npm - @push.rocks/smartproxy - Versions diffs - 12.0.0 → 13.1.2 - Mend

@push.rocks/smartproxy 12.0.0 → 13.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/dist_ts/proxies/network-proxy/certificate-manager.d.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import * as plugins from '../../plugins.js';
+import { type INetworkProxyOptions, type ICertificateEntry } from './models/types.js';
+import { Port80Handler } from '../../http/port80/port80-handler.js';
+/**
+ * Manages SSL certificates for NetworkProxy including ACME integration
+ */
+export declare class CertificateManager {
+    private options;
+    private defaultCertificates;
+    private certificateCache;
+    private port80Handler;
+    private externalPort80Handler;
+    private certificateStoreDir;
+    private logger;
+    private httpsServer;
+    constructor(options: INetworkProxyOptions);
+    /**
+     * Loads default certificates from the filesystem
+     */
+    loadDefaultCertificates(): void;
+    /**
+     * Set the HTTPS server reference for context updates
+     */
+    setHttpsServer(server: plugins.https.Server): void;
+    /**
+     * Get default certificates
+     */
+    getDefaultCertificates(): {
+        key: string;
+        cert: string;
+    };
+    /**
+     * Sets an external Port80Handler for certificate management
+     */
+    setExternalPort80Handler(handler: Port80Handler): void;
+    /**
+     * Handle newly issued or renewed certificates from Port80Handler
+     */
+    private handleCertificateIssued;
+    /**
+     * Handle certificate issuance failures
+     */
+    private handleCertificateFailed;
+    /**
+     * Saves certificate and private key to the filesystem
+     */
+    private saveCertificateToStore;
+    /**
+     * Handles SNI (Server Name Indication) for TLS connections
+     * Used by the HTTPS server to select the correct certificate for each domain
+     */
+    handleSNI(domain: string, cb: (err: Error | null, ctx: plugins.tls.SecureContext) => void): void;
+    /**
+     * Updates certificate in cache
+     */
+    updateCertificateCache(domain: string, certificate: string, privateKey: string, expiryDate?: Date): void;
+    /**
+     * Gets a certificate for a domain
+     */
+    getCertificate(domain: string): ICertificateEntry | undefined;
+    /**
+     * Requests a new certificate for a domain
+     */
+    requestCertificate(domain: string): Promise<boolean>;
+    /**
+     * Registers domains with Port80Handler for ACME certificate management
+     */
+    registerDomainsWithPort80Handler(domains: string[]): void;
+    /**
+     * Initialize internal Port80Handler
+     */
+    initializePort80Handler(): Promise<Port80Handler | null>;
+    /**
+     * Stop the Port80Handler if it was internally created
+     */
+    stopPort80Handler(): Promise<void>;
+}

package/dist_ts/proxies/network-proxy/certificate-manager.js ADDED Viewed

@@ -0,0 +1,373 @@
+import * as plugins from '../../plugins.js';
+import * as fs from 'fs';
+import * as path from 'path';
+import { fileURLToPath } from 'url';
+import { createLogger } from './models/types.js';
+import { Port80Handler } from '../../http/port80/port80-handler.js';
+import { CertificateEvents } from '../../certificate/events/certificate-events.js';
+import { buildPort80Handler } from '../../certificate/acme/acme-factory.js';
+import { subscribeToPort80Handler } from '../../core/utils/event-utils.js';
+/**
+ * Manages SSL certificates for NetworkProxy including ACME integration
+ */
+export class CertificateManager {
+    constructor(options) {
+        this.options = options;
+        this.certificateCache = new Map();
+        this.port80Handler = null;
+        this.externalPort80Handler = false;
+        this.httpsServer = null;
+        this.certificateStoreDir = path.resolve(options.acme?.certificateStore || './certs');
+        this.logger = createLogger(options.logLevel || 'info');
+        // Ensure certificate store directory exists
+        try {
+            if (!fs.existsSync(this.certificateStoreDir)) {
+                fs.mkdirSync(this.certificateStoreDir, { recursive: true });
+                this.logger.info(`Created certificate store directory: ${this.certificateStoreDir}`);
+            }
+        }
+        catch (error) {
+            this.logger.warn(`Failed to create certificate store directory: ${error}`);
+        }
+        this.loadDefaultCertificates();
+    }
+    /**
