@serve.zone/dcrouter 13.17.0 → 13.17.3

package/dist_ts/vpn/classes.vpn-manager.js

@@ -0,0 +1,459 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { VpnServerKeysDoc, VpnClientDoc } from '../db/index.js';
+/**
+ * Manages the SmartVPN server lifecycle and VPN client CRUD.
+ * Persists server keys and client registrations via smartdata document classes.
+ */
+export class VpnManager {
+    config;
+    vpnServer;
+    clients = new Map();
+    serverKeys;
+    constructor(config) {
+        this.config = config;
+    }
+    /** The VPN subnet CIDR. */
+    getSubnet() {
+        return this.config.subnet || '10.8.0.0/24';
+    }
+    /** Whether the VPN server is running. */
+    get running() {
+        return this.vpnServer?.running ?? false;
+    }
+    /**
+     * Start the VPN server.
+     * Loads or generates server keys, loads persisted clients, starts VpnServer.
+     */
+    async start() {
+        // Load or generate server keys
+        this.serverKeys = await this.loadOrGenerateServerKeys();
+        // Load persisted clients
+        await this.loadPersistedClients();
+        // Build client entries for the daemon
+        const clientEntries = [];
+        let anyClientUsesHostIp = false;
+        for (const client of this.clients.values()) {
+            if (client.useHostIp) {
+                anyClientUsesHostIp = true;
+            }
+            const entry = {
+                clientId: client.clientId,
+                publicKey: client.noisePublicKey,
+                wgPublicKey: client.wgPublicKey,
+                enabled: client.enabled,
+                description: client.description,
+                assignedIp: client.assignedIp,
+                expiresAt: client.expiresAt,
+                security: this.buildClientSecurity(client),
+            };
+            // Pass per-client bridge fields if present (for hybrid/bridge mode)
+            if (client.useHostIp !== undefined)
+                entry.useHostIp = client.useHostIp;
+            if (client.useDhcp !== undefined)
+                entry.useDhcp = client.useDhcp;
+            if (client.staticIp !== undefined)
+                entry.staticIp = client.staticIp;
+            if (client.forceVlan !== undefined)
+                entry.forceVlan = client.forceVlan;
+            if (client.vlanId !== undefined)
+                entry.vlanId = client.vlanId;
+            clientEntries.push(entry);
+        }
+        const subnet = this.getSubnet();
+        const wgListenPort = this.config.wgListenPort ?? 51820;
+        // Auto-detect hybrid mode: if any persisted client uses host IP and mode is
+        // 'socket' (or unset), upgrade to 'hybrid' so the daemon can handle both
+        let configuredMode = this.config.forwardingMode ?? 'socket';
+        if (anyClientUsesHostIp && configuredMode === 'socket') {
+            configuredMode = 'hybrid';
+            logger.log('info', 'VPN: Auto-upgrading forwarding mode to hybrid (client with useHostIp detected)');
+        }
+        const forwardingMode = configuredMode === 'hybrid' ? 'hybrid' : configuredMode;
+        const isBridge = forwardingMode === 'bridge';
+        // Create and start VpnServer
+        this.vpnServer = new plugins.smartvpn.VpnServer({
+            transport: { transport: 'stdio' },
+        });
+        // Default destination policy: bridge mode allows traffic through directly,
+        // socket mode forces traffic to SmartProxy on 127.0.0.1
+        const defaultDestinationPolicy = isBridge
+            ? { default: 'allow' }
+            : { default: 'forceTarget', target: '127.0.0.1' };
+        const serverConfig = {
+            listenAddr: '0.0.0.0:0', // WS listener not strictly needed but required field
+            privateKey: this.serverKeys.noisePrivateKey,
+            publicKey: this.serverKeys.noisePublicKey,
+            subnet,
+            dns: this.config.dns,
+            forwardingMode: forwardingMode,
+            transportMode: 'all',
+            wgPrivateKey: this.serverKeys.wgPrivateKey,
+            wgListenPort,
+            clients: clientEntries,
+            socketForwardProxyProtocol: !isBridge,
+            destinationPolicy: this.config.destinationPolicy ?? defaultDestinationPolicy,
+            serverEndpoint: this.config.serverEndpoint
+                ? `${this.config.serverEndpoint}:${wgListenPort}`
+                : undefined,
+            clientAllowedIPs: [subnet],
+            // Bridge-specific config
+            ...(isBridge ? {
+                bridgeLanSubnet: this.config.bridgeLanSubnet,
+                bridgePhysicalInterface: this.config.bridgePhysicalInterface,
+                bridgeIpRangeStart: this.config.bridgeIpRangeStart,
+                bridgeIpRangeEnd: this.config.bridgeIpRangeEnd,
+            } : {}),
+        };
+        await this.vpnServer.start(serverConfig);
+        // Create initial clients from config (idempotent — skip already-persisted)
+        if (this.config.initialClients) {
+            for (const initial of this.config.initialClients) {
+                if (!this.clients.has(initial.clientId)) {
+                    const bundle = await this.createClient({
+                        clientId: initial.clientId,
+                        targetProfileIds: initial.targetProfileIds,
+                        description: initial.description,
+                    });
+                    logger.log('info', `VPN: Created initial client '${initial.clientId}' (IP: ${bundle.entry.assignedIp})`);
+                }
+            }
+        }
+        logger.log('info', `VPN server started: subnet=${subnet}, wg=:${wgListenPort}, clients=${this.clients.size}`);
+    }
+    /**
+     * Stop the VPN server.
+     */
+    async stop() {
+        if (this.vpnServer) {
+            try {
+                await this.vpnServer.stopServer();
+            }
+            catch {
+                // Ignore stop errors
+            }
+            this.vpnServer.stop();
+            this.vpnServer = undefined;
+        }
+        logger.log('info', 'VPN server stopped');
+    }
+    // ── Client CRUD ────────────────────────────────────────────────────────
+    /**
+     * Create a new VPN client. Returns the config bundle (secrets only shown once).
