npm - @push.rocks/smartproxy - Versions diffs - 21.1.7 → 22.4.2 - Mend

@push.rocks/smartproxy 21.1.7 → 22.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

package/dist_ts/proxies/nftables-proxy/utils/index.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * NFTables Proxy Utilities
+ *
+ * This module exports utility functions and classes for NFTables operations.
+ */
+export { NftCommandExecutor } from './nft-command-executor.js';
+export type { INftLoggerFn, INftExecutorOptions } from './nft-command-executor.js';
+export { normalizePortSpec, validatePorts, formatPortRange, portSpecToNftExpr, rangesOverlap, mergeOverlappingRanges, countPorts, isPortInSpec } from './nft-port-spec-normalizer.js';
+export { isValidIP, isValidIPv4, isValidIPv6, isValidHostname, isValidTableName, isValidRate, validateIPs, validateHost, validateTableName, validateQosSettings, validateSettings, isIPForFamily, filterIPsByFamily } from './nft-rule-validator.js';

package/dist_ts/proxies/nftables-proxy/utils/index.js ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * NFTables Proxy Utilities
+ *
+ * This module exports utility functions and classes for NFTables operations.
+ */
+// Command execution
+export { NftCommandExecutor } from './nft-command-executor.js';
+// Port specification normalization
+export { normalizePortSpec, validatePorts, formatPortRange, portSpecToNftExpr, rangesOverlap, mergeOverlappingRanges, countPorts, isPortInSpec } from './nft-port-spec-normalizer.js';
+// Rule validation
+export { isValidIP, isValidIPv4, isValidIPv6, isValidHostname, isValidTableName, isValidRate, validateIPs, validateHost, validateTableName, validateQosSettings, validateSettings, isIPForFamily, filterIPsByFamily } from './nft-rule-validator.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9wcm94aWVzL25mdGFibGVzLXByb3h5L3V0aWxzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7O0dBSUc7QUFFSCxvQkFBb0I7QUFDcEIsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFHL0QsbUNBQW1DO0FBQ25DLE9BQU8sRUFDTCxpQkFBaUIsRUFDakIsYUFBYSxFQUNiLGVBQWUsRUFDZixpQkFBaUIsRUFDakIsYUFBYSxFQUNiLHNCQUFzQixFQUN0QixVQUFVLEVBQ1YsWUFBWSxFQUNiLE1BQU0sK0JBQStCLENBQUM7QUFFdkMsa0JBQWtCO0FBQ2xCLE9BQU8sRUFDTCxTQUFTLEVBQ1QsV0FBVyxFQUNYLFdBQVcsRUFDWCxlQUFlLEVBQ2YsZ0JBQWdCLEVBQ2hCLFdBQVcsRUFDWCxXQUFXLEVBQ1gsWUFBWSxFQUNaLGlCQUFpQixFQUNqQixtQkFBbUIsRUFDbkIsZ0JBQWdCLEVBQ2hCLGFBQWEsRUFDYixpQkFBaUIsRUFDbEIsTUFBTSx5QkFBeUIsQ0FBQyJ9

package/dist_ts/proxies/nftables-proxy/utils/nft-command-executor.d.ts ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * NFTables Command Executor
+ *
+ * Handles command execution with retry logic, temp file management,
+ * and error handling for nftables operations.
+ */
+export interface INftLoggerFn {
+    (level: 'info' | 'warn' | 'error' | 'debug', message: string, data?: Record<string, any>): void;
+}
+export interface INftExecutorOptions {
+    maxRetries?: number;
+    retryDelayMs?: number;
+    tempFilePath?: string;
+}
+/**
+ * NFTables command executor with retry logic and temp file support
+ */
+export declare class NftCommandExecutor {
+    private log;
+    private static readonly NFT_CMD;
+    private maxRetries;
+    private retryDelayMs;
+    private tempFilePath;
+    constructor(log: INftLoggerFn, options?: INftExecutorOptions);
+    /**
+     * Execute a command with retry capability
+     */
+    executeWithRetry(command: string, maxRetries?: number, retryDelayMs?: number): Promise<string>;
+    /**
+     * Execute system command synchronously (single attempt, no retry)
+     * Used only for exit handlers where the process is terminating anyway.
