@eggjs/security 4.0.1 → 5.0.0-beta.17

package/dist/commonjs/app/extend/helper.d.ts

@@ -1,12 +0,0 @@
-declare const _default: {
-    cliFilter: typeof import("../../lib/helper/cliFilter.js").default;
-    escape: typeof import("escape-html");
-    escapeShellArg: typeof import("../../lib/helper/escapeShellArg.js").default;
-    escapeShellCmd: typeof import("../../lib/helper/escapeShellCmd.js").default;
-    shtml: typeof import("../../lib/helper/shtml.js").default;
-    sjs: typeof import("../../lib/helper/sjs.js").default;
-    sjson: typeof import("../../lib/helper/sjson.js").default;
-    spath: typeof import("../../lib/helper/spath.js").default;
-    surl: typeof import("../../lib/helper/surl.js").default;
-};
-export default _default;

package/dist/commonjs/app/extend/helper.js

@@ -1,10 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const index_js_1 = __importDefault(require("../../lib/helper/index.js"));
-exports.default = {
-    ...index_js_1.default,
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2FwcC9leHRlbmQvaGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEseUVBQWdEO0FBRWhELGtCQUFlO0lBQ2IsR0FBRyxrQkFBTztDQUNYLENBQUMifQ==

package/dist/commonjs/app/extend/response.d.ts

@@ -1,41 +0,0 @@
-import { Response as KoaResponse } from '@eggjs/core';
-import SecurityContext from './context.js';
-export default class SecurityResponse extends KoaResponse {
-    ctx: SecurityContext;
-    /**
-     * This is an unsafe redirection, and we WON'T check if the
-     * destination url is safe or not.
-     * Please DO NOT use this method unless in some very special cases,
-     * otherwise there may be security vulnerabilities.
-     *
-     * @function Response#unsafeRedirect
-     * @param {String} url URL to forward
-     * @example
-     * ```js
-     * ctx.response.unsafeRedirect('http://www.domain.com');
-     * ctx.unsafeRedirect('http://www.domain.com');
-     * ```
-     */
-    unsafeRedirect(url: string, alt?: string): void;
-    /**
-     * A safe redirection, and we'll check if the URL is in
-     * a safe domain or not.
-     * We've overridden the default Koa's implementation by adding a
-     * white list as the filter for that.
-     *
-     * @function Response#redirect
-     * @param {String} url URL to forward
-     * @example
-     * ```js
-     * ctx.response.redirect('/login');
-     * ctx.redirect('/login');
-     * ```
-     */
-    redirect(url: string, alt?: string): void;
-}
-declare module '@eggjs/core' {
-    interface Response {
-        unsafeRedirect(url: string, alt?: string): void;
-        redirect(url: string, alt?: string): void;
-    }
-}

