From 37ca4eaf20f2da7cdceb8255e85d8384f1c119d8 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Tue, 31 Dec 2019 11:11:06 +0100 Subject: [PATCH 01/76] working on paginate alias log page --- .../templates/dashboard/alias_log.html | 10 ++++++-- app/dashboard/views/alias_log.py | 23 ++++++++++++------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/app/dashboard/templates/dashboard/alias_log.html b/app/dashboard/templates/dashboard/alias_log.html index d6b3c71b..59c40d06 100644 --- a/app/dashboard/templates/dashboard/alias_log.html +++ b/app/dashboard/templates/dashboard/alias_log.html @@ -7,7 +7,7 @@ {% endblock %} {% block default_content %} -
+

{{ alias }}

@@ -16,7 +16,7 @@
{% for log in logs %}
-
+
{{ log.when | dt }}
{{ log.website_from or log.website_email }} @@ -40,6 +40,12 @@ {% endfor %}
+ {% endblock %} {% block script %} diff --git a/app/dashboard/views/alias_log.py b/app/dashboard/views/alias_log.py index 31089056..c96b7df2 100644 --- a/app/dashboard/views/alias_log.py +++ b/app/dashboard/views/alias_log.py @@ -1,13 +1,15 @@ from dataclasses import dataclass import arrow -from flask import render_template, flash, redirect, url_for +from flask import render_template, flash, redirect, url_for, abort from flask_login import login_required, current_user from app.dashboard.base import dashboard_bp from app.extensions import db from app.models import GenEmail, ForwardEmailLog, ForwardEmail +LIMIT = 3 + @dataclass class AliasLog: @@ -19,9 +21,10 @@ class AliasLog: blocked: bool -@dashboard_bp.route("/alias_log/", methods=["GET"]) +@dashboard_bp.route("/alias_log/", methods=["GET"], defaults={'page_id': 0}) +@dashboard_bp.route("/alias_log//") @login_required -def alias_log(alias): +def alias_log(alias, page_id): gen_email = GenEmail.get_by(email=alias) # sanity check @@ -33,19 +36,23 @@ def alias_log(alias): flash("You do not have access to this page", "warning") return redirect(url_for("dashboard.index")) + logs = get_alias_log(gen_email, page_id) + last_page = len(logs) < LIMIT # lightweight pagination without counting all objects + return render_template( - "dashboard/alias_log.html", logs=get_alias_log(gen_email), alias=alias + "dashboard/alias_log.html", **locals() ) -def get_alias_log(gen_email: GenEmail): +def get_alias_log(gen_email: GenEmail, page_id=0): logs: [AliasLog] = [] q = ( db.session.query(ForwardEmail, ForwardEmailLog) - .filter(ForwardEmail.id == ForwardEmailLog.forward_id) - .filter(ForwardEmail.gen_email_id == gen_email.id) - .all() + .filter(ForwardEmail.id == ForwardEmailLog.forward_id) + .filter(ForwardEmail.gen_email_id == gen_email.id) + .limit(LIMIT) + .offset(page_id * LIMIT) ) for fe, fel in q: From d42eea39cc726643403b3f286deede6cb1eebbd9 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Tue, 31 Dec 2019 11:22:18 +0100 Subject: [PATCH 02/76] consider to get rid of dataclass dependent --- app/dashboard/views/alias_log.py | 39 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/app/dashboard/views/alias_log.py b/app/dashboard/views/alias_log.py index c96b7df2..37911d63 100644 --- a/app/dashboard/views/alias_log.py +++ b/app/dashboard/views/alias_log.py @@ -1,6 +1,3 @@ -from dataclasses import dataclass - -import arrow from flask import render_template, flash, redirect, url_for, abort from flask_login import login_required, current_user @@ -8,20 +5,25 @@ from app.dashboard.base import dashboard_bp from app.extensions import db from app.models import GenEmail, ForwardEmailLog, ForwardEmail -LIMIT = 3 +LIMIT = 15 -@dataclass class AliasLog: - website_email: str - website_from: str - alias: str - when: arrow.Arrow - is_reply: bool - blocked: bool + __slots__ = [ + "website_email", + "website_from", + "alias", + "when", + "is_reply", + "blocked", + ] # memory efficiency + + def __init__(self, **kwargs): + for k, v in kwargs.items(): + setattr(self, k, v) -@dashboard_bp.route("/alias_log/", methods=["GET"], defaults={'page_id': 0}) +@dashboard_bp.route("/alias_log/", methods=["GET"], defaults={"page_id": 0}) @dashboard_bp.route("/alias_log//") @login_required def alias_log(alias, page_id): @@ -39,9 +41,7 @@ def alias_log(alias, page_id): logs = get_alias_log(gen_email, page_id) last_page = len(logs) < LIMIT # lightweight pagination without counting all objects - return render_template( - "dashboard/alias_log.html", **locals() - ) + return render_template("dashboard/alias_log.html", **locals()) def get_alias_log(gen_email: GenEmail, page_id=0): @@ -49,10 +49,10 @@ def get_alias_log(gen_email: GenEmail, page_id=0): q = ( db.session.query(ForwardEmail, ForwardEmailLog) - .filter(ForwardEmail.id == ForwardEmailLog.forward_id) - .filter(ForwardEmail.gen_email_id == gen_email.id) - .limit(LIMIT) - .offset(page_id * LIMIT) + .filter(ForwardEmail.id == ForwardEmailLog.forward_id) + .filter(ForwardEmail.gen_email_id == gen_email.id) + .limit(LIMIT) + .offset(page_id * LIMIT) ) for fe, fel in q: @@ -65,7 +65,6 @@ def get_alias_log(gen_email: GenEmail, page_id=0): blocked=fel.blocked, ) logs.append(al) - logs = sorted(logs, key=lambda l: l.when, reverse=True) return logs From 652e6231115636ad1f15e932d131d542b85a9ca6 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 31 Dec 2019 17:11:42 +0100 Subject: [PATCH 03/76] make sure that user cannot use any suffix --- app/dashboard/views/custom_alias.py | 10 +++++++++- app/utils.py | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/dashboard/views/custom_alias.py b/app/dashboard/views/custom_alias.py index 034746a1..7d04f577 100644 --- a/app/dashboard/views/custom_alias.py +++ b/app/dashboard/views/custom_alias.py @@ -6,7 +6,7 @@ from app.dashboard.base import dashboard_bp from app.extensions import db from app.log import LOG from app.models import GenEmail, DeletedAlias, CustomDomain -from app.utils import convert_to_id, random_word +from app.utils import convert_to_id, random_word, word_exist @dashboard_bp.route("/custom_alias", methods=["GET", "POST"]) @@ -27,6 +27,14 @@ def custom_alias(): email_prefix = convert_to_id(email_prefix) email_suffix = request.form.get("email-suffix") + # verify email_suffix + if not word_exist(email_suffix): + flash( + "nice try :). The suffix is there so no one can take all the *nice* aliases though", + "warning", + ) + return redirect(url_for("dashboard.custom_alias")) + if not email_prefix: error = "alias prefix cannot be empty" else: diff --git a/app/utils.py b/app/utils.py index 33a2703d..2c8b6599 100644 --- a/app/utils.py +++ b/app/utils.py @@ -16,6 +16,10 @@ def random_word(): return random.choice(_words) +def word_exist(word): + return word in _words + + def random_words(): """Generate a random words. Used to generate user-facing string, for ex email addresses""" nb_words = random.randint(2, 3) From a20f790fda2956988555409e417545c8c65cd305 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Tue, 31 Dec 2019 20:08:59 +0100 Subject: [PATCH 04/76] add py36 --- .github/workflows/pythonpackage.yml | 2 +- app/dashboard/views/alias_log.py | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index a76a912a..7cbc47a2 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -9,7 +9,7 @@ jobs: strategy: max-parallel: 4 matrix: - python-version: [3.7] + python-version: [3.6, 3.7] steps: - uses: actions/checkout@v1 diff --git a/app/dashboard/views/alias_log.py b/app/dashboard/views/alias_log.py index 37911d63..f2ed75d3 100644 --- a/app/dashboard/views/alias_log.py +++ b/app/dashboard/views/alias_log.py @@ -5,7 +5,7 @@ from app.dashboard.base import dashboard_bp from app.extensions import db from app.models import GenEmail, ForwardEmailLog, ForwardEmail -LIMIT = 15 +_LIMIT = 15 class AliasLog: @@ -39,7 +39,9 @@ def alias_log(alias, page_id): return redirect(url_for("dashboard.index")) logs = get_alias_log(gen_email, page_id) - last_page = len(logs) < LIMIT # lightweight pagination without counting all objects + last_page = ( + len(logs) < _LIMIT + ) # lightweight pagination without counting all objects return render_template("dashboard/alias_log.html", **locals()) @@ -51,8 +53,8 @@ def get_alias_log(gen_email: GenEmail, page_id=0): db.session.query(ForwardEmail, ForwardEmailLog) .filter(ForwardEmail.id == ForwardEmailLog.forward_id) .filter(ForwardEmail.gen_email_id == gen_email.id) - .limit(LIMIT) - .offset(page_id * LIMIT) + .limit(_LIMIT) + .offset(page_id * _LIMIT) ) for fe, fel in q: From 1162495b36a91c85c453c12bf8426aab2e911cb9 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Tue, 31 Dec 2019 20:20:17 +0100 Subject: [PATCH 05/76] remove dataclasses completely, remove the slots magic --- app/dashboard/views/alias_log.py | 17 ++++++++--------- app/dashboard/views/index.py | 5 ++++- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/app/dashboard/views/alias_log.py b/app/dashboard/views/alias_log.py index f2ed75d3..d7ec6388 100644 --- a/app/dashboard/views/alias_log.py +++ b/app/dashboard/views/alias_log.py @@ -1,4 +1,5 @@ -from flask import render_template, flash, redirect, url_for, abort +import arrow +from flask import render_template, flash, redirect, url_for from flask_login import login_required, current_user from app.dashboard.base import dashboard_bp @@ -9,14 +10,12 @@ _LIMIT = 15 class AliasLog: - __slots__ = [ - "website_email", - "website_from", - "alias", - "when", - "is_reply", - "blocked", - ] # memory efficiency + website_email: str + website_from: str + alias: str + when: arrow.Arrow + is_reply: bool + blocked: bool def __init__(self, **kwargs): for k, v in kwargs.items(): diff --git a/app/dashboard/views/index.py b/app/dashboard/views/index.py index d9899ab3..614e4e9d 100644 --- a/app/dashboard/views/index.py +++ b/app/dashboard/views/index.py @@ -19,7 +19,6 @@ from app.models import ( ) -@dataclass class AliasInfo: gen_email: GenEmail nb_forward: int @@ -29,6 +28,10 @@ class AliasInfo: show_intro_test_send_email: bool = False highlight: bool = False + def __init__(self, **kwargs): + for k, v in kwargs.items(): + setattr(self, k, v) + @dashboard_bp.route("/", methods=["GET", "POST"]) @login_required From e5b6cb8461d478c88b6a2da57a21579ab4d91ef8 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Tue, 31 Dec 2019 20:22:46 +0100 Subject: [PATCH 06/76] forget to remove the import --- app/dashboard/views/index.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/dashboard/views/index.py b/app/dashboard/views/index.py index 614e4e9d..61d3aecc 100644 --- a/app/dashboard/views/index.py +++ b/app/dashboard/views/index.py @@ -1,5 +1,3 @@ -from dataclasses import dataclass - from flask import render_template, request, redirect, url_for, flash, session from flask_login import login_required, current_user from sqlalchemy.orm import joinedload From 3c312dda4393183e38cd9f80cfc9c7193a7cfc46 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 10:37:35 +0100 Subject: [PATCH 07/76] remove DEBUG log from gunicorn --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 110ead14..464787a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,5 +13,5 @@ RUN pip3 install -r requirements.txt COPY . . #gunicorn wsgi:app -b 0.0.0.0:7777 -w 2 --timeout 15 --log-level DEBUG -CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15","--log-level","DEBUG"] +CMD ["gunicorn","wsgi:app","-b","0.0.0.0:7777","-w","2","--timeout","15"] From 67eb6aedfb7bc265822d9e515d427cc686c4ece0 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 10:38:19 +0100 Subject: [PATCH 08/76] Add quickstart section --- README.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4e8f640d..d5833c84 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -SimpleLogin - privacy-first email alias and Single Sign-On (SSO) Identity Provider +SimpleLogin | Privacy-First Email Alias and Identity Provider service --- https://simplelogin.io @@ -13,6 +13,25 @@ In some way yes... However, SimpleLogin is a bit different because: - plenty of features: custom domain, browser extension, alias activity, OAuth libraries, etc. - written in Python 🐍 😅 this is not a difference per se but hey I never found a Python email server so feel free to tweak this one if you want to use Python for handling emails. +# Quick start + +If you have Docker installed, run the following command to start SimpleLogin local server: + + +```bash +docker run -it --rm \ + -e RESET_DB=true \ + -e CONFIG=/code/.env.example \ + -p 7777:7777 \ + simplelogin/app python server.py +``` + +Then open http://localhost:7777, you should be able to login with `john@wick.com/password` account! + +To use SimpleLogin email aliases, you need to deploy it on your server with some DNS setup though, +the following section will show a step-by-step guide on how to get your own email forwarder service! + + # Table of Contents [1. General Architecture](#general-architecture) From 73e9ee304d09b0ba9361a7fc1ca1453278e6c82c Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 10:43:44 +0100 Subject: [PATCH 09/76] Improve README --- README.md | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index d5833c84..e1a65538 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,8 @@ -SimpleLogin | Privacy-First Email Alias and Identity Provider service +SimpleLogin | Privacy-First Email Forwarding/Alias and Identity Provider service --- https://simplelogin.io -> Yet another email forwarding service? - -In some way yes... However, SimpleLogin is a bit different because: - -- it's fully open-source: both the server and client code (browser extension, JS library) are open-source so anyone can freely inspect and (hopefully) improve the code. -- not just email alias: SimpleLogin is a privacy-first and developer-friendly identity provider that: a. offers privacy for users b. is simple to use for developers. Our goal is to offer a privacy-focused alternative to the "Login with Facebook/Google/Twitter" buttons. -- the only email alias solution that is `self-hostable`: with our detailed self-hosting instructions and most of components running as Docker container, anyone who knows how to `ssh` is able to deploy SimpleLogin on their server. -- plenty of features: custom domain, browser extension, alias activity, OAuth libraries, etc. -- written in Python 🐍 😅 this is not a difference per se but hey I never found a Python email server so feel free to tweak this one if you want to use Python for handling emails. - # Quick start If you have Docker installed, run the following command to start SimpleLogin local server: @@ -29,7 +19,24 @@ docker run -it --rm \ Then open http://localhost:7777, you should be able to login with `john@wick.com/password` account! To use SimpleLogin email aliases, you need to deploy it on your server with some DNS setup though, -the following section will show a step-by-step guide on how to get your own email forwarder service! +the following section will show a step-by-step guide on how to get your own email forwarder service! + +# Introduction + +> Yet another email forwarding service? + +In some way yes... However, SimpleLogin is a bit different because: + +- it's fully open source: both the server and client code (browser extension, JS library) are open source so anyone can freely inspect and (hopefully) improve the code. +- not just email alias: SimpleLogin is a privacy-first and developer-friendly identity provider that: + - offers privacy for users + - is simple to use for developers. SimpleLogin is a privacy-focused alternative to the "Login with Facebook/Google/Twitter" buttons. + +- the only email alias solution that is `self-hostable`: with our detailed self-hosting instructions and most of components running as Docker container, anyone who knows how to `ssh` is able to deploy SimpleLogin on their server. +- plenty of features: custom domain, browser extension, alias activity, OAuth libraries, etc. +- written in Python 🐍 😅 this is not a difference per se but hey I never found a Python email server so feel free to tweak this one if you want to use Python for handling emails. + + # Table of Contents From 6f9c33b39e2a5b15bf399502a05a40668aab160c Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 10:53:23 +0100 Subject: [PATCH 10/76] remove trailing space --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e1a65538..824af26e 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you have Docker installed, run the following command to start SimpleLogin loc ```bash docker run -it --rm \ -e RESET_DB=true \ - -e CONFIG=/code/.env.example \ + -e CONFIG=/code/.env.example \ -p 7777:7777 \ simplelogin/app python server.py ``` From 1147e996b38c62b126e3b2a91c8c5d8599a2264c Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 17:50:19 +0100 Subject: [PATCH 11/76] Improve README --- README.md | 115 +++++++++++++++++++++++------------------- docs/banner.png | Bin 0 -> 117287 bytes docs/custom-alias.png | Bin 0 -> 12422 bytes docs/diagram.png | Bin 0 -> 56458 bytes 4 files changed, 62 insertions(+), 53 deletions(-) create mode 100644 docs/banner.png create mode 100644 docs/custom-alias.png create mode 100644 docs/diagram.png diff --git a/README.md b/README.md index 824af26e..f63450a7 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,40 @@ -SimpleLogin | Privacy-First Email Forwarding/Alias and Identity Provider service +

+ +

+ +

+ + tweet + +

+ +SimpleLogin | Privacy-First Email Forwarding and Identity Provider Service --- https://simplelogin.io +> Yet another email forwarding service? + +In some way yes... However, SimpleLogin is a bit different because: + +- Fully open source: both the server and client code (browser extension, JS library) are open source so anyone can freely inspect and (hopefully) improve the code. +- Not just email alias: SimpleLogin is a privacy-first and developer-friendly identity provider that: + - offers privacy for users + - is simple to use for developers. SimpleLogin is a privacy-focused alternative to the "Login with Facebook/Google/Twitter" buttons. + +- The only email forwarding solution that is **self-hostable**: with our detailed self-hosting instructions and most of components running as Docker container, anyone who knows `ssh` is able to deploy SimpleLogin on their server. +- Plenty of features: browser extension, custom domain, catch-all alias, OAuth libraries, etc. +- Open roadmap at https://trello.com/b/4d6A69I4/open-roadmap: you know the exciting features we are working on. + +At the heart of SimpleLogin is `email alias`: an alias is a normal email address but all emails sent to an alias are **forwarded** to your email inbox. SimpleLogin alias can also **send** emails: for your contact, the alias is therefore your email address. Use alias whenever you need to give out your email address to protect your online identity. + +

+ +

+ # Quick start -If you have Docker installed, run the following command to start SimpleLogin local server: +If you have Docker installed, run the following command to start SimpleLogin local server: ```bash @@ -18,27 +47,9 @@ docker run -it --rm \ Then open http://localhost:7777, you should be able to login with `john@wick.com/password` account! -To use SimpleLogin email aliases, you need to deploy it on your server with some DNS setup though, +To use SimpleLogin aliases, you need to deploy it on your server with some DNS setup though, the following section will show a step-by-step guide on how to get your own email forwarder service! -# Introduction - -> Yet another email forwarding service? - -In some way yes... However, SimpleLogin is a bit different because: - -- it's fully open source: both the server and client code (browser extension, JS library) are open source so anyone can freely inspect and (hopefully) improve the code. -- not just email alias: SimpleLogin is a privacy-first and developer-friendly identity provider that: - - offers privacy for users - - is simple to use for developers. SimpleLogin is a privacy-focused alternative to the "Login with Facebook/Google/Twitter" buttons. - -- the only email alias solution that is `self-hostable`: with our detailed self-hosting instructions and most of components running as Docker container, anyone who knows how to `ssh` is able to deploy SimpleLogin on their server. -- plenty of features: custom domain, browser extension, alias activity, OAuth libraries, etc. -- written in Python 🐍 😅 this is not a difference per se but hey I never found a Python email server so feel free to tweak this one if you want to use Python for handling emails. - - - - # Table of Contents [1. General Architecture](#general-architecture) @@ -50,13 +61,17 @@ In some way yes... However, SimpleLogin is a bit different because: ## General Architecture -![](docs/archi.png) +