+     * Loads default certificates from the filesystem
+     */
+    loadDefaultCertificates() {
+        const __dirname = path.dirname(fileURLToPath(import.meta.url));
+        // Fix the path to look for certificates at the project root instead of inside ts directory
+        const certPath = path.join(__dirname, '..', '..', '..', 'assets', 'certs');
+        try {
+            this.defaultCertificates = {
+                key: fs.readFileSync(path.join(certPath, 'key.pem'), 'utf8'),
+                cert: fs.readFileSync(path.join(certPath, 'cert.pem'), 'utf8')
+            };
+            this.logger.info('Default certificates loaded successfully');
+        }
+        catch (error) {
+            this.logger.error('Error loading default certificates', error);
+            // Generate self-signed fallback certificates
+            try {
+                // This is a placeholder for actual certificate generation code
+                // In a real implementation, you would use a library like selfsigned to generate certs
+                this.defaultCertificates = {
+                    key: "FALLBACK_KEY_CONTENT",
+                    cert: "FALLBACK_CERT_CONTENT"
+                };
+                this.logger.warn('Using fallback self-signed certificates');
+            }
+            catch (fallbackError) {
+                this.logger.error('Failed to generate fallback certificates', fallbackError);
+                throw new Error('Could not load or generate SSL certificates');
+            }
+        }
+    }
+    /**
+     * Set the HTTPS server reference for context updates
+     */
+    setHttpsServer(server) {
+        this.httpsServer = server;
+    }
+    /**
+     * Get default certificates
+     */
+    getDefaultCertificates() {
+        return { ...this.defaultCertificates };
+    }
+    /**
+     * Sets an external Port80Handler for certificate management
+     */
+    setExternalPort80Handler(handler) {
+        if (this.port80Handler && !this.externalPort80Handler) {
+            this.logger.warn('Replacing existing internal Port80Handler with external handler');
+            // Clean up existing handler if needed
+            if (this.port80Handler !== handler) {
+                // Unregister event handlers to avoid memory leaks
+                this.port80Handler.removeAllListeners(CertificateEvents.CERTIFICATE_ISSUED);
+                this.port80Handler.removeAllListeners(CertificateEvents.CERTIFICATE_RENEWED);
+                this.port80Handler.removeAllListeners(CertificateEvents.CERTIFICATE_FAILED);
+                this.port80Handler.removeAllListeners(CertificateEvents.CERTIFICATE_EXPIRING);
+            }
+        }
+        // Set the external handler
+        this.port80Handler = handler;
+        this.externalPort80Handler = true;
+        // Subscribe to Port80Handler events
+        subscribeToPort80Handler(this.port80Handler, {
+            onCertificateIssued: this.handleCertificateIssued.bind(this),
+            onCertificateRenewed: this.handleCertificateIssued.bind(this),
+            onCertificateFailed: this.handleCertificateFailed.bind(this),
+            onCertificateExpiring: (data) => {
+                this.logger.info(`Certificate for ${data.domain} expires in ${data.daysRemaining} days`);
+            }
+        });
+        this.logger.info('External Port80Handler connected to CertificateManager');
+        // Register domains with Port80Handler if we have any certificates cached
+        if (this.certificateCache.size > 0) {
+            const domains = Array.from(this.certificateCache.keys())
+                .filter(domain => !domain.includes('*')); // Skip wildcard domains
+            this.registerDomainsWithPort80Handler(domains);
+        }
+    }
+    /**
+     * Handle newly issued or renewed certificates from Port80Handler
+     */
+    handleCertificateIssued(data) {
+        const { domain, certificate, privateKey, expiryDate } = data;
+        this.logger.info(`Certificate ${this.certificateCache.has(domain) ? 'renewed' : 'issued'} for ${domain}, valid until ${expiryDate.toISOString()}`);
+        // Update certificate in HTTPS server
+        this.updateCertificateCache(domain, certificate, privateKey, expiryDate);
+        // Save the certificate to the filesystem if not using external handler
+        if (!this.externalPort80Handler && this.options.acme?.certificateStore) {
+            this.saveCertificateToStore(domain, certificate, privateKey);
