.",[856,2452,2453],{},[1236,2454,1633],{},[1291,2456,2457],{},[1294,2458,2459],{"name":2158,"type":1297,":required":1298},[856,2460,2461],{},"The custom MFA reason. Identifies the sensitive action being protected.",[856,2463,2464],{},[1236,2465,2027],{},[1363,2467,2468,2476],{},[1366,2469,2470],{},[1369,2471,2472,2474],{},[1372,2473,2036],{},[1372,2475,2039],{},[1379,2477,2478],{},[1369,2479,2480,2484],{},[1384,2481,2482],{},[860,2483,1942],{},[1384,2485,2486],{},[860,2487,2052],{},[856,2489,2490],{},[1236,2491,1828],{},[1363,2493,2494,2502],{},[1366,2495,2496],{},[1369,2497,2498,2500],{},[1372,2499,1837],{},[1372,2501,1840],{},[1379,2503,2504,2512],{},[1369,2505,2506,2510],{},[1384,2507,2508],{},[860,2509,1786],{},[1384,2511,1851],{},[1369,2513,2514,2518],{},[1384,2515,2516],{},[860,2517,1221],{},[1384,2519,2022],{},[856,2521,2522],{},[1236,2523,1361],{},[1363,2525,2526,2534],{},[1366,2527,2528],{},[1369,2529,2530,2532],{},[1372,2531,1374],{},[1372,2533,1377],{},[1379,2535,2536,2545,2554],{},[1369,2537,2538,2542],{},[1384,2539,2540],{},[860,2541,1525],{},[1384,2543,2544],{},"MFA flow initiated, email sent",[1369,2546,2547,2551],{},[1384,2548,2549],{},[860,2550,1544],{},[1384,2552,2553],{},"Not authenticated",[1369,2555,2556,2560],{},[1384,2557,2558],{},[860,2559,1427],{},[1384,2561,1430],{},[856,2563,1433,2564,2567],{},[1203,2565,115],{"href":2566},"\u002Fdocs\u002Fiam\u002Fessentials\u002Fmagic-links#custom-mfa-flows"," for the full custom MFA flow documentation.",[1438,2569],{},[1224,2571,2573],{"id":2572},"get-authverify-custom-mfa",[860,2574,2575],{},"GET \u002Fauth\u002Fverify-custom-mfa",[856,2577,2578],{},"Previews a custom MFA magic link. Validates the token and returns the link metadata. Requires full authentication.",[856,2580,2581],{},[1236,2582,1238],{},[1240,2584,2585,2590,2592,2597,2599,2604,2606,2611,2613,2618,2620,2626],{"level":1242},[1244,2586,2588],{"id":2587},"requireaccesstoken-2",[860,2589,1967],{},[856,2591,2403],{},[1244,2593,2595],{"id":2594},"requirerefreshtoken-3",[860,2596,1780],{},[856,2598,2411],{},[1244,2600,2602],{"id":2601},"getfingerprint-3",[860,2603,1802],{},[856,2605,2275],{},[1244,2607,2609],{"id":2608},"checkforactivemfa-2",[860,2610,1811],{},[856,2612,1814],{},[1244,2614,2616],{"id":2615},"protectroute-1",[860,2617,2431],{},[856,2619,2434],{},[1244,2621,2623],{"id":2622},"custommfaflowsverification",[860,2624,2625],{},"customMfaFlowsVerification",[856,2627,2628],{},"Validates the custom MFA magic link token, random hash, and visitor identity.",[856,2630,2631],{},[1236,2632,2141],{},[1291,2634,2635,2639,2643,2648],{},[1294,2636,2637],{"name":2146,"type":1297,":required":1298},[856,2638,2149],{},[1294,2640,2641],{"name":2152,"type":1297,":required":1298},[856,2642,2155],{},[1294,2644,2645],{"name":2158,"type":1297,":required":1298},[856,2646,2647],{},"The custom MFA reason.",[1294,2649,2650],{"name":2167,"type":1297,":required":1298},[856,2651,2170],{},[1438,2653],{},[1224,2655,2657],{"id":2656},"post-authverify-custom-mfa",[860,2658,2659],{},"POST \u002Fauth\u002Fverify-custom-mfa",[856,2661,2662],{},"Submits the custom MFA code to complete a protected action. Requires full authentication plus magic link verification.",[856,2664,2665],{},[1236,2666,1238],{},[1240,2668,2669,2674,2676,2681,2683,2688,2690,2695,2697,2702,2704,2709,2711,2716,2718,2723,2726,2731,2733,2739],{"level":1242},[1244,2670,2672],{"id":2671},"validatecontenttypeapplicationjson-5",[860,2673,1249],{},[856,2675,2250],{},[1244,2677,2679],{"id":2678},"requireaccesstoken-3",[860,2680,1967],{},[856,2682,2403],{},[1244,2684,2686],{"id":2685},"requirerefreshtoken-4",[860,2687,1780],{},[856,2689,2411],{},[1244,2691,2693],{"id":2692},"getfingerprint-4",[860,2694,1802],{},[856,2696,2275],{},[1244,2698,2700],{"id":2699},"checkforactivemfa-3",[860,2701,1811],{},[856,2703,1814],{},[1244,2705,2707],{"id":2706},"protectroute-2",[860,2708,2431],{},[856,2710,2434],{},[1244,2712,2714],{"id":2713},"expressjson-limit-1kb-4",[860,2715,1258],{},[856,2717,2258],{},[1244,2719,2721],{"id":2720},"custommfaflowsverification-1",[860,2722,2625],{},[856,2724,2725],{},"Validates and consumes the custom MFA magic link.",[1244,2727,2729],{"id":2728},"detectbots-1",[860,2730,2264],{},[856,2732,2267],{},[1244,2734,2736],{"id":2735},"verifycustommfa",[860,2737,2738],{},"verifyCustomMfa",[856,2740,2741],{},"Verifies the custom MFA code and completes the action.",[856,2743,2744],{},[1236,2745,1289],{},[1291,2747,2748],{},[1294,2749,2750],{"name":860,"type":1297,":required":1298},[856,2751,2752],{},"The 7-digit OTP code from the custom MFA verification email.",[856,2754,2755],{},[1236,2756,1361],{},[1363,2758,2759,2767],{},[1366,2760,2761],{},[1369,2762,2763,2765],{},[1372,2764,1374],{},[1372,2766,1377],{},[1379,2768,2769,2778,2786,2794,2803],{},[1369,2770,2771,2775],{},[1384,2772,2773],{},[860,2774,1525],{},[1384,2776,2777],{},"Custom MFA verified, action completed, new tokens issued",[1369,2779,2780,2784],{},[1384,2781,2782],{},[860,2783,1271],{},[1384,2785,2329],{},[1369,2787,2788,2792],{},[1384,2789,2790],{},[860,2791,1544],{},[1384,2793,2338],{},[1369,2795,2796,2800],{},[1384,2797,2798],{},[860,2799,1407],{},[1384,2801,2802],{},"User banned or XSS attempt detected",[1369,2804,2805,2809],{},[1384,2806,2807],{},[860,2808,1726],{},[1384,2810,2356],{},[1438,2812],{},[1224,2814,2816],{"id":2815},"post-updateemail",[860,2817,2818],{},"POST \u002Fupdate\u002Femail",[856,2820,2821],{},"Requests an email address change. Requires full authentication plus custom MFA verification. The new email is validated and the change is applied after MFA verification completes.",[856,2823,2824],{},[1236,2825,1238],{},[1240,2827,2828,2833,2835,2840,2842,2847,2849,2854,2856,2861,2863,2868,2870,2875,2877,2882,2884,2889,2891,2897],{"level":1242},[1244,2829,2831],{"id":2830},"validatecontenttypeapplicationjson-6",[860,2832,1249],{},[856,2834,2250],{},[1244,2836,2838],{"id":2837},"requireaccesstoken-4",[860,2839,1967],{},[856,2841,2403],{},[1244,2843,2845],{"id":2844},"requirerefreshtoken-5",[860,2846,1780],{},[856,2848,2411],{},[1244,2850,2852],{"id":2851},"getfingerprint-5",[860,2853,1802],{},[856,2855,2275],{},[1244,2857,2859],{"id":2858},"checkforactivemfa-4",[860,2860,1811],{},[856,2862,1814],{},[1244,2864,2866],{"id":2865},"protectroute-3",[860,2867,2431],{},[856,2869,2434],{},[1244,2871,2873],{"id":2872},"expressjson-limit-1kb-5",[860,2874,1258],{},[856,2876,2258],{},[1244,2878,2880],{"id":2879},"custommfaflowsverification-2",[860,2881,2625],{},[856,2883,2725],{},[1244,2885,2887],{"id":2886},"detectbots-2",[860,2888,2264],{},[856,2890,2267],{},[1244,2892,2894],{"id":2893},"updateemailcontroller",[860,2895,2896],{},"updateEmailController",[856,2898,2899],{},"The email update controller.",[856,2901,2902],{},[1236,2903,1289],{},[1291,2905,2906,2910],{},[1294,2907,2908],{"name":860,"type":1297,":required":1298},[856,2909,2752],{},[1294,2911,2913],{"name":2912,"type":1297,":required":1298},"newEmail",[856,2914,2915],{},"The new email address to change to. Validated for format, disposable provider check, and MX record lookup.",[856,2917,2918],{},[1236,2919,1361],{},[1363,2921,2922,2930],{},[1366,2923,2924],{},[1369,2925,2926,2928],{},[1372,2927,1374],{},[1372,2929,1377],{},[1379,2931,2932,2941,2950,2959,2967],{},[1369,2933,2934,2938],{},[1384,2935,2936],{},[860,2937,1525],{},[1384,2939,2940],{},"Email address updated successfully",[1369,2942,2943,2947],{},[1384,2944,2945],{},[860,2946,1271],{},[1384,2948,2949],{},"Validation error, invalid session, or email already in use",[1369,2951,2952,2956],{},[1384,2953,2954],{},[860,2955,1544],{},[1384,2957,2958],{},"Invalid or expired MFA code",[1369,2960,2961,2965],{},[1384,2962,2963],{},[860,2964,1407],{},[1384,2966,2802],{},[1369,2968,2969,2973],{},[1384,2970,2971],{},[860,2972,1726],{},[1384,2974,2356],{},[1438,2976],{},[1224,2978,2980],{"id":2979},"post-authforgot-password",[860,2981,2982],{},"POST \u002Fauth\u002Fforgot-password",[856,2984,2985],{},"Initiates a password reset flow by sending a magic link email to the provided address. Does not require authentication. Uses timing normalization to prevent email enumeration.",[856,2987,2988],{},[1236,2989,1238],{},[1240,2991,2992,2997,2999,3004,3006,3012],{"level":1242},[1244,2993,2995],{"id":2994},"validatecontenttypeapplicationjson-7",[860,2996,1249],{},[856,2998,2250],{},[1244,3000,3002],{"id":3001},"expressjson-limit-1kb-6",[860,3003,1258],{},[856,3005,2258],{},[1244,3007,3009],{"id":3008},"initpasswordreset",[860,3010,3011],{},"initPasswordReset",[856,3013,3014],{},"The password reset initiation controller.",[856,3016,3017],{},[1236,3018,1289],{},[1291,3020,3021],{},[1294,3022,3023],{"name":1296,"type":1297,":required":1298},[856,3024,3025],{},"The email address associated with the account.",[856,3027,3028],{},[1236,3029,1361],{},[1363,3031,3032,3040],{},[1366,3033,3034],{},[1369,3035,3036,3038],{},[1372,3037,1374],{},[1372,3039,1377],{},[1379,3041,3042,3051],{},[1369,3043,3044,3048],{},[1384,3045,3046],{},[860,3047,1525],{},[1384,3049,3050],{},"Password reset email sent (always returns success to prevent enumeration)",[1369,3052,3053,3057],{},[1384,3054,3055],{},[860,3056,1427],{},[1384,3058,1430],{},[856,3060,1433,3061,3063],{},[1203,3062,163],{"href":164}," for the full flow.",[1438,3065],{},[1224,3067,3069],{"id":3068},"get-authreset-password",[860,3070,3071],{},"GET \u002Fauth\u002Freset-password",[856,3073,3074],{},"Previews a password reset magic link. Validates the signed token from the query parameters and returns link metadata.",[856,3076,3077],{},[1236,3078,1238],{},[1240,3080,3081,3087],{"level":1242},[1244,3082,3084],{"id":3083},"linkpasswordverification",[860,3085,3086],{},"linkPasswordVerification",[856,3088,3089],{},"Validates the password reset magic link token, random hash, and visitor identity.",[856,3091,3092],{},[1236,3093,2141],{},[856,3095,3096,3097,1178,3099,1178,3101,1178,3103,871],{},"Same as the MFA GET routes: ",[860,3098,2146],{},[860,3100,2152],{},[860,3102,2158],{},[860,3104,2167],{},[856,3106,3107],{},[1236,3108,1361],{},[1363,3110,3111,3121],{},[1366,3112,3113],{},[1369,3114,3115,3117,3119],{},[1372,3116,1374],{},[1372,3118,2185],{},[1372,3120,1377],{},[1379,3122,3123,3136],{},[1369,3124,3125,3129,3134],{},[1384,3126,3127],{},[860,3128,1525],{},[1384,3130,3131],{},[860,3132,3133],{},"{ ok: true, date: string, data: { link: 'Password Reset', reason: string } }",[1384,3135,2203],{},[1369,3137,3138,3142,3146],{},[1384,3139,3140],{},[860,3141,1271],{},[1384,3143,3144],{},[860,3145,2214],{},[1384,3147,2217],{},[1438,3149],{},[1224,3151,3153],{"id":3152},"post-authreset-password",[860,3154,3155],{},"POST \u002Fauth\u002Freset-password",[856,3157,3158,3159,3162],{},"Submits the new password to complete the reset flow. Validates the magic link token, checks the new password against the Zod schema and the ",[1203,3160,1313],{"href":1310,"rel":3161},[1312]," breach database, hashes it with Argon2id, and updates the user record.",[856,3164,3165],{},[1236,3166,1238],{},[1240,3168,3169,3174,3177,3182,3184,3189,3191,3196,3198,3203,3205,3211],{"level":1242},[1244,3170,3172],{"id":3171},"linkpasswordverification-1",[860,3173,3086],{},[856,3175,3176],{},"Validates and consumes the password reset magic link.",[1244,3178,3180],{"id":3179},"validatecontenttypeapplicationjson-8",[860,3181,1249],{},[856,3183,2250],{},[1244,3185,3187],{"id":3186},"expressjson-limit-1kb-7",[860,3188,1258],{},[856,3190,2258],{},[1244,3192,3194],{"id":3193},"detectbots-3",[860,3195,2264],{},[856,3197,2267],{},[1244,3199,3201],{"id":3200},"getfingerprint-6",[860,3202,1802],{},[856,3204,2275],{},[1244,3206,3208],{"id":3207},"verifynewpassword",[860,3209,3210],{},"verifyNewPassword",[856,3212,3213],{},"Validates, hashes, and updates the password.",[856,3215,3216],{},[1236,3217,1289],{},[1291,3219,3220,3225],{},[1294,3221,3222],{"name":1304,"type":1297,":required":1298},[856,3223,3224],{},"The new password. Validated against the configured password policy and checked for breach exposure.",[1294,3226,3227],{"name":1317,"type":1297,":required":1298},[856,3228,1320,3229,1323],{},[860,3230,1304],{},[856,3232,3233],{},[1236,3234,1361],{},[1363,3236,3237,3245],{},[1366,3238,3239],{},[1369,3240,3241,3243],{},[1372,3242,1374],{},[1372,3244,1377],{},[1379,3246,3247,3256,3265,3274],{},[1369,3248,3249,3253],{},[1384,3250,3251],{},[860,3252,1525],{},[1384,3254,3255],{},"Password updated",[1369,3257,3258,3262],{},[1384,3259,3260],{},[860,3261,1271],{},[1384,3263,3264],{},"Validation error, password mismatch, or password found in data breaches",[1369,3266,3267,3271],{},[1384,3268,3269],{},[860,3270,1407],{},[1384,3272,3273],{},"XSS attempt detected",[1369,3275,3276,3280],{},[1384,3277,3278],{},[860,3279,1427],{},[1384,3281,1430],{},[1438,3283],{},[1207,3285,3287],{"id":3286},"bffaccessroute",[860,3288,1138],{},[856,3290,3291,3294],{},[1203,3292,3293],{"href":132},"Backend-for-Frontend"," authorization endpoints. These routes verify the current session and return user data or token metadata to the BFF layer. Both routes require full authentication.",[1224,3296,3298],{"id":3297},"get-secretdata",[860,3299,3300],{},"GET \u002Fsecret\u002Fdata",[856,3302,3303],{},"Returns authenticated user data to the BFF layer. Verifies that the user and visitor exist in the database and responds with an authorization status.",[856,3305,3306],{},[1236,3307,1238],{},[1240,3309,3310,3315,3317,3322,3324,3329,3331,3336,3338,3343,3345,3351],{"level":1242},[1244,3311,3313],{"id":3312},"requireaccesstoken-5",[860,3314,1967],{},[856,3316,2403],{},[1244,3318,3320],{"id":3319},"requirerefreshtoken-6",[860,3321,1780],{},[856,3323,2411],{},[1244,3325,3327],{"id":3326},"getfingerprint-7",[860,3328,1802],{},[856,3330,2275],{},[1244,3332,3334],{"id":3333},"checkforactivemfa-5",[860,3335,1811],{},[856,3337,1814],{},[1244,3339,3341],{"id":3340},"protectroute-4",[860,3342,2431],{},[856,3344,2434],{},[1244,3346,3348],{"id":3347},"allowbffaccess",[860,3349,3350],{},"allowBffAccess",[856,3352,3353],{},"The BFF authorization controller.",[856,3355,3356],{},[1236,3357,1361],{},[1363,3359,3360,3370],{},[1366,3361,3362],{},[1369,3363,3364,3366,3368],{},[1372,3365,1374],{},[1372,3367,2185],{},[1372,3369,1377],{},[1379,3371,3372,3386,3403],{},[1369,3373,3374,3378,3383],{},[1384,3375,3376],{},[860,3377,1525],{},[1384,3379,3380],{},[860,3381,3382],{},"{ userId, authorized: true, ipAddress, userAgent, date, roles }",[1384,3384,3385],{},"Authorized",[1369,3387,3388,3392,3397],{},[1384,3389,3390],{},[860,3391,1544],{},[1384,3393,3394],{},[860,3395,3396],{},"{ authorized: false, reason: 'Not authenticated', ... }",[1384,3398,3399,3402],{},[860,3400,3401],{},"req.user"," missing",[1369,3404,3405,3409,3414],{},[1384,3406,3407],{},[860,3408,1691],{},[1384,3410,3411],{},[860,3412,3413],{},"{ authorized: false, reason: 'Not found', ... }",[1384,3415,3416],{},"User or visitor not found",[1438,3418],{},[1224,3420,3422],{"id":3421},"get-secretaccesstokenmetadata",[860,3423,3424],{},"GET \u002Fsecret\u002Faccesstoken\u002Fmetadata",[856,3426,3427],{},"Returns the decoded access token payload with TTL information. Useful for the BFF layer to check token freshness and determine when to trigger a rotation.",[856,3429,3430],{},[1236,3431,1238],{},[1240,3433,3434,3439,3441,3446,3448,3453,3455,3460,3462,3467,3469,3474,3477,3483],{"level":1242},[1244,3435,3437],{"id":3436},"requireaccesstoken-6",[860,3438,1967],{},[856,3440,2403],{},[1244,3442,3444],{"id":3443},"requirerefreshtoken-7",[860,3445,1780],{},[856,3447,2411],{},[1244,3449,3451],{"id":3450},"getfingerprint-8",[860,3452,1802],{},[856,3454,2275],{},[1244,3456,3458],{"id":3457},"checkforactivemfa-6",[860,3459,1811],{},[856,3461,1814],{},[1244,3463,3465],{"id":3464},"protectroute-5",[860,3466,2431],{},[856,3468,2434],{},[1244,3470,3472],{"id":3471},"acceptcookieonly-2",[860,3473,1793],{},[856,3475,3476],{},"Rejects any body, query string, or Content-Type header.",[1244,3478,3480],{"id":3479},"getaccesstokenpayload",[860,3481,3482],{},"getAccessTokenPayload",[856,3484,3485],{},"The metadata controller.",[856,3487,3488],{},[1236,3489,1361],{},[1363,3491,3492,3502],{},[1366,3493,3494],{},[1369,3495,3496,3498,3500],{},[1372,3497,1374],{},[1372,3499,2185],{},[1372,3501,1377],{},[1379,3503,3504,3518,3530],{},[1369,3505,3506,3510,3515],{},[1384,3507,3508],{},[860,3509,1525],{},[1384,3511,3512],{},[860,3513,3514],{},"{ authorized: true, payload, msUntilExp, refreshThreshold, shouldRotate, roles, ... }",[1384,3516,3517],{},"Authorized with token metadata",[1369,3519,3520,3524,3528],{},[1384,3521,3522],{},[860,3523,1544],{},[1384,3525,3526],{},[860,3527,3396],{},[1384,3529,2553],{},[1369,3531,3532,3536,3540],{},[1384,3533,3534],{},[860,3535,1691],{},[1384,3537,3538],{},[860,3539,3413],{},[1384,3541,3416],{},[856,3543,3544,3545,3548,3549,3552,3553,3555,3556,3559],{},"The ",[860,3546,3547],{},"refreshThreshold"," field indicates 25% of the access token TTL in milliseconds, and ",[860,3550,3551],{},"shouldRotate"," is ",[860,3554,1298],{}," when the remaining lifetime (",[860,3557,3558],{},"msUntilExp",") falls below that threshold. The BFF client uses these fields to proactively refresh tokens before they expire.",[1438,3561],{},[1207,3563,3565],{"id":3564},"apiverificationroute",[860,3566,3567],{},"apiVerificationRoute()",[856,3569,3570,3571,3573,3574,943,3577,3580],{},"This factory returns the public API-token verification router. In\n",[860,3572,866],{},", the service mounts it before ",[860,3575,3576],{},"express.json()",[860,3578,3579],{},"cookieParser()",", and the bot-detector middleware because it only reads\nheaders, query parameters, and the resolved client IP.",[1224,3582,3584],{"id":3583},"get-apipublicverify",[860,3585,3586],{},"GET \u002Fapi\u002Fpublic\u002Fverify",[856,3588,3589,3590,3593,3594,3597],{},"Verifies a raw API token against the requested privilege without requiring a\nuser session. The route reads the token from the ",[860,3591,3592],{},"x-api-key"," header and the\nrequired privilege from the ",[860,3595,3596],{},"privilege"," query parameter.",[856,3599,3600],{},[1236,3601,3602],{},"Route-level middleware",[856,3604,3605,3606,3609,3610,3612],{},"This endpoint has no route-level middleware. It goes straight to\n",[860,3607,3608],{},"verifyApiTokenController",", so only the service-wide guards from\n",[860,3611,866],{}," apply.",[856,3614,3615],{},[1236,3616,2027],{},[1363,3618,3619,3627],{},[1366,3620,3621],{},[1369,3622,3623,3625],{},[1372,3624,2036],{},[1372,3626,2039],{},[1379,3628,3629],{},[1369,3630,3631,3635],{},[1384,3632,3633],{},[860,3634,3592],{},[1384,3636,3637],{},"The raw API token to verify",[856,3639,3640],{},[1236,3641,2141],{},[1291,3643,3644],{},[1294,3645,3646],{"name":3596,"type":1297,":required":1298},[856,3647,3648,3649,1178,3652,943,3655,1178,3658,3661,3662,871],{},"The required privilege scope. Must be one of ",[860,3650,3651],{},"demo",[860,3653,3654],{},"restricted",[860,3656,3657],{},"protected",[860,3659,3660],{},"full",", or ",[860,3663,3664],{},"custom",[856,3666,3667],{},[1236,3668,1361],{},[1363,3670,3671,3679],{},[1366,3672,3673],{},[1369,3674,3675,3677],{},[1372,3676,1374],{},[1372,3678,1377],{},[1379,3680,3681,3690,3702,3714,3723],{},[1369,3682,3683,3687],{},[1384,3684,3685],{},[860,3686,1525],{},[1384,3688,3689],{},"Token verified successfully",[1369,3691,3692,3696],{},[1384,3693,3694],{},[860,3695,1271],{},[1384,3697,3698,3699,3701],{},"Invalid ",[860,3700,3596],{}," query value or unresolved client IP",[1369,3703,3704,3708],{},[1384,3705,3706],{},[860,3707,1544],{},[1384,3709,3710,3711,3713],{},"Missing or malformed ",[860,3712,3592],{}," header, or token verification failed",[1369,3715,3716,3720],{},[1384,3717,3718],{},[860,3719,1407],{},[1384,3721,3722],{},"XSS input detected in the privilege query",[1369,3724,3725,3729],{},[1384,3726,3727],{},[860,3728,1427],{},[1384,3730,1430],{},[856,3732,1433,3733,3735],{},[1203,3734,177],{"href":178}," for the full\nverification flow and response shapes.",[1438,3737],{},[1207,3739,3741],{"id":3740},"apiprotectedroutes",[860,3742,3743],{},"apiProtectedRoutes()",[856,3745,3746,3747,3750,3751,3754],{},"This factory returns the authenticated API-token management router. It exposes a\nshared ",[860,3748,3749],{},"POST \u002Fapi\u002Fmanage\u002F:action"," pipeline for mutating token actions and a\nshared ",[860,3752,3753],{},"GET \u002Fapi\u002Fmanage\u002F:action"," pipeline for token listing.",[1224,3756,3758],{"id":3757},"post-apimanageaction",[860,3759,3749],{},[856,3761,3762,3763,3766,3767,1178,3770,1178,3773,1178,3776,943,3779,3782,3783,871],{},"Handles token creation and the manager-backed token actions. Supported ",[860,3764,3765],{},":action","\nvalues are ",[860,3768,3769],{},"new-token",[860,3771,3772],{},"revoke",[860,3774,3775],{},"metadata",[860,3777,3778],{},"rotate",[860,3780,3781],{},"ip-restriction-update",", and ",[860,3784,3785],{},"privilege-update",[856,3787,3788],{},[1236,3789,1238],{},[1240,3791,3792,3797,3801,3806,3808,3813,3816,3821,3824,3829,3832,3838,3841,3846,3849,3855],{"level":1242},[1244,3793,3795],{"id":3794},"requireaccesstoken-7",[860,3796,1967],{},[856,3798,1970,3799,1973],{},[860,3800,1942],{},[1244,3802,3804],{"id":3803},"requirerefreshtoken-8",[860,3805,1780],{},[856,3807,2411],{},[1244,3809,3811],{"id":3810},"getfingerprint-9",[860,3812,1802],{},[856,3814,3815],{},"Collects device and geolocation data for the request.",[1244,3817,3819],{"id":3818},"checkforactivemfa-7",[860,3820,1811],{},[856,3822,3823],{},"Short-circuits sessions that already have an unresolved MFA or re-login state.",[1244,3825,3827],{"id":3826},"protectroute-6",[860,3828,2431],{},[856,3830,3831],{},"Runs JWT verification and anomaly detection.",[1244,3833,3835],{"id":3834},"contenttypeapplicationjson",[860,3836,3837],{},"contentType('application\u002Fjson')",[856,3839,3840],{},"Rejects non-JSON requests.",[1244,3842,3844],{"id":3843},"expressjson-limit-1kb-8",[860,3845,1258],{},[856,3847,3848],{},"Parses the body and rejects empty payloads.",[1244,3850,3852],{"id":3851},"apitokenscontroller",[860,3853,3854],{},"apiTokensController",[856,3856,3857],{},"Dispatches the requested action.",[856,3859,3860],{},[1236,3861,3862],{},"Supported actions",[1363,3864,3865,3881],{},[1366,3866,3867],{},[1369,3868,3869,3872,3875,3878],{},[1372,3870,3871],{},"Path",[1372,3873,3874],{},"Body shape",[1372,3876,3877],{},"Success",[1372,3879,3880],{},"See",[1379,3882,3883,3914,3939,3962,3985,4010],{},[1369,3884,3885,3890,3906,3910],{},[1384,3886,3887],{},[860,3888,3889],{},"POST \u002Fapi\u002Fmanage\u002Fnew-token",[1384,3891,3892,1178,3894,3896,3897,1178,3900,1178,3903],{},[860,3893,3596],{},[860,3895,1326],{},", optional ",[860,3898,3899],{},"prefix",[860,3901,3902],{},"expires",[860,3904,3905],{},"ipv4",[1384,3907,3908],{},[860,3909,1388],{},[1384,3911,3912],{},[1203,3913,173],{"href":174},[1369,3915,3916,3921,3931,3935],{},[1384,3917,3918],{},[860,3919,3920],{},"POST \u002Fapi\u002Fmanage\u002Frevoke",[1384,3922,3923,1178,3926,1178,3929],{},[860,3924,3925],{},"tokenId",[860,3927,3928],{},"publicIdentifier",[860,3930,1326],{},[1384,3932,3933],{},[860,3934,1525],{},[1384,3936,3937],{},[1203,3938,191],{"href":192},[1369,3940,3941,3946,3954,3958],{},[1384,3942,3943],{},[860,3944,3945],{},"POST \u002Fapi\u002Fmanage\u002Fmetadata",[1384,3947,3948,1178,3950,1178,3952],{},[860,3949,3925],{},[860,3951,3928],{},[860,3953,1326],{},[1384,3955,3956],{},[860,3957,1525],{},[1384,3959,3960],{},[1203,3961,203],{"href":204},[1369,3963,3964,3969,3977,3981],{},[1384,3965,3966],{},[860,3967,3968],{},"POST \u002Fapi\u002Fmanage\u002Frotate",[1384,3970,3971,1178,3973,1178,3975],{},[860,3972,3925],{},[860,3974,3928],{},[860,3976,1326],{},[1384,3978,3979],{},[860,3980,1525],{},[1384,3982,3983],{},[1203,3984,195],{"href":196},[1369,3986,3987,3992,4002,4006],{},[1384,3988,3989],{},[860,3990,3991],{},"POST \u002Fapi\u002Fmanage\u002Fip-restriction-update",[1384,3993,3994,1178,3996,1178,3998,3896,4000],{},[860,3995,3925],{},[860,3997,3928],{},[860,3999,1326],{},[860,4001,3905],{},[1384,4003,4004],{},[860,4005,1525],{},[1384,4007,4008],{},[1203,4009,199],{"href":200},[1369,4011,4012,4017,4028,4032],{},[1384,4013,4014],{},[860,4015,4016],{},"POST \u002Fapi\u002Fmanage\u002Fprivilege-update",[1384,4018,4019,1178,4021,1178,4023,1178,4025],{},[860,4020,3925],{},[860,4022,3928],{},[860,4024,1326],{},[860,4026,4027],{},"newPrivilege",[1384,4029,4030],{},[860,4031,1525],{},[1384,4033,4034],{},[1203,4035,187],{"href":188},[1438,4037],{},[1224,4039,4041],{"id":4040},"get-apimanageaction",[860,4042,3753],{},[856,4044,4045,4046,4049],{},"This route currently exposes the listing branch only. The built-in supported\nvalue is ",[860,4047,4048],{},"list-metadata",", which returns the current valid token inventory for\nthe authenticated user.",[856,4051,4052],{},[1236,4053,1238],{},[1240,4055,4056,4061,4065,4070,4072,4077,4079,4084,4086,4091,4093,4098],{"level":1242},[1244,4057,4059],{"id":4058},"requireaccesstoken-8",[860,4060,1967],{},[856,4062,1970,4063,1973],{},[860,4064,1942],{},[1244,4066,4068],{"id":4067},"requirerefreshtoken-9",[860,4069,1780],{},[856,4071,2411],{},[1244,4073,4075],{"id":4074},"getfingerprint-10",[860,4076,1802],{},[856,4078,3815],{},[1244,4080,4082],{"id":4081},"checkforactivemfa-8",[860,4083,1811],{},[856,4085,3823],{},[1244,4087,4089],{"id":4088},"protectroute-7",[860,4090,2431],{},[856,4092,3831],{},[1244,4094,4096],{"id":4095},"apitokenscontroller-1",[860,4097,3854],{},[856,4099,4100],{},"Dispatches the listing action.",[856,4102,4103],{},[1236,4104,4105],{},"Supported action",[1363,4107,4108,4120],{},[1366,4109,4110],{},[1369,4111,4112,4114,4116,4118],{},[1372,4113,3871],{},[1372,4115,2185],{},[1372,4117,3877],{},[1372,4119,3880],{},[1379,4121,4122],{},[1369,4123,4124,4129,4132,4136],{},[1384,4125,4126],{},[860,4127,4128],{},"GET \u002Fapi\u002Fmanage\u002Flist-metadata",[1384,4130,4131],{},"No body",[1384,4133,4134],{},[860,4135,1525],{},[1384,4137,4138],{},[1203,4139,207],{"href":208},[1438,4141],{},[1207,4143,4145],{"id":4144},"standalone-endpoints","Standalone Endpoints",[1224,4147,4149],{"id":4148},"get-operationalconfig",[860,4150,4151],{},"GET \u002Foperational\u002Fconfig",[856,4153,4154,4155,4157],{},"Returns a minimal operational configuration payload to a trusted client IP. Used by the ",[1203,4156,20],{"href":22}," to coordinate cookie domains and token TTLs. Rejects all requests from untrusted IP addresses.",[856,4159,4160],{},[1236,4161,4162],{},"Access control",[856,4164,4165,4166,4169,4170,4173],{},"This endpoint uses IP-based access control rather than token authentication. Only the IP address configured in ",[860,4167,4168],{},"service.clientIp"," or ",[860,4171,4172],{},"service.proxy.ipToTrust"," is allowed.",[856,4175,4176],{},[1236,4177,4178],{},"Response (200)",[873,4180,4183],{"className":4181,"code":4182,"language":5,"meta":879,"style":879},"language-json shiki shiki-themes light-plus light-plus dracula","{\n  \"domain\": \".example.com\",\n  \"accessTokenTTL\": 900000\n}\n",[860,4184,4185,4190,4216,4231],{"__ignoreMap":879},[883,4186,4187],{"class":885,"line":886},[883,4188,4189],{"class":933},"{\n",[883,4191,4192,4196,4200,4203,4206,4209,4212,4214],{"class":885,"line":911},[883,4193,4195],{"class":4194},"saJyd","  \"",[883,4197,4199],{"class":4198},"s_W10","domain",[883,4201,4202],{"class":4194},"\"",[883,4204,4205],{"class":1027},":",[883,4207,4208],{"class":900}," \"",[883,4210,4211],{"class":904},".example.com",[883,4213,4202],{"class":900},[883,4215,943],{"class":933},[883,4217,4218,4220,4223,4225,4227],{"class":885,"line":928},[883,4219,4195],{"class":4194},[883,4221,4222],{"class":4198},"accessTokenTTL",[883,4224,4202],{"class":4194},[883,4226,4205],{"class":1027},[883,4228,4230],{"class":4229},"spgvN"," 900000\n",[883,4232,4233],{"class":885,"line":937},[883,4234,4235],{"class":933},"}\n",[1363,4237,4238,4248],{},[1366,4239,4240],{},[1369,4241,4242,4245],{},[1372,4243,4244],{},"Field",[1372,4246,4247],{},"Description",[1379,4249,4250,4262],{},[1369,4251,4252,4256],{},[1384,4253,4254],{},[860,4255,4199],{},[1384,4257,4258,4259],{},"The cookie domain from ",[860,4260,4261],{},"jwt.refresh_tokens.domain",[1369,4263,4264,4268],{},[1384,4265,4266],{},[860,4267,4222],{},[1384,4269,4270],{},"Access token time-to-live in milliseconds (defaults to 15 minutes)",[856,4272,4273],{},[1236,4274,4275],{},"Responses on failure",[1363,4277,4278,4286],{},[1366,4279,4280],{},[1369,4281,4282,4284],{},[1372,4283,1374],{},[1372,4285,2185],{},[1379,4287,4288],{},[1369,4289,4290,4294],{},[1384,4291,4292],{},[860,4293,1407],{},[1384,4295,4296],{},[860,4297,4298],{},"{ error: 'Forbidden' }",[1438,4300],{},[1224,4302,4304],{"id":4303},"get-health",[860,4305,4306],{},"GET \u002Fhealth",[856,4308,4309,4310,4313],{},"A basic health check endpoint registered directly on the Express app. Returns ",[860,4311,4312],{},"200 OK"," as plain text. This route is exempt from HMAC verification when called from a local address.",[1438,4315],{},[1207,4317,4319],{"id":4318},"request-prerequisites","Request Prerequisites",[856,4321,4322],{},"Every route that accepts a JSON body enforces the following