From 3be644fc304a1d00c5dc4b39a5dfa85104e48a3d Mon Sep 17 00:00:00 2001 From: MAJINSI Date: Sat, 16 May 2026 06:08:04 +0800 Subject: [PATCH 1/2] Harden OneSignal notification config --- common/models/MobileNotification.php | 50 +++++++++++------- ...studenthub-55-onesignal-hardening-demo.mp4 | Bin 0 -> 76317 bytes docs/onesignal-env.md | 12 +++++ .../circle-ci/common/config/params-local.php | 4 +- .../common/config/params-local.php | 4 +- .../common/config/params-local.php | 4 +- .../common/config/params-local.php | 4 +- .../dev-server/common/config/params-local.php | 4 +- .../dev/common/config/params-local.php | 4 +- .../docker/common/config/params-local.php | 4 +- .../common/config/params-local.php | 4 +- .../krushn/common/config/params-local.php | 4 +- .../prod-nginx/common/config/params-local.php | 4 +- .../common/config/params-local.php | 4 +- .../prod/common/config/params-local.php | 4 +- tests/check-onesignal-env-config.sh | 17 ++++++ 16 files changed, 84 insertions(+), 43 deletions(-) create mode 100644 docs/demo/studenthub-55-onesignal-hardening-demo.mp4 create mode 100644 docs/onesignal-env.md create mode 100755 tests/check-onesignal-env-config.sh diff --git a/common/models/MobileNotification.php b/common/models/MobileNotification.php index 2c160501f..d20e569e9 100644 --- a/common/models/MobileNotification.php +++ b/common/models/MobileNotification.php @@ -1,7 +1,7 @@ params['oneSignalCandidateAPPID'])) { - return false; + if (empty(Yii::$app->params['oneSignalCandidateAPPID']) || empty(Yii::$app->params['oneSignalCandidateAPIKey'])) { + Yii::warning('OneSignal candidate notification skipped because app id or API key is not configured.'); + return false; } - - self::sendNotification( - Yii::$app->params['oneSignalCandidateAPPID'], + + return self::sendNotification( + Yii::$app->params['oneSignalCandidateAPPID'], Yii::$app->params['oneSignalCandidateAPIKey'], - $heading, - $data, - $filters, - $subtitle, + $heading, + $data, + $filters, + $subtitle, $content ); } - + /** - * + * * @param string $headings * @param string $subtitle * @param string $content @@ -56,10 +57,15 @@ public static function notifyCandidate($heading, $data, $filters, $subtitle = '' * ] $filters; */ public static function sendNotification($appId, $apiKey, $heading, $data, $filters, $subtitle = '', $content = '') - { + { if(!empty(Yii::$app->params['inCodeception'])) return true; - + + if (empty($appId) || empty($apiKey)) { + Yii::warning('OneSignal notification skipped because app id or API key is not configured.'); + return false; + } + $fields = [ 'app_id' => $appId, 'filters' => $filters, @@ -87,14 +93,20 @@ public static function sendNotification($appId, $apiKey, $heading, $data, $filte curl_setopt($ch, CURLOPT_HEADER, FALSE); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE); - curl_exec($ch); + $response = curl_exec($ch); + if ($response === false) { + Yii::warning('OneSignal notification request failed: ' . curl_error($ch)); + curl_close($ch); + return false; + } curl_close($ch); /*print("\n\nJSON received:\n"); print_r($response); print("\n");*/ + return true; } } - \ No newline at end of file + diff --git a/docs/demo/studenthub-55-onesignal-hardening-demo.mp4 b/docs/demo/studenthub-55-onesignal-hardening-demo.mp4 new file mode 100644 index 0000000000000000000000000000000000000000..d7d850c9c392f30fd091e628aa30ec1e7a9a6001 GIT binary patch literal 76317 zcmeFXWmKF^v#>k3TW}u|+}$m>TW}5T?(V^z;O?%$-5r9v69_?rJ7?y3pZ$IN>~;Q~ zzq{95Q{7e7)!o&%^eg}X06;SrPX|k9ds_ei5&)JUSPk8bS!^BHSpWc}BwKrXHvj-& zW9w#N0+Ro&K>Y>)h=2eH0QmEN%m1qZQvZ*(@c;Gv|EfU(0Ek^KPKMSXqppkfKVw4u zH^+aYfyVux<$sLx|1~ZQs1M}Ne>#$znz%TFYDA_s&MyCk0!0AFh5mQWh#a;imWCi3 z(AMOCuALR+V*yYb{HG^_g^7*RzcB!AmL{hERR>FTP}^S0(9Xoh6zqerV{2(=2C87W z+5QvszfYUo)ZGr9cWYju_68||Empdg8Tdv3nc&7 z{-1pOZ+`xh2k_);rz zAhbb%`-6RYL1=&g#{%;mgbD~@5L_UVL4ftV|3O9=Bu7Drfk*?r%fM?W1OZ+vI9J^u zz;m(&p$;Mn1bF^mK!C?o00CZ`MLW z0RIev| z`xkId!MOwP3s`3XLKy^jU%>MKUn}4`81UM`ZLl8f177=o_ZI=R%|U>32nL*gupK-e z7;yf<^B?zz$bapWYuK`>jK!;^;9*kT~T)=D4wl)1nf^B5~{eTEMR5}?t zIDljRpTc1IpHnDBxr;qGAhC(zKb=8AK{GaVGXtH}SU?|U@Cgsz%*oUg06}783-SWp ziM6mW@9&ix;>TTwt5Pi~^ee#CPv;ll;~bCyXl(Cf3S{Br06MX;va$k=*f=74!lfE?(Xi4 z-~+C`jiDW*y^}c;coaqp7h4;UkG+G7rM;aqFVNV~$k14T1qeFC3a|l9OpR>pjjaV( zc$s;bfrfU5HlEI=0?Zz4yv!afENnnqQvnN851_NF5vaxmba3_rbp?GJIGG5rFfxNW zfxdvYmL8@i2H=P+pdJQJhIZzr0xX;kG7 zJK72`gQj3;;$?4VD!|G@&%y#UGjw(_aB#M^bO3w&CxD}afxVfTv#E;!11r$Q!U@y^ z6o?gQV{dP5XaQ;&{Fjmy=xk$Y44TY;DVTwFPX7#IY-wxg0-lJaor|fHjUmVhq&Kp0 zbu#ocFt)dKFmwU6jX^mA{lKxb1BC!NIvIj}%$y8uO`Sp6GBR-R1l27~1VEc*U}$3K z0A7ZXfsv)5Gk6e7C)0lx=5A_fZsB4Cve`SB+8LPJJAkbJQ96LSTAO-;VhgZxF#lUM z0R8L$HG$5?rgo;rt}X)X%;0G{8G>`_Wa?}I>h5H0@PC#IwmTUM7(1B(Z9%7bQ}D7t z4FOg*MrNQRcrgOZjGUmV132(M($GVIlLw@5b}@AjUQ!yD};Wud=J^$G(9GT8a@ zD}ET7rZWWI5s)WATDgVX+^XLQe;ca>x{B|R{4gMa4B2u;6TX$SSk6Q|hKNx)K%4b` zUGuqtm?QWw%;kSp(S^gW_&O@qqpTbbKodC`PzYqXgJnJ4m_~zF$X1O`q+*tH6V?e|Z`k4Z5-_&CYqc1eLyBjE~j zUdaSwnv_|bmP_l!2X?-P#NQn$UE!lJ(l&x_plviGfZp)1mu!`Ud+3e|9TXH8T_7#sZ2 zP9=f-f%x75eIyMlwF5#TW30S$=^c87nXhtoZ$Igl9zsY+_eT|ZRYF)F|Mb}9=ueGl za60xkuQps@shH^24d>prN$MHpsRBTfm*b(OSk;;2rmAHHAv zhEnzhBVnM)K{Xo zbW!P+M}rVHRYgQB_cx8O zSI#NDU6qzKq25`604GWO3_WM7z7g7Uui7ZNDw#-{ACq`}w{XtG1WJ&8NNW#J-AfzBcG>Tl>^;sLDsPL3qmo%SPY-ZI6;$HTdpNqee5D?jH59he1~z#ly1mJTH~R5Ld&l|+2dylzZi z`-384Uy|8>GZ>ri>uR%kCaXS_*RPT~N>0=y|Mew&XA~5`Ko3otKCB6QHOi#rx0;{k zI?FYKzax}|Y?>+m?I}dd4)ulKdYjM*R&?Bk*~4_*8m|5JTXsH-wkZ&!IkiEJV)2Jl zd0EBdeGqO%k%0VhtQPk1l6SyRe|5Bw3RjU3w}>U;X^{p}vD!Rlct2V}(2j9nxoUMD z?`YOulHMmOe1Juq#0ULL+v--l4wd{QrC~!8ab`1O&2X-JDoed;*-46X_Y5^Lx538t z_Ab)>i3h2VzM<@@OnGq}9|$D$n1F?7Ft3AommvyTnPg-RC6g9UMJsy80!- zRynY59y0xqn&Ko4h{IE`x~5_myR`?yWx? zF-SVZ1Ql8x<#;BAa$oSDo^v}wDWP!s1)EqA_+#NC-cTn7eQ-K9b@y`y6PZW}z7d-7 zuzY_H>EEk|RNXg#RM*Aq?H~IEkPddTMmp}`rrv`M2yt`0Y)i9&=$$4Sp)4ya&bx+) ztjSe;a(csvM7j<`J<=dy{2P8eaX?Us``v?HrpHOSO+=Y^i=Tw-P*Y`E?4bA(pU_|O zqr?KR0S3o{)6ARqRylIwhp-&&1oD+A55E+eRAh}_eQpgNTN0A$;4O=EFUGjH*x@!!79RCIi$pAUWNIK`uz}*IWeE*H z=aWJgQ7H9Tja?0-kq>Fx>8B|rKQb`_ zUc4y?B`Wo?fhaHg8;9oyo^P#TDspc*hM>d3Y!+1SzhUP?e{E%Lrofe@i)#t)Bo)wR?3x> zXwsc#Wkvcl5vQxnAOFgqA->|NI%H1*_x*w$x^XDuztvUms``&;zCzKYed|EY+%)T8jOgnY_;RC!*wr)S8pMhy7X ze$Sjw>a2hVK76!iX}S zyvwZUS-?FXaCo)eFROpN$7Xsbct2SbWke&4$rz@1aw;xEFVkO%aS&sCOXfpgCFz!` zIQ8+`%mdP?XZWK*Ai9_g!YtP}dqsY=SwQ_7HsD~vDOWb=-ZqHSvDZGDTOjXAwfkqzvwJ!`k4EQBck^2|euTx?t$z;H*NBBtU5{iM8{b|WjtQ!K=y)%i=DZIn)d(J4Q#R?c+ciaJe-6=IRt@56}Uwk!+ zj0-$Jr0C9)lx5{iZ98M-YDu_;Hdo(EMfUijvSMiBf4SZHCh<$KmLsgSIJby!w(S5D zm1xXakPR;DHJ;|04tRrWk+W`&tG%WDq7^X|S44K2Z0BX9QEJ`#|nkhq?z!#j5Ni zA^+Aok_w(TI%q{d8}Y@ao$SM;{*Hd2Gjy0LEZ3C}y-11YuY|H0KJ`_9cWZJEYM%>y zS)FoU2X=bkn*(3kWqR1V_MP2xnwTyS#fwInb4)TL8(sjStpM~xSdrm;^&1M1HbtiK zJDjs?uQ2P@vO@md!j?C@`-hew=@sZ7bXNvvkOlCoZO&Dlq(&D!>q*U_{8AWMN63y; z>XML8EJI#o6BG-9hS66?{H~9wvH2Fs#kTIW(s9BcfB9mbb6TfQY;E3{;sSKy&^<0b z<+;<{6SFyQWB(+YS?($Pg(EWhGSyWDWALX6S2Uo1s^v5_7dcm=J-;_cb*(ecRY!j} zn8y{T{9qxOtlog%Cj<^$-*ZBlPd|k;*^I7_GPrUQ^wSU5RWh2{!|R{7_oK=@{!>=WEgn@_v-`}rqtRi1~r9e zw_##wv3Ph!N5h{w1QbgHP|iHq>kUh%)ZlVS0s~z}r!_wEvq=^d?JdDDgMVuy)d3>) zFy@gKyikz42!*}NZWJK=XNhu=Jyh4Fc?Tqir==`J3@JaI6!Qm5Y0eaj;uDw_zqT7V z6b)f?Lu6wX@Rl*%R2R|}U-0qIe^}e}tDv0W|Ay22(a({gWz&5{c{Qiob=*bcSRvNuEP=PCuv0_=q6SnecPwG3YdG7t+X#Oh==}`{T1hAn-Kd|nVmt;+F@){-{gXH+~7 zdlmB?z+dp|`4Z&nIiC`#u(QYHrau>n)aOkqnF z#oEgql^$FE7^8{Kmxd_8D#6g%rXF_|frw?fBa+b3>G`2tbyAVvZ={|)-!}%qzHvPg zf1pWcC)L6U27`l?{9^8LHDAnXl!k11WP1Rx`vVk;H-Thc_IrCQ3Zeefi=lDX&%nyA0tv zA*S{t=lEw?U)A60$3{|2w`03a?T#~&dw^b;Gw1zC^EqaCdN?zZFGemG300o5EkWF7D0aTC0tHuRbt{w&g{7pb=%2MdyzjXODwzmuaWS|m z16u3U?{j`}O*C|pX>LH-$?xxk*lRFLq)?E$%3Fw^@IBitJ^Y@KCAmeCN$!_G9I1DhGJ3Jasp=&aeozy6HO_+ z)|&0A;Ia2HlBN4cASs3o%hG#y#@C1WkZn+z@`^21dM+!54g z=?1Ew_H#E7X=~;Ed64ZQJ?8q%YJNjsOMg9{v!D3gQc;d zDB+cJ8AIQ#=vJH+pUZ6$F+&LHfeO4HQx+dUMEFC9$#Yhee zc2MeB;YQ^=y^n6IUmx}%Ev~|d(1un2I=uca^f+!C#2LbI_^vn=r+@FGUaC2_3O~c1 zw2%nvSh2T?+`U<`?mqOFjpMU`{W+gv6wlEuL&`~gK5wX@gyD}ZJG(OmDTW*r$*d~I`X!w;rKsq zg{!J=&!ihDnJ*zaHgx$m{edQ1dl189h%ajt@Scyz*}M28jelW%rKlAePG~6}gAEzi zh<^)YqTndlt;S_)!$C!*AZqr2wlp(>+N`Xvh<}JW4rL!5NQ$ zz`rZX%T#nbZ__*LFEpXP`t^Q3PlKl0nm6r25i}YK@A1mLghgWPc^P*+WeLn3dFV^L z33U2Vmy24nGKYh-N0h+S^<%iQFjsm-eN4S}`(F*q>b~@1%;wyWq zp3jRnPMwP!X%!US9r}tt^U+y&QEZ305MgvE@?+d&Dh&dEPNgEAb_#@ji00;{&K~|` zXQ%Lh(Q6Z@IS|B*L(dsQxt_m3^ZCgm06m|*kfmI4o2mfx4{{LPLGxtpKv@4H_4#!7 zX(FYOd@D{lK+vma*GmR3Un~Cnhu&tsNQavNU&Y( zybU<`78EDejM9{n-0mZnk}xcec|;&>2)R1#xk%IToPjiWpWDR}$F8CMEW%j$Rs5x# zXChGV4i0Nk1)Hgo;vzfv6!#F0)?b_7R4LkWIJ**3M}k|?rwMu60)}3I6ITFXn3?bU zn|enIZ>^1u2s#XUJ)@i!+-htee^=7{EB)@s=h+JSp*&i& zP=pz*20s}Y;zr10(F`Y?^BBq(k{iEQAqjRitP%uUi)_2=wB1szoBo~vL|s0yB)x?2 zyw#U5yQXfOl8w+>%+(s~9{2T>+=0n9n(Z{K#%cI(U3Uno90cCM@L z!w!5#iYOTVt~b&eEE?2tn;00%#ID16aBI6zIu*nty@q_me(=>@KRXFXdV;I3 z=74Fvv(=SUvIRYgl>MOq=Lg!Ue*wu`FB^vj(A{hNsfg**u7oNL+%w?w^YT^_r;GLC zaE`!smoT}@(FP$wBO8t08sY@eBS}Na?F9FgvEK%mD$B?Qn;bn+r z<;b>WX2%G!30MzxSs-kb4G0B$yUSM35Gk*1RsETL|GOREqPT^KB#74#O9%aS(Go9umStBA_or|}li*+=YIv~PUfXV3*myC$?w`Wql z<7RAii>S6)8JC3{^+H`*2b|M^vHMU{Q(gvE$svyZ#RO`ge;p#4qE2(#Naanv5qhB5K@>;6GQKms z`{RdlcIx^ar#_P$6`qEYXwn+bLE)=WygI+oS)=9Zp>gDL)X3+TpknA9DjMeXeyD+G z?uhdwDkB@as@?