From 4fbc9819e8d5d160ab99256437bea9ff002726d1 Mon Sep 17 00:00:00 2001
From: Lightemerald <light_emerald@aostia.com>
Date: Sun, 24 Mar 2024 11:14:03 +0100
Subject: [PATCH 1/6] Role update - Added verify status to user login - Added
 option to disable email verification - Added roles route - Added role
 management to users

---
 .env.sample     |   3 +-
 bun.lockb       | Bin 97275 -> 97275 bytes
 index.js        |   2 ++
 routes/roles.js |  92 ++++++++++++++++++++++++++++++++++++++++++++++++
 routes/users.js |  48 +++++++++++++++++++++++++
 5 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 routes/roles.js

diff --git a/.env.sample b/.env.sample
index 8d2906f..81e198c 100644
--- a/.env.sample
+++ b/.env.sample
@@ -7,4 +7,5 @@ DATABASE_PASSWORD=""
 JWT_SECRET=""
 SMTP=
 MAIL=
-MAIL_PASS=
\ No newline at end of file
+MAIL_PASS=
+DISABLE_EMAIL_VERIFICATION=true
diff --git a/bun.lockb b/bun.lockb
index 6bed908634736a42adf59a9a11cdcabf6d3214bd..0a0b0fde2b542566fe2108da16b40267400358cf 100755
GIT binary patch
delta 1564
zcmezUo%Q#3)(uk=85t)}OAKdZocs<<x+Q_w^T6acFzJ^J5?KZ&|AEP{6p+X|Fv*q*
zV#k5WZD5iw4J48VCij6!v2>6~9+*4^Cgn0fB4uFm9GFzg1c}sv$!lOzFAF5n1}5);
zNwaK_NFSJd1}5!tKqAw?<U26wmJ1S@2PVIPNxwXh$TBeb4@`#TgGAPWNwxwII}S{4
z1CxA(AdxgMxerW=6@f(Zz~nJ7DOU^<DFc(|z@%CUNTd!-UIUYQr67?uFnJG5nw5b>
z`oQEfFlko~5}5`j-+@WD3XsS=F!>Ek`c;BNmVwECU^1)<B(e@nvQ>lFabR*AnB=Pg
ziKKzaePB|o79^4fCXazhxjK+Y8JIi=Ce`XeB6VQ$8kp2;0Ex7L$$MbZtPv#A2PU6^
zNxLSH$TTqd4otc=gGA<m$!}oNuLUHs3{3t5lVPnOk#%5_tqsJE1C!gpBwss7Bn?dN
z1CwGMAdx&Uc??X-b%I37z~nhFsn!J&sRNVOz@%O`NTdx+-UE|nJs^=jF!>Bj+Vz4&
zrh&<KVA8D*Br*?7egl(!{UDKLVDcZB44VKFSqCQBCW6>;U~(In<eLN%NduGnz@*q@
zkVqbwJO(D^rhr7sz~nhFsWufPQU@llfl0k-AdxmOc@IpQO$UkefyrlJ(ryMwWEz-!
z2PWNSf<)$l$!}oNZx%>o8JPSBCc|cfMAm^xwmBen9GKh&Ci&)qMAE?IJ}@aZ4<wQY
zCXazhx%nWGGB9}#OsXvaiPV9~YhY4uAxNYROx^>NW{W@~ePHq#n6z6A5}5`j-+@WD
zB_NS`VDcN7^jiuNSq3KmfyuCCAdz)ol5IJN9S0`2fl0m<AdxgMxerW=tpthWfyrZF
zQf?JUqzp`+1Cwg2K_Ycv@*0@bTLThl1C#f_q}f`KNFSJd1}5#+fkdW($#-DVZ9Pb2
z9+><FCjB;mM3#Zce_%3fBS>T&m}J`oV#k5WZD5jbGe{&2Ozs1dVp~8Wd0_Gwn3UTJ
z5-9_d=fI@eHjqdin7jri^|pgV+Q8&JFln{}B+>^apMgocogk5EJHsb05D=gIK!9a4
I$F9!@0WmoU-~a#s

delta 1566
zcmezUo%Q#3)(uk=85t%|OAKd>oBR$;x+Q_w^T6acFzJ^J5?KZ&|AEP{6p+X|Fv*q*
zV#k5WZD5iw4J48VCij6!v2>6~9+*4^Cgn0fB4uFm9GFzg1c}sv$!lOzFAF5n1}5);
zNwaK_NFSJd1}5!tKqAw?<U26wmJ1S@2PVIPNxwXh$TBeb4@`#TgGAPWNwxwII}S{4
z1CxA(AdxgMxerW=6@f(Zz~nJ7DOU^<DFc(|z@%CUNTd!-UIUYQr67?uFnJG5nw5b>
z`oQEfFlko~5}5`j-+@WD3XsS=F!>Ek`c;BNmVwECU^1)<B(e@nvQ>lFabR*AnB=Pg
ziKKzaePB|o79^4fCXazhxjK+Y8JIi=Ce`XeB6VQ$8kp2;0Ex7L$$MbZtPv#A2PU6^
zNxLSH$TTqd4otc=gGA<m$!}oNuLUHs3{3t5lVPnOk#%5_tqsJE1C!gpBwss7Bn?dN
z1CwGMAdx&Uc??X-b%I37z~nhFsn!J&sRNVOz@%O`NTdx+-UE|nJs^=jF!>Bj+Vz4&
zrh&<KVA8D*Br*?7egl(!{UDKLVDcZB44VKFSqCQBCW6>;U~(In<eLN%NduGnz@*q@
zkVqbwJO(D^rhr7sz~nhFsWufPQU@llfl0k-AdxmOc@IpQO$UkefyrlJ(ryMwWEz-!
z2PWNSf<)$l$!}oNZx%>o8JPSBCc|cfMAm^xwmBen9GKh&Ci&)qMAE?IJ}@aZ4<wQY
zCXazhx%nWGGB9}#OsXvaiPV9~YhY4uAxNYROx^>NW{W@~ePHq#n6z6A5}5`j-+@WD
zB_NS`VDcN7^jiuNSq3KmfyuCCAdz)ol5IJN9S0`2fl0m<AdxgMxerW=tpthWfyrZF
zQf?JUqzp`+1Cwg2K_Ycv@*0@bTLThl1C#f_q}f`KNFSJd1}5#+fkdW($#-DVZ9Pb2
z9+><FCjB;mM3#Zce_%3fBS>T&m}J`oV#k5WZD5jbGe{&2Ozs1dVp~8Wd0_Gwn3UTJ
z5-9_d=fI@eHjqdin7jri^|pgV+Q8&JFln{}B+>^apMgocogk5EU~-{=*yINSESouY
HeLe^PbGc?d

diff --git a/index.js b/index.js
index 7aa88fe..f7faff3 100644
--- a/index.js
+++ b/index.js
@@ -10,6 +10,7 @@ import { speedLimiter, checkSystemLoad } from './modules/requestHandler';
 
 import testRouter from './routes/test';
 import usersRouter from './routes/users';
+import rolesRouter from './routes/roles';
 import doctorsRouter from './routes/doctors';
 import patientsRouter from './routes/patients';
 import companiesRouter from './routes/companies';
@@ -37,6 +38,7 @@ app.use(express.static('public'));
 // routes
 app.use('/api/test', testRouter);
 app.use('/api/users', usersRouter);
+app.use('/api/roles', rolesRouter);
 app.use('/api/doctors', doctorsRouter);
 app.use('/api/patients', patientsRouter);
 app.use('/api/companies', companiesRouter);
diff --git a/routes/roles.js b/routes/roles.js
new file mode 100644
index 0000000..2df91a4
--- /dev/null
+++ b/routes/roles.js
@@ -0,0 +1,92 @@
+import express from 'express';
+import { error } from '../modules/logManager';
+import { pool } from '../modules/databaseManager';
+import { verifyToken } from '../modules/tokenManager';
+import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
+import { checkBanned, checkPermissions } from '../modules/permissionManager';
+
+const router = express.Router();
+
+
+// GET role list
+router.get('/', verifyToken, checkBanned, checkPermissions('role', 1), async (req, res) => {
+	try {
+		const rows = await pool.execute('SELECT * FROM roles');
+		if (rows[0].length === 0) return await respondWithStatus(res, 404, 'No roles found');
+		return await respondWithStatusJSON(res, rows[0]);
+
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+// POST create role
+router.post('/', verifyToken, checkBanned, checkPermissions('role', 2), async (req, res) => {
+	const { name, user_bitfield, role_bitfield, verification_code_bitfield, ban_bitfield, patient_bitfield, doctor_bitfield, service_bitfield, company_bitfield, hospital_bitfield, room_bitfield, appointment_bitfield } = req.body;
+	if ([ name, user_bitfield, role_bitfield, verification_code_bitfield, ban_bitfield, patient_bitfield, doctor_bitfield, service_bitfield, company_bitfield, hospital_bitfield, room_bitfield, appointment_bitfield ].every(Boolean)) {
+		try {
+			await pool.execute(
+				'INSERT INTO users (name, user_bitfield, role_bitfield, verification_code_bitfield, ban_bitfield, patient_bitfield, doctor_bitfield, service_bitfield, company_bitfield, hospital_bitfield, room_bitfield, appointment_bitfield) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
+				[ name, user_bitfield, role_bitfield, verification_code_bitfield, ban_bitfield, patient_bitfield, doctor_bitfield, service_bitfield, company_bitfield, hospital_bitfield, room_bitfield, appointment_bitfield ],
+			);
+			return await respondWithStatus(res, 200, 'Role created successfully');
+		}
+		catch (err) {
+			error(err);
+			return await respondWithStatus(res, 500, 'An error has occured');
+		}
+	}
+	else {
+		return await respondWithStatus(res, 400, 'Missing fields');
+	}
+});
+
+// GET role
+router.get('/:id', verifyToken, checkBanned, checkPermissions('role', 1), async (req, res) => {
+	try {
+		const [rows] = await pool.execute('SELECT * FROM roles WHERE id = ? LIMIT 1', [ req.params.id ]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'Role not found');
+		return await respondWithStatusJSON(res, rows[0]);
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+// PUT update role
+router.put('/:id', verifyToken, checkBanned, checkPermissions('role', 2), async (req, res) => {
+	const { name, user_bitfield, role_bitfield, verification_code_bitfield, ban_bitfield, patient_bitfield, doctor_bitfield, service_bitfield, company_bitfield, hospital_bitfield, room_bitfield, appointment_bitfield } = req.body;
+	if ([ name, user_bitfield, role_bitfield, verification_code_bitfield, ban_bitfield, patient_bitfield, doctor_bitfield, service_bitfield, company_bitfield, hospital_bitfield, room_bitfield, appointment_bitfield ].every(Boolean)) {
+		try {
+			await pool.execute(
+				'UPDATE roles SET name = ?, user_bitfield = ?, role_bitfield = ?, verification_code_bitfield = ?, ban_bitfield = ?, patient_bitfield = ?, doctor_bitfield = ?, service_bitfield = ?, company_bitfield = ?, hospital_bitfield = ?, room_bitfield = ?, appointment_bitfield = ? WHERE id = ?',
+				[ name, user_bitfield, role_bitfield, verification_code_bitfield, ban_bitfield, patient_bitfield, doctor_bitfield, service_bitfield, company_bitfield, hospital_bitfield, room_bitfield, appointment_bitfield, req.params.id ],
+			);
+			return await respondWithStatus(res, 200, 'Role updated successfully');
+		}
+		catch (err) {
+			error(err);
+			return await respondWithStatus(res, 500, 'An error has occured');
+		}
+	}
+	else {
+		return await respondWithStatus(res, 400, 'Missing fields');
+	}
+});
+
+// DELETE role
+router.delete('/:id', verifyToken, checkBanned, checkPermissions('role', 4), async (req, res) => {
+	try {
+		await pool.execute('DELETE FROM roles WHERE id = ?', [ req.params.id ]);
+		return await respondWithStatus(res, 200, 'Role deleted successfully');
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+export default router;
\ No newline at end of file
diff --git a/routes/users.js b/routes/users.js
index b7f863e..c0a2dc1 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -30,6 +30,8 @@ router.post('/register', requestLimiter, async (req, res) => {
 				);
 				if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing user');
 
+				if (process.env.DISABLE_EMAIL_VERIFICATION) return await respondWithStatus(res, 200, 'Successfully registered');
+
 				const [rows] = await pool.execute('SELECT id FROM users WHERE email = ? LIMIT 1', [email]);
 				const code = sendVerification(email, rows[0].id, 'email');
 				pool.execute('INSERT INTO verification_codes (user_id, verification_code, type) VALUES (?, ?, ?)', [ rows[0].id, code, 'email' ]);
@@ -74,6 +76,7 @@ router.post('/login', requestLimiter, async (req, res) => {
 					email: user.email,
 					first_name: user.first_name,
 					last_name: user.last_name,
+					verified_status: process.env.DISABLE_EMAIL_VERIFICATION ? true : user.email_verified,
 				},
 			});
 		}
@@ -322,4 +325,49 @@ router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
 	}
 });
 
+router.get('/:userId/roles', verifyToken, checkBanned, async (req, res) => {
+	try {
+		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
+		const [rows] = await pool.execute('SELECT r.* FROM users u INNER JOIN user_roles ur ON u.id = ur.user_id INNER JOIN roles r ON ur.role_id = r.id WHERE u.id = ?', [ req.params.userId ]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'No roles found');
+		return await respondWithStatusJSON(res, rows);
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+router.post('/:userId/roles', verifyToken, checkBanned, checkPermissions('user', 2), async (req, res) => {
+	const { roleId } = req.body;
+	if (roleId) {
+		try {
+			const [rows] = await pool.execute('SELECT * FROM roles WHERE id = ? LIMIT 1', [ roleId ]);
+			if (rows.length === 0) return await respondWithStatus(res, 404, 'Role not found');
+			const [result] = await pool.execute('INSERT INTO user_roles (user_id, role_id) VALUES (?, ?)', [ req.params.userId, roleId ]);
+			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error assigning role');
+			return await respondWithStatus(res, 200, 'Role assigned successfully');
+		}
+		catch (err) {
+			error(err);
+			return await respondWithStatus(res, 500, 'An error has occured');
+		}
+	}
+	else {
+		return await respondWithStatus(res, 400, 'Missing fields');
+	}
+});
+
+router.delete('/:userId/roles/:roleId', verifyToken, checkBanned, checkPermissions('user', 4), async (req, res) => {
+	try {
+		const [result] = await pool.execute('DELETE FROM user_roles WHERE user_id = ? AND role_id = ?', [ req.params.userId, req.params.roleId ]);
+		if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing role');
+		return await respondWithStatus(res, 200, 'Role removed successfully');
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
 export default router;
\ No newline at end of file

From abd6f6747f6db7abb0d3c9c59f03a0cf21fc0c5d Mon Sep 17 00:00:00 2001
From: Lightemerald <light_emerald@aostia.com>
Date: Sun, 24 Mar 2024 11:40:35 +0100
Subject: [PATCH 2/6] Added @me endpoint support

---
 routes/doctors.js  | 56 ++++++++++++++++++++++++++++++++++++++
 routes/patients.js | 68 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 124 insertions(+)

diff --git a/routes/doctors.js b/routes/doctors.js
index 183d8b0..d2ef380 100644
--- a/routes/doctors.js
+++ b/routes/doctors.js
@@ -102,6 +102,10 @@ router.post('/:doctorId/validate', verifyToken, checkBanned, checkPermissions('d
 router.get('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -117,6 +121,10 @@ router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const { type, value } = req.body;
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -143,6 +151,10 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 	if ([ user_id, email, phone, speciality, status, is_verified ].every(Boolean)) {
 		try {
 			const doctorId = await getDoctorId (req.userId);
+			if (req.params.doctorId == '@me') {
+				if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+				req.params.doctorId = doctorId;
+			}
 			if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 			const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
 			if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -168,6 +180,10 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'doctor', 4)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM doctors WHERE id = ? LIMIT 1', [req.params.doctorId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
@@ -186,6 +202,10 @@ router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => {
 router.get('/:doctorId/appointments', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute(
 			'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id JOIN services AS s ON a.service_id = s.id WHERE a.doctor_id = ?',
@@ -204,6 +224,10 @@ router.post('/:doctorId/appointments', verifyToken, checkBanned, async (req, res
 	const { patient_id, service_id, hospital_id, room_id = null, date, time, status } = req.body;
 	if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status');
 	const doctorId = await getDoctorId (req.userId);
+	if (req.params.doctorId == '@me') {
+		if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+		req.params.doctorId = doctorId;
+	}
 	if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 	if ([patient_id, service_id, hospital_id, date, time, status].every(Boolean)) {
 		try {
@@ -227,6 +251,10 @@ router.post('/:doctorId/appointments', verifyToken, checkBanned, async (req, res
 router.get('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute(
 			'SELECT a.*, u.first_name, u.last_name, p.gender, p.date_of_birth, s.service_name, a.service_id FROM appointments AS a JOIN patients AS p ON a.patient_id = p.id JOIN users AS u ON p.user_id = u.id WHERE a.id = ? AND a.doctor_id = ? LIMIT 1',
@@ -245,6 +273,10 @@ router.patch('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned,
 	try {
 		const { type, value } = req.body;
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
@@ -271,6 +303,10 @@ router.put('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, a
 	const { patient_id, service_id, hospital_id, room_id, date, time, status } = req.body;
 	if (!['Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor'].includes(status)) return await respondWithStatus(res, 400, 'Invalid status');
 	const doctorId = await getDoctorId (req.userId);
+	if (req.params.doctorId == '@me') {
+		if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+		req.params.doctorId = doctorId;
+	}
 	if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 	if ([patient_id, service_id, hospital_id, room_id, date, time, status].every(Boolean)) {
 		try {
@@ -297,6 +333,10 @@ router.put('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, a
 router.delete('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'appointment', 4)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? LIMIT 1', [req.params.appointmentId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
@@ -315,6 +355,10 @@ router.delete('/:doctorId/appointments/:appointmentId', verifyToken, checkBanned
 router.get('/:doctorId/services', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const doctorId = await getDoctorId (req.userId);
+		if (req.params.doctorId == '@me') {
+			if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+			req.params.doctorId = doctorId;
+		}
 		if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT s.* FROM services s INNER JOIN service_doctors sd ON s.id = sd.service_id WHERE sd.doctor_id = ?', [req.params.doctorId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Services not found');
@@ -329,6 +373,10 @@ router.get('/:doctorId/services', verifyToken, checkBanned, async (req, res) =>
 router.post('/:doctorId/services', verifyToken, checkBanned, async (req, res) => {
 	const { service_id } = req.body;
 	const doctorId = await getDoctorId (req.userId);
+	if (req.params.doctorId == '@me') {
+		if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+		req.params.doctorId = doctorId;
+	}
 	if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 	if (service_id) {
 		try {
@@ -349,6 +397,10 @@ router.post('/:doctorId/services', verifyToken, checkBanned, async (req, res) =>
 router.patch('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => {
 	const { type, value } = req.body;
 	const doctorId = await getDoctorId (req.userId);
+	if (req.params.doctorId == '@me') {
+		if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+		req.params.doctorId = doctorId;
+	}
 	if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 	if (type === 'service_id') {
 		try {
@@ -368,6 +420,10 @@ router.patch('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (
 
 router.delete('/:doctorId/services/:serviceId', verifyToken, checkBanned, async (req, res) => {
 	const doctorId = await getDoctorId (req.userId);
+	if (req.params.doctorId == '@me') {
+		if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+		req.params.doctorId = doctorId;
+	}
 	if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 4)) return await respondWithStatus(res, 403, 'Missing permission');
 	try {
 		const [result] = await pool.execute('DELETE FROM service_doctors WHERE doctor_id = ? AND service_id = ?', [req.params.doctorId, req.params.serviceId]);
diff --git a/routes/patients.js b/routes/patients.js
index ab44f40..7f77f0a 100644
--- a/routes/patients.js
+++ b/routes/patients.js
@@ -83,6 +83,10 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re
 router.get('/:patientId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const patientId = await getPatientId(req.userId);
+		if (req.params.patientId == '@me') {
+			if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+			req.params.patientId = patientId;
+		}
 		if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -98,6 +102,10 @@ router.patch('/:patientId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const { type, value } = req.body;
 		const patientId = await getPatientId(req.userId);
+		if (req.params.patientId == '@me') {
+			if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+			req.params.patientId = patientId;
+		}
 		if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -124,6 +132,10 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => {
 	if ([ user_id, date_of_birth, gender, address, social_security_number, insurance_number ].every(Boolean)) {
 		try {
 			const patientId = await getPatientId(req.userId);
+			if (req.params.patientId == '@me') {
+				if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+				req.params.patientId = patientId;
+			}
 			if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 			const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
 			if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -149,6 +161,10 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => {
 router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const patientId = await getPatientId(req.userId);
+		if (req.params.patientId == '@me') {
+			if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+			req.params.patientId = patientId;
+		}
 		if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'patient', 4)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT * FROM patients WHERE id = ? LIMIT 1', [req.params.patientId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'Patient not found');
@@ -167,6 +183,10 @@ router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => {
 router.get('/:patientId/appointments', verifyToken, checkBanned, async (req, res) => {
 	try {
 		const patientId = await getPatientId(req.userId);
+		if (req.params.patientId == '@me') {
+			if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+			req.params.patientId = patientId;
+		}
 		if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute(
 			'SELECT a.id, u.first_name, u.last_name, d.email, d.phone, h.name, h.address, a.date, a.time, a.status, s.name FROM appointments a JOIN doctors d ON a.doctor_id = d.id JOIN users u ON d.user_id = u.id JOIN hospitals h ON a.hospital_id = h.id JOIN services s ON a.service_id = s.id WHERE a.patient_id = ?',
@@ -186,6 +206,10 @@ router.post('/:patientId/appointments', verifyToken, checkBanned, async (req, re
 	if ([ doctor_id, service_id, hospital_id, date, time ].every(Boolean)) {
 		try {
 			const patientId = await getPatientId(req.userId);
+			if (req.params.patientId == '@me') {
+				if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+				req.params.patientId = patientId;
+			}
 			if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 			const [result] = await pool.execute(
 				'INSERT INTO appointments (doctor_id, service_id, hospital_id, patient_id, date, time) VALUES (?, ?, ?, ?, ?, ?)',
@@ -203,10 +227,54 @@ router.post('/:patientId/appointments', verifyToken, checkBanned, async (req, re
 		return await respondWithStatus(res, 400, 'Missing fields');
 	}
 });
+
 // GET /:patientId/appointments/:appointmentId
+router.get('/:patientId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
+	try {
+		const patientId = await getPatientId(req.userId);
+		if (req.params.patientId == '@me') {
+			if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+			req.params.patientId = patientId;
+		}
+		if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 1)) return await respondWithStatus(res, 403, 'Missing permission');
+		const [rows] = await pool.execute(
+			'SELECT a.id, u.first_name, u.last_name, d.email, d.phone, h.name, h.address, a.date, a.time, a.status, s.name FROM appointments a JOIN doctors d ON a.doctor_id = d.id JOIN users u ON d.user_id = u.id JOIN hospitals h ON a.hospital_id = h.id JOIN services s ON a.service_id = s.id WHERE a.id = ? AND a.patient_id = ?',
+			[req.params.appointmentId, req.params.patientId],
+		);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
+		return await respondWithStatusJSON(res, 200, rows[0]);
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
 // PATCH /:patientId/appointments/:appointmentId
+
 // PUT /:patientId/appointments/:appointmentId
+
 // DELETE /:patientId/appointments/:appointmentId
+router.delete('/:patientId/appointments/:appointmentId', verifyToken, checkBanned, async (req, res) => {
+	try {
+		const patientId = await getPatientId(req.userId);
+		if (req.params.patientId == '@me') {
+			if (!patientId) return await respondWithStatus(res, 404, 'Patient not found');
+			req.params.patientId = patientId;
+		}
+		if (patientId != req.params.patientId && !verifyPermissions(req.userId, 'appointment', 4)) return await respondWithStatus(res, 403, 'Missing permission');
+		const [rows] = await pool.execute('SELECT * FROM appointments WHERE id = ? AND patient_id = ? LIMIT 1', [req.params.appointmentId, req.params.patientId]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'Appointment not found');
+
+		const [result] = await pool.execute('DELETE FROM appointments WHERE id = ?', [req.params.appointmentId]);
+		if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing appointment');
+		return await respondWithStatus(res, 200, 'Appointment deleted successfully');
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
 
 export default router;
 

From d93bfe333dee3b0964403a720074072823c85d3a Mon Sep 17 00:00:00 2001
From: Lightemerald <light_emerald@aostia.com>
Date: Sun, 31 Mar 2024 20:50:58 +0200
Subject: [PATCH 3/6] Updated backend - Added better anti DoS protection -
 Added better security measures (HTTP headers, etc.) - Added TLS support -
 Added support for configurable rate limiting - Added default 404 and error
 handling - Updated proxy settings - Updated env naming

---
 .env.sample               |  19 ++++++++---
 .gitignore                |   5 ++-
 README.md                 |  38 +++++++++++++++++++++
 bun.lockb                 | Bin 97275 -> 105855 bytes
 database.sql              |   2 +-
 index.js                  |  69 ++++++++++++++++++++++++++++++--------
 modules/mailHandler.js    |   6 ++--
 modules/requestHandler.js |  20 ++++++++++-
 package.json              |   4 ++-
 routes/users.js           |  18 +++++-----
 10 files changed, 147 insertions(+), 34 deletions(-)

diff --git a/.env.sample b/.env.sample
index 81e198c..2feb727 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,11 +1,22 @@
-PORT=3000
+PORT=80
 DOMAIN="http://localhost:3000"
 DATABASE_HOST="127.0.0.1"
 DATABASE_NAME=hsp_gdh
 DATABASE_USER=hsp_gdh
 DATABASE_PASSWORD=""
 JWT_SECRET=""
-SMTP=
-MAIL=
-MAIL_PASS=
+MAIL_SERVER=
+MAIL_ADDRESS=
+MAIL_PASSWORD=
+BEHIND_PROXY=false
 DISABLE_EMAIL_VERIFICATION=true
+DISABLE_2_FACTOR_AUTHENTICATION=true
+DISABLE_ANTI_DOS=true
+DISABLE_ANTI_SPAM=true
+RATE_LIMIT_REQUESTS=100
+RATE_LIMIT_LOGIN_ATTEMPTS=5
+RATE_LIMIT_VERIFICATION_REQUESTS=5
+ENABLE_HTTPS=false
+HTTPS_PORT=443
+HTTPS_KEY=domain.key
+HTTPS_CERT=domain.crt
diff --git a/.gitignore b/.gitignore
index 6769c0e..123b98f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -136,4 +136,7 @@ logs/
 *.log
 
