From 5bee1dae16a42387fb36d98a18d5871bb8348535 Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Fri, 18 Jun 2021 13:59:24 -0700 Subject: [PATCH] aacrawfi/middlware (#1567) * Move and update middleware components * Update middleware docs structure * Combine middleware pages * Update middleware references * Update middleware image --- .../content/en/concepts/components-concept.md | 2 +- .../content/en/concepts/middleware-concept.md | 39 --------- .../middleware-overview.md => middleware.md} | 56 +++++------- .../middleware/_index.md | 7 -- .../supported-middleware/middleware-bearer.md | 55 ------------ .../supported-middleware/middleware-oauth2.md | 72 ---------------- .../middleware-oauth2clientcredentials.md | 72 ---------------- .../configuration/configuration-overview.md | 2 +- .../content/en/operations/security/oauth.md | 6 +- .../supported-middleware/_index.md | 8 +- .../supported-middleware/middleware-bearer.md | 56 ++++++++++++ .../supported-middleware/middleware-oauth2.md | 80 ++++++++++++++++++ .../middleware-oauth2clientcredentials.md | 78 +++++++++++++++++ .../supported-middleware/middleware-opa.md | 19 +++-- .../middleware-rate-limit.md | 15 ++-- .../middleware-sentinel.md | 27 +++--- .../middleware-uppercase.md | 9 +- daprdocs/static/images/middleware.png | Bin 25094 -> 44866 bytes 18 files changed, 284 insertions(+), 319 deletions(-) delete mode 100644 daprdocs/content/en/concepts/middleware-concept.md rename daprdocs/content/en/developing-applications/{middleware/middleware-overview.md => middleware.md} (51%) delete mode 100644 daprdocs/content/en/developing-applications/middleware/_index.md delete mode 100644 daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-bearer.md delete mode 100644 daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2.md delete mode 100644 daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2clientcredentials.md rename daprdocs/content/en/{developing-applications/middleware => reference/components-reference}/supported-middleware/_index.md (92%) create mode 100644 daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md create mode 100644 daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md create mode 100644 daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md rename daprdocs/content/en/{developing-applications/middleware => reference/components-reference}/supported-middleware/middleware-opa.md (80%) rename daprdocs/content/en/{developing-applications/middleware => reference/components-reference}/supported-middleware/middleware-rate-limit.md (61%) rename daprdocs/content/en/{developing-applications/middleware => reference/components-reference}/supported-middleware/middleware-sentinel.md (70%) rename daprdocs/content/en/{developing-applications/middleware => reference/components-reference}/supported-middleware/middleware-uppercase.md (69%) diff --git a/daprdocs/content/en/concepts/components-concept.md b/daprdocs/content/en/concepts/components-concept.md index f5e84cde7..8331dbd82 100644 --- a/daprdocs/content/en/concepts/components-concept.md +++ b/daprdocs/content/en/concepts/components-concept.md @@ -29,7 +29,7 @@ Service discovery components are used with the [service invocation]({{}}) to be plugged into the request processing pipeline. Middleware can perform additional actions on a request, such as authentication, encryption and message transformation before the request is routed to the user code, or before the request is returned to the client. The middleware components are used with the [service invocation]({{}}) building block. +Dapr allows custom [middleware]({{}}) to be plugged into the request processing pipeline. Middleware can perform additional actions on a request, such as authentication, encryption and message transformation before the request is routed to the user code, or before the request is returned to the client. The middleware components are used with the [service invocation]({{}}) building block. - [Middleware implementations](https://github.com/dapr/components-contrib/tree/master/middleware) diff --git a/daprdocs/content/en/concepts/middleware-concept.md b/daprdocs/content/en/concepts/middleware-concept.md deleted file mode 100644 index 2f382f867..000000000 --- a/daprdocs/content/en/concepts/middleware-concept.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -type: docs -title: "Middleware pipelines" -linkTitle: "Middleware" -weight: 400 -description: "Custom processing pipelines of chained middleware components" ---- - -Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. A request goes through all defined middleware components before it's routed to user code, and then goes through the defined middleware, in reverse order, before it's returned to the client, as shown in the following diagram. - - - -## Customize processing pipeline - -When launched, a Dapr sidecar constructs a middleware processing pipeline. By default the pipeline consists of [tracing middleware]({{< ref tracing-overview.md >}}) and CORS middleware. Additional middleware, configured by a Dapr [configuration]({{< ref configuration-concept.md >}}), can be added to the pipeline in the order they are defined. The pipeline applies to all Dapr API endpoints, including state, pub/sub, service invocation, bindings, security and others. - -> **NOTE:** Dapr provides a **middleware.http.uppercase** pre-registered component that changes all text in a request body to uppercase. You can use it to test/verify if your custom pipeline is in place. - -The following configuration example defines a custom pipeline that uses a [OAuth 2.0 middleware]({{< ref oauth.md >}}) and an uppercase middleware component. In this case, all requests are authorized through the OAuth 2.0 protocol, and transformed to uppercase text, before they are forwarded to user code. - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: pipeline - namespace: default -spec: - httpPipeline: - handlers: - - name: oauth2 - type: middleware.http.oauth2 - - name: uppercase - type: middleware.http.uppercase -``` - -## Next steps - -* [Middleware overview]({{< ref middleware-overview.md >}}) -* [How-To: Configure API authorization with OAuth]({{< ref oauth.md >}}) diff --git a/daprdocs/content/en/developing-applications/middleware/middleware-overview.md b/daprdocs/content/en/developing-applications/middleware.md similarity index 51% rename from daprdocs/content/en/developing-applications/middleware/middleware-overview.md rename to daprdocs/content/en/developing-applications/middleware.md index 751bac28f..a48ceac16 100644 --- a/daprdocs/content/en/developing-applications/middleware/middleware-overview.md +++ b/daprdocs/content/en/developing-applications/middleware.md @@ -1,52 +1,43 @@ --- type: docs -title: "Overview" -linkTitle: "Overview" -description: "General overview on set up of middleware components for Dapr" -weight: 10000 -type: docs +title: "Middleware" +linkTitle: "Middleware" +weight: 50 +description: "Customize processing pipelines by adding middleware components" +aliases: +- /developing-applications/middleware/middleware-overview/ +- /concepts/middleware-concept/ --- -Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. Middleware pipelines are defined in Dapr configuration files. -As with other [building block components]({{< ref component-schema.md >}}), middleware components are extensible and can be found in the [components-contrib repo](https://github.com/dapr/components-contrib/tree/master/middleware/http). +Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. A request goes through all defined middleware components before it's routed to user code, and then goes through the defined middleware, in reverse order, before it's returned to the client, as shown in the following diagram. -Middleware in Dapr is described using a `Component` file with the following schema: + -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: - namespace: -spec: - type: middleware.http. - version: v1 - metadata: - - name: - value: - - name: - value: -... -``` -The type of middleware is determined by the `type` field. Component setting values such as rate limits, OAuth credentials and other settings are put in the `metadata` section. -Even though metadata values can contain secrets in plain text, it is recommended that you use a [secret store]({{< ref component-secrets.md >}}). +## Configuring middleware pipelines -Next, a Dapr [configuration]({{< ref configuration-overview.md >}}) defines the pipeline of middleware components for your application. +When launched, a Dapr sidecar constructs a middleware processing pipeline. By default the pipeline consists of [tracing middleware]({{< ref tracing-overview.md >}}) and CORS middleware. Additional middleware, configured by a Dapr [configuration]({{< ref configuration-concept.md >}}), can be added to the pipeline in the order they are defined. The pipeline applies to all Dapr API endpoints, including state, pub/sub, service invocation, bindings, security and others. + +The following configuration example defines a custom pipeline that uses a [OAuth 2.0 middleware]({{< ref middleware-oauth2.md >}}) and an [uppercase middleware component]({{< ref middleware-uppercase.md >}}). In this case, all requests are authorized through the OAuth 2.0 protocol, and transformed to uppercase text, before they are forwarded to user code. ```yaml apiVersion: dapr.io/v1alpha1 kind: Configuration metadata: - name: appconfig + name: pipeline + namespace: default spec: httpPipeline: handlers: - - name: - type: middleware.http. - - name: - type: middleware.http. + - name: oauth2 + type: middleware.http.oauth2 + - name: uppercase + type: middleware.http.uppercase ``` +As with other building block components, middleware components are extensible and can be found in the [supported Middleware reference]({{< ref supported-middleware >}}) and in the [components-contrib repo](https://github.com/dapr/components-contrib/tree/master/middleware/http). + +{{< button page="supported-middleware" text="See all middleware components">}} + ## Writing a custom middleware Dapr uses [FastHTTP](https://github.com/valyala/fasthttp) to implement its HTTP server. Hence, your HTTP middleware needs to be written as a FastHTTP handler. Your middleware needs to implement a middleware interface, which defines a **GetHandler** method that returns **fasthttp.RequestHandler** and **error**: @@ -81,7 +72,6 @@ After the components-contrib change has been accepted, submit another pull reque ## Related links -* [Middleware pipelines concept]({{< ref middleware-concept.md >}}) * [Component schema]({{< ref component-schema.md >}}) * [Configuration overview]({{< ref configuration-overview.md >}}) * [Middleware quickstart](https://github.com/dapr/quickstarts/tree/master/middleware) diff --git a/daprdocs/content/en/developing-applications/middleware/_index.md b/daprdocs/content/en/developing-applications/middleware/_index.md deleted file mode 100644 index 48d145843..000000000 --- a/daprdocs/content/en/developing-applications/middleware/_index.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -type: docs -title: "Middleware" -linkTitle: "Middleware" -weight: 50 -description: "Customize processing pipelines by adding middleware components" ---- diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-bearer.md b/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-bearer.md deleted file mode 100644 index 476c7a17d..000000000 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-bearer.