@serve.zone/dcrouter 11.0.44 → 11.0.46

package/dist_ts/radius/classes.radius.server.d.ts

@@ -0,0 +1,171 @@
+import type { StorageManager } from '../storage/index.js';
+import { VlanManager, type IMacVlanMapping, type IVlanManagerConfig } from './classes.vlan.manager.js';
+import { AccountingManager, type IAccountingManagerConfig } from './classes.accounting.manager.js';
+/**
+ * RADIUS client (NAS) configuration
+ */
+export interface IRadiusClient {
+    /** Client name for identification */
+    name: string;
+    /** IP address or CIDR range */
+    ipRange: string;
+    /** Shared secret for this client */
+    secret: string;
+    /** Optional description */
+    description?: string;
+    /** Whether this client is enabled */
+    enabled: boolean;
+}
+/**
+ * RADIUS server configuration
+ */
+export interface IRadiusServerConfig {
+    /** Authentication port (default: 1812) */
+    authPort?: number;
+    /** Accounting port (default: 1813) */
+    acctPort?: number;
+    /** Bind address (default: 0.0.0.0) */
+    bindAddress?: string;
+    /** NAS clients configuration */
+    clients: IRadiusClient[];
+    /** VLAN assignment configuration */
+    vlanAssignment?: IVlanManagerConfig & {
+        /** Static MAC to VLAN mappings */
+        mappings?: Array<Omit<IMacVlanMapping, 'createdAt' | 'updatedAt'>>;
+    };
+    /** Accounting configuration */
+    accounting?: IAccountingManagerConfig & {
+        /** Whether accounting is enabled */
+        enabled: boolean;
+    };
+}
+/**
+ * RADIUS authentication result
+ */
+export interface IRadiusAuthResult {
+    /** Whether authentication was successful */
+    success: boolean;
+    /** Reject reason (if not successful) */
+    rejectReason?: string;
+    /** Reply message to send to client */
+    replyMessage?: string;
+    /** Session timeout in seconds */
+    sessionTimeout?: number;
+    /** Idle timeout in seconds */
+    idleTimeout?: number;
+    /** VLAN to assign */
+    vlanId?: number;
+    /** Framed IP address to assign */
+    framedIpAddress?: string;
+}
+/**
+ * Authentication request data from RADIUS
+ */
+export interface IAuthRequestData {
+    username: string;
+    password?: string;
+    nasIpAddress: string;
+    nasPort?: number;
+    nasPortType?: string;
+    nasIdentifier?: string;
+    calledStationId?: string;
+    callingStationId?: string;
+    serviceType?: string;
+    framedMtu?: number;
+}
+/**
+ * RADIUS Server wrapper that provides:
+ * - MAC Authentication Bypass (MAB) for network devices
+ * - VLAN assignment based on MAC address
+ * - Accounting for session tracking and billing
+ * - Integration with SmartProxy routing
+ */
+export declare class RadiusServer {
+    private radiusServer?;
+    private vlanManager;
+    private accountingManager;
+    private config;
+    private storageManager?;
+    private clientSecrets;
+    private running;
+    private stats;
+    constructor(config: IRadiusServerConfig, storageManager?: StorageManager);
+    /**
+     * Start the RADIUS server
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the RADIUS server
+     */
+    stop(): Promise<void>;
+    /**
+     * Handle authentication request
+     */
+    private handleAuthentication;
+    /**
+     * Handle accounting request
+     */
+    private handleAccounting;
+    /**
+     * Perform MAC Authentication Bypass
+     */
+    private performMabAuthentication;
+    /**
+     * Extract MAC address from authentication data
+     */
+    private extractMacAddress;
+    /**
+     * Check if a string looks like a MAC address
+     */
+    private looksLikeMac;
+    /**
+     * Normalize MAC address format
+     */
+    private normalizeMac;
+    /**
+     * Build client secrets map from configuration
+     */
+    private buildClientSecretsMap;
+    /**
+     * Get default secret for unknown clients
+     */
+    private getDefaultSecret;
+    /**
+     * Add a RADIUS client
+     */
+    addClient(client: IRadiusClient): Promise<void>;
+    /**
+     * Remove a RADIUS client
+     */
+    removeClient(name: string): boolean;
+    /**
+     * Get configured clients
+     */
+    getClients(): IRadiusClient[];
+    /**
+     * Get VLAN manager for direct access to VLAN operations
+     */
+    getVlanManager(): VlanManager;
+    /**
+     * Get accounting manager for direct access to accounting operations
+     */
+    getAccountingManager(): AccountingManager;
+    /**
+     * Get server statistics