+     */
+    executeSync(command: string): string;
+    /**
+     * Execute nftables commands with a temporary file
+     */
+    executeWithTempFile(rulesetContent: string): Promise<void>;
+    /**
+     * Check if nftables is available
+     */
+    checkAvailability(): Promise<boolean>;
+    /**
+     * Check if connection tracking modules are loaded
+     */
+    checkConntrackModules(): Promise<boolean>;
+    /**
+     * Run an nft command directly
+     */
+    nft(args: string): Promise<string>;
+    /**
+     * Run an nft command synchronously (for cleanup on exit)
+     */
+    nftSync(args: string): string;
+    /**
+     * Get the NFT command path
+     */
+    static get nftCmd(): string;
+    /**
+     * Update the temp file path
+     */
+    setTempFilePath(path: string): void;
+    /**
+     * Update retry settings
+     */
+    setRetryOptions(maxRetries: number, retryDelayMs: number): void;
+}

package/dist_ts/proxies/nftables-proxy/utils/nft-command-executor.js ADDED Viewed

@@ -0,0 +1,131 @@
+/**
+ * NFTables Command Executor
+ *
+ * Handles command execution with retry logic, temp file management,
+ * and error handling for nftables operations.
+ */
+import { exec, execSync } from 'child_process';
+import { promisify } from 'util';
+import { delay } from '../../../core/utils/async-utils.js';
+import { AsyncFileSystem } from '../../../core/utils/fs-utils.js';
+import { NftExecutionError } from '../models/index.js';
+const execAsync = promisify(exec);
+/**
+ * NFTables command executor with retry logic and temp file support
+ */
+export class NftCommandExecutor {
+    static { this.NFT_CMD = 'nft'; }
+    constructor(log, options = {}) {
+        this.log = log;
+        this.maxRetries = options.maxRetries || 3;
+        this.retryDelayMs = options.retryDelayMs || 1000;
+        this.tempFilePath = options.tempFilePath || `/tmp/nft-rules-${Date.now()}.nft`;
+    }
+    /**
+     * Execute a command with retry capability
+     */
+    async executeWithRetry(command, maxRetries, retryDelayMs) {
+        const retries = maxRetries ?? this.maxRetries;
+        const delayMs = retryDelayMs ?? this.retryDelayMs;
+        let lastError;
+        for (let i = 0; i < retries; i++) {
+            try {
+                const { stdout } = await execAsync(command);
+                return stdout;
+            }
+            catch (err) {
+                lastError = err;
+                this.log('warn', `Command failed (attempt ${i + 1}/${retries}): ${command}`, { error: lastError.message });
+                // Wait before retry, unless it's the last attempt
+                if (i < retries - 1) {
+                    await delay(delayMs);
+                }
+            }
+        }
+        throw new NftExecutionError(`Failed after ${retries} attempts: ${lastError?.message || 'Unknown error'}`);
+    }
+    /**
+     * Execute system command synchronously (single attempt, no retry)
+     * Used only for exit handlers where the process is terminating anyway.
+     */
+    executeSync(command) {
+        try {
+            return execSync(command, { timeout: 5000 }).toString();
+        }
+        catch (err) {
+            this.log('warn', `Sync command failed: ${command}`, { error: err.message });
+            throw err;
+        }
+    }
+    /**
+     * Execute nftables commands with a temporary file
+     */
+    async executeWithTempFile(rulesetContent) {
+        await AsyncFileSystem.writeFile(this.tempFilePath, rulesetContent);
+        try {
+            await this.executeWithRetry(`${NftCommandExecutor.NFT_CMD} -f ${this.tempFilePath}`, this.maxRetries, this.retryDelayMs);
+        }
+        finally {
+            // Always clean up the temp file
+            await AsyncFileSystem.remove(this.tempFilePath);
+        }
+    }
+    /**
+     * Check if nftables is available
+     */
+    async checkAvailability() {
+        try {
+            await this.executeWithRetry(`${NftCommandExecutor.NFT_CMD} --version`, this.maxRetries, this.retryDelayMs);
