@serve.zone/dcrouter 14.4.0 → 15.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/deno.json +1 -1
  2. package/dist_ts/00_commitinfo_data.js +1 -1
  3. package/dist_ts/config/classes.route-config-manager.js +6 -22
  4. package/dist_ts/email/classes.workapp-mail-manager.d.ts +11 -1
  5. package/dist_ts/email/classes.workapp-mail-manager.js +1 -1
  6. package/dist_ts/opsserver/classes.opsserver.d.ts +1 -1
  7. package/dist_ts/opsserver/classes.opsserver.js +3 -3
  8. package/dist_ts/opsserver/handlers/{workhoster.handler.d.ts → gatewayclient.handler.d.ts} +1 -3
  9. package/dist_ts/opsserver/handlers/gatewayclient.handler.js +578 -0
  10. package/dist_ts/opsserver/handlers/index.d.ts +1 -1
  11. package/dist_ts/opsserver/handlers/index.js +2 -2
  12. package/dist_ts_apiclient/classes.certificate.js +1 -1
  13. package/dist_ts_apiclient/classes.dcrouterapiclient.d.ts +2 -2
  14. package/dist_ts_apiclient/classes.dcrouterapiclient.js +4 -4
  15. package/dist_ts_apiclient/classes.gatewayclient.d.ts +16 -0
  16. package/dist_ts_apiclient/classes.gatewayclient.js +36 -0
  17. package/dist_ts_apiclient/index.d.ts +1 -1
  18. package/dist_ts_apiclient/index.js +2 -2
  19. package/dist_ts_interfaces/data/route-management.d.ts +2 -17
  20. package/dist_ts_interfaces/data/route-management.js +1 -1
  21. package/dist_ts_interfaces/data/workhoster.d.ts +0 -29
  22. package/dist_ts_interfaces/requests/certificate.d.ts +0 -5
  23. package/dist_ts_interfaces/requests/certificate.js +3 -1
  24. package/dist_ts_interfaces/requests/workhoster.d.ts +1 -63
  25. package/dist_ts_migrations/index.js +63 -2
  26. package/dist_ts_web/00_commitinfo_data.js +1 -1
  27. package/dist_ts_web/appstate.js +1 -1
  28. package/package.json +2 -2
  29. package/ts/00_commitinfo_data.ts +1 -1
  30. package/ts/config/classes.route-config-manager.ts +5 -20
  31. package/ts/email/classes.workapp-mail-manager.ts +11 -1
  32. package/ts/opsserver/classes.opsserver.ts +2 -2
  33. package/ts/opsserver/handlers/certificate.handler.ts +2 -2
  34. package/ts/opsserver/handlers/{workhoster.handler.ts → gatewayclient.handler.ts} +26 -105
  35. package/ts/opsserver/handlers/index.ts +1 -1
  36. package/ts_apiclient/classes.certificate.ts +3 -2
  37. package/ts_apiclient/classes.dcrouterapiclient.ts +3 -3
  38. package/ts_apiclient/classes.gatewayclient.ts +65 -0
  39. package/ts_apiclient/index.ts +1 -1
  40. package/ts_web/00_commitinfo_data.ts +1 -1
  41. package/ts_web/appstate.ts +3 -2
  42. package/dist_ts/opsserver/handlers/workhoster.handler.js +0 -635
  43. package/dist_ts_apiclient/classes.workhoster.d.ts +0 -15
  44. package/dist_ts_apiclient/classes.workhoster.js +0 -33
  45. package/ts_apiclient/classes.workhoster.ts +0 -57
package/dist_ts/opsserver/handlers/workhoster.handler.js DELETED
@@ -1,635 +0,0 @@
1
- import * as plugins from '../../plugins.js';
2
- import * as interfaces from '../../../dist_ts_interfaces/index.js';
3
- import { requireOpsAuth } from '../helpers/auth.js';
4
- export class WorkHosterHandler {
5
- opsServerRef;
6
- typedrouter = new plugins.typedrequest.TypedRouter();
7
- constructor(opsServerRef) {
8
- this.opsServerRef = opsServerRef;
9
- this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
10
- this.registerHandlers();
11
- }
12
- async requireAuth(request, requiredScope) {
13
- const auth = await requireOpsAuth(this.opsServerRef, request, {
14
- scope: requiredScope,
15
- requireAdminIdentity: requiredScope?.endsWith(':write'),
16
- });
17
- return { userId: auth.userId, isAdmin: auth.isAdmin, token: auth.token };
18
- }
19
- async requireAdmin(request, scope = 'gateway-clients:write') {
20
- const auth = await requireOpsAuth(this.opsServerRef, request, {
21
- scope,
22
- requireAdminIdentity: true,
23
- requireAdminToken: true,
24
- });
25
- return auth.userId;
26
- }
27
- registerHandlers() {
28
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getGatewayCapabilities', async (dataArg) => {
29
- await this.requireAuth(dataArg, 'gateway-clients:read');
30
- return { capabilities: this.getGatewayCapabilities() };
31
- }));
32
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getGatewayClientContext', async (dataArg) => {
33
- const auth = await this.requireAuth(dataArg, 'gateway-clients:read');
34
- return {
35
- context: this.getGatewayClientContext(auth),
36
- capabilities: this.getGatewayCapabilities(),
37
- };
38
- }));
39
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('listGatewayClients', async (dataArg) => {
40
- await this.requireAdmin(dataArg, 'gateway-clients:read');
41
- return { gatewayClients: await this.listManagedGatewayClients() };
42
- }));
43
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('createGatewayClient', async (dataArg) => {
44
- const userId = await this.requireAdmin(dataArg);
45
- const manager = this.opsServerRef.dcRouterRef.gatewayClientManager;
46
- if (!manager)
47
- return { success: false, message: 'Gateway client management not initialized' };
48
- try {
49
- const gatewayClient = await manager.createClient({
50
- id: dataArg.id,
51
- type: dataArg.type,
52
- name: dataArg.name,
53
- description: dataArg.description,
54
- hostnamePatterns: dataArg.hostnamePatterns,
55
- allowedRouteTargets: dataArg.allowedRouteTargets,
56
- capabilities: dataArg.capabilities,
57
- createdBy: userId,
58
- });
59
- return { success: true, gatewayClient };
60
- }
61
- catch (error) {
62
- return { success: false, message: error.message };
63
- }
64
- }));
65
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('updateGatewayClient', async (dataArg) => {
66
- await this.requireAdmin(dataArg);
67
- const manager = this.opsServerRef.dcRouterRef.gatewayClientManager;
68
- if (!manager)
69
- return { success: false, message: 'Gateway client management not initialized' };
70
- const gatewayClient = await manager.updateClient(dataArg.id, {
71
- name: dataArg.name,
72
- description: dataArg.description,
73
- hostnamePatterns: dataArg.hostnamePatterns,
74
- allowedRouteTargets: dataArg.allowedRouteTargets,
75
- capabilities: dataArg.capabilities,
76
- enabled: dataArg.enabled,
77
- });
78
- return gatewayClient
79
- ? { success: true, gatewayClient }
80
- : { success: false, message: 'Gateway client not found' };
81
- }));
82
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('deleteGatewayClient', async (dataArg) => {
83
- await this.requireAdmin(dataArg);
84
- const manager = this.opsServerRef.dcRouterRef.gatewayClientManager;
85
- if (!manager)
86
- return { success: false, message: 'Gateway client management not initialized' };
87
- const success = await manager.deleteClient(dataArg.id);
88
- return { success, message: success ? undefined : 'Gateway client not found' };
89
- }));
90
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('createGatewayClientToken', async (dataArg) => {
91
- const userId = await this.requireAdmin(dataArg, 'tokens:manage');
92
- const gatewayClient = await this.opsServerRef.dcRouterRef.gatewayClientManager?.getClient(dataArg.gatewayClientId);
93
- const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
94
- if (!gatewayClient || !gatewayClient.enabled) {
95
- return { success: false, message: 'Gateway client not found or disabled' };
96
- }
97
- if (!tokenManager) {
98
- return { success: false, message: 'Token management not initialized' };
99
- }
100
- const result = await tokenManager.createToken(dataArg.name?.trim() || `${gatewayClient.name} Token`, ['gateway-clients:read', 'gateway-clients:write'], dataArg.expiresInDays ?? null, userId, {
101
- role: 'gatewayClient',
102
- scopes: ['gateway-clients:read', 'gateway-clients:write'],
103
- gatewayClient: { type: gatewayClient.type, id: gatewayClient.id },
104
- hostnamePatterns: gatewayClient.hostnamePatterns,
105
- allowedRouteTargets: gatewayClient.allowedRouteTargets,
106
- capabilities: gatewayClient.capabilities,
107
- });
108
- return { success: true, tokenId: result.id, tokenValue: result.rawToken };
109
- }));
110
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getGatewayClientDomains', async (dataArg) => {
111
- const auth = await this.requireAuth(dataArg, 'gateway-clients:read');