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -type: docs -title: "Bearer" -linkTitle: "Bearer" -weight: 4000 -description: "Use bearer middleware to secure HTTP endpoints by verifying bearer tokens" -type: docs ---- - -The bearer [HTTP middleware]({{< ref middleware-concept.md >}}) verifies a [Bearer Token](https://tools.ietf.org/html/rfc6750) using [OpenID Connect](https://openid.net/connect/) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code. - -## Component format - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: bearer-token -spec: - type: middleware.http.bearer - version: v1 - metadata: - - name: clientId - value: "" - - name: issuerURL - value: "https://accounts.google.com" -``` -## Spec metadata fields - -| Field | Details | Example | -|----------------|---------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------| -| clientId | The client ID of your application that is created as part of a credential hosted by a OpenID Connect platform | | -| issuerURL | URL identifier for the service. | `"https://accounts.google.com"`, `"https://login.salesforce.com"` | - -## Dapr configuration - -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: bearer-token - type: middleware.http.bearer -``` - -## Related links - -- [Middleware concept]({{< ref middleware-concept.md >}}) -- [Configuration concept]({{< ref configuration-concept.md >}}) -- [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2.md b/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2.md deleted file mode 100644 index ca6f67186..000000000 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -type: docs -title: "OAuth2" -linkTitle: "OAuth2" -weight: 2000 -description: "Use OAuth2 middleware to secure HTTP endpoints" ---- - -The OAuth2 [HTTP middleware]({{< ref middleware-concept.md >}}) enables the [OAuth2 Authorization Code flow](https://tools.ietf.org/html/rfc6749#section-4.1) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code. - -## Component format - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: oauth2 -spec: - type: middleware.http.oauth2 - version: v1 - metadata: - - name: clientId - value: "" - - name: clientSecret - value: "" - - name: scopes - value: "https://www.googleapis.com/auth/userinfo.email" - - name: authURL - value: "https://accounts.google.com/o/oauth2/v2/auth" - - name: tokenURL - value: "https://accounts.google.com/o/oauth2/token" - - name: redirectURL - value: "http://dummy.com" - - name: authHeaderName - value: "authorization" - - name: forceHTTPS - value: "false" -``` -## Spec metadata fields -| Field | Details | Example | -|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------| -| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform | | -| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform | | -| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` | -| authURL | The endpoint of the OAuth2 authorization server | `"https://accounts.google.com/o/oauth2/v2/auth"` | -| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` | -| redirectURL | The URL of your web application that the authorization server should redirect to once the user has authenticated | `"https://myapp.com"` | -| authHeaderName | The authorization header name to forward to your application | `"authorization"` | -| forceHTTPS | If true, enforces the use of TLS/SSL | `"true"`,`"false"` | - -## Dapr configuration - -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: oauth2 - type: middleware.http.oauth2 -``` - -## Related links -- [Configure API authorization with OAuth]({{< ref oauth >}}) -- [Middleware OAuth quickstart](https://github.com/dapr/quickstarts/tree/master/middleware) -- [Middleware concept]({{< ref middleware-concept.md >}}) -- [Configuration concept]({{< ref configuration-concept.md >}}) -- [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2clientcredentials.md b/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2clientcredentials.md deleted file mode 100644 index 0f96cb28a..000000000 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-oauth2clientcredentials.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -type: docs -title: "OAuth2 client credentials" -linkTitle: "OAuth2 client credentials" -weight: 3000 -description: "Use OAuth2 client credentials middleware to secure HTTP endpoints" ---- - -The OAuth2 client credentials [HTTP middleware]({{< ref middleware-concept.md >}}) enables the [OAuth2 Client Credentials flow](https://tools.ietf.org/html/rfc6749#section-4.4) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code. - -## Component format - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: oauth2clientcredentials -spec: - type: middleware.http.oauth2clientcredentials - version: v1 - metadata: - - name: clientId - value: "" - - name: clientSecret - value: "" - - name: scopes - value: "https://www.googleapis.com/auth/userinfo.email" - - name: tokenURL - value: "https://accounts.google.com/o/oauth2/token" - - name: headerName - value: "authorization" -``` -## Spec metadata fields - -| Field | Details | Example | -|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------| -| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform | | -| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform | | -| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` | -| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` | -| headerName | The authorization header name to forward to your application | `"authorization"` | -| endpointParamsQuery | Specifies additional parameters for requests to the token endpoint | `true` | -| authStyle | Optionally specifies how the endpoint wants the client ID & client secret sent. See the table of possible values below | `0` | - -### Possible values for `authStyle` - -| Value | Meaning | -|-------|---------| -| `1` | Sends the "client_id" and "client_secret" in the POST body as application/x-www-form-urlencoded parameters. | -| `2` | Sends the "client_id" and "client_secret" using HTTP Basic Authorization. This is an optional style described in the [OAuth2 RFC 6749 section 2.3.1](https://tools.ietf.org/html/rfc6749#section-2.3.1). | -| `0` | Means to auto-detect which authentication style the provider wants by trying both ways and caching the successful way for the future. | - -## Dapr configuration - -To be applied, the middleware must be referenced in a [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). - -```yaml -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: appconfig -spec: - httpPipeline: - handlers: - - name: oauth2clientcredentials - type: middleware.http.oauth2clientcredentials -``` - -## Related links -- [Middleware concept]({{< ref middleware-concept.md >}}) -- [Configuration concept]({{< ref configuration-concept.md >}}) -- [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/operations/configuration/configuration-overview.md b/daprdocs/content/en/operations/configuration/configuration-overview.md index 055ebdc8f..e027eda25 100644 --- a/daprdocs/content/en/operations/configuration/configuration-overview.md +++ b/daprdocs/content/en/operations/configuration/configuration-overview.md @@ -115,7 +115,7 @@ The following table lists the properties for HTTP handlers: | name | string | Name of the middleware component | type | string | Type of middleware component -See [Middleware pipelines]({{< ref "middleware-concept.md" >}}) for more information +See [Middleware pipelines]({{< ref "middleware.md" >}}) for more information #### Scope secret store access See the [Scoping secrets]({{< ref "secret-scope.md" >}}) guide for information and examples on how to scope secrets to an application. diff --git a/daprdocs/content/en/operations/security/oauth.md b/daprdocs/content/en/operations/security/oauth.md index 4f8be5fcd..637fa1eac 100644 --- a/daprdocs/content/en/operations/security/oauth.md +++ b/daprdocs/content/en/operations/security/oauth.md @@ -6,7 +6,7 @@ weight: 2000 description: "Enable OAUTH authorization on Dapr endpoints for your web APIs" --- -Dapr OAuth 2.0 [middleware]({{< ref "middleware-concept.md" >}}) allows you to enable [OAuth](https://oauth.net/2/) authorization on Dapr endpoints for your web APIs using the [Authorization Code Grant flow](https://tools.ietf.org/html/rfc6749#section-4.1). +Dapr OAuth 2.0 [middleware]({{< ref "middleware.md" >}}) allows you to enable [OAuth](https://oauth.net/2/) authorization on Dapr endpoints for your web APIs using the [Authorization Code Grant flow](https://tools.ietf.org/html/rfc6749#section-4.1). You can also inject authorization tokens into your APIs which can be used for authorization towards external APIs called by your APIs using the [Client Credentials Grant flow](https://tools.ietf.org/html/rfc6749#section-4.4). When the middleware is enabled any method invocation through Dapr needs to be authorized before getting passed to the user code. @@ -81,7 +81,7 @@ spec: ### Define a custom pipeline for an Authorization Code Grant -To use the OAuth middleware (Authorization Code), you should create a [custom pipeline]({{< ref "middleware-concept.md" >}}) +To use the OAuth middleware (Authorization Code), you should create a [custom pipeline]({{< ref "middleware.md" >}}) using [Dapr configuration]({{< ref "configuration-overview" >}}), as shown in the following sample: ```yaml @@ -139,7 +139,7 @@ spec: ### Define a custom pipeline for a Client Credentials Grant -To use the OAuth middleware (Client Credentials), you should create a [custom pipeline]({{< ref "middleware-concept.md" >}}) +To use the OAuth middleware (Client Credentials), you should create a [custom pipeline]({{< ref "middleware.md" >}}) using [Dapr configuration]({{< ref "configuration-overview.md" >}}), as shown in the following sample: ```yaml diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/_index.md b/daprdocs/content/en/reference/components-reference/supported-middleware/_index.md similarity index 92% rename from daprdocs/content/en/developing-applications/middleware/supported-middleware/_index.md rename to daprdocs/content/en/reference/components-reference/supported-middleware/_index.md index dc343472d..039ec971e 100644 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/_index.md @@ -1,10 +1,12 @@ --- type: docs -title: "Supported middleware" -linkTitle: "Supported middleware" -weight: 30000 +title: "Middleware component specs" +linkTitle: "Middleware" +weight: 6000 description: List of all the supported middleware components that can be injected in Dapr's processing pipeline. no_list: true +aliases: +- /developing-applications/middleware/supported-middleware/ --- ### HTTP diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md new file mode 100644 index 000000000..bf637194e --- /dev/null +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md @@ -0,0 +1,56 @@ +--- +type: docs +title: "Bearer" +linkTitle: "Bearer" +description: "Use bearer middleware to secure HTTP endpoints by verifying bearer tokens" +type: docs +aliases: +- /developing-applications/middleware/supported-middleware/middleware-bearer/ +--- + +The bearer [HTTP middleware]({{< ref middleware.md >}}) verifies a [Bearer Token](https://tools.ietf.org/html/rfc6750) using [OpenID Connect](https://openid.net/connect/) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code. + +## Component format + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: bearer-token +spec: + type: middleware.http.bearer + version: v1 + metadata: + - name: clientId + value: "" + - name: issuerURL + value: "https://accounts.google.com" +``` +## Spec