+     */
+    async createClient(opts) {
+        if (!this.vpnServer) {
+            throw new Error('VPN server not running');
+        }
+        const bundle = await this.vpnServer.createClient({
+            clientId: opts.clientId,
+            description: opts.description,
+        });
+        // Override AllowedIPs with per-client values based on target profiles
+        if (this.config.getClientAllowedIPs && bundle.wireguardConfig) {
+            const allowedIPs = await this.config.getClientAllowedIPs(opts.targetProfileIds || []);
+            bundle.wireguardConfig = bundle.wireguardConfig.replace(/AllowedIPs\s*=\s*.+/, `AllowedIPs = ${allowedIPs.join(', ')}`);
+        }
+        // Persist client entry (including WG private key for export/QR)
+        const doc = new VpnClientDoc();
+        doc.clientId = bundle.entry.clientId;
+        doc.enabled = bundle.entry.enabled ?? true;
+        doc.targetProfileIds = opts.targetProfileIds;
+        doc.description = bundle.entry.description;
+        doc.assignedIp = bundle.entry.assignedIp;
+        doc.noisePublicKey = bundle.entry.publicKey;
+        doc.wgPublicKey = bundle.entry.wgPublicKey || '';
+        doc.wgPrivateKey = bundle.secrets?.wgPrivateKey
+            || bundle.wireguardConfig?.match(/PrivateKey\s*=\s*(.+)/)?.[1]?.trim();
+        doc.createdAt = Date.now();
+        doc.updatedAt = Date.now();
+        doc.expiresAt = bundle.entry.expiresAt;
+        if (opts.destinationAllowList !== undefined) {
+            doc.destinationAllowList = opts.destinationAllowList;
+        }
+        if (opts.destinationBlockList !== undefined) {
+            doc.destinationBlockList = opts.destinationBlockList;
+        }
+        if (opts.useHostIp !== undefined) {
+            doc.useHostIp = opts.useHostIp;
+        }
+        if (opts.useDhcp !== undefined) {
+            doc.useDhcp = opts.useDhcp;
+        }
+        if (opts.staticIp !== undefined) {
+            doc.staticIp = opts.staticIp;
+        }
+        if (opts.forceVlan !== undefined) {
+            doc.forceVlan = opts.forceVlan;
+        }
+        if (opts.vlanId !== undefined) {
+            doc.vlanId = opts.vlanId;
+        }
+        this.clients.set(doc.clientId, doc);
+        try {
+            await this.persistClient(doc);
+        }
+        catch (err) {
+            // Rollback: remove from in-memory map and daemon to stay consistent with DB
+            this.clients.delete(doc.clientId);
+            try {
+                await this.vpnServer.removeClient(doc.clientId);
+            }
+            catch {
+                // best-effort daemon cleanup
+            }
+            throw err;
+        }
+        // Sync per-client security to the running daemon
+        const security = this.buildClientSecurity(doc);
+        if (security.destinationPolicy) {
+            await this.vpnServer.updateClient(doc.clientId, { security });
+        }
+        this.config.onClientChanged?.();
+        return bundle;
+    }
+    /**
+     * Remove a VPN client.
+     */
+    async removeClient(clientId) {
+        if (!this.vpnServer) {
+            throw new Error('VPN server not running');
+        }
+        await this.vpnServer.removeClient(clientId);
+        const doc = this.clients.get(clientId);
+        this.clients.delete(clientId);
+        if (doc) {
+            await doc.delete();
+        }
+        this.config.onClientChanged?.();
+    }
+    /**
+     * List all registered clients (without secrets).
+     */
+    listClients() {
+        return [...this.clients.values()];
+    }
+    /**
+     * Enable a client.
+     */
+    async enableClient(clientId) {
+        if (!this.vpnServer)
+            throw new Error('VPN server not running');
+        await this.vpnServer.enableClient(clientId);
+        const client = this.clients.get(clientId);
+        if (client) {
+            client.enabled = true;
+            client.updatedAt = Date.now();
+            await this.persistClient(client);
+        }
+        this.config.onClientChanged?.();
+    }
+    /**
+     * Disable a client.
+     */
+    async disableClient(clientId) {
+        if (!this.vpnServer)
+            throw new Error('VPN server not running');
+        await this.vpnServer.disableClient(clientId);
+        const client = this.clients.get(clientId);
+        if (client) {
+            client.enabled = false;
+            client.updatedAt = Date.now();
+            await this.persistClient(client);
+        }
+        this.config.onClientChanged?.();
+    }
+    /**
+     * Update a client's metadata (description, target profiles) without rotating keys.
+     */
+    async updateClient(clientId, update) {
+        const client = this.clients.get(clientId);
+        if (!client)
+            throw new Error(`Client not found: ${clientId}`);
+        if (update.description !== undefined)
+            client.description = update.description;
+        if (update.targetProfileIds !== undefined)
+            client.targetProfileIds = update.targetProfileIds;
+        if (update.destinationAllowList !== undefined)
+            client.destinationAllowList = update.destinationAllowList;
+        if (update.destinationBlockList !== undefined)
+            client.destinationBlockList = update.destinationBlockList;
+        if (update.useHostIp !== undefined)
+            client.useHostIp = update.useHostIp;
+        if (update.useDhcp !== undefined)
+            client.useDhcp = update.useDhcp;
+        if (update.staticIp !== undefined)
+            client.staticIp = update.staticIp;
+        if (update.forceVlan !== undefined)
+            client.forceVlan = update.forceVlan;
+        if (update.vlanId !== undefined)
+            client.vlanId = update.vlanId;
+        client.updatedAt = Date.now();
+        await this.persistClient(client);
+        // Sync per-client security to the running daemon
+        if (this.vpnServer) {
+            const security = this.buildClientSecurity(client);
+            await this.vpnServer.updateClient(clientId, { security });
+        }
+        this.config.onClientChanged?.();
+    }
+    /**
+     * Rotate a client's keys. Returns the new config bundle.
+     */
+    async rotateClientKey(clientId) {
+        if (!this.vpnServer)
+            throw new Error('VPN server not running');
+        const bundle = await this.vpnServer.rotateClientKey(clientId);
+        // Update persisted entry with new keys (including private key for export/QR)
+        const client = this.clients.get(clientId);
+        if (client) {
+            client.noisePublicKey = bundle.entry.publicKey;
+            client.wgPublicKey = bundle.entry.wgPublicKey || '';
+            client.wgPrivateKey = bundle.secrets?.wgPrivateKey
+                || bundle.wireguardConfig?.match(/PrivateKey\s*=\s*(.+)/)?.[1]?.trim();
+            client.updatedAt = Date.now();
+            await this.persistClient(client);
+        }
+        return bundle;
+    }
+    /**
+     * Export a client config. Injects stored WG private key and per-client AllowedIPs.
