@alteran/astro 0.1.13 → 0.3.0

package/src/lib/util.ts

@@ -38,10 +38,25 @@ export function bearerToken(request: Request): string | null {
 }
 
 export function isAllowedMime(env: any, mime: string): boolean {
-  const def = ['image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif'];
+  const def = [
+    // Images
+    'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif',
+    // Videos
+    'video/mp4', 'video/mpeg', 'video/webm', 'video/quicktime',
+    // Audio
+    'audio/mpeg', 'audio/mp4', 'audio/wav', 'audio/webm',
+    // JSON (for some Bluesky data)
+    'application/json',
+    // Generic fallback
+    'application/octet-stream'
+  ];
   const raw = (env.PDS_ALLOWED_MIME as string | undefined) ?? def.join(',');
   const set = new Set(raw.split(',').map((s) => s.trim()).filter(Boolean));
-  return set.has(mime.toLowerCase());
+
+  // Extract base MIME type (remove charset and other parameters)
+  const baseMime = mime.toLowerCase().split(';')[0].trim();
+
+  return set.has(baseMime);
 }
 
 export function randomRkey(): string {

package/src/middleware.ts

@@ -1,36 +1,35 @@
 import { defineMiddleware, sequence } from 'astro:middleware';
 
 const cors = defineMiddleware(async ({ locals, request }, next) => {
-  const { env } = (locals as any).runtime ?? (locals as any);
-  const corsOrigins = (env.PDS_CORS_ORIGIN ?? '*').split(',').map((s: string) => s.trim()).filter(Boolean);
-  const origin = request.headers.get('origin') ?? '';
-
-  // In production, never allow wildcard - require explicit origins
-  const isProduction = env.PDS_HOSTNAME && !env.PDS_HOSTNAME.includes('localhost');
-  const allowWildcard = !isProduction && corsOrigins.includes('*');
-
-  // Check if origin is in allowlist
-  const isAllowed = allowWildcard || corsOrigins.includes(origin);
+  // Match atproto CORS implementation: use wildcard for public endpoints
+  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+  // For requests without credentials, "*" can be specified as a wildcard
+  // This is safer than reflecting the request origin and matches atproto standard
 
   if (request.method === 'OPTIONS') {
-    if (!isAllowed) {
-      return new Response('CORS origin not allowed', { status: 403 });
-    }
-
+    // CORS preflight - match atproto PDS implementation
     const headers = new Headers({
-      'Access-Control-Allow-Origin': allowWildcard ? '*' : origin,
-      'Access-Control-Allow-Methods': 'GET, HEAD, POST, OPTIONS',
-      'Access-Control-Allow-Headers': 'Content-Type, Authorization',
-      'Access-Control-Max-Age': '86400', // 24 hours
+      'Access-Control-Allow-Origin': '*',
+      // Use wildcard for methods (atproto standard)
+      'Access-Control-Allow-Methods': '*',
+      // Use wildcard for headers to allow atproto-accept-labelers and other custom headers
+      'Access-Control-Allow-Headers': '*',
+      // Match atproto: 1 day max-age for CORS preflight cache
+      'Access-Control-Max-Age': '86400',
     });
     return new Response(null, { status: 204, headers });
   }
 
   const response = await next();
 
-  if (isAllowed) {
-    response.headers.set('Access-Control-Allow-Origin', allowWildcard ? '*' : origin);
-    response.headers.set('Vary', 'Origin');
+  // Set CORS headers on all responses (atproto standard)
+  response.headers.set('Access-Control-Allow-Origin', '*');
+
+  // Expose DPoP-Nonce header for OAuth clients (atproto standard)
+  // This allows clients to read the DPoP-Nonce header from responses
+  const dpopNonce = response.headers.get('DPoP-Nonce');
+  if (dpopNonce) {
+    response.headers.set('Access-Control-Expose-Headers', 'DPoP-Nonce');
   }
 
   return response;

package/src/pages/.well-known/did.json.ts

@@ -1,18 +1,12 @@
 import type { APIContext } from 'astro';
 import { withCache, CACHE_CONFIGS } from '../../lib/cache';
 import { base58btc } from 'multiformats/bases/base58';
+import { resolveSecret } from '../../lib/secrets';
+import { Secp256k1Keypair } from '@atproto/crypto';
+import { formatMultikey } from '@atproto/crypto/dist/did';
 
 export const prerender = false;
 
