@serve.zone/dcrouter 13.17.0 → 13.17.3

package/dist_ts/radius/classes.accounting.manager.js

@@ -0,0 +1,449 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { AccountingSessionDoc } from '../db/index.js';
+/**
+ * Manages RADIUS accounting data including:
+ * - Session tracking (start/stop/interim)
+ * - Data usage tracking (bytes in/out)
+ * - Session history and retention
+ * - Billing reports and summaries
+ */
+export class AccountingManager {
+    activeSessions = new Map();
+    config;
+    staleSessionSweepTimer;
+    // Counters for statistics
+    stats = {
+        totalSessionsStarted: 0,
+        totalSessionsStopped: 0,
+        totalInputBytes: 0,
+        totalOutputBytes: 0,
+        interimUpdatesReceived: 0,
+    };
+    constructor(config) {
+        this.config = {
+            retentionDays: config?.retentionDays ?? 30,
+            detailedLogging: config?.detailedLogging ?? false,
+            maxActiveSessions: config?.maxActiveSessions ?? 10000,
+            staleSessionTimeoutHours: config?.staleSessionTimeoutHours ?? 24,
+        };
+    }
+    /**
+     * Initialize the accounting manager
+     */
+    async initialize() {
+        await this.loadActiveSessions();
+        // Start periodic sweep to evict stale sessions (every 15 minutes)
+        this.staleSessionSweepTimer = setInterval(() => {
+            this.sweepStaleSessions();
+        }, 15 * 60 * 1000);
+        // Allow the process to exit even if the timer is pending
+        if (this.staleSessionSweepTimer.unref) {
+            this.staleSessionSweepTimer.unref();
+        }
+        logger.log('info', `AccountingManager initialized with ${this.activeSessions.size} active sessions`);
+    }
+    /**
+     * Stop the accounting manager and clean up timers
+     */
+    stop() {
+        if (this.staleSessionSweepTimer) {
+            clearInterval(this.staleSessionSweepTimer);
+            this.staleSessionSweepTimer = undefined;
+        }
+    }
+    /**
+     * Sweep stale active sessions that have not received any update
+     * within the configured timeout. These are orphaned sessions where
+     * the Stop packet was never received.
+     */
+    sweepStaleSessions() {
+        const timeoutMs = this.config.staleSessionTimeoutHours * 60 * 60 * 1000;
+        const cutoff = Date.now() - timeoutMs;
+        let swept = 0;
+        for (const [sessionId, session] of this.activeSessions) {
+            if (session.lastUpdateTime < cutoff) {
+                session.status = 'terminated';
+                session.terminateCause = 'StaleSessionTimeout';
+                session.endTime = Date.now();
+                session.sessionTime = Math.floor((session.endTime - session.startTime) / 1000);
+                this.persistSession(session).catch(() => { });
+                this.activeSessions.delete(sessionId);
+                swept++;
+            }
+        }
+        if (swept > 0) {
+            logger.log('info', `Swept ${swept} stale RADIUS sessions (no update for ${this.config.staleSessionTimeoutHours}h)`);
+        }
+    }
+    /**
+     * Handle accounting start request
+     */
+    async handleAccountingStart(data) {
+        const now = Date.now();
+        const session = {
+            sessionId: data.sessionId,
+            username: data.username,
+            macAddress: data.macAddress,
+            nasIpAddress: data.nasIpAddress,
+            nasPort: data.nasPort,
+            nasPortType: data.nasPortType,
+            nasIdentifier: data.nasIdentifier,
+            vlanId: data.vlanId,
+            framedIpAddress: data.framedIpAddress,
+            calledStationId: data.calledStationId,
+            callingStationId: data.callingStationId,
+            serviceType: data.serviceType,
+            startTime: now,
+            endTime: 0,
+            lastUpdateTime: now,
+            status: 'active',
+            inputOctets: 0,
+            outputOctets: 0,
+            inputPackets: 0,
+            outputPackets: 0,
+            sessionTime: 0,
+        };
+        // Check if we're at capacity
+        if (this.activeSessions.size >= this.config.maxActiveSessions) {
+            // Remove oldest session
+            const oldest = this.findOldestSession();
+            if (oldest) {
+                await this.evictSession(oldest);
+            }
+        }
+        this.activeSessions.set(data.sessionId, session);
+        this.stats.totalSessionsStarted++;
+        if (this.config.detailedLogging) {
+            logger.log('info', `Accounting Start: session=${data.sessionId}, user=${data.username}, NAS=${data.nasIpAddress}`);
+        }
+        // Persist session
+        await this.persistSession(session);
+    }
+    /**
+     * Handle accounting interim update request
+     */
+    async handleAccountingUpdate(data) {
+        const session = this.activeSessions.get(data.sessionId);
+        if (!session) {