+ +

-SimpleLogin backend consists of 2 main components: + + +SimpleLogin backend consists of 2 main components: - the `webapp` used by several clients: web UI (the dashboard), browser extension (Chrome & Firefox for now), OAuth clients (apps that integrate "Login with SimpleLogin" button) and mobile app (work in progress). -- the `email handler`: implements the email forwarding (i.e. alias receiving email) and email sending (i.e. alias sending email). +- the `email handler`: implements the email forwarding (i.e. alias receiving email) and email sending (i.e. alias sending email). ## Self hosting @@ -66,11 +81,10 @@ SimpleLogin backend consists of 2 main components: - a domain that you can config the DNS. It could be a sub-domain. In the rest of the doc, let's say it's `mydomain.com` for the email and `app.mydomain.com` for SimpleLogin webapp. Please make sure to replace these values by your domain name whenever they appear in the doc. -- [Optional]: a dedicated Postgres database. If you don't want to manage and maintain a Postgres database, you can use managed services proposed by some cloud providers. Otherwise this guide will show how to run a Postgres database using Docker. Database is not well-known to be run inside Docker but this is probably fine if you don't have thousands of email addresses. - - [Optional] AWS S3, Sentry, Google/Facebook/Github developer accounts. These are necessary only if you want to activate these options. -All the below steps, except for the DNS ones that are usually done inside your domain registrar interface, are done on your server. The commands are to run with `bash` (or any bash-compatible shell like `zsh`) being the shell. If you use other shells like `fish`, please make sure to adapt the commands. + +Except for the DNS setup that is usually done on your domain registrar interface, all the below steps are to be done on your server. The commands are to run with `bash` (or any bash-compatible shell like `zsh`) being the shell. If you use other shells like `fish`, please make sure to adapt the commands. ### DKIM @@ -98,7 +112,7 @@ Please note that DNS changes could take up to 24 hours to propagate. In practice #### MX record Create a **MX record** that points `mydomain.com` to `app.mydomain.com` with priority 10. -To verify if the DNS works, `dig mydomain.com mx` should contain the following in the result. +To verify if the DNS works, `dig mydomain.com mx` should contain the following in the result. ``` mydomain.com. 3600 IN MX 10 app.mydomain.com. @@ -118,7 +132,7 @@ with `PUBLIC_KEY` being your `dkim.pub.key` but - remove the `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----` - join all the lines on a single line. -For example, if your `dkim.pub.key` is +For example, if your `dkim.pub.key` is ``` -----BEGIN PUBLIC KEY----- @@ -139,16 +153,14 @@ From Wikipedia https://en.wikipedia.org/wiki/Sender_Policy_Framework > Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email -Similar to DKIM, setting up SPF is highly recommended. +Similar to DKIM, setting up SPF is highly recommended. Add a TXT record for `mydomain.com` with the value `v=spf1 mx -all`. What it means is only your server can send email with `@mydomain.com` domain. To verify, you can use `dig mydomain.com txt` -#### DMARC (optional) TODO - ### Docker Now the boring DNS stuffs are done, let's do something more fun! -Please follow the steps on [Docker CE for Ubuntu](https://docs.docker.com/v17.12/install/linux/docker-ce/ubuntu/) to install Docker on the server. +If you don't already have Docker installed on your server, please follow the steps on [Docker CE for Ubuntu](https://docs.docker.com/v17.12/install/linux/docker-ce/ubuntu/) to install Docker. Tips: if you want to run Docker without the `sudo` prefix, add your account to `docker` group: @@ -170,7 +182,7 @@ docker network create -d bridge \ ### Postgres -This section shows how to run a Postgres database using Docker. At the end of this section, you will have a database username and password which are being referred to the next steps. +This section shows how to run a Postgres database using Docker. At the end of this section, you will have a database username and password which will be used in the next steps. If you have already had a Postgres database in use, you can skip this section and just copy the database configuration (i.e. host, port, username, password, database name). @@ -202,7 +214,7 @@ Install `postfix` and `postfix-pgsql`. The latter is used to connect Postfix and sudo apt-get install -y postfix postfix-pgsql ``` -Choose "Internet Site" in Postfix installation window then keep using the proposed value as *System mail name* in the next window. +Choose "Internet Site" in Postfix installation window then keep using the proposed value as *System mail name* in the next window. Run the following commands to setup Postfix. Make sure to replace `mydomain.com` with the appropriate value of your domain. @@ -250,7 +262,7 @@ Finally, restart Postfix ### Run SimpleLogin Docker containers -To run the server, you need a config file. Please have a look at [config example](./.env.example) for an example to create one. Some parameters are optional and are commented out by default. Some have "dummy" values, fill them up if you want to enable these features (Paddle, AWS). +To run the server, you need a config file. Please have a look at [config example](./.env.example) for an example to create one. Some parameters are optional and are commented out by default. Some have "dummy" values, fill them up if you want to enable these features (Paddle, AWS, etc). Let's put your config file at `~/simplelogin.env`. @@ -265,9 +277,6 @@ EMAIL_SERVERS_WITH_PRIORITY=[(10, "app.mydomain.com.")] DKIM_PRIVATE_KEY_PATH=/dkim.key DKIM_PUBLIC_KEY_PATH=/dkim.pub.key DB_URI=postgresql://myuser:mypassword@sl-db:5432/simplelogin - -# optional, to have more choices for random alias. -WORDS_FILE_PATH=local_data/words_alpha.txt ``` @@ -353,11 +362,11 @@ At this step, you should also setup the SSL for Nginx. [Certbot](https://certbot ### Enjoy! -If all of the above steps are successful, open http://app.mydomain.com/ and create your first account! +If all of the above steps are successful, open http://app.mydomain.com/ and create your first account! ## Contributing -All work on SimpleLogin happens directly on GitHub. +All work on SimpleLogin happens directly on GitHub. ### Run code locally @@ -398,7 +407,7 @@ john@wick.com / password ### API -For now the only API client is the Chrome/Firefox extension. This extension relies on `API Code` for authentication. +For now the only API client is the Chrome/Firefox extension. This extension relies on `API Code` for authentication. In every request, the extension sends @@ -408,7 +417,7 @@ In every request, the extension sends Currently, the latest extension uses the two following endpoints : -- `/alias/options`: returns what to suggest to user when they open the extension. +- `/alias/options`: returns what to suggest to user when they open the extension. ``` GET /alias/options hostname?="www.groupon.com" @@ -418,7 +427,7 @@ Response: a json with following structure. ? means optional field. alias: www_groupon_com@simplelogin.co hostname: www.groupon.com - custom: + custom: suggestion: groupon suffix: [@my_domain.com, .abcde@simplelogin.co] @@ -430,7 +439,7 @@ Response: a json with following structure. ? means optional field. - `/alias/custom/new`: allows user to create a new custom alias. -To try out the endpoint, you can use the following command. The command uses [httpie](https://httpie.org). +To try out the endpoint, you can use the following command. The command uses [httpie](https://httpie.org). Make sure to replace `{api_key}` by your API Key obtained on https://app.simplelogin.io/dashboard/api_key ``` @@ -456,7 +465,7 @@ The database migration is handled by `alembic` Whenever the model changes, a new migration has to be created -Set the database connection to use a current database (i.e. the one without the model changes you just made), for example, if you have a staging config at `~/config/simplelogin/staging.env`, you can do: +Set the database connection to use a current database (i.e. the one without the model changes you just made), for example, if you have a staging config at `~/config/simplelogin/staging.env`, you can do: ```bash ln -sf ~/config/simplelogin/staging.env .env @@ -474,16 +483,16 @@ In local the database creation in Sqlite doesn't use migration and uses directly The repo consists of the three following entry points: -- wsgi.py and server.py: the webapp. -- email_handler.py: the email handler. -- cron.py: the cronjob. +- wsgi.py and server.py: the webapp. +- email_handler.py: the email handler. +- cron.py: the cronjob. Here are the small sum-ups of the directory structures and their roles: - app/: main Flask app. It is structured into different packages representing different features like oauth, api, dashboard, etc. - local_data/: contains files to facilitate the local development. They are replaced during the deployment. - migrations/: generated by flask-migrate. Edit these files will be only edited when you spot (very rare) errors on the database migration files. -- static/: files available at `/static` url. +- static/: files available at `/static` url. - templates/: contains both html and email templates. - tests/: tests. We don't really distinguish unit, functional or integration test. A test is simply here to make sure a feature works correctly. @@ -499,7 +508,7 @@ SL currently supports code and implicit flow. #### Code flow -To trigger the code flow locally, you can go to the following url after running `python server.py`: +To trigger the code flow locally, you can go to the following url after running `python server.py`: ``` http://localhost:7777/oauth/authorize?client_id=client-id&state=123456&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2Fcallback&state=random_string @@ -521,8 +530,8 @@ http http://localhost:7777/oauth/user_info 'Authorization:Bearer {token}' #### Implicit flow -Similar to code flow, except for the the `access token` which we we get back with the redirection. -For implicit flow, the url is +Similar to code flow, except for the the `access token` which we we get back with the redirection. +For implicit flow, the url is ``` http://localhost:7777/oauth/authorize?client_id=client-id&state=123456&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2Fcallback&state=random_string diff --git a/docs/banner.png b/docs/banner.png new file mode 100644 index 0000000000000000000000000000000000000000..2ef0ad896432bf5060ea9c8bdcd307a5bf605f2e GIT binary patch literal 117287 zcmeFZWmH{R*EI+P5;Q=7;BEne1a}Aox8Sb9J-ABA6k$_A_=D|QZUQy zAoR+b=JZa_=uB2dtM4cc%kQYSm-*@K;$o-xrum|M{P=zo7XpSfFe28zF@9ECKP4{y(#UuV^!x{GOnG1*w*c&&hfGW`tCWCtLz=5^G)%;68j7q6=&Dyo!dH^)Z7PAI_uiGdRAf$ zj_?hu${T0~z1C)-!!3lYZ-RPNZFlEbG?cZ1Rc{(3ZGEQt>1WpW8ka_9PB>wH z^I$5~yvI;<_4DZ#HO@8$@x<2Fr`9qt((*~l4TUg*D{+IwG{rWm(aB{M{L=FH#foI# zYm!l-&z+)stxIe7Uqw$w8XWCvaZ|OgI?1(j%tF%6qkneQg1`%}r@`F&oOx$-6hv>E zXk1ktoAM)&j6i1@eIC?T%XS`6v%>^JF#V0WQ*2=wRl(ZC32oD0*l|8F$mxR?B&c4S zWPDYuPv2{}qelrj$n@{nwhgSgJ`B>Z->M>mem7<>(Eh7PlH=2u1bRW^UD7))@x|qn zKC5#&b)*{~Q1Wc|SIU?4jzY0@K5@LA?Rlt^N)0TPD$kwO_fYz1z~P|?2|d6dpb4J( zHsl8tN9~~v0lU6neM?$=p&Ed5X%mGPABygNk<22?!?jUo-xo{fFx(AED}FR^2x@%q zh3>TTdXTfYCd&ArwQle1jubCiQb5n#+Lpn@94Ag?xAJI}3LZe6SS)#XmdB+c9jTINGEvNG*E`;I-X|v$-m#5EL}4W4q)y?=xi@Aoo8%Wx zOzWBOv|S!;H6#NOBt>{S^OD2inpTNwK94dHz6ZYOXP82lXg9k0BuGU_OKEZ<)mK^LVOYq zTNz1O9G`BT=@`o8u39|jc>qQ!_lMV##82(`AFuKLg2aK-XJl_4;^pCs#NKjw*6|th zcP{10o8uvna~x=1h63)rNbeO~S$djiVnbeo{F|$A&~j*bkzHsmYD5tHYzYW!IHQ%l z(&|L0SM+}qH4JSbXv*&@jN~kbh%Rb|ckNiN27D~wU+OcuykPqcrU;TCar~j$={=Sf zgq;`Wf1og%{SGfaP&*hN4dWa)=h!ra;z3H!>2{2Fer!(6R~MK5?z(oQgWzZFoOp{L z!1$*=%@4IZM4dqVs}VfEqF9oUA?1S!x(1F~pC(Gxkn?~0_eBWvd4Bxt5!3!$2d%jz zSxg*D5B^5iT85B>q28`nlE1OpE+?CAQPxq{%3nk^GzVE=u$ zcnMU%AuxvhLh=7~|G^<~&OjTOMc)6j@{enSGRG`wJKpLHnzJ(h!c z8UhRdKqct*8~a(Rd4T!+YM1+WY5;>6hDB=jRS3BGjr|sDz`)@d-Ec$+^1_6tIh1^>;$KTz?45v#mA`VE`?7dXGM-+zJg?^ypYaQ+LNe+JC|GS0ty z4DWwK)xU?u|6hS4gInzRv^Ft(?m6O^t~;6*-9Z|;eCk)Dw)SaDqJK(x`lMEzo&$Fp zzAy#$K_hr7!EEdwD3O40=C0glHHxb_U!#3|{v;)|Kw!HysP!lWB68!N{Y;D_O+>sC zX-~vs#z%jQ@2zk(YDMDVZJ)TwOmPl|u}{^)!*Cr8WeC^wK{)q|-g_v`hIwz#p9Rg?$3kxg1DN>h(ZV2`R|4g zA}oXs;%rPxVmCznrK~WMeAx9<8io(nFr;NO!{6PW%_V7c{3ADTA<{X7WN>rIGeimR zvR*=uVL6e#CzNWK++t($WY_+7PsjH7sn&K@1-=wY@Fex*t_n#lW~41c`-OP6S7T&E zz`#42$mNHfYDXsU2xT1%OL|I1Lc++&Ij?>hjE*UvPoeVs7VE7kdU|8vLe52Yo#Q%j z5tKM>#G{p=d&=IHyG(%&h*e*c2i;!ai9E@J$B6e&_3EqXDS%BSexOsj$$PQreKy47 zklJa^fY>F$!^*?1^9!Fi({!m#h4irulM)N)PDTdS@u#%?81yWVhkZbejn^NGms+QH zx7XHanACB!YST>DJD#Q}eH&KxxVuD1fLsKBrTo-Z>rfqRCA9j&6(m_(bk&c-jqqvs zuX?9#u6LBN_V7K3P+wjkFMt%*egA|a^(|~}&+L#!#kfO@68omZ$gjfmd0RinoAU8i zrk)2)x4UXjmu-AgJtlvBFJM#@^|}asctBz0v6c|A4%%}|LC3rFlwA7pT2rKWA{yx<}Vp#VZ9~s zgP-?_M-?#AeRMl$Qb4~)z^^~$LO3WGV})kzdLZ?s$(jQPb>wIP!AD}c0N{?yGw2sZ z^v?%|Aq`0!J~;U}y_CnL@p>3Tfa|kg6b8Js6vL~n+96Ef`jkrOjH)P~p_fl2LY^zH zFkCGW*_>O`LK4l7r{G2IFJ4etN-I|yiE*P;=CBir)$hvaZYX4`4zP?SQIV#{8mD0a zZ$wZFh2a@GJD5EG#GX-8T6U)F*=`NqT(NXx-c@9{%b?T`!S4llRj)Ac6UZ!3MUF{{ z>VAw~re2RXD!vU$kIN;?djM;gDgaz79(SiFQqhW>W`*6+)vtxeE@oYqld@rldn}Eg zoXIoUXLg)+_)VNg>O?6LFs2ygz*(3N3Cg!iCEj|@JQ|t^*>^m`)sC(1^uDG+!@`jS zfe`TtV&^@AEuhX11kuE(?)7mb;E>|9RH!r|)H*oguo;zs{)YD)$w@ zc!fTAbZ?~5boQ{GdRW(edcXM*y@1`~dpHx(vfe{PjSX(_fUF!V+JD|EgakrBm5W;5 z#BVi!0F6F#_lJ{n;+|yWQof9?+g?2Qr0g^(0>(G>zf1;jO2gX5+vJjxCtrVtBs}LLbnU>jEGrfkJ&0g7t(r(S8(?~RPawg|^ z%jjC42QNkX*e41DZ>OdE3Sy68vZC4T$^%KtKkEN&7NA&puc!xHW8jWJsX2RXX z_!QVJ&-D6_KBS!U%P@YgZI{*ZN3#6iuFP8wT_ZCsy543Cf#@y!LQJ50BxkFCr>1FT z?@mYVJmj$;*~|u%2nMEP=>G{R4_-K!m3>LS`*9a`9m|Z41_h7G{PEd`O~kHZ4b@0 z_xk}0{oGdj@L*>{SBSG|Gzqg<^`QGJ^twST42j6qCkieEo{;r=+j^tVt}mVBY6<0| zn&wK+ep1aTAfBrG+mH*)hG{Z$j_j;FYy*;SsK=;@R?Vj|Nx!G!7jMdYPo1VkZ+*$$ z+#^t@3;qP!9PI2Bg31?kx34=7P=Fx;IMx%7O#O+=RX`rqNzczN*C`jKB$VB+&akJ4 z7X>=Y^09k<*ghJE^`TIcjTof=1hK&oYo%ei4iv-aIF#QA>3-eQHdbJ7@gL$;d$`pr zK7hRVI0e}~|7q6tZyu`OB)$q`wRi1JFtv|UXIp2(hu7OGnzFUvJ!~c~AMDr5cRx2P@Do{85iG)`R&SXshdp14 zL5=fHf(KWo*ux5!VOhB#+Fo)p$`8?e0~3@bt^M~(p(iU6P$O+2n*V&j&x`UDtNfvi zgqZ<{=ss)Te1c^E^svu>x*&du_e$asvrm=`38o;SwMb@AvYVbV(I2n1djjf))j^o? z-;4a7x+s7!HI+)Zd%)q-Z-w*%C~qz=5)OZOfZM|k{qtLx1c0P6uFqHg|Mo5(yg1N6 zUDE5@hyRzxK_Z913nrIT5oLHZZUUgBmcCNzJ@wp-Dk*t+DtqonP;A#d@p|1yk%2Vd zupcj5eu&pDJUl8-#A}iWUU}Qf+2eNWqw$L548t}-Os+HAL#GCqaUu3c3Pg$pEZUXO z<^9Ae7fU>z)9yLz6u6up7dOVa#dBzqN!_;C_q}}dmLp*G!bt`aQvZa8rvg<Q~j@<^W{q+b9kqabw@|Mqn<2&rLsn=g2jyZM@slg z46u|Amz2{J5`{xG(SMLryUl^6DwD zU=c1JI;@`8!VxuE57c|pALbh&uagr$n#l#OMrX|BkBpWqOam{S{mt_yAV<&w8C9%8 z+;n%Bjaonz#$*Dg_hW}gx9!JrNW;zy=o_coq;JS%?IWg#Tp(zosYb`v-r-ve31O$M z$3@7*+pw@aL6<;A0O^UR&f)L2W7EHj_#BdshW(hN+k9pM*1Uj5iRuNy^yom(V@HRe z1y~`;#j`Bue|ilsC(Onh`1^|Uy=R$XoiFdQe?DfB!mq$5nuWt&NU%JCfeD(A%JQTF z*vwaPn|7c~evP927~IG0Ujc+dsM=us{1Z?wRM09^e$iHty=9{5rV*5pm2nX?^%zBj zX&!jyw0@KNpKd*54D}^Dcx#rhc)Tjo=Mhz`v_OBt@ssiYLdfHvzPu^T0nGz`Y~GgXX0YePbSmrCY4Q(HvxdoFRumZfUob^V zY!)jQ>UklC7hcfEDDoN9{_9jUGh1b3mSWkiHe>o%FT;pfX9|CZF|2o$TV#pBE{eo?xLGfpgG7j(+0vDV zkBvS;02t!S2WQuPijaBpQ5-%`>>k-JmCMM;(_ms!kSQ%i%Aw@sd{?e1Fzd&^lVDM7 zn7H?EJUNboXXoSJzwgWl8ewLVec9KR(s9R3F#@w+}>_~Xyp6R6AYI9A8w z^;QB1*HruQ98I8Q#V-4Pz6bMEApclW^(I9kk$vq2j`br2gt$NiJh3=$sDbM|P)260 zEAg9IeG+fwXjL0WxZ9uL@b6?r1g=W=OM6Rt@^MpBiJ2<63!@)1C zqJYgBwmKX8Tm3+UjP7hwb)`ZCSGPQSghgJi|KuZ?r8W^#onbYuuOWP(YjITiYHVz# z%llV}Dx%xtSCzOVfE%S$!k`u);E+zlB4ZTpA`jy|yf*c~qa18#fAxJ{dRX{mn-cN2 z80C8EaO!QXE(OirlCSk7@X@d_L2nbkL?lCSo4mh@3?RLBxQkZR&9twI#p{85Wh^8#R-j#~M+)bB>!)O1{l?@? zx_-nr`6i=pRYEfYkMHc?9GAjGhv7M_k_5l|Ko}~LK;-D1l4bZS^N@UR{`!TyUrtg- zP!mw&4kkisF-$b=m%+USnW^dYv-;8&>csprsk_5=p^vyB`dC6^2}=REBDIu{9l=l; zL{bNpN)`Cnd>TY9wF*b%-}xJc#&R!Oz0mfJP2C%lK)7uaU9vc>J57FcgiKV$I8H7@ zizBtI<|^a!Z%>{DaydlOVskt=rWiC3eZRZyL?k7V zvF(=a@>c{_dQ$++{>@`6y2KaY>P2o?LezI^kOgu z?{Aw02a|AMl%%Vh5rd4VPYtWS-wH`*U>JQcb8`93vR9) z3Jqkwsl@LpNcE9?A`}(BR~^r#`)z@|tskDP92zpXabuQn0rrYnY*h}(hx&;Y=j4b4 zIN%X-dR5hk?0DOFSW6E}jx&t+T0QEWQXFN^vEIn@4CGl$NUc!EyeX=va4P;x&kX>p zecd{J9C+9NsF|T2s5`au@{G($NNNC6u|K-8?6j-u&?$`;`MhufMeK%t-B@sZYn;RS zuC1aoow_@s>Ms$S8*>Jb_LE~F9*qgS*vP z!!2;`VEH%wU6LO*e4hQN7#60yWNe()=0VENEWP94# zS^?GT-OPXkAYip#TcZ7q#(h<^c4&z+Yw}tPSW-s?Vxc`xVKAjimf;6?o5;4DTIUWH zZWYBq6+x*w7?skIac4%r-KNbSrhSH9K|lpG8^YLaeMoVHtY7+(#4Lr9L+bWm*8TGI z)xVil6p9QzC=``}C0sSzh#p_Di;l1VW5D_+oca=Fys2w@+3KvTZ!U(Q9cE+a%DKno zkUlIYfzJ;agZdCP2L)ITtTXO<&Vem5!tnEO9U+)&c9%$VUS&2GiJ+H)9v za9jy=4`*hAxKq;Z7p-z8Y1mA=`Iz5RcOPRMHQ~pSD2fb~ z)VPVg{fUi3WWp;i7_2H-8qZWU?jpc{M7(}ZKi5XPqi8t?_(eY*7vM0YfigR5$ zi~ZJ}wyX)1wXQGy?)}_$7|%Qo-iMTu30v*4B<}2htC}STjSR8+&+HgocjAHw2@oF& zF&?83EyQ%}wq5phqCG-jp87~XOYZ4}i~*OLqO2}iSR#s)2e)0hXW|AN?BcZ+#JHG(;H(3J=mz<(FX3(TpI*>1 z%1(nj`}FsATmX)ad_Ne1_ZQaz#KWtc6Q_b<_-PV`cd}hkiR1T;A(JOxp5vy8u(uMi z`ljlAkO`WTM9?w37I|=GYuEyHMG}oB0k>o888Kr~QEO(;I)L)gU@96;M?wleuU5d- zD6n0EJU&@$xI00u{337zlD_uA^0dsqp{oZfDgLvnL|2;K^cz=v^et=Q>SMmMwVmRA zUq8BYpE|pNNv6>co43PJ+Dt#ja_{GgZwVfy4Qa^_NV*#oIEQPKl3?B&SkyBtoX@{* zh2+12C@juc7xXOjGA$P7H%oNO8hV-EKV+O;UK!YbyZI5sK8?%I4`9aWU~`JTwb>ltL2WXj1> z^wz$$$|7SlKn^)P_y#DVKnUUElKdm>`jeojDMI2lS)~cZ-a*CM^Cg@{M=z+yas@<0iEfyz}h+-Iu`~bqdhB@t}b&_T?15BYpsWm*$NCuL-9&Hbl@i z$AN83^40N{2u@9++&01f0)X14gDa7auQeOPav{Wr(J(x$iyviKA;Ff5eC2r!6jbzx9TG`)#5vT^c`u8v#Lgi zcAjjXB)rVVo0fH~nO^^FGj#eYoodDEX~h3bh7OHD)G{oXY?6I+hXY2_43}Q;p8oY| zLs%gq^~lB+5B(-xY)q)T%&5222i<(lgSoUEFRroJsJ-OXbE-BRo9t9?p@+Hu&vz{Nd%TE3__Fbomw2clKfXj-^Ij20hER@o-r}ls~cfs<~VK+T(0hK`;9tFkndoP+g z2ffU+QaVZN+-WfFF`tIp?qXWVqYA8+bIV4d(ZjI*1DUUI(OcdV>#c4vX&+x|n)Y$soeP!S&q*foX$dD7`>>EImw7U2S0 zwjHDJ$?afMm-W4~ta-z=w&P}?z21+4g-n-Y{p`F9HAoe?=EzZ+lDmKtk6*L<^U$m> zZ9g8aBBs)O=6;$n*&*}tx%5}OG2OMlKxr>S9kqlBwK88+wg_nNBhsiI#~(1|*H z8^UApWo5uYapW7GX<)tO`G#6HM=W}h+Pd0i;L<&p{Q7gr_C&B>cguUB!&-l3AH#l# zNK&HQU5SI%_E#t4(NulT#i66YQK2CBS7jW<@hR;l$NM3OuX%9jgEbs(L!dQCd>pIS z$3xL8@gGeQr?}V{%Hr#mCK6an9(Sbaxb2#oQxGvK#Vu)${MekT)A3} za&@p?e%(pCxTVp$wwxQuzUcBB28H%RyzEQQApWbD4`D%)CDe%oU6Ke*wln`CY%TUW z?7T8UV7|n^wLrTyoc<_H(DYg&3Y_g)q_ZyxVcx`m_0)gJM1L#*b=YpAz&&-BoX~^! z25!R_GLY@3=eH}T49D5MxaJQBrY$6#6`NjzcDSHw~)+&#{S7yQGOOX1o947-j{{n&!=2yb(n8nuk(0~*=IkwHjm1dgk z58hd;-^AFpBc9Xd_0O~jXV=0g;!Oe#Dksl(gH1%?S>lnUQnLngE_S{>HZKi& zl(X?Hvfhi9_KZaDA;#I_abF){Q!tv??35l$md!EW>P`ob>YcdS3r7#&7P`b@Vount z<}uM*e%p1~&9N{zjjKF5@h|S49Ca(1IAqmYXjr*nkPL0Go0*DMpSd4{D~{vj>G27S zFF<~wsCgzeI#^i9*>XEv)pXiIe)Pi`zqgfCOd#8D%Xpf3C*#xVtTy>&PoQpgsorMm zsWglkLC*0!k(mPKvh8NvLTO5Noi@o)_gLzE7smIE zaaRoyai`SJO=mO*7zdXQT3)DtCzX|1nb>qp+*XAlx6xJ(^xyrGy1dEHEz7M@x-*9m zvc6Z*;)(~EH>zaav#a8{Z8<__sP9!2yVCX|ao))xs|KYm3Wrmr zcqot~?JW!!7L_voy&&fM!t)d8MwN4X4ZCfk`qz+jqzByT4`Io$1~K?U3*cCXgDaTU8n!@XK1d+ejqcH{SS+XQc|^ z5Ow0Z)@<-iPU9m~eF(==jWVlqSvA(Q<%zWmzSr^F(aLhdvRi&P5h1nUa-KeGIssKW zI&JH1d~$zXG-971#5+$}EAmU(oHEn0&Qg2=7>% zq9}SGV|>3h-NgK>sI3TT7I3~7n#VsE?!Q9Ue;Mr~sBOp~#r!^?`lUL4`D+tL1k!~K zI26NNdT@9%79jAbXe?ed;c9qyW)pxgW+-@7l z^cG7*j=PD7tKbYe{Na*I6~&H(?xW+;Vhhv5&wp`W_CXTs_r4RtB|D#WN{rkOA8d>; zF~=oEjEBm_$F%i#VO@fYeYb5-1^sR-%A}B!o$vkRNQsb(68Y`jkWr3?;}!B|Nb-6- zyYb-M^B!N0Jr)!GzR>s1yL-_bH|B49+4nYxS9lp(Gh{nmG&A`n*;Vyp*Y%_VnR+4P z7=Kz1v$d^gq9=Y@ol%q4RyJ{G+|=1%r_@j8vMUd=h4hnTIGyj6QufbsKiD)-&@A*{ z3x0MsH99?R`|d`l>gVJXQAhy9-TQ#8ORL5du(R zhPV*!96BW#*_qunQasgI84Cl+92TB9ZU^9L3qKH}U*c3m1N9cp1}B^HESiyFv@0vu zNX*?7+KF>I6AHrvzVPQrjC4o|Hn6#>MYVkMj3#t9*I~y6MiK0>-XL3>j?V^ahEPf; zc&^IDn+38`B~@3Q!{6}VUOLuJ_#$&@7($@MN#0ybPbl0ENn?=XmaqP_Z?O>ag2ZBs zZL%!Ap}R##fiH3ltjx`5r&ZJil~Rh$r0Z=G&0y6G+nw&r_s1>gwL(%bp3dY&SB?|3 zhY#Kl#t9k+VoHpH4D7e-?+zz#1V&~!lPfCX_FvO#){5F;vNpqNY@DX@zeG?H`;Z(h zskq96_2C#O7^VmkWV+LSL5I0&YlaShbS<%Y=sWzUKBA(a#kS~)*m z9K4xUw=_bLJn52uUf7m~AE*sQ(~73y+|Lpo`8{$&Ou{U?>Y?OY$e-d0GR1URB#70@ zA{enn;=a8R%h&FVx437C*s-{nxwIkindBH`pRIQ+uN+_e;@;D1wC|2l(lqK}CcqPS za^8{iO{h2DA~^goJS*mSCKmmYspaczf*ttz>gt-WWM)S9yj>S!0n4IK%Cp3{t$`Ow zB@La|{j< zepA|xGqe;I(#?n^h)lGJqef7f5)lflk%efoPnfGJl#`dAQvUf+niL@fGBXN1hQz-{ zXU{047)zN_9HxQ#F$QV4;$D;2$9A#zK2SnKY(wG}?$zne5DcqQSGdJQtc3OeRhb=ip9q zz1sj%Hd)qG_{fXi&wby6O+?)qO&g`Rse(?`KaIw6bFEWeb9ok)IH!Q;bi{V4(^K7e zWg|3MFvLW^HlX^3{ma^IFnN!VJ|#7-Kzg#dI(z)^TOQR>r%gE-tb<_}te-9ZRW(jVfDM;E`{ku2E5FfKY z8yk}NxbsV0nTpZ1-Mds=D;%`WX2_}-9i-LuP)&0KiC_h{=k592Xk6Y#=Hxi*_|Ay;3#EBo*{3WYV z^|WAaLOhz$ZA7t5qKSK=Hn!Zo`gP94DLvz+FQkN~)U~wTl#xeeF`SYKug*Gdb#;)} zy;4n%{&cRjPvVN|{ZcT``U`{O!eDKQ1>K3WAvwd>Jw-p&mg32%!pcl%`t=D3zS4|V_WLG>mLb!Gz?(&aK zDHx#lNW6sq4)^bPe0`z1-n*Lqg7{HhsZ+WJajTASg$)GT#? z2rV@htJ&OpGACzcveWS9>f)eEY4fc$q&9lDKLv4$CtWYZPn>=VX0M-j8BQ2OMpaaI zY7D49mu6ck5X-Pg)>vD;mKjDrzB4);Sv>+;oMN@HR$GzP+#%|HaL$Q-Ti3}3DsW!g z(BRilci-K4WHelEaZTzn(5NPr-Xp5Fs|u;#TrXP}>PT^)y>YzkKVR8I*9?y|fz1e4 z?z(D_BI~(Az}8#lpcRRh#J$b0KHF{nkuDV&*&!CyZOmZ&VKM?*a>i_QLA>-da#mMR zP|XxLJ`2{ZjIOB%#jxE-{^w@_=r`V7AebN@2={D_r-LdRyFM^%kuDZQeS>JKlo4&CVbj>ZKEk4bxzK0lc;<~^? zkTeu!8b!V&uZD>+rfZkX#yMwUV3N+f)W5Gz8-0aqu=TSh_h*68VPwWwQEdt_*^h>+ zf`GgIUj47lrkXQM7kS`cOp0rUSf-qy-Ye=BrTfBGEZu5K4j;Z6u zK>X@mXHw`ncbpcJz~olV`oy+ti~r&s4y&OB+iFd^1i>oGrP+X{0HJryw0ZkjWs{@jC54cvTn-(C4=)7cZ)^~D7r0%hSNGK-HSl`o}Y^I zWmm&(kgpj(zO$aNI4ibgXc!|68!bw#zijEGzm1+!Xf$PD*Zs=YWMBqH%)r23)O18d zbzn8u<-A(8T@>N2ZWDA`njC4)AoE)u^W!%4`IBXe$4RUIbPs&pJ%>llBZB*d;aw@R_EAnhNvZ10!~Ng{ z`aa=YTYTApBb$S4U?+M`XnFF^y)%l` zON$H}l)t5yTd2cbYuxXStWp(TgKUa8(pm?qb;gai&p!_Csqe~aS9g$RmQ4ptZ;Y2a zH<*=MOrYmsVs2_5e~^iy$tt|GnvOs9=OejItTXMP6p@lThSJ*V&C{dStew8%Dz>Ye z5U_Om5g_V#6N^qdS>XA38iv0R84s&K#=7CWoVFO#C_$pALna}GryG~wS-n8QSP#a>H{~-I6eV^nJY>a#FmX7e6W-PmiakG%L@jX)> zC{V2Qio8rc$o+ut97cUFQcO?Vq_8`$_aycN`hPQ(-C!yxG{Qx)TK5{YJEj zeRag_r>HQVYp-&ckHv$Wc9bvOt_q&#+>bXx-y-fXek#)!=b;L%yvvbVzJdE4P9Pd!_nrRR*yHDihGbMR zZ3DgM6rbk|#^Ifi)STl)@}wGUwlnz{M%ry90zex9=|cO5spDoLA}JS_d=aO6%*p0B zG0n6DF|x1?xcdF_Jb6;IUr$en`ff-xacnFmVX-y1rxL8`<)p=^Xl3tk;eDrBBaGa9 zMOrQPpZ57fd8gDuGMiIIvHXw-2@9ha5fdxC%-CX<7%3>6Vwsse+ts~quxIiQ0mbJV zJ()CJloEM+z7XFyxm=h8mvd+_7@x4ynX%i|Ix|xXvqD!%gY-8t&f3(p(_h!`*T(pg&sR zxl}>7`uAyv&m<)hO@$<+9n|CFNg;(3+xBYCu{QfXEOh)tp8;;?17@mJF)RzMzukCz z0_KWRE+I7>&p$ctHb_0A6qgVQ&8KBkeK~7jzi^o}2kMG(wustyyOR%Mb>LZWv_rB~ z0gjoEwnqGYNU}YYS6{Hsbi5q&R;m82ZvMUF)pwwPGUHu800k_NAc5BsEM2y<-g4?; zRR1OPhMe?Z!&Oo}&z--=$mr;(Zadm~uLfuj)lvh|$#&n^bxUm#65=H+op*#+4Qk-u zAl#nbYFWjPh#W`&`uj<1dR}n?1~0 zi_H#!smUH+5ME^KDRx3m5V}B;t)G>)n-Nt@vH)hc)WL z5GH*ysN4Nayu?vm5cj54dy3siwzJAJ>P0It*n&5{gB|$mG}CXZ1C@#Gkci1=s8wyn zqTO*KiEo{n>MR`m5IK2r> z6RbdV!m}yiVH~F=+z0>C8&tQeFgJ}K7c_6!BEr1>@#1KnJlw_Gv7g6J!+Bp;xy&>Z zzG>raci-XyKR1pY;Jv&A4kzA?tfU8+yzSr+@6d)kmJsyk@&v@9Uqs}O3T#$Lv%3Pp ze&Q`K56Q%n$Z8b-9AQ48=6z$V^pPKGj*#TbJIQVopnX#v>aX}5r?y15%ga(k%|SKR{2i7JP*9wqopmZDk+%60$!tJfLDAL~ z5h2S+>(}r$NSQcbYrX?B8`3SgNm&D7bABfd~dAxkxg=c{`J6xip77A|0f zXAln)y0B`7L#;fUDi~N}Kl2P&FmG?RWt1!RiiUD|1|sB5CVHsbXv2bB;zyGMT>(e{ zpK{{?4h(6tlG7dbT5LnoR&6hIiX%AY#?sLD*7{LkdSbvF*p6YmCo_2`YY^4Lgjf_- zoXtYxfV@*RT#tI!?&5!SC8VgjU~XaP`c-+&yVU)FsHUFhwRw;+qwv8k4lz<;vpz%M z6bS>7?^r#AtUCpQ>QW!us&=vUpOg7p=)joN#X9>=v+HURvZAQDB**yq_k93HZ1#DbaEo=s}u~kS~9Qo`6rH4=c$kY#uWV)Nt zalEOtO`|nU6t)&W(7qX4E)j@UG{tn3))c(;arquA>hl$tK)I>>>fIebs=7Tr+r0l} zncfYN@th%*`=N5?xq|dld&cc(sLLeNVjmA2mu9*|S}{ke_K$wohWDKL-loZ&WF#yNQiL-@gml&b~1&sdFLo|46AF9`L&R4?(GK9F8G5q4ItU$Eu^-W z=MlM1!(6UM#WhLUE64byn%?^N*I}$DIK8!=z1IEt9ysU+JAnoTwy}@&m|mu&QxvoA z;}6L5c0;oQ;BC`h{P5Q8w2snotFX1C1&)Eb2!57*^leHajXFn`==u%naC9A2UmR+F zpUy(v;(1SHq>SN2(}AW?^MV-quX*?C1M9=hwC*LD=$E-8H2F&eLN)X?KETQPddgsh zg3U{37NnioI>n0xGzklE(mzIoLS`ZA49|V32BQ_{FO}voSXyqd-Fwm5=Pxg;mFsjO z)vUYO!p40pT*%I)U>k&ZNgN=b0|%%7IO5t0RH2}=+bW%)Y*J^B{HX8Wze+ITZGvaJ zui?zKIBDN|24QUi_6ww(NxvISKWt=wbH^d{a)Cv)E_P9WiaXnk6$~kr&0tATO?H-4t}w)%}vEP&|j84Ui~@q(hB` zs(5u-@o$wB2%!Yz%Szin-Q9r-7ogPHvqa(ppxr4t6swK?XA-_pX7T=Pj=#=!lf<6; zCZK>yW#8mi*eca(UMOOhFVz6LI&TD!PIQxhl$WO#*k-w6FY+7=x`d>2A=r7`%`xC~ ztMs?8C`*uyH@PG$dbp0r5`f1O;F^6tTd-b@Xqyq!s}vSQHBq$LkD$B)K3oYnr@1j^ zt9mY3&E1{PJNSozf%^T-$u2eGf?MJ2hv98Jw{274sfjXs0#ajXof4DpVGC+!S&ED zev*w+Uzr*IXZqxUAlr+1finWL*1wuoQ{Fp2w@J&ZQxObyRZnu-q|PlmgH-zkxY{e# z6fLvG6X^nX;K&Jx)Jd_z%?qA$@eSM6*m3)>saJ20EqYlN?sZpdx7I*6Qk|wvLly6z zofT43Yt*Sd-*eC4JZLX(%$iy^$2<+$Pmtw+i+&r9*eMkT!p9^&k7pLY(D5r!s+`W< zdc)!gdC}tp4Ax|WWEA#7<@Le$uVh61#H!vcxIE4!{-1oUir2|0PPzWtbgHMo|L|xA zAIjzUDt)jqOi%ywK6YP(4A8IMQ3a~oyby4Z#qPtez~K?nqM{Uql`q$(rM%@7#_x-W zM}$J7;wa7NNBha!ruAdZjA4nzh)(_WxPv=Cefc$B)>Z%Z9_U@^9e`g?P~44IbC(>+ zF&)-UQq-KahoB6GnO&bpDkeFS$VI(oE50o(IxWT43icHp?jXh$#gePLEPA1L#Im5w zv=SSt$euX+P~ZuAu~(AFX|vuxlCFyWO@+7g5cnJ@;`wAPhN>n**$oS!%=qLC;mHQW zA7rxf#85UL_J4#Ki%8kVy1THQ^XLScYP45Jnw^PW>IYY_n542^G<6_XXJ^tY$UEzW zE29wga`qZ#>HF(BQ&Bd^$ml0|W2$F@OZ~a)B*7j7pWS=j@n_fvn;!wkbwq0&jSRD6 zoBAX30nV(B>1c31T5i?X_UCPdMJ=F)-B7irSyVUDh$+%gB!Svy7XGYU8xdv3d><%N z9w-1toG;;1!IWIkCvFrUNs)MLogvn#HoW*eR}WIddA*GtJRmZEvMa)fr$XFIMZ3_| z={!PNwv%I`jOQ+aJX+1wAJyz9!K8+pCl2=o@8(oP{;9VQQ26Tt+E>vAnobgu?CUa) zw@ty_3Jp%I6R%-|G{N2cf9#i=oJDPm4Sme5Z>=YwJ{1NPtT|8JPKLoA%P2IlEiv6+ z9CWS023IiA8amrbgcsIji|M197#cR&3@-#{o6KT!bEOXG?H4yMN^6$JMCY5)JXU3_ru1UfY?-tipr&Rygn7L=AJQ+ zq^aHAvhZ?eJKdGK&XjviQ(W;yjEg-xPMRKbVtK8lh0L|e`n5T8GHfi!u>7X7-36ti z{$_Hlzkr(Fa$9`LaYlTqrNDZmO5&L7*VPs3Uc!~cW$g#I%W}1e!pY>oxRm%ty2RHJjTR3mkOVUzA zqY8^oTx}{;3`UE&xkfUIFI_WS&2|=m<@B@t(QsRq)>`1Qi+W++AiC$UVWj+vC9v;E z-lTxw$7ysjIS3I4DOf$dADFRCw_g6x@M9RQxa{9^|qR$ju!k!nR;jhT3(>jejw15&^UH4=DLpADVdvSY}{H1 zZ6tFzD)t`;bv^qjP*lHUS9=u&DsV9}I&C68nCp`qfjK}4wF$02#5E5`zCzDx#2JrX z6@oWTx|g0nAFU41*mb7Bp3S!-1G8NEepz-dY4(NIn{y&MYF}y|!%|)IMDsHEW!XZJ zs!xT9W>b;|5v_a0JggJstk%odg*g%U`qAAlG|j^Zul0IM(yg~$J?m0yROS;(q`B`K z?;Md&N$ayt7^4%|NrZy9QxegXN+ks^I>{GMdz1aEUD_lpIIf!QCUpKUroJ&e(r)QG zwkDX^#>BSKv2EM7CllMA*tTb4Ol;e>zMk`(=e*y~T%EqU@4c&P)mpXo?qjzvn^QE2 z>il{P74WBo%pEhGX}X#UbZ8|Q+M8QFTOpkw$Q@ZJYgUB%SS@-73{|Bq*z*UW&E0zo zQ&0BRo$iEx#KZ8DjUhWvx~P%lC$qHe_{PX7V7}5Et2m6^Hxw)Je^xJfmHFLlpYO+Y zH57h4m)9V@zvc^tf2Q{k;>;n)9c(hF#mRxY>VK#hy{}_+syAnutQbJUH@!3Xw(6O^ ztKPbAb?8g)U--Kw$F#YEd$JrRjSPHhW9md-w%W(Kw7oU@+!7+)Lks#~zqs!7Gceuf09= z5B~tHq)8zEL1r>?`tL3Yz8C%H_o?UZ>Xf9Ekzwe;;pb0Iy%;{H+Dl%b-8)VL?4wWm zT+=zKS3|o|(J!+_<7-6GlXec*)Dx~6$hg~ zb^LO;w1Mph9p#7b_bi?>lRAHK*3a^J$Qz(mW;YG<^*fmZ@ zdwyV~vznG8;5(ICo|e>`EW=ftvB+~x(hRv9|A{&9-dRrF8^Z3%V1TV;DGXQ{t_F8c z!VT9a;T|PXp`p`az(nd%jN!c_dOl1q(OM>TQK;Eyc?wVZa!|(Ndu9-kG0LDg5`hQY0J3kOEP(=Zq7iKFwW9^3tx07+N zg#LqCn8rtOBEoE`w^B5J95|Vz43FG&LEpulTZsl&b8Q=o%gVgX&!#GwHtiNLi}Dj< ztURuYnz~cN^KaN(^iDlSI=|0jCTHB?F0}BsX^HnJYS>@(_waTdlCl&S-<_U@!xErF#*1Wm+d7HOfKJ}i=`0bpJVYL@a&cNEbh~GZ|lnDb+q3^9E{nwZ?$za zt-d&7oon}9N;_yQ_CaIOXRdkeWiKPHFH*r&jst#1|8tne^YAwMU==gp>GzPQFMVuJ zv)qMWwO~Ia!^!Eyi|qW(S%;X@YTEplPrNzxn4DR+qp7(x4){|ei6hSM1O;1 z42bvjsFl|1y7}&{(2c^v!n?zsZgiR}vqN1A@xnEBvuJeN%4T^ss|w%QTsEGGG-Y~q zfmT3{e^2SgR%rIr#>pjk*XOkQ!r=Q<<~k+tn9|=ik5!GR#g_-0Z3n>hmL~)%cGS5) z)qNAg`>|HBu(kw>$pz$gAt+QDm`|5pC5ydFDn{bPQ<_BZDb@8sn6}K!KlN*>>&G5^ zO-KKQ5=y*m$mQg%xAxhO(YuL4>|~|_#qGP1s0kN8oT#tTj+}Mr8G}&uF?)C8rLzL zX6huQFLT!SKbLuspQuJlVq@b%QsQz@gfF`uX}-IlW6;8B^aa5giG0DhvWHX=h0y0w zQ&2#M5K{of5c0YtkBbu|f+dIWID8B_tao4TTGOQ;Ay0pHIJ;<=;-6~RTwm=P=ViHF zUc61}lWai-mzfp6FO!e0EtRe+QK-1(Q3ZN2fB+n;B2wD-F4v7Tyv&Pa-h znQ5;IKEh>QH}wUWP>}8>zuRZ69v<)2lS@RAtnb)yL7E-YDBK|%=D$1~j;igi@v&;Z zU#8>~m`qxN1xHbW$zy~p^l@P%2@>-rn{S+AU*trAk2;U%#PYc1m>-8@j`GqE$?N4s zG{jKH!pUPD8M~dymzXa(T#a|dL)1XJLjpYp{L=YhXC{&XWZ*PDZ(nkcfkuHHJBLdu~2D7BMP8)K3BeBsXiHoAGytnHs`pHG% zNnMydOwj%0xFnlJT@#NBzrt0vgW5oo^-Q;m5)nLhIIxe=uRUKPP|;vOi#Kh+{JC+6+V1p_+j*!dPFF{2-t(Gk418Q z?!Ub^nqccL)=>IBuY-Mbe8Sd3B&7XG;e%V-g+~KZ zJ^9-9Sb3dr1_;mgyI*nm&)6|uU=WFz*gB~;a-NxFv3N3aynV>td-d?HIJ54~usZnH zmIZTn2cuNNeV)&e?{=*1XQ3N{iBmyZOqTI~J_Y+J$R`L@aj~&S^|icnnK* zEKhTrPDf&IJI4L&;gS!2-lLGo#YUIqEyOeWOnn5O1tuKN*O_mEYF*tbJy;!Aac1+m z$Jlk=60dY|%u<0fq_Tg@D7P-ciTex*2n_Hrz%m%NnuLg3>`Ny?dYi3;_+7cTHtFHE zAkRo?>L!NDNjFoxet`>*xBB5UEw%5uU41Rwa(iA=Vu2W*;Q2C9NPx}Y!h;oFV*JO} zAR-GQ2M74)CLLE9`luIAPipIs4wGK1QK#@QQI@!6~)nU4NsDpbw(Ac!XodUMzbO|}8v8addo$aUx)POo0_7z)K78FN)~_tt9cY| zmB#q)%}inI&@m32>&97#f@D1~2yOe^$zxz6osZ7_M?H&`g|s})ML4RotB9a_*jIU_ zidD?#d=7DWS^5orX!8}i%GAJN=1Rqh{YJC$H`<}WQtr}l1zFIK4?Je8RNc(B_15S1 zk7f#}yGaDDrp#y%H85~U1coxp5>*(ws4Au3Sls^n!7~irc^deq8W#X<=1k0E8S1%OAIV_lniN6 z7_7gACqAt5P%;nJ+kmK!?M6%kHpxf8IS2Gt*yUU&-Tn3&q5{8{avT-z2GKPh;A9E* zaQkPTitQ+DsWa(tb{uYC!Sj49v$^kHF+Nu4hlY1XwN<7!1HzCa(WZokgOqTPDVgBr zR2wg9R_$-HHhC`hL6%2RZuaEERhZ9^*D)Cf0(>rWsnamiQoE*cvNOrjC|>LeE)Lk6 z#5CBX(U%YQ)yqgzMhjxcw&Y);CVui)*;Rdd7!s&c&Iu1L4^-S^yyKUa9!kUzbIR^w z?Pu{pZ&brQhUAPSsx?P7)e>TIaItTg9Zx)=-s9t|{gwC?I?R&Qy0JC4h7ScoN1U{Q z+YB+cejYozMm8)hVFHbiv2jHev%la6VAK{u{}Wbu8fX^FKS8_rKbVr&USWp5E}~A2 z{v6WJk}$0i`Y>i-@Mr=CMl9V2q$DF@Pqti&HLM9L zbP;KYZ1(6N$&;Oq2FZm-H06XvCLu&mX%Aow*Pa6-g+>1u<^evg2GP&i;%}?4`D0F` z)s1XEOI3}&iv-CHJLX8bkb$6(dX(8K%>~YQT5tuo;aeZ!5Vfg^U;WwNupsqV;-bbj zwRib788#q(1t@mb^sJi4y7MJ)3f!Cd#Qcz;qVP8+$LB}ny!