package/dist/commonjs/app/extend/response.js

@@ -1,85 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core_1 = require("@eggjs/core");
-const unsafeRedirect = core_1.Response.prototype.redirect;
-class SecurityResponse extends core_1.Response {
-    /**
-     * This is an unsafe redirection, and we WON'T check if the
-     * destination url is safe or not.
-     * Please DO NOT use this method unless in some very special cases,
-     * otherwise there may be security vulnerabilities.
-     *
-     * @function Response#unsafeRedirect
-     * @param {String} url URL to forward
-     * @example
-     * ```js
-     * ctx.response.unsafeRedirect('http://www.domain.com');
-     * ctx.unsafeRedirect('http://www.domain.com');
-     * ```
-     */
-    unsafeRedirect(url, alt) {
-        unsafeRedirect.call(this, url, alt);
-    }
-    // app.response.unsafeRedirect = app.response.redirect;
-    // delegate(app.context, 'response').method('unsafeRedirect');
-    /**
-     * A safe redirection, and we'll check if the URL is in
-     * a safe domain or not.
-     * We've overridden the default Koa's implementation by adding a
-     * white list as the filter for that.
-     *
-     * @function Response#redirect
-     * @param {String} url URL to forward
-     * @example
-     * ```js
-     * ctx.response.redirect('/login');
-     * ctx.redirect('/login');
-     * ```
-     */
-    redirect(url, alt) {
-        url = (url || '/').trim();
-        // Process with `//`
-        if (url[0] === '/' && url[1] === '/') {
-            url = '/';
-        }
-        // if begin with '/', it means an internal jump
-        if (url[0] === '/' && url[1] !== '\\') {
-            this.unsafeRedirect(url, alt);
-            return;
-        }
-        let urlObject;
-        try {
-            urlObject = new URL(url);
-        }
-        catch {
-            url = '/';
-            this.unsafeRedirect(url);
-            return;
-        }
-        const domainWhiteList = this.app.config.security.domainWhiteList;
-        if (urlObject.protocol !== 'http:' && urlObject.protocol !== 'https:') {
-            url = '/';
-        }
-        else if (!urlObject.hostname) {
-            url = '/';
-        }
-        else {
-            if (domainWhiteList && domainWhiteList.length !== 0) {
-                if (!this.ctx.isSafeDomain(urlObject.hostname)) {
-                    const message = `a security problem has been detected for url "${url}", redirection is prohibited.`;
-                    if (process.env.NODE_ENV === 'production') {
-                        this.app.coreLogger.warn('[@eggjs/security/response/redirect] %s', message);
-                        url = '/';
-                    }
-                    else {
-                        // Exception will be thrown out in a non-PROD env.
-                        return this.ctx.throw(500, message);
-                    }
-                }
-            }
-        }
-        this.unsafeRedirect(url);
-    }
-}
-exports.default = SecurityResponse;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVzcG9uc2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9yZXNwb25zZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHNDQUFzRDtBQUd0RCxNQUFNLGNBQWMsR0FBRyxlQUFXLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQztBQUV0RCxNQUFxQixnQkFBaUIsU0FBUSxlQUFXO0lBR3ZEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSCxjQUFjLENBQUMsR0FBVyxFQUFFLEdBQVk7UUFDdEMsY0FBYyxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRCx1REFBdUQ7SUFDdkQsOERBQThEO0lBQzlEOzs7Ozs7Ozs7Ozs7O09BYUc7SUFDSCxRQUFRLENBQUMsR0FBVyxFQUFFLEdBQVk7UUFDaEMsR0FBRyxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRTFCLG9CQUFvQjtRQUNwQixJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLElBQUksR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ3JDLEdBQUcsR0FBRyxHQUFHLENBQUM7UUFDWixDQUFDO1FBRUQsK0NBQStDO1FBQy9DLElBQUksR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsSUFBSSxHQUFHLENBQUMsQ0FBQyxDQUFDLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDdEMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFDOUIsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLFNBQWMsQ0FBQztRQUNuQixJQUFJLENBQUM7WUFDSCxTQUFTLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDM0IsQ0FBQztRQUFDLE1BQU0sQ0FBQztZQUNQLEdBQUcsR0FBRyxHQUFHLENBQUM7WUFDVixJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQ3pCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxlQUFlLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQztRQUNqRSxJQUFJLFNBQVMsQ0FBQyxRQUFRLEtBQUssT0FBTyxJQUFJLFNBQVMsQ0FBQyxRQUFRLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDdEUsR0FBRyxHQUFHLEdBQUcsQ0FBQztRQUNaLENBQUM7YUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQy9CLEdBQUcsR0FBRyxHQUFHLENBQUM7UUFDWixDQUFDO2FBQU0sQ0FBQztZQUNOLElBQUksZUFBZSxJQUFJLGVBQWUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQ3BELElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztvQkFDL0MsTUFBTSxPQUFPLEdBQUcsaURBQWlELEdBQUcsK0JBQStCLENBQUM7b0JBQ3BHLElBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEtBQUssWUFBWSxFQUFFLENBQUM7d0JBQzFDLElBQUksQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyx3Q0FBd0MsRUFBRSxPQUFPLENBQUMsQ0FBQzt3QkFDNUUsR0FBRyxHQUFHLEdBQUcsQ0FBQztvQkFDWixDQUFDO3lCQUFNLENBQUM7d0JBQ04sa0RBQWtEO3dCQUNsRCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztvQkFDdEMsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFDRCxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzNCLENBQUM7Q0FDRjtBQWpGRCxtQ0FpRkMifQ==

package/dist/commonjs/app/middleware/securities.d.ts

@@ -1,4 +0,0 @@
-import compose from 'koa-compose';
-import { EggCore } from '@eggjs/core';
-declare const _default: (_: unknown, app: EggCore) => compose.ComposedMiddleware<import("@eggjs/core").Context>;
-export default _default;

