From 671753bb947d47687d230f02f0909cc00f19346e Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 29 Mar 2016 15:03:09 -0400 Subject: [PATCH 01/76] add letsencrypt --- bin/walnut.js | 66 +++++++++++++++++++++++++++++++++++++++++- boot/master.js | 1 + boot/worker.js | 47 +++++++++++++++++++++++++++--- lib/insecure-server.js | 12 ++++++-- lib/local-server.js | 15 +++++++--- lib/sni-server.js | 17 +++++++++-- package.json | 1 + 7 files changed, 144 insertions(+), 15 deletions(-) mode change 120000 => 100755 bin/walnut.js diff --git a/bin/walnut.js b/bin/walnut.js deleted file mode 120000 index f26d3ff..0000000 --- a/bin/walnut.js +++ /dev/null @@ -1 +0,0 @@ -walnut \ No newline at end of file diff --git a/bin/walnut.js b/bin/walnut.js new file mode 100755 index 0000000..03ea920 --- /dev/null +++ b/bin/walnut.js @@ -0,0 +1,65 @@ +#!/usr/bin/env node +'use strict'; + +require('../walnut.js'); +/* +var c = require('console-plus'); +console.log = c.log; +console.error = c.error; +*/ + +function eagerLoad() { + var PromiseA = require('bluebird').Promise; + var promise = PromiseA.resolve(); + + [ 'express' + , 'request' + , 'sqlite3' + , 'body-parser' + , 'urlrouter' + , 'express-lazy' + , 'connect-send-error' + , 'underscore.string' + , 'secret-utils' + , 'connect-cors' + , 'uuid' + , 'connect-recase' + , 'escape-string-regexp' + , 'connect-query' + , 'recase' + ].forEach(function (name/*, i*/) { + promise = promise.then(function () { + return new PromiseA(function (resolve/*, reject*/) { + setTimeout(function () { + require(name); + resolve(); + }, 4); + }); + }); + }); + + [ function () { + require('body-parser').json(); + } + /* + // do not use urlencoded as it enables csrf + , function () { + require('body-parser').urlencoded(); + } + */ + ].forEach(function (fn) { + promise = promise.then(function (thing) { + return new PromiseA(function (resolve) { + setTimeout(function () { + resolve(fn(thing)); + }, 4); + }); + }); + }); + + promise.then(function () { + console.log('Eager Loading Complete'); + }); +} + +setTimeout(eagerLoad, 100); diff --git a/boot/master.js b/boot/master.js index 7aec33a..563b7b1 100644 --- a/boot/master.js +++ b/boot/master.js @@ -63,6 +63,7 @@ cluster.on('online', function (worker) { , 'org.oauth3.consumer': config['org.oauth3.consumer'] , 'org.oauth3.provider': config['org.oauth3.provider'] , keys: config.keys + , letsencrypt: config.letsencrypt } }; worker.send(info); diff --git a/boot/worker.js b/boot/worker.js index 1e039fd..c03e202 100644 --- a/boot/worker.js +++ b/boot/worker.js @@ -4,9 +4,9 @@ module.exports.create = function (opts) { var id = '0'; var promiseApp; - function createAndBindInsecure(message, cb) { + function createAndBindInsecure(lex, message, cb) { // TODO conditional if 80 is being served by caddy - require('../lib/insecure-server').create(message.conf.externalPort, message.conf.insecurePort, message, function (err, webserver) { + require('../lib/insecure-server').create(lex, message.conf.externalPort, message.conf.insecurePort, message, function (err, webserver) { console.info("#" + id + " Listening on http://" + webserver.address().address + ":" + webserver.address().port, '\n'); // we are returning the promise result to the caller @@ -14,9 +14,48 @@ module.exports.create = function (opts) { }); } + function createLe(conf) { + var LEX = require('letsencrypt-express'); + var lex = LEX.create({ + configDir: conf.letsencrypt.configDir // i.e. __dirname + '/letsencrypt.config' + , approveRegistration: function (hostname, cb) { + cb(null, { + domains: [hostname] // TODO handle www and bare on the same cert + , email: conf.letsencrypt.email + , agreeTos: conf.letsencrypt.agreeTos + }); + /* + letsencrypt.getConfig({ domains: [domain] }, function (err, config) { + if (!(config && config.checkpoints >= 0)) { + cb(err, null); + return; + } + + cb(null, { + email: config.email + // can't remember which it is, but the pyconf is different that the regular variable + , agreeTos: config.tos || config.agree || config.agreeTos + , server: config.server || LE.productionServerUrl + , domains: config.domains || [domain] + }); + }); + */ + } + }); + //var letsencrypt = lex.letsencrypt; + + return lex; + } + function createAndBindServers(message, cb) { + var lex; + + if (message.conf.letsencrypt) { + lex = createLe(message.conf); + } + // NOTE that message.conf[x] will be overwritten when the next message comes in - require('../lib/local-server').create(message.conf.certPaths, message.conf.localPort, message, function (err, webserver) { + require('../lib/local-server').create(lex, message.conf.certPaths, message.conf.localPort, message, function (err, webserver) { if (err) { console.error('[ERROR] worker.js'); console.error(err.stack); @@ -27,7 +66,7 @@ module.exports.create = function (opts) { // we don't need time to pass, just to be able to return process.nextTick(function () { - createAndBindInsecure(message, cb); + createAndBindInsecure(lex, message, cb); }); // we are returning the promise result to the caller diff --git a/lib/insecure-server.js b/lib/insecure-server.js index 359fed9..1166aab 100644 --- a/lib/insecure-server.js +++ b/lib/insecure-server.js @@ -1,6 +1,6 @@ 'use strict'; -module.exports.create = function (securePort, insecurePort, info, serverCallback) { +module.exports.create = function (lex, securePort, insecurePort, info, serverCallback) { var PromiseA = require('bluebird').Promise; var appPromise; //var app; @@ -42,7 +42,7 @@ module.exports.create = function (securePort, insecurePort, info, serverCallback // http://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/ // needs ECDSA? - console.warn('HARD-CODED HTTPS EXCEPTION in insecure-server.js'); + console.warn('HARD-CODED HTTPS EXCEPTION in insecure-server.js for redirect-www.org'); if (/redirect-www.org$/.test(host) && useAppInsecurely(req, res)) { return true; } @@ -103,7 +103,13 @@ module.exports.create = function (securePort, insecurePort, info, serverCallback appPromise = serverCallback(null, insecureServer); } }); - insecureServer.on('request', redirectHttps); + + if (lex) { + var LEX = require('letsencrypt-express'); + insecureServer.on('request', LEX.createAcmeResponder(lex, redirectHttps)); + } else { + insecureServer.on('request', redirectHttps); + } return PromiseA.resolve(insecureServer); }; diff --git a/lib/local-server.js b/lib/local-server.js index 37d776d..e088213 100644 --- a/lib/local-server.js +++ b/lib/local-server.js @@ -2,7 +2,7 @@ // Note the odd use of callbacks (instead of promises) here // It's to avoid loading bluebird yet (see sni-server.js for explanation) -module.exports.create = function (certPaths, port, info, serverCallback) { +module.exports.create = function (lex, certPaths, port, info, serverCallback) { function initServer(err, server) { var app; var promiseApp; @@ -29,7 +29,7 @@ module.exports.create = function (certPaths, port, info, serverCallback) { */ // Get up and listening as absolutely quickly as possible - server.on('request', function (req, res) { + function onRequest(req, res) { // this is a hot piece of code, so we cache the result if (app) { app(req, res); @@ -41,11 +41,18 @@ module.exports.create = function (certPaths, port, info, serverCallback) { app = _app; app(req, res); }); - }); + } + + if (lex) { + var LEX = require('letsencrypt-express'); + server.on('request', LEX.createAcmeResponder(lex, onRequest)); + } else { + server.on('request', onRequest); + } } if (certPaths) { - require('./sni-server').create(certPaths, initServer); + require('./sni-server').create(lex, certPaths, initServer); } else { initServer(null, require('http').createServer()); } diff --git a/lib/sni-server.js b/lib/sni-server.js index 8e30e5e..e1c48e4 100644 --- a/lib/sni-server.js +++ b/lib/sni-server.js @@ -5,9 +5,10 @@ // require everything as lazily as possible until our server // is actually listening on the socket. Bluebird is heavy. // Even the built-in modules can take dozens of milliseconds to require -module.exports.create = function (certPaths, serverCallback) { +module.exports.create = function (lex, certPaths, serverCallback) { // Recognize that this secureContexts cache is local to this CPU core var secureContexts = {}; + var ciphers = 'ECDH+AESGCM:DH+AESGCM:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256'; function createSecureServer() { var domainname = 'www.example.com'; @@ -21,7 +22,7 @@ module.exports.create = function (certPaths, serverCallback) { // https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ // https://nodejs.org/api/tls.html // removed :ECDH+AES256:DH+AES256 and added :!AES256 because AES-256 wastes CPU - , ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256' + , ciphers: ciphers , honorCipherOrder: true }; @@ -43,5 +44,15 @@ module.exports.create = function (certPaths, serverCallback) { serverCallback(null, require('https').createServer(secureOpts)); } - createSecureServer(); + function createLeServer() { + lex.httpsOptions.ciphers = ciphers; + lex.httpsOptions.honorCipherOrder = true; + serverCallback(null, require('https').createServer(lex.httpsOptions)); + } + + if (lex) { + createLeServer(); + } else { + createSecureServer(); + } }; diff --git a/package.json b/package.json index 4a7abed..acdd50a 100644 --- a/package.json +++ b/package.json @@ -81,6 +81,7 @@ "json-storage": "2.x", "jsonwebtoken": "^5.4.0", "lodash": "2.x", + "letsencrypt-express": "1.1.x", "masterquest-sqlite3": "git://github.com/coolaj86/masterquest-sqlite3.git", "media-typer": "^0.3.0", "methods": "^1.1.1", From 3a86624b8bc2bbaef99b3308b195ab46f28a6c48 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 31 Mar 2016 02:39:15 -0400 Subject: [PATCH 02/76] minor refactor --- boot/master.js | 129 +++++++++++++++++++++-------------------- lib/insecure-server.js | 32 +++++----- lib/master.js | 30 +++------- 3 files changed, 86 insertions(+), 105 deletions(-) diff --git a/boot/master.js b/boot/master.js index 5442a39..0f058da 100644 --- a/boot/master.js +++ b/boot/master.js @@ -14,52 +14,7 @@ var cluster = require('cluster'); //var minWorkers = 2; var numCores = 2; // Math.max(minWorkers, require('os').cpus().length); var workers = []; -var config = { - externalPort: 443 // world accessible -, externalPortInsecure: 80 // world accessible -// TODO externalInsecurePort? -, locked: false // TODO XXX -, ipcKey: null - // XXX - // TODO needs mappings from db - // TODO autoconfig Caddy caddy - // XXX -, caddy: { - conf: __dirname + '/Caddyfile' - , bin: '/usr/local/bin/caddy' - , sitespath: path.join(__dirname, 'sites-enabled') - } -, redirects: [ - { "ip": false, "id": "*", "value": false } // default no-www - - , { "ip": false, "id": "daplie.domains", "value": null } - , { "ip": false, "id": "*.daplie.domains", "value": false } - , { "ip": false, "id": "no.daplie.domains", "value": false } - , { "ip": false, "id": "*.no.daplie.domains", "value": false } - , { "ip": false, "id": "ns2.daplie.domains", "value": false } - - , { "ip": true, "id": "maybe.daplie.domains", "value": null } - , { "ip": true, "id": "*.maybe.daplie.domains", "value": null } - - , { "ip": true, "id": "www.daplie.domains", "value": null } - , { "ip": true, "id": "yes.daplie.domains", "value": true } - , { "ip": true, "id": "*.yes.daplie.domains", "value": true } - , { "ip": true, "id": "ns1.daplie.domains", "value": false } - ] - // TODO use sqlite3 or autogenerate ? -, privkey: require('fs').readFileSync(__dirname + '/../../' + '/nsx.redirect-www.org.key.pem', 'ascii') -, pubkey: require('fs').readFileSync(__dirname + '/../../' + '/nsx.redirect-www.org.key.pem.pub', 'ascii') -// keys -// letsencrypt -// com.example.provider -// com.example.consumer -}; -var useCaddy = require('fs').existsSync(config.caddy.bin); -var state = {}; -var caddy; - -config.localPort = process.argv[2] || (useCaddy ? 4080 : 443); // system / local network -config.insecurePort = process.argv[3] || (useCaddy ? 80 : 80); // meh +var state = { firstRun: true }; function fork() { if (workers.length < numCores) { @@ -71,10 +26,39 @@ cluster.on('online', function (worker) { console.info('[MASTER] Worker ' + worker.process.pid + ' is online'); fork(); + var config = { + externalPort: 443 // world accessible + , externalPortInsecure: 80 // world accessible + // TODO externalInsecurePort? + , locked: false // TODO XXX + // XXX + // TODO needs mappings from db + // TODO autoconfig Caddy caddy + // XXX + , caddy: { + conf: __dirname + '/Caddyfile' + , bin: '/usr/local/bin/caddy' + , sitespath: path.join(__dirname, 'sites-enabled') + } + }; + var useCaddy = require('fs').existsSync(config.caddy.bin); + var caddy; + + config.localPort = process.argv[2] || (useCaddy ? 4080 : 443); // system / local network + config.insecurePort = process.argv[3] || (useCaddy ? 80 : 80); // meh + if (state.firstRun) { + state.firstRun = false; + if (useCaddy) { + caddy = require('../lib/spawn-caddy').create(config); + // relies on { localPort, locked } + caddy.spawn(config); + } + } + // TODO XXX Should these be configurable? If so, where? var certPaths = [ - path.join(__dirname, 'certs', 'live') - , path.join(__dirname, 'letsencrypt', 'live') + path.join(__dirname, '..', '..', 'certs', 'live') + , path.join(__dirname, '..', '..', 'letsencrypt', 'live') ]; // TODO communicate config with environment vars? var info = { @@ -84,16 +68,10 @@ cluster.on('online', function (worker) { , externalPort: config.externalPort , localPort: config.localPort , insecurePort: config.insecurePort - , trustProxy: useCaddy ? true : false , certPaths: useCaddy ? null : certPaths - , ipcKey: null - // TODO let this load after server is listening - , 'org.oauth3.consumer': config['org.oauth3.consumer'] - , 'org.oauth3.provider': config['org.oauth3.provider'] - , keys: config.keys + , trustProxy: useCaddy ? true : false } }; - worker.send(info); function touchMaster(msg) { if ('walnut.webserver.listening' !== msg.type) { @@ -105,17 +83,48 @@ cluster.on('online', function (worker) { // calls init if init has not been called state.caddy = caddy; state.workers = workers; - require('../lib/master').touch(config, state).then(function () { + require('../lib/master').touch(config, state).then(function (results) { + //var memstore = results.memstore; + var sqlstore = results.sqlstore; info.type = 'walnut.webserver.onrequest'; - info.conf.ipcKey = config.ipcKey; + // TODO let this load after server is listening + info.conf['org.oauth3.consumer'] = config['org.oauth3.consumer']; + info.conf['org.oauth3.provider'] = config['org.oauth3.provider']; + info.conf.keys = config.keys; info.conf.memstoreSock = config.memstoreSock; info.conf.sqlite3Sock = config.sqlite3Sock; // TODO get this from db config instead info.conf.privkey = config.privkey; info.conf.pubkey = config.pubkey; + info.conf.redirects = [ + { "ip": false, "id": "*", "value": false } // default no-www + + , { "ip": false, "id": "daplie.domains", "value": null } + , { "ip": false, "id": "*.daplie.domains", "value": false } + , { "ip": false, "id": "no.daplie.domains", "value": false } + , { "ip": false, "id": "*.no.daplie.domains", "value": false } + , { "ip": false, "id": "ns2.daplie.domains", "value": false } + + , { "ip": true, "id": "maybe.daplie.domains", "value": null } + , { "ip": true, "id": "*.maybe.daplie.domains", "value": null } + + , { "ip": true, "id": "www.daplie.domains", "value": null } + , { "ip": true, "id": "yes.daplie.domains", "value": true } + , { "ip": true, "id": "*.yes.daplie.domains", "value": true } + , { "ip": true, "id": "ns1.daplie.domains", "value": false } + ]; + // TODO use sqlite3 or autogenerate ? + info.conf.privkey = require('fs').readFileSync(__dirname + '/../../' + '/nsx.redirect-www.org.key.pem', 'ascii'); + info.conf.pubkey = require('fs').readFileSync(__dirname + '/../../' + '/nsx.redirect-www.org.key.pem.pub', 'ascii'); + // keys + // letsencrypt + // com.example.provider + // com.example.consumer worker.send(info); }); } + + worker.send(info); worker.on('message', touchMaster); }); @@ -136,9 +145,3 @@ cluster.on('exit', function (worker, code, signal) { }); fork(); - -if (useCaddy) { - caddy = require('../lib/spawn-caddy').create(config); - // relies on { localPort, locked } - caddy.spawn(config); -} diff --git a/lib/insecure-server.js b/lib/insecure-server.js index afb2a28..1dc5837 100644 --- a/lib/insecure-server.js +++ b/lib/insecure-server.js @@ -21,36 +21,30 @@ module.exports.create = function (securePort, insecurePort, info, serverCallback } function redirectHttps(req, res) { + if (req.headers.host && /^\/.well-known\/acme-challenge/.test(req.url) && useAppInsecurely(req, res)) { + return true; + } + // TODO + // XXX NOTE: info.conf.redirects may or may not be loaded at first + // the object will be modified when the config is loaded + if (!redirectives && info.redirects || info.conf.redirects) { + redirectives = require('./hostname-redirects').compile(info.redirects || info.conf.redirects); + } + if (require('./no-www').scrubTheDub(req, res, redirectives)) { + return true; + } + // Let it do this once they visit the https site // res.setHeader('Strict-Transport-Security', 'max-age=10886400; includeSubDomains; preload'); var host = req.headers.host || ''; var url = req.url; - // TODO - // XXX NOTE: info.conf.redirects may or may not be loaded at first - // the object will be modified when the config is loaded - if (!redirectives && info.conf.redirects) { - redirectives = require('./hostname-redirects').compile(info.conf.redirects); - } - if (require('./no-www').scrubTheDub(req, res, redirectives)) { - return true; - } - // TODO // allow exceptions for the case of arduino and whatnot that cannot handle https? // http://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/ // needs ECDSA? - console.warn('HARD-CODED HTTPS EXCEPTION in insecure-server.js'); - if (/redirect-www.org$/.test(host) && useAppInsecurely(req, res)) { - return true; - } - if (/^\/.well-known\/acme-challenge/.test(req.url) && useAppInsecurely(req, res)) { - console.log('exception for acme-challenge'); - return true; - } - var escapeHtml = require('escape-html'); var newLocation = 'https://' + host.replace(/:\d+/, ':' + securePort) + url diff --git a/lib/master.js b/lib/master.js index 80ea606..5b79575 100644 --- a/lib/master.js +++ b/lib/master.js @@ -2,12 +2,10 @@ var cluster = require('cluster'); var PromiseA = require('bluebird'); -var memstore; -var sqlstore; // TODO // var rootMasterKey; -function init(conf/*, state*/) { +function init(conf, state) { if (!conf.ipcKey) { conf.ipcKey = require('crypto').randomBytes(16).toString('base64'); } @@ -46,27 +44,20 @@ function init(conf/*, state*/) { , store: cluster.isMaster && null //new require('express-session/session/memory')() // TODO implement , key: conf.ipcKey - }).then(function (_memstore) { - memstore = _memstore; - return memstore; }) , sqlite3.createServer({ verbose: null , sock: conf.sqlite3Sock , ipcKey: conf.ipcKey - }).then(function (_sqlstore) { - sqlstore = _sqlstore; - return sqlstore; }) - ]).then(function (/*args*/) { - return conf; - /* - { + ]).then(function (args) { + state.memstore = args[0]; + state.sqlstore = args[1]; + return { conf: conf - , memstore: memstore // args[0] - , sqlstore: sqlstore // args[1] + , memstore: args[0] + , sqlstore: args[1] }; - */ }); return promise; @@ -83,13 +74,6 @@ function touch(conf, state) { conf.initialized = true; return conf; }); - - /* - setInterval(function () { - console.log('SIGUSR1 to caddy'); - return caddy.update(caddyConf); - }, 10 * 60 * 1000); - */ } module.exports.init = init; From d792404d673502e9b19bff7cd0359087fc6ee662 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 9 Apr 2016 19:14:00 -0400 Subject: [PATCH 03/76] refactoring to use fs config --- bin/walnut.js | 5 +- boot/local-server.js | 59 ++++++ boot/master.js | 77 +++---- boot/worker.js | 150 ++++++++++---- install.sh | 20 +- lib/apis.js | 250 +++++++++++++++++++++++ lib/bootstrap.js | 306 ++++++++++++++++++++++++++++ lib/insecure-server.js | 113 ----------- lib/ip-checker.js | 138 +++++++++++++ lib/local-server.js | 15 +- lib/main.js | 297 +++++++++++++++++++++++++++ lib/master.js | 26 ++- lib/package-server-apis.js | 215 ++++++++++++++++++++ lib/package-server-static.js | 87 ++++++++ lib/package-server.js | 296 +-------------------------- lib/worker.js | 379 +++++++++++++++-------------------- setup-dev-deps.sh | 13 ++ 17 files changed, 1708 insertions(+), 738 deletions(-) create mode 100644 boot/local-server.js create mode 100644 lib/apis.js create mode 100644 lib/bootstrap.js delete mode 100644 lib/insecure-server.js create mode 100644 lib/ip-checker.js create mode 100644 lib/main.js create mode 100644 lib/package-server-apis.js create mode 100644 lib/package-server-static.js create mode 100644 setup-dev-deps.sh diff --git a/bin/walnut.js b/bin/walnut.js index 03ea920..313e1df 100755 --- a/bin/walnut.js +++ b/bin/walnut.js @@ -62,4 +62,7 @@ function eagerLoad() { }); } -setTimeout(eagerLoad, 100); +// this isn't relevant to do in the master process, duh +if (false) { + setTimeout(eagerLoad, 100); +} diff --git a/boot/local-server.js b/boot/local-server.js new file mode 100644 index 0000000..ae203ee --- /dev/null +++ b/boot/local-server.js @@ -0,0 +1,59 @@ +'use strict'; + +// Note the odd use of callbacks (instead of promises) here +// It's to avoid loading bluebird yet (see sni-server.js for explanation) +module.exports.create = function (lex, certPaths, port, conf, serverCallback) { + function initServer(err, server) { + var app; + var promiseApp; + + if (err) { + serverCallback(err); + return; + } + + server.on('error', serverCallback); + server.listen(port, function () { + // is it even theoritically possible for + // a request to come in before this callback has fired? + // I'm assuming this event must fire before any request event + promiseApp = serverCallback(null, server); + }); + /* + server.listen(port, '::::', function () { + // is it even theoritically possible for + // a request to come in before this callback has fired? + // I'm assuming this event must fire before any request event + promiseApp = serverCallback(null, server); + }); + */ + + // Get up and listening as absolutely quickly as possible + function onRequest(req, res) { + // this is a hot piece of code, so we cache the result + if (app) { + app(req, res); + return; + } + + promiseApp.then(function (_app) { + console.log('[Server]', req.method, req.host || req.headers['x-forwarded-host'] || req.headers.host, req.url); + app = _app; + app(req, res); + }); + } + + if (lex) { + var LEX = require('letsencrypt-express'); + server.on('request', LEX.createAcmeResponder(lex, onRequest)); + } else { + server.on('request', onRequest); + } + } + + if (certPaths) { + require('../lib/sni-server').create(lex, certPaths, initServer); + } else { + initServer(null, require('http').createServer()); + } +}; diff --git a/boot/master.js b/boot/master.js index b8e23c8..8bdfc27 100644 --- a/boot/master.js +++ b/boot/master.js @@ -25,28 +25,44 @@ var workers = []; var state = { firstRun: true }; // TODO Should these be configurable? If so, where? // TODO communicate config with environment vars? +var walnut = tryConf( + path.join('..', '..', 'config.walnut') +, { externalPort: 443 + , externalInsecurePort: 80 + , certspath: path.join(__dirname, '..', '..', 'certs', 'live') + } +); var caddy = tryConf( - path.join('..', '..', 'config.caddy.json') -, { conf: null // __dirname + '/Caddyfile' + path.join('..', '..', 'config.caddy') +, { conf: path.join(__dirname, '..', '..', 'Caddyfile') , bin: null // '/usr/local/bin/caddy' , sitespath: null // path.join(__dirname, 'sites-enabled') , locked: false // true } ); -var useCaddy = require('fs').existsSync(caddy.bin); +var letsencrypt = tryConf( + path.join('..', '..', 'config.letsencrypt') +, { configDir: path.join(__dirname, '..', '..', 'letsencrypt') + , email: null + , agreeTos: false + } +); +var useCaddy = caddy.bin && require('fs').existsSync(caddy.bin); var info = { type: 'walnut.init' , conf: { protocol: useCaddy ? 'http' : 'https' - , externalPort: 443 - , externalPortInsecure: 80 // TODO externalInsecurePort - , localPort: process.argv[2] || (useCaddy ? 4080 : 443) // system / local network - , insecurePort: process.argv[3] || (useCaddy ? 80 : 80) // meh + , externalPort: walnut.externalPort + , externalPortInsecure: walnut.externalInsecurePort // TODO externalInsecurePort + , localPort: walnut.localPort || (useCaddy ? 4080 : 443) // system / local network + , insecurePort: walnut.insecurePort || (useCaddy ? 80 : 80) // meh , certPaths: useCaddy ? null : [ - path.join(__dirname, '..', '..', 'certs', 'live') - , path.join(__dirname, '..', '..', 'letsencrypt', 'live') + walnut.certspath + , path.join(letsencrypt.configDir, 'live') ] , trustProxy: useCaddy ? true : false + , lexConf: letsencrypt + , varpath: path.join(__dirname, '..', '..', 'var') } }; @@ -67,6 +83,7 @@ cluster.on('online', function (worker) { // relies on { localPort, locked } caddy.spawn(caddy); } + // TODO dyndns in master? } function touchMaster(msg) { @@ -76,47 +93,11 @@ cluster.on('online', function (worker) { return; } - // calls init if init has not been called state.caddy = caddy; state.workers = workers; - require('../lib/master').touch(info.conf, state).then(function (results) { - //var memstore = results.memstore; - var sqlstore = results.sqlstore; - info.type = 'walnut.webserver.onrequest'; - // TODO let this load after server is listening - info.conf['org.oauth3.consumer'] = results['org.oauth3.consumer']; - info.conf['org.oauth3.provider'] = results['org.oauth3.provider']; - info.conf.keys = results.keys; - //info.conf.memstoreSock = config.memstoreSock; - //info.conf.sqlite3Sock = config.sqlite3Sock; - // TODO get this from db config instead - //info.conf.privkey = config.privkey; - //info.conf.pubkey = config.pubkey; - info.conf.redirects = [ - { "ip": false, "id": "*", "value": false } // default no-www - - , { "ip": false, "id": "daplie.domains", "value": null } - , { "ip": false, "id": "*.daplie.domains", "value": false } - , { "ip": false, "id": "no.daplie.domains", "value": false } - , { "ip": false, "id": "*.no.daplie.domains", "value": false } - , { "ip": false, "id": "ns2.daplie.domains", "value": false } - - , { "ip": true, "id": "maybe.daplie.domains", "value": null } - , { "ip": true, "id": "*.maybe.daplie.domains", "value": null } - - , { "ip": true, "id": "www.daplie.domains", "value": null } - , { "ip": true, "id": "yes.daplie.domains", "value": true } - , { "ip": true, "id": "*.yes.daplie.domains", "value": true } - , { "ip": true, "id": "ns1.daplie.domains", "value": false } - ]; - // TODO use sqlite3 or autogenerate ? - info.conf.privkey = require('fs').readFileSync(__dirname + '/../../' + '/nsx.redirect-www.org.key.pem', 'ascii'); - info.conf.pubkey = require('fs').readFileSync(__dirname + '/../../' + '/nsx.redirect-www.org.key.pem.pub', 'ascii'); - // keys - // letsencrypt - // com.example.provider - // com.example.consumer - worker.send(info); + // calls init if init has not been called + require('../lib/master').touch(info.conf, state).then(function (newConf) { + worker.send({ type: 'walnut.webserver.onrequest', conf: newConf }); }); } diff --git a/boot/worker.js b/boot/worker.js index d5d58c9..45dd6c5 100644 --- a/boot/worker.js +++ b/boot/worker.js @@ -4,25 +4,93 @@ module.exports.create = function (opts) { var id = '0'; var promiseApp; - function createAndBindInsecure(lex, message, cb) { + function createAndBindInsecure(lex, conf, getOrCreateHttpApp) { // TODO conditional if 80 is being served by caddy - require('../lib/insecure-server').create(lex, message.conf.externalPort, message.conf.insecurePort, message, function (err, webserver) { - console.info("#" + id + " Listening on http://" + webserver.address().address + ":" + webserver.address().port, '\n'); - // we are returning the promise result to the caller - return cb(null, webserver, null, message); + var appPromise = null; + var app = null; + var http = require('http'); + var insecureServer = http.createServer(); + + function onRequest(req, res) { + if (app) { + app(req, res); + return; + } + + if (!appPromise) { + res.setHeader('Content-Type', 'application/json; charset=utf-8'); + res.end('{ "error": { "code": "E_SANITY_FAIL", "message": "should have an express app, but didn\'t" } }'); + return; + } + + appPromise.then(function (_app) { + appPromise = null; + app = _app; + app(req, res); + }); + } + + insecureServer.listen(conf.insecurePort, function () { + console.info("#" + id + " Listening on http://" + + insecureServer.address().address + ":" + insecureServer.address().port, '\n'); + appPromise = getOrCreateHttpApp(null, insecureServer); + + if (!appPromise) { + throw new Error('appPromise returned nothing'); + } + }); + + insecureServer.on('request', onRequest); + } + + function walkLe(domainname) { + var PromiseA = require('bluebird'); + var fs = PromiseA.promisifyAll(require('fs')); + var path = require('path'); + var parts = domainname.split('.'); //.replace(/^www\./, '').split('.'); + var configname = parts.join('.') + '.json'; + var configpath = path.join(__dirname, '..', '..', 'config', configname); + + if (parts.length < 2) { + return PromiseA.resolve(null); + } + + // TODO configpath a la varpath + return fs.readFileAsync(configpath, 'utf8').then(function (text) { + var data = JSON.parse(text); + data.name = configname; + return data; + }, function (/*err*/) { + parts.shift(); + return walkLe(parts.join('.')); }); } - function createLe(conf) { + function createLe(lexConf, conf) { var LEX = require('letsencrypt-express'); var lex = LEX.create({ - configDir: conf.letsencrypt.configDir // i.e. __dirname + '/letsencrypt.config' + configDir: lexConf.configDir // i.e. __dirname + '/letsencrypt.config' , approveRegistration: function (hostname, cb) { - cb(null, { - domains: [hostname] // TODO handle www and bare on the same cert - , email: conf.letsencrypt.email - , agreeTos: conf.letsencrypt.agreeTos + // TODO cache/report unauthorized + if (!hostname) { + cb(new Error("[lex.approveRegistration] undefined hostname"), null); + return; + } + + walkLe(hostname).then(function (leAuth) { + // TODO should still check dns for hostname (and mx for email) + if (leAuth && leAuth.email && leAuth.agreeTos) { + cb(null, { + domains: [hostname] // TODO handle www and bare on the same cert + , email: leAuth.email + , agreeTos: leAuth.agreeTos + }); + } + else { + // TODO report unauthorized + cb(new Error("Valid LetsEncrypt config with email and agreeTos not found for '" + hostname + "'"), null); + } }); /* letsencrypt.getConfig({ domains: [domain] }, function (err, config) { @@ -42,81 +110,92 @@ module.exports.create = function (opts) { */ } }); - //var letsencrypt = lex.letsencrypt; + conf.letsencrypt = lex.letsencrypt; + conf.lex = lex; + conf.walkLe = walkLe; return lex; } - function createAndBindServers(message, cb) { + function createAndBindServers(conf, getOrCreateHttpApp) { var lex; - if (message.conf.letsencrypt) { - lex = createLe(message.conf); + if (conf.lexConf) { + lex = createLe(conf.lexConf, conf); } // NOTE that message.conf[x] will be overwritten when the next message comes in - require('../lib/local-server').create(lex, message.conf.certPaths, message.conf.localPort, message, function (err, webserver) { + require('./local-server').create(lex, conf.certPaths, conf.localPort, conf, function (err, webserver) { if (err) { console.error('[ERROR] worker.js'); console.error(err.stack); throw err; } - console.info("#" + id + " Listening on " + message.conf.protocol + "://" + webserver.address().address + ":" + webserver.address().port, '\n'); + console.info("#" + id + " Listening on " + conf.protocol + "://" + webserver.address().address + ":" + webserver.address().port, '\n'); // we don't need time to pass, just to be able to return process.nextTick(function () { - createAndBindInsecure(lex, message, cb); + createAndBindInsecure(lex, conf, getOrCreateHttpApp); }); // we are returning the promise result to the caller - return cb(null, null, webserver, message); + return getOrCreateHttpApp(null, null, webserver, conf); }); } // // Worker Mode // - function waitForConfig(message) { - if ('walnut.init' !== message.type) { + function waitForConfig(realMessage) { + if ('walnut.init' !== realMessage.type) { console.warn('[Worker] 0 got unexpected message:'); - console.warn(message); + console.warn(realMessage); return; } + var conf = realMessage.conf; process.removeListener('message', waitForConfig); // NOTE: this callback must return a promise for an express app - createAndBindServers(message, function (err, insecserver, webserver, oldMessage) { - // TODO deep merge new message into old message - Object.keys(message.conf).forEach(function (key) { - oldMessage.conf[key] = message.conf[key]; - }); + + function getExpressApp(err, insecserver, webserver/*, newMessage*/) { var PromiseA = require('bluebird'); + if (promiseApp) { return promiseApp; } + promiseApp = new PromiseA(function (resolve) { - function initWebServer(srvmsg) { + function initHttpApp(srvmsg) { if ('walnut.webserver.onrequest' !== srvmsg.type) { - console.warn('[Worker] 1 got unexpected message:'); + console.warn('[Worker] [onrequest] unexpected message:'); console.warn(srvmsg); return; } - process.removeListener('message', initWebServer); + process.removeListener('message', initHttpApp); - resolve(require('../lib/worker').create(webserver, srvmsg.conf)); + if (srvmsg.conf) { + Object.keys(srvmsg.conf).forEach(function (key) { + conf[key] = srvmsg.conf[key]; + }); + } + + resolve(require('../lib/worker').create(webserver, conf)); } process.send({ type: 'walnut.webserver.listening' }); - process.on('message', initWebServer); + process.on('message', initHttpApp); }).then(function (app) { console.info('[Worker Ready]'); return app; }); + return promiseApp; - }); + } + + createAndBindServers(conf, getExpressApp); } // @@ -124,11 +203,13 @@ module.exports.create = function (opts) { // if (opts) { // NOTE: this callback must return a promise for an express app - createAndBindServers(opts, function (err, insecserver, webserver/*, message*/) { + createAndBindServers(opts, function (err, insecserver, webserver/*, conf*/) { var PromiseA = require('bluebird'); + if (promiseApp) { return promiseApp; } + promiseApp = new PromiseA(function (resolve) { opts.getConfig(function (srvmsg) { resolve(require('../lib/worker').create(webserver, srvmsg)); @@ -137,6 +218,7 @@ module.exports.create = function (opts) { console.info('[Standalone Ready]'); return app; }); + return promiseApp; }); } else { diff --git a/install.sh b/install.sh index f91b31e..25934bf 100644 --- a/install.sh +++ b/install.sh @@ -1,6 +1,6 @@ #!/bin/bash -sudo mkdir -p /srv/walnut/{certs,core,letsencrypt,lib} +sudo mkdir -p /srv/walnut/{certs,core,letsencrypt,lib,config} sudo mkdir -p /srv/walnut/packages/{api,pages,services} sudo chown -R $(whoami):$(whoami) /srv/walnut @@ -9,11 +9,23 @@ git clone https://github.com/Daplie/walnut.git /srv/walnut/core pushd /srv/walnut/core npm install -sudo rsync -av /srv/walnut/core/etc/init/walnut.conf /etc/init/walnut.conf -rsync -av /srv/walnut/core/etc/letsencrypt/ /srv/walnut/certs/ - popd + +sudo rsync -a /srv/walnut/core/etc/init/walnut.conf /etc/init/walnut.conf +rsync -a /srv/walnut/core/etc/letsencrypt/ /srv/walnut/certs/ mv /srv/walnut/core/node_modules /srv/walnut +echo -n "Enter an email address to use for LetsEncrypt and press [ENTER]: " +read LE_EMAIL +node -e " + 'use strict'; + + require('fs').writeFileSync('/srv/walnut/config.letsencrypt.json', JSON.stringify({ + configDir: '/srv/walnut/letsencrypt' + , email: '$LE_EMAIL' + , agreeTos: true + }, null, ' ')); +" + sudo service walnut stop sudo service walnut start diff --git a/lib/apis.js b/lib/apis.js new file mode 100644 index 0000000..a9dcaee --- /dev/null +++ b/lib/apis.js @@ -0,0 +1,250 @@ +'use strict'; + +module.exports.create = function (xconfx, apiFactories, apiDeps) { + var PromiseA = apiDeps.Promise; + var express = require('express'); + var fs = PromiseA.promisifyAll(require('fs')); + var path = require('path'); + var localCache = { apis: {}, pkgs: {} }; + + // TODO xconfx.apispath + xconfx.apispath = path.join(__dirname, '..', '..', 'packages', 'apis'); + + function notConfigured(req, res) { + res.send({ error: { message: "api '" + req.apiId + "' not configured for domain '" + req.experienceId + "'" } }); + } + + function loadApi(conf, pkgConf, pkgDeps, packagedApi) { + function handlePromise(p) { + return p.then(function (api) { + packagedApi._api = api; + return api; + }); + } + + if (!packagedApi._promise_api) { + packagedApi._promise_api = getApi(conf, pkgConf, pkgDeps, packagedApi); + } + + return handlePromise(packagedApi._promise_api); + } + + function getApi(conf, pkgConf, pkgDeps, packagedApi) { + var PromiseA = pkgDeps.Promise; + var path = require('path'); + var pkgpath = path.join(pkgConf.apipath, packagedApi.id/*, (packagedApi.api.version || '')*/); + + // TODO needs some version stuff (which would also allow hot-loading of updates) + // TODO version could be tied to sha256sum + + return new PromiseA(function (resolve, reject) { + var myApp; + var ursa; + var promise; + + // TODO dynamic requires are a no-no + // can we statically generate a require-er? on each install? + // module.exports = { {{pkgpath}}: function () { return require({{pkgpath}}) } } + // requirer[pkgpath]() + myApp = pkgDeps.express(); + myApp.disable('x-powered-by'); + if (pkgDeps.app.get('trust proxy')) { + myApp.set('trust proxy', pkgDeps.app.get('trust proxy')); + } + if (!pkgConf.pubkey) { + /* + return ursa.createPrivateKey(pem, password, encoding); + var pem = myKey.toPrivatePem(); + return jwt.verifyAsync(token, myKey.toPublicPem(), { ignoreExpiration: false && true }).then(function (decoded) { + }); + */ + ursa = require('ursa'); + pkgConf.keypair = ursa.createPrivateKey(pkgConf.privkey, 'ascii'); + pkgConf.pubkey = ursa.createPublicKey(pkgConf.pubkey, 'ascii'); //conf.keypair.toPublicKey(); + } + + try { + packagedApi._apipkg = require(path.join(pkgpath, 'package.json')); + packagedApi._apiname = packagedApi._apipkg.name; + if (packagedApi._apipkg.walnut) { + pkgpath += '/' + packagedApi._apipkg.walnut; + } + promise = PromiseA.resolve(require(pkgpath).create(pkgConf, pkgDeps, myApp)); + } catch(e) { + reject(e); + return; + } + + promise.then(function () { + // TODO give pub/priv pair for app and all public keys + // packagedApi._api = require(pkgpath).create(pkgConf, pkgDeps, myApp); + packagedApi._api = require('express-lazy')(); + packagedApi._api_app = myApp; + + //require('./oauth3-auth').inject(conf, packagedApi._api, pkgConf, pkgDeps); + pkgDeps.getOauth3Controllers = + packagedApi._getOauth3Controllers = require('oauthcommon/example-oauthmodels').create(conf).getControllers; + require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); + + // DEBUG + // + /* + packagedApi._api.use('/', function (req, res, next) { + console.log('[DEBUG pkgApiApp]', req.method, req.hostname, req.url); + next(); + }); + //*/ + + // TODO fix backwards compat + + // /api/com.example.foo (no change) + packagedApi._api.use('/', packagedApi._api_app); + + // /api/com.example.foo => /api + packagedApi._api.use('/', function (req, res, next) { + var priorUrl = req.url; + req.url = '/api' + req.url.slice(('/api/' + packagedApi.id).length); + // console.log('api mangle 3:', req.url); + packagedApi._api_app(req, res, function (err) { + req.url = priorUrl; + next(err); + }); + }); + + // /api/com.example.foo => / + packagedApi._api.use('/api/' + packagedApi.id, function (req, res, next) { + // console.log('api mangle 2:', '/api/' + packagedApi.id, req.url); + // console.log(packagedApi._api_app.toString()); + packagedApi._api_app(req, res, next); + }); + + resolve(packagedApi._api); + }, reject); + }); + } + + // Read packages/apis/sub.sld.tld (forward dns) to find list of apis as tld.sld.sub (reverse dns) + // TODO packages/allowed_apis/sub.sld.tld (?) + // TODO auto-register org.oauth3.consumer for primaryDomain (and all sites?) + function loadApiHandler() { + return function handler(req, res, next) { + var name = req.experienceId; + var apiId = req.apiId; + var packagepath = path.join(xconfx.apispath, name); + + return fs.readFileAsync(packagepath, 'utf8').then(function (text) { + return text.trim().split(/\n/); + }, function () { + return []; + }).then(function (apis) { + return function (req, res, next) { + var apipath; + + if (!apis.some(function (api) { + if (api === apiId) { + return true; + } + })) { + if (req.experienceId === ('api.' + xconfx.setupDomain) && 'org.oauth3.consumer' === apiId) { + // fallthrough + } else { + return null; + } + } + + apipath = path.join(xconfx.apispath, apiId); + + if (!localCache.pkgs[apiId]) { + return fs.readFileAsync(path.join(apipath, 'package.json'), 'utf8').then(function (text) { + var pkg = JSON.parse(text); + var deps = {}; + var myApp; + + if (pkg.walnut) { + apipath = path.join(apipath, pkg.walnut); + } + + Object.keys(apiDeps).forEach(function (key) { + deps[key] = apiDeps[key]; + }); + Object.keys(apiFactories).forEach(function (key) { + deps[key] = apiFactories[key]; + }); + + // TODO pull db stuff from package.json somehow and pass allowed data models as deps + // + // how can we tell which of these would be correct? + // deps.memstore = apiFactories.memstoreFactory.create(apiId); + // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId); + // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId + apiId); + + // let's go with this one for now and the api can choose to scope or not to scope + deps.memstore = apiFactories.memstoreFactory.create(apiId); + + console.log('DEBUG apipath', apipath); + myApp = express(); + // + // TODO handle /accounts/:accountId + // + return PromiseA.resolve(require(apipath).create({}/*pkgConf*/, deps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { + localCache.pkgs[apiId] = { pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; + localCache.pkgs[apiId].handler(req, res, next); + }); + }); + } + else { + localCache.pkgs[apiId].handler(req, res, next); + // TODO expire require cache + /* + if (Date.now() - localCache.pkgs[apiId].createdAt < (5 * 60 * 1000)) { + return; + } + */ + } + }; + }, function (/*err*/) { + return null; + }).then(function (handler) { + + // keep object reference intact + // DO NOT cache non-existant api + if (handler) { + localCache.apis[name].handler = handler; + } else { + handler = notConfigured; + } + handler(req, res, next); + }); + }; + } + + return function (req, res, next) { + var experienceId = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); + var apiId = req.url.replace(/.*\/api\//, '').replace(/\/.*/, ''); + + Object.defineProperty(req, 'experienceId', { + enumerable: true + , configurable: false + , writable: false + // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app + // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) + // NOTE: probably best to alias the name logically + , value: experienceId + }); + Object.defineProperty(req, 'apiId', { + enumerable: true + , configurable: false + , writable: false + , value: apiId + }); + + if (!localCache.apis[experienceId]) { + localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; + } + + localCache.apis[experienceId].handler(req, res, next); + if (Date.now() - localCache.apis[experienceId].createdAt > (5 * 60 * 1000)) { + localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; + } + }; +}; diff --git a/lib/bootstrap.js b/lib/bootstrap.js new file mode 100644 index 0000000..f12a9a8 --- /dev/null +++ b/lib/bootstrap.js @@ -0,0 +1,306 @@ +'use strict'; + +// +// IMPORTANT !!! +// +// None of this is authenticated or encrypted +// + +module.exports.create = function (app, xconfx, models) { + var PromiseA = require('bluebird'); + var path = require('path'); + var fs = PromiseA.promisifyAll(require('fs')); + var dns = PromiseA.promisifyAll(require('dns')); + + function isInitialized() { + // TODO read from file only, not db + return models.ComDaplieWalnutConfig.get('config').then(function (conf) { + if (!conf || !conf.primaryDomain || !conf.primaryEmail) { + console.log('DEBUG incomplete conf', conf); + return false; + } + + xconfx.primaryDomain = xconfx.primaryDomain || conf.primaryDomain; + + var configname = conf.primaryDomain + '.json'; + var configpath = path.join(__dirname, '..', '..', 'config', configname); + + return fs.readFileAsync(configpath, 'utf8').then(function (text) { + return JSON.parse(text); + }, function (/*err*/) { + console.log('DEBUG not exists leconf', configpath); + return false; + }).then(function (data) { + if (!data || !data.email || !data.agreeTos) { + console.log('DEBUG incomplete leconf', data); + return false; + } + + return true; + }); + }); + } + + function initialize() { + var express = require('express'); + var getIpAddresses = require('./ip-checker').getExternalAddresses; + var resolve; + + function errorIfNotApi(req, res, next) { + // if it's not an ip address + if (/[a-z]+/.test(req.headers.host)) { + if (!/^api\./.test(req.headers.host)) { + console.log('req.headers.host'); + console.log(req.headers.host); + res.send({ error: { message: "no api. subdomain prefix" } }); + return; + } + } + + next(); + } + + function errorIfApi(req, res, next) { + if (!/^api\./.test(req.headers.host)) { + next(); + return; + } + + // has api. hostname prefix + + // doesn't have /api url prefix + if (!/^\/api\//.test(req.url)) { + res.send({ error: { message: "missing /api/ url prefix" } }); + return; + } + + res.send({ error: { code: 'E_NO_IMPL', message: "not implemented" } }); + } + + function getConfig(req, res) { + getIpAddresses().then(function (inets) { + var results = { + hostname: require('os').hostname() + , inets: inets.addresses.map(function (a) { + a.time = undefined; + return a; + }) + }; + //res.send({ inets: require('os').networkInterfaces() }); + res.send(results); + }); + } + + function verifyIps(inets, hostname) { + var map = {}; + var arr = []; + + inets.forEach(function (addr) { + if (!map[addr.family]) { + map[addr.family] = true; + if (4 === addr.family) { + arr.push(dns.resolve4Async(hostname).then(function (arr) { + return arr; + }, function (/*err*/) { + return []; + })); + } + if (6 === addr.family) { + arr.push(dns.resolve6Async(hostname).then(function (arr) { + return arr; + }, function (/*err*/) { + return []; + })); + } + } + }); + + return PromiseA.all(arr).then(function (fams) { + console.log('DEBUG hostname', hostname); + var ips = []; + + fams.forEach(function (addrs) { + console.log('DEBUG ipv46'); + console.log(addrs); + addrs.forEach(function (addr) { + inets.forEach(function (a) { + if (a.address === addr) { + a.time = undefined; + ips.push(a); + } + }); + }); + console.log(''); + }); + + return ips; + }); + } + + function setConfig(req, res) { + var config = req.body; + var results = {}; + + return PromiseA.resolve().then(function () { + if (!config.agreeTos && !config.tls) { + return PromiseA.reject(new Error("To enable encryption you must agree to the LetsEncrypt terms of service")); + } + + if (!config.domain) { + return PromiseA.reject(new Error("You must specify a valid domain name")); + } + config.domain = config.domain.replace(/^www\./, ''); + + return getIpAddresses().then(function (inet) { + if (!inet.addresses.length) { + return PromiseA.reject(new Error("no ip addresses")); + } + + results.inets = inet.addresses.map(function (a) { + a.time = undefined; + return a; + }); + + results.resolutions = []; + return PromiseA.all([ + // for static content + verifyIps(inet.addresses, config.domain).then(function (ips) { + results.resolutions.push({ hostname: config.domain, ips: ips }); + }) + // for redirects + , verifyIps(inet.addresses, 'www.' + config.domain).then(function (ips) { + results.resolutions.push({ hostname: 'www.' + config.domain, ips: ips }); + }) + // for api + , verifyIps(inet.addresses, 'api.' + config.domain).then(function (ips) { + results.resolutions.push({ hostname: 'api.' + config.domain, ips: ips }); + }) + // for protected assets + , verifyIps(inet.addresses, 'assets.' + config.domain).then(function (ips) { + results.resolutions.push({ hostname: 'assets.' + config.domain, ips: ips }); + }) + // for the cloud management + , verifyIps(inet.addresses, 'cloud.' + config.domain).then(function (ips) { + results.resolutions.push({ hostname: 'cloud.' + config.domain, ips: ips }); + }) + , verifyIps(inet.addresses, 'api.cloud.' + config.domain).then(function (ips) { + results.resolutions.push({ hostname: 'api.cloud.' + config.domain, ips: ips }); + }) + ]).then(function () { + if (!results.resolutions[0].ips.length) { + results.error = { message: "bare domain could not be resolved to this device" }; + } + else if (!results.resolutions[2].ips.length) { + results.error = { message: "api subdomain could not be resolved to this device" }; + } + /* + else if (!results.resolutions[1].ips.length) { + results.error = { message: "" } + } + else if (!results.resolutions[3].ips.length) { + results.error = { message: "" } + } + else if (!results.resolutions[4].ips.length || !results.resolutions[4].ips.length) { + results.error = { message: "cloud and api.cloud subdomains should be set up" }; + } + */ + }); + }); + }).then(function () { + if (results.error) { + return; + } + + var configname = config.domain + '.json'; + var configpath = path.join(__dirname, '..', '..', 'config', configname); + var leAuth = { + agreeTos: true + , email: config.email // TODO check email + , domain: config.domain + , createdAt: Date.now() + }; + + return dns.resolveMxAsync(config.email.replace(/.*@/, '')).then(function (/*addrs*/) { + // TODO allow private key to be uploaded + return fs.writeFileAsync(configpath, JSON.stringify(leAuth, null, ' '), 'utf8').then(function () { + return models.ComDaplieWalnutConfig.upsert('config', { + letsencrypt: leAuth + , primaryDomain: config.domain + , primaryEmail: config.email + }); + }); + }, function () { + return PromiseA.reject(new Error("invalid email address (MX record lookup failed)")); + }); + }).then(function () { + if (!results.error && results.inets && resolve) { + resolve(); + resolve = null; + } + res.send(results); + }, function (err) { + console.error('Error lib/bootstrap.js'); + console.error(err.stack || err); + res.send({ error: { message: err.message || err.toString() } }); + }); + } + + var CORS = require('connect-cors'); + var cors = CORS({ credentials: true, headers: [ + 'X-Requested-With' + , 'X-HTTP-Method-Override' + , 'Content-Type' + , 'Accept' + , 'Authorization' + ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }); + + app.use('/', function (req, res, next) { + return isInitialized().then(function (initialized) { + if (!initialized) { + next(); + return; + } + + resolve(true); + + // force page refresh + // TODO goto top of routes? + res.statusCode = 302; + res.setHeader('Location', req.url); + res.end(); + }); + }); + app.use('/api', errorIfNotApi); + // NOTE Allows CORS access to API with ?access_token= + // TODO Access-Control-Max-Age: 600 + // TODO How can we help apps handle this? token? + // TODO allow apps to configure trustedDomains, auth, etc + app.use('/api', cors); + app.get('/api/com.daplie.walnut.init', getConfig); + app.post('/api/com.daplie.walnut.init', setConfig); + app.use('/', errorIfApi); + app.use('/', express.static(path.join(__dirname, '..', '..', 'packages', 'pages', 'com.daplie.walnut.init'))); + + return new PromiseA(function (_resolve) { + resolve = _resolve; + }); + } + + return isInitialized().then(function (initialized) { + if (initialized) { + return true; + } + + return initialize(); + }, function (err) { + console.error('FATAL ERROR:'); + console.error(err.stack || err); + app.use('/', function (req, res) { + res.send({ + error: { + message: "Unrecoverable Error Requires manual server update: " + (err.message || err.toString()) + } + }); + }); + }); +}; diff --git a/lib/insecure-server.js b/lib/insecure-server.js deleted file mode 100644 index 2ac96a5..0000000 --- a/lib/insecure-server.js +++ /dev/null @@ -1,113 +0,0 @@ -'use strict'; - -module.exports.create = function (lex, securePort, insecurePort, info, serverCallback) { - var PromiseA = require('bluebird').Promise; - var appPromise; - //var app; - var http = require('http'); - var redirectives; - - function useAppInsecurely(req, res) { - if (!appPromise) { - return false; - } - - appPromise.then(function (app) { - req._WALNUT_SECURITY_EXCEPTION = true; - app(req, res); - }); - - return true; - } - - function redirectHttps(req, res) { - if (req.headers.host && /^\/.well-known\/acme-challenge/.test(req.url) && useAppInsecurely(req, res)) { - return true; - } - // TODO - // XXX NOTE: info.conf.redirects may or may not be loaded at first - // the object will be modified when the config is loaded - if (!redirectives && info.redirects || info.conf.redirects) { - redirectives = require('./hostname-redirects').compile(info.redirects || info.conf.redirects); - } - if (require('./no-www').scrubTheDub(req, res, redirectives)) { - return true; - } - - // Let it do this once they visit the https site - // res.setHeader('Strict-Transport-Security', 'max-age=10886400; includeSubDomains; preload'); - - var host = req.headers.host || ''; - var url = req.url; - - // TODO - // allow exceptions for the case of arduino and whatnot that cannot handle https? - // http://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/ - // needs ECDSA? - - var escapeHtml = require('escape-html'); - var newLocation = 'https://' - + host.replace(/:\d+/, ':' + securePort) + url - ; - var safeLocation = escapeHtml(newLocation); - - var metaRedirect = '' - + '\n' - + '\n' - + ' \n' - + ' \n' - + '\n' - + '\n' - + '

You requested an insecure resource. Please use this instead: \n' - + ' ' + safeLocation + '

\n' - + '\n' - + '\n' - ; - - // DO NOT HTTP REDIRECT - /* - res.setHeader('Location', newLocation); - res.statusCode = 302; - */ - - // BAD NEWS BEARS - // - // When people are experimenting with the API and posting tutorials - // they'll use cURL and they'll forget to prefix with https:// - // If we allow that, then many users will be sending private tokens - // and such with POSTs in clear text and, worse, it will work! - // To minimize this, we give browser users a mostly optimal experience, - // but people experimenting with the API get a message letting them know - // that they're doing it wrong and thus forces them to ensure they encrypt. - res.setHeader('Content-Type', 'text/html; charset=utf-8'); - res.end(metaRedirect); - } - - // TODO localhost-only server shutdown mechanism - // that closes all sockets, waits for them to finish, - // and then hands control over completely to respawned server - - // - // Redirect HTTP to HTTPS - // - // This simply redirects from the current insecure location to the encrypted location - // - var insecureServer; - insecureServer = http.createServer(); - insecureServer.listen(insecurePort, function () { - console.log("\nListening on http://localhost:" + insecureServer.address().port); - console.log("(handling any explicit redirects and redirecting all other traffic to https)\n"); - if (serverCallback) { - appPromise = serverCallback(null, insecureServer); - } - }); - - if (lex) { - var LEX = require('letsencrypt-express'); - insecureServer.on('request', LEX.createAcmeResponder(lex, redirectHttps)); - } else { - insecureServer.on('request', redirectHttps); - } - - return PromiseA.resolve(insecureServer); -}; diff --git a/lib/ip-checker.js b/lib/ip-checker.js new file mode 100644 index 0000000..e3b94d4 --- /dev/null +++ b/lib/ip-checker.js @@ -0,0 +1,138 @@ +"use strict"; + +var PromiseA = require('bluebird').Promise; +var ifaces = require('os').networkInterfaces(); +var dns = PromiseA.promisifyAll(require('dns')); +var https = require('https'); + +function getExternalAddresses() { + var iftypes = {}; + var ipv4check = 'api.ipify.org'; + var ipv6check = 'myexternalip.com'; + + Object.keys(ifaces).forEach(function (ifname) { + ifaces[ifname].forEach(function (iface) { + // local addresses + if (iface.internal) { + return; + } + // auto address space + if (/^(fe80:|169\.)/.test(iface.address)) { + return; + } + /* + if (/^(fe80:|10\.|192\.168|172\.1[6-9]|172\.2[0-9]|172\.3[0-1])/.test(iface.address)) { + return; + } + */ + + iftypes[iface.family] = true; + }); + }); + + console.log(iftypes); + + var now = Date.now(); + + return PromiseA.all([ + dns.lookupAsync(ipv4check, { family: 4/*, all: true*/ }).then(function (ans) { + iftypes.IPv4 = { address: ans[0], family: ans[1], time: Date.now() - now }; + }).error(function () { + //console.log('no ipv4', Date.now() - now); + iftypes.IPv4 = false; + }) + // curl -6 https://myexternalip.com/raw + , dns.lookupAsync(ipv6check, { family: 6/*, all: true*/ }).then(function (ans) { + iftypes.IPv6 = { address: ans[0], family: ans[1], time: Date.now() - now }; + }).error(function (err) { + console.error('Error ip-checker.js'); + console.error(err.stack || err); + //console.log('no ipv6', Date.now() - now); + iftypes.IPv6 = false; + }) + ]).then(function () { + var requests = []; + + if (iftypes.IPv4) { + requests.push(new PromiseA(function (resolve) { + var req = https.request({ + method: 'GET' + , hostname: iftypes.IPv4.address + , port: 443 + , headers: { + Host: ipv4check + } + , path: '/' + //, family: 4 + // TODO , localAddress: <> + }, function (res) { + var result = ''; + + res.on('error', function (/*err*/) { + resolve(null); + }); + + res.on('data', function (chunk) { + result += chunk.toString('utf8'); + }); + + res.on('end', function () { + resolve({ address: result, family: 4/*, wan: result === iftypes.IPv4.localAddress*/, time: iftypes.IPv4.time }); + }); + }); + + req.on('error', function () { + resolve(null); + }); + req.end(); + })); + } + + if (iftypes.IPv6) { + requests.push(new PromiseA(function (resolve) { + var req = https.request({ + method: 'GET' + , hostname: iftypes.IPv6.address + , port: 443 + , headers: { + Host: ipv6check + } + , path: '/raw' + //, family: 6 + // TODO , localAddress: <> + }, function (res) { + var result = ''; + + res.on('error', function (/*err*/) { + resolve(null); + }); + + res.on('data', function (chunk) { + result += chunk.toString('utf8').trim(); + }); + res.on('end', function () { + resolve({ address: result, family: 6/*, wan: result === iftypes.IPv6.localAaddress*/, time: iftypes.IPv4.time }); + }); + }); + + req.on('error', function () { + resolve(null); + }); + req.end(); + })); + } + + return PromiseA.all(requests).then(function (ips) { + ips = ips.filter(function (ip) { + return ip; + }); + + return { + addresses: ips + , time: Date.now() - now + }; + }); + }); +} + +exports.getExternalAddresses = getExternalAddresses; diff --git a/lib/local-server.js b/lib/local-server.js index e088213..37d776d 100644 --- a/lib/local-server.js +++ b/lib/local-server.js @@ -2,7 +2,7 @@ // Note the odd use of callbacks (instead of promises) here // It's to avoid loading bluebird yet (see sni-server.js for explanation) -module.exports.create = function (lex, certPaths, port, info, serverCallback) { +module.exports.create = function (certPaths, port, info, serverCallback) { function initServer(err, server) { var app; var promiseApp; @@ -29,7 +29,7 @@ module.exports.create = function (lex, certPaths, port, info, serverCallback) { */ // Get up and listening as absolutely quickly as possible - function onRequest(req, res) { + server.on('request', function (req, res) { // this is a hot piece of code, so we cache the result if (app) { app(req, res); @@ -41,18 +41,11 @@ module.exports.create = function (lex, certPaths, port, info, serverCallback) { app = _app; app(req, res); }); - } - - if (lex) { - var LEX = require('letsencrypt-express'); - server.on('request', LEX.createAcmeResponder(lex, onRequest)); - } else { - server.on('request', onRequest); - } + }); } if (certPaths) { - require('./sni-server').create(lex, certPaths, initServer); + require('./sni-server').create(certPaths, initServer); } else { initServer(null, require('http').createServer()); } diff --git a/lib/main.js b/lib/main.js new file mode 100644 index 0000000..febe97c --- /dev/null +++ b/lib/main.js @@ -0,0 +1,297 @@ +'use strict'; + +module.exports.create = function (app, xconfx, apiFactories, apiDeps) { + var PromiseA = require('bluebird'); + var path = require('path'); + var fs = PromiseA.promisifyAll(require('fs')); + // NOTE: each process has its own cache + var localCache = { le: {}, statics: {} }; + var express = require('express'); + var apiApp; + var setupDomain = xconfx.setupDomain = ('cloud.' + xconfx.primaryDomain); + var setupApp; + + function redirectHttpsHelper(req, res) { + var host = req.hostname || req.headers.host || ''; + var url = req.url; + + // TODO + // allow exceptions for the case of arduino and whatnot that cannot handle https? + // http://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/ + // needs ECDSA? + + var escapeHtml = require('escape-html'); + var newLocation = 'https://' + + host.replace(/:\d+/, ':' + xconfx.externalPort) + url + ; + var safeLocation = escapeHtml(newLocation); + + var metaRedirect = '' + + '\n' + + '\n' + + ' \n' + + ' \n' + + '\n' + + '\n' + + '

You requested an insecure resource. Please use this instead: \n' + + ' ' + safeLocation + '

\n' + + '\n' + + '\n' + ; + + // DO NOT HTTP REDIRECT + /* + res.setHeader('Location', newLocation); + res.statusCode = 302; + */ + + // BAD NEWS BEARS + // + // When people are experimenting with the API and posting tutorials + // they'll use cURL and they'll forget to prefix with https:// + // If we allow that, then many users will be sending private tokens + // and such with POSTs in clear text and, worse, it will work! + // To minimize this, we give browser users a mostly optimal experience, + // but people experimenting with the API get a message letting them know + // that they're doing it wrong and thus forces them to ensure they encrypt. + res.setHeader('Content-Type', 'text/html; charset=utf-8'); + res.end(metaRedirect); + } + + function redirectHttps(req, res) { + if (localCache.le[req.hostname]) { + if (localCache.le[req.hostname].conf) { + redirectHttpsHelper(req, res); + return; + } + else { + // TODO needs IPC to expire cache + redirectSetup(req.hostname, req, res); + return; + /* + if (Date.now() - localCache.le[req.hostname].createdAt < (5 * 60 * 1000)) { + // TODO link to dbconf.primaryDomain + res.send({ error: { message: "Security Error: Encryption for '" + req.hostname + "' has not been configured." + + " Please use the management interface to set up ACME / Let's Encrypt (or another solution)." } }); + return; + } + */ + } + } + + return xconfx.walkLe(req.hostname).then(function (leAuth) { + if (!leAuth) { + redirectSetup(req.hostname, req, res); + return; + } + + localCache.le[req.hostname] = { conf: leAuth, createdAt: Date.now() }; + redirectHttps(req, res); + }); + } + + function disallowSymLinks(req, res) { + res.end( + "Symbolic Links are not supported on all platforms and are therefore disallowed." + + " Instead, simply create a file of the same name as the link with a single line of text" + + " which should be the relative or absolute path to the target directory." + ); + } + + function disallowNonFiles(req, res) { + res.end( + "Pipes, Blocks, Sockets, FIFOs, and other such nonsense are not permitted." + + " Instead please create a directory from which to read or create a file " + + " with a single line of text which should be the target directory to read from." + ); + } + + function securityError(req, res) { + res.end("Security Error: Link points outside of packages/pages"); + } + + function notConfigured(req, res, next) { + if (setupDomain !== req.hostname) { + redirectSetup(req.hostname, req, res); + return; + } + + if (!setupApp) { + setupApp = express.static(path.join(xconfx.staticpath, 'com.daplie.walnut')); + } + setupApp(req, res, function () { + if ('/' === req.url) { + res.end('Sanity Fail: Configurator not found'); + return; + } + next(); + }); + } + + function loadHandler(name) { + return function handler(req, res, next) { + var packagepath = path.join(xconfx.staticpath, name); + + return fs.lstatAsync(packagepath).then(function (stat) { + if (stat.isSymbolicLink()) { + return disallowSymLinks; + } + + if (stat.isDirectory()) { + return express.static(packagepath); + } + + if (!stat.isFile()) { + return disallowNonFiles; + } + + return fs.readFileAsync(packagepath, 'utf8').then(function (text) { + // TODO allow cascading + text = text.trim().split(/\n/)[0]; + + // TODO rerun the above, disallowing link-style (or count or memoize to prevent infinite loop) + // TODO make safe + packagepath = path.resolve(xconfx.staticpath, text); + if (0 !== packagepath.indexOf(xconfx.staticpath)) { + return securityError; + } + + return express.static(packagepath); + }); + }, function (/*err*/) { + return notConfigured; + }).then(function (handler) { + + // keep object reference intact + localCache.statics[name].handler = handler; + handler(req, res, next); + }); + }; + } + + function staticHelper(appId, opts) { + // TODO inter-process cache expirey + // TODO add to xconfx.staticpath + xconfx.staticpath = path.join(__dirname, '..', '..', 'packages', 'pages'); + return fs.readdirAsync(xconfx.staticpath).then(function (nodes) { + if (opts && opts.clear) { + localCache.statics = {}; + } + + // longest to shortest + function shortToLong(a, b) { + return b.length - a.length; + } + nodes.sort(shortToLong); + + nodes.forEach(function (name) { + if (!localCache.statics[name]) { + localCache.statics[name] = { handler: loadHandler(name), createdAt: Date.now() }; + } + }); + + // Secure Matching + // apple.com#blah# apple.com#blah# + // apple.com.us# apple.com#foo# + // apple.com# apple.com#foo# + nodes.some(function (name) { + if (0 === (name + '#').indexOf(appId + '#')) { + if (appId !== name) { + localCache.statics[appId] = localCache.statics[name]; + } + return true; + } + }); + + if (!localCache.statics[appId]) { + localCache.statics[appId] = { handler: notConfigured, createdAt: Date.now() }; + } + + localCache.staticsKeys = Object.keys(localCache.statics).sort(shortToLong); + return localCache.statics[appId]; + }); + } + + function redirectSetup(reason, req, res/*, next*/) { + var url = 'https://cloud.' + xconfx.primaryDomain; + + if (443 !== xconfx.externalPort) { + url += ':' + xconfx.externalPort; + } + + url += '#referrer=' + reason; + + res.statusCode = 302; + res.setHeader('Location', url); + res.end(); + } + + function serveStatic(req, res, next) { + // If we get this far we can be pretty confident that + // the domain was already set up because it's encrypted + var appId = req.hostname + req.url.replace(/\/+/g, '#').replace(/#$/, ''); + var appIdParts = appId.split('#'); + var appIdPart; + + if (!req.secure) { + // did not come from https + if (/\.(appcache|manifest)\b/.test(req.url)) { + require('./unbrick-appcache').unbrick(req, res); + return; + } + return redirectHttps(req, res); + } + + // TODO configuration for allowing www + if (/^www\./.test(req.hostname)) { + // NOTE: acme responder and appcache unbricker must come before scrubTheDub + if (/\.(appcache|manifest)\b/.test(req.url)) { + require('./unbrick-appcache').unbrick(req, res); + return; + } + require('./no-www').scrubTheDub(req, res); + return; + } + /* + if (!redirectives && config.redirects) { + redirectives = require('./hostname-redirects').compile(config.redirects); + } + */ + + // TODO assets.example.com/sub/assets/com.example.xyz/ + if (/^api\./.test(req.hostname) && /\/api(\/|$)/.test(req.url)) { + // supports api.example.com/sub/app/api/com.example.xyz/ + if (!apiApp) { + apiApp = require('./apis').create(xconfx, apiFactories, apiDeps); + } + apiApp(req, res, next); + return; + } + + while (appIdParts.length) { + // TODO needs IPC to expire cache + appIdPart = appIdParts.join('#'); + if (localCache.statics[appIdPart]) { + break; + } + // TODO test via staticsKeys + + appIdParts.pop(); + } + + if (!appIdPart || !localCache.statics[appIdPart]) { + return staticHelper(appId).then(function () { + localCache.statics[appId].handler(req, res, next); + }); + } + + localCache.statics[appIdPart].handler(req, res, next); + if (Date.now() - localCache.statics[appIdPart].createdAt > (5 * 60 * 1000)) { + staticHelper(appId, { clear: true }); + } + } + + app.use('/', serveStatic); + + return PromiseA.resolve(); +}; diff --git a/lib/master.js b/lib/master.js index 5b79575..916f1a6 100644 --- a/lib/master.js +++ b/lib/master.js @@ -2,18 +2,17 @@ var cluster = require('cluster'); var PromiseA = require('bluebird'); -// TODO -// var rootMasterKey; function init(conf, state) { + var newConf = {}; if (!conf.ipcKey) { - conf.ipcKey = require('crypto').randomBytes(16).toString('base64'); + conf.ipcKey = newConf.ipcKey = require('crypto').randomBytes(16).toString('base64'); } if (!conf.sqlite3Sock) { - conf.sqlite3Sock = '/tmp/sqlite3.' + require('crypto').randomBytes(4).toString('hex') + '.sock'; + conf.sqlite3Sock = newConf.sqlite3Sock = '/tmp/sqlite3.' + require('crypto').randomBytes(4).toString('hex') + '.sock'; } if (!conf.memstoreSock) { - conf.memstoreSock = '/tmp/memstore.' + require('crypto').randomBytes(4).toString('hex') + '.sock'; + conf.memstoreSock = newConf.memstoreSock = '/tmp/memstore.' + require('crypto').randomBytes(4).toString('hex') + '.sock'; } try { @@ -49,15 +48,14 @@ function init(conf, state) { verbose: null , sock: conf.sqlite3Sock , ipcKey: conf.ipcKey - }) + })/*.then(function () { + var sqlite3 = require('sqlite3-cluster/client'); + return sqliet3.createClientFactory(...); + })*/ ]).then(function (args) { state.memstore = args[0]; - state.sqlstore = args[1]; - return { - conf: conf - , memstore: args[0] - , sqlstore: args[1] - }; + //state.sqlstore = args[1]; + return newConf; }); return promise; @@ -69,10 +67,10 @@ function touch(conf, state) { } // TODO if no xyz worker, start on xyz worker (unlock, for example) - return state.initialize.then(function () { + return state.initialize.then(function (newConf) { // TODO conf.locked = true|false; conf.initialized = true; - return conf; + return newConf; }); } diff --git a/lib/package-server-apis.js b/lib/package-server-apis.js new file mode 100644 index 0000000..945933b --- /dev/null +++ b/lib/package-server-apis.js @@ -0,0 +1,215 @@ +'use strict'; + +var escapeStringRegexp = require('escape-string-regexp'); +//var apiHandlers = {}; + +function getApi(conf, pkgConf, pkgDeps, packagedApi) { + var PromiseA = pkgDeps.Promise; + var path = require('path'); + var pkgpath = path.join(pkgConf.apipath, packagedApi.id/*, (packagedApi.api.version || '')*/); + + // TODO needs some version stuff (which would also allow hot-loading of updates) + // TODO version could be tied to sha256sum + + return new PromiseA(function (resolve, reject) { + var myApp; + var ursa; + var promise; + + // TODO dynamic requires are a no-no + // can we statically generate a require-er? on each install? + // module.exports = { {{pkgpath}}: function () { return require({{pkgpath}}) } } + // requirer[pkgpath]() + myApp = pkgDeps.express(); + myApp.disable('x-powered-by'); + if (pkgDeps.app.get('trust proxy')) { + myApp.set('trust proxy', pkgDeps.app.get('trust proxy')); + } + if (!pkgConf.pubkey) { + /* + return ursa.createPrivateKey(pem, password, encoding); + var pem = myKey.toPrivatePem(); + return jwt.verifyAsync(token, myKey.toPublicPem(), { ignoreExpiration: false && true }).then(function (decoded) { + }); + */ + ursa = require('ursa'); + pkgConf.keypair = ursa.createPrivateKey(pkgConf.privkey, 'ascii'); + pkgConf.pubkey = ursa.createPublicKey(pkgConf.pubkey, 'ascii'); //conf.keypair.toPublicKey(); + } + + try { + packagedApi._apipkg = require(path.join(pkgpath, 'package.json')); + packagedApi._apiname = packagedApi._apipkg.name; + if (packagedApi._apipkg.walnut) { + pkgpath += '/' + packagedApi._apipkg.walnut; + } + promise = PromiseA.resolve(require(pkgpath).create(pkgConf, pkgDeps, myApp)); + } catch(e) { + reject(e); + return; + } + + promise.then(function () { + // TODO give pub/priv pair for app and all public keys + // packagedApi._api = require(pkgpath).create(pkgConf, pkgDeps, myApp); + packagedApi._api = require('express-lazy')(); + packagedApi._api_app = myApp; + + //require('./oauth3-auth').inject(conf, packagedApi._api, pkgConf, pkgDeps); + pkgDeps.getOauth3Controllers = + packagedApi._getOauth3Controllers = require('oauthcommon/example-oauthmodels').create(conf).getControllers; + require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); + + // DEBUG + // + /* + packagedApi._api.use('/', function (req, res, next) { + console.log('[DEBUG pkgApiApp]', req.method, req.hostname, req.url); + next(); + }); + //*/ + + // TODO fix backwards compat + + // /api/com.example.foo (no change) + packagedApi._api.use('/', packagedApi._api_app); + + // /api/com.example.foo => /api + packagedApi._api.use('/', function (req, res, next) { + var priorUrl = req.url; + req.url = '/api' + req.url.slice(('/api/' + packagedApi.id).length); + // console.log('api mangle 3:', req.url); + packagedApi._api_app(req, res, function (err) { + req.url = priorUrl; + next(err); + }); + }); + + // /api/com.example.foo => / + packagedApi._api.use('/api/' + packagedApi.id, function (req, res, next) { + // console.log('api mangle 2:', '/api/' + packagedApi.id, req.url); + // console.log(packagedApi._api_app.toString()); + packagedApi._api_app(req, res, next); + }); + + resolve(packagedApi._api); + }, reject); + }); +} + +function loadApi(conf, pkgConf, pkgDeps, packagedApi) { + function handlePromise(p) { + return p.then(function (api) { + packagedApi._api = api; + return api; + }); + } + + if (!packagedApi._promise_api) { + packagedApi._promise_api = getApi(conf, pkgConf, pkgDeps, packagedApi); + } + + return handlePromise(packagedApi._promise_api); +} + +function runApi(opts, router, req, res, next) { + var path = require('path'); + var pkgConf = opts.config; + var pkgDeps = opts.deps; + //var Services = opts.Services; + var packagedApi; + var pathname; + + // TODO compile packagesMap + // TODO people may want to use the framework in a non-framework way (i.e. to conceal the module name) + router.packagedApis.some(function (_packagedApi) { + // console.log('[DEBUG _packagedApi.id]', _packagedApi.id); + pathname = router.pathname; + if ('/' === pathname) { + pathname = ''; + } + // TODO allow for special apis that do not follow convention (.well_known, webfinger, oauth3.html, etc) + if (!_packagedApi._api_re) { + _packagedApi._api_re = new RegExp(escapeStringRegexp(pathname + '/api/' + _packagedApi.id) + '\/([\\w\\.\\-]+)(\\/|\\?|$)'); + //console.log('[api re 2]', _packagedApi._api_re); + } + if (_packagedApi._api_re.test(req.url)) { + packagedApi = _packagedApi; + return true; + } + }); + + if (!packagedApi) { + console.log("[ODD] no api for '" + req.url + "'"); + next(); + return; + } + + // Reaching this point means that there are APIs for this pathname + // it is important to identify this host + pathname (example.com/foo) as the app + Object.defineProperty(req, 'experienceId', { + enumerable: true + , configurable: false + , writable: false + // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app + // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) + // NOTE: probably best to alias the name logically + , value: (path.join(req.hostname, pathname || '')).replace(/\/$/, '') + }); + Object.defineProperty(req, 'escapedExperienceId', { + enumerable: true + , configurable: false + , writable: false + // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app + // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) + // NOTE: probably best to alias the name logically + , value: req.experienceId.replace(/\//g, ':') + }); + // packageId should mean hash(api.id + host + path) - also called "api" + Object.defineProperty(req, 'packageId', { + enumerable: true + , configurable: false + , writable: false + // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app + // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) + // NOTE: probably best to alias the name logically + , value: packagedApi.domain.id + }); + Object.defineProperty(req, 'appConfig', { + enumerable: true + , configurable: false + , writable: false + , value: {} // TODO just the app-scoped config + }); + Object.defineProperty(req, 'appDeps', { + enumerable: true + , configurable: false + , writable: false + , value: {} // TODO app-scoped deps + // i.e. when we need to use things such as stripe id + // without exposing them to the app + }); + + // + // TODO user authentication should go right about here + // + + // + // TODO freeze objects for passing them into app + // + + if (packagedApi._api) { + packagedApi._api(req, res, next); + return; + } + + // console.log("[DEBUG pkgpath]", pkgConf.apipath, packagedApi.id); + loadApi(opts.conf, pkgConf, pkgDeps, packagedApi).then(function (api) { + api(req, res, next); + }, function (err) { + console.error('[App Promise Error]'); + next(err); + }); +} + +module.exports.runApi = runApi; diff --git a/lib/package-server-static.js b/lib/package-server-static.js new file mode 100644 index 0000000..44997c7 --- /dev/null +++ b/lib/package-server-static.js @@ -0,0 +1,87 @@ +'use strict'; + +var staticHandlers = {}; + +function loadPages(pkgConf, packagedPage, req, res, next) { + var PromiseA = require('bluebird'); + var fs = require('fs'); + var path = require('path'); + var pkgpath = path.join(pkgConf.pagespath, (packagedPage.package || packagedPage.id), (packagedPage.version || '')); + + // TODO special cases for /.well_known/ and similar (oauth3.html, oauth3.json, webfinger, etc) + + function handlePromise(p) { + p.then(function (app) { + app(req, res, next); + packagedPage._page = app; + }, function (err) { + console.error('[App Promise Error]'); + next(err); + }); + } + + if (staticHandlers[pkgpath]) { + packagedPage._page = staticHandlers[pkgpath]; + packagedPage._page(req, res, next); + return; + } + + if (!packagedPage._promise_page) { + packagedPage._promise_page = new PromiseA(function (resolve, reject) { + fs.exists(pkgpath, function (exists) { + var staticServer; + + if (!exists) { + reject(new Error("package '" + pkgpath + "' is registered but does not exist")); + return; + } + + //console.log('[static mount]', pkgpath); + // https://github.com/expressjs/serve-static/issues/54 + // https://github.com/pillarjs/send/issues/91 + // https://example.com/.well-known/acme-challenge/xxxxxxxxxxxxxxx + staticServer = require('serve-static')(pkgpath, { dotfiles: undefined }); + resolve(staticServer); + }); + }); + } + + handlePromise(packagedPage._promise_page); +} + +function layerItUp(pkgConf, router, req, res, next) { + var nexti = -1; + // Layers exist so that static apps can use them like a virtual filesystem + // i.e. oauth3.html isn't in *your* app but you may use it and want it mounted at /.well-known/oauth3.html + // or perhaps some dynamic content (like application cache) + function nextify(err) { + var packagedPage; + nexti += 1; + + if (err) { + next(err); + return; + } + + // shortest to longest + //route = packages.pop(); + // longest to shortest + packagedPage = router.packagedPages[nexti]; + if (!packagedPage) { + next(); + return; + } + + if (packagedPage._page) { + packagedPage._page(req, res, nextify); + return; + } + + // could attach to req.{ pkgConf, pkgDeps, Services} + loadPages(pkgConf, packagedPage, req, res, next); + } + + nextify(); +} + +module.exports.layerItUp = layerItUp; diff --git a/lib/package-server.js b/lib/package-server.js index d1451c0..6a2488b 100644 --- a/lib/package-server.js +++ b/lib/package-server.js @@ -1,8 +1,8 @@ 'use strict'; var escapeStringRegexp = require('escape-string-regexp'); -var staticHandlers = {}; -//var apiHandlers = {}; +var runApi = require('./package-server-apis').runApi; +var layerItUp = require('./package-server-static').layerItUp; function compileVhosts(vhostsMap) { var results = { @@ -62,297 +62,6 @@ function compileVhosts(vhostsMap) { return results; } -function loadPages(pkgConf, packagedPage, req, res, next) { - var PromiseA = require('bluebird'); - var fs = require('fs'); - var path = require('path'); - var pkgpath = path.join(pkgConf.pagespath, (packagedPage.package || packagedPage.id), (packagedPage.version || '')); - - // TODO special cases for /.well_known/ and similar (oauth3.html, oauth3.json, webfinger, etc) - - function handlePromise(p) { - p.then(function (app) { - app(req, res, next); - packagedPage._page = app; - }, function (err) { - console.error('[App Promise Error]'); - next(err); - }); - } - - if (staticHandlers[pkgpath]) { - packagedPage._page = staticHandlers[pkgpath]; - packagedPage._page(req, res, next); - return; - } - - if (!packagedPage._promise_page) { - packagedPage._promise_page = new PromiseA(function (resolve, reject) { - fs.exists(pkgpath, function (exists) { - var staticServer; - - if (!exists) { - reject(new Error("package '" + pkgpath + "' is registered but does not exist")); - return; - } - - //console.log('[static mount]', pkgpath); - // https://github.com/expressjs/serve-static/issues/54 - // https://github.com/pillarjs/send/issues/91 - // https://example.com/.well-known/acme-challenge/xxxxxxxxxxxxxxx - staticServer = require('serve-static')(pkgpath, { dotfiles: undefined }); - resolve(staticServer); - }); - }); - } - - handlePromise(packagedPage._promise_page); -} - -function getApi(conf, pkgConf, pkgDeps, packagedApi) { - var PromiseA = pkgDeps.Promise; - var path = require('path'); - var pkgpath = path.join(pkgConf.apipath, packagedApi.id/*, (packagedApi.api.version || '')*/); - - // TODO needs some version stuff (which would also allow hot-loading of updates) - // TODO version could be tied to sha256sum - - return new PromiseA(function (resolve, reject) { - var myApp; - var ursa; - var promise; - - // TODO dynamic requires are a no-no - // can we statically generate a require-er? on each install? - // module.exports = { {{pkgpath}}: function () { return require({{pkgpath}}) } } - // requirer[pkgpath]() - myApp = pkgDeps.express(); - myApp.disable('x-powered-by'); - if (pkgDeps.app.get('trust proxy')) { - myApp.set('trust proxy', pkgDeps.app.get('trust proxy')); - } - if (!pkgConf.pubkey) { - /* - return ursa.createPrivateKey(pem, password, encoding); - var pem = myKey.toPrivatePem(); - return jwt.verifyAsync(token, myKey.toPublicPem(), { ignoreExpiration: false && true }).then(function (decoded) { - }); - */ - ursa = require('ursa'); - pkgConf.keypair = ursa.createPrivateKey(pkgConf.privkey, 'ascii'); - pkgConf.pubkey = ursa.createPublicKey(pkgConf.pubkey, 'ascii'); //conf.keypair.toPublicKey(); - } - - try { - packagedApi._apipkg = require(path.join(pkgpath, 'package.json')); - packagedApi._apiname = packagedApi._apipkg.name; - if (packagedApi._apipkg.walnut) { - pkgpath += '/' + packagedApi._apipkg.walnut; - } - promise = PromiseA.resolve(require(pkgpath).create(pkgConf, pkgDeps, myApp)); - } catch(e) { - reject(e); - return; - } - - promise.then(function () { - // TODO give pub/priv pair for app and all public keys - // packagedApi._api = require(pkgpath).create(pkgConf, pkgDeps, myApp); - packagedApi._api = require('express-lazy')(); - packagedApi._api_app = myApp; - - //require('./oauth3-auth').inject(conf, packagedApi._api, pkgConf, pkgDeps); - pkgDeps.getOauth3Controllers = - packagedApi._getOauth3Controllers = require('oauthcommon/example-oauthmodels').create(conf).getControllers; - require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); - - // DEBUG - // - /* - packagedApi._api.use('/', function (req, res, next) { - console.log('[DEBUG pkgApiApp]', req.method, req.hostname, req.url); - next(); - }); - //*/ - - // TODO fix backwards compat - - // /api/com.example.foo (no change) - packagedApi._api.use('/', packagedApi._api_app); - - // /api/com.example.foo => /api - packagedApi._api.use('/', function (req, res, next) { - var priorUrl = req.url; - req.url = '/api' + req.url.slice(('/api/' + packagedApi.id).length); - // console.log('api mangle 3:', req.url); - packagedApi._api_app(req, res, function (err) { - req.url = priorUrl; - next(err); - }); - }); - - // /api/com.example.foo => / - packagedApi._api.use('/api/' + packagedApi.id, function (req, res, next) { - // console.log('api mangle 2:', '/api/' + packagedApi.id, req.url); - // console.log(packagedApi._api_app.toString()); - packagedApi._api_app(req, res, next); - }); - - resolve(packagedApi._api); - }, reject); - }); -} - -function loadApi(conf, pkgConf, pkgDeps, packagedApi) { - function handlePromise(p) { - return p.then(function (api) { - packagedApi._api = api; - return api; - }); - } - - if (!packagedApi._promise_api) { - packagedApi._promise_api = getApi(conf, pkgConf, pkgDeps, packagedApi); - } - - return handlePromise(packagedApi._promise_api); -} - -function layerItUp(pkgConf, router, req, res, next) { - var nexti = -1; - // Layers exist so that static apps can use them like a virtual filesystem - // i.e. oauth3.html isn't in *your* app but you may use it and want it mounted at /.well-known/oauth3.html - // or perhaps some dynamic content (like application cache) - function nextify(err) { - var packagedPage; - nexti += 1; - - if (err) { - next(err); - return; - } - - // shortest to longest - //route = packages.pop(); - // longest to shortest - packagedPage = router.packagedPages[nexti]; - if (!packagedPage) { - next(); - return; - } - - if (packagedPage._page) { - packagedPage._page(req, res, nextify); - return; - } - - // could attach to req.{ pkgConf, pkgDeps, Services} - loadPages(pkgConf, packagedPage, req, res, next); - } - - nextify(); -} - -function runApi(opts, router, req, res, next) { - var path = require('path'); - var pkgConf = opts.config; - var pkgDeps = opts.deps; - //var Services = opts.Services; - var packagedApi; - var pathname; - - // TODO compile packagesMap - // TODO people may want to use the framework in a non-framework way (i.e. to conceal the module name) - router.packagedApis.some(function (_packagedApi) { - // console.log('[DEBUG _packagedApi.id]', _packagedApi.id); - pathname = router.pathname; - if ('/' === pathname) { - pathname = ''; - } - // TODO allow for special apis that do not follow convention (.well_known, webfinger, oauth3.html, etc) - if (!_packagedApi._api_re) { - _packagedApi._api_re = new RegExp(escapeStringRegexp(pathname + '/api/' + _packagedApi.id) + '\/([\\w\\.\\-]+)(\\/|\\?|$)'); - //console.log('[api re 2]', _packagedApi._api_re); - } - if (_packagedApi._api_re.test(req.url)) { - packagedApi = _packagedApi; - return true; - } - }); - - if (!packagedApi) { - console.log("[ODD] no api for '" + req.url + "'"); - next(); - return; - } - - // Reaching this point means that there are APIs for this pathname - // it is important to identify this host + pathname (example.com/foo) as the app - Object.defineProperty(req, 'experienceId', { - enumerable: true - , configurable: false - , writable: false - // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app - // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) - // NOTE: probably best to alias the name logically - , value: (path.join(req.hostname, pathname || '')).replace(/\/$/, '') - }); - Object.defineProperty(req, 'escapedExperienceId', { - enumerable: true - , configurable: false - , writable: false - // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app - // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) - // NOTE: probably best to alias the name logically - , value: req.experienceId.replace(/\//g, ':') - }); - // packageId should mean hash(api.id + host + path) - also called "api" - Object.defineProperty(req, 'packageId', { - enumerable: true - , configurable: false - , writable: false - // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app - // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) - // NOTE: probably best to alias the name logically - , value: packagedApi.domain.id - }); - Object.defineProperty(req, 'appConfig', { - enumerable: true - , configurable: false - , writable: false - , value: {} // TODO just the app-scoped config - }); - Object.defineProperty(req, 'appDeps', { - enumerable: true - , configurable: false - , writable: false - , value: {} // TODO app-scoped deps - // i.e. when we need to use things such as stripe id - // without exposing them to the app - }); - - // - // TODO user authentication should go right about here - // - - // - // TODO freeze objects for passing them into app - // - - if (packagedApi._api) { - packagedApi._api(req, res, next); - return; - } - - // console.log("[DEBUG pkgpath]", pkgConf.apipath, packagedApi.id); - loadApi(opts.conf, pkgConf, pkgDeps, packagedApi).then(function (api) { - api(req, res, next); - }, function (err) { - console.error('[App Promise Error]'); - next(err); - }); -} - function mapToApp(opts, req, res, next) { // opts = { config, deps, services } var vhost; @@ -450,6 +159,5 @@ function mapToApp(opts, req, res, next) { return runApi(opts, router, req, res, next); } -module.exports.runApi = runApi; module.exports.compileVhosts = compileVhosts; module.exports.mapToApp = mapToApp; diff --git a/lib/worker.js b/lib/worker.js index dea2221..08cc48c 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -1,137 +1,50 @@ 'use strict'; -module.exports.create = function (webserver, conf, state) { +module.exports.create = function (webserver, xconfx, state) { + console.log('DEBUG create worker'); + if (!state) { state = {}; } var PromiseA = state.Promise || require('bluebird'); - var path = require('path'); - //var vhostsdir = path.join(__dirname, 'vhosts'); - var express = require('express-lazy'); - var app = express(); var memstore; var sqlstores = {}; - var models = {}; var systemFactory = require('sqlite3-cluster/client').createClientFactory({ - dirname: path.join(__dirname, '..', '..', 'var') // TODO conf - , prefix: 'com.example.' + dirname: xconfx.varpath + , prefix: 'com.daplie.walnut.' //, dbname: 'config' , suffix: '' , ext: '.sqlite3' - , sock: conf.sqlite3Sock - , ipcKey: conf.ipcKey + , sock: xconfx.sqlite3Sock + , ipcKey: xconfx.ipcKey }); + /* var clientFactory = require('sqlite3-cluster/client').createClientFactory({ algorithm: 'aes' , bits: 128 , mode: 'cbc' - , dirname: path.join(__dirname, '..', '..', 'var') // TODO conf - , prefix: 'com.example.' + , dirname: xconfx.varpath // TODO conf + , prefix: 'com.daplie.walnut.' //, dbname: 'cluster' , suffix: '' , ext: '.sqlcipher' - , sock: conf.sqlite3Sock - , ipcKey: conf.ipcKey + , sock: xconfx.sqlite3Sock + , ipcKey: xconfx.ipcKey }); - var cstore = require('cluster-store'); - var redirectives; - - app.disable('x-powered-by'); - if (conf.trustProxy) { - console.info('[Trust Proxy]'); - app.set('trust proxy', ['loopback']); - //app.set('trust proxy', function (ip) { console.log('[ip]', ip); return true; }); - } else { - console.info('[DO NOT trust proxy]'); - // TODO make sure the gzip module loads if there isn't a proxy gzip-ing for us - // app.use(compression()) - } - - /* - function unlockDevice(conf, state) { - return require('./lib/unlock-device').create().then(function (result) { - result.promise.then(function (_rootMasterKey) { - process.send({ - type: 'walnut.keys.root' - conf: { - rootMasterKey: _rootMasterkey - } - }); - conf.locked = false; - if (state.caddy) { - state.caddy.update(conf); - } - conf.rootMasterKey = _rootMasterKey; - }); - - return result.app; - }); - } */ - - // TODO handle insecure to actual redirect - // blog.coolaj86.com -> coolaj86.com/blog - // hmm... that won't really matter with hsts - // I guess I just needs letsencrypt - - function scrubTheDub(req, res, next) { - var host = req.hostname; - - if (!host || 'string' !== typeof host) { - next(); - return; - } - - // TODO test if this is even necessary - host = host.toLowerCase(); - - // TODO this should be hot loadable / changeable - if (!redirectives && conf.redirects) { - redirectives = require('./hostname-redirects').compile(conf.redirects); - } - - if (!/^www\./.test(host) && !redirectives) { - next(); - return; - } - - // TODO misnomer, handles all exact redirects - if (!require('./no-www').scrubTheDub(req, res, redirectives)) { - next(); - return; - } - } - - function caddyBugfix(req, res, next) { - // workaround for Caddy - // https://github.com/mholt/caddy/issues/341 - if (app.get('trust proxy')) { - if (req.headers['x-forwarded-proto']) { - req.headers['x-forwarded-proto'] = (req.headers['x-forwarded-proto'] || '').split(/,\s+/g)[0] || undefined; - } - if (req.headers['x-forwarded-host']) { - req.headers['x-forwarded-host'] = (req.headers['x-forwarded-host'] || '').split(/,\s+/g)[0] || undefined; - } - } - - next(); - } - - // TODO misnomer, this can handle nowww, yeswww, and exact hostname redirects - app.use('/', scrubTheDub); - app.use('/', caddyBugfix); + var cstore = require('cluster-store'); return PromiseA.all([ // TODO security on memstore // TODO memstoreFactory.create cstore.create({ - sock: conf.memstoreSock - , connect: conf.memstoreSock + sock: xconfx.memstoreSock + , connect: xconfx.memstoreSock // TODO implement - , key: conf.ipcKey + , key: xconfx.ipcKey }).then(function (_memstore) { - memstore = _memstore; + memstore = PromiseA.promisifyAll(_memstore); return memstore; }) // TODO mark a device as lost, stolen, missing in DNS records @@ -140,101 +53,127 @@ module.exports.create = function (webserver, conf, state) { init: true , dbname: 'config' }) - , clientFactory.create({ - init: true - , key: '00000000000000000000000000000000' - // TODO only complain if the values are different - //, algo: 'aes' - , dbname: 'auth' - }) - , clientFactory.create({ - init: false - , dbname: 'system' - }) ]).then(function (args) { memstore = args[0]; sqlstores.config = args[1]; - sqlstores.auth = args[2]; - sqlstores.system = args[3]; - sqlstores.create = clientFactory.create; - return require('../lib/schemes-config').create(sqlstores.config).then(function (tables) { - models.Config = tables; - return models.Config.Config.get().then(function (vhostsMap) { - // TODO the core needs to be replacable in one shot - // rm -rf /tmp/walnut/; tar xvf -C /tmp/walnut/; mv /srv/walnut /srv/walnut.{{version}}; mv /tmp/walnut /srv/ - // this means that any packages must be outside, perhaps /srv/walnut/{boot,core,packages} - var pkgConf = { - pagespath: path.join(__dirname, '..', '..', 'packages', 'pages') + path.sep - , apipath: path.join(__dirname, '..', '..', 'packages', 'apis') + path.sep - , servicespath: path.join(__dirname, '..', '..', 'packages', 'services') - , vhostsMap: vhostsMap - , vhostPatterns: null - , server: webserver - , externalPort: conf.externalPort - , privkey: conf.privkey - , pubkey: conf.pubkey - , redirects: conf.redirects - , apiPrefix: '/api' - , 'org.oauth3.consumer': conf['org.oauth3.consumer'] - , 'org.oauth3.provider': conf['org.oauth3.provider'] - , keys: conf.keys - }; - var pkgDeps = { - memstore: memstore - , sqlstores: sqlstores - , clientSqlFactory: clientFactory - , systemSqlFactory: systemFactory - //, handlePromise: require('./lib/common').promisableRequest; - //, handleRejection: require('./lib/common').rejectableRequest; - //, localPort: conf.localPort - , Promise: PromiseA - , express: express - , app: app - //, oauthmodels: require('oauthcommon/example-oauthmodels').create(conf) - }; - var Services = require('./services-loader').create(pkgConf, { - memstore: memstore - , sqlstores: sqlstores - , clientSqlFactory: clientFactory - , systemSqlFactory: systemFactory - , Promise: PromiseA - }); - var recase = require('connect-recase')({ - // TODO allow explicit and or default flag - explicit: false - , default: 'snake' - , prefixes: ['/api'] - // TODO allow exclude - //, exclusions: [config.oauthPrefix] - , exceptions: {} - //, cancelParam: 'camel' - }); + var wrap = require('masterquest-sqlite3'); + var dir = [ + { tablename: 'com_daplie_walnut_config' + , idname: 'id' + , unique: [ 'id' ] + , indices: [ 'createdAt', 'updatedAt' ] + } + , { tablename: 'com_daplie_walnut_redirects' + , idname: 'id' // blog.example.com:sample.net/blog + , unique: [ 'id' ] + , indices: [ 'createdAt', 'updatedAt' ] + } + ]; - function handlePackages(req, res, next) { - // TODO move to caddy parser? - if (/(^|\.)proxyable\./.test(req.hostname)) { - // device-id-12345678.proxyable.myapp.mydomain.com => myapp.mydomain.com - // proxyable.myapp.mydomain.com => myapp.mydomain.com - // TODO myapp.mydomain.com.example.proxyable.com => myapp.mydomain.com - req.hostname = req.hostname.replace(/.*\.?proxyable\./, ''); - } - - require('./package-server').mapToApp({ - config: pkgConf - , deps: pkgDeps - , services: Services - , conf: conf - }, req, res, next); + function scopeMemstore(expId) { + var scope = expId + '|'; + return { + getAsync: function (id) { + return memstore.getAsync(scope + id); + } + , setAsync: function (id, data) { + return memstore.setAsync(scope + id, data); + } + , touchAsync: function (id, data) { + return memstore.touchAsync(scope + id, data); + } + , destroyAsync: function (id) { + return memstore.destroyAsync(scope + id); } - // TODO recase + // helpers + , allAsync: function () { + return memstore.allASync().then(function (db) { + return Object.keys(db).filter(function (key) { + return 0 === key.indexOf(scope); + }).map(function (key) { + return db[key]; + }); + }); + } + , lengthAsync: function () { + return memstore.allASync().then(function (db) { + return Object.keys(db).filter(function (key) { + return 0 === key.indexOf(scope); + }).length; + }); + } + , clearAsync: function () { + return memstore.allASync().then(function (db) { + return Object.keys(db).filter(function (key) { + return 0 === key.indexOf(scope); + }).map(function (key) { + return memstore.destroyAsync(key); + }); + }).then(function () { + return null; + }); + } + }; + } - // - // Generic Template API - // - app - .use('/api', require('body-parser').json({ + return wrap.wrap(sqlstores.config, dir).then(function (models) { + return models.ComDaplieWalnutConfig.find(null, { limit: 100 }).then(function (results) { + return models.ComDaplieWalnutConfig.find(null, { limit: 10000 }).then(function (redirects) { + var express = require('express-lazy'); + var app = express(); + var recase = require('connect-recase')({ + // TODO allow explicit and or default flag + explicit: false + , default: 'snake' + , prefixes: ['/api'] + // TODO allow exclude + //, exclusions: [config.oauthPrefix] + , exceptions: {} + //, cancelParam: 'camel' + }); + var bootstrapApp; + var mainApp; + var apiDeps = { + models: models + // TODO don't let packages use this directly + , Promise: PromiseA + }; + var apiFactories = { + memstoreFactory: { create: scopeMemstore } + , systemSqlFactory: systemFactory + }; + + function log(req, res, next) { + console.log('[worker/log]', req.method, req.headers.host, req.url); + next(); + } + + function setupMain() { + mainApp = express(); + require('./main').create(mainApp, xconfx, apiFactories, apiDeps).then(function () { + // TODO process.send({}); + }); + } + + if (!bootstrapApp) { + bootstrapApp = express(); + require('./bootstrap').create(bootstrapApp, xconfx, models).then(function () { + // TODO process.send({}); + setupMain(); + }); + } + + process.on('message', function (data) { + if ('com.daplie.walnut.bootstrap' === data.type) { + setupMain(); + } + }); + + app.disable('x-powered-by'); + app.use('/', log); + app.use('/api', require('body-parser').json({ strict: true // only objects and arrays , inflate: true // limited to due performance issues with JSON.parse and JSON.stringify @@ -244,38 +183,40 @@ module.exports.create = function (webserver, conf, state) { , reviver: undefined , type: 'json' , verify: undefined - })) - // DO NOT allow urlencoded at any point, it is expressly forbidden - //.use(require('body-parser').urlencoded({ - // extended: true - //, inflate: true - //, limit: 100 * 1024 - //, type: 'urlencoded' - //, verify: undefined - //})) - .use(require('connect-send-error').error()) - ; + })); + app.use('/api', recase); - app.use('/api', recase); + app.use('/', function (req, res) { + if (!req.secure) { + // did not come from https + if (/\.(appcache|manifest)\b/.test(req.url)) { + require('./unbrick-appcache').unbrick(req, res); + return; + } + } - app.use('/', handlePackages); - app.use('/', function (err, req, res, next) { - console.error('[Error Handler]'); - console.error(err.stack); - if (req.xhr) { - res.send({ error: { message: "kinda unknownish error" } }); - } else { - res.send('ERRORError'); - } + if (xconfx.lex && /\.well-known\/acme-challenge\//.test(req.url)) { + var LEX = require('letsencrypt-express'); + xconfx.lex.debug = true; + xconfx.acmeResponder = xconfx.acmeResponder || LEX.createAcmeResponder(xconfx.lex/*, next*/); + xconfx.acmeResponder(req, res); + return; + } - // sadly express uses arity checking - // so the fourth parameter must exist - if (false) { - next(); - } + // TODO check https://letsencrypt.status.io to see if https certification is not available + + if (mainApp) { + mainApp(req, res); + return; + } + else { + bootstrapApp(req, res); + return; + } + }); + + return app; }); - - return app; }); }); }); diff --git a/setup-dev-deps.sh b/setup-dev-deps.sh new file mode 100644 index 0000000..9656e17 --- /dev/null +++ b/setup-dev-deps.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +pushd node_modules/authentication-microservice/ || git clone git@github.com:coolaj86/node-authentication-microservice node_modules/authentication-microservice + git pull +popd + +pushd node_modules/oauthclient-microservice/ || git clone git@github.com:OAuth3/node-oauth3clients.git node_modules/oauthclient-microservice + git pull +popd + +pushd node_modules/oauthcommon/ || git clone git@github.com:coolaj86/node-oauthcommon.git node_modules/oauthcommon + git pull +popd From e24dd9bac6c7b9fadb6cf7dc00c668be0c0024e4 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 7 Jun 2016 10:49:26 -0400 Subject: [PATCH 04/76] little fixes (typos, missing config, etc) --- boot/master.js | 1 + boot/worker.js | 3 +++ install.sh | 4 +++- lib/apis.js | 4 +++- lib/main.js | 10 ++++++++++ lib/worker.js | 16 ++++++++++++---- package.json | 3 ++- 7 files changed, 34 insertions(+), 7 deletions(-) diff --git a/boot/master.js b/boot/master.js index 8bdfc27..7a97b83 100644 --- a/boot/master.js +++ b/boot/master.js @@ -63,6 +63,7 @@ var info = { , trustProxy: useCaddy ? true : false , lexConf: letsencrypt , varpath: path.join(__dirname, '..', '..', 'var') + , etcpath: path.join(__dirname, '..', '..', 'etc') } }; diff --git a/boot/worker.js b/boot/worker.js index 45dd6c5..8a599fb 100644 --- a/boot/worker.js +++ b/boot/worker.js @@ -46,6 +46,9 @@ module.exports.create = function (opts) { function walkLe(domainname) { var PromiseA = require('bluebird'); + if (!domainname) { + return PromiseA.reject(new Error('no domainname given for walkLe')); + } var fs = PromiseA.promisifyAll(require('fs')); var path = require('path'); var parts = domainname.split('.'); //.replace(/^www\./, '').split('.'); diff --git a/install.sh b/install.sh index 25934bf..4eb6c3d 100644 --- a/install.sh +++ b/install.sh @@ -1,6 +1,8 @@ #!/bin/bash -sudo mkdir -p /srv/walnut/{certs,core,letsencrypt,lib,config} +sudo mkdir -p /srv/walnut/{certs,core,letsencrypt,lib,etc,config} +sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer +sudo mkdir -p /srv/walnut/etc/org.oauth3.provider sudo mkdir -p /srv/walnut/packages/{api,pages,services} sudo chown -R $(whoami):$(whoami) /srv/walnut diff --git a/lib/apis.js b/lib/apis.js index a9dcaee..24c1263 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -186,7 +186,9 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // // TODO handle /accounts/:accountId // - return PromiseA.resolve(require(apipath).create({}/*pkgConf*/, deps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { + return PromiseA.resolve(require(apipath).create({ + etcpath: xconfx.etcpath + }/*pkgConf*/, deps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { localCache.pkgs[apiId] = { pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; localCache.pkgs[apiId].handler(req, res, next); }); diff --git a/lib/main.js b/lib/main.js index febe97c..ae14a8e 100644 --- a/lib/main.js +++ b/lib/main.js @@ -87,6 +87,16 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { localCache.le[req.hostname] = { conf: leAuth, createdAt: Date.now() }; redirectHttps(req, res); + }, function (err) { + console.error('[Error] lib/main.js walkLe'); + if (err.stack) { + console.error(err.stack); + } + else { + console.error(new Error('getstack').stack); + console.error(err); + } + res.send({ error: { message: "failed to get tls certificate for '" + (req.hostname || '') + "'" } }); }); } diff --git a/lib/worker.js b/lib/worker.js index 08cc48c..2c606d6 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -89,7 +89,7 @@ module.exports.create = function (webserver, xconfx, state) { // helpers , allAsync: function () { - return memstore.allASync().then(function (db) { + return memstore.allAsync().then(function (db) { return Object.keys(db).filter(function (key) { return 0 === key.indexOf(scope); }).map(function (key) { @@ -98,14 +98,14 @@ module.exports.create = function (webserver, xconfx, state) { }); } , lengthAsync: function () { - return memstore.allASync().then(function (db) { + return memstore.allAsync().then(function (db) { return Object.keys(db).filter(function (key) { return 0 === key.indexOf(scope); }).length; }); } , clearAsync: function () { - return memstore.allASync().then(function (db) { + return memstore.allAsync().then(function (db) { return Object.keys(db).filter(function (key) { return 0 === key.indexOf(scope); }).map(function (key) { @@ -145,8 +145,16 @@ module.exports.create = function (webserver, xconfx, state) { , systemSqlFactory: systemFactory }; + var hostsmap = {}; function log(req, res, next) { - console.log('[worker/log]', req.method, req.headers.host, req.url); + var hostname = (req.hostname || req.headers.host || '').split(':').shift(); + console.log('[worker/log]', req.method, hostname, req.url); + if (hostname && !hostsmap[hostname]) { + hostsmap[hostname] = true; + require('fs').writeFile( + require('path').join(__dirname, '..', '..', 'var', 'hostnames', hostname) + , hostname, function () {}); + } next(); } diff --git a/package.json b/package.json index d29ba9e..43b765b 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "app-scoped-ids": "^1.0.1", "authcodes": "git://github.com/Daplie/authcodes.git", "authenticator": "^1.0.0", - "bluebird": "2.x", + "bluebird": "3.x", "body-parser": "1.x", "btoa": "1.x", "bytes": "^1.0.0", @@ -75,6 +75,7 @@ "finalhandler": "^0.3.4", "foreachasync": "5.x", "fresh": "^0.2.4", + "http2": "^3.3.2", "human-readable-ids": "1.x", "inherits": "^2.0.1", "ipify": "^1.0.5", From 7525b7d0a71ba2b20e697bc6cf82b7dd37b4d30a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 8 Jun 2016 14:05:10 -0400 Subject: [PATCH 05/76] add CORS to main api --- lib/apis.js | 61 ++++++++++++++++++++++++++++-------------------- lib/bootstrap.js | 7 +++--- lib/main.js | 45 ++++++++++++++++++++++++----------- 3 files changed, 70 insertions(+), 43 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 24c1263..a1a79ca 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -220,33 +220,44 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { }; } + var CORS = require('connect-cors'); + var cors = CORS({ credentials: true, headers: [ + 'X-Requested-With' + , 'X-HTTP-Method-Override' + , 'Content-Type' + , 'Accept' + , 'Authorization' + ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }); + return function (req, res, next) { - var experienceId = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); - var apiId = req.url.replace(/.*\/api\//, '').replace(/\/.*/, ''); + cors(req, res, function () { + var experienceId = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); + var apiId = req.url.replace(/.*\/api\//, '').replace(/\/.*/, ''); - Object.defineProperty(req, 'experienceId', { - enumerable: true - , configurable: false - , writable: false - // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app - // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) - // NOTE: probably best to alias the name logically - , value: experienceId + Object.defineProperty(req, 'experienceId', { + enumerable: true + , configurable: false + , writable: false + // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app + // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) + // NOTE: probably best to alias the name logically + , value: experienceId + }); + Object.defineProperty(req, 'apiId', { + enumerable: true + , configurable: false + , writable: false + , value: apiId + }); + + if (!localCache.apis[experienceId]) { + localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; + } + + localCache.apis[experienceId].handler(req, res, next); + if (Date.now() - localCache.apis[experienceId].createdAt > (5 * 60 * 1000)) { + localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; + } }); - Object.defineProperty(req, 'apiId', { - enumerable: true - , configurable: false - , writable: false - , value: apiId - }); - - if (!localCache.apis[experienceId]) { - localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; - } - - localCache.apis[experienceId].handler(req, res, next); - if (Date.now() - localCache.apis[experienceId].createdAt > (5 * 60 * 1000)) { - localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; - } }; }; diff --git a/lib/bootstrap.js b/lib/bootstrap.js index f12a9a8..540e55e 100644 --- a/lib/bootstrap.js +++ b/lib/bootstrap.js @@ -48,10 +48,9 @@ module.exports.create = function (app, xconfx, models) { function errorIfNotApi(req, res, next) { // if it's not an ip address - if (/[a-z]+/.test(req.headers.host)) { - if (!/^api\./.test(req.headers.host)) { - console.log('req.headers.host'); - console.log(req.headers.host); + if (/[a-z]+/.test(req.hostname || req.headers.host)) { + if (!/^api\./.test(req.hostname || req.headers.host)) { + console.warn('not API req.headers.host:', req.hostname || req.headers.host); res.send({ error: { message: "no api. subdomain prefix" } }); return; } diff --git a/lib/main.js b/lib/main.js index ae14a8e..0f4d708 100644 --- a/lib/main.js +++ b/lib/main.js @@ -10,6 +10,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { var apiApp; var setupDomain = xconfx.setupDomain = ('cloud.' + xconfx.primaryDomain); var setupApp; + var CORS; + var cors; function redirectHttpsHelper(req, res) { var host = req.hostname || req.headers.host || ''; @@ -58,6 +60,20 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { res.end(metaRedirect); } + function redirectSetup(reason, req, res/*, next*/) { + var url = 'https://cloud.' + xconfx.primaryDomain; + + if (443 !== xconfx.externalPort) { + url += ':' + xconfx.externalPort; + } + + url += '#referrer=' + reason; + + res.statusCode = 302; + res.setHeader('Location', url); + res.end(); + } + function redirectHttps(req, res) { if (localCache.le[req.hostname]) { if (localCache.le[req.hostname].conf) { @@ -222,20 +238,6 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { }); } - function redirectSetup(reason, req, res/*, next*/) { - var url = 'https://cloud.' + xconfx.primaryDomain; - - if (443 !== xconfx.externalPort) { - url += ':' + xconfx.externalPort; - } - - url += '#referrer=' + reason; - - res.statusCode = 302; - res.setHeader('Location', url); - res.end(); - } - function serveStatic(req, res, next) { // If we get this far we can be pretty confident that // the domain was already set up because it's encrypted @@ -274,6 +276,21 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { if (!apiApp) { apiApp = require('./apis').create(xconfx, apiFactories, apiDeps); } + + if (/^OPTIONS$/i.test(req.method)) { + if (!cors) { + CORS = require('connect-cors'); + cors = CORS({ credentials: true, headers: [ + 'X-Requested-With' + , 'X-HTTP-Method-Override' + , 'Content-Type' + , 'Accept' + , 'Authorization' + ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }); + } + cors(req, res, apiApp); + } + apiApp(req, res, next); return; } From 54fe53dbfb7ec0f9a84952eb65e38d1198077c7e Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 4 May 2017 23:09:56 -0600 Subject: [PATCH 06/76] removed letsencrypt and other --- boot/local-server.js | 59 ---------- boot/master.js | 40 +------ boot/worker.js | 271 ++++++++++++++----------------------------- lib/main.js | 99 +--------------- lib/master.js | 16 ++- lib/sni-server.js | 58 --------- lib/spawn-caddy.js | 159 ------------------------- lib/worker.js | 13 +-- walnut.js | 8 +- 9 files changed, 116 insertions(+), 607 deletions(-) delete mode 100644 boot/local-server.js delete mode 100644 lib/sni-server.js delete mode 100644 lib/spawn-caddy.js diff --git a/boot/local-server.js b/boot/local-server.js deleted file mode 100644 index ae203ee..0000000 --- a/boot/local-server.js +++ /dev/null @@ -1,59 +0,0 @@ -'use strict'; - -// Note the odd use of callbacks (instead of promises) here -// It's to avoid loading bluebird yet (see sni-server.js for explanation) -module.exports.create = function (lex, certPaths, port, conf, serverCallback) { - function initServer(err, server) { - var app; - var promiseApp; - - if (err) { - serverCallback(err); - return; - } - - server.on('error', serverCallback); - server.listen(port, function () { - // is it even theoritically possible for - // a request to come in before this callback has fired? - // I'm assuming this event must fire before any request event - promiseApp = serverCallback(null, server); - }); - /* - server.listen(port, '::::', function () { - // is it even theoritically possible for - // a request to come in before this callback has fired? - // I'm assuming this event must fire before any request event - promiseApp = serverCallback(null, server); - }); - */ - - // Get up and listening as absolutely quickly as possible - function onRequest(req, res) { - // this is a hot piece of code, so we cache the result - if (app) { - app(req, res); - return; - } - - promiseApp.then(function (_app) { - console.log('[Server]', req.method, req.host || req.headers['x-forwarded-host'] || req.headers.host, req.url); - app = _app; - app(req, res); - }); - } - - if (lex) { - var LEX = require('letsencrypt-express'); - server.on('request', LEX.createAcmeResponder(lex, onRequest)); - } else { - server.on('request', onRequest); - } - } - - if (certPaths) { - require('../lib/sni-server').create(lex, certPaths, initServer); - } else { - initServer(null, require('http').createServer()); - } -}; diff --git a/boot/master.js b/boot/master.js index 7a97b83..495732c 100644 --- a/boot/master.js +++ b/boot/master.js @@ -29,39 +29,17 @@ var walnut = tryConf( path.join('..', '..', 'config.walnut') , { externalPort: 443 , externalInsecurePort: 80 - , certspath: path.join(__dirname, '..', '..', 'certs', 'live') } ); -var caddy = tryConf( - path.join('..', '..', 'config.caddy') -, { conf: path.join(__dirname, '..', '..', 'Caddyfile') - , bin: null // '/usr/local/bin/caddy' - , sitespath: null // path.join(__dirname, 'sites-enabled') - , locked: false // true - } -); -var letsencrypt = tryConf( - path.join('..', '..', 'config.letsencrypt') -, { configDir: path.join(__dirname, '..', '..', 'letsencrypt') - , email: null - , agreeTos: false - } -); -var useCaddy = caddy.bin && require('fs').existsSync(caddy.bin); + var info = { type: 'walnut.init' , conf: { - protocol: useCaddy ? 'http' : 'https' - , externalPort: walnut.externalPort - , externalPortInsecure: walnut.externalInsecurePort // TODO externalInsecurePort - , localPort: walnut.localPort || (useCaddy ? 4080 : 443) // system / local network - , insecurePort: walnut.insecurePort || (useCaddy ? 80 : 80) // meh - , certPaths: useCaddy ? null : [ - walnut.certspath - , path.join(letsencrypt.configDir, 'live') - ] - , trustProxy: useCaddy ? true : false - , lexConf: letsencrypt + protocol: 'http' + , externalPort: walnut.externalPort || 443 + , externalPortInsecure: walnut.externalInsecurePort || 80 // TODO externalInsecurePort + , localPort: walnut.localPort || 4080 // system / local network + , trustProxy: true , varpath: path.join(__dirname, '..', '..', 'var') , etcpath: path.join(__dirname, '..', '..', 'etc') } @@ -79,11 +57,6 @@ cluster.on('online', function (worker) { if (state.firstRun) { state.firstRun = false; - if (useCaddy) { - caddy = require('../lib/spawn-caddy').create(caddy); - // relies on { localPort, locked } - caddy.spawn(caddy); - } // TODO dyndns in master? } @@ -94,7 +67,6 @@ cluster.on('online', function (worker) { return; } - state.caddy = caddy; state.workers = workers; // calls init if init has not been called require('../lib/master').touch(info.conf, state).then(function (newConf) { diff --git a/boot/worker.js b/boot/worker.js index 8a599fb..3b1223a 100644 --- a/boot/worker.js +++ b/boot/worker.js @@ -1,168 +1,15 @@ 'use strict'; -module.exports.create = function (opts) { +module.exports.create = function () { var id = '0'; var promiseApp; - function createAndBindInsecure(lex, conf, getOrCreateHttpApp) { - // TODO conditional if 80 is being served by caddy - - var appPromise = null; - var app = null; - var http = require('http'); - var insecureServer = http.createServer(); - - function onRequest(req, res) { - if (app) { - app(req, res); - return; - } - - if (!appPromise) { - res.setHeader('Content-Type', 'application/json; charset=utf-8'); - res.end('{ "error": { "code": "E_SANITY_FAIL", "message": "should have an express app, but didn\'t" } }'); - return; - } - - appPromise.then(function (_app) { - appPromise = null; - app = _app; - app(req, res); - }); - } - - insecureServer.listen(conf.insecurePort, function () { - console.info("#" + id + " Listening on http://" - + insecureServer.address().address + ":" + insecureServer.address().port, '\n'); - appPromise = getOrCreateHttpApp(null, insecureServer); - - if (!appPromise) { - throw new Error('appPromise returned nothing'); - } - }); - - insecureServer.on('request', onRequest); - } - - function walkLe(domainname) { - var PromiseA = require('bluebird'); - if (!domainname) { - return PromiseA.reject(new Error('no domainname given for walkLe')); - } - var fs = PromiseA.promisifyAll(require('fs')); - var path = require('path'); - var parts = domainname.split('.'); //.replace(/^www\./, '').split('.'); - var configname = parts.join('.') + '.json'; - var configpath = path.join(__dirname, '..', '..', 'config', configname); - - if (parts.length < 2) { - return PromiseA.resolve(null); - } - - // TODO configpath a la varpath - return fs.readFileAsync(configpath, 'utf8').then(function (text) { - var data = JSON.parse(text); - data.name = configname; - return data; - }, function (/*err*/) { - parts.shift(); - return walkLe(parts.join('.')); - }); - } - - function createLe(lexConf, conf) { - var LEX = require('letsencrypt-express'); - var lex = LEX.create({ - configDir: lexConf.configDir // i.e. __dirname + '/letsencrypt.config' - , approveRegistration: function (hostname, cb) { - // TODO cache/report unauthorized - if (!hostname) { - cb(new Error("[lex.approveRegistration] undefined hostname"), null); - return; - } - - walkLe(hostname).then(function (leAuth) { - // TODO should still check dns for hostname (and mx for email) - if (leAuth && leAuth.email && leAuth.agreeTos) { - cb(null, { - domains: [hostname] // TODO handle www and bare on the same cert - , email: leAuth.email - , agreeTos: leAuth.agreeTos - }); - } - else { - // TODO report unauthorized - cb(new Error("Valid LetsEncrypt config with email and agreeTos not found for '" + hostname + "'"), null); - } - }); - /* - letsencrypt.getConfig({ domains: [domain] }, function (err, config) { - if (!(config && config.checkpoints >= 0)) { - cb(err, null); - return; - } - - cb(null, { - email: config.email - // can't remember which it is, but the pyconf is different that the regular variable - , agreeTos: config.tos || config.agree || config.agreeTos - , server: config.server || LE.productionServerUrl - , domains: config.domains || [domain] - }); - }); - */ - } - }); - conf.letsencrypt = lex.letsencrypt; - conf.lex = lex; - conf.walkLe = walkLe; - - return lex; - } - - function createAndBindServers(conf, getOrCreateHttpApp) { - var lex; - - if (conf.lexConf) { - lex = createLe(conf.lexConf, conf); - } - - // NOTE that message.conf[x] will be overwritten when the next message comes in - require('./local-server').create(lex, conf.certPaths, conf.localPort, conf, function (err, webserver) { - if (err) { - console.error('[ERROR] worker.js'); - console.error(err.stack); - throw err; - } - - console.info("#" + id + " Listening on " + conf.protocol + "://" + webserver.address().address + ":" + webserver.address().port, '\n'); - - // we don't need time to pass, just to be able to return - process.nextTick(function () { - createAndBindInsecure(lex, conf, getOrCreateHttpApp); - }); - - // we are returning the promise result to the caller - return getOrCreateHttpApp(null, null, webserver, conf); - }); - } - // // Worker Mode // - function waitForConfig(realMessage) { - if ('walnut.init' !== realMessage.type) { - console.warn('[Worker] 0 got unexpected message:'); - console.warn(realMessage); - return; - } - - var conf = realMessage.conf; - process.removeListener('message', waitForConfig); - + function createAndBind(conf) { // NOTE: this callback must return a promise for an express app - - function getExpressApp(err, insecserver, webserver/*, newMessage*/) { + function getOrCreateHttpApp(err, insecserver, webserver/*, newMessage*/) { var PromiseA = require('bluebird'); if (promiseApp) { @@ -198,41 +45,93 @@ module.exports.create = function (opts) { return promiseApp; } - createAndBindServers(conf, getExpressApp); - } - - // - // Standalone Mode - // - if (opts) { - // NOTE: this callback must return a promise for an express app - createAndBindServers(opts, function (err, insecserver, webserver/*, conf*/) { - var PromiseA = require('bluebird'); - - if (promiseApp) { - return promiseApp; + function serverCallback(err, webserver) { + if (err) { + console.error('[ERROR] worker.js'); + console.error(err.stack); + throw err; } - promiseApp = new PromiseA(function (resolve) { - opts.getConfig(function (srvmsg) { - resolve(require('../lib/worker').create(webserver, srvmsg)); - }); - }).then(function (app) { - console.info('[Standalone Ready]'); - return app; - }); + console.info("#" + id + " Listening on " + conf.protocol + "://" + webserver.address().address + ":" + webserver.address().port, '\n'); - return promiseApp; - }); - } else { - // we are in cluster mode, as opposed to standalone mode - id = require('cluster').worker.id.toString(); - // We have to wait to get the configuration from the master process - // before we can start our webserver - console.info('[Worker #' + id + '] online!'); - process.on('message', waitForConfig); + // we are returning the promise result to the caller + return getOrCreateHttpApp(null, null, webserver, conf); + } + + // Note the odd use of callbacks (instead of promises) here + // It's to avoid loading bluebird yet (see sni-server.js for explanation) + function localServerCreate(port) { + function initServer(err, server) { + var app; + var promiseApp; + + if (err) { + serverCallback(err); + return; + } + + server.on('error', serverCallback); + server.listen(port, function () { + // is it even theoritically possible for + // a request to come in before this callback has fired? + // I'm assuming this event must fire before any request event + promiseApp = serverCallback(null, server); + }); + /* + server.listen(port, '::::', function () { + // is it even theoritically possible for + // a request to come in before this callback has fired? + // I'm assuming this event must fire before any request event + promiseApp = serverCallback(null, server); + }); + */ + + // Get up and listening as absolutely quickly as possible + function onRequest(req, res) { + // this is a hot piece of code, so we cache the result + if (app) { + app(req, res); + return; + } + + promiseApp.then(function (_app) { + console.log('[Server]', req.method, req.host || req.headers['x-forwarded-host'] || req.headers.host, req.url); + app = _app; + app(req, res); + }); + } + + server.on('request', onRequest); + } + + initServer(null, require('http').createServer()); + } + + // NOTE that message.conf[x] will be overwritten when the next message comes in + localServerCreate(conf.localPort); } + function waitForConfig(realMessage) { + console.log('realMessage', realMessage); + if ('walnut.init' !== realMessage.type) { + console.warn('[Worker] 0 got unexpected message:'); + console.warn(realMessage); + return; + } + + var conf = realMessage.conf; + process.removeListener('message', waitForConfig); + + createAndBind(conf); + } + + // we are in cluster mode, as opposed to standalone mode + id = require('cluster').worker.id.toString(); + // We have to wait to get the configuration from the master process + // before we can start our webserver + console.info('[Worker #' + id + '] online!'); + process.on('message', waitForConfig); + // // Debugging // diff --git a/lib/main.js b/lib/main.js index 0f4d708..ee74a48 100644 --- a/lib/main.js +++ b/lib/main.js @@ -13,54 +13,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { var CORS; var cors; - function redirectHttpsHelper(req, res) { - var host = req.hostname || req.headers.host || ''; - var url = req.url; - - // TODO - // allow exceptions for the case of arduino and whatnot that cannot handle https? - // http://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/ - // needs ECDSA? - - var escapeHtml = require('escape-html'); - var newLocation = 'https://' - + host.replace(/:\d+/, ':' + xconfx.externalPort) + url - ; - var safeLocation = escapeHtml(newLocation); - - var metaRedirect = '' - + '\n' - + '\n' - + ' \n' - + ' \n' - + '\n' - + '\n' - + '

You requested an insecure resource. Please use this instead: \n' - + ' ' + safeLocation + '