(QHU4@f$4Jg=3IODma z3vUnXZM{Mr`e;$oYcD5qg@!`CQ8Ny;siG+=WuAfyCpP^?i56zGfFGEjCtd_nuF4f) zMDnhRMHEsN*uM_&JA~NTU^NIJ=e0(ep;(E_!+IxGhw5idCpRAS3%Or*CCcV%C3J!r z@+N7`A)IV+=UF&^sw;T=$m~zrmPs{?_%-(AVyP%cP8$9Q)d>|9WSi7;V*#0p@i@49 z>y1CMdTcz04OtMVBao0 z`%ewnsOVT^He}jxW5W<34_5P@8V7wXY~t&8&+R~}`S%+ClIiib2PW6(-JKr88__tQ zP5`98Y3c7rPA0Bk_J+e$7Lm)#tRtO%$^DW2IPw3+PaJBgP92!6--n}@=gQ~w%fza! zx#Pi^W(KD#1!9{c2;zxhoxz2p?`EqPs$R;(w_g3?mytM5`%Zh9cb8sqy&XP)?%m9L*Hbz zpy3IHrA?*G?L1@Mp*C^6%!G{XUUvUuI(-qIi<-#3=Z06+{c4A5x1a=xm#k5z(<5TC z_F9zo!j&s!r8LOZgM3T5JgMmdQXE4D%;RMG%Ur7vADoGC@80pJgtWhY1jQPv`btpC zua?}-G4ZG_8v7yr&+0<1TmOQ^&72|xEDTx`W|57Uikh=uZGy}qarP$Q(z{Tu^B&DQ z4;EZ5PcW+caoUnDNcJhi-yK>8X_F)QL75ED->uK?St@_QdH+htJ&4O%(Uce_4wN@3 zCA>dFkyLM@me?PyJy?SWgEV_w2xRrwJcvabqNvHEgRI`=mv7DoA#gON;tH#7t26h+ zn1tR=*NL~Q8k^2u3@g_`9efF{Mk>bKlvW7CHg40~9La(B{u+yi-j?*y z(iRRkI)oToaGkZfH_ine{kcEsf3W=6RKBOXrZnXImdwY1f-^4Tfas*uE>h>u$`tIk zXL1k&W*>HMlVmyQsqCZMt&wI^b|;aO)KLTP>IGM-oS-Xn&Bu<0^>u}fT7(gfEAcY5 zNFz)nNMZ{9QG$Akpn?4gABUeRio3xOmbkRCf3nX5bk|Z2Y+z%jN69i*i~vb}Ww;D^ z*Uuvb5gWzm`8}QOF~qc$8Y>T_oR)03$-!gL?=Q%K{_Ug$70FS40R}M%{o~Ah*~7oS zC2(b;9sa;>AoPFdI~Q;XA?QA2FIuB2N7(BG{xd~fE&@?7qY8># zIZaC)6ZyBr?c6Kgfh9%?c?6oA91%zUYQ=YMnijB5xCW-q?{h##`c@$17(x_dVjNSy@^zgNv7HAAlynX zoBs0@j+e`?Y^%+Td)#9c0F9WKnflUazwHLk-d9!o`IFDNdLx-eEfPBPe!4!%Km{9^ zi7*sdS)7H!zAOY>u-#$3@Hpj{9G+A=zUPJc=D4E{uVlbnp53?mI!ce$TM&z+#)Is9tGnFdSkh5p|gW?Rlr*9t0?YBN3IwmN=<%)$(rk`GfG zVvNEMt+6rA&3G8vpb==nXx{J56%HD$atj-_0r_e@vq9^MxZJ%%%`VS$ZdVF`vu{&fyx2)SMRL2MDMHxVRq06@QA$jG4{%=$PTAIuKi%y(@XS&n5S39P+Cr z(VNs>T(rS*JgkXKR@QSYxZC(gq5Q=N~=C=@B)v-xiS-2%uqVRC?rO zR~lWR*C$8%P8X`TSq<+S9|a7>KELF2;t0ZjWl(**ngD+-d+^un4kEzi7+Ij~{Ccub zE`-}+Q@B_>QJ{g8eSfH5vHavTeBnboq_)?|Vrsz@?h_>OYuGz{<$NfN)|Qy~F&mjr z=!zTr&nu0e`A~Ux{I3q%vEt^-)heG080%0JJ>Qz{1PXbdunmtx-xsqFVPS&!)WPWd z$jUvhNVGirmFD1fcT0JBerA%@w4Z`7t<@N)YQnvNg3xL^&u?J2~&er3(!gQ=O z8X9k|1i$06aP5;V^l17HF^`M--#vWCi^hCuwL9Csxu2qx?PA}6<<-);2f)&32RVFZP;V~U@>KXGdU-c@FQ@T+6TxDlwcPwk2YK_{M$@%K`g=Se za5sK!EgclRvNFMr)C5y_u#JXsO*4Y0f#GH)PAvz~RKC6rGAtnr;t{(W6Q;?GLXCjZ z%(Y17-$Ld{`scBHQYFGX87{CN zu!ThlUU+8)J3=Lfo^({)K~{TOQ)--67CB>4Jd(O2p3 z6Xj}$>+*quGO+c%qfxcQN z^5VoSK8LQv5NGVH`_JK+>VA&#}QIP8Vdap3?kYL z2ZRUJNPW_0^^ijEh7z!#Qjj{frmqd=U{rfV3VQ05Sb_+WVw7roUecuMKm;*RdK zM~{{-@0ksqaXQfJBVc`UNuk^BPaCo8B@vIb05|-ZA89aGoeQxt=G)OtllBD04wkwc zaU4&Y2DqAd;5|>}G3p1}$(Koi zy%Yn=@I_#Jk;22n6FpAC8D#AYd&^EV`yE!C0k%KvQ_g`%Y^?*sc7BWLyio}y=)muT zWP#QBK%w31@Qb49$4#-0mk(SR486phe}26MoS_56&dyI zd>22&vl{gd3g3qfbYZ>k->($lU?<1n4SCgS28fuq)2Byg3$^wEXYaZ5(EV&&ImQj* zh!)3h%Pv$GrGO-SeC+(pdTk^^H{5mSp^4E32p)%=oW}VoWuAV@=RIn`-Wxkia44gW zcwpb*ItRrc-`JQU=v=ItemhsY%?zu>%4%L|)TQAD!&|i%$7_2$wNv_&*}{rz2Te>c zcCa@8AFCM&$vXg$LEB$B;X8Mj52a5L&hTUunchemOzjTasJ=bCp&uJA;`=7UwjN{^ ze!Slpl(|pE;+1i~5NoRW4Yiv}ckr|DXWc?;L=1FHmuIMtY2Vm*g$yty@`YFKQfACQ zHrkvLIRED3)!usEiQ()RLUN!-ATxaslQIQ|7yh0Oi|_?zXfFn$mI=O1?qfY+9V-w; zakA68`J9boF8`A~TIaFb!Mqbv7gG=8LK2JesW|}^@>;AJCo1V5mDRQ zpOI&i3AlwSaJOuK>s!)UWb~*|w;WOhW3-zyg!Gm(G9_XpI4u3M_-Zv@TCSc=|AilL zxapvEeItjZWS}r2v9725Ak!HT@@>#s`;8D8^Mh!EjR#>6#{8{FQ=nU83=`-cxU{$z1sA6Vzy zqt}TS*jsq9Q)B18j>pBu;<-)bNk)sxkM>#ZXKW^By@Ht?TsEni9*iM@kvwL8e7#?{ z=R`f!lCh}w*#9e)5XV`AnT{nDABrQFAopa*Z@%AERPm9)zVCE|x&$P8$KvpZ01lOe zEUh)vfC9@EH)x0~K$geW8q@JX#7QAh%M=EOMHEJpWq+1zrTH>z*)EsiR!s$q<+qnm4sX(o z5{ua^HD7F)9|P6VWIVch4@?9%;S- z8|$raU@_Z;B>f^cF7@&z8nqK+#Pq}wpKc@Tmrjj_&(Lw1ag6ML_kQc618UZsg~B=E z9HoLLv>k5{&ZCvJTt9s4H_2e6urJrG?bSoi+f9}BacL_`DFLn^@*19a@GInOLeGrK zj-5K{qM3taSqr~>!J>pZk$XQq24*#+YmQ-`p9?da_Y%?gpaiqMc|@8s&jA^w-WMJ& z=%J8w*tYY2Hy^2*w&|seyA?n};+4&|Tz@JTZa_n=`H)ifv`w$M_82>FFHskUO#yV*uF<++%}d#ll!Q;h!VH2$eIn53S7-3 z;eq8A`c&G&d1+`U-;|kpKyOa(n7sWJVsBi|lZEb1H!WE&Ta=R$iNSxY)L`Zo7%rmA zRyh0BJ(>wfe%O+mPwJU~hneS~sM+F-#lQ9eM@;jzfTr=;xj{>PrN~A@h-$5eg!~5ZZzkKJb#FV1$lT=1%!JGqIr;y^Crn@v2?{m= zpe6=a7GI040k{7-3L)cdqXc;8((Mt+(DGLxNcM8TaE5tAjv6CJDS>{>)v942nP&rA z@Wbwb#!H9J)%>3h2r(13Ff=-l0x>P?wQd+RQiawvW%Qhw{@kj-cM?FG-yFTX0+;>p&;~Tb(^kW5+EsU)Q^wLagq(ORn zBUt!J9(h#z7#3}9f)(_vcdQmGW&uRN@}x4{zljD+q+W=)#@FNU%VO>7^K4tS`!zy; zL*(f6kY9Zyz(qvo1(iUKD&>9X?ZsA)jwrCIn?8AVcsb+JYH>wAUn7(#D{=OtC$d35 z*};BUF6#*G-k&pQvrzU-n{7**g0m@$&VO}mfC%qLGr1V0= z*rcbox;Ms>QSmQ2V#Up~rm|Q*k@j6Oxp^kbdz3&I1ezwDgx$aV6%_t0l9Yk;=UPfK zE@ZMMHIYBjMw+XU@%Z~ky7UX{kT*r5PZyh$$9@0{>a%nn5ig@dSYM!NnPwLbUUwN8 zK7WSf)vu*K;(XME1nQqYd4Mxr8lv0F9%q|gNgm%Yxh$D`t;tAK-VR!J?kt@7Y5=j& z{tagP-2oZ|Gc)}k>sf)Hz?!@qUE-rawC?7s-@&{L#IoM3fJ>|6@gdqGu{c3XwGcN8 ztrR~!Oa6xK%5cCk$@g+WdFuB!asYsxgMwJfThH4d1VS_1m1aZ_jExo=ohtY3gtxMj zEqs@90?qD_mEC+OR6Asr28bhg5nmsrAbti@9tZkha}T(grVFgl3*VFUxcd7pn)v3SUdh3t1hhg~po^M-ut-51{M zk1FX1C)|_=aD=s>I-mOCrKZDn43q-#Iay)NvBw6}7wm9m_PB^+vxE(|c`4gQ!-7%P z=Z3f(71vmu{%@fH7E$mpE==kPb1+ro%H*j8I?h~%Ffn&;q!Ki5z6`+c(oX**LC07J zakIyPI<$i@jM=`gH~ndnuYX_$XSuNaH(HNxUIGgjhEyAm7-+^<0v!KHdD9~UXy8Eq zx8J?sUP-QPkVuK4SE`_sJ0OR}%3KR2utdu_^*(UB6xBYrzU^ub` zb}n*jJ$~~J35X8pX_8C%Y^_C7HMSO1yUFT(IbUd#v{I{Q7xc6?7_Lwt?vF)Er#gm)?{; zY4kFev}PYl0Pt6UYq~{v9tmo31&e-6pLsGR@Wpjvf~{7A14CXcDFBP{$5H4+#ccnX zJK5X4Tf&Binuk^d1EoqcjalO29o=vH3+iLtKq0}SXC43W-C1A{#2o&hspqCELX3<(!wyp2H= z7*Yf)TnCPWrY9*QkDmCqGVDmR1%iFGC zxNbRYs%eFVAUUC%wPuzzkCqF04c>jrd?pKOhV<5Yiy18}B8kgfpDl>hvj=s3R*rgK z%=Ny>o@&JI#x^Z%S~fU(;Czf$expYF-$RB3Q2ePjMe}-Zn?}d~QXM(Rd~w9&br!m4 zc|KV6-(Y-%<@7Q@Zv-89HK+Op7bpXE9U*nM7ec)pg?Vqin3p=pPcjJKrWg_s4xF%T z6SwYoEDdc^&aPCMCtVwztzO?P97?%x_Hny)S48orxd)*pR_)5V*-%ukSJ#h6dZoz< zJf1C;Lh=l3cDN@&C0&c4(z)TqzqKh6rq>%Ci?s zjkD%Q&x@Ny&yju&w5flgrBixKW5%%q3Z5n;X`RSK1jZx1H^0@xw39O-&SKH2AW3Uvc0QHwS#;suXm~_pjJab+;dgOD zNtpL9xMC?E#(c`SEWM|Z(BjR~Mn%7-)TRqSJmJlJy@mIqYfFu2|4y7SQij#GYG-<+ z<3u8!i<7f=hU*YwIINl$yQ{9^66RV{?khhZdw7HnXLPNlTYTa#2R4_rw`|q&GRa{U z?|m#IF2(pF|Hv`wZDq8PeA;k}FcPFmr7Ni`s8fca;sGg^JXU1-mgm(1<`6ac#99aV zP{4ajPfo$7Z=9t0WSjf?_zRtl=?2no^`%MuL0VuL`b!;%1YkpwkPA|C{L-o~RyL|v zBj18e7S7u47G4{uNmHeK&T&%yE};#?FYtjdVYMF}2aBBl-UUDv$oGmot(;h_v~z9J z!D6#m02@u{ERcM#cR>QoGY>gICj*bkY7PA7fgAMM+t375J?tmZuouPMl_D5JzpDr& zmY%MeNu8hi%NBJZ=6;lTEt9^Wakz%HdRCotxQS3$@hWch-1+ZPsfuti}kO)1i@ zKku}!T`uqQRRqF2@nC|XNb&e7(WgS8`g}HBBfLMz)0{_+bz!Dn)YN`6?EUh8 zz1U4G$j*j<)09EE7Ihe~;~|hQ9`?d!(ChxeX#Eg6M7V`g_VLU?bu0yg4h{yp%*zPJ z4lT|kNMDi`3(rVsx}bB|xKJ{S%PX^(omtt9i}nfq;*)W2GLlH!JZip$RA! zh9J_UO~+~;?`u4NEXBbn2a5x@y$tqHZ>e@*?K^1EGyEkvRj}4R+=mL+ihee36#CJp z1quJ*aZ-eNZ_uVP4BYe8Rswx)s^)JG_Hi!w4pX-%RZYpb=U99!*!V`DXB=nb;=jfq z*VQQ{mdR95`{e~<&9{XT(Oj#$9nCXb z_*h>Iok>)Vp{aptcsGE)B=A|Vsmp~lRMSrl1m|V0KF(;k;qU4H;f7OVtK#@<_cRR;`F5!{Veh~@(B9wHt?Jo5Y`_@RM-uQ+d01a+8F9(yyBbYDCz_~ zyV8yy(i&s_7ibhTU>a>^0yeM&!t}D3gX8{akA=cB_X#${6`@=~1@0+R1KGjp<#?}? zX_*c7X>ISuk@5<#%@*3aY{ETGwj^9y-#mH@^W(EvnppgCO(H-abf;(olO})ujlG0{ z@&pbPE9$a`Ix44)GJ)pW=Akns15eri4u4x^t?LX=gd4lfe$(E5o#SFG_MYb@Tw!(a zf;{i!cYgU=x{m`R|EWavE|)6IW8w5!{`TczM#B2Fhxsa|ZqzlzWz1XLkNAc6EduPZ z&9Pb?uc)J2kSV5dHi~|}RkxOf{ZepmqdjpHnhGjFy3#_8raJHH4-zyk%75F;Zs9zo z-xlmfyw$w){ldY?Gi9{lZzzAstT#jqc}}gh464WKc3iYDz+idQ|JdKYD|f=f@fGp? zXi^*M$8|xRo;r5(C2H+L<_Fs%f2yjmCMS3k08Q6ZM2eSZ^K&-PHc`Xb?-ElSC{kre>C=7@Y_hUq?Ee} z9czf{S~wuucn8-prNBFq-OIT4d@R@h@R7zyBjVB!ziE{mOd^6~kiH)k#ZS-G7T>=c zS3gNrwX1=B7%4FSL zeAH_VV#)H!na=W=O;noLMwcwt$p~Pkpy9JaHejO`>#6?(mNNXM1D%ctC}GkF-M z`C3z_czzp7d8{tSenEGZvYaOE^i;TjIQnP)e5?*MuTh(T#Nv`b?yKLyn%GL?*ed}O zqh1s?PW-pF_GQn!i`LhIqn3HgyZr)_?wo4e7C-}W1>s>P_Max+KEeGmqNF)+n_s2M z-vap4Qe`kX@lshpU+t0CjiU zOD_>6Wnc@{0^?C#Reveo5?pkx9Mm(n+{FGcG^$2S8K8q1&bc-fSePonTlhp&lS%!X z>69=cgZ7$|eI=HWmay#$*xUWLJ!}LrD7}t*I$~;iCu$v&cUu(N-gp6!k(gGu?>c_D=pnXFln_ZQ8=R?K;giaEl(YP9Z$URufqex&22ye)lhPl*oLZUPg+tr=Ej?kqC`rVXjF-{K|25b3HHX6bCUxA{w0g_{q*UoEfucoVGCvUjg2&=5p4M%*eySvXH#f|t!NvxdEKyX7tLlfIabk!0u8mY6Vu?SlM0 zdG+a=Jw$#Kdt^MwKW7it-*~ry28%&w_^3Zn!X;ermu3qOTz1B=xNv>DqN9*Oir@&` zEp$V+2fRQh#{b5T|CK$^p};PEUl8AGJ=$zb-PgVFbvGYrR+}qf0{evx9$ExuFgL$7 z;#TMCOL^J+QaD*_4%Kb50dhp~fUdZ>HJA)ejmId$yy5yM!!htcyLsG#)xMdhFW_Mu zM_*^y^BRLu3G)NCs6mPd(GNG2f-sfnp1Ez*5wM=Q^L$Pa2H~mB4M9c?LisQFsPc4~ zUiM~DZmV!*5Ty8`AyzQw9vRaRVY`R>(m{<;!-va%w>gUbE7$y6OQ>`pC}ccipveZxJ~Zxu*L%dBJS=gX`ioNtdMA%qOF|!^ z$kdv8T&wh%qT{ydfilPUm48T<;06jxmBNNYvf4i!ycZD+M#!8Zv=69j+5LZf?fU~h zrznGLj-3C;drkir9schtO;&Ouc5OKs9Ck$C>0r(TJknk^oj4G??xApQ|8$k7(Bm%E zPy#)TT^brJxx|BMT3YZK)VZDnM;|{#<8dtH9G{Jv%z=J!X=#- zVgCZjnP`)B|F@=v3!Naau^D({f}h-M75`a4ApMsBwke)NYFc0a0eMVVqQ%H`m0e!C z|9^Q%9Y~(Z*12wAf5=Pz1ZpQIbKPvV>)nxldM`ZhU1s{R>#P91-6;@B7~Y`}`^UG9nvmE3d2v zP;XLeEBG79pu}-4K!#56 zdj)5+RmmOX^05AjD!j_mKr*j zBO~Dr5m`GyFL&zz^3o@SKo;|JD}OAOyLzrBb3BfhL;sXRtIEvTcG}%J zJv=jGowrrOQ4hz}JnN$}3GujG{giSdpa=P6shQmOwvW}ztKWJQWWHU~_++`uS#BWV z{dZP?@l)yWRjrYnsNCiv?9ZP$#fSR2azOV(1Fn@#C{@POoMg}!5#W3y@QpI=zJl!Y zHHF}xO~`{m;Y9b(!9Y`2kO_IMNy>(vIUd?nmZ1(wVUR+!N?~884EuR4b&^p6=$qL!`c;Z#dL_FHix zK#H=zU%9suSP7mX@U?pO+h$<0*B*gUEu|#hmD11hacL6?iI^7{c8@~*vV3zukKe^ zH5Ut-*uj$yX@nl?M2o*?3keiVhXb$2ZZPlwG|5nR-9MTy*F;>c7q_e*v8vW{63kwjwSE8^mMm8$-&{Xk{Pii_F3Bp{*pehX8V)w)%3Pejo*v>RG2nHj z_zf@njvV4Yb($Y|KbBZQSwkX>cvQQpv|{FGdlLk+r3i^AHAPOitr`_kC+BW zVt01X6S74EpAyACZv}4Q6Ei5)alA;rnd>5IRt}eUOtXU@f)5I54>sk~My)9>F%%as z{9u%S#DW9f4X`#T&xYMw?h9BS=dzt1cgUM7sH)Lr^Cp+agraUzX}g`(vjDJOg@hf+ ziZ>cAL41csefKgwp4%wrwk5fdv8R~m@5lOqHIcMBy_E0p%t;YD{}ifm_U2_ z?DQ{$AM&HMtU7s2Sb|=z2y`Z_CawQVIS`nmz1fd2Mo~t&&euM3w}3%D{)7UOep}Pw zmfEAtSQTva0~lk7U9c$3tI9u6VYw-Eg-lajqRJcZ0ma>{lWv_Av{x!m83V+sG11#( z1LjBVJiw^d5o997MU&nA_d00U=(E3>0)-ILlkvWx60|KCK4LZB$;9`*W8LUC%PtKbRwXhp`u7wH zi+61Aa9+`3UVfwFsavuO?zz2*Je-FH0?@s}$Ly0`w1#r+P8@AgJ} z&!dMOX!9A2ZjT*JN+|{DcAGHa{T=&P_ugbnW%&wb!oR883j_KH`_|3=ZB>Z3E-ogw zGmpQc{(Pbhr3d;vxG))0&_*b^?*5pu(RrBn z3NoF1bethzNfJ~c;&4NQqhG}lbLiKkJk?yztItR)7o+v#d6M9-G^z~3<3+|PsJmLq z6Z$f#dm1MhlEU??xSr0*VKXQ|>k)GxpGinMMe|2PA$SP%dVmHB{q)Pu7{&diNq}tY zAlO<-hLo$i^Ftt~-}V6)QlE;w-xy-ufKGR+{B2!I=x+5n|ov8kRL zM;rzS;Z_E$Zr7S^tZ7rrW?Lox4h0}?SxvxE1xhNUl$?LTs|pTesALXRXd zs!y)sJ+#v+VL(~_4zd*!zy}Z#lQ4(^eW7sa9C+MdkTiI3OXOR{yqq zC}5Bxz+whDpzDPJ1_>Y{t2GIHV93VA2lGZM@_sk5JI0rhJsqaQtO-tr`WNi?&_F$~ zi5wp-bDnD;rSjD2-o$NVd~Q62m&o=?7y)bH$SXgSC&c9b2`?+^Q0Dm9 z#v`~AUT!q)fNL^cT-rwrS^8_|WxXwAQ0Yd{E%C3p2yxIDmI8}K@MoW~2!uwAV%Kuu z`{Ff96}Uf2O`23E13c703bdhyv2SoKB-#=ypg_2tZOHHH`-h7VtOzXfv{(zpMq>f| z-U!hCDi9nn-$4gBs)M71VfJVPzalaxA|F_n%xK1wDOAhA3R_UwOF9_9wp$xeHCdBf zi*@z=6=nX(a)meu8ny2QoH--N_VC6|HXf#D>;4MZoOsEf>b;1wLM}%!taALeNv!N- zg3os79wfl;3n5I2{krgq!ahnxDPL478xkC}2u9}ZpFWi2bfm26w%Y?K@HqE$}zJh9MF$Y>v$^X<#^)_G0>#wkH08Rg<$)(m!m|Z(wy9rdpnNKSpHlQ@1=n0P!R@f^XFAn zW*e0rJTS}Ynlam=Q+8WovTWcQQoxQXQf)U?YWBnfZ{|Lc?Er!v$I?R|=}wLRV%d8g z69yFtoeVZ#T;2<3xcf}~(cpj(BNA+nC;8WhZk0?sttSVtL&q|TTf!YA!IBNzaN=8M*)vmx zgdHbFJe^mAg2UgbxSU^~OOxPzpdafOtt0>T3$IHAU zr_~1qxu>_(Xba6|za}`bx7lin8yXr`dL>pJ^$-Tyb-c@PSdJp;D1ln)^DHQgYQHz^ zk@OlsM2F}kPbBdBd_Y2ReT7X0zv5w=kMXXL$wt&t1ee`@f45nA%q)5-O+gGBS$vHv zP0!n#0@2eTYBUsd3K9#ny-u-MY*t)tA|nMEn@J1X=Huy_)>JegAN1xR3fb~APz2qd zPKt?{K!>ZjV05C+nMCpcUk8* zMmw@i{#?f#KaIPJ@|k)~+k7Ld`|QdtjP^7eex4O`x~-kcL=D` zA6Z9l(U?Q^(Bf(Yh{n0V?oP0miMW2RC+@W$6XxyuQOj$0J(fCHWFLEf;q>Lt*6AyD zq{-hy8iXW3cP?Q&7Bf2WmMxeqZYr^lXo#TSmjK5~SlkiOe*p`qA;^MkXBW%iNL>0c zYGX4W`1B}{`(13bfvnNL>ByYX7SdqU}DvcMntB@F8g?h zyk~imaHR3llp#XC`z40|)hmbDAnpF~UzhXt+4vesosC97zR|k4TuM$v(tz~3e4mie z-TfP(<@t-Ol?Jdz&&=xlKeoOyD$ZqD8x8InT!K3!NN{&|cL@^QJ!o)(I|O%kcY+3Y z9SH93-^lgj{ffU|fhhrqLT(qc-YJAX^7`#~B= zR=r}ncCtP-6Qz8Gkp>k)wIVLT#E&?uPyG`T{L94rWwtS~A%?`OPd7+Qdblt)xHgLk zc)Ud1iA2OjHQ1}ICVawRQN|Jj@nJ}|r)KBZ1v&KR^=bB_`>0SIv;uYIejhJTJ6I5G z@eoM_9!oXR4T3Uk$o0j&dRR(yihr6eOB6(UL`e=t9+Qbo<0Mc<`cxhl^Z3{z;=!T2CNc>o&-`f~`xI2NM?!T_wf!}@RSV)Bp_kJstS zy;kUOniGpQ-D{6}D|8_bpw?R*7N|R=i_equLACo>kR$K*#Otw6=wuqAcFzK}|CXcc zpaaD>jNrqYfBRArsDEz=aA1^S5a1uK#D*A$;N%24PB#p9#?apri7~f?0$&ZsiN|b* z@*PNtKY*ds1IVrT`b&Jut@tfcbPE-6OZZa5&?scyh$#*5m8Zb31fS~Rzfbu)Jp5m} z;PzbrV4ZkBoS2lL67J_?hr6)l5JjglqeYK%)(zK*Wv5Ovc3# z8HzfD0)fM*lSjkGpJPh*T7Oufv&eeY142<~*P8ts#sFUjU<}0dPBB)Y|0%b(<@why zVZuWIQH0XN{bfV7kbOin@U>PDyKJm`361>OopWES4r%keP}}eN0@9<4fBc>AC~yK1 zPp+K~)%*PaV@)s>A$}Dq?bUK2SX{S^%{1#G;5mT6gwkEmNELA5IRA8p{y0+%I%mah zVaei6lEWx$6F+3PZN&E!(SVipa`>QHf@||Pe+iQaf&zX*!8Gsx7BG=NKt0G6?JUm* zIA$MhHa+@^pXQtUg*?-OXFfuR;EWHNr!JpLbCssu%A? zpb=Rc>wCmCoU9nTDybS7$DfmZCR?e{VF$jD+Uu=e_O2o&LgOE-^M9I@FjRjl50`w} zYOJGi>T@?%UM_pu=ks~3RtJE=1K@3>X)wVb&TfEObB)1}-EDvYFa=O!=y7D>I*ScJ1JIpt5~J?L_wyl=|DIM*tiXM?fQR=JuH|Z3?CRM> ze&KW}K%ATS^FrXaq)%x_e;&Ac_5miC5P9(o-JcxpyY+U4P{`KSv6i(;CAO@` zgCRUTz4g_>?sujm%Cw@Z-JIwX59E;*s z&w*;!R5B{H5mdxP>2SKWoxucS1KUSF`Cz1jLEq$r`eVA#1Pb3L;boW8LUeTNE$w@Q+VWT)R9+y>AMN)o=QKTyx8&>-^#kK=&vVXyT5>R7&WNe&BR zpd-C82APOYC^r}-XDT1U`q4xb_KpnTnj*3o+-<4St{8vrn&>s>+U-BbxM}{T#r{RW zn7BDa3VO(~#!lbxeLHH^+n)0zs@VzbdSKw*KZNd_5`~FIpbp$@XuP}a+^>9PpX6=S z5soz^mDBp6D@5`Nrvnh?kclJ}2*rav=Y!l2E4-cPX;Pk^pNqT^9yJ~Jn7{j~^!HPh zbjW9Ml_qxF5f9v)2HRL#)R(CK44Xvj;2ibBk7GJN%dg&EhNd1Me4nKbbPI6#5HW!< zI*j!5+b4rQDxyZ-b;gTRa2ZQG(eZTd!9hZ0)#xl4`yJHcw=x)1YHTQ}Gsmk6?aJJe z1lp-OlnxTy`uZ}BcEGy3trTr;AFtQ8plHGa(cw^L-*T(3ue))?l-MSP--^IQJ9`EY zKQCp749<=1ox_}b;OBo#7jj7euvVald@Z`2B- zi~aa(u6GB|+I0g7*Xd_F=31sY(6@l2cMTz+wrIRp%LbGB zzs7?}@`n8?!HZk{-a6eC&*|Q|E}#zr*c;Ys9ccqEr{&fIz?F4bUVDrzdfQ}t)qyfe?Esqmo%LBf(l+% zZ3Yl9$#g_=TRs(AEt@sGylOV~H!#u(WjA3^>y}`O+G%|9+8*?@@5JAJ3i7jpGC1mE z%LUv^1tCfO-}WS10$re}NPRG}0J*&8Wv=HtS=~&0O4d|}{y2Hy+1p@+HgG+i@kKB6 zalZ_;6hf)Jv_|Qr^N^>VZxvX1Ooozj46iR{eoFua3XqbL5a9-G3t??DqY(azP>f{x zSf(6MqF!O~Ih`nD>G!&I6Q|=1LB_U5AkCLTnj#%D>#y4|oTy1(puY6k^w}THJ%@ny zshM)}ignvrRX0WQL+>pq9+3%i2-A684ZpD6NaS&RUbB<{6u^)Bp!ep zIPdk{T?=sXLt+V~K*?9AedpY?@~lJn{ymPx^IS$?)4GI^R+#y44_&_Cv84*>)Mu_s zaK80p&ztGtU?0MSZKXI!vZHDUGjV^U{ys@~msv zxgDz>Be%BbbKRB@`q5%`=ku{lchwX}YlU2*uXM*i2cmqjNw$7A&xb+RTD!%Oe;Juo z)1C*#H4|yz)J?=96y6j19T118OoSASqI?gkZ|YspB|72Dx=OZNw^5&{S3b}T-Zl8- zGZ1{~C>`EvJUOVlg|(urU>T1>Uzoh-JwQ?6iRT-AuIt)1cfvd}=7<2YzxBYI=(b;7 zHIJ{h1wE2wWc5q@)D7>Y*lGvovcJGQ=5-5P|8jod{ViP{=}=|Y+&&M)Y`t9kl(E*} zNxa+3l^-?O%E(!i?lH$+p+5c5Hqc&1?NnDA=4;u}pZ9Gc(Ucdhdml3X+&YusOMJU~ zu~2CYo_Tq$vU6>J?sBzxl?v8|ghgU!KtaZ)$I&$8;ao{<+ zdi$gBl&CLj@b=xQ;|h6GqT4G+vHHl4c?F+3U?c$-qeBWd(N;*@k!I%mh~fRoH}(Nv zfSBWUP=98fGn$`y^y(B|S3XgQq!Sh(hDvlKK9T7=J!(Geu3!CmtestVAE+hpnEvDh z^2;0`1FH0dvP02_DpKfwQqdOfaDh{E)u}{%pDJBU1P;y=;E#A=kW0M>H5GG_fOcn0 zy3JwY(M~P|`ixL4aHzonn&Z-?jy}sUKHW|jIZL$r= zYNfCkF1y)2P{CR%-s2%#$-CRpzH@Z_Gv)JFP9x0m`ZCvd<%uINT2{&%9Hv3-xhyvQ z2iH>FVIae@Z|cwhfBrDg0XM!ww+^v%W_S2zW~WB|$9ZZOr%4;X0!~;}rO%z{dy%Sg z=u8YezN;kR5iNvIE&je6lb5c2 zJ`Z%o?V;2goA4FyZUvtZH%3=8&d5r76}??$S9t%;x!GRk+ET6lqshTT1wAO5P<_H9 zgLC;DH{x>Gg`uWhUeR_@|8>%ci0TA`K_{@3V@L8kaJkY<9|4B^N^7oG0t)M|! zEjq}td*?Pe?UX`(jTiT{Eh`D5qfiX{fd~7gA!I?s+|+TIUgP(HwzGGU_`EA1IMEgc06knm2RzscdORo+3j67TyZ!bT zhfA zL^A?g!c7aJH1#WsuqMKf;K%y}l{5v2mj=s7rMiRXC~4}wy7Qh&lRx%FkkFG){hg)n zPooBtZOG>bt=aQ%BXN=`kVG4>BOKELa<)o|ea6h%eqXaZUY@?PPwQK8?2}b8)}QxS z5WpD(eKhM5vSYB569WZRGh*sZ^FOP(&t~(P5tKe8#nt70(Oo6x;P_@ z{rz`f)C^k5b{73C+L8>Lx|)NyKCFz4JT9)92k=#jWX{@r)Z24#LlxvPJfcOB&yqjj z1d6s_P6SyVKvM}&_vDeQ+r@>kBDT))m)V z?|5ei-D+fby;CDAQiu|o<_*faHR^E4*S?S3dBfYXNq^1b+K#)-g!quzh-GszWHz;5_Jp;EIWhqoe1vwY;#gsSHe%gU zVIcAGV>j$;V@_kOJX6;T6*8}Pt>z29Kz0-|O@__lTcAxO23xOmguJu6!xNvNte-wx zXPDP1=V3PU;nPnrdgtAEqj}2;e+lw&xn4BDZP5w}8MZlk4nRfVz9CY`scUf^YJ=f5 zJc55y*8xzrL`N`h)yBQTk4g|;=J6}2lFn_wS5kY3OnqQ$NZ7W~Qb~Udd+^3L&Bc!O zUd$s&Yl{oMn^Ws!N$K2q7S*UVjHhA$;mH~QAqw>JHjcm zjn{yP-+lNiiCgMMMpM$D(N#krnh<}k<;7zoKYuP+uh8Oew26sl{n^W3)@5hFEuqGh zOF`x{*WMK>hSZbmC7;q3N{!1G4Ht(UJfhtl#(3Rt4GhHOhYvlR^VMVz=|Ipug`2J6 zsNYtXI2s=r;*SG?t{wm&u>lQHU#h;jy%s&)$6-DdHR4N`vxs@aNqjr}5pSF=?$POV zJ18>`j&y?$AiUg2wvqStuGor1QQtuEy*zk+1Mj7VHGa4Y=&jj-Vx5b9Bj|)tz9AT? z^RuPq(59`}ydw&>+>DWiuFPrEGT9>g)8*~MgJ1!$7jU=i42$=UQqfoUbXsnWhOoI{A<2J0qwb?#A_>?+mAbMr$`3QJJw~s5M z@C<>6lfyoB&HV;#ei!h>A527>=&3`TE1;>J*li{dm$!#CbjqhA7Rf}gDiC@EbL0tY z3D_Q7PbUy>q4SyI^Qy~YVAl6SnOklftoGFyTMr9-XxF%e#Ex5Zh~e7~J@vmBgUMsg z%)Tpo)rbX!VTu))?e-6`iZYGSro;>G*9U-lgwJ%rgsJ6OO7rmWx2wue3tu@A(`H@a z4Sz2+TI5CbKCjj5I;OE84ia#mEb$_%>o5eX>c;Qh)^bn0Th4Za26Z(1qR>td870fE zg*t*r;!!yN1lvdP@ObgrEH+QDKOqx9R1oTS*5peUdxA}bKE6ZAg9%wNK)4JZ=8Ei} z%kG88oV+^`&SsY9iN!)kCCx$|Ay#UaDm%{ng~T?i!T9Rv!kh8wIMQ52?iAswG7?84 z1gCd4L)%zY5&}PrFdtn%z>wpnmQ61kS%~^mvvnDaBO4RhV1q*|Z%m}AcZIb%@DZgO zcH!uX!zQO2qRXpP&x@1priejO^UxRBKsf9>qG$qk30_}<3BkXM+uQ|7B7CDefug^b zi;F;{RTzhz_RGzrj{(9J7L|hSZ&58j0N;xFC@{8oZ=9;T>2l&RF~jY0A;-<nH*H&NC4-a|_c7> zqlb@+8Rh}@5zJCr?o96C)z$p%K-F#2r5Eb}H2X+5q%HNc?v(eA*ENxCHr8fml%w3=@mkSZK@35pko!9O^w0w6~ z<(;edFOC)+3wHbo2GF>!aE2l81YWRVgIswAGHl#DG=8PjYBtM8fT~J-$780U3|Y_YDLGx6+&;(k z49zUwH?>Z<`37nRzTKH>Kjv1W%g)j|7~7>C9>f;Ec6>3#xz^T{wd&4}3!}TX&0TSe zKbVd`(83Fvn%<2&Z#_vi?px?+oMQ>_-mFoz#Qx)(=Bk8}X%oGB{4nw>o~>QYa-n5J z+N?n?y^OOpQw|xl>oCVQHfY_?$!p01`0AU5#HV zSh?qxO<^H#VM4fhP?NG9gug(RsPc>Tx1DR6lttfi#NS03wGok0PBfy1e20!2JhU-C zWici`(Q$l>xaE64&)#c&RTN&XKSkZlg(fmM>xqF{OAUSNR4~K@ahG-ope~A7H*4O{ ztI@yiI3`=hmcLwGR!%zRiYZXsJOPM}yDZ6f$LaUJ`Wv>v=`WO{hb)qhK>=V6q3sXj zA$1q)&MuI_Yk&F&iL(S zs1Q$ooefQVt%$>xQOjauC+*`2wF+J4n&T=)fl%sgA3Mx8>sUy`C2_|+{+sdNMg;s@ zZrovf=JEK4pXV-}@a?b4p-2VlaOa&q2S1YQ0SE&-mPaMhFN^c@}jmm6~daYM2 zc?z7FcDcIwKyJGCCn@#2a_@y+KNjig5`IJFeAJxu2}P=wOfsM6C{Y#;LYuO|d+(N( za?-mvH8iNnJLv6x9ijBRedb)lx&T7Ci{5<_LEx-}6Jo*2JBJ|6DDY)XifcYqThkHS z`9?0?ZsS$i;=r^As`}Ug8L`fyEACr)-7q_~_#BgFb#l@Q0}5!|iot(Si1|K=xt1L6 z`x>%#?-mtkUEPwb#0WsundlZk$zS`+iUl$>{?~bV0{lv1&rN5oTGDASt43wuoFNI$ z1c8|1o~ccy$$~vZl7>kxGj_}^M`(xlvIv(c?2lZXZG3JFn!F20DT@-zaO#cN1dH0YpcIS7Y+uLf zkE=Kwp5h#tE8#=0u<}PMNIMQC!Ii*$F*cVq@&ImEX;fHxD8F)DdMPHe z`bKS62E3GGRP_q~^CjHFWxQXxShZEknQIdj$diDOOKtE{-fQATb0p#);vXhooSog9 zJTZ2o9^C0L-&i$#Wyh}d7+|GVM*B&Zl2EQtl4L?o4rS=CB8M+*N)AbmFN~GnHoM&7 zRD2IdibD2zkV2r`EBV1ai2b)QVI%_L8C#?Kq;b0AG6K0Hj@ zYVubY=hh-piUkd>1dXVW8LuKIQppwk7GHmo@O`RX(@3W}EdFA?7uSsNWo*Fak0u*q z2(BPCTIWbkT7;BOAS#PPKo6|_em%+i5^SKE96B`lQ8@PAP!9F4a)B?90*U#pj|=0$ya39)Z~-9fPwE2&M|ndp$|k|gMlc(XWaepdzOV;`x3=GfaFKgPJVn7 z*3DI zvPY&#!jhbPBA2D}(sEo#OnCj8{ekE)Hc%w>7wKoz2GCZ1IKjASwCrM}W?rapB{Zq2 z(a)Y)uAkP}mj^2a??b%Lm3P}bUk!CV!L3{0BaH7{nYidZmiJ*u zUPBxToocF4f=5p<+?a#vm!JH4@K{~Z^dZOdm10*-&NIFZ#wEHi;O)=yXp_N}W3NnK za&03bCTpD^??0C56UQpk!_0m-az9h$g5*3= zzFwp3Zg2RMbjLMWYQ^nL%M~e_Rar|>K^`?jqy4X50GQ*NX0bAm!624Q){*GlM36@0 zGHzpImg2w-uV$s@r^J`lDpkO_nT23S!u_I0`-&!JY?JL&Xp=h+jtJ>y-e9d1JzTS! zn_$4sNJ;kL;_|3#)9w1HcOhob6sJ>u?!5!Y`(=R>_&^bnZ`QDs%m(;|RU0-I&IAYS zo6M@rO6e0r3eJWrUlm&MLehs7CK^RM%VUB+=GVk@*ZB zfo`|8GFP(mm1O2b5Oo1!Jpcd;2%_RHv~u&8(iZhK!II}gZ{~~f-{M8$dlQo$#fPGv zVFM@z)lq8L4+2~l9ux970UpmAzQ>DYDRCo{DL-d25OFL21l7s=$M`oW10LqB|5VhW z%0_Nr4@50Z;`4PD9zq+;**VR>(B%BfWSi@mI{|3W4mf&}j&)o}b+2Z2u z#YTSXzZ>z#9=tk~JOpSWqZOGweF08_%Xv>Vu{%58qf6{(~pSugVwAB;IZ^vxi2THPqQlm2ZoF{wx6qTT8tPyAuNhHeCWTp7N*W>M$n9eMmIj6o5;brVo68NDnC`@?%cEI$p~}%1IG(a7)<)*_;C~@WqKgj1E_( zHP|TTxP7vtPVo+oV5>7B%X`NLtH0NceGGp#*PN(*0-K_zN&d~tqC%wDgF8%s zw+O-}x@7HU`Mzk@i@(raL0O&??<70JQM_~D#f7fD$Db|lmTEqM%1_Qc+SJ_fL?Ke_ zhxBkFYeG0crKAr0nTs_c6Z4}up(#}kn(ddPTAU!`Ztvis!G_yfVq1N3l$x#Imj_&l-3Ovd;6RA-?=tuug@kjb_dbr% zIIEVuns~R`UEIv;8JkC$^V?~DI@EkKt*@`4iFErDVaSgT?MM1(T0mDzJ9vHAo6ZR5 zy*-8(u!x9wv)l|eG*a5NnehpUwAfMDZ_s-_;W`Kt`?v%hDl4par&mOl*Ti9YO*kv< zmws*-PmB{JKA>Tf&(ik##>H2Az2KnL@*LribDF+}bGYF6?o@1a;B&D9N=GcU16 zPh_HoRofzz)6X(Qeu^(%1JI_3#e)+c7|wKhHD0sYFa4r_dTiar5KZC3wY%oQg_0?W zLZd;`e+2(B<%xm0-wr2uEx9zW39JuYveqQck5oQNR}z+Z5+ z!q&+f9^4sD!3RmeAfn_*q!(Q3gv3sz$s>gMsTcGetD^+Oz+(!1z;u=%fl#dZzqO`5Wjb9a?+fKLf6UdxwiMe4Ii<@X{!_ z?QEjjXrVm5_}c0CLTG)*iY1;@#{v2wDITJ~6bq-NCg^#bJHnmOt8!S^R{>(9+wD#}8fSgx6!|xB(`?5=2vi;j<)|v^tnBA zg{8}=?W_Iq{vsS}1r-$x9902h2y;SCP2tItPSK;2Bpzp1^g*cPPFskYxGdH{-nL{9 zMqpwKo>uuaayn@}wd_|yFNcEy0A}gRd zX-^)}$t6tVbK$3z`epK*v>{Tj6gZXLOAS-i$Dw=`$AB<_R+0bsBT#NgF% z-yqvAqV)9e;yT@`(i@~?o;@40<(!VsTA!ey#RRu?w%g{&^222ar=h@6heE(Ik?y;y z&x_ZQ38!0sTG7(4weYPC5AbGly-n+{7ngrp&(c=o0{+!xzQqIAO={JTs)tio_se&K z)|>NWJYg;BMPewTB8p%1`DLMR)gOIwu9x}Zje39K7n9Q079!v<=5z~QSQ7;JNkWaM zw@MhBZ`06ob_^f5yTc>J;R%u!ez3c{qe-pxYVQF-%3pnNK$))cndp5Op{e{#xnl_h zukBBI*$lF@VA20)RCYcP1hsy~rFPaB*lVU|cFK1xi3S_||9ndQ0U{|dzyAiIaPQc$ zkeY&OnX*05^HC{2nhDz7J+9KkQ1KgU;A7GD5xtSAq_tR!LcC64036Fqp@Zys35BNl zo(ulLyYBE{(_E>^Cl2;$8^f`}xamnFa4o3YOgH!;>~g zRsc81_RS9r_U{)avVYSkqL$+WZoB9C$JJ{8Sy8`2oLN}dpX{+aMVcBkC5%zMfvf>o z7;rx;YiWL6iF+Y>`(DClv?P3>`N*EmD=68+upi&D<+)y%=T9L9)a_d=j(-2>x%inz zEImr3E%cJjbQ~U!t%#!@(|(|e0kFqQ9KMzyj|?x-7@z?NFmh&a9(?#$zKtd>Lox$z zKYdBGk1eT~xE*Jnq9}h)nPejs3g`jxh%@o~F=>23#JyV$M?RrkgqK#ea7i%dU0A4{ zVQhEhpC0EKP(Iynxyjo?^>O8hs-e3xhmQ$3EUdw5m2~v%h_6?>O(N1}GTHsMU-S7< zh^O_dWOD8_uKr-RxLtp~K3GEI&bv0Tiy;P&s-{Q^wbL*da&KBBRQFp$%81967Q?F^gw)Mdn*SHnG(>LGJZdzhKWZFV7d{%LXND#HiRD3fI6X z)5FKC$qHUiB)LY5rI-O^_gJqgxG_H@)_ABt^y>mgj1p9FA)QckM1+Vqp1bD15;L-B z<8i)jy=S)+khgr5aKy>=-~Z-kg-U&di(Bvv?|?LyO!1G({9AW`2MrMt-M(B6#|PqH zL2;r;MYOzls!?L8Ic*yUWqG)I?L@qkWh{5eAlou7=XfPY2bJ<&3U|Zve4>fp3*FvB z)52eh&kwUgzDymN=B?>wspE^206hq;pW5B5J`=Wno;_V**tIC|@H^n!zvP6yYk45-j+9u!|dWTa+Ulmk`agw`2ucp6( zFW6dCb2T2M{K2bP!ZrW~z~O~Mwp9lUGL z4utAM8dzX!)`wTy*`wHZnT1|r4E-9*&$n7H$U-4dl40-a{4kczoNlR7UNpo+-97Oe zaq`b`I(Fwj?-_-jt^#8u1Y1t%YC`&?q{;|No6zxO2pM z!0U|Xi9B9wE3saVxCBmjtT?`GRr#n)%@5YW<-{vvgnm~Z=%l8=#6{huib+V2yG^3D!Z#Hq|}e)e{QJ1pE*DJ zJ5^gPsG$%Tyk@u9^ox( z0wY$%#Gt177^2DT^y+f(rIQ;g_eL)o0FJf5h`DSY z7acn_HiKUv^+H(Y1m0;4eKg{sQ(_nV2(yAn25>Yw_3jrb%l>$UY)*m_k zA9fOWn;t9BzQNo==2gF*@Y7VAqxadKqsUMKs#&|jk>sl|j!L?2-rkm>#^;*f8zfrH zHi+d*bpbvLz6$GzFz33prc}C^2&n-cu2inBR-RKFk&rN?*$rKO2sALwc4o+Nx+_4=T2HE}_O)-Qrw!HoKnFdCoA0}xr?FcE7p zuugjGV00w^f5kWd-djzy{x?ROBf3qoH9=n9$LJI$W*RG)FukkfOHJf5%x)slVb#rx z2G)9+nIB(vI%aO03lYCXoW88fe>6VFGrDC(ohQpyGaw0VywrUyvcV zNCLU7tLtZHx>$`I;NqKx7S1U^L@ok=1L1Ch#fA7U58`KxVL^r6Gn{bM*rTYt_Jl$; zFo~niB;m7s=^)E()Tr1hy4o3JmDswaugOBWraCIvY(u&-UYo)FyN)GbXmC(_a(fe0 zXz?`K@3gZdE6RsHF73x)hyLU1KGo1|2p0?L6_&k0BNU@fhg94yJ(Y9SjalS@WFpSN zu7DuMrW@w#hyL*08TVmSdz!KYYP6WgMflkdBM8b_4muTb3e?w?O5q34L5dBb?cEcr zyjzRE2Hz5uM=~G~_0~m+c=w;~S)dCXuIls}hi;yXm@dHfu%LtHA#j^mZ}**4Qr0>* z9g`c{*W98s&)X=>wg&l~RLp&l6-Iwp+v%Uk!|5OM1BxbY$voOiIlMl9&>s%>;NE5= zNy10^{bUH+OZXeauW87&;fx*2tgsFN<=yhUJd=FW9`do%LUl0|vW8(+^#!2_W8g+f zxsQz{g6=Ma&Yht+GdXn%Q+VlP`~f4i%f(b9YCpD2`a-+bItSPDq{$M|pnzKAjyDga zKM$Gve|R7T2qu*>Ih0`W#Xen(R@RjJ3F52Lv&qaD)hccpJxm@Fi0KZ-gDPA1M3^43 zV)J}Fc1N514tjzn*A&Cs>iZrtmiX29cPg3)8@zRvg-M1Gr!~$JT`lY& zBv2aE{2{Z|_j|PpT=DDNl#jn?S}id#-YF6H3bgWBK5Yz4+ezm&9+Y>{#4E zr7%z!t))hr0_*0=KlY>VG`vRafA1x_nnoinV%CYyG7HF%e>(VTYqzxw_DwwAwBsLn3RHuA`#RL$Up(H>`_gmeP z|1Bg`=4h}-V-)N}6#R+w?A%}HPO?A%fH5Le%F!^ek;Gycj^dK5Bo9?Us8Jp@rla}( zP@b-H1Y}dBlOmy2XNFLXPm@8wk0lGz)0P45wU9Y-f#2c*yb?NQ+;`Xz2x0KPZuBxc zo##1Ec#01&X1@DDh5IQ{$JVU)$Xgi{;b}&)xdf2pUA<471Q&emL3Cw)uSV_*4%QcZ zc8Cxp287_$%w?dErT-OQ{+-hp2xO;(@+%5!NPBtg@Eo_gi)u)lOqCy%c~+*=533x1 zWw*%oL;SKScV~-&&ZOssfW{rGokS}=5nm}}_^N4v`CB9>y`$5IQ0ucX#F$ox9QK3=!sw&W9bgeUkeosMXR_`P$7W1sJ{hhr6c~`|8^q( ze&9p^cafc{lwvs0>Y&w?Xcxs%`Z|4&dCnMxQOkA;T~lROv*IG!3087MERpcyX>JqjWndhv%VV%{4UVqcQBbVv6 z^i0{LcbJ#iBf2hqLG&@(<+@wc7@!lW=ytOfgB;p(5JQ_!J1tFyx9{fRM5t4fs zcvDl;L-8Z^siZq-dqjw`HjP@-LjQ}N!ND}M2;XLfcpMqZ;ldBAIGAD$Rh=!ViBi6O zg9=)5QKG-Oum=~He?8m@<$FKvb!^y$F9}hgg8BE5gF%aJR*R1O$8g@>Zd^cRT0An3 zrG89@czVX9mlM~|t0rr@O}R|Myq5sr)Bv!xst&sd1S+u~wg1?^`rL%o9@anAph?FR>OLdd*u>j4| zGzIxzeSj1-@EL;{c7reqZ0*K(Hnc`$G~~XN9Zg&C7X>G?-yc~*QK0-a(R}%7L0rT5 z6Q&w+xl}^EWY-Z}&$q2y=}9N9PyO^1Vn%9|z{U-Fp~A%dN=77q?PuWev4jVDNs^v4 zEkHbgWTOk%GjY}mJftr#3N#26ZjH#jf`L6`Wx}BBIJ{IPlHm@RY6)uk^l`o}( z0q@>IMR_3BT4oas|LXyO%>*%q$UbUN@2g zHvVX6$n)Gc?)fK?w4WF<3Yc_c#iO#65Nn-GpcpWR!yWR;vF?LX&YT=`3k>s%)OYYO zX^f0C=#Hcgj17ZWZWja}4jx2}N)gA6O`%&8hp{G-mKQahXs#RVxSTW8viPJ*UwCPo zqu^1&N0#AsL~r3$zpqOC<;0`G_)>0MWtqwT5C34N1@YDB`~rYj6#5-ZEv~gs6&vWm zPG15-_6LqQbGC7X(2UeM`+VT~`lzVisl#LA!V}%ZOSCwr>1o#mkL$Mm#Krb~XD&}9 zm(x850Lpmmq-bPD22S+4u|I;K=U|e?r|Pd%TF5bx65+Ltj#}MSp|+z6DTTPEI6tJ* zK0wEG+QB8z82RW(%jX#Xg1ah&eemYnNyHRMAN);OLw{YYqfBe{WxWUnf<&PSN@}6V z{hy--UCj6F2asd`sWpG;5ht2|ocZ|VN&-F&&3%KB8UWUOw7DWF(QOX{5ROMuW{(Gm zutbJXrWBTr-yo`mi6cVu5B6}9Jr`R@Ee^*8M!#oERq`}3LKOWvv&cG&Fphe@Ow5K~ zo$pwLVTT2opr!RVd5}g52I+2)?(S}oZuqX-$2b1J*Ke(RxmdVhxMt=$XP>?IoN=Id_A_CYfrH@X z4dD$!A$9-qjDNNfQU2J|Q~E4?i1v0VfjP@esH}NS4@i2M!Hs{}N^4sXtZ|)3+lPpb z0dB6&V}bFm(oJ!1S=nCorD#TEM(;a{7J2?!R2C3^)Vt}1z&Sp|P*PXho}4!p7<9gB zRMA0RTNgQ^rQ}uCmq%t`oxAtd)4UCG2Z&Q|2T)22Cp7)b+X>M5Y_G!ID&3zx-CvD% zL6K}bV?U*x@*lav=@LS)V%gvDZC?567)+Mc#YHQ3PwcK|IK!$px&j+tSprt1KiCI! zOJrU+j_``6X0W@PuzpAaIzuP1uLfr-DxGH=F}P)Z|I$z*hoqDfOYkMF2p($+I_4v# z+Qi#4+9AlG^LO9h`g8&n7L*|OFB@Re|A$%N&G-d->+Cij6ZzV>uZ-*R*+>f&`f8>h z;5qkySbH(rDDyPUGnC;b7q=E~YJCfU`s|`3#L@*s=9~mfTX<{&%@D&dS`r98Zf*Qng#QyH!C>lEKN8+FpN-xEEd_{hJo=p zh@~1kS3xZloDK%=sTNC_#VE}zzkbU4DU@Xlga-W?nG%?$*vk5)FsR z@*<(M5mJcJnnW-D1KDe4}`j{P&IceIxqRjF4ltiNj% zq4z*FNutRdiv5?}q3-P+pHCL%btiD}up|e?@zd$$l+4xQ3}^k2XBbj=ZWe8tfu6XN z|H#anmMLj@^+}lOlcf^*g|Z7n^{L&|Q@@Z#AVeMUge7bAyZ@iNL43m|5dR+6TaN@2mG{#m(5=C-` zI3#F#e>Cn_j_a}C6G~14(Z$y*+Q%-)i+n+-?Uoc%>h0U4kGfzr7USY+VS2wuF$Rrt zx!tw)w^1Bme8~8$u z*%sBxWHw=KYOiJSuaPK#T6`TX9y$8&Bdx8kOJ+k|XYsW(MkXiQnrt=^dS#oyE6SW7 zqs_jO{l*v;Bqe|8e~Sr+=NI>Lq(9TIcs0wT4Nv+KnH6PojFEPB$ywx&Aq)} zqe^=Ya{T&2Z~xy9^zW}{iO06jJ~8P%4t8^lZQDM|GljWXFaYG90t|hcNAaF%FMIrNd_$pmhG`$xc>=`6F>Ch6JG) z`hXzCdF1c8G6E2;f0c&J5cJ>Pq)^_5kCD|!S3y%1mJ&Tfj2}OmoCJqmcI>VqLG$=4 zOM%hmlo%PC!q5>0_p{a?FI6twHM4SI6^63W|aU~U0G zoQN7Q868n8D-NWBMefJ1ab<4FKYsi`-~CRX?wtuKSa27XA?O2vf)Z^qu!L@Z{YWaH z;)q$JeUAkP539IE^1E&r0hmn$qm~~Dn12g%Sg(NB&h@Ux$i(>t^Jmwx2E)VeBH}_3 zi4Ng2HA(wGM#3$GfI)Y=^jd|;hM_s9L|Rn}twu|xak*p|rEL4jJLG!Y-*CGO6i<~J zCKCRC;wixLidT_EWPo|`^n^-*3Ij%rN$lw|M**Vup(w%_v|(F{)Oeg4_`J);1}XGG z?ST65e!J%?fmPs6@XB<&M1%zB`34D6Y?R&s3q+-EFogWq1#0)GDW3e1h$`@Xb0Rpg zkL-g8eD^;v|4Ro@%%h_F0g(>PgnZL%FbUQ#8snKBya8&ZrAWlDg(YOZNePId!Sdsl~bQ&9;qC8nOTv0g-%NY+|- zfR+P;P>%&m^DcAUX0ZDA8~L9vtO0YlrRCI%U%tuF8aEWj{0$+ec(frMNsZfkOg_CC zCgk=-YV{B3&rf4ANe%j?J}6=6mRU+l!LK_NOZw#P<1LP25hbTmTHik|CeQF0OwxOWHQ(Sb6wvjL)bt#TBwRQ zq+8`R*~jiJYEt(U6#TF(DKb5}2xz|iUteFD;3WuZKL|CM430>l55OC;nK*lar0Pi= zJ_^uMTN45CrhcraSN<iM?dArG;kmEewB!SO>Oc{O*m?T$|-Kd1cd za1v{15>r9;Pa*K%`|Mo=zy-QcTSNS%;0NuQA_YKnGL+0oQlO%MsaVVbKpfGV#-jlg z-1LkD?hP$+Yb=Sat*wa-mbwWip65Jr)U{I~AOYvN))Z0wNe4*M09W+6|Ml;A{GVis zNs5Gn_vIo#EN|v5vjP%G(q&e2oM;4E+AXQiBAk@gwv$7`BlK`(#r_-^$OF``u~FzZ z6p{fDkQ3lG=?dktGJh0uZ*L+1EFvVn`&-)KZ5M!bc5$7!jn~R)9py4W+SIvu@ywdV zC`axnnN$y#EMbQdR1O?upf~CS6mTZJ{$%@KKWzk<6(6Zx9jFzkl?4Ai%qL)&>V|ii ze|uAbVXUoB{{`X7BO<+ju~k2r5l@$@D0IC0Z}4^+3LE|q34p|O9JPXP0g#82to1_PrScy}RU|QKwdCFv z0&3i_mjM$bG$i@Ib^qU8b~8(TxL-AGKJ znE3m&V#%+sUkB>>@t(t|w;+>H(9N+6(IOs9WdH=&_ckq&KL8F4LL7wXgEFKM{<=^O zu+Gl)lLbC4#?s}MTRVB`l6NP4t9!9`#pL@l7WoipxbX!En9y1NTgdg+cSSkP($MTy zGke@g41mIT>%5EJi~KwCc&k9ftkxSU2CO#`k$VD-5?M8E_sYIFKUauepR}{F=J$&+pG(<%DMYpH_NJ-yvMF}YJK!t+00I0Tx!KM65 z)c_QAls>&T(|Ng!AEW^R9`Y+t+B50Qe7t`u&klAMk^(|1F;bvvV~&tiO5Q%aqMWE{ z(gq68%so*OeKnm+ebc|+RQhyaeRdc>BmVVKFv)->+3#uGJcyY~)a3Yxe{;-B!i4V6 zh|4W*N;V@hs1@z>&9+{T9-)A%FK&YIBO2Ksxh23SnE?PQ|9~~|55U6o7XZz={{r4X z!PHuN=MQ)r7(^2)sh_)E$E>zrUW|#2EoI#e3`(en=&2y-ROf)|9c?4ba^V*N{-e2; zD}7)1wVOjO3aKc$Gtob^uQt$siJsahAnEUMRI+_}IZV^@Oa*7<1@d(~AI}kwu-r~* z#Dj3%sGqJU#R{* zi1-@F1$fj?Lf*bA#kX#MDS*SF$B@eAB@%f`4qN+y49DH2EuRIj**Kjnjcai$ zYK9^W6z8WK7ms$m`e&mZgVaHeIAhqqOd3Wa zY)eHN`?2cBWfv^~g^t(79xD~sZ*WWFp23%$LEmT`G<0a66Mnb~|rYsnN znf*61`M+Di+7Ucg%y05vu&vORI#j^QGV_@5SdscG72LcIKmJSS^pa2|+WLd?1)1A5Wm#}U1j}#&eM}N_BT!xbwoU!V>i0LS%iG=q zTi?(i^MaX{SLyrk9RQVIdjT>NWEn%lO)vOa7tjsVK=(ICE)>7&(OxqGyhGjgIqVqw!xdJQvyJU-kwTOGd!ia7FDobW*(gyzKk0hs!dS-puW#JH$EHfa zE42wgzj?||fYd6Vj~0~PhBE*NhTpX)6)L$*76e`A3UYZ<5vJZcXYrSO=ZYd^8I{>^ zb(fAlX>Db(nec-bN;FKfIuGq%zJuZZ1%z-f1z7hRcHKNB@BXr&(n}C?3%VocS7;t* z!MfxnU|7!+@Kdb@b^_dF0BWIWNHU!f#+K^J$O!xB?7Pu^#z;;})W3xReRCoy#Wl0A zb$+c$4+I>;@;Tn$M0jj0v$=~*nSIV56PmRHxL+yA7NXSFC7$xqlzx??%f)N+@X^_e9NAOqLU8R5`H%c?H zE!dDoP3SBrj|$EHipIt06bjYJ7${y?$_N)5uQ623%&u#@5t3120HZqm(5wFmw`&AG!2JMYK#5#vI4ycd%w~6j zvb_VeTL3P536pd*U5zSIq&6B;O~p|#`JkqG>x`RXR~;InR5rfFMzv?Co>l`tnknMT z4p6HiTF$oC)n>tGK<&y(2*ll#)1(D^K>$J3n7H*!CsYk(*WYIT%PIb!-Rsjy)NUEE zD}|d{j^ev4j()XT0~Dc5)vFi5BC~}ueuk20ahQ@B&8&9MC=!WH6YYmzK>YN50@2p? zc3}bsh`|LuJ)hgNof`$p!+Fgo&UVlW5rJ2rvC=APULGw}w%ht?tSxJ} zohxXgIldSJjyizH`hP#vMAjr9!gty#6K!qnE=os4!zGUi`|HGYQt%dT*j#@-LrrB^ zBA#E{K6)>E;dAj_C|VLb{JI>$R~=tlS?-Ui`QEt}`p2DD4HU4M!;lUCH;8F7`=q4c z0eX)=%o{gf@W)5;B6$eEfPg3t#~amQ3`B45Dx`!uQ`F_gRM|EA=P+(9?Zi&~y?phTC=BHy(*Kr7kS3t{W;OL9N_ zRJwXk>+v#p8g)*rR8yQ3i-|rEo9S4pI<|SNDwCQty)_MrPiwjmKp+#`rPZXco*~+J zK+~$mbkYus! z#YtH>TQ|D2ebMaZP=rS*bpbd_rUFA#Hs4^s?=mqLpB!#y&MSLT?DdwfpJ`p~F0S33 z9IyirQVQo-- z90oYj)hoLyf#e7xQ}X3>u|^u#QV=Tj?3d%5_QxVOt95!fqcKF`ET?Np6-!q6)g0Xm zjH?Z6C@=dt4*zR9fAd;!A?