dx-server 0.11.3 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cjs/static.d.ts +2 -4
- package/cjs/static.js +2 -50
- package/cjs/staticHelpers.d.ts +5 -3
- package/cjs/staticHelpers.js +33 -2
- package/esm/static.d.ts +2 -4
- package/esm/static.js +3 -48
- package/esm/staticHelpers.d.ts +5 -3
- package/esm/staticHelpers.js +33 -2
- package/package.json +1 -1
package/cjs/static.d.ts
CHANGED
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
import { type Chainable } from './dx.js';
|
|
2
|
-
import { type
|
|
3
|
-
export declare function chainStatic(pattern: string, { getPathname, ...options }:
|
|
2
|
+
import { type SendFileOptions } from './staticHelpers.js';
|
|
3
|
+
export declare function chainStatic(pattern: string, { getPathname, ...options }: SendFileOptions & {
|
|
4
4
|
getPathname?(matched: any): string;
|
|
5
|
-
dotfiles?: 'allow' | 'deny' | 'ignore';
|
|
6
|
-
root?: string;
|
|
7
5
|
}): Chainable;
|
package/cjs/static.js
CHANGED
|
@@ -1,14 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.chainStatic = void 0;
|
|
7
4
|
const dx_js_1 = require("./dx.js");
|
|
8
5
|
const staticHelpers_js_1 = require("./staticHelpers.js");
|
|
9
6
|
const bodyHelpers_js_1 = require("./bodyHelpers.js");
|
|
10
|
-
const node_path_1 = __importDefault(require("node:path"));
|
|
11
|
-
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
12
7
|
function chainStatic(pattern, { getPathname, ...options }) {
|
|
13
8
|
const urlPattern = new URLPattern({ pathname: pattern });
|
|
14
9
|
return async (next) => {
|
|
@@ -20,7 +15,7 @@ function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
20
15
|
if (!matched)
|
|
21
16
|
return next();
|
|
22
17
|
try {
|
|
23
|
-
await
|
|
18
|
+
await (0, staticHelpers_js_1.sendFileTrusted)(req, (0, dx_js_1.getRes)(), getPathname?.(matched)
|
|
24
19
|
?? decodeURIComponent(pathname), options);
|
|
25
20
|
}
|
|
26
21
|
catch (e) {
|
|
@@ -29,47 +24,4 @@ function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
29
24
|
};
|
|
30
25
|
}
|
|
31
26
|
exports.chainStatic = chainStatic;
|
|
32
|
-
|
|
33
|
-
options) {
|
|
34
|
-
const { root, dotfiles, ...trustedSendOptions } = options ?? {};
|
|
35
|
-
// null byte(s)
|
|
36
|
-
if (pathname.includes('\0'))
|
|
37
|
-
return (0, dx_js_1.setHtml)('Invalid request', { status: 400 });
|
|
38
|
-
let parts;
|
|
39
|
-
if (root) {
|
|
40
|
-
// normalize
|
|
41
|
-
pathname = node_path_1.default.normalize(`.${node_path_1.default.sep}${pathname}`);
|
|
42
|
-
// malicious path
|
|
43
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
44
|
-
return (0, dx_js_1.setHtml)('Forbidden', { status: 403 });
|
|
45
|
-
// explode path parts
|
|
46
|
-
parts = pathname.split(node_path_1.default.sep);
|
|
47
|
-
// join / normalize from optional root dir
|
|
48
|
-
pathname = node_path_1.default.normalize(node_path_1.default.join(root, pathname));
|
|
49
|
-
}
|
|
50
|
-
else {
|
|
51
|
-
// malicious path
|
|
52
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
53
|
-
return (0, dx_js_1.setHtml)('Forbidden', { status: 403 });
|
|
54
|
-
// explode path parts
|
|
55
|
-
parts = node_path_1.default.normalize(pathname).split(node_path_1.default.sep);
|
|
56
|
-
// join / normalize from optional root dir
|
|
57
|
-
pathname = node_path_1.default.resolve(pathname);
|
|
58
|
-
}
|
|
59
|
-
// dotfile handling
|
|
60
|
-
if (parts.some(part => part.length > 1 && part[0] === '.'))
|
|
61
|
-
switch (dotfiles) {
|
|
62
|
-
case 'allow':
|
|
63
|
-
break;
|
|
64
|
-
case 'deny':
|
|
65
|
-
return (0, dx_js_1.setHtml)('Forbidden', { status: 403 });
|
|
66
|
-
case 'ignore':
|
|
67
|
-
default:
|
|
68
|
-
throw new Error('Forbidden: dotfiles are not allowed');
|
|
69
|
-
}
|
|
70
|
-
// pathEndsWithSep
|
|
71
|
-
if (pathname[pathname.length - 1] === node_path_1.default.sep)
|
|
72
|
-
return (0, dx_js_1.setHtml)('Forbidden: directory access is not allowed', { status: 403 });
|
|
73
|
-
return (0, staticHelpers_js_1.sendFileTrusted)(req, res, pathname, trustedSendOptions);
|
|
74
|
-
}
|
|
75
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSxtQ0FBK0Q7QUFDL0QseURBQTJFO0FBQzNFLHFEQUEyQztBQUUzQywwREFBNEI7QUFFNUIsTUFBTSxjQUFjLEdBQUcsNEJBQTRCLENBQUE7QUFFbkQsU0FBZ0IsV0FBVyxDQUMxQixPQUFlLEVBQ2YsRUFBQyxXQUFXLEVBQUUsR0FBRyxPQUFPLEVBUXZCO0lBRUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsRUFBQyxRQUFRLEVBQUUsT0FBTyxFQUFDLENBQUMsQ0FBQTtJQUN0RCxPQUFPLEtBQUssRUFBQyxJQUFJLEVBQUMsRUFBRTtRQUNuQixNQUFNLEdBQUcsR0FBRyxJQUFBLGNBQU0sR0FBRSxDQUFBO1FBQ3BCLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxLQUFLLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxNQUFNO1lBQUUsT0FBTyxJQUFJLEVBQUUsQ0FBQTtRQUVoRSxNQUFNLEVBQUMsUUFBUSxFQUFDLEdBQUcsSUFBQSwyQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ2xDLE1BQU0sT0FBTyxHQUFHLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBQyxRQUFRLEVBQUMsQ0FBQyxDQUFBO1FBQzNDLElBQUksQ0FBQyxPQUFPO1lBQUUsT0FBTyxJQUFJLEVBQUUsQ0FBQTtRQUUzQixJQUFJLENBQUM7WUFDSixNQUFNLFFBQVEsQ0FDYixHQUFHLEVBQ0gsSUFBQSxjQUFNLEdBQUUsRUFDUCxXQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUM7bUJBQ3BCLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxFQUMvQixPQUFPLENBQ1AsQ0FBQTtRQUNGLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1osT0FBTyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxpR0FBaUc7UUFDakgsQ0FBQztJQUNGLENBQUMsQ0FBQTtBQUNGLENBQUM7QUFqQ0Qsa0NBaUNDO0FBRUQsS0FBSyxVQUFVLFFBQVEsQ0FDdEIsR0FBb0IsRUFDcEIsR0FBbUIsRUFDbkIsUUFBZ0IsRUFBRSw4QkFBOEI7QUFDaEQsT0FLQztJQUVELE1BQU0sRUFBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLEdBQUcsa0JBQWtCLEVBQUMsR0FBRyxPQUFPLElBQUksRUFBRSxDQUFBO0lBRTdELGVBQWU7SUFDZixJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO1FBQUUsT0FBTyxJQUFBLGVBQU8sRUFBQyxpQkFBaUIsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO0lBRTdFLElBQUksS0FBZSxDQUFBO0lBQ25CLElBQUksSUFBSSxFQUFFLENBQUM7UUFDVixZQUFZO1FBQ1osUUFBUSxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLElBQUksbUJBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE9BQU8sSUFBQSxlQUFPLEVBQUMsV0FBVyxFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7UUFFN0UscUJBQXFCO1FBQ3JCLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLG1CQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFFaEMsMENBQTBDO1FBQzFDLFFBQVEsR0FBRyxtQkFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQTtJQUNyRCxDQUFDO1NBQU0sQ0FBQztRQUNQLGlCQUFpQjtRQUNqQixJQUFJLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQUUsT0FBTyxJQUFBLGVBQU8sRUFBQyxXQUFXLEVBQUUsRUFBQyxNQUFNLEVBQUUsR0FBRyxFQUFDLENBQUMsQ0FBQTtRQUU3RSxxQkFBcUI7UUFDckIsS0FBSyxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxtQkFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBRWhELDBDQUEwQztRQUMxQyxRQUFRLEdBQUcsbUJBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEMsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixJQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssR0FBRyxDQUFDO1FBQUUsUUFBUSxRQUFRLEVBQUUsQ0FBQztZQUM5RSxLQUFLLE9BQU87Z0JBQ1gsTUFBSztZQUNOLEtBQUssTUFBTTtnQkFDVixPQUFPLElBQUEsZUFBTyxFQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1lBQzNDLEtBQUssUUFBUSxDQUFDO1lBQ2Q7Z0JBQ0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO1FBQ3hELENBQUM7SUFFRCxrQkFBa0I7SUFDbEIsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsS0FBSyxtQkFBSSxDQUFDLEdBQUc7UUFBRSxPQUFPLElBQUEsZUFBTyxFQUFDLDRDQUE0QyxFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7SUFFM0gsT0FBTyxJQUFBLGtDQUFlLEVBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUUsa0JBQWtCLENBQUMsQ0FBQTtBQUMvRCxDQUFDIn0=
|
|
27
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtQ0FBc0Q7QUFDdEQseURBQXdFO0FBQ3hFLHFEQUEyQztBQUUzQyxTQUFnQixXQUFXLENBQzFCLE9BQWUsRUFDZixFQUFDLFdBQVcsRUFBRSxHQUFHLE9BQU8sRUFJdkI7SUFFRCxNQUFNLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxFQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUMsQ0FBQyxDQUFBO0lBQ3RELE9BQU8sS0FBSyxFQUFDLElBQUksRUFBQyxFQUFFO1FBQ25CLE1BQU0sR0FBRyxHQUFHLElBQUEsY0FBTSxHQUFFLENBQUE7UUFDcEIsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLEtBQUssSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRWhFLE1BQU0sRUFBQyxRQUFRLEVBQUMsR0FBRyxJQUFBLDJCQUFVLEVBQUMsR0FBRyxDQUFDLENBQUE7UUFDbEMsTUFBTSxPQUFPLEdBQUcsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFDLFFBQVEsRUFBQyxDQUFDLENBQUE7UUFDM0MsSUFBSSxDQUFDLE9BQU87WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRTNCLElBQUksQ0FBQztZQUNKLE1BQU0sSUFBQSxrQ0FBZSxFQUNwQixHQUFHLEVBQ0gsSUFBQSxjQUFNLEdBQUUsRUFDUCxXQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUM7bUJBQ3BCLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxFQUMvQixPQUFPLENBQ1AsQ0FBQTtRQUNGLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1osT0FBTyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxpR0FBaUc7UUFDakgsQ0FBQztJQUNGLENBQUMsQ0FBQTtBQUNGLENBQUM7QUE3QkQsa0NBNkJDIn0=
|
package/cjs/staticHelpers.d.ts
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
/// <reference types="node" resolution-mode="require"/>
|
|
2
2
|
import { IncomingMessage, ServerResponse } from 'node:http';
|
|
3
3
|
import './polyfillWithResolvers.js';
|
|
4
|
-
export interface
|
|
4
|
+
export interface SendFileOptions {
|
|
5
|
+
allowDotfiles?: boolean;
|
|
6
|
+
root?: string;
|
|
5
7
|
disableAcceptRanges?: boolean;
|
|
6
8
|
disableLastModified?: boolean;
|
|
7
9
|
etag?: 'disabled' | 'strong' | 'weak';
|
|
@@ -12,5 +14,5 @@ export interface TrustedSendOptions {
|
|
|
12
14
|
start?: number;
|
|
13
15
|
}
|
|
14
16
|
export declare function sendFileTrusted(req: IncomingMessage, res: ServerResponse, pathname: string, // plain path, not URI-encoded
|
|
15
|
-
{ start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
16
|
-
immutable, }?:
|
|
17
|
+
{ root, allowDotfiles, start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
18
|
+
immutable, }?: SendFileOptions): Promise<void>;
|
package/cjs/staticHelpers.js
CHANGED
|
@@ -15,9 +15,40 @@ const node_fs_1 = require("node:fs");
|
|
|
15
15
|
const onFinished_js_1 = require("./vendors/onFinished.js");
|
|
16
16
|
const node_util_1 = require("node:util");
|
|
17
17
|
const BYTES_RANGE_REGEXP = /^ *bytes=/;
|
|
18
|
+
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
18
19
|
async function sendFileTrusted(req, res, pathname, // plain path, not URI-encoded
|
|
19
|
-
{ start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
20
|
+
{ root, allowDotfiles, start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
20
21
|
immutable, } = {}) {
|
|
22
|
+
// null byte(s)
|
|
23
|
+
if (pathname.includes('\0'))
|
|
24
|
+
throw new Error('Forbidden');
|
|
25
|
+
let parts;
|
|
26
|
+
if (root) {
|
|
27
|
+
// normalize
|
|
28
|
+
pathname = node_path_1.default.normalize(`.${node_path_1.default.sep}${pathname}`);
|
|
29
|
+
// malicious path
|
|
30
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
31
|
+
throw new Error('Forbidden');
|
|
32
|
+
// explode path parts
|
|
33
|
+
parts = pathname.split(node_path_1.default.sep);
|
|
34
|
+
// join / normalize from optional root dir
|
|
35
|
+
pathname = node_path_1.default.normalize(node_path_1.default.join(root, pathname));
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
// malicious path
|
|
39
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
40
|
+
throw new Error('Forbidden');
|
|
41
|
+
// explode path parts
|
|
42
|
+
parts = node_path_1.default.normalize(pathname).split(node_path_1.default.sep);
|
|
43
|
+
// join / normalize from optional root dir
|
|
44
|
+
pathname = node_path_1.default.resolve(pathname);
|
|
45
|
+
}
|
|
46
|
+
// dotfile handling
|
|
47
|
+
if (parts.some(part => part.length > 1 && part[0] === '.') && !allowDotfiles)
|
|
48
|
+
throw new Error('Forbidden: dotfiles are not allowed');
|
|
49
|
+
// pathEndsWithSep
|
|
50
|
+
if (pathname[pathname.length - 1] === node_path_1.default.sep)
|
|
51
|
+
throw new Error('Forbidden: directory access is not allowed');
|
|
21
52
|
const fileStat = await (0, promises_1.stat)(pathname);
|
|
22
53
|
// not found, check extensions
|
|
23
54
|
// if (err.code === 'ENOENT' && !path.extname(pathname) && !pathEndsWithSep) throw err
|
|
@@ -161,4 +192,4 @@ function isRangeFresh(req, res) {
|
|
|
161
192
|
function contentRange(type, size, range) {
|
|
162
193
|