(jRTH~5#h|0RbSp3Z(i8Rk5+02+_ve68?=Me@{0yV&u&1g>`zlxo+K4=FBre-@ z(Ql=v-)g5u>4tH2vX&>Uv{gNiU=FZ-!^3$rT8H?I#F~D_&G}KP4tix(gd8d_Q>r(k z6ocaLa_MkP_P%5MfsF|&w|D9mWaUCkF*`37rE8e!KG(8YImJSN+pc(W9dq_R5wSW= zBNPxJ4$M$%E&z-sSXqMyi-NwF`SPn+9wAtI|ALh=oHJzCTlrE%L(M?I9 zJsoUctP^V53HxO^>Dp`2gY7ZoT@(8?(Jjh)sNrbynV%UWgG)6cpZ9Q4sbgDdkq2~O z_Pxq+Cb6L6WEirifmW4!?q=k3^FUaU>v_rmMW?-)wnHQVd23aEvax*zV+r&XoW~L% zNg>Jy3~4vWgnZkF3@W7Wi_2!HOcFDU_EJd|#J_`vMU5im>-M6K`dnixx~~)7^cZ!Ue{lk0nU7HqoRVu;$E8SC@t3WQ+KqU)C%v*z_Psb-TDH1 zhy~`oztAvR4vgnTGV5`ZNd7V`euG^+Uf`fBtbmQNiv|KnYKz z*S@C?LFXAJgxnUo9otM`pH4i5`6P-N`-o-)C$h%~?CI_~hg){d9%I!v~TG58WG2NrNt3e>Q@>9Jg4IWn1C);DaW^#Ub@H) z{*bFk**dHkr2dOYMTcnsXf+JC`e}doOgC_2xH%zXna?1;lf2RQ4K3O~8@xY~K_o=A zmWv65YEG_ws&)wyPPeG&&5E0O*GKGUg^jU27O20llnSDBZe2GRyfVV*E4_1c10caK zNu=j@@`lu^h3Ot;4g;v+Zpp;cjo4b3zYf24hkyR5;RB^)b->(wZvvei$%Gf+ zNJRIpLqJQU*y9{|1cUTVvHQrnkv8~om-DAQ?WXi?|T0M_%zYDJ5Uwi=+Z3)csh-+%@a9Mkivp!_NbwUp%S!03s~W zF_A>b>a!+pK~kRHo!2w#s=N~40~Fa;h^N8Cm*Lq_ad`?4pR&7N35!sNVWn&89f` z%k}y%8B;d;pVC)}`lm^g1SVYzR4EBtTyGV(=wjok#=TXasiry8y`@f^Tt44S$>K%+ zxAEIqMmZHcw#bJ#(qD)S#N3BWPNU4B-44>D07~S-(8Dr0L5|qCQ&;h$R2rHp^7&sP zkeeO)jF+T}zcIBaSl!rav>w7WX$Wyx#Kuk%JT`t8Efr`p+tsQ4(Hv+x_FKKC8&3m# ziIoTXOSaS2Mjhk?<`pRF9wyml1hjRl~pTuaxh@W)wgNyTprC0}sie?`-&I!$sIAG?Lf z!{t4x%cPAM5BqA1{`|6(rJ)+7Yn!KX5cANaF{YI=7Wjd{!!y45SvS!mSBSsH_>)pT z&3$(Ufv<7gUt7~od9PbY*Gbyb+V-sGpS5osaxbTiggbt{6}rx7g|2i_`#7x#T0r2ekroU8XOHv_Tzlixj^*P6WYEo33<(gJIT#{CBD|}&xAFw zHn(LJ!PW`M=$R57X>cKtGdRVOd?@)=<6C~M`yhz8_fStx69a<|H35-8eOZ>tR1g-3 zu{|l%kkpjv!64{%oh$id!vuH6)(XezfH(tjU&k-Egz0d6W!*g7GDPaBMW7IZ?B?=I zHx$`b9jQBf?p#G)P{vN6Q;vq<)@l3iwd% zQAUueVWu7RhR_2wcG2<(X$kTbM~u5dsrxrfVLthb&& zM5URV_>}j_B(;@;vv*HAn>8ch{`Pg8N6iGU$Op#mD#%&TNtC3c92tW@fcw*9G;JM> zF*BWi3FHjXr#9}HVA2aZxSs2#@E$IjGY0eSrcw8+>m>*7}>SJrFW+V_29MKM=T|XxG z&njVa-i(@(ygEvs92oJ3XCh+luh*{;EZ-L_tRnju$aDR{uYX!5n6TBG^;RGJoQkUh zb4jAoP#6v;*DM5Yf{$l{XqQbt9m=KfRr3Mec7dpE+4!SNX|=yzY9M_>d&_h{1z%Y& z>-lZwwtcmb_PL%GFsSTy{Xx?n&d77^xN@Dgon|&QQo2}55^1CF6(;8IUB1(wI7(P? zE4%Kg+!p% z4Wj7>A}sYu-V?l>L9j)lO*EXh*_x9a3Fmn|*5ztLm3&OUlFYvZG@*@Wn$V8gnr;6s zmSy6^TICwHD?peSnQ)BMZ_L5;p1B4}6iWK>{8H12arZjX5|gd4dWw(P*7Ngt@y=+2 zgONH&c1>A7@@OwA#m9^O{L7U_?oPjLW8bzVSAwRWuA|wjN4Qa{*Gjp_SATc(oEC-x|rX zr(BiekZn6w1IAnv(8kKYj0ybpI5A4KkRVw!fY)>Ltlv%L3x=GW@1&ab%T35@1v))S z6C$|_Oa0F2yqFqFKyUg5aN@@ujm;kkcY4CAvewMw*6O(I^Z54T_9OMwU5w^$0uoF3 zLsnMMpOqV#W^R+5uvx>4xS$;RDEx%B2_lPNsdaSuBX(&&)uzMZ_Q+6T9R}wyjq2?{ zxcIhQ+~Y+D?P=-kE+4(1y?iNtSSx?$j*vw0UdpUL{@9`MVTCfxgR{ajU88dfwrP;> zS-PI=iK@&jtDLN1nA%9-&&Eb+Nsow(_Bvuuu%A0;xU+Q5Za zQyWgf8*B-q-s;Ph%uew`VNm(lyls*m^WAVl3ng)TO~{DT>t9a-sFOTAh^MaoaVt@V zQ9sxME72X5jz=OZg-$sQ7Of4U;&7!>-yvm=8pX}$je;nan_rJ-8L&{8GPRBZc#Y8K z<>hUI5k^4iVu8)S3;J^=1xxhU_(y&7!-v_hd&2Wt$D-Bu5hUwd2E87&i3DyQFsKVD zu1H-Ry+I(U?&i^u>>>nmCxz3oR&1l{EErne$wAOK>d|lFx^)&QWyBjE^ancnHi#ho zQHT0je=1l|<2~gTk-m1f16^|>gXW(*cVSlWTeREnTQ=NVM)A#swz9ptJwikL0q9@k zGk$#Nmg*$+?G1CJ{e^~EOYfSV?CKmf&8+ydq`roj#5G#Kls9&z@O}L^j~B#?=wzi< zeYs%2J>f^C!}>NmH>~>PI*6J5HEnYGl#dcK@pqm%&U#MRx;pwxTLDvuO8n-@EB^VF zoK3EAao%xN>X)PZpU`XHO&rrUu%q(3-tMEsy{j>L4!BGqKU6|OM;xZJ3w#wiPHx7B zS-P_MV*L1s`(5@^Gv#r#^0@Ms50+|7e#InW+jpn{lRXVZ4IIvv%<<6OuJ^Q0(fz+a zwBbJz-G7**b#lp#9#83F5run zG(Hfl9?6~rqsc@_`!A_yX9P>BHzWwcF7r7AN)jZ^BRqWWO76m&Sz;*@o@a&kVq6xrYBWmsGeuf3^D`olO zrGAY1%*V)I(g_Kp*X{Lioo4 zx%AsZL2{Op*C370hI7m>oH&88<7Ruyg1DFM*)~>VWt^(GyKRvx;$*-c_3@6BeYzv~ zeFRmHrjN*js`Jb+dG+d6{O(z-=qkjV>8S@r)hstAmfuKZl}CcA2!_A7Xwa;?w5&Wd z14&aJ^GgUvmCUVsNyzXn>IK|&;j2i>%sdF3LYX^OykncgE(N0PDCB=WYt@aa8o9o} za#rG9$ibPz88knMc~}-IKsl)6T=NHQwXfDUKkd1dv=$wP1o_HpAtV7$A(F)#Esn>D z*>OyNYc0NaI$%+?;(hV-h#xz@{RLC-d=>z!r5F?nXwp@qRp7}?C|Y2{=3N_IpA>V&Ues~U{ac$Ry)$^u zDXNb6c}H-#xd;-8yA>qY;^R8mykFkMW_lW{N3dy^VfJe^Lme>X>eW*SA-RSQizy%Qo;`$X^u2rUMr zT3>d&az6Ze2q3I|rWLjzm&mz&6r*+&85!t@D@`k%{El8f96yg$?Tu3(wj8d*x0S{)ys?9|loHAACW9+*+`V<1m+e{b!b z!!4HHV#SPQ9kIZOkcq(&@D^;aq%WzAxv7QK#G*3k^v3Itb&fX;23jLN>9g z>}~TYevk4W^;2w&pWZ=nY;0+4DT^7G{-PDEutQlIzz& zGEoEh#TmVH%imn&Uab_KD3bu_kqWZZUlH6a^bTWiyYyFzQ2r7tWI~iNkxrabG6NTN z-8mr#J_)&mWzQ?W79+5Oac4f?KB03@CPhziyj^I=re|zDtfyLZLU)LD(AE}!g7^I>x(w^hkNMYsj zW7+Th;Cc%W%o$5APbBWqj`}VNwcuUbCYl?Rh8F4xBZ;U?$uysY5u}v9@}PwJ)ijy< zEpj>p_YgN8^>0QV)_0`Qn)$A;mz5Lsl1Z!yy1Q$>{mBwaJp=6i&g$|n!HtkxF4f)Y z-pbOlBwAF}ITu4gl;S?(&`=|_NS=)%%a$s!CuV>?N}c~H7IG1AcbG$F&Q1R2hL6(o zc}b`WafRS%R%@r0_o~4i0uFKWVBgzWF-cRWv9ywKrxT4fjbCYp5MF!Gc>3cDgpJFtggSnB0!~C_i04#BH$3WDuTG(=_# zzIv%v457~eIZeq(nco`vlemfyj+&tiwup`^rV54-XVhlKKN z{nfeI+l}3`daFvhv~JETG-zT#ITM=5B10I|OL7&9$CF13IPQ1(x`*v`IK$4K{pB`C zO&t35Gs-*_f3MW>&y8BmqD8|ON)^9NYWIEkU1hj4yRr=^_5<<-q&(H?;(mLGDo6JHWnUcx)ep;&io*@sjah>_sGrylbc>RE zTq;pO{{s?;fX{>c$<3_svdNt`(k0OBNduqBllCdaEw9Yb2M(L#lyr~{F$DU6&{O;mT7Efr(D({g1bY++R z37zF8^GPI|*tTm6h+h!G^0*fRg}5371y3K|tBZN&!qVUfejauwvOfif-F6si976ZH zRizEW7kJYx^mO}wNC%Y9(yHT}nRoCPEsS&` zz$IL)kD{rYN24@WKDWjsW$NA5P*+A#Jltk=p^hwGh~5wHtMM^y=KX~ac+v#)SVe9& z_M-7ydtq*Q=OrB2VmPb3(AL?%^nFEDBQn5ZSNCjhe8u>^@l5zsEh;Y3RHo!$vql?#pNZ;48fwo)7NL-xc^J0X zOF|C@$?EUMHOc`1NM>FZ1&NVwZ%xkPhOXFRkF;9%58mW2GO^+hZmD9{a7GJ*Vy%a7 zZNFHutXLx&bHcu~z5WSly<)@!+DT#ymXA#4T`D~w%bBx;=eibLZLg9Se4PD#wO=Q>EwHK)9zVOwUox-D?N$#nV(G z?)UrR@0i(j@$+AGJ?l$lbW6?V83q`;)k}#G zvX`B2;lWwdvT?r-&(-c! z4MMtCaHaGaA7#8o4H^we*hZ;8XH{X$0e{VM1`bE}y#Tu^-`SrgJ z@O++n-+s>)r9_3X$Dbg!u;*P3M_o%C$KmNXuo#%0j z!{$FlUuev7#gZ-+a9f7+gulj-uuDsk*)Q2mv(x4UE57FM$y07bS!?*&`$RyJe|l!3 z$>WjXe~f2kUqpuD)?5GH5qp9+8UV3zIv-aot?BCEZwM5P-*xv%xm5Sowo&|8i}2Z& zD(eTUC8G1sTm+9cp*c<;PwOYvCs+2DM~g9qR2X@l6sr6Hyz|q?GwYf(vyZ?uK@U9K zcpR4b3oh*mk)Guu?H}%AWmzHoj0f}eY~xWqziHMw$iqZAh{!!wQ{kLRuP5lynEE(z zlLZZ~zED?U~=(S<5jz zG0@R*>~K4M+o*mYo^%k!=C>LoOY5ItbhXcFx6Cu!cehXel10Yh(Y#G*IO+v3k}-*Q zu7QLwm-ME>vWE3uAY)Lq@-f_SA+|02N%hAldutoNtO1z#gNEE`%8!5ba(#uRI%i#a zojc*d8TwCE^`=z6Eb?`Ip9z=zF4lz{?!u2FXPp&yo>?WgR`S_l@*=227 zK%AX(q+3ga^5xmbG4(c1_PfryUPnEZGEA$c2PBRSPfL!qUfmm&p!NSl*)5$&PCI7_+4{h=gCJ zxl@fV=>gS}AEp#uCTMgYyeKe_0nPa@pT@DXw5peXJIFs{`g3S7^W-}ibV>py=dfs; zM7KN>iztIe`OR8d4QY|#1B160m^f0Edl0CF9_1jtDP$BSm*R>KB-;chWTo~{R8z=Y z?hVNu7Ul70F()c@`Frrrtqu@`F`Dx_r#Ot{k0ZTB8}oX)qpSk~M(YGvCu@%0rAFa- z<2okFN0}bS>$w-2O>g@vjyD1$N*Yn9%vxb7f|k3O4F`kev=_rdtmF`t(r>wKU%SR} zh6MLC3Y*f4;SUHUTe^?=@9ytlJ+P|5AEcMly+2gNYAXeoYjm?d$ne8v{z!iq<{o9_ zN-QwIou{oe{g~Y-J6sGF|Qz4@X`Iy zDy>R74iW$P(*`BKFKKd4dfYxteA17qRcyH=F+W~Xjb^(h%di2!-B_*nP1D4XSGV&f zs?FZ)m1Lqu_i)S!(?c+LUV}Rn$~wt*2wjo4zZs}6dpkKK2KLkG9keij|6-V zP1D=bj&|?lfjqk!*}cV6v;7l&_mr5)2G}sHta|fi3FCO5s+Jxd<&whOmT$jduWhVm z34b$n{LIz5FNBs!V?p?xni&WHFsf%R&_{3ZvbU|E=|MX#(rxSSBKF_GmC0VEzh4t1 z8VKufITqji=yIj$w|b){UC=KsI;i=q>eRDh^v%Q5~B<( z;yEC;i;fRIG;Hc}zkI|pe{Zgcy~vm7gxXcN3>V7Db`A*jQ8>b%Rk`73bVHEMyy61} z*S9T}z&&CLw@?Il29=IeVTQX76esiMY%ZJ#TRYwJ-%^~7jqkIGS$i51LCUhM`_Dg> zCJ~~T`i)S7HBUS{q))$4hG8Vs`3L*!?nOF+&3MYvJ<`f>gqni&8n&hU^DeH`mY9>m z{oxpuoRN$WT?Bs&6lj6QZsV^0K`y!>E|bzH)o-8IfgU}jSt84Z+}XAIoX7WGzZ2pO z+HV{(A@f9VjVJXgW|jNraIvLaN2q?w{cL9bk1!%e&~`y%TZEMMN)c-z|2FVjg6#4# zA|j7fCk<@OSHzWKtFw}!siMYBK}-ZFf6!h9DFTH#nCq@TOp>UY1xYn||a~89`i};NanKDS|+#6QXA|9a1X>^w&T({kG@lxJ$EjF{)6sO%g{RzCK7%CXFy3fiYY>$jJBckg}0@X>K{ecgF~& z?R)pWjH<{_Nw;h9hT}$b3Q!e>LGvlWvhG^kg&cQbW+COMvKM<4hU5ZoskCP@o=~q~ zh;h&~wV`xoY}mN2stBw~kWP03Z=W_w99Obeb3J|b(I%m8P;+aqp1Knj(c4{fu`(h_ z3u?p9-o`Q~S!{4b9OxbhID1yWal01qt zZ1xIQ=GlUy)53$%WZ1t;Gj+p_&{g_-mcfTri87W22WR)SgeO*E{+=7V!=*?l|LTw! z!w>alclo12zqhi!BwAnJfel!1{JHRYkfIAb|93!~P?jOs>FyNmnK;4kiUmM#xlmpz zav@oad(_*PcHgER3@>YZHpu&}y+(2*P<0`BQGd6(>2m>M2J6HAf=r2riR1gyy3qnd;%$xkim;|NFBSt_Xu-E{61P&Y~A{e(c z-3s{Sh?0f9o9g+t;4^P;gB%21jzMfXpHb9)Kfk1rO-G)~Dga=R?CgO*;BN6P>@|P= z#WvJILwxjG_nR_C$b;aI-f|Yxqi4u|dF4FrkrCpsFFX#k%nrSs($%HB$!E@E6n3AR zN-7hgDbaC_khz%ZCljzQ@?2sUiD=`PdJ4^?gEmaro%B9E_cf5RHo3e-`^WbbrRXY& z%T#Om2yKNgu_HbuO?o9r{N6()$sNK%SUTL-&}U1(Y-vVAYBd- zSH~ig4Or1r+~18G)zIU!did@zFrZBk3)A~6&XIdm4JBLWjhmuqf`v}E8)pJ)s|g(~ zWOu2yE3_B9*0!~JQDu}bzLwq+eIyI)r3s~!UA1zk(MS|9vbOvAWg?)w_l4*@3+vmK zy-T^$fay6*%tK#8#RW~56@_wjBZJA$=jmGmS<;^6+CYd^!ogYTce+aZ6Erd{T$1SU zd1){sr-c}~U}n8y2hsubs}#VOnoeDIFR5KG7p&kXa@~y?u2U|c&MD^AhcMY`?|qw1 zj$;xx2HWchR0lPCXU0@>i6zrKN7$pERF_lDe9p$!uOWWXckC2gB8vUD?;d@^U*AL; zjEb0vz^M9 z9-%vx97S8a6iSd-KJ>BRyd;UbfK>}HJUs+Kkh>BIpG^#UsJ3svh{rHm7~q?% zGZwCnF!Q3btV`DO?6mI$-)vjl>$iw`d>kOuOfIYvq$}ox|ldMLj(_DG+)*oh2bH;f1 zkys_ldMLc`jZGIWSTuwrX7;%0Hu$_EhlktxbNL%wfl4a@*ZE8h*7Na6*{!*s4gzdzsOJy~YKKGljSt@~95@tet0!oJemTbdcJM<0TM+ia7cZ!L&K6PA zdDC7#pRBqkYf7=+7}lm;ZfCm>Mm}G5A&paO^TZtZ;AP_3Cgi7gq12t=B4(l}iA_a!_ME9vh>(QzXy|g{SeJV*GG)bxvGV2+@Aq zgQuqL#r9aWMas)TepyO-3~{1UdrZJF)%US%1TzjJZs<`zjDk#=Zn}YND73?k=-v#t z*Maqlz7n1uK#|W{ZU0qAt+!>0y5Zq%E<%|4ok5so1gG60{;Se;M2Eae5G~j&T=FaD z7-!uQ^z!SNY92+xrQlBw^-Z7cV(n*|A(E94!|2d6bdjQu>i|=8aRh0Rl_Xzy6>y(g z)GWf7-&nO4G?z^KjqzJiMk|JO&-0DU!{oXNdBSNS%5brfCQ)I;Wc# zij#N@i1;zlqyW4x_ytS7TzQ6rv3uXW)xY;b`FvBiuKw_GNt9ld@zn4WTdo7EFYfu9 zwFy+`x9=}Su!^vQ{e!`5+Dff$8qt|+(s=$4W&A+r_Ud?}192i0d?vXa7asq;HDLjy zGdK4x#yHAZPVacOePS$FqW-(lkicwU`Vk$E)ZCrLp>KAH)vTSv8MuGqR?hJ+ zNzf+vnLA`~JRy@c?DBpVMDX_~zdQ8R5CnJhiMA7yJmbn4m^$?XiYe9h2>O)g@D>3* zQaL!tta4z$7PQ$_35)3r?