+            return true;
+        }
+        catch (err) {
+            this.log('error', `nftables is not available: ${err.message}`);
+            return false;
+        }
+    }
+    /**
+     * Check if connection tracking modules are loaded
+     */
+    async checkConntrackModules() {
+        try {
+            await this.executeWithRetry('lsmod | grep nf_conntrack', this.maxRetries, this.retryDelayMs);
+            return true;
+        }
+        catch (err) {
+            this.log('warn', 'Connection tracking modules might not be loaded, advanced NAT features may not work');
+            return false;
+        }
+    }
+    /**
+     * Run an nft command directly
+     */
+    async nft(args) {
+        return this.executeWithRetry(`${NftCommandExecutor.NFT_CMD} ${args}`, this.maxRetries, this.retryDelayMs);
+    }
+    /**
+     * Run an nft command synchronously (for cleanup on exit)
+     */
+    nftSync(args) {
+        return this.executeSync(`${NftCommandExecutor.NFT_CMD} ${args}`);
+    }
+    /**
+     * Get the NFT command path
+     */
+    static get nftCmd() {
+        return NftCommandExecutor.NFT_CMD;
+    }
+    /**
+     * Update the temp file path
+     */
+    setTempFilePath(path) {
+        this.tempFilePath = path;
+    }
+    /**
+     * Update retry settings
+     */
+    setRetryOptions(maxRetries, retryDelayMs) {
+        this.maxRetries = maxRetries;
+        this.retryDelayMs = retryDelayMs;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmZ0LWNvbW1hbmQtZXhlY3V0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9wcm94aWVzL25mdGFibGVzLXByb3h5L3V0aWxzL25mdC1jb21tYW5kLWV4ZWN1dG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7OztHQUtHO0FBRUgsT0FBTyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFDL0MsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUNqQyxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFDM0QsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ2xFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBRXZELE1BQU0sU0FBUyxHQUFHLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQztBQVlsQzs7R0FFRztBQUNILE1BQU0sT0FBTyxrQkFBa0I7YUFDTCxZQUFPLEdBQUcsS0FBSyxDQUFDO0lBS3hDLFlBQ1UsR0FBaUIsRUFDekIsVUFBK0IsRUFBRTtRQUR6QixRQUFHLEdBQUgsR0FBRyxDQUFjO1FBR3pCLElBQUksQ0FBQyxVQUFVLEdBQUcsT0FBTyxDQUFDLFVBQVUsSUFBSSxDQUFDLENBQUM7UUFDMUMsSUFBSSxDQUFDLFlBQVksR0FBRyxPQUFPLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQztRQUNqRCxJQUFJLENBQUMsWUFBWSxHQUFHLE9BQU8sQ0FBQyxZQUFZLElBQUksa0JBQWtCLElBQUksQ0FBQyxHQUFHLEVBQUUsTUFBTSxDQUFDO0lBQ2pGLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFlLEVBQUUsVUFBbUIsRUFBRSxZQUFxQjtRQUNoRixNQUFNLE9BQU8sR0FBRyxVQUFVLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQztRQUM5QyxNQUFNLE9BQU8sR0FBRyxZQUFZLElBQUksSUFBSSxDQUFDLFlBQVksQ0FBQztRQUNsRCxJQUFJLFNBQTRCLENBQUM7UUFFakMsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLE9BQU8sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2pDLElBQUksQ0FBQztnQkFDSCxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsTUFBTSxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQzVDLE9BQU8sTUFBTSxDQUFDO1lBQ2hCLENBQUM7WUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO2dCQUNiLFNBQVMsR0FBRyxHQUFZLENBQUM7Z0JBQ3pCLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDJCQUEyQixDQUFDLEdBQUMsQ0FBQyxJQUFJLE9BQU8sTUFBTSxPQUFPLEVBQUUsRUFBRSxFQUFFLEtBQUssRUFBRSxTQUFTLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFFekcsa0RBQWtEO2dCQUNsRCxJQUFJLENBQUMsR0FBRyxPQUFPLEdBQUcsQ0FBQyxFQUFFLENBQUM7b0JBQ3BCLE1BQU0sS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUN2QixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLElBQUksaUJBQWlCLENBQUMsZ0JBQWdCLE9BQU8sY0FBYyxTQUFTLEVBQUUsT0FBTyxJQUFJLGVBQWUsRUFBRSxDQUFDLENBQUM7SUFDNUcsQ0FBQztJQUVEOzs7T0FHRztJQUNILFdBQVcsQ0FBQyxPQUFlO1FBQ3pCLElBQUksQ0FBQztZQUNILE9BQU8sUUFBUSxDQUFDLE9BQU8sRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3pELENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsd0JBQXdCLE9BQU8sRUFBRSxFQUFFLEVBQUUsS0FBSyxFQUFHLEdBQWEsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZGLE1BQU0sR0FBRyxDQUFDO1FBQ1osQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxjQUFzQjtRQUM5QyxNQUFNLGVBQWUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxjQUFjLENBQUMsQ0FBQztRQUVuRSxJQUFJLENBQUM7WUFDSCxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FDekIsR0FBRyxrQkFBa0IsQ0FBQyxPQUFPLE9BQU8sSUFBSSxDQUFDLFlBQVksRUFBRSxFQUN2RCxJQUFJLENBQUMsVUFBVSxFQUNmLElBQUksQ0FBQyxZQUFZLENBQ2xCLENBQUM7UUFDSixDQUFDO2dCQUFTLENBQUM7WUFDVCxnQ0FBZ0M7WUFDaEMsTUFBTSxlQUFlLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUNsRCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLGlCQUFpQjtRQUNyQixJQUFJLENBQUM7WUFDSCxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLGtCQUFrQixDQUFDLE9BQU8sWUFBWSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzNHLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSw4QkFBK0IsR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDMUUsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLHFCQUFxQjtRQUN6QixJQUFJLENBQUM7WUFDSCxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQywyQkFBMkIsRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUM3RixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUscUZBQXFGLENBQUMsQ0FBQztZQUN4RyxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxLQUFLLENBQUMsR0FBRyxDQUFDLElBQVk7UUFDcEIsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxPQUFPLElBQUksSUFBSSxFQUFFLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDNUcsQ0FBQztJQUVEOztPQUVHO0lBQ0gsT0FBTyxDQUFDLElBQVk7UUFDbEIsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsa0JBQWtCLENBQUMsT0FBTyxJQUFJLElBQUksRUFBRSxDQUFDLENBQUM7SUFDbkUsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxLQUFLLE1BQU07UUFDZixPQUFPLGtCQUFrQixDQUFDLE9BQU8sQ0FBQztJQUNwQyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxlQUFlLENBQUMsSUFBWTtRQUMxQixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQztJQUMzQixDQUFDO0lBRUQ7O09BRUc7SUFDSCxlQUFlLENBQUMsVUFBa0IsRUFBRSxZQUFvQjtRQUN0RCxJQUFJLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQztRQUM3QixJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztJQUNuQyxDQUFDIn0=

package/dist_ts/proxies/nftables-proxy/utils/nft-port-spec-normalizer.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * NFTables Port Specification Normalizer
+ *
+ * Handles normalization and validation of port specifications
+ * for nftables rules.
+ */
+import type { PortRange } from '../models/index.js';
+/**
+ * Normalizes port specifications into an array of port ranges
+ */
+export declare function normalizePortSpec(portSpec: number | PortRange | Array<number | PortRange>): PortRange[];
+/**
+ * Validates port numbers or ranges
+ */
+export declare function validatePorts(port: number | PortRange | Array<number | PortRange>): void;
+/**
+ * Format port range for nftables rule
+ */
+export declare function formatPortRange(range: PortRange): string;
+/**
+ * Convert port spec to nftables expression
+ */
+export declare function portSpecToNftExpr(portSpec: number | PortRange | Array<number | PortRange>): string;
+/**
+ * Check if two port ranges overlap
+ */
+export declare function rangesOverlap(range1: PortRange, range2: PortRange): boolean;
+/**
+ * Merge overlapping port ranges
+ */
+export declare function mergeOverlappingRanges(ranges: PortRange[]): PortRange[];
+/**
+ * Calculate the total number of ports in a port specification
+ */
+export declare function countPorts(portSpec: number | PortRange | Array<number | PortRange>): number;
+/**
+ * Check if a port is within the given specification
+ */
+export declare function isPortInSpec(port: number, portSpec: number | PortRange | Array<number | PortRange>): boolean;

package/dist_ts/proxies/nftables-proxy/utils/nft-port-spec-normalizer.js ADDED Viewed

@@ -0,0 +1,112 @@
+/**
+ * NFTables Port Specification Normalizer
+ *
+ * Handles normalization and validation of port specifications
+ * for nftables rules.