rules:",[4324,4325,4326,4339,4347,4361],"ul",{},[4327,4328,4329,4331,4332,4335,4336,4338],"li",{},[1236,4330,1747],{},": Must be ",[860,4333,4334],{},"application\u002Fjson",". The service returns ",[860,4337,1407],{}," otherwise.",[4327,4340,4341,4344,4345,871],{},[1236,4342,4343],{},"Non-empty body",": The body must not be empty. Empty payloads return ",[860,4346,1407],{},[4327,4348,4349,4352,4353,4356,4357,4360],{},[1236,4350,4351],{},"Body size limit",": ",[860,4354,4355],{},"1kb"," for most routes, ",[860,4358,4359],{},"4kb"," for the OAuth route.",[4327,4362,4363,4366,4367,4369,4370,4372],{},[1236,4364,4365],{},"Canary cookie",": The ",[860,4368,1221],{}," cookie must be present on signup, login, and OAuth routes. Returns ",[860,4371,1271],{}," if missing.",[856,4374,3544,4375,4377,4378,4380],{},[860,4376,1221],{}," cookie is set by the ",[1203,4379,399],{"href":35}," during the first visit. It ties the session to the originating device.",[4382,4383,4384],"tip",{},[856,4385,4386,4387,1178,4390,1178,4393,4396,4397,4399],{},"All cookie-only routes (",[860,4388,4389],{},"\u002Fauth\u002Fuser\u002Frefresh-session",[860,4391,4392],{},"\u002Fauth\u002Flogout",[860,4394,4395],{},"\u002Fsecret\u002Faccesstoken\u002Fmetadata",") reject any request body, query string, or Content-Type header via the ",[860,4398,1793],{}," middleware.",[1438,4401],{},[1207,4403,4405],{"id":4404},"route-summary","Route Summary",[1363,4407,4408,4422],{},[1366,4409,4410],{},[1369,4411,4412,4415,4417,4420],{},[1372,4413,4414],{},"Method",[1372,4416,3871],{},[1372,4418,4419],{},"Router",[1372,4421,4247],{},[1379,4423,4424,4443,4461,4479,4496,4513,4532,4549,4567,4585,4602,4620,4638,4656,4673,4691,4708,4726,4744,4762,4780,4798,4816,4834,4852,4868],{},[1369,4425,4426,4431,4436,4440],{},[1384,4427,4428],{},[860,4429,4430],{},"POST",[1384,4432,4433],{},[860,4434,4435],{},"\u002Fsignup",[1384,4437,4438],{},[860,4439,1089],{},[1384,4441,4442],{},"Register a new user account",[1369,4444,4445,4449,4454,4458],{},[1384,4446,4447],{},[860,4448,4430],{},[1384,4450,4451],{},[860,4452,4453],{},"\u002Flogin",[1384,4455,4456],{},[860,4457,1089],{},[1384,4459,4460],{},"Authenticate with email and password",[1369,4462,4463,4467,4472,4476],{},[1384,4464,4465],{},[860,4466,4430],{},[1384,4468,4469],{},[860,4470,4471],{},"\u002Fauth\u002FOAuth\u002F:providerName",[1384,4473,4474],{},[860,4475,1089],{},[1384,4477,4478],{},"Authenticate via an OAuth provider",[1369,4480,4481,4485,4489,4493],{},[1384,4482,4483],{},[860,4484,4430],{},[1384,4486,4487],{},[860,4488,4389],{},[1384,4490,4491],{},[860,4492,1106],{},[1384,4494,4495],{},"Rotate tokens and refresh the session",[1369,4497,4498,4502,4506,4510],{},[1384,4499,4500],{},[860,4501,4430],{},[1384,4503,4504],{},[860,4505,4392],{},[1384,4507,4508],{},[860,4509,1106],{},[1384,4511,4512],{},"Revoke the refresh token and end the session",[1369,4514,4515,4520,4525,4529],{},[1384,4516,4517],{},[860,4518,4519],{},"GET",[1384,4521,4522],{},[860,4523,4524],{},"\u002Fauth\u002Fverify-mfa",[1384,4526,4527],{},[860,4528,1122],{},[1384,4530,4531],{},"Preview an MFA magic link",[1369,4533,4534,4538,4542,4546],{},[1384,4535,4536],{},[860,4537,4430],{},[1384,4539,4540],{},[860,4541,4524],{},[1384,4543,4544],{},[860,4545,1122],{},[1384,4547,4548],{},"Submit the MFA code to complete authentication",[1369,4550,4551,4555,4560,4564],{},[1384,4552,4553],{},[860,4554,4430],{},[1384,4556,4557],{},[860,4558,4559],{},"\u002Fcustom\u002Fmfa\u002F:reason",[1384,4561,4562],{},[860,4563,1122],{},[1384,4565,4566],{},"Initiate a custom MFA flow for a protected action",[1369,4568,4569,4573,4578,4582],{},[1384,4570,4571],{},[860,4572,4519],{},[1384,4574,4575],{},[860,4576,4577],{},"\u002Fauth\u002Fverify-custom-mfa",[1384,4579,4580],{},[860,4581,1122],{},[1384,4583,4584],{},"Preview a custom MFA magic link",[1369,4586,4587,4591,4595,4599],{},[1384,4588,4589],{},[860,4590,4430],{},[1384,4592,4593],{},[860,4594,4577],{},[1384,4596,4597],{},[860,4598,1122],{},[1384,4600,4601],{},"Submit the custom MFA code",[1369,4603,4604,4608,4613,4617],{},[1384,4605,4606],{},[860,4607,4430],{},[1384,4609,4610],{},[860,4611,4612],{},"\u002Fupdate\u002Femail",[1384,4614,4615],{},[860,4616,1122],{},[1384,4618,4619],{},"Request an email address change",[1369,4621,4622,4626,4631,4635],{},[1384,4623,4624],{},[860,4625,4430],{},[1384,4627,4628],{},[860,4629,4630],{},"\u002Fauth\u002Fforgot-password",[1384,4632,4633],{},[860,4634,1122],{},[1384,4636,4637],{},"Initiate a password reset",[1369,4639,4640,4644,4649,4653],{},[1384,4641,4642],{},[860,4643,4519],{},[1384,4645,4646],{},[860,4647,4648],{},"\u002Fauth\u002Freset-password",[1384,4650,4651],{},[860,4652,1122],{},[1384,4654,4655],{},"Preview a password reset magic link",[1369,4657,4658,4662,4666,4670],{},[1384,4659,4660],{},[860,4661,4430],{},[1384,4663,4664],{},[860,4665,4648],{},[1384,4667,4668],{},[860,4669,1122],{},[1384,4671,4672],{},"Submit the new password",[1369,4674,4675,4679,4684,4688],{},[1384,4676,4677],{},[860,4678,4519],{},[1384,4680,4681],{},[860,4682,4683],{},"\u002Fsecret\u002Fdata",[1384,4685,4686],{},[860,4687,1138],{},[1384,4689,4690],{},"BFF authorization check",[1369,4692,4693,4697,4701,4705],{},[1384,4694,4695],{},[860,4696,4519],{},[1384,4698,4699],{},[860,4700,4395],{},[1384,4702,4703],{},[860,4704,1138],{},[1384,4706,4707],{},"Return decoded access token payload and TTL hints",[1369,4709,4710,4714,4719,4723],{},[1384,4711,4712],{},[860,4713,4519],{},[1384,4715,4716],{},[860,4717,4718],{},"\u002Fapi\u002Fpublic\u002Fverify",[1384,4720,4721],{},[860,4722,3567],{},[1384,4724,4725],{},"Verify an API token against a requested privilege",[1369,4727,4728,4732,4737,4741],{},[1384,4729,4730],{},[860,4731,4430],{},[1384,4733,4734],{},[860,4735,4736],{},"\u002Fapi\u002Fmanage\u002Fnew-token",[1384,4738,4739],{},[860,4740,3743],{},[1384,4742,4743],{},"Create a new API token",[1369,4745,4746,4750,4755,4759],{},[1384,4747,4748],{},[860,4749,4519],{},[1384,4751,4752],{},[860,4753,4754],{},"\u002Fapi\u002Fmanage\u002Flist-metadata",[1384,4756,4757],{},[860,4758,3743],{},[1384,4760,4761],{},"List the user's valid API tokens",[1369,4763,4764,4768,4773,4777],{},[1384,4765,4766],{},[860,4767,4430],{},[1384,4769,4770],{},[860,4771,4772],{},"\u002Fapi\u002Fmanage\u002Frevoke",[1384,4774,4775],{},[860,4776,3743],{},[1384,4778,4779],{},"Revoke an API token",[1369,4781,4782,4786,4791,4795],{},[1384,4783,4784],{},[860,4785,4430],{},[1384,4787,4788],{},[860,4789,4790],{},"\u002Fapi\u002Fmanage\u002Fmetadata",[1384,4792,4793],{},[860,4794,3743],{},[1384,4796,4797],{},"Return metadata for one API token",[1369,4799,4800,4804,4809,4813],{},[1384,4801,4802],{},[860,4803,4430],{},[1384,4805,4806],{},[860,4807,4808],{},"\u002Fapi\u002Fmanage\u002Frotate",[1384,4810,4811],{},[860,4812,3743],{},[1384,4814,4815],{},"Rotate an API token",[1369,4817,4818,4822,4827,4831],{},[1384,4819,4820],{},[860,4821,4430],{},[1384,4823,4824],{},[860,4825,4826],{},"\u002Fapi\u002Fmanage\u002Fip-restriction-update",[1384,4828,4829],{},[860,4830,3743],{},[1384,4832,4833],{},"Update a token IP whitelist",[1369,4835,4836,4840,4845,4849],{},[1384,4837,4838],{},[860,4839,4430],{},[1384,4841,4842],{},[860,4843,4844],{},"\u002Fapi\u002Fmanage\u002Fprivilege-update",[1384,4846,4847],{},[860,4848,3743],{},[1384,4850,4851],{},"Update a token privilege",[1369,4853,4854,4858,4862,4865],{},[1384,4855,4856],{},[860,4857,4519],{},[1384,4859,4860],{},[860,4861,1173],{},[1384,4863,4864],{},"Standalone",[1384,4866,4867],{},"Return operational configuration to trusted client",[1369,4869,4870,4874,4879,4882],{},[1384,4871,4872],{},[860,4873,4519],{},[1384,4875,4876],{},[860,4877,4878],{},"\u002Fhealth",[1384,4880,4881],{},"Built-in",[1384,4883,4884,4885,4887],{},"Health check (returns ",[860,4886,4312],{},")",[4889,4890,4891],"style",{},"html pre.shiki code .sZ328, html code.shiki .sZ328{--shiki-light:#AF00DB;--shiki-default:#AF00DB;--shiki-dark:#FF79C6}html pre.shiki code .sjsA6, html code.shiki .sjsA6{--shiki-light:#001080;--shiki-default:#001080;--shiki-dark:#F8F8F2}html pre.shiki code .sFkSl, html code.shiki .sFkSl{--shiki-light:#A31515;--shiki-default:#A31515;--shiki-dark:#E9F284}html pre.shiki code .sFB1V, html code.shiki .sFB1V{--shiki-light:#A31515;--shiki-default:#A31515;--shiki-dark:#F1FA8C}html pre.shiki code .sDd4n, html code.shiki .sDd4n{--shiki-light:#000000;--shiki-default:#000000;--shiki-dark:#F8F8F2}html pre.shiki code .sl46w, html code.shiki .sl46w{--shiki-light:#0000FF;--shiki-default:#0000FF;--shiki-dark:#FF79C6}html pre.shiki code .s3JHE, html code.shiki .s3JHE{--shiki-light:#0070C1;--shiki-default:#0070C1;--shiki-dark:#F8F8F2}html pre.shiki code .saOXh, html code.shiki .saOXh{--shiki-light:#000000;--shiki-default:#000000;--shiki-dark:#FF79C6}html pre.shiki code .sHOzp, html code.shiki .sHOzp{--shiki-light:#795E26;--shiki-default:#795E26;--shiki-dark:#50FA7B}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .saJyd, html code.shiki .saJyd{--shiki-light:#0451A5;--shiki-default:#0451A5;--shiki-dark:#8BE9FE}html pre.shiki code .s_W10, html code.shiki .s_W10{--shiki-light:#0451A5;--shiki-default:#0451A5;--shiki-dark:#8BE9FD}html pre.shiki code .spgvN, html code.shiki .spgvN{--shiki-light:#098658;--shiki-default:#098658;--shiki-dark:#BD93F9}",{"title":879,"searchDepth":911,"depth":911,"links":4893},[4894,4899,4903,4914,4918,4921,4925,4929,4930],{"id":1209,"depth":911,"text":1089,"children":4895},[4896,4897,4898],{"id":1226,"depth":928,"text":1229},{"id":1442,"depth":928,"text":1445},{"id":1574,"depth":928,"text":1577},{"id":1739,"depth":911,"text":1106,"children":4900},[4901,4902],{"id":1751,"depth":928,"text":1754},{"id":1933,"depth":928,"text":1936},{"id":2104,"depth":911,"text":1122,"children":4904},[4905,4906,4907,4908,4909,4910,4911,4912,4913],{"id":2115,"depth":928,"text":2118},{"id":2222,"depth":928,"text":2225},{"id":2366,"depth":928,"text":2369},{"id":2572,"depth":928,"text":2575},{"id":2656,"depth":928,"text":2659},{"id":2815,"depth":928,"text":2818},{"id":2979,"depth":928,"text":2982},{"id":3068,"depth":928,"text":3071},{"id":3152,"depth":928,"text":3155},{"id":3286,"depth":911,"text":1138,"children":4915},[4916,4917],{"id":3297,"depth":928,"text":3300},{"id":3421,"depth":928,"text":3424},{"id":3564,"depth":911,"text":3567,"children":4919},[4920],{"id":3583,"depth":928,"text":3586},{"id":3740,"depth":911,"text":3743,"children":4922},[4923,4924],{"id":3757,"depth":928,"text":3749},{"id":4040,"depth":928,"text":3753},{"id":4144,"depth":911,"text":4145,"children":4926},[4927,4928],{"id":4148,"depth":928,"text":4151},{"id":4303,"depth":928,"text":4306},{"id":4318,"depth":911,"text":4319},{"id":4404,"depth":911,"text":4405},"Complete reference for every HTTP route in the IAM service. Covers six Express routers, two standalone endpoints, middleware chains, request bodies, and response shapes.","md","i-lucide-route",{},null,"---\ntitle: Routes Reference\ndescription: Complete reference for every HTTP route in the IAM service. Covers six Express routers, two standalone endpoints, middleware chains, request bodies, and response shapes.\nicon: i-lucide-route\n---\n\nThe IAM service registers 26 HTTP endpoints across six `express.Router`\ninstances plus two standalone endpoints. When using `bootstrapApp()`, all\nroutes are mounted automatically in the correct order. When building a custom\nExpress app, mount each router with `app.use()`.\n\n```ts [server\u002Fapp.ts]\nimport express from 'express'\nimport cookieParser from 'cookie-parser'\nimport {\n  authenticationRoutes,\n  tokenRotationRoutes,\n  magicLinks,\n  bffAccessRoute,\n  apiVerificationRoute,\n  apiProtectedRoutes,\n  sendOperationalConfig,\n} from '@riavzon\u002Fauth'\n\nconst app = express()\n\napp.use(apiVerificationRoute())\napp.use(cookieParser())\napp.use(authenticationRoutes)\napp.use(tokenRotationRoutes)\napp.use(magicLinks)\napp.use(bffAccessRoute)\napp.use(apiProtectedRoutes())\napp.use('\u002Foperational\u002Fconfig', sendOperationalConfig)\n```\n\n::warning\n`cookie-parser` must be registered before any router that reads `req.cookies`.\nThe public API verification route does not use cookies, but the\nauthentication, token rotation, magic link, BFF, and API management routers do.\n::\n\nFor the full middleware stack applied by `bootstrapApp()`, see the [Middleware Reference](\u002Fdocs\u002Fiam\u002Fapi\u002Fmiddlewares#middleware-stack-order).\n\n\n## `authenticationRoutes`\n\nCore signup, login, and OAuth entry points. Every route in this router enforces `Content-Type: application\u002Fjson`, rejects empty request bodies, and requires the `canary_id` cookie.\n\n### `POST \u002Fsignup`\n\nRegisters a new user account with email and password. Validates the request body against the signup Zod schema, checks for disposable email providers, verifies the domain's MX record, hashes the password with Argon2id, and creates the user record. On success, issues an access token and a refresh token.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `validateContentType('application\u002Fjson')`\nRejects requests without a JSON content type.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body. Rejects empty bodies with HTTP 403.\n\n#### Canary cookie check\nReturns `400` if the `canary_id` cookie is absent.\n\n#### `handleSignUp`\nThe signup controller.\n\n::\n\n**Request body**\n\n::field-group\n  ::field{name=\"email\" type=\"string\" required}\n  The user's email address. Validated for format, disposable provider check, and MX record lookup.\n  ::\n  ::field{name=\"password\" type=\"string\" required}\n  The password. Validated against the configured password policy (minimum length, complexity). Checked against the [Have I Been Pwned](https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002Fv3#PwnedPasswords) breach database.\n  ::\n  ::field{name=\"confirmedPassword\" type=\"string\" required}\n  Must match `password` exactly.\n  ::\n  ::field{name=\"name\" type=\"string\" required}\n  The user's display name.\n  ::\n  ::field{name=\"termsConsent\" type=\"string\" required}\n  Must be the literal string `\"on\"` to indicate acceptance of terms and privacy policy. Transformed to a boolean internally.\n  ::\n  ::field{name=\"rememberUser\" type=\"string\"}\n  When set to `\"on\"`, issues a longer-lived refresh token using the configured `rememberMe` TTL. Transformed to a boolean internally. Defaults to `false` when omitted.