_OIm-MbDK?3)AQ`Xgf)7!h(iV6bbU0>65t13EO zB(&3*Ga@AT|K0e%oA(cH+<97c;UIq?~tL;RV2kfu1UZJA<+qF&A6mK zpAm_7|KBi(d3gDnB(~67aI&!a4%6%Er;8d7;j9kh*)avD2heUTMx~w`B7U?Tb4i1i7 zy{Sgg)~CoAc9`#=S>(S~4b-c(ya8-$S;8HW;6$?jI+(H>LyYUU4&S!`vBl2L6sxLgffKP0y+UOp$kiUH+Q2p48y(G&C%OZ zq(z8@@G-w~hL|RP5cA7c8DzmrOF8>v?~W_V$}wi_(SPOk)T76#CEw-!2Cr z+g-onDH-@-e{!pJVbsa9-8P@0Kh|YK2|I?hwSP*9N!UcN0v&MWgL&}au`3VyGTy?< z4$*AHYWWtA2ghfl0b%J?K!mYLRuFxAXHBoA zV~}Ds6TV+v=o=7t=%MrYRaf+z$PEkpJ6CAg`IWK!Zr#=EHtSyfZxJRCo`jgRrHkcGMP5HdsUxovMJBqNFI!J_?KW`!cQP| zyyVR5r~Ek|CcB7xR5~P`w_BX7NfX^qgtD)OD7C1_sX?-=1+qt?Vw}6!i{91ujr7V{XAUP55H#xAlppO54L%{gIheVPUeQE`z&%d%(ll?HwYoG|_KnEFTel{9_45~c~$OmQ^ zS^O0blNkUEOd|hi7{am@KshkS7#?KVKKVlCNeyz!#WD3S%K41&Zxv>4B zlWP^vnQ18A3!OP_;(Vax0E8DC?7yV`Sh(1VBRl=d(F@sV79a`xi?vUW&y%c&?S_WdwZGzC>jAZ?aw2ouHC2#T%a5P1<70%h%)o5yznumLumQja zL5>~^rI>v#5;9AchM5FaKmDEk;8W+Bw|$oYt91{=*zh)h`?7Nqcj>1#XUSz|v_QP? zHJRDCxLlxpbhkFR4_ESBXN;v!4EMo=)puuvsW=Tdj}0N(^64D!ULT6ngjFIQEy4JO zB45};RnqU~hHUMQLvgqCI~!__Ptp9WB%w9l;l(TBr*`^`&;ANZK9PGr%W+V(kkt={ zM9ABoNREcq2uilJ2JAx0Pm{&;OFad_>9=K+3rM&2ou;a0SWm^ECDaL8V=SJ77$B&O zD&fhQ=V9^Ty!8Lw&Nqb@RmXOcBD+anP-D}CGJc4m(viOdV4Q_)6O8Dj!83$EW>ca4 zc0zZQEm(mK?uw^3z?-s2GbJ{$C$Dh1kiWt8jDrgFXdsNEqxh0 zS>9>7rFaRxAS){szxFYNJP*C*lO*p6P?Fct|JFH*z*32eI)%6Dg%slWh2swSQM3hY zt*OQRL+g22rjldOQ=P%lzum+i^ZTo!u|F^)|LTBze9{?YA{7K&!h#pIZ4LD#+Z|^ilC~w|tVQ~e-$3v4P0mv;n=AEU5 zUt2#f`F$|y-8!JSDQr*i>tkSrSdT@jNK^)_;1;^EfDfMQ#6Y>j=D z1aHpX;l66{__q(>0E8lt4^u)ZWuUyY`X?_NhPnL``F|yKgy3T%f}8AD{x}uBuazT- z9uQN7EnHRU_*Sc6)PpuBWb1swq2fY7O-<59)#ghL+EqJ3%COzE=tXu*mCAbkDlC(q z#u@HEK;>f~D%S{L$YlcTqyrqT*^ZQO7hRs!?iPPy21gfY@}9`gsh4*SbFP|7I5hS3 zLVPey!on}lPM?ZaW5JD2{~`sq2|1`CI)M%u@M&XO_cbS%J~=6vw?}-GZCuYlp)MvP zrRz_dnDzgPt5C*>80O#UCrvxQl8?qztb}8z-~DyNQqDjFZCW~>$yr6RZV1mqp-Rv0 zY-RPTO%?vaq>r7TQJpWeV^hH&AD{_9K3D)Vj{lQlb6m8!Dk&@aruk(tC-jK_V-83OvStR%IQ=V=pfX&>+l5-ThTkajJxq8rITTpj(xQFjkpOA=K5fiPeJn<%*DLlM&>%(qlI2ErD z@8eyJeg4>L2id9@O1b=#F__ZX5^WiCUO%_GV&O7Jg8zD+8lL^GRbK= z2WRmK5pJ&2uE(q!3>y6;zFRa;7CBN2-RUizb*P%L)d+_K7X%D%7lkItZkG4Fh{`9}P8#n;F8sxaMP$ts9(gN~@W-q}MeTzPU0s+hVC^-ik zwu7S7^CPz|TaxF1pH7jqbG#lC00GKi2p9fQ5puVX2%Yn*f8$J9{V#sFe$g^WyxJH{ zr+hhPDhq3zX3qtavL!g;qV9*IX&#}Ja$2|4SL$yHm2qAAhuwWvj3*W8;{1SLmM9a!a+9@14RgY z_!vfd!<=|x!q1EUvh^P`KzooCU0^2TzjNUKT5+8r{Jogn5M&(@Iv_I=I}ch<^saWe zl>CtflpBBC90>ClYcfJwo%{6@>c@=^rP5QmS)Rgi&wmU6Frq;g5`k$9b?8w1NLyrmayD0&UdNu<_AuolQKE4=baKqhLMYJ7(WegeoO@Q# zU#o9*bR1aOAujW~$g;(%dZI`Qf5*eM6}C>+J_N>s@mM(yO%!(b=Hz%-LpjTw0J9VF ze6Sq_W(Jl+I{xtr=up~4g+u&z{@V&=D*hL>U-y>e4Ax>jX^@LP?V`i2Y|S;4zXrTp z)^bX9oFdOXLNNizO5ZY6sM_jae>I(%ITOH@r+OKn**e&bBXuhK@zgas5S`E}cpaR` zEiO8fMf17h|CP1>{2&yAf}sY?wEu5X&Gj=prk0bNKPgOh1Ddblk){W=oJT=-057W& z){Z0&1wYH(O{P-JGdh4>G$0q~&PuUq<(i(E8YN-=fi@8YL8|~W9sirj&^0-}qUKeb zRI00tne323epQ9at0~?h7DN0hp0Iw`P9;VL9@PCI2 z4Y@|GG1H-l>=8BpHDmtR1RiFBdyeJGc%8w zQ=Dm>47y`eY~t=4gaWNbN}oySDVb4ey2@a#WNL#tkc=3B&=Nnc>D|!$%d@Eoe3act zQCtioxfk+5hLC7bVksFD&5(zC$S#{cRGKm<*X&P|0Zo5R8MK5l6aJgQo%28gyRTZR zUOgf{7c(m2aqU2VYyi~f5>aAIF!L_;xb%ai-TJZ^GW+YP)jN_l>Gu?qm*PpTZSEZM71CyScZeMp7R zs}M7L8*8*#gI&g`N9OYfj4B%hCJD@J{D+@W$LG7nTB~UT`9O|lMjrrHQ<9L0j87v# zJLNwnq=&p#kOU{@KC%`%1%2-ybZrzk02KP-@%%P$FPT>%+bnZEM8MgJ7`_ z9(PN>HG=n%$srixYyyB`U+_#MsH_55^N~+It>ZpVLOz{7tdC@0=Jz_G@`)9>uR;^S z6EPP2j};&u$cT|^-24<81E003!rX#yF9UvYRGLm5TyplU!Y5og{iWmeW0nB{rZ5Hk>~|i8UU-W$Hd7=^G2Eup38Z9L%9Vz_2*rS zy6}|lUqaCPca%5Vx&Q$3me!MQc1gnoNUZQQ7>cnkamdW zWhM3>gMiAva#&j^gYaKrhUPft>GH5c9%-gd!=pPZ)T%8k-oGrn_i}<`|J!qji3^AILE(-9H_j%gOkDc{~u*4 z&{e=MyQn%fidynO`W|PEpa{@3E`y{bnVo^ml3Y>rfE6S;{*45X0<{p7!Wja8#Tojt zIahYoN-My8P*Wo5FQh7?;ZCrDf-Eo|_LAHgbFg%Why$P4z&Y$tF7aRcuUg>hOn<;! zg+N&0pq;7z3A7!#mwgwkVtoNJYXzkq7#Eyh8amM^im2%mdH2dC_GVJr``~JFC$UEH z6IY3ygT}mF`h$a^%~YVZ2m(M;6Y4Yfo&6SF-^Z^%!ub&P4!|^ihoE<0g_tgJj@y0& z$dZ>~Sg|X#u$FF*yb7|H2mf&g5ak2%M+dan@DB|l_1bw9_^r1TQIxkTxf?Y42<3?B zRRGN7^aL#rpoU-(TCrq}X?Ia6##YG4O)~u&P%&^kzm-tiF#n^wV#(#`MH8WEcH|!m zU>6_*;{S+n=zFEJ#qN!#S^Ze;UbBh6t^$kts`l7?S+N7E7jMsDA=z9|1Z&x`5T(&T zL)Mu8<-dl#kNO}aiGSoP2x*IPvWym z9Skkt0&&=#XVK|&PWQi92>dJgGX5nn|Cz}DmF|yP!H_93wlBta+%s7j41}L5>-(WP z`Q#F?g9mOEn4tH2*=kcVb5jaol&tYOXkc_;4ePR(hDiBSzo!NiT)=;7m=SMs2Zi*! z;f#@QRl0uwfKwVk$u};dx4AEk6_X@RR~7|scsb_l@Bt~#8aUnW?h#8<8{5{NYO~+K z2NGKU$+_~sJXHQm75+UfhZd<1?`&5`81^%%cVu=QD#G^<)PDrP`CAPiygry_DFZo9 z{9x1)Ff+*Lgiu-5o4A4d7&>wn*J;>JN-*w!fPw4(3gX{t?tkboxvKf=vI%C)HwF*d zCSQWUHJO!I1}VuVV|5Fd&W#3rdE0?!!9P&)f2H#0e-zpO;bYlV64Yf}dLjT{Xh(d` zmF<)mSj8MdcfnTETH*ibZtZU<%2RHQ7 zBTA3MDjP_T#1{2$q!hIPWD8nZ!4ro*ewmOvOFE_p|h?0D7JCO2eKlxJibK0EIqSBkX5Ba~4_y5WOv42Dn zD7^P%I9eyWV5B#20)Yg-L1vX1ydk;dC98bD7$o5jWz<|hf^na*_hnPfs|55k{Xv3$ z1Ob71;NN=Z|L_zH>NigRPyHrl65O7Y(R3I)+CG zDK{NB{rv8Xcc@$eD;VStl}{SJed{!5^b0j55ge~)Tws8SinQ(XN--vXnQ$8YLu4!+ zKXAui#y7~>V#-ZDk0(bK_Jg+EZmAhzRf=CHxa5!vGoU*B^v|_dJg|B zS^iI-%J}QDrT=ez3Iz4HE`h#RCPy%>PwW5}VVVVz2o6RYbEGdepymhhaYNcXf&20I zUCop5mcpe$<7XA4;*`L!sXtzcbb-8z`6EC;<1l?XH1tjn5&-h^rdZue(}H0D=3+++ zjVx8s192~#F+S2PL{|KP?W!+L3YTycE>(v*Be!^&vK<6n-sMgk07&1#oIhIaQ0Zf? zF&TmEGa3Uh554F?azJd>&0-DGZiKUOo!<^w#PS3EPzapPIgfK)x60wo&mFd!P&)D z%Nx_h|GZE2*J%6qfXMofe)!k;>ydYJGx*I3JiM8pfDo*|PKb>~f0oEf0#*NySv*jr z0nvZdfz&$yfSjPCTu$!an1h%)1fH7eDh`HfSYv@(P&Vg0rEl{%B(We%9P4FNP1NmD zKBMWAhey+YVfp&0cDE9l&YBb1?W&q%TY0dZxvXLVzGo*FB^kD){4k`qfalG0!naYf z8%Krq5>w>lKvyLz6jk^GHu{V!v}DpBpJ2E^K1uvX7Qm1wd2+a()EEPq!CPpNakDuD z!0@5(zAXv48y*bGV?0Z_Q`!KPz1gbpBX#gCej3sJ7nBeD|G07z@64TLgAwUWAL zi&qEyX5C!d>6F0m{LqtQJc508j=3NH=T7j#f8F`_d>@u{h6(HvFg#a}w~q{9EuX)0 zl|ns6?iIQzFh%jXpMupM9vQq37Na z7ZFB5`J#>4s9m5O*)pmlHOVZ@_zF;XyP(gq}2iB_b zC_aB% z7Sx`lg69o8yo0_bKed;j1xNf({GmQq>&jS+Js(a6*6}NX4YlVfO0i*f&Vvp5Q~Y>W z@!CYJh1zk4KNP_Az@)AjMcBWX+g5jTlKEujMja=i31R7jA7c zhx#rHr0!7LeP(J7s9X^oN@?^iIOOQOIh74+s3!$5e$Tlx3JJ_UUu{1ETidIk`WTCc zla7QXsm2eIM5Z>-bvKcf?*Q;zEP6MwoTcH)z5I8~Q6g+{2+j{*TOhws-Ah3K@*lVZ z3t{K*@H$7d9^hoM78Cha+iaZVmumMeh7gsY7SVRnV)mq#pUw0$0=FS>#k?Ml$|WuZSA(V2K%mS;iiT3ya-3%)HsC zWHYUGU%Id)i8W!CEiH4AZUDu-V_qZbIs*Dy2n`!_+FE_aD}U@z+uFB?z1o_@_#AtL zbX7x}WWj83PEtR)(9bJdK^%rL%H3XgN;&w~z!FL-D zn?a>xEdki+9Otq=JNSbxxl-oZfls_V5Bj7_^QRHqL>UwLCY_&oMbZJ2RPq{ zDo`)y`A#!chqDAw*O<(|)TYJ;&kJOTe#r_PY<~2e{3;yoeU!=^N;BQ$L0G&roR<^3 ziaX?i{8ECn7>uY;wDb!cyH4WGI%KMr69rTI=0O*BmG7>TOLFj*9w?4J2Ha~x!nXhZ zwL5q3Kq8BoY$7r2O`A?kV6TxF>|wIXcA}(+p&^XSz9vxAqDuG#xxdYFmu~4S%Dhte zyypiWe;BX)A~mH>kfu?M`?THrcd)`kM?yEVyY)RD%M_eYaHA+F>Bb-qL|-2;@5FTR zG1?zggb;_Tvx~h3GZyAuC#^nDyIWSxYw0eL*j8N!Ho}*wHWO(z?=h&cOPHPU@kJNx zV5Ez?ONL+{uH~a;u(Dl;!E%n@6UP+&iDiM^lZLz1W~`2FABqV*a)jHkvgPwl`8z8w$CtfmKiyQ!&TTG7T%g8HG$bNKk-+%hl9 zH$Qd7yoFBG%M2s(aRrm^mOi6Ka-Y7qT>e}!uZ=J8SO53T>BVKEG0WGS8-J^KvX#%# z^Nr@3L1|qZf;sc@`c=HI=_{APmX;*x{`)+cKM_QOM(yOL0OlcmuZ`i}5K;81OtJX| z5xnW<{w9m(Fl%k*`(_e+gV@aa%M;3EMg_X82DeNC<3VKB?F|c9CQ&*jwUoPkBi($3 zvhNv_@!9wf*!uwODN?o(njnz1l7?o z6ER0aK8A-C#f90^?_s*YK*o8rmebnw(XuChOYZG;8=M|K>05fZ!saIk7jcPHxbB|9 zxLvCWt}@#obD|tyoM-^5yc9T#{{*|86Dx|(KGj8s2NBO?25${w92|pe~diJ&@1IFAu!(DE`%k@m*t#Q z7$Mg@D7u3#dGvCS{)oQl+g?;a?WvE)g+KXrzGe#fk$!N(ZVczZT0ZzC;$3k?tZP4I znjwIDKXgYllUD=8=Rhw$POHJHdR3I$Clwp=NtQU`@#sOO{!g-2vir`Ma1h16hBsUr z3_&%srFvT2Z={lInzbK={UM!);&46GX#Iafhg~+l=zUL+Y2Wwu&8<0DSZ+zZ#gzBc zosURb__3{otnd3dz1D>77c71Kd>^fTN=22z>V5Dbk=p_rjpp$% z(eE4X@U}bUPX_o~56NF5neJDq8&x@g8ZHO1OZUq-!K9??dG?hslX~uPL~$!#PoIRZ zTtWlCz4H+xyJ|>X;`{SwRC1J2)WYuNS*=GZoWH9RQrSR%eQM)gBtAtUwH#9{f)Mqp z;gjn9t(!nxNUyHO!cS^^xDII&3tmvYc^DTeWUJOzAF)Qspy6lTh{QJetovwRFgh!i zYG?4RGi;g|m+Gg#3a2v$5Do@1buV`G)T(TV`pM5c`zVn+CG&?oKFUeRkKWO_)*FvJ zwGnG}ANeDu%)z8V*nF>Y>-3t^-;H>3#~jeVRM6fw#Yz%8bko){*I@aE4$%vF=bA6Y z%)Ai=tEg`b37~C%i;2jL80(14M8)#q78kkRKh88qjTM{rVPq?*HuZrm9jj|rGRcCI zLv6@9hpqS3naxd5V2359WOOhIz*bY!S!5ra5^-v==-^PdO}JaXH!P&JLv>|{!$|#h zH;|sVgVvjD3%k(K-Gbv?D23WJZR=>{jc5(GW!gSzpG3s&d`?Oq`uOxgfQqz1udcLF zKpb!y;X)0*hQj{gmE#PaV}ZddWiIWR+WxV``}ULOkO_g{puigi0BriKXS2S9Q~pxU z@MmuD*&HvL@lic&*N15j$On`#h+n4C&nKfMM+2y^17H03GzT{6+CJ)(1Cu*1#%#3K z;M~0(-d|O&Q0yS3f+tMbZdZj!u6X)yW*Qi(>07F3OoMB4rYbJYvu$}=m+ z{_2WROe^v&h*SSWoDMkvJfMC86R%$Qrn1PR?iUvxj5|~(x<0!1?KI~{B4&7s z1>2)n7|mPPA&OEc#@3LPg7W^=N;MjewapQ+%6;E6>w_l8piDn55eDlk&)ehQtlWty zNk#E8&kj5sk5!SHdU_t6mSrnZpiN7DJ_MWU8VAeETrPba)gTiC(NL6_iuil31}&p7 zZ}5=GpAd=VSS7r%Z}vNJ`OXb10zTwSdl+A`A9`-QllVId_FEdH>DL8fzx|H=!Z-L^ zBU^k%_Tq)p7CO=ohCq10%*k5R* zxni@Zbss%uY3JG~<}6^bt4FCupeKn>ZVUuP*R z`hz=qU^($Z+{Y8B{*gw}lTFP(g~|Ur&arMyVim6b`06qpkC0Vs>rhUn7AJSr-nNdra}B zcD7pY+dTIY^!?%tn2Ac@U1o`qPB%_cXUqwD-vs4@)NXer@N=G3%9EMp^S&G!$rZFP z^^h4-ThUk5B1&&9EL%lIaZ{FzF}*A_d|XPrlnOu#9gN)Iqk3XCQ%TF7ul?Nb>vH;< zzHe^xd2$#=U9SyX`eaj>j%0IHyOn7l1|{g|1BsjxAr)n{b9CyAhAUSbd^wza4V&T( z4OuT#KJ^Pj!?xZzo&(=m9Y8kB$YJbHyW*A)41W7Jb0?a!%OCn2 zk!+w%kDVR0bW8?^H$5UcP%-svFa}pwK0a}UkB)h$z8OJ{{vwT0(AGD}HO@HP7s1(b zbPYA(=LCHmSaq8>y4`sq!$mKT{RU@8vSwLh1X1PP7HQOhbQ($tI&lc2YPK^@(`eMo zs?bH^sL}KTVeO)D{)JwXDCH^o)lNsfEi?e*f38fOPt#dNIrU394!ma!uH)mAG99(K5Qn;C_kLZN zAx2ya;qvEaMb8O}DsCfw4t}(r}3gTT%c1 zJ2&)_?4<(-r71~o=kej$fga|nCq*^PcU4IJTQin|T2M_9s|yPeFdjzpgA1VAps#{g z)C+Sl0_Tc&bug4mqY3ddZCkr;)(f##t+^-csgC-F`RX-popUx~$NA8_$|!