-/**
- * DID Document endpoint for did:web
- *
- * Returns a DID document with:
- * - Service endpoints (PDS, firehose)
- * - Verification methods (signing key)
- *
- * Spec: https://w3c-ccg.github.io/did-method-web/
- */
 export async function GET({ locals, request }: APIContext) {
   const { env } = locals.runtime;
 
@@ -23,39 +17,57 @@ export async function GET({ locals, request }: APIContext) {
       const handle = env.PDS_HANDLE ?? 'user.example.com';
       const hostname = env.PDS_HOSTNAME ?? new URL(request.url).hostname;
 
-      // Public repository signing key (raw 32-byte Ed25519) base64-encoded
-      const pubKeyB64: string | undefined = (env as any).REPO_SIGNING_PUBLIC_KEY;
       let publicKeyMultibase: string | undefined;
-      if (pubKeyB64) {
+
+      const serviceKeyHex = await resolveSecret(env.PDS_SERVICE_SIGNING_KEY_HEX as any);
+      if (serviceKeyHex) {
         try {
-          const bin = atob(pubKeyB64.replace(/\s+/g, ''));
-          const raw = new Uint8Array(bin.length);
-          for (let i = 0; i < bin.length; i++) raw[i] = bin.charCodeAt(i);
-          if (raw.byteLength === 32) {
-            // multicodec: ed25519-pub = 0xED 0x01 prefix
-            const prefixed = new Uint8Array(2 + raw.byteLength);
-            prefixed[0] = 0xed; prefixed[1] = 0x01; prefixed.set(raw, 2);
-            publicKeyMultibase = base58btc.encode(prefixed);
+          const keypair = await Secp256k1Keypair.import(serviceKeyHex.trim());
+          publicKeyMultibase = formatMultikey(keypair.jwtAlg, keypair.publicKeyBytes());
+        } catch (error) {
+          console.warn('Failed to encode service signing key', error);
+        }
+      }
+
+      if (!publicKeyMultibase) {
+        const repoPubKeyB64 = await resolveSecret((env as any).REPO_SIGNING_KEY_PUBLIC);
+        if (repoPubKeyB64) {
+          try {
+            const bin = atob(repoPubKeyB64.replace(/\s+/g, ''));
+            const raw = new Uint8Array(bin.length);
+            for (let i = 0; i < bin.length; i++) raw[i] = bin.charCodeAt(i);
+            if (raw.byteLength === 32) {
+              const prefixed = new Uint8Array(2 + raw.byteLength);
+              prefixed[0] = 0xed;
+              prefixed[1] = 0x01;
+              prefixed.set(raw, 2);
+              publicKeyMultibase = base58btc.encode(prefixed);
+            }
+          } catch (error) {
+            console.warn('Failed to encode repo signing key', error);
           }
-        } catch {}
+        }
       }
 
-      // Build DID document
+      const verificationMethods = publicKeyMultibase
+        ? [
+            {
+              id: `${did}#atproto`,
+              type: 'Multikey',
+              controller: did,
+              publicKeyMultibase,
+            },
+          ]
+        : [];
+
       const didDocument = {
         '@context': [
           'https://www.w3.org/ns/did/v1',
-          'https://w3id.org/security/suites/ed25519-2020/v1',
+          'https://w3id.org/security/multikey/v1',
         ],
         id: did,
         alsoKnownAs: [`at://${handle}`],
-        verificationMethod: publicKeyMultibase ? [
-          {
-            id: `${did}#atproto`,
-            type: 'Ed25519VerificationKey2020',
-            controller: did,
-            publicKeyMultibase,
-          },
-        ] : [],
+        verificationMethod: verificationMethods,
         service: [
           {
             id: `${did}#atproto_pds`,
@@ -71,6 +83,7 @@ export async function GET({ locals, request }: APIContext) {
         },
       });
     },
-    CACHE_CONFIGS.DID_DOCUMENT
+    CACHE_CONFIGS.DID_DOCUMENT,
   );
 }
+

package/src/pages/xrpc/app.bsky.actor.getPreferences.ts

@@ -0,0 +1,23 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { getActorPreferences } from '../../lib/preferences';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.getPreferences',
+    fallback: async () => {
+      const { preferences } = await getActorPreferences(env);
+      return new Response(JSON.stringify({ preferences }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.actor.getProfile.ts