package/dist/commonjs/app/middleware/securities.js

@@ -1,55 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const node_assert_1 = __importDefault(require("node:assert"));
-const koa_compose_1 = __importDefault(require("koa-compose"));
-const egg_path_matching_1 = require("egg-path-matching");
-const index_js_1 = __importDefault(require("../../lib/middlewares/index.js"));
-exports.default = (_, app) => {
-    const options = app.config.security;
-    const middlewares = [];
-    const defaultMiddlewares = typeof options.defaultMiddleware === 'string'
-        ? options.defaultMiddleware.split(',').map(m => m.trim()).filter(m => !!m)
-        : options.defaultMiddleware;
-    if (options.match || options.ignore) {
-        app.coreLogger.warn('[@eggjs/security/middleware/securities] Please set `match` or `ignore` on sub config');
-    }
-    // format csrf.cookieDomain
-    const originalCookieDomain = options.csrf.cookieDomain;
-    if (originalCookieDomain && typeof originalCookieDomain !== 'function') {
-        options.csrf.cookieDomain = () => originalCookieDomain;
-    }
-    defaultMiddlewares.forEach(middlewareName => {
-        const opt = Reflect.get(options, middlewareName);
-        if (opt === false) {
-            app.coreLogger.warn('[egg-security] Please use `config.security.%s = { enable: false }` instead of `config.security.%s = false`', middlewareName, middlewareName);
-        }
-        (0, node_assert_1.default)(opt === false || typeof opt === 'object', `config.security.${middlewareName} must be an object, or false(if you turn it off)`);
-        if (opt === false || opt && opt.enable === false) {
-            return;
-        }
-        if (middlewareName === 'csrf' && opt.useSession && !app.plugins.session) {
-            throw new Error('csrf.useSession enabled, but session plugin is disabled');
-        }
-        // use opt.match first (compatibility)
-        if (opt.match && opt.ignore) {
-            app.coreLogger.warn('[@eggjs/security/middleware/securities] `options.match` and `options.ignore` are both set, using `options.match`');
-            opt.ignore = undefined;
-        }
-        if (!opt.ignore && opt.blackUrls) {
-            app.deprecate('[@eggjs/security/middleware/securities] Please use `config.security.xframe.ignore` instead, `config.security.xframe.blackUrls` will be removed very soon');
-            opt.ignore = opt.blackUrls;
-        }
-        // set matching function to security middleware options
-        opt.matching = (0, egg_path_matching_1.pathMatching)(opt);
-        const createMiddleware = index_js_1.default[middlewareName];
-        const fn = createMiddleware(opt);
-        middlewares.push(fn);
-        app.coreLogger.info('[@eggjs/security/middleware/securities] use %s middleware', middlewareName);
-    });
-    app.coreLogger.info('[@eggjs/security/middleware/securities] compose %d middlewares into one security middleware', middlewares.length);
-    return (0, koa_compose_1.default)(middlewares);
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdGllcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hcHAvbWlkZGxld2FyZS9zZWN1cml0aWVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsOERBQWlDO0FBQ2pDLDhEQUFrQztBQUNsQyx5REFBaUQ7QUFFakQsOEVBQWlFO0FBR2pFLGtCQUFlLENBQUMsQ0FBVSxFQUFFLEdBQVksRUFBRSxFQUFFO0lBQzFDLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO0lBQ3BDLE1BQU0sV0FBVyxHQUFxQixFQUFFLENBQUM7SUFDekMsTUFBTSxrQkFBa0IsR0FBRyxPQUFPLE9BQU8sQ0FBQyxpQkFBaUIsS0FBSyxRQUFRO1FBQ3RFLENBQUMsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQTZCO1FBQ3RHLENBQUMsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLENBQUM7SUFFOUIsSUFBSSxPQUFPLENBQUMsS0FBSyxJQUFJLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNwQyxHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxzRkFBc0YsQ0FBQyxDQUFDO0lBQzlHLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsTUFBTSxvQkFBb0IsR0FBRyxPQUFPLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQztJQUN2RCxJQUFJLG9CQUFvQixJQUFJLE9BQU8sb0JBQW9CLEtBQUssVUFBVSxFQUFFLENBQUM7UUFDdkUsT0FBTyxDQUFDLElBQUksQ0FBQyxZQUFZLEdBQUcsR0FBRyxFQUFFLENBQUMsb0JBQW9CLENBQUM7SUFDekQsQ0FBQztJQUVELGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsRUFBRTtRQUMxQyxNQUFNLEdBQUcsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxjQUFjLENBQVEsQ0FBQztRQUN4RCxJQUFJLEdBQUcsS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUNsQixHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyw0R0FBNEcsRUFBRSxjQUFjLEVBQUUsY0FBYyxDQUFDLENBQUM7UUFDcEssQ0FBQztRQUVELElBQUEscUJBQU0sRUFBQyxHQUFHLEtBQUssS0FBSyxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsRUFDN0MsbUJBQW1CLGNBQWMsa0RBQWtELENBQUMsQ0FBQztRQUV2RixJQUFJLEdBQUcsS0FBSyxLQUFLLElBQUksR0FBRyxJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDakQsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLGNBQWMsS0FBSyxNQUFNLElBQUksR0FBRyxDQUFDLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDeEUsTUFBTSxJQUFJLEtBQUssQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO1FBQzdFLENBQUM7UUFFRCxzQ0FBc0M7UUFDdEMsSUFBSSxHQUFHLENBQUMsS0FBSyxJQUFJLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM1QixHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxrSEFBa0gsQ0FBQyxDQUFDO1lBQ3hJLEdBQUcsQ0FBQyxNQUFNLEdBQUcsU0FBUyxDQUFDO1FBQ3pCLENBQUM7UUFDRCxJQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sSUFBSSxHQUFHLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDakMsR0FBRyxDQUFDLFNBQVMsQ0FBQywwSkFBMEosQ0FBQyxDQUFDO1lBQzFLLEdBQUcsQ0FBQyxNQUFNLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQztRQUM3QixDQUFDO1FBQ0QsdURBQXVEO1FBQ3ZELEdBQUcsQ0FBQyxRQUFRLEdBQUcsSUFBQSxnQ0FBWSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRWpDLE1BQU0sZ0JBQWdCLEdBQUcsa0JBQW1CLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDN0QsTUFBTSxFQUFFLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDakMsV0FBVyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNyQixHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQywyREFBMkQsRUFBRSxjQUFjLENBQUMsQ0FBQztJQUNuRyxDQUFDLENBQUMsQ0FBQztJQUVILEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLDZGQUE2RixFQUMvRyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDdEIsT0FBTyxJQUFBLHFCQUFPLEVBQUMsV0FBVyxDQUFDLENBQUM7QUFDOUIsQ0FBQyxDQUFDIn0=