+     */
+    getStats(): {
+        running: boolean;
+        uptime: number;
+        authRequests: number;
+        authAccepts: number;
+        authRejects: number;
+        accountingRequests: number;
+        activeSessions: number;
+        vlanMappings: number;
+        clients: number;
+    };
+    /**
+     * Check if server is running
+     */
+    isRunning(): boolean;
+}

package/dist_ts/radius/classes.radius.server.js

@@ -0,0 +1,385 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { VlanManager } from './classes.vlan.manager.js';
+import { AccountingManager } from './classes.accounting.manager.js';
+/**
+ * RADIUS Server wrapper that provides:
+ * - MAC Authentication Bypass (MAB) for network devices
+ * - VLAN assignment based on MAC address
+ * - Accounting for session tracking and billing
+ * - Integration with SmartProxy routing
+ */
+export class RadiusServer {
+    radiusServer;
+    vlanManager;
+    accountingManager;
+    config;
+    storageManager;
+    clientSecrets = new Map();
+    running = false;
+    // Statistics
+    stats = {
+        authRequests: 0,
+        authAccepts: 0,
+        authRejects: 0,
+        accountingRequests: 0,
+        startTime: 0,
+    };
+    constructor(config, storageManager) {
+        this.config = {
+            authPort: config.authPort ?? 1812,
+            acctPort: config.acctPort ?? 1813,
+            bindAddress: config.bindAddress ?? '0.0.0.0',
+            ...config,
+        };
+        this.storageManager = storageManager;
+        // Initialize VLAN manager
+        this.vlanManager = new VlanManager(config.vlanAssignment, storageManager);
+        // Initialize accounting manager
+        this.accountingManager = new AccountingManager(config.accounting, storageManager);
+    }
+    /**
+     * Start the RADIUS server
+     */
+    async start() {
+        if (this.running) {
+            logger.log('warn', 'RADIUS server is already running');
+            return;
+        }
+        logger.log('info', `Starting RADIUS server on ${this.config.bindAddress}:${this.config.authPort} (auth) and ${this.config.acctPort} (acct)`);
+        // Initialize managers
+        await this.vlanManager.initialize();
+        await this.accountingManager.initialize();
+        // Import static VLAN mappings if provided
+        if (this.config.vlanAssignment?.mappings) {
+            await this.vlanManager.importMappings(this.config.vlanAssignment.mappings);
+        }
+        // Build client secrets map
+        this.buildClientSecretsMap();
+        // Create the RADIUS server
+        this.radiusServer = new plugins.smartradius.RadiusServer({
+            authPort: this.config.authPort,
+            acctPort: this.config.acctPort,
+            bindAddress: this.config.bindAddress,
+            defaultSecret: this.getDefaultSecret(),
+            authenticationHandler: this.handleAuthentication.bind(this),
+            accountingHandler: this.handleAccounting.bind(this),
+        });
+        // Configure per-client secrets
+        for (const [ip, secret] of this.clientSecrets) {
+            this.radiusServer.setClientSecret(ip, secret);
+        }
+        // Start the server
+        await this.radiusServer.start();
+        this.running = true;
+        this.stats.startTime = Date.now();
+        logger.log('info', `RADIUS server started with ${this.config.clients.length} configured clients`);
+    }
+    /**
+     * Stop the RADIUS server
+     */
+    async stop() {
+        if (!this.running) {
+            return;
+        }
+        logger.log('info', 'Stopping RADIUS server...');
+        if (this.radiusServer) {
+            await this.radiusServer.stop();
+            this.radiusServer = undefined;
+        }
+        this.running = false;
+        logger.log('info', 'RADIUS server stopped');
+    }
+    /**
+     * Handle authentication request
+     */
+    async handleAuthentication(request) {
+        this.stats.authRequests++;
+        const authData = {
+            username: request.attributes?.UserName || '',
+            password: request.attributes?.UserPassword,
+            nasIpAddress: request.attributes?.NasIpAddress || request.source?.address || '',
+            nasPort: request.attributes?.NasPort,
+            nasPortType: request.attributes?.NasPortType,
+            nasIdentifier: request.attributes?.NasIdentifier,
+            calledStationId: request.attributes?.CalledStationId,
