Home Explore Help
Register Sign In
chengnan
/
s202226701001
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
s202226701001
/
sever-test
/
node_modules
/
parse-server
/
lib
/
Adapters
/
Auth
/
facebook.js

facebook.js 17 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. "use strict";
    2. 

  2. 

  3. // Helper functions for accessing the Facebook Graph API.
    4. 

  4. const Parse = require('parse/node').Parse;
    5. 

  5. const crypto = require('crypto');
    6. 

  6. const jwksClient = require('jwks-rsa');
    7. 

  7. const jwt = require('jsonwebtoken');
    8. 

  8. const httpsRequest = require('./httpsRequest');
    9. 

  9. const authUtils = require('./utils');
    10. 

  10. const TOKEN_ISSUER = 'https://www.facebook.com';
    11. 

  11. function getAppSecretPath(authData, options = {}) {
    12. 

  12.   const appSecret = options.appSecret;
    13. 

  13.   if (!appSecret) {
    14. 

  14.     return '';
    15. 

  15.   }
    16. 

  16.   const appsecret_proof = crypto.createHmac('sha256', appSecret).update(authData.access_token).digest('hex');
    17. 

  17.   return `&appsecret_proof=${appsecret_proof}`;
    18. 

  18. }
    19. 

  19. function validateGraphToken(authData, options) {
    20. 

  20.   return graphRequest('me?fields=id&access_token=' + authData.access_token + getAppSecretPath(authData, options)).then(data => {
    21. 

  21.     if (data && data.id == authData.id || process.env.TESTING && authData.id === 'test') {
    22. 

  22.       return;
    23. 

  23.     }
    24. 

  24.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
    25. 

  25.   });
    26. 

  26. }
    27. 

  27. async function validateGraphAppId(appIds, authData, options) {
    28. 

  28.   var access_token = authData.access_token;
    29. 

  29.   if (process.env.TESTING && access_token === 'test') {
    30. 

  30.     return;
    31. 

  31.   }
    32. 

  32.   if (!Array.isArray(appIds)) {
    33. 

  33.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.');
    34. 

  34.   }
    35. 

  35.   if (!appIds.length) {
    36. 

  36.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is not configured.');
    37. 

  37.   }
    38. 

  38.   const data = await graphRequest(`app?access_token=${access_token}${getAppSecretPath(authData, options)}`);
    39. 

  39.   if (!data || !appIds.includes(data.id)) {
    40. 

  40.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
    41. 

  41.   }
    42. 

  42. }
    43. 

  43. const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
    44. 

  44.   const client = jwksClient({
    45. 

  45.     jwksUri: `${TOKEN_ISSUER}/.well-known/oauth/openid/jwks/`,
    46. 

  46.     cache: true,
    47. 

  47.     cacheMaxEntries,
    48. 

  48.     cacheMaxAge
    49. 

  49.   });
    50. 

  50.   let key;
    51. 

  51.   try {
    52. 

  52.     key = await authUtils.getSigningKey(client, keyId);
    53. 

  53.   } catch (error) {
    54. 

  54.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unable to find matching key for Key ID: ${keyId}`);
    55. 

  55.   }
    56. 

  56.   return key;
    57. 

  57. };
    58. 

  58. const verifyIdToken = async ({
    59. 

  59.   token,
    60. 

  60.   id
    61. 

  61. }, {
    62. 

  62.   clientId,
    63. 

  63.   cacheMaxEntries,
    64. 

  64.   cacheMaxAge
    65. 

  65. }) => {
    66. 

  66.   if (!token) {
    67. 

  67.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'id token is invalid for this user.');
    68. 

  68.   }
    69. 

  69.   const {
    70. 

  70.     kid: keyId,
    71. 

  71.     alg: algorithm
    72. 

  72.   } = authUtils.getHeaderFromToken(token);
    73. 

  73.   const ONE_HOUR_IN_MS = 3600000;
    74. 

  74.   let jwtClaims;
    75. 

  75.   cacheMaxAge = cacheMaxAge || ONE_HOUR_IN_MS;
    76. 

  76.   cacheMaxEntries = cacheMaxEntries || 5;
    77. 

  77.   const facebookKey = await getFacebookKeyByKeyId(keyId, cacheMaxEntries, cacheMaxAge);
    78. 