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `201` | User created, access and refresh tokens issued |\n| `400` | Validation error, password mismatch, or passwords found in data breaches |\n| `403` | XSS attempt detected or empty body |\n| `409` | Email already registered |\n| `429` | Rate limit exceeded |\n\nSee [Signup](\u002Fdocs\u002Fiam\u002Fessentials\u002Fsignup) for the full signup flow documentation.\n\n---\n\n### `POST \u002Flogin`\n\nAuthenticates a user with email and password. Verifies the password against the stored Argon2id hash, runs rate limiting with consecutive failure tracking, and issues tokens on success.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `validateContentType('application\u002Fjson')`\nRejects requests without a JSON content type.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body. Rejects empty bodies with HTTP 403.\n\n#### Canary cookie check\nReturns `400` if the `canary_id` cookie is absent.\n\n#### `handleLogin`\nThe login controller.\n\n::\n\n**Request body**\n\n::field-group\n  ::field{name=\"email\" type=\"string\" required}\n  The user's email address.\n  ::\n  ::field{name=\"password\" type=\"string\" required}\n  The user's password.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | Authentication successful, access and refresh tokens issued |\n| `400` | Validation error |\n| `401` | Invalid credentials |\n| `403` | XSS attempt detected, user banned, or empty body |\n| `429` | Rate limit exceeded |\n\nSee [Login](\u002Fdocs\u002Fiam\u002Fessentials\u002Flogin) for the full login flow documentation.\n\n---\n\n### `POST \u002Fauth\u002FOAuth\u002F:providerName`\n\nAuthenticates a user via a configured OAuth provider. The `:providerName` parameter must match a provider registered with `configureOauthProviders()`. Validates the provider profile against the provider's Zod schema.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `validateContentType('application\u002Fjson')`\nRejects requests without a JSON content type.\n\n#### `express.json({ limit: '4kb' })`\nLarger body limit to accommodate OAuth profile data. Rejects empty bodies with HTTP 403.\n\n#### Canary cookie check\nReturns `400` if the `canary_id` cookie is absent.\n\n#### `OAuthHandler`\nThe OAuth controller.\n\n::\n\n**URL parameters**\n\n::field-group\n  ::field{name=\"providerName\" type=\"string\" required}\n  The OAuth provider name. Must match a provider configured with `configureOauthProviders()` (for example, `google`, `github`).\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `201` | Authentication successful, access and refresh tokens issued |\n| `400` | Bad request or schema validation errors |\n| `404` | Unknown provider |\n| `403` | XSS attempt detected or empty body | \n| `409` | E-mail already registered |\n| `429` | Rate limit exceeded |\n| `500` | Server error during user creation or token issuance. |\n\nSee [OAuth](\u002Fdocs\u002Fiam\u002Fessentials\u002Foauth) for the full OAuth flow documentation.\n\n---\n\n## `tokenRotationRoutes`\n\nManages the access token and refresh token lifecycle after initial authentication. Both routes in this router operate exclusively through cookies. They do not accept request bodies, query strings, or `Content-Type` headers.\n\n### `POST \u002Fauth\u002Fuser\u002Frefresh-session`\n\nConsumes the current refresh token and issues a new access token and refresh token pair. Validates the session against the `canary_id` cookie, runs the [anomaly detection](\u002Fdocs\u002Fiam\u002Fessentials\u002Fanomalies) pipeline, checks the session lifetime against `MAX_SESSION_LIFE`, and revokes the old refresh token before issuing fresh credentials.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `requireRefreshToken`\nValidates that the `session` cookie is present.\n\n#### `acceptCookieOnly`\nRejects any request body, query string, or Content-Type header.\n\n#### `getFingerPrint`\nCollects device, browser, and geo fingerprint data.\n\n#### `checkForActiveMfa`\nChecks if the session have an active anomaly associated with it\n\n#### `rotateCredentials`\nThe token rotation controller.\n\n::\n\n**Cookies required**\n\n| Cookie | Purpose |\n| --- | --- |\n| `session` | The current refresh token |\n| `canary_id` | The canary cookie for anomaly detection |\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `201` | Tokens rotated, new access and refresh tokens issued |\n| `202` | Anomaly detected, MFA challenge email sent (no rotation performed) |\n| `400` | Body, query string, or Content-Type present |\n| `401` | Refresh token missing, invalid, expired, or session exceeded `MAX_SESSION_LIFE` |\n| `429` | Rate limit exceeded |\n\nSee [Refresh Tokens](\u002Fdocs\u002Fiam\u002Fessentials\u002Frefresh-tokens) for the full rotation flow documentation.\n\n---\n\n### `POST \u002Fauth\u002Flogout`\n\nRevokes the current refresh token and clears the session cookies. Requires both the access token (in the `Authorization` header) and the refresh token (in the `session` cookie).\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `requireRefreshToken`\nValidates that the `session` cookie is present.\n\n#### `requireAccessToken`\nExtracts the Bearer token from the `Authorization` header.\n\n#### `acceptCookieOnly`\nRejects any request body, query string, or Content-Type header.\n\n#### `handleLogout`\nThe logout controller.\n\n::\n\n**Cookies required**\n\n| Cookie | Purpose |\n| --- | --- |\n| `session` | The current refresh token |\n| `canary_id` | The canary cookie |\n\n**Headers required**\n\n| Header | Value |\n| --- | --- |\n| `Authorization` | `Bearer \u003Caccess_token>` |\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | Logout successful, refresh token revoked, cookies cleared |\n| `400` | Body, query string, or Content-Type present |\n| `401` | Access token or refresh token missing |\n\nSee [Logout](\u002Fdocs\u002Fiam\u002Fessentials\u002Flogout) for the full logout flow.\n\n---\n\n## `magicLinks`\n\nHandles MFA verification, custom MFA flows, email update, and password reset. Every POST route enforces `Content-Type: application\u002Fjson` and rejects empty bodies. GET routes read the magic link token from query parameters.\n\n### `GET \u002Fauth\u002Fverify-mfa`\n\nPreviews an MFA magic link. Validates the signed token from the query parameters and returns the link metadata. Limited to a configurable number of GET previews before the link expires.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `linkMfaVerification`\nValidates the magic link token, random hash, visitor identity, and enforces single-use semantics.\n\n::\n\n**Query parameters**\n\n::field-group\n  ::field{name=\"token\" type=\"string\" required}\n  The temporary JWT token from the magic link URL.\n  ::\n  ::field{name=\"random\" type=\"string\" required}\n  The random hash for cryptographic verification.\n  ::\n  ::field{name=\"reason\" type=\"string\" required}\n  The link purpose (for example, `MAGIC_LINK_MFA_CHECKS`).\n  ::\n  ::field{name=\"visitor\" type=\"string\" required}\n  The visitor identifier.\n  ::\n::\n\n**Responses**\n\n| Status | Body | Meaning |\n| --- | --- | --- |\n| `200` | `{ ok: true, date: string, data: { link: 'MFA Code', reason: string } }` | Link is valid |\n| `400` | `{ error: string }` | Invalid, expired, or already-used link |\n\n---\n\n### `POST \u002Fauth\u002Fverify-mfa`\n\nSubmits the MFA code to complete authentication. Consumes the magic link (single-use) and verifies the OTP code. On success, issues new access and refresh tokens.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `linkMfaVerification`\nValidates and consumes the magic link token.\n\n#### `validateContentType('application\u002Fjson')`\nEnforces JSON content type.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body.\n\n#### `detectBots`\nRuns bot detection on the request.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `verifyMFA`\nVerifies the MFA code and issues tokens.\n\n::\n\n**Request body**\n\n::field-group\n  ::field{name=\"code\" type=\"string\" required}\n  The 7-digit OTP code from the MFA email.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | MFA verified, new access and refresh tokens issued |\n| `400` | Malformed input or purpose\u002Fsubject mismatch |\n| `401` | Invalid or expired code |\n| `403` | User banned or XSS detected |\n| `500` | Internal error |\n\nSee [MFA](\u002Fdocs\u002Fiam\u002Fessentials\u002Fmfa) for the full adaptive MFA flow.\n\n---\n\n### `POST \u002Fcustom\u002Fmfa\u002F:reason`\n\nInitiates a custom MFA flow for a sensitive action. Generates a temporary magic link and OTP code, sends the email to the authenticated user, and returns flow metadata. The `:reason` parameter identifies the action being protected (for example, `PAYMENT_CONFIRM`, `ACCOUNT_DELETE`).\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `validateContentType('application\u002Fjson')`\nEnforces JSON content type.\n\n#### `requireAccessToken`\nExtracts the Bearer token.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `checkForActiveMfa`\nChecks if the session have an active anomaly associated with it\n\n#### `protectRoute`\nFull JWT verification and anomaly detection.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body.\n\n#### `initCustomMfaFlow`\nThe custom MFA initiation controller.\n\n::\n\n**URL parameters**\n\n::field-group\n  ::field{name=\"reason\" type=\"string\" required}\n  The custom MFA reason. Identifies the sensitive action being protected.\n  ::\n::\n\n**Headers required**\n\n| Header | Value |\n| --- | --- |\n| `Authorization` | `Bearer \u003Caccess_token>` |\n\n**Cookies required**\n\n| Cookie | Purpose |\n| --- | --- |\n| `session` | The current refresh token |\n| `canary_id` | The canary cookie |\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | MFA flow initiated, email sent |\n| `401` | Not authenticated |\n| `429` | Rate limit exceeded |\n\nSee [Magic Links](\u002Fdocs\u002Fiam\u002Fessentials\u002Fmagic-links#custom-mfa-flows) for the full custom MFA flow documentation.\n\n---\n\n### `GET \u002Fauth\u002Fverify-custom-mfa`\n\nPreviews a custom MFA magic link. Validates the token and returns the link metadata. Requires full authentication.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `requireAccessToken`\nExtracts the Bearer token.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `checkForActiveMfa`\nChecks if the session have an active anomaly associated with it\n\n#### `protectRoute`\nFull JWT verification and anomaly detection.\n\n#### `customMfaFlowsVerification`\nValidates the custom MFA magic link token, random hash, and visitor identity.\n\n::\n\n**Query parameters**\n\n::field-group\n  ::field{name=\"token\" type=\"string\" required}\n  The temporary JWT token from the magic link URL.\n  ::\n  ::field{name=\"random\" type=\"string\" required}\n  The random hash for cryptographic verification.\n  ::\n  ::field{name=\"reason\" type=\"string\" required}\n  The custom MFA reason.\n  ::\n  ::field{name=\"visitor\" type=\"string\" required}\n  The visitor identifier.\n  ::\n::\n\n---\n\n### `POST \u002Fauth\u002Fverify-custom-mfa`\n\nSubmits the custom MFA code to complete a protected action. Requires full authentication plus magic link verification.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `validateContentType('application\u002Fjson')`\nEnforces JSON content type.\n\n#### `requireAccessToken`\nExtracts the Bearer token.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `checkForActiveMfa`\nChecks if the session have an active anomaly associated with it\n\n#### `protectRoute`\nFull JWT verification and anomaly detection.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body.\n\n#### `customMfaFlowsVerification`\nValidates and consumes the custom MFA magic link.\n\n#### `detectBots`\nRuns bot detection on the request.\n\n#### `verifyCustomMfa`\nVerifies the custom MFA code and completes the action.\n\n::\n\n**Request body**\n\n::field-group\n  ::field{name=\"code\" type=\"string\" required}\n  The 7-digit OTP code from the custom MFA verification email.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | Custom MFA verified, action completed, new tokens issued |\n| `400` | Malformed input or purpose\u002Fsubject mismatch |\n| `401` | Invalid or expired code |\n| `403` | User banned or XSS attempt detected |\n| `500` | Internal error |\n\n---\n\n### `POST \u002Fupdate\u002Femail`\n\nRequests an email address change. Requires full authentication plus custom MFA verification. The new email is validated and the change is applied after MFA verification completes.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `validateContentType('application\u002Fjson')`\nEnforces JSON content type.\n\n#### `requireAccessToken`\nExtracts the Bearer token.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `checkForActiveMfa`\nChecks if the session have an active anomaly associated with it\n\n#### `protectRoute`\nFull JWT verification and anomaly detection.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body.\n\n#### `customMfaFlowsVerification`\nValidates and consumes the custom MFA magic link.\n\n#### `detectBots`\nRuns bot detection on the request.\n\n#### `updateEmailController`\nThe email update controller.\n\n::\n\n**Request body**\n\n::field-group\n  ::field{name=\"code\" type=\"string\" required}\n  The 7-digit OTP code from the custom MFA verification email.\n  ::\n  ::field{name=\"newEmail\" type=\"string\" required}\n  The new email address to change to. Validated for format, disposable provider check, and MX record lookup.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | Email address updated successfully |\n| `400` | Validation error, invalid session, or email already in use |\n| `401` | Invalid or expired MFA code |\n| `403` | User banned or XSS attempt detected |\n| `500` | Internal error |\n\n---\n\n### `POST \u002Fauth\u002Fforgot-password`\n\nInitiates a password reset flow by sending a magic link email to the provided address. Does not require authentication. Uses timing normalization to prevent email enumeration.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `validateContentType('application\u002Fjson')`\nEnforces JSON content type.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body.\n\n#### `initPasswordReset`\nThe password reset initiation controller.\n\n::\n\n**Request body**\n\n::field-group\n  ::field{name=\"email\" type=\"string\" required}\n  The email address associated with the account.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | Password reset email sent (always returns success to prevent enumeration) |\n| `429` | Rate limit exceeded |\n\nSee [Password Reset](\u002Fdocs\u002Fiam\u002Fessentials\u002Fpassword-reset) for the full flow.