+            callingStationId: request.attributes?.CallingStationId,
+            serviceType: request.attributes?.ServiceType,
+        };
+        logger.log('debug', `RADIUS Auth Request: user=${authData.username}, NAS=${authData.nasIpAddress}`);
+        // Perform MAC Authentication Bypass (MAB)
+        // In MAB, the username is typically the MAC address
+        const result = await this.performMabAuthentication(authData);
+        if (result.success) {
+            this.stats.authAccepts++;
+            logger.log('info', `RADIUS Auth Accept: user=${authData.username}, VLAN=${result.vlanId}`);
+            // Build response with VLAN attributes
+            const response = {
+                code: plugins.smartradius.ERadiusCode.AccessAccept,
+                replyMessage: result.replyMessage,
+            };
+            // Add VLAN attributes if assigned
+            if (result.vlanId !== undefined) {
+                response.tunnelType = 13; // VLAN
+                response.tunnelMediumType = 6; // IEEE 802
+                response.tunnelPrivateGroupId = String(result.vlanId);
+            }
+            // Add session timeout if specified
+            if (result.sessionTimeout) {
+                response.sessionTimeout = result.sessionTimeout;
+            }
+            // Add idle timeout if specified
+            if (result.idleTimeout) {
+                response.idleTimeout = result.idleTimeout;
+            }
+            // Add framed IP if specified
+            if (result.framedIpAddress) {
+                response.framedIpAddress = result.framedIpAddress;
+            }
+            return response;
+        }
+        else {
+            this.stats.authRejects++;
+            logger.log('warn', `RADIUS Auth Reject: user=${authData.username}, reason=${result.rejectReason}`);
+            return {
+                code: plugins.smartradius.ERadiusCode.AccessReject,
+                replyMessage: result.rejectReason || 'Access Denied',
+            };
+        }
+    }
+    /**
+     * Handle accounting request
+     */
+    async handleAccounting(request) {
+        this.stats.accountingRequests++;
+        if (!this.config.accounting?.enabled) {
+            // Still respond even if not tracking
+            return { code: plugins.smartradius.ERadiusCode.AccountingResponse };
+        }
+        const statusType = request.attributes?.AcctStatusType;
+        const sessionId = request.attributes?.AcctSessionId || '';
+        const accountingData = {
+            sessionId,
+            username: request.attributes?.UserName || '',
+            macAddress: request.attributes?.CallingStationId,
+            nasIpAddress: request.attributes?.NasIpAddress || request.source?.address || '',
+            nasPort: request.attributes?.NasPort,
+            nasPortType: request.attributes?.NasPortType,
+            nasIdentifier: request.attributes?.NasIdentifier,
+            calledStationId: request.attributes?.CalledStationId,
+            callingStationId: request.attributes?.CallingStationId,
+            inputOctets: request.attributes?.AcctInputOctets,
+            outputOctets: request.attributes?.AcctOutputOctets,
+            inputPackets: request.attributes?.AcctInputPackets,
+            outputPackets: request.attributes?.AcctOutputPackets,
+            sessionTime: request.attributes?.AcctSessionTime,
+            terminateCause: request.attributes?.AcctTerminateCause,
+            serviceType: request.attributes?.ServiceType,
+        };
+        try {
+            switch (statusType) {
+                case plugins.smartradius.EAcctStatusType.Start:
+                    logger.log('debug', `RADIUS Acct Start: session=${sessionId}, user=${accountingData.username}`);
+                    await this.accountingManager.handleAccountingStart(accountingData);
+                    break;
+                case plugins.smartradius.EAcctStatusType.Stop:
+                    logger.log('debug', `RADIUS Acct Stop: session=${sessionId}`);
+                    await this.accountingManager.handleAccountingStop(accountingData);
+                    break;
+                case plugins.smartradius.EAcctStatusType.InterimUpdate:
+                    logger.log('debug', `RADIUS Acct Interim: session=${sessionId}`);
+                    await this.accountingManager.handleAccountingUpdate(accountingData);
+                    break;
+                default:
+                    logger.log('debug', `RADIUS Acct Unknown status type: ${statusType}`);
+            }
+        }
+        catch (error) {
+            logger.log('error', `RADIUS accounting error: ${error.message}`);
+        }
+        return { code: plugins.smartradius.ERadiusCode.AccountingResponse };
+    }
+    /**
+     * Perform MAC Authentication Bypass
+     */
+    async performMabAuthentication(data) {
+        // Extract MAC address from username or CallingStationId
+        const macAddress = this.extractMacAddress(data);
+        if (!macAddress) {
+            return {
+                success: false,
+                rejectReason: 'No MAC address found',
+            };
+        }
+        // Look up VLAN assignment
+        const vlanResult = this.vlanManager.assignVlan(macAddress);
+        if (!vlanResult.assigned) {
+            return {
+                success: false,
+                rejectReason: 'Unknown MAC address',
+            };
+        }
+        // Build successful result
+        const result = {
+            success: true,
+            vlanId: vlanResult.vlan,
+            replyMessage: vlanResult.isDefault
+                ? `Assigned to default VLAN ${vlanResult.vlan}`
+                : `Assigned to VLAN ${vlanResult.vlan}`,
+        };
+        // Apply any additional settings from the matched rule
+        if (vlanResult.matchedRule) {
+            // Future: Add session timeout, idle timeout, etc. from rule
+        }
+        return result;
+    }
+    /**
+     * Extract MAC address from authentication data
+     */
+    extractMacAddress(data) {
+        // Try CallingStationId first (most common for MAB)
+        if (data.callingStationId) {
+            return this.normalizeMac(data.callingStationId);
+        }
+        // Try username (often MAC address in MAB)
+        if (data.username && this.looksLikeMac(data.username)) {
+            return this.normalizeMac(data.username);
+        }
+        return null;
+    }
+    /**
+     * Check if a string looks like a MAC address
+     */
+    looksLikeMac(value) {
+        // Remove common separators and check length
+        const cleaned = value.replace(/[-:. ]/g, '');
+        return /^[0-9a-fA-F]{12}$/.test(cleaned);
+    }
+    /**
+     * Normalize MAC address format
+     */
+    normalizeMac(mac) {
+        return this.vlanManager.normalizeMac(mac);
+    }
+    /**
+     * Build client secrets map from configuration
+     */
+    buildClientSecretsMap() {
+        this.clientSecrets.clear();
+        for (const client of this.config.clients) {
+            if (!client.enabled) {
+                continue;
+            }
+            // Handle CIDR ranges
+            if (client.ipRange.includes('/')) {
+                // For CIDR ranges, we'll use the network address as key
+                // In practice, smartradius may handle this differently
+                const [network] = client.ipRange.split('/');
+                this.clientSecrets.set(network, client.secret);
+            }
+            else {
+                this.clientSecrets.set(client.ipRange, client.secret);
+            }
+        }
+    }
+    /**
+     * Get default secret for unknown clients
+     */
+    getDefaultSecret() {
+        // Use first enabled client's secret as default, or a random one
+        for (const client of this.config.clients) {
+            if (client.enabled) {
+                return client.secret;
+            }
+        }
+        return plugins.crypto.randomBytes(16).toString('hex');
+    }
+    /**
+     * Add a RADIUS client
+     */
+    async addClient(client) {
+        // Check if client already exists
+        const existingIndex = this.config.clients.findIndex(c => c.name === client.name);
+        if (existingIndex >= 0) {
+            this.config.clients[existingIndex] = client;
+        }
+        else {
+            this.config.clients.push(client);
+        }
+        // Update client secrets if running
+        if (this.running && this.radiusServer && client.enabled) {
+            if (client.ipRange.includes('/')) {
+                const [network] = client.ipRange.split('/');
+                this.radiusServer.setClientSecret(network, client.secret);
+                this.clientSecrets.set(network, client.secret);
+            }
+            else {
+                this.radiusServer.setClientSecret(client.ipRange, client.secret);
+                this.clientSecrets.set(client.ipRange, client.secret);