\n' - + '\n' - + '\n' - ; - - // DO NOT HTTP REDIRECT - /* - res.setHeader('Location', newLocation); - res.statusCode = 302; - */ - - // BAD NEWS BEARS - // - // When people are experimenting with the API and posting tutorials - // they'll use cURL and they'll forget to prefix with https:// - // If we allow that, then many users will be sending private tokens - // and such with POSTs in clear text and, worse, it will work! - // To minimize this, we give browser users a mostly optimal experience, - // but people experimenting with the API get a message letting them know - // that they're doing it wrong and thus forces them to ensure they encrypt. - res.setHeader('Content-Type', 'text/html; charset=utf-8'); - res.end(metaRedirect); - } - function redirectSetup(reason, req, res/*, next*/) { + console.log('xconfx', xconfx); var url = 'https://cloud.' + xconfx.primaryDomain; if (443 !== xconfx.externalPort) { @@ -74,48 +28,6 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { res.end(); } - function redirectHttps(req, res) { - if (localCache.le[req.hostname]) { - if (localCache.le[req.hostname].conf) { - redirectHttpsHelper(req, res); - return; - } - else { - // TODO needs IPC to expire cache - redirectSetup(req.hostname, req, res); - return; - /* - if (Date.now() - localCache.le[req.hostname].createdAt < (5 * 60 * 1000)) { - // TODO link to dbconf.primaryDomain - res.send({ error: { message: "Security Error: Encryption for '" + req.hostname + "' has not been configured." - + " Please use the management interface to set up ACME / Let's Encrypt (or another solution)." } }); - return; - } - */ - } - } - - return xconfx.walkLe(req.hostname).then(function (leAuth) { - if (!leAuth) { - redirectSetup(req.hostname, req, res); - return; - } - - localCache.le[req.hostname] = { conf: leAuth, createdAt: Date.now() }; - redirectHttps(req, res); - }, function (err) { - console.error('[Error] lib/main.js walkLe'); - if (err.stack) { - console.error(err.stack); - } - else { - console.error(new Error('getstack').stack); - console.error(err); - } - res.send({ error: { message: "failed to get tls certificate for '" + (req.hostname || '') + "'" } }); - }); - } - function disallowSymLinks(req, res) { res.end( "Symbolic Links are not supported on all platforms and are therefore disallowed." @@ -245,15 +157,6 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { var appIdParts = appId.split('#'); var appIdPart; - if (!req.secure) { - // did not come from https - if (/\.(appcache|manifest)\b/.test(req.url)) { - require('./unbrick-appcache').unbrick(req, res); - return; - } - return redirectHttps(req, res); - } - // TODO configuration for allowing www if (/^www\./.test(req.hostname)) { // NOTE: acme responder and appcache unbricker must come before scrubTheDub diff --git a/lib/master.js b/lib/master.js index 916f1a6..ca78a57 100644 --- a/lib/master.js +++ b/lib/master.js @@ -2,17 +2,27 @@ var cluster = require('cluster'); var PromiseA = require('bluebird'); +var path = require('path'); +var os = require('os'); function init(conf, state) { var newConf = {}; + + function rand(n) { + var HEX = 16; + var BASE_36 = 36; + var rnd = require('crypto').randomBytes(n || 16).toString('hex'); + return parseInt(rnd, HEX).toString(BASE_36); + } + if (!conf.ipcKey) { - conf.ipcKey = newConf.ipcKey = require('crypto').randomBytes(16).toString('base64'); + conf.ipcKey = newConf.ipcKey = rand(16); } if (!conf.sqlite3Sock) { - conf.sqlite3Sock = newConf.sqlite3Sock = '/tmp/sqlite3.' + require('crypto').randomBytes(4).toString('hex') + '.sock'; + conf.sqlite3Sock = newConf.sqlite3Sock = path.join(os.tmpdir(), 'sqlite3.' + rand(8) + '.sock'); } if (!conf.memstoreSock) { - conf.memstoreSock = newConf.memstoreSock = '/tmp/memstore.' + require('crypto').randomBytes(4).toString('hex') + '.sock'; + conf.memstoreSock = newConf.memstoreSock = path.join(os.tmpdir(), 'memstore.' + rand(8) + '.sock'); } try { diff --git a/lib/sni-server.js b/lib/sni-server.js deleted file mode 100644 index e1c48e4..0000000 --- a/lib/sni-server.js +++ /dev/null @@ -1,58 +0,0 @@ -'use strict'; - -// Note the odd use of callbacks here. -// We're targetting low-power platforms and so we're trying to -// require everything as lazily as possible until our server -// is actually listening on the socket. Bluebird is heavy. -// Even the built-in modules can take dozens of milliseconds to require -module.exports.create = function (lex, certPaths, serverCallback) { - // Recognize that this secureContexts cache is local to this CPU core - var secureContexts = {}; - var ciphers = 'ECDH+AESGCM:DH+AESGCM:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256'; - - function createSecureServer() { - var domainname = 'www.example.com'; - var fs = require('fs'); - var secureOpts = { - // TODO create backup file just in case this one is ever corrupted - // NOTE synchronous is faster in this case of initialization - // NOTE certsPath[0] must be the default (LE) directory (another may be used for OV and EV certs) - key: fs.readFileSync(certPaths[0] + '/' + domainname + '/privkey.pem', 'ascii') - , cert: fs.readFileSync(certPaths[0] + '/' + domainname + '/fullchain.pem', 'ascii') - // https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - // https://nodejs.org/api/tls.html - // removed :ECDH+AES256:DH+AES256 and added :!AES256 because AES-256 wastes CPU - , ciphers: ciphers - , honorCipherOrder: true - }; - - secureContexts['www.example.com'] = require('tls').createSecureContext(secureOpts); - secureContexts['example.com'] = secureContexts['www.example.com']; - - //SNICallback is passed the domain name, see NodeJS docs on TLS - secureOpts.SNICallback = function (domainname, cb) { - // NOTE: '*.proxyable.*' domains will be truncated - require('./load-certs').load(secureContexts, certPaths, domainname).then(function (context) { - cb(null, context); - }, function (err) { - console.error('[SNI Callback]'); - console.error(err.stack); - cb(err); - }); - }; - - serverCallback(null, require('https').createServer(secureOpts)); - } - - function createLeServer() { - lex.httpsOptions.ciphers = ciphers; - lex.httpsOptions.honorCipherOrder = true; - serverCallback(null, require('https').createServer(lex.httpsOptions)); - } - - if (lex) { - createLeServer(); - } else { - createSecureServer(); - } -}; diff --git a/lib/spawn-caddy.js b/lib/spawn-caddy.js deleted file mode 100644 index 195f9d4..0000000 --- a/lib/spawn-caddy.js +++ /dev/null @@ -1,159 +0,0 @@ -'use strict'; - -function tplCaddyfile(caddyConf) { - var contents = []; - - caddyConf.domains.forEach(function (hostname) { - var content = ""; - var pagesname = hostname; - - // TODO prefix - content += "https://" + hostname + " {\n" - + " gzip\n" - + " tls " - + "/srv/walnut/certs/live/" + hostname + "/fullchain.pem " - + "/srv/walnut/certs/live/" + hostname + "/privkey.pem\n" - ; - - if (caddyConf.locked) { - content += " root /srv/walnut/init.public/\n"; - } else { - content += " root " + caddyConf.sitespath + "/" + pagesname + "/\n"; - } - - content += - " proxy /api http://localhost:" + caddyConf.localPort.toString() + " {\n" - + " proxy_header Host {host}\n" - + " proxy_header X-Forwarded-Host {host}\n" - + " proxy_header X-Forwarded-Proto {scheme}\n" - // # TODO internal - + " }\n" - + "}"; - - contents.push(content); - }); - - return contents.join('\n\n'); -} - -module.exports.tplCaddyfile = tplCaddyfile; -module.exports.create = function (caddyConf) { - var spawn = require('child_process').spawn; - var caddyBin = caddyConf.bin; - var caddyfilePath = caddyConf.conf; - // TODO put up a booting / lock screen on boot - // and wait for all to be grabbed from db - // NOTE caddy cannot yet support multiple roots - // (needed for example.com/appname instead of appname.example.com) - var caddy; - var fs = require('fs'); - - // TODO this should be expanded to include proxies a la proxydyn - function writeCaddyfile(caddyConf, cb) { - fs.readdir(caddyConf.sitespath, function (err, nodes) { - if (err) { - if (cb) { - cb(err); - return; - } - console.error('[writeCaddyFile] 0'); - console.error(err.stack); - throw err; - } - - caddyConf.domains = nodes.filter(function (node) { - return /\./.test(node) && !/(^\.)|([\/\:\\])/.test(node); - }); - - var contents = tplCaddyfile(caddyConf); - fs.writeFile(caddyfilePath, contents, 'utf8', function (err) { - if (err) { - if (cb) { - cb(err); - return; - } - console.error('[writeCaddyFile] 1'); - console.error(err.stack); - throw err; - } - - if (cb) { cb(null); } - }); - }); - } - - function spawnCaddy(caddyConf, cb) { - console.log('[CADDY] start'); - writeCaddyfile(caddyfilePath, function (err) { - if (err) { - console.error('[writeCaddyfile]'); - console.error(err.stack); - throw err; - } - if (caddy) { - caddy.kill('SIGUSR1'); - return caddy; - - // TODO caddy.kill('SIGKILL'); if SIGTERM fails - // https://github.com/mholt/caddy/issues/107 - // SIGUSR1 - - //caddy.kill('SIGTERM'); - } - - try { - require('child_process').execSync('killall caddy'); - } catch(e) { - // ignore - // Command failed: killall caddy - // caddy: no process found - } - caddy = spawn(caddyBin, ['-conf', caddyfilePath], { stdio: ['ignore', 'pipe', 'pipe'] }); - caddy.stdout.on('data', function (str) { - console.error('[Caddy]', str.toString('utf8')); - }); - - caddy.stderr.on('data', function (errstr) { - console.error('[Caddy]', errstr.toString('utf8')); - }); - - caddy.on('close', function (code, signal) { - // TODO catch if caddy doesn't exist - console.log('[Caddy]'); - console.log(code, signal); - caddy = null; - setTimeout(function () { - spawnCaddy(caddyConf); - }, 1 * 1000); - }); - - try { - if ('function' === typeof cb) { cb(null, caddy); } - } catch(e) { - console.error('ERROR: [spawn-caddy.js]'); - console.error(e.stack); - } - }); - } - - function sighup() { - if (caddy) { - caddy.kill('SIGUSR1'); - return; - } - - // sudo kill -s SIGUSR1 `cat caddy.pid` - fs.readFileAsync('/srv/walnut/caddy.pid', 'utf8').then(function (pid) { - console.log('[caddy] pid', pid); - caddy = spawn('/bin/kill', ['-s', 'SIGUSR1', pid]); - }); - } - - return { - spawn: spawnCaddy - , update: function (caddyConf) { - return writeCaddyfile(caddyConf, sighup); - } - , sighup: sighup - }; -}; diff --git a/lib/worker.js b/lib/worker.js index 2c606d6..5b73aca 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -70,11 +70,13 @@ module.exports.create = function (webserver, xconfx, state) { , indices: [ 'createdAt', 'updatedAt' ] } ]; + console.log('config directive', dir); function scopeMemstore(expId) { var scope = expId + '|'; return { getAsync: function (id) { + id = id.replace(/\|/, ); return memstore.getAsync(scope + id); } , setAsync: function (id, data) { @@ -194,20 +196,15 @@ module.exports.create = function (webserver, xconfx, state) { })); app.use('/api', recase); + app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal']); app.use('/', function (req, res) { - if (!req.secure) { + if (!(req.encrypted || req.secure)) { // did not come from https if (/\.(appcache|manifest)\b/.test(req.url)) { require('./unbrick-appcache').unbrick(req, res); return; } - } - - if (xconfx.lex && /\.well-known\/acme-challenge\//.test(req.url)) { - var LEX = require('letsencrypt-express'); - xconfx.lex.debug = true; - xconfx.acmeResponder = xconfx.acmeResponder || LEX.createAcmeResponder(xconfx.lex/*, next*/); - xconfx.acmeResponder(req, res); + res.end("Connection is not encrypted. That's no bueno or, as we say in Hungarian, nem szabad!"); return; } diff --git a/walnut.js b/walnut.js index 9aea314..eeb2b0f 100644 --- a/walnut.js +++ b/walnut.js @@ -4,6 +4,9 @@ var cluster = require('cluster'); var crypto; var stacks = {}; +function realRandom() { + return parseFloat(('0.' + (parseInt(crypto.randomBytes(8).toString('hex'), 16))).replace(/(^0)|(0$)/g, '')); +} Math.random = function () { var err = new Error("Math.random() was used"); @@ -16,7 +19,8 @@ Math.random = function () { crypto = require('crypto'); } - return parseFloat(('0.' + (parseInt(crypto.randomBytes(8).toString('hex'), 16))).replace(/(^0)|(0$)/g, '')); + Math.random = realRandom; + return realRandom(); }; if (cluster.isMaster) { @@ -26,5 +30,5 @@ if (cluster.isMaster) { alternately we could use this and then check require.main cluster.setupMaster({ exec : "app.js", }); */ - require('./boot/worker').create(null); + require('./boot/worker').create(null, null); } From 64629ef402af2efe409f1c006d2aece36958a786 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 4 May 2017 23:10:24 -0600 Subject: [PATCH 07/76] add .jshintrc --- .jshintrc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .jshintrc diff --git a/.jshintrc b/.jshintrc new file mode 100644 index 0000000..63801ce --- /dev/null +++ b/.jshintrc @@ -0,0 +1,16 @@ +{ "node": true +, "browser": true +, "jquery": true +, "strict": true +, "indent": 2 +, "onevar": true +, "laxcomma": true +, "laxbreak": true +, "eqeqeq": true +, "immed": true +, "undef": true +, "unused": true +, "latedef": true +, "curly": true +, "trailing": true +} From 2b1da8dc20ff7aaf9f07f02aa55f40172964c305 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 4 May 2017 23:12:29 -0600 Subject: [PATCH 08/76] remove symlink --- bin/walnut | 1 - 1 file changed, 1 deletion(-) delete mode 120000 bin/walnut diff --git a/bin/walnut b/bin/walnut deleted file mode 120000 index b8f03e9..0000000 --- a/bin/walnut +++ /dev/null @@ -1 +0,0 @@ -walnut.js \ No newline at end of file From 9467269cd710125b1cac769bcc2b81c9c7a3fa00 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 4 May 2017 23:13:27 -0600 Subject: [PATCH 09/76] rollback syntax error --- lib/worker.js | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/worker.js b/lib/worker.js index 5b73aca..dee1167 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -76,7 +76,6 @@ module.exports.create = function (webserver, xconfx, state) { var scope = expId + '|'; return { getAsync: function (id) { - id = id.replace(/\|/, ); return memstore.getAsync(scope + id); } , setAsync: function (id, data) { From c0bab90b895a9badd4f4ea418edf82ebb1e76392 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 4 May 2017 23:43:20 -0600 Subject: [PATCH 10/76] bail on install --- install.sh | 3 +++ lib/load-certs.js | 68 ----------------------------------------------- 2 files changed, 3 insertions(+), 68 deletions(-) delete mode 100644 lib/load-certs.js diff --git a/install.sh b/install.sh index 4eb6c3d..e8f78d4 100644 --- a/install.sh +++ b/install.sh @@ -1,5 +1,8 @@ #!/bin/bash +echo "no install yet" +exit 1 + sudo mkdir -p /srv/walnut/{certs,core,letsencrypt,lib,etc,config} sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider diff --git a/lib/load-certs.js b/lib/load-certs.js deleted file mode 100644 index c35ffe2..0000000 --- a/lib/load-certs.js +++ /dev/null @@ -1,68 +0,0 @@ -'use strict'; - -function loadCerts(secureContexts, certPaths, domainname, prevdomainname) { - var PromiseA = require('bluebird'); - var fs = PromiseA.promisifyAll(require('fs')); - var path = require('path'); - - if (/(^|\.)proxyable\./.test(domainname)) { - // device-id-12345678.proxyable.myapp.mydomain.com => myapp.mydomain.com - // proxyable.myapp.mydomain.com => myapp.mydomain.com - // TODO myapp.mydomain.com.proxyable.com => myapp.mydomain.com - domainname = domainname.replace(/.*\.?proxyable\./, ''); - } - - if (secureContexts[domainname]) { - return PromiseA.resolve(secureContexts[domainname]); - } - - return PromiseA.some(certPaths.map(function (pathname) { - return PromiseA.all([ - fs.readFileAsync(path.join(pathname, domainname, 'privkey.pem'), 'ascii') - , fs.readFileAsync(path.join(pathname, domainname, 'fullchain.pem'), 'ascii') - ]); - }), 1).then(function (some) { - var one = some[0]; - secureContexts[domainname] = require('tls').createSecureContext({ - key: one[0] - , cert: one[1] - // https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - // https://nodejs.org/api/tls.html - // removed :ECDH+AES256:DH+AES256 and added :!AES256 because AES-256 wastes CPU - , ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256' - , honorCipherOrder: true - }); - - // guard against race condition on Promise.some - if (prevdomainname && !secureContexts[prevdomainname]) { - // TODO XXX make sure that letsencrypt www. domains handle the bare domains also (and vice versa) - secureContexts[prevdomainname] = secureContexts[domainname]; - } - - return secureContexts[domainname]; - }, function (/*err*/) { - // AggregateError means both promises failed - // TODO check ENOENT - - // test "is this server <>?" - // try letsencrypt - // fail with www.example.com - if (/^www\./i.test(domainname)) { - return loadCerts(secureContexts, certPaths, domainname.replace(/^www\./i, ''), domainname); - } - - return (secureContexts['www.example.com'] || secureContexts['example.com']); - }).then(function (ctx) { - // TODO generate some self-signed certs? - if (!ctx) { - console.error("[loadCerts()] Could not load default HTTPS certificates!!!"); - return PromiseA.reject({ - message: "No default certificates for https" - , code: 'E_NO_DEFAULT_CERTS' - }); - } - - return ctx; - }); -} -module.exports.load = loadCerts; From f8ce89c6e7f204d82513a016e339b9a21ceb9813 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 5 May 2017 14:03:02 -0600 Subject: [PATCH 11/76] add some installer stuff --- README.md | 6 ++ .../LaunchDaemons/com.daplie.walnut.web.plist | 52 ++++++++++++++ dist/etc/systemd/system/walnut.service | 68 +++++++++++++++++++ dist/etc/tmpfiles.d/walnut.conf | 12 ++++ 4 files changed, 138 insertions(+) create mode 100644 dist/Library/LaunchDaemons/com.daplie.walnut.web.plist create mode 100644 dist/etc/systemd/system/walnut.service create mode 100644 dist/etc/tmpfiles.d/walnut.conf diff --git a/README.md b/README.md index 378a0d8..fb38413 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,12 @@ walnut Small, light, and secure iot application framework. +```bash +curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh | bash + +daplie-install-cloud +``` + Features ------ diff --git a/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist b/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist new file mode 100644 index 0000000..4c9a382 --- /dev/null +++ b/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist @@ -0,0 +1,52 @@ + + + + + Label + WALNUT + ProgramArguments + + /usr/local/bin/walnut + --config + /etc/walnut/walnut.yml + + EnvironmentVariables + + WALNUT_PATH + /opt/walnut + + + UserName + root + GroupName + wheel + InitGroups + + + RunAtLoad + + KeepAlive + + Crashed + + SuccessfulExit + + + + SoftResourceLimits + + NumberOfFiles + 8192 + + HardResourceLimits + + + WorkingDirectory + /srv/www + + StandardErrorPath + /var/log/walnut/error.log + StandardOutPath + /var/log/walnut/info.log + + diff --git a/dist/etc/systemd/system/walnut.service b/dist/etc/systemd/system/walnut.service new file mode 100644 index 0000000..061e113 --- /dev/null +++ b/dist/etc/systemd/system/walnut.service @@ -0,0 +1,68 @@ +[Unit] +Description=WALNUT IoT App Infrastructure +Documentation=https://git.daplie.com/Daplie/walnut.js +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service + +[Service] +# Restart on crash (bad signal), and on 'clean' failure (error exit code) +# Allow up to 3 restarts within 10 seconds +# (it's unlikely that a user or properly-running script will do this) +Restart=on-failure +StartLimitInterval=10 +StartLimitBurst=3 + +# The v8 VM will output a "clean" for JavaScript errors. +# If we knew we were never going to accidentally exit cleanly +# we would use on-abnormal: +; Restart=on-abnormal + +# User and group the process will run as +# (www-data is the de facto standard on most systems) +User=www-data +Group=www-data + +# If we need to pass environment variables in the future +; Environment=GOLDILOCKS_PATH=/opt/walnut + +# Set a sane working directory, sane flags, and specify how to reload the config file +WorkingDirectory=/srv/www +ExecStart=/usr/local/bin/walnut --config=/etc/walnut/walnut.yml +ExecReload=/bin/kill -USR1 $MAINPID + +# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings. +# We don't expected to use more than this. +LimitNOFILE=1048576 +LimitNPROC=64 + +# Use private /tmp and /var/tmp, which are discarded after the process stops. +PrivateTmp=true +# Use a minimal /dev +PrivateDevices=true +# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. +ProtectHome=true +# Make /usr, /boot, /etc and possibly some more folders read-only. +ProtectSystem=full +# … except TLS/SSL, ACME, and Let's Encrypt certificates +# and /var/log/, because we want a place where logs can go. +# This merely retains r/w access rights, it does not add any new. Must still be writable on the host! +ReadWriteDirectories=/etc/walnut /etc/acme /etc/letsencrypt /etc/ssl /var/log/walnut /var/walnut /opt/walnut /srv/www + +# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories +; ReadWritePaths=/etc/walnut /var/log/walnut +; +# The following additional security directives only work with systemd v229 or later. +# They further retrict privileges that can be gained. +# Note that you may have to add capabilities required by any plugins in use. +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=true + +# Caveat: Some plugins need additional capabilities. +# For example "upload" needs CAP_LEASE +; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE +; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE +; NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target diff --git a/dist/etc/tmpfiles.d/walnut.conf b/dist/etc/tmpfiles.d/walnut.conf new file mode 100644 index 0000000..3f16a3d --- /dev/null +++ b/dist/etc/tmpfiles.d/walnut.conf @@ -0,0 +1,12 @@ +# /etc/tmpfiles.d/walnut.conf +# See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html + +# Type Path Mode UID GID Age Argument +d /etc/walnut 0755 www-data www-data - - +d /etc/ssl/walnut 0750 www-data www-data - - +d /srv/walnut 0775 www-data www-data - - +d /srv/www 0775 www-data www-data - - +d /opt/walnut 0775 www-data www-data - - +d /var/walnut 0775 www-data www-data - - +d /var/log/walnut 0750 www-data www-data - - +#d /run/walnut 0755 www-data www-data - - From 41bf8559a858efd6e161e80ea57583daa5c77c62 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 6 May 2017 03:33:40 -0600 Subject: [PATCH 12/76] WIP installer --- install.sh | 177 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 170 insertions(+), 7 deletions(-) diff --git a/install.sh b/install.sh index e8f78d4..622ac71 100644 --- a/install.sh +++ b/install.sh @@ -3,21 +3,20 @@ echo "no install yet" exit 1 -sudo mkdir -p /srv/walnut/{certs,core,letsencrypt,lib,etc,config} +sudo mkdir -p /srv/walnut/{core,lib,etc,config,node_modules} +ln -sf ../node_modules /srv/walnut/core/node_modules sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider sudo mkdir -p /srv/walnut/packages/{api,pages,services} sudo chown -R $(whoami):$(whoami) /srv/walnut -#git clone git@github.com:Daplie/walnut.git -git clone https://github.com/Daplie/walnut.git /srv/walnut/core +#git clone git@git.daplie.com:Daplie/walnut.js.git +#git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core pushd /srv/walnut/core npm install popd -sudo rsync -a /srv/walnut/core/etc/init/walnut.conf /etc/init/walnut.conf -rsync -a /srv/walnut/core/etc/letsencrypt/ /srv/walnut/certs/ mv /srv/walnut/core/node_modules /srv/walnut echo -n "Enter an email address to use for LetsEncrypt and press [ENTER]: " @@ -32,5 +31,169 @@ node -e " }, null, ' ')); " -sudo service walnut stop -sudo service walnut start +############################### +# # +# http_get # +# boilerplate for curl / wget # +# # +############################### + +# See https://git.daplie.com/Daplie/daplie-snippets/blob/master/bash/http-get.sh + +http_curl_opts="-fsSL" +http_wget_opts="--quiet" + +http_bin="" +http_opts="" +http_out="" + +detect_http_bin() +{ + if type -p curl >/dev/null 2>&1; then + http_bin="curl" + http_opts="$http_curl_opts" + http_out="-o" + #curl -fsSL "$url" -o "$PREFIX/tmp/$pkg" + elif type -p wget >/dev/null 2>&1; then + http_bin="wget" + http_opts="$http_wget_opts" + http_out="-O" + #wget --quiet "$url" -O "$PREFIX/tmp/$pkg" + else + echo "Aborted, could not find curl or wget" + return 7 + fi +} + +http_get() +{ + if [ -e "$2" ]; then + rsync -a "$2" "$1" + elif type -p curl >/dev/null 2>&1; then + $http_bin $http_curl_opts $http_out "$2" "$1" + elif type -p wget >/dev/null 2>&1; then + $http_bin $http_wget_opts $http_out "$2" "$1" + else + echo "Aborted, could not find curl or wget" + return 7 + fi +} + +dap_dl() +{ + $http_bin $http_opts $http_out "$2" "$1" +} + +dap_dl_bash() +{ + dap_url=$1 + #dap_args=$2 + rm -rf dap-tmp-runner.sh + $http_bin $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh +} + +detect_http_bin + +## END HTTP_GET ## + +################################# +# # +# linux and osx system services # +# # +################################# + +# Use $PREFIX for compatibility with Termux on Android + +# Not every platform has or needs sudo +sudo_cmd="" +((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo" + +my_app_name=goldilocks +my_app_pkg_name=com.daplie.goldilocks.web +my_app_dir=$(mktemp -d) +installer_base="https://git.daplie.com/Daplie/goldilocks.js/raw/master" # add "/dist" as needed + +my_app_systemd_service="etc/systemd/system/${my_app_name}.service" +my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf" +my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist" +my_app_upstart_service="etc/init/${my_app_pkg_name}.conf" + +install_for_systemd() +{ + echo "" + echo "Installing as systemd service" + echo "" + + dap_dl "$installer_base/$my_app_system_service" "$my_app_dir/$my_app_system_service" + $sudo_cmd mv "$my_app_dir/$my_app_system_service" "$PREFIX/$my_app_system_service" + $sudo_cmd chown -R root:root "$PREFIX/$my_app_system_service" + $sudo_cmd chmod 644 "$PREFIX/$my_app_system_service" + + dap_dl "$installer_base/$my_app_system_tmpfiles" "$my_app_dir/$my_app_system_tmpfiles" + $sudo_cmd mv "$my_app_dir/$my_app_system_tmpfiles" "$PREFIX/$my_app_system_tmpfiles" + $sudo_cmd chown -R root:root "$PREFIX/$my_app_system_tmpfiles" + $sudo_cmd chmod 644 "$PREFIX/$my_app_system_tmpfiles" + + $sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null + $sudo_cmd systemctl daemon-reload + $sudo_cmd systemctl start "${my_app_name}.service" + $sudo_cmd systemctl enable "${my_app_name}.service" + + echo "$my_app_name started with systemctl" +} + +install_for_launchd() +{ + echo "" + echo "Installing as launchd service" + echo "" + + # See http://www.launchd.info/ + dap_dl "$installer_base/$my_app_launchd_service" "$my_app_dir/$my_app_launchd_service" + $sudo_cmd mv "$my_app_dir/$my_app_launchd_service" "$PREFIX/$my_app_launchd_service" + $sudo_cmd chown root:wheel "$PREFIX/$my_app_launchd_service" + $sudo_cmd chmod 0644 "$PREFIX/$my_app_launchd_service" + $sudo_cmd launchctl unload -w "$PREFIX/$my_app_launchd_service" >/dev/null 2>/dev/null + $sudo_cmd launchctl load -w "$PREFIX/$my_app_launchd_service" + + echo "$my_app_name started with launchd" +} + +install_for_upstart() +{ + echo "" + echo "Installing as upstart service" + echo "" + + dap_dl "$installer_base/$my_app_upstart_service" "$my_app_dir/$my_app_upstart_service" + $sudo_cmd mv "$my_app_dir/$my_app_upstart_service" "$PREFIX/$my_app_upstart_service" + $sudo_cmd chown root:wheel "$PREFIX/$my_app_upstart_service" + $sudo_cmd chmod 0644 "$PREFIX/$my_app_upstart_service" + + echo "$my_app_name started with upstart" +} + +install_service() +{ + installable="" + if [ -d "$PREFIX/etc/systemd/system" ]; then + install_for_systemd + installable="true" + fi + if [ -d "/Library/LaunchDaemons" ]; then + install_for_launchd + installable="true" + fi + if [ -d "$PREFIX/etc/init" ]; then + install_for_upstart + installable="true" + fi + if [ -z "$installable" ]; then + echo "" + echo "Unknown system service init type. You must install as a system service manually." + echo '(please file a bug with the output of "uname -a")' + echo "" + fi +} + +install_service From a09a56c179870cf0801d67b054ef02edcaaf7e63 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 8 May 2017 21:05:33 -0600 Subject: [PATCH 13/76] add exec bit --- install.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 install.sh diff --git a/install.sh b/install.sh old mode 100644 new mode 100755 From 9828a19f8cedb23a4dd8e32d7a7997d15971cfd0 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 10:27:47 -0600 Subject: [PATCH 14/76] update installer --- .../LaunchDaemons/com.daplie.walnut.web.plist | 1 + dist/etc/systemd/system/walnut.service | 4 +- install.sh | 221 +++++++++--------- uninstall.sh | 48 ++++ 4 files changed, 165 insertions(+), 109 deletions(-) create mode 100755 uninstall.sh diff --git a/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist b/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist index 4c9a382..1ca54ef 100644 --- a/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist +++ b/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist @@ -6,6 +6,7 @@ WALNUT ProgramArguments + /usr/local/bin/node /usr/local/bin/walnut --config /etc/walnut/walnut.yml diff --git a/dist/etc/systemd/system/walnut.service b/dist/etc/systemd/system/walnut.service index 061e113..5cce166 100644 --- a/dist/etc/systemd/system/walnut.service +++ b/dist/etc/systemd/system/walnut.service @@ -27,7 +27,7 @@ Group=www-data # Set a sane working directory, sane flags, and specify how to reload the config file WorkingDirectory=/srv/www -ExecStart=/usr/local/bin/walnut --config=/etc/walnut/walnut.yml +ExecStart=/usr/local/bin/node /usr/local/bin/walnut --config=/etc/walnut/walnut.yml ExecReload=/bin/kill -USR1 $MAINPID # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings. @@ -46,7 +46,7 @@ ProtectSystem=full # … except TLS/SSL, ACME, and Let's Encrypt certificates # and /var/log/, because we want a place where logs can go. # This merely retains r/w access rights, it does not add any new. Must still be writable on the host! -ReadWriteDirectories=/etc/walnut /etc/acme /etc/letsencrypt /etc/ssl /var/log/walnut /var/walnut /opt/walnut /srv/www +ReadWriteDirectories=/etc/walnut /var/log/walnut /var/walnut /opt/walnut /srv/www # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories ; ReadWritePaths=/etc/walnut /var/log/walnut diff --git a/install.sh b/install.sh index 622ac71..17d169a 100755 --- a/install.sh +++ b/install.sh @@ -1,35 +1,19 @@ #!/bin/bash -echo "no install yet" -exit 1 +set -e +set -u -sudo mkdir -p /srv/walnut/{core,lib,etc,config,node_modules} -ln -sf ../node_modules /srv/walnut/core/node_modules -sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer -sudo mkdir -p /srv/walnut/etc/org.oauth3.provider -sudo mkdir -p /srv/walnut/packages/{api,pages,services} -sudo chown -R $(whoami):$(whoami) /srv/walnut - -#git clone git@git.daplie.com:Daplie/walnut.js.git -#git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core - -pushd /srv/walnut/core -npm install -popd - -mv /srv/walnut/core/node_modules /srv/walnut - -echo -n "Enter an email address to use for LetsEncrypt and press [ENTER]: " -read LE_EMAIL -node -e " - 'use strict'; - - require('fs').writeFileSync('/srv/walnut/config.letsencrypt.json', JSON.stringify({ - configDir: '/srv/walnut/letsencrypt' - , email: '$LE_EMAIL' - , agreeTos: true - }, null, ' ')); -" +# something or other about android and tmux using PREFIX +#: "${PREFIX:=''}" +MY_ROOT="" +if [ -z "${PREFIX-}" ]; then + MY_ROOT="" +else + MY_ROOT="$PREFIX" +fi +# Not every platform has or needs sudo, gotta save them O(1)s... +sudo_cmd="" +((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo" ############################### # # @@ -40,39 +24,20 @@ node -e " # See https://git.daplie.com/Daplie/daplie-snippets/blob/master/bash/http-get.sh -http_curl_opts="-fsSL" -http_wget_opts="--quiet" - -http_bin="" +http_get="" http_opts="" http_out="" -detect_http_bin() +detect_http_get() { if type -p curl >/dev/null 2>&1; then - http_bin="curl" - http_opts="$http_curl_opts" + http_get="curl" + http_opts="-fsSL" http_out="-o" - #curl -fsSL "$url" -o "$PREFIX/tmp/$pkg" elif type -p wget >/dev/null 2>&1; then - http_bin="wget" - http_opts="$http_wget_opts" + http_get="wget" + http_opts="--quiet" http_out="-O" - #wget --quiet "$url" -O "$PREFIX/tmp/$pkg" - else - echo "Aborted, could not find curl or wget" - return 7 - fi -} - -http_get() -{ - if [ -e "$2" ]; then - rsync -a "$2" "$1" - elif type -p curl >/dev/null 2>&1; then - $http_bin $http_curl_opts $http_out "$2" "$1" - elif type -p wget >/dev/null 2>&1; then - $http_bin $http_wget_opts $http_out "$2" "$1" else echo "Aborted, could not find curl or wget" return 7 @@ -81,7 +46,7 @@ http_get() dap_dl() { - $http_bin $http_opts $http_out "$2" "$1" + $http_get $http_opts $http_out "$2" "$1" } dap_dl_bash() @@ -89,57 +54,46 @@ dap_dl_bash() dap_url=$1 #dap_args=$2 rm -rf dap-tmp-runner.sh - $http_bin $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh + $http_get $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh } -detect_http_bin +detect_http_get ## END HTTP_GET ## -################################# -# # -# linux and osx system services # -# # -################################# -# Use $PREFIX for compatibility with Termux on Android -# Not every platform has or needs sudo -sudo_cmd="" -((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo" - -my_app_name=goldilocks -my_app_pkg_name=com.daplie.goldilocks.web -my_app_dir=$(mktemp -d) -installer_base="https://git.daplie.com/Daplie/goldilocks.js/raw/master" # add "/dist" as needed - -my_app_systemd_service="etc/systemd/system/${my_app_name}.service" -my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf" -my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist" -my_app_upstart_service="etc/init/${my_app_pkg_name}.conf" +################### +# # +# Install service # +# # +################### install_for_systemd() { echo "" echo "Installing as systemd service" echo "" + mkdir -p $(dirname "$my_app_dir/$my_app_systemd_service") + dap_dl "$installer_base/$my_app_systemd_service" "$my_app_dir/$my_app_systemd_service" + $sudo_cmd mv "$my_app_dir/$my_app_systemd_service" "$MY_ROOT/$my_app_systemd_service" + $sudo_cmd chown -R root:root "$MY_ROOT/$my_app_systemd_service" + $sudo_cmd chmod 644 "$MY_ROOT/$my_app_systemd_service" - dap_dl "$installer_base/$my_app_system_service" "$my_app_dir/$my_app_system_service" - $sudo_cmd mv "$my_app_dir/$my_app_system_service" "$PREFIX/$my_app_system_service" - $sudo_cmd chown -R root:root "$PREFIX/$my_app_system_service" - $sudo_cmd chmod 644 "$PREFIX/$my_app_system_service" - - dap_dl "$installer_base/$my_app_system_tmpfiles" "$my_app_dir/$my_app_system_tmpfiles" - $sudo_cmd mv "$my_app_dir/$my_app_system_tmpfiles" "$PREFIX/$my_app_system_tmpfiles" - $sudo_cmd chown -R root:root "$PREFIX/$my_app_system_tmpfiles" - $sudo_cmd chmod 644 "$PREFIX/$my_app_system_tmpfiles" + mkdir -p $(dirname "$my_app_dir/$my_app_systemd_tmpfiles") + dap_dl "$installer_base/$my_app_systemd_tmpfiles" "$my_app_dir/$my_app_systemd_tmpfiles" + $sudo_cmd mv "$my_app_dir/$my_app_systemd_tmpfiles" "$MY_ROOT/$my_app_systemd_tmpfiles" + $sudo_cmd chown -R root:root "$MY_ROOT/$my_app_systemd_tmpfiles" + $sudo_cmd chmod 644 "$MY_ROOT/$my_app_systemd_tmpfiles" $sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null $sudo_cmd systemctl daemon-reload $sudo_cmd systemctl start "${my_app_name}.service" $sudo_cmd systemctl enable "${my_app_name}.service" - echo "$my_app_name started with systemctl" + echo "$my_app_name started with systemctl, check its status like so" + echo " $sudo_cmd systemctl status $my_app_name" + echo " $sudo_cmd journalctl -xe -u goldilocks" } install_for_launchd() @@ -147,36 +101,38 @@ install_for_launchd() echo "" echo "Installing as launchd service" echo "" - # See http://www.launchd.info/ + mkdir -p $(dirname "$my_app_dir/$my_app_launchd_service") dap_dl "$installer_base/$my_app_launchd_service" "$my_app_dir/$my_app_launchd_service" - $sudo_cmd mv "$my_app_dir/$my_app_launchd_service" "$PREFIX/$my_app_launchd_service" - $sudo_cmd chown root:wheel "$PREFIX/$my_app_launchd_service" - $sudo_cmd chmod 0644 "$PREFIX/$my_app_launchd_service" - $sudo_cmd launchctl unload -w "$PREFIX/$my_app_launchd_service" >/dev/null 2>/dev/null - $sudo_cmd launchctl load -w "$PREFIX/$my_app_launchd_service" + $sudo_cmd mv "$my_app_dir/$my_app_launchd_service" "$MY_ROOT/$my_app_launchd_service" + $sudo_cmd chown root:wheel "$MY_ROOT/$my_app_launchd_service" + $sudo_cmd chmod 0644 "$MY_ROOT/$my_app_launchd_service" + $sudo_cmd launchctl unload -w "$MY_ROOT/$my_app_launchd_service" >/dev/null 2>/dev/null + $sudo_cmd launchctl load -w "$MY_ROOT/$my_app_launchd_service" echo "$my_app_name started with launchd" } -install_for_upstart() +install_etc_config() { - echo "" - echo "Installing as upstart service" - echo "" + if [ ! -e "$MY_ROOT/$my_app_etc_config" ]; then + $sudo_cmd mkdir -p $(dirname "$MY_ROOT/$my_app_etc_config") + mkdir -p $(dirname "$my_app_dir/$my_app_etc_config") + dap_dl "$installer_base/$my_app_etc_config" "$my_app_dir/$my_app_etc_config" + $sudo_cmd mv "$my_app_dir/$my_app_etc_config" "$MY_ROOT/$my_app_etc_config" + fi - dap_dl "$installer_base/$my_app_upstart_service" "$my_app_dir/$my_app_upstart_service" - $sudo_cmd mv "$my_app_dir/$my_app_upstart_service" "$PREFIX/$my_app_upstart_service" - $sudo_cmd chown root:wheel "$PREFIX/$my_app_upstart_service" - $sudo_cmd chmod 0644 "$PREFIX/$my_app_upstart_service" - - echo "$my_app_name started with upstart" + $sudo_cmd chown -R www-data:www-data $(dirname "$MY_ROOT/$my_app_etc_config") + $sudo_cmd chmod 775 $(dirname "$MY_ROOT/$my_app_etc_config") + $sudo_cmd chmod 664 "$MY_ROOT/$my_app_etc_config" } install_service() { + install_etc_config + installable="" - if [ -d "$PREFIX/etc/systemd/system" ]; then + if [ -d "$MY_ROOT/etc/systemd/system" ]; then install_for_systemd installable="true" fi @@ -184,10 +140,6 @@ install_service() install_for_launchd installable="true" fi - if [ -d "$PREFIX/etc/init" ]; then - install_for_upstart - installable="true" - fi if [ -z "$installable" ]; then echo "" echo "Unknown system service init type. You must install as a system service manually." @@ -196,4 +148,59 @@ install_service() fi } +## END SERVICE_INSTALL ## + +# Create dirs, set perms +create_skeleton() +{ + $sudo_cmd mkdir -p /srv/www + $sudo_cmd mkdir -p /var/log/$my_app_name + $sudo_cmd mkdir -p /etc/$my_app_name + $sudo_cmd mkdir -p /var/$my_app_name + $sudo_cmd mkdir -p /srv/$my_app_name + $sudo_cmd mkdir -p /opt/$my_app_name +} + +# Unistall +install_uninstaller() +{ + dap_dl "https://git.daplie.com/Daplie/walnut.js/raw/master/uninstall.sh" "./walnut-uninstall" + $sudo_cmd chmod 755 "./walnut-uninstall" + $sudo_cmd chown root:root "./walnut-uninstall" + $sudo_cmd mv "./walnut-uninstall" "/usr/local/bin/uninstall-walnut" +} + + +# Dependencies +dap_dl_bash "https://git.daplie.com/coolaj86/node-install-script/raw/master/setup-min.sh" + +# Install +# npm install -g 'git+https://git@git.daplie.com/Daplie/walnut.js.git#fs-nosql' + +my_app_name=walnut +my_app_pkg_name=com.daplie.walnut.web +my_app_dir=$(mktemp -d) +installer_base="https://git.daplie.com/Daplie/walnut.js/raw/master/dist" + +my_app_etc_config="etc/${my_app_name}/${my_app_name}.yml" +my_app_systemd_service="etc/systemd/system/${my_app_name}.service" +my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf" +my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist" + +# Install +#git clone git@git.daplie.com:Daplie/walnut.js.git +#git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core +sudo mkdir -p /srv/walnut/{core,lib,etc,config,node_modules} +ln -sf ../node_modules /srv/walnut/core/node_modules +sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer +sudo mkdir -p /srv/walnut/etc/org.oauth3.provider +sudo mkdir -p /srv/walnut/packages/{api,pages,services} +sudo chown -R $(whoami):$(whoami) /srv/walnut + +pushd /srv/walnut/core + npm install +popd + +create_skeleton +install_uninstaller install_service diff --git a/uninstall.sh b/uninstall.sh new file mode 100755 index 0000000..15d964a --- /dev/null +++ b/uninstall.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# something or other about android and tmux using PREFIX +#: "${PREFIX:=''}" +MY_ROOT="" +if [ -z "${PREFIX-}" ]; then + MY_ROOT="" +else + MY_ROOT="$PREFIX" +fi +# Not every platform has or needs sudo, gotta save them O(1)s... +sudo_cmd="" +((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo" + +# you don't want any oopsies when an rm -rf is involved... +set -e +set -u + +my_app_name=walnut +my_app_pkg_name=com.daplie.$my_app_name.web + +my_app_etc_config="etc/${my_app_name}/${my_app_name}.yml" +my_app_systemd_service="etc/systemd/system/${my_app_name}.service" +my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf" +my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist" +my_app_upstart_service="etc/init.d/${my_app_name}.conf" + + +$sudo_cmd rm -f /usr/local/bin/$my_app_name +$sudo_cmd rm -rf /usr/local/lib/node_modules/$my_app_name +$sudo_cmd rm -f /usr/local/bin/uninstall-$my_app_name + +$sudo_cmd rm -f "$MY_ROOT/$my_app_etc_config" +$sudo_cmd rmdir -p $(dirname "$MY_ROOT/$my_app_etc_config") 2>/dev/null || true +$sudo_cmd rm -f "$MY_ROOT/$my_app_systemd_service" +$sudo_cmd rm -f "$MY_ROOT/$my_app_systemd_tmpfiles" +$sudo_cmd rm -f "$MY_ROOT/$my_app_launchd_service" +$sudo_cmd rm -f "$MY_ROOT/$my_app_upstart_service" + +$sudo_cmd rm -rf /opt/$my_app_name +$sudo_cmd rm -rf /var/log/$my_app_name + +# TODO flag for --purge +#rm -rf /etc/$my_app_name + +# TODO trap uninstall function + +echo "uninstall complete: $my_app_name" From a8ed9b3185e20f956ffb5fe36237e2203cfaa82c Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 10:29:29 -0600 Subject: [PATCH 15/76] check definition of ANDROID_ROOT --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 17d169a..f4c81f3 100755 --- a/install.sh +++ b/install.sh @@ -13,7 +13,7 @@ else fi # Not every platform has or needs sudo, gotta save them O(1)s... sudo_cmd="" -((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo" +((EUID)) && [[ -z "${ANDROID_ROOT-}" ]] && sudo_cmd="sudo" ############################### # # From 355dc2f6f8d26cc8a17b65998dcdfc79e7cc9946 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 10:34:00 -0600 Subject: [PATCH 16/76] remove node_modules if present --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index f4c81f3..0a2109e 100755 --- a/install.sh +++ b/install.sh @@ -191,6 +191,7 @@ my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist" #git clone git@git.daplie.com:Daplie/walnut.js.git #git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core sudo mkdir -p /srv/walnut/{core,lib,etc,config,node_modules} +rm -rf /srv/walnut/core/node_modules ln -sf ../node_modules /srv/walnut/core/node_modules sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider From f6461c49eebe76a178058147d4dd6b22ec9146b7 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 17:00:52 +0000 Subject: [PATCH 17/76] get cluster from git --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 43b765b..b34ac8a 100644 --- a/package.json +++ b/package.json @@ -84,7 +84,7 @@ "jsonwebtoken": "^5.4.0", "lodash": "2.x", "letsencrypt-express": "1.1.x", - "masterquest-sqlite3": "git://github.com/coolaj86/node-masterquest-sqlite3.git", + "masterquest-sqlite3": "git://git.daplie.com/coolaj86/node-masterquest-sqlite3.git", "media-typer": "^0.3.0", "methods": "^1.1.1", "mime": "^1.3.4", @@ -114,7 +114,7 @@ "serve-favicon": "2.x", "serve-static": "1.x", "sqlite3": "3.x", - "sqlite3-cluster": "^1.1.1", + "sqlite3-cluster": "git://git.daplie.com/coolaj86/sqlite3-cluster.git", "ssl-root-cas": "1.x", "twilio": "1.x", "type-is": "^1.6.1", From cfdfaadca3665f27bf582567b17342e71bd40e28 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 17:48:24 +0000 Subject: [PATCH 18/76] update git deps --- package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index b34ac8a..0437dab 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "body-parser": "1.x", "btoa": "1.x", "bytes": "^1.0.0", - "cluster-store": "^1.0.0", + "cluster-store": "git+https://git.daplie.com/coolaj86/cluster-store.git", "compression": "1.x", "connect": "3.x", "connect-cors": "0.5.x", @@ -84,7 +84,7 @@ "jsonwebtoken": "^5.4.0", "lodash": "2.x", "letsencrypt-express": "1.1.x", - "masterquest-sqlite3": "git://git.daplie.com/coolaj86/node-masterquest-sqlite3.git", + "masterquest-sqlite3": "git+https://git.daplie.com/coolaj86/node-masterquest-sqlite3.git", "media-typer": "^0.3.0", "methods": "^1.1.1", "mime": "^1.3.4", @@ -114,7 +114,7 @@ "serve-favicon": "2.x", "serve-static": "1.x", "sqlite3": "3.x", - "sqlite3-cluster": "git://git.daplie.com/coolaj86/sqlite3-cluster.git", + "sqlite3-cluster": "git+https://git.daplie.com/coolaj86/sqlite3-cluster.git#v2", "ssl-root-cas": "1.x", "twilio": "1.x", "type-is": "^1.6.1", From 873d53f9a275cfa695369ac019baa61414ce3739 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 18:13:25 +0000 Subject: [PATCH 19/76] change default port to 3000 --- boot/master.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/master.js b/boot/master.js index 495732c..9ed50ea 100644 --- a/boot/master.js +++ b/boot/master.js @@ -38,7 +38,7 @@ var info = { protocol: 'http' , externalPort: walnut.externalPort || 443 , externalPortInsecure: walnut.externalInsecurePort || 80 // TODO externalInsecurePort - , localPort: walnut.localPort || 4080 // system / local network + , localPort: walnut.localPort || 3000 // system / local network , trustProxy: true , varpath: path.join(__dirname, '..', '..', 'var') , etcpath: path.join(__dirname, '..', '..', 'etc') From 0228723bba10eb841cf7d44fb259a34f048289d8 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 18:42:24 +0000 Subject: [PATCH 20/76] fix http get vs rsync --- install.sh | 69 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 47 insertions(+), 22 deletions(-) diff --git a/install.sh b/install.sh index 0a2109e..c2b96a2 100755 --- a/install.sh +++ b/install.sh @@ -24,20 +24,39 @@ sudo_cmd="" # See https://git.daplie.com/Daplie/daplie-snippets/blob/master/bash/http-get.sh -http_get="" +http_curl_opts="-fsSL" +http_wget_opts="--quiet" + +http_bin="" http_opts="" http_out="" -detect_http_get() +detect_http_bin() { if type -p curl >/dev/null 2>&1; then - http_get="curl" - http_opts="-fsSL" + http_bin="curl" + http_opts="$http_curl_opts" http_out="-o" + #curl -fsSL "$url" -o "$PREFIX/tmp/$pkg" elif type -p wget >/dev/null 2>&1; then - http_get="wget" - http_opts="--quiet" + http_bin="wget" + http_opts="$http_wget_opts" http_out="-O" + #wget --quiet "$url" -O "$PREFIX/tmp/$pkg" + else + echo "Aborted, could not find curl or wget" + return 7 + fi +} + +http_get() +{ + if [ -e "$1" ]; then + rsync -a "$1" "$2" + elif type -p curl >/dev/null 2>&1; then + $http_bin $http_curl_opts $http_out "$2" "$1" + elif type -p wget >/dev/null 2>&1; then + $http_bin $http_wget_opts $http_out "$2" "$1" else echo "Aborted, could not find curl or wget" return 7 @@ -46,7 +65,7 @@ detect_http_get() dap_dl() { - $http_get $http_opts $http_out "$2" "$1" + http_get "$1" "$2" } dap_dl_bash() @@ -54,10 +73,10 @@ dap_dl_bash() dap_url=$1 #dap_args=$2 rm -rf dap-tmp-runner.sh - $http_get $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh + $http_bin $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh } -detect_http_get +detect_http_bin ## END HTTP_GET ## @@ -146,6 +165,7 @@ install_service() echo '(please file a bug with the output of "uname -a")' echo "" fi + echo "" } ## END SERVICE_INSTALL ## @@ -180,7 +200,8 @@ dap_dl_bash "https://git.daplie.com/coolaj86/node-install-script/raw/master/setu my_app_name=walnut my_app_pkg_name=com.daplie.walnut.web my_app_dir=$(mktemp -d) -installer_base="https://git.daplie.com/Daplie/walnut.js/raw/master/dist" +#installer_base="https://git.daplie.com/Daplie/walnut.js/raw/master/dist" +installer_base="./dist" my_app_etc_config="etc/${my_app_name}/${my_app_name}.yml" my_app_systemd_service="etc/systemd/system/${my_app_name}.service" @@ -188,20 +209,24 @@ my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf" my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist" # Install -#git clone git@git.daplie.com:Daplie/walnut.js.git -#git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core -sudo mkdir -p /srv/walnut/{core,lib,etc,config,node_modules} -rm -rf /srv/walnut/core/node_modules -ln -sf ../node_modules /srv/walnut/core/node_modules -sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer -sudo mkdir -p /srv/walnut/etc/org.oauth3.provider -sudo mkdir -p /srv/walnut/packages/{api,pages,services} -sudo chown -R $(whoami):$(whoami) /srv/walnut +install_my_app() +{ + #git clone git@git.daplie.com:Daplie/walnut.js.git + #git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core + sudo mkdir -p /srv/walnut/{core,lib,etc,config,node_modules} + rm -rf /srv/walnut/core/node_modules + ln -sf ../node_modules /srv/walnut/core/node_modules + sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer + sudo mkdir -p /srv/walnut/etc/org.oauth3.provider + sudo mkdir -p /srv/walnut/packages/{api,pages,services} + sudo chown -R $(whoami):$(whoami) /srv/walnut -pushd /srv/walnut/core - npm install -popd + pushd /srv/walnut/core + npm install + popd +} +install_my_app create_skeleton install_uninstaller install_service From 25e644bb5dd230ecd1834d9621100cb819463795 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 18:46:10 +0000 Subject: [PATCH 21/76] use correct path for walnut --- dist/Library/LaunchDaemons/com.daplie.walnut.web.plist | 2 +- dist/etc/systemd/system/walnut.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist b/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist index 1ca54ef..748869d 100644 --- a/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist +++ b/dist/Library/LaunchDaemons/com.daplie.walnut.web.plist @@ -7,7 +7,7 @@ ProgramArguments /usr/local/bin/node - /usr/local/bin/walnut + /srv/walnut/core/bin/walnut.js --config /etc/walnut/walnut.yml diff --git a/dist/etc/systemd/system/walnut.service b/dist/etc/systemd/system/walnut.service index 5cce166..5f20e71 100644 --- a/dist/etc/systemd/system/walnut.service +++ b/dist/etc/systemd/system/walnut.service @@ -27,7 +27,7 @@ Group=www-data # Set a sane working directory, sane flags, and specify how to reload the config file WorkingDirectory=/srv/www -ExecStart=/usr/local/bin/node /usr/local/bin/walnut --config=/etc/walnut/walnut.yml +ExecStart=/usr/local/bin/node /srv/walnut/core/bin/walnut.js --config=/etc/walnut/walnut.yml ExecReload=/bin/kill -USR1 $MAINPID # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings. From e855e159f91e384cebc9fa4c1d34024843cf625b Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 10 May 2017 23:26:25 +0000 Subject: [PATCH 22/76] update deps and add a bunch of debug logging --- boot/master.js | 1 + lib/master.js | 22 ++++++++++++++++------ lib/worker.js | 16 +++++++++++++++- package.json | 2 +- 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/boot/master.js b/boot/master.js index 9ed50ea..f96e7de 100644 --- a/boot/master.js +++ b/boot/master.js @@ -71,6 +71,7 @@ cluster.on('online', function (worker) { // calls init if init has not been called require('../lib/master').touch(info.conf, state).then(function (newConf) { worker.send({ type: 'walnut.webserver.onrequest', conf: newConf }); + newConf.addWorker(worker); }); } diff --git a/lib/master.js b/lib/master.js index ca78a57..69c757c 100644 --- a/lib/master.js +++ b/lib/master.js @@ -46,13 +46,20 @@ function init(conf, state) { var cstore = require('cluster-store'); var sqlite3 = require('sqlite3-cluster/server'); + var cstoreOpts = { + sock: conf.memstoreSock + , serve: cluster.isMaster && conf.memstoreSock + , store: cluster.isMaster && null //new require('express-session/session/memory')() + // TODO implement + , key: conf.ipcKey + }; + var cstorePromise = cstore.create(cstoreOpts); var promise = PromiseA.all([ - cstore.create({ - sock: conf.memstoreSock - , serve: cluster.isMaster && conf.memstoreSock - , store: cluster.isMaster && null //new require('express-session/session/memory')() - // TODO implement - , key: conf.ipcKey + cstorePromise.then(function (store) { + console.log('[walnut] [master] cstore created'); + //console.log(cstoreOpts); + //console.log(store); + return store; }) , sqlite3.createServer({ verbose: null @@ -65,6 +72,9 @@ function init(conf, state) { ]).then(function (args) { state.memstore = args[0]; //state.sqlstore = args[1]; + newConf.addWorker = function (w) { + return cstorePromise.addWorker(w); + }; return newConf; }); diff --git a/lib/worker.js b/lib/worker.js index dee1167..21c0fc1 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -1,6 +1,8 @@ 'use strict'; module.exports.create = function (webserver, xconfx, state) { + console.log('[worker] create'); + xconfx.debug = true; console.log('DEBUG create worker'); if (!state) { @@ -35,6 +37,7 @@ module.exports.create = function (webserver, xconfx, state) { */ var cstore = require('cluster-store'); + console.log('[worker] creating data stores...'); return PromiseA.all([ // TODO security on memstore // TODO memstoreFactory.create @@ -44,6 +47,7 @@ module.exports.create = function (webserver, xconfx, state) { // TODO implement , key: xconfx.ipcKey }).then(function (_memstore) { + console.log('[worker] cstore created'); memstore = PromiseA.promisifyAll(_memstore); return memstore; }) @@ -52,8 +56,12 @@ module.exports.create = function (webserver, xconfx, state) { , systemFactory.create({ init: true , dbname: 'config' + }).then(function (sysdb) { + console.log('[worker] sysdb created'); + return sysdb; }) ]).then(function (args) { + console.log('[worker] database factories created'); memstore = args[0]; sqlstores.config = args[1]; @@ -70,7 +78,6 @@ module.exports.create = function (webserver, xconfx, state) { , indices: [ 'createdAt', 'updatedAt' ] } ]; - console.log('config directive', dir); function scopeMemstore(expId) { var scope = expId + '|'; @@ -120,8 +127,11 @@ module.exports.create = function (webserver, xconfx, state) { } return wrap.wrap(sqlstores.config, dir).then(function (models) { + console.log('[worker] database wrapped'); return models.ComDaplieWalnutConfig.find(null, { limit: 100 }).then(function (results) { + console.log('[worker] config query complete'); return models.ComDaplieWalnutConfig.find(null, { limit: 10000 }).then(function (redirects) { + console.log('[worker] configuring express'); var express = require('express-lazy'); var app = express(); var recase = require('connect-recase')({ @@ -160,15 +170,19 @@ module.exports.create = function (webserver, xconfx, state) { } function setupMain() { + if (xconfx.debug) { console.log('[main] setup'); } mainApp = express(); require('./main').create(mainApp, xconfx, apiFactories, apiDeps).then(function () { + if (xconfx.debug) { console.log('[main] ready'); } // TODO process.send({}); }); } if (!bootstrapApp) { + if (xconfx.debug) { console.log('[bootstrap] setup'); } bootstrapApp = express(); require('./bootstrap').create(bootstrapApp, xconfx, models).then(function () { + if (xconfx.debug) { console.log('[bootstrap] ready'); } // TODO process.send({}); setupMain(); }); diff --git a/package.json b/package.json index 0437dab..269f7df 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "body-parser": "1.x", "btoa": "1.x", "bytes": "^1.0.0", - "cluster-store": "git+https://git.daplie.com/coolaj86/cluster-store.git", + "cluster-store": "git+https://git.daplie.com/Daplie/cluster-store.git#v2", "compression": "1.x", "connect": "3.x", "connect-cors": "0.5.x", From 69ce868660c974ea88dd7e0f4dc8b7a73232b640 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 11 May 2017 00:57:50 +0000 Subject: [PATCH 23/76] remove letsencrypt --- package.json | 1 - 1 file changed, 1 deletion(-) diff --git a/package.json b/package.json index 269f7df..258bc7d 100644 --- a/package.json +++ b/package.json @@ -83,7 +83,6 @@ "json-storage": "2.x", "jsonwebtoken": "^5.4.0", "lodash": "2.x", - "letsencrypt-express": "1.1.x", "masterquest-sqlite3": "git+https://git.daplie.com/coolaj86/node-masterquest-sqlite3.git", "media-typer": "^0.3.0", "methods": "^1.1.1", From 1e5fd8484f6ac1a69a1526eae1017c3cd5856d1e Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 11 May 2017 01:11:31 +0000 Subject: [PATCH 24/76] more strict API prefix checking (and better error) --- lib/bootstrap.js | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/lib/bootstrap.js b/lib/bootstrap.js index 540e55e..671fc9e 100644 --- a/lib/bootstrap.js +++ b/lib/bootstrap.js @@ -47,13 +47,18 @@ module.exports.create = function (app, xconfx, models) { var resolve; function errorIfNotApi(req, res, next) { - // if it's not an ip address - if (/[a-z]+/.test(req.hostname || req.headers.host)) { - if (!/^api\./.test(req.hostname || req.headers.host)) { - console.warn('not API req.headers.host:', req.hostname || req.headers.host); - res.send({ error: { message: "no api. subdomain prefix" } }); - return; - } + var hostname = req.hostname || req.headers.host; + + if (!/^api\.[a-z0-9\-]+/.test(hostname)) { + res.send({ error: + { message: "API access is restricted to proper 'api'-prefixed lowercase subdomains." + + " The HTTP 'Host' header must exist and must begin with 'api.' as in 'api.example.com'." + + " For development you may test with api.localhost.daplie.me (or any domain by modifying your /etc/hosts)" + , code: 'E_NOT_API' + , _hostname: hostname + } + }); + return; } next(); From 39b77ba37ffb5628432b156c6aa87f9d00974397 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 15 May 2017 18:11:49 +0000 Subject: [PATCH 25/76] add empty walnut.yml --- dist/etc/walnut/walnut.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 dist/etc/walnut/walnut.yml diff --git a/dist/etc/walnut/walnut.yml b/dist/etc/walnut/walnut.yml new file mode 100644 index 0000000..e69de29 From 5bfac31af4a54fa855cbc9487cb62a5f4ad554a2 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 15 May 2017 18:16:10 +0000 Subject: [PATCH 26/76] use my_app_name --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index c2b96a2..b18a436 100755 --- a/install.sh +++ b/install.sh @@ -112,7 +112,7 @@ install_for_systemd() echo "$my_app_name started with systemctl, check its status like so" echo " $sudo_cmd systemctl status $my_app_name" - echo " $sudo_cmd journalctl -xe -u goldilocks" + echo " $sudo_cmd journalctl -xe -u $my_app_name" } install_for_launchd() From d45361005b534e53c94a2693bc6c94c234f20753 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 15 May 2017 18:16:54 +0000 Subject: [PATCH 27/76] use correct owner --- install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index b18a436..1bd97b8 100755 --- a/install.sh +++ b/install.sh @@ -219,7 +219,8 @@ install_my_app() sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider sudo mkdir -p /srv/walnut/packages/{api,pages,services} - sudo chown -R $(whoami):$(whoami) /srv/walnut + #sudo chown -R $(whoami):$(whoami) /srv/walnut + sudo chown -R www-data:www-data /srv/walnut pushd /srv/walnut/core npm install From 0db9ba98a7d37ffa8f32ed4b2a2bc0fd4551dacb Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 15 May 2017 18:21:07 +0000 Subject: [PATCH 28/76] add group perms --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index 1bd97b8..38a7486 100755 --- a/install.sh +++ b/install.sh @@ -221,6 +221,7 @@ install_my_app() sudo mkdir -p /srv/walnut/packages/{api,pages,services} #sudo chown -R $(whoami):$(whoami) /srv/walnut sudo chown -R www-data:www-data /srv/walnut + sudo chmod -R ug+Xrw /srv/walnut pushd /srv/walnut/core npm install From 171ddc9394bd506bddbc30f9dc58ad6897da9dd2 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 17 May 2017 19:50:15 -0500 Subject: [PATCH 29/76] add com.daplie.walnut.init --- lib/com.daplie.walnut.init/css/bootstrap.css | 6961 ++++++++++++ lib/com.daplie.walnut.init/index.html | 33 + lib/com.daplie.walnut.init/js/index.js | 110 + lib/com.daplie.walnut.init/js/jquery-2.2.2.js | 9842 +++++++++++++++++ 4 files changed, 16946 insertions(+) create mode 100644 lib/com.daplie.walnut.init/css/bootstrap.css create mode 100644 lib/com.daplie.walnut.init/index.html create mode 100644 lib/com.daplie.walnut.init/js/index.js create mode 100644 lib/com.daplie.walnut.init/js/jquery-2.2.2.js diff --git a/lib/com.daplie.walnut.init/css/bootstrap.css b/lib/com.daplie.walnut.init/css/bootstrap.css new file mode 100644 index 0000000..b1ebc6e --- /dev/null +++ b/lib/com.daplie.walnut.init/css/bootstrap.css @@ -0,0 +1,6961 @@ +@import url("https://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700"); +/*! + * bootswatch v3.3.6 + * Homepage: http://bootswatch.com + * Copyright 2012-2016 Thomas Park + * Licensed under MIT + * Based on Bootstrap +*/ +/*! + * Bootstrap v3.3.6 (http://getbootstrap.com) + * Copyright 2011-2015 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */ +/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */ +html { + font-family: sans-serif; + -ms-text-size-adjust: 100%; + -webkit-text-size-adjust: 100%; +} +body { + margin: 0; +} +article, +aside, +details, +figcaption, +figure, +footer, +header, +hgroup, +main, +menu, +nav, +section, +summary { + display: block; +} +audio, +canvas, +progress, +video { + display: inline-block; + vertical-align: baseline; +} +audio:not([controls]) { + display: none; + height: 0; +} +[hidden], +template { + display: none; +} +a { + background-color: transparent; +} +a:active, +a:hover { + outline: 0; +} +abbr[title] { + border-bottom: 1px dotted; +} +b, +strong { + font-weight: bold; +} +dfn { + font-style: italic; +} +h1 { + font-size: 2em; + margin: 0.67em 0; +} +mark { + background: #ff0; + color: #000; +} +small { + font-size: 80%; +} +sub, +sup { + font-size: 75%; + line-height: 0; + position: relative; + vertical-align: baseline; +} +sup { + top: -0.5em; +} +sub { + bottom: -0.25em; +} +img { + border: 0; +} +svg:not(:root) { + overflow: hidden; +} +figure { + margin: 1em 40px; +} +hr { + -webkit-box-sizing: content-box; + -moz-box-sizing: content-box; + box-sizing: content-box; + height: 0; +} +pre { + overflow: auto; +} +code, +kbd, +pre, +samp { + font-family: monospace, monospace; + font-size: 1em; +} +button, +input, +optgroup, +select, +textarea { + color: inherit; + font: inherit; + margin: 0; +} +button { + overflow: visible; +} +button, +select { + text-transform: none; +} +button, +html input[type="button"], +input[type="reset"], +input[type="submit"] { + -webkit-appearance: button; + cursor: pointer; +} +button[disabled], +html input[disabled] { + cursor: default; +} +button::-moz-focus-inner, +input::-moz-focus-inner { + border: 0; + padding: 0; +} +input { + line-height: normal; +} +input[type="checkbox"], +input[type="radio"] { + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; + padding: 0; +} +input[type="number"]::-webkit-inner-spin-button, +input[type="number"]::-webkit-outer-spin-button { + height: auto; +} +input[type="search"] { + -webkit-appearance: textfield; + -webkit-box-sizing: content-box; + -moz-box-sizing: content-box; + box-sizing: content-box; +} +input[type="search"]::-webkit-search-cancel-button, +input[type="search"]::-webkit-search-decoration { + -webkit-appearance: none; +} +fieldset { + border: 1px solid #c0c0c0; + margin: 0 2px; + padding: 0.35em 0.625em 0.75em; +} +legend { + border: 0; + padding: 0; +} +textarea { + overflow: auto; +} +optgroup { + font-weight: bold; +} +table { + border-collapse: collapse; + border-spacing: 0; +} +td, +th { + padding: 0; +} +/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */ +@media print { + *, + *:before, + *:after { + background: transparent !important; + color: #000 !important; + -webkit-box-shadow: none !important; + box-shadow: none !important; + text-shadow: none !important; + } + a, + a:visited { + text-decoration: underline; + } + a[href]:after { + content: " (" attr(href) ")"; + } + abbr[title]:after { + content: " (" attr(title) ")"; + } + a[href^="#"]:after, + a[href^="javascript:"]:after { + content: ""; + } + pre, + blockquote { + border: 1px solid #999; + page-break-inside: avoid; + } + thead { + display: table-header-group; + } + tr, + img { + page-break-inside: avoid; + } + img { + max-width: 100% !important; + } + p, + h2, + h3 { + orphans: 3; + widows: 3; + } + h2, + h3 { + page-break-after: avoid; + } + .navbar { + display: none; + } + .btn > .caret, + .dropup > .btn > .caret { + border-top-color: #000 !important; + } + .label { + border: 1px solid #000; + } + .table { + border-collapse: collapse !important; + } + .table td, + .table th { + background-color: #fff !important; + } + .table-bordered th, + .table-bordered td { + border: 1px solid #ddd !important; + } +} +@font-face { + font-family: 'Glyphicons Halflings'; + src: url('../fonts/glyphicons-halflings-regular.eot'); + src: url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'), url('../fonts/glyphicons-halflings-regular.woff2') format('woff2'), url('../fonts/glyphicons-halflings-regular.woff') format('woff'), url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'), url('../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular') format('svg'); +} +.glyphicon { + position: relative; + top: 1px; + display: inline-block; + font-family: 'Glyphicons Halflings'; + font-style: normal; + font-weight: normal; + line-height: 1; + -webkit-font-smoothing: antialiased; + -moz-osx-font-smoothing: grayscale; +} +.glyphicon-asterisk:before { + content: "\002a"; +} +.glyphicon-plus:before { + content: "\002b"; +} +.glyphicon-euro:before, +.glyphicon-eur:before { + content: "\20ac"; +} +.glyphicon-minus:before { + content: "\2212"; +} +.glyphicon-cloud:before { + content: "\2601"; +} +.glyphicon-envelope:before { + content: "\2709"; +} +.glyphicon-pencil:before { + content: "\270f"; +} +.glyphicon-glass:before { + content: "\e001"; +} +.glyphicon-music:before { + content: "\e002"; +} +.glyphicon-search:before { + content: "\e003"; +} +.glyphicon-heart:before { + content: "\e005"; +} +.glyphicon-star:before { + content: "\e006"; +} +.glyphicon-star-empty:before { + content: "\e007"; +} +.glyphicon-user:before { + content: "\e008"; +} +.glyphicon-film:before { + content: "\e009"; +} +.glyphicon-th-large:before { + content: "\e010"; +} +.glyphicon-th:before { + content: "\e011"; +} +.glyphicon-th-list:before { + content: "\e012"; +} +.glyphicon-ok:before { + content: "\e013"; +} +.glyphicon-remove:before { + content: "\e014"; +} +.glyphicon-zoom-in:before { + content: "\e015"; +} +.glyphicon-zoom-out:before { + content: "\e016"; +} +.glyphicon-off:before { + content: "\e017"; +} +.glyphicon-signal:before { + content: "\e018"; +} +.glyphicon-cog:before { + content: "\e019"; +} +.glyphicon-trash:before { + content: "\e020"; +} +.glyphicon-home:before { + content: "\e021"; +} +.glyphicon-file:before { + content: "\e022"; +} +.glyphicon-time:before { + content: "\e023"; +} +.glyphicon-road:before { + content: "\e024"; +} +.glyphicon-download-alt:before { + content: "\e025"; +} +.glyphicon-download:before { + content: "\e026"; +} +.glyphicon-upload:before { + content: "\e027"; +} +.glyphicon-inbox:before { + content: "\e028"; +} +.glyphicon-play-circle:before { + content: "\e029"; +} +.glyphicon-repeat:before { + content: "\e030"; +} +.glyphicon-refresh:before { + content: "\e031"; +} +.glyphicon-list-alt:before { + content: "\e032"; +} +.glyphicon-lock:before { + content: "\e033"; +} +.glyphicon-flag:before { + content: "\e034"; +} +.glyphicon-headphones:before { + content: "\e035"; +} +.glyphicon-volume-off:before { + content: "\e036"; +} +.glyphicon-volume-down:before { + content: "\e037"; +} +.glyphicon-volume-up:before { + content: "\e038"; +} +.glyphicon-qrcode:before { + content: "\e039"; +} +.glyphicon-barcode:before { + content: "\e040"; +} +.glyphicon-tag:before { + content: "\e041"; +} +.glyphicon-tags:before { + content: "\e042"; +} +.glyphicon-book:before { + content: "\e043"; +} +.glyphicon-bookmark:before { + content: "\e044"; +} +.glyphicon-print:before { + content: "\e045"; +} +.glyphicon-camera:before { + content: "\e046"; +} +.glyphicon-font:before { + content: "\e047"; +} +.glyphicon-bold:before { + content: "\e048"; +} +.glyphicon-italic:before { + content: "\e049"; +} +.glyphicon-text-height:before { + content: "\e050"; +} +.glyphicon-text-width:before { + content: "\e051"; +} +.glyphicon-align-left:before { + content: "\e052"; +} +.glyphicon-align-center:before { + content: "\e053"; +} +.glyphicon-align-right:before { + content: "\e054"; +} +.glyphicon-align-justify:before { + content: "\e055"; +} +.glyphicon-list:before { + content: "\e056"; +} +.glyphicon-indent-left:before { + content: "\e057"; +} +.glyphicon-indent-right:before { + content: "\e058"; +} +.glyphicon-facetime-video:before { + content: "\e059"; +} +.glyphicon-picture:before { + content: "\e060"; +} +.glyphicon-map-marker:before { + content: "\e062"; +} +.glyphicon-adjust:before { + content: "\e063"; +} +.glyphicon-tint:before { + content: "\e064"; +} +.glyphicon-edit:before { + content: "\e065"; +} +.glyphicon-share:before { + content: "\e066"; +} +.glyphicon-check:before { + content: "\e067"; +} +.glyphicon-move:before { + content: "\e068"; +} +.glyphicon-step-backward:before { + content: "\e069"; +} +.glyphicon-fast-backward:before { + content: "\e070"; +} +.glyphicon-backward:before { + content: "\e071"; +} +.glyphicon-play:before { + content: "\e072"; +} +.glyphicon-pause:before { + content: "\e073"; +} +.glyphicon-stop:before { + content: "\e074"; +} +.glyphicon-forward:before { + content: "\e075"; +} +.glyphicon-fast-forward:before { + content: "\e076"; +} +.glyphicon-step-forward:before { + content: "\e077"; +} +.glyphicon-eject:before { + content: "\e078"; +} +.glyphicon-chevron-left:before { + content: "\e079"; +} +.glyphicon-chevron-right:before { + content: "\e080"; +} +.glyphicon-plus-sign:before { + content: "\e081"; +} +.glyphicon-minus-sign:before { + content: "\e082"; +} +.glyphicon-remove-sign:before { + content: "\e083"; +} +.glyphicon-ok-sign:before { + content: "\e084"; +} +.glyphicon-question-sign:before { + content: "\e085"; +} +.glyphicon-info-sign:before { + content: "\e086"; +} +.glyphicon-screenshot:before { + content: "\e087"; +} +.glyphicon-remove-circle:before { + content: "\e088"; +} +.glyphicon-ok-circle:before { + content: "\e089"; +} +.glyphicon-ban-circle:before { + content: "\e090"; +} +.glyphicon-arrow-left:before { + content: "\e091"; +} +.glyphicon-arrow-right:before { + content: "\e092"; +} +.glyphicon-arrow-up:before { + content: "\e093"; +} +.glyphicon-arrow-down:before { + content: "\e094"; +} +.glyphicon-share-alt:before { + content: "\e095"; +} +.glyphicon-resize-full:before { + content: "\e096"; +} +.glyphicon-resize-small:before { + content: "\e097"; +} +.glyphicon-exclamation-sign:before { + content: "\e101"; +} +.glyphicon-gift:before { + content: "\e102"; +} +.glyphicon-leaf:before { + content: "\e103"; +} +.glyphicon-fire:before { + content: "\e104"; +} +.glyphicon-eye-open:before { + content: "\e105"; +} +.glyphicon-eye-close:before { + content: "\e106"; +} +.glyphicon-warning-sign:before { + content: "\e107"; +} +.glyphicon-plane:before { + content: "\e108"; +} +.glyphicon-calendar:before { + content: "\e109"; +} +.glyphicon-random:before { + content: "\e110"; +} +.glyphicon-comment:before { + content: "\e111"; +} +.glyphicon-magnet:before { + content: "\e112"; +} +.glyphicon-chevron-up:before { + content: "\e113"; +} +.glyphicon-chevron-down:before { + content: "\e114"; +} +.glyphicon-retweet:before { + content: "\e115"; +} +.glyphicon-shopping-cart:before { + content: "\e116"; +} +.glyphicon-folder-close:before { + content: "\e117"; +} +.glyphicon-folder-open:before { + content: "\e118"; +} +.glyphicon-resize-vertical:before { + content: "\e119"; +} +.glyphicon-resize-horizontal:before { + content: "\e120"; +} +.glyphicon-hdd:before { + content: "\e121"; +} +.glyphicon-bullhorn:before { + content: "\e122"; +} +.glyphicon-bell:before { + content: "\e123"; +} +.glyphicon-certificate:before { + content: "\e124"; +} +.glyphicon-thumbs-up:before { + content: "\e125"; +} +.glyphicon-thumbs-down:before { + content: "\e126"; +} +.glyphicon-hand-right:before { + content: "\e127"; +} +.glyphicon-hand-left:before { + content: "\e128"; +} +.glyphicon-hand-up:before { + content: "\e129"; +} +.glyphicon-hand-down:before { + content: "\e130"; +} +.glyphicon-circle-arrow-right:before { + content: "\e131"; +} +.glyphicon-circle-arrow-left:before { + content: "\e132"; +} +.glyphicon-circle-arrow-up:before { + content: "\e133"; +} +.glyphicon-circle-arrow-down:before { + content: "\e134"; +} +.glyphicon-globe:before { + content: "\e135"; +} +.glyphicon-wrench:before { + content: "\e136"; +} +.glyphicon-tasks:before { + content: "\e137"; +} +.glyphicon-filter:before { + content: "\e138"; +} +.glyphicon-briefcase:before { + content: "\e139"; +} +.glyphicon-fullscreen:before { + content: "\e140"; +} +.glyphicon-dashboard:before { + content: "\e141"; +} +.glyphicon-paperclip:before { + content: "\e142"; +} +.glyphicon-heart-empty:before { + content: "\e143"; +} +.glyphicon-link:before { + content: "\e144"; +} +.glyphicon-phone:before { + content: "\e145"; +} +.glyphicon-pushpin:before { + content: "\e146"; +} +.glyphicon-usd:before { + content: "\e148"; +} +.glyphicon-gbp:before { + content: "\e149"; +} +.glyphicon-sort:before { + content: "\e150"; +} +.glyphicon-sort-by-alphabet:before { + content: "\e151"; +} +.glyphicon-sort-by-alphabet-alt:before { + content: "\e152"; +} +.glyphicon-sort-by-order:before { + content: "\e153"; +} +.glyphicon-sort-by-order-alt:before { + content: "\e154"; +} +.glyphicon-sort-by-attributes:before { + content: "\e155"; +} +.glyphicon-sort-by-attributes-alt:before { + content: "\e156"; +} +.glyphicon-unchecked:before { + content: "\e157"; +} +.glyphicon-expand:before { + content: "\e158"; +} +.glyphicon-collapse-down:before { + content: "\e159"; +} +.glyphicon-collapse-up:before { + content: "\e160"; +} +.glyphicon-log-in:before { + content: "\e161"; +} +.glyphicon-flash:before { + content: "\e162"; +} +.glyphicon-log-out:before { + content: "\e163"; +} +.glyphicon-new-window:before { + content: "\e164"; +} +.glyphicon-record:before { + content: "\e165"; +} +.glyphicon-save:before { + content: "\e166"; +} +.glyphicon-open:before { + content: "\e167"; +} +.glyphicon-saved:before { + content: "\e168"; +} +.glyphicon-import:before { + content: "\e169"; +} +.glyphicon-export:before { + content: "\e170"; +} +.glyphicon-send:before { + content: "\e171"; +} +.glyphicon-floppy-disk:before { + content: "\e172"; +} +.glyphicon-floppy-saved:before { + content: "\e173"; +} +.glyphicon-floppy-remove:before { + content: "\e174"; +} +.glyphicon-floppy-save:before { + content: "\e175"; +} +.glyphicon-floppy-open:before { + content: "\e176"; +} +.glyphicon-credit-card:before { + content: "\e177"; +} +.glyphicon-transfer:before { + content: "\e178"; +} +.glyphicon-cutlery:before { + content: "\e179"; +} +.glyphicon-header:before { + content: "\e180"; +} +.glyphicon-compressed:before { + content: "\e181"; +} +.glyphicon-earphone:before { + content: "\e182"; +} +.glyphicon-phone-alt:before { + content: "\e183"; +} +.glyphicon-tower:before { + content: "\e184"; +} +.glyphicon-stats:before { + content: "\e185"; +} +.glyphicon-sd-video:before { + content: "\e186"; +} +.glyphicon-hd-video:before { + content: "\e187"; +} +.glyphicon-subtitles:before { + content: "\e188"; +} +.glyphicon-sound-stereo:before { + content: "\e189"; +} +.glyphicon-sound-dolby:before { + content: "\e190"; +} +.glyphicon-sound-5-1:before { + content: "\e191"; +} +.glyphicon-sound-6-1:before { + content: "\e192"; +} +.glyphicon-sound-7-1:before { + content: "\e193"; +} +.glyphicon-copyright-mark:before { + content: "\e194"; +} +.glyphicon-registration-mark:before { + content: "\e195"; +} +.glyphicon-cloud-download:before { + content: "\e197"; +} +.glyphicon-cloud-upload:before { + content: "\e198"; +} +.glyphicon-tree-conifer:before { + content: "\e199"; +} +.glyphicon-tree-deciduous:before { + content: "\e200"; +} +.glyphicon-cd:before { + content: "\e201"; +} +.glyphicon-save-file:before { + content: "\e202"; +} +.glyphicon-open-file:before { + content: "\e203"; +} +.glyphicon-level-up:before { + content: "\e204"; +} +.glyphicon-copy:before { + content: "\e205"; +} +.glyphicon-paste:before { + content: "\e206"; +} +.glyphicon-alert:before { + content: "\e209"; +} +.glyphicon-equalizer:before { + content: "\e210"; +} +.glyphicon-king:before { + content: "\e211"; +} +.glyphicon-queen:before { + content: "\e212"; +} +.glyphicon-pawn:before { + content: "\e213"; +} +.glyphicon-bishop:before { + content: "\e214"; +} +.glyphicon-knight:before { + content: "\e215"; +} +.glyphicon-baby-formula:before { + content: "\e216"; +} +.glyphicon-tent:before { + content: "\26fa"; +} +.glyphicon-blackboard:before { + content: "\e218"; +} +.glyphicon-bed:before { + content: "\e219"; +} +.glyphicon-apple:before { + content: "\f8ff"; +} +.glyphicon-erase:before { + content: "\e221"; +} +.glyphicon-hourglass:before { + content: "\231b"; +} +.glyphicon-lamp:before { + content: "\e223"; +} +.glyphicon-duplicate:before { + content: "\e224"; +} +.glyphicon-piggy-bank:before { + content: "\e225"; +} +.glyphicon-scissors:before { + content: "\e226"; +} +.glyphicon-bitcoin:before { + content: "\e227"; +} +.glyphicon-btc:before { + content: "\e227"; +} +.glyphicon-xbt:before { + content: "\e227"; +} +.glyphicon-yen:before { + content: "\00a5"; +} +.glyphicon-jpy:before { + content: "\00a5"; +} +.glyphicon-ruble:before { + content: "\20bd"; +} +.glyphicon-rub:before { + content: "\20bd"; +} +.glyphicon-scale:before { + content: "\e230"; +} +.glyphicon-ice-lolly:before { + content: "\e231"; +} +.glyphicon-ice-lolly-tasted:before { + content: "\e232"; +} +.glyphicon-education:before { + content: "\e233"; +} +.glyphicon-option-horizontal:before { + content: "\e234"; +} +.glyphicon-option-vertical:before { + content: "\e235"; +} +.glyphicon-menu-hamburger:before { + content: "\e236"; +} +.glyphicon-modal-window:before { + content: "\e237"; +} +.glyphicon-oil:before { + content: "\e238"; +} +.glyphicon-grain:before { + content: "\e239"; +} +.glyphicon-sunglasses:before { + content: "\e240"; +} +.glyphicon-text-size:before { + content: "\e241"; +} +.glyphicon-text-color:before { + content: "\e242"; +} +.glyphicon-text-background:before { + content: "\e243"; +} +.glyphicon-object-align-top:before { + content: "\e244"; +} +.glyphicon-object-align-bottom:before { + content: "\e245"; +} +.glyphicon-object-align-horizontal:before { + content: "\e246"; +} +.glyphicon-object-align-left:before { + content: "\e247"; +} +.glyphicon-object-align-vertical:before { + content: "\e248"; +} +.glyphicon-object-align-right:before { + content: "\e249"; +} +.glyphicon-triangle-right:before { + content: "\e250"; +} +.glyphicon-triangle-left:before { + content: "\e251"; +} +.glyphicon-triangle-bottom:before { + content: "\e252"; +} +.glyphicon-triangle-top:before { + content: "\e253"; +} +.glyphicon-console:before { + content: "\e254"; +} +.glyphicon-superscript:before { + content: "\e255"; +} +.glyphicon-subscript:before { + content: "\e256"; +} +.glyphicon-menu-left:before { + content: "\e257"; +} +.glyphicon-menu-right:before { + content: "\e258"; +} +.glyphicon-menu-down:before { + content: "\e259"; +} +.glyphicon-menu-up:before { + content: "\e260"; +} +* { + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} +*:before, +*:after { + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} +html { + font-size: 10px; + -webkit-tap-highlight-color: rgba(0, 0, 0, 0); +} +body { + font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-size: 14px; + line-height: 1.42857143; + color: #666666; + background-color: #ffffff; +} +input, +button, +select, +textarea { + font-family: inherit; + font-size: inherit; + line-height: inherit; +} +a { + color: #3399f3; + text-decoration: none; +} +a:hover, +a:focus { + color: #3399f3; + text-decoration: underline; +} +a:focus { + outline: thin dotted; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} +figure { + margin: 0; +} +img { + vertical-align: middle; +} +.img-responsive, +.thumbnail > img, +.thumbnail a > img, +.carousel-inner > .item > img, +.carousel-inner > .item > a > img { + display: block; + max-width: 100%; + height: auto; +} +.img-rounded { + border-radius: 6px; +} +.img-thumbnail { + padding: 4px; + line-height: 1.42857143; + background-color: #ffffff; + border: 1px solid #dddddd; + border-radius: 4px; + -webkit-transition: all 0.2s ease-in-out; + -o-transition: all 0.2s ease-in-out; + transition: all 0.2s ease-in-out; + display: inline-block; + max-width: 100%; + height: auto; +} +.img-circle { + border-radius: 50%; +} +hr { + margin-top: 20px; + margin-bottom: 20px; + border: 0; + border-top: 1px solid #eeeeee; +} +.sr-only { + position: absolute; + width: 1px; + height: 1px; + margin: -1px; + padding: 0; + overflow: hidden; + clip: rect(0, 0, 0, 0); + border: 0; +} +.sr-only-focusable:active, +.sr-only-focusable:focus { + position: static; + width: auto; + height: auto; + margin: 0; + overflow: visible; + clip: auto; +} +[role="button"] { + cursor: pointer; +} +h1, +h2, +h3, +h4, +h5, +h6, +.h1, +.h2, +.h3, +.h4, +.h5, +.h6 { + font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-weight: 500; + line-height: 1.1; + color: #2d2d2d; +} +h1 small, +h2 small, +h3 small, +h4 small, +h5 small, +h6 small, +.h1 small, +.h2 small, +.h3 small, +.h4 small, +.h5 small, +.h6 small, +h1 .small, +h2 .small, +h3 .small, +h4 .small, +h5 .small, +h6 .small, +.h1 .small, +.h2 .small, +.h3 .small, +.h4 .small, +.h5 .small, +.h6 .small { + font-weight: normal; + line-height: 1; + color: #999999; +} +h1, +.h1, +h2, +.h2, +h3, +.h3 { + margin-top: 20px; + margin-bottom: 10px; +} +h1 small, +.h1 small, +h2 small, +.h2 small, +h3 small, +.h3 small, +h1 .small, +.h1 .small, +h2 .small, +.h2 .small, +h3 .small, +.h3 .small { + font-size: 65%; +} +h4, +.h4, +h5, +.h5, +h6, +.h6 { + margin-top: 10px; + margin-bottom: 10px; +} +h4 small, +.h4 small, +h5 small, +.h5 small, +h6 small, +.h6 small, +h4 .small, +.h4 .small, +h5 .small, +.h5 .small, +h6 .small, +.h6 .small { + font-size: 75%; +} +h1, +.h1 { + font-size: 36px; +} +h2, +.h2 { + font-size: 30px; +} +h3, +.h3 { + font-size: 24px; +} +h4, +.h4 { + font-size: 18px; +} +h5, +.h5 { + font-size: 14px; +} +h6, +.h6 { + font-size: 12px; +} +p { + margin: 0 0 10px; +} +.lead { + margin-bottom: 20px; + font-size: 16px; + font-weight: 300; + line-height: 1.4; +} +@media (min-width: 768px) { + .lead { + font-size: 21px; + } +} +small, +.small { + font-size: 85%; +} +mark, +.mark { + background-color: #fcf8e3; + padding: .2em; +} +.text-left { + text-align: left; +} +.text-right { + text-align: right; +} +.text-center { + text-align: center; +} +.text-justify { + text-align: justify; +} +.text-nowrap { + white-space: nowrap; +} +.text-lowercase { + text-transform: lowercase; +} +.text-uppercase { + text-transform: uppercase; +} +.text-capitalize { + text-transform: capitalize; +} +.text-muted { + color: #999999; +} +.text-primary { + color: #446e9b; +} +a.text-primary:hover, +a.text-primary:focus { + color: #345578; +} +.text-success { + color: #468847; +} +a.text-success:hover, +a.text-success:focus { + color: #356635; +} +.text-info { + color: #3a87ad; +} +a.text-info:hover, +a.text-info:focus { + color: #2d6987; +} +.text-warning { + color: #c09853; +} +a.text-warning:hover, +a.text-warning:focus { + color: #a47e3c; +} +.text-danger { + color: #b94a48; +} +a.text-danger:hover, +a.text-danger:focus { + color: #953b39; +} +.bg-primary { + color: #fff; + background-color: #446e9b; +} +a.bg-primary:hover, +a.bg-primary:focus { + background-color: #345578; +} +.bg-success { + background-color: #dff0d8; +} +a.bg-success:hover, +a.bg-success:focus { + background-color: #c1e2b3; +} +.bg-info { + background-color: #d9edf7; +} +a.bg-info:hover, +a.bg-info:focus { + background-color: #afd9ee; +} +.bg-warning { + background-color: #fcf8e3; +} +a.bg-warning:hover, +a.bg-warning:focus { + background-color: #f7ecb5; +} +.bg-danger { + background-color: #f2dede; +} +a.bg-danger:hover, +a.bg-danger:focus { + background-color: #e4b9b9; +} +.page-header { + padding-bottom: 9px; + margin: 40px 0 20px; + border-bottom: 1px solid #eeeeee; +} +ul, +ol { + margin-top: 0; + margin-bottom: 10px; +} +ul ul, +ol ul, +ul ol, +ol ol { + margin-bottom: 0; +} +.list-unstyled { + padding-left: 0; + list-style: none; +} +.list-inline { + padding-left: 0; + list-style: none; + margin-left: -5px; +} +.list-inline > li { + display: inline-block; + padding-left: 5px; + padding-right: 5px; +} +dl { + margin-top: 0; + margin-bottom: 20px; +} +dt, +dd { + line-height: 1.42857143; +} +dt { + font-weight: bold; +} +dd { + margin-left: 0; +} +@media (min-width: 768px) { + .dl-horizontal dt { + float: left; + width: 160px; + clear: left; + text-align: right; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; + } + .dl-horizontal dd { + margin-left: 180px; + } +} +abbr[title], +abbr[data-original-title] { + cursor: help; + border-bottom: 1px dotted #999999; +} +.initialism { + font-size: 90%; + text-transform: uppercase; +} +blockquote { + padding: 10px 20px; + margin: 0 0 20px; + font-size: 17.5px; + border-left: 5px solid #eeeeee; +} +blockquote p:last-child, +blockquote ul:last-child, +blockquote ol:last-child { + margin-bottom: 0; +} +blockquote footer, +blockquote small, +blockquote .small { + display: block; + font-size: 80%; + line-height: 1.42857143; + color: #999999; +} +blockquote footer:before, +blockquote small:before, +blockquote .small:before { + content: '\2014 \00A0'; +} +.blockquote-reverse, +blockquote.pull-right { + padding-right: 15px; + padding-left: 0; + border-right: 5px solid #eeeeee; + border-left: 0; + text-align: right; +} +.blockquote-reverse footer:before, +blockquote.pull-right footer:before, +.blockquote-reverse small:before, +blockquote.pull-right small:before, +.blockquote-reverse .small:before, +blockquote.pull-right .small:before { + content: ''; +} +.blockquote-reverse footer:after, +blockquote.pull-right footer:after, +.blockquote-reverse small:after, +blockquote.pull-right small:after, +.blockquote-reverse .small:after, +blockquote.pull-right .small:after { + content: '\00A0 \2014'; +} +address { + margin-bottom: 20px; + font-style: normal; + line-height: 1.42857143; +} +code, +kbd, +pre, +samp { + font-family: Menlo, Monaco, Consolas, "Courier New", monospace; +} +code { + padding: 2px 4px; + font-size: 90%; + color: #c7254e; + background-color: #f9f2f4; + border-radius: 4px; +} +kbd { + padding: 2px 4px; + font-size: 90%; + color: #ffffff; + background-color: #333333; + border-radius: 3px; + -webkit-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.25); + box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.25); +} +kbd kbd { + padding: 0; + font-size: 100%; + font-weight: bold; + -webkit-box-shadow: none; + box-shadow: none; +} +pre { + display: block; + padding: 9.5px; + margin: 0 0 10px; + font-size: 13px; + line-height: 1.42857143; + word-break: break-all; + word-wrap: break-word; + color: #333333; + background-color: #f5f5f5; + border: 1px solid #cccccc; + border-radius: 4px; +} +pre code { + padding: 0; + font-size: inherit; + color: inherit; + white-space: pre-wrap; + background-color: transparent; + border-radius: 0; +} +.pre-scrollable { + max-height: 340px; + overflow-y: scroll; +} +.container { + margin-right: auto; + margin-left: auto; + padding-left: 15px; + padding-right: 15px; +} +@media (min-width: 768px) { + .container { + width: 750px; + } +} +@media (min-width: 992px) { + .container { + width: 970px; + } +} +@media (min-width: 1200px) { + .container { + width: 1170px; + } +} +.container-fluid { + margin-right: auto; + margin-left: auto; + padding-left: 15px; + padding-right: 15px; +} +.row { + margin-left: -15px; + margin-right: -15px; +} +.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12 { + position: relative; + min-height: 1px; + padding-left: 15px; + padding-right: 15px; +} +.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12 { + float: left; +} +.col-xs-12 { + width: 100%; +} +.col-xs-11 { + width: 91.66666667%; +} +.col-xs-10 { + width: 83.33333333%; +} +.col-xs-9 { + width: 75%; +} +.col-xs-8 { + width: 66.66666667%; +} +.col-xs-7 { + width: 58.33333333%; +} +.col-xs-6 { + width: 50%; +} +.col-xs-5 { + width: 41.66666667%; +} +.col-xs-4 { + width: 33.33333333%; +} +.col-xs-3 { + width: 25%; +} +.col-xs-2 { + width: 16.66666667%; +} +.col-xs-1 { + width: 8.33333333%; +} +.col-xs-pull-12 { + right: 100%; +} +.col-xs-pull-11 { + right: 91.66666667%; +} +.col-xs-pull-10 { + right: 83.33333333%; +} +.col-xs-pull-9 { + right: 75%; +} +.col-xs-pull-8 { + right: 66.66666667%; +} +.col-xs-pull-7 { + right: 58.33333333%; +} +.col-xs-pull-6 { + right: 50%; +} +.col-xs-pull-5 { + right: 41.66666667%; +} +.col-xs-pull-4 { + right: 33.33333333%; +} +.col-xs-pull-3 { + right: 25%; +} +.col-xs-pull-2 { + right: 16.66666667%; +} +.col-xs-pull-1 { + right: 8.33333333%; +} +.col-xs-pull-0 { + right: auto; +} +.col-xs-push-12 { + left: 100%; +} +.col-xs-push-11 { + left: 91.66666667%; +} +.col-xs-push-10 { + left: 83.33333333%; +} +.col-xs-push-9 { + left: 75%; +} +.col-xs-push-8 { + left: 66.66666667%; +} +.col-xs-push-7 { + left: 58.33333333%; +} +.col-xs-push-6 { + left: 50%; +} +.col-xs-push-5 { + left: 41.66666667%; +} +.col-xs-push-4 { + left: 33.33333333%; +} +.col-xs-push-3 { + left: 25%; +} +.col-xs-push-2 { + left: 16.66666667%; +} +.col-xs-push-1 { + left: 8.33333333%; +} +.col-xs-push-0 { + left: auto; +} +.col-xs-offset-12 { + margin-left: 100%; +} +.col-xs-offset-11 { + margin-left: 91.66666667%; +} +.col-xs-offset-10 { + margin-left: 83.33333333%; +} +.col-xs-offset-9 { + margin-left: 75%; +} +.col-xs-offset-8 { + margin-left: 66.66666667%; +} +.col-xs-offset-7 { + margin-left: 58.33333333%; +} +.col-xs-offset-6 { + margin-left: 50%; +} +.col-xs-offset-5 { + margin-left: 41.66666667%; +} +.col-xs-offset-4 { + margin-left: 33.33333333%; +} +.col-xs-offset-3 { + margin-left: 25%; +} +.col-xs-offset-2 { + margin-left: 16.66666667%; +} +.col-xs-offset-1 { + margin-left: 8.33333333%; +} +.col-xs-offset-0 { + margin-left: 0%; +} +@media (min-width: 768px) { + .col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12 { + float: left; + } + .col-sm-12 { + width: 100%; + } + .col-sm-11 { + width: 91.66666667%; + } + .col-sm-10 { + width: 83.33333333%; + } + .col-sm-9 { + width: 75%; + } + .col-sm-8 { + width: 66.66666667%; + } + .col-sm-7 { + width: 58.33333333%; + } + .col-sm-6 { + width: 50%; + } + .col-sm-5 { + width: 41.66666667%; + } + .col-sm-4 { + width: 33.33333333%; + } + .col-sm-3 { + width: 25%; + } + .col-sm-2 { + width: 16.66666667%; + } + .col-sm-1 { + width: 8.33333333%; + } + .col-sm-pull-12 { + right: 100%; + } + .col-sm-pull-11 { + right: 91.66666667%; + } + .col-sm-pull-10 { + right: 83.33333333%; + } + .col-sm-pull-9 { + right: 75%; + } + .col-sm-pull-8 { + right: 66.66666667%; + } + .col-sm-pull-7 { + right: 58.33333333%; + } + .col-sm-pull-6 { + right: 50%; + } + .col-sm-pull-5 { + right: 41.66666667%; + } + .col-sm-pull-4 { + right: 33.33333333%; + } + .col-sm-pull-3 { + right: 25%; + } + .col-sm-pull-2 { + right: 16.66666667%; + } + .col-sm-pull-1 { + right: 8.33333333%; + } + .col-sm-pull-0 { + right: auto; + } + .col-sm-push-12 { + left: 100%; + } + .col-sm-push-11 { + left: 91.66666667%; + } + .col-sm-push-10 { + left: 83.33333333%; + } + .col-sm-push-9 { + left: 75%; + } + .col-sm-push-8 { + left: 66.66666667%; + } + .col-sm-push-7 { + left: 58.33333333%; + } + .col-sm-push-6 { + left: 50%; + } + .col-sm-push-5 { + left: 41.66666667%; + } + .col-sm-push-4 { + left: 33.33333333%; + } + .col-sm-push-3 { + left: 25%; + } + .col-sm-push-2 { + left: 16.66666667%; + } + .col-sm-push-1 { + left: 8.33333333%; + } + .col-sm-push-0 { + left: auto; + } + .col-sm-offset-12 { + margin-left: 100%; + } + .col-sm-offset-11 { + margin-left: 91.66666667%; + } + .col-sm-offset-10 { + margin-left: 83.33333333%; + } + .col-sm-offset-9 { + margin-left: 75%; + } + .col-sm-offset-8 { + margin-left: 66.66666667%; + } + .col-sm-offset-7 { + margin-left: 58.33333333%; + } + .col-sm-offset-6 { + margin-left: 50%; + } + .col-sm-offset-5 { + margin-left: 41.66666667%; + } + .col-sm-offset-4 { + margin-left: 33.33333333%; + } + .col-sm-offset-3 { + margin-left: 25%; + } + .col-sm-offset-2 { + margin-left: 16.66666667%; + } + .col-sm-offset-1 { + margin-left: 8.33333333%; + } + .col-sm-offset-0 { + margin-left: 0%; + } +} +@media (min-width: 992px) { + .col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12 { + float: left; + } + .col-md-12 { + width: 100%; + } + .col-md-11 { + width: 91.66666667%; + } + .col-md-10 { + width: 83.33333333%; + } + .col-md-9 { + width: 75%; + } + .col-md-8 { + width: 66.66666667%; + } + .col-md-7 { + width: 58.33333333%; + } + .col-md-6 { + width: 50%; + } + .col-md-5 { + width: 41.66666667%; + } + .col-md-4 { + width: 33.33333333%; + } + .col-md-3 { + width: 25%; + } + .col-md-2 { + width: 16.66666667%; + } + .col-md-1 { + width: 8.33333333%; + } + .col-md-pull-12 { + right: 100%; + } + .col-md-pull-11 { + right: 91.66666667%; + } + .col-md-pull-10 { + right: 83.33333333%; + } + .col-md-pull-9 { + right: 75%; + } + .col-md-pull-8 { + right: 66.66666667%; + } + .col-md-pull-7 { + right: 58.33333333%; + } + .col-md-pull-6 { + right: 50%; + } + .col-md-pull-5 { + right: 41.66666667%; + } + .col-md-pull-4 { + right: 33.33333333%; + } + .col-md-pull-3 { + right: 25%; + } + .col-md-pull-2 { + right: 16.66666667%; + } + .col-md-pull-1 { + right: 8.33333333%; + } + .col-md-pull-0 { + right: auto; + } + .col-md-push-12 { + left: 100%; + } + .col-md-push-11 { + left: 91.66666667%; + } + .col-md-push-10 { + left: 83.33333333%; + } + .col-md-push-9 { + left: 75%; + } + .col-md-push-8 { + left: 66.66666667%; + } + .col-md-push-7 { + left: 58.33333333%; + } + .col-md-push-6 { + left: 50%; + } + .col-md-push-5 { + left: 41.66666667%; + } + .col-md-push-4 { + left: 33.33333333%; + } + .col-md-push-3 { + left: 25%; + } + .col-md-push-2 { + left: 16.66666667%; + } + .col-md-push-1 { + left: 8.33333333%; + } + .col-md-push-0 { + left: auto; + } + .col-md-offset-12 { + margin-left: 100%; + } + .col-md-offset-11 { + margin-left: 91.66666667%; + } + .col-md-offset-10 { + margin-left: 83.33333333%; + } + .col-md-offset-9 { + margin-left: 75%; + } + .col-md-offset-8 { + margin-left: 66.66666667%; + } + .col-md-offset-7 { + margin-left: 58.33333333%; + } + .col-md-offset-6 { + margin-left: 50%; + } + .col-md-offset-5 { + margin-left: 41.66666667%; + } + .col-md-offset-4 { + margin-left: 33.33333333%; + } + .col-md-offset-3 { + margin-left: 25%; + } + .col-md-offset-2 { + margin-left: 16.66666667%; + } + .col-md-offset-1 { + margin-left: 8.33333333%; + } + .col-md-offset-0 { + margin-left: 0%; + } +} +@media (min-width: 1200px) { + .col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12 { + float: left; + } + .col-lg-12 { + width: 100%; + } + .col-lg-11 { + width: 91.66666667%; + } + .col-lg-10 { + width: 83.33333333%; + } + .col-lg-9 { + width: 75%; + } + .col-lg-8 { + width: 66.66666667%; + } + .col-lg-7 { + width: 58.33333333%; + } + .col-lg-6 { + width: 50%; + } + .col-lg-5 { + width: 41.66666667%; + } + .col-lg-4 { + width: 33.33333333%; + } + .col-lg-3 { + width: 25%; + } + .col-lg-2 { + width: 16.66666667%; + } + .col-lg-1 { + width: 8.33333333%; + } + .col-lg-pull-12 { + right: 100%; + } + .col-lg-pull-11 { + right: 91.66666667%; + } + .col-lg-pull-10 { + right: 83.33333333%; + } + .col-lg-pull-9 { + right: 75%; + } + .col-lg-pull-8 { + right: 66.66666667%; + } + .col-lg-pull-7 { + right: 58.33333333%; + } + .col-lg-pull-6 { + right: 50%; + } + .col-lg-pull-5 { + right: 41.66666667%; + } + .col-lg-pull-4 { + right: 33.33333333%; + } + .col-lg-pull-3 { + right: 25%; + } + .col-lg-pull-2 { + right: 16.66666667%; + } + .col-lg-pull-1 { + right: 8.33333333%; + } + .col-lg-pull-0 { + right: auto; + } + .col-lg-push-12 { + left: 100%; + } + .col-lg-push-11 { + left: 91.66666667%; + } + .col-lg-push-10 { + left: 83.33333333%; + } + .col-lg-push-9 { + left: 75%; + } + .col-lg-push-8 { + left: 66.66666667%; + } + .col-lg-push-7 { + left: 58.33333333%; + } + .col-lg-push-6 { + left: 50%; + } + .col-lg-push-5 { + left: 41.66666667%; + } + .col-lg-push-4 { + left: 33.33333333%; + } + .col-lg-push-3 { + left: 25%; + } + .col-lg-push-2 { + left: 16.66666667%; + } + .col-lg-push-1 { + left: 8.33333333%; + } + .col-lg-push-0 { + left: auto; + } + .col-lg-offset-12 { + margin-left: 100%; + } + .col-lg-offset-11 { + margin-left: 91.66666667%; + } + .col-lg-offset-10 { + margin-left: 83.33333333%; + } + .col-lg-offset-9 { + margin-left: 75%; + } + .col-lg-offset-8 { + margin-left: 66.66666667%; + } + .col-lg-offset-7 { + margin-left: 58.33333333%; + } + .col-lg-offset-6 { + margin-left: 50%; + } + .col-lg-offset-5 { + margin-left: 41.66666667%; + } + .col-lg-offset-4 { + margin-left: 33.33333333%; + } + .col-lg-offset-3 { + margin-left: 25%; + } + .col-lg-offset-2 { + margin-left: 16.66666667%; + } + .col-lg-offset-1 { + margin-left: 8.33333333%; + } + .col-lg-offset-0 { + margin-left: 0%; + } +} +table { + background-color: transparent; +} +caption { + padding-top: 8px; + padding-bottom: 8px; + color: #999999; + text-align: left; +} +th { + text-align: left; +} +.table { + width: 100%; + max-width: 100%; + margin-bottom: 20px; +} +.table > thead > tr > th, +.table > tbody > tr > th, +.table > tfoot > tr > th, +.table > thead > tr > td, +.table > tbody > tr > td, +.table > tfoot > tr > td { + padding: 8px; + line-height: 1.42857143; + vertical-align: top; + border-top: 1px solid #dddddd; +} +.table > thead > tr > th { + vertical-align: bottom; + border-bottom: 2px solid #dddddd; +} +.table > caption + thead > tr:first-child > th, +.table > colgroup + thead > tr:first-child > th, +.table > thead:first-child > tr:first-child > th, +.table > caption + thead > tr:first-child > td, +.table > colgroup + thead > tr:first-child > td, +.table > thead:first-child > tr:first-child > td { + border-top: 0; +} +.table > tbody + tbody { + border-top: 2px solid #dddddd; +} +.table .table { + background-color: #ffffff; +} +.table-condensed > thead > tr > th, +.table-condensed > tbody > tr > th, +.table-condensed > tfoot > tr > th, +.table-condensed > thead > tr > td, +.table-condensed > tbody > tr > td, +.table-condensed > tfoot > tr > td { + padding: 5px; +} +.table-bordered { + border: 1px solid #dddddd; +} +.table-bordered > thead > tr > th, +.table-bordered > tbody > tr > th, +.table-bordered > tfoot > tr > th, +.table-bordered > thead > tr > td, +.table-bordered > tbody > tr > td, +.table-bordered > tfoot > tr > td { + border: 1px solid #dddddd; +} +.table-bordered > thead > tr > th, +.table-bordered > thead > tr > td { + border-bottom-width: 2px; +} +.table-striped > tbody > tr:nth-of-type(odd) { + background-color: #f9f9f9; +} +.table-hover > tbody > tr:hover { + background-color: #f5f5f5; +} +table col[class*="col-"] { + position: static; + float: none; + display: table-column; +} +table td[class*="col-"], +table th[class*="col-"] { + position: static; + float: none; + display: table-cell; +} +.table > thead > tr > td.active, +.table > tbody > tr > td.active, +.table > tfoot > tr > td.active, +.table > thead > tr > th.active, +.table > tbody > tr > th.active, +.table > tfoot > tr > th.active, +.table > thead > tr.active > td, +.table > tbody > tr.active > td, +.table > tfoot > tr.active > td, +.table > thead > tr.active > th, +.table > tbody > tr.active > th, +.table > tfoot > tr.active > th { + background-color: #f5f5f5; +} +.table-hover > tbody > tr > td.active:hover, +.table-hover > tbody > tr > th.active:hover, +.table-hover > tbody > tr.active:hover > td, +.table-hover > tbody > tr:hover > .active, +.table-hover > tbody > tr.active:hover > th { + background-color: #e8e8e8; +} +.table > thead > tr > td.success, +.table > tbody > tr > td.success, +.table > tfoot > tr > td.success, +.table > thead > tr > th.success, +.table > tbody > tr > th.success, +.table > tfoot > tr > th.success, +.table > thead > tr.success > td, +.table > tbody > tr.success > td, +.table > tfoot > tr.success > td, +.table > thead > tr.success > th, +.table > tbody > tr.success > th, +.table > tfoot > tr.success > th { + background-color: #dff0d8; +} +.table-hover > tbody > tr > td.success:hover, +.table-hover > tbody > tr > th.success:hover, +.table-hover > tbody > tr.success:hover > td, +.table-hover > tbody > tr:hover > .success, +.table-hover > tbody > tr.success:hover > th { + background-color: #d0e9c6; +} +.table > thead > tr > td.info, +.table > tbody > tr > td.info, +.table > tfoot > tr > td.info, +.table > thead > tr > th.info, +.table > tbody > tr > th.info, +.table > tfoot > tr > th.info, +.table > thead > tr.info > td, +.table > tbody > tr.info > td, +.table > tfoot > tr.info > td, +.table > thead > tr.info > th, +.table > tbody > tr.info > th, +.table > tfoot > tr.info > th { + background-color: #d9edf7; +} +.table-hover > tbody > tr > td.info:hover, +.table-hover > tbody > tr > th.info:hover, +.table-hover > tbody > tr.info:hover > td, +.table-hover > tbody > tr:hover > .info, +.table-hover > tbody > tr.info:hover > th { + background-color: #c4e3f3; +} +.table > thead > tr > td.warning, +.table > tbody > tr > td.warning, +.table > tfoot > tr > td.warning, +.table > thead > tr > th.warning, +.table > tbody > tr > th.warning, +.table > tfoot > tr > th.warning, +.table > thead > tr.warning > td, +.table > tbody > tr.warning > td, +.table > tfoot > tr.warning > td, +.table > thead > tr.warning > th, +.table > tbody > tr.warning > th, +.table > tfoot > tr.warning > th { + background-color: #fcf8e3; +} +.table-hover > tbody > tr > td.warning:hover, +.table-hover > tbody > tr > th.warning:hover, +.table-hover > tbody > tr.warning:hover > td, +.table-hover > tbody > tr:hover > .warning, +.table-hover > tbody > tr.warning:hover > th { + background-color: #faf2cc; +} +.table > thead > tr > td.danger, +.table > tbody > tr > td.danger, +.table > tfoot > tr > td.danger, +.table > thead > tr > th.danger, +.table > tbody > tr > th.danger, +.table > tfoot > tr > th.danger, +.table > thead > tr.danger > td, +.table > tbody > tr.danger > td, +.table > tfoot > tr.danger > td, +.table > thead > tr.danger > th, +.table > tbody > tr.danger > th, +.table > tfoot > tr.danger > th { + background-color: #f2dede; +} +.table-hover > tbody > tr > td.danger:hover, +.table-hover > tbody > tr > th.danger:hover, +.table-hover > tbody > tr.danger:hover > td, +.table-hover > tbody > tr:hover > .danger, +.table-hover > tbody > tr.danger:hover > th { + background-color: #ebcccc; +} +.table-responsive { + overflow-x: auto; + min-height: 0.01%; +} +@media screen and (max-width: 767px) { + .table-responsive { + width: 100%; + margin-bottom: 15px; + overflow-y: hidden; + -ms-overflow-style: -ms-autohiding-scrollbar; + border: 1px solid #dddddd; + } + .table-responsive > .table { + margin-bottom: 0; + } + .table-responsive > .table > thead > tr > th, + .table-responsive > .table > tbody > tr > th, + .table-responsive > .table > tfoot > tr > th, + .table-responsive > .table > thead > tr > td, + .table-responsive > .table > tbody > tr > td, + .table-responsive > .table > tfoot > tr > td { + white-space: nowrap; + } + .table-responsive > .table-bordered { + border: 0; + } + .table-responsive > .table-bordered > thead > tr > th:first-child, + .table-responsive > .table-bordered > tbody > tr > th:first-child, + .table-responsive > .table-bordered > tfoot > tr > th:first-child, + .table-responsive > .table-bordered > thead > tr > td:first-child, + .table-responsive > .table-bordered > tbody > tr > td:first-child, + .table-responsive > .table-bordered > tfoot > tr > td:first-child { + border-left: 0; + } + .table-responsive > .table-bordered > thead > tr > th:last-child, + .table-responsive > .table-bordered > tbody > tr > th:last-child, + .table-responsive > .table-bordered > tfoot > tr > th:last-child, + .table-responsive > .table-bordered > thead > tr > td:last-child, + .table-responsive > .table-bordered > tbody > tr > td:last-child, + .table-responsive > .table-bordered > tfoot > tr > td:last-child { + border-right: 0; + } + .table-responsive > .table-bordered > tbody > tr:last-child > th, + .table-responsive > .table-bordered > tfoot > tr:last-child > th, + .table-responsive > .table-bordered > tbody > tr:last-child > td, + .table-responsive > .table-bordered > tfoot > tr:last-child > td { + border-bottom: 0; + } +} +fieldset { + padding: 0; + margin: 0; + border: 0; + min-width: 0; +} +legend { + display: block; + width: 100%; + padding: 0; + margin-bottom: 20px; + font-size: 21px; + line-height: inherit; + color: #666666; + border: 0; + border-bottom: 1px solid #e5e5e5; +} +label { + display: inline-block; + max-width: 100%; + margin-bottom: 5px; + font-weight: bold; +} +input[type="search"] { + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} +input[type="radio"], +input[type="checkbox"] { + margin: 4px 0 0; + margin-top: 1px \9; + line-height: normal; +} +input[type="file"] { + display: block; +} +input[type="range"] { + display: block; + width: 100%; +} +select[multiple], +select[size] { + height: auto; +} +input[type="file"]:focus, +input[type="radio"]:focus, +input[type="checkbox"]:focus { + outline: thin dotted; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} +output { + display: block; + padding-top: 9px; + font-size: 14px; + line-height: 1.42857143; + color: #666666; +} +.form-control { + display: block; + width: 100%; + height: 38px; + padding: 8px 12px; + font-size: 14px; + line-height: 1.42857143; + color: #666666; + background-color: #ffffff; + background-image: none; + border: 1px solid #cccccc; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + -webkit-transition: border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s; + -o-transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s; + transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s; +} +.form-control:focus { + border-color: #66afe9; + outline: 0; + -webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6); + box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6); +} +.form-control::-moz-placeholder { + color: #999999; + opacity: 1; +} +.form-control:-ms-input-placeholder { + color: #999999; +} +.form-control::-webkit-input-placeholder { + color: #999999; +} +.form-control::-ms-expand { + border: 0; + background-color: transparent; +} +.form-control[disabled], +.form-control[readonly], +fieldset[disabled] .form-control { + background-color: #eeeeee; + opacity: 1; +} +.form-control[disabled], +fieldset[disabled] .form-control { + cursor: not-allowed; +} +textarea.form-control { + height: auto; +} +input[type="search"] { + -webkit-appearance: none; +} +@media screen and (-webkit-min-device-pixel-ratio: 0) { + input[type="date"].form-control, + input[type="time"].form-control, + input[type="datetime-local"].form-control, + input[type="month"].form-control { + line-height: 38px; + } + input[type="date"].input-sm, + input[type="time"].input-sm, + input[type="datetime-local"].input-sm, + input[type="month"].input-sm, + .input-group-sm input[type="date"], + .input-group-sm input[type="time"], + .input-group-sm input[type="datetime-local"], + .input-group-sm input[type="month"] { + line-height: 30px; + } + input[type="date"].input-lg, + input[type="time"].input-lg, + input[type="datetime-local"].input-lg, + input[type="month"].input-lg, + .input-group-lg input[type="date"], + .input-group-lg input[type="time"], + .input-group-lg input[type="datetime-local"], + .input-group-lg input[type="month"] { + line-height: 54px; + } +} +.form-group { + margin-bottom: 15px; +} +.radio, +.checkbox { + position: relative; + display: block; + margin-top: 10px; + margin-bottom: 10px; +} +.radio label, +.checkbox label { + min-height: 20px; + padding-left: 20px; + margin-bottom: 0; + font-weight: normal; + cursor: pointer; +} +.radio input[type="radio"], +.radio-inline input[type="radio"], +.checkbox input[type="checkbox"], +.checkbox-inline input[type="checkbox"] { + position: absolute; + margin-left: -20px; + margin-top: 4px \9; +} +.radio + .radio, +.checkbox + .checkbox { + margin-top: -5px; +} +.radio-inline, +.checkbox-inline { + position: relative; + display: inline-block; + padding-left: 20px; + margin-bottom: 0; + vertical-align: middle; + font-weight: normal; + cursor: pointer; +} +.radio-inline + .radio-inline, +.checkbox-inline + .checkbox-inline { + margin-top: 0; + margin-left: 10px; +} +input[type="radio"][disabled], +input[type="checkbox"][disabled], +input[type="radio"].disabled, +input[type="checkbox"].disabled, +fieldset[disabled] input[type="radio"], +fieldset[disabled] input[type="checkbox"] { + cursor: not-allowed; +} +.radio-inline.disabled, +.checkbox-inline.disabled, +fieldset[disabled] .radio-inline, +fieldset[disabled] .checkbox-inline { + cursor: not-allowed; +} +.radio.disabled label, +.checkbox.disabled label, +fieldset[disabled] .radio label, +fieldset[disabled] .checkbox label { + cursor: not-allowed; +} +.form-control-static { + padding-top: 9px; + padding-bottom: 9px; + margin-bottom: 0; + min-height: 34px; +} +.form-control-static.input-lg, +.form-control-static.input-sm { + padding-left: 0; + padding-right: 0; +} +.input-sm { + height: 30px; + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} +select.input-sm { + height: 30px; + line-height: 30px; +} +textarea.input-sm, +select[multiple].input-sm { + height: auto; +} +.form-group-sm .form-control { + height: 30px; + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} +.form-group-sm select.form-control { + height: 30px; + line-height: 30px; +} +.form-group-sm textarea.form-control, +.form-group-sm select[multiple].form-control { + height: auto; +} +.form-group-sm .form-control-static { + height: 30px; + min-height: 32px; + padding: 6px 10px; + font-size: 12px; + line-height: 1.5; +} +.input-lg { + height: 54px; + padding: 14px 16px; + font-size: 18px; + line-height: 1.3333333; + border-radius: 6px; +} +select.input-lg { + height: 54px; + line-height: 54px; +} +textarea.input-lg, +select[multiple].input-lg { + height: auto; +} +.form-group-lg .form-control { + height: 54px; + padding: 14px 16px; + font-size: 18px; + line-height: 1.3333333; + border-radius: 6px; +} +.form-group-lg select.form-control { + height: 54px; + line-height: 54px; +} +.form-group-lg textarea.form-control, +.form-group-lg select[multiple].form-control { + height: auto; +} +.form-group-lg .form-control-static { + height: 54px; + min-height: 38px; + padding: 15px 16px; + font-size: 18px; + line-height: 1.3333333; +} +.has-feedback { + position: relative; +} +.has-feedback .form-control { + padding-right: 47.5px; +} +.form-control-feedback { + position: absolute; + top: 0; + right: 0; + z-index: 2; + display: block; + width: 38px; + height: 38px; + line-height: 38px; + text-align: center; + pointer-events: none; +} +.input-lg + .form-control-feedback, +.input-group-lg + .form-control-feedback, +.form-group-lg .form-control + .form-control-feedback { + width: 54px; + height: 54px; + line-height: 54px; +} +.input-sm + .form-control-feedback, +.input-group-sm + .form-control-feedback, +.form-group-sm .form-control + .form-control-feedback { + width: 30px; + height: 30px; + line-height: 30px; +} +.has-success .help-block, +.has-success .control-label, +.has-success .radio, +.has-success .checkbox, +.has-success .radio-inline, +.has-success .checkbox-inline, +.has-success.radio label, +.has-success.checkbox label, +.has-success.radio-inline label, +.has-success.checkbox-inline label { + color: #468847; +} +.has-success .form-control { + border-color: #468847; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); +} +.has-success .form-control:focus { + border-color: #356635; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; +} +.has-success .input-group-addon { + color: #468847; + border-color: #468847; + background-color: #dff0d8; +} +.has-success .form-control-feedback { + color: #468847; +} +.has-warning .help-block, +.has-warning .control-label, +.has-warning .radio, +.has-warning .checkbox, +.has-warning .radio-inline, +.has-warning .checkbox-inline, +.has-warning.radio label, +.has-warning.checkbox label, +.has-warning.radio-inline label, +.has-warning.checkbox-inline label { + color: #c09853; +} +.has-warning .form-control { + border-color: #c09853; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); +} +.has-warning .form-control:focus { + border-color: #a47e3c; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; +} +.has-warning .input-group-addon { + color: #c09853; + border-color: #c09853; + background-color: #fcf8e3; +} +.has-warning .form-control-feedback { + color: #c09853; +} +.has-error .help-block, +.has-error .control-label, +.has-error .radio, +.has-error .checkbox, +.has-error .radio-inline, +.has-error .checkbox-inline, +.has-error.radio label, +.has-error.checkbox label, +.has-error.radio-inline label, +.has-error.checkbox-inline label { + color: #b94a48; +} +.has-error .form-control { + border-color: #b94a48; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); +} +.has-error .form-control:focus { + border-color: #953b39; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; +} +.has-error .input-group-addon { + color: #b94a48; + border-color: #b94a48; + background-color: #f2dede; +} +.has-error .form-control-feedback { + color: #b94a48; +} +.has-feedback label ~ .form-control-feedback { + top: 25px; +} +.has-feedback label.sr-only ~ .form-control-feedback { + top: 0; +} +.help-block { + display: block; + margin-top: 5px; + margin-bottom: 10px; + color: #a6a6a6; +} +@media (min-width: 768px) { + .form-inline .form-group { + display: inline-block; + margin-bottom: 0; + vertical-align: middle; + } + .form-inline .form-control { + display: inline-block; + width: auto; + vertical-align: middle; + } + .form-inline .form-control-static { + display: inline-block; + } + .form-inline .input-group { + display: inline-table; + vertical-align: middle; + } + .form-inline .input-group .input-group-addon, + .form-inline .input-group .input-group-btn, + .form-inline .input-group .form-control { + width: auto; + } + .form-inline .input-group > .form-control { + width: 100%; + } + .form-inline .control-label { + margin-bottom: 0; + vertical-align: middle; + } + .form-inline .radio, + .form-inline .checkbox { + display: inline-block; + margin-top: 0; + margin-bottom: 0; + vertical-align: middle; + } + .form-inline .radio label, + .form-inline .checkbox label { + padding-left: 0; + } + .form-inline .radio input[type="radio"], + .form-inline .checkbox input[type="checkbox"] { + position: relative; + margin-left: 0; + } + .form-inline .has-feedback .form-control-feedback { + top: 0; + } +} +.form-horizontal .radio, +.form-horizontal .checkbox, +.form-horizontal .radio-inline, +.form-horizontal .checkbox-inline { + margin-top: 0; + margin-bottom: 0; + padding-top: 9px; +} +.form-horizontal .radio, +.form-horizontal .checkbox { + min-height: 29px; +} +.form-horizontal .form-group { + margin-left: -15px; + margin-right: -15px; +} +@media (min-width: 768px) { + .form-horizontal .control-label { + text-align: right; + margin-bottom: 0; + padding-top: 9px; + } +} +.form-horizontal .has-feedback .form-control-feedback { + right: 15px; +} +@media (min-width: 768px) { + .form-horizontal .form-group-lg .control-label { + padding-top: 15px; + font-size: 18px; + } +} +@media (min-width: 768px) { + .form-horizontal .form-group-sm .control-label { + padding-top: 6px; + font-size: 12px; + } +} +.btn { + display: inline-block; + margin-bottom: 0; + font-weight: normal; + text-align: center; + vertical-align: middle; + -ms-touch-action: manipulation; + touch-action: manipulation; + cursor: pointer; + background-image: none; + border: 1px solid transparent; + white-space: nowrap; + padding: 8px 12px; + font-size: 14px; + line-height: 1.42857143; + border-radius: 4px; + -webkit-user-select: none; + -moz-user-select: none; + -ms-user-select: none; + user-select: none; +} +.btn:focus, +.btn:active:focus, +.btn.active:focus, +.btn.focus, +.btn:active.focus, +.btn.active.focus { + outline: thin dotted; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} +.btn:hover, +.btn:focus, +.btn.focus { + color: #ffffff; + text-decoration: none; +} +.btn:active, +.btn.active { + outline: 0; + background-image: none; + -webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); + box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); +} +.btn.disabled, +.btn[disabled], +fieldset[disabled] .btn { + cursor: not-allowed; + opacity: 0.65; + filter: alpha(opacity=65); + -webkit-box-shadow: none; + box-shadow: none; +} +a.btn.disabled, +fieldset[disabled] a.btn { + pointer-events: none; +} +.btn-default { + color: #ffffff; + background-color: #474949; + border-color: #474949; +} +.btn-default:focus, +.btn-default.focus { + color: #ffffff; + background-color: #2e2f2f; + border-color: #080808; +} +.btn-default:hover { + color: #ffffff; + background-color: #2e2f2f; + border-color: #292a2a; +} +.btn-default:active, +.btn-default.active, +.open > .dropdown-toggle.btn-default { + color: #ffffff; + background-color: #2e2f2f; + border-color: #292a2a; +} +.btn-default:active:hover, +.btn-default.active:hover, +.open > .dropdown-toggle.btn-default:hover, +.btn-default:active:focus, +.btn-default.active:focus, +.open > .dropdown-toggle.btn-default:focus, +.btn-default:active.focus, +.btn-default.active.focus, +.open > .dropdown-toggle.btn-default.focus { + color: #ffffff; + background-color: #1c1d1d; + border-color: #080808; +} +.btn-default:active, +.btn-default.active, +.open > .dropdown-toggle.btn-default { + background-image: none; +} +.btn-default.disabled:hover, +.btn-default[disabled]:hover, +fieldset[disabled] .btn-default:hover, +.btn-default.disabled:focus, +.btn-default[disabled]:focus, +fieldset[disabled] .btn-default:focus, +.btn-default.disabled.focus, +.btn-default[disabled].focus, +fieldset[disabled] .btn-default.focus { + background-color: #474949; + border-color: #474949; +} +.btn-default .badge { + color: #474949; + background-color: #ffffff; +} +.btn-primary { + color: #ffffff; + background-color: #446e9b; + border-color: #446e9b; +} +.btn-primary:focus, +.btn-primary.focus { + color: #ffffff; + background-color: #345578; + border-color: #1d2f42; +} +.btn-primary:hover { + color: #ffffff; + background-color: #345578; + border-color: #315070; +} +.btn-primary:active, +.btn-primary.active, +.open > .dropdown-toggle.btn-primary { + color: #ffffff; + background-color: #345578; + border-color: #315070; +} +.btn-primary:active:hover, +.btn-primary.active:hover, +.open > .dropdown-toggle.btn-primary:hover, +.btn-primary:active:focus, +.btn-primary.active:focus, +.open > .dropdown-toggle.btn-primary:focus, +.btn-primary:active.focus, +.btn-primary.active.focus, +.open > .dropdown-toggle.btn-primary.focus { + color: #ffffff; + background-color: #2a435f; + border-color: #1d2f42; +} +.btn-primary:active, +.btn-primary.active, +.open > .dropdown-toggle.btn-primary { + background-image: none; +} +.btn-primary.disabled:hover, +.btn-primary[disabled]:hover, +fieldset[disabled] .btn-primary:hover, +.btn-primary.disabled:focus, +.btn-primary[disabled]:focus, +fieldset[disabled] .btn-primary:focus, +.btn-primary.disabled.focus, +.btn-primary[disabled].focus, +fieldset[disabled] .btn-primary.focus { + background-color: #446e9b; + border-color: #446e9b; +} +.btn-primary .badge { + color: #446e9b; + background-color: #ffffff; +} +.btn-success { + color: #ffffff; + background-color: #3cb521; + border-color: #3cb521; +} +.btn-success:focus, +.btn-success.focus { + color: #ffffff; + background-color: #2e8a19; + border-color: #18490d; +} +.btn-success:hover { + color: #ffffff; + background-color: #2e8a19; + border-color: #2b8118; +} +.btn-success:active, +.btn-success.active, +.open > .dropdown-toggle.btn-success { + color: #ffffff; + background-color: #2e8a19; + border-color: #2b8118; +} +.btn-success:active:hover, +.btn-success.active:hover, +.open > .dropdown-toggle.btn-success:hover, +.btn-success:active:focus, +.btn-success.active:focus, +.open > .dropdown-toggle.btn-success:focus, +.btn-success:active.focus, +.btn-success.active.focus, +.open > .dropdown-toggle.btn-success.focus { + color: #ffffff; + background-color: #246c14; + border-color: #18490d; +} +.btn-success:active, +.btn-success.active, +.open > .dropdown-toggle.btn-success { + background-image: none; +} +.btn-success.disabled:hover, +.btn-success[disabled]:hover, +fieldset[disabled] .btn-success:hover, +.btn-success.disabled:focus, +.btn-success[disabled]:focus, +fieldset[disabled] .btn-success:focus, +.btn-success.disabled.focus, +.btn-success[disabled].focus, +fieldset[disabled] .btn-success.focus { + background-color: #3cb521; + border-color: #3cb521; +} +.btn-success .badge { + color: #3cb521; + background-color: #ffffff; +} +.btn-info { + color: #ffffff; + background-color: #3399f3; + border-color: #3399f3; +} +.btn-info:focus, +.btn-info.focus { + color: #ffffff; + background-color: #0e80e5; + border-color: #09589d; +} +.btn-info:hover { + color: #ffffff; + background-color: #0e80e5; + border-color: #0d7bdc; +} +.btn-info:active, +.btn-info.active, +.open > .dropdown-toggle.btn-info { + color: #ffffff; + background-color: #0e80e5; + border-color: #0d7bdc; +} +.btn-info:active:hover, +.btn-info.active:hover, +.open > .dropdown-toggle.btn-info:hover, +.btn-info:active:focus, +.btn-info.active:focus, +.open > .dropdown-toggle.btn-info:focus, +.btn-info:active.focus, +.btn-info.active.focus, +.open > .dropdown-toggle.btn-info.focus { + color: #ffffff; + background-color: #0c6dc4; + border-color: #09589d; +} +.btn-info:active, +.btn-info.active, +.open > .dropdown-toggle.btn-info { + background-image: none; +} +.btn-info.disabled:hover, +.btn-info[disabled]:hover, +fieldset[disabled] .btn-info:hover, +.btn-info.disabled:focus, +.btn-info[disabled]:focus, +fieldset[disabled] .btn-info:focus, +.btn-info.disabled.focus, +.btn-info[disabled].focus, +fieldset[disabled] .btn-info.focus { + background-color: #3399f3; + border-color: #3399f3; +} +.btn-info .badge { + color: #3399f3; + background-color: #ffffff; +} +.btn-warning { + color: #ffffff; + background-color: #d47500; + border-color: #d47500; +} +.btn-warning:focus, +.btn-warning.focus { + color: #ffffff; + background-color: #a15900; + border-color: #552f00; +} +.btn-warning:hover { + color: #ffffff; + background-color: #a15900; + border-color: #975300; +} +.btn-warning:active, +.btn-warning.active, +.open > .dropdown-toggle.btn-warning { + color: #ffffff; + background-color: #a15900; + border-color: #975300; +} +.btn-warning:active:hover, +.btn-warning.active:hover, +.open > .dropdown-toggle.btn-warning:hover, +.btn-warning:active:focus, +.btn-warning.active:focus, +.open > .dropdown-toggle.btn-warning:focus, +.btn-warning:active.focus, +.btn-warning.active.focus, +.open > .dropdown-toggle.btn-warning.focus { + color: #ffffff; + background-color: #7d4500; + border-color: #552f00; +} +.btn-warning:active, +.btn-warning.active, +.open > .dropdown-toggle.btn-warning { + background-image: none; +} +.btn-warning.disabled:hover, +.btn-warning[disabled]:hover, +fieldset[disabled] .btn-warning:hover, +.btn-warning.disabled:focus, +.btn-warning[disabled]:focus, +fieldset[disabled] .btn-warning:focus, +.btn-warning.disabled.focus, +.btn-warning[disabled].focus, +fieldset[disabled] .btn-warning.focus { + background-color: #d47500; + border-color: #d47500; +} +.btn-warning .badge { + color: #d47500; + background-color: #ffffff; +} +.btn-danger { + color: #ffffff; + background-color: #cd0200; + border-color: #cd0200; +} +.btn-danger:focus, +.btn-danger.focus { + color: #ffffff; + background-color: #9a0200; + border-color: #4e0100; +} +.btn-danger:hover { + color: #ffffff; + background-color: #9a0200; + border-color: #900100; +} +.btn-danger:active, +.btn-danger.active, +.open > .dropdown-toggle.btn-danger { + color: #ffffff; + background-color: #9a0200; + border-color: #900100; +} +.btn-danger:active:hover, +.btn-danger.active:hover, +.open > .dropdown-toggle.btn-danger:hover, +.btn-danger:active:focus, +.btn-danger.active:focus, +.open > .dropdown-toggle.btn-danger:focus, +.btn-danger:active.focus, +.btn-danger.active.focus, +.open > .dropdown-toggle.btn-danger.focus { + color: #ffffff; + background-color: #760100; + border-color: #4e0100; +} +.btn-danger:active, +.btn-danger.active, +.open > .dropdown-toggle.btn-danger { + background-image: none; +} +.btn-danger.disabled:hover, +.btn-danger[disabled]:hover, +fieldset[disabled] .btn-danger:hover, +.btn-danger.disabled:focus, +.btn-danger[disabled]:focus, +fieldset[disabled] .btn-danger:focus, +.btn-danger.disabled.focus, +.btn-danger[disabled].focus, +fieldset[disabled] .btn-danger.focus { + background-color: #cd0200; + border-color: #cd0200; +} +.btn-danger .badge { + color: #cd0200; + background-color: #ffffff; +} +.btn-link { + color: #3399f3; + font-weight: normal; + border-radius: 0; +} +.btn-link, +.btn-link:active, +.btn-link.active, +.btn-link[disabled], +fieldset[disabled] .btn-link { + background-color: transparent; + -webkit-box-shadow: none; + box-shadow: none; +} +.btn-link, +.btn-link:hover, +.btn-link:focus, +.btn-link:active { + border-color: transparent; +} +.btn-link:hover, +.btn-link:focus { + color: #3399f3; + text-decoration: underline; + background-color: transparent; +} +.btn-link[disabled]:hover, +fieldset[disabled] .btn-link:hover, +.btn-link[disabled]:focus, +fieldset[disabled] .btn-link:focus { + color: #999999; + text-decoration: none; +} +.btn-lg, +.btn-group-lg > .btn { + padding: 14px 16px; + font-size: 18px; + line-height: 1.3333333; + border-radius: 6px; +} +.btn-sm, +.btn-group-sm > .btn { + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} +.btn-xs, +.btn-group-xs > .btn { + padding: 1px 5px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} +.btn-block { + display: block; + width: 100%; +} +.btn-block + .btn-block { + margin-top: 5px; +} +input[type="submit"].btn-block, +input[type="reset"].btn-block, +input[type="button"].btn-block { + width: 100%; +} +.fade { + opacity: 0; + -webkit-transition: opacity 0.15s linear; + -o-transition: opacity 0.15s linear; + transition: opacity 0.15s linear; +} +.fade.in { + opacity: 1; +} +.collapse { + display: none; +} +.collapse.in { + display: block; +} +tr.collapse.in { + display: table-row; +} +tbody.collapse.in { + display: table-row-group; +} +.collapsing { + position: relative; + height: 0; + overflow: hidden; + -webkit-transition-property: height, visibility; + -o-transition-property: height, visibility; + transition-property: height, visibility; + -webkit-transition-duration: 0.35s; + -o-transition-duration: 0.35s; + transition-duration: 0.35s; + -webkit-transition-timing-function: ease; + -o-transition-timing-function: ease; + transition-timing-function: ease; +} +.caret { + display: inline-block; + width: 0; + height: 0; + margin-left: 2px; + vertical-align: middle; + border-top: 4px dashed; + border-top: 4px solid \9; + border-right: 4px solid transparent; + border-left: 4px solid transparent; +} +.dropup, +.dropdown { + position: relative; +} +.dropdown-toggle:focus { + outline: 0; +} +.dropdown-menu { + position: absolute; + top: 100%; + left: 0; + z-index: 1000; + display: none; + float: left; + min-width: 160px; + padding: 5px 0; + margin: 2px 0 0; + list-style: none; + font-size: 14px; + text-align: left; + background-color: #ffffff; + border: 1px solid #cccccc; + border: 1px solid rgba(0, 0, 0, 0.15); + border-radius: 4px; + -webkit-box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175); + box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175); + -webkit-background-clip: padding-box; + background-clip: padding-box; +} +.dropdown-menu.pull-right { + right: 0; + left: auto; +} +.dropdown-menu .divider { + height: 1px; + margin: 9px 0; + overflow: hidden; + background-color: #e5e5e5; +} +.dropdown-menu > li > a { + display: block; + padding: 3px 20px; + clear: both; + font-weight: normal; + line-height: 1.42857143; + color: #333333; + white-space: nowrap; +} +.dropdown-menu > li > a:hover, +.dropdown-menu > li > a:focus { + text-decoration: none; + color: #ffffff; + background-color: #446e9b; +} +.dropdown-menu > .active > a, +.dropdown-menu > .active > a:hover, +.dropdown-menu > .active > a:focus { + color: #ffffff; + text-decoration: none; + outline: 0; + background-color: #446e9b; +} +.dropdown-menu > .disabled > a, +.dropdown-menu > .disabled > a:hover, +.dropdown-menu > .disabled > a:focus { + color: #999999; +} +.dropdown-menu > .disabled > a:hover, +.dropdown-menu > .disabled > a:focus { + text-decoration: none; + background-color: transparent; + background-image: none; + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + cursor: not-allowed; +} +.open > .dropdown-menu { + display: block; +} +.open > a { + outline: 0; +} +.dropdown-menu-right { + left: auto; + right: 0; +} +.dropdown-menu-left { + left: 0; + right: auto; +} +.dropdown-header { + display: block; + padding: 3px 20px; + font-size: 12px; + line-height: 1.42857143; + color: #999999; + white-space: nowrap; +} +.dropdown-backdrop { + position: fixed; + left: 0; + right: 0; + bottom: 0; + top: 0; + z-index: 990; +} +.pull-right > .dropdown-menu { + right: 0; + left: auto; +} +.dropup .caret, +.navbar-fixed-bottom .dropdown .caret { + border-top: 0; + border-bottom: 4px dashed; + border-bottom: 4px solid \9; + content: ""; +} +.dropup .dropdown-menu, +.navbar-fixed-bottom .dropdown .dropdown-menu { + top: auto; + bottom: 100%; + margin-bottom: 2px; +} +@media (min-width: 768px) { + .navbar-right .dropdown-menu { + left: auto; + right: 0; + } + .navbar-right .dropdown-menu-left { + left: 0; + right: auto; + } +} +.btn-group, +.btn-group-vertical { + position: relative; + display: inline-block; + vertical-align: middle; +} +.btn-group > .btn, +.btn-group-vertical > .btn { + position: relative; + float: left; +} +.btn-group > .btn:hover, +.btn-group-vertical > .btn:hover, +.btn-group > .btn:focus, +.btn-group-vertical > .btn:focus, +.btn-group > .btn:active, +.btn-group-vertical > .btn:active, +.btn-group > .btn.active, +.btn-group-vertical > .btn.active { + z-index: 2; +} +.btn-group .btn + .btn, +.btn-group .btn + .btn-group, +.btn-group .btn-group + .btn, +.btn-group .btn-group + .btn-group { + margin-left: -1px; +} +.btn-toolbar { + margin-left: -5px; +} +.btn-toolbar .btn, +.btn-toolbar .btn-group, +.btn-toolbar .input-group { + float: left; +} +.btn-toolbar > .btn, +.btn-toolbar > .btn-group, +.btn-toolbar > .input-group { + margin-left: 5px; +} +.btn-group > .btn:not(:first-child):not(:last-child):not(.dropdown-toggle) { + border-radius: 0; +} +.btn-group > .btn:first-child { + margin-left: 0; +} +.btn-group > .btn:first-child:not(:last-child):not(.dropdown-toggle) { + border-bottom-right-radius: 0; + border-top-right-radius: 0; +} +.btn-group > .btn:last-child:not(:first-child), +.btn-group > .dropdown-toggle:not(:first-child) { + border-bottom-left-radius: 0; + border-top-left-radius: 0; +} +.btn-group > .btn-group { + float: left; +} +.btn-group > .btn-group:not(:first-child):not(:last-child) > .btn { + border-radius: 0; +} +.btn-group > .btn-group:first-child:not(:last-child) > .btn:last-child, +.btn-group > .btn-group:first-child:not(:last-child) > .dropdown-toggle { + border-bottom-right-radius: 0; + border-top-right-radius: 0; +} +.btn-group > .btn-group:last-child:not(:first-child) > .btn:first-child { + border-bottom-left-radius: 0; + border-top-left-radius: 0; +} +.btn-group .dropdown-toggle:active, +.btn-group.open .dropdown-toggle { + outline: 0; +} +.btn-group > .btn + .dropdown-toggle { + padding-left: 8px; + padding-right: 8px; +} +.btn-group > .btn-lg + .dropdown-toggle { + padding-left: 12px; + padding-right: 12px; +} +.btn-group.open .dropdown-toggle { + -webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); + box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); +} +.btn-group.open .dropdown-toggle.btn-link { + -webkit-box-shadow: none; + box-shadow: none; +} +.btn .caret { + margin-left: 0; +} +.btn-lg .caret { + border-width: 5px 5px 0; + border-bottom-width: 0; +} +.dropup .btn-lg .caret { + border-width: 0 5px 5px; +} +.btn-group-vertical > .btn, +.btn-group-vertical > .btn-group, +.btn-group-vertical > .btn-group > .btn { + display: block; + float: none; + width: 100%; + max-width: 100%; +} +.btn-group-vertical > .btn-group > .btn { + float: none; +} +.btn-group-vertical > .btn + .btn, +.btn-group-vertical > .btn + .btn-group, +.btn-group-vertical > .btn-group + .btn, +.btn-group-vertical > .btn-group + .btn-group { + margin-top: -1px; + margin-left: 0; +} +.btn-group-vertical > .btn:not(:first-child):not(:last-child) { + border-radius: 0; +} +.btn-group-vertical > .btn:first-child:not(:last-child) { + border-top-right-radius: 4px; + border-top-left-radius: 4px; + border-bottom-right-radius: 0; + border-bottom-left-radius: 0; +} +.btn-group-vertical > .btn:last-child:not(:first-child) { + border-top-right-radius: 0; + border-top-left-radius: 0; + border-bottom-right-radius: 4px; + border-bottom-left-radius: 4px; +} +.btn-group-vertical > .btn-group:not(:first-child):not(:last-child) > .btn { + border-radius: 0; +} +.btn-group-vertical > .btn-group:first-child:not(:last-child) > .btn:last-child, +.btn-group-vertical > .btn-group:first-child:not(:last-child) > .dropdown-toggle { + border-bottom-right-radius: 0; + border-bottom-left-radius: 0; +} +.btn-group-vertical > .btn-group:last-child:not(:first-child) > .btn:first-child { + border-top-right-radius: 0; + border-top-left-radius: 0; +} +.btn-group-justified { + display: table; + width: 100%; + table-layout: fixed; + border-collapse: separate; +} +.btn-group-justified > .btn, +.btn-group-justified > .btn-group { + float: none; + display: table-cell; + width: 1%; +} +.btn-group-justified > .btn-group .btn { + width: 100%; +} +.btn-group-justified > .btn-group .dropdown-menu { + left: auto; +} +[data-toggle="buttons"] > .btn input[type="radio"], +[data-toggle="buttons"] > .btn-group > .btn input[type="radio"], +[data-toggle="buttons"] > .btn input[type="checkbox"], +[data-toggle="buttons"] > .btn-group > .btn input[type="checkbox"] { + position: absolute; + clip: rect(0, 0, 0, 0); + pointer-events: none; +} +.input-group { + position: relative; + display: table; + border-collapse: separate; +} +.input-group[class*="col-"] { + float: none; + padding-left: 0; + padding-right: 0; +} +.input-group .form-control { + position: relative; + z-index: 2; + float: left; + width: 100%; + margin-bottom: 0; +} +.input-group .form-control:focus { + z-index: 3; +} +.input-group-lg > .form-control, +.input-group-lg > .input-group-addon, +.input-group-lg > .input-group-btn > .btn { + height: 54px; + padding: 14px 16px; + font-size: 18px; + line-height: 1.3333333; + border-radius: 6px; +} +select.input-group-lg > .form-control, +select.input-group-lg > .input-group-addon, +select.input-group-lg > .input-group-btn > .btn { + height: 54px; + line-height: 54px; +} +textarea.input-group-lg > .form-control, +textarea.input-group-lg > .input-group-addon, +textarea.input-group-lg > .input-group-btn > .btn, +select[multiple].input-group-lg > .form-control, +select[multiple].input-group-lg > .input-group-addon, +select[multiple].input-group-lg > .input-group-btn > .btn { + height: auto; +} +.input-group-sm > .form-control, +.input-group-sm > .input-group-addon, +.input-group-sm > .input-group-btn > .btn { + height: 30px; + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} +select.input-group-sm > .form-control, +select.input-group-sm > .input-group-addon, +select.input-group-sm > .input-group-btn > .btn { + height: 30px; + line-height: 30px; +} +textarea.input-group-sm > .form-control, +textarea.input-group-sm > .input-group-addon, +textarea.input-group-sm > .input-group-btn > .btn, +select[multiple].input-group-sm > .form-control, +select[multiple].input-group-sm > .input-group-addon, +select[multiple].input-group-sm > .input-group-btn > .btn { + height: auto; +} +.input-group-addon, +.input-group-btn, +.input-group .form-control { + display: table-cell; +} +.input-group-addon:not(:first-child):not(:last-child), +.input-group-btn:not(:first-child):not(:last-child), +.input-group .form-control:not(:first-child):not(:last-child) { + border-radius: 0; +} +.input-group-addon, +.input-group-btn { + width: 1%; + white-space: nowrap; + vertical-align: middle; +} +.input-group-addon { + padding: 8px 12px; + font-size: 14px; + font-weight: normal; + line-height: 1; + color: #666666; + text-align: center; + background-color: #eeeeee; + border: 1px solid #cccccc; + border-radius: 4px; +} +.input-group-addon.input-sm { + padding: 5px 10px; + font-size: 12px; + border-radius: 3px; +} +.input-group-addon.input-lg { + padding: 14px 16px; + font-size: 18px; + border-radius: 6px; +} +.input-group-addon input[type="radio"], +.input-group-addon input[type="checkbox"] { + margin-top: 0; +} +.input-group .form-control:first-child, +.input-group-addon:first-child, +.input-group-btn:first-child > .btn, +.input-group-btn:first-child > .btn-group > .btn, +.input-group-btn:first-child > .dropdown-toggle, +.input-group-btn:last-child > .btn:not(:last-child):not(.dropdown-toggle), +.input-group-btn:last-child > .btn-group:not(:last-child) > .btn { + border-bottom-right-radius: 0; + border-top-right-radius: 0; +} +.input-group-addon:first-child { + border-right: 0; +} +.input-group .form-control:last-child, +.input-group-addon:last-child, +.input-group-btn:last-child > .btn, +.input-group-btn:last-child > .btn-group > .btn, +.input-group-btn:last-child > .dropdown-toggle, +.input-group-btn:first-child > .btn:not(:first-child), +.input-group-btn:first-child > .btn-group:not(:first-child) > .btn { + border-bottom-left-radius: 0; + border-top-left-radius: 0; +} +.input-group-addon:last-child { + border-left: 0; +} +.input-group-btn { + position: relative; + font-size: 0; + white-space: nowrap; +} +.input-group-btn > .btn { + position: relative; +} +.input-group-btn > .btn + .btn { + margin-left: -1px; +} +.input-group-btn > .btn:hover, +.input-group-btn > .btn:focus, +.input-group-btn > .btn:active { + z-index: 2; +} +.input-group-btn:first-child > .btn, +.input-group-btn:first-child > .btn-group { + margin-right: -1px; +} +.input-group-btn:last-child > .btn, +.input-group-btn:last-child > .btn-group { + z-index: 2; + margin-left: -1px; +} +.nav { + margin-bottom: 0; + padding-left: 0; + list-style: none; +} +.nav > li { + position: relative; + display: block; +} +.nav > li > a { + position: relative; + display: block; + padding: 10px 15px; +} +.nav > li > a:hover, +.nav > li > a:focus { + text-decoration: none; + background-color: #eeeeee; +} +.nav > li.disabled > a { + color: #999999; +} +.nav > li.disabled > a:hover, +.nav > li.disabled > a:focus { + color: #999999; + text-decoration: none; + background-color: transparent; + cursor: not-allowed; +} +.nav .open > a, +.nav .open > a:hover, +.nav .open > a:focus { + background-color: #eeeeee; + border-color: #3399f3; +} +.nav .nav-divider { + height: 1px; + margin: 9px 0; + overflow: hidden; + background-color: #e5e5e5; +} +.nav > li > a > img { + max-width: none; +} +.nav-tabs { + border-bottom: 1px solid #dddddd; +} +.nav-tabs > li { + float: left; + margin-bottom: -1px; +} +.nav-tabs > li > a { + margin-right: 2px; + line-height: 1.42857143; + border: 1px solid transparent; + border-radius: 4px 4px 0 0; +} +.nav-tabs > li > a:hover { + border-color: #eeeeee #eeeeee #dddddd; +} +.nav-tabs > li.active > a, +.nav-tabs > li.active > a:hover, +.nav-tabs > li.active > a:focus { + color: #666666; + background-color: #ffffff; + border: 1px solid #dddddd; + border-bottom-color: transparent; + cursor: default; +} +.nav-tabs.nav-justified { + width: 100%; + border-bottom: 0; +} +.nav-tabs.nav-justified > li { + float: none; +} +.nav-tabs.nav-justified > li > a { + text-align: center; + margin-bottom: 5px; +} +.nav-tabs.nav-justified > .dropdown .dropdown-menu { + top: auto; + left: auto; +} +@media (min-width: 768px) { + .nav-tabs.nav-justified > li { + display: table-cell; + width: 1%; + } + .nav-tabs.nav-justified > li > a { + margin-bottom: 0; + } +} +.nav-tabs.nav-justified > li > a { + margin-right: 0; + border-radius: 4px; +} +.nav-tabs.nav-justified > .active > a, +.nav-tabs.nav-justified > .active > a:hover, +.nav-tabs.nav-justified > .active > a:focus { + border: 1px solid #dddddd; +} +@media (min-width: 768px) { + .nav-tabs.nav-justified > li > a { + border-bottom: 1px solid #dddddd; + border-radius: 4px 4px 0 0; + } + .nav-tabs.nav-justified > .active > a, + .nav-tabs.nav-justified > .active > a:hover, + .nav-tabs.nav-justified > .active > a:focus { + border-bottom-color: #ffffff; + } +} +.nav-pills > li { + float: left; +} +.nav-pills > li > a { + border-radius: 4px; +} +.nav-pills > li + li { + margin-left: 2px; +} +.nav-pills > li.active > a, +.nav-pills > li.active > a:hover, +.nav-pills > li.active > a:focus { + color: #ffffff; + background-color: #446e9b; +} +.nav-stacked > li { + float: none; +} +.nav-stacked > li + li { + margin-top: 2px; + margin-left: 0; +} +.nav-justified { + width: 100%; +} +.nav-justified > li { + float: none; +} +.nav-justified > li > a { + text-align: center; + margin-bottom: 5px; +} +.nav-justified > .dropdown .dropdown-menu { + top: auto; + left: auto; +} +@media (min-width: 768px) { + .nav-justified > li { + display: table-cell; + width: 1%; + } + .nav-justified > li > a { + margin-bottom: 0; + } +} +.nav-tabs-justified { + border-bottom: 0; +} +.nav-tabs-justified > li > a { + margin-right: 0; + border-radius: 4px; +} +.nav-tabs-justified > .active > a, +.nav-tabs-justified > .active > a:hover, +.nav-tabs-justified > .active > a:focus { + border: 1px solid #dddddd; +} +@media (min-width: 768px) { + .nav-tabs-justified > li > a { + border-bottom: 1px solid #dddddd; + border-radius: 4px 4px 0 0; + } + .nav-tabs-justified > .active > a, + .nav-tabs-justified > .active > a:hover, + .nav-tabs-justified > .active > a:focus { + border-bottom-color: #ffffff; + } +} +.tab-content > .tab-pane { + display: none; +} +.tab-content > .active { + display: block; +} +.nav-tabs .dropdown-menu { + margin-top: -1px; + border-top-right-radius: 0; + border-top-left-radius: 0; +} +.navbar { + position: relative; + min-height: 50px; + margin-bottom: 20px; + border: 1px solid transparent; +} +@media (min-width: 768px) { + .navbar { + border-radius: 4px; + } +} +@media (min-width: 768px) { + .navbar-header { + float: left; + } +} +.navbar-collapse { + overflow-x: visible; + padding-right: 15px; + padding-left: 15px; + border-top: 1px solid transparent; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1); + -webkit-overflow-scrolling: touch; +} +.navbar-collapse.in { + overflow-y: auto; +} +@media (min-width: 768px) { + .navbar-collapse { + width: auto; + border-top: 0; + -webkit-box-shadow: none; + box-shadow: none; + } + .navbar-collapse.collapse { + display: block !important; + height: auto !important; + padding-bottom: 0; + overflow: visible !important; + } + .navbar-collapse.in { + overflow-y: visible; + } + .navbar-fixed-top .navbar-collapse, + .navbar-static-top .navbar-collapse, + .navbar-fixed-bottom .navbar-collapse { + padding-left: 0; + padding-right: 0; + } +} +.navbar-fixed-top .navbar-collapse, +.navbar-fixed-bottom .navbar-collapse { + max-height: 340px; +} +@media (max-device-width: 480px) and (orientation: landscape) { + .navbar-fixed-top .navbar-collapse, + .navbar-fixed-bottom .navbar-collapse { + max-height: 200px; + } +} +.container > .navbar-header, +.container-fluid > .navbar-header, +.container > .navbar-collapse, +.container-fluid > .navbar-collapse { + margin-right: -15px; + margin-left: -15px; +} +@media (min-width: 768px) { + .container > .navbar-header, + .container-fluid > .navbar-header, + .container > .navbar-collapse, + .container-fluid > .navbar-collapse { + margin-right: 0; + margin-left: 0; + } +} +.navbar-static-top { + z-index: 1000; + border-width: 0 0 1px; +} +@media (min-width: 768px) { + .navbar-static-top { + border-radius: 0; + } +} +.navbar-fixed-top, +.navbar-fixed-bottom { + position: fixed; + right: 0; + left: 0; + z-index: 1030; +} +@media (min-width: 768px) { + .navbar-fixed-top, + .navbar-fixed-bottom { + border-radius: 0; + } +} +.navbar-fixed-top { + top: 0; + border-width: 0 0 1px; +} +.navbar-fixed-bottom { + bottom: 0; + margin-bottom: 0; + border-width: 1px 0 0; +} +.navbar-brand { + float: left; + padding: 15px 15px; + font-size: 18px; + line-height: 20px; + height: 50px; +} +.navbar-brand:hover, +.navbar-brand:focus { + text-decoration: none; +} +.navbar-brand > img { + display: block; +} +@media (min-width: 768px) { + .navbar > .container .navbar-brand, + .navbar > .container-fluid .navbar-brand { + margin-left: -15px; + } +} +.navbar-toggle { + position: relative; + float: right; + margin-right: 15px; + padding: 9px 10px; + margin-top: 8px; + margin-bottom: 8px; + background-color: transparent; + background-image: none; + border: 1px solid transparent; + border-radius: 4px; +} +.navbar-toggle:focus { + outline: 0; +} +.navbar-toggle .icon-bar { + display: block; + width: 22px; + height: 2px; + border-radius: 1px; +} +.navbar-toggle .icon-bar + .icon-bar { + margin-top: 4px; +} +@media (min-width: 768px) { + .navbar-toggle { + display: none; + } +} +.navbar-nav { + margin: 7.5px -15px; +} +.navbar-nav > li > a { + padding-top: 10px; + padding-bottom: 10px; + line-height: 20px; +} +@media (max-width: 767px) { + .navbar-nav .open .dropdown-menu { + position: static; + float: none; + width: auto; + margin-top: 0; + background-color: transparent; + border: 0; + -webkit-box-shadow: none; + box-shadow: none; + } + .navbar-nav .open .dropdown-menu > li > a, + .navbar-nav .open .dropdown-menu .dropdown-header { + padding: 5px 15px 5px 25px; + } + .navbar-nav .open .dropdown-menu > li > a { + line-height: 20px; + } + .navbar-nav .open .dropdown-menu > li > a:hover, + .navbar-nav .open .dropdown-menu > li > a:focus { + background-image: none; + } +} +@media (min-width: 768px) { + .navbar-nav { + float: left; + margin: 0; + } + .navbar-nav > li { + float: left; + } + .navbar-nav > li > a { + padding-top: 15px; + padding-bottom: 15px; + } +} +.navbar-form { + margin-left: -15px; + margin-right: -15px; + padding: 10px 15px; + border-top: 1px solid transparent; + border-bottom: 1px solid transparent; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.1); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.1); + margin-top: 6px; + margin-bottom: 6px; +} +@media (min-width: 768px) { + .navbar-form .form-group { + display: inline-block; + margin-bottom: 0; + vertical-align: middle; + } + .navbar-form .form-control { + display: inline-block; + width: auto; + vertical-align: middle; + } + .navbar-form .form-control-static { + display: inline-block; + } + .navbar-form .input-group { + display: inline-table; + vertical-align: middle; + } + .navbar-form .input-group .input-group-addon, + .navbar-form .input-group .input-group-btn, + .navbar-form .input-group .form-control { + width: auto; + } + .navbar-form .input-group > .form-control { + width: 100%; + } + .navbar-form .control-label { + margin-bottom: 0; + vertical-align: middle; + } + .navbar-form .radio, + .navbar-form .checkbox { + display: inline-block; + margin-top: 0; + margin-bottom: 0; + vertical-align: middle; + } + .navbar-form .radio label, + .navbar-form .checkbox label { + padding-left: 0; + } + .navbar-form .radio input[type="radio"], + .navbar-form .checkbox input[type="checkbox"] { + position: relative; + margin-left: 0; + } + .navbar-form .has-feedback .form-control-feedback { + top: 0; + } +} +@media (max-width: 767px) { + .navbar-form .form-group { + margin-bottom: 5px; + } + .navbar-form .form-group:last-child { + margin-bottom: 0; + } +} +@media (min-width: 768px) { + .navbar-form { + width: auto; + border: 0; + margin-left: 0; + margin-right: 0; + padding-top: 0; + padding-bottom: 0; + -webkit-box-shadow: none; + box-shadow: none; + } +} +.navbar-nav > li > .dropdown-menu { + margin-top: 0; + border-top-right-radius: 0; + border-top-left-radius: 0; +} +.navbar-fixed-bottom .navbar-nav > li > .dropdown-menu { + margin-bottom: 0; + border-top-right-radius: 4px; + border-top-left-radius: 4px; + border-bottom-right-radius: 0; + border-bottom-left-radius: 0; +} +.navbar-btn { + margin-top: 6px; + margin-bottom: 6px; +} +.navbar-btn.btn-sm { + margin-top: 10px; + margin-bottom: 10px; +} +.navbar-btn.btn-xs { + margin-top: 14px; + margin-bottom: 14px; +} +.navbar-text { + margin-top: 15px; + margin-bottom: 15px; +} +@media (min-width: 768px) { + .navbar-text { + float: left; + margin-left: 15px; + margin-right: 15px; + } +} +@media (min-width: 768px) { + .navbar-left { + float: left !important; + } + .navbar-right { + float: right !important; + margin-right: -15px; + } + .navbar-right ~ .navbar-right { + margin-right: 0; + } +} +.navbar-default { + background-color: #eeeeee; + border-color: #dddddd; +} +.navbar-default .navbar-brand { + color: #777777; +} +.navbar-default .navbar-brand:hover, +.navbar-default .navbar-brand:focus { + color: #3399f3; + background-color: transparent; +} +.navbar-default .navbar-text { + color: #777777; +} +.navbar-default .navbar-nav > li > a { + color: #777777; +} +.navbar-default .navbar-nav > li > a:hover, +.navbar-default .navbar-nav > li > a:focus { + color: #3399f3; + background-color: transparent; +} +.navbar-default .navbar-nav > .active > a, +.navbar-default .navbar-nav > .active > a:hover, +.navbar-default .navbar-nav > .active > a:focus { + color: #3399f3; + background-color: transparent; +} +.navbar-default .navbar-nav > .disabled > a, +.navbar-default .navbar-nav > .disabled > a:hover, +.navbar-default .navbar-nav > .disabled > a:focus { + color: #444444; + background-color: transparent; +} +.navbar-default .navbar-toggle { + border-color: #dddddd; +} +.navbar-default .navbar-toggle:hover, +.navbar-default .navbar-toggle:focus { + background-color: #dddddd; +} +.navbar-default .navbar-toggle .icon-bar { + background-color: #cccccc; +} +.navbar-default .navbar-collapse, +.navbar-default .navbar-form { + border-color: #dddddd; +} +.navbar-default .navbar-nav > .open > a, +.navbar-default .navbar-nav > .open > a:hover, +.navbar-default .navbar-nav > .open > a:focus { + background-color: transparent; + color: #3399f3; +} +@media (max-width: 767px) { + .navbar-default .navbar-nav .open .dropdown-menu > li > a { + color: #777777; + } + .navbar-default .navbar-nav .open .dropdown-menu > li > a:hover, + .navbar-default .navbar-nav .open .dropdown-menu > li > a:focus { + color: #3399f3; + background-color: transparent; + } + .navbar-default .navbar-nav .open .dropdown-menu > .active > a, + .navbar-default .navbar-nav .open .dropdown-menu > .active > a:hover, + .navbar-default .navbar-nav .open .dropdown-menu > .active > a:focus { + color: #3399f3; + background-color: transparent; + } + .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a, + .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a:hover, + .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a:focus { + color: #444444; + background-color: transparent; + } +} +.navbar-default .navbar-link { + color: #777777; +} +.navbar-default .navbar-link:hover { + color: #3399f3; +} +.navbar-default .btn-link { + color: #777777; +} +.navbar-default .btn-link:hover, +.navbar-default .btn-link:focus { + color: #3399f3; +} +.navbar-default .btn-link[disabled]:hover, +fieldset[disabled] .navbar-default .btn-link:hover, +.navbar-default .btn-link[disabled]:focus, +fieldset[disabled] .navbar-default .btn-link:focus { + color: #444444; +} +.navbar-inverse { + background-color: #446e9b; + border-color: #345578; +} +.navbar-inverse .navbar-brand { + color: #dddddd; +} +.navbar-inverse .navbar-brand:hover, +.navbar-inverse .navbar-brand:focus { + color: #ffffff; + background-color: transparent; +} +.navbar-inverse .navbar-text { + color: #dddddd; +} +.navbar-inverse .navbar-nav > li > a { + color: #dddddd; +} +.navbar-inverse .navbar-nav > li > a:hover, +.navbar-inverse .navbar-nav > li > a:focus { + color: #ffffff; + background-color: transparent; +} +.navbar-inverse .navbar-nav > .active > a, +.navbar-inverse .navbar-nav > .active > a:hover, +.navbar-inverse .navbar-nav > .active > a:focus { + color: #ffffff; + background-color: transparent; +} +.navbar-inverse .navbar-nav > .disabled > a, +.navbar-inverse .navbar-nav > .disabled > a:hover, +.navbar-inverse .navbar-nav > .disabled > a:focus { + color: #cccccc; + background-color: transparent; +} +.navbar-inverse .navbar-toggle { + border-color: #345578; +} +.navbar-inverse .navbar-toggle:hover, +.navbar-inverse .navbar-toggle:focus { + background-color: #345578; +} +.navbar-inverse .navbar-toggle .icon-bar { + background-color: #ffffff; +} +.navbar-inverse .navbar-collapse, +.navbar-inverse .navbar-form { + border-color: #395c82; +} +.navbar-inverse .navbar-nav > .open > a, +.navbar-inverse .navbar-nav > .open > a:hover, +.navbar-inverse .navbar-nav > .open > a:focus { + background-color: transparent; + color: #ffffff; +} +@media (max-width: 767px) { + .navbar-inverse .navbar-nav .open .dropdown-menu > .dropdown-header { + border-color: #345578; + } + .navbar-inverse .navbar-nav .open .dropdown-menu .divider { + background-color: #345578; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > li > a { + color: #dddddd; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > li > a:hover, + .navbar-inverse .navbar-nav .open .dropdown-menu > li > a:focus { + color: #ffffff; + background-color: transparent; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a, + .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a:hover, + .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a:focus { + color: #ffffff; + background-color: transparent; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a, + .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a:hover, + .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a:focus { + color: #cccccc; + background-color: transparent; + } +} +.navbar-inverse .navbar-link { + color: #dddddd; +} +.navbar-inverse .navbar-link:hover { + color: #ffffff; +} +.navbar-inverse .btn-link { + color: #dddddd; +} +.navbar-inverse .btn-link:hover, +.navbar-inverse .btn-link:focus { + color: #ffffff; +} +.navbar-inverse .btn-link[disabled]:hover, +fieldset[disabled] .navbar-inverse .btn-link:hover, +.navbar-inverse .btn-link[disabled]:focus, +fieldset[disabled] .navbar-inverse .btn-link:focus { + color: #cccccc; +} +.breadcrumb { + padding: 8px 15px; + margin-bottom: 20px; + list-style: none; + background-color: #f5f5f5; + border-radius: 4px; +} +.breadcrumb > li { + display: inline-block; +} +.breadcrumb > li + li:before { + content: "/\00a0"; + padding: 0 5px; + color: #cccccc; +} +.breadcrumb > .active { + color: #999999; +} +.pagination { + display: inline-block; + padding-left: 0; + margin: 20px 0; + border-radius: 4px; +} +.pagination > li { + display: inline; +} +.pagination > li > a, +.pagination > li > span { + position: relative; + float: left; + padding: 8px 12px; + line-height: 1.42857143; + text-decoration: none; + color: #3399f3; + background-color: #ffffff; + border: 1px solid #dddddd; + margin-left: -1px; +} +.pagination > li:first-child > a, +.pagination > li:first-child > span { + margin-left: 0; + border-bottom-left-radius: 4px; + border-top-left-radius: 4px; +} +.pagination > li:last-child > a, +.pagination > li:last-child > span { + border-bottom-right-radius: 4px; + border-top-right-radius: 4px; +} +.pagination > li > a:hover, +.pagination > li > span:hover, +.pagination > li > a:focus, +.pagination > li > span:focus { + z-index: 2; + color: #3399f3; + background-color: #eeeeee; + border-color: #dddddd; +} +.pagination > .active > a, +.pagination > .active > span, +.pagination > .active > a:hover, +.pagination > .active > span:hover, +.pagination > .active > a:focus, +.pagination > .active > span:focus { + z-index: 3; + color: #999999; + background-color: #f5f5f5; + border-color: #dddddd; + cursor: default; +} +.pagination > .disabled > span, +.pagination > .disabled > span:hover, +.pagination > .disabled > span:focus, +.pagination > .disabled > a, +.pagination > .disabled > a:hover, +.pagination > .disabled > a:focus { + color: #999999; + background-color: #ffffff; + border-color: #dddddd; + cursor: not-allowed; +} +.pagination-lg > li > a, +.pagination-lg > li > span { + padding: 14px 16px; + font-size: 18px; + line-height: 1.3333333; +} +.pagination-lg > li:first-child > a, +.pagination-lg > li:first-child > span { + border-bottom-left-radius: 6px; + border-top-left-radius: 6px; +} +.pagination-lg > li:last-child > a, +.pagination-lg > li:last-child > span { + border-bottom-right-radius: 6px; + border-top-right-radius: 6px; +} +.pagination-sm > li > a, +.pagination-sm > li > span { + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; +} +.pagination-sm > li:first-child > a, +.pagination-sm > li:first-child > span { + border-bottom-left-radius: 3px; + border-top-left-radius: 3px; +} +.pagination-sm > li:last-child > a, +.pagination-sm > li:last-child > span { + border-bottom-right-radius: 3px; + border-top-right-radius: 3px; +} +.pager { + padding-left: 0; + margin: 20px 0; + list-style: none; + text-align: center; +} +.pager li { + display: inline; +} +.pager li > a, +.pager li > span { + display: inline-block; + padding: 5px 14px; + background-color: #ffffff; + border: 1px solid #dddddd; + border-radius: 15px; +} +.pager li > a:hover, +.pager li > a:focus { + text-decoration: none; + background-color: #eeeeee; +} +.pager .next > a, +.pager .next > span { + float: right; +} +.pager .previous > a, +.pager .previous > span { + float: left; +} +.pager .disabled > a, +.pager .disabled > a:hover, +.pager .disabled > a:focus, +.pager .disabled > span { + color: #999999; + background-color: #ffffff; + cursor: not-allowed; +} +.label { + display: inline; + padding: .2em .6em .3em; + font-size: 75%; + font-weight: bold; + line-height: 1; + color: #ffffff; + text-align: center; + white-space: nowrap; + vertical-align: baseline; + border-radius: .25em; +} +a.label:hover, +a.label:focus { + color: #ffffff; + text-decoration: none; + cursor: pointer; +} +.label:empty { + display: none; +} +.btn .label { + position: relative; + top: -1px; +} +.label-default { + background-color: #474949; +} +.label-default[href]:hover, +.label-default[href]:focus { + background-color: #2e2f2f; +} +.label-primary { + background-color: #446e9b; +} +.label-primary[href]:hover, +.label-primary[href]:focus { + background-color: #345578; +} +.label-success { + background-color: #3cb521; +} +.label-success[href]:hover, +.label-success[href]:focus { + background-color: #2e8a19; +} +.label-info { + background-color: #3399f3; +} +.label-info[href]:hover, +.label-info[href]:focus { + background-color: #0e80e5; +} +.label-warning { + background-color: #d47500; +} +.label-warning[href]:hover, +.label-warning[href]:focus { + background-color: #a15900; +} +.label-danger { + background-color: #cd0200; +} +.label-danger[href]:hover, +.label-danger[href]:focus { + background-color: #9a0200; +} +.badge { + display: inline-block; + min-width: 10px; + padding: 3px 7px; + font-size: 12px; + font-weight: bold; + color: #ffffff; + line-height: 1; + vertical-align: middle; + white-space: nowrap; + text-align: center; + background-color: #3399f3; + border-radius: 10px; +} +.badge:empty { + display: none; +} +.btn .badge { + position: relative; + top: -1px; +} +.btn-xs .badge, +.btn-group-xs > .btn .badge { + top: 0; + padding: 1px 5px; +} +a.badge:hover, +a.badge:focus { + color: #ffffff; + text-decoration: none; + cursor: pointer; +} +.list-group-item.active > .badge, +.nav-pills > .active > a > .badge { + color: #3399f3; + background-color: #ffffff; +} +.list-group-item > .badge { + float: right; +} +.list-group-item > .badge + .badge { + margin-right: 5px; +} +.nav-pills > li > a > .badge { + margin-left: 3px; +} +.jumbotron { + padding-top: 30px; + padding-bottom: 30px; + margin-bottom: 30px; + color: inherit; + background-color: #eeeeee; +} +.jumbotron h1, +.jumbotron .h1 { + color: inherit; +} +.jumbotron p { + margin-bottom: 15px; + font-size: 21px; + font-weight: 200; +} +.jumbotron > hr { + border-top-color: #d5d5d5; +} +.container .jumbotron, +.container-fluid .jumbotron { + border-radius: 6px; + padding-left: 15px; + padding-right: 15px; +} +.jumbotron .container { + max-width: 100%; +} +@media screen and (min-width: 768px) { + .jumbotron { + padding-top: 48px; + padding-bottom: 48px; + } + .container .jumbotron, + .container-fluid .jumbotron { + padding-left: 60px; + padding-right: 60px; + } + .jumbotron h1, + .jumbotron .h1 { + font-size: 63px; + } +} +.thumbnail { + display: block; + padding: 4px; + margin-bottom: 20px; + line-height: 1.42857143; + background-color: #ffffff; + border: 1px solid #dddddd; + border-radius: 4px; + -webkit-transition: border 0.2s ease-in-out; + -o-transition: border 0.2s ease-in-out; + transition: border 0.2s ease-in-out; +} +.thumbnail > img, +.thumbnail a > img { + margin-left: auto; + margin-right: auto; +} +a.thumbnail:hover, +a.thumbnail:focus, +a.thumbnail.active { + border-color: #3399f3; +} +.thumbnail .caption { + padding: 9px; + color: #666666; +} +.alert { + padding: 15px; + margin-bottom: 20px; + border: 1px solid transparent; + border-radius: 4px; +} +.alert h4 { + margin-top: 0; + color: inherit; +} +.alert .alert-link { + font-weight: bold; +} +.alert > p, +.alert > ul { + margin-bottom: 0; +} +.alert > p + p { + margin-top: 5px; +} +.alert-dismissable, +.alert-dismissible { + padding-right: 35px; +} +.alert-dismissable .close, +.alert-dismissible .close { + position: relative; + top: -2px; + right: -21px; + color: inherit; +} +.alert-success { + background-color: #dff0d8; + border-color: #d6e9c6; + color: #468847; +} +.alert-success hr { + border-top-color: #c9e2b3; +} +.alert-success .alert-link { + color: #356635; +} +.alert-info { + background-color: #d9edf7; + border-color: #bce8f1; + color: #3a87ad; +} +.alert-info hr { + border-top-color: #a6e1ec; +} +.alert-info .alert-link { + color: #2d6987; +} +.alert-warning { + background-color: #fcf8e3; + border-color: #fbeed5; + color: #c09853; +} +.alert-warning hr { + border-top-color: #f8e5be; +} +.alert-warning .alert-link { + color: #a47e3c; +} +.alert-danger { + background-color: #f2dede; + border-color: #eed3d7; + color: #b94a48; +} +.alert-danger hr { + border-top-color: #e6c1c7; +} +.alert-danger .alert-link { + color: #953b39; +} +@-webkit-keyframes progress-bar-stripes { + from { + background-position: 40px 0; + } + to { + background-position: 0 0; + } +} +@-o-keyframes progress-bar-stripes { + from { + background-position: 40px 0; + } + to { + background-position: 0 0; + } +} +@keyframes progress-bar-stripes { + from { + background-position: 40px 0; + } + to { + background-position: 0 0; + } +} +.progress { + overflow: hidden; + height: 20px; + margin-bottom: 20px; + background-color: #f5f5f5; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); +} +.progress-bar { + float: left; + width: 0%; + height: 100%; + font-size: 12px; + line-height: 20px; + color: #ffffff; + text-align: center; + background-color: #446e9b; + -webkit-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + -webkit-transition: width 0.6s ease; + -o-transition: width 0.6s ease; + transition: width 0.6s ease; +} +.progress-striped .progress-bar, +.progress-bar-striped { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + -webkit-background-size: 40px 40px; + background-size: 40px 40px; +} +.progress.active .progress-bar, +.progress-bar.active { + -webkit-animation: progress-bar-stripes 2s linear infinite; + -o-animation: progress-bar-stripes 2s linear infinite; + animation: progress-bar-stripes 2s linear infinite; +} +.progress-bar-success { + background-color: #3cb521; +} +.progress-striped .progress-bar-success { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} +.progress-bar-info { + background-color: #3399f3; +} +.progress-striped .progress-bar-info { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} +.progress-bar-warning { + background-color: #d47500; +} +.progress-striped .progress-bar-warning { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} +.progress-bar-danger { + background-color: #cd0200; +} +.progress-striped .progress-bar-danger { + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} +.media { + margin-top: 15px; +} +.media:first-child { + margin-top: 0; +} +.media, +.media-body { + zoom: 1; + overflow: hidden; +} +.media-body { + width: 10000px; +} +.media-object { + display: block; +} +.media-object.img-thumbnail { + max-width: none; +} +.media-right, +.media > .pull-right { + padding-left: 10px; +} +.media-left, +.media > .pull-left { + padding-right: 10px; +} +.media-left, +.media-right, +.media-body { + display: table-cell; + vertical-align: top; +} +.media-middle { + vertical-align: middle; +} +.media-bottom { + vertical-align: bottom; +} +.media-heading { + margin-top: 0; + margin-bottom: 5px; +} +.media-list { + padding-left: 0; + list-style: none; +} +.list-group { + margin-bottom: 20px; + padding-left: 0; +} +.list-group-item { + position: relative; + display: block; + padding: 10px 15px; + margin-bottom: -1px; + background-color: #ffffff; + border: 1px solid #dddddd; +} +.list-group-item:first-child { + border-top-right-radius: 4px; + border-top-left-radius: 4px; +} +.list-group-item:last-child { + margin-bottom: 0; + border-bottom-right-radius: 4px; + border-bottom-left-radius: 4px; +} +a.list-group-item, +button.list-group-item { + color: #555555; +} +a.list-group-item .list-group-item-heading, +button.list-group-item .list-group-item-heading { + color: #333333; +} +a.list-group-item:hover, +button.list-group-item:hover, +a.list-group-item:focus, +button.list-group-item:focus { + text-decoration: none; + color: #555555; + background-color: #f5f5f5; +} +button.list-group-item { + width: 100%; + text-align: left; +} +.list-group-item.disabled, +.list-group-item.disabled:hover, +.list-group-item.disabled:focus { + background-color: #eeeeee; + color: #999999; + cursor: not-allowed; +} +.list-group-item.disabled .list-group-item-heading, +.list-group-item.disabled:hover .list-group-item-heading, +.list-group-item.disabled:focus .list-group-item-heading { + color: inherit; +} +.list-group-item.disabled .list-group-item-text, +.list-group-item.disabled:hover .list-group-item-text, +.list-group-item.disabled:focus .list-group-item-text { + color: #999999; +} +.list-group-item.active, +.list-group-item.active:hover, +.list-group-item.active:focus { + z-index: 2; + color: #ffffff; + background-color: #446e9b; + border-color: #446e9b; +} +.list-group-item.active .list-group-item-heading, +.list-group-item.active:hover .list-group-item-heading, +.list-group-item.active:focus .list-group-item-heading, +.list-group-item.active .list-group-item-heading > small, +.list-group-item.active:hover .list-group-item-heading > small, +.list-group-item.active:focus .list-group-item-heading > small, +.list-group-item.active .list-group-item-heading > .small, +.list-group-item.active:hover .list-group-item-heading > .small, +.list-group-item.active:focus .list-group-item-heading > .small { + color: inherit; +} +.list-group-item.active .list-group-item-text, +.list-group-item.active:hover .list-group-item-text, +.list-group-item.active:focus .list-group-item-text { + color: #c5d5e6; +} +.list-group-item-success { + color: #468847; + background-color: #dff0d8; +} +a.list-group-item-success, +button.list-group-item-success { + color: #468847; +} +a.list-group-item-success .list-group-item-heading, +button.list-group-item-success .list-group-item-heading { + color: inherit; +} +a.list-group-item-success:hover, +button.list-group-item-success:hover, +a.list-group-item-success:focus, +button.list-group-item-success:focus { + color: #468847; + background-color: #d0e9c6; +} +a.list-group-item-success.active, +button.list-group-item-success.active, +a.list-group-item-success.active:hover, +button.list-group-item-success.active:hover, +a.list-group-item-success.active:focus, +button.list-group-item-success.active:focus { + color: #fff; + background-color: #468847; + border-color: #468847; +} +.list-group-item-info { + color: #3a87ad; + background-color: #d9edf7; +} +a.list-group-item-info, +button.list-group-item-info { + color: #3a87ad; +} +a.list-group-item-info .list-group-item-heading, +button.list-group-item-info .list-group-item-heading { + color: inherit; +} +a.list-group-item-info:hover, +button.list-group-item-info:hover, +a.list-group-item-info:focus, +button.list-group-item-info:focus { + color: #3a87ad; + background-color: #c4e3f3; +} +a.list-group-item-info.active, +button.list-group-item-info.active, +a.list-group-item-info.active:hover, +button.list-group-item-info.active:hover, +a.list-group-item-info.active:focus, +button.list-group-item-info.active:focus { + color: #fff; + background-color: #3a87ad; + border-color: #3a87ad; +} +.list-group-item-warning { + color: #c09853; + background-color: #fcf8e3; +} +a.list-group-item-warning, +button.list-group-item-warning { + color: #c09853; +} +a.list-group-item-warning .list-group-item-heading, +button.list-group-item-warning .list-group-item-heading { + color: inherit; +} +a.list-group-item-warning:hover, +button.list-group-item-warning:hover, +a.list-group-item-warning:focus, +button.list-group-item-warning:focus { + color: #c09853; + background-color: #faf2cc; +} +a.list-group-item-warning.active, +button.list-group-item-warning.active, +a.list-group-item-warning.active:hover, +button.list-group-item-warning.active:hover, +a.list-group-item-warning.active:focus, +button.list-group-item-warning.active:focus { + color: #fff; + background-color: #c09853; + border-color: #c09853; +} +.list-group-item-danger { + color: #b94a48; + background-color: #f2dede; +} +a.list-group-item-danger, +button.list-group-item-danger { + color: #b94a48; +} +a.list-group-item-danger .list-group-item-heading, +button.list-group-item-danger .list-group-item-heading { + color: inherit; +} +a.list-group-item-danger:hover, +button.list-group-item-danger:hover, +a.list-group-item-danger:focus, +button.list-group-item-danger:focus { + color: #b94a48; + background-color: #ebcccc; +} +a.list-group-item-danger.active, +button.list-group-item-danger.active, +a.list-group-item-danger.active:hover, +button.list-group-item-danger.active:hover, +a.list-group-item-danger.active:focus, +button.list-group-item-danger.active:focus { + color: #fff; + background-color: #b94a48; + border-color: #b94a48; +} +.list-group-item-heading { + margin-top: 0; + margin-bottom: 5px; +} +.list-group-item-text { + margin-bottom: 0; + line-height: 1.3; +} +.panel { + margin-bottom: 20px; + background-color: #ffffff; + border: 1px solid transparent; + border-radius: 4px; + -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.05); + box-shadow: 0 1px 1px rgba(0, 0, 0, 0.05); +} +.panel-body { + padding: 15px; +} +.panel-heading { + padding: 10px 15px; + border-bottom: 1px solid transparent; + border-top-right-radius: 3px; + border-top-left-radius: 3px; +} +.panel-heading > .dropdown .dropdown-toggle { + color: inherit; +} +.panel-title { + margin-top: 0; + margin-bottom: 0; + font-size: 16px; + color: inherit; +} +.panel-title > a, +.panel-title > small, +.panel-title > .small, +.panel-title > small > a, +.panel-title > .small > a { + color: inherit; +} +.panel-footer { + padding: 10px 15px; + background-color: #f5f5f5; + border-top: 1px solid #dddddd; + border-bottom-right-radius: 3px; + border-bottom-left-radius: 3px; +} +.panel > .list-group, +.panel > .panel-collapse > .list-group { + margin-bottom: 0; +} +.panel > .list-group .list-group-item, +.panel > .panel-collapse > .list-group .list-group-item { + border-width: 1px 0; + border-radius: 0; +} +.panel > .list-group:first-child .list-group-item:first-child, +.panel > .panel-collapse > .list-group:first-child .list-group-item:first-child { + border-top: 0; + border-top-right-radius: 3px; + border-top-left-radius: 3px; +} +.panel > .list-group:last-child .list-group-item:last-child, +.panel > .panel-collapse > .list-group:last-child .list-group-item:last-child { + border-bottom: 0; + border-bottom-right-radius: 3px; + border-bottom-left-radius: 3px; +} +.panel > .panel-heading + .panel-collapse > .list-group .list-group-item:first-child { + border-top-right-radius: 0; + border-top-left-radius: 0; +} +.panel-heading + .list-group .list-group-item:first-child { + border-top-width: 0; +} +.list-group + .panel-footer { + border-top-width: 0; +} +.panel > .table, +.panel > .table-responsive > .table, +.panel > .panel-collapse > .table { + margin-bottom: 0; +} +.panel > .table caption, +.panel > .table-responsive > .table caption, +.panel > .panel-collapse > .table caption { + padding-left: 15px; + padding-right: 15px; +} +.panel > .table:first-child, +.panel > .table-responsive:first-child > .table:first-child { + border-top-right-radius: 3px; + border-top-left-radius: 3px; +} +.panel > .table:first-child > thead:first-child > tr:first-child, +.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child, +.panel > .table:first-child > tbody:first-child > tr:first-child, +.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child { + border-top-left-radius: 3px; + border-top-right-radius: 3px; +} +.panel > .table:first-child > thead:first-child > tr:first-child td:first-child, +.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child td:first-child, +.panel > .table:first-child > tbody:first-child > tr:first-child td:first-child, +.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child td:first-child, +.panel > .table:first-child > thead:first-child > tr:first-child th:first-child, +.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child th:first-child, +.panel > .table:first-child > tbody:first-child > tr:first-child th:first-child, +.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child th:first-child { + border-top-left-radius: 3px; +} +.panel > .table:first-child > thead:first-child > tr:first-child td:last-child, +.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child td:last-child, +.panel > .table:first-child > tbody:first-child > tr:first-child td:last-child, +.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child td:last-child, +.panel > .table:first-child > thead:first-child > tr:first-child th:last-child, +.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child th:last-child, +.panel > .table:first-child > tbody:first-child > tr:first-child th:last-child, +.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child th:last-child { + border-top-right-radius: 3px; +} +.panel > .table:last-child, +.panel > .table-responsive:last-child > .table:last-child { + border-bottom-right-radius: 3px; + border-bottom-left-radius: 3px; +} +.panel > .table:last-child > tbody:last-child > tr:last-child, +.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child, +.panel > .table:last-child > tfoot:last-child > tr:last-child, +.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child { + border-bottom-left-radius: 3px; + border-bottom-right-radius: 3px; +} +.panel > .table:last-child > tbody:last-child > tr:last-child td:first-child, +.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child td:first-child, +.panel > .table:last-child > tfoot:last-child > tr:last-child td:first-child, +.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child td:first-child, +.panel > .table:last-child > tbody:last-child > tr:last-child th:first-child, +.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child th:first-child, +.panel > .table:last-child > tfoot:last-child > tr:last-child th:first-child, +.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child th:first-child { + border-bottom-left-radius: 3px; +} +.panel > .table:last-child > tbody:last-child > tr:last-child td:last-child, +.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child td:last-child, +.panel > .table:last-child > tfoot:last-child > tr:last-child td:last-child, +.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child td:last-child, +.panel > .table:last-child > tbody:last-child > tr:last-child th:last-child, +.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child th:last-child, +.panel > .table:last-child > tfoot:last-child > tr:last-child th:last-child, +.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child th:last-child { + border-bottom-right-radius: 3px; +} +.panel > .panel-body + .table, +.panel > .panel-body + .table-responsive, +.panel > .table + .panel-body, +.panel > .table-responsive + .panel-body { + border-top: 1px solid #dddddd; +} +.panel > .table > tbody:first-child > tr:first-child th, +.panel > .table > tbody:first-child > tr:first-child td { + border-top: 0; +} +.panel > .table-bordered, +.panel > .table-responsive > .table-bordered { + border: 0; +} +.panel > .table-bordered > thead > tr > th:first-child, +.panel > .table-responsive > .table-bordered > thead > tr > th:first-child, +.panel > .table-bordered > tbody > tr > th:first-child, +.panel > .table-responsive > .table-bordered > tbody > tr > th:first-child, +.panel > .table-bordered > tfoot > tr > th:first-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > th:first-child, +.panel > .table-bordered > thead > tr > td:first-child, +.panel > .table-responsive > .table-bordered > thead > tr > td:first-child, +.panel > .table-bordered > tbody > tr > td:first-child, +.panel > .table-responsive > .table-bordered > tbody > tr > td:first-child, +.panel > .table-bordered > tfoot > tr > td:first-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > td:first-child { + border-left: 0; +} +.panel > .table-bordered > thead > tr > th:last-child, +.panel > .table-responsive > .table-bordered > thead > tr > th:last-child, +.panel > .table-bordered > tbody > tr > th:last-child, +.panel > .table-responsive > .table-bordered > tbody > tr > th:last-child, +.panel > .table-bordered > tfoot > tr > th:last-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > th:last-child, +.panel > .table-bordered > thead > tr > td:last-child, +.panel > .table-responsive > .table-bordered > thead > tr > td:last-child, +.panel > .table-bordered > tbody > tr > td:last-child, +.panel > .table-responsive > .table-bordered > tbody > tr > td:last-child, +.panel > .table-bordered > tfoot > tr > td:last-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > td:last-child { + border-right: 0; +} +.panel > .table-bordered > thead > tr:first-child > td, +.panel > .table-responsive > .table-bordered > thead > tr:first-child > td, +.panel > .table-bordered > tbody > tr:first-child > td, +.panel > .table-responsive > .table-bordered > tbody > tr:first-child > td, +.panel > .table-bordered > thead > tr:first-child > th, +.panel > .table-responsive > .table-bordered > thead > tr:first-child > th, +.panel > .table-bordered > tbody > tr:first-child > th, +.panel > .table-responsive > .table-bordered > tbody > tr:first-child > th { + border-bottom: 0; +} +.panel > .table-bordered > tbody > tr:last-child > td, +.panel > .table-responsive > .table-bordered > tbody > tr:last-child > td, +.panel > .table-bordered > tfoot > tr:last-child > td, +.panel > .table-responsive > .table-bordered > tfoot > tr:last-child > td, +.panel > .table-bordered > tbody > tr:last-child > th, +.panel > .table-responsive > .table-bordered > tbody > tr:last-child > th, +.panel > .table-bordered > tfoot > tr:last-child > th, +.panel > .table-responsive > .table-bordered > tfoot > tr:last-child > th { + border-bottom: 0; +} +.panel > .table-responsive { + border: 0; + margin-bottom: 0; +} +.panel-group { + margin-bottom: 20px; +} +.panel-group .panel { + margin-bottom: 0; + border-radius: 4px; +} +.panel-group .panel + .panel { + margin-top: 5px; +} +.panel-group .panel-heading { + border-bottom: 0; +} +.panel-group .panel-heading + .panel-collapse > .panel-body, +.panel-group .panel-heading + .panel-collapse > .list-group { + border-top: 1px solid #dddddd; +} +.panel-group .panel-footer { + border-top: 0; +} +.panel-group .panel-footer + .panel-collapse .panel-body { + border-bottom: 1px solid #dddddd; +} +.panel-default { + border-color: #dddddd; +} +.panel-default > .panel-heading { + color: #333333; + background-color: #f5f5f5; + border-color: #dddddd; +} +.panel-default > .panel-heading + .panel-collapse > .panel-body { + border-top-color: #dddddd; +} +.panel-default > .panel-heading .badge { + color: #f5f5f5; + background-color: #333333; +} +.panel-default > .panel-footer + .panel-collapse > .panel-body { + border-bottom-color: #dddddd; +} +.panel-primary { + border-color: #446e9b; +} +.panel-primary > .panel-heading { + color: #ffffff; + background-color: #446e9b; + border-color: #446e9b; +} +.panel-primary > .panel-heading + .panel-collapse > .panel-body { + border-top-color: #446e9b; +} +.panel-primary > .panel-heading .badge { + color: #446e9b; + background-color: #ffffff; +} +.panel-primary > .panel-footer + .panel-collapse > .panel-body { + border-bottom-color: #446e9b; +} +.panel-success { + border-color: #d6e9c6; +} +.panel-success > .panel-heading { + color: #468847; + background-color: #dff0d8; + border-color: #d6e9c6; +} +.panel-success > .panel-heading + .panel-collapse > .panel-body { + border-top-color: #d6e9c6; +} +.panel-success > .panel-heading .badge { + color: #dff0d8; + background-color: #468847; +} +.panel-success > .panel-footer + .panel-collapse > .panel-body { + border-bottom-color: #d6e9c6; +} +.panel-info { + border-color: #bce8f1; +} +.panel-info > .panel-heading { + color: #3a87ad; + background-color: #d9edf7; + border-color: #bce8f1; +} +.panel-info > .panel-heading + .panel-collapse > .panel-body { + border-top-color: #bce8f1; +} +.panel-info > .panel-heading .badge { + color: #d9edf7; + background-color: #3a87ad; +} +.panel-info > .panel-footer + .panel-collapse > .panel-body { + border-bottom-color: #bce8f1; +} +.panel-warning { + border-color: #fbeed5; +} +.panel-warning > .panel-heading { + color: #c09853; + background-color: #fcf8e3; + border-color: #fbeed5; +} +.panel-warning > .panel-heading + .panel-collapse > .panel-body { + border-top-color: #fbeed5; +} +.panel-warning > .panel-heading .badge { + color: #fcf8e3; + background-color: #c09853; +} +.panel-warning > .panel-footer + .panel-collapse > .panel-body { + border-bottom-color: #fbeed5; +} +.panel-danger { + border-color: #eed3d7; +} +.panel-danger > .panel-heading { + color: #b94a48; + background-color: #f2dede; + border-color: #eed3d7; +} +.panel-danger > .panel-heading + .panel-collapse > .panel-body { + border-top-color: #eed3d7; +} +.panel-danger > .panel-heading .badge { + color: #f2dede; + background-color: #b94a48; +} +.panel-danger > .panel-footer + .panel-collapse > .panel-body { + border-bottom-color: #eed3d7; +} +.embed-responsive { + position: relative; + display: block; + height: 0; + padding: 0; + overflow: hidden; +} +.embed-responsive .embed-responsive-item, +.embed-responsive iframe, +.embed-responsive embed, +.embed-responsive object, +.embed-responsive video { + position: absolute; + top: 0; + left: 0; + bottom: 0; + height: 100%; + width: 100%; + border: 0; +} +.embed-responsive-16by9 { + padding-bottom: 56.25%; +} +.embed-responsive-4by3 { + padding-bottom: 75%; +} +.well { + min-height: 20px; + padding: 19px; + margin-bottom: 20px; + background-color: #f5f5f5; + border: 1px solid #e3e3e3; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); +} +.well blockquote { + border-color: #ddd; + border-color: rgba(0, 0, 0, 0.15); +} +.well-lg { + padding: 24px; + border-radius: 6px; +} +.well-sm { + padding: 9px; + border-radius: 3px; +} +.close { + float: right; + font-size: 21px; + font-weight: bold; + line-height: 1; + color: #000000; + text-shadow: 0 1px 0 #ffffff; + opacity: 0.2; + filter: alpha(opacity=20); +} +.close:hover, +.close:focus { + color: #000000; + text-decoration: none; + cursor: pointer; + opacity: 0.5; + filter: alpha(opacity=50); +} +button.close { + padding: 0; + cursor: pointer; + background: transparent; + border: 0; + -webkit-appearance: none; +} +.modal-open { + overflow: hidden; +} +.modal { + display: none; + overflow: hidden; + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 1050; + -webkit-overflow-scrolling: touch; + outline: 0; +} +.modal.fade .modal-dialog { + -webkit-transform: translate(0, -25%); + -ms-transform: translate(0, -25%); + -o-transform: translate(0, -25%); + transform: translate(0, -25%); + -webkit-transition: -webkit-transform 0.3s ease-out; + -o-transition: -o-transform 0.3s ease-out; + transition: transform 0.3s ease-out; +} +.modal.in .modal-dialog { + -webkit-transform: translate(0, 0); + -ms-transform: translate(0, 0); + -o-transform: translate(0, 0); + transform: translate(0, 0); +} +.modal-open .modal { + overflow-x: hidden; + overflow-y: auto; +} +.modal-dialog { + position: relative; + width: auto; + margin: 10px; +} +.modal-content { + position: relative; + background-color: #ffffff; + border: 1px solid #999999; + border: 1px solid rgba(0, 0, 0, 0.2); + border-radius: 6px; + -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); + box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); + -webkit-background-clip: padding-box; + background-clip: padding-box; + outline: 0; +} +.modal-backdrop { + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 1040; + background-color: #000000; +} +.modal-backdrop.fade { + opacity: 0; + filter: alpha(opacity=0); +} +.modal-backdrop.in { + opacity: 0.5; + filter: alpha(opacity=50); +} +.modal-header { + padding: 15px; + border-bottom: 1px solid #e5e5e5; +} +.modal-header .close { + margin-top: -2px; +} +.modal-title { + margin: 0; + line-height: 1.42857143; +} +.modal-body { + position: relative; + padding: 20px; +} +.modal-footer { + padding: 20px; + text-align: right; + border-top: 1px solid #e5e5e5; +} +.modal-footer .btn + .btn { + margin-left: 5px; + margin-bottom: 0; +} +.modal-footer .btn-group .btn + .btn { + margin-left: -1px; +} +.modal-footer .btn-block + .btn-block { + margin-left: 0; +} +.modal-scrollbar-measure { + position: absolute; + top: -9999px; + width: 50px; + height: 50px; + overflow: scroll; +} +@media (min-width: 768px) { + .modal-dialog { + width: 600px; + margin: 30px auto; + } + .modal-content { + -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5); + box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5); + } + .modal-sm { + width: 300px; + } +} +@media (min-width: 992px) { + .modal-lg { + width: 900px; + } +} +.tooltip { + position: absolute; + z-index: 1070; + display: block; + font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-style: normal; + font-weight: normal; + letter-spacing: normal; + line-break: auto; + line-height: 1.42857143; + text-align: left; + text-align: start; + text-decoration: none; + text-shadow: none; + text-transform: none; + white-space: normal; + word-break: normal; + word-spacing: normal; + word-wrap: normal; + font-size: 12px; + opacity: 0; + filter: alpha(opacity=0); +} +.tooltip.in { + opacity: 0.9; + filter: alpha(opacity=90); +} +.tooltip.top { + margin-top: -3px; + padding: 5px 0; +} +.tooltip.right { + margin-left: 3px; + padding: 0 5px; +} +.tooltip.bottom { + margin-top: 3px; + padding: 5px 0; +} +.tooltip.left { + margin-left: -3px; + padding: 0 5px; +} +.tooltip-inner { + max-width: 200px; + padding: 3px 8px; + color: #ffffff; + text-align: center; + background-color: #000000; + border-radius: 4px; +} +.tooltip-arrow { + position: absolute; + width: 0; + height: 0; + border-color: transparent; + border-style: solid; +} +.tooltip.top .tooltip-arrow { + bottom: 0; + left: 50%; + margin-left: -5px; + border-width: 5px 5px 0; + border-top-color: #000000; +} +.tooltip.top-left .tooltip-arrow { + bottom: 0; + right: 5px; + margin-bottom: -5px; + border-width: 5px 5px 0; + border-top-color: #000000; +} +.tooltip.top-right .tooltip-arrow { + bottom: 0; + left: 5px; + margin-bottom: -5px; + border-width: 5px 5px 0; + border-top-color: #000000; +} +.tooltip.right .tooltip-arrow { + top: 50%; + left: 0; + margin-top: -5px; + border-width: 5px 5px 5px 0; + border-right-color: #000000; +} +.tooltip.left .tooltip-arrow { + top: 50%; + right: 0; + margin-top: -5px; + border-width: 5px 0 5px 5px; + border-left-color: #000000; +} +.tooltip.bottom .tooltip-arrow { + top: 0; + left: 50%; + margin-left: -5px; + border-width: 0 5px 5px; + border-bottom-color: #000000; +} +.tooltip.bottom-left .tooltip-arrow { + top: 0; + right: 5px; + margin-top: -5px; + border-width: 0 5px 5px; + border-bottom-color: #000000; +} +.tooltip.bottom-right .tooltip-arrow { + top: 0; + left: 5px; + margin-top: -5px; + border-width: 0 5px 5px; + border-bottom-color: #000000; +} +.popover { + position: absolute; + top: 0; + left: 0; + z-index: 1060; + display: none; + max-width: 276px; + padding: 1px; + font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-style: normal; + font-weight: normal; + letter-spacing: normal; + line-break: auto; + line-height: 1.42857143; + text-align: left; + text-align: start; + text-decoration: none; + text-shadow: none; + text-transform: none; + white-space: normal; + word-break: normal; + word-spacing: normal; + word-wrap: normal; + font-size: 14px; + background-color: #ffffff; + -webkit-background-clip: padding-box; + background-clip: padding-box; + border: 1px solid #cccccc; + border: 1px solid rgba(0, 0, 0, 0.2); + border-radius: 6px; + -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); +} +.popover.top { + margin-top: -10px; +} +.popover.right { + margin-left: 10px; +} +.popover.bottom { + margin-top: 10px; +} +.popover.left { + margin-left: -10px; +} +.popover-title { + margin: 0; + padding: 8px 14px; + font-size: 14px; + background-color: #f7f7f7; + border-bottom: 1px solid #ebebeb; + border-radius: 5px 5px 0 0; +} +.popover-content { + padding: 9px 14px; +} +.popover > .arrow, +.popover > .arrow:after { + position: absolute; + display: block; + width: 0; + height: 0; + border-color: transparent; + border-style: solid; +} +.popover > .arrow { + border-width: 11px; +} +.popover > .arrow:after { + border-width: 10px; + content: ""; +} +.popover.top > .arrow { + left: 50%; + margin-left: -11px; + border-bottom-width: 0; + border-top-color: #999999; + border-top-color: rgba(0, 0, 0, 0.25); + bottom: -11px; +} +.popover.top > .arrow:after { + content: " "; + bottom: 1px; + margin-left: -10px; + border-bottom-width: 0; + border-top-color: #ffffff; +} +.popover.right > .arrow { + top: 50%; + left: -11px; + margin-top: -11px; + border-left-width: 0; + border-right-color: #999999; + border-right-color: rgba(0, 0, 0, 0.25); +} +.popover.right > .arrow:after { + content: " "; + left: 1px; + bottom: -10px; + border-left-width: 0; + border-right-color: #ffffff; +} +.popover.bottom > .arrow { + left: 50%; + margin-left: -11px; + border-top-width: 0; + border-bottom-color: #999999; + border-bottom-color: rgba(0, 0, 0, 0.25); + top: -11px; +} +.popover.bottom > .arrow:after { + content: " "; + top: 1px; + margin-left: -10px; + border-top-width: 0; + border-bottom-color: #ffffff; +} +.popover.left > .arrow { + top: 50%; + right: -11px; + margin-top: -11px; + border-right-width: 0; + border-left-color: #999999; + border-left-color: rgba(0, 0, 0, 0.25); +} +.popover.left > .arrow:after { + content: " "; + right: 1px; + border-right-width: 0; + border-left-color: #ffffff; + bottom: -10px; +} +.carousel { + position: relative; +} +.carousel-inner { + position: relative; + overflow: hidden; + width: 100%; +} +.carousel-inner > .item { + display: none; + position: relative; + -webkit-transition: 0.6s ease-in-out left; + -o-transition: 0.6s ease-in-out left; + transition: 0.6s ease-in-out left; +} +.carousel-inner > .item > img, +.carousel-inner > .item > a > img { + line-height: 1; +} +@media all and (transform-3d), (-webkit-transform-3d) { + .carousel-inner > .item { + -webkit-transition: -webkit-transform 0.6s ease-in-out; + -o-transition: -o-transform 0.6s ease-in-out; + transition: transform 0.6s ease-in-out; + -webkit-backface-visibility: hidden; + backface-visibility: hidden; + -webkit-perspective: 1000px; + perspective: 1000px; + } + .carousel-inner > .item.next, + .carousel-inner > .item.active.right { + -webkit-transform: translate3d(100%, 0, 0); + transform: translate3d(100%, 0, 0); + left: 0; + } + .carousel-inner > .item.prev, + .carousel-inner > .item.active.left { + -webkit-transform: translate3d(-100%, 0, 0); + transform: translate3d(-100%, 0, 0); + left: 0; + } + .carousel-inner > .item.next.left, + .carousel-inner > .item.prev.right, + .carousel-inner > .item.active { + -webkit-transform: translate3d(0, 0, 0); + transform: translate3d(0, 0, 0); + left: 0; + } +} +.carousel-inner > .active, +.carousel-inner > .next, +.carousel-inner > .prev { + display: block; +} +.carousel-inner > .active { + left: 0; +} +.carousel-inner > .next, +.carousel-inner > .prev { + position: absolute; + top: 0; + width: 100%; +} +.carousel-inner > .next { + left: 100%; +} +.carousel-inner > .prev { + left: -100%; +} +.carousel-inner > .next.left, +.carousel-inner > .prev.right { + left: 0; +} +.carousel-inner > .active.left { + left: -100%; +} +.carousel-inner > .active.right { + left: 100%; +} +.carousel-control { + position: absolute; + top: 0; + left: 0; + bottom: 0; + width: 15%; + opacity: 0.5; + filter: alpha(opacity=50); + font-size: 20px; + color: #ffffff; + text-align: center; + text-shadow: 0 1px 2px rgba(0, 0, 0, 0.6); + background-color: rgba(0, 0, 0, 0); +} +.carousel-control.left { + background-image: -webkit-linear-gradient(left, rgba(0, 0, 0, 0.5) 0%, rgba(0, 0, 0, 0.0001) 100%); + background-image: -o-linear-gradient(left, rgba(0, 0, 0, 0.5) 0%, rgba(0, 0, 0, 0.0001) 100%); + background-image: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, 0.5)), to(rgba(0, 0, 0, 0.0001))); + background-image: linear-gradient(to right, rgba(0, 0, 0, 0.5) 0%, rgba(0, 0, 0, 0.0001) 100%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1); +} +.carousel-control.right { + left: auto; + right: 0; + background-image: -webkit-linear-gradient(left, rgba(0, 0, 0, 0.0001) 0%, rgba(0, 0, 0, 0.5) 100%); + background-image: -o-linear-gradient(left, rgba(0, 0, 0, 0.0001) 0%, rgba(0, 0, 0, 0.5) 100%); + background-image: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, 0.0001)), to(rgba(0, 0, 0, 0.5))); + background-image: linear-gradient(to right, rgba(0, 0, 0, 0.0001) 0%, rgba(0, 0, 0, 0.5) 100%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1); +} +.carousel-control:hover, +.carousel-control:focus { + outline: 0; + color: #ffffff; + text-decoration: none; + opacity: 0.9; + filter: alpha(opacity=90); +} +.carousel-control .icon-prev, +.carousel-control .icon-next, +.carousel-control .glyphicon-chevron-left, +.carousel-control .glyphicon-chevron-right { + position: absolute; + top: 50%; + margin-top: -10px; + z-index: 5; + display: inline-block; +} +.carousel-control .icon-prev, +.carousel-control .glyphicon-chevron-left { + left: 50%; + margin-left: -10px; +} +.carousel-control .icon-next, +.carousel-control .glyphicon-chevron-right { + right: 50%; + margin-right: -10px; +} +.carousel-control .icon-prev, +.carousel-control .icon-next { + width: 20px; + height: 20px; + line-height: 1; + font-family: serif; +} +.carousel-control .icon-prev:before { + content: '\2039'; +} +.carousel-control .icon-next:before { + content: '\203a'; +} +.carousel-indicators { + position: absolute; + bottom: 10px; + left: 50%; + z-index: 15; + width: 60%; + margin-left: -30%; + padding-left: 0; + list-style: none; + text-align: center; +} +.carousel-indicators li { + display: inline-block; + width: 10px; + height: 10px; + margin: 1px; + text-indent: -999px; + border: 1px solid #ffffff; + border-radius: 10px; + cursor: pointer; + background-color: #000 \9; + background-color: rgba(0, 0, 0, 0); +} +.carousel-indicators .active { + margin: 0; + width: 12px; + height: 12px; + background-color: #ffffff; +} +.carousel-caption { + position: absolute; + left: 15%; + right: 15%; + bottom: 20px; + z-index: 10; + padding-top: 20px; + padding-bottom: 20px; + color: #ffffff; + text-align: center; + text-shadow: 0 1px 2px rgba(0, 0, 0, 0.6); +} +.carousel-caption .btn { + text-shadow: none; +} +@media screen and (min-width: 768px) { + .carousel-control .glyphicon-chevron-left, + .carousel-control .glyphicon-chevron-right, + .carousel-control .icon-prev, + .carousel-control .icon-next { + width: 30px; + height: 30px; + margin-top: -10px; + font-size: 30px; + } + .carousel-control .glyphicon-chevron-left, + .carousel-control .icon-prev { + margin-left: -10px; + } + .carousel-control .glyphicon-chevron-right, + .carousel-control .icon-next { + margin-right: -10px; + } + .carousel-caption { + left: 20%; + right: 20%; + padding-bottom: 30px; + } + .carousel-indicators { + bottom: 20px; + } +} +.clearfix:before, +.clearfix:after, +.dl-horizontal dd:before, +.dl-horizontal dd:after, +.container:before, +.container:after, +.container-fluid:before, +.container-fluid:after, +.row:before, +.row:after, +.form-horizontal .form-group:before, +.form-horizontal .form-group:after, +.btn-toolbar:before, +.btn-toolbar:after, +.btn-group-vertical > .btn-group:before, +.btn-group-vertical > .btn-group:after, +.nav:before, +.nav:after, +.navbar:before, +.navbar:after, +.navbar-header:before, +.navbar-header:after, +.navbar-collapse:before, +.navbar-collapse:after, +.pager:before, +.pager:after, +.panel-body:before, +.panel-body:after, +.modal-header:before, +.modal-header:after, +.modal-footer:before, +.modal-footer:after { + content: " "; + display: table; +} +.clearfix:after, +.dl-horizontal dd:after, +.container:after, +.container-fluid:after, +.row:after, +.form-horizontal .form-group:after, +.btn-toolbar:after, +.btn-group-vertical > .btn-group:after, +.nav:after, +.navbar:after, +.navbar-header:after, +.navbar-collapse:after, +.pager:after, +.panel-body:after, +.modal-header:after, +.modal-footer:after { + clear: both; +} +.center-block { + display: block; + margin-left: auto; + margin-right: auto; +} +.pull-right { + float: right !important; +} +.pull-left { + float: left !important; +} +.hide { + display: none !important; +} +.show { + display: block !important; +} +.invisible { + visibility: hidden; +} +.text-hide { + font: 0/0 a; + color: transparent; + text-shadow: none; + background-color: transparent; + border: 0; +} +.hidden { + display: none !important; +} +.affix { + position: fixed; +} +@-ms-viewport { + width: device-width; +} +.visible-xs, +.visible-sm, +.visible-md, +.visible-lg { + display: none !important; +} +.visible-xs-block, +.visible-xs-inline, +.visible-xs-inline-block, +.visible-sm-block, +.visible-sm-inline, +.visible-sm-inline-block, +.visible-md-block, +.visible-md-inline, +.visible-md-inline-block, +.visible-lg-block, +.visible-lg-inline, +.visible-lg-inline-block { + display: none !important; +} +@media (max-width: 767px) { + .visible-xs { + display: block !important; + } + table.visible-xs { + display: table !important; + } + tr.visible-xs { + display: table-row !important; + } + th.visible-xs, + td.visible-xs { + display: table-cell !important; + } +} +@media (max-width: 767px) { + .visible-xs-block { + display: block !important; + } +} +@media (max-width: 767px) { + .visible-xs-inline { + display: inline !important; + } +} +@media (max-width: 767px) { + .visible-xs-inline-block { + display: inline-block !important; + } +} +@media (min-width: 768px) and (max-width: 991px) { + .visible-sm { + display: block !important; + } + table.visible-sm { + display: table !important; + } + tr.visible-sm { + display: table-row !important; + } + th.visible-sm, + td.visible-sm { + display: table-cell !important; + } +} +@media (min-width: 768px) and (max-width: 991px) { + .visible-sm-block { + display: block !important; + } +} +@media (min-width: 768px) and (max-width: 991px) { + .visible-sm-inline { + display: inline !important; + } +} +@media (min-width: 768px) and (max-width: 991px) { + .visible-sm-inline-block { + display: inline-block !important; + } +} +@media (min-width: 992px) and (max-width: 1199px) { + .visible-md { + display: block !important; + } + table.visible-md { + display: table !important; + } + tr.visible-md { + display: table-row !important; + } + th.visible-md, + td.visible-md { + display: table-cell !important; + } +} +@media (min-width: 992px) and (max-width: 1199px) { + .visible-md-block { + display: block !important; + } +} +@media (min-width: 992px) and (max-width: 1199px) { + .visible-md-inline { + display: inline !important; + } +} +@media (min-width: 992px) and (max-width: 1199px) { + .visible-md-inline-block { + display: inline-block !important; + } +} +@media (min-width: 1200px) { + .visible-lg { + display: block !important; + } + table.visible-lg { + display: table !important; + } + tr.visible-lg { + display: table-row !important; + } + th.visible-lg, + td.visible-lg { + display: table-cell !important; + } +} +@media (min-width: 1200px) { + .visible-lg-block { + display: block !important; + } +} +@media (min-width: 1200px) { + .visible-lg-inline { + display: inline !important; + } +} +@media (min-width: 1200px) { + .visible-lg-inline-block { + display: inline-block !important; + } +} +@media (max-width: 767px) { + .hidden-xs { + display: none !important; + } +} +@media (min-width: 768px) and (max-width: 991px) { + .hidden-sm { + display: none !important; + } +} +@media (min-width: 992px) and (max-width: 1199px) { + .hidden-md { + display: none !important; + } +} +@media (min-width: 1200px) { + .hidden-lg { + display: none !important; + } +} +.visible-print { + display: none !important; +} +@media print { + .visible-print { + display: block !important; + } + table.visible-print { + display: table !important; + } + tr.visible-print { + display: table-row !important; + } + th.visible-print, + td.visible-print { + display: table-cell !important; + } +} +.visible-print-block { + display: none !important; +} +@media print { + .visible-print-block { + display: block !important; + } +} +.visible-print-inline { + display: none !important; +} +@media print { + .visible-print-inline { + display: inline !important; + } +} +.visible-print-inline-block { + display: none !important; +} +@media print { + .visible-print-inline-block { + display: inline-block !important; + } +} +@media print { + .hidden-print { + display: none !important; + } +} +.navbar { + background-image: -webkit-linear-gradient(#ffffff, #eeeeee 50%, #e4e4e4); + background-image: -o-linear-gradient(#ffffff, #eeeeee 50%, #e4e4e4); + background-image: -webkit-gradient(linear, left top, left bottom, from(#ffffff), color-stop(50%, #eeeeee), to(#e4e4e4)); + background-image: linear-gradient(#ffffff, #eeeeee 50%, #e4e4e4); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe4e4e4', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #d5d5d5; + text-shadow: 0 1px 0 rgba(255, 255, 255, 0.3); +} +.navbar-inverse { + background-image: -webkit-linear-gradient(#6d94bf, #446e9b 50%, #3e648d); + background-image: -o-linear-gradient(#6d94bf, #446e9b 50%, #3e648d); + background-image: -webkit-gradient(linear, left top, left bottom, from(#6d94bf), color-stop(50%, #446e9b), to(#3e648d)); + background-image: linear-gradient(#6d94bf, #446e9b 50%, #3e648d); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff6d94bf', endColorstr='#ff3e648d', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #345578; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.3); +} +.navbar-inverse .badge { + background-color: #fff; + color: #446e9b; +} +.navbar .badge { + text-shadow: none; +} +.navbar-nav > li > a, +.navbar-nav > li > a:hover { + padding-top: 17px; + padding-bottom: 13px; + -webkit-transition: color ease-in-out 0.2s; + -o-transition: color ease-in-out 0.2s; + transition: color ease-in-out 0.2s; +} +.navbar-brand, +.navbar-brand:hover { + -webkit-transition: color ease-in-out 0.2s; + -o-transition: color ease-in-out 0.2s; + transition: color ease-in-out 0.2s; +} +.navbar .caret, +.navbar .caret:hover { + -webkit-transition: border-color ease-in-out 0.2s; + -o-transition: border-color ease-in-out 0.2s; + transition: border-color ease-in-out 0.2s; +} +.navbar .dropdown-menu { + text-shadow: none; +} +.btn { + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.3); +} +.btn-default { + background-image: -webkit-linear-gradient(#6d7070, #474949 50%, #3d3f3f); + background-image: -o-linear-gradient(#6d7070, #474949 50%, #3d3f3f); + background-image: -webkit-gradient(linear, left top, left bottom, from(#6d7070), color-stop(50%, #474949), to(#3d3f3f)); + background-image: linear-gradient(#6d7070, #474949 50%, #3d3f3f); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff6d7070', endColorstr='#ff3d3f3f', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #2e2f2f; +} +.btn-default:hover { + background-image: -webkit-linear-gradient(#636565, #3d3f3f 50%, #333434); + background-image: -o-linear-gradient(#636565, #3d3f3f 50%, #333434); + background-image: -webkit-gradient(linear, left top, left bottom, from(#636565), color-stop(50%, #3d3f3f), to(#333434)); + background-image: linear-gradient(#636565, #3d3f3f 50%, #333434); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff636565', endColorstr='#ff333434', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #242525; +} +.btn-primary { + background-image: -webkit-linear-gradient(#6d94bf, #446e9b 50%, #3e648d); + background-image: -o-linear-gradient(#6d94bf, #446e9b 50%, #3e648d); + background-image: -webkit-gradient(linear, left top, left bottom, from(#6d94bf), color-stop(50%, #446e9b), to(#3e648d)); + background-image: linear-gradient(#6d94bf, #446e9b 50%, #3e648d); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff6d94bf', endColorstr='#ff3e648d', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #345578; +} +.btn-primary:hover { + background-image: -webkit-linear-gradient(#5f8ab9, #3e648d 50%, #385a7f); + background-image: -o-linear-gradient(#5f8ab9, #3e648d 50%, #385a7f); + background-image: -webkit-gradient(linear, left top, left bottom, from(#5f8ab9), color-stop(50%, #3e648d), to(#385a7f)); + background-image: linear-gradient(#5f8ab9, #3e648d 50%, #385a7f); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5f8ab9', endColorstr='#ff385a7f', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #2e4b69; +} +.btn-success { + background-image: -webkit-linear-gradient(#61dd45, #3cb521 50%, #36a41e); + background-image: -o-linear-gradient(#61dd45, #3cb521 50%, #36a41e); + background-image: -webkit-gradient(linear, left top, left bottom, from(#61dd45), color-stop(50%, #3cb521), to(#36a41e)); + background-image: linear-gradient(#61dd45, #3cb521 50%, #36a41e); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff61dd45', endColorstr='#ff36a41e', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #2e8a19; +} +.btn-success:hover { + background-image: -webkit-linear-gradient(#52da34, #36a41e 50%, #31921b); + background-image: -o-linear-gradient(#52da34, #36a41e 50%, #31921b); + background-image: -webkit-gradient(linear, left top, left bottom, from(#52da34), color-stop(50%, #36a41e), to(#31921b)); + background-image: linear-gradient(#52da34, #36a41e 50%, #31921b); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff52da34', endColorstr='#ff31921b', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #287916; +} +.btn-info { + background-image: -webkit-linear-gradient(#7bbdf7, #3399f3 50%, #208ff2); + background-image: -o-linear-gradient(#7bbdf7, #3399f3 50%, #208ff2); + background-image: -webkit-gradient(linear, left top, left bottom, from(#7bbdf7), color-stop(50%, #3399f3), to(#208ff2)); + background-image: linear-gradient(#7bbdf7, #3399f3 50%, #208ff2); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff7bbdf7', endColorstr='#ff208ff2', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #0e80e5; +} +.btn-info:hover { + background-image: -webkit-linear-gradient(#68b3f6, #208ff2 50%, #0e86ef); + background-image: -o-linear-gradient(#68b3f6, #208ff2 50%, #0e86ef); + background-image: -webkit-gradient(linear, left top, left bottom, from(#68b3f6), color-stop(50%, #208ff2), to(#0e86ef)); + background-image: linear-gradient(#68b3f6, #208ff2 50%, #0e86ef); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff68b3f6', endColorstr='#ff0e86ef', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #0c75d2; +} +.btn-warning { + background-image: -webkit-linear-gradient(#ff9c21, #d47500 50%, #c06a00); + background-image: -o-linear-gradient(#ff9c21, #d47500 50%, #c06a00); + background-image: -webkit-gradient(linear, left top, left bottom, from(#ff9c21), color-stop(50%, #d47500), to(#c06a00)); + background-image: linear-gradient(#ff9c21, #d47500 50%, #c06a00); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffff9c21', endColorstr='#ffc06a00', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #a15900; +} +.btn-warning:hover { + background-image: -webkit-linear-gradient(#ff930d, #c06a00 50%, #ab5e00); + background-image: -o-linear-gradient(#ff930d, #c06a00 50%, #ab5e00); + background-image: -webkit-gradient(linear, left top, left bottom, from(#ff930d), color-stop(50%, #c06a00), to(#ab5e00)); + background-image: linear-gradient(#ff930d, #c06a00 50%, #ab5e00); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffff930d', endColorstr='#ffab5e00', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #8d4e00; +} +.btn-danger { + background-image: -webkit-linear-gradient(#ff1d1b, #cd0200 50%, #b90200); + background-image: -o-linear-gradient(#ff1d1b, #cd0200 50%, #b90200); + background-image: -webkit-gradient(linear, left top, left bottom, from(#ff1d1b), color-stop(50%, #cd0200), to(#b90200)); + background-image: linear-gradient(#ff1d1b, #cd0200 50%, #b90200); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffff1d1b', endColorstr='#ffb90200', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #9a0200; +} +.btn-danger:hover { + background-image: -webkit-linear-gradient(#ff0906, #b90200 50%, #a40200); + background-image: -o-linear-gradient(#ff0906, #b90200 50%, #a40200); + background-image: -webkit-gradient(linear, left top, left bottom, from(#ff0906), color-stop(50%, #b90200), to(#a40200)); + background-image: linear-gradient(#ff0906, #b90200 50%, #a40200); + background-repeat: no-repeat; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffff0906', endColorstr='#ffa40200', GradientType=0); + -webkit-filter: none; + filter: none; + border: 1px solid #860100; +} +.btn-link { + text-shadow: none; +} +.btn:active, +.btn.active { + background-image: none; + -webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); + box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); +} +.panel-primary .panel-title { + color: #fff; +} diff --git a/lib/com.daplie.walnut.init/index.html b/lib/com.daplie.walnut.init/index.html new file mode 100644 index 0000000..a5e6e13 --- /dev/null +++ b/lib/com.daplie.walnut.init/index.html @@ -0,0 +1,33 @@ + + + + WALNUT + + + +