return `${type} ${range ? range.start + '-' + range.end : '*'}/${size}`;
|
|
163
194
|
}
|
|
164
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
195
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljSGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9zdGF0aWNIZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUNBLHNDQUFtQztBQUNuQywwREFBNEI7QUFDNUIsK0NBQXFDO0FBQ3JDLCtDQUF3RDtBQUN4RCwrQ0FBeUQ7QUFDekQsaURBQXVFO0FBQ3ZFLDZEQUFtRDtBQUNuRCxxQ0FBd0M7QUFDeEMsMkRBQWtEO0FBQ2xELHlDQUFtQztBQUVuQyxNQUFNLGtCQUFrQixHQUFHLFdBQVcsQ0FBQTtBQUN0QyxNQUFNLGNBQWMsR0FBRyw0QkFBNEIsQ0FBQTtBQXFCNUMsS0FBSyxVQUFVLGVBQWUsQ0FDcEMsR0FBb0IsRUFDcEIsR0FBbUIsRUFDbkIsUUFBZ0IsRUFBRSw4QkFBOEI7QUFDaEQsRUFDQyxJQUFJLEVBQUUsYUFBYSxFQUNuQixLQUFLLEdBQUcsQ0FBQyxFQUFFLEdBQUcsRUFDZCxtQkFBbUIsRUFDbkIsbUJBQW1CLEVBQ25CLElBQUksR0FBRyxRQUFRLEVBQ2YsbUJBQW1CLEVBQ25CLE1BQU0sR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxHQUFHLEdBQUcsSUFBSSxFQUFFLFNBQVM7QUFDN0MsU0FBUyxNQUNXLEVBQUU7SUFFdkIsZUFBZTtJQUNmLElBQUksUUFBUSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7UUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFBO0lBRXpELElBQUksS0FBZSxDQUFBO0lBQ25CLElBQUksSUFBSSxFQUFFLENBQUM7UUFDVixZQUFZO1FBQ1osUUFBUSxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLElBQUksbUJBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUE7UUFFL0QscUJBQXFCO1FBQ3JCLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLG1CQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFFaEMsMENBQTBDO1FBQzFDLFFBQVEsR0FBRyxtQkFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQTtJQUNyRCxDQUFDO1NBQU0sQ0FBQztRQUNQLGlCQUFpQjtRQUNqQixJQUFJLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUUvRCxxQkFBcUI7UUFDckIsS0FBSyxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxtQkFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBRWhELDBDQUEwQztRQUMxQyxRQUFRLEdBQUcsbUJBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEMsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixJQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssR0FBRyxDQUFDLElBQUksQ0FBQyxhQUFhO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO0lBRXBJLGtCQUFrQjtJQUNsQixJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxLQUFLLG1CQUFJLENBQUMsR0FBRztRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsNENBQTRDLENBQUMsQ0FBQTtJQUU3RyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsZUFBSSxFQUFDLFFBQVEsQ0FBQyxDQUFBO0lBQ3JDLDhCQUE4QjtJQUM5QixzRkFBc0Y7SUFDdEYsc0JBQXNCO0lBQ3RCLHdCQUF3QjtJQUN4QixrQkFBa0I7SUFDbEIsbUJBQW1CO0lBQ25CLFlBQVk7SUFDWixJQUFJO0lBRUosSUFBSSxRQUFRLENBQUMsV0FBVyxFQUFFO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFBO0lBRXpGLElBQUksR0FBRyxDQUFDLFdBQVc7UUFBRSxPQUFNO0lBRTNCLDBCQUEwQjtJQUUxQixJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQztRQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxFQUFFLE9BQU8sQ0FBQyxDQUFBO0lBRXBHLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQ3pGO1lBQ0MsbUJBQW1CLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxFQUFFO1lBQzlDLFNBQVMsSUFBSSxXQUFXO1NBQ3hCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FDNUIsQ0FBQTtJQUVELElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFBO0lBRXpILElBQUksSUFBSSxLQUFLLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsSUFBSSxLQUFLLE1BQU0sQ0FBQyxDQUFDLENBQUMsSUFBQSxpQkFBTyxFQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLElBQUEsdUJBQWEsRUFBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUE7SUFDOUosNkJBQTZCO0lBRTdCLGVBQWU7SUFDZixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsRUFBRSxJQUFBLGlDQUF1QixFQUFDLG1CQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLDBCQUEwQixDQUFDLENBQUE7SUFFekosMEJBQTBCO0lBQzFCLG1CQUFtQjtJQUNuQixJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUM7UUFDdkksOEJBQThCO1FBQzlCLFdBQVc7UUFDWCxNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBQ3JDLElBQUksS0FBSyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFBO1lBQ2xDLElBQ0MsQ0FBQyxJQUFJO21CQUNGLENBQUMsS0FBSyxLQUFLLEdBQUcsSUFBSSxJQUFBLHlCQUFjLEVBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxLQUFLLElBQUksSUFBSSxLQUFLLEtBQUssSUFBSSxHQUFHLElBQUksSUFBSSxJQUFJLEdBQUcsS0FBSyxLQUFLLElBQUksQ0FBQyxDQUFDO2dCQUMzSCxNQUFNLElBQUksS0FBSyxDQUFDLGdFQUFnRSxDQUFDLENBQUE7UUFDcEYsQ0FBQztRQUVELG9GQUFvRjtRQUNwRixJQUFJLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztZQUNyQixNQUFNLGVBQWUsR0FBRyxJQUFBLHdCQUFhLEVBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUE7WUFDekUsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQUMsRUFBRSxDQUFDO2dCQUM3QixNQUFNLFlBQVksR0FBRyxJQUFBLHdCQUFhLEVBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFBO2dCQUNsRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBSSxZQUFZLEdBQUcsZUFBZTtvQkFBRSxNQUFNLElBQUksS0FBSyxDQUFDLDBFQUEwRSxDQUFDLENBQUE7WUFDdkosQ0FBQztRQUNGLENBQUM7UUFDRCxpQ0FBaUM7UUFFakMsYUFBYTtRQUNiLElBQ0MsQ0FBQyxHQUFHLENBQUMsVUFBVSxJQUFJLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxLQUFLLEdBQUcsQ0FBQztlQUN0RSxJQUFBLGdCQUFLLEVBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRTtnQkFDckIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO2dCQUMzQixrRUFBa0U7Z0JBQ2xFLGVBQWUsRUFBRSxJQUFJLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQzdFLENBQUMsRUFDRCxDQUFDO1lBQ0YsNEJBQTRCO1lBQzVCLEdBQUcsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtZQUNwQyxHQUFHLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUE7WUFDcEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFBO1lBQ2xDLEdBQUcsQ0FBQyxZQUFZLENBQUMsZUFBZSxDQUFDLENBQUE7WUFDakMsR0FBRyxDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQTtZQUNoQyxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixPQUFPLEtBQUssTUFBTSxJQUFBLHFCQUFTLEVBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO1FBQ2pELENBQUM7SUFDRixDQUFDO0lBRUQsa0NBQWtDO0lBQ2xDLElBQUksR0FBRyxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUE7SUFDdkIsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsR0FBRyxLQUFLLENBQUMsQ0FBQTtJQUM5QixJQUFJLEdBQUcsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxHQUFHLEdBQUcsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUM3QixJQUFJLEdBQUcsR0FBRyxLQUFLO1lBQUUsR0FBRyxHQUFHLEtBQUssQ0FBQTtJQUM3QixDQUFDO0lBRUQsZ0