  78.   const signingKey = facebookKey.publicKey || facebookKey.rsaPublicKey;
    79. 

  79.   try {
    80. 

  80.     jwtClaims = jwt.verify(token, signingKey, {
    81. 

  81.       algorithms: algorithm,
    82. 

  82.       // the audience can be checked against a string, a regular expression or a list of strings and/or regular expressions.
    83. 

  83.       audience: clientId
    84. 

  84.     });
    85. 

  85.   } catch (exception) {
    86. 

  86.     const message = exception.message;
    87. 

  87.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
    88. 

  88.   }
    89. 

  89.   if (jwtClaims.iss !== TOKEN_ISSUER) {
    90. 

  90.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
    91. 

  91.   }
    92. 

  92.   if (jwtClaims.sub !== id) {
    93. 

  93.     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'auth data is invalid for this user.');
    94. 

  94.   }
    95. 

  95.   return jwtClaims;
    96. 

  96. };
    97. 

  97. 

  98. // Returns a promise that fulfills iff this user id is valid.
    99. 

  99. function validateAuthData(authData, options) {
    100. 

  100.   if (authData.token) {
    101. 

  101.     return verifyIdToken(authData, options);
    102. 

  102.   } else {
    103. 

  103.     return validateGraphToken(authData, options);
    104. 

  104.   }
    105. 

  105. }
    106. 

  106. 

  107. // Returns a promise that fulfills iff this app id is valid.
    108. 

  108. function validateAppId(appIds, authData, options) {
    109. 

  109.   if (authData.token) {
    110. 

  110.     return Promise.resolve();
    111. 

  111.   } else {
    112. 

  112.     return validateGraphAppId(appIds, authData, options);
    113. 

  113.   }
    114. 

  114. }
    115. 

  115. 

  116. // A promisey wrapper for FB graph requests.
    117. 

  117. function graphRequest(path) {
    118. 

  118.   return httpsRequest.get('https://graph.facebook.com/' + path);
    119. 

  119. }
    120. 

  120. module.exports = {
    121. 

  121.   validateAppId: validateAppId,
    122. 

  122.   validateAuthData: validateAuthData
    123. 

  123. };
    124. 