+     */
+    async exportClientConfig(clientId, format) {
+        if (!this.vpnServer)
+            throw new Error('VPN server not running');
+        let config = await this.vpnServer.exportClientConfig(clientId, format);
+        if (format === 'wireguard') {
+            const persisted = this.clients.get(clientId);
+            // Inject stored WG private key so exports produce valid, scannable configs
+            if (persisted?.wgPrivateKey) {
+                config = config.replace('[Interface]\n', `[Interface]\nPrivateKey = ${persisted.wgPrivateKey}\n`);
+            }
+            // Override AllowedIPs with per-client values based on target profiles
+            if (this.config.getClientAllowedIPs) {
+                const profileIds = persisted?.targetProfileIds || [];
+                const allowedIPs = await this.config.getClientAllowedIPs(profileIds);
+                config = config.replace(/AllowedIPs\s*=\s*.+/, `AllowedIPs = ${allowedIPs.join(', ')}`);
+            }
+        }
+        return config;
+    }
+    // ── Status and telemetry ───────────────────────────────────────────────
+    /**
+     * Get server status.
+     */
+    async getStatus() {
+        if (!this.vpnServer)
+            return null;
+        return this.vpnServer.getStatus();
+    }
+    /**
+     * Get server statistics.
+     */
+    async getStatistics() {
+        if (!this.vpnServer)
+            return null;
+        return this.vpnServer.getStatistics();
+    }
+    /**
+     * List currently connected clients.
+     */
+    async getConnectedClients() {
+        if (!this.vpnServer)
+            return [];
+        return this.vpnServer.listClients();
+    }
+    /**
+     * Get telemetry for a specific client.
+     */
+    async getClientTelemetry(clientId) {
+        if (!this.vpnServer)
+            return null;
+        return this.vpnServer.getClientTelemetry(clientId);
+    }
+    /**
+     * Get server public keys (for display/info).
+     */
+    getServerPublicKeys() {
+        if (!this.serverKeys)
+            return null;
+        return {
+            noisePublicKey: this.serverKeys.noisePublicKey,
+            wgPublicKey: this.serverKeys.wgPublicKey,
+        };
+    }
+    // ── Per-client security ────────────────────────────────────────────────
+    /**
+     * Build per-client security settings for the smartvpn daemon.
+     * All VPN traffic is forced through SmartProxy (forceTarget to 127.0.0.1).
+     * TargetProfile direct IP:port targets bypass SmartProxy via allowList.
+     */
+    buildClientSecurity(client) {
+        const security = {};
+        // Collect direct targets from assigned TargetProfiles (bypass forceTarget for these IPs)
+        const profileDirectTargets = this.config.getClientDirectTargets?.(client.targetProfileIds || []) || [];
+        // Merge with per-client explicit allow list
+        const mergedAllowList = [
+            ...(client.destinationAllowList || []),
+            ...profileDirectTargets,
+        ];
+        security.destinationPolicy = {
+            default: 'forceTarget',
+            target: '127.0.0.1',
+            allowList: mergedAllowList.length ? mergedAllowList : undefined,
+            blockList: client.destinationBlockList,
+        };
+        return security;
+    }
+    /**
+     * Refresh all client security policies against the running daemon.
+     * Call this when TargetProfiles change so destination allow-lists stay in sync.
+     */
+    async refreshAllClientSecurity() {
+        if (!this.vpnServer)
+            return;
+        for (const client of this.clients.values()) {
+            const security = this.buildClientSecurity(client);
+            if (security.destinationPolicy) {
+                await this.vpnServer.updateClient(client.clientId, { security });
+            }
+        }
+    }
+    // ── Private helpers ────────────────────────────────────────────────────
+    async loadOrGenerateServerKeys() {
+        const stored = await VpnServerKeysDoc.load();
+        if (stored?.noisePrivateKey && stored?.wgPrivateKey) {
+            logger.log('info', 'Loaded VPN server keys from storage');
+            return stored;
+        }
+        // Generate new keys via the daemon
+        const tempServer = new plugins.smartvpn.VpnServer({
+            transport: { transport: 'stdio' },
+        });
+        await tempServer.start();
+        const noiseKeys = await tempServer.generateKeypair();
+        const wgKeys = await tempServer.generateWgKeypair();
+        tempServer.stop();
+        const doc = stored || new VpnServerKeysDoc();
+        doc.noisePrivateKey = noiseKeys.privateKey;
+        doc.noisePublicKey = noiseKeys.publicKey;
+        doc.wgPrivateKey = wgKeys.privateKey;
+        doc.wgPublicKey = wgKeys.publicKey;
+        await doc.save();
+        logger.log('info', 'Generated and persisted new VPN server keys');
+        return doc;
+    }
+    async loadPersistedClients() {
+        const docs = await VpnClientDoc.findAll();
+        for (const doc of docs) {
+            this.clients.set(doc.clientId, doc);
+        }
+        if (this.clients.size > 0) {
+            logger.log('info', `Loaded ${this.clients.size} persisted VPN client(s)`);
+        }
+    }
+    async persistClient(client) {
+        await client.save();