JBQWdCO0lBQ2hCLElBQUksTUFBTSxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFBO0lBQzlCLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDbkUsUUFBUTtRQUNSLElBQUksU0FBUyxHQUFHLElBQUEsMkJBQVUsRUFBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLEVBQUMsT0FBTyxFQUFFLElBQUksRUFBQyxDQUFDLENBQUE7UUFFeEQsbUJBQW1CO1FBQ25CLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQztZQUFFLFNBQVMsR0FBRyxDQUFDLENBQUMsQ0FBQTtRQUUzQyxnQkFBZ0I7UUFDaEIsSUFBSSxTQUFTLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUN0QixnQkFBZ0I7WUFDaEIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsWUFBWSxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFBO1lBRTFELHNDQUFzQztZQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLHFFQUFxRSxDQUFDLENBQUE7WUFDdEYsMkJBQTJCO1lBQzNCLDhEQUE4RDtZQUM5RCxLQUFLO1FBQ04sQ0FBQztRQUVELGtGQUFrRjtRQUNsRixJQUFJLFNBQVMsS0FBSyxDQUFDLENBQUMsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2hELGdCQUFnQjtZQUNoQixHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxZQUFZLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1lBRXhFLDZCQUE2QjtZQUM3QixLQUFLLElBQUksU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQTtZQUMzQixHQUFHLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsR0FBRyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUNoRCxDQUFDO0lBQ0YsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsS0FBSyxHQUFHLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUV0QyxpQkFBaUI7SUFDakIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUVwQyxlQUFlO0lBQ2YsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07UUFBRSxPQUFPLEtBQUssTUFBTSxJQUFBLHFCQUFTLEVBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO0lBRTNFLDhCQUE4QjtJQUM5QixNQUFNLE1BQU0sR0FBRyxJQUFBLDBCQUFnQixFQUFDLFFBQVEsRUFBRSxFQUFDLEtBQUssRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO0lBQ3ZELE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7SUFFaEIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLGFBQWEsRUFBUSxDQUFBO0lBRTNDLElBQUEsMEJBQVUsRUFBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFDeEIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLEVBQUU7UUFDeEIsT0FBTyxFQUFFLENBQUE7UUFDVCxLQUFLLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQ2xCLENBQUMsQ0FBQyxDQUFBO0lBQ0YsTUFBTSxDQUFDLEVBQUUsQ0FBQyxLQUFLLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFBO0lBQy9CLFNBQVMsT0FBTztRQUNmLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQTtJQUNqQixDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUMsT0FBTyxDQUFBO0FBQ3JCLENBQUM7QUFoTUQsMENBZ01DO0FBRUQsU0FBUyxZQUFZLENBQUUsR0FBb0IsRUFBRSxHQUFtQjtJQUMvRCxNQUFNLE9BQU8sR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBRXZDLElBQUksQ0FBQyxPQUFPO1FBQUUsT0FBTyxJQUFJLENBQUE7SUFFekIsbUJBQW1CO0lBQ25CLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ2pDLE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDbEMsT0FBTyxJQUFJLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUN0QyxDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLENBQUE7SUFDbkQsT0FBTyxJQUFBLHdCQUFhLEVBQUMsWUFBWSxDQUFDLElBQUksSUFBQSx3QkFBYSxFQUFDLE9BQU8sQ0FBQyxDQUFBO0FBQzdELENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLEtBQUs7SUFDdkMsT0FBTyxHQUFHLElBQUksSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsR0FBRyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQTtBQUN4RSxDQUFDIn0=
|
package/esm/static.d.ts
CHANGED
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
import { type Chainable } from './dx.js';
|
|
2
|
-
import { type
|
|
3
|
-
export declare function chainStatic(pattern: string, { getPathname, ...options }:
|
|
2
|
+
import { type SendFileOptions } from './staticHelpers.js';
|
|
3
|
+
export declare function chainStatic(pattern: string, { getPathname, ...options }: SendFileOptions & {
|
|
4
4
|
getPathname?(matched: any): string;
|
|
5
|
-
dotfiles?: 'allow' | 'deny' | 'ignore';
|
|
6
|
-
root?: string;
|
|
7
5
|
}): Chainable;
|
package/esm/static.js
CHANGED
|
@@ -1,8 +1,6 @@
|
|
|
1
|
-
import { getReq, getRes
|
|
1
|
+
import { getReq, getRes } from './dx.js';
|
|
2
2
|
import { sendFileTrusted } from './staticHelpers.js';
|
|
3
3
|
import { urlFromReq } from './bodyHelpers.js';
|
|
4
|
-
import path from 'node:path';
|
|
5
|
-
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
6
4
|
export function chainStatic(pattern, { getPathname, ...options }) {
|
|
7
5
|
const urlPattern = new URLPattern({ pathname: pattern });
|
|
8
6
|
return async (next) => {
|
|
@@ -14,7 +12,7 @@ export function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
14
12
|
if (!matched)
|
|
15
13
|
return next();
|
|
16
14
|
try {
|
|
17
|
-
await
|
|
15
|
+
await sendFileTrusted(req, getRes(), getPathname?.(matched)
|
|
18
16
|
?? decodeURIComponent(pathname), options);
|
|
19
17
|
}
|
|
20
18
|
catch (e) {
|
|
@@ -22,47 +20,4 @@ export function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
22
20
|
}
|
|
23
21
|
};
|
|
24
22
|
}
|
|
25
|
-
|
|
26
|
-
options) {
|
|
27
|
-
const { root, dotfiles, ...trustedSendOptions } = options ?? {};
|
|
28
|
-
// null byte(s)
|
|
29
|
-
if (pathname.includes('\0'))
|
|
30
|
-
return setHtml('Invalid request', { status: 400 });
|
|
31
|
-
let parts;
|
|
32
|
-
if (root) {
|
|
33
|
-
// normalize
|
|
34
|
-
pathname = path.normalize(`.${path.sep}${pathname}`);
|
|
35
|
-
// malicious path
|
|
36
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
37
|
-
return setHtml('Forbidden', { status: 403 });
|
|
38
|
-
// explode path parts
|
|
39
|
-
parts = pathname.split(path.sep);
|
|
40
|
-
// join / normalize from optional root dir
|
|
41
|
-
pathname = path.normalize(path.join(root, pathname));
|
|
42
|
-
}
|
|
43
|
-
else {
|
|
44
|
-
// malicious path
|
|
45
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
46
|
-
return setHtml('Forbidden', { status: 403 });
|
|
47
|
-
// explode path parts
|
|
48
|
-
parts = path.normalize(pathname).split(path.sep);
|
|
49
|
-
// join / normalize from optional root dir
|
|
50
|
-
pathname = path.resolve(pathname);
|
|
51
|
-
}
|
|
52
|
-
// dotfile handling
|
|
53
|
-
if (parts.some(part => part.length > 1 && part[0] === '.'))