@@ -0,0 +1,34 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildProfileViewDetailed, getPrimaryActor, matchesPrimaryActor } from '../../lib/actor';
+import { countPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.getProfile',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ProfileNotFound' }), { status: 404 });
+      }
+      const profile = buildProfileViewDetailed(actor, {
+        followers: 0,
+        follows: 0,
+        posts: await countPosts(env),
+      });
+      return new Response(JSON.stringify(profile), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.actor.getProfiles.ts

@@ -0,0 +1,42 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import {
+  buildProfileViewDetailed,
+  getPrimaryActor,
+  matchesPrimaryActor,
+} from '../../lib/actor';
+import { countPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.getProfiles',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const actors = url.searchParams.getAll('actors');
+      const actor = await getPrimaryActor(env);
+      const posts = await countPosts(env);
+
+      const profiles = actors
+        .filter((identifier) => matchesPrimaryActor(identifier, actor))
+        .map(() =>
+          buildProfileViewDetailed(actor, {
+            followers: 0,
+            follows: 0,
+            posts,
+          }),
+        );
+
+      return new Response(JSON.stringify({ profiles }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.actor.putPreferences.ts

@@ -0,0 +1,36 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+import { readJsonBounded } from '../../lib/util';
+import { setActorPreferences } from '../../lib/preferences';
+
+export const prerender = false;
+
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.actor.putPreferences',
+    fallback: async () => {
+      let body: any;
+      try {
+        body = await readJsonBounded(env, request);
+      } catch (err: any) {
+        if (err?.code === 'PayloadTooLarge') {
+          return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+        }
+        return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+      }
+
+      const preferences = Array.isArray(body?.preferences) ? body.preferences : [];
+      await setActorPreferences(env, preferences);
+
+      return new Response(JSON.stringify({}), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getAuthorFeed.ts

@@ -0,0 +1,42 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { matchesPrimaryActor, getPrimaryActor } from '../../lib/actor';
+import { buildFeedViewPosts, listPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getAuthorFeed',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ActorNotFound' }), { status: 404 });
+      }
+
+      const limitParam = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
+      const limitInput = Number.isFinite(limitParam) ? limitParam : 50;
+      const limit = Math.max(1, Math.min(limitInput, 100));
+      const cursor = url.searchParams.get('cursor') ?? undefined;
+
+      const posts = await listPosts(env, limit, cursor);
+      const feed = await buildFeedViewPosts(env, posts);
+      const nextCursor = posts.length === limit ? String(posts[posts.length - 1].rowid) : undefined;
+
+      const payload: Record<string, unknown> = { feed };
+      if (nextCursor) payload.cursor = nextCursor;
+
+      return new Response(JSON.stringify(payload), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getPostThread.ts

@@ -0,0 +1,37 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildThreadView, getPostByUri } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getPostThread',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const uri = url.searchParams.get('uri');
+      if (!uri) {
+        return new Response(
+          JSON.stringify({ error: 'BadRequest', message: 'uri parameter required' }),
+          { status: 400 },
+        );
+      }
+
+      const post = await getPostByUri(env, uri);
+      if (!post) {
+        return new Response(JSON.stringify({ error: 'NotFound' }), { status: 404 });
+      }
+
+      const thread = await buildThreadView(env, post);
+      return new Response(JSON.stringify({ thread }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getPosts.ts

@@ -0,0 +1,26 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildPostViews, getPostsByUris } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getPosts',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const uris = url.searchParams.getAll('uris').filter(Boolean);
+      const posts = await getPostsByUris(env, uris.slice(0, 25));
+      const views = await buildPostViews(env, posts);
+      return new Response(JSON.stringify({ posts: views }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.feed.getTimeline.ts