Welcome to WALNUT

+

Your server has no security certificates. + In order to continue we need to know what email address and domain the certificates should be issued to: +

+
+
+ + 
 
+
+ + +
+ + +
+ +
+ +
+ + + + diff --git a/lib/com.daplie.walnut.init/js/index.js b/lib/com.daplie.walnut.init/js/index.js new file mode 100644 index 0000000..c913e17 --- /dev/null +++ b/lib/com.daplie.walnut.init/js/index.js @@ -0,0 +1,110 @@ +$(function () { + 'use strict'; + + var apiHostname = window.location.hostname.replace(/^www\./, ''); + var hostname = window.location.hostname.replace(/^www\./, ''); + var baseUrl; + + $.http = $.ajax; + if (/[a-z]+/.test(apiHostname)) { + apiHostname = 'api.' + apiHostname; + } + else { + apiHostname = ''; + } + baseUrl = window.location.protocol.replace(/:$/, '') + + '://' + apiHostname + + window.location.host.replace(/^www\./, '').replace(/.[^:]+(:(\d+))?/, '$2') + ; + + function readConfig() { + $('input.js-domain').val(hostname); + + return $.http({ + method: 'GET' + , url: baseUrl + '/api/com.daplie.walnut.init' + , headers: { + "Accept" : "application/json; charset=utf-8" + } + }).then(function (results) { + results.le = results.le || {}; + $('input.js-agree-tos').prop('checked', results.le.agreeTos); + $('input.js-email').val(results.le.email || results.email); + $('.js-devicename').text(results.hostname); + $('.js-inets').text( + results.inets.map(function (a) { + return 'IPv' + a.family + ' ' + a.address; + }).join('\n') + + '\n\n' + + '# set this device to your account\n' + + "daplie devices:set -d '" + results.hostname + "'" + + " -a '" + results.inets.map(function (a) { return a.address; }).join() + "'\n" + + '\n' + + '# attach this device to the necessary subdomains\n' + + "daplie devices:attach -d '" + results.hostname + "'" + + " -n '" + ($('input.js-domain').val() || '<>') + "'\n" + + "daplie devices:attach -d '" + results.hostname + "'" + + " -n 'www." + ($('input.js-domain').val() || '<>') + "'\n" + + "daplie devices:attach -d '" + results.hostname + "'" + + " -n 'api." + ($('input.js-domain').val() || '<>') + "'\n" + + "daplie devices:attach -d '" + results.hostname + "'" + + " -n 'assets." + ($('input.js-domain').val() || '<>') + "'\n" + + "daplie devices:attach -d '" + results.hostname + "'" + + " -n 'cloud." + ($('input.js-domain').val() || '<>') + "'\n" + + "daplie devices:attach -d '" + results.hostname + "'" + + " -n 'api.cloud." + ($('input.js-domain').val() || '<>') + "'" + ); + }); + } + + readConfig(); + + $('body').on('submit', 'form.js-form-le', function (ev) { + ev.preventDefault(); + + var data = { + domain: $('input.js-domain').val() + , email: $('input.js-email').val() + , agreeTos: $('input.js-agree-tos').prop('checked') + }; + + if (!data.domain) { + window.alert("Please enter the primary domain of this device."); + return; + } + if (!data.email) { + window.alert("Please enter the email of the owner of this device."); + return; + } + if (!data.agreeTos) { + window.alert("Please click to agree to the Let's Encrypt Subscriber Agreement. This server cannot function without encryption. Currently you must use Let's Encrypt. In the future we will enable other options."); + return; + } + + $.http({ + method: 'POST' + , url: baseUrl + '/api/com.daplie.walnut.init' + , headers: { + "Accept" : "application/json; charset=utf-8" + , "Content-Type": "application/json; charset=utf-8" + } + , data: JSON.stringify(data) + }).then(function (data) { + var d; + if (data.error) { + d = $.Deferred(); + d.reject(new Error(data.error.message)); + return d.promise(); + } + return data; + }).then(function (data) { + console.log('Result:'); + console.log(data); + window.alert('Hoo hoo! That tickles! ' + JSON.stringify(data)); + }, function (err) { + console.error('Error POSTing form:'); + console.error(err); + window.alert("Check the console! There's a big, fat error!"); + }); + }); +}); diff --git a/lib/com.daplie.walnut.init/js/jquery-2.2.2.js b/lib/com.daplie.walnut.init/js/jquery-2.2.2.js new file mode 100644 index 0000000..f942984 --- /dev/null +++ b/lib/com.daplie.walnut.init/js/jquery-2.2.2.js @@ -0,0 +1,9842 @@ +/*! + * jQuery JavaScript Library v2.2.2 + * http://jquery.com/ + * + * Includes Sizzle.js + * http://sizzlejs.com/ + * + * Copyright jQuery Foundation and other contributors + * Released under the MIT license + * http://jquery.org/license + * + * Date: 2016-03-17T17:51Z + */ + +(function( global, factory ) { + + if ( typeof module === "object" && typeof module.exports === "object" ) { + // For CommonJS and CommonJS-like environments where a proper `window` + // is present, execute the factory and get jQuery. + // For environments that do not have a `window` with a `document` + // (such as Node.js), expose a factory as module.exports. + // This accentuates the need for the creation of a real `window`. + // e.g. var jQuery = require("jquery")(window); + // See ticket #14549 for more info. + module.exports = global.document ? + factory( global, true ) : + function( w ) { + if ( !w.document ) { + throw new Error( "jQuery requires a window with a document" ); + } + return factory( w ); + }; + } else { + factory( global ); + } + +// Pass this if window is not defined yet +}(typeof window !== "undefined" ? window : this, function( window, noGlobal ) { + +// Support: Firefox 18+ +// Can't be in strict mode, several libs including ASP.NET trace +// the stack via arguments.caller.callee and Firefox dies if +// you try to trace through "use strict" call chains. (#13335) +//"use strict"; +var arr = []; + +var document = window.document; + +var slice = arr.slice; + +var concat = arr.concat; + +var push = arr.push; + +var indexOf = arr.indexOf; + +var class2type = {}; + +var toString = class2type.toString; + +var hasOwn = class2type.hasOwnProperty; + +var support = {}; + + + +var + version = "2.2.2", + + // Define a local copy of jQuery + jQuery = function( selector, context ) { + + // The jQuery object is actually just the init constructor 'enhanced' + // Need init if jQuery is called (just allow error to be thrown if not included) + return new jQuery.fn.init( selector, context ); + }, + + // Support: Android<4.1 + // Make sure we trim BOM and NBSP + rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, + + // Matches dashed string for camelizing + rmsPrefix = /^-ms-/, + rdashAlpha = /-([\da-z])/gi, + + // Used by jQuery.camelCase as callback to replace() + fcamelCase = function( all, letter ) { + return letter.toUpperCase(); + }; + +jQuery.fn = jQuery.prototype = { + + // The current version of jQuery being used + jquery: version, + + constructor: jQuery, + + // Start with an empty selector + selector: "", + + // The default length of a jQuery object is 0 + length: 0, + + toArray: function() { + return slice.call( this ); + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + return num != null ? + + // Return just the one element from the set + ( num < 0 ? this[ num + this.length ] : this[ num ] ) : + + // Return all the elements in a clean array + slice.call( this ); + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems ) { + + // Build a new jQuery matched element set + var ret = jQuery.merge( this.constructor(), elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + ret.context = this.context; + + // Return the newly-formed element set + return ret; + }, + + // Execute a callback for every element in the matched set. + each: function( callback ) { + return jQuery.each( this, callback ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map( this, function( elem, i ) { + return callback.call( elem, i, elem ); + } ) ); + }, + + slice: function() { + return this.pushStack( slice.apply( this, arguments ) ); + }, + + first: function() { + return this.eq( 0 ); + }, + + last: function() { + return this.eq( -1 ); + }, + + eq: function( i ) { + var len = this.length, + j = +i + ( i < 0 ? len : 0 ); + return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); + }, + + end: function() { + return this.prevObject || this.constructor(); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: push, + sort: arr.sort, + splice: arr.splice +}; + +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[ 0 ] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + + // Skip the boolean and the target + target = arguments[ i ] || {}; + i++; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !jQuery.isFunction( target ) ) { + target = {}; + } + + // Extend jQuery itself if only one argument is passed + if ( i === length ) { + target = this; + i--; + } + + for ( ; i < length; i++ ) { + + // Only deal with non-null/undefined values + if ( ( options = arguments[ i ] ) != null ) { + + // Extend the base object + for ( name in options ) { + src = target[ name ]; + copy = options[ name ]; + + // Prevent never-ending loop + if ( target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject( copy ) || + ( copyIsArray = jQuery.isArray( copy ) ) ) ) { + + if ( copyIsArray ) { + copyIsArray = false; + clone = src && jQuery.isArray( src ) ? src : []; + + } else { + clone = src && jQuery.isPlainObject( src ) ? src : {}; + } + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +jQuery.extend( { + + // Unique for each copy of jQuery on the page + expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), + + // Assume jQuery is ready without the ready module + isReady: true, + + error: function( msg ) { + throw new Error( msg ); + }, + + noop: function() {}, + + isFunction: function( obj ) { + return jQuery.type( obj ) === "function"; + }, + + isArray: Array.isArray, + + isWindow: function( obj ) { + return obj != null && obj === obj.window; + }, + + isNumeric: function( obj ) { + + // parseFloat NaNs numeric-cast false positives (null|true|false|"") + // ...but misinterprets leading-number strings, particularly hex literals ("0x...") + // subtraction forces infinities to NaN + // adding 1 corrects loss of precision from parseFloat (#15100) + var realStringObj = obj && obj.toString(); + return !jQuery.isArray( obj ) && ( realStringObj - parseFloat( realStringObj ) + 1 ) >= 0; + }, + + isPlainObject: function( obj ) { + var key; + + // Not plain objects: + // - Any object or value whose internal [[Class]] property is not "[object Object]" + // - DOM nodes + // - window + if ( jQuery.type( obj ) !== "object" || obj.nodeType || jQuery.isWindow( obj ) ) { + return false; + } + + // Not own constructor property must be Object + if ( obj.constructor && + !hasOwn.call( obj, "constructor" ) && + !hasOwn.call( obj.constructor.prototype || {}, "isPrototypeOf" ) ) { + return false; + } + + // Own properties are enumerated firstly, so to speed up, + // if last one is own, then all properties are own + for ( key in obj ) {} + + return key === undefined || hasOwn.call( obj, key ); + }, + + isEmptyObject: function( obj ) { + var name; + for ( name in obj ) { + return false; + } + return true; + }, + + type: function( obj ) { + if ( obj == null ) { + return obj + ""; + } + + // Support: Android<4.0, iOS<6 (functionish RegExp) + return typeof obj === "object" || typeof obj === "function" ? + class2type[ toString.call( obj ) ] || "object" : + typeof obj; + }, + + // Evaluates a script in a global context + globalEval: function( code ) { + var script, + indirect = eval; + + code = jQuery.trim( code ); + + if ( code ) { + + // If the code includes a valid, prologue position + // strict mode pragma, execute code by injecting a + // script tag into the document. + if ( code.indexOf( "use strict" ) === 1 ) { + script = document.createElement( "script" ); + script.text = code; + document.head.appendChild( script ).parentNode.removeChild( script ); + } else { + + // Otherwise, avoid the DOM node creation, insertion + // and removal by using an indirect global eval + + indirect( code ); + } + } + }, + + // Convert dashed to camelCase; used by the css and data modules + // Support: IE9-11+ + // Microsoft forgot to hump their vendor prefix (#9572) + camelCase: function( string ) { + return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); + }, + + nodeName: function( elem, name ) { + return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); + }, + + each: function( obj, callback ) { + var length, i = 0; + + if ( isArrayLike( obj ) ) { + length = obj.length; + for ( ; i < length; i++ ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } else { + for ( i in obj ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } + + return obj; + }, + + // Support: Android<4.1 + trim: function( text ) { + return text == null ? + "" : + ( text + "" ).replace( rtrim, "" ); + }, + + // results is for internal usage only + makeArray: function( arr, results ) { + var ret = results || []; + + if ( arr != null ) { + if ( isArrayLike( Object( arr ) ) ) { + jQuery.merge( ret, + typeof arr === "string" ? + [ arr ] : arr + ); + } else { + push.call( ret, arr ); + } + } + + return ret; + }, + + inArray: function( elem, arr, i ) { + return arr == null ? -1 : indexOf.call( arr, elem, i ); + }, + + merge: function( first, second ) { + var len = +second.length, + j = 0, + i = first.length; + + for ( ; j < len; j++ ) { + first[ i++ ] = second[ j ]; + } + + first.length = i; + + return first; + }, + + grep: function( elems, callback, invert ) { + var callbackInverse, + matches = [], + i = 0, + length = elems.length, + callbackExpect = !invert; + + // Go through the array, only saving the items + // that pass the validator function + for ( ; i < length; i++ ) { + callbackInverse = !callback( elems[ i ], i ); + if ( callbackInverse !== callbackExpect ) { + matches.push( elems[ i ] ); + } + } + + return matches; + }, + + // arg is for internal usage only + map: function( elems, callback, arg ) { + var length, value, + i = 0, + ret = []; + + // Go through the array, translating each of the items to their new values + if ( isArrayLike( elems ) ) { + length = elems.length; + for ( ; i < length; i++ ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + + // Go through every key on the object, + } else { + for ( i in elems ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + } + + // Flatten any nested arrays + return concat.apply( [], ret ); + }, + + // A global GUID counter for objects + guid: 1, + + // Bind a function to a context, optionally partially applying any + // arguments. + proxy: function( fn, context ) { + var tmp, args, proxy; + + if ( typeof context === "string" ) { + tmp = fn[ context ]; + context = fn; + fn = tmp; + } + + // Quick check to determine if target is callable, in the spec + // this throws a TypeError, but we will just return undefined. + if ( !jQuery.isFunction( fn ) ) { + return undefined; + } + + // Simulated bind + args = slice.call( arguments, 2 ); + proxy = function() { + return fn.apply( context || this, args.concat( slice.call( arguments ) ) ); + }; + + // Set the guid of unique handler to the same of original handler, so it can be removed + proxy.guid = fn.guid = fn.guid || jQuery.guid++; + + return proxy; + }, + + now: Date.now, + + // jQuery.support is not used in Core but other projects attach their + // properties to it so it needs to exist. + support: support +} ); + +// JSHint would error on this code due to the Symbol not being defined in ES5. +// Defining this global in .jshintrc would create a danger of using the global +// unguarded in another place, it seems safer to just disable JSHint for these +// three lines. +/* jshint ignore: start */ +if ( typeof Symbol === "function" ) { + jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; +} +/* jshint ignore: end */ + +// Populate the class2type map +jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), +function( i, name ) { + class2type[ "[object " + name + "]" ] = name.toLowerCase(); +} ); + +function isArrayLike( obj ) { + + // Support: iOS 8.2 (not reproducible in simulator) + // `in` check used to prevent JIT error (gh-2145) + // hasOwn isn't used here due to false negatives + // regarding Nodelist length in IE + var length = !!obj && "length" in obj && obj.length, + type = jQuery.type( obj ); + + if ( type === "function" || jQuery.isWindow( obj ) ) { + return false; + } + + return type === "array" || length === 0 || + typeof length === "number" && length > 0 && ( length - 1 ) in obj; +} +var Sizzle = +/*! + * Sizzle CSS Selector Engine v2.2.1 + * http://sizzlejs.com/ + * + * Copyright jQuery Foundation and other contributors + * Released under the MIT license + * http://jquery.org/license + * + * Date: 2015-10-17 + */ +(function( window ) { + +var i, + support, + Expr, + getText, + isXML, + tokenize, + compile, + select, + outermostContext, + sortInput, + hasDuplicate, + + // Local document vars + setDocument, + document, + docElem, + documentIsHTML, + rbuggyQSA, + rbuggyMatches, + matches, + contains, + + // Instance-specific data + expando = "sizzle" + 1 * new Date(), + preferredDoc = window.document, + dirruns = 0, + done = 0, + classCache = createCache(), + tokenCache = createCache(), + compilerCache = createCache(), + sortOrder = function( a, b ) { + if ( a === b ) { + hasDuplicate = true; + } + return 0; + }, + + // General-purpose constants + MAX_NEGATIVE = 1 << 31, + + // Instance methods + hasOwn = ({}).hasOwnProperty, + arr = [], + pop = arr.pop, + push_native = arr.push, + push = arr.push, + slice = arr.slice, + // Use a stripped-down indexOf as it's faster than native + // http://jsperf.com/thor-indexof-vs-for/5 + indexOf = function( list, elem ) { + var i = 0, + len = list.length; + for ( ; i < len; i++ ) { + if ( list[i] === elem ) { + return i; + } + } + return -1; + }, + + booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped", + + // Regular expressions + + // http://www.w3.org/TR/css3-selectors/#whitespace + whitespace = "[\\x20\\t\\r\\n\\f]", + + // http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier + identifier = "(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+", + + // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors + attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + + // Operator (capture 2) + "*([*^$|!~]?=)" + whitespace + + // "Attribute values must be CSS identifiers [capture 5] or strings [capture 3 or capture 4]" + "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + whitespace + + "*\\]", + + pseudos = ":(" + identifier + ")(?:\\((" + + // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: + // 1. quoted (capture 3; capture 4 or capture 5) + "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + + // 2. simple (capture 6) + "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + + // 3. anything else (capture 2) + ".*" + + ")\\)|)", + + // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter + rwhitespace = new RegExp( whitespace + "+", "g" ), + rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ), + + rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), + rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ), + + rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ), + + rpseudo = new RegExp( pseudos ), + ridentifier = new RegExp( "^" + identifier + "$" ), + + matchExpr = { + "ID": new RegExp( "^#(" + identifier + ")" ), + "CLASS": new RegExp( "^\\.(" + identifier + ")" ), + "TAG": new RegExp( "^(" + identifier + "|[*])" ), + "ATTR": new RegExp( "^" + attributes ), + "PSEUDO": new RegExp( "^" + pseudos ), + "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace + + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + whitespace + + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), + "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), + // For use in libraries implementing .is() + // We use this for POS matching in `select` + "needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + + whitespace + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) + }, + + rinputs = /^(?:input|select|textarea|button)$/i, + rheader = /^h\d$/i, + + rnative = /^[^{]+\{\s*\[native \w/, + + // Easily-parseable/retrievable ID or TAG or CLASS selectors + rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, + + rsibling = /[+~]/, + rescape = /'|\\/g, + + // CSS escapes http://www.w3.org/TR/CSS21/syndata.html#escaped-characters + runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ), + funescape = function( _, escaped, escapedWhitespace ) { + var high = "0x" + escaped - 0x10000; + // NaN means non-codepoint + // Support: Firefox<24 + // Workaround erroneous numeric interpretation of +"0x" + return high !== high || escapedWhitespace ? + escaped : + high < 0 ? + // BMP codepoint + String.fromCharCode( high + 0x10000 ) : + // Supplemental Plane codepoint (surrogate pair) + String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); + }, + + // Used for iframes + // See setDocument() + // Removing the function wrapper causes a "Permission Denied" + // error in IE + unloadHandler = function() { + setDocument(); + }; + +// Optimize for push.apply( _, NodeList ) +try { + push.apply( + (arr = slice.call( preferredDoc.childNodes )), + preferredDoc.childNodes + ); + // Support: Android<4.0 + // Detect silently failing push.apply + arr[ preferredDoc.childNodes.length ].nodeType; +} catch ( e ) { + push = { apply: arr.length ? + + // Leverage slice if possible + function( target, els ) { + push_native.apply( target, slice.call(els) ); + } : + + // Support: IE<9 + // Otherwise append directly + function( target, els ) { + var j = target.length, + i = 0; + // Can't trust NodeList.length + while ( (target[j++] = els[i++]) ) {} + target.length = j - 1; + } + }; +} + +function Sizzle( selector, context, results, seed ) { + var m, i, elem, nid, nidselect, match, groups, newSelector, + newContext = context && context.ownerDocument, + + // nodeType defaults to 9, since context defaults to document + nodeType = context ? context.nodeType : 9; + + results = results || []; + + // Return early from calls with invalid selector or context + if ( typeof selector !== "string" || !selector || + nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { + + return results; + } + + // Try to shortcut find operations (as opposed to filters) in HTML documents + if ( !seed ) { + + if ( ( context ? context.ownerDocument || context : preferredDoc ) !== document ) { + setDocument( context ); + } + context = context || document; + + if ( documentIsHTML ) { + + // If the selector is sufficiently simple, try using a "get*By*" DOM method + // (excepting DocumentFragment context, where the methods don't exist) + if ( nodeType !== 11 && (match = rquickExpr.exec( selector )) ) { + + // ID selector + if ( (m = match[1]) ) { + + // Document context + if ( nodeType === 9 ) { + if ( (elem = context.getElementById( m )) ) { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( elem.id === m ) { + results.push( elem ); + return results; + } + } else { + return results; + } + + // Element context + } else { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( newContext && (elem = newContext.getElementById( m )) && + contains( context, elem ) && + elem.id === m ) { + + results.push( elem ); + return results; + } + } + + // Type selector + } else if ( match[2] ) { + push.apply( results, context.getElementsByTagName( selector ) ); + return results; + + // Class selector + } else if ( (m = match[3]) && support.getElementsByClassName && + context.getElementsByClassName ) { + + push.apply( results, context.getElementsByClassName( m ) ); + return results; + } + } + + // Take advantage of querySelectorAll + if ( support.qsa && + !compilerCache[ selector + " " ] && + (!rbuggyQSA || !rbuggyQSA.test( selector )) ) { + + if ( nodeType !== 1 ) { + newContext = context; + newSelector = selector; + + // qSA looks outside Element context, which is not what we want + // Thanks to Andrew Dupont for this workaround technique + // Support: IE <=8 + // Exclude object elements + } else if ( context.nodeName.toLowerCase() !== "object" ) { + + // Capture the context ID, setting it first if necessary + if ( (nid = context.getAttribute( "id" )) ) { + nid = nid.replace( rescape, "\\$&" ); + } else { + context.setAttribute( "id", (nid = expando) ); + } + + // Prefix every selector in the list + groups = tokenize( selector ); + i = groups.length; + nidselect = ridentifier.test( nid ) ? "#" + nid : "[id='" + nid + "']"; + while ( i-- ) { + groups[i] = nidselect + " " + toSelector( groups[i] ); + } + newSelector = groups.join( "," ); + + // Expand context for sibling selectors + newContext = rsibling.test( selector ) && testContext( context.parentNode ) || + context; + } + + if ( newSelector ) { + try { + push.apply( results, + newContext.querySelectorAll( newSelector ) + ); + return results; + } catch ( qsaError ) { + } finally { + if ( nid === expando ) { + context.removeAttribute( "id" ); + } + } + } + } + } + } + + // All others + return select( selector.replace( rtrim, "$1" ), context, results, seed ); +} + +/** + * Create key-value caches of limited size + * @returns {function(string, object)} Returns the Object data after storing it on itself with + * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) + * deleting the oldest entry + */ +function createCache() { + var keys = []; + + function cache( key, value ) { + // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) + if ( keys.push( key + " " ) > Expr.cacheLength ) { + // Only keep the most recent entries + delete cache[ keys.shift() ]; + } + return (cache[ key + " " ] = value); + } + return cache; +} + +/** + * Mark a function for special use by Sizzle + * @param {Function} fn The function to mark + */ +function markFunction( fn ) { + fn[ expando ] = true; + return fn; +} + +/** + * Support testing using an element + * @param {Function} fn Passed the created div and expects a boolean result + */ +function assert( fn ) { + var div = document.createElement("div"); + + try { + return !!fn( div ); + } catch (e) { + return false; + } finally { + // Remove from its parent by default + if ( div.parentNode ) { + div.parentNode.removeChild( div ); + } + // release memory in IE + div = null; + } +} + +/** + * Adds the same handler for all of the specified attrs + * @param {String} attrs Pipe-separated list of attributes + * @param {Function} handler The method that will be applied + */ +function addHandle( attrs, handler ) { + var arr = attrs.split("|"), + i = arr.length; + + while ( i-- ) { + Expr.attrHandle[ arr[i] ] = handler; + } +} + +/** + * Checks document order of two siblings + * @param {Element} a + * @param {Element} b + * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b + */ +function siblingCheck( a, b ) { + var cur = b && a, + diff = cur && a.nodeType === 1 && b.nodeType === 1 && + ( ~b.sourceIndex || MAX_NEGATIVE ) - + ( ~a.sourceIndex || MAX_NEGATIVE ); + + // Use IE sourceIndex if available on both nodes + if ( diff ) { + return diff; + } + + // Check if b follows a + if ( cur ) { + while ( (cur = cur.nextSibling) ) { + if ( cur === b ) { + return -1; + } + } + } + + return a ? 1 : -1; +} + +/** + * Returns a function to use in pseudos for input types + * @param {String} type + */ +function createInputPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for buttons + * @param {String} type + */ +function createButtonPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return (name === "input" || name === "button") && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for positionals + * @param {Function} fn + */ +function createPositionalPseudo( fn ) { + return markFunction(function( argument ) { + argument = +argument; + return markFunction(function( seed, matches ) { + var j, + matchIndexes = fn( [], seed.length, argument ), + i = matchIndexes.length; + + // Match elements found at the specified indexes + while ( i-- ) { + if ( seed[ (j = matchIndexes[i]) ] ) { + seed[j] = !(matches[j] = seed[j]); + } + } + }); + }); +} + +/** + * Checks a node for validity as a Sizzle context + * @param {Element|Object=} context + * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value + */ +function testContext( context ) { + return context && typeof context.getElementsByTagName !== "undefined" && context; +} + +// Expose support vars for convenience +support = Sizzle.support = {}; + +/** + * Detects XML nodes + * @param {Element|Object} elem An element or a document + * @returns {Boolean} True iff elem is a non-HTML XML node + */ +isXML = Sizzle.isXML = function( elem ) { + // documentElement is verified for cases where it doesn't yet exist + // (such as loading iframes in IE - #4833) + var documentElement = elem && (elem.ownerDocument || elem).documentElement; + return documentElement ? documentElement.nodeName !== "HTML" : false; +}; + +/** + * Sets document-related variables once based on the current document + * @param {Element|Object} [doc] An element or document object to use to set the document + * @returns {Object} Returns the current document + */ +setDocument = Sizzle.setDocument = function( node ) { + var hasCompare, parent, + doc = node ? node.ownerDocument || node : preferredDoc; + + // Return early if doc is invalid or already selected + if ( doc === document || doc.nodeType !== 9 || !doc.documentElement ) { + return document; + } + + // Update global variables + document = doc; + docElem = document.documentElement; + documentIsHTML = !isXML( document ); + + // Support: IE 9-11, Edge + // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) + if ( (parent = document.defaultView) && parent.top !== parent ) { + // Support: IE 11 + if ( parent.addEventListener ) { + parent.addEventListener( "unload", unloadHandler, false ); + + // Support: IE 9 - 10 only + } else if ( parent.attachEvent ) { + parent.attachEvent( "onunload", unloadHandler ); + } + } + + /* Attributes + ---------------------------------------------------------------------- */ + + // Support: IE<8 + // Verify that getAttribute really returns attributes and not properties + // (excepting IE8 booleans) + support.attributes = assert(function( div ) { + div.className = "i"; + return !div.getAttribute("className"); + }); + + /* getElement(s)By* + ---------------------------------------------------------------------- */ + + // Check if getElementsByTagName("*") returns only elements + support.getElementsByTagName = assert(function( div ) { + div.appendChild( document.createComment("") ); + return !div.getElementsByTagName("*").length; + }); + + // Support: IE<9 + support.getElementsByClassName = rnative.test( document.getElementsByClassName ); + + // Support: IE<10 + // Check if getElementById returns elements by name + // The broken getElementById methods don't pick up programatically-set names, + // so use a roundabout getElementsByName test + support.getById = assert(function( div ) { + docElem.appendChild( div ).id = expando; + return !document.getElementsByName || !document.getElementsByName( expando ).length; + }); + + // ID find and filter + if ( support.getById ) { + Expr.find["ID"] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var m = context.getElementById( id ); + return m ? [ m ] : []; + } + }; + Expr.filter["ID"] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + return elem.getAttribute("id") === attrId; + }; + }; + } else { + // Support: IE6/7 + // getElementById is not reliable as a find shortcut + delete Expr.find["ID"]; + + Expr.filter["ID"] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + var node = typeof elem.getAttributeNode !== "undefined" && + elem.getAttributeNode("id"); + return node && node.value === attrId; + }; + }; + } + + // Tag + Expr.find["TAG"] = support.getElementsByTagName ? + function( tag, context ) { + if ( typeof context.getElementsByTagName !== "undefined" ) { + return context.getElementsByTagName( tag ); + + // DocumentFragment nodes don't have gEBTN + } else if ( support.qsa ) { + return context.querySelectorAll( tag ); + } + } : + + function( tag, context ) { + var elem, + tmp = [], + i = 0, + // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too + results = context.getElementsByTagName( tag ); + + // Filter out possible comments + if ( tag === "*" ) { + while ( (elem = results[i++]) ) { + if ( elem.nodeType === 1 ) { + tmp.push( elem ); + } + } + + return tmp; + } + return results; + }; + + // Class + Expr.find["CLASS"] = support.getElementsByClassName && function( className, context ) { + if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { + return context.getElementsByClassName( className ); + } + }; + + /* QSA/matchesSelector + ---------------------------------------------------------------------- */ + + // QSA and matchesSelector support + + // matchesSelector(:active) reports false when true (IE9/Opera 11.5) + rbuggyMatches = []; + + // qSa(:focus) reports false when true (Chrome 21) + // We allow this because of a bug in IE8/9 that throws an error + // whenever `document.activeElement` is accessed on an iframe + // So, we allow :focus to pass through QSA all the time to avoid the IE error + // See http://bugs.jquery.com/ticket/13378 + rbuggyQSA = []; + + if ( (support.qsa = rnative.test( document.querySelectorAll )) ) { + // Build QSA regex + // Regex strategy adopted from Diego Perini + assert(function( div ) { + // Select is set to empty string on purpose + // This is to test IE's treatment of not explicitly + // setting a boolean content attribute, + // since its presence should be enough + // http://bugs.jquery.com/ticket/12359 + docElem.appendChild( div ).innerHTML = "" + + ""; + + // Support: IE8, Opera 11-12.16 + // Nothing should be selected when empty strings follow ^= or $= or *= + // The test attribute must be unknown in Opera but "safe" for WinRT + // http://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section + if ( div.querySelectorAll("[msallowcapture^='']").length ) { + rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); + } + + // Support: IE8 + // Boolean attributes and "value" are not treated correctly + if ( !div.querySelectorAll("[selected]").length ) { + rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); + } + + // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ + if ( !div.querySelectorAll( "[id~=" + expando + "-]" ).length ) { + rbuggyQSA.push("~="); + } + + // Webkit/Opera - :checked should return selected option elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + // IE8 throws error here and will not see later tests + if ( !div.querySelectorAll(":checked").length ) { + rbuggyQSA.push(":checked"); + } + + // Support: Safari 8+, iOS 8+ + // https://bugs.webkit.org/show_bug.cgi?id=136851 + // In-page `selector#id sibing-combinator selector` fails + if ( !div.querySelectorAll( "a#" + expando + "+*" ).length ) { + rbuggyQSA.push(".#.+[+~]"); + } + }); + + assert(function( div ) { + // Support: Windows 8 Native Apps + // The type and name attributes are restricted during .innerHTML assignment + var input = document.createElement("input"); + input.setAttribute( "type", "hidden" ); + div.appendChild( input ).setAttribute( "name", "D" ); + + // Support: IE8 + // Enforce case-sensitivity of name attribute + if ( div.querySelectorAll("[name=d]").length ) { + rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); + } + + // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) + // IE8 throws error here and will not see later tests + if ( !div.querySelectorAll(":enabled").length ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Opera 10-11 does not throw on post-comma invalid pseudos + div.querySelectorAll("*,:x"); + rbuggyQSA.push(",.*:"); + }); + } + + if ( (support.matchesSelector = rnative.test( (matches = docElem.matches || + docElem.webkitMatchesSelector || + docElem.mozMatchesSelector || + docElem.oMatchesSelector || + docElem.msMatchesSelector) )) ) { + + assert(function( div ) { + // Check to see if it's possible to do matchesSelector + // on a disconnected node (IE 9) + support.disconnectedMatch = matches.call( div, "div" ); + + // This should fail with an exception + // Gecko does not error, returns false instead + matches.call( div, "[s!='']:x" ); + rbuggyMatches.push( "!=", pseudos ); + }); + } + + rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") ); + rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") ); + + /* Contains + ---------------------------------------------------------------------- */ + hasCompare = rnative.test( docElem.compareDocumentPosition ); + + // Element contains another + // Purposefully self-exclusive + // As in, an element does not contain itself + contains = hasCompare || rnative.test( docElem.contains ) ? + function( a, b ) { + var adown = a.nodeType === 9 ? a.documentElement : a, + bup = b && b.parentNode; + return a === bup || !!( bup && bup.nodeType === 1 && ( + adown.contains ? + adown.contains( bup ) : + a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 + )); + } : + function( a, b ) { + if ( b ) { + while ( (b = b.parentNode) ) { + if ( b === a ) { + return true; + } + } + } + return false; + }; + + /* Sorting + ---------------------------------------------------------------------- */ + + // Document order sorting + sortOrder = hasCompare ? + function( a, b ) { + + // Flag for duplicate removal + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + // Sort on method existence if only one input has compareDocumentPosition + var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; + if ( compare ) { + return compare; + } + + // Calculate position if both inputs belong to the same document + compare = ( a.ownerDocument || a ) === ( b.ownerDocument || b ) ? + a.compareDocumentPosition( b ) : + + // Otherwise we know they are disconnected + 1; + + // Disconnected nodes + if ( compare & 1 || + (!support.sortDetached && b.compareDocumentPosition( a ) === compare) ) { + + // Choose the first element that is related to our preferred document + if ( a === document || a.ownerDocument === preferredDoc && contains(preferredDoc, a) ) { + return -1; + } + if ( b === document || b.ownerDocument === preferredDoc && contains(preferredDoc, b) ) { + return 1; + } + + // Maintain original order + return sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + } + + return compare & 4 ? -1 : 1; + } : + function( a, b ) { + // Exit early if the nodes are identical + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + var cur, + i = 0, + aup = a.parentNode, + bup = b.parentNode, + ap = [ a ], + bp = [ b ]; + + // Parentless nodes are either documents or disconnected + if ( !aup || !bup ) { + return a === document ? -1 : + b === document ? 1 : + aup ? -1 : + bup ? 1 : + sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + + // If the nodes are siblings, we can do a quick check + } else if ( aup === bup ) { + return siblingCheck( a, b ); + } + + // Otherwise we need full lists of their ancestors for comparison + cur = a; + while ( (cur = cur.parentNode) ) { + ap.unshift( cur ); + } + cur = b; + while ( (cur = cur.parentNode) ) { + bp.unshift( cur ); + } + + // Walk down the tree looking for a discrepancy + while ( ap[i] === bp[i] ) { + i++; + } + + return i ? + // Do a sibling check if the nodes have a common ancestor + siblingCheck( ap[i], bp[i] ) : + + // Otherwise nodes in our document sort first + ap[i] === preferredDoc ? -1 : + bp[i] === preferredDoc ? 1 : + 0; + }; + + return document; +}; + +Sizzle.matches = function( expr, elements ) { + return Sizzle( expr, null, null, elements ); +}; + +Sizzle.matchesSelector = function( elem, expr ) { + // Set document vars if needed + if ( ( elem.ownerDocument || elem ) !== document ) { + setDocument( elem ); + } + + // Make sure that attribute selectors are quoted + expr = expr.replace( rattributeQuotes, "='$1']" ); + + if ( support.matchesSelector && documentIsHTML && + !compilerCache[ expr + " " ] && + ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && + ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { + + try { + var ret = matches.call( elem, expr ); + + // IE 9's matchesSelector returns false on disconnected nodes + if ( ret || support.disconnectedMatch || + // As well, disconnected nodes are said to be in a document + // fragment in IE 9 + elem.document && elem.document.nodeType !== 11 ) { + return ret; + } + } catch (e) {} + } + + return Sizzle( expr, document, null, [ elem ] ).length > 0; +}; + +Sizzle.contains = function( context, elem ) { + // Set document vars if needed + if ( ( context.ownerDocument || context ) !== document ) { + setDocument( context ); + } + return contains( context, elem ); +}; + +Sizzle.attr = function( elem, name ) { + // Set document vars if needed + if ( ( elem.ownerDocument || elem ) !== document ) { + setDocument( elem ); + } + + var fn = Expr.attrHandle[ name.toLowerCase() ], + // Don't get fooled by Object.prototype properties (jQuery #13807) + val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? + fn( elem, name, !documentIsHTML ) : + undefined; + + return val !== undefined ? + val : + support.attributes || !documentIsHTML ? + elem.getAttribute( name ) : + (val = elem.getAttributeNode(name)) && val.specified ? + val.value : + null; +}; + +Sizzle.error = function( msg ) { + throw new Error( "Syntax error, unrecognized expression: " + msg ); +}; + +/** + * Document sorting and removing duplicates + * @param {ArrayLike} results + */ +Sizzle.uniqueSort = function( results ) { + var elem, + duplicates = [], + j = 0, + i = 0; + + // Unless we *know* we can detect duplicates, assume their presence + hasDuplicate = !support.detectDuplicates; + sortInput = !support.sortStable && results.slice( 0 ); + results.sort( sortOrder ); + + if ( hasDuplicate ) { + while ( (elem = results[i++]) ) { + if ( elem === results[ i ] ) { + j = duplicates.push( i ); + } + } + while ( j-- ) { + results.splice( duplicates[ j ], 1 ); + } + } + + // Clear input after sorting to release objects + // See https://github.com/jquery/sizzle/pull/225 + sortInput = null; + + return results; +}; + +/** + * Utility function for retrieving the text value of an array of DOM nodes + * @param {Array|Element} elem + */ +getText = Sizzle.getText = function( elem ) { + var node, + ret = "", + i = 0, + nodeType = elem.nodeType; + + if ( !nodeType ) { + // If no nodeType, this is expected to be an array + while ( (node = elem[i++]) ) { + // Do not traverse comment nodes + ret += getText( node ); + } + } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { + // Use textContent for elements + // innerText usage removed for consistency of new lines (jQuery #11153) + if ( typeof elem.textContent === "string" ) { + return elem.textContent; + } else { + // Traverse its children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + ret += getText( elem ); + } + } + } else if ( nodeType === 3 || nodeType === 4 ) { + return elem.nodeValue; + } + // Do not include comment or processing instruction nodes + + return ret; +}; + +Expr = Sizzle.selectors = { + + // Can be adjusted by the user + cacheLength: 50, + + createPseudo: markFunction, + + match: matchExpr, + + attrHandle: {}, + + find: {}, + + relative: { + ">": { dir: "parentNode", first: true }, + " ": { dir: "parentNode" }, + "+": { dir: "previousSibling", first: true }, + "~": { dir: "previousSibling" } + }, + + preFilter: { + "ATTR": function( match ) { + match[1] = match[1].replace( runescape, funescape ); + + // Move the given value to match[3] whether quoted or unquoted + match[3] = ( match[3] || match[4] || match[5] || "" ).replace( runescape, funescape ); + + if ( match[2] === "~=" ) { + match[3] = " " + match[3] + " "; + } + + return match.slice( 0, 4 ); + }, + + "CHILD": function( match ) { + /* matches from matchExpr["CHILD"] + 1 type (only|nth|...) + 2 what (child|of-type) + 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) + 4 xn-component of xn+y argument ([+-]?\d*n|) + 5 sign of xn-component + 6 x of xn-component + 7 sign of y-component + 8 y of y-component + */ + match[1] = match[1].toLowerCase(); + + if ( match[1].slice( 0, 3 ) === "nth" ) { + // nth-* requires argument + if ( !match[3] ) { + Sizzle.error( match[0] ); + } + + // numeric x and y parameters for Expr.filter.CHILD + // remember that false/true cast respectively to 0/1 + match[4] = +( match[4] ? match[5] + (match[6] || 1) : 2 * ( match[3] === "even" || match[3] === "odd" ) ); + match[5] = +( ( match[7] + match[8] ) || match[3] === "odd" ); + + // other types prohibit arguments + } else if ( match[3] ) { + Sizzle.error( match[0] ); + } + + return match; + }, + + "PSEUDO": function( match ) { + var excess, + unquoted = !match[6] && match[2]; + + if ( matchExpr["CHILD"].test( match[0] ) ) { + return null; + } + + // Accept quoted arguments as-is + if ( match[3] ) { + match[2] = match[4] || match[5] || ""; + + // Strip excess characters from unquoted arguments + } else if ( unquoted && rpseudo.test( unquoted ) && + // Get excess from tokenize (recursively) + (excess = tokenize( unquoted, true )) && + // advance to the next closing parenthesis + (excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length) ) { + + // excess is a negative index + match[0] = match[0].slice( 0, excess ); + match[2] = unquoted.slice( 0, excess ); + } + + // Return only captures needed by the pseudo filter method (type and argument) + return match.slice( 0, 3 ); + } + }, + + filter: { + + "TAG": function( nodeNameSelector ) { + var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); + return nodeNameSelector === "*" ? + function() { return true; } : + function( elem ) { + return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; + }; + }, + + "CLASS": function( className ) { + var pattern = classCache[ className + " " ]; + + return pattern || + (pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) && + classCache( className, function( elem ) { + return pattern.test( typeof elem.className === "string" && elem.className || typeof elem.getAttribute !== "undefined" && elem.getAttribute("class") || "" ); + }); + }, + + "ATTR": function( name, operator, check ) { + return function( elem ) { + var result = Sizzle.attr( elem, name ); + + if ( result == null ) { + return operator === "!="; + } + if ( !operator ) { + return true; + } + + result += ""; + + return operator === "=" ? result === check : + operator === "!=" ? result !== check : + operator === "^=" ? check && result.indexOf( check ) === 0 : + operator === "*=" ? check && result.indexOf( check ) > -1 : + operator === "$=" ? check && result.slice( -check.length ) === check : + operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : + operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : + false; + }; + }, + + "CHILD": function( type, what, argument, first, last ) { + var simple = type.slice( 0, 3 ) !== "nth", + forward = type.slice( -4 ) !== "last", + ofType = what === "of-type"; + + return first === 1 && last === 0 ? + + // Shortcut for :nth-*(n) + function( elem ) { + return !!elem.parentNode; + } : + + function( elem, context, xml ) { + var cache, uniqueCache, outerCache, node, nodeIndex, start, + dir = simple !== forward ? "nextSibling" : "previousSibling", + parent = elem.parentNode, + name = ofType && elem.nodeName.toLowerCase(), + useCache = !xml && !ofType, + diff = false; + + if ( parent ) { + + // :(first|last|only)-(child|of-type) + if ( simple ) { + while ( dir ) { + node = elem; + while ( (node = node[ dir ]) ) { + if ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) { + + return false; + } + } + // Reverse direction for :only-* (if we haven't yet done so) + start = dir = type === "only" && !start && "nextSibling"; + } + return true; + } + + start = [ forward ? parent.firstChild : parent.lastChild ]; + + // non-xml :nth-child(...) stores cache data on `parent` + if ( forward && useCache ) { + + // Seek `elem` from a previously-cached index + + // ...in a gzip-friendly way + node = parent; + outerCache = node[ expando ] || (node[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + (outerCache[ node.uniqueID ] = {}); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex && cache[ 2 ]; + node = nodeIndex && parent.childNodes[ nodeIndex ]; + + while ( (node = ++nodeIndex && node && node[ dir ] || + + // Fallback to seeking `elem` from the start + (diff = nodeIndex = 0) || start.pop()) ) { + + // When found, cache indexes on `parent` and break + if ( node.nodeType === 1 && ++diff && node === elem ) { + uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; + break; + } + } + + } else { + // Use previously-cached element index if available + if ( useCache ) { + // ...in a gzip-friendly way + node = elem; + outerCache = node[ expando ] || (node[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + (outerCache[ node.uniqueID ] = {}); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex; + } + + // xml :nth-child(...) + // or :nth-last-child(...) or :nth(-last)?-of-type(...) + if ( diff === false ) { + // Use the same loop as above to seek `elem` from the start + while ( (node = ++nodeIndex && node && node[ dir ] || + (diff = nodeIndex = 0) || start.pop()) ) { + + if ( ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) && + ++diff ) { + + // Cache the index of each encountered element + if ( useCache ) { + outerCache = node[ expando ] || (node[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + (outerCache[ node.uniqueID ] = {}); + + uniqueCache[ type ] = [ dirruns, diff ]; + } + + if ( node === elem ) { + break; + } + } + } + } + } + + // Incorporate the offset, then check against cycle size + diff -= last; + return diff === first || ( diff % first === 0 && diff / first >= 0 ); + } + }; + }, + + "PSEUDO": function( pseudo, argument ) { + // pseudo-class names are case-insensitive + // http://www.w3.org/TR/selectors/#pseudo-classes + // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters + // Remember that setFilters inherits from pseudos + var args, + fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || + Sizzle.error( "unsupported pseudo: " + pseudo ); + + // The user may use createPseudo to indicate that + // arguments are needed to create the filter function + // just as Sizzle does + if ( fn[ expando ] ) { + return fn( argument ); + } + + // But maintain support for old signatures + if ( fn.length > 1 ) { + args = [ pseudo, pseudo, "", argument ]; + return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? + markFunction(function( seed, matches ) { + var idx, + matched = fn( seed, argument ), + i = matched.length; + while ( i-- ) { + idx = indexOf( seed, matched[i] ); + seed[ idx ] = !( matches[ idx ] = matched[i] ); + } + }) : + function( elem ) { + return fn( elem, 0, args ); + }; + } + + return fn; + } + }, + + pseudos: { + // Potentially complex pseudos + "not": markFunction(function( selector ) { + // Trim the selector passed to compile + // to avoid treating leading and trailing + // spaces as combinators + var input = [], + results = [], + matcher = compile( selector.replace( rtrim, "$1" ) ); + + return matcher[ expando ] ? + markFunction(function( seed, matches, context, xml ) { + var elem, + unmatched = matcher( seed, null, xml, [] ), + i = seed.length; + + // Match elements unmatched by `matcher` + while ( i-- ) { + if ( (elem = unmatched[i]) ) { + seed[i] = !(matches[i] = elem); + } + } + }) : + function( elem, context, xml ) { + input[0] = elem; + matcher( input, null, xml, results ); + // Don't keep the element (issue #299) + input[0] = null; + return !results.pop(); + }; + }), + + "has": markFunction(function( selector ) { + return function( elem ) { + return Sizzle( selector, elem ).length > 0; + }; + }), + + "contains": markFunction(function( text ) { + text = text.replace( runescape, funescape ); + return function( elem ) { + return ( elem.textContent || elem.innerText || getText( elem ) ).indexOf( text ) > -1; + }; + }), + + // "Whether an element is represented by a :lang() selector + // is based solely on the element's language value + // being equal to the identifier C, + // or beginning with the identifier C immediately followed by "-". + // The matching of C against the element's language value is performed case-insensitively. + // The identifier C does not have to be a valid language name." + // http://www.w3.org/TR/selectors/#lang-pseudo + "lang": markFunction( function( lang ) { + // lang value must be a valid identifier + if ( !ridentifier.test(lang || "") ) { + Sizzle.error( "unsupported lang: " + lang ); + } + lang = lang.replace( runescape, funescape ).toLowerCase(); + return function( elem ) { + var elemLang; + do { + if ( (elemLang = documentIsHTML ? + elem.lang : + elem.getAttribute("xml:lang") || elem.getAttribute("lang")) ) { + + elemLang = elemLang.toLowerCase(); + return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; + } + } while ( (elem = elem.parentNode) && elem.nodeType === 1 ); + return false; + }; + }), + + // Miscellaneous + "target": function( elem ) { + var hash = window.location && window.location.hash; + return hash && hash.slice( 1 ) === elem.id; + }, + + "root": function( elem ) { + return elem === docElem; + }, + + "focus": function( elem ) { + return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) && !!(elem.type || elem.href || ~elem.tabIndex); + }, + + // Boolean properties + "enabled": function( elem ) { + return elem.disabled === false; + }, + + "disabled": function( elem ) { + return elem.disabled === true; + }, + + "checked": function( elem ) { + // In CSS3, :checked should return both checked and selected elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + var nodeName = elem.nodeName.toLowerCase(); + return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected); + }, + + "selected": function( elem ) { + // Accessing this property makes selected-by-default + // options in Safari work properly + if ( elem.parentNode ) { + elem.parentNode.selectedIndex; + } + + return elem.selected === true; + }, + + // Contents + "empty": function( elem ) { + // http://www.w3.org/TR/selectors/#empty-pseudo + // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), + // but not by others (comment: 8; processing instruction: 7; etc.) + // nodeType < 6 works because attributes (2) do not appear as children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + if ( elem.nodeType < 6 ) { + return false; + } + } + return true; + }, + + "parent": function( elem ) { + return !Expr.pseudos["empty"]( elem ); + }, + + // Element/input types + "header": function( elem ) { + return rheader.test( elem.nodeName ); + }, + + "input": function( elem ) { + return rinputs.test( elem.nodeName ); + }, + + "button": function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === "button" || name === "button"; + }, + + "text": function( elem ) { + var attr; + return elem.nodeName.toLowerCase() === "input" && + elem.type === "text" && + + // Support: IE<8 + // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" + ( (attr = elem.getAttribute("type")) == null || attr.toLowerCase() === "text" ); + }, + + // Position-in-collection + "first": createPositionalPseudo(function() { + return [ 0 ]; + }), + + "last": createPositionalPseudo(function( matchIndexes, length ) { + return [ length - 1 ]; + }), + + "eq": createPositionalPseudo(function( matchIndexes, length, argument ) { + return [ argument < 0 ? argument + length : argument ]; + }), + + "even": createPositionalPseudo(function( matchIndexes, length ) { + var i = 0; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + }), + + "odd": createPositionalPseudo(function( matchIndexes, length ) { + var i = 1; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + }), + + "lt": createPositionalPseudo(function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; --i >= 0; ) { + matchIndexes.push( i ); + } + return matchIndexes; + }), + + "gt": createPositionalPseudo(function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; ++i < length; ) { + matchIndexes.push( i ); + } + return matchIndexes; + }) + } +}; + +Expr.pseudos["nth"] = Expr.pseudos["eq"]; + +// Add button/input type pseudos +for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { + Expr.pseudos[ i ] = createInputPseudo( i ); +} +for ( i in { submit: true, reset: true } ) { + Expr.pseudos[ i ] = createButtonPseudo( i ); +} + +// Easy API for creating new setFilters +function setFilters() {} +setFilters.prototype = Expr.filters = Expr.pseudos; +Expr.setFilters = new setFilters(); + +tokenize = Sizzle.tokenize = function( selector, parseOnly ) { + var matched, match, tokens, type, + soFar, groups, preFilters, + cached = tokenCache[ selector + " " ]; + + if ( cached ) { + return parseOnly ? 0 : cached.slice( 0 ); + } + + soFar = selector; + groups = []; + preFilters = Expr.preFilter; + + while ( soFar ) { + + // Comma and first run + if ( !matched || (match = rcomma.exec( soFar )) ) { + if ( match ) { + // Don't consume trailing commas as valid + soFar = soFar.slice( match[0].length ) || soFar; + } + groups.push( (tokens = []) ); + } + + matched = false; + + // Combinators + if ( (match = rcombinators.exec( soFar )) ) { + matched = match.shift(); + tokens.push({ + value: matched, + // Cast descendant combinators to space + type: match[0].replace( rtrim, " " ) + }); + soFar = soFar.slice( matched.length ); + } + + // Filters + for ( type in Expr.filter ) { + if ( (match = matchExpr[ type ].exec( soFar )) && (!preFilters[ type ] || + (match = preFilters[ type ]( match ))) ) { + matched = match.shift(); + tokens.push({ + value: matched, + type: type, + matches: match + }); + soFar = soFar.slice( matched.length ); + } + } + + if ( !matched ) { + break; + } + } + + // Return the length of the invalid excess + // if we're just parsing + // Otherwise, throw an error or return tokens + return parseOnly ? + soFar.length : + soFar ? + Sizzle.error( selector ) : + // Cache the tokens + tokenCache( selector, groups ).slice( 0 ); +}; + +function toSelector( tokens ) { + var i = 0, + len = tokens.length, + selector = ""; + for ( ; i < len; i++ ) { + selector += tokens[i].value; + } + return selector; +} + +function addCombinator( matcher, combinator, base ) { + var dir = combinator.dir, + checkNonElements = base && dir === "parentNode", + doneName = done++; + + return combinator.first ? + // Check against closest ancestor/preceding element + function( elem, context, xml ) { + while ( (elem = elem[ dir ]) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + return matcher( elem, context, xml ); + } + } + } : + + // Check against all ancestor/preceding elements + function( elem, context, xml ) { + var oldCache, uniqueCache, outerCache, + newCache = [ dirruns, doneName ]; + + // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching + if ( xml ) { + while ( (elem = elem[ dir ]) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + if ( matcher( elem, context, xml ) ) { + return true; + } + } + } + } else { + while ( (elem = elem[ dir ]) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + outerCache = elem[ expando ] || (elem[ expando ] = {}); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ elem.uniqueID ] || (outerCache[ elem.uniqueID ] = {}); + + if ( (oldCache = uniqueCache[ dir ]) && + oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { + + // Assign to newCache so results back-propagate to previous elements + return (newCache[ 2 ] = oldCache[ 2 ]); + } else { + // Reuse newcache so results back-propagate to previous elements + uniqueCache[ dir ] = newCache; + + // A match means we're done; a fail means we have to keep checking + if ( (newCache[ 2 ] = matcher( elem, context, xml )) ) { + return true; + } + } + } + } + } + }; +} + +function elementMatcher( matchers ) { + return matchers.length > 1 ? + function( elem, context, xml ) { + var i = matchers.length; + while ( i-- ) { + if ( !matchers[i]( elem, context, xml ) ) { + return false; + } + } + return true; + } : + matchers[0]; +} + +function multipleContexts( selector, contexts, results ) { + var i = 0, + len = contexts.length; + for ( ; i < len; i++ ) { + Sizzle( selector, contexts[i], results ); + } + return results; +} + +function condense( unmatched, map, filter, context, xml ) { + var elem, + newUnmatched = [], + i = 0, + len = unmatched.length, + mapped = map != null; + + for ( ; i < len; i++ ) { + if ( (elem = unmatched[i]) ) { + if ( !filter || filter( elem, context, xml ) ) { + newUnmatched.push( elem ); + if ( mapped ) { + map.push( i ); + } + } + } + } + + return newUnmatched; +} + +function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { + if ( postFilter && !postFilter[ expando ] ) { + postFilter = setMatcher( postFilter ); + } + if ( postFinder && !postFinder[ expando ] ) { + postFinder = setMatcher( postFinder, postSelector ); + } + return markFunction(function( seed, results, context, xml ) { + var temp, i, elem, + preMap = [], + postMap = [], + preexisting = results.length, + + // Get initial elements from seed or context + elems = seed || multipleContexts( selector || "*", context.nodeType ? [ context ] : context, [] ), + + // Prefilter to get matcher input, preserving a map for seed-results synchronization + matcherIn = preFilter && ( seed || !selector ) ? + condense( elems, preMap, preFilter, context, xml ) : + elems, + + matcherOut = matcher ? + // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, + postFinder || ( seed ? preFilter : preexisting || postFilter ) ? + + // ...intermediate processing is necessary + [] : + + // ...otherwise use results directly + results : + matcherIn; + + // Find primary matches + if ( matcher ) { + matcher( matcherIn, matcherOut, context, xml ); + } + + // Apply postFilter + if ( postFilter ) { + temp = condense( matcherOut, postMap ); + postFilter( temp, [], context, xml ); + + // Un-match failing elements by moving them back to matcherIn + i = temp.length; + while ( i-- ) { + if ( (elem = temp[i]) ) { + matcherOut[ postMap[i] ] = !(matcherIn[ postMap[i] ] = elem); + } + } + } + + if ( seed ) { + if ( postFinder || preFilter ) { + if ( postFinder ) { + // Get the final matcherOut by condensing this intermediate into postFinder contexts + temp = []; + i = matcherOut.length; + while ( i-- ) { + if ( (elem = matcherOut[i]) ) { + // Restore matcherIn since elem is not yet a final match + temp.push( (matcherIn[i] = elem) ); + } + } + postFinder( null, (matcherOut = []), temp, xml ); + } + + // Move matched elements from seed to results to keep them synchronized + i = matcherOut.length; + while ( i-- ) { + if ( (elem = matcherOut[i]) && + (temp = postFinder ? indexOf( seed, elem ) : preMap[i]) > -1 ) { + + seed[temp] = !(results[temp] = elem); + } + } + } + + // Add elements to results, through postFinder if defined + } else { + matcherOut = condense( + matcherOut === results ? + matcherOut.splice( preexisting, matcherOut.length ) : + matcherOut + ); + if ( postFinder ) { + postFinder( null, results, matcherOut, xml ); + } else { + push.apply( results, matcherOut ); + } + } + }); +} + +function matcherFromTokens( tokens ) { + var checkContext, matcher, j, + len = tokens.length, + leadingRelative = Expr.relative[ tokens[0].type ], + implicitRelative = leadingRelative || Expr.relative[" "], + i = leadingRelative ? 1 : 0, + + // The foundational matcher ensures that elements are reachable from top-level context(s) + matchContext = addCombinator( function( elem ) { + return elem === checkContext; + }, implicitRelative, true ), + matchAnyContext = addCombinator( function( elem ) { + return indexOf( checkContext, elem ) > -1; + }, implicitRelative, true ), + matchers = [ function( elem, context, xml ) { + var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( + (checkContext = context).nodeType ? + matchContext( elem, context, xml ) : + matchAnyContext( elem, context, xml ) ); + // Avoid hanging onto element (issue #299) + checkContext = null; + return ret; + } ]; + + for ( ; i < len; i++ ) { + if ( (matcher = Expr.relative[ tokens[i].type ]) ) { + matchers = [ addCombinator(elementMatcher( matchers ), matcher) ]; + } else { + matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches ); + + // Return special upon seeing a positional matcher + if ( matcher[ expando ] ) { + // Find the next relative operator (if any) for proper handling + j = ++i; + for ( ; j < len; j++ ) { + if ( Expr.relative[ tokens[j].type ] ) { + break; + } + } + return setMatcher( + i > 1 && elementMatcher( matchers ), + i > 1 && toSelector( + // If the preceding token was a descendant combinator, insert an implicit any-element `*` + tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === " " ? "*" : "" }) + ).replace( rtrim, "$1" ), + matcher, + i < j && matcherFromTokens( tokens.slice( i, j ) ), + j < len && matcherFromTokens( (tokens = tokens.slice( j )) ), + j < len && toSelector( tokens ) + ); + } + matchers.push( matcher ); + } + } + + return elementMatcher( matchers ); +} + +function matcherFromGroupMatchers( elementMatchers, setMatchers ) { + var bySet = setMatchers.length > 0, + byElement = elementMatchers.length > 0, + superMatcher = function( seed, context, xml, results, outermost ) { + var elem, j, matcher, + matchedCount = 0, + i = "0", + unmatched = seed && [], + setMatched = [], + contextBackup = outermostContext, + // We must always have either seed elements or outermost context + elems = seed || byElement && Expr.find["TAG"]( "*", outermost ), + // Use integer dirruns iff this is the outermost matcher + dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1), + len = elems.length; + + if ( outermost ) { + outermostContext = context === document || context || outermost; + } + + // Add elements passing elementMatchers directly to results + // Support: IE<9, Safari + // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id + for ( ; i !== len && (elem = elems[i]) != null; i++ ) { + if ( byElement && elem ) { + j = 0; + if ( !context && elem.ownerDocument !== document ) { + setDocument( elem ); + xml = !documentIsHTML; + } + while ( (matcher = elementMatchers[j++]) ) { + if ( matcher( elem, context || document, xml) ) { + results.push( elem ); + break; + } + } + if ( outermost ) { + dirruns = dirrunsUnique; + } + } + + // Track unmatched elements for set filters + if ( bySet ) { + // They will have gone through all possible matchers + if ( (elem = !matcher && elem) ) { + matchedCount--; + } + + // Lengthen the array for every element, matched or not + if ( seed ) { + unmatched.push( elem ); + } + } + } + + // `i` is now the count of elements visited above, and adding it to `matchedCount` + // makes the latter nonnegative. + matchedCount += i; + + // Apply set filters to unmatched elements + // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` + // equals `i`), unless we didn't visit _any_ elements in the above loop because we have + // no element matchers and no seed. + // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that + // case, which will result in a "00" `matchedCount` that differs from `i` but is also + // numerically zero. + if ( bySet && i !== matchedCount ) { + j = 0; + while ( (matcher = setMatchers[j++]) ) { + matcher( unmatched, setMatched, context, xml ); + } + + if ( seed ) { + // Reintegrate element matches to eliminate the need for sorting + if ( matchedCount > 0 ) { + while ( i-- ) { + if ( !(unmatched[i] || setMatched[i]) ) { + setMatched[i] = pop.call( results ); + } + } + } + + // Discard index placeholder values to get only actual matches + setMatched = condense( setMatched ); + } + + // Add matches to results + push.apply( results, setMatched ); + + // Seedless set matches succeeding multiple successful matchers stipulate sorting + if ( outermost && !seed && setMatched.length > 0 && + ( matchedCount + setMatchers.length ) > 1 ) { + + Sizzle.uniqueSort( results ); + } + } + + // Override manipulation of globals by nested matchers + if ( outermost ) { + dirruns = dirrunsUnique; + outermostContext = contextBackup; + } + + return unmatched; + }; + + return bySet ? + markFunction( superMatcher ) : + superMatcher; +} + +compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { + var i, + setMatchers = [], + elementMatchers = [], + cached = compilerCache[ selector + " " ]; + + if ( !cached ) { + // Generate a function of recursive functions that can be used to check each element + if ( !match ) { + match = tokenize( selector ); + } + i = match.length; + while ( i-- ) { + cached = matcherFromTokens( match[i] ); + if ( cached[ expando ] ) { + setMatchers.push( cached ); + } else { + elementMatchers.push( cached ); + } + } + + // Cache the compiled function + cached = compilerCache( selector, matcherFromGroupMatchers( elementMatchers, setMatchers ) ); + + // Save selector and tokenization + cached.selector = selector; + } + return cached; +}; + +/** + * A low-level selection function that works with Sizzle's compiled + * selector functions + * @param {String|Function} selector A selector or a pre-compiled + * selector function built with Sizzle.compile + * @param {Element} context + * @param {Array} [results] + * @param {Array} [seed] A set of elements to match against + */ +select = Sizzle.select = function( selector, context, results, seed ) { + var i, tokens, token, type, find, + compiled = typeof selector === "function" && selector, + match = !seed && tokenize( (selector = compiled.selector || selector) ); + + results = results || []; + + // Try to minimize operations if there is only one selector in the list and no seed + // (the latter of which guarantees us context) + if ( match.length === 1 ) { + + // Reduce context if the leading compound selector is an ID + tokens = match[0] = match[0].slice( 0 ); + if ( tokens.length > 2 && (token = tokens[0]).type === "ID" && + support.getById && context.nodeType === 9 && documentIsHTML && + Expr.relative[ tokens[1].type ] ) { + + context = ( Expr.find["ID"]( token.matches[0].replace(runescape, funescape), context ) || [] )[0]; + if ( !context ) { + return results; + + // Precompiled matchers will still verify ancestry, so step up a level + } else if ( compiled ) { + context = context.parentNode; + } + + selector = selector.slice( tokens.shift().value.length ); + } + + // Fetch a seed set for right-to-left matching + i = matchExpr["needsContext"].test( selector ) ? 0 : tokens.length; + while ( i-- ) { + token = tokens[i]; + + // Abort if we hit a combinator + if ( Expr.relative[ (type = token.type) ] ) { + break; + } + if ( (find = Expr.find[ type ]) ) { + // Search, expanding context for leading sibling combinators + if ( (seed = find( + token.matches[0].replace( runescape, funescape ), + rsibling.test( tokens[0].type ) && testContext( context.parentNode ) || context + )) ) { + + // If seed is empty or no tokens remain, we can return early + tokens.splice( i, 1 ); + selector = seed.length && toSelector( tokens ); + if ( !selector ) { + push.apply( results, seed ); + return results; + } + + break; + } + } + } + } + + // Compile and execute a filtering function if one is not provided + // Provide `match` to avoid retokenization if we modified the selector above + ( compiled || compile( selector, match ) )( + seed, + context, + !documentIsHTML, + results, + !context || rsibling.test( selector ) && testContext( context.parentNode ) || context + ); + return results; +}; + +// One-time assignments + +// Sort stability +support.sortStable = expando.split("").sort( sortOrder ).join("") === expando; + +// Support: Chrome 14-35+ +// Always assume duplicates if they aren't passed to the comparison function +support.detectDuplicates = !!hasDuplicate; + +// Initialize against the default document +setDocument(); + +// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) +// Detached nodes confoundingly follow *each other* +support.sortDetached = assert(function( div1 ) { + // Should return 1, but returns 4 (following) + return div1.compareDocumentPosition( document.createElement("div") ) & 1; +}); + +// Support: IE<8 +// Prevent attribute/property "interpolation" +// http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx +if ( !assert(function( div ) { + div.innerHTML = ""; + return div.firstChild.getAttribute("href") === "#" ; +}) ) { + addHandle( "type|href|height|width", function( elem, name, isXML ) { + if ( !isXML ) { + return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); + } + }); +} + +// Support: IE<9 +// Use defaultValue in place of getAttribute("value") +if ( !support.attributes || !assert(function( div ) { + div.innerHTML = ""; + div.firstChild.setAttribute( "value", "" ); + return div.firstChild.getAttribute( "value" ) === ""; +}) ) { + addHandle( "value", function( elem, name, isXML ) { + if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { + return elem.defaultValue; + } + }); +} + +// Support: IE<9 +// Use getAttributeNode to fetch booleans when getAttribute lies +if ( !assert(function( div ) { + return div.getAttribute("disabled") == null; +}) ) { + addHandle( booleans, function( elem, name, isXML ) { + var val; + if ( !isXML ) { + return elem[ name ] === true ? name.toLowerCase() : + (val = elem.getAttributeNode( name )) && val.specified ? + val.value : + null; + } + }); +} + +return Sizzle; + +})( window ); + + + +jQuery.find = Sizzle; +jQuery.expr = Sizzle.selectors; +jQuery.expr[ ":" ] = jQuery.expr.pseudos; +jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; +jQuery.text = Sizzle.getText; +jQuery.isXMLDoc = Sizzle.isXML; +jQuery.contains = Sizzle.contains; + + + +var dir = function( elem, dir, until ) { + var matched = [], + truncate = until !== undefined; + + while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { + if ( elem.nodeType === 1 ) { + if ( truncate && jQuery( elem ).is( until ) ) { + break; + } + matched.push( elem ); + } + } + return matched; +}; + + +var siblings = function( n, elem ) { + var matched = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType === 1 && n !== elem ) { + matched.push( n ); + } + } + + return matched; +}; + + +var rneedsContext = jQuery.expr.match.needsContext; + +var rsingleTag = ( /^<([\w-]+)\s*\/?>(?:<\/\1>|)$/ ); + + + +var risSimple = /^.[^:#\[\.,]*$/; + +// Implement the identical functionality for filter and not +function winnow( elements, qualifier, not ) { + if ( jQuery.isFunction( qualifier ) ) { + return jQuery.grep( elements, function( elem, i ) { + /* jshint -W018 */ + return !!qualifier.call( elem, i, elem ) !== not; + } ); + + } + + if ( qualifier.nodeType ) { + return jQuery.grep( elements, function( elem ) { + return ( elem === qualifier ) !== not; + } ); + + } + + if ( typeof qualifier === "string" ) { + if ( risSimple.test( qualifier ) ) { + return jQuery.filter( qualifier, elements, not ); + } + + qualifier = jQuery.filter( qualifier, elements ); + } + + return jQuery.grep( elements, function( elem ) { + return ( indexOf.call( qualifier, elem ) > -1 ) !== not; + } ); +} + +jQuery.filter = function( expr, elems, not ) { + var elem = elems[ 0 ]; + + if ( not ) { + expr = ":not(" + expr + ")"; + } + + return elems.length === 1 && elem.nodeType === 1 ? + jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : [] : + jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { + return elem.nodeType === 1; + } ) ); +}; + +jQuery.fn.extend( { + find: function( selector ) { + var i, + len = this.length, + ret = [], + self = this; + + if ( typeof selector !== "string" ) { + return this.pushStack( jQuery( selector ).filter( function() { + for ( i = 0; i < len; i++ ) { + if ( jQuery.contains( self[ i ], this ) ) { + return true; + } + } + } ) ); + } + + for ( i = 0; i < len; i++ ) { + jQuery.find( selector, self[ i ], ret ); + } + + // Needed because $( selector, context ) becomes $( context ).find( selector ) + ret = this.pushStack( len > 1 ? jQuery.unique( ret ) : ret ); + ret.selector = this.selector ? this.selector + " " + selector : selector; + return ret; + }, + filter: function( selector ) { + return this.pushStack( winnow( this, selector || [], false ) ); + }, + not: function( selector ) { + return this.pushStack( winnow( this, selector || [], true ) ); + }, + is: function( selector ) { + return !!winnow( + this, + + // If this is a positional/relative selector, check membership in the returned set + // so $("p:first").is("p:last") won't return true for a doc with two "p". + typeof selector === "string" && rneedsContext.test( selector ) ? + jQuery( selector ) : + selector || [], + false + ).length; + } +} ); + + +// Initialize a jQuery object + + +// A central reference to the root jQuery(document) +var rootjQuery, + + // A simple way to check for HTML strings + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Strict HTML recognition (#11290: must start with <) + rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/, + + init = jQuery.fn.init = function( selector, context, root ) { + var match, elem; + + // HANDLE: $(""), $(null), $(undefined), $(false) + if ( !selector ) { + return this; + } + + // Method init() accepts an alternate rootjQuery + // so migrate can support jQuery.sub (gh-2101) + root = root || rootjQuery; + + // Handle HTML strings + if ( typeof selector === "string" ) { + if ( selector[ 0 ] === "<" && + selector[ selector.length - 1 ] === ">" && + selector.length >= 3 ) { + + // Assume that strings that start and end with <> are HTML and skip the regex check + match = [ null, selector, null ]; + + } else { + match = rquickExpr.exec( selector ); + } + + // Match html or make sure no context is specified for #id + if ( match && ( match[ 1 ] || !context ) ) { + + // HANDLE: $(html) -> $(array) + if ( match[ 1 ] ) { + context = context instanceof jQuery ? context[ 0 ] : context; + + // Option to run scripts is true for back-compat + // Intentionally let the error be thrown if parseHTML is not present + jQuery.merge( this, jQuery.parseHTML( + match[ 1 ], + context && context.nodeType ? context.ownerDocument || context : document, + true + ) ); + + // HANDLE: $(html, props) + if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { + for ( match in context ) { + + // Properties of context are called as methods if possible + if ( jQuery.isFunction( this[ match ] ) ) { + this[ match ]( context[ match ] ); + + // ...and otherwise set as attributes + } else { + this.attr( match, context[ match ] ); + } + } + } + + return this; + + // HANDLE: $(#id) + } else { + elem = document.getElementById( match[ 2 ] ); + + // Support: Blackberry 4.6 + // gEBID returns nodes no longer in the document (#6963) + if ( elem && elem.parentNode ) { + + // Inject the element directly into the jQuery object + this.length = 1; + this[ 0 ] = elem; + } + + this.context = document; + this.selector = selector; + return this; + } + + // HANDLE: $(expr, $(...)) + } else if ( !context || context.jquery ) { + return ( context || root ).find( selector ); + + // HANDLE: $(expr, context) + // (which is just equivalent to: $(context).find(expr) + } else { + return this.constructor( context ).find( selector ); + } + + // HANDLE: $(DOMElement) + } else if ( selector.nodeType ) { + this.context = this[ 0 ] = selector; + this.length = 1; + return this; + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( jQuery.isFunction( selector ) ) { + return root.ready !== undefined ? + root.ready( selector ) : + + // Execute immediately if ready is not present + selector( jQuery ); + } + + if ( selector.selector !== undefined ) { + this.selector = selector.selector; + this.context = selector.context; + } + + return jQuery.makeArray( selector, this ); + }; + +// Give the init function the jQuery prototype for later instantiation +init.prototype = jQuery.fn; + +// Initialize central reference +rootjQuery = jQuery( document ); + + +var rparentsprev = /^(?:parents|prev(?:Until|All))/, + + // Methods guaranteed to produce a unique set when starting from a unique set + guaranteedUnique = { + children: true, + contents: true, + next: true, + prev: true + }; + +jQuery.fn.extend( { + has: function( target ) { + var targets = jQuery( target, this ), + l = targets.length; + + return this.filter( function() { + var i = 0; + for ( ; i < l; i++ ) { + if ( jQuery.contains( this, targets[ i ] ) ) { + return true; + } + } + } ); + }, + + closest: function( selectors, context ) { + var cur, + i = 0, + l = this.length, + matched = [], + pos = rneedsContext.test( selectors ) || typeof selectors !== "string" ? + jQuery( selectors, context || this.context ) : + 0; + + for ( ; i < l; i++ ) { + for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { + + // Always skip document fragments + if ( cur.nodeType < 11 && ( pos ? + pos.index( cur ) > -1 : + + // Don't pass non-elements to Sizzle + cur.nodeType === 1 && + jQuery.find.matchesSelector( cur, selectors ) ) ) { + + matched.push( cur ); + break; + } + } + } + + return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); + }, + + // Determine the position of an element within the set + index: function( elem ) { + + // No argument, return index in parent + if ( !elem ) { + return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; + } + + // Index in selector + if ( typeof elem === "string" ) { + return indexOf.call( jQuery( elem ), this[ 0 ] ); + } + + // Locate the position of the desired element + return indexOf.call( this, + + // If it receives a jQuery object, the first element is used + elem.jquery ? elem[ 0 ] : elem + ); + }, + + add: function( selector, context ) { + return this.pushStack( + jQuery.uniqueSort( + jQuery.merge( this.get(), jQuery( selector, context ) ) + ) + ); + }, + + addBack: function( selector ) { + return this.add( selector == null ? + this.prevObject : this.prevObject.filter( selector ) + ); + } +} ); + +function sibling( cur, dir ) { + while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} + return cur; +} + +jQuery.each( { + parent: function( elem ) { + var parent = elem.parentNode; + return parent && parent.nodeType !== 11 ? parent : null; + }, + parents: function( elem ) { + return dir( elem, "parentNode" ); + }, + parentsUntil: function( elem, i, until ) { + return dir( elem, "parentNode", until ); + }, + next: function( elem ) { + return sibling( elem, "nextSibling" ); + }, + prev: function( elem ) { + return sibling( elem, "previousSibling" ); + }, + nextAll: function( elem ) { + return dir( elem, "nextSibling" ); + }, + prevAll: function( elem ) { + return dir( elem, "previousSibling" ); + }, + nextUntil: function( elem, i, until ) { + return dir( elem, "nextSibling", until ); + }, + prevUntil: function( elem, i, until ) { + return dir( elem, "previousSibling", until ); + }, + siblings: function( elem ) { + return siblings( ( elem.parentNode || {} ).firstChild, elem ); + }, + children: function( elem ) { + return siblings( elem.firstChild ); + }, + contents: function( elem ) { + return elem.contentDocument || jQuery.merge( [], elem.childNodes ); + } +}, function( name, fn ) { + jQuery.fn[ name ] = function( until, selector ) { + var matched = jQuery.map( this, fn, until ); + + if ( name.slice( -5 ) !== "Until" ) { + selector = until; + } + + if ( selector && typeof selector === "string" ) { + matched = jQuery.filter( selector, matched ); + } + + if ( this.length > 1 ) { + + // Remove duplicates + if ( !guaranteedUnique[ name ] ) { + jQuery.uniqueSort( matched ); + } + + // Reverse order for parents* and prev-derivatives + if ( rparentsprev.test( name ) ) { + matched.reverse(); + } + } + + return this.pushStack( matched ); + }; +} ); +var rnotwhite = ( /\S+/g ); + + + +// Convert String-formatted options into Object-formatted ones +function createOptions( options ) { + var object = {}; + jQuery.each( options.match( rnotwhite ) || [], function( _, flag ) { + object[ flag ] = true; + } ); + return object; +} + +/* + * Create a callback list using the following parameters: + * + * options: an optional list of space-separated options that will change how + * the callback list behaves or a more traditional option object + * + * By default a callback list will act like an event callback list and can be + * "fired" multiple times. + * + * Possible options: + * + * once: will ensure the callback list can only be fired once (like a Deferred) + * + * memory: will keep track of previous values and will call any callback added + * after the list has been fired right away with the latest "memorized" + * values (like a Deferred) + * + * unique: will ensure a callback can only be added once (no duplicate in the list) + * + * stopOnFalse: interrupt callings when a callback returns false + * + */ +jQuery.Callbacks = function( options ) { + + // Convert options from String-formatted to Object-formatted if needed + // (we check in cache first) + options = typeof options === "string" ? + createOptions( options ) : + jQuery.extend( {}, options ); + + var // Flag to know if list is currently firing + firing, + + // Last fire value for non-forgettable lists + memory, + + // Flag to know if list was already fired + fired, + + // Flag to prevent firing + locked, + + // Actual callback list + list = [], + + // Queue of execution data for repeatable lists + queue = [], + + // Index of currently firing callback (modified by add/remove as needed) + firingIndex = -1, + + // Fire callbacks + fire = function() { + + // Enforce single-firing + locked = options.once; + + // Execute callbacks for all pending executions, + // respecting firingIndex overrides and runtime changes + fired = firing = true; + for ( ; queue.length; firingIndex = -1 ) { + memory = queue.shift(); + while ( ++firingIndex < list.length ) { + + // Run callback and check for early termination + if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && + options.stopOnFalse ) { + + // Jump to end and forget the data so .add doesn't re-fire + firingIndex = list.length; + memory = false; + } + } + } + + // Forget the data if we're done with it + if ( !options.memory ) { + memory = false; + } + + firing = false; + + // Clean up if we're done firing for good + if ( locked ) { + + // Keep an empty list if we have data for future add calls + if ( memory ) { + list = []; + + // Otherwise, this object is spent + } else { + list = ""; + } + } + }, + + // Actual Callbacks object + self = { + + // Add a callback or a collection of callbacks to the list + add: function() { + if ( list ) { + + // If we have memory from a past run, we should fire after adding + if ( memory && !firing ) { + firingIndex = list.length - 1; + queue.push( memory ); + } + + ( function add( args ) { + jQuery.each( args, function( _, arg ) { + if ( jQuery.isFunction( arg ) ) { + if ( !options.unique || !self.has( arg ) ) { + list.push( arg ); + } + } else if ( arg && arg.length && jQuery.type( arg ) !== "string" ) { + + // Inspect recursively + add( arg ); + } + } ); + } )( arguments ); + + if ( memory && !firing ) { + fire(); + } + } + return this; + }, + + // Remove a callback from the list + remove: function() { + jQuery.each( arguments, function( _, arg ) { + var index; + while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { + list.splice( index, 1 ); + + // Handle firing indexes + if ( index <= firingIndex ) { + firingIndex--; + } + } + } ); + return this; + }, + + // Check if a given callback is in the list. + // If no argument is given, return whether or not list has callbacks attached. + has: function( fn ) { + return fn ? + jQuery.inArray( fn, list ) > -1 : + list.length > 0; + }, + + // Remove all callbacks from the list + empty: function() { + if ( list ) { + list = []; + } + return this; + }, + + // Disable .fire and .add + // Abort any current/pending executions + // Clear all callbacks and values + disable: function() { + locked = queue = []; + list = memory = ""; + return this; + }, + disabled: function() { + return !list; + }, + + // Disable .fire + // Also disable .add unless we have memory (since it would have no effect) + // Abort any pending executions + lock: function() { + locked = queue = []; + if ( !memory ) { + list = memory = ""; + } + return this; + }, + locked: function() { + return !!locked; + }, + + // Call all callbacks with the given context and arguments + fireWith: function( context, args ) { + if ( !locked ) { + args = args || []; + args = [ context, args.slice ? args.slice() : args ]; + queue.push( args ); + if ( !firing ) { + fire(); + } + } + return this; + }, + + // Call all the callbacks with the given arguments + fire: function() { + self.fireWith( this, arguments ); + return this; + }, + + // To know if the callbacks have already been called at least once + fired: function() { + return !!fired; + } + }; + + return self; +}; + + +jQuery.extend( { + + Deferred: function( func ) { + var tuples = [ + + // action, add listener, listener list, final state + [ "resolve", "done", jQuery.Callbacks( "once memory" ), "resolved" ], + [ "reject", "fail", jQuery.Callbacks( "once memory" ), "rejected" ], + [ "notify", "progress", jQuery.Callbacks( "memory" ) ] + ], + state = "pending", + promise = { + state: function() { + return state; + }, + always: function() { + deferred.done( arguments ).fail( arguments ); + return this; + }, + then: function( /* fnDone, fnFail, fnProgress */ ) { + var fns = arguments; + return jQuery.Deferred( function( newDefer ) { + jQuery.each( tuples, function( i, tuple ) { + var fn = jQuery.isFunction( fns[ i ] ) && fns[ i ]; + + // deferred[ done | fail | progress ] for forwarding actions to newDefer + deferred[ tuple[ 1 ] ]( function() { + var returned = fn && fn.apply( this, arguments ); + if ( returned && jQuery.isFunction( returned.promise ) ) { + returned.promise() + .progress( newDefer.notify ) + .done( newDefer.resolve ) + .fail( newDefer.reject ); + } else { + newDefer[ tuple[ 0 ] + "With" ]( + this === promise ? newDefer.promise() : this, + fn ? [ returned ] : arguments + ); + } + } ); + } ); + fns = null; + } ).promise(); + }, + + // Get a promise for this deferred + // If obj is provided, the promise aspect is added to the object + promise: function( obj ) { + return obj != null ? jQuery.extend( obj, promise ) : promise; + } + }, + deferred = {}; + + // Keep pipe for back-compat + promise.pipe = promise.then; + + // Add list-specific methods + jQuery.each( tuples, function( i, tuple ) { + var list = tuple[ 2 ], + stateString = tuple[ 3 ]; + + // promise[ done | fail | progress ] = list.add + promise[ tuple[ 1 ] ] = list.add; + + // Handle state + if ( stateString ) { + list.add( function() { + + // state = [ resolved | rejected ] + state = stateString; + + // [ reject_list | resolve_list ].disable; progress_list.lock + }, tuples[ i ^ 1 ][ 2 ].disable, tuples[ 2 ][ 2 ].lock ); + } + + // deferred[ resolve | reject | notify ] + deferred[ tuple[ 0 ] ] = function() { + deferred[ tuple[ 0 ] + "With" ]( this === deferred ? promise : this, arguments ); + return this; + }; + deferred[ tuple[ 0 ] + "With" ] = list.fireWith; + } ); + + // Make the deferred a promise + promise.promise( deferred ); + + // Call given func if any + if ( func ) { + func.call( deferred, deferred ); + } + + // All done! + return deferred; + }, + + // Deferred helper + when: function( subordinate /* , ..., subordinateN */ ) { + var i = 0, + resolveValues = slice.call( arguments ), + length = resolveValues.length, + + // the count of uncompleted subordinates + remaining = length !== 1 || + ( subordinate && jQuery.isFunction( subordinate.promise ) ) ? length : 0, + + // the master Deferred. + // If resolveValues consist of only a single Deferred, just use that. + deferred = remaining === 1 ? subordinate : jQuery.Deferred(), + + // Update function for both resolve and progress values + updateFunc = function( i, contexts, values ) { + return function( value ) { + contexts[ i ] = this; + values[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; + if ( values === progressValues ) { + deferred.notifyWith( contexts, values ); + } else if ( !( --remaining ) ) { + deferred.resolveWith( contexts, values ); + } + }; + }, + + progressValues, progressContexts, resolveContexts; + + // Add listeners to Deferred subordinates; treat others as resolved + if ( length > 1 ) { + progressValues = new Array( length ); + progressContexts = new Array( length ); + resolveContexts = new Array( length ); + for ( ; i < length; i++ ) { + if ( resolveValues[ i ] && jQuery.isFunction( resolveValues[ i ].promise ) ) { + resolveValues[ i ].promise() + .progress( updateFunc( i, progressContexts, progressValues ) ) + .done( updateFunc( i, resolveContexts, resolveValues ) ) + .fail( deferred.reject ); + } else { + --remaining; + } + } + } + + // If we're not waiting on anything, resolve the master + if ( !remaining ) { + deferred.resolveWith( resolveContexts, resolveValues ); + } + + return deferred.promise(); + } +} ); + + +// The deferred used on DOM ready +var readyList; + +jQuery.fn.ready = function( fn ) { + + // Add the callback + jQuery.ready.promise().done( fn ); + + return this; +}; + +jQuery.extend( { + + // Is the DOM ready to be used? Set to true once it occurs. + isReady: false, + + // A counter to track how many items to wait for before + // the ready event fires. See #6781 + readyWait: 1, + + // Hold (or release) the ready event + holdReady: function( hold ) { + if ( hold ) { + jQuery.readyWait++; + } else { + jQuery.ready( true ); + } + }, + + // Handle when the DOM is ready + ready: function( wait ) { + + // Abort if there are pending holds or we're already ready + if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { + return; + } + + // Remember that the DOM is ready + jQuery.isReady = true; + + // If a normal DOM Ready event fired, decrement, and wait if need be + if ( wait !== true && --jQuery.readyWait > 0 ) { + return; + } + + // If there are functions bound, to execute + readyList.resolveWith( document, [ jQuery ] ); + + // Trigger any bound ready events + if ( jQuery.fn.triggerHandler ) { + jQuery( document ).triggerHandler( "ready" ); + jQuery( document ).off( "ready" ); + } + } +} ); + +/** + * The ready event handler and self cleanup method + */ +function completed() { + document.removeEventListener( "DOMContentLoaded", completed ); + window.removeEventListener( "load", completed ); + jQuery.ready(); +} + +jQuery.ready.promise = function( obj ) { + if ( !readyList ) { + + readyList = jQuery.Deferred(); + + // Catch cases where $(document).ready() is called + // after the browser event has already occurred. + // Support: IE9-10 only + // Older IE sometimes signals "interactive" too soon + if ( document.readyState === "complete" || + ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { + + // Handle it asynchronously to allow scripts the opportunity to delay ready + window.setTimeout( jQuery.ready ); + + } else { + + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", completed ); + + // A fallback to window.onload, that will always work + window.addEventListener( "load", completed ); + } + } + return readyList.promise( obj ); +}; + +// Kick off the DOM ready check even if the user does not +jQuery.ready.promise(); + + + + +// Multifunctional method to get and set values of a collection +// The value/s can optionally be executed if it's a function +var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { + var i = 0, + len = elems.length, + bulk = key == null; + + // Sets many values + if ( jQuery.type( key ) === "object" ) { + chainable = true; + for ( i in key ) { + access( elems, fn, i, key[ i ], true, emptyGet, raw ); + } + + // Sets one value + } else if ( value !== undefined ) { + chainable = true; + + if ( !jQuery.isFunction( value ) ) { + raw = true; + } + + if ( bulk ) { + + // Bulk operations run against the entire set + if ( raw ) { + fn.call( elems, value ); + fn = null; + + // ...except when executing function values + } else { + bulk = fn; + fn = function( elem, key, value ) { + return bulk.call( jQuery( elem ), value ); + }; + } + } + + if ( fn ) { + for ( ; i < len; i++ ) { + fn( + elems[ i ], key, raw ? + value : + value.call( elems[ i ], i, fn( elems[ i ], key ) ) + ); + } + } + } + + return chainable ? + elems : + + // Gets + bulk ? + fn.call( elems ) : + len ? fn( elems[ 0 ], key ) : emptyGet; +}; +var acceptData = function( owner ) { + + // Accepts only: + // - Node + // - Node.ELEMENT_NODE + // - Node.DOCUMENT_NODE + // - Object + // - Any + /* jshint -W018 */ + return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); +}; + + + + +function Data() { + this.expando = jQuery.expando + Data.uid++; +} + +Data.uid = 1; + +Data.prototype = { + + register: function( owner, initial ) { + var value = initial || {}; + + // If it is a node unlikely to be stringify-ed or looped over + // use plain assignment + if ( owner.nodeType ) { + owner[ this.expando ] = value; + + // Otherwise secure it in a non-enumerable, non-writable property + // configurability must be true to allow the property to be + // deleted with the delete operator + } else { + Object.defineProperty( owner, this.expando, { + value: value, + writable: true, + configurable: true + } ); + } + return owner[ this.expando ]; + }, + cache: function( owner ) { + + // We can accept data for non-element nodes in modern browsers, + // but we should not, see #8335. + // Always return an empty object. + if ( !acceptData( owner ) ) { + return {}; + } + + // Check if the owner object already has a cache + var value = owner[ this.expando ]; + + // If not, create one + if ( !value ) { + value = {}; + + // We can accept data for non-element nodes in modern browsers, + // but we should not, see #8335. + // Always return an empty object. + if ( acceptData( owner ) ) { + + // If it is a node unlikely to be stringify-ed or looped over + // use plain assignment + if ( owner.nodeType ) { + owner[ this.expando ] = value; + + // Otherwise secure it in a non-enumerable property + // configurable must be true to allow the property to be + // deleted when data is removed + } else { + Object.defineProperty( owner, this.expando, { + value: value, + configurable: true + } ); + } + } + } + + return value; + }, + set: function( owner, data, value ) { + var prop, + cache = this.cache( owner ); + + // Handle: [ owner, key, value ] args + if ( typeof data === "string" ) { + cache[ data ] = value; + + // Handle: [ owner, { properties } ] args + } else { + + // Copy the properties one-by-one to the cache object + for ( prop in data ) { + cache[ prop ] = data[ prop ]; + } + } + return cache; + }, + get: function( owner, key ) { + return key === undefined ? + this.cache( owner ) : + owner[ this.expando ] && owner[ this.expando ][ key ]; + }, + access: function( owner, key, value ) { + var stored; + + // In cases where either: + // + // 1. No key was specified + // 2. A string key was specified, but no value provided + // + // Take the "read" path and allow the get method to determine + // which value to return, respectively either: + // + // 1. The entire cache object + // 2. The data stored at the key + // + if ( key === undefined || + ( ( key && typeof key === "string" ) && value === undefined ) ) { + + stored = this.get( owner, key ); + + return stored !== undefined ? + stored : this.get( owner, jQuery.camelCase( key ) ); + } + + // When the key is not a string, or both a key and value + // are specified, set or extend (existing objects) with either: + // + // 1. An object of properties + // 2. A key and value + // + this.set( owner, key, value ); + + // Since the "set" path can have two possible entry points + // return the expected data based on which path was taken[*] + return value !== undefined ? value : key; + }, + remove: function( owner, key ) { + var i, name, camel, + cache = owner[ this.expando ]; + + if ( cache === undefined ) { + return; + } + + if ( key === undefined ) { + this.register( owner ); + + } else { + + // Support array or space separated string of keys + if ( jQuery.isArray( key ) ) { + + // If "name" is an array of keys... + // When data is initially created, via ("key", "val") signature, + // keys will be converted to camelCase. + // Since there is no way to tell _how_ a key was added, remove + // both plain key and camelCase key. #12786 + // This will only penalize the array argument path. + name = key.concat( key.map( jQuery.camelCase ) ); + } else { + camel = jQuery.camelCase( key ); + + // Try the string as a key before any manipulation + if ( key in cache ) { + name = [ key, camel ]; + } else { + + // If a key with the spaces exists, use it. + // Otherwise, create an array by matching non-whitespace + name = camel; + name = name in cache ? + [ name ] : ( name.match( rnotwhite ) || [] ); + } + } + + i = name.length; + + while ( i-- ) { + delete cache[ name[ i ] ]; + } + } + + // Remove the expando if there's no more data + if ( key === undefined || jQuery.isEmptyObject( cache ) ) { + + // Support: Chrome <= 35-45+ + // Webkit & Blink performance suffers when deleting properties + // from DOM nodes, so set to undefined instead + // https://code.google.com/p/chromium/issues/detail?id=378607 + if ( owner.nodeType ) { + owner[ this.expando ] = undefined; + } else { + delete owner[ this.expando ]; + } + } + }, + hasData: function( owner ) { + var cache = owner[ this.expando ]; + return cache !== undefined && !jQuery.isEmptyObject( cache ); + } +}; +var dataPriv = new Data(); + +var dataUser = new Data(); + + + +// Implementation Summary +// +// 1. Enforce API surface and semantic compatibility with 1.9.x branch +// 2. Improve the module's maintainability by reducing the storage +// paths to a single mechanism. +// 3. Use the same single mechanism to support "private" and "user" data. +// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) +// 5. Avoid exposing implementation details on user objects (eg. expando properties) +// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 + +var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, + rmultiDash = /[A-Z]/g; + +function dataAttr( elem, key, data ) { + var name; + + // If nothing was found internally, try to fetch any + // data from the HTML5 data-* attribute + if ( data === undefined && elem.nodeType === 1 ) { + name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); + data = elem.getAttribute( name ); + + if ( typeof data === "string" ) { + try { + data = data === "true" ? true : + data === "false" ? false : + data === "null" ? null : + + // Only convert to a number if it doesn't change the string + +data + "" === data ? +data : + rbrace.test( data ) ? jQuery.parseJSON( data ) : + data; + } catch ( e ) {} + + // Make sure we set the data so it isn't changed later + dataUser.set( elem, key, data ); + } else { + data = undefined; + } + } + return data; +} + +jQuery.extend( { + hasData: function( elem ) { + return dataUser.hasData( elem ) || dataPriv.hasData( elem ); + }, + + data: function( elem, name, data ) { + return dataUser.access( elem, name, data ); + }, + + removeData: function( elem, name ) { + dataUser.remove( elem, name ); + }, + + // TODO: Now that all calls to _data and _removeData have been replaced + // with direct calls to dataPriv methods, these can be deprecated. + _data: function( elem, name, data ) { + return dataPriv.access( elem, name, data ); + }, + + _removeData: function( elem, name ) { + dataPriv.remove( elem, name ); + } +} ); + +jQuery.fn.extend( { + data: function( key, value ) { + var i, name, data, + elem = this[ 0 ], + attrs = elem && elem.attributes; + + // Gets all values + if ( key === undefined ) { + if ( this.length ) { + data = dataUser.get( elem ); + + if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { + i = attrs.length; + while ( i-- ) { + + // Support: IE11+ + // The attrs elements can be null (#14894) + if ( attrs[ i ] ) { + name = attrs[ i ].name; + if ( name.indexOf( "data-" ) === 0 ) { + name = jQuery.camelCase( name.slice( 5 ) ); + dataAttr( elem, name, data[ name ] ); + } + } + } + dataPriv.set( elem, "hasDataAttrs", true ); + } + } + + return data; + } + + // Sets multiple values + if ( typeof key === "object" ) { + return this.each( function() { + dataUser.set( this, key ); + } ); + } + + return access( this, function( value ) { + var data, camelKey; + + // The calling jQuery object (element matches) is not empty + // (and therefore has an element appears at this[ 0 ]) and the + // `value` parameter was not undefined. An empty jQuery object + // will result in `undefined` for elem = this[ 0 ] which will + // throw an exception if an attempt to read a data cache is made. + if ( elem && value === undefined ) { + + // Attempt to get data from the cache + // with the key as-is + data = dataUser.get( elem, key ) || + + // Try to find dashed key if it exists (gh-2779) + // This is for 2.2.x only + dataUser.get( elem, key.replace( rmultiDash, "-$&" ).toLowerCase() ); + + if ( data !== undefined ) { + return data; + } + + camelKey = jQuery.camelCase( key ); + + // Attempt to get data from the cache + // with the key camelized + data = dataUser.get( elem, camelKey ); + if ( data !== undefined ) { + return data; + } + + // Attempt to "discover" the data in + // HTML5 custom data-* attrs + data = dataAttr( elem, camelKey, undefined ); + if ( data !== undefined ) { + return data; + } + + // We tried really hard, but the data doesn't exist. + return; + } + + // Set the data... + camelKey = jQuery.camelCase( key ); + this.each( function() { + + // First, attempt to store a copy or reference of any + // data that might've been store with a camelCased key. + var data = dataUser.get( this, camelKey ); + + // For HTML5 data-* attribute interop, we have to + // store property names with dashes in a camelCase form. + // This might not apply to all properties...* + dataUser.set( this, camelKey, value ); + + // *... In the case of properties that might _actually_ + // have dashes, we need to also store a copy of that + // unchanged property. + if ( key.indexOf( "-" ) > -1 && data !== undefined ) { + dataUser.set( this, key, value ); + } + } ); + }, null, value, arguments.length > 1, null, true ); + }, + + removeData: function( key ) { + return this.each( function() { + dataUser.remove( this, key ); + } ); + } +} ); + + +jQuery.extend( { + queue: function( elem, type, data ) { + var queue; + + if ( elem ) { + type = ( type || "fx" ) + "queue"; + queue = dataPriv.get( elem, type ); + + // Speed up dequeue by getting out quickly if this is just a lookup + if ( data ) { + if ( !queue || jQuery.isArray( data ) ) { + queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); + } else { + queue.push( data ); + } + } + return queue || []; + } + }, + + dequeue: function( elem, type ) { + type = type || "fx"; + + var queue = jQuery.queue( elem, type ), + startLength = queue.length, + fn = queue.shift(), + hooks = jQuery._queueHooks( elem, type ), + next = function() { + jQuery.dequeue( elem, type ); + }; + + // If the fx queue is dequeued, always remove the progress sentinel + if ( fn === "inprogress" ) { + fn = queue.shift(); + startLength--; + } + + if ( fn ) { + + // Add a progress sentinel to prevent the fx queue from being + // automatically dequeued + if ( type === "fx" ) { + queue.unshift( "inprogress" ); + } + + // Clear up the last queue stop function + delete hooks.stop; + fn.call( elem, next, hooks ); + } + + if ( !startLength && hooks ) { + hooks.empty.fire(); + } + }, + + // Not public - generate a queueHooks object, or return the current one + _queueHooks: function( elem, type ) { + var key = type + "queueHooks"; + return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { + empty: jQuery.Callbacks( "once memory" ).add( function() { + dataPriv.remove( elem, [ type + "queue", key ] ); + } ) + } ); + } +} ); + +jQuery.fn.extend( { + queue: function( type, data ) { + var setter = 2; + + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + setter--; + } + + if ( arguments.length < setter ) { + return jQuery.queue( this[ 0 ], type ); + } + + return data === undefined ? + this : + this.each( function() { + var queue = jQuery.queue( this, type, data ); + + // Ensure a hooks for this queue + jQuery._queueHooks( this, type ); + + if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { + jQuery.dequeue( this, type ); + } + } ); + }, + dequeue: function( type ) { + return this.each( function() { + jQuery.dequeue( this, type ); + } ); + }, + clearQueue: function( type ) { + return this.queue( type || "fx", [] ); + }, + + // Get a promise resolved when queues of a certain type + // are emptied (fx is the type by default) + promise: function( type, obj ) { + var tmp, + count = 1, + defer = jQuery.Deferred(), + elements = this, + i = this.length, + resolve = function() { + if ( !( --count ) ) { + defer.resolveWith( elements, [ elements ] ); + } + }; + + if ( typeof type !== "string" ) { + obj = type; + type = undefined; + } + type = type || "fx"; + + while ( i-- ) { + tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); + if ( tmp && tmp.empty ) { + count++; + tmp.empty.add( resolve ); + } + } + resolve(); + return defer.promise( obj ); + } +} ); +var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; + +var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); + + +var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; + +var isHidden = function( elem, el ) { + + // isHidden might be called from jQuery#filter function; + // in that case, element will be second argument + elem = el || elem; + return jQuery.css( elem, "display" ) === "none" || + !jQuery.contains( elem.ownerDocument, elem ); + }; + + + +function adjustCSS( elem, prop, valueParts, tween ) { + var adjusted, + scale = 1, + maxIterations = 20, + currentValue = tween ? + function() { return tween.cur(); } : + function() { return jQuery.css( elem, prop, "" ); }, + initial = currentValue(), + unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), + + // Starting value computation is required for potential unit mismatches + initialInUnit = ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && + rcssNum.exec( jQuery.css( elem, prop ) ); + + if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { + + // Trust units reported by jQuery.css + unit = unit || initialInUnit[ 3 ]; + + // Make sure we update the tween properties later on + valueParts = valueParts || []; + + // Iteratively approximate from a nonzero starting point + initialInUnit = +initial || 1; + + do { + + // If previous iteration zeroed out, double until we get *something*. + // Use string for doubling so we don't accidentally see scale as unchanged below + scale = scale || ".5"; + + // Adjust and apply + initialInUnit = initialInUnit / scale; + jQuery.style( elem, prop, initialInUnit + unit ); + + // Update scale, tolerating zero or NaN from tween.cur() + // Break the loop if scale is unchanged or perfect, or if we've just had enough. + } while ( + scale !== ( scale = currentValue() / initial ) && scale !== 1 && --maxIterations + ); + } + + if ( valueParts ) { + initialInUnit = +initialInUnit || +initial || 0; + + // Apply relative offset (+=/-=) if specified + adjusted = valueParts[ 1 ] ? + initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : + +valueParts[ 2 ]; + if ( tween ) { + tween.unit = unit; + tween.start = initialInUnit; + tween.end = adjusted; + } + } + return adjusted; +} +var rcheckableType = ( /^(?:checkbox|radio)$/i ); + +var rtagName = ( /<([\w:-]+)/ ); + +var rscriptType = ( /^$|\/(?:java|ecma)script/i ); + + + +// We have to close these tags to support XHTML (#13200) +var wrapMap = { + + // Support: IE9 + option: [ 1, "" ], + + // XHTML parsers do not magically insert elements in the + // same way that tag soup parsers do. So we cannot shorten + // this by omitting or other required elements. + thead: [ 1, "", "