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy52cG4tbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3Zwbi9jbGFzc2VzLnZwbi1tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sZUFBZSxDQUFDO0FBQ3pDLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxFQUFFLGdCQUFnQixFQUFFLFlBQVksRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBOENoRTs7O0dBR0c7QUFDSCxNQUFNLE9BQU8sVUFBVTtJQUNiLE1BQU0sQ0FBb0I7SUFDMUIsU0FBUyxDQUE4QjtJQUN2QyxPQUFPLEdBQThCLElBQUksR0FBRyxFQUFFLENBQUM7SUFDL0MsVUFBVSxDQUFvQjtJQUV0QyxZQUFZLE1BQXlCO1FBQ25DLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDO0lBQ3ZCLENBQUM7SUFFRCwyQkFBMkI7SUFDcEIsU0FBUztRQUNkLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLElBQUksYUFBYSxDQUFDO0lBQzdDLENBQUM7SUFFRCx5Q0FBeUM7SUFDekMsSUFBVyxPQUFPO1FBQ2hCLE9BQU8sSUFBSSxDQUFDLFNBQVMsRUFBRSxPQUFPLElBQUksS0FBSyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7O09BR0c7SUFDSSxLQUFLLENBQUMsS0FBSztRQUNoQiwrQkFBK0I7UUFDL0IsSUFBSSxDQUFDLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1FBRXhELHlCQUF5QjtRQUN6QixNQUFNLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1FBRWxDLHNDQUFzQztRQUN0QyxNQUFNLGFBQWEsR0FBb0MsRUFBRSxDQUFDO1FBQzFELElBQUksbUJBQW1CLEdBQUcsS0FBSyxDQUFDO1FBQ2hDLEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO1lBQzNDLElBQUksTUFBTSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUNyQixtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDN0IsQ0FBQztZQUNELE1BQU0sS0FBSyxHQUFrQztnQkFDM0MsUUFBUSxFQUFFLE1BQU0sQ0FBQyxRQUFRO2dCQUN6QixTQUFTLEVBQUUsTUFBTSxDQUFDLGNBQWM7Z0JBQ2hDLFdBQVcsRUFBRSxNQUFNLENBQUMsV0FBVztnQkFDL0IsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPO2dCQUN2QixXQUFXLEVBQUUsTUFBTSxDQUFDLFdBQVc7Z0JBQy9CLFVBQVUsRUFBRSxNQUFNLENBQUMsVUFBVTtnQkFDN0IsU0FBUyxFQUFFLE1BQU0sQ0FBQyxTQUFTO2dCQUMzQixRQUFRLEVBQUUsSUFBSSxDQUFDLG1CQUFtQixDQUFDLE1BQU0sQ0FBQzthQUMzQyxDQUFDO1lBQ0Ysb0VBQW9FO1lBQ3BFLElBQUksTUFBTSxDQUFDLFNBQVMsS0FBSyxTQUFTO2dCQUFHLEtBQWEsQ0FBQyxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsQ0FBQztZQUNoRixJQUFJLE1BQU0sQ0FBQyxPQUFPLEtBQUssU0FBUztnQkFBRyxLQUFhLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUM7WUFDMUUsSUFBSSxNQUFNLENBQUMsUUFBUSxLQUFLLFNBQVM7Z0JBQUcsS0FBYSxDQUFDLFFBQVEsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDO1lBQzdFLElBQUksTUFBTSxDQUFDLFNBQVMsS0FBSyxTQUFTO2dCQUFHLEtBQWEsQ0FBQyxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsQ0FBQztZQUNoRixJQUFJLE1BQU0sQ0FBQyxNQUFNLEtBQUssU0FBUztnQkFBRyxLQUFhLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUM7WUFDdkUsYUFBYSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUM1QixDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ2hDLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxJQUFJLEtBQUssQ0FBQztRQUV2RCw0RUFBNEU7UUFDNUUseUVBQXlFO1FBQ3pFLElBQUksY0FBYyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsY0FBYyxJQUFJLFFBQVEsQ0FBQztRQUM1RCxJQUFJLG1CQUFtQixJQUFJLGNBQWMsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUN2RCxjQUFjLEdBQUcsUUFBUSxDQUFDO1lBQzFCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGdGQUFnRixDQUFDLENBQUM7UUFDdkcsQ0FBQztRQUNELE1BQU0sY0FBYyxHQUFHLGNBQWMsS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsY0FBYyxDQUFDO1FBQy9FLE1BQU0sUUFBUSxHQUFHLGNBQWMsS0FBSyxRQUFRLENBQUM7UUFFN0MsNkJBQTZCO1FBQzdCLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQztZQUM5QyxTQUFTLEVBQUUsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFO1NBQ2xDLENBQUMsQ0FBQztRQUVILDJFQUEyRTtRQUMzRSx3REFBd0Q7UUFDeEQsTUFBTSx3QkFBd0IsR0FBd0MsUUFBUTtZQUM1RSxDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsT0FBZ0IsRUFBRTtZQUMvQixDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsYUFBc0IsRUFBRSxNQUFNLEVBQUUsV0FBVyxFQUFFLENBQUM7UUFFN0QsTUFBTSxZQUFZLEdBQXNDO1lBQ3RELFVBQVUsRUFBRSxXQUFXLEVBQUUscURBQXFEO1lBQzlFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLGVBQWU7WUFDM0MsU0FBUyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYztZQUN6QyxNQUFNO1lBQ04sR0FBRyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRztZQUNwQixjQUFjLEVBQUUsY0FBcUI7WUFDckMsYUFBYSxFQUFFLEtBQUs7WUFDcEIsWUFBWSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWTtZQUMxQyxZQUFZO1lBQ1osT0FBTyxFQUFFLGFBQWE7WUFDdEIsMEJBQTBCLEVBQUUsQ0FBQyxRQUFRO1lBQ3JDLGlCQUFpQixFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsaUJBQWlCLElBQUksd0JBQXdCO1lBQzVFLGNBQWMsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLGNBQWM7Z0JBQ3hDLENBQUMsQ0FBQyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsY0FBYyxJQUFJLFlBQVksRUFBRTtnQkFDakQsQ0FBQyxDQUFDLFNBQVM7WUFDYixnQkFBZ0IsRUFBRSxDQUFDLE1BQU0sQ0FBQztZQUMxQix5QkFBeUI7WUFDekIsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUM7Z0JBQ2IsZUFBZSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsZUFBZTtnQkFDNUMsdUJBQXVCLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyx1QkFBdUI7Z0JBQzVELGtCQUFrQixFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCO2dCQUNsRCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQjthQUMvQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7U0FDUixDQUFDO1FBRUYsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUV6QywyRUFBMkU7UUFDM0UsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQy9CLEtBQUssTUFBTSxPQUFPLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxjQUFjLEVBQUUsQ0FBQztnQkFDakQsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO29CQUN4QyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUM7d0JBQ3JDLFFBQVEsRUFBRSxPQUFPLENBQUMsUUFBUTt3QkFDMUIsZ0JBQWdCLEVBQUUsT0FBTyxDQUFDLGdCQUFnQjt3QkFDMUMsV0FBVyxFQUFFLE9BQU8sQ0FBQyxXQUFXO3FCQUNqQyxDQUFDLENBQUM7b0JBQ0gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsZ0NBQWdDLE9BQU8sQ0FBQyxRQUFRLFVBQVUsTUFBTSxDQUFDLEtBQUssQ0FBQyxVQUFVLEdBQUcsQ0FBQyxDQUFDO2dCQUMzRyxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw4QkFBOEIsTUFBTSxTQUFTLFlBQVksYUFBYSxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7SUFDaEgsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLElBQUk7UUFDZixJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNuQixJQUFJLENBQUM7Z0JBQ0gsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3BDLENBQUM7WUFBQyxNQUFNLENBQUM7Z0JBQ1AscUJBQXFCO1lBQ3ZCLENBQUM7WUFDRCxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3RCLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1FBQzdCLENBQUM7UUFDRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvQkFBb0IsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCwwRUFBMEU7SUFFMUU7O09BRUc7SUFDSSxLQUFLLENBQUMsWUFBWSxDQUFDLElBV3pCO1FBQ0MsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNwQixNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDNUMsQ0FBQztRQUVELE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUM7WUFDL0MsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztTQUM5QixDQUFDLENBQUM7UUFFSCxzRUFBc0U7UUFDdEUsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLG1CQUFtQixJQUFJLE1BQU0sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUM5RCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsbUJBQW1CLENBQUMsSUFBSSxDQUFDLGdCQUFnQixJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3RGLE1BQU0sQ0FBQyxlQUFlLEdBQUcsTUFBTSxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQ3JELHFCQUFxQixFQUNyQixnQkFBZ0IsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUN4QyxDQUFDO1FBQ0osQ0FBQztRQUVELGdFQUFnRTtRQUNoRSxNQUFNLEdBQUcsR0FBRyxJQUFJLFlBQVksRUFBRSxDQUFDO1FBQy9CLEdBQUcsQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUM7UUFDckMsR0FBRyxDQUFDLE9BQU8sR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLE9BQU8sSUFBSSxJQUFJLENBQUM7UUFDM0MsR0FBRyxDQUFDLGdCQUFnQixHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztRQUM3QyxHQUFHLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQzNDLEdBQUcsQ0FBQyxVQUFVLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUM7UUFDekMsR0FBRyxDQUFDLGNBQWMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQztRQUM1QyxHQUFHLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQztRQUNqRCxHQUFHLENBQUMsWUFBWSxHQUFHLE1BQU0sQ0FBQyxPQUFPLEVBQUUsWUFBWTtlQUMxQyxNQUFNLENBQUMsZUFBZSxFQUFFLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLENBQUM7UUFDekUsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDM0IsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDM0IsR0FBRyxDQUFDLFNBQVMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQztRQUN2QyxJQUFJLElBQUksQ0FBQyxvQkFBb0IsS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUM1QyxHQUFHLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxDQUFDLG9CQUFvQixDQUFDO1FBQ3ZELENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxvQkFBb0IsS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUM1QyxHQUFHLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxDQUFDLG9CQUFvQixDQUFDO1FBQ3ZELENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxTQUFTLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDakMsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ2pDLENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxPQUFPLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDL0IsR0FBRyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDO1FBQzdCLENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxRQUFRLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDaEMsR0FBRyxDQUFDLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQy9CLENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxTQUFTLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDakMsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ2pDLENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDOUIsR0FBRyxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDO1FBQzNCLENBQUM7UUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQ3BDLElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNoQyxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLDRFQUE0RTtZQUM1RSxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDbEMsSUFBSSxDQUFDO2dCQUNILE1BQU0sSUFBSSxDQUFDLFNBQVUsQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFBQyxNQUFNLENBQUM7Z0JBQ1AsNkJBQTZCO1lBQy9CLENBQUM7WUFDRCxNQUFNLEdBQUcsQ0FBQztRQUNaLENBQUM7UUFFRCxpREFBaUQ7UUFDakQsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQy9DLElBQUksUUFBUSxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLENBQUMsU0FBVSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUNqRSxDQUFDO1FBRUQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLEVBQUUsRUFBRSxDQUFDO1FBQ2hDLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxZQUFZLENBQUMsUUFBZ0I7UUFDeEMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNwQixNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDNUMsQ0FBQztRQUNELE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDNUMsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdkMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDOUIsSUFBSSxHQUFHLEVBQUUsQ0FBQztZQUNSLE1BQU0sR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3JCLENBQUM7UUFDRCxJQUFJLENBQUMsTUFBTSxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUM7SUFDbEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksV0FBVztRQUNoQixPQUFPLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLFlBQVksQ0FBQyxRQUFnQjtRQUN4QyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVM7WUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDL0QsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFlBQVksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM1QyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMxQyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1gsTUFBTSxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUM7WUFDdEIsTUFBTSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDOUIsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25DLENBQUM7UUFDRCxJQUFJLENBQUMsTUFBTSxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUM7SUFDbEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUN6QyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVM7WUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDL0QsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM3QyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMxQyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1gsTUFBTSxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUM7WUFDdkIsTUFBTSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDOUIsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25DLENBQUM7UUFDRCxJQUFJLENBQUMsTUFBTSxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUM7SUFDbEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLFlBQVksQ0FBQyxRQUFnQixFQUFFLE1BVTNDO1FBQ0MsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDMUMsSUFBSSxDQUFDLE1BQU07WUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLHFCQUFxQixRQUFRLEVBQUUsQ0FBQyxDQUFDO1FBQzlELElBQUksTUFBTSxDQUFDLFdBQVcsS0FBSyxTQUFTO1lBQUUsTUFBTSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDO1FBQzlFLElBQUksTUFBTSxDQUFDLGdCQUFnQixLQUFLLFNBQVM7WUFBRSxNQUFNLENBQUMsZ0JBQWdCLEdBQUcsTUFBTSxDQUFDLGdCQUFnQixDQUFDO1FBQzdGLElBQUksTUFBTSxDQUFDLG9CQUFvQixLQUFLLFNBQVM7WUFBRSxNQUFNLENBQUMsb0JBQW9CLEdBQUcsTUFBTSxDQUFDLG9CQUFvQixDQUFDO1FBQ3pHLElBQUksTUFBTSxDQUFDLG9CQUFvQixLQUFLLFNBQVM7WUFBRSxNQUFNLENBQUMsb0JBQW9CLEdBQUcsTUFBTSxDQUFDLG9CQUFvQixDQUFDO1FBQ3pHLElBQUksTUFBTSxDQUFDLFNBQVMsS0FBSyxTQUFTO1lBQUUsTUFBTSxDQUFDLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDO1FBQ3hFLElBQUksTUFBTSxDQUFDLE9BQU8sS0FBSyxTQUFTO1lBQUUsTUFBTSxDQUFDLE9BQU8sR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDO1FBQ2xFLElBQUksTUFBTSxDQUFDLFFBQVEsS0FBSyxTQUFTO1lBQUUsTUFBTSxDQUFDLFFBQVEsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBQ3JFLElBQUksTUFBTSxDQUFDLFNBQVMsS0FBSyxTQUFTO1lBQUUsTUFBTSxDQUFDLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDO1FBQ3hFLElBQUksTUFBTSxDQUFDLE1BQU0sS0FBSyxTQUFTO1lBQUUsTUFBTSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDO1FBQy9ELE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzlCLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUVqQyxpREFBaUQ7UUFDakQsSUFBSSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDbkIsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2xELE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUMsUUFBUSxFQUFFLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUM1RCxDQUFDO1FBRUQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLEVBQUUsRUFBRSxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxlQUFlLENBQUMsUUFBZ0I7UUFDM0MsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTO1lBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO1FBQy9ELE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFOUQsNkVBQTZFO1FBQzdFLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzFDLElBQUksTUFBTSxFQUFFLENBQUM7WUFDWCxNQUFNLENBQUMsY0FBYyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDO1lBQy9DLE1BQU0sQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxXQUFXLElBQUksRUFBRSxDQUFDO1lBQ3BELE1BQU0sQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLE9BQU8sRUFBRSxZQUFZO21CQUM3QyxNQUFNLENBQUMsZUFBZSxFQUFFLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLENBQUM7WUFDekUsTUFBTSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDOUIsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25DLENBQUM7UUFFRCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsa0JBQWtCLENBQUMsUUFBZ0IsRUFBRSxNQUFnQztRQUNoRixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVM7WUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDL0QsSUFBSSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUV2RSxJQUFJLE1BQU0sS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUMzQixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUU3QywyRUFBMkU7WUFDM0UsSUFBSSxTQUFTLEVBQUUsWUFBWSxFQUFFLENBQUM7Z0JBQzVCLE1BQU0sR0FBRyxNQUFNLENBQUMsT0FBTyxDQUNyQixlQUFlLEVBQ2YsNkJBQTZCLFNBQVMsQ0FBQyxZQUFZLElBQUksQ0FDeEQsQ0FBQztZQUNKLENBQUM7WUFFRCxzRUFBc0U7WUFDdEUsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLG1CQUFtQixFQUFFLENBQUM7Z0JBQ3BDLE1BQU0sVUFBVSxHQUFHLFNBQVMsRUFBRSxnQkFBZ0IsSUFBSSxFQUFFLENBQUM7Z0JBQ3JELE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsQ0FBQztnQkFDckUsTUFBTSxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQ3JCLHFCQUFxQixFQUNyQixnQkFBZ0IsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUN4QyxDQUFDO1lBQ0osQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsMEVBQTBFO0lBRTFFOztPQUVHO0lBQ0ksS0FBSyxDQUFDLFNBQVM7UUFDcEIsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDakMsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxhQUFhO1FBQ3hCLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUztZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsbUJBQW1CO1FBQzlCLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUztZQUFFLE9BQU8sRUFBRSxDQUFDO1FBQy9CLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsa0JBQWtCLENBQUMsUUFBZ0I7UUFDOUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDakMsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7T0FFRztJQUNJLG1CQUFtQjtRQUN4QixJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVU7WUFBRSxPQUFPLElBQUksQ0FBQztRQUNsQyxPQUFPO1lBQ0wsY0FBYyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYztZQUM5QyxXQUFXLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxXQUFXO1NBQ3pDLENBQUM7SUFDSixDQUFDO0lBRUQsMEVBQTBFO0lBRTFFOzs7O09BSUc7SUFDSyxtQkFBbUIsQ0FBQyxNQUFvQjtRQUM5QyxNQUFNLFFBQVEsR0FBcUMsRUFBRSxDQUFDO1FBRXRELHlGQUF5RjtRQUN6RixNQUFNLG9CQUFvQixHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsc0JBQXNCLEVBQUUsQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLElBQUksRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDO1FBRXZHLDRDQUE0QztRQUM1QyxNQUFNLGVBQWUsR0FBRztZQUN0QixHQUFHLENBQUMsTUFBTSxDQUFDLG9CQUFvQixJQUFJLEVBQUUsQ0FBQztZQUN0QyxHQUFHLG9CQUFvQjtTQUN4QixDQUFDO1FBRUYsUUFBUSxDQUFDLGlCQUFpQixHQUFHO1lBQzNCLE9BQU8sRUFBRSxhQUFzQjtZQUMvQixNQUFNLEVBQUUsV0FBVztZQUNuQixTQUFTLEVBQUUsZUFBZSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQy9ELFNBQVMsRUFBRSxNQUFNLENBQUMsb0JBQW9CO1NBQ3ZDLENBQUM7UUFFRixPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksS0FBSyxDQUFDLHdCQUF3QjtRQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVM7WUFBRSxPQUFPO1FBQzVCLEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO1lBQzNDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNsRCxJQUFJLFFBQVEsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO2dCQUMvQixNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsRUFBRSxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQ25FLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVELDBFQUEwRTtJQUVsRSxLQUFLLENBQUMsd0JBQXdCO1FBQ3BDLE1BQU0sTUFBTSxHQUFHLE1BQU0sZ0JBQWdCLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDN0MsSUFBSSxNQUFNLEVBQUUsZUFBZSxJQUFJLE1BQU0sRUFBRSxZQUFZLEVBQUUsQ0FBQztZQUNwRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxxQ0FBcUMsQ0FBQyxDQUFDO1lBQzFELE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7UUFFRCxtQ0FBbUM7UUFDbkMsTUFBTSxVQUFVLEdBQUcsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQztZQUNoRCxTQUFTLEVBQUUsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFO1NBQ2xDLENBQUMsQ0FBQztRQUNILE1BQU0sVUFBVSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBRXpCLE1BQU0sU0FBUyxHQUFHLE1BQU0sVUFBVSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQ3JELE1BQU0sTUFBTSxHQUFHLE1BQU0sVUFBVSxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFDcEQsVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDO1FBRWxCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxJQUFJLGdCQUFnQixFQUFFLENBQUM7UUFDN0MsR0FBRyxDQUFDLGVBQWUsR0FBRyxTQUFTLENBQUMsVUFBVSxDQUFDO1FBQzNDLEdBQUcsQ0FBQyxjQUFjLEdBQUcsU0FBUyxDQUFDLFNBQVMsQ0FBQztRQUN6QyxHQUFHLENBQUMsWUFBWSxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUM7UUFDckMsR0FBRyxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDO1FBQ25DLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRWpCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDZDQUE2QyxDQUFDLENBQUM7UUFDbEUsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0lBRU8sS0FBSyxDQUFDLG9CQUFvQjtRQUNoQyxNQUFNLElBQUksR0FBRyxNQUFNLFlBQVksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUMxQyxLQUFLLE1BQU0sR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3ZCLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDMUIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsVUFBVSxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksMEJBQTBCLENBQUMsQ0FBQztRQUM1RSxDQUFDO0lBQ0gsQ0FBQztJQUVPLEtBQUssQ0FBQyxhQUFhLENBQUMsTUFBb0I7UUFDOUMsTUFBTSxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDdEIsQ0FBQztDQUNGIn0=

package/dist_ts/vpn/index.d.ts

@@ -0,0 +1 @@
+export * from './classes.vpn-manager.js';

package/dist_ts/vpn/index.js

@@ -0,0 +1,2 @@
+export * from './classes.vpn-manager.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy92cG4vaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYywwQkFBMEIsQ0FBQyJ9

package/dist_ts_apiclient/classes.apitoken.d.ts

@@ -0,0 +1,41 @@
+import * as interfaces from '../dist_ts_interfaces/index.js';
+import type { DcRouterApiClient } from './classes.dcrouterapiclient.js';
+export declare class ApiToken {
+    private clientRef;
+    id: string;
+    name: string;
+    scopes: interfaces.data.TApiTokenScope[];
+    createdAt: number;
+    expiresAt: number | null;
+    lastUsedAt: number | null;
+    enabled: boolean;
+    /** Only set on creation or roll. Not persisted on server side. */
+    tokenValue?: string;
+    constructor(clientRef: DcRouterApiClient, data: interfaces.data.IApiTokenInfo, tokenValue?: string);
+    revoke(): Promise<void>;
+    roll(): Promise<string>;
+    toggle(enabled: boolean): Promise<void>;
+}
+export declare class ApiTokenBuilder {
+    private clientRef;
+    private tokenName;
+    private tokenScopes;
+    private tokenExpiresInDays?;
+    constructor(clientRef: DcRouterApiClient);
+    setName(name: string): this;
+    setScopes(scopes: interfaces.data.TApiTokenScope[]): this;
+    addScope(scope: interfaces.data.TApiTokenScope): this;
+    setExpiresInDays(days: number | null): this;
+    save(): Promise<ApiToken>;
+}
+export declare class ApiTokenManager {
+    private clientRef;
+    constructor(clientRef: DcRouterApiClient);
+    list(): Promise<ApiToken[]>;
+    create(options: {
+        name: string;
+        scopes: interfaces.data.TApiTokenScope[];
+        expiresInDays?: number | null;
+    }): Promise<ApiToken>;
+    build(): ApiTokenBuilder;
+}

package/dist_ts_apiclient/classes.apitoken.js

@@ -0,0 +1,115 @@
+import * as interfaces from '../dist_ts_interfaces/index.js';
+export class ApiToken {
+    clientRef;
+    // Data from IApiTokenInfo
+    id;
+    name;
+    scopes;
+    createdAt;
+    expiresAt;
+    lastUsedAt;
+    enabled;
+    /** Only set on creation or roll. Not persisted on server side. */
+    tokenValue;
+    constructor(clientRef, data, tokenValue) {
+        this.clientRef = clientRef;
+        this.id = data.id;
+        this.name = data.name;
+        this.scopes = data.scopes;
+        this.createdAt = data.createdAt;
+        this.expiresAt = data.expiresAt;
+        this.lastUsedAt = data.lastUsedAt;
+        this.enabled = data.enabled;
+        this.tokenValue = tokenValue;
+    }
+    async revoke() {
+        const response = await this.clientRef.request('revokeApiToken', this.clientRef.buildRequestPayload({ id: this.id }));
+        if (!response.success) {
+            throw new Error(response.message || 'Failed to revoke token');
+        }
+    }
+    async roll() {
+        const response = await this.clientRef.request('rollApiToken', this.clientRef.buildRequestPayload({ id: this.id }));
+        if (!response.success) {
+            throw new Error(response.message || 'Failed to roll token');
+        }
+        this.tokenValue = response.tokenValue;
+        return response.tokenValue;
+    }
+    async toggle(enabled) {
+        const response = await this.clientRef.request('toggleApiToken', this.clientRef.buildRequestPayload({ id: this.id, enabled }));
+        if (!response.success) {
+            throw new Error(response.message || 'Failed to toggle token');
+        }
+        this.enabled = enabled;
+    }
+}
+export class ApiTokenBuilder {
+    clientRef;
+    tokenName = '';
+    tokenScopes = [];
+    tokenExpiresInDays;
+    constructor(clientRef) {
+        this.clientRef = clientRef;
+    }
+    setName(name) {
+        this.tokenName = name;
+        return this;
+    }
+    setScopes(scopes) {
+        this.tokenScopes = scopes;
+        return this;
+    }
+    addScope(scope) {
+        if (!this.tokenScopes.includes(scope)) {
+            this.tokenScopes.push(scope);
+        }
+        return this;
+    }
+    setExpiresInDays(days) {
+        this.tokenExpiresInDays = days;
+        return this;
+    }
+    async save() {
+        const response = await this.clientRef.request('createApiToken', this.clientRef.buildRequestPayload({
+            name: this.tokenName,
+            scopes: this.tokenScopes,
+            expiresInDays: this.tokenExpiresInDays,
+        }));
+        if (!response.success) {
+            throw new Error(response.message || 'Failed to create API token');
+        }
+        return new ApiToken(this.clientRef, {
+            id: response.tokenId,
+            name: this.tokenName,
+            scopes: this.tokenScopes,
+            createdAt: Date.now(),
+            expiresAt: this.tokenExpiresInDays