\n\n---\n\n### `GET \u002Fauth\u002Freset-password`\n\nPreviews a password reset magic link. Validates the signed token from the query parameters and returns link metadata.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `linkPasswordVerification`\nValidates the password reset magic link token, random hash, and visitor identity.\n\n::\n\n**Query parameters**\n\nSame as the MFA GET routes: `token`, `random`, `reason`, `visitor`.\n\n**Responses**\n\n| Status | Body | Meaning |\n| --- | --- | --- |\n| `200` | `{ ok: true, date: string, data: { link: 'Password Reset', reason: string } }` | Link is valid |\n| `400` | `{ error: string }` | Invalid, expired, or already-used link |\n\n---\n\n### `POST \u002Fauth\u002Freset-password`\n\nSubmits the new password to complete the reset flow. Validates the magic link token, checks the new password against the Zod schema and the [Have I Been Pwned](https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002Fv3#PwnedPasswords) breach database, hashes it with Argon2id, and updates the user record.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `linkPasswordVerification`\nValidates and consumes the password reset magic link.\n\n#### `validateContentType('application\u002Fjson')`\nEnforces JSON content type.\n\n#### `express.json({ limit: '1kb' })`\nParses the JSON body.\n\n#### `detectBots`\nRuns bot detection on the request.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `verifyNewPassword`\nValidates, hashes, and updates the password.\n\n::\n\n**Request body**\n\n::field-group\n  ::field{name=\"password\" type=\"string\" required}\n  The new password. Validated against the configured password policy and checked for breach exposure.\n  ::\n  ::field{name=\"confirmedPassword\" type=\"string\" required}\n  Must match `password` exactly.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | Password updated |\n| `400` | Validation error, password mismatch, or password found in data breaches |\n| `403` | XSS attempt detected |\n| `429` | Rate limit exceeded |\n\n---\n\n## `bffAccessRoute`\n\n[Backend-for-Frontend](\u002Fdocs\u002Fiam\u002Fessentials\u002Fbff) authorization endpoints. These routes verify the current session and return user data or token metadata to the BFF layer. Both routes require full authentication.\n\n### `GET \u002Fsecret\u002Fdata`\n\nReturns authenticated user data to the BFF layer. Verifies that the user and visitor exist in the database and responds with an authorization status.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `requireAccessToken`\nExtracts the Bearer token.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `checkForActiveMfa`\nChecks if the session have an active anomaly associated with it\n\n#### `protectRoute`\nFull JWT verification and anomaly detection.\n\n#### `allowBffAccess`\nThe BFF authorization controller.\n\n::\n\n**Responses**\n\n| Status | Body | Meaning |\n| --- | --- | --- |\n| `200` | `{ userId, authorized: true, ipAddress, userAgent, date, roles }` | Authorized |\n| `401` | `{ authorized: false, reason: 'Not authenticated', ... }` | `req.user` missing |\n| `404` | `{ authorized: false, reason: 'Not found', ... }` | User or visitor not found |\n\n---\n\n### `GET \u002Fsecret\u002Faccesstoken\u002Fmetadata`\n\nReturns the decoded access token payload with TTL information. Useful for the BFF layer to check token freshness and determine when to trigger a rotation.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `requireAccessToken`\nExtracts the Bearer token.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device fingerprint data.\n\n#### `checkForActiveMfa`\nChecks if the session have an active anomaly associated with it\n\n#### `protectRoute`\nFull JWT verification and anomaly detection.\n\n#### `acceptCookieOnly`\nRejects any body, query string, or Content-Type header.\n\n#### `getAccessTokenPayload`\nThe metadata controller.\n\n::\n\n**Responses**\n\n| Status | Body | Meaning |\n| --- | --- | --- |\n| `200` | `{ authorized: true, payload, msUntilExp, refreshThreshold, shouldRotate, roles, ... }` | Authorized with token metadata |\n| `401` | `{ authorized: false, reason: 'Not authenticated', ... }` | Not authenticated |\n| `404` | `{ authorized: false, reason: 'Not found', ... }` | User or visitor not found |\n\nThe `refreshThreshold` field indicates 25% of the access token TTL in milliseconds, and `shouldRotate` is `true` when the remaining lifetime (`msUntilExp`) falls below that threshold. The BFF client uses these fields to proactively refresh tokens before they expire.\n\n---\n\n## `apiVerificationRoute()`\n\nThis factory returns the public API-token verification router. In\n`bootstrapApp()`, the service mounts it before `express.json()`,\n`cookieParser()`, and the bot-detector middleware because it only reads\nheaders, query parameters, and the resolved client IP.\n\n### `GET \u002Fapi\u002Fpublic\u002Fverify`\n\nVerifies a raw API token against the requested privilege without requiring a\nuser session. The route reads the token from the `x-api-key` header and the\nrequired privilege from the `privilege` query parameter.\n\n**Route-level middleware**\n\nThis endpoint has no route-level middleware. It goes straight to\n`verifyApiTokenController`, so only the service-wide guards from\n`bootstrapApp()` apply.\n\n**Headers required**\n\n| Header | Value |\n| --- | --- |\n| `x-api-key` | The raw API token to verify |\n\n**Query parameters**\n\n::field-group\n  ::field{name=\"privilege\" type=\"string\" required}\n  The required privilege scope. Must be one of `demo`, `restricted`,\n  `protected`, `full`, or `custom`.\n  ::\n::\n\n**Responses**\n\n| Status | Meaning |\n| --- | --- |\n| `200` | Token verified successfully |\n| `400` | Invalid `privilege` query value or unresolved client IP |\n| `401` | Missing or malformed `x-api-key` header, or token verification failed |\n| `403` | XSS input detected in the privilege query |\n| `429` | Rate limit exceeded |\n\nSee [Verifying Tokens](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fverification) for the full\nverification flow and response shapes.\n\n---\n\n## `apiProtectedRoutes()`\n\nThis factory returns the authenticated API-token management router. It exposes a\nshared `POST \u002Fapi\u002Fmanage\u002F:action` pipeline for mutating token actions and a\nshared `GET \u002Fapi\u002Fmanage\u002F:action` pipeline for token listing.\n\n### `POST \u002Fapi\u002Fmanage\u002F:action`\n\nHandles token creation and the manager-backed token actions. Supported `:action`\nvalues are `new-token`, `revoke`, `metadata`, `rotate`,\n`ip-restriction-update`, and `privilege-update`.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `requireAccessToken`\nExtracts the Bearer token from the `Authorization` header.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device and geolocation data for the request.\n\n#### `checkForActiveMfa`\nShort-circuits sessions that already have an unresolved MFA or re-login state.\n\n#### `protectRoute`\nRuns JWT verification and anomaly detection.\n\n#### `contentType('application\u002Fjson')`\nRejects non-JSON requests.\n\n#### `express.json({ limit: '1kb' })`\nParses the body and rejects empty payloads.\n\n#### `apiTokensController`\nDispatches the requested action.\n\n::\n\n**Supported actions**\n\n| Path | Body shape | Success | See |\n| --- | --- | --- | --- |\n| `POST \u002Fapi\u002Fmanage\u002Fnew-token` | `privilege`, `name`, optional `prefix`, `expires`, `ipv4` | `201` | [Creating Tokens](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fcreation) |\n| `POST \u002Fapi\u002Fmanage\u002Frevoke` | `tokenId`, `publicIdentifier`, `name` | `200` | [Revocation](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Frevocation) |\n| `POST \u002Fapi\u002Fmanage\u002Fmetadata` | `tokenId`, `publicIdentifier`, `name` | `200` | [Metadata](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Fmetadata) |\n| `POST \u002Fapi\u002Fmanage\u002Frotate` | `tokenId`, `publicIdentifier`, `name` | `200` | [Rotation](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Frotation) |\n| `POST \u002Fapi\u002Fmanage\u002Fip-restriction-update` | `tokenId`, `publicIdentifier`, `name`, optional `ipv4` | `200` | [IP Restriction](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Fip-updates) |\n| `POST \u002Fapi\u002Fmanage\u002Fprivilege-update` | `tokenId`, `publicIdentifier`, `name`, `newPrivilege` | `200` | [Privileges](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Fprivilege) |\n\n---\n\n### `GET \u002Fapi\u002Fmanage\u002F:action`\n\nThis route currently exposes the listing branch only. The built-in supported\nvalue is `list-metadata`, which returns the current valid token inventory for\nthe authenticated user.\n\n**Middleware chain**\n\n::steps{level=\"4\"}\n\n#### `requireAccessToken`\nExtracts the Bearer token from the `Authorization` header.\n\n#### `requireRefreshToken`\nValidates the refresh token cookie.\n\n#### `getFingerPrint`\nCollects device and geolocation data for the request.\n\n#### `checkForActiveMfa`\nShort-circuits sessions that already have an unresolved MFA or re-login state.\n\n#### `protectRoute`\nRuns JWT verification and anomaly detection.\n\n#### `apiTokensController`\nDispatches the listing action.\n\n::\n\n**Supported action**\n\n| Path | Body | Success | See |\n| --- | --- | --- | --- |\n| `GET \u002Fapi\u002Fmanage\u002Flist-metadata` | No body | `200` | [Token Listing](\u002Fdocs\u002Fiam\u002Fessentials\u002Fapi\u002Fmanagement\u002Flist) |\n\n---\n\n## Standalone Endpoints\n\n### `GET \u002Foperational\u002Fconfig`\n\nReturns a minimal operational configuration payload to a trusted client IP. Used by the [Auth H3 Client](\u002Fdocs\u002Fauth-h3client) to coordinate cookie domains and token TTLs. Rejects all requests from untrusted IP addresses.\n\n**Access control**\n\nThis endpoint uses IP-based access control rather than token authentication. Only the IP address configured in `service.clientIp` or `service.proxy.ipToTrust` is allowed.\n\n**Response (200)**\n\n```json\n{\n  \"domain\": \".example.com\",\n  \"accessTokenTTL\": 900000\n}\n```\n\n| Field | Description |\n| --- | --- |\n| `domain` | The cookie domain from `jwt.refresh_tokens.domain` |\n| `accessTokenTTL` | Access token time-to-live in milliseconds (defaults to 15 minutes) |\n\n**Responses on failure**\n\n| Status | Body |\n| --- | --- |\n| `403` | `{ error: 'Forbidden' }` |\n\n---\n\n### `GET \u002Fhealth`\n\nA basic health check endpoint registered directly on the Express app. Returns `200 OK` as plain text. This route is exempt from HMAC verification when called from a local address.\n\n---\n\n## Request Prerequisites\n\nEvery route that accepts a JSON body enforces the following rules:\n\n- **Content-Type**: Must be `application\u002Fjson`. The service returns `403` otherwise.\n- **Non-empty body**: The body must not be empty. Empty payloads return `403`.\n- **Body size limit**: `1kb` for most routes, `4kb` for the OAuth route.\n- **Canary cookie**: The `canary_id` cookie must be present on signup, login, and OAuth routes. Returns `400` if missing.\n\nThe `canary_id` cookie is set by the [Bot Detector](\u002Fdocs\u002Fbot-detection) during the first visit. It ties the session to the originating device.\n\n::tip\nAll cookie-only routes (`\u002Fauth\u002Fuser\u002Frefresh-session`, `\u002Fauth\u002Flogout`, `\u002Fsecret\u002Faccesstoken\u002Fmetadata`) reject any request body, query string, or Content-Type header via the `acceptCookieOnly` middleware.\n::\n\n---\n\n## Route Summary\n\n| Method | Path | Router | Description |\n| --- | --- | --- | --- |\n| `POST` | `\u002Fsignup` | `authenticationRoutes` | Register a new user account |\n| `POST` | `\u002Flogin` | `authenticationRoutes` | Authenticate with email and password |\n| `POST` | `\u002Fauth\u002FOAuth\u002F:providerName` | `authenticationRoutes` | Authenticate via an OAuth provider |\n| `POST` | `\u002Fauth\u002Fuser\u002Frefresh-session` | `tokenRotationRoutes` | Rotate tokens and refresh the session |\n| `POST` | `\u002Fauth\u002Flogout` | `tokenRotationRoutes` | Revoke the refresh token and end the session |\n| `GET` | `\u002Fauth\u002Fverify-mfa` | `magicLinks` | Preview an MFA magic link |\n| `POST` | `\u002Fauth\u002Fverify-mfa` | `magicLinks` | Submit the MFA code to complete authentication |\n| `POST` | `\u002Fcustom\u002Fmfa\u002F:reason` | `magicLinks` | Initiate a custom MFA flow for a protected action |\n| `GET` | `\u002Fauth\u002Fverify-custom-mfa` | `magicLinks` | Preview a custom MFA magic link |\n| `POST` | `\u002Fauth\u002Fverify-custom-mfa` | `magicLinks` | Submit the custom MFA code |\n| `POST` | `\u002Fupdate\u002Femail` | `magicLinks` | Request an email address change |\n| `POST` | `\u002Fauth\u002Fforgot-password` | `magicLinks` | Initiate a password reset |\n| `GET` | `\u002Fauth\u002Freset-password` | `magicLinks` | Preview a password reset magic link |\n| `POST` | `\u002Fauth\u002Freset-password` | `magicLinks` | Submit the new password |\n| `GET` | `\u002Fsecret\u002Fdata` | `bffAccessRoute` | BFF authorization check |\n| `GET` | `\u002Fsecret\u002Faccesstoken\u002Fmetadata` | `bffAccessRoute` | Return decoded access token payload and TTL hints |\n| `GET` | `\u002Fapi\u002Fpublic\u002Fverify` | `apiVerificationRoute()` | Verify an API token against a requested privilege |\n| `POST` | `\u002Fapi\u002Fmanage\u002Fnew-token` | `apiProtectedRoutes()` | Create a new API token |\n| `GET` | `\u002Fapi\u002Fmanage\u002Flist-metadata` | `apiProtectedRoutes()` | List the user's valid API tokens |\n| `POST` | `\u002Fapi\u002Fmanage\u002Frevoke` | `apiProtectedRoutes()` | Revoke an API token |\n| `POST` | `\u002Fapi\u002Fmanage\u002Fmetadata` | `apiProtectedRoutes()` | Return metadata for one API token |\n| `POST` | `\u002Fapi\u002Fmanage\u002Frotate` | `apiProtectedRoutes()` | Rotate an API token |\n| `POST` | `\u002Fapi\u002Fmanage\u002Fip-restriction-update` | `apiProtectedRoutes()` | Update a token IP whitelist |\n| `POST` | `\u002Fapi\u002Fmanage\u002Fprivilege-update` | `apiProtectedRoutes()` | Update a token privilege |\n| `GET` | `\u002Foperational\u002Fconfig` | Standalone | Return operational configuration to trusted client |\n| `GET` | `\u002Fhealth` | Built-in | Health check (returns `200 OK`) |\n",{"title":254,"description":4931},"zQVuFTNkl03ZeCp766gpb7BG8__WoxyUJxeTWZiLtCY",[4940,4935],{"title":250,"path":251,"stem":252,"children":-1},{"id":851,"title":254,"body":4942,"description":4931,"extension":4932,"icon":4933,"meta":8301,"module":4935,"navigation":8,"path":255,"rawbody":4936,"seo":8302,"stem":256,"__hash__":4938},{"type":853,"value":4943,"toc":8262},[4944,4952,5184,5192,5198,5202,5208,5212,5214,5218,5246,5250,5289,5293,5345,5349,5351,5355,5357,5361,5389,5393,5403,5407,5459,5463,5465,5469,5475,5479,5507,5511,5523,5527,5595,5599,5601,5605,5609,5613,5621,5625,5659,5663,5691,5695,5749,5753,5755,5759,5765,5769,5799,5803,5831,5835,5857,5861,5897,5901,5903,5907,5911,5915,5917,5921,5929,5933,5953,5957,5995,5997,6001,6003,6007,6045,6049,6055,6059,6111,6115,6117,6121,6129,6133,6183,6187,6193,6197,6219,6223,6251,6255,6291,6295,6297,6301,6303,6307,6345,6349,6367,6369,6373,6375,6379,6441,6445,6451,6455,6507,6509,6513,6515,6519,6581,6585,6595,6599,6651,6653,6657,6659,6663,6683,6687,6693,6697,6725,6729,6731,6735,6737,6741,6749,6753,6763,6767,6805,6807,6811,6816,6820,6858,6862,6874,6878,6922,6924,6928,6932,6936,6938,6942,6980,6984,7036,7038,7042,7044,7048,7092,7096,7146,7156,7158,7162,7170,7174,7180,7184,7190,7194,7214,7218,7234,7238,7294,7298,7300,7304,7310,7314,7330,7334,7386,7390,7546,7548,7552,7556,7560,7600,7604,7636,7638,7640,7644,7648,7652,7658,7662,7704,7734,7738,7760,7762,7766,7770,7772,7774,7776,7808,7814,7826,7828,7830,8260],[856,4945,858,4946,863,4948,867,4950,871],{},[860,4947,862],{},[860,4949,866],{},[860,4951,870],{},[873,4953,4954],{"className":875,"code":876,"filename":877,"language":878,"meta":879,"style":879},[860,4955,4956,4970,4984,4990,4996,5002,5008,5014,5020,5026,5032,5044,5048,5060,5064,5078,5092,5106,5120,5134,5148,5162],{"__ignoreMap":879},[883,4957,4958,4960,4962,4964,4966,4968],{"class":885,"line":886},[883,4959,890],{"class":889},[883,4961,894],{"class":893},[883,4963,897],{"class":889},[883,4965,901],{"class":900},[883,4967,905],{"class":904},[883,4969,908],{"class":900},[883,4971,4972,4974,4976,4978,4980,4982],{"class":885,"line":911},[883,4973,890],{"class":889},[883,4975,916],{"class":893},[883,4977,897],{"class":889},[883,4979,901],{"class":900},[883,4981,923],{"class":904},[883,4983,908],{"class":900},[883,4985,4986,4988],{"class":885,"line":928},[883,4987,890],{"class":889},[883,4989,934],{"class":933},[883,4991,4992,4994],{"class":885,"line":937},[883,4993,940],{"class":893},[883,4995,943],{"class":933},[883,4997,4998,5000],{"class":885,"line":946},[883,4999,949],{"class":893},[883,5001,943],{"class":933},[883,5003,5004,5006],{"class":885,"line":954},[883,5005,957],{"class":893},[883,5007,943],{"class":933},[883,5009,5010,5012],{"class":885,"line":962},[883,5011,965],{"class":893},[883,5013,943],{"class":933},[883,5015,5016,5018],{"class":885,"line":970},[883,5017,973],{"class":893},[883,5019,943],{"class":933},[883,5021,5022,5024],{"class":885,"line":978},[883,5023,981],{"class":893},[883,5025,943],{"class":933},[883,5027,5028,5030],{"class":885,"line":986},[883,5029,989],{"class":893},[883,5031,943],{"class":933},[883,5033,5034,5036,5038,5040,5042],{"class":885,"line":994},[883,5035,997],{"class":933},[883,5037,1000],{"class":889},[883,5039,901],{"class":900},[883,5041,1005],{"class":904},[883,5043,908],{"class":900},[883,5045,5046],{"class":885,"line":1010},[883,5047,1013],{"emptyLinePlaceholder":8},[883,5049,5050,5052,5054,5056,5058],{"class":885,"line":1016},[883,5051,1020],{"class":1019},[883,5053,1024],{"class":1023},[883,5055,1028],{"class":1027},[883,5057,894],{"class":1031},[883,5059,1034],{"class":933},[883,5061,5062],{"class":885,"line":1037},[883,5063,1013],{"emptyLinePlaceholder":8},[883,5065,5066,5068,5070,5072,5074,5076],{"class":885,"line":1042},[883,5067,1045],{"class":893},[883,5069,871],{"class":933},[883,5071,1050],{"class":1031},[883,5073,1053],{"class":933},[883,5075,1056],{"class":1031},[883,5077,1059],{"class":933},[883,5079,5080,5082,5084,5086,5088,5090],{"class":885,"line":1062},[883,5081,1045],{"class":893},[883,5083,871],{"class":933},[883,5085,1050],{"class":1031},[883,5087,1053],{"class":933},[883,5089,1073],{"class":1031},[883,5091,1059],{"class":933},[883,5093,5094,5096,5098,5100,5102,5104],{"class":885,"line":1078},[883,5095,1045],{"class":893},[883,5097,871],{"class":933},[883,5099,1050],{"class":1031},[883,5101,1053],{"class":933},[883,5103,1089],{"class":893},[883,5105,1092],{"class":933},[883,5107,5108,5110,5112,5114,5116,5118],{"class":885,"line":1095},[883,5109,1045],{"class":893},[883,5111,871],{"class":933},[883,5113,1050],{"class":1031},[883,5115,1053],{"class":933},[883,5117,1106],{"class":893},[883,5119,1092],{"class":933},[883,5121,5122,5124,5126,5128,5130,5132],{"class":885,"line":1111},[883,5123,1045],{"class":893},[883,5125,871],{"class":933},[883,5127,1050],{"class":1031},[883,5129,1053],{"class":933},[883,5131,1122],{"class":893},[883,5133,1092],{"class":933},[883,5135,5136,5138,5140,5142,5144,5146],{"class":885,"line":1127},[883,5137,1045],{"class":893},[883,5139,871],{"class":933},[883,5141,1050],{"class":1031},[883,5143,1053],{"class":933},[883,5145,1138],{"class":893},[883,5147,1092],{"class":933},[883,5149,5150,5152,5154,5156,5158,5160],{"class":885,"line":1143},[883,5151,1045],{"class":893},[883,5153,871],{"class":933},[883,5155,1050],{"class":1031},[883,5157,1053],{"class":933},[883,5159,1154],{"class":1031},[883,5161,1059],{"class":933},[883,5163,5164,5166,5168,5170,5172,5174,5176,5178,5180,5182],{"class":885,"line":1159},[883,5165,1045],{"class":893},[883,5167,871],{"class":933},[883,5169,1050],{"class":1031},[883,5171,1053],{"class":933},[883,5173,1170],{"class":900},[883,5175,1173],{"class":904},[883,5177,1170],{"class":900},[883,5179,1178],{"class":933},[883,5181,1181],{"class":893},[883,5183,1092],{"class":933},[1185,5185,5186],{},[856,5187,5188,1191,5190,1195],{},[860,5189,923],{},[860,5191,1194],{},[856,5193,1198,5194,1201,5196,871],{},[860,5195,866],{},[1203,5197,250],{"href":1205},[1207,5199,5200],{"id":1209},[860,5201,1089],{},[856,5203,1214,5204,1218,5206,1222],{},[860,5205,1217],{},[860,5207,1221],{},[1224,5209,5210],{"id":1226},[860,5211,1229],{},[856,5213,1232],{},[856,5215,5216],{},[1236,5217,1238],{},[1240,5219,5220,5224,5226,5230,5232,5234,5240,5244],{"level":1242},[1244,5221,5222],{"id":1246},[860,5223,1249],{},[856,5225,1252],{},[1244,5227,5228],{"id":1255},[860,5229,1258],{},[856,5231,1261],{},[1244,5233,1265],{"id":1264},[856,5235,1268,5236,1272,5238,1275],{},[860,5237,1271],{},[860,5239,1221],{},[1244,5241,5242],{"id":1278},[860,5243,1281],{},[856,5245,1284],{},[856,5247,5248],{},[1236,5249,1289],{},[1291,5251,5252,5256,5263,5269,5273,5279],{},[1294,5253,5254],{"name":1296,"type":1297,":required":1298},[856,5255,1301],{},[1294,5257,5258],{"name":1304,"type":1297,":required":1298},[856,5259,1307,5260,1314],{},[1203,5261,1313],{"href":1310,"rel":5262},[1312],[1294,5264,5265],{"name":1317,"type":1297,":required":1298},[856,5266,1320,5267,1323],{},[860,5268,1304],{},[1294,5270,5271],{"name":1326,"type":1297,":required":1298},[856,5272,1329],{},[1294,5274,5275],{"name":1332,"type":1297,":required":1298},[856,5276,1335,5277,1339],{},[860,5278,1338],{},[1294,5280,5281],{"name":1342,"type":1297},[856,5282,1345,5283,1348,5285,1352,5287,1356],{},[860,5284,1338],{},[860,5286,1351],{},[860,5288,1355],{},[856,5290,5291],{},[1236,5292,1361],{},[1363,5294,5295,5303],{},[1366,5296,5297],{},[1369,5298,5299,5301],{},[1372,5300,1374],{},[1372,5302,1377],{},[1379,5304,5305,5313,5321,5329,5337],{},[1369,5306,5307,5311],{},[1384,5308,5309],{},[860,5310,1388],{},[1384,5312,1391],{},[1369,5314,5315,5319],{},[1384,5316,5317],{},[860,5318,1271],{},[1384,5320,1400],{},[1369,5322,5323,5327],{},[1384,5324,5325],{},[860,5326,1407],{},[1384,5328,1410],{},[1369,5330,5331,5335],{},[1384,5332,5333],{},[860,5334,1417],{},[1384,5336,1420],{},[1369,5338,5339,5343],{},[1384,5340,5341],{},[860,5342,1427],{},[1384,5344,1430],{},[856,5346,1433,5347,1436],{},[1203,5348,99],{"href":100},[1438,5350],{},[1224,5352,5353],{"id":1442},[860,5354,1445],{},[856,5356,1448],{},[856,5358,5359],{},[1236,5360,1238],{},[1240,5362,5363,5367,5369,5373,5375,5377,5383,5387],{"level":1242},[1244,5364,5365],{"id":1457},[860,5366,1249],{},[856,5368,1252],{},[1244,5370,5371],{"id":1464},[860,5372,1258],{},[856,5374,1261],{},[1244,5376,1265],{"id":1471},[856,5378,1268,5379,1272,5381,1275],{},[860,5380,1271],{},[860,5382,1221],{},[1244,5384,5385],{"id":1480},[860,5386,1483],{},[856,5388,1486],{},[856,5390,5391],{},[1236,5392,1289],{},[1291,5394,5395,5399],{},[1294,5396,5397],{"name":1296,"type":1297,":required":1298},[856,5398,1497],{},[1294,5400,5401],{"name":1304,"type":1297,":required":1298},[856,5402,1502],{},[856,5404,5405],{},[1236,5406,1361],{},[1363,5408,5409,5417],{},[1366,5410,5411],{},[1369,5412,5413,5415],{},[1372,5414,1374],{},[1372,5416,1377],{},[1379,5418,5419,5427,5435,5443,5451],{},[1369,5420,5421,5425],{},[1384,5422,5423],{},[860,5424,1525],{},[1384,5426,1528],{},[1369,5428,5429,5433],{},[1384,5430,5431],{},[860,5432,1271],{},[1384,5434,1537],{},[1369,5436,5437,5441],{},[1384,5438,5439],{},[860,5440,1544],{},[1384,5442,1547],{},[1369,5444,5445,5449],{},[1384,5446,5447],{},[860,5448,1407],{},[1384,5450,1556],{},[1369,5452,5453,5457],{},[1384,5454,5455],{},[860,5456,1427],{},[1384,5458,1430],{},[856,5460,1433,5461,1569],{},[1203,5462,103],{"href":104},[1438,5464],{},[1224,5466,5467],{"id":1574},[860,5468,1577],{},[856,5470,1580,5471,1584,5473,1588],{},[860,5472,1583],{},[860,5474,1587],{},[856,5476,5477],{},[1236,5478,1238],{},[1240,5480,5481,5485,5487,5491,5493,5495,5501,5505],{"level":1242},[1244,5482,5483],{"id":1597},[860,5484,1249],{},[856,5486,1252],{},[1244,5488,5489],{"id":1604},[860,5490,1607],{},[856,5492,1610],{},[1244,5494,1265],{"id":1613},[856,5496,1268,5497,1272,5499,1275],{},[860,5498,1271],{},[860,5500,1221],{},[1244,5502,5503],{"id":1622},[860,5504,1625],{},[856,5506,1628],{},[856,5508,5509],{},[1236,5510,1633],{},[1291,5512,5513],{},[1294,5514,5515],{"name":1638,"type":1297,":required":1298},[856,5516,1641,5517,1644,5519,1178,5521,1651],{},[860,5518,1587],{},[860,5520,1647],{},[860,5522,1650],{},[856,5524,5525],{},[1236,5526,1361],{},[1363,5528,5529,5537],{},[1366,5530,5531],{},[1369,5532,5533,5535],{},[1372,5534,1374],{},[1372,5536,1377],{},[1379,5538,5539,5547,5555,5563,5571,5579,5587],{},[1369,5540,5541,5545],{},[1384,5542,5543],{},[860,5544,1388],{},[1384,5546,1528],{},[1369,5548,5549,5553],{},[1384,5550,5551],{},[860,5552,1271],{},[1384,5554,1684],{},[1369,5556,5557,5561],{},[1384,5558,5559],{},[860,5560,1691],{},[1384,5562,1694],{},[1369,5564,5565,5569],{},[1384,5566,5567],{},[860,5568,1407],{},[1384,5570,1410],{},[1369,5572,5573,5577],{},[1384,5574,5575],{},[860,5576,1417],{},[1384,5578,1711],{},[1369,5580,5581,5585],{},[1384,5582,5583],{},[860,5584,1427],{},[1384,5586,1430],{},[1369,5588,5589,5593],{},[1384,5590,5591],{},[860,5592,1726],{},[1384,5594,1729],{},[856,5596,1433,5597,1734],{},[1203,5598,111],{"href":112},[1438,5600],{},[1207,5602,5603],{"id":1739},[860,5604,1106],{},[856,5606,1744,5607,1748],{},[860,5608,1747],{},[1224,5610,5611],{"id":1751},[860,5612,1754],{},[856,5614,1757,5615,1760,5617,1764,5619,1768],{},[860,5616,1221],{},[1203,5618,1763],{"href":96},[860,5620,1767],{},[856,5622,5623],{},[1236,5624,1238],{},[1240,5626,5627,5631,5635,5639,5641,5645,5647,5651,5653,5657],{"level":1242},[1244,5628,5629],{"id":1777},[860,5630,1780],{},[856,5632,1783,5633,1787],{},[860,5634,1786],{},[1244,5636,5637],{"id":1790},[860,5638,1793],{},[856,5640,1796],{},[1244,5642,5643],{"id":1799},[860,5644,1802],{},[856,5646,1805],{},[1244,5648,5649],{"id":1808},[860,5650,1811],{},[856,5652,1814],{},[1244,5654,5655],{"id":1817},[860,5656,1820],{},[856,5658,1823],{},[856,5660,5661],{},[1236,5662,1828],{},[1363,5664,5665,5673],{},[1366,5666,5667],{},[1369,5668,5669,5671],{},[1372,5670,1837],{},[1372,5672,1840],{},[1379,5674,5675,5683],{},[1369,5676,5677,5681],{},[1384,5678,5679],{},[860,5680,1786],{},[1384,5682,1851],{},[1369,5684,5685,5689],{},[1384,5686,5687],{},[860,5688,1221],{},[1384,5690,1860],{},[856,5692,5693],{},[1236,5694,1361],{},[1363,5696,5697,5705],{},[1366,5698,5699],{},[1369,5700,5701,5703],{},[1372,5702,1374],{},[1372,5704,1377],{},[1379,5706,5707,5715,5723,5731,5741],{},[1369,5708,5709,5713],{},[1384,5710,5711],{},[860,5712,1388],{},[1384,5714,1885],{},[1369,5716,5717,5721],{},[1384,5718,5719],{},[860,5720,1892],{},[1384,5722,1895],{},[1369,5724,5725,5729],{},[1384,5726,5727],{},[860,5728,1271],{},[1384,5730,1904],{},[1369,5732,5733,5737],{},[1384,5734,5735],{},[860,5736,1544],{},[1384,5738,1913,5739],{},[860,5740,1767],{},[1369,5742,5743,5747],{},[1384,5744,5745],{},[860,5746,1427],{},[1384,5748,1430],{},[856,5750,1433,5751,1928],{},[1203,5752,91],{"href":92},[1438,5754],{},[1224,5756,5757],{"id":1933},[860,5758,1936],{},[856,5760,1939,5761,1943,5763,1946],{},[860,5762,1942],{},[860,5764,1786],{},[856,5766,5767],{},[1236,5768,1238],{},[1240,5770,5771,5775,5779,5783,5787,5791,5793,5797],{"level":1242},[1244,5772,5773],{"id":1955},[860,5774,1780],{},[856,5776,1783,5777,1787],{},[860,5778,1786],{},[1244,5780,5781],{"id":1964},[860,5782,1967],{},[856,5784,1970,5785,1973],{},[860,5786,1942],{},[1244,5788,5789],{"id":1976},[860,5790,1793],{},[856,5792,1796],{},[1244,5794,5795],{"id":1983},[860,5796,1986],{},[856,5798,1989],{},[856,5800,5801],{},[1236,5802,1828],{},[1363,5804,5805,5813],{},[1366,5806,5807],{},[1369,5808,5809,5811],{},[1372,5810,1837],{},[1372,5812,1840],{},[1379,5814,5815,5823],{},[1369,5816,5817,5821],{},[1384,5818,5819],{},[860,5820,1786],{},[1384,5822,1851],{},[1369,5824,5825,5829],{},[1384,5826,5827],{},[860,5828,1221],{},[1384,5830,2022],{},[856,5832,5833],{},[1236,5834,2027],{},[1363,5836,5837,5845],{},[1366,5838,5839],{},[1369,5840,5841,5843],{},[1372,5842,2036],{},[1372,5844,2039],{},[1379,5846,5847],{},[1369,5848,5849,5853],{},[1384,5850,5851],{},[860,5852,1942],{},[1384,5854,5855],{},[860,5856,2052],{},[856,5858,5859],{},[1236,5860,1361],{},[1363,5862,5863,5871],{},[1366,5864,5865],{},[1369,5866,5867,5869],{},[1372,5868,1374],{},[1372,5870,1377],{},[1379,5872,5873,5881,5889],{},[1369,5874,5875,5879],{},[1384,5876,5877],{},[860,5878,1525],{},[1384,5880,2077],{},[1369,5882,5883,5887],{},[1384,5884,5885],{},[860,5886,1271],{},[1384,5888,1904],{},[1369,5890,5891,5895],{},[1384,5892,5893],{},[860,5894,1544],{},[1384,5896,2094],{},[856,5898,1433,5899,2099],{},[1203,5900,107],{"href":108},[1438,5902],{},[1207,5904,5905],{"id":2104},[860,5906,1122],{},[856,5908,2109,5909,2112],{},[860,5910,1217],{},[1224,5912,5913],{"id":2115},[860,5914,2118],{},[856,5916,2121],{},[856,5918,5919],{},[1236,5920,1238],{},[1240,5922,5923,5927],{"level":1242},[1244,5924,5925],{"id":2130},[860,5926,2133],{},[856,5928,2136],{},[856,5930,5931],{},[1236,5932,2141],{},[1291,5934,5935,5939,5943,5949],{},[1294,5936,5937],{"name":2146,"type