|
|
54
|
-
switch (dotfiles) {
|
|
55
|
-
case 'allow':
|
|
56
|
-
break;
|
|
57
|
-
case 'deny':
|
|
58
|
-
return setHtml('Forbidden', { status: 403 });
|
|
59
|
-
case 'ignore':
|
|
60
|
-
default:
|
|
61
|
-
throw new Error('Forbidden: dotfiles are not allowed');
|
|
62
|
-
}
|
|
63
|
-
// pathEndsWithSep
|
|
64
|
-
if (pathname[pathname.length - 1] === path.sep)
|
|
65
|
-
return setHtml('Forbidden: directory access is not allowed', { status: 403 });
|
|
66
|
-
return sendFileTrusted(req, res, pathname, trustedSendOptions);
|
|
67
|
-
}
|
|
68
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQWlCLE1BQU0sRUFBRSxNQUFNLEVBQUUsT0FBTyxFQUFDLE1BQU0sU0FBUyxDQUFBO0FBQy9ELE9BQU8sRUFBQyxlQUFlLEVBQTBCLE1BQU0sb0JBQW9CLENBQUE7QUFDM0UsT0FBTyxFQUFDLFVBQVUsRUFBQyxNQUFNLGtCQUFrQixDQUFBO0FBRTNDLE9BQU8sSUFBSSxNQUFNLFdBQVcsQ0FBQTtBQUU1QixNQUFNLGNBQWMsR0FBRyw0QkFBNEIsQ0FBQTtBQUVuRCxNQUFNLFVBQVUsV0FBVyxDQUMxQixPQUFlLEVBQ2YsRUFBQyxXQUFXLEVBQUUsR0FBRyxPQUFPLEVBUXZCO0lBRUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsRUFBQyxRQUFRLEVBQUUsT0FBTyxFQUFDLENBQUMsQ0FBQTtJQUN0RCxPQUFPLEtBQUssRUFBQyxJQUFJLEVBQUMsRUFBRTtRQUNuQixNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtRQUNwQixJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssS0FBSyxJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssTUFBTTtZQUFFLE9BQU8sSUFBSSxFQUFFLENBQUE7UUFFaEUsTUFBTSxFQUFDLFFBQVEsRUFBQyxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUNsQyxNQUFNLE9BQU8sR0FBRyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUMsUUFBUSxFQUFDLENBQUMsQ0FBQTtRQUMzQyxJQUFJLENBQUMsT0FBTztZQUFFLE9BQU8sSUFBSSxFQUFFLENBQUE7UUFFM0IsSUFBSSxDQUFDO1lBQ0osTUFBTSxRQUFRLENBQ2IsR0FBRyxFQUNILE1BQU0sRUFBRSxFQUNQLFdBQVcsRUFBRSxDQUFDLE9BQU8sQ0FBQzttQkFDcEIsa0JBQWtCLENBQUMsUUFBUSxDQUFDLEVBQy9CLE9BQU8sQ0FDUCxDQUFBO1FBQ0YsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWixPQUFPLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQSxDQUFDLGlHQUFpRztRQUNqSCxDQUFDO0lBQ0YsQ0FBQyxDQUFBO0FBQ0YsQ0FBQztBQUVELEtBQUssVUFBVSxRQUFRLENBQ3RCLEdBQW9CLEVBQ3BCLEdBQW1CLEVBQ25CLFFBQWdCLEVBQUUsOEJBQThCO0FBQ2hELE9BS0M7SUFFRCxNQUFNLEVBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRSxHQUFHLGtCQUFrQixFQUFDLEdBQUcsT0FBTyxJQUFJLEVBQUUsQ0FBQTtJQUU3RCxlQUFlO0lBQ2YsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztRQUFFLE9BQU8sT0FBTyxDQUFDLGlCQUFpQixFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7SUFFN0UsSUFBSSxLQUFlLENBQUE7SUFDbkIsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNWLFlBQVk7UUFDWixRQUFRLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLElBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE9BQU8sT0FBTyxDQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1FBRTdFLHFCQUFxQjtRQUNyQixLQUFLLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFFaEMsMENBQTBDO1FBQzFDLFFBQVEsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDLENBQUE7SUFDckQsQ0FBQztTQUFNLENBQUM7UUFDUCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE9BQU8sT0FBTyxDQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1FBRTdFLHFCQUFxQjtRQUNyQixLQUFLLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBRWhELDBDQUEwQztRQUMxQyxRQUFRLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQTtJQUNsQyxDQUFDO0lBRUQsbUJBQW1CO0lBQ25CLElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLENBQUM7UUFBRSxRQUFRLFFBQVEsRUFBRSxDQUFDO1lBQzlFLEtBQUssT0FBTztnQkFDWCxNQUFLO1lBQ04sS0FBSyxNQUFNO2dCQUNWLE9BQU8sT0FBTyxDQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1lBQzNDLEtBQUssUUFBUSxDQUFDO1lBQ2Q7Z0JBQ0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO1FBQ3hELENBQUM7SUFFRCxrQkFBa0I7SUFDbEIsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsS0FBSyxJQUFJLENBQUMsR0FBRztRQUFFLE9BQU8sT0FBTyxDQUFDLDRDQUE0QyxFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7SUFFM0gsT0FBTyxlQUFlLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUUsa0JBQWtCLENBQUMsQ0FBQTtBQUMvRCxDQUFDIn0=
|
|
23
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQWlCLE1BQU0sRUFBRSxNQUFNLEVBQUMsTUFBTSxTQUFTLENBQUE7QUFDdEQsT0FBTyxFQUF1QixlQUFlLEVBQUMsTUFBTSxvQkFBb0IsQ0FBQTtBQUN4RSxPQUFPLEVBQUMsVUFBVSxFQUFDLE1BQU0sa0JBQWtCLENBQUE7QUFFM0MsTUFBTSxVQUFVLFdBQVcsQ0FDMUIsT0FBZSxFQUNmLEVBQUMsV0FBVyxFQUFFLEdBQUcsT0FBTyxFQUl2QjtJQUVELE1BQU0sVUFBVSxHQUFHLElBQUksVUFBVSxDQUFDLEVBQUMsUUFBUSxFQUFFLE9BQU8sRUFBQyxDQUFDLENBQUE7SUFDdEQsT0FBTyxLQUFLLEVBQUMsSUFBSSxFQUFDLEVBQUU7UUFDbkIsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7UUFDcEIsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLEtBQUssSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRWhFLE1BQU0sRUFBQyxRQUFRLEVBQUMsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDbEMsTUFBTSxPQUFPLEdBQUcsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFDLFFBQVEsRUFBQyxDQUFDLENBQUE7UUFDM0MsSUFBSSxDQUFDLE9BQU87WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRTNCLElBQUksQ0FBQztZQUNKLE1BQU0sZUFBZSxDQUNwQixHQUFHLEVBQ0gsTUFBTSxFQUFFLEVBQ1AsV0FBVyxFQUFFLENBQUMsT0FBTyxDQUFDO21CQUNwQixrQkFBa0IsQ0FBQyxRQUFRLENBQUMsRUFDL0IsT0FBTyxDQUNQLENBQUE7UUFDRixDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNaLE9BQU8sSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFBLENBQUMsaUdBQWlHO1FBQ2pILENBQUM7SUFDRixDQUFDLENBQUE7QUFDRixDQUFDIn0=
|
package/esm/staticHelpers.d.ts
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
/// <reference types="node" resolution-mode="require"/>
|
|
2
2
|
import { IncomingMessage, ServerResponse } from 'node:http';
|
|
3
3
|
import './polyfillWithResolvers.js';
|
|
4
|
-
export interface
|
|
4
|
+
export interface SendFileOptions {
|
|
5
|
+
allowDotfiles?: boolean;
|
|
6
|
+
root?: string;
|
|
5
7
|
disableAcceptRanges?: boolean;
|
|
6
8
|
disableLastModified?: boolean;
|
|
7
9
|
etag?: 'disabled' | 'strong' | 'weak';
|
|
@@ -12,5 +14,5 @@ export interface TrustedSendOptions {
|
|
|
12
14
|
start?: number;
|
|
13
15
|
}
|
|
14
16
|
export declare function sendFileTrusted(req: IncomingMessage, res: ServerResponse, pathname: string, // plain path, not URI-encoded
|
|
15
|
-
{ start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
16
|
-
immutable, }?:
|
|
17
|
+
{ root, allowDotfiles, start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
18
|
+
immutable, }?: SendFileOptions): Promise<void>;
|
package/esm/staticHelpers.js
CHANGED
|
@@ -9,9 +9,40 @@ import { createReadStream } from 'node:fs';
|
|
|
9
9
|
import { onFinished } from './vendors/onFinished.js';
|
|
10
10
|
import { promisify } from 'node:util';
|
|
11
11
|
const BYTES_RANGE_REGEXP = /^ *bytes=/;
|
|
12
|
+
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
12
13
|