=H&9_CTtn+I3PmrtW@Dx9I!m-Y(}7oNlSCGuOtP{%zd zu12UvDRnfvmu1qXG|D>9Rw=7*pCzPjToON(rbq!dzFF5ULR|orF};s>Qxk4OlUrm& z-DY0`y-uTm>Xz?lTc!n}XXakCO9b{*z(Tcg(Z9%!_Gg&-`PJ`0F(i$`>bwO}x_X_N z)4axbRCT_A-nASxpjsAtzd45NYVmB_lv2Gw1O4_R2gf39UlB985MkR)%6C9k1_K`v z*FKGCL!lyri^3=L6m5oIk)6Mpw2Fz$wC5tVGP|jJ*b>QSbL@3lG?mOBNy!!{o>6lz zZSgA}3*H`3RVPIMCzB$;ntQx3zTWoB4}g}yW&j(2|E&J=cfH^A9t<9#shJupCcIr@ zUD0H}u@uTM4KUs}5<9;{v}0;EGPwGP+smLO&=p0SFP_Pm42A{;i+_bbM6}&5?77HEx}OcNxQ9Gl9umeR#YuVs zw-(au8k42ktkfn=;wIP1#6?Qr0IkV^Ch+fjf_5EJ28Pp52ojh~VFcp%%^C6EHiMW% zZ)S)&g(>z*(^^bsZu2ZU__U~-Y0V?+JweXY(ab8}rdQBUyFLFuvWXU}U zk$>bAkK7Fn`Y025`MjfWU%1?07hkqg&*$c~Bz2^g=#f3(=atcNbGCaqFsB1La|Pr` zwpR`rt62$_HkT@B7yN_*V!TgW@mi;vnmY}Xb2SfUI1GCN6Tze%Pwwa2bx@Uh=Z9Jz zv_uq%*Dp50sineI$wIYIE(bx^Kw&J&y4h^OmcL0RWv023Nq3bM|8PYtHR|T&Y9k*1 zStxw`zHT);yYD6Tfb)?T)wNbkX!!moaL^3M!hlb%DNVD%hT|AD8Fs5P8O|`2P}IRx zKGJ9t>vwW$AA#kSuanOES1$k`on6eIu>o}_$8YzJTnxtMRi`N@+tV~Oz~N63VBryE zhM0*tV{m4QNg$n5J{bjV;E~Na_!LHweC=F}k~{k|iJPX-?4-p=l(4p0XzR(Q$!JvT`$-+#_5fB`OPAe-c8Q5@orAnS zgh23UKtm_@MLBF8i+hCNH$PctWf&Kj3r8ai{MDr;^&<7kuhSgU4J~`{n56m!VnQGz z#QZJZww=DYZmqUryw9gI0B zXmqC!kp7G#i;8x-V)eJbG1fK&`8x$OFYb= zQ&}D2fKobVvIJr8X=#$F{uCar2Q2;NeDQRDIf6UeYxE1Mn$J%^U-38lv%Uo83(9FU z_*y77qW)4ze6yBV_e8sXD`Z+&?_%AuJj`&oD4xN?kQV&W1%)-r@=n{gm}2$r*nLJ zh1maQht@6H^I?-t<&BKB^g9c61}(XuA3BSY_wJ)k!RKk6JlAB4=U;tQ?ZWEU7bz$% zH!5IbQgcJaKH3c^L%yZuu)0gGe(|<_ELG*?MHPCpGwE8{(~@sRo&H*FiKMspV0)k9 zq-At(YTme|29?hLf`6*|tgBG8=R7J)XE_f4vWpHnN5D>#bw=bEXS(2G^EePwN-Tyv zb5OCF@!`htIM3?(`OD+{cC~uFrm=7Z8iX_N=`P?NCBHLys;p$Q_d0;}z*ZwnSjexm zRdr`O?Jx}Mq1{fK%1Cqh@bq|R7|&-kqA{jLm&T|Sz(>a|6;WpvO9w8-BlL)H!f21T zjNJ6NCEH?Zpvq|%yfJ?{yROG%G;iuVy3jS8ymNRUykhCuxAT!abXUf6lPcV9k>~cy zz2)X9LW8ySF>q1wK-CcU^Lg^AL{XO_P7uEi0ScbJtcx4nR_I0TbV_KC#`@{qW6rj( zM3C0+ld=^o;IJx*_N+v4oXg9FHo_2h^W(iqsQIHJXJrdK6Y6Jb$zGGgDwUDX&$~I` zMhUkPTt)*hlvZ0e)mij^Ah;ul=5K0xk0pKSH`qOcX=?+x5=FWmP+xv|FOjrcGEBiC zJa^DeYb?gN&M_>xwN)I%>6>dZ9F93_$~&q_nU9P z#bGPEu8h-?b&*zGTr2s5Q#b|&fodn*H#sCQlb`bh3 zT-scjB)(iTzpGCYi;3a32Qv_T)K-To%ZqVdleMNVm5*^cZaY0-%Q6wHM1_6 z{Yr2LzUTTl5)$Lv+pH_ELqw-G#-J8ETv?>)@OInBC#>yfoHwg z{gSE*ouhvGNhNv*|IE_Tzv*ngCs1{crB>CY!ywJ&hp&7!Yk8z=NnVab%Z<3nVBAfh zqSs@elxJrgN>zNbj=T#|`NQ(twlM%GQjbQ3&kxJ+J^iFQBi`GX#(fX}+NG6*0F%i| zky0|X<|i+onR!`n4CeWHNyfHWCWaZ0kU1%%(}J_atde#-aM3hAp zie+Uyf~(Wcp#1RObz$#X46?!trxfH!Y>V=Yvw?SnWl=@kwRdUKQ0Yg^aQxTK=z7g5}fx(bnfQ zN6%|!pm^k;#Aw#ZXfBZc6pSHB_2u=-91UYzTs01DaFhGreRr$w#^*HPTl>ob(2Q1JaXzp@DqDw{AfN;Fp)Lzece(pX*TQpKA;`{M5 zr1pGK4UgAvOWVpFy_!Zd4tFGQP}H{Ujh83ZmNH5D5Y^dn&}_XCe%BSy$`Z+x<2g@R$o1~$;;M< z;K;VnI?!kdkTW#z=SiCb9#y}%R8DFNmewZE#Hgx^l9v#aVRRiGigte1&3Yu?GZWvlx6`sUB6?H_wE{ zUJ|m2{Gio__uYjK&3Ut|nPce@Fkym>$}fg9-Dbp>=^&Zb$5%1m*KC=ueeoeI@TsE8 z`Uu)FKZjI3Kx2-{#5sM3S%>gcD17;XMOCUkcA>(Zw#IqQ(>HH!d*I%{F84yue+RO3 ztEXhN^*)`?h2Zq-?1%APj!&Yev6L~46r&2t76&9nl5Wl(iO1eOGN#J2-C*Rkp;}7XcMee0Ldl2$cbn$6@7Fd8 z9$beIr>+8k^92B$=ZB+xi^+}LcUW9E_Ch8yAKQK$%^ddZHi_QEDzZ6V_0ooJb(RT2 zUAjsRYzRn&$1(^VZLKz&zG|ub<#0f^FS#qnDbcy4O-PjTFKBjPs*``Al5@PbLqa zFM|UTMt+eo?jhVSqIXYu3fygHKh!>!j;?3FP|y-sTvYHmc;?w<7z<$-r8wyf1#NzH zadl0wF9Zxsq>#H&)3}9Ka$GrKu&T*&;-(0GAcm?P9Q=s#K=#1GRY+M$oWs?7CXG!{ zgrDM!-|v8_RgvTXNx>(}{pqK~qoqzi5=IB;j8I51rtx!7o3VevMgO)Pe?#U{fnJC7 zP?7CbVv)xOU7WTmPw1Hedj{^r_Yo)vCv>UeH(B2jdOX*3^4!w35ymXx z7c8!~uiNEIjTv1KE;XA;)3o8Sl2ZsdGlazw^T4D79gDzuF5Zfi_He%`87Q;e>I|tb z#u&;tP@oiU2dOZB5!GL#r2y@1&;(328&;lj{qYV3z2Lw<|(PD^TMbLzequF?jzn?%W*k;Ma?ZI+Qv zR;4ju_oV;cJrS>q55G3v9FJ?jv6t6WOyzC+R;!ZZIrAlrMx?Qe$=%uC9Wa}g$kM;r zyTFS@_km!$hU=@26l)S9$buto{W&C1yfqJGScgKwh7Adsc0QE6UoEy*{{2d;%(1QrDJSElj9l*=j}~RAb+kiv zBWZTELu&6^$HL|gL}<;&d*fW2+UCg`N}|%u7SD+?wL?EBh9?m(`Kv0!PP9&cmi^Sn zy*^4y^>eG!GUxurRWWT_x^IN_v@-#fM@x||MI<|KC}t@u(KYh!W+>UpA|F1!e5?~Y zI!Ggm547?b6)-tF`aoOaFZUEXlux8z?fYOLznH8>UAp%iOfglXDPY*pf(tx;`rKD{ zBiMZ0M1b^V#nSHqp{ZzHRAr=S+@r>1VUMr-5cW61 z1$(vo4qzj8>%-r0g(P<>j7Qa|A*vGt2k6KY&_ckze}#p(eV9Bl*@UB3&Xt91IsXbD z5a1`uXILyxU0yzT25@6U;(=Poe2v>5U4^~i;1IqWiS*ej;X{$Z{~S9=cB%t9hcq52 zP$@AfBkb5U|0<8(>{ReobtaJOdn2dsj}Vwqab`DNOBVKrm+7VgrB`ByFp zz3}6}KiRF+t-cWRkmARq!Y>cw%*Kb;u%b^hf5b`%!p>WA%VWxAb`m>9)_YtL!lNxgDcS?fwgph(F%pIK_yFjo)Z>t4(6+_;$yoV?ZOxOXtye{*$;N5;E* zp_IO_4V`yB4fnpBSwWM2hJx;vlkS5QZvJD+;epK%UaIl3*o=EPF-fOMqjV11`{sHs zo!gAB!HEtlvQV|o1c}UJ#N_Vj70;VSU)7ZvMijA5Js%r5)z}UF0t!0^D!Eplw56ME zo?OvzP)bI^2Z_7H8=&X-ROCJ^b#T7iu1Gfr}r0 zpXJ>W@}{BL_{jLJa|5Tv=AID8%eYOStHUxw^zL?I&D6ofbopVw0dBg0PnZ>QJG=S& zO>|oF=UrLL@f()%iM%Q@h7@t<&*F#+iQVd?MKPT&Fx4i_Qqa<* zYuf~R!}(6O5k9J&hm~=6z&DsSAV*_zkT9^RcqCQtboeR1l8@;;F`Rq*i7sRB8;x-5 z$_?t(!HNLm+^@;bA7APYHA5_kB0pq!4%Ph6N6eTnZg0a~TpGn@Eg$Sod$qvEGJ;=rnVtDmghaz~U3QJ~a=~+qF*G1&u6_S^* z4a8q&!&qs-U7hDiM-qO}%+%!GiXLV6X?*LVI_MX3!uhhJ2^)UV& ziWSu+gKpi*UaD|3USXqPR54R!>B{3|Km0m7l@D*uU35GKO8hRbR?Q|zWtec~aaip)OXWx15f75VEzF><`n8q(8AI|fYd|3`pEV5`QQl|7TavimN zJUp^ZSJ$FTTTGr{vBuT+UX>VYn>&0f{5laXljcxJLRw6^ouaSpfF7%X-@9{N^>j7mp(?pgGoS2||uJ z-k`JNh_-PSo+G6p8s+-;N$jRzF3xCWtKtIrj!D`#l46Du3ZWx|gV8`^6rm12pI~=6 z)aK}#cadt4djkiK&xaF@Hz>N1(lmgXQpPATWrr|lCeXdEhV7yvPfG02_Lq7M_~xmX zBWsHv{!VG7Gy@m3589bb+$nxVs zeTZAuY?Vf!9y4}y;4f)cfa253M?9a`jVU#&?pAJXJaW;o=_$(zZOD;}uM4PV9BE?R z?QR3Q1pO?}W6HRxx_tDOi6TwASJeW}K4r8^%kkkr@V?^#SMr-!^R`~>7WE|?P|OfM zjf&d%ijMV)-)HTVNONOublI0P?9p+c+(T?+I~bp4xa;l=IuA;!`^x_vCCy>zDIKV*f)q-OC1Rf}|5+tO=m{0(0h4Q23t z?m?itv{|#1%kdc!h;udKoMrj+R&Jrz0sBqbAiVMU987b4(e}fAA{hsHBVDjrj=@z_ zWFjV$215q1I8ZfGbm~ww-XH#AxVHybOHPfir?9mZy0dPNcnWHpdjsoS5#CEh#B@sT zD}EfGYbq4{CE+&hx-AP0X*@sA`gJ@sgv6U{H_|YfOdLcjaecNk=4#|7ZNQ%7ER4L{EQc1ieaV(li0tWT#uxEf551s0Vk3nqhO2#! z>cf;uV4a%!H4gN(tCzgSakY+mq>0ax1# zWb9c9=0}<;4#l_o7*$rz^I|k?nShPBSEvy!af}Dq;~bt0B=aJ8Ld!6I@4Z~ z27!e})i>6>FiGb+$NXKb2~zm&WsDo!OoX9O!BJz*09uWP4=U^h$&r2MKyn-p^`k;u zQY`GNIDXQYI*G(E?9r62%al|DRwew;s*H?|7=1a)aN@aN(l#!^GAc&3(+4Q=AqvZC z>ZZsfdiM~jJ#@G?~_uepRR7tQGX2a^QUnNYUj|XwF{Z9uuF+D&ho08gNHdTce$>=FEXQT?99)yc;V_Kd#uosoZ;gPeSwAAh&b_eE zz8p$ZE>qz@4Ii61!j*lPq}B-}P6W<52=x&PF-mF=3wkqx5Y%8hMLBwE8_!Qydxm|ad=kxT7@v79r)iExI_Kj@$kV@8F zGlOD&hPxQ{&&8Tcm-kj(OPfb8;4{f;qf_S|X>Njce7<@@=xChkE6`Nd(>Do^&1`)v zdK)>n&^uH8<>sn_P#PGkg?Y_o>P?w*l}TDn?q#ey8VMH^M{Jd1(K2#|6Z3YMq$2>; zOX`3ox|iD2nz5x;hh9HFU~{a-VO-wJ=!>~-I$Q7|)`;}tA^j+?4v>|dHCjCBW>T_b z-UG#tdXjg%w0cDiB=or>#JV#Ur=eJmX^$=7^N=W#u4SqepozhZlm3DaN<`Mw;Qmx0 z;mn?)Gm@}-F<7c`SO-M$=p09V2nS(=1g7*oF`gMBB*SSe<{lBO75X&;==)j9%1=Xq z@F_b*_mRjtP{(Kd&TZ?_d+R$lAp(o{m(o?evWWr7ERiR#uga{SyHb}aIOnP>(cp>i zI|UYQ0M0D>m)SsP6aFl1V)oql(57;OXR*EJGhvfyJvOe;)!|GQJh9=R8=;qE$(-}< zlhmHu_|8$`=AO?7#4Cj%?6%gZAZUXg-Gk4=Nm$*T-<3}9xAe|)?9B(wwhj+J<7ulM zmwlaV(IOC&;u=o_n0Mo1LGw4hKInY@G^dfoSY?Kosxx2up1Ei!Hh_7g^nl75)yg3? z`(!#(_dXik0O;3Uo~y15n?R*IDqk)e1XQ1Ktd8C!12HNgIm_3aeI$L7rnGS9%{Wt~ zrRixjfWji4*mNY}vDo-}1^Kr92@$c^4k)nq?_1e*a>@#(PvhvnJDKiZ2(S1z^bKWd z!gm>^C~|c0@m&rQJ_EY@_cCV>6F#zonrE$rS4$ruHQM5K!JL$l^x8*b4<>T;EB%gFHFh*OIGM45a?< z8^EEG%Yi+gd!DJSU2Anth&dLPrb?Ybh=yOpyJT9PRHGkRcb3oC4ZfY|%j;7tXKp;r z^~-gaOGaqU&K63Sg>KP`;3LJNO&VX& zcpMFq>!x!-=9^^{r~__l7lOh?dKL@nwT4D~Jsa++?Wz4jy#SFJ3>B4| zCB^d_aH^xBNV?XB8*G_b?8^;!`9gj+hg$C8GR!*I?fUzbwbT0j&4A=%9GTS$bm$%B z3AWDW;l#IkR3&U0NVG3=aDxfISmzP-_{y+U<~c2vVDyIH{q}-|qLA;Oh~QOlDAb!s z4vgfG-!#{22~weN2Jtc|zM+2euQL>KFswU@VseK5A07F4^Sh;+q9+h7yT!N)vy`j- z=P-RJ^!!myhggJIxqH7M`yvzp?{g&D-16GD$WTCPW}yi8Z*0uZ4+xyhw6|drp(Z%j ztzhef-#YK1vFo#v)KXW(}=xO+!P`CbOXW#y%hNFc3+G{t7ck1d}vmJ-Q}Ma8V=Q?-|sPR(@tiY0U? zaB`;o6%2&4t87Bu+vS1&yxSp!CISYIPl)I??8-r}{xg+;Q4fwZrZU)@fwUJmW0?gU z-l;6Ikf+51Z)SAaew-zz{MecE#@Wa6IBI?haFzL<1Mppc1e}cy#zL8UmilGO{Oas3 zJj}HicKO|$#8j|Lc~nG%i70~RcYvf$)5UCT*qptxIN)ePb#2sx_T5NX6{xrR_@TC0 zFzj$PcQC!>_>F0N*qOE=U?XGaO+=9Wq?KrAHr?n>{NKcVsXRZDvGl3(G42GR2V z_@}9wi%lrGnrl1z<6a5XYSR|JrpKW~(xvfzZWeQcv!zLV!~u;q?9cE@WsE=RLJ{;3 zwmeksIiu><&HLP1AAG7yz7SX}cjgp28ZXLLEyWWj)NzFX@ST3QJKaGM>13{=lNj=g zws#wFug{)X%kf=p`y3EpjuLn)q+!0?$K(JF9UBwV4Esn(MQl0-Fz7g(>99{3*?;(sxu}FpGcT0jAl1*!k4cO5A}?Xk+8H=sW6W}JxQcJ zbiHNDwBm79TVNYfgjMYf4$)k08Y{Cfqi9=RE@{{HgQ4Rrc1mk%z~%Nom@X61@~Zc{ zzuFT7x)-Zzh`H2!$vBxMi^!Cq!j#r8v>vvNfO*-~@~99Xhb3S>C@QJ8wqw>E3%MMh zVa{Pzvg<2n`|kd6emGE7wZ@q@SS4d5KHtJ6Of#J`=>r@*4$TT4iQe7PemC`WX9%rn z<@JhOU4CrsG?(syat(D<_0EXiw5i;2QlZgJzVYFKK$0lGCXC*!4hKt{PR7=njk7bk z2aefQKJ%yWzKX-+n(kMjHPq2l=@K+2jhu21ObsdiJ@GSm)eE>h?irUQYj=fyubCqV zCL%DJx##yrjLo=(IJoaqWG5%kmw%vW5A0=jbG&SS)alkXnQi5ah~PoBG@3(9E0o0o zmQ@Y3teFla%$B9Lz31SsB|K&lUX}})KP@}`S`~`GMF`^I!C$On_&GbUb}INBE;D%M zHM&;?7>Trm@r+}m)9LmScs5njQA=HWn5{}Hu?FQvg+d}u*llqI7|2#wD-Eu6@7GGF znUo)|3uP;tE7!%^0&Z8 zLZGX&0lZU#(xlw6>v@TB(64LK+HUVZCjq=EAk42)GygeSuuk03dW1CGbC zk@IUAj|6=BoL|lRwyPl&rd6|2T_w5{*S^#Uwyop{{<+pVwo6u$`rL#j>2RPbITpa& zfb3voXea{TxUNGK^)W}jUdP*7gR9i(n$P2C%cRgtGiP!*8*r=Mr%tF|ZMp1(YiTMS zvVNlVNjqZTy%kn^&a8A@Kb*Rb45%(L-kCqZVL06+&bZv)gWs?_5W*w;Y<4DLhtv}T zP%$~IdF`(~@X{&m`yx!oc+%o<;-8W`; zT8~0g^G1gmk`+_YGf%6%$HO*jtGFmN&@SGU(HTWO_Vp$~7Dl4&vh3}i2uonyuan9M zWbRHT9f%E@ke6hgSfW=1UdRXHUtPn+)sL$rm%PsJB?>1Kmb&w>%nZ_v?fU!M_Jws* zY9#g#>%yqTHceS_1c~xg9uBEC{;?#tTfzp0B>--haOY)(7U!W9qgbG=qr$E9ygKNZ z@FykB1P-VemUOVDAM1YR8}YH79I!5tGxF=pdw4@hS~GB``de!&k3Zyx@Y^aqC56&4 zMZaELrp@ES~(cdD4$hZ=j$d zy>jGDT*)~Hiu#v-3TN|d>JetCJOP3(>Av_tl^)t>cDE$S{7iUiM|+}a<^v}%s_>=)F1U-Gd_I59!6PbYg2OcZgajU4fPAF($W__n+^m>^rrFCV6dvCJ&8Agy|PztET4L*8I`6M|A`SRZ3# z0ce1I$PBWxIJHwAcF z?n&XGUx8!?&aN+?OgWuv7S_lIs}1qm_-rNhd^Rn0=9i3xgtgzl27-j~z*H(p*|wUg z*AcH~Ra`(u#q<^Y{kQ+;pKo6>WO|s`$`tVnW7W?!Q9FtfB+0q;9x(bpUf9?d$*2`2 z5fHzJK;i`^Aef35EW2KJo7(GUlfCClh+Zx}gAIc*1n9YbKiof0C=7uzj3m(~Urf=L zd`H#!|8e)0aZz<`->{M*5=u!(NH@|A3P?$pG)i~JFodXp2}nwVbayj^qI7r7h;$6i z05in9!Sg(?^HT5oeZD+j9zXaSX7*lt?PDE%{ExMgN#RgBJ}-wd-(ZholZKI~H=zv@ zNie^Mb+c#aw@7CPPV`b%CK}vqwdm?K- z@&v%4A=t*PJFpkDEsf-;G-u#EB|N6A3oMz=#ZZwq{Y&5oTP4PX!nKV^{JARk^YC+MH zeBT5SAzuLpHd~z6i@5P)my7%I5wN%&HmtY*`&BRA{91`LCSQcsml6KDdXRlxtt;*@ z-(5)?lBuXfdYXh3GE>XK7`}A@pdrIhv3Fr4Ek^DBPdUSo+7Dy>l`Sq*OWU;-zuTNc z`5kziQ%Yy)XvZF>fV6aQ>zr0wT6dz>bvwu?$GbW`DHNKQ9A%mDt)Xu<%iJzr8rTI2 z;B9U~-9J$9G0{M0Rd}J14i=SbbXy|N7iP*a1+M^;*9mogTTUSBUQPRnTrX z`7a|%x2(|^|B|!ktkPHLKPE&6|3=AcvboaF;~zKZ#N_jq>VWesmhuMXQV|JH(tzaT z_7Nc4jSar>78W$6OdFfSm02SK65Q8JF!B{7FIXn%$2GzhmM~J#AEwJfI*@X^x7S5e zs76$2Ek`%ndz>q(3Ux>_`AG+L_*mwlf7A!A(J0M@rC9k+{p>@z_n8*MsV`E<+P?io?SFH>w8!<8q}vpYwdIo^+$>`3cA*K2+16hlihSG>}Cac2c1vD`zr?4-nF@`G@FYT zS_3Sa>?~u(=bsP%FM{pkEYJ)|KP)a3D^**9PjQKwek&8OQ-1L#CNmPpibunH-&o7; z-Gx>$00bpBnDx>w{6dWu&a|L+8ztna=Eab&^~X+l&KdxO{32Xt&+e{a$kM8w+xdZ|!v3t=DW z;086(-P~)e)=6%WZMIn_nMKoH9b#L748vA^u@?{-A+4MOt_Fpv8i}F)n`c7K(@io^ zLHLpX64hk6V`9=kR+N$d@zfT)`6>ap16yF9A#J~; zsJ7jB{*%%9;?R^xKDAY=V;h2qnr|wRu(OY>%SoxDmR^kc00EP z#%{1AqtTWZd)^d0Ng=2lJ}mtni=Is!HL0nHEN5RUYc|I`ouE-~l zmc4PXZjrI|TAc#vN!6pZu{=f+;JBIrt85N~a-*jBqiP0bW_{2x%_WylkO|K;-$P6* z;{L%eNW(F5=_7ZuEpfM4uZHjL=GH8Ho8F3|hLprkZ-Pg}pQ(9cv+oBr;B{joAyZSWUo( z{(~uO&dtcAM)8d&S}^M#-%kSjvFsl+;st0w$vmoytkyW^+62Y=ZGU6m9TYo{s!&~L zn(j@a2RL)3>l^c>Sc(wRKGVSG;#K+0_XzraJu^!u671ZdZvqB=oEg}n40ECjoxEC#9X2WQE5}qDQByy6*LyKUYtF=ut^9SF-41 z2|`j%{W&7D+LIqCR!;Bv*U8dx4QoZQNDpsFk;OZLvzF3{Ck;xcluoV5%2IF<3` zp{I@Y0dby%Z?;XzEfk>^f)^6!iMFrICEU(tx=bjtUKyow2X}#c8280xe5@XTar;63 ziIKg*?{5D6TLbY-nwpVCb>v~TFx|@b`%X?xjp9g^`29(X<0oAnBKazF?#d&4Ux005 zA)*3u%%i#HlEy^7>we@_b|Vp<>q52VbyD_YxlXYJ{oWd*Ju&I6M0bk2Os4|BKdV}g zznP&@I-h!|@9ySS2&Fs=bDwImhDqAH!wn2VzbJxrwS}(UNH&y-8j}O-kMPRq)JRf|!lvOrah=fl5$EUp|Phh$e8!xCQ%gZZN?%?;UrMKQu5%Z?T zw|UIYlvZYcNNs;F;@maf1{zp+MsCLz!P{|Z_y}jw&R@=CG~5}X{@pKN;k%l=KKK4m zG8#QTo_aZn*D)l%na-4Aq{LiQ`-CWMyMy>;jA<{(XiuRhp+Ox#UW9&aw8&AZ*eqGE zKgoQl-zCdRg+hN?uUMa1zRHR9&J?xnDV%3dX(X?x9Wy0C(8$XFVPz5L5R&nR{sdGa^v9>T5=+qc>2#-8*5jc8X zP=*^GM<9hVn5uDN6tLHg16iGg#uSVz`WZDEc|GY5^tC#1w;70i*vw}lnD{IR5%Tfm z3$gv(jkn;0Iv(IuiHmHLon8J3&~Z67pe$rO+`dN6>-58#*J;SQ+`pX*P=`eE&P%ID z=3_>6`=9p~nx>r**J|J0KCRX+F*(?}pMRF;)hrp8aLm;gSw`c>QPPYGa+qz>V$&;T zfSnu_hcQD@<;@M00xe}}xQ(`mW!0@7lv%-%&FGTpxEm*0TCqP}mHU9J z!eJyg^{dBl1Qz)^_T2s~ z6l0u6D?3({>}B>BcMYn5kEU~5Al4ra$Nb^=$;8gjuR>SbxRMuvEuw0C^)nOZ5}X`0@1k`!M&S1X1OH|7gB;EHibj*28z8X$;Ej+PwqeqQo1u2qo|B z&z{Bc?qrXr8)fj8lR){S?(?gmo3U~7P4qN@JMUxER5mI7Dg>Bc6%_k(tul(Xe~X4$ z1L=^%F4ozwD1Q{9TaBsohiG^~+?$Mkn5uyZ=J9k7hT_j~YEixg1xt^tp3w;lm^%OQ z$ot_rpF+&O16Am6KHRmJ8fh&U?Dz>FmffC(S-@PxBsUx?%}xnqX@1onX1^lVJ0 z%{YjsGAE=@?L$K3)6vJvZ#p_V1!Op~^zY-(=0-i+l8UfpnpZ9N)u~PJYH=8DQHbfX z9m@_)4bYH0TN68W`@F81rtEQTfEWr&+2273!+cWy7Ydv-4pFLh1moXWS z6~kCSpyR7FH2Lq4G$EpWR_w!=)jDsphfZr%H3v`HDRF+$3_8iD5U%C2jqOq9H zc9fr}_O=K@W)fm;s?f!)l1?G3Z;Qr;6gtkyr$vsX zf0<1zV$T;_dw)V09(FSm=Ueh~=3=CP(?m-`&iw0TlPWZ-IxEecZ+L6n19UaD<=d|> z*-<(jO>{rA2VOuwN)YZ|hrC`5L}GS8dmg5-$+z z-+KX^-pqrinOr)lXPA%D#4}|S>d*+z>(;Ba{XsDvL$cI_UVYLl9#w zy?D3qJafV>FPFo8Df(8KexTau)pR0oNO@QP$Ljf^l2MF1Ro6nX(#VYr{;9`&4NGW_d#Puk@jML zWm*1vl9!Vhqz4jSzQsC^?LwUt%}=!+2(_4xs7sWmJ>5mu}3;RIAae!uc3 zTRY(LU_W#)g?+T0jgvZID}e|p?(X4c8jgp#ojVFC(YkxI-ME5x|Gy{2LWVY3FwB@G z7v(kxG`{~FNds-ag+=Mr=@YUe_p_(u5?-H38V9-_B?_pGId)tFLvnwkTkEZk{+>vk zb6<5`d_U<}Q;Em;#mnc1zSBTTi#~LBw^69#XKCgOknDJR^yAxu;c5pM9rrumY4Zsd zIOsz{!Y$n147^|8?J*iSAc0GtecYg1#L&B=*f~({8#>CDhx#fzUk7u{Uq#u5l%=Edpioi*Z-%;V z+Pe#xV;UoKd>mQl6YM}O(FX~?%y9)xkecDYn`mm%n61~?@?&8i&jeSdt8_07H9I?p zJC-#@nyS+p);Pw!Ppnq(@~Y;~HC0RCFXYC-@$)o4u1DEVwxnzw5Q-DP-Ml4O6yDjMaqqIBhy|TyhDZIo0l)@6|u_ zFK9~KZCFW_0D6@5L!bc}ARiiM7*$la*7-+9=deVEiX|={_rL{kfU+_C`s zw@zJK6(|MZY=i9G^Q5q6cAWK_+&o`*=jm1f;W^aiaA(k0ip!w<5tF~9zMzFe_48Ny z`jfhe#f_D5Gk(UV-l)gYw8UtGNC-|arsZFuy7V#W1plr?r$K!eHr;%d5Mvg|oJsuf z!xMCXwFwO`7-Ze|o2)$$)^bmwKBxScpI?C9A6M>O8{J4WcLI%XO1O2;5_CRqjzu~q zV)5^{u1OFOM4dOC6~FU4!?B&JO_x6#wIA*sFvJ$GcAPF7HcyUOA@uQTvjKrW%ZJ7E z_Vz|`HyvwOortJ?3-i05z<*tp(A*K}J88F+%4$1R;hox^KIkPyE$X2_?T3^*-Y?h^ zUxK*`00zr1dwqN>WEyqML`U&1Fsp5RmBfmd&l4 zu0HMn7jg5}))%_{@90hZAN&|*6J2^je;JYN;~q8D-#K;sgsH)iwr4CZ@xycQn0q4+ zW(iqX@sghs`Z}|V&&M&~`C^lm-v_`6RIO4j3f9`5vY`|jiT9nY!-ydXo2 zt)L&QJ3-{Di89M8qJ55uh-!}(x}ER5AYfHoWi!=Dx}A;uJ%UqNf~uokYC4eX46F z_^l1Wm=Aj7p4aP)e{Wpq)sVUjc$ZIzPOB8ObFM+~w*BIEYM zHF;ri(7F3aF%`U#au1xca&lu%RdhdG!gFIlwKDXBM3uwfNE5}qZqbv`YIxI^A|TXb zWA=hO;MscYzHXO$77!(#k zw3e!g!y|MzgPQqduQI%#h-(*b zz;K25@7RCQAWf;JxZD{@)hQLhiZfc!mEP#r39ErQYSICHDC{}<>!1dNg28wOW0@-F zVZdK$I(Z;M+A!+Qb?hYN3pn4Shat$F&&DW`O2f1&N>rV~;NHNOr;_f~<|H&t%U*}* z_PuFQp3VFFGH!~^L7R%P1&OrssZcTnm@>Bq#~0fSe4#40UV}lL)KKH#j4+Q zp+c%ibA?HK?AcRbV?X~seO<~o;P9Azd*&4jON&aU^_~yTjIWPM+`jR4$izDAFH;b-OQ*h=X`a=^ zY(De8*QoJ6jezIryghZnVfubd>twc^Yfd^>fFHun^YSa8M_5b>n_xqG2HNn1TGvXGx)GD9- z(9UzTe(czGPsxW)O`A&gAE{BGjqbCxbjNKcy~RqUp(aQB<3r;YvNV$G5W%$~*WKr@8I*8$fei~rEQbgd}t#iqY3ub}fzUO5&y z_lkQ))oCMjPG{N~uv1xdHeT`PlUcB8Gkeg9NqyI-$ou`n9U$=~3)xT%te_MsTy7)L;`q3#x$Iqn#K$)b)E-gP}C4w)+#W0X&&UxUr*wVBDEM80_$NF$Qm`$SB8S z$hBS6vAWt5?ort&v?kY#O7?2BUg{Y59_c-Vjnc~QjgYeHtwN)hPz4%=qt38 zfZ%-;Bt&{h9QjO##$}zyL{;&H`rBBJnzL{5w7t1xDV4sK!i#toiCD6#Qpd7`X;Biu zX^GsQ0-=gDub^&UMxlxHPiI%_S0$dPse<0PhhxqoIe27TMEvC|QxI36-&9gylS4Bw zoks)=@JZhJevlWwKEw%9=`{HO%LFz)Roq&Dq6vK1IO~yv&!;z|ZBSx13Pyz`mv`+$ z-IS)-W$y5coO(r9;}yG$&VtVZ^w5qWBW|JLep)7hhv=y(!Nu-YiHh9|y2 z#TUW$5|;s+8a|CV);q!C-dF^-_|yhjf0jq6jFn3^Hmxm*0be%~ z4A8dY)yy&*Ry!U-bqWu_&XlxM^Gp$$1og_i#JaSWq3mjDhmUKE!|S6FXJb$LQjmwn zVP9%(!|C9`X|_kXLVyz!hY;1PtkHGVmF(UxgVxdEjDW?U+tF?f+UWnkv z9bw$N@H#V~#{(G~M@PbS-UA1k6}|%D@Uo^)&Ob!6-sG{WCd$;S&}c(Yt;|`H?XxwA zxZ2w5x*{b_f@2b<@@bg%19KXobdhKhP5j4D3Ms`(veyz2B=YfOd6iG=wPc$4tPjqU zZ&?v;czeb^Z9OkEwTIG6F0gDGlS);AvmrO?oCYM^AmmDUrOiWFj%Y=h?Gn0UptguWSl!<+@X*G>8ZsoSed_=y-$Ad z+qerC&p2^5RaEzMh@>EEZ!i=bu|jB?3c{PujIWxlF$#>Sz@z zAF6=+;UeCV~?6+ zLz}UTrBEF4Tb3*rNVG|3b&!=xlkt7nZVsJU5PFsFyyQGt{UxK3sDX+;E(P|*+z_Pi zn$Ti6y?Of0l}Fr!kH97z?&D+f#=fMnCxLcc%%${6#`4iwaPs)swo!X|>i)41HBq?Q z>AYGyP8YYxxdW(6{G&$}&_SRAr4kyfT02V;o$r5!b~~t28Fy5K(ZqjAqg!`c!e?cE z_e-?x=3X7?m~)Q{HqU-gwPa&WPIR;d`A({Qrp{Zdv87nfgf0z7gU&^v8MevE^ZndG zdogo_-ykBE0b=yDT=cw@|KRdz%)@Bv5Wr_C}mlT@HRsZ&x)rasw%soojb zG7#IgbZe_U6iP>ixML55jo%B;W43glx^l)*QcG}yMCfTv3>Hj=ga(^ zmR!3fY*z|uc49}Ds;_6{mkW|*--iztsrM^8#zenc?Pw&qa01CZ*6`gM!T>vaH?d5|Nw}IN|Mn0@O?L9XT zuzyU1Ut=>hk*u;@v8_5)v2c}7u|@)~>DV{C)7}^b)PYB;Ru1_Fylk%me#004RNH4O z&nx;}IJ~D3$(wLh#{mt9e8J0g$AhZYf|&*G#`k*K>b$P7M)RXG!U zURh|3+o!Y%p{CgM4vT!oesk#^Bc#3S2a@IeFhnB(Ww^`(+UDxt3K?d!8OjZskyv5M zF_v?3&v&)BCVKk% zNbzJnC6`>(CmZmC3dQuJm#95NtraWyYHI>V*u(28k84qY@6GMbT5 z3qh@?cbH47mftQe3iBO?YV8KB!&uc^tCQV^TqP$P?syl1TADtaH-Lhq(nbbvT-DJY zn$vC^zR9$mF7tj;>*>?yl_I;>;&+zCQC6;^Q2H18IF-h}N%l7EdgQaJD?c{h&rM~g zBEAoX8K+24d7RS(_Qj~?n54a>?zFAV>HV4{CWAZDSwI6`vJ5ZBH5}|5H*7r4KN0Z` zYCPM-)*Vw!RTEsa=ulRZ+PF={R@gYSFgFyNZ4RCt)iR&>&H64hgTD&g;ybpwv{ zJq#_-#rF30?(H1vXiIjz?m*MP@p+$Q>BFwG7mR$v!^)v07dCt$+aBq&z}=~oY#^{W zYE8qrKTuoiZHKP>(=oud&-;&DaR@ zjqdb%Z1^%uUNGcF>~GSX2Po9YE?1)#w6o{8$&x(tle{$Jo^`(-eWywgT3IBTBg>E@ zEG1()xxTS~Wehe$P12LN2wfdWN83`dY%(!hDq~UU>OHmQMM-xJitq=V^d7=dV&|S2 z`@&U;Nv^w!R&IM)ya(a>)L%s;Mn>sABKJ2JKa^y$Q=AOeeC_7N^a_uGAC%QdX#;LR z?51{g3b-lW$K-|KSN{QczBkL(vijJxPT=VcOUjL9*45pjQ&i`-cfGrd-cp!GFA=rm zQagNgXZhXek`MVrXPE~Pl!k>^QRM&RfiBaLX)`zga@0FcTpVwV_S+Y4C`U=7$o*>g z1fxX1xIXd_ekY|%c0!+Wq-6eahW;L@f%C2?+^GI(%sbGszrAYcaDD3cl<`(pXW<%= zgX)f+F1JF>rK>PF5QRf!+IAQiCmsU@rqqo6xiZz6I|`yq&(fY@aO{rbIR9$P=LfF~a>*?qfm=9+^2We9z?i`s*#2g%yfkS?r z1+?|}mxKFFP_}-t?E%|mNgyR5k!tfD=0N-yJ(e}c)VJTl2rtNT^W9=p*g6L?$2KRv zfYE%9v~!|TN4L;~ok$8b#hm-03{-I7ud4Lu#?gLyEjGHO2>EZ4fgbd|x7q+JW|4T1 zJ5A;@VdHjVm_QHuZeMoj8!g|J)w!{@v0@yEHylcTD1|5_X>?gMO>DYP4fcAuPwA6m zuhr&9Jz5{5X1ss(w4>%5$bm*^M=LcHl#uQ}O)s$BSr+NhNPzyj(J zrrzB@EZLL2$m)7+-K_j0Q0x2g)a^_kzblrfK8umOQe>DDD}VObm=)-s^uB>OJ-x_i zFiS;wPxlvm!IIcs*o%zOIRUvnm?L@T%iIRW;;(|NTJeH&s5#SZUd+~1b{keZ#kq4g zt71V9(rVEvkYXh=rOE!^I(a*8+!NSFHc93TZXLJ25Rsh5ohIA>mzKJdc&An`zffz6 z7HU`7KVmOje(c(RKj6PX5kV7V+x|}pQI6Tc*JP7gddCl9uF6nv=fyRZflnO|4TyAv z?9|o9GD{B0O*%Z)fpkJWDgDyk5mz$RI`0x3rySHRXgk@MS2!I(m+F5CF>fL|q1yT= zB1_qjI`FkD^qpk%@DumS&_^$PJuOG4Ja>nkn;X#a#_{T>Z_Mpml))mMwVPAskEtmH zXUg*p8)7+(8b`!$pD2|RAQ5BgSpF;EMU@x5hDc_833pLX8?w8}+hm4700RAC2897Z zTwIRHNh-w0UVoWdXS6j|s^;9JgIb9$s#M!hTEp%dn zn{cK29VGYbC-B>;Z_vS>g9wn?xzUsWkf!K+z4twe9^1#~99zBrN*w=;k-xJ@U-|MO z`2Dr$BI(2VhF5(tJb{C^+KJXNdX-~Qff=SWb_BKA;qzs4GZV$0%6s3-UYyu2?Um;E z@!hK)Mi&QD`*%+XoV@V|>vONmd$Yks;74$2# zBZ9CAHMO)BqNBp1Sck2AhzlUjDPYTY?bV-k`D=IQa!eH=qE(Es=(jEX{Wq3c8=I?Y zVuocm4rc_V`=n4Fbu0N-CEZgR&v)X+Ao@wtrlpYQI$OS;$;)U!K{+1uz4=j}lzkNH zkaohc)O2`=!@gy)8bw_d^2#kH17azecmg?Co?6g z=#zx+z&sIq5!nB2kgf!|T-$!hLA91dbQSxmf5Fl02kwN|ag@Rvp3qDg*T%i(_j&oOloTW$Qey{b9EqxrYqK z>eQ)eko^*A5RT&7+8nhe6~pQ-KJM_{Nt1~XGat+bDDsLax_3~vStZ?oJ7$8~^!DP* z@x>c_9)_-(Kq$TYBkEl63)?7X-;>QoAU!dQS@th?>@ozG#<(8cpJRN}hwg5f64J|A z!**_ngcqngzwIL3Jv9h_tbn|-{uZaC^8y0y{63YTV64#HA$F-@ZTD?aO+_-)KvhNY z-j_kDZQ*LAMgDM4W7oB+xsTi}yMC(Mhgf&+t~V%deSD%F5HbF($@x9rR_Q5CxW_FDMA36m#@LAreq3-a+We9KH^#qp|hYvHXQQTG%xQZE=$A5TOtC)(K3EZ)I zjzD3Y1 zb}&?~>`pMXPP!t3UN(RdX1%8YoGb*-iO9!4Ck0uU{aQu7nkYS3ayZ3HR=&a}F9i>D zUAk)EMb}=&{uz^NJuoMpMVR@sy}kz^N>LU=>)fQt_ddHhz{-Yw2_de-qCrTeVlyV|nnMR}H}z-SA`i))G-uoM$+m)JnCmDV*z zb}lr~!Rv1*u_O~OF;uza{um4bfV&J6DdWvl-#_q`mU~KB`NNjR zV;-(|^uUM;p?x*#=xU0YFy0VJrgZ}&Dhc|~wSU8rs;fhsIgTUW!4BBN$ zb9WEkD-ll^wz}{Pg1!Tom7Lp3uPuY-#k?cfxq+f|;ECsmfYy4^0rRg}9rY9p;1CK% z|9Pv{M<+kP`sIFA z7M9kbql{1t9su9KjC4qM53P<&N+KRZy0~4w$;w5)j>I_IhQO$qH1i$}#h)4}XK(!< zH&RB|N#DO8RHz7J0f5dz=cy7UJ^fq$pHEKw3MAjg7Dtb9Cf;n>#(H|^Vl`SyfCjy0 z{tcH~18FUjIVm=$B5>>95(w8`>e0e5c--9F=O9Hc3DIBq^Ft3j%@MRtC~LN_Yf*mh@SHcev*%VteD)3=7cT zDH;T%zAu`2D(wbkFIs9`T}do}o|E#Yp7oi|GYpg1?n>ThVLvHGD-Dcv^}z?ce0YqX?gYFb{m{{E2LpevR=%$%7dCS1G+vQEk!EStHuE zBWcA9ZOk1Tn93G|Los6m8lpjmYx{V-=6z_B08V1{{h+#?cEK$z$DDhYtnuNZBb2uU zx9Zo9X@IO<+O&*}`jJtQjC}0MUR$%)2aTnAW~jc|^8On%I(bj?85kL-yvr`S1p$nN z0-%^)zKnVBYqSQa92=rsS`xNbKx`g0k{n3`%DQH$M=k3I$d)tCAJXk@3aY>NIh zVf63yV7%y$K;y^%1yS~QTic~Z7`V>xvf4-K-$eC%ujB3O3)$w^7j-&3=_z(DFo%>RMNEW`>53K8>So)JXh z5)UKK@Xd&8$U`4pG2i@@#p^#NK3Qe$>`K5a^-}`>XGxcKxSq+xtlU5!9YWt?i{ICbu@T2&=}Ac~Bd1 zgZK4Ic*7%`+Nc5dzF6 zelqC4dFek-oFf9Xq9nNQf4e3Cc+^qQ6TaVd*FO__sRkr%jy6R8w`-07b2Wz@()*u> z|MrPc5}5Iyi6ea*6F+!oCh4+g`AX0y%v*2z9^n6p{*Q?|dU|4k@}h#9W~6rhN6k-5 zi@=#+8<=k`0oi2~O?mN?u~{x!;h%_Z`~f%mRGSt+H7;=)u-Oj_DLr`FNqzGUn=nJe z;YQ49y#Bp>*^0{{KC`Nq2PS{kH}8A@2kH_M2ca`t3}L zJV^ds%>ULIEXx2;s_Pg}dhd66`}>+#vcQsk@X^U7`kg)0ffh|b@14mRym{LqDwlBc z;8J;Q69bH}+Dh^J4TPg;JFc#pIl6dxh7DG2mGpfhd2+)KHS?a@wT--fb7@-uBl}=M z?*ql33@`>;8iYH{);se?EmBjz&I&@+(Q|!&AYwroPz~Ad*Oc24MT`QBA`HuE>KCgJ zGyzQIX5x5^?r$aq*yJSFNJIt5$gn#aRz;kgJTFzUk!Jjg!4(;Gi{8zqp!COIZrB4r zClPmjQT=^cX^|KnSno31WY@Woc53f`5>c3=h3fVU&TqW`k1Wv=x&masyBVoY_xq54 za{*usS|$E-%kQ5qj*zAQ!G%Ne2gCNyilg10LI1x$kqAOpflm)^az@0*aQ?|fP5x!C z4-cv0DD6ioIDbMu|2(dcV#04V0V_a*#3+o`+~#3v`FZGyAKFNU;^xW6#YQ^ z0FxhYT~9ydJ0d$s)!AQG{U0*_vy4G2w*Y=K9xv#zPmD?CJojJs7x7q8k53i5%{=nw z4PpKsB;=PbnC^CML27Bb$Afbtz6TIR#Fo@| z4diSMlz}YCJ*2%_!KiLGyS3bQPd7Xt4`>Bj1y2T3Pd~m-JA`?WrSv91CpN%Mp)llV@pVCTry_v*B>^u1~m?Jsf}V?=9KJz zi~WC_Gxa9S+u&?J)AL-L)6_k(?v*m4qVK`FK2wFDawnOG+9MF*m_`68{RXIj#6X7k z(Qb?H;|!+Y4MyNoi?3+)0w-#wIy(H@gZ|s90j6P>Q<~u2uKy{0(}7`+`bF=Ap~sA^ z-q2hIkbO2PxVIzXJ@+(T(mf1Ty&_JgQ=oejPggkWfRb-vmO$zQWpVwCtARxue|{5K2Mr^R||$)kKyr`hmB9ZZT9aAe?OtlQJ6Il zkf@eJb#(}}iwLGatjc!-l5lQaitUP{Y%!Lz$oIS3rE_BoP$>3FTQvqxqt4@>{(qWH z&>**@jt7(5zoO|2LlJ%9W$-dDzYMzm&UaZxzwVp+j|D-_MCJ1)2s-Cowq3YDRMhze zOxXAWCM<$_7d4CWDBp}r2~gl#6&jHE;OI%TuriE7TLrHMZ~Cd?0`YFSZMWd06O^aO zKtyHj5(dmBYRNe!c&FZOF`>%pRf(T1wDL9Jjv1`%AfWugRySO7s_hpOJjaq)R44_A zlL;G3iP=Iw_mQun-hlCvr?g^=DQ0GX_O=cFDCj!GsM#s`>0#H9VlSVd<4w*2uU-nx z0xM5N1(s8(*R7=$5N z_swse9ITDpg4dP%Oezg}*$su7>zTTi-Keb&Z*lXOSS}IY*Ms^zg}_eiXTug1#j6ItfLTHaX2)AtibWH1r9s} zXP&bu9yaw9qXmlLS`D4=^-SsBQ;bw>d2yo}Xx^gyUC1843kG%&GdMiis#xksfuO|0 zMqtl?ZApMl9qQv@!F;_k=MSk-aCYC>rV|9SJ6sCbaBR%yglk1&xY|>>ZhMAW*KEX8 zotYS)0^{_1RLKGyC#ukXA-@8je4={vrW>kvyiPFYXfKcKe3^)+*eYascq?{z;HCMu zChpY0Q%L*qt*BdzQDqt8)iH>Mw8MFU^Lj%!ckyL(-;Fadzs=R0&~vry{_PvSsZ(&D zy5;Jt)SlNpvI@6CyKG}J{inxvw}8y?+wAv6v_EodzIAeIS$E`DtuhRU_wSsa zT@;G}Y)~x9sd@5xNFAacwxOM3rejnHI zFKXT1Qm0Fz!6>a4dhVnrmYYH8k}!~W_7yU=9G(5+rj>LlwNn}26wd^CR=azM({TSK z>a~fcWcemDKe9^s-g1%xiLTKYM=`G>hhaY`?D$)@o{XZV@Fw=@q3jD6Jp>Jh43-Hu zO#m_m=OwDzc)G&kSZUq4xbCc9(yQ5~bSUM)=`7+f(Yyq``=|AcerR@hsAY+gH&ymq zRC@a9AhN+RN8S}2kjSWCKoG7J(QKWny*_AcXFN9Cwf^A)$xpZS>EpERad-3DIet!F zOpm6wIr5E8kPo&cPnx@ZI|t!m|6hCG8PwFa2CATKyXXitTm>-w6{aBQIn$=yP6Q+x>>s_}xhV ziE>Gbm)+9y^pXCW0$EkBtWbF)c%VINgQa%EX@W*C``Zjf@`g{S2?8yYSBG=MKE%5h zMHD|fj$1p74dt&XMNq8qWyniHis+!8eQVT5dpXWtbhYS&0M%~G*7b6Ap^XT5^@txvdXKyIm=DB>L4+Qa7>~5@?(I*u^>*$Cjl7CZ(_$o z$hYI#gM34;*kk~QyH-tj8BKUv;No|_c&;kDwf}Kk?Wg~iDs@yRq-7}ibs~=jY0kV; z?rXHP-->!;77?Z1gQ1-*1NrV?yX;_@mhd={I{diNF6)J$*fg4G_5j?XTnW=hEe;xV3eMi>^~BrVlp<%oY2D*a6KW-U7-t6^H7rPGVP`os zmq30`Cui1d^L5_#rt0kXd~t!_5tvFptuNp~L?Qy??8<$uoT?7dTu7x&A#Eht9)<vYI;JMPp zg3ahV7zRkl3ru;P%&)c#ZPOrpg}KQm1vJ&N0K<2e*kA5gM>JseYzzfCB_N#e?smw3&9;e;-qs^G;)wwn`TXj3|HVuW75FP}%mYk)>?#dia( zCrcpXIggwkF*bMj?nz`j1Jmw%erql(n22S!)b0|_`a|AP>f5P}Kpmb%cWy=MTs5>^ zaHJ-Z&t9H~by%$G6@vs&e~k*fZMgFJiyLoV#5AGD^R&?N^+&jhIVf?e1okrj569?$ z*Me+*9g?UG9U#-YJ-u3KKIxG2@_p6{V6xxXZ?j-sna)*^bTB;__&!R)rN(t%+3KCD z_?FAVhLkBR{0LfX%`f~sykkDJiA_1!HQQ=^O==hDk>VdokT6TU3LV*|h*x`bL1hg5 zDdrSyZFJ!7)jFc=KKi+Mf!I;AUi$GH8sN5u{2pnifa-_=$m-33=q5>&_p&SvLLem) z(uMbkmz?i(hI%B{wANfR1HEa&eyn%*tL#|!$Lb9CYJ#666TvmOxP@(!kOTsGoyrJk zR}k6tqRMe_X2*EoP(13!Ss}wqfWhT6l2N)6Y~gimOyA_MNDMZX)| z_peAoe--;Fi=JK4u38b+MaHX>^B3YJU@GC}#e_!|a;G2v;1b?AvNMZchD5+~C#;Ve z`#3zVH~cvZ0BG{lDf-pqm+~!K`bJAb$iRu|@lWq$J`K#iPVA^%I4D`nrNDTFN|VqI zTT7L1);&kQ-Wy~q%73n)u9-99zGwD`_?VW9SE zYJojF|4Qa!i|Q`T1zYLWeoK$QaMcv(yfDi5z63q2JAOATTIN;NDYOI(;GN1Z9>ks9`|NagYtRKW7|~<1YTznBq18X= zqS+ely`&3w0?s_yMTQd#-@dYbtg9q zo%rPOqW>%s2ZwzWKw-XxjcqGJ6++amxNb0s49zC9bNB@l-jjUo-iHxqEO-4>nM9Ve z6tIp{>thobU^-g)voFT$7V2@K)Wr))LJ}m_-E08um0A}wU#e7dl&Zo~{L^dgpS{7G z4M3Go(F9BiKP?Tkd}XWMd8EY3Q$nqNqW|_KZDd~P6^AkYG4c77ICyPO^!S&LgYX^j zUv){^LMN7kbcBT5AB($%`o6{-luT; z3KZ=GWC6XOg&Mky)a%gY1Lr;Y5_H4&>d-l4a$6H-t@&|s>~)*OE0l7&DxDBWx@Tak@6>rFL+V zUr?Qq!+mn`X}j&=bYwSg?sM-6?BvBT>|s}b+MF?4-?bT_f@$J`g<*;?=I+MwY{qVb zxGa(1(9A39f@X*K)3iGC)jHRXt(pf#kn6GBsK8!a<*P&YvVw^-W|MWorW4o!iwCmz z5RQbZU%>~?_hg$(S72AKsucURTk5)Oq>vc%&)Ga<*-e;HsvA#}lD7JpTRPWw6otZX z-LY82KAbU&lm@ZfC^w41JSJnNner`J-jM&%+4#jxqq?n7%z7{SFo5J+Gi_<}M`7iX z^M;dgtZzc~WxFEZ&!{A90Tgy`5hJ|4MyP$RiVG;Tf(5tO1$NJZuYO1Y+bHSeUSkc( zdk!aRHmO(vZKR1Oq5FSu4DElw-LN_2^40+Y4L7F#Xj~K_DZ0Lj5-XV;X|UH4~)EV+LpCvTa#!<5as%KhP@I%$7vUW}DY}D!)-Z z*YzG1LP7Wfq0z~7(5)0&5o*st_>mpyNRcZmsjlHc7yA1v_w5U-Kq*gb%bt)w8XSJ^ zH9s)+?9R|)$U%o#j>&{gWi*iFGm;OZz%b9OzbUp~^SiLq9n4M@BCfzUCAsVe%vp+W z!x>rF&DeYz_)$A=E?EWzqA384?iRQce+S|V~j#kav5VtfTDo|1&7 z{WifhC6CP8U{|vLs%+u&7Jc1fDgyJUOFbQMh5DHg2g}AD&_gK1o6OlppFIR}h37FB z-DAzu3M!m(oafGe<<0n>&dL9%K(A~%uVBY7-_hBGkY6?oucIC@|5QHLtgT3UN9kjf zZ}RQix0igAkqhu?(5g#oB3-u(kByCNDB>Z8xaMrMa^L1DW@;s1_j15s;q&R%Xq-m@ zDR*_*Ne|JfL3KsfiMWJ=TnvEBJS86p+TYd4tO^}s42T3sw;M#?uCXp_O#&lS`M;6+BS7LB#YS znYn9Jn!V4cbiPa0Q`nE_zou7&cZ({bD>^}rMh&&nfs7YTE|s_rn4BD5*)7Q`lHA%= zP;dJTI(Smy@d?K*_w-m0`aCoKqpW5?kIa=FDYwVIvUNJMVbYNoW9A%)3wA9kUsZnI zcJ5q5PK2*hg^tpAFz7HcG81};qZx=zL}w4$QwWPWj=!tNO_82_=AUmetQTPO#?odf zQ)=#~snw3uP9JJ%k-cAOGh`9kpq>wMzw6cOkb*vk^8au4*C2 zTGnO8Wb6($71^HN+zub+Fx%~%a$8l!=S(H%d=#H(DjR$$Qx%~}93I?tBNEk$Ec~t9 zP^iK-6$GZ_2_Gxa7WwPaKAy(6ITQJTT*J@X6 z^ppHprp+@On`57fao!dL1D(e;_j(~M9r~zF(q1??g+6jF3%I~!(?Ic*EqoCYZXVC| z949OJ%-q*JJ!4M4>6&A8z1m7d;#c;mYAMwT(iXbq7R;qM{Na zs@52_+F7Vc+FEna9Xy{qW&TmO;85goue$*v0eI*k z=H6LwD<+(GG~iIeCbMUOUN7ZvbchPiF0LunmdnBV9&WeD(Z%%1>-Q!c z`z4^*MQh&-rkpZYBkIgSXW<^w<~$4f$>BFD@htuPk-@Ryai*QnByq3$P=xPrp)pq( z0)*_j4OcQ~Z!Tl^Tg?T_cT;c#aK#+553YA6%V63OG=glM(|cpn(eRU-+q(#Hgu#gv z?qg>7_=*QM;h$q827r={bDVNd<;;R)Y!U&{9oH;CcH;EvHW?M>^7^)dSOe}H?@8f{ zCU0~|_@?cy{2u65Bsx<*58hLMh}V+!^TZD#N!g9p=jnzy2$L2J;zcwU#V)tN-p#j~ zTdrZFc^DITG;XC8R}9c>bv3*Ujm^{vW_xG7m{3+B5@mo~xEkS%&2+Y$p9vzeuri1* z$lyQ1)c`a9QGK!hWTDna@ljVAvG)U)WQsY&!{+rcWhRpgQ?U+|VeG!PQF*ZJlVuY2 z92}wo>(GVG@dUJ#EFmoEc-UU%-UZlQl?o(TQ+SyQ2ZP00Uk7U36gm&tlmvi!szy)! zY(jWshDcpd(!=K~9xtdi-w?Eji-^pzeH*d*^kr;~&@E8QZtDlunG3z7r>3P4`|5q* ztls7IMhdDZVN=;mfQ-q|E(9Oh(H7qw1vu z3k@E2+49Ey&azAWdc*@JxSdNi2AR5Ypcp!kV@hs4Jn0)AQQRmGseHKC+ql2m_2O$; zu0l~I_L&lbA0UZH_9;CQISubpIL6DsO3lKo9DL6hZ%&&*S7u55kY14(?lP7ADaUJnJJ z(AIhNs?A!!oL*HHy=YlQ-1h$4Mk-lHHYC({>;2ryJ8vOgb&ig;bK>4B6xX?A19I70 z2-5+s=!DQ-jB2QeZqziam}^%#g8k#G;VLNw`SW| z_*8W}0eqZ~n7;2nVzy&C4=Z*hO#0 z=h2-nlb6}whil5>r{UT2ZS|h@U>>{0P?cyV6b3!w#T#fNsvDUe6X)RKL%$u-plvB= z|3akP_!3TVx99e!K*$D-mdJ9edXc8;rhfNu6r95t++DX*GQ|j`GzMD}X#c_kr(EjA zlbLVxTJJlz3CBHS-WgDhsoofiv`C`3u4Tx$A8t9SJ~=X6Ya@0% zPL?E#t`%}bOj!=L?akT9R@InwY)$jgY4M(|i(7o$m6(}G4buP@f6QOopV&n0Wp_hx z38)M;8|nG?Z}?=06Gk<>OedUs3^YfU@I=ED!aY~_nku3_oI~8kQvYsgXpd}-YQ>Pl zFr(cd*!~c26d>%2#y(<&;EQsswyU%PGrJ$Akg#q26S=N*Wya-BQwB)WMSs@^@Ol&x zQRpTzsmG_6I!izqW%jMlReP+L2d?HE$+F#P{FoEk+e@9`DEl|+ z9KCt`c$oC|m)(hTwm`!yO0ws!O;R=C;xXrWHwK8xqz7?Kl*AKmyFfRuLB+4DbFe@P zxTyhlHBB;`i*7{h$HARl2Ics$ahaJ_n{Tno>);blVFqCRK|dGYu`^S ze7*XN2DvbFq0FQ*TyiOAJRtEK{St}x%p{MIi+-n#y%KQZ! z{woeO22HH7p_8O8i@O5ywUL5K^iHf+h9TfKkyvOwzCuEy zYX;oL7B3jMQ2^DXSa>S0Zt|(UdZ(I0EayUh|GY^x0x7c-C1x_)XUf6F&<7Ecfj2r8 z6Q?9R2iA=NxTOzkxCbR_CS9a?v|bpgQ8xlmR6N>!Z4I(wQ&VurILMxW{K4I+iDa7( zlZ-a&WJW?9Fhx`nT@Dgx@0fw6sw3V{-8un~TCGHWJG=6^c?^65h9Vsjb#n}$#hIT zibrDTJ7$0e>Sq}x3qOpYt*ktFw>=On>*5=7OwF=Dd3RmnmVuTHXM+U?5%dz;Z`4w3uze2ZLFSd)IZW=lQv&jSwySMAv zxkI!&1U-^xW>kn)DyZk=xVq!QCGLJ<%ZrS9aO^Yp0e4WH@pyqx7$#`RSeFkX~5P& ziE4gZV@x4ftzDTtTOCryv{OsxX;c5@4sTebd4N^4fMEK@ZW6p!%xpVjrN3a`TVV}T zGmZ?yUoSkZCTlEo|g)IjwZP` z>mZm<+d6(kFLs9>2x{-9R>Hl(dcHa*baA3ArNw@~1%3W`(h3r8dtF?IdmdB2H-=qF zG|0b~kvRy<4jhS{c19Ox1j^n4H0P(o9zUW;0A${#CJRc*b!^xuq@h0ifcV5d@CnZk zEwOm+wSJo(;)DJH)F;BK)FJ;H$=UnPVZ+etSp{9a`xnN`6oizH)CmKhc46dJOgCL* z861qXCAEgU??c_5>8F8uRh&1p2z0H+hqOAohBaXT(}z1#uNp69DI~uM$BnrBpo7*<=tOeYM!oBCimfDPOhJl011m(sU~tc2_;r zeRjUx4k3w#6`3EHo4f-lHGrXMG)d zyMI%fEuTE%*1_lUWjDpd64OG#3s3x?34|E5?cP1O`@TM|34SF-Gg2Y}?5JcMOZlaZ zr&5_C&^AQQJganXIw6)kAvErqx`116zMiIl*yEW7kKWIh>}H-GLa>la-J$`ltLZMg z*%}F<`usZdQqMx4Z&l$8LgQtNv{LSWcRhH*cGKG9FhJj1R8@jd{us68fufM@K3NF{E%SiR=l4(c1gEO@oj;ZMxt8;+@ml8Pt-|owxWF!Jdyv|^+5LFfaE{kg%TBfi+x$yw`NzY`x7^GDv3#$l zVGwoG?db!h>e*})mQPPYj&;|;_kBaO`W$|l6hUf?K6`I$2D-c_6Cye}Uf-%RN6(hC zj#Tfg41k>K1j5@nzSeA+Az_!EpDJBkOiVa3LU8GFCKT5*-;Reyuk`<1NRB|+%%8jq ztwk}s;@F>ooCJ+SjZLF|nk=^5LETAUj~wng9?qx5 zyQ`81G43b#2kT5mN?iw*t`hM53nO~|o><2DUt68Vt`7+Wpt(6-$p5kgIeTvhWpx^6 zD<}Jiu_eo%zTx$K`JNs(w=X4X^#^+w&~GroVxAK4v%wL}^;&;RXkIP_lm^s2!WU*7!B2Z1fOCv&up{`{fEGASqX%KmgD`CE zGdC|(`13`6tTS}!v**fisr}A)sq1{U5=E`;w=L{kzTUuF)0@`}9(d&Ds^*V;(pV9H za#v7QdTLqK@$!%71nJK;*j~CLW1+|M-Oez+ml_&sQiw<|)EF zQ`^0kc1wx-&UKqhB}M_8-$RSCTh!xVo0e^vvkIrOx)Lff+md}RNpCH<+l__jKVzmE zd~$^JAh)wX4XU0yhm;{b692ueP)&y>_ANaJQ1Jcbbi}eBN`5^c$;touz8kDQ}REm_ktk}1nysvlZx0lON z0#3GKcv(JQ960gC(IGDvl?Y7whyi=APjc>kcGzk8vWWUxqBT*5PxnaXoo2I`s`gZu z-ZCs@oA7==J-t&IINy52MUN0_8X9#D*OQOfu)&=6T*IiqY7C_B^x0Fq|qX+c9cyzpQ%^f+E4h`@w ztoMQ8^%3X1}67I`=fj6?mgBr`s`yDE&se& zIijQUs&4gSAz^?RDHC%FC(Fqu>vcD;1V8ubRX(Wv$yoezb}f2Qk#4EQW?&}v1J>Rm zt&H2-?y2*y5}dV)YQ+STJkiY_gS6ZOPs#DwLS~Z@_VnMCj!#V}N45SHj;3ih1av>Qz0-jcu}JiDfn z8xoFypgjZ#9(`%zsUIryKf&@v?q2c-xUFjOySZYRh04mX^JvB_Ye4fXUw!(TX@IbV zpi??dah0y69t2;W^r=>M+=(wk6;iNk=wnV(2esr8&&%zc@hGgn z#3K9~mjH(M$?_$#DTm=gfe_E#wIKnj3nH9~YaJC6TzkTft*auJ4J=rvU3OX~q@7ur z1f=mutPVM~6lV*6gq45+pxcg?o*N90!zdT_F}Ubao?Hzjj=^*I@^ycVbyoW*>f zevutAnDax}7-nl~g~kbKC5StZHR*V(QE-TeP<0;&nVJkT#(?QTh7tVXlQ7tdpo+pRhUGt70ukb z4hsY5rE(B3%|zV053s%SJ(-5tcLj9KMSVYu|M)ODLBI($W==kW`%mNG*9E`+gW0(( zl(_eFN;1?+4NT0W3yER2REqq5{KfPdIMWG;rBHSQ$MJ+myi||PLQJ|^_~Ba&2l9p- z#>+T<+RQN^ApWxNZhPWCDDnqbgKj^72)!k?eyXxtKTt%C#a)FB@PunwwuPw?c2}dS zkqx&^D%d2w=moCD78u1O`>$tVM+ZQeS2_(cM+<)h7J{T102!qxO!%7~I{E}~Wy6x7 ziJMxkon7myFKRSH2{y155+E^ zzEvYZFS97bkA(&aW&+MRQw4}J_x!`ABMlx@ex$(F&5%dt%-9q0FQ2} zV4AWNp5rPkT~z9` z`jM&sW)(0$OaH8g_eSoBG$7^fWdbc(ikb z%={%lI0XZ$ec44XUEv>#;^^fr$fX{x% zy8Iy)$hHV&_k2ha08(W-_qf=}$&gdAwMnnh-X?4fubg zCgRIh`spO}2Rrq$`FhtTUL0Y1+zjCCsc&X)|Bm)^oV~6mm*Dr82|>y!9r=P{l%^h& zx&1eReSmm288hL4o`v&wls@P=k>0zzRm-LDQw>7&Qn#mTD;@rUpuhCeMF1+ccU#1M zfBipS=0Oo)?5*ktGW~Rle}^6L0{?%nAQ#Lu8U9E4u4m2e7DI)|t}} z?v00`K)<7alhR|Q+Tx;ADil2d^FC4_EguF42Qz7#f-|SI78$?oBMqID{HCW5fv1{rJeaG@9m7@hZg%NHDlp^ou&J-02%bsp4`H0 zuUA-N$bb6~5g-@QcP)zTuRVXe2*NP}JnHN^@(Dz_WGf@iDx{rli_D%tlmIFM!tvyK`kJIyro{FV3>2`qvcF<6kbXs- zW!182{p4_wNy<^25j*63h`@gBj82%`A7ipmC2j0rGFhO+iPDGjtyg#RNv#7t@b{4f z1K?grKVU(i;cKEt6m<_6tE9xBRiE~E`5F`;&uL)rsZ)FmQ@xv3Dnub-U!lPwo>eI? zbF-*_wB8c3sZR*#Nnm=-*;~Fg5n9By@2j`gQ2T7I(lX+1FuT8YUap;Qf8?6$x}&dC zIYy;M5~?>+mUKjdIJ2NwlIWN>Ran?>6q(}^q~eZk{XT{oV=~vYNxb1YVrx)vKYIOp zP^5cSF%W}O(_pI$Ggi;%q968AGg&~XJY$b?jpfTsN0y12Xs;26IC zwOy&Vni6*Y=yxliCu7y36rxL+NOM0cL-?cP@}K%YNI*0Jai^t|e`z{Q>#(RR|JKrX zleZ4SSXBiInsLv&Qf~&8C>ez`kKz_bc3iBWMbuH!Wbiq&l&xGLq1R#L&}6G#JyuW) z7}k83W$UmGhxvGlhV?C;V-)0x9^`YJEaek4ExqhGUMt~=85YD;q*n$e+8EV4VXYSP zM12WcrPgcJ=~wT-W$Fe}{Uglla3C_S1TjaU!s2Tqk*~LRA{_p>XfznLoLEGge=)Ym zNI$X0VT2gMz#lbiM@p6s72fSa3Y0Mq%q1EN*c(0R*tu=*Min9x;Ky*PtWAF$p4)bm z2viJ>%OZwu;y_-Z@6Ci?OI-HOA_^FUmZ25sn>4o+Y7fTEoJ9hwf^`#f!`| zkoPwnQVi$bKTo*URo-b>c+J4^j&#H&-^quyR-MD85Blc5iY^s-m-C~&7koqKUs18W z$1mYofB5tFA^;Lw{2ucUGhE|zv&L@a8zR;nlr7>;uaEMAksJDela0Tpdr)Uy9QSSf)A-bpjZQ$Mj%RmhX3<}t&iyNxarH`-2;S>4= ziZlefiCYV~irO=u6_hi*lc1W_K!QQ9!pY2C+tMLk%+jEGb7`U|}a)NPBr)x7=2e;95NkLzhF{ zXw-c?t)_D_QnS=G2CMcJFwVoi^;^+aJFcfgTv0yV@=MOT5;*Ey@6ci$aTeIykwHW z9DXj<=n(HL??iAh@17ah=0rRYGrQT9C|YsaC(&iKj}Py6Fq)woC#6jL)OTSM7Q(4d zZxt!mHVf1POb2ZGqQ2|#Ft|guG3#m|tw8BIS&rQZJuS8ECD64c$04*RijLz@&b6?A zN9xGGl51nqCeN7fiDLiV+v+-v{hrSyB(?j!6kJ4BIloK8C~%GuWERWryP7*^eV{rY zDbU>u1P%rzi(;37Je?o*jg8x9OZj5yh#E|q@;3jAA-j9^eCBY)2ao#ZuIyWr!bCjB z!#p~g0k4gHo9UY7$dreJ-`WnUCws7GRn-OU`SMPOfZlYJo-?s82BT?{?4?V)QF&9cyPN1>X95olh=;rA z6mN0cTLU9r1Su>H7=u3CFF|H;D}~?XK^6v8KL$+OFkXTcyG_Tw_?o#are! zlxKSGU{~V9jxK)3(HjQanjg)GP~m<>Q{XNQI?_a`^OQzGeVa%Xn%^CD>l4-9nB?w& zHapZ|FuVG$?3PjW!8^)+IxX3_;ZG)UG8@V2ZV$K-na~nN`?T$?dIV{62i2&Y(k{SH z&2J!mhZy#p=3;DwwDn!PkyDXGcjJsmvjD5ZL6T(Xu}09=+2EAPy%nsB`I?KVjF16z z(i5RzXKF6JfrR4wxTfxXV%%%>CS@2&yNoF!*TFWKq4>w<3@(il7~b+0``1Q%=kleG za_pMPw`9x?x=VB;rOJIk{aT)#d@!!pTfwz?m+S-lH%n6P2Do3$YD@7GB0>=a`Qng; zB%7q5kLP@vQN5u`(p9nqUkFpl% zw-f9>{!GPeD4vn8VjAcbM@7oIC~BfgMStW79la58OWhXtkfm)lB|ZLgO)o9OHYE{o zF=^6PzC^*`CoYY9pB6sEJZI$~^%DAHF!hzEZ%=Ii1%72CQ}1^Z5)A`cW4dqoJ_?cR zDGG$x;1A12m~yitF5Kj&P}EcYMMnc7Po^T*eej=;MZ(*jPxt1$K`P0|-l^vr#g923(0UsOGtBs2u_y zsRO?h5ze@CDFVo=*XBJ^H?H;Y)p6%Wt9JP7-n*(b5nB-razUfXOZPzwe^gE*t-vMlB9zN$+nOmv{f?~VY9F=a z<2%J})cP z01z_D@j;I*fOjO_2b0B=EwRl+ zU&fWr*i6?WmExenYH{Mi+_-@I)2mLCZN4MUquPU**DQG27q)f@ag_108yoY!J743| zZFl+TT4AT@54e~vL9dK-=OEPb#n8^6wiVGT>TlJi%G@EvMP?QCDx@+C>f6nRC#1Me ze{q_6^+-|agaFr5digls;XrL6FneRT%NvP+&7l#ua~T$z5~4*$I_Cu>PgUGtFpy|n zW<4UZ&o+Rk3CzrQ{!fxS64vCDcS6#4P2B?HlUBsl#U*>e|KB)NPHgpuU+lNS$?3=9vB%n2tklN$;$N+O^Ld zN2R7I4D>H{h9>OuEIyhDM&fB)wFmL9S#~T)xLx;+EQ|Prl|U?tVP2xF62&2KBfSOX zV8K;by`3_*Cc+6b3NgM|vEaudTR)qf=;WY6t$R&P57yN_!ePY9np?%?b1t97sZ;bu zx|~n$#$I(N~YvZlGgfb5scgT6em2n$_ z45ZeE%lhm&+kxvp-x3sXb&!o#7Agf^4!1I=o`k>;ASNeSw7cM6&$LEt1cE-w98dyaxKv#up?4$2A zaFJ2+42Nj|Zf42W2W}NN^L0b|2Q=HZK;}ZtaIxVILh99N)-2O4uKt%Vy~AV;Qt#O3 zQf~XdQ2f+>%X99H-QlyADkDOPVn_imdP@IT#s(I26a#oB$2T}NULX6b{ztZz#RTHk z_V3u8m`4;mXpIhc@ZJnUrj(@JU7X z00*ZRz3?bTf#mOASK5(*Yjh1)=_>W>8aKUHtwmi}tKVFW3)GMXv2pNaarK_hS43Oz zI1MWUOfDX!l$XsQzBJ!@IPPD-yFLX(Rg`)d0z&keT~}aU$2YTEH@wP~iQ%GS*T^KJ zsGlI!!mDk@t36GM!Q8rTI~@cg9i5T3qr&M@nB3t6ebv63ibO2K@P3F>bGboT^}|Dh zq>jeF$pOH63W@-o^SnI$K~$1B(gXbn1om4*fbM~ov(IC3Qes$ zMfbp3YgnC4)3dq59pL1@n<3|T^W`#c8^Z$?jO*R>b%N8b@V(~J80fd^92h?E>HVBW z)h`iK_FVJllKgi#i@F^K=ykIi6dWYfkhBf91)1}|+5LaMw%p0nrJlz!+)pwubN%_- zZ<}*!TLB-dFE;y1{Ws43(@x@-2ZD{~tyMYxZIhUzu=Lmq7NLLHBIg7UF;)9;CE#b( z$nQuzPNshqhyz*CIaU7iPd|Q1J%8fFb^eF3*k4sif5k!nytwxf2w22uRL=hH$^Kd} zNbRWU<;DGe<-e2ZSFC^8ZK)V|_Ym$BvzmR=p#C4>08ZCm;R? zgdbk_|0vuh5-M03aEfGX9uW5hA$Hb2<#tgXm!-#A7&m}SBy^3)@n ze_cf5ggp=xLuM8Ax7foi#)r{u<$zFv?eU9f()9+6!^@o5t0$YcW zHo-g)<-684-qY!~IUe-NEwK`}uhx^`cdczF@mJ0HKOeW{2*Njp;EOVtvK$N6btDWQ z+_6z>4AE^+ literal 0 HcmV?d00001 diff --git a/docs/custom-alias.png b/docs/custom-alias.png new file mode 100644 index 0000000000000000000000000000000000000000..d9af47f9da0d93ffbda75b018778f46c2df22f7a GIT binary patch literal 12422 zcmYLwbzIZm_dhurMx(U6rKMwlv%Q(e_rz=Waqf9O7xhL>kqG}WJ{lSt(JQ4FnrLVkJgD!fxB%2U?&B&6)CZo6 zlD;b%8Ugvk3mq*jg9bH-?y9LMhgLpJw~M;KvX)hqMMJBKCxDw{qoMK9zIq}1)(ibG z)9|CQZtC_lkM69t)Miil%{8M zOnAKCQ&(i{Ej{_5kpd=*H9{58pazTS~NLm>}IR1E)Qw z^nJ7ad9>?{5y%3qqRUxduKsnq|G=X@@tjg`Ycg(2E$P254 z{a@_COy4(NCmnPIW2R@I<}kl-&9Qj89y|~j1QXZ{OL_V~$(C>5H`{scMzoPlFUNsc zDXQ}g&dUc6TA9-@-zRh#QD9L!KS^smte+P#ZuM~=!+Tgm2g-@)L#vepNZSb3lacg5*qgsSm z1V2A`_!y6stZ6|^)W(2m$VTVi(92|tr%Ut(f9=*792#;zB&PrGQA+f4GLr`nNB^r1 z3k#FmAG73ac3BO98~q)mF(}hX0SvwSDN*}3*7=cTvO<)v#-E_>M)n13-wzFL*H1Po z?f)Gp92MDb4Bdq}1q4XZ*^2)ad8}exk*8IpR#){u6$v(V2A6zXQ(%2PJ(szE2B})u z+Tuy^^nzW6dyinS#$Rv$dsra+3uWMQErj5@bj|;pi2hUlu0jFXv?Hw>jlGjm_=4ae z533Z)h96FS^%YS4^-4!kYUSNI!GvL&)abMZg9@)2EDF-CiVW48Z`Vfb|8L26c(iGiM8 z?l0*Q+aAu<>{|aKj{B7>^C_~G0>ZeF!S&$J%MWWkQA{nN z`U=!MMzF^`e?{q*9=`}&u=pJ)zO8nbFkc%N^Wa6AT6*gT z<-GIH-@kt|6|6vzxu+dy>11{WqA@&KqATxj+~(Ibb>X?}-|!HvG%P=((mw1EWxcy)#LRo9 zo`bo%f!518d-FGiZ(KL~DLs!C#2OkKY2uvQZnjRUAhJ(#@E1Y*^gd;|AcCk*{Ib(?#N(Y5+Igj{}i+F|JCqyK7fX zO-*KquH(oE3}zvbMgWwZrPfSjnW|^NUJrn)qN0mC>fj(P{C$hkpYS&5M}TIed8Zy= z6Mr)?2b`LnO%lKpP}x$RbRY2&-OS~F$T@&KjvsgZ?y4Q>Pt%jDup<8}I2D5gQN&A> zM7HHVv4?g&!H1xE{++kw1VbbUA0pNzxESxZ!4h^7GK_}cSBlu8Av^)S)bkUR)|;Za z3C+e^<6ie{zcU7Mr|^t*oJL5)S6$%4633x%^nzf4%Hb61DNHP}DH1;;_CzM$LG=vh z(02$u>FbyNtIgY4zC1>d<^LLSHI5n-PZr9)QKkCR36~udos98+TnTB*Ee;_N`m@7$ z=*3jdTWd>c>}W1j+X!Y2%+QQ>FTNq#?)X(hX<$A*kC@x-(1S@6cH)SRn4%j5Z%bfV#+;yhZbITBdutX5u znmqJ8m&BjFAQtqA#3(s>U`qE9Fu>z@X)(dsMwf`$t)}t%$ii|=x2U7)&(}1|o&>(`HK~cez#9dzO z=tH!jg>)E1=s{>*&IORpxxNT=F)AY_njG@#Q)a?0xgZ%f%aK*pK9h*r;3$khHMjzGBLQ~(u z^Z4JJ=-@3o^vV*A_bld?H33-h2&Zgv!1NE7lNCn2#7 zIDs&7kA>z3OKp=HWhS83i^X!q&>D8 zhf2s)Fa(E@q)?Tb1ho8kDy`b5QG*T{N`qw+!7np662sdz<7(W`#v?LR;J3yHgKoL? z3ELrqwlmTWLC#cmVWoj|XT-s1_i_vEeO(k`pXQz0Te+V1aTx0K#J>WxWZiTY4ab1a z-eI%%$e%aZ5RZ!UIP%Cu0KAP=!d_xVz%YKYP1EL(voEp3PGDwbW`ekp@xygquDO|% zP=1>~J8p=R2Kf z8}n1@3#*KG(qaQ%Jx}@62qt8Pbm2c11dN;0zi)a&8_F`5%FNV5B8`RqT_qP?HXx;5 zd$Sy%L~Z%fJC!F0W}%${bb&?XW}V#hut}}zU~b@C#5P+5?8tDhDnvT*<&+ny)7(C@ zap_w{S;Ue1Zehzct@smF|LcL^+e{+G6Y%bb;a+qr$|eB%YOceo!1GTYz`{TR2DKTF z(MYYOqc+#9CwoZEEruT^)^p6Rl7 z^z6!k^8A}j+w@-+^tQ-EejYCe+7tLmz!c-Uw@2h;3*s&d2aks?b=QL|qp6cm?uvecX6_0adBt*G1X%A_VEhWz-S3#88N%2P~o>0 z=6Gs#*YsLNxpm(d8E)}xqM;XZklT=;p48VTVKUMMQRuW^- zjHn+#jyN$25W}D@j7ysYg&f2Cp z0_wbfwH@6;Nn|>AeG`4-Lt*w}Jf}F)Ac+H+dYSELaAx|TO_jNBqdmj*uMJ9Tk4Dmn zpFJ$uN2X5K75CQ2tDL_ky6xmb7gfqnY(^}5XOqi0*x;AEfi=RkrvIHg;ytF1U~Fm` zL9o2V+<%G=Fx+HqI+I2Xg4F(c6RMMIkx0$hSEE+oTBQ!u(kE zX*S|d(b04}qRtm_vmLX1+;->WdE9!{JmR+{sOI1&by*ePG+w0sQ<2esLh|evi<(eE z`C_g&(_i^6RME1SBX+$;-M*9MclMj92hC6Vw1@ntCi~t26u9w=lubkgb@(D#_PsiC z&-;ueNSf@FT5DZ^ioJsyQ;H0GubHJ2V2Ti^ zjq$&`6dQfs;vj%7oxD)itKovDmG|whywuHabwCYlJzn~V!DlCTY@cax1@jzT%8Lux zuiLiP(}#JLWI#Ro{KK{pus}YRlDh+C&M4a8i zJtE868#%;hHBO@+S^aBu(}HaQmK}AGBjP&(f$StQlF6ISKtM5z<`nUa8u$Gi^_Uf? zK34Yl+(%x0@l{1g>Lt?o;iR`9K3>ooZ7@#mG##hvw6CJr=X*0b;Iz9|H@5G2m~wFA zc+*wa&!+@ACHZjJBwCSZQsX)D7VNjzt6WYDNph#TJj^-+*DIed#lOA3d^b}I2)im= zmc-&#%(RE9W{P0BROpodG?-o5OY;3>zh6kQcc2{_jGif|A}xL0Nzy!=%c2+&8%MW= z0opP+Cmm+t#!AspeMuo?lO)r2QtynzToCKGhUrp9KT}H10T3nxtqh4SAB@t$B5>mR zq*0kLlKw;t0Bu3Hh`=4Gk8Zqoza=+!Ozw1ShM0&5bq=IckQB%00IKk!TwB61*W=&5OFyp zT*hhA0lR%%nUjutwMnk79Fwvrd%8m|ZN>dpNtV7IM+;3}2)H+)RWc;WG9Vz}yjZKK z9)!n(y<>(vNHV|-V%M1S6pIPBur98`E;h7tUBLkDQ|&_-ZF z<9NS@(^704e{OFUhR3&L2OL(@CYpOKvdM@F{%hGmrvb&g}1F@K1fLFR#eu?@8$x^iQn_g$9 zQF0X=%v9xr7}IO`uJas}A~3ZnTNp6eyIh#+ykoGbC4RB^r%jzmEWz~wgl8TymNfA2 zT6S*DZZm8wUj}!jp8!Y%LGfkXl2@l?1Jd9uI|kwU^betl z4cG#ka3k>U#4%SsTyw90S|lrAYY_&PH`$~w^cNa9F&L*v^0 zcj`|>Y`xF6GlzlT{B^b9%4;;Y6&)L~jdL=9Jg;BI1?Ir$`hY@~1|ZaTqr&6DhT8>B zZ>ke&c$o&ICANGvaLmp`Z(|(ZImIFUi)~#s6FT4e9lDBa>kh2P$whZuDGv0PsKuE$ zmAte5;`rbxRE0l8-fQAbelqKJ{#nTn!X64 z0!+tt8)03CJL2HrD$`}SFhGDK>*)}h>)DZjDN16Q%4##Sd>I{UJJGT3i{ggBv;j?* zoKUkD%wd*6ClLaw`zsvdM8I3Lr-@Zqk6;}-ofn5 zm!{aNLE7%2&DKloiTwVC0d@vJoH6xO&+nVnhl};R`0wiDTmr>v>|o*smZebP4<0Lf5 zyZMUP_fs;DklUgX_^syauWSXpq)mJ-THDfyHHIZUhpv4kX%Wai@(SP1)z-Cz@pc13 zIm|h-abJBBol;DAClN%h6x?AZ z=NL*)V-j$)nWZoViX6`n;Wtr>G-%xu(8c5Ulvri;wuaz zfKG)?*LYxl8M$xjP(m-dR-N|sdT6qbAh;7FH|(a%ohr>Msl|#}*oqAs!^F49{Jb%?zly`Eb^Psp-9*^XV-U6T~kE_`2je&;T^XT>%u8&dYS% z$L&bOiR!r`JohHZl9xP9Q%^cc!2IJWQC`&=np9~MhNWUt4pE3ccABsq-_&Enqw3~w z$6tjNwT+!eCMmOmCRZ*7T(wX=y&WU`GUbJzLKaq}fHip>D|zdiw-!u@vu$U*<>k9k zTFGs3OnBn)`(>~%su6p+EN1+e1mKirNi&_hKmieL=4_A4hf;UXGm4+eF7en-DWP|+ z`%3$&Hif78kUWz#W${LSWO+fHQm-qy;1SR!u1a@SAO% zWBh$jmkObfiH(L$LzPtpxZjaH?`CI0* ziwO>ZL58%LRnhVdiORM?m1-C(Q5qp`YGZ>9wF{xOgqak{QMTF?V|o0%*CW#_$1?m0 zN{}J*#uH~3p`r>M{q*SB?Bt7Uf=T;V*yiVTR|`vv>5xi&U6)t38sEdBmTd-vc;J~3 zh4GwjwjqUydOdQQ`^Wu33A}??kRU$QkhrPuBq^GuXm-{+rPNc2x~MF?)5@^XB`tZ2 zSD06Mz0lM1;@#j2n*UBZX~nVewG1w4OfE5 z5ePA#7~iakA{Xy38cYei!) zD&u=FJBs~-f?YJ!IbGc*0_{kfD;wM`lI5e*k?Sjdh?t?llD1R$(eEJqHhW+w-93m2 zL#=%-uy9t{T73Fo2)kHTsr3dr&@xUzVQU2b&?Mw#*5Qq?U<0O(*z15ktQ(s8gbaU(M@8-JlaHx zX`SlIQklluwt1QUW#JUsWT4`R=xlJ}EmUjBv;9W(eW`e;L#EqrY`Tb09AEw=l1aNjaeNR`feO(wmcTFCTr zsYvSX^6ki&TIeHGI3$MSE0dXT<~E<`@Nk@SMSOg z|3GcX$=Mas+VfiN8(t?mrfApb0jZEY?v?1S%T)2zt~FHxcnvWTb|p^r!aLrjU9r=S zMKdj;8je`gZIYo}l*a$X7OTVh)nwAzK8z1fGYw}WK`z>#XQuDn5D+_6W1r;ojiL6m zGjZ&Es$tC&RZI$QMN(nAz{kNMIhMiE=L)FyZSQtcwNxG+X zIL;ikA`qGO|4Qg<9a~BeXS34zDN!K+-s!ZC|Mac`x;^m> zE)0p;Q4wN*Gc2XgkY5;`hLslceKNRxjF0OeE=KR%+8-RJn_{|Cq;i{V@>IyLqXdoH)A>+MEwa98&Pc6)|6D~lbqq2T?`g4xv0pU=wm&8cm=`KKv5 z(THTRF(s+wyU{{A(IJe0j}sOqs=YkxQXlmR| z9nXWf@*KWYg+Kt}@9=3UgbwEUgaoSc%X)vn59_M%7l+CAwjr?8yp}p>MGoVytM*JI zp0k9IE^I)i^Zk1C79caw-seP()_LLWX|h;np^X0<*k0-S7-?-^ajL=ZcSUM8JQfVu z2xPvkVF&w7SdfEopn`wA?fhN;qu#G}Za~At&>7hL(X18&k;C6JxoLkle0*SW= zYB?6Zm?feUdB13?N_;L=%0if=^wZ(9=oD>Nzdac^lO76J_nF#XZefI&)O{(Bg5~vKdspHXndWY0bt^09T?kVv2*O?zkv=oKH7SYDD69z{{s0;I$dS!@e zTAnY=&)Ri%Qq>3{43Ac&bEm+uXRa;SgWZbt&PxTYw@ET*(_KgK*MQrZ2JLQ(vg3Ik zl4y+WU(%6$W(%j1@`T@4F<%vgh%>Zdp%H&^DF_V@*$?cfzz)CyIvnr}sp8xyc-wq2 ze-t)@yD^m`H$*3*zd@oZNQvGO=E|o=^d4ktEhD=frEPRvoVyoc8*X22_S!}7qr<9Q z$|fe8DlYX&dJs}^miBO(VPSUtz#ivGfqA#iAzWpJ7w8cbr}K1^r)}YylpxG}rIX3( zoRCkjr<^E+(!u;p&JX6sMAwgBnfC0QkmwWT*oqc-XT?E7@fYUU{7>s@ATiEUsu%Gn z7_dVId3tXML322_*Zp4BPd$~!F}M0SC2Hqg$X)Ow@foS$8*an#2rEfDOdR2wSp{t4 zDGyWsO1LFJZ5@*G>3}uQ(rn6TKxIARq|bI0Ov|7^4xOb-S?qjz_AaMvMf~wJ=AZdo zomX>IRiA@|ar-IDMI$td9o0pM)V}tjW$Z=rqnTHh=ihhGN@67kOo#Wj!D;CW!2!=j z<(niVwwWq(#u2Da6sLr`TlJ{{z4iSCv^B^5py$JM8?Uy6wBZkrPkkL9MV;Vk)>Z^( zaCMVI#$!n-z#I5UAjLHCa|oTVKF~swxXeKU_`Sd0ga&622jGIsEK)J8JWoqqe-I=m76g2M z#Sckn0$RNLVma%C3={Ra)-|$4HSJ3}D+Qmak?a}cI)%XWdQ1PKdu2+XYmCT4xD z%D(qISB+@D3MjG4D`N$lIRCd+Esq<1(xq^ibFtfS9|W|Jht)mRsI=TrMu^%~&@Dy=+bEWeABXRF8ylV_6{v3Te6b@w4766c0i0E>BjF2T?2IB8Ti z`8kfCVNZHu(c#WRSa}{ho#ul5$>WPI2FY;=hlLiEw?ElNB>2UFulWwCoZH+0;Zad> zO*9+vA8mE|K^-cb8+bRpI2cM9%U*@}8A)Z3v(J9~!c}dh(~rebOe}On144^kcTKE> zR&8I79PMBubjg6+ zls-k;!$;QlrVG_xMKOmkKk08T*jB{N*4Nh7u4cGO*q1ArkwWt8UHu<01`!_pq{Gv~ zyj~PjWxs1QU$H{OBcT_Z7pzDaGZzPxE0xyk-dyxtKAfc&w_g+gORH&IwcVzbv-Z## z4bT3E#_SUea(2ChJ?F8a6s!5u{uj$3|7A@{dG;zfJ|@{t0Ns;xn0 z@HZ4fW}KXGa7=476&2N-S~@oh!vf~%>-D~V8LKP-)_lOgEEcQoH~@^)su5HVP@Gn0 zX&yP78rJI5l<2e8Xo17OiHZy#4evws{iWd2w(8uxyb^ySQn>P!^G#{3dZsv~l{AhP z=_O|f^nY0j((JW2ie5M4457dj{;2Xl4w#-8_3{F6PJFxn9~tdsaBK7l%6D?C6pPNdoc5vCkT@a&Wnn}L5~tmxZDzI0SMkYe08UIEGnv@b6T zR`$)_(}s6)(8uu0|JK7Q)3J|FR;OwW`8Gq}JkzN3FOx!1HsWqp!aU=M8rAY+FdO-P5)Uebp*=e2|Myj0jtSkiVn{u+1u_9&-Uc0)QT78946B))0@-*ySa<=OY zQj&?TjdaRHm#i=|nm3+hAkZFq6V*L`eJ|Qo_ee1-`NwlAY%jFcCp3EU5F(>tWdr}=2 zfz2H&_&K?rgMhJrEbb|%;Q6w49B8pI>vrRrnnc|ER>LoOg~h9lXR@PWg7F$&bfzU5 zqW=43Yr)Zs!|yXMqq?`41)-MH9=+D${^=gNidoGS9(*6yj&Ghl@pe8y8#uQd(bjHS zb8-51II;I@;LI{!Yj@{n`aBz?+hd%Bqa~HIZ8{Q2+R!_|tlL8O0X&fOEC!LLP@$(U z?s-I~qM+-Y4dv|LxxG@L(%1Q_8v+_RhWgBN=tiJ~thJ)fj0SO*{BkR6~`$Hmq6Xs`9=>myc zlg}9?M_w!V?%Q@pZ9_edzMb}7yxafA-F|bEb*)Qn&=@4*xmcHJDx%&+1k=V$PDNrr2f8dD`bNIVX0t3 z`!rqDd3ee9xV0YXftc@Iej3_%XQV~NTCjaS7I&`swPMHUTBN<{6n|B~o*^H1R;`2*`c_l{6-B7JhLwXgaG zTygaeoO%hQcKj`OuwvrS9HjcgS+c5%iRTm8%M*Ym~{in_DLd5#4- zjcSWOcb4A!pM7c8UDX?D&q9I%AF}v!(jU=TH#<9P9}^Sv$tEYS3BHpbZ*q}sU(ZKw zLL|64$v06;5i&5GDbam2irS8y%*{J{XO>T;JNN^)o#B!SbT|m>W^jwP`Q2t+Xci#3 zp9D#Q-tq^&mF`@xwTnU&Su&J2Bo=Dlwti})!(FeihhC&|rmKqP*>F=%H&&m`FFP}e0XmDF|?abz^r`BD+m ze4**i>j<|ze2wxZ5Mgz0vp#-avAx_U5x(8tYCm0m+2p$Y#(EmX_I0^HF(q3rC$!X8 zy}q@O=0i*IYay$;C1M zmZH2=(t*d8R;&2VqW>$W?Jbu4|sPC zIZ3$kQL<9ZZ>Y;zh&Q#)rXRas(j*7+)3+IL`ZcD1&*}3xHJb+=ntN$%eK8i zIv!<)wD7dS;lHeo%_Ysvd#3H+i-7Zr+z2x&c-;U0`2Q9KqLJWuMh$< z0EHS4-L+e!?>+RrA;`H<(@i*F>krhPPu)*V0m+AeNTfp6Yq)Fw`?CI{W0c-_D#_M; zM}EXZKzd@LDT9&1?kxliYkC0mdnirB2mmP*L|jQ#9?`h`YYRa ztFLgVwI2{(WwGBs)m+kvBPd9koeu>r7S^TQ=gyGj4>R|JFGmh+lg8X&v%`Y_G?wgM zF|Pr1Nyl*V_$??^@zqi`Ba7$I%J6aAj)nCu-Ioi{4UWQ{;qZ%ZaHw>Gp{DFh%|=YF z43Gp*zTV3TnJ%r!o29X9Kf(IfnV#04%q;TH$QHLt%U0wnefb3ns(Zix1x?o~tV^?jQ_W|u5k95s&>>+qY64Snv8tcv5?>i{8%uK@@061oYP((!&OHM~B0MU_OSc zXm_G4+qy8_gsVB7{t@XYA;DmcEfpkBWe4mp!${eCDFCD2K8E0a?{biPbQYbo@=&^d zGsjD5V!XDgftm5jL}D0#!fGYFJxxe@O6+wYvcIJ{Ro|Yc6cyF*@z|YU)pd zzOWH`7<*VVo&*F{sAv)d<7tRB6I7Ha8a}w9Nf&k>zSVQ!EO*I*8pL?1ye;2`fAkwk zg>3%ngJUK!dMaYz#0G{oU;`jP;J-ib0(8~LVD|fa#Lth`2|~I7I!RA`ERTxH?80SK znkt&bdm^S7&&?*BDb|cdvdj7}4cAZ|@_v?|>GuW$1eT|I1Ap}`+`5|wM#b?`PyyTW znH=?WR^7|PieMv@+#|XA#d8L?>G&K$Q=e(>4H2-4rS?0d9d1iLsH0hp#`{g+#Z%er zD?5DWC&WidplM{?fG>VpSd7WY}mV3%ZDT~c78F@ zo@59Sn147O&Xkn^?l+t`KsEuCp{snDSteC|WG;)dBRX;{E8YvR7D`%c^|UEykX!JR z%iecg@t^e90u$pgN;N!;crMJw?&$FXH2#6RnmQ)X%KhduOd5H8@}E>T_nM(od9F%A zH)LWmxOuzaf7cxB7G%6}`Uac03O9UTinz}MHtR~f=s`{k|NPkRz+S?kzIoR%p-5pb zpz9cK>799`_;pueX(dWA4}3{cmu)%_UIk{9E<+%A2cX3RhL)q`Y6*Z6gOXH#4U{h5 zRIXfo{=xCp&^U61v;E#V1$iFtO-$oIs^(GiCfvUb~h7Z@AEMhf|As7 zmib-yiqN8@0wfY_zK@^M0L#INo^-aTh5-#8R{$45dDpE0T9}6$*4AP$a8bCBwh2bu zdby_-t>Wsz(K3JdgBTFmwqyXN`c5sJU@yrFAQ;OA{#@y_^Za^jGW+aMQ55g+juu0T z?Kr*RZ3Q=!ixWnsa2oMb;!hY;|Dc45N|t%8z0zSF*k1Z9O%LfOEjY+a{DbVg3r%9) zD(TN`i#WE!2K8D3%ZPrNeG^NhNFa>>P(e<`Y$c0F#huu#FD0Rsnk;h4efo)wws)y% zaN``4-e%fnhTGS))o8^RObbJZJl^WNUU@t#Ul;|)K?ulC-zF4%|C&7K9|cBUw**rd zx5`6s`w!Ar#qh6|L$6!CiyLFcZYyKBX#tS1p}e_;da%V>lK*?%0tJMkx@4^@$Fq7U zZ6KB&mmZc^k$o~vM+`t{Jr1td2D0>W0VdsOP^a_R?v3hdB6~Y8l+FFQJo`BC8^SZ& z3vem^>0b;$%=E#%E&=FA70U23gyzsaUo|8>{;ZM#?rkDl{>cYiM-yPhIJAKJ<3<>< zhY68vQ3P3$AVqfZsULPNdo3ne=YFmFnJmsuQ);5%f0}fQu4DdaL?O!)22F8Z_zIWn zl&(u{CaNWG;TgHC#muv71aqQiuJEAF{0`FCo@;BFUIpXcL(ET_nOUJQPDsxX7iq7{ zSbQ_93Zpms=MGhGE2psZ13TwBsZXtrPkNKR;86kCj?&S&I~o{} z8tFQmt{WljZ$81cGJIf=*~5#~y_HDP$6nfaiDJz7Jum}6QAvk@$E2GLYm)#>_2P_o z@wE1X2`5%Rz92b_AT*zQc+2xVBQ6U5Cu19_#K&xm{=6Uol)gAZ9S98_J+2nqvQ3pw zy;j8O#zbwi=U}h2`VvNn9!_}C()H`*@z=m)2o%kF(ah!P=r{tje5Bla5&!5emQS)b&sKsQG9rd(!i4Lar2b}25F|?04#U6J~)wa_BQwY!@ zk{!gHk>gnZ5EW{GfNq-Fgv#BjZ{GEHw`6VYU_F6U!^k=POs>Zt-HrlTbyxWL?a@E6 z14ae7?tJN|BaF0a%5Xf({>WV}LJ(&T@Z(K##~X@&Y(s+ss0QgqrP{9md1Ua2{Fgk7 zd}`F8a45?n%v;{@t`van_eH!52e3X;4P~TY)&~nbRMc6uwsp(5EN`yrXpnJ64Ll9piYtYSo9t+nt z6m%k6e}lcvdGKqJns4bhD;Z_3poR)gT2^&3WL;BOtgkiZVj}IO##l9ifR$tTGY$%tk8R zxLI|}Dp}i8W1?!o_6dbzOr>3=RKo0>ww~7zjtXVD{xaP*=;N$$3zl^&?`elYaL|7k zqd;BdO>aGURm!c*Qdh^&1(+?sHUgZZS}VZy^s$#*dokC@fdyjVp}6KobmFDx@S%`m zW!L2<{&G&`d22rs`mvTzISYNbBEj=*v#@bFhbc67|8to26bRN6ib4l9Su3Jy`o|$Q zq_b6S02b>nqe)MFZ$DWk4q53TOrd_Y(<5DGL`J`~_7$zmz*{?P$`V70KdTcgd~gTe9-B7 z?u!jOa8I3PymZ}NQvE(*N=VSzb??aYFs}5-0=l#{8;tYAKvp=Lo)Oox3In#>Xd?KGZM?Ag2AR?i|5*Sd;@R^(+c&|r?ToEq?kLOC)MRRrqMb#k z)5XdT^K>4cuTp#Ie5-d!E}0)->=EA{5gzh%Bf z@OgKM#a1@S#Vm>#dXfqQ{KBa$}Uc- zxd*SiA?i&)Umx?jm>37Dujonmrgp>}FL%Ur_~*_rc5T7l(kbrVhcmOr2PE&l!@tbph>Y%r|&7A9;j9@zp4bxA4KxGx5U1RL=yavVNbHDL~aK=AMBMJ%EHsBvAf!-%Ufa`I|#diDZham&Nn zLyyKgil2u8j(?uQo6|h&66}DL#wbyh)#dUpZlFi zZEy!=nr)2zHeqgP*I7Ts+pINsmyfMQIwtg@A+f|(Vuc$*i^mG&kf1_JVcy zu0LMgM$DqBg`0=9&2y&$y=`rUMFg2`FVo}X{t}kzmJ14A^cq-n!7brCW5Rb-)oU)^ z&(d*7Q<9L40YgiF4=H+o+;MhlJGuTHuv(~MP{=rh!$`LYe+uG{g^W{&pG*^a+!ra) zd%13?b=&sOMR4>Nl$|PboV~2HuHE0`9l=@Tq4na|_jyr2%z{iYs&=^}wBCSB3ty_B zwy@ms+6S=K#SyCL%+Ll0Wvf7=&GJ-zAcP33+LCxHW6U~w>vi`7$W^e=-y&Sx-zpVN zc9t%#o` zDPM|Yg^B}%p}vC?iepLW&stCBZ5HGPRx}fc@vfbkv@ZLDfNg^P(j*?#-uXjaCeS-SB21&d zL57ziZbjVhZS?pwCQbzdB}xXIhpO*fTJ8^S2E6#upw`US*?Yyjg_rhMYKJ7Q7d>i) z_LIjCs^xQTJKxhAMfKV?>>SP+Mfr<^;P1&mN1K!$r#9FN-P{hoa&@f>PL9tH?$}g) zfb0M$P8&iwEnz9jO_I5ERMkC}E>C3-3OaCIus#HR_Ba`feg4^Rmug0*i7<2w36wD~ zgS<_!T)%y%>TOZV$YpzL%`9}7TYBGKf;?QB(r-oSL9jx0ry5=2Ff@JZ!KQVRRneMr zHQ<~}pKRVx|DVBYp74wxiYBK;S^c)-~?J8a>fu^eg3c8?^YB#I(HJB&jg zCd%FDKsMAW9?n?0a!&qJ>f{x8Y$vvn$||{VQj&D?J}0)%DW&YfvuuB#)G*QtV{iIu z-z)r0JmWvBvJ3QQveL83y;?o|WsLx?EdfHD{u$FihJHfbfOq2a#a(AuSo5N%-}d3L zjPdd9KDG^|r=^kIx{fJ-JzrtHLrZzC+Kc0oh53#o&m^4;J}aw224iRCn91LGQb?s< z;jh2!{*!^`2w01+m3(jOyFbPZwzv%3afhj1Rkl0o(bf2q&Da)^?v&0DQe~sl$96Lif2`2BR+M8{RG5y_c z_&w-98PNzM4PFU2kdMCx{z`YxorJ$YD|vnFyZnJhxJ>5y>(4ajlYD> zek+MMqn>HxvJu)I*5pklm{I|IUR?h$S&9M?-S2$-@d7X}W4=+BPu(8hXgBk1j!z&U6M5uvPR9o{h4|4Gd zL!QfT=;8m78VF^;LAf?Q3eC~bwGEnkQne*>nRM(}iRVGG&o ziJn;34}PY{ET_~4XMcVj@3pI_+S=Rya-O+^Ybo=3Q-@_D2NNv+9dUG(4gGcw`^|q- zGg&7b_tAIUIL|1d2l+SITLM_vIig!rn#D(ai!p|Ezh{QpGV~gLRXGF}2pSkJ58mAv zLvkz!rq10yt_b3%awmScR33*C+`p-Dl3VqJ2}av_(2IEC!m?tP{dJc8#=ytBoNO7e zAs=x)5b@3~0+B@)ZYj$&V=xu`ysAD}Iui&E6-nskDx8~IXQuex%Q~h%r}CCuLx9VB zDC7)-UUY2NGpw<3B}?+G>1JshfoEEV6a19h=KE9SvznFtsogqdg)RzqpMTriBk>(c z$>dQyV3l47h>?Fiyc&&GHnw-xzpZcDERNl85YIQcpEUS?UDFDL23H1Th_$u_YL*vO zK$=G}NxRRE2vhO7|7c~QyB4k;;`!88_$n1-G z)AW7&H%|3GQk2{)&9XhWauhNsN9)t~4wc*6&#xI3BDI}pfi2`UgWP%2A52;;G zRu*+DIIs&bwx~mWsMVl(R4tBP=1mQ9DsOw_MjV{-b`Jul<5#!MjW=0}3Ot{#TKf++ z`;~r9H_vS=qIb=UG8`fxTJKa^=7w7f$m+zv%r;%Kjlk8ZvWm_iZt?K(xjfuq* z*ZJIs6p5Ka6DP^R=xeuF<@f0I0g%%T(bAR&bHf?y;H{HCq$HXY=ikI>aCZPr<&ZEm zfr+qZ#s2QFYs&t+*7f2dLsGyrm_YS39a-^BoLkB|b2RVY%Z!h;mESLgvCyA+RbGK1 zTzPLfCDcY2A8bzhW|1YgCKycwX+3oPM4@ zBX+yUiTu6+a~YtoQM#vL~M)RW){juAKZK zJe7OBCcV}rd^_Se{L1g{;C#L)q3-c(Zs#{ZE~F=j{|wsVJ-Pm{Su`arj8&Tdkz8X` z;>F`lb=MuQk|{H@$zA)?jrsk@kJ(7M*h0?q;pGiS56$FpZ4A=tFWFd2>kY26NAJIU zP4X8VHwh!-nffCJZZ<#smSo^#-`#Fdv(wSXJCt0|WVq{eLsQxjoJsKXlcd)JH<}UQ zio>(TQO?U|NxwqYF6ZUmskg{K3u{TZl+R&O0 zhq}{!B8PyYM*v37=J1M<3^1SliOG_rv^i3J#^$SC(T$;bPHFL{@0NQTv0(NY0@kC53UD zYh=M*gl%SxTG`pjSd6}*qGt%j)X~-`YnCsU6ys+7fKU4HYqS@%IX1{ul3<()U*_1Rd9PMNG{+6SD9$|9BGWBX`^J>ws#VFDmsy7u zp-h@gOZ3m5wBetrLj@RD3A6oMwm)>P1Uf&ELp-Oi@TvRTq87=ForGhCA`i+{5&1kE zb4OE-E|wiF*5jQA>4iDiu4yPPee7rJlml9%a(`p)Qkdks=&UUD>yEvuD6E zJT&s+pMr1%82x{f7a7P)4)1VB>S7QD$$AH~n?yB(p87R0rv8}aBN^pxXcv4f7z$Z{ zAn}lobtSA^Mi;LC3_d<`gHk?jz7M*e3f@r2YbjeW^T#&cVKjgC4|Gf_mL#6(Ohmu@ z$~+T0yms48nwXiDkM#Z7V}!zD*0IsFr+bSekG!X#W$G*s_j4(#Q1suwe+A5+l`1!( zw%rM~E64+4B>C-y5vsPEWb@nlBl}?B$UvYjh>t z%x01=R%EFvwB+%}f~aF*z3w7;1%HCqS8*kp5crFlag%Q9A1TxIhI<6R^G{`@)EFhyrGE_Nt#}6Uhtg4ax&HjJE`?6y!8#6^(%y+?Kp%@aN{eI zv5J)EEdx;}$6Vpz^c97E86+Jr@-;v|IH1Cb+NjKKMI4&`y(e;kG@xa%Zao#-iMs@y zgK4Pao$W2O@n}UrSRXw%6ThrBg`0e{^x+{le`QbD;6dU?TSWq5n8`Bokd*OfelVuC zMvjs(B({GV>);%t;(Dr+c61s6U2v-MN|G3RuMrEUjg$J=N!VOv!WBd8_qe~$Ie5aK ze6~XW30``3s!ea{Il0vEOyqzM*(UQXiW19a2fD2YmAUhMa|KE!NmDhNvT-sP=Z)=L z>cj%aFMk&TW~sG4o!;$cx`1%X;lomZ6|b>%lJ|nu zem>#uSj!|;Ulp9peL#nFdBq+*3_D+siSPOPXnD?Hj$?R)d`48Qk_|^mwu&+PDbh?4 z?G~z?$v*TkHnib9-M>^BtIN8T&p6pxM58A0}ZwZ?GA`N1U# z$D7BOC4*44v^&Vk3z1IwG0w>=JE8rOux*&K4-LVs@hJPv#ThZsL=JW-!~P=lp=4t=k3QDZV_)k5 z=lZd^d=U4J%Kct+N&A`fLzX02mIISJm+jw(Hkykx`DCQ3TQ++^B-|%iG8;<`bq12F z$kwZGGebu%Of^EU+(iw7@ak2+25XQeiO&8m`O9~Jd>1LXDzC^stGe_3yQQyc;Ih+K zgtkD>C%o#>gHOi%!lmuAt}rU}P{F7`Ik;|0@oi(-7JVtI9}9dld*My)5dNpdjJSD% z7KhE5@%KbG+;|cLgo3^{@Fi2a3@r4O3b#yEOXq(7bbRXVkN9c!bJj|P2$(_{dtZ#G zPK4*aI}oR)F!M`h#;xz^**Ey^bDmYSk*bvRw4`S^YolW!I;CDoyj;?*v z9f$F{wh6yzCf=75W1a?m(L7O>Aazx;wz7@NN2Prd>bet_Sp~lfT$fjdtPeL@zKQwqPvlC`mEzR`@V&EzQizmR#JuxzO4lJZYPT2N*A*&dR1K;M4P8we_CJt4oAh(bo*=P4Mn5t4&>cXY z`z%*oJ=&jzXoZ|gW+pPU@fcL-cW~IQiNEWe1v&5C&Ko)2K#mR>*eJ>M^tkO81D%RLeYGOHpZy=V6#CYp# zd|Iuq=h7y&PAFmdM5e#o&AXunl@e$pULiK@Twfp4ZLQHa1(ZD97a~x)azOcm^6jy# z*jF#V3`;Vp+WW4bBH45MIOy;sOv0YJLe?FUK7LTU7B<=&SSUgZMJq2am7_r}Wr;ZW z5bq#qRpBH}rF+>g!7{0TA9HvE$DTlXeMH`nSU^9&+<{Cb!OpLgvR)^mZc`83neN74 zYH|hYF+$VYY4Sny?48&5!Sa-Ticu*9fBeOW!G7O+zRg3BZF;^4s3X_bPhoyd8%Of13Q(9%@ik{segh3Mk4erb0D!Ly0k>)QPzNN)$; z64&ZrM?q`0ptMxD{X|jN%3@K=!ll3?;)?IlqYFtyVFK1OeQ2_r*}#{YsR!rDiL$6D zCsMDaCGt$Wg%%q|1apr>!(X{WJ)LEt#wS++h>=@Yj#iDuk{nri`y{Ti&Qlw2+Vom3 zNbfH_doN4RwA5#E&weG2c+PLN7aV{2bJaId{^{;4TvG=tId?%bZ2?QNvJHB!PpC0jq_!{%~XbWb-o)|6aZ*7st<8algXS5YGIrCu& zO5x6Dbc+`3WtRNbpBQvFo(LP9nW8Vc*0fN*bBtpzshRUXjPJdufKYh<&~OO(QDrt7 z+wAXT&r^4kYfYH-B*e8<=dtOMgQtwHrf22Zt!qe#`qF?^uq1*J{Gp8-T%hMh!AN*} zjCf5qj*FVDbSvSr%F$J`rTV+1-jeH1`midT|BM{+b!RwvAg^ih$JZn=5XG9Ic@(&3 zMreS7{weG@dYg;yYAxGCR-OtCG}?L)iRF}F_k#|zNg5IZ)o&Qpt zzdmSWW5!2R*y-_ZCa??bd(^vqOc{1eIip(djr9C|vuJQ7{R@o2-4A(r7#+holn{#B z)}VfWBO(P_pycz>P>@XVxXMP9#9u`UlP_suT8#pXE!EpkGPx6Fi0v@5q_^RbquGo5 zQ*>e%4=nF+;w@L!E4mglO0w_Y!zg%J>V<7xs~ccrUG~5ZJuS`erGd?NmR*_){pl^;kgBvas-cC3;g6QC#Z8 zo%3!#QG)@^t52GrRi3Tq^ERHsNNB0wTvlBsco~75L?`s`T79pJcLS`fF<<{Hx&Z?5 zKte-)^`J;|YWOvjys_YORKG!lRJv~aZI@+Mq&K}gP!cBnz2jzZihEgeH-)&ixDb4Z zzBPQHKjsTAW>72n6HP}4U%ECk@6qhk&*Dpd(yJCT`iSOnsHr{cH!7H#-tfZB1o(@c$*?3B4YOLN86hxB_JT-08B=8YJW#G!OvL2 zQ|Xkp?LOhGP(rQseD+705qURu9ysuiR}0kAeOQ$_N{JIUQ0kIO^WfxV&3mEdt1^*y zT_)ZaDfNPWXkImzPIRn5)?eNh!ID9B#sOIeU3KZz3`y4%e-P78L)i@lDpypqz_FrK z@iQWWkhLGY5~^HHs3H~4sgkV;(-e0YPkL1Z>{0?C1oO!6?GamF&9N!?Ao1%2XfY!| z09F720c&^9swDt@{Z$qpQ|veKQk2-NH;2|JWBux;**ab5vwvsMw?+e8o(_mth)mM9 z8<0hRaX$3_fvQsB*gn2BJeg;i-=lrAG6jc#oy;&2xZfMq{(*{86;>D0u?CtpM=x>~ z5ysO5Y*7mdvxj`>GU``f&b_m1=RNzS8(yEmkMlg>(?zb}Wef&qCH{ z;3H`6&_s-K|6p?dI@y9PImqUmQ_?DG|FKWToib2p+PC0e?Fk~t4>^;+r#@SN78cf{ z3aNrl9f$Rw%Nkm3>aj!2)_(L8%uV)woKHxmQg+5L$Iag6d8g)+;?TOZ8~J7aZHlqZ z3R@$Wg9RU8W+uzSSq_G^EGf&3*(g0wRgR3vW@l%2a0i{$7IH20atLFuAG`ngC>U;2 zL!7aSuNe^Oi+Ea{KZE%`Gx12lG*khx|IL?#LRjg{Di=a(r`dS`$wdH#Yz!(L4*7p& zPW5}Q30n_zU(AFMAL=dg9GAW2(E;W2xJd(bh}}IlB-I>ag@FqBY=tgmg1oLGO08x0rg zUf!7F*vubDy{yjDsq=@=PEcj@GsOojnpgQZ7?gAjO*7?d5owNumVJxgek)$1}mEY*UzE(`!UnhX9y!|Ot)&Lk3P zM5O`0b&%^vZj)bJoFXXqRaRU`47WZuwNPYmbjC`$$Q166q0it4<}$bIw|cQ_qK4|Y zlsiHU@7n5_o+k|_9k+@8Rr``4_~?OrMO-aN`5wbkVA*XnkQ;hIy>4U`f{YCkL4sJb zYLaFq-*ZIN#R`>FB2WXwhj7sKHeuBLt+CwNrT#UtNr7o$liAg!h=WHy~hmV`JFb?5-D%iBy<%So=;i&raa+bf86Nz5C|0ax>3U&|u$BWTQY zpMIWkw|)g(2&ks$pCXvFT$)}f!9RjE@4RoN%*}t=iS+~ZisD1GA^g8aq)Ir8?V4~? z)|Mv5pgq3-GD8ZmdN`(~caMsrKl{BoI_{UB3AH<_)Jbt}m-;iVA?hOCbyuJS0JjDV z@QeOS`F}~W*w4c{biRuZQ2|x0z4xUe8O|e_w{o#7&7he?WSxBIE1vKsG$oM>%y-+c z8Xa^xDu5A_cC8xx(I1E^2kFK&U=^UNDwYfnN{YWV)$#k1K_KQAmJ)ZocnqpzsPdbz zBs4mWnwnbb$1N{(+v>Efqh=ARQK^6RL@cnf(B@2Zo3Wd@wXfZ)NX8B&)jYG<#)3{~ zwWf=c!~m9T;XzpWkJ%~a=m7-5rdnEhGYILU3;>*K)euGr7LKg#t}-}B=G4_(ELHT2 z?};%GTLn5$QeK^%o_;UPQfqEKk7Lz&<%ckO`UOB?3@VY6Gv`al-q0+a6Gz4@1_)*{ z9Jn;K$<3Iiyh<2;wSF>KPTcL@zq+*LOg$zB1cc{TT!VUat|>+8l^m>mMDNWy+h{r1 zJ|exh-XzB^REtsDd-}#Z6kPGSTmjF5K+g!ja}SHves!Scg`n{A&)+zOX8N)X)YAs^ ztqw{$t>34|fU@ImQM3tVCKf;OgvTG@^JQ6 zENqz|0}l92oK|jbZmOQ3>WPQj^QoYdJaXE1&itCcEW=+nD@fI<|L$2QQ^xo$5S{0_2fdLcVAj_&$XHKlF&RzK_U!yDc zuhA`kjz%b`#iaCUY1K{ges}yqPhrMD2HD0@OlJAVh`}-ASIRK%P=Zua_VqU}!DXfy z(RPFW`CTnZd5towKfk19Ht3-CN05FdbdHHf8ZorTJlNvR?VTwn7*4xQsbN%I2|<4R zP}`=A3D4|)8pA2-aK^jM20ou7m#TIGz2ANMP?*y0Z2u)vFgtO9n%qsOZJ_-;Z^${zKXBJxv!D!emXg~D zw$SXPxb>V;lm2o;Cd|^1vio%-9f&VAH`jlK)&dR^~11 z!^ud*pWzg0pt#|jDCcff)q-2&6T~{f^f0|tFMDo+H(1`fOe4m%|s<#gUv(2_l?=s9e zHhu7CV$psTBlcyp5sB?C7*@_*gu(B^G=)3^LOri&1XqJhi?3=s#3$8-gkPKr{JGg6 zH$lDD;XA`Zg971hnP$Y$=Dod(zi>`1MB~AuQj1JL%PY^?uG0mr89&$>t-qtt#Q17; zW_!C#f`m*QgPV>@dCC=YuSEu$_Wk?DA8m7^h{fz}60!o+*VX47Vegu?f?9%W2S!(3 zoZgiR&#f(A?tivt=*{GM(_YxG*05puMg_?2lnjqT!886q=y~Q^*PFVcL*@D;Gchf* z1uLte-BGW#)b=DAVwzguC(Cq81@Uht97hYQK40#M%6YZHUe@&T!Ckj5Ev&tETPqkXiEQaIpUu+PeIPu}vB8MKN<=$PuaUc?$bkm%t*Owl{Vllx0~ z$TuS6BHe~TdNdoemdN{lVBRi&^lT+3(5AbOZLSgh&_{-3`To&T06Fk}s!sm??LvUM z!s)kQ%+W!++~1iVaX;aez?6*+oRDUh7OiR!Lz zElA|^X*Qzk6E8{!n$dl*_2Q%Vu7l_J`pmu>rv!@qF>`atj7D^8)f@pPS(^f`S8oQ0g9UVx@{deJug>}zrMc~)bZFG*U2krbRjVfo4Ytw zm!Il7e~&Vig)NM=tRBEA#}FGqc(IjY8r0x5?En6^6*D!8c+WwUi$6(Wg1z=ywaK=< z;w5PhH%NWSd(H|MK{1*#e37Wwro&s=^BKYQa0Ei{-b38#`IL!2I#fj(nlNShm9Zhu z=XU;tW3O6>#N^Z_6Is%MqM$zR9Lw*Khq`JD8sTOZAZe+Mt1T z?)~%ke5GFx+uX9ha@-=W;EIL#E)ipE)5r$$3BWIGw@+&p^YU7~L0iV0~d zWS%0kB|C75;_w>yLd|jTnkqYG_Xc&oDeXonBfQ(@OFL9z;|sx>!7szkGY-~E4w{o3 z23_D+GBx*2E?2qOtBAtz){n0~q?0*nr8)E~r<>e6a0wt<0v-jbtl1x{sphWtLx|dr zcWr?0@fN4d`oOa=z8@6D%(OC2F@{IYz;l23%5kbLx8P}CQMiYO$&xEajMCtfak4{95rXAW+|4tr z;epYS&~Y*(=Z)YmPE1q2IZ392)P5B*nWMSQ)i%V{0|osGxAeDCdUmGCdTo{&ncHxV&Vf1+zWT% zr9784Gne&XD;`>%kQq= z@1CPxU%vi?biyTu9eOFDuh^^WhpBCxva6oFsy$g+y*^|4Azuppa*qmg-$+^Oj!ZpL zoL?Fj31HIJG<0h*gY}|!6XjP8jtuJw`mKCUleJ=0A`i}(hSV@u=#3bB0P$6|e$@y; zg5E1uhaaC9`*04erk4(h16%kNeeN(P5VTAevA%z&d3k~(MEv<6OYzu-&Nfmv($3-_ zkMl=C_|32PGn3bcx{?%0I)$x=Nw25c@^$NijI;XhUk2Rf36FvMT_PDT%%oZt?$Fiq zew}yI$Gys;lHH={j&kr0bO$iGF}5O(fyt*^(XyyO4q9zlp+SbFKO zygXi)M7nHZiSqQ0A?I&D_tClSLr1e5^xIzI>?JknA>J6ig1;7^xAKTZOuGbv<-#4xvDi`mu4X^!h?u+K+3yw|256UzHTsfX7F~V zx9qRR7bDK6#6TGIz*1cAr^ITU;PqasNMb2z8@k<{6(eJz*+iIfNs7~ShNu@)O@FiJ z`6ZD`K;DTL6$oRSXmc$0dMAZaYuD=#x*Z^45$8K>Ml$xl{ujW+GUb$iH?0Rh@7AK; z5So7B>&RdM5@b)muKa#?a1!cst-2#SHpAXZ&eVmQwBKwiP>O&0WZBq3G#|yub&m@UV``6p9(aI`*K+My*Dfc_Lx7=oJ-!+TLho?St?r&j9 z@=@QDp^E^b|C(La8Rr2X^%G$!f{U2-tyq-P^|K_2-(s((9`*$)nQ|{>pKz=??z)O+XRu z4|lvnVx{-hl8|MVYt?~sF6)~16d+lG7H;5BacOTmk0n{LvQ5eUNPyR!#SPhnZfLqp zWgk35Pq1YEiV;Qg@|)7l-h=%_j$*9cBj^%q zhzJ~<@Mea9T1)^v(w15eZ@M!+LuTtz%I_H*unZ(>?fu=-$*45xWh5xO${k*reri~S02xQo{@ zbpzQ0$C8W@Cg}&5g|srN(kjKk?~bS%@SLUnK0MG*@#Q4sqA+-)aS07E8#$aRj=BS< z=YO_qv_Ha?RdUYuZBK)TYJ2nkTwB3)^0PFPyr8}iB0zNZy!O-DEJKlu> zSm!2SWO1RUh@Z9AaZx8pTMwa#0b4kdhw6`?#Hw+mDQkOo;3PsZsO$LSn3%y;S({oy zYxoWXWrOHg;&#EoTQqzdUf@-hFqNW%%y(wWkClQi5cXf=IUh;1)!q5A-FxQ0?!|Z| zjN9cx*Rzf=os*(oTqU(V1#i4kk$uEGknxeJFZj36sH^kVfEo|xHWio%KJ+v%+MzsI_L~IO6?mO#NFaf=8 z$+t#c%V1AqF^Hd1upaV!x_)GP-Votv+HEy^raG)P>e{7l(#LniL-244DpX?vPs2M zA~;j;;So7FJs8`0n~m%lZF#{d%D_KZvFP2drRUEmC_Xzf#)ycDz{qdql9k(0(}KW? z#m2(db>ttSeqj=Kv9MasrDbAl9&E{b9^D*-A^Gh{s*Mk6DNI!ng}gpNz7S-9=iobC z_K!s>>qzLa{Fz&`O5O?rk1amzhrYo70($vr3eC6y zwbPAl424^Y$J#*99RqoMkL?!|WG+~A4k!JI_;XPA+9{#;YMi{xZOXF7_6LbzS=g^F z(o;g7Uj7fJ-ZCn#CRiH{gS)#20>RxqxC9OE?yiHoTY?ijxD(tR65I(k$l&fScX-b^ z-@5;2_UheIRsBe9L}Z&#+IR*ELEAPlDtl7FWPxY%Q;|IP{qJEi$(zj|CT59No~>7t zMA@;Yz%q5`FNW8_51)ht8p4LJBr3nK&M|ZfVVvdRgOxNk%gz{veQEYf+Dl7iJeAhi zPiL%i`_*gU-Af*S0@C&#=*lb4mei_6JYSK~?XOB)AvQt`5twuNI?q}zxrF=}odnpn z+h`SUkvYolm6wqH<^a_ItS0IB`?~{wu~J8PcB9^C6KT7ob*n*cyLEm;#}_+ELQK_|bjObd zPqVqNIQd(d3p56}-7vz2Hxm|PBf}E;+d2-P{iCGU*`p`-IpV!hV|FL*r&zPRW#NT@ zl&o%pYAv!9nvEY-yL2A@O(Z zQ@Lc*@nQI41HsK&!ijNbc`eH;jC5Au<4wBn-F(a6#V+9O;4DYxFwz2%JOrt$DL6n6opy@!_^OJ?GmAmOXP8_ZQ*d8RWe^^+}2pGVR^?wSnS56~xL~zB$ zD?I!8;cI>rb>cCMovHAAlNFEGNIF~5$Uz73O-CGycg54oIx%;Q61TrSQ0$JBm%6-i z@Q+`&{>_Ddp?z5MRZ`q~WB_H&1a{Pi$%A$S%CjyAn1m)(Aej1H3&zC-DVyA{aZlS9 zrDTN>-6iYa1Y0IG%=xpij0OPAob8VUIzH!LUR+xkB4>Tr2yWgT(=z@aNJt81YP^M1 zeg4%x(?X=9==ezM+uN8(nsH=&3n9npZCs0~ug?slN}(UJDp67*_WGlsn&vE`k1_EqRCA5>9$orz z>REEr-w>lq&SM$DEi5PhOG#F+etSDdL=m76yrL6?{!V?yHfVVXTFFes#aaE=)}cN> z>vefl?WLQ@A=m8LFFabTwZA*ZcP513-X&p5p#Ly4TNCK>^r7d%!F+2q%+t9KJA166MhKHUtz(UpceC zFxRxmksl#*b)j~g+LRBu?@f7 zwvm|P3Ed%p^aiGWAi((a=%|kBTIudhW?Z!Ovr3y3&Zio|TzWA&*Lgn|%?`tqa7aPI zGc2If-rS*aknmGbA%)X|dG`Srr#i)BGis>Hgx{+6L20eJU%MGObwqDpkj||Vv&r(Rf*8U~7OY6Xr?`8bkddzN%+Oy&MKCdL0P=t)aDK2&b1(#lIhy$2G z@7xeG>I1We0PnKJ!s^Ufn_lhycj;@L8Wg5?VhOqH;kB40>t!EWE5H%3b-SbFvh20& zgcVATb4QIq2uR6-pNR?p1j!Yzf`?ZjHlIrQ2fOvdeYw0UUdm%f6S7-Hh1B<_E8JTg_KlY6N zp>_B?oT*DK$2gl)$595s&>DT?3#KJT>}9@#=`P_kjC4*a27jVC#H~emHV!Lo14Ag$ zfEx5aQ83Ri`}3Dc8=#N1h5JF|&Q7q-?