  124. //# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJQYXJzZSIsInJlcXVpcmUiLCJjcnlwdG8iLCJqd2tzQ2xpZW50Iiwiand0IiwiaHR0cHNSZXF1ZXN0IiwiYXV0aFV0aWxzIiwiVE9LRU5fSVNTVUVSIiwiZ2V0QXBwU2VjcmV0UGF0aCIsImF1dGhEYXRhIiwib3B0aW9ucyIsImFwcFNlY3JldCIsImFwcHNlY3JldF9wcm9vZiIsImNyZWF0ZUhtYWMiLCJ1cGRhdGUiLCJhY2Nlc3NfdG9rZW4iLCJkaWdlc3QiLCJ2YWxpZGF0ZUdyYXBoVG9rZW4iLCJncmFwaFJlcXVlc3QiLCJ0aGVuIiwiZGF0YSIsImlkIiwicHJvY2VzcyIsImVudiIsIlRFU1RJTkciLCJFcnJvciIsIk9CSkVDVF9OT1RfRk9VTkQiLCJ2YWxpZGF0ZUdyYXBoQXBwSWQiLCJhcHBJZHMiLCJBcnJheSIsImlzQXJyYXkiLCJsZW5ndGgiLCJpbmNsdWRlcyIsImdldEZhY2Vib29rS2V5QnlLZXlJZCIsImtleUlkIiwiY2FjaGVNYXhFbnRyaWVzIiwiY2FjaGVNYXhBZ2UiLCJjbGllbnQiLCJqd2tzVXJpIiwiY2FjaGUiLCJrZXkiLCJnZXRTaWduaW5nS2V5IiwiZXJyb3IiLCJ2ZXJpZnlJZFRva2VuIiwidG9rZW4iLCJjbGllbnRJZCIsImtpZCIsImFsZyIsImFsZ29yaXRobSIsImdldEhlYWRlckZyb21Ub2tlbiIsIk9ORV9IT1VSX0lOX01TIiwiand0Q2xhaW1zIiwiZmFjZWJvb2tLZXkiLCJzaWduaW5nS2V5IiwicHVibGljS2V5IiwicnNhUHVibGljS2V5IiwidmVyaWZ5IiwiYWxnb3JpdGhtcyIsImF1ZGllbmNlIiwiZXhjZXB0aW9uIiwibWVzc2FnZSIsImlzcyIsInN1YiIsInZhbGlkYXRlQXV0aERhdGEiLCJ2YWxpZGF0ZUFwcElkIiwiUHJvbWlzZSIsInJlc29sdmUiLCJwYXRoIiwiZ2V0IiwibW9kdWxlIiwiZXhwb3J0cyJdLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9BZGFwdGVycy9BdXRoL2ZhY2Vib29rLmpzIl0sInNvdXJjZXNDb250ZW50IjpbIi8vIEhlbHBlciBmdW5jdGlvbnMgZm9yIGFjY2Vzc2luZyB0aGUgRmFjZWJvb2sgR3JhcGggQVBJLlxuY29uc3QgUGFyc2UgPSByZXF1aXJlKCdwYXJzZS9ub2RlJykuUGFyc2U7XG5jb25zdCBjcnlwdG8gPSByZXF1aXJlKCdjcnlwdG8nKTtcbmNvbnN0IGp3a3NDbGllbnQgPSByZXF1aXJlKCdqd2tzLXJzYScpO1xuY29uc3Qgand0ID0gcmVxdWlyZSgnanNvbndlYnRva2VuJyk7XG5jb25zdCBodHRwc1JlcXVlc3QgPSByZXF1aXJlKCcuL2h0dHBzUmVxdWVzdCcpO1xuY29uc3QgYXV0aFV0aWxzID0gcmVxdWlyZSgnLi91dGlscycpO1xuXG5jb25zdCBUT0tFTl9JU1NVRVIgPSAnaHR0cHM6Ly93d3cuZmFjZWJvb2suY29tJztcblxuZnVuY3Rpb24gZ2V0QXBwU2VjcmV0UGF0aChhdXRoRGF0YSwgb3B0aW9ucyA9IHt9KSB7XG4gIGNvbnN0IGFwcFNlY3JldCA9IG9wdGlvbnMuYXBwU2VjcmV0O1xuICBpZiAoIWFwcFNlY3JldCkge1xuICAgIHJldHVybiAnJztcbiAgfVxuICBjb25zdCBhcHBzZWNyZXRfcHJvb2YgPSBjcnlwdG9cbiAgICAuY3JlYXRlSG1hYygnc2hhMjU2JywgYXBwU2VjcmV0KVxuICAgIC51cGRhdGUoYXV0aERhdGEuYWNjZXNzX3Rva2VuKVxuICAgIC5kaWdlc3QoJ2hleCcpO1xuXG4gIHJldHVybiBgJmFwcHNlY3JldF9wcm9vZj0ke2FwcHNlY3JldF9wcm9vZn1gO1xufVxuXG5mdW5jdGlvbiB2YWxpZGF0ZUdyYXBoVG9rZW4oYXV0aERhdGEsIG9wdGlvbnMpIHtcbiAgcmV0dXJuIGdyYXBoUmVxdWVzdChcbiAgICAnbWU/ZmllbGRzPWlkJmFjY2Vzc190b2tlbj0nICsgYXV0aERhdGEuYWNjZXNzX3Rva2VuICsgZ2V0QXBwU2VjcmV0UGF0aChhdXRoRGF0YSwgb3B0aW9ucylcbiAgKS50aGVuKGRhdGEgPT4ge1xuICAgIGlmICgoZGF0YSAmJiBkYXRhLmlkID09IGF1dGhEYXRhLmlkKSB8fCAocHJvY2Vzcy5lbnYuVEVTVElORyAmJiBhdXRoRGF0YS5pZCA9PT0gJ3Rlc3QnKSkge1xuICAgICAgcmV0dXJuO1xuICAgIH1cbiAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCwgJ0ZhY2Vib29rIGF1dGggaXMgaW52YWxpZCBmb3IgdGhpcyB1c2VyLicpO1xuICB9KTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gdmFsaWRhdGVHcmFwaEFwcElkKGFwcElkcywgYXV0aERhdGEsIG9wdGlvbnMpIHtcbiAgdmFyIGFjY2Vzc190b2tlbiA9IGF1dGhEYXRhLmFjY2Vzc190b2tlbjtcbiAgaWYgKHByb2Nlc3MuZW52LlRFU1RJTkcgJiYgYWNjZXNzX3Rva2VuID09PSAndGVzdCcpIHtcbiAgICByZXR1cm47XG4gIH1cbiAgaWYgKCFBcnJheS5pc0FycmF5KGFwcElkcykpIHtcbiAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCwgJ2FwcElkcyBtdXN0IGJlIGFuIGFycmF5LicpO1xuICB9XG4gIGlmICghYXBwSWRzLmxlbmd0aCkge1xuICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELCAnRmFjZWJvb2sgYXV0aCBpcyBub3QgY29uZmlndXJlZC4nKTtcbiAgfVxuICBjb25zdCBkYXRhID0gYXdhaXQgZ3JhcGhSZXF1ZXN0KFxuICAgIGBhcHA/YWNjZXNzX3Rva2VuPSR7YWNjZXNzX3Rva2VufSR7Z2V0QXBwU2VjcmV0UGF0aChhdXRoRGF0YSwgb3B0aW9ucyl9YFxuICApO1xuICBpZiAoIWRhdGEgfHwgIWFwcElkcy5pbmNsdWRlcyhkYXRhLmlkKSkge1xuICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELCAnRmFjZWJvb2sgYXV0aCBpcyBpbnZhbGlkIGZvciB0aGlzIHVzZXIuJyk7XG4gIH1cbn1cblxuY29uc3QgZ2V0RmFjZWJvb2tLZXlCeUtleUlkID0gYXN5bmMgKGtleUlkLCBjYWNoZU1heEVudHJpZXMsIGNhY2hlTWF4QWdlKSA9PiB7XG4gIGNvbnN0IGNsaWVudCA9IGp3a3NDbGllbnQoe1xuICAgIGp3a3NVcmk6IGAke1RPS0VOX0lTU1VFUn0vLndlbGwta25vd24vb2F1dGgvb3BlbmlkL2p3a3MvYCxcbiAgICBjYWNoZTogdHJ1ZSxcbiAgICBjYWNoZU1heEVudHJpZXMsXG4gICAgY2FjaGVNYXhBZ2UsXG4gIH0pO1xuXG4gIGxldCBrZXk7XG4gIHRyeSB7XG4gICAga2V5ID0gYXdhaXQgYXV0aFV0aWxzLmdldFNpZ25pbmdLZXkoY2xpZW50LCBrZXlJZCk7XG4gIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFxuICAgICAgUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCxcbiAgICAgIGBVbmFibGUgdG8gZmluZCBtYXRjaGluZyBrZXkgZm9yIEtleSBJRDogJHtrZXlJZH1gXG4gICAgKTtcbiAgfVxuICByZXR1cm4ga2V5O1xufTtcblxuY29uc3QgdmVyaWZ5SWRUb2tlbiA9IGFzeW5jICh7IHRva2VuLCBpZCB9LCB7IGNsaWVudElkLCBjYWNoZU1heEVudHJpZXMsIGNhY2hlTWF4QWdlIH0pID0+IHtcbiAgaWYgKCF0b2tlbikge1xuICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELCAnaWQgdG9rZW4gaXMgaW52YWxpZCBmb3IgdGhpcyB1c2VyLicpO1xuICB9XG5cbiAgY29uc3QgeyBraWQ6IGtleUlkLCBhbGc6IGFsZ29yaXRobSB9ID0gYXV0aFV0aWxzLmdldEhlYWRlckZyb21Ub2tlbih0b2tlbik7XG4gIGNvbnN0IE9ORV9IT1VSX0lOX01TID0gMzYwMDAwMDtcbiAgbGV0IGp3dENsYWltcztcblxuICBjYWNoZU1heEFnZSA9IGNhY2hlTWF4QWdlIHx8IE9ORV9IT1VSX0lOX01TO1xuICBjYWNoZU1heEVudHJpZXMgPSBjYWNoZU1heEVudHJpZXMgfHwgNTtcblxuICBjb25zdCBmYWNlYm9va0tleSA9IGF3YWl0IGdldEZhY2Vib29rS2V5QnlLZXlJZChrZXlJZCwgY2FjaGVNYXhFbnRyaWVzLCBjYWNoZU1heEFnZSk7XG4gIGNvbnN0IHNpZ25pbmdLZXkgPSBmYWNlYm9va0tleS5wdWJsaWNLZXkgfHwgZmFjZWJvb2tLZXkucnNhUHVibGljS2V5O1xuXG4gIHRyeSB7XG4gICAgand0Q2xhaW1zID0gand0LnZlcmlmeSh0b2tlbiwgc2lnbmluZ0tleSwge1xuICAgICAgYWxnb3JpdGhtczogYWxnb3JpdGhtLFxuICAgICAgLy8gdGhlIGF1ZGllbmNlIGNhbiBiZSBjaGVja2VkIGFnYWluc3QgYSBzdHJpbmcsIGEgcmVndWxhciBleHByZXNzaW9uIG9yIGEgbGlzdCBvZiBzdHJpbmdzIGFuZC9vciByZWd1bGFyIGV4cHJlc3Npb25zLlxuICAgICAgYXVkaWVuY2U6IGNsaWVudElkLFxuICAgIH0pO1xuICB9IGNhdGNoIChleGNlcHRpb24pIHtcbiAgICBjb25zdCBtZXNzYWdlID0gZXhjZXB0aW9uLm1lc3NhZ2U7XG5cbiAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCwgYCR7bWVzc2FnZX1gKTtcbiAgfVxuXG4gIGlmIChqd3RDbGFpbXMuaXNzICE9PSBUT0tFTl9JU1NVRVIpIHtcbiAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoXG4gICAgICBQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELFxuICAgICAgYGlkIHRva2VuIG5vdCBpc3N1ZWQgYnkgY29ycmVjdCBPcGVuSUQgcHJvdmlkZXIgLSBleHBlY3RlZDogJHtUT0tFTl9JU1NVRVJ9IHwgZnJvbTogJHtqd3RDbGFpbXMuaXNzfWBcbiAgICApO1xuICB9XG5cbiAgaWYgKGp3dENsYWltcy5zdWIgIT09IGlkKSB7XG4gICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFBhcnNlLkVycm9yLk9CSkVDVF9OT1RfRk9VTkQsICdhdXRoIGRhdGEgaXMgaW52YWxpZCBmb3IgdGhpcyB1c2VyLicpO1xuICB9XG4gIHJldHVybiBqd3RDbGFpbXM7XG59O1xuXG4vLyBSZXR1cm5zIGEgcHJvbWlzZSB0aGF0IGZ1bGZpbGxzIGlmZiB0aGlzIHVzZXIgaWQgaXMgdmFsaWQuXG5mdW5jdGlvbiB2YWxpZGF