+            logger.log('warn', `Interim update for unknown session: ${data.sessionId}`);
+            return;
+        }
+        // Update session metrics
+        if (data.inputOctets !== undefined) {
+            session.inputOctets = data.inputOctets;
+        }
+        if (data.outputOctets !== undefined) {
+            session.outputOctets = data.outputOctets;
+        }
+        if (data.inputPackets !== undefined) {
+            session.inputPackets = data.inputPackets;
+        }
+        if (data.outputPackets !== undefined) {
+            session.outputPackets = data.outputPackets;
+        }
+        if (data.sessionTime !== undefined) {
+            session.sessionTime = data.sessionTime;
+        }
+        session.lastUpdateTime = Date.now();
+        this.stats.interimUpdatesReceived++;
+        if (this.config.detailedLogging) {
+            logger.log('debug', `Accounting Interim: session=${data.sessionId}, in=${data.inputOctets}, out=${data.outputOctets}`);
+        }
+        // Update persisted session
+        await this.persistSession(session);
+    }
+    /**
+     * Handle accounting stop request
+     */
+    async handleAccountingStop(data) {
+        const session = this.activeSessions.get(data.sessionId);
+        if (!session) {
+            logger.log('warn', `Stop for unknown session: ${data.sessionId}`);
+            return;
+        }
+        // Update final metrics
+        if (data.inputOctets !== undefined) {
+            session.inputOctets = data.inputOctets;
+        }
+        if (data.outputOctets !== undefined) {
+            session.outputOctets = data.outputOctets;
+        }
+        if (data.inputPackets !== undefined) {
+            session.inputPackets = data.inputPackets;
+        }
+        if (data.outputPackets !== undefined) {
+            session.outputPackets = data.outputPackets;
+        }
+        if (data.sessionTime !== undefined) {
+            session.sessionTime = data.sessionTime;
+        }
+        session.endTime = Date.now();
+        session.lastUpdateTime = session.endTime;
+        session.status = 'stopped';
+        session.terminateCause = data.terminateCause;
+        // Update global stats
+        this.stats.totalSessionsStopped++;
+        this.stats.totalInputBytes += session.inputOctets;
+        this.stats.totalOutputBytes += session.outputOctets;
+        if (this.config.detailedLogging) {
+            logger.log('info', `Accounting Stop: session=${data.sessionId}, duration=${session.sessionTime}s, in=${session.inputOctets}, out=${session.outputOctets}`);
+        }
+        // Update status in the database (single collection, no active->archive move needed)
+        await this.persistSession(session);
+        // Remove from active sessions
+        this.activeSessions.delete(data.sessionId);
+    }
+    /**
+     * Get an active session by ID
+     */
+    getSession(sessionId) {
+        return this.activeSessions.get(sessionId);
+    }
+    /**
+     * Get all active sessions
+     */
+    getActiveSessions() {
+        return Array.from(this.activeSessions.values());
+    }
+    /**
+     * Get active sessions by username
+     */
+    getSessionsByUsername(username) {
+        return Array.from(this.activeSessions.values()).filter(s => s.username === username);
+    }
+    /**
+     * Get active sessions by NAS IP
+     */
+    getSessionsByNas(nasIpAddress) {
+        return Array.from(this.activeSessions.values()).filter(s => s.nasIpAddress === nasIpAddress);
+    }
+    /**
+     * Get active sessions by VLAN
+     */
+    getSessionsByVlan(vlanId) {
+        return Array.from(this.activeSessions.values()).filter(s => s.vlanId === vlanId);
+    }
+    /**
+     * Get accounting summary for a time period
+     */
+    async getSummary(startTime, endTime) {
+        // Get archived sessions for the time period
+        const archivedSessions = await this.getArchivedSessions(startTime, endTime);
+        // Combine with active sessions that started within the period
+        const activeSessions = Array.from(this.activeSessions.values()).filter(s => s.startTime >= startTime && s.startTime <= endTime);
+        const allSessions = [...archivedSessions, ...activeSessions];
+        // Calculate summary
+        let totalInputBytes = 0;
+        let totalOutputBytes = 0;
+        let totalSessionTime = 0;
+        const uniqueUsers = new Set();
+        const sessionsByVlan = {};
+        const userTraffic = {};
+        for (const session of allSessions) {
+            totalInputBytes += session.inputOctets;
+            totalOutputBytes += session.outputOctets;
+            totalSessionTime += session.sessionTime;
+            uniqueUsers.add(session.username);
+            if (session.vlanId !== undefined) {
+                sessionsByVlan[session.vlanId] = (sessionsByVlan[session.vlanId] || 0) + 1;
+            }
+            const userBytes = session.inputOctets + session.outputOctets;