+        }
+    }
+    /**
+     * Handle certificate issuance failures
+     */
+    handleCertificateFailed(data) {
+        this.logger.error(`Certificate issuance failed for ${data.domain}: ${data.error}`);
+    }
+    /**
+     * Saves certificate and private key to the filesystem
+     */
+    saveCertificateToStore(domain, certificate, privateKey) {
+        try {
+            const certPath = path.join(this.certificateStoreDir, `${domain}.cert.pem`);
+            const keyPath = path.join(this.certificateStoreDir, `${domain}.key.pem`);
+            fs.writeFileSync(certPath, certificate);
+            fs.writeFileSync(keyPath, privateKey);
+            // Ensure private key has restricted permissions
+            try {
+                fs.chmodSync(keyPath, 0o600);
+            }
+            catch (error) {
+                this.logger.warn(`Failed to set permissions on private key for ${domain}: ${error}`);
+            }
+            this.logger.info(`Saved certificate for ${domain} to ${certPath}`);
+        }
+        catch (error) {
+            this.logger.error(`Failed to save certificate for ${domain}: ${error}`);
+        }
+    }
+    /**
+     * Handles SNI (Server Name Indication) for TLS connections
+     * Used by the HTTPS server to select the correct certificate for each domain
+     */
+    handleSNI(domain, cb) {
+        this.logger.debug(`SNI request for domain: ${domain}`);
+        // Check if we have a certificate for this domain
+        const certs = this.certificateCache.get(domain);
+        if (certs) {
+            try {
+                // Create TLS context with the cached certificate
+                const context = plugins.tls.createSecureContext({
+                    key: certs.key,
+                    cert: certs.cert
+                });
+                this.logger.debug(`Using cached certificate for ${domain}`);
+                cb(null, context);
+                return;
+            }
+            catch (err) {
+                this.logger.error(`Error creating secure context for ${domain}:`, err);
+            }
+        }
+        // No existing certificate: trigger dynamic provisioning via Port80Handler
+        if (this.port80Handler) {
+            try {
+                this.logger.info(`Triggering on-demand certificate retrieval for ${domain}`);
+                this.port80Handler.addDomain({
+                    domainName: domain,
+                    sslRedirect: false,
+                    acmeMaintenance: true
+                });
+            }
+            catch (err) {
+                this.logger.error(`Error registering domain for on-demand certificate: ${domain}`, err);
+            }
+        }
+        // Check if we should trigger certificate issuance
+        if (this.options.acme?.enabled && this.port80Handler && !domain.includes('*')) {
+            // Check if this domain is already registered
+            const certData = this.port80Handler.getCertificate(domain);
+            if (!certData) {
+                this.logger.info(`No certificate found for ${domain}, registering for issuance`);
+                // Register with new domain options format
+                const domainOptions = {
+                    domainName: domain,
+                    sslRedirect: true,
+                    acmeMaintenance: true
+                };
+                this.port80Handler.addDomain(domainOptions);
+            }
+        }
+        // Fall back to default certificate
+        try {
+            const context = plugins.tls.createSecureContext({
+                key: this.defaultCertificates.key,
+                cert: this.defaultCertificates.cert
+            });
+            this.logger.debug(`Using default certificate for ${domain}`);
+            cb(null, context);
+        }
+        catch (err) {
+            this.logger.error(`Error creating default secure context:`, err);
+            cb(new Error('Cannot create secure context'), null);
+        }
+    }
+    /**
+     * Updates certificate in cache
+     */
+    updateCertificateCache(domain, certificate, privateKey, expiryDate) {
+        // Update certificate context in HTTPS server if it's running
+        if (this.httpsServer) {
+            try {
+                this.httpsServer.addContext(domain, {
+                    key: privateKey,
+                    cert: certificate
+                });