#HEwBP!=DY4RLD{5e6IoZb6n0h3h=}aG)mTno0eR(O$zF`8K9RK zUzgL+KIv$LAiWBqb^^p_yv?3v7*x%+ILC5C#QRW?LWXM@fB6MVIax@JEk5~t<9*XV zHsmyAe#soRnAdiwlc;CL(M1~4Y1bB2R!`x5F=8ml#ndn7zbDh`5=t8{I?dV>k?7m|&ZTUhJ zdPeQ!Qc0~7wHClFeFGpg4~%H$T-|`noDfczEz$6`v(FF?-HrGTsf}VBete~MFkTro zk<)*-dF4YCZbva}vDC`$pHWS0)xOP7AC_y}mWp9A-{?*v6?3^R#hYcNpYN_;O=g|_ zj(%LQmA%KtO=TJ+#9S$r!j_4`o!@eO{V*=Q(@<}KRRqsPa~hn}UVns^H>exLuZ&@W zt#8797FE!DIgJMS-CW@JYiH==ivI$v-^ZQcUahzT#^i>XF+vGiCUMTb`O8PgW|MqT zsg9O&Zt@+egSi|FUHU4jeMJW|KTv?ortnB1Uys8sXc>&0u2*L|hL&at;<@&0au5#7xuFdmW@ZGvt znKB@zRu}0}#cc)sk34|Q{%t@tKgf#=0pI%_#i>B(SU)tOw#FVZ_ZzZIer+t8)yiRP zSfFlxemXxkMe-zD1{7bRT){mJfd_<}Z&R;Q1H#Ku^I?Pa+i&2?{dyngwr=uLp0XGssL4Fh zQ~Tw{HKiw2BED!|gTvj3z^%~NR{b2CWYrZlw(@)dDl}IDgsRUUP3s+G zHU~a^qEb^MB_Yf8xky9YHj$q|XFq2(R@0omkc&(XuIZqudkqCERjm+ZY}s$U+kG)^ zcS|pYHt>h(^WG&^9Vg1%b!mB4fl#9u04hp$52z#> z;7~99Je|YFsJMmIQeAUs6?(h(S_0LJ-#Xz>EKS5?ZPPX$i)=bpe)<3=@-2}QGwBuo!BQCJww-#dSv&A(&;MKa9D{FnfNF{CARuG zO7@QpbFO;zi!IRFzuMwU=>)aJZ(FDVih63X>XQ9I&JTMr!M}Fq73B6%i!)^+;+kV= z_nAv&daqaBgY5+{k0;5X+dZousKoBOg#0<}bgtKzr;4wn2qQP5Iy^SMw=ocEH&hR< zk|>9hd}NK*8AzYRrz~&fK{Sxb`DnN~O3aWF8Tb({mEuZDeSqUYP}8i+Fc?6?qXGOy z4a4LqgvZG`h?}{R=YgmGg-s+<5sdf?PHqpv4(9B&t0q~C{T(6=j>0o!P&*=>5egB_ zc$vpsPQX~#D<8`XAra~WwOpe^tgw^ZGHIc%`}c2OY^rb6kcwpqq~~g+FeoMy>+2$X zfS;|;Zr;Ss_ge8fww@Ua-~;?^mNSdsSuLiKA%q4ft$#7T6l~w`c79-_75qK(UEEkP zXZBUFJ)VvA(4^iajs(SK=WrC@T3=EgORpLcJVVyk-E}8Mmo<|Ni2e7 za<&mDLHQl+XvKd#s!Spr3WoFQs9z3$`9y3G zIx*U6@n(4>L#2@;epjHIkWTV#db8I1UNf~Rtjs$bb)-em^jp3%t%(QCzSkN7K+$M8 zu$u)^aJRT)t%nMEMA7!f5#}XRbY>HGnpmbAO?>tjJ=G&{LyXp9#{vE=YI4 z4+6^M5LO$zZxeC(o#rTrHHJWu8K_|C3bU9>S1p^f|np#oGWGaGwJh!+^lhhv?z}S zj@TetqQ38Pn}=L^%(rKnF`}e?@HLpefzaK>*?Jdz1{-BVw0C17Pf10D?|h})MhntO zZUeocds))NdESV^7?qpf%a&c5qCLZFP2;+EW`C^gRI7yED^0bW`Ao^WG3_}$NPJzR zRaQ)Nl0@o*+@^&;ue8P|oc!Jb2wgaW(hwy^86J~ne?~WI{cdlW*$1(_vU?>o|Lgf& zWJ+KH(Q8ahAzV!P_JO2GPXuF2Wdyo6o%{4wemJA{=(6*eR)f*+Mc*)BgLm<8NI~KF zgEoZ<$yhXOcw4W%Vs}#qO4iLj*E8me4%LC!Rx}gom+!~U75^ZuMG zfEe=_7;r=_0r3g}FV-(a5&@l0!{!3XK=7jjGgP&i!BIG7E*RvclS?u{y)R>C%998i zT8ze-m;^SHJ!aNO2=5+dQlMn$S60+eb;J>9t_5Sws`k|qH&(;=+k<|}ZIkJY$Dx7g z^xA@Gw(!Z|{~u-V;9gnNck8a$wr$(CZQHhOcdU+$j_stAbkZ?9w%svL-e&o!8Yl8G#Y_h};$2NS< z{NTRFKMuS28g`%=^6m5@H~+3Odr)-~{o*Nt>E%LK1tikkba9;qCKtT%NyE2jFALnX z2()6dpMLiX6f^hSNOkEfV(70poYC(Y>cD`!gkl8Cv5gWQ{wlThTdJpLKGaP$v%C8* zTT#X&V~f#)6yAaz=}&;-*9-s}Aj7Kt48-;di?`Y#YOtt3^3ceGX>{@-{zHW*$Zq|2 zD{)tgAfA+>pel>sgumYxKyA=b{=vN zyyo|yUG{57gfRQb)*sOznoWu#oXS%}D5F@t?hwBd6vO=G3k1Ztd^4WeVKT|zCT~$~ z2gZyopIq>7e4mq+f1~iP@^E< zy9O*jDMT{fn;LelJwDYuTep4VMH1|43* zKrv#N$e}M#6arl+!g)?vgF3(qr8MMB@a#DC(^k9P`c5L10Mx^I)j)!r(kM&hsqABr zU7%3^SrCYC18zXAC#10szb&=CF8907KcfPNtBk>ZTb(PP`%vmI>??&*mM^BwkmL*t zyly|5mmp&X1Eoe+Sz4g>cegGFtNpDf1$)4L+aBA4X!=2omJc~NdQ)h-h}^6o%%K=* zM9z5GRY$B{AIU1;m99c~HY|w#O{EpvgkTj?Uyi`aTuR1q&)}&2bU=0IE1|gc&}vS% zwFrQLo5e+BW?%fFSEhFh+eql}I^x%kZDaK@!dLJDxrZv}3R54GY|bJmn543YSR)RZ zqE5-3cEvfw7e;wt=iD+wl%!^nG!ZY`1;;# z#1^1yqzw~xJwB$WT|U;?e3@=iY(aW=NTn<=$H(x)vFh@SST$3%ZNt6y8MW~H^NuEW zrq0e4L^pze19%z3$JekjX92fo&QJPcNOS%DKT{uYN~&;A>3Y zAa0utJa406^R4+aGTxME0zgo>>N>|$gg_~FA=WQ4DCNt7#eSRx#AWk62-66#TG1-> z6qq9|ZPVyx3}HSg$zFDVbL%sC!(>6l=Ua?%m67}bHQ^B@Tmsvwr%r{olQCFZD$Sn=UtQ`bp4LTOpmqx!3H4XCHR@#%I}rCTtXp2U~< z8yapb>k*z71*4es(7}Xxn$*^D?suYuX4yB~(eQ!p45dciW6Dhh`W}p}uXL|@s@nNQ z^7vcfG_%7_VIL&{clgxCz3NU#z8?0ND*B9fO{1gnoRKD2whWGB*fa_@0J0^BbX@dY-a>zMm(i|lo21P~YC{rB)30y`yWD7SOr~jU* z))uK59a-K&J%S-5fWyLi1mEMJO@fQZK7Dnm#)=|H(b$gwNXU#(TV2wvr-Tq`0D(@p zOc3$*J0_eZ*r4v=)kXDJO{wBv-H5((-{zpr5TKh%Pb#oz7J%W%MHtU4jY%w>of`}Y zBAOQqVYk*hgPzBD(L|fq4S6-o=9Dx_>x`EL6-o;of4OnX4KosOgNJWLZ~3C6^#}IB z9QrH|1nRdjp8oo>0M~!(A@Il?O~Leb;5*uad$3S9!dDe%b+pEqQXw38+F>F!up_BK zcy0cc&7#KdD&L%lHh|{!=(;js;(=97T4smN)WYr0IX*?9j%c_0dF#+#a&xEdV}xSC zl)fbZzEwZhv5BOgd*sWlsMY8U-5nszZU0n$2zW>Ne5)d@(>hn*HRQ64(9~Y3Wr*Js zqj`S;VSj=v8?_$6Vg8aouUC-W*?Pcas}|CyLSg4O4J$GVPxk{0uhD`>jRgdGLqD(n z4ChyG^np(B#roZDzf`7;8olG-34Qnn<4*|D8(BF^fxx2nT}iMX462n7NR3wp_7*xy z@R7tDKtDua^0WF4ZV4g?$xndCeT?syo4NRlKttde7Vrh{@fiy}Pdnt(MC~tze zZe2gtBt_Y`E+l!w7d||6WcT?U4^8R*=8?d0?z3sWq9)6wlDsS(3^u%caf(8YZFVh% z#ZAt!3Sq>>fYJH@)ogd|egwU3F%hI7ahj0wwB+ph{NS9^sLb&0E~M_lcy(AKA!yY1)e@kxI%GhU(@Wc=p$p3uc^OJJNTV`lFtV?0DI<> zcFhIbwwfoCCR&N#r(Q|aoFhvZ5p#ltOrBNPT3-5aG-fjgOj&FoSZrJ!I5u@Kr9C;y z1aj!OUVL2-=jQ8}Wqq=qKz)*DBN=&uMy*U)ZlivBMTS1#N5)+$t|Di5I~BUasz+tq zH%l!b1rCVreRVmjJ0+mr5qFHb@mYWJ9Cia9)ROYF^$Nw|=NZX<*3N?Rnc!fJu2s>? z6{?r0354Oso71z!iuJM}8=m*74>xPZrVk8{HnojCdO8xN-#?mPccOOisT(`uSkLnj zRHF>S3C2#Ub$l33CX@)_dee@?-OZDVTaS*iysrn#v5gpvslb+~_N-|7ZRj8dY8@na zGB74Zsp{`Wgit#m&;UjInuW- zk_sT5{mg1=_yV7+5uZ`-e}m{RCWhwmLnga8(4=6cb~K;a#lQ_CCT}&Nd|Dd~2T|Vf z_UwjZR9Bo&ZHKU`IVGp020LeL#g~6`fksDNr}B$Xl6vuJox~;88JIR8WpGma>v+k+ z7gZ|^Zd8zb zfFOQ~`uHyhFtF!7CjeV!nk&~y1_jG}mblokiK*J9nj?{RoDr3%YIzZ5;#KT^DYN7FdBp_#E0NMEG5PzIE zq+X3Z3-uo{D&&{xgB%itlm0oxj@@qN8#=P^&72o1^jos&W3C!GJ<)Syb35vY`?Z9$ z8v*a?=0=`vm;4M9J{#L0yN5C}^7r#{2pX$`u~SGtyR5o?tALb)32=97l;NX$TG~O| z*>a|VMtCX85-?d}Axt{$8r*02uKGsn+1Wj|^2iYDNn*Yt(hmdsi$ zS`D4IdxCu>#~mp?Y6OH*S3j;Em82~alBu764=PUp8E+V$Hh-BrVxjb<4NK>mA4a%B zbMeLUb{R?=VuZNLz+xzwIr7fX{8@ObchIQ}&bS6#EyHvT^~tm;CHR$L!z#OGdqaC$ zmh&AnX!l+Bv~>_z_?^uuev+cOK1q37X3eLNaM!cK4(Zxw8?nHDAM^vwn)q9z*GoSZ4ZSVoUxg_7JE2rVS0 zA<>LgvifFsSN(i8kV{vc-L-+h%vyHp`rvi2eFcPD7-s0k5_RcC=I}8SMRJ7iaM9`_AO?xxrcCN4;l)cw-s$_PtWoGbeS*yWEt%{akB2LUoin(aFUdt_rxax>T9ZuRV zd#pQ(BtPsSW93kPv2&g?E7&^g8em&I;s}(i<(3FA+uYI*U+^Q~@S;=m!nF zpafsf$Ic7SJ$ZLhnS8Vki4d$oc<+k>!Q4;I3ExfV8X+&Liqx->TdM8Dc3-^cn_wMQ z1rM{aeD6lH5Z1OOS(PuuIFs!4zM?5kVvD)`%uSso%>dyqdUuZnh}qpgRHCBpgh02a zI(Gd|sOVK_y5ctk`hEC1!X@)#OMU80^LkrM42T9~IHF_p93(EQSUy0T;)sNsDt|Ib z2knbQRBa&f?etV8ve4vm&&n1k-Mkc@Z9jT(x-9f`-tWoD{^#Lsk4?4dplRo;#zj}0 z&Ff(P&QPFX+{R*i5-*=^DrKXF-r^2*%3&@>1(q8X?jK9+`_vk4NNJR7SCV_ONSN`B zfO32@$*(5aG(m3j=((iqj`(SK(X}gLEUL86;|RCdo3$c3*-%v>4LyOZ{&+umu?;3* zEwuSqN6`3e!^Hc(8~;GcL@@*)w6TJ%00HnAe~(&ng!7E6 z1JU@of+x?fvT#041l^p?lhD*;Fz(v*^QSTG92G|wumCs7A%pm>37)+k0B(qtWrXP8nT850}0|fq~CWQE>okB+KWJ^=Rj;@-NQ zmS04>hp^?xwbxtwd#-*@_`(Uinj5!^5&UP=5f^-yBNGX^flgns4;8U9!+6y`6lDcG zwc^5)hZ>j*T5Xb=}45U*`1v$lamWZcB&U-s!2r14=Oc5iRrBXo}@Vv z%;+Q(czd@^3Mwk_WEm=xCjp`)6@e}0)8I3a;00|v$*4t3#zE!P#3O`N>dO?v^xuY9 zqkb@b9*Ok#4>9I!4>iWCBaiGVebMyEn^_I&%kwk+L=hEHT}>bdw^fbuw!Jhk7> zA8J8I$zFJS26Ud1uLo=6cXFHo5!ln51h_B9FBkjs^BeVgxgG-!&mg{B0WG=%v|oehtuvio%&pQH-RVXp))pH67VYYyT3a zz7(w@0dEr;Y1<9!!t$|$0LBWin&S}I;6$I6W9+j)WC_pQHAg~xp7XwC?d0Yq1-)#E z(+JQr*eIp*B90H0!s~GvcZ@ES%uczSC-wS8PT3oxVe8Oxrsl)qRp+T>kagEG8a(hx za+$`i$GK_H%BJy5bOg$c_Fx&80zlK(oASYOAC8iTQ@(1nn2bj?rneXm7pK0LLl6a! z$TXt`(&#$LWF_3_!u@PM{9x5`HnNrkr4>6sC&YKd0B#LjOkOicz;tP92NfTFhDUZt z75Tojx|vbElgM@+uv5-o`+&B2I!SeZ>ZF01aWUaHkZoXsl+`QhKvlhoiM+oZxw9z3 z3RnJu9hFAFWR9NmUTjuW*t4E<8EbKz(mxnZBt$GW!^hX{J8(U3y@R&t<^t z(E{u6``%b*&PU4rt;B+?;RNs8G*CaCtQW>F)1M%i)d$f48X5YexjCslfq5ytJy?~? zp43RV_sv!i0jF{|I3cqh-IW#G1SMDJWHo7rFA8!EQw_G$ zglQ@IWyzt?Szr(SJraZvf!lKE<-|xtUz0bU;3vY(#;5xzq8)XY$UxJPUle+sF@WN} zNWC#Qwyf%W5j5}*d601Vz#6fNn7^7Q70L9!&aN{G!XC7gAXpM&kUiwBQA*phyv>`J zA;p8~&`9wvr9KB825}eer(sAn^7iDdWpmaO^#`)hvzhYO_kr0oROd^@DYw0e^ z6^;gtab%RnIB>RR72@9W*;uJ<@S7Pc<9p>Vm|UicAaeI91st^+NKE8Ybq0rToc9!> z2}@J8=H#mvvLLm09~~Tpy0mKpHnOFKE}1?2_ic5~urOocM`Q?VkhZ^Us*U}Wp7*aT zg*Ps7E*)H12@}a`mYObcfwOYZ6ch6W-NoC&Av<&7Fd_zNZa{T?=G0RINy(g&$B73jxB z)Q$r~->2;4In;_9b>%%FD%u}@U4qqHopEb}(Im*h`Fb0(r2|D!($-HjNFJszPS}CF zT_0@_o4Jrc#rfF5SPJNgcg}P+l?UDpgJ~cK8s+jqatka8LiVESUG{^42-Y)!=JspN z#WEaWd`LtD5LwueDCr3n1GH-Vc~r1Z&KS^c7kZ^?!Cc z2;NqUMJ)TS1Y6{b$6%|q9-G6<`yD&!n8&45)|a6VrFS8x@1yUS3{;O0Ypw_R?S7-$ zw+8dq?tJ2W$tBsjyev6);-c=I=~0)qdJF2d1u#tJX~uI+s1+P_QaT|`bLZO0hY@tuEE81Zi-KM9Y?AitI3uwxJRIh&4AP+e-r3{P+!g;jlo6c4C>GSLu5l2*EB# zZRZ3v<}XJE6M@5g#h|+QAzZZQCQ&rR``wBEsqV``Ez_Zpyt1C?8tbyc&sh_)?JiZ_ zMq{1i5C*rWfDF(~l$n^+)=<|Ncqh=gbVOGF7g1IjDzV1KzOD-$+3Gdyj@km+s3>A1( zaE}MJ^AUJ03G#U%iyO0+Zttm7p#uwiC#2aF0yCwiEC5PNk-0*?Pk4-)(qZqVI1O3 zt#vdMuA(-sNT$(dnvrD7u|i_ZCb!aRJ9=_{S3I z-WQ*8DR2j^F>?`KU?Q%fl8#R(q5nqR&6<@qTnoSgu8b=KFMF0^Eik+wbqF#Y8Y-Et zejZ9|WK&`Z>3eQUFH-iZORyaxbd3L1$VUBR_L4uci#%FVW_7m+1(q_hePgx#El6XFdp4E?#HVSrX7QbHEFoz1fs9(Yv_*8?+-DP4fxuTF zI91j^EKKG)78n)vOvYQ7^$Go2I2nbTP`QIPQI<Yi6A$)V8- zEPbOI(Ug2zDJwKm8R;_Z@1kFNb>|0-!>9o-M-YUH=d)IME(za;$3erOVvigRl$u*AyD@s#TD zrl$96WX(z=TqijY6uuFv{cr`v-MM1($FR&>{99pKhl8~!2Z2fy3XNvMwH2&}{=J+1 zn_B5KSa#^Lpr{&>=G$*`CuKISiYFFohpTqE-{mO=WM>{8mD4p1VBK?<nT`12|1=J*H3;sKhOMl54fzW{x zdO;e#r1TfB6<@M)j7d$+S)v#_Fu7f_5EF)D=z>%nU*`2lJ(WBd6y{0uZ^SD2>H&hX zzDtnh zh4xG_BVu|R+gek+E{d6o;;kSYAolke>!pAhw=Luf8jM6NZ*3#UXFHkcbTR6F&2lq@ zhswP&{;ovsox>7ee}4%)>iC`EE1p)$CfpB^WwF*^kpbHK@CW17&I@>I?4Frh8ZG%! zh%OVm!B85VD_tZF>*_4AnkBk56?-ZwbsIqZztK<^GiE82{LQNP`5N~hXL zE#d%z-HS=bLeD6?*U;sS?1<%$Bow4voVB{PUlb}$2w#j-XXctYPAe3@EXdgMbrNei zg;D2)G;nFB8=g^$e;j*w-N1+StlT!qzqogs0h?xOb1CCP`qYX`8{ja2K70GOGo&Up zX8LDy(#^?E2(42-DGO^0B*0J%VDm_Sh%2@_nvk^WBQxCHjwBqnQ)|YO3{xc~6)5!D zdXz3sQX--4vIures6)}>-eh?0)ROeB7nx{9H53$at0;ic9P`K_C8wurX`U8SO@XOs z8;S#yZZTJgUi;qbe&iALhlPUdl(blcu4A$4g>rxt{OT0k3dijMmU~6{)*<1=*#K!2 z`?w66g111@o_2~vU2%+7-h-bvrlz7p)Gqt`XV~@?R&iu6B;`AV zR7R#>T@o|UiIB`(Zo<2*oT7kIKSW=u1h~P56LSG~TaFnskX{r1k&!9$Tv}j49mW)WCUZgX%A+Y zcU6xZRJ(Sh^2~!AFz)784wxqowT{e-kC2erOwZ(%`h;FPOQ*9g=^aKRkf5ydbx#QC zCu!