" ], + col: [ 2, "", "
" ], + tr: [ 2, "", "
" ], + td: [ 3, "", "
" ], + + _default: [ 0, "", "" ] +}; + +// Support: IE9 +wrapMap.optgroup = wrapMap.option; + +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + + +function getAll( context, tag ) { + + // Support: IE9-11+ + // Use typeof to avoid zero-argument method invocation on host objects (#15151) + var ret = typeof context.getElementsByTagName !== "undefined" ? + context.getElementsByTagName( tag || "*" ) : + typeof context.querySelectorAll !== "undefined" ? + context.querySelectorAll( tag || "*" ) : + []; + + return tag === undefined || tag && jQuery.nodeName( context, tag ) ? + jQuery.merge( [ context ], ret ) : + ret; +} + + +// Mark scripts as having already been evaluated +function setGlobalEval( elems, refElements ) { + var i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + dataPriv.set( + elems[ i ], + "globalEval", + !refElements || dataPriv.get( refElements[ i ], "globalEval" ) + ); + } +} + + +var rhtml = /<|&#?\w+;/; + +function buildFragment( elems, context, scripts, selection, ignored ) { + var elem, tmp, tag, wrap, contains, j, + fragment = context.createDocumentFragment(), + nodes = [], + i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + elem = elems[ i ]; + + if ( elem || elem === 0 ) { + + // Add nodes directly + if ( jQuery.type( elem ) === "object" ) { + + // Support: Android<4.1, PhantomJS<2 + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); + + // Convert non-html into a text node + } else if ( !rhtml.test( elem ) ) { + nodes.push( context.createTextNode( elem ) ); + + // Convert html into DOM nodes + } else { + tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); + + // Deserialize a standard representation + tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); + wrap = wrapMap[ tag ] || wrapMap._default; + tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; + + // Descend through wrappers to the right content + j = wrap[ 0 ]; + while ( j-- ) { + tmp = tmp.lastChild; + } + + // Support: Android<4.1, PhantomJS<2 + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, tmp.childNodes ); + + // Remember the top-level container + tmp = fragment.firstChild; + + // Ensure the created nodes are orphaned (#12392) + tmp.textContent = ""; + } + } + } + + // Remove wrapper from fragment + fragment.textContent = ""; + + i = 0; + while ( ( elem = nodes[ i++ ] ) ) { + + // Skip elements already in the context collection (trac-4087) + if ( selection && jQuery.inArray( elem, selection ) > -1 ) { + if ( ignored ) { + ignored.push( elem ); + } + continue; + } + + contains = jQuery.contains( elem.ownerDocument, elem ); + + // Append to fragment + tmp = getAll( fragment.appendChild( elem ), "script" ); + + // Preserve script evaluation history + if ( contains ) { + setGlobalEval( tmp ); + } + + // Capture executables + if ( scripts ) { + j = 0; + while ( ( elem = tmp[ j++ ] ) ) { + if ( rscriptType.test( elem.type || "" ) ) { + scripts.push( elem ); + } + } + } + } + + return fragment; +} + + +( function() { + var fragment = document.createDocumentFragment(), + div = fragment.appendChild( document.createElement( "div" ) ), + input = document.createElement( "input" ); + + // Support: Android 4.0-4.3, Safari<=5.1 + // Check state lost if the name is set (#11217) + // Support: Windows Web Apps (WWA) + // `name` and `type` must use .setAttribute for WWA (#14901) + input.setAttribute( "type", "radio" ); + input.setAttribute( "checked", "checked" ); + input.setAttribute( "name", "t" ); + + div.appendChild( input ); + + // Support: Safari<=5.1, Android<4.2 + // Older WebKit doesn't clone checked state correctly in fragments + support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; + + // Support: IE<=11+ + // Make sure textarea (and checkbox) defaultValue is properly cloned + div.innerHTML = ""; + support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; +} )(); + + +var + rkeyEvent = /^key/, + rmouseEvent = /^(?:mouse|pointer|contextmenu|drag|drop)|click/, + rtypenamespace = /^([^.]*)(?:\.(.+)|)/; + +function returnTrue() { + return true; +} + +function returnFalse() { + return false; +} + +// Support: IE9 +// See #13393 for more info +function safeActiveElement() { + try { + return document.activeElement; + } catch ( err ) { } +} + +function on( elem, types, selector, data, fn, one ) { + var origFn, type; + + // Types can be a map of types/handlers + if ( typeof types === "object" ) { + + // ( types-Object, selector, data ) + if ( typeof selector !== "string" ) { + + // ( types-Object, data ) + data = data || selector; + selector = undefined; + } + for ( type in types ) { + on( elem, type, selector, data, types[ type ], one ); + } + return elem; + } + + if ( data == null && fn == null ) { + + // ( types, fn ) + fn = selector; + data = selector = undefined; + } else if ( fn == null ) { + if ( typeof selector === "string" ) { + + // ( types, selector, fn ) + fn = data; + data = undefined; + } else { + + // ( types, data, fn ) + fn = data; + data = selector; + selector = undefined; + } + } + if ( fn === false ) { + fn = returnFalse; + } else if ( !fn ) { + return elem; + } + + if ( one === 1 ) { + origFn = fn; + fn = function( event ) { + + // Can use an empty set, since event contains the info + jQuery().off( event ); + return origFn.apply( this, arguments ); + }; + + // Use same guid so caller can remove using origFn + fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); + } + return elem.each( function() { + jQuery.event.add( this, types, fn, data, selector ); + } ); +} + +/* + * Helper functions for managing events -- not part of the public interface. + * Props to Dean Edwards' addEvent library for many of the ideas. + */ +jQuery.event = { + + global: {}, + + add: function( elem, types, handler, data, selector ) { + + var handleObjIn, eventHandle, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.get( elem ); + + // Don't attach events to noData or text/comment nodes (but allow plain objects) + if ( !elemData ) { + return; + } + + // Caller can pass in an object of custom data in lieu of the handler + if ( handler.handler ) { + handleObjIn = handler; + handler = handleObjIn.handler; + selector = handleObjIn.selector; + } + + // Make sure that the handler has a unique ID, used to find/remove it later + if ( !handler.guid ) { + handler.guid = jQuery.guid++; + } + + // Init the element's event structure and main handler, if this is the first + if ( !( events = elemData.events ) ) { + events = elemData.events = {}; + } + if ( !( eventHandle = elemData.handle ) ) { + eventHandle = elemData.handle = function( e ) { + + // Discard the second event of a jQuery.event.trigger() and + // when an event is called after a page has unloaded + return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? + jQuery.event.dispatch.apply( elem, arguments ) : undefined; + }; + } + + // Handle multiple events separated by a space + types = ( types || "" ).match( rnotwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // There *must* be a type, no attaching namespace-only handlers + if ( !type ) { + continue; + } + + // If event changes its type, use the special event handlers for the changed type + special = jQuery.event.special[ type ] || {}; + + // If selector defined, determine special event api type, otherwise given type + type = ( selector ? special.delegateType : special.bindType ) || type; + + // Update special based on newly reset type + special = jQuery.event.special[ type ] || {}; + + // handleObj is passed to all event handlers + handleObj = jQuery.extend( { + type: type, + origType: origType, + data: data, + handler: handler, + guid: handler.guid, + selector: selector, + needsContext: selector && jQuery.expr.match.needsContext.test( selector ), + namespace: namespaces.join( "." ) + }, handleObjIn ); + + // Init the event handler queue if we're the first + if ( !( handlers = events[ type ] ) ) { + handlers = events[ type ] = []; + handlers.delegateCount = 0; + + // Only use addEventListener if the special events handler returns false + if ( !special.setup || + special.setup.call( elem, data, namespaces, eventHandle ) === false ) { + + if ( elem.addEventListener ) { + elem.addEventListener( type, eventHandle ); + } + } + } + + if ( special.add ) { + special.add.call( elem, handleObj ); + + if ( !handleObj.handler.guid ) { + handleObj.handler.guid = handler.guid; + } + } + + // Add to the element's handler list, delegates in front + if ( selector ) { + handlers.splice( handlers.delegateCount++, 0, handleObj ); + } else { + handlers.push( handleObj ); + } + + // Keep track of which events have ever been used, for event optimization + jQuery.event.global[ type ] = true; + } + + }, + + // Detach an event or set of events from an element + remove: function( elem, types, handler, selector, mappedTypes ) { + + var j, origCount, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); + + if ( !elemData || !( events = elemData.events ) ) { + return; + } + + // Once for each type.namespace in types; type may be omitted + types = ( types || "" ).match( rnotwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // Unbind all events (on this namespace, if provided) for the element + if ( !type ) { + for ( type in events ) { + jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); + } + continue; + } + + special = jQuery.event.special[ type ] || {}; + type = ( selector ? special.delegateType : special.bindType ) || type; + handlers = events[ type ] || []; + tmp = tmp[ 2 ] && + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); + + // Remove matching events + origCount = j = handlers.length; + while ( j-- ) { + handleObj = handlers[ j ]; + + if ( ( mappedTypes || origType === handleObj.origType ) && + ( !handler || handler.guid === handleObj.guid ) && + ( !tmp || tmp.test( handleObj.namespace ) ) && + ( !selector || selector === handleObj.selector || + selector === "**" && handleObj.selector ) ) { + handlers.splice( j, 1 ); + + if ( handleObj.selector ) { + handlers.delegateCount--; + } + if ( special.remove ) { + special.remove.call( elem, handleObj ); + } + } + } + + // Remove generic event handler if we removed something and no more handlers exist + // (avoids potential for endless recursion during removal of special event handlers) + if ( origCount && !handlers.length ) { + if ( !special.teardown || + special.teardown.call( elem, namespaces, elemData.handle ) === false ) { + + jQuery.removeEvent( elem, type, elemData.handle ); + } + + delete events[ type ]; + } + } + + // Remove data and the expando if it's no longer used + if ( jQuery.isEmptyObject( events ) ) { + dataPriv.remove( elem, "handle events" ); + } + }, + + dispatch: function( event ) { + + // Make a writable jQuery.Event from the native event object + event = jQuery.event.fix( event ); + + var i, j, ret, matched, handleObj, + handlerQueue = [], + args = slice.call( arguments ), + handlers = ( dataPriv.get( this, "events" ) || {} )[ event.type ] || [], + special = jQuery.event.special[ event.type ] || {}; + + // Use the fix-ed jQuery.Event rather than the (read-only) native event + args[ 0 ] = event; + event.delegateTarget = this; + + // Call the preDispatch hook for the mapped type, and let it bail if desired + if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { + return; + } + + // Determine handlers + handlerQueue = jQuery.event.handlers.call( this, event, handlers ); + + // Run delegates first; they may want to stop propagation beneath us + i = 0; + while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { + event.currentTarget = matched.elem; + + j = 0; + while ( ( handleObj = matched.handlers[ j++ ] ) && + !event.isImmediatePropagationStopped() ) { + + // Triggered event must either 1) have no namespace, or 2) have namespace(s) + // a subset or equal to those in the bound event (both can have no namespace). + if ( !event.rnamespace || event.rnamespace.test( handleObj.namespace ) ) { + + event.handleObj = handleObj; + event.data = handleObj.data; + + ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || + handleObj.handler ).apply( matched.elem, args ); + + if ( ret !== undefined ) { + if ( ( event.result = ret ) === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + } + } + + // Call the postDispatch hook for the mapped type + if ( special.postDispatch ) { + special.postDispatch.call( this, event ); + } + + return event.result; + }, + + handlers: function( event, handlers ) { + var i, matches, sel, handleObj, + handlerQueue = [], + delegateCount = handlers.delegateCount, + cur = event.target; + + // Support (at least): Chrome, IE9 + // Find delegate handlers + // Black-hole SVG instance trees (#13180) + // + // Support: Firefox<=42+ + // Avoid non-left-click in FF but don't block IE radio events (#3861, gh-2343) + if ( delegateCount && cur.nodeType && + ( event.type !== "click" || isNaN( event.button ) || event.button < 1 ) ) { + + for ( ; cur !== this; cur = cur.parentNode || this ) { + + // Don't check non-elements (#13208) + // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) + if ( cur.nodeType === 1 && ( cur.disabled !== true || event.type !== "click" ) ) { + matches = []; + for ( i = 0; i < delegateCount; i++ ) { + handleObj = handlers[ i ]; + + // Don't conflict with Object.prototype properties (#13203) + sel = handleObj.selector + " "; + + if ( matches[ sel ] === undefined ) { + matches[ sel ] = handleObj.needsContext ? + jQuery( sel, this ).index( cur ) > -1 : + jQuery.find( sel, this, null, [ cur ] ).length; + } + if ( matches[ sel ] ) { + matches.push( handleObj ); + } + } + if ( matches.length ) { + handlerQueue.push( { elem: cur, handlers: matches } ); + } + } + } + } + + // Add the remaining (directly-bound) handlers + if ( delegateCount < handlers.length ) { + handlerQueue.push( { elem: this, handlers: handlers.slice( delegateCount ) } ); + } + + return handlerQueue; + }, + + // Includes some event props shared by KeyEvent and MouseEvent + props: ( "altKey bubbles cancelable ctrlKey currentTarget detail eventPhase " + + "metaKey relatedTarget shiftKey target timeStamp view which" ).split( " " ), + + fixHooks: {}, + + keyHooks: { + props: "char charCode key keyCode".split( " " ), + filter: function( event, original ) { + + // Add which for key events + if ( event.which == null ) { + event.which = original.charCode != null ? original.charCode : original.keyCode; + } + + return event; + } + }, + + mouseHooks: { + props: ( "button buttons clientX clientY offsetX offsetY pageX pageY " + + "screenX screenY toElement" ).split( " " ), + filter: function( event, original ) { + var eventDoc, doc, body, + button = original.button; + + // Calculate pageX/Y if missing and clientX/Y available + if ( event.pageX == null && original.clientX != null ) { + eventDoc = event.target.ownerDocument || document; + doc = eventDoc.documentElement; + body = eventDoc.body; + + event.pageX = original.clientX + + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - + ( doc && doc.clientLeft || body && body.clientLeft || 0 ); + event.pageY = original.clientY + + ( doc && doc.scrollTop || body && body.scrollTop || 0 ) - + ( doc && doc.clientTop || body && body.clientTop || 0 ); + } + + // Add which for click: 1 === left; 2 === middle; 3 === right + // Note: button is not normalized, so don't use it + if ( !event.which && button !== undefined ) { + event.which = ( button & 1 ? 1 : ( button & 2 ? 3 : ( button & 4 ? 2 : 0 ) ) ); + } + + return event; + } + }, + + fix: function( event ) { + if ( event[ jQuery.expando ] ) { + return event; + } + + // Create a writable copy of the event object and normalize some properties + var i, prop, copy, + type = event.type, + originalEvent = event, + fixHook = this.fixHooks[ type ]; + + if ( !fixHook ) { + this.fixHooks[ type ] = fixHook = + rmouseEvent.test( type ) ? this.mouseHooks : + rkeyEvent.test( type ) ? this.keyHooks : + {}; + } + copy = fixHook.props ? this.props.concat( fixHook.props ) : this.props; + + event = new jQuery.Event( originalEvent ); + + i = copy.length; + while ( i-- ) { + prop = copy[ i ]; + event[ prop ] = originalEvent[ prop ]; + } + + // Support: Cordova 2.5 (WebKit) (#13255) + // All events should have a target; Cordova deviceready doesn't + if ( !event.target ) { + event.target = document; + } + + // Support: Safari 6.0+, Chrome<28 + // Target should not be a text node (#504, #13143) + if ( event.target.nodeType === 3 ) { + event.target = event.target.parentNode; + } + + return fixHook.filter ? fixHook.filter( event, originalEvent ) : event; + }, + + special: { + load: { + + // Prevent triggered image.load events from bubbling to window.load + noBubble: true + }, + focus: { + + // Fire native event if possible so blur/focus sequence is correct + trigger: function() { + if ( this !== safeActiveElement() && this.focus ) { + this.focus(); + return false; + } + }, + delegateType: "focusin" + }, + blur: { + trigger: function() { + if ( this === safeActiveElement() && this.blur ) { + this.blur(); + return false; + } + }, + delegateType: "focusout" + }, + click: { + + // For checkbox, fire native event so checked state will be right + trigger: function() { + if ( this.type === "checkbox" && this.click && jQuery.nodeName( this, "input" ) ) { + this.click(); + return false; + } + }, + + // For cross-browser consistency, don't fire native .click() on links + _default: function( event ) { + return jQuery.nodeName( event.target, "a" ); + } + }, + + beforeunload: { + postDispatch: function( event ) { + + // Support: Firefox 20+ + // Firefox doesn't alert if the returnValue field is not set. + if ( event.result !== undefined && event.originalEvent ) { + event.originalEvent.returnValue = event.result; + } + } + } + } +}; + +jQuery.removeEvent = function( elem, type, handle ) { + + // This "if" is needed for plain objects + if ( elem.removeEventListener ) { + elem.removeEventListener( type, handle ); + } +}; + +jQuery.Event = function( src, props ) { + + // Allow instantiation without the 'new' keyword + if ( !( this instanceof jQuery.Event ) ) { + return new jQuery.Event( src, props ); + } + + // Event object + if ( src && src.type ) { + this.originalEvent = src; + this.type = src.type; + + // Events bubbling up the document may have been marked as prevented + // by a handler lower down the tree; reflect the correct value. + this.isDefaultPrevented = src.defaultPrevented || + src.defaultPrevented === undefined && + + // Support: Android<4.0 + src.returnValue === false ? + returnTrue : + returnFalse; + + // Event type + } else { + this.type = src; + } + + // Put explicitly provided properties onto the event object + if ( props ) { + jQuery.extend( this, props ); + } + + // Create a timestamp if incoming event doesn't have one + this.timeStamp = src && src.timeStamp || jQuery.now(); + + // Mark it as fixed + this[ jQuery.expando ] = true; +}; + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + constructor: jQuery.Event, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse, + + preventDefault: function() { + var e = this.originalEvent; + + this.isDefaultPrevented = returnTrue; + + if ( e ) { + e.preventDefault(); + } + }, + stopPropagation: function() { + var e = this.originalEvent; + + this.isPropagationStopped = returnTrue; + + if ( e ) { + e.stopPropagation(); + } + }, + stopImmediatePropagation: function() { + var e = this.originalEvent; + + this.isImmediatePropagationStopped = returnTrue; + + if ( e ) { + e.stopImmediatePropagation(); + } + + this.stopPropagation(); + } +}; + +// Create mouseenter/leave events using mouseover/out and event-time checks +// so that event delegation works in jQuery. +// Do the same for pointerenter/pointerleave and pointerover/pointerout +// +// Support: Safari 7 only +// Safari sends mouseenter too often; see: +// https://code.google.com/p/chromium/issues/detail?id=470258 +// for the description of the bug (it existed in older Chrome versions as well). +jQuery.each( { + mouseenter: "mouseover", + mouseleave: "mouseout", + pointerenter: "pointerover", + pointerleave: "pointerout" +}, function( orig, fix ) { + jQuery.event.special[ orig ] = { + delegateType: fix, + bindType: fix, + + handle: function( event ) { + var ret, + target = this, + related = event.relatedTarget, + handleObj = event.handleObj; + + // For mouseenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { + event.type = handleObj.origType; + ret = handleObj.handler.apply( this, arguments ); + event.type = fix; + } + return ret; + } + }; +} ); + +jQuery.fn.extend( { + on: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn ); + }, + one: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn, 1 ); + }, + off: function( types, selector, fn ) { + var handleObj, type; + if ( types && types.preventDefault && types.handleObj ) { + + // ( event ) dispatched jQuery.Event + handleObj = types.handleObj; + jQuery( types.delegateTarget ).off( + handleObj.namespace ? + handleObj.origType + "." + handleObj.namespace : + handleObj.origType, + handleObj.selector, + handleObj.handler + ); + return this; + } + if ( typeof types === "object" ) { + + // ( types-object [, selector] ) + for ( type in types ) { + this.off( type, selector, types[ type ] ); + } + return this; + } + if ( selector === false || typeof selector === "function" ) { + + // ( types [, fn] ) + fn = selector; + selector = undefined; + } + if ( fn === false ) { + fn = returnFalse; + } + return this.each( function() { + jQuery.event.remove( this, types, fn, selector ); + } ); + } +} ); + + +var + rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi, + + // Support: IE 10-11, Edge 10240+ + // In IE/Edge using regex groups here causes severe slowdowns. + // See https://connect.microsoft.com/IE/feedback/details/1736512/ + rnoInnerhtml = /\s*$/g; + +// Manipulating tables requires a tbody +function manipulationTarget( elem, content ) { + return jQuery.nodeName( elem, "table" ) && + jQuery.nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ? + + elem.getElementsByTagName( "tbody" )[ 0 ] || + elem.appendChild( elem.ownerDocument.createElement( "tbody" ) ) : + elem; +} + +// Replace/restore the type attribute of script elements for safe DOM manipulation +function disableScript( elem ) { + elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; + return elem; +} +function restoreScript( elem ) { + var match = rscriptTypeMasked.exec( elem.type ); + + if ( match ) { + elem.type = match[ 1 ]; + } else { + elem.removeAttribute( "type" ); + } + + return elem; +} + +function cloneCopyEvent( src, dest ) { + var i, l, type, pdataOld, pdataCur, udataOld, udataCur, events; + + if ( dest.nodeType !== 1 ) { + return; + } + + // 1. Copy private data: events, handlers, etc. + if ( dataPriv.hasData( src ) ) { + pdataOld = dataPriv.access( src ); + pdataCur = dataPriv.set( dest, pdataOld ); + events = pdataOld.events; + + if ( events ) { + delete pdataCur.handle; + pdataCur.events = {}; + + for ( type in events ) { + for ( i = 0, l = events[ type ].length; i < l; i++ ) { + jQuery.event.add( dest, type, events[ type ][ i ] ); + } + } + } + } + + // 2. Copy user data + if ( dataUser.hasData( src ) ) { + udataOld = dataUser.access( src ); + udataCur = jQuery.extend( {}, udataOld ); + + dataUser.set( dest, udataCur ); + } +} + +// Fix IE bugs, see support tests +function fixInput( src, dest ) { + var nodeName = dest.nodeName.toLowerCase(); + + // Fails to persist the checked state of a cloned checkbox or radio button. + if ( nodeName === "input" && rcheckableType.test( src.type ) ) { + dest.checked = src.checked; + + // Fails to return the selected option to the default selected state when cloning options + } else if ( nodeName === "input" || nodeName === "textarea" ) { + dest.defaultValue = src.defaultValue; + } +} + +function domManip( collection, args, callback, ignored ) { + + // Flatten any nested arrays + args = concat.apply( [], args ); + + var fragment, first, scripts, hasScripts, node, doc, + i = 0, + l = collection.length, + iNoClone = l - 1, + value = args[ 0 ], + isFunction = jQuery.isFunction( value ); + + // We can't cloneNode fragments that contain checked, in WebKit + if ( isFunction || + ( l > 1 && typeof value === "string" && + !support.checkClone && rchecked.test( value ) ) ) { + return collection.each( function( index ) { + var self = collection.eq( index ); + if ( isFunction ) { + args[ 0 ] = value.call( this, index, self.html() ); + } + domManip( self, args, callback, ignored ); + } ); + } + + if ( l ) { + fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); + first = fragment.firstChild; + + if ( fragment.childNodes.length === 1 ) { + fragment = first; + } + + // Require either new content or an interest in ignored elements to invoke the callback + if ( first || ignored ) { + scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); + hasScripts = scripts.length; + + // Use the original fragment for the last item + // instead of the first because it can end up + // being emptied incorrectly in certain situations (#8070). + for ( ; i < l; i++ ) { + node = fragment; + + if ( i !== iNoClone ) { + node = jQuery.clone( node, true, true ); + + // Keep references to cloned scripts for later restoration + if ( hasScripts ) { + + // Support: Android<4.1, PhantomJS<2 + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( scripts, getAll( node, "script" ) ); + } + } + + callback.call( collection[ i ], node, i ); + } + + if ( hasScripts ) { + doc = scripts[ scripts.length - 1 ].ownerDocument; + + // Reenable scripts + jQuery.map( scripts, restoreScript ); + + // Evaluate executable scripts on first document insertion + for ( i = 0; i < hasScripts; i++ ) { + node = scripts[ i ]; + if ( rscriptType.test( node.type || "" ) && + !dataPriv.access( node, "globalEval" ) && + jQuery.contains( doc, node ) ) { + + if ( node.src ) { + + // Optional AJAX dependency, but won't run scripts if not present + if ( jQuery._evalUrl ) { + jQuery._evalUrl( node.src ); + } + } else { + jQuery.globalEval( node.textContent.replace( rcleanScript, "" ) ); + } + } + } + } + } + } + + return collection; +} + +function remove( elem, selector, keepData ) { + var node, + nodes = selector ? jQuery.filter( selector, elem ) : elem, + i = 0; + + for ( ; ( node = nodes[ i ] ) != null; i++ ) { + if ( !keepData && node.nodeType === 1 ) { + jQuery.cleanData( getAll( node ) ); + } + + if ( node.parentNode ) { + if ( keepData && jQuery.contains( node.ownerDocument, node ) ) { + setGlobalEval( getAll( node, "script" ) ); + } + node.parentNode.removeChild( node ); + } + } + + return elem; +} + +jQuery.extend( { + htmlPrefilter: function( html ) { + return html.replace( rxhtmlTag, "<$1>" ); + }, + + clone: function( elem, dataAndEvents, deepDataAndEvents ) { + var i, l, srcElements, destElements, + clone = elem.cloneNode( true ), + inPage = jQuery.contains( elem.ownerDocument, elem ); + + // Fix IE cloning issues + if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && + !jQuery.isXMLDoc( elem ) ) { + + // We eschew Sizzle here for performance reasons: http://jsperf.com/getall-vs-sizzle/2 + destElements = getAll( clone ); + srcElements = getAll( elem ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + fixInput( srcElements[ i ], destElements[ i ] ); + } + } + + // Copy the events from the original to the clone + if ( dataAndEvents ) { + if ( deepDataAndEvents ) { + srcElements = srcElements || getAll( elem ); + destElements = destElements || getAll( clone ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + cloneCopyEvent( srcElements[ i ], destElements[ i ] ); + } + } else { + cloneCopyEvent( elem, clone ); + } + } + + // Preserve script evaluation history + destElements = getAll( clone, "script" ); + if ( destElements.length > 0 ) { + setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); + } + + // Return the cloned set + return clone; + }, + + cleanData: function( elems ) { + var data, elem, type, + special = jQuery.event.special, + i = 0; + + for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { + if ( acceptData( elem ) ) { + if ( ( data = elem[ dataPriv.expando ] ) ) { + if ( data.events ) { + for ( type in data.events ) { + if ( special[ type ] ) { + jQuery.event.remove( elem, type ); + + // This is a shortcut to avoid jQuery.event.remove's overhead + } else { + jQuery.removeEvent( elem, type, data.handle ); + } + } + } + + // Support: Chrome <= 35-45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataPriv.expando ] = undefined; + } + if ( elem[ dataUser.expando ] ) { + + // Support: Chrome <= 35-45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataUser.expando ] = undefined; + } + } + } + } +} ); + +jQuery.fn.extend( { + + // Keep domManip exposed until 3.0 (gh-2225) + domManip: domManip, + + detach: function( selector ) { + return remove( this, selector, true ); + }, + + remove: function( selector ) { + return remove( this, selector ); + }, + + text: function( value ) { + return access( this, function( value ) { + return value === undefined ? + jQuery.text( this ) : + this.empty().each( function() { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + this.textContent = value; + } + } ); + }, null, value, arguments.length ); + }, + + append: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.appendChild( elem ); + } + } ); + }, + + prepend: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.insertBefore( elem, target.firstChild ); + } + } ); + }, + + before: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this ); + } + } ); + }, + + after: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this.nextSibling ); + } + } ); + }, + + empty: function() { + var elem, + i = 0; + + for ( ; ( elem = this[ i ] ) != null; i++ ) { + if ( elem.nodeType === 1 ) { + + // Prevent memory leaks + jQuery.cleanData( getAll( elem, false ) ); + + // Remove any remaining nodes + elem.textContent = ""; + } + } + + return this; + }, + + clone: function( dataAndEvents, deepDataAndEvents ) { + dataAndEvents = dataAndEvents == null ? false : dataAndEvents; + deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; + + return this.map( function() { + return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); + } ); + }, + + html: function( value ) { + return access( this, function( value ) { + var elem = this[ 0 ] || {}, + i = 0, + l = this.length; + + if ( value === undefined && elem.nodeType === 1 ) { + return elem.innerHTML; + } + + // See if we can take a shortcut and just use innerHTML + if ( typeof value === "string" && !rnoInnerhtml.test( value ) && + !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { + + value = jQuery.htmlPrefilter( value ); + + try { + for ( ; i < l; i++ ) { + elem = this[ i ] || {}; + + // Remove element nodes and prevent memory leaks + if ( elem.nodeType === 1 ) { + jQuery.cleanData( getAll( elem, false ) ); + elem.innerHTML = value; + } + } + + elem = 0; + + // If using innerHTML throws an exception, use the fallback method + } catch ( e ) {} + } + + if ( elem ) { + this.empty().append( value ); + } + }, null, value, arguments.length ); + }, + + replaceWith: function() { + var ignored = []; + + // Make the changes, replacing each non-ignored context element with the new content + return domManip( this, arguments, function( elem ) { + var parent = this.parentNode; + + if ( jQuery.inArray( this, ignored ) < 0 ) { + jQuery.cleanData( getAll( this ) ); + if ( parent ) { + parent.replaceChild( elem, this ); + } + } + + // Force callback invocation + }, ignored ); + } +} ); + +jQuery.each( { + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function( name, original ) { + jQuery.fn[ name ] = function( selector ) { + var elems, + ret = [], + insert = jQuery( selector ), + last = insert.length - 1, + i = 0; + + for ( ; i <= last; i++ ) { + elems = i === last ? this : this.clone( true ); + jQuery( insert[ i ] )[ original ]( elems ); + + // Support: QtWebKit + // .get() because push.apply(_, arraylike) throws + push.apply( ret, elems.get() ); + } + + return this.pushStack( ret ); + }; +} ); + + +var iframe, + elemdisplay = { + + // Support: Firefox + // We have to pre-define these values for FF (#10227) + HTML: "block", + BODY: "block" + }; + +/** + * Retrieve the actual display of a element + * @param {String} name nodeName of the element + * @param {Object} doc Document object + */ + +// Called only from within defaultDisplay +function actualDisplay( name, doc ) { + var elem = jQuery( doc.createElement( name ) ).appendTo( doc.body ), + + display = jQuery.css( elem[ 0 ], "display" ); + + // We don't have any data stored on the element, + // so use "detach" method as fast way to get rid of the element + elem.detach(); + + return display; +} + +/** + * Try to determine the default display value of an element + * @param {String} nodeName + */ +function defaultDisplay( nodeName ) { + var doc = document, + display = elemdisplay[ nodeName ]; + + if ( !display ) { + display = actualDisplay( nodeName, doc ); + + // If the simple way fails, read from inside an iframe + if ( display === "none" || !display ) { + + // Use the already-created iframe if possible + iframe = ( iframe || jQuery( "' + + '" width="1px" height="1px" frameborder="0">' + ); + + $('body').append($iframe); + }); + + // TODO periodically garbage collect expired handlers from window object + return promise; + }; + + oauth3.openWindow = function (url, state, opts) { + var promise = new oauth3.PromiseA(function (resolve, reject) { + var winref; + var tok; + + function cleanup() { + delete window['__oauth3_' + state]; + clearTimeout(tok); + tok = null; + // this is last in case the window self-closes synchronously + // (should never happen, but that's a negotiable implementation detail) + //winref.close(); + } + + window['__oauth3_' + state] = function (params) { + //console.info('[popup] (or window) complete', params); + resolve(params); + cleanup(); + }; + + tok = setTimeout(function () { + var err = new Error("the windowed request did not complete within 3 minutes"); + err.code = "E_TIMEOUT"; + reject(err); + cleanup(); + }, opts.timeout || 3 * 60 * 1000); + + // TODO allow size changes (via directive even) + winref = window.open(url, 'oauth3-login-' + state, 'height=720,width=620'); + if (!winref) { + reject("TODO: open the iframe first and discover oauth3 directives before popup"); + cleanup(); + } + }); + + // TODO periodically garbage collect expired handlers from window object + return promise; + }; + + oauth3.logout = function (providerUri, opts) { + opts = opts || {}; + + // Oauth3.init({ logout: function () {} }); + //return Oauth3.logout(); + + var state = parseInt(Math.random().toString().replace('0.', ''), 10).toString('36'); + var url = providerUri.replace(/\/$/, '') + (opts.providerOauth3Html || '/oauth3.html'); + var redirectUri = opts.redirectUri + || (window.location.protocol + '//' + (window.location.host + window.location.pathname) + 'oauth3.html') + ; + var params = { + // logout=true for all logins/accounts + // logout=app-scoped-login-id for a single login + action: 'logout' + // TODO specify specific accounts / logins to delete from session + , accounts: true + , logins: true + , redirect_uri: redirectUri + , state: state + }; + + //console.log('DEBUG oauth3.logout NIX insertIframe'); + //console.log(url, params.redirect_uri); + //console.log(state); + //console.log(params); // redirect_uri + //console.log(opts); + + if (url === params.redirect_uri) { + return oauth3.PromiseA.resolve(); + } + + url += '#' + oauth3.querystringify(params); + + return oauth3.insertIframe(url, state, opts); + }; + + oauth3.stringifyscope = function (scope) { + if (Array.isArray(scope)) { + scope = scope.join(' '); + } + return scope; + }; + + oauth3.querystringify = function (params) { + var qs = []; + + Object.keys(params).forEach(function (key) { + if ('scope' === key) { + params[key] = oauth3.stringifyscope(params[key]); + } + qs.push(encodeURIComponent(key) + '=' + encodeURIComponent(params[key])); + }); + + return qs.join('&'); + }; + + oauth3.createState = function () { + // TODO mo' betta' random function + // maybe gather some entropy from mouse / keyboard events? + // (probably not, just use webCrypto or be sucky) + return parseInt(Math.random().toString().replace('0.', ''), 10).toString('36'); + }; + + oauth3.normalizeProviderUri = function (providerUri) { + // tested with + // example.com + // example.com/ + // http://example.com + // https://example.com/ + providerUri = providerUri + .replace(/^(https?:\/\/)?/, 'https://') + .replace(/\/?$/, '') + ; + + return providerUri; + }; + + oauth3._discoverHelper = function (providerUri, opts) { + opts = opts || {}; + var state = oauth3.createState(); + var params; + var url; + + params = { + action: 'directives' + , state: state + // TODO this should be configurable (i.e. I want a dev vs production oauth3.html) + , redirect_uri: window.location.protocol + '//' + window.location.host + + window.location.pathname + 'oauth3.html' + }; + + url = providerUri + '/oauth3.html#' + oauth3.querystringify(params); + + return oauth3.insertIframe(url, state, opts).then(function (directives) { + return directives; + }, function (err) { + return oauth3.PromiseA.reject(err); + }); + }; + + oauth3.discover = function (providerUri, opts) { + opts = opts || {}; + + console.log('DEBUG oauth3.discover', providerUri); + console.log(opts); + if (opts.directives) { + return oauth3.PromiseA.resolve(opts.directives); + } + + var promise; + var promise2; + var directives; + var updatedAt; + var fresh; + + providerUri = oauth3.normalizeProviderUri(providerUri); + try { + directives = JSON.parse(localStorage.getItem('oauth3.' + providerUri + '.directives')); + console.log('DEBUG oauth3.discover cache', directives); + updatedAt = localStorage.getItem('oauth3.' + providerUri + '.directives.updated_at'); + console.log('DEBUG oauth3.discover updatedAt', updatedAt); + updatedAt = new Date(updatedAt).valueOf(); + console.log('DEBUG oauth3.discover updatedAt', updatedAt); + } catch(e) { + // ignore + } + + fresh = (Date.now() - updatedAt) < (24 * 60 * 60 * 1000); + + if (directives) { + promise = oauth3.PromiseA.resolve(directives); + + if (fresh) { + //console.log('[local] [fresh directives]', directives); + return promise; + } + } + + promise2 = oauth3._discoverHelper(providerUri, opts).then(function (params) { + console.log('DEBUG oauth3._discoverHelper', params); + var err; + + if (!params.directives) { + err = new Error(params.error_description || "Unknown error when discoving provider '" + providerUri + "'"); + err.code = params.error || "E_UNKNOWN_ERROR"; + return oauth3.PromiseA.reject(err); + } + + try { + directives = JSON.parse(atob(params.directives)); + console.log('DEBUG oauth3._discoverHelper directives', directives); + } catch(e) { + err = new Error(params.error_description || "could not parse directives for provider '" + providerUri + "'"); + err.code = params.error || "E_PARSE_DIRECTIVE"; + return oauth3.PromiseA.reject(err); + } + + if ( + (directives.authorization_dialog && directives.authorization_dialog.url) + || (directives.access_token && directives.access_token.url) + ) { + // TODO lint directives + localStorage.setItem('oauth3.' + providerUri + '.directives', JSON.stringify(directives)); + localStorage.setItem('oauth3.' + providerUri + '.directives.updated_at', new Date().toISOString()); + + return oauth3.PromiseA.resolve(directives); + } else { + // ignore + console.error("the directives provided by '" + providerUri + "' were invalid."); + params.error = params.error || "E_INVALID_DIRECTIVE"; + params.error_description = params.error_description + || "directives did not include authorization_dialog.url"; + err = new Error(params.error_description || "Unknown error when discoving provider '" + providerUri + "'"); + err.code = params.error; + return oauth3.PromiseA.reject(err); + } + }); + + return promise || promise2; + }; + + oauth3.authorizationRedirect = function (providerUri, authorizationRedirect, opts) { + //console.log('[authorizationRedirect]'); + // + // Example Authorization Redirect - from Browser to Consumer API + // (for generating a session securely on your own server) + // + // i.e. GET https://<>.com/api/org.oauth3.consumer/authorization_redirect/<>.com + // + // GET https://myapp.com/api/org.oauth3.consumer/authorization_redirect/`encodeURIComponent('example.com')` + // &scope=`encodeURIComponent('profile.login profile.email')` + // + // (optional) + // &state=`Math.random()` + // &redirect_uri=`encodeURIComponent('https://myapp.com/oauth3.html')` + // + // NOTE: This is not a request sent to the provider, but rather a request sent to the + // consumer (your own API) which then sets some state and redirects. + // This will initiate the `authorization_code` request on your server + // + opts = opts || {}; + + return oauth3.discover(providerUri, opts).then(function (directive) { + if (!directive) { + throw new Error("Developer Error: directive should exist when discovery is successful"); + } + + var scope = opts.scope || directive.authn_scope; + + var state = Math.random().toString().replace(/^0\./, ''); + var params = {}; + var slimProviderUri = encodeURIComponent(providerUri.replace(/^(https?|spdy):\/\//, '')); + + params.state = state; + if (scope) { + params.scope = scope; + } + if (opts.redirectUri) { + // this is really only for debugging + params.redirect_uri = opts.redirectUri; + } + // Note: the type check is necessary because we allow 'true' + // as an automatic mechanism when it isn't necessary to specify + if ('string' !== typeof authorizationRedirect) { + // TODO oauth3.json for self? + authorizationRedirect = 'https://' + window.location.host + + '/api/org.oauth3.consumer/authorization_redirect/:provider_uri'; + } + authorizationRedirect = authorizationRedirect + .replace(/!(provider_uri)/, slimProviderUri) + .replace(/:provider_uri/, slimProviderUri) + .replace(/#{provider_uri}/, slimProviderUri) + .replace(/{{provider_uri}}/, slimProviderUri) + ; + + return oauth3.PromiseA.resolve({ + url: authorizationRedirect + '?' + oauth3.querystringify(params) + , method: 'GET' + , state: state // this becomes browser_state + , params: params // includes scope, final redirect_uri? + }); + }); + }; + + oauth3.authorizationCode = function (/*providerUri, scope, redirectUri, clientId*/) { + // + // Example Authorization Code Request + // (not for use in the browser) + // + // GET https://example.com/api/org.oauth3.provider/authorization_dialog + // ?response_type=code + // &scope=`encodeURIComponent('profile.login profile.email')` + // &state=`Math.random()` + // &client_id=xxxxxxxxxxx + // &redirect_uri=`encodeURIComponent('https://myapp.com/oauth3.html')` + // + // NOTE: `redirect_uri` itself may also contain URI-encoded components + // + // NOTE: This probably shouldn't be done in the browser because the server + // needs to initiate the state. If it is done in a browser, the browser + // should probably request 'state' from the server beforehand + // + + throw new Error("not implemented"); + }; + + oauth3.implicitGrant = function (providerUri, opts) { + //console.log('[implicitGrant]'); + // + // Example Implicit Grant Request + // (for generating a browser-only session, not a session on your server) + // + // GET https://example.com/api/org.oauth3.provider/authorization_dialog + // ?response_type=token + // &scope=`encodeURIComponent('profile.login profile.email')` + // &state=`Math.random()` + // &client_id=xxxxxxxxxxx + // &redirect_uri=`encodeURIComponent('https://myapp.com/oauth3.html')` + // + // NOTE: `redirect_uri` itself may also contain URI-encoded components + // + + opts = opts || {}; + var type = 'authorization_dialog'; + var responseType = 'token'; + + return oauth3.discover(providerUri, opts).then(function (directive) { + var redirectUri = opts.redirectUri; + var scope = opts.scope || directive.authn_scope; + var clientId = opts.appId; + var args = directive[type]; + var uri = args.url; + var state = Math.random().toString().replace(/^0\./, ''); + var params = {}; + var loc; + var result; + + params.state = state; + params.response_type = responseType; + if (scope) { + if (Array.isArray(scope)) { + scope = scope.join(' '); + } + params.scope = scope; + } + if (clientId) { + // In OAuth3 client_id is optional for implicit grant + params.client_id = clientId; + } + if (!redirectUri) { + loc = window.location; + redirectUri = loc.protocol + '//' + loc.host + loc.pathname; + if ('/' !== redirectUri[redirectUri.length - 1]) { + redirectUri += '/'; + } + redirectUri += 'oauth3.html'; + } + params.redirect_uri = redirectUri; + + uri += '?' + oauth3.querystringify(params); + + result = { + url: uri + , state: state + , method: args.method + , query: params + }; + return oauth3.PromiseA.resolve(result); + }); + }; + + oauth3.resourceOwnerPassword = function (providerUri, username, passphrase, opts) { + // + // Example Resource Owner Password Request + // (generally for 1st party and direct-partner mobile apps, and webapps) + // + // POST https://example.com/api/org.oauth3.provider/access_token + // { "grant_type": "password", "client_id": "<>", "scope": "<>" + // , "username": "<>", "password": "password" } + // + opts = opts || {}; + var type = 'access_token'; + var grantType = 'password'; + + return oauth3.discover(providerUri, opts).then(function (directive) { + var scope = opts.scope || directive.authn_scope; + var clientId = opts.appId; + var clientAgreeTos = opts.clientAgreeTos; + var clientUri = opts.clientUri; + var args = directive[type]; + var params = { + "grant_type": grantType + , "username": username + , "password": passphrase + //, "totp": opts.totp + }; + var uri = args.url; + var body; + if (opts.totp) { + params.totp = opts.totp; + } + + if (clientId) { + params.clientId = clientId; + } + if (clientUri) { + params.clientUri = clientUri; + params.clientAgreeTos = clientAgreeTos; + if (!clientAgreeTos) { + throw new Error('Developer Error: missing clientAgreeTos uri'); + } + } + + if (scope) { + if (Array.isArray(scope)) { + scope = scope.join(' '); + } + params.scope = scope; + } + + if ('GET' === args.method.toUpperCase()) { + uri += '?' + oauth3.querystringify(params); + } else { + body = params; + } + + return { + url: uri + , method: args.method + , data: body + }; + }); + }; + + exports.OAUTH3 = oauth3.oauth3 = oauth3.OAUTH3 = oauth3; + exports.oauth3 = exports.OAUTH3; + + if ('undefined' !== typeof module) { + module.exports = oauth3; + } +}('undefined' !== typeof exports ? exports : window)); diff --git a/daplie-scripts/therapy-session.js b/daplie-scripts/therapy-session.js new file mode 100644 index 0000000..e24bb10 --- /dev/null +++ b/daplie-scripts/therapy-session.js @@ -0,0 +1,907 @@ +(function (exports) { + 'use strict'; + + var TherapySession; + var Oauth3 = (exports.OAUTH3 || require('./oauth3')); + + // + // Pure convenience / utility funcs + // + function createSession() { + return { logins: [], accounts: [] }; + } + function removeItem(array, item) { + var i = array.indexOf(item); + + if (-1 !== i) { + array.splice(i, 1); + } + } + + var TLogins = {}; + var TAccounts = {}; + var InternalApi; + var api; + + function create(opts) { + var myInstance = {}; + var conf = { + session: createSession() + , sessionKey: opts.namespace + '.' + opts.sessionKey // 'session' + , cache: opts.cache + , config: opts.config + , usernameMinLength: opts.usernameMinLength + , secretMinLength: opts.secretMinLength + }; + + Object.keys(TherapySession.api).forEach(function (key) { + myInstance[key] = function () { + var args = Array.prototype.slice.call(arguments); + args.unshift(conf); + return TherapySession.api[key].apply(null, args); + }; + }); + + myInstance.getId = TherapySession.getId; + myInstance.openAuthorizationDialog = function () { + // TODO guarantee that this happens assignment happens before initialization? + return (opts.invokeLogin || opts.config.invokeLogin).apply(null, arguments); + }; + myInstance.usernameMinLength = opts.usernameMinLength; + myInstance.secretMinLength = opts.secretMinLength; + myInstance.api = api; + + myInstance._conf = conf; + + return myInstance; + } + + // TODO track and compare granted scopes locally + function save(conf, updates) { + // TODO make sure session.logins[0] is most recent + api.updateSession(conf, updates.login, updates.accounts); + + // TODO should this be done by the LocalApiStorage? + // TODO how to have different accounts selected in different tabs? + localStorage.setItem(conf.sessionKey, JSON.stringify(conf.session)); + return Oauth3.PromiseA.resolve(conf.session); + } + + function restore(conf) { + // Being very careful not to trigger a false onLogin or onLogout via $watch + var storedSession; + + if (conf.session.token) { + return api.sanityCheckAccounts(conf); + // return Oauth3.PromiseA.resolve(conf.session); + } + + storedSession = JSON.parse(localStorage.getItem(conf.sessionKey) || null) || createSession(); + + if (storedSession.token) { + conf.session = storedSession; + return api.sanityCheckAccounts(conf); + //return Oauth3.PromiseA.resolve(conf.session); + } else { + return Oauth3.PromiseA.reject(new Error("No Session")); + } + } + + function destroy(conf) { + conf.session = createSession(); + localStorage.removeItem(conf.sessionKey); + return conf.cache.destroy(conf).then(function (session) { + return session; + }); + } + + function accounts(conf, login) { + return Oauth3.request({ + url: conf.config.apiBaseUri + conf.config.apiPrefix + '/accounts' + , method: 'GET' + , headers: { 'Authorization': 'Bearer ' + login.token } + }).then(function (resp) { + var accounts = resp.data && (resp.data.accounts || resp.data.result || resp.data.results) + || resp.data || { error: { message: "Unknown Error when retrieving accounts" } } + ; + + if (accounts.error) { + console.error("[ERROR] couldn't fetch accounts", accounts); + return Oauth3.PromiseA.reject(new Error("Could not verify login:" + accounts.error.message)); + } + + if (!Array.isArray(accounts)) { + console.error("[Uknown ERROR] couldn't fetch accounts, no proper error", accounts); + // TODO destroy(conf); + return Oauth3.PromiseA.reject(new Error("could not verify login")); // destroy(conf); + } + + return accounts; + }); + } + + // TODO move to LocalApiLogin? + function testLoginAccounts(conf, login) { + // TODO cache this also, but with a shorter shelf life? + return TherapySession.api.accounts(conf, login).then(function (accounts) { + return { login: login, accounts: accounts }; + }, function (err) { + console.error("[Error] couldn't get accounts (might not be linked)"); + console.warn(err); + return { login: login, accounts: [] }; + }); + } + + function logout(conf) { + console.log('DEBUG logout', conf); + return Oauth3.logout(conf.config.providerUri, {}).then(function () { + console.log('DEBUG Oauth3.logout'); + return destroy(conf); + }, function () { + return destroy(conf); + }); + } + + function backgroundLogin(conf, opts) { + opts = opts || {}; + + opts.background = true; + return TherapySession.api.login(conf, opts); + } + + function login(conf, opts) { + console.log('##### DEBUG TherapySession'); + console.log(conf); + console.log(opts); + // this should work first party and third party + var promise; + var providerUri = (opts && opts.providerUri) || conf.config.providerUri; + + opts = opts || {}; + //opts.redirectUri = conf.config.appUri + '/oauth3.html'; + + // TODO note that this must be called on a click event + // otherwise the browser will block the popup + function forceLogin() { + opts.appId = opts.appId || conf.config.appId; + opts.clientUri = opts.clientUri || conf.config.clientUri; + opts.clientAgreeTos = opts.clientAgreeTos || conf.config.clientAgreeTos; + var username = opts.username; + // TODO why is login modifying the opts? + return Oauth3.login(providerUri, opts).then(function (params) { + return TLogins.getLoginFromTokenParams(conf, providerUri, username, params).then(function (login) { + return testLoginAccounts(conf, login).then(function (updates) { + return save(conf, updates); + }); + }); + }); + } + + if (!opts.force) { + promise = restore(conf, opts.scope); + } else { + promise = Oauth3.PromiseA.reject(); + } + + // TODO check for scope in session + return promise.then(function (session) { + if (!session.appScopedId || opts && opts.force) { + return forceLogin(); + } + + var promise = Oauth3.PromiseA.resolve(); + + // TODO check expirey + session.logins.forEach(function (login) { + promise = promise.then(function () { + return testLoginAccounts(conf, login).then(function (updates) { + return save(conf, updates); + }); + }); + }); + + return promise; + }, forceLogin).then(function (session) { + // testLoginAccounts().then(save); + return session; + }); + } + + function requireSession(conf, opts) { + var promise = Oauth3.PromiseA.resolve(opts); + + // TODO create middleware stack + return promise.then(function () { + return TLogins.requireLogin(conf, opts); + }).then(function () { + return TAccounts.requireAccount(conf, opts); + }); + // .then(selectAccount).then(verifyAccount) + } + + function onLogin(conf, _scope, fn) { + // This is better than using a promise.notify + // because the watches will unwatch when the controller is destroyed + _scope.__stsessionshared__ = conf; + _scope.$watch('__stsessionshared__.session', function (newValue, oldValue) { + if (newValue.accountId && oldValue.accountId !== newValue.accountId) { + fn(conf.session); + } + }, true); + } + + function onLogout(conf, _scope, fn) { + _scope.__stsessionshared__ = conf; + _scope.$watch('__stsessionshared__.session', function (newValue, oldValue) { + if (!newValue.accountId && oldValue.accountId) { + fn(null); + } + }, true); + } + + + function getToken(conf, accountId) { + var session = conf.session; + var logins = []; + var login; + accountId = TAccounts.getId(accountId) || accountId; + + // search logins first because we know we're actually + // logged in with said login, y'know? + session.logins.forEach(function (login) { + login.accounts.forEach(function (account) { + if (TAccounts.getId(account) === accountId) { + logins.push(login); + } + }); + }); + + login = logins.sort(function (a, b) { + // b - a // most recent first + return (new Date(b.expiresAt).value || 0) - (new Date(a.expiresAt).value || 0); + })[0]; + + return login && login.token; + } + + // this should be done at every login + // even an existing login may gain new accounts + function addAccountsToSession(conf, login, accounts) { + var now = Date.now(); + + login.accounts = accounts.map(function (account) { + account.addedAt = account.addedAt || now; + return { + id: TAccounts.getId(account) + , addedAt: now + }; + }); + + accounts.forEach(function (newAccount) { + if (!conf.session.accounts.some(function (other, i) { + if (TAccounts.getId(other) === TAccounts.getId(newAccount)) { + conf.session.accounts[i] = newAccount; + return true; + } + })) { + conf.session.accounts.push(newAccount); + } + }); + + conf.session.accounts.sort(function (a, b) { + return b.addedAt - a.addedAt; + }); + } + + // this should be done on login and logout + // an old login may have lost or gained accounts + function pruneAccountsFromSession(conf) { + var session = conf.session; + var accounts = session.accounts.slice(0); + + // remember, you can't modify an array while it's in-loop + // well, you can... but it would be bad! + accounts.forEach(function (account) { + if (!session.logins.some(function (login) { + return login.accounts.some(function (a) { + return TAccounts.getId(a) === TAccounts.getId(account); + }); + })) { + removeItem(session.accounts, account); + } + }); + } + + function refreshCurrentAccount(conf) { + var session = conf.session; + + // select a default session + if (1 === session.accounts.length) { + session.accountId = TAccounts.getId(session.accounts[0]); + session.id = session.accountId; + session.appScopedId = session.accountId; + session.token = session.accountId && api.getToken(conf, session.accountId) || null; + session.userVerifiedAt = session.accounts[0].userVerifiedAt; + return; + } + + if (!session.logins.some(function (account) { + if (session.accountId === TAccounts.getId(account)) { + session.accountId = TAccounts.getId(account); + session.id = session.accountId; + session.appScopedId = session.accountId; + session.token = session.accountId && api.getToken(conf, session.accountId) || null; + session.userVerifiedAt = account.userVerifiedAt; + } + })) { + session.accountId = null; + session.id = null; + session.appScopedId = null; + session.token = null; + session.userVerifiedAt = null; + } + } + + function updateSession(conf, login, accounts) { + var session = conf.session; + + login.addedAt = login.addedAt || Date.now(); + + // sanity check login + if (0 === accounts.length) { + login.selectedAccountId = null; + } + else if (1 === accounts.length) { + login.selectedAccountId = TAccounts.getId(accounts[0]); + } + else if (accounts.length >= 1) { + login.selectedAccountId = null; + } + else { + throw new Error("[SANITY CHECK FAILED] bad account length'"); + } + + api.addAccountsToSession(conf, login, accounts); + + // update login if it exists + // (or add it if it doesn't) + if (!session.logins.some(function (other, i) { + if ((login.loginId && other.loginId === login.loginId) || (other.token === login.token)) { + session.logins[i] = login; + return true; + } + })) { + session.logins.push(login); + } + + api.pruneAccountsFromSession(conf); + + api.refreshCurrentAccount(conf); + + session.logins.sort(function (a, b) { + return b.addedAt - a.addedAt; + }); + } + + function sanityCheckAccounts(conf) { + var promise; + var session = conf.session; + + // XXX this is just a bugfix for previously deployed code + // it probably only affects about 10 users and can be deleted + // at some point in the future (or left as a sanity check) + + if (session.accounts.every(function (account) { + if (account.appScopedId) { + return true; + } + })) { + return Oauth3.PromiseA.resolve(session); + } + + promise = Oauth3.PromiseA.resolve(); + session.logins.forEach(function (login) { + promise = promise.then(function () { + return testLoginAccounts(conf, login).then(function (updates) { + return save(conf, updates); + }); + }); + }); + + return promise.then(function (session) { + return session; + }, function () { + // this is just bad news... + return conf.cache.destroy(conf).then(function () { + window.alert("Sorry, but an error occurred which can only be fixed by logging you out" + + " and refreshing the page.\n\nThis will happen automatically.\n\nIf you get this" + + " message even after the page refreshes, please contact support@betopool.com." + ); + window.location.reload(); + return Oauth3.PromiseA.reject(new Error("A session error occured. You must log out and log back in.")); + }); + }); + } + + // TODO is this more logins or accounts or session? session? + function handleOrphanLogins(conf) { + var promise; + var session = conf.session; + + promise = Oauth3.PromiseA.resolve(); + + if (session.logins.some(function (login) { + return !login.accounts.length; + })) { + if (session.accounts.length > 1) { + throw new Error("[Not Implemented] can't yet attach new social logins when more than one local account is in the session." + + " Please logout and sign back in with your Local Account only. Then attach the other login."); + } + session.logins.forEach(function (login) { + if (!login.accounts.length) { + promise = promise.then(function () { + return TAccounts.attachLoginToAccount(conf, session.accounts[0], login); + }); + } + }); + } + + return promise.then(function () { + return session; + }); + } + + TLogins.getLoginFromTokenParams = function (conf, providerUri, username, params) { + var err; + var accessToken; + var refreshToken; + var expiresAt; + var match; + var data; + var login; + var now = Date.now(); + + if (!params) { + err = new Error("[Developer Error] No params were passed to the token parser"); + err.code = 'E_DEV_ERROR'; + err.uri = 'https://oauth3.org/docs/errors/#E_DEV_ERROR'; + return Oauth3.PromiseA.reject(err); + } + + console.log('[DEBUG] params', params); + + accessToken = (params.oauth3_token || params.oauth3Token || params.jwt || params.access_token || params.accessToken || params.token); + refreshToken = (params.oauth3Refresh || params.oauth3_refresh || params.jwt_refresh || params.refresh_token || params.refreshToken); + + if (!accessToken) { + if (!(params.error || params.error_description)) { + err = new Error("[Server Error] The server did not grant access nor give an error message"); + err.code = "E_SERVER_ERROR"; + err.uri = params.error_uri || ''; + return Oauth3.PromiseA.reject(err); + } + + err = new Error(params.error_description || ": invalid username or secret"); + err.code = params.error || "_access_denied"; + err.uri = params.error_uri || ''; + return Oauth3.PromiseA.reject(err); + } + + // JWT <>.<>.<> + // pass yada.yada.yada + // fail yada yada.yada + // fail y?da.yada.yada + match = accessToken.match(/^[A-Za-z0-9+=_\/\-]+\.([A-Za-z0-9+=_\/\-]+)\.[A-Za-z0-9+=_\/\-]+$/); + if (match) { + try { + data = JSON.parse(atob(match[1])); + } catch(e) { + data = {}; + } + } else { + data = {}; + } + + // TODO support fewer expiry methods + expiresAt = [ + params.expires_at, params.expiresAt, params.expires_in, params.expiresIn, params.expires, data.exp + ].map(function (exp) { + exp = parseInt(exp, 10) || 0; + var year = 365 * 24 * 60 * 60 * 1000; + var min = now - (1 * year); + var max = now + (2 * year); + + // date of expiration, already in ms + if (exp > min && exp < max) { + return exp; + } + // date of expiration in seconds + if (exp > (min / 1000) && exp < (max / 1000)) { + return exp * 1000; + } + // time remaining in seconds + if (exp > 1 && exp < (2 * year)) { + return now + (exp * 1000); + } + }).filter(function (exp) { + return exp; + })[0] || (Date.now() + 1 * 60 * 60 * 1000); + + // TODO drop prefixes everywhere + providerUri = providerUri.replace(/^(https?:\/\/)?(www\.)?/, ''); + login = { + token: accessToken + , refreshToken: refreshToken + , expiresAt: expiresAt + , appScopedId: params.app_scoped_id || params.appScopedId + || data.idx || data.usr || username + || null + , loginId: params.loginId || params.login_id + || data.id || data.usr + , accountId: params.accountId || params.account_id + || data.acx || data.acc + // TODO app_name in oauth3.json "AJ on Facebook" + , comment: data.sub || data.com || + ( + (username && (username + ' via ') || '') + + (providerUri) + ) + , loginType: ('password' === data.grt || username) ? 'localaccount' : null + , providerUri: providerUri + }; + + return Oauth3.PromiseA.resolve(login); + }; + + TLogins.requireLogin = function (conf, opts) { + return restore(conf).then(function (session) { + return session; + }, function (/*err*/) { + + return conf.config.invokeLogin(opts); + }); + }; + + TLogins.create = function (conf, username, type, secret, kdf, mfa) { + // secret is optional (for server-side requirement checking) + // kdf is mandatory ( + return Oauth3.request({ + url: conf.config.apiBaseUri + '/api' + + '/org.oauth3.provider' + + '/logins/' + , method: 'POST' + , data: { + id: username + , type: type + , secret: secret + , kdf: kdf + , mfa: mfa + } + }); + }; + + TLogins.softTestUsername = function (conf, username) { + if ('string' !== typeof username) { + throw new Error("[Developer Error] username should be a string"); + } + + /* + if (!/^[0-9a-z\.\-_]+$/i.test(username)) { + // TODO validate this is true on the server + return new Error("Only alphanumeric characters, '-', '_', and '.' are allowed in usernames."); + } + */ + + if (!/^[^@]+@[^\.]+\.[^\.]+$/i.test(username)) { + // TODO validate this is true on the server + return new Error("You must use an email address."); + } + + if (username.length < conf.usernameMinLength) { + // TODO validate this is true on the server + return new Error('Username too short. Use at least ' + + conf.usernameMinLength + ' characters.'); + } + + return true; + }; + + TLogins.getMeta = function (conf, username) { + // TODO support username as type + var type = null; + + // TODO update backend to /api/promoonlyonline/username/:username? + return Oauth3.request({ + url: conf.config.apiBaseUri + '/api' + + '/org.oauth3.provider' + + '/logins/meta/' + type + '/' + username + , method: 'GET' + }).then(function (resp) { + if (!resp.data.kdf) { + return Oauth3.PromiseA.reject(new Error("metadata for username does not exist")); + } + + return resp.data; + }, function (err) { + if (/does not exist/.test(err.message)) { + return Oauth3.PromiseA.reject(err); + } + + throw err; + }); + }; + + TLogins.meta = function (conf, username, type) { + // TODO support username as type + + // TODO update backend to /api/promoonlyonline/username/:username? + return Oauth3.request({ + url: conf.config.apiBaseUri + '/api' + + '/org.oauth3.provider' + + '/logins/meta/' + type + '/' + username + , method: 'GET' + }).then(function (resp) { + // TODO better check + if (!resp.data.salt) { + return Oauth3.PromiseA.reject(new Error("data for username does not exist")); + } + + return resp.data; + }, function (err) { + if (/does not exist/.test(err.message)) { + return Oauth3.PromiseA.reject(err); + } + + throw err; + }); + }; + + TLogins.hardTestUsername = function (conf, username) { + // TODO support username as type + var type = null; + + // TODO update backend to /api/promoonlyonline/username/:username? + return Oauth3.request({ + url: conf.config.apiBaseUri + '/api' + + '/org.oauth3.provider' + + '/logins/check/' + type + '/' + username + , method: 'GET' + }).then(function (result) { + if (!result.data.exists) { + return Oauth3.PromiseA.reject(new Error("username does not exist")); + } + }, function (err) { + if (/does not exist/.test(err.message)) { + return Oauth3.PromiseA.reject(err); + } + + throw err; + }); + }; + + TAccounts.getId = function (o, p) { + // object + if (!o) { + return null; + } + // prefix + if (!p) { + return o.appScopedId || o.app_scoped_id || o.id || null; + } else { + return o[p + 'AppScopedId'] || o[p + '_app_scoped_id'] || o[p + 'Id'] || o[p + '_id'] || null; + } + }; + + TAccounts.realCreateAccount = function (conf, login) { + return Oauth3.request({ + url: conf.config.apiBaseUri + '/api' + + '/org.oauth3.provider' + + '/accounts' + , method: 'POST' + , data: { account: {} + , logins: [{ + // TODO make appScopedIds even for root app + id: login.appScopedId || login.app_scoped_id || login.loginId || login.login_id || login.id + , token: login.token || login.accessToken || login.accessToken + }] + } + , headers: { + Authorization: 'Bearer ' + login.token + } + }).then(function (resp) { + return resp.data; + }, function (err) { + return Oauth3.PromiseA.reject(err); + }); + }; + + // TODO move to LocalApiLogin ? + TAccounts.attachLoginToAccount = function (conf, account, newLogin) { + var url = conf.config.apiBaseUri + '/api' + + '/org.oauth3.provider' + + '/accounts/' + account.appScopedId + '/logins'; + var token = TherapySession.api.getToken(conf, account); + + return Oauth3.request({ + url: url + , method: 'POST' + , data: { logins: [{ + id: newLogin.appScopedId || newLogin.app_scoped_id || newLogin.loginId || newLogin.login_id || newLogin.id + , token: newLogin.token || newLogin.accessToken || newLogin.access_token + }] } + , headers: { 'Authorization': 'Bearer ' + token } + }).then(function (resp) { + if (!resp.data) { + return Oauth3.PromiseA.reject(new Error("no response when linking login to account")); + } + if (resp.data.error) { + return Oauth3.PromiseA.reject(resp.data.error); + } + + // return nothing + }, function (err) { + console.error('[Error] failed to attach login to account'); + console.warn(err.message); + console.warn(err.stack); + return Oauth3.PromiseA.reject(err); + }); + }; + + TAccounts.requireAccountHelper = function (conf) { + var session = conf.session; + var promise; + var locallogins; + var err; + + if (session.accounts.length) { + return Oauth3.PromiseA.resolve(session); + } + + if (!session.logins.length) { + console.error("doesn't have any logins"); + return Oauth3.PromiseA.reject(new Error("[Developer Error] do not call requireAccount when you have not called requireLogin.")); + } + + locallogins = session.logins.filter(function (login) { + return 'localaccount' === login.loginType; + }); + + if (!locallogins.length) { + console.error("no local accounts"); + err = new Error("Login with your Local Account at least once before linking other accounts."); + err.code = "E_NO_LOCAL_ACCOUNT"; + return Oauth3.PromiseA.reject(err); + } + + // at this point we have a valid locallogin, but still no localaccount + promise = Oauth3.PromiseA.resolve(); + + locallogins.forEach(function (login) { + promise = promise.then(function () { + return TAccounts.realCreateAccount(conf, login).then(function (account) { + login.accounts.push(account); + return save(conf, { login: login, accounts: login.accounts }); + }); + }); + }); + + return promise.then(function (session) { + return session; + }); + }; + + TAccounts.requireAccount = function (conf) { + return TAccounts.requireAccountHelper(conf).then(function () { + return api.handleOrphanLogins(conf); + }); + }; + + // TODO move to LocalApiAccount ? + TAccounts.cloneAccount = function (conf, account) { + // retrieve the most fresh token of all associated logins + var token = TherapySession.api.getToken(conf, account); + var id = TAccounts.getId(account); + // We don't want to modify the original object and end up + // with potentially whole stakes in the local storage session key + account = JSON.parse(JSON.stringify(account)); + + account.token = token; + account.accountId = account.accountId || account.appScopedId || id; + account.appScopedId = account.appScopedId || id; + + return account; + }; + + // TODO check for account and account create if not exists in requireSession + // TODO move to LocalApiAccount ? + TAccounts.selectAccount = function (conf, accountId) { + var session = conf.session; + // needs to return the account with a valid login + var account; + if (!accountId) { + accountId = session.accountId; + } + + if (!session.accounts.some(function (a) { + if (!accountId || accountId === TAccounts.getId(a)) { + account = a; + return true; + } + })) { + account = session.accounts[0]; + } + + if (!account) { + console.error("Developer Error: require session before selecting an account"); + console.error(session); + throw new Error("Developer Error: require session before selecting an account"); + } + + account = TAccounts.cloneAccount(conf, account); + session.accountId = account.accountId; + session.id = account.accountId; + session.appScopedId = account.accountId; + session.token = account.token; + + // XXX really? + conf.account = account; + return account; + }; + + InternalApi = { + accounts: accounts + , login: login + , getToken: getToken + }; + + api = { + save: save + , restore: restore + , checkSession: restore + , destroy: destroy + , require: requireSession + , accounts: accounts + , requireSession: requireSession + , getToken: getToken + , addAccountsToSession: addAccountsToSession + , pruneAccountsFromSession: pruneAccountsFromSession + , refreshCurrentAccount: refreshCurrentAccount + , updateSession: updateSession + , sanityCheckAccounts: sanityCheckAccounts + , handleOrphanLogins: handleOrphanLogins + , validateUsername: TLogins.softTestUsername + , checkUsername: TLogins.hardTestUsername + , getMeta: TLogins.meta + , createLogin: TLogins.create + , login: login + // this is intended for the resourceOwnerPassword strategy + , backgroundLogin: backgroundLogin + , logout: logout + , onLogin: onLogin + , onLogout: onLogout + , requireAccount: TAccounts.requireAccount + , selectAccount: TAccounts.selectAccount // TODO nix this 'un + , account: TAccounts.selectAccount + , testLoginAccounts: testLoginAccounts + , cloneAccount: TAccounts.cloneAccount + //, getId: TAccounts.getId + }; + + TherapySession = { + create: create + , api: api + , getId: TAccounts.getId + }; + + // XXX + // These are underscore prefixed because they aren't official API yet + // I need more time to figure out the proper separation + TherapySession._logins = TLogins; + TherapySession._accounts = TAccounts; + + exports.TherapySession = TherapySession.TherapySession = TherapySession; + + if ('undefined' !== typeof module) { + module.exports = TherapySession; + } +}('undefined' !== typeof exports ? exports : window)); diff --git a/favicon.ico b/favicon.ico new file mode 100755 index 0000000000000000000000000000000000000000..20d61131971fd471dd9448420a8b2782706de5e6 GIT binary patch literal 1150 zcma)5NmCO+6mHg_9H2aS$i?NN-t?v?e?k6&XK(xksgf! z0;a*k4I$93^)^tiEf*mK0`$~MRR@cu-Nds}z*8Y1K|ISvwwZF*N)?CnNN;P&JttIV z?QARS#2-9ocq&k)%bQ`QX5P|RdX$EvK|JX%;0ezeOJtnV%Q2A|#FJ?^KPu$>L&x#?>X@dZEXK87tYGp_4{Gy2wJPfP+54cC>er=bT%u7w!cY z=yYTVv21z-2fP9=_=K^S8|?%4f92shXU-RhX_;Xh@(L0O6<9hRgy&z8GhDXhJA$u+ zCZpqIB~YNLm`q_59b$ky^a)OJqvx?Vd!Mey!+y0hujH>OWXGI&V$ z<1Qng8)12EnC_|LI2rf?T9xLaPHr0Z+OKLo+nQ4dF6$n%bmSn~x*I2aMXV|U!>581 y-XhV~Ce4$4R&<)ZA{2h-0ty*f*GdS4D$n0-2R(6{D%MlDnRu=v;uel>;WbK*Z&wwfaZUU>whse|7Q&dzyV+a zu>aRt03ZO{eexJqtnMct)u@3*s3?X{FA#mos?(EHiB~!|8@P zHSlRJs7(;#_>C{=bF-qE5ypoWCp8a4ibb~`lhZnsG|vfL7aUvoGS2-d*~C|XaoBvh z)O~O54lz6Cpp#=U3+W8~m1Jh8i50Z0*3oy3VuiZ5`2+1iW8vld^?2b-5vInw2r)>+ zBk>4J@ryU{&4p#$YBDZMdxcBDJsA;7G>@f)+)zgBLlWL5hewQPFC~yxlnbk9*X( zX6Nyk%u$KnC?+U9G(y2iD+SyylAV&6#ewy1sMOvYn8_8i!Kynzg}H0 z4auYFzNM=OCc=Iv&ODQ{g6!7A7$%nE6ugJnWBI<~x@AL14_)b-BR2^5j5xS%Z>r!+poCp`hi4>|d z9sS!BL~)07L%H$A45}!FIeVD8mA>Iv+YDVss|8qla@15boMWkFNfWfDcu~V;BRW}Q zHbxiK4@ii6{-TFM8V8~H(`(W90xoPe(J*~^m@1@uv-sR;GZ;fq0&I9AMxQ?Vj%|y) znW!EhuS6QM8RtXJPl!X8!v_!0WPYQz2Kb3pN!J}xCaK2iqm;({?@bivA!C@15rM+7 z&G)j>oszdf@qGAJ>EM)Noqiu=aHZvQ`s%TAQzCI z^t-&7(S%JstVz3stdszdF*a}FnFVMn+jW8TWR%lwK!uh-pLG@1-6E)abeJaJKBS-) zo)b#7F_1DGpAWCn8AB+pkf45{br3o&6pprbhCJ7vMUq;vFqGXt!r|5P&xe}~Ab8v` z{flS%lJlHITsGT`+OO>I@)EiKE2yK$&O{)(z?Sm+<7CQ~JEy!94B#r=rfZL)7-<#T zdZRO4^2)@5yT?)5!`*JS2U~bZ0<`U{OtdT!}rzCDXUY|PH<6d~oBIdw@k*ys* zCd-VfTJkXJm!Zl#%AcV}BvG^-S>jkKVz1S*!!X9UyyjtV*o|Te8+`#P&68*9&;eh> zV61v>QV;fMXYCAaE~+B4q7E=E3TUEs;p78YVYUDE(*1*Q|etMpC*bEv$T^WtPR)u&3=mnqXpc1Z>uUM%F_cf?AUM%{Un{jTEyS{Tuyf>|lssBMH8r z(lKw^ft~6)I_&ZCDnm8bs{JBH+MlTj1WC!4P(GR0_%ISZ)JIF_`Q;hPK37yom=XN4 zaH=;q{au8;lPsuw1q8EJ)iOd`zX(pJ_IHkw72{x^g<`7Ob}ZUfcsjYQG@R$rq)kZv zpqwOru@H+~VJ)V2?V_+5^~E2XfJqi$dPYc z!u6};1!o7$;YRm~I8N9)8EVGJ8seK2T&Zo0`gwfpFh_7HQ1*(<%h7W%^Jc2Vr$&`v zLcMdy#71nJVjuBXLQV1?z45kUb3p*RDk$a*;$ZZ`U%oYltOpF3a(Xp<^+`YwE#TC#TLVlES?7)-kVN6kxX~Q{^V~e;AGN-I zsVK!c&bzlPgMWREEQrJ5g$^2RkIh+uUk2dW%W%`X#tn-GewEs`E=hzpO~m;weWc#F zfKaIO!K7Gix2T6*jgEq;FbY+P3W);*e;{1~&F}@Vmm?0w!zHwl)l=Gd)KHj)o}^y| zn&V3(`0{7>$K>N#7qT;YtclZ86!!>NoNqXV?Wgu6)kVg+j1SzNq6 zs39?@@wJ)mkzROo7H?tuo8}==6J5%5$-l|@Ct@9Nf8lWZcBl!@61%|TNN_REs&R;0 z1t+Vo4j#}gVJ?RUdgt9xij}OY2cXs&#wqfIv7^gXp;`wwEh#OLSE>wg>R5lDY$?R% zx~X*^1LM%D*JirmpBuDvaUVxo8T8=!UR&e|WHJNB3i}}RiddkV_^q6*Wj!zy2}L#! z`@WtPC?>_fy{9v0Ef)W~Vcay?_404FPO;Z$jl*0&tZk*~G-m;qBA01OxK#n)NGpSC zkXJXbl9ZcUCz$4i}$d*3ALQ4?sOb)7cn@`N0 z7(MEWHX%`mg~RN_j*Bcg5!!DV$V%zz2Sq*Mq7{arbD^ZBQvQ&}P*TwD{*8}lYoYMp z9Ay%^y*sH%S6R#?j9C>K_BB~FnTux>wAXJAP1Uz6R=ohF(Vuulg2Z3R- z{oL}A_KKvz-O*-+bUw+c#U}?GooWRi4S9nLI_TL@V#>{T9+!Wgu-r~!-(F{obENUu z#@~d&be*nF^H_{cS?jt~NMAu#uY)%J*J5>nnkuie6+&ztH$f7}jo5N%rscJjC_yLD z%Pf{zbPBF1Am0^wjVE;_P7JkfMEe6Y20BKHUJ_8fAZ-}D@k5YtG8vIApZhAxulthJ zazt($#?^JJ4Y-shRpkKsJ4=jlEobY`VCSYO&J)iVL0WZ}er!qFlU~vZhI?A-I<>ui z0*3g@=)u7Ee${zBrcXc4U9j*>EHMb0Ll;-ay-Fk)b@ z5F=x;?*@S)xdR_=NzpBKRlgpNp>uU@tu7ny1KLL6L|AG5^BwM94L?Uy2n`G7G;~l_ z=p@JiHvp%2WAq22q*PJ&VJ@@$mAx3UIw0 zwwm8%==0ikJf||)kPI{7r7p~r4P?;Y zi?Cwwuwx(FD*;-p5VKK0{wjZUh<~o0W*?rhQhG|$&9vloUm!(lH^RU0nVgUaaG%YA z{QF5K^88O2Rw-L8hAx*-1yDQ0d3ehRULceHR8Jf_>Gwk8?SAcZk#T5}Z|H8pP;T2n z5Cz@+$n3+liVJn;Wmj5&#%JwybF5(yEOZRi$jWVl2+a7C&msDxeoB^9DFGXS1*y=K zxK#dRa>b-%sl5t?mtjL6qL}wxHMWn9YcCA^4rfA1S4O*jP+%l3+yf|K)`~B&mdyzj zAM>5dsp;Aq?-FH%{y`UaWYj3de&E{guy&U zSq(Qgn7z11aCUJ~*Nin6D*O$ZLnx#wwdKN^>p%=c9iBjbNgY!)UCd1z7vhM5;VNjN zI_b!HJFB#nszk0ebH)~HiJz~v5FV{GY4>@qybr6tzaeTFM^Q64fhn0Kz1B)NkYpMy zYQn2Dv@l?a2F-7UStSNdO<}OEp`jdaPJq@tljHo-YTb>79%Y4ddpW2-0Rs(KU>CO4 ziNk|G9esRy+&^K!<>a4=Ung1~FFR1{-axStIjGGrK(UWlEW^x`pXcJ9^vYzQ|>ihW@Kis253o+|;8(8#b9DX8JZcx`lL8+=vF(Q)T0F zp{F^5L`84~pHJ})N47Z~Jk;aF=1()Pd$^YTb~EdhOB7_46wXveC;4(#$g-4GmjE3f^jCfY z>R0)#1}pL2ZaA;cO%mr_s;`6MyWb#4*X3e~ubnHeo8rkyhbWzvgbe#&nYY7R9Y+ne zfk-t+qDXRnQ5IhHoAqAE8i@c;hy(Jf_BJr9;`?MM9^IbvBOMq$N2$TWMAfj!&Pqe- zi6yA#2)e*Mh4iNg#Mr&&DpzrGk_8d`A->sV2ZQ_30U7(7foAz#ND|L~r9v)BeiZaa zfbmbor-~yOg&uxskH-sxWZWA1M}oInpSVVD+9FMm#ZG|dsDMJ!WvB$#BB^?9UWc>n|@l)J}16{3SLj0K_pu-g}pSQ zv@mNGLqy413Co_SI=psLkVgP)8(ri4`RnzZOR%M-`Ao7xf);&55$B+YBeLOq@=-l3 z4=OtsgmuauO|KCwOZZV!jC)sHx^k|dcVrZj*;%h%lQLBTM5@Ij2i)d2F;bnn=2(p1 zAy+i>=!1pJ4J~g>m6EfLmKc17;47GyqZ99>M;{J zRsK2ilwk+YVHF#S8lY^%#7+^8VY2I3_uBOECog37U7kjQh>HQy?ABBywy4+#C#~kD z4zkNSHA5Wq8}Hunr!^|>oiX9a@BlwL<`wh;m2fw?xyTktD&o%!)#GGj(oM1p11Ntg zj?T;B9<5!m>OkZc?l$mk?xdM@C3@HZ-Me3 znfzI3Om6^+j={VwJuGO2TeZCCe%wqKCF-T(K79Lfi_8Mi?k=SE!mAi2N4-<;Se%PR zl2g`80j97gXi!k1M<#6hP2XOw>MgYL3^X< z4e?wH8rjgRA{n#Qm8-3ZdrQ(N^q^;57^~VLI1{Nu19}I9bSFe+$WTMpoiv;BO1w+z zsLSX|XjNp7em;#&frJ_`B8ZtjB%Jn_Y$V_Kih$Rnp@)PH`u#VEq~DaXs0|vdwHryu zJyQ|qP5eP|GO6^i1Ayqpd;7A>@LbLB^6xorxyxI1l}^9$*K;JOaoaaJR!Jf)LI**y zw^)48gHJEY_K;J*2cDLH5zEOfZ0VV+hs;j|){@=1CszKzT-IHgY$RS;2W2A2Vj^YtSX5n*x@0El@ZRO)NK>(02e{V$r6NH-bF4w z`F;=?7`!X%0oEq^N%qq38Rhg>A`yI!*+?WI#j_AT9()GWwfkcnQPQ*{pM7Q20(RI z$pl%24%+3A2^xb%`8w#0k={7&;B0F{#jV@_8y(mB5_Dz{Dk;z zes^!qBwHy0tvMtHqaKcd`29#570MgvEB!#mSrwTB`VpdOXzt4}_;zvRL;KvK-Fd%i&WcfRw=lD`Iaa=LV}4A$k!dYa3$iWM*Fk7dV` zyvX*GU>Z)&2yF9JP^F8ZbQGro!n)bF&_!Cr%HDI>3YI=&3@3^cq9O2u$R$c?@(HE9 zEaVzTG#pLPV5YOn&$37IAT$$aqauD@aunA7zcKoFFk_HdXf#b+JTpc(Y+LjnfX&&2 z9A-GdIM;hr7uvMxNO_j%@qQ{X8KPy=L@M-+4*lW!Vk;?yo92Du>XN&MbEp!$HZKEc z%+9H$Cj77rU4B2xzxgKKPTm?d{Sa=oA0ok?TL}yG$}=H-83ba9K|;3!_4{4*bJspg z!OBT)nrNt|&1M>a7v)c|M@~dU+u7Xs)+L>I`{S~=^NO$N} zV7T9rGi;Xfw49A^2u}W(ZN{SfUy7^FUI4ss_HL8J>3CX*@{R1aZU?Xc+TKk!I?7FH zgFVaa%FuHysBI5ynCk5vz=R7wrHB>(4b_s_M`4!AT1A*DOORnSVXouK?i0hLw6~ zmGkPJu%(HjDEc=nfYoZk3!=DZM?@;AyR*3^lD`^+wnY4m9vt;^9U!6;2Yvv%f+K|# zmz*lNivA@wWEP0TbQv!EN6KsmIvCM98IkrMNZ=?#`6yORnv3ngp*4t5=Y41&!99|fug1T7`ZKvP*!&#fXs)Vas{<(g0H{IMl|H09$oB;(2>p;xiR7t!e3dDsQG;vabjjz_H zaU+9-q;)K7!4)Q#(DWmaG4uvo-J5~)U5ft-EXx$c&z8S6Sj6z+X+LZrwN#-l)|~JI zgB1Q`#aG0sNmz_a5?B7=4mh~qkqtW(pj~d?h{LLk4uL6~`G-!=PShanfq{pLoaR11 zv;0ek*e{npgo7D@IsX?)F>>p+cZ91bQ)p)#TRR*Tp4iH~x4*rEf0CVFMK41;CdJ;1 z37yeoPjB@;MVKmH=r3S^Hiq{6{-vDhX_4sm@CJCsc6$}d5s{@?I*t$uX@g)MYsZ+Y zgjAecF8{SmU@!5 zFeoAHPys`G7XU2`jpIWHfuS;(`1Qy#^84-~zb@?CAS+t1bk?yq%>w@P_)n0Vo_Yxe z!9(K_%MfMd9ton@Ve*>tOXUJXliCv5I4n2HNd*+=kK5U0PQSkR9~QV&V{j3^$)U`7 z6yAkHRJ*)E$1LdM(6x9BL9OU4?8@YPw!5$#rZqOQ=|ZG{0(BSx8?+5BaTS;_mMM33 zh)ERJE`wnJoS_Km@+$4{d5KxTN2P(;sLk zxJ8kMARy(szN%V1o(OD2F{9XxI($%28lY|bU3u=g^=iz~i@z%DsDwZJ88L?`T2P~t zgd17|=Kf-6zm>r3pX0At5ak_jrtTzN2Et@5D(0_e6*YrQM+DkYVkvPTD^?GDv#Ioo zhRKh;<5ubIgt9) ztu`jz-fr|;v)DNg@sgV{HU5n?Yla*RW!X1Of|5Xz7`W?8et*6m%tX>Tvw-`&HFn?y zR`gjkud1|-E-A0{JH2$X0p27jW!YICBSn#^5!>WzjKm&aXLM$`tQ;4S2F>R*TtX4i zFi}a&B*Z$filKvl^n9W}Z(YQJR6ER~O)Lo!P*qu9SFFnH6QUxSar zSZDHJxZzY2LqmNyIZRbwk-gk33Z0Z|DR*RUw zs>F^a3YfX9uIg1&ByNndF_o}b<%B(wvZ#zV@;5nVLPZJl_=y&@Y zVG(Tnf_CR{dPu#z zKq6R->NlFYly^nYo6?~AZ@P?>TS~vh@ZjB-8^N@1FhpqM>gf3e?Ih{Y_-Xv`NxfIK zJT;X4LOb7LB!u%vPyRs2L*5Fwn!60g*wEI?(uTf81GgNm(w-NyL};t1~K5ri(Kui%+$Hth@ex_Bzn;n`4ZnLRLZ8P9&sw7 zh*H|v$`ub~={ki?$H`ziD>6wzUX2TLS~-DWlxIS@XZzbx^AB(aAZY&APt3VE?HIKy zVWyr5Q>yfS>z90p?)Rb0!ohxIAapjMp~s?*E83AI4=MG9)>y9o}B-w5-?--y?{AepYBPZ?lQnQRx1TY}p==Jc$%+pI0IlWB0I z8MfHS<~31?uW&V1k{1+<><!ByRM?8C78;tz6=Jv{#(sjohmdSwJp^r zzfjD%@R4mDm2PomY}KQ#%DE2Wli@cq9_7=psCQM9P;O+>`$oulpa#% z5|VVHw1xA%}hD`Sgy8*g%Oauc|XZU6kwf>XX49~13_?iON zabjH!4`C5>v$_Q~Vo2H?J#{ z`E%Hn4MXfh?&&lW1Kv$F;M501;>m)wb>lJ=U*aOl{!cymD=anno|Z0s`c<|$K|To& z4HAW7VBg(LC(U;|O*Sx5IWu=(Z^>w{rlKrkS>mco7LZELWsMX$O zY$WJq=t8XTAJPKJv{wjq6o1iFLr2LEbPrO|yyAe6Im7f_yQGoF3e2Gd-|lGWon)^z zjSKL&UcOyKGR3OR28!-&9%OD}GbFiGQ3(sA5KnQ|T9YD`7&_`+(DR0I#I87JfoEL7 z{g*1t2J7%f&`&tm2_by+AUYXIBC2ynRkz;Adk!;`$!WBv8Ugd+=%2Lcrw^R72_YB) z%cL+Y64Rc&viMqRW3iCp7e!@m9j7IzBH{5l?RZTmUef48F&)ltd#mbYKNTmm_F^;9pwQ%3X6*bXpnGRHC)gO79#r5q3jF;Qd_9=$=EwZwD`h_N6DVHKbe{!j9 z#so)@2FW63M~2gF9T7MGtIGiEQeTJ9J=8?-A$r9^oeoWbJ5I+tdcWHHt6MH#NS|({T8}j-+lYdqMAt$UAoZ za(o&{08ULef;i>HXhcBN>|%)iHLc=Vk54(%-^Q3ZtrTl|#dOZU7Q)Q8*&84MR%ao9 zW<2!MO8l7eXvFV(cGeNfE`*{2_}P`YLu??Z_SGDCcT|>{tO%=79ES=iw1ab9_8rJS z`N=4qATW%j7qNb8KW1A-r5F=n&kAElM$SRO{HQ1o9y}~fh8`sgr_QQ|a_qNorO+a{ zMtdXRpjlH(8`2ajg%B4_pXWmI68VtJ^vK}SE%+^Tk+q7mVA0C4tIN$)36) zPvED16qa||G8Lqf6``cKG)9fBppZf@;*fOR9@w51BwwrxFIMBwTv=F$)~L`*T+9J# zMiq;9SxLr7<4iy}QGq8F4n3Z3q}Q>^S;SFjLY2>V!u!jO|FLx(9+-usB>D1%i~F?= zYgXUx@xT|oFS5WF5M`+(Qg;E2Bwmh&vp)fh1E=K1{(O1(7@5>`i*~5X$D0gL(h~6?H9(TlOL89`tc$AirQO04wH=rt=+-ogOLyJZg zQYQ7i5bDLhY}WbV?7}E9^y;w|_JbrP{+3<`=@0u({pG5kUjqK9T+wlibiX6sUl&ox z{&mOLoj;<$6&=KOVsoVVO9zr5hMyMOfX%yZ|M>X}%PydwA)TnC@+o~AYau5A_m~etP#)m}(a^_h0OH*1% z6w%Nj>^!3`gHQrDD;)nWL7U5gMH2qC&aQXqEDE0K4;^wVbqCEs8Hm3dyzzc__|s-# zBinFNK^)%(+GW?g@tmjnS3Q47<~H;$FsOl5w6}R}3wKcI;h`ZYclct#*V6kU1-&$N3xcuB7OdfaK z1|~V)E7U`Uzrm2tWt&4_5Y2;s_nBOj;h>{2ZM+ub_pdWRt* zn8hbai2^;d$W-XDL3);Dqv7xy)qE|3Y5wsbPG9%p+^)Nv`1=Zfu+EQDLsG$ zuv$_ZnKTAwJ%E(xbUq2PT|;?OSbm{G0QzIzXvM|n3tof>=6k}&6H!!W?V&{Epf1f% zEt`AyC`$}eX*=HJDr8pb;5e%@;6v6;?OUSBFcFRr;4kwn zlLLh*IIo&>DN047291hE_*030@xCbqvPU$YwS17E+6E#g%1KuBE5ARC{?C-o@fuwl zk80TWZi7NbxT38rAMmy*^&tYbRu%N>gFl1@2e$i|rZ+rv+1W`L&WD9*o!_T7hGoBC zMG)FlD$u&_lIS;wO-g4Igso%hTE4>oT7wZmK(<~5@}~-LJ7!r#t}z|mII2RR(Vd;X z)fcBvipXX}SC}YMp6;BS8Xc}QVu~^tKgd`OV^sDU|6^m#Y-lIxmMm{LB*$*VuZ(*I z)~`ELpbB?0`ZupxLDDL7T08q`cETwof;wgdDh-F&&k$kCC&LsrQj=drVDMp+gwj=z zSDE!DdiKO@;;^+YV$d{ViAf>fMPF?iBIA~#l+$7Ha@9~ambDVj`YcHz5(D){c93Le z)5t2&dHd+Ze}1HAbN-M6RV`GK{ghmZoi9)%a$S;_3v8868q6Vj*?b(NWWp(*2h}_)nz~rwFXfhfcC2J8f(!i zS9ld`237-B^*rBwu>g5L7Q)n5Ri%B2vn39s37ENHhyWPi0;4=M-Y?&FaxFU&qqMYl?QgLZwxb8=841cpFFMHPD}P7|u>ol;lT{*1oB=_aPLV$O1^QQMH`=sto-#>H znIiq337b$E21i#^TI+WM2~6{IX%;jHB!L=9UzG-B6noeCy6qTdUUJ~vn>cP-Cs#$b ztY<;~f+JT+O61G9?rC9z>5hpc+j7PM9YPWU1h_kf+ibZd)H%B-eEdDsic+6k-p8S4XZu6JM8u&XzB?pp$D=U9fDh32Acs4OBJemgEdCv$-B`G4_4|{qPciL)gjkl0PRwU!xZr~SkVEtuNkZ`Rw zBNya1A8v7*Lyl=O>5nFiAv*O}>o5Je1j5f~3KH2=<`gms{}8e)k@YS}%mq8>Hz7nSUMqX;gN=PjuN>p8x! zUCL}1qzyH(bRxnMu3j0JYYya*aqPqS(9xQRc~}~8;+ zkeoL@n<nr_b?b|?oVP4VzfrW%(Pw&p;lDC2D!DiCEVgrSJyPSTAGAU zDXYfGna+*(Xh6+Od0^QUXB=##et#IL9kUdMRk_+(C&qp=_RdnnPzv)d)v9O+TM6|6 z!TFgq!TOS-^Sm>(qnb7=lX%HSWpRtq48LZ`q_RDhbr>ZEARz^A`H9icBVT}r znCFPX@Uop4#F10wSmqo~Vgl;?H#zwT1mFPvZdJA}Bp9_@P#hVSS?p!@)eKQ^h9}xD zdW>+^$Rk(C_uPBoPd9Ou((4h+Kivt3u_htDt*@HC?zF<=1pd(0cTe89Bb0X`_n}6Sa&ZNFX=g( zhgqV)EY;Bv96Ht|@tKwDVA?9oQY)+v-QAI1$QK~QG*(&wM zt(_~};}?^W+NH9B@kbok6k;n|_^Tg|f?}_%NHX-CxWznsf|S^b&b(T+KqDw!nc)lcukdBj`JYO42gj*iZDndPlFSuP){bKOoU_Pb)@|wt4TK+cF_pCtNw~Qz zkh}`RjbaB1(AZJ5!GHi}J#v(f(Yv0*RUry22HLE~|)%Fr_FeFrHY|ROC6cLyfn5pj}^YL>M^qFZ}R_ zRVIi@zS>6>l=cdBB^9vwbg*R$0lvm^b1_nyH(8-~>%XjjA=5Z9C;ekO4R6?SR0KJ! z3NaA&tVB2T`9Fdnxj!tR#+6PnL=oV{dEVSK|BU_$KUIr&4rW1|uY#-?)ufy>^irON z>2r$e6D(B(VDfG6-S|9-(XZWdqDiY*rbI@u2Sni?t6fJ18`vV#kgd%mbqeo~?%hA9 z(>G17XE-@+nlMt$0un=AK^!q}arRoTtS348m^tn+|A|s8xRHCPcMKH<|lz2P} z7F|zk&@8BFr8Z59Le;%_8Na8435uPT14{7@rA+5p^5mM6b)&00@2mEUcU3SGG}EQf zCKX&PZoBZ0`0quHG;$KdIN`GXRq~%ciM@jeq^XJ{1wmXia+y%zm8b=9t2jajoa4ay zWa9q(-{xliizqF!Yb<2>xH{v;`j>G7Q6F5yJgS*2g&Mvr{13>#-l3PE#C~6xAI&~& z6YCC2o$Pe=lz%20+dSlDnc~EG(K4Hd;ybsbgXXPP%AolnN~F9YE9;Vant?@Ptq)>= z;W(wNQ(ewICncSr(iq8dTntI=(Y*uXRXz>oIMt-kWwBosf3}q)RvW<=C;+i$)@{Ro?nQzCHI23d4z5q)8Y zBP$RWGo?EJ)+E4p=Mk`KA_bH%6ngdV74+%mp_b#5Bf272^L!lgtY;+{Xe|iDETmqn zkE!Q2lZ>#Zth*8xlnm8x*oLy!AihFbIM`!E{r_~mtJ9v0!d^i4c1hK~GI=B&*0ExV zUL3!C#2L;Wr$!XbpzgsB^|@9!O=ktcMfGPZ#Q$Df3~=b7-7hAusZ6O#(Jjz~B|9Nv zEUE-i9#)Y@LJJCFzB(#0(ZUn5qdDn{vAO09;jw=x(_o+B(09`Dboe9)cexfFh$V3p z8g~>uvq7Z2X<#VKaIM=ix@Ajopn!UPw|`{ca?GZ#%ZT?IfBCp;NB3RcTBh-TDG?70 zLLh{XHAM4u4I=brHBlRdw_-SP;$6bt&*Wx?4^b`aSXa7cjVjTOXNl%UWj~yujVCHb zItLiea)r7rh=$3-q^Hi7!DWyCfwyiUhr3R38C$2!W#3Ik+gU4T4(WzKq!Z6OL@|QTvT0EC`cr{UEp`)d{^V%Uum@p;z1wJ0Q8ZcSsnO($az$v&RtW+s6rroUNq%QY zq$HQbaGi`e{~DI7_24!ihGuI?uV4}?+3cn5!nb=zYG1MqaXei6dp5h@^wBR$w$&4kwy>isev|UHX`v!) zNJAct@bNO{eM#1BXN-ti?S`)NY~P65*W~0u1vYe%?_g?*<9PJi@TUY}z zzi~=8FJ69#g-DTD-%i;C%0 zH=5tuK99qOk24HWds6Gvqo>)3IN@haZUuuOb9Pg8@7P}PZ1%K1w`noWS-cRuT2B7y z5Cy88t4c=RO*XQO^g7FI<|485GiYplp*Lv}^}j_^q!0Ax<^+DkeW{Ys@KjBVdGd-p z!$LT_W_9^6jHq^Hk8uqZ`sQ!XZZkCw<(d}13p<1Xf}?Hca?Rh0arV_Sp?pM zi*Dc8EO-#w$6K*;sn^>S29+^o9jO7$?WrH*&T7@{4apa@(q7a}P8p|)hxDrD4k?l(*Md;f=1~}0#+(U4K&a=DgTL)O5vfe$p>8;mbC05No3yq_F1a+QSEk2p(xc%TMtAZUcIV(ut<&Vhkq3%J z5=rUt74|atvrzz9;#3A0DIt4;mm&DWq6t!=PUDbc;YS}E(s5p{PPE9n(BG9i`O^jF z6>l}=H+1?{!+&G;VTo@uWi?dG=fj?dWf-OCE}F8BPj>|&t#e-1oa=3 z7~9^4RI7Z07kYE^r4GV+WT!;R#*V|FLq)Ffa;+<{N>PsDKQ(RdYc#32v8xAg^eTq{ zH; z=QxLTI7qt#&CM*+EIMru;f(pQds(?WQRkXpU@+)JrRqPN>P@oC;+0?&*@8=!&Sr$+ zK%`FJk3Hh2ly&$LgXRUk-k+2hZvjbM7aT*k2H7@)nTFVfyp97urrKQ#i=34N6@=1L z#ELNCiD7`Z6?|GQ))e&203nwtoUdmxmw1y}VIsYs~ba@)bZDb$vT>H^N zd$xOfHX*a>X{08W<~Cwq~cGDcVoW z?0-T1axN|({VcACJhkqk#G#_r zxphWikMT$!zuHaKFK@`u<22sX7#{8?K zj5{~Ldk&|ACGU7NGsQCfmip@K-;i_z-cGKb?b?=~4&s!VyB#7+n}v>!ws-b6KQ!&3 z>O1df>Im4_aKH(tT=mtax^6M7TG<1U8V;`Mk&ECcRB@55zpZ~kK%mtUK%7(KDhf>@ zQrFRs%DQd2X22C`oRaO(Q*kaVtY;OWQyR4%0M5NR^>gl&TB$=w;hz)0uvPr~#XIEn zv_KdtbSLr2#EYE(dygZO%Z-X|_X}7yTUOo+-y=o|v~VptnH^jo6wh%sZfBR2Ml*_b zn4A4y04YG$zaXYFLHL#>q0yJ$@&Ri=Al50TGR!DVFeTo?{FGTQ1M3#xZblbkW#-cLcR1jP~ak@w?T%O;NvDBJd z2TkA%)l(|G?#q=4+cBuo=?Z@~bAbQ%aI$fE#$oz4tWU|2oJ4LW$8V^|2UtxhZoVN2 zyzH-hL4^h$3r~b*u|FnIt(D+Fk$uqQz$oiievtrPGG)uQV%K-QT327Ndx^!OvLj1D z^^dOOq1kCu{!zdnH=A+atEeYCJ;d1dNc>^~0Pn>jSM}AG;4O$0;4%l0Rg4B&`HG=z zpsp?3W+;KD0~94diRsET&dt&p46~RDOEZ(9W(APWFdxiON4GzG#{F2E_GxD{gy51b zFmkPwzM@ee1s$q2os=2tjCi$V(W5o|knZIf27wJ>lda9Wq+Y~ko)h`*6c-r z#t0o;)H-fCz-4CRvHZd9pZc>y(1^$ZXv`tG2H4lVnRf(&K{s>^W5IwLN=_0e>To8a zh5lp7X9;#Uj*x68c#r_AEC=?((51OT3Eo&h5!FsYGZ$0JAHUpmd~Y}tceaTT724gy z2y1gbf|h1kf9g&N&}C~LBU+%cKUOw*f(j&3XTqGhMuEAYrHG$IUjCB5l8Jn0 zy|aJ;JCsNQ>gP-;-)kaXB?rAkEGG!m+N_oZu=I7}h=*M-SYo1fiN}C^Ns#I25j^7m zhI9#61}_3yQQXgGqO&Pv60o;jDO9Vx>au$hLQ8)^AEhrEDY;Io`F;Vk=MLGYVy8nF z`4n3z5wG$Nv&WXabRbyiDvBAzS#s^D+K2`3u>jwTuuJ$;)z$u9!0>gPtQq^f@M_I_ z?3D^TAv9>4x#$$OGG85>2}Xw0ul`sNOc?u#mCc6mW5AbNEa<)4P{P6Vtbo{jOcYm|WlD3B>HX z@_;J^FwrPR)+w}4oVSMZaP#RgvXaVR-u=-+B0r*bE5darWh4VNN!7HfT@8~(VWFz7 zO8&9oh+EEPTXd5d0CS+&+7#;#nKvs;GnrLV{$8lBNjzkhMzhibtZrwIL{CxT9IFLl zn?7?XNc(#&Tt{WPctUrTQ-PrF7x0q=;5>C+M#+?0i+=t9oy`F?LP@1(lOYgN@aUPT zyA>r@Fo>dosXzvb`WvHscsGElv!sQ^DFy->i$fPXt6T5CW1X4rns6E0T3f6U2r#&3v*jqQMl40SWwFAboRC zECeU9Scw4V8Y=X%_JofRmL`oi(ZnfvDrym}IU@_SMk3x-@}x(_1PblMu#6^)b*gv; z3yBIGfd@b!y#t>_7;~IuNUNWI@Ewveg#8=_a`}z2vyRdgt*)#22WTs2PVcT5ieiGd z5Sk0f6bG?)wr|ggvs8&e$daU>1`<$UVMoEc99z6VUI{qq8D*6eidFzM!{QeYa2<+4 zzSL1c{~BQE0j}Z!1XkxGu=9n=pf>x3+S#&pWICDPM1ZKfho9X&52Y(Nv7da}pX4?U zU9y&0Dv-`%b8$B&CJm7**HD^SOn;5+f#|ge0AOS-2oQ|p5Ed0kzLVhLpyhZ6_w0z( zfC=NZRTPwf(A9`h3fLuC6Qe2<1(X({J{bfut>m8IW()*VZv>MK+khujDf^2#?C}xo zab7w|d^8CL!!62p{jc7(=6rGe@6L)sz%jAe9Cct)z%X6WZ*OZg#N^sM$N1xUUCJ}G4qB)mZJzki?SqM4G6`KM8Z%8$22hIQiVP{%R z4L5g6_(ryhvlL5yXvMsg^YKY)LWGO@=@BiGnOj_hnxH+~7uBMHy5!yYW<_uTH1GeW zmVV&cjeJ0m>lA|8zsFrXl%_5{WHDoGtDaw{XMmOwL?b`hWL#&e5b zppz53?aG-a*`Jq>Vj*ahsj1i8O0(4i@_{D`1E)AKETH{FtO+zCLUh>#3WT)&P(Ew? zEGr!835zHs$X8Xa&O8atpD(W`eGOBNUIBBSd|uwZeTyEY%n|K%pP&3GOf?je#lm~sxk?I8f9A?B zza{XB_u5v|Rg8E6kL2CCuGdUv_dy;&*icnjdQnVpG_x#m?XZISU6}kScwK)rb4-ID z8JVET$gA-t9mcKp<-?S)rVERb(G2z2AUr8B)TApJ26qLIT0Q~s$jeZu1 z2LPSIg9hI4Ju!5o(`Kd;gm3AgZJvn|aiO0J+v?h_Hd9@vn`tSKX@pIP#@Gj0;}iPm zeD#N}T;ieeeeh|XZ4HEXDqBKNQRqO55T8wQZ5}<-`9eJluR{(1$RLW`!n7Q$(znO~E(JiX?TBHg-6$5dJ2R zy9ps#$E2WBwpPWnyhT_-Dc=Hoe6@>9veVow3&dDIA!@|p3;@M{_P+>?+B5~$9z6q2 zd!Rtzz+>)>{p3I=9}ZdH5ugCwts1av95)~!1Rv$qzMMT^FBo|7%w?cEKo*xR)|8ZHlTfl-5`MiLaPejphP>U zA{vV!ki{Pk2XpJ)Q`f`A%r?U61gU_dOo28}y9Q=9PVd;L)eM#BVWgr|76y2m!ig3m zwli}c8TdYHn&n5}k+Ar=EkUP-?dHoMcx*c(5%Y4|iUjENSHWX_JSVdX@NvG?!9T-L zvV7j!=@X(vEL$a0kSFxhof%BRQwzI!QC-O07_k_f`Jr25m;Wt^bW$0PowCe`TprIW z=8zyncwCYK0&7-Pj8Z6Sl|X6f3<~2(w3w#KeT^}rFkBFrq1=bDECTu7ek2DLP$Y~5z{)XVfDjaD%-q`&z^hO-)%nX> zqXG;v7-*=U9u%a?;C{7x+xaXBC~wGQX8+Xi07^CwB?(uk^kfjjB83-K$I$=vsy378 zLK6hV449R22K{H~Z#&~#%4B!F=Si?u| zUr670duU{57H8^;X>q1KTzRfTfnJ+20fwKzQpg1yMilq3#LY`&m5!CgP$&*jl2Y%0 z1_s;+Y8(7dSF!!aZXhgdh&3Bnn-kcY^aL8BRZ=j1btKlt#Lro)4EL+1J<;4WuV0sC zw-@-GZ1g8=>FTb*Dk!J=zy{an6b~6Q9n-Iqi}`%)hqTzbPMFsw=oaS}J8;?8Cb3eRqW#-W46 z1Z`}JW}2j|S!tOivVjw|FE>XIgVC*!pkbs&;+mdOG4$h{rl8nEX35|s2=SsT4??SC zFGyj2zyaLMwlD;e!fnII4BZ6-qJc1#kQ$f`!e+yz>A9ugV5F(=g2zXWrp9bVU17qA zWpmNNBcs$P>xd`^*1Sz_Y&!$R)V+yd2nkSBw$5kcXocw}x~3wPK>0V-X;b0M1K6H( zM?P?F!8>UHjqyhYDrOoSZE<3Yqp`GV0UNPMp=)A^s&@*$mfa|})$v);9@3*CG2gDY zNGl%7(FiVnMHdaI7X}-B(8O9EiIyST9B+3ha)c-eMd>ocO36z0TAfQ4a9M1RP9Idjo)L?5t6Fqk)0d??; zwsa0gK)!Xft_PeC2JQ`lRFt%vINcwJvyXqkLJJUxQ{72~%*0vS2sWJ}!*m2ZNMl-|TNA>6_QQ~d z@i?jZV>O{A+8C1w$rmm!={_!}!w#2Q3l4z~e^=2VSWh}-@CpeiD8l2}&+6tv43fsL z_70AY490m#_8a=#6itvlq>g~j7d=SMECO`piQ zPB((%$OAGGhhD;5L>3Ztgpex|<3L8N5M!1~Yp@{2L;I8u>Z7h=U-?{#zwqv-^<)Pm zrELw!M?9Ay8w&^CidWHA@Dou+AfK~52xNWkfc_*w(j|r`QJ#^z{g5*h%JV#t-=ozs zb{${gXMT*r-|dDVVCKc9+E+7Ospp>rADaEilpE4WCi^)e6Ptl!7>WLn&7ztQHn#EL zJlc-}rq7?D9f{0MqM{M9%PJ!sjfYoagN|H)D+Jgrg4Avy9hK(>fI3c7U_TT`YZ$@O zaEM+lVqQ)!UhGgPnP}5;Igsccs$BYNwht%GjD-z_ zyGu*7=RT@1U&tzs$K+Zs%&zf2(R-O-E*fJ1>1SlF*yO8An zE&aoCaX&Pk)h8p@>>QIruI&Da&I2%OW;tdn)QZOeuX|8Tj#Gqlk%b^lb3Ee$xRqXo z!Iq08^1~#a_60#t7183(e;4g_5Fj1AeuCQ+;L|{;{C?W~TrA_<8qKkZ&Zqq3C1Co! zWa;}cicw}h7-WRK^t|3H3vcfwvF>ColviM>z_A3j5`4EM5(#PnUpV(oG*_sYaU}YH z*Ij9D^@LM~hQB-Q5eALa-w`v!DagW3vn|5-Oaq7sgB+0(+zm+Wj$O%BVU2TanuEBK zmmSc5jbk;&23z>^cWN5KDwb|>7IEZ1 zg{Y1tnYVD>>a0jJpzY>`L?R3VvDqsb$hL64)m^vSZ(nd5{$SH06i`p#$h~lm023?A z@GKK#4-gCyN7Rj?W?S%^Kn*6wZeO-u5eYZ96!8CDc4XC+of2_@=9jD<@(=HjpF4G|&W!NA zFdr|IEfI?k<+;Mqp)>~T8LMF5hp45kfm`y0x}unjQkwRD(!{gTlw6r0NaI6(dA$h8 z3-%x*3MhHF5T~_W4r#jDFwo{%(&l6_s5-Pzs6&K^%~zT>Fvl98gNRzbaf#0JRKMuR zRO2;`3WuR2FB4P*q}*CMUMCLlDKgC%>X~Q`6c(!`V(U_{1^hWiq)mb*ktzS~dVn^GN2Vo6xl29CeVDkx zc1d%ax;AX(KWH2`%oh?Q+joPIRkTxti$dKefs_)(2rL`zWs{wm(rlm{UB|egDE7>x z*xxjfk=^0oZXLVmG15O_u4`(0n_mT^=!c{Zr6Eo} zgc(X*aV{8-Nk~HQcT%-EMHj~4pww#F*Gwl4%_>>MrkE%2Yrf{AD|YWarQ4n&7`Nqx zY*Hyy7C%2fkfBaWCO)Fh({p8KzEyoUowyKfzL5QhCo7SJ_U~w?m>9RHu1cym}FS^A-^_^97zATT>c6)zhU3s!Q$R8 zuRgHX$E|?V>ie_dz)9cg{{vWi_)`u$Iaj1!4RXWq^8MjBL`I}x7_L~F_<{!QA5@dt z(vX78F48hR`?G`INEnb$7;}|G_zeJbj`r%B(HOi);|Fqj@Pg=0mVKv))pqfJtztO_ z_ym|dm^^M_N8HjJ8R1OfPvo9i*$)>eLx3@?$2!O3atwI~r^sv7aU37L6J`2^kP$=@ zEGl($jLeyJjXWS=`T)Azea;1?GF@}>5hRq6AtX19oJ2~QQpr%j6N27+iUlL9F3$>8 z=^LW1|I#L*mBPToM~SnJavDPFyg&|MXLE)bV^Y|g8zMQKm7Tkl-wMn`_sfv715$}{ z`3LoLrnW8u;lWsC7^qe*|Fb`gn#zu=RER5-aPJhDtQ{lsNj}Eg+4XDOY+=c^p$-Vh zO8u2f$6)gXL2c0(T?1>Mp&_jDvIxLn%Av2}9ko(sxhg+J2OcDDP}Z7SHXv z&(>J1SEkC89x9;Vw1xjv3K}qBE*oh)x0?}gZUdn*!vx_B%1l+-^lJrAR0X&;Bb88~ z8xhB@u<7X9feO`|EW5K#`n9wf5IH;Ke02tgdFg*fM8~Ixx~f>ro)v{K=`zeyQPC`F zko~P8jSrysI|(BWoAIqL?X+phB%v2^P^D2tw0g`d3f&<*@|NnsZW&`0?-c~#i^G=v zT?PdKC8g!>m8et74C`U?@?DwH0Yx&(pJ+#D$CPT&imriKbZIi(IoTjiQRK<>$Z&50 z(rap@aa@(FeewAQgEha@Q;v?ap(&RlO0tQiGhKs*92_tSP0xY=u;BF~_8Zr=z-E2L z2=pncgHi-~n%#G3463R0r;N?G*GfZy7tDd0N5WuhBU~yxFQhjqI`t|Y%aUiLVC^*` zEO(I)Ruosq09$<#uDe7L5+!)ha2b^YjbTuUDs=eYQ-wxV1wl`#isT2%eL2sCo+>cD zfgQ1c0IAazC`oZd7YrUXcXjfH_p*5hV<+_FA^)@)A1L2As2b9r1na;edF=RnRMt_b z5-i@`c$rBj#a&CpNGD=2lhwqnh+Huf2d#gRaOP9+x0v&|Ht!pNT7bM(LtdR@~)YsPu)WVApfDkoKFl~;$@)m9A zm`^UH9Plb_+%JY_N0`l|5SZw=AUoa9Suj(YW|If2ojNfy@0@}$z3-yM^QXpM@X zP$rC4uoJ;nTO8)!01?X86;=Mq$h46$4I7xdlUA_dfG4uUYgM!hv+FNBqu`B8dYvkS z@z_)%@YPWvpJXdpOxjtuhd39)`<1azWdNuTZ%` zn~(IbjM*7v&)#3LU?>?WSLg18ly);AU)#KrbR(h$iR_-pXgABFf50z7y6?ib>xPuk zG9ZUC`!dZYmt_i3heJjput>drUbY4UIJMUs@?d|=Tm#zJm{X&aaF7ICd2mPaG}j;$ z5wNdo@lbH?Toc%fLV)RFft+$Moz>*!1Y#8yqcYqTg^f^#XJ+hQW3g;0%+z!mx0V^@ z^$+n)NRJ&qiUX2AAa_W)1y5h2=vbg)aZ$Av(SD_~5I_w0Ny4o(QZ1w8^IH9@P4 zFyawYLbJ7kDahg%F&zy|l!5@kF{nq)GF1uYebk|sq+G5c065?8U7?{Qv&n&1@<5O$ z_{j}%waYJJp<%pujAnUAJ9r2s>(TfGwIt!v;8YnhXj&$HY61**nwQCc?fK77ZYJeZv5j;ee^GEI^xi10FDpkG|-U9=p zMDFbcXb&nBlrCyLbeBu274yTgh|&}j7M8%afNBiGiCZ~ZmQ^F$_+#0@(n2>LoqvH>BSMfDHlUse4Q4pD#oRd1@hlat}_yMga4Vic$th7!TB zq$nkB(L{Sy^Or&R8m8W!Q*vAx)iX0DN+TFTA*<*E0{Xn^Nk-_DWEWiS6Qqx{*sg*i z5a{eN)vR}gbjBMl(RU(dE?c}&W~Pb_})3W9(GYt<32P*Fs3I0+FYhwp@*V8D_aS(d(|;wex?mM>-{IEmOkh_tcT zk2FA2VGZLU*SvHhj!5B0d9%e`yZ}@<@Nnw`nAkHiO0*FJ#couZFSRsJPE;e21Vu8} z`!1yD;27(`qJW);p(HMWNFT>cJ7s@ME?Ra*v-|WYcpuGffgB$pF#r_)2`3KWC23PD*Rn<$0G?^gU40gfzNW9%^nj1{7t zY5&Wtss_wb;^#>CqIqK-sfJ3aX3mw3Sc>wS?juJ>Y;V^z^niO{C-Yco$i6#6fUKhO z2-79ZEpF`Xjm<4M{gGtDXToenI)|d^ORQl&H-Pz|T65uwU250}bS=W0l~H+AcWgbIIo zW?UBK21Jz=WG|YI<{)N|M=6;ktn{;rG5ktc+EzI^Y3`kV>8FKnjSp}+u#HGm(MVG$RE{~MS zaf~>=%#Q}T_Mbu$t^Gl?L=+IrhmwSxQ3*_}Odyz~%&Da6QW8DeXL-LpTp$zz-Z`cW zWlLSPfUc&AX2ZH9PF7$bAiTO|*dD0Lw~Ks1-V{7wdVULnaH1&9iv876_)Yj`XdgE)U#>`WGGs?Qd_ zO3}yiOqxgyqM>nZNWbbO;&XV^(g=58Gf5jFq&L37h~OV=3sDnB!01rxE;R6pP--f& za3AAi0=dF$yxBM`RppiV)?O;jU?+`q5g(6Cs}u}L4RA9t>q;$XNw5_W@A0S#MTUBV zz32=@v+0f9cz?r&j4|29!0wX4XEpiz2E<6J1%t$iG%8^@86|)WZ`pF6@^u$b7}SmN z;7U__f$w0kr*qPts5XgBe~lmEktA#zCEITH%h*DnkODyz+i;D85ur3s1`xa|y>pKc ztEYJCyuQ3BS>U9~^Z|z3r!igIAxNT)Gf5D93gBZ%QYA8zgYZ*t|DrH{jZ+(o1NBJ^ z#UV;}U%NR*>zE=N2?;jD1XM@esshO!KG7d8>n?pQSU6iFu46NxRaA+&ldb?ykDsjo zfUMI-D}!Z)U7sTxc#!%@M8^r(F8mcdDU?z$_)~ceBX~q$EZf&f0G2QPgn6wt#)94{ z69z}ggWCrq5oP1u)SUA#$)#^<%gSG%sjJ( zo+wNuT0)aUG$cw`fq+k#l^R<81fG-x0mPH|L+MUOo)a6daig?|RnqJ;E!|cWq@g?{ z#Wef4)7^mcn~n4V@!_raE-Kxxyq%sl_W|+D8~X@IaiA74K6E0p9w9xJ4mO1U4#|Ab z{=Awl7-(=tNT3rUrRzQ%DuFK{cPZkdKpLvYLuDGiNHbKSCh{1O1;wfT^S_Q?kOzU# zEeAvcp2@jWDa;y1-y|2VI%NB&k!h4dxc|^G?XOM z>BDc`(T0i)-Jvv#c{oax!^#P3T_@rG6JD4SFXHxrc*oR1{~~6t5N;tBv0EV3fgIdc zxY^iQ1(1lPkjGJ!#8IhWpgLmRgY`yClndz5POQrgTN-d=%6~=21GY5r_ePlXzC(t% z`DAGp1<0NGvFNLfyoQ56KaK1k#RQ{AM2&uTfpX+<^nijXPUw(ENz?MfLzQ#rtg@9L zfF_Im6Pw${yaz1thK(KwrupuBwZfU2*{u*+aTMqUVrO$p1LY5=;`0>ossUZXbpyrp zr2qdrW1eYx%FJ`o*K-Q!hNI8S*tGfL)PNk~GMVAEX-B<)LPR-$%~RGr77*&Va7bhb z=Cu){LleCZ0&2#@tQwr&~u!SEZz3>MzAn5!wR0X-zte^!k8e*JW9 zf)r+EZ{n4#4%eS?yk-D zFCa?Ws(0hzH@Bx(YgaV~8}pzrD5RV4;Jyz}bSw*`u;@bvub1)?bGig*o&k&~;U(Gt z(`vzkE|>LYuBKL_w3GH6*7Uj-Z}VRe-0+uX)Q~pkSm&2OOq|UVZI3zE$89v@K(wfm zM%L8n5B<$hiXW4-<1sU3#aB92MF{Mra(XXD1T=0~h=X^M8&I**G^?^pq6j zQOGlB9IovHX>N~t@kC!I*DhmSg$c49#8Wl@4bgk#*TAGe#}ye%vG}#7;f{6(@5}|t zD@XA^c`{X*2oerV1M&SW-t~B(GF272JwKZpi_9kN~0GAiJ-Ue&$b~Krlc|W z7Q$t+K+$5+yiP#7rbiGzDU(8}rbCdYa4>9MXQlT_!`kdo>O^ zeSbh9-BnE?rkb|;ScaL?`nbIeNB|ju>~jZ%t%=&~{n25jvf;T%soc{p=CYl4M-(z5 z0~XcSmap=Q9D2sQLx3&d)Lff1txYuQ-EHdbwq!u#(D&^>1gkgQ#r9_l6=^57 z@F6Fp5GOHI6>CrXQn04kMLTGSX1ezig<*`?*aU~)a-n~u>Z|rB655l6qj?{#8igSN z_zsi?aak5wIZUHUVjt1a%C#tY%(bT$L0P2)16K!Bw=>bKM2|F1T9`H(cVz!NL?H ztQypc+@uQ4%Pvr1XwWcl=_Udq;o)WumeO*D6r$f|KE`=2yIKR^-zlg30m80hMf z9pk|y0;{+SknnHu;3c5pe;DyiiynF$9SD+>9S6*#kV4*=wLKGu0+qB92R_F&E4V6c zebCA+q}inmI0UU9!1a4J0TQXq%*HfneJy=Cj{|ksO;9`AIg~tz+`vCWLU$g}HAp~d zR70i(V`aFRb(k^@!vIfx#-V~sM3SrRK{zS~+tvTgOZk-k1jET9DOK7PSYoQ<(E0~= zX8_`oSU#XZPo_*7=7|1n4yt`??Z;$EX7yOW13(--j^4p7uDzELm<52Bi#14tL=H%b zjx`4wogw9Lqs>Pd0?1iUScMq7^;<}xPzB)7lPaaDavC7NXx=S*4#WyEzFb?uU@bIT z*T;P<00;`=L|mtM)%2nN0&jSLv5S`q0z>Plkkl$wL#Ut<40mY?9G7y=1H>f_{MrZk z6>|^x+)xN$mVa<~(jdM13t_*51L^Gz#2bRTYIm8U;=ky^8x2YDa-nUb6DFZgAPA2` zIb6{g(W~$SPl=%vz1;eYj0VlYv(#W72iProq~e}yC?$Q5>zpY?T_~ELaGbcU0E)mf z$lGn9g)AZm8ePDW;^@`u@#7&+Ah=rH?m`-B%_!L?NX90Touzp0zA=#}*Z>0<1$JKt zzKh{~IOYn81ppLk)dMd`%zVmEkhBjXy5mSt$c)1D+%*=0hIF?J$>aeQS#fK8>nm?} zwK7ryqR?^=cj`byYQFIfgKMLEN>;f)u6OTLO91l zVySfy?{K5R+`bVe+l1#*J`EaOh;1iQh?M^fm;zR1$0?A^ETwe^ zFwxa|$V%*>?%ZS2#0=o%|04BV6PV&O?C}*!CuMb=n`I%N2KGJsVTe^wql|?Wly+ugnY@1w2x3$Q)VQG)t!M&6k%VOzuruf zAmSnqCvRoS-E}P!j*-5wm+EtLq6|?SGm2ZJTL#}JtUQ9vz!nX-;SOj3v(#U6P}%SN z=2;~~f;Y1L)8I=th42j#!5?Z#d?NT9Hb)8193>GD7KT2Bw&S?blgqM?iH!xwGSy zqYrSP5ioAxxUgXHR!|ZX{FdsYn&uG5?CxI7m`rY(`iLvdCa{4}`OX^2J&N+J{y#7r z41m|_wak6xa>Msd5-J~A-rSU5eogtkSo=6+@OuH`96qBr(|bU~^Hh@_!p*5Nb6nT7 z5S-IrIWqrOFRQZ9Qb&4NDrY++J{~QMl;vk_rV~5?4=B&sdSodr4YQYZxW*P>+b><& zd0=7_O$rP|_cQLHi6AUc!ld`2JLS+xcUZVJW-bAZo2uA0f~<*?PkUvbsVGUSX-0UE zNB;r9oR1fQSX+Z{iPwv($N;cL5dk2VcHBX#QXsvZktiXq32xf@SB{-+>Y|?X)b2R6 zt%H_XIx^>kRjKSw+6HbM|weua!@2m$<0ab*I0$6 z{J02#G#oO1hR`FsLYMRK>YD$JaV&m4XeochIT(JF$L5H1UH)_c!15ZdBG?Ea(qY1? zOOhHtM)zJ${;M>HeGmvbNkVFbvr8aSQq}d7>iVAl%jC*^^4mR0MA2h;b^`#8P56^R z856p5A(ToXE-T_bfbBd-AU*WBD8lIswtBK4b>NL6I*<=&{e>)6m%Bt06XUjU3aK2h znoKHr#tM@1(XjL(R2fXl7nAVr7M&u%$@t0N;Y^+Eg@h2*aq&``h0%dX5ic#d&}IVE zHn_CHZB^A6@`+n`o2J4hs1t5thSM=GxJ0|H6@TKyL@C3rgEoJ5U60b}z#`T!f$xHE1(f zxN)YDygtR4zjJ2ZzNUuH*h>jXn@%$6*+9*UwY6$g+h*>xkbqJ(Fm*5y`~4(Rh`}{b zl`<0g7_5G!MDSQbo7!_{lz-qQ2Lez)61Hu9*|lYnFlPQygP3Wow5onO5&&z0Z-QQ!Bzi9#h3X_X&4*oKyTXu!<5UGEqv$6lP9 zodEy_=!nLdWK2UnyDl)dIunYft>*M-Hm01R81m`OL12+hS5N~*qI5BriHAQ$;j(7M zc@}tusKcq}`AbKE2o-WrVDo`rzn)2sP>`THvCXu{+cjG?M8qbQ%L06sK4s5hM0*IT z0rTQHwAu(p;9zX(F7$FNMvD*pK);kC8L{Bl@vW0!EOmy^iv7e99-+aDJ%A5eF}u_7 zS0UB7^>a^ZjrMM1m6pI@0F#z>8N>B#?Ni>kj?iSms`oDEDRVG|jDxEo&7MH36ZF zULcNr+Sy2u1Yj1X0YF(T=N5e*?95@y6Y%K3Y=YO_!KSNzu@g&WSU(!OXWQYp@q3?$ z+kj~F2up25HYAXyNQq@46bQ+j^KQ(;M^^PBYj4C#s$P8%Vio`dof*;e%tjbg7jqN^ zK_uydjuZQ!in!jCs@n9CsohG%`$JNIcuoL}V~uT7A|r7TDROId*f6lQ{PNB7eKQXs0-KrWv2N#EwWF3-@D5I9CvSu>-NATk z>htu2KR(40vJymyQ^3QH!SpwAQ%<^bjI&y8Q=q{{}{KgO>zUxr;0k@bNmw zK0{JS1A2TsFZ41jX#iM`j!$|ZK=($e74cpvN*KB1HtJss{Pa0R6!4)Z9s@H<3yu-1 z56J>c8fz~*UCPD<{6K~Y0Y~|TY)DylfhgeQn)_L7lX5Fu1SjFAHQ8fRQ(g`Gp@nnj z)2)!HjFc9{$HM_V!m#_cm}6Vw0f3oSKBDofP&p!C6v&{H3e0!!BC8!HO0rwY2t|j| zbm|03TVymTCX6ddJN&_S1NGm@_}jNZz|CUh1`I!SV6i5NlM9zY{T!nzjW3eHCKAl= zpU#|vUIPCPk;mUO`y=G0N6V-bm7dwVhC}xs(?a&VC%zPuQc(qwcMCZyDgbJS3kNbV z(N;MHUjx1{i4>4!YDAmFg@4U7$`&k0dZ+j8pVequ!6(W+vb}Zms2i+4@q-Ha!3o#i}MY>Gr&y6%rEov!#ZeC zF0K)nGqMTDgCR)30eV0m7dM4Wj6evq(hK0f-GM^)QhB?N1IgGL&_dmNa0v@d@GoM) z$RCU8f(=iKanOnPg|W~A=pT4MfN2hM_NCJa915tiMNEhpX@#P`l>2Y`Xl2=Ke=(go z4h&eQ*KWcGKsEqCk+Z$`t7*>h_f(%OL8kzx^ z$v(9nsOIp6jr6}jH%+K1eyiX^Et@A$9YfA~@MO@?A>PTU>~c7N(vo+%5hOyW#j`K! ztSix2p6Vks8>+h}gUuhddBB>yD>X<9>4y5rT}ZA2QV)?~gUJpe)8x?Ze{JA_gOz;# z0kQDrs%D4+k}ECmf`cc2U<^{cv5N+O^^^*M8sZi$C19TfT3}5mnB$+!LM4_~R`%!2 zI8a49bz+zeyI9;y{BHD``3VV}XCZj{6IN*xxpL);c=eQ)U~P+W;1hmvfZI>h%rHg7 zfpvfp#7>;ZFkKkLeq3QZiZ#|>`54CCw?m0`qh>GP>p!tu2^}7Yzz--QLIagdSDPz@#KSib=7U|7d+4`jf4 z*(1zo*7%v`GIby5%0Xxej7HqJi`Pf~_uDBf@amoo% zc3Qqx6VDfUD^OH+c@W4RY0H%kRc=H(H$Z>wO(SJ|;zCy2!E0;{tD(3fEh^k)&gMa| z_;;`50kGGk1rIEDh)J2Hkt8kxawHAXMcmpL0%{kcY71Q=GmPkSBqYzy#8*8zT1#je zpjU(*MNC}8?6EB^eRaTeBpM3Z)@+UhGK=y9NMHead;8q-&5(D{Mm3>$zb`=Hu)!c_ zzo%_VGbq3N$laUILVvD9Co*hsaA`Et>?_mHqiKkZWWg0nf2L^;29G9^U)`Jrq{&{? z$9ynk>7~{xsw2{~_3h$(i*mIcDuR;dMTF)jbOCwtd(eI zK=I9@8yrxT>oodg!Ig*DvC6Y6eG9Ekr+F^>Hda(rr5i$30jOCguv{X{oFb_JA$CVi zQAs^3?eT3k=>)5T@2dx2G%VcbgwfCY}WQ&_Ewn8Yakzgsb1w{}=-j z2-OeAs0$kNkAD#F+RnNBS!Kg^FHIW0*xg)RhzSjVd-x|bsigzlKja`;zMh=YBqlNt zP<@H=MIbES2B`&mth#U#Y z+<0*V1qFbnv{smr_O-o%mn7|oF!v~jT9mC~j9?sZGRmzcWz)tp-($52CLW?~nanw+jeXmM5EdHiJXL_%l&~21HXGaEdP2UU*<|tR-P77J!(FG>_VC}9A6t-yQCMI= z-P{PoM~VXYz*ro;$Ew44R=03;jpB5jxE<<|z|8a8B1vXDu;j>ZOx5E{LnJg4BP$c` z!A9cITg5bnnOnhf%^AYyZwGN}KN=?Gfno~-vgUc-meoDxi%YePrpCAWkP{SIPH-`3 zxp*(UKkP2g;>G}9vcJ6}D!U~;A7h+vE?;x!-EoLLSqs^2gP&k0{tDKcYG(!m``}nz zd(Z|4)hha;qS2qKlrA(-J*pn?KPbH&w)5eIYG6&*Er}TyE4o6wxLx5RD*$eyAlfC( z2Ifh`$SD<=iq7O~7>3q#Adr zn27>8*bIFEq~0{AL<-mp4a{x?8IV+U3dKgTelG$GZk(6k9O(38W4g0I-&c@jr7cKK ztcrwGEyKr0*G++?WzhfY*X zR@(qKK*+zlwsVw+5|%{U=Ri$Ap7>)$_V*CjY!K!4^wz@B(RpBv2tu zRard)HA>_!ftbea@6fMH#DjUV_qAA2sPvRml>>o56dK23Q1XkY6Ta`~ zZQObYH}r}?F<6X->8?%BR4_}%RRH&kWJ43gFFTw*xvdC5cN7+pvfT5uIo?7uJZPFLjjV@fhb!APaTfyL7?CK}r^S>UE}P~Br_2F%JW7TE#*GDwt6lD#kV-%jOZ87RO`&>G}RS zLT*m)rPAnA*Y#4Zs9ya-j{-NaiYPp4@aWPR+!BK;iwiR*-9#Z1BtIZ@8)L)90bk^5 z$s3-E`{ih}BI`{=Bi$P#mI#Ot#8$1DVj|IzkVqC_34?)mDlv@+^N!=h91c zY~cs-f8%Cdx@x_AK*tsk4`7@Egh+kD3=yfq&>;#f{DM9ix`GG#z2NO9tVAjmokl?> z*UqR=H2b-u@uUeVKez#V7d%1QzO3p+NE9THszMP?1j%0|78?gJyIBc`^Kl*ut&30R zsj!ir_a#-nrwni}eH{(sKHN?w`2DCvMD(P<54zzb*xC$%YMaVd^&nimdySfSep43DdbRJBL_H5utX!S zDR+_{Xxq4b1)F+yN!IM`%j?^H)3+oL2)PM3Ln^y(&PYgonn{orShhJH37C12jN4F* zNRP*)5NP1&OvBttKw}oWpaE%-%=rR3Df01reCliyN9BW@HKw9-l(#bAIn>zqaiIvv zcntR1uS0-|*Xn{^%meeA(KA57at0Ptt+03*U4fBx5Xy0-+zhtW#JnY2iD;Zb-i5UQ zI+3J18aMT^mEl<0Chq*47+hAEP99DHIdmT=&SOw)H-5poQT>jckXohqAen+}XGJDS zAhf)MZEv_57HL~CDrbWWp^sX+SrTAnHW3{tQiK_c(_>)Fg_-HdY;+3Pv1l>Ip&}|G!ppm0U_GSCoVlAERn_% zxedkb>Ioyl+#-F-uP1|<8;mSmzt}o<5fOxOgj1A0Nc-X*|)sOI?;XUVFMrYENBWIBqu!~6SV&0Gk0Up!n#q1LQo0lY*s3d0VhHU zLU!w#VI?CEVp%91bRc&JYt~u^R^R_ZR8w9mes2W+rkCpyhW`f#LbIStDLmls70NP} z{pkOXpT+^SquWLEuR%WaboNIQLH0{WcP#kBqfZH5Jn2cK-IQmLj@@)$C9g`8l7>on zO+krr;ted((UZYYYE8=S$fs#>SaPq4EnxLTLZ#I#>EPxF;)5{ANKkU4*D?!&sbj+2BbxrAM6j9bstR?U?v+zL_P0)|HVW`lN-%q%R23m;wH{eaSKpw(G z0nu=FVxFTcyw(5hH#ht$-~gvRDUaAUbk-Lh6P1$*rao}?j?BZ%=+HeHkTG7cNFwoY zGA)~mEY0>k5on=Ya~x6Q%pX`VbRXNOiL_6S*P(e#3X6My=9E3N2T&dE&9-dYkH(35K!?Yl6D0X}2H#->TLZUz)H03o?@P2oJH>ec6;Vw z$RrFKm$AF`DvGLM7^=csJu!ZVYa6cwH1}vxVX=y}JeKIZO3SBL|J1ezx$P8yfB_oB z;So`UgmruKDW+q=b=|z&y4r9JY~?`%-`2sp$#-rM0j3=zPkr(ji&QWo$23|q&#M)% z7}r#T1)H7#z}E9q%rC(R7#?XwW1e7k2Hh?W0DRDfH~h@}NEQO&GV-pj$x-7bpdaWr zEevrKmPJ+TKaPOEQ7@p85M*A{u_y=MX=YX^~S)NiP+Gp6SYAD;7*1ztzkDIvk^5AWQD9$Wp}eq!26}d}69y!OJ`3sxT_RZn2kb~0 zYu7krflx@xtFly;frA`o#M`KmO`nIQkqLJADEa=gGqa8)1l4stea~2C``(sk+Fa z#+W0OUi6l~$|`eEXQuaRRMY>5tD#U{$Ofs!OxgewpigU~$HPgSjs52&5CaMMQqy5b zC!H1`b#2i6U={k<+nsJD`~=Ul$Q0KUV*Lr?gYOJYe4Z>&F;_E9aiUEN&o3I;)EV{{ zKrX3&0v*8PeNkyQOydldkwBAnz%&ks8m0Av;YQd z(A-+t_>b^~7K&`X@n`~3w$7V;S`q>xdDb@?X&e?*HX8amjRuRR9G-YBr{$;^~c8x@|BjQMa}*eK9T$AXvnMjb~=g zZiAPDk+jM~evz^GR`@%r@QuL^W*u0|4c0mp$Y}{Khn) zUZEu%?oFsHSu+s=c`j($K)evWxk365_^t|dIW)0Cz&ElW(PLy*D;jZ7^dF3L1o}Q& zT)d*NRnU~IO17y+o>K2yGk}wW(8~bc5**SciNnUdcHcoaJKeu3JK2tktOV2&H_tuwO{+ksWrgi6Ssg`YFDxke1Xfd}Bf2k+Dj- zwlpy$P%^0Y%QH1suf>peca|P$U$q0z5+1 z;Fq1U{lezCNVJ|vCSNWlLav>0lCc7>A%Y$z7c4tSY7s%o=+KpuTxsM+?W$3&3VJFeq$>R-5O~V*xpYR4kH-D7Z;y)okEfzpo?iQT5bYEC3?h z@JNv@*qu=O1WxT?;!@X-Y$qFp3Jl4axH9C@eTm8t_vj$%A}rgCKpG>2>^ikwL_fgT zq&w?GGS;>*N$NxRL9uUW*fdhwG(L9bB$*E+5kI|B-f(Q3x)Ys&Vj&BgQLF+bs^j67 zqi%<{AIjWAMmYAJUc_os7^_s$JBi2H1}ueV1q8L(A&QOdaiy$@bj$!nGgb&c0JDPe zFj*)JfZH+G9Cjg(s@uhp>T~5jbLk_x0CaTO*0GZxPM@*)n3KFhr4sMEbih^ma@CQc)P0n>L)VD>>> z>2B)0u~b6hi5JfTxekXx^*r<-GUCK4as%`B&cY!n*R!1D&GrUq(lY@LZ&QdyAifaG zh(yLqVM@m{YX#aBqdCTgrY+3l$f6P*ci`5<)s>20dLMeA zY{;+*G!giSzj<0^$@=oQ58_xN51(u}!^gT^dU?Pm2mED)SwV#Z^LQM($L=8rbkjCZ z%o4w$ygU*Tg#c@~tfp;MiXEp4XX`PsQo{oS&2GeyIi(5z`YKj9FPx3&!c~f|OO6o; ztW5`ln8&lc2kHL55ss|`{2Q1v&`aVG0xA4^=DlYgUB1n+&%&9VQ^I85Ea0-SwE&?-_5A`v zUB#gbA$uYOk(|zC7}Jo?QWQlRMYl(WHD1lK}GO>s;(w9_N!gO5Az8(h7lZzJQ zj=V1zIUCHC@Z1dYOTwP`TJXQYNXel?&VH#UAEqk#nazCsN{!KBm}l{wO6L&ZCH(S! z5UP4G8MC1t*@_d2UN6f>|gVo{q`%FGa!G?PEPHEd6d%^vFq zi#Xj8#w9#cXq2EBj3vi9lxR`{c}Jv8wYie6yk#2oQ>I~1li$Tj!kgvEI#@C$dZ{xo zDiL}JE{M!#hs50Ov6PPuv_{7QSnHtm096u!9O6p^4HE^Hi(&Xiu>*qPb^8einN48pUln8`zh0-{f}GK z=sj1gV=5D?eZ2^eN>bITGZ2~S(cdz?fSq~2n=@Zh5#B#N=o$vA?SNA1`_(}Nw=+QY zYe|}EVgEY?NlvvC?|0L3nFe`6!m2u2KhmW~)S+W^>3)^3|NNp&%pu5}OsKN$Vk+E! zo-3-J#ZV_nbr70ZcteBgieU7c+Z&=R6k%2KG$n;y4@PfK12l^QFzfkCPvs@q)0(bI z^R2-gbGTA{KZk7yz#RD~uujpO@hi*gv52IU!fIB{5H-uH4G#9(YgPQo#&oT0lLW9O zMPeq~#9@Y%PU+ip~Es=@T^T1V^2*Dms;Bxe~?}n2*9Wc;y@BE;C!Zo%rzeQ`tI5PXI zwFCq&c+f?J_W;fCA;RteXI9PW)EWSE9?EU|O7qJjdq{%{Kt;z14FXJJta3Xz43ij& zO;#T?)IbD(@~i}o?*kogt$2u{4mzjof1%8oBuD|O3C2jQC8WI)>c_37w>g3rz9l`5 z?Ehi8uk+S|HXoz5i|juWotilMvCJub!APpSwr(n6K07Ed82Sb~7&T-#IWG{m-l30B ziNN&J)J%cl>JiSj9H45!vEVYCmMZePtk{WIKfGeB^amUO>P280=Y{UO6axdkXw}m> zZu^65o%>z1wJ!=|m5}Hr8o%$& zzT!G+VG(s(NfpV~RRfL2|L=l9J`?3+aDcU?CV9G7KP>dV3Cc(A1 zOjNyhO#nv(Y_NO!Hbln6@=jM*;3o?Fx5YQ!)L(2an#de+11(wO1aI>46DZS+6}kv7 zkhr*VDa@k})&ufPexQ>o^51EpKX~3|l$U|=!~us1NLC``1HSMB98ItH3}jIh5pwZH zhp0~;p&>Tmgl;8_AJ{U>%m^cea)$$hPV77yXM8Nd}Y($ceVX+>!=6QzDKdJ+=po2dSmOp*>?LyqvU*=Z? z)wnoyPvO*H$Fv=ouonJYhSn)cQ0=FWEntqEIgt-CZeT|YUv9MwlN+^1yvS6qALBjX z?`EQx#}+Hn1*;=5H7k(&Twt+nTmp1tb*xe%ek5FQWSquu3z@OTgbl?U94U!E=0moZ z+l3q~*p15e>#A(?M*(5jC%5rzduwYzF%?b+byNDg6e^_Hl|Y^q7)w##cXeV3h{&@ zLzIBvY?h2LvQ|=kcB+Cnv>$D%)74JBlKtr*-OyNiStsje97^V3y9rR7^{1*CU`2of z))T>whPJO5B*fskkwo%LKu$hL6{IOn=GYEET9w!yu+qj1^cY#88ph&M{ z{{DFgDBzqZJq!j5_(7AO>-btFId)A`UDAA zG>F;|Af5U{0VRl1RIUUKPtjoze+TW9I#o2)&GW&+s#2*M%P#0x0ip7mCizSwjYGlR zf=+$v@l}@2&>oEXv5$)4sy0yMg7D>Uu{Bd8wi{v@YfI7FSUI+o$Vw2s zbEVr(Z(~@%6+)Q3f@t8uFkZkaOH8Vwpm`icRWRXpV;nZdF{Ir@ z7KzGiU|}4W*6{*Z$VfS*8|54f_=5bHTd z#da1WXbu`5p#6IPeu_!ZU>r))wP>hG6BC*oQiKl36JCKKym;6}$nDtUlb!+i0X7DU z(=_vZxJ4V~doZSHIk|FH(g099C^44~&a-F#rV6mlHX;o>1HpxE6SV*16yq7;qLv@g zDPSUFc*##*n41B=_y^!A!%iaE7869iGRInt@0&SjVyjDOPJ?U7-7pKf<1;g9GiRMJ zTH)nqW6D9>qn>fpHga=!_StsVQz6sWiy!?$e`O##EKd{ah#cmy2$kZSOftftGinS1 zC*%U9fGOIhuTZI{q#fhfP>_<8Efrb>AQ7ZUZ~2d0NaU}3!iv4H6)Fjg!VBMsnluEm zss7qnW;X&6db_0{CX!dvpUW>3NO(2_f>*)bCfQubxjZC^ih=s4Bb12?WzGXa_S5re zEt4rA@tQ(N%6!!VEKwdJL@9hcHA*vM;>qP&~(d**`I2cw{blAuNq0d30i4GX>;%w*Nfr^n(zB z3X(PCbrlGXExt93-4iFlvxwlr65|7)p3fl=lC6Y+8D|UYwtV@h-eJ_qUmq$OIxcmy zke#I?1#-xWP|4#islz1 zKH3QP$y;y%$F!_<>PZ%w%Ak2u%J$*cG+2&mo`Ev?Jnn5onH{4^QPM}a+odHpr6oXq zDXZXghHYp)$74+wv)P9TdEdTKF`G22B+%usdKj7zWg?HgWZ4)e-8nBbk&&SCAkm%~ zQ(tz_cJ@%De~F0?_7*G`116Q1p)&X)+e3g&%DV0JW^480(^XZ8@96Jyo&fb>gD_Sk zA)&f-^H%A5>?kK6+FF0r6$(e;(jp6{y{i z1(iA`!PIe@!1CasBH-ayxiKt#@Ba#w!{0BU_B!2wxD6&cJQbk3AFvOsd?+!Kn-?KF z9T|eDf+Ofn#A|?FTW>W?k9!>p545p_W?!lmLGz&G3Kp-I+zpMY935H^`x^$Qk)uLo z@wDH=X_Eb3pjXHoku&9v;o0H+5IpUHn_`-yb#9vjp=a5a8{?q2h4IVtTkYr*l9Uln z8d$z~9&yLnHi+T?1o|Le1I6}@OV{M(yJcFtkA8}0VC^1sAz_tBxC1*My z9tcPSPM0Nj7`ZR5B&3^RdqjoGBMK-uTEVeQ_7d`D6*;NCs3hop2*}#7L@Giz{QA!GMu^5ZQkpPqH zWI$-#1fW9Myjz!mDzFn3Kk={-V#^)Zu*6NSEv(o!#c^>!=woH z)PSdIGQ-BxQxe*p!)l9G@Tiq;!=gL*r_mh%eV7E0PPDxV1N!g}EI^Ch1MEt2m4-A! z*p=-#?1eSN6vf0oPYD`#9i!!efA~KFJ4LQA1H=V}O^Re6n9MyK3D=mW24{#3_BRc2 z4DzE>K;~tb2o(d2mjuS|THN>DNt)D$G~0j~SIEA_jez8we#dd5&MgzAOJLg+kK*`Lq*pFcKtYzi!M`W81}i^g#*1aJqC3vSQ;rl}*32&jn8ICAz<1JxeU zQ>5bz>9KYl1Ws^(H1t#mpHrluM7j0^Hn=t~CE3h;Hs76N(La&L`Q=9hC@e?Ls#wWS z^;X#A%b94q-zdNqMbQMnx$ULF=LyDnvR;YPjo;GNFhcov2^5NKaL~}@Y+GRG8IC6! zIV%hCfX6jDMkSSYl^X35jgXSx+VpXjI*^+#3Fd38xxlXF0db<1!x4O}N&tq}KpPZ7 z38TxFV4Ium)8sjrwk?V-q)=dxNRA;9y8aBsP-oT_bX-FcJYA)tXbWV<tr8FpeQ0}$wz9LlkjcXAqg@C(5*%D36d z_ZG%MW|h7LV@%MZSadjO8VJ7Co+;(`*@g+@<^7w_I5$WxYf$5qwxS1ohoTM0kGY@Y z#77>W?jQy0j_78sa;r(44R@oNCD%pv#;&S*hLfoo8~;2W+eLYOU)ZHE*)m>x*m zm1gHa3BNtu?2^HFcrZeHBS=~Uu*#&cYbmD`BH)3a&qv54)do;jTwN{c7q~c;j$3;W z4drjzH5f9Sd%2hvt?%(6O@Ly96{Ou1Qj#Kym94^D)mKF!N96HgzuVm*f1*mMPdYFV zGT@Qd(qVmb+e;|{9c4Djac_s0E~2jhub36d)XPER+`=MThnkForWMROlJQEaWXQaO zXKq%$BHiSP*0)5;qduKoi7{FxeztnoH@=%ns?xpr9aV@o0Tb)Psrs^u4GP*ad0+;m zS$}_kIuQm7>vuwtdxhveqH)OZJ4)UMe?=e27W}DoY=Hal#zapy!t{@b{M{WfP}@8h5A8!5>N~e?>YiyJ{_oMe6%TxEGX#RnaJDLd~x(yD?JI9dg=@J>QW1DRm!-W%wwsvne$ik>kp%nqZ&H@R!nd04!2P;t8P^^Y% zTOFxV9q5i|0LOKJGH^hns>CCvhy12=hb7nsZZQFNtswvg5QhcQ&^zK16s}E;q5jw- z_a(OGGhwOK)?_rBh1Q+x%>8mlJCR&-h`3YQm-ZEXZE79$O?+_)JFIx-T+!L)0HS&k z6CQg)p!sNg`!9F9`r> zfnsl6Jp}yKtP&MDd$mnmR{22Kg*>uPj|J}YBh*7-G23uZTIU%!PHhn}6&r!Iz69Gl z$uDI$YBMhKB?C_~xz4^dI%H@^J#dfx0>eO171X4?Y+i*JGj2?d;A?m*_sMj3FuaPQV>r(1>+b$cP zx8fs6c|X5V@~<-j_oVaNoKF(cYw}Mz3|x#@2&xM^Yto<@GHiU`cY{gdusMaC^96JR zRtL5{A{Yx>#>yT_@^Dd#gOx|-PsRsd8m{v)Q~!+Zf8 z1A+c{TUm=%h!D6iXXQtaqrf{w*m$w43la}*v0-!2mwqXEsw~%#dH)GiA$R2-Xy7tH z&`o!pkwTQIO;6n$N{~RN%<79l9Xg7V?j{n7T?xtux8SK79ko|9LsKUT&`5A2Wpw#~ zZBFQ&Q`>!RFI7Hcm?mZgXVi#!bXqf9Rgi;SAEJQrw3rQs@ll~=0szt1F5yOP2gTna&!`;HqkL$APAYwa6lS! z?W^m=zJ8q^>L(LG9ad0HGjx#y?~1SrLqQRSkvG?vX<961V9xd88!-i!V^N3`4%*^c zHc}mM!Q_aXMl3Lg4ZyS%bUz7|qoj?;_wTTw>=zenPQyCt@$?dl(A0^Yn=C2M0v%s9 zE9429#({t1R^nt4;0%)5@>Us{lE>$uTU38oOm;DsYLo;x$4BFA5xFyl@--$yH&UKCb~LyhOC^%As# z^KoVyspMrwX3KDd<2IBoILeKPMx#7BiS!^qvzvBy@gL!pdLM|_efyOl+rT)9|ADZh ztPUvIx&fEoy}-CZSU2uIP#mYt{D(~h9g1002Fi-s#Q+$FpjIYHvqp`REejJ#ZCR1X zHkeg^1ZWj41Cg$rjYdSd(bjc(-3jHSehV+?VlO6911Q!H*@ghm!FMEmK`(0i-DJnmq;GZ${ z*stx6cD4hpno&>nr!3D~Vr;j*PWVCjW?oM>%rkGU1YdcLB5}`W4rgMYC65Ip;b}dh zjr^!h#xhD@qEM}i9qYR8i6xx=PFy!o^_7fHsFgsB7NgcxKqzs;{xf8s(j>&yGC2{K zUU>x03Dij&;~Cxr;;fRmUd!5I$hYz=V`th3v;mJ>IUZSxM4=^!gVx9fmI+}xc}HV>OI+~@`bHWZbBWO5^QGV+0+nan$nkQ615X%pDl!F=Qg z_&;36M1P+{*h@g~V% zdnuUFoY{8krt=w22BN818v48cWmJYMe(~pv5P$>{gxd zIzcnX5|e|M6|@njez}DrDt!