112
- this.assertCapability(auth, 'readDomains');
113
- return { domains: await this.listGatewayClientDomains(auth, dataArg.gatewayClientId) };
114
- }));
115
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getGatewayClientDnsRecords', async (dataArg) => {
116
- const auth = await this.requireAuth(dataArg, 'gateway-clients:read');
117
- this.assertCapability(auth, 'readDnsRecords');
118
- return { records: await this.listGatewayClientDnsRecords(auth, dataArg.gatewayClientId) };
119
- }));
120
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getWorkHosterDomains', async (dataArg) => {
121
- const auth = await this.requireAuth(dataArg, 'workhosters:read');
122
- this.assertCapability(auth, 'readDomains');
123
- return { domains: await this.listGatewayClientDomains(auth) };
124
- }));
125
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('syncGatewayClientRoute', async (dataArg) => {
126
- const auth = await this.requireAuth(dataArg, 'gateway-clients:write');
127
- this.assertCapability(auth, 'syncRoutes');
128
- return await this.syncGatewayClientRoute(auth, dataArg.ownership, dataArg.route, dataArg.enabled, dataArg.delete);
129
- }));
130
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('syncWorkAppRoute', async (dataArg) => {
131
- const auth = await this.requireAuth(dataArg, 'workhosters:write');
132
- this.assertCapability(auth, 'syncRoutes');
133
- const ownership = {
134
- gatewayClientType: dataArg.ownership.workHosterType,
135
- gatewayClientId: dataArg.ownership.workHosterId,
136
- appId: dataArg.ownership.workAppId,
137
- hostname: dataArg.ownership.hostname,
138
- };
139
- return await this.syncGatewayClientRoute(auth, ownership, dataArg.route, dataArg.enabled, dataArg.delete);
140
- }));
141
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getWorkAppMailIdentities', async (dataArg) => {
142
- await this.requireAuth(dataArg, 'workhosters:read');
143
- const manager = this.opsServerRef.dcRouterRef.workAppMailManager;
144
- if (!manager)
145
- return { identities: [] };
146
- return { identities: await manager.listMailIdentities(dataArg.ownership) };
147
- }));
148
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('syncWorkAppMailIdentity', async (dataArg) => {
149
- const auth = await this.requireAuth(dataArg, 'workhosters:write');
150
- const manager = this.opsServerRef.dcRouterRef.workAppMailManager;
151
- if (!manager) {
152
- return { success: false, message: 'WorkApp mail manager not initialized' };
153
- }
154
- try {
155
- return await manager.syncMailIdentity(dataArg, auth.userId);
156
- }
157
- catch (error) {
158
- return { success: false, message: error.message };
159
- }
160
- }));
161
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('listMailAddressBindings', async (dataArg) => {
162
- const auth = await this.requireAuth(dataArg.auth || {}, 'gateway-clients:read');
163
- const manager = this.opsServerRef.dcRouterRef.workAppMailManager;
164
- if (!manager)
165
- return { bindings: [] };
166
- return {
167
- bindings: await manager.listMailAddressBindings({
168
- owner: this.resolveMailOwnerFilter(auth, dataArg.owner),
169
- domain: dataArg.domain,
170
- address: dataArg.address,
171
- }),
172
- };
173
- }));
174
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('syncMailAddressBinding', async (dataArg) => {
175
- const auth = await this.requireAuth(dataArg.auth || {}, 'gateway-clients:write');
176
- this.assertCapability(auth, 'syncRoutes');
177
- const manager = this.opsServerRef.dcRouterRef.workAppMailManager;
178
- if (!manager) {
179
- return { success: false, message: 'WorkApp mail manager not initialized' };
180
- }
181
- try {
182
- const binding = {
183
- ...dataArg.binding,
184
- owner: this.resolveMailOwner(auth, dataArg.binding.owner),
185
- };
186
- this.assertMailForwardTargetAllowed(auth, binding.inboundTarget);
187
- return await manager.syncMailAddressBinding(binding, auth.userId);
188
- }
189
- catch (error) {
190
- return { success: false, message: error.message };
191
- }
192
- }));
193
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('deleteMailAddressBinding', async (dataArg) => {
194
- const auth = await this.requireAuth(dataArg.auth || {}, 'gateway-clients:write');
195
- this.assertCapability(auth, 'syncRoutes');
196
- const manager = this.opsServerRef.dcRouterRef.workAppMailManager;
197
- if (!manager) {
198
- return { success: false, message: 'WorkApp mail manager not initialized' };
199
- }
200
- if (auth.token?.policy?.role === 'gatewayClient') {
201
- const bindings = await manager.listMailAddressBindings({
202
- owner: this.resolveMailOwnerFilter(auth),
203
- });
204
- const binding = bindings.find((candidate) => candidate.id === dataArg.id);
205
- if (!binding)
206
- return { success: true };
207
- return await manager.deleteMailAddressBinding(binding.id, auth.userId);
208
- }
209
- return await manager.deleteMailAddressBinding(dataArg.id, auth.userId);
210
- }));
211
- this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('listWorkAppMailBindings', async (dataArg) => {
212
- const auth = await this.requireAuth(dataArg.auth || {}, 'gateway-clients:read');
213
- const manager = this.opsServerRef.dcRouterRef.workAppMailManager;
214
- if (!manager)
215
- return { bindings: [] };
216
- return { bindings: await manager.listWorkAppMailBindings(this.resolveMailOwnerFilter(auth, dataArg.owner)) };
217
- }));
218
- }
219
- getGatewayCapabilities() {
220
- const dcRouter = this.opsServerRef.dcRouterRef;
221
- return {
222
- routes: {
223
- read: Boolean(dcRouter.routeConfigManager),
224
- write: Boolean(dcRouter.routeConfigManager),
225
- idempotentSync: Boolean(dcRouter.routeConfigManager),
226
- },
227
- domains: {
228
- read: Boolean(dcRouter.dnsManager),
229
- write: Boolean(dcRouter.dnsManager),
230
- },
231
- certificates: {
232
- read: Boolean(dcRouter.smartProxy),
233
- export: Boolean(dcRouter.smartProxy),
234
- forceRenew: Boolean(dcRouter.smartProxy),
235
- },
236
- email: {
237
- domains: Boolean(dcRouter.emailDomainManager),
238
- inbound: Boolean(dcRouter.emailServer),
239
- outbound: Boolean(dcRouter.emailServer),
240
- },
241
- remoteIngress: {
242
- enabled: Boolean(dcRouter.remoteIngressManager?.getHubSettings().enabled),
243
- },
244
- dns: {
245
- authoritative: Boolean(dcRouter.options.dnsScopes?.length),
246
- providerManaged: Boolean(dcRouter.dnsManager),
247
- },
248
- http3: {
249
- enabled: dcRouter.options.http3?.enabled !== false,
250
- },
251
- };
252
- }
253
- getGatewayClientContext(auth) {
254
- const policy = auth.token?.policy;
255
- const role = auth.isAdmin ? 'admin' : policy?.role || 'operator';
256
- return {
257
- role,
258
- scopes: auth.token?.scopes || ['*'],
259
- gatewayClient: policy?.gatewayClient,
260
- hostnamePatterns: policy?.hostnamePatterns || [],
261
- allowedRouteTargets: policy?.allowedRouteTargets || [],
262
- capabilities: policy?.capabilities || {},
263
- };
264
- }
265
- async listManagedGatewayClients() {
266
- const manager = this.opsServerRef.dcRouterRef.gatewayClientManager;
267
- if (!manager)
268
- return [];
269
- const clients = await manager.listClients();
270
- const tokens = this.opsServerRef.dcRouterRef.apiTokenManager?.listTokens() || [];
271
- return clients.map((client) => ({
272
- ...client,
273
- tokenCount: tokens.filter((token) => token.policy?.gatewayClient?.id === client.id).length,
274
- }));
275
- }
276
- buildExternalKey(ownership) {
277
- return [
278
- ownership.workHosterType,
279
- ownership.workHosterId,
280
- ownership.workAppId,
281
- ownership.hostname,
282
- ].map((part) => part.trim()).join(':');
283
- }
284
- assertCapability(auth, capability) {
285
- if (auth.isAdmin)
286
- return;
287
- const policy = auth.token?.policy;
288
- if (!policy || policy.role !== 'gatewayClient')
289
- return;
290
- if (policy.capabilities?.[capability] === true)
291
- return;
292
- throw new plugins.typedrequest.TypedResponseError(`token capability missing: ${String(capability)}`);
293
- }
294
- resolveGatewayClientId(auth, requestedId) {
295
- const policyClient = auth.token?.policy?.gatewayClient;
296