package/dist/commonjs/app.d.ts

@@ -1,6 +0,0 @@
-import type { ILifecycleBoot, EggCore } from '@eggjs/core';
-export default class AppBoot implements ILifecycleBoot {
-    private readonly app;
-    constructor(app: EggCore);
-    configWillLoad(): void;
-}

package/dist/commonjs/app.js

@@ -1,29 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const utils_js_1 = require("./lib/utils.js");
-const config_default_js_1 = require("./config/config.default.js");
-class AppBoot {
-    app;
-    constructor(app) {
-        this.app = app;
-    }
-    configWillLoad() {
-        const app = this.app;
-        app.config.coreMiddleware.push('securities');
-        // parse config and check if config is legal
-        const parsed = config_default_js_1.SecurityConfig.parse(app.config.security);
-        if (typeof app.config.security.csrf === 'boolean') {
-            // support old config: `config.security.csrf = false`
-            app.config.security.csrf = parsed.csrf;
-        }
-        if (app.config.security.csrf.enable) {
-            const { ignoreJSON } = app.config.security.csrf;
-            if (ignoreJSON) {
-                app.deprecate('[@eggjs/security/app] `config.security.csrf.ignoreJSON` is not safe now, please disable it.');
-            }
-        }
-        (0, utils_js_1.preprocessConfig)(app.config.security);
-    }
-}
-exports.default = AppBoot;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2FwcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLDZDQUFrRDtBQUNsRCxrRUFBNEQ7QUFFNUQsTUFBcUIsT0FBTztJQUNULEdBQUcsQ0FBQztJQUVyQixZQUFZLEdBQVk7UUFDdEIsSUFBSSxDQUFDLEdBQUcsR0FBRyxHQUFHLENBQUM7SUFDakIsQ0FBQztJQUVELGNBQWM7UUFDWixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDO1FBQ3JCLEdBQUcsQ0FBQyxNQUFNLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM3Qyw0Q0FBNEM7UUFDNUMsTUFBTSxNQUFNLEdBQUcsa0NBQWMsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN6RCxJQUFJLE9BQU8sR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ2xELHFEQUFxRDtZQUNyRCxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQztRQUN6QyxDQUFDO1FBRUQsSUFBSSxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDcEMsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNoRCxJQUFJLFVBQVUsRUFBRSxDQUFDO2dCQUNmLEdBQUcsQ0FBQyxTQUFTLENBQUMsNkZBQTZGLENBQUMsQ0FBQztZQUMvRyxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUEsMkJBQWdCLEVBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN4QyxDQUFDO0NBQ0Y7QUExQkQsMEJBMEJDIn0=