=vp{mhTVo9*ql#Oy;Mh2ep8mS%~z73XW-=WB5megwUOeSV)majIhzndGoxV0*% zH)!!(uS7$M2QYQE3-w~OusS7=aLn18jWjQ!j)xgQj2a?59l$AnxHefvfq$=ku4oHK zz4;Mog1aqK;d*3LJ)kP0n{5O9vpHWlX!jDx@B7N#p3M4*Y$+9#5E1glL1wD<7z)p= zx;(o$g{2t22Q^2TQfL`z(8}X%_u~OV)1p|y$0J=iOvwS*BEc-yU{WZ}Dy)1*{_!!- zQ3pz4G(LiJTka^bwlzGGl#D{V_teA`h$a3}`-{bdtYmIGIzIg)A&7f-c%6CwU>WJ& zs)BLso%3L?#J;qf)kp{T&*wOoY#J~Q1%bDbGb$5VkIX5nEmhXnW|vs8Dc+}v+%6Uo zglG!pOD{00wAbSXYM>Z8=IijxSFjWCb3cRWJr~;+`2v_mkpK+a)O#VDy^QinjM_J4 zplQHpgfeytov4lFhxc#!{@yJa4GeZX7kOLpuwde?6YQ`lU-je5dfSrUZ*+%Ljxd$fZE8)KKH$&>d@O|G_){dm!{iD$ zlA5QgNvK>_L`v5wJWs1O|2!jL|B)mRfqfUAoEjRgBB3A39er*5Fl=?vA!Y9u+%p_P zmTsW9Aug}rOA>V*urtl#(LZ62*w*ysFW6j9-7Yc`>q|xkgyn3_9sy| z%74-R-j+xQT*$hIQs;onRr!R#cO_EQ?uklUT+N9Ml*v4%-+_^QJ5VL9(1SY}e)jee zf#oE691<(6>AVisQ{9YZO@Ayk(m@G!xba%k$lxUV=P=niIBaDukW#()GycBFG@>+y zy7viVusrzKMPnbxcJFO#GRz2J8uTyxSmiz+8@7rgYPO4J1Ooq){%l5@s09Z!{K1ye zR-K{E%ccW2u!g{fu5Eo*!p3l;y*%2+50Yn^I#r~Qtep*hwqg>CQC+sh(t_3*R+iVI z5KFXUxGw+s(PSof$VFz-`$w)y1hG1h90ShqZdbIY%o*FT*#*8MII@FMU3?}JWR;##eX{2PIyh5lSqPDzJcfffTxbGxq z{HR>2$*bqo%vxRPadCFFmM@C_aj{?fnVEi$EaD}c z4ULV)>Hc08Ha|l4Eev!U!lsI!#uXwWE=9~^$z=Kk9xqBs>yaksasD@CR>9cONbGwA z)CJh7Z|z$eR3`KW3`cg#&5UOEQpKQ2hnwVAMdAQA4!r1O6|vVo(B`GqItDm&y|>ON z)93B!?p*i@Yse)i8terPg*TXM%*+`Zie(bo$bQ+0QsITSuco z!;$B%9-0}m8Yxz~>mJ#3#e(GT*{cgv1u3pkLV9cM=pvB>9Gc~;EB7bjzHF!uC~8hH zh)S{ufmz-;*^;+Z^1ankZ2eJveFnEq%&#*Oy8#y=ZHY=6wQmD&(Z_Qoyp_k1OLCC3 z-CcI;Wxu<>+98DEAGk~HKfO0G#n>kbYSdEIZ--GuiJ7nqg4 zVKYIsqvXlbOc+Zjvafjvy*W*dcZU4Z5g^^b!}1L)bhH@)7ox^Eh%ujkOe_*ZFk;fj zO5uKN%xoH&1eKn@N)>YGt|W~wnx8H8#WNJcO`3xfXv~Oro7pE9**Cb+u|9h>Zhz9o zX9gYwsirCF+fEJMQwI@(V9$Mxn)V24TC3|JdmA;*O|Za91hPidZJFSqPkyO0XG_xB z4q-gDZ~<$_F|if^kziAnI+<-C1@lWh^>A=2E{&3NK-5Yf4#%1o|o= zk+Id$8W$KS*5?lbJ|*QK;4<}u&KCCZvC^+!FH)BrG&`l8?4*)N=ONvx;pSSx15_{b znCK;>My!;gkXNPRy9HiJfr|w>?SCfT@4#Td_cjfyRn)?rzSM2R9;M4agJz$q5aNle z93M3qwS!!GyuR5gGdFE-t!3Hg+GKno(<$xSAP>bg=vwHsYsvbZiJ_A>jJuT(Agt>} zcV@n$uwv})Q;^`gl*E4ABW2>BY95e0y~`%LfxiYcqy!;4A(i|SO0Z*u_CPVBH*?pJ z>TN+RuU~cvthT_X`j+kPP^BAq>{}V%Mc9b7E275SD|Uo9LQP#wouWwN&t=-%cq6W4 zER`okk>DUVMYb^KuVvRsse;qi>~%rdXyU4t+l-l+DCKk!k~PjBr<^$4m7OsAlTj4w z-1;o8HW%7c43npwvH|=h1at@<=K$YgGjh4@Aj!5Sg!Qq`)1n-@TJK0Im`GRy!jG$v zF%npy!e*y^6eVt3twhXYU!=y(V=9cCh}W8o{RB7gpWSTpH<6x2L0*)pkhpry zF%_Z3)ORyJ#7Jcwrc3R+G^W5Jj*C^jo)D1s)rX8yF?tq6ZGCXrn*Qc=?=GtvTmdEh zM^SwUIUFt`u|b>$w#;d2afBvp&}Ak*OnuiWkqL|Vp+(TZ^wfINUi^lEva2gv&?m_4 z9Zy_s<)!+kt2KKX9gXTzo(O}Vcv>B_7Me9WZ#ZSV2&BiK>0_R48#oHsMxN5y)AI`7 zw)A=~3L8TT;{3>Te_vFST6@4QlHikiRWQNxB*g5R+aIV&4#o#4XMhd%?fqzbJ48+~ zV!B<)=cYJy-{r9y3QUYT!=bJ5clV!|;>r#_Pj)nsGT+hPiwb3*-Q4lD@bk09S*Z>2 zp4;CHMGEOiNJ$lHaI_QlA@p&`(>bHX~}l zZ^T@HBdTpKhH3V}^^I9RRT5t8bW?P93q0l_?7J>~y!#%NvTTMs3GeBc@kCZn4H#3E z2;s2MLv6lx!t9+PY77>YakQDKTX)&n7{*wnXG1G`hRbHGapGtjMB=7!w06_Eu@Wu5 z?M6bgE0eOjxG3Tlo8|Cae!I6hpI+!lsufrVUq><&Dzqwza9z}zZC|2xC$4hE-fZC$ zO~i4%ag<|>fx@|f{>9mRD~dEu8Dpfw2n4u5bP+z3b0vlD^Ca`vbOhGnLiE*qY>Vs; z6-oIUQsIcB@MP#*1V;_v6(;E8b%s>qYl?P?%lNo`b;A}^y;O7KOYR=I1tl3hG}-CE z>hE4P>74pO4D%3tUxj{b&e8m|e-yUvAR7^H$vtz&sU7%HKg^P*2xV1(?>5kgn0Q^N zW-)SID6(}$I`EBj!#E||kHP)-YKuO3+&~`)vgSYNQ6K=KtxxjQ&|lzINTW=?wn;Jw z*ERs)6P1WI2Y^+u@q5a?<~e*o#{YV|wQIEc3@M*ZRxSSR3P6$}0TVTClt-y22&a7W z`^xnb-t0&OCg<3snvGuJ1!Z$nHWs_;B}qKj8i;4$gKoSVq)_+SJdko%TA*Dsb?AN1 zUTKe+oheF|7cldIkQB^+YRgGAG*)xNC`O;J1nj)e+8mhNmGmeflV1sC{Ls8zE~IdM zyB}-ZsZ)6W2j>#vlTr*2{4XCC3btH8(LrpeId_!hT^tx1h^sshCNT<7Vi%GC?Zp0(tjN!V1;H~m)00B|G-em+Sp4CCxHt*04pX%my7=HUtk4?JL zV$PeX1KC)`+(xgTdf7fn?%?32Vb+<3n3GDjzC!V0-Rm*ivJ#Pd!l$}-@eP50*TwUR z$^*0f7iSi)1>6>sN=6=E>xKBeEV0+D#6VeL!V}=6H+rgT++!3h%~4Gl!O!b52t~ z$QxcTNa33+AmELHNZy;5gV)7ZK6IpyyKLxONZ>i2Uqp_wz*PZABCu!IFOu^+62cC} zg1g=oMr~c#DbkA1PXCVU5c-RB^{cA9`xMz4%1xLJH4ofCsPR?xfc*h)7NtrQI7@_& zCB6RGr2ESAT05DU%U6)+6jZ?o%I9t+1Bgl*3{X-?2Jv&oJ&vsn&LxrHw|w>d7kS^s z3s)*iR^>vb1Xhj*UmfS`R#JyZm9VR%iA%fZ9TkSg*h5r6=X>b5?cx1wIyCC$1h;J^KjY;TE%+9*cXT*#^DAg ze7T~OBGqIo-JXN79CTvWD(ohsi&H}o{5ppL@K!Fy>1kiCDX)2b+AMk(Oyn6~o8h0r z=zTP|@=pncOUe_3u#33YuvHW!qA^=S0(TT{A^M@9plBpbZ_d%&w3=8pI=!Yqy{iV# z{9-0_G+#IF5D>696PMx~tB_(S5%f+FvA9y7HsIElI z=H{6?ZK;L(pHB$Op^3T_(n?{_PZnFa>O2mT$~&@)QlN6Oe5gGG`B#bA-p?+C%iNnJ z_k4e5Qqm4rRl+*m z;XDR+*z`l%Vijqw#M^i)=#gkIX~ngKX&>Z{_F}J@IdI7qM&;K)soad)-TBPZL+>;w z0a;1TxV({byXyr7`cfFw-tN=adJlln71$Cd4aY*H{!CXPJoQf9O$Cm8uU=Q8Uo5xjUe9nqY3 zaXYGnTfn=$L%VR66zD`s9b33fhATW%LS}0|YP{H&IJe59Z28vVQ!fT?Z4kcamUw&} zSNVL1hSn*uE~GZKeLFAGhNls-GKJA-QM9TQJ(xvX-P3JihWn(3p2Jd+V-I6Ecw8X$ zSuIc)>Zz?TtOep>_NgrTP%nn0&^aVl^OnSod;E63<|S44eYhy0a4xwY64S!l1@~{p4)YRtQkydhfT^eNs`g0%nv`Z%8tQN zx2$-v9^M-Ugp6)&$*a*DUYjUM3_$t z?VvF&x|Vk+5R?>AD@XzK!?)^fSl2|IY!<|a=}@}&C^2k^Ce$qW z#&8e5ZHe7cudl$*?go};4Sj#^wxD*O?|{6&2-}d-A^`aA8b~lv`C=)|F-U;+6CURF zP8c75u(hPIDLGp!>RVNqL4mMfd#iPZ`n!&PjQ-%~*I?yh zF4RUfDh zwm%AtxH#?nVmm2y%3Iz`SEY#pn1UR-Tj6DGS0>?HV;;L2}HR8p)e}(Hn9sF2h zD^2@3X1h%`pc*iW&s(@MueBa0+~xAg>y4mEK+8!yLg!DyO&j%!rsHrXcnY z1)lnBqT^p=a9rH_7p<46p3gr(vdOdoVWkO0H^CMORx|9zz(%?kRPOGPkIM>Y#4;3L z0~qh%wq9*$UiE~gy<9LJA-51coA^RW2CA~?05cg6)f#a4e0=w*!`A@tbK--hrlHx! zQ2@Jr(yt_5S6Q}btR?#20;kF$`6W>perY%Dd+WheUQI`aE zhe|lzV{RZc;~$2>|A%&J@h4dPk0CLzHHPc#Oe&>>$5mfa27DPZYiI~;zQQGku-gKd z2otj^Vt58)5^3j)gl5%F|E~De(e^RNeL6ecJ?4+$?&P_82qI9I=>A0_)JJUd)xKIGUKU$U@dM{@$X6icub$A==?<+|L^Dl_?Hzt zNLD6t0Eab9w_n+gtQURzAexj8Y>JAJuofJ9Mx6PZAZ;HMdl=aCLfTTY`rbnBzIxUT zU6kL*3+j1t!c+*IJpKVUK z=_6&bFGS>i=#sMIj6}xJ#&a+6AGH++ehNwd3q1bcQ4rmvJHv70q#pv2OPt&ZQ_+dN z8sU*2uK^BKAy~PcyaV|XLcw`^jY@h#BIG+-O+y1Oc;7<I@ks3k?jQgiS zf5h$lCGme6)F_^rwYu`vFs~X(Pp|_YjirrN@b5wxKZ^ng|4q;Sr$PUh*+T(u&$vHB zpeX^dqS*Jh3P-`Gip*cU>;KsvM;wGG@#b4zLMn=%*hN^>APdTWWFGvlEg6X6Q|{B9 zKVonG>e~Ol!2Ul?pFiN&e@XnG?)(qaN8z)Of5+T>P9H3_Kncj!$UP8zG+^T*95iqO}K69nih2fsDR=`nNv%m=G2(~GB?`kB6{Sj&NSHJ&l zT}4-Oc|Q6;z|ozj>DH}%3lQy-vEknuKzW}MpA+kkFq^+5{!i=vhl%x{De-CDKXPpT zv+}B_bf)2Mw>6HfZEyiVha6VSB52P--yTvcvyf-zHF7!b7}&T*$d?i|1Z)z(GPHZe z(n$|AJo?D=g=NF#Bx)=~8U9f!_}ynC5`P`6|6i^1xn@At79~GXK1;qrtnlO;-w-qtw7zsvMDh57ewVYlU=UjWfApTt+kj|&J z=2%;`!Hk@AC-$r&S;(6bH)b;xTTcq4qCbVQ#TR-TnxFKm2)ZmHPQO-@ndqpO61z ze!-VeF)+k8r#}D6_lCFhvog387(@Gq!XKeq3IF?X4NI-k5Or=jcixd-$`BcQ#M-mk zjUR!BhrSQp9jdXuf#2l9nXSP{ZETGjL#dfY!&dQ2GaD%tR|YSI_#!-k2J)F`y7>3w zIIdu;Ba+%gZ8RoHN;rVpf*}Z^K}AhOY`uCAn?t5((9A)k69E$KV10J}-!;KRefCN0 z|8i{m&uL@p7(!{Uw*BJ2_R<13Mqm!~3LvKTEO7m?*HNH8^a{qvZk}xW!qMlZQC}xY@^F|b=m5&ZQHhOblLoB?t5qM z%=bHU?Xy-qPo5KJ=Z*-gjENZ`H(7&+nmwDIg&Ey{+5n)|{9pP1lCl2}TdEPW#YMVp zkYUQ3DRv_1@_*`qzcvs7KL0-j!&K)R2Xe0aMW7EK*J9LUdb`bx7)q|O48FuuujKV~ z(>gTMwNN5|!FS!jaGW^hAc_FK#fBx7o`2L1+*@l{^ z*C*D$Bj@)AE-Ux3a%%fyo-}dBgqiD4 zi}R%f{bINq(~`?Y1Zsc8&%A05de&j-V<0{_?k+(_nZtikmL#+TsUoXpd_I07)NbLCP(;P}HSa<9_E2)QTHlEBG%UEd{>X5c&_N1C^Os2Oyge8koV^1CQqn z>tW_#I>#%A0?e*@pmi8sUthsx+aROzlRN`)!sP#%=C4!_j=!ngzoDorAr_{IPk#bv zM#0>|eGg{|nXQPVt7!auCu#VK8~XQ?4ItX{)x%dL$X_8U|1SP79Kp9Q`k0s!RyL*M?D?SX(5at}Zqa31D(d};?mOqDA3n=Ouy;-AUJ zQyqInr2a-RWemi!~@Tfg$ zErJ#KvNOZ+{bykIo&N*uFJAa>!2S>I3|>|MCK;GTi3eo@-k|#alZoBXi{41r&i+5; zfWLk{Ux5Eb3jbaI1^B7XI^eP4oB;~}rYla!cCz=IkCQ@b3d1ri5~CR5p9TK)Zv{=_ z|Ik4^ma-E6E6~HP5aRdHou)X$?7E`(wFb!53N2K7oYTD#`qxlF=&H{;{vgywnEl0+ z=Gd72+qo%tHx4v?n{dWt?h~*-Z_^jR@H1#2DA@!EW}$@&_*={zRxMeF9a$|&T+JrZ zI^*Z)9M0?Ky|wf*Yz{LSjVl{O>1Ny|wK3adqoZF+2GChnbO@jF3Ewv2GNNm-($xlY zgn&j~)f~(C9n3zZM|+QmJRY7e=h=E2otd^#Q2v29R%Iy`gr13Zv+?0z9?aP^EQb_x zA7|hky+>*relB;IHijaM!$M%u)VkK@GDMPXh6#*H+Uc_R<$i1!af#=_?zCSUu>O>| zFn$(%%M&EYi&991xA)flzbYL{!D3Xf@~EDkNi5d&tA)j}myRkef<3Rmu!`sf4KQCK z2UrGkCv7B7w~Ucbyk8Bh6ox%f3%d?_>~y-CY}eDW5G}W?)ElNxxSE6gxwA}Jn`Iet zOE6k?x)}U%xOV%BXL|Q#364V54&`?)LTt}zrp27E|W*~Jyr3Jxv zQB?8G&8RxQ*AVXCWjJtAeg_@8w`(oJy+r$YhuRD9o_H)~?HMLffWm{n`p(FQKcT+t z(p0UtbiQk`gb(>AlI!Z(AvU7?LsF&tlfs@bJC7tiav*2RmOTvYWW{jnb`_yOt|35h zo(B|uo)~6E#ENA>V+y()G_+=<$CFVDRn)S6JvF$@EEroncjNnAht+iUR=M~05v%OR z1&V9`UX0%kC^WM%U;l_I6$UGFW;A0y%ZS*p1@6jG6B&Bbsjm_YQ3>I5kWA~bcrmQD z+*(xuWqicdI{tbB-T^T>9~)df^7Ke}15#+F07AAi-i(1Sx+E^U9VE<*`cMk1?sfWO-jLcy$_J(4e`K7Lo%DUt4M9vxa3O|!dXtUU% z(aQ^eDnjvtQVEAZt|{lz5(psTZ+XJ3c)z%A2)IK^7rZEHx12I z26IMM?fy)2em5WDyee>T)N@1)xCY5mgX(Qj4Z5(cF^lDe-cSx_aQQWedQ+WG5S_Is zPnd?&no;V3#dlcfr?%)sw=bHlPN?emfxl?#n$whZGX)>=D#wNbsJZ`DFb{1C;s@>a zY17(e(1d@;&2ZBZ&X{96j9Ck%W;E*HJOzskW63{>vpd@bpXE$Jnje1F>@<{DWhU