|YrYW^bNk}GfBCtX91%u0a0nO`HM@k0X+X=`T*mfL4 z!?Yl1J?m<-*SZ-bbPUu48Pxe5885B{npYUCd}qvGx5+Xi>(w?c$^wQ8nNxG9=>PC1 zj~p)2LL6|UQw5(Yst9+)E!?@=!`n0@I%euQK0_BpJ(BS2>2}v2<>(&s0tRe>s|=l& zIm8|F7olwh4S`{wfSVMP88fZx-Fr)&aU48ES_0)5CWiIPCX2SH7hc>C`Z^-20!ry@ zM3ku_-C61gU2_McbFz`dH>eO5b(tOcC6N!_10{JMsN?T|Ufn`%NW%MIZY)Qy!^Ykw z;MBX1t{S96SbZO1J>u+e)g;&h67B)_*X%>ZR|3ihNvQr#G$rRXoh}FqWEU)O%{)`t z1`?Pcu8?^`XlV$^Fey~%deDtZbo(AeB0>lfRfAQ!yfS*DR6}#CrFIDe&O{Tn0c-+R zvg$9ZE}hQ=UqqFJnjE8h1&z*o6Gm#<8nz1;Vi*)NN5WWa_MXJ+oYrX9E&V*pp;ecY zQQgk@7;Jv*x^2cyQ4bM?lANP;9?wLY*{2i{ZcKg=h+j#Uk}EtfC?b44RVsBb(=SjU zZ#oD~rlzgZk-HGO!^IR1Vi|f2(BD_`x?Gc{_To_cfnP^g}RKdlrhF&QQNSvQdK1%nu06k!TmoA+^nl9X-I+3mXqK3BfMnbb00aSCu$X?fJ0=e@4BkeSNo={Oy#e-IB9tc`)dk22 zkw<9*AyY5RB?Jb;gsFwqQIQ(O>E8`4Wxh-f3L48l2(IGyJL_MJF)wYTKikMyKBv+4 zJkHIqW~rpNO1{VeqG7?o7R`3Sxtrhu=6HpuS9>Q7q$MK;AF}UaX3~~Fd|K||uyFcS z?YveqPC@Zxwv69XS2M{TYo$xcIlmB$lOJM&+@TWO81lN0hiv4rC~uWWvYd;Uc_d%L zMzMzH{cOCX@evbd8}1?7ibcio&PZ+$Fdh8$>h?VdaDgCj9_FygzvSDg9;ss%9qLL<4b~Wd?G3h(t;M36gSiTAQ5{5;3 z4~pIK17R{q$-R%{Hx0fQ`L-r8?4W@X%!ZMIx8D1I&(Z?t#nJNjfJys;}HdLY$+(g7cK+qDe03aTj?j z6w1dW0Z^&)t8g5HaA3AX^IOU99qrewk1iGjSGn1Bu~))q_6~gkO&AL;3Xg$uKMA-` zDtTv4IpFNowOV2LPtGk|-M$)E7!Dq=$rbSwrlq)(UZ70JxggrZCYBs8{k>(ZwwrbY zJ(At7$u-Obp}6weA%Yo5RQW^DN{{|j1~#|;dE3)Xv<9(MC(X3~udmmjLl**F+Pw}g*jkTEuozw@KCK1zj-8BC58EphF)>^6}b7Msam~W5y5O zo=_3gFf;6#tDNa+~_WtIll`Al(7(3tVDThvHWY=uZq#)l-a6^Wv z*M@#}{42_2f~K0CZ_iX8iuXIllPmMbcMtjdJP&ms0?`rN=J(l>$zU?7x+*nx=3}q$ zo^u#Eqe_i|)fE_B$rC*bSs2_E$rMxUoG!+Hn!$L5r?(06Df_@Unxa}5rO?Aj@w5jL zcL3yr$573bF4>$n5g%kG)&B?|RsqK0bk)l`n@1u7KHj{A2L#0mC~|8&!AclNxRk8q zV#zY?kIkU@KvbKvX4GR&;KFXaFQ*|4*@*--yaM9FCTvC%0U9(5Xs)5e))Tc1~o z6*+Ye;0e*{)}0|vK$!fuK)xj`Uy#K`q{^AB>7Y!!e50dC-6d;TezL3i>VFizvMl3- zP6G~|9cw`q2HKW2FDrrN^ok}-U1|}r!b+C{D_YnVoZg2)==xa(=%VsNXc4?>>f$)f zT;#^xc_%oqdUm$;3K-}0FH*x*b}N9sh$%XdJ!d8?>l$tT0ZSw&Z6;9u&kEVa@N3Rc zX-i^!5D?4o2|84~OSRAj$S<&Ql8egc!%%j}4++_fHfs3E6OkxxFQBzl`yU8V8Awff z7=~}Xu+Y;Nv3za^XA+oF{gpeWnlT*_G$<+4FmgcqSI30kylQku`;7?sagDU)>_Ns}fqe*50klk- z@%C1wLedd{YU@lW#S?ncb9-0eGlbg`TTR+-ID*}cnN1{B33g&g>WWNxBJR9p7pn}Q z_tqV+u=f>J(>@_`>yiD-G9sJg9ME}<>m0JOt<5AxnJ`q}&r<7cn{RS{4Z2#pkrdm; zeyVk&w+{@riolQ-bznu1CBqk!C>SnQJ3r0iF=CDf7kG9VBhy3NG_Ai$keO8Op%L@j z!TZ%jfF<_ID0W`%u{e0%rB<29{M#gv5&m`PId_IIZ6JEIQ!p+mC8@FjBSCwQ0#W$` znPQyb`>Ya0b3LsQbOQ6>Q9vQ4osv{@C#a`jQ!${QK4JYeaZuH5=_-uTOkuo6k&BSn zBf*%5hry!A#1=)JrWJZ~_jY_Y?bx=r50D1y6<$ptO)r?qNaz!y+>dGJ@c=ul!o5_F zBBlCjJ+N7o_7u;cuwh_TmC-IB8MVV(aFT^m#y$8Yewn>HL<9PF(@@SNG9E*_* zqd(SFLlPu8T!}X>4)WwVU=)3Cm8G0ma*$%Jgjw7%;yxz-l14=0VUv^H0Qko%h`$^S z&@8Rwb&jKh6zw2;v-ff@KnFLog_HJc&1ZN!z|HN8<1I8Xu?a&eYHCqzyZPgY>J0&B zQALjIIyRCaz{fGr#8K9IAE_oc<`7UAAig9l>b=14#CMUJEZ%TDfE1xMC+1|;n-Sp1 zz3_-!d#5SY0QE;oFwGtlwR#O|^GS${VFa7(m22JClfBE4y!G}(YB0ocm}Prn7VR!`CA2VEdyhnTVS_$vgj0e_gu4y z5+b-)hW&HLC}CcDU${=?1J0C9K)B{38kV7bjiQIEsxRck<0c_1O!3t`L~u1LaH01; z;ndK^ir(1s>XT*kYUn zd78_M!~*EpxmU1YL&DJYt8e51F!o;JRj6Yf38rZlBpookT-KH#UEMYKf>{Nnlm#TO zWxm9)ZwJX>QN}_!n`A5XiGW8c`1(2NMF@aF!UGL!ZxLmg)*1kOP4eyipKnBb^e3=z zBA4`33%V@!m-*70@{u*W3A5r)hDEH?B4?boH z28RfoCq#vRZA0yS$GG8RdESR9j%c}@f(=lS5eP2h! zpj^&AK*)f1a7RI4D>cD1o{V62+N=Qx2u94PLgQ%emsWfy3b=s)^hQx(goHqZ7Up~1 zSE@ggjF;yec|N6nCnrSn_n=1yQzu-TkdNSqL#&2F?Iwu8PlBo50(BxjPAx@M#Yhfq zuI4S699a}h3J7t1^TL)0p`W#;GNGw@r_f(Kt_&|AIy|A{>KsX-pVpS*(DEu`<;Q5- zlUH#*R)Auh1W`ZxGLXMSQ34nJGmunL3VvF8l*D3#d6C;RjfPTyOz%p*FAlulIlS72 zCa6wVGhKi6qOBYXhd)PXk^Shkb@t}{JbgQ|R0k;HPlSR13&y$^%>RFVqWFj*$SGo| zGw5r;xfPmec#x1#wN)t0yhC7lFC&T;#8KupX7dw^@y70_p}`T5j{`J~!@{`rnzY9Y zpE!=TU9AsV!Jh)m~>^x*mFIsTFE301-e>*hM zHbgN68Z;8TTHG>Tt;>3OK{Eu?bPI-d4q4HpNp=a9tFD4c&=H{-2K71#1A$)3knCdA zWO4q%yU&;ILDieG4nXQ6QCXQBY|H#8I&r{=i3$E4#PlAV1JSj38=!!#gzeSCMIU7e z&Q68EC`Dp>FEy3j%?LmXE;Z17!c87aAwaAR5DP$!ZODY;ZJJ`bbr+ZwuozS@0^dlm zSt?Azh$y+Clule9xdvQR1y)X&yU0YSSHN1p;zddAtg-rhaKoc5PC2!;-n??@1Ho={ z;)3WRXWU4zbsdrX@(5942GmDZhlwP1=f?VPG#U-F*gZ4 zgFU?BoX!PdTB76xKGKJziI7kM7W=Xnsnje(C6fO-Nj8y=I|!)3`a~(mQOYG(tu+XJ z$&bg)T|}a#{r8*mUKCk!2Dtk(CH_1yD|Y`SOq^k2%?7iC$EHSB@Qy}&aYxO?*0R1_XDM2em=hIJznrQDqnGw z(r394@k)H#;I}CCRWv#d!yA%B1U|K&r-gpSklZ)n2(RP zO2B2CT{7@qKwgx43bENGP$E8YW{mw#QYi5tJT*#t0Jp_2j~Q8n2QUx7aAbGe25{KO zqvL!gUA%s5Xkc1saZ7zO2n9tc!X%JxlT!f|2}CtR66-lew#;}0q>+TB7^R=s1= zv%T(c^~RDg&@Z|BVg2Wlt`kp%xCVUeqParof)XxFb*1 zi0I(><->p=5mb~wmL`f7sc<|F#6(BWXTvlXKsb|Ypd_w=V%+K90M~^K0c^zA;f;Tc zKz3=D30avHzcXw*=kzU@rY{NCB7zyNbG_=?I)r+7fVu_r5f|ENgaO+z4xkU5VJ7J6 z!F_Q^VUGE1iiQSI4)`|* zBk<<#A6ked64W66nI5@{Bt&d{`xTlwTLF0k*+RgpNP@~+)HHbj6`5%wyC`aCr87$^ z!GM&dWPn7vJA@Jgc&0`&WAH&qmHQ_#!@YZ$xU}wL?T_zmS)zA5!0bHY=pR{vhJawD)e<|VJ-%)G7?0R5 z3G0}djg}2iG=e#hw27yB)rJL5Oi8S@|FP~6Ei9kFa3BZfQy>!|6x&Jxv&ybDF-Rd0 z$kEiH6)w6#i!|Q1(6waz7xv>7s8!+wL=qh6nosUgwyHT8fhP-L$Q}nMiIZtV6oX5^<@khj zx-rWaViKfsT$=cpMj9pJ5YV{daqN`SKHq(j=@q2Ni#Ui3wjzUIIHr=2q|A6J<1k`> z!V1cE3YzHGvwEtasWjMHH|snQh31P1jV^H@qa-&XDf39mMq>izO-?Tr=DxQih_NGi zhe-+!{d^c$EhFY$3L_6r+ZL4`PD!bSDw0?ygm`hwQz#uHu0fP@NH{>P=H`%(m6H>P z>@mgGH&|dav1!M*Xkq)Ya)Q7#AOP{A_>&K#S)i-nS2WP?f5`%0+$XNb_QC2wJE{hx zimn1f${MNcs2VUyCf;HPR%la79CH^1Gc%2~HWEb1Y%(N2YNA2_wL!lqM`fHviqdrE zZZe5xER128x1dwF7aIt&euPUGuMeereQkOc1@C8MNMpJoG6_LS-S@h}G*1tr#2}Jc zR+8kKWyJWr?lqF$93v0`VOoeyF@i7n3?0s3NtmQlZioEk9yNxvUiMv(zZ5|wyxhPB z;hj<^TT@f2j4C`M@PvtLw09K{%HK*ItFAUXcxG(9BU!)$C}^MBtOf^sT}zLRN8>vw z;Q|5S5uK}N7qmR5bpmR{ErvTfyJG14{)W%(&(K?-v1cr8eW5L0!^kc)DK>>v^k(x8 z8u!ayPWRV(Yvk7YLz*@mW;4;GT zOc4>(flI*NCpBi5d9i?~&)kflV2!B$5TmBtHW6^vp{7uOjzD(!c;9GJRzyNYW?_`| z^brSKTJs_7^BhlV@O$6%1_s)y*THuOX!<;V>_RqK(HH5#;W7=o4bB`#v^<}Rd&6lV zIRbuJ$W1)S4lm5$gJF~#2jUEr_D2WKN zi6GxP49?^6gw$gymaDQ}BQa@CHi~2}(tsP-1t5rQB$leEHB{s!0!z>WPVW+MT(S!T zfhhpACle%YGij!MYtyKp!orw+FA3XXHyr>lB0Pwn_V`>jIewVvDfA!(mrXI;Rv!l7 zfk}c?W_}!!EBjkR^35KTRKIy3 zS5D@3>AY=+P{JIUQPP)XW-gi}T~GLUNF)yVL>n2RTo!V=NxWsqykJA8@>e?9f9x0n z%Y3Arcv3&3;k%PAYt*f_0?1gk5~d|$;M)iq`H42(8AMkWNBl`^mc()lrah)I6u7Iu zWW5sn5y*j^x7HFV=-VWmSJH(lugEem^j1g*5U|juikXy5f=-3!L5J+?*~eq@Mz##WNjOSMWqAOh{p<31 zVS;vAONVr;19~kgi^PJo3bzn1K_)7dHzpyWS?~u*nI`8B$ktFPO{kY$;8Z1CcrZFO z1UE`X&$+c83h382W_)#vWN~P>ai2jd^{(=1BS??t-Y?@8Onm}ClRXN8AALbBeO?F) zon-W+0xfUO^4mZl0Vngn?JBu1`u4x19NMf;1=9z}%4K~~(2sT^yyOv;BO4X9nCjB0 z_-S=7TP4fqpJ7ro-sU{EE4fHTa->|4I&>^SqQc6Kb;0~AugA4=sSai#Tm_8>&vDOF zqdvO^SQD_UB*YcP#zN+S05g(|Tplwk%aL|$h>E}R%8J&rPPnvLj#xVyJ~+2(JoEwt z)WHY`+XoQ=Ze&4GBHwDk+Y$vi%k|0JBLbXd6|&@52vSz_v^g z-MrCFJN3$gDd4CaaGx|lPXpyN7#yvndx}o2EZX#}j7E)7p0~W;dJX?fs>q^T@^ zY)S}*O9v?Fy`w{nsR>W1!&!oP%m@K#nCrobdM|J6yu2Z&m@!yfp$T9M8otz1L#N5L zm-BjDY!Y?6BZz*Fg;pC$oS;w&JGbEKl?P*^`Mq>*z7~sYUo<&fUzq@dI3)&+hb=gV>O!tJ$W^=fWAyd) z^0Kd+!H-f9Q(RRA(%zsTwRhsJXG3z6KS8F=PR^!aMSJ7BB8-AvH_8D-#SKA@v$m5K zsYDU{3^A0PH#dp2@;8h4Vr^g`hv(imZ3Ef>cn%|dk&GY|KyW^^KByn9>7b)VcIKqt zYpD-Kp!E0&>hJ`WIko~v1<5m}0O26tBe*fs@z4_PVCb7;Ie|#F4xUUtFON_ygaVJfJQXOq4^1n&ZkJ znpv#Ztck!}9Oazq|6rgi;C?OnK&Mh?DJF#E@sI89U9b@d?OX1g$1>+L1-=K0dt2iP zx4bGCERcjRWLB zBWN1R*pPwm-r-=NM$_cfYl1aFb{6tfGD7HFNVcUn?DKna_#!ab-t8I*xA&yDgj99#tVZT)Z|8P>7y> z-fJ%PGfV}XRJ7{!mkqmmG=~o;td<61d2My9KOn=~T}J1(5Y&90X9zabU!Kh44aZoz zzR?IzDRCYtq*!Qxu{@^{Ni0LRJ!Q)yYhbti&YfI7IefT->T{)cLbl=CE%1*6%fvv? zl7HV?hqKxG?6BqlbS?7o-uhXR8J)z%>6X{Sx=a&mUktyLLez8O1)C6{$=QOG-GZw% zUHQv1Gk&0V{RD6Tp*#PZB=VGyp=C!=p~=}Rdyc#q%=DK1MRZ;8rng|%=)Kpj0PEN0 zQ*W(^Et@HZ5M!UJ8pz)|qOr$3swo<2!4d)ILna;*f|$OcaQ^@YKBcGNVc2vix^&^b z1!61^;ykfkqX)yQO+BFGv|w}-ufJdZod6pD1hheP1EJwPR|}>&YID9n*i&ep_09Ij zdf+HD>wJaD@9Bj%ePq@;3Mne95lr6Q0q;?D6a;Fug4FIOkOID7#8U4dN^t3U+0-l;!tPDD;G`L2$&SB3!yZiFulw~;P(ZH2Spf#PY6?s< z0JxZtL)Ma4f#%85D!#3k>-DqBQ2wCD%yYnsnCdp5Vs=N1GjXmpzP+O|>yU^P%7#!A zGc^Hbw6lIFka)HIDiOIX8y+n6?yTUz@Wz&t5(9t^{7UU+6Kw+ba94{;>hmoIiz) zch?`(D$lbq%qFcRVL(7iI7vYVfjk0@mc)Ss)7z-)Fgp0(Vsz-i2_>kng>=DEfCp%` z0_%>j6yviC;v7uNM33n z({ivXbJ20h$3(;6kVyAkpE#Ve95(FTE=eg;laLh8A97d>mni%AOE)2z*Eth;_55ix z{;k3U0eM0`K*+=cvwr^&NQ7*rG8A0MQ ziAZ|7^1JG#xcBPBIdU$CzUJtup=6#`i9NLBN{vMnA=b8lADbRuu8%P&t3;sNd z#K|JC=BXt3Vk!LlQIYQgxz!q$x>(J3`YF2L{~!nPX~%^@h=%MGsMu2<0lkq~qgrxQ z=D^BGtlinuA7w3wt**ryWG*5>i=-47pf4bx%?~c0R(nnF23!Etwb6ht8S#ys|?lbby3ux|* z93eo2axTU!eV`60pjEj*=Ok(q`r)Ya0<^5JB)%1&vA}h{`jIO_QMj{#LKoV*tcr!a z4|a~V-u~gzcan9TV|C*e9Qb!Lf+`zO zrY~L<%g>)KBY-(*Lkf0KzA*S3SS=yb@GYTlFnAu~P_zrnUswA5KCCF(^pwA0djx+1 zksLgMJDwgs7k4=hg^PTivIylvqxueysjgBd;lllTb!Nr0i za)nhw?$&$*-Unl2<%#$()dtLLBZQ3pX(|J~B9k&c$*C^3AvRlwFp|E ze)Jz2+YT#Z_w_M}k(XC7T!lUb-<7nDy6AP!3Ian|)(hG1CwJ{!(Q!o^>wcgWdW^_W zTpZST&6OyQPSiFoq)c?1-S~8dyNUueY`g+D!qIvlv8Wx8Sf<*+8MDXm?D7kP^i=GT z=PAQ#*tZ1^rH~AAEf=qKA_o5`=eIZS@s*fApD54=J6M;U=8X|{*{m79eN?1_* zMqJ+NZX_$9_BYe)Dmw(|ZP84n%W`mm)^is(jFe@Ysj zuPi2UWrVOX5+Yc$U=TwdzR60K$rdqY3BD~>d}0(u^OVU8gO+@%{spwdCl>bY_%&J| ztd6oho={KZ@}!L%ldJ2&&)G#_WPfU|E|&+U6`&IdRotD^(6PsppBX~f+LCaWQzS$Y zF@OOpE98d$JPri!x>w3$MmC}|ZvoiY7_&+H&D2TsQo)AG@mSb@nz~f+@b>&lmoMky z(5kFW2BqgGp3{2!dK%%I1=BZq`hQjiB(PyKP~1L0`QUZ}u_e{3?}6?!!MDVj6G?=@ z`TmJo5h?}_f7(=Y;QvG;%z3FsgK@mVBbxw;+B;;F7uos=(IN~NQG7-pKt=4V+8cnx zhdt%O(8#k>0+>sH*a@lQ>9L6oZY+NpVcBvWS$dx{KxdN?1Eng!^&H%BI1(lXDL`cT zAY9MLf+4H7>wK3z?wOv!^1P-8dZeFW@6l{kc@1}mKJvQ#Tz>jI*a;U?LPm{+(4=Bc z&?qo7VawSop0g_{)Pt6^KuAb-mMRU6D2m#&iRHEdrok2TSyESSsfhX`^@}S?c+FEW zWu=yI%W;i6u>`wnKh!Ib7TPwC3vKX*@DIQb+v3m$D;GJF29&sBOn*YqckQ@nNBMaq z*cM@kY@jCyijpkn2V9GRiN)JSyG$ z&%o44o`GWlv0;&nESFG$qWLg8XJ<65<65n1eP&?Amy!ZOnR{QnsSZ^jXbw@kJ_PTS zG#Lv)Gwr#NaUIA!;3lrpqa1eCm8ZwA)>&GM_tTHh_3MirSn6E~^DHjZ?Zd!?IIFoBGV~a^ za>f$B!^t&6!17-QkK;4NI8QT(1;Zbf7dwR__r@CvYqlLlz46WkmI*6i5+WIBGH#RH zUNLe9xjZ)jG4iQl?Ou9|rUl zXCk{85&-H4V!i9EpcEqey2pv|@5{_FjfBhWlstsOC1V68=u!}1CR5}-T}oA*(kC9Z ziw50g&z43`hzhZ2^o`48NoqZSN*s2?mUd*Oh`}I-Mk}J?xheMV*o;nn8O&59Z;!Jgj_O&7!cVzurCs{ zRU|;QVwXCq()Q*3wQPfW#EnW3#1!Zhe}jFIh@utKO0q%6XSicA%+Dez@&{dJspEgcF%(GWxJ)Cx?2vbt> zPks{tii@3tMyjx2}giUfg#m?d2Ny@P@vL5E`_$jfTZjoGoPFGh!NlDG6fEP~>7 zI5$9yEqe`0eSsXAm1KK#m;y}m)5iWnAHJaY38cI;r;m6UL5d7WszW3-7f=IMgr1@I zR{*CDjwcTc^N++PD)u@Wlp^BYo@Cjp14Km3lDZYExSOfj*^*LQ$ zIuWaVl?8u*YArMGS+oULf zi>5}2K9n*iq)nA&b@gpa7BvAm@KM2SZLvRJ#QTaPa?M0&SN-9rk=Srwljw0!pYXAv zu6I^2dIRlWJ=l*yoew^G3D_Q4Zp{QXL`PkHQFq3V{hlOFJ~u`@&G0Q!IL-%bXNMie|JR zreGA(O*&2mU-4@_QII4=`i;Utu!gSkBF&Wm?5VPGWm6R}vR5E_$X9R;=;QiSW6;-? z!u;O{x(a?;x^~nbjSrO^DefnI;Hc_&EGHmcg!XXzAbBz0qR<9Ho+=pgpIjV664M9G zobpc~9W((iRBPT)UH{rJESF>G89mf5$#F@seB)i?Icw6|N^Y~LbH5uXWtX~(AaQ#V zMu@CP(P7#h%fEPI7vR)@MQP_q>xk9N&QQGsX1L>)2mj4|jK~=*3*=qk^i6YdEpwgsC4S2z7F2)CF4 zQF}dl#CvAMiI;^kw3t*1wroCR=L(7wzDq-Xk#06|(Q9m*=1Mxw2DaeEQ0~Y@QqE)e zS|pdJ0AZ7kMDpJhT^nw4VDLO)A`%?!oTi|%$_)5{)y$w*aw^e9>vsAHqi2rA45y>% z?D=*o>2@&0%J@V^baMk>Py$9<4mAnsffMr}PRCi80EsoL)52O}T-2=F1>WTluchM! zHk_>(5Swt)Z>02Q&RB_RyCK*$kgUo$*-pC&I_p1ElS(j2j3E*bjh3q;n4!jYdm;_xZkdy*V9qCU4=zA^l3Atj zWP!^ZU$HUV45gjXPEg7y1>$n3w8ySXCOpwKdW0ZA$T~E@#(#r(fsLhY6*iK)WUsHj zO7GMoqMdlFQAq%)lvhCnNEmP<2}XiSSZXr>-tU0iAc4MAT>-J51C!{xPejE!1D@;?2cjxG=700FTaS78SS9j%45r#;gF^5y}BYH4*@3yq$o%r33-ChYt*n0vyMG zvrq(o<5ZL{{L!92jaoh#9shEZo3Khh?XA-H*tc~mSD>Q00HeKEE+$jW{ynEKwGkR9 z@^6d8=y7NrNNK4dy2tWhk~yVqc~pnVq`F^_L72uWQR8C5%LI zQ%~=w>YDSQ8zd(Xl+js5z_e4awi2#r$M8bJhGKr0@R{2**<*2wa~k&xv<<;mN&ShO zGJY!BaeI2U?6jsNYJ8IKC6ons7GvBkEdU>OF7;?3U3z`1TBYbw;<`(tOwW+pnS%#3 z$LopEiR*w$WG|MOThxV}i1?_46&Mj47c?jO7wHpzP)}vvtjhcm>^T*E)jR?Nw_VJH z(hyf&8z9CwR@|p!%gwhWkz_rR+lGfiIR&)phPlmsr)V9-;umGc1K39zvfxO6QPga> z03Ql7m=%%3;@M=}+>oZW-B zW7r*f;Gfacn-uIX+FxaKgJYJm)wDDM0%H3FZy!IXV46_!}K!3z{KRynX7 z8P%iL`n8lvs8|?0kI3bLIi5@d3CX5dMj1=lZAr8atH3Uzgp*A5YVnA&WveVSRe_F+ zKBu`{E5o8(9}y_j1tTEv;<7PG?zVX5+Z(9%hbbM9cR2Hb$s=HtEJcW;j<_D)6#)T4 zfLP?iNe$dH2-HJ54VYa+XpAcx*kQoQk&Hta#taSgFbG+$IOgd9G;INp!w?1yi{LHr zree(s>|1cNk#QoT3b0gxLt>7_Op7=c?kkK}z^tKJ1Sk@OBX~}zmN6va5X4*wLlPuN zkuU^j6Kp&n`oj>0_zgrEfIsl#!&C=h4RRVNF#upN!a!I6#*J@CSei3=Y&51QrYwFdP^^pke?7K(&F~03raL06GD^ z0j>h)0YU*A0Sy3v0AB$=0M-E40cZgm0e1s-0cir_03iWv0W=2e1~>&C2C!rRp>L5( zTWCN~w3r0IMuFNZvJHR=ARK^l`#1D{G5?pwKS_MA^54V%0DKehr}RFC`2XTB_?==0w^)u1m5PYii@6f)6_5Ydu zv+NIZ_(Rt}Q++LT5!n8!J4x!>sE&v_3*cXat{Zq5;17w;B6$epw}$Rg`0nFJg5D-L zYvw@(goc5TeJjM($AJAZxZHZN}RzBcP0=_>ZI6WVGU zO#Nk-YqZTa3{!84P0K~GsI#32<+_AsXU43wILwZS(8n%S9)lP!Dg$$e2$$9$E?^Nj zql4do#+a8qEP(bD2)DpP|$dp<`TZ#bY6^~7Xv_Lle)77^OsVhMOm(@ z??8O8kA%}ZWpR&2v!7qFSw@TF6d*=9YT^Rtk(n8p=CQWvt1Om=n&5uP;GiT6 zMRvbm39kbp*KB`qoVg12w52Z)T}`X41P>D|q_%K#zuhwb+BpEogY0E)KnSy#@+(m5 z20@LG@LUEvk`I|OIUV^^0_YtG9AElBS!Dsh%k^P9r0moJ25Lkm-gh#igwBDhAOj0!EF&8MxV^-m1U1MEd?H7} zL;r;tfFIT|ei3-Z@gyM=!%Ba7Pa626JRAA`V<2D<{RLRT@0o=bE)XF)nFtUL67`2L z{?_Qz_`Yy2t+I)?9&z#z__Q%L3pnhN}U z_rN#WU)kD59D4whbSYERHY01jM7id50EuI1ctl?<_IT=Y5vP>(sNNkB&U5&F&^kBhm5y{o!y!F+4wdxXoy;!4$W`?_nL(+bK_QDAMUV1O0AwZ| z6j)s}9YEZbY-C^Y)9Ej`aS&~{sXCG2SS3ce$EY;Yv-c8TlrD$C85ATlLZpGP_YWfi z`RQ?z1@zIfa{yqfsUDMEPpwuX%XHdO+ASb3EPi1fBPocvfgsC0xa^CG2SWBPWQ&GS zpCXPti8b>WkYbf#Vg%A?&_UwUsUQE_t4GX?7QqUpKJ2Iw#%)Q4Ft(`9Ja&Yk{C@38 z@%T`)#wWy(kKfEH;ZBQ(m*Iq&L=<)4D7tNO{SsA4Fp4D?(Ex6nQS&f3TK|atgj`fE z2|OX0(&(ZqxJd~IANX&dvX?U14_<~h2(lP6k^H8ep;2HW6oPo?U%v{M>|{sU~;p zLTv$OTx3H^4zNUn4wUfo>j{CEvTC@C+cw+cW*ABH6u@!M2EdBL?1GbL_#e;7YDBas zic?MTazk(khXSyPeDom_I~wkLv?Wr8<%egEfM!*M9^kl$>zsVzaP}S!gcD3;Czy#58RTm?`p)RTS8I<-sC3+*n{A)P*rU!@Npj`e{x9xsif2v zTW`{q3p^?A!Mk60Q{(FLt(&TVe9z z0-!PiOV02JcNeq?AbJaI+B9xC;LB=}Ho0vH(@;Qe0zq~-8ckOa!(u@Wou`p_TR|QT z38H`lJE$G{q1egUX@&v$x7wNLWD#j*!D58GLv^bT+jpdKBrK#SsQsWK(+RO40VA^w z0nA7MN1Y1Fc#5JkwD5TtHG1t;lo=i)U+kFG?1Jh11h9382!marrRE2eZh;JGh`wNO zQA_~n?%97HOKLA^#oG(5*bgSllS%rOc(S%Yj00cYR;!D9G_90{pfq7D4I*$k?byOV zR|epi%oIJ{ou`5zS!-_dnxOa{uNv)(luMo^5TCOItq}2}sxCztLEzBGS)Mf6dzaw< z!GweAgvFYJu&mH(Vl9HJBV%=Jz~~i%nDGIF9ncTET-AQ=fv{L11&K_;ei!iht(!De;ym|y7ksL|^5Ko~B-vSh80++s?unD}bZaYa@ zPH4M$&fw;xEGN3_H1vHW><%-+dg7dfW)F8$bB+h7sThoOtteO(v{&-+iK}r$%G))# z*Nhx^!ZMj1VeG?EkWg+0CYQSX1t96fV9^3c+9C393LU&CHsFCa1q99$`zTMsEWwLc zxsw1|A?k8-m8HCrk6;K7dhNDJN3R9iws%6vTq_}PtR2CZ8TG;ltZ4I}sU+^s8`P3F5QxrypG1-{ zGlr^7$Wsy(lo=xfC~BpKfg<2z4OEeEF@~x{Pi7O#CvqMJy+f+}=CB_$&IuEslB@s# J000000038FvZ??8 literal 0 HcmV?d00001 diff --git a/fonts/fontawesome-webfont.svg b/fonts/fontawesome-webfont.svg new file mode 100644 index 0000000..1ee89d4 --- /dev/null +++ b/fonts/fontawesome-webfont.svg @@ -0,0 +1,565 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/fonts/fontawesome-webfont.ttf b/fonts/fontawesome-webfont.ttf new file mode 100644 index 0000000000000000000000000000000000000000..ed9372f8ea0fbaa04f42630a48887e4b38945345 GIT binary patch literal 122092 zcmd4434B!5**|{Ix!dgfl1wJaOfpLr43K1!03i%vhk$H~0%AZ>1W{BF#BEfHg1Dg~ zwN;~5E8SkZ*k5bKH{JB@BDJlxn{VIPR@=8#3)a_G$lUzD&$%7=1)JAy`JUYOIplAXB>t_7*Iu<{Xb3e)N)PT^F23}di`1q$X6@od}71qtve>K^LHZuNj(0UOE14*ZP}4s-;vnA z&qW=pH?Q5Xg&*KiiGBN1C?C6Q?dJ8(SMPcS`R_=QoZE8wRa^ga_4FwcdvT^D1s~qN ze%(cx%a(srVz2!k~2Yw6lI@+5s`MAXMPnb-Ae^d_ixKJS6(G$rP%+V0YfOHiC3A2!ZR_E!?@AdN$4M4 zXU`!=si>r|KAbN^Evl4|Vp5-UNcw{G73l@(7cpCGeC+&qO-)rzZ*uUc>uA-{uA_^N zt~q+y(HoB5dGz6|jbpB3RmYl+bsbxDY|XLDj@@wV&SMWB`@*s3 zj~zMon`7@BGv0N*TlH?&|45iaNxbE$;kQVm-Xb0K9E~5%9$kF2_vn_RxubUhDn z{ch;Oq4S2$9a=s#W2kw+{$GFiudn^){r^1ipU?iP+7tCuc*;Fxp0Fq633>t^zsKkC zdK8cB;U4CZ+(T}|op%qqPq>e}KXCuu{Wtgf?*DPW=l-kvUH38fQTJcmZ#!uQ|DXJ0 zfUV-I7{@E=SNab(X=?xf@K4vuENaARD?e>x2%pMNk}gT@ac^Aq z#=Qfq-^gy^eOuJn@hzHkT)d+=Y$7v}hVi^1Nqbz)NtMV1bmomWhXPt{ye8G!))M!! zRHn6ywZxmNnD%&M{x+74q*9T=935FUe_LasF0AIlbqRHLEpF$fRBH--qYHaFb;kBwY!WHhcCbUFjH9-Qx9K$ z9b1v)D8O{Hu#s!+NwKr98!2)5VdKPIuYK7#loTL2l+%G!q=+4U`U&k3|iP+#lu}PCX~ihez4V-zuQ*Z(>dN4=(_3h z#fik?%Wvu$Fy6@Dlk@SFmc;oN-Z|s7zc3W|wB1i&+Me{cHHZBw#w23ge>MvS{6S-yF%1(M0j~cLpmRZ@uNH3~Da+9$QxtOj_r$7whYdN%O3asb$&&`sBc(p7PAtO@#6r@rkg~=4 zQtZJ~CG!!E7pEcy9hH$HCq|NTX%S=O`l%~?_PBVrDi*QWhy;!-&L?4Ou@@B4O*tV< z>oI@?dfUd;y99)bEmt*B|@V;t&EQRhb5W8(#)tkl31(){}kIk0*ew* zfoSzqW+F}RnEcrL|J(Vo@8eQOozY*{(NV{;bR0?ZTxl*pDmVJx=-h{uEUl5n#B1rm zeleWPk0j-hWXaW%~A)4|@QYc=B;OSMj8*sQELR5R_?Xnx#n(Z$i*j04dqC0L5zO?mm< z#o|`R+o6MHk(Rik;RNlj(gn`y;O0oul) zIaJB85rLTyl$V4hc}mJlk^Ig9zY}E307#ILu7s-uMsW_eXXX^G>-KHgb55IhP z?~+aH8r-q!jSc%B&F6YH^x%)@K1n5a9%0c>ewB4^j=35eE{V;5^_mSRj;A(U^XmNA zB@KeNJ#-RMM!B5CDA(23}S~Npc$K|)|cKtDKGh4 z{Vtz4u-reF?kzs(yV4LzmPJkP=0%!Qnq4_aCzni@*t^F?Mx{)FR>XV&@9ENI$hW3y zv_PntAPDPI$BYCpBehtgnvVa}3oO^PP75KGCJGkxJuWpdS~frs?ZvAtz!Ghs|HU$@ zW}$F9NNaEgL{__)9;yaAqDTi`IdI?=e!%1Sx<61m*JiD_JLGWf9XHng9CVY5c=2|1mk3*TvVI~_MAMB#`Vg?WhHaDZ+8 zjU&XPZOP_y91&acPV1#%_ifEluk&l3;3lj6$~K$RVGphyvcvH_+r_A4XBr_Z-?olnpIyM=MxS&fF^|oXq%Q(`^a9!?mXVtnu}!)h)I!8Ju|O?^0%=?( z?nsw42nlL{E*L>>4Ivj%j4%fZhQg3utSDmv=d;cLD`P&#dk!CezbT(}`d9#$jib08 zU_NI)+Z17sS`q=a3|HK^@+6A5QG_iEBrNRF2#+cZyO`f;^eYaJ2VAk=$t1ckgyX!n zE+ycP`knnW%l%FyPrTJ7q`069FwZ(T!z5%KQlfwhi)a6+X%B~*r_t(TA)V+LmI8W< z7X%zZ2&7a~s>DdLlxlqv;DCw7)c*L^$)B8j8+*B~!}x}`+Q|Cad`7m~>uq2XAQLuDeWj80`&oZweVX+P)+#ID)P$8X$bX3j0Nqw-*A(!m z0#t%tNHur?Sh|=erIf&n(rYumX)m)I{cejT)Grne#^{H`FtdOENl?Rk9S-B0Rx8VT z`~gOA<1+euytxF@4xa=%r)VqiA_mvoB2DQCQJU=ZZCz8+LK~ZgX0xpOCm-6>`vOKE zHIViCTn-1DX0;mq9`?b9G!-%mLhgWZr&#%M2)yLDjLj<^j?*4r;40hwCN>WHL-G*o zWHNgt-}wqotn+-9<-MuMaUiPlcWjx6oQ-5`@09bbY?Ikh!^0iC|1qPACXxNNYbviR zuc;}||6*#%7`deil8{I=pS0MC#y%CLB{rCGt=57G_* zZe$z0-s-*geXmG-ZGUB+?s3`oSea$B@%_(@kZSib|E8M(;i_b0BdNM{)!sb?5^ux# zHg4T(DYxyqhlo1X!J`&nSq&3KFrsN8tZ`0`~J-Q+i`NVWR+bkDu{O7DeXzwD>Sab@ow z^MX@n4z>_o^QQMv zVVO$KWCVx>I#o)+{Xub0#z37ejY1^)H6_8LWWB6+xZ=N_B9%YY#gS|I7Fj$r*pJGU zg{4AZvBs60pnt0|j&X1u5MdXfyFk%rTCx8UCm6zVCX!Xo7MboCv#>49607TwrT&cv z4s0|A^8JM9InaIo*OO2u{QT+4nKf6>8M$}Pp3v6=ox2BEE9+sc1H1X&C-0jWU$!YmxLfcuuGpMT z$NB5-W7;P_X&k?A-T98rIpVHKpvE>Wi%-1o$p={3OFMVIWc<rBY&0Pmd$r&AvT=BG!OCEH)6AxFoGX$l zs8gsdfRn$DIh%vNogvMWHvKbg!uDTisnFAa-xkc9Xm80qaCiVjpNHc%>3sg#9%$cV!?A=%4acqt&=^749U$ic=|%tYRM4%si_i<;aE;D6&c-eZD00 z5Tu8+gZA@7hEf6DKrOTbEn=+(YcqcQ;`lLeD)gVu3<*}a4&E(O>#g<1gDn}lPXAdB z|KuE4FJe3B2W35uLsCAc1{RkJCd;0zApOMx{<2x*)C{RS;Ad1@%$RgGc zPy+Na+)p!Um zu3uz2{B6kF}@HmUC zaycpo8x*E1N<#6ESD1x!S4gvXo&G>P4XLq{e=vV>$ap6)=e)sBRM_pdvK{g#D%&h< zoX%4x-c}qg-s>z^f=J~1kl1k26{Tj<+`+4}D>f~f(Wx}KEESqPP+?1LO4;fx_8Kj* zrN-K%I&0O)wv?sTY6(Ovj$}Mt9%7no-7g}`Ko{HJk5&74lT6Y!gmx5X_h*~g{ z7*fE+11c~D>55r1gb*YJ5MnS0DnOT;K#2WX*%uDR)9JXsd_t`;$C#5CZ{~xrIj}lA zYL5S{ro(B8v8Rl4;*?jd$O}~v;qsi=e`VmMfYb>gsfkR4+$UZHMN$C@k+n&o(N-h2 z=K}Xh^ta&j7_iSEeti%**JrqtS?_PjUpylDmU~g|&^vtIfsKQroQ&gb z6X(pCc-x5_89JDD40t(ctm63T(qhb#+zi60J%zU`(6 +|+&Vdls@0SAya!5R?! ziVniRxeJP4Y;H*nR85uKLQ+b)snu%yXP=4xXp%p*V(|Ms+&!Ts<#?NwEy!5pm*V^D z-Dg(@-2T08jZHJMJ;tBX$}KEx30j?M*HUJ5Mb<~Bq@%FJ=7BOwx*lFd+F$0K&xW1pdHaQkd=Bs^f@3fK$p_V zG9Hv2&)O0|T2OPy!GKHF0X#SXs4z0Taeg=3QC~5u`}}#6=S3N37Oi2%(w*yCCSSO< zyLqvN<$urJ`x3fcQz5`fWSUx3WgYwdE#Xz6*&n-Zbw~V+{iC zvns#ZXmMIqg)QTL7MZ;K`UR~kCQXi&)xL25g^ye`E2@RW`phY`J}1GhPoTK=wg^jS zns~aMSW_T9(k1JEf z?H?bX?7T1k`f}^KrDwT)O2xQ#Ilv(aC0M;dm(kt|>3YmubBNSoB<_T?25ll$8=6Rh z5r8U~Rhl9!p)LqJks|QabdX~_-6T^Vh;0oAU$ux&w zujJkfnis{aOi@)^-BSrwuIVv;KOM6ud(XYJ%&#%7$o2=~I|BZyc%;FVOGX}x;4i62 z#nhmr3{_xm8B?8h#BmmRlFiViv2+8B>%c?Q8O1dDL_H+<36jQ)hFz84vhc zn6)AnaW$~B*0cN8Z{ro=Xh3n4xt!ZC<`EwQQ%qwl3*E+A>3#@s3*(qj!l5yPn88L_ z7(_^#A%s8eICk+?(7#06W3w+ENk(Qvq%6VGX~IBf;(<^An=lx=tdS801ZTsp8Wn^&D$b;III8>|cq?v&%ITV+`EV8j&r1NHBD%&}Fg9G&f1 zB@$7x?VS#%Ta^bTS%o@e%vFW1syAZHIppB6k|AF>n>jVk6?IAb!PfQ{9-DjWA@^+k zw_86a>y;LL{@f*Ps-wd0*uFuG`SGFjxHdW15tQ4;rGts;TFz^$6Twqn6uiqAd4|xe zmC7B)$|*i7uS3T40ob)v1O`<>;P*W4}nzfnD?w$^S>~ zHq8}fG)A;rG)l!$Sn7xz$MJu=-DB+&J}N(Yyh}&BbgXe*wD_MM>3?XfKdOym?~iTs z2)vZSPHFm|8s!g_(~Z>}Q`<=FZEAFyLu2!&g7?z$WABgc>)1S#p!guN_B00#_m7Kv zYS!sLUQ&AWozhaJ>4D*T*;S`X4*qrcsxnfbY(R7AGx|D|8$Y*Rmv^}5Qe(2D4-oO12yVqCYaHdH>)ZkV9?A|Af zcMffTg6;RK&;popG4Lj!uXOmXR7p*^CU}#!X0TKlhJgex3ob?Qws>(WOu#fO7KENG zx212(mOf?6@f^$caZnQmJm^z`0R3rNL71-Im3y528}vY6j_f{Hm6JQ6!WmWtg9 zSuIL}$Ac_mlca&eD~G00inpirU`vp-fSRd~Vw+a|c~y>I z9kS{9-|9H>D!q;M4fY$o>YtNO8of^@+A^s>CsArsPVNg)DO-q2ec$LE>}P#^Ad`HO z^*xbF{Rxr|!7B-RS%c_7oc@7wjse z&9euO$5W}etj*s13L9s8%m!=~2pQ=|0jf%lC~@L-#6KQz6HXovb%R zn`vUze(*aadj+Q>r&Be8qz}Sqr7cN%axzJg!2m!GQzeIC9T8xap{TBa&x=BS9f0@; zQnXi$bBtG(XjhzjS=8Fx+G2@bcJ3A05|&HES!29C?D2%#uEYggFSu z66gc+2e}`T#gyxqaGLLcykqOZt-V}|d5y=sF)v%QbE(| zJQgc^&By^?H1yxH$9Oty=T2A6#l5>aCNA$?ylnd9bVwi=6lpE?{YK37cwsd-8d(&k zmDIB*Pb^_F^k3{##MTuoC`-FLJfk+J4AEQZoZ6h47Wl*9Ps+N>jHP8|m*LEGek)Fw zmGL#kw~Adfr_#oUr_#Vw+GGoR1<#hTFNg=qj1TZARYLR0z#joUVm@aeC+r14h{VZA zKxAlRC3Z9p7%uLzqymZ)gGyVjm^5Nhp*5q7F8PNf=uRM`hU$cpbb!S5 zR%OHU$ENpD+T8uDA)W-yTz;@GWOkoe+dhgWL$;%PxBg4sI6Ta ze%s0KVz;~o3C;PB5Hpm;6y4xFeUaC zf&0l8j&}GG9ARoXOVFWd6Clwzlas(8_%&lVr)J4)0=%0zmZa%D1iQdQSdZ?L-$IrK zBjrccQ+#%(rkP_G9`0Hg@>A*|5I1_O>1WW;@fT?5FfcTH7&?Lwbl8Ec#m-+435*$5b$5>rzv_XF+v9zD9cb4RpaM=)FLWJ1^ixm1HFmk zzgd6^(pU_`BgavgIrd=XRG{$2!ldH>F zZcOX@ickCa7tT4b^k-$h3pK~gva;5AswouRHX}im`=|PS!HMJNPaV@GX{1lYdrdC( zsbEHAHXCF_VM#Q%!AxRQmq%G9N-$F{8ngEH3L`!=uB3zfq{jETd|aZENErR%YvxN8bVKsfz~13CUchHa`O3fzesD>u+~Ivd1!`)v{1o;^71x6v7= zQTdljtS(P7DrMh0^+Uszlz*6!;;6n9?54@dh=^IU2c~8va9RV(dySQ}ynp5QUxYL4 z5OKW7zw^VI%zuh!;Ls~dibv>KGPM2>6YAkH{}?<0eZo%|CIndFU0fA5l>jQ>Mbkf~ z;ODKzR^(lK`Y!+8{<8L{8l)^RI$mdl2Vvv*rjDaM=g+I$N+k4 zR%IJTiV`f<(+UqHmZI@nkmUWix0S||WIPL!N#j=-Yq*h?_-b&+|1I^h_egXwv zE&~MXf(J=h=zYmXfv4eU)$WV8pa~|wW)MR*ulH!23~($Pq_%+gaQC*0;~pYOU^o*BZf2S^4CPyV<=&iJ(*|4G<<8h*|(rENCWLnX)nm%SYk z<%bP&sXU6$6Lz@t0Ln+i11N&#fJSo;-J$+fy$Vt~46MT|WEg-jVk+!4jNXpAemE5L3J-%mkzuggkjZoQq^qKQ z;ayx(VIU%SDDkf18Z_%Yk);Y1R3d5;^}?2wNt>~z{D5!r;H!f3g$srg!_8DR({1Mr zXh^4lbPB7(?M=491_VBSs`~w=ibytcag*`BfOO;iri+oUXks=b&0EZ7E&^NOmhnD& z6Hi=*+aEVx65iG=AIBq?;r@dU7VoeYx?{XFe5Z78BOV2kLs)Ran$h%>Au7F;){_0L zX}SO!)o&8&d^|bG92q8$_?LW8p9BIp__)tzbG_!W*$@)s>n;q*a4BeZ@zjaGJn!-c zoX*f#>n;G zs$)-spz5eQfr;%E)YR9`yXBViHcidtrf#AX`VaK~eRZkOp&ztjl-Hv$rgK;)#Vg`G^N9=rDqatUz*Qn2|s#h#rA-CCf7yo4_|k zlS~;P2rU;(Q$Q_|rEC|_lQ2Ogb2SBjP?~di(nLOIy!N}DSoCGViZy{fO#f~ezqqYic~5t&8gQeY@6&?X4+aZSN-IX?FpY- zwx*M|v^Q*By=$xB^RR9pH*>>6R3aZenhtaKf{l1UAl-CW2sl+>@Nl|HAzjjlW^G8C zcxG?!nGyQ-x($5{RHtv7vcUGd7An+sQH z$U(o+xGOpMW5p#3l9NiqNJJ9yaQJZo*u`AXL^Ojb1DpWIX}C|;32iuswcNosrkXKf zroM6TW9%OG3cDx&Of+!)m!oyjoo5H+O9T6ibpBl@L%rZ*|)ZBxaR8= zbmr^VY}oeJOMm?V< zPdPlTW=LlN^4noS*9sdQ-`I90shuW80#XCT%ofL+g-0pL`2FC8V19&h=I-3#)&qcW2a}_UB}J|1U}AQV9s+_wb^`XBvBQYJ;{e} zW@Q%EA4tzWU~K!%{8!i|*If1KY3Kjjr0?A^t$!2s(=hmDBi;Oq&Y#OW4xj6pjcON6 z|HYo_p6Wj{k9V!d0lyku{K3wJp{kaa1>**2=NdS! zYVhMDeRgbP$I8~8=I++X6;ldD$Q!!o>PJO}qzQ{U8_Hr$mGv{Gt~hVUOtX$L7mH6R z)vKR5qkV3Dr4W-0x}f&%huXWJF8_2ojL!nhG42N@r4SDcS?ob_$Kq#jt5Ax^&dI@V(g! zUNDYNobIhqWR=^tcW!iz8-~QbC&zkdwm7?Y#`DzhfyupB=ii$fKBpp>UqIebaA1%%QuJNcb z*Ld{1AkQIo7~i?HsiA3U=Xf(q!H39Y+ssj5qLCc$&wbB${+VZ3_xD5zKy50dC?R5m z@C3hTq-g15G;kQll~Pc9Qi+j#I0=yj`HmO3%7TvSUJ}@zEDe6?iK2A(34g}V-++|A z!cRv3ROiru_N4r0A#*N~9}H{nG!g`x@@A@hSQ^ZKfjX$Jj32d|f@#!_I!)Rrr{tjZ z2PPZ(y5VXd)SLtpb_|&gIA_?gV=U*6s$h!>QrF71JEDf337mC@}GvhFHx|zPzq=A z7}Qm=TLsfnpkG1nwUec>*&!uN44@gcL;j%%-tohD*@?HDW%5A+nn5X&@^~uv7k?-~ zNb;1s9E#4AFGf8lQ=^a9LaLWHe7 zU}h{_L&Zr^>UOO@kzKuO*J_3%?_0e~?#qk3+)r0yyHG=6PFG+J`K1Qb1Y~CJ%QTy& z)jJD9^p7Aquo?v;L|m?@UtdveJl*(-?i2krnQFEeDJ5HzF%Av(uQ@W+_&1dmUL3>A z=T_GmTU+Kts;X<*KAhR)zVqiATQ$Y2lr)B9ITG*Jgl!G1T>wPH4FLBF=@+&o0y7fn z0Lpkj1dCW&rD|Hr7SyuJuUaWsSc%pa>s9D$@c{k-cd@K4$^E3|6ZoA_b{wEPN>dD2 zHRTLKFMP@hN3^~ruLr4LXdG$>Pz~iQgr{gvcY?wV(wxCQhJHaPtj!d1Jckj$PnG^I z0T|5;IZtu?ho!M}A_t6jJSXS!sEp-KrLCT_LO^3=>2jc=_ISg`>PAN!% zVK5F14Z4y}U}w6(v83C^0uO>SO`lmleb&^~E3Q><`t6yOtHx(8oL3ogMuMAWZoMZ` zcHbAad}rVKiQtVJVD2F7nq=5@$PbrW>lUV*-Pf+D^y^#KHg{Y(m6h`a+gui9+ETVs zUNdL=Ck`$5SUz#pLu#xQn*Jx@YlBT=Jx1nkN*av>XSR=%w!SVoAt-K3De|U)0x8=Xw_& zwg+ArJV5b3m0TgV-{9-yJBP^|{7yE1ot9gWIWECC2eQk|0{*3_Z%sGR19cr15$e4cY@OF>(-tp3car=xOvn~D)cf(UI2)38U96^w9@59ljQ2C%5#t0)c?5$HI3iEk4Kn_dC5Uiqh3lxY1ItDLa%Fuk-$YwtOLs(U2g* z0l=`G0yU0=arf74epXgnKVgQ==FqFQ>nr_^OUIYFZ6CJ<&($p-tFYQ!i$dd4Wz1_I zE^4{)lavoeWM^=!naC>m0GE6t% z1AZQE&8g?J>0Y?fEg$_?o+9`q9DJjog_A;Vl(X#z)r8@Nn>lT?I=fa2X^Vd_;% zxJo0qC8y=IRvV)gn*gi=DN~4`=ZtUs``Ih6doa-~+x;9wJ6C0msR>VI(01LO&#_tT z1~!X#-g%uZSm{Zqa0Z00B8mkZ&4~xETY0u|?0b`|9%Xe~uiqWM>41E@@u#=;c+RP_ zg7bt6k*4S}Hr7-ySywjqC);m-YtNqio*h4)TUM70rZk3|il*tZ%fobQ-8r6J%F5-d zkM3T$V9u+ds6T%jbo{~5a{py0vBi%-#9ZQ6k3H>w# zz2Jh`aZ=`!zJ}yz8MywELvT}TQ zg8I{2uIX2+YJHi2JJy(+Xib4S{oEai^LoE=?beVnKnR!l66+^VEDNU^(=E$)&z|t~ zhJ#O1)hV89SvdIzQ`W7CT>Y`e@JzKimZ?qn@;Oa+TfBVUrz2IKdGlk+3Li( z^W%wyGlHS@3vYk)jK;bJ8J^25D7$4rru>>+4awf$YTSj3t zi~?=I7!Dc}U@hIH3Yw=%B^N&)CP7y!Lw>A84AD>t>_b+g_#ZC{Pf0FGid;Q7Jfg$H z)fjUJGQQd>b=`{GEkA|P)A-7yGZyot>l5S3Q%ZZNK3NvQc(UH+MY)3;o}N%!yL)*{ zx~9%v=ASTSeZqK0j9DzSHTV1_TlRgPb;>F0L`6(S%8+VTGw;;$SzuX#57B#b-X3 zLjYypX<{qOpIdU>ye3b}!Wq#}C^}GPcbxWT5M*d|!{<)_pz_RaDp_dEo#by`- z$yg_4iN^{-ygV|~m|*il!9;a3uaXPYE9`NK0AXs!cn;oIZbXqH!iXYD6|yA#U@@Q| zuVz!^K7W3IOdhj>Dd{JbS*%xy1tU(=Tpc#xlv&fAhe(Dix}7(JX&fL0R?K9CSqx-% zexP8pE?`{-b(JLTN_&g97FbX0*rrB+EGTO9mP~C(h87Qy+tNHLS_$zNZ~x&B@3Yxk z=gpbKrp)E@{;+??ZS(jaWcd%eyK~%D_DU()xs!kO)z+CaTU%z$8vHc7^TCI=t?$n7 zW4ltm+KCVGt4b+N!qJkF!&z^( z-{q3Y;~CO-G1+Jjp-|w_G{rR-ONf)52Bv=47`bTwN##K542uYgy2lagV=fv%6J}ag zoAJ|fnA@lGTTLA#-}f}8kc<|2uL&VC$YxQnXk|>Q5ud!&KpF9zP({*nq>2=6$6P}Y zDP_?Ov4X%Lj)p<&aGzQs4#L#7p%cLK4G6Uk)Fv*4lv9BqyXw$(a$pxQ%S2Bg(KBJT za1B&GRJ*4FMb<*@7Q>Ls`%TETm|!h%a!&Bh8o04}7QyQcS2bDXvn1ekw!mTk7EX0yUS z+`3b7W7qI>;^PNwhwr`AzSODRcoi$pP4)(x-p$P?}hU`nJX*DCC{wS zu3a^$&KjK1Jw5E75(or6nnTw^jW(OJYwipRU=a!p2+MLHzpq&xb_;$Phpt6beLS?c zx+<&ny3G#Zt9_e8Q$mXBf%&|h%Qj1y%;hf<+TfO;_b+SD(8}7*yydKG&RTVawXUoz z60yh5uwJnW7j9nMR;DFDwKmqr>J-`Pa>3WNBOFeRcf#j4b+a4_%O>Lq&J(&)Az$jp zf_Iziy%?9Tcpe>-s)`~Gw6z1az_i7OHKuVe9|g1!aP zOtQ!vk|=l?>qp2w)?aOI;pP#Nc<53Kp|R)Ag{rl;uDBy0bQ$Z16=1dsphoK+u|kJ{ zLnk6u2li9);l?5Wlo0O;ViyWg*j~Xu8>H z^=p>JV*vYrSak!9ebwt-Z-&5R2C{*TR!RaNzYt-)6cf& z_6>gGy6;c=Z3nK+TOTS<%*&m<=)rI8?EJ%Ie@|e^d>dC3D*{XM7slOQQ58KS0uTSB zk69;#%R+4v=l%CzZmR3653d+k8LCd4@pBfq{R!h6C)&qVR$e}@?3{4jqxF~n?8sNA zPno)Cf^Gfs@XD~w>$Qcnx`${?7#&0$189taqtJT{gh{1AJ&70v;1KCU668ribX^t3 zhQ^1I3|>BFcq~f71v?Crh=4t~e$DENmTdK6>$-(G<1c4UsFkbiKE0)*xqL;1OZU~< zQ!%$(>6$cSl1&e?p6~48HLeP)ucNs$;Hqp;$|ueC&(>sCSFxhJxuZq**{kH*31>2I zZs9uX;_7Tm#p*TdgZ2Qtp8T^Xl`9REu0UsVhtFE!s^NRS)5C(g4RyOJWp^xPuk}H0 zV&Z(!Pt!Jj^xkxm1Deu1;s>(kH$~4F+GbR#xW|y+PhZh12n$xgml>x-6ZWhSkhO=I z|3d?oD`661FCVwY?{jU?pULJ}C45vYoSRng|# zEdTpMXLqt>+Axj`NkcDx{$BMx)}xk&bvsSDXX zCw^?2{GjV5eiHOf5*c%Mr_C9HG!Yb#oEt`X4BR zL&i7WD2KIEMD1gVE3UkiI}z3+dRHXL9AAP#>-9e`uMPMjGSk?9J^PJUnMZip8sCiu zg7NY<*sKswl;2wE^Ez+6@(Sa%$0`DW+VY>XTUh0noGe*>7nlv_tKWFmh|^e-fD|X9 z9jXzj2;4%kFGc+n+;Tuzk8letE;pH>i%YOkNu*cBGroKL_-=+D{vIiH_&w3AeDWcs z%r*F~t4vY8XpXe!yWZ99va5Zy_q!gpmYym69W4echN_*t&3^0jdY$?4UVqB4?X3juAaWchB-l(S+N z&&yw}28{P7to-=1A742^=|@MhSYSpLTK}czOilmkc?&GmEYJTbJ@uTWPsh%h;_=M8 zm`z~gc%bFdbC3C4-oB!pwPyNgSWr?nR{2G z{cPy(LpwB!x<~Lga770JPsi~@n}Ir^GleIoBU#6r$99OXiD4i^Jo6Za!6Pvc^faDV zd-qn^9CgoS9MzTe&rYz_JM`+nt+z%S>TMIAt*@+hWS*;Y*sAu9DOF#2>#ddbqs#Ez zn8$dC9<$evRNfFBU3I<9QGNUERd(B`GA2JK;7W(gVZ&H?q%g`O_Y?EKDPaRGRw|Dy z%GgX%>3BKb*(S$*|6R(HOANCuxSwK)y;86q#k7&c7 zYg6PVLK|^h9HG}I8W#pHQ0(`{Vztvd>nb@!({t-wWz6pj1ub*V#fatmn-?Lh;Q~`S zsjOYG{DtS)2EmOyxgcWBNT$VMyBpU+N9Z!X)&S+egnG{$ETiRjqWLfO2rP-{>?@-*y%z`Pi zKCw^jxhNEz)OGNZiw}0r+_}3p+qE>7g*$*`O9#WF z>4ba<_hMAVSkhvl|6+R+!fq1d6nEJswZIjCd?9yAA!LC12)Q3uG^;5T(`}?=GHNDEkw~%X7MZ_ac%){Ey`)Yww7e- z%367<7~1?y6I8484+qr(U}M-!K3dSD)q*l2A}HS8R&d|bHFy~^iqKD2fSgMG3(20? zupRcpcMq}m55R+O72Aj;5{KFQ z<^-JC*)Mn*u9W%?KvF}21xel37RHxKx?t3yrP2Y|`e@{BBbZ&{d{bD>C=5ZM-j+(Y zh+8_ue!&p!5OfQ1`=FTskkF0-BPA+{A5>hZme+<*cY7OzS|LPa6(zKA$^{0RrE93l zHl$Du2|y^cpBB=I?_^3AcyBDc}_p;dmGc$W7WqdK)2JJcftcfl~A^ z&Im>!1TL_72~n^_A!C6Y6q_DPL(zjikPN1lf~}AwhK_`p+E7)yc`pnmHv~UmEe(o8W#$c2Xelv|;b;;BkYBb#;Ye#XFgJgv-3|?EB#)!@-xs6zIo z-jwNR3H1dnLtI7t@iAT?@=Wg5xC*_o$Caw_@-T!DGI!XS2D@gP4S^5coXN7PS@022 z4V$ZMm)#zlW|ei7xdXDL6=$6}qlz4nRbA&yQxPiBujtmWrY6ecnx;D-O0_bFF4wwM zr((7FRhMjaSXJ5Kw%C~0V_{a+Vv(aZe}!Iw2%L7Clf#hOX~P>;)gtRLn^NXg6@|$# ztZtfsmiT;A%*fofs$1tQxmN1j9&eUZW%S78LRhM4Lq8F^o)a)ZDtt)iSwU zmC-ZR#_bl}f*6R5xpnx2xx7jcU#4XkZYw0zsuj{|wOZD>tc18%mVHi}M|N0cFL#H$ zhmYJN`(+>W^j43|ZHisfX{tC2x>bi2!Av<8lPbHdF2%_)cQEc$WZhrEAzO!O!5DOB ze3yBd&B1hwrdj+v!~hl{=5Yd~IELO@CaZRe+)nip;O>=0n3nRJsPMt9i zx?pEfuYx&qVH#O1tuV(KvRsFl&UUM&)@oW5A5C)6Gd$2xuBbsp#@qCuC&aaifX$N7 zbf<p8wz${B-7w04J^;`tTQ$2A`s@my4C52btm?8salpNH-2%;s>_gx+)uQ-4R=mlM zuYg1HZP5|#6{D(Jm|cN}0uBm|Hat$lj z&aE;&Dvmj^H9M=leEK>O*BDAp7ZHHP1HlZZ@M2L3K zsT3kq4Tgoi6EjIG{+ayQlP`2vIHcaAUufIySFJMEV;!1;&&dawLSJ2Q~H45fpPMOMioq3YgZrII=fSmm&Te zG0ov~A_-eh#3e6=iUVD1eru^&y%yh3@{0&@ur4+H^bsXhYEXWO?;{}$hzJfR`6KL2 z_BOsFgQ0*9iN-_B9N8{n#zv0;DKSZFgfLY>#E64HjrcOboE40AVG|%3k^<=&eTSM< z*$iU7UZ};T4mFf+ zXvIbb<2Q3oNTNXAHQ*IVGD2SiA;%hG9mPk0Xue3UU=L+paP(P
6YuX1v{q9=vI}{pN+P4FW!CI?#11< z!e^rg&DeJG*#!$zIlg7-?u#E=qIS=ivSWdEooPVGbLzEA7O}Mrjp1bF?RnQ}J~6E} z3%gUJy6~mx{3DB&T&r%oy)qeYY+xJ3O#(kz@(kUrZGoL;93B^!U=)aD0V`YuE)P@N zB$K(Z2=oEUrEn8eVc}YP(Zog$w@IcqyNPGgcor!NaUlHlA!i|exSFX?M_+~sX_Xwa z`}K}GcX`B7EytrrD(dT^_eS&6qer53>B@Vf(U&Xg$Ci?BJnPURjs68fEJ0j)ox(?lMM;f-SKdOlAkMchv5v|xCO`}jn_2@$R*N-mSzwE3Z zE!%PJ+2@>tnn!18U0|)|fLkjtMuPK)%0L*40*xxvH>8( zX&o=nps<}+Ssd}hp(hEdf9sgF@kDOptPb`!tRK_v0|I{IE#oNv594Scch0#t-gvHD z&h9dCv~k5uV;TE=b&}m>T#*!A8G0Y`d>QymmljE@rH#@KX}7cww@8W$OBuvZCmAEH zZme+-=b%9;Bfi*x-jZc3s8+f}=cY(lhn)tx9njL0a{-UQ zoEZ^IPzlwHKRlI&mXZj3SRb%_k*nt8z|{*Ogy%nMDCjyl&a9du}^> zrCndQbl3i6Gp){@JDt{<%l7YDx=vT?8_(Kv&#q z%0QyllLg6lOSi%%PFQ$HX8EG!*Y@0*Szhh5&YNd-Rxi)o*)!$R^qI?B?_4-xB2&8A zEfziNsZ9j-HtcGdlAuF=O3SW>ggEfN$@WCRGCm@EKo+t8j`3{PSaL1<9YD9EM!ZHM3W+1Wp@aAbEXnZaMI%f-|KX&Ft8~69f zmT60~%cteP5vi$6m9qz7RPC@C7frhol6pSt!UwiJe4%W)>XVQB=8F7dHiu`bji0~p zz{X2@2LCo~d3NbEKC3KM8LKcZ!o4mVdk_-+D^b}x+QSRBIx^PoL}`}!jSL1`I0P*P z2RJ+@_`*#=eGL1!qA0=i<0LQoVI>;oD@;^cPL|*klFJ2b#vg1G+@@A8hvAknO$Y)x z95R`{VqW;RXCFSD!OEg_L9y)dBret zYL3v{adD({zev%6y?Lr6Esmjn(3)Av)Ul=E2?~m)=mq90?9h;lk7`{}3pe)q$&s1K zF{1FN9xc_j9XHjAqc4^gcv(Eg?iQzfAB^J6xs-o5_6i$`PK{|npWL+W)xW_atW)X% z*1lA_4(LFv8XDbvzQ z)TXAVVd**c{z-#y{pKYbyC+SYRM~h*#4<7A_e}R}WDC!4>Ey-%ZG3n4_{#F8+Ox{e zpFHovnM-G}8`VFV7CNiTE2L7_c>=&MzfX<+l+c2 z*V`A z?~!cTNq~F*_y0kBmd<$R^FH(U^phXp7u*|=J(KGjd--Kds@^$qv(aRg&GW6*b&D_B z*3mw3;#-q?nxcPWx9P_C#zv=hb$0FEHs_jgHa*FWYi;>9IZ|HQ*4&wxKC`@XPN4u8 zGS$P->P$q+&sq9-@)DQ1DAu*R#TkT5c~j%k=BCA+?d@&uid_FmO}uXNnue-K#aO4u zS8O-yt(Hw=^JCF6p>SGEKQ3D2@dg7etsV0_^T4NM=)x+pI=P_nBD$;Ask%Yu^Pt)~ zkY=yP=gO+BT4VCNL6ZS^ub~DSG#*sLn~LuD5(aOkbDrEMOsH)T|YLe z7cIe-+5?3P=kCaF%x6MNq6N8tm{nUIX)+{5?o+||B6rI?Y=^MDhlRu1x`*EnWl8^vaXefW?b(*7~oTKXQ7Y+c|;p_ z?a-kzd?*gV4mz{0W*wgXhOC#dS=kvni4F%(-j>F6a6ul3K#x&FsI+lb#Qmm8@FAzp z0v7cVrGSy(414K2EV>a$WhKrNCtx>t-szOJv_J9U%9Z)~_+uA8`)o@K{>0y>ucW?} zJ`jJvpM9&Ip2ef}^sMvw>-lr}E0sb1T+6em<>@Oze)<5zPDvy7@oQ!dYl|3s zvB)~)84A_|n2;2U(2@y{YTAMUQw2XTGHvh?rg)XKS|S}Vt-QpN-?A89; z;*gQQ1pPrhX0ZA&n^{6%@2w0L;w6DT@C2wIj&bys_D3D0gpYz3@MKcKz|%^-o-~ zw6tqxz8=^IT1U<6_uqW~RU2EUS@luG54J7LS>=#kQ8HQ0=WvTo=eD0J zUfA2zz31}wo^OTBA>CN$^;^%n`R%*+fA`}>t&yEe3aTe=ThLjhET6n_DZBVD+y^YX zZa}*j;`=kTbE?U;(v_pDupxX&<+y1Ubys6>Q>6=hhBD9kmdF1*dG`|=dLG|%R_W}S z7LR0k%H<-B!Otqc4s{f;Mz|I5VbUbMLIp?D*U|8f2u7j};8-hJ7` zwYP_4qqWT8bG0o#^449K-uJgfErmN56;w^wI&W%~vU2sUL&3Zx*Ce@Z%Ll1u9;by| z)`k_He2PiH)QQwVWR^j1zitXs=mdb;m;P=ms~4*2>4A=Gm@k38h?%QSReOqnb`hAk@KZMmg2u zWEfLN3)Wt0HkaCLTHtf<-dg|Wo9l)5iYB#pC1;&A@1pJVx?85qIao2*S&|r2R3-iR#<{oF zPfRQxf6ZA_w@+zKw1tD?);3+fXKp;)yryE^y1BK3HwS8$x8;mQV#5maSV6EBHJ;r( zd1G^)xM|aGf4k{zlF_*CMuRMdx$uo8X_==-g-VJ7nu_4OjUk2+h7rXOCPY+@LWGbU ztA6yVM^XC8Z8y#=v5@YyWai!@duNuYJE3I5k%1)9CMkL3L#Uxa%VGf?wk+Ar`mXAV zx|RO-uQ_z_tXUTyQg=!T@;BoFg>S{gK$0GzyhI>kpkXY5>{v-ewZK16jcHTCDS)n| zB;WynO)P+bc6B47$cs8LvI}}C4Q5S>+FEgAs@HB<`WC{VwBVzA0`nn-bP4AoU$!dwyv?1hASSK`J-FGbeMbr*x zLu7|m%lH+2hkjSvGt+mRM~954(F6$fWSH1_eTYvMng#A35UnSOG7VgL5UC3lZ;X6n ziKIgLpo86jj0t7q*oG^{O*y}Yv6}OzjQcK|I<9nOr*h>oC1}n<@8ASRpnIzE5nK7^sT*fn{SFiidYUw)V$vF$hFYuU@Cm|ZKPFMq{tQ-HpYvOf-Vet>Fx^v~q&S~eIGx)pI z3xad~u1PidHK|{*>)5Ab#~uoeZ7ldxy6w|z5IkDJH&EDj5!9Qc$0p4rEi62FB}~>M zO(6s%D0#J-i(XOQyZu4s=jZB}{wkx*uIqerSI-X*&Y5%YhdnDFn|xK4)nngA=DOi_ zmivmB3%K0(Ub*P{1I8TvL4#mi(SzGx!&6fx9?Y_CT)Jj6Kysl(gPrfM@~;WoDxATP z1$if(DF8u0%3&=|Ytj&aBa3 zrj#^!8>4m6P0=VL>tQLwx2!Oo;C*&u4DU914F*z07F+ODQxM;WO;+*<_zb>v>a8f% zX>Q$nQd5e$#EH`df5GPl>4YdlELnfx6qsRjGkfN$uYffO@uTDugGDlyv7~11$aoDh zJKB$8xEz`6@{IhGr*B{;b@%Tz+F*5sZcWQ_ySwYwgKm47u#*3hdXevh^nF)Gm6<1~Q(7ndM|`@ink(0xv%Ft@C3*7R>O;~jUTzD4*9$G-x_L2mk5=ndCO$(~2n z&b_6valYGCV6^r;^3o$8T=loFfOHu6{HxI%c3<#1Y}JD&HR2U=lB`LTdmB?6^u57F zk@qm*xQGel<|;7?+92+9no{ps@+8E-NzW-8B)!w(lz%4q?QAMij6A@ufe(ZDbGLtB zca9+E+Qs5E%w+S6? zr?hI2V;A!v9v4e6fO32=qxMNDnSRM~kfArLY{Kw=)JQ zU_PUtJT_Vjz?h+SGc>DceyLZTgr2CDy5d@ z@^wqDfAT+{yncy@MsQgws`0kajM}Le&n_>Yeeu*avrT2DZ(e`>H?f<&=C-X>GqzXf z)<=WEXlg_YCw%)etfvpoJY<+;!|6Y!98{n}zT=mbD z9o*gq)&O%9-tE<1I|&+S8Qx{8)rL4j6*kRsqSs|Ho0T6UC1rxAr0hm|Nfq$&L@yOv z?p84_SvP8de@5JgB$n91%Ha~i8Bj`Y^MJk%NR`w_AR$~vOCmZ4I1`9NMqEe6N`?u; z?R}Jpkmgvp@btEK8Jfm^{^EX0df81$FIO0aj79#M^T{HAI}@9ytbj#+-@QUNa*=dX zsTEWUnKpY-trg}sxt)IBI}Q03*y+D_2zL4zZ3SefA5}&)oth#Ma5zK0$}m!5e0@n7 z=`(1BJB?X|{gN{FqVc*7xZi9B&~-1BmUX+7kIqm?6p_nOJg!%#Sq#0vkkw0VI~uNH z161lk-lQ+qBvc<{oG zy+^h$wbgdK=w96l?6R)b)$SMD3VM19+7d@LEXgaOSzeO2gb+H0&pLJ$8YdLgmbh$7 zw;$OH+w@P~eHUnJXba+dlIga9jx)o*0f0y6a07(86*gMF-c z24e5rO_#<^LF*9mH~uBsR(h13N8f$-=mGby4{`X8{37suPUSqV;XLfbNm0H4$0^OB zU%LiLb`Zm3WLUyW2i*!4}J4^UzY zxi6K(v>5!1CV^cftX7fzhn|)C_+= zEZ8Xxfg5MwZIB|VpKLj)1Z{_}!d!d+{wM=U8irbo)8gC?<;pxW8)rV@l)xvj-V+)T zv^;J3>>aj%p2X|<+pwXC^K_q`&ffNr=0}=WHGj~20uIUs52SL22;hdgeE5jCy#y^| z*uYVC=vd4;&c1%8FR;n8Z;es}G0Fx4VA+hbxRLu2XLq|gu%(|8u z{`t#~{3$_q6Tk}k|844p@AeHS7M*)cGlg^ z8SXyX^5gR1=|k9As9JvvOh+P(H=)|6TQsXiTByl4RhMDsT)g|zeTd#v9Y&flPBOg- zrkpR&DsRHKDtCt-Rqfa5t`$`Mo$?~=*H-;Ah!oO*1)IL%MR4of&7hywnV~~OjtBZO zHti&lfq?6IS0d1>T53$fc*#R1x+SjiOPKocodb2Ksu3xy2AJGV;JU zO>I8@QYI1{8pEGPmz0v+QlYglT|{NUOT{{v<#draSsm-*bq!>_t%KVTuGYbX0T1O; z#%g>rAU50Lx}bEhx$T#f6}kVzMu7ma2339s0o=#h}TW~=xCwu0G}5Ig{UDu%GjfNp9;V z{tG$jGxUe79odwKxGr@R(*Pz;Hp84j`k*LNMcwgZn((+Z5?-he_CZviQf<(lOm-9| zqV!=e{>QMj8mMMzd1<&@s!C_5NJE}j=^~+U>ckpdE~QT`8+`-cQcH!;k1UyxKv~pM zjebCA8d)#_eD+N7zoZ&)abrlL#q=LCOCmhMturv`bQgu~#%e$$Diw&ydjkj6Mx(Ne zUBwQb_VO`)1HTa)^_E@AF7>%nF7x)Xpj^MmluNZIa{nLXoZ$%`eJB^1Zbw}d=24l{ z&s~Kt@NcmV40HS(fV z^HsG@7n&NAy@7;xC`V(8T(T0l9?5J6oT zxTl%IyrFk~?Lly+-sbO|$t+ThNd1a(@>%fpI*^@vraobsnXDY|q&}g#r)SpJXne8! z49%(1Hy&eU<8f^uA)pbQzk=-{ZOeC)ABsxT5M|8)chak{PUEtC!C3@tg4^~}{h<&k zK?1Q*DAi9!W-V;gLP*5VNH;>aiZjVgFFL2yLPW>f(iK}iQNm4#YRkmhC9#B(?8p7} zAjV}#DVKXeU%gZ|T;ydX7LXSX%%EId3!?0^Dy+9=8pC7>I7qE*Exm0R>W#cE#>t1-EN(UN`YM-B_ilY*=Pcz$ElIIz#}$P?@nd(yDN3s|^=B z9gD)glWqYEwFVp^hH?7VaxGK8s!<-K!iq1CaAxGbF`|a+O?;}y{+Yfm@Fr+xBROL5 z!LM=bD9uTzQ8m;X0=9kB1ifr5bUd)XkWHp`#tIHG^(pE2)B1jKW+)UI@ zXbX)dWM%ez7DB>nZk!Ai0rL?SKJiB7*ObeaXS6*fW3SYkl^pknr+_FxcavVzDdvsq zZqn;ln?OQ6X*XyICSVLM$^Db%yIyZasMUgtia*CIcca2|bSHUvoMhgV-o2#WIl>nLX*yN&Q;w z&0HD1SMT7q39n$CjsyhLHwdkq<4#@8cT$R{B-k*0ux0sy<;xF9pQ^vU2nFnxUSZ#X zWt3fV*@0(}j{&(0l>fuIb3rwvr>>T!u6cwX4`Br=IMx5k4qxCrPsb6V%O=Fmp?=Fs8O2hSgK>y!tl+){e} z!NkhLm(RU#?&XJ9Ci+`rSKRR9Bg%_shH%@J!J18XZ@l5I8xO3%dt*)TO4idg zzoTRR$j!wU+~+ZwJojC&c>nZrtF?Ukex`r*;+b1oA_lE%Oxx-SyI=e0=-kCS*3OnuHNyF`ALE7q})_D3DyGsZ0NwU-l~cawJQcwdS1BU zcZqzTBuk;N1k?zp8gi#X#oC~E&P?qL_@TyLA%v`gJzoIjA4-i&{wL=}f3EyIs`m$S zD)l*6+;>Heer&a0G4gpWKupI!Hht{_A1Q+$J+KygCVlk4`=jtN*vl8*c;kh50bbL! zYE@Uj53jOU`Sj*5n4VJTF?u}x8j$Pd%F$P{=I!b0=H+mQSUTW_Odc0Bb^aT5)BCH( zrfXH16Y%S)u1dpyuWmItmG(@v^!myiR8=tiPwQrag@8~RVC6?OXpnLJ*VnI7G8RZd z#zTa1GN8o%do@vwg6#4CR^d561D%2$ZX>~%^k##5}(nBu2Q{H^D@9;Z^``%PwIet@2zRCJdd4?We$19cg@Oo2Oth@;< zhB9^^1N{MqivPG?glKUD{4=eUYlH>p8c)tV^{=+o(02^Ij*BJxyWKP%sg?Y9+tFs+wm`H@3-S$ z`V98uK`@MBw>>rVJHKuC_7SI<%Zf&Q8$h_!-!=5wE%g2`k~(N)z5tpYl5%0ow(vVX z&Dy52Pt;>2`%?NOy<_T6cK!mp(o41Y)J`$FgGu_M4~ev;?jyWW6ae(xi#&V_(N|3~f+U*MPu;9*9X4b#@aOavjJ4{{GpEUJ`TgWO&-F@zxQ$@{OGJAUL;#(ZU zyD(m1Ky#3H7(ydG-kNIsh(-cF_Wze=5fhKU`0}F2CJ$bNcgtxLIj@YDalLfV6V8eq>EH zNs{>craFW6xI@tWaH;;;687=`tRW#sk(|Qy2SpTLc8U_o>&8?}%c!blLg?gLlF>RD zsT?UQFeaQ<5d=&aLpqSrN+V-HDd)G)MjgZDC$H1Zll~69KoMoz;kitQV%xaR&Fcnm z6CtVtu%QiB(|q8+oTiwK1-#BdruA&;LDyOsthU;9U z@QKgxutV}$WRrT3>N$Po(y}Gy)x&=@M<~51@z$Lq?_swczn?unnGk4*MaPC5 z!6zx(D2iid)6IMKG@2buA7F>>nKIilFzP<#MDCA|QJ)AWzc_hJdxhMO=+R=-p&V^5 zI()K-9J4Nta~mZuPdIrp@K{k7Ic~Y+d?ww+m~#8X{G-jRt;NhfQ*K%)dwmX{GF};v zomXC{+!%6}vwywo&dc?@i`3vwq5VXyv4u?>Y%REtt(wT{ly52KaMb*_znP<9_D{Al z)S&BRKOHkh8P};J4uPFa!PjO#SR*eVt(@LLMGPT=_*V+wV)BKlq@!3idV{GxZ^YD-^xpi{Yz4x)A~VBpfkezXOg14SVj+f%OLb zFz0?zYb{lne7<%9xirCM7cloWb4^mJ4y-zc5M-hJW|NFHD15 ze}lj7zTtbsZY zE~p3>_ZrA+gvdWGV1LLh@?k-YyK z;0EdiQdmq4H^to3k+TVb!q8v=f_v60xE!2*wM-hyp^vgBPil-7vkAU?8tT4YHLp{D zR>ZI@s6au=BOcEu%n_U$1i+B;u`}XfUGq~nf1-Sn1|4EfTvHxS;|j4^9^u-o*QEZT zzM9>9Qe*NDeUKSWYWP?{z$%7BO;%8JKTk2$djVk!vDu!8Q~5Z^R0tyG`ox1zEfkhJ znKKPbqM(DFV5KL`ewoMB6y=b|QnbAoTgc(fIj>wG_msl*Pw1;LPUPH>bl<)f|MtC^`bW3YR;~TZADF{Y)33^yGSAXxX@~jS_p~09S|6 z+xoc7fepiDew^xyNo)H^5}^&1;T&uVPzKTm6DK|5BQC^#P?_RljF*HAYs0V4&t-8s zjk8=9CF^XIh5G5;w2`za4IPWLhzmQWxgH5H{b88^MDsqCV#u z#`Zk*lJH?l5vAH$XU(c@9#d0c^{x*@=dC~Q%Bty$XEcZ(+e_VPm6KMjo+f=omEL|OSk6wZ(Zu!bO&xKnkZ^Jk z@)lehvD!fA93{VXFR5Pm2*5H5a)f~=CRrB{^d8oJW;5jsCSy%0O>Dd!$0CkJ9485O zN2)8Fo;#>18&inAggpiq*06UtUO*2{Fwi)vID8Xy9zbD%#Rth74mhV|LY(E`skq{W zbq>M~A>0rO)m7DbC^8M>M4MbPdrW6}NA$c9^O_1T>8WU)9~l$b zG-v+#`O*A}XxEA(hN!^;#7&_fDjr$U6|KPa^A~h&!d>%Q6CYGEfXMnIW#!&+Rb8cX zm$E13&`%e~Z;8ubHH>xRq8;U(V`eW|I=8f|YMi&cEaDd=V2CnFGwRWFNygQIw2b%~ zrvWFE60Iq5vVUX#X>=6np-w}Z{&g`8(E+ZG*M!o?voaB@)?*P+p~3VBKe;?R-~V?lV`QMk0%qmP(v4TWV$ z>y?|2A84rWK4%lstl+{a_1SYCFt?3!kuHl^-?>KRqSOt?53IdMn7wA*X0-x!LcVfy z^1yLdcMZVh)N9#QwR9*(JQ<)@&>nA~8lF$%p7e7v$*5Y)WbWGlT7xiKK)+&vMWkTb z8Yd-`#IEIk?Q36k)sDS&c5|-TUblD0Rjb-nCl?`sOgGn!pZ1jaa7wfA{{0uv?F{Gu zn;Ynyd-4AJ7pjC1-ywYKD&~8OVtwS)pJXgF%p~J6wUDsE>t6EK~>eJJjG6$1}pNP6HjG%mq!h%$xdXtOa zF#{J@R1zlZNzLZ#)x~bls!;QmDXnhFQEa#P9A??oIAMKb4(t+ER$(=o}XwWUE_Jxm1??Lb>VDu5RTryRly~B*1^WS5xthr2k!gg2Eoxp0pAa)Dudxq zvZ1#++q@%wV=cn2UuHEf*IJU|nh+NMysK8Ye3ZT!w;|-c2KUwCM!JvREc|MeQhD_E z@oBKb1jRyGZ3(S^UA0;qO)}$woH-Q(ItkVcF;gI87g9njhXYYD0`FgIIn_z0^(^t@Qth zHv-yeM288xPSXbo9xvh`DV8;0WD$f<#3k3%MP1=I@-WF!X@h<6no41{_qk^+4|&-J ziLI+nU2IbtS4Zf3_JcW(PW8Y!#cMMEzlAewYOa*y+QTdFS*y*?b}MO^FFOBUnVyOga;t+I93*?=O~yFoF#y?VWEb^B*G^%0fnYnlva$jMFW z$xWZNueRy+Ue;}OO7HWfcd%FK_38z~+1K5B?{#MbY@7e+cG*`i-QyOn;N1GR3wKT? z56HgTAixp-G{0z#7SEf-2W@ZY5*?(AZ-kt=$`fjUfGZ zCbN|a?aRFBcqev_!j=A9<^SNYo$0jZD&a#F%J&>ZG|}_Ie6km))`HaDue4Ng9SW2u zNl}$`fXSFG3(^ug+N*!`IZHMc!%)aK6qk9rV=KtT1=UTMeb=Hq^?}vxu-y8Ni8(DviyOFyYrp>&<=tDY2BXvR z5?l7Vj{jgZv4U*0pclDKsPF?e)xz9((8)~i+-h;SEw{3QzkGkK%#aP2uIgS_?taPQ zG#bR0NBc--#;S>9n`CDO;iMdb0%hBQEFp}}9`OjdRTYGhN#5?Tosv-?b+dDtlORIJk zwqDo(f=oGCQb(|YA?uBJ_2ACv#^~P0ExnCumIECv5cSP|}?-ty*F)AL6;vt;uiEhM@8(vpcS)U|p*w)Ft2XftMvU_HnWXW;% zG#;y}N@1jjDj(Z?-B4qTPSq%Ug)bK=B`K*iH1yzpMmTX1rc@tCSp~9`(2t*0-d2HG zlGr!y?j`OUzUO{Svy%fD>}L5ASl)qb&fQ2*X#%4JS;qnZ`c58~%qyO77WYxml}E2P z_ZsXh(O2wrK&#+rkO3T!1F#sUWWgWb8T1dfrS+XD&6_Tbt zs~gPTaKDlL0djeU6&p&x6eu?KId?QUfMVWCH?7J4L=5JC)dQ|TAFm*I(9 za&wn;XO}d)opQ)G8ml0UZ=Dt>+G);>1ALrHv&e&7330If)Q4(A2;M`^pxF{1HSD`t zKQQ>m9&yyb8oK=y@_?2-)kSCnG7iFL+6AktZA#gd{bG2#NWkMOLdv(cR=e#E*# z4|;)kv+F1O&uI)B?={*09WIt_sJQQ%VzW6Q#6~pNqqrZGpqor7z47rYx-VMO^7tRj zNO8he?y9Zqg%w5U%Pyj-r|0xv0ORC@29j(j3}$NhoIw2J-i9O6b5ZaH1==VYF_h(2 zc#6{@Ed5C~JN3tt8c5{7uNr2QHq z5?@^=M{z1y>~Q+9N=$UIgm34W%f!ANiA0dMJQ!3G1lD} zmdSP6%<7REfV8`~hfJh0{N;3Nk_BAQLIWO4a}=m6J; z%3b4EP~T1z#C9sw%64{6|Jr5993z&BUW+8z+&RGl>)sct*_(EQQS{3}#gDWxFWSH% z_@M((_Kbb;5@%6Ct_NvnEEe;hkD5J{z6L3okdKGSzjIl(T3qACI<4ER&NrCGhwodC zl1Ub6nvjtuxdq4r+XB%Jv)Q)AWZQWaQqRbE0g^;v=<@a$M0<=U%A+#lBQ^P4XTyzu zkYsgQq_*PmS)h<4Z4eZFT9YFVqRBe|+-x~#1=V!Lzkl@f5r_!ukaNf=mvome=wVgV z6w0gYTTbg;P!e3HTu*l%!LYx?W!Z0a{^5b&@6qQNFEKH}AmpYbcFb-%@>T=qB~ zL|K_83T&J=ATzDR2~2H6EGKy`q6d)iWGwX=$C?K;T7@2^YZ%fs0X+!a$*TcxM{<7z zteRGQqjPrWN4sk4?9Irv)sV-}aw`mnYzTw>Qc-G^<+gC#m6dA@}m zfwFio;&Qrum9e%7i_?9!4}I2#HsB2aq$@8ad;s?y2N$e%AhgSAvka1fX83Yi*;Faf z>w~~3?sHo2^S$}qds&gysP{Z$Hz=?40qSGRfjhm*0_q!f$GBfyPemiX#%cXarQ-oe zgC%RN&O?v6A5m_#JDp~>`6Ywp5{ql$T&ER3Y;{>KqkD1KIu9}*>E|UK$_s8iOzLt9 zN2fAEOFU#aQdtgIyS+Y$uP)LJB07u$%G6<|;t25p=hg~KAH<;Or@;hZAin>l@*}<8 z==_Px_$yb`I7as)z2`>`qd~9y^jCb${hk%7dsKx@b6VF~Tnn7m9*awuXt&#)%A(jJ z|6&Kb+hw;pQa^NAdaTX`F3UP#c06Hm5idi+BMu5=6qoB^w%yL)3)u zkkZqM+r%W-K1il8XRytw7nBFt7t~IQ&SkkbW0vlxEB%O{556F-d*Naw!R}P{{`36N z&TF`E6Ux35aq*Z8q(VU1^gzh8!$Uhya~?*9E8>Dl7Z8|;a0}POBXj|Px#|T~Milvo z5hHvbi;F|09j1pOX9dwO(A80&WcFSic{8a)Nrxjrm~(VGaQk*dly^ex&Z{Gn+0j{d z&B2w;VdYna0{G*%?$-H_`gPxV{a)-%4x#ros_R4HYiW1x667Dmej$o&8wt!~rO36=(&v}vX5oHy;< zVbRsh+HuL;Tf0hbbxw7?P_Vfg$?}Yr8Jpisgm0Z&eCzCsdRkx4FPqY`xO%o;-xTYp znov=d@0yZR)KcA9IzcBl7fvi|jukn@L57`76)MyN7>b`;s&ZlD#VHl-j zB+0JtlS#VD($3U`B@O&zZ?Rfa_aT5ZGz1F~f;jkVt5xZ-dPBvH1O23EAe0A87qS;* z-dl`$GZmxK3!8x#VEZFpjnEy60nQfdM#GnnK9`T~Lu*aY~8?k1Ct7A=n9L)*S1^Z6S}|MbfLs+_L8JNf;) z-j{lQQ)!pntk67=p81c%cATyAmupO>UQ);mow_U#fc-LT=% zp$!{^BdHBUUPjitmg*fHt~WWclb$jyHfGhEB5kv4CVpu`A!M6K!wH^l5XaB$hd@MOne@J~kTz}he{YTgG z%~ngoY}(?Q~7SwhjG$#s=VHUVbG# z*W1YpI0_m?>9N6Go_Wki;jlvrnm8P!=+1@+76Nh-s3(StCIpn-$kIYiB$TH`p18QV zwym?HdUEPpXQ=eYfyS<#liDi$&bZAUjm=+U7d&&yHe7z_+}(HQE2Z}`B;$0p&F$O$ zhw&SxZJSZQ@N{)+qSWXb$;1ywm6#>KAqY& zG~b8n-oQPehwJ|3bZ%7jTwm54U!(4?W!LYSFKGxVUHO6Up04(TqpK;`oVGoOf=rBr;tR(Q zFcbo$NG~Bz1f$VlAl3^l4%9OUv=0ShQg4GztZ+DNaYIw$vZ5J|iMKDBxjPbw73KJQ zsyf2XfWe?M<+@#giq6Wg4PK)zCsL2g`F+Yl6YB*+vO>!E^f*9$7YljYW;329|xpY(4Z~IkAk-a z_kT%`<a&mRQ33CieiDt?wN~jpXiuTbXlUw5VtuT6{47FiPWD} zXf56z54A3ywax1GYoo<8WB&Y>;_3pA%iU5IFNwA|!;2Ez1RIddD5 zpvM!esmk*_-rmk3tlPCFyq*0!TTS?vJE{>C@<3rt%?Fc}CG6hGdzI^p%X959R;c{L zFW3s0fAis5Psx}f_R*ciC7ve?c~-BpI2LTav^f}yB* zw`4l64x^)v##4Q?F2V;4LfKF0Sm=c@+#rZm^UT0HZHNyML~#=J36U|(%W6b)I^y=? zHLlFqBSwX&k`Dm=r;bqZ#kkMw^~KrTv(6f9+Niv+el-g%S(1-r$!v+s>7Kh3WUb=SV7$E}o|_k+G!=r1km_ByP4h*e2z|Du1+f`E#9t#`?EY>&G@U1m{_5j75_ct(zUKsfo@$hFx7S zXb^w$#-vGaOinHOa7S~O*5lE3HE;Qtj&*Lg4#$!ehVj2M+q8r0<||)JerOJ!j&(iM zMK77FSQ^@*{u*{rxjrm-OW7Xi?70uov{HB-K0wOWeAIp#7Epm2OFQ*I9m#!Qc9L?LMM6-_~5IBd5eL>>xz!Dh2>nDYC2q;k`h4j$2TQn}&R8lLb0XJ$;z-}7dnRF zXk8b)N`vHOY>+(66W7&2?#I6dkHHL~`(x$1idQaEypXAVH?W0Jcq~fIVG9+f@;$kN z%~gEL{cI8Yi}F3iDYh!FDt}_*mG?F&zr~GMh&Oe!T=-rJ%6rnUl|L!3F{|;M8&)FtB&u3$(+9(5rL zeQ&B&e2fj;7-1KRy@S7oB`-C8uJAxSwczK%IWtp7+2icmi!c9O?WyJI)iX9N)3`t&5qhuVZ}bfXQ_d6Wmn(Hj-SQs6$OcCFe~E{c zSNerVQ!{%RQc0Z}$2?oURDJ>a2#Qo}*Q~>LywK8gdB6{ zI-KTa$Hr}Cxff1an$+uW5iSZw4Eo9{ov|>G8!_nea`pPipfj+hz0*CmQgrCug>{kc zXYGa?Z`2kxicj6E`15OX9eZQJE#|y2!CFK03%ehj8Ys`tx0x!O(M1(A+-)S}r)_$A zPSKkn>#rwD3i~Jc)cOV<8qUMsU1&kHuRxhP>%r-|YLO!ugvtih7XGJ(g;QfZh9nGX zTjz_oE|Co2JcZ%vnp;%LO5^jV=@%c^APNoTldpTi-5xKy?f$Y@yT?*dnE(76;iBqB zlWeAA}+2W*vheDP>uzU>Nwqjbx!6`)(hN^2y&w@AzMTBl|GqfC68WyRSv zTDY~e!s}k|MAnyy=b4waS1ooI%wHiR zR;+SO*dYA0&f5?kA2b)*++*`QuK9V9TdiA478xtCrU2s8@5c*YM(b=09mCHJ1@nGsier+8RNM_s5)r_@qsMz3X54#jO zO6V}k!D!L9+F&Rix#CG%+RB=XYIBT?!P#8TH8_uXh1Ae{ zJa!9PPH$(cERxGL5TZ9p{V_Yk%ax=ZuS6duGy}ktm-#!nb_N?L@j$xCl*xf8bQ&tb zs6q+-(4O=Ue`BSU*MPrMqZ!clrQb=qGO|VuX@Q^v0biu;qautdm9QU80m#PeDxiVz zPINK+wYQ=@V?2T|Ehdq46DbrCQlWCO#3yq}3co{E2Q!QV{0}+^!sc^(<*o7gmnN&0 zE}YOhXHLy6H{Gyx%Y#$b_Y{_|Tsvjg^4i+jkqHNtck}Yc*Vjke#p%-?W=K}ZChXbs zY$y~i#EJZm_YNP*&o3;TP?Tt|S-$n+=cS8Ur%xYW?=)#|+O%dj}Y2cf50B^IwAE*J?a7%H$n!K~LZYjM7mNR)%s_Yy>`N5E)J4qi2F%m5mt0SXM zor8iF$!i_X0rdssLj)>@K}s`2eHL0O_PdbJ7xJ>>A+I;&8yqNUXePj6Y+ zagV{+%!dJw&b6`L}!0ew}}ejR(4avb31oF*RbEB)0z*IlpHW?b(YjknWsvdo3V~E zB_*HGGT6F+6Ap(^H!EUQYzq4X0~(Bn7Q><1r;X`QDHbETqXP#FrGwZ49PHY78<5*U zyCFn_R@09-Qdhbd$T*$Q!iitJa15%$0*IWB5o8mJD``SvG&-#UCyDqBU1_L?Ng9u-|Fl@2J@r^%K(Fvh zd`&GVw~N-(5>(R$KAy_s@%pNDT8NZXBLEGcO7(H%#-u9afA@HX6X*e~5JT`uFR{>Y zn9CQaFjQ(<;fXf`k>quU4IS^NCcv$TGUNrs+ww)2H}FO(BWbhftyB|~y$$E6bpy_+ zX!Udx|32=;qRHQk*P?}}QPVF@w{yNM+-x!+(XYHrvKbKai%;b4nbs!f?=Q5d^K)q_c>*v+KQ{60gYe^DIu^Y-DlP>OCO|iN<89s6sB5-1iym zVnM#X#99%TELtYIjTIMMR^~IA1$IuHmQqk!)UO2X++$4eUIrDYM5*l-#XEjSgZC89k-G-uZlYm!MxT;}^4XlRA7!1}I zI)hGwRq)1~cDKvecvf+9YiHe9Q#=$7i&kc}1?)j-4RbLqs={od$)Z)}GCg3g^hSZ% zjmQXw?iQ3=oqk(R(4J>3)RoF(&vU!S-?gJykjgKrh_@8Lzo2byev#KRp-?X(!((+V z6DQ`l5Obc8^NT$OQNPz_5GCC>sHw&k*vbk7(PUtGE^j_7DUxhfvyWK=vfgKdQ;CC_ z4Gx1o1Lsn5+Ry!f?_|MvDg$BRfn@5?$*VcEqudChi{8_t8JuEL+au=n9WyJQ>hX-0cA?0Vv5w^Ii`i6tMV^PVu?t+UC z_Jvr5_|6+YT{LF%je~#3f-cN{`tupH_ivwc(Ucb3d*WecaJNt2GbzUfQ)gIyT1EoU{ZaHM=AW^5oXRwjO)y;E7AHeyucdjWZ{ME*T3>ghR@-?jcpVW z4%#ik>kNU!upGeGg5pOZSRdDV7aoP@*b`%$t1uDmFd9b@9xw$X!Fvvp}p)LP`Vx{KpAq4M%jOZl?>(aAdx9euaUzWIktzOHj-&p!1;8K4uifv71v zxkq{zEKdX;X&q<iHx{LsP1vHhsl2%Uo}rJUj=3MGkJPp&f=ZD$f-9aT6N&ma|WE9lS}3`i%E zWc!h^?UOXb>krbFT`MH%gxg3(>+nr6DiiV5P;|-tzzYOA47cpS1<2!~fyF(}ha?OP zCRZK2gor~V;Q(44@bQ^A8UT9~*W~@F{NDyd5KXM;t(XY=i{anpf6A*VZUm5O=Q@^L z*9nX#rF;K>?BD+%489hnY{3C#jm-%F>`yBuPOJbxXuxS>w;fO(C~Yjx^Rwi}jY`rl zcGCm<)v^MgqaRsv$m2H6=t9H98Q#%*m|9_C%aji}M!Fgk6PHcoe>es}CqOTieqI_e zL8(lDuirhmg_q%m{?>(KDqv)h7LOt@AF{W-)4B@+;8u!@a|>CZpnID4+SAa8 zIAn{r5x{RF^mvV$_zVOAd10dzbdcbSG(o&&&|Bglk$({OX25Tg|;TTMr2LPDIhXlMtOEup548^h_lH& zdpLXsaRSVokLw$sP=5Yc&(BUGL~Gw6ESRz7%4PkxQ>xbO&oSpW%N)+|!lj2#+<5+Z zV+yRgzo0htPxRf>qI~aH`v4%g`!Md!?(N@XzL)lBg)w6aX1%)o#uJBYoCVfm z%xP6etlEi7sWZ=W=&_a)%K)2*AEzC$IqMksX+b5TtF^8 zCeAnp+)~%E{(v$$mHYuS{y;!#;|F%V4*!0a>p9szCWJiKgUMh#Zn3@!$JaXdpSJZP zG?B&B2i4aozY#Q-{on_f;3rR>9Ms(?b!slh2_y$qj`P(N2;c?;2zs(MhSd=oOv&el zBLy;^Lg_TF<%rZL)90}qXzEKUKL|+0(0)N8o&hHvG!7m#9E*o@Jk~6Y>%8{*S`*Vzu zO+DXe(Tb9-ggMP#S+?ulwKjWReQ9y7MbJ78Mp>}xv^gynr^8eCA9L&6LGbtB>9r24 z-dR}E7Hz3SJPw2jw~>Y7)mriM#QUMT)dgdUJ*_Cj{=LCh6WaZLWAU}UO#2PHSJt|~Z%U%cQ@t@auVrynuFUjBO+B5(6D{UKgWz?U z0s=G3j)HJg?UIIr&|kU0wqnGf}-tM60fc zLFj^rFb=Z64&rfe53-SSQXKQZvz^!aF)mG?3lAdk0gb8I!C@W|MBua zZr(Vjvhwu}n^!{U)4{)6&ctD%>%!+&5=7MphH$4W|hU-{=-`>syj&z4M^P%de$ zHm&yRUsjZt3$oQ{9=EJx$NU_ZzSM_;xfhT3mq>EJ-@+Cws)-w_>jV1SqPDgN7v+vM z7v%2#$6(=Pn>7$FoD>S)W(mpwGAppkrsZq9iwd7!arUxc-s3IZH%_+tK02)KuI;#P ze@|Qct|vEbXHxS1%cmu-x0*2wgyz=q+bvcA&^epd3oDlIZp7D7hVk7NeBD1rw#@EM zZ4U;V)xo)sbxf*rY6}`GwE=)z4D%P;pdoR=|5rod{c#BKVBH-E{-*@TMaXsxV(CB> zq;&2B&prFV!Dk91&nUO0UV0qv-%{PTb1CTa?Yw>G5-(P zq+g~=ln;KjiX9zff6o71Tl*U?XtfuqamLgf}h8+_! zlC`pa@rp}3gm~+$1@mV#I~=}ht$%vgt{vC1?|1EJ4T;wL9Ha3)JoTb+7K z*|fd$D&3J;Gs^b&GEop6d5zPyPtJ9?#x#!~UuCmj)Twn(nzm)@H#%}UyUtoXZ*o2S z2bKnOzVUTU1%hwZC39QzotQu34Oi-X%@r}B3OYd#e2f1Idnb8lyLsFa=dz#`Bt{l0 zIS2hk;U1$@ z=9>2Q`MY*y@tQf{maua2xEoOXk&0MI2F!bgpeZStP70bySg9rjz5mMssDx`zlNhVx}YahO#7#<^d#4EZ}yi;amYUh-ua{OPE5mK`&9DipuUmut@kU+&S= zg9`XKO9n2@*?@Hbs6Y@)S=7g=k%*B_-Vul&gsK{r23OdF$OMEGh$q)JDX;zDcIE%l z_TGU}Rq6ZqoO|!|$@H3OnM_SDlgXrKQbEgJ$m(ai8JT)aaqXnp^?q^(KSxXc5Yl}_x?VZ*!3{)y@L`f!wYB)e z?H~l&@_y>lIC2ra@3FE#9n%ZFN#{UX~*}%i@$PSy=w^ z?4=FGw}rF@m8q^kr^INX^Z87fm06?Gx2~Ff`T3qYcI)W88Y64SjE*jl=C%|~7;Z|- zwT`Tr1v{NTCW9ok$03#Z7#I?r`iy8w?#|ueX{jocskLVZ2s{FPh%&xwRlg?=V>BER z)E7Z@X(PiWRXRakq53lr>4Vpk$ZaRo0~*;O6`KZDbj37fFSKtn7k`pJ{`(%a{x7UV zAy2V1tU zQeJuoq+8e^-4~7C{zZM^O#dsIJLwaO%iK!BXK z#o{+Dyo<_GO1PtXbOUTkLb?@5$%i4rJyd zmo~6M6Yw2Dn~}M z56(H5YOZLHX5Sb|?f?+0ST>qgj@)80SB$R6zH!cBYhNEJp2NSy{4}z1il_VzQ)>B` z;+)&&9=2NO%B>N3TP02!A*IE#k@WPDLsm=0=;EB7IX$#WH2dbLWJGz+P)#xaT#1Z7 zJ%^N2>ViRYF~!hBW2bL{P8(>n0_+OB(sY=ScuNtwhd~Gb`cX3j1|k?rX?u_qR*9qj zDl!<1!h-T4{rSk$+S;kPzt2-;DoR3ZEL0NB=<5xYRQmHC4zdol!(cTTO;!WeSfcb+ zpO0BNbCMkO8qFJhLx!ZSNs|R+d<%>o%#4h(l8}FdEp2HkV}Qk6Ar>p}V_@#LjG)hj zkJ=v_Ax3L%6paKQ;}Wn4V8RYC0%IjBIFSOHqc!C4^~NwV7hd{vm{2? zAC*`MzAYm)z}6{BgV9n8ze*a6nOc3ZD9u-l?Eta}NU&|*R7Vy)_aCuLtdZHd7XGu` zOoQ5Bcy-t&l}>`}8f~lZDU!P$zSq`Ik zu)@)q0?&LID`q@SqJWo5r8lUFjDL)mu|NSNOM9M}+dVR>vKs6fm&zxecOtPyBF;|Z z+V6k%P5#hK=JvbhWimzQUARTKnNyEm_A#lv;2!Y)sqHQ<#HQ#edjrvl13ubad{L8x zGZ{IHju`y#$wfE|SH*wz5r5^|eDM`4it>yXt0QdWEJ9jT;Xqc3=79 z;naHrC$Bp2iA&rDR^hcvI~tt#de-;1VUdsvN(B#mK4k_ldHb6%*c6bX8lLU5{{?AH z7|Mj?!h$%<_OiY44997OBO^{kM1)21U%4aW6n2zLu<{dDBqBZzu?GwtKZ_FRJm>x= z=|X$42mAYNr560Xph0*b!@uZSAL`nhL` z^O+t_#U++!l}M_~${2-Q)2opyn6k1O;bSgj$I|YVu%U$k4#+>t@SxWk_B~ z_#Qm}0^k{tv6W(Dh#>%HhXG8Z)HeckO%Jz7l&%)2F&45DQmV2tVksg1=LfpV3bX2~ zcRrozzov6_UU8(P%n|brSL|l$5|v6N^Xw4vJPGa4Xcm2eJFEQk+E>S_)xl|Hm*{?? z za(t10q%E?T+LkeP@6JiC8{J(p)eO%@n-@KLR(%hz8^PZQRs$1TA-j?sn zv*fDs;RN-Sbd{G(EYHxT7ENLglyBeA9`uyY$elH-y~txPVVcHOU)kBTtg$?n?i*6q z79T#LeeJT2?((LQSLC+qGiowIIo#8G+OIFJjiE^cJuvELk?dZ)4+|_BS;%ct4^+i? z(Js6hWWs@;rGLu7*bA5w%4;l4SA~AOLA);u7$<^sWRgm>7Bd=R6u>dT zhgHl9*vJ0Z5df{|+=cfDW-sCW(FIO!@d;GlVnH+(&K~r$9QE9o#UHDRem|pclFF*n zXv!{q?6Pu=MrTcYF{ZL&{J6EuyUE`(hk^yQlZqpfKb?y6$M^^MW1CN%+6-7k8)=M_ zg_CLvv#uJNZPlL+4@DJrlRPPqg0$$_8&pBJ7r;TwVHNFoJAV)Bz>I>JZeU}eT!q%|%7cOouZw)9K30bWj%3K2Uld-^PCG&29=; z1oofoc#Sj`6gD*#`YJU4kn7mVCvWtXhMR&O=^oL~`}c`{-ovk=XDK3=OVws66}O~P zX_yo>7Z;;&f^cS+Gn33ZzP)eD_T$I5vm3V`?|VyK9Sjf6pC=>og2INz=}j4)Vn(ju z|HLiG8XERjYHZG_cTAab$5i`v;Y@?%5f{dR3cN*dBLGE|L=Fj1A&fmjo_oAJClN>b z!9$fq3NC#!z`TRK8&f-%_bhh=?E9Csk6dOq8tmlqee|cZV)-r0$jA$P9LzC$)riH5 zM(`gS?RMkpwe3rnv=Im<4ny&WYd0G04#T=s$GSEIYTb9CfUS}I0?&_#6?AdKlQE>JP5qVK_n&X6XoB!2fm-?QW@(sbsb2m7`@ zixReEC50>{4*u?^GY=63e;Qz;EN1>a-+XuPWo0+>KRk5i)B{9SS;l{pSzeymKmQ0i zB;|ks?ip+V^ey7&S7O9^6EQxmYb(=BPIhgL4Tcr=kdsXB)-FCR5!=c+&r{tnMu|kJ zG7UVINaq|z5I#J3Du)6zi@!<|$Yji6aE!nQZL@eAXKxh0ZicVtHR@B3Gn zjSp-v8Z6PV>raGhH{9{yhUU7*Pedy>u$IAZkg1P%B92-|M#d-5-$VgXJ;e?$n=DCe z%XrPe%)zFw?=h^BpU!{33Q@+-a_Os>1Gb2ci(V4FCVEfw579qGpNhT^Q8Zbxi=}G6 znvsI~g`#_1QaBW_8K93!MTsg#FcQECPw`N6a->ru#0yN}!cZ=Z;8a^-Bto~s6pO=x z7*c{5+g)NyR1NZwTq#_KnV5560*$(uYGQ)Pv`SVDnl&;#Rhc@#a-x4+UhW3fYG;$3d7Ri`GO$do379eJ81npEkna-B`5d4!PL z%z0PmMe`K(S>pDp>}aOZq_CXitGJ zoi$pudPDZm)HE%NfEIVmVGD&ArRHt1Nv4rN8DdzDWVt-4x%LjZJjX#u3z`*aqQB4w5vfl5lO z?@&n!5M@KpoU|9{F~0l<@<}oBH2_2afJ{;@K|2v3{b(cbT2UZgvX{Y56|Djl2h|qg zD*=84@*EBU@|w0IiZG;do`6)O&aSAjU%LW*xi~5`*=WD6$z3HjxRy3=j)`STjg-jJ z=S?ll7@H+kWgCo^NS@VMkgAsJEUX5cz*@CIY4<8+3bDdMIu({2mnXi(XCFFZ+~Vl6 z!wl2ntZOLUw{mS->hPLIqc<2qfBaKQaA;$T8u`m(MdQJ$usBV zI66j=P+3`skQ-(!E;8zBTH(H{918I?JvU?ZYlr!N{(kKH%rhJbUpJ;getY30UyFq)l=doWc%XsXF-Sjw(8~ibR#>E<_B9t)v#bTu z1F*PmR+`7aQPnTjnJvXM7ZQ#LQWr-Qb-^~rM%~oQg@6hw55kfW1k@A^bZoGisUj9( z;NWt5_Pc8C8?9YDboA=+L(I7~s{Km8-#^>$+JEy?ssk$j>}J37K+pc0_q*z|?G2r) zN4G3fjk<@OwR&{(QuUZ8>XrM2I<5mf`0I@2nObHrGh0$~>r~j$jPs!Q<^#^U$Hpj^ z4IjOlyxw!b70Wd>bgmiQv{*al{u4KdW4WD|rsC14WG;H|lXgimpq2nLS zR5;j6YenH^M7=^W;u-xqF|n{g47(O0*5MNdQHvT9`vrdCScpKha{;bRRi0oGCN_GV zs7_p%jZS3JF}r{$H)dx^>$$qRkyg&lN?J^t)w+5{Hd7Xa8xv{jEmpmPBND%|EN?oa zs8z~s9LKOW2Wu;esWyNj>~&VE3bO@l^GKqZduQgu)Bid% z=LDb2RPv{9Dh_SgUFI1z;_GUeLdH2f+|c_PCtp2U=nVZGr zGB6sHgZASk77=?!r#QmQ8a`PAo_}tf^%1-4aydz7lroBkRDcJJ(@AuUgw<-jj2F;E zfFVsxVX3%qq(f4~09}1jlVZ`RSc@hV-H?N`a`!(n6W9HVlYN>fb~D$w6aR8AtYOO^ zBkND=QhI7TY^ve8QaOeWJ>xHM`lLD-CE{oP_=DtIBrf2J!7WNB)c6Yv=b89PLTojh z%xDK1A%3w@G!`vkmFQB@e$gGGM@7A84@nU|Y43%?gp5e%So_8dwkW2;vKWVLgRP zLLq_hWC-6GjKlw@ZT2GV<6`aS!u_;8Q4}AXCjyG^!u|i(?f+~0yx950F=|{pBce;v zo1{8A$8_}H*5bdl;<p-^-T}}f z+~nslT)ut-2zQu&uOIQqzvn1vb9_V=f8=N@;d_#x$M^X6`d$>^j&VLNz#U775BnV- zeT3Q{C((`&It5)X4m+y`R}Uk;bR>GA5aCN@96={RKm|mcevt>k*@Yay#%jo(kV~Sw&sJ2R<u>Es;7ha^-!CTH@}(fjV+H=6zGn&(P%Q!KmiJ=H6OkZrAi6`PQ=J7;BqCtGx=T5{NwT?v0 z?E{9S*PLx;dIPy#q>EYq=@OpjnS{t&p+h7cg8Fn7URD&URU&& zfjBf8JC0pq$UwLcF_nerZ*X9n-j^8k&j5|~uk_y_prg=hahJlxiv?J9(Qaa74?mxu zFMey#Ms{-j7~jY@icbYRe9RWJ@i8&Oi2GMTM(HIF;eW3M(SW_)Eb@>qv%8m+9bSCj zefK4H4y>)djVKN;e)7pD6P0|ouS$DTtv(5EGKT(Yt9+y<5Ys+RuEw%gq3G4d0{r5~ zwXvkVke7+X44zvKJVXGI2sQYkKpU`>!8O1_x(hR&bm-#1Cs5^D>M@%AoKlH|_ zZ6TLIUNT6j#{M5MMhg$hX@A573EzTOP1r&UB5PT^l))aw6Z}rHaYfHn^McKzS|7M| z)s$mTu4feWP2>i$cXRykO_#h{b%kOsa_QmUr-#VGwI#Jg(Te92^eln9QVP#R5Hi47^oqb5 zKxKI<|HHsSwO7Hco_vPls8Qsl5r64W6?9^lQ!D~uuSk-6)k{}h^-^Nz?%8(x?A98$ z`#_7S-I%traW?zLk&T;<9NDz-$Ugr2daGb?3QG@_qVjh+%k`>VkrCJ#v?fXp@%j-$^XDVz4@U7%O{fiZp>%M{wLt@`yRJG zNN<$kdFtR(pr~NswHGEG2sG{xsswHtw>)43tE37GRXY6i8`AG2WwDgfen*k)&=dt& z9pD%5F6~*eq=(loZ!ei-E6S}{ZL@|e+s(#ywl8TGyVrQ_}s;FG)zqkGo#nxpVrAooq(WlBFZsmhdm$zN{?YXv8@xR$Dz{WN~M_--$Q(@J|u{D)JU!C4A5HojYILwNnIE^`FN`zLOx&7A&$k(2<8xrYyMc;TOW! zg7RdxLtAD+W1CA8Mn;3c;z5vucE%d$8vtdBKWKoy>k`wCEu#qt{kX$#=8dQ%KG$^NzSu5BwGpu}T>vi}XlSO3ieOj}beW;qh z@(C50?sjmD(VT57=AY;H`iFas>1MM+&o+_y&wkOt?=X%Te|=XSf)!c2MpKz=BQcCm zag5N^rd!wFMqsE$8l+sBxKJV;;Gm$mm9v4o9+(m-jE|Zi1h5O7(#z!fPU1k}sg|31JiRKpOOulfv_fAXibIZ+rj&x`FA?gB}^BpW^J2 z&f;(sfnP1T6rThfrjRInHon*9QxLu|HDDmSKNgnH(`B5}-^UGs)aS`=EI%f@ftuIt z4A{J0TVSUS$a-?^*+m@O`ZyrKFAx@k#u^hmnDqjtsGs#KIm**95u<%^6s0saYM?Yt zC^eweC)g4P$^png^(r#R!^6#TJRP** zSl+a%ZQl8zjr>CoywYQFXSkKl?e`xdIkQX#XV$A1_<%@5nqgVGJj>{m*=H&3pNC94 zGgHDgugtSP#Y=Q~mZ8J)q<)t>Q|7O)RAo%Kz!5~KJSy-?fDK$uX#P1VD}{a?#9Gu4 z^>8BoO)IhR;_O{6{shUh0`YJL>m-MJGx4~apW@=bbdfx!(M1lqh|Yz+r^Ej%ARJ(MsT>% z7l=%c)H0Y3gI{qWEcH|d4n`5hM_?udWSy3W5p;2GM{*qj`rvvCBlU^_(blw{0bAzi zg`)Emu zLatV;Ns8P|GL@wD}s~NNRxZ!b0f0BF*+Ti9+#TR$mAA_Tt-rl+iXe&V=^%c z7dO|90NwM3;NTC?WQYJIAnNF*vCF<>%B1i{SPSM>cSMei8h{VZ|m zBBd*CKm0YLRH)U8#P?q-Qi@J6%~}~EjJ1-)ljPq-AyvwyDP(?pqg=i*E^m1KWx3*| z*X8J#|Nj09rSgmKRpP$yQc}L_OL2ep0}}83@R>x;o0$dtwjZQQ{SRclUO9r#{!XSe zd`I3gDARb!Hzw0J=eaNLm@4dh_m~j zTO5UI_E#+`W(?$Aa&XmaNcP>$-}Krla_}PC$4C#E`r1JK*I3b*QFkYCEq9OVyL-?E z$sDx7Wui_zSr0$dSBbbZIu{s_W7>=O)oG#?qPXZX%n2AZF^LJoX1_RNk?K4&RWzaC zcj~@{b4_TUXuVPs+Beldpg<#%efQ61b7glYDDH*Fvwv) zEc1a#AZSG3C+foT3)?QDiOuMgMdITQn7K{^83&YH9Co*DWVJ%Y|3O8j(Ez}N2!v(f z^0I4Ph^!})n*2+u-@oU&@tPDX5i20ZVxZVB5Sse7Skdvvj5m^)Q*4J=T(@A%q7tPQ4ywWJEcuP7CjT40jlo1IsqywB zVGMZ?H4FlEAq&Tam&)a=R}k#Hc-w3^a?!Uur{VCSxReFEH4(G%Lx&sqw>qamJH)nx zxq9iHi4Wy&u>GYP z$s_Xy^|R#jcl@^Jry&_$cmv9*2N;3ZUb@XDUjkGUyal)p@<7Z8K1Tz4(dS3H8r!g0 zVucuAnL`o|c3und*7rVJ$A8*9i&L>^RGdUPw}tf*4!z=h~?%bQD1{o*e;B>ut z?p&fHsq^L?k{UP`=TRNP`}m6gn2s~lmNU4ImQcy_x3mD^4M3rU&k+3!?ncU73G4x# zQ79_x;?JB$8oMrU$*ddET%F&}UpI9Sqw4yH{3TtimYCGNF4PS z_dr}Z`~C;)Fw$ z^-tQ3W5?=?1K@fqGB5_?Z}|FbuFRY`NmFIsA=rxV&?FkIhsc3LCW%fLF|FgDS!ar9 zHG7O*eO(5|7crLZDK$p)R2IFkpHi#qZ+lA@*o4FbZ%ttP1WnLIXFws#GA}II`Si7@ z<@}FCj%1;~<&lx6Ie9F>8IT$@(MzA7C_0G(ZT}bFKMI?{gx~mNRWynhW37ey%Mlie zFd`4=9fZ70FfRnDHy%+sG)NRWF|A8?1~2-=q+6D%3@cgLBag^ftfb2RuExWv)qlUR zoL`xuVXk1zDb@YIzv+$O%mJL~+i!8^0IooC5DsnNPh41@kl@TLJ+%TWeNSTr`e*Rx zx#D-wZD?c_#3Bg;aRx+B3TQj#R4Ow?Y4AIh;V}%WNjhfZ!Dc@3J2R%#{PC8&wsuF& zoaxKD$J&WKb=;b@Bko$c>y|f;KJ-+X)K*tsqj#4TMq+=urHXm}1=smQFaH?S1tdV0or%ibLFa3Ue!GFu*8!Mni z>0v>)QJw|^Jm}&mvM~Dx49(ElbYedw6ZGd~ra@RTk_K?|UzrK~L;S-}Kh1`*_AUQV zE74-|`f3Lmp16&B^=bZLl9ITM4X5|LYRWeCy_%lRhOvSISa24SSs(f~Z|-}K>^}P8 zC67GvNY{sC7Qc}Hax-CkN6Bvfx~#+p8J5HcDJe|4C4)i!B_|}802qL;NsuoW%k-dBpH?j7&=rH2Cnz-=nU{VULc#R%+wOU$ z{qFW>&V2oh!|_ZfQ%lw-3tl40l(_8lXF5Bd0s8+}A|TY*;h=}oGu*>(OFShMkig%P z2g{zhCwV&b7tAlPCI1LSH;r`@bRzT*y)UYhAg!>ANvonJ{~(QkmJYhsOJwq2-sj&3 zNraG%mw*5LzmUlvcx_?}NFF$ATP_=I%l5YByy-$dUd5g`gh z@-<%PG_?9+eYCIuJ(3f^Bm%7fMkY#50NtO4!cg-s4Up7;KLju$xu ze8T1em&~GP06;+mj6wF-=Mljlij{c8Lz@a`w^nJjL5Ic;ipPwcOm)ia;BcdX0HS+y zk0;1-<`E9Ztn7A!!JTf*^Nb(aXf{<0wQ^~h1sUoTwNw$x8BtK5l@Bf}_5*(5&&T+q z|K85*dxyZD!^pxjR~^`Udt+fx>(*(*TbE9EIc)`=REcDnt|8T)zbMW9=)<{7(mno0 zoo<=B$>}V);aDukZS?50k@c(AFP_y=snex^&$YI&t$F6`Escn`pZ>|7pGbRB1`^tv z3c79xHmfe6xz_;oa~&o=Q@|Gl1P%Y7*n##*8qh{9uo%N~MI%e4Fk=7-WGQCR)KE&H zI~FuU#JNZT@}W(W?!~eYC%|biX!chN7W+h6DRv9kOB@iThX_XnBW4bu=CgrCP`YWL zQL^-VM? z6qeqZJx0ao92G^LqvZOdo{|#B^u-JKf2H61I!OFgW3uloEo3INWsb>go7j3wo&IZu z;%j}~Ev*xUqOO)(>h)hK6kqA@=zc4y2?rruf2iuS`SNys0yN&8@Az!0p3J3oFK~EYA*PED6=OWS#6D zZZ9Zk?Ns<1FK3v`S#sKiAz$v5&tb3RDtv_1LX*?GO9C9a-N>Zq%IPTO->{X=Yrd_5%NV`D!CCJb zx#L(~-%~l`nJJUfJrfc)jDPUCV5p*dTsfHxij}8YioF@@pW^syw{q&`W5<@2kHa_) zIiNqrUr(d6tymi#~B6#IW$=H3S(c$`3)|6N3Yf9Ni>MmjaF!;+e zUZy2@XzGsg{HaSCuSiWC;al0SFZgDRs1)1~f510$3Y<<<@SyfD>J_7=umGUBN%^CY zgJ~W+A?3nx2Kl3kfwNbjgri)Ws7k>W2&`nAmyW0iS4DozA$F4(GoRWNXs8cWHfopj zkpCRyzr86|X95?U&lE15@=&~`CH~Me_$gAP1Tqw{u7iJFc@s(Dj6F-dbtCwlyw&Vs z?8c4X{{G=D6`jMpnQcpQ(b2y1<=js5Y$Iwd$`2CmzJSs7HJJ z51wrfCP^wMMZxGo>0i*iTu5V-B5Tidgle0>u=*8S*!{&=raPBy9e^~P=V){N|Z_8 z&0zO8^XtU~l{pY((KvxzHYknyDDw+t0HlZ(3zb%V0j(g#nwk2-jI7$)tPIu`4%u^Z z?4j`I1<4ZT-l8Ba2^R4`xPy1`AKhy4dQ$VN?CtVI6aT@pr1kj+Na+b?(d8?mf7n+~ zE8I#Pcil`J_i&2#!Z0ZR_{om!9J?bYn|yg;!QI^T{HcS(n^{)D>6lILzD(SA5y!3D zK221w`19C@7x;I6LtNkN-1#kdpm@l1luH|)8t_2D#EK_Ca2#DyKL%6_Ga4Q7b%t)bH*C;S7)_;)NEa37?L^Y%@< zMV%2cu)S1GMQ)FTa7`5~*=grpRY-D2uiAf25SxktW*v0h#Mk`WdZ$`$F!Lcl%X%f? zoOt>D(=$mMJDE>EclE#U$4tW2pL<%J5j3*BrqgP1R^RiNGn@MULGR)0I8-Ez2~-}z zmrLroVJa#1cYX>Lpyu#?^SVIkEPQUt08I;%#uC9>47y?wh%G-lcrX9b0-*XYS7@}- zp>M64{p1xRM_%#d?5Rf^E~lxud7uPCLD!af#Bl9F;&?4_dH~FKQh?^M4*o^Tp?1wS zg-v#aoKZ}kjlk=H_uqK_O%1a40SPZLv+Kya^ACPAOk|zP%~OV zHV47WdC_HC_`amDEr{ha?;+P*;7k;YAc+sI#6S8Ae_<8I^Jm0y(RRp}{fIPSl*9-^ zU3YjzaNfap=R%Mx8dU%}#yRe3EUdit42XnF?$hM}YXP0R`grxWrU4azj|Io$?LpE#PvD~b?Gc7iEMzIEa zF-FPMa!p09&uYy*mYaE3rp=a~Rig3Yz*Oc5Fk=v}eq`8Y!zr`w&9d3NIc3sY^hRyBb6bjQSa;ZtdaS9W^bC(%eKb`K>Y^gNU>T)61s%3R4o5SYX3)6#EiGp(o z`?6DAc1EHw?cjTnFA3~nB(?)9mH<5vI~{O_Sgzc-mGxN&P1 zkwWsJ%_puK>WmSIO&K{8xA}ZF?wK=H^p||4$}3y5V%P1fS7!Kqf?h%8N{V$G$dE!2 z#dSbSAy0}YLJ^09y-);Y23Sz(?=J#GFQ`j1HqjKFq?_+ydMVJapMS5Xujk}Ri71hF z@?0Sc6zV_)CU){^*8<2JA-2a8SuzERL6b+B4g!J0e{8QGTMt_72@VEq-G7O)gs zC?6tX_`oi4PO-zQgNGi(6nJq^xM>hE1QJZ0gSU#4G&2JE4b*Fx+UbZ2SGzC~2~>k{ zgBY11#(dlS+p`r$TZ%GMpT2pNjeRWlyLy8mHh$5Q{2Bi5ls;FWy?x~7m?2`QKci5k zC??3|id03X;ytBR*{M*-?eYooG+caR3=jW^!l zAK>D@qVS$+die}H{v@eWz1Fh+(4qA$uc`PaPmX8Lyu2;Mzda-v96~ZfXbDKiKvf}( zO-atKYRslIvkSF2+=9G)$LZ*h{KCnJl4j^Uf18eIboBaf`~7s62bH`Rt9kMLo=B0H z1KSzIcn)?47l(j`^Da)ele0R7@AuMXg2kX!CibhviDw)Eh6&i2pMQ1te>sZ86Fk3# z-;&^U;kKPefLyL3s-rvG!n$*33E26#JwOwJB+CY6R^!`O3I9feck#Po9u{u80?Ql>qM=mDZa(A~~X007ni zFNEOfzW6h8O@Qleo(n8A zs^qN~Y8)fa(<;~ao9E%s&&bt&JOjsnF6qPdXlAN1#9L9syCCI&azYS;M0o@~-Zi_PquO%H9tKk~!I z&heWzjqlv}x7dg?cXpI#O=z4D9`6{<)Y~Oos#m&5Ty3cjG=_&(Hovgu%&2*_D`pQL z!x5QBO1QBjX0NE3({W~vEi;I0E0gNDPwOU`f|;zNW7VpTQ7c!D>i^|`Vs02aw0>e@ zvL)S&2v&|bB&;oU0?ll|N|aiQ+q!oa|Bs_fylHviC8PmXPr~27v@kEtxAZ8n&)VxR zvNH;nd8BFP%%()M#tsiACz=jf@*v(B_1|jX;XteMq8WL0hA4hKCIk!;aHha5YhdHo zFz#!vNt_u&8s34xJe+?V>^n;raKriGnSZ|X4tIB-k{^!WONb}gen;{@ zi64-tkkKm(GR$z%3_40d;*?78X7RQK4Hy;x7rYM|!U-{s0c>L;qOLF4lIe$F@fD)< zgW*dc?;nb25+cy9TFiPeHbFxlr6+`OL4eqx8tAIUs$lWY-V~0Axr+UyTvK4P+V`;q ztNAZWaZ1lWsXFrxV)@{zeHxwAgyH~ zIU8VZV4WKNg*u?}a@8&uY2HvMclh)7N#5B6lIb*=d{U;yq*5!Ik2DyRaz)^ys3tg$ zNw*cYJY3JTI`sex^2dwcHmXeuVrn%NnzDfQtF=qb%*dHW-8g29*Phj-QF!%`tR?u4_WH7Qv4`=syHJIKL(Eiz~&54~Z{sI|U>yK||u> zKSTIqMZ$4d>-WIeb1)pWsGj00{AHsC#$z9_VG&P5q=Y2!f!gF zRO9uSUxxuxi|;Efk!84*AkLisTAvarD?fBLt6wJ?G9S=7?+nP+|$4nsy! zVJZ@I4gNNvj1`?0(RvcPL@#No&ZE3NL-l6fQeA8)-G+t2yJA-5u$=OGoId=ew#&BG^_@jo5DIor)Y?+XXhWGb=A z7nYd=)uY!AjPHAdXU>J~oW?V_7>QIc0AO@A`@vc)*d)=RFl6R}{R0CmbbeT+0zt~e zKqp7D!Nr1C7KX{BrM6gK3`1OhO{UXeRRpq36Q@lp{4r}B2$|Ws*#-P^o+a?GFBJW<=R~Kx}{U)lGKFUS(atfj2LPj7Y=&s!mhHIQt!>Q zaOpWU{_KL$?8B8CZtAHSd0^%UA4%V~KA7I|v@P?{u6LgKTX&N?bVb?d_l`W$tf}7a z))gkAJ^QyVyZ?!Y4tK8cXB}al*45noINa{v@(Lee?=-5fZDhs?%G_lrjE0hD3?x7G3Jfrb~ZE z#Qxi7-_9Hu(zfm(2)^?J6~QqLW=r#;EjKb(7GxLXf}5H2#%s(!-0yu$thpXG?w^Ea zF2fR;ZFb3#;2^phxQUbz6Zz)x4Xd0y!)#7$WVUGSD<{otviMA{G>`J?bh3K-+EeNH_-W9?ggvY`D)k1Xp!u|bk_@hZ0kSoytq8mnvW;Un#}?JU z(Jkqy9t2qdRm}yQ9`&bL!cs3y83RRFP*`z9G;A?~Eg!XnqNJP$Sq}79Ub3yn>;N}c93{OfOF_hwbY{1m9Pdy5mHOtSdtZCEl#&T>UW#hU2|s7!`E)gF3euK z6pKyQKD_75HA30yoWk6>b8`!GR?{-F?YxFMAg&84tX6Qct^dJBD z;)_IbYl*}+LuF1)OAUe>7HPeV3NBm86(AX^Olrtz0GE8xmdTUm zsj`h5=UAL(v$|L|Iog;Rv;>)=nd&V=JSLsLR2|K7rKgn3DvKJ%FVR~^r1zg6^c(c- ztTn(C&Q{N!tb}1Ln?G%^F`OuiW!X6r#hyOm^`^Tr@~cJLt+_Gr^#+|TGKO1 zvnzbLewo2x&bMS{H-=-x?9V8uuFlO0ghI`;W;SPXKh_+AN9``&$nz3UYM}4Fx%=kM z-A9A!Hm9YkWJ-;kcv_=B$$%7!N`H#BGCzhrsqfj{DMd4u zHh1wy0^#wb^z7UUaUEj5&Fdzgu3?S<+m}AGuOHJgQDYq z@d8`oFk+Ft5sZ5#Z_rD}K7%d{*pX4q!7`6Bg!*_aQ5amJbdD0Xq-S+hVFz}4OlV#7zf_1R!U@sRz_5mS z9%rPhg?_lwTo}o{7-mtIBB2HMnotIh0V@TX*dumD8RKjq1oC zp3L@MlJkv?vghx^`8|N^0$()(V`Qka`*i*8OP{K-FH?ba;#>XzQ&q9q~`kk zGXCE-Q>v~8tXC?Fz9Dv90rZN${&oMJJ^UB7%#SlSZUoI_VR}($%POC@puqd3HMU`c z$L7!S+ajUOD}7}n_Do#6E%g%Hu+7`6rI{KxsDJG~=fo)srY&X1%uif0Vnji-c=*D1 zDm+6%&Pwu)vm!7*kN^5D{HdrQ8u0y-#~w?(Wpo)q!$l@^b`s6_@qHykQ;OpfZ+;vd zF(S&`URjx&o0m6@sK;0klEhS2mX(pU+4y6|pD9zavyYHVY0X3@EueqO%J@sl%g3k8 zoW{w+?W+;3h1K&J(KkppXcnXpK~bck;u0|$SJ)zfAohzgOx;xOg%lx( z{(|d~MwyG#rRi!Z<^v3|R1l#cRHVRy0Tsh5WPqfuP{je73%e%z7xscnDOW8QEuvf|v6Qfg}y;^F1Kq2L1G7_Sf;Q-AM zE|QsQV>vmEmzHHpa@Yr>Hkl%V2)u$RVRdKFyNC-=H$$lwzrP z0;2T14Z?LMNhAuH(h4>=nGdN^LEvT&H)pBTIt|_x%yhPAG}@69LfJpmiM33Mf~*uv zmE_XF!UJqN{qv6kx=10gPGd3eP;S^Aq8pNO12nJ*8jRRW7yWVqWB@8A(B?!F3S zKoAq)CW?9^8eoc(VVn^O1(S&dfdP{Rh&FK+gCKDP=?PFI&{{^%3J}OIOr?wdj1`Cx5nQAu86oo&Ceq=r04 zubjvKdr5U{+tPSNG&IX?FyyJ32M2#P*cQ~lS9}9KTM26pWp&acg_qYu?ax7RAyf*8 zYIIgarf>j00F|Za{s2)gQnM9`30;Sv3+mtMUb0TTRu8%78jNg z#ZM0??6Of!p&*vnG>(Q`gzSYyo9SaSxR82w74nr3{OZT)YiD zN^(3fV}=~?A2R<9@4{^yx@=A9tNa&4`*M26to9P^O6}IBD<6DxSN)Z8$tsDWZ!pva zAoO40VaRI>3WsN*-@N`Z(aP-^O*sp++J>xxM|bakK0mWTDwnfa7emYp#vZAmiNW%R zXP_noJVX@{Q|JqY$l&u)3m3Yh9>b#9LMLo|cwmtP8(|o|RV(t~Kwx|5w2e;*pMzi( zOD1&ih0{drEAu8*ubo;sZ%TL1Xr`!n-Ic>62I=HHhq&m_q?;ey_V?{$FAFeAA{Vd3 ztjnwx+tM6m<7)H4*#F)D5dWhG5nGc1EB3r-m5r09RKRD!7=|&-3luv%c3K*n1cU*_4$#al;-CQ%4X}$e7a?E;QLr8c ziAhp_eA3@$D-?f%D}PSnHh<*hpGC2_pP4WxSvLE_uD<7)SZ|_NB0A3h*!AITRQ!`d zs0+F!(aRB`u244nZ<9{Pgu1=S`;qXtAFaR-EsT(&0oy)7&UZNC%_3j|nFz%}BORh- zM8ljM{^<58Yc@VSk=a<@_jvHq4#M%@|7G1%%gUtnB~_XXwXFsKeu=27p?X|m$GQo} zHpNFVb;W0XXqj(r{4@Vu*DbHC6c+~5{k2`?J{pjD&i9&ynRvbEO3^_&Hh6SY9;BQE z2%!~ZLkd%+8_DwIx&f*Ua8!b{De#B=`UX|IpgB>GTmRpr`Xw|*G`n*S%wKLuMW;kL zZ2^ZXt05!J>1)f)Y4f>EmY~&}<#GhtI)z={bYUaMD^$tJZS%oK5~5Xpd4#anmE{G& z2+eGf{0n!@8BtS7WSGH`?l1&8ng6;Gr|u(%-D)?R?Y2~h(`GYh)n;rv`U|l}V!gsn zM{08C1@%&Gc5^S>O1*q+;QwM)+uAWK;>@iLHgqBqHu*O*HZAIx8kQgREn5~3UVkLNPC zup$8c&bv3TrzP)=P8GC=(QXzLdKL}-qf>=&zfw_9yC!idI?bnicP}%Pu8=p@XmuuX z1cWidGo0jGO**00K&51zAPgD=&xL-?O%Qcc36gRpL)XS|hinemga&6HYV{pGweVTeZBi>fAQqDO(QOGjGQwrwCJJko-Zd?M-HU> z$bp++8=v#i{)vIAsnai6w!8SnDQ%e*X>LnS`J4u=ZsB1doHLd79PzXQSW{~83eMqA zDHki|0CdG5@{i-mAU}J}5TOOHB9(RVq;$eF(@B8_yCL@0lpOP;15<=BL%6_A{R>%G zeBd*$FC^!f0$(xABZjV^!ZRe?ww}>WneGe~+DS+Glm<&_aL9;w$BakjvRv2w3m)$> zDl0OVj$d}*@a)CQb7fw0hA&#uk~#0d?7>Jf^3i>@iWI+tNl`MsJdMWJSgddwm$gZ? z-Q%1xjUyvfT-I=P-rkw3nhF*_Hl56WWXVFibwOLx{VV3&Id7F|a@mB^`k;LW^YLKR znb7V9Uoz#Zb;CO*Ixh>ekJ4^?XzC*PimQkoY!VP{av3dJ30z-4sAAsU$7Sh~hoDY*8$<3@J!-|?^T-*t|>0@?7+$H^wYU;jN)hJKM1 zgk1FMO#j^w?ri7)u=n(e!gYkeHsRXbL+4$Q@cj_n0krKk=iQ7j?o%iUhJPCUX@ysv zde6{3Ah@ITYiZvIh9TYqA7Qp|LLvYf-$2`pATOk02uY(k=0FsN>63~UD51IbIoq=G-i@8VC5XsF>2={?U|`tC%oKx7(RI^*(_)Y}eU_L0#a2x}sbktiq3I7Z?P zX=mKW`Jawo^X2I3JtV$u*52oc?6{ThvlOY7PQp#zvh6q#&WkfmxvzREpOt#}Jp|4! zCDQ1l@csk(Srl;aivf)l=0<@dh5E7Gz;+CyZRdQywSk4!;DNV{g@XpRX$telCI%f3 zEY^r(f|67zz|H8d7m-i!xWbKZwiwL)erPV~d3H95y_UYY7O%KT9B^>~SKyxxV=DtS%leM{Ai&sQR^!#^f6EQh|JQL zN!Qsc$MNsp_aJ}bcNX?-TF|$A90}gH?VI~&lVydzt-7u6@vr}XoqY#jR8{u(-20}b z_d)_8lR^*zB$G@E3rQ$OK@|Dc4vtv#fV-e^NQIJ7}(d@?UI8rgieacuffaO= z29_95Sukd(8x(2!Vk-c!$`w;*j6Dh1x4;=1uDj8wgi0yKQHO|!A~jvSsElz5X~iWb zmEl@4LQBMm&Z%GJ^yAVVZ(vKmQss^`DLW&4K&Eo|q1e7r!Bv6u1si+)>6Zupw*G$1|4Wp&eA(gQ14mzb-NZi8rsU`-eeco3(<`RpsiNCL%ocui z(Zt6rh2|?u!uvegXJCXdR*HEi^07sa?Ad$An(Yy98-^E@mWQSkc9 z*)|f!zU8mlMlM`F^TN@Y%a_m8=gnNspYu{I^ikSuBMJ*g*xC{kzaqD~Ux zf5pvw){Z&t6?1m%m?O2$*}?Ynoc8-L``59deCtK`9fS@Lpn$j32tlsI%kZ_}$MS&s z-3Y#iTe1FIgPYwCffjDl?a(~|j_Vh7ujuyaUc>ny=GPeJh>)pYP$mm*b6YgJhJg^& zO?S!ncJ+$D0w}rYPwgKa43zxnqSSEuHjUA>qpda3T0u^WGKKQCn-^~fR_Zan@ow=w*p)exNVZaK!6vEa&Q)6NJ{=x)&3nfE@xj2n9Q=zE|FNG`F(>~xq=n7w{FHy zKRj*2^~#2jka%cMn$1ZWvGMWomSl4{8?Wyh9}>c94SnMg2D>bJ zmKDVsL(R#S1pF+?#&BgFvm{1DDlh5#wjXBI%EoA^w;oT3;@*kG-elMBH*?l{;6U_+ zYmA1`;~jWz>u`m#vNtPI9@9r5{BEOx%^S%^Z2kD<-Db%KL0QoeyIDk-^45cF=$TK< z%Fkop;^C)18wh!;`&dELoyr#<=d$G&II1E6H3q&!y^@cItgS0C&oAbX_3-@S_H&D$*B^bVVzAPC zaK(s0(shepWp!;Mm%Q@IlB{RgVDbj%lCsD#9qe{ly_`_`G(TS|~hRc*2J6?C+Q0C!9%4Q$l>!|4; zseGhV%&nK+*|+P~^-XN-p@az|46~Y*KFYqS*B)i|!z)Hio87Tbx$*L8Y!M%NVHm6B z@pGov&r`~j4lZIPugQcBmtMbS&Gn`FpKqQu z>%!L35mLuhciwqbyEHI2)9K8RZr9(peq{Tk0&86(Cet*Z-hwgudNG@(+g@06{I`AQ z|LU*KRY7OONduJ=jV5Re?$msg7Joy0n)oPRq{Yi*#z%qs@0ktD&uqPrwe`$GN9e<| z>#iEa2E2T4`#q7j?%cvZPDo2j=*Xl9AW#b5j_>Hpo}jNXNtkB|^ICkjZas5mtN(Re z)tmkBsOP`Er~TfMC6*6Cdvj0+WnxXC2aTsU;z;sNA4ouy%caM`r0LVX9EeO zYS#4j5ndMWV+lSM55q4D5s`?a{WEM{tUwldbgp4s!n3ZRRq(!DAhW9D9S+G5|QrX2Oj*vFCS1YFs{oi^^ zIqCDQ>Gpqj#t=(n#^4N65thLj8G|iDW(>|4OzMUqxITX@>sLQz=XhUFC*Sz29&sZ6 z%;y)Wxn(zHT@nI`+zI&w)ww(MnQb5n_jrx+dmvYO?a}A^E`|!i~B1M{y_6Pm?06NKS!kfclVKmqz zX6HZ&ddNwgDbVI5%_-=Brb|?lI@!R!9SEM-bH;csa0iotBEwpyUvvD_#>wmEdmHM# z^X{Lt?k`6ls(pX5A-%UbGGUmk{CM-y&u(R@N9Mh^an;ggTc*`5y`?IxJ|@0z%wHcG z+Bn>5j!NkDr>ADTs_09lJ%?Uj{ot|U>GPH@nK!-o`3D}{d&O{lpSXm`WZQL4|H);C zS@gBHZ`*$RwKvLDE!k=Du~)@EbTm6RJ0U7Ab<~&(uVnX$(&n@+AbqLW*BOWtZ>n`L z4$(FO7?NnG04zduUxDPHVC5|Y9OA`Vq0?N|WDxHfpb>(k4qNkdIY6{bnm!3Wdfa)U zjf)oA4p9vqUtz1@idoXzLVG*C*M&29Xfs*5pMtc5ojfs{?>?k%pG5bH3e)4#&F++b zQqNc@x{mIQ>{6?uOU{<&oBAY&M&}`Lzm&*=(RvBeeELPi_D#$-^+OT6m0RWipCrni z5fxhPTY|>A2_rT!{}sw6{z87KpxVY5zNaKp0p{ouZ2!64S1WkJsyBhQxC4JLBdx&cnaM zI$#W5?%IR_nhw59IYJcnfBqCFiMzLd_{kR1w6#Dn67d6oAro(PBv>Gd6gwv-33trI zG28!;BumJKh)n>S;?T$~(ocjDU?)QU*Tf2z&4#874;{(|;zD_g z^4`$U;VH@+%7?M=M1cPgi5`!w(=XWn#C)0VzKzn&(djI4ID(0bVkCBkCX4F45mQ)k zAP|DVSi&Ni4jaqNAgSQ4>7qAMG4_H%Xi1R|=rhSxAV6A#f!o@YCh>}yGpQn4W-=Y; zp;IdDrrsudMQ=o#bWL30q ztDc+VIK-}TeQbz?C-N-j6mz@@FTeN7%z!k8Og!cnZiqgrlP6hl?E_B|iL-V(RfemO|2+_EP}Cpsyjjo^SSn*I zh)(R!AfOMe(|xbq+z~!{(TnvDe-|A-e*9%KUD>Ifx=XvZ!^e$FzVX=#LHDm(R+HO@ z>wJ?xN$Y3O_e<`u#8-ObQf2b|vv2XryAS?+!uM2?@+Y;wPOS>uE+7NzC{cgRx*xj=7It$h+(2BjsX^>%pi2m;2Oo#m-1A9P$; zg{-FaO%4y7T$J0n?0dGP&@y=pr4V*zZUWnA2(s0xv6^lDO zs5P8ase4vkGZWfG)ut!G$HNURHy-{`Y5Vc;jU)Z@E=vLbUf-0VGfVs9Et9AF3LC@b_)PKER=GU9Z{Oi^dH(pK z%y2}72t!kolcM!ueKXVIX748AawgnPbS;BYW>GC@!W8U zGLi3!Pf1Ns^472V=;wiBDzdUF#ti%!bGXj)*gJ1AMqxgK(=-;ZGZ8~INwo(bb#TKD z?WAta#SCWHI7JKVW3%YY2uk0geDJ|(+W*6zBDMupw_5o&mQIUQD9R)5MG1b79FmVISd?f#Gr0Z9 z5^)n6{1#ws0Xrb_mc(e^Q`h~N%>Xtgwkf5bNKCom+R5RG%KEm=%JFw+$Mj;e+E%iV z2DVwb5E=Rn=+um-%8C=EoH>P%o^|HJCF^}{I~*z7=!KwCgkfJuVNpnU2f zU9?oTYBwrexAjbGuDQ?fm^fp3$D?!}rk=m)U%OoS z$2Mw#CEY-UaY-_}?Bi`L;qsZgqf_H&Em|}yJ~evx1?@PEz*Srk8W+ngRQgh_sVzgzZZo^v-G#;d~}_za~YcH){Di`+6XNb z8@a4=<6FO9Kp&pY zAc0f6R1)Z*CQZ30y=Nr|6#dVYfJRW%-$S|T)fYopB#?&Dl@YN*eHy6)CEjWaZlnv#VJe^ZN?b`m`?g&JdVv%3sutP{oQ zO(MrL^uNV>%O4OJ!Vrw8iFgJ+8Uk-6tC*}{Cll4Y!y=$qY{40zt@W9 zS7{LD$300AZml0a^7!LN4zry0doZnO_0_LiSML*t(EOL%=FYv1SL~r)vPXDG|6H$} z-4)$~Om&N1BUVQsP&&cqOMpn}j)RMtbMazG-8^5q<@3|qO4a@b1|xmc`0-InJEoO_ z29|C+{rMJLir07kqI_c_+E58OtTVu`^*cC+skNYMIHeRsSM4=KiD?-hB!GmRIHeRF z3cMmTiAgGB**NUNaHE5iWYim~3#-%|(LvLgu}60sSDx5c`QiEF%H~mlqxVcOhphPg z);S+e75LMw<&{5WJhxgnDmwimr|{q2^2rv7MZRtO_*PV;)QSp(1Fl8bKGx3^R8!R1 zvd*fr5a-*T(&yBx#`?{l%)Ry7d!y7oSkXPy*s2g8FiP1J->+BOHu2fsp42DpI4jSd zw_5q7-GpO))kWC{7u4ZDwX=`0sKe>HhW}89z?uI@c!Puq`>j^3Dh2L|X<#u#;R5@* za4s4zhqrXE8dPDr^3$`Q?hV|If`bFL8+Bd(%S}nWSj67bdspvzOY4<7pdjvsoAw0c zb?fB79;sACK4I-i%}{sGDD9~k3$BX#EzOSE!!jOukwx{%SYQ{u@$VWMLMAr`(9&(J zbz5nB7wRb$+ejY6#qsn{#07y#Y!H=fF{-F0TJf2FGpZI}WT?dWD$r09fr*_!u-h10 zH46SE4lf3S7;UKe-Ep=i==~*)x3Q7wJqAvCQ#Lr;Y(59 z7kZA|G+rtH660?v_FysoLJl>DKsg)<#}*aax+XO?u|5tmiv}4$fK~bP$4HxVi_25`O|^S5B#ZdrniWoSu8~foadNl4l=b@tgJf`;_yWRrft= zYVA+-WMaBFSE4;8bsid=-_gKY#<2kFnl8|kQ{)H(qJ}&jT~kaVMKlBG*gzTKwKSpy z)G1xZ+ug@}Mss;_MxE8w3o^ljiHj(pun@K@ef}7#-Osh3hX?`>9%ORuZ zm;07)K5(GJLT-i@Yi8SyOe>%C^_r3r_D;yA)sKJO@dP}kWP(KnTMW3&9{ckq{&!7#A`1>)Kw&J|b4{xOPF~9`QQR+7wKF(iKZ~zEQuCMepc0an8>A z(aZXTW`(6C4zOlJYT>|Xru2ph!$)5?t)h5Fd46idhff_)&h_fkD=m>n6^tL4C_V0c z^{$4(rOKw6FYLJG%8HVldj{4FoH)j62z{{c^e@@8v=I%HR$pBJCA zo2{1`GDeqFg@;CYZvJL_ZSD4N6ln9t|F97xnk5~aH}9bG%>#egp;Rq*&O6Ah*M%5D zEdz6GWrJ3G8m~29KPpj*NQhr;>nb7KZ3_#n=?X(>9hMUm14XyUej&@=Hkcm8x3k zP@j}B9k*jjCbT7Yv%rr3`+q@ds)D2%j2icoYl%KRXyPJRNk=*{GeZDQ*SG6@(a?e@ z2GR`~T{>hILRKN&>!9fzmiv>+gCvS*A26kR7=d-_rge(tejA4hUA+Gn$iY}u2fi-n&* zAD3(gTZ*!&>>7`$D(yl?Z3-42@uxBT1kun!G{i!jGfYQgbf>Nj2k>IEhvVwj+O;PP zQ$BmBqavjrr?Iz!!B>xPFej4l+KPuhgSmy06m(jgc_s?37F^h~n6MKJwso5&$6_m> zy>L9Dm}%6twkl_f*%(Du*5glRV~Ultt*zLV9mVFeQHsv_zEP)Cw6?Uiw@Rcj2yT;f z7mz%D)V83OpqDfrWDBQ*h z_nx_cIo9{$(I~_WTL0qG_LfC27!F4D?;my0@WLXgW$BA;t>TR+c9g_N(GQ!0J<=9^ z`;XEOKKMlGcfF?ihk5y2eH*o+1E+7o$SUZz$?s-MeNvX~r)+g}w@@BYNu3u!hnCVQ zG|5=S)kv`5(8YY11)~?8Oj+V^835PZ#nrF^ldfaoGNbawzmio{o(%BizM-U$RG@%fd{DePr z)MW*QF++8aliaBONDsP8K|6GE(?jp_hgpQv^k7~^Tj<~inailps$dw3Ta*QUA}!Y4?;ur2xOJ}?A2Mp=K@DwkpU>#{N6+t)3N0%Sc75)g1 zw7c?%xCTK*=v#DGl0x1FL3P=KX~0h>>9lgeO!-HAA|8sD?7~fT7x|?0gDMyg!3a2{ z0k=UaZ09d%gARhHvT6DZ0u^6a$}mA?C>iJy6ZvVq1w8~@q1>3%{MKDX9?UWx%2YN{tOp7iBc}s!2P;gHX zszoiQ7A{qkL4!xw3d&pu-l}SRj11(Gv!UxEp&v> zAvb~rOgiedlj0EJT141{Abgh&cQWgtQyOL{N{`$KmK61UnySOC3F*0Ez9tAy?N8<) zeK4KZT@v&oy(@h+PlRg~7zGwGU&AYDsC z)HBLa3b$BF3$#Fi>IlXM_cHh=2kjbMFs|;p9${DoU_?>G^oU0zM@MdtN{kv8wKe*>=oQhQ#|(&hB({HSOPn>H$Ipo0n-HJi zf++bFiS0>wNehx%lg=imBv&V&>UCYO{V4-drlo93Iht}NH9fT~)s^~8>KDBedspXDe#SD)a))KV<&%t}j71q|GG}CN z&s4IOWt{}4)K~o$_1lk&=@WA1=X~A2qJM4w9sN&Vl6XnwC0j4~Xh6k)?YZXMg@fV; z?HY7qaPHt0gHH{~7}7H2lf26OSBR%Bae`@U#G z(Hq56iqDlSDNQeRmF^vC9D2?0>fuk9MVAdNTT*tud_hHYMOnqX5mQFIG_v=|Wg{OQ z`SqxYqm&vEGw*T^Jm!BOoc1**VWn&&4vwzIFvHizZj;$U0(iQqE zrd;vEIM2A_SJqv*>8j|f)?9UVyk~stgxCpn6V6;c?dr8xpPraJan8gauDN6KfhiNG z?7cSp+LCLRTzmAo-q$r;_smq?)B#hknYwW5_Nm`bE1R}p+H2F!UqA8sUDMO151ZaH zUAdv+h8^@bBYDQM8DCUY&g?&Pt9`6}h5d)>YpNfqK2(!lb64$*+UIJ2mUHE`vQjs= z?uB}D{rvi;8xk9qG@Nj7$4JK_$7{3nvkGTTn{}cwywTP8bmKW^wex=G*{1ZShNg8* z2VG{@4A&#BbM7K{i~FD_-m}4TZuXqnN4$C7g}w~mM&Chyq5rACfWVG91Lka>+i&j9 zd3nth^GoJ0od5of{cm*LxOYL~g0Tx0+?0OPft!?tl?y!!*DZW);n|xjZ+6{$Zqfe5 z)r-GaGGWQOCEqVCT+9k-vo zW5OK=?;LmM3wO=CYu8;r-#z8-l`E51o?W$O)%UAQR?k}f+&w948t(0X@2Rz)+;{2$ z*8@A(Wvm;!ZpC`zdguC&HjLiz!h=&D+`DnW#`zo1J(RX-#-`SXS3eT_$m&PhH&5Jr z{L#8ck8hc^<&~}JTQ_Xu+bXu5*nZ-%B|EZq%-C`0@#@FV?CiI*Vdu#w!k>6$mu{D9 z*UnvSPi}uIe7AA;%-#1tZGF1#&(VMO|M~1Q+n>#N_L=8KKL61Rd-tw*vF)XkFAshB zxmQYF+4^e9t1Yj-*1Dl}Z|k@Fvi5D?U$lSu{?@-t{L34!RlMH+^=IA)ePhKNuN+7| zP#S_#vtB{R(AMtC}L&8 zCItnHlKO49(1O7u2trCENsDq?z@)e!8bLvjI{vPikf(VB0ja zN%shg*34#HUwv9Lhv?$jLCqYd8^Au%%#pfb+^m@o=8h+XHx-IivUt-3tHS3MZ! z5jZt-Lca**6E+zqxH4P`x)x=xMC>laIRgCFPuA6mxYAJyH(dOv zBl7vZdLx(`gb1cu2MBLB7_w7sP%K`gQH$_Rq7EA2W``@eJ0N`|08=m)7of;igU~*$ zPQ7rUR_I=JH)FaBhtOFi;G z{P-Yvf^ANR7Xx*7K_1o$aQCm&tzr_c>lh&Y4X-~zGGizUW8rw!0SrXAskK^nH;aY@ z`&c|{70(h_BJN5hvtBF(cY}LF+98P$Nyja#3~cgbfvd0|1Tgexm#_hl|D20w?dd(X zJeH6B?*dlHY!Et943R0NY$)Wy3}eF~AEq3TQ4QvLh!jqVGR?TWyEt6Rtt7i?&!Dg{W zye`tjT+EFb&1_Jef9fJ|?&V{C7GQJOT-*n0#(v+8YyrE8Eo3+2Ap91#h%IJI*iwj> zzLhO!x3LxMc6JB5likJcW-Hk$wwm3;*06ioT6Q11pFP0VvGr^Ndys8p53x<`VaTi4 z%pPT1*jBcUZD)_M9qe(olRd$9u_xJ6Y&UzF{h2+(o@LLm=h+Kv58KOLWG}Io*(>Z- zh~M7F_OrjR*Vyaq4cv%2z}{j9+1u<8JIs!-ci2&Oj2&n1vJ>n*c9Q*-z0W>ir`U(= zBla=-gni0Rv(MP)>~HJ~_9gp@{hfUc2H$VlKiC=e9XreZ$-Za*Vn48dvvcf6cAovj zerCV0Hg_r2JdVfn1fIx~ zbQwIE_ku+CRNkBS;c2`tPv;h%fyWKAcsB3Hb9jG#2_L`*@?4A>gZU7i$Mddnj53|_@&ayzfq9p^Q?mdm`3*YgJM;Inumck(9g;%@HY zv$>c1xSt3396p!NMB)w#ijF4AomO`XZT<-{%BBV$u3a@L#NU>6!6fY%6iBgi3EcKF7q*UD+Q^4iO z%NvnLx-~B^sOM{TtELxddZDJ~wo%Lj&x7z0Ys=hSH}>Zu0n>^#Pyk)z>+kO=f>XmDBF6m$|>e zL}rK2&)tniuiWIGBb(;C-Az>vms#lUfM0Ug)fs(`dY9cP)wt^oey`ovpl@(D$!5eR zSJ|C@z2DI!>%DG!ZFsGFuFDAnIh%tPW57dh28XNKJul4Tv^Q7PIJ`AZ8EJZCyWixM z>%6kB!Aw~Z5jx#9jruyLy*?C$sr59tU9vB9j@ub%lB8J_w%k%tI z4YH%Y!5=Eja~-w*hEVv`yQ-XWoj+VP*2pfu>bUJ4$enr8)ken(xip2`yDaMdE5 z3a6Px*vLA2jZC#xHOEmayGGwBVJZ>{XOp{8=n=C6GO7fT zP~Z@UtIn;0`D(nf?D93Z{Sg|NiWMOMR867Pc3047_j=uPMNNjOMv)7%Y7TfpRfE6? zQALDD$d1o3U#_YPIGy2|+1F%uI-})zHBNhzy(?S#dPkjK@09Iz=p$a)EH?wu&>A6R zsByY|ayaVC<#5%DycyVvNoyK3D{rW$us6WZI@WUqJ0{?K531w38# zNcjW0`{&BCKLSPfcqqymblC7ZV4>_)6ARNUl!YiQ<8x%M-+>fkG<$>F>zEJpwL3$A z@l`dz3xBwOuEP(!R4bm4jL=@#!c~l~LgHSx)F?OW(VKl{Ez7V$YT4-wtD$PGL&f^#&;~SPm5SZMNd4U;OaV`b z(5XUVROGC>h>@{9Ttoy>J)8obozSc3-2<2#Sh23#s-xtjuK_R4?fFDiiX%6++Jpz9m9=*>#M-HXdsj3E| zHUi_^ULY3_IJw&iis5xM%KipKSl)q~p5dSV35Z2AXfHstyLs93lzlutVenLicQq@4!8m1aWU7_EAvb%hGpW6#m z!$*LbgbAG|IIw2fq4c&{i`r z-HW!jgCc_Fg@U#>fM^Ds)n?EIv~#^2DXLgxgNCkf)v98uiH6durrI#T`WxInRK9HX z1sr~AF*6|*rD&|dKqbodgT5(6|#~Z$j#JSB-3Jl4~0s z{;)dA5>lBZBkMB8fd*0U`ntS2Ii}VfKtoj_pZHQ`#`bVg@vnyy@UMrRS|#)%e3)t! zfM(T96jj7eK~1%?uMxwB(P{UPCJ@CR-sG;Pa*5s;uHn1Dx6s)Ew_nX#m}*qp8Krf( zP#86=0i(aOIaDJBsF>*PB#`Pbsv8+3d#F6mLtPX`v@ROZ;}a7QgRco0G1Os%a7j&a zgQ*^)yT@K@2ALChVWznRfkg^~AT7Y_S~KbxqnF)@9#kubhzuc^GpdW;X#@zwL>(+d zr`OkjiiHqJ6^6@3A~wKEeU-JiG_2dm66On_N22>WJV5I}wQ54Jl7etgVE%lnJBM5& zV*sTHX_gat(MS^=qp!gsJ8L6@1C5%S7#gCgKwg1E0f(;vHR=VilWE|YS5pfDrH$Hx z0tf`@;i4i)4<{l}-GKywYVbEXZTcFYufPc01j!6lsVY^ZprSsEj&ZLj8XVKZM*fJd zppZVc@MesrfofSD+BA!P9-29XKEk;x3{|G77I=e6HAp%pfI;GgITq~oUVD?V4s+T@ zuVk-v>Fe@~^CPPr{%R0*P-C?jKnb1RFu%}*Qvq%{&@lq@kWEK5jV->$W)B86cfjkL9l)S~=>Sm0ZL9-XcFKDC&;agt zcqCtdnzpFOM2j2899gOk)blxwhPkq%+Kq*S3;zgEY>gCUM|V&uH@Ouis09d)!A^Aw zPF_WkwQkG@#PUO{{Nj@EIhcxLRx0v@P$hX0>c}P>s@&vcrB4BUsI5wD^eLiGF?~wt zBbIHI`6KdB*YVJsFZ+838=JGUsaeVAgaj(h{8N1QfRG0^#!aM@X&!Z3d<`Ymp0p%l^!h9rCm`@P-1d&e=`C8sai6v@f{wRX8 z5}cLbtOREzI4i+f3C>DzR!XUWQYs(_aLM9B5CvNHMr#p{7Hi(h{Lvx=ffi^tVQF(m`eZ3M0%6D3nj5G4dr zLJ))(g@hM{gcpT`7lniug@hM{gcpS+1W`&5r367pQ3#~Kr%+#K70n2wfJt}|1R;eD zNP!O^Y=jgxLJC_R(y-+r4I5#EjWEJS7-7pRHO!GgOJO9Guu)t#LJ1q8gpE+bMkrw; zl&}#>*zze6D->3J9Wr?l-V&_Su?ry8j2p&Q&b{ literal 0 HcmV?d00001 diff --git a/fonts/fontawesome-webfont.woff b/fonts/fontawesome-webfont.woff new file mode 100644 index 0000000000000000000000000000000000000000..8b280b98fa2fa261aa4b0f8fd061f772073ef83e GIT binary patch literal 71508 zcmZ5nV|4D$*R5?Ex4gZzZQRDW*e6!Y`lf83hk~Nu?WKPbw z$cl;r0RsU60b?owA^c}IF8;@VcK`n-Dyk&?;~@N_0s@oxffm+O;DEKhs~r$9)PHpee?SD11cGOyZ*Bae z4g6eR%Fp?I83BO{cD9aAK)^6sKtOOeKtSkOn_2=~F2)8XKYb?}eDah2Y!_cIIg6f>yjDm`nA8I88jTK`Etu#QEh}Z80tget%U_elKV2rT2HKk-F?ythpkmrA%jOJ?v$L#hV~Mgd5*Wf!EI$l(g+8dJ zU2TXWntYJ^!9UE;oD|7;mOmz|)Ttu%a+j4_$_V4ng~@ZXg9TC}EyASK`Ha8%8A$^e zi9S&hSfNA727+-vhN?gMrauOvKYE_Ej=8#wqkG5LJU7|qI}Wy!7X@e%&~M0YcxF5= zeM+XH>{Q>?Tx1W1g>O_nwt>lya{e0?Klk%zEP}YMb$CI0DlIO)v_E$lKc%wSHc64k zr%t4S#nD?rsR!4@`&xm37zoRQVJaaF1j+w~*@FmEDi^I(YV!ireya@Hww*4ESZG?X zeSZ!&HGP&fc~|mj65rqPJ$I#!l9J|qer*#nUT=EwJa0Kp@f>p_IBIf4tq8l?p$r=b zIK+$yxIv*WY^ZRzC_`neQ8^T|zaiQye;3JrzmjCU6vP~#_3X#Q;7PUM8BneuNgKxr zV2jL`+9be{fBf~VYjuSjbIX^%w#(v`uW}W0WWU0=yK+@a!Sz4+g()qv8*S%m>NuiZ zKEGJUnTvpMW(E;`QL___k#ROO8mNge(Z1lLlX1np{a0^(gvD zYFanA9@KN%JFsU`T<>-}coVjp<`TwK20AkSC=R;!0zjx|J;;Se!3?ZgZvpxwKCuvj z>m|V(Wc47&+tCJ4zy*X)mlKw_loJv`YYP>8DUnwYypNqfmlQ|qIxpIj67iu#={l2W zp!dcAiE9|JWS>RnC9*{owVbuMzhy0V=MjX@tnP~5p-|XmB%kkL*lP)6km=Ozm|y{; zg^T7ftnT{PPK{)?1ohyB%7m;RKHW3f<)s@jt=c3cHjavqJGtxS-1&vRZRL+{pj$&V zYR5|QmUUr5Q<~)Jsl*VaITbsY9L})mqI2QY(I5ok(X0j|+%DRhOifo`^CX^YcXz2$ zK2#wh(O&S?7PnfjH8dUZP<-tEGF3t2jk1sy?6?BNxNByJ$i?b z!8EhUO3IyNxYW$Lx5q;iTI(y$4T9zaxS*!UaTXoqCUm-16EAG9mLWKAJ1oZ8xsEC~ zJ0X_ZVqA}}-{NS$_=jI-J-+d!V;=PFZulShbbWPiQ}b3PeuAg86ITfY$b*OF-(w)} zKm(;IQ>K`ZNRaQUfMKClzx7BQI8n+pie36aJMSf)eX?Ahe6l6T9Kt_%bG2?ADibP8 z$E~WHy1!d1W-2!1JkJDcmzG_xWOS&n_~EqAPM%e6o=q<{(sfJ09h#8y79=)A0f0x>#qVL$i}L z-UPo@vTgBiHeYt!Pi3A)uG4ktsdR8`!ui~)V`_DHk-X+(d_xRlpQgo`b*hxKCZ6w3 z?b7a4?ExI0?V|0!hwKG8(XB<{4e%XWOo)Ka>tA9s!Wc{FXh4~HzYL4`G`;pQQOCqO ztxVGodL89$WAh0>ruA)@MN7s?kIEG@E2Y$e32TB#`vk|7^JaulIl^@&U{p@y3E}y8 z&PW%<7eb~Kb{vb}u|{3-Mgs z%R`3kd6Z^3ZThh)c25_7p=?9yP(F{vc0&Qah%onBYWl+lf>Q`)>+(x0yscho zLkh(FGZQPmBt8>WP{RDnm2kt7B)-uDz0E4B6~cn2&E7?zriND6;Mgn?IcbQkZA^Na z;GzS|5qbpzB~mciu#W~E!`%KdfUYruQI3>2!tpL8XTcHn3z;4iOz|lZn@`(ZrGtr= zU&SXnI$E3ZUy51!)bd*nwni^oENw+^%+0mZ%^fa{6#g~|6yXJ`6feG5jTpZ~A%ktm z(g(7;8Pq`9iMC13yjopDkiNaprdZf6|IYpT8mJmZWYtw6tYNiYsdM_iRgJ#ZZ8H{% zXOZh}J>A(K^!zUJe(8UeolR($A=)nP3U;rCQcFvxg{Ahqe3OpBbFgmvY7FulPfMfm z`?G*~+xKfdhhaTuH(Rb3S?n2{Rsk3j{_n54qvFf-k?5(T!X_jeVg(Gf?rO7SimO$i&9tp<{Gh9! zH1V8LK+QIu@wj$Oois$2~9n%JTF%c1!( zDo~cyXY*(yk4-0@Aw^pBcr9(9LF0nCzJZ2jJ~>Sa!tsTmKj~~B7+*Y7L~`S(Uj_h3 zuv3Q@HLBL*-IP*%vF;qaF>5ONu_SyB0Bm%SqQv;wIP^0YvHX4_<@rZ^9N z8FY^tEjgdp0Dn`~aNZDT;&ij>;mLub)fR@*;s|mJb}Qt&9trX!-AwFtpCc{NF)y6m zP*p#NY!`VcvUx?`0XK9e%G83O(PwA^HBQ+>6==o<%wlD5XwdoB-T2dO5%3L8DaA!2 zzC7h*Ld3t-L2DNv0PXePdU%4~&b#5z^{wJRPpVv(Fy)>WDFO(l0L&v;gavi1_%$xF z*n?J$Ud3Rn8I|DR)FVe?esHG!HR*jz2wYr#(t_*A!OV78+^!OzgQWqGvbit6ohG3l z8Js)cR{o)$2tI(d#lV%Kx8&ByDG@LBDj;|YIM1O{tZ1x2O=fllRg zC^8UDV9_J+JNB1iyO#3|Q(tGB+~NKNxTHoQ{YEi6{H2AdM_Jfe^Pw^%)xMs1l3R}0 zN*XqtW0q8x#q4W0)*F~(pD35m83n>lPYVC}@)RZOyy2%4*<3z7{%A3kRa@Tbu5Kg9 zpGGX29mNmhS-#Y1&zYq;eVxPgoaZW)`Z)Rj)^Uh8JZJ6I2C^*n2DK# zM-b{R+bgPkk14b!>9EzXOUJ@41_#zzzE%T`nI-ob!SuR*MT=K$ZdUU9E3e!lqC$)2 zFh-6$1HY}I4=!SobUcd?4lSgjZW03u?A(4w2$RR#B3GN{#90FDm?TVF9+vN=Mmd_w zT0-S1Pptt`LtA-d3YW&0-J^>Q1{vV8kg3ikCr9_yl`JfA}m`41mGrqixHu2AK zfyZi18+iq%Hoe2&??+ybeVsmOmR2Bk%zs!Ke2`!^|A2Q{shH%2#5f>vG;P4F&cygG zJ}*>jxsB3(7lWse83~5xSV|=L=h-ND1BVRh7o66= z49^$-l!^9Qe-7bj6GWk;o_2`6Q{13Pn8*P_d5RN49KD9Fon|=-8`~6i=-*$vv*LXl z{SCa{@+_z+mG(OOwafD?Sw-!g^=V?l<^t?KzsXMg52fT);{Kp+0v8Br#?m6$QfTSl z@AjuJ=Kfl*W)Q~gigG&R>(((VwoCmpi_Dm8Y^T0@qt`xewn8*mrfF9qus=EHEMsrN zpBf)Q4AXe57UJNQ{vIeOeK}2d)@Ht$2@7-9UN?zb=>q8ZjHH>~#FI7xWOr{|M8a%* zoS4I2vVS+9d^qWDKjq0OTCTE^u^i^`o(=jywa_?oahXs`mlm15W(Cd0dNl;8z=d`@ zQb%b(@~I)6q6Jq%aN$2buvh1p7-NCr01H)1fEA@&J9+ju+CEaUa$dIuuR2ec@TqoJ ze0`+0t->!);znwAPCvqn9d8jQ2!2wsG+kI_l`5{f4(vC&&PN&qBr?Cu+Cr$bT0+{^4i$hO%RCvhA%^^V4QG(*m2a5cv#q z54-IDr2!_HNXRX%%B}%Mj5euNP$>XI2h2M?md0ssp1~TMkSeV}6R7>Wg`xuVa5~en z#yvkP7y|KAq*JAT1DZR4Tr-rfUiAd> zQu!>!?qMchl%(0keY)-@-T;xoc%6^tg;9SD)W{$f?qm?lWVt_B&Yn;^$7AsQ!q!z( zJiBT{LIvELbPcs*tjd9`F1cIwoFfRuHD>%nenmSvC__0u5`lQ*S0i|C~4JrQ;?dKs2XbRirOv|Nb1pVFucw&cw;s|rmDX0DWX}lja z0*4Ogg$Q%Keq)@Jhe*j`e|a-kvZP0JK(bHs%p9R_3~sRcs^y4NCtUd-W=Qw0MVhoT zXb#E0;a&Su&eGJK|?D~k&Z4#e`fofr>XMU}wci5@?&k>+{mKQAQJP>U>9op&v3=T0j&c({KTvZYgq}4et2YP&!%pWOa$`!58birqP4JA{S*Jz$o@-N3$JWM{ z{V_TiP*3ZdrJ@R1syh>)tGhLRpVx$$>U(s3&?0Khr0T=(Cb%6gHL-jem>U9d2+~u`^LB$nl_ctl9VbQmVy7Wc#)vg;Ou^;U<-(LHIy0y|$Rq-j*dQv>p-|Wq1pkX0G}52GYH3FV>g*QwgWVo9Ej0W*Tgk&H!#Nb9^^4*P7Y3x+#6-Cry!s{G+!; zzTubk7|r8_^q?!_zn4!o50jx!sDWHx^+K4$k|WWJHUyX<)m&nXI0=)|NxQQHy1Ivprd9|u_f1!#3tvegQQgmn)uf$EP^!i)@t%+rYb zZTourqdlQ@$Z_#lFdUixVh?>M`tS8sshus0q@VqdhK3O*FxDT zKCtXbAtbH$MH~n3Y~gGXw|4eC$CSFDdIx2aO>ZqVnKW_W7R}!oA>{sehXRpOKbtLL z&gr@ry%kf@c2*MEWdjjt@7toNrbw4pu<-A!&?(Y0`^!g0z$y*Ys4QxI?W$VyWU~+8 z?wl<<-0(@R`ezz|RmOk|?(lmF)}LS)B{)>s93GHzP1jW`*sZ_Xs=}qqMJ9>2Qq_Al ziQ@OPqqfEC3i3ElfnK**6S!3C{o!*UHn$uVSK5;P+`;k^K? z=zEX%z#j(v{^&yh=JFJk(U+Kz$1)YJ0v7_Pd$O3hY+Ri9X7jWdi8mex5SmKS^=AZK zL+6K{uyN9~k#F@H604{xidmVErlFN0jAN2vKt6t|sR!d*F0e&sZe#znhk-}LDQ9*_M97b^7lW6|vQNy?gV^?bqUILC}4&37BH#Y=a>x?!6*O?QiToE0?&5gcK$% z!ajB-LVyg`h&lH%!v`Fo{%N~aH@T(c8I=6@ucQJE8KzMbKL(ZjEyW26heGzGxDZo) zrI~}cdiHO=Mom;z(pQD{R9Q;NGkU@=LbK)%hEKzFZJxD7!%w>Chwo(8?9ESx^$%jt zwp+I0JM|CL-pP=`?8@s<#R<5|%mZS5DQviRoN2ijs$rkEf<^JRA^BCnLUYh$`*g4%{gY< zohsTP0ITL7q8gttCrU^e8Ic>VbW5X}oFjM=8o1ugitlX@;4zk@-b0AFy z6q*h^=5C7~D>+BJOacfTKCn9iGi=P}3@(O`tOlf1gS*2}N$Y5AAB*a1zvDqEP*^_KTGL3)B z2fQ1Gt#}y1uh{ZK59DdS5S(~Q*UgU;*R^FK{$?=lIMT#qtuR+%t^LLRvt}`&j@9h{ zib^PkM-nKN3_AQa6(d_Sj;@NIr4GLA*%UxMW!k;^zMYRcbBD^013_lE5}sia5dMka zVo6*F4w?RX$jV@(hDHK{=HCfj58{9JbPs+D-Bs^M(KeKo|P`Ew2uX;E| zEiIUGIdoGEmz3wl6Q1m?ST}Jr4Va|Fl6ijQ@lXiz&g{5W`HXk@y7TlA3i$re-FhwX zZf?>U^bzC}@vS}8Vq+uJD4Zn63~F^Uj%CDXDE$aegke?EE$W#AbJ`YJNsy%9mHLXj z*Z>%<108|Xy#?aM%)S*41K^k_DO$545|QSa!#6K+O!WQ&4LopIdIEumfu13C+hlS! zOf`f3b!G+{Y(U%*EX>%8)>)8PwXYDZ8WRk1-8dI!8`YjX8(i2C88`TXTY?h8!mp!KKH>6XY9EAtj7J=ymLbWq8p z>5I_T6$nsqg~P7v;8q)Bg@8NZd5Lz{qk*|hsoAT&VF~sqKr>@L1QYV`RB11DSQH<^ z_rUzQe6kz2Y9Frn3&2(TwD)|`HZoHJv`VTFM$w#z(+TCyeFjqyg0EfAXJ!1spD_Xwd@?FBzTROhmHM@G z?~!T{fk&6@cQs~}vecF$N40n_-6{Mai*W`n{S}L7rb?IaxGjP17wKY+aB78G>E#6H ztz_79L>d>lIS47MTR46NO}i-IpPQNFB$&0hvV~67Vg>4nqP&^4zfIqoo|9O(saL1y z3eAQz3;DxeqfG-#r}yQQ8l^^63ZKf1QHd^dCZ9j_}>2z z@ZsR_d9gS-9cJ`V@fAtD|8eLY?C9U^CBwZ*yc)A};z|5W_yTOZz3O5sYdOaUkOdNR51lI_I0?mZGF) z({Z9u4dY-!wBS{YDwRkoS*UWboU#&1B$x?oOfuU#f;Ivfe`K!rm{ zEESfu{cF=S%)D8lWGz>5BkctaB3!;#UW2MwtLz=+2?MVSIMiqhZFKC@{zZ~s9sRj4 zc`4jg8NwbD4j+^sUL<&kh8`VPt49r*!S~TmRIpFr&-{DoiC;sGTF|k9fI{3a{)KC? ztFW-YY;!M+NV?*%uT;iP`Br2!2LX&PbXo$KbLf77lppHjH$%ry;J5Ad~r<-Pd)yB%~esz&IVxqEXSrwLD=^S z1T5Fs5^^KpoUGGNeUF8RljU7YXO!+$zuL_nFdY^>DzCWkP~qdm!^jaREYBQ%{t;;f z+X_M2JfM>Yc$E+x$`VKW=TVc53*KkFgUJAEo{sCQLLb>$#4F7X&QdUs64LZdR>-vUX$nPrnN)lInlZPzJr*%g-5}lg~=EW+F+d@j$j;u~v!m^aYhh-SBFeytB ziZyG94kJQq7W?%g<4!n-8Cljn6tp0fF`6+4 zCh=(AK?8WmgNc?%rxZno3HodAL7f;O@JgvLQD`zHwd?<8S;ChlA$FUIoG~tJ#`Km0 zf_5q?bV&)*C=|R0Xv=jp$J*y57GpV)Z#6`(5aW80+$;!{Buo%y$?_fyGr;%DyUEP8 zA{Q)|^!cl4rpdDLi|3AdA(igjI~lTmp%Ugw8Ar1u;fWDm7VGyJ|Lm6%?_zYG)5qJd z79jie6ITTSSzXe+FPNdW?(8WMv^N6WMPoWSSGrjTrKGiAJ;XODN5jXk2u3eB}8{VPmeCn>x%z>)Y^Ws@KZQ0vaV> zItz&5UpRY3Hjm{C*7P}F9+GqQC-`)dy2vAir^K%y$eFs1u_D<)NW3rsM0ir7JZD zQbp4v;zTsZ_Xy`wdzI3{IU`2~;|x<29cG#Qs`AWLQcxE_vsdlG`!h4dJRefq*Ncg} z=!PmRZEZ@G;m2e5)EXq=L4sWd4RPRq^O>Y!JLO>>{>B^N^!S-1*{i$m54W?B7bBnv z7Oar)#`^{erVBlrt)#1Ou`ntt_>ze9JtK68m0*;%TCHSIHVrC~FJ+99@pKo(r}Ldf zS&9V@gr__!Xjk53oZRgBVcg!T2VmdP9|i>U-n9+t#o#B|s_Fe5!iOvVe#;ZFPtj%O zLUV%d>LWdK$}4pp(Q8b)ZpzW-n3`zy)zJA{OUi-oG&Y5@m2AW|fuPDh7;|hSIFDVv z1UXMhZSoqJIVC=cCebGXu_(BrdK0wxWV?M~9h}4 zuQ*EsjIMo%!q5dv2H+upI~5+m2V3$7eH@D7ce45cGXYUv8|cFjw`idPOQEcLdsOL+ z44Z7E0F>{6r;gXBOS_(%TSntK{(H;=3tbea#zM3A=i1EYdnM#%)6&rur%$}l5T{@p zCg8osdoh4cC-(D9wd;d_0?CnifV(!!H&R$}Hau$c>Y*p?zCzVzBX9tg6|Quxm-z5^B9tm@pj6piZ;fW}0=9Hk|)8N2Ls!IHFtM zzDAnu$OKLX7+~izF+Ja2FzZo=Y_rAz3VJM+KA6t}`BXV-(WR633h^iIyra%_`gQzx zS~neUgk+(`V4Ws=TMj|p$MSbUpyZ7GajBeE+dy#YW+m5#R*zOmpPX#0+pE zeW39DK|WuKpHRZxlvTdl)}p@A3iP^)F_30KxIG1BZThbr=6A^oxV1ffFSEq&XkB0p zs8-h@@1xxU1k?OlYNE9kx7#xKndIpmul!E_=KS#m=k#Liiz4l&-_IY*79sobCuByv zw$?*>m>v2)F)P2Kx5BtNmFxzN2vnNCO?JhdRv(wWi;n$$(!V;}-C;D%_>|FgIo2k- zC0>H^PG8)bTIH;^Cv-2$ud97vR}WyV$p@?S0@eV>>Cg{f3p|dv4w8J|dj#*gIxl05 znvS|%zLT3HTy}sza9RFndB03I9}6X+BH@ZCx(_IkLIe3$h9bcO`EX~ zvP{H~5ciE{I&u+)M2gqWK&}ON>%~Qgj^>%bn=rW@DRmVWSLNnLgCnzxM}U!;JZb2O@$O_nM8yeF<`vV|E&r`K^p0>x{H$8;5@g_BEB2boIx5`9iCX5!)zrIM8gAn-$?)s-zPkU{1i;>Tp00nXTZR(iK+lG2F+eo8B z2C_eFi~{?D&pYmfJTd;VV&mhwEV}%Dak#tO+`0ikYiVwwzO-8AR(eaUT;Hd{D8+o% zAN29OfSK)u@#rmU$WZi_Pn+c;FBp0kLWeD_ky$xFsMF6enD6O(=Rl&+s2qETzeqfU z!yAD6F{WsIb)_hw(Q8X3QL7@J{Ms+HCx54s%I7(BndusO8#28Ev9HUI-B7`dR%RA) zTCA3fW0MfV#3{&9!JMv2Q-JE6%b-!6Hsuqu`Ibz#H@7C8AzI0pPcQ&kz}s1l%3dZ^ z%p}1Lq0txSAW`h^uvF6Q>&W_<6L_!ExN~Ax0*<3XJwsn+t2za2nZXuXcfucFh9pOg zeW*>#Lg!IZlUl1M9KutV=F*M~E9j;uV2d}IhoE#Dedk}qw<&PhZZ?PEc`D5ULFTuG ztQzsiz#J`sV~M}FDRt(reo4ep|UWwsz8iJF*u42e=i?Y{! z5LuK`htA&D z%8|JpcnFxn^J8vyU3iu;Y%2lB(7pax!~=1PuU-lEzMX*SQ2tZGii+N4c->@uCE{OgMR&=cYvRzvRTL2gi6d>nux z(n6?Y zi4P*LPW-h4jHXs$TJIC9EKJ8vm72~0cH_3wrJCz$U9JL|;}_00shyX+)yH3SHlI^| zk@LQ+Hk?g{DWfd0KM}TrSsX7<`GpOS{xVLHHGqEJXBw?iz)%tUKiz-QzFK&Yh}UOG%|5Dld0cQwt!G(LumV*MedpR&BVb(d@(5R1V9HV8fx zsvYtZ&xNw~r(InQP_iG!*L*(0L{dqA~H=$ z+q+BnI^LxjDF~fs8k?~9Fic*@k5N?};eWjpx~=fq%={WSAh<^L0$O!@9j6DWy_K5D z%q&zt6%*sxz;^6>CvJ-dc|TUHtGPKsQRuqv4sJ~s#324M;W^wv1hkl~rs+gR_C%@` zcHGcT#K7IxrE^VXR>hsqy+QKC|EZ$F<(ooexVyiV{!qex5s)Ge6^D?g;aI^lsb zFpJxm#=accoN>)GV#T>igxh3oJ`L?v5I1_N#RE!_O~yOx+@_}- zLA9_-H>OV^{YEg4G-&HsG-UCd+u@d-^U71Pt)T`;|8tMAsvu=Klji((p2KNByh~yb zxBjeZf?!Ju7lO1}T1zXpbY-;dL^V8qa|?vDtz3jacDBLs>-W1Sw$LHTlHA{LR=KQsk>wr|1jqavveWe=VS=FX2n~A_8NsWX?ez4B|8x3{0he zsemd#S2F$mKE}evizb7V?+S%Yo$%d2R+*IQ$TviS> zidQ83l8d`sq4a(3f&Vou@3}7RvDu7A?o#IC?U8Nmtc93B5i1;<428aKC%TvQ%C~BN zy#D@#{(Sjy>nY2<7ZC>a%S}EZbTF9I%d^oMvD;*@&E=W)Ed5yn{My9bF>?bwKgk5C z6JOf+1WK;slL~7^07*_Gi@tQNHcBX^R${SBg#~2tCw} z5|324*GQa)^bNk!i>qhMOWd_UP{TL(7@@OLOYFWZ7EEt%q%}YQv#K4sNl2s2c4iUf z*1?ixj#10tt2<3?k~6ywGpZoAd7!jrVhvvGu3>;}X*$&HusZjn%aK7@l-+0flt_fF z6mn3V%n;Vw1xerbxT*tJTT&;hO=%7hI^`EkxwQEjaNc^vHTlRfl;4{p!OZm8yx?FW z>4hIx+1(MGe4-y^aL2nTV50tv+i;ca>YFLO&N44+ z{xz*!7t5WwCD()`S~xFnRfELN=tnS?WH({|6hG*BU*YGR4zS6%u60@Gxo5lDXt2>! zxxaTs$odrgn%whx61VyjKTX$ZFAz@CYL+y8csHq$(9lTTVt+b6jj20WNyjY>PrXjT z*vUffcZ!>I1K+n35d99-F65WS?WSP6QNc zV_#D7UB2780D(Rev08xVuN|GavK9%Hm}3?bcN!D!n~vW%bxV1|<@2%sZg$lKeqWT2 zeShoEN3h{G4Dul+_(iGCRcs|hQ9e7R{bE^NXfiEBc07Uo1=seTE7oj#K|{drk@qyy zAa>KZm_okq!KC?Hlu9<5SxL~O1$NCm~29JGm~zV9I)GXrIw5rZmtYfFwml?>=POr`AM*5n3=`*IA#*fhF0 zBtA-pluQV~ofvScm<4(19cVqe5cT(8X+l+A=Uk%1NokYe0T-eh;YpU zm?IlbUigJ9i9Z!Ke0d{`AAb?^k{_*zBXLyMs+m$BIpcrlE}vhxduhyILor}^<_XaC z+G5%UDfTa!$6Gr5vN};78F%?+L`Qg#FlnV)}Fl5W!g&WDzcF|$QWMr zHO}w5n`&N5H8b|_+N}wr?zB!q1hjg5QCsx%9pX^YeN>-Ii{gLGk&8dTD3p^z#qkG< zj_RQaciOj$A82>zF&We&qXtX~(Z8bP6FbYiR%6Pb^Q1c3a6P{{F6&fAdvNPiGtevh zJZeC-IExRF1Or=I+rSODuC zrIHY`0U=c)^5Mp0tm{S?Z@kAHC9w9|m>jdmDY0GTRC?ltf5g}=I^fVRu(_xf#3&f% zmU(|(Gh76r$;pOzHM9PCB^*A7+~}e}OGWmW^Y;m*go+u_+K-Hl9zpeqzOO ze!ookFlu1=iZtO^P^Fw3K82a0MKV(?44~XXW?St)+t!S#y#IOk=XJa-JFW>1*fvOx zJ_%2jX@nagV&?<@DXo{vX4xd-kpFgh+J%s;+}g@IaZ)==dr3QWOla=M2M%o!e%rtMas=ASR$7}mkOlB0wSo18D z1&Jm2LgBTeY~|nKRFUrxV#JwW#rI@M*+`Tjh$^q4*~X4pAVAa-AR#t_t=%&SELWF;d^n~5&IJ(kInL>{*3b!%vgRG5(s9GfOQ zZ8njNbt=Y=_LR`P^=_J|NBWETvXz-Uuc4?G!#T*p_l@P5EN}JKGH&h>TUP6Znb*wnM#JOG#b9T6 zu~zg_R{>Yob59RCXzcjUMBF;X@OHBd4rq?R(L&I>9wUw#H3cbeR%zc(>cTqqlTao>s%RIXvU-oNsaIqx?9b z`APPydR#D(-AAL-B6g?t`$3n_nU)w3T?4i0@;00{GQHC7KY~?0CC`~MTH9npDcTQC zfLKw5q23jXp_SXvxBolS;zWPA*d??5p8tN#$#u`MJW*T@J1QHS8yhhj>y`}{VY-V^KZ*%kw-c9*|BbyZ$MGZwNsMxTubrqD8T8O=P(1qI5?Dn zBWPVTFzoqaKNky0J)?T4)Q5_{(gWI3V?3;xrr@>Oa$GZaz|k%wNuBF|!?DLOi|07rnrmD|%_~J6Z>e#w%U7d;)Y8 z^K&m-huYi~--233ceeRxl?^v9o0nOlqyz5v>+~@vO|0-Hmkw|>o$`B?e2z1{^Yx|D z#@M<}IAtBvhwe#I)47Ig5&u*{09h9K)EJoy;d640w~vO$48c>A2>2wDOl_-$wc>9MxTD8(fwzrbx6FUySsRTQExc3MzIPQy5T6J89g{^eNuou&oHu z^6kSP`eI^xHqG!N`{Z5-3O0?*Ts;{}cEOagCND9u*O-u?0!;uz=k&-oA1#9cXzk;r z=`I8jYPB(H8`*+hI4*JBc8g)jI>PD95=C^C2$L@l;qBMn5V^D{2hrM3JF(IyoXhcS zA|4vJdq*=;7qttVJT{;(1@Cw4*W%3J(8#xQ8L%~1dJCH@xVEM$+wtT}PPG<;a zJ>OvN%%{D9dGAw7yNX#}#1(b;_;}!}v1p)Nbi1RnVTwU#g)i2{M+3~$h!DYVO;`9( zI|Y*gJ&mH50$3Hi$K9|)h?R6?~s*U!uSqqNFwY)3l;B71LWJLeBlJ>0pRB&XV3nyDrJMLI9`k|ZDx z>P-1*dXl2~l*xpJXVO{uXr#s&S)rj*b_F+sMLR9|C583(kma>Y%UP5E12sU(zi@)% zIC`IIRZgV!cwAHVqv;{3dKhwn{mu*COEO+}m6BJ=pBZOpLNmm1?8Z78HxC)IT0?jE_b z0=mfQq9+865@ENqU@OfI|0VjPsk>2{Ugd>cOm-fQT~{XNVkty-)PiUY4YbG%Es$Y= zE^3fYbV-!%q{LU0u_~z;i=-9e&br)Dda(}lT8tj+l&6w)Ng0Nr&~~}9u%$?Dc#9>5 z3jz-{mdJQ4*^FigI^lQ zi_C5kW&AEG_ekmEZp1>7iwPQpT+ps;Dw=g=S>>?n(ROwtK)zCG$e`VH#uC{Ez}GW0 zE7ZnbnG~ClOo#^1F{1A%$uJS}Sf*qWx_G*kWolr;i(H+;%68iwW|n!W*q9~aNCVFI&NXROfdA&gqEJSb83&dpA8IWw#A-$l} z5uZV+m1;!+84YG^5wY0-H41``NC5-ykp-Sdgtw5EHc=F8xIrgaL4}W3F8TP0`-np9B9inrf(^V;l;~7p(6qMJ^v)x=u` z4~(UODk#{Y0zHh78{n=6S#=gj~nqq=Ny4;kJ6A33_Ca z1e=~GqG%F{1x9ko-4a4J=z$w5)#)TY}AWFNECf~*vx1i>}aat z1t(9SHpyvoVX@X>(1k_GEE+HjIuCtq;1wM*+l@rDi@c!oU{YrdB0a#3Wao7rqQ?Nm z00Dq2*vuwqfkLc0LNKpuvKfN14O4Sy2q0c62MTdRX)6OLq;whvbpVsU|2sw&6i^AU137XEerA&~I!o9vj+1*3NTq)!($#bRlZtbe#dz zOE4Wo<=?X67FLhI3`s7d0XAhsivY{(f&HFB}j! zChO^vDyHJ7(k}bfQbM>vu2&UiA#Q|IRE2&-N#L6JUpCgMO3}-V!*Pli{QgO~_Ki)DwRNy2PO?e+`|N4pD1A11ShHGV`rauqb5Lz^TG{F7o!WCn%$AQ zJByY{J~1sMn0%gEU;5H?@v+5AZxFWMSr>6PH=)feQo|>0Bln71g?G6iH;cQhWN`#Y zVL#8vHXy}DjiY2x*?3AhEL#?_A?^&PX|rqlOsu3wUsAxLd=@uz3D5Xm^~Ia~Bw$pe z_PDjiYpN$f--+7BxbKj!IMa8+7mw8)^7&q^Z5*G9>^}F<@}1W&Ke2rE>Xo~8u6T9D zI6un8q4WT$H+gHU@pefug1ag1`%$g;pb!5E9KPCvz8EB`tsk4H_{O`-4=z9VN6UBK zuyXZkD0!^6WG6Du>|=8pTyWIL2{lVdKPaVLb4q?B<==ShbOE-@ySHI9<>aFX&6qo| z`EcVcPow-}Z@?b9=hqpZ^(30|%-!9GH~01Ue+=}-Qdo1XOh-LPt)?@m%WBf`C5e@0 zdJF_nEG>s*r|^&VIh#-CH_vHD|HzfiQ$@Ww^=eUg}m67*H@)BV@=*8SRZZo%&+shpowV5v<#$#lA97E16rKQer_9PQ- zWpa)U>>DiXx|d6F2kVWzAZIgw0|Zf14|%A!7Mu>=ZXR?v|IxnjsEF=P1P z&eB?m#ymrpqtiYj`159)Y$-0jQpW>MykYsC`|en|#wcxAw&&pT*?RM?U1t64*dk3wncZPS1ev} zL;v0B74>HQf(3eW{fhM6{WC6)owFi!_oB9Gi0?(W>7<-36n5-y+LN3SrjO!`?gc-7o(jU^;`oN;ga;r3}fzM zN+)Dl%b{O=KwNxa_@8`U^Rc@u zeq@huqi`d$r0ghLrqHZkl!V+%nh%IEn^IMN=eYF3jgM}>{o>(&T>biEk6w$Ln1@Z9orotzLEw6t-cEj2zW-o}+yu zgUQ9Q@2`yN#>>ev%WJ$I=Xkv}H^tKE2X#1-&pQn29}R6*?N%-i!%bkg)qIt9ZNBnt zPd5A>Uz~m1CvTZ%Ks5$OSvmeRr&(LTT-6PaGR$HH_SH}IPriY(+p?>^y5aj;vofl|M;1z}y&ygN1vZ&$}ukJgGM>v~sDt@Gt{?S@&6c7)SMR$psch;xsH z?a39X<|*!)+Kw5?>C5LOmbYYUI@ND#V`i}{8W4Tk=Wg5k3B)J1_g-Z%S_IPyOCr5`*EO?e_4fX3&ZdsY+vs7b(cKoAzhuFZ z8?IS;V7gUD>BdW}eyb3g+T1;3L9TDn)Yhd9I6wOBx?E`Lg=?S9?^aCV=#m>c?X^Ht zKG42)M#t&}vu1TWT6~@nE|$J(V|H4orOobi$89E^#e8|2KN^{W8x}@&(<5Q0tJd4u zHG9Q^x+=ctMfBE5iMDFSWLcjQS;_4bwE=NC-AYw&wH~)XqU~MZNvoSM;~c?3f-1wzT&3?^yB(TJ%Cq_|&cCxv_Jcp(4jI-Y)+=++&*6h3dY` zdiH9{15xR=X*=%j6LRDsEP>3yAKnIMq=nu}l@|#jf@zIilJkRp}EJO1`)(p*Sf9XCJ z>EECZvwWT3DXuStV1LQMcn{k5KPmoi<2>A=s#|tyPnnW<71b8mVd0}8O(=pr0Rhtp zKR{%<2{o$3OiUz46{gi6qWq&~{kQdkCL)jeb&4fuiV;ebQc5;QVy2))(E;I(c)enN zN$IH_jCy&XWHgz249FtnHy6LiynJDpv$`#Mf)JILpg)9&-r}}WyP&#^tF^WP3h@>+ zCHzqwW?{va0o{lwX;0O3n4up+b!fFqh|*UiHI$NmgDzdtA9WMaO>G{~+Z~bK#QpfH zEi)ATRLAD7>tEcoo0lx|>#zxna`OK&_a5+Z6nFpd&g|~(^|E{Yr0YfX zWa)Hw>N-nuk*h5CCJR?tHdt<$W^>r4*mMJ?V?iKP2SVqG^W>61LP94HLIR0+LU;(F zC3y&7=~nN|>@^kJv3bSK@7{ahq0g5#`*tsP z)wJzc+*vL5Oy9B+T=dsBBr8z9Y;y|a{%q-ZiCimFI5PO2ws5{NF}UgS#TG?{X>-$4 zf0=&a)BSx(G*?a>t7~*z4(?*m-LuTnvzGm ztLg(y^X3Md&hKw4X=o^MRaCetYrwh5WCHyM$uW+dEps}BU`Iu`!>5D5#TDzEW*0Ox z&0oB=wt2~lfmaiWgG*OmNEh2GYSfY9Ws&k}6;8FQxo>Lqg4*)Riqc@XGu$*kA|~*& z2jMtjo1xsOzUHBEXbM_)^df1H!T=d~US&v>B34ku0uqjqL{tsTQh{CT2)T zrg60iQng_|0MdY*5JXH^l=MX-(FpugV&#g&l$qiu#}59bKCpb&0bp>uOkwklFU@S7 z`RO{Xy3MlvFY3Q z(p%nsd-GdwZH6EEr?qz_=dDTWvX_UhuLMBh`gjo+q=_hyGIJZoL zb+2V}_Z{6gw@li=vi_sPNjx?&$)leH?cWlu42OY>lf58ys4HL;hd#RMx{Kz`yXZP; zBbGr5-yo7-I+5ok3T7}37_+$#7G319D8pDLIG<(@-Jc%h0hVP zoXts?U<&dq0Tx;SOprWF@4}%z*~|ws?;RV*Q%q425Ah)lV9v>j@(1b<>7>A(ole4D ziJm(r6EMl)L5<*MdWVw&^GYG#36^0~jD&IL7+9|AM$%hz^_SFBP_EpLulkO&iNE}yDgDL&+FIcMQq zHZ^q(-7xYIi2|@!2miIMtg5=Ys_eo)hQN~f*G0tP1Xoq;=Xrl|6_@zTT6RP0yuKdt z%^yQ!{#FuWSf0VrFiS4Y*z1y5J%Z8*W$^I&D&R5sNH`~0Ej|s_fK7{F_xerWU(Z}C zKC@s+>td5idwIfZ-;WP3SaA5qeQTebeyG5Dv40B?Zny&!y-F8}FNz<&dcpMvl{Wcd z1yru-Lzlmf?wZkdxWKw`$%btgyo&NzGHR0jjr|?Qw(^Vt$HjrLP8kj?W;4fH7!r2P zS~5*2EW-!|Y(~GPWk_fX8^Rd7S*m_tF(7UwIC_@+N zl|gia%B)ZjZK4J}O65Qgm7|B7AbJgY*ThRvt|qy3-zZg%$`Z-#RtFul31N#!( z0X_zIFv%-FJv8vrteW1H3tG1ZW%4UO1^lPK%maj(43pr4{Q!g>&ftSdm<&cVwyiHL zMXn6BLHrd?gVq2}kJEreWO}*ys`#%v`+Lvwd5bEd^Jd=)ly}~lz6;|soHzrD1KaSO z&>OB{l6{YF?7pS0Zjn)NDYbo%zx?>ehdw<6q{HwxXGU|l@VqxDFgh|y(U+q!%p=*V zB_mB-U?l@iCTIYS5_A9u-0bF6=?^u~ROi?UKn%!a#^oc-FvXGhhmOIr2C< zdCTj!1Z#uy*3a{_&>lgfQdci)=s2&OGchUyuVPGG`JOBGkX_zDcF*f*SXQl8X#`M7 zje^Dhc@@wM-RA*ms;r_6yGK8tKGAo}Eqz#oshKyg26m`|8bKKj&uUWoWd?)HuWXuC zm=1@Pf`*090K*ksH~jf9gm12ea4i-}nVjuOPFaxz6-Uc9k7RH1Oi(C!a`EELW64*D zg@Z*px%f7u@&>885(cGAIy@I7vAF{b0(TCRHhng_esP+7 z^Fhg!fz3}E9hwh%b8;o&meW%u)GD&3Bq8jQeH904W}-ig5*v3UCJ{Cpu@_(tg9ERg zNe~(Na@jxZa~~y32MC7*yRfwu=c{Jj?7?Z!BzV6}e zQ>Si!n2i4t#;u*i>JU|a-hL+WRT7sHeF6SuFdq~z!KP_W4hkBzTKuU(0TP6gvKNys z5;V(`g9J^uS3;``tiBf=`EGQ*WzvrMQvsi@a8`%hocZQrpvXW)( zeVB-lJ&o<1rFiWSdGHV>z3j!Lmur+TYmvX|Tx^lQ1JI2#*7P4O-G4vq)$*X1*un-0 z)8-&5)*AI@8ey|`2J7O42abuCBx=d`%qn3%^9aqgC|Fmk@ikqr98Df5V5gKFV! zWkF_7lgB|VE(y9`t=94)sbkP9h@YJzlT;xOJ4Y>}dh=E)7K}PIc9m3A&X#kM5&?mvMT@#kWg!F*h&i z#nJM|U}W5WOpKDDG9{)l(j(BfbjPH41)?{Tz8(%&Hc4lQBvF$K?U+$7!BpS-UeGR6 z8k&4KG{ECJ0purK9-Q_y8I&@6@V$HSq52u9c4)~lBhj+fB{kf$wno zkrc;^=MW9&5gzUMoe=YoUH3cVL2~d))7lnPH5pD($@Yv_vjNF}jLpNaqqS2c=Ps7P zYL8^S#>7E_9?1-jP)W&63{nSICD1`8iNWa(uA)(T7|C0bci7NKYSlrOI*95tA4?Y* z7fJWsqvzOP62X~4KI*HV~K;SFsde2!W^Tg3=W9NbPBznQJ^;E#`OhOA=$>I7#{)61`^ipLc*M28t;g}89bPK6=Y_30~iBk6O6Ls zET!Wur|b#r3zG3pNS5>#9R%ko)#5MJU>$J*p)j~{7T!k7!=Y@d@F=fk4i@#63@7nZ zWW-aUL%gC`4eHe=d4|H`z)6bk%^KFUgLw<+D3wp+i1Qpy{zQA*qts8R*Qh^HUmyue z2V9^MG*9Hmj*i=B$L$9u;ln=N`N03r?myG@GJ)Cssxn7=wFrsZ+LseF30 zAWfg*_~`$|>)|PmkIgg2X~ktDAY4=-%luHTr2m{)@PcFMe@=4npZ^Ch6#seJoSnP@ zgPRUX0$hR1G}b_#rq4V>{ek-G|9&s|-?Y-4?@B>?wSg?JfiF7NBdZxiOcQbRBc9v} z=Ko0R{;sWW6t9HQIEd3yDiRfQ?{ zHES|3SYwRXL1MvOf8H@g%q(ZWKnxu$nNm@)2>4!-Trv~%Vq8l9qgOiu$^V15ESsW9BKaVXH zG7aE-k_cW-MA?vW9w}+9YZg+1A?-OBY8VDpX!v$*xFyTi3&^k=3aD%}icgiidCarR`9Rh=H z1zrgz+zmb&%Xx{6kB$trLSmi3Vy?*(jg$He#XWHk5|c2l_v|QxCWd74*arzW7;@7o zcLK+xj8f6rVj`7FeQ*q5LvG4FGBk#p6*H{lX<5hlhDtCh1Z!~u3K8*j6sbHvF3d8t z7FwZGlI;ppZDeg&ct8-brv&{U9zt&*4+U?cd`)&3&Xw{? z_6~tVnH-0elOM+UnoC{HM3{wR>T4_y1wYwACUT}yk2(C=gskHCgL5Z6OiB4Vj`Fp$ zu)fA|S@4q`MEN>paVI$pk5Bx#=n9;%Ne<(&2(>S`lYB>x>#w=ISx+hW>2w z$|B<%Y8!B2?wQ}Y5uEC4lV{Ea8YV(7l%Dx-d_ZvaslEw*W+i&&&U`+M@1 z9a@qbt0ZjJLNp`EmTz?CR^+uUAX+enU{&L{L`0A!h;2VT~43OKuO7Pz?+*U zGQ|k-pPq}|^a2Z-HFylsHgyH_E_($&AUYD&kH@yLmIfavz`nzI#UfxvW{j{kwP*x1 zM!;as5wLA|P|z^s^}{Kw2pyE*tp@1GRB#akupH^CKkzK z|5R^>qzW3rc&Y^OIsuNNMv+uUkusv+6t03nFlA1yNJ-j<+Bs_^d?``|lD?mw>vp?G z$OR1kEu4Q;C_faHVZ?0#l5sM}CVgX${PxI^3G}zjU;#Pqk0-;!$js>;!ZMUEPYY}W zSwiI;-B}^6(Bv1;)IgV*>>9u(elnXS`j6I?40R3A$y1zw34C~<3#PDZ0GaxZ_9Nj} zx_px3)TH^=!h&TElJ&?uT}X#?`U_}kLdFKVKoaNs6epNeIx#-SfaLfT$0>qmn;1cR?0(oR8P~5Q8zxOC z3HoP`H1!T2Q{BKEGmkjCYYw!bS&!+#5Z|zBc zPdX`uZHPOhI}eWa8Bs~TrrB018;{(Q@&7DnjAM9mfsw|r6B!^??3%}xkM+MY86s{0 zjgA-7IyI-(>kKUGYgxPf*4x)&a$J!T@EQ_zc=)S(qG0g*;-5LMU12cl6h2u;e8b@G z#W9x}$2F77@DE0k70-n`aLaII3io`-EzY{Hy+%4@0N(;3eeZJsH0=i*q@8ed%&bp znI1TA*@4-WT5aX*13>=TMRNz5d>;VWq>i}8pv z4XBFi*!r;eZuyb+;Z!c)Xl0j*tuX80YG1iayveHfRk*+w^OJ-5qC5;5qtm|E(jeXx zot7`ms=?~8n;PTKYov-OKUGWEjED&}NFZ69XiSQ?04Ep^en{!V(5;1fCqyGZUr2_2 zPT<$#uLE+c-Bu;HUH-u3Hu;nqtEiNGX=Y2lG_yB8{FylN*~1&r7BHVZ{Ly$q_gBup z@y7Gf1JGl-)~)NZTlH1owSMVt()C4r+s6E3&~QDj-%egOGl4sl?ETo|0(X~xqik|( z&6G^3s%&ey-3NRJx$h| zFliTq|6WNXqab+d-^zSO&O;k%mTCWP8WLulf0tiR`Me>YOoGYq)X)iDo8q-eEiXld zWRozFDNJS~zV%k>$a_apZ;5Y#inr+GTOc*z9-Q1nij(p1dP`g;zLiXZ3h)5HZ0Wk3 zUIdTDJ|vUjxf1)sZ=v>32Z-kNd(;!eijT^Kh67ZNctJW;kVe;_?}pN-6oFG;bH?MR zO0$J&LoOY~`vPG>8*dZP_v+FAq<%<`{%7_WN7-rZxCl7oFoK40gN*nW~_tR2tw>=%H$9>;>7JW8&!t}_vC|zx?9&j z&~yBwuTI3zS{IKORn(t1e73Kc*t?2-sBN(+pOX9i&C8}2C8iHFY!ts*qvQ2@x68Nm z>U%o}el`${TyVmyaJgLIZ?JEryE=Yx`oZnGfX$&b)7yOwhG8wSzx~6|fQ{O_(`<-m znO#1u$62(jK_M3c@FSnmRNfqHi3kmis5(rfP!i{@|fX&yB;6{IBW?T2uNB&-H@GUXY*r<85Nyv%4yXWD2@SX5|E#ieczK zHbfP&69&lrc%}ULGVuBTt|GB+3CSfyf8du`Kga10%*OFCy0CLHg@Tf)l2XxeYh(-CL(N0J$Apci)Wpn&ENRi6@JGdYs6rqu-7m zmtD>dQA(-=m7x;VJ#DbCbVvaNf^!=n{7RTzDTc|FkOVHUPQcs)fOton^H?KjX;Oo) z#G96|W{bfhwu-H2V`i6#H@f*s@UIVy#YLtMz`rVa*nYBB*#z1~nq3cob!{Lj-X*F% z0rjV!sskR(%jAx8n3kzjtncLF1fw`Tnq&_UA7d&H>hJMlP&^>vgRtkPlZFyjX?CPj zW}lKbvXn;e;B_4HynB)X)X%>$Z%jOV`CUt~CKmk0G1u$pk^JIJ} zq=jyt>^hEGAJ*d$rZGvTohiN$O* za{yq!sqBCFEZN*rTLFhUE>AA3s70&M+KS93wmv>}PFcu6cCF+V=2^0tNq&24m)pb- zE)JHLv`n+xme=BiJ32(y=F_6i?lRZ{Wli%l2eW)MSeK`z>{O7NO0A|gQ@fEQlKILR z)uY*Hk(^?QlS{BbU}SSa3L%U@hDHVK{U67~E`ZA+3RwUbB;JUvnMeet;1QtU(JaYjag*r_U~qIhZYU}eKj(cW(6uOi^B3Y5 z8PFlXqhsP@8C)SS&jhb2cue{q(xbu6qm;^;dm&JaQlu>avWXM~Ef10F2hYP`LSVkh z$BUmkfCNDVgfC3!RZCzG5BLl$k@)$SCX}Tm=aL)5ADT8x6jfBgBkvpYGHLzVgF4Cx z(QP(KzMW&N-*`mR79J(e?imPeGM|Dt@4*hNDJzm_tmFqYxk584LZxxEr!(!J*I2W< zd1|?DriNE*?$xmJK`^E3p8egxn!UjaXU2LOn;d4#BAdY#5Gohm;Bz!ol_iR8EA;Zc zN~Z=WTl#L!uD2oX(@xCWRfrHGQ37WtGZXH&^!OPrDd~ZO_Cz8}yNwb_i4#WxY|Fue zfMmuvmQDqkjl{Sl1qegxEcD~bai5HPi9kzh>JS~w#JU$g-dO}fcsB%!Kmc231He6m zPvRd&mL?a{1UL?lS`;g?TPQEqcLhv7jDq09&`O?YM4)|94*`aV#9E=p(@(_n& zCi{g#5|a*z)rmyuOTIZ~mD99Bsk>bilP^4X2pF$~CUk_B+pYp&@3Sw%PtqdI)XrNm zuePx?64shG+XD+XpL0d^>}7M}^vCz#KT@Vpn~c_z_X8i$Kky+FRHzl|vJW2+zY>23 z?|;=%#3%aOTf;4$V0B34SQRLqx@TQoPh&%Qlc!5+Z!Gp7qxYjSP5&-sVozNr`a72C z)3nIYW6RXF^_(lFty@2fIYW`&ebrG3CYGpeb9+NasEf?0BWS&Kkd<)wr~vj`H)GWc zX#qhpcVTU55_F|0@iEy~I+blC8Ei;X!B#y=(BUDAH7i}4|m2`aX zk@2%H7tid&?vk9z%W0v6ik*we#$-a7Sb-|w4SAymj2(i7TO6vJ4df3{-x#$&x_ZGDd9cS3pgo+F}>zFVne-XvS`g7gh14sN^;&flCEo_rF9m~9%MwD( z97a2n5EFZP{+4QAcWBqXs9s&9)<^g4I<&4`a&mzQm>j;gb=I@=V`*y1g9k3^?zD3< z8E5b8zUaV%OQeA?BO_5c+zcNc4=o;pCos-Y_vsu{e5&F!M>jbI5oxOnl0RkgPW+ z?^7Pgz+K{idyi?XGi^MI1L`x~8popLoT5GGWPrfvK*^h&{=QnSW@s^?(vDKwu9qge zz3beK12dY9jG;uYu^7~>P&ajRovr6!j~0ZrDv+WXbQddq^IkEfS8$*g@~VxN$99g8 zsfl*?Kj_?6)i}!|_i^ePtI|Dt>NLKr0+-6;Qt_}Ca0=WetfOw3WQ(jUV7E15iItXd ztb}ZYmKV7c&VM}S#|EcCBAf#2&5tkGVT4*S$tl#Tgoa%#{Fz2KA6q4=(KO zIsp~|R%>J=DHSBY6>oZ?t5>{KuN-0&_@fztZ81fB8A6+BlxQ{-P));{H z2(b`qENJUNf3%0-e#_ptSA6_&O_8JS!I#CyUl#uh|K7@sZ1`bgQyCmivvi`)?HQRt zKZpOoj0K&YKN;)$f(INb5RcWORaF+lUq&KO3e7w8)f)vtd<8@VVIy9}H3$Oug-{DG z8>h*<8lMFbbX~20?`V)NhVPsbcV2owdUYrR)NfH_K=BLT4_`sAlOBg23nJnxBqQ|n z@$bjE!da8D`3kxY-*Kk*gLo_(;UZB3D8{{?xw@bY*bl^ijl7qhJ_D2%gYScnI)-O9FwX^tXQJWl zCGjhu0_$(M`);rhl>Q`BS9(t3GFe>ESEX^N3dm3`g(l$hI)SBNsa&w=G)1zOZ9@x) zXF+`Flr$=BG|Cx`a`hf@yI3o3-?LhwW#mRQV)mNla^3p&uWpir>xSt^-#R+ILE5?L ztM>Iex!eqTwLJ3?8Jk81#X++iDpp^6|NYmlRzT^bQP8hnxz`9UC(`=&yt}7k56J1e zz274T(&roZu3WDdjJ(wUiQM3uz(0n4I8md?EOeq08!+R}6P~#w|P3fu3->K{%60|QcXX2f}St3#T6P5oXXE21o zPb4Vcvp~xS_H0Kc0oS;%S4Q4T7KEv-3!7fkL+Y(s=Q0ub3F2*bdS z*)7O%Gs8UXjVw?q$x-eN@!pp;yi!5GGTuir zZ?|)dV+J8ZIUy|~Yl#W$5szcHDwoIY*6R(r35){ioB3HhNC>qW!X%jcB3Jlzv`(9&CpFXh6oCEa{_Y-0tUN z^pzvK16u<7>IMeu_67pVu-gFJ{k_5k^`Jrz5~&j2UVhTM}OxX?Sm10V(8q_EhEG1}1?w;iq(Q`r4 z6%4?nDy20FV`Tw>Q_u#GA$ihG^ozUkmfE^r@TS%vzHiWI4Zvp*hoM^> zN)OS=RYgU&6m=D?f`elK!ydV%wzm%ahX&uG)!Z;C^(cNMzhmZG9ny{GE; zHtbWI@wMb+t}K&M97qa;Nj!vlYeM6ieJ?2=3a!ZBCyt5I z)o{(YDLK#Kgi)?4GZ-CGr$N;)exw**OU(JaMNA28f|#=Kh7y=8xh3Ppp;c$SI%jZkG$2fwH8^6ZoNg6IPgT$HhWGG1|OANdP%@S<_NLY5CI#1wxKA+D8 zQVxfhaEZVF?s+1<$&$@CW&vl+QvyHVC%x+rh4#;Jjr;C`sx;ubO@B(0k(k^;zgn0l zB7f5VLV4;%Ba+1|(*Z5#^HQOlNF9vlk}--fgd?Gwm`GU+{2>Y9D5Elql*Ec=f-A+e zVgn=nx{p??SVkjQ9q0oHpNRLguE7=52I+R3skQCktf7soR0EKbTRLD6`Ax5tI??ca!hT)^ffY;Wf=(A_XW*% zjZi;@*Y42rZvx7K-mf`^O|pPyXc{I5)N1Vxd!R$D)(xn1yARO}x)DH@<1*`UdIZ%+ zYu=M~tR`PVcEQF!9I}OZ$RyV1Y^bmytI459P?dLRc|mj58eGyfU;pH}qiBh+Nukjw z*|Ofs#eJZf1dqK2?&7ugpbvSics;)IC~9IC3z`F3{!b78aj)E_yjTUGf-Um*%z1~` z9?%HlrB6v<&wvVyQuLc>{jgTzcF&2J*mJQJgFRWMNYKSt-%5wVa%`N->6$Pvc%~Q` zmQ4&NM8EmVW4!iqjnH;sSBH%?=r(bBodRy(9|$bC&>85ejfE=bRkf9dZHDLX6f~D> z`T8yGO}xyYULe~K}It~Wj{Uayq+?>j5i+90a{7(zGBOg4tqt& z;S+eHr7GAmby?<{VIJj{tPHLNoH@gy9HK%whv9fmfC*;h@ND>ZIWSwWb!I=WeZcb8 zL-zx}Rw+0AT(1yc#rPfr2k$nEi-}I{&idb6kF!RT{`c1^!^3DbShi8iU-zW(aq%`i z&#S?El(7??R4tL7q%Mcu7ph zNSpg3@Jd@$6fld|Zqf*gd2OFYfNgrco)?z}ms*z@z`cTAYe@fC(DZ5f#e!y&mKUGa z2$Icu~u)iNia`l64=@-REz_&zU$qAbKvu5e6 ztr|LBq&K~Ik(dB?i~IiP-0{w9=)g@V@4K~p0WXuBQX^@{hDO_SP|FZ}g4t-PjR|p& z#S;nn@By?4k`72~M4Gf1+DA()+jK6s`SFm>eix50W^3l?oWg;__IbGA*lYm6E}!_G z8{B=RZ#pB>J6EE1~2MHaU=y9B0--4J0)6b;?amH7C}Ewnyw8qUIIK?(;~w=Xlg(^ zEi&d>{-)i#G+bofu8X^G>ngjApDDcP+Eydi%aocq+ulleZtE_&ZTW;89U znJz44c2Hrn7u1$2NM~DjI`+o=!eJr|9UFGqz5zGBcyYV1yb4&qTlx z09+mS0xi#XhasT~aqZltp=vcusQ9 zEkXTeCazP9$AH21$HrwF&B7Vr%g67tC(t`f%-W8^tkk_Y8T`cfG~?HrahB81=W~m3 zs?zS<+6-tXOJe!cj>@!GhSA^sR2$WeN)*AANj?ruMnJ+|$}XRzNr$YeSWEyGYXz9v z0eik+b_alj4->vHDq!Y@kdKSttq>8I`+qo7jVS_|^p{HUr`S6}Okqu2iukW!SC@|T zvtYYgfyw05{Kx0PxOlBhr_w4+-@GXf&93@q)ok&D=^x$m5!3hkDm`NaUiGju3;d)P zj4XlMI625)`qvfEz$+9qpm+XddHQoXuYwTnp)cw0zwWyJet0z9FWG(y%Uz4h9mtoP zJ!QGUxRTMQt%vVW?mNenPB>*PwO@M%D-Ey9>ZwkQ z8y7guCmyRYp#RN%I5c^Y8F!&(0WbBFq#-BCjwlgOq{z-FMRw3{?_{MefW-gD8Isa; zmo2|8U;go>44mfEkJF%>VV@aO0MR{pZNR~CWgb%-`Fe8ain3#}ssKCATmhubv#(~_ zd^`364iF)Ji7C2ZwGI(;CxXoDV_7F6_KcHP+*-s=?0?+1{R^DW(}3;)#GKWoRF z*pkW09B?5`J=@8_qf2qshb;fE$G{mA%YvXM#aBa0Q8$mn5LWxu-QurXfm z$6{nbGiN3oYcdYwF#|$pOw7gvh7d!rLJ7s!WW;1?ki+UFDrk2E0uFm{FlZNvjTgA> zL1r+nqr(P+E~IEkTq$a@flO2-x8zwg7}X5=%XNQ=lwV(PR`% zu9^TvK)Sz@CZ{zxr@||<8nrv99G`rG#FaTR*o(Q3H+}^lFq_C~7+SCs41qAlq{vXB zcg|D^u8&3TMYa;y@sSZeeJlec$-VUwNDhrg%4O*Q|B{eRSU~H-g zl?9r3&(g#W2m>~Fi9G;7x!vJ{bEXXh>QTkbabx89tS&=A>`3KQGpddC)Wy_Q)Lqo$ z)Xxat3-*S`TCxa+Qwt!05&es@=r3c$i)7UI1~%g(gf7A2Bi1sQj9K;^G$0bk*J9u^ z8PV0Xv0BXagab2bKrNx`^SB8jX$J7pP1+d}@41kV0AQLTm;jdeY9Vn+Qruzi4MQd$ zzDzzQDDZABHt6++;%D31(l2z)ng@Q^9twCAvNiy;Ml)#T)TKU8d%N3Ts^*3vt#(9f zi%rJjjSkbLUaJg{uP>=A z(g%T8{D&3lT)?{RNUf=?)DJ$pyQIwYw4zvR=1YQ(#!DISLf|-C=LdT8_34d1a^pj zap|EI=*2$-ct<6WkJaI#-hsx;zmOQ&Z2MSAt)uo*hp5}BN69)JBNL);%_5!iSAx<{vNGts%_7oXky{2!;tqt-?)O2#C<= z=@>9MB4pd1)Xs3*3rx~N>6bzlv)K{?-78j%G;9%H+`JyRmoIlZcp5C1tHV=b;JCsN zt0`Z;ymCs+pa9(~(XbYN!Vzlk2o)8Frp-hP6__4evIM?n*Dh;#Hf?{lVY$YR(v8o+ zk4SpNzVZC^+NwZN{|xYSQD9nou&5~5J}poL=C6#_gf;S&faV=e;Qvj#8C04(!r_ji zJw54Pg3rav%1pEyY!%P1wg#GeUg)&f#okSCo)V8c7HT3&|For><_98?!2IKA6LmNg z^v~X$Hto&n>7}3SYV4AkOtP-VfzNT8Ga5ORX0+mV@$W!4>+q&U;*oz+;m@c=9l^Dc1L33xbK3S+EyY9FQZx49H$A1dteR znP7a`XL3Eu%Q^Yp=M@UM{yCRG$2r4~oPxLkEw_#CXL(Mp5J$kR@;{7GQq$mluS#wB z9T2~-)oT3o0<|w4f}+QV7TDlD0Dq&uVj@lrCE=M9dx^1RK_}Gd^!+pbII{1LGq&ipI+)p~_h`WyWRRCDLE>m? z>wQx@*UN1-`TEYO_iY`!OG)@uvJ`um*hewDvkP@?#so|uE{fLu=zrX#P@_fn=i)=6 znXM4bXiaUo0W1LkEKM%}OGIA$0UHM0qD6cVECqiRe<1R7v-q0$XV5BsxK;cE;hGO@ z?FB`c2~PZw`JMP@@pYgT{~`We{3$4=_lZ9h{{f~D+>1O&#FnpsAoKFvq{0^ox>DF%ea45a_*YK>l>0{t2 zaLq;HcG!0QP3K>JGq@S7Otdj_(Hs8Kj;Imq@P&~XZ|%k z!w#P-u*H}%*m4vaNw9M(rYA?^k1rz^P&vslAI2&92FAxrQ{9&vlke?+LHyWwwa?B} z+Wg{&PbDvY>Zyy9;Ej^v9~766pC9a6FnoByu3Zb5a~JG72VT+IvG47RfG*Y1nm*6& z^MNP6dGyh59)&mDS5#VBbRW9uv;5_|3i^wVU}lW>Ly6>~NVAb2gjz{z!Qi%w9=qtG z$KYdR!;aw#8hHR8%lt3wmk`Ygn0H+8un`4_#64qNpr~Jo=fGHx7!{*EeNYL8$DLMuRGgcHaF8No0Jpu-G4gZU@oeir*w&{gu?(NJ+w(BB!~rv1g* z*4Z?3!>W}Rd}y3mQ7yhNepVh%@Xl57rVrn1jjmcE*J&#JOI~|nQ+P&q!f12L_&>q; zkV&S0%D$MbDEEwrw|#R&XVS17RQODG1zqf|^E>yR02hMN+ne+N-q$+EZRqYc@ajgx zmK_yE=TBRil*?~{7dU(hc~v#1^xBJj3a+?FF87V__6_Zw#wk^_L2mR$eZ9}?6*t}} z^VZSN-Y;66wMB+~LC1i)xYSXrsCn_iM`qe9olc!9%m&DwQU zcYgbX*QvW)VJIK?o%r{IJ;Cw_BRBhHKrZ7oo1XymQ&yLYnF312SjlcH51Wmfc}uLh z?Hu*0_UdIuS2t)d*=4NJDC2BK!O9_lo#kw4nhV*O{(hPIwz>t5@H$~?Km29X9QU+3 z)Lxx&inHUYU;EiwqgT~sELy2C22DT(YQ~N4fa)0C$KY!9Vmlii%EL60aH6O^5wt#! z$zw1&Q4P|Mby*%;-gkUpp67v?J36KqS->&>1Llg4YuxQq=DqfruLZ!mRp*`80NwA{ zm#*Hnw36k-Wh3d6&f2IGz(V`E#8?}W`D9@jHF%=fQG!FQ90^+ZT`gdOjd7r*qS0S# zQvxtbosa|87TwUXzkKQK>!w`}?kTLl+0U4PrKHpXuK5|5uB=$nx5Rdz*i*l&e<}o1 zn5r>0MkE^~Xcm?^q;y%utiUSs0fqcmP$! zU0Qiz5l{u?{M@&r`V5i?!pt%W3&B1w4Wk(;7R$n9B_(l^f-IM-M672qn%V84MVBP2 zS1y^_ykJ4(mYZ(aKJduQ&3)d=wHs&b>8Y)q@0)s9{Giy`8jA(m>DjX$12meUr|#YR zyxZ;Zq8;`hA0D~R>GXQ1`V;Mup6wU?g1Ml1_UzUeuae!gbxSF&rx|t5PoCgvKzZhK|Z~^2Uf!WPM-~<={+N#?}azf=Zt&=?<9Pc1jCg* zNPHNJkc2lEtt}|3CPwBbCbMOwSxjo&5-cPMPHe`@NU~@T5!)LMTEt%K*hAEX-2-sY zHAi|zreoBY!TWBD#cc*B+-9@eGBRA&)VQRniJ70MoZYmf>2OndSreEQPQV{*Nsg>b zZk@rYHQdZKZ>^chY1AAziqAKdl{YcP7W^FP|7%TUVt08{Q#trSS(A|77*6~d@BLZ& zO@!fX;HLNsyLZ13KcL}c>Vsuv2h}o8lfEf?S9xP2nn!_{W>3lh8mD!X7jVD`{Gb}l z0ACPn5+9~VsDTC9`+A*_BtC$W4+nJQF^rhFL*;4-#?TD%nWY0)wSz0!;yP!j`Ah%*BS$O%ngfY2Zr zk}3i}A6EepxT7S4=xI)xGva6B3}S5-(QyUwNuu3CrH)IpV}!uMaG7h(_$4%XEUF<~ zshJ07>e(lp1(7y|)-wb8&^~oJ;Si&d0otexpLc16MWu%5 zl`<1;fzSZWIzMQim%f`;$rO-Q(zJ>O--8N+j8(8QNNdY@h3ZMAn$~gsFLBHg`s+s6uX!ht>kE z&aQVb8-M_0s3<^3t28pP8^{eTD_26GSJHC)xuJL)Z`Iix`eLP*D`%&iV>Gtjv#SI$ zl^29VO)g#yTDqNnvuUbVPCEgpsReYKP0(>nf_0Xd6tsMwPC+wVeH#GvE?tES(kcZg z7R*ji=4W(TwFPMHtlXkg0cZefg+ZZ}p`6e%7b7r8`eYcL1pu{P&?y)NWLZW=b3of< zSF2iF3YxREPU$F?Jy6eYlv_=%)}kT-uv0gv-HhdOg)Uq|>l&-W)(*K|4p{|PtJlp8 z%4K0&yQLTiyWFPD%k6x?t)j~eb_f+L&>4Rw=V*pj$~XY^aR%^1DuWyV832rfWicjA=bq4FH_SsOeY%0~P z8ERL==}_siapqVK(^76ELx-svs)bsDJ#_*>+J_D4n5&Bph8Pc?p)C^iFd9kFFyUr{ z93J6-my5A@Zbv(e5DekF$XL<>YMhKEHpVNzY%PTP*p2(H@adlY=y3jX-^`hRVCS?8W;E$Oq>liFv3>U5 zX*K~WX#d>l9Zk`4r}BbvYcM~)Q)ZgG^qRSR_M=<3E$$9njWLLF_^o9 zGcz}Z8kWti?sFEE@w)5EJ4*Z&_Nw}UM|wMw+uDP(mNXq%VRm;-jV!1xt0}ID{Lh1( zmu+hUTRu3pzi)2mwc_xPx9PhwJAlPI;N6;qu?nlo%5i$V-7wec@mdp=@#SGx>$cA3 zl}!Py->fy3gd*lVstO_0f`T3 zr8-CyQ`W{1Cph0Vgc3PeU^$G%WlHR(L7Zj*CWgzwkkT3wrIkV%`2`6S}voIN=&*4L^Bi`6d`*A<$R`F+4-Smg z(PjM00~5R-&wv$*ZM{TZ216MuXl`#XXg^8J94z`xF~o*CLJ<;lNUWp8MoMe*7X@>i zf-J=j5gtX!vJ;|xCc#X6gT|1Y)W(IVkIt~3k$7q($7kbcSgNihQvB!2uN6Uisx3Si zZcEvNimxmGTpTH>(*vq=6G(3A1e9LvJ@6j~4*UlgDyb_6iw}w$bi6$%ei?3S3j=-7 z&g;PK2gQfW>q?5PAh~6Wn6%Qp_=W>gUKyO%0P$|k2)e#gY^6HO;ha%*U3H1JRc+)C zr3boTvTHybBDtXxqQp1XJ2F6W^13($Z|Unqf|Umby9NfpEBSn6bzUCq)82yB0$FxA zh(s#0#b2o0VL^}HP+V2Aq}l3kYV=#1mz0K!4SHtTxB=!9@UD4Qugi|4m6DPoFR;6M zXPK{=WQ+)*wZ*&aC~8NYSZ_**&(MHS(*go$Si!Mlp#X_nW{In9Ac)-}v5XlH5WibC zPKfOZ77k0CTP~6-+ZId zqqCq!I;&PoXT?|1S-s|)Z`7G}-%r^~C?2&?DuBl|Jgmvc2pFmH2MD_>;kJzViI_~- z!vQgOIRW!|tnO*?*H8BSYINhnpY6X6O_;$R@zS9?Fjec$7XW{2g@N}hS$X8-jpv?I z>e6z5MWu;7ow~0{{J}f>KYMuNg+G7kpBKCeite}-SYF;MgQcaed9Urf@#K*R@6wh? z7-6zh#!g(G@d_l0PR|72_zCeMi2_6lxUsMYqcbPT85!o2`o09CM~x7)3}V>?-_K)N z5G)M$=%B2ZO;K&w!-^t237o}jB+USgi>O<8!>}q#Vb}^Xw>_?_+PNbMBCaa$;gJzMy>7{W06%5Xv41?B*={8La@r8$zuh2rsbuQnww0tT{p9pD&-_wAfq~Q&w=znxajSeK=Bbi=i(8_slSxca)ia}C2lo^%4 z9jcMh-y}YAN7uVbOH9ou69-nXx}ej>utv4ov}9V99I#g3v~rzI#tJl3Ic z2xM35&8$p7@+L#8Of_4Iikp^I7qLL@Z|LhRY162^3TPHob_mq0!R2YFT^>}mc&l6r z$k@wQw)CB^)X_9R{~@bWNW8lbae8(Gr6i+X6}6b!OkIq6WNuB2XJnE@3s6fII}=rF zAPoFyEr&Z}JmwFebuStjam*@@cJYGHiJif)u^V+=vbcm!kOAL}q4lM-s0@%}iU0HV{wtFYg5|TORx&cJPA0qZx8cf4$ZD19`c)mf7TE-Oxdmm+ zxUAJ$#;|s46Ii@75>nK}?D8UiOUolmi>9buMHl{K#5-N5wR^nN+>YBd4whAETv}Gu zv$5CjeQwR_RgU7PntE@XuC;u2MA}@_aqWS=mi9f*Y~2Z%%L)|MaPJE*1C6q^+#aZZ_{Ps$M38I$40vH1X??iIsn7N=Pkh(*IJTKO|tw9G+66xNMsaaWe%Bzu8-Sx?`( zp7~9B!*=o5>w?`b90%na{WE)(tzELvv*X3fceL7~cFsJbV@>yxM5S!{#cP)|M?7Yh zQOg}O>T0#YNaxv2epY7W3PtrSe1ZTVM~`z}qLZyj)W;Yu~~uqi^1viUWgyhP0u$Zr0A}MFyd?v9+~Yr@x?6 zW}G%_VEfe_w$82<%N92&N$J7;N)Hn^Z=-o@R`P9F6i`i3hwOJg_)tC8qpLh{Ss zSc-UP8%f*}k+Oi~3lB^l1O5w`vg}68-*zsj7e~@xEZE8XcDOA2w{rnKZ^2IBXj{BT z{3p=tS=fp#PzC)Z9hx)!NAK%WO z0)0Od&R%vp4E{{iI&hyBia+B!z8cBpCMt#_EQv^lC9=2$&#qJi3#Jw_8qpFUSDX-a zVoQVIF?nzll|YYfY!F}n(H-K~x4-d_;esQ8dv4#`yP>0Dl+x%+3}1*P)&SiL<=Q2& zww}I@0JvY=tOvg=F?1>ZwHDyo&sep2V#G^^f~d{{qNg%Bsm{=-(#g!dV8d` zr)}Cqt#ljfs_-kf>CNEfD>iV98@X z(g$iUH%w`7sn>V4b8J<4QAN3>SfQdVDs`2ketPV_61|`{wO1QdXtXf+{id?!@LZbLcD2bgckoIO0l_hrIFRF}z-wtEWTYis&H<*TQveK&I3uE%F(w zbE%Vfh5FPk)`<7cU!6^eHVrWTC-%h6$7cI7h|s1?7?4z$+@O}Tu6@UNZBb&H6bH#d zx>t%3={;lg_Jr%nlTH`SorznOV|@M)@s#M2tawprK^+DX)iCyfN5is*NJ1GGm^hjw zEjSX_BjdbC&;?ph4(Lb??GrF;E^smt))RzV&$%m!h6b)-?%W1W&?J&~ox?0IyF|bI zg38JZmg_GmlSQKoIy#0I(_g>)Mg4%INF1^+uk2l2eCM6Tt9!%C?7+=vt7`zW!y~BYBitC0MDU{5aKZq zpjq~dmW8VyspA$kR?XGL#b3wei<+wD=;F5)o0=EIEAH5Qhuz%N9j~}EDxHY^KeW9E zU>imDKfW`&t5xq^vSf9++ma=@TQ0F3$4(qOP8_E>z4zXgMhgiL(ttn=38A+n1OkCG z^*A~gjyw1Pm%D?zgM*`&B-Z3Vvnx4H;J$GG@9*bCyVG`OXLrhb^WOVB5RHmEN#V#H z24h8MMeeP$51ae@L3B2H8U8r3a>#ru1^OxFZxQqJW|LCU>+ zAk|~j9XN$&AqrKoF<%uJtc*gRak|_uM5ff%PRajGfjnDU5~Sn7l2}%MU$CUoSMX?n zwkz#Avq5h#>u`t$GEeoTIxFYTfa4y$af5frkj&MYV!s%*5C;d-v&u?>z7dwpC03}D zXfWr(O7TetA2f}i(lSZjHh{&wxse)4O{Nx8ln$?ie#j$M(!3DKuM+l02p6UsNOJo< zQ7>_;Etp_pu7TAVP5fGlzb)i+(MU0s$>1d)5)d3eUbdoCrZ`-@5B;mW{|+z@w0ya9=a=X>+KrBr5a?kZW~HAV!ZPF&$5*_C7hMXJkxn*4b1JxtE=L zI=NcJ=4LYO4?g!6IyeI!xo2)REWV`T7XD$*K6cf|pz^Y381TcnzSF7vaELO|%aKqYa-7k>g=DDg6v zNc(S2NCew*LU-tld`F4tSYs%b@`2?eRr%UNz;#@M>Mq|FTuPxEPwaoqK9dsDI zb3dbnRmNf?(`G#1%gCAJvYZl8by*pdN>qI+i4>NV)yT%6V@4y>gR_|)cnUo~WW^Bt zA5=WbaZsHvMwrKZ-F?e+@6aKBG(suEe@gI(f5=e(8*68Y^TnVC0Mv`yKmS64y;0DO z0Xib=(D^AyWFwee)0(R27zq{;z&U!HqADjVt_Y$F4^Joy<pnZ`sX>gal0F&@RqH5RQd1L~R%ocYb~@#!NY3<727G8V_sw z4@y-)U#hO7)vn0Qg&om?VN<7v%jS-YEq7PViD!?r=Ie7R#}@lWS|W?U?N@Id)>70k zq$u7!E?(4#{?)tn<1+8q<}E;z=``dUcfZn9-SYMemO^iVDPLX)q0(D2p}b^#d6vdn zJdxgCzHNPbz*Rmyf9A~gVwbH1Hg#2B+ugLZu{`ef4ykKP3?J9NW@$%HdDF;i^4qmp zHCe$t=9%5?H%DvZf={DS7bx-lypE2G%Atxeebh>grFQZbUPOU0wd4p+PROD|4fr}@ z20}i;FvNrzk^q^RIFZ_9#2qol8_RG;Q(ItWl}Tu6+Eea+OMBPJTYRvSMu48u*@YK7TM!R68*m5&iyb z0-Zz;qm!G?p4|i*K^tgHfCUq4Lpj$LS6)A)uxQATqQW76t1V$~+jK3u6YWKZuibQ; zC{np|`nY;Ldo90S>M(;@=4ln}D^|33EC=X;^MT&1eKaIQ+JvB-vV3`a8(OY9TzwriNH@=j`Q~h@jG9L+ zBXoO+Y;op59!r|+A(g`rOgooK+o<5zO<%s`rs0$Q0iB8L7DxGS#E}gwTEwNkmx&yh zaL9|-A}{$U_`dWB&Y%V^OH7DdeqC{Y|2wC!M*~TN-W(xVYWag?)Re3%k)ua+hLoHK#Ok zgxumdE)0sBqfwkVj=!@bBOA;-wXJ{iwo|9J(Hpj%>VI2V9S9FCoGS*BqEJKQw5BXq z6iTG%_ssm9prGGTUe>$J?zin*+CFlrO|P?otM`&qcg3XAmqH{Ur*Pr1v z*uG>OWlq=v`@oqATjGPsuU>El_HCJfGL!KwOva^3lw$m|iYeyrn8uRedNjOczmLZV zB1^5y0z4XkS6$i=j_3#u2ma^N;IzTvrdN}nfu^J&&hr->0e7RbjvLgXh5w6P_UW3y*R(08c--0<*vz0MRHv+i`bcKuzCtZ%M+;&iNX zJ#D%~v9&(YtpWxO7?~JH&dDMmf0`a%Hc6D+n)SL4&c;!1|Km6ae!TSkN~x?167DrT zy=X!kleCotluUoe&_j#WW^lfWa` z{4uGu5R(^p3FoJBQ<__Wq7)(t5nu%fd_HdvXo@LmQ!Jkg9V!(u5>YPaWVN&i0Kkbgv}bE(zy)bo9>XKiyRXtReUV*cKn|zctWko$ zi)99#jb%(Cm6bar(O5L969C+4EV#ZPRv@jpB;_Ow zr?P4blpDsWgZ0%JjbeFbrcrMEVVylU%i>mgWI19EW{v1St}Myb&^bQ@PDUlR43h<} zURxPQXA9>K1-H|l(r^jG8AjCD(U2aIG*7NO?UZKGs{thcCeZ~ADMMkyCM9)zg6;g(U zK#{5O88s>+9aLK%>n-xSX}wvk)#VPgW~ynW!t0FNEx{m^sor4?VwDIpLy%@bj>Bcm zw{=J)d3J!w^+}Tq-he4jQ>trGNg|`~d@+ZXNF}-`C+i<&&2dKaOV~Ua?Ug@Lh~88I zP9+m_AO|WqxJ<7B^5nV>xu^&L{?5XFffkRke`ES2N=+cX8d!gdE+IP2M7Y9Rmh!6R z!YJd_968)cczypU;ORM{5=o?FL?@4jDH8P2c|AORio1#w<9^3?*;tC#WUga%jwQ{T z;;dMv;(*vacS=E1ZcQ)Ew9_=>vT^dQ1xl4vo@>^NIXzS`Qbt5Wl~Sb< zF>+8~%*(TPi~_;3vLFDrOkY&2*VMGe0jL~`$y0ZJ)~eSJqksHn-qPO!d+*r0)-4_u z&yb3J`k>i9cH}MojNvwgc}UZW4fj!lamE~YmF%Wg;rT!Xl^~F|U5@#q)xgAw^d@7d znx;*ddT@*MPMRx#`5;Z!;qh-23}ypF#1X?~qs0Yu%t@qN4nPxnkhhX18oVkxPz|ey zq7%N5$?x6gsCl4My=Z9Xsk%jej4`_uCMa^I|GU&j94eYfv()aTk7 zx>t3!ER~PCkDj@zvw4Yf^po|neS8_m{$BhqBVJ%=nGR>PSo7=TIHP$MpK<&CjJn51 z%a#uBTm|0f-S3F!8ydP-cQ!3jkAAR5zF+2><@b?-P)llTo=s}R{~UEE$Efgwt)9}X zFF3!abM?eVdu}~nWLBy|NBn_K*;2;Tx=hyjSY7IQQ(1L+)?qVN3;JRLKFAQNiyB8w zqGnQasH>?%WN*x0z`NoL2nx1=l-_8}Po_hWUQn*Z|9Asyq7aM60+H46dbffeEzR%e zdPu1lFQJTuSW^J_G%PUD0X*%R0IR{DkW|5=-v|^Ve=T8u@ZbU(Ud13#9MJH)zA+6O z%Eg%m4crM#dVOvVSI^YdjWjb(TGV3Lq}0?y@eFam0U=C`FfU7yg_qvzr$fQDH%Y!^o3rX20mTA{rr#cM6#KAcgCaB{xl=+G|GpS z=-h45;O1Rru2CbtsuoMdjNQcyeV}pD^_?oGPYU+*pHn9DIR#6U)KznGU_Jzupq$Zz zmuXHc(Pyv`ICJl>y?)qDH@}_?>;!l!MC%nO#{HJq44PE{?Sa(jN=&kLr z$cN{15z%V`WECUO3E-;2Ic0LVloKtvYQ#ET2&8qh@EwmOY7LF^YBsWG@G ztfa1__EC3Hk5PRCyJiEL)34m zH>f{jO6&qq0VgN`)jzX)I^YCSc<-A3GEV=O-}Be>kIO-e{rf$ z=wji2J|uo^!HWk-4f4D6tFHpoe_xY`@>|dHdxj!>M1$aUzy77*(O-aj`uX5_ zUP0;cee{0+OT4;c0ws8L#}eSh`Sy=K!lgeJv>ns<=>jft1}}XZN#uwE&x7ek!jk~O zCk{w0pKOTH5(^hR^LgAjgE+_W4Ju9SgMFctnJ{sk18BLwtFmQX1wOW}tw8sVYHiul zz#qUhD}eTKcXe$}{TJ1>$>zrv-SsADs_gPttZgO7bzoZSsD>>q zl04nEV&Q@2wv`KSEqD%nvNXRkL)JZZ*XYv^t~fn>ZbkDgOYw2&fu*xnwlyDExT3B3 z)`i3#?g9mgpL2tNEvYl6jQWL#$IlM?mQ2cnUTdG#3-cx|>D+to-cI_<8(#4Bzrt(h zMSL&Zkoe}-Tfe!8oszZ#bK;i?G;AObD98sC5MxuADEwwLrdSd%kxazl6Ul~T1AETv zOvdfC_GH}Y&G*ATW3CbQ`ST}$32@yfixEOFNqH(XD4|w^gr>qnQ^8s#pv2+}l(JSZ zugCR^1%EAq9U8G6$62h8e-0L;&Vh8CJQquL&N00z1X2&^;}7^L`GprBAnzGMH2*9KaHuoFm$;w<3kBOl5^>eK36DG>~Te0girUl ze8i&~&Ji}iJua>U0dS$edyxq2*B+@}q4{7MI{8i#u&-b9+H{y)u=IQs1Yi3t`aQ4= zANMrsNB@HDW3F0WegBeWMIB2L4ar-X2iBqA&+dLM`B*%LUIXGkz6o?!eR#FTv2bS__x0ggSobiR>$oO$OQ% z!Bna~bz*TDS2S{QCz?Po(IJxu4?X-+21^uAqa9$w^4{y_2AW5;K7459)5ug*jOdnr-=buV9c-OI@xyJp#Jvs!DM&iyThc75iG##!{6$2M#{c5LH@ zV|&qer_eC@vs+g`Vfj1QHe#Z}NN^ZrPo4rY#!0Tf?)=kl?h<7?_qDXfonn``VkrIR z4ae~HM~`lN3Vn~B*>rUOvhm=7TMHrB_aqRb@2E@oMlo(r9o3rh>p`|o1pz`pP$9t& z9lf{-R+(lxe4*5L;%L%(U)oMwcqfE0d~Zqb;>Ep4y{x@tqNO;$VwJ@lu535z+v$Gc zOWd!&anh`trC{vd)2H|D{yqGQL^rGo{ZaTpKkR&I$Bt>!chFhAihvb3yF zugCYOSY>vxaK7*{ZyGXw)wMJGPw&}#`mNpQY2aH4-p1*uciN5}FYVkxP}MJt7JVzC zDFyDAd6-8Y#-l^goR1e`W9G?d!`w2h0yNP$j>ZCjSbzb{ozXh-27rk61$0D9lqJ$T zPRVk9oD!pbF``JwMlnTir0Z1>jmKkO#;GK3I6U|Gjn$J2oiy{b26AH0h-*cOQ}QC6 zwsE)k@29zY|5}<16ugI?)BQ!?7Bm-m3eAOZ-`iT5Q4#c3x*BBee}K|;JKskW_PN`K zRA@9{k25Nl1;9ddy)lC>_1Q|Az2iAKEJNGIH{CFMl)(U|TPrl$>h+_OpQ4*GJT$|x zhrvQH=K;0RNFS|6*FGr+)0}n&>W#UUD0%_y@eTLr-A1ESOE-ae&wbv3w(Ccay?H{N zLIG%-N>wTJk+@js^JGuA?xOD(oeRG$LO^l@DT57pU1@{fw8Iqq{z&&Q5mgXyX5!X~ z6Sr=re;fa%#I0EMi69oY3Te|&))69oP~q4Qf`0K4$+m>uTzu)hZ1J_lv#Wd!{Pf~)q9c?r@ju7W9OkbBI26;xTnvTYG6NH0b9Xw>X;5HB zpMdi?4Dy(_l216%WC!}f0SaKF0~~Y!jRTK84gOs#p_pZq60fiYxGz^wP1GoA3N@8l zjJeSrm><2Bx)1ZCr-@fF(o5aMj+e~XIEr5*dAA&`H>I5xUw#SCXk0SZTOjs)m9J?{aE$b^lt%VR=Bu+uN1NiJCeb;J*pX&{El zRiln8;$u)3iKeg-c$jLQs3Qp!FQ1^*n1WPDB}%0dC?rOZEt4z6YOw-HWg>}ECXt-~ zOs|JZsL?=Wm(>cz5|c?H2G&y+i%bd)1}K$HG?}1WVK6A}ksL}TGBKxw%#0(;`~R)b+BAnST>tvZo^tHk8H8>|xD3TiZDS}@}RZ7_x z0Lhd}2hx8gQ>$g4fzRY>H4^_rq17suEQjl8m4su(+T`x#cS5a#-eQuv(b+!Zk&Av6 zNuO3=nt>p#QdFilhNl{`J6{Qm|8tDtLAZrzaTMynd*Hyz*U@dL2i^AiN^sy8;wM2b znDTl${yI&K9(Avv*K+Tu{(A>SK=z;rlZ{UaA%;(b_HuQUmGV#%@z_~TC8(?Lob=PZ zIuoaH5m(W?@;edV0$x%^HgH9pLD(2BR8x3G^#}LeG*+cB16ImNCUz<%usBxlH7gV{rvaGcS_#1?kjId%xHCKy zY*H!k^YD-%a{n*Hd6v!$v;b+B7?!I2PfwKr2QSg zuKmO$!$Uwzi3AurfrrFt;U#c<%W)?y0DN3W|6=<=9%*labT7Q!yghoEG$9{Zr5WidXRIoH@61Ix!<+I0t8^D~T;CCET7zDWzcr;|h60NXbZgVDRoN#qZcHM~P>cVz( z{dmBxTvhBWsdE0h2HvGICE7=>vgzg~{{YNDu64DKb*g@@P1#iFSI#&ZS0rWv49{vB z^}pBzCecszkxh@b-bI)e{T0s*`cPjVxg@cOTtbjR)6bgTk0H++qnddX`H08BMm!m* zv*DN9;344Y8o*m?^IGIlT_jALK*ALH3=>4jlKkk3|FLz61ft-Mx#Al>yg_W3niyep zpW=PlF^NHc;FnsQNZ=XlEp*6c>6kyi!(yujt%-ycS$Y4H13JTlzEvsJ!s8tLs`bH; z_KG>+m?9P>K$hx&fN*D2^YAx;5b=7N4@iohPx#fO+RLgHtL7E;$j`t>3_}4lrJ_W&k$Fcckz40cd3$%=7V7WL4!!6 zi5S+RXV)4cYSnK2g#HOS=#A)0cbDoTTFuY&>F}=|r>qLiQ?fJE}EmM=Pyz82sk#O?1R?FZ6sAeH>g_m5G-2#(dSYFQPr;swNdfY|!- zW<)L{NArG}05KIHW~7+B#RP&*C`&Q}zx?rg#8z2YMvG6J5Ysqd75`O<8>>|Q_40JI zLZO1!K%=5Mb^cXv1mD4r@AS<#_zr%2Cy=MZf9Uk(=}8g3BTa5C#ex23Z~*fXO0}xJ$2j@e@w~oIbmKCQBurBX)#A?Avg^> zpz*P>fCTu`8_k$!)382FnP~JWr)h*25m@Ix!Exv)di0rR=r9g_gO0WWHD0{F+zy5( z?_^$k20aQC$vf$=yZ<#quA%=mx0?>*08Ri4(E>2@&)!X&`rik;j{o_J6DLkg_%oP^ z7N9RS0q8vrcA=Yck{@Q7k{>D*&~3_s?kp2@V-o&D(*Pc=m||Dqe%USbNq)D^ z;pLNBhk?McBfxwJoO|`|byv?+SIg^KW38=`+>tdkLq{&IS$)^tYpa*+H+v~HhTe*7YWVJU}9Zzg9VNO2(MFOCI7 zYAO>S-2qOU8RdQGvL-wcb4ERU`KKlnun%p$@7eZy+n+uE)w6c{v)!;3tP>JmPPxRT zr#;)<{j6O?{fq^KvYT9lFC`b;hqfl4<`aPbFT%y*XYUhkC)gu%6#D}~<^UI!o3!4T zMnnUj*zGfO+jTmpTVLQBJF?Mes2FNyGP8@alnNy$4d#s~ zs?RC3>j3>BT5#bcI{vS1aPPZd4IVAx@QjuF_Z(>q1=LQBI=p4cG)IP|$Ym9YmTDTT zw!(#(&c`0jU+i}I8a0}w%BGBrl3Py3^PGB@MjctVa^0et9hDl5g3fT)hT58E%-YX=Ey z5mjtrS;|GCu|PCtiqaf0iW3pl9TV<`F@J#b2l%c@a`7>QZ-8%uC(Tr`K-5dA@lnvd z#23WKCHz%^h>@WN85S{uq0yke&lu@BZ=&1glx5`B?0#QUll*Ik(N;QTN~uHF?qS7c zbI@&Xmegq8-(8ct<`bpzpU%3IrQLAg-Y+v9W93%dquJ9IJo(^tE9v}ZP9%6Pxt+Ah-!g+bne}yAvmrr zdvtc&_|`k>v|mZ3Uuo;^XdTZdO=!8JUi+m~`lYu1juz;zg|gAv_mpIpxbA-=c^{f_ z+*Mp*pE-ZgG&8@9o|B>OPp^DKf%5(i$i-YwoIcIu?+lq=> zyQRLyt0BCa2Im}j%9nT~v*~M@3NN75n3K~wOZ;*4Qejh3sG$f>8!Q(4sJ1!|_H>Tw z4*S+;WGopSnx&#O^$|1en~_)NQJ<=dD_N&GSFBnv!fcnI$+j5Sl5a89 z;PQ68*;%lh2Jl^9wA^oo?|EZUpEnZixD0n!MAhSY=oIf$Ud``g&ZAZmYafrB_>$nQ zQAmJ{4BixlN6cXjYL}Z=O^y&oB9gXB2>}n$st<&Ts=d#^qm4y0;fR~}PC#4{;GD35 zxJA?GQ<~qxS_nJtyzTydZ+S2J$-FY z`xJ2ELx%Z~ffE{MR&|Fm#E>(K4E`R`-$eJRN|l{sDwAIhFD+{uQC?=8HfuUPzOwy> zE5U0o%cVJ48;_a9{(v*fWN_qll%h8+rE{C_tYES_=i3?cJtMcDEa-naZ!DZV(d`z-!NjawMyvN2=I%DXPH4c8LuED7)^Y0i_+1Ux_! z{t0?