+            userTraffic[session.username] = (userTraffic[session.username] || 0) + userBytes;
+        }
+        // Top users by traffic
+        const topUsersByTraffic = Object.entries(userTraffic)
+            .sort((a, b) => b[1] - a[1])
+            .slice(0, 10)
+            .map(([username, totalBytes]) => ({ username, totalBytes }));
+        return {
+            periodStart: startTime,
+            periodEnd: endTime,
+            totalSessions: allSessions.length,
+            activeSessions: activeSessions.length,
+            totalInputBytes,
+            totalOutputBytes,
+            totalSessionTime,
+            averageSessionDuration: allSessions.length > 0 ? totalSessionTime / allSessions.length : 0,
+            uniqueUsers: uniqueUsers.size,
+            sessionsByVlan,
+            topUsersByTraffic,
+        };
+    }
+    /**
+     * Get statistics
+     */
+    getStats() {
+        return {
+            activeSessions: this.activeSessions.size,
+            ...this.stats,
+        };
+    }
+    /**
+     * Disconnect a session (admin action)
+     */
+    async disconnectSession(sessionId, reason = 'AdminReset') {
+        const session = this.activeSessions.get(sessionId);
+        if (!session) {
+            return false;
+        }
+        await this.handleAccountingStop({
+            sessionId,
+            terminateCause: reason,
+            sessionTime: Math.floor((Date.now() - session.startTime) / 1000),
+        });
+        return true;
+    }
+    /**
+     * Clean up old archived sessions based on retention policy
+     */
+    async cleanupOldSessions() {
+        const cutoffTime = Date.now() - this.config.retentionDays * 24 * 60 * 60 * 1000;
+        let deletedCount = 0;
+        try {
+            const oldDocs = await AccountingSessionDoc.findStoppedBefore(cutoffTime);
+            for (const doc of oldDocs) {
+                try {
+                    await doc.delete();
+                    deletedCount++;
+                }
+                catch (error) {
+                    // Ignore individual errors
+                }
+            }
+            if (deletedCount > 0) {
+                logger.log('info', `Cleaned up ${deletedCount} old accounting sessions`);
+            }
+        }
+        catch (error) {
+            logger.log('error', `Failed to cleanup old sessions: ${error.message}`);
+        }
+        return deletedCount;
+    }
+    /**
+     * Find the oldest active session
+     */
+    findOldestSession() {
+        let oldestTime = Infinity;
+        let oldestSessionId = null;
+        for (const [sessionId, session] of this.activeSessions) {
+            if (session.lastUpdateTime < oldestTime) {
+                oldestTime = session.lastUpdateTime;
+                oldestSessionId = sessionId;
+            }
+        }
+        return oldestSessionId;
+    }
+    /**
+     * Evict a session from memory
+     */
+    async evictSession(sessionId) {
+        const session = this.activeSessions.get(sessionId);
+        if (session) {
+            session.status = 'terminated';
+            session.terminateCause = 'SessionEvicted';
+            session.endTime = Date.now();
+            await this.persistSession(session);
+            this.activeSessions.delete(sessionId);
+            logger.log('warn', `Evicted session ${sessionId} due to capacity limit`);
+        }
+    }
+    /**
+     * Load active sessions from database
+     */
+    async loadActiveSessions() {
+        try {
+            const docs = await AccountingSessionDoc.findActive();
+            for (const doc of docs) {
+                const session = {
+                    sessionId: doc.sessionId,
+                    username: doc.username,
+                    macAddress: doc.macAddress,
+                    nasIpAddress: doc.nasIpAddress,
+                    nasPort: doc.nasPort,
+                    nasPortType: doc.nasPortType,
+                    nasIdentifier: doc.nasIdentifier,
+                    vlanId: doc.vlanId,
+                    framedIpAddress: doc.framedIpAddress,
+                    calledStationId: doc.calledStationId,
+                    callingStationId: doc.callingStationId,
+                    startTime: doc.startTime,
+                    endTime: doc.endTime,
+                    lastUpdateTime: doc.lastUpdateTime,
+                    status: doc.status,
+                    terminateCause: doc.terminateCause,
+                    inputOctets: doc.inputOctets,
+                    outputOctets: doc.outputOctets,
+                    inputPackets: doc.inputPackets,
+                    outputPackets: doc.outputPackets,
+                    sessionTime: doc.sessionTime,
+                    serviceType: doc.serviceType,
+                };
+                this.activeSessions.set(session.sessionId, session);
+            }
+        }
+        catch (error) {
+            logger.log('warn', `Failed to load active sessions: ${error.message}`);