;)nyI+RA|9@NHdRT zK%so!Cf4)(w9GG04L8#EY!}d?>(xC@G^T%nD;?NwuP`MFg-3)`!`gj#Bc^wgUp(we z5_G#P7;6=?6CSCpQ>I?${!{)Nh_I80DMQDCX3W(@-0}B603PnxeLTtQMWl^f`k{>i zd0ketlXF8?mWdvvMJetFY}oYqhC99>sXrYHzd-Rm>#M-V_@?B8?PL-*_?lfp0v3)8 z%4B8rWD`bl`R@vH(^G}Y4Ot1c=f{bRUlqIXpQ^*hm|zd`rmY26aP!dYvGBD_OV~9` zk$h`D`!*7oN9ms&N23V2i_aWwSZq+7FRwqUR&LbkNkcL@DKw)e`{Xc=twI5K)O5y?q$kQ>Nms)ax#FZ4e z3onoXftq-?K`(DfOe!WUw*msgyGjwg(W>#ZA5qNdS{Dhrh6MxjMRu3G_||&AR8TDf zUl7NgNdo=dnf1(L<9^2+zV@}}^k?6YeN-H7*Viv8yhes1^k!GK_Sy(Wl^PYQ4(pNf zT-aJo;b~vYGLye&v#=JISCHY-jsE0Z?^c;zZFDf6B>o5^7*5SqmdNT}@`@C&zJD|VKqKuQP2E5xhooV$AkV@MB5O6XA zu<M{LiFe|9l_5OXUhQm42OShMoaudPeK4ldHGv z#)+GzUp_tQL*%RCkpWuDYHC$)9Y|kA8=eBt>V69>4m`YgKjDQxX>YOOHr>E*0#~X) zaS_z)B39UK`Jg>O)n%BB-Wv6j|{!-LVYiyrGsh)wSjR)Ji)JmCLgS_QWcc*}6 z5)N3yAz=_6U_4tpBO-5p^9dkwxEw%bry2qao02T2I2}Jo`)puezmvNZmfGR2M}w^# zWZSA$i}d|(ZH^AvT< zAZzdkUyX(tR9}2>rJsC+>F`*(^QErZ0Zht=cZLmGw=kN@s*s(<$!j=IGNx%kk9G>9 zxyyNjW~Q!9?^>?hG1au$rj5k#{A;#guuz#>lO^RyMD<=KTx=|-ONd+v zr$a(?!#4feed)`1JAqX2%EoNSC{cKwQo)w%!{_*@z+J%W(&tY}xqCUK`n^e2EI$-7 zt$ah#(pkI-FikZqjq=6LijI(;5M(fQS~u*Ol?K0cO6fFh@o9Y57W&#{ukTct=eV%9Uz?`_zb-hW7Ea-WMMO_2`si1L>%~$RfP)kD z4H&O7JpfQO@@GCKX22kG82t_wy+v=uH?%?e8JE4}juv>{M5jMmxQS;k-~SH4HK~W@ zlGyvrLSZ=x!|FARVjrT;_mh=qc5##8a|BuX3SVfeJpa#LV7rqJzci+_`j9G|+TzIv z&$M{=AFe-5sB?NP(Af$!W=aFQOQycmw6nL$J)zyn*lAwLlHv2T>ob8Q273O%M8j;p zKDdKE{yWi~rA zDI?qv?=gJl(48@4+X^H<#r!vmNRtO@qU^T!`xA~gU7ilif zEsD9|Tt;amY^Xh(B;_vtOlyw)w7?(`RasS%zoFlSTz4QKZ;#yQ^q~nJkpD>*MiV3p zUHZr8WU%6x;q6y1O@W@nx5Ew1v5@`JeCdfGIS+LB7Y*c*`Hx`}M?t3EGH@TTfx`LU zI$sAhf6ch8g<{F?at6Ce{8Vl4a>4NZ?Dfy6AB@O5NvNgH)m*>XlRjAUe?hqAV2}o$ zDX^NxZcw;(RS-hi>(k`J1Mn0fvxEtO*;ze5$rO%Gx~2>?OCev3zaJf;?a5NW*Go|z ztFEiBN4W(1ZxS)yrlN}ITO=|mOqT=IKIi8X^{iy?qJ{eKdU}8UJlD}1Mu({FsFBwn zsBrr6Fk2~%RB#oZbl%#H;QRVqER4LI1BsqXoW4;}u9_y+;rWLtX#ffcMuolqs&}oq zr@c0ILx=b?bc|112~Rf%f$^EDcC)>%pcTp!>JsH*-2S(+j_u5}itM5@voEusySMpk|pji zYQy6U(l}g*m1Er=0A^17NoR#o{jfBq9o55X1ngX+OUyW9Q^Gg3WHHXZq#gUl>c)EB zm`Kr6?xfnX?I~5O!|vUgRGx7ItRvfk0a)p)Y(#ztcrBhbb{7q#ST&D5{E3)*Pu48$ zu+!}M0*M`c_%cojK-?;fQx!(6u~`Z8&^z)qG{RLB5WMFE$+k($JJtTFj9h+vj=yb| z_lsdcv0n?b(Q|DjpkAZ|f!rbm1mtnkBTPF(6LpeKxPanylA_CHSN7Xi_qnV4)cUy+ z!P0VJtr1(E8z~exB2AAo9L*2FFPY7vz9}D1=T$?Ae_Jn#K6~*E5B17BqJU6NV1puU zuC3M2Gm&l`K)=6mYU7fg;K+_=j`I)EWOmJT>QyB z9OZS!!S-96cBaJ5qfVrQi26E_Jk?T)z6DtZ$di|w)zwP#y+63i+F13Yj+Elhx4ogC z_OhEK3W6}Yc3zq2O>fffs_sAJH}~(S&y(1PDiCb;=@UV>>*v`uk>th2_)yR!6kA!1 z0xCwvh{Uw}`QnzlTQFZfnB#5w%pq1LZ-*L8hQs;;NFXT2JY_#m9xNN-2R;@51kcIm zy(&WH`P86_$lN1;wKVWoJXOj`%w3&A59`EDC&)Ay55CBcZV-87v}n9Ma6#Iend(!h z6&5+#Z!`fTvbGCbd>nc2Pm>#s<~0=;EEF|PX_2=v1#r5g=teDc%epn@$Uy-a)7TH#zI znGH?h`GAUA3k&oF{IOpH8d96Ghq4!J$tV?ac9&;leV5;l3y0rW#$0KeQa7r8u%U@DNTDMJ5iCuekDov^z4wB6 zam_ipoI`v>eewt8vfCzXvdTB7JVr-&WT&!RTV|UVoT}jW*C8>pOR(P^u^m4 zJnVn&B@rlQKFIj!Y? zw;ZxmQ%tunaJ=>GU7ivx_x{GiFOKdJH|yij=8IXg+Zw`D=303qI_tC<46aI2@Tx-^ za5VX1>Rz#vJlQFsQutB;lX_5&{<4xB&7Pq2I5?td8)F!8TE{%+rQDoRPi~8`6uH9R zNE@pzRuA(V4h9&r*+>%pgGnSeVpm-9Q>??8QlN9V(QyPCN(sowGC6;ey@z&A5P=@e zp~W#1!VK?oyX@QvrM8+6Szn*d8X(-!sIK7f*zkVi@a#6B*DNVE`1o;Tu;drTo~BXi z2!X|q1q_|`<5g>j(*1m1!{>UuiYm&jzP0>!e(&a)&poAmCF@)ORXg;c%9x4tw+=W+ms zTu#Z{ia~!DkQtl+@6vTv+KqBGye)nPG9-$DvVx?~Q>NExBng7E&(UE5x#y&=lqW*C zwPNL9Ujb%od0iVN_QJ>0+v^ZgpY?L^V1R%t#lQ}T8BFDUG3H3^CB4LOu$!yqYS)pZ ztH&zOr$_hIAmfVhz>3mPiG#Y4Y)Eh>^co3Gc^EE<2hYu7rS{{lz^{b7q)fc(%I^Ir zOh`l!UhmDp9m*7DKb&Yx0Lx?EanoqS?qlwfK8LTIKK|9(suJ$;r_9u!k7rRW+qw6J zsTqi?RdB0`eFdfj^OCM5(Vy`Hqvm);{fqmASuWjMf{eszV<=IgYLXBoP)zXbx5X|p z#risenibXbvsa%$`|v&)6&==1Om10CEI`BgMe|t<$-ZNoL4OPzDV5G@p2r{%OKGUV zuc%|K8ZUu6u|jMZ>XqLphCwP{X8R3ZtnM51$?4G$XQ3PKZ4w zxC$^$W-iyTc+6!Zih9$e%5=|V+OLpxLm^t)-w>R@aCe~`4B}MWG<&GsG*d5=s&PS< zKlNC#I2%`Aios!^z367pm7R?>!yZd3%v|UD19FVdl#yxWqi#2Cd!9_WWO{dLSiS;yVFg~U?+6D5W5I)Hbe7AzNzxY2v48n1x>rg*b(u_csGMM)ry}f zoyO8d=J2e(0(sI8ez_N%b`C(hl29*)S^1if=_ZnXWua~SVxpKwz0w!v|t*L}^d(sp{<1&Xst4<$h^= z@DoPj@teb1z8=cu$GqDse5^z|cwmIv{DimfhU~!1z>ZmSObPFin%F)R(N}7!#8RW< z842iQZFSxwzbmy`G*U(-ziqLn?Vj$73T;#mW3cnWVmtMa_tdL@26>HP8Sy6qrvhh# zSTbCm_`X*ZNN(sZ=_%#iLplk>IYAmJCK6yffFw4#7&0nYLE^NpNc<2vvj;YbJ1uM~ z`0N$PD#!V;D+u@gy@#OUCfJV`j!a$do03DL)E@_+)2@=#CsYBBfdq^8<2L(nTG1_D zCPCc`2~~*z&}C4q)B=X#BYDPgOk)e~T@l6DHtwim&ejnO$$ThEn3a-3Ce89-u=vP( zkA@@$-iKSE-)NLPb*bl)oUC4ia+~;>3?S3HtVshx$fa~yMTgmvFm>go`chy-g2`Ga zLOc&%=}0zgSm3fEq6-3x$Sg?y>kEjY>vwdS#UWVKkeIH|m5bCcv|o=-qA?(lmyM!p zYo&^{Uq)+hkcs_GW7|W8+-sL!wVNFK08?W3LCXtE0;4^|eAJ_zd#WGq5m&J{dla1w zstS#FC3hqf+FFgEMlv~myhI7QaI1osqnG9S%!RqqdP5_Um}5XDV1z*gp9iwRxhE2D z>eE7Lf$syPNF~mxT1&R@qHH^n6scK0KU0NFc4)GYC+QAt>=>Yqsz;VX%98wGY$M*= z$~h!f?Ki$6h|3vze`CmuSS_gGa~FxXPNwyF8fJ{TFO`uktb)mkL$tUWIQ;-;L$g*k zbht-kEv#eGLB+Xk>osEV@o*K$jE6a2`At`YyW`FJp}(-r%=Sv%Z#$O0IDS9}yb^n- zMpk%7&!yKcMD2B!YEzNYQ1k2i{InsV0kvHFe5X1q{iwO-DQ5JsCUWjJn+aKtCQ`j` zFTN9%2Q_9yah5@~r_RlZKu{GeD2Pvws$k&AP|8g-!-`17)Oqc1eX?S~u1N9>Q!|<; zsL{^?r1xKkb@MVd6{6S*4jD>RYMu3_20w6% zAPbFA;&s~M%Vzrlxo#Bb_EPpxuu=L3!G8ATDOl>{LTtEnARQOibZV$~TBJj7(Yw0( zGC~+G0_l8DdD80T{}V0jtWQ;;WOJ!FtL*krHKGSLbSQ~!tu2e-iY*x~>FP76Pzxm0h;j&Y@_}bD%{!~CH2ba=a&hsF@pu}Fcf%RygbF%x{MT#WkR5OrZaIczRxM7zCj6FTz(I^ zPB{CsPsh~zGoYdq=r&VsKGV7mB9y)6mPYeHr}n;u-O|!^J{hIKw?{1U_cAHw4=2zA zt|B#ha>2auIVt-(Nd8Kv>`pD_@I|o`Pyi+Hb}=~*$;CM7R4LEk?rL=ooBD~x&bfoL z`{!U9mu#&VrGr_jRhi{+?%NSm6UHvZhXx9H*i`-p!bXvb#nj4r{h%)yjEK`{G1_p?$e`RMQSIgynY7PLG(BuczDhZ}I^oVN|*&>rpAbE(@c z=(-^Gp7`svsfhORGmet>gR8dC0RsSqn~7VJn<2FHTf?$aw6md$w-i}Z|1@zGuTd$G z0eV0B9OjWLdBL#z6X@7)TOjT}Wj}{`Kiaf?`rQhg**dT?sLZeTyUJT=&<`3dh~eOM zbO=>7u6%`)F7W}%F*6}_I`M?aDc8ZsF$Ci&o+IN3dKVcvW>SY%MQ#M_%O~k8D+e0I z)mad3CdO|;F>iwBI8zKeuiUxQf)=S&qYkAn3hy`^8b!N4aQFK9!TFJ8@Pj;Cn;hhy z8IkrO&%PtH3^2?`b|J*MaXRft;G!`s5wyfZt|L{({cJ+K4_BA5tM@G3u!G!+2AIL1 zs9nNn68ybIhD_SwS7dE4*A0-`l?l-x_w5&1Z6~ujQ=7+h?7tHSE7CuDGAI3MhPY@2 zx!7WT?B0#QJ)S0gUd0e<4X5@o#$d#evGEOpndkJn+IeolBJz(8| z&9{2MIK>e_$xGPj3{Pp!x9*i|Ov{zxA#{EyATcYhSajtE)rhc1Hk0@agg`Du zYm3y2J9&eh0v@9}cL16?r;exY4D>=ao4Owt`h<07j?3w*$NgZ=H+UN-i=syh7?EmiNUZjwM1YymgY z+?KQn#73pXjmTl(87fO_-&D^*xXIRBY@my|k9$8-hq?PQ9c7{=I}_2OY6h@yaSaWW zTkJ5Ko|y)!2eT?WA7H0E<-S>RZ;f&jlX26tcK-i^e^>{i@ zMWvb4(v7cg@fVEOz-U>|`eyHpa0`(>X#CwSe)g69Nx!(2v?4qZGKRr2cVd8<%>LY~ zAJU5-cr5+-zDP#SCdC;;?;4=N=uPXbWTYyumC$CA5y%pNT^oWs02O-b=nG<$0pD)8CTRdw{jI7 zv%|IixprTK~;aK44ag)s*)1wIdl#o#)x zBforqmQhxbW|a8H%uqx+6;Xh=Em+Db-h%AaH@c?O*{>Juk!hNH_PrDdjN`=RWt`qa z7UJR#O^k%r>?}m@?Oj#DU&cfD>8wo2n0*AUALe&z@FG5z-!Pl0Pr)|{~HcaJ_+KslBI{EMhR zg{}_#!!TMRDp=cMCNbFSqMWso@w-635XDsa28A z4UZg&Qt~V0;>Mg*lBRE9tC~uSm>8x$6u~MgKa}U{*<&5Lr&=M!zoSc|Yjt{YAMjxg z!PB1cf{DdN=j+z>gP=ngcw;U-aTAsMhHWxY^W2Ih(KXE}Q&ACtGtj!#v~e(&_PBU$ ze`2y`?FiGR;^BZf16KL6ABHr7ivYrhjqwXlkpAo+a<9^A2P4-Rd@jyVp&$s408Y zch;gxn&8j?wJ7x?w_*x7V7IeJP?l$R60a_VtXD z&i|t65ramw!mqabz7yGVgn(y!%*(>?TZiRD$_o7kP|H|Pcr`5q=m&JujXASpmLqH0 z)~jLSdg)5o$#S~Q=v9S7uEC98)X`1>_Co2<3}YOV=*NOAkq_R`!?DgHCQRsx4MNHy zW&YzD3-~B1<@{wHmZ2V4zNEg&^?u!hvmUH0b?vlPoO2q}1H`l9?a6j+w)cFFtE)0M z<89>FE%4^nUYZjKBPj@G7r1Z_Irkb}4P>XUS4s=;N9ZiZ%CqK0G1IuzlG`;fTa`IC z2v%?Z1eFzu$~Psw@3-Tz?9=z(^f!Nk%2EMy(_jDU-Xe9lps1veMH2BuI?n{&Qi{OJ zhlT*DCxo=gq0*yx~9QI^nX_fU-Ck;WD z4SH|rR#S6-fcb616N=Qex+xf>Zc`~ilrqzTAve%g)^8c zw{;dDKl$RQ7&>Y`b1USd+H-wNMMpTTYi~uhSGyYf5z8CC6me4H!L0IHX~!+8hbeld zRnq?a4y1$`a!~hYGLK#j_|w{z?@!zkb9w^*ka{ODBOB=h!_Oe)afZa6eMVQ*c9$UT zc8!nT>6LCVU%w0BkG9@NiC2S8(O*_kRjlLUVky&9)od?d;bS};P$fd&=yCBCUD$di)kAtp zj7`bwi4{S@G`FjBnN44vC;*g6liD6PahRQ@7{i%Yd$MrHyOITASVTB53Y>^lkzVMg zkjN|KBAQz9qd_5IkdcbOupirWRiZ}Z`SdTzGY>k6uj?f{=zAg3pLsp>iEN-w-W88c z3uS9OeYy}Fl>ZSbn`Y})arFVNVHRQN|CK7%GJc#;%Wu} zG4Ntm!0oPB!cv-Y!EkA2DB& zPf?o6TW@*((lDpqOcnhuyg|SDyiaqzA=~Q-=4hxVS6Nh>g-*#+YTLI{itnz6=RE{6 z)iJm)e}`vn6v@wS;KKlYzk zeoLk%w)k9^tY>x_d@Hg#;+{#c&(Wsp8NaC`Q>*LlB-V4}IdWjOAMtsptjQ+A`xp|} zyTtMr`meImk@;7Q=9<1aWcl^CTEqdEE>fD^)>@y63N`l$)G5UFXtTSaDQjH?K*{pf zA8?+9WhkNiX(@c6ZOG{QrG>H{OzsaEQzkt)XFG(seOY$6N z^ZZBw=irR>z$fZJBe_}VUT$~j1C5_qnXkvFm+kZ*F4ep*{#WH8pxkO#4RPXDJEIhnb zNfF4a5~S>>hSWT)!7K!tAqY6Mf-A;ej71bh4ATU8pQ>=vcQu0-uptn2YdALJ>!cn{ ztMpBL#8n(*Z;ye%<3l+hj&%EWyyS+=njA1c@Zr3iNWbXI^IQ*!^9FYptC(}X3#tp( zBhPYmH=EnK$EDouaXq_gUvv06$}Clq z8ZB@?Sy+=mX_I%kaeHZ3OwIRf1)pFsz2)}TgJWSeZ$h6P?v|CQj%h%)hCd`-9O@)h z!7X=^f&|kLc9wrbm~gbFgFUJhy=!~l(27`Xfoq|V7v{-nZreE&onPj`@HLsqgF+fC z9!Xo@@MtRdV!MI*N|=%+SB|Kg3ixq^T7+mA~v)F<-I)^jWjJu-Hg2^fUY z@I!TIA`s(Wo$0PTR6QR))Syhdus-)Ll?%C{0+da_@{bm$U%qK?E6t$djGi2I>y zEH`Sfz^F$)f-a0PyOvEoLQPh@Z-X;A>w=g%9WVsH!ikO?@a><4!(D;I!%WUR+Fg8IyOg_)SbzJj-~3%SSYJldC9If@mhtXJt9t4qtu ziTauARk@WAi*!8N-S%TdMB6M$e<^eJ$&Pt<7bDuk9e|IfD__iX{1c`_0Uh^AMS2;n zPqqUinr!EndZ|Dg>gp9|9Z8qOyIx4!hF`fjA~tA|Q%_<sjp@;3Z#J%2f(1$Wu2 zKUCgj;Y*q2gPkToz}BJ_+ujTsi#JS|b9W>;m;|v7>`yv>y&H$7I~f?;tv3KtF}D?>TG@ho{FHr&#ZLB=Yo?_msbyDi_XKnZDw= z6pD=gH^#>vl`oMo^EV!NYYOYBBLc=TxJz2MZpeL zGUQ7^OtVv5a47Oo6~?onx6{%I{4SZOTw=V_h$JU63Qu3!4FR-Qwj#kkj{v3tWyT-J z#+B$b(U6QH5NePZ79gGr;%qrebh?be=~QV2NVZKpX&>A#^6k9cmvU7dZz@GjYsogp zKILz+6tcy*ez2k5XFMwegpQ!=)O3RFj=THL+iSxLB0*%pUP=jJ0Iy z4mC5-Vsa*(BS`x-5sn2hk%zY?E^Aa=PG9-v0Uvs}egy3mHSeSLk0@$z)*P1HmlPEUw09*;*xyf4gK$0=L@Hs!dZlK_3^wAfZEREVmBZGgIJzP zR7DJ*sBe0~sU670f@v2`)Rp$D=L3o-&m)d(=)|$cWrFv2jsGDQ1)LEKgc{Jx1;3YzrN7@<7|}bYEs8kDIz3~G6|p%3kINw0l)|XIL}0l z-Jl9Hc056&x{+C@ik(%DnrPUIjDi@xlR6&C-@XwZh#sT>0I)D)3(mMk z;20A#dwKKBbP$~tGrIGAbi>sfY}7rbL9L?J*8u%2L-$3@^q}A1|J@(RI{*OjD3IPR zQ7mAUDh)9O0AM)?QFGZ8OPkjEJdzm|DK&|asZ+pF(XYkozn*@5j&z0|%8x}_^+q?B1d9Q-blPGav>~ccxVY+v{^eT+J2kfL8-b|T z?j2@l;oDHhX~|Z3(3v`)PfdlTDP+9y64Ov@zXun5)ULJJ8^?+3F$}*SSkHoM{o*S^ zri_RnJ7}vi&4=QQnU9msgFd1xIIy)S6$i3)2hJ$#-Q3J}rYvx+vQx0C(nzvpO~6c= zAzXKxK9sw`)OoCg{NxG}$|qT_(M+fk`O7s3B&W~rK(>P3%JEh78>lYFM^75%1RTaB zulb75AmEm_AwqR>1)L0d=jeF|nd&Q;+dtoIzg#6jmJihd1ng2ru?S_0PoC;q>g;adRh0iWIF2^^oNk&U4H`K%Y6KQ58@JHsia2MG>Mn( z9$*f?=r!6ikj=8fa-~DKUOx%WilkDv8qtkmxSdpg_teAa-qXg(iYKQe<`M#6!+=Uf z?U$e%H+FPJi#vFd*Ty;?qi~EYYKpY4Rge zNmE?xvv=VWBqj$crLt!n+|y7&*cu{3gXL45Uibk{9A&r@inOGiM!tOGibKWRi>_An zeTAbOyIOx?