 # token
-tokens/
\ No newline at end of file
+tokens/
+
+# certs
+certs/
\ No newline at end of file
diff --git a/README.md b/README.md
index e69de29..d8b8a90 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1,38 @@
+# HSP-GDH (API)
+
+Short description of your project.
+
+## Table of Contents
+
+- [HSP-GDH (API)](#hsp-gdh-api)
+  - [Table of Contents](#table-of-contents)
+  - [Installation](#installation)
+  - [Usage](#usage)
+
+## Installation
+
+1. Install [bun](https://bun.sh/).
+2. Clone the repository.
+3. Install the dependencies by running the following command:
+    ```bash
+    bun install
+    ```
+4. Copy .env.sample as .env
+   ```bash
+   cp .env.sample .env
+   ```
+5. (Optional) Setup SSL/TLS certs
+   1. Create Certificate
+   ```bash
+   openssl req -newkey rsa:2048 -nodes -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt -subj "/C=FR/L=Paris/O=HSP-GDH/CN=localhost"
+    ```
+   2. Enable HTTPS in .env
+
+
+## Usage
+
+1. Start the application by running the following command:
+    ```bash
+    bun index.js
+    ```
+2. Open your browser and navigate to `http(s)://localhost:{port}`.
\ No newline at end of file
diff --git a/bun.lockb b/bun.lockb
index 0a0b0fde2b542566fe2108da16b40267400358cf..6d0949cd886fff348160654bd6970ed717f2c515 100755
GIT binary patch
delta 19593
zcmezUo%R1Nwh4Ng;-%jd#h06!O0q=XuJ3a=dgMi<tlowf8AoO>u@kyjx9R;HMg|ZN
zo)|9A>@L8#v9h13KBJ_hpqPPyAtN;>H?@R;p_YMxL6Cu=A+@5QD7Cnlp)9ee5~S&!
z1Oo#%14BbeWkITLW--G`Nd^Wk28M>*%-mGnlq80Ek`VdglEjkI;?&{?5)2G{3=9od
zBp4WY7#JFgQ}a?l=A3}?lX<}Eg~0}ZB&I+uu$P(K#Vp5J3+0wf-pDLpZy^UUWtJSo
z)LuCT23`h+hK$7G{PH{o27P%5-&G!LYJ-hD0|O@mLqm%kgsxCvU=U_tXn3o@z#zfE
z(2$;A0Cvqy1qKEY28M=x5)j`gDM8drLg@_<U(`3`rj}&nrxY{Hmw*IM2h<y-c?FpT
zsSFG$5)2Fi3=9p)`T5zIsSFGeP<dAgh{aY=?-V7L>n7!=RBCcUEKI5_Nd*PJt^~vb
ziOI>S1trA{-f9r}Yz77fAqEqM1_%QYFEESH4NlH40-47Uq%rvxi(LIjEr>bKp>(k}
zgnt*xSJHvFJ14a)4-^X$IuQA<P<8*c85krP7#dPiQwu=Reol*lfuDh);iwiQpp^6=
z{5Cy^z6w1^1ntxUM_7Hs6fFh@RR)HJtYY2D#M~T)#G>?q#G>NVHZ6$4%wpa2octt)
z9R?5ss<j|7n3<lJUzEzgPz1FIq$n|`nBkEj#Nu?Qy0px^6y4GShNVUjeY2o+fo@KI
za-vB|YJqM}W^QH)!z^Qnf^aQ}kF`x878YgZ7A2-JFn}xog}?)o$y#i3^;b<G%Cl1|
z%Rs_TW)OZ_PGU((Y6^n~G$2xoOG`3yiWyRi3rkarDjAB+A;zW_7ZjzYGBB8GK@z}Q
zbBMbWlk<x}A*~4spav03h`6X0BqgTgCzlju=1o4%CRon}^<#NPW^x7t14CwUYDFpo
z14FeHB+&h=A&I6Su_Qw`JGC-7BQXb@PHZ4yn~_+oo0gN9&Ta#7`z;%YdQDr18xym@
zUSlXN%GAv&W?(2N&8tk#Pf6Wj3wBF=!#rCC1}O%HhR>P|4B`w74UaV;VV9OzTvEuu
zz)+N0TAZ0y$xvhu@uaf@IMy4C9U$tCYBDg$F)%c&(qv$e1{EHT3=A?13=Io3Ar6=T
zH805tqCd<DqF=xnMAtJkFgrtBJkJ>tO68i6<QNGxIJGz@Gp~e!0hU@okqAm9ge(kY
zU;vj7Q{5nRmm4I6xZOb(Gc<tt^$ZLRF3{o-EWp6fV9o$>kR}5ph>v<eTyEqEF+jl+
zlwTPd_IN-Hp5wv5pa3ctydd&0bpc)weO(?9^;zB!^W+#H>bMvf7&f<XOkomWXjf1Q
zk1U?D{$E>}{mElrHcN1yVANP2d3m43m7_~^y^gsS>gCH#zP#j#Veng4ol{reti2%Y
zT454X*RWl+Y4Zaf4Q7d*Aq~~*1y=lc6?E+6jnrjXdi!?hIT>kOn!JHu!J_(2`q>Vl
z*Gh{|&#0WAbt!YAepIj8R$EKXe4Ash0%z@p@v~>`TyyW((;qPYWDS8cjKY%_3TRJ$
zAiyzML$HUD1I~LPc!H66@<&1Q%`b#{m?xJQm`q+Fc7c(1@<IXi$qTeNC$ALmo@`=j
zvN=Pdg@@5-@>@Y`&I)k`1``H`2KLE@!seW7#2Fa87#JFuCVvz)XZ$u<Q`MgHrvw9o
z0Ruw=<77iIb52c31_nDY52PY}@=H~F#?6y8)$AEROwLrZ=Tw)1$TLj-C~VG|D#gHH
z0W*(tt`q}<3s`TVpgH5i$(ic*OiI#|SE<`^21_$AIDn-LMa)?zOEWOoP1Y5(X1q8#
zQ^TH<Q3hft6UcL%-ZC(?A4SbMyJcWj6bhL$9-f@3Y0vm|@=8s6PE}cmF2>0pMa)@~
zWf>T(Ca;yU=A0|bz+eWpt5DFK^Rg^NKjY*=33DcHxyi4z>^NQIU{-((T`@UR+n)2S
z90P+BSldS-bIt&HNVq|q)FKa)1BKBsc_fQDSrix;tRVVC%{lGhyp0m(tlbI>41SZ}
zN?UWXDl#xcz*WU6!ovKcs5xt|A_GGJNEPGV$(nlhOxjA5v-IpZQ<WeFGfdv-ZZY|#
zo;~MdC791Z&X81wL?$CBGC7l#;a)PaU{PjZFagK^b!7$y53s!(mCTvsRVHT{*l`A{
zz|?M(Fz1}C!oc9iz|g=j*-#M_ZJLJmoC>OtP-B{0C~D3Wp*ne$p&jQ!RR#tl28IS^
zP)cFFtjfUP1adW#sM_Q#BRi&0waKp}?HDIceraUS`9+O^!3Uh~3I)x19n={Z%o!LO
zSQr=>geMmYf>SqVxjH0_873EMm~*aHXJD`gyY!=#Ip-^NxC1oJnUpjpYZ=>d#%n;L
zfo1YXX>+E98k1KU+i^bDfSF<_XwIvm$-rRBz|g?Kz`$S$&N&LAoGe-l3^tQ<1+6*F
zwHX*}7#JGZKw-vO3*t?FD{9TOQ+u+OsU4@04kWagCT~<S=d99!#1g|~LqT(<RXUSj
znc8ta(}9@4IN4CdoJmP{a+aALXO1o;Vi+cWG&1L0q|3nI2JwlhIp+&qNHl^&jmc1N
za+bLr=L9{7DGXqDoY7-oZ~>)VCIS7)S{8Pk0s0IKMGzB2%{edVLriA@=V3MjSjd2~
zhn)c=&oP5C0cVo|Oyx%rbIwBs5KEXq!NvK{0Fr7UZnQCkgc|GQjY8&}1%?neGEV+z
zYR<dL5Ml!_0|SEuI1C>Ma4@|#oczklj#JGDVhr2ljZ)^EDMk<rS;0AX15}O$%zFpr
zv4MFy#t=gxDpQOh`k299T51e2lL5?oYz&D6a2#=(nm|0kJQ<Xm3r!%-W(M27)C3Yi
z?2|W2nsa_If#_qLywTi(!xSO~_7Q7_DJVaH3WqtS5N9xgVwm-cDX1U<m6Jkd5cMpe
zOu*@D25}HGD0-N>%_gt1x8po$28mYY$sZ-mIoZu2K41a|ye*W+IJwZkoU_&(;$~J*
zA<4AUeDW&?JI-(BkZi_0*-*%w)5QW3;;fTDikmYnw3xig(T?+q1tedxPX-l1vX&4f
zEFe=j!z~#Y0zg>^9Gc55A>II22Tb=ZC%<yCV->VwV9=SYD`w4UYXxyXJJ@kctRVT8
z2^?tG;JlB5=A0bX5KlqMxoB%h1_K+*IoBF)iL^QARcnYTETG)asbB+1ckJM3NwI;b
zghc!t8;I=?hd;N0m<g_PIE`%~LBj~jDNOmcle66HIM3KZVwDAy(O5zCkHzG*Le`uX
zb`U><GazS&9RouQxUvCNWl!uF82rImq)^bD$=H7KD|b8AR(l2p<H@<|)|@-+A<@G)
zxlqWQ>7D)LRUUSn{tl4vWdu9A-vLtKFii%Pg6A9<7(&73eH1kpRCZ)w2n3ahkfs9z
zAGnTvAi%*n0V)FyOx}l%=*7(gQ%(*ih&4<gKXR5j!Q%a+v^nQts2npmQe~VWDk0$(
z;|vKYNP)iG84~@FEb`Eqfx#0T{f5%!oLVjn3_)PtM^kgA=`NGCOzb$%xIjV?lIj>-
zC$F-yW3q6ayvoy#v(pvgA8;fv-EswM;CF-A&IC%(g8ps{4A!6k0JY2+7#LK*US6QX
z$>Rnw7gVIOPBxSV7v8*=+!z=v85kNw7#J9MU`0BUxcg)+Upv7FcZl0TlH3do402$z
zK&8ke_sOe#?3k{(Pk!ZN$0Xn}Im_3M$=hS{DqlOM8y=Hi`Py;XdO|7-W>C~|mUuES
zxPoIH6p=eUC$I9eV|wd3`IVm?Q=ZpkEq^<vWnPoB{Oy?TdQD#CZ^xwKJ^7Wt9aDw(
zWUT-@rfuGnvjXgR-+4oV57b#_nY<BF0WmrIOnwz$l_|~uZi$1s;tWa*3=AMe%Fs{%
z(ICDGlur!J#K6Fy22~HDSs54@v_a-hUK=Prc~2lmJxGNfR0T2(vPmB*j*SNCGX$B$
z0M3hGl}2C^!UyR$hVnr)D9Ws%d?b2ubdcoaoFEQOka}CFJctJI?Vx;QnsxHrAo+Tb
z1gPx}QsoNbFo2^59A0ivK8R*!00%Y$$lrcYaeOp8132q}Rf0MZAYX=qc?=9lbUg#8
z`4A2DehdQx14v^s1GwA6kP8(D^#ef;%!e944I1R2LWX(<29VE6pca)vEx<;DG?X(i
zFvv47FieB0L#9FUGoa?ogv#TiK^~tA3V%?Qyb7uTM1y>~8p;RJpdjA><x@g~%-zTU
z@$eR?dG#O$$R#_VF5d~2z(#{YY7YYgILZz{)gOe?hoA-@Wnf?cg~V~FIRxl>29N?!
zoS%bgz(<38a2`}PF)%RPhC1Xv)Bz8m`jKgnLmolJK{QDJW2pKk;HY$GU|<G`f?UrC
z?$R>wGeUeQ%n0#`C{!LqgA5dh@<BAHB(MeXC)b9H*RwG&Ft~ttP#UD#jS*7zxI@M9
z(I6!rP+Pq~90mpkd^AXjH;7<hVDM%H1^Z;)2ysx7V(@_qBhw%uUl75-zyP8_Oh2e~
z0U!<o0|ST#F$1B_4uaCbAVCHO1`rKmhA=|XQ8-jSf{}p%<o!5CP=AYofguhm5f4($
zz`y{aLE(`I<%4JtGYLd6FfgFdlh;DMkqosa4XO%6gP7?cf`NenM1xGtgxZz`6$jBE
zW;Rqj2gG4uU;xpeRGbeLFMx`JXb`gyL@+Qg6f%NJ1_%Qbt_;Oc4JA+oAR5Fhg^HJf
zI1CI7AR3gNs-WW4P;q=T$OE-d^>tA7b&U0p)Ykx&XoN~2(;%O;K*f=1P6h^sUZ^;T
z23gP#<%4Jta{`E9U|>L|LFy(kLh894^-u*npbppxjfy=`aby}~;ZbNxIu2ET0!p8R
zst3^^<|(N7X()XLN}q*hyNghJ>aT!QGcYh<qd`G@18U(ds5)dC<dZv4gYQD=dr<m5
zR6VF%z|%_bV;F5FfSL=V%>;(gX2NJQVYHb5DpNtt15mjMqCv&zXfpxa+5)u~Mw<!X
zJ|n%G36a>E2cRSh5~rw{FxfIOCKB9P_{aYb+I9dL48kmn&ZsT&Ny+*j&0v1=mip_x
zAFmu-US+VW`mWpB3!MUyy^omr3Vo%F=ayZcbS&pnTVKGbwARq(AKx+>?mV5E<(a`S
z`CVc-Bg163BoH|-N!;<|o?n*DQ~Fv2IQbtv*lIIz$qW7iOk11(aoJ^+C-B{0_96HB
zhNDU4OglSop8Cb~CsjYo#BSxGf{#<0oVas;N^vku{suP7FBxRwGBEisS=@2f$}bZ_
zQZIOEwH1Al<khcQ=zgNP^pu9JOGUj>%{f<7rIf-zrdR(mP6tkKI(s17HscPL_v(Z{
zoIgw({H3|yo@JOEmI5+y9hhWG1+nA6<TfzLmj)6^1C#r}q*yvgBo9m;1Cw$YAdxaK
zc`hRyIaEO{Fi?nsFiSbNhEvGy_8UHxty)*}_uVdbE)cr<U{#-4kuYz(bMKe!t3wv>
zq-L|;e($qYV{5j*huy7>30J>=ShjKUrw`@7FEC85%LLhU4NU4~q1Yr1vI2@(-u3=T
z>M(reb$5aI_Z|hUIn5OdRalQdKa=fbU9#5sSNh%wGKJR@{{650;JJT(%Y(Jb(l^xK
z89r!cY0GfZ{GepPF!^2<$R@LF5ZRY4?)Y=s3USX=K~<wS;`a*=9{cs`$eMC7+xgda
zn=vq7Ia0B$IayQg{@=qtLzvI3FFY%Ged%2}qbu<jll`jt1g?m!o5wKu8Q3hl9FU3A
zz~nnH>6Qx;nFl7nfl0qSkjOGH`43En<%2}lfl0Ok5IYV`ZUd8ig&>hMFu4y*iWPxG
z^1$RVFez6I5-9_d=fI>|2}q<4OkM+%dZi$dHZXY)Oq!K}MEbzwGcaja4icFLCf|Wc
zw+fKRJTUnUO!`%VM3#Zce_%4K3M8@)OtMvj*l}QT8<^y)0g0r6$$d2_u^I@CQ4q!Q
zz+vax>*4F%S})6+TiNRvFX?tD5R2z8@$y=C;~axvB5!(O$<2$N!XF!4_>~&o{oQ&(
zVnx>Bx660bPx`(qcWD#D<h)vOpXP@*SFzt-TJAI{eLv^@XKAh_nXv~`rv>d|pCj-4
zWO}{YpOtfupE%Vcv1EzGx1#+Wr>cKwO=H=orEGfTB;#pMP(8`W04XzqCo9(aFfvS*
zs}rBxTI;}rRGfrPz6h2&S0_H%v<^iod~#zQNLO9G_~fUkQjwDl>p@a_4dRoh)}!c(
zp8OCjb+18uvTFm1RP5x54Io{8jpCEPqDsY2c5DPm*)@qzUfPJFD{=Biu++OI@yVf0
zC{oFj7dC-(&1)8)%-W11l{z`F86@S`B0hO5s#N-9#ukv&zZUVysVykFGAC~YORZ}a
zpDfynB9%Qku@$5%u1$RMQB<ki$%1VlDZX~`$)#;5y7DI<1WWB}7oV)!jv`e!xv(9i
zE3ZR*@>Nu+;>n5~ASt;{@yV?nD7s1~Uj$2?>lB}C+KD1nKDn_Iq^qt=eDYINsmjTQ
zT_7pFZt=-eyHIphPksoNy4Ni}*|i%*s&?|kZji3N9`VUvQKjl9JNAI2?0Ur~FYQ6m
z)j0VhSn6G`_~g)D6shLP3wuGj=JknBX6-|fYMmU|2a@vZ7oWTpRjPe5V?RjhU%&X|
z)P59Qos&0$rPfUlpDa27MXGyp;slVcxQXKR{yX1IkFM~!Ge6}}^^zrC6R%HIP20w`
zpvHvP|AUM~R>O&>ER88F`Olh#9v4;TZ?d$1C$-5mym#L@vp39I&!yUs@=Gr$heI*T
zQ@iDD*1|uWd(J&q`7q<43`?-=XT|N#=gtLKT}&-oa^QQj>W3TK(xuX0&y&1dDE(F@
zE4Z^TY4(zEy))ZtuePrG$}pL4l6Zaa-k6hS%XY~+xm=jPB+Y7D@1E(>XAgYbA@%0J
zV8ny^qO@~=^`}^sW?lJPsTa#<EFt$?Q+Dg}&5J(N7kHgttq&RvhUN5rsMA0c%dGfJ
z*9YtFoZC7fGi#ycwp}UH{X&9wq<p-%{YL-mj(|loP9EH8c4f9y<?GP9-zEhwsm?O)
zKkQ+z9{gUrtM~M7%N&Nu`zDF|d^TKlYWfi~gN_v$39(j89~YFZ-=@u4-{8Q0!tVT;
zY5t8{zI@*D`m(pLuWSByA-OH;&vtx@u32?pbJrHDX$@0rkV0?b<elJ1$(t-bS#}~y
zd`+I5IS~|Ja#O@7pPlG{Tscn#`38zvO6TpH`6fNnNZLaztf_nFRlmO3Mv4h%rxsk#
z?X>oIxA<&Y?oTGK?2G@_Z|D7RW##fG-!y(*3$2qakJ^#xy^4D!!{l>Q#3$EILa}`M
z<dc&?me)-cpR79>MQY~c%E=%py=mf;@1jc0o~$_qBz13^_~hOxD7xlOz6qA<n=U@t
zb}EY0{K=hDLAvZ_h);ftDz$L3<us7gyBXq>=T1Y>wRrMNu++Sn;*))+qev~CJaalo
zm)|V$$$wF$mQVJa0h0PROMLR$87R6|PW}m&S~pvKa_meLsnwHL&IIX-n<GA%cNR)i
ztc6Ach+=sXv-bQa?Tizzmb2fz-zj(d@a2#bH+v>-Gx+&)`{tI1PniO)|6yU<oj-Mo
z_x%g|_ANW`MCi>)tG%~*=Jh33Klu~SFqv<z_~gB)HmnC34aF=>!aE(^l|Myh=j7UU
zX7~pulwEErJyv{A|D?doC~dDZ`@Af^Zt_=9)~G7<l95XMq3^2K!c_E2$j60Gt$|NX
zlwtC|x#E*^XQOy;<K&&QLEg)oCq7wr4vN&~$(eINQgZXfC!a-?+B#WsE=cO!eDTS(
zb5V3{pL`N5RkuKVvhF+-shyK6=Ye$TEfk-87gcKaWX<^?se22>C-=@r(Y1H-O|Vqo
zBJs(#3s9u?Pwrd*(q*?;eDYgVse_X(7lNeTEf$|VcOi<d!;@cvrRFUWpX|E`Me69}
znTtTW{FaJO{);Mge6r_akkr4W;*-}dM$vV0@=vhTx@F>%W0#;vou0gM2}oDma`DN$
zOHriGPL5m(lHyw-K6x*y)cMJr%Ro~5R)|l|U529T;^duRsl1iqlVz8qNL`+sxg4ZR
zZk71tv#3&6CrhpXNu66IKDl-UimvOEPlBcDR*O&8U5O%fb8_WMkS@J7;*;;9O5L8U
zxe6q8Z;klm-c=~N?oPf5mg-w8KG}9Piq!qdovT5*?AD1-ev2ygaI)nZkkq?%;*;mD
zLDBVi@=LJPy!GOfeb=H$J)JyrEl8K&2Jy*%QKg<w_FM;&`nN%R^4fJMx?WEH36@&7
zQG9ajdI#jv^))oJfhd-{_S_R*E_gg4^hpp?eq4aVX`?{Z)y@Zu8p990ow)tB@vLc8
ztGgn%Tt61d%`2BR_1*D<xy-e%K75(zbvn87?PD*7$#I*+>tFaNdD)01{CnwplI=xb
z+=&3*o*!v;rs7|wcn7MVwb45ozvt99o|%kaSuz~DUoc%>lKPX$^5E)%y>Y2wcG|wn
zk!p;$AZI}_OVau6%_+B{cQEigDz>|C?lIemPgr^Gb!LOmfWH=hJ9r&y<{Z_qPm^MF
zy?p2S@@0>Y=k)de%W2^j@m$w_WrI!qGlt20o5g)@uaCTcS?D#Z=eAQK(_^_`yUv{?
z6k76e+e1FNRKxG{3ah5gzT_pyb)Q9<x8Bn=LB#I!!#Bz+cKizY()B8HV*XYn=e?iI
zxe*lP`!<VD&fSO-<R2&R1WV;@5uYr(2}SDj<jhSVU2<E+C!a-?`Z`&1Gf3*(R`JQI
zsFl?B$&s@_Qgz$JCySyMX+I~gTo01c+b%wtcLR!Dzb8j-07>23E<Snh29%ip3k_Eg
z#nQM)`l`-CcBjaiMuqqFPdp;B7KLi57VP>oeZel#V~19KdsDq$`Q#IRr^^ae^;gU+
z3a-tqExgg#byG3*_X02RX$+J5c8J&SOA!h@erwt!t&8$m@1DH475e7o!;WS53$_*A
zHTv%zHc6R-|KHAUfr~9e7ltoY?AUlbdI5(}b6dUbzG@bU2OGa21?_*3v!IyeEH7`u
zd+T=Ps<`c{MXRdok448^yI9va&GfLotnr2AS4Gw{nat?BF2!y?XZQYVufIA??J{d#
zd+_3kchlnEto1wH$S~P%r}*U7Ee@as*|63UBWUmtW<^P{Rl1DotY=Yfsr+?+Gk>hQ
z%O7y3+mAK(qT2sEEJod}tHm_L;-ZYaOF|BaY;6hPSJUV34O7{@q;37f>@q!nB&Rbm
zPCm8S8#JK~vx%8;veFh55f;YDmrzAm87FIPMNz}XIJpT`gq?BnEmRQ>#>qz8P;_xJ
zPVPb#;bNTp2vvleakABR6kR-wlP95y@G?$*g(||wIN50jiY|V}$+J*J1Q;iO+Tjh_
ztpW49AaW>+{od4FSCRgD)@hj&5;_vTYg)D1<-@nU<85=AqV8dTU8U`V-aj4ZEechu
zWheVPdi8v|fA#PAKXbDi|1GsUw_`R^C<{$qxYK9yLILr~4+K~?bL<LXpS(dp1I$S{
zxPp0d!k!cmXEM)G4pwnZ1_s{EjmN?nK|)-x-3^EIH`g6I$HX+lVzS@KX<S`a-~}HI
zQ>-?>JGqVtq!dZ_$CL6*n_1448EzIh<;cu6K>*^f7@^56{~bUBu>bx;04PQM06P>i
z8;#5db<07E#X({}p^Fqi6R4m*IY{g`R3B)}P!J@*z`*bast&XQ;~2zJhJR3XYzzzx
zN{kGUd16qO0m*|FGCYH71`UUTECsFC0TuNiHWPFl5j0`?0jdtP{s5#G<T#LpAYm4$
zI?y_+9FPD50|P5m4CG*Us2Ce)o*JYXl;l02g6vR*d<@_vdtgxxs2D#3czqmr2?r-s
zOn?Er&=0JR3n~T*0RylI0|PfyOo)Mj;X24N&<YHwm@sGoG{|KjpYuWmK`X>~pbGh*
zVxkNT;H4fQpMzFdfTYD37#QY4m->L>6eQLm1R@z2&WKHqVq{dC-onTjP!G}!QVg2P
z1<ezmV`N}B&&a@Vfsug$6fdBq7!r&O43dlt3{s2?4AP7Y3^I%i46=+2404PN4DyT&
z3<``442q19I8$b1U{GOXU{D23b~7?Cs53G!XfQG`fYwfFF)}b{GcqvfFfuUcGBPme
zF)~Ck=rb}f7%(z07&0<27%?(17&9_3m@qOhm@+ajm@zUim@_gkSTHg$STZs&STQm%
zSTiy(*f26MfYywNF)}cK){=-YGBAJ^ojhe=U;w3&=L`%CFQzjxF-A{kVP;g21Z_wG
z#WiTP6)1i|(FvM>b((I=%qT5r$-n?wk`7v|%>Y_PW-vXInNhu7fq{WRk%55$G@TBb
z0l&rwi6qc8`XxpNhE7HXh8{)+2GF_z&?1ByMh1p*Mh1ooMh1pTM(|1ph9XAD%7|P>
z28KLF$f}AAMg|7Z>WdUc$f6HFMg|6dMh5W06406x(7F^CMus2;S4IW~(4rQ5Mg|54
zMg|6FMg|7Zk{HlBoQKe5HJ}s;N)VvLu!ezw0o2t1t#kq{7COejzyMm+v=q9mDt~$+
z3!`{_B4|wr0|P@819;6jgD(RE186my4QLf319+<x188kSA0q<;Xwd{{xdLbr1!&;~
zXmJK;!3Jnm2WX`SXt7EtBLhPiBV>UKXpN00BLf3ywH9bW)F#j#63}7~&`uo&28KLP
zuGV2-V9<pw`qN-wV9;V<U;r(i0Im1{EnWewd;v{=ffh>bW?*0dHBPoMFfeRqU|;|(
z{{yXviDYD8h+$-4h-GA80Ij3}EuPxPz`(Gdfq@}`k%0lUX5u9S0|Tgd04+JQXJBA(
z1Z5P)5C#U&+7(dF0%cRs3O&$5DNt?!Es6uJp!0;T)C0+Z)&YXn5Q5f3fcT)2A4G%j
z4^RSRU|=Yb1LY_sQ&0v2$%Aqn$b3*)11gt5jS^6Ye=-9D!$i;u5(Wl_9?+5>1_p+p
z?W}B!^BL>A85kHs7#J8j85kHk7#J8@7#J9u85kIv7#J8D86azGL5UL-0HBRn=?n}E
zX$%Yubqov)p!z?F0kUxtG&GUGz`&3N+N8z6z)-=!zyM1B@eJVIJq&RS3=FXh;HAL~
zpv8e8|Av8L1+<h9lq4b;7#KipX_zG-gFu>KmS=)?YJwIBK^*|I9F(j;%N#+LgDe9X
z4vJ-vgF#g%Xayoj4736flo>%=1VO70L4jTXD(j1&=>)U{v4DYr0fa#cKr0AA<3S)c
zXtNk7Izen0hKW@%Fff4jiGmyob3Di~AP;~n232REg1a3WsvvbB$ALVQ1d;@eiGehL
zf~%DQvX~Mi4$=S$UXVP94_cZA3Z*V+l!3<2V9^E|tb#>b9|_S`PiDM<7GX1h90*D$
zC_Z9fU;sH7=Aj9AJTwUw|5KnY{>s3>0BX0sV_;wa^;ST+=oJH`kOi&syT`!5aD#z?
z;SvJ_!vzKg2GGhu(CWf73=9k>85kH&FfcHHN*_=ubcBI{0ki}XR1|=U1W*aJj)8#z
zH0%N@u|TEON>KcRx=70y7#Kk9AyAREkb!|=0RsaAXr<?LXb}b~S3o&+J_7^8JO&1a
zIZ*Ypp!FSy50YQRz`(GCfq`K$0|Ubf1_lPuVoy*}2(k>cE^{+lv9c2suZI~J7(k0I
zcQG(9fXW@vLQGJ30!qCg$LwWbV1Sh~AU3GH0WHo16(6S=7#L1LeGg)v1(h{W3<`yd
zpc<Zmf#E6x1H)y|(kliAhHKEZmNyv~80v2^FfiO<U|_h*z`y_sGSH$*P$3Umgb6C}
zL3J9eeghS3FQApy8)y`O90-aQP;`KT9~8`>AO^LCKp_i~f6u_c@QHze;UfbB!)K^t
zzcDZ{d<DfnD850BBv5M&)QY24e1lqzp!ojIz`%frZw3aCqY%+u&%gk3A$oj+;_Md=
zAA$@98H(;hP!9;ylmxXLK`liP2DJoXG^nZsHO4@tKN}+h1E>MV4yso{ia;170cvo8
zT4$iT6(j~~Sb=C51{LosKn)-U1_nR>?c2B+T^JcHr~l?*G&h3nV_*LdvR#siG0t4i
zP|tvY0k+c}wxN;<)N%#YYzDlH>5PoV+h_1Gx^Ob-N=&~e&M099+gJ_TQOU$;sApuL
zXUM<++tYp5+40WZz+Wqw7!CAH^-LH*yS}HNQ(%;s?jpe`#grm3Jwbxehp}Y(S_wu;
z#@gwD(u|VRA4o7tF?LM<Ex~BaIAyxNB%>tb{OO*OjOmOUrf&rC_Dw%6$!N@YV)}nc
zMqkD&(|x5FB^e(~x0hu!o<2*8QHt^1^sQ2i#?tek8}5@Lmp5*B)^7oFg)zvV3@fKI
zOEVgy*gG4ACpld~hS3CS{q#H;Mn8yklGCrrFlIn4ld+cpFC1>T+jDFpHxIimC;-6z
zXRwf)-Y3f_Ar0GIZy)!m?3eTWHB5|ghI$4dH}p<FD9b3xIBWWCSw=}FefjBea*Ps8
zHuBR2K(wp;bS*hXBe*zJp0RiOL^(!D#)|2y<rpQUVSDqh${e^8yyeIeu<3@N2<V-j
zD9>mt4cpAWh;PQu(%#(;U<FX?C(1F3u^2HhfE^;jW~gTjVuQ5F;MOLoG<}0SqXd(Z
z()3gEj7Df-W}v`0hbck=6vJt-u=7)7+y-OIDKWZnPE~~j+REv<N{o_B-fGi3lo++_
z?y7;eZNN`e(1mW>6<~zPz&8G0Il%7n{O67-OpJAgdd7Md3=9Mkq!Ez`QiQ_{6f+F8
zO_tL)DKJV&z)nAqPWU{rC0Z;1>=^?+)9C_2jC#{$WEnZ8ODQr+!9vbYkuinQX!>+1
zM%n2X6cH&?PKnWkDM(}b9wkN}Xm*m2fo=UR-V?fd9TWdYCdN1uJtL6U$~C9kDKkoB
z!FH9W*1aq*ihQ`7i80Pd&k&SBVf)U-SR-ZqWSdViF<R)EnuGMhHjLZ)6;#T$9<pI#
zj5E+PG}JRRf$d?pGV~6SYP=6i<c16kk2R+sP-c{1`m8zqmNKIc6PMO>4HZTo8Byp~
z{=S8qLjTsD4+XmroGvxBrcY2|lwdN|nl7NtC^~(=3S*!Q>?8rn6B9Y_wr*I>#29C+
z2TrizTGMq@8I73IwWcS4=pwD@Q$TdJ*7Oq~x=m~P9}qo7Yr26Nqmj%`=$Qg}KP`Xw
zW(7%uEjH6LVqiF`HN8%aQNrvT^wa`TfsMPX`txRhvy2HS0AL3~D3p0^C=&5H01g04
zP_}ulHT{elql66XD2dRU54DBly{o_~zyV*ZJx!fag6XUFbSZU4Bc}h_)BQkv37zQ~
zAik2$^f~H`5;CweB{rX|pX8LjMip$ik)9y~gM`lX3+jv#X1G<r&Y6hZ|BiLey|)@*
zy@q<`3=9=|)8#Z6C79aurdwz*8ZqrKn4SaTKQf%&rom_=13M5REbz2nqQI8pOpI}6
zkV0yy(ex`Cj6O23lOgn%+Z}k;np6w+7`V#NHkodt$=JYj)nxiUO-3K4qgvB>v>1(;
z9+*sb&|*xJfgK8wt0|YXYD$tn6Qi*nq=+mwpMFS-(MSe%?8A&H4o9x+h>&1nj5F0U
z21N-Z4QQ#<SwPNMfE@&pcu4W6`wYpi;K&0P=*8yK<Fpwin4t9Z3EGT)Ox0G?A80fB
zF!@<e*VAE?kb#}?;HQ6Rk>shvB4F)cPYBsePtsvDl7XH6kW{E*>%h%#0nQd+*J|2M
z-=M=NVTL0m8Zt1z4uWX0zas5*;e<O>uK@$Y4%_MfbQpb@itMNR=ra1qz>a?CPMNZC
z&#ja9nHY`q4D?JH7#N%#rf<<@G?FNR9s*(45xD4Qd`=D2EF)0iATm8ckCBzt5S(IV
z^cZI`g*i>%p~q+h3VKiqmVq4=;lK7``P=J~rqJAC$iTqtJY7MbQNj#zcmzYkn;%Jc
z<Apg)z##$7e)FKGNWA7zkmPPsH3I7e%b03S&(mkrQmJu)98^KDkTJti$QUy)U@c_8
zd2E&D^d4nK37OF%1yZD#;Vx2O$GjXAvi=(HGwC!qPZ}BM88MVNPJf{bNf6i)NC55x
z0z1P4c7O#FV;!hLXQ*ckI|c-H1O^jhorRvMo}mFlm)rCShKv$S-0su&=p)hS;xK-f
z$Mg^Sj1n@ib3e4*`=-cvn?Y(RLvuZ2<2@eJ4;U~?Fdg-nZfC$KVFo)fWaVa|9S6@V
zr7<yrhGalvl(4fxX1#AXJg;c?W`qpfHmK{MW}3lH70JH!`9}BO^nQenWa#-L-#o2W
zIGwfbLC6?+PUi#p5Nf6j>?D$vQGuO;PgfTrR6<oSq0&ZNGe84qpuyIF>1PZX9i|Hy
zF;0*&_klEoS}aV@FjnyW%K)vdW?*1=K4<zaBgVhXmU;%;cNsHgGcsCCFR)@%-0p75
z$iX;WDVtGcd$AegA7(~VkoXNo<LQOAjPlbBoETZB=UOwiFk9*wZ~tP==*!0sZqe)O
z>Vs)r!|4xm7?p(~9RQFh_(UsRb3H?lL5kZQy%;_Cr>jLWYE2gkWmKBp?Zqg{XgU3&
z6Qj~}?<ht=Ml-Ow>1E-J^3xxuF)B>o8qO#&{gM--;`XjcMiE9v^X>Da7$rES2b(b}
zOuwGQ7{F+<T_c%sGC!lq^gTt4IS^g7#f%)&1Bw~B8O^5`lrm~eZz*P!WHi}6ub44`
zX?k}Qqtx^=D@N(*i<1~lrwb)B%1kdSWt5rTUBqZQz0{UbdU{t8BmeaCMU1@Dg^L;c
zr%!cZl$rj&lu=UB*i5e^y~+V}1Xr<sUVcg{lvzIA(2Y@MI)6DMJ8yZhzOH_Gu`W3M
zPA@EFRGcnQ&d4_1p^TA*UtbrjO&65xjr5GBFD_#&#*{JCGe*^@G(F9YQ5tMMSoQSD
VWsD+VS8oTI&BACtUA&s{2>{aH%#i>9