}EOF4>ZQtO@65LqeA?p+BUHWMp0d5T68;X z-|+XRg0a7W5H=r_W5UReRkX+pI4TISweea0_6><5NopN<923Zw{MSCc7UhL)PkKQ?;vbLwdL37OioIR6daaz z`b;Jg-pj0}J~d!8<#>K6d{gO-9Dyx*RLC2s%iA5uc?6Ma%jS71SCII&t6-o@ZKd`k zmZ|9%?My7G{zVRnP2Q3|;2P?>*`l%ynIWVM!hqr3<$y_-p+zV7F{@1g7fKUag5g6^ zY+>3BtsC_1aJ=`IOGqc>cW#QHQI61q;D^V?TrQE+WcDgHDOLKFpBW!lro@(7u~8i# znlWlxDXX;w2sHL{kKG&(LkTFw_Eg(gz3gOtAQ00`dnp(J`w>YGlhc@LNQ0IR551%YoSFH}GRvK`_lC|e< zj?*MiR3#l?a+sRQseY@6*nNKXOtu=|TpCJOh-EB2By7DtL+_-?%<^)Lua%P?9-nAT z#HZfrMAlG9kpKBJ5x}d%UAwyd(TKodB|+haN$1ZEdeRX$t-kF<>sEA=c~v>y#xH)* zLW}*3TUMLXY3!uk0YrS!3CR&hgV=wQ4(;@b1arF$>rBFi4KFEy=NgeS+TjQH~<@9%h&glXduK>sR z3%HDUfmyp1;!I-KKhU(rBmLK6v7{QQvW99%9oFXHr11*-NCJ&GColSUgV~e0{u>K( zj-5Zi6v;twM0ehs(Enq$L%l_kF|Ty@%~pS}<6ynHNixjgN9EZ#?M2yQ$>bi<=Zn*I zt&Zc)9@UCr6a%t!kN-8TISI{y(n_ ziptYnT!o)GI@$L-?Xc$_m_iz3@( zy5!Rzi;j0j6hYn)VlPKYk-IzsSBZ-!$d$RPt72HCXnoe-B#-Hy>|yS}eYcx$j}na# z5vCtpix_%a8m14!5ia(DNV*{+ecDuz7zJXRfm3m3XE$+)8|(LH3bpk?`27tkA!o&@ z+X}c7${XoA`0qdWi!5)XR|nis@}@UkykrAS`j@QGhTI42=NnN<5CB?wlSn^-OaTbA ziRL2d8OdZ5^hBxlF+kuz{&)vX?afwEH&y8*q^zlpQD!N2Uo8zR)A9g=)^@5z9d1U4fNfQy`fm}WM5ThQ#&5%VKE`A1n}Enk3e z=;H?#a;*dh_<>6+G6A@{B9U_?ivMm+EwgLr$LGKk1Ogga^5O}SZbwDl|$g#|c zrhk5xA3t13H>|y-`~OTc2SW}SZX;9+X*&4{Fy6;Bln;g@DR6B5n@n7q@&uwIcc>s z5!kbgg6VB7b*t^?#z$cEO6`F=b3}l4c9?M*KLMuf5*Axl*GWGRgv#$bZ%bg%u6KhO z8I$18%Iytsa## zt;S5b7|StdcCIt9(Ym^Z_l*czja~sdr3JCMqYTY>-GsEM5@>T)a84)k%|cTh)O7oH22Z5nm1( zG7YF6tyq4VJQ9-7y}&1DuJ0&1TBve;nn7X8ahma(S_YFNbf!_%dh{Q8MvGKA`?T84 zN{@CgELtg%bp$)^n|i&nyWer6`D`wpU80gR1@T~;lHoIzOXSdA*Ri8lxc-l;X3y8W zJOGSgusUVRC%?e-K(;sDt8Ixk^3JVDPj7|Y!e308FOWmLE*fu@btiDB#2h+lusani zDePu{+B6<@ynsB9Bg$$UWgS$mTBrBi>QZ+%6=}XZ@{1?j{%~cjz?a95ZwX<-wdRf8 zM_q-|!>xaGIYwWv5>icOB4-TtgSS$n;)){oRHrF8r#3i*nZKYj zSI3vW@%&8mS4QQU|>!9&>1oRR~1<$9UqdU#CDsXEH{pU%31pEQV2o}M#rV< zbu0_#-KkEv%TGsy(d;C6w7Dl-`28yn=DX(|?TNm`f+?Oz;z%s3qb(k%l-k~nWFZxW z!OAKAn^CqY*r4^1%rCxo^-{i%GdobnH$Rk7sFlfsKtZ%$(@b@ZvWBUrvS4WRT-I34 zjky6p=(FPjE-TzSWdqn%&=yNrt z%gmwtqvUrLgG|e2X8%AMPB<4>2cbm&`oL={c&~+^Z<-v5vfgH}Mx@bueF(3aOc28o zm#n|CT50+4YLHEXy;M<`4^@hz`Rr$?LU->iUB{0-q7f1lMei)zU(f@)^)352M(vox zOX=T|5mg+4&d|vH?3$ju$xEd4Jmep*XzX%7z7=xQ`&FhW$uc3p?QU=1`)7$+QTcz# z%_50Zebzch<&x>`+^+!Bnq@EHwmWQ8bXG#9fHo*NxDO|bmu91IskjomV;6;b>KTSc zAtwiVvvrkO@Iug^rqg7y&|OJbc5~^una-LKLQ+mw4GaL7f=S90!H|wq@a8)pl<(uX@ZXJ{`hgDXXMt|z^h2(JP9qlwh?Q{7phHm9k^|*Tq}Gxmh#xVz)#Iios>kwl zqM)Gf1G-Ok8l>w(fuhm#w(SrY*o1)#D?nK2<V*Ab! zF+ELHy##puocfTwMrwkQRBpqf2`}J)XMaZyXh)th@6z;Pww-*8Z*Us6ds9-LtBu`! zxRX({$Gi-wSHA7(>6p>IO{a^MwSqq$lAtV8RbDh>NHE@qy8T#1?{1J$u|>w36ZF@F zwuZrg8yR`xPWt&{?K9u+jtJYK{OSlNUk-^Qjeh|bdljIi${NUAw?X=@P9x{$E~`a@ zg=~$_OIs0QfBIH=n2q(~3EIg-i?E~%T`7&5;~#x>_)lQh?ajCe;oV^kKD{AK7YO~( z6jLzX;BE^m>bSew%FI~k+q^a^poGcDakfYHKKbg!Pm5Fo7Dk|zFQifH z_U&ceP8q@BI9G>1%O;8H!`tv-AvWmfADR0yJ5``mCPKk-oqMk(bETSW=BMVM$8i}H zyIIkeud9c=y)N#Rx;5|<&05buUtfs3A1TNhcOGhyGJYpk(1779*1{#VIq03Sfz*N@k zN2dPi>!VP%LLum~5nU-K=YF!Ri*TMc)`mkFKUo=ZQuk}Kn7-{-)SyKn;rBQfUhxgN9iBlX@lLFPF3fqwVGil3zGdd* z=g^mXe!<9HuIj6r1@_J!G*cRSzTLdY?VU?!6>+fG9C*xlQwV_O| z&ye?oy(>f}Abk*id>HaFNZ4C~F6B^$Pj@oYt2equVUi(yZ(;-xaZ{-Xg&n4aYQK+F zV)(gO9$WcLN#Ifr+sA6x8B(dTC4x~nY3yq~#S6+4jD2t3897;UArxSaicwUp&w4j4 zZM!8%5k!Dl`-V|oy%0xMI(nXSi*ITMS7F@?5toC49ff~_ScBqhQxE@2dn+Upuu_-Q zfB(V$fg{HM+gv;1gb1O-DpZL{YWvR+kMEvJ@24iYTX3fj802ldYop8miyA{6axPT{ zNBiE@-lCC^i^Qu{&3OZoQC$FVI!Off9mrFmWW8-WQjH_OdxmDnerB%)JQFR)rTvNP zt-O7MDZWaFX!jwVsPU4urGFuALzH{J^hccWnFqFpx5&*WW>z%EGQ*r@QK%EWU=*z3 zlr;L6YoivCbh4~qE?GK1t=-ohyN?-7HZFDPdz*v$fE+x_5V>toItHtWDl!9QkQA0v zW<0SI;=&fr+6D4Uv76FkG+R;$Tvul8_fPBsh@4bV2dIZG!|3!LtvuipD@65NpCwdM zy>ee`(mvPv#RF0yh23bx5XiN7^ zOx6x{?~^gqrd6R(;|>wynQLT-(EEp|FE*=L;{CuD=-PMaj#OUjXh^ZGIzpZo)URql zyF_&194(&JWHyns{;n<#O2>wzay}Og0<@rqtDIF^dQ;wo99^SPh)tz?k{H54WjpBXgkp%w{vKztwxv z8mZ!VzV%eJK@jXyVklhPbJ2@0IJlBK7jONQ zJ;7MGq59u6B+c=0qPC#u;m~nZ#FEucAD^OK8}ysniZYQruBdM^q)s8YPb z6kat6yxN(Z69#COX)jt`pJ@BVVE~jU6Xo@$Pqi>_M#}8}5)U&~{pc%NcD4+LPLx;f-M10y&kNfInN>ER9cA(Z$yp9gD{^>1*LODIquWOa z@%nk{8z4V$@}d@VWGz~gw7i%;cZa%KbZFps^Gm7bbl<{+#t5M#u+>w`Gd}BJwLsJt zf%QH%;iyMvPR;0|quUgkhhd zV;gG4UP9~=5MzTsER&pP<6(Y52jOgD_;*>o<IoMFU^8)oL^%F#ddVl2v()CC_i3 z^@jcdM#dxVrvG|y$zDwCd;>H0gVIxlA{yXTmH%rGyZe`Jffh-VK3m{Y>Q%$7Y=0Y5;Viy%M${J4DY(rbmIGa%_p$k!YSwIZI>}E`I|pa zT?4#~gDdvb>i6moSj791d0k92@OIC$Lg1DR6RM_=GaIP`cHgKK#Fr97@r=$hrqXyW zh&9tizQ)CH(zZpl#iS2LbD_t*@oo;vc~P*dLb+KMWl=1m09+m$lLf~jJdP>q zr|vZ|roruk=L`<)(lR@_VB~)RLD(H-b_NAVj2R+eLknfJ9+ATeef#4;p1+L5e8z`s z)ou=|d5EwLzxLFSP35uiCJL}5jJEG9BhDkn#H)Aj!{$T`*hM_M7_uSrZ3_jL>+A>A zYJEiNxIB&}J=p2$RgH$NcJ1&=xHa{nnz`-`aXoG>(~EFU0;pg+#XjJ`tsjwb9l(qc za8MEa8nPVk@mz7#A7|id=*qWxRk-U^2&5%`iqRY;5XFjW}Y4ox9EDPp$Gy9DX0lar7N473bWJlnWF%=5b z64rxix@iGoY!3UU&bj72+}OQ_*T^Oofn@ILp|zh}w-VKAkgjE{_jV4Nu{TxCJq%YC zRqDdfjuJCxEs8cV6nPkq5|6F_Ek$jhiy*{-xy31uiKp0bT*()$Ubd$$C>qs_&zI^r z4d%0ggeMk~vei6M4#*x|LSZ4Q&^7h^!E+9X6RXCnPLs02@D}80ooST~vY_kPsMj{& z)@Y-Iw87@XmArC2n^AoO?6rd28PDjyE_M12kk0aRQ7e(j2YDm$hA4$JuN@tvx<#xx z*?RDpdueXu|A{$?8&020NLg%Ya{`%8w8oymJ7)vN6(C`Squr>|0SucumivIP`$7^% zg2w0iJtP*X@iAQX?$))~H3qPW)B|oar2) z#lKIL)xvwozS%L|A*QdTcHFIyk}(K(&Lbw-lbhx!j7_1UHIH*HbPWM)BJz3*3l%S8 z8F&Z^Ov6+z@gz%a&*;% zx43;UZb6kXk$oXnnNHczn<7zxo-8=AY_K;_+qtx{`FLaKI|R=W9^A~hYrHG`#uy56 zXBG?ln??RPE7!J@ictKvMLBO8u#i>%iC3VC9==;-$^+PIr#a~}Z{Sb!vnNt^mYFlf z8`qFC`^0{jG&9Xj;7UVr)Le7Z`y(RfEBT{@s*!G{Lf&2$UsQt9$cjQI z#@0>wGfshcI_^?};l5)-B5~0iaSCe}cj%)YoQ`j!{jrv9f#a~r*NxTRPdU;T2HT9o z@xO>4KIQz#txOka?g;l&C=ksC@Wei8rzH}uS__<0?B>~9uI$=iA#WHDk6sw5U?MEH z5nReQxo38mNGeXfrw8iT4{^R=wwjJ*uPEO-cV_&eu~`4r_$m;8!;f=OeV>Q6danaIJ|jJV>|-Gqsf1i_#I|Wo zP10z?jz;-Qm&uytUCT=(GlfiUm|2=mm>@h4SYLD@?mW*u#tzll$J4DZL7}*ikXoC@ z-9_Xvf~=HHmh6IL!-XqS^--lgp3b_!)+W;mERShj9K~4l869>oUo`BWx&i%da+HJrO-tE!rG2vk=<^iQA+rd$scdoML>gAc^RCNbQ5Do;_8J?|I=RUWYlBU|<$suP z-fsG$sLp&}q#L_&6<%)dPg4@eRZSuun5zGn#owsuP`JFhF5Sbfk6(%)_UhAO1Nq{(zfjy1Df9rud@yW6;yhYHs>GE z`cKPOrV`Yw+tF(K^ZxK$jDg^*^x2-@ewdBtC40g$?{sj6V|a*>ow zXRzPiKl*?AHZKdM7fYUayOXuAy&GSGyb(9>kH0+yh2#1D`-Ao)^oVNMa-Al{pXjUS z^GZy>N4V=`btnoy&tPua`y}W4`0r2%pDz}oFqjNwddCk`2jxrWzAc+h19RP3-*K1d$;(W zSv+uL*Z?FpKTq>ztr^ts7D8f${~wdT8txhN}){tY~lf*bUP zAqg-AFns6h68vEHGXEz%(NCny*CPMr_ADD?=Jd;kbsW#$m!Lwd+P8$nZ>W~0zgVX1 zFTe*qUKz9796(9|70PjOS5ekPnp|J8a6DTNVP zFg%nK&%f9i5di411CAqvCT7cf&XW}JEE}!&_W7-31}k;XMXvpkpdE4k;%FM`@12Qw zi)s>vTYeaM98fpFZ#apIz0huMhvXwaPJ2nymX19@FOw**IrD)(E!fR$k998GWa2SLi4@g_CZ#A&_jz?`3_ z>sQ1_9-a2&nn_xs5i=yst73I2t~@luECYjT#a{CAoxpprY2~j$)#Efu(}6A6)_K=% z{@YwDXz*-1ilETACYcpB5DzGcK) z)a#ErQF0?qCsTn`X_z}^79LQ~^8rLdGRwn!OP)Mdoi#Usn5XJt^;s*$Auq21N&%zU zHxo`v&k^#RMP1I7O z|Du;+*g4MR8JJKvJlZClNSm=a>`@qWSYJ3aAES8inK|2wU{|7)f#fPAg0$4AM{!P_ zs8v3;##!{JYnKDGi;dC`Y=2+wypH{$b2`@pgH8-{8_rf(29cF~m+T#_hBMpGgdMmO z+g!H&kvJtNK6a|2(j^YlBz!2wkd66fD^OUt{Hs&Se1#17&t&LY%B&#f(&E{`h7WBo zm49-PuqFGJY!^wWKVzb58z(V7N9ohR?zWpuj)tx{lbjm8lfX+$k8Az6U3K|O%Q=Db zopX*mL5Jvv?4TV3pT zf_NwvhWy&qo8sR$&RjEYn=g1$J+P4{Lb3l0jn-iB*QR~erB6+%g=&yh^6nb10Ai)s zx{TK!oX>8LVi3rtX0}wPF)npff7Co}$@RH)OF(Z%zw`&_(<+>3Ok>-Q6kH%4oFE4y7Mu*YAKBFRn)LsM5r` zz-~3wtp}u({ElHXX-SQfAsq)m;1iMBAUwUZGzV4Op5oAtWySA0b7DW=f!*QJLQ}xD z!1`_$Hu>ryb$kkPNBK0f#=ZN$$m*W%h5t@ulq6!-U%zF4rRwM!R|UDMjpp zI}?l`crkqPq*~TnBdGS)Gn@HXC0M(s0F&dnxtHk_RSBAK)oI4RyXMz?zI#ZEUQrUM zU`MbINpshloh-^AbA~hcDhTHoU2iaSvC@SfC6?W$-I=$r?Pa-yyzr^x}H;n@W7k{7Q>2h%yGkbC%ZvEk3}&SRDO^?LOCnp4Iu$O~P2Xgx@$Vb$!(Hda_pTq`AKE>e+<4{0l^y(k z%%VL#bdTRpT_{)>)1jj1>{=*?ZEs8q&Wy=g;s`Xif1 zC6yM+uW%x${oDr1O6&A!(gzv7fuyZ~fa{jydXj@x87(N=a#GGyYF%jcyzJKbrtx_T zW~cr_pC?)MB``3$lkT3X0mD;V3J+(@%^&?Adbu^JQj>gc3j$b>gYEa{V|cDAd>gZz z8Tr^_f16HtdhO}zo8>KmDRG-|lwjQ&<9DZjJc8dAeHL z`@*$*_C}DUp2lA94ev&jV;6=khNwyKy*G*9HO7$)gVPKA1gh~XF(d9h&`w%%l=Qwb zKx!ewol$;wr^}A$5NZ1{`$~C9H{(&L<7C?#0vlkdqQo ze?*AQN_V%GA$BZa@|q4c1>Qb2^o%d8VMyBuakoWp-KI-In+jz&pB*_LI!9jM))Zq8L09`Ho|J8J`8C4(bVoovF@-!)0>~YyzXx3Aj+_iXo7;DC z*Nl-Ewl><*x*h3tUO#X0X(-^dru6A)t!@4l3T}FDBg-+KWQf39;d8-Yd*9DX7;hme zc9I^Z^N|j1+my*3Xc?krFp0dbEdc-&dF?7q&x55*v3-mR?w3MzjjPIFJZHM(?~*1F zx5j7?`hL1DWITSn6qiX3Nr{S*Icd=4`4?NxO|+Y3w+t7YKKjke2?7^d!S2Xi0TB}g zhVAhhNG3|oL{dtqg3}iYC8DM+r;d^Jct?_BLNM$Y*LTVgdb(wIL7?2srUPNG_FQr+Sf_w zg;0Xf=(uASRI`H?P`o1M-iT^5*DNG}qI2{(fM6?RB zpKNzFCu9(hTg)#RXmOvxfyUmID--zOJ+tS~`74K;U>%W0#s$v@Zr`$ij|w+`Zk3w5 z!VVPrx?T+Bfx{>CBa?nOrb68VBC3-{B_~ysE{Q7n8sOeAwuP!ku%g+QdR$i4@gG8w zqLU&%!aq;uaXy-w-0G+EpEz^&-oh8Ub4b3Gvx?lkeVpcGLVeb)tZGIJ>(nw8W+;(I zqAJ0`26|O&*`4&xDRrn}htnzv8BkOPJSR-X)8X*e_1tB=-NvId^&D-@8BTFr)90YP ze2@+Z%gw&0ukpdyi>j|)Hr+A)y8p}-+&O>mi`rTFhL3d6-jvX4E2##bqn@JkgXc<} zDl`Hy)T3)hB07iCymBC!$+SFv$MOnabOTu4i5otpd%U9OC=5t3ZD@Rjx3NPPy!g=4 z)&4oaLIR*954|3?Kt6~`7~vq4NXYx>RFvZW3-4%iEU^4lKp*_n=KV{B@RAy-1?Jz? z0btX@4Ynzcw4MCZc9U)kE6e=nlQ4t72KN?6VJat`7=c?SqH!#S41OPK*j7tXTc?%1 ze_2POuCKWb_YUn5v~u8!aDe5jG=9&D+2)xhO%yz|ee>4(_rtO^|2v!LYV(L!SAEv2pmC39z zuPVfZ;F@>>2^~6lUT@9@gG9~Ah7VQaMYhl*bXjtgpxQr#D7C{a{#5Ak#y||K;=7$S z+Zp1|_``J* zUOt}VX7&Z`CsdhWF1LRJKK%Kz)=d_q-qxqT=HH@MW?G3N0DNA9=0l;C!%kGIq+WR7 znrM|U6$C*hxP;B6aKu=VK7CA|65y}UCa~X01zW$gHS539D+Z@_Kk#>Pk=T+&0v?tD z>9~nbj2QAq5wD~7$=>-CgKt9?*H^Mt_ zpdx|QvEu+A1$I9g|MvE1k#HmNgrmuYE+dZ8PagN?RwQjVJIikc>vgu()Xv37S2>so z4cy5gO;MZXqWQ6Apu_mu>iYA(>0jGywLIIkk-c?A>ViH!GfreWBxgseuu~y%D&$%9 zj`5^e>qXahIb|=AqH}hbe?8lh+q1|*-XQmpK9AxtyGr%RGUTZ64xv?2JkdGy1GPOF z)i4A4)(GVN?KeAC?~V_?8@!!n3XF&sY>!lS{sS;1QK0K#74lMlGfAcPVKw1 zJ%8IVb3w7dL5ThP4Ljm#Sp&uDP;(0_)x{h7P?ee))C&ljq0tM)JS8tjwO z>ks6O;~oZnONY*38GFR)BsjL5Y(I=^_6Yk)T-n3gDh63F)?U=lzamcv-n0hN3XwYR z?lcu^iS5n%O|)Nk%rdu>@BeJ9ATgD&A9m(agn7(*M>NWeZY(sJXA)U_J3VejAo$Tx zT2EY30BC__zM{oKv(=_a1^8vLi~p?7QSU%yWmQcX!^ZFEs}Cw&746|uexAlAjz#Cm z3GsEHL!Ug4U^rz*`WvK@4d+OEan;4 zXbwxr{iv{>eNUDii{-OHd#qS++ch_G*Jv1e*OwZ;g`TARR-(#SE zCM5-H1Jgi6o{#02oUdK>$0r0xJz;?F_z(&PsJ1H;R13p8j_fV66Z5AqhJi{Uuf~yi zASW0d5yCLd^(ev>WXk3U1m>{rxi2uXk-Y0lfAzI-5HrIker~z?nxH z2ksd8k5KUs3I#Fa#oXvn3@s8YdmrW&gceYGOMQR+_G|!hemby;>X~KRoh4>pQX{qO zhNW`I^?)!%0;fIL^S-*arZSb#N-?%~=>aP#IUd`xYNNT7`&l6({Ogk24}>1}Lz809 zp#m`Qj%qW5e=Om<)G8^i{2*3I@MihCI>{V5`*|orS}Bsm6H8gCMoxwr#dp~7uN~cC zN@+rIpmg1M#}a?uweCG0SOQv)XW`<3FFoE)MVyjkbtxy^g_%=#V1_GJp_uT~ewOGRvz262*i`YltQqRE~q2J^&0R*pq(Zvy;qFVX8C$hNt+Nm}px7mXs(*UMl976z)L@21jT=CaeF$)FCmM{rVb8FHzC}I? zKc%?%R`XlN8n`m^eBgVdPx6dKf@(Lg*HrGSmYlXS3aR4>khEO)Opxj|Rl?A!Z3J^q z&p5mOkAzgFkOOp_kbTm!kPkvY+=sA!-NPXa;KbYt%`cV&s-2c=QnAX~V>Bp1MpM91 z(f~R;G%A4{BC-F7P0I6zViXs+9G$VRcV}HGL6$Ie8Mv^Aln`!%OhzyiP={BWlfIy8 z5a(^@Iln_fRVe(Y#r}{BLYi^c1zPjcrVlG{lbkILEanw&u|oIWq_eCYUf7-dV;Q_I zcwQCYa~sU>Lq+0@f&?lWV+%?g1Vf|0&xCJC(LJA99!_&!3!!OFeeCB3j(z%A!uU8f zKA2vRpcBi|EnO{XjUi<7xO}-~@=Dw_H;dqNBOMiokSqbwI4HpFFHlIFjgW^H<5>c6 z5X5^jeQF07>%2v;^q0IE7wVd0LRJ%0wH}xnb`V_QQZ^W>N8 z4J>OT*qb?DFr1?qVF_9kUUl*E?}u^vxi)kzdfJtq4iymmmQ%jNmz3s(% z8#4w1a3U*vegIopeulRJs200icNu*c)Vc$%jgj}r93%}kw&>J4RAU^Pvi|RuNQ2SS zvL})c|46B+;;;9!PJVZ9!t)&r#EJY4nPY<9dMzXgxs4QH{Q`Y%5YNX0Pd#8$Z$Dlb z6|G|DBqX{ZAiI^bwo%DnMcD0B7tNMD1^nC9;e=)V-W~Md8BhfMd+A{V+ZkC1~pY8QJd0FnLd_FEhMtYA4iQ6KJ!Cd*G z12C!EL-#S%oMGE$qCh% z@E2`Xhjio0q3UFcydeM2%kyGE9x06Xw*cgL*N@QD73*=B4-qHGg&gFDlfRLJW|`qz(X?6Ort%74>$%^FPAH^-49F(n zZKtS2gZ)Ss7!Zk`Y9rG8fMy(^ALYFLO5wTVQy$G3erA5 z_eNO#kL&ba?<4<)-;VYs1B|Oc-VCNd~ppfHOl$Wlx%^=bdxw{YlA~AKKHFdTl&!v~btuJ?E?P-X#(wH#Q_Ov7TkE@<^ z&Gi%H>slPbE&ns*viBi(vR2~3eq;)C&Py-_O&b64%%yTL1l3J0(+0e-?ajP0B1&s zrX-#PtwJhD1{r5}Tq|Dz8Z0`m7_X+s#dc3r&ZbApl54F>XWkhXMrhRjxs70V2pvKv6`)Od&3cuwglPWh> zwJM|^03^&v;m4>Ki59}J;*M{+y;ZYCvc7GNV9P#w5`yb<$+<6H@v8k+E5&+VYQHc1 z5X$A^<>I6>o#E`Llh<*iwXqe!ubJ{a{$Y^q*gV9(GTW*MiMr&FQ!u`#Q&)@=St=?f zCRWPIa`(20_iSc%?2FDvb9#ID+f!QUG2dJ>nLamAu8PG7693^-5%&t`~?5`*|ws9hlmy7;aOe z_yX{veWvd}M-lbNZTWp1tefj-7CYGn*?;4vfON4yh_&z0p5R>vqVos%XTo$8i;8ey zGWyc;c{+7S9Z5Nl5E4%8hVT>AOWse^kFmq;S2NPV<=umJt;K!Dcp{85#gVYYUs%5`2Uci1u zuPUMkg3P{!iFm)pieIR7enX%eHukRNo2S#u{{V~i1yW*s(Uam124Lb&LFV$TC>5M& zTgG9TZ7g#Gid-parG4@sOQqHw6rOb+B^?KiL>LpfU3_wA6p3CrL~og(SJMG$aRx{Q zy^9C(L;(;vl0sn29~xx}B0$&!M-H}}epp9y>!rvrLK!-{!%y!x1|dWq{WG^T6M3wU zoaKKPFydpQw3RlR9w+q(NruRIsZw_*wGRIa{D~BhmB!xw@|zGRGF)^zSlc%EqmfYL zbr8cFT3=#KTxPm`CyTH(K3z)vo*H8OUFEQ&xP?W04QJ660Oh!4*8N^s{D?AUZ_<18 ze_}`w1o@(w8Z=Y;jDZ@ocxe$}xJ5@8+i|7;;KO#d#TdKz^SuywIWSu^M(iltDZ5>e z{TmT?OvY7ZX#q;p$oy@Ic^l_`vQGE^vG>+dU4C7hC@BacASqo+NhnCCfOJTAcXy|x zNGTv)(%qd(cXxM}bkF(ni}#(GzhDVv?{4v1b6Jefv8xK5D;TJC-tgGp-|jAXjw(Dz`T3Zx zd+4B}>NtS&&|D#2wiIqN+5Wd_N*G9%{xy3*S+_JnOqs?vW4lLe&if?1+G`!OM2gq?=ZqoaZB!98 z5O!Y7lo?ziq|y%5*%;~2h|Qgt6aX0~cR2uKECu!hW_t{FsnD=|UR^Qq$boP6`gwLL@Zobc zspWLdKL*YsLtTOjt6LK@&h22&rz5uN z$$nW!$4phEr^8xC0nbPYjP&$un2*}NRmRo0Okb9DOY#7OXm*GmbUGN)QUjtte@;Yd zz`3WaNisdN4ArOl@bsb-z|()BXGswAF@B1ll4Jz z^!-94D!zi&=r@dVdK79s_!o8ZltdaXj!Lde*ym{V@?gG;0`xB8^l=jVGx;juj%eB@ zLm~)*W{>a*3`B-8e7bsuG0Lp$Ggwbhax>C}QTG={`Vug|?WkEb{Z^iu{HDU`7Em*O zFIeYw;rG7W2w`tqJsS%CyEL%$KN@ybv0&6p`L-{F!G9zMsj!gRVNYEA)hRM4{|j6` zpa)X4=(4%-4CiDt@AKHYPf#^n^~86UN1q_|3L~A^W`m<0*a8jNP*<>ld?3@Ek!v5y z<1meBpm#~Xf8S3MCh16ArWw6%x?0WoqT({4W~qJ?Kc6)*uq1~}p6kXV96EUa_Vv6M zI?lUs&$q|&H@+Z>d-^b2{H34`kSAWul&@n3#kT}wvGcij?Xu$t;bJ28xAo2BjaTL(r>pFrr3*icPM^eqam-Cz z!(&u+j++WOF;fp#%gTq!D|Ok4D3I>c0Hc(A)o)7`kpZ)HrTTY3$KiK^qq0(~Hq+R) zX=YyuGa>xcZLcPTO1YXCjmYH{j@}U70-cmNE)J!(ihN?E3QdiJB;yU!2_i37nBP<2 zJ2U=`<>={{wSS~q_h*biZF0?!F$;@3sdHRO?K^X&+P~&DC9?7g26Z)dqZp=X1`1L=olRJEOSJmmbQY-LknY|`%{z{fG*`&OGZQ4*sfXEmB0W=5X zcUctsP9CwE6)$ zbUuz76QHnA>!cWa=lo}F44_woX`fhY@T$a-^qh4TPNn~0Ryveb{bbi~LEsW*U=*#t zXbwO-o8RgwsUUt_#|H&V(wI%N<6%hO=^N-$a0S8L=-(+dnw)&?(9eb61scPVeOeJsgRL2F@L zYp0T^JqZ)=^e4qp|BQl9@ua8n(5AcnXCxaePxDrvwRLFeulJ1u^#vu9S2!2Ue(qQ| zw2P_a(Z>gqDIS*wQF-fKj;%(-mOLj7&_=0-o1BhgC29Wdv{a*>=9T#Y^Zhg?5NJ1H zL_N$=Yo(y(mWv8zvMK&yiUl&!3oLJpt|fV}F4P$g6muTXq1!I^-bL+dpX77%YrbVY zD`fF6#oQjRt_L%0z3QDp;DF?0tu$|62h2Z?GFgU?L&$`k;M0{L(K$OZIkAvGg>f^m z3FSF`>3ReK$*QyMl3;+wdw^Ipp%mQt$s6Vqj`H`IdKoH%GfxiJv7rR#*CSHpN_=9| z8NW7Z2X8H6hW=cfbFfXGac+Aiq4{j0U}T-Y^K(V;$y(QJRBo(O#TUTt?{#P@&AUb{ z0(y^`qXr!4{70_Ozyo}MZlE?svD|*n_lW8Y^^a`JzDT_0Vta|`@zlHk<;i`f=leSx{h9H{aDUbI}~c= zh2xu}w@FrSsGQs4b%Q}#%Lm{+T=#(X&PY%%7(cCeR#jn{uO+W`FUGoGBb`t0e`32R zP`o79xl@Vcvl*n6?7Aajac2Jf=HtQ-hv+u@PdR1?!XA~eU?RsO|7@(8JPH4iQ0k$K z>H<6!;pC6dNEC5USr_aY$Qs^;Zf0h6n9-{|MiY(_%;(XuuT-{uu)p?U`><-p-9_C% z=Nept2EO(Tgv0(P0_TERA7-J0r|MdxB*y* z4h8wxsw^IZ*$UZMcAGy|TjT8;ry0m8^%p-MCn67_rKG==eJC})??WIknFEZZLW720 za14hcD+j-j(RynRR`0~E4!9C^wwj`K;ifon!btB%$DOyx>Am*RVmc~-4iN=E~3$vCnok>P+Aqa!;mLNAhgQ{spBc<*&g zS+bdm6BPtn`!Omq4rncAkQHR$%op!|MnSxJOjljU^MLHJS_jcf-TTlnoQ;|Z z;^xu3VA$E&KYk_J9N_Ceup2LG8@lfJeH$nAw<8S-27V@|%>W`sdns;01+4f4r1~5YX5XWHKrn0=x5aZ0)s@#kqD}!Rcua(F3?xYiy8fRFt}swmNd9Y zZz1klAhSs*R>~xHm%|)K7PZ}8Z1-;`jOGC1=_g7V?FAvOd76!rmgwOMM6$}D)1MT;TVPN1&{cNd&3MlJiT3aPvlN95HH ztLCe7k5bb`$;dJed8*RtJa@YG!#?e$x9i7^G!;!XG*I3tKCw22o}j(^LA8G?Ac zPB-KS^xL6t)mlp_H7lY1Iu%HNi*Tb-6L}XJ@zH0Z?o|`>AwMVm2iKP)ta={NLpui2 zVmq8_A49GFJUwK3EzwBept4<7xo|r+9)14p58fn05|c;x-w`-o9?0HG))E_-U0b2| zL|JEP zs1#@MUKXp`{RLm;;#U>rtRh*fJ}C>hM$;H6cS17rdscMK2TjHU!m0@me=hqRhHL1; z)1ZuI%$8LiGwZ z&WmEB@j{z4XI#;Pj=>8=30BgmJE@npILT~_w0%RGb7hMb@&t4B7JCfV=B+Vc4l{*( zYG184&LBXZ9D6Y3Op&hB8V4eb*PtGl)*pKl1W7)9EE#xRvJhW7ku252_^9M5;--8d zl9-d?4VvAlf2%MemEjebJu|Vx)QmNsc zXB(+2RY2-L#0*2aiV5fJYc0+}6{YOwed3ncZpoEsC-dY?#~|Rjn}k5m5F)P-LOCGS>D6TTOY>j5p zk|o9dDYpiB86J!n9ue%PY)sqtFoT_y)eYvGIfuReeV>M@7;d>L2N^4>)2=RW(}GhG zm_m_!SPc{zu$0SP9i4s(k6q7wC2>dod89HfYz-cp%J&So+77f7A&8LC83h?L;6K_R zX_T&RbiYl2YHBJJh#+9B$UFPtCF#<5yVqAp{#tU^DnQ!QN?^#KSSa?M1ggQIm|siD?x1mASsbZ+Mf$dbj!{r40j; z2(`(yc;>$j7}p+#+)qZ88phM*OWCV-u6(Iv_U`ghvx2GvmVZJ(L>+Q9MFZf2Uvrx| z38>#lwwQv4P5Xv()uOX2OeUYfJy&#=d(P_XS{4j>)^A|3FIh;Lz>h1EEiyZdL=~kA zItwg9FOyaaJ&UfDtvcsonidC@wCc2L08mSj1)km3P-Kn;|6P?NYGXRw+Y$k!lF0so z)oh(?`tUuAlF57FC$43#kED`;rILm8`GKWU`e+WIknC?pj-^&dSlTlPK|wUZ}(uX&#xMlPDim+?pT zvbwxdA%Q46B2wEvjxF45R{{8i0+W#&ajRk>fT&$gs_AI0=vd6#sn_bAT%+1brDwsT zb%;PP{0gd*bg=LbEmX%A0zyrKN7DlSYbrLMsGVMAa1~@um9S?9o>^l)mRzEsVZ}sE z&x9}PvxYHcI~ySIJ3?!D{5y55`F%qT=8$XpkBuib{qIpc>p!Vi1x5qpjY{)f=BV8zfW!+fhX@LZFci*)md4N2qDf9$6qryIxgDXUI;B zuAw9HC?Ky#2A+r1>Sfm#Tw6M+#?H!iokkurj`0Y*Oexyston3lUu@;V6$YWH;i+|> zQG*8h1aQDXiBOh}3H)d5t}m57(vKe5{<$8x)`7W2W<(jA=}9>%Tb+hzLwpiY9z&;Y zWgQ@AQWy*Qul+Ua_w)nP^ARUMZOj+_kv%?i^E?0MmZZJ^o%(gH%#qdpK;+NX+Oon{Iq8Hb)_CCvVe_2 z0QldjePF3Uygn9sUY|B{8_tSa6UeATvNE0J5T5EhYd;k;3yHX*cjacUHo{Hjf;9D- z0EZI}EA{$80{sLrBjbl<#BcS_tV9+jEhgyf6}vy#xsUPs@oAalY_C|pb!ZL-b-lv? zl(B>S$UICb)FBJx^>0dS)}-%d%p{)|Yw|DwO#HGm4JP6f!u8fvNi|gJ>_x}1R^d~3WxR4Lx&W!dvw_=u>f2e=I79ds;!LJ z7Tq=b+LzPs045F!b0tupoHRNXumkrj107QS4BL%oNOj$Wl;!>DX#kPe$j@4w?uZ%< zadL0F6pK~qn-~04!5bhmk|A+{V0ed>M!nP#Q84wdC25|D9_mt`jzR^^a3xSSMtITm z@GVihr6(HEK0A{(o5{`)G)kui4r&S%88eJEV!)jQwiG42J~(#eI(d7=GJxp_@x@?PY^IH zvGaVPhN#JR!KHY!&l*Ht?srx6P0jJ7=pQ1S@h#i4-)Eg^Xu0kX2z2K<#~U;Lp^}&7 ztzx%Z!CvcDGG=)awF!9tlosfi4g(!Nh?8T&+WqrR2yF>gMTb>~^?^35P0D86FQN4k zt`p4&_4-$HxeQwU6felOxKxm?62}&@9TzHW5MT$dY5uSQS;Rr0$D~1yTk`raO z5on4a)kF?<%Mb-UWO-CF)TxzwS0i&Q>%Vc0js2nIpLHq^jnNR&oyzL$EapczeN8)) ztV!n~x^Y{oVLjf+V8_b3jFPTYGC6*<+kRjUW{x^E!1uJlaBudBqEua+%KTbF)al~% zo7nVi~jPC-EwO2HsHcI`5uJl2-N-?3_RZXm{pDx|sOcbbKAQq3+ z4IbEaM~q4eG<_vcQT7s>MG)fWZ-iYbr^mk*76?i)M#n3?zhmXetFJf;+v2o#X2=|; z!KGJz__fQ6%D|c|3GpROa7P|JkI9xkoT~=U$}_q(CdBxn2w8#`s@S?7w6@KHPsv$p zu4J4F#05-IM`lF@vW2qN>g zE@)~mrdgL#I4n$jsdO%xB^0AJuH~iA+pvv>{6gp;LtV297h9 zbI33>xl?k}L(8>{iy%k2oaMSPd6`qqE8EO|<)?#WiMxkuHi}0z;eqZCV=oNMPO?Ym zlnVtWHlq^!KY<2ER7;^F=`-pO_{C@S?uRp#y<#k$C8s5y=FV%$|8xo9$Ix@*Ni6@k zFgnC0EICh6rr5kZ%M zW-NG{R2_+06&hyHr`juBcyHUkec!Ucd$tp^4od zURTg2ql31&Vv`Xnu4Bp%*C@tQvNe+=w*a(Oo)@wYdUtM04Q~XWudKw!oD4Qs)$@)w zpmsiwRztPNh7F`+5^%lV%-7QLWh&ShbE`cHPMhzEYLKSk7BuG`5>RIW-y+%C)@ppX z?%9z*V@_^7<9j~CF18y@h{Ap9QDH+!wx2I6!M?m2U3|FZbX79IpP4K~@GydN$Z*3s z5N*7AHzGqWLt4@!TCx>d*OV@hrsY+8ouZ|*Ifw-@L>qc*_rVW|O0naRJWrXg*K4K8 z9ubv*`}Ar;fOp^R>MZ7TpR*>jzGK}a+1}4VX^G`LPB@Gpw;`I&p9`6PJX+*|=>^AX zqV3#PldP$VcF&M_%_=uy=@K?vawB@i07w4bJZF390x$Kr3a*|h;Y~AcN?hFb^kQ^A8lsCX_)T_hAM{(FG?Idr?{kfagdawAcqN9w9Ohrl9 z$?E8gqUr^^V{+T&lwARH;sxW#OnS(R5ZJDWfa8u9pEyYt$8%+mOMYNyVDB^Vfs&mV zAPiS~^XB|PC*k=*%%z-hpCfNvYr1{~`e6dtXL!sj1O!?y;b_*&c_iUN#;b>i?Mz6} z$`3l;42hvgP@}4QFCDAEecS&Qa4DnyVrXGGfLd64HqcI3tHDHW-6{6RNKa?mTVxcI z=Y>Pbq=+9LU`;GClq3WqR9Btmi{2fwg{(AS^Utr|dlO;&i84SknEUE#&l-KDmal$0 zX0~0w-x6-Kgm&BTxuHmqFyLn;uaIWa=PdW3o;D=MN_oX5tant!pA5I@WM2vlkD8$f zGgd18K-TT)k-l8|mfrKK6VJ-DQ12Xy9p?&_(a(l7%pLv8iJJtKjA|VcPEuVE$8Nq> zx-bV;0#r+^U>dzOgm)+J{m7!vc4_wEfsnyJ*&m6ZZW%CcxrOT zY)MXhxfY3qfNt9qWZYM0py_9mo=|w4p5%^YMZPo>P*dXNa7oKWEyu&!uqb)t8ca~KpymY&OL;PI*VZ0|=xM^$pTHL(2 z?0m8o3cE4QuHd%N@#mXf1gBM@2adsY0FVLI7fhY-f?LT5D|iC(Ja@R$`1fDM>$9GK zJ-mgN#N_X->s{K|h>y`-1q^2SL>BCi+rQ?!ahjPb=CM?f6CP)d&%ex5U0lc=C89;d znz)pK3*od0nw+U(pdoQmu<)vN9ri4US>3Fey;tZ=jbiCSaO!D)NSn3)LV7AIAQpm- zm5UfZixi?($Ws-D1($C@i~4EA^=GqfX-D193tQBloH--E5c|EB2$^G#Gq$nMFl~`P z>lQkt3a?=2Yl#T?mOSi_#T?8vZt_MhK@}=PvH;I@tjRwCfF@&4m}uyqXwj&!DwUnB zf+t7b{e;Sd);V@Yt!`Uw7D&#YqxrKO{B)LvUkRFSy)2N*=aMtsJTKkj;wg9C(;NKd zE5~Sxd7^LH*(%lfyzrLsnM!bJM$nxg_Wg|l8Z2%8xtpX)$d@g%H`zP5o!LJS?S~h4 z**Pr1X5qH;;n^KBD&H-5mSc7K_1FpG=Wh$x1@l?WG`c<6WWr5GUwmgA=>G93U# zTM_rxQaN_uR>ntSHuC}D@jS4c0ss18pkXCgF)Tnt53{O}Xt1AJO;r&=I!uqOBu(H~ zNZxT$uIJ!**GNlEFI^Ic!|#$IJ)g`r{gY1Yxfh*sD|o(i3X7*pKJW3REKeAA5x7$| z#KdnE8jBPHC$GPhrg!DP^J^&GY2k^{3Y@+EiGXLmkFl$iyN}!8f)@SKe!_c~hWItd zZqKeO`Sp5iKMk`d$a0=CfWYz>f)M|)#ns?-GIldQ;TH?ZaowKj7?dlV>o-nmlYeZv z_(pN0?P+f-Z^9jRub&JyxjRJB7~I~ltD&9^#h?hGrgy;dImdk;vqK*8owhq#I~?h$ z!Xd{c49yLzDje*-k~2Pzzsjn1kN^Izerz&Le3342LT`?$BQtn+MAjXbhQ#wr%FcrH z+PRjI76)eaaME4WmXA9#$r)Gi1h25xTJd0$xiTvoL6lfnd)ih4GjSWcGNXPA?mfvz z%lmQ05T_%O2_@&FEeW{n0qwi3U$+bpu)q%!>{$GusmKxxBgt?y-qp*xiWNVpSC_sS z{)67?w|93vdX`3z=;qtZh(1i=8BgO-2j=j3)z14JwUaIOf<1H;zbFUtTHB{j&@si z!($!+(S~x3C69gAHyg9J+yUO2{xI0^?gpsK4LvOwgNelXkqvk^mcItW_jt2p=9^V2 z&BK|`2&pcR*BmHKJ&8Z}k@Q>}Opg6=`lhu0!q}|uUB$gq#f3P*EKxerk5mb>#M~q2 z0zRzy%B)S}+A5Zx)fMjw$#C<|-$tp#1ti?PS5a26fq(*NPB42{A@$yKjX? ztqg)GIWaLQ@zYMNg8P#)XB8Waxb5X@qq5-d$M}P`+cTRK%_a&;|BNP$&@SBb47vJ! zvRT74aF&x4@HA_ju)Ujc5(`gyJ#tIkOnsrSCT~G};Zo!9cEldXYOCLZe^Ew@$~vIa z2rl@}HGg>ejaDfpcXB88E}itIM%=NpOhT>CA6fE3te@SshpJ}kyZjo8S0y7clUh}o zhh~Qk5`{;E;P9?L(a(DW1{o%cRcw}&73<`JAJVz+qoe{)m&@{Qul{yLLr=koJjk@= z;q=!pd(%<(<)1`;qK1#tP29$~jNKdeNjBqEF1=H(9q0CYA7$ooQM;?Z#PuaG#FVo* zpukitFJ6i!yUb|BvrPpykcT3wVLIyC>x1fE%jgj7DxBMYlWCn^MS323155 zkeEbUehFsOJ;(e;i0k62D6ZvjFD$NWFP*(Ta}=0^m4iO@@OV#mUi}CI3hOr zUSOSd(uPX?Zk0-46x11K&90cHWF-3m>3jiK45=dc8j!&#z(hXnYGZuWb@x|>rm0!8 zwjj*i(H{d~!tMVH1<_wL?9d%u9X;KgywN5Sd8FNjj%2mYv48+@bqwY(9CxwKKxV~Y z|N4Wwip3{cl*8)1IEF~P_VLTXBK*mAV`8qM>eSTVm0!Ws8gS^cEkV7irLvHpNruQM zI@Nr#{nPx}gp608{{~-ox14G-^Vcz#L-4RF>g_wdD+x4vybXf6+-l-agusY0q((`V zlHjDCUBxr_I3aS?x}s$9F@RGJpvY$1yoT9z2WS%^tHM zDWAbWiCBt?rs@q?2aXQ!rlaGfZVR)8!N;<;6f!n?W7dKP5hFNiu`aDzBQ?{rAk5dz zrQw&0GvC+pxH0JVd7uU60EFo1NXmpv&lpFv%!JI&P?IjUh?+R0M##Kj|?q5v>76yRQ(=6LKNNPXI~@HsqOO{Bs{>kQ{)z{x4yFNm9NABl}GEk@@%ko~#w( zTfafggg8Vrh`3hXm7xQ5@__pok}{zhw8TEb=qgS+x??AW8UFO8m_=cZ$kn77d^iCg z`!m7xp#B1Y1N~<{9*nurX$K*rSloUz_J9vI#oAvn?brI6`rS5ZQt5aJ^rAJ@xZE5~ z3Ons6A*u+6z7#tMR~umt6jP?2&(JW7+Mk11ScBFt#A3-rK>=wu{NbdMv?z~C(n{~u zW2B9E2FQ$DrYR2vS_O9|>URNY1ZW15!Ej@Yz2!g#!3(gee^U=pagjq84OU%!VNDdI>{l>%M`*bRnfguirx=XcYiLAA^VU`iuY9%oU`H}mfERcqH837hR7Kj-7) zczF}Jl1=AX^GFFF9e9n|uVs1&VV!VIXtF#+r(IZvd>1IuH}tfk(@DBWi`km!>R60@ zu&TX|&K8^61cQeP_cM^&bA-ILzE>_i_Bo*ummKRoH4?4~nW*Sn(FV*IqKx@t^3mQP;{y5q$s11-4Qsgr1bC05=Hdlwkt>n46wOXUH4BDw_PD70SFj ze>Bnhar0|L11W{PQ-)XYsv}A0U$JfsbhFB_2@W8(4dtU-sF2I>e&|W{0;e8ld*+A$ zb$O#smq5+F<^klOHwc~9Kuq?J;99D;03T9lHaJ(Wr)}nVF;3R)1E~%b9p*rJme$JO z5GNwRgOF12G&9lKs2F9;^XA%=8+PyfuiHRsF@HSM&aLV z77b-35*#BSoz=yP->{rc8`%Obw#Ddz!qe`7yvYp?a=( zZ)`$FvLAf*u-xmya~(J-K4+0iG+4?l zeuk|db7gdb1PYON(C6;2r{Rsj5`8$}DyTjxt=HeVInj4@cb8^Kn~uG6byt)Tw|TXp zse3d{#h(n^C`BGrilg)xZLcH1t3xp&etr;LMx_LY&VC$H33&PeHZ&h@5F(`i8eRU^ zC=MV&YW|gu|38M4%C`dX<8x-cKOpG$Zbx2$5@+Wy3vL0FVtfEB=%7@%eNhDf8>4!wQGu z)Z0NS0Z8Y7ZKK=}CkrB%zt6+As+-``~L2zvm8*tGXg|p0KgYHE3Wzb{OLUTXTlr>47yQ!%g%h6AF5;tZvR; z=EgjKn#q%!!-#+OI`h&5;jfhD9wt%0>0XiRJK)Iz%*-?R1(~eF%`K??@EEkpFax^^ z8R)e2P4GR4=F`)Gc5ywGmp>pdG&rOaZ0jIp`3j`2OIvaoH+}O&I=P`Bda;@&YURuJ zMM~%4_&Sl*aoMQa53G%~wq50yAdT{T#o$ao0*CT{+}$(C zhl-wTy#WOMqbT`cMf#0@%vt~CY>*H56K-m`$ba;t01`6Jddfk1^=MOI`A@)~^t=bi z{`ClaWf1+HpdEC4g!CUJi3?g5AolNx+}}FH!%` zamt(Wi9y+;^xh-6^XUJkun5vZD!edDi^g2hzwuH1sy6Ywu`nh2wf~;q>PC{AK}vH^ zB7p&K*yB7W6XrJJY$Xj@ zzHxuKp<~LH*@I&zNo8^*ibC%nWcB=^lh^m7ihTx4(C%NHIM^&V`BWHfAal7Qbt8JNl8ZZk))KFDt@*q9Mh~MuXJv0Zgz6;u}YdI2r`0J*o zC5+s4?(+?5I--gW{~2%;@T2DTivy2zQm0u!2mf7cX>Q%+#4kz#6$^_HA2nY738iVl zk0;6fWpuH)<5lgC#itF#aa%H=&;pJr!|cvpW>X7jM(<2}AyY;^EIX~-u3sJM^d$<6&zxZM8T^Yy;wy|FOgWxX8b)>EC$rugU!{*M67fdu@OnchV_z7k6&!Fw@Mlwh5BvqJuA(0A=0Vdfw7jgFy>lcNC`9;fU za|esaRsS>>m02{73hq-;Zspc%N%qM-eXfuUI!OhV-bWBf8lrjIrX?T<@r}V}Fc!@2 zlaiitWroK5)Lbfs$#_;7{ox*AK`JHB9=_Qv0V#PMtlEaMg`uUUo}vH^yx9V}u=4xJ zR0XruHL4Y2ux;AJz9+g2Li{<8R}_Bx9)zpRAH0hv&EfE*AEV7*Zpb(h_`HtV<2U~} zC7@p)A@i62+hv{ZECZoNAViDON5sXMU{~+WEYObjXu0eRwl58dO8wq|xWAkj(1P1- zZ}WwSgAE>rjw8|h$(a5+!%Ids%1--(bufnp{*x#IwhVmHkAjP5Tc=b_s42*fzL&V=GHQy}{ZjOlrFgFH{k$v6 zB((((=kEN@D4P49`pWkNU=t~jA<_}@cP}J}isHemFKw^;MIMn{dR6xfuyhz!ci5;% zQ}@5>a#lnnpLnCrR?O3XG4Hf3BEjw|_|y#_c4)%%5yG+-1nfsg_5?cXTI#)PdT}#- zQh@ysT$(6gLFM^9?v-Dt51#gvflzKPfu)yZ#`t&&LDy)6) z@(ry+7VY96XHVeedW39oprG)FL}eKg-J5h3!f{-_l=g|egm z+1kthHs^h3d6znw^=)DFjt5+}U4zKX9<5aqLv?OquPe=~;E0#=M6Q9It}Od@K5IL4 zH^L_9JfE+5zm%q&M3Om|R-BdwWWAF-MARHq=+UfnJV~}0wYsbB%i4E`z=+`GxbEja zIQt!CQ=O1RaQIjg?%FRpS?{707PZ+St<}5%7qExfVgCoJ`vtf{fZnlaBFjLXF8FLc!beK>RK3ouR$IG*r;8 zYNy&wv)|P%vFGhYoL!S~RJ4+a$uJ6o;5xsT-|1far84@Cc0XC4wbN|)8=Fwm3sSx7 zuY7RQ)x^#$#NPs>5e@rYx-#fR@9#l zo~!5Q@qmQo{DCOM&|IJY;wCm#%`|vmh3(sVEQl0Gj?DXVCGhN^d94i{%`vj9KS=Kz*?%N!w>Gaas%IqsfDm zNz4$fpxansSYPxs9BNd-_Bl#}r%8c3rq*xq!V7ZJI}zj$76{ zZji`DZJG*61`5Xa?Z=bnr0f1cYstT?Ou4KikLdLIvXNdLcV)D0Jp)p%l1bd$=*Ml#*|qnAJFUiho0l53#w25i>VxF6y((S5 zHyma~Ro+6fok$rVLds>yn8(luz3W&F@w{B#L)El!0$?lf;26A z&0-ZYkgS2()j^Rm{UJ|!6=6E18lk;hso&+Ya)xlazPG22r)g9p!A<|WkuG^;w=?>{ zYKKGe*KX-f?$M^N`)kV(FD}Iao<=!Ow+s(iUV4kRKKY@%qPnq=Eq_Xyn^vsC?NVL0 z-i;E-OZ&g52f7Uy`!+LZO=L1wTHhdzbF z9eMWb^{YZmH%4lc;o->dbNWA>-+3D5eBO4p+&b&}mh7*0$CAJP5ke5A2*7jJh+!aF zQ3a=Onz-TMOwyPTRnc`CgZ!3yTY;6D+Sb)V9^S!-BJ!6|*Y^eQR6DY|Y4*4rI$=vt z7g7z00WxUO9`~0TQ+o?Dp@>R~z0i$+-`#vps95>i?`QM)i}~FN$=5w5D#=2yV!e{KdZ{be+Xq5}Kxjj4Q;Ai;Nh5#0XIqrlB| z^ni}tfC9)M>)-E4jReUk=hJpw%+!`#(xpJ3iu18M6f(2IH|+0oT%sY@NkP)Lr=`av zK+*KEB7BNsdK8y%7%!Ia_Pbq^I@M#ae9-<7n)Eg4o!dYN@FAjTS#&()XN{Buxu;*y z6Jq)ITb`K{*C;{U!Yb6#U$k^%Mmi!&Jyd3o`oDjF(dq_i?WJZTCBD$=;l@hY2jQVk zuBB&X1z##|A*ocaQ}s#G{MAKE-G5gLe>3Qxb^M1H5VrmQ{IAx6d_-4W(jewYqf^n) z{K?Z@pwip(uE}P#(5Tgy-mStKh{p;gk_bUAJhu}%$In-cW~rcWJv)b&?RXlU^31*n zGfQ`MW_{cunm&<*mH{soy(9L{cO(+az`%fCZC%w0pVi^IWvJ&fNrfA0VbXOn+N&&w zmqn1Ao(&6rEZ2Fs!4QZ<&u52Z3m@^yAb$*IF&;mRPUGj#n-@m7>7K-;?sGNK+lqO}r4~`qAL1C7 zocP64rQD@n>mu=IA{ZM)n@lo9m5CwMV?*z3#EM8e{@jsArxmd9AA(^umC=QA%jH1s zv;}G{%CL05*#??aTeUFsY#hBz9s|M{TE^yC1=5qX$y0S^1nhkl0whK4bb( zDa<0j31g^yOZ+`|sj-i!`+Tpq2_cpk9&bjpq2BquSJ8;JT2z*9v z`?X@-Ue2?3!fLeV7OM3bKW$RX69}PL;N!M`~~js(8t03%)M%39Jy^Q-3g>wu~xm&BDw! zdYvEOM)Tb;BUkD7^LMJbj3zYFz0VxS#>Tp0cV@LN@0W&x&9U&vGjl8v*9I)sd!N^G zAO#1H{5<Ru5m7G`(?4>ywy2|;igvdizToH3RP-0GLdqYGBk^ihY_FL|4&D3^r;e{u&d zG}-P9teowxbJm}uq6mE3SAj-~Ht-Xzo;VPH@`t-(UAq^lFhb@1@O7z?WPGwEH~JDW zN`3lqpT_z+@@_&8mQ-?drT}N#4v92%Zju+5<$@DE?kxWC1$=8^naLNwspTCjykgUW zo)M0^JLj2Ed#R>Jh5ZEW@e=_un7y=yh0E-2U-x$Tjry{3!#Vj4d%yc`8&ZW!IXHjvKL}b?_LD`nOy)gNr_YicU-oz)rzr`H z4+JZzRk=>(d=mJeLnL&k#i-~G)9H!sGuV%)O{szrV3LhGW1Ukr0^i{IP9V{j4;;Se z#n3Y!q8IEp;qe5Odai2Iw=htO)1pfx_cZ-O!mN$trV4elU*F!DY!MPW^Li|8!Uuu ziEi<)xot*_V@u6w&ooIg>)@gHG-S8PXeDkdmi-U+J-y5b!y;>akzVUQC|MWPQrU4Y z%=d;a7W5NyIf~1^@=%A}iGV+Hsm&|XWeVdo>>dDpoSvink29X>RTj>L?});u{F)Ft z?~%FaKjv^EIL!HexBn&QE|yWUKKEv^)Ujz_Hpc_b{M@$OA!O+mDQGY$=6C{7M6m0Gy=<{!M$yJyvnR%EmYFKf-v;ZXRVSU1j2*nWxA z7o>Un?AHJr0q1l6sdqX@Wh}%#t9Krf8^*)}Nr^oilrYv_6Lu4YWdrBa{EHo%#F*(rUTOE* zxkzknF_gg}zcxF@WEpfPk1vNVBFQ24$Hgtf3*z8|cHSBV-o1p7y4O^s)yioJOy@R$lCh)Aei-TtIKC`e|PaUtSXQB!+zvU>$Qk^UwW|bQw-*K}--+oYBXL8M;#k z`@8l1bH8b3IKT8y?P|_+!rpFmSm!?a@7`{2neO8zV$`>NQ15@;Kp(igxpUi)R-{hW zD)HN+ftbjs^#E(mSI8OV*JdEsASbWdIB|?cPy2K>mqI!NMCmMx^+v-lHQ)9X7c9Ky_@`*D6 zyCmHAtr46`#qM>Qs1qBT#gEv3p1&GHohVG0NzMFtL~BH{r9nV3dN|K`@)=>M!-~W- zzuiV?7w2_`ho_yZcm~i52{?&%STo0GC}ux+ zNHVV8HC0S%&&r#$mVf>F_1jkT0r87;w7CH$j=Ntdt+tzZI&bSWPleB&#pZgqW8x&d zp!e0hNgTO4Xxvfw@88pt2%+7+37{Z2!7bW|JbBEoECK#9jgnLF9fmR#iij_lyB5P| zBE?1${`F5w!Ph6Q?nP}-BGrX1(-pcxgdMU!NH23S#3UFJ84JB~`rt6TJ~GzU*pBBp zroaZbSQFQI*c71Q7sqbYT}`GYBYsXH#l_h%%YTyktV3}oWGE)3eW@Gxt(cz@Fwint zm6|kPH^YQk%EiR)ICxgjbRY#jAM2R*+&Q%{b=&ha=uxIw6xNn_k$lm5|>>Mc;oT+`^=qory(CmGDK|D!fE2S91$=r7>(>$U6B*9x+1C0*<&9uJ<)rkmB1-(RR7B72a5Tzs{triT9sn zoKSM%*HS0c82Nv^6;Zh%#H`1E*__XjVG{a^Dptj**4! zO8oA*_^fYg&iiiU#`@tx*9qog1GeFiwzv02WM*Zc`*A|g2vUG32Cq|D2P09y`c4ft zeT^`A8o$(GtGHSkWU8W#wwX}8`M_7o&XF@%im0lhcdDrv|0`k`?&_(*f?#JxAYg!ri-&TiU8eFAn{9lKb&+@Ohr zG*QcTnY#8i%!Wu<*z(JCL~XjNuW$6-?NZOkaJ|l8q>)D`w>27!$wQZ!kGAO7&WthqrTIy)$;^Okc zXOSLGgqUoLeU{Zwkoilu(Eljs&i|QU;5dLg77veH6(U#5-L^;WTjeY{iac{L|0tH#Zy#MJ8}DT%^a@laFZECs+mg;o!oVTi%vODT zEnN-{gVxidjK_d$*Tf`sTmeBNfPx8y{Jn_9-!wOhq zqq6*qv$Jb^_Y<=F?)8zjwMm({88v#;Q`#55e(;bjEL`$TI<ixLd?TWmO09xb{8ZZ-dNIWG@4TG2FfAA$JN3O@N)iB@`0V68r?Zp*?EMti0~mj z(8xF{^{Z*)h0J1`Elogaiu%pTN8ovxvRQ#~-YBNBPnRioO#MhSwu3i-i~!0?la!%u zTlA`6>B0#!Qzr28#)Q7QwrT;hh_W4P_yz^FXjoh5(Q7O^40hkK>{eWG&_H1s9v2@N z<@JHCE-~H+WSPDs?oInphW^+hX)F6mp~JRWS~}fq?pbA`>a-samYTd;5Gc{%;9Yw8 zhJHTQT(T>eGt9eMDKM*)Bs{89a?M3^`hw#RU*6~)5#1QsjMgto$5Cf3+K6&^aDIGM zlQ#6eJWA=n6+c1R`-9h&mL-mEj2$9*=h(4pRTyCJjh^W6z7}4>OwT21YyB<$AX?7L z1cxQ6A%H^Z$3A#h`&u@rEiyPsEMV*~LXXevROn(tg`_;d4ksOFl?a0f$EPJm%b#Sf z0R|gBDmOL1tm@U?#NBJQ>H1p|aE{>)Ca#u}(0lX~Qr3+{bdgQ-+AwO!r*)@$MB%O1 zYpCcL_wLT*2 zg}xbZnA!Y|9d+e4fo*2#gfB2B(~oMArS?RS+_=t8qXACfUCDz`ON*DlRM$M7IeT9nJa|1 zv6PhRPxftIHc^#?b^}amaO&I$c?Gy;VkP+??_V^Ee+(dRE;uD_YY)=_pUKPAxg*Yh z&idnL4ozG%e~X;2EvZ>ysn>RFpmQKoA6&h0OPApx{}-3~515;^dHkN}8}X Date: Wed, 1 Jan 2020 18:31:06 +0100 Subject: [PATCH 12/76] Add github badge --- README.md | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f63450a7..45f36d7b 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,27 @@ SimpleLogin | Privacy-First Email Forwarding and Identity Provider Service --- + https://simplelogin.io @@ -566,8 +587,3 @@ response_type=id_token code return `id_token` in addition to `authorization_code` in /authorization endpoint ``` - - - - - From ab53f5ea2e167670e3825235b416972d1f0009a9 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 18:37:03 +0100 Subject: [PATCH 13/76] Remove share on twitter button --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index 45f36d7b..df03de16 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,6 @@