+        }
+    }
+    /**
+     * Persist a session to the database (create or update)
+     */
+    async persistSession(session) {
+        try {
+            let doc = await AccountingSessionDoc.findBySessionId(session.sessionId);
+            if (!doc) {
+                doc = new AccountingSessionDoc();
+            }
+            Object.assign(doc, session);
+            await doc.save();
+        }
+        catch (error) {
+            logger.log('error', `Failed to persist session ${session.sessionId}: ${error.message}`);
+        }
+    }
+    /**
+     * Get archived (stopped/terminated) sessions for a time period
+     */
+    async getArchivedSessions(startTime, endTime) {
+        const sessions = [];
+        try {
+            const docs = await AccountingSessionDoc.getInstances({
+                status: { $in: ['stopped', 'terminated'] },
+                endTime: { $gt: 0, $gte: startTime },
+                startTime: { $lte: endTime },
+            });
+            for (const doc of docs) {
+                sessions.push({
+                    sessionId: doc.sessionId,
+                    username: doc.username,
+                    macAddress: doc.macAddress,
+                    nasIpAddress: doc.nasIpAddress,
+                    nasPort: doc.nasPort,
+                    nasPortType: doc.nasPortType,
+                    nasIdentifier: doc.nasIdentifier,
+                    vlanId: doc.vlanId,
+                    framedIpAddress: doc.framedIpAddress,
+                    calledStationId: doc.calledStationId,
+                    callingStationId: doc.callingStationId,
+                    startTime: doc.startTime,
+                    endTime: doc.endTime,
+                    lastUpdateTime: doc.lastUpdateTime,
+                    status: doc.status,
+                    terminateCause: doc.terminateCause,
+                    inputOctets: doc.inputOctets,
+                    outputOctets: doc.outputOctets,
+                    inputPackets: doc.inputPackets,
+                    outputPackets: doc.outputPackets,
+                    sessionTime: doc.sessionTime,
+                    serviceType: doc.serviceType,
+                });
+            }
+        }
+        catch (error) {
+            logger.log('warn', `Failed to get archived sessions: ${error.message}`);
+        }
+        return sessions;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5hY2NvdW50aW5nLm1hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9yYWRpdXMvY2xhc3Nlcy5hY2NvdW50aW5nLm1hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFDekMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUN0QyxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQThGdEQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxPQUFPLGlCQUFpQjtJQUNwQixjQUFjLEdBQW9DLElBQUksR0FBRyxFQUFFLENBQUM7SUFDNUQsTUFBTSxDQUFxQztJQUMzQyxzQkFBc0IsQ0FBa0M7SUFFaEUsMEJBQTBCO0lBQ2xCLEtBQUssR0FBRztRQUNkLG9CQUFvQixFQUFFLENBQUM7UUFDdkIsb0JBQW9CLEVBQUUsQ0FBQztRQUN2QixlQUFlLEVBQUUsQ0FBQztRQUNsQixnQkFBZ0IsRUFBRSxDQUFDO1FBQ25CLHNCQUFzQixFQUFFLENBQUM7S0FDMUIsQ0FBQztJQUVGLFlBQVksTUFBaUM7UUFDM0MsSUFBSSxDQUFDLE1BQU0sR0FBRztZQUNaLGFBQWEsRUFBRSxNQUFNLEVBQUUsYUFBYSxJQUFJLEVBQUU7WUFDMUMsZUFBZSxFQUFFLE1BQU0sRUFBRSxlQUFlLElBQUksS0FBSztZQUNqRCxpQkFBaUIsRUFBRSxNQUFNLEVBQUUsaUJBQWlCLElBQUksS0FBSztZQUNyRCx3QkFBd0IsRUFBRSxNQUFNLEVBQUUsd0JBQXdCLElBQUksRUFBRTtTQUNqRSxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLFVBQVU7UUFDZCxNQUFNLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBRWhDLGtFQUFrRTtRQUNsRSxJQUFJLENBQUMsc0JBQXNCLEdBQUcsV0FBVyxDQUFDLEdBQUcsRUFBRTtZQUM3QyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUM1QixDQUFDLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUNuQix5REFBeUQ7UUFDekQsSUFBSSxJQUFJLENBQUMsc0JBQXNCLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDdEMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ3RDLENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxzQ0FBc0MsSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLGtCQUFrQixDQUFDLENBQUM7SUFDdkcsQ0FBQztJQUVEOztPQUVHO0lBQ0gsSUFBSTtRQUNGLElBQUksSUFBSSxDQUFDLHNCQUFzQixFQUFFLENBQUM7WUFDaEMsYUFBYSxDQUFDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO1lBQzNDLElBQUksQ0FBQyxzQkFBc0IsR0FBRyxTQUFTLENBQUM7UUFDMUMsQ0FBQztJQUNILENBQUM7SUFFRDs7OztPQUlHO0lBQ0ssa0JBQWtCO1FBQ3hCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsd0JBQXdCLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDeEUsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLFNBQVMsQ0FBQztRQUN0QyxJQUFJLEtBQUssR0FBRyxDQUFDLENBQUM7UUFFZCxLQUFLLE1BQU0sQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLElBQUksSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3ZELElBQUksT0FBTyxDQUFDLGNBQWMsR0FBRyxNQUFNLEVBQUUsQ0FBQztnQkFDcEMsT0FBTyxDQUFDLE1BQU0sR0FBRyxZQUFZLENBQUM7Z0JBQzlCLE9BQU8sQ0FBQyxjQUFjLEdBQUcscUJBQXFCLENBQUM7Z0JBQy9DLE9BQU8sQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUM3QixPQUFPLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FBRyxJQUFJLENBQUMsQ0FBQztnQkFFL0UsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLEdBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBRTdDLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDO2dCQUN0QyxLQUFLLEVBQUUsQ0FBQztZQUNWLENBQUM7UUFDSCxDQUFDO1FBRUQsSUFBSSxLQUFLLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDZCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxTQUFTLEtBQUsseUNBQXlDLElBQUksQ0FBQyxNQUFNLENBQUMsd0JBQXdCLElBQUksQ0FBQyxDQUFDO1FBQ3RILENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxLQUFLLENBQUMscUJBQXFCLENBQUMsSUFhM0I7UUFDQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQXVCO1lBQ2xDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7WUFDdkIsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1lBQzNCLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMvQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQzdCLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtZQUNqQyxNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07WUFDbkIsZUFBZSxFQUFFLElBQUksQ0FBQyxlQUFlO1lBQ3JDLGVBQWUsRUFBRSxJQUFJLENBQUMsZUFBZTtZQUNyQyxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsZ0JBQWdCO1lBQ3ZDLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztZQUM3QixTQUFTLEVBQUUsR0FBRztZQUNkLE9BQU8sRUFBRSxDQUFDO1lBQ1YsY0FBYyxFQUFFLEdBQUc7WUFDbkIsTUFBTSxFQUFFLFFBQVE7WUFDaEIsV0FBVyxFQUFFLENBQUM7WUFDZCxZQUFZLEVBQUUsQ0FBQztZQUNmLFlBQVksRUFBRSxDQUFDO1lBQ2YsYUFBYSxFQUFFLENBQUM7WUFDaEIsV0FBVyxFQUFFLENBQUM7U0FDZixDQUFDO1FBRUYsNkJBQTZCO1FBQzdCLElBQUksSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBQzlELHdCQUF3QjtZQUN4QixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUN4QyxJQUFJLE1BQU0sRUFBRSxDQUFDO2dCQUNYLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNsQyxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDakQsSUFBSSxDQUFDLEtBQUssQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1FBRWxDLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUNoQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsSUFBSSxDQUFDLFNBQVMsVUFBVSxJQUFJLENBQUMsUUFBUSxTQUFTLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQ3JILENBQUM7UUFFRCxrQkFBa0I7UUFDbEIsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxJQU81QjtRQUNDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUV4RCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx1Q0FBdUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDNUUsT0FBTztRQUNULENBQUM7UUFFRCx5QkFBeUI7UUFDekIsSUFBSSxJQUFJLENBQUMsV0FBVyxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ25DLE9BQU8sQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUN6QyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsWUFBWSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztRQUMzQyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsWUFBWSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztRQUMzQyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsYUFBYSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3JDLE9BQU8sQ0FBQyxhQUFhLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQztRQUM3QyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsV0FBVyxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ25DLE9BQU8sQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUN6QyxDQUFDO1FBRUQsT0FBTyxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDcEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1FBRXBDLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUNoQyxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSwrQkFBK0IsSUFBSSxDQUFDLFNBQVMsUUFBUSxJQUFJLENBQUMsV0FBVyxTQUFTLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQ3pILENBQUM7UUFFRCwyQkFBMkI7UUFDM0IsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxJQVExQjtRQUNDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUV4RCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDbEUsT0FBTztRQUNULENBQUM7UUFFRCx1QkFBdUI7UUFDdkIsSUFBSSxJQUFJLENBQUMsV0FBVyxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ25DLE9BQU8sQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUN6QyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsWUFBWSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztRQUMzQyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsWUFBWSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztRQUMzQyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsYUFBYSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3JDLE9BQU8sQ0FBQyxhQUFhLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQztRQUM3QyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsV0FBVyxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ25DLE9BQU8sQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUN6QyxDQUFDO1FBRUQsT0FBTyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDN0IsT0FBTyxDQUFDLGNBQWMsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDO1FBQ3pDLE9BQU8sQ0FBQyxNQUFNLEdBQUcsU0FBUyxDQUFDO1FBQzNCLE9BQU8sQ0FBQyxjQUFjLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQztRQUU3QyxzQkFBc0I7UUFDdEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1FBQ2xDLElBQUksQ0FBQyxLQUFLLENBQUMsZUFBZSxJQUFJLE9BQU8sQ0FBQyxXQUFXLENBQUM7UUFDbEQsSUFBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDO1FBRXBELElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUNoQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsSUFBSSxDQUFDLFNBQVMsY0FBYyxPQUFPLENBQUMsV0FBVyxTQUFTLE9BQU8sQ0FBQyxXQUFXLFNBQVMsT0FBTyxDQUFDLFlBQVksRUFBRSxDQUFDLENBQUM7UUFDN0osQ0FBQztRQUVELG9GQUFvRjtRQUNwRixNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFbkMsOEJBQThCO1FBQzlCLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxVQUFVLENBQUMsU0FBaUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxpQkFBaUI7UUFDZixPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFFRDs7T0FFRztJQUNILHFCQUFxQixDQUFDLFFBQWdCO1FBQ3BDLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRUQ7O09BRUc7SUFDSCxnQkFBZ0IsQ0FBQyxZQUFvQjtRQUNuQyxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxZQUFZLEtBQUssWUFBWSxDQUFDLENBQUM7SUFDL0YsQ0FBQztJQUVEOztPQUVHO0lBQ0gsaUJBQWlCLENBQUMsTUFBYztRQUM5QixPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLEtBQUssTUFBTSxDQUFDLENBQUM7SUFDbkYsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLFVBQVUsQ0FBQyxTQUFpQixFQUFFLE9BQWU7UUFDakQsNENBQTRDO1FBQzVDLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRTVFLDhEQUE4RDtRQUM5RCxNQUFNLGNBQWMsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxNQUFNLENBQ3BFLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsSUFBSSxTQUFTLElBQUksQ0FBQyxDQUFDLFNBQVMsSUFBSSxPQUFPLENBQ3hELENBQUM7UUFFRixNQUFNLFdBQVcsR0FBRyxDQUFDLEdBQUcsZ0JBQWdCLEVBQUUsR0FBRyxjQUFjLENBQUMsQ0FBQztRQUU3RCxvQkFBb0I7UUFDcEIsSUFBSSxlQUFlLEdBQUcsQ0FBQyxDQUFDO1FBQ3hCLElBQUksZ0JBQWdCLEdBQUcsQ0FBQyxDQUFDO1FBQ3pCLElBQUksZ0JBQWdCLEdBQUcsQ0FBQyxDQUFDO1FBQ3pCLE1BQU0sV0FBVyxHQUFHLElBQUksR0FBRyxFQUFVLENBQUM7UUFDdEMsTUFBTSxjQUFjLEdBQTJCLEVBQUUsQ0FBQztRQUNsRCxNQUFNLFdBQVcsR0FBMkIsRUFBRSxDQUFDO1FBRS9DLEtBQUssTUFBTSxPQUFPLElBQUksV0FBVyxFQUFFLENBQUM7WUFDbEMsZUFBZSxJQUFJLE9BQU8sQ0FBQyxXQUFXLENBQUM7WUFDdkMsZ0JBQWdCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQztZQUN6QyxnQkFBZ0IsSUFBSSxPQUFPLENBQUMsV0FBVyxDQUFDO1lBQ3hDLFdBQVcsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRWxDLElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxTQUFTLEVBQUUsQ0FBQztnQkFDakMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQzdFLENBQUM7WUFFRCxNQUFNLFNBQVMsR0FBRyxPQUFPLENBQUMsV0FBVyxHQUFHLE9BQU8sQ0FBQyxZQUFZLENBQUM7WUFDN0QsV0FBVyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsU0FBUyxDQUFDO1FBQ25GLENBQUM7UUFFRCx1QkFBdUI7UUFDdkIsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQzthQUNsRCxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQzNCLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO2FBQ1osR0FBRyxDQUFDLENBQUMsQ0FBQyxRQUFRLEVBQUUsVUFBVSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBRS9ELE9BQU87WUFDTCxXQUFXLEVBQUUsU0FBUztZQUN0QixTQUFTLEVBQUUsT0FBTztZQUNsQixhQUFhLEVBQUUsV0FBVyxDQUFDLE1BQU07WUFDakMsY0FBYyxFQUFFLGNBQWMsQ0FBQyxNQUFNO1lBQ3JDLGVBQWU7WUFDZixnQkFBZ0I7WUFDaEIsZ0JBQWdCO1lBQ2hCLHNCQUFzQixFQUFFLFdBQVcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxnQkFBZ0IsR0FBRyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzFGLFdBQVcsRUFBRSxXQUFXLENBQUMsSUFBSTtZQUM3QixjQUFjO1lBQ2QsaUJBQWlCO1NBQ2xCLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSCxRQUFRO1FBUU4sT0FBTztZQUNMLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLElBQUk7WUFDeEMsR0FBRyxJQUFJLENBQUMsS0FBSztTQUNkLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSCxLQUFLLENBQUMsaUJBQWlCLENBQUMsU0FBaUIsRUFBRSxTQUFpQixZQUFZO1FBQ3RFLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ25ELElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELE1BQU0sSUFBSSxDQUFDLG9CQUFvQixDQUFDO1lBQzlCLFNBQVM7WUFDVCxjQUFjLEVBQUUsTUFBTTtZQUN0QixXQUFXLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxPQUFPLENBQUMsU0FBUyxDQUFDLEdBQUcsSUFBSSxDQUFDO1NBQ2pFLENBQUMsQ0FBQztRQUVILE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLGtCQUFrQjtRQUN0QixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDO1FBQ2hGLElBQUksWUFBWSxHQUFHLENBQUMsQ0FBQztRQUVyQixJQUFJLENBQUM7WUFDSCxNQUFNLE9BQU8sR0FBRyxNQUFNLG9CQUFvQixDQUFDLGlCQUFpQixDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBRXpFLEtBQUssTUFBTSxHQUFHLElBQUksT0FBTyxFQUFFLENBQUM7Z0JBQzFCLElBQUksQ0FBQztvQkFDSCxNQUFNLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztvQkFDbkIsWUFBWSxFQUFFLENBQUM7Z0JBQ2pCLENBQUM7Z0JBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztvQkFDZiwyQkFBMkI7Z0JBQzdCLENBQUM7WUFDSCxDQUFDO1lBRUQsSUFBSSxZQUFZLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ3JCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGNBQWMsWUFBWSwwQkFBMEIsQ0FBQyxDQUFDO1lBQzNFLENBQUM7UUFDSCxDQUFDO1FBQUMsT0FBTyxLQUFjLEVBQUUsQ0FBQztZQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxtQ0FBb0MsS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDckYsQ0FBQztRQUVELE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7SUFFRDs7T0FFRztJQUNLLGlCQUFpQjtRQUN2QixJQUFJLFVBQVUsR0FBRyxRQUFRLENBQUM7UUFDMUIsSUFBSSxlQUFlLEdBQWtCLElBQUksQ0FBQztRQUUxQyxLQUFLLE1BQU0sQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLElBQUksSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3ZELElBQUksT0FBTyxDQUFDLGNBQWMsR0FBRyxVQUFVLEVBQUUsQ0FBQztnQkFDeEMsVUFBVSxHQUFHLE9BQU8sQ0FBQyxjQUFjLENBQUM7Z0JBQ3BDLGVBQWUsR0FBRyxTQUFTLENBQUM7WUFDOUIsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLGVBQWUsQ0FBQztJQUN6QixDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsWUFBWSxDQUFDLFNBQWlCO1FBQzFDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ25ELElBQUksT0FBTyxFQUFFLENBQUM7WUFDWixPQUFPLENBQUMsTUFBTSxHQUFHLFlBQVksQ0FBQztZQUM5QixPQUFPLENBQUMsY0FBYyxHQUFHLGdCQUFnQixDQUFDO1lBQzFDLE9BQU8sQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBRTdCLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUVuQyxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUN0QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxtQkFBbUIsU0FBUyx3QkFBd0IsQ0FBQyxDQUFDO1FBQzNFLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsa0JBQWtCO1FBQzlCLElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxHQUFHLE1BQU0sb0JBQW9CLENBQUMsVUFBVSxFQUFFLENBQUM7WUFFckQsS0FBSyxNQUFNLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxPQUFPLEdBQXVCO29CQUNsQyxTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7b0JBQ3hCLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtvQkFDdEIsVUFBVSxFQUFFLEdBQUcsQ0FBQyxVQUFVO29CQUMxQixZQUFZLEVBQUUsR0FBRyxDQUFDLFlBQVk7b0JBQzlCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztvQkFDcEIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxXQUFXO29CQUM1QixhQUFhLEVBQUUsR0FBRyxDQUFDLGFBQWE7b0JBQ2hDLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTTtvQkFDbEIsZUFBZSxFQUFFLEdBQUcsQ0FBQyxlQUFlO29CQUNwQyxlQUFlLEVBQUUsR0FBRyxDQUFDLGVBQWU7b0JBQ3BDLGdCQUFnQixFQUFFLEdBQUcsQ0FBQyxnQkFBZ0I7b0JBQ3RDLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztvQkFDeEIsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO29CQUNwQixjQUFjLEVBQUUsR0FBRyxDQUFDLGNBQWM7b0JBQ2xDLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTTtvQkFDbEIsY0FBYyxFQUFFLEdBQUcsQ0FBQyxjQUFjO29CQUNsQyxXQUFXLEVBQUUsR0FBRyxDQUFDLFdBQVc7b0JBQzVCLFlBQVksRUFBRSxHQUFHLENBQUMsWUFBWTtvQkFDOUIsWUFBWSxFQUFFLEdBQUcsQ0FBQyxZQUFZO29CQUM5QixhQUFhLEVBQUUsR0FBRyxDQUFDLGFBQWE7b0JBQ2hDLFdBQVcsRUFBRSxHQUFHLENBQUMsV0FBVztvQkFDNUIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxXQUFXO2lCQUM3QixDQUFDO2dCQUNGLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUM7WUFDdEQsQ0FBQztRQUNILENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLG1DQUFvQyxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUNwRixDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLGNBQWMsQ0FBQyxPQUEyQjtRQUN0RCxJQUFJLENBQUM7WUFDSCxJQUFJLEdBQUcsR0FBRyxNQUFNLG9CQUFvQixDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDeEUsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUNULEdBQUcsR0FBRyxJQUFJLG9CQUFvQixFQUFFLENBQUM7WUFDbkMsQ0FBQztZQUNELE1BQU0sQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQzVCLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ25CLENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDZCQUE2QixPQUFPLENBQUMsU0FBUyxLQUFNLEtBQWUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQ3JHLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsbUJBQW1CLENBQUMsU0FBaUIsRUFBRSxPQUFlO1FBQ2xFLE1BQU0sUUFBUSxHQUF5QixFQUFFLENBQUM7UUFFMUMsSUFBSSxDQUFDO1lBQ0gsTUFBTSxJQUFJLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxZQUFZLENBQUM7Z0JBQ25ELE1BQU0sRUFBRSxFQUFFLEdBQUcsRUFBRSxDQUFDLFNBQVMsRUFBRSxZQUFZLENBQUMsRUFBUztnQkFDakQsT0FBTyxFQUFFLEVBQUUsR0FBRyxFQUFFLENBQUMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFTO2dCQUMzQyxTQUFTLEVBQUUsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFTO2FBQ3BDLENBQUMsQ0FBQztZQUVILEtBQUssTUFBTSxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7Z0JBQ3ZCLFFBQVEsQ0FBQyxJQUFJLENBQUM7b0JBQ1osU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO29CQUN4QixRQUFRLEVBQUUsR0FBRyxDQUFDLFFBQVE7b0JBQ3RCLFVBQVUsRUFBRSxHQUFHLENBQUMsVUFBVTtvQkFDMUIsWUFBWSxFQUFFLEdBQUcsQ0FBQyxZQUFZO29CQUM5QixPQUFPLEVBQUUsR0FBRyxDQUFDLE9BQU87b0JBQ3BCLFdBQVcsRUFBRSxHQUFHLENBQUMsV0FBVztvQkFDNUIsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhO29CQUNoQyxNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07b0JBQ2xCLGVBQWUsRUFBRSxHQUFHLENBQUMsZUFBZTtvQkFDcEMsZUFBZSxFQUFFLEdBQUcsQ0FBQyxlQUFlO29CQUNwQyxnQkFBZ0IsRUFBRSxHQUFHLENBQUMsZ0JBQWdCO29CQUN0QyxTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7b0JBQ3hCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztvQkFDcEIsY0FBYyxFQUFFLEdBQUcsQ0FBQyxjQUFjO29CQUNsQyxNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07b0JBQ2xCLGNBQWMsRUFBRSxHQUFHLENBQUMsY0FBYztvQkFDbEMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxXQUFXO29CQUM1QixZQUFZLEVBQUUsR0FBRyxDQUFDLFlBQVk7b0JBQzlCLFlBQVksRUFBRSxHQUFHLENBQUMsWUFBWTtvQkFDOUIsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhO29CQUNoQyxXQUFXLEVBQUUsR0FBRyxDQUFDLFdBQVc7b0JBQzVCLFdBQVcsRUFBRSxHQUFHLENBQUMsV0FBVztpQkFDN0IsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztRQUNILENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLG9DQUFxQyxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUNyRixDQUFDO1FBRUQsT0FBTyxRQUFRLENBQUM7SUFDbEIsQ0FBQztDQUNGIn0=