+ */
+import { NftValidationError } from '../models/index.js';
+/**
+ * Normalizes port specifications into an array of port ranges
+ */
+export function normalizePortSpec(portSpec) {
+    const result = [];
+    if (Array.isArray(portSpec)) {
+        // If it's an array, process each element
+        for (const spec of portSpec) {
+            result.push(...normalizePortSpec(spec));
+        }
+    }
+    else if (typeof portSpec === 'number') {
+        // Single port becomes a range with the same start and end
+        result.push({ from: portSpec, to: portSpec });
+    }
+    else {
+        // Already a range
+        result.push(portSpec);
+    }
+    return result;
+}
+/**
+ * Validates port numbers or ranges
+ */
+export function validatePorts(port) {
+    if (Array.isArray(port)) {
+        port.forEach(p => validatePorts(p));
+        return;
+    }
+    if (typeof port === 'number') {
+        if (port < 1 || port > 65535) {
+            throw new NftValidationError(`Invalid port number: ${port}`);
+        }
+    }
+    else if (typeof port === 'object') {
+        if (port.from < 1 || port.from > 65535 || port.to < 1 || port.to > 65535 || port.from > port.to) {
+            throw new NftValidationError(`Invalid port range: ${port.from}-${port.to}`);
+        }
+    }
+}
+/**
+ * Format port range for nftables rule
+ */
+export function formatPortRange(range) {
+    if (range.from === range.to) {
+        return String(range.from);
+    }
+    return `${range.from}-${range.to}`;
+}
+/**
+ * Convert port spec to nftables expression
+ */
+export function portSpecToNftExpr(portSpec) {
+    const ranges = normalizePortSpec(portSpec);
+    if (ranges.length === 1) {
+        return formatPortRange(ranges[0]);
+    }
+    // Multiple ports/ranges need to use a set
+    const ports = ranges.map(formatPortRange);
+    return `{ ${ports.join(', ')} }`;
+}
+/**
+ * Check if two port ranges overlap
+ */
+export function rangesOverlap(range1, range2) {
+    return range1.from <= range2.to && range2.from <= range1.to;
+}
+/**
+ * Merge overlapping port ranges
+ */
+export function mergeOverlappingRanges(ranges) {
+    if (ranges.length <= 1)
+        return ranges;
+    // Sort by start port
+    const sorted = [...ranges].sort((a, b) => a.from - b.from);
+    const merged = [sorted[0]];
+    for (let i = 1; i < sorted.length; i++) {
+        const current = sorted[i];
+        const lastMerged = merged[merged.length - 1];
+        if (current.from <= lastMerged.to + 1) {
+            // Ranges overlap or are adjacent, merge them
+            lastMerged.to = Math.max(lastMerged.to, current.to);
+        }
+        else {
+            // No overlap, add as new range
+            merged.push(current);
+        }
+    }
+    return merged;
+}
+/**
+ * Calculate the total number of ports in a port specification
+ */
+export function countPorts(portSpec) {
+    const ranges = normalizePortSpec(portSpec);
+    return ranges.reduce((total, range) => total + (range.to - range.from + 1), 0);
+}
+/**
+ * Check if a port is within the given specification
+ */
+export function isPortInSpec(port, portSpec) {
+    const ranges = normalizePortSpec(portSpec);
+    return ranges.some(range => port >= range.from && port <= range.to);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmZ0LXBvcnQtc3BlYy1ub3JtYWxpemVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvcHJveGllcy9uZnRhYmxlcy1wcm94eS91dGlscy9uZnQtcG9ydC1zcGVjLW5vcm1hbGl6ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7O0dBS0c7QUFHSCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUV4RDs7R0FFRztBQUNILE1BQU0sVUFBVSxpQkFBaUIsQ0FBQyxRQUF3RDtJQUN4RixNQUFNLE1BQU0sR0FBZ0IsRUFBRSxDQUFDO0lBRS9CLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQzVCLHlDQUF5QztRQUN6QyxLQUFLLE1BQU0sSUFBSSxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQzVCLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQzFDLENBQUM7SUFDSCxDQUFDO1NBQU0sSUFBSSxPQUFPLFFBQVEsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUN4QywwREFBMEQ7UUFDMUQsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7SUFDaEQsQ0FBQztTQUFNLENBQUM7UUFDTixrQkFBa0I7UUFDbEIsTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN4QixDQUFDO0lBRUQsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLGFBQWEsQ0FBQyxJQUFvRDtJQUNoRixJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztRQUN4QixJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDcEMsT0FBTztJQUNULENBQUM7SUFFRCxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQzdCLElBQUksSUFBSSxHQUFHLENBQUMsSUFBSSxJQUFJLEdBQUcsS0FBSyxFQUFFLENBQUM7WUFDN0IsTUFBTSxJQUFJLGtCQUFrQixDQUFDLHdCQUF3QixJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBQy9ELENBQUM7SUFDSCxDQUFDO1NBQU0sSUFBSSxPQUFPLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNwQyxJQUFJLElBQUksQ0FBQyxJQUFJLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxJQUFJLEdBQUcsS0FBSyxJQUFJLElBQUksQ0FBQyxFQUFFLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxFQUFFLEdBQUcsS0FBSyxJQUFJLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2hHLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyx1QkFBdUIsSUFBSSxDQUFDLElBQUksSUFBSSxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUM5RSxDQUFDO0lBQ0gsQ0FBQztBQUNILENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxlQUFlLENBQUMsS0FBZ0I7SUFDOUMsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUM1QixPQUFPLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDNUIsQ0FBQztJQUNELE9BQU8sR0FBRyxLQUFLLENBQUMsSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQztBQUNyQyxDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsaUJBQWlCLENBQUMsUUFBd0Q7SUFDeEYsTUFBTSxNQUFNLEdBQUcsaUJBQWlCLENBQUMsUUFBUSxDQUFDLENBQUM7SUFFM0MsSUFBSSxNQUFNLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1FBQ3hCLE9BQU8sZUFBZSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRCwwQ0FBMEM7SUFDMUMsTUFBTSxLQUFLLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUMxQyxPQUFPLEtBQUssS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO0FBQ25DLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxhQUFhLENBQUMsTUFBaUIsRUFBRSxNQUFpQjtJQUNoRSxPQUFPLE1BQU0sQ0FBQyxJQUFJLElBQUksTUFBTSxDQUFDLEVBQUUsSUFBSSxNQUFNLENBQUMsSUFBSSxJQUFJLE1BQU0sQ0FBQyxFQUFFLENBQUM7QUFDOUQsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLHNCQUFzQixDQUFDLE1BQW1CO0lBQ3hELElBQUksTUFBTSxDQUFDLE1BQU0sSUFBSSxDQUFDO1FBQUUsT0FBTyxNQUFNLENBQUM7SUFFdEMscUJBQXFCO0lBQ3JCLE1BQU0sTUFBTSxHQUFHLENBQUMsR0FBRyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMzRCxNQUFNLE1BQU0sR0FBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUV4QyxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMxQixNQUFNLFVBQVUsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQztRQUU3QyxJQUFJLE9BQU8sQ0FBQyxJQUFJLElBQUksVUFBVSxDQUFDLEVBQUUsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN0Qyw2Q0FBNkM7WUFDN0MsVUFBVSxDQUFDLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RELENBQUM7YUFBTSxDQUFDO1lBQ04sK0JBQStCO1lBQy9CLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdkIsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsVUFBVSxDQUFDLFFBQXdEO0lBQ2pGLE1BQU0sTUFBTSxHQUFHLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzNDLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUFDLEtBQUssR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLEdBQUcsS0FBSyxDQUFDLElBQUksR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUNqRixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsWUFBWSxDQUFDLElBQVksRUFBRSxRQUF3RDtJQUNqRyxNQUFNLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUMzQyxPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksS0FBSyxDQUFDLElBQUksSUFBSSxJQUFJLElBQUksS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ3RFLENBQUMifQ==

package/dist_ts/proxies/nftables-proxy/utils/nft-rule-validator.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * NFTables Rule Validator
+ *
+ * Handles validation of settings and inputs for nftables operations.
+ * Prevents command injection and ensures valid values.
+ */
+import type { NfTableProxyOptions } from '../models/index.js';
+/**
+ * Validates an IP address (IPv4 or IPv6)
+ */
+export declare function isValidIP(ip: string): boolean;
+/**
+ * Validates an IPv4 address
+ */
+export declare function isValidIPv4(ip: string): boolean;
+/**
+ * Validates an IPv6 address
+ */
+export declare function isValidIPv6(ip: string): boolean;
+/**
+ * Validates a hostname
+ */
+export declare function isValidHostname(hostname: string): boolean;
+/**
+ * Validates a table name for nftables
+ */
+export declare function isValidTableName(tableName: string): boolean;
+/**
+ * Validates a rate specification (e.g., "10mbps")
+ */
+export declare function isValidRate(rate: string): boolean;
+/**
+ * Validates an array of IP addresses
+ */
+export declare function validateIPs(ips?: string[]): void;
+/**
+ * Validates a host (can be hostname or IP)
+ */
+export declare function validateHost(host?: string): void;
+/**
+ * Validates a table name
+ */
+export declare function validateTableName(tableName?: string): void;
+/**
+ * Validates QoS settings
+ */
+export declare function validateQosSettings(qos?: NfTableProxyOptions['qos']): void;
+/**
+ * Validates all NfTablesProxy settings
+ */
+export declare function validateSettings(settings: NfTableProxyOptions): void;
+/**
+ * Check if an IP matches the given family (ip or ip6)
+ */
+export declare function isIPForFamily(ip: string, family: 'ip' | 'ip6'): boolean;
+/**
+ * Filter IPs by family
+ */
+export declare function filterIPsByFamily(ips: string[], family: 'ip' | 'ip6'): string[];

package/dist_ts/proxies/nftables-proxy/utils/nft-rule-validator.js ADDED Viewed

@@ -0,0 +1,130 @@
+/**
+ * NFTables Rule Validator
+ *
+ * Handles validation of settings and inputs for nftables operations.