&K-xGXKxAV{?!=3Pw!rP$7^tyi*79>3CvVR@*WH#+QxX+Xm%mcz zyIs&NQ7oDyvTyk94iulDRgRfemFs}1$q{B+z}$5*7e1Lb)D|knPDjKFf86$#0;IKz zIREEDJyV*(@f|gfTs1_y=ntShInkYZCvPk~rWFaYp2icST?pchH@i-AsaK-F!$CMM z^sL4jK;D8}bufyr(h4JWUI8HjM9Hwn{9L_L~Oq1$`d zq$UZ^kP&l`SLZ*NlR z8*aL7F5e=XY*&m8NhzhPUA+|?2#OejI$q&3=6`y zw?pw%5Y-7r&ON0@d^UOsM{?m^L|LwXa-!_`#wC&1XMvBMmvUEMZa+bp8fx+Pde(-65rH?TO$=ii>$lJYN`& z*IJG3vESb7%PhFS{e66Ks({Dy(+--+O7c4$?cQ90anZvO(oc^3UHqj<-^%u`WBdpM zbbXxCQ5_t~>3ri+WhN1sjq_#1bGN4B9#KR5dCaXtlH6~=O|FR>qbgT0tE!oP7<;J; z4mHNo?ry&NqgHAruppde`S&2Sw=WY}m`@au5FzDuGa;wXEAgdOeZ=K}9X-N<6=yqZft+(fP#o=ax!Egg} z=5;m>nrnGUEf9@s(&9ozDB>C(NRzyX%4h*?*}vGE{8N8-eB{o-Pq8=8I1R?}e)fp{ z4JbVux7EKSKb^ENv_#KyzC@VRP9VZyw657!B)TI!Bx;#T$FsL*k*dc^>o5TMsUg^u zT4C~gi6ct%kBuXWooBmT0%HY81<@UTI=mIBQ8d0-m7-`KYf(S|i7 z@}-SL{QJYT!Ha^RUQumNoBcp?6$;{YRSh=u-wFNl!C(QlTcGFX9NgaWY{rHWw`*_& zlpK}AW-g@$MRQX?A@k$=5vNzIZN!*6x`!lhuz|^n=XwJNUhfb%{Stl!o;ZOB`HrLu ziL7qP;gi)2;TtPI=a^7(^qbu6l8O(rZd1h6afp;1Hk}SsLg^vt4C=jhYWq3%?;sL!+%b((gdy5XgCaGfk4R?vBZJU=y;AJQ4SyIc#4v6dGB5NTD}IWl6-$ zN~TU_+mN@P#x=>^d(I3G6;G>h6Srv_Ke72#q`Lezf8o*YUWGWICjF*5c|Zy)HA7C? zec9uM-R2wNLBJDpFATNkI77C|`LZlr-I%{%3xmcrqU&3pSg%V9HsF$_^wba$OFz(|C;FK|k1VzEs zmp1@Tyb-O}*Y=hZt~d)xMW3)qav=L%yKEBKDLSMAbD?YaWDodG9O$_`jg1ZFkKZaV z#Sm%3|^``J4$z zkPdeI`j5I?J19+WajD5marGPBH-QYAUX%dKf8K&d^)xmF%v`G2BgR);-fAUM{I{JB0Gj=a znLYi-(cqgr;MMZps)im0Wt+)$!ps){UT3&|+?W$tHIX1B=4ol=Qp^6S(9X5&3sNp5 z;=Fa{H$UGb_6?wq(aAldOYuNlk8hiDWX~9kD$7*P_ociHi{8M9;OHDs$fnO?s~6W) z5us&4_z>4!&w@^*)_5swIx)9fxvcs&6yjLs!4rVIA{)y5-E~2=JSrTFL3HyMid9gz zJe7(udqze646|4!Sl#Hs)oaa*_%FuMI&?YS{otq#>P*v(%hV=;upNBt#}X0d+7M_C z?%MD4*%7`?{aj+?y~>bt5g?z0$r>cv|Hb<-ufJwr``ds40s`Rjhek&q$Ys9)&4X*X zf$P!%Het)DS4O#KnuD+qLuY+}9~jfz_J({88BjhZv!o`GPO8jk9JGZNxjt4_^+5ey z#fry2( ze!{Z#gW^W|CozoKOM_JMn6@c1|6E;w@Y!RbD=>0hiKJ7mAZ4;UM|-@#L*=OI19KpC zvnW5aWeY=BlCc1W-11}2bO}zwaz%eZ@qY~m0toT_8ZYv1a|rObSPsG1pJ{kYA6U8Y z)G~{HmLzq);Ap~weMc?YvMb$Elu2r*)W7v`*s%n)VU^;CcFf4=FL!~lEb^f z|3Cdu=X~{Z{XaGnsAxfOkFFt}-m07#FA3l+6gj~M)7&&WWrB>p7^AL1&UYC-{=#;T zsQ|P_RDd0uYkB|KV_O|hlbn0!O2QxW)FHOVf>qhbDv@A!Is zWKi5l*wy_kthtzVL05dOgLMWrhp3?2HOYMg8o;&%Zn77Nw1rmG+Y`~U-JH4WyRi*?i1@4Z%a%)x<4XOWV%cl@QrIxS4L*wc zJAW|rD8>=SNA+&I9fzp@a+c8e0{-8+YO;T+gwy_GdjYnmXgxFlc-*YZtd>AO=euHV zwaEtHsYUNe@}u(z&M-lkQZu(@F$<;`V|47lB+Dhxi=G_ig;7l)1ULGjPnW|&FWP~O z`7@%iuCs6)b|VGXYy)ME4UNGtCN*GfbE&-GL2o5lH}!DeV$}q7*b_<B+z)XX6iJelkjOCw8e<1{S{B`x8fBSHNL%G|3Fh+AKNX$-m1-gX-1y5nb zC~yNW`^%HHctRgN>BtgOV{2ZF9B^DKhsyEq(g5&VBCGm2Zg^*_6`gsUAV?|aDg_zY z6VbIR8oPS$z61Yoj-b|Ntj!z=MdN#RmF_+GugL*_$+r{#$H4;xc=?`?;@rG89P}=C zIWoX^9B@*6LxcAfjhFVX#u29i9t`T{-QhExSiw(}Au&r#VUb2PzikzT_bl1j57x{3 z1mJch2PPjOBjW6sSwlLKZIbDK+g2jb4icdk)F(`TBOIM9&6k_HiC3I?eeR7GhKO?b zIhe8fKd^iW=K(?gvHt)}xG}-gc&TcO`#^6s+5z)t!chS6Py0$vjOZspkW?MJ_uNdGA4 zA?4j({peKBX{gI^5Ona)P*ITo^WO+z&wMrF{I_=qI97U22NPY1$b#eltL(f3n!LI& z{=Oju6+~8Ki0nN?piBXgDSOBiK?G!q%*qfD#K{t(A|PTIi8yeeL_k4QMzB^CB9=lK zZAGmTMl~oj+8c~{L;XI9|G#<8z0WzxJ?E1AAYaI?hKw`G5PUBF{>~5)^Frw~K6k@5 z__jpG>7#~QORnMbECzMuR*m{f5~%xzOzY+x_3EZy9W>q((}{1^G%tQ4b7P0eF$>0wEn5NyMx&Xs9M)OW%sb*D*Fh-NJenjyO|?+-}9(WN%^+@!nK+ zg#r={s?P%Z3|qt~;X+YViF=oe2CG2o4ZbpOAlOh|tZt21y-ThdH!<(E8D5a~ajg)) z7AlB8f*y zhP?7rk6afEZTHnvG~Z;lnufD6JcLd4A)?iyo!=;RSzOXh+Kd`Bbw3t-jNv|%+&_6EQ=8A-cPBXUX!9`rgv1bZ`X7xT;p$ez3%AHLb#Zw;)Dnq?;@c{(KVx!ww9=FHh zMyb9PR&;#3$e}guCQTo*Co=2^@7eeWMtC6Yzld+b1&{QoC%SoNbcPo-W3AV(ldYO7Q2qItvZ;1 z^7J}dagFy+M?c-u4b^{B&wYAzpb5_kvH&fKX0cDcKMmWXvu%Z+g5R$??Ju#r?J(5- z(&xx*&he_C^-cFJ=C?tzF5=Qp!9Kp^fscW1a%ECdI7&nFK(atpm)}-=l7UEc+>;wO z_I9R6SYAgYAw5~3>BfYoaFzl6KoPe)YkX5`bEBRb2TzAtKHO>j`YxIeSt&}1A&L-H z{+IbmXNu+pdfG2Poy)}AUOxZYpw_hQ^`koc<5F_lvP?lN45An&BVfce&I5v9`64K2?a5@<$wVCnViRw(~bW) zZ2j9Q!RvmXWlhzqz=$m4lk}LDl$jZ}RuUcqs#}=c6wbT`)ox~A)*q)t66kWOyj!)4 zcF(b^^=Rx~wuafi4afqwlaV{%uS%We_KSU4lKDz6b(5Wb#9iy3!&@&?5U8NY*FT(< zj09i!V%3^x91sm*{V9NBw+rWJCP_poliB5~SAb@)GlsyMrt8;fow0jJNcYUDTGIdx zJLgd(4h9Y4I5F?*mvA~OeWhPVkzxOjEdztu^wtQ2!XUYgDWUo9m(mbHkGnw7nR#Kq zgvm}dC+i03)X+cVy(c2`a2KowU5YCvi?S{(4`8!Gdk0W-Ty)3&AAdVj8{e3#o{ilQ ztT;^aQPiRt1%*yOPhNk;G=`@s?4Ej^E!rDdp;;i%3t|nfoLg(#B9LfG&c?J)&8D7I zFT`knuo1pV)V$a0!j%`BBiqdP9ti?jGJRNJ^etiRe&64en&>xF<1fPQ@Gm;yA7u4P zR~c|y=XW>J@GMO@3#=PByMXLl+S!zhJ6<_=&t+JH5YZXRxx4x-)mMRr_O-av-u`6b?jj{4#ZXyBh(f5>d2qvT~Sq zuS#jp59#8Q!}3`lGwcvKNQiNgJF(`7Z=QeuzgXD>7bwY_7taQZdyj^L+a||zsV*_) z=NrVYnv{Q<3np+Ao2BYa-`;xZVD;ZR4MEy@j$6LJY*RFTvhtEYE9U;F{&<#nW5TPW zxj`Gs1Wl!MUrQ%Co}!GfEtw0p{A|LGM2iuKgG#lRX?`F(~ig3rgCTZW|pZvhIy-_<|gvef99 z?1+ChVH-LsCCJIFKcXWuWkZ+Adx^~$w->T}`&Y?-xAE*PBckOOD!GAK~O zZ260j!U5;Oj_!Ezli3DDL;f{QYVD^wo|Q$Fk)%owZJ<1SUwf!pdYYdKQo~AA9M}d! za{870jN|CN`g10qAAvXT+b)JC z2+2Jvc_ZMzv5n*|tHpKrFWE@+6r!x}*Cv|B@LL&5JTiY)-0X6T;+PUeh8?aLqyrR8Be7lwYz^L-B zSjdb^iax4zhRiGX=7(~(!%50%B6pKgMWW?i_Q(~OmJdeQ6cAR=367}>Z{We|`L7kh zc06{C5OvpA-JyNMHG|BQFyk6PDUcCS6zN}3zSIi< literal 0 HcmV?d00001 diff --git a/docs/onesignal-env.md b/docs/onesignal-env.md new file mode 100644 index 000000000..82f42ec77 --- /dev/null +++ b/docs/onesignal-env.md @@ -0,0 +1,12 @@ +# OneSignal environment configuration + +Candidate push notifications use OneSignal through `common\models\MobileNotification`. + +Set these variables in each runtime environment instead of committing OneSignal values to `params-local.php`: + +- `ONESIGNAL_CANDIDATE_APP_ID` +- `ONESIGNAL_CANDIDATE_API_KEY` + +If either variable is missing, candidate push notification sending fails closed and logs a warning. The application should still continue handling the request that attempted to enqueue the notification. + +The OneSignal API request keeps TLS peer verification enabled. Do not disable `CURLOPT_SSL_VERIFYPEER` for this integration. diff --git a/environments/circle-ci/common/config/params-local.php b/environments/circle-ci/common/config/params-local.php index 59bca7d06..e0c6996c4 100644 --- a/environments/circle-ci/common/config/params-local.php +++ b/environments/circle-ci/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'test_candidate_public', 'algolia_fulltimer_index' => 'test_fulltimer_public', - 'oneSignalCandidateAPPID' => 'fe766231-6156-4537-8037-84e3fe1be5da', - 'oneSignalCandidateAPIKey' => 'YTBkODdlMjctOGQ0Ny00NDgwLTkyMmYtOWQ1NTI5ODlmZjY1', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/dev-server-nginx-debug/common/config/params-local.php b/environments/dev-server-nginx-debug/common/config/params-local.php index 90eb554e2..67c500547 100644 --- a/environments/dev-server-nginx-debug/common/config/params-local.php +++ b/environments/dev-server-nginx-debug/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'dev_candidate_public', 'algolia_fulltimer_index' => 'dev_fulltimer_public', - 'oneSignalCandidateAPPID' => 'fe766231-6156-4537-8037-84e3fe1be5da', - 'oneSignalCandidateAPIKey' => 'YTBkODdlMjctOGQ0Ny00NDgwLTkyMmYtOWQ1NTI5ODlmZjY1', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/dev-server-nginx/common/config/params-local.php b/environments/dev-server-nginx/common/config/params-local.php index 90eb554e2..67c500547 100644 --- a/environments/dev-server-nginx/common/config/params-local.php +++ b/environments/dev-server-nginx/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'dev_candidate_public', 'algolia_fulltimer_index' => 'dev_fulltimer_public', - 'oneSignalCandidateAPPID' => 'fe766231-6156-4537-8037-84e3fe1be5da', - 'oneSignalCandidateAPIKey' => 'YTBkODdlMjctOGQ0Ny00NDgwLTkyMmYtOWQ1NTI5ODlmZjY1', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/dev-server-railway/common/config/params-local.php b/environments/dev-server-railway/common/config/params-local.php index 90eb554e2..67c500547 100644 --- a/environments/dev-server-railway/common/config/params-local.php +++ b/environments/dev-server-railway/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'dev_candidate_public', 'algolia_fulltimer_index' => 'dev_fulltimer_public', - 'oneSignalCandidateAPPID' => 'fe766231-6156-4537-8037-84e3fe1be5da', - 'oneSignalCandidateAPIKey' => 'YTBkODdlMjctOGQ0Ny00NDgwLTkyMmYtOWQ1NTI5ODlmZjY1', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/dev-server/common/config/params-local.php b/environments/dev-server/common/config/params-local.php index 90eb554e2..67c500547 100644 --- a/environments/dev-server/common/config/params-local.php +++ b/environments/dev-server/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'dev_candidate_public', 'algolia_fulltimer_index' => 'dev_fulltimer_public', - 'oneSignalCandidateAPPID' => 'fe766231-6156-4537-8037-84e3fe1be5da', - 'oneSignalCandidateAPIKey' => 'YTBkODdlMjctOGQ0Ny00NDgwLTkyMmYtOWQ1NTI5ODlmZjY1', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/dev/common/config/params-local.php b/environments/dev/common/config/params-local.php index 7ee059872..a8b0af08f 100644 --- a/environments/dev/common/config/params-local.php +++ b/environments/dev/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'dev_candidate_public', 'algolia_fulltimer_index' => 