metadata fields + +| Field | Details | Example | +|-------|---------|---------| +| clientId | The client ID of your application that is created as part of a credential hosted by a OpenID Connect platform +| issuerURL | URL identifier for the service. | `"https://accounts.google.com"`, `"https://login.salesforce.com"` + +## Dapr configuration + +To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md">}}). + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: appconfig +spec: + httpPipeline: + handlers: + - name: bearer-token + type: middleware.http.bearer +``` + +## Related links + +- [Middleware]({{< ref middleware.md >}}) +- [Configuration concept]({{< ref configuration-concept.md >}}) +- [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md new file mode 100644 index 000000000..7097835a1 --- /dev/null +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2.md @@ -0,0 +1,80 @@ +--- +type: docs +title: "OAuth2" +linkTitle: "OAuth2" +description: "Use OAuth2 middleware to secure HTTP endpoints" +aliases: +- /developing-applications/middleware/supported-middleware/middleware-oauth2/ +--- + +The OAuth2 [HTTP middleware]({{< ref middleware.md >}}) enables the [OAuth2 Authorization Code flow](https://tools.ietf.org/html/rfc6749#section-4.1) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code. + +## Component format + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: oauth2 +spec: + type: middleware.http.oauth2 + version: v1 + metadata: + - name: clientId + value: "" + - name: clientSecret + value: "" + - name: scopes + value: "https://www.googleapis.com/auth/userinfo.email" + - name: authURL + value: "https://accounts.google.com/o/oauth2/v2/auth" + - name: tokenURL + value: "https://accounts.google.com/o/oauth2/token" + - name: redirectURL + value: "http://dummy.com" + - name: authHeaderName + value: "authorization" + - name: forceHTTPS + value: "false" +``` + +{{% alert title="Warning" color="warning" %}} +The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). +{{% /alert %}} + +## Spec metadata fields + +| Field | Details | Example | +|-------|---------|---------| +| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform +| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform +| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` +| authURL | The endpoint of the OAuth2 authorization server | `"https://accounts.google.com/o/oauth2/v2/auth"` +| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` +| redirectURL | The URL of your web application that the authorization server should redirect to once the user has authenticated | `"https://myapp.com"` +| authHeaderName | The authorization header name to forward to your application | `"authorization"` +| forceHTTPS | If true, enforces the use of TLS/SSL | `"true"`,`"false"` | + +## Dapr configuration + +To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: appconfig +spec: + httpPipeline: + handlers: + - name: oauth2 + type: middleware.http.oauth2 +``` + +## Related links + +- [Configure API authorization with OAuth]({{< ref oauth >}}) +- [Middleware OAuth quickstart](https://github.com/dapr/quickstarts/tree/master/middleware) +- [Middleware]({{< ref middleware.md >}}) +- [Configuration concept]({{< ref configuration-concept.md >}}) +- [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md new file mode 100644 index 000000000..ceba912ef --- /dev/null +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-oauth2clientcredentials.md @@ -0,0 +1,78 @@ +--- +type: docs +title: "OAuth2 client credentials" +linkTitle: "OAuth2 client credentials" +description: "Use OAuth2 client credentials middleware to secure HTTP endpoints" +aliases: +- /developing-applications/middleware/supported-middleware/middleware-oauth2clientcredentials/ +--- + +The OAuth2 client credentials [HTTP middleware]({{< ref middleware.md >}}) enables the [OAuth2 Client Credentials flow](https://tools.ietf.org/html/rfc6749#section-4.4) on a Web API without modifying the application. This design separates authentication/authorization concerns from the application, so that application operators can adopt and configure authentication/authorization providers without impacting the application code. + +## Component format + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: oauth2clientcredentials +spec: + type: middleware.http.oauth2clientcredentials + version: v1 + metadata: + - name: clientId + value: "" + - name: clientSecret + value: "" + - name: scopes + value: "https://www.googleapis.com/auth/userinfo.email" + - name: tokenURL + value: "https://accounts.google.com/o/oauth2/token" + - name: headerName + value: "authorization" +``` + +{{% alert title="Warning" color="warning" %}} +The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}). +{{% /alert %}} + +## Spec metadata fields + +| Field | Details | Example | +|------------|---------|---------| +| clientId | The client ID of your application that is created as part of a credential hosted by a OAuth-enabled platform +| clientSecret | The client secret of your application that is created as part of a credential hosted by a OAuth-enabled platform +| scopes | A list of space-delimited, case-sensitive strings of [scopes](https://tools.ietf.org/html/rfc6749#section-3.3) which are typically used for authorization in the application | `"https://www.googleapis.com/auth/userinfo.email"` +| tokenURL | The endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token | `"https://accounts.google.com/o/oauth2/token"` +| headerName | The authorization header name to forward to your application | `"authorization"` +| endpointParamsQuery | Specifies additional parameters for requests to the token endpoint | `true` +| authStyle | Optionally specifies how the endpoint wants the client ID & client secret sent. See the table of possible values below | `0` + +### Possible values for `authStyle` + +| Value | Meaning | +|-------|---------| +| `1` | Sends the "client_id" and "client_secret" in the POST body as application/x-www-form-urlencoded parameters. | +| `2` | Sends the "client_id" and "client_secret" using HTTP Basic Authorization. This is an optional style described in the [OAuth2 RFC 6749 section 2.3.1](https://tools.ietf.org/html/rfc6749#section-2.3.1). | +| `0` | Means to auto-detect which authentication style the provider wants by trying both ways and caching the successful way for the future. | + +## Dapr configuration + +To be applied, the middleware must be referenced in a [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: appconfig +spec: + httpPipeline: + handlers: + - name: oauth2clientcredentials + type: middleware.http.oauth2clientcredentials +``` + +## Related links +- [Middleware]({{< ref middleware.md >}}) +- [Configuration concept]({{< ref configuration-concept.md >}}) +- [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-opa.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md similarity index 80% rename from daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-opa.md rename to daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md index 36870c59a..1c10e6026 100644 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-opa.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-opa.md @@ -2,11 +2,12 @@ type: docs title: "Apply Open Policy Agent (OPA) policies" linkTitle: "Open Policy Agent (OPA)" -weight: 6000 description: "Use middleware to apply Open Policy Agent (OPA) policies on incoming requests" +aliases: +- /developing-applications/middleware/supported-middleware/middleware-opa/ --- -The Open Policy Agent (OPA) [HTTP middleware]({{< ref middleware-concept.md >}}) applys [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints. +The Open Policy Agent (OPA) [HTTP middleware]({{< ref middleware.md >}}) applys [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints. ## Component format @@ -70,15 +71,15 @@ You can prototype and experiment with policies using the [official opa playgroun ## Spec metadata fields -| Field | Details | Example | -|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------| -| rego | The Rego policy language | See above | -| defaultStatus | The status code to return for denied responses | `"https://accounts.google.com"`, `"https://login.salesforce.com"` | -| includedHeaders | A comma-separated set of case-insensitive headers to include in the request input. Request headers are not passed to the policy by default. Include to receive incoming request headers in the input | `"x-my-custom-header, x-jwt-header"` | +| Field | Details | Example | +|--------|---------|---------| +| rego | The Rego policy language | See above | +| defaultStatus | The status code to return for denied responses | `"https://accounts.google.com"`, `"https://login.salesforce.com"` +| includedHeaders | A comma-separated set of case-insensitive headers to include in the request input. Request headers are not passed to the policy by default. Include to receive incoming request headers in the input | `"x-my-custom-header, x-jwt-header"` ## Dapr configuration -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). +To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). ```yaml apiVersion: dapr.io/v1alpha1 @@ -208,6 +209,6 @@ type Result struct { - [Open Policy Agent](https://www.openpolicyagent.org) - [HTTP API example](https://www.openpolicyagent.org/docs/latest/http-api-authorization/) -- [Middleware concept]({{< ref middleware-concept.md >}}) +- [Middleware]({{< ref middleware.md >}}) - [Configuration concept]({{< ref configuration-concept.md >}}) - [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-rate-limit.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-rate-limit.md similarity index 61% rename from daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-rate-limit.md rename to daprdocs/content/en/reference/components-reference/supported-middleware/middleware-rate-limit.md index a2796b74e..d15487152 100644 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-rate-limit.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-rate-limit.md @@ -2,11 +2,12 @@ type: docs title: "Rate limiting" linkTitle: "Rate limiting" -weight: 1000 description: "Use rate limit middleware to limit requests per second" +aliases: +- /developing-applications/middleware/supported-middleware/middleware-rate-limit/ --- -The rate limit [HTTP middleware]({{< ref middleware-concept.md >}}) allows restricting the maximum number of allowed HTTP requests per second. Rate limiting can protect your application from denial of service (DOS) attacks. DOS attacks can be initiated by malicious 3rd parties but also by bugs in your software (a.k.a. a "friendly fire" DOS attack). +The rate limit [HTTP middleware]({{< ref middleware.md >}}) allows restricting the maximum number of allowed HTTP requests per second. Rate limiting can protect your application from denial of service (DOS) attacks. DOS attacks can be initiated by malicious 3rd parties but also by bugs in your software (a.k.a. a "friendly fire" DOS attack). ## Component format @@ -26,9 +27,9 @@ spec: ## Spec metadata fields -| Field | Details | Example | -|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -| maxRequestsPerSecond | The maximum requests per second by remote IP and path. Something to consider is that **the limit is enforced independently in each Dapr sidecar and not cluster wide** | `10` | +| Field | Details | Example | +|-------|---------|---------| +| maxRequestsPerSecond | The maximum requests per second by remote IP and path. Something to consider is that **the limit is enforced independently in each Dapr sidecar and not cluster wide** | `10` Once the limit is reached, the request will return *HTTP Status code 429: Too Many Requests*. @@ -36,7 +37,7 @@ Alternatively, the [max concurrency setting]({{< ref control-concurrency.md >}}) ## Dapr configuration -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). +To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). ```yaml apiVersion: dapr.io/v1alpha1 @@ -53,6 +54,6 @@ spec: ## Related links - [Control max concurrently]({{< ref control-concurrency.md >}}) -- [Middleware concept]({{< ref middleware-concept.md >}}) +- [Middleware]({{< ref middleware.md >}}) - [Dapr configuration]({{< ref configuration-concept.md >}}) - [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-sentinel.