+                this.logger.debug(`Updated SSL context for domain: ${domain}`);
+            }
+            catch (error) {
+                this.logger.error(`Error updating SSL context for domain ${domain}:`, error);
+            }
+        }
+        // Update certificate in cache
+        this.certificateCache.set(domain, {
+            key: privateKey,
+            cert: certificate,
+            expires: expiryDate
+        });
+    }
+    /**
+     * Gets a certificate for a domain
+     */
+    getCertificate(domain) {
+        return this.certificateCache.get(domain);
+    }
+    /**
+     * Requests a new certificate for a domain
+     */
+    async requestCertificate(domain) {
+        if (!this.options.acme?.enabled && !this.externalPort80Handler) {
+            this.logger.warn('ACME certificate management is not enabled');
+            return false;
+        }
+        if (!this.port80Handler) {
+            this.logger.error('Port80Handler is not initialized');
+            return false;
+        }
+        // Skip wildcard domains - can't get certs for these with HTTP-01 validation
+        if (domain.includes('*')) {
+            this.logger.error(`Cannot request certificate for wildcard domain: ${domain}`);
+            return false;
+        }
+        try {
+            // Use the new domain options format
+            const domainOptions = {
+                domainName: domain,
+                sslRedirect: true,
+                acmeMaintenance: true
+            };
+            this.port80Handler.addDomain(domainOptions);
+            this.logger.info(`Certificate request submitted for domain: ${domain}`);
+            return true;
+        }
+        catch (error) {
+            this.logger.error(`Error requesting certificate for domain ${domain}:`, error);
+            return false;
+        }
+    }
+    /**
+     * Registers domains with Port80Handler for ACME certificate management
+     */
+    registerDomainsWithPort80Handler(domains) {
+        if (!this.port80Handler) {
+            this.logger.warn('Port80Handler is not initialized');
+            return;
+        }
+        for (const domain of domains) {
+            // Skip wildcard domains - can't get certs for these with HTTP-01 validation
+            if (domain.includes('*')) {
+                this.logger.info(`Skipping wildcard domain for ACME: ${domain}`);
+                continue;
+            }
+            // Skip domains already with certificates if configured to do so
+            if (this.options.acme?.skipConfiguredCerts) {
+                const cachedCert = this.certificateCache.get(domain);
+                if (cachedCert) {
+                    this.logger.info(`Skipping domain with existing certificate: ${domain}`);
+                    continue;
+                }
+            }
+            // Register the domain for certificate issuance with new domain options format
+            const domainOptions = {
+                domainName: domain,
+                sslRedirect: true,
+                acmeMaintenance: true
+            };
+            this.port80Handler.addDomain(domainOptions);
+            this.logger.info(`Registered domain for ACME certificate issuance: ${domain}`);
+        }
+    }
+    /**
+     * Initialize internal Port80Handler
+     */
+    async initializePort80Handler() {
+        // Skip if using external handler
+        if (this.externalPort80Handler) {
+            this.logger.info('Using external Port80Handler, skipping initialization');
+            return this.port80Handler;
+        }
+        if (!this.options.acme?.enabled) {
+            return null;
+        }
+        // Build and configure Port80Handler
+        this.port80Handler = buildPort80Handler({
+            port: this.options.acme.port,
+            accountEmail: this.options.acme.accountEmail,
+            useProduction: this.options.acme.useProduction,
+            httpsRedirectPort: this.options.port, // Redirect to our HTTPS port
+            enabled: this.options.acme.enabled,
+            certificateStore: this.options.acme.certificateStore,
+            skipConfiguredCerts: this.options.acme.skipConfiguredCerts
+        });
+        // Subscribe to Port80Handler events
+        subscribeToPort80Handler(this.port80Handler, {
+            onCertificateIssued: this.handleCertificateIssued.bind(this),
+            onCertificateRenewed: this.handleCertificateIssued.bind(this),
+            onCertificateFailed: this.handleCertificateFailed.bind(this),