delta 15621
zcmeyri|zM!)(Lu=pQ9IUzjt4UU1yD+x0%baJ>j`^O@Z%Jbe`+nWq%eqYi4#eBLfI9
zO$?W3uKLfgv9h13zLtT3L6Cu=A+@5QD7Cnlp)9ee5~Qd@f`NgXfuW(KvLIDAvzWnI
zl7WGXfuSKcGdEQ?C5gd85+Yw*l2}q&oLXEZ!N9=Bz|fE<!N9=7z|c^fnwJ7HCke_=
z=7FdO=?97HLCj}vxG6n(7PB0uIE3H8H~Ap5eElU^h$$v=5L4CV7#MgN7#cDXi}TC#
z7#L1M`S;}@re2d{VBln6Xpn=_LJABF!VC-z?FtMG5)2Ft>G=g<*Ay!-Fo-ZPG(<>1
ze6vRpqHi;l_Ja7Lz9BcYBqKkin88v45<E&!Z<OX0WEP|{F#Ho|U=UznXh_b_&(2I`
zVE7~saqxX{h{adLAr31_EZ0rSPpQ=8gjkqVS&~}Jz`$@^9O9wG<mA+Xl46FZsu1~X
z1_lNphI){}MIdzy`_v!`;}{?`%)->-oXoru28LKoh{j+jeIH7DLg_v&h(mKy%kn_s
z-l7Fjp9rP1wHO#A85kN;Qd0{+@oc5Zz`$S6z|df*$p8-0J{<-Ieg=kyPdX5dPjnzr
zqN)k;F@q)pgDL|<LsqeFWnyj)Lt;^SL1IyH>L(3|y3AtT^ql-81{HmX{^uHykjYHX
z%P&f0V7R9Nu?M6mF{hZp&wzoU9u$|Cp$gM7^HOw63m60qAsX4Bbb)S8esW?-YJqM}
zW^QH)1Dg><{;&qb$J31<78YgZ7A2-JFn}xog@BJSL_R++ITge&FG?&ZsAOQs%uCD3
zOwTBBG-jv=C;jZy$}*6GbtVvl({d6^N>Wo8wrD^?B(=D-Br~U&A+@-$G_|Ob;l3%v
z!qnn|qSRCdhJ_lCv=C_q@nK?eei0}RrfNV!uE884-lzddlqvbiB}JKesVS)$Nu}uw
z3=Fy86u`hx1`UbwjLhT=1_p-A;?xR|)1O;F9J0$2k~RtwOEPq`Q!A4*5_3Qasm=-#
z1sRFOx@kFy>BUwMkGNSw)K9gZoW(9zuVMqSpUZ}UL5hK)Azp)lL7ai1!5<osX^F)p
zg$xV~MX9C5nQ4^__iQ2lT5kvO$9y|TfEsErFvu}5G>B<1Fi0~nG(50pV31*8XyDO+
zgv%dwh`MtQ5dDW7!20VOY8=6ghI~heySSVn0rOZLk~WX3LktdOfQY+5%d946h<}bd
zL-d<N^N1z`#NQ`fAQqXqLe#0af-)CF!vPnFISX7E7!(*(7#h;uAPQg#L);)5`&=Lz
z^4vH7;#kJCc?0(e#?1?OHJBBu-=v@I5PGeYJ!|Khd&i#sn5ZAstG3nFk~81t*sH)<
zyC+)+o?#T2+$f|y`GXM0WDB95$t?0FlYa=EnA{+3vH6E^5A$ReQIp9##4k*Ck<kDv
z+9A<1dCF~_%>|M@Jgi;}3=K?^8O6;RCrsX{X3sfUf`P$+fuVtMvZJ^;=V1v320Jhh
zq=IpBrMf+%@8q58_KaPVf2!Ma9+ZU0GfZX_HRt><$-rO%Hm^~^f<uad!3C_fQOKOJ
zdh$;Vd!{{7ldUxEINwS!FgSpv97WApb)^{?>?Yd^Su<u&{;6rtIUB?Wo5Cn;&iPat
zrj}9MoKsZ>ZiBEnW9;OgTK0_nlP$IFIrqyzT*5e+QOun6uM7i&)#Sa>)|}?D3=C#q
zyBdYeIdf$p`WYuTN}4k*m7QFrW5;<<7G_1GusNgC<exhBob7T93{GHej3VZoujCjQ
zOyEwElZVNHf+#^A$zslV@(c`C5Pjn2oHyXSgOcW~stODYev|*oSaZ%-U|@)VtNN}0
z3vxzrb5?al28IBTD#r53JN50Ejw(+6rEkajUlHV^S|Mvj%gL1n_MEj!Fn@s@u~~_M
z0Th#rpqS+Rs|5FukU6WZG6RFj<iA4JoQ28^3?5)>4=S5;?gWW5Ff=esZWK4?e5(x8
zb5PQpQ&)w7!4E9ws050<oksSYyHp@y$27T7%$(_y%492JJ5Fm=1_mPrh6ZL(a$(I?
zWngduxt(df>f~R>c1-V8C;yVNW7M8pX=2aRr#AVQsU7EOHAwKWOlFidXW~_#TxDj*
z>8}n6VTQ?$Lgq{p)F)f{+i|9AGBDUcTw!Rz0p+lPyvX_z#GCwA%$ieG3$94goO7NQ
z#EVRmL0){O1qoS*sbbobcUjnR25CbyFiv(9HD~J6o@`}l$9Y2=5}XW^8%@kP`E(c<
z+#msEVa^$%1Bp|xADQOrOt!MJ<NTuoF@<6BK?e&KT?PghP;z6c(VhIu%8ql7E(1dm
z*Z@$fwb6qZ&NA6i#GJE84;GFfxm9|QY{Cpmx18_bDjCJhIra1*b})fLiZe?elF%Sd
zT%ivMFjjERyQ2?rBID$P7UoQ129tOB+i`{)FfdqygRjxloO6-^L_6E$gVN@l7Yray
zVx0`iWHN>jIhM(evKAar4jWi%h9ShY5QP^EA=;S1J`ps6Xk!5L{EZ+%4~`(tg+>s!
zGfxKPySqjZ*D`}G7c_=M3;X1QQs$g7#t?mww7Uc<2lff;6=P7^1?6K76Noz)K@rR9
zU;-*LKxw+p1Y#D;WJe`)&Yd7}aB^f6H)r~8GP%mhj#JkZ5}VAE8KulQi%lV3V4BRR
zV8H?9FoN^IOH+uO!C}gzYBqV7vmIxW86+z(Pj(bG=iFch324^IjFRR|yylauT<ka<
z%prM)eKM%9=ro5YVFAa?VRHtC00xEz7I0_^TR?ol4B|0)TTI^NYR6h@!N8z1*;d?|
zbEO3&K-s~GLBJA{x0t|z<^<<~Vywgx;wL7ML7c}eAz2D+EGMTG+!9%HPDd+<DJ-BI
z%GqNDNp9@mXt@AY$ujw%n>8z_pocg**cxIUxMJX(Zw(0+Mo`{hx@|q#%F~Y1!Uhtf
zET9a_nq$MjU@^H?+M08T4aC3TEXVo9hJhglTyTO?et<0lgFiS|I2u?m+D_i(Wyku_
zmVv=|@?Q;WP8B;y#4t{76gFpyvYTAxZO6IW4idDCVE6vEV_>ic8wV<+tn3*WLczv?
zBD>#y@-Kfo&Oi1H41r)JAVFUTa6!`K05OFLoB|#?z+&{Eyak6NM2Z<4TOCjyB(_dC
zLV^L3GKHNW@d`=%zD^7bp5S<OlriU==ET4d1m+#IFc)NYhGaZQH;93Ock)I-bx_sI
zWam8DD#(th*LiYPkR8)y=gGSQ?U+PdChrQeWAb;I{42<g>5j`}t6)1$M^^?0b8t#-
z6gKCqaAja{1^WsVHhWzs{|dHa`sg~@D#VVd$Zc{}h#k`^x5>Lg?3f<9P5u>P$E4vt
z*(%hIsm6VBRj3`)F89g1LhV>Txic_$POdexW^(tKY!zlzFUr8c0K(i1pau#91IWRO
zpr$AT0|ST#@s*%_VrV7?1_l+VdJxUZzyNBtgU!`~iX+inU?GqI)8xBh;`JcwbirZ_
z4A^Lp@%ju9XBt4&A=4oJhEQ=3&B4IHU<u_T(;#(LP;n$0;vA3w<K*0Mbxn}#9ihrV
zG)S8hl#fg^PL55GuV-dpU~p$(U;ydzfvUnsvokO-1Vhz<XprYX4Ns5|GR?xkzz_-b
zbQA*v14v&Y1GuHj0BU@LT$RJXP!A5|T##;1i=GNJ$U*rG3=ANT6+s;U?I<vSXpnp<
z0|SFR0|UbphI)vNQy>%rhz2Q`2GuwnDvpl^`E)j<Y0a<#svbmxe7F+I2hpGqUI*pF
zX{h}SZ~=4$Sok1=*F$}{2`UewK@Qmlb@+CuI5rv-GP@WU7(nXl_dzx6htdb21|Mc%
zU;u^0QK&)0(4aUz167ZY26^Bt1GrOC&u|m!lDkj`+=Ci`OoJTq04ffmK?Xd8I`A=6
z97KcEJ%#c?v>F2g12;%9lm;<*Km^EgMg|5pQ2Yx)1wb^&01-w=RuzSc<D)@J#26tV
zB?00vFfibwK}sY+1Oo#Dm<Gi^hyfCl0uc-h4ESh}5@`^@z`y{aK};E_1LQy)1_lNY
z4PweeJ)!`m6+wcaA`;41Vq{<d=YLhGfEqYR7#MV*3PCi8sS6?)7#Kh_D1`K(d=L#{
z8h{7}1_pdINQohcU|?VX(V#?V!U$^pGcYiiKpkKTRRE$v7MVlEEui8c8pO1Oid%s=
z3=9k)ntAfxWJp<T4;4kGL8duEbvZ%hK{SZz3>9|)aTpjFKr|?CctFKHq2l;xkon$>
z43iH>3)X|!eo(#sP`$`B$m>B+ab%j4fq@|!Dh{GS=EOqzAR5Gs0}%`i49GM{T>?}*
zfsuiUfpIc#s`zA^RE~O(H_{m)g<%#{2{sy}E)SZF3ZUwcX^<5~P%jlj=@KYi3RMrv
zcc5AsgrPMvq;v;W$skD(4N^-?l?+l3QU|gaR3(G>AR1JNg2pdE=74HokT^CPq)&%o
z@}n@J(drqwS_Xv|h!2YJ(drpgErUV?M1xWmMlB2~o<RyQBtU`;3|OmeP|_T&o=2<a
z(drpgErT)&h#sw;K_P)!J*R?7VVYOZlV_&KM1t$;fBgTzG{_|o%yM&iK8N8{p`Tp4
zuUrmQ+dnaNcX~yx@^3~Bx6D<FPhM%?yQKfSe%jY{M{W9QrMhym>Pj|0-SL0UGnGRE
zA@k=H?qi(nml4j$IC&YE{Ffo_sPsJ7?8_?V&$D~(S8x5nJLAzNp4S#7*A*Tf71>a5
zFK@L%{uwqF8R`2$CmJ<;t&e}Ic6U{tJN^1=*9D6@UP^71Vw@b72{LgVm}JWWvE#DD
z9n}o-MLd5SGe)0vxOGz{S7XYW6K}bvxKxCHOgpeykuCIWP6pf2JFVP8vIa)?)}|U2
z9Su3Tisvh%_r6)Kr<=qw87FT8o5hz6GBFKI?gNuzIUtcdFnJ72%H@JY%E06~FsYUY
z5~%}|*TAG+emHWdibDbvOtQSR3%$y;b$1u*50;OcBg29+T_!L7=6~^(O76WImd7ox
zCZy}G7MYMCRCS{Ax^P@1gRK8&4gK93E+>C1Y}4jRFl3y3FCS!|SpkUbD?qVH8f*uI
zU|DsGt0pmVPh;3Kr~B)C%-k2Jz4ZE_bCu_m&#K)k|FQ~o?pD!W;kco+^a|r1F@e?P
zcW;ITq~3nF=b6g?myaLs<6xX@R|v9W8kl@nDDHSX@2+O&i-S&wbb@5pUE|WY9iq@4
zAE{HRDnCW|p0=v3ZOrHA?L8J#CLLdV?>Mt~<nNlNlR_dbnX5kLbXz`s_nvXGTM@{_
zd0_GznDi?Ki7W$?|G;Ee2}ooem}DyjvE#txHZaLo1`<gFll#D=SUE@}4@@2dlX4Xx
zkuorO4os?5f<)@T<TWs<R|OJj1C#f_q**mcqz_C!1Cw?&AdzWc@*S9Ts|AV71C!st
zq+cCKWEq(J2PVVnK_ctGBwGWB9S0`2fl0nbkVqPs+y^Gbnm{6XVDcE4lxq$LbwwE&
zAh|MdvSEu4Bje<A&Ek`%wm2Y51y6nmma1zJpX}O-A{9D$Vk=0OUaR=zuc%VtlO5YY
zQukWLCogS7(G@xQBUq}hO?+}_JBn2F<b~}ZU3Tr_lUX}Zq+%xrc7UYbwTn;QiYgU9
znXwZjHLpW_a%v}vuEfb3!BT#m;*&+YP^6M4Cw75!{p%E;d=ynGb+TYLNNQb|_~g=V
z6kX|)4}zuQy2U4}_Mk{*PA=>L>Ei1VpL`WnDtoeGFGy-%kND))UKCxqlP`j$@_NN5
zoA#kd<xg(x1L>0M6QBGPRjP2ZVLwRfT%Y*lsr@LriYGq=OV#y@Pj;PvB2_wh;slT`
zy$RxzzoJT&Pj;LLlDaoReDczXD7q>qe*{bQO%$ITItfLpdh)_aAYFEo#3!>(Mv<zW
z95@*y^=^{*<gKVu^^+N=fTZS47N49t1w~im<c(k{zbWFAMW>=jHBU~Q3exp&iumNC
zs8X$y1*d_e)=d?kTsjR!SNr6HV5zui;*(XUqeyj5E}Rb1#W!7ia_>wOsqV=)XM&{m
zO&6bRI}1gscXH<}kW}6b@yV`xP^9`NTh0ba$;}j>Ja;yV)Wpdz!BXdDicj{PgCaF~
z^2|9PU3Ig>C;vs2nmXBYE=Wpmw)o_=b5V3npZpUnb#J!#<k)#AQZpy7oCng?H%ELj
z?|c-g*^?vZgQV={icj8)Dm8a9=K_$_ySd_%a~GiKnm>6bSZdxp@yW6aQKS}5&Rhu6
z<u_k^@>x`=#gio$fu#P;7oS|a2u0V@$tS^5>lTPlo{JiW%O_VZ2I-1hC_ecss?^HK
znoB@Ze2c^<_bx#(aP{PyV5xnJ#3$P>MUh%NxpOH<SKear$!}4m)=#!v29lCnB0hQU
zG8A1KC%*(som(P4*>^dL)aJ=EmxFZGEft^q7gcKOWX}~KDZORllh>|5(Y1Z@Pq5Uz
zW#W@#SE5MmoV;=+NLSx-@yWcaP^5NGj$8$jvRffOc`vHe-pQP+K~nElh)>R4jiPJ+
z<egxtc`L;y%dSC@IygCV4M>;YD)Gr@QKb$~mRt*x`nO7aa_w3aT}LOM1WT=3Ek0Ry
z9g5WP$(8Fsy5iP|Pri#Pb#k)idXN;~TJg!f>rr%_o_rH5wQsHXWZMlWQfDW3ZUE`Z
zTPHsGEvnS{$(9>IQgZ9XC(qr8qU+-1mtd)L>%}MgZbFf|JbC6OkgmE7;*<ZPN?o1o
zxfvv-w^4lZ+RZ4su2236mb$l5d~)m-6sen&S8f66>f0nfnRhFS)a}WUTR~EGo5d&Z
zMU}ccnR6RR>fL7X$+_E5blso46D&1vi}+;O?I=<YCueR4>GInuKKU%F)Z@vLJ3vzZ
zwu(>o-HW2@>ExMvK~n3siBJBED)oG_=RS~B+;;KFcXy)bdO2Bh7f6b4hxp{)T_{qo
zC*K51?b{(f*>*RI)Z59OyFt40c8X7ayW0V|QTiUzN(7TEj*P!dHt+?%T^q%s$EzU0
z60>h2k7&y$Z*~{+k4%rb5<^lZN^ohcdUxl2@O}#&Ch=RHpRHGD|6*c`yKlsGS4N$2
zvfM85$*Bh%c)^_rNVDZ5!{ki|yg}`jUE-6s?njaP%rKejAV{umxA^4TgD7%e87A)n
z%jxYApDcR_MeaMp<g7y=efRc=Pd<w(_mg3=)M1cZ-(K;_wTDsk{brba3M^;0PkgfO
z5fr(<43n#lfb_lFCqDTus@#8u$y!H2a`X0!`)GA(aBcYcYNhuk*Yi55O6tNr^Zup&
zKe@Y*;hVKk^_|OS+MaCw@^k$`fnP#14xd;My7rQDDW9~%x|1RopPQv^yo?k!jFWF3
z^_jduP<-+SA(qV!$3ob_j00y^FoPJAFI?ncYF6JIcRGp@#OH-A5!BOTVBp)FcsiSL
z^M)%4jI1o6g>aJ-PxpgWeX{^hqBVe~2n9ALo{nbP{NU^k#?2FMml<*$_z#Y2h5*Lt
zfdY&U_5c1u07&#Jbb<vkU&z1!;)8}sL6{$;fPsPGJ9JV7G(`OYD)tkq57b#Lhl>4z
zssjz0)j;L{KxsAx28Kq6x_XAcP(jetP%lJ~;U82CG|!m@6$7~&G;jtQ19ydrfu;sQ
zVju^*LB$xs;R{}l23lhS7G;8p@h~tj*g_q~3>K>gFPH-@qyj5s0Skf`zcJ{6MHm=Z
zp<<vA$OYNPz`(!;6%$}!U^ow*o??fJ2{JG+T!ZT6fQkt*Fff4T$3Q;kgo+6>Ffh!P
zgid^NK?NH?&Szj?Si?F!O^8u#dWR5Wh%RV6J(-b#A%&5FA(fGVA&rrN0W^8_jDdmS
zIRgX33kC*;mkbOHuNW8@UQgdD%otq{@-fJVAP<2&0CF(MfglHg900NpG#~bafq?-u
z5ci0IfdMq<30kiSioyy81_sbFX3*;9ItI`zENHzAB-)x77#Nxv7#La@7#La^7#P|Z
z7#P|a7#KPj7#KPk7#O-37}OcM85kIP7#J8pQQF7Az|haYz%YS<fng#81H&W+1_sbf
zZxX|FJ`qMGNzigcP?UnA(1roLY=HqZ&22Q@Q-o1k5Hu4Gnl%SS2x#g+Y<j5(qk4TJ
zBLf3y1|o-%fdLdRpka~>Mh1p(Mh1o`Mg|7ZgbHXv#*2}G!IhDL!HtoD!JUzT0W|63
zzzCTVvSwspuwi6i08J;EF+%2@j2IahKoeo0Ni$hS$YdL60uD552buvCW@KOxWn>6q
z0F`olj0_BdjF34*(0t^51_lPu#N|b3BDlf8z_5yefnhBJ19<B9Fara_5$Le+V(|Pj
z0|RJo8#DnPJv~>HQM^8a0legm!J7fR*n$BxZx5R2P=-$a#4s{2_%Jds_%bpucr!9E
zfF_|p6IGzeD?3I823tl32GGQvG9v?n3L^t}vJW%^DbC2i0GhQ1jXZB)U|`tDz`y{S
z1}|V>V8~%$U;s^$XoF%JG>Zb77u8^3U;xc3fo8uz6M3LXK+udKXvTOa0|Ucm1_p*L
z3=9lg85kIJ7#J8plY{Dv3=CR~3=G<g3=E)IMbIqr9tH-6y$lQtdW;MVRSXOapyB|O
z3++Lx7#JZL=rRL%MGC`F(E3TxTsde30B9NlwDQ0iDhXQZ09qyinuh|dQ@9Nk2eEH}
zQaLE&aDy_Ak}fzOF)}cKij6M}3=E$c7#Kk16{x}krAJWO>|y{fZei%$t}D(spRpd4
zc!Qvc8I-6&2^~~UH9#`}C?kOE2PMQb1_lPu5@OJ*c#wyZ85kH67#J9;86chnEjI@(
zH3nrOP^QWR1tw%!Eok8oLo@>e11Qo#Q!F5VhJZpIv|Iud{b39Y4B-q63@}ST2E{Ni
zFu*Jat!;+MfgAv{Je~o(nuY;nc`S5!1uW+zAz28@e4ug_v?v)A^`OAc1I=`U(gG+=
zfRZF=r8NkH6o8gVfQknYyM%!Oyi5YbhGCc(sMr7%A0UUq90+m@$O9msf{GJ9Xt4nb
zRggMRXo5VH0Gdhxl_?+%px^?PF`%FUX#$lqpx_0`gZQBI2?`}pnFES4P;mnaJy3B2
zil%oA3=D6f#UrSg1eJ53@(#3y;0^-=!*vD*22dV7&A`BLl7WHY1SpD+LrdvH3=9kh
z85kHqD<1Yi6E7&YtcGT0(AtgV3=9m*7#J9qGB7ZJGV&q@28IO;3=H$3nR*@r1H&u^
z28Nl?@(xt?fyzKo`3K5{GZ+{cKx;;(Le)<O#Xm>_Bmkm8nP4sh1H&8!28M+U3=B&c
z7#KjaP$0`drO6s-DFVyRp!FS~oCeBqu$&3Xr8^iH7(j6katvtg2Pn6KaxjPuqIWYe
zFo2eH90A2YsCWYT9#ljfgGzuTL7{Mpfq~%y0|Uc31_lPu+6_=K2dew7FfcG&VqjnZ
zW#OyPVh@zvLAmo50|Nu72m~$R04>Xa6_KFo22|~U$~I6<28x1Np!f&H3y1>>eo!!j
zf*4e_fr1v~15j1>8d}x8VPIeYITn<iKQb^dd}3f=0MVcp1*l2#g8|Zn0X12^LFGX5
zAaPJr1k^<N4HXBqIHW+5Fbpa)9za)y95UQqC&%c*$Y?SBusoyrc0C2gR7OUl?NbyP
zT{xMJi%)-J$|xZN+p(f^>gt=d7ld7z7!CD|4D<{c819QtS1@CgVEQCJ-O7wnhr?74
zRHgkBpPpyN=)=f2eYY8-B%}CrUp+?2>F>-Kr5Kf_bDA?6GwMwb)Mu1rw45Gp&X~^V
zHGRK1qa<U*^qU~Lr0KjCjJ}L{)1xgIB^j%xTN^MMPhVldD8<+@eWNa;u{3OdQBvgc
z#tqN<EtnV$^o+q4J5T?w%V>;Z?`#wv#1+%c^ckffZb)YYTPHdFl0IVw)H0@<($fnJ
z7$r<$Ta9?denfrfc~Hy57-y(wpl8Cs0NYGtANQ&3m-GBJP#FUT2KDKC4HzZOV7rrC
zE1hQTKIqB|R$vKoBy4}u?3t&e3UhaGgJlf$j2IZM$xY`mWRzgKFE?GykkQB#w@TbH
z>eG7-86~A*o18vu@0c)?<EaJI5<>=t;^_ws86_Fjr^gyG8Z)*}pJ>D=X$spz^=7^8
zLXoYZ8eru{AU9!^G1M~#c@)V6rp=1e*BCKMFzr#Ce$0r`2rbZcj2Y*E(#R=e#xzE~
z>4qkZ=Na{;Gnz8SbLy*t*FrUbqfU&~*o5J!>hu;<MlG&#HOO9*eQMKZSTXuAK~j|j
z(^2(l){GKnupJ-|J8qY3^gG4D#29CyX9h}?u+1c?buY_{A|EbiVvIA=1G||=WBM6)
zMhO|%HWXXGf=b!eLpDr|aRz#ZhI)p^h8oj67$uneHKxz8W|Uxx*O<P|n$d@;Ok+BW
z4WkcJqsH_LAo-~p({pSXC72d!OmDMcOk>)jG5sBge^_HWhb^NK(`Ak6HX!<*#`FRZ
z{aj=E5)l1KWBLsc&7e7*$Bxm6NmX;YgB_!U8Ei+DJkz7Nz<2Kom>A=X^}vY&yy=R8
zp+Qt&<L;{dycyuAF##ncPtEClc8n4-u<c#4N)MF}a4PL&VvIA>1Lw|I&FK!_pai8k
z{f-@@1XH5c^lx^IMl!ICT{|4+pYvwe^A&8S5hzkyw5Ge*Ga8w}wuV*g{A$i><+&Oh
zga&$M3=FW%VVh6ZPjX6MqYBk)$iUE|HGPdeql64@6@5C>AAnTA_KAfDUh$3nbn+qC
z3<Hp#KIu#sabPr(f$a$6n)~op3;SbZu>FRh$n`Uro&-_>+v*h-c-k*fV9Rl+uMHR&
z1P!NeaA5RdVl$fl&w){bX}ZyL2}i~TCP(Axvm6<Hm<%<izi?zUV)8MbF5|?QCIj2U
zm8&V2v}#I{KNF)dB={Kan@*qS#AqY~+od&Qio=mBJ0c{Q7~@R!j6vCBp~mz#PK;Vy
zugoC(qZ-VoD>ySs$iVh{W!p~aD7<_J<T_J5Bajd8n@$gLW=vyxZZUn2Goz2$F6ag=
zu9xAm_6vG`fny#V7O*W@e)@+NNuD|^0#4wDAT#Q$rrWtN8p*&mYb6z`*gA0YgL1hM
z#OYJ5r}wxpO31+Wqe-5a$a%MQ11KIr>B^9Sfy-w40T)IICKa3Mw_F%~nC{t5*KlR@
zk%8^l>Q0%manG%j_n8<$Mw&7(Fs!$mKEajIi0Og-^b&7IBTzX0aAlmubjV@)6gNgA
zJZTuVtIL1w#qzh;B~8J81jlB+<Mcmnj1n@iZC-DFB;Ab{<}d;K6&wm&PSXwC8NoTt
z%bih+>xB~ocn4XN^YjNkj1n@i4PLO_RZNU^rg}zZdL|4|6-<3D(`$SgC1fC5x)>U?
z-TS7<c$<9$+hJ&~XKZ}HW%>qRMhP?6rm!8_B~3i*72=r~K|KdhhZnXzY~^O59S6@V
zr6FX@T&Mr@Wt3oo*#@JbX3D_!i)G*Xe53nsdOt#Ey4&;yKSl`|*v_(9?;8%!E84vo
zlp8>HGQfS1=RW<M9~L{Hc1<_&XO!X+0QK$|7#KDffrdXsrsw!G>VSqV7^ctgXPlsJ
z?ExugTP#e^FjnyWdjM6Q4Bh$5Wm9Tlr(igJf*hmd^o#(;>&#|)M%$eN8M7G~&8IUK
zGb(OBAH>MP$Y?bELL;N{bb~-fmhJz88GkTOPn^oAG+m*Gk!8AU1mouEieZcj(?3Ko
zb~2mknQX6#Wc20RuAjl^!M}ZJ1*0hAbls_p?As4kG751_PoB!CIQ>f_qd%kZc9$l`
z$^4AQ({D^<%$aUGjj?L`zDbNROw%t-W0YbvobDLRs4)G&Oh)$U2{Ra3rYp=~l;d^)
n?LaQp&&y9qovt{GQ3)g^F}-*?WB&44GZ<MI&8E+u!}tUM^xGRK