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-sentinel.md similarity index 70% rename from daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-sentinel.md rename to daprdocs/content/en/reference/components-reference/supported-middleware/middleware-sentinel.md index 72dcac73e..e93fd9c73 100644 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-sentinel.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-sentinel.md @@ -2,13 +2,14 @@ type: docs title: "Sentinel fault-tolerance middleware component" linkTitle: "Sentinel" -weight: 7000 description: "Use Sentinel middleware to guarantee the reliability and resiliency of your application" +aliases: +- /developing-applications/middleware/supported-middleware/middleware-sentinel/ --- [Sentinel](https://github.com/alibaba/sentinel-golang) is a powerful fault-tolerance component that takes "flow" as the breakthrough point and covers multiple fields including flow control, traffic shaping, concurrency limiting, circuit breaking, and adaptive system protection to guarantee the reliability and resiliency of microservices. -The Sentinel [HTTP middleware]({{< ref middleware-concept.md >}}) enables Dapr to facilitate Sentinel's powerful abilities to protect your application. You can refer to [Sentinel Wiki](https://github.com/alibaba/sentinel-golang/wiki) for more details on Sentinel. +The Sentinel [HTTP middleware]({{< ref middleware.md >}}) enables Dapr to facilitate Sentinel's powerful abilities to protect your application. You can refer to [Sentinel Wiki](https://github.com/alibaba/sentinel-golang/wiki) for more details on Sentinel. ## Component format @@ -41,15 +42,15 @@ spec: ## Spec metadata fields -| Field | Details | Example | -|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -| appName | the name of current running service | `nodeapp` | -| logDir | the log directory path | `/var/tmp/sentinel` | -| flowRules | json array of sentinel flow control rules | [flow control rule](https://github.com/alibaba/sentinel-golang/blob/master/core/flow/rule.go) | -| circuitBreakerRules | json array of sentinel circuit breaker rules | [circuit breaker rule](https://github.com/alibaba/sentinel-golang/blob/master/core/circuitbreaker/rule.go) | -| hotSpotParamRules | json array of sentinel hotspot parameter flow control rules | [hotspot rule](https://github.com/alibaba/sentinel-golang/blob/master/core/hotspot/rule.go) | -| isolationRules | json array of sentinel isolation rules | [isolation rule](https://github.com/alibaba/sentinel-golang/blob/master/core/isolation/rule.go) | -| systemRules | json array of sentinel system rules | [system rule](https://github.com/alibaba/sentinel-golang/blob/master/core/system/rule.go) | +| Field | Details | Example | +|-------|---------|---------| +| appName | the name of current running service | `nodeapp` +| logDir | the log directory path | `/var/tmp/sentinel` +| flowRules | json array of sentinel flow control rules | [flow control rule](https://github.com/alibaba/sentinel-golang/blob/master/core/flow/rule.go) +| circuitBreakerRules | json array of sentinel circuit breaker rules | [circuit breaker rule](https://github.com/alibaba/sentinel-golang/blob/master/core/circuitbreaker/rule.go) +| hotSpotParamRules | json array of sentinel hotspot parameter flow control rules | [hotspot rule](https://github.com/alibaba/sentinel-golang/blob/master/core/hotspot/rule.go) +| isolationRules | json array of sentinel isolation rules | [isolation rule](https://github.com/alibaba/sentinel-golang/blob/master/core/isolation/rule.go) +| systemRules | json array of sentinel system rules | [system rule](https://github.com/alibaba/sentinel-golang/blob/master/core/system/rule.go) Once the limit is reached, the request will return *HTTP Status code 429: Too Many Requests*. @@ -63,7 +64,7 @@ All concrete HTTP API information can be found from [Dapr API Reference]{{< ref ## Dapr configuration -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). +To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). ```yaml apiVersion: dapr.io/v1alpha1 @@ -80,6 +81,6 @@ spec: ## Related links - [Sentinel Github](https://github.com/alibaba/sentinel-golang) -- [Middleware concept]({{< ref middleware-concept.md >}}) +- [Middleware]({{< ref middleware.md >}}) - [Dapr configuration]({{< ref configuration-concept.md >}}) - [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-uppercase.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-uppercase.md similarity index 69% rename from daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-uppercase.md rename to daprdocs/content/en/reference/components-reference/supported-middleware/middleware-uppercase.md index b0fac0eaf..a2b38433e 100644 --- a/daprdocs/content/en/developing-applications/middleware/supported-middleware/middleware-uppercase.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-uppercase.md @@ -2,11 +2,12 @@ type: docs title: "Uppercase request body" linkTitle: "Uppercase" -weight: 9999 description: "Test your HTTP pipeline is functioning with the uppercase middleware" +aliases: +- /developing-applications/middleware/supported-middleware/middleware-uppercase/ --- -The uppercase [HTTP middleware]({{< ref middleware-concept.md >}}) converts the body of the request to uppercase letters and is used for testing that the pipeline is functioning. It should only be used for local development. +The uppercase [HTTP middleware]({{< ref middleware.md >}}) converts the body of the request to uppercase letters and is used for testing that the pipeline is functioning. It should only be used for local development. ## Component format @@ -26,7 +27,7 @@ This component has no `metadata` to configure. ## Dapr configuration -To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). +To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md#customize-processing-pipeline">}}). ```yaml apiVersion: dapr.io/v1alpha1 @@ -42,6 +43,6 @@ spec: ## Related links -- [Middleware concept]({{< ref middleware-concept.md >}}) +- [Middleware]({{< ref middleware.md >}}) - [Configuration concept]({{< ref configuration-concept.md >}}) - [Configuration overview]({{< ref configuration-overview.md >}}) diff --git a/daprdocs/static/images/middleware.png b/daprdocs/static/images/middleware.png index 92c3380754f083c12a42cbc3970480b457d4af60..1642493ad21783dc15d3a0582089aaab4b1fdff8 100644 GIT binary patch literal 44866 zcmdSBXH?VK_CFjMnW3ma08tQ-5>NsnNEx~!y-M#e(ggwO9n=9OARs05q9PzINKNR9 zp*QI*fb`ybe@^g@GuOGlH~)7JYpIJQ-@VW7dwph^pFtzPW(hp&lv)tp}_w+ z*UYvl0fC_U<)!XvdKfPs|CV&EwR>}@BQpJ@30P@)>lFG=jdb~7hY^< zi+jcME8XLFpXO-@iW~+yWgZzZQUoNKRQPbz(;W5a^8s}^N{knca+!ZcloJXF! zX}$r+->-AYD+LW<&*!wAqQek&V{E1V1%JO;e4gi=4JBok01t&oAJ({mtu*x??@|TF z&AqBq?2fbUJsP_xx8%y_H^x`6OF{aBz};I2;x^sNYoQ2Dd8KNFla?#c;S_95>6onY z(lM6c$LC&?niAZ(%zeL#FBH)m7l1rEt$#hRbF_HiyLpI0RH@Sa_~g?JC}nJc$NoGl zEB1qNp%=yBX%BhL#Zy{8#v}2A-8YCTlYe~J5yr-0wqDq+sK%|F_h7rWmvrz{|NfD{ zk?lZ#>;NFXGM32ZcJ1*G@(@}DC8hd_>5SMn+OHKfld>O_6l%eiP8T=EvV%+n+1&HK zB0b_4$NuyWPZ(JLc<#r8AK*L`S3_dsjlJsM=gHJPiotBF@6_~zqj9@zm+X?ls z`mZJoI2Qi>(3Lwp`*V}i>C{P3>Qrr<0tXV!VS4(q=`@$wO$9k#goBOk zD!;M17vj-$9+nhW5Hx&>ocW?9)!*q+U>j&(!mBfuCh_aZmAbGrvL8=1nZ%JdbkJ3bHo(g2Ce)Ps}E?&j^~IqFYY0u9rW)nPnS@YBr=U=Ww!( zD1-Vh9TkMq`~U3<*7r>dzt$_ra5KRp(AwYhJ#*3wwMG|i48&oyJZ&wOB@&N9W`bD4 z_Iln)ho~47nAUA}h;FuW_Zd33g(u9q?yIZoSfEIZkYyY$i9)SxK@4DiqDZmCq$Ha zU7&?I{jkuRK!p4~L~IZTO;x4V)%oc>62tFSilOtgt;?f#%}KM;!ZmLZF;?vi+14B` zS;*{z!Ohnl`V z$C|&vD%?jRv_}=1n}+peM~BqV@e=|~Hab8ryT*R|(;7fGCz1;mIWtweqXy!9d@lRB zdPROWhLy|$?PFR?B+~E}$r-vXg^F_vn5(6S(4xWoUb7XscF)tp$o9 z$B7pm{WUaMg7`1GkYWhWK6{qbx0ooj+g2X%K6^m+%Y=Y@1Ao6^(Y7LYm5aXEbRPTQ zP7Zg?(Z;-vk!!DecYkOTF1ND`*=Q&x)7xmsdh0KGcN58@{Gf0LSTB)bLqkb3Q#*#iZJ2KP1c6?)R1$E^oJ!qy4D%-zQ(?nKO3zM)(GYw&ux9>Br|Z zplBl&JG7R36#k+NdGi!&o{ClYtZ*I`cD-byv}bO(w$Y$t*rDclPD549wN*`)zNBDD zqugJwn^Tj+8Rpfx^a1A;Z1{u14RW3)_I2Km(Vw(FTTkcF`wpvb^lkPTIE)-(DOIoe zt$qH@UuB19q~GgR>o#+L3yw1)r_-56qz3vo2?$RadzQ?%>_3Xr99+Gg0^yLARR;?> z=(fbl?Mk3`=b5%d_kq%3`$OWvS(j7WtMPP{Wjyf)DpNzwS40|qPa$w4%TPFElat4^%H%5nD1@t(IWcI?)JvhHI?^Tj zX@8Jvq|%H=`9m6m1kvb{lTFmlZ1ao_?hM>hgVX^b6*?a<3itK7b+9L~!h425n10&x0>oY}?@ zL$OR+|91W#%wONHY}Dw~QGK>3JErd`B6?8TJC!#(;yz|n{>SI%H}6=s4&3ytIU^H+ zKLLw0N@DgOXQwd!rq`4?(LrhmcdYtUvZ0-+`jMbNyqZ1+t&yoRvV+tyex&EQC_g%z z!<>_knFwBOI#dn+v)PayX)wPMUzQRFJI5 zX&wnqE6qV`6s246jtl5#u+XBTJypWLOV28~#KKAR=!0Rh@x3sklFg|wi+@ssaIfU{ zM15E~BNz<`&Jm)B(P33Uij3b;5x^a>>=Cqwn_Xv|C=dbE5uD>LPw zo7;cCrGu>@M?YdwcG4>%1dHzp&wg%@8xJ6%810GRD?Mr$<8RG33?o9)&aYe)#C_bZ z4J1{S9o4RQ9sK7Oj2&q%Ch-*Br7rfwXj^;jNqTDGVu$9`kdV`I zF^L|tPKPaw`R}5U5Jcm~gUCq}G)sFTO|@{tP=st{O}W*+YP)asmVWUZ-;|xNZlQTo z@!@LCDSJ}^7tG03pOB(#T4qw4`5);U;qfpQ=2&zdrILQzls53$vu6%04s>6@Q#FsR zt>+3wRx6$Rr*sdqsF#i~+X>n~{2G$*l*To|h80DEQ%id?<~f`EQhk=_;so9)ldjoH z$fA-N1qJe+D}a3K#)nGr4lVsVAzBk?<7_lX^`0fd99^kU?SXIt_ujVFjT?@;$GsQd zZWd))%`o;0@f>xaQnCx{++s5f82v|mcSk-?=?*6*H&It94n>-{fdUk3ZKJj=^gJBi7Mc#E+tSP(FyvjD-D9;>>~$zMW7BzHx-;% zLn+FHB~ZbJB6-h~*y%%UVJP}g1BD5j9|rv6+WK>qIwPft12v2r2O)hReBy}*m3^fD zy$OL7YPdG1T-dga{0SGLrc>{+K4G%@=kWSo=VfV>1IrH@x5GT{>4aiKmD4}kfJeix zJJNx?${jUNrLFod&GERH1gJ?R>)UKSa?@6J5_shB-!1(s7UQp4%s^N6k2wOh(w;;e z!J+7NPTjTo;Bb`R9`Wg3c!gceHRr3LwwYQV(;QtD0@a--|4Kt|(${E80?5^|A3k(r zr|i-R+_5)stfxCW!wwyaMrQWb{D{Meko>@Qb4Fp|aPPS^#^Y|2({aY?-MXm(D}f8sWu}U@K)t_)nS#$BabQDeE6?KR87SsEYvm`+X)5i5e;rD?= zt7`W$)f_Vkbg(JZnCT34U49b5rUf}%{buW(5Hsj**4DMgvag*O4kviL`rGK%UhEJh zQvjbx!9ist{tS2T1yMWqvT4f!g``Z@847{Ge4;gBsgnNs{V#}Nj}$MP8_bU3{>);( z6?9_U6bOZ4d&3&PQ<-8a5Ux5apVu?7!Dw{^b&&W8K`goC1_QMVEwwwx6X}Jz^Qc!- zoI)gm^0NjGRohP%Xr1rp$m7^ku3Y1C6bbX^6#LDL8q~iWLk$JGee(1!K=dW0(9~s7KgqM6^ zG7Yw}klY{*W&|S>S zsL3&8O2~jU$QH~~c_5wVFblFd^B3$$5iy0z<)++1>gKK3dMhspU%!l3xiz$4qP3pJ zqrmh5C7c0Pz#I)UM#Vj&`AwVIQTn{4ydg!9Yb>T>=?<6A{xD5gW5=Z`Cf}W3>=VT# zax2E;)#Mj7LW=YFlIfBzGsK~9kL1*^t$iVtmB)p(n=vYMJbP8Y4Mit(V&n{gO(}C~ z?0ni*7QN;F;(x`;R63qjyGPz<9Y|{?osKnG1J)mX_gp1yLz@sKCx##rkMKRQv@FP? zGN)PzV72WtmndG%{toD#jkp+e_Z=MdNe|7Y=k}!>RWr4my{54+P=`;0Q z>`rF9I+V7m0pz?Xh~6<;ll;R3aqV42(|+Q!LGHE+Hkd~~H)yji<#{HTZZOsp|;YfRPB4xKTKVJr{KU~!gkw6%6>`s^I6MGE0w!fxE`3u zwN(7A+nQ;Pv`$y;<~mJf0C^-@_mOQHfzJCBR)J8-CN+$FpM4D0_b97w{Hp{`U+vOf zoAMV8UOwjEj&?HEnx6}HSJ_i_n*{~W`W z+nK*~Ww-x)!Q!uH1KNi>1@BtwFWZ(h8<;#eAT@%^fT&hgQ_Ezr=jX7OUfQR?2$P{` zK=pOk{l=z;)`OyxF}tHdSfk@P@5sp-6|Y;lja-7D9R>3r)DE7Y>&+bSdOaw=#FxuB zr?sS?@SmI%O+)w)G#LFUPtP3bw@7sL>#e|ynl)I!>q@MG0Ub5aeWA>^gT(kjH4HPk z#0#vQ=q_$^14!q%Wdx)XL^Qg@57nyVkS8+g$WD1h&_$K~ljDj73fs3?+RhDgf)y+h zot4d=c->A|L7iUAr;@r9R>e`9bB{t4{R?smA_K@J6X>a3g(tMrCbY4}eMC6UXYh$N zGkNh7(4UAV09!xB(zhA8S5ZY_+}RrZt5}(xEc6Mvoh_<%HiYf4e&ND1XnZb^m)`}Uu2^J7n^VAJhx9vT`(0$Ip#}p zKydtYGm2Hpe9#ERFkh0s?neNU-wI~3E(j~Oa7pN7-m{T5B8OS0Ju|GigjbNw#qKPR z*vRKH+@dzI^?qxhGNX`90fukovp&PMmPVh};FT7~le|hUcKZ^{R$W%j9v3xSorvju zL;;JPohB~3vZR}R?ivP0XdkJ{1Zpa7*yIYAqmG0V>e?wQqiTojV<}XU1jV|aCaM`1 z_qF6KM`pnayncsQ*YB8uS#6sa4F;k7o8RT!lT_3Q#rMdB_A!