":1297,":required":1298},[856,5938,2149],{},[1294,5940,5941],{"name":2152,"type":1297,":required":1298},[856,5942,2155],{},[1294,5944,5945],{"name":2158,"type":1297,":required":1298},[856,5946,2161,5947,1651],{},[860,5948,2164],{},[1294,5950,5951],{"name":2167,"type":1297,":required":1298},[856,5952,2170],{},[856,5954,5955],{},[1236,5956,1361],{},[1363,5958,5959,5969],{},[1366,5960,5961],{},[1369,5962,5963,5965,5967],{},[1372,5964,1374],{},[1372,5966,2185],{},[1372,5968,1377],{},[1379,5970,5971,5983],{},[1369,5972,5973,5977,5981],{},[1384,5974,5975],{},[860,5976,1525],{},[1384,5978,5979],{},[860,5980,2200],{},[1384,5982,2203],{},[1369,5984,5985,5989,5993],{},[1384,5986,5987],{},[860,5988,1271],{},[1384,5990,5991],{},[860,5992,2214],{},[1384,5994,2217],{},[1438,5996],{},[1224,5998,5999],{"id":2222},[860,6000,2225],{},[856,6002,2228],{},[856,6004,6005],{},[1236,6006,1238],{},[1240,6008,6009,6013,6015,6019,6021,6025,6027,6031,6033,6037,6039,6043],{"level":1242},[1244,6010,6011],{"id":2237},[860,6012,2133],{},[856,6014,2242],{},[1244,6016,6017],{"id":2245},[860,6018,1249],{},[856,6020,2250],{},[1244,6022,6023],{"id":2253},[860,6024,1258],{},[856,6026,2258],{},[1244,6028,6029],{"id":2261},[860,6030,2264],{},[856,6032,2267],{},[1244,6034,6035],{"id":2270},[860,6036,1802],{},[856,6038,2275],{},[1244,6040,6041],{"id":2278},[860,6042,2281],{},[856,6044,2284],{},[856,6046,6047],{},[1236,6048,1289],{},[1291,6050,6051],{},[1294,6052,6053],{"name":860,"type":1297,":required":1298},[856,6054,2295],{},[856,6056,6057],{},[1236,6058,1361],{},[1363,6060,6061,6069],{},[1366,6062,6063],{},[1369,6064,6065,6067],{},[1372,6066,1374],{},[1372,6068,1377],{},[1379,6070,6071,6079,6087,6095,6103],{},[1369,6072,6073,6077],{},[1384,6074,6075],{},[860,6076,1525],{},[1384,6078,2320],{},[1369,6080,6081,6085],{},[1384,6082,6083],{},[860,6084,1271],{},[1384,6086,2329],{},[1369,6088,6089,6093],{},[1384,6090,6091],{},[860,6092,1544],{},[1384,6094,2338],{},[1369,6096,6097,6101],{},[1384,6098,6099],{},[860,6100,1407],{},[1384,6102,2347],{},[1369,6104,6105,6109],{},[1384,6106,6107],{},[860,6108,1726],{},[1384,6110,2356],{},[856,6112,1433,6113,2361],{},[1203,6114,123],{"href":124},[1438,6116],{},[1224,6118,6119],{"id":2366},[860,6120,2369],{},[856,6122,2372,6123,2376,6125,1178,6127,1651],{},[860,6124,2375],{},[860,6126,2379],{},[860,6128,2382],{},[856,6130,6131],{},[1236,6132,1238],{},[1240,6134,6135,6139,6141,6145,6147,6151,6153,6157,6159,6163,6165,6169,6171,6175,6177,6181],{"level":1242},[1244,6136,6137],{"id":2391},[860,6138,1249],{},[856,6140,2250],{},[1244,6142,6143],{"id":2398},[860,6144,1967],{},[856,6146,2403],{},[1244,6148,6149],{"id":2406},[860,6150,1780],{},[856,6152,2411],{},[1244,6154,6155],{"id":2414},[860,6156,1802],{},[856,6158,2275],{},[1244,6160,6161],{"id":2421},[860,6162,1811],{},[856,6164,1814],{},[1244,6166,6167],{"id":2428},[860,6168,2431],{},[856,6170,2434],{},[1244,6172,6173],{"id":2437},[860,6174,1258],{},[856,6176,2258],{},[1244,6178,6179],{"id":2444},[860,6180,2447],{},[856,6182,2450],{},[856,6184,6185],{},[1236,6186,1633],{},[1291,6188,6189],{},[1294,6190,6191],{"name":2158,"type":1297,":required":1298},[856,6192,2461],{},[856,6194,6195],{},[1236,6196,2027],{},[1363,6198,6199,6207],{},[1366,6200,6201],{},[1369,6202,6203,6205],{},[1372,6204,2036],{},[1372,6206,2039],{},[1379,6208,6209],{},[1369,6210,6211,6215],{},[1384,6212,6213],{},[860,6214,1942],{},[1384,6216,6217],{},[860,6218,2052],{},[856,6220,6221],{},[1236,6222,1828],{},[1363,6224,6225,6233],{},[1366,6226,6227],{},[1369,6228,6229,6231],{},[1372,6230,1837],{},[1372,6232,1840],{},[1379,6234,6235,6243],{},[1369,6236,6237,6241],{},[1384,6238,6239],{},[860,6240,1786],{},[1384,6242,1851],{},[1369,6244,6245,6249],{},[1384,6246,6247],{},[860,6248,1221],{},[1384,6250,2022],{},[856,6252,6253],{},[1236,6254,1361],{},[1363,6256,6257,6265],{},[1366,6258,6259],{},[1369,6260,6261,6263],{},[1372,6262,1374],{},[1372,6264,1377],{},[1379,6266,6267,6275,6283],{},[1369,6268,6269,6273],{},[1384,6270,6271],{},[860,6272,1525],{},[1384,6274,2544],{},[1369,6276,6277,6281],{},[1384,6278,6279],{},[860,6280,1544],{},[1384,6282,2553],{},[1369,6284,6285,6289],{},[1384,6286,6287],{},[860,6288,1427],{},[1384,6290,1430],{},[856,6292,1433,6293,2567],{},[1203,6294,115],{"href":2566},[1438,6296],{},[1224,6298,6299],{"id":2572},[860,6300,2575],{},[856,6302,2578],{},[856,6304,6305],{},[1236,6306,1238],{},[1240,6308,6309,6313,6315,6319,6321,6325,6327,6331,6333,6337,6339,6343],{"level":1242},[1244,6310,6311],{"id":2587},[860,6312,1967],{},[856,6314,2403],{},[1244,6316,6317],{"id":2594},[860,6318,1780],{},[856,6320,2411],{},[1244,6322,6323],{"id":2601},[860,6324,1802],{},[856,6326,2275],{},[1244,6328,6329],{"id":2608},[860,6330,1811],{},[856,6332,1814],{},[1244,6334,6335],{"id":2615},[860,6336,2431],{},[856,6338,2434],{},[1244,6340,6341],{"id":2622},[860,6342,2625],{},[856,6344,2628],{},[856,6346,6347],{},[1236,6348,2141],{},[1291,6350,6351,6355,6359,6363],{},[1294,6352,6353],{"name":2146,"type":1297,":required":1298},[856,6354,2149],{},[1294,6356,6357],{"name":2152,"type":1297,":required":1298},[856,6358,2155],{},[1294,6360,6361],{"name":2158,"type":1297,":required":1298},[856,6362,2647],{},[1294,6364,6365],{"name":2167,"type":1297,":required":1298},[856,6366,2170],{},[1438,6368],{},[1224,6370,6371],{"id":2656},[860,6372,2659],{},[856,6374,2662],{},[856,6376,6377],{},[1236,6378,1238],{},[1240,6380,6381,6385,6387,6391,6393,6397,6399,6403,6405,6409,6411,6415,6417,6421,6423,6427,6429,6433,6435,6439],{"level":1242},[1244,6382,6383],{"id":2671},[860,6384,1249],{},[856,6386,2250],{},[1244,6388,6389],{"id":2678},[860,6390,1967],{},[856,6392,2403],{},[1244,6394,6395],{"id":2685},[860,6396,1780],{},[856,6398,2411],{},[1244,6400,6401],{"id":2692},[860,6402,1802],{},[856,6404,2275],{},[1244,6406,6407],{"id":2699},[860,6408,1811],{},[856,6410,1814],{},[1244,6412,6413],{"id":2706},[860,6414,2431],{},[856,6416,2434],{},[1244,6418,6419],{"id":2713},[860,6420,1258],{},[856,6422,2258],{},[1244,6424,6425],{"id":2720},[860,6426,2625],{},[856,6428,2725],{},[1244,6430,6431],{"id":2728},[860,6432,2264],{},[856,6434,2267],{},[1244,6436,6437],{"id":2735},[860,6438,2738],{},[856,6440,2741],{},[856,6442,6443],{},[1236,6444,1289],{},[1291,6446,6447],{},[1294,6448,6449],{"name":860,"type":1297,":required":1298},[856,6450,2752],{},[856,6452,6453],{},[1236,6454,1361],{},[1363,6456,6457,6465],{},[1366,6458,6459],{},[1369,6460,6461,6463],{},[1372,6462,1374],{},[1372,6464,1377],{},[1379,6466,6467,6475,6483,6491,6499],{},[1369,6468,6469,6473],{},[1384,6470,6471],{},[860,6472,1525],{},[1384,6474,2777],{},[1369,6476,6477,6481],{},[1384,6478,6479],{},[860,6480,1271],{},[1384,6482,2329],{},[1369,6484,6485,6489],{},[1384,6486,6487],{},[860,6488,1544],{},[1384,6490,2338],{},[1369,6492,6493,6497],{},[1384,6494,6495],{},[860,6496,1407],{},[1384,6498,2802],{},[1369,6500,6501,6505],{},[1384,6502,6503],{},[860,6504,1726],{},[1384,6506,2356],{},[1438,6508],{},[1224,6510,6511],{"id":2815},[860,6512,2818],{},[856,6514,2821],{},[856,6516,6517],{},[1236,6518,1238],{},[1240,6520,6521,6525,6527,6531,6533,6537,6539,6543,6545,6549,6551,6555,6557,6561,6563,6567,6569,6573,6575,6579],{"level":1242},[1244,6522,6523],{"id":2830},[860,6524,1249],{},[856,6526,2250],{},[1244,6528,6529],{"id":2837},[860,6530,1967],{},[856,6532,2403],{},[1244,6534,6535],{"id":2844},[860,6536,1780],{},[856,6538,2411],{},[1244,6540,6541],{"id":2851},[860,6542,1802],{},[856,6544,2275],{},[1244,6546,6547],{"id":2858},[860,6548,1811],{},[856,6550,1814],{},[1244,6552,6553],{"id":2865},[860,6554,2431],{},[856,6556,2434],{},[1244,6558,6559],{"id":2872},[860,6560,1258],{},[856,6562,2258],{},[1244,6564,6565],{"id":2879},[860,6566,2625],{},[856,6568,2725],{},[1244,6570,6571],{"id":2886},[860,6572,2264],{},[856,6574,2267],{},[1244,6576,6577],{"id":2893},[860,6578,2896],{},[856,6580,2899],{},[856,6582,6583],{},[1236,6584,1289],{},[1291,6586,6587,6591],{},[1294,6588,6589],{"name":860,"type":1297,":required":1298},[856,6590,2752],{},[1294,6592,6593],{"name":2912,"type":1297,":required":1298},[856,6594,2915],{},[856,6596,6597],{},[1236,6598,1361],{},[1363,6600,6601,6609],{},[1366,6602,6603],{},[1369,6604,6605,6607],{},[1372,6606,1374],{},[1372,6608,1377],{},[1379,6610,6611,6619,6627,6635,6643],{},[1369,6612,6613,6617],{},[1384,6614,6615],{},[860,6616,1525],{},[1384,6618,2940],{},[1369,6620,6621,6625],{},[1384,6622,6623],{},[860,6624,1271],{},[1384,6626,2949],{},[1369,6628,6629,6633],{},[1384,6630,6631],{},[860,6632,1544],{},[1384,6634,2958],{},[1369,6636,6637,6641],{},[1384,6638,6639],{},[860,6640,1407],{},[1384,6642,2802],{},[1369,6644,6645,6649],{},[1384,6646,6647],{},[860,6648,1726],{},[1384,6650,2356],{},[1438,6652],{},[1224,6654,6655],{"id":2979},[860,6656,2982],{},[856,6658,2985],{},[856,6660,6661],{},[1236,6662,1238],{},[1240,6664,6665,6669,6671,6675,6677,6681],{"level":1242},[1244,6666,6667],{"id":2994},[860,6668,1249],{},[856,6670,2250],{},[1244,6672,6673],{"id":3001},[860,6674,1258],{},[856,6676,2258],{},[1244,6678,6679],{"id":3008},[860,6680,3011],{},[856,6682,3014],{},[856,6684,6685],{},[1236,6686,1289],{},[1291,6688,6689],{},[1294,6690,6691],{"name":1296,"type":1297,":required":1298},[856,6692,3025],{},[856,6694,6695],{},[1236,6696,1361],{},[1363,6698,6699,6707],{},[1366,6700,6701],{},[1369,6702,6703,6705],{},[1372,6704,1374],{},[1372,6706,1377],{},[1379,6708,6709,6717],{},[1369,6710,6711,6715],{},[1384,6712,6713],{},[860,6714,1525],{},[1384,6716,3050],{},[1369,6718,6719,6723],{},[1384,6720,6721],{},[860,6722,1427],{},[1384,6724,1430],{},[856,6726,1433,6727,3063],{},[1203,6728,163],{"href":164},[1438,6730],{},[1224,6732,6733],{"id":3068},[860,6734,3071],{},[856,6736,3074],{},[856,6738,6739],{},[1236,6740,1238],{},[1240,6742,6743,6747],{"level":1242},[1244,6744,6745],{"id":3083},[860,6746,3086],{},[856,6748,3089],{},[856,6750,6751],{},[1236,6752,2141],{},[856,6754,3096,6755,1178,6757,1178,6759,1178,6761,871],{},[860,6756,2146],{},[860,6758,2152],{},[860,6760,2158],{},[860,6762,2167],{},[856,6764,6765],{},[1236,6766,1361],{},[1363,6768,6769,6779],{},[1366,6770,6771],{},[1369,6772,6773,6775,6777],{},[1372,6774,1374],{},[1372,6776,2185],{},[1372,6778,1377],{},[1379,6780,6781,6793],{},[1369,6782,6783,6787,6791],{},[1384,6784,6785],{},[860,6786,1525],{},[1384,6788,6789],{},[860,6790,3133],{},[1384,6792,2203],{},[1369,6794,6795,6799,6803],{},[1384,6796,6797],{},[860,6798,1271],{},[1384,6800,6801],{},[860,6802,2214],{},[1384,6804,2217],{},[1438,6806],{},[1224,6808,6809],{"id":3152},[860,6810,3155],{},[856,6812,3158,6813,3162],{},[1203,6814,1313],{"href":1310,"rel":6815},[1312],[856,6817,6818],{},[1236,6819,1238],{},[1240,6821,6822,6826,6828,6832,6834,6838,6840,6844,6846,6850,6852,6856],{"level":1242},[1244,6823,6824],{"id":3171},[860,6825,3086],{},[856,6827,3176],{},[1244,6829,6830],{"id":3179},[860,6831,1249],{},[856,6833,2250],{},[1244,6835,6836],{"id":3186},[860,6837,1258],{},[856,6839,2258],{},[1244,6841,6842],{"id":3193},[860,6843,2264],{},[856,6845,2267],{},[1244,6847,6848],{"id":3200},[860,6849,1802],{},[856,6851,2275],{},[1244,6853,6854],{"id":3207},[860,6855,3210],{},[856,6857,3213],{},[856,6859,6860],{},[1236,6861,1289],{},[1291,6863,6864,6868],{},[1294,6865,6866],{"name":1304,"type":1297,":required":1298},[856,6867,3224],{},[1294,6869,6870],{"name":1317,"type":1297,":required":1298},[856,6871,1320,6872,1323],{},[860,6873,1304],{},[856,6875,6876],{},[1236,6877,1361],{},[1363,6879,6880,6888],{},[1366,6881,6882],{},[1369,6883,6884,6886],{},[1372,6885,1374],{},[1372,6887,1377],{},[1379,6889,6890,6898,6906,6914],{},[1369,6891,6892,6896],{},[1384,6893,6894],{},[860,6895,1525],{},[1384,6897,3255],{},[1369,6899,6900,6904],{},[1384,6901,6902],{},[860,6903,1271],{},[1384,6905,3264],{},[1369,6907,6908,6912],{},[1384,6909,6910],{},[860,6911,1407],{},[1384,6913,3273],{},[1369,6915,6916,6920],{},[1384,6917,6918],{},[860,6919,1427],{},[1384,6921,1430],{},[1438,6923],{},[1207,6925,6926],{"id":3286},[860,6927,1138],{},[856,6929,6930,3294],{},[1203,6931,3293],{"href":132},[1224,6933,6934],{"id":3297},[860,6935,3300],{},[856,6937,3303],{},[856,6939,6940],{},[1236,6941,1238],{},[1240,6943,6944,6948,6950,6954,6956,6960,6962,6966,6968,6972,6974,6978],{"level":1242},[1244,6945,6946],{"id":3312},[860,6947,1967],{},[856,6949,2403],{},[1244,6951,6952],{"id":3319},[860,6953,1780],{},[856,6955,2411],{},[1244,6957,6958],{"id":3326},[860,6959,1802],{},[856,6961,2275],{},[1244,6963,6964],{"id":3333},[860,6965,1811],{},[856,6967,1814],{},[1244,6969,6970],{"id":3340},[860,6971,2431],{},[856,6973,2434],{},[1244,6975,6976],{"id":3347},[860,6977,3350],{},[856,6979,3353],{},[856,6981,6982],{},[1236,6983,1361],{},[1363,6985,6986,6996],{},[1366,6987,6988],{},[1369,6989,6990,6992,6994],{},[1372,6991,1374],{},[1372,6993,2185],{},[1372,6995,1377],{},[1379,6997,6998,7010,7024],{},[1369,6999,7000,7004,7008],{},[1384,7001,7002],{},[860,7003,1525],{},[1384,7005,7006],{},[860,7007,3382],{},[1384,7009,3385],{},[1369,7011,7012,7016,7020],{},[1384,7013,7014],{},[860,7015,1544],{},[1384,7017,7018],{},[860,7019,3396],{},[1384,7021,7022,3402],{},[860,7023,3401],{},[1369,7025,7026,7030,7034],{},[1384,7027,7028],{},[860,7029,1691],{},[1384,7031,7032],{},[860,7033,3413],{},[1384,7035,3416],{},[1438,7037],{},[1224,7039,7040],{"id":3421},[860,7041,3424],{},[856,7043,3427],{},[856,7045,7046],{},[1236,7047,1238],{},[1240,7049,7050,7054,7056,7060,7062,7066,7068,7072,7074,7078,7080,7084,7086,7090],{"level":1242},[1244,7051,7052],{"id":3436},[860,7053,1967],{},[856,7055,2403],{},[1244,7057,7058],{"id":3443},[860,7059,1780],{},[856,7061,2411],{},[1244,7063,7064],{"id":3450},[860,7065,1802],{},[856,7067,2275],{},[1244,7069,7070],{"id":3457},[860,7071,1811],{},[856,7073,1814],{},[1244,7075,7076],{"id":3464},[860,7077,2431],{},[856,7079,2434],{},[1244,7081,7082],{"id":3471},[860,7083,1793],{},[856,7085,3476],{},[1244,7087,7088],{"id":3479},[860,7089,3482],{},[856,7091,3485],{},[856,7093,7094],{},[1236,7095,1361],{},[1363,7097,7098,7108],{},[1366,7099,7100],{},[1369,7101,7102,7104,7106],{},[1372,7103,1374],{},[1372,7105,2185],{},[1372,7107,1377],{},[1379,7109,7110,7122,7134],{},[1369,7111,7112,7116,7120],{},[1384,7113,7114],{},[860,7115,1525],{},[1384,7117,7118],{},[860,7119,3514],{},[1384,7121,3517],{},[1369,7123,7124,7128,7132],{},[1384,7125,7126],{},[860,7127,1544],{},[1384,7129,7130],{},[860,7131,3396],{},[1384,7133,2553],{},[1369,7135,7136,7140,7144],{},[1384,7137,7138],{},[860,7139,1691],{},[1384,7141,7142],{},[860,7143,3413],{},[1384,7145,3416],{},[856,7147,3544,7148,3548,7150,3552,7152,3555,7154,3559],{},[860,7149,3547],{},[860,7151,3551],{},[860,7153,1298],{},[860,7155,