>DHyZY&>60`(uRUkZoU*;VaLVGwYpls*sFnWeCs_EU z7bxbp_?u<$m`(zS8wZJ0jJLNE@HKhMBQ;qLQt&D~1 za8=}oJYX}hc-SZn{)YNsWutm=FZlNX^v!MYI)jO2y@qh<r=zAA?>PDa)$ZT{$n|{MLzj<_XMfWgIcH827JkY;Apk#fxW=4^^9G@mH znWYcvmAbV%SN`e1_yc%d)Z+g5Z`?M5rkzrpjS=`4Vp=6~5-oNzu7M#%aS^Og4@WRi zO#-S`%AF3cc#C_V;8cg~vGZ^~M0_En3iT* z#{|3*gT^3J15AFE57l?X#E@a*|Bfsj8CQvwadFlI?VkD-qiXa{S-GB(LRh#;!7^g) z&@8|(v}#wz)CkW*0`GepaVH%x6SV>{}U#d5&1V9D?1_ zefimpSu|N|)Ul8OATLO(tWjSukO7SVLP*P=s-pE-b&Lc=^MNi+i&bG7^jRLu-G%Ar zp*+s-MS^~?_#6IwGQdHG^ap;h2Dq4)AiodZl2AamkYkQJmFsEW_0$z@MfBpG8(w?y;p$q9$-JT z^^;`v@;{7ubiQxL*TC`hjve1n-~z(*0>RRDr2H)N{H%`_psXU8pCAZlJpP90BbVp` z#oCk_nF5u6t#v9SIuqS<{xn+dqoG@rP~jEgJ9F?Hm7x~1C(*kmhI8q`1jf@p^$ulL zP)GMk`0;ol$=4~zTx#YewSsi5sXBoUuo5u1-sD&49c_kEqBEkPkET7Mga^Iy!MPcr zjh=+u7i<3`I%(i*fBqR|RzOep8O|x$ocHHu;B&*qlq!G9 zVv}r#r{*Od(wYCb?4{0p1!x2jwdQs7(SiHX%kw!PzFMkMb3@-=IqRuwMvlDZsaaEw zH(X6zaih4^9}GA)&jq?04*>h?$#ZFCzB9a18f`}}5e&5(wn{DHYa~!QX%@cxO?;Qe z+G`wvAki%(UdcC2U%2M={b)eDuP3d~c2TFrMtBV+RP(gCIv-qOUA7tZ3&b{0me05k z+;EvNk)?3v;6muJpU4ZVa9z*hy0&5ZGNqBm&ysisA)-4TG}1upO%6K6@eM8!!0(Nq zLl2k};t|I4bwmr@pd;cw7nzH6#esbI^CkHEigx8bl9&5%uG#9&EmOMyQ23G){0abk z>UbzQF-u%R`{d^U+B?} z3|lPtmO1z5SS+5rGMwpFR}^^7369IMI30{sYFG)bG)NgnYCt=78l@tT;k4#*T(;Ta zV5L&is!}?S&bNi!0kcTT*!jF%tHTCGQp0xCXOPjf%mCusalqtHW!eENHC@v`a-~7a z!3>8rm*;)V7ZMD@?>IMw&B2?aTvXWh41|a>zF>nL%_3ML$Y%~QRuS#B%(Hl}^H}Fu zJvUC-P#f>+TD=g2z@IH%wr*%f9EdEk$oYiD>$Nb?p06Tj@TI(%K@_Bi_ zg7hhBkiQn9QCvqg5zw!>)+V;E9m)PYgsa-$%pch>K3pgL)zFS}cXX*W2HF z=8T9+W}dm2NGC3aVf@UQ{$8?sItc8~4{#h(i9|pCF_+{ZYH%!7Optl=mS|#zpCoMfv%3Kui%DrWvkRm^{TQB591=7 zdR6KAhu4>`QgdDF=`({#CvJe3)ZlMjMYT{})HKXZP*lF)Jc#!E=Wh!_(jc9Vd}Ut(X@q2f^nZ8`tUTL2l|od}rGi{87TEJjvg?H&vBZJ0x8{exelS19`U$r6*q=_*mKn zFWVLZQDPRXGx-B1))y0TF&!}yHpN&SXAH#xIv<=2oWMCB-OB!SUx=B%XU3P+SM2>F zg8qX368U29l~rHP*y8{V+m|i>e)+QPpaH)5=9}nYCh;>2@A;-z&eLPhfI9i>E$a>* zT-Wlt96fbrEPei!twHq8kU(Gv$PQAx-@cS@?6i%+P~Ni(*>SjoI!c`)vqRczcgl_Z zWpVHe`M$KGlL!1S??mRJVwT}SGpZQ80y-GYWkoatPEAyaUZc`*p%KbxF<*6xSU zZ-W>9o2x(~iO^=WIf*pkwjIZS0#pI{@f~ep&BZc)8%o&xXD<3sz35pLE%~|BU4Gl9 zO*Vh>zqkZkqma&mV7gSHDQ+3oTITbWwGL}3Mq@6P7=>?%Z#*CqbD|1A)n>U@Sg;RScu}8{BASX|1N=%0+|Gq zIUQp9k~lxfFBOoYXPc67*w>#xsYL-V5|jzV&Rlf(p5D8}&uk|?WAq%+AYuXlFHnAM zH82Ta2jna|(dwUNl4Ejve&-*JhP-VQ=C_#)EB|c4m&c~;N#gt8y$3TmkLJnBP z;t{VEEb(G=glGb!{8{LD=NJxPO3nWUO)P4pXKy^Z5&s9@Z|EMoapTzT4S$J`IDdCX zdCs`TapAG{PFQafF;)+^kgYb=`y0bUE1O?jeSXy3+U2u`k7j__#Q|o_h*`^PW_O%l zZOIPMYIBcdT65F>1w%QK>Wf5#BOpX#M!)B$L~y!dC*jh_+bA5zhv+ zNTxP9&3k5|za3xf$t(yj1`Pm;0eWyrs36n3XRP7WbTUgp@~U|P zO5lKbfYpFV1sLAO(U0SJAtItLKo-A%pXR|+Q=T{ohA!`f$VyPPuL;>50_W5 z!Nq76u<}6kf=9ssmZ{hW%2h=cvu!V3v1T9Vx1Y7@|6w;XkH(Z*nNe2MelAz z?<+FJl8MUdVyZwFbX!6#kJiK146R#|gHA=?(JKv7U}!aj3^^JQ zsI_rMIC6$w(*;L+Y&jEDQja$I%u4~iv_&O`m>4Mtg6a3wigX&&2c^8NzaZa9Tw)7h zqdb^qB|e4l*W)QX4G+T^x#UOaSAN6LrO|Vjz&p4i426hV-HDXW?oQ2^ut)_7bo0`w!Kll^QyUFS|g)?Aj( z=!3h~x38ZCTQ+XqIE>crlMesv@1G5q?xQZqN9h5Gxh62_;0UPA#LsIYLzOqdx2U!dunb~ zRqkG`T)K7FuB}ozPE<*5J$Ud|2`Tu*tFJym3KFe2-j0Uf(;O_Ns-}if9n@56F0~d9 z&dYrEQUB$cV0Q{=fxN%MfwaLGg6cs!*@Nj@kQhevCBQ5E2?-~9*x=aDCep)NX0_n| zD1Cj}G>^qcKIxT~;&Z%2oyEt<9N}v6AH2e!&?|#uKbx3LfQwRnctObO+^=p7*`G5=E#thb1LEZ_x}%CS(zE-hKg%^e{kk1_PHy>L&fFp zN^k`@8h-4t58gv7D)1#k#c|&|&KwAGaY1mZe#ypZ6RLbn?ZF%;`izyCoz{}MBhU|r zZpZQGz2Tr!8Y^&t3RfYB19sE!@nz`8!?));(F@*iAX6-74c@TW=&$Zvlb+vq^KH(j zDtLPa2NZGq1_0S_^*NX{(m(IS2nsHba0d`^{s2K@-~mE)4q8hbQUIY~R2$8w(aVD}2HYdlMV)&6u=?i5lbg4|?8aRW~PEihtz0xfmaz+qY99&6LJgfk0F-VmxXd+psbNLAWWo0d7{? zR!p4HWbzsunJ(G&Zm??FoO+AfU~~bC_?Bq$c#pA}e)c?nGnOAS>VbE|QCiAMd8s05 z1T~M^Ozoi#Q75TCP#;m>fDAzVR|ry=s4pCe<})5Qn~oRr8@YTA?TK-o0O!$#O+Es6 z;E4@TWu{^x`@*kGaDB(|LLGj#54Z!xgf-{&^oShI6y`icK7bivzUPv?m#|6Cc?cj4 zpCr(En3nUCI&dzBKO=Y1R*bt??d6XV9rO?vuh)|skjKARkl;-7cxWD?lIw}a2=W}k zCdT*o2f{>?B`o6j{p-ucat9R!dW{iWTLlQ^CgJQ*FE1o1afi-q*IUkw85`wn?#UPu6yY1T(xPn6M4gO4F+nyU`i6SqwI*-Iy0?EU~`8 zD42Yp518!X0!(+{%EbPRp*xhENuw#Db<$!+WxBN_CqkPtoW7XPXXw9?+asbUTKrdx-WlRyR5sNupRud4x0&xPcv7q}J75aH;u*@#LtF-puT&Y!akv%b;>zNNv5U3l5$@FeIT3$% z+U$p+S;|?HWSG9sMdx&;!eC^0#>)gwdcm^0_s*QT_wHp21oY?y3vaq+(xhu{TDV{r zqZ~YBc0)YO1@RxHC{Gh~?ES*5uZ-h7`}XEzp_vU3~5 zabWai6;)T~=lFxc=9x2^vzZ@i4x;DLJxGs`$Yu5SKQL$SoH=^|yuPt}Y~#*1A78n2 z>B`5!m2II+Co2ko>V$V3`U$VmBdBrI z>(pPVvw#H>;04uS3PtI{0T2s#3`7?1Geu08pfH3(KH&s}6B`Z?XY_d9Gk5|XGWY2; zVN(p~m5kf(!D$>O)J>Ss@EJTBawGB^Fv`;41;iANn8Gnkw#PzbAH@Nq=|qjk5Fr2E zT*PA_YZM>j26$9H1OHqG{JF`G<86xYwYaAl$dSjPkCBJgi#P|K$vu46AdeE_#cO<8 zF<$QZL=)N38T6P0jZNsl1ida_K-)I(Q+Lz>Vg^w59 z6&B;)PGsfSJXq7*aA@aFP&xIf;HZu);L2_vnS(whNASwn+!7(AIH*0!&-`8}rcz@4mZ#_ipxWp>Hj;#4PXW7VBY#R0>R{cvh#x zQeyd=`^0g}Nz>UO!TZfc$!l|RUNqh_T>$Q~(va0KnsqC*RgP z^a>7waoycOHFj)&2~d^d>ymGM92+qr29H!$=I0j_Oa;o(Cb=BI%F41buqGG(8S&rb z$+@}5z?GzAvfG&YD=R}+l$VcH%$UlE$C%CMO+ksooe|A*8Kwf21Ke%KahD?^@u-Ya zZVFI=jN~$0YYDCu-h;jZs^qfKWfrxR^Lqo?r53dWhKXFc4HFxekP4@k9gXLDbk-8JrXN(*3G$<99|E?0z@iNLWLYbi{;G-V*;;G#Z&`4 zhqA=f5OM)b^oa=8oq^w$;HCd~d=bRw7?B$hQl*S0*IZH$kIc`P6zU-!OE1>qphNh< z_-bOjMI&d>n|N1oI!~vZY(xmZH1U|4#TOk8DA zsVoH}+X^xwQ4sTcp@NmNVwPo~M8djghrL-U)|*8BNQJZ5Z_Y8i-OV1q2I3|6YXlYY8MD-+=%s$dm3mt%kdYGeboSquGAjuDGN zkW|A&Qk7&|Ei@w`_R`{PQ6BwB%p#UX)M`*F)xZt_WZN&H93IiyOI4DhEZ^-JRdm-u z9gc}{tk+RRj|B_GoP5S6>J$Qv?=dqfaG$S@)?o1vEiu~$Y+QUD{jg?;`U zg+jxL#WKJ`R>VH5(2QhFT-Pwbw2s9MWNhyV_YCvt*mspBaQ-pV$RLb8lq+%VuXM5*foynrYW{s|tasM4Tw znY0=9QgC8{C=@>XS#7;H(_dDrt!r=1FRZBxI14k{o!X|Jk%eK*MD=Xa=4+~Q{X;Vg zGUeIeYLz0hKq}p`*IJ@3*t-`l$O|^cBjT-ly_p^1N|c*lo1b4xKU^4^*t4)YHfMUd zy0kGzZ(@IhmvTR=hxj~_Gmg!f{BTWaaY;dPt!1CAqy{`sYA!(kT3j99x+GB% z3(j=vbOlQI$R#u%O(`!>+}9#9LzxKT1JIht3nKf^0X9_3lWJsD1V#drLXhC1#AjI* zL)?m_H@om+Ya%NDB4g#}EyXCl_w79ZP-=B~XXZ>MEC$jaAC}t0qj2B}U8udQGVtls z;*z!!@w%rY;0~Mv??(q-DsGvxch8)MGCRxF>Y+15aj8vm_FgfR_TU1yXS%b;-+1rW z+xG+3uG14ef4xq-X#$vw3kY_b7u#XPbkA_I3pMcYVF^gN>r{h**2P?YI;JI748Pbg zMrg{=_@jvxT(94=}R|s5B%;(<-$r(H|iG~`f#do;9u~^uI1HJ=7muL#f64% zdJ?E7qXW#{J-@c$Y57WmO$^A?Vnj=c__HKCL}agw%)Gx82QEA`Tq2H5`!<6iNGkNgoEh zK0h=(2alUKUIA)}EvqSSzFOUoQ}o!beJ>PdH*gXOo%2f?GlOORO5(ehZv)vv;FnvL zD7LtTnJu-|tmTm|s|D|@CZn)N7{;AiO}X5BTgeLNM_!$s7r$px^s93xRqj=3M>n}8C;|4@*PyNezel{h z&O;G7vr$cKlk_S;bO(rM7dD_H`<*ET0phnr0s_Dwsy{XHFSDf5-%G91*~vS7kykEI z@q`bKn=Pcx`tyYT7ht?E*(ah-p&usvc@|Fmy_7GThy&`C2w#>@oAsB8=i+?XzLXy( z#LGOhQodF=iW_j)$~)jNQXZn^OZ1>)Rg7pv!|XhCeB0#J8y+1GHXQxs=Jcg*N!{6F)<3(MbCfVGSArf2lVZPJ6>JEh5~M1 z?Syi#>Jr&&4ql1ZQP)xj1a#~WkKY+0CbT@&M$}YEL`WCHI?UPx1khTJ#}E7Y2w}U3 zN}FropTK?zYFkX?q5$)!5so@b<+b_kj+}<9%nWZ^eqNi`VK4>Eo*akW-`34%dE9&? z&%+nV%Wv~$7>z+vuu>^8H_ zXtY_Z_6&1@9R=0Kxi)7@QGo5Ar z-7WtyB8+ujF2)jm!DS#`JS4z{e`4xK3Qq%oI-3A}Fph)g5)9R!fVj^k`v!d5^zrMT z8n1v9W>a|YUwAeP>s-W-3;ynmmZqS44*K}kw}g4-ttV-A)x5(=>McCqz$=m;&Rdn9 zeUj9z=;Jx?4w}Lf+a=HDOg|f0D#!>U!z{p$EMojemJ0rPIVzxDoxBnckWWxg9~?>o z;LX))jR71}YK1nOL9GT2Un*TlC=<}8{AF1r;K(GM*g-dPCb zMhCOWYBx0(HPCU9CnL+IkdFIm*E7E8q_&MCuCR}s-4$GTw5RurN!5}4ZZFt>8vwgz zzr1g}ziP^~E0*qxzBIWlyCTzR$}6AUpw=un%+RK6nJtfg{VaYo(8H71MHUO8*4{$F0GuZh1KlONn5(XA|qZ**s zO$bO`L&9zApnCGOj9|zHI?5+Em`VdfMkG3>pO`~46CRxZ#00&pB74c$rTY)hTC^-* z>@j9}V%FmMUPJd^G+;YU^CBeYkF|`?7Qc#G)yWRS6UyiZHFIUs<2O|WXS?mq7WoC`;_YCL%n;|ewIC9aSIFo~3|tZ<@v&0Dl#<@W6>!RA>{UGo-M(~?wrb)!iL znlE0EK6RsS(W~g&?vdAkyDp;(2H7)GJVHNZ214yH^)!GPFdfi4z(74S2I^*xUQ#1K zsavOMhZ`<=7=GR-swDVCtUt||Dk9P|{GF?bLb^yz#zr8F$$Q}9j3$P61VHQ?c)x&z zUdY5#NG9x>TCncp4wVb`JhT_R2e+l2Pd2YVo-t3qMhjMh=v+;Q0scZ)PMI$bQW+YmrTE! zSKkB)aIEt~LHW|92eNU~Pl7~4=6UBS^y8@;zUZvp4H8>t?s*=FPnl7_saPq?0L-M# zTTcQ0zW7d)AE=&!a;%5n2OL-exY%Rvu4IhyNdTeKMi9+x0M^ z2ltc0NeUklmYI@AfDMcWwnrqhO+YqC&J5)sVamubp@btpA1(;m?Lm8TT=LFDWZ1As zLO8;4ixz?xhp(upSTP)x&EVICt8m}@5w8pRM0QLGL!SS3n0FTNv%)TdKE<0VxCBdC z7jd^z1p#3Q1Vv5U2Li(UQ4V-Q(@QXmh*O-$Lf&MpHx%;1r@cUI>dz)&`r0n^-UE-I z(+`>GcSu72vMvyKVC&Zp&H_tA-YuFf@1r;F`X0@l`V`6CisPW@?(e{!si(Xl__u~| zxFI}x^r(=>8@lf9htS)Pq{A~G`U-6IggQI#LT`Mq1xViwdHEP9`d|zC{@oC<-H=_N znD0{G)`t84avsN=Hff2BjJMVP|2n%8z$U8n|K1##Bu#Tojy7%6CTSY%1vE|5B5hMn z5u{KSkh>t2bD>aya;$_xp^C0h4uL|cvK$sf*}sYiD+O2O7EoM4(Bdj9uDbqpU7<}L z|M%V`ZOY|;Z8I}(-kW(d@A|%PzW2S~mx+r;Fr3T;+E2z(N9ANSBH=4CVu4N_m+P|0 zikD*SroTPf*sXaPN4AB|M zg8;)Gm_28EN*;Q~$~x_;R0le}RiCKoKEHn#(NH{TnO$v8icZPvkzjDw$3A#-%irrZ z;C9MI$19vFRa&p%kCr58g&3`di|>`67#EMIqtTaMl|!gqS+2FeG?Q)3xH zV5=vf5lSA8yX*-3oV?>1i#ldt(x3^x9JJ+u!qtCjdTEfw#f3ZwP1k;o|!VJEO<~S(=MK| zy6m9|{idTnnu4)oeCtu*?HQ?gFuL7eBjJA*kVCQQ0dz+)Ge?N~5k}{{XG)HfD4iHr ziYTu{d~Dv&D)ZSIJH{Q z{XO<%3n5!!zQUK{dPx8eN>-I2Q1+AvkDPR*Q_s_C7-sfi&zw2o6SkT925l%uKhOaF zP(Qok%WCMa{&EHCLe7alQEhnx4X~?_mR|Eic|$7&6X)^gc=eaCUtkr!ORr|7k9W{e z&X!B-Ot^@3CI!?|2;6Rg%S-s!LKq|)$Ay#bcINc783fU^5XSp$5=~-U%!!!zc)W{4 zrXo*uulV?0Rh}ZF7mMy=W8#fDrudlgSh)8ZnMZnf&<#%y984@c?CJ4jO=;`d(wdr5 zu1jeR^TuqF3)!I-Pf>Puk*CFEx<=xzwH@bf@)Q+$(BnqqYpF%dmiD`AB7ILXm^Bk? zMOz%Sk$=So8~scql_!?JeK|e?8fY9 zk8dR1!Q6%e`3M*aCW2|898Hi;5Lw9S@7HVO7Zr1-sfj|=92I0e#J;>W?ObIAl~ zGdpp%1c6j=cv)zMUeN|~csKsYF`HPM7iyr}Bbamsa-Uh})tO;uDCoQ{nbX0WjS9x; z((!^Dn#Ilx?l^3UOTl%E?A8kpF@psvOYC13NmLIUd9|c z7_DV?p+#>qspxBMI`azTd^)QsfIcaN^Rz{1D11a7DCglYw35SPrPhZ|ZaK1T7YF6L ztsCJ3pMTDsJ}hJBX@hGnpugc(?G#*C1FxkHh0gDnvCt&{gqNfKFelKo4gYcZU8*{L zz_7cQJi;?ejENlDtWX&6;T5^uY}XqM23w3=1&g^vgF*o(@`(m~4SW=GFj)hqDdjOX zBmT3+$W&+(w3(vS=n$6}I1MMDdMz8zDU>|gz_9RrIO?dJflbGbXW!PoDT@vyQ7EZTA9FZ<-I2Qp9_y$?o5q2pU%w{Jg_qZFx{6x>|GO8OG& zdw^i>0XhuY1_f^L2*bbqOPOo1bpO)8znAXk&c5o)MDdxvq73%YrHA3;Ej^aK{r0lt z*WgP8Lme41drEX?DIRx!07~lVo#NdbR{k9Mcyq48A*aOhGx5gSJ&LI`~*8HM)#^^Cqz$9ND{~?)UKFQ^r9> z{M7j<0Ua4J{45-Q`st#Pvw}y^!iPq}DyCa&cQ}zT%pEzg)RhYb4PC1t6_}6N_Xf>tD%g9@eWR;9c)~HwP+0I-sTCK*QgIvgnWFP#F?BUB~kA~3j zR2p87_d9lc`|XY=-p#VRX1&mJ|2Jy_>w4tcJ_W>^G`LkDlh)}-KH`kjOPr1RiOT?8 zfd}M)d{6{>gMOGk55^RF1Q-LxE2^Al9h7i+c&RSh}?)fq{s~te6ss&B;9TF-Xqma>~D<1T{dTgYe$HstQ-@W!gDzU zQ)s>z%2Fg>117WEn<*p8YZ(aK2+H}*EytL3%(j+egPq~OLd_ISBHpa@I9XFXMKh%m zZ}UUPK+$YysDQ=_XqZiZp>XS)&WaarkN;s{MO((sV9k;@-&|6)e?PkD>fWont9-nL zP3$=?!JF&w4l4FO(8*};r@>Nrvcjsim{bW~k4*+zR-wJHq=>B#OhA|TPREa8+cNF;Ok3x%nf6Swjp=O9C;mD1S4nRR z|B(EEf`_89tGh5&X-ZGb>@2`2gE2;CGIxU-Hj0%oN^?fozd;2af6r2^iPYP^W$(5S zFys!H2pr?KHrLlTv#7p#>(*x2T$pj=lZ?W`4ERdAkNMG;4qwSAgf%3so?KWytDehk zIh0;ln9lbi`xjoo`;a`^3Dd8O_(*V@_%P^_(2f&NRm~yqwM3c#kx)$`!!VCD$q_c4 zmu|@6*F$dY`AhXfH!YYwdD8644MR4)b9U>*PlobI@p84Xdl~w9arM;|Fz!s{h5FUi z%eRkwyn4wv>m;2aQTMm4-KOPd$u-8<2VWg~7;$;*fm83+ZaL>2U0J=Xa+>fD?j)62{W!LPwE$c%Xg_Y}C=LP4d9uWy87^D@Q)Z zIpS!UXfLQQW*P`ylWf){)Af@{v8~@ifsbJ~kV^u-tO5UICm!e;x_ z`R+O!N`F4#x!hJar1S zpk_9RWBw92$~2xr-!n7eNYsp4;0WkfGunVp-%TIzX&E*2>usFh#)9A^W@8}0a@5~P z;2+FJ8i4-C5zu$m1%Sc80bOT31IU_DTu9+N%!~Sg=RpHz&_q2ixF{6%{dZnzA?`hQ z&d7^&ESWafxrvKYBY`3%J|b9M`_;epNN9BO9>Qh>5jV1bv9u9D-m0|Fd|FxwM_wKO@dpnvW%~^lvISj6at1( z4(l^sh!@898KxvYV3;WUV^w@~lumDsPRe%VnQW zW$2Wfms+qY)mc#BOkGuwnwQ&YaPd{!;)dra-)vDRFfAK^CDw9+FrsG2YKas&VM0}* zjtB*KO56H#D`U2~iAK~*=h{hk4=E?GsBR{6PQ>QTCb_z&YWGes=MG)FJgDkbb#T%P z-)U9F#eGX>IOA@C-fime0Rv(dzD}2)`3Ek4EIok%6+=I>rtn-!OweZNGh2)+BZ>c0 zv2@jQCvJRH@v0fU=P>AXYdWVdJ9LQmL;0bOx_9{RNr!6&2vJ`)%zVG^v_W51#ks;7 z^0oTF?j#N(?6q@pHDCB z@kC``OFG9VTDq0yb<#k#%Y>@KA04im(1nGXPI;x>EQvgqZs}Y3L=WUovG}AVRk-&0 zd!XObzm)pgDlE%SOw2DU>{^`TP~og_hRV1YvzCiWbXW}rYjUEBQ^%O&lsG4xpURO_ z%oZc!%*-#%OOVaezdzh1dF5i-eCEVa>nR(750tPpT{hhQaZvIlBbrSR^E?8OD-)tH zMbfgB1H(UnN|?O{OPmpPsat*dMp{2#aq+6{uY^PgLQ^UE|?o^cbc5D;|kaIbDt z*tOyQ>M|iiJ>PQrWHM)jH_nePUTkg$sF8x}e_Eo7T6wj)5vJ}90IA23IUu&_3Oa!M zQpBZ_IT5Gb3-xu&uhnYATJ()xn$;n9k$3zF{Y32=h=)o5!$#v_jVCne1sM=z$tn27 z0Dd(F!Q{f2R z&c|PXn9}HtxO$EEsa{VCpw?)Z8WD3IE1@Wq%HZ-zlXP0PVD&y+;SzELEsYesh%WA1 zy}eK->UtaH=}q4@rOOlYb)u{=_@{8)qnq4cA431!Nm^i8#H}>AEC%+yvJ)B~D&41z zGfb_jnrevC?rXi=-gHu5p?s(Zc=(QX$cF^f?pMl3x({h0li5keez;H^X`Q5S>pXe4 z@~!)+N~MKKC+A*%6x>>ln`uRRu|jP`yVLSp^~djCK-|G}b*EsOS>2-#(yLobBZ?NX z;UQ(4Mo>(COW8=WN5cA3JW?4pE6m&Yk9%9qogAAYZCV?zm#_FwO6cs3iILrntk~{BU`P+a9MuFc19i!?Y!($(QYce~I-;-B!7Lmm ztJ;XjB15VrKdq0TCJ5X{igeI*`poX#XHG*`U=0>)nkpu3+BB(xa$V-;Q}gCM#rO`8 zQXHTO?7!;J_j|P+$kd(0>I}>fjTIF}5q%guu@p{Ux)iNN|H<3_Mf1))smigi&S{E^ zH7J0^N?K2OJDb1Qo`+?+TQ|{lf%LaNU=SD!rr)j4VbPk>HCHC=#?#UGk5D&+GfDT$+X>xT?3^pfZGQ=Vl_UZ)8oO`uJ+ILXnAy(dNhQ%4Z)7Cx1owtzMnffpHR_vSD_6 zZL`vXFI8-rcvrUjSSWe(SM;&19XU7QSLlB!|IMR5C{4gGoX8aeSYcKk^vHI%DC_-`Q#A(B5=_O9!@5d8T!A467H`{41yC?=7xUv&{ zQ!8p}uPv{G`n_7IIk%6N?l~@s$EA!$ZI7Nn1c>rCa&t0mTvFqxB*U*Q%l=3|=_Qf60 z_J($;ME6n-D3uxb^47r}ER>j+aoN!&DeZtnDCd2=apW5?_w^T{VH?LikN&ewia#Jd zE%0(jBc^s)iRhRlIkXM94v?=3EH<}^3q<6kZ-g0QsJ(+iL~Tn?mIl`x>&g~^Ou5K?i9V8&eZe1G~-EK!#mIKXy-}+VOUJD8?>UL%v>{n+rcsG}P|?I`}e980N?Vp=a@A%ncwjUPS)qOw_rlJ;kM#X&^OR z)O*|2>yphkN0p-#KwX-p&1Cy8+w`DE|Bg+FwVD`>yEx6n?w)@5kCU^jQA6pQjY}T!<+|3SJ(gC| zFN;@hNgVwZ9BD0@JfwDTL64S#!Xa71CeNAD`Q;-h_f1c>#X~OMcHx)cO$80#W=T9Kl9n=L%kvJ`8O}F!V%fY{Z_jyu>p) z?TpTO)e}|?cnGq6W8!5of~b+pvwHLPUb*8`N=^CV>$@gS+;tt{LuK)g^_WCM^NGsJ z6X^QJcN)>Sn(37%n5;(?ywaBD@)Ts$mQNclAJx;uMjH(^g0Y`ckoWU>x(KK^lnFj8 zKDqt+Ba`{ZNhatFx_+W^>~gs7&mV5YIa5C}Axtv~he)KlU>B~1&H#9A9-9ttZA+3O z!umG+66*hkZp5S)kWH49J194IP)kh2iS*lW6A-g$viT|4%?6slC51zbbY(D!C}AKz7&$TKI*Q&kcq}l#ld84V2I> zBz!?nb|D>N1i_W+ZpfbWSDu)9CBn#pnv!TSsUX!}&ev}$6g7%ywc_SYg*qAsN#M4a zpz(F5bBNL0p}?Eq!kEKZ7=+S1v*(=rY*-AVFxRr zT>wbM9?2v>)P&)#XKS;Zfq?MnTc8CKTdM3~eCt12zy2eB*ww8;A3i0#*9QqHrub>d zL{iuLwqC_yf7{v%I_GJkRxPaCXcKHkn}YOpm(Am5sfml|kb$Nq^t~7MLuIHA|Chmj zUi5ua69lj)TmX9_F#Qu5K)xn_Q=o|@2iO$E#cK7zcK_WV#19;VK68XVWBG(ORiWg* zJK3!ddoac2=7W3Z5mfQ62qSNzbNZ`(DpyBAyR^^YcoH}=ot#4h;%?wO9ch03}XX(?=1p)XK2kK6;o^$E? zz;k;1r2hk<$x=lC004N}V_;-pU|?Z5>gBAzE1uuxD+4z>0|;Dr_Vg``{{QyhOHNKU zAt0B7fe9oE0GBuq2>^K7V_;-pU}N~tz`(%C@c-@q|D2o*KoMlXqyYeVcLg^9004N} zja0F26fqE;yj%VyQGoGm}eIk65BckeifT3~JfUc69Kvou@0P_BiA&-Led(yvJ z^zya#{$kIsJ(Snkd=K~x{Rg(u>_fpGx;r}l!}k%}jKTXg;q1=a)$xD0JDmfaTPWr! zY#MRDxeAd>LrKbbO|JW*BzLi|CvF8U-+<%GVjDph&)N4dNk3C|$lZy|jmq-wekki) zR;M73dsq=i$Ytkk+9Kba2XQ~uR^%boWQbcz=Bm>E9&++li`pog-G{i{Z^`*mSlSG6 zyG34m+KBQHd058WG&vI+NlXIO421FhdPqdVt#;82sB34?1!|Of&9J_^u$g#_ApOa-Dmhb(PKX{e<-mxfSr|s{RtS zyH|gOtlhcdJ|cQ5>VMY*`W~7g<{7Zv#~|LYvg>igdk^{^0#A>aPwr>7s|G)!y(ot{ z1p8f0!yLr>bWYAx*lv#W%FwIcrY+_%_x?24pWuv-Sih3>*J3`HB|RwnDe~mm+{ZPQ zK1pu0Nx#GOnEwB4^w?$2qSt2Pj)TbO8P>Ogo%;)12+q&3zoo}!UXBKMkNv~Q`(f0- z@cL=wUIKPEJd_g^)FTM=J%)t|F+=7d+GZJO8cu$004N}ox*KQk_i9+U^FE(O!5o~Q4vj% z;YWz1&Nw2E6wQ!%sAQayBBH)hnt6!i3`vp9IP(h0^URPV;uOhqoGB4Gjy&@Wl{x3! z&E1@H%sJ+obMAKAZTJ87JRlGV{=bBS7$7Cc=|%MtdKtVy-WkWDkG1(^`ONzq_-6QO zd=J3|VB2xt@k2-fLn4Kt2ls4)pS{A*07Jv4yn6?;eY)mX8RusF1rC`gkI_yRqJdPHpiCe=_ za9TVBFNqJ1H^e&=@CovS)kI8UYvOtm?HuBqm;fe-2ztU!GB4Sb>>{#=J;cQnQi>{N zm&72=o@br+q)OA!X+WAe9h_cpfqTJ7hLO|BQu6+nVhW5xrZin-U7Vt#s50s>b?XxI z(ov@Jt8^Ni)Dl~jS@v+YHQPhS(rNT^`c#fj4l8FbSD3qag?D8z z50=-P=e{buYGDL1c#NHVc79*}1{1+-WbPFxzP7WNEOQ~WFtt!xxKM;D;uo2ULB+V@ zf?`Rrws@CKW{cT2_Wm{IHA6{wNk&O)$?yfGu!VL#u&m zW3{J-Tl1vGU5l>e*Q#nA00iIwLx87_RM%SP5C#j?LeI^{oAbAlZb|Af^#k>e24chL zZQN~LBd$?wy9?a) zv{~h*gXnQT>V34UOjQb$6W<|w`H!)WSNqn#UwsNZ)vGWnx=P*;?yu=z zQ)j9tpRt~q2XF(T0nZQNgPcLjkIJE-A?48FbLR8KVcziK3&D$N4O*if@gAX!IJM57 zq`GJwM>qG9`*KGgqvz|FUqN3@8$brYpf?=+tR01pfyYY6o)`&6-Z*T$Vcc!fzQ(*Z zO;CSXn>3r{zaC62ze#^HF`YWCnMs{#ov~Te7PDphZS-5Mm1OO(THZ0=&DtpMvF}Z@ z{~Ywe3#j^|DV4B-wEZz004N}V_;-pVA5rhWKd@S z0VW`31VRP|2QZ%j01Z|Ew*YwBjZr;I13?gdcZr%P1O*9Vb%j`1% z4a9l#v56S^8i$a;t;S)j<5A-otl?ebS>}FeJckEkQR4_!j3L*QkDZA}=A8 z{vVm-gnTu&bezN~&q|=Xv`qS#oCDtWMU9$!Mtm98$YP6U4%>nMaHMy|Q5rKH;gTF} zdel#Jz5%Pbi+Fh2eOCpPBgYX{{Sm|7?V0U><1jc`!APs{+2;#0qcR$`G;4Je@!%(n)kOokFM5 zX>=93DqW4PPN&l~=nT3hU5l1^EinXV5e0S@djr4n3EiN6)7h&38&d`UCxu{zQMKztCUlZ}fNi2mO=&MgOM%pa243 zpokL6sGy1(>S&;e7FMtad$EdrI1b0-1e}PI3TNPCoPtwv8m@w?;%c}$PRBKH2Cj)~ z;o7(ku8Zs8`nUmZh#TQd+!!~(8rtZfiyln$F~B;8xG8Rio8uO^C2oaVV?WNq**Ji6 za1gh_ZE-u?9(TYUaVOjvcfnn8H{2cfz&&v<+#C17eQ`hB9}mC-@gO`HBRm8a#)T_j zV*-UKW^mx*5a#f(fR6wn4kJR01SvMKi7jm72p)=u;o*1$9*IZc(Rd6Vi^t(yJRVQL z6Y(URhx2g(F2qH+7?P2Cv2I@Or!fZ^WDMX1oP&#oO?9yaVsVyYOzj2k*uE@P2#%AH;|7 zVSEH1#mDe*d;*`ur|@Zf2A{>}@OgXzSKy2I626SD;H&r=zK(C;oA?&Kjql*Q_#VEG zAK-`h5q^xH;HUT*evV(@m-rQajo;u({1(5%@9_ux5r4v;@fZ9Rf5YGL5BwAV!oTq! zgHwY6!!U|Q$tW8YqiWQQy3sJ2M$1?+_85DORb!uVoN>Hyf^nj8l5w(eigBuOTH*3a z>bq-e``4uHtgS8EcHVaKwwt%TyfyQ-pSOd&UC-NL-tN!Z&cUoTv(`L#c4_8Waa>xY zv1^xOWkt4ARsM$Zf>4zl?kB}Kv7)+&ky?bwb}@}rRGhlrqMA4(&x&RWiBl2XjS~d( za-J1g2l-7tGW%+#0aL-a_r80%QNg?R!Sl(c8X50P*q+{jVv!IChkHNqrjRp zC&8xgu_D9OWv85m(v)0(9Beg0&)Oc@Ze)9k_Y9SlR3bHvRP0p66uqDq*z@Alvu1TZ z%p`OIU&Zx}z)Kfu#P&3DRW_*QdK#7wM|Ln#m9eE;Be7;h{vQ{|K`^h1SXj}#6h^L} zlx=IFBC9wJ{Di-Ild_vwo@+M}wUvw<<<6X>uJuiKk~nq#HuFcGnkLOmwUwW!sF8Id zncm9uLus72)9s?1rQ!M$o|oZrUC&*aTDB6ejW*ng3M!#%CuyY0q4I6lt1ql@B(|!k zY)xcA_AuM2CT>!S9V=2L+fnQxxv*B8sBkp4?D?h@O?C6#9PDve7cGBd1HliRqd289xN2rBf8jpk+^@Z!_Y9k|&)+@nWx2?me zVwW&ZdNtRd1{o~2Bc=S<36fS0%UDrkV5Zf_mcLZ3C<->U9gR%YR#Y=R4fF4s5!yw< zBQ_^?kEqc!^}J@T#|z8z_Np!0vliBlS;d(J z+8nUWDYH;T*=CKrBPQ(04c|~v;_{BGdEW^l_XyM1@@mZZk?qJL$)=kyFEhsr$%OX0 z*UT6{;?1MLn5*p~M{``wO^#cMlP<DP23aV&4z(Ag!+DHU0lQ$)*i z{W+5}b7dt=V~3B`;^)M>=Q+rY=owK7rhoXbYpvqEV! zQIh5&7|XeIG&Xa7YrfSFr$Lf0ovGP9^J#sb50lL;arO7M>v<|*$L!sm0(BbNl?J6> zS6iV(VRpNGfnheU6ffA2(v(BXHx|mN%sAJD)}+d5PV=HFZwZ;Xq7|K5n9Y+a`JM7Vj zlbw>nvt>^>LFLsZUOrm(9W#8GEpU*Q+Wd}I6^V5$V=DW_#m6-7t^Pu$RmQ@PrHzal?w z+zn-n(-}7ArA_6I1ODOQ^B+$bbXN4)N6W*@Snq_)q-D+ZvYI2G`YV$l+4Vuj)|(sr z6z5l|wuwj9*IHR+(*vVGhB_j;BIK^tO%Z(&0}<;Y^v||~?fq-)Ypcy8LjeuD(iPB9 zKtlly1vC`Ua9AAm)-+-)T1P}zL@!(IthRLeA_gMXMF^<9CPKcp1=JQ$yC=dFA&9mh z+Jb23ww=9}w}R^kt|PdP;5vfq2(BZzj^H}7Q&)EC3Zg5Bt{}R(c?a?Z547`E&k$%g z-|~Q&xBa}8#e1?wPj>Ceu07ecr#}d^mqX8yjZN9ulx0l;nF2BeWD3X>kSQQjOzjJz zFNnS%`hw`^rXJMa1k@j}zo+_}fClnmAfSPO2J&Gb+YDrzL0=}@qRBP`L97d6T@b>H zp75e4yyyupdcupI@S-QY=&cK4D2SmTgcQA@Acno-w4<+)Nx_=_AP6Ca$)sS>7SR#W z710x6is*|Nh*%dfENv)Go2&{YOj*kmN|-_kQz&5yB}}1&DU>kVvPnla=?Fr|U#O0Nrc=1OUYV00000000000000000000 z0000#Mn+Uk92y=5U;u?e5eN!~<79=jS^+i!Bm600*lcKX+wfW(HdY zfN_R#dm&NLolxqx_tG1O83no>L_x*xw{C^(d@;VG{rRcc|NsBLAX$vz?hm|2KvZ=) zOIuYlvYz^cEXd)e6i3QlvtuZ5)HY)BifjsIEo;AS{=hCrH3#ONR4X&pisNaE6`o9R zCg{jzY$xUj)qIF1h0WrhL?M}8W@&a!Gh9f-773A;`E>=NG$e zQTTn4msXK)xyWnukjC7{D2KVM!UQovQoLP36Ms;#ZSl^uAEd?X=VDINb45_R3pZqZ zIDSR`c&6ED?Z#`2le(q2iuYd=Deu&3#!ySRI&|~R$j+|tJ$mAaCVzKi3FX+15)CaK z?^A^5Yb|>{jf(*U2|VQkK$fsP2p<{aQXcs3gg)c<56{o7w;~tKHezFpF`~wZ++PsA zQ6Zy3Qd-?4S|ue6Kn!eDRIr#CC}$KHb!MG6|39a_XFm_-F+9N)48sVKRv;92e@dZq z3YA@yv1(m6ZfXYr57K@4GMS(GyWsVkN_>l!YT+WE#05TdA*wOmxw#-Y7h}V%1=M-B z1r&~@FDu>7ms9_LB*#grv5IN>kYK=2N({OLNe$YJ?$SDcr;!Xv(Mb$RN&zgv<=hSw zHtpvfQMYB4sWI4hAGuziRDN$t2H7T-1ref;Esy{I{hwOWEKA8^>;Pf`_)03Lsb>q6 z0y+9I{Q1R0fJu?Vg4o$J6Kb+ZsU7SInvjTJgRHY6l9FePiTiL0BXY(a2@WXNhh_td$RP;vh>mu z*hwnjT2OSUf`g%Rfx!dOs^V{1!}D|N0V8@;kI|#X0tOrGuL4$#1*~9WW7J?oZ-9t^ z5+;ZzQ&c=LP{G2$x-{xey-+SH8Qf;b9WfnZdO~`~!^_ui2Y`6_R@(ma&*`hS-i)+( zca>ilGaBKoOl@>rg9tImoI0frXaIPxqa~6AxSv~?DqAncbiVO$ug*S=6lXUx zl9MCg>dNcLvI9%-krFqfR&xvxIH(AU>c4funC_(m^LQ=&Zfi;vRp|(ddV!I!nB?F0 zof@J6XslaoY%~_^QyaC`Me)zcRtJYSu-)E~h=34a00$$t^KYtU3y{Q#m$KF&>q2)f zx?MS?_T1&7pC4wx|NnddGXs#E8Gs}JQX&9K;tU9h0Lk3}21%|yX*X}s9cpUUD~Bxw6*`%>`@byFs}U)yRIPFsr*bG`L`T?WetqF{K(Ig(TPtf-PXpyZL|S{QN}g>q$2cUuk9$ zMuapT8EZ30AxP^G`6y&NV$KQ*nsok5LOg?t9i-Sn>bBY4fqNYz zQ=n@|#Joqj(KX1nx=r-b1O>z)vB4z-vi^ zQhnAu^R0O0=d&W&Dxdc(f_$*Yv#Agn(E0&x5h5fQ6rxW>FX z)O-g)e<4;w#t47|5R_&tBWz@s#AA`#O((TbFqnhrS!$Rht(6d^J~~Ix~WyEyba@TfgA#-$bRZ9rYaa zZpQb7i{kWut)CQcn3+G9GxphJ{|iR<>o-3ct})Uhn_8~!Ppv_O0%bI0xC>I4w5-zO zu_LZCX}TfZ#K?cWv=R(2j1r7t38TalXOSGSvEy9Qa+!IR5g0F(iiTAzT4jkN!ATyh zdXZcu7Z#@2gzHxk7Rx{}NHbm{GW20br{)`XBkoTayP6pU%fZDEJ77TAj-;*USj}G! zDnaLAQdRJvX=X!aa6*^?9%IULU8{3~cs&!t(#=2iWj$W2V(Kid=4~*-?F)$x?6Zt?#L3xW;Uy>L9<`j1#9Vsg zSpQ+EdBNh`@PGJyf~UIKb2;x(_j=JWq_QU!!@x6)wv|tXe;^$R4`yLhn2V%mn5~xYV-86RT_{^9xL)C)pZ(k_HmcQ!Ud!VL}*IY6`w)Vo6>g%u10iI#U3Q(~x z3>NDY?|i*Kc`Cox>`OuIq1-ouJRbzI7bn0UL4+{1_s6;Gf1Fq0BRuusQ z-{-N&1yZRGevvn@L=9I=`7#OBZmYV=p|r12VuVKp%5WNdb?cj(5BPLQRLbjf&C-_! zfF6|%Hqn#-Z_T2z&7v}E1-G4+I$)EwJfEZn@BIyz0&NrM^idp6n$=%;YfnieW;TS8 z$y)RsG+SS#WbcW2GPiN4vj4)w{+rB7kvO^84V7;eoZ*qJ;0oV{xEuTfL*mg`-Fd%G zh;%990Q07^h&{Z9`vb6MOy3g9F1W%P$ihjf<4s@Xr=8XzLOEZs*oR%V{nnY-GoPGxHxbui*F~%WR3Fx4mUFByJ!Ezq72Rc=SU){(smx4&mn(*ejEX$ z%{U@$l2|11aR{4g=wt>xrK#4nmgNx<>mnCgnkaKa(YADKekz2)NEdBd$6csGT14Q8 z^`xn77TYRGwuqFbK95+*1YYQ=+Qc)t{B8=N`MjT~-01T1x;teM`MphO$^}H$5@8L1 zha*VxZt$nG{cQk2ApW}PlUW7!~&OV2^P;xcw zd5s%lo{IQgY3rv08Rla2?xm0b=G1ZvMoyG04Q;5bO2x3!+lv>-sz$4}`@+Bf?sa z`C|q>2AeDd$roR*51!jr3_~N z0`!Lco1wLu1getp<<6^}xTed@^|LF9T)Z`8FjwnZWq1>Kd@G&Wwj*I#2nA!+N7ZIk zq#?ANj>lZqoJ(bK2XM8o4f=(RA`~KA9bfS?&t(^^UN< zn1f)zc>?&W=YdE&3-WNc5z5HpEP$18NTrH>t|RUpz3G{1I-^QKEhkvJoQJ$3dYNBO zQ;wO%+k2B|IM|Qs@t*zu?FM{ zP&$dBc?`8ZHd5%i?X>4@$ro7=g8kr1E#&;cD(HlDIi8M@%e#umoB&`3Um7wvZjls# z)Bf{~`UA>=_vz{$VyDJ?^q8zK`TBbD3y<{sI$yb`UH2MUi1?^;0&q}3XId{a?h$|^BLX8xS z)M6eoM5{+-uWipjqn{0g@Z?8^oOT{ci9jePbqCFSdBQ{|PeFPE>&EF#l8FR+oZq2CI&x(GJtdV^T89-tlsuQ zcim}R%}mi$N+6sVOvnWu;Rh^DNfi(z@XhH#HpoVHeKq|0gh$(VmJ@l!Jii@#3;Slj zl-}M9`UD%>8ylUi4c=_yq2_fu`B#(ooE?Dl1?7R?^lh@Qx4bCZ3U%4^*gkKkijWBV zf`y8UNLH+4JS2$WA@l}RtBm%xug(qvXM{S;{+F-!rR9aJ4MKRYGl-(xO6s^uc z`(-k|i1oasBZI0Q$aXn=BcGzmh2)-rklvjZpQ1>uWpGSm{|;z}F;ps4&6}?j5FUje zAfPNu_Re7G*3H)#+@V;Bq*V}MuM!GIT0XV2XWrISl&xX`c!!d~lrJHnSew|Yo)*BT z^QgwSJ=*@`L8OYWT4pD;z_}I~Ctpz*EDO|^%-&#u#7S0`d!*;vHXis0wP;?3$jrWSHeY)tj7y2B-2h>F?A_z5 zciF}o@8;A*Uz&77uWQ~hEuhB4DS{m+QU-4?!V-2PiJflXU>&&)#OID&5Xhc-FJ^tV znILx~Y(<-M5#mE5@tH9$L+K2&o5oeGdq|GLqeLBO-&!SostVdXYchjYM#v#rZ(qbb7b0G& zFxmjwOC#PGhz#Wo+-~?-dpLPsb!%)#rm`i#NM2I6mM*}6ktz_BAvB|~TYUR{2An=` z3iL%b)YcaEKi(pB!T$b}g7_T-xFfFWnEC)}1hRnVB$0j&s>~$a0*)HSJWO%Johle)zi z*)x{0cm5?@Dw?#-(8GGtrx7Qx#^P}d_Bh-eoSz#9J)rfo8{q~0#dc@U5^EyN#G>E#W zEL-{i16l59%I+KhGH#o|>Eyr3#k%mPpmBQps|l(yZN{+$`LEH$-uzev!4p<$RvKoe zUvq$@fL5_GK>kqBG-Hn%rn+*Mx7ivryiyUH>ee6@4)e;pI8bSD*)w6a1wYr#Hws7?;rj4WKagTxywU+ZbT0MrPO!{a*in(GK)E&$JZp>< z2hS=#7<^OkF+KQ&#Umg^u3>~SD#jiW32T%HS8bViOqiTh9%(hAsiTKtw8gU#+Jn=t z>moLzuWJKa@Yi*)?6hVtOQP#(&P@K3&Y%&}xWW5&XC zXm;BzmH6unu{a|$v+^k)%Y!77Kp_**1UtO!8}!Yl&?9*Io8G<3`KOCzs{Z{aQhEs5(+mAOXt0_>Eh zXqlciCX<-XDjqEA(q88c4U zj)d?1muWF%%KVs36`HcJ>kn1dMt&(G&X0msMqAc`bWh-@_A z7EXlSZrCUiWe5w~)be$Dt?D|}HBT@TWn~Rot(ufkV5?4_&qT=O0y=G^^fREz|1fW5 z^zp2EqGoYgN@*vh~wB|1D`m7DIY#cfVX1pxXT#ctV8*VNo?c&M5~= zQ6?|Ht0FBw=!=(rBf|`lF^KbG)n^(UO5;ubO#36a#V>F3Kr%Jq=Ai2Faq^l zE>seE2r9l^RJzf?xFAnz*QxFa3LcZ%T7xWx$4Cj=J7nZNqGl$QVD7!SbF)*(D`)W@=PM-omz)a%^q8@k@m<91F3i(W%8lMLi84v!T? z#vnfGEntC@Ju1OebUdiAM$@Iz{QL7RT3n)wdTXTPDn-Q!@j*mIH%;gQ^H|9OSJOj} zAcm;`_#me7nQNphyCQYNV}srhAw_MEch``^spG|?L2PG!m*{y~StuCnJGdc9fvvA5 zD47cO#(dDhg+P#>%7F=BVpAwgusC^}wx=Q73r%2z3IrT%U0;~x*a{UmZkD6_V<9ap z3~%N*<1ADBVHqljO`ky*EK%- z+I%&@vRMF30wB1eCy+up68T452-0%&-X?FGd(_Z$gza8s=q(8R?yEc+mLr3K88IGj z)RFgYN-CGre3~?EV<9D6GI@kK@Aj$}Z78jA535LDD`@oe`F!Hu*nD#Jz*Vgan_Tpn zL?8XvU;&*w^tnr~^4d>2D|3nh4t0Y~S4^b;XavK<;G}u)SGByi^d?9g?N=A~nd?Uj1civ%c#?{2Q@{qkS zdKyC4D`se0n<=$UKd?@OGzr1NRA&#)4lu?vie zjCcC(L5JeJ`Prp;QplG7CQQc<)k+xm$0b!GHS8DA_UjiR!fDCw(kSgmd}DcC>&awsbdsv1QdMco4wwnYXlx&vGhgtcz{49va0 z=hP9yDH`*?xoqNiy}3=4m@jGmbQxN(_i!BHu#6l;u8B^JK6m|U#4sztM7*nWssd2o z>{(Rj9@nRLM4k%Wv-#Aa^QSmjz2}5MSK#g^{nyT0O3%uY&zH|{KSRvyF#CcTTZ^>G zZR%A=e2TVXf9x=So#Nd}Jq`ZIt?obm2vk-@SKOWzH#uaY@{ecSaz`{ER!)+tsmmRy z6^(JHW?~bE_Pl*wiem+ZsX;`2-@v!+WRipa+*RC6|o*F^4p;k}A4gObSDB9M{wf+oLuwWs}U zvflQogb7C0f1y1jA*uNdYoeT&mooJ7=b*cArS;Zf;D>D&%@1x4iCcOi?_;m1y(?nh zOVn~Dr_mdrSp>Wz3{3S@ecVw}V=?}qX6f%S!iVKg?G^w$P$2vCJ#Vq6#}-}}(Ww*+ zMEb;lYK2v4=!z6QTaz8NT`f4@F-3u`2ij7(V<922cUCY)ffRm|7>WVxbsYM4c+V>k zp8G9GO=l=pDnbu_a~sbKVEM4xc`PylB&-BoaAYze;CAeUXO)grC$cobVwB7t1q>X) z*Rc@|Mgs6mv}DjME6kzfUw~9E5thstFesxgC{9bjM0zp=J{%rQs`%yN1;>qbrTxjL zMumJy9qb=R!87GF^P~+rlu?yK4t=C42)HSA2u@K|+QCs*T1ca>9i^O_tENyScqjk@ z4v5>3LIy#*BGAWTfk4`3%63frH=H;Q z@PKfz&vPQB=f$U5Jt;vGtuR))92~H?#&yNfnOzczp)|2%%h~}u$q=+jPd4TZ_$Q6Z zRt{;}pvoH=)D)yFPu2H|Ky*DoX;$sClvY_7n1frSW~HNSW<#e0H73$)khVH0QPW1_ z+{XhRscQJXpkIT8rr2RR8n8A{Bn*&YjtlHdMl`@{XyLF-lY$w?!4>96YTEpj0S;Q! zqEem!v0MKCI9YMBV`RbuV7e$^*{^DAe4KIYfDMBLw(F&VyPOshCx&;4+~;OVk}gbM zCTjDEAER<%?sm;LgYb+zEn3~J?*r))#Jb+~+)@hwp+w~pmEjAGu zbwpq-p0v3`jl4sOLjEkc_*q2(R%G}g>iVek3814Fprn?Iy#XO^why_+sH2lHs@sX& zuv$Yl2w{vt7-wI>6}xq$_j#hjmQBI{av7Z}mLVgq{{f1bYzk2rI$4^2om$y45~<*T zxdJiq5Q7USaH;4j3M7#iA}Z0NOt>*K0UL}5?yhHYJC;6U#89i1Ef6W)c~OQ9O*39X zfpDTmsB)7^Xj>YMOvp_7nKt|+pA*fLnoT~=Mf|cIicE2`PD&RUSA-oKlu4@H+RiRN zTt=u_C9EG{Bkb6xed-o0z_>_W0NFmxHX(l6K}#g=#pQK5L`x|cAzU_v;%xddiV;1S zvv-Wya$;svOR3aN;61AF20RB*Y89o(RLA)Vk4Q(ji&ox(^2SF;x>Pb|OFl^}yn}0e zI4=DVT*`1Pj7o*Dh{(ax)r2|_@(f%J?b*gwJKFE#wf>^4x4`?>ZW_{t)p~VbAYWi1iQCf@TUQ@F z^TLL5+oi}2w;#5uJvHh-2myRmiN@=2YxgYkOpD#Xq7-%A3$Ig6bYYVem$@gz#!w0b+*u+`B8|C3lg)kLBB>a%jf5~UhebK zm4geH&8Zl&x5Vth!E*ZAGt37DAGcsr2^A^?1OgJnzZNu@;foe%;_vfQiEtmf`@cqO%^ol}# zhivKxy)Mnz`EiS}V=~a##apt`XK;SS>+n`Wx@mfDkQHh!;xpx?D`pe?7G4<`a5X)2gUry3e-2*uY|6_# zx+`9TT-z~18ue7$GaTAuFXc@x5liIh=l3X4mOuI8!kACxnyDBe zTylOltLSn&=6Y%5;0I1pih1tMw&bJWlX%35haB!3A$n4fG+FBL41CNER1C$Zh%e}dF%a3Z34C@^Ltq^VCva^C=YxBkN_sLd!{Dsql=0EXBmQst($WoIP;w)@KgL8l1 zaPNBe^+vRrjD|T*k0RH$d9^s;>odv(08;*(#X#Mqf2Pc3jxFWgE>u<6h_zQOp&7(s zZ(5FKVcH-@MqHEhx)kxOm0Lx~d??UR0S@Kr;8x*f2N6T1p{x1jP zF3tu2T><|aB>?`NQhCFg7`kM@wbbBXT0Ng7eKFCp)^jK*d91cxyWCy2Um#;E z>F@Ogb>>cT%?E1se^mo^{1^f?>aY$L=t+m6k@6^T9A~gnV{i`^fl%*_`vjCz5Xeei z6hRdjlG!KGlmMx$3{SN&J2dSv3(lwh&)afyS=)aYSqo4mT;phv4`eX2PBh@~t8=3; zP(KM`L=1>93KpRsc~tKELV2}Qx&?azE#gw?a%va5@UQyI0V`f4HOoNN@)xe_ptN?m zP>;J>`|ywc%_saR@WuT=z2cv_OUUIP?U4WHe?Rmu0YrNL3bE!1`Qv^45e&b<2lC_4 zp9z(;=z|Dit(NC?TAu$YdHzBcb^kwesAu}QzxG)eGY?AE^`h%6Ni8RCzl&yeIr?_sG%m6{x?2`XNy$6_U z9r~9EWBin;2x+xKLT#BsO~P9k=m^yeg#*#q;0Uab_;Rf*{T-=D84ov!K`^nu;U(Tc zRbHlxztRl0A>K40%^L-{9Fnirb?!2@ozl5#z3c^0PKjqERArQhjIbB-MxkkDx>{-# zw6U3UA3r=&{3i}n7=#wIfOU%f-m=%TXU~|GQBzA#HBRR(M`5}CxUn2d4TxxX@&a9G z1}imDq{dC|y}*4!&7wCqoctqzkw<6&SEW9=wdQqnkN0HqKUrSyA+I9i)`zRq{yr1A zAF*ek*I&vU!P;jg-Y0xZkeKz65=L$>`}it{ooud1=C1$o1q-sM(uCS4-uzhcV^C|v z#Ac{?*IJ*EXIeUj(FZWv^5yYP;>N>`;ZjE4DaI#FAX>qi`cwmW`Uu@;^a;0sL2!$F zad%ynyA%}{IhI$%xyvXu?ec#UhGjQOh`)v+&Ff3#1W>g=H!dLKQ#f6u+%wf@LgP=h zJfJa`T;(anuT0A9DEUgd|B{h3adN52tW3X>uOBF5TTP0M^x}w7n)PKy9_BO_2Man3 zejQr)z_A_4w&M1#sy0l}BAvuG-6bpyP166{xaYqq2pe(M9N$mUIwMWDsD@J%VwIwL zxld1#{SwX%m*7E zD}ebILdkkp&4dy_owNnc^ENKRNdBU3D{Q8UAU&{A4+PQi+&rNpXeOt3(5xS=>P^Fj zAKqub(MO?K;Oxw~lccDZDrLKtF~~~|DwTYdfOzo>j1WlEKok~8jupH}aD;sHMs{o< zYT=|b?1=?#Zi-Ea&nG^A5n^<~P%1@%BP(wNHwOEKH^?DTFZV2&A_3nAptYl?ABEur zCQnSj9)urFGM#-)+H>?{VY(lwg_@D0gr4vgl2ng8=GmQJJwSGq0+a(|yMg-#dZ>(% z(3u;w)msS{jk;tENcn@6=yR#=wqBMSvfRhO!%{OmVVEpjU!KuiSkyqH>LAkvE)1e4 zPd3@9oWw?vb~5*8R{2#x>S#_)MzFHfrK>im(Y?aj6GdFlC$w@KNhc) zu|H9svdtskl_(RVg7hArGN~p1zQ5qG^??b@%HI`jwAEW;=JPz0zPP%==|a(4u{&E= zJ?i;=_V1#^?$eU)Jg|c{znRq>V+6jUT1wtN< zKM<=`{x1Nrzvsb6;VJ>}?g?lWV_>q*3^AOK{`f>(>D{}EqUa`s#tfB zJ_yL^j}}z-)Wc!g`vK_sGjk|h!1&@I&gpeU&uh9s&ETI zU6phAq>9rW<#8b;7&GevdQtvE^-?iF&Hs8yYbGKnQ(* z)-RN}1tKzxuk@CN4v@myro0bU`%v6mA=K5X8%;yt@VGz;EKqJ`&{;bTCwKRaeWt_) zORwyHsT=($k>%Fv)VhS+{_Aia<6w@Z9oS2)6KmD#GHP{2f*BP^R34R5VZhI2l{$OObL@C?wA1C^C4mf3AZN+Pb5Ibw>wBZ5On6OhGW( zvQF+2bQv%Sn@^lwe;IP+&JhK06P6Akc)*!LjRs-XL@kpq1X-aGg!U`mp;-WF zGsa);St2LI^Lvlp&zN$YEEJDuH%t!0&`IC))}9#Zf{N~@WV&c{7Sg|aR+SrTuN;vjK5 zBsR#eu~y-;SU)evI~Lb)NR5&%S-!@k)bnT`QwDCSgn&ftw7JW^dF^j^ER0_%O3~|! zq_}z0dTYcsO+*>K#7ut$A~=6=_KPic(X8b`P(Kf z{;ox``YFR>O;dE*G#7H~ypwze*IU{IFlFUSldL2%vsxRrIB{v4Hx!mcyEZg*QN)=P z>(QX6WS^$(5U?)Y z5f|s2^gq=P`or(zo|KdSoH9xJ#Up7 z^+SU#Z6!*JTUrWvLJ+((mxJvfs9|U58d$b!&Mjn!1U+GN0b>e^1eH6qEdF3!*S@bk zYmCR_SbjV{m#H%32V;59*h=E@HF0y2PddC}tbzYYo?5Lnvo^O;(^lDANJ5!1)8LIj zPTy(MOKmtB3zTmLcGBU^4mcaZkE8Mu3r0k6{sNEv++aVBVVZiv24qA$0ZkEYU* z_$mszD5%T5>DGt+qSMa{yI&bEGN8{Z_-E0i7^ zW5gNS?z}KlfWNP7zqTX`I3ENR`b=&KJ&E+#AJ5f+ID%uT8s=ennJdAr0NSU^+javf=O>ytU-#8S^rrWAQboA;)3kwEb+@<(X zkld1-jqa~eT;>kFe*Np1h@9c#v3_F~lj-;*0Pv1j^n7U=YX#y5Ou^AbSmrCs=CbY! zON2KhNn|UOiuG7xHVb002w;7dDJf|)|5}g*b(Wo8qTa5{I(ODVIczqgi^0L9U@)7! z_?9gM2iwHGL|(ecw}3- zUX$k#AwHr8&x9us4im*RX_QK*9u6u4nYmDE$Z0+q}-yx+^FQB{x}O#$ICcmzjxDEUo(@_yUiKH?4k_ zCXYJ4-0790K;cWyk21HEe=W54nqFgaQOX@3aGfLw_kn?w$YV1VzCeqpSq<(OZL-Vf zT*pqchDlPErP>SJCpL`=?FODuh2qKxZ5dXNGNT}d$1_HR9`i7wbes@#Ab~rkQ2ztg&k?PfX87Pg9JMqbmK9;u;r@y-_(ZTu~SR`GP9No#M4aM4ys z-DdJF0PHm%^S+{}C{BZsh!nQRWZiK$l5wEwgOkS=W{KIvqci1P1W~s*bm{B6{JFT7 zMxfk_JQp2au?H7O9Ks^R8I}0jbm9@V$ezUn}hr zP$fl_Fc(6+4W-lSKsg5&?kio=^xRG*kJzY!aQ#ldCPO>?H;h{K#5Ik2+8`u2c%0Xy ztJz+d&K&u{Iwi#!d$Z}om12DxdorVJyHXH?sI9T-{<37U<;2hxt~?uam(aB7fzmd8 zF?+oU2*3S=WY>AKrHCsvs(ne&So$@w4)>;ZY(sL)M@D1cUDJ}%) z`f-&rZ(`_Lj840o_&9E5_rMLpR}QI(D8P2IE_H-mwG#2`1ApCkl3Y?rL_*4O9$l+V z2%S=3dgXRe^(7!^yNBIs-I!#;+t?8>dq`|)ha{ z5US{WeK0T0<`(0wv+QTYpxhF~gAE%-9WiF$txiW~)Fhg(WWTWlO6f-f%q#>s$|A$b zX-F&P&&3gFb_#ojJ++h;>p%wX>F(+k$2thX>VLa*6@z+hA0=%-(ArT=!GWEhbx!Dt zpNYm;4-0*Wpr$ZR9%@p5R&tlA}>kA z6%JItKXkI6ButW)+(HOTv@(zqZ@y$^Oo`w2P}m2gUOjXNZe&olPhq91^=CFPDWIX+ zA&jGZ{>*kMauLGp4N9up=LC;biP$EbS#LKE!N3Uj zaEGGx=t#2$LF*sIr1bo@b!B{z?8g*Wo{jAacPjzch)1?Mguvb6qIT~sGBdI}*bDxj zQ1Ya0s?C?ujaAS3_r|C|=ri#7itQVzyRzvOuC>+FRZo@s-}A0@d6#bFNTtMUl$tET zOQKYG<>h?Ly_`Eku^^+CLoMw`{7?M)e2Lm>My`2wm8GtG#c9EI(ep0*?wb9KNP{7( zdXH+@9a{X=2y*Tg<_SuRm7aAy$W$Kx8>c{GeKVn4=bMKu?n=PimG|ZNI`aH;&y@Rl zuIL|Ip2nBD3-`?{Hy)euHaxpX4`yRCBs+Sz>;#BAW%69z{&hhO5Ht(n55O_;Cf4%_ zwoHvI&Z97{MJAMMRtea{tv;{CcjI_l$pVIOE7NvH+iZbA1)Ok)%w7F(eo#T7uGyEs z%wvh_in0d4%-v`K3Gka7U13eV1?JFK(XBhlW?!`);G1n_OX&3X3pFcdeZ6-+%?d^+ zl~Jf?1iMcz9=Il)#AY>BgQG*tA86+?sdN8q{Aw#MO}k`k$JlZ*lk-YYwlyi0$e4(ap7vj$o9fAXRu_D+WU79*O@YQ~w*jkBTGv6lY*veW=_<0a!YC z>NjXuRa#$&Ck_^J?-jV7O%W;!x6XEI(p2gcRz~-pQE?vKrLL!*Tj?UBEB3dtZ<m>;pTV`>=ZMEj=mp2mu&RFcmOgGI9i0 zO!-LC$g9`bTEfHB!#b44h#{}FSgM65)Nhf%D!osoz=vukRl-$$`YWrMaIJ*zd&bnz z@c5-EfuQ>Cjf`E$sJ;p4RmVg9OqU1Gw1EyA>8X}6fF14A!jIp1ZFBALFGHWwa&*c3>Bmmg}-VG(`Lx9gzRIA4@J*&+i< z`&7e}Ha+gwy64ZGFWK^a@aDI4c8xL{EFl0hm*6%iwP28I7QQ{8q|x64Q6Lni+3$k5 zlx|q|giOiGp!SE5T$vk@{}{!@C!oRP=j%bJa0?go$!~+IiEu(yt7w$lgGfX(Eh@WM z&*J%msOP*X;knBtx?YUU9j2uG@@W28u&In=Guf9+m@_H8u?l#HxH+O(UNwreNrZkh zTcTVzAkep9oj(&n278OFH4WzGZzG%2qU0=v=SrfaIqHGeS}|gP`L}k38PlXhm0u?! z@SA>Rg*5aa%thrC2R>hSLDJWCQ)Wz<{qY7h3(Eqk4>{GZQL`QrK72q3=9E;k0y?yJ zQ{_c#Oo}#MZ5Wr!l$RL2`6t){?B?dk%trs*)z^ERoqrA;e#RYBJ)DP})@ z34T$ceflBF?hTTHpLH)7j`BaAeUVCrEEfK{`)iQu|PV0FNVSRL=Y|T)$M4~ zRf9$8dm6qLdW|ZMCP9z7>z4?)lV$H_BpH?aK!4#XyWV)=4|;4$${)^eBpO4b=QjND z3%|QEdyDhl;KpF&4+IlX&xeA7#kkRPTNxq*R;M#%UKoAy&8fH7gI9su!C#DxWoLYP z3FGzSw!L|I7rY&&V6o~TxZ8M?$DNT0Y&e^TrC!1EVFxf4?YT=--}e^CN1*;(QowDa zRu2(~<@DH3@(6fw6WM_-fF3Bdqv+x8=5R2AE*zQei)=1>PGK=Lv0ps;@L zR*4|S5jPnS9)2|~70(mbjP*wem~rE2>q(+kg*q5{YboeSlW3kQVb-76RL@!^w-se= zdBG*k9jR_Wcs|^mX}GS~E=mv|t@lq&nvoEut?q9?jLD6GgzQl&_4f5~v22kdhk-sH zxN*#QI^Efab+3R9?Mly%Q5wiy9!lYP_iTEwV-)Ps<-$VyDeYfkIg-aTOX^V7FP(!A zt?}lqJLK@L0Y_F`kIuXG@#L;)#7>3W77!=Tzr)-L{adm)2rtzbqB7+Rg~ypfr{AOPP049Y1w(#*ER$293f6s1k{Ck`!_g7kPfDZiH44^s;E&58`}c# zVuQ(XARH~>=TM!1$+v&SVzR#O_;GZNiOG!|v zf7OX1XQUYr3Gfk^yVSrXbNV_ukzox`?V$2R4OM01oL^)|k_k$1Cti&$BN?nXK0HbV z&=lHyP^BZE3zUvdGFipmgLT$(eA(}mpH$1x>WXL49ljJC0V#z257DBF zKh`>osJa2sKq6>YEI*aYCLRzrg54=FA|2d3RsptN57T_uv9nz>|J>X3TYl5twMgwD5OLv3 zq>Y;=rKFq)*taM?zc|g;+J&gNX*q6vUYe*x+bNn!ITk|J$QK z35+P+iH`4Ktv|TS>PH+gn)VoV_#bCIM~pIBRgiTq;mGrU_NuiHY1<+_uCBrNT@5tiMy8j=0_@+{Q~RI6_HHDm26 z>8a<~opBI^2r+Cy87SX9%2%vo(Y@<6<(exl*<`J3t`Aa?!9kccY+IBOddSkgkboFA zQEAo2^<5BH`|qO$iRPm(CZQ*iBmIBl)Z8SH|smVg&!>++GLzgyvHuSW0p^*a4? z+1{)b*YAe~yiJ9e=EUOU-=)L>` zuwebJMh@GXs|Newz4|fSp1;GO z!C9~T)-=liEY*Hk7CFh3HZO`(?3LTMe{Y^@rNwyj-V%G(SSwD(9r3;zmh8A(eSc&< z;LMyBg@7dFJcV*V)D-&_>8kxa(M)H-FGJ%L_(f2M{d|B851sp( zdkkI-4fNDMF4b*@r5;CpMqFVOi<}K5#%5zg5(}ss%B6p~7sapmGla8B!PnJ%fE{87 zB%iRXbts#H`dOl8#yNl;FXqD?rxuGo%OUq z4TH&BNMFVx;&#m$UAoay-Bj(fvxS-q>x{frQz3{(g@v=XJ_BBzVsT9BcyA*lG-)kshy)w|lPaWmqS=_AM_USIQF(BOLSr7MIVe8770yfpl= zoc`B=C4=eSfSS zU`jYwL)9MKr2*Bba5aCj$bZQlODE>N_oIP;VoAaN8Zd?5y^!FshaSdp$2ygM{FEQ_ ztF1zG96f_R^&s}8piZD*nb$tHfjs*QMSXR&6BW{@Z{aZj>T6R- zQFP2W?M7oHw5@~)S|(kS8G|LpvfQ$4jbv)M5??!B90vk{<807VyTmz^odc8~aq+0h zQ&N`$MvfE@Lee2&K_c?Kvf6s?($||Gk$oa2h4>>fJLcZ0RVP~ak~lJHCDKt?S3k)M z^0NvLm+XN_Jqz(vPDJNyMi-GtPg|NSn?3)-2G^+?tf@A7#VyZuIYp`2)WoHa0VfDy zr=uv)Fazg!pl9Lv8dOw+eu7@sT|w4vhRBx?FGOyYl;(>9wxJ9Kyy41%W{}&r0UaC% z^^&S7YC_yc^|3hPc9Cfy$fg_)*N-@fOtSy;oWvWc`pIUuYD*s{HT+0cGz)_Zl2aHH z^$bT;+MP{IxqN&~TJoCeh~R5Zd|$dzi~!Js$7?9E54)Q47;qcdYj@BeW_S(Zus z00XgCx+*)u$w?>MHG}nPS`lV@#X&L|2(59xk~cQ8r%kK=0R~yg%^-V)K$+LJYoQmb zx?bB>ZWUcQMg)20{O|z11TN<2^INVRq3UMDZyni3 zXeuh<#nErwuLtE}c2OOhZ{r@1%@274#?PNt3P^g%Gk+eB#l+3k_-Ar9k|0HbRJFo& z+mL@CBW1jM_;?knUuDuhhxnp`>PKY5$wCAdhI1^!G6T+H{3|zJkTqJ5m3_L z##t*to$sYO|8c3MTQ0ri>R$PE-0T`X&{7C~^u`~=@B8@oqV)ZUS6b~Z%kb{HC!~rc z&-2D&nXzI+)a=k~7b~69H#>od)!CMk>cZWN5Z8>l@vm2;MU(MYwdhj6`tO6z-a5CI zxgpwCWtq`pR$1;A0gX?UBfN)7!#CHW44_Q&13+HTR6-ow3r6Z{;smyy4BogsvrtVp z#lKaD@|_8=#K5&s$bk=GB){&G%#&S*heE^Cjd2tBiMuEe2Yj|$gEyIf*RgN>sj|C0 z&mzsB0# zu_hWLaPg=+lJ-+0%}Mj5H5U}zE?h7_Yapbm-XY}4LkJyGIiW0#QB@eILLC)d;{)1d z0hrZ}HB%Uh;4ZBbxoIr9a1!~C4z-6+9ie1eR}lC-gvFK6&+|D1U}z@WHfc4m!vvVA zYHLyf+l9$kL4+diIdkFY7Zn*6gizhtvI7>yfQta!Fm?{~uq>~c)TiaUGq$chvsCoc z7?Z11j*rwx1MT{ki9oah9E&;E)UA#_flq7Mx15zje{o5Y1~Dv%v{CnbK_?_r{KPm} zem(ot?sNioisfRq{TWNhZkttE>2{w^2d` zr){3($U5j>M&W9NccZus7BMo;w2g~i-7#UW)wYdM)p59lWiaskIGkpNe;uc2gH*Y|3py$(@t>$m%d5=*MqKjnQx%KL3& z!b4$lHKbcd3KP8dkRNP}?q5;>j#&85-=U7HIk%bVK*aSbJDyu0-T>&G-H6$0A8dw&Gq3{9yXpdR2NgdRqE#O8X3e5t`$0 z)%vwK(4K0W`64xNWvR7Moxlx@@L;rEo-@`*e zQ0V~_D3*dx3pJvu$w~+mQr3Td&@yvlk|Q*4&lo(3*O?J_1u(E5pIQmnaP3kpt;r4@ znp6T_FfP|QCi+b62dj~VM~@c5Oq#$bve2aS3|2p=-4|0v2PS|3UqZdFtgpA)C~!c- zU=B01VI@uUuY`U9zHCeq05f@TqAu`{U)BLT#Ef^Bt@U5q6g5fL&yry<@@xiuGU~CZ zx<8>}QmKKcDiswA&Ya3K1oK|oRb9y8t|VwK%C$p?RbEcmFb8Uh4ltkV!~BX+Bz zh4aoIJbd=7Fcz2))zq0ho%9zi3?+md6s&&Zp+sWtfZ}Ex{Uu*FN=d5v7O;Mn=fw-n zuy7rKMGSW2ZT7yr%wWQ{ZosDM*Q(AMmFZFFAm5U6m4m^mskUl!XCz#OcgrBRFsq!^ zzEpimp{~eEEZAhVxnTxrZ1ZgNl)sIcViG-1c}_h z22;(ei$GT6-J;uXbu;`LAj zP77D9tB$&R#jx6K;DT>5`wotXrV38w`2PC~n=_osF~3utBfQ+&dQ|qHp>1TBb2`oM zJZ)hPoAc}6T+DD+fkR~DsFB8`PAb#-!YOJj0gDaF66k|^gj9ZV1uThQ^a;2gl@!&v zf;!jN=ge}!3-q_WQ-(l4CE2%zrTJz7n$2FhGH-3SI(1wR_4IO#YIPCUi zO@sWgzy8`4>GQQ#iaaz8l5)$aAg%$IE&Wn=;>TV^}W!VXAQJ6Zwn4Ht*XEn zvBnWo9}XJU00e>siB91TX)vy-C?8L%CaF&r5D;Qv&I%c%wqKGn?`(t0EMKKwv z>X??xTO=108C;!xw>%4VN`-iv{`4Ey*^dC?;H(8kG{dd}cGbgX9fpAU+zl4?2=eAs zT}NOl_CsYnKXIb!K3H|+o~tpx;{N(_=~OEwG;r@gKLaG5Za8A0;n{iZyix#e2Ldf9 z5j#&~v05+b=-79}jc|mDe-9i1S_hah&+LX+P*+5=Ae+lDjMw$+R~K*KQc#x?^}#C& z#odh!tw17xQ5p?15Tf~*!x%pLjE~f3qQ9b<-_8cwtzn30k|r<%k01^aqqYlld4&;7 zF7*tK^x9!(Fa*pN%wcB|lthw=rNPeYfe;)KNUwQG=1=WmW)(6ksza zq+v@g*DlnP-g_jh`C%Q5#OzN8Fyzk=$=MQq^TTOu31$uRS~LS`4m@E*GvvUp*pGcW z-dPNYA|VE4V12~V0l4tZK|e8tuL$@bpUqX~Kf|6dg~JzjM~)V?2?koT($;#{+S=1{ zA?Ns3Uq9MMXKH_(9iXoH2|M1>+N@JuFz7tFbKM0(O}Jc4c3ls#Ay410x~ftDb;&vk zCe-f_3EYma&okInY#iN820w8DvZck3a@JqB`Q-}VCWmEJMd%ua4eKG9k#2kZ$X;)V z(T4N~LxQ%G97mM80=AU%-6{Ek<^;fd8g*ZzHf?IBNO>8GR%K)49_b)MqfOOh4N&Ku ziO!OTb7EcTY!K=xZS7(dPN`W^7X+g~z_-s7?LL1Cz;lDn&OZoLfYv|swq3W%hP->M z%biB8Ici*&4xSOs_?-13blscE>HLfCy&htI?sCftC$Xh3BN~|CZCgBdI9ylPEt842n(6 zO8++fj(bhQ2##-HT>dkdla)vWKO2EfY43+9H&oSbE*h0m&etdfLx3|dQQ{~U4vYf; z56D7*QVCtYDG>lQN?e~Snd0G0&wny}@_gL&5Q#TLAVZiX1PFM8rLMHMWGwPq0spx8^MU_f3XiI$pdKC9pX=qH}L%4riM{dhvoES*{Xmz$M;q#$t0) zXPn=~3(-m(eu2(yvw8`#gTf+U+w7ZTD6^sCc~Qj%)I?Y^M!N>Z*dL@Yq?^mrSO%!Q z<}}MjM~}q<5?^3xx5U}Klooa~KDHaC=DML22jFp-UqOP#5Dp=s&8*Fjt};ZO+%sgr zsG2oaR|np_pGj1U(6L_ounJ6_mp}|<6sn|wfHNusHaeRPP`d1Fv<2P4erl`3^wiJ? z7=W82bn^Cvc52qWD@0wP1H;BFj2x+)V*zm-3Ab1T5TZ-m{;A6~*(T@KLuCTuA|QW)LDG)#)j*-arXL{Tk@q?&XnrJ;69c%=t+7m;Qt7 zJ7@Yb82gtP_DdHGD{M}oZ1TD&U^%{2zMGq~4=vKFcB;{X)0bWhMY4%muw6P!ksb~i z$PS&oeh=@i;*^wLm5mrh_Eg2fBWWS21Q8|*3qx#Wq@UH_sBc_Gif)BToz4@$VqiB7 zc3(E?UI5P(Y$^jn^k-=0S53m?Ih#EQ8_p__Xs&gAMEXHZC(;24D_W3+)Zc73lJNXP z(NZ9rV(Zj!LK?t?BEIOzv=$+PNAa*iq<`m<1uL?@9@Y*Y3^OE&_-_)N*yW`^K5@)i zdatE4)3qnF)mhKL(8+8^ziGQcp^b3`tGa7&Rta1wN_XF1KZTP9R3Jc6uU!bn7q$*1 z@{U~wljXbg_C9o=Uyuho0}ccX_f+Ij2H)Kb77^MZI@%x*uz=7Px7cs_3*)!7_g%(+ z+~l9Z&*y!MV;Rq9u~MjBO{B>EI3OyZ{Bg6 zHzlt(75(pPKY&IgNyRjaSq$n;t&h(Go-a^uYL%+RPpqxSVFj8LXlIzbJ9p}*-e@+I z95lEnJD5dA3bPK%-U4V&L@{?`l7fV}E?Iw^=O2@uP=AgYHCu1fdxJ!Kx#B>K{UfY z%4JCV>q9*T;O$(-o@D@(nz5FB`%H`bk;{Vtpj7h39q||j^#mvTHA3#pnI7|+jT0O8 zsR~@l7O+kG3#tTVb*U2PCk2R4EuuhK#Q_Qw?c2CY!L0y``;j#&hJZ9G|bno$7&V>+qQcOL#k{SuDgF>!?OxXqh|{hmK3 z7At`-e@8DMo1_$kz#&&PfNO#jPKY{M71k77Q*i89vl|%5$B)T#vVvXP=iUJITXFSzX6?vGe%vA?NV}P}Cfd?;xYh*6@$bJQoC#feLZI%? z8EKM<0HAkW=;|6|%(RTqthq`g?$9z>^c?=y5u`XagwG8t!2 z);(CE6k!8s)8Q1;G1E`@#Zvd)?skTgG58Z(?;8RLSbq z!Mxw@VoI8FtbwZ5GlV?`8$zRYf9`g+6vz>*c%?FV*|?;@@#J?7Dn?)2Wn`@v*00Zs ze6Bm-v_WWW(cR5rXzszNrU$+GIA;aOZ>qzGlm)F53CFQSj2h#FInJj{jUmD^33cec ze(VEme;*oOpyz{~#@Yc7FzNP04XNkc=pIIDqlT}~yt!;-gLP`9to^BLYnYn8VX5OJ zZ_jYbwPqyKE6edyHI+P2cNjLwwIsgski*pEtM0HDumm7Oa0Stf<7Sml#;Z4T!Wq$w zaPih;6=qAVTlPUl5-NqHvwcbSzE|*1{z7l7-KSlFVek)D!Slu@eeOP_W#$>$X5Jxz z_~#^~p@cr*Y>j!iX2Y?Hx&+;R>^}HjonEefFbf@;Lrd{VWDerWfE+lWsIgN1#K9v; zVGe^~6&kUIRl-6mowQ;b8pQL)BDa(&>@JIGCNHQK^|Sf~COFjp=GhW2WA(+DK095V zP~lkBaJlpI9E5@hsYl4Y`}QphUX>CmtL`id&OKo#<&QnTL&n~rv_Ip2($9nhg8 z7m-iybyEWf95{{*9c!>+d{{lvOXL}-~@CfC1nd1{!;WD6xv&4k0WDmu zx^P;wXn6|2>S`i*7W}Q{|MQe zv36__PSeX0%<(}9-Q97_B}_%^n{s3 zG+>RNVl?+8pDe!V*IuFD>u@wG(BrKoOdTt)1SKeyYT}n8UpIdFyw~juX*Ib2s;p(> zaQBY$ug*u3O&vi2e4kMO_88;*2vRS+N}k^*?YOkP%b1TA02Ln<0ArTt&^dmEr^_>B zJ;#bRFS4>BXARB3IVcFPCT8A98NeYXG6!Bph)S)q5@r?1;Y@j903kIsz_W;Of~`q; z|NapkDl`<8dSt_fJ$1*%E?*uSIp&yiY($QEtZq+QrAC8%kMLcW{I2;9Mho~7kz7Hb z07Blh!95ieiOXZ}t?|g$xUKP`-VN1|!NGvIJaMiUI%{!TTafpfQU$f!EB|^1>_>@$=2m>kSCy$Vf0oOnueJOyTmRZ=W zuUOXK3y#ndP{gN{l{)MePnL zqSO+yupMK%7(t3HH2~EuKYIAEG@E9(dPKRvJa&o$N}3G;Y$-4%GVm=1xX5tzy>=4 zB26ve-U6DksvRrkZz(^I%_~dH~nRvp#Jc&Od%tYjT+l(Bl zTD{mjrsptutf@R=Q&SkTWhXbWyLT#PrY%D{-B#T~{0ve4^y`d19)@{q*iHY#_46mM z^u245f^|GBwwLfjs@G6LnARBzOC5;rEGbP?+E}J?Q;e|{5wGDJ%-`Wn8E;q@bChAF zozm2Pp+JFG8Vr?rhy(u;LnxE|f)j@FGx5Y_=XjAuxS85imERQw9Vhtgis$2p9BQp-vF>t0NmTs7gy@Sytm+XLeB2L zQf07MeX@n06)%K(Hr|Wq4!KhB?%V@O@s%#)t6VCHw-eLcF)fHToL--2qWRMGBSky( z9en2`-R^Knz#FN|5YI6;!kDM%6Sbp30C(?}6qmwX+)w$RPX?)ps#DW_jp~A(hu-~j z(6(+TZlTjG{qdgG9H-4oW3@;l>!G61?GxoNiFq+xWL>;6Ql8GO+L>_XjBYt+^UzDD=LUGBO5o<(KO04sq|CI3Ix5`m;xeE!)UXn z;-)6cW;35r29{*BnnBgkzqPl{D7tR%EwqXgvDzqyz(AnTkN%lHe0chwM}PuL6@NdD z*kwtpZTL{CXL`uvck9+Y_A18qvx>cV#DNQ9BPimh)5*w0QJ$Y`#9^nCKWz)H3az2^ zluw2uVU)F9q;koNLAydkuUE+zHaRXbo@d$Ets~3fk-EjG8cK=v{g;*GJM=(2INWO6 z%JZwT1nyvh1^0}KBEq?&z^rP{h`k5`p4Mb1`}}y_w9h37B4pYrI0R;6EwHxv;lkDt z@SP<||uM1t4lz1eUzYx;9v z_4WYgX*?>O_aH`)t^=W$Qwl9UswF~!$+s-z#y>paF5B2xLoaXZ>Se%Ad(R1w!RhKX zBHNe1lG)x_2Iu0V{XG2RNHpu12*EQl6#YS&VHLa()P7f1wBm%)+rnc)<2hYcdbTUi zF^?-!+xVU#FoyIB&I(P`@!l3h7=hYDTRFY!VB@mnk3Se&$WL>jz`*WDJD_Hh7wcmT z2!YZW-7DQ|RbThX-vA`{6Zv^Jv2h$WBy=0?-zE{q^m@rHqoVU6f5^J#Ha9vTLh#ti z=ppH4kNNfAw8;W?_}w8>4phk(r9AxKuJtx<>{{tGyJpXt+*fa^#G!@|;wW(J0CG4K zMP4f!uvzwE02%H=- zS`UQx^)CO&s-ZpY0175un-a;8+cuZbHux$jw{!Ex-+k8qvvLc58V8C$|L!o-qDe2n zQ$0P#q*s72FU0u$=+PVrJs}{MLo*??ni>GWJ9zZycSf`(kL2!z5eB@)81zo-^VjN~ z6j!@e?7-=L|ATeu-4v;w&i8*fe@5%iRRP5lz954K27|I6|3n)&6Ea!xOE@7Dd(iM` z?G-oi-2<`Co6~9OdflRVVufG) z*;i#f!0k^B*aCShx46=2eKP$(6w_l%&nf)fNc^oHm|3KR-jQJX+=(oM`MDAiru+w{ zkABHSlt1yt71Eb+>6Q49d?P9#JD_p)U3qr@4_cbSgMOKj2S=e7VCr{xXZsCHr zMxQ*X9gB}=OgZEBm50>oz)WG>mFCXIu5!}MD-uUaaxSfp1j)Vg&V=aSI=YeZEJ;Y{ z43M*&cyJ6J zZexI0ofLIsf>jCkiH)cXs5)nf*Moq@^eP_?IbadMlnqN8kN&y<29dcX$U$*@n`x!= z75YM1WfSny($>}0ev;Zf0G?<&iBsI&VCCsf4S7@nWo$ZI#{Aqo)c|fLh{b!EAqba; zewrU#!2*QW(MbK9%dePq4zQ7?RGC(O<1bS}KmV}Yoy8JI1On(8G}SN~y^258j61&O zA2;4}JWn)BAqH^}bVr*))=?Au7wzBLT0nULO1%1X+qS$8HMh1PL?0jLKCtd0_uDN( z#dbsgZdsY7+}@*)b>%nvH)ni7ohROr(8bL4&;WEz9aY+ZovBe~-NJ*Wd{HDX$BX4j zKsI?-=WUl?Fk65WC57=~v4M`3l?(tYz(dJ-Re+5E3*}&A>mwtfh9(Y$9oQkK1ywN) z)OO|tfW;ILI(?EhI$>hsFYmgsuif-Kvuh!RmK-FPg(`E!jSkDf&!7_!>ZI1}WyUTYv%e&)>@=hVkpO@BLl zVrp2UP`o*->i|-=WXzZ@3Z;3rTX8MjmMUw=I{@V{h_`y}+7TXVp8fw0OA~Gb?9RWb z`|t-g){1xJ%GK?bsngwEM~=T-xa9~h>8yN>lT zOu2_Xs0xl`-jeYjNA9Kv=^rI1_G{92I3?ekgSZ`LH^Y7@Az;9*S1HVwLZxtHcgbAJ zFoEXu(rM7e2~v{X`zKn7^T3Q$<-w^DWkB~zN#Rmb=EChfwj_n5oU^jBR&Ez+P9=I0 zM_5WZ0EjBQ2X$2FJdmmT%U@YvKAc{K-l0=mx^MXY!{H63mI~Dj8h;s&8BA7}@T<*J zeR(xJ9(qvseFP+tK;rME(mm{$Xk$d%;NTbk5RVq)yp4-!Y7)!uNu^afU>_F}V5nHcffbvMtL+ZA`}Fsi&+?2gea5l;-U0Xj|yq) zu>@>jKENu{1y!|aV3g+rFYfi@4KFwETy(u2$9JF%g>Y56h@k)gIn^hH`wFtPi7SoD zP0L~YB}9sTq1i6Ia7>L?V9>ru*ICD2f0?qYnN~n`mj_a){)fmDZz;)WJL~_AW^ER} zk*Cl4QOwE|*s}=&a(AgPbj)JnO(hmn!1P6tZ8BkxjRT+i^KOmJZ4QLEk$n2wZ>3Q} zb~HesOhqNmv1&svr+O`RjNG{laouee!_=LENU2vUFj`vR8O8urYg25s7Hg--DT`_v z`J(TtOAc5U?v{$}Mn!wT#GJs9bf+7z=%_oo!SG5nAsVCYdPx!B75$!}ZJ}R^sY0D3 z7hr?en?r&5TsJebj3MFt3V~O{K;- zny7W6vDW33ry{661-tNmveA&3dZAIk7Mv^fAh0$S*pF#Bd9no~gGcBM8hlF){3~pq z!6y_hNkolZtPi;;Cg68$D{wbsdmR+Yr_Jvy*GkB`-F zZ+VyR&58M-l+!|$GcnF0eo=IZlw(gjfM+1`t|a`e{VG+#I|t~d`c71JsBDGxNk3B_ z>A*AYlPKSPH61GfX4A4;Pl}=owMkrEG8+JHF*@j ze~s6@m5r+c;UrNQ5g#6ftQ8arqrLF5cw}Sl-B_V#bic5=K2~L~QHN45(``z2>&yAy zy2U!BbEHQ?WBB@9uPT!oFG@BgCq>pXv^3+(1IJ9*b|jlHV(W|wvQN%&1hQ!^qCb;f zJmmrEYztFni~T!8nui;nMYw5#St9vJVCH}v9`NgfB?r1m?Y*e(jbP0@4-q{Q z7H@2g9SkhuwI{IA%~B?#z`x5oIh?gOpt>Nw(WfU@1fhgn`@flXL0MMSUZOaxOL}gB znXYuoP4grpDUQVn+rCS zDurEL+S3vu*m(-hQfZ!dSWbj=_ZII~Af)%F-#c|3lyVMsETNZex%iWCO#mSh1jv~g zwm|5X0|=H-&tCC$7LbaBP=pl)$bC8IFE9xWEbBO2%y60iY zr1)MV=A=)3_0McUcrc>4qLE9DxxY1~jre7?I$&WirwQ9Mk8G=9eb{6r4cAQsVA_$1 z!rf5T@l$dGCzyf!)J`aCcLG`Z*5K~qZedA;v6#xNix#Os$j#OBLGz0oK|q$S)Hxzu z$Kh6MkECnaznHlN5^H2_W#m#R^@LMeAZ*n~94@dEE*$pDt2QC;xc21K%`&QU_kpz2 zd9q+I*Q2tfbpZD%m#u!BU0H8$)0Joa7?drok!t4^syuyQLr?v^dZ1wf;H7!BC9hO@ z@s25M*Jze4`;hmLAaVZDz1ZH1dyIWzdmn8Y!;1nX!1HZg5r6C+`#x9ivvvRLU<<026y&9+xc;ut_bQGXzn4q=ax(uPQb_p7pv6dd(94;u zOHzGFf^l!zU15pTQK4(cLmRW$5s+Zh@j&a~%HSV91g|Ur5OV5(ep)q`BSfx*{VKp?%^Y|6EY0q*ooBd{ zS{b5jqMf}g(3Fz<#?iCXgQw0ao=uk@>nuJ8T~#0?`X$KduPz3F4r1!5B)4F&rG${y z*3FM}&;XH(joVnG-Z+mfQ$VzgzEdRF;3Hu%_e?f1)FVlYp&4!+A{ z!mm(s0)N{IlOs_=_=t^wXvZR{sHh*8kJmT`8uH)ktpev#6* zdwi=3Sut?JLT38lC7)IG*-YrheIO?|nu>p|GQ4A`|Kf90olAe}bb8wXJpf^y21{vv z*$Mg0oLzd$$S!wU{Xk5HXx!+qu*ffUQ~R*iLMg5|+%QIZ|8^&cjApoXVfLG)_fL+0 z+?}`Drz2x|+aH@QrxNyKy0l0_p!3hMG14ZpiLnMhU6G&1K`K%O`~-~>xB`f+hd7Wb zkSvQjH1j4RPU(Ds`vvFZkp6F&5DwdJ7G#HnI%lZ3ULq6D5=&sZKD#N1U{^wI2iS%| zDoU-|*g^fWqapA5Di^kevjoTVn1&9tAX1dq^I^?uIC7)`L`F9$unr!fXaZs#?EG+e zd_C-pMs;t1a=y;@sv0y{=Fg^Ils?-($t#w`qZX^!zW~n{w9aCo6u_=~uvYtm6h=jyeL{bGzj%#-(42pe%uQ@%^}1-=fl&NtpQFLclm zj=-^l4mgA}5oU!wBZ#B%jg({K7}^mC0ga5z%qui%7E7fwV_?T*4;2fc)+jF6hzU~= zr5GFy^wMGy=H3l2MTl7IX0c&vwMwm=$z&YaU@8|dRn45yuz)NJ3G(Ye0Adk!EZr^M z<#4=7%tZ=7cFK?z*A&-ZqIoA{hA_jJnVl6lp~A+UY5-M0s=w9MT@Q#umc*etJ8Pkg z&O-s3!*?I3f2VZI;X?u%|AhN+4sDdtc}QU4^v)sFFVp7_6VM#%ees=g$~*>&;Vh`e zq+br}AW}$j5J^ngf0)996a4-#!?}nQlOFwwIZXk(UtW*tqNw*dD+aM^M3Jg;wbCpv zRWafU6nF%FgdYOR%qw@Td3bj^h%2Q_V&MLw;{TWa|3NKSv6T3?wouPbY|va>{hHy9;{2M(qT!i7^qLa zv?x-Td~7U13v6V|^62Ep(>Y7{>N?}n6>A|St_Jp;cS~xi1wU=FS3j-Jjvu?SkI045 zZov?+WedY4UbH9x6>^w?$YtzQZO6#ginJLrQ*Wmk`^o7Q6<;MM52SLZY=$rq;}HRi z)dd~WH?MuotJa*~RJ7f5joqh{6lQbXLLA`@d)K5RAn&g0@0vF-L~$(`L&1EQS+bpd zu(zIRlFx_M-rw0JvPfa`FwlZ^b;%e%sNkTT$}h@>3pPfm67UdDX|>H|os@t9mKl}wKLJm=XOnR$5aR?>QKAHJE%SY=Hn}zstY~;1Bk2Y z+td8AnkHyUJ1QW(RR6(T{_X0H^M+6Egv@-qef!%?Bxsw=Z;^1%g}-6%%*Reu%j5oV zxaN!I{^cFsJ{->LxKYf8-D{HZC&A8mK1tJrgQ-=wP9W@-Dcu=imRt03z3UNmm+}Mf zwOZJ>Q_TTekroaIitWRUEiCjbNN`;UjwdMtE(1=t2z;B34+q8JplHP(?ab7uasW^j zyQs=*$fm2ed*!KIZNLP3lQW($67fU2!-9)?*YoAEzZPG1)nd~)ro1Z$+&coXO=fB8 z&(ZKReO6nVwPQ4F3)9~8=VkqI4CIxMzA=r41zCEri}JrDwo5f{Uzk1R#8_?hnm6YZ zU-vF@5j%AqDJtLe;qg;|gVWTLxQiLnms9rbIkQ9iX8EyOg+5c~r~WPLwOM!OiED2g zaBuV-HaklV>wZManshe{Qk{=>I(F>TIu^{IQnv1=dn_5E?}OA1Ht%YBaf1x%?9Ha@ zdH`}-A{09tWF$tJhDGap73{x$>a3UCu8w}nl|XsMulSuf6B7C5JfmZ!@`S<~1sa?H%K}0{HlZ>xw!^g`iN>T7!HU zTy++2NPL$AGBlBqwj^$STJMmxd`h z@4P=Z<~=DmY}^#gWPZ6MX|t8hLhQ|8TyT;LvIz)-Kmzp6e~Pb))k5Js&P+bM1h|89 zIvULY20iX6k_gZBb9{)Eo1Es)&&vp$Nyc(i6{rtbTtcUQPrwtl%fYdH`j~`3!h4Q1 zTp*E}RJtBH_%xxbKfnNOwu86jI30}9c-rflO&ZNOEl9nC8G|43m3V$OJy|ZX$$3oT zrOeGP5_-UL{Es*(DKm0KcPR20J=-ctSSZ@bW5wSmqR)*jeKU0FoUVgx)Vn`hv>Qao zJ?o{nfm9)IBJ5nOgUn)EmW$4W-$H}8lNxnMYS>)BWwm*f9FFUVy$>Q~vt8gn%BIHyPN>vmU z+ZLK~M=Y_o?j_`u?+g(`H4VcRRRnZ$P=U;yXI0DkQbv1^H+P-`4;$D)0;nzqm2Rq} zR^@Xfxm*=ch1&ogQe!FpBfX$@HyB9t0Nhuf7SKg-&K#7>YXxa+_8Ss*QsL5+xPC1Z zb%fZ5H|pAXM+)-I*^&-6+ftA(7nQau#pyBO&@-y-eX&fl%b;Jm2K>TJ-LB22tu8@du1Zk!&G z&VZ(frLQesp(pK@_6;1`ymPpd8>vv+28 zo0xL!`s+5hic>UNOx?7#lV-RgwA5#@*@fF6lEPM2Xr{3 zQkPT|sRF+~ghot&GV#&0ftFgUsF%(8{eaQR_rL`O4sc-*AB{N-tAI@@2OaVG%9%Fl zC^3``-8KUJwMC=uIOw)DZ9(sPQlC^k+wBQV=k7#S~B?X&0#Z6K4Ch zChznsU}EMA`q?~j@*XA^1))_ zKV!ecyv?9F@sq z`nnTFg@LID_3q!-8${y=2{}ECiE|H zaGdbVl}wq&%g35Lk-49mFwJ=a>oxp=C%gg>(#vz?oUxj|^76j5S(dw??vs4;A8ikfE@xJQTEfU?oA3i8`NJaeVK z4jg}b^pG9q#z>(Muv?e(CO>a|$BzDfCxSvjcsTt4Alcx`RF9ltjw)Gha7Cj{^y=1* zxs+74JrxVzNo%X6r&uK*SU2*+C_O9 zR;O-;*UFYhYjN5UaVhDkxowZP+HD=NvP_~G<};2MZ8I9Bzj-K2VmCAT~x za$tk-nibW``dS$1%v169G{6=fk2w5vtgbO!KWD2EXi2gqK!=Zt56%cbH)VbI4Pp9X zM))47HJxtph^sK+Lhziu!FqWN%DG{_WD}BGL4PEvAHj3NbBPf+b)}=Utlk zp+d8el^A-kJs|_N!KUJrgToW2x{Z&q%g-qt8|U!tYi+|y0;9gy*rRXE8prKZl^Q=Hrkn(TM@Ept0Q`goR zFWZ}!%~%31Y~HW8$ae^;>*|84nV7t{fM{5}0gLEh}2i$eHXdNMy6k5pR&XZjGBK#`N=KimPL# zA=e0VD~k!#+rT~tYl>knFz99yeVd@ zl&4-;(k@iUOy36O7Ro!44bKCoC>d%lC>=Iht{E_QNf59eoUaIQzjGmhWNNR(;1=949N;w-!IbV8t7a zTB0%Z(Tu6a`U)c}as)rSE=(zFd^2{L+V)EtLBJOkVWl^?CCb`|ZqxGP*M>5zS$z}{ zLNoM7Hu>L>hUgE1&YK)8!Zdf|g?dc1B&6}sO#p%GwEd7f@xBfH7v@%NV)P&>uBUOH z?)M8{jdkUR!E_>YI=M7B64Ia7owfD*VOr;Kj?PAnK)~H;jt@_PAKDdD6aye6xRd;_ zzyIMsu}s!mucAW+k*i2^eqiokgpqiDBUPw#^KtQJiNgRvOH8NzpC4z!kY=z{&v@jM zX1a-_A=UbKK5%_UGMc4S05!f2NU*?9w~Qm;D#SkGmt|F-xyBa<$R2Np&#s{SS?O!G zA`f8>&YJjwCkr;mnf*TN+t>+ki(To6|6{H@_gSO^J%S089v`_4aYMBs;AM)VA;o~v zv0&y?mX}_7-W^gA+N;%fNe5(j;Mc?Rmk3W#F86vpNfao&NYY#trM zaMne8@B`617aw|sYhAdg1Q%E*s^W^M-1v zVPw>B^hAS*rXcZ0(?K9IrtljUJote&`c;Nbkvm<;Yk+Y=2-LMEWeh&O%L>sM71>Y6 zttc@z`AcFzz}kk^ti>ZvNQPYi`Fq&Qb_|V647Lt1zg^}X5?0a#;0U#Asq~xNQy>S$ z#Z4t4g=M$R$p)klZaAj>CG33wIg7z|IWn)Rn(U8*(eM)UB>8q$V#jywoBP5g?d3d{ScFB}N)1xvk}RbiJ%OZMldmSIbMy5q z#ryc0=Y~WMoK+A%?AShOhfdm=d^@mJ+l9aRZhU_{`ZWg^tv0#XH_<5~-89QL_H4G` zP#TS1xg35X{8pMT8y9Is<04Mp@QqI04( zB<)Sw{dW^SdTdtJI4%Q+3A7vGR2xe2m~IDrPsx|X44QaFc1pG!L1R#t!$iL%<`wg^ zPFFgOCN{=9nG+4~EdxoBnN!~n?Bf1FaqRwY1_nl`E4x=2{J>l1bs*!^CR3L!u<)$; z&JENbtd>U9$010oIxK#o0;`({*s=#A<^^I`zNP0W>{R^9l}q6lnF&s1^4fq^6Xehx z81fOHHASplI*zyx8@Qpo*BmAlO$>UV5k4irxGJvG4;=Y!kzm}XhUH^7VIf>VZWYu0 zA+64UY+ibOC1W7$CRn~nNbljivWz|$Ky`=(3Sq&}CKJ?|bC--aX&KO|TQlD)t z3?##r&Ntlmb8@#z*$|AUv|sPuY}8?V(zwIuuyK3$^=RMqwnA>TiUe=AY7bB+Vm@xE zwtEt^r&hrNG@|>wW4H6mMHlz^E4auwr}x_-KA-;2o0qrn1lnkkp-7g)*3T=1`{tb~ zNlpJIsLEN2Na$9UyC-N@_dl)nV6iV~v+aluTkd|M-%n(l4n8%yZ}`%G`=3eI^!L@+ z47Avq?Ig9oXLlN&g@5Wt5}E$Wr=>7&rqEvWxW4T175$+fIYmDb^+o9Z9pIm3hNM3j zT}9u7oDWJ5?`OYGuAwjL_*>pFUgq=OQrlHR7bi7l$d(xV1p}PnL)Ic&{1`BeW=ZfI zFLzOF{h)qsqO%yE8+*#vWL&=DjuX=jlS8DVq?H(IIPK(Z>f9OjtSQok=K7!ZmVi%2 za;HagSArvEUfRjlG5)mOmlhZUVRM_#HlVf?A)fkR8TI?=c4W>y2#tbPf{BYey zcT`zS&0eU|NeVXGM{?|4ebB#ZzWqs7&S0>EX}0^Nbz~Nivx4k7lFFZgR}L)j1)ZZ( z{!^-|mAd~dc%)|m1@L;b6_#ih1~LML+Y{MiKc#Y1GNnw4w~!??#SZksyOE!t6?YX) z>$v(sip=~R;3EUlEcJED7mR;;b1Lw^;{2A(ZtAk6Kp#+wL5{}&_=^i z-o=D`1Y*(3+G=n&u=jS%hV8PC6!_Wkj{(~@i&0zmIkQa$_w_WyOd$~eH+6z?rt|K& zn>08%D)MmJYpi2oL`5R^l|`w}+Vn@)&=Mm<*g{nR$c$~L|LbgZdT$Nu-5*W3kQrnDB`9h2pL+&494fc;^IHzAjQmL zJ@YSCtZnjsT{270&P*S%@q|GWJW@R3TLzDxUqiBw?w{B1Jj8mCiHG0xKrC_n2JU;# z^u4YsBqIc|j*RD*-!BF5n`Y&1#5k&8}3C6+>b`+&X%x)1E60x#Ez?U%AsJq7tT~-i=a8HXes6C zaS$eL^A58B$YrwX$`=Xe`nYR03T-@}x+KvMokVl0Uv*Qz2yq4$@6;8J(u<&)=z>=1 zexwAsh}~vtNi&({_pvd>u6_mwx<)r8!{J+rV-Ltt$pMn@Bwu2WF67FLhZT>U44_fI z?#cOEj}-{_yN|u`Zs_-J0D(lykEy^J|1D}qNN?HjN;d!BLw)}?cx{LNb4ki`!!C_o z50A@{cMr8DchOXQba2)`m2raXin+UTvFK6t`%rmD*w(e5i$-!lZ;i zqLg!`%S=I0ec@Sz^C?b3rq4QN4By%|=}XwbGFZx}o#hiXT&HMuWLKTsdo8LYT0cuwIOM;oJzql}fr$mj2{ z0U-n41c&IT^24Nf9HzDEz_Yjjx2a4%aIJIYEfRNV$TgH2-KSIsZ?}*-aBT(*Gz*Cp zBpQZSs#Fx{ksbou+;vcPKZ}k(S2l!JUDbJs{0{~Ip`*@G!D-0so#t*J zmVEK_oC}X8(4nk$*3L?#pHvT*6wOU|()wb8fmv7`~*Y-E6euc)BBf9eDU9u#;HCI>u$D}M9%2+E}wlOmyde9`{1fgsZsI0p8YEl^JzI& zwL}%(Wzn`d%c!g_lBImRWYCp0u;g-7Ntp)oFSoRfF6yd@5}BR#rg_tM2+9a6{~vmP zpeEv{Ai%uN-kyB>^l%x8x$(nvHG5)8p+z6dWelDd)uZJJTOzEOR69Z|}A%ML3GBYRf| zw$A&}^Egh8m}2v-d|E(wT>w#Fra;D`B1jBMUm+|}mwW4dRBXQ5#14~CokF>NUZPM^ zsj-B>0|()7YPaKXOdGdAVB2PHg{^b|VS5d!(amk5d>1r^AYU$0YO#*FaZ587vF#LF zCGSe2%$O4WGXXYyRjm(YH4H_Kk4TJfPcvuO;XN-)ty?HYVi?fKfe__-Ey4OT!h`AI ztT$OU0^Y?V4c$A3EFzZ7`{GUIQ?lW0_kH#s9$BX|G^Dfcz;(-Q-tf9={M4hyJnShh zf3jl92MoGo#`SNo=FHucoH z|1jGtriMD9M_;`N!I*WJO^MSgFYJg64z3Gno68<;;is4vFS)5_j!I~kXGVGtHT{-| z<)+to0k1MJzVb^(G`}0jw;ZUje%hmsYN=AqYkhG9jUXL2Ruoy~DHPo%NG(>3C0;wc zn7m&FLB4jTw4AOGcsL|a<%GxEVIau9VKG^;Mn(BK&aayPHs?}^%CVnSl-;O55(`Zj zL$lv0$#C~t{c*?qy`_7R{lXz;++bW%rXuOS@%nZ1#+(&}oy>fO8Rzt1ffhhcJQx0> zj0_fi{^=7TE7T<+7CrK|WJD4pqlwue&fmIha;|ZiuM9&EBxMH=f8&7Q4T`rcyfE7( z`1o3Z$!*qo50xaBk=`1v6W}&fhLIwp$c)az&ZdFvsiK_ul;iS^U}V&VK_x|n5i>ml zj<0hzdCt4GJ5aQob8-ssd2wmcA{cA(34(HZnM6mY0wA7iygXj@!=b+Z$sFL4%(NQI z*^QEyTK{FyrwyiRE_y*hR2&OTGGUEHED(5IXi@1p+l?$n}pWwL%9lHZ$J zhQf=dA*6de>NR~}!@8^+1p0I)^yTdDCc@n-{TF@^>LKm-uJ%X0oZ*N|XM6N=b2MJA zfwDXwSN`EeF}0D2MR~t&ylp}WmRa`~o8s~&Bh)8O&0bUN&is0_$I*Ng{)wQ%W9z!= zk0gSl!~`ly!_S^Idno~g^y=sU?M1bmbl{XvNo8aI{MX%a{(I8=9s15Y=G6Js1A@<9 z8v~Tg&Ra;qtvwbM zZ5#OM60A>Q$6K|hr8H#nReX2l9lMxhJYhXJC#YOzQ!7eeV zppvJ@V{2O1)s7tSjBoI+jr}x}_XfwA%UGlSjjRJLv73TwaUbBzq&u=XLTNlzSsVN* z%F!af&fw;e|TDFK$fW?T|QX!_!Rm4lGXYh_qb|r_%GRf6-%fh_`m6FGQH4j z>Ue`AR1weANTr3OxENAlY;4!_Sj57FZ_mp);l zpps|WXNOJZaSN<}0G5=pChw(ogw7QQn4fPB#@|oRVqp@e7M?h-(6L-(`x3FPpdcR$ zn^b_!F|O>{^1ouwngO>}X;E7mf;>wF$YoE*M;3*bH9E=~1X00IL?C zO6(SiG`_LmgBxC4zD=GE2x+QqnwA8vOkXy>eC4v-IAk|vK0wT7&FjUOAqVd!&-;s6 zOk^y8l18@&EAZ*NDN9y(J(((4*-K*CRrH=?%Yu>A(A+Y0x9idyysK>SvLiV@6W^G* z)Pzd`s#h@0yVtSlXCVHF%umyBom=cGeXH9bEsCX`kb6!_`mZW?)`vXlIm4&qv*kmO^%gMJBiuYO);M7z6)yQ zcaneX3?)GU%tAE#@!u(slSqh8*~cDNetW@XvvzSc=2i z)p@&ugNxob>CSrL4re2r{(71cj&=Eb+-3>YWv{%{Iq)j9`(mcaa%Xz%Q-j-0I%Dw- z$T-2%>(ElT;lp~g^RNYFMZ^?s*0ePI$I$O8bajSwkjG(;0i5Fwtdt3(QnSw&qK zl`C5D{h!&-+L#a+%!LPhpXIVos%&q=y%u|zkz~q75QtPo@;qc`HJI=6ZDrI7R%umT z05|Zk)AB5&N|i3s68ytj^9j2sWhH23D^!$LHC0Lpb&XkWt3|=-sSLI36LiT!er7mW zpZp^UkN6zCx*$mMfti_G_LIR5*<~ET%(&6o&4b!|G`rHcBwZ{2nPV*>(6R#x=bz7!Tu{~cpf9B^RfxiF)=CcYN< zbx$+EvlS&@)5O}y8l9Xmfi1;$&BHb(Z0y+yJ10}EsKvTnc}S1bP925VlT`! zt%%rR!xnK-Z{o@hc~hKqb2Sg$6(MQLx6zsDv6ma_qr$SFzVf-!rv0ld%}y5ghnD`tumGy5xr5i504`9d*s?$C|EqA8#8CNI@?y@v8pc z)mK#GDGU{Yv}eqVt5!{m-*%U z_AR&Z2kce$O?Th&D|)&|Cw;tCC-yc}U+kw@pC|5WSQnP9#>fqK!w&0dA33V02SUdz z9VHe=aY<>~!jH)Z*DYnuVuH$j!s+p$O3c<;O#3-GtCTDj-dMbviOlSf29<4mthsTcud|~yy|dS0Jqscgi8sfqm?O0Ro}%B@alT_xxH7}QKT7~kRODAgnK#1R z`MN#ZFR_1hYc$9ZJ0(1@EQ&bM`a2?tGC zFY?`P)V^IA@&1yHq}|c+a`}w3f=ET9d%?#E$9ETim&@v1KA08rKjZXa&ALFh)IiAp zLUXOZ8Wom+Rj6vd6xe~xDD+gS&>|+Q2+t9K|JW|Z~<%Eo^ z9V2J$e3ysK{W-Q0|DmnDo!_!A3~&USa367cx>r#6P!HphKk8oArCK`a-OvxjzrFK$8PexMzP`?zxwaU@6wEY-*`QJ4OOG3|3+V$6CdV&U|s-U0)v1? zm7tdB*CI>?n)G!tZWH{{>RJzPDi6F)z|)#&22mlr>LJwK2 zKQP$tF^!7Hovj75LHFV0>e7s7s|e0cQ7(;=VY6NX5qjvvR%Qsy;5d1l5&%b;z-siR zF7wZxxkfcwuw%o6YF?w`wW1K&2r~eKfkhpQ&!}tHG&%2Nz-3Y%6;sEMx;EUd(5qa+ zi$Y@^V1AaO)uYO1&i4*0KTWrc(?MFmMZAHS*d{i8v zc=6szy8xIP0&7=uGzvPUtc_j_QjyPdpp+u!be%R~g`kh=xSp5P6(Q*?cmX>}L|0fP zU(+=_G~&qfyr3kU5Yv_pw1dehJ69^Jwn`0peDjw2Gb>%6F8}YJVy37z4B*MXMx!Aq zEWM@(2a|@!UhXl(#w7jQ?zaO)k--UWy>1C)QwL9rc?eajJsyHXt{U!2g@RIrZPC$9 zz{YODA}PzLt~J}YnlD&(9r)~AP1@YHyXGUC8#j;!Y(#s=kzXgC8|jP*qZgfcEiVY5 z>OONegQ|mu&tpbMUWeO=?3W;%sibPWbUj5YW^v>_L;Bs=oDO*BnXr_j^6+FnyXFsMO7H!S8q&o50AvXMJTdF0pyMp4n{|Ym= zoUPgP=G9i@0%95lM{U!6^I~&h{l!H5Icw|KXt{=;&mH8h?%!hI*hre!(vB3tySA=e zI+9iSi%-BYF;tw#7w6(bB=`)OB_x4FY>|*=NuyLBSykD&u(Ea{Rr~U3;#v`zFA#{Z z`GL~>^e~bP%DqxVYe*y4Z0i6STR;XcW(Ko#d;Ikia>HW)7D8WfQD`XNuAmo*-@cSW zF$lU~UP(#s0_m6nNYb+b7PzVfy@z`4(FN6_KW~{JAK0){UewiMvaNf;PI+L1`~iNP zM;BBeuuuEW?dsDi6oA1hOUVY;Hr5_wZ@^)HW`L2)$36O}Ni!V4mN2TWJQz@^2md*f zU8*f+hx> zsAV=IkEv464k2x-+ZJ*|WO{MEu%9-SyO?_K8cJLYdE=w+ zTlZ{*2&b!+Uxwd}x%)EQq+HCuFzQB)56J%Lp5z{};sXfcsZlXMw)~~(qrD1eRfu>8 zc+g^vAEpZ~3L8r(0#lGc_I--ZK$0)I0EjHlw{ zS~8SYov<^STU@FvP84tE^oB;~8+pZ)H?#uYBk_)*$=X?)vHRq81Q0Wm_hJVWyQ}mlRs^sjsO-?QuaoH zb#e*EGYk>F>3A_!^LB7UmHz@}R|c8waP^9(N= z8le}S^_%w*F#T0KMvRCST$(LBb+JjppQe}X1I0ZCldv-+eU}o_RpZf_qWGRe1UQUA$x8U z^iQ9j`oyI&G4)(6S>*yV6W?6lHX525M$AE|UlGWdkB+@%=|_&ix(ms-ZmUCi$!0iz z0^*ROKV$x}jvwv z+0X{)amM=xe<3TuW{T%2^D*vCT?!~&<@?t+{8DCQJ1u)k%g%b6mX$#(E%seQ{8w64 zI<^Rm9zj&`wDI+RJ0g=&OUp9f!)ko$^maxpW3>D$PCFn|^iDF4&~NBbfUuntDT8yl zjCQ(bChHwq)>zYHt?qrzZ397jDue$z_}I&YQ40jmC4n&l8pfe74ux0IvGf9dW=^g? zNjGB@FcRn=yY*A;dfh2iv{zpG=Eur7KV}rZ85LLEmX`J`E$flHcll?LaUUSOT=LAc&^>OMc5Co>;d1bK zoESOe_)BYk`r*yiwFAPD)B08hrjaUDWc;XS|E`B$K1*mwJX;eta&YyFI;l+%^Xh{m zaT|uimq`A$9z9>|1)VNt8B%<^>UUuEdvHUIEH}W2ZwXFhMaNt;rQrt_Pb}F1Y8UcvCW1m%5BEZ zpQ#^YAn%+;fX(81a;w9?RD(4Lq1yjQ1LtvCHNVMqy*U&at6&&2mkjbVv>c9^F}b?0 zZ+Lj)#?y9FwKX*>2Zl}e1-n}tH=Z$leXBd8%p6WF{f2-2x^s0D$n7zbEN?r56C|a5 zt!HZg7Afg%Q!3Dfs!;Z}u4}K2C9}ijk^)-Nfh`H~Oo|fAjRVn92)G0+Mq{Qe-4Y62 zP)`&RAog>$3c#HWG`Ve1)%!b35^dfuva}$L%wjt!-=!EZU?tiLAVQSH%Cv#sOl z?cet9^;^Gy?%rM1RDb{uvb#!<5Hgc3|35kHo#s2C6(bfaiw4TgU{uNdkJCTYobyH6K=d)| zKJO~;SvaAukLWX4Utc+;Qc#gWG_kMmFIIni-#XQX^8%tD*C$Y^Iy{ZI#86NYMgg0k z_I^9w3Ti65C%Dtjn$5=ubw>59U%|Hjz4M=GPE#TKCz^HE0Ig;`ypUZSFdD>j@BCQi z!lEFuKFx&Y>{}60<4Vd)Eb+X*@!m+QHzJ{sO|(Loq<@%)m|kc5*;k9%M9Us_Vbflr z>k5AH!Nha!9uLOujf7J#S3nv6m7G?0kXz<;;*uB>gS;BwI7*iwzvo zL7Z$-#YY1x@|`mB{RzJIEGn6h-0oR~Kp=Iv(e>I!q(HQTMgqbdOA}Hh6Jxdd}GzC5LTv%F}YfW$4?Z+_?tV7#1G(SQP?^fRQ=IcaixCG2FF? z;)tLqf=;tmsUz_J=S>JFeN1~*Uu`UwT=5)lRU^j(=C&-LQCp|m{VNhv>cNmPyRkT_o^! zex_JwO|U{av$Krj!g+X?Q1iH?nm2i!zkYZ19_U`&XH8$=r}vdqJ4~AYHNkr8N0SOWK8ojTXWS0M)NJVvZ2#s8XddgZ}WujP7W8m2oDI}hkY7>uK*$$$mG21 zr9o8{0!^`odwZX;TvSXUf5B@{e^Z3TZ=%H17;bXUILJ$In-3{Z4<#R_qVxM_{IUO1 zc%jm?93O~}_7U5qM~7Ndxmo({nR+ftP|ER#EcV9|r(*1H+F|x-c)*Bu#++W0TQf-u zOnY@SOYt&p-hXBEeVr+{_5>@z8q}VDp(#XY8VmLhvw!TC8cG?`Wtn|-3kl7$sX!k6 z3Cc7A_p%s8MlICIDPfe%JC3`KyO2WD>YpF=jORu9O41M(##RyDBI}S(qRdO=E%SKm zS|5kKzj!YBrn|kT=Nj6Z+x@J5ip9VwFY0{A`F`u*U5KLM+blIx z`gJ^ARUXz$`fX4dw}lYnBC?HN!e*pX{D&M~AurH| z1ExW&vq%??^_|WNWTrv>10ZJ|e$4F|?v7i3uzwx|j^o6*@9i1wAg|xOjT1rc33Kfc`6X4qb*W)(Q+sfK zV_Tz;sNJ>jWExbElDBeV66aD2Hb8pG>QO+Mz>$bXyfC-GP{*{>mLv8tKDBIE?2!#P z5=m=si=cys?PDdyB~2CCbw@SkArdT4q?xf4=*dt1|Ky6~!QRQuAA z@dmVoD@N`Iq8nUO`PfwGD^C$b3nzWUGPoWhRzQ(BP8|BqcfSG%qK4JKz%w0;<+P6o z#r~;U`L8@Kn^>qAR*?frZsW6j-jCX!%t3rz@f~f&Khr`RdxBwoSl?fNdkufT8{AH| zW+lA%!sf&|?>C4M;mRQ*Wo=|m~{pSeiUFj#7Tla*&!z-6uS zPsgN%{b{V6Sc%njX~(^)-kxiVep9`@phmMB-&VZ{Ef=cx8Yp**=^w3@X!26^PmkCm zfm?0B6_uc3G>z*Rx_r{%RLj@D zpgQebL)2?d_@cnY8r>M53)5n0r#zbwVJRD8)dwby?_OW8`*^4^cGyo7xPWR$RiJ95 zk?onR@RU~8(m-r7#Vfl!EU`Q>aUc-Ce|66$R*!ep*lWFw1~SEe#}7RX-c{okwgSB$ zSUsYfoV5NZJG&`NdyYw|q~qUi<7Y&3$yr+ZO(yNe*~S+ONy*q1wNN-SGd`EpK>r;u zb1InRjM(6oO*L9&XW#Oa(w->kr5+ZQeN%KDT(ou4u(54Bjm^e5vGv6`VPo5FY@3a3 zHRg%U<^*kWV%?1KKm0HE<*xm_#+dtU@3kh*?m7mQpAIngA~Tnk`i*>9s-A*gHgO4C za@+KBk4cnawVaVqtYlai;O~Xhcw2A@n9#R3FZduYJ-+vrE9Ej_LI=gqf5T=T&}h#N z=NbvI608tctfY#Rx|3(c$deb5Pue4t2lr{k`9-js~Hqdd`? zvT*cEr1PqT@+~A~cQDl$fFdhm;z8w|JwysFU*Hzy6KnE+yC9qQxo?DT?c;3X^$fs) zs#6Eu#+V|%FzPF>AlhFOHW;I#&rQQNp56mjtE+ii7~%)~d@L#`>aN^9g?qk~O%`-H zRlW!-=bBmX6q5uS6u3kW&!d&k592TcRWO+WI79$u64&e1YgV3z4;+%1t=mT&g0sjw zKciigw$t?9_0AJ}vwHiXo{er6p8iSmiKcb`YWCwhZSQ97D5ehzKE{$sdww!+0iV8m z=uy-UBSHaoa*@d7I^{4K&yIg`$uC}Zi-Q>*yO!gfOT+H#m;${+c0=n09jtJ|FGIbz45F1*TRpZ4V{5 z4R9vqO~U~%K2dkHRc;k>v#9bK6+JExtfBL8mZ|!i6>V_(O0a_3W6RHU)i@`myG{i> z(UD^RnCfokd7oGoY6YF^<7W$z%o~0|Cpm8mxL#52c11zB)3I3tzUEw<%^B^jZ)y(N zeHC?6KS;lDr1-;)r|WD}vFaR}OSE+FR5ZR%SF^nJKq}{VgzpakojiNAnXsjgq4Zjj zU6o@en@^m8mlnrF=mHb!0tH*@0!bWaXb^<-4V^7dGU$|(%zsvL7Nbzg<_-XtM8#YL zsiHgH4xP3doea&YXm2u`QPuZcn$Wsg53A^5>GH2v)YbR^OA$0kUW$v_Rp zdd+j>4YaO}Wr#r9LC9ZO8$lt8UzPQ#NjJT-IEdGj&c2M_xh!v5o#F4xJPShGI`yCr zgZ;)+wjAqCR2+>PaSZpaBYKXncyd;7H`}y=mcI!3!CCe%<+`1 zOCe&^V4}bXE01fCo^S*1kBsE;ogXQ?^NeG|DgPr$0efGOarZ!nZv9(11~YNy)3DCf zWW|tIWsXMDem&d~%8e*?$Ih%N=TDU_O^&T6d(!7M#DO*u$?UE14s!jR%kf zJaqRlU`nxu3+>j2)lTW;y}<%@Px%&mbD73@Ic=IF?p3sffBo&v{vJ7a(Ppr=^hCv! zv`Q{){6R&F-9hHW?^R1?WKIr5gp2mQcWS1Ny%5Fq$Z@))aH0D3Dpa_CuIa?vyKuMjjOTC^Ur z*|;7V+if2Y6t?51JcOZ3(n}ar|TEiC2T-Au0*Kk+3V z4M?2%;4LYTt$^fnq2v7d)1dBSt>W3x@9X~^5~pZwrqS)90V>=v+n9Rjkc$A2kr)O# z`0yXvs^Uc7?~0Pv;wa`!CwU(;N8(LpzuR^V4H(sB$Lj5ZI?GIf=9}dNmUrbup=0&S zBigQCCax!>{208iK&__eT&E6AXn+{%R&Uh@*vf{tH~+2N7NoxgB}{YmU92zJPqG%9 zZB*Moue;^~co0AI=|j4W)wFcs!WIW`Yu^*@p>tV#&Y5} z6v{6jHk>uf^U7M~g(H-eN{kJvQLuvYm zD?mp@jV4qh6ZqhDOVJawy|tV=VyD)h6>5r-_9NBSvym+I2kWR6^=1%(Udfg-4d%0X z=7xA)GTRRObf!oc#h3Vwa3XFqmxYfLJb!h;2-nDMcVqIpz`oeGxKMd|Zzq9cF^7GM za7W4ruIZoGvl)Ixve658n?70TC0-xeNJrlVP4`bkfziqJ9v>@XG`l&l=Cw0A5BlL* zt!|z#`(R1MF@{cB6Wu6-eBMX{I6ABTb8GqfdK*y^!%N=chkHgx-TrSEt>47T^{6X9 zN@tU75&fvsfnk5CeC^J43OyehDP_tIkGTej#wP7YN4Qi_YE%W|3-(9di`*>OU~Cdw^PVM^J# z)JV+-o9jw%JBL@fd?KNY$-}r}6t(Xv()YwBv?6Nr?ef<5{X7RomKq92N^?2l4>i33 zJ8AYcT(m4(v^|#o(p)c0a;n0b)Vj^8?q;l%B>c~4f3b~&PZilGRcMPCs+=CviYB5| zkwlunSwKt(>_7Q{P&-8My57?)p6!avF_MMU=F0a?TmDtiS>%VlgYfJ(Y{yQgnx1Uqr#+t zr=qjSr8z6ZoF~51s%mnJuJ4D}ThpZtH^GDE;S&1ucc!7a?q_GAm!pvFgu&h84MRF( zN+)*r&)NFy*l|Q`Q$3X2fYB1`6xFo7Pt&)K8X-(w~j=1GNh_d%my_S36t3GloknA|VF|*2jG6 z!BKb~*HKWZ)AtonV{pDf{k6vTy&{lp1!T^uXA0l^Y* zwM>iDg_()@*EmSjH=_6l`u+sW<$GL+=E$Nsn5mn=)@U;-rxDr6VeXFTp-eo~gp)c4 zd#a*So*I9)8SVmO8?!zna;CyB$y>{mlS_t{tIjzkp%rhzixdGoX z83&=<2Lq?uocQXM*v&4trRFD$Dc{5jY*dj}1y zxfXD@COAVmNxeeITX{C>G;<&x@_Mt4ywXH_WtUEq=}887mIX`0xXKLuO1oV=Z&M$X zs&Y>sb9s#HT8>CBHyRVn>$4|%uk(}0_)Jv<*h=442Q@Z-lE%;UK2Eg{YXDog-GnIm_bhsTnTT*4D94zn^TEvzBa~4ON9)0PGeYINQ6P-B zQxEBX#o3;nt6g3CQc#E=?4YO{lU08)?4vvztjG^UM{TzRRW%lsE$F+MK>D6rn?1=~ zEa(-{@0vy1(FRbu7vgVJl~pEQJ2PKMP`dLat5@p}3>;5gy5;x12mV-YkgU!lLn4R* zvf2S&|Jj$g5Ee~73bF|QCubEkdz%(vC80H~d z)izq6wq^xgPD-26`G`=l9nm{_^K7V6HBh-;Vg9|0@}u1C%!SwcRehUO5?|!`%Rj8u zif%5bGMH&mfgDIUjo{nTuw`J|$;F-~+Qrpgof+BB?#XLLBbHwyF$Zf=9y9MVg<keo7X3%{6w}iJ>)XWx9lR^dFngSlo^0>>F%oSMk z9iW;%h$=ikIN&v8spbq5Bw$>KyM3yla7eOw1mH9U;9x% z>z8btwH^wac#%x1UAr0?G1CZEW@k zC<~hDv`OxA0T`YU8X>-!Z^8{NZMk~658ysV9(+lDh6fRx9i#h8_x0D_!!&WnrlIvt z^fQ#-o=W2u6Z4bmLcJabJ3gC_ry*@YA=;gPS^Hw_RtCYF3YG(nLf7eRLzk?KK-a9- z!2qgu5qjvu#V}IGMT2!+3{znk^ZuQQgC^z${-RZW_t}Htj|+n-fRZAPY4Ex9!mjn3 z8^BFZ`OS7TM0)x3`z15xP`)pq21Jnh-1=V40>@EUbApZ$N=QH7ylP^6Ur=qS|Qr$mToM>$gWfU?PpJo zZCDx`y*zFW17fV{oXOL^`!|p(z#pD{o871A4eq5>1Ty<%>2S@79I-YWRfXtxH(tP{ zSj6_$z#Eu48O}EygwujVraXiTd@u9t{eUE;X6?`32j7o!qv+_Hts&dUZ!--qjt?gxoqv@;M?7~mp4gMehGE%;U7H| z3Qfg!U8eeNhd!c+LkxgVU(v~G$BlaOF-)63IY>Dg`F(X)2O7*JM%S3emr*GNQcr`Ou&RtOA7zAI!2QlSvh(bsA zze-_cNtP`TD&ge}AOC|JqWJh+m7n(2T#3QQC^eg3(I<&mk1Z3SbhwV2eJiS z1a5mvKLKyZ#Ial#fiCrg^AKcSZbZ90yR;qU2KJ2MAyRHeO^#Ug)^HvA502phyPE;+ z=Z2phA43FCK;I!=I%YLdEmB6PQ}3C`Zcm~4~AuXU0#!cd=mayXK3!&4RCAE`i}DA*0pf00}`3(mjT zOFo)ZtQCh*!}B>xn*6TWs#@|LE|e)TNf`Kon^&k{$M#M%X6)nApqq|zrypDMi7+p? zcnF(VCV3jVMHw48A7G<%BvW->JVYO{7T0~YHI+=w{#MC=ax^smxWN4*C;jGMUIY$X zgJ2Ln{KWTPG2Ct6^OVoyJ7FC~@B^DTa9pvNiO;}{?cqe1(Mys3X2Te*E@F;F(VE!; z5&5}iazhcBHfDJ729QF2z(L{qSsLY5i$OT>eqb!AV8e@9=S@hms^&UU%MJj2>*aAV z-(vPc)FfuFE}+OP8N-<*y(Nr8(u#+U*-e^m$9uV!WvR^5GU8m!ePKt?Da}3ErGe25 z-Ro?h6X8g^*NhCnI)j{^&4J+b4x)YJs$V#A2_Ba!CTvo)C4nunPD|Bd2>9AKEIuWb zzpwvxT(n?!?VAX6>g&TCdRkyD>rcKht2g7{{fC0sc1EDd&IXS`irCedfVLvcZf7Ht z47rfc#{S+kDKtM{Ndo-xHHB$d$}eEa%&3Ag$pd2)`A6W1RuW>Zh8l@h(B+oC?d8h? z`GC+)Hs2l|yZ8Hue%H$t4UT8{SHe5F(TX?`;qz4=c@-2z;5KI)>H?y=E}lGhhWNk3 zqh#&Lor-1GDaVpb1eLcZpr$_u$6=S=?Q$p%UakFVWBC3=qn0K+2`tVZzc9b2qS%@W> zuuM4}7|P{8?y@H#{!H*uSaTx^KjeS4mPp9&x2{GtA%B49%5uIjvY11BSVHV(8ZmG3 zx)SZij`Whgoo{2^-u*M@h?Ua(NucW-q^s@d&3ySI$R<_l{K@{I z=?=)xC>&0d*#WX3C=mappA~F)dK{P&e=@Cl-=~Z{j$_SaKQqk@|&1quk>gHeo%bQ}THuYnNBAgDrH^}mE z|FA=ZWd=L!36?1H%oJpMryr8Sxf+v;SnPBKNc7EYCchShcU`j0=$@XG&et-`I6d+1 z16|jvN70r0S5)AY6^G{( ztpUa(o8;A?R;(rR_8Iyf^j)WMdpGVQKBMN;Rft~FU;*{&P9xPzqS2n6bctA56*aMK z3^`2~$g1Ef1Q<|9v(!sMca5}zU->WGU&~eMZ21vp@?WiQ_)?En7g1;_K`qj1ViefL zNIM|*PmT+YCgX<=hW%0!gG)3!1vib=wIY!#%r&UrLR9-!*3a~N--mFDzd(Hzs?})> zqtulG`JJ(`-u^Zu(8Vf!Q`*RJD3DW(=ti(-?)fq~>(@_ua&+SBSpD^ehQ=zYIOHm~ zr>XnDMS6RHY*G<0wdUotw6dz;j7;Llr-lo~$3hnp0?O!FrcscM89^Zk0=r?j$QTwI z8ZZmrSgry4Gt}5Pxh-ra<}s33uu=Xq+SET>u#8^b{v*R@(0XO{gEF=uAE3i$7>)tn zFHcg4%v4ucp9yzpBw5MhK9ws6kFA zfDthN@4&-wMn!xYE#$sLme2$9Xhu4c6c7-oKC4<`n!r4cV+>^f9{T<+h643J$naE} literal 0 HcmV?d00001 diff --git a/images/app-icon-128px.png b/images/app-icon-128px.png new file mode 100644 index 0000000000000000000000000000000000000000..e017ecd3b2a57b6d0a9890e2d350552b286e4dfe GIT binary patch literal 8916 zcmY*<1yCDp*lnPp1StfH7bj4h;7)OO_aepJtvHkqx8UyXl;ZAEiWm15DNvwjk$-#t znLGCmVRu6I4cSM|bIy4asj4jV3Y`QU1OmO1la*8l&O!fvAuoaBfQab?Z~|M2DT#qV z4e=NcrYOL3N^@CtB@oD$4!AB11iJrs{Q(H%0SAGOOh6!kbP$NpIlEm=2zcS8nSzWY z==tAIepgvC2t;)(Cn=`sy>jAjV{f>W^22LW{mPc6N_Xh9EPoKSQoP6g;LF6p2J5%$e@4GJ8mF9(1ahU^5~&A-Z$8EanX3gzu7xpMkywJt}bJ#Tp zH{z${^0^>S3teKiopt~9mT_UX;v(TEn|6~fO5Em)D?v0O)TyJWY2 zQZdoRA@n5;PLV$dgOI^^l#+L;>K@y=cd^J}gWYA7c{(dJys^~hR>YVCs;L&VxJQ*QC4* z?JHS2X7UioN&e}BI?>4U$wCQ}$~V=*M;xL8*#^Nu-w_VQk(;v%v<3=Mw<yABj`T1K&$z#nUCh+-#D_^GROXP`0(g8SS7(E4Ol)KO1 zm3+lT-9sV_t&m=tCQ%lShu-!gxHoW@>u-J&>=(=BhDEZM11x1Vf&I-~B*ULc#4au%@QwF%KUf z|9$RXKZD%2xAjS^L%w1u zv$C!p%-SGSCVB+EV$%l9sg3>p{eM{qCUB}2jvzABuk)P)Z#p)IvYfixw!2q< zWB%TWW;1hfQM0zT_Wpk89#GfXdi(liXfQ1-dygP|)x6$5hs{pZD#N z0Z$gotySRlLTpM`;^f-^FXZUx=$4htl`~B(E&o-^Cj2Jmth^03usB3gZ7{^o)YH}M zf8TX%dESTEs^P2Ru@5_6 zGTA9)Za;R9-rn9~EY%wQ?FQ<=V{bH(JFUSI$@}qYY5UweDl;=PKvzTKlDlba@aNly z8YC*PaUCxQ56^XUK|w)Jvo15nzaGmRH(5-&ElD%(KR77wZfQAP)zVrRQM~)Qsjez- z%8_wK|i zw{$5q{iT7~Z+AO_qTBW1)}`}$#ja|+s7!vW2DtO}?y_*&W&b zKCSTL{4pl*VxD(lH$3nO|CruW2xwxvOTWhx3~^A^g8r^EANg}y;1gj>LpQr!ZZ)z= z(~9$6AI$zrLXQCGSlL3@aUN4;e6oObH#-0WW44TBtbF3a{U z)yN4hXx^u7KkJ<~MZyNQi-0Qxu2Om((*zA0uJ43)UQ!) zTINb-cW9@`eY~4CWzRB&VlMc0ZKUcvol!xNyNsPUi7;84mP3B#`ms99HY4{oFkhc- zVv9j5eR7waxRtUdC>nRov3+t0!D8hrJ%K%Rcx*T}fsqj|IL0G7^~@6|V3Y)Ch%79m zt&QJXD7VH@`Ku@c%0wgc^rf;mWURQS_vIicyxp$yo8F;LJVdDu=pk36jJ zyJJE^kUu_M=E=CZUB<z3!rr~u zpZIos_1jyB&*uWR=6Dllh_w@3qTMmjXK}G!yo3ZqrYXZ*Z?W?=5iAd{aoHZ8H3fhb zu;Ae2BpfDZu->U8V+figXv&yq27j1G`r|7+0*|SG4F-V>SqY<}q7YbwU?f5| zm}fsn*-I)g<^V*%c%()FZT`?5P7+Hx(b!%?XUQqb5WZk5`RG-YCy7@AuxH&5=8WjSh5Ivz(j66KAVoZenxgN z#|Kv}#iR+P-=4IsecB>N0`n(o9>s=fFgYMb)}4lZn4B4m;gR+2;||mgiRyzxaM3Cm za2o{$NGK>M=tbVS5vwN~F6dN97NTMtWHa*bUdZAV(&OBvKPn@Y;CXhC0XQ|zSM{Sb(D|k#BXaVM+`Vym>Z~!ldK8JNznaz!ZSNqOLA7T3TB6Zq=xyB;5J= z`K_IyXnEsQ3mgd8`Tma$A|(ZY+B4aBssvitFJlxc@F@!KhWG9(L*mZDn1|qCq(4_z z+leydYHPiugjp!k($ZU(cL-wf8tCbIhgX%HJ}bKHLMZ9csi-ch)4h-69F~@na@?h@hinojd%!%UmdWFCFzn_q^c0uIDB_PJ2cR%0 zGaK7(D7HxN@859Gla=tVUzPcClz~hRIDRQw(Td&3HJ+TDq$FVLah0kT!T|0WpiT4| zA_H(ieX2EfWXdS&($Z4r?S2$+sMuP!|C_F^u7iVv-tB=1U{nSVf0D*qj)KGCpt8A& zF%^b?*{Q6ma=ALv+V{i7Xcz{r6|RGp_G5kD8{WF|b-A9@b0$UYSdW{XRfmKGZEP4n z?4@pk=xs*vPlRo0W_+A*tvQ_L`o{DqM|a)ZAg)aqF!?qLb=r+{*+@*HHZZTeS)|8 zAM>29wH3uYX;P$GsA+4L>LSgBAg83Hlvh^EGlrTH0iBU8;_o}s8gu4@l%G#uM;|eF z7zUGLs54J{$IZ=c?dbSbKi9ZUX5y6Kz+K>^o17hEJ2vr+;IPF<6^tMumj3Z5h`^w77Eq4KS4vwTfc_70?M6LfVF7jwAm3MB>cW>7t zU#DkeXf;0-QoqqR@GNR?Ct;qj9sfY2m2+_eyEc_&egz4h*pG_;{h=i3r;lNmFaDQO zr=i)mvnjV!jQWv=Kj~cgwA8rV?rf}rbcJM3rQem{0gwU-7jK}^8yD1XMvRIZ>FPr6 z`ilUh1iDSZr)Ak50!H>ed%STe=%MhtIh8Uncq1<_PYDUZC2eeOF3xZ?uS+TV)=g(= z@s%@cik_Zc)Xt8nw5%-I5@}h*`SgJwk&+f{K^!J-3gn{ZqMTZ3ZW9q=%8!S?oX{bd z&T(VyzD5tp!)*sMUS$#|t@49i82;If4MWK$*5vsV2sJ38*;$ z8?yyG(AU@3z4sDjoB`mJETVq;9r12!GJ~^<+y$XNzqGU)`8Kz=)~MrO5n#T0MZ3QQ zWSfLU+{)^$;Q}id8L9K(Vj?{=b6h`7akasGL{(cm_4Qkg7Ji{F-2c3}#!7i@_N5d^ zNBT_Q#rPnf)rB@Mw(;?CXsq=4jEu0ZzJ5rbiL6<={S`p*fG#etsX-Zl6OnbrDWtKA zLBq5Re$$tvXJ-$lOr*JNCEpY@HNDo*(D?1!l^I7HMoENOSXYM)NIiOH=D}|NzxA!H z5H&nb^x$8a(#ls69$!HXHL|B9(vV=~vWf2u4WsL3zn%x*=Fc6%IXFV1(_SKK^eS;^ zIIoiPgg_AkNIjeJr>AoXFf{2R7bS-nN$P{c6Df0z*V$j?xp;Yt>grT9*r>ol)8^LJ z5I=z%V5Va^I5-fIkxdC;j9THO8={M*;$(}!Fxz6$lwxw_thybXoFdj8W#B}TUS7QY z1#qHIa)L(c@@iUI;rE}Uq2kW_cAWTKHEsG7je|d@s+Rtu+Ym;B%s2= z$E*i;cBsE*^S|(XvBERr!WZ}?^yBBxZD+o3Gc!n6DNGmiBFrw}cOKU?ux4p}5`yC49%;azUzr z@O86>eBkzhG4ii*4iDv4u4zL|iJDtl3IV2)C<_MoXZX^wRLew?&WltFKooylT8b!= ziSOTc?b~-9iqSmh63HW^@ShJ&eydVgQGo``8aNT=zp1;oS4{U+RiUom27h(d%}41$ zM@p$|-(Wb?^)tq(Dk~M3g@vWOyj+xvL`p@)el=}Om0AuLK#OmSi|BE?Z~=izL)0&N zK!DR&jrwa2ZJ>0EPqKV5Lqk&kXj$IVAzuJsPz0M2c?*#CrS9~Pw(+>K86ZA&` zG-mWXqU7A*tEmvwd1B|}ggSjmL`>Y*+Z(hPnT!n7_H?dry}kpWz4`p_xe8|vN~M2u zV7>raBX`3X03l#h0@Hgp$7>@pJmXxbTAPV4ZeVSVbR+Ot_~9^51kh{o*Vmr^ih3Dp z-Ll=L*J->oM!9!uZPLHO=JZ!UKw!(658?2h9#6f+zd|GlRsbMyY%J4i_soo%#h7l@ zPMVzQ8~`(^0CQZx0gR+M=!;}aBB6FY+M462Nvq5Z*9RH0g>x+zp z^G^xcpJQq#S#9YAbCjE#o9S1(|G^;XW2QsiSQro=s-9kCZ7nNMX0#-71Rvy*;KIT+-(Rn+u5#bt+JH?l$RZEpKdB`ND&)J8t)g=R za_sta{mtsNk5Hz=dpa&29w6&tNw9z6|C+P9rDGGMHyr`Yjt-w)TG@27K266O>x$F=@&bpTen0*gei_E1;=~= zFg_rDv@uG?tmqgRU+f7+O(6Q~+x=HS%OFw_^fY23f8>ae0m3LsnP1%znE;b(`z59g zRkC!O#6`_qLCGXyNhV-I(@3FxCfSWI{f z85yXW_iGBj(Z-cHHHb?rMioUl0rSaHZ$`nSQ{XdR8V9b5BqVssRs#6w0MlaUGq1WJAT=9%lk_Tu)rArD1c1v&tsS1Ei5cp+uEwH zl%=$Di6wJMl`t-r*qQn&&@0_{H8db;X=wpQ0`LH45-|6?k857*>ZXtU8??s8NHA~$ z<9L14%PF_^>u>W8Dp91yPO1m%Vf0bAyA;n5F{m>@uiw8>N9}?c*>LYiq~ml@O*cq!D^a( zE$|l3$W*1OsR_=SddcXZRqpGFH8CSAEx~*->iC7pKx^$xT+au7cs>0{9cg5~K3$ENot;ID zSB>oU^*pZ1fkT3)UZK5z+Y%0Jc$gbskn5An0kWTY!pz&72(Va1vrS4fxr+((l7{^7HwHMi;9s?D!!dwaBi!dSy%`MJkJiZ?Nvp<3@-VD z17b%y_wD-UBs~NKIu`Xe{V^T(ddZGCrr&ExNfK)YNQA|eR-fjYnpZ|f?-hNFCQ@DO zK3fc$BWGo1&Z5`$ne<*AFTsH}AnitkTM7oGs)0asm)yx&pyjs4&d%!UL{x0@K|o!m zlcBo;){N#;ZvR1%^PloCw@is<9!u&7pEI(B}2 zJrrB`kLql6c2Z+WK&wK6M5~U30cMgUpaDO%wD9a7k?_YTCBXn40$5riv{D&to1^_G zw0p);vbgva%~Y4yqxRiUB3?>>Gz zbT6-{=<~l>j|f3l_|pO3Ra08lVDV&Skq7In~z2?lGswEG-D7oj;g#3A88vy zlo=K?{&M|QZX=@A&b5vGUP>)SnmW-&o&kTz0|F|+v-+AXMvs>nBT3Weu+_Fk-imrF z3K0YTLAZE9tWGkTAU&@fYt-6J?O%!}CN%4o0h6imnTM zWScFWBEs3b^a0w(of8U)(TLREm;!y$l5q))NsN<0r~}>E09Z#A_7)%9C49P!vwNI3 zPHyi0ax&ny^=cFOeROm=;-JSjW+5mI4Eemj#I~|KzxUvD}cIsj}{H3Nn0*A5o4dNSNmwn6q@SNC>Fl^(HEp71a`GAZkSfFwseM<$@QfuHUi zE}!HVWqZk3`*zBdw33l=rY{-6`Pq36&%!1vzmSHzOJ9AyLfe?N!XcSaBjnpqR){LS z3urx~6kQ{O_egDP=bw*`9s4m$f5!H$T1(=;3Kh#k1Xl-3pno#qD`_fBhFT|ZfJBqAIlZZr01cv zfC75nafpaK^~b)U+5EB^?FcZunzk4ZvM(9g>4Qb_Pl9KFFp$9yr$Movyn9&uW0J%4AoP;2mf91$3Pejdr4)>L5Gd3|rEYiQWmW>|Zs zDUh=Xcnw1r7LkG`0qdy%ZE*Yo>^sg+Jqz-PJiYGdvNrup63A$O(7PVZ*8SfIxj!=> zJG&1-uLp=V_osqSuGK|O4^A<;aG!~4r~hBiO<)@^utUK6Dor}H@3Mp~&_;sW;dXGp zs;)bVO=J!K@uaGUn3;`55I<7#0iphO#3h`00(U4_vSOSt-vcx#-ftdO=6kX}K6GhI z)4mv+-5?pabJIEGYh*zMh ztDpX!D6gIW>ayYd{P}6^{C&W;@86-1_e(w9GpDO-F89Bt^TMr`i>fMWY?wUxx<54G z`)`;v{O@M6vd>>jkx?#uZOL@?C~Gc~%OfA5B|<{N&D?)w{^3J0un!4+ihlQesZ`C4 zdK=O6?8oev+GgZ&r6naLmDh}?OAhR$_+h@3s8KF!x)5Rm_LA5y6sQV(*^4<~o=W&e=z+xvUg7 zZ4LSJ`J3*MGskrY7UpJc63mxr#&vajJ{uKthosCCD@32z*)fZ(h(1{n^}h&{u=mj) z!2MkFSs5otmZ7j=S6^K-sW=}dC!&T&NRv2f4>cK-Ir`|iml zj0W5mGrEo&*L5+@`{|M0XJVq4YAV_%uSs1<&tbEgUeGhw z4sA?LJeX0zRvH9pvFwfcFibRFFc`6u;M4YOz6HJuQNBs>-`DABDHSg-nRgFc5;lTs z#0VL3AHYHSzlV{y;b+vZ0N)}&ps3)Bfoq8+_=0RDp)3J`)Ffcu znV^85Y0Ts_lpzqG=MYFx7zAfp~C2Abam15W&w72(j~*7Ik6p2UJrUa{j}1JOrLRbY*Kvf{f9y z=l_4ch3AVCkp~w-#2$+SC1qvNjQkIH9c^tt=r`DtQpfa1(Llej4ojz67=2{WVEH7V zzzoSXV0YVe)w{0@kyP(B+kBljU3E_SD;%cbUsRc3-C^yf?S`+6r)4ZvS@AZyp20K9 zj)k`VGUJ=HCTIPyts=G5Yn*x^2_CXf^hr?_qs%Na7V*w0Fgo-Q@!`!{117?qtE;BT zu`y<`tJTndpI+)7N2?0|Eoi_c^2dN z2&O?7rZtI1_y*%`UJ4O&;YS8}6us0!g+h)0Qi!0muk})`KJ=Taz{2Deb}Riv#Ym&2 zpU3pCr_ey(%YVc$e)yMG*c*wvAw_*NYRX^Z@=f0!xhKp?e(KZif?H!x9$~f4MPtCpIAKrFvu}v1&pHYgzY~hikF)Qq@Z35*g4xDZKfr z#j>eUs>MnaQ>anOqsj8gQJ3Y@%W%mx(`EzF7xLq`g&MmCg&L%2oV}-QXPKSXnQMIS z@YdpqAS(|Sjooe(A2wYD$)d5|&?T|uGdU_hPtL@T?)#y|GLZWmTm zj)gmQ2>U5ZwQOadC(lhzPfveRDJ~c?$IoX9*?w=hyajPY#I#0%qJ*;!F%iXl&dTcl z`BTZo)%Bkbdzug*KYwE}oV9~>_+P8>&3M{BvB&F?8n^A={W2^1`o!c2I#-8YoiVP> zlG3l{f4MBin{!?7+Us8||Nidi(g?_-?vhZ(rZt zNwYp5=kVWEj8R71_GINl^gN!(c_3W5UA{a{AMq>FgoTY**3GRP?(Z*5PD~IeGvH@W zA1acPO-W={JLjJD&&}x>wENTxyn5y0zIX9wC3W+MYE_Qt>*n?4gtdtT(b`$-w;LU^ zP%>Eu@>9Fr_ z}M&aipNpkYOj=o$8JR0xo>&r=1*mOD-&I#NrEhZwb>u2=P zOFgM9&XEzOI*J|a6CTx0|DQV;@yoRpl^o~;WsyDqyG>TxY z)14+PSEF?G?)r4I&T8brJRsoVF?(opKt`u>AQblyPVt4PU_9_)FmT{{pExnTP)7gl z+lTF)`LV#MnHAYt#vg{Y{cbB9U?W5dRPrTFFL<*vqE)BC+>pj;tLV?rnvMsM|dc$c((#!cpG%b|XUy33aQC-mnsp+uGP% zQ}6TJ&yFoj+;;DV#IOg4&^Y`Gm-+YnXDxavQ}IRJE+w%er}0RSB`Nv3D6HG57L?bc})E z66|vA*u)UAo3R8nCPD!tSckBHz?HAmur4%a=Yl8L^`{{LVi*4UcGd?zTI82H6|hun zoQJPnr=4utEQ>3T_bdEu%MlnshOM3^uCDlF*6y-iUYAenn5EQy#Sp8Sa$B+V1y4u4 zGCaTQR9Hqv<|7!Oz@ILQp~=a~-Y5OU#DJ5?5(nwt8UqVzm%rR{xPo(G>2s260>c zrooSEu;5A;qaY*O`yfr`?I&vCGdX)BwnN`t1iD-EUW;7)$0)@W#u*M#}jI)su%7EoV>i@PviBizW#oBb@iR!t42Y-V3gVG zUeV8~I3vA1=C7p5XpxbSkWBUU7j!|(UcK`ZJrk6C2I&O5!}<1tfiCHL)y4U_lX9U3 zHA(NvxJ`eLiK$!r+Q;z1-h#w=Ddvwu$Tv4Pd@-hH=+WCJs~F4FU!H%nP(f^p)3{A~|?e!X4?Q)evdkTRi3s`|R!=&c(chq(wRTc7*6tBerB zGo`4~?V<8(bh%0gTfKVeKId=DW5P8p>=RK{c)Cmn1(V(f!Boa(Qg*yjp{=|+(<9$z zkeIZlrmFtXXjRtzzI|(HYo8wc$afjZa`wF8?!}&>#y%_Ic`L@3D<}2L;K!SX!e7Qt zETt>RYu_IQm6xg%rjDt_1+!%A^!M8}Co~IcSv#W>X$Y}bueWn#^Eeaaq-V##N4dz1 zsz-8WDv}3U%SBwpdr4k-=BeU>0i%j#{X7P~REH~>^Oe$O8maJz7LV)FqO2R~EggLm zbL}|PKuU#-26d6Rck%?!@@(;kn^4N+3j>S%jjBfS1D^4V9BO6GO>$w1>W_tGtf)&Z z{Jd){DvoCLq;OvEY*4Vx{WPwk_@F;V%BRYsl@DNEL0w%PKUth8r;rf&JQoci0$558 zDZ`(%xYB)cD=XPX9jQ55`+LK1e}^!_6{Cio?4YW<539$tcd1}^x&YLMHgdYF-{=^w zVQ0-31XnUh8Zzg5K`_+M``|x%5U*J4kI7@7?uqbzWSrz}m_9dH7T$>IN|tU6_@p>? zu_#24wBH6HSfojE?sj|&)AgSh{1G_M-q>E(yTDu-jRxjF5)xrfdZx0*(cVEv5)X<(^mC_~;NxxCQgZ0ET>*{%MCuS!S+qkx_hLUT4i5N+~`WnHCxgySyYK*!WskoRn{w}08ZKB#N*E8}P- zGgJN;)B4F3h6L=Uhl#ry0(*m(BxlZ$rC{+oAZg~&i;%}rAl(eJr2mw0w19kSRi+C+ zDL{Ax-1oQW{3Z>;(5faR^dQY*m9>k?h1J&q3`uefsn9qgaP}1~_j2?2QHoTH=;)ttfyA!!#|0JbJ;s@8g9G22BBDd&Khi*x;KEeYgl1krNL@)kQtq7- zWX{e}$i>!l{`Bv3Ty?E3>#@Gx%3FpjNwX5^%Rr+6V-cT1#fKDXplhWj&$I0NG zF-^;y(>CbYx>#{`I#`X&yes5I{&(H;OS4FAQ7Er*M3I20FiJW_{e=x_qXFe+bw|!JbGzYQtQczr;z?k;b30D5i+08+D1?j~^@t%##aq&?48enps++ zhD#!xz$r@IF~Snxh*ovKc#O9D5dJ3mwHfSTKX^kxnr_U!P-Do4+RF#Z09ii~K&Bn1 zis{c^zI+stm1FxMj#F+r>>5I-%_?6|m#J198M47!IU1$(o03D;8g6X7s?^ z`1^;nu%txT6T3JHe7qI#Ib#AmbL12hQ9gE~wy5Z6bm8ksO*uyLruTLdjLq5xRY+?@ z&W{>Q+BWpF=zyljX(%j&rXJ`A=BCi)j1*{;euD~kB9A<_Zj9_(A{OV}&f8V3{TWK$ z`TMtTbQBg58Chf6k6~V?M(oXky>3)$iQ)c1i##01B65z_+%s zkq8VFn_pNs`O)D|LQRckq9@DFz?Qy`K~>es(Ww2F&oJi zDXDJyC`?N%`glaB*P-T(5dz8H)_>S|ye>As8=!**0m8OXZhX%o%lr%3)}S9%x?)O)uuEip4a zcr3ZMqi!OmeN$zL!`A+29dYDzRe)WmG^N?JW~Y^61(Aj-0o3qh0%Qqy4+Or%jl9|r zb|SN-gs3yk^{!RO&FwAiaIFQIBoqv$%kDTMh2Oo$=`H7ui3ZMhd=gQdCUzrFRSOpi z2?l&Tq1KiwX}YymDsWl+XmDk>HkzofdmA6unz;3d9qtwmS1?C46lg!F$HvFgk;Tmy z0kt4q3H8=!F7l=BS7ZZ>S)R%~cWkrS@Qr$CUAm)1QkgzKQM7aujWFgP)c;cc2@gh7 z*nDT(z=rgkUHsNnw>!us3`Gjv+2605LWJbj*FU>%7QXm9hh%8~ezm$KJcu(Q%VoFj zESMfhCj@vrUsjxC^ipYuxn!Yu=#Az@S873pyx98;v_wia9^0QYi2yjAU#JuC{0oPo zN}wDriq@3eS@kEuV3KsTtZphjOW1yHEe55zTI>Xn5PX!9fZXQHPz|QXJ)v>iN88s{225M?`D z(Bh?)td~g?K{#LQ&c9~OHI=Eml4XfgJe6w0YpkX`N7k0R(I_#wqc}6MP`#!bng*Xh zq{DI95DZ=I4vjD^2{tA(`W#(Ko0zIoTjaJcXZ1^;o}+#izSL6C8!kD_E%M0A&#)_~ zav$vITC>rK;8Lb)3iFMilG$gTtYy2dN;m)3IT;eAmc;ZzJ|-98`$yzvIy|-Gy?%dM zq&M{Is;vsqQ#u) zfzp&B)55|65()AV+DG9qGhYHG6y zOAR}O*bY@9MnOtQGHCKK%r`n!463;BFQR@%ygDN;OlL5cB8U{h9#U(nw%(S5+NXuY z{rZ71G;O1lxlryoKD^E{uH3dt26|W*1>+%IBr5vkMK-CNZi1x!jq7X67ky+72t>;a zZ?Va&@w)d{)0A})2TElRu>~TaYMg?Cf)ox2DdS}l&YncRo(m+%S+GLK=r$65a)jw; ztbd=mbd$-8lMLi=BX^RI)|2+-@XlPW#a74@S?P@3TvEDNk3v9a`lMjue(+Y8O`I3n zVPOU{7qnQ~)@zDe53I&O3=L?z+75*CC9l59iG{QN^egwOXkyUgdDp_*(Cv*=We^=7 zk27-$NgiVG&K^|cxPAp?=ixkF!61T@n&;;Zdsvyc&{jj>KZo5@HT=EsjZ!rJo3MGV zA7lz^^FGP1mr!G#s2>k^C@4MEh?Z%WCw z-4^B^19P{K3{n*G=k{jaF*G6{PGkwQ3^zqS%N%#h{h|mpy0SO2PO42j*G6x#onir8 zvDp?OgoY-w(vdV^`%LIU5iP;X&0D(BMcj~@Cl_bKjuBx28y+kPu^V;9?i#YM;rUbB zuhR9VH!-gRc3ZfVg1C{AKC#(1RiynoHRd z@DBaMs!vNl+-;AK4q29_V#BW&O#yq&GMgWb11ro2Ew>RLsvFmrk&`o6so(fSfL)ux z%thGq#ekO_gGSu!H(KgKLZI%!+kJSKy*IFD1fPYjF1P!>5)|C?-m#|PTx;dLyVM#s z^&Cvx!(oSzy+Ka)X@*Q%8i%k6f+i1iQ2*tINSM39!c5#Y|#*6q~th(jgQuMSEOU9)1BT;j8X%e+? zz9KO}z(yD=EJt8P4HMqrvHiUcjT}zn*Z@*u_sPa!c_ZXa0Sp;|Vo)O0LPL`SJd8qh^pwN-(Q|5HUr=yv_k$Z~F{~Qt;2)PE(jL0BwAZ^HFhL4)(D`?~tkc z&H{6Pj&F8qc#?#p5kn@sg}fr=H0EVZDXJX~(~cJELn(&E$$Fp70VYQ78?R zCQLllB4ya(&*^(5Rn?7fVxz9Ve_2I=CQfhTM$So#Y&We{|3vzA*=W+0=+ZK~6*)S> z@}5b_6>8kLl3pKuW{nm7(;8bi^jJNN(+#z5G;R*AGkay9DAy{du)0- zB8HfQPE0JpoAs;Exc;+`|COP%JwDt53&o=z1sW0r{11xPuE^y4j(vt+ODHUwYBSTV zm^`XZ`$5jtzS!MkVl_&?1a8SF0&}X)MSk zb2F-Ri=HMo;Z}iPcK7n zH`9y$|M@U#=y|Qg{E`97Yf)UeAXpMx5q9%UJn(lCZqwXw=Lu zuESY!$Y|chQ@jrGTJa~Aji>1TmC5h&clOoa`FhOW-rlS4vZ5i_UQ6NAsYHeq9j;D` z|15^b#+HN42A6vloI1m=uisC7Cywb~@_IZGo{sz4J6C6wG_sxEh?S6#V0L-9bhWrG zhL&v>1^ZSz$_Iz**X{qFuZK-r2|_8TQyO zEm#W5i@%~&2k}Xc+6-5J<*8bF5f;rcnYZUUBXOk+)g2A{55e0`BR4cIs?%PDq?!+zXfZT>qx}*JFj24uo~BVne%6W;#KJDP9XwsGW}Z+kY#`_+;+7d1Fta+e=Rvm zeBS$m0$I4^z4YZ^iW_tP_izSCsz&lpSbW5xYsgEJfWHQqwBNT+uf|p$p~M_U(k!1s zm_F>aTJwAWFK}o7*CTxD7y|r!5f1u|>q)8s_@Tq8+WRxCn5bx|qf>LyB_tNvW2LMG z#l=rrwg4E$WC%@|RwGu9SVAZo?s{G%6^7FLku;co=-?M=G<#Ld4K zX~+5M=zpUgAkey8yu7?Lb9DTDLB=5gOB^yEU0F#84n~khMnJ=%=z6?~>FhdOYE@?< zJZBL=F*U7d@HBS{WYCyGTzBzm4Mr@2cGEOs-6F{LM0WW`(Cr}w+Q|NRh=D9^)wt7$ z+OKaRNfQI?$K?*u3V2P39t5Hty82T|g_w30cC2Kdv#ox^Zpu9J_(+Em#D83OFfQ2a ztGX$Gv*}7YB6`aT%rxKveBO_hrrX)s=~`W-`8dR2=(fbCIX*@Lo>qI&{c3mQa1slKcwR4W`k11?zY;2_FZ{H@W z6t~ZaL%{_B`5l{>2z9d>Srb~h#sPPZCkF*L4a@*mrDtaqrcmc4a5!J1{#~+1}zj3 z@anOJnHbPh|G56Xz4g$+dr5$fLN``MlGw=9 zxpQMiTZz&uPR^k2Zi$&*sW`llQY{Q$v>a)Q++lx#+#>XrfNeR6U_$8N6*)Gn<+ zn4d6p%OPX?7>9~lY04|GwGIy*b$h8bvFrCceSCb>ScycwkvHfD#^gs~@AH>9%IiF# z3HD+V7U6R-s9`W4wGzPY@D@Z;TjIL248;z~3(hC7v0CKxEp&9c&hPp7 zCv5-X@2CRK>-Hs|LbkdvRSE_hDB76?C} zzKcw-8CK3cNPXzy@`WMRQm(C6SwHz#$7{HOBniU*puka?+^(P*=4xqesc~4~!@|J| z`|E=w&b(ejGVKIUu;$rgF2|?6`Zvr`_Xg@StK9pMhmigKYTzh6)E>KzR^=Tn1;&qu zcxEWS+T^F^B1X@&*bbYp&$TQ>cOVyIy8Sx~+-~dU8kHw3PKI_snh-NwZTdcyt%&et zYL&RLagG%>ee#esRtOPZ2rGg>-$4@ZBl!&RT@Gw>m!%d}+!;HF#R^epq^~^NMsDgz z>;9{7(8H=UZ^Bmn);sCVz9-Sf7l^2i<^2+?`3CUAqw^Vjx2~;s5~)%5E=m-5FC<`l|4D`#idVDnvTcT z#GCoDWc^JxL)JXm#vie(*`}~Hf4M*zPF$ZK4 zr|NZ{w3k4M$$xfSw&*4jT%X>1$V`%=E^*sxw_&@Td)V$rTm+W&=ZTW+L2Xzjrwc4f z;`t_n+|FGSz?%ABX~+(IcuyGf1{OcD3a`|Ez3MhsDH$vHjuMOOQ&~*TV$O5i~@O&O5Gu zdwgbP1!>WbB^%c3S;3FzUnR~%^?P~DNN;q=ipZD3a(4#>TS%>5IXv>H`pti(wY!$a z7SKd;Z0R)?PFljhb3%JQ`G+j8Pg46Nm-bf2jjU*)WGDwx~0_(XJqs7D)d^305=)zk0ExsIkPe7@Y567joc8x!o`(>AwWQ8?~ABE1~7Rl+5LMg zHQ&+Lmd}+PH&VF&Fku;c{4jy}qLQ=LSfb*ovJ~^|X z=z#J4yWCE`v9aO3K9Mu9r(IrFsD40}IvLi9^@^xBgV(Mah{}siE=b!PUk0x>U83@% z(5Sq{+b2V(Yp3{`Yv0=KJviweYP|FICIMbylizjii^mS84^c7&vz>ur(_anuZCYKN z4{OrIKd-=3ND0+3B86Pb$wHAaUUzBG1VP^E13>#WJ!CF!!EMJ}n8^Hw0l&Me>q%Et zXHA8uNf)Sxt{zJm;39COXfS+~uQ2YU0y%^8HbPKEyJu%fRI&uaf#T1N9t8Vl)H!)# zR22M}ZClT0Z1aPLhGtcw3&mQMlUy7^%&p1VsoW8ck;7SPgfL7Owt98ac=B852)JzA)ViW-ATzuJp>L2whH9W=dT zj+tV*`QsCyOCb#M*&(68!3H*y(fiG3KY#stMd{vb{o=3pYNxh_n{hs0bm^Ojy;GTQ z3yqLf^PoCyq?E|DyuZG8DA`=Laagm2lF*{!;u_yeNASE$MuG7gqvPWt0E7Trcs0vw zx!d@D%6LtG<%a0@m)A%vnwaMqdmZY;AB753*|=dAyy6F%FVzFUX7g$<9>oCs`^lCd zc%c&HJk76+TI;1bVC9HXP4N6Eg zaHeW`B89;G6Js|a`DDXI3$LiP=`$~)9O>Im20%K4T2@sxVe=Nq2-(?G|7kEUws>GZ zsnd-KopE3mHkN&l`fDwQX=L7f*V1A89`C^YEqWR%XS)*pLpVPJs%$1NMFEcvR^dB(8Z-s1EB$_~r;urV_k-_(ozV3E20 zg>f-Vd@1=&%S2(gdLm7kSn}Pc@12lUTWWn|RvB)^VJu5sCmp!w=j`mSWm$r>;=G~l zmi&!<%@2vTr}?&v8k4?^l!Go!J|2i*V@t7oay`pB6;1$RW#5JiAoOOowiq1kXZTNI zi2ZCe0@#xMKR&$#ma8p4N_r`GR_4IsUy41Xl6j&^x&k{Q^{}99-*40G{V@3{146_R z`i14ME#&3=1P%irsUiFxIjD@t`TCy)Mc}Q#Ve@5n2Bf5sS&Tn&@r;LwmaI(wSJaL2 zl@5~fFTG^K6#Qd~$Oe0TrdCb|+f(G9-4cYWj2K2n$n-QNSl??~IW%7W!>TL)WX2M^ zV?y*42?3C@W7Mli)ehwKT? z=1D~Y#WH*?kJit2`*#_22cH}|?dPn_UayXON)UeX#a{9tj*~f=)KoP&-TE~(m#h&R zThZft)Sdv6RV$iHNpi?FaI9P7r37p*hZ1T=6@+;DCYKG=hr^=>oMr>|vr$Wng|nl_ zhof>UN`WFYim=3!_o3~Y$Pn4KQbAN`E`nMR{~#iq&StKo`jF2A$zh7H>&_1W_~aea zl{%o)-`w2Rygwy!rYQDg=s)n<8Knigz`HB~76NBQRVSRXYqGMmV3Gsb(t~rDm}px*Iw|xT8n)3`t=-)4R}aeXyTeK((2NsT0I^9x77jnJ^(JCQ-mmI@|oD% zV}XCVs6bItQd->^EAUapzw#_A z2j(SEQ6@`!C;2Q@WO*aNKi?jHi!laz=44CD&%=_ zk$X?5GXc6f0h9Mr`l^Oia`#qQcRV=yZ$Up-+ z_jeniff2CjpB&g^gk9j%H2Lk;mc^r0Mmi&B@;ONR`s&bI2Wgas83Gv!&RRAc8-B%v z)KK<*vFyOM!u8$KjmMr0Er&(XgpEO~C${XepC+}uE~Tc3lN#+m_= zxvj!|pN}Mmt75RINvy;QZ+^nITE;J=(!14Q9L6Z))je(vEnIJFLRg1)j`jz4b_92n z)F~p9U#PD4oos*@p5gK7#rQ6d<6=`V|FU<%2i(#z#!my&mHK!m-quiKA^iLE8RJ1E zN0}-VScu2|bY4LLy*qX!XZzXwgnSc5=_{&mSkOipbxt+I2=W;k)<=VIXK5l@WY9@u zRTBaf?WYbJi6-TdNn-+!?NG8Xg04|Y z2zsXT>Xh!jZgMCc%ZJ$(kIcLV)|vpoP?WyL0i;9bpFyU#3{d zsL4G~28zlPOfy$j!ya^*{bs`rm@}J|+va3Ja5uu!`+GYN#=pf1%9n@tmT8v*nS(l; zXm$P-1swuW*M@0=GUv-LkBks>im<-LKF*j?dG&K^M%-!B10Mr|St+Q5qYqiD=YfWl zetU|8b{gyOcgs5PF3C3OE)RF_+b(YG$`&}}3{Bu;uj8e_u1unrb$+d#ylekuhU7lg*LoQvqn;2iI!+DApR{{?hm4rw{ID% zLLyqu6=TT9I6qlq@$-Hu2{`5^XrG==O2PxW;go^F`S0r+u&3R3@mpG3MbaF!bv-T? z!|eGm6)bqSD&Q<8UcU~C4MSLon9g6|qyKSz{Umn}qoxHD?``A9$H%Y#Oy>sBm}@;6 z*{7xT6&F_sXr}+!^3%Q~i*KNJ4qKhCw@YNMti0Xtaj~|B0(x-ScG>k^b;;|X!*=62 z^Dh-Ti|rRGzkvoHZ}PVsG_ssP zx5n$p=s%58wdoBIv2k{W?aRpWG86(WUlUZ1gT@sj!p0l|nB?gE{09IOSMRxx%-r1x ze+>0SdsF0G^}XN}5s3p*94NHs$n=#Q9UbjoLbe4Kv%mD=23|>hv#j&}H^dP{|G^TW z&y2&{n5v2(89 zgJppTsr=h9e05%7Ev?l_5aTKz>Y zdpuoZ*2MKy%uYO&IhDg$=R6*HGUVGtT+U&)mQZrZZ=cXV2VN*fmh{Uv2Kz>WhQautZ`GIU9Bt;QVkKGRpggJ}1?GzAW5)Szji$%+g5 zlbd6j7nFR|9+_t3Q|cp4LJKSo2}MOrkeYE^>A;r%SSB+<_E=7p9#HYN9pedAIenQ! z{EkFqEBfEi>ttm*?KEtYY^?4i1rlRDUXd;)9Ovnf7JIWVugvuZR%^TWGIU}PX$1oA z1fHmwJs-KZjLtDBB_)7ZIgaVH!&6HE{7%c}qFUy!K)`NwvDr=F;bP(HSXLDA`;VW7 z#7M%bH1b@o%@n`e0#U2lAIP2<0#JmNo`(X(8sK!8B*;0jty+^E9Oz}~i^Gtg1U##e z?Eb$MjhT_pS~No|nV4qJ|5m#^n~#q>Yk1 zKtVL^_W`jtr9$bz!JyQ>DLFu6c2(^~GQ{i+n=9CW(1F**;X*+p0y=Gz=K%|N zt~ikSdP2)jg#et>!3VX#*EdO}*yB(+d)wvi$|W|7y7%ZYb7iLg84yGPS*kE>oj&zk zySWZs!)B=@I%yK55nOpffkp)vA!cw58y>5;%V0c~7MbqgJX zVh~_)<(-{T)L&Y-E3=hz2VTWNuG1@^#O~GAnnp5GcpfdsZD;%9Y>(u~GT=)%IdME` zv(wX-q?>~-6a&BG*1l&tWmvwC-*5&%@_Lb-!kM9lq|rbhb64e0LG2tD&gxs+FVUf>1$rL~ke#0Q<8P8i~6_v6VYsmM2&e$(CXtUv# z99{U@%qXr3s2Ex<%2QheK6Zzqo&U`5YH(O^K5D-NL59*{vf>1MD`zll6e6BKC(+7V zx%okGz(+K)tA#%NIi6&g^DvHyU|vMkgK)(q16gszQ0^aNbvt__R|ZACFJ<; z9CwKpON*B_xq^PwLU?ps^HStH=lLKRN-BPDY|76Hf_Fsafg0OZTWoWOTAS~wKti!J ze2qmWzh$9Hqm%}4EZO$0i-iUU^1gXTG4cJ2g}Ogrv_bTr^Y!cK86#iiZ9bi_zdJi6 z#TShD=z!(TXa8vhvXZ-(hi^=xn}H|y+Z2E8RSkpCK`rN3L)EE{0@Z>fBBL7%DIWoq^BcUxT4{O&iN3I8oq*jj(ylreN{~fBg9Fx4zID^*%5o zi3+>8*OM*xJ@?Osmg3FCsV@* zP96U#R}d`Zse)eI?0a7>dD$U~w;ICW?UvX;6qXd>>7y3Fg>G%Img-vu!WN-&tbICa zePoqd0&Ih}t@i*o=AGZ*Nje{|N*FXb(|+T=oNE6U!F>p}D{#!iCG%iE^5_&1QVx2Y zs6=Cdlbi7^Xl>1;C{*f6T9ObZ>IF0G?u(Q1Ph%*>rnQ-*yZj0B9tqZ*+Y7`*R5WU|k6NYg+WM6V{=t=UgSm`5a_r#65dKAbn{K;1 zeeAg@1HSrFfFLpbr=+28tC+@Dh~R7kqW*(aOn4o07KrHuZ$KIJrrCT`LZt#WbpxKs zCQzBQ=*dNQdT(cWO>XqmZ}ywM60Y7rs4(W=Bgp{O1UR%FLImgG-OhYzn5wLZ*Pla| zqc2z?+blh++R)5k#I#%vdjvsYg#Txxaii9YOk;o<=e8PIKc6ooH)*-osU#blD(nIV zZ;h#S_=|a4A$YF81}3tn-Ra>WJE$C6T&QShE@^8r&p$mU+}Zmp?WIdhF6xQcHE6Rc z@!=gVI>ztKRbK?*|LEg!+jz2SaL^K&QCt>=;4do-SZI@?qzHSPmtKHn1(+?Y;MI2` z#2^g}z5JVGGm-_T^LCdm85hMh^JMK*3wIBXQW>e2*mCI0yN8DZNVvl9=J^~xO>=K` z6qdNjOq+gk_q@YZ?BakM*nBrL#1*AOG@O{m2UQ)|qHEDFMB}tr3S~ZDOV&-3&Q$70 z0@ZG~+o^BlbPgpi!LRtc3g6`pDlq1sy3Gm8R3Vk4H8n) zS6W-uk<($xFULiLlxb>H*S|j&R#SfV7BOu_xGCi$%)=|=0I0sj0#jp%;iCN?1~A(W zaaH3MRI&ZB$+t(*#aUh4dl&AqIZv}U1nlQ(QOwND0LcAVh5~Q^&^66~nnR-ZIz)~q zf4o}e9U&&lzAs5yPljA$4|eb=?KkEt{2<8}g}+3?CvlP0KU<^>)LXyY2w*ypE;o2x z2y)HXWq7Cqhq7^QYD?>7%qk+oW8UwWY2kIAY_$gmPs9Ugea|7iZiNfHm8;)!D#tSQ?ZyXp4LSbFcnvK#M|D;=tPk5V~R z`0{s1+xfqG;Yxn3!N9k;Tg{-$)&xEVfT{%a9w4lnFs0q81nXMk!yQv>HA?SFU!Jr)yooL&-?*FR%HIMwh7q^8y*6Er7Zq_{fJq8>xdz9 zM3)*e59Z-o6@z~iXnLtGf4<}W59AIdzW^u*%-2ir+k?jaZW*Ozk#Z-|ode8@tE#*} zB;}ShYe?+XT&2%nU8%m5AdgM+DSo{r^Zz`F?h^v8=m9>2r zl`$1v&bz4Mkm-;qXo0Mj#$i10)v(ohwF@Cdfe{2`07_T`D(%xD_y~*P)VzXrq}nz7 zR`GHtjuXkEKj$x0?)WDZa$Z!BKxkMIy5tDgxmz3DUQMh74?ia&8P`yF1tN9VJ;K@V zw@3{-11N>O4yCPR(LgaJ%@T<3t=$|R156jtzqP*T1L*w~ETJ&?P-xOhEL)RH-pA^F0Fn-5HAOp$*R0m9V zDD6`o{^?Bru<-+a&h26+>d49S+mC{MpLZ(8m#k_8|(nG+N zD(lKi@<0&WiU7cIeX;q~7ZER_=3NS4j{wFpsVGAT?4+k7hM>DvTmB-mU+FL$ogQPL zHYCwwNE`fkv8*`m8s!wV$0#Vs8i~6~lQO*GgJ}^^F>VFtn;xDs5n_H$Pe-6d79OF` z{3S{F=E)}+5qlJlrxuHUGVrM%jw7d}nCjWp`V}Y>`pXw0O1q~=iqLO#)7joyzm{L9 zDF57&Ryi&H`82~J$dVkPP@IQlecAW08)T0FS^#HY^2bUFw!>i|Ak6u60Oj%S^s0xr z1CmX=$L6MO_cx>L#H)5zBs9b#eT@`_d>e&Ebmbbc?)C>qG!)^V+k22;^qAffzyZn~ z2tPc9M8NsTllCKj+`xzJz<7V(OOxkmnqH~9C%Jp+rzRgqUZZT>=r=aa+@_SSRWb59 zlohk8QaW%C*lUx0)vH4V%BbY?5`D{?vh48h8Vg-QX1(-T0}skLAtx8LAtv^ z80iK<;@|$yxj7f-?r;M)GsDd6Z|`rf^{%zsMmM#-g+9}#AKmMu>@}UJJ*6j!$;r({ z0;xtQ6e{3-#nRW;$HBuB0+jIv_wOE;tHR8S$3u@}tOz z#CQDu%>bYm(Fxu}#h1XsgNr{3g6)26#t}t7uASa{&Y-Z)mfrP8YGMRZ zyu;?1-@XC&uAcBcEgl9ipTK=D;7rm4T~Pl`HCXI-cwi8B?#5>ASh-J~2;kDVa{hzXA)OyJk>xEG;hnGbjE*jh-NTjvIkq9P=@dWptz} z{XGleaqPDQ?#DV&A(7SaTI4K(H9{*kZc{URCtl&uT5xl}s~he-n(mw;16&HgX*jKS z*fx4yGEv8Wj3MtbuyUomb5MPvS~R7n{!|X+->*gX-|dkZZpYG-swqy)E{4TxmWaSX z+UnmG26iw`e@428ySksx+GS4mX*t$iRPBgY-5kLT(Q!YcuE+kMSpJnR$7m(*aFlj1 zOQP@@V8Xrnb=2r!d?m4x_V`k^QBwZ+>kyt>*k$#7zj)1Zcj(vV6m9L*WzCdUvQb@E z&3Vd}K&e3uYX6!a>5b1SV1C$8{H|P{lo3fesyg~I8o%zA{unyRWsAmMrMyqsbu1k9 z9FvSIe%aS|SdA^2Q&jYDx5vl=3oLQV@RNzZN7AoxU7z`PzPCv$T2SDgbhB8hlw8Z# z(iy7pP@x1T4iS+UU>R4p6sN`y}$VV_C9`7 zrLn34T_o`QNX+(O?i(wqM}`;5BVxe&b%EIJj5n&rwiM=E0jSbp>I<_dg|4+=4ct8K zr|bt}b|Qavy-wNK$t;w0(OO$IaY^_MX*Hf31_v$QF5|yMJ9j49Z-g&-02W6p)@#%; zWlzyU_RAHEkYOBkFJ1ISi^@gNm@6b>pi^Htn1Ka{!Wnz;XuQetBFz~g40*ue0FF%O zXu2@q-OMV^xP!-F0mg%2R#cT!1hv2aTwr?kLe0$KA1J`bY4Jm4SVQBm_!LMOTVQK8 zqcfdPH1x^(`cj#yGIlt?k65ng`Gpn@cxRB1l3cU!N;)qG0b#pssDt{5H(gT-a!Ph+@&sSGu7N=g3=x)ETJB3p%C5y4pcZ3tLQH0oaULWgULg zX_~0ISwT|pqK}Of=Aqy+Fv=K`6#-HSYxffsdpM2LW*u>MQ>qwLQ}2iNN(R&Ou9t{@ z(d$i}%`8Ss!v7ujwR}Qh32COjIHBG$Lo2R%mS?unQ(IMWf{fXu+Ch75I<9i|eMIpx zbRTMgLg!Z9MI=$^Tj&|PKU^qQE>8b#PEkEaQcK5>4$4>xmSDi-ml|kGV@3jyxwg(y z(n9x`kc8wN3V9I?!eyZ==oM1FHd9Ls>wA#n;a8vO527xuyVEWzc^MX@es~uVN%i`d z%rgigWgyjS#sI|`s{E{dP}5R|8tLSaciFdu3M10sIrPpQwcOUL{y5#}c24m6ZI7Jz z?c0B4Qn+S04we&J-yI8{*y^apJVNKcSjB54eCm3S6YY@xP8lm*f|sw&tF*RP6yw!! zp|pY41@HGteHuOP?#3&=i9yAgteIUe;M)l}|M~~Rh_>_q2?uN@F8(6&)J~P77RF|9 zO&gO-Nm@v>H*|i3Gp#W4boG3a7G^JUPLdM#m^tDqW%-63u!Z57@$<_hUdanSeHZlL zZ@;sp6p|zag5)SZAOjVNvZoN1{=#lhd*LmVxLfmL__CRVo7X6Pat~YAuZpi+dOq5q zbjUi4WQP9B;J@3VFl702w3LfK$mc4I`dg0M(4>lNX|1T^JO0UxKp$xv zH{J+Ld^yd=Gx=1N`~X|AJ;4H#X-I}5t%u~NISTOqHOjMijK1WBXnYd=YjW=)qgzAM zIQp??BUA-S!`rQRnf3INiDT{eU(()N-Wnx8#ZKqn*%&Lo>_RjhAeUUmb?()E8>C=nmH>(w^8B zhzSkg^-b@TO7>-;`ulR;4t;+^Likp>#6hF}oDKJHPY*90sev8k-bk-3UA337JTryw z0Vhxcwm@ncX!0bWDT^U*{R0I6E&vTaU+YBE?Ctfn(k)eKSbSxO>ujwWM-DqVV2}$i zKTf8mQlRVUT=J0V4*}#YC+bU*WDA{)Wb=V|-9lJR>1HQH%cN0lF|H@gLC>C4& zSjLi6;kYVe(?8p?It>^DVsBQ~ZIo1cJst3rguEO0!S?*gNN9#u2~LVuh5b_PJAB|e zM}dZ<;a|?6SnSl33}AyGNHimi`i5{sH%?a1i}9|&xcNoVx8CN<;V!KN$h_y%SXz(_8^#)0CJ~o7 z3HjigBN_dUr4J<`Nj2iALFdl124Uuf!2V}f64jAGiWu36sg+5&4z zzH5ZB%!xOXmX?Xg{2-@6eSnr+Uma=XpJ6L7e@0H3O!5DF{K%?RcIBs%gZKlbV=%EB zCf-buXX?~Ut&q>bGE={4_UR^dzp&Sl6d4_nV+rT2>E6W^Er+<9Oeli3u18F2aqhGq z#g$HaIq%D?r@c*kh7czOiOwE>?H+yIe9{w=2mE_xo74%UL~MmTMHw~%Om5OS$JeSx zPrU_EPgo(qya6nMXKZQ`Q(|>h;Oi|KE82pm9FdNP9!YO0@MPVsi8#hb^qOg`q`SJ^ zLp9N!t(MXhT0NkHJ4e@+!*MeJm4Q!U`Lj*K8kLbpcYXle#ppF zESQRNp@66vK%GSVOZ3^eQIJ9p!!5ZeLPDRpd5&`B+1PTk5o4GP97U#blkjf0@bT?S zr(5qBL?Ph6FM2+F(|_>E<9pPhqgHg9^?LOkKZgF0bL(lQdZcrnK6S|QRm}@stiV_l zc7iAn0cwcqm5SI4V!xOYD@mNLnrQw^tYmh%R<%r9Ox#wVWH&3@OuW$=L`Yc@`WO#; z<;tj+JWM-b7v;h}B-F;vT{y7p!0jYp{eH&^6{%kCxqkHDBZ(5xN;QTrAnxIavVehs zJPkod@XTm2U`n*K^DyK5JCIgDqGu7?EM{zrZjyP>HD%rf>8mu!c{Ei}#d`eC`bMNt zUq6?5x@e-&xKjJueV`kA4sWMCF;g~6*F;l*@v#E$=PFRVhb-Cn2Jrw1f`}QQC?l1v z_LYf1se$z%z$W;4Z@{+){@UTVwlyen=uTT`%+D7{HVob6%^Wf0eo34vA6nOCyMY^( zj`VyK3X4FYxm@{+l!q`(Pr{r|ji=+O3ge;OJ4t}i0%(<%X0?~@K4 zNh$=YNNP{RpW3v$icR`K7M{hjNL2Zc>499W7~lD9Z;3*EttR8V!$?GFWZc$Vs|Vg5 zW)sl;DO+1akhAtJamOVMoki=U-b$aJReY6ytH&e0yTsdz!%~i<# zsBrj;NufAej`~iY%{C79FdS@mM4T%eV#?dAgpOiZ&qcH zdPHaMLOU+p^-JFKV7T;|i+x*P%YyQal1Q4(T+&3;`G&aB zbmyDj@QP!epV#U$W-=!aO@gg548s;95V@o8sV};LeOaOWWXj#L&njo>;G94uKc?XJ zM6+Jkq)hbI$N2)xWyNi*>;v-}H(E{>y}e>f^lA0|so%jF!@}-0!Y$%l8Z>3tLOra3 z&=0XgNnZVQeH$UgSR9#Sa0>;osnyj$Af}_(7_OIe4(8!~SKK}TKi|tsWK0~ z#d>%Ai7YnWf+EoV=6I~yWEY`^lqVKdEDlu?dLMmL7E)5yk!RO6*$2thoNROEPMbny z!LYzCcR;oUIhFSF?~F=ZAdN-OoHw|jUiG|D0eHzMYD~!$!(;G%U?aJxJ^6~t?WAh@ zTK1YIAY#>9f{bP!rU=7wug23$AI^0ffKvX^JB8Lrjk6Bbkwm4-4C8S|xlXeP>6cyb z-8H0{tOV#{am#hnP9d9&_$M58$x~>AN(0*N?(S|OQsYOLQ)fX#2O?EQv~;vwKK#t3 zAHK6=?9EWP_`L5u)FydSvVp!{+y~*W^Q?bk+P;7jk~V+gtDQJln?>!>zJ3#5T@$81 z=>vY$z|`y$6KJEPSx%By3>w9Pvb+iFeY86!{kCMui_vZPr!jb3)G3TDL)oi*4m}X1 zBPk{~phuxs>huJ3K@LQEE>=QebR6+{-+G*|hu7IH#;jKu%QWOoe`?-K8dvz$pz!P9 zNb|3KziM;no5oatqX<;}o_61ij_H{;nmtBHLLnvLmW~D)tRvuXIx-?dC^*t zxF7#0YtRw#xX9n6Uk+nGn6kaCiCUZsS4qi6q3_x+UomQ$7(BgyPDTUhJaxp9dbvYEV^z{@U0r za9zTkYq6Mt=}f0Uh%DV#9ENg&t#J;)!&9at;p{tavSSeB$Bc>s+#D? z6NaYxyd+tOuoC;L=aI^aq)`w+s-@|kBAV5O*VFeZ?-hN)ucoFZ(Jzw=c6|Fy_gc7- zkbmgt#KLNzV$vMcg6c?iNw}dInA8oxW*?Dn$T#kiDX(H)2g5 zJbsPWSr4&&`5YSp(QRpYhHwT%aPc z;L!M$e>xqSC#(E65-0)ibC(;dA!iG}t=sike-u#hmg#jOc_M{eO?%wrbbmW>=VNF! zJ27@}VxNtgcDC28%36YHu2XLvr;CtVM>$*0zgu*&u;OYW znPzY4b~)gvyI`?KMa?c;u_m=vvGm&rOSdr9uK96Q(d|5JwRI3(s$F5g40mp#B*5ym zO;Hw-kg-J9govE(0sv|^+>fFaGA%!z8{dq(t8|@ilAbAs7R8-`cMj`Cm#Jdty`O+2PWVc^D zCflCo6WvWgGJD){`Zx6>yKAC!OBoGm^Dm6STO_0TIKn%el;PXt2XR%^Q!Ts%CfAep zKU$;{Tlp+SwPKP(ccSN0{q%OqirISDAFo6-{Zhm#P$Mb}CC6m-)$Z(I8Y7~XujHo2aicx4Q2ZJiZI*_eUe@2^rz zuWi!EOO;=#u&JThG&18MgU~4ekJ`n!xz8U*Mu(TlC`g>`BPgvuLjKJ6i-p|TocgJQMtPkauGf}oam1{pswzpgru^*H^|OQP zimfu+L_Q~4&SN+{ZuN|ttLPDjUfhTPH0%~)U7gCC_Kskh=?I|+$ z3rL*U8AJ7Te_&89r?J?MaeC00_-ghIYG_r8cqtsh`N}D@vQ}$gb&C&W zf}wwf7JlIE-v|Xfo9^<<&%lzuOH^D@{$2TtMCqLM&sfr${kzRFajmhx;vQGa%XPNe zkEH!h-qpYw{}u1Q9jtpWuJ-Q}f9Om2_%TR1z)`>1b=ML2i)z`$g%%zdxG@~>sdF%D z$>RmdVmL&r#~jQKO!&JWTlbYsF*jetV{5F3tBAwX(j%JJnnNY1-)wLfWNhi%!RgvaAh(f@WPq z-TS|(MbQodrZDNR!sW7PQ+x{soFxt6#4LzkSf07mAkKdjA0%q+S61*Y3Grq??ChDb z^}KGo_7gN>xC>Wr^10{t+v1n%1U-++5J2+^kH>*Uze?X>Cr%|@tPZ|7Q!?z4nu=C3 z6f_by(P3{{cMwW&1exnx*YaIi7DmNKnRhIPgaGaYC7mpKp9^OypHp017?? za>6X^k<(H@dVcOw;4;-DF5-JTodFC={3Zq#nDGz`sj*r@x{=@l!f?0rDZH9wYx!_b zHY!DlR2lkhCe8Lr06)s~!2Zef#qeZ%g~5ju)DXS-IGInMW?-%x?Qa=9-dHbiZJvzI zGwJfX+hDp+I#sABuTK|2y`7tuDR<6qra-;)e<_VmmG5(8kw6&!DN(yK#(=pqPlCfe zrR{9#tvN{bmZb2D)RlEwq+*toXJY69+zHt^Rmezy-tXM#Zurn z=3E9RRoSo=&F>_;u0a?3crX#;b`|Jy9OGoCQFIcf*-W%`W0#qpJ;U(XQTD>%FgY*Bi0 z61rGu?9iT~yv-LgHTWSt6Ns_Nwr)K1SS(RoP_@~vt1jV#@e&9&glzhSY2bQJG0px% zX$iL+!+!F_7>syBEF2VqH=rwEuHWck#^_~=ysK>Q?@W*pzgr#LNCaKis3}5e_;#J> z{x0ZyWZJAIv-@&#gt=zN)?ZdP3-nRnZO%t8DwXNy)$#>=bn%P3w3C**xx_K7hCFI^q~2^8$kDv%j>4!0^VI?0QL5bj82b z*?e2V);9GrXgZ9Ugiw)zX6NQ@S5pvCQ z38Xx)3C$4dCO67NYe zB3jYQ>8?LFE5-xp5D4f@_Y0_svYJ>EZe$^ed64wbzE0L=F`8IdT*U0^JWVQ98wsz^ zouV8FDys2wwZYCXd?l#LJJmeYt-ypfvrQb5(~>^DbvDfWh`p;YlFtRW`*Zl%S}T~c z8zMuy9-CcnHg7hv6JbojYx%rUPr*3@{F02XrGECS7hOI|Mn-WP7nQM{PhC!aydYv}oFXno11adB6UicRk$6Z!f12M}{1 z?CY;+<>D4T7iU)gz~ArGyLLP2*!0Y;(?kIrDdKt5l)2ReiZ~8E9Bre}yQ}~+=wHxM z;H{+U(ePC{Ujp6fl;CS%oiG=H`hC&Ksym5k{Hqvei5mvYjTim8^l!Iyx0L;}PYegj zC9oaKX9?kOxYOZY-DF}!L_>c5tM-=)lidFIdhKpo{{B0}J`XjS2Iw|kVRX!p=bpE_ z1)YJPFu(smr@Ya~r#mNIF<4n@Zf?Qb)gVD+pALE7hNZ(_N+H;_iZZO_sG2q8aMi-i zs?S?kLJ}xROchp0B+GHGzz%F3l_==62azdU5Q?VBhJB|`|qNtvTB*0a|fs_+(? zv`U(IdB5hmy2~GMDnZ4kCIItkoPe@W?RyJn>O?}{3tm~_`qP)5~;dDir zgd*CWLiCI+?7iljNqS){c9-y}i(8J6P^Uo}~`b;KlnR0B&%z)W8OidXeAAz5H4{e_r>f|5$+zc6IfLiv9&Wgv| zikqEI(++ZaNbSiAKu%0~BK6slH$V7&#I2@#6{)v1(9`!?g!8jXUd`!i5m5Ci@b)9Ozz1gS;&6|Wwgv-l5_?Scp{0lbM~HY*$6J?ZFxgkZSg@#=6%y@unDPZ<$JCe#5PHDd_<5cNPEV0X ze}?{&8o?8jdUoeYhB}j1|IfE8FrpKV4g8;3ETpnXyv!0=LHT}&>c~`@{-5zs%G4C2 zzD!2449F-XeRposhgb)0{UKKPY^k`d9t&?&kZN24hbp+!GAR@6L?wWZ7b9@^O#5Hq zcIbx>$A%&oc^{SrEr}yTNw2_Z5$C269_DlPI^@Z~plUys`&_a9)YsVif;r?8UQey*(O?ABy{(Es7Q%_ZhMhUQ_+ z|NnhpP~+CdBifwPrsa*%cd$8t(7DRMT+K~fEriUREx<1b7Y8Q~D+eblC%*=VfDjk2 s5Dz~y_=AIE->Yx(e?7q7(fpm|hyVKl-{}1uzylx(GAggjrHq6A1BFR+egFUf literal 0 HcmV?d00001 diff --git a/images/app-icon-64px.png b/images/app-icon-64px.png new file mode 100644 index 0000000000000000000000000000000000000000..2c89800887c1dbdf24f744360ab40f16c58d5595 GIT binary patch literal 3596 zcmYLMc|26@`#v!k`-Ehf#*#D`j4e#4ku~9^j4kVAeK8no#URRzD9cNju`e0nl{HI3 zrXqxt7on7qFeF>H@9FdV<9E(;&i#3wbMEtep8LA5>)a3dFDp}i9tj=*0Qk+#jBG)B z@y`Y21n+dekQvZGe6W^S0H}Y!yYImP_NDP=ww3^JQyu`~5&_^hI25-C0O4o=SaJsd z%p(9e8BA@n(E}fFdRmwo0Y`t%qRz@paF)~NM%ZgnlPk_HSK#*9hpRP9^uzcdyo4EE zV)>k<_66>DapW4KJ$J8C9gP&NT)9kNl$TrNJ{mE2zo9z)gVUg|6t17)z2)JfF_~Mx z@lgCM;?>Aq={g~292@84L{RLhfHlEJOML8=F_PW(D!b)~W$#7yR2mI#BNRgz?_}N% zA9}{5-s0WKeqP??FZ&}pnV5FkG!1%dYk9;OCF+>%Wg}voPP7uo|BxWo7%6;9gjFCZ zLS&l+ok~n1BE0VpA}Q(;sU~}Oy4_#h;S%g1bgcW&Esl_StVzEcQjY~M zPpEZlesFFLnKuav30W6Ji4Mrz>0WC@QcMh?AMQlSCldvRbUo`G&~Smhii(QEVCE1_ zkUBIZCJ17d?4nOi}aysgEM~m<#6y36gSj!ng zA=rmE997hFuaNQshiad(x@Pwl@(I5;p5XR}D+_B+#Vss&!wqhWxz=qHmLv8E%2TLY z9N5>5{sak|%N%!R<}}6lhWP~qwluZ0QXOh=x7+xj3IO~i5 ze|9~!&Lk1``YBa)AoP-(o11e?%z=ZsIk%IOQ%1Mb@1j@pST{F9?V$IbS42d_w|UVU zrCBtZi(kWkvHwj?B9psP&>OL165U)>8xCn8yPC|P|hz$8XBpO zur>_|Q8PH)!Pi_cfAJ~plW$;PlM^cYQVEjsAb)pI7KAmWFZ6L!lh*L(V7cuxhZFUs zFd|XrfomNpk9gR+J9BOH$EFPG#CU66gj(V3ZKOD$!8u9YLUdy1R__bu_V$3 zsEl~NM)%vWEFQLU%@Y7aOvfjSXr&RDLuD7Z$BwH$abGPgJlwP%W_r5&K6U!0Fnn|6Wz78{d zH#L>g9?6om(QipCtf8WW$VGK^CqLG@^e!)>-g;|H2WcbAlZ|9sZ|{aOPRU}QW(O(& zIjU}qTn!TAzXqR>)oESG9V{6AuV25$!4lHbkN?`Rrm}VQvKGUV6L8mk85~S_9bG*^9CaGvuHN zaR@g-5a5OR+UU?{*YiXZdp#OkS_tNek3s-25^w=72sVyRpQDz(cjU<*tmr$U5(B21 z`Mp$5>M)D4Ji$q0Vq&Dl!;%#Mxyer^w4nrhDJiK}ys8~>2YcJS-VNQJ^+gpGoKI1e zItncV94UPzP2mv{p5ER!ukJWnnMlh>USBkO#eG=*PD_O6bBe0U3zpO+JpQyELJ*ui zp<6nXNbJsuj=dG6(%;|zZf2%dcetPcp|`i(Kni)@w3d&w|8gJ!KrUj^a$pJ0EkWJP zjWbO@_&JxS+E0QD6_b?Y0IqjL9sh&xOy?~d7njuL=5r9Xc)55T=D!Xoq>@ta+?+JR z;5HO!jXl7CprH*6(q?96M2e|aXZr^RK6d(}`~llLiQ|A6xVC?k>@~4E%*Qn~#z+xE zAD>F^;ist6B0Sj2F%Mr~=t)&qBb2Cxc&06dN`=3F|9);`_yQNY3+37sd#XKRrRUu{ zn76lg2`}-57R!l%G1JgrMNl6Wjj=Lu)B|k2Ri}^t9k-WtEh8m6ershzoq67!}ms#P}_b z*F_g+#@1yCY=n!*i7t24)(Qy6bMx`>`4W6&`m3v|u#u6G{rS#*yKq6s+{P|iUq5xM z(z>+0U2=YYe)0Qvte0Im&dl+_ytAUmWtE2lYD2|Hp39dnySGfOkK4P+NTjOxi^S#S zNr0&x78&{Xp?gybQK0T4uX}8rZMGMX%w+-@A0G!6dIO$!d-`W^$@rnzsYH>NG*>UL zGeMu)$WtwZzt_*>`I3^79@FVPi;GA)ojyug(PcvK^**kxWz;ygpw-nA_O@B`V1hk< z^5iAReZyiHWqGR+VzmWW0CRr6023b3ehO?^wuy!^;GYV@b`03q;|mWD2V-qmHO5^z zmV5Z)Gf)iK+}up=^9*kP^m<_U9-SU_xXaAp4;VFe-!(%QXxAk{WyBB&P8mpD$4{QN zwzhY(vk!WD40UKj#>~9uI~)7xw9!#pz0LPmA5p0<&oT|-T~$k~s<<)cEfLk@vib#$ z6Utr572?MQ1O?|u%Pl6xCX(CQFxTwuFJ;In&&(ppCCMWrHn)F`nEoZgksv*{G+yoN z>+8_|p?1wmo9eH|Kx=5Q8`}hfY+XCtW1W^r_1xQ9$;Z71W#Zp|VYq5Li(*xmw#54S zdj6c@b9`|n$VUYQ!xKM${#=_T4i^^{xnFH*(_x~|idaHrqJAwNSGnFA7c58JiW<1v zvyLZhm^@vGhsvfy5&AbF`Ga>^vD>V<^{9ufyRD8!K-A~38wZrz5GIyEfHj=jm>cZgkG{sdjwxS3xnkWMeb(rDI?{7ozf@ib5A^;{!%~ zMJRNJ7~b#17tsi(7SF;$qJVQTf8F!nianpvPa7JFh5NLoPB6;zrtPyxazSLe>c<=?fouzfv=j5*(#HI=rlZI ztS2abFkg5mhRf>nyw7>jS0%B5WKeBVI&ygSRNN+v2_NxoJjx^%J_aj}8hwSm?;wGY zA~#2ZT1ZIq(WB~2&kk*B% z5;b8A2LNVWgdDtUFaTH!!pmbbCFx#x56T+>Ha$sgd6?)40tQMOOWlMfzJ zJAZ!aJO=Z-G-hwB>EQEMh5fH*O>tZRV6eBW@%3xKtL?6%{^Vii-@?ZA4wYjoWm!Dc zL;H}wrWc$|O-%(^Q!RBXFV}^4*3+d_Z?PzBO^uCl#54wjQD4_}*p>vF=5Rlg7;rYx zca~pYV9;#n)|Y5*JV;$)xBI*EYHI6*-rn9L+iTat8lF89CmhXBDWx^ZuaY+Fx_a8X z4kP!sNryvug@r6NiB$d!xn~?$WEq>*Rl}18`NCiR2@FO^QQuY?C$huk{1|-)uao$+ zViOfyTTZX%#i}zB?_Bye$Ad@ph~?w#!ch{bTf>8cE(j^9ZA8r8%8O#DLzw9Ugo|Bs zI7ugZXU(Jd`E!Hsz2*$DZ+f&-j9+9}k3#w6y-W>_vGiIM!p=*wFdchN8gAKj@uzZ( z1*z{BiAjGYdGI{yCb)q*6K3oXcEcmg3xf~!0u7*!R?}2gLo1_ouc@nHG<7j*y2@y6 z3>v+EMfT5b?f)GD2{-(_qyNtVt){GY?wZ;;jJhrceNGvz13GjbLcW3yfVr`iQLUkS G!v6rP50U}^ literal 0 HcmV?d00001 diff --git a/images/avatar-128px.png b/images/avatar-128px.png new file mode 100644 index 0000000000000000000000000000000000000000..4d7792b4020cf0df3821c51a262f8332cb3acd49 GIT binary patch literal 1306 zcmV+#1?BpQP)004R>004l5008;`004mK004C`008P>0026e000+ooVrmw00002 zVoOIv0RM-N%)bBt1T{%SK~#9!?V5{rqA(DK`~J@rK!mEbYA;9EYjs<#N-x$6lC^8Q zbtRC0#&CLi4&MVXA4wpSnVebQ%vmmw3*-X1KrWCAbnX(WF0>XQU zfcR2AT@VZi0`3D8e#bLm3~+(M5PSc3W|Kz@4T%fL9|A%bbrUkr!5?{(? z6`TZApo=enJri&eFac3n5aY}6#-xBfqQ;jpD4G)xr8m03_6k}B*a&p!@ueI?+Y%(; z&N%|B3Ni$UfVkXn1fpNY1Xwcw&H*CeOn3rsz99jR{1ey{)_^$x1Vm-c6Ns9I1g1a`z9A<*RtObksyiz{$%Xc69UKf{6k;gCR; zwHNI`b|d6h>@Ruo!-gS&!i*=dESZ@C%j)w4rbuE8z-+3UGM0Z}IpK?I(U!NV#2YzCgpPytaUCZ^#v_F%j~ z(WLzghG@AE7H~+DFh`CAGy%(-;_(+~eS}n|D?g#}mks=>ltSgjGZ-H%j!*@5pTZ1@ z|4Mj&VzFBI_uA|%npY{0Bv#9Xwp<<#@ggZhU`KVFk|Az`Yht^AEFhd(O3Cu|irh9L z3KVZAtCXW^w3^(4djLzI*bKCba2qs93b=r9f$$#+ZU+4VyEcUnNZV-*IFykDgf}3i zBtGVzA)kX@K=@;3kt!Mkzh$j}C=n8o zW2PmofmWbQY!>}bplxRB1WK$*{TFlH5nUtTpD_L(v*4d1;Eqp?FXhWu&R??-P?t_s0-|a3AMlB~m8=pdoSX)!Q8q9X0{kYGhK;It zry2ovr&LD|8v)noHgrhfA_B}SD+sD4jzWOlt=H2*1f0k01Rfngz-L_BLQ&kSi3xC< zgb<2mZd`zUTL7V}7qIWM6o}s_hzYoGSAfHls}m5V3{rtFR)6{($Pakx<%+1sEMQzyWMpxP%w5TS2HhY1YEE+$L0C>NAL&Y zROi`c4bGYX001R)MObuXVRU6WV{&C-bY%cCFflYOF)%GKIaD$+IyE#pF*GeOH##sd zsp}VR0000bbVXQnWMOn=I&E)cX=ZrmIxsdZFgQ9eFk0lS QWB>pF07*qoM6N<$f>wwb6951J literal 0 HcmV?d00001 diff --git a/images/avatar-256px.png b/images/avatar-256px.png new file mode 100644 index 0000000000000000000000000000000000000000..900033ac0e674f78015eacd16ac87ef6a60e12c2 GIT binary patch literal 3045 zcmcImdpJ~U7k~GjEgMsYWada`#x+T7zuVast8p^_vq97TPSYI18dzU?{B_s{po_uuzC`+4_TYrpGV@4MFf`>lP>$3&snb~5j{FgDq{5W-2 z`p!OX1^35-P&}Ap%`J{}q0x3+d&=Sm=?#d3oTuJg$-gTz^i!9|q)ks>zI)9~*MYBs zG$u#l2?$%sH3Xml&;VcofB}G$0m;}f00{VhefVGTZns`T-W7XPa4TGw_lA~`Ldnhx z+!A$l^~&+BV&Oq|?X8*Z=}ia%?gx&0R%GAqpP(0f?N@%-)D)wtsv0@D?5`1{5g5h;3Z{1`O-vN? z0#2p-@wn(JI7A(fT<*S03R_k&i(b# z5*jw=DQWV?)Fg?4wQEzXEjl|p88Qs0t?z4NlsLO%LH=Il+M}1bHGRbll)w85C-uOG zkWES>rZ#X8WQ{-fm#lZVbHAfB7O{+XJA-0-Ra-BtcaRZ#J#sb+3k|h0VnE;6bA9uI zqW%f4ptp#I;vL6yKX)g^82(sBYxXQ8R1O02@YPUr5;dR*kZz< zKBCZYm0(WcUZZqr7XHw4!H~MfGA10%P-vinQv}XnK-?l?d+@BzUOTJK0?Jp*XB)QD zaWF02RB)Pxs^j(8=TdDX7WFnj%t=vaALF?c3m$rIXC7Y%EGTYRk+$oKEO1*{Iq^PzQ($JyMUD;OO1#8}JK=J8Z8M1>9lzhXX6 zaFWj8AyucovJa2C;61)A5j@0cHyvZ`(xcPqq!Zr^Mb5_!$wNw=hidjI>6A^ap0xmN z$#D0F%xxb@T6z2NWAaNTRMvdZ_(G4bmD)5B#vYZAW`R48M7v3xJ)%q-&RqPi0enQb zNEEDDr4bkycuA~)zkVYWE|>j82Gw$Nb9?dw#iB+$?e8Jr#%KVJhwE8hLEsq3EeXy zSqNBU^p=?@_X^jbhzNUa96afp-Ny*hnr$Rmta6;oNQjR^@swk_cLUnJ4Kak2(@+`& zdyi8g{}gRl~-{ChxmciWEtw`UVDb9fTY4+Ynt5i77tX zHfnHhrERxMEQ`+w0pcrDiOq!}n^q+i+M1H|{ilc>?SMibvyFM>rJJuh+C&O-y1ShR zl?>sJ*WVo$-4rg>w0mfaNmmVIHwq{1Yx_$WDk(_n$mf1a2oMP8PpH<+{ZdR)t!nH1 zG=Rf?N*zi6>et!r3AdimSpv^SvAZs=cc|<1gm?F5t#=?N>mmh34ERTD z;z+VGR@0ZMlk{q7f}+)hFS*2C?PJj}#~A94GuMzBGFx_qDba?U4dj0K{5`t8JF`Qc zcM&f)U6P_mbPq&t;ILOi%Nti2azXQO`gr|kXL5tX$IpVcKj!9EFlSd>b!^pBg@5!o|=W@ge)xoJ|=5nhG3WeU~QrLTGgO*IEsu%G48F75{=l$d=(T!=~ zk~oG9Aj26-IDnlBii$KwqhI;{d^{v19)$3F$G=$QSA~+f_7Wrlmt#Mg4G-RV=!iB~ zg%n}s2sSRC3@6CqFPRJ}>I&S){kEj4cL!gO9?w<7qZ_x6%SWt|Y6~*Ajey9GaEAG6 z^FUy&5-)(%j}J@lib#+pMC@3O4plgFXA-`>xI%`e%uSlCmYre+#XLZYY|c$grPP3a z51w9e2?(2z)-4qInXi)~KFEhaWaMt+TZc80tO{LzP~47 zelB~PxpMdw9)I%YlR+VmSi8W#Rd(-g)^e=E^*{-> zX2*$uwOY9Eowjj~&brER-I){VJK>>k(tm(BDPms!EeHYRb6tk0)*Iy+s!Kb4*oqs& z$5j)1AZz|}4>#+7c2WiILFjeTP)Y%OijFdj8OmhEVp<3W(CdY5m)*93Ebf^Vko7K00$i1Ff(#cZ8}Z?v z03hpA3F6Ajs-_14Ba#1H&(%P{RubhEf9thF1v;3|2E37{m+a>i@qr zns2u_xBfMrYW{&Oj^RN5JXQvs^*6JA&P({f!m!6M#=UdO$wK3Ax*EJ!o~xI7@A=@( z6lNc^a!%VK9)+gOmz12_`63!aZnl_7zL?MZ)vM2fx1nlDPiM3P(~lU%pJE~mQtCVw z^$e^MS|-M)xYn5Ry^&>l;A$aYzCfTMt%-S)FGG|N`<3U~4EFDZtym6NKXSOF!#3l_ zg98h_EZoeFHBJy__>jEj-<^e9j5do&Y%tuzvF!C5DD-NnOlh<_CQ|{az+T zjcgyjox8)n+iW>QQpdKU9Ek~%2j)Gs(I`q2XDnM$G+A zFkI;Cex+|cv+h=K!*1<$`{yj{W@20#w~~SJLc7cPlkCa|oTF-gX!XTI~lbe+Sykn?Igw;tks zF?D75s^!dA%=W2Wuy52q&FH<3F)5nw1{beJIS2po56lm%cb;~=K> z<Bpe@gJL{5INci?>)f zXTqV8#LwNib2Oit0Ov0zmJ4{?4vn9wWla*r#OxBb>qe0dLPr1mFzvcNxddkgyV{a0 zwsvdIi|@y%BPc_|tGC63#A*NHON*#(m4;7bL_4C7y7gp<#iM8wzspR_!PeHyQDOD` z7%IY0*od=Ie(>*mQGuLoI}&2)p=|msX^lOlDdG)xJ`)|6G}ZZ`gd^<+JZSIPYTq=I zv2>aSPkzYM=LhFY>q3LOvd@Vyw2>g}{p+FZe>|h0Uz596q5n)pc25{|?k)WGA0)V0 zz%zt*a)bnH(hF0xfCV?I44$M)dG(ZML)yss4^l4 zicSP}W14iu@QgHuvVU@h1_y>ZN9jsCBufxhF!>Yu<&ozMA&qI2rFlL$TURA=0s$kk zA+YX+Azi(4Hj7G3?d#8$AQ$p)wv@I(0@2X?WkmK(8wm!>u(m*V=cxCahdD0x=96tS z;PBmG>{l@;vQK>ft;Pf-^)+->x~G{fAsi}K61_t!P?{AM;61UHRkgHe&I=sJ71Wnu zr)fFBp%t2aAPe?ds-->k&r3{`y=6$KoK;?j#@&66yNs5RL23^k4)1$lcAZDg@o^A| ztx2>0K{|{=B8`v^7}O}Fqm89pOuuxeIZmppx|zL4HP)-t zv&by2>z}?-oVqr{CocMUkv#Z0uMf?tIyx8;^80eRKtu=KM|GiO;3J+>)nbp z1_yRw$No@m-9_eIWL+ciUXag#8KVXGe4A-=NM>n#m`lV^6MJAFs0)V)&U~_`?QIA| zK#%fGIo8bE*LB{oJI3}+ zj(u>?vQg#ifMskno?l)@S+(1m;)2J1B>&=9#FhWF4npysC*1R%W zcz(x=#a=X37di?>r&>LRVfDaCtiNFhy=>!*)EH9?tT~sK)d8bWl!m7mpQz&>+b{_6 zPj47W(8*q-;=_=V1f@T1tVI!4nVDBYR9OSWMj*U@glyaDe+11BWpz?-y5!kIUMM=QGG_5XK&Xg5@I1HoMU7Nw%j%;hL!j_E;$cxGsr>0t-bPT$JN%o1U zLCEBe==q6Z>~C8vlrYz}{x@u^JRA3#6luv4tq^2QB*AbT%P4LS^ z{l2QF2r zym#={0;@cJ9$U4qTN;++&=0r7$E0^VuBH|{Z@fXOObfOonX5Vujaic;@GWJL z>z+qhp%tX$fJ#0I@ZMH6G*G3m0UN>iW@XU=PLcsAc-o}5aC%L$ zw7$0Ylj)}gw?A^Ye1$IUx5>t>b$nDx^DSiP@pjs2vwEsKdA+@f)m9m5oOV2*&2u@3 z#51_D>ucz?m(ofxWnbiD{E-C&vzO}m;FU;rB0C+6<=AF(++)Im9uaXCqoltkCmOrF z?Dp>(uMKn$KVxE+>Od^m%T$Zt*z>EWMbrKxPKEk+y61QE6i+hz@WUQ)zB}iFhJ->M z5SonltMNKV_Y14lJRP=kRDy5%@ryL>b0-ABUpRYU*~8Lfg+Fo6?@Q;9+_6J!5+i97 z;wZ!JZv-NPI6_-&(>($Afjsh7QWsfgA9hbjHm#Eq(gENJ`7Ny@O_7K90i} zT#e^Y*-4csws{N(9ilJ6CX$Fs`K99=0oR)^xe|LbbAdMsrC{8Jxsxeg@oj{N^0v=% z?I$NMatS3&%-#3%5*9IinCH?*suZ2Yl-%9P7GAjeMCLjniX!>W2UIO8vT;d<@S)U(ZWX3`NGVlk_Y$ zz&&!X<(IStLZPIUjw-CfJvWmI>?NwX4?quC+ovS+!JWe*LaMyy7eblBl7f0=nEM)# zZG|-r>5XhLKlBU8*yAd*n)8LC!l=ybb;1YIoTgK>Tc(;TMwozvS2i_QJofCw{NEn~ zftZoYfwi(MBmL^7WG83hspkrzSoO2Ci({C>2Vx1@jR0NV^Y8!fagTsLzSdv&=YSPy zwn+$(EX$6Ua~HKz4sALrbo~f06&X>(K)6^HS*p;YpeA3h5MJ@MzTu>(=~dO>_ho^_ z1*#d^+M;V=TTG;5)s1<1@9Vd3(XKyKW_F1H*SsO^K)9dh}IF;RYZ0D$Twbdto6~ z7W6XtwjJ=Jc74SuLAHR50{H|Jw66nV)uR$s=gxA4B@OlM@TQ54ErSbM%hA%VF~#KX z(k_O=i1=u8)Vl&)+>mlb5w;>#ws-_6pCe?f8zlj$*bDEt$u!sT#13=^xMr57B=)L4 z^Whp`Oh-j;Hw;)*Wbk9~A%(xEmngKZ$d#JDu5YsH`kwoAQ%&v;3P58=hD!O9Kd z1bHd?#5GKkg)eDoR1qgug>J@R)VoTcpd7y^x&dN?B3#ZD{Lh85;(K1*gDilizOps6 xay@L41vrJ4sw42@_!6E1bVZ;gSWq|;lw_T5X2~Y=4V!-f_v2nJjn3$-{{rjPiK74j literal 0 HcmV?d00001 diff --git a/images/daplie-logo-circle.png b/images/daplie-logo-circle.png new file mode 100644 index 0000000000000000000000000000000000000000..0aba61f6587b5098e8e9f94c696eaea72bfbc6f1 GIT binary patch literal 19763 zcmZ^~1C;Jivo_eaPTRI^+qP}C%JHkA_OD4jB;r z-sOPYy!vr*Q?D!sCCwAI)!_5Rf3ONjspP3cB-|DMxTo3^+J4|Y#G@yV&@=+19nlW4 z;1VEms$5bUr$v{nwNf9F4gY0f`mlw2!VPLAQJ}lT?wa;ea=*zkTGZ@PQ2d!=b70qg z@Orp-JSC4m?2cd2_ZVA7@~^Y$lp1Cr={tSLBKJpo=pEH1iv=(UK4xZlmkfSPaG+nQ z+!5|Zc38iMRx0*c&ZLlc*g1R7@>hlB*mQA3@dac2+N)X;PCO$KOf`3@F^KTKifx?l zXS}78J=OL@zbYoXm2li!8l8&pM)E)3yab!m(kwIAKlu)&i8DZOL0YA2Rz2pA6zwe- z6}(+5AMK#y+CL(4)?wCTi9;3sPBMXLj_6E$vKOfh$-&9Wo^la5=5M7goLjD|N;B)l z6ZOH2BV#Qv9D=*$)@%S~u1E-n>%((YQUL{(O;KD{PQi>UH$pJG@jM9_avIKnuUX4v z6StZ>_;nkCo9&7cdOdbVNR=dFnh_HqyG!bjI7Aw~_{-UGsSP)J&Uk0z`H7!(p5_QI zc)BxB+yM2i#(QzT-v9Xx-R3JX$BHH&068#((2@cA@L5m)w}IxdQJB8RyZP!8S(dl5 zzjCYcWf|tSy0SGQ@sqDLtY1yi#NIq%ftO!AAsl0hP=CnG$7kO02h`I&rk%`qhIRt6+{axu@{$2ka%k&`0QR`i*gV={e zHzs%G=*;BlI@n8Rg;}m!Uxl$WrbWj~YEqg(vR-mzJb#%EUdm(^l1-*^BH4Ti-UN>6?ESQvEZv! zay8uJusI)Cm$QIlJM?~5fz%K9-umn9!Cw!nC)=Ja8}YvH@*T|Z=*avj|HRzoNand8 z!g1mch8B<$0J-%b3ei2n=0{jdEWF#|E-e?eSr_=q*-6bVHfoXrT?=vnC*iTPm&2?=?fP0hKL zMaBQ8`@bVTVoO(7M{WiN4-XG|4;Fd{XA1@WI9oZoS~=Jg{ztEov4fi{A2IQN4E^u&-{W+(GXFo8>|OrHt$z+O{O1e< z6Fnot|LXqNmG?hVZV?ANM`tq^mw)>CnRx#T`TvsrA3OhzS8%p6`!~}6jOTyx|4-Tf z7q4jP;Og)%YR*sIwf@__3ka##!%557#vIp3{sE`fpfU9RgQ6iG;0`c zl(d?sK0I|r>%zjLy!mm_ibqSU+Q6gyX|Zty&YV$+hY33t8`4o27fDD=ko=dZU_nKd zj+zIc|A&9i<4T_i2h%U_Q&h>y8S@-sr*HzuPY@RW+%#? zygsl9aqbZH>E-KcXk?P zx2M~BM{mTfCb6|<+)X1#wcQvh?A-jwEPQ+oR zv@L)xrJ<*j%%xxe-Ig2QL)O34j99v<2bn}!Epqa#Ef0mHX4PioC{%xYI1Zli2@||S zJM2aqgiOvU{&Co^ABvx^hC(W|dLC76?@3ZS_#Vu0oks+~GWjpL1GN>~*7xhRusNLE z)Y?gHt-^I!5?8t^Ol2zzm4-BsZy*?|Lyd85LoX;+YB*OM8<0;Xe3roD*|L9*r^Mpq zwH~-?h&%H;J8m*Z#Ny|pPL+@$VG}~k;dY*$%WOzYHi01yY$)4M7-GSQLocnMYlPtWZQuQW*l2qj)=s&&VC1dchQ zPVpxg?Uz8THtlIQrEFy0A204Y&7C`KgEL?WC0-@J6otzLO_90=pTG!dycyD?D0H`- zpymz$v$-G^v4w?>#xiITq8C@4w^VUCkFiHr+Gn8qQ6L8o5~a463s`YjkaiZFje?z+ zDSm||>4!ftj`3f)`j5?HQCC(cj`JfwUQt zO2=tNYvN$;te~$Cy+RPI!0NEhu;R$3%q+7Y%WPLmVsZhplW};djS#n?%OcxI?Ay>O z4QAWjVXpbH`7g)CYhnuYgsD7%kAKnmS@oJcbSLOBD(M~fhqRHt(+4*2bykgNI9%7; zR*OIb#1o_;@(OR@(eR5wW{+mD@xWWd2Av_6E2wJAiy34>A)I#-FLRM+_)cnlz{YEkSv&QE`f>XwQLYLF zP@)CSRW)5whQe^W+0f=>lmFrIYG86|^7< zB`e$_=L|RlV^%X{HttE1*u4OoaoE!j5h1boSuIA-;y9It&~J^PkoX2v5d;wB=2~(F z6l2kM)#Hmm?k(xIBF!7w+0w70aY?;>r915XcCVwWMK|LfNE+Py$BHkBlI3t~bZMKE z&5weF`-<}zV={=dWH--8&F-fuHFEg1K1a?-sssuao~4zY(PtV*AEe%S)zqGIRJfvF z%%z=yeP;Ah?TUlFIWROp$FOEuD$NpUEt`jEs)jaL@{7QbQr=?Vp$vF|l9eEy2g zT_x~k(Ali)CMpsZwtwzJ;A<>+X>*@X>1M}-ipdjuOcFdM0n}2*l(La=p~qqj8K8;; zVzi*j=Dvgz#7Lxcw-}aB9_YxcNer7|wdVCb3r6)d6I-ikA#8<%R8$H@DJYi$K-`nL zhs{r{p1)E>bno9ArMmZ1AhM@Pe-rMFEG_+S7)x0aN} zMkN!0j)xG|v?>8nr%^ELEv2UYS{dzU8gA>eH@t-(OKbYdW>O3Z!hzSvVL8~Jr}>*TGH+Qo;KC)YPN({Z`y8jxnBY0kOkz(oATuY zi5I;)I$}~;9rMX&WHfh{m)UJozH>`Ok%TvRF<4~*Idnc-b1%3X5ic~%Iy?suEEG#{ zQa@y)9(%=A5+*AZ&R&p0rrI5CL3h7(x_kdARkx9dbI#3@d0;K?30>nuqy0?}uTCC2 zy*Vw#DmP|k3#B{TDUMrr8Jn6;J(WA4*Ujp={mO}J(r`{$ z+R`4Pl#JQobjEXu_e@-B{5wlW<#l<|-TS*Wh|XZm{KGu}8%?$p3FF0QMC_mpi*=bo zVSEFv`Rdw|zXp{$6ZvRF8Tf*QsA00g{0Jh>;OITCTb{dLLM$*qVn3hotCBhh>Kg5I zd)U^(<~MqM=oFt;L#)o$fg)JZ<1$Z-8gbP-=`ew$3b(KD=&9_?20#@h7#p*ZFi1l% zrS4G?P|qoF8HbEUl|ykM4#X^}#MwFT&ep0A8+5wkOjYfG$B)ln>Jyuz@Ixq_x)(nmwQXE*Qd}t_skWgcunO}q9r@F<*A=*97 zHt}_}?BIJh?y$1~1G*-hcozuWrR2xrB{xznPHaCrYT{!kb9Bjk&K-TCc>VFlc(%uS zdu|HpU<`HOjO=6{7WRJ(Uk5yrKy7(s!e-ILe z&`gcQ%Me2nmp`xRuLp7J`=LDx-!KOv&pjdXUrBFl0Y1NWK~5V; z`zWa_^(e~O)0rYpk&QUf%ojh-Z7dZPb`ZCSu$pD1gy4jY1|T=++Uk zOt^m12s8RNm|<>dd-s|Z>OceF*@3380yQSBd@p~&k=^Bj*sTIU!Vk_GfDwyk4t((g zEV=x(UTz(m#sSIoZ*86xlKL|&J)y%v%B`yQXG61}mVh*Kx9#&3z3)D5ovLJM2bN9;_0Q0`LsDcDP$ zqR|2TXP-VwW(-#CJp>k}&!Of+$gKf-QR;{on+O7n*HurDMdmQn3x-e4;pi#zt!0zewy>v(E5!XS3DEDdQ;MM_f~i^SSGH z!$@$;$?_$MAyVqZojMuD-MSPWZ6sf*|13>Pdp?tm@l@5xkHvkkhi#0yd2;NktAZ!( z_S~*#HstfQEajO{Hui#cN#}y}4oc{?;Sx`gHDB4?T5(lZ!@d+E>fs@pvqWb21HSbEZVTMc_Um z+HYmzeNGl=+c0tLMi|xAgG?=2yEL%d2t$qhYe zob7Yv43~wRo=^2)&Vw5EI-@0;_=dtd{CO;Skzlqbo$O`L=8d3IP<%P;Y1Z`=jthB6 z1d_Z)SV$;(_nsrM1~>-7;1QmLsV~6Dy(F`C=wGlgPIqvL2H4*7?<`5 z4t8c<|3vWyR3**4KeBGKot4z+#qx4g6tZ{#E7VmbEVAjv_~#5CjlnF|<2|ECnr8Y6 z^hFD2S@^6sjmmG_JbMvnu3tkyjYl~OUc3xC?u00DeMKXl%tu$*FC!uY%AvL%!oskvn4mrFAn&eLo1*Ou)R z!eM3UmH8mcbH+%`8oUek&TuKA4_)d3t7?>1uVGUp`J|~( z$=Vb|OEnQll=*Vkd14uw4}3_+u`)E>r&nckL8MZX?> zX*XPtvgT8!W|;8=$*jC|yWe30nwSrwv&!nFG;O!~sHRm5drgkZC;v{pMJG-%@A=mE!r_@vaIJgtBy;O+bo z1MfacM0a&}h1++gn!tRAsJZ2jjJut_;Ofw|SjCQnl7CB5=Jdxc3e^{TE^+5%go%h- zUKoq?6@e>AK-NWa&L2meoYP-542GN^8o`#_^Gj-EPjhYz&$AbYC-JRj3C3)X`u1G$ zl{_2p@IlcMGNz%hCBZh)QyP&jihmL17zq@-m@>03-tR_j7C{fu`$QK)aw+L zz_@=`zPL|VZCD;;WekO`FWeajB{-}Ju7#3A-Uz#n*vyU?j6`;&0W(p?`uM&+*Z3k; zpKyy3!4c&~o_{$EZhyB4oZiUAAQ(d$ELUFYV{#ID2o8W=>>a~qP_w)YwC=n6@OsQz zK>XNX-ggOs7l`OcTvgU?mXbDY>YGhW@1%L*99*I{H0A#CbJ_s)H})b|KRp)o@9B)Qz9+= z;5IotB7mk=kh8`<3`}U&=nlVoCQhd0sqKi$;qN`GcmH)Fs%BMmNfnoUO)~2y8XV{E zo#6+KU-pZve>P72WKRS7S_$Uy%?qgm=kI(t%Ghv~>Q!h=E>liJ+Q|v~Z9RElFY3ua zU+k4p*h5wyZFNpN6s4+>liiq1KIWb%2p(6F>HlVA-0Dm>9(|e3iYm5_B>p;agK{tU z2ey6u8}Gak4-@G&h&-HL@awX^J-m)g*RlqjQdz;_B!6B6C~_ZH<| za=%^a3tLc}%k=Ph{prRJ@4}6h(VV4xb!#HIvAS%Zx-LuKqwt#9?$fhF>FdS_^_>f- zXN^V?}`RVh4gGzGGS@t-bNS^cl;Tn<=_*fhPU;Bu}>o7(VpOpn`_7 z_1Q_uT<6gNf{hV=d4O6%A0)5?=ahu5d)q45={8T&H^%`O;=bOul^cjyVhB-HbhyQEbKykSj zO(+b@@OTGk3m`*o493hDZcli+1B)yM8a4a6y0J%4>5F1?fhmNi+Gh3(qKT?9^ zw#p9%yjycxbQcRAWe~C%bDk{5+B9>Hwv8y-39sFrYTXxBr?>c5I3&a1B#$=D9U6et z5j`{$xn40PB)XNI;s!C^gr81C!C8TExJWi$pzSw3H+(FIt`hmm;tF)q@R{Z+ZseFZ zn43-LIt@5x%X|w+Ejf19S_t~cfU2d}rn%gd69S7+Zkp*|p}@OH3+`(-b)HnX`cusp z`e`U0@2PXV0F6)JM3hZT(f!4S^`Lav*Uzv4=Mi_U!$k<6gs4jl# zQ2}tJ@Sx_bs|(bKOQ|RG3YW{-@KM!xv+n1b8ayu1`D8>mi={RM?-V!K(hew0C%w9k zyoP3pc8UF8PPlyNH^!1d8QY-Dl?wQtT{A35r!8>}VcN^z`O~hVoDBjh_8^6a=rSV= zj@NI^zh5;$`R)TRVHJ9nIJq&aBtD>P_yt^Gbmz1r8yZuh%z&>H987_P=nnxf4Bfp> zel8pW-eCAhU6Hus+-Xabue3B(_1?`SAQBswUDpUX1!aR z^+kbKvg^4}vPG@%Z^a6S56bY-^X+#1?b}YRr zPYZ)l#=S8grK^g0s>S-vtnZhTg6enHZoud0((@CqTcfw=?x9}bd10>;Py&wj(&~)s z>({n&X3EZYCL>Su0T41z&6k`Se)X3Y@MrOAdTa9D1mLRvHb8|Ot<-)|C-k%Vsja}W zByVMyK#QrSl(Cs&^~SP<;~hRwioPe0T6^m|Hg`d3l=E&*hIAe)QP5vLqh~&eqL@0+ zB0`0}lZ|kdvJ+5WPL2$Qs`J&Hw`uU|AZzkotl&kT-PH7^a04b|Wj85DSHKzTv9{0W z_VdsS0m862TTniA4^Y2oG^3UloG|tSSFyGUel@FK1adgYtxr{J_lA?e3faLVO{87x zo(_F}!ziD+xoK0&R{O2$-jxSjD!phOm@cNwWR~v4E9Oag!}9KF_*3`In&&+P&h_53amva^Lct=xEsR){z(0O`5x%!M{UCJXx`Ku)CZGRN1K9 zL3!89y8?{!phPg5 znDeH!yN1?X<*~fx(pem`M2@qMSgptS#R4nz4+J@5k5*SAuO5PFCW*CrwbXZf!cOKl zH+(iJ5}#;648e6^_HvJAUdIts#g8=qm_o~JrW@8aYI%c*J+KB))M4O&bOa^JMxPX= z$(*~v>O~{5wR^x+=>HyV)=p5xOr$I`T0o&F*V;rUEWDT(z9dV7OG`XYyMe2=q6RZM zj$rBL4u`o1Fa`}n9tc?rUYM(UX*b7}>19@GiA~x7?NhMW4qBN)6`ZQ)oyaBgndH}8 zV$|dk@WLpL8KAHqgYnmTuv}QS>5t&b^UzJuD|GG5IG|-9M*_%$fzd~mY$Od_5*X2q zJx%}yCqgMT_@uT}G!YoBX2j5+o1MehQy_lDVO-3qnEdk6W6M34)tjFA#RI$q?eWxl zm|P%HN=aZ6gZ5~D!QPB{2=*HVXX>oYP%%&Q1@K_FEImw%+l4m5v>fCw$cTM$WHzk+lt zQ?MFM>E8f}?1wQnlFXVtc(UD(e$7zsle;JEHv9?(+O$2h9iA&<&Ex*Xmq&uX0`pa? z-g&2VHd%7w?XMI|JO4V|w1;KTRB+SewLDP<_i4<6<3v3){^#i~2b!m-CkWYfssVAi- z(TsRB4nbDZyg2D;ld)j01Db0-Q)K{3vl3-hv>@YX!hCk4oZuk;s)bDnKbAGJ1QUHh zcS=bFg&p$>tTwWUE{ZjK8(i`Ujo7AlqYt6;-Y?tAzA>=qn`{lZ5UzLANg_OVcNFh2Ij7$2vxJDE3$cUZRr zA}QM>7jB1UHj6=9K3s;|oQ|n4zlb8kdBczxps4}T*r(GzcT`3iW zJ3B?U9M)^TSs;3sIx$wH*@qPqFX+kU>ikiMPTI{hgTc} zH~Z!M3!pX7wL{Q(?xJHv-MHLSW;+$XxU^-wae4Jel83k%3|W0@w@wv*%^ZB(*Q4i@l02>B3IxMPSMSV9TS) zAEJ7+x-q7c1T2euKeoP16>`hVek-t!UYb^_q{}tRj!fhqqi^fl=fm-4-TuiBPW^(f zEz>;uNqTxOjLD~?o>gEHt;XCZwwW-05HZfIKY*hwSBxNAsI4QyAezkSTDChm0Nnj7 ze`tAil)Tw!pk&y~Q3y=^efVMswWyx2GC!bQJ>()^-g){-1l~3@zi)pqGg8F7Pa3|F!@jgIiGtmDZV1nJGe|$9 zw+(t)q+|(0UXn9zwe^a=>gsG?4i=F=^3DRJ@Y}=5@~?FrfpUTJ9Y_jy-X=&JeY9-2 z^sEzPv9(2U?yKY(krtz~+v1TKD$}c2t#4R*%$WL^Frjs35_~}DB$ci$W&ufEne;ET z&wLX`+I{i*Id9W7uwtP#m)N-2}CyWEyM13f(WS-! zwvi5KBP_LGU0^Zpz#(X#z8Q)x%o%DC-eHqmVx4q*dTG-&$eqCz`Y%#&LFoZm08d+n z;oBG(=fdX1=p#?l(K3Y34YvD;Sd4Ue?zX&!bJjpHYA6eIWTi9SINa;gHgsT-K_KdV zsA@NF<$rR&Vz;{pxB(dZbjNZLL$R?v_9BuJ=n;>^-cKQ#E*kW*(}%-tvd*%mM3d)Y2zB0dL|%5F3WmN27+;sI zZukJip7b@8bHdvG1Q-da87ks1Ff-zpHLN0hDOJ;8g-20wjEEBvMed5Oe-RKP6z9AQ z3;k~gm{6yI$WIt%LUZvNhEvQV@~9&g#|0D*=2}|ANoE^K7jw4pYOqa3w6+G21Y$Lw zLX2=yEtkIuAXsDA4D^4X80_HUTU$F9XR*@DMprGQ`yQIkRYt&DtMI+cL~~@JO`D&M zH=0$W@yb1~R{=H2Yt%0;92mfjQwcilgsoG3GJ)J|5rc6(8Hz$fCZ5{Dc6FfbG8jrj zrOlc(V8p6S9SFb-1bc-1L57PEj85Gl)M8IoY#!=m${#y$F=Dt5j(eqcH#4uoz~o&J z_G9(!F`h93I=}{juBtcKHEUCH_&ncp4Ev^45>Wy(yFe}8?6 zG?Jytn=mmXOEr6-J>s!H-2xeS>nyZ!ENR@H5`z(}-MHU0`70VGc@P5DGLl;dZcLRa zfM@X5t!ijYipN^lP0F{Z_iN)wlEB#2%!47Udf?+I&|v_u<6b)Llufs89wYQud2asN z-M7W4l$mSY0G;j5^-uOq#4>qHE*>s7c}Vz0;+>d-&s>;Kby$Fm3D#Wx1BdjJtEFfl`1eF<(%ZTY@3Whd&Fc!Cv< zT?{Qa8b64z7QfySe$CXY1CX-Om<3iX@xFmP?&3kXqxLzwxqU4I58v4iw44b z)pStHTzu}doI!zP8(Or=_%{0oz_GflfrFA#<-X=x?ooW_;f$SQQQC$9lFyD?^F1}* zD!2;0I!*#kJOS7#OSc*otL#xaf|MxG+}94TGKfC z|7M%y(_Hb#q}s-^$ho7|uiaN40(2cLWu^%R3g*Pe~(^`e*-D*z)pB#0oIwuDiDFfLU_K3&orY0J&Nr| zBQJc071Kx!6-6T_tjy-+aI~ImZODN84PIEvFMHfKJ*XVrU#g*5l(Flzp+$yBLNey)lj&Fq)ac0TVyLLFf4U{RhdQ; zp)cZe)=7&zbJ(lFL-eMCLHU42NTMcN(LrOYjh2cN&$^Q?w13PSqBKASCwP{PytL>V zggr{|Up5hI@QesH%x9V*rXH0w&{Y&bp11st3S#gpg)gHbY^u+^ei+xJMhozT0KaUa z4lLLBx?uS?pL>Hl7~(-ger(wBv4_rZ^ns!fO2ZL|o7izXYCgnMdX{Vlk%-Qja<0mlm>;U!_|^F1}=7sSDhQW=4QUsk1zzjLo`gM&*=nqcblq z{?5`&IcwEOxNeZ8BHFs>(;iUS7~#R^MqwMSfEfugkzGUE58S^4Vph-)0NK7T1M zc|B(BR}VUjTSf3bF-wp;l!plCxhV1CuuD`{gc&fdoKf%5ZEJ78&~`Qu zY#k_fCt&oOby)TLLRZoiu*e%lhoSK1<;s-KrEV@D|bitKT2@&EZ)lSCQ0{3ea)D9?0Q`I@-TGgu? z$L_JS<{eEU%p_9aV)QM3EAdqb=2e10=jD8dzH~rO7P4Ld24BXVAPl8j%PcpYNiZaH zK-n;`1ISb`hd#sRRDIEyij?C4hxG4j^ntA#^%Jd|5)386sZ)s9z3`bVx;_=PmjhQnTmk-D1b}~ec+#4s0bZwxc)8u6)32!#og7K@+R{$j zC;SN>B%^TD(&!~|t8$M{mG1LeR7F1PnCb>Dk~ly!1&v@o*)f(_#NOgNn6;O!T-v*Y`8KIbwkkVG%|S%n~x_=6-km*2g(y- zO$8fvsP5^{(26d-As|YBcTQjM3oB#b%SO#Gct>7iT71B@atnkPtf`v!(%S-q-7B4M zf{A6_{ynCn@^(w)qh3qVNa)I<*{<+V^5|sLDu$ z%_~dKXdX(z`Oa(lx6NLB8Q>M1=@SG3>|kK2+jN`F#3oO~Gb7rHIYw0U=7|Q{jmqX` zcGNE(uFzQC;P;98uNixRZgBiWR`OTLoB+YngZL#2j`jOu(yQOljZ487TCgJIh&ywy zrKo~7+b}oI%!CE^L!A0o9M%H8u^{j_6X>^YBbL!S zuZE&W;jY4CA+@$*1mpONjf4~pZ|sFW4cM78I6Y0 z)DIbqCMLgRzBY`p6YmYCk9t2BL3{jJ3d0=1H*=aZ73NhFd4L=5{fV7MPrp?pR+tG7 zjsPB!wc82CPb1yze!lT9qi1f05nE;d((9-7$P+g<-MlaQzhJ#F}zQa9upR_5-zl{dLf>oicAc*hd2GVJX6A zy!8XxK;o;y^CJ8gtj@h?b?_1&m5tlJ<`HcVNdpYRWZ6RVV)mbB5x2gRj10w89SHKg zny%dw*ZP5IVH@M{oMwGI$R_^fZJMUl0=u%3wV`k6t{gQQ>DO>?RQmIek{u^4MepVG zDP^$T*~ZIMcPfROQSX0@G3-B1K%w_?u6B}aNJZ!Aw4Ir~zH-x%n=>zu;vgv9m(yY> z90>@b*qW@4JN?jot!K%mhvZ)Hw)vgx(7G|*hr>m^SI&fSon@IEyN0sTLm4>5l?F!Z+4&h(skN)7;W5rWKS08`TJnOPNP89-DjkQP*~;H}18Axt zq=LchSKwpm2zd9KM=h-b`lc^@1sMuvlK7m|q35j4W1h-W@88JF!mR{!Z0=J9fltZq zc;#WT6dws3bBo;M=1P^!lwj(S+Qi?X0a9$RB>zezUA`dtDU&O>TVVWe)gzV)GlOreGGQdS<-aC*&hx&1Q)Mnj<711x4p#zBfg);`-?2pd?N*FylPGR zzrb-=jos?FQ#Dk0A{y5beJF!>^e9_1qHr@3#3~q@6zuZ@G01#;bFASgu_E>VR(j#Y z?Bp$b8O}k*WM@zNJ^#&}9w{9@nV(iS#6V8OdYO|f-@4%p-+WM1CM^1z8y}k4IOg~&@HJn%oc zw}#`sIPb6+lat#NOP7fpUy_7cX}+0m{c{qZZ6~2(XdAV5(L2!>g}E0MF<>==hX4cS zmEI?Yr-!x{?gfR7ZX-hHzE=O#h7gx7nzNYCiY~l?1s6R5A~t*CZZClyqd{VO?eg#j z3s9=UNRm#IpTEp!&ouRS$F9A=_qIEv`{Z@ zwT2KL4q{-o{qzX{sJIbp$=ybN+`Qg{(y5yops1C-nS1glQXy&Rrnchh#zWo~ccG%c zZXNpkD_E0XjlV$jba%{W+78xzsussunCY6Vu>2&o=mC#{Ans{2eBD_uAwc~0EU%PV z{TWPuN?%yoJU~(o@cNMP%Kt%*G{1~cclLf0J%^G|v>5-a|AfN|x)(b)o$Ag)C$=es1G~$lw7z7t2ID_?D;uXBei0M}RbBt+ce+ z(!0O&Sk6@FEEq*+EI8h+)_L6jbnWnPuvG1(%;Wopilq0jcJ!lHa0GQ+f;_q~-Pct! zWB=t8ZRf31^~(^rjy04in`WytLTOCSoWzt`_Tjk5+Dl9G9_Q=BMQ}g`AN5@p;c}wG zg^XA)zp|Y4<}u#F(oai>Ra%eM_src3`Deox7VGXwPG=ddUXb?N>mAvK*+6t5*aL{R z=(+v=XFHSH81eEK@Wn|w&vk#_&SVTztm?kmBl(nZk)ESfZ?3l!pP}g@yBqp?P_$H) zx6yvUb|5H2;(D0lCsk!CI4K=l)j=bx_&dfQtI^XOjX7ntgOLU`aMMfMlEjM+QT zAMEJRXXsbTJU{JK`gC22)LflhP(A=yE>dH!!ta|lw;8*=dIU_sWDps&AN=9BjO7|ZPZdt9 z@^0lHhsCcKVDzct%F(^nqiC;0(J~j;dnzG#=Jxi|YlHq3(<$^R=FDs$1@G0VSj@}@ zo4#dBin$mA**jADit9K3=A5IvY`ALtO^sTDLmeziiID zoY5OseU1DUn|{^-a;r`j{Vaa^0p%s_7C8sh8;PH`C4B(GMxdWK5FP_&0!C>vX2y)U z2GUvb`(*al(B_;y6(M(|K5INpK~=nDh*zMGYLNDX+7zr~m$_)(dXlab_{(ZUB31XR z{|ayyJ)I(4k6qQ(j(JZ$2covwW7E-n(@>J={(e$u6T9wiL!a%Br$}?H9-gnZTBvOR zD?vATwC?z#ms)<{K;%rna+JZRK0UwiC!N}YO}QFsz&Em-{n!)?B_}^%&zqR|wiy=2 z{pu~-j>SDWtKlU0D`dIMgCw5$>(3tRdP=2`6sJGuPl4lW}0y(*Nx z55l(*OgWbHx3Mlyx(?#G{U=AGyH~fiqrx8k>7v&IFg(`R{@CU9UjoVBWM$jMn-Za z-1P)raK-a0zTXZIn`$;yCJU)Q1ZI_K8x7|dw}+_S!&;QDzOL8L>oYM{``g* zj9R*$sG?3*8;54nciJ7>R#d5vT?mHr^I?(}+o#j6S?udUH4`HqAw7nvKqz!5YI_aR zAw7LvAW{s}n*-$E<($c7TYGRzpXH=-B6`vx)!J6mC;$9*9{&aV8(NB*czt>}by8bW z8Zn>OsaW<8fE(_gNP%=eh4m6vMt&1MQntH%` zo=0D6AYflj^`sret}xs_Bapgu)tklQRLbb6!`Oas;G85S?rn9= zgIz!QL<@{1Ky*xSOc2A){_i2I-D@>LTk|nkb*C_UOQkAM@*@`tUc3O8iNT*oK^$h? zmN#xt-zvsM+9edJ3|jfVT1&{SP;K7zO7RP>_rVT&$6&@>xzg5a)~^``?HeKTL{#8h z87fEdUnL<}^6c47To|ic;rzMHff7({+Oi^Z;L72R;cDs&FW86DKX0sKNP>u85l47x z8kb7DVFcxCQ5Q%9V{U4sqd_D?^vC**eu^SA-s~|kYvD$eov-Ku_+yd~J zScjMD7g7GYMG2S|s6d3H0wx2}Kad6XmT*QwqVy5?2wYfi9ooI^9h%$MOBguer|!kN z9BtVBgh#)RCv$RL#YeH5eXbX$DlSe@;+B3jifxZuaedi5AUA32{-LLiVr7C@aJ zrIQNj6Itw0PKl~sRzH~~;tT|=C0xgIdc_NcAT=D9^yq#lFZjt~_~XHH(L_YsA~Y!W z=;|%Xo6z6sdi52H%OEKA6x6sgf)1NasF{KX3?GwfEMX67N5V7d_H$T(7ropZjt@Xk^nBu0AkGa8 zLo>TWguA8P=0B*p8nH}A46Ix%xL`wP-A=>gKTR6XDcihryZ@(R;OC|uGo{2M-pm;V_w8>MmcK+oU zo}Q9m2bmOmrDCMu9M4nrYoB&U9M8k`g?i@KPm=$4ITe97a~?i>Jv_{gvgyUOu+bbi z^jA1PBQAoTB>4$ag#gELaeSz0eQ402wK;_;Q@cHMM;o08b<+6gc*gtqI}5aGIkdyh zr5_r^$C|Oa28lCaeH(rJq~u|VqY;Ty@N44y5A{*GA65skrQlo$=B9b(Q3*s~or-wN zUv9H|ZtJkcPow7aRi~VcR%F!zIaNZMdAyURXYKu$%CII`zGtV<6-}T)=TTemx#* zLSxF6PYza%NkJJ3qKklP(NZ-jaA}1?>~(Dn{y6+>dOgT8lUz=ag>4x`NHSx5MV$!$!QV zRET68kE{BRi!V#rq>UYyK=)T?r=Oc;aUsZC7n&UbuS?}B^MmB}mhRr3Df{?&e2nkK zMJqD3uo>C+*(W;esfSzHzz~a{eBf>x_;=YiQZMNpWt1`NOo6V!jvB9pGNmCj^2Pt_@_H^&cv?(sX=3~Omp{9>jGi0g0Lg7TM9hnOx(L;N<99xR36H~zS^efTqVcEZV7#1NkGUHYh_ z!bO}=Y2#$BekOjKF5WBmo&zs_aftFw{PkQ1y+Ql{h{a!P%gzM0eeL#pdT{I5zO(uW?D)`N@K|T2)hDpRmC+y_2bo)8}N|zHI0yBp@oL+EvF<1Tw z;lriR7HsQVthU;s=277tFdU(Urz=p=(a4nS=<#Vf4p}?tw44ndqHrN?#fn|Xn@yh* z2~EsV@BTe^JqCE91eJ9(hX?VKbsf7{QL3XVw`E7t7Cqfz5B{c&=7%xg0$8OZ5kBY; zOWc6|E-iUbGz)A)F>D+^F>6y!O4;!KqC>?G5Ydr0-I!{P8R^kbuZLtY33ohX938Aaj3x48AV3R6?kKq(#zv29@s3^+kIP9p(!Q@)%H*Z3C;Rx3v*o zB81*YW2*X~{KW$Jbgp}2$LH+aKTX^0^Vx%hg|C&bXtM|RD)%)lb=@AGANJdOEa_n{ zNmYjQWWNlNZs3;7e&Lad8aRx4W}5G*3VL~Q(H_08&6X};XUUz&FEqO5$TQ-Q=$` zHF=4&6heVf2hb7<4ks0m!fmHf+qR|TTx`SIlC51;vK32MIUTjO=IEyYOi}M6&KdM4 zAs6Y}y;rLov3Fv}oXOMEcGg98cIr9kfNDY-Ejv1OguWSI7 zKt5u9dpaj5x~+p5#6N*40%u*2wPPlx-E2(nBMzrDVpqlS)IiI0>}u|*Bhlkrj|E;# zDF{1(^WSou4iPKm6~R08bKX<)C|ZSn(NoAt&$Zi23)yAz?O@)WV6P4of!_3{0jri( zOK44(l$t*{n>SUVX)U47$bkC-fZz^b00=1*+5m!uFlj{N%7zmO06ccvR!Wcp%mwu% zxk)l$DS$)eb*SXG+_z=O#O683v$ju2|JJu(c}{oKGSQ)nQ6Fl#+jksIVOWj zp_G)i9QSpy1b;c_t8}lYx=Ka%)B?ukg1GF3YqtWuDWQd{5IYFq&N8S3DpVY!qX3sd z6|sz_co71-CbevPs|+^^GMgYAER29rglAQt8dJ$}nyeIV102GtO5vMsTBK_k7de2C z^-9vY0Z6SM=T)ylb0dK{xte3?&-^3dp=@jz5`~*74*@&H_W(C#uxu!MypEcXuxYc> zcFOxSh+lTIu$Ttjk1B5fp)Xyy46sWft>M8Q?|KdJVoE~nv!M46sJv;&E(ukhIsg*j zRSBwSm;W4ys$>D8XxrapE2K3YzK!`ZR26Gc!nQO6IzXY-Qyp~3SPm2!Fvy08p*Zmr zQg)7}#cTKnI)Dwpr~@FyZOFICa8}@MTC7@*a`G%XqO?uW16SuF!8+2C=dyKl5{^yV z@l1lBFgayo=%Ef{O9$`p#4=ytX~SeO zW->BkLr7a#m1w8QQSrNkv;xTD^XN$F?NPk;B3aYzS+BV4wZMz13jj6#^9}rUc!s3J z0ackXS5Pw-I8h8Ff5?x*#m`#NnYCiKA}DueC&Q-*KxUd zt4&ncP2BoA_YhEPu18P+AkDzvOY^%E&nb;lbo7gZ{lnBPR6m}Fj%xa1r+llkj>{45 z>sctD!dIWi@vDwIIlmV_qel?AR*1b*fQmvEEdPN@-Nv!Ambo~XZf~Heeij3CcX?Nb zv1dbqGny`%llSK>hMJQb*2%-f#^C<{MCfHhfc?LIG2S?pLYEMc-?D| z3dWGizJR|FKMBulEz9Do+^#}?)x*kZcR=Yud@mdYF!ipZkqNVQZpajW1^z+&jQ~ya zMEaHMm%!Uy4Fi&aG=~?VqB)iGX@nV%XHd-=VQ_VDzzp}*qW~vPHZ30~)s1ZPz!sO@ zrFNS=+3qzHek;#b + + + + + + + + + + Daplie Connect - Sign on to the Web + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+