`V$*#-srN3{})QD@R zkV`gtNV6tWm(t=#+~qA|YGNE~s^9T;KO?B3(wuq+D!;GidVg`alq!@|qmo2t+3v~Y zTPlEn4<~sYYs3#n&zcoPdmEQ#9&!!G_QPe%>_|2Se%ZVnHek|`G$jOzmcg-uGw?^h zNL4n92za+aqi7w6({yFie$=M*Y*VjVnb%6ye?+)yYwB7UnwM`kVwY~OG?(3YCI)=H z|13Y=mhpL(-bs)PeYW`5OrBS~9hh=~twJVFZ%-u0;7sRvK$wuzo~*uN+RH^rq8RqKFC4f{6tZ z=P{>g{^5FP$5lU-ofZcjV|e|iPe*asY#Lw|0*x8gTPV?-Q4IRY01T!+bB(F7qtyIA>|D9xOXt&OD2z_ z?P9P_)aQZS+2eudRXT8Ew{VAB(klV3^*bpF6-?A&)B1`py4nhDV0A$pokhcm1NFKm( z=zZa}swdZKz-;4qgJ7LBAAli~S+=h>a7XFXh_CAFP@RBBS)B#Q_fUj^vQ)cQp$x>T zN;?LdEVNms2Hj1|VdQ~>W2$!C7mCQ)oErM4BV<|m9CNNm_A45}owdMRzbI|r7xW!2 zxcldNAhMnWr;eY~LYs!wyR<_d_^;bq$a6Z4D}l-yMqMJnVYl390C$+~*pU7;EbbS< zrZplQtBKr3x)anr);B{s(1IVFFXMI)myYrRmm^F@bWbpX21!-z;8y_*z|vIU6}o%X-LEb@^UUJ^k?%#fXeRCaw#lqQR# zbbT`wQK9mn-{Y&HuSB&KhjpxUY=hSGUFoXtQI1r4 zwHg8G$Yg~WmlCLsxy|FN5$|}26H3THT|`^itcG-(+^wIo!-^ zT0d3rVwm!YhL$;rPggE{FhrK|ytO@RBGmH-OlakOl=GZ)Y#pe}r_JqeMl8bcf8`6| z75_%T=N@$wCLI7jwc9LDz(k10skBDD^m1sbwLy0!cZVgiox~tC82F0o!FdXQ-kNM` z3}_s+zXjjLVWP2Zv_^0iha&RN^RZ~CpyF1&c@A{g5(e#8o&2LIvS}j)$%%loc;$@0 zpi5zZIZBidrP@bKrl$M`cRKDN5mrU1~#$xn?vam==Wf&@1<}-=meqI#`?xAO*vB)nFs)XG!fB)a{ zcuRKW;Y!6rFlT?!tM>8KEq$!#F`MjO3t%n!QLn|kHBcx6`c3@BIE~8rIE^cRzi{c& z3joo)0Kg)D<7RpRO0;=DdXr;Tr@biYj?n7RukXd=D!!J! zI|sQzppMSmt^o6BiDcO$>g)*28I<#Z+(fR9)jmrNBOLl1Xx_k^{+WoVucST=0fdT{ z+DSSBQ_xvqhQyp5OS{p_2Dm>5Mn9v&!zmhjydIu^cY*-IDmRkSw<^qx#sO3z%`xH( zrEq1|mXZg2{HRc8I#hXkTlCcKFT!oFF$EMKBXhIJq*h`Q`>xw2>eXt=RP_lbKR2n5 zgbj&678w_46U`lm|SE9OmeYEf>s4X2@;)P!DLcF z;ZR9vyxHPdS2;Q4&DRgFZC_y95(Kp;WZQ!uhlbW7brJB*ruvwOfy7|q!nWLq3ZP>| zkZyRTO5cWC^{|&b?ol@bBg}Dke;&L8d3ru;IO;=VsB+FX*~$70&5z7F`CNtHp{8gi zz`hdOE6K^`2tbo%J`yj=qVNn?Cdl2lYE1nX5O8R(q7q$1DepTiDccw-pbKJAIDSzlVf1+JXtm( z7LyJDngkn|J#3xj*&@s_zig&J4eCC2jE9q+_bfj;zU5jOj2kE>5vJA2)Ldhx0gOS~ zWcN9jo+UG(us$O@j!O7V5OH+bgyeJBUkny*I-2;b*9F5+yD2TY2Z!NsgkKH)4$Xa_ zFuD8aq1Ja8Wx>)?{)Ox~+q}Y}B;=`NnxuU$)V=eav{@vkHoAq8;c}Ys}7cOiOf5ZPENJ=9#YJv6I;+3NBH zdE)bLCUi)QQwp&3SCupI{rFHl`@-n}L-Te9$OW*$-9Og|HTj|F>@2Ft>p)GgHB);| zsQc&Vga9aU?hw-{!nRSuwJQY`zA1=rAR?e33;8rzBfJ~AGf6YZnT6{^$_f;4I>w&q)2u7D`P?B2 zIRE{=FbZrO&EzHs1b4~#PpFIa$X!#Z1RgG;F2m$buP5{LNmv5f!5o9w!1%;84 zk^J3f0q?;BIyT?UHo=$EsdAse>0 z9Hoztkr-Yw+Z;KZ)hu@?5I}zx>w=hZI*I;GMjmH!nt=}|d>jM+pQ-D;NnL1f|KiNr z){yF_*)kIV2EIA8q}+Do1Hfc;xkBylNs@b}86Xb6pgPBgmr%2=q^Vwzfvrg7@(Te0 zlDtQcfdCGtzQsWMe_{!ry4_#cDfa8XNe!MVyM<575C|W+$=zO!iLf{_L1LgUeFE;8 zY>>dYS0?I0zI^-khc4#H_?mTxHW<^z_iQvL{5;y^@w!iPUZI0Il8NLxc(4|Ou6
-@1bMO3FZnN{ddV4H-5ykcy6+@&gF~Mt+`h?a zvTj_ix%vBIF34`~HHp;<6TzAtz<(G(a{t)Bc!=Zv zQhX7#KNx2NL%lkodNx1;-ObSJkcOeAwgnSTPuhRq90iT-ZcQo=r=xU+4%{*ClQi(i z&WLicys`8!G*oB7hud-bt%`MAB44iHS{K(z6>`;nIXC^ApAVOhx{14b>`dP;K*Y)K5pb{p%_86Bsw3ca z40x}=JL7Uo0EiI_z7x4>5)&5DszVeXtRFo}KC+ODn2B|L7IF}9_2ptLz3@6vDs;oYMqXffJz0a$Q3;4Jxs zVviZ+r)cr%2m<*E@j0gj%AGVLUJ@wxoaRJ!BdA36GLxmjSgjec(i@z#UhrcR@!ua# z;D7?+%m+OXm+Hh zg88ED?jFYrIy@Y3t55`W)hxUM=FCAT#K=5~7yA;ctH_ysu3PO9;2VbrOvYb(0lKdc zIDo_OGHa$pxjtONc}#YX)6`Uo=N=YB$q*Yh5wqj;ox}|zFucL|DxIgIj>gv|2*l|H z_ZxhGPy;MJ1{;bnOjc*IAZ}J!%{Vkn|p}~O`a`KfOkTysUyqj&$RaXj?cM35aS=nx#vuwI$*H0#({f< z<_`}jFw9Oh#p74UTTFyRt~p|JpR88pzxRfuV^+#DYdgrQZ{?P_J@U+n=kx4aa|~~L zY0#oc0%+ghkRJ&<%NmVWtDj1O%%>Sd<1)>P0=Vxl%hra;+TiL$D*_JHv6$2m5Ei+% z-hc9B%(oGD<&LH3)l0(GGP=%rO)RW-Wl1jT{?ZyZ8~0lxK@C>$p~E-M|BJZxs9pp- zl3RdQ=lz?o`rb#>OV;?C9wa6q6fij2b~qkCIgBWiG#R5DfBH-2OJZ9kTGw2Trl!mb zQnKTg%IOajCJsv9{-5M06im|`wNB=v!9D4*wV_0wq|$_qz|daO8k*(s%P(Y=2`hSs z*NuzOyNHjcC*Ak^1NPRl_%f3PynAlo^fT4h?C$>pd2s$;I)`#E&|~~+>()ilT@hORJsovftdXDlfP0N?t?*(@wOT)0VhUZDu+4SR zy>HK5$P8YBO$}~C?`5-bD~ZL>>RtVfJO@?c26}e`%xZP!9og}NEGo^j){RpT zw676T;n^!xe$1_Vp`P)Ky`%B(I~bwy2-yvG=P@r^Pt4KA%P+e<`F?;L9aIrp*_zIVK5ny&k5{aYn z-cH{v*zjZTd!UYRjaMHs(D|)8U2xgTyGAFZ0wzu;f_~MsKVbIh1Udwe2U7ov`iMAe z6qXewB@Lh@eQ6X}m@r4tBW*2KqHhA`eooRL|8?=Yx8!96P_ngO43`j(t1dbyFmDnW zuO(%?ATe;9J!jh=X@{=5?&3ZMU8y-;*E-wxNOPFJ(zG5qDZuc*IbUJniO($TXfZ@S z*8}&xGue$L-S7{sC28OuYWHZ<>LsJjb!YUDjY8ajueZkpqM!x$_AUBLG%3S{ie+sH z&x(;Q8V+E_a9h$A8)%}o%izg*l2pYMX%ld?VCZ(l_4}Kt=MQkf+RG90g7Sn#-hd(i^~hcastF;-Rt6)1^?cWd&+r zanJs-3yLv*F;o9aOqn+_w#=;UR)rx{Mab3CW2-Zhw{BT?3alWC*>gN8n#xNd4HZ)@ zaK3pCVomrj{oLUhv@)B1BbEM^2Dlu0D5A{I#U941<235&Tx;xYq~;!9v1lI~(5RHCpxkW6e0Y=p&koB z=3}CON-lN8SM*cAwXGd6U$K|K@Fn?q`2*LsdVw}l7;UabMxhHj(O#mJm3f-qhMbuZ z$%1$`5&ve>Btgf0!4{C_6|^-6xk4SVm>Z%f7v@FVN*Z=qTI`N+lUk+li-;a?73G{S zuoq!-(Bh4y^#u1p^u7ivqn5;m2nqIrO*Wt%*w5Oz!fwj@z%>1BY_J|PI=WRWORuTX zP(&E)mr|Fz1%M^f&5l%qh}PqAhS--y9VwJ4zB~IAU0}7A+d=D=4(~=^Sat8NNmHXi zD1({z5v;&@>KDjYg`e{~xWWc2or+R$N0_!~_UoPxt-YO@+B4d`ylC7UxQR7hP-ste z@*Y@h&4AY-&oS7GFKC!7t*SQ$X4f9oU_qvjS0SGn{Fp`MgtX#J{aZOra}V>a{q$@wOwU& zkB4WLdXY9*+yuJOFEF^}mTZH?M=zE!ZD9QsA>iRp*gC)1!wba(Z(gwc*w>j zHMbbKw>vRryM)1iC4uGVgTJ|s4R{|Kn?TDgk$0tpS!W{9CZ?y?u{p5Wn#YFFhOSY$?JVnvb;HHg-pa+5-wlw)?*8 zhYMqhOTG<&efq!HzrhBihsLJRa?8Su-*|n_US}>%*t6U3@4@bL)Vv%x3e=>VY6;|7HMV z69o*wS3xTK;066fh-E9_rMKOFPG8o)m=Y9gnwplVA*%ec0Bq{}FP$g{5qGL1i2J?R zcgoWNv+aMifdXu73OVvZOovlZsxRX2SjnWqX*$6EGwj_%Ez7n9q&T?nGh^CU0cXrzE@Poz6MzAB%NM^k9;Z^Q@xbI`u4_#g+{8}u;%8T9EGH!DsfrlN-+ z*1zg&8yi7U;TLa%havf1Ox>aW=jaarDMiDG*Bf!l4i2jyiCUr2yc{&OYc7-pX3m|` zG@-wz@WKKa6opVJ;D*fs*+?y4ZQc29D}LzzpmsOFc%!U{V>%$W^(DMzz?GHf>Yz%a z<9dVCl-*6Ku#m5Id_dl(^{;(0zHcx72i*7y)r31D2P*TIeZJhGDBaPWdgQ|Ue`p9m zg!`2K67Gu+U(&~j5Bqtj;T2)+8`+`xUvsJcbA1@StUhZPrgyzTy?ifw4uQFZ9b2Z(&}XXs-5F9X99!c zU6(UUiym#S_JX7RIfyB1D*I1hIuxavEyks7lv0LfVTCG6JK7F7#u>flg3->h!bAuNNv*L0gv_@>u zN~DW_ao}Lu#~{nH#+0uxuV)fR0P%?IxbhRL2ur*%dkiMDC1EV8%bSsLl^RFh!N>D8 zzQ*dS5%Gm&1rn3}(Fxrpxb-y_b&GvW!8@Dxcajy{%D$2 zQSMTlxm~gt{C>;hnRP6(KeF?K@lfym)_ps#CFkDC*@Ek7ipSBv@T&K8^y{mXA5dgX zUm-)lS3ipzxA53$8=QlDK>qK;YD8^qNUGbNe5QIRZnr zYVmRu<2FO3j615U{cCy^`g13JeUE)T#$QenCHkp(@PgKf4jjxGgYF~jG^yD1 zmaTb)zpuOy4?6;($Hc~ECTLL9(SLs{*{S&^%p!Y&un41V$)RXU#{YRTdp)huTaVe6)6B(Au(T->d~5<~sg z8bSOJQJK-e%@W~T82MnQdo^w8{)Gx9F{#vG9Z!i3@#(64vn!O@1^p;<^IZQ_Cx)eK zh0K=Qd$Du~xGsWYeOP14qs6;L*s?HXB&@QO$lg1}g|1YLFB?Go=iWrHrr!A}uP}d( z>_|>vp2+J7YRk1VczDCKowU-)ROP&-(%gO{uil|mY|hKM&54po^JNo&%Ae0MVuL&7 zO1TX;m=04GB)BSB&>6QYm|`=A8iU1FfR+IRYu106@Lr54oI1j*KrMmCG)>jcJir3h z)g{htib~>)_KmhE{MgcWf2+w_qoU0zqQ4c|io8a4FD%)pT{iq)`f!wmS)ssXp&dQV za(aIpU9UC-LMy!?1n&BP8UKTHg8~fJ)2`m&RXVSKlP4jN$VATs%}($jAo&F0n`f%h z7rU$*5AQ%c;Nq9m4YG5{Z7hiBkLi53bF5&_IL&jF+F<31Hir?R*so4uE}j%03NMQN z+WT0QT#sY*v!c@=sxn5@WMz+}oW8=r>)H_&sY2Qi3FI!z&))RZk#+yERO>m&U6fpP z)PFhJ_qRY6`v2owK+#VH*nVnB|DRr5dm9$kblNr8>ntg2)$u1iy_m$o*9`yH)nMyS zx%Lbr{0Ch-C0W_sSYeTh@YT7c__4uWN~H{UHx-;&)%MACU$CBBfAu?b3!WK@I~z)h znUa&EY6b=eoegEJb~jZXMVi*j?RHKFXKtfhBtK?^iJ3nPQ%^*4+9bn^N3XSr|%Q*41rWbTVK`cjNi1 z86)4&m5vN<(D1r~tM;=1{h@5GAfmo7R0@koMR{tN+(7yJw4%d;DgKk5&Q6w87SQy| ze!oKkOsvh$8uhP|xzz{nFA7(bpTJ;Ui*u9;ZDJ6Gy{P5O8@0M%I}Ld16+kgy#4w+2aoS++L!79 zOQBZh7DgA-7{ye?O+d_C{`rJ_fUdl)yNmKccv$<&p&4(Ki%IX`V3CFwsG38U@E>Q2 ztt>q{ezJXJF&_7FjKrN&pJLQo!j}M&(Eex0*hO~H4Qn3EE=q=yB`{J*t5Stf0%JrbmlfwVoXCf>e& zmZ~N{(b_5*7Xby2fdEl*5F7bit_n^D0 zZBXPL8b&Nuv%IuWHryhwZdY!yva}@hHYaD6bbcI6NP7544b0d$N?Z+m#LY=68y$fb zs41HbeX?G(8Xy~6ooG)8S!fekt!A{(ze~PUB za`OF-0`Tqtf(b`W6KQ_Iv#`i{!bID^Y@?z3%SFgnr!%3H@10Z@?FL$m=aW@YR}JK{ zo_d}pjyKQ723n2YogwH6(I<@PcrQD4>6kR;rJ(lpSCEBszLd1`XQuqt zQF&3(VSA7dtE&>o*vGum(y|T2$@AmCL9DNy$>caq7=h*vQyx8Nq`JVHuv>@T(@=Y= z?>Sqw`_h5=#-?h+fnHvOr?9jrSEe^X&v{?U`ajQ7b(V&#b;q!i@E;1WVOy>+`%;(EiT*P4aco*YSb^4tdA)+-`XLAE@%R4v9#)8vs+bXeb8;pKM}5uS7~*3}K} zhIP+mc(KuCuo^heeT!7K-8QLmd){v=@5yjZ%NN_0eIN{Hy(0PGwFL9#JF5Ynig5&l z*GUi9`2HgW@UkR~KFCnqAnnY`1TsI;k92lYmTkZ$cWV$r9>{&?u(mP0iuWEe+0eAg zZK3^j^cP$p{KY91HAMT}^SM{-4XVKEZmWsoU9+Ras+BKp6Fitp{Hk>3VGjsxQG>^w zVW<@om*&(p+4IazYQh!VOA8Ap_FfAR2uUD5avp#Mvcsw;BZ@6AGX;W-t_!eOvC&|6 z*D~LIooTF$br;Yh-#;2Z5&Y7-34CBo&h640<+l!!408BO<-3GFE_qR>d1jKkpOcM7 ziqdLdPw|a7xVY>jRUZVTaCK=ALmm*F$x^3%S&K&>pL4a zf_%a}*4oB}iYyMOpSnG(CiY}Li$<8PU5WhZ(4f%#EHL^nj`DKBuR)5@5h?d#b8~U= zzbRG%fs~!4u`86Mqn-|XmZl9ex}!r!BK{mCcF&34f%v}=E)~8VC^{3TCCF}0LS=0< zm-t%tOhe=kw|m1+Cra=ml5ucN|{Fy0|JI&Em5?rcgBLEAvL5Y{sADLSoUCs!y4jp3kj(rXJ6|43!e+ zwfZ3Uad$4|!F7%L}Z+Uqd!0UFd-zI)*&fu;8=Z&=&hQ7Z{UAYSBUwGa)TbVgVOvY&(!Eo-W zkK|YYb0q#6#agk?u;|d=-DP{JAGCNaH{Qw)34oN_@8+V6+rH08;$wX7uEsikbKxDQ z@s1y68#(>b89Xj@;oL?5$-AOd8^(L)n~C0|L^NWDDjqI31=$09 z?v1^7xEznq9+C#@5hdZrnII&5MJl}PcL>7Cqe4Kdh*n9w2>FCL>)2lX(X;`QkbYNp z#zx<4QsyY}?nRz*qJ(gwcit}uJ4HH6hwS$|4o5HOh}Lk59t+nJC6M|$o6jZIvEqI9 z>*b@x8kK{FurP!K-AU0trkDkre%J<7cBi7;t2#!21@hGK>|*LV6=gZ((6JyEp+ju5&D_k!NJIgQUWP(2Qb24651zj3NgqS_6)*JgOxOrBX-okX9+g54}s&Zxhxm0LdmTD#aif%D8=d3%| z1K3tu{fp{&?z4Cav`ltw-%F)88u5n3Q&8Fk@QIJ08++)xE_YiJLvCB1o!@cPXZQHF z_jvFV-i^}nh|V^r+_4w~&#O*k6p-dx*iTfgXghw&__kTiKM zDxWaYQ?e}&4))&hE!JdtPdvYrQtG9%YtMM_m2nFEFFSuIoyqX7a(m_QVS6q0IMviL zX7&~P*d_Ois4FQF6xZuNUiYHC$2Tg(*F@M+Njbv>QWyEl>cOP1f{Cj5D*pDt(WV6B z=9q}EmtW6d?+6X`qX0f3pte|6JD0@bCIU#$**wJc;uS%1#gn?V)SLCUq8s<7&!YR* z%yTMn$i3+BYi?tIRVA6z03b-gnWEM1%A+E%DMyQMKS|pQrw(N7FE|Nr2=wp!I^FZ?-E677 z11MAPa?6lYGs%i>SUr#Q9avS|9pjXlOPrMbu8!-D@@j=negFj@Iy>o`#*w5| z!(vm9liqsOjc1n>}8GR_Zs2y0X z*ZNhE?msHV)9mW(EK(eL40ed{1q}DRfVs>sBGED#QOV^J7Qd^Fc?RfBKC6S*?i0PM z%{=Tx*V^UZBFpE>^e-jZYU?BNEpq(s8HCVSDz@Yik&L#>kT*7XFXJLwW$TB#lc9*L zm>di^obCzV0S7c%5~aF)Ud?u9s$uMs^JNs#YU6LWsh|gzwlAvn{J*;}0YWi25`|h> z?zRMrko@=>HIuX(xftaQI_aWR)0JxNFvHjF%D3b!!pv@5BIEQERPsDXUd!>Gm_-)L zm=DqJ!-fv`-qqe6dmR2%aPc2X?BaQARZ%<$Rt!V&Wl2aHCA&hePtoof9D!b@y84J~ zmVTq{Pv)SMd*mes=C`zjc3*>Jw+zfXa5f82k+9ynsUR%uRVtsz1-aXcclE^kD|CQ_ z#gv_aEGxDWX83yM;(3bwwkn5!kW^oG(emh%c=ox(fNCLuAM%kzwabqw{!QY}E#+Hx zO=;NQi{0^NN^{yI@QoS>;;b~IIKD&nRS&;e;F6wUVFDT^cPC~DS#PbEjax{mG2ESiG9FlN|7~PgL(0*EIl3z( zRmXqEDyJ63B_^G_t97P_JFhWVOIoO);B`ktM`+MH!>3r7_*UD(KQtF6Vlny=t1P`z zIQpz^R_Xtv?8^h8UcdiaZns4d#U!DuMJPh{lwFd_zFqrH$jCCLTg2FxkR?;rWXm>V z9fhoELbe%8_GJti3}y_!XVhIj-_Pft-@o_fJ@bI$8^(quNHDlQ$|_X2cr z|N8xUjp1SX-$~a$z1VS3!))T#SYgJVb$)YWB0h5}xR=WUAjR6g-(CLjU9*=ODs?CA z+P)j7>37Wgcb4SAwfeB;E(Y+2-VB)+Az&#?uyX&u1s@)d$Wvm8s}k;&yK=1o4WE1I zRL&Lzh_pbBmVULQ9l&37J>qkB2RlcaGOJeaLud!irS<)~-5O^1UOYmkh)0?Ks*~VRxfk8T_dWH(bGu^XqLOlTeJY!k(+V2?VUFi8YQ<`$TLz zZjmA7w(kk^Kcb7VS!T@3@b`VZWhbhUc7i2&bJ6eHtMPR2Wu{xVJo1WuOWhCt+kfgZ zC6H{x>?9{%PrH@;e^#?KQ)15u-&%e@IX%9;%6&vT8IyoIeZ~W)|fJq|Bsdmo_QeH4#qDBEl*VReRxbit7*$H^9m0w+h*=arvE;%6%5Gm z2-AeoKRdzIJt6-zZy`O3p6&z2zWS#?YdmL?-Nh8Fk4pPvr1f z`XTsFh0D+;^0FqNDwM-mt^eF*`ShRCsuBC!QF!yzzqVOkpQ}#IoeB*&AKt?7-@BaQ zpXPV>*!|A#)cgCsGkcM`%t3^#yLhC^8|K1>#~W{+Ay6 zU>;#W_OGBAp1)3pfYM?VS*Kk$NLpI{k7c?c_7s{Y_J!JPj*#6uGf1L{Cv zqO}$&e+g`IBu|x^Ym0>C=KSx~Ex()nDSp9!u7tsdqo-z{cZ$NV(=2VkLLzL8`w|y-Tx^Wf0!C#ykC+;iHzl7fPzq45a-x&W|JwDJF zB(214F2H82DAUk{P(ZSptM|t!VA_@8Tr1c8cwNbp?7X;)E-s}BMtpcUj}C8e_hYSL zZi{Pzfty*Up7ScTCLvTQvE;m0*t!cfw=WyROt?2-Nrj&cq18~8+VY{@C-Y97P980J z9?@ePxq*gS@Yv-$TZ~a6ry|zWi8g(K19t09)GG6g!o7{5f}2CGo?FE4txy?DReLc;p2COl&JXSuL{P@iaZUFnE$&m8#YTV2mze`#{UKb?4Uh zsy|1h5mwRRla4~LZuOk3#gX|*jp6R0Mz;PSR1K7<6(;aIE?fxg;4jc6Ok%L{iCd&Q11k7eQy&gGWQ*k0vm-IUgSg?79`IP8 z3DwrkvM46p@`N)b#Jq$HhEsG;78KrddmTiWb1&D3pZ0X5+M26VoA2o9 z>A=G7Q?TU|uOFfwe^m4PE$-AfmFUoIhOZatAz0Cq%ZP&fyw61sCbT*<&$54<9Vo?i zekzm~$V`r_+WMRuKvu=4Pqiw|Fygh6F7|x8bw;1pQ`o6fJRVzYLoHu3_p@l!7~Y=g zl(XP;^N2_8p3~z4hp5nO!k{NMi@+oMR(&b6&tp=i++;#O;$px~e7rc<^tI&5WnNih7H4YL|(5g?{bt91~> z?z+BiOtQJjwN%UfU3YBrR!Z{jQtM@h7Q3^hwerIYOgDfWH{7r4_s=j=N9yiTWu zm670PPVh=A5OmVkFgqimAJ%uZbJ$*En8W?CEb%Ju)+EwBLex^!qrQ@7r15Z@OLLMN zl*`Z7swPx84i+P#t~MJ#FQ)pbNXKLMYaIRNn3y$ZXGga6%>v#^bPd>Nx?=BqvOuzPSYC5DV98IWCNLiW3~BQ?-uA3! zT8ElLUVwCbMuuEwXF^={qn1uRPZxYpG!Z7lC7dH59w*KwuYCsYjgH$)f+%CLZ zSsF8-J&_b&%o8mFZ7z*jeDX_4 zJ!ZcpMwo2%E?pkyW%j$w`()Z@+OOI%X}5E-CK_^+QdO4$Gvgt&Pu3`yj~x@2^Adu3 z7DJXu7G)XbB_hjupPNlFH-}X?^e)bY2Aq~CR_+r`#$tJoPXt(!f$o^Is zvhP7p?)u|4Z?Y$X)ehq^?@g|p9&9HQceJ?sH>?Jd=fumRDwPMD!ky&lL zIlG%7%hu?VnGGHM^Xc>sY>&Nlr&dKh4l|E`)IZ7M>N_$G%dj?x^biN z-FrWz5onqW=pw%ajZtRTt{PiLr_>#WEwgMjSXx?RBMJ-XKeXmIq&t$kE!