export async function sendFileTrusted(req, res, pathname, // plain path, not URI-encoded
|
|
13
|
-
{ start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
14
|
+
{ root, allowDotfiles, start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
14
15
|
immutable, } = {}) {
|
|
16
|
+
// null byte(s)
|
|
17
|
+
if (pathname.includes('\0'))
|
|
18
|
+
throw new Error('Forbidden');
|
|
19
|
+
let parts;
|
|
20
|
+
if (root) {
|
|
21
|
+
// normalize
|
|
22
|
+
pathname = path.normalize(`.${path.sep}${pathname}`);
|
|
23
|
+
// malicious path
|
|
24
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
25
|
+
throw new Error('Forbidden');
|
|
26
|
+
// explode path parts
|
|
27
|
+
parts = pathname.split(path.sep);
|
|
28
|
+
// join / normalize from optional root dir
|
|
29
|
+
pathname = path.normalize(path.join(root, pathname));
|
|
30
|
+
}
|
|
31
|
+
else {
|
|
32
|
+
// malicious path
|
|
33
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
34
|
+
throw new Error('Forbidden');
|
|
35
|
+
// explode path parts
|
|
36
|
+
parts = path.normalize(pathname).split(path.sep);
|
|
37
|
+
// join / normalize from optional root dir
|
|
38
|
+
pathname = path.resolve(pathname);
|
|
39
|
+
}
|
|
40
|
+
// dotfile handling
|
|
41
|
+
if (parts.some(part => part.length > 1 && part[0] === '.') && !allowDotfiles)
|
|
42
|
+
throw new Error('Forbidden: dotfiles are not allowed');
|
|
43
|
+
// pathEndsWithSep
|
|
44
|
+
if (pathname[pathname.length - 1] === path.sep)
|
|
45
|
+
throw new Error('Forbidden: directory access is not allowed');
|
|
15
46
|
const fileStat = await stat(pathname);
|
|
16
47
|
// not found, check extensions
|
|
17
48
|
// if (err.code === 'ENOENT' && !path.extname(pathname) && !pathEndsWithSep) throw err
|
|
@@ -154,4 +185,4 @@ function isRangeFresh(req, res) {
|
|
|
154
185
|
function contentRange(type, size, range) {
|
|
155
186
|
return `${type} ${range ? range.start + '-' + range.end : '*'}/${size}`;
|
|
156
187
|
}
|
|
157
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljSGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9zdGF0aWNIZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sNEJBQTRCLENBQUE7QUFDbkMsT0FBTyxJQUFJLE1BQU0sV0FBVyxDQUFBO0FBQzVCLE9BQU8sRUFBQyxJQUFJLEVBQUMsTUFBTSxrQkFBa0IsQ0FBQTtBQUNyQyxPQUFPLEVBQUMsYUFBYSxFQUFFLE9BQU8sRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3hELE9BQU8sRUFBQyx1QkFBdUIsRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3pELE9BQU8sRUFBQyxLQUFLLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBQyxNQUFNLG9CQUFvQixDQUFBO0FBQ3ZFLE9BQU8sRUFBQyxVQUFVLEVBQUMsTUFBTSwwQkFBMEIsQ0FBQTtBQUNuRCxPQUFPLEVBQUMsZ0JBQWdCLEVBQUMsTUFBTSxTQUFTLENBQUE7QUFDeEMsT0FBTyxFQUFDLFVBQVUsRUFBQyxNQUFNLHlCQUF5QixDQUFBO0FBQ2xELE9BQU8sRUFBQyxTQUFTLEVBQUMsTUFBTSxXQUFXLENBQUE7QUFFbkMsTUFBTSxrQkFBa0IsR0FBRyxXQUFXLENBQUE7QUFpQnRDLE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUNwQyxHQUFvQixFQUNwQixHQUFtQixFQUNuQixRQUFnQixFQUFFLDhCQUE4QjtBQUNoRCxFQUNDLEtBQUssR0FBRyxDQUFDLEVBQUUsR0FBRyxFQUNkLG1CQUFtQixFQUNuQixtQkFBbUIsRUFDbkIsSUFBSSxHQUFHLFFBQVEsRUFDZixtQkFBbUIsRUFDbkIsTUFBTSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxJQUFJLEVBQUUsU0FBUztBQUM3QyxTQUFTLE1BQzBCLEVBQUU7SUFFdEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDckMsOEJBQThCO0lBQzlCLHNGQUFzRjtJQUN0RixzQkFBc0I7SUFDdEIsd0JBQXdCO0lBQ3hCLGtCQUFrQjtJQUNsQixtQkFBbUI7SUFDbkIsWUFBWTtJQUNaLElBQUk7SUFFSixJQUFJLFFBQVEsQ0FBQyxXQUFXLEVBQUU7UUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLDRDQUE0QyxDQUFDLENBQUE7SUFFekYsSUFBSSxHQUFHLENBQUMsV0FBVztRQUFFLE9BQU07SUFFM0IsMEJBQTBCO0lBRTFCLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFFcEcsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFDekY7WUFDQyxtQkFBbUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLEVBQUU7WUFDOUMsU0FBUyxJQUFJLFdBQVc7U0FDeEIsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUM1QixDQUFBO0lBRUQsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxRQUFRLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUE7SUFFekgsSUFBSSxJQUFJLEtBQUssVUFBVSxJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sYUFBYSxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQTtJQUM5Siw2QkFBNkI7SUFFN0IsZUFBZTtJQUNmLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQztRQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsY0FBYyxFQUFFLHVCQUF1QixDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksMEJBQTBCLENBQUMsQ0FBQTtJQUV6SiwwQkFBMEI7SUFDMUIsbUJBQW1CO0lBQ25CLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsSUFBSSxHQUFHLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsSUFBSSxHQUFHLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDLEVBQUUsQ0FBQztRQUN2SSw4QkFBOEI7UUFDOUIsV0FBVztRQUNYLE1BQU0sS0FBSyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUE7UUFDckMsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUE7WUFDbEMsSUFDQyxDQUFDLElBQUk7bUJBQ0YsQ0FBQyxLQUFLLEtBQUssR0FBRyxJQUFJLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLEtBQUssSUFBSSxJQUFJLEtBQUssS0FBSyxJQUFJLEdBQUcsSUFBSSxJQUFJLElBQUksR0FBRyxLQUFLLEtBQUssSUFBSSxDQUFDLENBQUM7Z0JBQzNILE1BQU0sSUFBSSxLQUFLLENBQUMsZ0VBQWdFLENBQUMsQ0FBQTtRQUNwRixDQUFDO1FBRUQsb0ZBQW9GO1FBQ3BGLElBQUksSUFBSSxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQ3JCLE1BQU0sZUFBZSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDLENBQUMsQ0FBQTtZQUN6RSxJQUFJLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxFQUFFLENBQUM7Z0JBQzdCLE1BQU0sWUFBWSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUE7Z0JBQ2xFLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxJQUFJLFlBQVksR0FBRyxlQUFlO29CQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsMEVBQTBFLENBQUMsQ0FBQTtZQUN2SixDQUFDO1FBQ0YsQ0FBQztRQUNELGlDQUFpQztRQUVqQyxhQUFhO1FBQ2IsSUFDQyxDQUFDLEdBQUcsQ0FBQyxVQUFVLElBQUksR0FBRyxJQUFJLEdBQUcsQ0FBQyxVQUFVLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxVQUFVLEtBQUssR0FBRyxDQUFDO2VBQ3RFLEtBQUssQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFO2dCQUNyQixJQUFJLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7Z0JBQzNCLGtFQUFrRTtnQkFDbEUsZUFBZSxFQUFFLElBQUksS0FBSyxNQUFNLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7YUFDN0UsQ0FBQyxFQUNELENBQUM7WUFDRiw0QkFBNEI7WUFDNUIsR0FBRyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFBO1lBQ3BDLEdBQUcsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtZQUNwQyxHQUFHLENBQUMsWUFBWSxDQUFDLGdCQUFnQixDQUFDLENBQUE7WUFDbEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxlQUFlLENBQUMsQ0FBQTtZQUNqQyxHQUFHLENBQUMsWUFBWSxDQUFDLGNBQWMsQ0FBQyxDQUFBO1lBQ2hDLEdBQUcsQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFBO1lBQ3BCLE9BQU8sS0FBSyxNQUFNLFNBQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUE7UUFDakQsQ0FBQztJQUNGLENBQUM7SUFFRCxrQ0FBa0M7SUFDbEMsSUFBSSxHQUFHLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQTtJQUN2QixHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxHQUFHLEtBQUssQ0FBQyxDQUFBO0lBQzlCLElBQUksR0FBRyxLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sS0FBSyxHQUFHLEdBQUcsR0FBRyxLQUFLLEdBQUcsQ0FBQyxDQUFBO1FBQzdCLElBQUksR0FBRyxHQUFHLEtBQUs7WUFBRSxHQUFHLEdBQUcsS0FBSyxDQUFBO0lBQzdCLENBQUM7SUFFRCxnQkFBZ0I7SUFDaEIsSUFBSSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUE7SUFDOUIsSUFBSSxDQUFDLG1CQUFtQixJQUFJLGtCQUFrQixDQUFDLElBQUksQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUNuRSxRQUFRO1FBQ1IsSUFBSSxTQUFTLEdBQUcsVUFBVSxDQUFDLEdBQUcsRUFBRSxNQUFNLEVBQUUsRUFBQyxPQUFPLEVBQUUsSUFBSSxFQUFDLENBQUMsQ0FBQTtRQUV4RCxtQkFBbUI7UUFDbkIsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDO1lBQUUsU0FBUyxHQUFHLENBQUMsQ0FBQyxDQUFBO1FBRTNDLGdCQUFnQjtRQUNoQixJQUFJLFNBQVMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1lBQ3RCLGdCQUFnQjtZQUNoQixHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxZQUFZLENBQUMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUE7WUFFMUQsc0NBQXNDO1lBQ3RDLE1BQU0sSUFBSSxLQUFLLENBQUMscUVBQXFFLENBQUMsQ0FBQTtZQUN0RiwyQkFBMkI7WUFDM0IsOERBQThEO1lBQzlELEtBQUs7UUFDTixDQUFDO1FBRUQsa0ZBQWtGO1FBQ2xGLElBQUksU0FBUyxLQUFLLENBQUMsQ0FBQyxJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDaEQsZ0JBQWdCO1lBQ2hCLEdBQUcsQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFBO1lBQ3BCLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxFQUFFLFlBQVksQ0FBQyxPQUFPLEVBQUUsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7WUFFeEUsNkJBQTZCO1lBQzdCLEtBQUssSUFBSSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFBO1lBQzNCLEdBQUcsR0FBRyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsQ0FBQyxDQUFBO1FBQ2hELENBQUM7SUFDRixDQUFDO0lBRUQsbUJBQW1CO0lBQ25CLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxLQUFLLEdBQUcsR0FBRyxHQUFHLENBQUMsQ0FBQyxDQUFBO0lBRXRDLGlCQUFpQjtJQUNqQixHQUFHLENBQUMsU0FBUyxDQUFDLGdCQUFnQixFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBRXBDLGVBQWU7SUFDZixJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssTUFBTTtRQUFFLE9BQU8sS0FBSyxNQUFNLFNBQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUE7SUFFM0UsOEJBQThCO0lBQzlCLE1BQU0sTUFBTSxHQUFHLGdCQUFnQixDQUFDLFFBQVEsRUFBRSxFQUFDLEtBQUssRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO0lBQ3ZELE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7SUFFaEIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLGFBQWEsRUFBUSxDQUFBO0lBRTNDLFVBQVUsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFDeEIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLEVBQUU7UUFDeEIsT0FBTyxFQUFFLENBQUE7UUFDVCxLQUFLLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQ2xCLENBQUMsQ0FBQyxDQUFBO0lBQ0YsTUFBTSxDQUFDLEVBQUUsQ0FBQyxLQUFLLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFBO0lBQy9CLFNBQVMsT0FBTztRQUNmLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQTtJQUNqQixDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUMsT0FBTyxDQUFBO0FBQ3JCLENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBRSxHQUFvQixFQUFFLEdBQW1CO0lBQy9ELE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUE7SUFFdkMsSUFBSSxDQUFDLE9BQU87UUFBRSxPQUFPLElBQUksQ0FBQTtJQUV6QixtQkFBbUI7SUFDbkIsSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQTtRQUNsQyxPQUFPLElBQUksSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ3RDLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsQ0FBQTtJQUNuRCxPQUFPLGFBQWEsQ0FBQyxZQUFZLENBQUMsSUFBSSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUE7QUFDN0QsQ0FBQztBQUVELFNBQVMsWUFBWSxDQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsS0FBSztJQUN2QyxPQUFPLEdBQUcsSUFBSSxJQUFJLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssR0FBRyxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFBO0FBQ3hFLENBQUMifQ==
|
|
188
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljSGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9zdGF0aWNIZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sNEJBQTRCLENBQUE7QUFDbkMsT0FBTyxJQUFJLE1BQU0sV0FBVyxDQUFBO0FBQzVCLE9BQU8sRUFBQyxJQUFJLEVBQUMsTUFBTSxrQkFBa0IsQ0FBQTtBQUNyQyxPQUFPLEVBQUMsYUFBYSxFQUFFLE9BQU8sRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3hELE9BQU8sRUFBQyx1QkFBdUIsRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3pELE9BQU8sRUFBQyxLQUFLLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBQyxNQUFNLG9CQUFvQixDQUFBO0FBQ3ZFLE9BQU8sRUFBQyxVQUFVLEVBQUMsTUFBTSwwQkFBMEIsQ0FBQTtBQUNuRCxPQUFPLEVBQUMsZ0JBQWdCLEVBQUMsTUFBTSxTQUFTLENBQUE7QUFDeEMsT0FBTyxFQUFDLFVBQVUsRUFBQyxNQUFNLHlCQUF5QixDQUFBO0FBQ2xELE9BQU8sRUFBQyxTQUFTLEVBQUMsTUFBTSxXQUFXLENBQUE7QUFFbkMsTUFBTSxrQkFBa0IsR0FBRyxXQUFXLENBQUE7QUFDdEMsTUFBTSxjQUFjLEdBQUcsNEJBQTRCLENBQUE7QUFxQm5ELE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUNwQyxHQUFvQixFQUNwQixHQUFtQixFQUNuQixRQUFnQixFQUFFLDhCQUE4QjtBQUNoRCxFQUNDLElBQUksRUFBRSxhQUFhLEVBQ25CLEtBQUssR0FBRyxDQUFDLEVBQUUsR0FBRyxFQUNkLG1CQUFtQixFQUNuQixtQkFBbUIsRUFDbkIsSUFBSSxHQUFHLFFBQVEsRUFDZixtQkFBbUIsRUFDbkIsTUFBTSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxJQUFJLEVBQUUsU0FBUztBQUM3QyxTQUFTLE1BQ1csRUFBRTtJQUV2QixlQUFlO0lBQ2YsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUE7SUFFekQsSUFBSSxLQUFlLENBQUE7SUFDbkIsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNWLFlBQVk7UUFDWixRQUFRLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLElBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUE7UUFFL0QscUJBQXFCO1FBQ3JCLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUVoQywwQ0FBMEM7UUFDMUMsUUFBUSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQTtJQUNyRCxDQUFDO1NBQU0sQ0FBQztRQUNQLGlCQUFpQjtRQUNqQixJQUFJLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUUvRCxxQkFBcUI7UUFDckIsS0FBSyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUVoRCwwQ0FBMEM7UUFDMUMsUUFBUSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEMsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixJQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssR0FBRyxDQUFDLElBQUksQ0FBQyxhQUFhO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO0lBRXBJLGtCQUFrQjtJQUNsQixJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxLQUFLLElBQUksQ0FBQyxHQUFHO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFBO0lBRTdHLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFBO0lBQ3JDLDhCQUE4QjtJQUM5QixzRkFBc0Y7SUFDdEYsc0JBQXNCO0lBQ3RCLHdCQUF3QjtJQUN4QixrQkFBa0I7SUFDbEIsbUJBQW1CO0lBQ25CLFlBQVk7SUFDWixJQUFJO0lBRUosSUFBSSxRQUFRLENBQUMsV0FBVyxFQUFFO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFBO0lBRXpGLElBQUksR0FBRyxDQUFDLFdBQVc7UUFBRSxPQUFNO0lBRTNCLDBCQUEwQjtJQUUxQixJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQztRQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxFQUFFLE9BQU8sQ0FBQyxDQUFBO0lBRXBHLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQ3pGO1lBQ0MsbUJBQW1CLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxFQUFFO1lBQzlDLFNBQVMsSUFBSSxXQUFXO1NBQ3hCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FDNUIsQ0FBQTtJQUVELElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFBO0lBRXpILElBQUksSUFBSSxLQUFLLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsSUFBSSxLQUFLLE1BQU0sQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLGFBQWEsQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUE7SUFDOUosNkJBQTZCO0lBRTdCLGVBQWU7SUFDZixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsRUFBRSx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLDBCQUEwQixDQUFDLENBQUE7SUFFekosMEJBQTBCO0lBQzFCLG1CQUFtQjtJQUNuQixJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUM7UUFDdkksOEJBQThCO1FBQzlCLFdBQVc7UUFDWCxNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBQ3JDLElBQUksS0FBSyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFBO1lBQ2xDLElBQ0MsQ0FBQyxJQUFJO21CQUNGLENBQUMsS0FBSyxLQUFLLEdBQUcsSUFBSSxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxLQUFLLElBQUksSUFBSSxLQUFLLEtBQUssSUFBSSxHQUFHLElBQUksSUFBSSxJQUFJLEdBQUcsS0FBSyxLQUFLLElBQUksQ0FBQyxDQUFDO2dCQUMzSCxNQUFNLElBQUksS0FBSyxDQUFDLGdFQUFnRSxDQUFDLENBQUE7UUFDcEYsQ0FBQztRQUVELG9GQUFvRjtRQUNwRixJQUFJLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztZQUNyQixNQUFNLGVBQWUsR0FBRyxhQUFhLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUE7WUFDekUsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQUMsRUFBRSxDQUFDO2dCQUM3QixNQUFNLFlBQVksR0FBRyxhQUFhLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFBO2dCQUNsRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBSSxZQUFZLEdBQUcsZUFBZTtvQkFBRSxNQUFNLElBQUksS0FBSyxDQUFDLDBFQUEwRSxDQUFDLENBQUE7WUFDdkosQ0FBQztRQUNGLENBQUM7UUFDRCxpQ0FBaUM7UUFFakMsYUFBYTtRQUNiLElBQ0MsQ0FBQyxHQUFHLENBQUMsVUFBVSxJQUFJLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxLQUFLLEdBQUcsQ0FBQztlQUN0RSxLQUFLLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRTtnQkFDckIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO2dCQUMzQixrRUFBa0U7Z0JBQ2xFLGVBQWUsRUFBRSxJQUFJLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQzdFLENBQUMsRUFDRCxDQUFDO1lBQ0YsNEJBQTRCO1lBQzVCLEdBQUcsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtZQUNwQyxHQUFHLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUE7WUFDcEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFBO1lBQ2xDLEdBQUcsQ0FBQyxZQUFZLENBQUMsZUFBZSxDQUFDLENBQUE7WUFDakMsR0FBRyxDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQTtZQUNoQyxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixPQUFPLEtBQUssTUFBTSxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO1FBQ2pELENBQUM7SUFDRixDQUFDO0lBRUQsa0NBQWtDO0lBQ2xDLElBQUksR0FBRyxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUE7SUFDdkIsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsR0FBRyxLQUFLLENBQUMsQ0FBQTtJQUM5QixJQUFJLEdBQUcsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxHQUFHLEdBQUcsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUM3QixJQUFJLEdBQUcsR0FBRyxLQUFLO1lBQUUsR0FBRyxHQUFHLEtBQUssQ0FBQTtJQUM3QixDQUFDO0lBRUQsZ0JBQWdCO0lBQ2hCLElBQUksTUFBTSxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFBO0lBQzlCLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDbkUsUUFBUTtRQUNSLElBQUksU0FBUyxHQUFHLFVBQVUsQ0FBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLEVBQUMsT0FBTyxFQUFFLElBQUksRUFBQyxDQUFDLENBQUE7UUFFeEQsbUJBQW1CO1FBQ25CLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQztZQUFFLFNBQVMsR0FBRyxDQUFDLENBQUMsQ0FBQTtRQUUzQyxnQkFBZ0I7UUFDaEIsSUFBSSxTQUFTLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUN0QixnQkFBZ0I7WUFDaEIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsWUFBWSxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFBO1lBRTFELHNDQUFzQztZQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLHFFQUFxRSxDQUFDLENBQUE7WUFDdEYsMkJBQTJCO1lBQzNCLDhEQUE4RDtZQUM5RCxLQUFLO1FBQ04sQ0FBQztRQUVELGtGQUFrRjtRQUNsRixJQUFJLFNBQVMsS0FBSyxDQUFDLENBQUMsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2hELGdCQUFnQjtZQUNoQixHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxZQUFZLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1lBRXhFLDZCQUE2QjtZQUM3QixLQUFLLElBQUksU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQTtZQUMzQixHQUFHLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsR0FBRyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUNoRCxDQUFDO0lBQ0YsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsS0FBSyxHQUFHLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUV0QyxpQkFBaUI7SUFDakIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUVwQyxlQUFlO0lBQ2YsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07UUFBRSxPQUFPLEtBQUssTUFBTSxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO0lBRTNFLDhCQUE4QjtJQUM5QixNQUFNLE1BQU0sR0FBRyxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsRUFBQyxLQUFLLEVBQUUsR0FBRyxFQUFDLENBQUMsQ0FBQTtJQUN2RCxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBRWhCLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxhQUFhLEVBQVEsQ0FBQTtJQUUzQyxVQUFVLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFBO0lBQ3hCLE1BQU0sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxFQUFFO1FBQ3hCLE9BQU8sRUFBRSxDQUFBO1FBQ1QsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtJQUNsQixDQUFDLENBQUMsQ0FBQTtJQUNGLE1BQU0sQ0FBQyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQTtJQUMvQixTQUFTLE9BQU87UUFDZixNQUFNLENBQUMsT0FBTyxFQUFFLENBQUE7SUFDakIsQ0FBQztJQUVELE9BQU8sS0FBSyxDQUFDLE9BQU8sQ0FBQTtBQUNyQixDQUFDO0FBRUQsU0FBUyxZQUFZLENBQUUsR0FBb0IsRUFBRSxHQUFtQjtJQUMvRCxNQUFNLE9BQU8sR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBRXZDLElBQUksQ0FBQyxPQUFPO1FBQUUsT0FBTyxJQUFJLENBQUE7SUFFekIsbUJBQW1CO0lBQ25CLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ2pDLE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDbEMsT0FBTyxJQUFJLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUN0QyxDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLENBQUE7SUFDbkQsT0FBTyxhQUFhLENBQUMsWUFBWSxDQUFDLElBQUksYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFBO0FBQzdELENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLEtBQUs7SUFDdkMsT0FBTyxHQUFHLElBQUksSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsR0FBRyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQTtBQUN4RSxDQUFDIn0=
|