-

- - tweet - -

- SimpleLogin | Privacy-First Email Forwarding and Identity Provider Service ---

@@ -30,6 +24,7 @@ SimpleLogin | Privacy-First Email Forwarding and Identity Provider Service +

https://simplelogin.io From c1f1cab490f6858e8f4262c07dfe11f506bbf0c8 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 18:55:59 +0100 Subject: [PATCH 14/76] Add contributors --- README.md | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index df03de16..21c7f764 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,10 @@

- + + +

-SimpleLogin | Privacy-First Email Forwarding and Identity Provider Service +[SimpleLogin](https://simplelogin.io) | Privacy-First Email Forwarding and Identity Provider Service ---

@@ -27,8 +29,6 @@ SimpleLogin | Privacy-First Email Forwarding and Identity Provider Service

-https://simplelogin.io - > Yet another email forwarding service? In some way yes... However, SimpleLogin is a bit different because: @@ -42,7 +42,7 @@ In some way yes... However, SimpleLogin is a bit different because: - Plenty of features: browser extension, custom domain, catch-all alias, OAuth libraries, etc. - Open roadmap at https://trello.com/b/4d6A69I4/open-roadmap: you know the exciting features we are working on. -At the heart of SimpleLogin is `email alias`: an alias is a normal email address but all emails sent to an alias are **forwarded** to your email inbox. SimpleLogin alias can also **send** emails: for your contact, the alias is therefore your email address. Use alias whenever you need to give out your email address to protect your online identity. +At the heart of SimpleLogin is `email alias`: an alias is a normal email address but all emails sent to an alias are **forwarded** to your email inbox. SimpleLogin alias can also **send** emails: for your contact, the alias is therefore your email address. Use alias whenever you need to give out your email address to protect your online identity. More info on our website at https://simplelogin.io

@@ -78,11 +78,9 @@ the following section will show a step-by-step guide on how to get your own emai ## General Architecture

- +

- - SimpleLogin backend consists of 2 main components: - the `webapp` used by several clients: web UI (the dashboard), browser extension (Chrome & Firefox for now), OAuth clients (apps that integrate "Login with SimpleLogin" button) and mobile app (work in progress). @@ -582,3 +580,18 @@ response_type=id_token code return `id_token` in addition to `authorization_code` in /authorization endpoint ``` + + +## ❤️ Contributors + +Thanks go to these wonderful people: + + + + + + + + + +
Dung Nguyen Van
Dung Nguyen Van
Giuseppe Federico
Giuseppe Federico
Ninh Dinh
Ninh Dinh
Tung Nguyen V. N.
Tung Nguyen V. N.
Son Nguyen Kim
Son Nguyen Kim
From 86e5a44b89c1c9bf6766d4ee7df211733c19203a Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 31 Dec 2019 10:34:37 +0100 Subject: [PATCH 15/76] Upgrade sqlalchemy-utils to fix "SAWarning: The GenericFunction 'array_agg' is already registered and is going to be overriden. "is going to be overriden.".format(identifier)" error --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index d1785ff9..cb37404e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -84,7 +84,7 @@ ruamel.yaml==0.15.97 # via strictyaml s3transfer==0.2.1 # via boto3 sentry-sdk==0.13.5 six==1.12.0 # via bcrypt, cryptography, flask-cors, packaging, pip-tools, prompt-toolkit, pyopenssl, pytest, python-dateutil, sqlalchemy-utils, traitlets -sqlalchemy-utils==0.33.11 +sqlalchemy-utils==0.36.1 sqlalchemy==1.3.12 # via alembic, flask-sqlalchemy, sqlalchemy-utils strictyaml==1.0.2 # via yacron traitlets==4.3.2 # via ipython From 026fe4adddbbe4445a2a94d4ebfe66e107ceb8b2 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 19:46:35 +0100 Subject: [PATCH 16/76] get_subscription should only return *active* subscription. --- app/dashboard/views/billing.py | 8 ++++---- app/models.py | 18 ++++++++++++------ templates/header.html | 2 +- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/app/dashboard/views/billing.py b/app/dashboard/views/billing.py index 65ce62cd..0648be24 100644 --- a/app/dashboard/views/billing.py +++ b/app/dashboard/views/billing.py @@ -8,10 +8,10 @@ from app.dashboard.base import dashboard_bp @login_required def billing(): # sanity check: make sure this page is only for user who has paddle subscription - if not current_user.is_premium(): - flash("This page is for paid customer only", "warning") - return redirect(url_for("dashboard.index")) - sub = current_user.get_subscription() + if not sub: + flash("You don't have any active subscription", "warning") + return redirect(url_for("dashboard.index")) + return render_template("dashboard/billing.html", sub=sub) diff --git a/app/models.py b/app/models.py index 9ff2f931..ca864a48 100644 --- a/app/models.py +++ b/app/models.py @@ -145,11 +145,6 @@ class User(db.Model, ModelMixin, UserMixin): """user is premium if they have a active subscription""" sub: Subscription = self.get_subscription() if sub: - if sub.cancelled: - # user is premium until the next billing_date + 1 - return sub.next_bill_date >= arrow.now().shift(days=-1).date() - - # subscription active, ie not cancelled return True return False @@ -217,8 +212,19 @@ class User(db.Model, ModelMixin, UserMixin): return "Free Plan" def get_subscription(self): + """return *active* subscription + TODO: support user unsubscribe and re-subscribe + """ sub = Subscription.get_by(user_id=self.id) - return sub + if sub and sub.cancelled: + # sub is active until the next billing_date + 1 + if sub.next_bill_date >= arrow.now().shift(days=-1).date(): + return sub + else: # past subscription, user is considered not having a subscription + return None + else: + return sub + def verified_custom_domains(self): return CustomDomain.query.filter_by(user_id=self.id, verified=True).all() diff --git a/templates/header.html b/templates/header.html index a7c0fd7d..48731ff8 100644 --- a/templates/header.html +++ b/templates/header.html @@ -42,7 +42,7 @@
- {% if current_user.is_premium() %} + {% if current_user.get_subscription() %} Billing From 98d2882719d95c1874f79ba5f33c7fd81dfe862b Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 20:02:30 +0100 Subject: [PATCH 17/76] Add LifetimeCoupon model and User.lifetime column --- app/models.py | 9 ++++- .../versions/2020_010120_d29cca963221_.py | 39 +++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 migrations/versions/2020_010120_d29cca963221_.py diff --git a/app/models.py b/app/models.py index ca864a48..427d45a9 100644 --- a/app/models.py +++ b/app/models.py @@ -119,6 +119,9 @@ class User(db.Model, ModelMixin, UserMixin): db.Boolean, nullable=False, default=False, server_default="0" ) + # some users could have lifetime premium + lifetime = db.Column(db.Boolean, default=False, nullable=False, server_default="0") + profile_picture = db.relationship(File) @classmethod @@ -225,7 +228,6 @@ class User(db.Model, ModelMixin, UserMixin): else: return sub - def verified_custom_domains(self): return CustomDomain.query.filter_by(user_id=self.id, verified=True).all() @@ -715,3 +717,8 @@ class CustomDomain(db.Model, ModelMixin): def __repr__(self): return f"" + + +class LifetimeCoupon(db.Model, ModelMixin): + code = db.Column(db.String(128), nullable=False, unique=True) + nb_used = db.Column(db.Integer, nullable=False) diff --git a/migrations/versions/2020_010120_d29cca963221_.py b/migrations/versions/2020_010120_d29cca963221_.py new file mode 100644 index 00000000..291f2aeb --- /dev/null +++ b/migrations/versions/2020_010120_d29cca963221_.py @@ -0,0 +1,39 @@ +"""empty message + +Revision ID: d29cca963221 +Revises: 01f808f15b2e +Create Date: 2020-01-01 20:01:51.861329 + +""" +import sqlalchemy_utils +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = 'd29cca963221' +down_revision = '01f808f15b2e' +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.create_table('lifetime_coupon', + sa.Column('id', sa.Integer(), autoincrement=True, nullable=False), + sa.Column('created_at', sqlalchemy_utils.types.arrow.ArrowType(), nullable=False), + sa.Column('updated_at', sqlalchemy_utils.types.arrow.ArrowType(), nullable=True), + sa.Column('code', sa.String(length=128), nullable=False), + sa.Column('nb_used', sa.Integer(), nullable=False), + sa.PrimaryKeyConstraint('id'), + sa.UniqueConstraint('code') + ) + op.add_column('users', sa.Column('lifetime', sa.Boolean(), server_default='0', nullable=False)) + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.drop_column('users', 'lifetime') + op.drop_table('lifetime_coupon') + # ### end Alembic commands ### From dc53d77a71a05dcf1b0b5e84142228e89699bf56 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 20:02:48 +0100 Subject: [PATCH 18/76] User is premium if they have lifetime deal --- app/models.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/models.py b/app/models.py index 427d45a9..5557eee6 100644 --- a/app/models.py +++ b/app/models.py @@ -146,6 +146,9 @@ class User(db.Model, ModelMixin, UserMixin): def is_premium(self): """user is premium if they have a active subscription""" + if self.lifetime: + return True + sub: Subscription = self.get_subscription() if sub: return True From 3c05230bd32d5b77c7c677fb899a13c20ce78242 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 20:04:39 +0100 Subject: [PATCH 19/76] User can use lifetime coupon --- .../templates/dashboard/pricing.html | 20 ++++++++++ app/dashboard/views/pricing.py | 37 +++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/app/dashboard/templates/dashboard/pricing.html b/app/dashboard/templates/dashboard/pricing.html index b1b0b0db..b7306dd0 100644 --- a/app/dashboard/templates/dashboard/pricing.html +++ b/app/dashboard/templates/dashboard/pricing.html @@ -52,6 +52,26 @@ Yearly
$29.99/year + +
+ +
+ {{ coupon_form.csrf_token }} + + +
Coupon
+
+ If you have a lifetime coupon, please paste it here.
+ For information, we offer free premium account for education (student, professor or technical staff working at + an educational institute).
+ Drop us an email at hi@simplelogin.io with your student ID or certificate to get the coupon. +
+ + + {{ coupon_form.code(class="form-control", placeholder="Coupon") }} + {{ render_field_errors(coupon_form.code) }} + +

+ + + + + + + + + + + + + + + + + + + +

diff --git a/app/dashboard/views/pricing.py b/app/dashboard/views/pricing.py index d29891bc..aa74ea34 100644 --- a/app/dashboard/views/pricing.py +++ b/app/dashboard/views/pricing.py @@ -1,13 +1,23 @@ from flask import render_template, flash, redirect, url_for from flask_login import login_required, current_user +from flask_wtf import FlaskForm +from wtforms import StringField, validators from app.config import ( PADDLE_VENDOR_ID, PADDLE_MONTHLY_PRODUCT_ID, PADDLE_YEARLY_PRODUCT_ID, URL, + ADMIN_EMAIL, ) from app.dashboard.base import dashboard_bp +from app.email_utils import send_email +from app.extensions import db +from app.models import LifetimeCoupon + + +class CouponForm(FlaskForm): + code = StringField("Coupon Code", validators=[validators.DataRequired()]) @dashboard_bp.route("/pricing", methods=["GET", "POST"]) @@ -18,12 +28,39 @@ def pricing(): flash("You are already a premium user", "warning") return redirect(url_for("dashboard.index")) + coupon_form = CouponForm() + + if coupon_form.validate_on_submit(): + code = coupon_form.code.data + + coupon = LifetimeCoupon.get_by(code=code) + + if coupon and coupon.nb_used > 0: + coupon.nb_used -= 1 + current_user.lifetime = True + db.session.commit() + + # notify admin + send_email( + ADMIN_EMAIL, + subject=f"User {current_user.id} used lifetime coupon. Coupon nb_used: {coupon.nb_used}", + plaintext="", + html="", + ) + + flash("You are upgraded to lifetime premium!", "success") + return redirect(url_for("dashboard.index")) + + else: + flash(f"Coupon *{code}* expired or invalid", "warning") + return render_template( "dashboard/pricing.html", PADDLE_VENDOR_ID=PADDLE_VENDOR_ID, PADDLE_MONTHLY_PRODUCT_ID=PADDLE_MONTHLY_PRODUCT_ID, PADDLE_YEARLY_PRODUCT_ID=PADDLE_YEARLY_PRODUCT_ID, success_url=URL + "/dashboard/subscription_success", + coupon_form=coupon_form, ) From 4f980ffd9414861cef7699d4cb99b8e6035c1f89 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 20:05:10 +0100 Subject: [PATCH 20/76] add lifetime coupon to fake_data --- server.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server.py b/server.py index f70d4d0d..2afae7e9 100644 --- a/server.py +++ b/server.py @@ -6,7 +6,6 @@ import sentry_sdk from flask import Flask, redirect, url_for, render_template, request, jsonify from flask_admin import Admin from flask_cors import cross_origin -from flask_debugtoolbar import DebugToolbarExtension from flask_login import current_user from sentry_sdk.integrations.flask import FlaskIntegration @@ -39,6 +38,7 @@ from app.models import ( PlanEnum, ApiKey, CustomDomain, + LifetimeCoupon, ) from app.monitor.base import monitor_bp from app.oauth.base import oauth_bp @@ -101,6 +101,9 @@ def fake_data(): ) db.session.commit() + LifetimeCoupon.create(code="coupon", nb_used=10) + db.session.commit() + # Create a subscription for user Subscription.create( user_id=user.id, From 6a1c5bebaaf657cdcbbce020d752e8e6f20833bb Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 22:47:04 +0100 Subject: [PATCH 21/76] add flask-profiler to requirements --- requirements.in | 3 ++- requirements.txt | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/requirements.in b/requirements.in index 1feb16a2..7cfc98ac 100644 --- a/requirements.in +++ b/requirements.in @@ -32,4 +32,5 @@ coloredlogs pycryptodome phpserialize dkimpy -pyotp \ No newline at end of file +pyotp +flask_profiler \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index d1785ff9..b5652536 100644 --- a/requirements.txt +++ b/requirements.txt @@ -34,8 +34,10 @@ docutils==0.14 # via botocore flask-admin==1.5.3 flask-cors==3.0.8 flask-debugtoolbar==0.10.1 +flask-httpauth==3.3.0 # via flask-profiler flask-login==0.4.1 flask-migrate==2.5.2 +flask-profiler==1.8.1 flask-sqlalchemy==2.4.0 flask-wtf==0.14.2 flask==1.0.3 @@ -83,6 +85,7 @@ requests==2.22.0 # via requests-oauthlib ruamel.yaml==0.15.97 # via strictyaml s3transfer==0.2.1 # via boto3 sentry-sdk==0.13.5 +simplejson==3.17.0 # via flask-profiler six==1.12.0 # via bcrypt, cryptography, flask-cors, packaging, pip-tools, prompt-toolkit, pyopenssl, pytest, python-dateutil, sqlalchemy-utils, traitlets sqlalchemy-utils==0.33.11 sqlalchemy==1.3.12 # via alembic, flask-sqlalchemy, sqlalchemy-utils From e609404e6f506eb212f902de517b491ff0e641d3 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 22:54:33 +0100 Subject: [PATCH 22/76] Add FLASK_PROFILER_PATH, FLASK_PROFILER_PASSWORD setting --- .env.example | 4 ++++ app/config.py | 3 +++ 2 files changed, 7 insertions(+) diff --git a/.env.example b/.env.example index ac76ee16..6b060098 100644 --- a/.env.example +++ b/.env.example @@ -86,3 +86,7 @@ GOOGLE_CLIENT_SECRET=to_fill # Facebook FACEBOOK_CLIENT_ID=to_fill FACEBOOK_CLIENT_SECRET=to_fill + +# Flask profiler +# FLASK_PROFILER_PATH=/tmp/flask-profiler.sql +# FLASK_PROFILER_PASSWORD=password \ No newline at end of file diff --git a/app/config.py b/app/config.py index 047178d5..ae2082ee 100644 --- a/app/config.py +++ b/app/config.py @@ -125,3 +125,6 @@ AVATAR_URL_EXPIRATION = 3600 * 24 * 7 # 1h*24h/d*7d=1week # session key HIGHLIGHT_GEN_EMAIL_ID = "highlight_gen_email_id" MFA_USER_ID = "mfa_user_id" + +FLASK_PROFILER_PATH = os.environ.get("FLASK_PROFILER_PATH") +FLASK_PROFILER_PASSWORD = os.environ.get("FLASK_PROFILER_PASSWORD") From d3f82338448664f732432c106bf8595f85439217 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 22:54:49 +0100 Subject: [PATCH 23/76] Enable flask-profiler if FLASK_PROFILER_PATH is set --- server.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/server.py b/server.py index f70d4d0d..d0771d5d 100644 --- a/server.py +++ b/server.py @@ -6,8 +6,8 @@ import sentry_sdk from flask import Flask, redirect, url_for, render_template, request, jsonify from flask_admin import Admin from flask_cors import cross_origin -from flask_debugtoolbar import DebugToolbarExtension from flask_login import current_user +import flask_profiler from sentry_sdk.integrations.flask import FlaskIntegration from app import paddle_utils @@ -22,6 +22,8 @@ from app.config import ( SHA1, PADDLE_MONTHLY_PRODUCT_ID, RESET_DB, + FLASK_PROFILER_PATH, + FLASK_PROFILER_PASSWORD, ) from app.dashboard.base import dashboard_bp from app.developer.base import developer_bp @@ -77,6 +79,20 @@ def create_app() -> Flask: init_admin(app) setup_paddle_callback(app) + if FLASK_PROFILER_PATH: + LOG.d("Enable flask-profiler") + app.config["flask_profiler"] = { + "enabled": True, + "storage": {"engine": "sqlite", "FILE": FLASK_PROFILER_PATH}, + "basicAuth": { + "enabled": True, + "username": "admin", + "password": FLASK_PROFILER_PASSWORD, + }, + "ignore": ["^/static/.*"], + } + flask_profiler.init_app(app) + return app From 064e10771b59de7a04bc21cba4540428e7c7b95c Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 23:20:28 +0100 Subject: [PATCH 24/76] Ignore /git and /exception in flask-profiler --- server.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server.py b/server.py index d0771d5d..eac981ac 100644 --- a/server.py +++ b/server.py @@ -2,12 +2,12 @@ import os import ssl import arrow +import flask_profiler import sentry_sdk from flask import Flask, redirect, url_for, render_template, request, jsonify from flask_admin import Admin from flask_cors import cross_origin from flask_login import current_user -import flask_profiler from sentry_sdk.integrations.flask import FlaskIntegration from app import paddle_utils @@ -89,7 +89,7 @@ def create_app() -> Flask: "username": "admin", "password": FLASK_PROFILER_PASSWORD, }, - "ignore": ["^/static/.*"], + "ignore": ["^/static/.*", "/git", "/exception" ], } flask_profiler.init_app(app) From 6dd782733048a289885fb60675369c4ce69ffbd3 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 23:22:34 +0100 Subject: [PATCH 25/76] fix formatting --- server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server.py b/server.py index eac981ac..605d28c4 100644 --- a/server.py +++ b/server.py @@ -89,7 +89,7 @@ def create_app() -> Flask: "username": "admin", "password": FLASK_PROFILER_PASSWORD, }, - "ignore": ["^/static/.*", "/git", "/exception" ], + "ignore": ["^/static/.*", "/git", "/exception"], } flask_profiler.init_app(app) From 5d253101057db4d020e26299950175c9102c953b Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 23:51:22 +0100 Subject: [PATCH 26/76] Fix subscription might not exist --- server.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server.py b/server.py index 725c9c8f..79133514 100644 --- a/server.py +++ b/server.py @@ -367,9 +367,9 @@ def setup_paddle_callback(app: Flask): LOG.debug("Cancel subscription %s", subscription_id) sub: Subscription = Subscription.get_by(subscription_id=subscription_id) - sub.cancelled = True - - db.session.commit() + if sub: + sub.cancelled = True + db.session.commit() return "OK" From ee3c75244e258242f74ff565eb36cc243a908c13 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 23:51:40 +0100 Subject: [PATCH 27/76] Fix custom domain has been added before --- app/dashboard/views/custom_domain.py | 30 +++++++++++++++++----------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/app/dashboard/views/custom_domain.py b/app/dashboard/views/custom_domain.py index ba4ed7d6..c05cfff0 100644 --- a/app/dashboard/views/custom_domain.py +++ b/app/dashboard/views/custom_domain.py @@ -31,19 +31,25 @@ def custom_domain(): if request.method == "POST": if request.form.get("form-name") == "create": if new_custom_domain_form.validate(): - new_custom_domain = CustomDomain.create( - domain=new_custom_domain_form.domain.data, user_id=current_user.id - ) - db.session.commit() - - flash(f"New domain {new_custom_domain.domain} is created", "success") - - return redirect( - url_for( - "dashboard.domain_detail_dns", - custom_domain_id=new_custom_domain.id, + new_domain = new_custom_domain_form.domain.data + if CustomDomain.get_by(domain=new_domain): + flash(f"{new_domain} already added", "warning") + else: + new_custom_domain = CustomDomain.create( + domain=new_domain, user_id=current_user.id + ) + db.session.commit() + + flash( + f"New domain {new_custom_domain.domain} is created", "success" + ) + + return redirect( + url_for( + "dashboard.domain_detail_dns", + custom_domain_id=new_custom_domain.id, + ) ) - ) return render_template( "dashboard/custom_domain.html", From 4c4c4a81b8ffd0032653bc9bb97bf8d5b2502dd3 Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 1 Jan 2020 23:52:25 +0100 Subject: [PATCH 28/76] autofocus mfa token input --- app/auth/templates/auth/mfa.html | 2 +- app/dashboard/templates/dashboard/mfa_cancel.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/auth/templates/auth/mfa.html b/app/auth/templates/auth/mfa.html index 6401e164..650d8dad 100644 --- a/app/auth/templates/auth/mfa.html +++ b/app/auth/templates/auth/mfa.html @@ -23,7 +23,7 @@ Authy) here
- {{ otp_token_form.token(class="form-control", placeholder="") }} + {{ otp_token_form.token(class="form-control", autofocus="true") }} {{ render_field_errors(otp_token_form.token) }} diff --git a/app/dashboard/templates/dashboard/mfa_cancel.html b/app/dashboard/templates/dashboard/mfa_cancel.html index 7d1fbdfb..64b1894c 100644 --- a/app/dashboard/templates/dashboard/mfa_cancel.html +++ b/app/dashboard/templates/dashboard/mfa_cancel.html @@ -18,7 +18,7 @@
Token
The 6-digit number displayed on your phone.
- {{ otp_token_form.token(class="form-control", placeholder="") }} + {{ otp_token_form.token(class="form-control", autofocus="true") }} {{ render_field_errors(otp_token_form.token) }} From 21cdb973f05dbfa3601d0e2d5eed2be9a8485371 Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 12:14:39 +0100 Subject: [PATCH 29/76] Improve intro --- app/dashboard/templates/dashboard/index.html | 35 ++++++++++++-------- templates/menu.html | 5 +-- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/app/dashboard/templates/dashboard/index.html b/app/dashboard/templates/dashboard/index.html index a3a2841c..c6c81c96 100644 --- a/app/dashboard/templates/dashboard/index.html +++ b/app/dashboard/templates/dashboard/index.html @@ -70,17 +70,17 @@ {% for alias_info in aliases %} {% set gen_email = alias_info.gen_email %} -
+
not be forwarded to your inbox.

This should be used with care as others might not be able to reach you after ... " + data-step="3" {% endif %} style="padding-left: 0px" > @@ -149,7 +150,11 @@ {% if gen_email.enabled %} -

+

Apps

diff --git a/templates/menu.html b/templates/menu.html index 6230b7d1..d89abeca 100644 --- a/templates/menu.html +++ b/templates/menu.html @@ -40,10 +40,7 @@ --> -
  • +
  • From 553777bc05172fe104fe7a16a0bbd64903b848b6 Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 12:14:49 +0100 Subject: [PATCH 30/76] Move intro button to footer --- app/dashboard/templates/dashboard/index.html | 48 ++++++++++---------- templates/footer.html | 8 ++++ templates/header.html | 10 ---- 3 files changed, 32 insertions(+), 34 deletions(-) diff --git a/app/dashboard/templates/dashboard/index.html b/app/dashboard/templates/dashboard/index.html index c6c81c96..f1e972e9 100644 --- a/app/dashboard/templates/dashboard/index.html +++ b/app/dashboard/templates/dashboard/index.html @@ -34,32 +34,32 @@
    -
    - - -
    - -
    -
    - - - - - -
    -
    -
    - - - -
    -
    + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    • diff --git a/templates/footer.html b/templates/footer.html index 0235e407..253cd0ab 100644 --- a/templates/footer.html +++ b/templates/footer.html @@ -22,6 +22,14 @@
  • Contact Us
    • +
  • +
    • diff --git a/templates/header.html b/templates/header.html index 48731ff8..175afa97 100644 --- a/templates/header.html +++ b/templates/header.html @@ -12,16 +12,6 @@
    {% endif %} -
    - - - -
    {% if current_user.profile_picture_id %} From 851eac604babf8de64c48e720527bd7122063a66 Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:04:18 +0100 Subject: [PATCH 31/76] Add Sentry SqlalchemyIntegration and AioHttpIntegration --- server.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/server.py b/server.py index 79133514..66c03f69 100644 --- a/server.py +++ b/server.py @@ -9,6 +9,9 @@ from flask_admin import Admin from flask_cors import cross_origin from flask_login import current_user from sentry_sdk.integrations.flask import FlaskIntegration +from sentry_sdk.integrations.sqlalchemy import SqlalchemyIntegration +from sentry_sdk.integrations.aiohttp import AioHttpIntegration + from app import paddle_utils from app.admin_model import SLModelView, SLAdminIndexView @@ -48,7 +51,14 @@ from app.oauth.base import oauth_bp if SENTRY_DSN: LOG.d("enable sentry") - sentry_sdk.init(dsn=SENTRY_DSN, integrations=[FlaskIntegration()]) + sentry_sdk.init( + dsn=SENTRY_DSN, + integrations=[ + FlaskIntegration(), + SqlalchemyIntegration(), + AioHttpIntegration(), + ], + ) # the app is served behin nginx which uses http and not https os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" From 2a05e320e175282567550aee87416d820d6dbffc Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:05:34 +0100 Subject: [PATCH 32/76] remove beta on send email button --- app/dashboard/templates/dashboard/index.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/dashboard/templates/dashboard/index.html b/app/dashboard/templates/dashboard/index.html index f1e972e9..b4b0a81b 100644 --- a/app/dashboard/templates/dashboard/index.html +++ b/app/dashboard/templates/dashboard/index.html @@ -158,10 +158,9 @@ {% endif %} class="btn btn-sm btn-outline-primary" data-toggle="tooltip" - title="Send email from alias" + title="Not only an alias can receive emails, it can send emails too" > Send Email     - Beta {% endif %}
    From be1b689463be8ac24fe42156911be996968ff0fa Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:08:37 +0100 Subject: [PATCH 33/76] Fix dns query could throw different kinds of exceptions --- app/dns_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/dns_utils.py b/app/dns_utils.py index 0110b343..56431843 100644 --- a/app/dns_utils.py +++ b/app/dns_utils.py @@ -7,7 +7,7 @@ def get_mx_domains(hostname) -> [(int, str)]: """ try: answers = dns.resolver.query(hostname, "MX") - except dns.resolver.NoAnswer: + except Exception: return [] ret = [] From 0327f755a16c52f71558e0e53dbb96d026cb76b4 Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:10:27 +0100 Subject: [PATCH 34/76] accept both GET and POST for / --- server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server.py b/server.py index 66c03f69..a9f29264 100644 --- a/server.py +++ b/server.py @@ -195,7 +195,7 @@ def register_blueprints(app: Flask): def set_index_page(app): - @app.route("/") + @app.route("/", methods=["GET", "POST"]) def index(): if current_user.is_authenticated: return redirect(url_for("dashboard.index")) From 970421957683ce7bedbfe9fcddd48eb8ddce84fd Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:12:03 +0100 Subject: [PATCH 35/76] Fix product tour wording --- app/dashboard/templates/dashboard/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/dashboard/templates/dashboard/index.html b/app/dashboard/templates/dashboard/index.html index b4b0a81b..b270dc66 100644 --- a/app/dashboard/templates/dashboard/index.html +++ b/app/dashboard/templates/dashboard/index.html @@ -152,8 +152,8 @@ {% if alias_info.show_intro_test_send_email %} data-intro="Not only alias can receive emails, it can send emails too!

    You can add a new contact to for your alias here.

    - To send an email to your contact, SimpleLogin will create a special email address:
    - sending an email to this email address will forward your email to your contact" + To send an email to your contact, SimpleLogin will create a special email address.

    + Sending an email to this email address will forward the email to your contact" data-step="4" {% endif %} class="btn btn-sm btn-outline-primary" From fc985d64d9e66b5b6ca35e45e32bd563492d233f Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:15:08 +0100 Subject: [PATCH 36/76] Use catch-all for all dns query --- app/dns_utils.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/dns_utils.py b/app/dns_utils.py index 56431843..cb0f1799 100644 --- a/app/dns_utils.py +++ b/app/dns_utils.py @@ -28,7 +28,7 @@ def get_spf_domain(hostname) -> [str]: """return all domains listed in *include:*""" try: answers = dns.resolver.query(hostname, "TXT") - except dns.resolver.NoAnswer: + except Exception: return [] ret = [] @@ -49,7 +49,7 @@ def get_spf_domain(hostname) -> [str]: def get_txt_record(hostname) -> [str]: try: answers = dns.resolver.query(hostname, "TXT") - except dns.resolver.NoAnswer: + except Exception: return [] ret = [] @@ -67,7 +67,7 @@ def get_dkim_record(hostname) -> str: """query the dkim._domainkey.{hostname} record and returns its value""" try: answers = dns.resolver.query(f"dkim._domainkey.{hostname}", "TXT") - except dns.resolver.NoAnswer: + except Exception: return "" ret = [] From 3edd5f0b82cbc1ca59738e376aa8a8f59bfab636 Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:21:54 +0100 Subject: [PATCH 37/76] Show something when there's no DNS record --- app/dashboard/templates/dashboard/domain_detail/dns.html | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/dashboard/templates/dashboard/domain_detail/dns.html b/app/dashboard/templates/dashboard/domain_detail/dns.html index a6a78dc5..6207a708 100644 --- a/app/dashboard/templates/dashboard/domain_detail/dns.html +++ b/app/dashboard/templates/dashboard/domain_detail/dns.html @@ -56,6 +56,9 @@
    Your DNS is not correctly set. The MX record we obtain is:
    + {% if not mx_errors %} + (Empty) + {% endif %} {% for r in mx_errors %} {{ r }}
    {% endfor %} @@ -112,6 +115,10 @@
    Your DNS is not correctly set. The TXT record we obtain is:
    + {% if not spf_errors %} + (Empty) + {% endif %} + {% for r in spf_errors %} {{ r }}
    {% endfor %} From ab3fe8a6267b5aee4ea7da35801c52a24f7e46bc Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:22:09 +0100 Subject: [PATCH 38/76] Flash errors when MX, SPF or DKIM fail --- app/dashboard/views/domain_detail.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/dashboard/views/domain_detail.py b/app/dashboard/views/domain_detail.py index c0557c26..88bcf98b 100644 --- a/app/dashboard/views/domain_detail.py +++ b/app/dashboard/views/domain_detail.py @@ -34,6 +34,7 @@ def domain_detail_dns(custom_domain_id): mx_domains = get_mx_domains(custom_domain.domain) if sorted(mx_domains) != sorted(EMAIL_SERVERS_WITH_PRIORITY): + flash("The MX record is not correctly set", "warning") mx_ok = False # build mx_errors to show to user mx_errors = [ @@ -63,7 +64,10 @@ def domain_detail_dns(custom_domain_id): ) ) else: - flash(f"{EMAIL_DOMAIN} is not included in your SPF record.", "warning") + flash( + f"SPF: {EMAIL_DOMAIN} is not included in your SPF record.", + "warning", + ) spf_ok = False spf_errors = get_txt_record(custom_domain.domain) @@ -81,6 +85,7 @@ def domain_detail_dns(custom_domain_id): ) ) else: + flash("DKIM: the TXT record is not correctly set", "warning") dkim_ok = False dkim_errors = get_txt_record(f"dkim._domainkey.{custom_domain.domain}") From f986371ff589b5142056167666d9d2c19c16d15b Mon Sep 17 00:00:00 2001 From: Son NK Date: Thu, 2 Jan 2020 22:39:08 +0100 Subject: [PATCH 39/76] make sure to scroll to the same position in DNS page --- app/dashboard/templates/dashboard/domain_detail/dns.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/dashboard/templates/dashboard/domain_detail/dns.html b/app/dashboard/templates/dashboard/domain_detail/dns.html index 6207a708..f029f8b2 100644 --- a/app/dashboard/templates/dashboard/domain_detail/dns.html +++ b/app/dashboard/templates/dashboard/domain_detail/dns.html @@ -39,7 +39,7 @@
    {% endfor %} -
    + {% if custom_domain.verified %}
    - + {% if custom_domain.spf_verified %}
    - + {% if custom_domain.dkim_verified %}
    -
    +
    🔐 Secure payments by - Paddle + Paddle
    -
    +
    + Please note that Paddle only supports bank card or PayPal.
    + Send us an email at hi@simplelogin.io if you need other payment options (e.g. IBAN transfer). +
    - - @@ -64,13 +70,13 @@ If you have a lifetime coupon, please paste it here.
    For information, we offer free premium account for education (student, professor or technical staff working at an educational institute).
    - Drop us an email at hi@simplelogin.io with your student ID or certificate to get the coupon. + Drop us an email at hi@simplelogin.io with your student ID or certificate to get the coupon.
    {{ coupon_form.code(class="form-control", placeholder="Coupon") }} {{ render_field_errors(coupon_form.code) }} - +
    From 5053d343d1747f82ad84df51680656ddca6d07d1 Mon Sep 17 00:00:00 2001 From: Son NK Date: Fri, 3 Jan 2020 22:40:44 +0100 Subject: [PATCH 43/76] Split lifetime licence to a separate page --- app/dashboard/__init__.py | 1 + .../templates/dashboard/lifetime_licence.html | 29 ++++++++++ .../templates/dashboard/pricing.html | 23 ++------ app/dashboard/views/lifetime_licence.py | 57 +++++++++++++++++++ app/dashboard/views/pricing.py | 37 ------------ 5 files changed, 91 insertions(+), 56 deletions(-) create mode 100644 app/dashboard/templates/dashboard/lifetime_licence.html create mode 100644 app/dashboard/views/lifetime_licence.py diff --git a/app/dashboard/__init__.py b/app/dashboard/__init__.py index 3c3f87f8..4fa49b9a 100644 --- a/app/dashboard/__init__.py +++ b/app/dashboard/__init__.py @@ -12,4 +12,5 @@ from .views import ( mfa_setup, mfa_cancel, domain_detail, + lifetime_licence, ) diff --git a/app/dashboard/templates/dashboard/lifetime_licence.html b/app/dashboard/templates/dashboard/lifetime_licence.html new file mode 100644 index 00000000..1e1bf09a --- /dev/null +++ b/app/dashboard/templates/dashboard/lifetime_licence.html @@ -0,0 +1,29 @@ +{% extends 'default.html' %} + +{% set active_page = "dashboard" %} + +{% block title %} + Lifetime Licence +{% endblock %} + +{% block default_content %} +
    +