+ * Prevents command injection and ensures valid values.
+ */
+import { NftValidationError } from '../models/index.js';
+import { validatePorts } from './nft-port-spec-normalizer.js';
+// IP address validation patterns
+const IPV4_REGEX = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$/;
+const IPV6_REGEX = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/;
+const HOSTNAME_REGEX = /^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/;
+const TABLE_NAME_REGEX = /^[a-zA-Z0-9_]+$/;
+const RATE_REGEX = /^[0-9]+[kKmMgG]?bps$/;
+/**
+ * Validates an IP address (IPv4 or IPv6)
+ */
+export function isValidIP(ip) {
+    return IPV4_REGEX.test(ip) || IPV6_REGEX.test(ip);
+}
+/**
+ * Validates an IPv4 address
+ */
+export function isValidIPv4(ip) {
+    return IPV4_REGEX.test(ip);
+}
+/**
+ * Validates an IPv6 address
+ */
+export function isValidIPv6(ip) {
+    return IPV6_REGEX.test(ip);
+}
+/**
+ * Validates a hostname
+ */
+export function isValidHostname(hostname) {
+    return HOSTNAME_REGEX.test(hostname);
+}
+/**
+ * Validates a table name for nftables
+ */
+export function isValidTableName(tableName) {
+    return TABLE_NAME_REGEX.test(tableName);
+}
+/**
+ * Validates a rate specification (e.g., "10mbps")
+ */
+export function isValidRate(rate) {
+    return RATE_REGEX.test(rate);
+}
+/**
+ * Validates an array of IP addresses
+ */
+export function validateIPs(ips) {
+    if (!ips)
+        return;
+    for (const ip of ips) {
+        if (!isValidIP(ip)) {
+            throw new NftValidationError(`Invalid IP address format: ${ip}`);
+        }
+    }
+}
+/**
+ * Validates a host (can be hostname or IP)
+ */
+export function validateHost(host) {
+    if (!host)
+        return;
+    if (!isValidHostname(host) && !isValidIP(host)) {
+        throw new NftValidationError(`Invalid host format: ${host}`);
+    }
+}
+/**
+ * Validates a table name
+ */
+export function validateTableName(tableName) {
+    if (!tableName)
+        return;
+    if (!isValidTableName(tableName)) {
+        throw new NftValidationError(`Invalid table name: ${tableName}. Only alphanumeric characters and underscores are allowed.`);
+    }
+}
+/**
+ * Validates QoS settings
+ */
+export function validateQosSettings(qos) {
+    if (!qos?.enabled)
+        return;
+    if (qos.maxRate && !isValidRate(qos.maxRate)) {
+        throw new NftValidationError(`Invalid rate format: ${qos.maxRate}. Use format like "10mbps", "1gbps", etc.`);
+    }
+    if (qos.priority !== undefined) {
+        if (qos.priority < 1 || qos.priority > 10 || !Number.isInteger(qos.priority)) {
+            throw new NftValidationError(`Invalid priority: ${qos.priority}. Must be an integer between 1 and 10.`);
+        }
+    }
+}
+/**
+ * Validates all NfTablesProxy settings
+ */
+export function validateSettings(settings) {
+    // Validate port numbers
+    validatePorts(settings.fromPort);
+    validatePorts(settings.toPort);
+    // Validate IP addresses
+    validateIPs(settings.ipAllowList);
+    validateIPs(settings.ipBlockList);
+    // Validate target host
+    validateHost(settings.toHost);
+    // Validate table name
+    validateTableName(settings.tableName);
+    // Validate QoS settings
+    validateQosSettings(settings.qos);
+}
+/**
+ * Check if an IP matches the given family (ip or ip6)
+ */
+export function isIPForFamily(ip, family) {
+    if (family === 'ip6') {
+        return ip.includes(':');
+    }
+    return ip.includes('.');
+}
+/**
+ * Filter IPs by family
+ */
+export function filterIPsByFamily(ips, family) {
+    return ips.filter(ip => isIPForFamily(ip, family));