^2csRa)S z|MY5GA@gi8KT}` z`)*Cx>m0m*|JtfA-l@1?Q>HK^sJzkD-~sCzTsiO-^7HN&u^8S5?4tkxekji3M{{$S zid~4=+z`jbAv-Pe-*6Ff9Mw;H+_V>Ey)M`z%S$17q;hjz?hOdaYb6)*t+ee>mS{l< zAtn_3jSo;UBpB+)-2j7IxhGdHw_@PjGX2mrsXf1&%ST;~Y1VfJ_d<()FAOQEtmiBu zH7b;}(qb`%ohHgQ_(YhQ^>loUn?q2&38lgvyJ1WCK_gJYT(v@9p)fLFCtEF#gdiZ!z zLPJ^^S27U~wYR|+Tb3j#y5WmPlHgxjQBKsY$(T^q4?%E{V>jd$UQcCdfWa(DC9oJ4 zbG80<*$h$@ZIn#El3oDscg23;yn%31wO?!%RQ5M^V-8cnBu;3Zyt&IYzZX@2G1kAv z*QyzNvyxQ9>HX`K|*t zc0?ooVp!3jtPpbDr=$M)VFbhEUS!C6#Q@l8l^MXMHf`N*5xB*`9`Hs8l1V<$E}HDa z?8yJZ?8kgaR$XqQLXbj0w;+o;`Iac#^Z`lj*BWb{@HcNu_z4S&ZRAD5+lqD;RdT(? zqUw7^LHs}~9|=C>FcQ7(a_D7ZE4i-CzbqXFLySlZXD_ax@fBMg#RF>ic;G$r@<2Q) z6n-sdPk%U6I-J&^Fm{&6;Pu6g3FF>@VR{CstQi3wz^Yt&nO?ta&z68*b7agyv$CO z62Z>f^yCqtYu;KD)CR>_DrT{SSVBszDLlskGs~P+%}5^H5Qv-1CEzf^y9=IVe8rw} zZ|^DhqCscJu)Kzu@HIPIH`iB2i_quKNAJK*G)MW0Az#Epp5~nO8!4_P<&s#?zJL6P zq1)Of%lGVY%w<Z0l@efjRY$TM)CBG=}_1KAAof-j%p6p%V9CxDS>@OA9Wk(37y*Q5qM;d zcQ414yBk{DAzH{jwH6{UlT3U$u{=qN)6`pX{oXpjPe zwQonJ3xe@AuApgPR!1VTViHPoaF~3eHa3gqUh39}a+xQFp|fg60BG&F^FQ>|1GkjkOVG;l*D#$E-V z7EBSBW?~r_ThtDAa8=+IcDGYB*B<3_-~F&UpHX!B3+d&^uJe>n?aV?NM1}sE6r;d! z6=@ys#0E9W)N)PyOoW7F?c^v%N$1xIM=CYUs3y~ygK?i&0Ht=5WDF*E1p5v=ithpD zDtFM_DK@dF8qF#$yC4F+U_XG4!82S_5?4Qk&(MM(FvT&79%5|7NphpXp@I%kq?T&j zwxy`^`T@LX38c1^K|_YIjI%oSg-_vBS$xg65KJ>y^57wV8NIdXS7rRg!&Yew-7PK0 zvH*Rn8^l1oZI$$rEP_8w^fD&6$h{z!#0)i~3|)|@7y>o^TTiYHzPoiXpl|lU_qGPg zOSR^>#bHGQhsaid1vS`Uz4yj7CByK|l+ez^nUJo#_ zQ4-tsTj`#(Zt##K$<}}#C%DDEcOE;f%kJZ~39%D)FFtoYYhITYEKvD?iz^i8e8xSL zDvfXnDLP{A_c`4B%{}_fnMn%q^mGw-`=figCwJt*8iPSjc9=HvOG*_|OZjfxrLy}$ zU&4!BJ~^{d>I(BB^(SyJ#3!B-yS&)gHfjMiolXK7&R%`S9AKr!#XbV5amr-#h(rHO z^eH`E`?$O$f#1dkUyctq|Dd(zXRJi7sy|a+q9+73^=B@MnGawdvWZEQci8pVFbs;W zN5MX0auqE6<6LZFw5vCL_&Jsy`&4vkOfllk!lHEny3yqN)=o~hH($56BmQ{@6Kfo* zs~t;v>Bfzs*;Wd}E^D{6pd8TpIzU1A4Snr2)Px~-0#e`1PcM6SgX(gqR1Ni}QQbOu zpmot9qJ=Bjt916mjQ1Gk8qR{xl-IMBf0|-n=tdAby10>zlA(!K5}VM-!AXj&vAC2= z0L4i1FVz%n_O-6nw{5)P5*~4&HH=xxxTCnWrd}?9R%}`f3^h0>J8d14qmz%>Lhd4( z`LjP%qq8Q1nFMJ{5SEP?c#T{0iH=9v&iR9JXi~XrlQsX+e)olIaTus+>1Ovwo0RhY z2Fwu$zv1Qb;myw_gh`L7+?Y<3Et0t1Sms*obk=(ICKu$*<<`CqhZOS7B#-{>`hii@ zMS6rn4P{J#j<~Kd^lNJhU!$EqA|#GHw`1v7XvAuK_7)ONy=s7P@hCL7#8X;-1U2VE zX%z;U42@D!{<`i7hYX)(p+AKIAsD}f*+LtnHqzp<=Gs-w>WCWwAMH-zEnH0%DRm8w zy{$IX%a9O~x4~jaHbk{XSLo@Q^*vD&eJGW|T_J;1Qx@4Fg^(AG8|Z88;1mlm+s07o z8g+;3R}eKA0hzH`nACM~6AP-NB={{HSB?ncxZZxJK$Q_EgBv%!J@41w8W`}6`5n&CjvcQUNJS_Vm+?Dox5eoLaF$D3lD4=Si zA~%!if~9B0VoC(xoanH=Wj!hbTY$V>bs?=Hrc<%ahE$?xpG9aR4AIDX^Go-^r5k5L zlSVW(R?4cfvZ#NsR^7DVD+c)IObNEQFt)htX|+`f2clh;?8ngni_0pV7K&p1VsYMd zUWn?5jNljWq=i|;fY-7``InFpv6!%td#xpUDYE5t&99_f=FoJnMme;YlihZk9U+8m zZ-6@Qms@sCdQlnnTmQ7(i;`A%>{95flKv8h4c*MPHe=XjfgoX3yP^@)>zK~E21$@_ z%|3%@H_b6Y6hM$HwULQ2UT?Bu2sZIvz^(bXTH`xw?v{7Y+R+9l$?I#9QwP3?nhF{0 zv?;#*+8^O19KJor6IHyd&fYGyCR4jhe*9?^tsqKHe~>B$1Kgw>@!J$>X|D^o*G9_O z0F2<4#@zjy)T9+!7?jXgymoag^jax#$Zd;U+`S`!P;j>_>6a>6w(K{2Q^eC2&O;k& zP#=NpMnDi`9|X*dJEGnrz^qK=Zgn7;V<^iFJ;a8;oSLA+OzCp8K?RIIfAyS~0i((dhxB-6X z?)qc9dJpr~j09(3EjvOK=?+XFYpN(7f)I}H4!^~WEcM|Rx7P30s|`xCnDB2exPP|! zUew)UJ~GVjg6pA@yLY1f5ri>cHe()H=&+D-H1%;z81=6~`Mh_~q)+$fOec=h# zSL{S>i<4erl*C+!C}HNoeU;yrj~DnxCf2rgnA`4Zvs4!p4x1Y+i3|ItCDwlF7;%^u zt?-gIsTM9;gH&r54Hp?KnF#xqB-RdgjJQr0qg?on1!;ws=4y#=VF~YgMus zW_qcp_s)f}>-2xJTjco~p7-)bC9nIUzkxujXwBk9S$KCYu%C9xXh_g>X6sF{b3_+o zz3k2{w@w=tc%+XxVkB2Vtdv&K+UZdqALxm9MNskZS&%)cUwXoQO6Av2P;<9kkZ9Of z`gOLm%YnS@@vSt+(}P16+T#1=f_^DC)i?|j>`OS0`48RZ zAoT<$NUwrZlW}+TGyRR;wUmZ)55#}PK5{$A;)JKv5uagb&0Od*ae=$j0fH!cbi@PR zSwz{&3MVQpcex2;kiV?2*^kjEBU@s%`-2u%;x{HgJ>=gDG3y3&%AhRylQ|j508bf^ zznU|eTw@9N4H;tz`>RD`2?wk1#1alwyT=j^S4VG(X-?JLEEZccX|jBFgW;ZfY3e19 z#5xT#zhQ>1%bJe6&6auR!`d}!qq)rsNYZR_iBGv@Ox?E4>UqMn6)d$xwd`!o|?!8fP78ycN(CGCx zJj_InMT#xr)!C2gGhh0Uw4lfB1`Xy(k;k%(ikXvnBHN^t8uly4Sjd_i~x z;s)h}-R|!lh=)(}+!vdgvK&et{DicyU8o`9DCr$s^^Qq)i#05MX2{+RkyZ<|U}=d9 zHlqGUWofHrOoXB!p>5@h$wma;mLaxjXL1Hq2aHtpE-7b!Nqo$UDoFIN}8NUSYr-ujd05d+X+tXF^ zE}w3K^4pXVFUUiFQ!Y$OL~CX66(i;P8L)%mLZUP&o2R8cdL>C-_bSZ_PqNj$ELPjo zH|Vjybxq9629Vf$o+?x03K*9+_-L*pP-vXe3{1whDhPwagSG%C_ZG|hEO%m<{+6*? zrAdk~>09)p%CM7__l)=oBPUqbN(Y15#0>^J$kUa?w?;9G=r(;}Z#yL*CdorX(en1m zy&Hdw6{wz*yZYbb4@(&%71H&VTS5Tnj+(m1gC;E>1#si2*3cTPd%gMM6t_>b=Mn2Szii}!g#or!t8(2qPdB zJb&19`gL<~TrF5(krt?tBvGJiuD5F_lLpRb84z&VN-BqMSEYb@4)N`0lSdD66&I8n z7RznLZ^-Sn+Z+O}&m|76CBkCJ12H$o4l&45ALmEh;8e|m*z>sB`uWMb1h7**Co%?D6OFJcFZ-$}iv zIH$zcP4}KQNXyw!EkHzEGN~HNs#=C5%S45l?P9cv4T=I(C+>~70Thci5B`O>AU>vu zcWcd1EDR;q9;ePoPu2fYiqkVvRRuph!;O25C`j-`ROpGR*qP>_1WRH0@xStM_*^1+ zTg=E-X$@fZsOf6aISTzG%yelXZNP5YvX+zExV8T@i=QPA+OENxpg~WTpEIQ=%g;7D z_mK?R)0!(+M~)d}`d@NVj|52;eyGrMulTBXj;O?Nq^V(E&_%S_rMLzDcicmS`|f`5 z;WD*x=Xd593u71JsmY#xJKTrNXQ0A(l#&BT*v^>KYc{X%A>`Qn3T!padNQ`QeMO^C zl8D`+K)L(*7vHI#yp*HD?1T;UU%k`~6_8n&8=_~e=F+m+>28AFd1CeX!36`CB(xSt zJ8;)K=SjRT>(!M5JnW#l5HJbx@+f1-G`6fo}eJK#Qi4RY#z{u`g@hr{%WyXk&F_?|&BpjYd# zL96kO_=JbvNla}ls_Q3Jj%9{z20ACKW)bgr4X=39OJ`rDH6`e#klu;V`0~;P1A>4@ zqP&)w*fG^&|4R$%l@zz6_y{PYiJaZj#MbGV=OPfL3ABl|^o0a)J7|Hm)6u3fAbJ`w zQWrK%je*sP)63tRK}KcFXrt<=iogB%_eZXl6zb zM-jP6lIg}=noqgrRdKua<``cWXjS^z1!5yGZzFik1Q^A{Dr4`C@W803yF~^QIOZJj z=_g<~3>FQ77soy=^lYBc`}+!xb$~w2ILZ>mvh~U*(55rmrvu?kYG2ol&@x4`AB@{>{>sYiAA+50wSJfXGtw*TJE z3N{2sLUZY*!|xEUl9b;wy+ny6PrJq(d?{us^$z+G?9C;VqU6xuzh2Y)t(UZ^x^bt;0a`9uJu~%&^Zz3BdW4(B6AtfR&BaqCMnJlxb(TI!Y4)X zN|iRac+O3orYBg?KmP6rnz^55t3BMFKmc-U*w=SH+~6rV+uYPec3w(&*Sy1U0xG=} zG~%9sC2U3-j-58ifeX-i1dpjo@VQ$|G;8MJfP(ZMw;SKRh%=s`)EI8u zYXAlvKEV988aWg!Gi~$^$`a#!l)U{buo_2zst0U z2BZ}6>I#9cApAhGTmndeDl;C+z2{e;Ji*4b*I%Yq3t;4GY3J5v^~a=%qMk}C)83iL zPw^(R>ji5E9z45fqFEcxvt<`fZZ(1`u0EghC&v2pD~aG7_-1SL#1n6f6-GgcY2?}- zbz672-T0hQ*nP+Kos6KT#;Wf;)&> zGJBlC6p^UT<7Y#tyw$(+0BR|_ynVPQ={^_eZUiC`&T?OeT;g$a8+*ZA6Z8tISx?FR zDoT@Z0`S|5r-=fdc3fuF%Bimy48gdjq%Iq}uIGhkTXKpz*LL0%_2w!F6gJbG;-h*3 zg%NG0u%&FiyC;_S(Y|*mtfL4JKkYB*QWj zD+(^g=byHYiIDFJ!WF}7>dAuT)Ng=K?6&D0skJW3*J7B2FmxedaFrNaO4fNZLUHJ^ z005GUIMoUNt^BahfG~Q#+lTZLh?2wI47@ec6xK#6oMMg&d#a9_OdT{sa>O4#KNhJ! z>Kt1Y(z@4m*!_jYaAxpDcMxeen|3^Jgn!B3^13j^__7Q&y=RpYwZ5m=qnVDji(yKf zM+e=F36ps$)X1quhH_PASUCn*trl_@eN86dRult?iS0@3vS))8<8Jyw=p_Z+;~uJdTR0&)T>#)qSOw98590TzK44gTg&oKLC>E1!;vybaH!J;=R<5b0eo_O4IJ zf~k3}d}7KGnLRj{7WF4aMw~KmnYc|eb{jj5tA`7?0p5U+Omn^^-k8g`1Lix@UXFNU zI{~YPSd3`eEKu->WA7>mxPX!QE=@lYfX-Mh=V@y(VRE*cb)Mbyj&)8U;4rR#mRKrP zI?t(6)sob=31ca2t}Gi=`>inN8)4JNsO##xRR2!Xn{Au6RLkLW_2-??eB3roP5}t& zkVGa?1&}kxty21^2VO*eQI-hJoXsEM=`olsad*+HSkml<@>B!i$3fjv6xysY4Wi0pZ zo0gHViO-{gZDG8=t(-BK6!E=-us|wHPppB$i92EE`rJBdpr;Gr+(MpqwJhekC^t*( z4P`YPsC5@(Jhpsi`F85(%M#CJg)5J;+*>^FX(+IDo#Rfe_OOribp_lVK1lW|#dE)G zkn-uG(^b&X1?Vd+<+2u8K{Y&Ls;rYc*CW~nST$V!scSr5c;oL{9qT$6xuZ@9(7U}< z-p&S5$tluZPUklj7#p`~(J~9LkzkG&x;kyCr1M0}m^p<@?w)@4Zfg?S=;Ni5@pcyA zq*~Pg$sH(yg3!Yi&(nGXnP9^^IDqC2vw08@DRlEU_ny14=-|`WHHH&46?>ldF0uH& z(sj@tju7>C+~j$|@O4F-ZUb*|@5}}3)9%l{cOSTIBxibBCxvt#=6&v2GbelX${)3N zym>D5NrSPG%=Gm}?X7ocKq#RKb}*tLH4q+?au2>F#=PH2J^2_34zrlf{S%8HBOO6ufOtbn~}v?2m3{tro$DYfhR(>*<4jIqq{V zH-clg4Wro2zTz)FV*2W)@{XJDpTa5c zXQmwG;>>*dvevphZ`bZVRShnR3{S3pSBdNh+k&!IC$8!IxudD^26UNLV`oe)&M>30 zB(mTuGwr?`FE804_iEtL@@uwA~PKJ7X zjRw^0$Y!?+Oh0CO&0-A--F9wvb&&P@k`s)lIpgF zACyI#+XI64*xAL?C%|ecLByKAb6KgNc`R`Y+S_&W>Wc64KDm~T5u0hzvR!_}u)e{P zsIYHJVr^H4xx@5QxfjHwnxkkq(IDvR1>gL{+P)5Rm+7TSFNkS%TG4PHw1|(8U3vAv zN6i?|WH-&8puL?J>87&)qtu2Bw%5Zl+)I%-iQ8b@G&rIOcb!%0=8CJeh#^C|zU9Z{ zi8$~9``=p(D}PXd?RdmcI%_H`2|U0nD)0dP|3CT6Si;fj;#dMhegBVv^ZRTv%L}NB zMq|8ux?2m$@8>Z9CikT*Q^ys>wx#CcgtU)=MZxJ zm`fElySH%+Ah@GLEiRY_m4g?gT)+=uxQVHs{R&K;X z1*>fF`n5_P<{LQ3v_pzFsOr?0uA9n)4)2&$G&oWy85*W{oaWMO@;IrvYjRsbFXBkJ zUE9=C?0zn@#lU*q$pP_A9*A!MH_RS%;wFkh=GSu~NYuk0f=5FP0*v{I)vGFpO)pN*ix^@Z>7mu1|Ujg|B_j2-Clv8|O2H_UtZb#^-n3yAP3ql>3c zkzOt(b5@!WuR0&81QU_}3N`4q_NV8oZK)Ad1@UFh4&Sv16HyIjRbeM}Jw9p89*mI? zaZ?Z<`q}&}Q7n~RA_GJjAh>nOGv{|N6mwSj-XUJNS!TpJP}c}NRyr#Qt=TVpN3{w!?P`5r#K@Q< zLVh{l0F+f+d3grHP2Qy1e7pNDuKM4h@ooC8AOnMYDhtGvqoW<_r~KYkpI1Fyl+CFc zx28ml$mxk@+4wG_ok>&mrmgGdh~&wF%t&uE?EXw{QuhibW(Tyb9^WP9aH@ZI-V1q` zeucaMJHa!>F;;&WyonszXMcI-kD`<6W#LaMd7b%rMD2p}Sus3!iC#SNc8}h{b%Zsi z9pWmX3QC!Myq);`Q+#Dg#;ZLB!k%`&6}wsnqd<6qXKu>Sis`Ppi}3T}HN`}^7LRTqUUH$V@_fBT@cuQVy(tVD#u8ubzENN;RI&WD2dhhK?xCnIL z9Km;2yD!CKL91)d4;IK-l}jlR|9-8^n@E^We5rC@WHG$tLqDoVGs6bA>l!L9*38d< zmN^NjxwL8e=U2dUQh5E>vu#fhc>DtaPwMY%AfCaA9AfcJN3{R@=pb|kf;D*+pScw` zydf(c?c#y{_4#wxyd57{mR3(EIe_(Z&!r84$57W}`uZuq-m81-f8|yZ2G*Z))#dHC z!UG|P5O}`A{}7R5kmmp)>)8G@4v(``VE(Mc=m%5zG;`WP4~}!)+%WfAVs*vzHwb0M zaW1Vn*BEyHqSx+iI^y}~MZ#>*g!kes@^``B+>v|dJ<}rp`u#q#VuAf*nE)?CDiNtWA7-Z_1At&8b3kP+x_dK327dk%nvjtu!z3&3O1fl~M} zCJ$%;khev0{sppeWUQ{QXa<9YDZ82%ZJ%A_kvcqVW^#I+Ngjzh=Xh;R#~QRRNBxc3 z;jvBQETO-#oV?j!m;Wz zM|rv|X&z=L!I!GNEj8#c z4~jtP8;^dqzcF>pB-*PI1Xveg_A)E{z`iTT{@!4a;`{3+#~sh;T*H9OTUXFP!&&el zxuwTf=_muB5dc@?_y^R}My|Es0DiZpK}9hD09y9);&ebumvZ^@%ui3AcdJY?faAFs zFe2O?lwVCKPNw51K-SE4F0FD8_~SrbT(k4S5LT<3)l+~KRF9-HT z{tbgmrMVlO1b2r?p*dvkG03_|1z4J!oL1QW(O5BkBMVp+4vM|oKd871wY%BCA4{)F zZULUse`$?szUvGm{(17|BQv_l>q}C(fymXl&0qY_n*yLZ*f0=;aJX9vAxrk{%laFX zWq&3p#>?!411#3|HLQ{NsObOo3c23O1J8Wx|6j`ui(?6QD?MG>hHQpxR<1 zGNRcIrnYi{<;l}c0wDeWWiq_&XcFM1dOLnWv&67 zc%(&kY=0LMHb6YkXN&_(4nWe4kgoj45J!o}<6Rp!mm@kG=?nw@I~p#thaD8yq{gT< z@B3SI5oGPI`?_LxOpixG*1E`y0Gj1Y>qc~^ zi1XcIyM+%gq%vi|SL=Ta%&#_KBrFgamiHF7zkgOYJeIkBCz{+;2qwM8SA^Usf9-*S z&ZVvM|IC@uZR}S2erdIwA}oJ7G8wD)*YBOb^YXfM;Er7KbGKc8hwI;yRJ$Y2-b*ih zftEH9@sKnNn+cV`)=0a)pH>~Og}>w=*E3puJ2pg&RBy6Z%3$sQ-R z+U3-lZ%9i+km!Lu^}#e08@EN4Kku`=1VogZL-lbDH-WyZ!HdpF^*AtiB=69Y%2JJ?S@b}TKD_;_vdAuzEv0U zi`8%Y<78i_e3g#i20-k8Yjp8Da1}Ypzi-w3_Ul?6;t}wav>Yaf|Da_pA5~hmJXe2& zr%Stjx@g8uRK@$&?bA+*)ToH2{?IWlas#u~i`GRbj@PPJArDZ&7sZ_KsUvl8I1!%M z-yFN_4j|gv|G1N~u?uMMBnMEC@6`6zE69j_CqL0sOb7J9fk3C2eTNoI6KBJAdWJM|MU>^P$&gqWe z>#5q-m?G|vNFKt zXQF?q)R>OX|JQE4KDSBIGP%EL7rft62<4t|T`EPwYub-KA9*&;T-WcqYni&o%lG8XBRnT)65QZd zfpy3HOTs}rX(<5K(hDkf2Drk%{QF1x#K=%}wmyG7N}_r32{|4AE8C>vO;y%>`6d$i z!%8w5X|nrmTyJO@L$$yOoo9-y^a$FiO%8F}g&JP}(f`pgfVa;sS>Py-%x(|k9CGVV zOiBs(^`DFpdv6V|A07_B&_x_hz?$lIKI-xyb`M9o9{dKoPvFaB7^Xm^O>>I&g4#YKouFh$Ov08ao-zoF) z5BQU6mA1(VvmsINK@I^hq0B#!BhdpsoB7b1lyVu_6{|a!)&*D~#{OkTLeKSc17L7T z&Oh2n&&xP_Od(DD0_>?P`T-TmCS)Xiq>y%sFWDPa@#PcTJ+lRU}1xMI3 zU{Fo}nG4HbrCX)fx~%_w(t#O~UxxA){Ic-8l5&5&0z&`PZ<8*7t8iCrFJ9B_a29Yvlqx2)N*G2)ddlaCa`C zQMvr2TIr%!Pu)1Sq}Y>9Wo&Ed(|C5m^39X1XDIeIf0Lrz?C$GZ4FP03Hh{b=BLc>D zGCuSir51GSd;Ib6qFetj&x!u@c(GJN{)50t zWUnMF)P=MU_JJL@g;he_3jGCM!N^>tRQ9{u`IZ z&10F%u;qzyy;Ppf*9xya41gVW**k)cM-7l)R}+E05rFxez)9 z%+Fw5YI-Taf-!X0&wg_v`5jXB529|yS=8qI`grK9B6IzR&H!@F)X@9Bk6p3o`;977 zA}^HP9R;OP)D~&cFjSV;(8Jb(CPu+wZpLa_r6U#Vv*ZsmItjBIaLHOOiUYAt-Uz3~ zm+SWd}oHK>y@->MQnsx4#&Z*)_{j&l3SNQgDLCWWXNs2hv{Ei|R}hA+4698CN_-No*~_ zk;6&M!#x?+#6qylRj|yZ!_Vz*7s9Vel8_RQ(4~)>6%_6?#nkRAx%DR>PGL;auD-K^6#(f)V z`2+2rEzCxl_&$?p9AK=vv_03Dmjwx#^~?nd)l;=Q!4gD#oz($-k?U8Sky z{XNCmuunMi>afT-W}k+tg003mkRDOIT(XBpg1OnEMwWVjdjwMC24)fjux39Mt$qnn zAhYz%&k9{nX>0`(xz@@N6%JBE6Hg!hXplA-bq2Ud;vibe;z*V9F5|d{VMJ9t}Yn64S)YwTlP7aXVSIaw|y(uDi^tj96aB%PII za2@^Aald^Dz#q{HlWDa^?hMcuI*kCa$GAyyxG{^<(fzA^?Y{AqT)0H{K;HGS>wAV>qyXAG(; z)oQrd_lk%f2?bWfe;ZtDfMV=T31Sm)m`4ViZ76!P;d@mdzWgj*>%H z)6VaSlj&dL)E^F9l^9R{IgD`uE=OBAfn~JZ{ZusGnydt=e_JTkM3Ne^keDKRwqlh> zZx+7{xQv&#uxUbMwc~~ABjk;gQkPLRN8SJQ#^|T7ob&d z*Ow^NEA+<++IWe}q{`vie{%RKFm7tW{7;%c&D<|0RmOlf zNaU)Yf%ZN+-mAc2% z7P}!(1xe9J#*A`4SNJdxBC#aAc&u&lJ@3;a;U{3HNPDvc-{hnyI;=op2X8?(P8`Qb zn`G)E8=zy{sIhh26{{%CZtTtY7*}#7L!%fYf$6^2MUQ~Pzb}J!YFXEX^g|PO_U+50 zCoC9za_Dm<$AVzpV%-3~cPcN~W5?d$y5r2(AF6XZ(jvz#<-X^>Z@G?D=9hjGm)0%6 zeTBqk5=vc$^Y4wm6z1rYI)NCj-)S`rymBaf+jt{S8p&dgiW~B5?QD{n9fq)hS!6JW zeV?8Kn#`X@h;8k}WgG^CIXy2Q6!5Fxt`iG{C%fEqIC0QeW3p^$K=gA-9g(}vfwK4p zj=UPsp6XQo+rBn>AC}o$x#fo4pqH}iD?iGS>uL=TI#q3#T9jV)pY{v*Tv{H7{@OF_ zJ0?6H#%muU2G4<7eLJmO(K}7&MN&Vh+zD75?SHCQ7(9Q6OF?{4_R_Y1A1<>q`hMig zfQph}`zAenP!F1RTfQ8JF5&Um|Js_~a2fKv)cRAv_<{=;L%_0x2!