diff --git a/database.sql b/database.sql
index 117e1e4..e6ea7d2 100644
--- a/database.sql
+++ b/database.sql
@@ -67,7 +67,7 @@ CREATE TABLE user_roles (
 CREATE TABLE verification_codes (
   id INT UNSIGNED NOT NULL AUTO_INCREMENT,
   user_id INT UNSIGNED NOT NULL,
-  verification_code VARCHAR(255),
+  verification_code VARCHAR(255) NOT NULL,
   type VARCHAR(32) NOT NULL,
   created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
   PRIMARY KEY (id),
diff --git a/index.js b/index.js
index f7faff3..b1ed281 100644
--- a/index.js
+++ b/index.js
@@ -1,12 +1,15 @@
 import fs from 'fs';
 import path from 'path';
 import cors from 'cors';
+import https from 'https';
+import helmet from 'helmet';
 import logger from 'morgan';
 import express from 'express';
 import cookieParser from 'cookie-parser';
 
-import { log } from './modules/logManager';
-import { speedLimiter, checkSystemLoad } from './modules/requestHandler';
+import { fileExist } from './modules/fileManager';
+import { log, error } from './modules/logManager';
+import { speedLimiter, requestLimiter, checkSystemLoad, respondWithStatus } from './modules/requestHandler';
 
 import testRouter from './routes/test';
 import usersRouter from './routes/users';
@@ -21,17 +24,23 @@ const logsDir = path.join(import.meta.dir, 'logs');
 if (!fs.existsSync(logsDir)) fs.mkdirSync(logsDir);
 
 const app = express();
-app.set('trust proxy', 1);
-
+if (process.env.BEHIND_PROXY == 'true') app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal']);
+app.use(cors({ origin: '*' }));
 app.use(express.json());
 app.use(cookieParser());
-app.use(speedLimiter);
+
+// Security
+app.use(helmet());
+app.disable('x-powered-by');
+
+// Rate limiting and anti DoS
+if (!process.env.DISABLE_ANTI_SPAM == 'true') app.use(speedLimiter);
+if (!process.env.DISABLE_ANTI_DOS == 'true') app.use(requestLimiter);
 app.use(checkSystemLoad);
+
+// Logging
 app.use(logger('dev'));
 app.use(logger('combined', { stream: fs.createWriteStream(path.join(import.meta.dir, 'logs/access.log'), { flags: 'a' }) }));
-app.use(cors({
-	origin: '*',
-}));
 
 app.use(express.static('public'));
 
@@ -44,11 +53,43 @@ app.use('/api/patients', patientsRouter);
 app.use('/api/companies', companiesRouter);
 app.use('/api/hospitals', hospitalsRouter);
 
-// run the API
-app.listen(process.env.PORT, async () => {
-	log(`running at port ${process.env.PORT}`);
+
+app.use((req, res) => {
+	return respondWithStatus(res, 404, 'Nothing\'s here!');
 });
 
-// test
-// import { post } from './modules/fetcher';
-// post('http://127.0.0.1:1109/users/login', { 'usernameOrEmail':'foo', 'password':'bar' }).then(res => console.log(res));
\ No newline at end of file
+app.use((err, req, res) => {
+	error(err.stack);
+	return respondWithStatus(res, 500, 'Internal server error');
+});
+
+// run the API server
+if (process.env.ENABLE_HTTPS == 'true') {
+	const certsDir = path.join(import.meta.dir, 'certs');
+	if (!fs.existsSync(certsDir)) fs.mkdirSync(certsDir);
+
+	if (!fileExist(path.join(certsDir, process.env.HTTPS_KEY)) || !fileExist(path.join(certsDir, process.env.HTTPS_CERT))) {
+		error('Missing HTTPS key or certificate');
+		process.exit(1);
+	}
+	const options = {
+		key: fs.readFileSync(path.join(certsDir, process.env.HTTPS_KEY)),
+		cert: fs.readFileSync(path.join(certsDir, process.env.HTTPS_CERT)),
+		maxVersion: 'TLSv1.3',
+		minVersion: 'TLSv1.2',
+		ciphers: 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256',
+		ecdhCurve: 'P-521:P-384',
+		sigalgs: 'ecdsa_secp384r1_sha384',
+		honorCipherOrder: true,
+	};
+	https.createServer(options, app).listen(process.env.HTTPS_PORT, async () => {
+		log('running in HTTPS mode');
+		log(`running at port ${process.env.HTTPS_PORT}`);
+	});
+}
+else {
+	app.listen(process.env.PORT, async () => {
+		log('running in HTTP mode');
+		log(`running at port ${process.env.PORT}`);
+	});
+}
\ No newline at end of file
diff --git a/modules/mailHandler.js b/modules/mailHandler.js
index 160455d..ddc1354 100644
--- a/modules/mailHandler.js
+++ b/modules/mailHandler.js
@@ -3,12 +3,12 @@ import { random } from './random';
 import { log } from './logManager';
 
 const transporter = nodemailer.createTransport({
-	host: process.env.SMTP,
+	host: process.env.MAIL_SERVER,
 	port: 465,
 	secure: true,
 	auth: {
-		user: `${process.env.MAIL}`,
-		pass: `${process.env.PASS}`,
+		user: `${process.env.MAIL_ADDRESS}`,
+		pass: `${process.env.PASSWORD}`,
 	},
 	tls: { rejectUnauthorized: false },
 });
diff --git a/modules/requestHandler.js b/modules/requestHandler.js
index bdf33a3..17ae10b 100644
--- a/modules/requestHandler.js
+++ b/modules/requestHandler.js
@@ -6,7 +6,7 @@ import { log } from './logManager';
 
 const requestLimiter = rateLimit({
 	windowMs: 60 * 1000,
-	max: 5,
+	max: process.env.RATE_LIMIT_REQUESTS || 100,
 	standardHeaders: true,
 	legacyHeaders: false,
 	message: 'Too many requests from this IP, please try again later',
@@ -18,6 +18,22 @@ const speedLimiter = slowDown({
 	delayMs: (hits) => hits * 100,
 });
 
+const antiBruteForce = rateLimit({
+	windowMs: 60 * 60 * 1000,
+	max: process.env.RATE_LIMIT_LOGIN_ATTEMPTS || 5,
+	standardHeaders: true,
+	legacyHeaders: false,
+	message: 'Too many login attempts, please try again later',
+});
+
+const antiVerificationSpam = rateLimit({
+	windowMs: 60 * 1000,
+	max: process.env.RATE_LIMIT_VERIFICATION_REQUESTS || 5,
+	standardHeaders: true,
+	legacyHeaders: false,
+	message: 'Too many verification requests, please try again later',
+});
+
 function checkSystemLoad(req, res, next) {
 	const load = os.loadavg()[0];
 	const cores = os.cpus().length;
@@ -49,6 +65,8 @@ function respondWithStatusJSON(res, statusCode, JSON) {
 
 export {
 	requestLimiter,
+	antiBruteForce,
+	antiVerificationSpam,
 	speedLimiter,
 	checkSystemLoad,
 	respondWithStatus,
diff --git a/package.json b/package.json
index e6af035..61cbaea 100644
--- a/package.json
+++ b/package.json
@@ -17,9 +17,11 @@
   "dependencies": {
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
-    "express": "^4.18.2",
+    "express": "^4.19.2",
     "express-rate-limit": "^7.1.4",
     "express-slow-down": "^2.0.1",
+    "helmet": "^7.1.0",
+    "https": "^1.0.0",
     "jsonwebtoken": "^9.0.2",
     "level": "^8.0.1",
     "morgan": "^1.10.0",
diff --git a/routes/users.js b/routes/users.js
index c0a2dc1..40e4eab 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -4,12 +4,12 @@ import { pool } from '../modules/databaseManager';
 import { sendVerification } from '../modules/mailHandler';
 import { verifyToken, generateToken } from '../modules/tokenManager';
 import { isEmailDomainValid, isValidEmail, isPhoneNumber } from '../modules/formatManager';
-import { requestLimiter, respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
+import { antiBruteForce, antiVerificationSpam, respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
 import { checkBanned, checkPermissions, userExists, isBanned, verifyPermissions } from '../modules/permissionManager';
 
 const router = express.Router();
 
-router.post('/register', requestLimiter, async (req, res) => {
+router.post('/register', antiBruteForce, async (req, res) => {
 	const { username, email, password, first_name, last_name, phone = null } = req.body;
 	if ([ username, email, password, first_name, last_name ].every(Boolean)) {
 		try {
@@ -30,7 +30,7 @@ router.post('/register', requestLimiter, async (req, res) => {
 				);
 				if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing user');
 
-				if (process.env.DISABLE_EMAIL_VERIFICATION) return await respondWithStatus(res, 200, 'Successfully registered');
+				if (process.env.DISABLE_EMAIL_VERIFICATION == 'true') return await respondWithStatus(res, 200, 'Successfully registered');
 
 				const [rows] = await pool.execute('SELECT id FROM users WHERE email = ? LIMIT 1', [email]);
 				const code = sendVerification(email, rows[0].id, 'email');
@@ -51,7 +51,7 @@ router.post('/register', requestLimiter, async (req, res) => {
 	}
 });
 
-router.post('/login', requestLimiter, async (req, res) => {
+router.post('/login', antiBruteForce, async (req, res) => {
 	const { usernameOrEmail, password } = req.body;
 	if ([usernameOrEmail, password].every(Boolean)) {
 		try {
@@ -76,7 +76,7 @@ router.post('/login', requestLimiter, async (req, res) => {
 					email: user.email,
 					first_name: user.first_name,
 					last_name: user.last_name,
-					verified_status: process.env.DISABLE_EMAIL_VERIFICATION ? true : user.email_verified,
+					verified_status: process.env.DISABLE_EMAIL_VERIFICATION == 'true' ? true : user.email_verified,
 				},
 			});
 		}
@@ -124,7 +124,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('user', 2), async (r
 });
 
 // Email verification endpoints
-router.get('/email/request', verifyToken, checkBanned, async (req, res) => {
+router.get('/email/request', antiVerificationSpam, verifyToken, checkBanned, async (req, res) => {
 	const userId = req.userId;
 	try {
 		const [rows] = await pool.execute('SELECT * FROM users WHERE id = ? LIMIT 1', [userId]);
@@ -141,7 +141,7 @@ router.get('/email/request', verifyToken, checkBanned, async (req, res) => {
 	}
 });
 
-router.get('/email/verify', verifyToken, checkBanned, async (req, res) => {
+router.get('/email/verify', antiVerificationSpam, verifyToken, checkBanned, async (req, res) => {
 	const { code } = req.query;
 	const userId = req.userId;
 	if (code) {
@@ -173,7 +173,7 @@ router.get('/email/verify', verifyToken, checkBanned, async (req, res) => {
 // PATCH /phone/verify
 
 // Password reset endpoints
-router.post('/password/request', async (req, res) => {
+router.post('/password/request', antiVerificationSpam, async (req, res) => {
 	const { usernameOrEmail } = req.body;
 	if (usernameOrEmail) {
 		try {
@@ -204,7 +204,7 @@ router.post('/password/request', async (req, res) => {
 	}
 });
 
-router.patch('/password/verify', async (req, res) => {
+router.patch('/password/verify', antiVerificationSpam, async (req, res) => {
 	const { usernameOrEmail, password, code } = req.body;
 	if ([usernameOrEmail, password, code].every(Boolean)) {
 		try {

From 82486c68e735306b008ee9d233b80325546b5fca Mon Sep 17 00:00:00 2001
From: gringoelpepito <m.ferreira@lprs.fr>
Date: Sun, 31 Mar 2024 20:12:51 +0000
Subject: [PATCH 4/6] adding @me /:userId/roles