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmZ0LXJ1bGUtdmFsaWRhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvcHJveGllcy9uZnRhYmxlcy1wcm94eS91dGlscy9uZnQtcnVsZS12YWxpZGF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7O0dBS0c7QUFHSCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUN4RCxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFFOUQsaUNBQWlDO0FBQ2pDLE1BQU0sVUFBVSxHQUFHLHlJQUF5SSxDQUFDO0FBQzdKLE1BQU0sVUFBVSxHQUFHLGtzQkFBa3NCLENBQUM7QUFDdHRCLE1BQU0sY0FBYyxHQUFHLDZHQUE2RyxDQUFDO0FBQ3JJLE1BQU0sZ0JBQWdCLEdBQUcsaUJBQWlCLENBQUM7QUFDM0MsTUFBTSxVQUFVLEdBQUcsc0JBQXNCLENBQUM7QUFFMUM7O0dBRUc7QUFDSCxNQUFNLFVBQVUsU0FBUyxDQUFDLEVBQVU7SUFDbEMsT0FBTyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDcEQsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLFdBQVcsQ0FBQyxFQUFVO0lBQ3BDLE9BQU8sVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUM3QixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsV0FBVyxDQUFDLEVBQVU7SUFDcEMsT0FBTyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQzdCLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxlQUFlLENBQUMsUUFBZ0I7SUFDOUMsT0FBTyxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0FBQ3ZDLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxnQkFBZ0IsQ0FBQyxTQUFpQjtJQUNoRCxPQUFPLGdCQUFnQixDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUMxQyxDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsV0FBVyxDQUFDLElBQVk7SUFDdEMsT0FBTyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxXQUFXLENBQUMsR0FBYztJQUN4QyxJQUFJLENBQUMsR0FBRztRQUFFLE9BQU87SUFFakIsS0FBSyxNQUFNLEVBQUUsSUFBSSxHQUFHLEVBQUUsQ0FBQztRQUNyQixJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDbkIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDhCQUE4QixFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ25FLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLFlBQVksQ0FBQyxJQUFhO0lBQ3hDLElBQUksQ0FBQyxJQUFJO1FBQUUsT0FBTztJQUVsQixJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7UUFDL0MsTUFBTSxJQUFJLGtCQUFrQixDQUFDLHdCQUF3QixJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQy9ELENBQUM7QUFDSCxDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsaUJBQWlCLENBQUMsU0FBa0I7SUFDbEQsSUFBSSxDQUFDLFNBQVM7UUFBRSxPQUFPO0lBRXZCLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1FBQ2pDLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsdUJBQXVCLFNBQVMsNkRBQTZELENBQzlGLENBQUM7SUFDSixDQUFDO0FBQ0gsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLG1CQUFtQixDQUFDLEdBQWdDO0lBQ2xFLElBQUksQ0FBQyxHQUFHLEVBQUUsT0FBTztRQUFFLE9BQU87SUFFMUIsSUFBSSxHQUFHLENBQUMsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQzdDLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsd0JBQXdCLEdBQUcsQ0FBQyxPQUFPLDJDQUEyQyxDQUMvRSxDQUFDO0lBQ0osQ0FBQztJQUVELElBQUksR0FBRyxDQUFDLFFBQVEsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUMvQixJQUFJLEdBQUcsQ0FBQyxRQUFRLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEdBQUcsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUM3RSxNQUFNLElBQUksa0JBQWtCLENBQzFCLHFCQUFxQixHQUFHLENBQUMsUUFBUSx3Q0FBd0MsQ0FDMUUsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLGdCQUFnQixDQUFDLFFBQTZCO0lBQzVELHdCQUF3QjtJQUN4QixhQUFhLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ2pDLGFBQWEsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFL0Isd0JBQXdCO0lBQ3hCLFdBQVcsQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDbEMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUVsQyx1QkFBdUI7SUFDdkIsWUFBWSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUU5QixzQkFBc0I7SUFDdEIsaUJBQWlCLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBRXRDLHdCQUF3QjtJQUN4QixtQkFBbUIsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDcEMsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLGFBQWEsQ0FBQyxFQUFVLEVBQUUsTUFBb0I7SUFDNUQsSUFBSSxNQUFNLEtBQUssS0FBSyxFQUFFLENBQUM7UUFDckIsT0FBTyxFQUFFLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFCLENBQUM7SUFDRCxPQUFPLEVBQUUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDMUIsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLGlCQUFpQixDQUFDLEdBQWEsRUFBRSxNQUFvQjtJQUNuRSxPQUFPLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxhQUFhLENBQUMsRUFBRSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7QUFDckQsQ0FBQyJ9