This is the developer (beta) site.

+

Please visit + + https://daplie.com/connect/ for the real site. +

+
+ +
+ +
+
+

Sign on to the Web!

+

A single-puprose sign-in to share an identity without being tied to a social network.

+ + +
+ +
+
+
+
+ + + + +
+
+
+ +
+ +
+
+
+
+
+

+
+
+ Launch {{ app.name }} +
+
+
+
+
+

Sorry, we don't have any apps for that yet.

+ Are you a developer? Would you like to create one? +
+
+
+
+
+
+ + + +
+
+
+
+ © 2015 by Daplie + + Daplie.com + + Developer API + + support@daplie.com +
+
+
Built with + + + by AJ (the DJ) +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/oauth3.html b/oauth3.html new file mode 100644 index 0000000..8a6360c --- /dev/null +++ b/oauth3.html @@ -0,0 +1,9 @@ + + + + + + +

Redirecting...

+ + diff --git a/oauth3.js b/oauth3.js new file mode 100644 index 0000000..f2fba71 --- /dev/null +++ b/oauth3.js @@ -0,0 +1,326 @@ +(function () { + 'use strict'; + + console.log('[DAPLIE oauth3.js]'); + console.log(window.location); + + var iter = 0; + + function main() { + + var rpc = {}; + //var myself = location.protocol + '//' + location.host + location.pathname; + var incoming; + var forwarding = {}; + var anchor; + var err; + var browserState; + var browserCallback; + var action; + + function parseParams() { + var params = {}; + + function parseParamsString(str) { + str.substr(1).split('&').filter(function (el) { return el; }).forEach(function (pair) { + pair = pair.split('='); + var key = decodeURIComponent(pair[0]); + var val = decodeURIComponent(pair[1]); + + if (params[key]) { + console.warn("overwriting key '" + key + "' '" + params[key] + "'"); + } + params[key] = val; + }); + } + + anchor = document.createElement('a'); + anchor.href = window.location.href; + + parseParamsString(anchor.search); + parseParamsString(anchor.hash); + + return params; + } + + function querystringify(params) { + var arr = []; + + Object.keys(params).forEach(function (k) { + arr.push(encodeURIComponent(k) + '=' + encodeURIComponent(params[k])); + }); + + return arr.join('&'); + } + + function phoneAway(/*redirectURi, params*/) { + // TODO test for ? / # + window.location.href = incoming.redirect_uri + '#' + querystringify(forwarding); + } + + function lintAndSetRedirectable(browserState, params) { + if (!params.redirect_uri) { + window.alert('redirect_uri not defined'); + err = new Error('redirect_uri not defined'); + console.error(err.message); + console.warn(err.stack); + params.redirect_uri = document.referer; + return false; + } + + if (!browserState) { + forwarding.error = "E_NO_BROWSER_STATE"; + forwarding.error_description = "you must specify a state parameter"; + return false; + } + + localStorage.setItem('oauth3.states.' + browserState, JSON.stringify(params)); + return true; + } + + function redirectCallback() { + var redirect_uri = incoming.redirect_uri; + forwarding.callback = browserState; + forwarding.action = 'close'; + + var url = redirect_uri + '#' + querystringify(forwarding); + + console.log('[debug] redirect_uri + params:', url); + window.location.href = url; + setTimeout(function () { + if (iter >= 3) { + console.log("dancing way too much... stopping now"); + return; + } + iter += 1; + console.log("I'm dancing by myse-e-elf"); + // in case I'm redirecting to myself + main(); + }, 0); + } + + rpc = {}; + + // Act as a provider and log the user out + rpc.logout = function (browserState, incoming) { + var url; + if (!lintAndSetRedirectable(browserState, incoming)) { + // TODO fail + } + + localStorage.setItem('oauth3.states.' + browserState, JSON.stringify(incoming)); + url = '/#/logout/' + browserState; + + // TODO specify specific account or all? + window.location.href = url; + setTimeout(function () { + // in case I'm redirecting to myself + main(); + }, 0); + }; + + // Act as a provider and inform the consumer the logout is complete + rpc.logout_callback = function (browserState/*, incoming*/) { + // TODO pass redirect_uri and state through here so we can avoid localStorage + var forwarding = {}; + var originalRequest; + + if (!browserState) { + forwarding.error = "E_NO_BROWSER_STATE"; + forwarding.error_description = "you must specify a state parameter"; + if (incoming.redirect_uri) { + phoneAway(incoming.redirect_uri, forwarding); + } + return; + } + + originalRequest = JSON.parse(localStorage.getItem('oauth3.states.' + browserState)); + forwarding.action = 'close'; + forwarding.state = browserState; + //phoneAway(originalRequest.redirect_uri, forwarding); + window.location.href = originalRequest.redirect_uri + '#' + querystringify(forwarding); + }; + + rpc.directives = function (browserState, incoming) { + if (!lintAndSetRedirectable(browserState, incoming)) { + phoneAway(); + return; + } + + var updatedAt = new Date(localStorage.getItem('oauth3.directives.updated_at')).valueOf(); + var fresh = (Date.now() - updatedAt) < (24 * 60 * 60 * 1000); + var directives = localStorage.getItem('oauth3.directives'); + var redirected = false; + + function redirectIf() { + if (redirected) { + return; + } + + redirected = true; + redirectCallback(); + } + + if (directives) { + forwarding.directives = directives; + redirectIf(); + if (fresh) { + return; + } + } + + var req = new XMLHttpRequest(); + req.open('GET', 'oauth3.json', true); + req.addEventListener('readystatechange', function () { + if (4 !== req.readyState) { + return; + } + + if (200 !== req.status) { + forwarding.error = "E_STATUS_" + req.status; + forwarding.error_description = "expected 200 OK json or text response for oauth3.json but got '" + req.status + "'"; + redirectIf(); + return; + } + + try { + directives = btoa(JSON.stringify(JSON.parse(req.responseText))); + forwarding.directives = directives; + forwarding.callback = browserState; + localStorage.setItem('oauth3.directives', directives); + localStorage.setItem('oauth3.directives.updated_at', new Date().toISOString()); + } catch(e) { + forwarding.error = "E_PARSE_JSON"; + forwarding.error_description = e.message; + console.error(forwarding.error); + console.error(forwarding.error_description); + console.error(req.responseText); + } + + redirectIf(); + }); + req.send(); + }; + + // the provider is contacting me + rpc.close = function (browserState, incoming) { + incoming.callback = browserState; + catchAll(); + }; + // the provider is contacting me + rpc.redirect = function (/*browserState, incoming*/) { + catchAll(); + }; + + function catchAll() { + function phoneHome() { + if (browserCallback === 'completeLogin') { + // Deprecated + (window.opener||window.parent).completeLogin(null, null, incoming); + } else { + console.log('I would be closed by my parent now'); + (window.opener||window.parent)['__oauth3_' + browserCallback](incoming); + } + } + + if (!(incoming.browser_state || incoming.state)) { + window.alert("callback URLs should include 'browser_state' (authorization code)" + + " or 'state' (implicit grant))"); + } + + setTimeout(function () { + // opener is for popup window, new tab + // parent is for iframe + phoneHome(); + }, 10); + + // iOS Webview (namely Chrome) workaround + setTimeout(function () { + console.log('I would close now'); + window.open('', '_self', ''); + window.close(); + }, 50); + + setTimeout(function () { + var i; + var len = localStorage.length; + var key; + var json; + var fresh; + + for (i = 0; i < len; i += 1) { + key = localStorage.key(i); + // TODO check updatedAt + if (/^oauth3\./.test(key)) { + try { + json = localStorage.getItem(key); + if (json) { + json = JSON.parse(json); + } + } catch (e) { + // ignore + json = null; + } + + fresh = json && (Date.now() - json.updatedAt < (5 * 60 * 1000)); + + if (!fresh) { + localStorage.removeItem(key); + } + } + } + forwarding.updatedAt = Date.now(); + localStorage.setItem('oauth3.' + (forwarding.browser_state || forwarding.state), JSON.stringify(forwarding)); + }, 0); + + } + + function parseAction(params) { + if (params.action) { + return params.action; + } + + if (params.close) { + return 'close'; + } + if (params.logout_callback) { + return 'logout_callback'; + } + if (params.logout) { + return 'logout'; + } + if (params.callback) { + return 'close'; + } + if (params.directives) { + return 'directives'; + } + + return 'redirect'; + } + + incoming = parseParams(); + browserState = incoming.browser_state || incoming.state; + action = parseAction(incoming); + forwarding.url = window.location.href; + forwarding.browser_state = browserState; + forwarding.state = browserState; + + if (!incoming.provider_uri) { + browserCallback = incoming.callback || browserState; + } else { + // deprecated + browserCallback = 'completeLogin'; + } + + console.log('[debug]', action, incoming); + + if (rpc[action]) { + rpc[action](browserState, incoming); + } else { + window.alert('unsupported action'); + } + } + + main(); +}()); diff --git a/oauth3.json b/oauth3.json new file mode 100644 index 0000000..a4cdde2 --- /dev/null +++ b/oauth3.json @@ -0,0 +1,22 @@ +{ "[DEBUG] source uri": "com.daplie.connect" +, "authorization_dialog": { + "method": "GET" + , "url": "https://hellabit.com/#/authorization_dialog/" + , "XurlX2": "https://daplie.com/connect/#/authorization_dialog/" + , "XurlX": "https://oauth3.org/api/oauth3/authorization_dialog" + , "XtodoX": "hmmm... should this be dynamically generated? it must change per app, right?" + } +, "access_token": { + "method": "POST" + , "url": "https://oauth3.org/api/org.oauth3.provider/access_token" + } +, "accounts": { + "method": "GET" + , "url": "https://oauth3.org/api/org.oauth3.provider/accounts" + } +, "profile": { + "method": "GET" + , "url": "https://oauth3.org/api/org.oauth3.accounts/:account_id/me" + } +, "authn_scope": "oauth3_authn" +} diff --git a/scripts/client-config.js b/scripts/client-config.js new file mode 100644 index 0000000..8a33721 --- /dev/null +++ b/scripts/client-config.js @@ -0,0 +1,52 @@ +window.StClientConfig = { + "webhookPrefix": "/webhooks" +, "snakeApi": true +, "superUserApi": "/api/superuser" +, "adminApi": "/api/admin" +, "userApi": "/api/user" +, "publicApi": "/api/public" +, "loginConfig": { + "usernameMinLen": 4 + , "secretMinLen": 8 + } +, "testProfiles": [ + { "role": "superuser" + , "token": "xxxxxxxx-test-xxxx-xxxx-root-xxxxxx" + } + , { "role": "admin" + , "token": "xxxxxxxx-test-xxxx-xxxx-admin-xxxxxx" + } + , { "role": "user" + , "token": "xxxxxxxx-test-xxxx-xxxx-user-xxxxxxx" + } + , { "role": "guest" + , "token": "xxxxxxxx-test-xxxx-xxxx-guest-xxxxxx" + } + ] +, "useSplash": false +, "stripe": { + "publicKey": "pk_test_hwX1wzG4OMEv9esujApHjxI7" + , "storeName": "Business Name Here" + , "storeLogo": null + } +, "loginProviders": { + "facebook": "/facebook/connect" + , "google": "/google/connect" + , "twitter": "/twitter/authn/connect" + , "tumblr": "/tumblr/connect" + , "ldsconnect": "/ldsconnect/connect" + , "loopback": "/loopback/connect" + } +, "oauth2": [ + { "provider": "loopback" + , "id": "pub_test_key_1" + , "explicitUrl": "/loopback/connect" + , "authorizeUrl": "https://local.daplie.com:4443/oauth/dialog/authorize" + , "redirectUrl": "https://local.foobar3000.com:4443/loopback-close.html" + } + ] +, "facebook": { + "appId": 1567954453472218 + } +, "googleAnalyticsUa": 'UA-61342537-1' +}; diff --git a/scripts/client-config.production.js b/scripts/client-config.production.js new file mode 100644 index 0000000..3e290f1 --- /dev/null +++ b/scripts/client-config.production.js @@ -0,0 +1,65 @@ +var baseUrl = localStorage.getItem('baseUrl'); + +if (!baseUrl) { + baseUrl = window.location.protocol + '//' + window.location.host.replace('ldsconnect.org', 'lds.io'); + //baseUrl += window.location.pathname; +} +console.info("baseUrl is set to '" + baseUrl + "'"); +console.log("Set to default by running `localStorage.removeItem('baseUrl')`"); +console.log("Need to test a dev environment? `localStorage.setItem('baseUrl', 'https://example.com:8080')`"); + +window.StClientConfig = { + "webhookPrefix": "/webhooks" +, "oauthPrefix": baseUrl + "/api/oauth3" +, "sessionPrefix": baseUrl + "/session" +, "apiPrefix": baseUrl + "/api" +, "snakeApi": true +, "superUserApi": "/api/superuser" +, "adminApi": "/api/admin" +, "userApi": "/api/user" +, "publicApi": "/api/public" +, "loginConfig": { + "usernameMinLen": 4 + , "secretMinLen": 8 + } +, "testProfiles": [ + { "role": "superuser" + , "token": "xxxxxxxx-test-xxxx-xxxx-root-xxxxxx" + } + , { "role": "admin" + , "token": "xxxxxxxx-test-xxxx-xxxx-admin-xxxxxx" + } + , { "role": "user" + , "token": "xxxxxxxx-test-xxxx-xxxx-user-xxxxxxx" + } + , { "role": "guest" + , "token": "xxxxxxxx-test-xxxx-xxxx-guest-xxxxxx" + } + ] +, "useSplash": false +, "stripe": { + "publicKey": "pk_test_hwX1wzG4OMEv9esujApHjxI7" + , "storeName": "Business Name Here" + , "storeLogo": null + } +, "loginProviders": { + "facebook": "/facebook/connect" + , "google": "/google/connect" + , "twitter": "/twitter/authn/connect" + , "tumblr": "/tumblr/connect" + , "ldsconnect": "/ldsconnect/connect" + , "loopback": "/loopback/connect" + } +, "oauth2": [ + { "provider": "loopback" + , "id": "pub_test_key_1" + , "explicitUrl": "/loopback/connect" + , "authorizeUrl": "https://local.daplie.com:4443/oauth/dialog/authorize" + , "redirectUrl": "https://local.foobar3000.com:4443/loopback-close.html" + } + ] +, "facebook": { + "appId": 1567954453472218 + } +, "googleAnalyticsUa": 'UA-61342537-1' +}; diff --git a/scripts/client-config.sample.js b/scripts/client-config.sample.js new file mode 100644 index 0000000..0a3e662 --- /dev/null +++ b/scripts/client-config.sample.js @@ -0,0 +1,51 @@ +window.StClientConfig = { + "webhookPrefix": "/webhooks" +, "snakeApi": true +, "superUserApi": "/api/superuser" +, "adminApi": "/api/admin" +, "userApi": "/api/user" +, "publicApi": "/api/public" +, "loginConfig": { + "usernameMinLen": 4 + , "secretMinLen": 8 + } +, "testProfiles": [ + { "role": "superuser" + , "token": "xxxxxxxx-test-xxxx-xxxx-root-xxxxxx" + } + , { "role": "admin" + , "token": "xxxxxxxx-test-xxxx-xxxx-admin-xxxxxx" + } + , { "role": "user" + , "token": "xxxxxxxx-test-xxxx-xxxx-user-xxxxxxx" + } + , { "role": "guest" + , "token": "xxxxxxxx-test-xxxx-xxxx-guest-xxxxxx" + } + ] +, "useSplash": false +, "stripe": { + "publicKey": "pk_test_hwX1wzG4OMEv9esujApHjxI7" + , "storeName": "Business Name Here" + , "storeLogo": null + } +, "loginProviders": { + "facebook": "/facebook/connect" + , "twitter": "/twitter/authn/connect" + , "tumblr": "/tumblr/connect" + , "ldsconnect": "/ldsconnect/connect" + , "loopback": "/loopback/connect" + } +, "oauth2": [ + { "provider": "loopback" + , "id": "pub_test_key_1" + , "explicitUrl": "/loopback/connect" + , "authorizeUrl": "https://local.daplie.com:4443/oauth/dialog/authorize" + , "redirectUrl": "https://local.foobar3000.com:4443/loopback-close.html" + } + ] +, "facebook": { + "appId": "921604161225759" + } +, "googleAnalyticsUa": 'UA-00000000-1' +}; diff --git a/scripts/controllers/authorization-dialog.js b/scripts/controllers/authorization-dialog.js new file mode 100644 index 0000000..aac6fc3 --- /dev/null +++ b/scripts/controllers/authorization-dialog.js @@ -0,0 +1,347 @@ +'use strict'; + +/** + * @ngdoc function + * @name yololiumApp.controller:OauthCtrl + * @description + * # OauthCtrl + * Controller of the yololiumApp + */ +angular.module('yololiumApp') + .controller('AuthorizationDialogController', [ + '$window' + , '$location' + , '$stateParams' + , '$q' + , '$timeout' + , '$scope' + , '$http' + , 'DaplieApiConfig' + , 'DaplieApiSession' + , 'DaplieApiRequest' + , function ( + $window + , $location + , $stateParams + , $q + , $timeout + , $scope + , $http + , LdsApiConfig + , LdsApiSession + , LdsApiRequest + ) { + + var scope = this; + + function isIframe () { + try { + return window.self !== window.top; + } catch (e) { + return true; + } + } + + // TODO move into config + var scopeMessages = { + directories: "View directories" + , me: "View your own Account" + , '*': "Use the Full Developer API" + }; + + function updateAccepted() { + scope.acceptedString = scope.pendingScope.filter(function (obj) { + return obj.acceptable && obj.accepted; + }).map(function (obj) { + return obj.value; + }).join(' '); + + return scope.acceptedString; + } + + function scopeStrToObj(value, accepted) { + // TODO parse subresource (dns:example.com:cname) + return { + accepted: accepted + , acceptable: !!scopeMessages[value] + , name: scopeMessages[value] || 'Invalid Scope \'' + value + '\'' + , value: value + }; + } + + function requestSelectedAccount(account, query, origin) { + // TODO Desired Process + // * check locally + // * if permissions pass, sign a jwt and post to server + // * if permissions fail, get from server (posting public key), then sign jwt + // * redirect to authorization_code_callback?code= or oauth3.html#token= + return $http.get( + LdsApiConfig.providerUri + '/api/org.oauth3.accounts/:account_id/grants/:client_id' + .replace(/:account_id/g, account.accountId) + .replace(/:client_id/g, query.client_id) + , { headers: { Authorization: "Bearer " + account.token } } + ).then(function (resp) { + var err; + + if (!resp.data) { + err = new Error("[Uknown Error] got no response (not even an error)"); + console.error(err.stack); + throw err; + } + + if (resp.data.error) { + console.error('[authorization-dialog] resp.data'); + err = new Error(resp.data.error.message || resp.data.error_description); + console.error(err.stack); + scope.error = resp.data.error; + scope.rawResponse = resp.data; + return $q.reject(err); + } + + return resp.data; + }); + } + + scope.chooseAccount = function (/*profile*/) { + $window.alert("user switching not yet implemented"); + }; + scope.updateScope = function () { + updateAccepted(); + }; + + function parseScope(scope) { + return (scope||'').split(/[\s,]/g) + } + function getNewPermissions(grant, query) { + var grantedArr = parseScope(grant.scope); + var requestedArr = parseScope(query.scope||''); + + return requestedArr.filter(function (scope) { + return -1 === grantedArr.indexOf(scope); + }); + } + + function generateToken(account, grant, query) { + var err = new Error("generateToken not yet implemented"); + throw err; + } + + function generateCode(account, grant, query) { + var err = new Error("generateCode not yet implemented"); + throw err; + } + + function getAccountPermissions(account, query, origin) { + return requestSelectedAccount(account, query, origin).then(function (grants) { + var grant = grants[query.client_id] || grants; + var grantedArr = parseScope(grant.scope); + var pendingArr = getNewPermissions(grant, query); + + var grantedObj = grantedArr.map(scopeStrToObj); + // '!' is a debug scope that ensures the permission dialog will be activated + // also could be used for switch user + var pendingObj = pendingArr.filter(function (v) { return '!' !== v; }).map(scopeStrToObj); + + scope.client = grant.client; + + if (!scope.client.title) { + scope.client.title = scope.client.name || 'Missing App Title'; + } + + scope.selectedAccountId = account.accountId; + + if (!checkRedirect(grant, query)) { + location.href = 'https://oauth3.org/docs/errors#E_REDIRECT_ATTACK'; + return; + } + + // key generation in browser + // possible iframe vulns? + if (pendingArr.length) { + if (scope.iframe) { + location.href = query.redirect_uri + '#error=access_denied&error_description=' + + encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted") + + '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED'); + return; + } + + updateAccepted(); + return grant; + } + else if ('token' === query.response_type) { + generateToken(account, grant, query).then(function (token) { + location.href = query.redirect_uri + '#token=' + token; + }); + return; + } + else if ('code' === query.response_type) { + // NOTE + // A client secret may never be exposed in a client + // A code always requires a secret + // Therefore this redirect_uri will always be to a server, not a local page + generateCode(account, grant, query).then(function () { + location.href = query.redirect_uri + '?code=' + code; + }); + return; + } else { + location.href = query.redirect_uri + '#error=E_UNKNOWN_RESPONSE_TYPE&error_description=' + + encodeURIComponent("The '?response_type=' parameter must be set to either 'token' or 'code'.") + + '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_UNKNOWN_RESPONSE_TYPE'); + return; + } + }); + } + + function redirectToFailure() { + var redirectUri = $location.search().redirect_uri; + + var parser = document.createElement('a'); + parser.href = redirectUri; + if (parser.search) { + parser.search += '&'; + } else { + parser.search += '?'; + } + parser.search += 'error=E_NO_SESSION'; + redirectUri = parser.href; + + window.location.href = redirectUri; + } + + function initAccount(session, query, origin) { + return LdsApiRequest.getAccountSummaries(session).then(function (accounts) { + var account = LdsApiSession.selectAccount(session); + var profile; + + scope.accounts = accounts.map(function (account) { + return account.profile.me; + }); + accounts.some(function (a) { + if (LdsApiSession.getId(a) === LdsApiSession.getId(account)) { + profile = a.profile; + a.selected = true; + return true; + } + }); + + if (profile.me.photos[0]) { + if (!profile.me.photos[0].appScopedId) { + // TODO fix API to ensure corrent id + profile.me.photos[0].appScopedId = profile.me.appScopedId || profile.me.app_scoped_id; + } + } + profile.me.photo = profile.me.photos[0] && LdsApiRequest.photoUrl(account, profile.me.photos[0], 'medium'); + scope.account = profile.me; + + scope.token = $stateParams.token; + + /* + scope.accounts.push({ + displayName: 'Login as a different user' + , new: true + }); + */ + + //return determinePermissions(session, account); + return getAccountPermissions(account, query, origin).then(function () { + // do nothing? + scope.selectedAccount = session; //.account; + scope.previousAccount = session; //.account; + scope.updateScope(); + }, function (err) { + if (/logged in/.test(err.message)) { + return LdsApiSession.destroy().then(function () { + init(); + }); + } + + if ('E_INVALID_TRANSACTION' === err.code) { + window.alert(err.message); + return; + } + + console.warn("[ldsconnect.org] [authorization-dialog] ERROR somewhere in oauth process"); + console.warn(err); + window.alert(err.message); + }); + }); + } + + function init() { + scope.iframe = isIframe(); + var query = $location.search(); + var referrer = $window.document.referer || $window.document.origin; + // TODO XXX this should be drawn from site-specific config + var apiHost = 'https://oauth3.org'; + + // if the client didn't specify an id the client is the referrer + if (!query.client_id) { + // if we were redirect here by our own apiHost we can trust the host as the client_id + // (and it will be checked against allowed urls anyway) + if (referrer === apiHost) { + query.client_id = ('https://' + query.host); + } else { + query.client_id = referrer; + } + } + + // TODO XXX to allow or to disallow mounted apps, that is the question + // https://example.com/blah/ -> example.com/blah + query.client_id = query.client_id.replace(/^https?:\/\//i, '').replace(/\/$/, ''); + + if (scope.iframe) { + return LdsApiSession.checkSession().then(function (session) { + if (session.accounts.length) { + // TODO make sure this fails / notifies + return initAccount(session, query, origin); + } else { + // TODO also notify to bring to front + redirectToFailure(); + } + }); + } + + // session means both login(s) and account(s) + return LdsApiSession.requireSession( + // role + null + // TODO login opts (these are hypothetical) + , { close: false + , options: ['login', 'create'] + , default: 'login' + } + // TODO account opts + , { verify: ['email', 'phone'] + } + , { clientId: query.clientId + } + ).then(function (session) { + initAccount(session, query, origin) + }); + } + + init(); + + // I couldn't figure out how to get angular to bubble the event + // and the oauth2orize framework didn't seem to work with json form uploads + // so I dropped down to quick'n'dirty jQuery to get it all to work + scope.hackFormSubmit = function (opts) { + scope.submitting = true; + scope.cancelHack = !opts.allow; + scope.authorizationDecisionUri = LdsApiConfig.providerUri + '/api/oauth3/authorization_decision'; + scope.updateScope(); + + $window.jQuery('form.js-hack-hidden-form').attr('action', scope.authorizationDecisionUri); + + // give time for the apply to take place + $timeout(function () { + $window.jQuery('form.js-hack-hidden-form').submit(); + }, 50); + }; + scope.allowHack = function () { + scope.hackFormSubmit({ allow: true }); + }; + scope.rejectHack = function () { + scope.hackFormSubmit({ allow: false }); + }; + }]); diff --git a/scripts/controllers/lds-account.js b/scripts/controllers/lds-account.js new file mode 100644 index 0000000..5cf4edb --- /dev/null +++ b/scripts/controllers/lds-account.js @@ -0,0 +1,55 @@ +'use strict'; + +angular.module('yololiumApp') + .controller('LdsAccountController', [ + '$scope' + , '$q' + , '$timeout' + , '$http' + , '$modalInstance' + , 'realLdsAccount' + , 'DaplieApiConfig' + , 'DaplieApiSession' + , 'mySession' + , 'myProfile' + , 'myOptions' + , function ( + $scope + , $q + , $timeout + , $http + , $modalInstance + , LdsAccount // prevent circular reference + , DaplieApiConfig + , DaplieApiSession + , account // session doubles as account + , profile + //, opts + ) { + var scope = this; + + scope.me = profile.me; + + console.log("DEBUG xyz-account profile", profile); + + scope.markAsChecked = function () { + console.log('DEBUG mark as checked account'); + console.log(account); + return $http.post( + DaplieApiConfig.providerUri + '/api/io.lds/accounts/' + account.id + '/mark-as-checked' + , null + , { headers: { 'Authorization': 'Bearer ' + account.token } } + ).then(function (resp) { + if (!resp.data || resp.data.error || !resp.data.success) { + scope.flashMessage = (resp.data && resp.data.error) || "Failed to mark account as checked."; + scope.flashMessageClass = 'alert-danger'; + return; + } + + account.userVerifiedAt = new Date().toISOString(); + + // pass back anything? + return $modalInstance.close(); + }); + }; + }]); diff --git a/scripts/controllers/login-v3.js b/scripts/controllers/login-v3.js new file mode 100644 index 0000000..fc0cf22 --- /dev/null +++ b/scripts/controllers/login-v3.js @@ -0,0 +1,402 @@ +'use strict'; + +angular.module('yololiumApp') + .controller('LoginController3', [ + '$scope' + , '$q' + , '$timeout' + , '$modalInstance' + , 'Oauth3' + , 'DaplieApiSession' + , 'DaplieApiRequest' + , 'LdsAccount' + , 'myLoginOptions' + , function ( + $scope + , $q + , $timeout + , $modalInstance + , Oauth3 + , Oauth3ApiSession + , Oauth3ApiRequest + , LdsAccount + , opts + ) { + opts = opts || {}; + var scope = this; + var secretMinLen = scope.secretMinLength = Oauth3ApiSession.secretMinLength; + //var usernameMinLen = Oauth3ApiSession.usernameMinLength; + var mySession; + + scope.hideSocial = opts.hideSocial; + scope.flashMessage = opts.flashMessage; + scope.flashMessageClass = opts.flashMessageClass; + + scope.delta = { localLogin: {} }; + + function onDaplieLogin(oauth3Session) { + console.log('DEBUG onLogin'); + console.log(oauth3Session); + // TODO if there is not a default account, show user-switching screen + // this will close both on user/pass and social login + scope.flashMessage = "You've logged in. Please wait while we download some ward and stake data..."; + scope.flashMessageClass = 'alert-info'; + return Oauth3ApiRequest.profile(oauth3Session).then(function (profile) { + console.log('DEBUG profile'); + console.log(profile); + + $modalInstance.close(oauth3Session); + /* + return LdsAccount.verifyAccount(ldsSession, profile).then(function () { + scope.flashMessage = "Done!"; + scope.flashMessageClass = 'alert-success'; + console.log('DEBUG verifiedAccount'); + $modalInstance.close(ldsSession); + }); + */ + }); + } + + function handleLoginException(err) { + scope.formState = 'login'; + + console.error("[Uknown Error] Either 'resource owner password' or 'delegated' login"); + console.warn(err.stack); + scope.flashMessage = err.message || err.code; + scope.flashMessageClass = "alert-danger"; + } + + function handleSuccess(session) { + return Oauth3ApiSession.requireAccount(session).then(onDaplieLogin, function (err) { + if ('E_NO_LDSACCOUNT' !== err.code) { + throw err; + } + + scope.hideSocial = true; + scope.flashMessage = err.message; + scope.flashMessageClass = "alert-warning"; + }).catch(handleLoginException); + } + + function handleLoginError(err) { + console.error('handleLoginError'); + console.error(err); + console.warn(err.stack); + if (!err.message) { + throw err; + } + + scope.formState = 'login'; + + scope.flashMessage = err.message || err.code; + scope.flashMessageClass = "alert-warning"; + + throw err; + } + + scope.loginStrategies = [ + { label: 'Facebook' + , name: 'facebook' + , faImage: "" + , faClass: "fa-facebook" + , btnClass: "btn-facebook" + , login: function () { + var providerUri = (window.location.host + window.location.pathname).replace(/\/$/g, ''); + var providerApiUri = 'https://oauth3.org'; + + return Oauth3ApiSession.login({ + providerUri: providerUri // 'daplie.com/connect' + , scope: [ 'email' ] + , redirectUri: 'https://' + providerUri + '/oauth3.html' + , popup: true + // TODO XXX use whatever variable it is for apiHost + , authorizationRedirect: providerApiUri + '/api/org.oauth3.consumer/authorization_redirect/facebook.com' + }).then(handleSuccess, handleLoginError).catch(handleLoginException); + } + } + , { label: 'Google+' + , name: 'google' + , faImage: "" + , faClass: "fa-google-plus" + , btnClass: "btn-google-plus" + , login: function () { + return Oauth3ApiSession.logins.authorizationRedirect({ + providerUri: 'google.com' + , scope: [ 'https://www.googleapis.com/auth/plus.login' ] + , redirectUri: 'https://beta.ldsconnect.org/oauth3.html' + , popup: true + }).then(handleSuccess, handleLoginError).catch(handleLoginException); + } + } + + /* + , { label: 'LDS.org Account' + , faImage: "images/moroni-128px.png" + , faClass: "" + , btnClass: "openid" + , login: scope.loginWithLdsconnect + } + */ + ]; + + scope.hideSocial = opts.hideSocial; + scope.flashMessage = opts.flashMessage; + scope.flashMessageClass = opts.flashMessageClass; + + // This dialog is opened to update necessary account details + // It should be passed options to inform the dialog which + // missing fields are necessary to show at this time + // + // Examples: + // we want to get facebook but haven't connected yet, so we should show the connection dialog + // we just logged in for the first time and don't have an account or a local login + function onLogout() { + scope.session = null; + scope.account = null; + scope.accounts = null; + } + + function onLogin(session) { + // session is always ensured as part of login + mySession = session; + + var defaultAction = ''; + var emails = []; + + scope.account = scope.account || mySession.account || {}; + if (scope.account.id) { + defaultAction = 'update'; + } + + scope.formAction = scope.formAction || defaultAction; + + scope.account = scope.account || {}; + scope.delta = scope.delta || {}; + scope.deltaEmail = { type: 'email' }; + scope.deltaPhone = { type: 'phone' }; + scope.delta.localLogin = scope.delta.localLogin || {}; + scope.logins = mySession.logins.map(function (login) { + return { + comment: ('local' === (login.provider || login.type)) ? (login.uid || 'username') : login.provider + , id: login.id + , uid: login.uid + , provider: login.provider + , type: login.type + , link: true + }; + }); + + mySession.logins.some(function (login) { + if ('local' === (login.type || login.provider)) { + scope.account.localLoginId = login.id; + scope.delta.localLogin.id = login.id; + } + }); + + // login is always ensured prior to account + mySession.logins.forEach(function (l) { + (l.emails||[]).forEach(function (email) { + if (email && email.value) { + emails.push(email); + } + }); + }); + + // TODO combo box for creating new logins + scope.emails = emails; + scope.deltaEmail.node = (emails[0] || {}).value; + + if (!scope.deltaEmail.node) { + mySession.logins.some(function (login) { + scope.deltaEmail.node = (login.emails && login.emails[0] || {}).value; + return scope.deltaEmail.node; + }); + } + + /* + if (mySession.logins.length) { + scope.formAction = 'create'; + } + */ + + // TODO check mySession + if (mySession.logins.length >= 2) { + scope.recoverable = true; + } + } + + scope.checkTotp = function (nodeObj) { + var tokenLen = 6; + var len = (nodeObj.totp||'').replace(/\D/g, '').length; + + if (len === tokenLen) { + nodeObj.totpMessage = 'So far, so good.'; + return; + } + + nodeObj.totpMessage = 'Token is too short ' + + len + '/' + tokenLen + + ' (needs to be ' + tokenLen + '+ digits)' + ; + }; + scope.checkSecret = function (nodeObj) { + var len = (nodeObj.secret||'').length; + var meetsLen = (len >= secretMinLen); + + if (meetsLen) { + nodeObj.secretMessage = 'Login when ready, captain!'; + return; + } + + nodeObj.secretMessage = 'Passphrase is too short ' + + len + '/' + secretMinLen + + ' (needs to be ' + secretMinLen + '+ characters)' + ; + }; + + scope.submitLogin = function (nodeObj) { + var promise; + scope.flashMessage = ""; + scope.flashMessageClass = "alert-danger"; + + if (scope._loginPromise) { + promise = scope._loginPromise; + } else { + promise = $q.when(); + } + + // TODO this must be implemented in all platforms + nodeObj.secret = nodeObj.secret.trim(); + + console.log('submitLogin nodeObj', nodeObj); + if ('create' === scope.formState) { + nodeObj.kdf = 'PBKDF2'; + nodeObj.bits = 128; + nodeObj.algo = 'SHA-256'; + nodeObj.iter = Math.floor(Math.random() * 100) + 1001; + } + + promise = window.getProofOfSecret(nodeObj); + + if ('create' === scope.formState) { + // TODO redo soft check + // TODO move to OAuth3 + return promise.then(function (kdf) { + kdf.secret = null; + //console.log('Oauth3.logins', Object.keys(Oauth3.logins)); + return Oauth3ApiSession.createLogin(kdf.node, kdf.type || 'email', null, { + kdf: kdf.kdf + , algo: kdf.algo + //, hash: kdf.algo + , iter: kdf.iter + , bits: kdf.bits + , salt: kdf.salt + , proof: kdf.proof + //, shadow: kdf.proof + }, null); + }); + } + + return promise.then(function (kdf) { + // TODO change the state to authenticating for social logins as well + scope.formState = 'authenticating'; + // ALL THE SCOPES!!! + // TODO + //return Oauth3.requests.resourceOwnerPassword('https://daplie.com/connect', nodeObj.node, kdf.proof, { scope: '*', appId: 'ID__b5db805e27cc27a0ee8eddf42f46' }).then(function (session) { + return Oauth3ApiSession.login({ + username: nodeObj.node + //, usernameType: nodeObj.nodeType + , password: kdf.proof + , totp: nodeObj.totp + //, mfa: kdf.mfa + , scope: '*' + }).then(function (session) { + console.log('[session]', session); + if (session.error) { + throw new Error("no oauth3 session"); + } + return Oauth3ApiSession.requireAccount(session).then(onDaplieLogin); + }, handleLoginError).catch(handleLoginException); + }); + }; + + scope.checkLdsLogin = function (nodeObj) { + var username; + var myPromise; + var nameError; + + scope.formState = 'login'; + nodeObj.claimable = false; + nodeObj.message = ''; + scope.flashMessage = ''; + scope.flashMessageClass = "alert-warning"; + username = nodeObj.node; + + $timeout.cancel(scope._loginTimeout); + + if (!username || 'null' === username || 'undefined' === username) { + myPromise = false; + scope.formState = 'invalid'; + nodeObj.message = ''; + return; + } + + // returns true or error object + nameError = Oauth3ApiSession.validateUsername(nodeObj.node); + if (nameError.message) { + myPromise = false; + scope.formState = 'invalid'; + nodeObj.message = nameError.message; + return; + } + + nodeObj.message = 'Checking username...'; + myPromise = scope._loginTimeout = $timeout(function () { + scope._loginPromise = Oauth3ApiSession.getMeta(nodeObj.node, nodeObj.type || 'email').then(function (kdf) { + // kdf + nodeObj.kdf = kdf.kdf; + nodeObj.algo = kdf.algo; + nodeObj.bits = kdf.bits; + nodeObj.iter = kdf.iter; + nodeObj.salt = kdf.salt; + scope.showTotp = kdf.totpEnabledAt || kdf.totpEnabled || kdf.totp; + + myPromise = false; + nodeObj.message = "'" + username + "' is already registered." + + ' Welcome back!' + ; + scope.formState = 'login'; + }, function () { + // TODO test that error is simply not exists + // and not a server error + if (myPromise !== scope._loginTimeout) { + return; + } + + scope.formState = 'create'; + nodeObj.message = "'" + username + "' is available!"; + }).catch(function (err) { + nodeObj.message = ''; + + scope.formState = 'login'; + scope.flashMessage = "[Uknown Error] " + err.message + + " (might need to wait a minute and try again)"; + scope.flashMessageClass = "alert-danger"; + throw err; + }); + }, 250); + + return scope._loginTimeout; + }; + + // + // Begin + // + //Oauth3ApiSession.onLogin($scope, onDaplieLogin); + Oauth3ApiSession.onLogout($scope, onLogout); + //Oauth3ApiSession.checkSession().then(onDaplieLogin, onLogout); + if (false) { + // prevent lint warnings until I figure out how I'll use this + onLogin(); + } + }]); diff --git a/scripts/controllers/my-account.js b/scripts/controllers/my-account.js new file mode 100644 index 0000000..2915886 --- /dev/null +++ b/scripts/controllers/my-account.js @@ -0,0 +1,47 @@ +'use strict'; + +angular.module('yololiumApp') + .controller('MyAccountController', [ + '$scope' + , '$location' + , '$http' + , 'DaplieApiConfig' + , 'DaplieApiSession' + , 'DaplieApiRequest' + //, 'LdsAccount' + , function ($scope, $location, $http, DaplieApiConfig, DaplieApiSession, DaplieApiRequest, LdsAccount) { + var scope = this; + + function init(session) { + if (!session || session.message) { + scope.session = null; + scope.account = null; + scope.accounts = null; + $location.url('/'); + return; + } + + scope.session = session; + scope.accounts = session.accounts; + scope.account = DaplieApiSession.account(session); + + console.log('session', session); + return DaplieApiRequest.profile(session).then(function (profile) { + return LdsAccount.verifyAccount(session, profile); + }); + } + + scope.showLoginModal = function () { + // TODO profile manager + return DaplieApiSession.openAuthorizationDialog(); + }; + + scope.logout = function () { + // TODO which token(s) to destroy? + return DaplieApiSession.logout(); + }; + + DaplieApiSession.checkSession().then(init, init).catch(init); + DaplieApiSession.onLogin($scope, init); + DaplieApiSession.onLogout($scope, init); + }]); diff --git a/scripts/controllers/nav.js b/scripts/controllers/nav.js new file mode 100644 index 0000000..d8e09db --- /dev/null +++ b/scripts/controllers/nav.js @@ -0,0 +1,38 @@ +'use strict'; + +angular.module('yololiumApp') + .controller('NavController', [ + '$scope' + , '$http' + , 'DaplieApiConfig' + , 'DaplieApiSession' + , function ($scope, $http, DaplieApiConfig, DaplieApiSession) { + var scope = this; + + function init(session) { + if (!session || session.message) { + scope.session = null; + scope.account = null; + scope.accounts = null; + return; + } + + scope.session = session; + scope.accounts = session.accounts; + scope.account = DaplieApiSession.account(session); + } + + scope.showLoginModal = function () { + // TODO profile manager + return DaplieApiSession.openAuthorizationDialog(); + }; + + scope.logout = function () { + // TODO which token(s) to destroy? + return DaplieApiSession.logout(); + }; + + DaplieApiSession.checkSession().then(init, init).catch(init); + DaplieApiSession.onLogin($scope, init); + DaplieApiSession.onLogout($scope, init); + }]); diff --git a/scripts/controllers/verify-contact-details.js b/scripts/controllers/verify-contact-details.js new file mode 100644 index 0000000..1c57150 --- /dev/null +++ b/scripts/controllers/verify-contact-details.js @@ -0,0 +1,103 @@ +'use strict'; + +angular.module('yololiumApp') + .controller('VerifyContactDetailsController', [ + '$scope' + , '$q' + , '$modalInstance' + , 'myLdsAccount' + , 'ldsAccountObject' + , 'ldsAccountOptions' + , function ( + $scope + , $q + , $modalInstance + , myLdsAccount + , account + /* + , opts + */ + ) { + var scope = this; + + scope.phone = account.phone; + scope.email = account.email; + + scope.codes = {}; + scope.validationErrorMessages = {}; + + scope.codes.phone = localStorage.getItem('phoneCode'); + scope.codes.email = localStorage.getItem('emailCode'); + + scope.sendCode = function (type, node) { + // TODO needs to get expire time (and store in localStorage) + myLdsAccount.getCode(account, type, node).then(function (data) { + scope.codes[type] = data.uuid; + localStorage.setItem(type + 'Code', data.uuid); + }, function (err) { + window.alert(err.message || 'unknown error'); + }); + }; + + //scope.validateCode = function (type, node, uuid, code); + scope.validateCode = function (code) { + var type; + var node; + var uuid; + var rePhoneCode = /^\s*(\d{3})[-\s]*(\d{3})\s*$/; + var reEmailCode = /^\s*(\w+)[-\s]+(\w+)[-\s]+(\d+)\s*$/; + var m; + code = code.trim(); + + if (rePhoneCode.test(code)) { + m = code.match(rePhoneCode); + type = 'phone'; + node = account.phone; + uuid = scope.codes[type]; + code = m[1] + '-' + m[2]; + } else if (reEmailCode.test(code)) { + m = code.match(reEmailCode); + type = 'email'; + node = account.email; + uuid = scope.codes[type]; + code = m[1] + '-' + m[2] + '-' + m[3]; + } else { + throw new Error("unexpected code type"); + } + + function showError(err) { + console.error("[ERROR] in verify contact:"); + console.log(err); + scope.validationErrorMessages[type] = err.message + || (type + ' code validation failed, Double check and try again') + ; + } + + return myLdsAccount.validateCode(account, type, node, uuid, code).then(function (data) { + if (data.error) { + scope.validationErrorMessages[type] = "Code didn't validate"; + showError(data.error); + return; + } + + if (!data.validated) { + console.error("[ERROR] in verify contact validate:"); + console.error(data); + scope.validationErrorMessages[type] = "Code didn't validate"; + showError({ message: "Code didn't validate" }); + return; + } + + scope.validationErrorMessages[type] = ''; + localStorage.removeItem(type + 'Code'); + + scope[type + 'Verified'] = true; + account[type + 'VerifiedAt'] = new Date().toISOString(); + }, showError); + }; + + scope.verifyAccount = function () { + // TODO refresh session StSession.get({ expire: true }) + $modalInstance.close(); + }; + }]); diff --git a/scripts/daplie-pbkdf2.js b/scripts/daplie-pbkdf2.js new file mode 100644 index 0000000..15048f5 --- /dev/null +++ b/scripts/daplie-pbkdf2.js @@ -0,0 +1,141 @@ +(function () { + 'use strict'; + + var hashMap = { + 'md5': 'MD5' + , 'sha1': 'SHA-1' + , 'sha256': 'SHA-256' + , 'sha384': 'SHA-384' + , 'sha512': 'SHA-512' + //, 'sha3': 'SHA-3' + }; + + function getForgeProof(nodeObj) { + return new Promise(function (resolve, reject) { + var kdf = { + node: nodeObj.node + , type: nodeObj.type + , kdf: 'PBKDF2' + , algo: nodeObj.algo || 'SHA-256' + , bits: nodeObj.bits || 128 + , iter: nodeObj.iter || Math.floor(Math.random() * 100) + 1001 + , salt: null + }; + + // generate a password-based 16-byte key + // note an optional message digest can be passed as the final parameter + if (nodeObj.salt) { + kdf.salt = Unibabel.bufferToBinaryString(Unibabel.hexToBuffer(nodeObj.salt)); + } else { + // uses binary string + kdf.salt = forge.random.getBytesSync(16); + } + + // kdf.proof = forge.pkcs5.pbkdf2(nodeObj.secret, kdf.salt, kdf.iter, kdf.byteLen); + + // generate key asynchronously + forge.pkcs5.pbkdf2( + nodeObj.secret + , kdf.salt + , kdf.iter // 100 + , (kdf.bits / 8) // 16 + , kdf.algo.replace(/\-/g, '').toLowerCase() // sha256 + , function(err, derivedKey) { + // do something w/derivedKey + if (err) { + reject(err); + return; + } + + kdf.salt = Unibabel.bufferToHex(Unibabel.binaryStringToBuffer(kdf.salt)); + kdf.proof = Unibabel.bufferToHex(Unibabel.binaryStringToBuffer(derivedKey)); + + resolve(kdf); + }); + }); + } + + function getWebCryptoProof(nodeObj) { + if (!window.crypto) { + return new Promise(function (resolve, reject) { + reject(new Error("Web Crypto Not Implemented")); + }); + } + + var crypto = window.crypto; + var Unibabel = window.Unibabel; + var kdf = { + node: nodeObj.node + , type: nodeObj.type + , kdf: 'PBKDF2' + , algo: hashMap[nodeObj.algo] || (nodeObj.algo || 'SHA-256').toUpperCase().replace(/SHA-?/, 'SHA-') + , bits: nodeObj.bits || 128 + , iter: nodeObj.iter || Math.floor(Math.random() * 100) + 1001 + , salt: null + }; + + // generate a password-based 16-byte key + // note an optional message digest can be passed as the final parameter + if (nodeObj.salt) { + kdf.salt = Unibabel.hexToBuffer(nodeObj.salt); + } else { + // uses binary string + kdf.salt = crypto.getRandomValues(new Uint8Array(16)); + } + // 100 - probably safe even on a browser running from a raspberry pi using pure js ployfill + // 10000 - no noticeable speed decrease on my MBP + // 100000 - you can notice + // 1000000 - annoyingly long + // something a browser on a raspberry pi or old phone could do + var aesname = "AES-CBC"; // AES-CTR is also popular + var extractable = true; + + // First, create a PBKDF2 "key" containing the passphrase + return crypto.subtle.importKey( + "raw", + Unibabel.utf8ToBuffer(nodeObj.secret), + { "name": kdf.kdf }, + false, + ["deriveKey"]). + // Derive a key from the password + then(function (passphraseKey) { + var keyconf = { + "name": kdf.kdf + , "salt": kdf.salt + , "iterations": kdf.iter + , "hash": kdf.algo + }; + return crypto.subtle.deriveKey( + keyconf + , passphraseKey + // required to be 128 or 256 bits + , { "name": aesname, "length": kdf.bits } // Key we want + , extractable // Extractble + , [ "encrypt", "decrypt" ] // For new key + ); + }). + // Export it so we can display it + then(function (aesKey) { + return crypto.subtle.exportKey("raw", aesKey).then(function (arrbuf) { + kdf.salt = Unibabel.bufferToHex(kdf.salt); + kdf.proof = Unibabel.bufferToHex(new Uint8Array(arrbuf)); + + return kdf; + }); + }); + /*. + catch(function (err) { + window.alert("Key derivation failed: " + err.message); + }); + */ + } + + // kdf, algo, iter, bits, secret + window.getProofOfSecret = function (opts) { + return getWebCryptoProof(opts).then(function (data) { + return data; + }, function (err) { + return getForgeProof(opts); + }); + }; +}()); diff --git a/scripts/daplie.js b/scripts/daplie.js new file mode 100644 index 0000000..2415b9e --- /dev/null +++ b/scripts/daplie.js @@ -0,0 +1,243 @@ +'use strict'; + +window.addEventListener('error', function (err) { + console.error("Uncaught Exception:"); + console.log(err); +}); + +// TODO where to place this? +var urlPrefix = './'; // or '/' + +angular.module('yololiumApp', [ + 'ui.bootstrap' +, 'ui.router' +, 'oauth3' +, 'daplie' +, 'steve' +/* + 'ngSanitize' +*/ +]).config([ + '$urlRouterProvider' + , '$stateProvider' + , '$httpProvider' + , 'stConfig' + , function ($urlRouterProvider, $stateProvider, $httpProvider, StApi) { + var rootTemplate = $('.ui-view-body').html(); + + // https://daplie.com/connect/#/authorization_dialog/state=9124678613152355&response_type=token&scope=*&client_id=ID__1a503bda47a3fe3a00543166333f&redirect_uri=https://oauth3.org/oauth3.html%3Fprovider_uri=https%253A%252F%252Foauth3.org&origin=&referer=https://oauth3.org/&host=oauth3.org + //$urlRouterProvider.otherwise('/'); + $stateProvider + .state('root', { + url: '/' + , views: { + body: { + template: rootTemplate + , controller: [ + '$scope' + , 'DaplieApiSession' + , 'DaplieApiRequest' + , function ($scope, DaplieApiSession, DaplieApiRequest) { + var MC = this; + + MC.urlsafe = function (name) { + return name.toLowerCase().replace(/[^\-\w]/, '').replace(/s$/, ''); + }; + + function prefetch(session) { + console.log('DEBUG prefetch'); + // Prefetching + return DaplieApiRequest.profile(session).then(function (profile) { + console.log('DEBUG profile'); + console.log(profile); + //DaplieApiRequest.stake(session, profile.homeStakeAppScopedId); + //DaplieApiRequest.ward(session, profile.homeStakeAppScopedId, profile.homeWardAppScopedId); + }); + } + + DaplieApiSession.checkSession(prefetch); + DaplieApiSession.onLogin($scope, prefetch); + }] + , controllerAs: 'MC' + } + } + }) + + .state('logout', { + url: '/logout/:browserState' + , views: { + body: { + template: '' + // DestroySessionController + , controller: [ + '$window' + , '$stateParams' + , 'DaplieApiSession' + , function ($window, $stateParams, DaplieApiSession) { + DaplieApiSession.destroy().then(function () { + var state = $stateParams.browserState; + $window.location.href = '/oauth3.html#logout_callback=true&state=' + state; + }); + }] + , controllerAs: 'DSC' + } + } + + }) + + /* + .state('authorization-dialog', { + url: '/authorization_dialog/{query:.+}' + , views: { + body: { + templateUrl: urlPrefix + 'views/authorization-dialog.html' + , controller: 'AuthorizationDialogController as ADC' + } + } + }) + */ + .state('authorization-dialog', { + url: '/authorization_dialog/' + , views: { + body: { + templateUrl: urlPrefix + 'views/authorization-dialog.html' + , controller: 'AuthorizationDialogController as ADC' + } + } + }) + + .state('account', { + url: '/account/' + , views: { + body: { + templateUrl: urlPrefix + 'views/my-account.html' + , controller: 'MyAccountController as MAC' + } + } + }) + ; + + // send creds + $httpProvider.defaults.withCredentials = true; + // alternatively, register the interceptor via an anonymous factory? + $httpProvider.interceptors.push([ '$q', function($q) { + var recase = window.Recase.create({ exceptions: {} }); + + function isApiUrl(url) { + // TODO provide a list of known-good API urls in StApi and loop + return !/^https?:\/\//.test(url) + || url.match(StApi.apiPrefix) + || url.match(StApi.oauthPrefix) + ; + } + + return { + 'request': function (config) { + if (config.data + && isApiUrl(config.url) + && /json/.test(config.headers['Content-Type']) + ) { + config.data = recase.snakeCopy(config.data); + } + + return config; + } + , 'requestError': function (rejection) { + return rejection; + } + , 'response': function (response) { + var config = response.config; + var err; + + // our own API is snake_case (to match webApi / ruby convention) + // but we convert to camelCase for javascript convention + if (isApiUrl(config.url) && /json/.test(response.headers('Content-Type'))) { + response.data = recase.camelCopy(response.data); + if ('string' === typeof response.data.error) { + err = new Error(response.data.errorDescription); + err.code = response.data.error; + err.uri = response.data.errorUri; + return $q.reject(err); + } + if ('object' === typeof response.data.error) { + err = new Error(response.data.error.message); + err.code = response.data.error.code; + err.uri = response.data.error.uri; + /* + Object.keys(response.data.error).forEach(function (key) { + err[key] = response.data.error[key]; + }); + */ + return $q.reject(err); + } + } + return response; + } + , 'responseError': function (rejection) { + return rejection; + } + }; + }]); + +}]).run([ + '$rootScope' + , '$timeout' + , '$q' + , '$http' + , '$modal' + , 'DaplieApi' + , 'DaplieApiSession' + , function ($rootScope, $timeout, $q, $http, $modal, DaplieApi, DaplieApiSession) { + + return DaplieApi.init({ + //appId: 'TEST_ID_871a371debefb91c919ca848' + //appId: 'ID__b5db805e27cc27a0ee8eddf42f46' + appId: 'oauth3.org' + , appVersion: '2.1.0' + , clientUri: 'oauth3.org' + , clientAgreeTos: 'oauth3.org/tos/draft' + , invokeLogin: function (opts) { + console.info('login invoked'); + return $modal.open({ + templateUrl: urlPrefix + 'views/login-v3.html' + , controller: 'LoginController3 as LC' + , backdrop: 'static' + , keyboard: true + , resolve: { + myLoginOptions: [function () { + return opts; + }] + } + }).result; + } + }).then(function (DaplieApiConfig) { + $rootScope.R = {}; + // attach after angular is initialized so that angular errors + // don't annoy developers that forgot bower install + window.addEventListener('error', function (err) { + window.alert('Uncaught Exception: ' + (err.message || 'unknown error')); + }); + + // TODO get from config + $http.get((DaplieApiConfig.apiBaseUri || DaplieApiConfig.providerUri) + + '/api/org.oauth3.provider' + '/public/apps' + ).then(function (resp) { + $rootScope.R.ready = true; + $rootScope.R.apps = resp.data.result.filter(function (app) { + return app.live; + }); + }); + + // normally we'd do a background login here, but daplie.com/connect is already + // is the provider, so no sense in doing that... + return DaplieApiSession.checkSession().then(function () { + $rootScope.rootReady = true; + $rootScope.rootDeveloperMode = DaplieApiConfig.developerMode; + $rootScope.R.dev = $rootScope.rootDeveloperMode; + }, function () { + $rootScope.rootReady = true; + $rootScope.rootDeveloperMode = DaplieApiConfig.developerMode; + $rootScope.R.dev = $rootScope.rootDeveloperMode; + }); + }); +}]); diff --git a/scripts/ga.js b/scripts/ga.js new file mode 100644 index 0000000..55b182d --- /dev/null +++ b/scripts/ga.js @@ -0,0 +1,8 @@ +(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ +(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), +m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) +})(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + +//ga('create', window.StClientConfig.googleAnalyticsUa, 'auto'); +ga('create', 'UA-39329678-2', 'auto'); +ga('send', 'pageview'); diff --git a/scripts/pbkdf2.forge.test.js b/scripts/pbkdf2.forge.test.js new file mode 100644 index 0000000..4d17204 --- /dev/null +++ b/scripts/pbkdf2.forge.test.js @@ -0,0 +1,49 @@ +(function () { + 'use strict'; + + // getProofOfSecret(salt, secret, iter) + function getProofOfSecret(nodeObj) { + // TODO test correctness + console.info('TODO test correctness of getProofOfSecret'); + var d = $q.defer(); + var kdf = { + node: nodeObj.node + , type: nodeObj.type + , kdf: 'PBKDF2' + , algo: 'SHA-256' + }; + + // generate a password-based 16-byte key + // note an optional message digest can be passed as the final parameter + if (nodeObj.salt) { + kdf.salt = Unibabel.bufferToBinaryString(Unibabel.hexToBuffer(nodeObj.salt)); + } else { + // uses binary string + kdf.salt = forge.random.getBytesSync(32); + } + kdf.iter = nodeObj.iter || Math.floor(Math.random() * 1000) + 1000; + kdf.byteLen = nodeObj.byteLen || 16; + + console.log('kdf.salt', kdf.salt); + + // kdf.proof = forge.pkcs5.pbkdf2(nodeObj.secret, kdf.salt, kdf.iter, kdf.byteLen); + + // generate key asynchronously + // note an optional message digest can be passed before the callback + forge.pkcs5.pbkdf2(nodeObj.secret, kdf.salt, kdf.iter, kdf.byteLen, 'sha256', function(err, derivedKey) { + // do something w/derivedKey + if (err) { + d.reject(err); + return; + } + + kdf.salt = Unibabel.bufferToHex(Unibabel.binaryStringToBuffer(kdf.salt)); + kdf.proof = Unibabel.bufferToHex(Unibabel.binaryStringToBuffer(derivedKey)); + console.log('kdf', kdf); + d.resolve(kdf); + }); + + return d.promise; + } + +}()); diff --git a/scripts/pbkdf2.webcrypto.test.js b/scripts/pbkdf2.webcrypto.test.js new file mode 100644 index 0000000..1ea26b5 --- /dev/null +++ b/scripts/pbkdf2.webcrypto.test.js @@ -0,0 +1,76 @@ +(function () { + 'use strict'; + + var crypto = window.crypto; + var Unibabel = window.Unibabel; + + function deriveKey(saltHex, passphrase, iter) { + var keyLenBits = 128; + var kdfname = "PBKDF2"; + var aesname = "AES-CBC"; // AES-CTR is also popular + // 100 - probably safe even on a browser running from a raspberry pi using pure js ployfill + // 10000 - no noticeable speed decrease on my MBP + // 100000 - you can notice + // 1000000 - annoyingly long + var iterations = iter || 100; // something a browser on a raspberry pi or old phone could do + var hashname = "SHA-256"; + var extractable = true; + + console.log(''); + console.log('passphrase', passphrase); + console.log('salt (hex)', saltHex); + //console.log('salt (hex)', Unibabel.bufferToHex(saltBuf)); + console.log('iterations', iterations); + console.log('keyLen (bytes)', keyLenBits / 8); + console.log('digest', hashname); + + // First, create a PBKDF2 "key" containing the password + return crypto.subtle.importKey( + "raw", + Unibabel.utf8ToBuffer(passphrase), + { "name": kdfname }, + false, + ["deriveKey"]). + // Derive a key from the password + then(function (passphraseKey) { + return crypto.subtle.deriveKey( + { "name": kdfname + , "salt": Unibabel.hexToBuffer(saltHex) + , "iterations": iterations + , "hash": hashname + } + , passphraseKey + // required to be 128 or 256 bits + , { "name": aesname, "length": keyLenBits } // Key we want + , extractable // Extractble + , [ "encrypt", "decrypt" ] // For new key + ); + }). + // Export it so we can display it + then(function (aesKey) { + return crypto.subtle.exportKey("raw", aesKey).then(function (arrbuf) { + return new Uint8Array(arrbuf); + }); + }). + catch(function (err) { + window.alert("Key derivation failed: " + err.message); + }); + } + + function test() { + // Part of the salt is application-specific (same on iOS, Android, and Web) + var saltHex = '942c2db750b5f57f330226b2b498c6d3'; + var passphrase = 'Pizzas are like children'; + //var passphrase = "I'm a ☢ ☃ who speaks 中国语文!"; + var iter = 1672; + + // NOTE: the salt will be truncated to the length of the hash algo being used + return deriveKey(saltHex, passphrase, iter).then(function (keyBuf) { + var hexKey = Unibabel.bufferToHex(keyBuf); + console.log('[TEST] hexKey'); + console.log(hexKey); + }); + } + + test(); +}()); diff --git a/scripts/services/lds-account.js b/scripts/services/lds-account.js new file mode 100644 index 0000000..5ea099a --- /dev/null +++ b/scripts/services/lds-account.js @@ -0,0 +1,141 @@ +'use strict'; + +/** + * @ngdoc service + * @name yololiumApp.LdsAccount + * @description + * # LdsAccount + * Service in the yololiumApp. + */ +angular.module('yololiumApp') + .service('LdsAccount', [ + '$q' + , '$http' + , '$modal' + , 'DaplieApiConfig' + , 'DaplieApiRequest' + , function LdsAccount($q, $http, $modal, DaplieApiConfig, DaplieApiRequest) { + // AngularJS will instantiate a singleton by calling "new" on this function + + var me = this; + + /* + function getWardClerkInfo(session, opts) { + // TODO check to see if this user is in the system + // if so, present them with the information to get + // their record number from the ward clerk + return $http.get(StApi.apiPrefix + '/ldsconnectv2/request-mrn/:emailOrPhone')q.when(); + } + */ + + me.showVerificationModal = function (account, opts) { + return $modal.open({ + templateUrl: '/views/verify-contact-details.html' + , controller: 'VerifyContactDetailsController as VCDC' + , backdrop: 'static' + , keyboard: false + , resolve: { + myLdsAccount: function () { + return me; + } + , ldsAccountObject: function () { + return account; + } + , ldsAccountOptions: function () { + return opts; + } + } + }).result; + }; + + me.showAccountModal = function (session, profile, opts) { + return DaplieApiRequest.profile(session).then(function () { + return $modal.open({ + templateUrl: '/views/lds-account.html' + , controller: 'LdsAccountController as LAC' + , backdrop: 'static' + , keyboard: false + , resolve: { + realLdsAccount: function () { + return me; + } + , mySession: function () { + return session; + } + , myProfile: function () { + return profile; + } + , myOptions: function () { + return opts; + } + } + }).result; + }); + }; + + me.verifyAccount = function (account, profile, opts) { + var recheckTime = (3 * 30 * 24 * 60 * 60 * 1000); + + var fresh; + + // TODO ISO timestamps + fresh = Date.now() - (new Date(account.userVerifiedAt).valueOf()) < recheckTime; + if (fresh) { + return $q.when(account); + } + + //opts.ldsStaleLoginInfo = login; + //return true; + // ask the user to re-verify their info + return me.showAccountModal(account, profile, opts).then(function () { + return me.verifyAccount(account, profile, opts); + }); + }; + + me.getCode = function (account, type, node) { + return $http.post(DaplieApiConfig.providerUri + '/api/ldsio/' + account.id + '/verify/code', { + type: type + , node: node + }).then(function (result) { + if (result.data.error) { + return $q.reject(result.data.error); + } + return result.data; + }); + }; + + me.validateCode = function (account, type, node, uuid, code) { + return $http.post(DaplieApiConfig.providerUri + '/api/ldsio/' + account.id + '/verify/code/validate', { + type: type + , node: node + , uuid: uuid + , code: code + }).then(function (result) { + if (result.data.error) { + return $q.reject(result.data.error); + } + + return result.data; + }); + }; + + me.isFresh = function (iso) { + var now = Date.now(); + var date = new Date(iso).valueOf(); + // 3 months - 3 days + var staleTime = (3 * 30 * 24 * 60 * 60 * 1000) - (3 * 24 * 60 * 60 * 1000); + var fresh = date && (now - date < staleTime); + + return fresh; + }; + + me.ensureVerified = function (account, opts) { + if (me.isFresh(account.emailVerifiedAt) && me.isFresh(account.phoneVerifiedAt)) { + return $q.when(); + } + + return me.showVerificationModal(account, opts); + }; + + return me; + }]); diff --git a/scripts/services/st-api.js b/scripts/services/st-api.js new file mode 100644 index 0000000..24cac68 --- /dev/null +++ b/scripts/services/st-api.js @@ -0,0 +1,32 @@ +'use strict'; + +/** + * @ngdoc service + * @name steve.StApi + * @description + * # StApi + * Service in the steve. + */ +(function () { + + var x = window.StClientConfig + ; + + x.googleAnalyticsToken = window.googleAnalyticsToken || 'UA-XXXXXXXX-1'; + // window.StApi + + x.loginConfig = x.loginConfig || { requireLocalLogin: true, minLogins: 1 }; + x.accountConfig = x.accountConfig || {}; + + angular.module('steve', []) + .constant('stConfig', x) + .service('StApi', function StApi() { + // AngularJS will instantiate a singleton by calling "new" on this function + var me = this + ; + + Object.keys(x).forEach(function (k) { + me[k] = x[k]; + }); + }); +}()); diff --git a/styles/bootstrap-social.min.css b/styles/bootstrap-social.min.css new file mode 100644 index 0000000..0bedcbe --- /dev/null +++ b/styles/bootstrap-social.min.css @@ -0,0 +1 @@ +.btn-social{position:relative;padding-left:44px;text-align:left;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.btn-social>:first-child{position:absolute;left:0;top:0;bottom:0;width:32px;line-height:34px;font-size:1.6em;text-align:center;border-right:1px solid rgba(0,0,0,0.2)}.btn-social.btn-lg{padding-left:61px}.btn-social.btn-lg :first-child{line-height:45px;width:45px;font-size:1.8em}.btn-social.btn-sm{padding-left:38px}.btn-social.btn-sm :first-child{line-height:28px;width:28px;font-size:1.4em}.btn-social.btn-xs{padding-left:30px}.btn-social.btn-xs :first-child{line-height:20px;width:20px;font-size:1.2em}.btn-social-icon{position:relative;padding-left:44px;text-align:left;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;height:34px;width:34px;padding:0}.btn-social-icon>:first-child{position:absolute;left:0;top:0;bottom:0;width:32px;line-height:34px;font-size:1.6em;text-align:center;border-right:1px solid rgba(0,0,0,0.2)}.btn-social-icon.btn-lg{padding-left:61px}.btn-social-icon.btn-lg :first-child{line-height:45px;width:45px;font-size:1.8em}.btn-social-icon.btn-sm{padding-left:38px}.btn-social-icon.btn-sm :first-child{line-height:28px;width:28px;font-size:1.4em}.btn-social-icon.btn-xs{padding-left:30px}.btn-social-icon.btn-xs :first-child{line-height:20px;width:20px;font-size:1.2em}.btn-social-icon :first-child{border:0;text-align:center;width:100%!important}.btn-social-icon.btn-lg{height:45px;width:45px;padding-left:0;padding-right:0}.btn-social-icon.btn-sm{height:30px;width:30px;padding-left:0;padding-right:0}.btn-social-icon.btn-xs{height:22px;width:22px;padding-left:0;padding-right:0}.btn-adn{color:#fff;background-color:#d87a68;border-color:rgba(0,0,0,0.2)}.btn-adn:hover,.btn-adn:focus,.btn-adn:active,.btn-adn.active,.open>.dropdown-toggle.btn-adn{color:#fff;background-color:#ce563f;border-color:rgba(0,0,0,0.2)}.btn-adn:active,.btn-adn.active,.open>.dropdown-toggle.btn-adn{background-image:none}.btn-adn.disabled,.btn-adn[disabled],fieldset[disabled] .btn-adn,.btn-adn.disabled:hover,.btn-adn[disabled]:hover,fieldset[disabled] .btn-adn:hover,.btn-adn.disabled:focus,.btn-adn[disabled]:focus,fieldset[disabled] .btn-adn:focus,.btn-adn.disabled:active,.btn-adn[disabled]:active,fieldset[disabled] .btn-adn:active,.btn-adn.disabled.active,.btn-adn[disabled].active,fieldset[disabled] .btn-adn.active{background-color:#d87a68;border-color:rgba(0,0,0,0.2)}.btn-adn .badge{color:#d87a68;background-color:#fff}.btn-bitbucket{color:#fff;background-color:#205081;border-color:rgba(0,0,0,0.2)}.btn-bitbucket:hover,.btn-bitbucket:focus,.btn-bitbucket:active,.btn-bitbucket.active,.open>.dropdown-toggle.btn-bitbucket{color:#fff;background-color:#163758;border-color:rgba(0,0,0,0.2)}.btn-bitbucket:active,.btn-bitbucket.active,.open>.dropdown-toggle.btn-bitbucket{background-image:none}.btn-bitbucket.disabled,.btn-bitbucket[disabled],fieldset[disabled] .btn-bitbucket,.btn-bitbucket.disabled:hover,.btn-bitbucket[disabled]:hover,fieldset[disabled] .btn-bitbucket:hover,.btn-bitbucket.disabled:focus,.btn-bitbucket[disabled]:focus,fieldset[disabled] .btn-bitbucket:focus,.btn-bitbucket.disabled:active,.btn-bitbucket[disabled]:active,fieldset[disabled] .btn-bitbucket:active,.btn-bitbucket.disabled.active,.btn-bitbucket[disabled].active,fieldset[disabled] .btn-bitbucket.active{background-color:#205081;border-color:rgba(0,0,0,0.2)}.btn-bitbucket .badge{color:#205081;background-color:#fff}.btn-dropbox{color:#fff;background-color:#1087dd;border-color:rgba(0,0,0,0.2)}.btn-dropbox:hover,.btn-dropbox:focus,.btn-dropbox:active,.btn-dropbox.active,.open>.dropdown-toggle.btn-dropbox{color:#fff;background-color:#0d6aad;border-color:rgba(0,0,0,0.2)}.btn-dropbox:active,.btn-dropbox.active,.open>.dropdown-toggle.btn-dropbox{background-image:none}.btn-dropbox.disabled,.btn-dropbox[disabled],fieldset[disabled] .btn-dropbox,.btn-dropbox.disabled:hover,.btn-dropbox[disabled]:hover,fieldset[disabled] .btn-dropbox:hover,.btn-dropbox.disabled:focus,.btn-dropbox[disabled]:focus,fieldset[disabled] .btn-dropbox:focus,.btn-dropbox.disabled:active,.btn-dropbox[disabled]:active,fieldset[disabled] .btn-dropbox:active,.btn-dropbox.disabled.active,.btn-dropbox[disabled].active,fieldset[disabled] .btn-dropbox.active{background-color:#1087dd;border-color:rgba(0,0,0,0.2)}.btn-dropbox .badge{color:#1087dd;background-color:#fff}.btn-facebook{color:#fff;background-color:#3b5998;border-color:rgba(0,0,0,0.2)}.btn-facebook:hover,.btn-facebook:focus,.btn-facebook:active,.btn-facebook.active,.open>.dropdown-toggle.btn-facebook{color:#fff;background-color:#2d4373;border-color:rgba(0,0,0,0.2)}.btn-facebook:active,.btn-facebook.active,.open>.dropdown-toggle.btn-facebook{background-image:none}.btn-facebook.disabled,.btn-facebook[disabled],fieldset[disabled] .btn-facebook,.btn-facebook.disabled:hover,.btn-facebook[disabled]:hover,fieldset[disabled] .btn-facebook:hover,.btn-facebook.disabled:focus,.btn-facebook[disabled]:focus,fieldset[disabled] .btn-facebook:focus,.btn-facebook.disabled:active,.btn-facebook[disabled]:active,fieldset[disabled] .btn-facebook:active,.btn-facebook.disabled.active,.btn-facebook[disabled].active,fieldset[disabled] .btn-facebook.active{background-color:#3b5998;border-color:rgba(0,0,0,0.2)}.btn-facebook .badge{color:#3b5998;background-color:#fff}.btn-flickr{color:#fff;background-color:#ff0084;border-color:rgba(0,0,0,0.2)}.btn-flickr:hover,.btn-flickr:focus,.btn-flickr:active,.btn-flickr.active,.open>.dropdown-toggle.btn-flickr{color:#fff;background-color:#cc006a;border-color:rgba(0,0,0,0.2)}.btn-flickr:active,.btn-flickr.active,.open>.dropdown-toggle.btn-flickr{background-image:none}.btn-flickr.disabled,.btn-flickr[disabled],fieldset[disabled] .btn-flickr,.btn-flickr.disabled:hover,.btn-flickr[disabled]:hover,fieldset[disabled] .btn-flickr:hover,.btn-flickr.disabled:focus,.btn-flickr[disabled]:focus,fieldset[disabled] .btn-flickr:focus,.btn-flickr.disabled:active,.btn-flickr[disabled]:active,fieldset[disabled] .btn-flickr:active,.btn-flickr.disabled.active,.btn-flickr[disabled].active,fieldset[disabled] .btn-flickr.active{background-color:#ff0084;border-color:rgba(0,0,0,0.2)}.btn-flickr .badge{color:#ff0084;background-color:#fff}.btn-foursquare{color:#fff;background-color:#f94877;border-color:rgba(0,0,0,0.2)}.btn-foursquare:hover,.btn-foursquare:focus,.btn-foursquare:active,.btn-foursquare.active,.open>.dropdown-toggle.btn-foursquare{color:#fff;background-color:#f71752;border-color:rgba(0,0,0,0.2)}.btn-foursquare:active,.btn-foursquare.active,.open>.dropdown-toggle.btn-foursquare{background-image:none}.btn-foursquare.disabled,.btn-foursquare[disabled],fieldset[disabled] .btn-foursquare,.btn-foursquare.disabled:hover,.btn-foursquare[disabled]:hover,fieldset[disabled] .btn-foursquare:hover,.btn-foursquare.disabled:focus,.btn-foursquare[disabled]:focus,fieldset[disabled] .btn-foursquare:focus,.btn-foursquare.disabled:active,.btn-foursquare[disabled]:active,fieldset[disabled] .btn-foursquare:active,.btn-foursquare.disabled.active,.btn-foursquare[disabled].active,fieldset[disabled] .btn-foursquare.active{background-color:#f94877;border-color:rgba(0,0,0,0.2)}.btn-foursquare .badge{color:#f94877;background-color:#fff}.btn-github{color:#fff;background-color:#444;border-color:rgba(0,0,0,0.2)}.btn-github:hover,.btn-github:focus,.btn-github:active,.btn-github.active,.open>.dropdown-toggle.btn-github{color:#fff;background-color:#2b2b2b;border-color:rgba(0,0,0,0.2)}.btn-github:active,.btn-github.active,.open>.dropdown-toggle.btn-github{background-image:none}.btn-github.disabled,.btn-github[disabled],fieldset[disabled] .btn-github,.btn-github.disabled:hover,.btn-github[disabled]:hover,fieldset[disabled] .btn-github:hover,.btn-github.disabled:focus,.btn-github[disabled]:focus,fieldset[disabled] .btn-github:focus,.btn-github.disabled:active,.btn-github[disabled]:active,fieldset[disabled] .btn-github:active,.btn-github.disabled.active,.btn-github[disabled].active,fieldset[disabled] .btn-github.active{background-color:#444;border-color:rgba(0,0,0,0.2)}.btn-github .badge{color:#444;background-color:#fff}.btn-google-plus{color:#fff;background-color:#dd4b39;border-color:rgba(0,0,0,0.2)}.btn-google-plus:hover,.btn-google-plus:focus,.btn-google-plus:active,.btn-google-plus.active,.open>.dropdown-toggle.btn-google-plus{color:#fff;background-color:#c23321;border-color:rgba(0,0,0,0.2)}.btn-google-plus:active,.btn-google-plus.active,.open>.dropdown-toggle.btn-google-plus{background-image:none}.btn-google-plus.disabled,.btn-google-plus[disabled],fieldset[disabled] .btn-google-plus,.btn-google-plus.disabled:hover,.btn-google-plus[disabled]:hover,fieldset[disabled] .btn-google-plus:hover,.btn-google-plus.disabled:focus,.btn-google-plus[disabled]:focus,fieldset[disabled] .btn-google-plus:focus,.btn-google-plus.disabled:active,.btn-google-plus[disabled]:active,fieldset[disabled] .btn-google-plus:active,.btn-google-plus.disabled.active,.btn-google-plus[disabled].active,fieldset[disabled] .btn-google-plus.active{background-color:#dd4b39;border-color:rgba(0,0,0,0.2)}.btn-google-plus .badge{color:#dd4b39;background-color:#fff}.btn-instagram{color:#fff;background-color:#3f729b;border-color:rgba(0,0,0,0.2)}.btn-instagram:hover,.btn-instagram:focus,.btn-instagram:active,.btn-instagram.active,.open>.dropdown-toggle.btn-instagram{color:#fff;background-color:#305777;border-color:rgba(0,0,0,0.2)}.btn-instagram:active,.btn-instagram.active,.open>.dropdown-toggle.btn-instagram{background-image:none}.btn-instagram.disabled,.btn-instagram[disabled],fieldset[disabled] .btn-instagram,.btn-instagram.disabled:hover,.btn-instagram[disabled]:hover,fieldset[disabled] .btn-instagram:hover,.btn-instagram.disabled:focus,.btn-instagram[disabled]:focus,fieldset[disabled] .btn-instagram:focus,.btn-instagram.disabled:active,.btn-instagram[disabled]:active,fieldset[disabled] .btn-instagram:active,.btn-instagram.disabled.active,.btn-instagram[disabled].active,fieldset[disabled] .btn-instagram.active{background-color:#3f729b;border-color:rgba(0,0,0,0.2)}.btn-instagram .badge{color:#3f729b;background-color:#fff}.btn-linkedin{color:#fff;background-color:#007bb6;border-color:rgba(0,0,0,0.2)}.btn-linkedin:hover,.btn-linkedin:focus,.btn-linkedin:active,.btn-linkedin.active,.open>.dropdown-toggle.btn-linkedin{color:#fff;background-color:#005983;border-color:rgba(0,0,0,0.2)}.btn-linkedin:active,.btn-linkedin.active,.open>.dropdown-toggle.btn-linkedin{background-image:none}.btn-linkedin.disabled,.btn-linkedin[disabled],fieldset[disabled] .btn-linkedin,.btn-linkedin.disabled:hover,.btn-linkedin[disabled]:hover,fieldset[disabled] .btn-linkedin:hover,.btn-linkedin.disabled:focus,.btn-linkedin[disabled]:focus,fieldset[disabled] .btn-linkedin:focus,.btn-linkedin.disabled:active,.btn-linkedin[disabled]:active,fieldset[disabled] .btn-linkedin:active,.btn-linkedin.disabled.active,.btn-linkedin[disabled].active,fieldset[disabled] .btn-linkedin.active{background-color:#007bb6;border-color:rgba(0,0,0,0.2)}.btn-linkedin .badge{color:#007bb6;background-color:#fff}.btn-microsoft{color:#fff;background-color:#2672ec;border-color:rgba(0,0,0,0.2)}.btn-microsoft:hover,.btn-microsoft:focus,.btn-microsoft:active,.btn-microsoft.active,.open>.dropdown-toggle.btn-microsoft{color:#fff;background-color:#125acd;border-color:rgba(0,0,0,0.2)}.btn-microsoft:active,.btn-microsoft.active,.open>.dropdown-toggle.btn-microsoft{background-image:none}.btn-microsoft.disabled,.btn-microsoft[disabled],fieldset[disabled] .btn-microsoft,.btn-microsoft.disabled:hover,.btn-microsoft[disabled]:hover,fieldset[disabled] .btn-microsoft:hover,.btn-microsoft.disabled:focus,.btn-microsoft[disabled]:focus,fieldset[disabled] .btn-microsoft:focus,.btn-microsoft.disabled:active,.btn-microsoft[disabled]:active,fieldset[disabled] .btn-microsoft:active,.btn-microsoft.disabled.active,.btn-microsoft[disabled].active,fieldset[disabled] .btn-microsoft.active{background-color:#2672ec;border-color:rgba(0,0,0,0.2)}.btn-microsoft .badge{color:#2672ec;background-color:#fff}.btn-openid{color:#fff;background-color:#f7931e;border-color:rgba(0,0,0,0.2)}.btn-openid:hover,.btn-openid:focus,.btn-openid:active,.btn-openid.active,.open>.dropdown-toggle.btn-openid{color:#fff;background-color:#da7908;border-color:rgba(0,0,0,0.2)}.btn-openid:active,.btn-openid.active,.open>.dropdown-toggle.btn-openid{background-image:none}.btn-openid.disabled,.btn-openid[disabled],fieldset[disabled] .btn-openid,.btn-openid.disabled:hover,.btn-openid[disabled]:hover,fieldset[disabled] .btn-openid:hover,.btn-openid.disabled:focus,.btn-openid[disabled]:focus,fieldset[disabled] .btn-openid:focus,.btn-openid.disabled:active,.btn-openid[disabled]:active,fieldset[disabled] .btn-openid:active,.btn-openid.disabled.active,.btn-openid[disabled].active,fieldset[disabled] .btn-openid.active{background-color:#f7931e;border-color:rgba(0,0,0,0.2)}.btn-openid .badge{color:#f7931e;background-color:#fff}.btn-pinterest{color:#fff;background-color:#cb2027;border-color:rgba(0,0,0,0.2)}.btn-pinterest:hover,.btn-pinterest:focus,.btn-pinterest:active,.btn-pinterest.active,.open>.dropdown-toggle.btn-pinterest{color:#fff;background-color:#9f191f;border-color:rgba(0,0,0,0.2)}.btn-pinterest:active,.btn-pinterest.active,.open>.dropdown-toggle.btn-pinterest{background-image:none}.btn-pinterest.disabled,.btn-pinterest[disabled],fieldset[disabled] .btn-pinterest,.btn-pinterest.disabled:hover,.btn-pinterest[disabled]:hover,fieldset[disabled] .btn-pinterest:hover,.btn-pinterest.disabled:focus,.btn-pinterest[disabled]:focus,fieldset[disabled] .btn-pinterest:focus,.btn-pinterest.disabled:active,.btn-pinterest[disabled]:active,fieldset[disabled] .btn-pinterest:active,.btn-pinterest.disabled.active,.btn-pinterest[disabled].active,fieldset[disabled] .btn-pinterest.active{background-color:#cb2027;border-color:rgba(0,0,0,0.2)}.btn-pinterest .badge{color:#cb2027;background-color:#fff}.btn-reddit{color:#000;background-color:#eff7ff;border-color:rgba(0,0,0,0.2)}.btn-reddit:hover,.btn-reddit:focus,.btn-reddit:active,.btn-reddit.active,.open>.dropdown-toggle.btn-reddit{color:#000;background-color:#bcddff;border-color:rgba(0,0,0,0.2)}.btn-reddit:active,.btn-reddit.active,.open>.dropdown-toggle.btn-reddit{background-image:none}.btn-reddit.disabled,.btn-reddit[disabled],fieldset[disabled] .btn-reddit,.btn-reddit.disabled:hover,.btn-reddit[disabled]:hover,fieldset[disabled] .btn-reddit:hover,.btn-reddit.disabled:focus,.btn-reddit[disabled]:focus,fieldset[disabled] .btn-reddit:focus,.btn-reddit.disabled:active,.btn-reddit[disabled]:active,fieldset[disabled] .btn-reddit:active,.btn-reddit.disabled.active,.btn-reddit[disabled].active,fieldset[disabled] .btn-reddit.active{background-color:#eff7ff;border-color:rgba(0,0,0,0.2)}.btn-reddit .badge{color:#eff7ff;background-color:#000}.btn-soundcloud{color:#fff;background-color:#f50;border-color:rgba(0,0,0,0.2)}.btn-soundcloud:hover,.btn-soundcloud:focus,.btn-soundcloud:active,.btn-soundcloud.active,.open>.dropdown-toggle.btn-soundcloud{color:#fff;background-color:#c40;border-color:rgba(0,0,0,0.2)}.btn-soundcloud:active,.btn-soundcloud.active,.open>.dropdown-toggle.btn-soundcloud{background-image:none}.btn-soundcloud.disabled,.btn-soundcloud[disabled],fieldset[disabled] .btn-soundcloud,.btn-soundcloud.disabled:hover,.btn-soundcloud[disabled]:hover,fieldset[disabled] .btn-soundcloud:hover,.btn-soundcloud.disabled:focus,.btn-soundcloud[disabled]:focus,fieldset[disabled] .btn-soundcloud:focus,.btn-soundcloud.disabled:active,.btn-soundcloud[disabled]:active,fieldset[disabled] .btn-soundcloud:active,.btn-soundcloud.disabled.active,.btn-soundcloud[disabled].active,fieldset[disabled] .btn-soundcloud.active{background-color:#f50;border-color:rgba(0,0,0,0.2)}.btn-soundcloud .badge{color:#f50;background-color:#fff}.btn-tumblr{color:#fff;background-color:#2c4762;border-color:rgba(0,0,0,0.2)}.btn-tumblr:hover,.btn-tumblr:focus,.btn-tumblr:active,.btn-tumblr.active,.open>.dropdown-toggle.btn-tumblr{color:#fff;background-color:#1c2d3f;border-color:rgba(0,0,0,0.2)}.btn-tumblr:active,.btn-tumblr.active,.open>.dropdown-toggle.btn-tumblr{background-image:none}.btn-tumblr.disabled,.btn-tumblr[disabled],fieldset[disabled] .btn-tumblr,.btn-tumblr.disabled:hover,.btn-tumblr[disabled]:hover,fieldset[disabled] .btn-tumblr:hover,.btn-tumblr.disabled:focus,.btn-tumblr[disabled]:focus,fieldset[disabled] .btn-tumblr:focus,.btn-tumblr.disabled:active,.btn-tumblr[disabled]:active,fieldset[disabled] .btn-tumblr:active,.btn-tumblr.disabled.active,.btn-tumblr[disabled].active,fieldset[disabled] .btn-tumblr.active{background-color:#2c4762;border-color:rgba(0,0,0,0.2)}.btn-tumblr .badge{color:#2c4762;background-color:#fff}.btn-twitter{color:#fff;background-color:#55acee;border-color:rgba(0,0,0,0.2)}.btn-twitter:hover,.btn-twitter:focus,.btn-twitter:active,.btn-twitter.active,.open>.dropdown-toggle.btn-twitter{color:#fff;background-color:#2795e9;border-color:rgba(0,0,0,0.2)}.btn-twitter:active,.btn-twitter.active,.open>.dropdown-toggle.btn-twitter{background-image:none}.btn-twitter.disabled,.btn-twitter[disabled],fieldset[disabled] .btn-twitter,.btn-twitter.disabled:hover,.btn-twitter[disabled]:hover,fieldset[disabled] .btn-twitter:hover,.btn-twitter.disabled:focus,.btn-twitter[disabled]:focus,fieldset[disabled] .btn-twitter:focus,.btn-twitter.disabled:active,.btn-twitter[disabled]:active,fieldset[disabled] .btn-twitter:active,.btn-twitter.disabled.active,.btn-twitter[disabled].active,fieldset[disabled] .btn-twitter.active{background-color:#55acee;border-color:rgba(0,0,0,0.2)}.btn-twitter .badge{color:#55acee;background-color:#fff}.btn-vimeo{color:#fff;background-color:#1ab7ea;border-color:rgba(0,0,0,0.2)}.btn-vimeo:hover,.btn-vimeo:focus,.btn-vimeo:active,.btn-vimeo.active,.open>.dropdown-toggle.btn-vimeo{color:#fff;background-color:#1295bf;border-color:rgba(0,0,0,0.2)}.btn-vimeo:active,.btn-vimeo.active,.open>.dropdown-toggle.btn-vimeo{background-image:none}.btn-vimeo.disabled,.btn-vimeo[disabled],fieldset[disabled] .btn-vimeo,.btn-vimeo.disabled:hover,.btn-vimeo[disabled]:hover,fieldset[disabled] .btn-vimeo:hover,.btn-vimeo.disabled:focus,.btn-vimeo[disabled]:focus,fieldset[disabled] .btn-vimeo:focus,.btn-vimeo.disabled:active,.btn-vimeo[disabled]:active,fieldset[disabled] .btn-vimeo:active,.btn-vimeo.disabled.active,.btn-vimeo[disabled].active,fieldset[disabled] .btn-vimeo.active{background-color:#1ab7ea;border-color:rgba(0,0,0,0.2)}.btn-vimeo .badge{color:#1ab7ea;background-color:#fff}.btn-vk{color:#fff;background-color:#587ea3;border-color:rgba(0,0,0,0.2)}.btn-vk:hover,.btn-vk:focus,.btn-vk:active,.btn-vk.active,.open>.dropdown-toggle.btn-vk{color:#fff;background-color:#466482;border-color:rgba(0,0,0,0.2)}.btn-vk:active,.btn-vk.active,.open>.dropdown-toggle.btn-vk{background-image:none}.btn-vk.disabled,.btn-vk[disabled],fieldset[disabled] .btn-vk,.btn-vk.disabled:hover,.btn-vk[disabled]:hover,fieldset[disabled] .btn-vk:hover,.btn-vk.disabled:focus,.btn-vk[disabled]:focus,fieldset[disabled] .btn-vk:focus,.btn-vk.disabled:active,.btn-vk[disabled]:active,fieldset[disabled] .btn-vk:active,.btn-vk.disabled.active,.btn-vk[disabled].active,fieldset[disabled] .btn-vk.active{background-color:#587ea3;border-color:rgba(0,0,0,0.2)}.btn-vk .badge{color:#587ea3;background-color:#fff}.btn-yahoo{color:#fff;background-color:#720e9e;border-color:rgba(0,0,0,0.2)}.btn-yahoo:hover,.btn-yahoo:focus,.btn-yahoo:active,.btn-yahoo.active,.open>.dropdown-toggle.btn-yahoo{color:#fff;background-color:#500a6f;border-color:rgba(0,0,0,0.2)}.btn-yahoo:active,.btn-yahoo.active,.open>.dropdown-toggle.btn-yahoo{background-image:none}.btn-yahoo.disabled,.btn-yahoo[disabled],fieldset[disabled] .btn-yahoo,.btn-yahoo.disabled:hover,.btn-yahoo[disabled]:hover,fieldset[disabled] .btn-yahoo:hover,.btn-yahoo.disabled:focus,.btn-yahoo[disabled]:focus,fieldset[disabled] .btn-yahoo:focus,.btn-yahoo.disabled:active,.btn-yahoo[disabled]:active,fieldset[disabled] .btn-yahoo:active,.btn-yahoo.disabled.active,.btn-yahoo[disabled].active,fieldset[disabled] .btn-yahoo.active{background-color:#720e9e;border-color:rgba(0,0,0,0.2)}.btn-yahoo .badge{color:#720e9e;background-color:#fff} \ No newline at end of file diff --git a/styles/bootstrap.cerulean.min.css b/styles/bootstrap.cerulean.min.css new file mode 100644 index 0000000..968758d --- /dev/null +++ b/styles/bootstrap.cerulean.min.css @@ -0,0 +1,7 @@ +/*! + * bootswatch v3.3.2 + * Homepage: http://bootswatch.com + * Copyright 2012-2015 Thomas Park + * Licensed under MIT + * Based on Bootstrap +*//*! normalize.css v3.0.2 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{background:transparent !important;color:#000 !important;-webkit-box-shadow:none !important;box-shadow:none !important;text-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}select{background:#fff !important}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}@font-face{font-family:'Glyphicons Halflings';src:url('../fonts/glyphicons-halflings-regular.eot');src:url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'),url('../fonts/glyphicons-halflings-regular.woff2') format('woff2'),url('../fonts/glyphicons-halflings-regular.woff') format('woff'),url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'),url('../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular') format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';font-style:normal;font-weight:normal;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\2a"}.glyphicon-plus:before{content:"\2b"}.glyphicon-euro:before,.glyphicon-eur:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#555555;background-color:#ffffff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#2fa4e7;text-decoration:none}a:hover,a:focus{color:#157ab5;text-decoration:underline}a:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive,.thumbnail>img,.thumbnail a>img,.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#ffffff;border:1px solid #dddddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eeeeee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-weight:500;line-height:1.1;color:#317eac}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:normal;line-height:1;color:#999999}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{background-color:#fcf8e3;padding:.2em}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#999999}.text-primary{color:#2fa4e7}a.text-primary:hover{color:#178acc}.text-success{color:#468847}a.text-success:hover{color:#356635}.text-info{color:#3a87ad}a.text-info:hover{color:#2d6987}.text-warning{color:#c09853}a.text-warning:hover{color:#a47e3c}.text-danger{color:#b94a48}a.text-danger:hover{color:#953b39}.bg-primary{color:#fff;background-color:#2fa4e7}a.bg-primary:hover{background-color:#178acc}.bg-success{background-color:#dff0d8}a.bg-success:hover{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eeeeee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:bold}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999999}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eeeeee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#999999}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eeeeee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#ffffff;background-color:#333333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:bold;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;word-break:break-all;word-wrap:break-word;color:#333333;background-color:#f5f5f5;border:1px solid #cccccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1,.col-sm-1,.col-md-1,.col-lg-1,.col-xs-2,.col-sm-2,.col-md-2,.col-lg-2,.col-xs-3,.col-sm-3,.col-md-3,.col-lg-3,.col-xs-4,.col-sm-4,.col-md-4,.col-lg-4,.col-xs-5,.col-sm-5,.col-md-5,.col-lg-5,.col-xs-6,.col-sm-6,.col-md-6,.col-lg-6,.col-xs-7,.col-sm-7,.col-md-7,.col-lg-7,.col-xs-8,.col-sm-8,.col-md-8,.col-lg-8,.col-xs-9,.col-sm-9,.col-md-9,.col-lg-9,.col-xs-10,.col-sm-10,.col-md-10,.col-lg-10,.col-xs-11,.col-sm-11,.col-md-11,.col-lg-11,.col-xs-12,.col-sm-12,.col-md-12,.col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0%}@media (min-width:768px){.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0%}}@media (min-width:992px){.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0%}}@media (min-width:1200px){.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0%}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#999999;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #dddddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #dddddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #dddddd}.table .table{background-color:#ffffff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #dddddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #dddddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*="col-"]{position:static;float:none;display:table-column}table td[class*="col-"],table th[class*="col-"]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{overflow-x:auto;min-height:0.01%}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #dddddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#555555;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:9px;font-size:14px;line-height:1.42857143;color:#555555}.form-control{display:block;width:100%;height:38px;padding:8px 12px;font-size:14px;line-height:1.42857143;color:#555555;background-color:#ffffff;background-image:none;border:1px solid #cccccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s,-webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6)}.form-control::-moz-placeholder{color:#999999;opacity:1}.form-control:-ms-input-placeholder{color:#999999}.form-control::-webkit-input-placeholder{color:#999999}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{cursor:not-allowed;background-color:#eeeeee;opacity:1}textarea.form-control{height:auto}input[type="search"]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"],input[type="time"],input[type="datetime-local"],input[type="month"]{line-height:38px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:54px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-left:-20px;margin-top:4px \9}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:normal;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.form-control-static{padding-top:9px;padding-bottom:9px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.form-group-sm .form-control{height:30px;line-height:30px}textarea.form-group-sm .form-control,select[multiple].form-group-sm .form-control{height:auto}.form-group-sm .form-control-static{height:30px;padding:5px 10px;font-size:12px;line-height:1.5}.input-lg{height:54px;padding:14px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:54px;line-height:54px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:54px;padding:14px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.form-group-lg .form-control{height:54px;line-height:54px}textarea.form-group-lg .form-control,select[multiple].form-group-lg .form-control{height:auto}.form-group-lg .form-control-static{height:54px;padding:14px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:47.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:38px;height:38px;line-height:38px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback{width:54px;height:54px;line-height:54px}.input-sm+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#468847}.has-success .form-control{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.has-success .input-group-addon{color:#468847;border-color:#468847;background-color:#dff0d8}.has-success .form-control-feedback{color:#468847}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#c09853}.has-warning .form-control{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.has-warning .input-group-addon{color:#c09853;border-color:#c09853;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#c09853}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#b94a48}.has-error .form-control{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.has-error .input-group-addon{color:#b94a48;border-color:#b94a48;background-color:#f2dede}.has-error .form-control-feedback{color:#b94a48}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#959595}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:9px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:29px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{text-align:right;margin-bottom:0;padding-top:9px}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:19.6666662px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:8px 12px;font-size:14px;line-height:1.42857143;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#555555;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;pointer-events:none;opacity:0.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}.btn-default{color:#555555;background-color:#ffffff;border-color:rgba(0,0,0,0.1)}.btn-default:hover,.btn-default:focus,.btn-default.focus,.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#555555;background-color:#e6e6e6;border-color:rgba(0,0,0,0.1)}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#ffffff;border-color:rgba(0,0,0,0.1)}.btn-default .badge{color:#ffffff;background-color:#555555}.btn-primary{color:#ffffff;background-color:#2fa4e7;border-color:#2fa4e7}.btn-primary:hover,.btn-primary:focus,.btn-primary.focus,.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#ffffff;background-color:#178acc;border-color:#1684c2}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#2fa4e7;border-color:#2fa4e7}.btn-primary .badge{color:#2fa4e7;background-color:#ffffff}.btn-success{color:#ffffff;background-color:#73a839;border-color:#73a839}.btn-success:hover,.btn-success:focus,.btn-success.focus,.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#ffffff;background-color:#59822c;border-color:#547a29}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#73a839;border-color:#73a839}.btn-success .badge{color:#73a839;background-color:#ffffff}.btn-info{color:#ffffff;background-color:#033c73;border-color:#033c73}.btn-info:hover,.btn-info:focus,.btn-info.focus,.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#ffffff;background-color:#022241;border-color:#011d37}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#033c73;border-color:#033c73}.btn-info .badge{color:#033c73;background-color:#ffffff}.btn-warning{color:#ffffff;background-color:#dd5600;border-color:#dd5600}.btn-warning:hover,.btn-warning:focus,.btn-warning.focus,.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#ffffff;background-color:#aa4200;border-color:#a03e00}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#dd5600;border-color:#dd5600}.btn-warning .badge{color:#dd5600;background-color:#ffffff}.btn-danger{color:#ffffff;background-color:#c71c22;border-color:#c71c22}.btn-danger:hover,.btn-danger:focus,.btn-danger.focus,.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#ffffff;background-color:#9a161a;border-color:#911419}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#c71c22;border-color:#c71c22}.btn-danger .badge{color:#c71c22;background-color:#ffffff}.btn-link{color:#2fa4e7;font-weight:normal;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#157ab5;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#999999;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:14px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity 0.15s linear;-o-transition:opacity 0.15s linear;transition:opacity 0.15s linear}.fade.in{opacity:1}.collapse{display:none;visibility:hidden}.collapse.in{display:block;visibility:visible}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:0.35s;-o-transition-duration:0.35s;transition-duration:0.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid;border-right:4px solid transparent;border-left:4px solid transparent}.dropup,.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;font-size:14px;text-align:left;background-color:#ffffff;border:1px solid #cccccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175);-webkit-background-clip:padding-box;background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:1.42857143;color:#333333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{text-decoration:none;color:#ffffff;background-color:#2fa4e7}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#ffffff;text-decoration:none;outline:0;background-color:#2fa4e7}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);cursor:not-allowed}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{left:auto;right:0}.dropdown-menu-left{left:0;right:auto}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#999999;white-space:nowrap}.dropdown-backdrop{position:fixed;left:0;right:0;bottom:0;top:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{left:auto;right:0}.navbar-right .dropdown-menu-left{left:0;right:auto}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-bottom-left-radius:4px;border-top-right-radius:0;border-top-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-left:0;padding-right:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:54px;padding:14px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:54px;line-height:54px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:8px 12px;font-size:14px;font-weight:normal;line-height:1;color:#555555;text-align:center;background-color:#eeeeee;border:1px solid #cccccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:14px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eeeeee}.nav>li.disabled>a{color:#999999}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#999999;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eeeeee;border-color:#2fa4e7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #dddddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eeeeee #eeeeee #dddddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555555;background-color:#ffffff;border:1px solid #dddddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #dddddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #dddddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#ffffff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#ffffff;background-color:#2fa4e7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #dddddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #dddddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#ffffff}}.tab-content>.tab-pane{display:none;visibility:hidden}.tab-content>.active{display:block;visibility:visible}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;visibility:visible !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px;height:50px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:6px;margin-bottom:6px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:6px;margin-bottom:6px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#2fa4e7;border-color:#1995dc}.navbar-default .navbar-brand{color:#ffffff}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#ffffff;background-color:none}.navbar-default .navbar-text{color:#dddddd}.navbar-default .navbar-nav>li>a{color:#ffffff}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#ffffff;background-color:#178acc}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#ffffff;background-color:#178acc}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#dddddd;background-color:transparent}.navbar-default .navbar-toggle{border-color:#178acc}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#178acc}.navbar-default .navbar-toggle .icon-bar{background-color:#ffffff}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#1995dc}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#178acc;color:#ffffff}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#ffffff}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#ffffff;background-color:#178acc}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#ffffff;background-color:#178acc}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#dddddd;background-color:transparent}}.navbar-default .navbar-link{color:#ffffff}.navbar-default .navbar-link:hover{color:#ffffff}.navbar-default .btn-link{color:#ffffff}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#ffffff}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#dddddd}.navbar-inverse{background-color:#033c73;border-color:#022f5a}.navbar-inverse .navbar-brand{color:#ffffff}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#ffffff;background-color:none}.navbar-inverse .navbar-text{color:#ffffff}.navbar-inverse .navbar-nav>li>a{color:#ffffff}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#ffffff;background-color:#022f5a}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#ffffff;background-color:#022f5a}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#cccccc;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#022f5a}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#022f5a}.navbar-inverse .navbar-toggle .icon-bar{background-color:#ffffff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#022a50}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#022f5a;color:#ffffff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#022f5a}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#022f5a}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#ffffff}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#ffffff;background-color:#022f5a}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#ffffff;background-color:#022f5a}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#cccccc;background-color:transparent}}.navbar-inverse .navbar-link{color:#ffffff}.navbar-inverse .navbar-link:hover{color:#ffffff}.navbar-inverse .btn-link{color:#ffffff}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#ffffff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#cccccc}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{content:"/\00a0";padding:0 5px;color:#cccccc}.breadcrumb>.active{color:#999999}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:8px 12px;line-height:1.42857143;text-decoration:none;color:#2fa4e7;background-color:#ffffff;border:1px solid #dddddd;margin-left:-1px}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{color:#157ab5;background-color:#eeeeee;border-color:#dddddd}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:2;color:#999999;background-color:#f5f5f5;border-color:#dddddd;cursor:default}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#999999;background-color:#ffffff;border-color:#dddddd;cursor:not-allowed}.pagination-lg>li>a,.pagination-lg>li>span{padding:14px 16px;font-size:18px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:6px;border-top-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-bottom-right-radius:6px;border-top-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:3px;border-top-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-bottom-right-radius:3px;border-top-right-radius:3px}.pager{padding-left:0;margin:20px 0;list-style:none;text-align:center}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#ffffff;border:1px solid #dddddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eeeeee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999999;background-color:#ffffff;cursor:not-allowed}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#ffffff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#ffffff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#999999}.label-default[href]:hover,.label-default[href]:focus{background-color:#808080}.label-primary{background-color:#2fa4e7}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#178acc}.label-success{background-color:#73a839}.label-success[href]:hover,.label-success[href]:focus{background-color:#59822c}.label-info{background-color:#033c73}.label-info[href]:hover,.label-info[href]:focus{background-color:#022241}.label-warning{background-color:#dd5600}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#aa4200}.label-danger{background-color:#c71c22}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#9a161a}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;color:#ffffff;line-height:1;vertical-align:baseline;white-space:nowrap;text-align:center;background-color:#2fa4e7;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#ffffff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#2fa4e7;background-color:#ffffff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding:30px 15px;margin-bottom:30px;color:inherit;background-color:#eeeeee}.jumbotron h1,.jumbotron .h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding:48px 0}.container .jumbotron,.container-fluid .jumbotron{padding-left:60px;padding-right:60px}.jumbotron h1,.jumbotron .h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#ffffff;border:1px solid #dddddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail>img,.thumbnail a>img{margin-left:auto;margin-right:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#2fa4e7}.thumbnail .caption{padding:9px;color:#555555}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#468847}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#356635}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#3a87ad}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#2d6987}.alert-warning{background-color:#fcf8e3;border-color:#fbeed5;color:#c09853}.alert-warning hr{border-top-color:#f8e5be}.alert-warning .alert-link{color:#a47e3c}.alert-danger{background-color:#f2dede;border-color:#eed3d7;color:#b94a48}.alert-danger hr{border-top-color:#e6c1c7}.alert-danger .alert-link{color:#953b39}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#ffffff;text-align:center;background-color:#2fa4e7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width 0.6s ease;-o-transition:width 0.6s ease;transition:width 0.6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#73a839}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#033c73}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#dd5600}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#c71c22}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{zoom:1;overflow:hidden}.media-body{width:10000px}.media-object{display:block}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-left,.media-right,.media-body{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{margin-bottom:20px;padding-left:0}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#ffffff;border:1px solid #dddddd}.list-group-item:first-child{border-top-right-radius:4px;border-top-left-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}a.list-group-item{color:#555555}a.list-group-item .list-group-item-heading{color:#333333}a.list-group-item:hover,a.list-group-item:focus{text-decoration:none;color:#555555;background-color:#f5f5f5}.list-group-item.disabled,.list-group-item.disabled:hover,.list-group-item.disabled:focus{background-color:#eeeeee;color:#999999;cursor:not-allowed}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text{color:#999999}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#ffffff;background-color:#2fa4e7;border-color:#2fa4e7}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>.small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#e6f4fc}.list-group-item-success{color:#468847;background-color:#dff0d8}a.list-group-item-success{color:#468847}a.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:hover,a.list-group-item-success:focus{color:#468847;background-color:#d0e9c6}a.list-group-item-success.active,a.list-group-item-success.active:hover,a.list-group-item-success.active:focus{color:#fff;background-color:#468847;border-color:#468847}.list-group-item-info{color:#3a87ad;background-color:#d9edf7}a.list-group-item-info{color:#3a87ad}a.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:hover,a.list-group-item-info:focus{color:#3a87ad;background-color:#c4e3f3}a.list-group-item-info.active,a.list-group-item-info.active:hover,a.list-group-item-info.active:focus{color:#fff;background-color:#3a87ad;border-color:#3a87ad}.list-group-item-warning{color:#c09853;background-color:#fcf8e3}a.list-group-item-warning{color:#c09853}a.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:hover,a.list-group-item-warning:focus{color:#c09853;background-color:#faf2cc}a.list-group-item-warning.active,a.list-group-item-warning.active:hover,a.list-group-item-warning.active:focus{color:#fff;background-color:#c09853;border-color:#c09853}.list-group-item-danger{color:#b94a48;background-color:#f2dede}a.list-group-item-danger{color:#b94a48}a.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:hover,a.list-group-item-danger:focus{color:#b94a48;background-color:#ebcccc}a.list-group-item-danger.active,a.list-group-item-danger.active:hover,a.list-group-item-danger.active:focus{color:#fff;background-color:#b94a48;border-color:#b94a48}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#ffffff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #dddddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-left:15px;padding-right:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #dddddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #dddddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #dddddd}.panel-default{border-color:#dddddd}.panel-default>.panel-heading{color:#555555;background-color:#f5f5f5;border-color:#dddddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#dddddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#555555}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#dddddd}.panel-primary{border-color:#dddddd}.panel-primary>.panel-heading{color:#ffffff;background-color:#2fa4e7;border-color:#dddddd}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#dddddd}.panel-primary>.panel-heading .badge{color:#2fa4e7;background-color:#ffffff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#dddddd}.panel-success{border-color:#dddddd}.panel-success>.panel-heading{color:#468847;background-color:#73a839;border-color:#dddddd}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#dddddd}.panel-success>.panel-heading .badge{color:#73a839;background-color:#468847}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#dddddd}.panel-info{border-color:#dddddd}.panel-info>.panel-heading{color:#3a87ad;background-color:#033c73;border-color:#dddddd}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#dddddd}.panel-info>.panel-heading .badge{color:#033c73;background-color:#3a87ad}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#dddddd}.panel-warning{border-color:#dddddd}.panel-warning>.panel-heading{color:#c09853;background-color:#dd5600;border-color:#dddddd}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#dddddd}.panel-warning>.panel-heading .badge{color:#dd5600;background-color:#c09853}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#dddddd}.panel-danger{border-color:#dddddd}.panel-danger>.panel-heading{color:#b94a48;background-color:#c71c22;border-color:#dddddd}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#dddddd}.panel-danger>.panel-heading .badge{color:#c71c22;background-color:#b94a48}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#dddddd}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive iframe,.embed-responsive embed,.embed-responsive object,.embed-responsive video{position:absolute;top:0;left:0;bottom:0;height:100%;width:100%;border:0}.embed-responsive.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000000;text-shadow:0 1px 0 #ffffff;opacity:0.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000000;text-decoration:none;cursor:pointer;opacity:0.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}.modal{display:none;overflow:hidden;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#ffffff;border:1px solid #999999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);-webkit-background-clip:padding-box;background-clip:padding-box;outline:0}.modal-backdrop{position:absolute;top:0;right:0;left:0;background-color:#000000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:0.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5;min-height:16.42857143px}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:20px}.modal-footer{padding:20px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;visibility:visible;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:12px;font-weight:normal;line-height:1.4;opacity:0;filter:alpha(opacity=0)}.tooltip.in{opacity:0.9;filter:alpha(opacity=90)}.tooltip.top{margin-top:-3px;padding:5px 0}.tooltip.right{margin-left:3px;padding:0 5px}.tooltip.bottom{margin-top:3px;padding:5px 0}.tooltip.left{margin-left:-3px;padding:0 5px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#ffffff;text-align:center;text-decoration:none;background-color:rgba(0,0,0,0.9);border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:rgba(0,0,0,0.9)}.tooltip.top-left .tooltip-arrow{bottom:0;right:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:rgba(0,0,0,0.9)}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:rgba(0,0,0,0.9)}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:rgba(0,0,0,0.9)}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:rgba(0,0,0,0.9)}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:rgba(0,0,0,0.9)}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:rgba(0,0,0,0.9)}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:rgba(0,0,0,0.9)}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;font-weight:normal;line-height:1.42857143;text-align:left;background-color:#ffffff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #cccccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);white-space:normal}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{margin:0;padding:8px 14px;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow{border-width:11px}.popover>.arrow:after{border-width:10px;content:""}.popover.top>.arrow{left:50%;margin-left:-11px;border-bottom-width:0;border-top-color:#999999;border-top-color:rgba(0,0,0,0.25);bottom:-11px}.popover.top>.arrow:after{content:" ";bottom:1px;margin-left:-10px;border-bottom-width:0;border-top-color:#ffffff}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-left-width:0;border-right-color:#999999;border-right-color:rgba(0,0,0,0.25)}.popover.right>.arrow:after{content:" ";left:1px;bottom:-10px;border-left-width:0;border-right-color:#ffffff}.popover.bottom>.arrow{left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999999;border-bottom-color:rgba(0,0,0,0.25);top:-11px}.popover.bottom>.arrow:after{content:" ";top:1px;margin-left:-10px;border-top-width:0;border-bottom-color:#ffffff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999999;border-left-color:rgba(0,0,0,0.25)}.popover.left>.arrow:after{content:" ";right:1px;border-right-width:0;border-left-color:#ffffff;bottom:-10px}.carousel{position:relative}.carousel-inner{position:relative;overflow:hidden;width:100%}.carousel-inner>.item{display:none;position:relative;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform .6s ease-in-out;-o-transition:-o-transform .6s ease-in-out;transition:transform .6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000;perspective:1000}.carousel-inner>.item.next,.carousel-inner>.item.active.right{-webkit-transform:translate3d(100%, 0, 0);transform:translate3d(100%, 0, 0);left:0}.carousel-inner>.item.prev,.carousel-inner>.item.active.left{-webkit-transform:translate3d(-100%, 0, 0);transform:translate3d(-100%, 0, 0);left:0}.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right,.carousel-inner>.item.active{-webkit-transform:translate3d(0, 0, 0);transform:translate3d(0, 0, 0);left:0}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;left:0;bottom:0;width:15%;opacity:0.5;filter:alpha(opacity=50);font-size:20px;color:#ffffff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-control.left{background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-webkit-gradient(linear, left top, right top, from(rgba(0,0,0,0.5)), to(rgba(0,0,0,0.0001)));background-image:linear-gradient(to right, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1)}.carousel-control.right{left:auto;right:0;background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-webkit-gradient(linear, left top, right top, from(rgba(0,0,0,0.0001)), to(rgba(0,0,0,0.5)));background-image:linear-gradient(to right, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1)}.carousel-control:hover,.carousel-control:focus{outline:0;color:#ffffff;text-decoration:none;opacity:0.9;filter:alpha(opacity=90)}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%;margin-left:-10px}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%;margin-right:-10px}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;margin-top:-10px;line-height:1;font-family:serif}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;margin-left:-30%;padding-left:0;list-style:none;text-align:center}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;border:1px solid #ffffff;border-radius:10px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0)}.carousel-indicators .active{margin:0;width:12px;height:12px;background-color:#ffffff}.carousel-caption{position:absolute;left:15%;right:15%;bottom:20px;z-index:10;padding-top:20px;padding-bottom:20px;color:#ffffff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-15px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-15px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-15px}.carousel-caption{left:20%;right:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.pager:before,.pager:after,.panel-body:before,.panel-body:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.pager:after,.panel-body:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important;visibility:hidden !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}}.navbar{background-image:-webkit-linear-gradient(#54b4eb, #2fa4e7 60%, #1d9ce5);background-image:-o-linear-gradient(#54b4eb, #2fa4e7 60%, #1d9ce5);background-image:-webkit-gradient(linear, left top, left bottom, from(#54b4eb), color-stop(60%, #2fa4e7), to(#1d9ce5));background-image:linear-gradient(#54b4eb, #2fa4e7 60%, #1d9ce5);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff54b4eb', endColorstr='#ff1d9ce5', GradientType=0);border-bottom:1px solid #178acc;-webkit-filter:none;filter:none;-webkit-box-shadow:0 1px 10px rgba(0,0,0,0.1);box-shadow:0 1px 10px rgba(0,0,0,0.1)}.navbar-default .badge{background-color:#fff;color:#2fa4e7}.navbar-inverse{background-image:-webkit-linear-gradient(#04519b, #044687 60%, #033769);background-image:-o-linear-gradient(#04519b, #044687 60%, #033769);background-image:-webkit-gradient(linear, left top, left bottom, from(#04519b), color-stop(60%, #044687), to(#033769));background-image:linear-gradient(#04519b, #044687 60%, #033769);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff04519b', endColorstr='#ff033769', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #022241}.navbar-inverse .badge{background-color:#fff;color:#033c73}.navbar .navbar-nav>li>a,.navbar-brand{text-shadow:0 1px 0 rgba(0,0,0,0.1)}@media (max-width:767px){.navbar .dropdown-header{color:#fff}}.btn{text-shadow:0 1px 0 rgba(0,0,0,0.1)}.btn .caret{border-top-color:#fff}.btn-default{background-image:-webkit-linear-gradient(#fff, #fff 60%, #f5f5f5);background-image:-o-linear-gradient(#fff, #fff 60%, #f5f5f5);background-image:-webkit-gradient(linear, left top, left bottom, from(#fff), color-stop(60%, #fff), to(#f5f5f5));background-image:linear-gradient(#fff, #fff 60%, #f5f5f5);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff5f5f5', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #e6e6e6}.btn-default:hover{color:#555555}.btn-default .caret{border-top-color:#555555}.btn-default{background-image:-webkit-linear-gradient(#fff, #fff 60%, #f5f5f5);background-image:-o-linear-gradient(#fff, #fff 60%, #f5f5f5);background-image:-webkit-gradient(linear, left top, left bottom, from(#fff), color-stop(60%, #fff), to(#f5f5f5));background-image:linear-gradient(#fff, #fff 60%, #f5f5f5);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff5f5f5', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #e6e6e6}.btn-primary{background-image:-webkit-linear-gradient(#54b4eb, #2fa4e7 60%, #1d9ce5);background-image:-o-linear-gradient(#54b4eb, #2fa4e7 60%, #1d9ce5);background-image:-webkit-gradient(linear, left top, left bottom, from(#54b4eb), color-stop(60%, #2fa4e7), to(#1d9ce5));background-image:linear-gradient(#54b4eb, #2fa4e7 60%, #1d9ce5);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff54b4eb', endColorstr='#ff1d9ce5', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #178acc}.btn-success{background-image:-webkit-linear-gradient(#88c149, #73a839 60%, #699934);background-image:-o-linear-gradient(#88c149, #73a839 60%, #699934);background-image:-webkit-gradient(linear, left top, left bottom, from(#88c149), color-stop(60%, #73a839), to(#699934));background-image:linear-gradient(#88c149, #73a839 60%, #699934);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff88c149', endColorstr='#ff699934', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #59822c}.btn-info{background-image:-webkit-linear-gradient(#04519b, #033c73 60%, #02325f);background-image:-o-linear-gradient(#04519b, #033c73 60%, #02325f);background-image:-webkit-gradient(linear, left top, left bottom, from(#04519b), color-stop(60%, #033c73), to(#02325f));background-image:linear-gradient(#04519b, #033c73 60%, #02325f);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff04519b', endColorstr='#ff02325f', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #022241}.btn-warning{background-image:-webkit-linear-gradient(#ff6707, #dd5600 60%, #c94e00);background-image:-o-linear-gradient(#ff6707, #dd5600 60%, #c94e00);background-image:-webkit-gradient(linear, left top, left bottom, from(#ff6707), color-stop(60%, #dd5600), to(#c94e00));background-image:linear-gradient(#ff6707, #dd5600 60%, #c94e00);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffff6707', endColorstr='#ffc94e00', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #aa4200}.btn-danger{background-image:-webkit-linear-gradient(#e12b31, #c71c22 60%, #b5191f);background-image:-o-linear-gradient(#e12b31, #c71c22 60%, #b5191f);background-image:-webkit-gradient(linear, left top, left bottom, from(#e12b31), color-stop(60%, #c71c22), to(#b5191f));background-image:linear-gradient(#e12b31, #c71c22 60%, #b5191f);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe12b31', endColorstr='#ffb5191f', GradientType=0);-webkit-filter:none;filter:none;border-bottom:1px solid #9a161a}.panel-primary .panel-heading,.panel-success .panel-heading,.panel-warning .panel-heading,.panel-danger .panel-heading,.panel-info .panel-heading,.panel-primary .panel-title,.panel-success .panel-title,.panel-warning .panel-title,.panel-danger .panel-title,.panel-info .panel-title{color:#fff} \ No newline at end of file diff --git a/styles/card.css b/styles/card.css new file mode 100644 index 0000000..bff4d23 --- /dev/null +++ b/styles/card.css @@ -0,0 +1,39 @@ +.cc-entry-fields { + margin: 10px auto; + width: 350px; +} +.cc-entry-field { + font: normal 14px/17px Arial; + padding: 8px; + float: left; +} +.cc-entry-field[name=number], +.cc-entry-field[name=name] { + width: 175px; + border: 1px solid #ccc; +} +.cc-entry-field[name=name] { + border-left: none; +} +.cc-entry-field[name=expiry], +.cc-entry-field[name=cvc] { + width: 87px; + border: 1px solid #ccc; + border-top: none; +} +.cc-entry-field[name=cvc] { + border-left: none; + width: 88px; +} +.cc-entry-field[name=submit] { + width: 175px; + background-color: #008cba; + color: #fff; + border: 1px solid #008cba; + border-top: none; + box-shadow: none; +} +.cc-entry-field[name=submit]:hover, +.cc-entry-field[name=submit]:focus { + background-color: #19ACDD; +} \ No newline at end of file diff --git a/styles/font-awesome.min.css b/styles/font-awesome.min.css new file mode 100644 index 0000000..449d6ac --- /dev/null +++ b/styles/font-awesome.min.css @@ -0,0 +1,4 @@ +/*! + * Font Awesome 4.0.3 by @davegandy - http://fontawesome.io - @fontawesome + * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) + */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.0.3');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.0.3') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff?v=4.0.3') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.0.3') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.0.3#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font-family:FontAwesome;font-style:normal;font-weight:normal;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.3333333333333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.2857142857142858em;text-align:center}.fa-ul{padding-left:0;margin-left:2.142857142857143em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.142857142857143em;width:2.142857142857143em;top:.14285714285714285em;text-align:center}.fa-li.fa-lg{left:-1.8571428571428572em}.fa-border{padding:.2em .25em .15em;border:solid .08em #eee;border-radius:.1em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left{margin-right:.3em}.fa.pull-right{margin-left:.3em}.fa-spin{-webkit-animation:spin 2s infinite linear;-moz-animation:spin 2s infinite linear;-o-animation:spin 2s infinite linear;animation:spin 2s infinite linear}@-moz-keyframes spin{0%{-moz-transform:rotate(0deg)}100%{-moz-transform:rotate(359deg)}}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg)}}@-o-keyframes spin{0%{-o-transform:rotate(0deg)}100%{-o-transform:rotate(359deg)}}@-ms-keyframes spin{0%{-ms-transform:rotate(0deg)}100%{-ms-transform:rotate(359deg)}}@keyframes spin{0%{transform:rotate(0deg)}100%{transform:rotate(359deg)}}.fa-rotate-90{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=1);-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=2);-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=3);-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=0,mirror=1);-webkit-transform:scale(-1,1);-moz-transform:scale(-1,1);-ms-transform:scale(-1,1);-o-transform:scale(-1,1);transform:scale(-1,1)}.fa-flip-vertical{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=2,mirror=1);-webkit-transform:scale(1,-1);-moz-transform:scale(1,-1);-ms-transform:scale(1,-1);-o-transform:scale(1,-1);transform:scale(1,-1)}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:"\f000"}.fa-music:before{content:"\f001"}.fa-search:before{content:"\f002"}.fa-envelope-o:before{content:"\f003"}.fa-heart:before{content:"\f004"}.fa-star:before{content:"\f005"}.fa-star-o:before{content:"\f006"}.fa-user:before{content:"\f007"}.fa-film:before{content:"\f008"}.fa-th-large:before{content:"\f009"}.fa-th:before{content:"\f00a"}.fa-th-list:before{content:"\f00b"}.fa-check:before{content:"\f00c"}.fa-times:before{content:"\f00d"}.fa-search-plus:before{content:"\f00e"}.fa-search-minus:before{content:"\f010"}.fa-power-off:before{content:"\f011"}.fa-signal:before{content:"\f012"}.fa-gear:before,.fa-cog:before{content:"\f013"}.fa-trash-o:before{content:"\f014"}.fa-home:before{content:"\f015"}.fa-file-o:before{content:"\f016"}.fa-clock-o:before{content:"\f017"}.fa-road:before{content:"\f018"}.fa-download:before{content:"\f019"}.fa-arrow-circle-o-down:before{content:"\f01a"}.fa-arrow-circle-o-up:before{content:"\f01b"}.fa-inbox:before{content:"\f01c"}.fa-play-circle-o:before{content:"\f01d"}.fa-rotate-right:before,.fa-repeat:before{content:"\f01e"}.fa-refresh:before{content:"\f021"}.fa-list-alt:before{content:"\f022"}.fa-lock:before{content:"\f023"}.fa-flag:before{content:"\f024"}.fa-headphones:before{content:"\f025"}.fa-volume-off:before{content:"\f026"}.fa-volume-down:before{content:"\f027"}.fa-volume-up:before{content:"\f028"}.fa-qrcode:before{content:"\f029"}.fa-barcode:before{content:"\f02a"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-book:before{content:"\f02d"}.fa-bookmark:before{content:"\f02e"}.fa-print:before{content:"\f02f"}.fa-camera:before{content:"\f030"}.fa-font:before{content:"\f031"}.fa-bold:before{content:"\f032"}.fa-italic:before{content:"\f033"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-align-left:before{content:"\f036"}.fa-align-center:before{content:"\f037"}.fa-align-right:before{content:"\f038"}.fa-align-justify:before{content:"\f039"}.fa-list:before{content:"\f03a"}.fa-dedent:before,.fa-outdent:before{content:"\f03b"}.fa-indent:before{content:"\f03c"}.fa-video-camera:before{content:"\f03d"}.fa-picture-o:before{content:"\f03e"}.fa-pencil:before{content:"\f040"}.fa-map-marker:before{content:"\f041"}.fa-adjust:before{content:"\f042"}.fa-tint:before{content:"\f043"}.fa-edit:before,.fa-pencil-square-o:before{content:"\f044"}.fa-share-square-o:before{content:"\f045"}.fa-check-square-o:before{content:"\f046"}.fa-arrows:before{content:"\f047"}.fa-step-backward:before{content:"\f048"}.fa-fast-backward:before{content:"\f049"}.fa-backward:before{content:"\f04a"}.fa-play:before{content:"\f04b"}.fa-pause:before{content:"\f04c"}.fa-stop:before{content:"\f04d"}.fa-forward:before{content:"\f04e"}.fa-fast-forward:before{content:"\f050"}.fa-step-forward:before{content:"\f051"}.fa-eject:before{content:"\f052"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-plus-circle:before{content:"\f055"}.fa-minus-circle:before{content:"\f056"}.fa-times-circle:before{content:"\f057"}.fa-check-circle:before{content:"\f058"}.fa-question-circle:before{content:"\f059"}.fa-info-circle:before{content:"\f05a"}.fa-crosshairs:before{content:"\f05b"}.fa-times-circle-o:before{content:"\f05c"}.fa-check-circle-o:before{content:"\f05d"}.fa-ban:before{content:"\f05e"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrow-down:before{content:"\f063"}.fa-mail-forward:before,.fa-share:before{content:"\f064"}.fa-expand:before{content:"\f065"}.fa-compress:before{content:"\f066"}.fa-plus:before{content:"\f067"}.fa-minus:before{content:"\f068"}.fa-asterisk:before{content:"\f069"}.fa-exclamation-circle:before{content:"\f06a"}.fa-gift:before{content:"\f06b"}.fa-leaf:before{content:"\f06c"}.fa-fire:before{content:"\f06d"}.fa-eye:before{content:"\f06e"}.fa-eye-slash:before{content:"\f070"}.fa-warning:before,.fa-exclamation-triangle:before{content:"\f071"}.fa-plane:before{content:"\f072"}.fa-calendar:before{content:"\f073"}.fa-random:before{content:"\f074"}.fa-comment:before{content:"\f075"}.fa-magnet:before{content:"\f076"}.fa-chevron-up:before{content:"\f077"}.fa-chevron-down:before{content:"\f078"}.fa-retweet:before{content:"\f079"}.fa-shopping-cart:before{content:"\f07a"}.fa-folder:before{content:"\f07b"}.fa-folder-open:before{content:"\f07c"}.fa-arrows-v:before{content:"\f07d"}.fa-arrows-h:before{content:"\f07e"}.fa-bar-chart-o:before{content:"\f080"}.fa-twitter-square:before{content:"\f081"}.fa-facebook-square:before{content:"\f082"}.fa-camera-retro:before{content:"\f083"}.fa-key:before{content:"\f084"}.fa-gears:before,.fa-cogs:before{content:"\f085"}.fa-comments:before{content:"\f086"}.fa-thumbs-o-up:before{content:"\f087"}.fa-thumbs-o-down:before{content:"\f088"}.fa-star-half:before{content:"\f089"}.fa-heart-o:before{content:"\f08a"}.fa-sign-out:before{content:"\f08b"}.fa-linkedin-square:before{content:"\f08c"}.fa-thumb-tack:before{content:"\f08d"}.fa-external-link:before{content:"\f08e"}.fa-sign-in:before{content:"\f090"}.fa-trophy:before{content:"\f091"}.fa-github-square:before{content:"\f092"}.fa-upload:before{content:"\f093"}.fa-lemon-o:before{content:"\f094"}.fa-phone:before{content:"\f095"}.fa-square-o:before{content:"\f096"}.fa-bookmark-o:before{content:"\f097"}.fa-phone-square:before{content:"\f098"}.fa-twitter:before{content:"\f099"}.fa-facebook:before{content:"\f09a"}.fa-github:before{content:"\f09b"}.fa-unlock:before{content:"\f09c"}.fa-credit-card:before{content:"\f09d"}.fa-rss:before{content:"\f09e"}.fa-hdd-o:before{content:"\f0a0"}.fa-bullhorn:before{content:"\f0a1"}.fa-bell:before{content:"\f0f3"}.fa-certificate:before{content:"\f0a3"}.fa-hand-o-right:before{content:"\f0a4"}.fa-hand-o-left:before{content:"\f0a5"}.fa-hand-o-up:before{content:"\f0a6"}.fa-hand-o-down:before{content:"\f0a7"}.fa-arrow-circle-left:before{content:"\f0a8"}.fa-arrow-circle-right:before{content:"\f0a9"}.fa-arrow-circle-up:before{content:"\f0aa"}.fa-arrow-circle-down:before{content:"\f0ab"}.fa-globe:before{content:"\f0ac"}.fa-wrench:before{content:"\f0ad"}.fa-tasks:before{content:"\f0ae"}.fa-filter:before{content:"\f0b0"}.fa-briefcase:before{content:"\f0b1"}.fa-arrows-alt:before{content:"\f0b2"}.fa-group:before,.fa-users:before{content:"\f0c0"}.fa-chain:before,.fa-link:before{content:"\f0c1"}.fa-cloud:before{content:"\f0c2"}.fa-flask:before{content:"\f0c3"}.fa-cut:before,.fa-scissors:before{content:"\f0c4"}.fa-copy:before,.fa-files-o:before{content:"\f0c5"}.fa-paperclip:before{content:"\f0c6"}.fa-save:before,.fa-floppy-o:before{content:"\f0c7"}.fa-square:before{content:"\f0c8"}.fa-bars:before{content:"\f0c9"}.fa-list-ul:before{content:"\f0ca"}.fa-list-ol:before{content:"\f0cb"}.fa-strikethrough:before{content:"\f0cc"}.fa-underline:before{content:"\f0cd"}.fa-table:before{content:"\f0ce"}.fa-magic:before{content:"\f0d0"}.fa-truck:before{content:"\f0d1"}.fa-pinterest:before{content:"\f0d2"}.fa-pinterest-square:before{content:"\f0d3"}.fa-google-plus-square:before{content:"\f0d4"}.fa-google-plus:before{content:"\f0d5"}.fa-money:before{content:"\f0d6"}.fa-caret-down:before{content:"\f0d7"}.fa-caret-up:before{content:"\f0d8"}.fa-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.fa-columns:before{content:"\f0db"}.fa-unsorted:before,.fa-sort:before{content:"\f0dc"}.fa-sort-down:before,.fa-sort-asc:before{content:"\f0dd"}.fa-sort-up:before,.fa-sort-desc:before{content:"\f0de"}.fa-envelope:before{content:"\f0e0"}.fa-linkedin:before{content:"\f0e1"}.fa-rotate-left:before,.fa-undo:before{content:"\f0e2"}.fa-legal:before,.fa-gavel:before{content:"\f0e3"}.fa-dashboard:before,.fa-tachometer:before{content:"\f0e4"}.fa-comment-o:before{content:"\f0e5"}.fa-comments-o:before{content:"\f0e6"}.fa-flash:before,.fa-bolt:before{content:"\f0e7"}.fa-sitemap:before{content:"\f0e8"}.fa-umbrella:before{content:"\f0e9"}.fa-paste:before,.fa-clipboard:before{content:"\f0ea"}.fa-lightbulb-o:before{content:"\f0eb"}.fa-exchange:before{content:"\f0ec"}.fa-cloud-download:before{content:"\f0ed"}.fa-cloud-upload:before{content:"\f0ee"}.fa-user-md:before{content:"\f0f0"}.fa-stethoscope:before{content:"\f0f1"}.fa-suitcase:before{content:"\f0f2"}.fa-bell-o:before{content:"\f0a2"}.fa-coffee:before{content:"\f0f4"}.fa-cutlery:before{content:"\f0f5"}.fa-file-text-o:before{content:"\f0f6"}.fa-building-o:before{content:"\f0f7"}.fa-hospital-o:before{content:"\f0f8"}.fa-ambulance:before{content:"\f0f9"}.fa-medkit:before{content:"\f0fa"}.fa-fighter-jet:before{content:"\f0fb"}.fa-beer:before{content:"\f0fc"}.fa-h-square:before{content:"\f0fd"}.fa-plus-square:before{content:"\f0fe"}.fa-angle-double-left:before{content:"\f100"}.fa-angle-double-right:before{content:"\f101"}.fa-angle-double-up:before{content:"\f102"}.fa-angle-double-down:before{content:"\f103"}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angle-down:before{content:"\f107"}.fa-desktop:before{content:"\f108"}.fa-laptop:before{content:"\f109"}.fa-tablet:before{content:"\f10a"}.fa-mobile-phone:before,.fa-mobile:before{content:"\f10b"}.fa-circle-o:before{content:"\f10c"}.fa-quote-left:before{content:"\f10d"}.fa-quote-right:before{content:"\f10e"}.fa-spinner:before{content:"\f110"}.fa-circle:before{content:"\f111"}.fa-mail-reply:before,.fa-reply:before{content:"\f112"}.fa-github-alt:before{content:"\f113"}.fa-folder-o:before{content:"\f114"}.fa-folder-open-o:before{content:"\f115"}.fa-smile-o:before{content:"\f118"}.fa-frown-o:before{content:"\f119"}.fa-meh-o:before{content:"\f11a"}.fa-gamepad:before{content:"\f11b"}.fa-keyboard-o:before{content:"\f11c"}.fa-flag-o:before{content:"\f11d"}.fa-flag-checkered:before{content:"\f11e"}.fa-terminal:before{content:"\f120"}.fa-code:before{content:"\f121"}.fa-reply-all:before{content:"\f122"}.fa-mail-reply-all:before{content:"\f122"}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:"\f123"}.fa-location-arrow:before{content:"\f124"}.fa-crop:before{content:"\f125"}.fa-code-fork:before{content:"\f126"}.fa-unlink:before,.fa-chain-broken:before{content:"\f127"}.fa-question:before{content:"\f128"}.fa-info:before{content:"\f129"}.fa-exclamation:before{content:"\f12a"}.fa-superscript:before{content:"\f12b"}.fa-subscript:before{content:"\f12c"}.fa-eraser:before{content:"\f12d"}.fa-puzzle-piece:before{content:"\f12e"}.fa-microphone:before{content:"\f130"}.fa-microphone-slash:before{content:"\f131"}.fa-shield:before{content:"\f132"}.fa-calendar-o:before{content:"\f133"}.fa-fire-extinguisher:before{content:"\f134"}.fa-rocket:before{content:"\f135"}.fa-maxcdn:before{content:"\f136"}.fa-chevron-circle-left:before{content:"\f137"}.fa-chevron-circle-right:before{content:"\f138"}.fa-chevron-circle-up:before{content:"\f139"}.fa-chevron-circle-down:before{content:"\f13a"}.fa-html5:before{content:"\f13b"}.fa-css3:before{content:"\f13c"}.fa-anchor:before{content:"\f13d"}.fa-unlock-alt:before{content:"\f13e"}.fa-bullseye:before{content:"\f140"}.fa-ellipsis-h:before{content:"\f141"}.fa-ellipsis-v:before{content:"\f142"}.fa-rss-square:before{content:"\f143"}.fa-play-circle:before{content:"\f144"}.fa-ticket:before{content:"\f145"}.fa-minus-square:before{content:"\f146"}.fa-minus-square-o:before{content:"\f147"}.fa-level-up:before{content:"\f148"}.fa-level-down:before{content:"\f149"}.fa-check-square:before{content:"\f14a"}.fa-pencil-square:before{content:"\f14b"}.fa-external-link-square:before{content:"\f14c"}.fa-share-square:before{content:"\f14d"}.fa-compass:before{content:"\f14e"}.fa-toggle-down:before,.fa-caret-square-o-down:before{content:"\f150"}.fa-toggle-up:before,.fa-caret-square-o-up:before{content:"\f151"}.fa-toggle-right:before,.fa-caret-square-o-right:before{content:"\f152"}.fa-euro:before,.fa-eur:before{content:"\f153"}.fa-gbp:before{content:"\f154"}.fa-dollar:before,.fa-usd:before{content:"\f155"}.fa-rupee:before,.fa-inr:before{content:"\f156"}.fa-cny:before,.fa-rmb:before,.fa-yen:before,.fa-jpy:before{content:"\f157"}.fa-ruble:before,.fa-rouble:before,.fa-rub:before{content:"\f158"}.fa-won:before,.fa-krw:before{content:"\f159"}.fa-bitcoin:before,.fa-btc:before{content:"\f15a"}.fa-file:before{content:"\f15b"}.fa-file-text:before{content:"\f15c"}.fa-sort-alpha-asc:before{content:"\f15d"}.fa-sort-alpha-desc:before{content:"\f15e"}.fa-sort-amount-asc:before{content:"\f160"}.fa-sort-amount-desc:before{content:"\f161"}.fa-sort-numeric-asc:before{content:"\f162"}.fa-sort-numeric-desc:before{content:"\f163"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbs-down:before{content:"\f165"}.fa-youtube-square:before{content:"\f166"}.fa-youtube:before{content:"\f167"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-youtube-play:before{content:"\f16a"}.fa-dropbox:before{content:"\f16b"}.fa-stack-overflow:before{content:"\f16c"}.fa-instagram:before{content:"\f16d"}.fa-flickr:before{content:"\f16e"}.fa-adn:before{content:"\f170"}.fa-bitbucket:before{content:"\f171"}.fa-bitbucket-square:before{content:"\f172"}.fa-tumblr:before{content:"\f173"}.fa-tumblr-square:before{content:"\f174"}.fa-long-arrow-down:before{content:"\f175"}.fa-long-arrow-up:before{content:"\f176"}.fa-long-arrow-left:before{content:"\f177"}.fa-long-arrow-right:before{content:"\f178"}.fa-apple:before{content:"\f179"}.fa-windows:before{content:"\f17a"}.fa-android:before{content:"\f17b"}.fa-linux:before{content:"\f17c"}.fa-dribbble:before{content:"\f17d"}.fa-skype:before{content:"\f17e"}.fa-foursquare:before{content:"\f180"}.fa-trello:before{content:"\f181"}.fa-female:before{content:"\f182"}.fa-male:before{content:"\f183"}.fa-gittip:before{content:"\f184"}.fa-sun-o:before{content:"\f185"}.fa-moon-o:before{content:"\f186"}.fa-archive:before{content:"\f187"}.fa-bug:before{content:"\f188"}.fa-vk:before{content:"\f189"}.fa-weibo:before{content:"\f18a"}.fa-renren:before{content:"\f18b"}.fa-pagelines:before{content:"\f18c"}.fa-stack-exchange:before{content:"\f18d"}.fa-arrow-circle-o-right:before{content:"\f18e"}.fa-arrow-circle-o-left:before{content:"\f190"}.fa-toggle-left:before,.fa-caret-square-o-left:before{content:"\f191"}.fa-dot-circle-o:before{content:"\f192"}.fa-wheelchair:before{content:"\f193"}.fa-vimeo-square:before{content:"\f194"}.fa-turkish-lira:before,.fa-try:before{content:"\f195"}.fa-plus-square-o:before{content:"\f196"} \ No newline at end of file diff --git a/styles/less.css b/styles/less.css new file mode 100644 index 0000000..d834a0d --- /dev/null +++ b/styles/less.css @@ -0,0 +1,540 @@ +.italic { + font-style: italic !important; +} +.bold, +.strong { + font-weight: bold !important; +} +.normal { + font-weight: normal !important; + text-transform: none !important; +} +.underline { + text-decoration: underline; +} +.lowercase { + text-transform: lowercase; +} +.capitalize { + text-transform: capitalize; +} +.uppercase { + text-transform: uppercase; +} +.tal, +.ta-left { + text-align: left !important; +} +.tac, +.ta-center { + text-align: center !important; +} +.tar, +.ta-right { + text-align: right !important; +} +.vab { + vertical-align: bottom; +} +.f10 { + font-size: 10px !important; +} +.f11 { + font-size: 11px !important; +} +.f12 { + font-size: 12px !important; + line-height: 18px; +} +.f14 { + font-size: 14px !important; +} +.f16 { + font-size: 16px !important; +} +.f18 { + font-size: 18px !important; +} +.f22 { + font-size: 22px !important; +} +.f26 { + font-size: 26px !important; +} +.o1 { + opacity: .1 !important; +} +.o2 { + opacity: .2 !important; +} +.o3 { + opacity: .3 !important; +} +.o4 { + opacity: .4 !important; +} +.o5 { + opacity: .5 !important; +} +.o6 { + opacity: .6 !important; +} +.o7 { + opacity: .7 !important; +} +.o8 { + opacity: .8 !important; +} +.o9 { + opacity: .9 !important; +} +.pad0 { + padding: 0 !important; +} +.pad10 { + padding: 10px !important; +} +.pad10tb { + padding-top: 10px !important; + padding-bottom: 10px !important; +} +.pad10t { + padding-top: 10px !important; +} +.pad10b { + padding-bottom: 10px !important; +} +.pad10lr { + padding-left: 10px !important; + padding-right: 10px !important; +} +.pad10l { + padding-left: 10px !important; +} +.pad10r { + padding-right: 10px !important; +} +.pad20 { + padding: 20px !important; +} +.pad20tb { + padding-top: 20px !important; + padding-bottom: 20px !important; +} +.pad20t { + padding-top: 20px !important; +} +.pad20b { + padding-bottom: 20px !important; +} +.pad20lr { + padding-left: 20px !important; + padding-right: 20px !important; +} +.pad20l { + padding-left: 20px !important; +} +.pad20r { + padding-right: 20px !important; +} +.pad30 { + padding: 30px !important; +} +.pad30tb { + padding-top: 30px !important; + padding-bottom: 30px !important; +} +.pad30t { + padding-top: 30px !important; +} +.pad30b { + padding-bottom: 30px !important; +} +.pad30lr { + padding-left: 30px !important; + padding-right: 30px !important; +} +.pad30l { + padding-left: 30px !important; +} +.pad30r { + padding-right: 30px !important; +} +.pad40 { + padding: 40px !important; +} +.pad40tb { + padding-top: 40px !important; + padding-bottom: 40px !important; +} +.pad40t { + padding-top: 40px !important; +} +.pad40b { + padding-bottom: 40px !important; +} +.pad40lr { + padding-left: 40px !important; + padding-right: 40px !important; +} +.pad40l { + padding-left: 40px !important; +} +.pad40r { + padding-right: 40px !important; +} +.mar0 { + margin: 0 !important; +} +.mar0a { + margin: 0 auto !important; +} +.mara { + margin-left: auto !important; + margin-right: auto !important; +} +.mar10 { + margin: 10px !important; +} +.mar10tb { + margin-top: 10px !important; + margin-bottom: 10px !important; +} +.mar10t { + margin-top: 10px !important; +} +.mar10b { + margin-bottom: 10px !important; +} +.mar10lr { + margin-left: 10px !important; + margin-right: 10px !important; +} +.mar10l { + margin-left: 10px !important; +} +.mar10r { + margin-right: 10px !important; +} +.mar20 { + margin: 20px !important; +} +.mar20tb { + margin-top: 20px !important; + margin-bottom: 20px !important; +} +.mar20t { + margin-top: 20px !important; +} +.mar20b { + margin-bottom: 20px !important; +} +.mar20lr { + margin-left: 20px !important; + margin-right: 20px !important; +} +.mar20l { + margin-left: 20px !important; +} +.mar20r { + margin-right: 20px !important; +} +.mar30 { + margin: 30px !important; +} +.mar30tb { + margin-top: 30px !important; + margin-bottom: 30px !important; +} +.mar30t { + margin-top: 30px !important; +} +.mar30b { + margin-bottom: 30px !important; +} +.mar30lr { + margin-left: 30px !important; + margin-right: 30px !important; +} +.mar30l { + margin-left: 30px !important; +} +.mar30r { + margin-right: 30px !important; +} +.mar50t { + margin-top: 50px !important; +} +.mar50b { + margin-bottom: 50px !important; +} +.max30 { + max-width: 30px !important; +} +.max50 { + max-width: 50px !important; +} +.max100 { + max-width: 100px !important; +} +.max200 { + max-width: 200px !important; +} +.max300 { + max-width: 300px !important; +} +.max350 { + max-width: 350px !important; +} +.max400 { + max-width: 400px !important; +} +.max500 { + max-width: 500px !important; +} +.max600 { + max-width: 600px !important; +} +.max768 { + max-width: 768px !important; +} +.max992 { + max-width: 992px !important; +} +.max1100 { + max-width: 1100px !important; +} +.maxfull { + max-width: 100% !important; +} +.full { + width: 100%; +} +.overflow { + overflow: auto; +} +.fr { + float: right !important; +} +.fl { + float: left; +} +.fn { + float: none; +} +.d-b, +.block { + display: block; +} +.d-i, +.inline { + display: inline; +} +.d-ib { + display: inline-block; +} +.d-n, +.none { + display: none !important; +} +.pr { + position: relative; +} +.pb { + position: absolute; + bottom: 0; +} +.pal { + left: 0; +} +.par { + right: 0; +} +.ps { + position: static; +} +.pointer { + cursor: pointer; +} +.hidden { + position: absolute !important; + left: -10000px; + top: -10000px; + visibility: hidden; +} +.ir { + display: block; + text-indent: -999em; + overflow: hidden; + background-repeat: no-repeat; + text-align: left; + direction: ltr; +} +.visuallyhidden { + border: 0; + clip: rect(0 0 0 0); + height: 1px; + margin: -1px; + overflow: hidden; + padding: 0; + position: absolute; + width: 1px; +} +.invisible { + visibility: hidden; +} +.clearfix:before, +.clearfix:after { + content: "\0020"; + display: block; + height: 0; + visibility: hidden; +} +.clearfix:after { + clear: both; +} +.clearfix { + zoom: 1; +} +.no-border { + border: none !important; +} +/*------------------------------------*\ +* +* #VARIABLES +* +\*------------------------------------*/ +/*------------------------------------*\ +* +* #MIXINS +* +\*------------------------------------*/ +/*------------------------------------*\ + + #INPUT FOR LABEL TO BE PLACEHOLDER + +\*------------------------------------*/ +.j-input { + position: relative; +} +.j-input input { + background-color: transparent; + z-index: 1; +} +.j-input label { + font-weight: normal; + position: absolute; + left: 12px; + top: 0; + margin-top: 12px; + background-color: white; + color: $grayLight; + padding: 0 5px; + -webkit-transition: all 0.15s ease-in-out; + transition: all 0.15s ease-in-out; + line-height: initial; + z-index: 0; +} +.j-input input:focus + label, +.j-input input.filled + label { + z-index: 2; + margin-top: -7px; + font-size: 12px; + color: #ccc; +} +body { + overflow-x: hidden; +} +/*------------------------------------*\ +* +* FOR GIVING APPS PERMISSION TO USE +* YOUR ACCOUNT INFORMATION +* +\*------------------------------------*/ +.authorization-dialog { + background-color: white; + min-height: 600px; +} +.authorization-dialog .authorization-card { + width: 320px; + margin: 0 auto; + background-color: white; + border-radius: 5px; + padding: 40px; + text-align: center; +} +.authorization-dialog .agent { + text-align: center; + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; + font-size: 10px; + margin-bottom: 20px; + float: left; +} +.authorization-dialog .agent img { + display: block; + width: 100%; + margin: 0 auto 10px; +} +.authorization-dialog .agent span { + color: #999999; +} +.authorization-dialog .choose-account { + height: 30px; + margin-bottom: 20px; +} +.authorization-dialog .app-name { + color: #1e9ce5; +} +.authorization-dialog .permission-request { + font-size: 16px; + text-align: center; + margin-bottom: 20px; + clear: both; +} +.authorization-dialog .permission-list { + text-align: left; + padding-left: 15px; + font-size: 14px; + margin-top: 10px; +} +.authorization-dialog .permission-list .checkbox { + min-height: 0; + padding: 0; +} +.authorization-dialog .actions .btn { + margin-left: 10px; +} +.authorization-dialog .actions .btn:first-child { + margin-left: 0; +} +@media only screen and (min-width: 600px) { + .authorization-dialog { + background-color: #f7f7f7; + padding: 50px; + } +} +.landing-page .jumbotron { + background: #000000 url(../images/confectionary.png) repeat; + background-size: cover; + color: grey; +} +.landing-page .media-body { + height: 128px; + position: relative; +} +.landing-page .media-body a { + display: block; + float: left; +} +.landing-page .media-body a.link { + display: none; +} +.landing-page .media-body .desc { + color: #999999; +} +.landing-page .media-body .btn { + position: absolute; + bottom: 0; +} diff --git a/styles/style.css b/styles/style.css new file mode 100644 index 0000000..1ed5500 --- /dev/null +++ b/styles/style.css @@ -0,0 +1,41 @@ +.ng-hide { + display: none; +} +.ng-show { +} + +.aj-pad-top { + padding-top: 50px; +} + +.aj-max-width { + width: 100%; +} + +.aj-landing-page { + min-height: 800px; +} + +.aj-badge-pad { + margin-right: 1em; +} + +.aj-app-container { + height: 150px; +} + +.aj-app-object { + width: 128px; +} + +.aj-built-with-footer { + text-decoration: none; color: #F778A1; font-size: 1.3em; +} + +.aj-navbar { + margin-bottom: 0; border-top-width: 0; +} + +.aj-main-logo { + position: relative; top: -6px; right: 8px; +} diff --git a/views/authorization-dialog.html b/views/authorization-dialog.html new file mode 100644 index 0000000..a8cfb2e --- /dev/null +++ b/views/authorization-dialog.html @@ -0,0 +1,77 @@ + +
+ + + + + + + +
+
+
+
+
+
{{ ADC.error.message }}
+
+ 
{{ ADC.rawResponse | json }}
+
+
+
+
The application provided invalid scope. +
    +
  • + 
    {{ invalid | json }}
    +
    • +
+
+
+
+
+
{{ ADC.account.name || 'Fetching User...' }}
+
{{ ADC.client.title || 'Fetching App...' }}
+
+ +
+
+
You'll love {{ ADC.client.title || "App Name" }}
because it can help you... +
    +
    + +
    +
    + +
    +
+
+
+
+
You can sign in to {{ ADC.client.title || "App Name" }}.
No member data will be shared.
+
+
+
+
Checking Permissions...
+
+
+
+