---
 bun.lockb                    | Bin 105855 -> 110155 bytes
 modules/permissionManager.js |   1 +
 package.json                 |   3 ++-
 routes/doctors.js            |   2 +-
 routes/users.js              |   3 +++
 5 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/bun.lockb b/bun.lockb
index 6d0949cd886fff348160654bd6970ed717f2c515..b68c39576e4aa082264b69033d602db30dd86358 100755
GIT binary patch
delta 21251
zcmeyri|zCswh4Ngubh5qexI_psGQOM-NvU9=WJ(9PFa8OsI0)xyUs2r4VUg-%g6u%
zaudVlebl5O90rDr;sV|DlnjQo3=9n13=9nwj0_CI3=9o<j0_B13=9pTObiS>3=9pi
zj0_Bd3=9o^j0_C?3=9p7%nS^C3=9py%o9JU)!VQzFmN(3G<;-YU=UznX!y$lQC(1)
zTL7{&KQB2IM3)yO78F!6Fm$joFz_-kG?+6oFo-iSG!z%)WR@5)FsMOo$<55m%*`w=
z$;z)x&d+0D$Vkm8(9KO{5Qe&rixFZU1H_fi4c{3c0tK0Q`5=qjI3X6OazdPM$jQJU
z%D~XT&&j|b#=y`3axKUkZ#WnjL>L$v9&${!VzjFl;Ds2&4yC{HFfa%)Ff_d3fr!KC
zocz3WkTs8ZAfa@M4`R(l9*Dma_#vU0lA2don##bCn_rZkn8(1NE&x$4BLI<4P1Q}y
zEGjNZNi9fWU|^X1ol&q}2&yKS8KNd9wJbG<fq}t72;!xALXeQ3ECi8n7lPQGoLG`t
zl$n<<3zZKRfy9)v2qaESMIicgL?C|AhMKoQ6yisyzWRnf28e;hskvpTMGOouPgf@9
z<YX3?Fyt14yw1SzSq$QUCt?tbE{H+G@*tGIQ4C`7LMS~6DxOsiF(9iv5p0m76eP*1
zOEEA=F-&G-)~a7F12MX!vLIDAvzQ@C77}i`nYpRDDM<|BvJm;=lEjkI;?&}qG7!J@
z%D|kS2MSMyMkpT^-XQ%TJAI+%|B#2M&&<n6Ey^q@PAf_+&R}4eyq=k}-VCZnR|XPZ
zDXGOJMfsHs1&Kw)sij3Zg%Dpbd{l&(5v&ApgPRg0o-z`P^UL!X7+yg6|CAtZ{;C8q
z&lXA>szAKIOof3#f`OqSJs+GF>KP`fK*F<J2IBeKst}ErpmZkG)48c78Tl#23=uMr
z#ODb0bZK5eW<e?ggRBfB9+LC(voli}7zCm6|D+)nf0l+gtSGTuHz_}*5|XH87#fl)
zOHx6ed?pR?QDSm(YC%ac1B=$=ODt;j==zfLi$JOwxOE`P;}{?`%-+=EoXoru28LC7
z5dSQI(mMJO{xm56wm!tYIjLoNpvbxim0t&?cjz-PNHQ?gH>9Md7JyPmyB;I~*6A^T
z@^!;)LkQpA2x73I5hP}c^dK?itH;2g%D~W&RjgZ?n480pSd<QqRC_&$y3AtT^ql-8
zhC&mFeiJ=N0A;4<<rk$gFldAAsb^>asY=W#W|(aXu~-4BFfB7LMYptoA<hh<F&Ii0
z=;q{uvT1>CPG)Xq2}7_sL|#A-;^Qag5DSYkbBhww7#Kk2gF;}Y1w=kGFD)lCJ)@-0
zf`Ng%o`InuJGHV5q+q%w#GtgC#FCQK6b43Uh@=*mmSpA>Go%(5mZla}GMuo2Sddy=
zP?Va=!0=8Nk_4QrAs$Ff&MyLm`6FFONM+hU#LwwMl444Ja!FBUUTR8eQfV5f1ca3Z
zhjk$iD9^}D&R}3*$Sh8+0G0R`Y#~vx*bb5w3KB~)bhA?{lQR-?vKbf{((NHZo{?Cr
zo0gN99%BzNN8bUWzRqEC7Q0+MuOr0%&kmp>f}vrJE~MU=qYDX`w8Y|)LIwtgqSVsj
z%(O~|<4zEN&2WbJqr(}Zu1=SML5_i;Az7D!L7IV~;iL-#gA4;hL!>SwTs)!Xt#*az
zV{rr1(hc8TA?}&v1_=-YU2qy~5YnBj#UWQu$h=T!_0;JJ(O%~X@#cR|u=x!zz6%2+
z3&Z&4&@80M012j@-VlGO`9SoG_<+l9<Ax315Q8UpGcYJHFf@ewLKMIhy7)pg)_H?9
zG{pH${>7oD@%I$V+RcI~9R6!BmcP9&X{s9@&Ko_|YX41}(5cxss?Tmp-?lv|S9{gu
z3eJFfw@n9Gn`UiIJh8!P=8TF&t|N19o>Q+W`>oEn#I0(p-KUL<6@#~%NZvVOrpNTP
zd-<9}%x{*6O8wq8^X`;wfo;zWK696~D2V)=wB_ZaS^wnJUT6AftX==2D*wcX_jL}(
zPnL`O>uq-aao3RZ|HSzTB@Y>AiW-RrySq=b(|RQQX2q|``kb7TJvbFMU*I%g-7LW0
zz_@vaKmsG@4h9AWdj^IE?#Yb8=A7M(3=Dn@3=Pba8D-6xZZb~ZC1l5_IQgfLJ!c{l
z1A`X>Lj%)fMtO6l)l8FjiP$mmGf(~{V#gH6JlRUrj%g0_<SJ1+&MV9e3?>jmM9rBv
zSSJ4xwc~VUVPG%=wR|Q!ikdT3vrMiMv*X;#!oc7GQ7LTB#K$`MmzW)A1S<oB0Zfo{
zDwM}K`Jjb4>rqw)29wEqrLB2?vNA9@fy`rIU|^Yi&_a9i2O$n7YqrT&B6ge;*&r@p
zncOI3&UBP*vX!_UD?d8}gT>^%Ue=uM>=0?NFFC8(AueMDhrmX5NC+^2LV)u>I|G9i
z*ewU8%{eVO7#M6A7#dh6GfJBamU1vKSc3wD0RluOZxmDqyJ7>!<X?hzOu?L!t%U5D
zrgBcM60&2u$~oCe*p5k^YjTya9cMKc1A`mbU`Ancrh{CQe+k<$335-a61QXW=bpSv
z+>WV%d-5-FJI;;V3=9?^YbG;_nKQlQo?Ini$En5xa~DW3muK=X2|K2_Jd>>??U*Ea
zCs#?@F$MEZ-X&?r)XO{hm!uujP2R~?Qg)mod=PyclMhOoGx_mN-X&$nRL3{@my{jr
zH9iIghsn0$)=XmjldGidn6mjN?~=CTT*(g!EvCtiBIZnY`6pY+*s&T4FfiDFB7!ql
zfPujd;yzJxrqu$If63T!J{Ew)ArmM}nS=!=SIOFOx(YHd=s;8on{yTlLIRU%GNZUT
z=UPFCDXfzn#mzZi3o<YmF)%c6faF+Rg%}u|CjS+&W_l+y`Inp>r;#v3G1Fv55p&i8
zVUWA`N?UVo5QYbptU2ckVFm^lPznJB9A}aUB)}ObACxlZTp<EUc#I$mI6sI$RI-41
zCZdoqVgiK`XPziDoq^<74~a4`_)NAHvF79xgXm$L+$e0$86?KQ;K0Dpz&ZJ#v^f*E
z_+%?3J5GCXh(T<iK;Wztha@u=FmJs$JS?QlId6+YJj4P{bdnMfr-Gfs6fZG(m$Dt_
zdZ-{X$TzHCB^VeyCf5pEbJ|Kmd;%8dY?Xv-6*cEPEy=*32T5ci=A1vFJjTh6Lgq{%
zQj@Dx?Kl@pF)+kH0!iGQ^}iGYgVE%_Le`vy(vV1J2Sqw(sx&<Bi<>j8m!7;!&5m=E
z3?z;j!BO@|2I2*9h%zb2POeh7W6F`8yi47VX{GGsU+Q+84`d-q7$!4{nsds@!6QrD
zoHI-g9-KnvOta)B|I)Byx-B=^O4E*$M;;QmjG&@})kmIz!EUmxkTp}6{N!JncAUFF
z0`O$Tq5xA2N>(lkFiRSR&6#QxCjZj1V_K&$*-G1v^PU34IgH>Cl~H71umUIOFhxj2
zF@g#Y&K^aG35=5)CC!<RC{C`@vE%%!2(tuaY@*WSUpjW2%aq_LMZ}zwQyCI~;2gkd
zs|=F^CGUD=B%3++DnpV9IOI6L!+8fK%~@Sk7#RE}|CO=k+^5385CM-UF;xZzgUNeU
zZCF$p7y>{Fn5L;t-lcEH^h9;?FMT^!IW>@XYK5$sBGe{V8Q5{oQG@vk<bq3TkO+m?
zDWeYej*vNPj5?@{1to$B>X5X>IQgKmIp+<KIH>bCxl!DllSc!l=b)rHr;i4t)MS|K
zsASGGOJnjbBRkHU8jzr4n%pR6&LpTg*~-|CGfESZwV6SwhP6i%oV8`Fna*iW{$*^(
z#HR%+i<rE$CRdr*ajw;3VDMpJXkZ6L1=CNh$-hkOI1RKRA<HnCQOleuMSF6UsU7EH
zZJ1q*+U88RwI}~Fwd0h~frL6ZTQNoHOs+Ds<D8=d(+<i8cXcNJGP7gdq6aF@YK5#h
zKY&;a3=M4H{BEWX68|e^%~=Fufqm~NY0mjt9}+T5;E*vkfaC-QaL!6Ln7qrvj&r^N
zq<jOXTBh3uldUZ6I8_ZHvA{67(ZrlH+7Oak!F3zwLPJP80EZ0IE5pfFR(718Mi5gN
zz|LtkVqkCqB~qr7Mw5S8*>Q3jGcXjvQUzzHF~oEhaHidF3=a}<bI$L^kPHSXC#+3i
zDjCJhIjc<|mO$#f?Iw`a3320B6G(8ePHvPo=hQTXxDo7PrexE}Rkn7VOH3gZA;aWG
zQ*+MyrV#CHprVjd)(m11q;kzPgUCV3z~xXLq<nm825~M#rK~wbA2Zl1apn+x3}D_I
zb4cKWqlojJImGeIpftj%WdU(6GuZYx3rNJUgA4tY77%@qME}tOVjnnhvuav`N)=F|
zPq&2VVF4v&&P5<`ND(S-&h)@?a+Q-Er<fHa-k2vdN||%USV5f11S&^3Cqa3P;9PRa
z3gS3cP?5*PXFYkBvmK|mH6*hzPj(bG=bUK`2~yU{jFRR|->fHBx!7@P+CXv_JE(@^
zEV6+pVF8)KxyFWpApp_}5jN-iV*~L9GpJf&GO?Y!%hirG&6a^d2UL}FPO^oB96Q)?
zKW!nIj|m()+IBD=sOcAL2k{i7z}jF3$vR+TIX~IKEs?e0u!m@40p(!MQhP|c0%uXq
zo%RrgkO=;053wBLZW{-Pk&p_%!vPX9jG&yrbi`q@m8Tu2q9Y{sSU?$xHPjK*V5^n3
z=InKZcp03*IPW?_>MU@BgwxWAfx#b~1wd`R4yVbxyzE$SIWaI8PyVZ6&B^Nwi5+k~
z&E)Jnxysv)bBQw~cp*jn6K6;h7*gRYyD%_>g3V(TH)pDFnOx;#$NAKSfguoF$AId0
zGgnZd!I|v}F@*`_1<vhI9y2(S1l%BUkbnqqgLoa1@@Bh1q7#y~uevcXc!HzTQO2B8
z&YgiF2+TWZVb0X;KH19Oj`M&!Bv>G+=!^U0UH*1VIv$gM`P*^Udca%;a_%_~um)yN
zi0w?E1j^*>Ir&$B9n&Pw$yR}OOvgMYR|VQJaeGbP6==ug<2CtLpdC}2*JP_8JEl`!
zldFR4m{`0g?+UVGviF|+E69%NjQ3=#U^`Aj9|i_<a83X<crtt#7+k>t0;&Pm`b_>6
zY{&G_XR=j@9aEC;<f;%mrdhs|cZJw7UG$y&E5wdT!f&!ws2x*|-{h)LJEm2BlXr#M
zF+K8|{43Os$=rXkRhU(z1Os>o2Q)CspayAEgK5xUt2&gAOtUh8+fblUOa@)3JT{tX
zvTV4xAjlL0s45W6G}$*?ydETK!oa}5!~jkvV0kkzNg1D;fq}u1fdT9`C#ZQ?XeqE1
z76}HX$+ZdMlfQ&ZFmg<mjS!CnIn*Dl8l2q0EMz`NJ^(BV&MIJw1EG9m8Wd<@P;n5=
zIN3J>5)2VgQ4kF>EfUHH(aa3sEXM%S4H<T1V8BPSGcYiK1~NcKfM`(gW`Q^i3=GIL
z3j+f~9s@%?*twvgXOKqFm<$&KsIG;CUn4Xeo1g|zg9bUMg@J(q<gs>!dWc0GPz$ip
zAPrp%3=HxN3=Auw>X2!W{A#E}*Ffd*(IB61fQ(Nt?5&4t*b6maACwQGK|y{P%BO?|
zMd=Z!kB>vm1JNLd)Srf0d<H6kjRpnPc~Ebgfq~&NRQ(kweHCi(4QN)n1vQ5lnjIAX
z51|_H(I6i@f{d;+yn{OA6Vw5pq56?&P?UUyii2p7{%=tApcxNPREmKFLFF2V!Nb77
zpv1_)016V&Tnfkl4X^?R1`rM6YeD%ST5a;&6mf9e1u`-)urV+&ghORPG)Ofl+k%9m
zKm-E=13nt0B$^RY6oKZ8KrY8egVe_{f=aH*zA^IPJRT1cV_;xFra?jpAcBE`0YrnC
ziBM~jK^z7K1`rKmrZ7S>LMn)!?3*es2#WM95RZX@Asgh$$$L}985t&@O%>+^Ij{tz
zZL)2wIH<5=C}o7?D9|(*NESqc6jXu;1_lNY4GNZOsEIXDaS+WoSvO6*9%Nr5RJI8!
z3!*{HW)Q)^z<^AHOlyUzZ-dH%Xb`g<D&7I&FfcHHXi(JlK*f8Z;z%?T1H<InH1WwS
zaRQTN;yA$7!(^y3WE$kmX;5)w8Wbk;p@F*)Di5MT%tauAfq?;;204ETBLldaI|Y>o
z(IDn&Mg}Kv`E(A%V_;xFra=~6hgx(K>YrOs`ZiQOh-REzn=W4u^7UhA+&qKIVxvLo
zUO`QL167AigPi*gYRh{l{Q*jUgsKO{J6cWd1rh`M5u^sW3I|Dm_@F{g2bwjpRpB6Y
zAo0<v9261^;3glqG6q%QAR!PvT9q@5R^_8rIm2jG&cMJhT9psWsyr1`Mbo@0pFA_Y
z#33Olay4J=j3SBmIgE3pt>c7_Nv~R|a%{&E7hyL>e!(3l5_dkhvGqvm#8SSV=H?6Y
zs|<}kJ##v36~kJ3>{4^n!O6ZE5|i)l^k!t9%$XTJnIn^Ta&D%#FQ}>q)mR|R@^Y!2
zJGb0<zN_x%pP%|P`S=mdh<ewx$CP3#v$%VHmQTIFVv@CW`x`gQ57Jt*yDMZ%ZimS|
zRQd9NH>lhD_NuPn$!jwuCST3=W@MkNm=iuZBa3%(YmPS~=j4ky;gcn@c_*9ZdNXoQ
zZp;mzd?K57^3z;zM&8MWdEt{Qa(E|C&GTmDpZqW{e6mI^ua7=k(XY9e#LoJkx?bPg
zuKSoP|MA5~30iZ%O2#~$8avsw?qkpUS0<Hgk><XV{rcf=UtjrX@5GamR2T6v<c44(
zsB6Z^@Q?o=Xbslng)71*-^k^i%(~LsR~Y0|C}#Qf#<Z)5J>-i<W_0^mnd#-ZNd@QU
z%)7^Q#x6VhvD0;qbAc-7Hb1%dCV2fD4&QfQ_8$MmaZ2d?lP{(6uM!;?-#wjNn<p_@
zHQSp}baG*K_+*RxREOI-4eqBJC)~ZUOT06yR5L;^<nFegiw=A`aG}QC;OZ0`X4zdb
z472a8TJd%F`AH#mk0+-5IQ5&IYwD_%Sq(?`8gop(n=es+zlZT}-<jxbpL>=h2Q0bu
zc#&E9_NlK^Qrf=l)AG`c-lD(%^P~u=^%K>s_r2z`+nkqrl<nRH&AnF>Oyv2kY%ke^
z+inowOG5n$qFCNbXv}o|#b7xn*)VCc<7Z}x`uAn3n)1;zV(vc=n0Zis_RH?#;LI(O
zyZaLzw5Gn)e!8M-O}3PNJ$rs$wZYx}pO;PUEs&^>e$-i<o~E$Ve_6nP`KG<oFWq4%
zkhi=1i?!ckXV7)$h5E(z-bK9MlXJc*hCTIP6PrAbKep9f=>L|eS$mZFHcvouoixZ<
zP|Q*m%l9=RdG{ghf}MBwr%!nlo_qCoxY4Tl4foiuo=TI9JO9eO@k@-Rr1`aN#Rtwy
z_(p6#uWjlSnqc_qeL)*Ta)0e)+d_%@8-Fz~O>{d`vQyyX!*UU&w~Ks#DJxbzF9{Od
zQ5I;*vq5#weoi?fPv81OUU{7HtR<T3(xrSqbI+WUKkbU6Pa$Y93YKzYp)LbaEQ%kQ
zk8_DBS<1!ijf*|-XfdBi&WeY+w|4#Uo)jwYW^nIRNbT!yEH;vN-+ga8^VRfj@I8&Y
z&!xW}JUTJqee)}aj@y&p7D`O!&G2TFpB$MHK6ynE@8rE1-i(TqcV>o9jwt4xESu%c
zs606{D||9X3Gd{yS>BAQlPBhfPu@|&JNawAH>3Jw$Aa+58Ku0Fmlk+4YEJ%G5I$L=
zjCXQqp*N%U<b{RdlTVcKPG&9gX4IV=SQI|FqMUc~)*^34{mG2Q;gdBgcqgY8dovnN
z-dG$y`9=lrWYH3DM&rqeCE=4hDtRX#E%9bFoh(=yKG~v*cXDZ|H>3IFgQek<UsUl<
zRxR^pw47X67Cw1KHSgrBW!{X|lNHOuCwtWJPHrvtX0)Aru{?b8j~d>|rWM|d_LCbc
z!Y8k&<(>Sr!kf`?vSDTT<cK=n$x|!68J#CTtPG#bQO`TswaS~(b@Ifj@X0&sc_)9Z
z@@90O>{uN>IirDh^3rN=M$gF~tHUQtH1bXkt?_2`p1iOoeDaA#-pQ=B-i*GJ18c)4
zS2XcX-dgL;=s%gUE_|{^Gw<ZoI&a3n$s6m!C*Nr1oh(}K%@{m6u|9lqM+@)dqxIg5
zp_2t0!Y5m_@=h*o@Ma93e6S&W@{3m9$*PUsjFFQI8^b5hXycuHwb7d~da`0u_+*cE
z-pQ>^-i)!6FE)iw{?X1m*|gc4F@ADmbNJ*H9lVpDHhVKBPBv@_pB&N2J9%o0H)HbT
zhb`fgIl6c!yS92WrcR#N8a{bP7w_b+t=^33lO5Z_Cuel?PF~vP&6qj)V_W!Si5}j`
zq3zy`*^?KxhfhAy!#kO^!<#X8a$raJ<ceP2$y+<T8S^JIc7{*Z=;NK7+Ud<$IC*1d
z_~aXXypu({ycvrpCw7HT?&#;8e6-7(v2?OvclczB3A~d_yS*99Cm-w%pZsD1?_|{;
zZ^p{Wg+1YuXH4Xse6`1$v3jy%Z}?=7NxYL=d%YQJCtvIhpZsGI?_|?HZ^rt`jeX&h
zS4`%e{It)Tv2n6tfB58xDZG=X_IoonPkz`RKAB@G?_}2r-i)o2Cr${Tykjcw<gXLF
z8QUj2P7I%%F^zZf(uv-Tos&OK44*79op*BRByYy<$qOfiPd+i7cQWf_Z^quqfs?~0
zSIpp@ymhiSWB+8vDdCefX7Wx>o#M?naq`9~;gfI7<ee-!)thnh<ix4rlRIYdPCh!-
zn{n!7!D-=>EoSphE}iDhIDPWLY2lM!%;ue}I^COb=H$ZZ;ge^~;hlVSx;NwO$%-?=
zCwt80o!mOZn{n>si!;I}|Cq}=*>t8i<NV2uGs7pZn8!Q$=}d3Ng_8|ug-?!{&pUbQ
zEN{lelON6spUkm<ce3kjZ^osQC(aI^yki0H<gc^68JACXoD)7dV<GS4rE|O)S5E#o
zCw#KRBHqcNbG;c?PhL1TeDaA!ypvhyc{8q^95^q0a>Zia$y?`nGp?V^I6r){#uDDi
zsq?)VH%{I-KYa3yCA^bG7kD#no}9QKd~(N9-pNN7cr$LDEVwXyvc)pq$)yXu8MjY9
zxG;S3i)Fl%RTp_P?wnk>D17pa<-C)xF7jsFJy~&a_+*b2ypvlOdo%8xd~tF3<R2?|
zCz~$uX52ryaY^{(6)SlsKV9O@cyO}e((uU<t9U0*UFywvc=E%g;gdO5^G<eM=FNC?
z^2BA~lXtA<o&0r~H{<cij?2R*XRP6!ymYxY<H^Y%mxoW5Sj#&(bcHwL>B)gB!zZ6u
z%R71NN^i!qlNncqPp(+UJ2`cgH{<!q8&`!-)>zLwS#-5G<HgB|tHUSXSkF88=xT4q
z%aaAygir3+z&p8gjW^@f$p_bjPqx^|J6UzDH{<omg=@nnzu3q-`RZD4#+#EB*M(1>
zv59wb>pE}7+mkP@3!m(<nRl}3dT++NlN;BEPyVr)ck<Kq-i-Gr8*T`nykZOQ<f$9H
z86Qr5xFLLU#8%$Pt{c4>A5WgRF?=$|HonQ<HhM8Wo$R<NeDaQMypxx1@@9NK`QxVW
z$r;;uCx>qKW_&q$;pXtk5<7S&vu^Qbd_6gEOZemyJ9sB=-Qvyob~5AE@W~ZBc_*iC
z^=5oOdE?gb$r`(OCyQ?LX8brgaa;K08@qTXAKm87_<6G6_VCFayLl&<Zue&VI{D!C
z@W~c?cqgmw@Miozxo}7L<QIE*Ctuy+&G>V&;?D5NGxqXMZr$n4_<OSEuJFko`*<h!
z?($~*JNf3W@X0^+@lLkg?alaqa_8>w$t(8rPJX-Fn~9Nevellj$q@&5C(qsE&BV+&
z`PH7V$s7lHC;RU8W@2TWJZo>*<Q)fjC;#2+&BV?)*=t|e<cveSlh^L^X5wU={A*v>
zWQoJPlVkUTnqDjShfh9nn0GSo0Z`K`@<90HiX*&}_Z|Q>y*LksPu4ifJ305DH>2R>
zod?4w-#E%US@w`OqwwU+L*a}flMfyWXB3?*c{rR=Y;xh@a7OXTCl7}+N=#Nf63!?&
zx$;OjqtxV!N5UDUCu<%JXOx-Tcr=_*cJj@m=^U^X`J4A#@nD?%;OvLVAB0#II~-#K
z(US{Ka4;qCY>qp9iE;9T+bo*{PVq1@{S(_9ce;v=>4MJYxYJQ!g}ksuuGPj241Ajt
zPiHf3-f%?+A_rUU`4+VNb8_P8evr|;_iZ7IAz#`uFbHf;JRQw6`N3HmkksT07db$N
z=iR(%w)w$XX(p}==thDyveN?v7;WnR{f7Wh_0J3)R|5?zBlAIHaG=={kQfVetPV6B
z2^zcxiLpV&Kph1^kN^V%0|!(L)b_ps8iQkCU;u3b05L)4g9fu1K*R9dP)kA6Fs2|`
z&~Q6cjDvxJ;V0BUUZ{bfVaR{bF@JujI*{W)jt40ffQo^p!$9&NG0;pL$Y_v*JE8Li
zLg2y4dhjYy2JnbF0|SF7R5KrF;2flrfdSmN2WjSKU|@)biitzj2|&liK*ADGF;EBu
zLFWo2p<+S|3=G~NMGOoKQcy8aBi$KhF(_6*mWVJgFuVjY7#J92pbAA97#J3V2ErK_
z7-Sh4z=LpNpovRH1_n?Ff#wfDTEszfMIZ(P1A{VDFKAd4G$R5EAr+{YBm)BjXdVa@
zLVl`HLC~~d4=CsvAe%ZsaSm#@PK1hqCL=&*%P=r7tY8H1&0x@k>b(JS6=?QMX?mIv
zW1S?(A)v9^`-}_>4;UF39x^g8JYr;ExG~*Tn9;x9mXU$Mj*)@Eo{@pUfsuj1k&%JH
ziIIW9nUR6Pg^_{5m63tLjgf)DosogTgOP#3laYbJi;;oBn~{ORhmnE77qnuOk%7UV
z5i&;tat3JbM4gd=0W`_-1Da}nF)%RvW?*3W4+?mYQ$Z<+k)fUelvF_Jm=zSLj0_Cy
zpnwEzPyuaDVPs$cB}pDe1_n@);{$D<VPs$cB`Z)e0wo*JrWO%K1_scqVL1Z>Lj`D_
zfq{Xcih+Tlnt_3#hJk^hmVtqx4xGRl7(mmRQP9*A2uees)x~ZM3=HlJ3=AF&;K_K<
zLRWAS@nK+K@MQo`b%R!$GB`u0i9suiEf^RWEE&L4`Ji>6pp~HvwhZ7E51<vb3=Y#P
zMHuDl6+x3qphUm`UN+Bgmyv<t4I=}?3r0xd0(It}FfuUAW@KOhO)-FGBl;K_7&;jl
z7`hl47(h#MK{FmLj0_BQj0_B*If({F$XrSlBLjHOrHqk*A&rrN0W`0Z#0Z)HiDP77
zhy?{OXf7&(5i<7_#K^!9%*enH#>l`Bz{tP=nlAeS%~qhSAkWCapvcI;u%Cf};Sd7@
z1871LG^clyfq?<k!v(Dt2F-ecreHzSwV>@u;FaSH3=E*%3ndH;45bVV47s35DA0rx
zC^Lhmr9o5GrVQYfH4KIf3=E(_f6%gQZ3YGg(1ghXMh1onj0_AD85tP*85tNrb2OlN
z9MIejX#NK@CzQ^}z>vYnz>vuZnXv**mc=kKFo33AK{K0285kIjF)%QI=5<>c7#KkF
z#=4+9t;YafvBIFwz`y{SjR8#z6*Dq0fF`y;<7A-O&T|Y53?~>E7)~-UFr0!;cI7ZK
zFcdH{Fo34RKr^2g85kHYF)%QICSLw9Fff2hKG0k-s1ySgG9e5M44}yvQ29{H$iM(9
zgz7;BM>qom11RHzGCC+<_cJgsfbwz!bUHkS0lc`60i@240lc7w0W=S@jFEw1IU^*G
z?`C9R*vrTORs$+LKx#qw1p@=aYtYmq0|UcpMh1orpc06IfuRIas87!pVpOaLl?fn+
zfJ!z{<^h$(pbQ177#4#<1r!Yo3=Fdw7#L<TK<4%npm7L_I?(JMD7}N`XtWp@7(h{{
z#sJ<80G_%B^;<!O5vY&?6<(lH4OH5J3Li00#R4iyLFF^3wgJ^bpc)HQs)1@LQ27oj
z{y@bds6qi%KA@tM7h2kZ%6d@w3@Xb(WjBZhnFA_{LHboe377%A#eqQun$wgRz$^I~
zK)H_@ln6nSy$X<h1mMJ{!N9-(N_?Q43`&^B&@=){oS<|9N;9AtCj$oX+8fZ?b#Sf*
z<!~Elt_S6QYiN#lU;r=b0xeermlUAV1XQZHf}#_Y2th>$$d@2NQ0)Vn6!U}@Eudlt
zBnMKAtPxc7z~pf01J#0{@(fh2ftGH7(gbKW2vn?r5@ax_+yiAn&<rssm4Xr*D0o2|
zjAB8J11O%!z`&5iz`!t_fq`Kf0|Ub(Xd(rTo`4c8Xk#19_n^WSl+Qu=9h9I!c^_03
zbTcq8fL2L>cENxOVo=U#1I2$Ov`_$94BCzd+Pwl=2$IRbzyR9m0@`nu3|%ym2HM%e
z04dQymVgWb>48}eD&>(K0J9uaAc1@fvK&+Zfy@R)j}0jPi=bHzBnT?8K-B}NfB;nw
zplSkCJ%F+!D5_x91xO4e4=U|I1qz4_DqNbO)e49Y!Z0yVS<ueF0ImgK4g@)-0%R!2
z;$CP_Pi0_W00k?uk3hjU1+pB50Tf!3p&<j(15yu@2k}8GmO!C20~%$ZYzvFFxk%AA
zhk=0s6m9h|i(sxIGTy)r0R<(YXahMAkB92P2F=6cqXnQ<2%yPvsEa|R3aF_7YBqox
zouH-!Xzj)a1_p-r3=9mf7#J9yFfcIOV_;yo!@$6B8(PAGDl5=p6wtyHP*DvkvM+$*
zA5<|MV1U$YpjvGY0|Ucu1_p**3=9mQT5UT61H)DZ28J!r^*x&z7#P+wFfgoRU|?9z
zz`(GSfq`KO0|Ub{21tbi>R*7?_pE}dUjY>d@j(?5sHoq>z`(GPfq`KgDE@acFff4D
z^MEV^Rjmi1RVu9J0<FaXRWfIhDk4zD1X`K{O1vP)fJ#14<piQZB_XKN0xiY4&cMKM
zje&sy<Z}=kR9%C_K^PPQ^>-N<7#=e)Fo2fV+-G25c)-BG09s1(oPmMiDFXw;GX@3*
zP(|{Rfq~%y0|R(@&0A>2@`eG@PWZ^czyMlq16oQ0YBPWeCQ$1R6#O8^fuaP&1_eDR
zgh8PTYVmCa<$sU@P<j8Cfq?;5b%I>W2x`VMLYjr3mLI710%{GCAJ>pJ04%COt;;>2
z_-A4yJ+48~1!|Upd<F6VvJXK9gUp2b5S&&(9t1U2Igy&Kpyn$dXc-Tf!N|Y>>V<%M
zHlQ{us0|Bhzk=GaptdatgTz4%2hc1gsAmHb12xS+Gz^2P@D-5yok1yfdz~EPaz=K>
zI72-HJ%i~w3XGTPLCF)eAsx0wjS1v7P}3XSC<kpehwT$%VvIA=GtdLogCJ)!Ff_n+
zk})yHndq768AJMtAU&|XW=xE6#vr>G;9JUJyV1a=8S2#=B6gj_Hmor*#+gDi!S<!Y
zwzPqbGt@I=V915;T!(FXV*+`~NY4z?4Fc_;hi!|4T4cb$0NVu*+dv1>QxCBSwt*hD
z_YQ24ft~>a18gJy>9?#Aj%xeOz<veGfZ_^d5p44w*dh~<9@wUS*fu|eX`ppZpl$!K
zjetztpa25<NR(-sBBKP;N2cj*N{netjLg&DDKSdOz_zC=-qw#(k5hck#8_vlX9Tjv
zhGn{vGNX|Z><|Ef%Np{zD&azi;Dc@dhwU5$d05X-&tUpLM@C6T!|6s&jE3xB7yB_z
z4^m<@VuCor^dSdiTjTlu<zKE`*!KqP0kA7UJvNZ1v4rk)Uqwbqvp3M4{>JY@(%4+G
zXEHIynL)xBv}YJ}7QprEOAd#x;gbX#3Jytr&gpYNeplt3E~msO!DPre{emK+gc;Uw
zGza+|cJ2Ul&!QYS?7?P1&6s{kiBWQTyE0>@4D7IgNz=P5HP0XO0jo6zC89?>(|J@F
zjhNo>Om|RWlrV!GLvVw0@jJmkp{&sGGG<_a9aOO4+w<)!yiOW1F~%9_8R(fZFbMEY
z?*r+D?cV=zq_$wr^)r{57~{<K3{CV58DNJN{Nz>ID(bM{0~6yeKFBuN1peuFR2U_g
zgaoF4Q(^Rxkr99dyM=4&q9kVVXeP!wBRyk~f7J!1$Eh;<Fa<MDU!%$>!6Yj*y+NH(
zl+}cRL0f40164)|8Q8f6+wc9>D}B7h9qf2;LV+mOw=`g2fE{8GQr{5#XHjq_SdjrJ
zEMUhRcz1ZLI=iW_3mi&DdPWQk^Mt0?s4@D;zz#H+`N-$dRI@XtU=`pnFcp~|pus4?
z<Sa7%pBkft3~pP3MW)ZwV3e5drOqgYM;XM$Mz~ZMF)(ZpoqkT8QGzL0Wcmwrsyfa{
z26lkL*3TP0OxZ2=37qA@(Xdc#`Wp>K2^rXt3#)m%o7x|S>w{Go=$SAu92A?bpvfp<
z20Nr-!Npw#7y0t~peoE57+}XZXwKZAsc*q(4V5tj9rQ3gPm|FHlpObHGWwWdW_@tE
zXvn|-Il_UVq0D|#mEF$(7A8hei4N+KI7&^o)52P8!1M+)PcPD9Ok;W`J^hU-ql66X
zcmbVLSKq9?AnXb<%Ltq#{z*?)Fk_Tp5|o*4WyYw(VG2r#46-uQ^UN51m~>^P?*Yl0
z$xQdtW0aWw&Wurt$x&uHmpP*mldsHlJ99<}rU;qo5g@*d!1M+Bj1tq`j2WevGG(S8
z07;h1Ouq$^Y?PVKX90>!=II(1j7ChoGSg!~{FyS-Z44NVrmwJIlww*gGyRAKqmc~k
zNQ$J$<&7Jj^;<A88bGoLLz3(?Jw_umcg;fML)<ytOrKE-=E&(;`iv$_P!}>m9W(us
zK4S(G)CEjG<fj)HFiM!g&Y<8G`w{h_=Rqwr`<O5=z)qR4kNZ^i%X$79sEh#vgPYRy
zeIUKCb1Pgcoo4Mm=*kOLVF?OS*vS>MXP%NO%-z8amN5iny{}5sc?=mPnEokES2JWZ
zGQ+JBw~U+8^gcsI2{YLF7az8FOqj{>)B<XYAp`sXjH@yS?gVc+vIHUHrZhdyh|!2?
znaXqlBSr}`*qIw|*4r)=*&3<=RtYX7u*w*MngnQOFkMoezQ%}Ag6X#E^kX2i(b5qt
zB0x#S4^-YwGiEdbCBak1jA^haV|v6h-N%Gc0<O5ugs}-(QpS|gNCvau_0xo$0{~7c
zqO8Uy3@lpHTTB_Xn5Jn>-(bop0isWtGAa<t9YzccsJX+4X+ZOZ4=99$Eb)hs!SrvI
zj6vwZ#Kf&LeTEgI57Yw^OhUTTtQjTD44_9ZJnXn#veEAp2e_Ov1638U(;HIjUX~X{
zK3op22n<1`U!?AIKWjz_8Q3`uwtfYbvaN?~z}2Opp`M{ho$fRbMhT`ly3^-aGfFV6
z(Vf1{n$d^pu<mpg8%7_dbGp+nfaD+PPS3Gnlwf+NJH5>Y)Ed&8{tm<!(3{R-%V@-;
zpf}wHL~H9!F96XddefJHXnVcsH$b$n-gF*2MkA&oz3C2ij1p$BBTM9&9>oQ|dshH%
zdw{bT>`)U?fsMPX`txRhlQg(ZG)-@MpB<xw4D9?AS*3@{2RM~>LR&P3pc7W6J9sln
zFzM(|zhlQJ!L&|)`Zqg9BN^z)DGfUu=AZLs*z*-^rV%JJT-2ZLV$Wz~20MGDV&_+L
zRx8id;2<;rHD6(;uWUY9KglV5jVe^HAp^rj{poA$86{+JtGI1A{Q*b?>>!r#z$?D7
zpH4mmn*nYe*&9t4abPr(fgQQRHTU7I7WT)+VEe%hyxFGHlRzq9XQ_k*p7u)=*m4}|
zYXb&`IJ4;+96)Um^XdN_7$umVm`|5*WNcvSvzR{1k<o{#PH*}PM@A#2nHJM!oERmh
zIWbC2&v0Utl7XF`lB+3~v}#I{KNBOUZvd*bPFPK!=fr3v13MpO#uSGmS9U~5fSa<$
zppx*N?({cKj9Ofmtsy6qWZFzuaAuT{ft|FHZ9Ao-@bVpyGoj7n6IRnhoEg)YF4#`r
z<ILz|witRe3fIeUS^EV&zraZV94N5EQ2g`{Es{KSSOlEX4M8Pyy8U!J7e*r)*fA+d
zg(|iV-29-j6Vw$lWMHUsnBL>UC?Nwo2}bh7M9#ad8$c0itOpLz&koZMxG+jE@j6bw
z<-+L0blhpWhAX3w4D76w?vyDT_uM*ppNSD<Bxr<jhV%3ZuAn*`da{(YyhmKsBrk7p
zG=fXplP=SbxH1}ng8GLm<1D7tuG6QuF&g1X<`^9hc)#Pj>-0Zvj1n@?Ggunl{7AYR
zFU(;A4h3-dOmdrU;10=*Uha%qTm|lsQ(ed{D2y2xB6X*qamQCs7!SvSLI!q#(Lo{W
zukk*UPJ_!uBLh7nhLbMSOT4KRqjjFs*Z43>$iPm)S$uj%<@~HmnM{mz7J8<7h6W6E
zp3@)rFiM!g&c)%(w>kDIaMo@}=h95igaNk<RIdy{6-;&B(`$SgC1hZS<!HP2O_A|7
z`v^{1hUR+4#v8n+Z}4T5FoT`9vqQV2iD$h+JQE{m?f^6j0X=!AVdZ9_9S6@Vr6FY0
ze5U{NWt3oox(7}}&6IJ09>tS=>+_B7zv=x5o#DRI8~hk0WMGH(%zEE&cwW)&&7k}R
zvXcQ8K1^|b)6e-~u>)%7bQ6C@DXs$0KmY>+gFqZ;ZeC=1jz6OgXx0JLahm1NC}*@r
z2y%+jqU&1)HeQygI}ANhZsP5ovt;IUikuUI92)d?HHT1P?$h57g{HsqXS7q-_J_1q
zS}aV@FjnyWa{$fMF)%P}h8{7<Wm9Tlr(igJf*hmd^o#(;wcMa%`E(14QcFrIr$3Bm
zl%8%7$jIUk717t#N0Qey1a%n<^h(mJlJj%&L3&bC5=&Ck@{4j4OF#!b=_cnFRDv1B
ziD{|2#h??Z(lgU4r^f~|YG@UuCZ;4N<$%Rg6LX7GlS_+Ib+d}|^K`+7d==;CWhUz;
z<>%*4KQ)Q5X8PnHMn#^)lKkAvWZmMN)YJlq1J4IBI%=Tn)z{U>Fi+P=&wM&#F{9%4
zCn1b$nWRA@HXt9B<`(FJsu8eHQu9)D^V6ok4`fuDzPpt%MG+zZa(ilGuD-553SZYy
z&t&?=UPeW5FirOlVKkraIfYSr`i2ljlj#$~8NDQ7!%X_R`Y@)hp`MYR#q^62jPm@D
z@hN>>eF$T^;$%iu0q7x$`nviM*7SqTjB46g0#aXBAB(82(R9X2MrCoZ6etQ{%0O&g
z<LQo*7?mXvF{Q7okKpK<O#fKMs4NMOQGH!~I9u09&tQ7t3`Ql8cg48C<`<==BqmR9
o31p0({xXnp^>%?^Mr+3Hx5F79=x&#9V_eMxj-~BxlNl|!0ON@1-2eap