@@ -0,0 +1,35 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildFeedViewPosts, listPosts } from '../../lib/feed';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.feed.getTimeline',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const cursor = url.searchParams.get('cursor') ?? undefined;
+      const limitParam = Number.parseInt(url.searchParams.get('limit') ?? '', 10);
+      const limitInput = Number.isFinite(limitParam) ? limitParam : 50;
+      const limit = Math.max(1, Math.min(limitInput, 100));
+
+      const posts = await listPosts(env, limit, cursor);
+      const feed = await buildFeedViewPosts(env, posts);
+      const nextCursor = posts.length === limit ? String(posts[posts.length - 1].rowid) : undefined;
+
+      const payload: Record<string, unknown> = { feed };
+      if (nextCursor) payload.cursor = nextCursor;
+
+      return new Response(JSON.stringify(payload), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.graph.getFollowers.ts

@@ -0,0 +1,29 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildProfileView, getPrimaryActor, matchesPrimaryActor } from '../../lib/actor';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.graph.getFollowers',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ActorNotFound' }), { status: 404 });
+      }
+      return new Response(
+        JSON.stringify({ subject: buildProfileView(actor), followers: [] }),
+        { headers: { 'Content-Type': 'application/json' } },
+      );
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.graph.getFollows.ts

@@ -0,0 +1,29 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { buildProfileView, getPrimaryActor, matchesPrimaryActor } from '../../lib/actor';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.graph.getFollows',
+    fallback: async () => {
+      const url = new URL(request.url);
+      const identifier = url.searchParams.get('actor');
+      const actor = await getPrimaryActor(env);
+      if (!matchesPrimaryActor(identifier, actor)) {
+        return new Response(JSON.stringify({ error: 'ActorNotFound' }), { status: 404 });
+      }
+      return new Response(
+        JSON.stringify({ subject: buildProfileView(actor), follows: [] }),
+        { headers: { 'Content-Type': 'application/json' } },
+      );
+    },
+  });
+}

package/src/pages/xrpc/app.bsky.labeler.getServices.ts

@@ -0,0 +1,29 @@
+import type { APIContext } from 'astro';
+import { getLabelerServiceViews } from '../../lib/labeler';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  const url = new URL(request.url);
+
+  const didParams = url.searchParams.getAll('dids');
+  const dids = didParams
+    .flatMap((entry) => entry.split(',').map((did) => did.trim()))
+    .filter(Boolean);
+
+  if (dids.length === 0) {
+    return new Response(JSON.stringify({ error: 'BadRequest', message: 'dids parameter required' }), {
+      status: 400,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  const detailed = url.searchParams.get('detailed') === 'true';
+
+  const views = await getLabelerServiceViews(env, dids, { detailed });
+
+  return new Response(JSON.stringify({ views }), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/app.bsky.notification.getUnreadCount.ts

@@ -0,0 +1,20 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.notification.getUnreadCount',
+    fallback: async () =>
+      new Response(JSON.stringify({ count: 0 }), {
+        headers: { 'Content-Type': 'application/json' },
+      }),
+  });
+}

package/src/pages/xrpc/app.bsky.notification.listNotifications.ts

@@ -0,0 +1,27 @@
+import type { APIContext } from 'astro';
+import { proxyAppView } from '../../lib/appview';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return proxyAppView({
+    request,
+    env,
+    lxm: 'app.bsky.notification.listNotifications',
+    fallback: async () =>
+      new Response(
+        JSON.stringify({
+          notifications: [],
+          priority: false,
+          seenAt: new Date(0).toISOString(),
+        }),
+        {
+          headers: { 'Content-Type': 'application/json' },
+        },
+      ),
+  });
+}

package/src/pages/xrpc/app.bsky.unspecced.getAgeAssuranceState.ts

@@ -0,0 +1,19 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '../../lib/auth';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  return new Response(
+    JSON.stringify({
+      status: 'unknown',
+      lastInitiatedAt: new Date(0).toISOString(),
+    }),
+    {
+      headers: { 'Content-Type': 'application/json' },
+    },
+  );
+}

package/src/pages/xrpc/app.bsky.unspecced.getConfig.ts

@@ -0,0 +1,15 @@
+import type { APIContext } from 'astro';
+
+export const prerender = false;
+
+export async function GET() {
+  return new Response(
+    JSON.stringify({
+      checkEmailConfirmed: false,
+      liveNow: [],
+    }),
+    {
+      headers: { 'Content-Type': 'application/json' },
+    },
+  );
+}