+            onCertificateExpiring: (data) => {
+                this.logger.info(`Certificate for ${data.domain} expires in ${data.daysRemaining} days`);
+            }
+        });
+        // Start the handler
+        try {
+            await this.port80Handler.start();
+            this.logger.info(`Port80Handler started on port ${this.options.acme.port}`);
+            return this.port80Handler;
+        }
+        catch (error) {
+            this.logger.error(`Failed to start Port80Handler: ${error}`);
+            this.port80Handler = null;
+            return null;
+        }
+    }
+    /**
+     * Stop the Port80Handler if it was internally created
+     */
+    async stopPort80Handler() {
+        if (this.port80Handler && !this.externalPort80Handler) {
+            try {
+                await this.port80Handler.stop();
+                this.logger.info('Port80Handler stopped');
+            }
+            catch (error) {
+                this.logger.error('Error stopping Port80Handler', error);
+            }
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2VydGlmaWNhdGUtbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3Byb3hpZXMvbmV0d29yay1wcm94eS9jZXJ0aWZpY2F0ZS1tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFDNUMsT0FBTyxLQUFLLEVBQUUsTUFBTSxJQUFJLENBQUM7QUFDekIsT0FBTyxLQUFLLElBQUksTUFBTSxNQUFNLENBQUM7QUFDN0IsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLEtBQUssQ0FBQztBQUNwQyxPQUFPLEVBQW1FLFlBQVksRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ2xILE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQztBQUNwRSxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxnREFBZ0QsQ0FBQztBQUNuRixPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSx3Q0FBd0MsQ0FBQztBQUM1RSxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUczRTs7R0FFRztBQUNILE1BQU0sT0FBTyxrQkFBa0I7SUFTN0IsWUFBb0IsT0FBNkI7UUFBN0IsWUFBTyxHQUFQLE9BQU8sQ0FBc0I7UUFQekMscUJBQWdCLEdBQW1DLElBQUksR0FBRyxFQUFFLENBQUM7UUFDN0Qsa0JBQWEsR0FBeUIsSUFBSSxDQUFDO1FBQzNDLDBCQUFxQixHQUFZLEtBQUssQ0FBQztRQUd2QyxnQkFBVyxHQUFnQyxJQUFJLENBQUM7UUFHdEQsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsSUFBSSxTQUFTLENBQUMsQ0FBQztRQUNyRixJQUFJLENBQUMsTUFBTSxHQUFHLFlBQVksQ0FBQyxPQUFPLENBQUMsUUFBUSxJQUFJLE1BQU0sQ0FBQyxDQUFDO1FBRXZELDRDQUE0QztRQUM1QyxJQUFJLENBQUM7WUFDSCxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxDQUFDO2dCQUM3QyxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO2dCQUM1RCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyx3Q0FBd0MsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUMsQ0FBQztZQUN2RixDQUFDO1FBQ0gsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxpREFBaUQsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBRUQsSUFBSSxDQUFDLHVCQUF1QixFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksdUJBQXVCO1FBQzVCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUMvRCwyRkFBMkY7UUFDM0YsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRTNFLElBQUksQ0FBQztZQUNILElBQUksQ0FBQyxtQkFBbUIsR0FBRztnQkFDekIsR0FBRyxFQUFFLEVBQUUsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEVBQUUsTUFBTSxDQUFDO2dCQUM1RCxJQUFJLEVBQUUsRUFBRSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxVQUFVLENBQUMsRUFBRSxNQUFNLENBQUM7YUFDL0QsQ0FBQztZQUNGLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDBDQUEwQyxDQUFDLENBQUM7UUFDL0QsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxvQ0FBb0MsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUUvRCw2Q0FBNkM7WUFDN0MsSUFBSSxDQUFDO2dCQUNILCtEQUErRDtnQkFDL0Qsc0ZBQXNGO2dCQUN0RixJQUFJLENBQUMsbUJBQW1CLEdBQUc7b0JBQ3pCLEdBQUcsRUFBRSxzQkFBc0I7b0JBQzNCLElBQUksRUFBRSx1QkFBdUI7aUJBQzlCLENBQUM7Z0JBQ0YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMseUNBQXlDLENBQUMsQ0FBQztZQUM5RCxDQUFDO1lBQUMsT0FBTyxhQUFhLEVBQUUsQ0FBQztnQkFDdkIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsMENBQTBDLEVBQUUsYUFBYSxDQUFDLENBQUM7Z0JBQzdFLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztZQUNqRSxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLGNBQWMsQ0FBQyxNQUE0QjtRQUNoRCxJQUFJLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQztJQUM1QixDQUFDO0lBRUQ7O09BRUc7SUFDSSxzQkFBc0I7UUFDM0IsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7SUFDekMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksd0JBQXdCLENBQUMsT0FBc0I7UUFDcEQsSUFBSSxJQUFJLENBQUMsYUFBYSxJQUFJLENBQUMsSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7WUFDdEQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUVBQWlFLENBQUMsQ0FBQztZQUVwRixzQ0FBc0M7WUFDdEMsSUFBSSxJQUFJLENBQUMsYUFBYSxLQUFLLE9BQU8sRUFBRSxDQUFDO2dCQUNuQyxrREFBa0Q7Z0JBQ2xELElBQUksQ0FBQyxhQUFhLENBQUMsa0JBQWtCLENBQUMsaUJBQWlCLENBQUMsa0JBQWtCLENBQUMsQ0FBQztnQkFDNUUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxrQkFBa0IsQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO2dCQUM3RSxJQUFJLENBQUMsYUFBYSxDQUFDLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDLGtCQUFrQixDQUFDLENBQUM7Z0JBQzVFLElBQUksQ0FBQyxhQUFhLENBQUMsa0JBQWtCLENBQUMsaUJBQWlCLENBQUMsb0JBQW9CLENBQUMsQ0FBQztZQUNoRixDQUFDO1FBQ0gsQ0FBQztRQUVELDJCQUEyQjtRQUMzQixJQUFJLENBQUMsYUFBYSxHQUFHLE9BQU8sQ0FBQztRQUM3QixJQUFJLENBQUMscUJBQXFCLEdBQUcsSUFBSSxDQUFDO1FBRWxDLG9DQUFvQztRQUNwQyx3QkFBd0IsQ0FBQyxJQUFJLENBQUMsYUFBYSxFQUFFO1lBQzNDLG1CQUFtQixFQUFFLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1lBQzVELG9CQUFvQixFQUFFLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1lBQzdELG1CQUFtQixFQUFFLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1lBQzVELHFCQUFxQixFQUFFLENBQUMsSUFBSSxFQUFFLEVBQUU7Z0JBQzlCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsTUFBTSxlQUFlLElBQUksQ0FBQyxhQUFhLE9BQU8sQ0FBQyxDQUFDO1lBQzNGLENBQUM7U0FDRixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyx3REFBd0QsQ0FBQyxDQUFDO1FBRTNFLHlFQUF5RTtRQUN6RSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbkMsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLENBQUM7aUJBQ3JELE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsd0JBQXdCO1lBRXBFLElBQUksQ0FBQyxnQ0FBZ0MsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNqRCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ssdUJBQXVCLENBQUMsSUFBbUY7UUFDakgsTUFBTSxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsVUFBVSxFQUFFLFVBQVUsRUFBRSxHQUFHLElBQUksQ0FBQztRQUU3RCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsUUFBUSxRQUFRLE1BQU0saUJBQWlCLFVBQVUsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFbkoscUNBQXFDO1FBQ3JDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsV0FBVyxFQUFFLFVBQVUsRUFBRSxVQUFVLENBQUMsQ0FBQztRQUV6RSx1RUFBdUU7UUFDdkUsSUFBSSxDQUFDLElBQUksQ0FBQyxxQkFBcUIsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3ZFLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsV0FBVyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBQy9ELENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyx1QkFBdUIsQ0FBQyxJQUF1QztRQUNyRSxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxtQ0FBbUMsSUFBSSxDQUFDLE1BQU0sS0FBSyxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUNyRixDQUFDO0lBRUQ7O09BRUc7SUFDSyxzQkFBc0IsQ0FBQyxNQUFjLEVBQUUsV0FBbUIsRUFBRSxVQUFrQjtRQUNwRixJQUFJLENBQUM7WUFDSCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxHQUFHLE1BQU0sV0FBVyxDQUFDLENBQUM7WUFDM0UsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsR0FBRyxNQUFNLFVBQVUsQ0FBQyxDQUFDO1lBRXpFLEVBQUUsQ0FBQyxhQUFhLENBQUMsUUFBUSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ3hDLEVBQUUsQ0FBQyxhQUFhLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1lBRXRDLGdEQUFnRDtZQUNoRCxJQUFJLENBQUM7Z0JBQ0gsRUFBRSxDQUFDLFNBQVMsQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFDL0IsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0RBQWdELE1BQU0sS0FBSyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZGLENBQUM7WUFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsTUFBTSxPQUFPLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxrQ0FBa0MsTUFBTSxLQUFLLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDMUUsQ0FBQztJQUNILENBQUM7SUFFRDs7O09BR0c7SUFDSSxTQUFTLENBQUMsTUFBYyxFQUFFLEVBQStEO1FBQzlGLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLDJCQUEyQixNQUFNLEVBQUUsQ0FBQyxDQUFDO1FBRXZELGlEQUFpRDtRQUNqRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hELElBQUksS0FBSyxFQUFFLENBQUM7WUFDVixJQUFJLENBQUM7Z0JBQ0gsaURBQWlEO2dCQUNqRCxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLG1CQUFtQixDQUFDO29CQUM5QyxHQUFHLEVBQUUsS0FBSyxDQUFDLEdBQUc7b0JBQ2QsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO2lCQUNqQixDQUFDLENBQUM7Z0JBQ0gsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0NBQWdDLE1BQU0sRUFBRSxDQUFDLENBQUM7Z0JBQzVELEVBQUUsQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7Z0JBQ2xCLE9BQU87WUFDVCxDQUFDO1lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztnQkFDYixJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxxQ0FBcUMsTUFBTSxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFDekUsQ0FBQztRQUNILENBQUM7UUFDRCwwRUFBMEU7UUFDMUUsSUFBSSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDdkIsSUFBSSxDQUFDO2dCQUNILElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGtEQUFrRCxNQUFNLEVBQUUsQ0FBQyxDQUFDO2dCQUM3RSxJQUFJLENBQUMsYUFBYSxDQUFDLFNBQVMsQ0FBQztvQkFDM0IsVUFBVSxFQUFFLE1BQU07b0JBQ2xCLFdBQVcsRUFBRSxLQUFLO29CQUNsQixlQUFlLEVBQUUsSUFBSTtpQkFDdEIsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztZQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7Z0JBQ2IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsdURBQXVELE1BQU0sRUFBRSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBQzFGLENBQUM7UUFDSCxDQUFDO1FBRUQsa0RBQWtEO1FBQ2xELElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsT0FBTyxJQUFJLElBQUksQ0FBQyxhQUFhLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDOUUsNkNBQTZDO1lBQzdDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBRTNELElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDZCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw0QkFBNEIsTUFBTSw0QkFBNEIsQ0FBQyxDQUFDO2dCQUVqRiwwQ0FBMEM7Z0JBQzFDLE1BQU0sYUFBYSxHQUFtQjtvQkFDcEMsVUFBVSxFQUFFLE1BQU07b0JBQ2xCLFdBQVcsRUFBRSxJQUFJO29CQUNqQixlQUFlLEVBQUUsSUFBSTtpQkFDdEIsQ0FBQztnQkFFRixJQUFJLENBQUMsYUFBYSxDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUM5QyxDQUFDO1FBQ0gsQ0FBQztRQUVELG1DQUFtQztRQUNuQyxJQUFJLENBQUM7WUFDSCxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLG1CQUFtQixDQUFDO2dCQUM5QyxHQUFHLEVBQUUsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEdBQUc7Z0JBQ2pDLElBQUksRUFBRSxJQUFJLENBQUMsbUJBQW1CLENBQUMsSUFBSTthQUNwQyxDQUFDLENBQUM7WUFFSCxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxpQ0FBaUMsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUM3RCxFQUFFLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ3BCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0NBQXdDLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFDakUsRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDdEQsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLHNCQUFzQixDQUFDLE1BQWMsRUFBRSxXQUFtQixFQUFFLFVBQWtCLEVBQUUsVUFBaUI7UUFDdEcsNkRBQTZEO1FBQzdELElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JCLElBQUksQ0FBQztnQkFDSCxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxNQUFNLEVBQUU7b0JBQ2xDLEdBQUcsRUFBRSxVQUFVO29CQUNmLElBQUksRUFBRSxXQUFXO2lCQUNsQixDQUFDLENBQUM7Z0JBQ0gsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsbUNBQW1DLE1BQU0sRUFBRSxDQUFDLENBQUM7WUFDakUsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMseUNBQXlDLE1BQU0sR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQy9FLENBQUM7UUFDSCxDQUFDO1FBRUQsOEJBQThCO1FBQzlCLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFO1lBQ2hDLEdBQUcsRUFBRSxVQUFVO1lBQ2YsSUFBSSxFQUFFLFdBQVc7WUFDakIsT0FBTyxFQUFFLFVBQVU7U0FDcEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0ksY0FBYyxDQUFDLE1BQWM7UUFDbEMsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxNQUFjO1FBQzVDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMscUJBQXFCLEVBQUUsQ0FBQztZQUMvRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFDO1lBQy9ELE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDeEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsa0NBQWtDLENBQUMsQ0FBQztZQUN0RCxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCw0RUFBNEU7UUFDNUUsSUFBSSxNQUFNLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDekIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsbURBQW1ELE1BQU0sRUFBRSxDQUFDLENBQUM7WUFDL0UsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsb0NBQW9DO1lBQ3BDLE1BQU0sYUFBYSxHQUFtQjtnQkFDcEMsVUFBVSxFQUFFLE1BQU07Z0JBQ2xCLFdBQVcsRUFBRSxJQUFJO2dCQUNqQixlQUFlLEVBQUUsSUFBSTthQUN0QixDQUFDO1lBRUYsSUFBSSxDQUFDLGFBQWEsQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDNUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsNkNBQTZDLE1BQU0sRUFBRSxDQUFDLENBQUM7WUFDeEUsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLDJDQUEyQyxNQUFNLEdBQUcsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUMvRSxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxnQ0FBZ0MsQ0FBQyxPQUFpQjtRQUN2RCxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3hCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGtDQUFrQyxDQUFDLENBQUM7WUFDckQsT0FBTztRQUNULENBQUM7UUFFRCxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQzdCLDRFQUE0RTtZQUM1RSxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDekIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsc0NBQXNDLE1BQU0sRUFBRSxDQUFDLENBQUM7Z0JBQ2pFLFNBQVM7WUFDWCxDQUFDO1lBRUQsZ0VBQWdFO1lBQ2hFLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsbUJBQW1CLEVBQUUsQ0FBQztnQkFDM0MsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDckQsSUFBSSxVQUFVLEVBQUUsQ0FBQztvQkFDZixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw4Q0FBOEMsTUFBTSxFQUFFLENBQUMsQ0FBQztvQkFDekUsU0FBUztnQkFDWCxDQUFDO1lBQ0gsQ0FBQztZQUVELDhFQUE4RTtZQUM5RSxNQUFNLGFBQWEsR0FBbUI7Z0JBQ3BDLFVBQVUsRUFBRSxNQUFNO2dCQUNsQixXQUFXLEVBQUUsSUFBSTtnQkFDakIsZUFBZSxFQUFFLElBQUk7YUFDdEIsQ0FBQztZQUVGLElBQUksQ0FBQyxhQUFhLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1lBQzVDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLG9EQUFvRCxNQUFNLEVBQUUsQ0FBQyxDQUFDO1FBQ2pGLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsdUJBQXVCO1FBQ2xDLGlDQUFpQztRQUNqQyxJQUFJLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1lBQy9CLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLHVEQUF1RCxDQUFDLENBQUM7WUFDMUUsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDO1FBQzVCLENBQUM7UUFFRCxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDaEMsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLElBQUksQ0FBQyxhQUFhLEdBQUcsa0JBQWtCLENBQUM7WUFDdEMsSUFBSSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUk7WUFDNUIsWUFBWSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFlBQVk7WUFDNUMsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLGFBQWE7WUFDOUMsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsNkJBQTZCO1lBQ25FLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPO1lBQ2xDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLGdCQUFnQjtZQUNwRCxtQkFBbUIsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxtQkFBbUI7U0FDM0QsQ0FBQyxDQUFDO1FBQ0gsb0NBQW9DO1FBQ3BDLHdCQUF3QixDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUU7WUFDM0MsbUJBQW1CLEVBQUUsSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFDNUQsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFDN0QsbUJBQW1CLEVBQUUsSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFDNUQscUJBQXFCLEVBQUUsQ0FBQyxJQUFJLEVBQUUsRUFBRTtnQkFDOUIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxNQUFNLGVBQWUsSUFBSSxDQUFDLGFBQWEsT0FBTyxDQUFDLENBQUM7WUFDM0YsQ0FBQztTQUNGLENBQUMsQ0FBQztRQUVILG9CQUFvQjtRQUNwQixJQUFJLENBQUM7WUFDSCxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDakMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUNBQWlDLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDNUUsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDO1FBQzVCLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsa0NBQWtDLEtBQUssRUFBRSxDQUFDLENBQUM7WUFDN0QsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUM7WUFDMUIsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLGlCQUFpQjtRQUM1QixJQUFJLElBQUksQ0FBQyxhQUFhLElBQUksQ0FBQyxJQUFJLENBQUMscUJBQXFCLEVBQUUsQ0FBQztZQUN0RCxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNoQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO1lBQzVDLENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNmLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLDhCQUE4QixFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQzNELENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztDQUNGIn0=

package/dist_ts/proxies/network-proxy/connection-pool.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import * as plugins from '../../plugins.js';
+import { type INetworkProxyOptions } from './models/types.js';
+/**
+ * Manages a pool of backend connections for efficient reuse
+ */
+export declare class ConnectionPool {
+    private options;
+    private connectionPool;
+    private roundRobinPositions;
+    private logger;
+    constructor(options: INetworkProxyOptions);
+    /**
+     * Get a connection from the pool or create a new one
+     */
+    getConnection(host: string, port: number): Promise<plugins.net.Socket>;
+    /**
+     * Return a connection to the pool for reuse
+     */
+    returnConnection(socket: plugins.net.Socket, host: string, port: number): void;
+    /**
+     * Cleanup the connection pool by removing idle connections
+     * or reducing pool size if it exceeds the configured maximum
+     */
+    cleanupConnectionPool(): void;
+    /**
+     * Close all connections in the pool
+     */
+    closeAllConnections(): void;
+    /**
+     * Get load balancing target using round-robin
+     */
+    getNextTarget(targets: string[], port: number): {
+        host: string;
+        port: number;
+    };
+    /**
+     * Gets the connection pool status
+     */
+    getPoolStatus(): Record<string, {
+        total: number;
+        idle: number;
+    }>;
+    /**
+     * Setup a periodic cleanup task
+     */
+    setupPeriodicCleanup(interval?: number): NodeJS.Timeout;
+}