To prevent click-jacking the user may not interact with the authorize dialog in an iFrame.

+

If you supply no scope, or the scope has already been granted, you will receive a token.

+

Otherwise the error callback will be called.

+
+
+
+ + +
+

+

+

+
* In accordance with the LDS.org Privacy Policy, apps may not store any member data. The data is delivered directly to your browser only.

If you believe an app is violating this policy, please report it to abuse@daplie.com.
+
+
+
+
diff --git a/views/lds-account.html b/views/lds-account.html new file mode 100644 index 0000000..ea58e40 --- /dev/null +++ b/views/lds-account.html @@ -0,0 +1,28 @@ + +
+
+

Verify Membership Record

+

+
+
+
+
+

{{ LAC.me.name }} {{ LAC.me.surnames.join(" ") }}

{{ LAC.me.callings[0].title }}{{ calling.title }}(no ward calling assigned)
{{ phone.value }}
{{ LAC.me.phones[0].value }}<< No Phone Number >>
{{ email.value }}
{{ LAC.me.emails[0].value }}<< No Email Address >>
{{ LAC.home.lines[0] || "<< No Street Address >>" }}
{{ LAC.home.lines[1] }}
{{ LAC.home.city || "<< No City >>" }}, {{ LAC.home.state || "<< No State >>" }} {{ LAC.home.postalCode || "<< No Postal Code >>" }}
+

{{ LAC.ward.name || LAC.ward.meetinghouse.name }}

+

({{ LAC.stake.name || LAC.stake.meetinghouse.name }})
{{ LAC.ward.meetinghouse.address.street }} {{ LAC.ward.meetinghouse.address.city }}, {{ LAC.ward.meetinghouse.address.state }}
Sunday Services start at {{ LAC.ward.meetinghouse.hours }}
Bishop {{ LAC.leaders.bishop.name }} {{ LAC.leaders.bishop.surnames.join(' ') }}{{ LAC.leaders.bishop.phones[0].value }}<< No Phone Number >>{{ LAC.leaders.bishop.emails[0].value }}<< No Email Address >>

+
+
+
+

If any of the above information is missing or incorrect, please contact your ward clerk:

{{ LAC.leaders.clerk.name }} {{ LAC.leaders.clerk.surnames.join(' ') }}
{{ LAC.leaders.clerk.phones[0].value }}<< No Phone Number >>
{{ LAC.leaders.clerk.emails[0].value }}<< No Email Address >> +
+
+
+
+ +
+
+
+
+
+
+
\ No newline at end of file diff --git a/views/login-v3.html b/views/login-v3.html new file mode 100644 index 0000000..95ae26e --- /dev/null +++ b/views/login-v3.html @@ -0,0 +1,81 @@ + +
+
+

Login with your Account

+

+
+

+
+
+
+
+
+
+
+
+ (forgot username?) + Enter your existing username or the username you would like to create. +
+
+ (forgot passphrase?)    + + + Enter a passphrase with {{ LC.secretMinLength }} or more characters. +
+
+ (use email verification instead?) + Enter your 6-digit Daplie Token. +
+
+
+
+
+
+

To create an Account you will need your Multi-Factor Authentication (MFA).

+

You can get your MFA via

+
    +
  • your Phone
    • +
  • your Email
    • +
  • your Authy app
    • +
+
+
+
+
+
+
+
+ + + + +
+
+
+
+
+
+ +
    +
  • {{ login.comment || (login | json) }} +
    • +
+
+
+
+ +
+
diff --git a/views/my-account.html b/views/my-account.html new file mode 100644 index 0000000..9f9f3c2 --- /dev/null +++ b/views/my-account.html @@ -0,0 +1,4 @@ + +

+ 
{{ MAC | json }}
+
\ No newline at end of file diff --git a/views/nav.html b/views/nav.html new file mode 100644 index 0000000..0911612 --- /dev/null +++ b/views/nav.html @@ -0,0 +1,21 @@ + + +
+
+
Daplie Connect +
+ +
+
+
+ +
+
+
diff --git a/views/verify-contact-details.html b/views/verify-contact-details.html new file mode 100644 index 0000000..61eec28 --- /dev/null +++ b/views/verify-contact-details.html @@ -0,0 +1,80 @@ + +
+
+

Verify your LDS Account

+

+
+
+
+
+
+
+
+ +
+
+
+ +
+
+
+
+
+
+ +
{{ VCDC.phoneFlashMessage }}
+
+
+
+ +
+
+
+
+
+
{{ VCDC.validationErrorMessages.phone }}
+
Phone Verified! :-D
+
code will be sent from +1 (801) 788-4599
+
+
+
+
+
+ +
+
+
+ +
+
+
+
+
+
+ +
{{ VCDC.emailFlashMessage }}
+
+
+
+ +
+
+
+
+
+
{{ VCDC.validationErrorMessages.email }}
+
Email Verified! :-D
+
code will be sent by woof@hellabit.com
+
+
+
+
+
+
+ +
+
+
+
+
+
\ No newline at end of file From 566c184d413fd36b3170731e2b030c973954d874 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 May 2017 00:57:34 -0500 Subject: [PATCH 34/76] add subtree script --- add-subtree.sh | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 add-subtree.sh diff --git a/add-subtree.sh b/add-subtree.sh new file mode 100644 index 0000000..9c71298 --- /dev/null +++ b/add-subtree.sh @@ -0,0 +1,5 @@ +# add +git subtree add --prefix lib/com.daplie.walnut ../../ns1.daplie.me/walnut.bak/packages/pages/com.daplie.walnut/ master --squash + +# update +git subtree pull --prefix lib/com.daplie.walnut ../../ns1.daplie.me/walnut.bak/packages/pages/com.daplie.walnut/ master --squash From 5d27a81bacffce55e6670cec5724c368d88557b8 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 May 2017 06:15:14 +0000 Subject: [PATCH 35/76] load the config --- lib/main.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/main.js b/lib/main.js index ee74a48..eb9dcfd 100644 --- a/lib/main.js +++ b/lib/main.js @@ -55,7 +55,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { } if (!setupApp) { - setupApp = express.static(path.join(xconfx.staticpath, 'com.daplie.walnut')); + //setupApp = express.static(path.join(xconfx.staticpath, 'com.daplie.walnut')); + setupApp = express.static(path.join('lib', 'com.daplie.walnut')); } setupApp(req, res, function () { if ('/' === req.url) { From 9d157c12a2143609c958c8243aa0651e810ec83a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 May 2017 07:40:20 +0000 Subject: [PATCH 36/76] add shortcut to loading any static app --- lib/main.js | 87 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 77 insertions(+), 10 deletions(-) diff --git a/lib/main.js b/lib/main.js index eb9dcfd..495a556 100644 --- a/lib/main.js +++ b/lib/main.js @@ -69,6 +69,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { function loadHandler(name) { return function handler(req, res, next) { + // path.join('packages/pages', 'com.daplie.hello') // package name (used as file-link) + // path.join('packages/pages', 'domain.tld#hello') // dynamic exact url match var packagepath = path.join(xconfx.staticpath, name); return fs.lstatAsync(packagepath).then(function (stat) { @@ -84,8 +86,18 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { return disallowNonFiles; } + // path.join('packages/pages', 'domain.tld#hello') // a file (not folder) which contains a list of roots + // may look like this: + // + // com.daplie.hello + // tld.domain.app + // + // this is basically a 'recursive mount' to signify that 'com.daplie.hello' should be tried first + // and if no file matches that 'tld.domain.app' may be tried next, and so on + // + // this may well become a .htaccess type of situation allowing for redirects and such return fs.readFileAsync(packagepath, 'utf8').then(function (text) { - // TODO allow cascading + // TODO allow cascading multiple lines text = text.trim().split(/\n/)[0]; // TODO rerun the above, disallowing link-style (or count or memoize to prevent infinite loop) @@ -95,6 +107,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { return securityError; } + // instead of actually creating new instances of express.static + // this same effect could be managed by internally re-writing the url (and restoring it) return express.static(packagepath); }); }, function (/*err*/) { @@ -109,22 +123,27 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { } function staticHelper(appId, opts) { + console.log('[staticHelper]', appId); // TODO inter-process cache expirey // TODO add to xconfx.staticpath xconfx.staticpath = path.join(__dirname, '..', '..', 'packages', 'pages'); + + // Reads in each of the static apps as 'nodes' return fs.readdirAsync(xconfx.staticpath).then(function (nodes) { if (opts && opts.clear) { localCache.statics = {}; } - // longest to shortest + // Order from longest (index length - 1) to shortest (index 0) function shortToLong(a, b) { return b.length - a.length; } nodes.sort(shortToLong); nodes.forEach(function (name) { + console.log('[all apps]', name); if (!localCache.statics[name]) { + console.log('[load this app]', name); localCache.statics[name] = { handler: loadHandler(name), createdAt: Date.now() }; } }); @@ -151,10 +170,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { }); } - function serveStatic(req, res, next) { - // If we get this far we can be pretty confident that - // the domain was already set up because it's encrypted - var appId = req.hostname + req.url.replace(/\/+/g, '#').replace(/#$/, ''); + function serveStaticHelper(appId, opts, req, res, next) { var appIdParts = appId.split('#'); var appIdPart; @@ -168,13 +184,14 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { require('./no-www').scrubTheDub(req, res); return; } + /* if (!redirectives && config.redirects) { redirectives = require('./hostname-redirects').compile(config.redirects); } */ - // TODO assets.example.com/sub/assets/com.example.xyz/ + // If this looks like an API, we shouldn't be here if (/^api\./.test(req.hostname) && /\/api(\/|$)/.test(req.url)) { // supports api.example.com/sub/app/api/com.example.xyz/ if (!apiApp) { @@ -199,8 +216,18 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { return; } + /* + // TODO assets.example.com/sub/assets/com.example.xyz/ + if (/^assets\./.test(req.hostname) && /\/assets(\/|$)/.test(req.url)) { + ... + } + */ + + // There may be some app folders named 'apple.com', 'apple.com#foo', and 'apple.com#foo#bar' + // Here we're sorting an appId broken into parts like [ 'apple.com', 'foo', 'bar' ] + // and wer're checking to see if this is perhaps '/' of 'apple.com/foo/bar' or '/foo/bar' of 'apple.com', etc while (appIdParts.length) { - // TODO needs IPC to expire cache + // TODO needs IPC to expire cache when an API says the app mounts have been updated appIdPart = appIdParts.join('#'); if (localCache.statics[appIdPart]) { break; @@ -211,18 +238,58 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { } if (!appIdPart || !localCache.statics[appIdPart]) { - return staticHelper(appId).then(function () { - localCache.statics[appId].handler(req, res, next); + console.log('[serveStaticHelper] appId', appId); + return staticHelper(appId).then(function (webapp) { + //localCache.statics[appId].handler(req, res, next); + webapp.handler(req, res, next); }); } + console.log('[serveStaticHelper] appIdPart', appIdPart); + if (opts && opts.rewrite && -1 !== req.url.indexOf(appIdPart.replace(/#/, '/').replace(/\/$/, ''))) { + console.log('[staticHelper ReWrite]', req.url.slice(req.url.indexOf(appIdPart.replace(/#/, '/').replace(/\/$/, '')) + appIdPart.replace(/\/$/, '').length)); + req.url = req.url.slice(req.url.indexOf(appIdPart.replace(/#/, '/').replace(/\/$/, '')) + appIdPart.replace(/\/$/, '').length); + if (0 !== req.url.indexOf('/')) { + req.url = '/' + req.url; + } + } localCache.statics[appIdPart].handler(req, res, next); if (Date.now() - localCache.statics[appIdPart].createdAt > (5 * 60 * 1000)) { staticHelper(appId, { clear: true }); } } + function serveStatic(req, res, next) { + // We convert the URL that was sent in the browser bar from + // 'https://domain.tld/foo/bar' to 'domain.tld#foo#bar' + var appId = req.hostname + req.url.replace(/\/+/g, '#').replace(/#$/, ''); + serveStaticHelper(appId, null, req, res, next); + } + + function serveApps(req, res, next) { + var appId = req.url.slice(1).replace(/\/+/g, '#').replace(/#$/, ''); + + if (/^apps\./.test(req.hostname)) { + appId = appId.replace(/^apps#/, ''); + } else if (/\bapps#/.test(appId)) { + appId = appId.replace(/.*\bapps#/, ''); + } else { + next(); + return; + } + + console.log('[serveApps] appId', appId); + serveStaticHelper(appId, { rewrite: true }, req, res, next); + } + + // TODO set header 'X-ExperienceId: domain.tld/sub/path' + // This would let an app know whether its app is 'domain.tld' with a path of '/sub/path' + // or if its app is 'domain.tld/sub' with a path of '/path' + + // TODO handle assets.example.com/sub/assets/com.example.xyz/ + app.use('/', serveStatic); + app.use('/', serveApps); return PromiseA.resolve(); }; From 7159151352701dc4f469c80b258fa3ca79701ec1 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 May 2017 07:45:41 +0000 Subject: [PATCH 37/76] document how packages are accessed --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index a0c01df..a700c7a 100644 --- a/README.md +++ b/README.md @@ -101,3 +101,17 @@ Once you run the app the initialization files will appear in these locations ``` Deleting those files will rese + +Accessing static apps +--------------------- + +Static apps are stored in `packages/pages` + +``` +# App ID as files with a list of packages they should load +/srv/walnut/packages/pages/ # https://domain.tld/path +/srv/walnut/packages/pages/ # https://domain.tld and https://domain.tld/foo match + +# packages are directories with reverse dns name # used for debugging +/srv/walnut/packages/pages/ # matches apps./ and /apps/ +``` From 71819be2664127af45342fba688b9894e2ce36a4 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 May 2017 07:53:52 +0000 Subject: [PATCH 38/76] update uri matching, set header --- lib/main.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/main.js b/lib/main.js index 495a556..6576d02 100644 --- a/lib/main.js +++ b/lib/main.js @@ -174,6 +174,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { var appIdParts = appId.split('#'); var appIdPart; + res.setHeader('X-Walnut-Uri', appId.replace(/#/g, '/')); + // TODO configuration for allowing www if (/^www\./.test(req.hostname)) { // NOTE: acme responder and appcache unbricker must come before scrubTheDub @@ -246,9 +248,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { } console.log('[serveStaticHelper] appIdPart', appIdPart); - if (opts && opts.rewrite && -1 !== req.url.indexOf(appIdPart.replace(/#/, '/').replace(/\/$/, ''))) { - console.log('[staticHelper ReWrite]', req.url.slice(req.url.indexOf(appIdPart.replace(/#/, '/').replace(/\/$/, '')) + appIdPart.replace(/\/$/, '').length)); - req.url = req.url.slice(req.url.indexOf(appIdPart.replace(/#/, '/').replace(/\/$/, '')) + appIdPart.replace(/\/$/, '').length); + if (opts && opts.rewrite && -1 !== req.url.indexOf(appIdPart.replace(/#/g, '/').replace(/\/$/, ''))) { + req.url = req.url.slice(req.url.indexOf(appIdPart.replace(/#/g, '/').replace(/\/$/, '')) + appIdPart.replace(/(\/|#)$/, '').length); if (0 !== req.url.indexOf('/')) { req.url = '/' + req.url; } From 3d5eaf94bd76c8bbab67ef39fef18d567b9bb7a7 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 May 2017 07:56:31 +0000 Subject: [PATCH 39/76] note inconsistency in header --- lib/main.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/main.js b/lib/main.js index 6576d02..44fa4e4 100644 --- a/lib/main.js +++ b/lib/main.js @@ -174,6 +174,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { var appIdParts = appId.split('#'); var appIdPart; + // TODO for //apps/ the Uri should be / res.setHeader('X-Walnut-Uri', appId.replace(/#/g, '/')); // TODO configuration for allowing www From c1735d5c030ee74e883ffe478fd75142f2159ed4 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 May 2017 23:37:28 +0000 Subject: [PATCH 40/76] WIP load apis by file structure --- install.sh | 2 +- lib/apis.js | 338 ++++++++++++------------------- lib/bootstrap.js | 40 +--- lib/com.daplie.walnut/index.html | 2 +- lib/main.js | 65 +++--- lib/worker.js | 38 +++- 6 files changed, 211 insertions(+), 274 deletions(-) diff --git a/install.sh b/install.sh index 38a7486..0252334 100755 --- a/install.sh +++ b/install.sh @@ -218,7 +218,7 @@ install_my_app() ln -sf ../node_modules /srv/walnut/core/node_modules sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider - sudo mkdir -p /srv/walnut/packages/{api,pages,services} + sudo mkdir -p /srv/walnut/packages/{client-api-grants,rest,api,pages,services} #sudo chown -R $(whoami):$(whoami) /srv/walnut sudo chown -R www-data:www-data /srv/walnut sudo chmod -R ug+Xrw /srv/walnut diff --git a/lib/apis.js b/lib/apis.js index a1a79ca..ec28efe 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -5,219 +5,109 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { var express = require('express'); var fs = PromiseA.promisifyAll(require('fs')); var path = require('path'); - var localCache = { apis: {}, pkgs: {} }; + var localCache = { rests: {}, pkgs: {} }; // TODO xconfx.apispath - xconfx.apispath = path.join(__dirname, '..', '..', 'packages', 'apis'); + xconfx.restPath = path.join(__dirname, '..', '..', 'packages', 'rest'); + xconfx.appApiGrantsPath = path.join(__dirname, '..', '..', 'packages', 'client-api-grants'); function notConfigured(req, res) { - res.send({ error: { message: "api '" + req.apiId + "' not configured for domain '" + req.experienceId + "'" } }); + res.send({ error: { message: "api '" + req.pkgId + "' not configured for domain '" + req.experienceId + "'" } }); } - function loadApi(conf, pkgConf, pkgDeps, packagedApi) { - function handlePromise(p) { - return p.then(function (api) { - packagedApi._api = api; - return api; - }); - } - - if (!packagedApi._promise_api) { - packagedApi._promise_api = getApi(conf, pkgConf, pkgDeps, packagedApi); - } - - return handlePromise(packagedApi._promise_api); + /* + function isThisPkgInstalled(myConf, pkgId) { } + */ - function getApi(conf, pkgConf, pkgDeps, packagedApi) { - var PromiseA = pkgDeps.Promise; - var path = require('path'); - var pkgpath = path.join(pkgConf.apipath, packagedApi.id/*, (packagedApi.api.version || '')*/); + function isThisClientAllowedToUseThisPkg(myConf, clientUrih, pkgId) { + var appApiGrantsPath = path.join(myConf.appApiGrantsPath, clientUrih); - // TODO needs some version stuff (which would also allow hot-loading of updates) - // TODO version could be tied to sha256sum - - return new PromiseA(function (resolve, reject) { - var myApp; - var ursa; - var promise; - - // TODO dynamic requires are a no-no - // can we statically generate a require-er? on each install? - // module.exports = { {{pkgpath}}: function () { return require({{pkgpath}}) } } - // requirer[pkgpath]() - myApp = pkgDeps.express(); - myApp.disable('x-powered-by'); - if (pkgDeps.app.get('trust proxy')) { - myApp.set('trust proxy', pkgDeps.app.get('trust proxy')); - } - if (!pkgConf.pubkey) { - /* - return ursa.createPrivateKey(pem, password, encoding); - var pem = myKey.toPrivatePem(); - return jwt.verifyAsync(token, myKey.toPublicPem(), { ignoreExpiration: false && true }).then(function (decoded) { - }); - */ - ursa = require('ursa'); - pkgConf.keypair = ursa.createPrivateKey(pkgConf.privkey, 'ascii'); - pkgConf.pubkey = ursa.createPublicKey(pkgConf.pubkey, 'ascii'); //conf.keypair.toPublicKey(); - } - - try { - packagedApi._apipkg = require(path.join(pkgpath, 'package.json')); - packagedApi._apiname = packagedApi._apipkg.name; - if (packagedApi._apipkg.walnut) { - pkgpath += '/' + packagedApi._apipkg.walnut; + return fs.readFileAsync(appApiGrantsPath, 'utf8').then(function (text) { + return text.trim().split(/\n/); + }, function (/*err*/) { + return []; + }).then(function (apis) { + if (!apis.some(function (api) { + if (api === pkgId) { + return true; } - promise = PromiseA.resolve(require(pkgpath).create(pkgConf, pkgDeps, myApp)); - } catch(e) { - reject(e); - return; + })) { + if (clientUrih === ('api.' + xconfx.setupDomain) && 'org.oauth3.consumer' === pkgId) { + // fallthrough + return true; + } else { + return null; + } + } + }); + } + + function loadRestHelper(myConf, pkgId) { + var pkgPath = path.join(myConf.restPath, pkgId); + + return fs.readFileAsync(path.join(pkgPath, 'package.json'), 'utf8').then(function (text) { + var pkg = JSON.parse(text); + var deps = {}; + var myApp; + + if (pkg.walnut) { + pkgPath = path.join(pkgPath, pkg.walnut); } - promise.then(function () { - // TODO give pub/priv pair for app and all public keys - // packagedApi._api = require(pkgpath).create(pkgConf, pkgDeps, myApp); - packagedApi._api = require('express-lazy')(); - packagedApi._api_app = myApp; + Object.keys(apiDeps).forEach(function (key) { + deps[key] = apiDeps[key]; + }); + Object.keys(apiFactories).forEach(function (key) { + deps[key] = apiFactories[key]; + }); - //require('./oauth3-auth').inject(conf, packagedApi._api, pkgConf, pkgDeps); - pkgDeps.getOauth3Controllers = - packagedApi._getOauth3Controllers = require('oauthcommon/example-oauthmodels').create(conf).getControllers; - require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); + // TODO pull db stuff from package.json somehow and pass allowed data models as deps + // + // how can we tell which of these would be correct? + // deps.memstore = apiFactories.memstoreFactory.create(pkgId); + // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId); + // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId + pkgId); - // DEBUG - // - /* - packagedApi._api.use('/', function (req, res, next) { - console.log('[DEBUG pkgApiApp]', req.method, req.hostname, req.url); - next(); - }); - //*/ + // let's go with this one for now and the api can choose to scope or not to scope + deps.memstore = apiFactories.memstoreFactory.create(pkgId); - // TODO fix backwards compat - - // /api/com.example.foo (no change) - packagedApi._api.use('/', packagedApi._api_app); - - // /api/com.example.foo => /api - packagedApi._api.use('/', function (req, res, next) { - var priorUrl = req.url; - req.url = '/api' + req.url.slice(('/api/' + packagedApi.id).length); - // console.log('api mangle 3:', req.url); - packagedApi._api_app(req, res, function (err) { - req.url = priorUrl; - next(err); - }); - }); - - // /api/com.example.foo => / - packagedApi._api.use('/api/' + packagedApi.id, function (req, res, next) { - // console.log('api mangle 2:', '/api/' + packagedApi.id, req.url); - // console.log(packagedApi._api_app.toString()); - packagedApi._api_app(req, res, next); - }); - - resolve(packagedApi._api); - }, reject); + console.log('DEBUG pkgPath', pkgPath); + myApp = express(); + // + // TODO handle /accounts/:accountId + // + return PromiseA.resolve(require(pkgPath).create({ + etcpath: xconfx.etcpath + }/*pkgConf*/, deps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { + localCache.pkgs[pkgId] = { pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; + return localCache.pkgs[pkgId]; + }); }); } // Read packages/apis/sub.sld.tld (forward dns) to find list of apis as tld.sld.sub (reverse dns) // TODO packages/allowed_apis/sub.sld.tld (?) // TODO auto-register org.oauth3.consumer for primaryDomain (and all sites?) - function loadApiHandler() { - return function handler(req, res, next) { - var name = req.experienceId; - var apiId = req.apiId; - var packagepath = path.join(xconfx.apispath, name); + function loadRestHandler(myConf, pkgId) { + return PromiseA.resolve().then(function () { + if (!localCache.pkgs[pkgId]) { + return loadRestHelper(myConf, pkgId); + } - return fs.readFileAsync(packagepath, 'utf8').then(function (text) { - return text.trim().split(/\n/); - }, function () { - return []; - }).then(function (apis) { - return function (req, res, next) { - var apipath; - - if (!apis.some(function (api) { - if (api === apiId) { - return true; - } - })) { - if (req.experienceId === ('api.' + xconfx.setupDomain) && 'org.oauth3.consumer' === apiId) { - // fallthrough - } else { - return null; - } - } - - apipath = path.join(xconfx.apispath, apiId); - - if (!localCache.pkgs[apiId]) { - return fs.readFileAsync(path.join(apipath, 'package.json'), 'utf8').then(function (text) { - var pkg = JSON.parse(text); - var deps = {}; - var myApp; - - if (pkg.walnut) { - apipath = path.join(apipath, pkg.walnut); - } - - Object.keys(apiDeps).forEach(function (key) { - deps[key] = apiDeps[key]; - }); - Object.keys(apiFactories).forEach(function (key) { - deps[key] = apiFactories[key]; - }); - - // TODO pull db stuff from package.json somehow and pass allowed data models as deps - // - // how can we tell which of these would be correct? - // deps.memstore = apiFactories.memstoreFactory.create(apiId); - // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId); - // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId + apiId); - - // let's go with this one for now and the api can choose to scope or not to scope - deps.memstore = apiFactories.memstoreFactory.create(apiId); - - console.log('DEBUG apipath', apipath); - myApp = express(); - // - // TODO handle /accounts/:accountId - // - return PromiseA.resolve(require(apipath).create({ - etcpath: xconfx.etcpath - }/*pkgConf*/, deps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { - localCache.pkgs[apiId] = { pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; - localCache.pkgs[apiId].handler(req, res, next); - }); - }); - } - else { - localCache.pkgs[apiId].handler(req, res, next); - // TODO expire require cache - /* - if (Date.now() - localCache.pkgs[apiId].createdAt < (5 * 60 * 1000)) { - return; - } - */ - } - }; - }, function (/*err*/) { - return null; - }).then(function (handler) { - - // keep object reference intact - // DO NOT cache non-existant api - if (handler) { - localCache.apis[name].handler = handler; - } else { - handler = notConfigured; - } - handler(req, res, next); - }); - }; + return localCache.pkgs[pkgId]; + // TODO expire require cache + /* + if (Date.now() - localCache.pkgs[pkgId].createdAt < (5 * 60 * 1000)) { + return; + } + */ + }, function (/*err*/) { + // TODO what kind of errors might we want to handle? + return null; + }).then(function (restPkg) { + return restPkg; + }); } var CORS = require('connect-cors'); @@ -228,36 +118,78 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { , 'Accept' , 'Authorization' ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }); + var staleAfter = (5 * 60 * 1000); return function (req, res, next) { cors(req, res, function () { - var experienceId = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); - var apiId = req.url.replace(/.*\/api\//, '').replace(/\/.*/, ''); + var clientUrih = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); + var pkgId = req.url.replace(/.*\/api\//, '').replace(/\/.*/, ''); + var now = Date.now(); + var hasBeenHandled = false; + // Existing (Deprecated) Object.defineProperty(req, 'experienceId', { enumerable: true , configurable: false + , writable: false + , value: clientUrih + }); + Object.defineProperty(req, 'pkgId', { + enumerable: true + , configurable: false + , writable: false + , value: pkgId + }); + + // New + Object.defineProperty(req, 'clientUrih', { + enumerable: true + , configurable: false , writable: false // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app // (i.e. a company name change. maybe auto vs manual register - just like oauth3?) // NOTE: probably best to alias the name logically - , value: experienceId + , value: clientUrih }); - Object.defineProperty(req, 'apiId', { + Object.defineProperty(req, 'pkgId', { enumerable: true , configurable: false , writable: false - , value: apiId + , value: pkgId }); - if (!localCache.apis[experienceId]) { - localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; - } + // TODO cache permission (although the FS is already cached, NBD) + return isThisClientAllowedToUseThisPkg(xconfx, clientUrih, pkgId).then(function (yes) { + if (!yes) { + notConfigured(req, res); + return null; + } - localCache.apis[experienceId].handler(req, res, next); - if (Date.now() - localCache.apis[experienceId].createdAt > (5 * 60 * 1000)) { - localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() }; - } + if (localCache.rests[pkgId]) { + localCache.rests[pkgId].handler(req, res, next); + hasBeenHandled = true; + } + + if (now - localCache.rests[pkgId].createdAt > staleAfter) { + localCache.rests[pkgId] = null; + } + + if (!localCache.rests[pkgId]) { + //return doesThisPkgExist + + return loadRestHandler(xconfx, pkgId).then(function (myHandler) { + if (!myHandler) { + notConfigured(req, res); + return; + } + + localCache.rests[pkgId] = { handler: myHandler.handle, createdAt: now }; + if (!hasBeenHandled) { + myHandler.handle(req, res, next); + } + }); + } + }); }); }; }; diff --git a/lib/bootstrap.js b/lib/bootstrap.js index 5d9bdbd..621e886 100644 --- a/lib/bootstrap.js +++ b/lib/bootstrap.js @@ -40,41 +40,6 @@ module.exports.create = function (app, xconfx, models) { var getIpAddresses = require('./ip-checker').getExternalAddresses; var resolveInit; - function errorIfNotApi(req, res, next) { - var hostname = req.hostname || req.headers.host; - - if (!/^api\.[a-z0-9\-]+/.test(hostname)) { - res.send({ error: - { message: "API access is restricted to proper 'api'-prefixed lowercase subdomains." - + " The HTTP 'Host' header must exist and must begin with 'api.' as in 'api.example.com'." - + " For development you may test with api.localhost.daplie.me (or any domain by modifying your /etc/hosts)" - , code: 'E_NOT_API' - , _hostname: hostname - } - }); - return; - } - - next(); - } - - function errorIfApi(req, res, next) { - if (!/^api\./.test(req.headers.host)) { - next(); - return; - } - - // has api. hostname prefix - - // doesn't have /api url prefix - if (!/^\/api\//.test(req.url)) { - res.send({ error: { message: "missing /api/ url prefix" } }); - return; - } - - res.send({ error: { code: 'E_NO_IMPL', message: "not implemented" } }); - } - function getConfig(req, res) { getIpAddresses().then(function (inets) { var results = { @@ -191,7 +156,7 @@ module.exports.create = function (app, xconfx, models) { return; } - // init is always considered to be + // init is always considered to be resolveInit(true); // TODO feed this request back through the route stack from the top to avoid forced refresh? @@ -200,7 +165,7 @@ module.exports.create = function (app, xconfx, models) { res.end(""); }); }); - app.use('/api', errorIfNotApi); + // NOTE Allows CORS access to API with ?access_token= // TODO Access-Control-Max-Age: 600 // TODO How can we help apps handle this? token? @@ -208,7 +173,6 @@ module.exports.create = function (app, xconfx, models) { app.use('/api', cors); app.get('/api/com.daplie.walnut.init', getConfig); app.post('/api/com.daplie.walnut.init', setConfig); - app.use('/', errorIfApi); // TODO use package loader //app.use('/', express.static(path.join(__dirname, '..', '..', 'packages', 'pages', 'com.daplie.walnut.init'))); diff --git a/lib/com.daplie.walnut/index.html b/lib/com.daplie.walnut/index.html index 07707b1..40a1121 100644 --- a/lib/com.daplie.walnut/index.html +++ b/lib/com.daplie.walnut/index.html @@ -9,7 +9,7 @@ Daplie Connect - Sign on to the Web - + diff --git a/lib/main.js b/lib/main.js index 44fa4e4..540db0d 100644 --- a/lib/main.js +++ b/lib/main.js @@ -1,19 +1,19 @@ 'use strict'; -module.exports.create = function (app, xconfx, apiFactories, apiDeps) { +module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi) { var PromiseA = require('bluebird'); var path = require('path'); var fs = PromiseA.promisifyAll(require('fs')); // NOTE: each process has its own cache var localCache = { le: {}, statics: {} }; var express = require('express'); - var apiApp; var setupDomain = xconfx.setupDomain = ('cloud.' + xconfx.primaryDomain); + var apiApp; var setupApp; var CORS; var cors; - function redirectSetup(reason, req, res/*, next*/) { + function redirectSetup(reason, req, res) { console.log('xconfx', xconfx); var url = 'https://cloud.' + xconfx.primaryDomain; @@ -94,7 +94,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { // // this is basically a 'recursive mount' to signify that 'com.daplie.hello' should be tried first // and if no file matches that 'tld.domain.app' may be tried next, and so on - // + // // this may well become a .htaccess type of situation allowing for redirects and such return fs.readFileAsync(packagepath, 'utf8').then(function (text) { // TODO allow cascading multiple lines @@ -134,7 +134,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { localCache.statics = {}; } - // Order from longest (index length - 1) to shortest (index 0) + // Order from longest (index length - 1) to shortest (index 0) function shortToLong(a, b) { return b.length - a.length; } @@ -194,31 +194,6 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { } */ - // If this looks like an API, we shouldn't be here - if (/^api\./.test(req.hostname) && /\/api(\/|$)/.test(req.url)) { - // supports api.example.com/sub/app/api/com.example.xyz/ - if (!apiApp) { - apiApp = require('./apis').create(xconfx, apiFactories, apiDeps); - } - - if (/^OPTIONS$/i.test(req.method)) { - if (!cors) { - CORS = require('connect-cors'); - cors = CORS({ credentials: true, headers: [ - 'X-Requested-With' - , 'X-HTTP-Method-Override' - , 'Content-Type' - , 'Accept' - , 'Authorization' - ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }); - } - cors(req, res, apiApp); - } - - apiApp(req, res, next); - return; - } - /* // TODO assets.example.com/sub/assets/com.example.xyz/ if (/^assets\./.test(req.hostname) && /\/assets(\/|$)/.test(req.url)) { @@ -290,6 +265,36 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) { // TODO handle assets.example.com/sub/assets/com.example.xyz/ + app.use('/api', function (req, res, next) { + // If this doesn't look like an API we can move along + if (!/^api\./.test(req.hostname) && !/\/api(\/|$)/.test(req.url)) { + next(); + return; + } + + // supports api.example.com/sub/app/api/com.example.xyz/ + if (!apiApp) { + apiApp = require('./apis').create(xconfx, apiFactories, apiDeps); + } + + if (/^OPTIONS$/i.test(req.method)) { + if (!cors) { + CORS = require('connect-cors'); + cors = CORS({ credentials: true, headers: [ + 'X-Requested-With' + , 'X-HTTP-Method-Override' + , 'Content-Type' + , 'Accept' + , 'Authorization' + ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }); + } + cors(req, res, apiApp); + } + + apiApp(req, res, next); + return; + }); + app.use('/', errorIfApi); app.use('/', serveStatic); app.use('/', serveApps); diff --git a/lib/worker.js b/lib/worker.js index 152b9ce..e1c1cff 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -180,7 +180,7 @@ module.exports.create = function (webserver, xconfx, state) { function setupMain() { if (xconfx.debug) { console.log('[main] setup'); } mainApp = express(); - require('./main').create(mainApp, xconfx, apiFactories, apiDeps).then(function () { + require('./main').create(mainApp, xconfx, apiFactories, apiDeps, errorIfApi).then(function () { if (xconfx.debug) { console.log('[main] ready'); } // TODO process.send({}); }); @@ -202,6 +202,41 @@ module.exports.create = function (webserver, xconfx, state) { } }); + function errorIfNotApi(req, res, next) { + var hostname = req.hostname || req.headers.host; + + if (!/^api\.[a-z0-9\-]+/.test(hostname)) { + res.send({ error: + { message: "API access is restricted to proper 'api'-prefixed lowercase subdomains." + + " The HTTP 'Host' header must exist and must begin with 'api.' as in 'api.example.com'." + + " For development you may test with api.localhost.daplie.me (or any domain by modifying your /etc/hosts)" + , code: 'E_NOT_API' + , _hostname: hostname + } + }); + return; + } + + next(); + } + + function errorIfApi(req, res, next) { + if (!/^api\./.test(req.headers.host)) { + next(); + return; + } + + // has api. hostname prefix + + // doesn't have /api url prefix + if (!/^\/api\//.test(req.url)) { + res.send({ error: { message: "missing /api/ url prefix" } }); + return; + } + + res.send({ error: { code: 'E_NO_IMPL', message: "not implemented" } }); + } + app.disable('x-powered-by'); app.use('/', log); app.use('/api', require('body-parser').json({ @@ -218,6 +253,7 @@ module.exports.create = function (webserver, xconfx, state) { app.use('/api', recase); app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal']); + app.use('/api', errorIfNotApi); app.use('/', function (req, res) { if (!(req.encrypted || req.secure)) { // did not come from https From 032ebe0302a89278cb978fd96ed62bdf0cdefa6a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 20 May 2017 00:09:48 +0000 Subject: [PATCH 41/76] WIP loads API if allowed --- lib/apis.js | 30 ++++++++++++++++++------------ lib/main.js | 5 +++-- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index ec28efe..b88419c 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -12,7 +12,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { xconfx.appApiGrantsPath = path.join(__dirname, '..', '..', 'packages', 'client-api-grants'); function notConfigured(req, res) { - res.send({ error: { message: "api '" + req.pkgId + "' not configured for domain '" + req.experienceId + "'" } }); + res.send({ error: { message: "api package '" + req.pkgId + "' not configured for client uri '" + req.experienceId + "'" } }); } /* @@ -23,23 +23,28 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { function isThisClientAllowedToUseThisPkg(myConf, clientUrih, pkgId) { var appApiGrantsPath = path.join(myConf.appApiGrantsPath, clientUrih); + console.log('sanity exists?', appApiGrantsPath);; return fs.readFileAsync(appApiGrantsPath, 'utf8').then(function (text) { + console.log('sanity', text); return text.trim().split(/\n/); - }, function (/*err*/) { + }, function (rer) { +console.error(rer); return []; }).then(function (apis) { - if (!apis.some(function (api) { + if (apis.some(function (api) { if (api === pkgId) { + console.log(api, pkgId, api === pkgId); return true; } })) { + return true; + } if (clientUrih === ('api.' + xconfx.setupDomain) && 'org.oauth3.consumer' === pkgId) { // fallthrough return true; } else { return null; } - } }); } @@ -122,8 +127,9 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { return function (req, res, next) { cors(req, res, function () { - var clientUrih = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); - var pkgId = req.url.replace(/.*\/api\//, '').replace(/\/.*/, ''); + console.log('[sanity check]', req.url); + var clientUrih = req.hostname.replace(/^api\./, '') + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); + var pkgId = req.url.replace(/.*\/api\//, '').replace(/^\//, '').replace(/\/$/, ''); var now = Date.now(); var hasBeenHandled = false; @@ -134,7 +140,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { , writable: false , value: clientUrih }); - Object.defineProperty(req, 'pkgId', { + Object.defineProperty(req, 'apiId', { enumerable: true , configurable: false , writable: false @@ -168,10 +174,10 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { if (localCache.rests[pkgId]) { localCache.rests[pkgId].handler(req, res, next); hasBeenHandled = true; - } - if (now - localCache.rests[pkgId].createdAt > staleAfter) { - localCache.rests[pkgId] = null; + if (now - localCache.rests[pkgId].createdAt > staleAfter) { + localCache.rests[pkgId] = null; + } } if (!localCache.rests[pkgId]) { @@ -183,9 +189,9 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { return; } - localCache.rests[pkgId] = { handler: myHandler.handle, createdAt: now }; + localCache.rests[pkgId] = { handler: myHandler.handler, createdAt: now }; if (!hasBeenHandled) { - myHandler.handle(req, res, next); + myHandler.handler(req, res, next); } }); } diff --git a/lib/main.js b/lib/main.js index 540db0d..338123f 100644 --- a/lib/main.js +++ b/lib/main.js @@ -265,9 +265,10 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi // TODO handle assets.example.com/sub/assets/com.example.xyz/ - app.use('/api', function (req, res, next) { + app.use('/', function (req, res, next) { // If this doesn't look like an API we can move along - if (!/^api\./.test(req.hostname) && !/\/api(\/|$)/.test(req.url)) { + if (!/\/api(\/|$)/.test(req.url)) { + // /^api\./.test(req.hostname) && next(); return; } From 3cf54f2b9a66e5ab291f560245b5d476e13fd3f4 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 20 May 2017 04:34:17 +0000 Subject: [PATCH 42/76] load sites separately from packages --- install.sh | 2 +- lib/main.js | 21 +++++++++++---------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/install.sh b/install.sh index 0252334..41a9af3 100755 --- a/install.sh +++ b/install.sh @@ -218,7 +218,7 @@ install_my_app() ln -sf ../node_modules /srv/walnut/core/node_modules sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider - sudo mkdir -p /srv/walnut/packages/{client-api-grants,rest,api,pages,services} + sudo mkdir -p /srv/walnut/packages/{client-api-grants,rest,api,pages,services,sites} #sudo chown -R $(whoami):$(whoami) /srv/walnut sudo chown -R www-data:www-data /srv/walnut sudo chmod -R ug+Xrw /srv/walnut diff --git a/lib/main.js b/lib/main.js index 338123f..c0fe00f 100644 --- a/lib/main.js +++ b/lib/main.js @@ -25,7 +25,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi res.statusCode = 302; res.setHeader('Location', url); - res.end(); + res.end("The static pages for '" + reason + "' are not listed in '" + path.join(xconfx.sitespath, reason) + "'"); } function disallowSymLinks(req, res) { @@ -67,19 +67,19 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi }); } - function loadHandler(name) { + function loadSiteHandler(name) { return function handler(req, res, next) { // path.join('packages/pages', 'com.daplie.hello') // package name (used as file-link) // path.join('packages/pages', 'domain.tld#hello') // dynamic exact url match - var packagepath = path.join(xconfx.staticpath, name); + var sitepath = path.join(xconfx.sitespath, name); - return fs.lstatAsync(packagepath).then(function (stat) { + return fs.lstatAsync(sitepath).then(function (stat) { if (stat.isSymbolicLink()) { return disallowSymLinks; } if (stat.isDirectory()) { - return express.static(packagepath); + return express.static(sitepath); } if (!stat.isFile()) { @@ -96,13 +96,13 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi // and if no file matches that 'tld.domain.app' may be tried next, and so on // // this may well become a .htaccess type of situation allowing for redirects and such - return fs.readFileAsync(packagepath, 'utf8').then(function (text) { + return fs.readFileAsync(sitepath, 'utf8').then(function (text) { // TODO allow cascading multiple lines text = text.trim().split(/\n/)[0]; // TODO rerun the above, disallowing link-style (or count or memoize to prevent infinite loop) // TODO make safe - packagepath = path.resolve(xconfx.staticpath, text); + var packagepath = path.resolve(xconfx.staticpath, text); if (0 !== packagepath.indexOf(xconfx.staticpath)) { return securityError; } @@ -127,9 +127,10 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi // TODO inter-process cache expirey // TODO add to xconfx.staticpath xconfx.staticpath = path.join(__dirname, '..', '..', 'packages', 'pages'); + xconfx.sitespath = path.join(__dirname, '..', '..', 'packages', 'sites'); - // Reads in each of the static apps as 'nodes' - return fs.readdirAsync(xconfx.staticpath).then(function (nodes) { + // Reads in each of the sites directives as 'nodes' + return fs.readdirAsync(xconfx.sitespath).then(function (nodes) { if (opts && opts.clear) { localCache.statics = {}; } @@ -144,7 +145,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi console.log('[all apps]', name); if (!localCache.statics[name]) { console.log('[load this app]', name); - localCache.statics[name] = { handler: loadHandler(name), createdAt: Date.now() }; + localCache.statics[name] = { handler: loadSiteHandler(name), createdAt: Date.now() }; } }); From da008ea6583d519b82247761c1be4f84e1ecac56 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 20 May 2017 04:51:44 +0000 Subject: [PATCH 43/76] fix api naming convention --- lib/apis.js | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index b88419c..7058167 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -12,7 +12,11 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { xconfx.appApiGrantsPath = path.join(__dirname, '..', '..', 'packages', 'client-api-grants'); function notConfigured(req, res) { - res.send({ error: { message: "api package '" + req.pkgId + "' not configured for client uri '" + req.experienceId + "'" } }); + var msg = "api package '" + req.pkgId + "' not configured for client uri '" + req.experienceId + "'" + + ". To configure it place a new line '" + req.pkgId + "' in the file '/srv/walnut/packages/client-api-grants/" + req.experienceId + "'" + ; + + res.send({ error: { message: msg } }); } /* @@ -23,12 +27,14 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { function isThisClientAllowedToUseThisPkg(myConf, clientUrih, pkgId) { var appApiGrantsPath = path.join(myConf.appApiGrantsPath, clientUrih); - console.log('sanity exists?', appApiGrantsPath);; + console.log('sanity exists?', appApiGrantsPath); return fs.readFileAsync(appApiGrantsPath, 'utf8').then(function (text) { console.log('sanity', text); return text.trim().split(/\n/); - }, function (rer) { -console.error(rer); + }, function (err) { + if ('ENOENT' !== err.code) { + console.error(err); + } return []; }).then(function (apis) { if (apis.some(function (api) { @@ -128,8 +134,17 @@ console.error(rer); return function (req, res, next) { cors(req, res, function () { console.log('[sanity check]', req.url); + // Canonical client names + // example.com should use api.example.com/api for all requests + // sub.example.com/api should resolve to sub.example.com + // example.com/subpath/api should resolve to example.com#subapp + // sub.example.com/subpath/api should resolve to sub.example.com#subapp var clientUrih = req.hostname.replace(/^api\./, '') + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); - var pkgId = req.url.replace(/.*\/api\//, '').replace(/^\//, '').replace(/\/$/, ''); + // Canonical package names + // '/api/com.daplie.hello/hello' should resolve to 'com.daplie.hello' + // '/subapp/api/com.daplie.hello/hello' should also 'com.daplie.hello' + // '/subapp/api/com.daplie.hello/' may exist... must be a small api + var pkgId = req.url.replace(/.*\/api\//, '').replace(/^\//, '').replace(/\/.*/, ''); var now = Date.now(); var hasBeenHandled = false; From 0696ba8084470c060d967d56fb2ffe08243cb820 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 20 May 2017 05:16:01 +0000 Subject: [PATCH 44/76] remove API prefix --- lib/apis.js | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/apis.js b/lib/apis.js index 7058167..2d1e659 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -27,7 +27,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { function isThisClientAllowedToUseThisPkg(myConf, clientUrih, pkgId) { var appApiGrantsPath = path.join(myConf.appApiGrantsPath, clientUrih); - console.log('sanity exists?', appApiGrantsPath); return fs.readFileAsync(appApiGrantsPath, 'utf8').then(function (text) { console.log('sanity', text); return text.trim().split(/\n/); @@ -57,6 +56,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { function loadRestHelper(myConf, pkgId) { var pkgPath = path.join(myConf.restPath, pkgId); + // TODO should not require package.json. Should work with files alone. return fs.readFileAsync(path.join(pkgPath, 'package.json'), 'utf8').then(function (text) { var pkg = JSON.parse(text); var deps = {}; @@ -85,6 +85,13 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { console.log('DEBUG pkgPath', pkgPath); myApp = express(); + myApp.use('/', function preHandler(req, res, next) { + req.originalUrl = req.originalUrl || req.url; + // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' + req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); + console.log('[prehandler] req.url', req.url); + next(); + }); // // TODO handle /accounts/:accountId // From 911c783c5e9fb4d8c68db4604ed34086e0ebf6d9 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 22 May 2017 17:17:55 +0000 Subject: [PATCH 45/76] add examples --- README.md | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 104 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a700c7a..a8f2539 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,40 @@ POST https://api./api/com.daplie.walnut.init { "domain": "" } ``` +The following domains are required to point to WALNUT server + +``` + +www. + +api. +assets. + +cloud. +api.cloud. +``` + +Example `/etc/goldilocks/goldilocks.yml`: +```yml +tls: + email: domains@example.com + servernames: + - example.com + - www.example.com + - api.example.com + - assets.example.com + - cloud.example.com + - api.cloud.example.com + +http: + trust_proxy: true + modules: + - name: proxy + domains: + - '*' + address: '127.0.0.1:3000' +``` + Resetting the Initialization ---------------------------- @@ -109,9 +143,75 @@ Static apps are stored in `packages/pages` ``` # App ID as files with a list of packages they should load -/srv/walnut/packages/pages/ # https://domain.tld/path -/srv/walnut/packages/pages/ # https://domain.tld and https://domain.tld/foo match +# note that '#' is used in place of '/' because files and folders may not contain '/' in their names +/srv/walnut/packages/sites/ # https://domain.tld/path +/srv/walnut/packages/sites/ # https://domain.tld and https://domain.tld/foo match -# packages are directories with reverse dns name # used for debugging -/srv/walnut/packages/pages/ # matches apps./ and /apps/ +# packages are directories with reverse dns name # For the sake of debugging these packages can be accessed directly, without a site by +/srv/walnut/packages/pages/ # matches apps./ and /apps/ +``` + +Accessing REST APIs +------------------- + +``` +# Apps are granted access to use a package by listing it in the grants file by the name of the app url (domain.tld) +/srv/walnut/packages/client-api-grants/ # matches api./api/ and contains a list of allowed REST APIs + # the REST apis themselves are submatched as api./api/ + +# packages are directories with reverse dns name, a package.json, and an index.js +/srv/walnut/packages/rest/ +``` + +Example tree with contents: + +Here `com.example.hello` is a package with a REST API and a static page +and `foobar.me` is a WALNUT-configured domain (smithfam.net, etc). + +``` +/srv/walnut/packages/ +├── api +├── client-api-grants +│ └── cloud.foobar.me +│ ''' +│ com.example.hello # refers to /srv/walnut/packages/rest/com.example.hello +│ ''' +│ +├── pages +│ └── com.example.hello +│ └── index.html +│ ''' +│ +│ com.example.hello +│ +│

com.example.hello

+│ +│ +│ ''' +│ +├── rest +│ └── com.example.hello +│ ├── package.json +│ └── index.js +│ ''' +│ 'use strict'; +│ +│ module.exports.create = function (conf, deps, app) { +│ +│ app.use('/', function (req, res) { +│ console.log('[com.example.hello] req.url', req.url); +│ res.send({ message: 'hello' }); +│ }); +│ +│ return deps.Promise.resolve(); +│ }; +│ +│ ''' +│ +├── services +└── sites + └── daplie.me + ''' + com.example.hello # refers to /srv/walnut/packages/pages/com.example.hello + ''' ``` From e8ecde4b623e291ce1c9409312cf093483094a53 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 22 May 2017 17:22:32 +0000 Subject: [PATCH 46/76] separate packages from permissions --- README.md | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index a8f2539..3325e1f 100644 --- a/README.md +++ b/README.md @@ -168,15 +168,12 @@ Example tree with contents: Here `com.example.hello` is a package with a REST API and a static page and `foobar.me` is a WALNUT-configured domain (smithfam.net, etc). + +The packages: + ``` /srv/walnut/packages/ ├── api -├── client-api-grants -│ └── cloud.foobar.me -│ ''' -│ com.example.hello # refers to /srv/walnut/packages/rest/com.example.hello -│ ''' -│ ├── pages │ └── com.example.hello │ └── index.html @@ -208,7 +205,19 @@ and `foobar.me` is a WALNUT-configured domain (smithfam.net, etc). │ │ ''' │ -├── services +└── services +``` + +The permissions: + +``` +/srv/walnut/packages/ +├── client-api-grants +│ └── cloud.foobar.me +│ ''' +│ com.example.hello # refers to /srv/walnut/packages/rest/com.example.hello +│ ''' +│ └── sites └── daplie.me ''' From 74fa3f2e14271a7accec71cb72917b64d5f13192 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 24 May 2017 04:27:52 +0000 Subject: [PATCH 47/76] partial updates --- lib/apis.js | 41 +++++++++++++++++++++++++++++++++++------ lib/main.js | 48 +++++++++++++++++++++++++++++++++++++----------- lib/worker.js | 5 +++++ 3 files changed, 77 insertions(+), 17 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 2d1e659..d8f9da3 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -2,7 +2,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { var PromiseA = apiDeps.Promise; - var express = require('express'); + //var express = require('express'); + var express = require('express-lazy'); var fs = PromiseA.promisifyAll(require('fs')); var path = require('path'); var localCache = { rests: {}, pkgs: {} }; @@ -59,7 +60,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // TODO should not require package.json. Should work with files alone. return fs.readFileAsync(path.join(pkgPath, 'package.json'), 'utf8').then(function (text) { var pkg = JSON.parse(text); - var deps = {}; + var pkgDeps = {}; var myApp; if (pkg.walnut) { @@ -67,10 +68,10 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { } Object.keys(apiDeps).forEach(function (key) { - deps[key] = apiDeps[key]; + pkgDeps[key] = apiDeps[key]; }); Object.keys(apiFactories).forEach(function (key) { - deps[key] = apiFactories[key]; + pkgDeps[key] = apiFactories[key]; }); // TODO pull db stuff from package.json somehow and pass allowed data models as deps @@ -81,10 +82,38 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId + pkgId); // let's go with this one for now and the api can choose to scope or not to scope - deps.memstore = apiFactories.memstoreFactory.create(pkgId); + pkgDeps.memstore = apiFactories.memstoreFactory.create(pkgId); console.log('DEBUG pkgPath', pkgPath); myApp = express(); + +/* + var pkgConf = { + pagespath: path.join(__dirname, '..', '..', 'packages', 'pages') + path.sep + , apipath: path.join(__dirname, '..', '..', 'packages', 'apis') + path.sep + , servicespath: path.join(__dirname, '..', '..', 'packages', 'services') + , vhostsMap: vhostsMap + , vhostPatterns: null + , server: webserver + , externalPort: info.conf.externalPort + , primaryNameserver: info.conf.primaryNameserver + , nameservers: info.conf.nameservers + , privkey: info.conf.privkey + , pubkey: info.conf.pubkey + , redirects: info.conf.redirects + , apiPrefix: '/api' + , 'org.oauth3.consumer': info.conf['org.oauth3.consumer'] + , 'org.oauth3.provider': info.conf['org.oauth3.provider'] + , keys: info.conf.keys + }; +*/ + + var _getOauth3Controllers = pkgDeps.getOauth3Controllers = require('oauthcommon/example-oauthmodels').create( + { sqlite3Sock: xconfx.sqlite3Sock, ipcKey: xconfx.ipcKey } + ).getControllers; + //require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); + require('oauthcommon').inject(_getOauth3Controllers, myApp/*, pkgConf, pkgDeps*/); + myApp.use('/', function preHandler(req, res, next) { req.originalUrl = req.originalUrl || req.url; // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' @@ -97,7 +126,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // return PromiseA.resolve(require(pkgPath).create({ etcpath: xconfx.etcpath - }/*pkgConf*/, deps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { + }/*pkgConf*/, pkgDeps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { localCache.pkgs[pkgId] = { pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; return localCache.pkgs[pkgId]; }); diff --git a/lib/main.js b/lib/main.js index c0fe00f..67f46bf 100644 --- a/lib/main.js +++ b/lib/main.js @@ -50,8 +50,11 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi function notConfigured(req, res, next) { if (setupDomain !== req.hostname) { - redirectSetup(req.hostname, req, res); - return; + console.log('[notConfigured] req.hostname', req.hostname); + if (/\.html\b/.test(req.url)) { + redirectSetup(req.hostname, req, res); + return; + } } if (!setupApp) { @@ -73,6 +76,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi // path.join('packages/pages', 'domain.tld#hello') // dynamic exact url match var sitepath = path.join(xconfx.sitespath, name); + console.log('sitepath', sitepath); return fs.lstatAsync(sitepath).then(function (stat) { if (stat.isSymbolicLink()) { return disallowSymLinks; @@ -141,22 +145,44 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi } nodes.sort(shortToLong); - nodes.forEach(function (name) { - console.log('[all apps]', name); - if (!localCache.statics[name]) { - console.log('[load this app]', name); - localCache.statics[name] = { handler: loadSiteHandler(name), createdAt: Date.now() }; + nodes = nodes.filter(function (pkgName) { + console.log('[all apps]', pkgName); + // load the apps that match this id's domain and could match the path + // domain.daplie.me matches domain.daplie.me + // daplie.me#path#to#thing matches daplie.me + // daplie.me does NOT match daplie.me#path#to#thing + var reqParts = appId.split('#'); + var pkgParts = pkgName.split('#'); + var reqDomain = reqParts.shift(); + var pkgDomain = pkgParts.shift(); + var reqPath = reqParts.join('#'); + var pkgPath = pkgParts.join('#'); + if (reqPath.length) { + reqPath += '#'; } + if (pkgPath.length) { + pkgPath += '#'; + } + if (!(reqDomain === pkgDomain && 0 === reqPath.indexOf(pkgPath))) { + return false; + } + if (!localCache.statics[pkgName]) { + console.log('[load this app]', pkgName); + localCache.statics[pkgName] = { handler: loadSiteHandler(pkgName), createdAt: Date.now() }; + } + return true; }); // Secure Matching // apple.com#blah# apple.com#blah# // apple.com.us# apple.com#foo# // apple.com# apple.com#foo# - nodes.some(function (name) { - if (0 === (name + '#').indexOf(appId + '#')) { - if (appId !== name) { - localCache.statics[appId] = localCache.statics[name]; + console.log('nodes', nodes); + nodes.some(function (pkgName) { + console.log('pkgName, appId', pkgName, appId); + if (0 === (appId + '#').indexOf(pkgName + '#')) { + if (appId !== pkgName) { + localCache.statics[appId] = localCache.statics[pkgName]; } return true; } diff --git a/lib/worker.js b/lib/worker.js index e1c1cff..6a9fe44 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -188,6 +188,11 @@ module.exports.create = function (webserver, xconfx, state) { if (!bootstrapApp) { if (xconfx.debug) { console.log('[bootstrap] setup'); } + if (xconfx.primaryDomain) { + bootstrapApp = true; + setupMain(); + return; + } bootstrapApp = express(); require('./bootstrap').create(bootstrapApp, xconfx, models).then(function () { if (xconfx.debug) { console.log('[bootstrap] ready'); } From 19ffff4fcd2f53386fb710903310155370f01a1b Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 24 May 2017 05:25:11 +0000 Subject: [PATCH 48/76] correct urls --- lib/apis.js | 9 ++++++++- lib/worker.js | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/apis.js b/lib/apis.js index d8f9da3..0655657 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -115,7 +115,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { require('oauthcommon').inject(_getOauth3Controllers, myApp/*, pkgConf, pkgDeps*/); myApp.use('/', function preHandler(req, res, next) { - req.originalUrl = req.originalUrl || req.url; + req.walnutOriginalUrl = req.url; // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); console.log('[prehandler] req.url', req.url); @@ -127,6 +127,13 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { return PromiseA.resolve(require(pkgPath).create({ etcpath: xconfx.etcpath }/*pkgConf*/, pkgDeps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { + + myApp.use('/', function postHandler(req, res, next) { + req.url = req.walnutOriginalUrl; + console.log('[posthandler] req.url', req.url); + next(); + }); + localCache.pkgs[pkgId] = { pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; return localCache.pkgs[pkgId]; }); diff --git a/lib/worker.js b/lib/worker.js index 6a9fe44..a3520f2 100644 --- a/lib/worker.js +++ b/lib/worker.js @@ -235,6 +235,7 @@ module.exports.create = function (webserver, xconfx, state) { // doesn't have /api url prefix if (!/^\/api\//.test(req.url)) { + console.log('[walnut/worker api] req.url', req.url); res.send({ error: { message: "missing /api/ url prefix" } }); return; } From 5ee8449af6f7212117e5a2554e557f2a3402cc30 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 24 May 2017 05:44:23 +0000 Subject: [PATCH 49/76] fix CORS issue --- lib/main.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/main.js b/lib/main.js index 67f46bf..6cbca02 100644 --- a/lib/main.js +++ b/lib/main.js @@ -317,6 +317,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }); } cors(req, res, apiApp); + return; } apiApp(req, res, next); From 52a6627e84c2cfe06b7a57166c3e885fa8a56a8f Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 24 May 2017 06:23:40 +0000 Subject: [PATCH 50/76] add missing res.error --- lib/main.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/main.js b/lib/main.js index 6cbca02..da83127 100644 --- a/lib/main.js +++ b/lib/main.js @@ -177,7 +177,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi // apple.com#blah# apple.com#blah# // apple.com.us# apple.com#foo# // apple.com# apple.com#foo# - console.log('nodes', nodes); + console.log('[lib/main.js] nodes', nodes); nodes.some(function (pkgName) { console.log('pkgName, appId', pkgName, appId); if (0 === (appId + '#').indexOf(pkgName + '#')) { @@ -292,6 +292,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi // TODO handle assets.example.com/sub/assets/com.example.xyz/ + app.use('/api', require('connect-send-error').error()); app.use('/', function (req, res, next) { // If this doesn't look like an API we can move along if (!/\/api(\/|$)/.test(req.url)) { From 648c136fcf8ae0f695781ef13f3c8ebbeb24fb24 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 24 May 2017 07:34:34 +0000 Subject: [PATCH 51/76] add mailer --- lib/apis.js | 74 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 53 insertions(+), 21 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 0655657..fb65f9a 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -11,6 +11,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // TODO xconfx.apispath xconfx.restPath = path.join(__dirname, '..', '..', 'packages', 'rest'); xconfx.appApiGrantsPath = path.join(__dirname, '..', '..', 'packages', 'client-api-grants'); + xconfx.appConfigPath = path.join(__dirname, '..', '..', 'var'); function notConfigured(req, res) { var msg = "api package '" + req.pkgId + "' not configured for client uri '" + req.experienceId + "'" @@ -54,6 +55,12 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { }); } + function getSiteConfig(clientUrih) { + return fs.readFileAsync(path.join(xconfx.appConfigPath, clientUrih + '.json'), 'utf8').then(function (text) { + return JSON.parse(text); + }).then(function (data) { return data; }, function (/*err*/) { return {}; }); + } + function loadRestHelper(myConf, pkgId) { var pkgPath = path.join(myConf.restPath, pkgId); @@ -229,30 +236,55 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { return null; } - if (localCache.rests[pkgId]) { - localCache.rests[pkgId].handler(req, res, next); - hasBeenHandled = true; + return getSiteConfig(clientUrih).then(function (siteConfig) { + /* + Object.defineProperty(req, 'siteConfig', { + enumerable: true + , configurable: false + , writable: false + , value: siteConfig + }); + */ + Object.defineProperty(req, 'getSiteMailer', { + enumerable: true + , configurable: false + , writable: false + , value: function getSiteMailer() { + var nodemailer = require('nodemailer'); + var transport = require('nodemailer-mailgun-transport'); + //var mailconf = require('../../../com.daplie.mailer/config.mailgun'); + var mailconf = siteConfig['mailgun.org']; + var mailer = PromiseA.promisifyAll(nodemailer.createTransport(transport(mailconf))); - if (now - localCache.rests[pkgId].createdAt > staleAfter) { - localCache.rests[pkgId] = null; - } - } - - if (!localCache.rests[pkgId]) { - //return doesThisPkgExist - - return loadRestHandler(xconfx, pkgId).then(function (myHandler) { - if (!myHandler) { - notConfigured(req, res); - return; - } - - localCache.rests[pkgId] = { handler: myHandler.handler, createdAt: now }; - if (!hasBeenHandled) { - myHandler.handler(req, res, next); + return mailer; } }); - } + + if (localCache.rests[pkgId]) { + localCache.rests[pkgId].handler(req, res, next); + hasBeenHandled = true; + + if (now - localCache.rests[pkgId].createdAt > staleAfter) { + localCache.rests[pkgId] = null; + } + } + + if (!localCache.rests[pkgId]) { + //return doesThisPkgExist + + return loadRestHandler(xconfx, pkgId).then(function (myHandler) { + if (!myHandler) { + notConfigured(req, res); + return; + } + + localCache.rests[pkgId] = { handler: myHandler.handler, createdAt: now }; + if (!hasBeenHandled) { + myHandler.handler(req, res, next); + } + }); + } + }); }); }); }; From 65deaf3a853d52f0603ae20e7ee6c7cfb1765ba4 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 25 May 2017 17:43:51 +0000 Subject: [PATCH 52/76] reset permissions --- install.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 41a9af3..0647bc4 100755 --- a/install.sh +++ b/install.sh @@ -141,7 +141,8 @@ install_etc_config() $sudo_cmd mv "$my_app_dir/$my_app_etc_config" "$MY_ROOT/$my_app_etc_config" fi - $sudo_cmd chown -R www-data:www-data $(dirname "$MY_ROOT/$my_app_etc_config") + $sudo_cmd chown -R www-data:www-data $(dirname "$MY_ROOT/$my_app_etc_config") || true + $sudo_cmd chown -R _www:_www $(dirname "$MY_ROOT/$my_app_etc_config") || true $sudo_cmd chmod 775 $(dirname "$MY_ROOT/$my_app_etc_config") $sudo_cmd chmod 664 "$MY_ROOT/$my_app_etc_config" } @@ -220,11 +221,16 @@ install_my_app() sudo mkdir -p /srv/walnut/etc/org.oauth3.provider sudo mkdir -p /srv/walnut/packages/{client-api-grants,rest,api,pages,services,sites} #sudo chown -R $(whoami):$(whoami) /srv/walnut - sudo chown -R www-data:www-data /srv/walnut + sudo chown -R www-data:www-data /srv/walnut || true + sudo chown -R _www:_www /srv/walnut || true sudo chmod -R ug+Xrw /srv/walnut pushd /srv/walnut/core + sudo chown -R $(whoami) /srv/walnut + #sudo --user www-data --group www-data npm install npm install + sudo chown -R www-data /srv/walnut || true + sudo chown -R _www /srv/walnut || true popd } From 4e0b996acde474c070dbdbba6142a17fa0e098a9 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 25 May 2017 18:26:14 +0000 Subject: [PATCH 53/76] reset permissions --- install.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/install.sh b/install.sh index 0647bc4..db56956 100755 --- a/install.sh +++ b/install.sh @@ -72,8 +72,8 @@ dap_dl_bash() { dap_url=$1 #dap_args=$2 - rm -rf dap-tmp-runner.sh - $http_bin $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh + rm -rf /tmp/dap-tmp-runner.sh + $http_bin $http_opts $http_out /tmp/dap-tmp-runner.sh "$dap_url"; bash /tmp/dap-tmp-runner.sh; rm /tmp/dap-tmp-runner.sh } detect_http_bin @@ -149,6 +149,7 @@ install_etc_config() install_service() { + echo "install etc config" install_etc_config installable="" @@ -185,6 +186,7 @@ create_skeleton() # Unistall install_uninstaller() { + echo "install uninstaller" dap_dl "https://git.daplie.com/Daplie/walnut.js/raw/master/uninstall.sh" "./walnut-uninstall" $sudo_cmd chmod 755 "./walnut-uninstall" $sudo_cmd chown root:root "./walnut-uninstall" @@ -220,21 +222,20 @@ install_my_app() sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider sudo mkdir -p /srv/walnut/packages/{client-api-grants,rest,api,pages,services,sites} - #sudo chown -R $(whoami):$(whoami) /srv/walnut - sudo chown -R www-data:www-data /srv/walnut || true - sudo chown -R _www:_www /srv/walnut || true - sudo chmod -R ug+Xrw /srv/walnut pushd /srv/walnut/core - sudo chown -R $(whoami) /srv/walnut - #sudo --user www-data --group www-data npm install npm install - sudo chown -R www-data /srv/walnut || true - sudo chown -R _www /srv/walnut || true popd } +sudo mkdir -p /srv/walnut +sudo chown -R $(whoami) /srv/walnut + install_my_app create_skeleton install_uninstaller install_service + +sudo chown -R www-data:www-data /srv/walnut || true +sudo chown -R _www:_www /srv/walnut || true +sudo chmod -R ug+Xrw /srv/walnut From 66589782fed507e2a060aaaf1ac182fd68a591e2 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 25 May 2017 18:57:24 +0000 Subject: [PATCH 54/76] set installer base correctly --- install.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index db56956..a0a9f01 100755 --- a/install.sh +++ b/install.sh @@ -134,6 +134,7 @@ install_for_launchd() install_etc_config() { + #echo "install etc config $MY_ROOT / $my_app_etc_config" if [ ! -e "$MY_ROOT/$my_app_etc_config" ]; then $sudo_cmd mkdir -p $(dirname "$MY_ROOT/$my_app_etc_config") mkdir -p $(dirname "$my_app_dir/$my_app_etc_config") @@ -149,8 +150,8 @@ install_etc_config() install_service() { - echo "install etc config" install_etc_config + #echo "install service" installable="" if [ -d "$MY_ROOT/etc/systemd/system" ]; then @@ -186,7 +187,7 @@ create_skeleton() # Unistall install_uninstaller() { - echo "install uninstaller" + #echo "install uninstaller" dap_dl "https://git.daplie.com/Daplie/walnut.js/raw/master/uninstall.sh" "./walnut-uninstall" $sudo_cmd chmod 755 "./walnut-uninstall" $sudo_cmd chown root:root "./walnut-uninstall" @@ -204,7 +205,8 @@ my_app_name=walnut my_app_pkg_name=com.daplie.walnut.web my_app_dir=$(mktemp -d) #installer_base="https://git.daplie.com/Daplie/walnut.js/raw/master/dist" -installer_base="./dist" +#installer_base="$( dirname "${BASH_SOURCE[0]}" )/dist" +installer_base="/srv/walnut/core/dist" my_app_etc_config="etc/${my_app_name}/${my_app_name}.yml" my_app_systemd_service="etc/systemd/system/${my_app_name}.service" From 172f7f3bc494f442456bdf92c99bf41adcb9ef7b Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 25 May 2017 15:43:50 -0600 Subject: [PATCH 55/76] load correct path and document package loading --- lib/com.daplie.walnut/index.html | 17 +++++++++++++++++ lib/main.js | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/com.daplie.walnut/index.html b/lib/com.daplie.walnut/index.html index 40a1121..a139eb0 100644 --- a/lib/com.daplie.walnut/index.html +++ b/lib/com.daplie.walnut/index.html @@ -36,6 +36,23 @@ + + + +
HTML packages go in /srv/walnut/packages/pages
+REST packages go in /srv/walnut/packages/rest
+API packages go in /srv/walnut/packages/api
+
+There are two ways to set up a site.
+
+The first is to create a site package yourself by adding files.
+/srv/walnut/packages/sites/example.com/index.html
+
+The other is by providing a single text file of the name of the site with the name of the package to load
+/srv/walnut/packages/sites/example.com => com.example
+ + + diff --git a/lib/main.js b/lib/main.js index da83127..de18e68 100644 --- a/lib/main.js +++ b/lib/main.js @@ -59,7 +59,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi if (!setupApp) { //setupApp = express.static(path.join(xconfx.staticpath, 'com.daplie.walnut')); - setupApp = express.static(path.join('lib', 'com.daplie.walnut')); + setupApp = express.static(path.join(__dirname, 'com.daplie.walnut')); } setupApp(req, res, function () { if ('/' === req.url) { From 6cfee0b20bd9ff927b83d817182b015b5f4b8cb7 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 25 May 2017 17:23:39 -0600 Subject: [PATCH 56/76] fix redirect matching --- lib/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/main.js b/lib/main.js index de18e68..46f0ad0 100644 --- a/lib/main.js +++ b/lib/main.js @@ -51,7 +51,7 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps, errorIfApi function notConfigured(req, res, next) { if (setupDomain !== req.hostname) { console.log('[notConfigured] req.hostname', req.hostname); - if (/\.html\b/.test(req.url)) { + if ('/' === req.url[req.url.length - 1] || /\.html\b/.test(req.url)) { redirectSetup(req.hostname, req, res); return; } From 3d0170368e7c7afe58d92dcba39e282581a6237e Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 26 May 2017 20:23:17 +0000 Subject: [PATCH 57/76] extend getSiteConfig to use directory --- README.md | 2 +- lib/apis.js | 10 +++++++--- package.json | 1 + 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3325e1f..8880adc 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ Once you run the app the initialization files will appear in these locations ``` /srv/walnut/var/com.daplie.walnut.config.sqlite3 -/srv/walnut/config/.json +/srv/walnut/config//config.json ``` Deleting those files will rese diff --git a/lib/apis.js b/lib/apis.js index fb65f9a..2203928 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -2,6 +2,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { var PromiseA = apiDeps.Promise; + var mkdirpAsync = PromiseA.promisify(require('mkdirp')); //var express = require('express'); var express = require('express-lazy'); var fs = PromiseA.promisifyAll(require('fs')); @@ -56,9 +57,12 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { } function getSiteConfig(clientUrih) { - return fs.readFileAsync(path.join(xconfx.appConfigPath, clientUrih + '.json'), 'utf8').then(function (text) { - return JSON.parse(text); - }).then(function (data) { return data; }, function (/*err*/) { return {}; }); + var siteConfigPath = path.join(xconfx.appConfigPath, clientUrih); + return mkdirpAsync(siteConfigPath).then(function () { + return fs.readFileAsync(path.join(siteConfigPath, 'config.json'), 'utf8').then(function (text) { + return JSON.parse(text); + }).then(function (data) { return data; }, function (/*err*/) { return {}; }); + }); } function loadRestHelper(myConf, pkgId) { diff --git a/package.json b/package.json index 9d06ed8..efa3ca0 100644 --- a/package.json +++ b/package.json @@ -89,6 +89,7 @@ "mime": "^1.3.4", "mime-db": "^1.8.0", "mime-types": "^2.0.10", + "mkdirp": "^0.5.1", "ms": "^0.7.0", "native-dns": "^0.7.0", "negotiator": "^0.5.1", From 8dcd1461bdc8359ff14a0876a884484151ceb2b2 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 26 May 2017 20:55:18 +0000 Subject: [PATCH 58/76] add getSitePackageConfig --- lib/apis.js | 170 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 97 insertions(+), 73 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 2203928..827e51d 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -56,7 +56,17 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { }); } + function getSitePackageConfig(clientUrih, pkgId) { + var siteConfigPath = path.join(xconfx.appConfigPath, clientUrih); + return mkdirpAsync(siteConfigPath).then(function () { + return fs.readFileAsync(path.join(siteConfigPath, pkgId + '.json'), 'utf8').then(function (text) { + return JSON.parse(text); + }).then(function (data) { return data; }, function (/*err*/) { return {}; }); + }); + } + function getSiteConfig(clientUrih) { + // TODO test if the requesting package has permission to the root-level site config var siteConfigPath = path.join(xconfx.appConfigPath, clientUrih); return mkdirpAsync(siteConfigPath).then(function () { return fs.readFileAsync(path.join(siteConfigPath, 'config.json'), 'utf8').then(function (text) { @@ -65,7 +75,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { }); } - function loadRestHelper(myConf, pkgId) { + function loadRestHelper(myConf, clientUrih, pkgId) { var pkgPath = path.join(myConf.restPath, pkgId); // TODO should not require package.json. Should work with files alone. @@ -99,24 +109,24 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { myApp = express(); /* - var pkgConf = { - pagespath: path.join(__dirname, '..', '..', 'packages', 'pages') + path.sep - , apipath: path.join(__dirname, '..', '..', 'packages', 'apis') + path.sep - , servicespath: path.join(__dirname, '..', '..', 'packages', 'services') - , vhostsMap: vhostsMap - , vhostPatterns: null - , server: webserver - , externalPort: info.conf.externalPort - , primaryNameserver: info.conf.primaryNameserver - , nameservers: info.conf.nameservers - , privkey: info.conf.privkey - , pubkey: info.conf.pubkey - , redirects: info.conf.redirects - , apiPrefix: '/api' - , 'org.oauth3.consumer': info.conf['org.oauth3.consumer'] - , 'org.oauth3.provider': info.conf['org.oauth3.provider'] - , keys: info.conf.keys - }; + var pkgConf = { + pagespath: path.join(__dirname, '..', '..', 'packages', 'pages') + path.sep + , apipath: path.join(__dirname, '..', '..', 'packages', 'apis') + path.sep + , servicespath: path.join(__dirname, '..', '..', 'packages', 'services') + , vhostsMap: vhostsMap + , vhostPatterns: null + , server: webserver + , externalPort: info.conf.externalPort + , primaryNameserver: info.conf.primaryNameserver + , nameservers: info.conf.nameservers + , privkey: info.conf.privkey + , pubkey: info.conf.pubkey + , redirects: info.conf.redirects + , apiPrefix: '/api' + , 'org.oauth3.consumer': info.conf['org.oauth3.consumer'] + , 'org.oauth3.provider': info.conf['org.oauth3.provider'] + , keys: info.conf.keys + }; */ var _getOauth3Controllers = pkgDeps.getOauth3Controllers = require('oauthcommon/example-oauthmodels').create( @@ -125,13 +135,52 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { //require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); require('oauthcommon').inject(_getOauth3Controllers, myApp/*, pkgConf, pkgDeps*/); - myApp.use('/', function preHandler(req, res, next) { - req.walnutOriginalUrl = req.url; - // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' - req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); - console.log('[prehandler] req.url', req.url); + myApp.use('/public', function preHandler(req, res, next) { + // TODO authenticate or use guest user next(); }); + + myApp.use('/', function preHandler(req, res, next) { + return getSiteConfig(clientUrih).then(function (siteConfig) { + /* + Object.defineProperty(req, 'siteConfig', { + enumerable: true + , configurable: false + , writable: false + , value: siteConfig + }); + */ + Object.defineProperty(req, 'getSiteMailer', { + enumerable: true + , configurable: false + , writable: false + , value: function getSiteMailerProp() { + var nodemailer = require('nodemailer'); + var transport = require('nodemailer-mailgun-transport'); + //var mailconf = require('../../../com.daplie.mailer/config.mailgun'); + var mailconf = siteConfig['mailgun.org']; + var mailer = PromiseA.promisifyAll(nodemailer.createTransport(transport(mailconf))); + + return mailer; + } + }); + + Object.defineProperty(req, 'getSitePackageConfig', { + enumerable: true + , configurable: false + , writable: false + , value: function getSitePackageConfigProp() { + return getSitePackageConfig(clientUrih, pkgId); + } + }); + + req._walnutOriginalUrl = req.url; + // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' + req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); + console.log('[prehandler] req.url', req.url); + next(); + }); + }); // // TODO handle /accounts/:accountId // @@ -140,7 +189,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { }/*pkgConf*/, pkgDeps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { myApp.use('/', function postHandler(req, res, next) { - req.url = req.walnutOriginalUrl; + req.url = req._walnutOriginalUrl; console.log('[posthandler] req.url', req.url); next(); }); @@ -154,10 +203,10 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // Read packages/apis/sub.sld.tld (forward dns) to find list of apis as tld.sld.sub (reverse dns) // TODO packages/allowed_apis/sub.sld.tld (?) // TODO auto-register org.oauth3.consumer for primaryDomain (and all sites?) - function loadRestHandler(myConf, pkgId) { + function loadRestHandler(myConf, clientUrih, pkgId) { return PromiseA.resolve().then(function () { if (!localCache.pkgs[pkgId]) { - return loadRestHelper(myConf, pkgId); + return loadRestHelper(myConf, clientUrih, pkgId); } return localCache.pkgs[pkgId]; @@ -240,55 +289,30 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { return null; } - return getSiteConfig(clientUrih).then(function (siteConfig) { - /* - Object.defineProperty(req, 'siteConfig', { - enumerable: true - , configurable: false - , writable: false - , value: siteConfig - }); - */ - Object.defineProperty(req, 'getSiteMailer', { - enumerable: true - , configurable: false - , writable: false - , value: function getSiteMailer() { - var nodemailer = require('nodemailer'); - var transport = require('nodemailer-mailgun-transport'); - //var mailconf = require('../../../com.daplie.mailer/config.mailgun'); - var mailconf = siteConfig['mailgun.org']; - var mailer = PromiseA.promisifyAll(nodemailer.createTransport(transport(mailconf))); + if (localCache.rests[pkgId]) { + localCache.rests[pkgId].handler(req, res, next); + hasBeenHandled = true; - return mailer; + if (now - localCache.rests[pkgId].createdAt > staleAfter) { + localCache.rests[pkgId] = null; + } + } + + if (!localCache.rests[pkgId]) { + //return doesThisPkgExist + + return loadRestHandler(xconfx, clientUrih, pkgId).then(function (myHandler) { + if (!myHandler) { + notConfigured(req, res); + return; + } + + localCache.rests[pkgId] = { handler: myHandler.handler, createdAt: now }; + if (!hasBeenHandled) { + myHandler.handler(req, res, next); } }); - - if (localCache.rests[pkgId]) { - localCache.rests[pkgId].handler(req, res, next); - hasBeenHandled = true; - - if (now - localCache.rests[pkgId].createdAt > staleAfter) { - localCache.rests[pkgId] = null; - } - } - - if (!localCache.rests[pkgId]) { - //return doesThisPkgExist - - return loadRestHandler(xconfx, pkgId).then(function (myHandler) { - if (!myHandler) { - notConfigured(req, res); - return; - } - - localCache.rests[pkgId] = { handler: myHandler.handler, createdAt: now }; - if (!hasBeenHandled) { - myHandler.handler(req, res, next); - } - }); - } - }); + } }); }); }; From 72032b644b8dd9d338dc5120ee0d2bb1aa8634bc Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 26 May 2017 21:10:23 +0000 Subject: [PATCH 59/76] add getSiteConfig --- lib/apis.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/apis.js b/lib/apis.js index 827e51d..a210b8f 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -165,6 +165,15 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { } }); + Object.defineProperty(req, 'getSiteConfig', { + enumerable: true + , configurable: false + , writable: false + , value: function getSiteMailerProp(section) { + return PromiseA.resolve((siteConfig || {})[section]); + } + }); + Object.defineProperty(req, 'getSitePackageConfig', { enumerable: true , configurable: false From 69a18ad7d417eacaaa06ea275cdf764eaba4d94c Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 26 May 2017 22:06:21 +0000 Subject: [PATCH 60/76] add getSiteStore --- lib/apis.js | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/lib/apis.js b/lib/apis.js index a210b8f..7bce80f 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -75,6 +75,37 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { }); } + var modelsCache = {}; + function getSiteStore(clientUrih, pkgId, dir) { + if (modelsCache[clientUrih]) { + return modelsCache[clientUrih]; + } + + // DB scopes: + // system (global) + // experience (per domain) + // api (per api) + // account (per user account) + // client (per 3rd party client) + + // scope Experience to db + // scope Api by table + // scope Account and Client by column + modelsCache[clientUrih] = apiFactories.systemSqlFactory.create({ + init: true + , dbname: clientUrih // '#' is a valid file name character + }).then(function (db) { + var wrap = require('masterquest-sqlite3'); + + return wrap.wrap(db, dir).then(function (models) { + modelsCache[clientUrih] = PromiseA.resolve(models); + return models; + }); + }); + + return modelsCache[clientUrih]; + } + function loadRestHelper(myConf, clientUrih, pkgId) { var pkgPath = path.join(myConf.restPath, pkgId); @@ -183,6 +214,26 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { } }); + Object.defineProperty(req, 'getSiteStore', { + enumerable: true + , configurable: false + , writable: false + , value: function getSiteStoreProp() { + var restPath = path.join(myConf.restPath, pkgId); + var apiPath = path.join(myConf.apiPath, pkgId); + var dir; + + // TODO usage package.json as a falback if the standard location is not used + try { + dir = require(path.join(apiPath, 'models.js')); + } catch(e) { + dir = require(path.join(restPath, 'models.js')); + } + + return getSiteStore(clientUrih, pkgId, dir); + } + }); + req._walnutOriginalUrl = req.url; // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); From 064f4ca9035539bd2f621e8e9015df6d2a521516 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 26 May 2017 23:09:49 +0000 Subject: [PATCH 61/76] support text linked packages --- lib/apis.js | 251 +++++++++++++++++++++++++--------------------------- 1 file changed, 121 insertions(+), 130 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 7bce80f..249c051 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -108,155 +108,146 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { function loadRestHelper(myConf, clientUrih, pkgId) { var pkgPath = path.join(myConf.restPath, pkgId); + var pkgLinks = []; + pkgLinks.push(pkgId); - // TODO should not require package.json. Should work with files alone. - return fs.readFileAsync(path.join(pkgPath, 'package.json'), 'utf8').then(function (text) { - var pkg = JSON.parse(text); - var pkgDeps = {}; - var myApp; - - if (pkg.walnut) { - pkgPath = path.join(pkgPath, pkg.walnut); + // TODO allow recursion, but catch cycles + return fs.lstatAsync(pkgPath).then(function (stat) { + if (!stat.isFile()) { + return; } - Object.keys(apiDeps).forEach(function (key) { - pkgDeps[key] = apiDeps[key]; - }); - Object.keys(apiFactories).forEach(function (key) { - pkgDeps[key] = apiFactories[key]; + return fs.readFileAsync(pkgPath, 'utf8').then(function (text) { + pkgId = text.trim(); + pkgPath = path.join(myConf.restPath, pkgId); }); + }, function () { + // ignore error + return; + }).then(function () { + // TODO should not require package.json. Should work with files alone. + return fs.readFileAsync(path.join(pkgPath, 'package.json'), 'utf8').then(function (text) { + var pkg = JSON.parse(text); + var pkgDeps = {}; + var myApp; - // TODO pull db stuff from package.json somehow and pass allowed data models as deps - // - // how can we tell which of these would be correct? - // deps.memstore = apiFactories.memstoreFactory.create(pkgId); - // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId); - // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId + pkgId); + if (pkg.walnut) { + pkgPath = path.join(pkgPath, pkg.walnut); + } - // let's go with this one for now and the api can choose to scope or not to scope - pkgDeps.memstore = apiFactories.memstoreFactory.create(pkgId); + Object.keys(apiDeps).forEach(function (key) { + pkgDeps[key] = apiDeps[key]; + }); + Object.keys(apiFactories).forEach(function (key) { + pkgDeps[key] = apiFactories[key]; + }); - console.log('DEBUG pkgPath', pkgPath); - myApp = express(); + // TODO pull db stuff from package.json somehow and pass allowed data models as deps + // + // how can we tell which of these would be correct? + // deps.memstore = apiFactories.memstoreFactory.create(pkgId); + // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId); + // deps.memstore = apiFactories.memstoreFactory.create(req.experienceId + pkgId); -/* - var pkgConf = { - pagespath: path.join(__dirname, '..', '..', 'packages', 'pages') + path.sep - , apipath: path.join(__dirname, '..', '..', 'packages', 'apis') + path.sep - , servicespath: path.join(__dirname, '..', '..', 'packages', 'services') - , vhostsMap: vhostsMap - , vhostPatterns: null - , server: webserver - , externalPort: info.conf.externalPort - , primaryNameserver: info.conf.primaryNameserver - , nameservers: info.conf.nameservers - , privkey: info.conf.privkey - , pubkey: info.conf.pubkey - , redirects: info.conf.redirects - , apiPrefix: '/api' - , 'org.oauth3.consumer': info.conf['org.oauth3.consumer'] - , 'org.oauth3.provider': info.conf['org.oauth3.provider'] - , keys: info.conf.keys - }; -*/ + // let's go with this one for now and the api can choose to scope or not to scope + pkgDeps.memstore = apiFactories.memstoreFactory.create(pkgId); - var _getOauth3Controllers = pkgDeps.getOauth3Controllers = require('oauthcommon/example-oauthmodels').create( - { sqlite3Sock: xconfx.sqlite3Sock, ipcKey: xconfx.ipcKey } - ).getControllers; - //require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); - require('oauthcommon').inject(_getOauth3Controllers, myApp/*, pkgConf, pkgDeps*/); + console.log('DEBUG pkgPath', pkgPath); + myApp = express(); - myApp.use('/public', function preHandler(req, res, next) { - // TODO authenticate or use guest user - next(); - }); + var _getOauth3Controllers = pkgDeps.getOauth3Controllers = require('oauthcommon/example-oauthmodels').create( + { sqlite3Sock: xconfx.sqlite3Sock, ipcKey: xconfx.ipcKey } + ).getControllers; + //require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps); + require('oauthcommon').inject(_getOauth3Controllers, myApp/*, pkgConf, pkgDeps*/); - myApp.use('/', function preHandler(req, res, next) { - return getSiteConfig(clientUrih).then(function (siteConfig) { - /* - Object.defineProperty(req, 'siteConfig', { - enumerable: true - , configurable: false - , writable: false - , value: siteConfig - }); - */ - Object.defineProperty(req, 'getSiteMailer', { - enumerable: true - , configurable: false - , writable: false - , value: function getSiteMailerProp() { - var nodemailer = require('nodemailer'); - var transport = require('nodemailer-mailgun-transport'); - //var mailconf = require('../../../com.daplie.mailer/config.mailgun'); - var mailconf = siteConfig['mailgun.org']; - var mailer = PromiseA.promisifyAll(nodemailer.createTransport(transport(mailconf))); + myApp.use('/public', function preHandler(req, res, next) { + // TODO authenticate or use guest user + next(); + }); - return mailer; - } - }); + myApp.use('/', function preHandler(req, res, next) { + return getSiteConfig(clientUrih).then(function (siteConfig) { + Object.defineProperty(req, 'getSiteMailer', { + enumerable: true + , configurable: false + , writable: false + , value: function getSiteMailerProp() { + var nodemailer = require('nodemailer'); + var transport = require('nodemailer-mailgun-transport'); + //var mailconf = require('../../../com.daplie.mailer/config.mailgun'); + var mailconf = siteConfig['mailgun.org']; + var mailer = PromiseA.promisifyAll(nodemailer.createTransport(transport(mailconf))); - Object.defineProperty(req, 'getSiteConfig', { - enumerable: true - , configurable: false - , writable: false - , value: function getSiteMailerProp(section) { - return PromiseA.resolve((siteConfig || {})[section]); - } - }); - - Object.defineProperty(req, 'getSitePackageConfig', { - enumerable: true - , configurable: false - , writable: false - , value: function getSitePackageConfigProp() { - return getSitePackageConfig(clientUrih, pkgId); - } - }); - - Object.defineProperty(req, 'getSiteStore', { - enumerable: true - , configurable: false - , writable: false - , value: function getSiteStoreProp() { - var restPath = path.join(myConf.restPath, pkgId); - var apiPath = path.join(myConf.apiPath, pkgId); - var dir; - - // TODO usage package.json as a falback if the standard location is not used - try { - dir = require(path.join(apiPath, 'models.js')); - } catch(e) { - dir = require(path.join(restPath, 'models.js')); + return mailer; } + }); - return getSiteStore(clientUrih, pkgId, dir); - } + Object.defineProperty(req, 'getSiteConfig', { + enumerable: true + , configurable: false + , writable: false + , value: function getSiteMailerProp(section) { + return PromiseA.resolve((siteConfig || {})[section]); + } + }); + + Object.defineProperty(req, 'getSitePackageConfig', { + enumerable: true + , configurable: false + , writable: false + , value: function getSitePackageConfigProp() { + return getSitePackageConfig(clientUrih, pkgId); + } + }); + + Object.defineProperty(req, 'getSiteStore', { + enumerable: true + , configurable: false + , writable: false + , value: function getSiteStoreProp() { + var restPath = path.join(myConf.restPath, pkgId); + var apiPath = path.join(myConf.apiPath, pkgId); + var dir; + + // TODO usage package.json as a falback if the standard location is not used + try { + dir = require(path.join(apiPath, 'models.js')); + } catch(e) { + dir = require(path.join(restPath, 'models.js')); + } + + return getSiteStore(clientUrih, pkgId, dir); + } + }); + + req._walnutOriginalUrl = req.url; + // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' + req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); + console.log('[prehandler] req.url', req.url); + next(); + }); + }); + // + // TODO handle /accounts/:accountId + // + return PromiseA.resolve(require(pkgPath).create({ + etcpath: xconfx.etcpath + }/*pkgConf*/, pkgDeps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { + + myApp.use('/', function postHandler(req, res, next) { + req.url = req._walnutOriginalUrl; + console.log('[posthandler] req.url', req.url); + next(); }); - req._walnutOriginalUrl = req.url; - // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' - req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); - console.log('[prehandler] req.url', req.url); - next(); + localCache.pkgs[pkgId] = { pkgId: pkgId, pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; + pkgLinks.forEach(function (pkgLink) { + localCache.pkgs[pkgLink] = localCache.pkgs[pkgId]; + }); + return localCache.pkgs[pkgId]; }); }); - // - // TODO handle /accounts/:accountId - // - return PromiseA.resolve(require(pkgPath).create({ - etcpath: xconfx.etcpath - }/*pkgConf*/, pkgDeps/*pkgDeps*/, myApp/*myApp*/)).then(function (handler) { - - myApp.use('/', function postHandler(req, res, next) { - req.url = req._walnutOriginalUrl; - console.log('[posthandler] req.url', req.url); - next(); - }); - - localCache.pkgs[pkgId] = { pkg: pkg, handler: handler || myApp, createdAt: Date.now() }; - return localCache.pkgs[pkgId]; - }); }); } From d27442f18206a137fa86ffffdab76466fb8c49c3 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 27 May 2017 01:17:50 +0000 Subject: [PATCH 62/76] add missing api dir --- lib/apis.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/apis.js b/lib/apis.js index 249c051..fc51f49 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -11,6 +11,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // TODO xconfx.apispath xconfx.restPath = path.join(__dirname, '..', '..', 'packages', 'rest'); + xconfx.apiPath = path.join(__dirname, '..', '..', 'packages', 'api'); xconfx.appApiGrantsPath = path.join(__dirname, '..', '..', 'packages', 'client-api-grants'); xconfx.appConfigPath = path.join(__dirname, '..', '..', 'var'); From 41ca197500f46627f789b39cfe093a5902e4d44d Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 29 May 2017 17:08:32 +0000 Subject: [PATCH 63/76] add other mailers --- package.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package.json b/package.json index efa3ca0..ec415c1 100644 --- a/package.json +++ b/package.json @@ -83,6 +83,8 @@ "json-storage": "2.x", "jsonwebtoken": "^5.4.0", "lodash": "2.x", + "mailchimp-api-v3": "^1.7.0", + "mandrill-api": "^1.0.45", "masterquest-sqlite3": "git+https://git.daplie.com/node/masterquest-sqlite3.git", "media-typer": "^0.3.0", "methods": "^1.1.1", From a379a3c2013c3ba1971aea82497f9df10edd056c Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 29 May 2017 17:32:44 +0000 Subject: [PATCH 64/76] add stripe and promises --- lib/apis.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/apis.js b/lib/apis.js index fc51f49..46aced2 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -155,6 +155,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { console.log('DEBUG pkgPath', pkgPath); myApp = express(); + myApp.handlePromise = require('./lib/common').promisableRequest; + myApp.handleRejection = require('./lib/common').rejectableRequest; var _getOauth3Controllers = pkgDeps.getOauth3Controllers = require('oauthcommon/example-oauthmodels').create( { sqlite3Sock: xconfx.sqlite3Sock, ipcKey: xconfx.ipcKey } @@ -222,6 +224,9 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { } }); + req.Stripe = require('stripe')(siteConfig['stripe.com'].live.secret); + req.StripeTest = require('stripe')(siteConfig['stripe.com'].test.secret); + req._walnutOriginalUrl = req.url; // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); From c740607c9890211eb73ac51ee2966ae4a4d99353 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 29 May 2017 17:35:52 +0000 Subject: [PATCH 65/76] stub for abstract payments --- lib/apis.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/apis.js b/lib/apis.js index 46aced2..d9f237e 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -224,6 +224,15 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { } }); + /* + Object.defineProperty(req, 'getSitePayments', { + enumerable: true + , configurable: false + , writable: false + , value: function getSitePaymentsProp() { + } + }); + */ req.Stripe = require('stripe')(siteConfig['stripe.com'].live.secret); req.StripeTest = require('stripe')(siteConfig['stripe.com'].test.secret); From 5ff3e8ecca3af2246103675199c531106f71e5fa Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 29 May 2017 17:43:58 +0000 Subject: [PATCH 66/76] comment on stripe tenants --- lib/apis.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/apis.js b/lib/apis.js index d9f237e..adab8a3 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -233,6 +233,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { } }); */ + // TODO allow third-party clients stripe ids destination + // https://stripe.com/docs/connect/payments-fees req.Stripe = require('stripe')(siteConfig['stripe.com'].live.secret); req.StripeTest = require('stripe')(siteConfig['stripe.com'].test.secret); From 7a9ea3fef8a081288505653eaea9e616ade75f27 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 29 May 2017 18:29:05 +0000 Subject: [PATCH 67/76] define properties for mailers and stripe --- lib/apis.js | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index adab8a3..5950d35 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -169,6 +169,11 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { next(); }); + // TODO delete these caches when config changes + var _stripe; + var _stripe_test; + var _mandrill; + var _mailchimp; myApp.use('/', function preHandler(req, res, next) { return getSiteConfig(clientUrih).then(function (siteConfig) { Object.defineProperty(req, 'getSiteMailer', { @@ -235,8 +240,54 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { */ // TODO allow third-party clients stripe ids destination // https://stripe.com/docs/connect/payments-fees - req.Stripe = require('stripe')(siteConfig['stripe.com'].live.secret); - req.StripeTest = require('stripe')(siteConfig['stripe.com'].test.secret); + Object.defineProperty(req, 'Stripe', { + enumerable: true + , configurable: false + , writable: false + , get: function () { + _stripe = _stripe || require('stripe')(siteConfig['stripe.com'].live.secret); + return _stripe; + } + }); + + Object.defineProperty(req, 'StripeTest', { + enumerable: true + , configurable: false + , writable: false + , get: function () { + _stripe_test = _stripe_test || require('stripe')(siteConfig['stripe.com'].test.secret); + return _stripe_test; + } + }); + + Object.defineProperty(req, 'Mandrill', { + enumerable: true + , configurable: false + , writable: false + , get: function () { + if (!_mandrill) { + var Mandrill = require('mandrill-api/mandrill'); + _mandrill = new Mandrill.Mandrill(siteConfig['mandrill.com'].apiKey); + _mandrill.messages.sendTemplateAsync = function (opts) { + return new PromiseA(function (resolve, reject) { + _mandrill.messages.sendTemplate(opts, resolve, reject); + }); + }; + } + return _mandrill; + } + }); + + Object.defineProperty(req, 'Mailchimp', { + enumerable: true + , configurable: false + , writable: false + , get: function () { + var Mailchimp = require('mailchimp-api-v3'); + _mailchimp = _mailchimp || new Mailchimp(siteConfig['mailchimp.com'].apiKey); + return _stripe_test; + } + }); req._walnutOriginalUrl = req.url; // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' @@ -245,6 +296,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { next(); }); }); + // // TODO handle /accounts/:accountId // From a2dcd45403d725872ffd8b873ee2bdc53a04b4e5 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 29 May 2017 18:35:59 +0000 Subject: [PATCH 68/76] typo fixes --- lib/apis.js | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 5950d35..b807721 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -155,8 +155,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { console.log('DEBUG pkgPath', pkgPath); myApp = express(); - myApp.handlePromise = require('./lib/common').promisableRequest; - myApp.handleRejection = require('./lib/common').rejectableRequest; + myApp.handlePromise = require('./common').promisableRequest; + myApp.handleRejection = require('./common').rejectableRequest; var _getOauth3Controllers = pkgDeps.getOauth3Controllers = require('oauthcommon/example-oauthmodels').create( { sqlite3Sock: xconfx.sqlite3Sock, ipcKey: xconfx.ipcKey } @@ -243,7 +243,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { Object.defineProperty(req, 'Stripe', { enumerable: true , configurable: false - , writable: false , get: function () { _stripe = _stripe || require('stripe')(siteConfig['stripe.com'].live.secret); return _stripe; @@ -253,7 +252,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { Object.defineProperty(req, 'StripeTest', { enumerable: true , configurable: false - , writable: false , get: function () { _stripe_test = _stripe_test || require('stripe')(siteConfig['stripe.com'].test.secret); return _stripe_test; @@ -263,7 +261,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { Object.defineProperty(req, 'Mandrill', { enumerable: true , configurable: false - , writable: false , get: function () { if (!_mandrill) { var Mandrill = require('mandrill-api/mandrill'); @@ -281,7 +278,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { Object.defineProperty(req, 'Mailchimp', { enumerable: true , configurable: false - , writable: false , get: function () { var Mailchimp = require('mailchimp-api-v3'); _mailchimp = _mailchimp || new Mailchimp(siteConfig['mailchimp.com'].apiKey); From f07780ac4e69c316a95e5f7f5f6e8d516eac6a0f Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 29 May 2017 21:39:52 +0000 Subject: [PATCH 69/76] add app.grantsRequired --- lib/apis.js | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/lib/apis.js b/lib/apis.js index b807721..e7970a7 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -157,6 +157,44 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { myApp = express(); myApp.handlePromise = require('./common').promisableRequest; myApp.handleRejection = require('./common').rejectableRequest; + myApp.grantsRequired = function (grants) { + if (!Array.isArray(grants)) { + throw new Error("Usage: app.grantsRequired([ 'name|altname|altname2', 'othergrant' ])"); + } + + if (!grants.length) { + return function (req, res, next) { + next(); + }; + } + + return function (req, res, next) { + if (!(req.oauth3 || req.oauth3.token)) { + // TODO some error generator for standard messages + res.send({ error: { message: "You must be logged in", code: "E_NO_AUTHN" } }); + return; + } + if ('string' !== req.oauth3.token.scp) { + res.send({ error: { message: "Token must contain a grants string in 'scp'", code: "E_NO_GRANTS" } }); + return; + } + + // every grant in the array must be present + if (!grants.every(function (grant) { + var scopes = grant.split(/\|/g); + return scopes.some(function (scp) { + return req.oauth3.token.scp.split(/[,\s]+/mg).some(function (s) { + return scp === s; + }); + }); + })) { + res.send({ error: { message: "Token does not contain valid grants: '" + grants + "'", code: "E_NO_GRANTS" } }); + return; + } + + next(); + }; + }; var _getOauth3Controllers = pkgDeps.getOauth3Controllers = require('oauthcommon/example-oauthmodels').create( { sqlite3Sock: xconfx.sqlite3Sock, ipcKey: xconfx.ipcKey } From 1ae97267a0556b64981ad5901b0a33a8fb8b2827 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 30 May 2017 01:21:43 +0000 Subject: [PATCH 70/76] typo fix --- lib/apis.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/apis.js b/lib/apis.js index e7970a7..6ffe6ec 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -174,7 +174,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { res.send({ error: { message: "You must be logged in", code: "E_NO_AUTHN" } }); return; } - if ('string' !== req.oauth3.token.scp) { + if ('string' !== typeof req.oauth3.token.scp) { res.send({ error: { message: "Token must contain a grants string in 'scp'", code: "E_NO_GRANTS" } }); return; } From 68e48800c3c766a2cc14d733c79ed21feaaeef72 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 30 May 2017 01:39:21 +0000 Subject: [PATCH 71/76] allow multiple db wraps --- lib/apis.js | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 6ffe6ec..057bf2c 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -78,8 +78,11 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { var modelsCache = {}; function getSiteStore(clientUrih, pkgId, dir) { - if (modelsCache[clientUrih]) { - return modelsCache[clientUrih]; + if (!modelsCache[clientUrih]) { + modelsCache[clientUrih] = apiFactories.systemSqlFactory.create({ + init: true + , dbname: clientUrih // '#' is a valid file name character + }); } // DB scopes: @@ -92,19 +95,14 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // scope Experience to db // scope Api by table // scope Account and Client by column - modelsCache[clientUrih] = apiFactories.systemSqlFactory.create({ - init: true - , dbname: clientUrih // '#' is a valid file name character - }).then(function (db) { + return modelsCache[clientUrih].then(function (db) { var wrap = require('masterquest-sqlite3'); return wrap.wrap(db, dir).then(function (models) { - modelsCache[clientUrih] = PromiseA.resolve(models); + //modelsCache[clientUrih] = PromiseA.resolve(models); return models; }); }); - - return modelsCache[clientUrih]; } function loadRestHelper(myConf, clientUrih, pkgId) { From 614eb960d487e2392d413f4aacf16c87d20ba5e8 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 30 May 2017 17:29:14 +0000 Subject: [PATCH 72/76] clientApiUri --- lib/apis.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/apis.js b/lib/apis.js index 057bf2c..2443ef2 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -395,6 +395,7 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { // example.com/subpath/api should resolve to example.com#subapp // sub.example.com/subpath/api should resolve to sub.example.com#subapp var clientUrih = req.hostname.replace(/^api\./, '') + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, ''); + var clientApiUri = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/$/, ''); // Canonical package names // '/api/com.daplie.hello/hello' should resolve to 'com.daplie.hello' // '/subapp/api/com.daplie.hello/hello' should also 'com.daplie.hello' @@ -410,6 +411,12 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { , writable: false , value: clientUrih }); + Object.defineProperty(req, 'clientApiUri', { + enumerable: true + , configurable: false + , writable: false + , value: clientApiUri + }); Object.defineProperty(req, 'apiId', { enumerable: true , configurable: false From 98188ed093f95fbac0ddeab6d4178ca7d8e8f70a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 30 May 2017 17:31:29 +0000 Subject: [PATCH 73/76] add stripe --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index ec415c1..167ab39 100644 --- a/package.json +++ b/package.json @@ -118,6 +118,7 @@ "sqlite3": "3.x", "sqlite3-cluster": "git+https://git.daplie.com/coolaj86/sqlite3-cluster.git#v2", "ssl-root-cas": "1.x", + "stripe": "^4.22.0", "twilio": "1.x", "type-is": "^1.6.1", "underscore.string": "2.x", From 2299af2b01e8a15586bd5dcbf96cb5baafb441ad Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 31 May 2017 00:40:44 +0000 Subject: [PATCH 74/76] chimney --- lib/apis.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/apis.js b/lib/apis.js index 2443ef2..5f57b35 100644 --- a/lib/apis.js +++ b/lib/apis.js @@ -32,7 +32,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { var appApiGrantsPath = path.join(myConf.appApiGrantsPath, clientUrih); return fs.readFileAsync(appApiGrantsPath, 'utf8').then(function (text) { - console.log('sanity', text); return text.trim().split(/\n/); }, function (err) { if ('ENOENT' !== err.code) { @@ -42,7 +41,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { }).then(function (apis) { if (apis.some(function (api) { if (api === pkgId) { - console.log(api, pkgId, api === pkgId); return true; } })) { @@ -324,7 +322,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { req._walnutOriginalUrl = req.url; // "/path/api/com.example/hello".replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/') => '/hello' req.url = req.url.replace(/\/api\//, '').replace(/.*\/api\//, '').replace(/([^\/]*\/+)/, '/'); - console.log('[prehandler] req.url', req.url); next(); }); }); @@ -338,7 +335,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { myApp.use('/', function postHandler(req, res, next) { req.url = req._walnutOriginalUrl; - console.log('[posthandler] req.url', req.url); next(); }); @@ -388,7 +384,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) { return function (req, res, next) { cors(req, res, function () { - console.log('[sanity check]', req.url); // Canonical client names // example.com should use api.example.com/api for all requests // sub.example.com/api should resolve to sub.example.com From 4f221be940696a2c522a0f13e02752789a51b236 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 31 May 2017 00:55:32 +0000 Subject: [PATCH 75/76] update README and branch with v1 --- README.md | 18 +++++++++++++++++- install.sh | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8880adc..34bbab1 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,27 @@ walnut Small, light, and secure iot application framework. ```bash -curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh | bash +curl https://daplie.me/install-scripts | bash daplie-install-cloud ``` +If the pretty url isn't working, for whatever reason, you also try the direct one + +```bash +# curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh | bash +# daplie-install-cloud +``` + +You could also, of course, try installing from the repository directly +(especially if you have goldilocks or some similar already installed) + +```bash +mkdir -p /srv/walnut/ +git clone git@git.daplie.com:Daplie/walnut.js.git /srv/walnut/core +bash /srv/walnut/core/install.sh +``` + Features ------ diff --git a/install.sh b/install.sh index a0a9f01..784a55b 100755 --- a/install.sh +++ b/install.sh @@ -199,7 +199,7 @@ install_uninstaller() dap_dl_bash "https://git.daplie.com/coolaj86/node-install-script/raw/master/setup-min.sh" # Install -# npm install -g 'git+https://git@git.daplie.com/Daplie/walnut.js.git#fs-nosql' +# npm install -g 'git+https://git@git.daplie.com/Daplie/walnut.js.git#v1' my_app_name=walnut my_app_pkg_name=com.daplie.walnut.web From 34ed7bfd935aa5528fd01a70c9e3507bc30f42a1 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 31 May 2017 00:56:02 +0000 Subject: [PATCH 76/76] change branch --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 34bbab1..c9419ec 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,9 @@ You could also, of course, try installing from the repository directly ```bash mkdir -p /srv/walnut/ git clone git@git.daplie.com:Daplie/walnut.js.git /srv/walnut/core +pushd /srv/walnut/core + git checkout v1 +popd bash /srv/walnut/core/install.sh ```