'dev_fulltimer_public', - 'oneSignalCandidateAPPID' => 'fe766231-6156-4537-8037-84e3fe1be5da', - 'oneSignalCandidateAPIKey' => 'YTBkODdlMjctOGQ0Ny00NDgwLTkyMmYtOWQ1NTI5ODlmZjY1', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/docker/common/config/params-local.php b/environments/docker/common/config/params-local.php index d621ece8a..5f33210fd 100644 --- a/environments/docker/common/config/params-local.php +++ b/environments/docker/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'krushn_candidate_public', 'algolia_fulltimer_index' => 'krushn_fulltimer_public', - 'oneSignalCandidateAPPID' => 'c62352ca-2f6c-44a2-896c-84c2f17db9ac', - 'oneSignalCandidateAPIKey' => 'M2E4Mjc4OWMtNGVlZi00OTRiLTkxZTAtOWU2NmM5ZDFiZmM4', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/krushn-nginx/common/config/params-local.php b/environments/krushn-nginx/common/config/params-local.php index d621ece8a..5f33210fd 100644 --- a/environments/krushn-nginx/common/config/params-local.php +++ b/environments/krushn-nginx/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'krushn_candidate_public', 'algolia_fulltimer_index' => 'krushn_fulltimer_public', - 'oneSignalCandidateAPPID' => 'c62352ca-2f6c-44a2-896c-84c2f17db9ac', - 'oneSignalCandidateAPIKey' => 'M2E4Mjc4OWMtNGVlZi00OTRiLTkxZTAtOWU2NmM5ZDFiZmM4', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/krushn/common/config/params-local.php b/environments/krushn/common/config/params-local.php index d621ece8a..5f33210fd 100644 --- a/environments/krushn/common/config/params-local.php +++ b/environments/krushn/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'krushn_candidate_public', 'algolia_fulltimer_index' => 'krushn_fulltimer_public', - 'oneSignalCandidateAPPID' => 'c62352ca-2f6c-44a2-896c-84c2f17db9ac', - 'oneSignalCandidateAPIKey' => 'M2E4Mjc4OWMtNGVlZi00OTRiLTkxZTAtOWU2NmM5ZDFiZmM4', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance+fake@bawes.net', 'candidateAppUrl' => 'https://student.dev.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.dev.studenthub.co/', diff --git a/environments/prod-nginx/common/config/params-local.php b/environments/prod-nginx/common/config/params-local.php index a6c377384..e6e3d0f0b 100644 --- a/environments/prod-nginx/common/config/params-local.php +++ b/environments/prod-nginx/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'prod_candidate_public', 'algolia_fulltimer_index' => 'prod_fulltimer_public', - 'oneSignalCandidateAPPID' => '265d4bf5-5333-445d-8fba-08f1c389aa5f', - 'oneSignalCandidateAPIKey' => 'ZmY3OWFlMzAtN2VjNS00OWMxLTgwOWQtYjA2MDUyMzQxM2Y5', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance@bawes.net', 'candidateAppUrl' => 'https://student.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.studenthub.co/', diff --git a/environments/prod-railway/common/config/params-local.php b/environments/prod-railway/common/config/params-local.php index a6c377384..e6e3d0f0b 100644 --- a/environments/prod-railway/common/config/params-local.php +++ b/environments/prod-railway/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'prod_candidate_public', 'algolia_fulltimer_index' => 'prod_fulltimer_public', - 'oneSignalCandidateAPPID' => '265d4bf5-5333-445d-8fba-08f1c389aa5f', - 'oneSignalCandidateAPIKey' => 'ZmY3OWFlMzAtN2VjNS00OWMxLTgwOWQtYjA2MDUyMzQxM2Y5', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance@bawes.net', 'candidateAppUrl' => 'https://student.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.studenthub.co/', diff --git a/environments/prod/common/config/params-local.php b/environments/prod/common/config/params-local.php index a6c377384..e6e3d0f0b 100644 --- a/environments/prod/common/config/params-local.php +++ b/environments/prod/common/config/params-local.php @@ -6,8 +6,8 @@ ], 'algolia_candidate_index' => 'prod_candidate_public', 'algolia_fulltimer_index' => 'prod_fulltimer_public', - 'oneSignalCandidateAPPID' => '265d4bf5-5333-445d-8fba-08f1c389aa5f', - 'oneSignalCandidateAPIKey' => 'ZmY3OWFlMzAtN2VjNS00OWMxLTgwOWQtYjA2MDUyMzQxM2Y5', + 'oneSignalCandidateAPPID' => getenv('ONESIGNAL_CANDIDATE_APP_ID') ?: '', + 'oneSignalCandidateAPIKey' => getenv('ONESIGNAL_CANDIDATE_API_KEY') ?: '', 'finance_transfer' => 'finance@bawes.net', 'candidateAppUrl' => 'https://student.studenthub.co/', 'inspectorAppUrl' => 'https://inspector.studenthub.co/', diff --git a/tests/check-onesignal-env-config.sh b/tests/check-onesignal-env-config.sh new file mode 100755 index 000000000..3a7b7c4b7 --- /dev/null +++ b/tests/check-onesignal-env-config.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +set -euo pipefail + +if rg -n "oneSignalCandidate(APPID|APIKey)'\\s*=>\\s*'[A-Za-z0-9-]{20,}'" environments --glob 'params-local.php'; then + echo "OneSignal candidate credentials must come from runtime environment variables." >&2 + exit 1 +fi + +rg -n "getenv\\('ONESIGNAL_CANDIDATE_APP_ID'\\)" environments --glob 'params-local.php' >/dev/null +rg -n "getenv\\('ONESIGNAL_CANDIDATE_API_KEY'\\)" environments --glob 'params-local.php' >/dev/null + +if rg -n "CURLOPT_SSL_VERIFYPEER,\\s*FALSE" common/models/MobileNotification.php; then + echo "OneSignal requests must not disable TLS peer verification." >&2 + exit 1 +fi + +echo "OneSignal notification config uses runtime env vars and keeps TLS verification enabled." From 1d3f4b003e59c5d9ab1a31a9bb49e4030016fd47 Mon Sep 17 00:00:00 2001 From: MAJINSI Date: Sat, 16 May 2026 06:39:09 +0800 Subject: [PATCH 2/2] Address OneSignal notification review feedback --- common/models/MobileNotification.php | 14 ++++++++++++-- tests/check-onesignal-env-config.sh | 18 +++++++++++++++--- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/common/models/MobileNotification.php b/common/models/MobileNotification.php index d20e569e9..5e6b41e3c 100644 --- a/common/models/MobileNotification.php +++ b/common/models/MobileNotification.php @@ -26,7 +26,10 @@ class MobileNotification { */ public static function notifyCandidate($heading, $data, $filters, $subtitle = '', $content = '') { - if (empty(Yii::$app->params['oneSignalCandidateAPPID']) || empty(Yii::$app->params['oneSignalCandidateAPIKey'])) { + if ( + empty(Yii::$app->params['inCodeception']) && + (empty(Yii::$app->params['oneSignalCandidateAPPID']) || empty(Yii::$app->params['oneSignalCandidateAPIKey'])) + ) { Yii::warning('OneSignal candidate notification skipped because app id or API key is not configured.'); return false; } @@ -93,6 +96,8 @@ public static function sendNotification($appId, $apiKey, $heading, $data, $filte curl_setopt($ch, CURLOPT_HEADER, FALSE); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); + curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE); $response = curl_exec($ch); @@ -101,6 +106,12 @@ public static function sendNotification($appId, $apiKey, $heading, $data, $filte curl_close($ch); return false; } + $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if ($status < 200 || $status >= 300) { + Yii::warning('OneSignal notification request returned HTTP ' . $status . ': ' . $response); + curl_close($ch); + return false; + } curl_close($ch); /*print("\n\nJSON received:\n"); @@ -109,4 +120,3 @@ public static function sendNotification($appId, $apiKey, $heading, $data, $filte return true; } } - diff --git a/tests/check-onesignal-env-config.sh b/tests/check-onesignal-env-config.sh index 3a7b7c4b7..6ed6580c9 100755 --- a/tests/check-onesignal-env-config.sh +++ b/tests/check-onesignal-env-config.sh @@ -6,12 +6,24 @@ if rg -n "oneSignalCandidate(APPID|APIKey)'\\s*=>\\s*'[A-Za-z0-9-]{20,}'" enviro exit 1 fi -rg -n "getenv\\('ONESIGNAL_CANDIDATE_APP_ID'\\)" environments --glob 'params-local.php' >/dev/null -rg -n "getenv\\('ONESIGNAL_CANDIDATE_API_KEY'\\)" environments --glob 'params-local.php' >/dev/null +while IFS= read -r params_file; do + rg -n "getenv\\('ONESIGNAL_CANDIDATE_APP_ID'\\)" "$params_file" >/dev/null || { + echo "$params_file must read ONESIGNAL_CANDIDATE_APP_ID from the runtime environment." >&2 + exit 1 + } + rg -n "getenv\\('ONESIGNAL_CANDIDATE_API_KEY'\\)" "$params_file" >/dev/null || { + echo "$params_file must read ONESIGNAL_CANDIDATE_API_KEY from the runtime environment." >&2 + exit 1 + } +done < <(find environments -path '*/common/config/params-local.php' -type f | sort) -if rg -n "CURLOPT_SSL_VERIFYPEER,\\s*FALSE" common/models/MobileNotification.php; then +if rg -n "CURLOPT_SSL_VERIFYPEER,\\s*[Ff][Aa][Ll][Ss][Ee]" common/models/MobileNotification.php; then echo "OneSignal requests must not disable TLS peer verification." >&2 exit 1 fi +rg -n "CURLOPT_CONNECTTIMEOUT" common/models/MobileNotification.php >/dev/null +rg -n "CURLOPT_TIMEOUT" common/models/MobileNotification.php >/dev/null +rg -n "CURLINFO_HTTP_CODE" common/models/MobileNotification.php >/dev/null + echo "OneSignal notification config uses runtime env vars and keeps TLS verification enabled."