package/dist_ts/radius/classes.radius.server.d.ts

@@ -0,0 +1,169 @@
+import { VlanManager, type IMacVlanMapping, type IVlanManagerConfig } from './classes.vlan.manager.js';
+import { AccountingManager, type IAccountingManagerConfig } from './classes.accounting.manager.js';
+/**
+ * RADIUS client (NAS) configuration
+ */
+export interface IRadiusClient {
+    /** Client name for identification */
+    name: string;
+    /** IP address or CIDR range */
+    ipRange: string;
+    /** Shared secret for this client */
+    secret: string;
+    /** Optional description */
+    description?: string;
+    /** Whether this client is enabled */
+    enabled: boolean;
+}
+/**
+ * RADIUS server configuration
+ */
+export interface IRadiusServerConfig {
+    /** Authentication port (default: 1812) */
+    authPort?: number;
+    /** Accounting port (default: 1813) */
+    acctPort?: number;
+    /** Bind address (default: 0.0.0.0) */
+    bindAddress?: string;
+    /** NAS clients configuration */
+    clients: IRadiusClient[];
+    /** VLAN assignment configuration */
+    vlanAssignment?: IVlanManagerConfig & {
+        /** Static MAC to VLAN mappings */
+        mappings?: Array<Omit<IMacVlanMapping, 'createdAt' | 'updatedAt'>>;
+    };
+    /** Accounting configuration */
+    accounting?: IAccountingManagerConfig & {
+        /** Whether accounting is enabled */
+        enabled: boolean;
+    };
+}
+/**
+ * RADIUS authentication result
+ */
+export interface IRadiusAuthResult {
+    /** Whether authentication was successful */
+    success: boolean;
+    /** Reject reason (if not successful) */
+    rejectReason?: string;
+    /** Reply message to send to client */
+    replyMessage?: string;
+    /** Session timeout in seconds */
+    sessionTimeout?: number;
+    /** Idle timeout in seconds */
+    idleTimeout?: number;
+    /** VLAN to assign */
+    vlanId?: number;
+    /** Framed IP address to assign */
+    framedIpAddress?: string;
+}
+/**
+ * Authentication request data from RADIUS
+ */
+export interface IAuthRequestData {
+    username: string;
+    password?: string;
+    nasIpAddress: string;
+    nasPort?: number;
+    nasPortType?: string;
+    nasIdentifier?: string;
+    calledStationId?: string;
+    callingStationId?: string;
+    serviceType?: string;
+    framedMtu?: number;
+}
+/**
+ * RADIUS Server wrapper that provides:
+ * - MAC Authentication Bypass (MAB) for network devices
+ * - VLAN assignment based on MAC address
+ * - Accounting for session tracking and billing
+ * - Integration with SmartProxy routing
+ */
+export declare class RadiusServer {
+    private radiusServer?;
+    private vlanManager;
+    private accountingManager;
+    private config;
+    private clientSecrets;
+    private running;
+    private stats;
+    constructor(config: IRadiusServerConfig);
+    /**
+     * Start the RADIUS server
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the RADIUS server
+     */
+    stop(): Promise<void>;
+    /**
+     * Handle authentication request
+     */
+    private handleAuthentication;
+    /**
+     * Handle accounting request
+     */
+    private handleAccounting;
+    /**
+     * Perform MAC Authentication Bypass
+     */
+    private performMabAuthentication;
+    /**
+     * Extract MAC address from authentication data
+     */
+    private extractMacAddress;
+    /**
+     * Check if a string looks like a MAC address
+     */
+    private looksLikeMac;
+    /**
+     * Normalize MAC address format
+     */
+    private normalizeMac;
+    /**
+     * Build client secrets map from configuration
+     */
+    private buildClientSecretsMap;
+    /**
+     * Get default secret for unknown clients
+     */
+    private getDefaultSecret;
+    /**
+     * Add a RADIUS client
+     */
+    addClient(client: IRadiusClient): Promise<void>;
+    /**
+     * Remove a RADIUS client
+     */
+    removeClient(name: string): boolean;
+    /**
+     * Get configured clients
+     */
+    getClients(): IRadiusClient[];
+    /**
+     * Get VLAN manager for direct access to VLAN operations
+     */
+    getVlanManager(): VlanManager;
+    /**
+     * Get accounting manager for direct access to accounting operations
+     */
+    getAccountingManager(): AccountingManager;
+    /**
+     * Get server statistics
+     */
+    getStats(): {
+        running: boolean;
+        uptime: number;
+        authRequests: number;
+        authAccepts: number;
+        authRejects: number;
+        accountingRequests: number;
+        activeSessions: number;
+        vlanMappings: number;
+        clients: number;
+    };
+    /**
+     * Check if server is running
+     */
+    isRunning(): boolean;
+}