    Lifetime Licence

    + +
    + If you have a lifetime licence, please paste it here.
    + For information, we offer free premium account for education (student, professor or technical staff working at + an educational institute).
    + Drop us an email at hi@simplelogin.io with your student ID or certificate to get the lifetime licence. +
    + +
    + {{ coupon_form.csrf_token }} + + {{ coupon_form.code(class="form-control", placeholder="Licence Code") }} + {{ render_field_errors(coupon_form.code) }} + +
    +
    + +{% endblock %} \ No newline at end of file diff --git a/app/dashboard/templates/dashboard/pricing.html b/app/dashboard/templates/dashboard/pricing.html index b3f43b70..923b4815 100644 --- a/app/dashboard/templates/dashboard/pricing.html +++ b/app/dashboard/templates/dashboard/pricing.html @@ -46,7 +46,8 @@
    Please note that Paddle only supports bank card or PayPal.
    - Send us an email at hi@simplelogin.io if you need other payment options (e.g. IBAN transfer). + Send us an email at hi@simplelogin.io if you need other payment options + (e.g. IBAN transfer).
    - -
    - {{ coupon_form.csrf_token }} - - -
    Coupon
    -
    - If you have a lifetime coupon, please paste it here.
    - For information, we offer free premium account for education (student, professor or technical staff working at - an educational institute).
    - Drop us an email at hi@simplelogin.io with your student ID or certificate to get the coupon. -
    - - - {{ coupon_form.code(class="form-control", placeholder="Coupon") }} - {{ render_field_errors(coupon_form.code) }} - -
    + If you have a lifetime licence, please go to this page to apply your licence code. + Lifetime Licence
    diff --git a/app/dashboard/views/lifetime_licence.py b/app/dashboard/views/lifetime_licence.py new file mode 100644 index 00000000..66511abb --- /dev/null +++ b/app/dashboard/views/lifetime_licence.py @@ -0,0 +1,57 @@ +from flask import render_template, flash, redirect, url_for +from flask_login import login_required, current_user +from flask_wtf import FlaskForm +from wtforms import StringField, validators + +from app.config import ( + PADDLE_VENDOR_ID, + PADDLE_MONTHLY_PRODUCT_ID, + PADDLE_YEARLY_PRODUCT_ID, + URL, + ADMIN_EMAIL, +) +from app.dashboard.base import dashboard_bp +from app.email_utils import send_email +from app.extensions import db +from app.models import LifetimeCoupon + + +class CouponForm(FlaskForm): + code = StringField("Coupon Code", validators=[validators.DataRequired()]) + + +@dashboard_bp.route("/lifetime_licence", methods=["GET", "POST"]) +@login_required +def lifetime_licence(): + # sanity check: make sure this page is only for free user + if current_user.is_premium(): + flash("You are already a premium user", "warning") + return redirect(url_for("dashboard.index")) + + coupon_form = CouponForm() + + if coupon_form.validate_on_submit(): + code = coupon_form.code.data + + coupon = LifetimeCoupon.get_by(code=code) + + if coupon and coupon.nb_used > 0: + coupon.nb_used -= 1 + current_user.lifetime = True + db.session.commit() + + # notify admin + send_email( + ADMIN_EMAIL, + subject=f"User {current_user.id} used lifetime coupon. Coupon nb_used: {coupon.nb_used}", + plaintext="", + html="", + ) + + flash("You are upgraded to lifetime premium!", "success") + return redirect(url_for("dashboard.index")) + + else: + flash(f"Code *{code}* expired or invalid", "warning") + + return render_template("dashboard/lifetime_licence.html", coupon_form=coupon_form) diff --git a/app/dashboard/views/pricing.py b/app/dashboard/views/pricing.py index aa74ea34..d29891bc 100644 --- a/app/dashboard/views/pricing.py +++ b/app/dashboard/views/pricing.py @@ -1,23 +1,13 @@ from flask import render_template, flash, redirect, url_for from flask_login import login_required, current_user -from flask_wtf import FlaskForm -from wtforms import StringField, validators from app.config import ( PADDLE_VENDOR_ID, PADDLE_MONTHLY_PRODUCT_ID, PADDLE_YEARLY_PRODUCT_ID, URL, - ADMIN_EMAIL, ) from app.dashboard.base import dashboard_bp -from app.email_utils import send_email -from app.extensions import db -from app.models import LifetimeCoupon - - -class CouponForm(FlaskForm): - code = StringField("Coupon Code", validators=[validators.DataRequired()]) @dashboard_bp.route("/pricing", methods=["GET", "POST"]) @@ -28,39 +18,12 @@ def pricing(): flash("You are already a premium user", "warning") return redirect(url_for("dashboard.index")) - coupon_form = CouponForm() - - if coupon_form.validate_on_submit(): - code = coupon_form.code.data - - coupon = LifetimeCoupon.get_by(code=code) - - if coupon and coupon.nb_used > 0: - coupon.nb_used -= 1 - current_user.lifetime = True - db.session.commit() - - # notify admin - send_email( - ADMIN_EMAIL, - subject=f"User {current_user.id} used lifetime coupon. Coupon nb_used: {coupon.nb_used}", - plaintext="", - html="", - ) - - flash("You are upgraded to lifetime premium!", "success") - return redirect(url_for("dashboard.index")) - - else: - flash(f"Coupon *{code}* expired or invalid", "warning") - return render_template( "dashboard/pricing.html", PADDLE_VENDOR_ID=PADDLE_VENDOR_ID, PADDLE_MONTHLY_PRODUCT_ID=PADDLE_MONTHLY_PRODUCT_ID, PADDLE_YEARLY_PRODUCT_ID=PADDLE_YEARLY_PRODUCT_ID, success_url=URL + "/dashboard/subscription_success", - coupon_form=coupon_form, ) From 35aa8f14381fa2ee5ecf0cece2451966b9d088b2 Mon Sep 17 00:00:00 2001 From: Son NK Date: Fri, 3 Jan 2020 23:13:52 +0100 Subject: [PATCH 44/76] add GoatCounter analytics --- server.py | 18 ++++++++++++++++++ templates/base.html | 25 +++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/server.py b/server.py index a9f29264..08d95c42 100644 --- a/server.py +++ b/server.py @@ -89,6 +89,7 @@ def create_app() -> Flask: init_admin(app) setup_paddle_callback(app) + setup_do_not_track(app) if FLASK_PROFILER_PATH: LOG.d("Enable flask-profiler") @@ -401,6 +402,23 @@ def init_admin(app): admin.add_view(SLModelView(ClientUser, db.session)) +def setup_do_not_track(app): + @app.route("/dnt") + def do_not_track(): + return """ + + """ + + if __name__ == "__main__": app = create_app() diff --git a/templates/base.html b/templates/base.html index 48614e93..8c49aeda 100644 --- a/templates/base.html +++ b/templates/base.html @@ -128,5 +128,30 @@ {% block script %} {% endblock %} + + \ No newline at end of file From 4208ba379f81c6569bb288ee160c75543dd7e786 Mon Sep 17 00:00:00 2001 From: Son NK Date: Fri, 3 Jan 2020 23:42:35 +0100 Subject: [PATCH 45/76] Fix user could go to MFA page directly --- app/auth/views/mfa.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/app/auth/views/mfa.py b/app/auth/views/mfa.py index cc21727d..6565664c 100644 --- a/app/auth/views/mfa.py +++ b/app/auth/views/mfa.py @@ -17,11 +17,18 @@ class OtpTokenForm(FlaskForm): @auth_bp.route("/mfa", methods=["GET", "POST"]) def mfa(): # passed from login page - user_id = session[MFA_USER_ID] + user_id = session.get(MFA_USER_ID) + + # user access this page directly without passing by login page + if not user_id: + flash("Unknown error, redirect back to main page", "warning") + return redirect(url_for("dashboard.index")) + user = User.get(user_id) - if not user.enable_otp: - raise Exception("Only user with MFA enabled should go to this page. %s", user) + if not (user and user.enable_otp): + flash("Only user with MFA enabled should go to this page", "warning") + return redirect(url_for("dashboard.index")) otp_token_form = OtpTokenForm() next_url = request.args.get("next") From 837ab8258e82249337e7ffe5b63e4bc7f4e8372a Mon Sep 17 00:00:00 2001 From: Son NK Date: Fri, 3 Jan 2020 23:50:34 +0100 Subject: [PATCH 46/76] redirect to login page instead --- app/auth/views/mfa.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/auth/views/mfa.py b/app/auth/views/mfa.py index 6565664c..3920c33b 100644 --- a/app/auth/views/mfa.py +++ b/app/auth/views/mfa.py @@ -22,13 +22,13 @@ def mfa(): # user access this page directly without passing by login page if not user_id: flash("Unknown error, redirect back to main page", "warning") - return redirect(url_for("dashboard.index")) + return redirect(url_for("auth.login")) user = User.get(user_id) if not (user and user.enable_otp): flash("Only user with MFA enabled should go to this page", "warning") - return redirect(url_for("dashboard.index")) + return redirect(url_for("auth.login")) otp_token_form = OtpTokenForm() next_url = request.args.get("next") From d6aa6e7b9490ed5b87108498292c01de58b9d3ab Mon Sep 17 00:00:00 2001 From: Son NK Date: Sat, 4 Jan 2020 10:24:01 +0100 Subject: [PATCH 47/76] Make sure to user lowercase for user email --- app/auth/views/facebook.py | 4 +++- app/auth/views/github.py | 2 +- app/auth/views/google.py | 4 +++- app/auth/views/register.py | 4 +++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/app/auth/views/facebook.py b/app/auth/views/facebook.py index 6ada5445..c552cba6 100644 --- a/app/auth/views/facebook.py +++ b/app/auth/views/facebook.py @@ -103,7 +103,9 @@ def facebook_callback(): # create user else: LOG.d("create facebook user with %s", facebook_user_data) - user = User.create(email=email, name=facebook_user_data["name"], activated=True) + user = User.create( + email=email.lower(), name=facebook_user_data["name"], activated=True + ) if picture_url: LOG.d("set user profile picture to %s", picture_url) diff --git a/app/auth/views/github.py b/app/auth/views/github.py index c81a2b29..51bf0763 100644 --- a/app/auth/views/github.py +++ b/app/auth/views/github.py @@ -86,7 +86,7 @@ def github_callback(): if not user: LOG.d("create github user") user = User.create( - email=email, name=github_user_data.get("name") or "", activated=True + email=email.lower(), name=github_user_data.get("name") or "", activated=True ) db.session.commit() login_user(user) diff --git a/app/auth/views/google.py b/app/auth/views/google.py index 60480b1d..69dc9196 100644 --- a/app/auth/views/google.py +++ b/app/auth/views/google.py @@ -93,7 +93,9 @@ def google_callback(): # create user else: LOG.d("create google user with %s", google_user_data) - user = User.create(email=email, name=google_user_data["name"], activated=True) + user = User.create( + email=email.lower(), name=google_user_data["name"], activated=True + ) if picture_url: LOG.d("set user profile picture to %s", picture_url) diff --git a/app/auth/views/register.py b/app/auth/views/register.py index 7166c301..bb5b3b11 100644 --- a/app/auth/views/register.py +++ b/app/auth/views/register.py @@ -46,7 +46,9 @@ def register(): else: LOG.debug("create user %s", form.email.data) user = User.create( - email=form.email.data, name=form.name.data, password=form.password.data + email=form.email.data.lower(), + name=form.name.data, + password=form.password.data, ) db.session.commit() From 0dc901d05d6a10f8500794e41106bdd643b72c3f Mon Sep 17 00:00:00 2001 From: Son NK Date: Sat, 4 Jan 2020 10:25:19 +0100 Subject: [PATCH 48/76] make email lowercase before processing them --- email_handler.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/email_handler.py b/email_handler.py index 00608592..bd70b37d 100644 --- a/email_handler.py +++ b/email_handler.py @@ -31,7 +31,7 @@ It should contain the following info: """ import time -from email.message import EmailMessage +from email.message import Message from email.parser import Parser from email.policy import SMTPUTF8 from smtplib import SMTP @@ -85,11 +85,11 @@ class MailHandler: smtp = SMTP(POSTFIX_SERVER, 25) msg = Parser(policy=SMTPUTF8).parsestr(message_data) + rcpt_to = envelope.rcpt_tos[0].lower() + # Reply case # reply+ or ra+ (reverse-alias) prefix - if envelope.rcpt_tos[0].startswith("reply+") or envelope.rcpt_tos[0].startswith( - "ra+" - ): + if rcpt_to.startswith("reply+") or rcpt_to.startswith("ra+"): LOG.debug("Reply phase") app = new_app() @@ -102,9 +102,9 @@ class MailHandler: with app.app_context(): return self.handle_forward(envelope, smtp, msg) - def handle_forward(self, envelope, smtp: SMTP, msg: EmailMessage) -> str: + def handle_forward(self, envelope, smtp: SMTP, msg: Message) -> str: """return *status_code message*""" - alias = envelope.rcpt_tos[0] # alias@SL + alias = envelope.rcpt_tos[0].lower() # alias@SL gen_email = GenEmail.get_by(email=alias) if not gen_email: @@ -212,8 +212,8 @@ class MailHandler: db.session.commit() return "250 Message accepted for delivery" - def handle_reply(self, envelope, smtp: SMTP, msg: EmailMessage) -> str: - reply_email = envelope.rcpt_tos[0] + def handle_reply(self, envelope, smtp: SMTP, msg: Message) -> str: + reply_email = envelope.rcpt_tos[0].lower() # reply_email must end with EMAIL_DOMAIN if not reply_email.endswith(EMAIL_DOMAIN): @@ -230,7 +230,7 @@ class MailHandler: return "550 alias unknown by SimpleLogin" user_email = forward_email.gen_email.user.email - if envelope.mail_from != user_email: + if envelope.mail_from.lower() != user_email.lower(): LOG.error( f"Reply email can only be used by user email. Actual mail_from: %s. User email %s", envelope.mail_from, @@ -293,7 +293,7 @@ class MailHandler: return "250 Message accepted for delivery" -def add_or_replace_header(msg: EmailMessage, header: str, value: str): +def add_or_replace_header(msg: Message, header: str, value: str): try: msg.add_header(header, value) except ValueError: From 40c2040ddc78dac3310708e3b969f4b5198005a4 Mon Sep 17 00:00:00 2001 From: Son NK Date: Sat, 4 Jan 2020 10:58:19 +0100 Subject: [PATCH 49/76] use google nameserver --- app/dns_utils.py | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/app/dns_utils.py b/app/dns_utils.py index cb0f1799..a0e08b95 100644 --- a/app/dns_utils.py +++ b/app/dns_utils.py @@ -6,7 +6,12 @@ def get_mx_domains(hostname) -> [(int, str)]: domain name ends with a "." at the end. """ try: - answers = dns.resolver.query(hostname, "MX") + my_resolver = dns.resolver.Resolver() + + # 8.8.8.8 is Google's public DNS server + my_resolver.nameservers = ['8.8.8.8'] + + answers = my_resolver.query(hostname, "MX") except Exception: return [] @@ -27,7 +32,12 @@ _include_spf = "include:" def get_spf_domain(hostname) -> [str]: """return all domains listed in *include:*""" try: - answers = dns.resolver.query(hostname, "TXT") + my_resolver = dns.resolver.Resolver() + + # 8.8.8.8 is Google's public DNS server + my_resolver.nameservers = ['8.8.8.8'] + + answers = my_resolver.query(hostname, "TXT") except Exception: return [] @@ -48,7 +58,12 @@ def get_spf_domain(hostname) -> [str]: def get_txt_record(hostname) -> [str]: try: - answers = dns.resolver.query(hostname, "TXT") + my_resolver = dns.resolver.Resolver() + + # 8.8.8.8 is Google's public DNS server + my_resolver.nameservers = ['8.8.8.8'] + + answers = my_resolver.query(hostname, "TXT") except Exception: return [] @@ -66,7 +81,12 @@ def get_txt_record(hostname) -> [str]: def get_dkim_record(hostname) -> str: """query the dkim._domainkey.{hostname} record and returns its value""" try: - answers = dns.resolver.query(f"dkim._domainkey.{hostname}", "TXT") + my_resolver = dns.resolver.Resolver() + + # 8.8.8.8 is Google's public DNS server + my_resolver.nameservers = ['8.8.8.8'] + + answers = my_resolver.query(f"dkim._domainkey.{hostname}", "TXT") except Exception: return "" From 47f691cacf97cef0f6d16fa91784f2c8c39ae622 Mon Sep 17 00:00:00 2001 From: Son NK Date: Sat, 4 Jan 2020 11:00:59 +0100 Subject: [PATCH 50/76] fix formatting --- app/dns_utils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/dns_utils.py b/app/dns_utils.py index a0e08b95..493a3feb 100644 --- a/app/dns_utils.py +++ b/app/dns_utils.py @@ -9,7 +9,7 @@ def get_mx_domains(hostname) -> [(int, str)]: my_resolver = dns.resolver.Resolver() # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ['8.8.8.8'] + my_resolver.nameservers = ["8.8.8.8"] answers = my_resolver.query(hostname, "MX") except Exception: @@ -35,7 +35,7 @@ def get_spf_domain(hostname) -> [str]: my_resolver = dns.resolver.Resolver() # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ['8.8.8.8'] + my_resolver.nameservers = ["8.8.8.8"] answers = my_resolver.query(hostname, "TXT") except Exception: @@ -61,7 +61,7 @@ def get_txt_record(hostname) -> [str]: my_resolver = dns.resolver.Resolver() # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ['8.8.8.8'] + my_resolver.nameservers = ["8.8.8.8"] answers = my_resolver.query(hostname, "TXT") except Exception: @@ -84,7 +84,7 @@ def get_dkim_record(hostname) -> str: my_resolver = dns.resolver.Resolver() # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ['8.8.8.8'] + my_resolver.nameservers = ["8.8.8.8"] answers = my_resolver.query(f"dkim._domainkey.{hostname}", "TXT") except Exception: From 41329782a23ed2c871881c2ab2492054a611393a Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 19:01:38 +0100 Subject: [PATCH 51/76] refactor dns_utils and add test_dns_utils --- app/dns_utils.py | 42 ++++++++++++++--------------------------- tests/test_dns_utils.py | 30 +++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 28 deletions(-) create mode 100644 tests/test_dns_utils.py diff --git a/app/dns_utils.py b/app/dns_utils.py index 493a3feb..aed45c0f 100644 --- a/app/dns_utils.py +++ b/app/dns_utils.py @@ -1,17 +1,21 @@ import dns.resolver +def _get_dns_resolver(): + my_resolver = dns.resolver.Resolver() + + # 8.8.8.8 is Google's public DNS server + my_resolver.nameservers = ["8.8.8.8"] + + return my_resolver + + def get_mx_domains(hostname) -> [(int, str)]: """return list of (priority, domain name). domain name ends with a "." at the end. """ try: - my_resolver = dns.resolver.Resolver() - - # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ["8.8.8.8"] - - answers = my_resolver.query(hostname, "MX") + answers = _get_dns_resolver().query(hostname, "MX") except Exception: return [] @@ -32,12 +36,7 @@ _include_spf = "include:" def get_spf_domain(hostname) -> [str]: """return all domains listed in *include:*""" try: - my_resolver = dns.resolver.Resolver() - - # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ["8.8.8.8"] - - answers = my_resolver.query(hostname, "TXT") + answers = _get_dns_resolver().query(hostname, "TXT") except Exception: return [] @@ -58,22 +57,14 @@ def get_spf_domain(hostname) -> [str]: def get_txt_record(hostname) -> [str]: try: - my_resolver = dns.resolver.Resolver() - - # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ["8.8.8.8"] - - answers = my_resolver.query(hostname, "TXT") + answers = _get_dns_resolver().query(hostname, "TXT") except Exception: return [] ret = [] for a in answers: # type: dns.rdtypes.ANY.TXT.TXT - for record in a.strings: - record = record.decode() # record is bytes - - ret.append(a) + ret.append(a) return ret @@ -81,12 +72,7 @@ def get_txt_record(hostname) -> [str]: def get_dkim_record(hostname) -> str: """query the dkim._domainkey.{hostname} record and returns its value""" try: - my_resolver = dns.resolver.Resolver() - - # 8.8.8.8 is Google's public DNS server - my_resolver.nameservers = ["8.8.8.8"] - - answers = my_resolver.query(f"dkim._domainkey.{hostname}", "TXT") + answers = _get_dns_resolver().query(f"dkim._domainkey.{hostname}", "TXT") except Exception: return "" diff --git a/tests/test_dns_utils.py b/tests/test_dns_utils.py new file mode 100644 index 00000000..e03acbb6 --- /dev/null +++ b/tests/test_dns_utils.py @@ -0,0 +1,30 @@ +from app.dns_utils import * + +# use our own domain for test +_DOMAIN = "simplelogin.io" + + +def test_get_mx_domains(): + r = get_mx_domains(_DOMAIN) + + assert len(r) > 0 + + for x in r: + assert x[0] > 0 + assert x[1] + + +def test_get_spf_domain(): + r = get_spf_domain(_DOMAIN) + assert r == ["simplelogin.co"] + + +def test_get_txt_record(): + + r = get_txt_record(_DOMAIN) + assert len(r) > 0 + + +def test_get_dkim_record(): + r = get_dkim_record(_DOMAIN) + assert r.startswith("v=DKIM1; k=rsa;") From 4e84815375b79e4913863d589dd528f1b70e6da0 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Sun, 5 Jan 2020 19:45:29 +0100 Subject: [PATCH 52/76] let debug configurable --- app/config.py | 2 ++ server.py | 9 +++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/app/config.py b/app/config.py index ae2082ee..11608748 100644 --- a/app/config.py +++ b/app/config.py @@ -30,6 +30,8 @@ COLOR_LOG = "COLOR_LOG" in os.environ # Allow user to have 1 year of premium: set the expiration_date to 1 year more PROMO_CODE = "SIMPLEISBETTER" +# Debug mode +DEBUG = os.environ['DEBUG'] # Server url URL = os.environ["URL"] print(">>> URL:", URL) diff --git a/server.py b/server.py index 08d95c42..5425b926 100644 --- a/server.py +++ b/server.py @@ -18,6 +18,7 @@ from app.admin_model import SLModelView, SLAdminIndexView from app.api.base import api_bp from app.auth.base import auth_bp from app.config import ( + DEBUG, DB_URI, FLASK_SECRET, SENTRY_DSN, @@ -67,6 +68,8 @@ os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" def create_app() -> Flask: app = Flask(__name__) app.url_map.strict_slashes = False + app.debug = DEBUG + os.environ["FLASK_DEBUG"] = DEBUG app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False @@ -422,8 +425,6 @@ window.location.href = "/"; if __name__ == "__main__": app = create_app() - app.debug = True - # enable flask toolbar # app.config["DEBUG_TB_PROFILER_ENABLED"] = True # app.config["DEBUG_TB_INTERCEPT_REDIRECTS"] = False @@ -444,6 +445,6 @@ if __name__ == "__main__": context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) context.load_cert_chain("local_data/cert.pem", "local_data/key.pem") - app.run(debug=True, host="0.0.0.0", port=7777, ssl_context=context) + app.run(host="0.0.0.0", port=7777, ssl_context=context) else: - app.run(debug=True, host="0.0.0.0", port=7777) + app.run(host="0.0.0.0", port=7777) From 96da841062d77c13c6edfc31f95479d391c66527 Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 20:47:09 +0100 Subject: [PATCH 53/76] add /api/v2/alias/options that flattens the response --- app/api/views/alias_options.py | 75 +++++++++++++++++++++++++++++++++ tests/api/test_alias_options.py | 45 ++++++++++++++++++++ 2 files changed, 120 insertions(+) diff --git a/app/api/views/alias_options.py b/app/api/views/alias_options.py index 07b21c09..d3d3dcf4 100644 --- a/app/api/views/alias_options.py +++ b/app/api/views/alias_options.py @@ -78,3 +78,78 @@ def options(): ret["custom"]["suffixes"] = list(reversed(ret["custom"]["suffixes"])) return jsonify(ret) + + +@api_bp.route("/v2/alias/options") +@cross_origin() +@verify_api_key +def options_v2(): + """ + Return what options user has when creating new alias. + Input: + a valid api-key in "Authentication" header and + optional "hostname" in args + Output: cf README + can_create: bool + suffixes: [str] + prefix_suggestion: str + existing: [str] + recommendation: Optional dict + alias: str + hostname: str + + + """ + user = g.user + hostname = request.args.get("hostname") + + ret = { + "existing": [ + ge.email for ge in GenEmail.query.filter_by(user_id=user.id, enabled=True) + ], + "can_create": user.can_create_new_alias(), + "suffixes": [], + "prefix_suggestion": "", + } + + # recommendation alias if exist + if hostname: + # put the latest used alias first + q = ( + db.session.query(AliasUsedOn, GenEmail, User) + .filter( + AliasUsedOn.gen_email_id == GenEmail.id, + GenEmail.user_id == user.id, + AliasUsedOn.hostname == hostname, + ) + .order_by(desc(AliasUsedOn.created_at)) + ) + + r = q.first() + if r: + _, alias, _ = r + LOG.d("found alias %s %s %s", alias, hostname, user) + ret["recommendation"] = {"alias": alias.email, "hostname": hostname} + + # custom alias suggestion and suffix + if hostname: + # keep only the domain name of hostname, ignore TLD and subdomain + # for ex www.groupon.com -> groupon + domain_name = hostname + if "." in hostname: + parts = hostname.split(".") + domain_name = parts[-2] + domain_name = convert_to_id(domain_name) + ret["prefix_suggestion"] = domain_name + + # maybe better to make sure the suffix is never used before + # but this is ok as there's a check when creating a new custom alias + ret["suffixes"] = [f".{random_word()}@{EMAIL_DOMAIN}"] + + for custom_domain in user.verified_custom_domains(): + ret["suffixes"].append("@" + custom_domain.domain) + + # custom domain should be put first + ret["suffixes"] = list(reversed(ret["suffixes"])) + + return jsonify(ret) diff --git a/tests/api/test_alias_options.py b/tests/api/test_alias_options.py index 6f14901e..b7ac4e72 100644 --- a/tests/api/test_alias_options.py +++ b/tests/api/test_alias_options.py @@ -50,3 +50,48 @@ def test_different_scenarios(flask_client): ) assert r.json["recommendation"]["alias"] == alias.email assert r.json["recommendation"]["hostname"] == "www.test.com" + + +def test_different_scenarios_v2(flask_client): + user = User.create( + email="a@b.c", password="password", name="Test User", activated=True + ) + db.session.commit() + + # create api_key + api_key = ApiKey.create(user.id, "for test") + db.session.commit() + + # <<< without hostname >>> + r = flask_client.get( + url_for("api.options_v2"), headers={"Authentication": api_key.code} + ) + + assert r.status_code == 200 + # {'can_create': True, 'existing': ['my-first-alias.chat@sl.local'], 'prefix_suggestion': '', 'suffixes': ['.meo@sl.local']} + + assert r.json["can_create"] + assert len(r.json["existing"]) == 1 + assert r.json["suffixes"] + assert r.json["prefix_suggestion"] == "" # no hostname => no suggestion + + # <<< with hostname >>> + r = flask_client.get( + url_for("api.options_v2", hostname="www.test.com"), + headers={"Authentication": api_key.code}, + ) + + assert r.json["prefix_suggestion"] == "test" + + # <<< with recommendation >>> + alias = GenEmail.create_new(user.id, prefix="test") + db.session.commit() + AliasUsedOn.create(gen_email_id=alias.id, hostname="www.test.com") + db.session.commit() + + r = flask_client.get( + url_for("api.options_v2", hostname="www.test.com"), + headers={"Authentication": api_key.code}, + ) + assert r.json["recommendation"]["alias"] == alias.email + assert r.json["recommendation"]["hostname"] == "www.test.com" From 5b60869a3933bef5c426192872b0bf3772bdeb3c Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 20:47:56 +0100 Subject: [PATCH 54/76] Update API doc --- README.md | 90 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 56 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 21c7f764..578554b2 100644 --- a/README.md +++ b/README.md @@ -427,52 +427,74 @@ In every request, the extension sends - the `API Code` is set in `Authentication` header. The check is done via the `verify_api_key` wrapper, implemented in `app/api/base.py` -- the current website `hostname` which is the website subdomain name + domain name. For ex, if user is on `http://dashboard.example.com/path1/path2?query`, the subdomain is `dashboard.example.com`. This information is important to know where an alias is used in order to proposer to user the same alias if they want to create on alias on the same website in the future. The `hostname` is passed in the request query `?hostname=`, see `app/api/views/alias_options.py` for an example. +- (Optional but recommended) `hostname` passed in query string. hostname is the the URL hostname (cf https://en.wikipedia.org/wiki/URL), for ex if URL is http://www.example.com/index.html then the hostname is `www.example.com`. This information is important to know where an alias is used in order to suggest user the same alias if they want to create on alias on the same website in the future. -Currently, the latest extension uses the two following endpoints : +If error, the API returns 4** with body containing the error message, for example: -- `/alias/options`: returns what to suggest to user when they open the extension. - -``` -GET /alias/options hostname?="www.groupon.com" - -Response: a json with following structure. ? means optional field. - recommendation?: - alias: www_groupon_com@simplelogin.co - hostname: www.groupon.com - - custom: - suggestion: groupon - suffix: [@my_domain.com, .abcde@simplelogin.co] - - can_create_custom: true - - existing: - [email1, email2, ...] +```json +{"error": "request body cannot be empty"} ``` -- `/alias/custom/new`: allows user to create a new custom alias. +The error message is used mostly for debugging and should never be displayed to user as-is. -To try out the endpoint, you can use the following command. The command uses [httpie](https://httpie.org). -Make sure to replace `{api_key}` by your API Key obtained on https://app.simplelogin.io/dashboard/api_key +#### GET /api/v2/alias/options -``` -http https://app.simplelogin.io/api/alias/options \ - Authentication:{api_key} \ - hostname==www.google.com +User alias info and suggestion. Used by the first extension screen when user opens the extension. + +Input: +- `Authentication` header that contains the api key +- (Optional but recommended) `hostname` passed in query string. + +Output: a json with the following field: +- can_create: boolean. Whether user can create new alias +- suffixes: list of string. List of alias `suffix` that user can use. If user doesn't have custom domain, this list has a single element which is the alias default domain (simplelogin.co). +- prefix_suggestion: string. Suggestion for the `alias prefix`. Usually this is the website name extracted from `hostname`. If no `hostname`, then the `prefix_suggestion` is empty. +- existing: list of string. List of existing alias. +- recommendation: optional field, dictionary. If an alias is already used for this website, the recommendation will be returned. There are 2 subfields in `recommendation`: `alias` which is the recommended alias and `hostname` is the website on which this alias is used before. + +For ex: +```json +{ + "can_create": true, + "existing": [ + "my-first-alias.meo@sl.local", + "e1.cat@sl.local", + "e2.chat@sl.local", + "e3.cat@sl.local" + ], + "prefix_suggestion": "test", + "recommendation": { + "alias": "e1.cat@sl.local", + "hostname": "www.test.com" + }, + "suffixes": [ + "@very-long-domain.com.net.org", + "@ab.cd", + ".cat@sl.local" + ] +} ``` -``` -POST /alias/custom/new - prefix: www_groupon_com - suffix: @my_domain.com +#### POST /alias/custom/new -Response: - 201 -> OK {alias: "www_groupon_com@my_domain.com"} - 409 -> duplicated +Create a new custom alias. +Input: +- `Authentication` header that contains the api key +- (Optional but recommended) `hostname` passed in query string +- Request Message Body in json (`Content-Type` is `application/json`) + - alias_prefix: string. The first part of the alias that user can choose. + - alias_suffix: should be one of the suffixes returned in the `GET /api/v2/alias/options` endpoint. + +Output: +If success, 201 with the new alias, for example + +```json +{alias: "www_groupon_com@my_domain.com"} ``` +409 if the alias is already created. + ### Database migration The database migration is handled by `alembic` From d322d543af2a3187f44aef42676b6bfb79eb6577 Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 20:48:32 +0100 Subject: [PATCH 55/76] add more check to new custom alias --- app/api/views/new_custom_alias.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/app/api/views/new_custom_alias.py b/app/api/views/new_custom_alias.py index d3dd2b14..86b2919a 100644 --- a/app/api/views/new_custom_alias.py +++ b/app/api/views/new_custom_alias.py @@ -40,8 +40,11 @@ def new_custom_alias(): hostname = request.args.get("hostname") data = request.get_json() - alias_prefix = data["alias_prefix"] - alias_suffix = data["alias_suffix"] + if not data: + return jsonify(error="request body cannot be empty"), 400 + + alias_prefix = data.get("alias_prefix", "") + alias_suffix = data.get("alias_suffix", "") # make sure alias_prefix is not empty alias_prefix = alias_prefix.strip() From deba806d0fce37c08b7b00a8293b0d262459759a Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 21:09:54 +0100 Subject: [PATCH 56/76] Fix readme: "error" could be shown to user as-is --- README.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 578554b2..2556fd46 100644 --- a/README.md +++ b/README.md @@ -432,10 +432,15 @@ In every request, the extension sends If error, the API returns 4** with body containing the error message, for example: ```json -{"error": "request body cannot be empty"} +{ + "error": "request body cannot be empty" +} ``` -The error message is used mostly for debugging and should never be displayed to user as-is. +The error message could be displayed to user as-is, for example for when user exceeds their alias quota. +Some errors should be fixed during development however: for example error like `request body cannot be empty` is there to catch development error and should never be shown to user. + +All following endpoint return `401` status code if the API Key is incorrect. #### GET /api/v2/alias/options @@ -490,7 +495,9 @@ Output: If success, 201 with the new alias, for example ```json -{alias: "www_groupon_com@my_domain.com"} +{ + "alias": "www_groupon_com@my_domain.com" +} ``` 409 if the alias is already created. From c6db8db4a1fffc1fb75fc07700dff068dcf90607 Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 21:14:40 +0100 Subject: [PATCH 57/76] Improve error message --- app/api/views/new_custom_alias.py | 4 ++-- tests/api/test_new_custom_alias.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/api/views/new_custom_alias.py b/app/api/views/new_custom_alias.py index 86b2919a..767020f5 100644 --- a/app/api/views/new_custom_alias.py +++ b/app/api/views/new_custom_alias.py @@ -3,7 +3,7 @@ from flask import jsonify, request from flask_cors import cross_origin from app.api.base import api_bp, verify_api_key -from app.config import EMAIL_DOMAIN +from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN from app.extensions import db from app.log import LOG from app.models import GenEmail, AliasUsedOn @@ -31,7 +31,7 @@ def new_custom_alias(): return ( jsonify( error="You have reached the limitation of a free account with the maximum of " - "3 custom aliases, please upgrade your plan to create more custom aliases" + f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) diff --git a/tests/api/test_new_custom_alias.py b/tests/api/test_new_custom_alias.py index 35ae512c..4dabd645 100644 --- a/tests/api/test_new_custom_alias.py +++ b/tests/api/test_new_custom_alias.py @@ -48,5 +48,5 @@ def test_out_of_quota(flask_client): assert r.status_code == 400 assert r.json == { - "error": "You have reached the limitation of a free account with the maximum of 3 custom aliases, please upgrade your plan to create more custom aliases" + "error": "You have reached the limitation of a free account with the maximum of 3 aliases, please upgrade your plan to create more aliases" } From 377e6c657d5809a2dea0481cee7687e3e3e4d73a Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 21:15:16 +0100 Subject: [PATCH 58/76] add /api/alias/random/new --- README.md | 19 +++++++++-- app/api/__init__.py | 2 +- app/api/views/new_random_alias.py | 43 ++++++++++++++++++++++++ tests/api/test_new_random_alias.py | 52 ++++++++++++++++++++++++++++++ 4 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 app/api/views/new_random_alias.py create mode 100644 tests/api/test_new_random_alias.py diff --git a/README.md b/README.md index 2556fd46..a2c37df2 100644 --- a/README.md +++ b/README.md @@ -480,7 +480,7 @@ For ex: } ``` -#### POST /alias/custom/new +#### POST /api/alias/custom/new Create a new custom alias. @@ -500,7 +500,22 @@ If success, 201 with the new alias, for example } ``` -409 if the alias is already created. +#### POST /api/alias/random/new + +Create a new random alias. + +Input: +- `Authentication` header that contains the api key +- (Optional but recommended) `hostname` passed in query string + +Output: +If success, 201 with the new alias, for example + +```json +{ + "alias": "www_groupon_com@my_domain.com" +} +``` ### Database migration diff --git a/app/api/__init__.py b/app/api/__init__.py index 7ac2561f..612893b0 100644 --- a/app/api/__init__.py +++ b/app/api/__init__.py @@ -1 +1 @@ -from .views import alias_options, new_custom_alias +from .views import alias_options, new_custom_alias, new_random_alias diff --git a/app/api/views/new_random_alias.py b/app/api/views/new_random_alias.py new file mode 100644 index 00000000..7afe1f6d --- /dev/null +++ b/app/api/views/new_random_alias.py @@ -0,0 +1,43 @@ +from flask import g +from flask import jsonify, request +from flask_cors import cross_origin + +from app.api.base import api_bp, verify_api_key +from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN +from app.extensions import db +from app.log import LOG +from app.models import GenEmail, AliasUsedOn +from app.utils import convert_to_id + + +@api_bp.route("/alias/random/new", methods=["POST"]) +@cross_origin() +@verify_api_key +def new_random_alias(): + """ + Create a new random alias + Output: + 201 if success + + """ + user = g.user + if not user.can_create_new_alias(): + LOG.d("user %s cannot create new random alias", user) + return ( + jsonify( + error=f"You have reached the limitation of a free account with the maximum of " + f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" + ), + 400, + ) + + scheme = user.alias_generator + gen_email = GenEmail.create_new_random(user_id=user.id, scheme=scheme) + db.session.commit() + + hostname = request.args.get("hostname") + if hostname: + AliasUsedOn.create(gen_email_id=gen_email.id, hostname=hostname) + db.session.commit() + + return jsonify(alias=gen_email.email), 201 diff --git a/tests/api/test_new_random_alias.py b/tests/api/test_new_random_alias.py new file mode 100644 index 00000000..a50f3c1f --- /dev/null +++ b/tests/api/test_new_random_alias.py @@ -0,0 +1,52 @@ +from flask import url_for + +from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN +from app.extensions import db +from app.models import User, ApiKey, GenEmail + + +def test_success(flask_client): + user = User.create( + email="a@b.c", password="password", name="Test User", activated=True + ) + db.session.commit() + + # create api_key + api_key = ApiKey.create(user.id, "for test") + db.session.commit() + + r = flask_client.post( + url_for("api.new_random_alias", hostname="www.test.com"), + headers={"Authentication": api_key.code}, + ) + + assert r.status_code == 201 + assert r.json["alias"].endswith(EMAIL_DOMAIN) + + +def test_out_of_quota(flask_client): + user = User.create( + email="a@b.c", password="password", name="Test User", activated=True + ) + db.session.commit() + + # create api_key + api_key = ApiKey.create(user.id, "for test") + db.session.commit() + + # create 3 random alias to run out of quota + for _ in range(MAX_NB_EMAIL_FREE_PLAN): + GenEmail.create_new(user.id, prefix="test1") + GenEmail.create_new(user.id, prefix="test2") + GenEmail.create_new(user.id, prefix="test3") + + r = flask_client.post( + url_for("api.new_random_alias", hostname="www.test.com"), + headers={"Authentication": api_key.code}, + ) + + assert r.status_code == 400 + assert ( + r.json["error"] + == "You have reached the limitation of a free account with the maximum of 3 aliases, please upgrade your plan to create more aliases" + ) From f52f4c821b4428188d82042aa55d0af72f51018e Mon Sep 17 00:00:00 2001 From: Son NK Date: Sun, 5 Jan 2020 22:48:38 +0100 Subject: [PATCH 59/76] Add /api/user_info --- README.md | 20 ++++++++++++++++++++ app/api/__init__.py | 2 +- app/api/views/user_info.py | 22 ++++++++++++++++++++++ tests/api/test_user_info.py | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 app/api/views/user_info.py create mode 100644 tests/api/test_user_info.py diff --git a/README.md b/README.md index a2c37df2..66e46207 100644 --- a/README.md +++ b/README.md @@ -442,6 +442,26 @@ Some errors should be fixed during development however: for example error like ` All following endpoint return `401` status code if the API Key is incorrect. +#### GET /api/user_info + +Given the API Key, return user name and whether user is premium. +This endpoint could be used to validate the api key. + +Input: +- `Authentication` header that contains the api key + +Output: if api key is correct, return a json with user name and whether user is premium, for example: + +```json +{ + "name": "John Wick", + "is_premium": false +} +``` + +If api key is incorrect, return 401. + + #### GET /api/v2/alias/options User alias info and suggestion. Used by the first extension screen when user opens the extension. diff --git a/app/api/__init__.py b/app/api/__init__.py index 612893b0..268191e9 100644 --- a/app/api/__init__.py +++ b/app/api/__init__.py @@ -1 +1 @@ -from .views import alias_options, new_custom_alias, new_random_alias +from .views import alias_options, new_custom_alias, new_random_alias, user_info diff --git a/app/api/views/user_info.py b/app/api/views/user_info.py new file mode 100644 index 00000000..e8a2dd94 --- /dev/null +++ b/app/api/views/user_info.py @@ -0,0 +1,22 @@ +from flask import jsonify, request, g +from flask_cors import cross_origin +from sqlalchemy import desc + +from app.api.base import api_bp, verify_api_key +from app.config import EMAIL_DOMAIN +from app.extensions import db +from app.log import LOG +from app.models import AliasUsedOn, GenEmail, User +from app.utils import convert_to_id, random_word + + +@api_bp.route("/user_info") +@cross_origin() +@verify_api_key +def user_info(): + """ + Return user info given the api-key + """ + user = g.user + + return jsonify({"name": user.name, "is_premium": user.is_premium()}) diff --git a/tests/api/test_user_info.py b/tests/api/test_user_info.py new file mode 100644 index 00000000..ffa96edf --- /dev/null +++ b/tests/api/test_user_info.py @@ -0,0 +1,32 @@ +from flask import url_for + +from app.extensions import db +from app.models import User, ApiKey, AliasUsedOn, GenEmail + + +def test_success(flask_client): + user = User.create( + email="a@b.c", password="password", name="Test User", activated=True + ) + db.session.commit() + + # create api_key + api_key = ApiKey.create(user.id, "for test") + db.session.commit() + + r = flask_client.get( + url_for("api.user_info"), headers={"Authentication": api_key.code} + ) + + assert r.status_code == 200 + assert r.json == {"is_premium": False, "name": "Test User"} + + +def test_wrong_api_key(flask_client): + r = flask_client.get( + url_for("api.user_info"), headers={"Authentication": "Invalid code"} + ) + + assert r.status_code == 401 + + assert r.json == {"error": "Wrong api key"} From 5af974fc5d4681e92319c58e00867008890c32f9 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Sun, 5 Jan 2020 22:49:48 +0100 Subject: [PATCH 60/76] alias log dashboard --- app/config.py | 4 +- .../templates/dashboard/alias_log.html | 93 ++++++++++++++++++- app/dashboard/views/alias_log.py | 9 ++ 3 files changed, 103 insertions(+), 3 deletions(-) diff --git a/app/config.py b/app/config.py index 11608748..6da3176c 100644 --- a/app/config.py +++ b/app/config.py @@ -31,7 +31,7 @@ COLOR_LOG = "COLOR_LOG" in os.environ PROMO_CODE = "SIMPLEISBETTER" # Debug mode -DEBUG = os.environ['DEBUG'] +DEBUG = os.environ["DEBUG"] # Server url URL = os.environ["URL"] print(">>> URL:", URL) @@ -45,7 +45,7 @@ SUPPORT_EMAIL = os.environ["SUPPORT_EMAIL"] ADMIN_EMAIL = os.environ.get("ADMIN_EMAIL") MAX_NB_EMAIL_FREE_PLAN = int(os.environ["MAX_NB_EMAIL_FREE_PLAN"]) # allow to override postfix server locally -POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "1.1.1.1") +POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "0.0.0.0") # list of (priority, email server) EMAIL_SERVERS_WITH_PRIORITY = eval( diff --git a/app/dashboard/templates/dashboard/alias_log.html b/app/dashboard/templates/dashboard/alias_log.html index 59c40d06..2382d3c1 100644 --- a/app/dashboard/templates/dashboard/alias_log.html +++ b/app/dashboard/templates/dashboard/alias_log.html @@ -1,7 +1,68 @@ {% extends 'default.html' %} {% set active_page = "dashboard" %} +{% block head %} + +{% endblock %} {% block title %} Alias Activity {% endblock %} @@ -12,7 +73,37 @@ {{ alias }} - +
    +
    +
    + + {{ total }} + Email Handled +
    +
    +
    +
    + + {{ email_forwarded }} + Email Forwarded +
    +
    +
    +
    + + {{ email_replied }} + Email Replied +
    +
    +
    +
    + + {{ email_forwarded }} + Email Blocked +
    +
    +
    +

    Activities

    {% for log in logs %}
    diff --git a/app/dashboard/views/alias_log.py b/app/dashboard/views/alias_log.py index d7ec6388..afc790f2 100644 --- a/app/dashboard/views/alias_log.py +++ b/app/dashboard/views/alias_log.py @@ -38,6 +38,15 @@ def alias_log(alias, page_id): return redirect(url_for("dashboard.index")) logs = get_alias_log(gen_email, page_id) + base = ( + db.session.query(ForwardEmail, ForwardEmailLog) + .filter(ForwardEmail.id == ForwardEmailLog.forward_id) + .filter(ForwardEmail.gen_email_id == gen_email.id) + ) + total = base.count() + email_forwarded = base.filter(ForwardEmailLog.is_reply == False).count() + email_replied = base.filter(ForwardEmailLog.is_reply == True).count() + email_blocked = base.filter(ForwardEmailLog.blocked == True).count() last_page = ( len(logs) < _LIMIT ) # lightweight pagination without counting all objects From 5ffdc45c8703d010c77d92edb4a9247a236626de Mon Sep 17 00:00:00 2001 From: doanguyen Date: Sun, 5 Jan 2020 22:53:00 +0100 Subject: [PATCH 61/76] fix DEBUG flag is not default in os environment --- app/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config.py b/app/config.py index 6da3176c..ace7ae05 100644 --- a/app/config.py +++ b/app/config.py @@ -31,7 +31,7 @@ COLOR_LOG = "COLOR_LOG" in os.environ PROMO_CODE = "SIMPLEISBETTER" # Debug mode -DEBUG = os.environ["DEBUG"] +DEBUG = os.environ["DEBUG"] if "DEBUG" in os.environ else False # Server url URL = os.environ["URL"] print(">>> URL:", URL) From 783aba12757dc3b00d6386390627d255d10d08e9 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Sun, 5 Jan 2020 22:58:40 +0100 Subject: [PATCH 62/76] flask debug must be string, not bool, int. What a joke --- server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server.py b/server.py index 5425b926..16ff725a 100644 --- a/server.py +++ b/server.py @@ -69,7 +69,7 @@ def create_app() -> Flask: app = Flask(__name__) app.url_map.strict_slashes = False app.debug = DEBUG - os.environ["FLASK_DEBUG"] = DEBUG + os.environ["FLASK_DEBUG"] = str(DEBUG) app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False From 8f1c56baf989fcc60dcca4216adc4db6f7416d5c Mon Sep 17 00:00:00 2001 From: doanguyen Date: Sun, 5 Jan 2020 23:03:56 +0100 Subject: [PATCH 63/76] forget to push this local configuration --- app/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config.py b/app/config.py index ace7ae05..3473ce8d 100644 --- a/app/config.py +++ b/app/config.py @@ -45,7 +45,7 @@ SUPPORT_EMAIL = os.environ["SUPPORT_EMAIL"] ADMIN_EMAIL = os.environ.get("ADMIN_EMAIL") MAX_NB_EMAIL_FREE_PLAN = int(os.environ["MAX_NB_EMAIL_FREE_PLAN"]) # allow to override postfix server locally -POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "0.0.0.0") +POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "1.1.1.1") # list of (priority, email server) EMAIL_SERVERS_WITH_PRIORITY = eval( From d527fcf64823d3ea696e3bd715d74d2973a3c9aa Mon Sep 17 00:00:00 2001 From: Son NK Date: Mon, 6 Jan 2020 16:11:17 +0100 Subject: [PATCH 64/76] Move "forgot password" button to a different position to avoid Keepass issue --- app/auth/templates/auth/login.html | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/app/auth/templates/auth/login.html b/app/auth/templates/auth/login.html index fb8fa783..e584ba5c 100644 --- a/app/auth/templates/auth/login.html +++ b/app/auth/templates/auth/login.html @@ -39,32 +39,26 @@
    {{ form.password(class="form-control", type="password") }} {{ render_field_errors(form.password) }} +
    + + I forgot my password + +
    - -
    + +
    + Don't have an account yet? Sign up +
    +
    - -
    - Don't have an account yet? Sign up -
    From ca37ce5e5a681b148f73eb1059e8717939cee026 Mon Sep 17 00:00:00 2001 From: Son NK Date: Mon, 6 Jan 2020 19:41:05 +0100 Subject: [PATCH 65/76] add id to notification section in setting --- app/dashboard/templates/dashboard/setting.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/dashboard/templates/dashboard/setting.html b/app/dashboard/templates/dashboard/setting.html index eac8c317..49d6d37d 100644 --- a/app/dashboard/templates/dashboard/setting.html +++ b/app/dashboard/templates/dashboard/setting.html @@ -90,7 +90,7 @@
    -

    Notifications

    +

    Notifications

    Do you want to receive our newsletter?
    From 6a99fd30c4cd14c089f9468b97e670142fc098af Mon Sep 17 00:00:00 2001 From: doanguyen Date: Mon, 6 Jan 2020 23:58:24 +0100 Subject: [PATCH 66/76] fix some minor bugs --- app/dashboard/templates/dashboard/alias_log.html | 2 +- app/dashboard/views/alias_log.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/dashboard/templates/dashboard/alias_log.html b/app/dashboard/templates/dashboard/alias_log.html index 2382d3c1..130a37b5 100644 --- a/app/dashboard/templates/dashboard/alias_log.html +++ b/app/dashboard/templates/dashboard/alias_log.html @@ -98,7 +98,7 @@
    - {{ email_forwarded }} + {{ email_blocked }} Email Blocked
    diff --git a/app/dashboard/views/alias_log.py b/app/dashboard/views/alias_log.py index afc790f2..12221ded 100644 --- a/app/dashboard/views/alias_log.py +++ b/app/dashboard/views/alias_log.py @@ -44,7 +44,7 @@ def alias_log(alias, page_id): .filter(ForwardEmail.gen_email_id == gen_email.id) ) total = base.count() - email_forwarded = base.filter(ForwardEmailLog.is_reply == False).count() + email_forwarded = base.filter(ForwardEmailLog.is_reply == False).filter(ForwardEmailLog.blocked==False).count() email_replied = base.filter(ForwardEmailLog.is_reply == True).count() email_blocked = base.filter(ForwardEmailLog.blocked == True).count() last_page = ( From d804a28c071a204ca3640e7f99aca4a57f858469 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Tue, 7 Jan 2020 00:02:12 +0100 Subject: [PATCH 67/76] fix the format, again --- app/dashboard/views/alias_log.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/dashboard/views/alias_log.py b/app/dashboard/views/alias_log.py index 12221ded..6878b130 100644 --- a/app/dashboard/views/alias_log.py +++ b/app/dashboard/views/alias_log.py @@ -44,7 +44,11 @@ def alias_log(alias, page_id): .filter(ForwardEmail.gen_email_id == gen_email.id) ) total = base.count() - email_forwarded = base.filter(ForwardEmailLog.is_reply == False).filter(ForwardEmailLog.blocked==False).count() + email_forwarded = ( + base.filter(ForwardEmailLog.is_reply == False) + .filter(ForwardEmailLog.blocked == False) + .count() + ) email_replied = base.filter(ForwardEmailLog.is_reply == True).count() email_blocked = base.filter(ForwardEmailLog.blocked == True).count() last_page = ( From 072e73187b3bba84a5da5e5d8710426d0475f8a8 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 19:14:36 +0100 Subject: [PATCH 68/76] make sure to replace Reply-To header in reply phase --- email_handler.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/email_handler.py b/email_handler.py index 22a16a4d..38aa972e 100644 --- a/email_handler.py +++ b/email_handler.py @@ -251,8 +251,13 @@ class MailHandler: LOG.d("Remove DKIM-Signature %s", msg["DKIM-Signature"]) del msg["DKIM-Signature"] - # email seems to come from alias + # the email comes from alias msg.replace_header("From", alias) + + # some email providers like ProtonMail adds automatically the Reply-To field + # make sure to replace it too + add_or_replace_header(msg, "Reply-To", alias) + msg.replace_header("To", forward_email.website_email) # add List-Unsubscribe header From 3bca9fde6ba98d3f14f44969589f6ef016980a9a Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 19:46:57 +0100 Subject: [PATCH 69/76] refactor: move add_or_replace_header to email_utils --- app/email_utils.py | 10 +++++++++- email_handler.py | 10 +--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/email_utils.py b/app/email_utils.py index bc12eb82..60673116 100644 --- a/app/email_utils.py +++ b/app/email_utils.py @@ -1,5 +1,5 @@ import os -from email.message import EmailMessage +from email.message import EmailMessage, Message from email.utils import make_msgid, formatdate from smtplib import SMTP @@ -197,3 +197,11 @@ def add_dkim_signature(msg: EmailMessage, email_domain: str): sig = sig.replace("\n", " ").replace("\r", "") msg.add_header("DKIM-Signature", sig[len("DKIM-Signature: ") :]) + + +def add_or_replace_header(msg: Message, header: str, value: str): + try: + msg.add_header(header, value) + except ValueError: + # the header exists already + msg.replace_header(header, value) \ No newline at end of file diff --git a/email_handler.py b/email_handler.py index 38aa972e..60572a27 100644 --- a/email_handler.py +++ b/email_handler.py @@ -45,7 +45,7 @@ from app.email_utils import ( send_email, add_dkim_signature, get_email_domain_part, -) + add_or_replace_header) from app.extensions import db from app.log import LOG from app.models import GenEmail, ForwardEmail, ForwardEmailLog, CustomDomain @@ -298,14 +298,6 @@ class MailHandler: return "250 Message accepted for delivery" -def add_or_replace_header(msg: Message, header: str, value: str): - try: - msg.add_header(header, value) - except ValueError: - # the header exists already - msg.replace_header(header, value) - - if __name__ == "__main__": controller = Controller(MailHandler(), hostname="0.0.0.0", port=20381) From 44527c6c4ed6d58d5c7dc21f3ef0b79956e2eaa6 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 19:47:26 +0100 Subject: [PATCH 70/76] fix annotation on email_utils --- app/email_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/email_utils.py b/app/email_utils.py index 60673116..2ae3cb89 100644 --- a/app/email_utils.py +++ b/app/email_utils.py @@ -177,7 +177,7 @@ def get_email_domain_part(email): return email[email.find("@") + 1 :] -def add_dkim_signature(msg: EmailMessage, email_domain: str): +def add_dkim_signature(msg: Message, email_domain: str): if msg["DKIM-Signature"]: LOG.d("Remove DKIM-Signature %s", msg["DKIM-Signature"]) del msg["DKIM-Signature"] From ba46d8f7e06d73c73de1851c1642f0efdb10f0d0 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 19:49:26 +0100 Subject: [PATCH 71/76] add delete_header() --- app/email_utils.py | 7 ++++++- email_handler.py | 11 +++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/app/email_utils.py b/app/email_utils.py index 2ae3cb89..a07c690d 100644 --- a/app/email_utils.py +++ b/app/email_utils.py @@ -204,4 +204,9 @@ def add_or_replace_header(msg: Message, header: str, value: str): msg.add_header(header, value) except ValueError: # the header exists already - msg.replace_header(header, value) \ No newline at end of file + msg.replace_header(header, value) + + +def delete_header(msg: Message, header: str): + if msg[header]: + del msg[header] \ No newline at end of file diff --git a/email_handler.py b/email_handler.py index 60572a27..983e6fb2 100644 --- a/email_handler.py +++ b/email_handler.py @@ -45,7 +45,7 @@ from app.email_utils import ( send_email, add_dkim_signature, get_email_domain_part, - add_or_replace_header) + add_or_replace_header, delete_header) from app.extensions import db from app.log import LOG from app.models import GenEmail, ForwardEmail, ForwardEmailLog, CustomDomain @@ -162,9 +162,7 @@ class MailHandler: add_or_replace_header(msg, "X-SimpleLogin-Type", "Forward") # remove reply-to header if present - if msg["Reply-To"]: - LOG.d("Delete reply-to header %s", msg["Reply-To"]) - del msg["Reply-To"] + delete_header(msg, "Reply-To") # change the from header so the sender comes from @SL # so it can pass DMARC check @@ -246,10 +244,7 @@ class MailHandler: return "450 ignored" - # remove DKIM-Signature - if msg["DKIM-Signature"]: - LOG.d("Remove DKIM-Signature %s", msg["DKIM-Signature"]) - del msg["DKIM-Signature"] + delete_header(msg, "DKIM-Signature") # the email comes from alias msg.replace_header("From", alias) From f1befd70244dda83f85b3f6e461ae29e3eb94003 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 19:50:24 +0100 Subject: [PATCH 72/76] delete Reply-To header in reply phase --- email_handler.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/email_handler.py b/email_handler.py index 983e6fb2..9a69281d 100644 --- a/email_handler.py +++ b/email_handler.py @@ -250,8 +250,8 @@ class MailHandler: msg.replace_header("From", alias) # some email providers like ProtonMail adds automatically the Reply-To field - # make sure to replace it too - add_or_replace_header(msg, "Reply-To", alias) + # make sure to delete it + delete_header(msg, "Reply-To") msg.replace_header("To", forward_email.website_email) From 27b9312057f44eb7a11b465b05870f001c6019b2 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 19:50:36 +0100 Subject: [PATCH 73/76] fix formatting --- app/email_utils.py | 2 +- email_handler.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/email_utils.py b/app/email_utils.py index a07c690d..895a5614 100644 --- a/app/email_utils.py +++ b/app/email_utils.py @@ -209,4 +209,4 @@ def add_or_replace_header(msg: Message, header: str, value: str): def delete_header(msg: Message, header: str): if msg[header]: - del msg[header] \ No newline at end of file + del msg[header] diff --git a/email_handler.py b/email_handler.py index 9a69281d..20ff8e3c 100644 --- a/email_handler.py +++ b/email_handler.py @@ -45,7 +45,9 @@ from app.email_utils import ( send_email, add_dkim_signature, get_email_domain_part, - add_or_replace_header, delete_header) + add_or_replace_header, + delete_header, +) from app.extensions import db from app.log import LOG from app.models import GenEmail, ForwardEmail, ForwardEmailLog, CustomDomain From aa10cdb3ee0b346ef6f6a0991203c3e4595ed208 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 21:53:00 +0100 Subject: [PATCH 74/76] =?UTF-8?q?If=20domain=20is=20not=20verified,=20clic?= =?UTF-8?q?king=20on=20=F0=9F=9A=AB=20brings=20user=20to=20DNS=20page?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/dashboard/templates/dashboard/custom_domain.html | 6 +++++- app/dashboard/templates/dashboard/domain_detail/info.html | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/dashboard/templates/dashboard/custom_domain.html b/app/dashboard/templates/dashboard/custom_domain.html index 0f448388..6423fe44 100644 --- a/app/dashboard/templates/dashboard/custom_domain.html +++ b/app/dashboard/templates/dashboard/custom_domain.html @@ -21,7 +21,11 @@ {% if custom_domain.verified %} {% else %} - 🚫 + + 🚫 + + {% endif %}
    diff --git a/app/dashboard/templates/dashboard/domain_detail/info.html b/app/dashboard/templates/dashboard/domain_detail/info.html index 4315d790..f208e87f 100644 --- a/app/dashboard/templates/dashboard/domain_detail/info.html +++ b/app/dashboard/templates/dashboard/domain_detail/info.html @@ -11,7 +11,11 @@ {% if custom_domain.verified %} {% else %} - 🚫 + + 🚫 + + {% endif %}
    From d9f2ec214f72c87e323dd36c78aaa75a267bebbe Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 7 Jan 2020 22:13:12 +0100 Subject: [PATCH 75/76] add @ warning when setup DNS --- app/dashboard/templates/dashboard/domain_detail/dns.html | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/app/dashboard/templates/dashboard/domain_detail/dns.html b/app/dashboard/templates/dashboard/domain_detail/dns.html index e61c9cb9..cf1ffd43 100644 --- a/app/dashboard/templates/dashboard/domain_detail/dns.html +++ b/app/dashboard/templates/dashboard/domain_detail/dns.html @@ -27,13 +27,14 @@ {% endif %} -
    Add the following MX DNS record to your domain. - Please note that there's a point (.) at the end of target addresses. +
    Add the following MX DNS record to your domain.
    + Please note that there's a point (.) at the end target addresses.
    + Also some domain registrars (Namecheap, CloudFlare, etc) might use @ for the root domain.
    {% for priority, email_server in EMAIL_SERVERS_WITH_PRIORITY %}
    - Domain: {{ custom_domain.domain }}
    + Domain: {{ custom_domain.domain }} or @
    Priority: {{ priority }}
    Target: {{ email_server }}
    @@ -91,7 +92,7 @@
    Add the following TXT DNS record to your domain
    - Domain: {{ custom_domain.domain }}
    + Domain: {{ custom_domain.domain }} or @
    Value: {{ spf_record }} From c49bc87baef0d09555abf52c8503253acf170584 Mon Sep 17 00:00:00 2001 From: doanguyen Date: Tue, 7 Jan 2020 22:29:37 +0100 Subject: [PATCH 76/76] rollback the debug flag --- server.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/server.py b/server.py index 16ff725a..e51272c2 100644 --- a/server.py +++ b/server.py @@ -68,8 +68,6 @@ os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" def create_app() -> Flask: app = Flask(__name__) app.url_map.strict_slashes = False - app.debug = DEBUG - os.environ["FLASK_DEBUG"] = str(DEBUG) app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False @@ -445,6 +443,6 @@ if __name__ == "__main__": context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) context.load_cert_chain("local_data/cert.pem", "local_data/key.pem") - app.run(host="0.0.0.0", port=7777, ssl_context=context) + app.run(debug=True, host="0.0.0.0", port=7777, ssl_context=context) else: - app.run(host="0.0.0.0", port=7777) + app.run(debug=True, host="0.0.0.0", port=7777)