0ZUF1dGhEYXRhKGF1dGhEYXRhLCBvcHRpb25zKSB7XG4gIGlmIChhdXRoRGF0YS50b2tlbikge1xuICAgIHJldHVybiB2ZXJpZnlJZFRva2VuKGF1dGhEYXRhLCBvcHRpb25zKTtcbiAgfSBlbHNlIHtcbiAgICByZXR1cm4gdmFsaWRhdGVHcmFwaFRva2VuKGF1dGhEYXRhLCBvcHRpb25zKTtcbiAgfVxufVxuXG4vLyBSZXR1cm5zIGEgcHJvbWlzZSB0aGF0IGZ1bGZpbGxzIGlmZiB0aGlzIGFwcCBpZCBpcyB2YWxpZC5cbmZ1bmN0aW9uIHZhbGlkYXRlQXBwSWQoYXBwSWRzLCBhdXRoRGF0YSwgb3B0aW9ucykge1xuICBpZiAoYXV0aERhdGEudG9rZW4pIHtcbiAgICByZXR1cm4gUHJvbWlzZS5yZXNvbHZlKCk7XG4gIH0gZWxzZSB7XG4gICAgcmV0dXJuIHZhbGlkYXRlR3JhcGhBcHBJZChhcHBJZHMsIGF1dGhEYXRhLCBvcHRpb25zKTtcbiAgfVxufVxuXG4vLyBBIHByb21pc2V5IHdyYXBwZXIgZm9yIEZCIGdyYXBoIHJlcXVlc3RzLlxuZnVuY3Rpb24gZ3JhcGhSZXF1ZXN0KHBhdGgpIHtcbiAgcmV0dXJuIGh0dHBzUmVxdWVzdC5nZXQoJ2h0dHBzOi8vZ3JhcGguZmFjZWJvb2suY29tLycgKyBwYXRoKTtcbn1cblxubW9kdWxlLmV4cG9ydHMgPSB7XG4gIHZhbGlkYXRlQXBwSWQ6IHZhbGlkYXRlQXBwSWQsXG4gIHZhbGlkYXRlQXV0aERhdGE6IHZhbGlkYXRlQXV0aERhdGEsXG59O1xuIl0sIm1hcHBpbmdzIjoiOztBQUFBO0FBQ0EsTUFBTUEsS0FBSyxHQUFHQyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUNELEtBQUs7QUFDekMsTUFBTUUsTUFBTSxHQUFHRCxPQUFPLENBQUMsUUFBUSxDQUFDO0FBQ2hDLE1BQU1FLFVBQVUsR0FBR0YsT0FBTyxDQUFDLFVBQVUsQ0FBQztBQUN0QyxNQUFNRyxHQUFHLEdBQUdILE9BQU8sQ0FBQyxjQUFjLENBQUM7QUFDbkMsTUFBTUksWUFBWSxHQUFHSixPQUFPLENBQUMsZ0JBQWdCLENBQUM7QUFDOUMsTUFBTUssU0FBUyxHQUFHTCxPQUFPLENBQUMsU0FBUyxDQUFDO0FBRXBDLE1BQU1NLFlBQVksR0FBRywwQkFBMEI7QUFFL0MsU0FBU0MsZ0JBQWdCQSxDQUFDQyxRQUFRLEVBQUVDLE9BQU8sR0FBRyxDQUFDLENBQUMsRUFBRTtFQUNoRCxNQUFNQyxTQUFTLEdBQUdELE9BQU8sQ0FBQ0MsU0FBUztFQUNuQyxJQUFJLENBQUNBLFNBQVMsRUFBRTtJQUNkLE9BQU8sRUFBRTtFQUNYO0VBQ0EsTUFBTUMsZUFBZSxHQUFHVixNQUFNLENBQzNCVyxVQUFVLENBQUMsUUFBUSxFQUFFRixTQUFTLENBQUMsQ0FDL0JHLE1BQU0sQ0FBQ0wsUUFBUSxDQUFDTSxZQUFZLENBQUMsQ0FDN0JDLE1BQU0sQ0FBQyxLQUFLLENBQUM7RUFFaEIsT0FBTyxvQkFBb0JKLGVBQWUsRUFBRTtBQUM5QztBQUVBLFNBQVNLLGtCQUFrQkEsQ0FBQ1IsUUFBUSxFQUFFQyxPQUFPLEVBQUU7RUFDN0MsT0FBT1EsWUFBWSxDQUNqQiw0QkFBNEIsR0FBR1QsUUFBUSxDQUFDTSxZQUFZLEdBQUdQLGdCQUFnQixDQUFDQyxRQUFRLEVBQUVDLE9BQU8sQ0FDM0YsQ0FBQyxDQUFDUyxJQUFJLENBQUNDLElBQUksSUFBSTtJQUNiLElBQUtBLElBQUksSUFBSUEsSUFBSSxDQUFDQyxFQUFFLElBQUlaLFFBQVEsQ0FBQ1ksRUFBRSxJQUFNQyxPQUFPLENBQUNDLEdBQUcsQ0FBQ0MsT0FBTyxJQUFJZixRQUFRLENBQUNZLEVBQUUsS0FBSyxNQUFPLEVBQUU7TUFDdkY7SUFDRjtJQUNBLE1BQU0sSUFBSXJCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUseUNBQXlDLENBQUM7RUFDaEcsQ0FBQyxDQUFDO0FBQ0o7QUFFQSxlQUFlQyxrQkFBa0JBLENBQUNDLE1BQU0sRUFBRW5CLFFBQVEsRUFBRUMsT0FBTyxFQUFFO0VBQzNELElBQUlLLFlBQVksR0FBR04sUUFBUSxDQUFDTSxZQUFZO0VBQ3hDLElBQUlPLE9BQU8sQ0FBQ0MsR0FBRyxDQUFDQyxPQUFPLElBQUlULFlBQVksS0FBSyxNQUFNLEVBQUU7SUFDbEQ7RUFDRjtFQUNBLElBQUksQ0FBQ2MsS0FBSyxDQUFDQyxPQUFPLENBQUNGLE1BQU0sQ0FBQyxFQUFFO0lBQzFCLE1BQU0sSUFBSTVCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUsMEJBQTBCLENBQUM7RUFDakY7RUFDQSxJQUFJLENBQUNFLE1BQU0sQ0FBQ0csTUFBTSxFQUFFO0lBQ2xCLE1BQU0sSUFBSS9CLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUsa0NBQWtDLENBQUM7RUFDekY7RUFDQSxNQUFNTixJQUFJLEdBQUcsTUFBTUYsWUFBWSxDQUM3QixvQkFBb0JILFlBQVksR0FBR1AsZ0JBQWdCLENBQUNDLFFBQVEsRUFBRUMsT0FBTyxDQUFDLEVBQ3hFLENBQUM7RUFDRCxJQUFJLENBQUNVLElBQUksSUFBSSxDQUFDUSxNQUFNLENBQUNJLFFBQVEsQ0FBQ1osSUFBSSxDQUFDQyxFQUFFLENBQUMsRUFBRTtJQUN0QyxNQUFNLElBQUlyQixLQUFLLENBQUN5QixLQUFLLENBQUN6QixLQUFLLENBQUN5QixLQUFLLENBQUNDLGdCQUFnQixFQUFFLHlDQUF5QyxDQUFDO0VBQ2hHO0FBQ0Y7QUFFQSxNQUFNTyxxQkFBcUIsR0FBRyxNQUFBQSxDQUFPQyxLQUFLLEVBQUVDLGVBQWUsRUFBRUMsV0FBVyxLQUFLO0VBQzNFLE1BQU1DLE1BQU0sR0FBR2xDLFVBQVUsQ0FBQztJQUN4Qm1DLE9BQU8sRUFBRSxHQUFHL0IsWUFBWSxpQ0FBaUM7SUFDekRnQyxLQUFLLEVBQUUsSUFBSTtJQUNYSixlQUFlO0lBQ2ZDO0VBQ0YsQ0FBQyxDQUFDO0VBRUYsSUFBSUksR0FBRztFQUNQLElBQUk7SUFDRkEsR0FBRyxHQUFHLE1BQU1sQyxTQUFTLENBQUNtQyxhQUFhLENBQUNKLE1BQU0sRUFBRUgsS0FBSyxDQUFDO0VBQ3BELENBQUMsQ0FBQyxPQUFPUSxLQUFLLEVBQUU7SUFDZCxNQUFNLElBQUkxQyxLQUFLLENBQUN5QixLQUFLLENBQ25CekIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDQyxnQkFBZ0IsRUFDNUIsMkNBQTJDUSxLQUFLLEVBQ2xELENBQUM7RUFDSDtFQUNBLE9BQU9NLEdBQUc7QUFDWixDQUFDO0FBRUQsTUFBTUcsYUFBYSxHQUFHLE1BQUFBLENBQU87RUFBRUMsS0FBSztFQUFFdkI7QUFBRyxDQUFDLEVBQUU7RUFBRXdCLFFBQVE7RUFBRVYsZUFBZTtFQUFFQztBQUFZLENBQUMsS0FBSztFQUN6RixJQUFJLENBQUNRLEtBQUssRUFBRTtJQUNWLE1BQU0sSUFBSTVDLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUsb0NBQW9DLENBQUM7RUFDM0Y7RUFFQSxNQUFNO0lBQUVvQixHQUFHLEVBQUVaLEtBQUs7SUFBRWEsR0FBRyxFQUFFQztFQUFVLENBQUMsR0FBRzFDLFNBQVMsQ0FBQzJDLGtCQUFrQixDQUFDTCxLQUFLLENBQUM7RUFDMUUsTUFBTU0sY0FBYyxHQUFHLE9BQU87RUFDOUIsSUFBSUMsU0FBUztFQUViZixXQUFXLEdBQUdBLFdBQVcsSUFBSWMsY0FBYztFQUMzQ2YsZUFBZSxHQUFHQSxlQUFlLElBQUksQ0FBQztFQUV0QyxNQUFNaUIsV0FBVyxHQUFHLE1BQU1uQixxQkFBcUIsQ0FBQ0MsS0FBSyxFQUFFQyxlQUFlLEVBQUVDLFdBQVcsQ0FBQztFQUNwRixNQUFNaUIsVUFBVSxHQUFHRCxXQUFXLENBQUNFLFNBQVMsSUFBSUYsV0FBVyxDQUFDRyxZQUFZO0VBRXBFLElBQUk7SUFDRkosU0FBUyxHQUFHL0MsR0FBRyxDQUFDb0QsTUFBTSxDQUFDWixLQUFLLEVBQUVTLFVBQVUsRUFBRTtNQUN4Q0ksVUFBVSxFQUFFVCxTQUFTO01BQ3JCO01BQ0FVLFFBQVEsRUFBRWI7SUFDWixDQUFDLENBQUM7RUFDSixDQUFDLENBQUMsT0FBT2MsU0FBUyxFQUFFO0lBQ2xCLE1BQU1DLE9BQU8sR0FBR0QsU0FBUyxDQUFDQyxPQUFPO0lBRWpDLE1BQU0sSUFBSTVELEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUsR0FBR2tDLE9BQU8sRUFBRSxDQUFDO0VBQ25FO0VBRUEsSUFBSVQsU0FBUyxDQUFDVSxHQUFHLEtBQUt0RCxZQUFZLEVBQUU7SUFDbEMsTUFBTSxJQUFJUCxLQUFLLENBQUN5QixLQUFLLENBQ25CekIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDQyxnQkFBZ0IsRUFDNUIsOERBQThEbkIsWUFBWSxZQUFZNEMsU0FBUyxDQUFDVSxHQUFHLEVBQ3JHLENBQUM7RUFDSDtFQUVBLElBQUlWLFNBQVMsQ0FBQ1csR0FBRyxLQUFLekMsRUFBRSxFQUFFO0lBQ3hCLE1BQU0sSUFBSXJCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUscUNBQXFDLENBQUM7RUFDNUY7RUFDQSxPQUFPeUIsU0FBUztBQUNsQixDQUFDOztBQUVEO0FBQ0EsU0FBU1ksZ0JBQWdCQSxDQUFDdEQsUUFBUSxFQUFFQyxPQUFPLEVBQUU7RUFDM0MsSUFBSUQsUUFBUSxDQUFDbUMsS0FBSyxFQUFFO0lBQ2xCLE9BQU9ELGFBQWEsQ0FBQ2xDLFFBQVEsRUFBRUMsT0FBTyxDQUFDO0VBQ3pDLENBQUMsTUFBTTtJQUNMLE9BQU9PLGtCQUFrQixDQUFDUixRQUFRLEVBQUVDLE9BQU8sQ0FBQztFQUM5QztBQUNGOztBQUVBO0FBQ0EsU0FBU3NELGFBQWFBLENBQUNwQyxNQUFNLEVBQUVuQixRQUFRLEVBQUVDLE9BQU8sRUFBRTtFQUNoRCxJQUFJRCxRQUFRLENBQUNtQyxLQUFLLEVBQUU7SUFDbEIsT0FBT3FCLE9BQU8sQ0FBQ0MsT0FBTyxDQUFDLENBQUM7RUFDMUIsQ0FBQyxNQUFNO0lBQ0wsT0FBT3ZDLGtCQUFrQixDQUFDQyxNQUFNLEVBQUVuQixRQUFRLEVBQUVDLE9BQU8sQ0FBQztFQUN0RDtBQUNGOztBQUVBO0FBQ0EsU0FBU1EsWUFBWUEsQ0FBQ2lELElBQUksRUFBRTtFQUMxQixPQUFPOUQsWUFBWSxDQUFDK0QsR0FBRyxDQUFDLDZCQUE2QixHQUFHRCxJQUFJLENBQUM7QUFDL0Q7QUFFQUUsTUFBTSxDQUFDQyxPQUFPLEdBQUc7RUFDZk4sYUFBYSxFQUFFQSxhQUFhO0VBQzVCRCxnQkFBZ0IsRUFBRUE7QUFDcEIsQ0FBQyIsImlnbm9yZUxpc3QiOltdfQ==
    125.