delta 19115
zcmX?ohwc9^wh4Ng;-%jd#h06!O0q=XuJ3a=dgMi<tlowf8AoO>u@kyjx9R;HMg|ZN
zo)|7)?=Ar0Ffe2k7wD#^WH1zD=H-K=8yOiGco`TP!WbDCco-NO${86LxEL53?lD04
zNsJ5(q6`cT4vY*8VhjuohKvjh{0s~YvWyH2A`A=-Y>W&H;tUK8#RWN;B}NPkax4(}
z?JNuod<+Z?oU9BC+!K!~D}7>RVBln6Xjsm|z#zcD(6E_}fkBXgq2Vh7gnq>^c@?8w
zeK;pXnIDw4;bdSCVqj=6hVo%_PJUiG$o-m}5cdjlL)<ID2{CRtHv<DV14BbfYF=S!
zDg#4qeo=a29s@%j4@7-34@5pSRW~iOsJJ90wIGFofnjnwlVE)$R1Mhe3=9o9sb#4-
z3=9nQe2}nu$_Me=Ek1}D=lCFYCnuJq7G>t8r$FUr2|&W4O90~K8UcvDVgZOBi=gIx
z7lil`s;|DG4;uKzskvpTMGOouPgf@9<YX3?Fyt14yw1R2B@A(ZwlKsZabZZLa6tJ#
zgdi5bfYLXGAnLNpAqHfXCxQ*?5My8vW?*Q@6JubIVwhaUtX2O`0%CMYWkITLW--G`
zNl3WmX6B~qrX(@UlZ40@mn4>y7N-_JkbwB@iUcGqic|AI;mL3U%7=wFNI%HVDNyt6
zWgzM^^D<J4GE0inic*U+7#JqYvvAheLe-Q=K*B2}wYa1xzmlOKv8Xt;v?!+#;tK`~
zIfxmv<REV7m4n1nMq+V(c^(6UzC48QDi3k9jXcD>7C8uAp#bszTLlIN2?mCS^n7qy
zsAssT013~15)jWTDM2(yLg@`qPv@qVWaOt5Gt8HOB)$%)r%Uq+G7C}}7*Zr4@sOOK
zpPiY?zz_kIca?xxYz6gbQDV7nQhrJ$BvH#SG$d7)q=G!DD*^FAVsdh7K}j)#x7uVU
zR<(L`eaZPnAk_>(8W81i3=kS-Z)$N)W?l&c!$&QMf1X3>Vr>ZjE|jmN195LoYFQpA
zvLtjM@?W9q{%bQZNHQ?gH>9Md7JyR6IW0)SI;zD0&g4pZ5Pq8;L}P^>BxZJML1Jo(
z76XGS14Bbrv2JBzZVp3YQ93wM+q59+GK+Q7bMliIb{IhPS8G9HE;BtZzbKV~p$KeG
zJwpRXRboyt!y`k8#pzImX_<K`x}^mSON}5JXF=%#-JE<-HZ9Q2$;{0xVVGqMkq_5`
z_*mNnVqsBcZc$<y0|Ur>PzXFQfyn3QC8vV;<wc1F1@)B-44HXpIhpAhC09)#24$yK
zmVp#FnL+qzIf*4DsVNK|&=5*3E-lH-DP~A5E-Xzgs$?iOhgg_eTu_vn%D`Z%1xXTb
z%^@C2OwKO?#epU?<U}kX;-Xp%4E3M_I3+*1q$o2lH6=Bv6jUO@$_6fINR($}CTB1(
zFk}{|R)CydZ3T%MKWj+ZC`c^H(9KS*OwLHm$!1_+5VC<pK}KS+Zdy)aI=c<TBe!fI
z>NRa44o=J}n|zsFw0?&zB#+Fq1(h8P4WBh36~bdpNQk8+7MBz<FfbIQmKJBGRWcOW
zLp<p007(kQ4iI%mH5nM>7#JE>X)-WKGcYuiI5IHEFfcSM(1h4G0cu{76GVTQ6Ig$J
zgMc%b(ZK8sao{{>NC=f{f)i;&B-G$kXyS*ZAyCwUk`5sYLm3#rX?m&~gzj>K1PHe~
z$liK}2AF^gv?hb`&7rwZlK~Q<M?D}eH}ZrSpx_B9_V;)|44&h`z@Wgu(2(o}k%y@Z
z@Pg>;@_?w%@`jiv$H2hAJvo+BdU67ngn({%IB)b+tNk}^LZ@cms6IQnf=fYQ<6_0&
z?Ix0Uj+p5&eeGVpX7U2g0FFb<Z<dHk{ob~D2A2V=z=;h`GiOvJavhm-^PGB3+3(FK
z_!}5G{MTMAe|ufhbhC$G0wdE}hRLra?U?!)Cu>RBab93#U~phyXkeJUQQVwKfN8Rp
zupOrl6GV`4@<&B;rXHrrtEB9h?lDb%C1uBH#LU3p#=y|P43?{4o}49Z$8>^ua+bIq
zlP=5TRpNF`i7b;}3EMFpWtprcV#g%HIyp<kjwy(B@+uKK&MsC41{1J$LlJYPeXNtU
zMC~|#vobK4F)%bRPA(KNXEJ1)yh_xLGn<Wp!2_%k<cK3|leNU`nE2QyzY@1&ieR6-
zO4^QT8vEo|(soS8*(Yns*m3?~XJD{kU}#{PY$$5ZWWX_bm5d!{E(ZgH71$Jz;1-U_
zTC#RbPdFxL$=Wd`a86z&YsWN;bMh-$JEkj~leOgRm=w4sXUW-dMsq>*aZLUwYtA&4
zYw{~OJI<qA3=B5lz$%n9XO-n<U~riHR@|B?mV5Flc{|ok+zbqMli!M2bAI54_>yUI
zp}0Ad3eV&$1v}OX9tH**u=Exl1_nEbOGV5%Kk-1^%{bZ6+k%Ccfx%$%TSaT8DBj7d
z6z!OLcqhM7wBy{t3$dDMvZ0tc=NDdx0j!fhikov9@i8zMF)%c6faF+v_!t<RChLk=
zbDHuqFt{)<G_XwGC~VGI$q&)PG`UdPoOL@t*zsc4oZtB&)-z51C}hs5F96ZQ2ns~b
zl>(5+W}N&{&YbhT03=2jLH2N(3qn+~fO*w|knmyxg%{^mK?VjVaD*C)nX_^VF);W{
z&K0-j3>AXtVVwL?%A9ki5G0v#PW~un&J-j(IZMrsvrQOc5F03caUKwcqzo1?@0&0K
zgAOFz<jgshL?9kw0XsZF1maY%bC{NiOn#+q$N3E^$PDrgtBoiFgU95zQr4U;AQmiD
zaGnu`YZWo)6cS@#&;!dAN}F>!KzWRl4W-PPW{XW;rD@0dN{oRaW^%5v4Tm@+<iQz*
zvqBsa>+GOd=UgMsz~BXOte82|H}T1@wCp&4N-!`OfCB~;ahj44AAkdtDP3~%Ds4Na
z&61N}Y1=V<kesZgW5=m31yRB<*-*rsGgS%}SD;idR|*!IpuGD~YO<ED9g~vu<Sbn~
z&R}Us*n+bZ>ttzA%G8yzX1XXnSxe83l~D#H@K({9(_03n5M*Sx49tR$QszvDWhQIs
z+cABWnVh9>$Ehj{aSAwTuqMkgFj#?8^ITa-95I555YEf85EB?DZ<IA>;+C7d%D|4(
zMGj^O$k-KfleG-(IN!>_5(y|l2FNoon1B*KXNx>c927>!<dJOUWKn>m4seKZ+QE4r
zWz9Le6&M)&AYm(H&dI9Czz_lEf&3M#2n%-*uUC<QApk7*QOKO>uHxiZ#&%5FN|Uur
z>^M`EAT~e>#Q92-SDDyxK30Nx5#%IEWk}3I9FeRH^V>#obI!%ekTd{E5!aPrIp(9f
zIj6h|M2=zdMrm`-U=^4?kmDz-Kpf97xlqlV>7mNxS7vsc3aXH>WSYED)SM|ob#j)u
z9p^$-NSb2?=l#p7@W2u>XA)JLtYu-x8L9>;EEpyiN}4lGRGYlY!jAKc8Uuq5149El
zD4LiY)F*3M+Hsbv!<=NOXU?=*eex<xJI+_?Fl!C<&6$)mCTm&QamH&vECS~?riB`l
zS6SI{KGuM1mojHk(VVPhZO8dr3uZegK+LrvJT_1<!CDLAP1Y5&=G+NlLCR8Db50{2
zNI)@71_e}=4kWf1K$(tnl@7!NhRGYn%sHPydEkW2q@+7J%hrxFM;8)543jrnn6oa@
zWngfdyjIMb^Mx)XGQnZRWT-be%g&B-f*#B~P~mh&kAcAjl#ZDM^e1cC+i?cyGcXi^
z69*`%T+oM@%mU8SYzFX<5i{qsGl1kjaOuL?WB^lXC~D4m$N*vqq*VQ907=AP_i@@7
zLPCvo@<w@c)&fINMp`Ro&9usJ@+wC=&ew(v4A$U~*=T9bsb&Px$_6SVIa7=vmau}$
z!wpb5Na^?v%7c`gI>r#ELR6+0L-a9&y|L67VkQHa_t+Q`_TU)eG&O-ZoEel%I15c6
zPGtt$zSIN~FYMsz;DZT7A2=H@S(r{<C1%HzVLJJhm>uUFQ;6-1;P|{^3b7B8DTK@*
zrm%pLI;XE0M2;DhKA5`ACTqFbaUL{-l*r7J4du)^+07x22UqNzwoo1;I2YBLL!8SB
zDj%74norJhx8wX~4#`Z+lQ&A4bGleS5&`RELs@gCg%*>wJnT5HSU_?gJE%6~l(mE?
zVF8)K8Ey$F9w5QG+!EpyNQ39T<>V|+J61s}1_m8a-Op)j1#v$+sEXlSVg<>ZOrY>$
zy$0fe$~0CEYfzE|mABE>kbDF-j&-gz1B1onw?fvOSFIsBS-{y^!3L7Fz?qdZ#RlR8
zh=b<XKx~9K_PGtjJV?X9*cK8TjG&Cbly5uvm5&|g8CyssvVgJ^E2!mRF?p@LHK&Cg
z#GjCC)?vrM5Cg8S3dPMipV%=l_=9u7MsagiV|xY$`^mZz)~v1e3=GDTb#<*dci2N>
z1zeXiy|bUJ<!{I7?*Iu_NL|qHz`$S+HWF0CopWGd2n8EyC}z&2>^NB~z>af*BLhPq
zM2VO=(?dsa2_ohMF@*{2i&Ce_uY~M44?_i+!Eq$x3{e6Jk{D-5Ab^u1=W=IAY(f(I
zLuUpCPjD-!P{Ev2%Y}g<2+Z3kX3jL-W%8;ZJI*sMkN|=tA_mvVTETWq7Os=Cg6%jv
zU11Icx%!qXSOdQs#C9f7`egEVo17J5$28Av@~RL!rb}*<UxnB)iMvnM3bkX3aG#tN
zYR5Fmee$YMJEm*ylV63}F$s7~)(W#@^7fdV6=uhD!(;NQFgs3LPX-2aaJvK4HY)LC
zU~q+mi<CLjPS43%;dV@KJtwaUw`0oln*1u<j%k_KWUUB0rn_E~vm)%6RJ<pzim+p<
z@SglC!j5U1_hhX|JEnKuld~f2n4EnkuZpy)7iR$X=0HPf3`z_P44`2|Wl;Z?fq?-;
zgZL^?J~1>C0|SE^R6U4hWnf^?hMKDb6-S~$R)X7a3?PkqPzA^|<7C??@yR|>9Q7a-
zhESu7pem7RkW-DJ;vkxX0bFK+MXbRjgbz|@1Lb3*LGrdxc@Pca+ksOL12~g`rR*3O
z7(jk=2J;vgKr~1psE-H|LZ%rft47P$Gc$nG99WkhNC^YDKmxO{@!1)`SpzH&>Y{?Y
z9}ea*Fd)+`3=9m>&|rySU|<00OJ)G~sTp#i;&}`V_28%l4+%3cFi?XAISAD82YIXn
zYEdcFftYkX12~Gy85kJk85kI*K@}p?AOmMW4Vnp+$47&FJ{QslXIKSQ528Wwuo}t-
z(V%$RP!AQ@KmiRhcq0P?1IWi)pyq&RkVAGr9ljGPj!xHu1V9@1FfcHHG#r3xI0&T=
zK@C32012t%P=kn}L2-T#svZYj&j6AD`QSWc@R{K@)FJnw4tM}H0GS3w$s?#Zhz99@
z3|0RG8kNi-L6GAiGYky;j1UhBGeSHf3YM>DU;r^d28x3P7#Kh_sEn|M@<B9+X$K-e
zd5w{QfsKKI!3D|((IEY9jF5859V(8G1}X6XIRq5{ULYO=0|P!9q{JIUFfcG6(;y)q
z5W&E}fR6?#@dXhK3=AL|#PkC>m}&CgIC0SI3PTWx%fP@843dM=AZ7?7Bx!|1<s(4;
zpFA~Q9$fS#f|M{YFo0+f6EtxHiWz(~NL@0BU|?VX(V+B~2IYfj5HlS_FfcHHXi(^8
zLT%52if1u0Sb@uqY^X#IR02eU49tg$7eK{9G>BOUA|~r5h)04LB_M)<fdNE=n59r%
zWgrd%0|ST#Ws54Pcr{cUAI&s*Z-RIt$k7c@U7*=6P@o{wAUC!^O+%(R85kIPq2eGK
zWKKVn528WL2_Rx}ZlZWSD535E@fa8wKs1QC6B=QAKpX}J24os!`cY8AV_;x74t3oL
zD18#D9z=tfr=a4eq4XIjeHNONE;2GWfeW20Ak_>E4A^K;;N5^)cnhiynP!^onj{a(
z1)%T&P3eI#Hv<Db>wPV-<wy+xaHW7;--8r@_@nhcwEhPrOXT_<6hI(8D85JQeNcT5
z3K0+uO7x)m9>fRHqxC*$PJ6W8$6Mcn5(}t307^W_^*u-&#0QDvtM5VTK=L4Up!y!f
z2hkw@XuS`q??GWQTJJM3fa-ftSb%6y`k-IEKY34f;bhe^@5vQ8ypwCoycwA%pDYWX
ztdYw*`EHIkBkN?%-0;aaa(O4~mU}a@Pp&KvpWKnhJNa(8HzVg{&5H2J7WurBw-$Lb
za!+O~4xjuYpLg=pTyI9+$%c91lV=q0PM(_Q&B#CbVP5!Tk3!zbuKC`Kf|Doahfn@d
z$UFIKzBi-rWXFQ=$t#L@Coe7VW)z+Lu^@bML~-im-U{!@93{MypH_G?N=`Pc44=HC
zgm?1PN^eH#$qy^TCufxMPIj&GW|W;gu_}DBL>ceouT|cR@{=8_!zZ68<DI;;+M7{v
z^2h4%$ra_ilS6B~8I>n5tO=j2QNcTzwbq+ab#h>B_~aWEypy-qdNZm|W~>XJ+)>Fp
zIknE4QFHRfy70*sRlJi$>%AGZCnwg2PkvFwJNan6H>2)k!G`e3Gpczfmo|7a>Q6q{
z5I)(XhIg`Rqc@}B<if`A$v<j%Ctq#!W;C9x*c3i_MJ?~-)+TR8)5#Z`!Y4=6@lG~v
z_GUDn+}IpGnWLU}^3!H-M$5^DE#Z@Q)bmcB+TzV<J^5iv_~eWR-pQ`5-i)@BC$@%9
zmT2Ui{I%7a(SEXHTlnM?jl7eWws|u;PX5>yKDnZacXDXEH>309h3(;!HJW)Rvvznh
zx=s%42%mhTnRoKm4sS;H$&8)hlRH{?C#QCLGkQ+m*cm?AqLp{DXqPvm_vFN`@X0S)
zc_$z3@@Dj%EZ7}Bc}5%W<kD_$M*qnNyTd1YwDV3@?eS&|oLtxwKKVyG@8qjJ-i*PM
z6??-cujt^N+}i8S7&`f4Z}{YhPTt9;ecp`WlN<ZOCv$Z1PJY_w%@{e^us?kAjxOHG
zQ~SLcqbEP?51*XT%{$q3f;VIA<cSl)CrkA3PX0Q<n=yW}<HYdECwh1%FP-Skm^k_4
z#PG=#y}Xk{CwVg_PhL1Fe6mI#?_}1=-i)b}11E=1zR|}!dFy0v#`MXIQ^F^A^z%+m
zo#M@yIeFuh@W~bvcqfZa^=8bToH#Xn@{0+)laEgIX3U)|I4ykgjETIHOQ(4==1)F2
zEqt=aB;LuY)4drBCl^i+pZsGI@8qk~y%~!qE6xa?ykau%<klJ9jHQz=&Iq3zF@<-s
z=}d3N^2v=e!zXi0<(>R=rZ;2dWW!nElXpzzoji4xH)HkWhqJ;bXH4Ur>^j?<v3Byr
z+2NBVrt?nzI@_DEezN17@X05p^G;qm$D6Tn^2a&hlPhNMP7a;x&DcD7;oR`a8Z&t(
zv(EEoY@Hl9FMRTinY@#?&hut$pUgNvd~(Mu-pQ%+y%{?vZ=4@K*<v>DWYGoQjNOwH
z7lcoKF`IYt(FNX&y^{qOhEJX`hj()6LT|?Y$p;sPPxhG0J6Uy+H{-;~g^R)`|Cq}=
z`RXEX#>tZv7l%(?F^_k0>tb)lsgo}*4xbz`pLeq95^u)olN*<WPv%&_JNfAnZ^oIE
z4VQ*b-m!pp^3<i?jI$>{TpB((V<GQk*Ja*}b0<$+7Cu>G5%1)$%e)!qPj*}$KKaBV
z-pNasdowPa{Be2s<ch_-lS5Z{GcKOIa7FlJjU~L3Syy^9E}a~>GJNulCA^cjuJmSH
zKACY<_~eeIypvN`c{8q@ym3|dWQ%3IlSNm1Gp?STxH^3Di)Fl%kFNG+Tsv8CP59&)
z%Xuf4uJLAEKl$LA@W~!4cqgl_^=8~Sxo~ax<R2?|CtqFb&A558;=1t3D^~JOZe8ci
zxOMWyb>WjER`E_YUGL4feRAXa@W~vjc_%+z@6EV#vf+mC$val_PM*5Kn{oH#ha18t
zXRP6!?7GpLaqr}Xh2fJW*78nfE%IjEKY8ND@X06E@=pG`(VOw$WXDb6lPlKoPF}jn
zoAL1EkDJ0LYpmy;9J<+?@#y4*o5LsHSkF6|b&EIS@yUT(!Y6lZ;GMj6i#OxR$&6dW
zCtGafot(PWoALDIja$Pfzu3q-S#+B><JrlH+rlT$*u*>e=r(W0^OFU)hfns{%saVs
zyEo&-$p^QGPyVr)ce3gZZ^p}$3wMN1Ua^ID^3@&Qj8`Ws?hKzCv6Xjn>rQXR>yt0;
z44=%gjd!x?E^o%0lN)!1Pu{VOck<I+-i)^=8}1IDoUxsE^3>hljCUtL+#NnyVh8VJ
z*FD~h_a{%>6F&LG4&KRM_joftob0$ad~(H3-pNb%dNV$r{BdviWQ|>Xlf(9TF+QEV
za9{Z38@qTXv+nn1d_FmFfB58%-Mo{x?)PSVIhpZ5_+*PcypvN8cr(79yzxNz<QIE*
zCyO5RW_&w2@nHDm8GCsrA3f;J_<nL_PWWVxeY}%p4|y|woSb<meDaTdypzu!@@D)z
zS@LlB<Q4mQC)XbKX8Ou7`PAXC$q@&5C+i;ZX8O)Bx#~#RWR8QplkXn!X8Or6S?g%n
z<Q)fjC-)xpX8O%A`PR{}$r*=uC)*zLX8Ox8x$9WiWQoJPliwcmX8O-C+3I-M<P(Q^
zC(k|Z&B!?U<?-;z6-Rg{`<?*Re=|>nPu4ifJNfSkQ2pn5GJNulqr8*Xo&?o@KTn2F
z?l{IfIrbE&{#$t}e6q!H-pRbDLG@qc>F~)fj`L35dm2>#ah?gEJmUoK<lHl$`ful%
z@W~!0c_+)B1=W9<XTvA|ILSNt?AhqWITsi=Z+N1^IC+5(%jANK98AkOHpgAL#JJh#
zvH&BKtMKNyD^+Yv;+mV|u0(+q@xqqQ9nxoD;M<&dB^xZfdCOf5#>oXj8eoGS+~Z)K
zVZp$_IXUr4KS+eP%L+X5+c3q7fk9w%;+1Ho$px1KKvI)0+~R;(pv1H}<jHmut_jdZ
z!!bhB4Wt=uU}FRS{zCw$rSbzh)(0AfL*|1zrCcBZ1_p+o&;d)(I13L{>^D>&sFNxP
z75f8K2kMp`12umb7#RLR)q%{fSAq)uhYEs5HJ?E>gGQi0mVyTLUqcOIf)0~_hFU&A
z)qw^hLB@a_2eJ?(%mP&h8tVWp^96~qLd8H1b_WT7M#w>Hok5y;8NjocU}1KsLO#%d
zBv^!jfdeYW&j6mw0uSeMLd66a!1Hoom0VCUPzV@+MHm>kp<+S|3=G#nmVriN!D2Ds
zRbUJtmw|lF3l;>gy<^~kD&&KTiGl`|Aj{Uk!>u4`F$M+(&}cZw=b(rMiFF8pNCt*8
zV$-{n7}ciVk!6fXyvxYI02*03$H>5No{@n8wA>36AE4n_2}TA6Nk#?+DMkhcX+{PH
z8Ab*M&`NMQMg|6XMg|52Mg|5&Mg|5@R4FquFsLvxFsL#zFsLyyFsL&!FlaC`FlbKq
zm1Fd;2aWcMF)}cKhJi&G85lsr#ZMU+7(g-loPmMi1p@=a8wLi3w+svn?-&>u-ZL;T
zfMW3@0|Ub+1_p-D3=9lk7#J8p>&L$_Ffe>)U|;|xM^JM6#lXM-N@AcG{tHb;pi~1&
zC5(&=49TF_1T9YnEr?754Q?_pFn||HGB7Y?F)%QI7D9rOf*S(^11S1Ept0-3z`y{S
zJ2GKlU@&C>PiBH9;6Q807%UkelR%(3Cw&I+d^LCoO@aZu4v|5M0lcsgw5X9mmSH-d
z0wY^JXsSbjfq_Ahfq?-ux_66_f#Dh>B<3$NGB8|XWMJrIWMJrFWMBY|S%OA8YZw_A
zK&$jC7#SEU85tNr<ETZ93=E+0)?7vghCD{dU~LA-ql^p;DU6VzWKeI@pAj-T4eGgi
zF*4MH$Ie|D85lrg<o2L-eT)nY&WsEUps{w)K>tJNz&$9LgHjnNg{@&=U|7$<0G?9;
z%|;w!U|;}En=FOS+khsIKr>CT3=9mQ70B@n3=9dNk!c17h9m|ChA7YwIcWHsp`L*O
zG=m13WdltfszOIx`xqG*>KGXq>KPdrY8e?AKx4k3{$VjA0|RLE7&M{`8VnC*WMBa8
zTL@reU;qu`donUGfF_7Qb1<727#KD)Fff2-po$n67(i=iLF0<L&<RKl1_lN#P>}{2
z$^{KJgT~E4BkO^T3=BIN7#MalFfeRoU|`tBz`(Gb0ldD80W{(c8m*3DWMGJ8WB`xU
zgXU}YF)%Rf2l<kbfdMqA`;viy0aOZ=LJI&#P<~`&U;qt~gYqw^FaXT}I)Nr{K$#LW
z5eFKy^JD-|;ewXnf!1>{faWtngSH^Wf{ft#eX!gQP|g93mdk-Mu2MZHAA{sU85?8)
zs7M19f1t!a6|}8^fq`KnD0CSZ7<xcc3Jl;WZO}A21ITfpGz}Vi1uZF+fu>VXx&;*v
zpz;_r4GbzkK!pdWI0Y56ph5^#rn7-E6R02umA@bXkOok>2`W!TAZublJ3c_$MnGFl
zK-)q<yA43wIzU@Xz~Yh&;MKznvJ4Cip!Krq4B!Rg44`BInr8-O5Ku+|Wf;(;Fle|P
z6osGw(g&p@(3mhNenFGTpg0DVr=XnZ0L{6e91F^!77XAibI{sRa1I8Qy&y4IIt0xG
zgBI>uK^+caBkQw==5iE$pmc<+(HEM+y+M;n(0N@@5dtboKt+lx19<HLcvct`wV?T3
zPz4ge0A4`>4j~Y~n}LBLgn@yflYxPugMopeg@J*gnSp_!iGhKkkpZ;chk*f9)YOA~
z4=TSv3&26;Sseod1E_2RWw%-e28J3?;)IrM)eH;_70@yclr=#XfwCzmyMnSUXwVpx
z7Q>(e%%JQV!N9-}2`wW*c7V!AkRFibdZ75vM3MwK0A@L8e+kI9p!^TA3}iScdO!{a
z6~HhHK{L{z0vEJ>0hCoi8KMBRY8;w{L1hYv55gdM(1bE*t{B8F1I0fmtARK$3|fQ_
z602fhV5nq(1QRTTK#l?V0OS}@)PX{v9U81qA2EPD1PZ-2Xvl$TgjNQ~)H+BHNIgux
z9wY!tk)UAeg2q`dQoQve#T#gEPXp9JpiqE03KVMOMq52B7?I-*<U&wF!RMn1xO~LG
zz%U6K|5Km|4OG#BDqK)y462kt1>7qJaK&BE0Gjl@$H2gFgMoqJ5(5Ln1qKEN&_pt5
zQuz!61H(xM28I(13=E*U0#s)l0Zo%JFff3MX;5(us!!H2FfgoTU|;~%FQD=Il?)6F
z%NZCLmN76e%w}L<0M#!G85kHAFfcHH=KZHb>zf&%_y?7u^BEWz<}olZ%z<i{1#R+x
z_#pX33=9lQ7#J89GcYi$U|?VXO#*-_E|6uQd3sQNfn4N+s)54{3=E(t_+8K{0W>WS
zD(XRr7vz||pm{w|{DbNM5C=qq=ITL3`)LLShEq`AgV<+5^#BxuLg6B)k;lNmaFv09
z;WB96j)8&U8Uq7(>is4I1H&x_28KHf3=DS}7#Khy2AX0A)ySYJc~I>PYA1o(O!c5f
z6R6SwHJU&r7pUO`iUN=eLD2$YgMuFv%%C6!HKag63z7#ltUwJaP{Rt;r~*Y5s6hpb
zZ%`u&)R+P_tf29Y9^LgM$2X{@28wS`tBut721OaDg$ME!$OHF4@eksFd<ZfaWGK21
zLCro;Zvxf~1T_UgodFmPYS@6<<DjY;)XoRB;X#cakQxvMiG!Nlp!PYaAp{Zwtz-bv
z%%HX`hykj4SAg2WptU>x+v~I#mou`1szn9{hUq#wjF)6UkpbFf3EQQ?#29C&XP{@m
z!0?J;x`P3u1k+cB=@)bvC1gO30Bx*<ZQ)>IEHl(I1gVr|oZe@^C}9R#ECAYydHwp5
z!{KZAB$*iFj3H*hHfy%bf2hX4zbb->G0sHKK+hP|T$+BzfKfskv?>6!t@GELe|g_l
zA3Vv#7-ytstY^r;P(D3Sk5NR?9Ap!y$qCvVYNz!`_|1x6a$r?p*M>2I&B5azIhN^i
zdW;g&xeOSkn3l6lU!cdBW(M08y8F_zq!q<m+QHs823ZB$YpHl!KTbVP@i`M?ovEG?
zNahpkbQ^s}Bc{!4(+l(&C8oz1GBz<ua87?<$SA?2$vOR(A)^tKG3RtWBSr}`*mlty
zoQvNH{t0CTTVM$CIc!7ehHuZeukbo)#Kah9pl6_G%D@oLIlab+Q6d1g%ksmK+JZUP
z&s=6=j5F6WG|@9;fNd`Q$*Z(g)M3E~CPqeX$gU;WHdCGGRl@&x!XWk;=ov9EMDk33
zV#Mep1Kap$;hMTAiCH|FiLnk8(gvWdsMCFn8GXz!y>6;!2r_~Jx*@c|IZ3%A=v+rW
z*f$1xCJYQkeACYvGfK$7wxn*q_gk;@@fLTm3UIKc@J-J%Wz?59U|@jlPYtPW2>!Du
zI1{YM02JA`_@)P#FiJ2z<(r;m!ssId+nGA^k<X*4W@k*H5pK%BP$Mwi&WurlsY_t`
z8xuwe8Qf;h5}2-F%4mc~1;lAMRTwcad>5R)$COcm31XJ$^w*}0=2Uc?#PlU*j8aTD
zg{B`cW0Ww1ZI8`h{XO68W$9{YMlxn#fNh{%&D-77{xDo0nvqNx7&wHd^O-YBn8CK(
zF1Wa>;38jMA5?`I0|RVRuI9`Qn)()u)=(MH(rw}CG3JauphUY0M02uEPq1K=kb!K!
zWoRg~pHyY{Gk}GO5mYvSnz$We({(HuC77Tpp>&!VY+q=LKS!QT^UNra4nt7HGQhTm
z>YTdzX6*%GSCEVmIL=)qrt`TlN-#x8Omk-xoo?&GD9&LD%4iHJ64PT`7=2_)p!;pN
ztawz#Z@%se6Js67Aw~=gwGz{9Y#1e`-*I7-V(O5X{=<dQh-r$%bO&2T38wiH)7@Md
zjhK>oruW%0N=$FCVw7UqATfQNE29L{K8fikK$0gUrvCx)Ia#NRxiK2a!1fEzuF+wA
zdieW8kUI^*&Uqj)UCWNqX!<laMk%Iu64Mu0GaAXjwjC!$E^plMtlxr((LfJeelV<*
zoc<1^f{^295$V0@Dz=PLP`~-W{KN!x{`3R3j2TQ&7c$w)Opmi;lrV$sL*^Cx5%r<x
zK`k_&nJ_TGb{gBqeJcCqJbw*T#(;sLS8n<mJ4Oi^*xqH=N~c-754!S#Rak<eMPGjU
z1CR>Xu4P%7zx5MWJqH!ppja_vU~rY6E@IDU!~|6dr+ek5*Vr>k$iVhDf7sqJVJ62@
z3$WSXWO7qs`UZPO38r4T={^pOMoe!NrZ+e+N|?cRP`_DkyHI3ns0LVv5vWYUDg!QH
z(aey6ZIZ73a?P@SbwLCus=y@^gObwpEe?!Egd+kL?BJv{-OrKH1eEey92t#ZsrRfS
zV<0q=BxE4lrWqPeuD9Ej5@MqOve87($b^9bmLzkW7@J_qL3Ib0Goz6iX6Zgv6|}XJ
zp#iq(U7vCC^tjWBpp0OoXQ*dv!r-koy~vqSi|MY~^m)#V5+HhqGou3O8PbS>0W(9&
zG7bK$IQ<DIUxEvfG+2-l7Xt><pSUvy!SukQfhkC1dYcEM57g@tOp%(?-+3@fFqLag
z&k1Fekb!LgPOW=cUKIIoIk;{z1XYF$G^g8mGD^t6cJkW#6;#T$9<l*f@rH(ah9*Zf
zrx$oKN-#avoc=D9QG)5S=5&rQMjs|Ft?6MPT2yPggBPedp*4M97^4J}sn+xZ0gR&4
z--a;;GI?lCcL-;cU<%io9u>}L#FVZzy$?heX-$vwW;9}|)|&ne#BbA@t`z|)54EPp
zf#{uD)Af89C76zCO`j72sxqNlz(oZ%?yl<3n*q*LCZH^SS8Mu%2u2AR*nWIjrH9G~
zIF)uXF~*tcfeY=ATGKc9FiOb4cIrnl&bjUOeSQHGW1J~O#aHd=4Ze&L)BpG|O36Ss
z=r`<en19ZjVb52vRYss@kc7^3BVR@%8Q2#8ik)B0S*<)lb)J!)fu0!y1JocH*rtDr
zX}VJs4-1`SVyrXJ13MS0f=Nkl`Z-@v`2yYDA0BwcH}=!XhhW>l&BQjn=}dl%Mlw5~
z`}n!$KD^b!{@55AcZLiMj|`^=fK<RX=!XTK_DdAlavbV)0|thrM$_l{G5RpgGM@g%
zk5Ph2+hjVMKVt*aRg>u*{)|4L;JxP0Xe0sKqJQ-CtF3kMK7}w>Oy8x?XgJ+GfKgrs
zwkbbXQ!Z)Mlq7#9Mo@zpRKXUTPcI5!G?IaByPq+|;mDO85fb3=H3k)YkR+j{QfC1k
zscL|2#7{h=c+`D{Bq)eYAXQPZ`E<TOMhPY;J>4OY(T}OxYWjpgMjs|W>*@Cb86{+3
z+v@%F4=s{Bbyx)4IsiBCg>0q^1u+`Qz&6|`6{^@eaPxyoZBPsuGB9Y`PEQD8lz=8o
zQF%iK2H5WV7W*sGUKdV)+JPX&1`G^4Y^SdaV)S7uvY-AZh|$Lkw%@)xWy;1qw@%(?
zVgxA!4Q9i3<hQeH&huTo36#M=Jq}9-252*k)rf(i#ButJU`8WQsGkXDoW&I8G(95(
z!UrXCrX;87IeLr|Ow7*HFN82kn89}Ezxk1LH(r>-1nf_6+JNoTf6b#H$=#$1YLJ6s
z!vJ&!!gRS%MlG%y7x0LA1Cb?xF$2Q_&FKq3Wd+WXz<9Wn1Wb^OBf(VSINc)>5&?K4
zq|0r3LlmQg4D1+##iwUf&d<7($;4P^p=YXRXu#0rHvK~kqXZMT`}A{BNHn@QjNj!k
zJs_G<LI!qjfwp_!6d7-`kKiaaG}kjW-s3S{0c7G)kLmNG870hMCmyWaEVSd`d8ITa
zM$n)$Xyyxc*1@dz4Tt9y?cR)#f!hXk9n?%S*r^EFw?5zK{+r&9&;dI?;hU$`3a7Ky
zJqQ^i&*^y}_dv~*ft{qVGAgiB@agJ8gi5FiCREypYX)cr1vG^h0GbmOneGtFs1pP`
z4@mi1*TIELYRZ!`^YpTc85p!T-ny-JopI`CKJX^0hDF!63T(VAQ^&;*IpAU9?VYn^
z=5&gP@`I=L8s4tv5Gu@l`dfp4`k`1xJ1KJ?NHe6x!t@Md1>e66&_o9V1H<z<)1~4V
zFHe6ool$x^cRHh(cw$L@Zf3G>aZYM#0qDRD-J;Z##N?9cY4MC2({<7rqXdfc^D>il
zlk)R(OEQX56H}(2OJ-D>zAl}ydAex=qr&v(Qy8VE*Ca4HPA^Jl6xr^Y!KltSeOd~m
zH3vv_Vp2{jM8}&HMw9JqiHvKRrYoc}dTr0iWPG4I{X;Ti%66aWjH`L3?}%rt*)Ft%
H(UJ=Qr4=FK