- if (!policyClient)
297
- return requestedId;
298
- if (requestedId && requestedId !== policyClient.id) {
299
- throw new plugins.typedrequest.TypedResponseError('gateway client token cannot access another gateway client');
300
- }
301
- return policyClient.id;
302
- }
303
- resolveGatewayClientOwnership(auth, ownership) {
304
- const policy = auth.token?.policy;
305
- if (policy?.role === 'gatewayClient') {
306
- if (!policy.gatewayClient) {
307
- throw new plugins.typedrequest.TypedResponseError('gateway client token is missing gatewayClient binding');
308
- }
309
- if (ownership.gatewayClientType && ownership.gatewayClientType !== policy.gatewayClient.type) {
310
- throw new plugins.typedrequest.TypedResponseError('gateway client token cannot act for this ownership');
311
- }
312
- if (ownership.gatewayClientId && ownership.gatewayClientId !== policy.gatewayClient.id) {
313
- throw new plugins.typedrequest.TypedResponseError('gateway client token cannot act for this ownership');
314
- }
315
- return {
316
- gatewayClientType: policy.gatewayClient.type,
317
- gatewayClientId: policy.gatewayClient.id,
318
- appId: ownership.appId,
319
- hostname: ownership.hostname,
320
- };
321
- }
322
- if (!ownership.gatewayClientType || !ownership.gatewayClientId) {
323
- throw new plugins.typedrequest.TypedResponseError('gateway client ownership is missing type or id');
324
- }
325
- return ownership;
326
- }
327
- resolveMailOwnerFilter(auth, owner) {
328
- const policy = auth.token?.policy;
329
- if (policy?.role !== 'gatewayClient')
330
- return owner;
331
- if (!policy.gatewayClient) {
332
- throw new plugins.typedrequest.TypedResponseError('gateway client token is missing gatewayClient binding');
333
- }
334
- if (owner?.gatewayClientType && owner.gatewayClientType !== policy.gatewayClient.type) {
335
- throw new plugins.typedrequest.TypedResponseError('gateway client token cannot act for this ownership');
336
- }
337
- if (owner?.gatewayClientId && owner.gatewayClientId !== policy.gatewayClient.id) {
338
- throw new plugins.typedrequest.TypedResponseError('gateway client token cannot act for this ownership');
339
- }
340
- return {
341
- ...owner,
342
- gatewayClientType: policy.gatewayClient.type,
343
- gatewayClientId: policy.gatewayClient.id,
344
- };
345
- }
346
- resolveMailOwner(auth, owner) {
347
- const resolvedOwner = this.resolveMailOwnerFilter(auth, owner);
348
- if (!resolvedOwner?.gatewayClientType || !resolvedOwner.gatewayClientId) {
349
- throw new plugins.typedrequest.TypedResponseError('mail owner is missing gateway client type or id');
350
- }
351
- return resolvedOwner;
352
- }
353
- assertGatewayClientOwnership(auth, ownership) {
354
- const policy = auth.token?.policy;
355
- if (!policy || policy.role !== 'gatewayClient')
356
- return;
357
- if (!this.matchesHostnamePatterns(ownership.hostname, policy.hostnamePatterns || [])) {
358
- throw new plugins.typedrequest.TypedResponseError('hostname is outside token policy');
359
- }
360
- }
361
- assertRouteTargetsAllowed(auth, route) {
362
- const policy = auth.token?.policy;
363
- if (!policy || policy.role !== 'gatewayClient' || !route)
364
- return;
365
- const allowedTargets = policy.allowedRouteTargets || [];
366
- if (allowedTargets.length === 0) {
367
- throw new plugins.typedrequest.TypedResponseError('gateway client token has no allowed route targets');
368
- }
369
- const targets = (route.action?.targets || []);
370
- for (const target of targets) {
371
- const host = String(target.host || '').trim().toLowerCase();
372
- const port = Number(target.port);
373
- const allowed = allowedTargets.some((allowedTarget) => {
374
- return allowedTarget.host.trim().toLowerCase() === host && allowedTarget.ports.includes(port);
375
- });
376
- if (!allowed) {
377
- throw new plugins.typedrequest.TypedResponseError(`route target is outside token policy: ${host}:${port}`);
378
- }
379
- }
380
- }
381
- assertMailForwardTargetAllowed(auth, target) {
382
- const policy = auth.token?.policy;
383
- if (!policy || policy.role !== 'gatewayClient' || !target?.smtpForward)
384
- return;
385
- const allowedTargets = policy.allowedRouteTargets || [];
386
- if (allowedTargets.length === 0) {
387
- throw new plugins.typedrequest.TypedResponseError('gateway client token has no allowed route targets');
388
- }
389
- const host = target.smtpForward.host.trim().toLowerCase();
390
- const port = Number(target.smtpForward.port);
391
- const allowed = allowedTargets.some((allowedTarget) => {
392
- return allowedTarget.host.trim().toLowerCase() === host && allowedTarget.ports.includes(port);
393
- });
394
- if (!allowed) {
395
- throw new plugins.typedrequest.TypedResponseError(`mail target is outside token policy: ${host}:${port}`);
396
- }
397
- }
398
- matchesHostnamePatterns(hostname, patterns) {
399
- const normalizedHostname = hostname.trim().toLowerCase();
400
- if (!normalizedHostname)
401
- return false;
402
- for (const pattern of patterns) {
403
- const normalizedPattern = pattern.trim().toLowerCase();
404
- if (!normalizedPattern)
405
- continue;
406
- if (normalizedPattern === normalizedHostname)
407
- return true;
408
- if (normalizedPattern.startsWith('*.')) {
409
- const suffix = normalizedPattern.slice(2);
410
- if (!normalizedHostname.endsWith(`.${suffix}`))
411
- continue;
412
- const prefix = normalizedHostname.slice(0, -(suffix.length + 1));
413
- if (prefix && !prefix.includes('.'))
414
- return true;
415
- }
416
- }
417
- return false;
418
- }
419
- getRouteHostnames(route) {
420
- const domains = route.match?.domains;
421
- if (Array.isArray(domains)) {
422
- return domains.map((domain) => String(domain).trim().toLowerCase()).filter(Boolean);
423
- }
424
- if (typeof domains === 'string') {
425
- return domains.split(',').map((domain) => domain.trim().toLowerCase()).filter(Boolean);
426
- }
427
- return [];
428
- }
429
- getOwnedRoutes(gatewayClientId) {
430
- const manager = this.opsServerRef.dcRouterRef.routeConfigManager;
431
- if (!manager)
432
- return [];
433
- return manager.getMergedRoutes().routes.filter((route) => {
434
- const metadata = route.metadata;
435
- if (!metadata)
436
- return false;
437
- const ownerType = metadata.ownerType;
438
- const isGatewayOwned = ownerType === 'gatewayClient' || ownerType === 'workhoster';
439
- if (!isGatewayOwned)
440
- return false;
441
- const routeGatewayClientId = metadata.gatewayClientId || metadata.workHosterId;
442
- return gatewayClientId ? routeGatewayClientId === gatewayClientId : true;
443
- });
444
- }
445
- async listGatewayClientDomains(auth, requestedGatewayClientId) {
446
- const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
447
- if (!dnsManager)
448
- return [];
449
- const gatewayClientId = this.resolveGatewayClientId(auth, requestedGatewayClientId);
450
- const ownedRoutes = this.getOwnedRoutes(gatewayClientId);
451
- const routeHostnames = ownedRoutes.flatMap((route) => this.getRouteHostnames(route.route));
452
- const docs = await dnsManager.listDomains();
453
- return docs
454
- .filter((domainDoc) => {
455
- if (!auth.token?.policy || auth.token.policy.role !== 'gatewayClient')
456
- return true;
457
- return routeHostnames.some((hostname) => this.isHostnameInDomain(hostname, domainDoc.name));
458
- })
459
- .map((domainDoc) => {
460
- const domain = dnsManager.toPublicDomain(domainDoc);
461
- const canManageDnsRecords = domain.source === 'dcrouter' || Boolean(domain.providerId);
462
- const serviceCount = routeHostnames.filter((hostname) => this.isHostnameInDomain(hostname, domain.name)).length;
463
- return {
464
- ...domain,
465
- serviceCount,
466
- managePath: `/domains/${domain.id}`,
467
- capabilities: {
468
- canCreateSubdomains: canManageDnsRecords,
469
- canManageDnsRecords,
470
- canIssueCertificates: Boolean(this.opsServerRef.dcRouterRef.smartProxy),
471
- canHostEmail: Boolean(this.opsServerRef.dcRouterRef.emailDomainManager),
472
- },
473
- };
474
- });
475
- }
476
- async listGatewayClientDnsRecords(auth, requestedGatewayClientId) {
477
- const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
478
- if (!dnsManager)
479