3558],{},[1438,7157],{},[1207,7159,7160],{"id":3564},[860,7161,3567],{},[856,7163,3570,7164,3573,7166,943,7168,3580],{},[860,7165,866],{},[860,7167,3576],{},[860,7169,3579],{},[1224,7171,7172],{"id":3583},[860,7173,3586],{},[856,7175,3589,7176,3593,7178,3597],{},[860,7177,3592],{},[860,7179,3596],{},[856,7181,7182],{},[1236,7183,3602],{},[856,7185,3605,7186,3609,7188,3612],{},[860,7187,3608],{},[860,7189,866],{},[856,7191,7192],{},[1236,7193,2027],{},[1363,7195,7196,7204],{},[1366,7197,7198],{},[1369,7199,7200,7202],{},[1372,7201,2036],{},[1372,7203,2039],{},[1379,7205,7206],{},[1369,7207,7208,7212],{},[1384,7209,7210],{},[860,7211,3592],{},[1384,7213,3637],{},[856,7215,7216],{},[1236,7217,2141],{},[1291,7219,7220],{},[1294,7221,7222],{"name":3596,"type":1297,":required":1298},[856,7223,3648,7224,1178,7226,943,7228,1178,7230,3661,7232,871],{},[860,7225,3651],{},[860,7227,3654],{},[860,7229,3657],{},[860,7231,3660],{},[860,7233,3664],{},[856,7235,7236],{},[1236,7237,1361],{},[1363,7239,7240,7248],{},[1366,7241,7242],{},[1369,7243,7244,7246],{},[1372,7245,1374],{},[1372,7247,1377],{},[1379,7249,7250,7258,7268,7278,7286],{},[1369,7251,7252,7256],{},[1384,7253,7254],{},[860,7255,1525],{},[1384,7257,3689],{},[1369,7259,7260,7264],{},[1384,7261,7262],{},[860,7263,1271],{},[1384,7265,3698,7266,3701],{},[860,7267,3596],{},[1369,7269,7270,7274],{},[1384,7271,7272],{},[860,7273,1544],{},[1384,7275,3710,7276,3713],{},[860,7277,3592],{},[1369,7279,7280,7284],{},[1384,7281,7282],{},[860,7283,1407],{},[1384,7285,3722],{},[1369,7287,7288,7292],{},[1384,7289,7290],{},[860,7291,1427],{},[1384,7293,1430],{},[856,7295,1433,7296,3735],{},[1203,7297,177],{"href":178},[1438,7299],{},[1207,7301,7302],{"id":3740},[860,7303,3743],{},[856,7305,3746,7306,3750,7308,3754],{},[860,7307,3749],{},[860,7309,3753],{},[1224,7311,7312],{"id":3757},[860,7313,3749],{},[856,7315,3762,7316,3766,7318,1178,7320,1178,7322,1178,7324,943,7326,3782,7328,871],{},[860,7317,3765],{},[860,7319,3769],{},[860,7321,3772],{},[860,7323,3775],{},[860,7325,3778],{},[860,7327,3781],{},[860,7329,3785],{},[856,7331,7332],{},[1236,7333,1238],{},[1240,7335,7336,7340,7344,7348,7350,7354,7356,7360,7362,7366,7368,7372,7374,7378,7380,7384],{"level":1242},[1244,7337,7338],{"id":3794},[860,7339,1967],{},[856,7341,1970,7342,1973],{},[860,7343,1942],{},[1244,7345,7346],{"id":3803},[860,7347,1780],{},[856,7349,2411],{},[1244,7351,7352],{"id":3810},[860,7353,1802],{},[856,7355,3815],{},[1244,7357,7358],{"id":3818},[860,7359,1811],{},[856,7361,3823],{},[1244,7363,7364],{"id":3826},[860,7365,2431],{},[856,7367,3831],{},[1244,7369,7370],{"id":3834},[860,7371,3837],{},[856,7373,3840],{},[1244,7375,7376],{"id":3843},[860,7377,1258],{},[856,7379,3848],{},[1244,7381,7382],{"id":3851},[860,7383,3854],{},[856,7385,3857],{},[856,7387,7388],{},[1236,7389,3862],{},[1363,7391,7392,7404],{},[1366,7393,7394],{},[1369,7395,7396,7398,7400,7402],{},[1372,7397,3871],{},[1372,7399,3874],{},[1372,7401,3877],{},[1372,7403,3880],{},[1379,7405,7406,7432,7454,7476,7498,7522],{},[1369,7407,7408,7412,7424,7428],{},[1384,7409,7410],{},[860,7411,3889],{},[1384,7413,7414,1178,7416,3896,7418,1178,7420,1178,7422],{},[860,7415,3596],{},[860,7417,1326],{},[860,7419,3899],{},[860,7421,3902],{},[860,7423,3905],{},[1384,7425,7426],{},[860,7427,1388],{},[1384,7429,7430],{},[1203,7431,173],{"href":174},[1369,7433,7434,7438,7446,7450],{},[1384,7435,7436],{},[860,7437,3920],{},[1384,7439,7440,1178,7442,1178,7444],{},[860,7441,3925],{},[860,7443,3928],{},[860,7445,1326],{},[1384,7447,7448],{},[860,7449,1525],{},[1384,7451,7452],{},[1203,7453,191],{"href":192},[1369,7455,7456,7460,7468,7472],{},[1384,7457,7458],{},[860,7459,3945],{},[1384,7461,7462,1178,7464,1178,7466],{},[860,7463,3925],{},[860,7465,3928],{},[860,7467,1326],{},[1384,7469,7470],{},[860,7471,1525],{},[1384,7473,7474],{},[1203,7475,203],{"href":204},[1369,7477,7478,7482,7490,7494],{},[1384,7479,7480],{},[860,7481,3968],{},[1384,7483,7484,1178,7486,1178,7488],{},[860,7485,3925],{},[860,7487,3928],{},[860,7489,1326],{},[1384,7491,7492],{},[860,7493,1525],{},[1384,7495,7496],{},[1203,7497,195],{"href":196},[1369,7499,7500,7504,7514,7518],{},[1384,7501,7502],{},[860,7503,3991],{},[1384,7505,7506,1178,7508,1178,7510,3896,7512],{},[860,7507,3925],{},[860,7509,3928],{},[860,7511,1326],{},[860,7513,3905],{},[1384,7515,7516],{},[860,7517,1525],{},[1384,7519,7520],{},[1203,7521,199],{"href":200},[1369,7523,7524,7528,7538,7542],{},[1384,7525,7526],{},[860,7527,4016],{},[1384,7529,7530,1178,7532,1178,7534,1178,7536],{},[860,7531,3925],{},[860,7533,3928],{},[860,7535,1326],{},[860,7537,4027],{},[1384,7539,7540],{},[860,7541,1525],{},[1384,7543,7544],{},[1203,7545,187],{"href":188},[1438,7547],{},[1224,7549,7550],{"id":4040},[860,7551,3753],{},[856,7553,4045,7554,4049],{},[860,7555,4048],{},[856,7557,7558],{},[1236,7559,1238],{},[1240,7561,7562,7566,7570,7574,7576,7580,7582,7586,7588,7592,7594,7598],{"level":1242},[1244,7563,7564],{"id":4058},[860,7565,1967],{},[856,7567,1970,7568,1973],{},[860,7569,1942],{},[1244,7571,7572],{"id":4067},[860,7573,1780],{},[856,7575,2411],{},[1244,7577,7578],{"id":4074},[860,7579,1802],{},[856,7581,3815],{},[1244,7583,7584],{"id":4081},[860,7585,1811],{},[856,7587,3823],{},[1244,7589,7590],{"id":4088},[860,7591,2431],{},[856,7593,3831],{},[1244,7595,7596],{"id":4095},[860,7597,3854],{},[856,7599,4100],{},[856,7601,7602],{},[1236,7603,4105],{},[1363,7605,7606,7618],{},[1366,7607,7608],{},[1369,7609,7610,7612,7614,7616],{},[1372,7611,3871],{},[1372,7613,2185],{},[1372,7615,3877],{},[1372,7617,3880],{},[1379,7619,7620],{},[1369,7621,7622,7626,7628,7632],{},[1384,7623,7624],{},[860,7625,4128],{},[1384,7627,4131],{},[1384,7629,7630],{},[860,7631,1525],{},[1384,7633,7634],{},[1203,7635,207],{"href":208},[1438,7637],{},[1207,7639,4145],{"id":4144},[1224,7641,7642],{"id":4148},[860,7643,4151],{},[856,7645,4154,7646,4157],{},[1203,7647,20],{"href":22},[856,7649,7650],{},[1236,7651,4162],{},[856,7653,4165,7654,4169,7656,4173],{},[860,7655,4168],{},[860,7657,4172],{},[856,7659,7660],{},[1236,7661,4178],{},[873,7663,7664],{"className":4181,"code":4182,"language":5,"meta":879,"style":879},[860,7665,7666,7670,7688,7700],{"__ignoreMap":879},[883,7667,7668],{"class":885,"line":886},[883,7669,4189],{"class":933},[883,7671,7672,7674,7676,7678,7680,7682,7684,7686],{"class":885,"line":911},[883,7673,4195],{"class":4194},[883,7675,4199],{"class":4198},[883,7677,4202],{"class":4194},[883,7679,4205],{"class":1027},[883,7681,4208],{"class":900},[883,7683,4211],{"class":904},[883,7685,4202],{"class":900},[883,7687,943],{"class":933},[883,7689,7690,7692,7694,7696,7698],{"class":885,"line":928},[883,7691,4195],{"class":4194},[883,7693,4222],{"class":4198},[883,7695,4202],{"class":4194},[883,7697,4205],{"class":1027},[883,7699,4230],{"class":4229},[883,7701,7702],{"class":885,"line":937},[883,7703,4235],{"class":933},[1363,7705,7706,7714],{},[1366,7707,7708],{},[1369,7709,7710,7712],{},[1372,7711,4244],{},[1372,7713,4247],{},[1379,7715,7716,7726],{},[1369,7717,7718,7722],{},[1384,7719,7720],{},[860,7721,4199],{},[1384,7723,4258,7724],{},[860,7725,4261],{},[1369,7727,7728,7732],{},[1384,7729,7730],{},[860,7731,4222],{},[1384,7733,4270],{},[856,7735,7736],{},[1236,7737,4275],{},[1363,7739,7740,7748],{},[1366,7741,7742],{},[1369,7743,7744,7746],{},[1372,7745,1374],{},[1372,7747,2185],{},[1379,7749,7750],{},[1369,7751,7752,7756],{},[1384,7753,7754],{},[860,7755,1407],{},[1384,7757,7758],{},[860,7759,4298],{},[1438,7761],{},[1224,7763,7764],{"id":4303},[860,7765,4306],{},[856,7767,4309,7768,4313],{},[860,7769,4312],{},[1438,7771],{},[1207,7773,4319],{"id":4318},[856,7775,4322],{},[4324,7777,7778,7786,7792,7800],{},[4327,7779,7780,4331,7782,4335,7784,4338],{},[1236,7781,1747],{},[860,7783,4334],{},[860,7785,1407],{},[4327,7787,7788,4344,7790,871],{},[1236,7789,4343],{},[860,7791,1407],{},[4327,7793,7794,4352,7796,4356,7798,4360],{},[1236,7795,4351],{},[860,7797,4355],{},[860,7799,4359],{},[4327,7801,7802,4366,7804,4369,7806,4372],{},[1236,7803,4365],{},[860,7805,1221],{},[860,7807,1271],{},[856,7809,3544,7810,4377,7812,4380],{},[860,7811,1221],{},[1203,7813,399],{"href":35},[4382,7815,7816],{},[856,7817,4386,7818,1178,7820,1178,7822,4396,7824,4399],{},[860,7819,4389],{},[860,7821,4392],{},[860,7823,4395],{},[860,7825,1793],{},[1438,7827],{},[1207,7829,4405],{"id":4404},[1363,7831,7832,7844],{},[1366,7833,7834],{},[1369,7835,7836,7838,7840,7842],{},[1372,7837,4414],{},[1372,7839,3871],{},[1372,7841,4419],{},[1372,7843,4247],{},[1379,7845,7846,7862,7878,7894,7910,7926,7942,7958,7974,7990,8006,8022,8038,8054,8070,8086,8102,8118,8134,8150,8166,8182,8198,8214,8230,8244],{},[1369,7847,7848,7852,7856,7860],{},[1384,7849,7850],{},[860,7851,4430],{},[1384,7853,7854],{},[860,7855,4435],{},[1384,7857,7858],{},[860,7859,1089],{},[1384,7861,4442],{},[1369,7863,7864,7868,7872,7876],{},[1384,7865,7866],{},[860,7867,4430],{},[1384,7869,7870],{},[860,7871,4453],{},[1384,7873,7874],{},[860,7875,1089],{},[1384,7877,4460],{},[1369,7879,7880,7884,7888,7892],{},[1384,7881,7882],{},[860,7883,4430],{},[1384,7885,7886],{},[860,7887,4471],{},[1384,7889,7890],{},[860,7891,1089],{},[1384,7893,4478],{},[1369,7895,7896,7900,7904,7908],{},[1384,7897,7898],{},[860,7899,4430],{},[1384,7901,7902],{},[860,7903,4389],{},[1384,7905,7906],{},[860,7907,1106],{},[1384,7909,4495],{},[1369,7911,7912,7916,7920,7924],{},[1384,7913,7914],{},[860,7915,4430],{},[1384,7917,7918],{},[860,7919,4392],{},[1384,7921,7922],{},[860,7923,1106],{},[1384,7925,4512],{},[1369,7927,7928,7932,7936,7940],{},[1384,7929,7930],{},[860,7931,4519],{},[1384,7933,7934],{},[860,7935,4524],{},[1384,7937,7938],{},[860,7939,1122],{},[1384,7941,4531],{},[1369,7943,7944,7948,7952,7956],{},[1384,7945,7946],{},[860,7947,4430],{},[1384,7949,7950],{},[860,7951,4524],{},[1384,7953,7954],{},[860,7955,1122],{},[1384,7957,4548],{},[1369,7959,7960,7964,7968,7972],{},[1384,7961,7962],{},[860,7963,4430],{},[1384,7965,7966],{},[860,7967,4559],{},[1384,7969,7970],{},[860,7971,1122],{},[1384,7973,4566],{},[1369,7975,7976,7980,7984,7988],{},[1384,7977,7978],{},[860,7979,4519],{},[1384,7981,7982],{},[860,7983,4577],{},[1384,7985,7986],{},[860,7987,1122],{},[1384,7989,4584],{},[1369,7991,7992,7996,8000,8004],{},[1384,7993,7994],{},[860,7995,4430],{},[1384,7997,7998],{},[860,7999,4577],{},[1384,8001,8002],{},[860,8003,1122],{},[1384,8005,4601],{},[1369,8007,8008,8012,8016,8020],{},[1384,8009,8010],{},[860,8011,4430],{},[1384,8013,8014],{},[860,8015,4612],{},[1384,8017,8018],{},[860,8019,1122],{},[1384,8021,4619],{},[1369,8023,8024,8028,8032,8036],{},[1384,8025,8026],{},[860,8027,4430],{},[1384,8029,8030],{},[860,8031,4630],{},[1384,8033,8034],{},[860,8035,1122],{},[1384,8037,4637],{},[1369,8039,8040,8044,8048,8052],{},[1384,8041,8042],{},[860,8043,4519],{},[1384,8045,8046],{},[860,8047,4648],{},[1384,8049,8050],{},[860,8051,1122],{},[1384,8053,4655],{},[1369,8055,8056,8060,8064,8068],{},[1384,8057,8058],{},[860,8059,4430],{},[1384,8061,8062],{},[860,8063,4648],{},[1384,8065,8066],{},[860,8067,1122],{},[1384,8069,4672],{},[1369,8071,8072,8076,8080,8084],{},[1384,8073,8074],{},[860,8075,4519],{},[1384,8077,8078],{},[860,8079,4683],{},[1384,8081,8082],{},[860,8083,1138],{},[1384,8085,4690],{},[1369,8087,8088,8092,8096,8100],{},[1384,8089,8090],{},[860,8091,4519],{},[1384,8093,8094],{},[860,8095,4395],{},[1384,8097,8098],{},[860,8099,1138],{},[1384,8101,4707],{},[1369,8103,8104,8108,8112,8116],{},[1384,8105,8106],{},[860,8107,4519],{},[1384,8109,8110],{},[860,8111,4718],{},[1384,8113,8114],{},[860,8115,3567],{},[1384,8117,4725],{},[1369,8119,8120,8124,8128,8132],{},[1384,8121,8122],{},[860,8123,4430],{},[1384,8125,8126],{},[860,8127,4736],{},[1384,8129,8130],{},[860,8131,3743],{},[1384,8133,4743],{},[1369,8135,8136,8140,8144,8148],{},[1384,8137,8138],{},[860,8139,4519],{},[1384,8141,8142],{},[860,8143,4754],{},[1384,8145,8146],{},[860,8147,3743],{},[1384,8149,4761],{},[1369,8151,8152,8156,8160,8164],{},[1384,8153,8154],{},[860,8155,4430],{},[1384,8157,8158],{},[860,8159,4772],{},[1384,8161,8162],{},[860,8163,3743],{},[1384,8165,4779],{},[1369,8167,8168,8172,8176,8180],{},[1384,8169,8170],{},[860,8171,4430],{},[1384,8173,8174],{},[860,8175,4790],{},[1384,8177,8178],{},[860,8179,3743],{},[1384,8181,4797],{},[1369,8183,8184,8188,8192,8196],{},[1384,8185,8186],{},[860,8187,4430],{},[1384,8189,8190],{},[860,8191,4808],{},[1384,8193,8194],{},[860,8195,3743],{},[1384,8197,4815],{},[1369,8199,8200,8204,8208,8212],{},[1384,8201,8202],{},[860,8203,4430],{},[1384,8205,8206],{},[860,8207,4826],{},[1384,8209,8210],{},[860,8211,3743],{},[1384,8213,4833],{},[1369,8215,8216,8220,8224,8228],{},[1384,8217,8218],{},[860,8219,4430],{},[1384,8221,8222],{},[860,8223,4844],{},[1384,8225,8226],{},[860,8227,3743],{},[1384,8229,4851],{},[1369,8231,8232,8236,8240,8242],{},[1384,8233,8234],{},[860,8235,4519],{},[1384,8237,8238],{},[860,8239,1173],{},[1384,8241,4864],{},[1384,8243,4867],{},[1369,8245,8246,8250,8254,8256],{},[1384,8247,8248],{},[860,8249,4519],{},[1384,8251,8252],{},[860,8253,4878],{},[1384,8255,4881],{},[1384,8257,4884,8258,4887],{},[860,8259,4312],{},[4889,8261,4891],{},{"title":879,"searchDepth":911,"depth":911,"links":8263},[8264,8269,8273,8284,8288,8291,8295,8299,8300],{"id":1209,"depth":911,"text":1089,"children":8265},[8266,8267,8268],{"id":1226,"depth":928,"text":1229},{"id":1442,"depth":928,"text":1445},{"id":1574,"depth":928,"text":1577},{"id":1739,"depth":911,"text":1106,"children":8270},[8271,8272],{"id":1751,"depth":928,"text":1754},{"id":1933,"depth":928,"text":1936},{"id":2104,"depth":911,"text":1122,"children":8274},[8275,8276,8277,8278,8279,8280,8281,8282,8283],{"id":2115,"depth":928,"text":2118},{"id":2222,"depth":928,"text":2225},{"id":2366,"depth":928,"text":2369},{"id":2572,"depth":928,"text":2575},{"id":2656,"depth":928,"text":2659},{"id":2815,"depth":928,"text":2818},{"id":2979,"depth":928,"text":2982},{"id":3068,"depth":928,"text":3071},{"id":3152,"depth":928,"text":3155},{"id":3286,"depth":911,"text":1138,"children":8285},[8286,8287],{"id":3297,"depth":928,"text":3300},{"id":3421,"depth":928,"text":3424},{"id":3564,"depth":911,"text":3567,"children":8289},[8290],{"id":3583,"depth":928,"text":3586},{"id":3740,"depth":911,"text":3743,"children":8292},[8293,8294],{"id":3757,"depth":928,"text":3749},{"id":4040,"depth":928,"text":3753},{"id":4144,"depth":911,"text":4145,"children":8296},[8297,8298],{"id":4148,"depth":928,"text":4151},{"id":4303,"depth":928,"text":4306},{"id":4318,"depth":911,"text":4319},{"id":4404,"depth":911,"text":4405},{},{"title":254,"description":4931},1780436284955]