diff --git a/modules/permissionManager.js b/modules/permissionManager.js
index 649e4fe..80e6d47 100644
--- a/modules/permissionManager.js
+++ b/modules/permissionManager.js
@@ -47,6 +47,7 @@ export async function verifyPermissions(userId, permissionName, permissionType)
 }
 
 export async function checkIfUserEmailIsVerified(userId) {
+	return true;
 	try {
 		const [user] = await pool.execute('SELECT email_verified FROM users WHERE id = ? LIMIT 1', [userId]);
 		if (user.length === 0) return false;
diff --git a/package.json b/package.json
index 61cbaea..fa8e135 100644
--- a/package.json
+++ b/package.json
@@ -29,6 +29,7 @@
     "node-cron": "^3.0.3",
     "nodemailer": "^6.9.10",
     "path": "^0.12.7",
-    "pino": "^8.16.2"
+    "pino": "^8.16.2",
+    "pino-pretty": "^11.0.0"
   }
 }
\ No newline at end of file
diff --git a/routes/doctors.js b/routes/doctors.js
index d2ef380..ba26843 100644
--- a/routes/doctors.js
+++ b/routes/doctors.js
@@ -63,7 +63,7 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re
 	if ([ email, phone, speciality, status ].every(Boolean)) {
 		try {
 			const [result] = await pool.execute(
-				'INSERT INTO doctors (user_id, email, phone, speciality, status) VALUES (?, ?, ?, ?, ?, ?)',
+				'INSERT INTO doctors (user_id, email, phone, speciality, status) VALUES (?, ?, ?, ?, ?)',
 				[req.userId, email, phone, speciality, status],
 			);
 			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing doctor');
diff --git a/routes/users.js b/routes/users.js
index 40e4eab..db0ffac 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -327,6 +327,9 @@ router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
 
 router.get('/:userId/roles', verifyToken, checkBanned, async (req, res) => {
 	try {
+		if (req.params.userId == '@me') {
+			req.params.userId = req.userId;
+		}
 		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT r.* FROM users u INNER JOIN user_roles ur ON u.id = ur.user_id INNER JOIN roles r ON ur.role_id = r.id WHERE u.id = ?', [ req.params.userId ]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'No roles found');

From 3a7e065ba0d55320931e6928f21404cb85d770a5 Mon Sep 17 00:00:00 2001
From: Lightemerald <light_emerald@aostia.com>
Date: Sun, 31 Mar 2024 22:25:01 +0200
Subject: [PATCH 5/6] Updating backend - Added database self check - Added more
 @me handlers - Fixed issues