+                ? Date.now() + this.tokenExpiresInDays * 24 * 60 * 60 * 1000
+                : null,
+            lastUsedAt: null,
+            enabled: true,
+        }, response.tokenValue);
+    }
+}
+export class ApiTokenManager {
+    clientRef;
+    constructor(clientRef) {
+        this.clientRef = clientRef;
+    }
+    async list() {
+        const response = await this.clientRef.request('listApiTokens', this.clientRef.buildRequestPayload());
+        return response.tokens.map((t) => new ApiToken(this.clientRef, t));
+    }
+    async create(options) {
+        return this.build()
+            .setName(options.name)
+            .setScopes(options.scopes)
+            .setExpiresInDays(options.expiresInDays ?? null)
+            .save();
+    }
+    build() {
+        return new ApiTokenBuilder(this.clientRef);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5hcGl0b2tlbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3RzX2FwaWNsaWVudC9jbGFzc2VzLmFwaXRva2VuLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxVQUFVLE1BQU0sMkJBQTJCLENBQUM7QUFHeEQsTUFBTSxPQUFPLFFBQVE7SUFDWCxTQUFTLENBQW9CO0lBRXJDLDBCQUEwQjtJQUNuQixFQUFFLENBQVM7SUFDWCxJQUFJLENBQVM7SUFDYixNQUFNLENBQW1DO0lBQ3pDLFNBQVMsQ0FBUztJQUNsQixTQUFTLENBQWdCO0lBQ3pCLFVBQVUsQ0FBZ0I7SUFDMUIsT0FBTyxDQUFVO0lBRXhCLGtFQUFrRTtJQUMzRCxVQUFVLENBQVU7SUFFM0IsWUFBWSxTQUE0QixFQUFFLElBQW1DLEVBQUUsVUFBbUI7UUFDaEcsSUFBSSxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7UUFDM0IsSUFBSSxDQUFDLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQ2xCLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUN0QixJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUM7UUFDMUIsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ2hDLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUNoQyxJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7UUFDbEMsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDO1FBQzVCLElBQUksQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDO0lBQy9CLENBQUM7SUFFTSxLQUFLLENBQUMsTUFBTTtRQUNqQixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUMzQyxnQkFBZ0IsRUFDaEIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRSxFQUFFLENBQVEsQ0FDM0QsQ0FBQztRQUNGLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBTyxJQUFJLHdCQUF3QixDQUFDLENBQUM7UUFDaEUsQ0FBQztJQUNILENBQUM7SUFFTSxLQUFLLENBQUMsSUFBSTtRQUNmLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQzNDLGNBQWMsRUFDZCxJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLEVBQUUsRUFBRSxFQUFFLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBUSxDQUMzRCxDQUFDO1FBQ0YsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLElBQUksc0JBQXNCLENBQUMsQ0FBQztRQUM5RCxDQUFDO1FBQ0QsSUFBSSxDQUFDLFVBQVUsR0FBRyxRQUFRLENBQUMsVUFBVSxDQUFDO1FBQ3RDLE9BQU8sUUFBUSxDQUFDLFVBQVcsQ0FBQztJQUM5QixDQUFDO0lBRU0sS0FBSyxDQUFDLE1BQU0sQ0FBQyxPQUFnQjtRQUNsQyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUMzQyxnQkFBZ0IsRUFDaEIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sRUFBRSxDQUFRLENBQ3BFLENBQUM7UUFDRixJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQU8sSUFBSSx3QkFBd0IsQ0FBQyxDQUFDO1FBQ2hFLENBQUM7UUFDRCxJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQztJQUN6QixDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8sZUFBZTtJQUNsQixTQUFTLENBQW9CO0lBQzdCLFNBQVMsR0FBVyxFQUFFLENBQUM7SUFDdkIsV0FBVyxHQUFxQyxFQUFFLENBQUM7SUFDbkQsa0JBQWtCLENBQWlCO0lBRTNDLFlBQVksU0FBNEI7UUFDdEMsSUFBSSxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7SUFDN0IsQ0FBQztJQUVNLE9BQU8sQ0FBQyxJQUFZO1FBQ3pCLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDO1FBQ3RCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVNLFNBQVMsQ0FBQyxNQUF3QztRQUN2RCxJQUFJLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQztRQUMxQixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxRQUFRLENBQUMsS0FBcUM7UUFDbkQsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDdEMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDL0IsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVNLGdCQUFnQixDQUFDLElBQW1CO1FBQ3pDLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLENBQUM7UUFDL0IsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRU0sS0FBSyxDQUFDLElBQUk7UUFDZixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUMzQyxnQkFBZ0IsRUFDaEIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQztZQUNqQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDcEIsTUFBTSxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQ3hCLGFBQWEsRUFBRSxJQUFJLENBQUMsa0JBQWtCO1NBQ3ZDLENBQVEsQ0FDVixDQUFDO1FBQ0YsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLElBQUksNEJBQTRCLENBQUMsQ0FBQztRQUNwRSxDQUFDO1FBQ0QsT0FBTyxJQUFJLFFBQVEsQ0FDakIsSUFBSSxDQUFDLFNBQVMsRUFDZDtZQUNFLEVBQUUsRUFBRSxRQUFRLENBQUMsT0FBUTtZQUNyQixJQUFJLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDcEIsTUFBTSxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQ3hCLFNBQVMsRUFBRSxJQUFJLENBQUMsR0FBRyxFQUFFO1lBQ3JCLFNBQVMsRUFBRSxJQUFJLENBQUMsa0JBQWtCO2dCQUNoQyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJO2dCQUM1RCxDQUFDLENBQUMsSUFBSTtZQUNSLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLE9BQU8sRUFBRSxJQUFJO1NBQ2QsRUFDRCxRQUFRLENBQUMsVUFBVSxDQUNwQixDQUFDO0lBQ0osQ0FBQztDQUNGO0FBRUQsTUFBTSxPQUFPLGVBQWU7SUFDbEIsU0FBUyxDQUFvQjtJQUVyQyxZQUFZLFNBQTRCO1FBQ3RDLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO0lBQzdCLENBQUM7SUFFTSxLQUFLLENBQUMsSUFBSTtRQUNmLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQzNDLGVBQWUsRUFDZixJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixFQUFTLENBQzVDLENBQUM7UUFDRixPQUFPLFFBQVEsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLFFBQVEsQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDckUsQ0FBQztJQUVNLEtBQUssQ0FBQyxNQUFNLENBQUMsT0FJbkI7UUFDQyxPQUFPLElBQUksQ0FBQyxLQUFLLEVBQUU7YUFDaEIsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7YUFDckIsU0FBUyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUM7YUFDekIsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLGFBQWEsSUFBSSxJQUFJLENBQUM7YUFDL0MsSUFBSSxFQUFFLENBQUM7SUFDWixDQUFDO0lBRU0sS0FBSztRQUNWLE9BQU8sSUFBSSxlQUFlLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzdDLENBQUM7Q0FDRiJ9