+            }
+        }
+        logger.log('info', `RADIUS client ${client.enabled ? 'added' : 'disabled'}: ${client.name} (${client.ipRange})`);
+    }
+    /**
+     * Remove a RADIUS client
+     */
+    removeClient(name) {
+        const index = this.config.clients.findIndex(c => c.name === name);
+        if (index >= 0) {
+            const client = this.config.clients[index];
+            this.config.clients.splice(index, 1);
+            // Remove from secrets map
+            if (client.ipRange.includes('/')) {
+                const [network] = client.ipRange.split('/');
+                this.clientSecrets.delete(network);
+            }
+            else {
+                this.clientSecrets.delete(client.ipRange);
+            }
+            logger.log('info', `RADIUS client removed: ${name}`);
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Get configured clients
+     */
+    getClients() {
+        return [...this.config.clients];
+    }
+    /**
+     * Get VLAN manager for direct access to VLAN operations
+     */
+    getVlanManager() {
+        return this.vlanManager;
+    }
+    /**
+     * Get accounting manager for direct access to accounting operations
+     */
+    getAccountingManager() {
+        return this.accountingManager;
+    }
+    /**
+     * Get server statistics
+     */
+    getStats() {
+        return {
+            running: this.running,
+            uptime: this.running ? Date.now() - this.stats.startTime : 0,
+            authRequests: this.stats.authRequests,
+            authAccepts: this.stats.authAccepts,
+            authRejects: this.stats.authRejects,
+            accountingRequests: this.stats.accountingRequests,
+            activeSessions: this.accountingManager.getStats().activeSessions,
+            vlanMappings: this.vlanManager.getStats().totalMappings,
+            clients: this.config.clients.filter(c => c.enabled).length,
+        };
+    }
+    /**
+     * Check if server is running
+     */
+    isRunning() {
+        return this.running;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5yYWRpdXMuc2VydmVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvcmFkaXVzL2NsYXNzZXMucmFkaXVzLnNlcnZlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGVBQWUsQ0FBQztBQUN6QyxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRXRDLE9BQU8sRUFBRSxXQUFXLEVBQWlELE1BQU0sMkJBQTJCLENBQUM7QUFDdkcsT0FBTyxFQUFFLGlCQUFpQixFQUEwRCxNQUFNLGlDQUFpQyxDQUFDO0FBOEU1SDs7Ozs7O0dBTUc7QUFDSCxNQUFNLE9BQU8sWUFBWTtJQUNmLFlBQVksQ0FBb0M7SUFDaEQsV0FBVyxDQUFjO0lBQ3pCLGlCQUFpQixDQUFvQjtJQUNyQyxNQUFNLENBQXNCO0lBQzVCLGNBQWMsQ0FBa0I7SUFDaEMsYUFBYSxHQUF3QixJQUFJLEdBQUcsRUFBRSxDQUFDO0lBQy9DLE9BQU8sR0FBWSxLQUFLLENBQUM7SUFFakMsYUFBYTtJQUNMLEtBQUssR0FBRztRQUNkLFlBQVksRUFBRSxDQUFDO1FBQ2YsV0FBVyxFQUFFLENBQUM7UUFDZCxXQUFXLEVBQUUsQ0FBQztRQUNkLGtCQUFrQixFQUFFLENBQUM7UUFDckIsU0FBUyxFQUFFLENBQUM7S0FDYixDQUFDO0lBRUYsWUFBWSxNQUEyQixFQUFFLGNBQStCO1FBQ3RFLElBQUksQ0FBQyxNQUFNLEdBQUc7WUFDWixRQUFRLEVBQUUsTUFBTSxDQUFDLFFBQVEsSUFBSSxJQUFJO1lBQ2pDLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUSxJQUFJLElBQUk7WUFDakMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxXQUFXLElBQUksU0FBUztZQUM1QyxHQUFHLE1BQU07U0FDVixDQUFDO1FBQ0YsSUFBSSxDQUFDLGNBQWMsR0FBRyxjQUFjLENBQUM7UUFFckMsMEJBQTBCO1FBQzFCLElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxXQUFXLENBQUMsTUFBTSxDQUFDLGNBQWMsRUFBRSxjQUFjLENBQUMsQ0FBQztRQUUxRSxnQ0FBZ0M7UUFDaEMsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksaUJBQWlCLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRSxjQUFjLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQ7O09BRUc7SUFDSCxLQUFLLENBQUMsS0FBSztRQUNULElBQUksSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2pCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGtDQUFrQyxDQUFDLENBQUM7WUFDdkQsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLGVBQWUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLFNBQVMsQ0FBQyxDQUFDO1FBRTdJLHNCQUFzQjtRQUN0QixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDcEMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsVUFBVSxFQUFFLENBQUM7UUFFMUMsMENBQTBDO1FBQzFDLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxjQUFjLEVBQUUsUUFBUSxFQUFFLENBQUM7WUFDekMsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBRUQsMkJBQTJCO1FBQzNCLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1FBRTdCLDJCQUEyQjtRQUMzQixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksT0FBTyxDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUM7WUFDdkQsUUFBUSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUTtZQUM5QixRQUFRLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRO1lBQzlCLFdBQVcsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVc7WUFDcEMsYUFBYSxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsRUFBRTtZQUN0QyxxQkFBcUIsRUFBRSxJQUFJLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztZQUMzRCxpQkFBaUIsRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztTQUNwRCxDQUFDLENBQUM7UUFFSCwrQkFBK0I7UUFDL0IsS0FBSyxNQUFNLENBQUMsRUFBRSxFQUFFLE1BQU0sQ0FBQyxJQUFJLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUM5QyxJQUFJLENBQUMsWUFBWSxDQUFDLGVBQWUsQ0FBQyxFQUFFLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDaEQsQ0FBQztRQUVELG1CQUFtQjtRQUNuQixNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsS0FBSyxFQUFFLENBQUM7UUFFaEMsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUM7UUFDcEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBRWxDLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDhCQUE4QixJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxNQUFNLHFCQUFxQixDQUFDLENBQUM7SUFDcEcsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLElBQUk7UUFDUixJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2xCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMkJBQTJCLENBQUMsQ0FBQztRQUVoRCxJQUFJLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDL0IsSUFBSSxDQUFDLFlBQVksR0FBRyxTQUFTLENBQUM7UUFDaEMsQ0FBQztRQUVELElBQUksQ0FBQyxPQUFPLEdBQUcsS0FBSyxDQUFDO1FBQ3JCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHVCQUF1QixDQUFDLENBQUM7SUFDOUMsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLG9CQUFvQixDQUFDLE9BQVk7UUFDN0MsSUFBSSxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUUxQixNQUFNLFFBQVEsR0FBcUI7WUFDakMsUUFBUSxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsUUFBUSxJQUFJLEVBQUU7WUFDNUMsUUFBUSxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsWUFBWTtZQUMxQyxZQUFZLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxZQUFZLElBQUksT0FBTyxDQUFDLE1BQU0sRUFBRSxPQUFPLElBQUksRUFBRTtZQUMvRSxPQUFPLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxPQUFPO1lBQ3BDLFdBQVcsRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLFdBQVc7WUFDNUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsYUFBYTtZQUNoRCxlQUFlLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxlQUFlO1lBQ3BELGdCQUFnQixFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsZ0JBQWdCO1lBQ3RELFdBQVcsRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLFdBQVc7U0FDN0MsQ0FBQztRQUVGLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDZCQUE2QixRQUFRLENBQUMsUUFBUSxTQUFTLFFBQVEsQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBRXBHLDBDQUEwQztRQUMxQyxvREFBb0Q7UUFDcEQsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsd0JBQXdCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFN0QsSUFBSSxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDbkIsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUN6QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsUUFBUSxDQUFDLFFBQVEsVUFBVSxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUUzRixzQ0FBc0M7WUFDdEMsTUFBTSxRQUFRLEdBQVE7Z0JBQ3BCLElBQUksRUFBRSxPQUFPLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxZQUFZO2dCQUNsRCxZQUFZLEVBQUUsTUFBTSxDQUFDLFlBQVk7YUFDbEMsQ0FBQztZQUVGLGtDQUFrQztZQUNsQyxJQUFJLE1BQU0sQ0FBQyxNQUFNLEtBQUssU0FBUyxFQUFFLENBQUM7Z0JBQ2hDLFFBQVEsQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDLENBQUMsT0FBTztnQkFDakMsUUFBUSxDQUFDLGdCQUFnQixHQUFHLENBQUMsQ0FBQyxDQUFDLFdBQVc7Z0JBQzFDLFFBQVEsQ0FBQyxvQkFBb0IsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3hELENBQUM7WUFFRCxtQ0FBbUM7WUFDbkMsSUFBSSxNQUFNLENBQUMsY0FBYyxFQUFFLENBQUM7Z0JBQzFCLFFBQVEsQ0FBQyxjQUFjLEdBQUcsTUFBTSxDQUFDLGNBQWMsQ0FBQztZQUNsRCxDQUFDO1lBRUQsZ0NBQWdDO1lBQ2hDLElBQUksTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO2dCQUN2QixRQUFRLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUM7WUFDNUMsQ0FBQztZQUVELDZCQUE2QjtZQUM3QixJQUFJLE1BQU0sQ0FBQyxlQUFlLEVBQUUsQ0FBQztnQkFDM0IsUUFBUSxDQUFDLGVBQWUsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDO1lBQ3BELENBQUM7WUFFRCxPQUFPLFFBQVEsQ0FBQztRQUNsQixDQUFDO2FBQU0sQ0FBQztZQUNOLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDekIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNEJBQTRCLFFBQVEsQ0FBQyxRQUFRLFlBQVksTUFBTSxDQUFDLFlBQVksRUFBRSxDQUFDLENBQUM7WUFFbkcsT0FBTztnQkFDTCxJQUFJLEVBQUUsT0FBTyxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsWUFBWTtnQkFDbEQsWUFBWSxFQUFFLE1BQU0sQ0FBQyxZQUFZLElBQUksZUFBZTthQUNyRCxDQUFDO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFZO1FBQ3pDLElBQUksQ0FBQyxLQUFLLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUVoQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxVQUFVLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDckMscUNBQXFDO1lBQ3JDLE9BQU8sRUFBRSxJQUFJLEVBQUUsT0FBTyxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUN0RSxDQUFDO1FBRUQsTUFBTSxVQUFVLEdBQUcsT0FBTyxDQUFDLFVBQVUsRUFBRSxjQUFjLENBQUM7UUFDdEQsTUFBTSxTQUFTLEdBQUcsT0FBTyxDQUFDLFVBQVUsRUFBRSxhQUFhLElBQUksRUFBRSxDQUFDO1FBRTFELE1BQU0sY0FBYyxHQUFHO1lBQ3JCLFNBQVM7WUFDVCxRQUFRLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxRQUFRLElBQUksRUFBRTtZQUM1QyxVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxnQkFBZ0I7WUFDaEQsWUFBWSxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsWUFBWSxJQUFJLE9BQU8sQ0FBQyxNQUFNLEVBQUUsT0FBTyxJQUFJLEVBQUU7WUFDL0UsT0FBTyxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsT0FBTztZQUNwQyxXQUFXLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxXQUFXO1lBQzVDLGFBQWEsRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLGFBQWE7WUFDaEQsZUFBZSxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsZUFBZTtZQUNwRCxnQkFBZ0IsRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLGdCQUFnQjtZQUN0RCxXQUFXLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxlQUFlO1lBQ2hELFlBQVksRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLGdCQUFnQjtZQUNsRCxZQUFZLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxnQkFBZ0I7WUFDbEQsYUFBYSxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsaUJBQWlCO1lBQ3BELFdBQVcsRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLGVBQWU7WUFDaEQsY0FBYyxFQUFFLE9BQU8sQ0FBQyxVQUFVLEVBQUUsa0JBQWtCO1lBQ3RELFdBQVcsRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLFdBQVc7U0FDN0MsQ0FBQztRQUVGLElBQUksQ0FBQztZQUNILFFBQVEsVUFBVSxFQUFFLENBQUM7Z0JBQ25CLEtBQUssT0FBTyxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQUMsS0FBSztvQkFDNUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsOEJBQThCLFNBQVMsVUFBVSxjQUFjLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQztvQkFDaEcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMscUJBQXFCLENBQUMsY0FBYyxDQUFDLENBQUM7b0JBQ25FLE1BQU07Z0JBRVIsS0FBSyxPQUFPLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQyxJQUFJO29CQUMzQyxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSw2QkFBNkIsU0FBUyxFQUFFLENBQUMsQ0FBQztvQkFDOUQsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsb0JBQW9CLENBQUMsY0FBYyxDQUFDLENBQUM7b0JBQ2xFLE1BQU07Z0JBRVIsS0FBSyxPQUFPLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQyxhQUFhO29CQUNwRCxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxnQ0FBZ0MsU0FBUyxFQUFFLENBQUMsQ0FBQztvQkFDakUsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsc0JBQXNCLENBQUMsY0FBYyxDQUFDLENBQUM7b0JBQ3BFLE1BQU07Z0JBRVI7b0JBQ0UsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsb0NBQW9DLFVBQVUsRUFBRSxDQUFDLENBQUM7WUFDMUUsQ0FBQztRQUNILENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsNEJBQTRCLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sQ0FBQyxXQUFXLENBQUMsV0FBVyxDQUFDLGtCQUFrQixFQUFFLENBQUM7SUFDdEUsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLHdCQUF3QixDQUFDLElBQXNCO1FBQzNELHdEQUF3RDtRQUN4RCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFaEQsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU87Z0JBQ0wsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsWUFBWSxFQUFFLHNCQUFzQjthQUNyQyxDQUFDO1FBQ0osQ0FBQztRQUVELDBCQUEwQjtRQUMxQixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUUzRCxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3pCLE9BQU87Z0JBQ0wsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsWUFBWSxFQUFFLHFCQUFxQjthQUNwQyxDQUFDO1FBQ0osQ0FBQztRQUVELDBCQUEwQjtRQUMxQixNQUFNLE1BQU0sR0FBc0I7WUFDaEMsT0FBTyxFQUFFLElBQUk7WUFDYixNQUFNLEVBQUUsVUFBVSxDQUFDLElBQUk7WUFDdkIsWUFBWSxFQUFFLFVBQVUsQ0FBQyxTQUFTO2dCQUNoQyxDQUFDLENBQUMsNEJBQTRCLFVBQVUsQ0FBQyxJQUFJLEVBQUU7Z0JBQy9DLENBQUMsQ0FBQyxvQkFBb0IsVUFBVSxDQUFDLElBQUksRUFBRTtTQUMxQyxDQUFDO1FBRUYsc0RBQXNEO1FBQ3RELElBQUksVUFBVSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNCLDREQUE0RDtRQUM5RCxDQUFDO1FBRUQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVEOztPQUVHO0lBQ0ssaUJBQWlCLENBQUMsSUFBc0I7UUFDOUMsbURBQW1EO1FBQ25ELElBQUksSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDMUIsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ2xELENBQUM7UUFFRCwwQ0FBMEM7UUFDMUMsSUFBSSxJQUFJLENBQUMsUUFBUSxJQUFJLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDdEQsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMxQyxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxZQUFZLENBQUMsS0FBYTtRQUNoQyw0Q0FBNEM7UUFDNUMsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDN0MsT0FBTyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOztPQUVHO0lBQ0ssWUFBWSxDQUFDLEdBQVc7UUFDOUIsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7O09BRUc7SUFDSyxxQkFBcUI7UUFDM0IsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUUzQixLQUFLLE1BQU0sTUFBTSxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDekMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDcEIsU0FBUztZQUNYLENBQUM7WUFFRCxxQkFBcUI7WUFDckIsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNqQyx3REFBd0Q7Z0JBQ3hELHVEQUF1RDtnQkFDdkQsTUFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUM1QyxJQUFJLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pELENBQUM7aUJBQU0sQ0FBQztnQkFDTixJQUFJLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN4RCxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLGdCQUFnQjtRQUN0QixnRUFBZ0U7UUFDaEUsS0FBSyxNQUFNLE1BQU0sSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3pDLElBQUksTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNuQixPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUM7WUFDdkIsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN4RCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxLQUFLLENBQUMsU0FBUyxDQUFDLE1BQXFCO1FBQ25DLGlDQUFpQztRQUNqQyxNQUFNLGFBQWEsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxLQUFLLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNqRixJQUFJLGFBQWEsSUFBSSxDQUFDLEVBQUUsQ0FBQztZQUN2QixJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsR0FBRyxNQUFNLENBQUM7UUFDOUMsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkMsQ0FBQztRQUVELG1DQUFtQztRQUNuQyxJQUFJLElBQUksQ0FBQyxPQUFPLElBQUksSUFBSSxDQUFDLFlBQVksSUFBSSxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDeEQsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNqQyxNQUFNLENBQUMsT0FBTyxDQUFDLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQzVDLElBQUksQ0FBQyxZQUFZLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQzFELElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDakQsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLElBQUksQ0FBQyxZQUFZLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUNqRSxJQUFJLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN4RCxDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGlCQUFpQixNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLFVBQVUsS0FBSyxNQUFNLENBQUMsSUFBSSxLQUFLLE1BQU0sQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO0lBQ25ILENBQUM7SUFFRDs7T0FFRztJQUNILFlBQVksQ0FBQyxJQUFZO1FBQ3ZCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLEtBQUssSUFBSSxDQUFDLENBQUM7UUFDbEUsSUFBSSxLQUFLLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDZixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUMxQyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBRXJDLDBCQUEwQjtZQUMxQixJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ2pDLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDNUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDckMsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUM1QyxDQUFDO1lBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMEJBQTBCLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckQsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQ7O09BRUc7SUFDSCxVQUFVO1FBQ1IsT0FBTyxDQUFDLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxjQUFjO1FBQ1osT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDO0lBQzFCLENBQUM7SUFFRDs7T0FFRztJQUNILG9CQUFvQjtRQUNsQixPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxRQUFRO1FBV04sT0FBTztZQUNMLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixNQUFNLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzVELFlBQVksRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLFlBQVk7WUFDckMsV0FBVyxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVztZQUNuQyxXQUFXLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXO1lBQ25DLGtCQUFrQixFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsa0JBQWtCO1lBQ2pELGNBQWMsRUFBRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsUUFBUSxFQUFFLENBQUMsY0FBYztZQUNoRSxZQUFZLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxhQUFhO1lBQ3ZELE9BQU8sRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTTtTQUMzRCxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsU0FBUztRQUNQLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUN0QixDQUFDO0NBQ0YifQ==