%f_xs9_aM#i4} zgR^-*E+k+HCbK;)R^IsBQc)NuMgqh$H9YA7OEjzTo4+wv90ugJzwhOMQIkv;wk_+u zlNP^8UwN#0yGB24bmz^F*~z67_@(PRtFh<+gLb@&w~SlkNP9yAkzmO~Pwwf{)5N0J z((O7&PZ(OPYizFQ=BhP3N@I;ft21@t56x#BsNnV;TlLypMLIkeb9*UfRnZHWk-V|B zN|()o&p#yxV~$S#d@Z_xnuO`j^8CSPwQK847So5!L{g+&uAB>6RIp0pY=K*lpq(?O z;dPvCd2~etoF%dCYYC&*|E{>#(a7Nsx2Bmw6*g+5DE#skLyyY6o4VDpj7$o_b%*XQ z)ev$XZjMVdK^h*}SBym(LPxj4ACCGl1*=AkYHb{UUH=Bq*Zz!z13-pnI~lVBdUJkf zv*b+h>a$H@f!D z@8p*>4^gIM3t6$n($>u{9Q-8m+pNQ}=zaWEt6!2Ekvoq}Hya_XhG&R%or&XhfZFQW zvm-oD&H#1r(baKCV?JP;woC8%T>`W}18TpS_f?Zos^c;0W1M?+6J&Wd>3Ao8Z2JBv znasr4iFYaopTDcLcPMgKD1^>NRfy8*p!WebaJl;VTo8UgYcqWkUOgENY2w~_Y`VD( z`4UF{e`Q^HJe1r2AIcTJT|z0Pgi-QEx|rxzQk1b&Q_NVWR8&H^l--boD9c#ORuZ#F zVXR{bQPyi2%QQ0AQiN<_Fn;HGM!ov}?)>48$8*m4?B_h^JkR@0^1cQTr2aE1{{V3S zq(USQzd6dt{`lJ3_mR&$3|CdVl;dOb@h_uK1zE9J?N zSgo1y@e$SdR#QY^DTMZ+s__(Q#1fLSUcA)fLE~^ey(K_6Y`!PB=M;;-^Zf*^ay#_) z``giDc>HCBpzH7B1Z&#b`oAdi>1wv2GE(9BOg4C&>a$dNb_&1p4ETcnpo*k}9e90k zh1&pxDAFH^2f<)dfMJ<7KP#8n6;ER@@0SY%*24ig^jpcLxbw%4OdTo;vImb)LZ^X+ zupKHJs&Gk17DB$IRaWv=h|4xv(fDrTl20c#Zqa?3?xJ^;2g$p`*=zsGBRWCf2e{W{ zkIGzbs~Jjd)7ld4$Xgn%WtC8mUG= z>d)=l0GJ}520usfVFAJ0UmGw0$0YkT})n|wO0pe@J>L5ysx9<)yY@o ztF46FmsN)+KFM@&qG^bObl&*as)JB(EgS}<=#{J2+SR-w8~Q6{dLNYwY(H(^n!1Pk z&mG#mvjHy(4)#q5VmF^n2$JRB4o(EmiNG=VGKS=Au`C4_4>)_STIR2N-X5`7xDU{#_U-atY#NL%MLZUTwqXv>we76IR(kpue+4YEWmEJ7 zz@kVAIfJs(N>Ob;o zF#**i9n*RO5%>bm00^-E2V;RwJ8HIY?c)*0K`vO((hN3U?t(yO25AAwJBv8o$n$$G zpFb#H?V553jd)S9-7l}%*o{5{AhWnLmP0Ctp-s?{9z==#gK42N$#JB7rnTZt=*xjG0Uf;8*!ZU6E4K^hI{6So|ANKWc%bZT z^)33#hLeKx^P=z1nZ})hUQZ zh{=?Mm|{YkXac&K4ivHO+HEq*aBS3!`y}% z|Dckn-%&y^pQ>WxK`mtMj*aRX3CdBshvz!W-l7kOoUiU{0A~;GHFer?w72qU4r<31 z>w8_eR^Ffa5W+C@{jZ%R*A@^mqHe4PSB|A<-gUUBXP%_QXcDbFOg?^#(8Vd|0GZqC&zYfUojb|YO}FD(;YLL=YMS1%+#A2MXOHy zi2p>&5|L)e@e#c5uj($A9SVR)U%{CRiL*`;A-ivGUd`f}%cakt&IB(U*0#9NQZ}}9 z8|YL;>^qTkmDT zsR;Ck1MZW=){wL{d;6a2Z)Tqb6ocJYCM*~cL4OffX~&5on$QsJonb&Z&+H0nu{Cjy4Nyg z*N1*WbyB1H;oE%^E-Oaf*AWQIf0DjwEK_z zR^q@G##0&pHBiV4l7ic>r6dt&JlhE!&R$!+MAnHAepOJozLQXW7VPJ6FMzpFUj2)O z6Sefl3DsdI{MsicC0|G)3j)8|@tuUrM~(twY5N21$;6ur*U=3At7 zJ|%1C$%0j!)3m@vr1(N5GMaz$I?sn4JpZMCYD&~B@E;&o%X2uPyB`_0XFdmu({7Nf z%Xri`@Y=$FG(xwZE%MUah}ojBZp8XC`WA5Dy4VXsMBZmvFfGckqx?B&A3p@} z_a?nejyWI@RS?vrD%47Mr#v)TL@m*KcbG_<+}wAyCF?12#xt;}Pn+g1Oal8K<=2uM z`jgc50@9E}@U#FmOplB%JxUqKipsmlem_sJ-Uq}Gu6o!TL2qMJe(s?Ysz>cG9xI3L zx&s^2Y0UY)<5^{ZLuSV!f3B_g!oW|l@Ba|nm1D2M!GJV#1(WgYX_4;wtUKLkFP{k& zkO_fkVB|vag{c_d!-mFeYCMlg4slNQx%1iaI{<+{kx+ zNPs7p0EYkAh(P25zLP>UGvEvc&88+@ohVQR7a>Ytux^)g&GM&-W5;|zM-d&+3vD1# zKUQowsiu#-MKK(nAVM+#q}z+eZ13n4r0a02ERUfGAz(1}y}%zErtEQ4Tq->>k#)Ra zdX7+c6co|CQ(3n{fB{QgIbW;OS`sTxJprzI$cNXBG-Gqq6wKM43OtT0gyhDY{tk}K z*xj5_3h)IU(66ZK?rcN3U+2mPN0K$ zg?K*#L(85o>zp=cqo3vhebzAI3=zOLtxJF&>g*xw%!7lna6>DTsj9Zkej9?9jZ+Fw z9oqvO8pZPrJ{A{NW)M^Occ~a;9)w#s{^f~Z zYmZp4M*ul&EKZm^V(<9eV=tr+Vn`BhGy1kUrr1p;5Y}?Lpf8`M zd6?BrTc*$r8$dw=e%j!4{faoFB^0oWTZ{7YQ~IG=dTw;F1qubW$R8$3p(rA7+RA31 z`Iy>0rLzYJVm!9;QvwaJWT;bcj&CSLp)Q1xE*$9ba>bhDJnjyGhj@Geiu(m}j^u0S zn~IE0wx4*clw*Nv={KW`iN-mym332R#`WO48j#e|t0xYb32>|Cy�?xM%2vm6T9MHJ~e-6N0PQ(d&YEYk=pEy0#r|mY}T5y%F zQsNrKAeDwxpaI8tW7uzDgCgA(mpSZ-Ne{^_6%% zOvK}!lJn;aeosDkLpfT9*%|-g2P)kY``a|E>z$UR(YxoAa4W-Gb50ck)LOhd)C%xs)u2VF06bIee(e$9#x$z9c`o zBssB@cs<`jwMZ8UJM%eFf)sjXy0DN~B+X;-&MlXTs3PJB%1~Jd)EN{}vASm_@Ak%E zIJc>5;Jaga+x+xTzg@GNe-lY8(z0b)5=feUD*O!m1+bC=rZ!#F`>^dw3>r3diFy*L zeSo{1iFu~KkLNIjRGf^{Gfi4v9i^NST18xR6y6Lq>6bwSy8GYZBCzoM{B7KR}E8XQLu$bTex ze8yv1v#6fIR(Dlyw`6^=GBo~#wqtA&hZr$IgTuQQ{_t%?!x|4U=*0>kS)C$af^Bw31uB2o>6+ky1KOJ+ZGB- z^M;+CPUZ30F@#__w>#MBC)G;bE-LO=mhEi&;0B=aZ-n7eyOc^+3&C5*mxqQ+-(=O)h`*Bfjf|& zx$dGvI{Dr@AR8woNV8XX_ia(`1NRZM^7UePZv1<(c5D`B=iv{?sR0e|1-m*cWZ2eF zo;r_5kmfWjtagKTz8p2CHr!y{le6Naeq}hWC7cYkM{ zv-er+{E?MB$;#X_^UO0d_wTwUR#RO81C)l`7Z1Y z&O=*48qhFFegL}w+JM!-06=3h+7kp3c8%hyXy^d|VD|re!411qzXt#y`AV{2T_4kv zZ)h15Z*yc+PdD9oB(MtnLN&(=&1JhiUq&cNdQIwb>K6K9he$;=y^_`UHIxLVVEbls+ zyMJ9U>?;1|u-LHj_I0nu1op$J+uivV5={j5a!J)ATLd;O0y8rjjck;r=Bc`K=Ru{z z=Wh#E5!lk;4*!n7lcKlB%R9W%pwbfd2<+UlKjD{Y3@UzC`xoEN0?#V4P4jpxksOJQ zuWHSn?N8S_nBf*p{W`M=S!0_R5pGNx~}DREOT7%^wfMj-|E)_Wrv=Z1aQJbomjMk{V*78XFrF` zzup(WE_2*SmD&~MyP{c)$C?8%_w9ApFf=>R_@}l=Z7#M4_XqX6FEb(iQH=`B;QK_u zUm&uBjbYVdiFHC8z4oga6~nDM;w&h<(Gab*QWNwtD(GRhxJiw3kTIp~>6iamWT;#< z71zCg@J57?Ux|o40ZR!qo68JSgJ(XM$ThQ2)Y}4wwWqWlUw{a1t~@`dsK!gzi+`I? zGt{XG(;FeOLB2Ou)0xbIqP$MiSCG}42KhHV^A7#i+NSYCBq(4Uo?V(k)T1usZ4Lv~ z>)r5k^O%Ux(Rf-3bR7dM(oNn==JIu`&S2LUH+=*@g%F5@C|%LO%o#yFp#vC5u&+a4 z=nuNvitYdb-4Tgx+P@No)sq_i6^Dm%pOdzu^s%V`ZnGFNy+67Wxl5^sxntj9n}*|t z)N0mrI7=P#>~V zJPSaMU#K@4Mol@6!J*qeOtPD;6t1;jS)b1S{$w@q(BZN7a;X13ZV|gorQ^71tYCf` z`r$ykJlia&L&tu6B$ZC99nz0fzG&=$QMSh_e$1_-T3JBh~ZOfMb-&LGy<0?VVcSnVy@+GBt30?^X{}pUM z{z!^15OC)zK7qFmlA(;MR{uyzb=QLo1@+@csIR?3%;6wh2GAbL{Oo?J<>S@1DMJN? z$aUK`G~b@Y9EYqqC8P}9B0^^UUars94`u5ZB<)1~CuE0@8gie^Ok$GY?ZD=ocnIrd zKvJ*!%gvjlW>@0Il>p~Y#=^x?$%>vN+h?l$MRI9fT7g9N*#Suzr6F?hgl~ORkS;Ek zZHhf};R6ggLiDXI=RdujjI;BW8ERQHeO&XH+G?8mfkD$*^mj^<>LB=eF__0F6xO?e zkE6AX9(r(-Oa<h*%^6(SvRf%STh z^+ly>HM$iCzmH$5W$rbX-ZeRKY0~v6nI=?#6K)>HjfBz z5|&JN8&QR3ziLUN909UQD(4}hP?N+P0U#N}3oWrR&>*b7WLghrI|ra9ZNjM&!lh#V zUTU5u@>A-rcE&W0d58~)XWUe~FRpH!#Y8teQ978H=D=_bY(*1Mt%aWviA^i>KhrRwbPReaa-cLQ zm4;9IKNtVzUJ_}rA&7=IBCH8p`aK8{_P-HqzsIsbzcsz5j>-PEDX%PS+TQTm8`^K~ zURPbt+auG8h9Eb`C6AJmVU6z|{ek%=rsO!NqtY>!{p(X__dA`>{&}lGUu3`I2L1jQ zI|+`MG5GHV#TSU<(z>+K2YgtN0UkgovE};}Zs$N-GN+&asj0#k)#Azb$9r*3yuX`l z{@E_hUL-$p{EcSh+W*;aShn-~mtpt)U6PAL_qx^0 z-BmHh^YT2NF=G|E5tW@yIl2;q+n8+N=49ujzkhqbZk$n;j=-_={e{lS*R+7!zy9v8 zeg&e-l+L|4sl3_}VT8%_srw*Cy5rKtZnnH)Tii=dKT;wxL(^A zzn*1&BTVgGT^5)Svoj>?>TB>VAm&qi@dsTI%dG zp~7f%cfIiL6wX4)GS31o8>byx1`zl4!-qM(+%4|ie*IFh{Iu;r zMII|XwjF+KqMzJ$T!awaeZSP|GarzK4?t<6H{90odgyZ`y+%(84Lrm!19Y=0@*dTR z;a+i`cCzv0%Zs1q>))1jJ*@@2oMWky#7MLCBCFaTKNHzd+AzG{^qp3J!935zMx!5{ z;Z9?aPrls@y=shm)FuXy1b`IHIY&Czw$E05>pbT>4;XlCx|C3eGX_5-&cz-MLYCHSH5iw^`N z{nH65C78}oJ&fHAoGV?!c#W~S>T5Ni{KeY2bQn3*^fafoP=>?YOll<7oAe0P^)BKTVB3TA*1rxN znR!2GQ!p=1=v(LX=(|ng=?RkN1k>)~!yaHo?!~V8E0@@qox?s?;npcCAIn5zZfVpN zU{5;IL!PM_x(msMf*w6>`1u^4?Sp=`TzN{>0g;?Y;l%xKK4d9C_2!flTo%bI_oU91 zv~@pXt3-NO+0*z;8w*Gw~3Dp%bf z;RCer5IcZ5eYRiNgtk{(#e?y`Un@q`pVRRK9Ni0kX?8?DKM z@a0M0r;-{hqp$E?4rhEfJE@C`!g%$sY`&B$K`)o+9!WtmEQecwwV9N5+N=Cp8~zN` zq=;c8?#$ITsqIoEosYzA#=XehKLcY(MqYeGY)A|OIE_?4T=qP zy0v70Y4Y~dX#1E1&^(ES5|`gm0sg4x3~FRGERtT4Ugt*$-&t0){LVMQG5vhNm6er% z{-yy|GTT9ozrzQTLH)2fge%akv-wh*8H6>9eK23EFWmq6SP)mxcuf`q2edl;6#$%+ z9&a6$pLU-dX{!R5%}6i?X(v`qLj_c{fmWy>DduTBhF!8OTwP215*k=9ko|d?6@m4F znEvAi9)sBPfFp4fN{r@PMFhH#qqGt$QhqSCbvcp=peMu7Rjjz#Q zZwAfT9Fp;eQt{c*MVfK*Z&IjY2**?JibdKTQ#r4NkB+;`5ua9x(j5?R_u}XgzzeBm zP$7{zN5cO|8&B)}%l>6<)6ErGZju&N2<%gY8zN#2luai!Mr!ZIBDE5y35gvqabL5* zBCO>6L=aZkMv1c+j3pe;omK>2@L|Tde@dQi7f?4&m5O#{xcqLo6VICuk&F&5RAZb zgaQZeL~QVz%*{k0rQT%wrK5YAQH(J{C9;H)8S5~jeXznE)s@c5+925=-k2W9T=fQa zd-b;|yEu_Y3?p#vK;RCNfwn|uW&}NkA9dIRcC?`!7ztndFy+O$B2^+?!xYU`?CuO8 z7htN`1-20L&+*^SOIew*HkB>I9P86pCe?bLZ+vpccj?!cx5FRZ_u*_-i~fpa-kcQuJg-@;~msGmv4J7Kyf)4*m3$$wqxkE z3Un&r#*RZ*@OrWe8g}=uM24N$@z$ z)$3|^v1j8*DAYxBGvobG(UnI2j3*OPPp3f=dJ;2IiLXtoG^$kLecoD3f zyl>d^;?`MgO(l`um?3!^nsGM?Kdxq5@S4A~Ezp^S={rh7MJjp!8^UdR_gpDxw%*^T z`8^*Ms0*8=KAQ5?_ODQd*ei7 zE&ZPavqW@5Sh83qmG~K!HDf-TyxlgBaK!EG&9dYSLUZS@XblB@U8t$x2dqOK8en;p ziLbIv$kE1AvPL0yGZ`a_ls<6xSD?STFhi%Ea+o{2XRh|kU9Bh9uSR7-Wd*E09%lv4 z?jR&*lQ9aXR2;^F6iSe5yw0gTtA=ot`DWN-Cf*cfBw9J!p}WYs-0g`(%$K!q1Y?E@ zA8_0I2i@d_oPTY^C9@Hbgqv!fwx;!y!or7#qV-*rX5DsOXnOl;2HA}HE4rl)R}?Ws znLM?*1Y|RmrHAyH273+DdDlDt3LYVdO#o}KcpC{@yYmI4R(%j4ZgC8-y50G1FgE*> ztpTtNUzQH7e+eW#yGEB$g{=GNH zgAP;98{hczNaz=CCB?4@AI2V0j@FlIWGah9$Yoe3<&IabC|eEgA)S!Digm%a+CNu` zhM!K*UK3-|r>HPYz>dkUkMB4c80+OEjRFsB%A!NN&C2~yrN;V)G0MlO)A+fL$pr%y z4_Ap4c33v&uo5W5eYpiAN?M(Ex;}HPyKS!T7u9)*4@z>qZP-p9Y~w;F2a}@_gIw8p zhEz$y@OwEsmB49i|)iT~5rq9IxZOBQ$(

1(0@OswuI;^({Ao6 z1E?+bxncHCj1cd`EMZjXsg8Ayt8{xGOxjblDpfNsy}aafhz=zpG8Sg=WrCX)Jsi*R zJl*$@G3TE|-Fy{?d zob3Fty(yo4EljGh6;(M!0wD_|)s2uvGCnIJqosCZuIH0{TM`7S1T@WmJTiUHwJA|e%oecklJ3#8sp9o(p~mO>~4i$g>iKm>0VtlfK2}N4t`Wy<|*tjqC6Yu8lk%HP`L+?tr3x2y3CH zDTk&f`z8%kX% zf+voZdG(}ScK$JUNtM(CZzT9A+Y*UPM4h(wY%WN-eX7YMh*L5qED)~Z>%r}|5s^JN zZ>|$vw2aPManqoy$`aenG&WtTIR{Y^uz`2&2`_525ywYx+jA3h(@+-xY+T_(Xr%&^C&;qpOyeI_xC1t0U5_ z$U%<2mK#MBsh@n7+q6Pz2s4QSy#C~7tL6k;a<8$KOvuzbeSOh!mH3KIyuejQd`vbb zhuM>owPW}z9W0$fn{a4zABFDC6aNzmuW-QfC+)AK-qQo8M1X|#h>nOd5u%mxtq(?l zt28~ospY-FM|qxWO}O?=8J>3YV;{COYC0hWxOSZ8vFie?r10cY#?w|I#G4V5S_Gw7 zk?0-67-YeWfXyf{gBY`^f&c$1vB$x}2;( z0;JE#o!(3d;Kb7vQ@A9Z5-bTm#UKNWLofw#`=!U-)B$&O;-ZJ~lQ1gOTg7Rv+0JP; zj;U?MMEcT;oxmB>@!dN9F|K4UnO2#6BXbm)vV`B3d9yOJWQwl;CJwBT$QvHDTo22K zQgKh3TbCJ0GoIl4`HEFvOds#rpYf6|UQ*}B^OMC8CbBS0S|JA0+)9d{Bow@LRPU^n zgzx-(cdB0s&RP$+?Jm{$1G z^FL!qLUZKesM{e|JKMCDj9Av9ws=Mm2)}C|vQfe7Ma@1D1&TlDaa&^|rZz@w(?9x* ze;)A7tvaR`l@BWs?5GLi>qnJNmQ>~H*%67BY6uEI#HHpe_Wc2r0QL+D2+w|T{~<8D8*7s+J@IcPn*8KjiEj1v)tgb(h(#`mGZ=3pxQb4N|J2+n*r{2gO@C17?dAorernt zQX(Irq$yP&VmL8IL3LsaFDTWNYXcV(Ue-VH%WMv@{CDakpL^s%@!BEIu2DsPt}i5nqJ)<{ zoK&@<85gtn$CAl0j%f!Q-PqC~EpZs@f>FHx!F%zTJ-J*ovU@+(HM8*Ibm`GwLHo8b z?owm}yS3Ef%-+=~T5XC<(&Qd|fiQWdurD?7opu;6*$lN}2HkX2alO%U$&Tl$cdBxi zAG3ZbJ@arUs~fi@o2;-Bl)OFQS50wI9NmsBzBc;kOm1}%GhjHZ#$)+h2wR_CHX&WE zhC2rX6=9}|E5Nu08>KLJEB###(^Bs~bH)wdNSxmgkxU(aG~1^bv{AiPK~S?a;4rig z5CmE8lK~s2R{IxFTNrDRq!E;rjL-O7*Nz=rnM@E~elihh?ntN|^iqPfaE=dDs!%0Hbp6Zqd58~;ctc3Nj;WY^| zqLVo)QvH`^+m9GrYp~~JHrbsG{fl7fgh4D4!~=D-Z&(+{p&Y2k-LIH62i)}%J+x=> zQVpr4KcxIrM&6)JQpRuB*ow8ft4$M9)5o_*NMB|EoS2pb^$yjl-x^dor$x!0~m1MamFUGq&y6Ae2Gvwo4)Q(z^9=jS;z>%5)-~}dJRTv7Q z?R^<8WCKr@X{hpOC;>(g&{7_Xq(@gKCMM2^Y#kh$uck|7viK2LgbM&pJQGxV>m9#f z^kQmFXx`AbcMkiY0)GVbNm`kim-w6iZ6(C8yiOzBU`N#fq~p%+ROK{U^nm;alY5h$ z&tSib+W8|;fY^mbe=fYrK)F9d!;HIM+YcE%3%fzO-(_MMG&+sU52Q%mU$X}M#=R}Moe9ox{zz27I z7Rvp~%q)O@b0cfO#w1+uO|pwnZRytitMIyEO9D&Jc_z*eT1GuBoPCz*tO~tcHd41$ zmi#e^IcSB%2cQS4O6;;8hv^TTwn8JDAH`K6Qs2hkDUT!CQX^i0NVDGUhP0nZH^UOm zxfHAnpt%$eUrrM+2X3i=hnLmsbW^JRTr=|r^(7c0;*v_k!5AWf0rf8Hn1Cn zrZpRB?SMA>rhJlJ#e#{M<|cF6(0mx}qjV*`GjH2un!g4LJ%y53)I;=LF0D#Fk_vjQ z#x!Qrg7teCmpCjfqRsSO^et~?*34;EmLq)cP&g}A^Q{1_X8GVYmH>BawK0x7v=xL} zPl{2#Aid`L@P`+ZpS=7Jqw0j{xOtr104qYPlsOr=wenxn%Ka?u6z&8v&mKW02sI?k zU-DF!!&>lKl8BuM!C9=3j$$?3dTg#fBwIYr2@E0S8#g%^Sl6g95IzD(qS28^7))kF znN?NxCwh)bd51|KagF85Oq0}rI~5zGcIeG8>~n;UXqyS^nf8kMDo>%M~qJmcfXk;dVduyI=kGIpVMb9@Udl|3AaNxd+?56fk@)3VX9VX^5`Oj`*_7 z^iza~^DJ~!u`vc|HY7uM*Os>~qdW2j8(k6IVGmt$?ef9EzOb5XA# zAs|=v$GC)>S0*5>qRiycX?IlF>qubu0kvf&(=0W3Fdn0n3caLebn5czE!1$buQ$3w zl&Kl*<5^U4DiSkxfoj|p5U-*f4+SmzF_%e*=FMR5Tnqy~I5HQ?PR0=r3Cu7MWlkXF zc<+Fw!#f8XJ1Gn!eG~x4zi8G7+i&TX)aPu~3mJxsq%rc-I8>@%m#}Cz5knZb+4-TI zGd}b98g{SZRu++sS*(Lrq`up#XD4GsmzOscV2T_FE6>lIq5#Ofw#=w~-5K70xuxO? zk=VB$Z@kK=VmY6}&$I*+kcq=m5%QU4i5hzE#1Njjth*+q)yroOGMiDX z36NHx4sFJM6kumv%xwO>ssqR*SLp(_Bg`zJ%!m)7*N#8fCbBdQ&b^+XN%@knH(s_Y z$IVS+>uii*?D=o(2a9lR?C%{gS@%<8qjLAtBOW_^BusU}*<^JilS{pqSHq4WVJW#h zfR9iIvyaIUY&Y>Ak=;{g7r_Ty=Rq-8iwBZ${ZLCOxMHE6sSgwK2cZba)s)f@lIewn zU^{tnnx2)Z>*zUV-f&vF5&3uV;K0gmExbE$x`6f`4dtW~>OYd_gKFGw!8fxcxt2nb znY$auy*84&{kL?oL<~kt4d~rjS-yQ%K(t{%3i&TF)nm57nU~VwIg^Sd8Ho6ONvWmz z2fp04FXl*r!Hu7WHUNTcUCO=5I#@D2L&~t^`&~iNs#j=_8cFG&z{7;0!nj z1hpBvoty^eBVtOpEkeutMgFaII4f>@v}p`NyjtQkU;ULs>ME4B4;f_Xtlrh(gqTlN zNCT8HSpI+EXV~ zV5DlO0m8QJ@1fm@IT8tTJi)!4x{egs;-N8S1zt<}YBCLQaAxXAU7VniMzxH{Nr$+L zSRRu3GMqLZxrY?U5r-yYXXJweR%60=&EKYtqk;<w=hKfUOx( z$pnN{SE;t&;6XQ?cW6|f!Y%;~e2gOtA~ov}h`q8o8eBE92ciBuY}HSYi~!&A0vaHS ztaWQ9Z1unk(%`^|IYiN#jv_%)*=DtJnpFYhiD~i2(E2w=T>R^D9jhhA90=mhj zF;BA00<4Fflx@mD3~=l!bi=y)mf|1G$Vs{d%)J#^2U9P9exW_Y&`~T&r_NV-l2`## zv*W{9I=(K>QWhgiZa0Wk&MCuCZH{S|zSn*8@>(|V=ACY30qZ9%mC*uT{aR})t>PSk zLp|0SldLgNG2Ma;aYpQK23ERA;C@I9z2+beh)$fDEG_Rml@k3`a~~RmDn&`5ttk2r zo672!{U0iI4CUj^i9`IWsE8d$MMcGK*oHu7r%4}-P{9z4#aXww8H~c!s751`Mi+HhLh?05cll^9+e+zh<8p^4_A%_N4Zv(8o3NMvm5GtsI9RbsewH|4y~b( z^8>c*dtyy8l>seY$K#L=G)B{>8WOQNGzn2W1o%%)kQ-t26qfu2Zq4fu1qBge@t2V(uQfH4c~o)9Cr}BQyHaJdAnqC*@=}uNox%{O zU-j;Do4#NNtsDNhkjDU`zIrZqGfu-;+DrIDPp(!>K5kYFJNItJem6&^dp!5CTpV1T z^K}vmsF$fo+qD1YzLSmkgbX-!)Pkd%SHSgmeEr^9Mn3PE$zk) zXmP*yktDadJ2{#<_1U`3*W+A9CEH~dJ1EeqqigEP`C;XPF~;F{(Kzvs;Od|bqehsc zBMa6$hgEHcJ5V+;4^tzx@z>2Fez4H|)%Hj|?cqw-0r(a;=)x*C%?`8v$*&eC9?4%ZGK_E9 z3dgn|7m=q_1nUwQV|q$T1MNP*eS;aqKHp(wBfuoLpw`aswMG;=>Lf#Gk1DUfmsFR<(o4#8nN)Uc7bF;OX8|dYjaB7dI z5@GE`cQkDKY-jT(!EH7Q$N(f0*$Lm#$d@D}>pR4Q#)f|L?*2v<@5*6#o{P6!DH#u= z^8?LXqLjO5Cr&Mub#&41HiB(b_$;}P)_yimk_2Afe_ZCpoJ+xZ&TAEozS0M8kYNfI zw3u(hC=QjVXAFzwP%fQyvE&U*oG8J>>U*io`s0n|W_PVB;k&eH@V>TqW4Ux*(tjJ= zZ2|W4!%D@F01H5~iWkUlNTap_`VpL^cN!Mg2Lk!|k`6U4&VG57wA=?4-~_;Ewxu6H zbLSvf0&}P{+q>5az6C}$_?UqfpewAx0)b$1B5=<)zgt_;4??bd@ScTk7eHN!`zIcJ z`Ya0$c6%6#kH}`HAprXRB1oU={6IT;>*x~Xt$}v*Q4~#55-qa(6P#$6iOK7w=t$pB zY+CCg{xp*wWXfpw4UOmS{*9@JbJ-8Q>nMw?IXUTi6#k4u4) zdk=cey-ZbmC_g0+4XA`yE)D#F7Y&T;e+ju$gAn2!dLvUl^7QRwpD zAy)!f-^t$ZFULu6;SUDC`MEQ!Y0CCS8I102k9uD8($x{M>+jal%JZ`ANtDZ{OO{_oGmRLh}+8Up$sbUmuB0InWBY zA((Y$p|K)8qxdtk zDdD^Su0Oq6ami~fq+JueEZSYW$CB-W7*xzNQH@&PE!@o6V45J^SYvel zg8Z$HkkC9<7LUQ^g#yU-Rs~qbw)L0b)sgnyh2Qtq^Y$7O#^Ku)z^`6~uDc$GG)Ul3 z0gkRHEonwi-pj{&R9zND=eh6oj^qTwyoG~9N_?B8?Yxce4_r26VLf5}6Gy=6BNdfw z8Vr+r<{o}+C!Iz_@?QEZ-t}$N+*5UbtpvT*DF%}-NmQL4-G89XPOSwGMgmivC(uOg zunVM%Of36Uy$1yAmyf7qm*x{tqmwnS9oC*l48CJ20Emduc{soN9m1r~{z5t;hAKU3aQq11xlG8XS8#lGNXpT{1?Nz-NGyL928S6?=#~O`MCZBTmO8EQ;p(o?0RjZ~nedVEz>UAA=gX4Nsy(MhGXqW7< zlUD;;82h++-)vIUQoi1{7_TgwOS;hw8A+}cY!7MT2sbIWE{WW^g+@LinaVXRrWc}bNO#FOtu?m(LBD_!E&w+ zI`%<7xGF*SsZr4EDHN5FiSCwOUpNfwGAMqS|SwG0sQpoMt>@~Ohtxxn&(N=?DE1txVga4&`9r?`yDU~t3B!P7_&na|| zGR22qu&S&}3RD78P$wQ>3i`@XoAysjP-cnuy;_c)&g@jrF=~qlL+cx*jbkPW9{U${4dcbhXSX;m^^5=t`raW;Oyz5>PUky!@VIit+U!!EhYeCM=0MDE}cyo?c zE*rKYgxE8N#j2@lBz)eY==;^;bF#eOh=nF+y`@GkP2kcWjxsyC1j0{ch^bHDmq3p{ zFWKCsB9qcB@dLX@pdl80aOR^i#~UUe-i%7S&G@rZ(-Rz?t;wcYLB!OHV;LeXb@r?4 z2TaKeNqz)vq}NiS*Q(jKcWiQC!Ef089d29;VfO6;)|kLH&?GiVQfju&FT+($(pKYe z)4VHtiiB0DC&oV4y07FOPrSCaSH_4&UmVa8w;IIlEDP+auoS|vmuskE7_&|6{7V8Q zq-c4mt*N-k<)BmyEGY%5VNY+7bk$Mvz z9Yv?+(SP7k7Ckj5^WiV$cRj7#L&R9O5RYGXMKg>^BnyoqXDsP$lgxYb@XkIk--Ix< zI_mJ7P!A{f8Gp;AEs%=y1Rf@lt?o!9Fo-@dUpG`&80~E)pGVp@HYzofLrIc3rwLf z#!5*jq~g&E@0ft}>(!e#TPX9AJ#b@$-zJVQ9wP~%E@GI^NKwfW0jd*X&b?K6kkox; zZmBmA$J4uy*_kS>%k99?VV0!aX53rHE`DRCce^j z%`LvS4om$9>{$v~AqKi_(+pQpE&1$g{>bShUrVXSoQ7|WpSZt$=`Mc~{Piq2?sP~} zA|ZQx_6l37YlB&^d-Q*z2_<}1H%2Jg%zkMfgvl1rv3r~VNT^8YpBjx3Vv8t+^6q3H zRv1)GYue_Ti%geGk*o&T?PBOpsb1v&`^5aUu@v+9R3X!}z>xR0SV1<+SNYYKUggzS z_I;M)^BxXNg-}TNe;STaN6Qdg|EK^cP=6|Y!ON%+OO1=z`uLG%6wV1d`*YY;$yzC+ z?7DQ}TI zsH{H|{O~?8?kny-oZEiUqFr8J`-lniYKujZ^Rs`5(!YpgL#1u`LYp~Cfbj1tcTGenJ@6i+;O-? zTc*{_xHZDhZFZ%M)nY(Zv3*nSxEcBXbPfO|c6mcuwSNE=$`fL{vX$#BQAkVR5@9wf z95u?Pu$tZqK6aIV)Z%*f2(39}IHKLE?6j1!K-NNYB*Orbwyn5q?hzsYvxuouHfqxv zC>li5tJsqsp*?0sL`Ql?a4P{=>3inmQJQ|De%a2$Y#j`y@2#jHU#KdQkUQRBz*dgT zgCM@Sl%4LXZbS4TN7rLx5XyP@eTld2AEy)uTlK+E%`X_1m4jp@ zKshNM%IL3)We{y)%h>|AQ;mO|5ptk5Tabwspr%O+5EuZ4f8wR) zdOX_)AT=YQF2h6evlg%!Ep_0h7suj$R2XT91Q&%i4=QN7;oT zc_J{gq~kPq_u{M6C$%7yRpPCFLJ4?Fhgcav`iHv5k+jZI{!3Ccze+&Y!jB4={j=u_ zof{Fljs$vhE%_rNF8t@B9(+G81HddY5@cI<$MMhEKXsJ1(|eChy@q_RWJts zDH!)*qkwKTIK+%u64%;6wx+`NlQJ!toFY5TdwMUBg0LX0rk(Cte&_gRtEmf?n;^x; z5y6za-VA;_AS_6plbv1ct}Z_I^?MfO?cGV3fD$tC$9#5#s_MC&xh4C1jz$d}2;RLE za;JRBQ{!f5EcgliiEulraLyi6StP3iVR?yQR0NH6x)t>c%5nAjlZcAA59*+!NEL?p zEZ`iJk)O;hhgdm6iy;*#)sJY!io}vB3xUJS3T0P;Hj#X>`<=WjX?z6p4Zm%hbk#d8 zp)Mg_2{{BS2h{MySA&s-wcMxH-(eWaLkWS455MlSa{oUqubC;0BSE zg7f7k;96#522V@SWI4BRgyPLGSRkSc)QMuL|G;*dUH-A%K+vXfI15a3QL3XD3)^;O zq{hb3lQQDeLCqhl7&(L!brXu^130l=5WzLzvR@-^W&@A@q?MczbdFa91!~EhU*T9A zs*h$q0^_wEvM@%$C*@-dMp(-3zz65zryd<7+vaJ-EMfw}P>}?o6Uy2W_$IKD=}1)- zpr}b|RV-FDnZ_!d7bIXU3JizBJ8?=Yy~HG^J+_w__vpw!rGwH8%X?Ynp?r38%wE7J z87)k&ES5tLf=cEH9Ci!e$&p%ELA>TR*pb{h?l@4`T!{o7<$HRN9}Slv9;p0bYd~0o zMaD}PJU73CMk;V3*I!JE)>I%Gjx*0m>=+F*m$x7?P&jXfz}?P{ifHA#i_?$F>oo1M40ZD>j8g0g<4w&&deiW zj2&Vh|KwF?NXj4a**<((*QU{3(u#suVu3wTOslO3e)$bUra0n1ySQUU*5hRi2_u&^ zonhvX)t5f}k^=c6p&iV#%)9)*bo?+44% z`LL^ni&};qKXL9UFKTCCRc;$05JSf4Towh2z<^(#rP!zI4$bIk9km8>>?Qoy5gu@n z&y{0#honuH zaR#Qg#iz^QbkG1={8AjXZLYkUIjMjW-eEB{T9x86n3fIBn9Xz*g7NOLgXW(o!DDnN zbAcyr_H^|4QM5~IU}ze8G7(~1~-QX|Mempp<19^mrO@mG|Lcp2y;B; z^;lSuik z2;G+nw|5&urAcTn`yVs6EGtZ#*aT|z{HQ1?>jA}B1DxQ{7v?yJg$*<8az?M;sP&aaa&=O-BFQ38Ld{ z&uPJZPa$^2kDsIm=&Y2(v|$=U#g_c2eEH`-Cl-taJop^$1Vui|IvG0TJBm^Y?@62w zRE7)qeP6(I2P{!Wy>z53vlfW}pg$)8d`=%oPTHUseRH)%WvwIaS7Sswf>y|Uglib{ z=5O2`dwfO0C_1Zte#Sx+tg2Yv>_B~%f7E}Wu>B*;ITV_NJ%`}>pt$*;3e+joaa6+8 z6VMlkd8*5RCk43GEB0~kK|23D2b+^1%&$bO8gH90dz6Jb;IR)%*r5p0RJVa0FZetl z?qz}rYd+mMPMG_f7#A`vO{6;IG((!0Sy^}^QexjoiUdDX)NIr(U}{g+%z0zqcDMv? zy*{AVlqh&h=B*}WPv#KJW6snf%C4%0;z$FyHlN&9MhjEoPuRXfoNQv&_>`5;3$;|RjDH6 zP_(fW#?od0q3ns|I;F|i(}8a9?^Z(AX=?BlMipk`ss&YPLe;|@IWHbI zQ&(zZ$_qC%r0@0pZpoT3YiBgyhHkz2xrZvarNKD1di?*}>rEUc6{|CXCA*_M+oN3@ zi~Xa|Z8n;kwm)RWfHo=3a4)I*{ICWFPUE8=V79QHpOoC~$wus*C_v>|Ns0a;`Tlra z=*Z^-Wi$!i_Xgj!hOsPSg-Bfs_BeAu$XjkvV?A!Jd28GMBT5)d-fJaQ{5#0Ed-~_O zKKk9SV1LhaHe3Zb`hPS;UX^%6g(3uNhj0t#@nz$*iDRjfy>+U|Fp7Y1X``Ea)_SW7 z!PqyRwLl*@C-Pt6(V-9wmCmS1jM4qK!s4ZCeGyZq^~jVR4%af0fu1L5UB;GZ}r2W%bwRmGf#>_yMg> zKH0modkOoaII2uYyMbL;v>bwHz3vM*g~Lg0H~n^ICY==FECJ?UFTdp1xR5UwN9~*L zBR(TvD}B?Ery=Z3Y5pJpOA?>g=v-!X&VBy~lJS&)g`<*9gu!#M;QK<3Ga3pJKPmSn zbcO(_w!n{Fgt6+h_fN?79$6zu{@#34_OUO6QxSODl%JYi7b|a9-d($dh-8;H^PM<) z=@GdfZ*)TiX^ZZrJpVCVq*IXVb1ad_AI=;hh&5fq6U89xH3b* zi1_`?=+~0>jPS>4(bv@5gf|Ka`F`X#7y?**|Mi=9=IAFo?I!Ma>4|k@M!qd;<4W3E zC3-nHm4srQQ4l>lwos9l45>)I!9&vJbF;QA@%q~$^*SBP@#q2R(dZ`;_GPEfBJ~wyD{-Dg2k@jTK0nyz+OM zE_LBQBf7`9Ou|R3{~FQpP9@cc28;7TZ5^7gmj(>8)ydcPn=-eeupu2ZAztcY{`h8e z;AB@Xh}6J^bo6!KS<-UC$TS93yWtr3T~DGRRXg*|GQJWNt7@FgVd9e7*mW2G_>Ia6 zA~G^j)a;++@WdqB1qsnQvkT0`O%n7nO6>@hf;uUz-4gXWUSNXbAu+kde<{B$iXm#6 z_UEY4u(gZUE|eRWr+RO&SXGZNPxBV&#`DIvx`XwqrksO{gi_5 z9R?;vUj1UK2;)zP;er5fk!@!lgu$QEoWmq4FT9J;nHwk`pDZ-O?Gb}7g z9;kb&;<|(99WKj21~YE(-23+Z`?`H}XI<5tWAYu(X0lh=0e~uD{mvvApRCu5zPt0P zitSYtrWdia)GL@u$RpOi5)LIR^#52#86NMm=yJn?v_Gl!SAt@`UAY3+DEf9O#lr`= zO01_|jAb=r#Lc;o0e{}(&Mc862_vV+Z+*UiWlNdNFw*2EL_{bmCmit@47BDvk4Gp6 zrv5-*eP3|llLsiU^TGV%@X1_^xnzRCuXeGU^F3sd8OHEETniM@U&%r2)7 z*E9h8lFc{ZMMm14+nKbu(%>9*rE`_Bt|whNo{|I_k zy#jbe`rVG!sWzVndl+v275gD!9w`v%J2kM z;B6*$t5sv{+z`B)QLSA$338p}sryp1piln`w|d-UN#aWt#CDXVl$~a`Z$PrxsJ{>wUF&ZHH1xAAJ`FR|sq?5kRP*(5jSu%;u1`|` z5x>#`)TTUyoZ#DDZ%TS5`!ksgUAu4Wr@w+q`eOt`@@W+a-@6=B$t6J7faKlpp~m@t z)BFn!0nPuOqoWl|=x7oJGpfMsM?8=Jvj>3a-x^$(@|PoXt_%l$F560%HJ<(vHmk8r9IFd`xMn7|9QxkQJjckr_h_L53)wf&Sl^h`-+BCauH2_bFDsQ}lj9mZECDEj~ zw8>i!L6ul0nx3c9>y07lfkm&#e-h1umD)c>D_x>%Vk-s#RoT+BL!FZq|s+ND6>YH9ZlwKR(3HS^jeZd9Sh~Hsh0ooRNvN*-~!|l ztT9+7YS$Y{^aWIw`I36vFK)TFIvC@Cp4zU+J{|KP`JB5iYB`rIWrK7KI-{n9G-?E0 zrst^chT*cPNqcm2LJn44O;T&c8^$$C6*g(S(mKPHz7Hn>;$^(n3#sS>;T*iS_vgFy zfLPul*%n!iN73n^%k<^o6`N4y;jRFnn>%Czayg00LmX6kA`xBDZZ{3T^yW@d1O1CQ z`zR?UhOV_4)S=dnZk1ThWcO}@MVnFR1L@O&lXrBUInwZ1ev;A2g5e1(ncI2<7t_7R zz2~COA~n!V@$f*`pGEqr>P!D3?8ELz@5OrkQ`mpEl-v5Sl=0^MMyA6fIgBLiD~!U8 z-(SxOf*_;cR=iWL4T!A-W?cjJWI5>2YH_Oejk|spfJ@H4b0F~b-WOvKeDYS^b)LnH zgPIIF;)&d*al_p2{ReG>+@;+ZwQSP_VElJnmxH zWl@1PKG&ONa+uxh8Rr~T(3LDR#-H8bp^ufA7A}n($UmG*FSZh=y5YyaM0r1J9sXlO74%L3q!CeR{IKXH)aK)M zjuZ#+bgyWS?4u0@`@<<_WUFZ><+l!Jv2NMnxeqUesXF6?&GF;EsC2#WY9Jbq_=(tU z)-1eBHgwtuvemTmnZzNSel8m|e0}r)0ixvaHX^k8Hg>_ zr;^55jCzeXcGU#V^a9L{8^JDFSh##XoN0C^&bO0BToe;ZDd;kg{#<+fbGO8YBAJ-L1(#9@hCg)D|#tK{$z>hV;q#4 z4`G!e?e)=4+k(n%@DZ^i?p)vcixCIXeO_e80VEHQsci6tSnww&1EDfkCOMVz7j_*bNT8~~c zL4%eTI^!O82QQtmpkTC-q_LISTU#Ptzd~1(|3YHTv_MRsM9uJ<;WAVN@GcMr80+5* zkt8?L%rvT>Bq6_+;0cX05^a+L?KGP_xNv%v6vl9bDv20Vn&LlchxZOgL;)t^r3YF9 zk1bnn$~`x^EB1u{?`JGG*^v2e z{}nZn(ITh89WEOn_0VWoIsaMQIep@8m52my74YNKgyv3AkyKLfao?SkPN0^tIGVr> z=AAW+yYp=RgrsIQLOI3njeQeIMy~1aBH@f;=y{C?XT>em*FRL39b`y{Mg|pjoNz!S zhL1HT6o8D)6`uJAvBpjE&RK{{43J@XOJLkJv1G`S#(OOspf^tIjmTj3@Ot3E^GN%I63h!~A7HT~wL zmibfwD1pB}*y|k;CEu4rDBYA&IyfK<6SGkWr>wTP_J05>{|k?3n8eVSTZB+gZo(^* zUiPr=6H=h|b-9H!--YD1h|Y(?QnME7_~mpmGSFcjNI`8os_mUGL;XX)Pvc%sPromXRQGQUf=u30ZWhjblr+)x!-fbkaYf z?|>5H0(^+Z2lMKx{}l5%Pfk)wMMAQ09is#ecG*NW;-#+9R+sCWqopuEH02KhN+WHd zeD0!8O3vk9CT4LBenh)Y610~lqQ?l|-pcKh3Nb#deg@D$WSfrZm&h}GZlc1hht4$P z`qW!}NMUmk{br`7oaA)+N~PTywBpOfO>1l5ifc!J;I-D>{=#{m;J&tsxKiop6E4dh z>ra2wDXm{h`m?SR?%JeAFPctxp+1`Fi86}356d3ooYI)6m6)5Ib#4}ACVXOTF8F#R zGg0wh02#g+(vCROp-GPCRU)PA_}O;=%L^dk0#e!$9!s?ueKl25Zo~fI6_#j&a@qnR90Y(zyM7(G|+&u z$|uVGCv|8&&!==+zx!|1oTs;7ubRBC^9*z~oAZ1x;y7a_2HbnU4@!IerbgOiAn^RV zI>~BrU9|#v9JE{8`0EBLF%^ zNMUJWkp}_7P@FpDfR9#J0J)~t_~t`IBp=?Eu4$%}5Q4fA#L#jR_0+1^b_c`6Q z@YjS?5wvf;=xEDzzoN#crWi|o_kc?eMys}K^wItbN`o%mQ{K8rBw?!<4#CxqzO-#G0 z09cHjCPW(L{uhArt0Na#-bzgpM&JQ;R(~sjU*e9lSYd%@d|??cc)KL5^{}|~AsVBoR>FR%*py^? zJM@vEeTsMhV6ez7oK1$T{3PAtd;AT2vM#_mDW_B#P7p+67nhVraa*tifcf2SX-7<$ z9`e?CeBLj~E1Z}tbE;9-yge_RShF^5q}0-ldRzR^@e^@xVrhb%wR7FeytBuTuiXS= z4GwZ;ZXYf6Zg{1!t_j_ETP!{N{^glyL0+t4s>H*0WcOYMe&DaG--ZUR1rE& ztVvNpD93*{>Bh=;yM&mfb>3lU>dAcyYUu2_^HGtx(QVj7HCC>R!!0z@Oh1=mUPC5t zG_oI8p=}#`;T?dHDxG+g%jqDxCZHMLY4Sb%^Zq8x%)mL)J$>S}#(ji`w!XgGyBtl| z#rD8a+DyB_w_Ky867(qvr0C+`|K3;l4|?N&NecT{BjW$?1!4mV!h2TLpZe_M1!ANm zR{@@+9W9}K;vMQl_W;MA_Gd1N>*GhKeLC-2gZUutlI$L8%61^20hfr<)uC;RwYWqF z7CCTQwVx59beX(ynr{*Sfi3DjzO8zyug_qD3!_`6h0>iC_WwGwyqAPTHf|u#?q2li z20;85E2Oe#&7GLXmV_&PD7lY=58K&mBL-Q>hPdfC8G^4GqCSoHD%)ZazIWN;MTXRn zPY&0iK^&$Fmt$M_6}9q=x~Sl}h`3qHBpxx|ss;jROfTfpqNt9U3J(`5p5Ixi4O z`Y9fp&4C^xm7coYi;Zq;sDF!l$Des|-~H~)&2JPPufB-HjyNrzQ^Tio580KuWZ#5+ z{!K(3Lqpugxbz0Jh*x!-{ut!ToM1F?+_c-xr5EUPY-YvMa7b<&>^~BQ6>(xC=u~;8_4%6Lsq-aSsqxuM__E?ScS@glLWe!C*4v|0S zxRT{TH6@?2NFA~H;0lJ9zxkR0gZ{X8`Sg^HaA&S;(Vnm3LrHEaiH-!nW*alX?t|T! zv)L8~sayp=&v%d*(;s|!H0h!~{ra;=Ru%|$ZsAEF5M}3$1>(nJdUlZ75x+{p z+@tHoZhyBX*SKb9Zlk?qysve}>o*W-ht{(|JODH95<$AC_p4!8eE=fZA#(Z$7oXbS z0uuL*>g8G1E1&7~`oLf4?~NX;eeu@UaM+>j{>O*}lsufG`@LwnYCRfU9ccPjXPPtXfrROkOQ4byJ|}}L9?jR*u$O%U-uCg7_ZvAkM(;U zn)&v|&8T7$BFS1$cPSB$)E4dgPj)CP^aPLIAgFWWfF~u30s=Jn?LCe+kI>`M9x4mK zTduohyg9Sb$q{+~G(gci&%)m&KC~4}AoeH1ovWGXdN$9E2$;TFp2oP=CI_4)^|x7N zcDhH*H&va>@8?evUzMNbCn^jD4X=KO+##8l%nw*_8rSl;j3=E$Jk);v66m^uK2%HLaw?xF&p&~SU*iV`1cA+l^(viiwaI|v3fU8cH^r7Ixg88 zz|<&QqMFBZcpcC37Zrp%HX=dliMloi{p-VfunuEIcf*cF3q^SSw>PezqUwV_?oyLGoMMp@ zJmy98Sn@@w5q3i)V|xn@aOLQ@MiYDnpj5&yBy}*qw#>k@WOJ!gRM#u-hBBk5=y_c* z84_52+JaR3mzw8U=}Y8mn`KVOrfOPYZ{_=qQrWdykCM$@r_PadKa5hUXl8u1ceL5%Ua z_bS$0Ly=}#?v3t8#@MSV_(I*WoI@%Y%~fx6`D#zX`uMme4)cJ)Lb?h3NHcDbiRYDY zXX@Vv&&Zo}Lt-FCN)Nk?w6!Se46oeDMYl;bKx!wE_dqMF!j%=rI*JcTx&@`ZyrmLhL1PLg5_xn%=Gmu{M|C8Y|eh_p#h?%_aD4*)gvjZvecPaXAU%>Hiv1zN_uRE zX8hrGcO`zOHlCKGG6tr(yR|R3>kK!%{x-B8yNx}1e(Njq-YwbBM-R-CfCZyR{WGwe zG#@^edF1juuxWqw40z_1Z0X@xKO4pnih{>0TWo~L(}NF>TIM~vqTJ2poqvZ|notcb z0jp2N^pwX|M!TYg^d*z-dBKR@e8bU5k&5GwqNmR#nYlj_t)Wgn<<>SAhV~?R-Eg=y>9;A~z2k4?`t3n+}-u?u0?*sMz;Fy!Lj`HZZ@VY|#oLSS@f0zq$}E zzP!vLB^xM+*<7e0CL)kH(2%L&=l?0thWcx@w+7%*8(7<7nHkFb~R_4W+qHAa@Lad^LifVE#y~ zCN>k^Fwh^BCL8jO5A#^a&&z?)r);y02>iE>hTLZJFM22k`o6wXT)aVQp!Zt=*~~M% zC(r@#!i|cwVVQ7vG2-Rcgpr^cX-(6L24|z z68pw$YoY|eQ%1nBn6rUCmzP#x;kLhS!hO;^<9uD$|$2uVV;d*$%$M3;yKtD9}6fs_Qd^%ajAA|#)df=25 zmK4t|y(f*UL{SLEV2IWjWEOCZibZf7PqJqQjzxZKcKC*f5pK^IXU0vzcj%p2?ui^Q z=BCybZaX$)T0~DZ=qG!}=Bq?PF86y*{iqKZ1!m<}WAC+NF?%&*=YPHh#~U;a+Yu@J zF7pJqy_rkn_rYqaa2V#~XU*DrwtLaRA{MhKju*5a4lcLq;0W~|FHi%R&0ua}vhl%d zO7kNTMDP_*drJVDAb58%zwsn!`%{BWxsF*>Y+jy_7;dqE$SCGW5$ld#7_whEfHc zND=|WuiBX{9X-iN0QG&Qk}mMoJ~0a<`Ie5yqfnEYXXAcAZyn$M<$Z_f$W~f)AmG%@ z00!7g(RUseSu?c13dT;G+^BZQAo(pmWNq{%fXg&$2N+p%CMB!n^!Aqk>W!WT9uWj( zQM8dsvzGuRt5~}2%x8OXUEoo&DBBSL8`a3=TnC0VPA_1E4rm^(d=~>uyl#(DG#2$* zN85Hk=7xzzQoSQE zZ}Q>vl2)Y`-_zTB$shoWTt@PB))Ji6O({d2i`#?!YAJD08hxm-kXRy|z^Qte&H30W z(Az^un_7jrktUtyy=&^XK$IuHHK*jL^lB_0!mr!DRXE`(Tkd7nmt;K%b8AN;A+STr z-siC&&%H$d>?o>!v8>FZ=`!AS_Dd^VJ4<|XITBo7xyHp7ylu94$n*IdK1e=5^(fPb5gr2rwl3zEAvjsO Y=Q*iRVHqaie>dQ0s_Cj$C_fGRKXttya{vGU