---
 database.json                | 980 +++++++++++++++++++++++++++++++++++
 modules/databaseManager.js   |  58 ++-
 modules/permissionManager.js |   1 -
 package.json                 |   3 +-
 routes/users.js              |  10 +-
 5 files changed, 1045 insertions(+), 7 deletions(-)
 create mode 100644 database.json

diff --git a/database.json b/database.json
new file mode 100644
index 0000000..80da010
--- /dev/null
+++ b/database.json
@@ -0,0 +1,980 @@
+{
+	"tables": [
+		{
+			"name": "roles",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "name",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL",
+						"UNIQUE"
+					]
+				},
+				{
+					"name": "user_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "role_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "verification_code_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "ban_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "patient_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "doctor_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "service_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "company_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "hospital_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "room_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "appointment_bitfield",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"data": [
+				{
+					"name": "Admin",
+					"user_bitfield": 7,
+					"role_bitfield": 7,
+					"verification_code_bitfield": 7,
+					"ban_bitfield": 7,
+					"patient_bitfield": 7,
+					"doctor_bitfield": 7,
+					"service_bitfield": 7,
+					"company_bitfield": 7,
+					"hospital_bitfield": 7,
+					"room_bitfield": 7,
+					"appointment_bitfield": 7
+				},
+				{
+					"name": "Doctor",
+					"user_bitfield": 0,
+					"role_bitfield": 0,
+					"verification_code_bitfield": 0,
+					"ban_bitfield": 0,
+					"patient_bitfield": 1,
+					"doctor_bitfield": 1,
+					"service_bitfield": 1,
+					"company_bitfield": 1,
+					"hospital_bitfield": 1,
+					"room_bitfield": 1,
+					"appointment_bitfield": 0
+				},
+				{
+					"name": "Patient",
+					"user_bitfield": 0,
+					"role_bitfield": 0,
+					"verification_code_bitfield": 0,
+					"ban_bitfield": 0,
+					"patient_bitfield": 0,
+					"doctor_bitfield": 1,
+					"service_bitfield": 1,
+					"company_bitfield": 1,
+					"hospital_bitfield": 1,
+					"room_bitfield": 1,
+					"appointment_bitfield": 0
+				}
+			]
+		},
+		{
+			"name": "users",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "first_name",
+					"type": "VARCHAR(64)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "last_name",
+					"type": "VARCHAR(64)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "username",
+					"type": "VARCHAR(64)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "password",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "email",
+					"type": "VARCHAR(128)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "email_verified",
+					"type": "BOOLEAN",
+					"constraints": [
+						"NOT NULL",
+						"DEFAULT FALSE"
+					]
+				},
+				{
+					"name": "phone",
+					"type": "VARCHAR(32)",
+					"constraints": [
+						"DEFAULT 'None'"
+					]
+				},
+				{
+					"name": "phone_verified",
+					"type": "BOOLEAN",
+					"constraints": [
+						"NOT NULL",
+						"DEFAULT FALSE"
+					]
+				}
+			]
+		},
+		{
+			"name": "user_roles",
+			"columns": [
+				{
+					"name": "user_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "role_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"primary_key": true,
+					"columns": ["user_id", "role_id"]
+				},
+				{
+					"foreign_key": true,
+					"name": "user_roles_user_id",
+					"column": "user_id",
+					"reference": "users(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"foreign_key": true,
+					"name": "user_roles_role_id",
+					"column": "role_id",
+					"reference": "roles(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "user_roles_user_idx",
+					"columns": ["user_id"]
+				},
+				{
+					"index": true,
+					"name": "user_roles_role_idx",
+					"columns": ["role_id"]
+				}
+			]
+		},
+		{
+			"name": "verification_codes",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "user_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "verification_code",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "type",
+					"type": "VARCHAR(32)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "created_at",
+					"type": "TIMESTAMP",
+					"constraints": [
+						"NOT NULL",
+						"DEFAULT CURRENT_TIMESTAMP"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"foreign_key": true,
+					"name": "verification_codes_user_id",
+					"column": "user_id",
+					"reference": "users(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "verification_codes_user_idx",
+					"columns": ["user_id"]
+				}
+			]
+		},
+		{
+			"name": "bans",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "user_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "reason",
+					"type": "TEXT",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "created_at",
+					"type": "TIMESTAMP",
+					"constraints": [
+						"NOT NULL",
+						"DEFAULT CURRENT_TIMESTAMP"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"foreign_key": true,
+					"name": "bans_user_id",
+					"column": "user_id",
+					"reference": "users(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "bans_user_idx",
+					"columns": ["user_id"]
+				}
+			]
+		},
+		{
+			"name": "doctors",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "user_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"UNIQUE"
+					]
+				},
+				{
+					"name": "email",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "phone",
+					"type": "VARCHAR(20)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "specialty",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "status",
+					"type": "ENUM('Available', 'Absent', 'Unavailable')",
+					"constraints": [
+						"NOT NULL",
+						"DEFAULT 'Available'"
+					]
+				},
+				{
+					"name": "is_verified",
+					"type": "BOOLEAN",
+					"constraints": [
+						"NOT NULL",
+						"DEFAULT FALSE"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"foreign_key": true,
+					"name": "doctors_user_id",
+					"column": "user_id",
+					"reference": "users(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "doctors_user_idx",
+					"columns": ["user_id"]
+				}
+			]
+		},
+		{
+			"name": "patients",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "user_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"UNIQUE"
+					]
+				},
+				{
+					"name": "date_of_birth",
+					"type": "DATE",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "gender",
+					"type": "ENUM('M', 'F', 'O')",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "address",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "social_security_number",
+					"type": "VARCHAR(128)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "insurance_number",
+					"type": "VARCHAR(128)",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"foreign_key": true,
+					"name": "patients_user_id",
+					"column": "user_id",
+					"reference": "users(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "patients_user_idx",
+					"columns": ["user_id"]
+				}
+			]
+		},
+		{
+			"name": "services",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "name",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "description",
+					"type": "TEXT",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "price",
+					"type": "DECIMAL(10, 2)",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			]
+		},
+		{
+			"name": "service_doctors",
+			"columns": [
+				{
+					"name": "service_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "doctor_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"primary_key": true,
+					"columns": ["service_id", "doctor_id"]
+				},
+				{
+					"foreign_key": true,
+					"name": "service_doctors_service_id",
+					"column": "service_id",
+					"reference": "services(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"foreign_key": true,
+					"name": "service_doctors_doctor_id",
+					"column": "doctor_id",
+					"reference": "doctors(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "service_doctors_service_idx",
+					"columns": ["service_id"]
+				},
+				{
+					"index": true,
+					"name": "service_doctors_doctor_idx",
+					"columns": ["doctor_id"]
+				}
+			]
+		},
+		{
+			"name": "companies",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "name",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "code",
+					"type": "VARCHAR(2)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "logo",
+					"type": "VARCHAR(255)"
+				}
+			]
+		},
+		{
+			"name": "hospitals",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "company_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "name",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "code",
+					"type": "VARCHAR(3)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "country",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "region",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "city",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "address",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"foreign_key": true,
+					"name": "hospitals_company_id",
+					"column": "company_id",
+					"reference": "companies(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "hospitals_company_idx",
+					"columns": ["company_id"]
+				}
+			]
+		},
+		{
+			"name": "rooms",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "hospital_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "name",
+					"type": "VARCHAR(255)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "code",
+					"type": "VARCHAR(3)",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "floor",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "room_number",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "room_type",
+					"type": "ENUM('General Ward', 'Private', 'Intensive Care Unit', 'Labor and Delivery', 'Operating', 'Recovery', 'Isolation', 'Emergency', 'Imaging', 'Procedure', 'Physical Therapy', 'Consultation')",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"foreign_key": true,
+					"name": "rooms_hospital_id",
+					"column": "hospital_id",
+					"reference": "hospitals(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "rooms_hospital_idx",
+					"columns": ["hospital_id"]
+				}
+			]
+		},
+		{
+			"name": "hospital_doctors",
+			"columns": [
+				{
+					"name": "hospital_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "doctor_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"primary_key": true,
+					"columns": ["hospital_id", "doctor_id"]
+				},
+				{
+					"foreign_key": true,
+					"name": "hospital_doctors_hospital_id",
+					"column": "hospital_id",
+					"reference": "hospitals(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"foreign_key": true,
+					"name": "hospital_doctors_doctor_id",
+					"column": "doctor_id",
+					"reference": "doctors(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "hospital_doctors_hospital_idx",
+					"columns": ["hospital_id"]
+				},
+				{
+					"index": true,
+					"name": "hospital_doctors_doctor_idx",
+					"columns": ["doctor_id"]
+				}
+			]
+		},
+		{
+			"name": "appointments",
+			"columns": [
+				{
+					"name": "id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL",
+						"AUTO_INCREMENT"
+					],
+					"primary_key": true
+				},
+				{
+					"name": "patient_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "doctor_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "service_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "hospital_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"DEFAULT NULL"
+					]
+				},
+				{
+					"name": "room_id",
+					"type": "INT UNSIGNED",
+					"constraints": [
+						"DEFAULT NULL"
+					]
+				},
+				{
+					"name": "date",
+					"type": "DATE",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "time",
+					"type": "TIME",
+					"constraints": [
+						"NOT NULL"
+					]
+				},
+				{
+					"name": "status",
+					"type": "ENUM('Confirmed', 'Completed', 'Absent', 'Cancelled by Patient', 'Cancelled by Doctor')",
+					"constraints": [
+						"NOT NULL"
+					]
+				}
+			],
+			"constraints": [
+				{
+					"foreign_key": true,
+					"name": "appointments_patient_id",
+					"column": "patient_id",
+					"reference": "patients(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"foreign_key": true,
+					"name": "appointments_doctor_id",
+					"column": "doctor_id",
+					"reference": "doctors(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"foreign_key": true,
+					"name": "appointments_service_id",
+					"column": "service_id",
+					"reference": "services(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"foreign_key": true,
+					"name": "appointments_hospital_id",
+					"column": "hospital_id",
+					"reference": "hospitals(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"foreign_key": true,
+					"name": "appointments_room_id",
+					"column": "room_id",
+					"reference": "rooms(id)",
+					"on_delete": "RESTRICT",
+					"on_update": "CASCADE"
+				},
+				{
+					"index": true,
+					"name": "appointments_patient_idx",
+					"columns": ["patient_id"]
+				},
+				{
+					"index": true,
+					"name": "appointments_doctor_idx",
+					"columns": ["doctor_id"]
+				},
+				{
+					"index": true,
+					"name": "appointments_service_idx",
+					"columns": ["service_id"]
+				},
+				{
+					"index": true,
+					"name": "appointments_hospital_idx",
+					"columns": ["hospital_id"]
+				},
+				{
+					"index": true,
+					"name": "appointments_room_idx",
+					"columns": ["room_id"]
+				}
+			]
+		}
+	]
+}
\ No newline at end of file
diff --git a/modules/databaseManager.js b/modules/databaseManager.js
index d29e367..7ee097c 100644
--- a/modules/databaseManager.js
+++ b/modules/databaseManager.js
@@ -1,4 +1,6 @@
 import mysql from 'mysql2';
+import dbconf from '../database.json';
+import { log } from './logManager';
 
 const connection = mysql.createConnection({
 	host: process.env.DATABASE_HOST,
@@ -23,4 +25,58 @@ function createPool(host, user, password, db) {
 	return newPool;
 }
 
-export { connection, pool, createPool };
+function databaseSelfTest() {
+	log('Database self-test');
+	dbconf.tables.forEach(table => {
+		let query = `CREATE TABLE IF NOT EXISTS ${table.name} (`;
+		table.columns.forEach((column, index) => {
+			query += `${column.name} ${column.type}`;
+			if (column.primary_key) query += ' PRIMARY KEY';
+			if (column.constraints && column.constraints.length > 0) query += ` ${column.constraints.join(' ')}`;
+			if (column.index) query += `, INDEX ${column.name}_idx (${column.name})`;
+			if (index < table.columns.length - 1) query += ', ';
+		});
+		if (table.constraints && table.constraints.length > 0) {
+			table.constraints.forEach(constraint => {
+				setTimeout(() => { // do not remove or it breaks /sarcasm
+				if (constraint.primary_key) query += `, PRIMARY KEY (${constraint.columns.join(', ')})`;
+				if (constraint.foreign_key) query += `, CONSTRAINT ${constraint.name} FOREIGN KEY (${constraint.column}) REFERENCES ${constraint.reference} ON DELETE ${constraint.on_delete} ON UPDATE ${constraint.on_update}`;
+				if (constraint.index) query += `, INDEX ${constraint.name} (${constraint.columns.join(', ')})`;
+				}, 500);
+			});
+		}
+		query += ') ENGINE=InnoDB;';
+		pool.query(query)
+			.then(() => log(`Table ${table.name} validated`))
+			.catch(err => console.log(`Error creating table ${table.name}: ${err}`));
+
+		if (table.data) {
+			pool.query(`SELECT * FROM ${table.name}`)
+				.then(([rows]) => {
+					if (rows.length === 0) {
+						table.data.forEach(row => {
+							let insertQuery = `INSERT INTO ${table.name} (`;
+							let values = 'VALUES (';
+							Object.keys(row).forEach((key, index) => {
+								insertQuery += key;
+								values += `'${row[key]}'`;
+								if (index < Object.keys(row).length - 1) {
+									insertQuery += ', ';
+									values += ', ';
+								}
+							});
+							insertQuery += ') ' + values + ');';
+							pool.query(insertQuery)
+								.then(() => log(`Row inserted in table ${table.name}`))
+								.catch(err => log(`Error inserting row in table ${table.name}: ${err}`));
+						});
+					}
+				})
+				.catch(err => log(`Error checking if table ${table.name} is empty: ${err}`));
+		}
+	});
+}
+
+databaseSelfTest();
+
+export { connection, pool, createPool, databaseSelfTest };
diff --git a/modules/permissionManager.js b/modules/permissionManager.js
index 80e6d47..649e4fe 100644
--- a/modules/permissionManager.js
+++ b/modules/permissionManager.js
@@ -47,7 +47,6 @@ export async function verifyPermissions(userId, permissionName, permissionType)
 }
 
 export async function checkIfUserEmailIsVerified(userId) {
-	return true;
 	try {
 		const [user] = await pool.execute('SELECT email_verified FROM users WHERE id = ? LIMIT 1', [userId]);
 		if (user.length === 0) return false;
diff --git a/package.json b/package.json
index fa8e135..61cbaea 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,6 @@
     "node-cron": "^3.0.3",
     "nodemailer": "^6.9.10",
     "path": "^0.12.7",
-    "pino": "^8.16.2",
-    "pino-pretty": "^11.0.0"
+    "pino": "^8.16.2"
   }
 }
\ No newline at end of file
diff --git a/routes/users.js b/routes/users.js
index db0ffac..6e98774 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -244,6 +244,7 @@ router.patch('/password/verify', antiVerificationSpam, async (req, res) => {
 
 router.get('/:userId', verifyToken, checkBanned, async (req, res) => {
 	try {
+		if (req.params.userId == '@me') req.params.userId = req.userId;
 		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT id, first_name, last_name, username, email, phone FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
@@ -260,6 +261,7 @@ router.get('/:userId', verifyToken, checkBanned, async (req, res) => {
 
 router.patch('/:userId', verifyToken, checkBanned, async (req, res) => {
 	try {
+		if (req.params.userId == '@me') req.params.userId = req.userId;
 		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 		const { type } = req.body;
 		let { value } = req.body;
@@ -285,6 +287,7 @@ router.patch('/:userId', verifyToken, checkBanned, async (req, res) => {
 
 router.put('/:userId', verifyToken, checkBanned, async (req, res) => {
 	try {
+		if (req.params.userId == '@me') req.params.userId = req.userId;
 		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
 		const { first_name, last_name, username, password = null, email, phone = null } = req.body;
 		if ([first_name, last_name, username, email].every(Boolean)) {
@@ -313,6 +316,7 @@ router.put('/:userId', verifyToken, checkBanned, async (req, res) => {
 
 router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
 	try {
+		if (req.params.userId == '@me') req.params.userId = req.userId;
 		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 4)) return await respondWithStatus(res, 403, 'Missing permission');
 		if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
 		const [result] = await pool.execute('DELETE FROM users WHERE id = ?', [ req.params.userId ]);
@@ -327,9 +331,7 @@ router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
 
 router.get('/:userId/roles', verifyToken, checkBanned, async (req, res) => {
 	try {
-		if (req.params.userId == '@me') {
-			req.params.userId = req.userId;
-		}
+		if (req.params.userId == '@me') req.params.userId = req.userId;
 		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT r.* FROM users u INNER JOIN user_roles ur ON u.id = ur.user_id INNER JOIN roles r ON ur.role_id = r.id WHERE u.id = ?', [ req.params.userId ]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'No roles found');
@@ -345,6 +347,7 @@ router.post('/:userId/roles', verifyToken, checkBanned, checkPermissions('user',
 	const { roleId } = req.body;
 	if (roleId) {
 		try {
+			if (req.params.userId == '@me') req.params.userId = req.userId;
 			const [rows] = await pool.execute('SELECT * FROM roles WHERE id = ? LIMIT 1', [ roleId ]);
 			if (rows.length === 0) return await respondWithStatus(res, 404, 'Role not found');
 			const [result] = await pool.execute('INSERT INTO user_roles (user_id, role_id) VALUES (?, ?)', [ req.params.userId, roleId ]);
@@ -363,6 +366,7 @@ router.post('/:userId/roles', verifyToken, checkBanned, checkPermissions('user',
 
 router.delete('/:userId/roles/:roleId', verifyToken, checkBanned, checkPermissions('user', 4), async (req, res) => {
 	try {
+		if (req.params.userId == '@me') req.params.userId = req.userId;
 		const [result] = await pool.execute('DELETE FROM user_roles WHERE user_id = ? AND role_id = ?', [ req.params.userId, req.params.roleId ]);
 		if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing role');
 		return await respondWithStatus(res, 200, 'Role removed successfully');

From 6071d1180b4a32026f42473b894db152b354e551 Mon Sep 17 00:00:00 2001
From: gringoelpepito <m.ferreira@lprs.fr>
Date: Sun, 14 Apr 2024 19:53:16 +0000
Subject: [PATCH 6/6] Adding services routes

---
 index.js                     |   2 +
 modules/permissionManager.js |   1 +
 routes/doctors.js            |  30 +++++++--
 routes/hospitals.js          |   2 +-
 routes/services.js           | 122 +++++++++++++++++++++++++++++++++++
 routes/users.js              |   2 +-
 6 files changed, 153 insertions(+), 6 deletions(-)
 create mode 100644 routes/services.js

diff --git a/index.js b/index.js
index b1ed281..b8082bd 100644
--- a/index.js
+++ b/index.js
@@ -16,6 +16,7 @@ import usersRouter from './routes/users';
 import rolesRouter from './routes/roles';
 import doctorsRouter from './routes/doctors';
 import patientsRouter from './routes/patients';
+import servicesRouter from './routes/services';
 import companiesRouter from './routes/companies';
 import hospitalsRouter from './routes/hospitals';
 
@@ -50,6 +51,7 @@ app.use('/api/users', usersRouter);
 app.use('/api/roles', rolesRouter);
 app.use('/api/doctors', doctorsRouter);
 app.use('/api/patients', patientsRouter);
+app.use('/api/services', servicesRouter);
 app.use('/api/companies', companiesRouter);
 app.use('/api/hospitals', hospitalsRouter);
 
diff --git a/modules/permissionManager.js b/modules/permissionManager.js
index 649e4fe..229c779 100644
--- a/modules/permissionManager.js
+++ b/modules/permissionManager.js
@@ -47,6 +47,7 @@ export async function verifyPermissions(userId, permissionName, permissionType)
 }
 
 export async function checkIfUserEmailIsVerified(userId) {
+	if(process.env.DISABLE_EMAIL_VERIFICATION) return true;
 	try {
 		const [user] = await pool.execute('SELECT email_verified FROM users WHERE id = ? LIMIT 1', [userId]);
 		if (user.length === 0) return false;
diff --git a/routes/doctors.js b/routes/doctors.js
index ba26843..8532eee 100644
--- a/routes/doctors.js
+++ b/routes/doctors.js
@@ -83,10 +83,13 @@ router.post('/:doctorId/validate', verifyToken, checkBanned, checkPermissions('d
 	const { doctor_id } = req.body;
 	if (doctor_id) {
 		try {
-			const [result] = await pool.execute('UPDATE doctors SET is_verified = 1 WHERE id = ?', [doctor_id]);
-			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error validating doctor');
-			const [result2] = await pool.execute('INSERT INTO user_roles (user_id, role_id) VALUES (?, (SELECT id FROM roles WHERE name = ? LIMIT 1))', [req.userId, 'Doctor']);
-			if (result2.affectedRows === 0) return await respondWithStatus(res, 500, 'Error adding role to user');
+			const [result] = await pool.execute('SELECT * FROM doctors WHERE id = ?',[doctor_id]);
+			if(result.length === 0) return await respondWithStatus(res, 404, 'Doctor not found');
+			if(result[0].is_verified) return await respondWithStatus(res, 400, 'Doctor already verified');
+			const [result2] = await pool.execute('UPDATE doctors SET is_verified = 1 WHERE id = ?', [doctor_id]);
+			if (result2.affectedRows === 0) return await respondWithStatus(res, 500, 'Error validating doctor');
+			const [result3] = await pool.execute('INSERT INTO user_roles (user_id, role_id) VALUES (?, (SELECT id FROM roles WHERE name = ? LIMIT 1))', [result[0].user_id, 'Doctor']);
+			if (result3.affectedRows === 0) return await respondWithStatus(res, 500, 'Error adding role to user');
 			return await respondWithStatus(res, 200, 'Doctor validated successfully');
 		}
 		catch (err) {
@@ -436,6 +439,25 @@ router.delete('/:doctorId/services/:serviceId', verifyToken, checkBanned, async
 	}
 });
 
+router.get('/:doctorId/hospitals', verifyToken, checkBanned, async (req,res) => {
+	const doctorId = await getDoctorId(req.userId);
+	if (req.params.doctorId == '@me') {
+		if (!doctorId) return await respondWithStatus(res, 404, 'Doctor not found');
+		req.params.doctorId = doctorId;
+	}
+	if (doctorId != req.params.doctorId && !verifyPermissions(req.userId, 'service', 4)) return await respondWithStatus(res, 403, 'Missing permission');
+	try {
+										//'SELECT s.* FROM services s INNER JOIN service_doctors sd ON s.id = sd.service_id WHERE sd.doctor_id = ?', [req.params.doctorId]
+		const [rows] = await pool.execute('SELECT h.* FROM hospitals h INNER JOIN hospital_doctors hd ON h.id = hd.hospital_id WHERE hd.doctor_id = ?', [req.params.doctorId]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'Hospitals not found');
+		return await respondWithStatusJSON(res, 200, rows);
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+})
+
 export default router;
 
 
diff --git a/routes/hospitals.js b/routes/hospitals.js
index ed72538..eb65eee 100644
--- a/routes/hospitals.js
+++ b/routes/hospitals.js
@@ -85,7 +85,7 @@ router.put('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospital'
 				return await respondWithStatus(res, 404, 'Hospital not found');
 			}
 			const [result] = await pool.execute(
-				'UPDATE hospitals SET company_id = ?, name = ?, country = ?, region = ?, city = ?, address = ? WHERE id = ?',
+				'UPDATE hospitals SET company_id = ?, name = ?, code = ?, country = ?, region = ?, city = ?, address = ? WHERE id = ?',
 				[company_id, name, code, country, region, city, address, id],
 			);
 
diff --git a/routes/services.js b/routes/services.js
new file mode 100644
index 0000000..690281a
--- /dev/null
+++ b/routes/services.js
@@ -0,0 +1,122 @@
+import express from 'express';
+import { error } from '../modules/logManager';
+import { pool } from '../modules/databaseManager';
+import { verifyToken } from '../modules/tokenManager';
+import { checkPermissions, checkBanned } from '../modules/permissionManager';
+import { respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
+
+const router = express.Router();
+
+router.get('/', verifyToken, checkBanned, checkPermissions('service', 1), async (req, res) => {
+	try {
+		const [rows] = await pool.execute('SELECT * FROM services WHERE 1');
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'Services not found');
+		return await respondWithStatusJSON(res, 200, rows);
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+router.post('/', verifyToken, checkBanned, checkPermissions('service', 2), async (req, res) => {
+	const { name, description, price } = req.body;
+	if ([ name, description, price ].every(Boolean)) {
+		try {
+			const [result] = await pool.execute(
+				'INSERT INTO services (name, description, price) VALUES (?, ?, ?)',
+				[ name, description, price ],
+			);
+			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing service');
+			return await respondWithStatus(res, 200, 'Service created successfully');
+		}
+		catch (err) {
+			error(err);
+			return await respondWithStatus(res, 500, 'An error has occured');
+		}
+	}
+	else {
+		return await respondWithStatus(res, 400, 'Missing fields');
+	}
+});
+
+router.get('/:serviceId', verifyToken, checkBanned, checkPermissions('service', 1), async (req, res) => {
+	try {
+		const [rows] = await pool.execute('SELECT * FROM services WHERE id = ? LIMIT 1', [req.params.serviceId]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'Services not found');
+		return await respondWithStatusJSON(res, 200, rows[0]);
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+router.patch('/:serviceId', verifyToken, checkBanned, checkPermissions('service', 2), async (req, res) => {
+	try {
+		const { type, value } = req.body;
+		const [rows] = await pool.execute('SELECT * FROM services WHERE id = ? LIMIT 1', [req.params.serviceId]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'Service not found');
+
+		const fields = rows.map(row => Object.keys(row));
+		if (fields[0].includes(type)) {
+			const [result] = await pool.execute(`UPDATE services SET ${type} = ? WHERE id = ?`, [value, req.params.serviceId]);
+			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating service');
+			return await respondWithStatus(res, 200, 'Service updated successfully');
+		}
+		else {
+			return await respondWithStatus(res, 400, 'Invalid type');
+		}
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+router.put('/:serviceId', verifyToken, checkBanned, checkPermissions('service', 2), async (req, res) => {
+	const id = req.params.serviceId;
+	const { name, description, price } = req.body;
+	if ([ name, description, price ].every(Boolean)) {
+		try {
+			const [rows] = await pool.execute('SELECT * FROM services WHERE id = ? LIMIT 1', [id]);
+
+			if (rows.length === 0) {
+				return await respondWithStatus(res, 404, 'Service not found');
+			}
+			const [result] = await pool.execute(
+				'UPDATE services SET name = ?, description = ?, price = ? WHERE id = ?',
+				[name, description, price, id],
+			);
+
+			if (result.affectedRows === 0) {
+				return await respondWithStatus(res, 500, 'Error updating Service');
+			}
+			return await respondWithStatus(res, 200, 'Service updated successfully');
+		}
+		catch (err) {
+			error(err);
+			return await respondWithStatus(res, 500, 'An error has occured');
+		}
+	}
+	else {
+		return await respondWithStatus(res, 400, 'Missing fields');
+	}
+});
+
+router.delete('/:serviceId', verifyToken, checkBanned, checkPermissions('service', 4), async (req, res) => {
+	try {
+		const [rows] = await pool.execute('SELECT * FROM services WHERE id = ? LIMIT 1', [req.params.serviceId]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'service not found');
+
+		const [result] = await pool.execute('DELETE FROM services WHERE id = ?', [req.params.serviceId]);
+		if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing Service');
+		return await respondWithStatus(res, 200, 'Service deleted successfully');
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+export default router;
\ No newline at end of file
diff --git a/routes/users.js b/routes/users.js
index 6e98774..8fe7952 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -335,7 +335,7 @@ router.get('/:userId/roles', verifyToken, checkBanned, async (req, res) => {
 		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
 		const [rows] = await pool.execute('SELECT r.* FROM users u INNER JOIN user_roles ur ON u.id = ur.user_id INNER JOIN roles r ON ur.role_id = r.id WHERE u.id = ?', [ req.params.userId ]);
 		if (rows.length === 0) return await respondWithStatus(res, 404, 'No roles found');
-		return await respondWithStatusJSON(res, rows);
+		return await respondWithStatusJSON(res, 200, rows);
 	}
 	catch (err) {
 		error(err);