- return [];
480
- const gatewayClientId = this.resolveGatewayClientId(auth, requestedGatewayClientId);
481
- const ownedRoutes = this.getOwnedRoutes(gatewayClientId);
482
- const domains = await dnsManager.listDomains();
483
- const records = [];
484
- for (const route of ownedRoutes) {
485
- const metadata = route.metadata;
486
- if (!metadata)
487
- continue;
488
- const gatewayClientType = metadata.gatewayClientType || metadata.workHosterType || 'custom';
489
- const routeGatewayClientId = metadata.gatewayClientId || metadata.workHosterId || '';
490
- const appId = metadata.gatewayClientAppId || metadata.workAppId || '';
491
- for (const hostname of this.getRouteHostnames(route.route)) {
492
- if (auth.token?.policy?.role === 'gatewayClient' && !this.matchesHostnamePatterns(hostname, auth.token.policy.hostnamePatterns || [])) {
493
- continue;
494
- }
495
- const domainDoc = domains.find((domain) => this.isHostnameInDomain(hostname, domain.name));
496
- const domainRecords = domainDoc ? await dnsManager.listRecordsForDomain(domainDoc.id) : [];
497
- const matchingRecords = domainRecords.filter((record) => record.name === hostname);
498
- if (matchingRecords.length === 0) {
499
- records.push({
500
- id: `missing:${hostname}`,
501
- domainId: domainDoc?.id || '',
502
- domainName: domainDoc?.name,
503
- name: hostname,
504
- type: 'MISSING',
505
- value: '',
506
- ttl: 0,
507
- source: 'local',
508
- status: 'missing',
509
- gatewayClientType,
510
- gatewayClientId: routeGatewayClientId,
511
- appId,
512
- hostname,
513
- routeId: route.id,
514
- managePath: domainDoc ? `/domains/${domainDoc.id}/dns` : '/domains',
515
- createdAt: route.createdAt || 0,
516
- updatedAt: route.updatedAt || 0,
517
- createdBy: '',
518
- });
519
- continue;
520
- }
521
- for (const recordDoc of matchingRecords) {
522
- const record = dnsManager.toPublicRecord(recordDoc);
523
- records.push({
524
- ...record,
525
- domainName: domainDoc?.name,
526
- status: 'active',
527
- gatewayClientType,
528
- gatewayClientId: routeGatewayClientId,
529
- appId,
530
- hostname,
531
- routeId: route.id,
532
- managePath: `/dns-records/${record.id}`,
533
- });
534
- }
535
- }
536
- }
537
- return records;
538
- }
539
- isHostnameInDomain(hostname, domainName) {
540
- const normalizedHostname = hostname.trim().toLowerCase();
541
- const normalizedDomainName = domainName.trim().toLowerCase();
542
- return normalizedHostname === normalizedDomainName || normalizedHostname.endsWith(`.${normalizedDomainName}`);
543
- }
544
- async syncGatewayClientRoute(auth, ownership, route, enabled, deleteRoute) {
545
- const resolvedOwnership = this.resolveGatewayClientOwnership(auth, ownership);
546
- this.assertGatewayClientOwnership(auth, resolvedOwnership);
547
- this.assertRouteTargetsAllowed(auth, route);
548
- const manager = this.opsServerRef.dcRouterRef.routeConfigManager;
549
- if (!manager) {
550
- return { success: false, message: 'Route management not initialized' };
551
- }
552
- const externalKey = this.buildGatewayClientExternalKey(resolvedOwnership);
553
- const existingRoute = manager.findApiRouteByExternalKey(externalKey);
554
- if (deleteRoute) {
555
- if (!existingRoute) {
556
- return { success: true, action: 'unchanged' };
557
- }
558
- const result = await manager.deleteRoute(existingRoute.id);
559
- return result.success
560
- ? { success: true, action: 'deleted', routeId: existingRoute.id }
561
- : { success: false, message: result.message };
562
- }
563
- if (!route) {
564
- return { success: false, message: 'route is required unless delete=true' };
565
- }
566
- const sourceBindings = this.getManagedRouteSourceBindings();
567
- if (!sourceBindings) {
568
- return { success: false, message: 'STANDARD source profile not found' };
569
- }
570
- const metadata = {
571
- sourceBindings,
572
- ownerType: 'gatewayClient',
573
- gatewayClientType: resolvedOwnership.gatewayClientType,
574
- gatewayClientId: resolvedOwnership.gatewayClientId,
575
- gatewayClientAppId: resolvedOwnership.appId,
576
- workHosterType: resolvedOwnership.gatewayClientType,
577
- workHosterId: resolvedOwnership.gatewayClientId,
578
- workAppId: resolvedOwnership.appId,
579
- externalKey,
580
- };
581
- const normalizedRoute = this.normalizeGatewayClientRoute(route, resolvedOwnership, externalKey);
582
- if (existingRoute) {
583
- const routePatch = { ...normalizedRoute };
584
- routePatch.security = null;
585
- const result = await manager.updateRoute(existingRoute.id, {
586
- route: routePatch,
587
- enabled: enabled ?? true,
588
- metadata,
589
- });
590
- return result.success
591
- ? { success: true, action: 'updated', routeId: existingRoute.id }
592
- : { success: false, message: result.message };
593
- }
594
- const routeId = await manager.createRoute(normalizedRoute, auth.userId, enabled ?? true, metadata);
595
- return { success: true, action: 'created', routeId };
596
- }
597
- buildGatewayClientExternalKey(ownership) {
598
- return [
599
- ownership.gatewayClientType,
600
- ownership.gatewayClientId,
601
- ownership.appId,
602
- ownership.hostname,
603
- ].map((part) => part.trim()).join(':');
604
- }
605
- normalizeWorkAppRoute(route, ownership, externalKey) {
606
- const normalizedRoute = { ...route };
607
- if (!normalizedRoute.name) {
608
- normalizedRoute.name = `workapp-${externalKey.replace(/[^a-zA-Z0-9-]+/g, '-').slice(0, 80)}`;
609
- }
610
- return normalizedRoute;
611
- }
612
- normalizeGatewayClientRoute(route, ownership, externalKey) {
613
- const normalizedRoute = structuredClone(route);
614
- delete normalizedRoute.security;
615
- if (!normalizedRoute.name) {
616
- normalizedRoute.name = `gateway-client-${externalKey.replace(/[^a-zA-Z0-9-]+/g, '-').slice(0, 80)}`;
617
- }
618
- return normalizedRoute;
619
- }
620
- getManagedRouteSourceBindings() {
621
- const resolver = this.opsServerRef.dcRouterRef.referenceResolver;
622
- const standardProfile = resolver?.listProfiles().find((profile) => {
623
- return profile.id.trim().toLowerCase() === 'standard'
624
- || profile.name.trim().toLowerCase() === 'standard';
625
- });
626
- if (!standardProfile) {
627
- return undefined;
628
- }
629
- return [{
630
- sourceProfileRef: standardProfile.id,
631
- sourceProfileName: standardProfile.name,
632
- }];
633
- }
634
- }
635
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid29ya2hvc3Rlci5oYW5kbGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvb3Bzc2VydmVyL2hhbmRsZXJzL3dvcmtob3N0ZXIuaGFuZGxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGtCQUFrQixDQUFDO0FBRTVDLE9BQU8sS0FBSyxVQUFVLE1BQU0saUNBQWlDLENBQUM7QUFDOUQsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBUXBELE1BQU0sT0FBTyxpQkFBaUI7SUFHUjtJQUZiLFdBQVcsR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsV0FBVyxFQUFFLENBQUM7SUFFNUQsWUFBb0IsWUFBdUI7UUFBdkIsaUJBQVksR0FBWixZQUFZLENBQVc7UUFDekMsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMvRCxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRU8sS0FBSyxDQUFDLFdBQVcsQ0FDdkIsT0FBb0UsRUFDcEUsYUFBOEM7UUFFOUMsTUFBTSxJQUFJLEdBQUcsTUFBTSxjQUFjLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxPQUFPLEVBQUU7WUFDNUQsS0FBSyxFQUFFLGFBQWE7WUFDcEIsb0JBQW9CLEVBQUUsYUFBYSxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUM7U0FDeEQsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxFQUFFLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxFQUFFLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7SUFDM0UsQ0FBQztJQUVPLEtBQUssQ0FBQyxZQUFZLENBQ3hCLE9BQW9FLEVBQ3BFLFFBQXdDLHVCQUF1QjtRQUUvRCxNQUFNLElBQUksR0FBRyxNQUFNLGNBQWMsQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLE9BQU8sRUFBRTtZQUM1RCxLQUFLO1lBQ0wsb0JBQW9CLEVBQUUsSUFBSTtZQUMxQixpQkFBaUIsRUFBRSxJQUFJO1NBQ3hCLENBQUMsQ0FBQztRQUNILE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQztJQUNyQixDQUFDO0lBRU8sZ0JBQWdCO1FBQ3RCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyx3QkFBd0IsRUFDeEIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsc0JBQXNCLENBQUMsQ0FBQztZQUN4RCxPQUFPLEVBQUUsWUFBWSxFQUFFLElBQUksQ0FBQyxzQkFBc0IsRUFBRSxFQUFFLENBQUM7UUFDekQsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyx5QkFBeUIsRUFDekIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsc0JBQXNCLENBQUMsQ0FBQztZQUNyRSxPQUFPO2dCQUNMLE9BQU8sRUFBRSxJQUFJLENBQUMsdUJBQXVCLENBQUMsSUFBSSxDQUFDO2dCQUMzQyxZQUFZLEVBQUUsSUFBSSxDQUFDLHNCQUFzQixFQUFFO2FBQzVDLENBQUM7UUFDSixDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQzlCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLG9CQUFvQixFQUNwQixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxzQkFBc0IsQ0FBQyxDQUFDO1lBQ3pELE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxJQUFJLENBQUMseUJBQXlCLEVBQUUsRUFBRSxDQUFDO1FBQ3BFLENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMscUJBQXFCLEVBQ3JCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDaEQsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsb0JBQW9CLENBQUM7WUFDbkUsSUFBSSxDQUFDLE9BQU87Z0JBQUUsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLDJDQUEyQyxFQUFFLENBQUM7WUFDOUYsSUFBSSxDQUFDO2dCQUNILE1BQU0sYUFBYSxHQUFHLE1BQU0sT0FBTyxDQUFDLFlBQVksQ0FBQztvQkFDL0MsRUFBRSxFQUFFLE9BQU8sQ0FBQyxFQUFFO29CQUNkLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtvQkFDbEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxJQUFJO29CQUNsQixXQUFXLEVBQUUsT0FBTyxDQUFDLFdBQVc7b0JBQ2hDLGdCQUFnQixFQUFFLE9BQU8sQ0FBQyxnQkFBZ0I7b0JBQzFDLG1CQUFtQixFQUFFLE9BQU8sQ0FBQyxtQkFBbUI7b0JBQ2hELFlBQVksRUFBRSxPQUFPLENBQUMsWUFBWTtvQkFDbEMsU0FBUyxFQUFFLE1BQU07aUJBQ2xCLENBQUMsQ0FBQztnQkFDSCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxhQUFhLEVBQUUsQ0FBQztZQUMxQyxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDZixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUcsS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQy9ELENBQUM7UUFDSCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQzlCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLHFCQUFxQixFQUNyQixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ2pDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDO1lBQ25FLElBQUksQ0FBQyxPQUFPO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSwyQ0FBMkMsRUFBRSxDQUFDO1lBQzlGLE1BQU0sYUFBYSxHQUFHLE1BQU0sT0FBTyxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsRUFBRSxFQUFFO2dCQUMzRCxJQUFJLEVBQUUsT0FBTyxDQUFDLElBQUk7Z0JBQ2xCLFdBQVcsRUFBRSxPQUFPLENBQUMsV0FBVztnQkFDaEMsZ0JBQWdCLEVBQUUsT0FBTyxDQUFDLGdCQUFnQjtnQkFDMUMsbUJBQW1CLEVBQUUsT0FBTyxDQUFDLG1CQUFtQjtnQkFDaEQsWUFBWSxFQUFFLE9BQU8sQ0FBQyxZQUFZO2dCQUNsQyxPQUFPLEVBQUUsT0FBTyxDQUFDLE9BQU87YUFDekIsQ0FBQyxDQUFDO1lBQ0gsT0FBTyxhQUFhO2dCQUNsQixDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRTtnQkFDbEMsQ0FBQyxDQUFDLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsMEJBQTBCLEVBQUUsQ0FBQztRQUM5RCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQzlCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLHFCQUFxQixFQUNyQixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ2pDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDO1lBQ25FLElBQUksQ0FBQyxPQUFPO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSwyQ0FBMkMsRUFBRSxDQUFDO1lBQzlGLE1BQU0sT0FBTyxHQUFHLE1BQU0sT0FBTyxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDdkQsT0FBTyxFQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLDBCQUEwQixFQUFFLENBQUM7UUFDaEYsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQywwQkFBMEIsRUFDMUIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFDakUsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRSxTQUFTLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1lBQ25ILE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQztZQUNuRSxJQUFJLENBQUMsYUFBYSxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUM3QyxPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsc0NBQXNDLEVBQUUsQ0FBQztZQUM3RSxDQUFDO1lBQ0QsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO2dCQUNsQixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsa0NBQWtDLEVBQUUsQ0FBQztZQUN6RSxDQUFDO1lBQ0QsTUFBTSxNQUFNLEdBQUcsTUFBTSxZQUFZLENBQUMsV0FBVyxDQUMzQyxPQUFPLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLEdBQUcsYUFBYSxDQUFDLElBQUksUUFBUSxFQUNyRCxDQUFDLHNCQUFzQixFQUFFLHVCQUF1QixDQUFDLEVBQ2pELE9BQU8sQ0FBQyxhQUFhLElBQUksSUFBSSxFQUM3QixNQUFNLEVBQ047Z0JBQ0UsSUFBSSxFQUFFLGVBQWU7Z0JBQ3JCLE1BQU0sRUFBRSxDQUFDLHNCQUFzQixFQUFFLHVCQUF1QixDQUFDO2dCQUN6RCxhQUFhLEVBQUUsRUFBRSxJQUFJLEVBQUUsYUFBYSxDQUFDLElBQUksRUFBRSxFQUFFLEVBQUUsYUFBYSxDQUFDLEVBQUUsRUFBRTtnQkFDakUsZ0JBQWdCLEVBQUUsYUFBYSxDQUFDLGdCQUFnQjtnQkFDaEQsbUJBQW1CLEVBQUUsYUFBYSxDQUFDLG1CQUFtQjtnQkFDdEQsWUFBWSxFQUFFLGFBQWEsQ0FBQyxZQUFZO2FBQ3pDLENBQ0YsQ0FBQztZQUNGLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsRUFBRSxFQUFFLFVBQVUsRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDNUUsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyx5QkFBeUIsRUFDekIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsc0JBQXNCLENBQUMsQ0FBQztZQUNyRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBQzNDLE9BQU8sRUFBRSxPQUFPLEVBQUUsTUFBTSxJQUFJLENBQUMsd0JBQXdCLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxlQUFlLENBQUMsRUFBRSxDQUFDO1FBQ3pGLENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsNEJBQTRCLEVBQzVCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLHNCQUFzQixDQUFDLENBQUM7WUFDckUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO1lBQzlDLE9BQU8sRUFBRSxPQUFPLEVBQUUsTUFBTSxJQUFJLENBQUMsMkJBQTJCLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxlQUFlLENBQUMsRUFBRSxDQUFDO1FBQzVGLENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsc0JBQXNCLEVBQ3RCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLGtCQUFrQixDQUFDLENBQUM7WUFDakUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksRUFBRSxhQUFhLENBQUMsQ0FBQztZQUMzQyxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDLHdCQUF3QixDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7UUFDaEUsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyx3QkFBd0IsRUFDeEIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsdUJBQXVCLENBQUMsQ0FBQztZQUN0RSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLFlBQVksQ0FBQyxDQUFDO1lBQzFDLE9BQU8sTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNwSCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQzlCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLGtCQUFrQixFQUNsQixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxtQkFBbUIsQ0FBQyxDQUFDO1lBQ2xFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsWUFBWSxDQUFDLENBQUM7WUFDMUMsTUFBTSxTQUFTLEdBQTRDO2dCQUN6RCxpQkFBaUIsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLGNBQWM7Z0JBQ25ELGVBQWUsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLFlBQVk7Z0JBQy9DLEtBQUssRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLFNBQVM7Z0JBQ2xDLFFBQVEsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVE7YUFDckMsQ0FBQztZQUNGLE9BQU8sTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRSxPQUFPLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzVHLENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsMEJBQTBCLEVBQzFCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLGtCQUFrQixDQUFDLENBQUM7WUFDcEQsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUM7WUFDakUsSUFBSSxDQUFDLE9BQU87Z0JBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUN4QyxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sT0FBTyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1FBQzdFLENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMseUJBQXlCLEVBQ3pCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLG1CQUFtQixDQUFDLENBQUM7WUFDbEUsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUM7WUFDakUsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNiLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxzQ0FBc0MsRUFBRSxDQUFDO1lBQzdFLENBQUM7WUFDRCxJQUFJLENBQUM7Z0JBQ0gsT0FBTyxNQUFNLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQzlELENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNmLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRyxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDL0QsQ0FBQztRQUNILENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMseUJBQXlCLEVBQ3pCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLElBQUksSUFBSSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQztZQUNoRixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxrQkFBa0IsQ0FBQztZQUNqRSxJQUFJLENBQUMsT0FBTztnQkFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLEVBQUUsRUFBRSxDQUFDO1lBQ3RDLE9BQU87Z0JBQ0wsUUFBUSxFQUFFLE1BQU0sT0FBTyxDQUFDLHVCQUF1QixDQUFDO29CQUM5QyxLQUFLLEVBQUUsSUFBSSxDQUFDLHNCQUFzQixDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDO29CQUN2RCxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU07b0JBQ3RCLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTztpQkFDekIsQ0FBQzthQUNILENBQUM7UUFDSixDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQzlCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLHdCQUF3QixFQUN4QixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxJQUFJLElBQUksRUFBRSxFQUFFLHVCQUF1QixDQUFDLENBQUM7WUFDakYsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksRUFBRSxZQUFZLENBQUMsQ0FBQztZQUMxQyxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxrQkFBa0IsQ0FBQztZQUNqRSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2IsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLHNDQUFzQyxFQUFFLENBQUM7WUFDN0UsQ0FBQztZQUNELElBQUksQ0FBQztnQkFDSCxNQUFNLE9BQU8sR0FBRztvQkFDZCxHQUFHLE9BQU8sQ0FBQyxPQUFPO29CQUNsQixLQUFLLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQztpQkFDMUQsQ0FBQztnQkFDRixJQUFJLENBQUMsOEJBQThCLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxhQUFhLENBQUMsQ0FBQztnQkFDakUsT0FBTyxNQUFNLE9BQU8sQ0FBQyxzQkFBc0IsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3BFLENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNmLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRyxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDL0QsQ0FBQztRQUNILENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsMEJBQTBCLEVBQzFCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLElBQUksSUFBSSxFQUFFLEVBQUUsdUJBQXVCLENBQUMsQ0FBQztZQUNqRixJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLFlBQVksQ0FBQyxDQUFDO1lBQzFDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUFDO1lBQ2pFLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDYixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsc0NBQXNDLEVBQUUsQ0FBQztZQUM3RSxDQUFDO1lBQ0QsSUFBSSxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRSxJQUFJLEtBQUssZUFBZSxFQUFFLENBQUM7Z0JBQ2pELE1BQU0sUUFBUSxHQUFHLE1BQU0sT0FBTyxDQUFDLHVCQUF1QixDQUFDO29CQUNyRCxLQUFLLEVBQUUsSUFBSSxDQUFDLHNCQUFzQixDQUFDLElBQUksQ0FBQztpQkFDekMsQ0FBQyxDQUFDO2dCQUNILE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLFNBQVMsQ0FBQyxFQUFFLEtBQUssT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUMxRSxJQUFJLENBQUMsT0FBTztvQkFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO2dCQUN2QyxPQUFPLE1BQU0sT0FBTyxDQUFDLHdCQUF3QixDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3pFLENBQUM7WUFDRCxPQUFPLE1BQU0sT0FBTyxDQUFDLHdCQUF3QixDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3pFLENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMseUJBQXlCLEVBQ3pCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLElBQUksSUFBSSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQztZQUNoRixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxrQkFBa0IsQ0FBQztZQUNqRSxJQUFJLENBQUMsT0FBTztnQkFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLEVBQUUsRUFBRSxDQUFDO1lBQ3RDLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxPQUFPLENBQUMsdUJBQXVCLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQy9HLENBQUMsQ0FDRixDQUNGLENBQUM7SUFDSixDQUFDO0lBRU8sc0JBQXNCO1FBQzVCLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQy9DLE9BQU87WUFDTCxNQUFNLEVBQUU7Z0JBQ04sSUFBSSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQUM7Z0JBQzFDLEtBQUssRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLGtCQUFrQixDQUFDO2dCQUMzQyxjQUFjLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQzthQUNyRDtZQUNELE9BQU8sRUFBRTtnQkFDUCxJQUFJLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUM7Z0JBQ2xDLEtBQUssRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQzthQUNwQztZQUNELFlBQVksRUFBRTtnQkFDWixJQUFJLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUM7Z0JBQ2xDLE1BQU0sRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQztnQkFDcEMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDO2FBQ3pDO1lBQ0QsS0FBSyxFQUFFO2dCQUNMLE9BQU8sRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLGtCQUFrQixDQUFDO2dCQUM3QyxPQUFPLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUM7Z0JBQ3RDLFFBQVEsRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQzthQUN4QztZQUNELGFBQWEsRUFBRTtnQkFDYixPQUFPLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxvQkFBb0IsRUFBRSxjQUFjLEVBQUUsQ0FBQyxPQUFPLENBQUM7YUFDMUU7WUFDRCxHQUFHLEVBQUU7Z0JBQ0gsYUFBYSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxNQUFNLENBQUM7Z0JBQzFELGVBQWUsRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQzthQUM5QztZQUNELEtBQUssRUFBRTtnQkFDTCxPQUFPLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsT0FBTyxLQUFLLEtBQUs7YUFDbkQ7U0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLHVCQUF1QixDQUFDLElBQWtCO1FBQ2hELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLElBQUksSUFBSSxVQUFVLENBQUM7UUFDakUsT0FBTztZQUNMLElBQUk7WUFDSixNQUFNLEVBQUUsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUM7WUFDbkMsYUFBYSxFQUFFLE1BQU0sRUFBRSxhQUFhO1lBQ3BDLGdCQUFnQixFQUFFLE1BQU0sRUFBRSxnQkFBZ0IsSUFBSSxFQUFFO1lBQ2hELG1CQUFtQixFQUFFLE1BQU0sRUFBRSxtQkFBbUIsSUFBSSxFQUFFO1lBQ3RELFlBQVksRUFBRSxNQUFNLEVBQUUsWUFBWSxJQUFJLEVBQUU7U0FDekMsQ0FBQztJQUNKLENBQUM7SUFFTyxLQUFLLENBQUMseUJBQXlCO1FBQ3JDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDO1FBQ25FLElBQUksQ0FBQyxPQUFPO1lBQUUsT0FBTyxFQUFFLENBQUM7UUFDeEIsTUFBTSxPQUFPLEdBQUcsTUFBTSxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDNUMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsZUFBZSxFQUFFLFVBQVUsRUFBRSxJQUFJLEVBQUUsQ0FBQztRQUNqRixPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDOUIsR0FBRyxNQUFNO1lBQ1QsVUFBVSxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsYUFBYSxFQUFFLEVBQUUsS0FBSyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUMsTUFBTTtTQUMzRixDQUFDLENBQUMsQ0FBQztJQUNOLENBQUM7SUFFTyxnQkFBZ0IsQ0FBQyxTQUFpRDtRQUN4RSxPQUFPO1lBQ0wsU0FBUyxDQUFDLGNBQWM7WUFDeEIsU0FBUyxDQUFDLFlBQVk7WUFDdEIsU0FBUyxDQUFDLFNBQVM7WUFDbkIsU0FBUyxDQUFDLFFBQVE7U0FDbkIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRU8sZ0JBQWdCLENBQ3RCLElBQWtCLEVBQ2xCLFVBQThFO1FBRTlFLElBQUksSUFBSSxDQUFDLE9BQU87WUFBRSxPQUFPO1FBQ3pCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO1FBQ2xDLElBQUksQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLElBQUksS0FBSyxlQUFlO1lBQUUsT0FBTztRQUN2RCxJQUFJLE1BQU0sQ0FBQyxZQUFZLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxJQUFJO1lBQUUsT0FBTztRQUN2RCxNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyw2QkFBNkIsTUFBTSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN2RyxDQUFDO0lBRU8sc0JBQXNCLENBQUMsSUFBa0IsRUFBRSxXQUFvQjtRQUNyRSxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRSxhQUFhLENBQUM7UUFDdkQsSUFBSSxDQUFDLFlBQVk7WUFBRSxPQUFPLFdBQVcsQ0FBQztRQUN0QyxJQUFJLFdBQVcsSUFBSSxXQUFXLEtBQUssWUFBWSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ25ELE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLDJEQUEyRCxDQUFDLENBQUM7UUFDakgsQ0FBQztRQUNELE9BQU8sWUFBWSxDQUFDLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRU8sNkJBQTZCLENBQ25DLElBQWtCLEVBQ2xCLFNBQWtEO1FBRWxELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO1FBQ2xDLElBQUksTUFBTSxFQUFFLElBQUksS0FBSyxlQUFlLEVBQUUsQ0FBQztZQUNyQyxJQUFJLENBQUMsTUFBTSxDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUMxQixNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyx1REFBdUQsQ0FBQyxDQUFDO1lBQzdHLENBQUM7WUFDRCxJQUFJLFNBQVMsQ0FBQyxpQkFBaUIsSUFBSSxTQUFTLENBQUMsaUJBQWlCLEtBQUssTUFBTSxDQUFDLGFBQWEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDN0YsTUFBTSxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsb0RBQW9ELENBQUMsQ0FBQztZQUMxRyxDQUFDO1lBQ0QsSUFBSSxTQUFTLENBQUMsZUFBZSxJQUFJLFNBQVMsQ0FBQyxlQUFlLEtBQUssTUFBTSxDQUFDLGFBQWEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztnQkFDdkYsTUFBTSxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsb0RBQW9ELENBQUMsQ0FBQztZQUMxRyxDQUFDO1lBQ0QsT0FBTztnQkFDTCxpQkFBaUIsRUFBRSxNQUFNLENBQUMsYUFBYSxDQUFDLElBQUk7Z0JBQzVDLGVBQWUsRUFBRSxNQUFNLENBQUMsYUFBYSxDQUFDLEVBQUU7Z0JBQ3hDLEtBQUssRUFBRSxTQUFTLENBQUMsS0FBSztnQkFDdEIsUUFBUSxFQUFFLFNBQVMsQ0FBQyxRQUFRO2FBQzdCLENBQUM7UUFDSixDQUFDO1FBRUQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxpQkFBaUIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUMvRCxNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxnREFBZ0QsQ0FBQyxDQUFDO1FBQ3RHLENBQUM7UUFDRCxPQUFPLFNBQThELENBQUM7SUFDeEUsQ0FBQztJQUVPLHNCQUFzQixDQUM1QixJQUFrQixFQUNsQixLQUFvRTtRQUVwRSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQztRQUNsQyxJQUFJLE1BQU0sRUFBRSxJQUFJLEtBQUssZUFBZTtZQUFFLE9BQU8sS0FBSyxDQUFDO1FBQ25ELElBQUksQ0FBQyxNQUFNLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUM3RyxDQUFDO1FBQ0QsSUFBSSxLQUFLLEVBQUUsaUJBQWlCLElBQUksS0FBSyxDQUFDLGlCQUFpQixLQUFLLE1BQU0sQ0FBQyxhQUFhLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdEYsTUFBTSxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsb0RBQW9ELENBQUMsQ0FBQztRQUMxRyxDQUFDO1FBQ0QsSUFBSSxLQUFLLEVBQUUsZUFBZSxJQUFJLEtBQUssQ0FBQyxlQUFlLEtBQUssTUFBTSxDQUFDLGFBQWEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNoRixNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO1FBQzFHLENBQUM7UUFDRCxPQUFPO1lBQ0wsR0FBRyxLQUFLO1lBQ1IsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQyxJQUFJO1lBQzVDLGVBQWUsRUFBRSxNQUFNLENBQUMsYUFBYSxDQUFDLEVBQUU7U0FDekMsQ0FBQztJQUNKLENBQUM7SUFFTyxnQkFBZ0IsQ0FDdEIsSUFBa0IsRUFDbEIsS0FBMEQ7UUFFMUQsTUFBTSxhQUFhLEdBQUcsSUFBSSxDQUFDLHNCQUFzQixDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztRQUMvRCxJQUFJLENBQUMsYUFBYSxFQUFFLGlCQUFpQixJQUFJLENBQUMsYUFBYSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3hFLE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLGlEQUFpRCxDQUFDLENBQUM7UUFDdkcsQ0FBQztRQUNELE9BQU8sYUFBb0UsQ0FBQztJQUM5RSxDQUFDO0lBRU8sNEJBQTRCLENBQUMsSUFBa0IsRUFBRSxTQUE0RDtRQUNuSCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQztRQUNsQyxJQUFJLENBQUMsTUFBTSxJQUFJLE1BQU0sQ0FBQyxJQUFJLEtBQUssZUFBZTtZQUFFLE9BQU87UUFDdkQsSUFBSSxDQUFDLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxTQUFTLENBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsSUFBSSxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ3JGLE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLGtDQUFrQyxDQUFDLENBQUM7UUFDeEYsQ0FBQztJQUNILENBQUM7SUFFTyx5QkFBeUIsQ0FBQyxJQUFrQixFQUFFLEtBQTRDO1FBQ2hHLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO1FBQ2xDLElBQUksQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLElBQUksS0FBSyxlQUFlLElBQUksQ0FBQyxLQUFLO1lBQUUsT0FBTztRQUNqRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsbUJBQW1CLElBQUksRUFBRSxDQUFDO1FBQ3hELElBQUksY0FBYyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNoQyxNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO1FBQ3pHLENBQUM7UUFDRCxNQUFNLE9BQU8sR0FBRyxDQUFFLEtBQUssQ0FBQyxNQUFjLEVBQUUsT0FBTyxJQUFJLEVBQUUsQ0FBNEMsQ0FBQztRQUNsRyxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQzdCLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzVELE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDakMsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLElBQUksQ0FBQyxDQUFDLGFBQWEsRUFBRSxFQUFFO2dCQUNwRCxPQUFPLGFBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFLEtBQUssSUFBSSxJQUFJLGFBQWEsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ2hHLENBQUMsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNiLE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLHlDQUF5QyxJQUFJLElBQUksSUFBSSxFQUFFLENBQUMsQ0FBQztZQUM3RyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyw4QkFBOEIsQ0FDcEMsSUFBa0IsRUFDbEIsTUFBNEQ7UUFFNUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUM7UUFDbEMsSUFBSSxDQUFDLE1BQU0sSUFBSSxNQUFNLENBQUMsSUFBSSxLQUFLLGVBQWUsSUFBSSxDQUFDLE1BQU0sRUFBRSxXQUFXO1lBQUUsT0FBTztRQUMvRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsbUJBQW1CLElBQUksRUFBRSxDQUFDO1FBQ3hELElBQUksY0FBYyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNoQyxNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO1FBQ3pHLENBQUM7UUFDRCxNQUFNLElBQUksR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUMxRCxNQUFNLElBQUksR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM3QyxNQUFNLE9BQU8sR0FBRyxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUMsYUFBYSxFQUFFLEVBQUU7WUFDcEQsT0FBTyxhQUFhLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRSxLQUFLLElBQUksSUFBSSxhQUFhLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNoRyxDQUFDLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLHdDQUF3QyxJQUFJLElBQUksSUFBSSxFQUFFLENBQUMsQ0FBQztRQUM1RyxDQUFDO0lBQ0gsQ0FBQztJQUVPLHVCQUF1QixDQUFDLFFBQWdCLEVBQUUsUUFBa0I7UUFDbEUsTUFBTSxrQkFBa0IsR0FBRyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDekQsSUFBSSxDQUFDLGtCQUFrQjtZQUFFLE9BQU8sS0FBSyxDQUFDO1FBQ3RDLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7WUFDL0IsTUFBTSxpQkFBaUIsR0FBRyxPQUFPLENBQUMsSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDdkQsSUFBSSxDQUFDLGlCQUFpQjtnQkFBRSxTQUFTO1lBQ2pDLElBQUksaUJBQWlCLEtBQUssa0JBQWtCO2dCQUFFLE9BQU8sSUFBSSxDQUFDO1lBQzFELElBQUksaUJBQWlCLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7Z0JBQ3ZDLE1BQU0sTUFBTSxHQUFHLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDMUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUFFLFNBQVM7Z0JBQ3pELE1BQU0sTUFBTSxHQUFHLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDakUsSUFBSSxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQztvQkFBRSxPQUFPLElBQUksQ0FBQztZQUNuRCxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVPLGlCQUFpQixDQUFDLEtBQTJDO1FBQ25FLE1BQU0sT0FBTyxHQUFJLEtBQUssQ0FBQyxLQUFhLEVBQUUsT0FBTyxDQUFDO1FBQzlDLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQzNCLE9BQU8sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3RGLENBQUM7UUFDRCxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ2hDLE9BQU8sT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN6RixDQUFDO1FBQ0QsT0FBTyxFQUFFLENBQUM7SUFDWixDQUFDO0lBRU8sY0FBYyxDQUFDLGVBQXdCO1FBQzdDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUFDO1FBQ2pFLElBQUksQ0FBQyxPQUFPO1lBQUUsT0FBTyxFQUFFLENBQUM7UUFDeEIsT0FBTyxPQUFPLENBQUMsZUFBZSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFO1lBQ3ZELE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUM7WUFDaEMsSUFBSSxDQUFDLFFBQVE7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDNUIsTUFBTSxTQUFTLEdBQUcsUUFBUSxDQUFDLFNBQVMsQ0FBQztZQUNyQyxNQUFNLGNBQWMsR0FBRyxTQUFTLEtBQUssZUFBZSxJQUFJLFNBQVMsS0FBSyxZQUFZLENBQUM7WUFDbkYsSUFBSSxDQUFDLGNBQWM7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDbEMsTUFBTSxvQkFBb0IsR0FBRyxRQUFRLENBQUMsZUFBZSxJQUFJLFFBQVEsQ0FBQyxZQUFZLENBQUM7WUFDL0UsT0FBTyxlQUFlLENBQUMsQ0FBQyxDQUFDLG9CQUFvQixLQUFLLGVBQWUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO1FBQzNFLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVPLEtBQUssQ0FBQyx3QkFBd0IsQ0FDcEMsSUFBa0IsRUFDbEIsd0JBQWlDO1FBRWpDLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQztRQUM1RCxJQUFJLENBQUMsVUFBVTtZQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzNCLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLEVBQUUsd0JBQXdCLENBQUMsQ0FBQztRQUNwRixNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQ3pELE1BQU0sY0FBYyxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUMzRixNQUFNLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUU1QyxPQUFPLElBQUk7YUFDUixNQUFNLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRTtZQUNwQixJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBSSxLQUFLLGVBQWU7Z0JBQUUsT0FBTyxJQUFJLENBQUM7WUFDbkYsT0FBTyxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQzlGLENBQUMsQ0FBQzthQUNELEdBQUcsQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFO1lBQ2pCLE1BQU0sTUFBTSxHQUFHLFVBQVUsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDcEQsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLENBQUMsTUFBTSxLQUFLLFVBQVUsSUFBSSxPQUFPLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3ZGLE1BQU0sWUFBWSxHQUFHLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDO1lBQ2hILE9BQU87Z0JBQ0wsR0FBRyxNQUFNO2dCQUNULFlBQVk7Z0JBQ1osVUFBVSxFQUFFLFlBQVksTUFBTSxDQUFDLEVBQUUsRUFBRTtnQkFDbkMsWUFBWSxFQUFFO29CQUNaLG1CQUFtQixFQUFFLG1CQUFtQjtvQkFDeEMsbUJBQW1CO29CQUNuQixvQkFBb0IsRUFBRSxPQUFPLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO29CQUN2RSxZQUFZLEVBQUUsT0FBTyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUFDO2lCQUN4RTthQUM2QyxDQUFDO1FBQ25ELENBQUMsQ0FBQyxDQUFDO0lBQ1AsQ0FBQztJQUVPLEtBQUssQ0FBQywyQkFBMkIsQ0FDdkMsSUFBa0IsRUFDbEIsd0JBQWlDO1FBRWpDLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQztRQUM1RCxJQUFJLENBQUMsVUFBVTtZQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzNCLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLEVBQUUsd0JBQXdCLENBQUMsQ0FBQztRQUNwRixNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQ3pELE1BQU0sT0FBTyxHQUFHLE1BQU0sVUFBVSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQy9DLE1BQU0sT0FBTyxHQUE4QyxFQUFFLENBQUM7UUFFOUQsS0FBSyxNQUFNLEtBQUssSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQyxNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFDO1lBQ2hDLElBQUksQ0FBQyxRQUFRO2dCQUFFLFNBQVM7WUFDeEIsTUFBTSxpQkFBaUIsR0FBRyxRQUFRLENBQUMsaUJBQWlCLElBQUksUUFBUSxDQUFDLGNBQWMsSUFBSSxRQUFRLENBQUM7WUFDNUYsTUFBTSxvQkFBb0IsR0FBRyxRQUFRLENBQUMsZUFBZSxJQUFJLFFBQVEsQ0FBQyxZQUFZLElBQUksRUFBRSxDQUFDO1lBQ3JGLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQyxrQkFBa0IsSUFBSSxRQUFRLENBQUMsU0FBUyxJQUFJLEVBQUUsQ0FBQztZQUV0RSxLQUFLLE1BQU0sUUFBUSxJQUFJLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDM0QsSUFBSSxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRSxJQUFJLEtBQUssZUFBZSxJQUFJLENBQUMsSUFBSSxDQUFDLHVCQUF1QixDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsSUFBSSxFQUFFLENBQUMsRUFBRSxDQUFDO29CQUN0SSxTQUFTO2dCQUNYLENBQUM7Z0JBQ0QsTUFBTSxTQUFTLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLFFBQVEsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztnQkFDM0YsTUFBTSxhQUFhLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxNQUFNLFVBQVUsQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDM0YsTUFBTSxlQUFlLEdBQUcsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxRQUFRLENBQUMsQ0FBQztnQkFDbkYsSUFBSSxlQUFlLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUNqQyxPQUFPLENBQUMsSUFBSSxDQUFDO3dCQUNYLEVBQUUsRUFBRSxXQUFXLFFBQVEsRUFBRTt3QkFDekIsUUFBUSxFQUFFLFNBQVMsRUFBRSxFQUFFLElBQUksRUFBRTt3QkFDN0IsVUFBVSxFQUFFLFNBQVMsRUFBRSxJQUFJO3dCQUMzQixJQUFJLEVBQUUsUUFBUTt3QkFDZCxJQUFJLEVBQUUsU0FBUzt3QkFDZixLQUFLLEVBQUUsRUFBRTt3QkFDVCxHQUFHLEVBQUUsQ0FBQzt3QkFDTixNQUFNLEVBQUUsT0FBTzt3QkFDZixNQUFNLEVBQUUsU0FBUzt3QkFDakIsaUJBQWlCO3dCQUNqQixlQUFlLEVBQUUsb0JBQW9CO3dCQUNyQyxLQUFLO3dCQUNMLFFBQVE7d0JBQ1IsT0FBTyxFQUFFLEtBQUssQ0FBQyxFQUFFO3dCQUNqQixVQUFVLEVBQUUsU0FBUyxDQUFDLENBQUMsQ0FBQyxZQUFZLFNBQVMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUMsVUFBVTt3QkFDbkUsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTLElBQUksQ0FBQzt3QkFDL0IsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTLElBQUksQ0FBQzt3QkFDL0IsU0FBUyxFQUFFLEVBQUU7cUJBQ2QsQ0FBQyxDQUFDO29CQUNILFNBQVM7Z0JBQ1gsQ0FBQztnQkFDRCxLQUFLLE1BQU0sU0FBUyxJQUFJLGVBQWUsRUFBRSxDQUFDO29CQUN4QyxNQUFNLE1BQU0sR0FBRyxVQUFVLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDO29CQUNwRCxPQUFPLENBQUMsSUFBSSxDQUFDO3dCQUNYLEdBQUcsTUFBTTt3QkFDVCxVQUFVLEVBQUUsU0FBUyxFQUFFLElBQUk7d0JBQzNCLE1BQU0sRUFBRSxRQUFRO3dCQUNoQixpQkFBaUI7d0JBQ2pCLGVBQWUsRUFBRSxvQkFBb0I7d0JBQ3JDLEtBQUs7d0JBQ0wsUUFBUTt3QkFDUixPQUFPLEVBQUUsS0FBSyxDQUFDLEVBQUU7d0JBQ2pCLFVBQVUsRUFBRSxnQkFBZ0IsTUFBTSxDQUFDLEVBQUUsRUFBRTtxQkFDeEMsQ0FBQyxDQUFDO2dCQUNMLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxRQUFnQixFQUFFLFVBQWtCO1FBQzdELE1BQU0sa0JBQWtCLEdBQUcsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3pELE1BQU0sb0JBQW9CLEdBQUcsVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQzdELE9BQU8sa0JBQWtCLEtBQUssb0JBQW9CLElBQUksa0JBQWtCLENBQUMsUUFBUSxDQUFDLElBQUksb0JBQW9CLEVBQUUsQ0FBQyxDQUFDO0lBQ2hILENBQUM7SUFFTyxLQUFLLENBQUMsc0JBQXNCLENBQ2xDLElBQWtCLEVBQ2xCLFNBQWtELEVBQ2xELEtBQTRDLEVBQzVDLE9BQWlCLEVBQ2pCLFdBQXFCO1FBRXJCLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxDQUFDLDZCQUE2QixDQUFDLElBQUksRUFBRSxTQUFTLENBQUMsQ0FBQztRQUM5RSxJQUFJLENBQUMsNEJBQTRCLENBQUMsSUFBSSxFQUFFLGlCQUFpQixDQUFDLENBQUM7UUFDM0QsSUFBSSxDQUFDLHlCQUF5QixDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztRQUU1QyxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxrQkFBa0IsQ0FBQztRQUNqRSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsa0NBQWtDLEVBQUUsQ0FBQztRQUN6RSxDQUFDO1FBRUQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLDZCQUE2QixDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDMUUsTUFBTSxhQUFhLEdBQUcsT0FBTyxDQUFDLHlCQUF5QixDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRXJFLElBQUksV0FBVyxFQUFFLENBQUM7WUFDaEIsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUNuQixPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsV0FBVyxFQUFFLENBQUM7WUFDaEQsQ0FBQztZQUNELE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLFdBQVcsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDM0QsT0FBTyxNQUFNLENBQUMsT0FBTztnQkFDbkIsQ0FBQyxDQUFDLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLE9BQU8sRUFBRSxhQUFhLENBQUMsRUFBRSxFQUFFO2dCQUNqRSxDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDbEQsQ0FBQztRQUVELElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNYLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxzQ0FBc0MsRUFBRSxDQUFDO1FBQzdFLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsNkJBQTZCLEVBQUUsQ0FBQztRQUM1RCxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7WUFDcEIsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLG1DQUFtQyxFQUFFLENBQUM7UUFDMUUsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFtQztZQUMvQyxjQUFjO1lBQ2QsU0FBUyxFQUFFLGVBQWU7WUFDMUIsaUJBQWlCLEVBQUUsaUJBQWlCLENBQUMsaUJBQWlCO1lBQ3RELGVBQWUsRUFBRSxpQkFBaUIsQ0FBQyxlQUFlO1lBQ2xELGtCQUFrQixFQUFFLGlCQUFpQixDQUFDLEtBQUs7WUFDM0MsY0FBYyxFQUFFLGlCQUFpQixDQUFDLGlCQUFpQjtZQUNuRCxZQUFZLEVBQUUsaUJBQWlCLENBQUMsZUFBZTtZQUMvQyxTQUFTLEVBQUUsaUJBQWlCLENBQUMsS0FBSztZQUNsQyxXQUFXO1NBQ1osQ0FBQztRQUNGLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQywyQkFBMkIsQ0FBQyxLQUFLLEVBQUUsaUJBQWlCLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFaEcsSUFBSSxhQUFhLEVBQUUsQ0FBQztZQUNsQixNQUFNLFVBQVUsR0FBa0QsRUFBRSxHQUFHLGVBQWUsRUFBRSxDQUFDO1lBQ3hGLFVBQWtCLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQztZQUNwQyxNQUFNLE1BQU0sR0FBRyxNQUFNLE9BQU8sQ0FBQyxXQUFXLENBQUMsYUFBYSxDQUFDLEVBQUUsRUFBRTtnQkFDekQsS0FBSyxFQUFFLFVBQVU7Z0JBQ2pCLE9BQU8sRUFBRSxPQUFPLElBQUksSUFBSTtnQkFDeEIsUUFBUTthQUNULENBQUMsQ0FBQztZQUNILE9BQU8sTUFBTSxDQUFDLE9BQU87Z0JBQ25CLENBQUMsQ0FBQyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsYUFBYSxDQUFDLEVBQUUsRUFBRTtnQkFDakUsQ0FBQyxDQUFDLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ2xELENBQUM7UUFFRCxNQUFNLE9BQU8sR0FBRyxNQUFNLE9BQU8sQ0FBQyxXQUFXLENBQUMsZUFBZSxFQUFFLElBQUksQ0FBQyxNQUFNLEVBQUUsT0FBTyxJQUFJLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQztRQUNuRyxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLE9BQU8sRUFBRSxDQUFDO0lBQ3ZELENBQUM7SUFFTyw2QkFBNkIsQ0FBQyxTQUE0RDtRQUNoRyxPQUFPO1lBQ0wsU0FBUyxDQUFDLGlCQUFpQjtZQUMzQixTQUFTLENBQUMsZUFBZTtZQUN6QixTQUFTLENBQUMsS0FBSztZQUNmLFNBQVMsQ0FBQyxRQUFRO1NBQ25CLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVPLHFCQUFxQixDQUMzQixLQUEyQyxFQUMzQyxTQUFpRCxFQUNqRCxXQUFtQjtRQUVuQixNQUFNLGVBQWUsR0FBRyxFQUFFLEdBQUcsS0FBSyxFQUFFLENBQUM7UUFDckMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUMxQixlQUFlLENBQUMsSUFBSSxHQUFHLFdBQVcsV0FBVyxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxHQUFHLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDL0YsQ0FBQztRQUNELE9BQU8sZUFBZSxDQUFDO0lBQ3pCLENBQUM7SUFFTywyQkFBMkIsQ0FDakMsS0FBMkMsRUFDM0MsU0FBNEQsRUFDNUQsV0FBbUI7UUFFbkIsTUFBTSxlQUFlLEdBQUcsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQy9DLE9BQU8sZUFBZSxDQUFDLFFBQVEsQ0FBQztRQUNoQyxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzFCLGVBQWUsQ0FBQyxJQUFJLEdBQUcsa0JBQWtCLFdBQVcsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLEVBQUUsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQ3RHLENBQUM7UUFDRCxPQUFPLGVBQWUsQ0FBQztJQUN6QixDQUFDO0lBRU8sNkJBQTZCO1FBQ25DLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGlCQUFpQixDQUFDO1FBQ2pFLE1BQU0sZUFBZSxHQUFHLFFBQVEsRUFBRSxZQUFZLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxPQUF1QyxFQUFFLEVBQUU7WUFDaEcsT0FBTyxPQUFPLENBQUMsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRSxLQUFLLFVBQVU7bUJBQ2hELE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFLEtBQUssVUFBVSxDQUFDO1FBQ3hELENBQUMsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3JCLE9BQU8sU0FBUyxDQUFDO1FBQ25CLENBQUM7UUFDRCxPQUFPLENBQUM7Z0JBQ04sZ0JBQWdCLEVBQUUsZUFBZSxDQUFDLEVBQUU7Z0JBQ3BDLGlCQUFpQixFQUFFLGVBQWUsQ0FBQyxJQUFJO2FBQ3hDLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRiJ9